cms_digest ( cms, part, data, len, digest_out );
/* Initialise public-key algorithm */
- if ( ( rc = pubkey_init ( pubkey, ctx, public_key->raw.data,
- public_key->raw.len ) ) != 0 ) {
+ if ( ( rc = pubkey_init ( pubkey, ctx, &public_key->raw ) ) != 0 ) {
DBGC ( cms, "CMS %p/%p could not initialise public key: %s\n",
cms, part, strerror ( rc ) );
goto err_init;
.auth = cipher_null_auth,
};
-int pubkey_null_init ( void *ctx __unused, const void *key __unused,
- size_t key_len __unused ) {
+int pubkey_null_init ( void *ctx __unused,
+ const struct asn1_cursor *key __unused ) {
return 0;
}
digest_final ( digest, digest_ctx, digest_out );
/* Initialise public-key algorithm */
- if ( ( rc = pubkey_init ( pubkey, pubkey_ctx, public_key->raw.data,
- public_key->raw.len ) ) != 0 ) {
+ if ( ( rc = pubkey_init ( pubkey, pubkey_ctx,
+ &public_key->raw ) ) != 0 ) {
DBGC ( ocsp, "OCSP %p \"%s\" could not initialise public key: "
"%s\n", ocsp, x509_name ( ocsp->cert ), strerror ( rc ));
goto err_init;
*
* @v ctx RSA context
* @v key Key
- * @v key_len Length of key
* @ret rc Return status code
*/
-static int rsa_init ( void *ctx, const void *key, size_t key_len ) {
+static int rsa_init ( void *ctx, const struct asn1_cursor *key ) {
struct rsa_context *context = ctx;
struct asn1_cursor modulus;
struct asn1_cursor exponent;
- struct asn1_cursor cursor;
int rc;
/* Initialise context */
memset ( context, 0, sizeof ( *context ) );
- /* Initialise cursor */
- cursor.data = key;
- cursor.len = key_len;
-
/* Parse modulus and exponent */
- if ( ( rc = rsa_parse_mod_exp ( &modulus, &exponent, &cursor ) ) != 0 ){
+ if ( ( rc = rsa_parse_mod_exp ( &modulus, &exponent, key ) ) != 0 ){
DBGC ( context, "RSA %p invalid modulus/exponent:\n", context );
- DBGC_HDA ( context, 0, cursor.data, cursor.len );
+ DBGC_HDA ( context, 0, key->data, key->len );
goto err_parse;
}
* Check for matching RSA public/private key pair
*
* @v private_key Private key
- * @v private_key_len Private key length
* @v public_key Public key
- * @v public_key_len Public key length
* @ret rc Return status code
*/
-static int rsa_match ( const void *private_key, size_t private_key_len,
- const void *public_key, size_t public_key_len ) {
+static int rsa_match ( const struct asn1_cursor *private_key,
+ const struct asn1_cursor *public_key ) {
struct asn1_cursor private_modulus;
struct asn1_cursor private_exponent;
- struct asn1_cursor private_cursor;
struct asn1_cursor public_modulus;
struct asn1_cursor public_exponent;
- struct asn1_cursor public_cursor;
int rc;
- /* Initialise cursors */
- private_cursor.data = private_key;
- private_cursor.len = private_key_len;
- public_cursor.data = public_key;
- public_cursor.len = public_key_len;
-
/* Parse moduli and exponents */
if ( ( rc = rsa_parse_mod_exp ( &private_modulus, &private_exponent,
- &private_cursor ) ) != 0 )
+ private_key ) ) != 0 )
return rc;
if ( ( rc = rsa_parse_mod_exp ( &public_modulus, &public_exponent,
- &public_cursor ) ) != 0 )
+ public_key ) ) != 0 )
return rc;
/* Compare moduli */
}
/* Verify signature using signer's public key */
- if ( ( rc = pubkey_init ( pubkey, pubkey_ctx, public_key->raw.data,
- public_key->raw.len ) ) != 0 ) {
+ if ( ( rc = pubkey_init ( pubkey, pubkey_ctx,
+ &public_key->raw ) ) != 0 ) {
DBGC ( cert, "X509 %p \"%s\" cannot initialise public key: "
"%s\n", cert, x509_name ( cert ), strerror ( rc ) );
goto err_pubkey_init;
/* Check public key */
cert = link->cert;
if ( pubkey_match ( cert->signature_algorithm->pubkey,
- key->builder.data, key->builder.len,
- cert->subject.public_key.raw.data,
- cert->subject.public_key.raw.len ) == 0 )
+ privkey_cursor ( key ),
+ &cert->subject.public_key.raw ) == 0 )
return x509_found ( store, cert );
}
int rc;
