/* Verify digest */
if ( ( rc = pubkey_verify ( pubkey, key, digest, digest_out,
- value->data, value->len ) ) != 0 ) {
+ value ) ) != 0 ) {
DBGC ( cms, "CMS %p/%p signature verification failed: %s\n",
cms, part, strerror ( rc ) );
return rc;
int pubkey_null_verify ( const struct asn1_cursor *key __unused,
struct digest_algorithm *digest __unused,
const void *value __unused,
- const void *signature __unused ,
- size_t signature_len __unused ) {
+ const struct asn1_cursor *signature __unused ) {
return 0;
}
/* Verify digest */
if ( ( rc = pubkey_verify ( pubkey, key, digest, digest_out,
- response->signature.data,
- response->signature.len ) ) != 0 ) {
+ &response->signature ) ) != 0 ) {
DBGC ( ocsp, "OCSP %p \"%s\" signature verification failed: "
"%s\n", ocsp, x509_name ( ocsp->cert ), strerror ( rc ));
return rc;
* @v digest Digest algorithm
* @v value Digest value
* @v signature Signature
- * @v signature_len Signature length
* @ret rc Return status code
*/
static int rsa_verify ( const struct asn1_cursor *key,
struct digest_algorithm *digest, const void *value,
- const void *signature, size_t signature_len ) {
+ const struct asn1_cursor *signature ) {
struct rsa_context context;
void *temp;
void *expected;
DBGC ( &context, "RSA %p verifying %s digest:\n",
&context, digest->name );
DBGC_HDA ( &context, 0, value, digest->digestsize );
- DBGC_HDA ( &context, 0, signature, signature_len );
+ DBGC_HDA ( &context, 0, signature->data, signature->len );
/* Initialise context */
if ( ( rc = rsa_init ( &context, key ) ) != 0 )
goto err_init;
/* Sanity check */
- if ( signature_len != context.max_len ) {
+ if ( signature->len != context.max_len ) {
DBGC ( &context, "RSA %p signature incorrect length (%zd "
"bytes, should be %zd)\n",
- &context, signature_len, context.max_len );
+ &context, signature->len, context.max_len );
rc = -ERANGE;
goto err_sanity;
}
*/
temp = context.input0;
expected = temp;
- rsa_cipher ( &context, signature, expected );
+ rsa_cipher ( &context, signature->data, expected );
DBGC ( &context, "RSA %p deciphered signature:\n", &context );
DBGC_HDA ( &context, 0, expected, context.max_len );
/* Verify signature using signer's public key */
if ( ( rc = pubkey_verify ( pubkey, &public_key->raw, digest,
- digest_out, signature->value.data,
- signature->value.len ) ) != 0 ) {
+ digest_out, &signature->value ) ) != 0 ) {
DBGC ( cert, "X509 %p \"%s\" signature verification failed: "
"%s\n", cert, x509_name ( cert ), strerror ( rc ) );
goto err_pubkey_verify;
* @v digest Digest algorithm
* @v value Digest value
* @v signature Signature
- * @v signature_len Signature length
* @ret rc Return status code
*/
int ( * verify ) ( const struct asn1_cursor *key,
struct digest_algorithm *digest, const void *value,
- const void *signature, size_t signature_len );
+ const struct asn1_cursor *signature );
/** Check that public key matches private key
*
* @v private_key Private key
static inline __attribute__ (( always_inline )) int
pubkey_verify ( struct pubkey_algorithm *pubkey, const struct asn1_cursor *key,
struct digest_algorithm *digest, const void *value,
- const void *signature, size_t signature_len ) {
- return pubkey->verify ( key, digest, value, signature, signature_len );
+ const struct asn1_cursor *signature ) {
+ return pubkey->verify ( key, digest, value, signature );
}
static inline __attribute__ (( always_inline )) int
const void *value, void *signature );
