From patchwork Fri Nov 18 21:16:17 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Prestwood X-Patchwork-Id: 13048799 Received: from mail-pg1-f172.google.com (mail-pg1-f172.google.com [209.85.215.172]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 25EDEA48B for ; Fri, 18 Nov 2022 21:16:40 +0000 (UTC) Received: by mail-pg1-f172.google.com with SMTP id 130so6034237pgc.5 for ; Fri, 18 Nov 2022 13:16:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=b3MhY5Dkv8FZ2EdJDG4v6fQgnFZHvUgwGe4CVer0pqg=; b=axLgn3M+4a67dxHj7Bgxu6+o1A8yPpI58U3Jj/cy/7r9XuKhvY4Bl7rhp0Srgk7L/V VViwiBILiU9WQDqZuRdpXVYb4MLCsjmkiqfmv1Acj44Pfk93seOsL/xxtjoYrsJ89DKq 2Al4QtMsSOjNpUkxVsiHmdtUeh5M1wBACII1CjbLI8mgLQDBd5qgrrTcb3hGdo4WgoYw DlAkM32kocpVSO5HDwaf4ErRyLT5irAwYwlNUmgaSS8LZgqfzSYUrdUQnnzjeesT8UDc Ec2FrYU5myC2q2lyjYaRrCG36lxGrnA/IDhVtBHutfMaV/Ge//JaTYN5nzeeWOHtUwYm nj1w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=b3MhY5Dkv8FZ2EdJDG4v6fQgnFZHvUgwGe4CVer0pqg=; b=tmAj8C+TqWW4qVmtfS3h+JtdupPxPjZ3ulRO8idhEhg+S4k4I6W30rpqhDqf9Nqi+r KtC8GvG5nSEpIeQ7WdSUZEyhD2ARg169ncKg2osTcWegdXIQKtHKf8f6eCo/QaCnqX2z Py6h/WAa0Te8XnF+G7vfKgUWXW5KwR0EUcJ4khsIzflJ6jJkV0Dy2974zeuIXyJqAjYr EMmbCs+ORIximk99DKc/X+QetRQN6UzNXCcV9YKcv/PN707g7CKHEy6YNOeWZ5bhKysU OMMnPC/zKr5CdgJ76A5P+VHBlU/eOgBMt5HI0dLr60wgxosr1AwVYEhMw3UcuFJRBgzk NrfQ== X-Gm-Message-State: ANoB5pmw+31bHSLFncvFlhjwZeQc3MIDzfnL41LW5brUEMO/VpIEZdqm 2mF6DXOjDoGHl8tROr1ikE4tWk9icj8= X-Google-Smtp-Source: AA0mqf5y8zb8A0qvpiOW3fYO5Bj8MN3PYipa5FkWUA5NQ0/vZhmkv+hgOw9M+Qu4sdv9ooWQ0QFTGA== X-Received: by 2002:aa7:9159:0:b0:572:24c7:34da with SMTP id 25-20020aa79159000000b0057224c734damr9673122pfi.73.1668806199429; Fri, 18 Nov 2022 13:16:39 -0800 (PST) Received: from jprestwo-xps.none ([50.39.160.234]) by smtp.gmail.com with ESMTPSA id y12-20020aa79aec000000b0056ee49d6e95sm3630142pfp.86.2022.11.18.13.16.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 18 Nov 2022 13:16:39 -0800 (PST) From: James Prestwood To: ell@lists.linux.dev Cc: James Prestwood Subject: [RFC 1/8] key: add l_key_search Date: Fri, 18 Nov 2022 13:16:17 -0800 Message-Id: <20221118211624.19298-2-prestwoj@gmail.com> X-Mailer: git-send-email 2.34.3 In-Reply-To: <20221118211624.19298-1-prestwoj@gmail.com> References: <20221118211624.19298-1-prestwoj@gmail.com> Precedence: bulk X-Mailing-List: ell@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Search for a key by type, keyring name, and description. Returns the key ID or an error if not found. --- ell/ell.sym | 1 + ell/key.c | 46 ++++++++++++++++++++++++++++++++++++++++++++++ ell/key.h | 3 +++ 3 files changed, 50 insertions(+) diff --git a/ell/ell.sym b/ell/ell.sym index 6df9024..414b288 100644 --- a/ell/ell.sym +++ b/ell/ell.sym @@ -387,6 +387,7 @@ global: l_key_decrypt; l_key_sign; l_key_verify; + l_key_search; l_keyring_new; l_keyring_restrict; l_keyring_free; diff --git a/ell/key.c b/ell/key.c index 