/* Initialise "private" key */
- if ( ( rc = pubkey_init ( pubkey, pubkey_ctx, private->data,
- private->len ) ) != 0 ) {
+ if ( ( rc = pubkey_init ( pubkey, pubkey_ctx, private ) ) != 0 ) {
DBGC ( icert, "ICERT %p could not initialise private key: "
"%s\n", icert, strerror ( rc ) );
goto err_pubkey_init;
#include <stdint.h>
#include <stddef.h>
#include <assert.h>
+#include <ipxe/asn1.h>
/** A message digest algorithm */
struct digest_algorithm {
*
* @v ctx Context
* @v key Key
- * @v key_len Length of key
* @ret rc Return status code
*/
- int ( * init ) ( void *ctx, const void *key, size_t key_len );
+ int ( * init ) ( void *ctx, const struct asn1_cursor *key );
/** Calculate maximum output length
*
* @v ctx Context
/** Check that public key matches private key
*
* @v private_key Private key
- * @v private_key_len Private key length
* @v public_key Public key
- * @v public_key_len Public key length
* @ret rc Return status code
*/
- int ( * match ) ( const void *private_key, size_t private_key_len,
- const void *public_key, size_t public_key_len );
+ int ( * match ) ( const struct asn1_cursor *private_key,
+ const struct asn1_cursor *public_key );
};
/** An elliptic curve */
static inline __attribute__ (( always_inline )) int
pubkey_init ( struct pubkey_algorithm *pubkey, void *ctx,
- const void *key, size_t key_len ) {
- return pubkey->init ( ctx, key, key_len );
+ const struct asn1_cursor *key ) {
+ return pubkey->init ( ctx, key );
}
static inline __attribute__ (( always_inline )) size_t
static inline __attribute__ (( always_inline )) int
pubkey_match ( struct pubkey_algorithm *pubkey,
- const void *private_key, size_t private_key_len,
- const void *public_key, size_t public_key_len ) {
- return pubkey->match ( private_key, private_key_len, public_key,
- public_key_len );
+ const struct asn1_cursor *private_key,
+ const struct asn1_cursor *public_key ) {
+ return pubkey->match ( private_key, public_key );
}
static inline __attribute__ (( always_inline )) int
size_t len );
extern void cipher_null_auth ( void *ctx, void *auth );
-extern int pubkey_null_init ( void *ctx, const void *key, size_t key_len );
+extern int pubkey_null_init ( void *ctx, const struct asn1_cursor *key );
extern size_t pubkey_null_max_len ( void *ctx );
extern int pubkey_null_encrypt ( void *ctx, const void *plaintext,
size_t plaintext_len, void *ciphertext );
tls_verify_handshake ( tls, digest_out );
/* Initialise public-key algorithm */
- if ( ( rc = pubkey_init ( pubkey, ctx, key->data, key->len ) ) != 0 ) {
+ if ( ( rc = pubkey_init ( pubkey, ctx, key ) ) != 0 ) {
DBGC ( tls, "TLS %p could not initialise %s client private "
"key: %s\n", tls, pubkey->name, strerror ( rc ) );
goto err_pubkey_init;
/* Initialise public key algorithm */
if ( ( rc = pubkey_init ( pubkey, cipherspec->pubkey_ctx,
- cert->subject.public_key.raw.data,
- cert->subject.public_key.raw.len ) ) != 0 ) {
+ &cert->subject.public_key.raw ) ) != 0 ) {
DBGC ( tls, "TLS %p cannot initialise public key: %s\n",
tls, strerror ( rc ) );
goto err;
*
* @v pubkey Public key algorithm
* @v key Key
- * @v key_len Key length
* @v ciphertext Ciphertext
* @v ciphertext_len Ciphertext length
* @v expected Expected plaintext
* @v expected_len Expected plaintext length
*/
-#define pubkey_decrypt_ok( pubkey, key, key_len, ciphertext, \
- ciphertext_len, expected, expected_len ) do {\
+#define pubkey_decrypt_ok( pubkey, key, ciphertext, ciphertext_len, \
+ expected, expected_len ) do { \
uint8_t ctx[ (pubkey)->ctxsize ]; \
\
- ok ( pubkey_init ( (pubkey), ctx, (key), (key_len) ) == 0 ); \
+ ok ( pubkey_init ( (pubkey), ctx, (key) ) == 0 ); \
{ \
size_t max_len = pubkey_max_len ( (pubkey), ctx ); \
uint8_t decrypted[ max_len ]; \
*
* @v pubkey Public key algorithm
