narenas
/
opengnsys_ipxe
mirror of https://github.com/ipxe/ipxe.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[crypto] Add OID-identified algorithms for AES ciphers 

Extend the definition of an ASN.1 OID-identified algorithm to include
a potential cipher suite, and add identifiers for AES-CBC and AES-GCM.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
pull/1171/head
Michael Brown 2024-08-14 13:02:22 +01:00
parent 3b4d0cb555
commit 998edc6ec5
5 changed files with 196 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/config/config_crypto.c
View File

@ -88,6 +88,16 @@ REQUIRE_OBJECT ( oid_sha512_256 );
REQUIRE_OBJECT ( oid_x25519 ); REQUIRE_OBJECT ( oid_x25519 );
#endif #endif
/* AES-CBC */
#if defined ( CRYPTO_CIPHER_AES_CBC )
REQUIRE_OBJECT ( oid_aes_cbc );
#endif
/* AES-GCM */
#if defined ( CRYPTO_CIPHER_AES_GCM )
REQUIRE_OBJECT ( oid_aes_gcm );
#endif
/* RSA and MD5 */ /* RSA and MD5 */
#if defined ( CRYPTO_PUBKEY_RSA ) && defined ( CRYPTO_DIGEST_MD5 ) #if defined ( CRYPTO_PUBKEY_RSA ) && defined ( CRYPTO_DIGEST_MD5 )
REQUIRE_OBJECT ( rsa_md5 ); REQUIRE_OBJECT ( rsa_md5 );

26
src/crypto/asn1.c
View File

@ -591,6 +591,32 @@ int asn1_digest_algorithm ( const struct asn1_cursor *cursor,
return 0; return 0;
} }
/**
* Parse ASN.1 OID-identified cipher algorithm
*
* @v cursor ASN.1 object cursor
* @ret algorithm Algorithm
* @ret rc Return status code
*/
int asn1_cipher_algorithm ( const struct asn1_cursor *cursor,
struct asn1_algorithm **algorithm ) {
int rc;
/* Parse algorithm */
if ( ( rc = asn1_algorithm ( cursor, algorithm ) ) != 0 )
return rc;
/* Check algorithm has a cipher */
if ( ! (*algorithm)->cipher ) {
DBGC ( cursor, "ASN1 %p algorithm %s is not a cipher "
"algorithm:\n", cursor, (*algorithm)->name );
DBGC_HDA ( cursor, 0, cursor->data, cursor->len );
return -ENOTTY_ALGORITHM;
}
return 0;
}
/** /**
* Parse ASN.1 OID-identified signature algorithm * Parse ASN.1 OID-identified signature algorithm
* *

57
src/crypto/mishmash/oid_aes_cbc.c 100644
View File

@ -0,0 +1,57 @@
/*
* Copyright (C) 2024 Michael Brown <mbrown@fensystems.co.uk>.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License as
* published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
* 02110-1301, USA.
*
* You can also choose to distribute this program under the terms of
* the Unmodified Binary Distribution Licence (as given in the file
* COPYING.UBDL), provided that you have satisfied its requirements.
*/
FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
#include <ipxe/aes.h>
#include <ipxe/asn1.h>
/** "aes128-cbc" object identifier */
static uint8_t oid_aes_128_cbc[] = { ASN1_OID_AES128_CBC };
/** "aes192-cbc" object identifier */
static uint8_t oid_aes_192_cbc[] = { ASN1_OID_AES192_CBC };
/** "aes256-cbc" object identifier */
static uint8_t oid_aes_256_cbc[] = { ASN1_OID_AES256_CBC };
/** "aes128-cbc" OID-identified algorithm */
struct asn1_algorithm aes_128_cbc_algorithm __asn1_algorithm = {
.name = "aes128-cbc",
.cipher = &aes_cbc_algorithm,
.oid = ASN1_CURSOR ( oid_aes_128_cbc ),
};
/** "aes192-cbc" OID-identified algorithm */
struct asn1_algorithm aes_192_cbc_algorithm __asn1_algorithm = {
.name = "aes192-cbc",
.cipher = &aes_cbc_algorithm,
.oid = ASN1_CURSOR ( oid_aes_192_cbc ),
};
/** "aes256-cbc" OID-identified algorithm */
struct asn1_algorithm aes_256_cbc_algorithm __asn1_algorithm = {
.name = "aes256-cbc",
.cipher = &aes_cbc_algorithm,
.oid = ASN1_CURSOR ( oid_aes_256_cbc ),
};

57
src/crypto/mishmash/oid_aes_gcm.c 100644
View File

@ -0,0 +1,57 @@
/*
* Copyright (C) 2024 Michael Brown <mbrown@fensystems.co.uk>.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License as
* published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
* 02110-1301, USA.
*
* You can also choose to distribute this program under the terms of
* the Unmodified Binary Distribution Licence (as given in the file
* COPYING.UBDL), provided that you have satisfied its requirements.
*/
FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
#include <ipxe/aes.h>
#include <ipxe/asn1.h>
/** "aes128-gcm" object identifier */
static uint8_t oid_aes_128_gcm[] = { ASN1_OID_AES128_GCM };
/** "aes192-gcm" object identifier */
static uint8_t oid_aes_192_gcm[] = { ASN1_OID_AES192_GCM };
/** "aes256-gcm" object identifier */
static uint8_t oid_aes_256_gcm[] = { ASN1_OID_AES256_GCM };
/** "aes128-gcm" OID-identified algorithm */
struct asn1_algorithm aes_128_gcm_algorithm __asn1_algorithm = {
.name = "aes128-gcm",
.cipher = &aes_gcm_algorithm,
.oid = ASN1_CURSOR ( oid_aes_128_gcm ),
};
/** "aes192-gcm" OID-identified algorithm */
struct asn1_algorithm aes_192_gcm_algorithm __asn1_algorithm = {
.name = "aes192-gcm",
.cipher = &aes_gcm_algorithm,
.oid = ASN1_CURSOR ( oid_aes_192_gcm ),
};
/** "aes256-gcm" OID-identified algorithm */
struct asn1_algorithm aes_256_gcm_algorithm __asn1_algorithm = {
.name = "aes256-gcm",
.cipher = &aes_gcm_algorithm,
.oid = ASN1_CURSOR ( oid_aes_256_gcm ),
};

