sysadmin/ipxe
1
0
Fork 0
mirror of https://github.com/ipxe/ipxe synced 2026-02-03 14:39:27 +03:00
Code Issues Packages Projects Releases Wiki Activity

[crypto] Pass asymmetric keys as ASN.1 cursors

Browse Source 
Asymmetric keys are invariably encountered within ASN.1 structures
such as X.509 certificates, and the various large integers within an
RSA key are themselves encoded using ASN.1.

Simplify all code handling asymmetric keys by passing keys as a single
ASN.1 cursor, rather than separate data and length pointers.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
This commit is contained in:
Michael Brown
2024-08-18 10:43:52 +01:00
parent 950f6b5861
commit 53f089b723
10 changed files with 74 additions and 112 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
src/tests/pubkey_test.h
View File

@@ -12,17 +12,16 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
*
* @v pubkey Public key algorithm
* @v key Key
* @v key_len Key length
* @v ciphertext Ciphertext
* @v ciphertext_len Ciphertext length
* @v expected Expected plaintext
* @v expected_len Expected plaintext length
*/
#define pubkey_decrypt_ok( pubkey, key, key_len, ciphertext, \
ciphertext_len, expected, expected_len ) do {\
#define pubkey_decrypt_ok( pubkey, key, ciphertext, ciphertext_len, \
expected, expected_len ) do { \
uint8_t ctx[ (pubkey)->ctxsize ]; \
\
ok ( pubkey_init ( (pubkey), ctx, (key), (key_len) ) == 0 ); \
ok ( pubkey_init ( (pubkey), ctx, (key) ) == 0 ); \
{ \
size_t max_len = pubkey_max_len ( (pubkey), ctx ); \
uint8_t decrypted[ max_len ]; \
@@ -44,19 +43,15 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
*
* @v pubkey Public key algorithm
* @v encrypt_key Encryption key
* @v encrypt_key_len Encryption key length
* @v decrypt_key Decryption key
* @v decrypt_key_len Decryption key length
* @v plaintext Plaintext
* @v plaintext_len Plaintext length
*/
#define pubkey_encrypt_ok( pubkey, encrypt_key, encrypt_key_len, \
decrypt_key, decrypt_key_len, plaintext, \
#define pubkey_encrypt_ok( pubkey, encrypt_key, decrypt_key, plaintext, \
plaintext_len ) do { \
uint8_t ctx[ (pubkey)->ctxsize ]; \
\
ok ( pubkey_init ( (pubkey), ctx, (encrypt_key), \
(encrypt_key_len) ) == 0 ); \
ok ( pubkey_init ( (pubkey), ctx, (encrypt_key) ) == 0 ); \
{ \
size_t max_len = pubkey_max_len ( (pubkey), ctx ); \
uint8_t encrypted[ max_len ]; \
@@ -68,9 +63,8 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
encrypted ); \
ok ( encrypted_len >= 0 ); \
pubkey_decrypt_ok ( (pubkey), (decrypt_key), \
(decrypt_key_len), encrypted, \
encrypted_len, (plaintext), \
(plaintext_len) ); \
encrypted, encrypted_len, \
(plaintext), (plaintext_len) ); \
} \
pubkey_final ( (pubkey), ctx ); \
} while ( 0 )
@@ -80,15 +74,14 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
*