* @v encrypt_key Encryption key
- * @v encrypt_key_len Encryption key length
* @v decrypt_key Decryption key
- * @v decrypt_key_len Decryption key length
* @v plaintext Plaintext
* @v plaintext_len Plaintext length
*/
-#define pubkey_encrypt_ok( pubkey, encrypt_key, encrypt_key_len, \
- decrypt_key, decrypt_key_len, plaintext, \
+#define pubkey_encrypt_ok( pubkey, encrypt_key, decrypt_key, plaintext, \
plaintext_len ) do { \
uint8_t ctx[ (pubkey)->ctxsize ]; \
\
- ok ( pubkey_init ( (pubkey), ctx, (encrypt_key), \
- (encrypt_key_len) ) == 0 ); \
+ ok ( pubkey_init ( (pubkey), ctx, (encrypt_key) ) == 0 ); \
{ \
size_t max_len = pubkey_max_len ( (pubkey), ctx ); \
uint8_t encrypted[ max_len ]; \
encrypted ); \
ok ( encrypted_len >= 0 ); \
pubkey_decrypt_ok ( (pubkey), (decrypt_key), \
- (decrypt_key_len), encrypted, \
- encrypted_len, (plaintext), \
- (plaintext_len) ); \
+ encrypted, encrypted_len, \
+ (plaintext), (plaintext_len) ); \
} \
pubkey_final ( (pubkey), ctx ); \
} while ( 0 )
*
* @v pubkey Public key algorithm
* @v key Key
- * @v key_len Key length
* @v digest Digest algorithm
* @v plaintext Plaintext
* @v plaintext_len Plaintext length
* @v expected Expected signature
* @v expected_len Expected signature length
*/
-#define pubkey_sign_ok( pubkey, key, key_len, digest, plaintext, \
- plaintext_len, expected, expected_len ) do { \
+#define pubkey_sign_ok( pubkey, key, digest, plaintext, plaintext_len, \
+ expected, expected_len ) do { \
uint8_t ctx[ (pubkey)->ctxsize ]; \
uint8_t digestctx[ (digest)->ctxsize ]; \
uint8_t digestout[ (digest)->digestsize ]; \
(plaintext_len) ); \
digest_final ( (digest), digestctx, digestout ); \
\
- ok ( pubkey_init ( (pubkey), ctx, (key), (key_len) ) == 0 ); \
+ ok ( pubkey_init ( (pubkey), ctx, (key) ) == 0 ); \
{ \
size_t max_len = pubkey_max_len ( (pubkey), ctx ); \
uint8_t signature[ max_len ]; \
*
* @v pubkey Public key algorithm
* @v key Key
- * @v key_len Key length
* @v digest Digest algorithm
* @v plaintext Plaintext
* @v plaintext_len Plaintext length
* @v signature Signature
* @v signature_len Signature length
*/
-#define pubkey_verify_ok( pubkey, key, key_len, digest, plaintext, \
+#define pubkey_verify_ok( pubkey, key, digest, plaintext, \
plaintext_len, signature, signature_len ) do {\
uint8_t ctx[ (pubkey)->ctxsize ]; \
uint8_t digestctx[ (digest)->ctxsize ]; \
(plaintext_len) ); \
digest_final ( (digest), digestctx, digestout ); \
\
- ok ( pubkey_init ( (pubkey), ctx, (key), (key_len) ) == 0 ); \
+ ok ( pubkey_init ( (pubkey), ctx, (key) ) == 0 ); \
ok ( pubkey_verify ( (pubkey), ctx, (digest), digestout, \
(signature), (signature_len) ) == 0 ); \
pubkey_final ( (pubkey), ctx ); \
*
* @v pubkey Public key algorithm
* @v key Key
- * @v key_len Key length
* @v digest Digest algorithm
* @v plaintext Plaintext
* @v plaintext_len Plaintext length
* @v signature Signature
* @v signature_len Signature length
*/
-#define pubkey_verify_fail_ok( pubkey, key, key_len, digest, plaintext, \
+#define pubkey_verify_fail_ok( pubkey, key, digest, plaintext, \
plaintext_len, signature, \
signature_len ) do { \
uint8_t ctx[ (pubkey)->ctxsize ]; \
(plaintext_len) ); \
digest_final ( (digest), digestctx, digestout ); \
\
- ok ( pubkey_init ( (pubkey), ctx, (key), (key_len) ) == 0 ); \
+ ok ( pubkey_init ( (pubkey), ctx, (key) ) == 0 ); \
ok ( pubkey_verify ( (pubkey), ctx, (digest), digestout, \
(signature), (signature_len) ) != 0 ); \
pubkey_final ( (pubkey), ctx ); \
/** An RSA encryption and decryption self-test */
struct rsa_encrypt_decrypt_test {
/** Private key */
- const void *private;
- /** Private key length */
- size_t private_len;
+ const struct asn1_cursor private;
/** Public key */
- const void *public;
- /** Public key length */
