.auth = cipher_null_auth,
};
-int pubkey_null_encrypt ( const struct asn1_cursor *key __unused,
+int pubkey_null_encrypt ( struct pubkey_algorithm *pubkey __unused,
+ const struct asn1_cursor *key __unused,
const struct asn1_cursor *plaintext __unused,
struct asn1_builder *ciphertext __unused ) {
return -ENOTTY;
}
-int pubkey_null_decrypt ( const struct asn1_cursor *key __unused,
+int pubkey_null_decrypt ( struct pubkey_algorithm *pubkey __unused,
+ const struct asn1_cursor *key __unused,
const struct asn1_cursor *ciphertext __unused,
struct asn1_builder *plaintext __unused ) {
return -ENOTTY;
}
-int pubkey_null_sign ( const struct asn1_cursor *key __unused,
+int pubkey_null_sign ( struct pubkey_algorithm *pubkey __unused,
+ const struct asn1_cursor *key __unused,
struct digest_algorithm *digest __unused,
const void *value __unused,
struct asn1_builder *signature __unused ) {
return -ENOTTY;
}
-int pubkey_null_verify ( const struct asn1_cursor *key __unused,
+int pubkey_null_verify ( struct pubkey_algorithm *pubkey __unused,
+ const struct asn1_cursor *key __unused,
struct digest_algorithm *digest __unused,
const void *value __unused,
const struct asn1_cursor *signature __unused ) {
return -ENOTTY;
}
+int pubkey_null_match ( struct pubkey_algorithm *pubkey __unused,
+ const struct asn1_cursor *private_key __unused,
+ const struct asn1_cursor *public_key __unused ) {
+ return -ENOTTY;
+}
+
struct pubkey_algorithm pubkey_null = {
.name = "null",
.encrypt = pubkey_null_encrypt,
.decrypt = pubkey_null_decrypt,
.sign = pubkey_null_sign,
.verify = pubkey_null_verify,
+ .match = pubkey_null_match,
};
/**
* Sign digest value using ECDSA
*
+ * @v pubkey Public-key algorithm
* @v key Key
* @v digest Digest algorithm
* @v value Digest value
* @v signature Signature
* @ret rc Return status code
*/
-static int ecdsa_sign ( const struct asn1_cursor *key,
+static int ecdsa_sign ( struct pubkey_algorithm *pubkey __unused,
+ const struct asn1_cursor *key,
struct digest_algorithm *digest, const void *value,
struct asn1_builder *signature ) {
struct ecdsa_context ctx;
/**
* Verify signed digest using ECDSA
*
+ * @v pubkey Public-key algorithm
* @v key Key
* @v digest Digest algorithm
* @v value Digest value
* @v signature Signature
* @ret rc Return status code
*/
-static int ecdsa_verify ( const struct asn1_cursor *key,
+static int ecdsa_verify ( struct pubkey_algorithm *pubkey __unused,
+ const struct asn1_cursor *key,
struct digest_algorithm *digest, const void *value,
const struct asn1_cursor *signature ) {
struct ecdsa_context ctx;
/**
* Check for matching ECDSA public/private key pair
*
+ * @v pubkey Public-key algorithm
* @v private_key Private key
* @v public_key Public key
* @ret rc Return status code
*/
-static int ecdsa_match ( const struct asn1_cursor *private_key,
+static int ecdsa_match ( struct pubkey_algorithm *pubkey __unused,
+ const struct asn1_cursor *private_key,
const struct asn1_cursor *public_key ) {
struct elliptic_curve *curve;
- struct ecdsa_key privkey;
- struct ecdsa_key pubkey;
+ struct ecdsa_key private;
+ struct ecdsa_key public;
int rc;
/* Parse keys */
- if ( ( rc = ecdsa_parse_key ( &privkey, private_key ) ) != 0 )
+ if ( ( rc = ecdsa_parse_key ( &private, private_key ) ) != 0 )
return rc;
- if ( ( rc = ecdsa_parse_key ( &pubkey, public_key ) ) != 0 )
+ if ( ( rc = ecdsa_parse_key ( &public, public_key ) ) != 0 )