46
src/include/ipxe/asn1.h
View File

@ -192,6 +192,48 @@ struct asn1_builder_header {
ASN1_OID_INITIAL ( 1, 3 ), ASN1_OID_SINGLE ( 101 ), \ ASN1_OID_INITIAL ( 1, 3 ), ASN1_OID_SINGLE ( 101 ), \
ASN1_OID_SINGLE ( 110 ) ASN1_OID_SINGLE ( 110 )
/** ASN.1 OID for id-aes128-cbc (2.16.840.1.101.3.4.1.2) */
#define ASN1_OID_AES128_CBC \
ASN1_OID_INITIAL ( 2, 16 ), ASN1_OID_DOUBLE ( 840 ), \
ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 101 ), \
ASN1_OID_SINGLE ( 3 ), ASN1_OID_SINGLE ( 4 ), \
ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 2 )
/** ASN.1 OID for id-aes128-gcm (2.16.840.1.101.3.4.1.6) */
#define ASN1_OID_AES128_GCM \
ASN1_OID_INITIAL ( 2, 16 ), ASN1_OID_DOUBLE ( 840 ), \
ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 101 ), \
ASN1_OID_SINGLE ( 3 ), ASN1_OID_SINGLE ( 4 ), \
ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 6 )
/** ASN.1 OID for id-aes192-cbc (2.16.840.1.101.3.4.1.22) */
#define ASN1_OID_AES192_CBC \
ASN1_OID_INITIAL ( 2, 16 ), ASN1_OID_DOUBLE ( 840 ), \
ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 101 ), \
ASN1_OID_SINGLE ( 3 ), ASN1_OID_SINGLE ( 4 ), \
ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 22 )
/** ASN.1 OID for id-aes192-gcm (2.16.840.1.101.3.4.1.26) */
#define ASN1_OID_AES192_GCM \
ASN1_OID_INITIAL ( 2, 16 ), ASN1_OID_DOUBLE ( 840 ), \
ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 101 ), \
ASN1_OID_SINGLE ( 3 ), ASN1_OID_SINGLE ( 4 ), \
ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 26 )
/** ASN.1 OID for id-aes256-cbc (2.16.840.1.101.3.4.1.42) */
#define ASN1_OID_AES256_CBC \
ASN1_OID_INITIAL ( 2, 16 ), ASN1_OID_DOUBLE ( 840 ), \
ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 101 ), \
ASN1_OID_SINGLE ( 3 ), ASN1_OID_SINGLE ( 4 ), \
ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 42 )
/** ASN.1 OID for id-aes256-gcm (2.16.840.1.101.3.4.1.46) */
#define ASN1_OID_AES256_GCM \
ASN1_OID_INITIAL ( 2, 16 ), ASN1_OID_DOUBLE ( 840 ), \
ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 101 ), \
ASN1_OID_SINGLE ( 3 ), ASN1_OID_SINGLE ( 4 ), \
ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 46 )
/** ASN.1 OID for id-sha256 (2.16.840.1.101.3.4.2.1) */ /** ASN.1 OID for id-sha256 (2.16.840.1.101.3.4.2.1) */
#define ASN1_OID_SHA256 \ #define ASN1_OID_SHA256 \
ASN1_OID_INITIAL ( 2, 16 ), ASN1_OID_DOUBLE ( 840 ), \ ASN1_OID_INITIAL ( 2, 16 ), ASN1_OID_DOUBLE ( 840 ), \
@ -317,6 +359,8 @@ struct asn1_algorithm {
struct pubkey_algorithm *pubkey; struct pubkey_algorithm *pubkey;
/** Digest algorithm (if applicable) */ /** Digest algorithm (if applicable) */
struct digest_algorithm *digest; struct digest_algorithm *digest;
/** Cipher algorithm (if applicable) */
struct cipher_algorithm *cipher;
/** Elliptic curve (if applicable) */ /** Elliptic curve (if applicable) */
struct elliptic_curve *curve; struct elliptic_curve *curve;
}; };
@ -428,6 +472,8 @@ extern int asn1_pubkey_algorithm ( const struct asn1_cursor *cursor,
struct asn1_algorithm **algorithm ); struct asn1_algorithm **algorithm );
extern int asn1_digest_algorithm ( const struct asn1_cursor *cursor, extern int asn1_digest_algorithm ( const struct asn1_cursor *cursor,
struct asn1_algorithm **algorithm ); struct asn1_algorithm **algorithm );
extern int asn1_cipher_algorithm ( const struct asn1_cursor *cursor,
struct asn1_algorithm **algorithm );
extern int asn1_signature_algorithm ( const struct asn1_cursor *cursor, extern int asn1_signature_algorithm ( const struct asn1_cursor *cursor,
struct asn1_algorithm **algorithm ); struct asn1_algorithm **algorithm );
extern int asn1_check_algorithm ( const struct asn1_cursor *cursor, extern int asn1_check_algorithm ( const struct asn1_cursor *cursor,