* @v pubkey Public key algorithm
* @v key Key
* @v key_len Key length
* @v digest Digest algorithm
* @v plaintext Plaintext
* @v plaintext_len Plaintext length
* @v expected Expected signature
* @v expected_len Expected signature length
*/
#define pubkey_sign_ok( pubkey, key, key_len, digest, plaintext, \
plaintext_len, expected, expected_len ) do { \
#define pubkey_sign_ok( pubkey, key, digest, plaintext, plaintext_len, \
expected, expected_len ) do { \
uint8_t ctx[ (pubkey)->ctxsize ]; \
uint8_t digestctx[ (digest)->ctxsize ]; \
uint8_t digestout[ (digest)->digestsize ]; \
@@ -98,7 +91,7 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
(plaintext_len) ); \
digest_final ( (digest), digestctx, digestout ); \
\
ok ( pubkey_init ( (pubkey), ctx, (key), (key_len) ) == 0 ); \
ok ( pubkey_init ( (pubkey), ctx, (key) ) == 0 ); \
{ \
size_t max_len = pubkey_max_len ( (pubkey), ctx ); \
uint8_t signature[ max_len ]; \
@@ -118,14 +111,13 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
*
* @v pubkey Public key algorithm
* @v key Key
* @v key_len Key length
* @v digest Digest algorithm
* @v plaintext Plaintext
* @v plaintext_len Plaintext length
* @v signature Signature
* @v signature_len Signature length
*/
#define pubkey_verify_ok( pubkey, key, key_len, digest, plaintext, \
#define pubkey_verify_ok( pubkey, key, digest, plaintext, \
plaintext_len, signature, signature_len ) do {\
uint8_t ctx[ (pubkey)->ctxsize ]; \
uint8_t digestctx[ (digest)->ctxsize ]; \
@@ -136,7 +128,7 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
(plaintext_len) ); \
digest_final ( (digest), digestctx, digestout ); \
\
ok ( pubkey_init ( (pubkey), ctx, (key), (key_len) ) == 0 ); \
ok ( pubkey_init ( (pubkey), ctx, (key) ) == 0 ); \
ok ( pubkey_verify ( (pubkey), ctx, (digest), digestout, \
(signature), (signature_len) ) == 0 ); \
pubkey_final ( (pubkey), ctx ); \
@@ -147,14 +139,13 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
*
* @v pubkey Public key algorithm
* @v key Key
* @v key_len Key length
* @v digest Digest algorithm
* @v plaintext Plaintext
* @v plaintext_len Plaintext length
* @v signature Signature
* @v signature_len Signature length
*/
#define pubkey_verify_fail_ok( pubkey, key, key_len, digest, plaintext, \
#define pubkey_verify_fail_ok( pubkey, key, digest, plaintext, \
plaintext_len, signature, \
signature_len ) do { \
uint8_t ctx[ (pubkey)->ctxsize ]; \
@@ -166,7 +157,7 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
(plaintext_len) ); \
digest_final ( (digest), digestctx, digestout ); \
\
ok ( pubkey_init ( (pubkey), ctx, (key), (key_len) ) == 0 ); \
ok ( pubkey_init ( (pubkey), ctx, (key) ) == 0 ); \
ok ( pubkey_verify ( (pubkey), ctx, (digest), digestout, \
(signature), (signature_len) ) != 0 ); \
pubkey_final ( (pubkey), ctx ); \