return rc;
/* Compare curves */
- if ( privkey.curve != pubkey.curve )
+ if ( private.curve != public.curve )
return -ENOTTY;
- curve = privkey.curve;
+ curve = private.curve;
/* Compare public curve points */
- if ( memcmp ( privkey.public, pubkey.public, curve->pointsize ) != 0 )
+ if ( memcmp ( private.public, public.public, curve->pointsize ) != 0 )
return -ENOTTY;
return 0;
/**
* Encrypt using RSA PKCS#1
*
+ * @v pubkey Public-key algorithm
* @v key Key
* @v plaintext Plaintext
* @v ciphertext Ciphertext
* @ret ciphertext_len Length of ciphertext, or negative error
*/
-static int rsa_pkcs1_encrypt ( const struct asn1_cursor *key,
+static int rsa_pkcs1_encrypt ( struct pubkey_algorithm *pubkey __unused,
+ const struct asn1_cursor *key,
const struct asn1_cursor *plaintext,
struct asn1_builder *ciphertext ) {
struct rsa_context context;
/**
* Decrypt using RSA PKCS#1
*
+ * @v pubkey Public-key algorithm
* @v key Key
* @v ciphertext Ciphertext
* @v plaintext Plaintext
* @ret rc Return status code
*/
-static int rsa_pkcs1_decrypt ( const struct asn1_cursor *key,
+static int rsa_pkcs1_decrypt ( struct pubkey_algorithm *pubkey __unused,
+ const struct asn1_cursor *key,
const struct asn1_cursor *ciphertext,
struct asn1_builder *plaintext ) {
struct rsa_context context;
/**
* Sign digest value using RSA
*
+ * @v pubkey Public-key algorithm
* @v key Key
* @v digest Digest algorithm
* @v value Digest value
* @v signature Signature
- * @v encode Encoding method
* @ret rc Return status code
*/
-static int rsa_sign ( const struct asn1_cursor *key,
+static int rsa_sign ( struct pubkey_algorithm *pubkey,
+ const struct asn1_cursor *key,
struct digest_algorithm *digest, const void *value,
- struct asn1_builder *signature, rsa_encode_t *encode ) {
+ struct asn1_builder *signature ) {
+ rsa_encode_t *encode = pubkey->priv;
struct rsa_context context;
int rc;
/**
* Verify signed digest value using RSA
*
+ * @v pubkey Public-key algorithm
* @v key Key
* @v digest Digest algorithm
* @v value Digest value
* @v signature Signature
- * @v encoding Encoding method
* @ret rc Return status code
*/
-static int rsa_verify ( const struct asn1_cursor *key,
+static int rsa_verify ( struct pubkey_algorithm *pubkey,
+ const struct asn1_cursor *key,
struct digest_algorithm *digest, const void *value,
- const struct asn1_cursor *signature,
- rsa_encode_t *encode ) {
+ const struct asn1_cursor *signature ) {
+ rsa_encode_t *encode = pubkey->priv;
struct rsa_context context;
void *temp;
void *expected;
return rc;
}
-/**
- * Sign digest value using RSA PKCS#1
- *
- * @v key Key
- * @v digest Digest algorithm
- * @v value Digest value
- * @v signature Signature
- * @ret rc Return status code
- */
-static int rsa_pkcs1_sign ( const struct asn1_cursor *key,
- struct digest_algorithm *digest, const void *value,
- struct asn1_builder *signature ) {
-
- return rsa_sign ( key, digest, value, signature, rsa_pkcs1_encode );
-}
-
-/**
- * Verify signed digest value using RSA PKCS#1
- *
- * @v key Key
- * @v digest Digest algorithm
- * @v value Digest value
- * @v signature Signature
- * @ret rc Return status code
- */
-static int rsa_pkcs1_verify ( const struct asn1_cursor *key,
- struct digest_algorithm *digest,
- const void *value,
- const struct asn1_cursor *signature ) {
-
- return rsa_verify ( key, digest, value, signature, rsa_pkcs1_encode );
-}
-
-/**
- * Sign digest value using RSA PSS