- size_t public_len;
+ const struct asn1_cursor public;
/** Plaintext */
const void *plaintext;
/** Plaintext length */
static const uint8_t name ## _plaintext[] = PLAINTEXT; \
static const uint8_t name ## _ciphertext[] = CIPHERTEXT; \
static struct rsa_encrypt_decrypt_test name = { \
- .private = name ## _private, \
- .private_len = sizeof ( name ## _private ), \
- .public = name ## _public, \
- .public_len = sizeof ( name ## _public ), \
+ .private = { \
+ .data = name ## _private, \
+ .len = sizeof ( name ## _private ), \
+ }, \
+ .public = { \
+ .data = name ## _public, \
+ .len = sizeof ( name ## _public ), \
+ }, \
.plaintext = name ## _plaintext, \
.plaintext_len = sizeof ( name ## _plaintext ), \
.ciphertext = name ## _ciphertext, \
/** An RSA signature self-test */
struct rsa_signature_test {
/** Private key */
- const void *private;
- /** Private key length */
- size_t private_len;
+ const struct asn1_cursor private;
/** Public key */
- const void *public;
- /** Public key length */
- size_t public_len;
+ const struct asn1_cursor public;
/** Plaintext */
const void *plaintext;
/** Plaintext length */
static const uint8_t name ## _plaintext[] = PLAINTEXT; \
static const uint8_t name ## _signature[] = SIGNATURE; \
static struct rsa_signature_test name = { \
- .private = name ## _private, \
- .private_len = sizeof ( name ## _private ), \
- .public = name ## _public, \
- .public_len = sizeof ( name ## _public ), \
+ .private = { \
+ .data = name ## _private, \
+ .len = sizeof ( name ## _private ), \
+ }, \
+ .public = { \
+ .data = name ## _public, \
+ .len = sizeof ( name ## _public ), \
+ }, \
.plaintext = name ## _plaintext, \
.plaintext_len = sizeof ( name ## _plaintext ), \
.algorithm = ALGORITHM, \
* @v test RSA encryption and decryption test
*/
#define rsa_encrypt_decrypt_ok( test ) do { \
- pubkey_decrypt_ok ( &rsa_algorithm, (test)->private, \
- (test)->private_len, (test)->ciphertext, \
- (test)->ciphertext_len, (test)->plaintext, \
+ pubkey_decrypt_ok ( &rsa_algorithm, &(test)->private, \
+ (test)->ciphertext, (test)->ciphertext_len, \
+ (test)->plaintext, (test)->plaintext_len );\
+ pubkey_encrypt_ok ( &rsa_algorithm, &(test)->private, \
+ &(test)->public, (test)->plaintext, \
(test)->plaintext_len ); \
- pubkey_encrypt_ok ( &rsa_algorithm, (test)->private, \
- (test)->private_len, (test)->public, \
- (test)->public_len, (test)->plaintext, \
- (test)->plaintext_len ); \
- pubkey_encrypt_ok ( &rsa_algorithm, (test)->public, \
- (test)->public_len, (test)->private, \
- (test)->private_len, (test)->plaintext, \
+ pubkey_encrypt_ok ( &rsa_algorithm, &(test)->public, \
+ &(test)->private, (test)->plaintext, \
(test)->plaintext_len ); \
} while ( 0 )
#define rsa_signature_ok( test ) do { \
struct digest_algorithm *digest = (test)->algorithm->digest; \
uint8_t bad_signature[ (test)->signature_len ]; \
- pubkey_sign_ok ( &rsa_algorithm, (test)->private, \
- (test)->private_len, digest, \
+ pubkey_sign_ok ( &rsa_algorithm, &(test)->private, digest, \
(test)->plaintext, (test)->plaintext_len, \
(test)->signature, (test)->signature_len ); \
- pubkey_verify_ok ( &rsa_algorithm, (test)->public, \
- (test)->public_len, digest, \
+ pubkey_verify_ok ( &rsa_algorithm, &(test)->public, digest, \
(test)->plaintext, (test)->plaintext_len, \
(test)->signature, (test)->signature_len ); \
memset ( bad_signature, 0, sizeof ( bad_signature ) ); \
- pubkey_verify_fail_ok ( &rsa_algorithm, (test)->public, \
- (test)->public_len, digest, \
- (test)->plaintext, \
+ pubkey_verify_fail_ok ( &rsa_algorithm, &(test)->public, \
+ digest, (test)->plaintext, \
(test)->plaintext_len, bad_signature, \
sizeof ( bad_signature ) ); \
} while ( 0 )
projects / thirdparty / ipxe.git / commitdiff