extern int pubkey_null_verify ( const struct asn1_cursor *key,
struct digest_algorithm *digest,
- const void *value, const void *signature ,
- size_t signature_len );
+ const void *value,
+ const struct asn1_cursor *signature );
extern struct digest_algorithm digest_null;
extern struct cipher_algorithm cipher_null;
uint16_t signature_len;
uint8_t signature[0];
} __attribute__ (( packed )) *sig;
+ struct asn1_cursor signature;
const void *data;
size_t remaining;
int rc;
tls->server.exchange_len );
return -EINVAL_KEY_EXCHANGE;
}
+ signature.data = sig->signature;
+ signature.len = ntohs ( sig->signature_len );
/* Identify signature and hash algorithm */
if ( use_sig_hash ) {
/* Verify signature */
{
- const void *signature = sig->signature;
- size_t signature_len = ntohs ( sig->signature_len );
uint8_t ctx[digest->ctxsize];
uint8_t hash[digest->digestsize];
digest_final ( digest, ctx, hash );
/* Verify signature */
- if ( ( rc = pubkey_verify ( pubkey, &tls->server.key,
- digest, hash, signature,
- signature_len ) ) != 0 ) {
+ if ( ( rc = pubkey_verify ( pubkey, &tls->server.key, digest,
+ hash, &signature ) ) != 0 ) {
DBGC ( tls, "TLS %p ServerKeyExchange failed "
"verification\n", tls );
DBGC_HDA ( tls, 0, tls->server.exchange,
struct pubkey_algorithm *pubkey = test->pubkey;
struct digest_algorithm *digest = test->digest;
size_t max_len = pubkey_max_len ( pubkey, &test->private );
- uint8_t bad[test->signature_len];
+ uint8_t bad[test->signature.len];
uint8_t digestctx[digest->ctxsize ];
uint8_t digestout[digest->digestsize];
uint8_t signature[max_len];
+ struct asn1_cursor cursor;
int signature_len;
/* Construct digest over plaintext */
/* Test signing using private key */
signature_len = pubkey_sign ( pubkey, &test->private, digest,
digestout, signature );
- okx ( signature_len == ( ( int ) test->signature_len ), file, line );
- okx ( memcmp ( signature, test->signature, test->signature_len ) == 0,
- file, line );
+ okx ( signature_len == ( ( int ) test->signature.len ), file, line );
+ okx ( memcmp ( signature, test->signature.data,
+ test->signature.len ) == 0, file, line );
/* Test verification using public key */
okx ( pubkey_verify ( pubkey, &test->public, digest, digestout,
- test->signature, test->signature_len ) == 0,
- file, line );
+ &test->signature ) == 0, file, line );
/* Test verification failure of modified signature */
- memcpy ( bad, test->signature, test->signature_len );
- bad[ test->signature_len / 2 ] ^= 0x40;
+ memcpy ( bad, test->signature.data, test->signature.len );
+ bad[ test->signature.len / 2 ] ^= 0x40;
+ cursor.data = bad;
+ cursor.len = test->signature.len;
okx ( pubkey_verify ( pubkey, &test->public, digest, digestout,
- bad, sizeof ( bad ) ) != 0, file, line );
+ &cursor ) != 0, file, line );
}
/** Signature algorithm */
struct digest_algorithm *digest;
/** Signature */
- const void *signature;
- /** Signature length */
- size_t signature_len;
+ const struct asn1_cursor signature;
};
/** Define inline private key data */
.plaintext = name ## _plaintext, \
.plaintext_len = sizeof ( name ## _plaintext ), \
.digest = DIGEST, \
- .signature = name ## _signature, \
- .signature_len = sizeof ( name ## _signature ), \
+ .signature = { \
+ .data = name ## _signature, \
+ .len = sizeof ( name ## _signature ), \
+ }, \
}
extern void pubkey_okx ( struct pubkey_test *test,
projects / thirdparty / ipxe.git / commitdiff