- *
- * @v key Key
- * @v digest Digest algorithm
- * @v value Digest value
- * @v signature Signature
- * @ret rc Return status code
- */
-static int rsa_pss_sign ( const struct asn1_cursor *key,
- struct digest_algorithm *digest, const void *value,
- struct asn1_builder *signature ) {
-
- return rsa_sign ( key, digest, value, signature, rsa_pss_encode );
-}
-
-/**
- * Verify signed digest value using RSA PSS
- *
- * @v key Key
- * @v digest Digest algorithm
- * @v value Digest value
- * @v signature Signature
- * @ret rc Return status code
- */
-static int rsa_pss_verify ( const struct asn1_cursor *key,
- struct digest_algorithm *digest, const void *value,
- const struct asn1_cursor *signature ) {
-
- return rsa_verify ( key, digest, value, signature, rsa_pss_encode );
-}
-
/**
* Check for matching RSA public/private key pair
*
+ * @v pubkey Public-key algorithm
* @v private_key Private key
* @v public_key Public key
* @ret rc Return status code
*/
-static int rsa_match ( const struct asn1_cursor *private_key,
+static int rsa_match ( struct pubkey_algorithm *pubkey __unused,
+ const struct asn1_cursor *private_key,
const struct asn1_cursor *public_key ) {
struct asn1_cursor private_modulus;
struct asn1_cursor private_exponent;
.name = "rsa",
.encrypt = rsa_pkcs1_encrypt,
.decrypt = rsa_pkcs1_decrypt,
- .sign = rsa_pkcs1_sign,
- .verify = rsa_pkcs1_verify,
+ .sign = rsa_sign,
+ .verify = rsa_verify,
.match = rsa_match,
+ .priv = rsa_pkcs1_encode,
};
/** RSA-PSS public-key algorithm */
.name = "rsa_pss",
.encrypt = pubkey_null_encrypt,
.decrypt = pubkey_null_decrypt,
- .sign = rsa_pss_sign,
- .verify = rsa_pss_verify,
+ .sign = rsa_sign,
+ .verify = rsa_verify,
.match = rsa_match,
+ .priv = rsa_pss_encode,
};
/* Drag in objects via rsa_algorithm */
const char *name;
/** Encrypt
*
+ * @v pubkey Public key algorithm
* @v key Key
* @v plaintext Plaintext
* @v ciphertext Ciphertext
* @ret rc Return status code
*/
- int ( * encrypt ) ( const struct asn1_cursor *key,
+ int ( * encrypt ) ( struct pubkey_algorithm *pubkey,
+ const struct asn1_cursor *key,
const struct asn1_cursor *plaintext,
struct asn1_builder *ciphertext );
/** Decrypt
*
+ * @v pubkey Public key algorithm
* @v key Key
* @v ciphertext Ciphertext
* @v plaintext Plaintext
* @ret rc Return status code
*/
- int ( * decrypt ) ( const struct asn1_cursor *key,
+ int ( * decrypt ) ( struct pubkey_algorithm *pubkey,
+ const struct asn1_cursor *key,
const struct asn1_cursor *ciphertext,
struct asn1_builder *plaintext );
/** Sign digest value
*
+ * @v pubkey Public key algorithm
* @v key Key
* @v digest Digest algorithm
* @v value Digest value
* @v signature Signature
* @ret rc Return status code
*/
- int ( * sign ) ( const struct asn1_cursor *key,
+ int ( * sign ) ( struct pubkey_algorithm *pubkey,
+ const struct asn1_cursor *key,
struct digest_algorithm *digest, const void *value,
struct asn1_builder *builder );
/** Verify signed digest value
*
+ * @v pubkey Public key algorithm
* @v key Key
* @v digest Digest algorithm
* @v value Digest value
* @v signature Signature
* @ret rc Return status code
*/
- int ( * verify ) ( const struct asn1_cursor *key,
+ int ( * verify ) ( struct pubkey_algorithm *pubkey,
+ const struct asn1_cursor *key,
struct digest_algorithm *digest, const void *value,
const struct asn1_cursor *signature );
/** Check that public key matches private key
