/**
* Parse RSA integer
*
- * @v context RSA context
* @v integer Integer to fill in
* @v raw ASN.1 cursor
* @ret rc Return status code
*/
-static int rsa_parse_integer ( struct rsa_context *context,
- struct asn1_cursor *integer,
+static int rsa_parse_integer ( struct asn1_cursor *integer,
const struct asn1_cursor *raw ) {
/* Enter integer */
}
/* Fail if cursor or integer are invalid */
- if ( ! integer->len ) {
- DBGC ( context, "RSA %p invalid integer:\n", context );
- DBGC_HDA ( context, 0, raw->data, raw->len );
+ if ( ! integer->len )
return -EINVAL;
- }
return 0;
}
/**
- * Initialise RSA cipher
+ * Parse RSA modulus and exponent
*
- * @v ctx RSA context
- * @v key Key
- * @v key_len Length of key
+ * @v modulus Modulus to fill in
+ * @v exponent Exponent to fill in
+ * @v raw ASN.1 cursor
* @ret rc Return status code
*/
-static int rsa_init ( void *ctx, const void *key, size_t key_len ) {
- struct rsa_context *context = ctx;
+static int rsa_parse_mod_exp ( struct asn1_cursor *modulus,
+ struct asn1_cursor *exponent,
+ const struct asn1_cursor *raw ) {
struct asn1_bit_string bits;
- struct asn1_cursor modulus;
- struct asn1_cursor exponent;
struct asn1_cursor cursor;
int is_private;
int rc;
- /* Initialise context */
- memset ( context, 0, sizeof ( *context ) );
-
- /* Initialise cursor */
- cursor.data = key;
- cursor.len = key_len;
-
/* Enter subjectPublicKeyInfo/RSAPrivateKey */
+ memcpy ( &cursor, raw, sizeof ( cursor ) );
asn1_enter ( &cursor, ASN1_SEQUENCE );
/* Determine key format */
if ( asn1_type ( &cursor ) == ASN1_INTEGER ) {
+
/* Private key */
is_private = 1;
asn1_skip_any ( &cursor );
} else {
+
/* Public key */
is_private = 0;
/* Enter subjectPublicKey */
if ( ( rc = asn1_integral_bit_string ( &cursor, &bits ) ) != 0 )
- goto err_parse;
+ return rc;
cursor.data = bits.data;
cursor.len = bits.len;
}
/* Extract modulus */
- if ( ( rc = rsa_parse_integer ( context, &modulus, &cursor ) ) != 0 )
- goto err_parse;
+ if ( ( rc = rsa_parse_integer ( modulus, &cursor ) ) != 0 )
+ return rc;
asn1_skip_any ( &cursor );
/* Skip public exponent, if applicable */
asn1_skip ( &cursor, ASN1_INTEGER );
/* Extract publicExponent/privateExponent */
- if ( ( rc = rsa_parse_integer ( context, &exponent, &cursor ) ) != 0 )
+ if ( ( rc = rsa_parse_integer ( exponent, &cursor ) ) != 0 )
+ return rc;
+
+ return 0;
+}
+
+/**
+ * Initialise RSA cipher
+ *
+ * @v ctx RSA context
+ * @v key Key
+ * @v key_len Length of key
+ * @ret rc Return status code
+ */
+static int rsa_init ( void *ctx, const void *key, size_t key_len ) {
+ struct rsa_context *context = ctx;
+ struct asn1_cursor modulus;
+ struct asn1_cursor exponent;
+ struct asn1_cursor cursor;
+ int rc;
+
+ /* Initialise context */
+ memset ( context, 0, sizeof ( *context ) );
+
+ /* Initialise cursor */
+ cursor.data = key;
+ cursor.len = key_len;
+
+ /* Parse modulus and exponent */
+ if ( ( rc = rsa_parse_mod_exp ( &modulus, &exponent, &cursor ) ) != 0 ){
+ DBGC ( context, "RSA %p invalid modulus/exponent:\n", context );
+ DBGC_HDA ( context, 0, cursor.data, cursor.len );
goto err_parse;
+ }
DBGC ( context, "RSA %p modulus:\n", context );
DBGC_HDA ( context, 0, modulus.data, modulus.len );
rsa_free ( context );
}
+/**
+ * Check for matching RSA public/private key pair
+ *
+ * @v private_key Private key
+ * @v private_key_len Private key length
+ * @v public_key Public key
+ * @v public_key_len Public key length
+ * @ret rc Return status code
+ */
+static int rsa_match ( const void *private_key, size_t private_key_len,
+ const void *public_key, size_t public_key_len ) {
+ struct asn1_cursor private_modulus;
+ struct asn1_cursor private_exponent;
+ struct asn1_cursor private_cursor;
+ struct asn1_cursor public_modulus;
+ struct asn1_cursor public_exponent;
+ struct asn1_cursor public_cursor;
+ int rc;
+
+ /* Initialise cursors */
+ private_cursor.data = private_key;
+ private_cursor.len = private_key_len;
+ public_cursor.data = public_key;
+ public_cursor.len = public_key_len;
+
+ /* Parse moduli and exponents */
+ if ( ( rc = rsa_parse_mod_exp ( &private_modulus, &private_exponent,
+ &private_cursor ) ) != 0 )
+ return rc;
+ if ( ( rc = rsa_parse_mod_exp ( &public_modulus, &public_exponent,
+ &public_cursor ) ) != 0 )
+ return rc;
+
+ /* Compare moduli */
+ if ( asn1_compare ( &private_modulus, &public_modulus ) != 0 )
+ return -ENOTTY;
+
+ return 0;
+}
+
/** RSA public-key algorithm */
struct pubkey_algorithm rsa_algorithm = {
.name = "rsa",
.sign = rsa_sign,
.verify = rsa_verify,
.final = rsa_final,
+ .match = rsa_match,
};
* @v ctx Context
*/
void ( * final ) ( void *ctx );
+ /** Check that public key matches private key
+ *
+ * @v private_key Private key
+ * @v private_key_len Private key length
+ * @v public_key Public key
+ * @v public_key_len Public key length
+ * @ret rc Return status code
+ */
+ int ( * match ) ( const void *private_key, size_t private_key_len,
+ const void *public_key, size_t public_key_len );
};
static inline void digest_init ( struct digest_algorithm *digest,
pubkey->final ( ctx );
}
+static inline int pubkey_match ( struct pubkey_algorithm *pubkey,
+ const void *private_key,
+ size_t private_key_len, const void *public_key,
+ size_t public_key_len ) {
+ return pubkey->match ( private_key, private_key_len, public_key,
+ public_key_len );
+}
+
extern struct digest_algorithm digest_null;
extern struct cipher_algorithm cipher_null;
extern struct pubkey_algorithm pubkey_null;
projects / thirdparty / ipxe.git / commitdiff