68
src/tests/rsa_test.c
View File

@@ -61,13 +61,9 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
/** An RSA encryption and decryption self-test */
struct rsa_encrypt_decrypt_test {
/** Private key */
const void *private;
/** Private key length */
size_t private_len;
const struct asn1_cursor private;
/** Public key */
const void *public;
/** Public key length */
size_t public_len;
const struct asn1_cursor public;
/** Plaintext */
const void *plaintext;
/** Plaintext length */
@@ -100,10 +96,14 @@ struct rsa_encrypt_decrypt_test {
static const uint8_t name ## _plaintext[] = PLAINTEXT; \
static const uint8_t name ## _ciphertext[] = CIPHERTEXT; \
static struct rsa_encrypt_decrypt_test name = { \
.private = name ## _private, \
.private_len = sizeof ( name ## _private ), \
.public = name ## _public, \
.public_len = sizeof ( name ## _public ), \
.private = { \
.data = name ## _private, \
.len = sizeof ( name ## _private ), \
}, \
.public = { \
.data = name ## _public, \
.len = sizeof ( name ## _public ), \
}, \
.plaintext = name ## _plaintext, \
.plaintext_len = sizeof ( name ## _plaintext ), \
.ciphertext = name ## _ciphertext, \
@@ -113,13 +113,9 @@ struct rsa_encrypt_decrypt_test {
/** An RSA signature self-test */
struct rsa_signature_test {
/** Private key */
const void *private;
/** Private key length */
size_t private_len;
const struct asn1_cursor private;
/** Public key */
const void *public;
/** Public key length */
size_t public_len;
const struct asn1_cursor public;
/** Plaintext */
const void *plaintext;
/** Plaintext length */
@@ -150,10 +146,14 @@ struct rsa_signature_test {
static const uint8_t name ## _plaintext[] = PLAINTEXT; \
static const uint8_t name ## _signature[] = SIGNATURE; \
static struct rsa_signature_test name = { \
.private = name ## _private, \
.private_len = sizeof ( name ## _private ), \
.public = name ## _public, \
.public_len = sizeof ( name ## _public ), \
.private = { \
.data = name ## _private, \
.len = sizeof ( name ## _private ), \
}, \
.public = { \
.data = name ## _public, \
.len = sizeof ( name ## _public ), \
}, \
.plaintext = name ## _plaintext, \
.plaintext_len = sizeof ( name ## _plaintext ), \
.algorithm = ALGORITHM, \
@@ -167,17 +167,14 @@ struct rsa_signature_test {
* @v test RSA encryption and decryption test
*/
#define rsa_encrypt_decrypt_ok( test ) do { \
pubkey_decrypt_ok ( &rsa_algorithm, (test)->private, \
(test)->private_len, (test)->ciphertext, \
(test)->ciphertext_len, (test)->plaintext, \
pubkey_decrypt_ok ( &rsa_algorithm, &(test)->private, \
(test)->ciphertext, (test)->ciphertext_len, \
(test)->plaintext, (test)->plaintext_len );\
pubkey_encrypt_ok ( &rsa_algorithm, &(test)->private, \
&(test)->public, (test)->plaintext, \
(test)->plaintext_len ); \
pubkey_encrypt_ok ( &rsa_algorithm, (test)->private, \
(test)->private_len, (test)->public, \
(test)->public_len, (test)->plaintext, \
(test)->plaintext_len ); \
pubkey_encrypt_ok ( &rsa_algorithm, (test)->public, \
(test)->public_len, (test)->private, \
(test)->private_len, (test)->plaintext, \
pubkey_encrypt_ok ( &rsa_algorithm, &(test)->public, \
&(test)->private, (test)->plaintext, \
(test)->plaintext_len ); \
} while ( 0 )
@@ -190,18 +187,15 @@ struct rsa_signature_test {
#define rsa_signature_ok( test ) do { \
struct digest_algorithm *digest = (test)->algorithm->digest; \
uint8_t bad_signature[ (test)->signature_len ]; \
pubkey_sign_ok ( &rsa_algorithm, (test)->private, \
(test)->private_len, digest, \
pubkey_sign_ok ( &rsa_algorithm, &(test)->private, digest, \
(test)->plaintext, (test)->plaintext_len, \
(test)->signature, (test)->signature_len ); \
pubkey_verify_ok ( &rsa_algorithm, (test)->public, \
(test)->public_len, digest, \
pubkey_verify_ok ( &rsa_algorithm, &(test)->public, digest, \
(test)->plaintext, (test)->plaintext_len, \
(test)->signature, (test)->signature_len ); \
memset ( bad_signature, 0, sizeof ( bad_signature ) ); \
pubkey_verify_fail_ok ( &rsa_algorithm, (test)->public, \
(test)->public_len, digest, \
(test)->plaintext, \
pubkey_verify_fail_ok ( &rsa_algorithm, &(test)->public, \
digest, (test)->plaintext, \
(test)->plaintext_len, bad_signature, \
sizeof ( bad_signature ) ); \
} while ( 0 )