[crypto] Fail all operations for the null public-key algorithm

The null crypto algorithms are intended to do nothing: the null digest
algorithm accepts all input and generates a zero-length digest, and
the null cipher algorithm simply copies the input unmodifed to the
output.

The null public-key algorithm currently does nothing successfully.
Unlike the null digest and cipher algorithms, the null public-key
algorithm's methods are never called.

Change the null public-key algorithm to fail all operations, thereby
allowing its methods to be used as stubs by algorithms such as ECDSA
that do not implement all of the possible public-key operations.

Signed-off-by: Michael Brown <mcb30@ipxe.org>

src/crypto/crypto_null.c

@@ -31,6 +31,7 @@ FILE_SECBOOT ( PERMITTED );
  */
 
 #include <string.h>
+#include <errno.h>
 #include <ipxe/crypto.h>
 
 void digest_null_init ( void *ctx __unused ) {
@@ -97,27 +98,27 @@ struct cipher_algorithm cipher_null = {
 int pubkey_null_encrypt ( const struct asn1_cursor *key __unused,
 			  const struct asn1_cursor *plaintext __unused,
 			  struct asn1_builder *ciphertext __unused ) {
-	return 0;
+	return -ENOTTY;
 }
 
 int pubkey_null_decrypt ( const struct asn1_cursor *key __unused,
 			  const struct asn1_cursor *ciphertext __unused,
 			  struct asn1_builder *plaintext __unused ) {
-	return 0;
+	return -ENOTTY;
 }
 
 int pubkey_null_sign ( const struct asn1_cursor *key __unused,
 		       struct digest_algorithm *digest __unused,
 		       const void *value __unused,
 		       struct asn1_builder *signature __unused ) {
-	return 0;
+	return -ENOTTY;
 }
 
 int pubkey_null_verify ( const struct asn1_cursor *key __unused,
 			 struct digest_algorithm *digest __unused,
 			 const void *value __unused,
 			 const struct asn1_cursor *signature __unused ) {
-	return 0;
+	return -ENOTTY;
 }
 
 struct pubkey_algorithm pubkey_null = {

src/crypto/ecdsa.c

@@ -765,38 +765,6 @@ static int ecdsa_verify_rs ( struct ecdsa_context *ctx ) {
 	return ( valid ? 0 : -EINVAL_SIGNATURE );
 }
 
-/**
- * Encrypt using ECDSA
- *
- * @v key		Key
- * @v plaintext		Plaintext
- * @v ciphertext	Ciphertext
- * @ret rc		Return status code
- */
-static int ecdsa_encrypt ( const struct asn1_cursor *key __unused,
-			   const struct asn1_cursor *plaintext __unused,
-			   struct asn1_builder *ciphertext __unused ) {
-
-	/* Not a defined operation for ECDSA */
-	return -ENOTTY;
-}
-
-/**
- * Decrypt using ECDSA
- *
- * @v key		Key
- * @v ciphertext	Ciphertext
- * @v plaintext		Plaintext
- * @ret rc		Return status code
- */
-static int ecdsa_decrypt ( const struct asn1_cursor *key __unused,
-			   const struct asn1_cursor *ciphertext __unused,
-			   struct asn1_builder *plaintext __unused ) {
-
-	/* Not a defined operation for ECDSA */
-	return -ENOTTY;
-}
-
 /**
  * Sign digest value using ECDSA
  *
@@ -936,8 +904,8 @@ static int ecdsa_match ( const struct asn1_cursor *private_key,
 /** ECDSA public-key algorithm */
 struct pubkey_algorithm ecdsa_algorithm = {
 	.name		= "ecdsa",
-	.encrypt	= ecdsa_encrypt,
-	.decrypt	= ecdsa_decrypt,
+	.encrypt	= pubkey_null_encrypt,
+	.decrypt	= pubkey_null_decrypt,
 	.sign		= ecdsa_sign,
 	.verify		= ecdsa_verify,
 	.match		= ecdsa_match,

src/include/ipxe/errfile.h

@@ -449,6 +449,7 @@ FILE_SECBOOT ( PERMITTED );
 #define ERRFILE_efi_cacert	      ( ERRFILE_OTHER | 0x00670000 )
 #define ERRFILE_ecdhe		      ( ERRFILE_OTHER | 0x00680000 )
 #define ERRFILE_ecdsa		      ( ERRFILE_OTHER | 0x00690000 )
+#define ERRFILE_crypto_null	      ( ERRFILE_OTHER | 0x006a0000 )
 
 /** @} */