*
+ * @v pubkey Public key algorithm
* @v private_key Private key
* @v public_key Public key
* @ret rc Return status code
*/
- int ( * match ) ( const struct asn1_cursor *private_key,
+ int ( * match ) ( struct pubkey_algorithm *pubkey,
+ const struct asn1_cursor *private_key,
const struct asn1_cursor *public_key );
+ /** Algorithm private data */
+ void *priv;
};
/** A key exchange algorithm */
pubkey_encrypt ( struct pubkey_algorithm *pubkey, const struct asn1_cursor *key,
const struct asn1_cursor *plaintext,
struct asn1_builder *ciphertext ) {
- return pubkey->encrypt ( key, plaintext, ciphertext );
+ return pubkey->encrypt ( pubkey, key, plaintext, ciphertext );
}
static inline __attribute__ (( always_inline )) int
pubkey_decrypt ( struct pubkey_algorithm *pubkey, const struct asn1_cursor *key,
const struct asn1_cursor *ciphertext,
struct asn1_builder *plaintext ) {
- return pubkey->decrypt ( key, ciphertext, plaintext );
+ return pubkey->decrypt ( pubkey, key, ciphertext, plaintext );
}
static inline __attribute__ (( always_inline )) int
pubkey_sign ( struct pubkey_algorithm *pubkey, const struct asn1_cursor *key,
struct digest_algorithm *digest, const void *value,
struct asn1_builder *signature ) {
- return pubkey->sign ( key, digest, value, signature );
+ return pubkey->sign ( pubkey, key, digest, value, signature );
}
static inline __attribute__ (( always_inline )) int
pubkey_verify ( struct pubkey_algorithm *pubkey, const struct asn1_cursor *key,
struct digest_algorithm *digest, const void *value,
const struct asn1_cursor *signature ) {
- return pubkey->verify ( key, digest, value, signature );
+ return pubkey->verify ( pubkey, key, digest, value, signature );
}
static inline __attribute__ (( always_inline )) int
pubkey_match ( struct pubkey_algorithm *pubkey,
const struct asn1_cursor *private_key,
const struct asn1_cursor *public_key ) {
- return pubkey->match ( private_key, public_key );
+ return pubkey->match ( pubkey, private_key, public_key );
}
static inline __attribute__ (( always_inline )) void
extern void cipher_null_auth ( struct cipher_algorithm *cipher, void *ctx,
void *auth );
-extern int pubkey_null_encrypt ( const struct asn1_cursor *key,
+extern int pubkey_null_encrypt ( struct pubkey_algorithm *pubkey,
+ const struct asn1_cursor *key,
const struct asn1_cursor *plaintext,
struct asn1_builder *ciphertext );
-extern int pubkey_null_decrypt ( const struct asn1_cursor *key,
+extern int pubkey_null_decrypt ( struct pubkey_algorithm *pubkey,
+ const struct asn1_cursor *key,
const struct asn1_cursor *ciphertext,
struct asn1_builder *plaintext );
-extern int pubkey_null_sign ( const struct asn1_cursor *key,
+extern int pubkey_null_sign ( struct pubkey_algorithm *pubkey,
+ const struct asn1_cursor *key,
struct digest_algorithm *digest,
const void *value,
struct asn1_builder *signature );
-extern int pubkey_null_verify ( const struct asn1_cursor *key,
+extern int pubkey_null_verify ( struct pubkey_algorithm *pubkey,
+ const struct asn1_cursor *key,
struct digest_algorithm *digest,
const void *value,
const struct asn1_cursor *signature );
+extern int pubkey_null_match ( struct pubkey_algorithm *pubkey,
+ const struct asn1_cursor *private_key,
+ const struct asn1_cursor *public_key );
extern struct digest_algorithm digest_null;
extern struct cipher_algorithm cipher_null;
projects / thirdparty / ipxe.git / commitdiff
