Commit Graph

23 Commits

Author SHA1 Message Date
Michael Brown d7e89f46b4 [crypto] Use private data field for digest algorithms
Following the example of commit 25072c1 ("[crypto] Use private data
field for key exchange algorithms"), extend the definition of a digest
algorithm to include an opaque private data field.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2026-06-18 15:54:19 +01:00
Michael Brown 8c7c084e0f [crypto] Fail all operations for the null public-key algorithm
The null crypto algorithms are intended to do nothing: the null digest
algorithm accepts all input and generates a zero-length digest, and
the null cipher algorithm simply copies the input unmodifed to the
output.

The null public-key algorithm currently does nothing successfully.
Unlike the null digest and cipher algorithms, the null public-key
algorithm's methods are never called.

Change the null public-key algorithm to fail all operations, thereby
allowing its methods to be used as stubs by algorithms such as ECDSA
that do not implement all of the possible public-key operations.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2026-04-29 15:05:20 +01:00
Michael Brown adcaaf9b93 [build] Mark known reviewed files as permitted for UEFI Secure Boot
Some past security reviews carried out for UEFI Secure Boot signing
submissions have covered specific drivers or functional areas of iPXE.
Mark all of the files comprising these areas as permitted for UEFI
Secure Boot.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2026-01-14 16:10:29 +00:00
Michael Brown 3e566818f7 [crypto] Remove obsolete maximum output length method
Now that public-key algorithms use ASN.1 builders to dynamically
allocate the output data, there is no further need for callers to be
able to determine the maximum output length.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2025-12-02 13:13:01 +00:00
Michael Brown 1ccc320ee9 [crypto] Construct asymmetric ciphered data using ASN.1 builders
Signed-off-by: Michael Brown <mcb30@ipxe.org>
2025-12-02 13:12:25 +00:00
Michael Brown d4258272c6 [crypto] Construct signatures using ASN.1 builders
Signed-off-by: Michael Brown <mcb30@ipxe.org>
2025-12-01 16:02:54 +00:00
Michael Brown 8cd963ab96 [crypto] Pass signatures for verification as ASN.1 cursors
Signed-off-by: Michael Brown <mcb30@ipxe.org>
2025-12-01 14:50:54 +00:00
Michael Brown 46937a9df6 [crypto] Remove the concept of a public-key algorithm reusable context
Instances of cipher and digest algorithms tend to get called
repeatedly to process substantial amounts of data.  This is not true
for public-key algorithms, which tend to get called only once or twice
for a given key.

Simplify the public-key algorithm API so that there is no reusable
algorithm context.  In particular, this allows callers to omit the
error handling currently required to handle memory allocation (or key
parsing) errors from pubkey_init(), and to omit the cleanup calls to
pubkey_final().

This change does remove the ability for a caller to distinguish
between a verification failure due to a memory allocation failure and
a verification failure due to a bad signature.  This difference is not
material in practice: in both cases, for whatever reason, the caller
was unable to verify the signature and so cannot proceed further, and
the cause of the error will be visible to the user via the return
status code.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2024-08-21 21:00:57 +01:00
Michael Brown 53f089b723 [crypto] Pass asymmetric keys as ASN.1 cursors
Asymmetric keys are invariably encountered within ASN.1 structures
such as X.509 certificates, and the various large integers within an
RSA key are themselves encoded using ASN.1.

Simplify all code handling asymmetric keys by passing keys as a single
ASN.1 cursor, rather than separate data and length pointers.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2024-08-18 15:44:38 +01:00
Michael Brown 30243ad739 [crypto] Add concept of cipher alignment size
The GCM cipher mode of operation (in common with other counter-based
modes of operation) has a notion of blocksize that does not neatly
fall into our current abstraction: it does operate in 16-byte blocks
but allows for an arbitrary overall data length (i.e. the final block
may be incomplete).

Model this by adding a concept of alignment size.  Each call to
encrypt() or decrypt() must begin at a multiple of the alignment size
from the start of the data stream.  This allows us to model GCM by
using a block size of 1 byte and an alignment size of 16 bytes.

As a side benefit, this same concept allows us to neatly model the
fact that raw AES can encrypt only a single 16-byte block, by
specifying an alignment size of zero on this cipher.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2022-11-07 11:19:48 +00:00
Michael Brown da81214cec [crypto] Add concept of authentication tag to cipher algorithms
Some ciphers (such as GCM) support the concept of a tag that can be
used to authenticate the encrypted data.  Add a cipher method for
generating an authentication tag.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2022-10-25 13:21:30 +01:00
Michael Brown 8e478e648f [crypto] Allow initialisation vector length to vary from cipher blocksize
Signed-off-by: Michael Brown <mcb30@ipxe.org>
2022-10-25 13:21:28 +01:00
Michael Brown 52f72d298a [crypto] Expose null crypto algorithm methods for reuse
Signed-off-by: Michael Brown <mcb30@ipxe.org>
2022-10-25 13:20:22 +01:00
Michael Brown b6ee89ffb5 [legal] Relicense files under GPL2_OR_LATER_OR_UBDL
Relicense files for which I am the sole author (as identified by
util/relicense.pl).

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2015-03-02 14:17:31 +00:00
Michael Brown c3b4860ce3 [legal] Update FSF mailing address in GPL licence texts
Suggested-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
2012-07-20 19:55:45 +01:00
Michael Brown c00eb6e190 [crypto] Add abstraction for a public-key algorithm
Signed-off-by: Michael Brown <mcb30@ipxe.org>
2012-03-18 13:35:32 +00:00
Michael Brown 8406115834 [build] Rename gPXE to iPXE
Access to the gpxe.org and etherboot.org domains and associated
resources has been revoked by the registrant of the domain.  Work
around this problem by renaming project from gPXE to iPXE, and
updating URLs to match.

Also update README, LOG and COPYRIGHTS to remove obsolete information.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2010-04-19 23:43:39 +01:00
Michael Brown c44a193d0d [legal] Add a selection of FILE_LICENCE declarations
Add FILE_LICENCE declarations to almost all files that make up the
various standard builds of gPXE.
2009-05-18 08:33:25 +01:00
Michael Brown a3219b24a8 [crypto] Split crypto_algorithm into {digest,cipher,pubkey}_algorithm
The various types of cryptographic algorithm are fundamentally
different, and it was probably a mistake to try to handle them via a
single common type.

pubkey_algorithm is a placeholder type for now.
2009-02-18 22:17:41 +00:00
Michael Brown a01374b5cd Add dummy setiv method 2007-02-01 02:19:16 +00:00
Michael Brown 1fbd6f7d76 ...but not when it's being used as a digest algorithm... 2007-01-31 03:42:47 +00:00
Michael Brown a502fcda45 The null crypto algorithm should at least copy data... 2007-01-31 03:42:07 +00:00
Michael Brown a008f9e85b Add null crypto algorithm 2007-01-31 03:04:31 +00:00