24374a5..5a82531 100644 --- a/ell/key.c +++ b/ell/key.c @@ -270,6 +270,26 @@ static long kernel_key_verify(int32_t serial, return result >= 0 ? result : -errno; } +static long kernel_key_request(const char *type, const char *description) +{ + long result; + + result = syscall(__NR_request_key, type, description, NULL, 0); + + return result >= 0 ? result : -errno; +} + +static long kernel_key_search(int32_t keyring_id, const char *type, + const char *description) +{ + long result; + + result = syscall(__NR_keyctl, KEYCTL_SEARCH, keyring_id, type, + description, 0); + + return result >= 0 ? result : -errno; +} + static bool setup_internal_keyring(void) { internal_keyring = kernel_add_key("keyring", "ell-internal", NULL, 0, @@ -283,6 +303,32 @@ static bool setup_internal_keyring(void) return true; } +LIB_EXPORT int32_t l_key_search(enum l_key_type type, const char *keyring, + const char *description) +{ + long keyring_id; + long key_id; + + if (unlikely((size_t)type >= L_ARRAY_SIZE(key_type_names))) + return -EINVAL; + + if (unlikely(!keyring || !description)) + return -EINVAL; + + /* Find the ID of the keyring */ + keyring_id = kernel_key_request("keyring", keyring); + if (keyring_id < 0) + return -ENOENT; + + /* Search for the key by type/description */ + key_id = kernel_key_search(keyring_id, key_type_names[type], + description); + if (key_id < 0) + return -ENOENT; + + return key_id; +} + LIB_EXPORT struct l_key *l_key_new(enum l_key_type type, const void *payload, size_t payload_length) { diff --git a/ell/key.h b/ell/key.h index 6897105..5fe8e00 100644 --- a/ell/key.h +++ b/ell/key.h @@ -62,6 +62,9 @@ enum l_key_cipher_type { struct l_key *l_key_new(enum l_key_type type, const void *payload, size_t payload_length); +int32_t l_key_search(enum l_key_type type, const char *keyring, + const char *description); + void l_key_free(struct l_key *key); void l_key_free_norevoke(struct l_key *key); From patchwork Fri Nov 18 21:16:18 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Prestwood X-Patchwork-Id: 13048801 Received: from mail-pj1-f47.google.com (mail-pj1-f47.google.com [209.85.216.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CB573A48C for ; Fri, 18 Nov 2022 21:16:40 +0000 (UTC) Received: by mail-pj1-f47.google.com with SMTP id d13-20020a17090a3b0d00b00213519dfe4aso6206625pjc.2 for ; Fri, 18 Nov 2022 13:16:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=0wbuZwTsW+RnqzysL9+lXZ9CR85j4jNiYwD8RAd8HhI=; b=NinPkjFWcOEBloTHcdnGVQodc5q9CwjkzXoan8gdYO33yhaXzXiarTgBWXWJ9SwhaD b5NG1BiuyMKts9QtEarViWO8X0TUSUb//o8tQOcJelsSWgUnHOktfLs5qZtLJSmOEbR1 49o9DEvMPd2ZcGlURfMgYtbytaK7LZEdxJj6TxLSFBLDq7zqVZZ90ACvKAQwxl4qEB5q XMNa8T+PMHFSpRc4Gw0TjlVeW0eTcf0b09d2BaKPpYCVjPBS/4L+uKEiKh3lIk8QQlWt PAReUjxSb5aX1TZPrEGlDmVgbWYZrv6vZ4mnd+PkJZwNC9COPBr7/510gjodLFtH5VZx jMIA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=0wbuZwTsW+RnqzysL9+lXZ9CR85j4jNiYwD8RAd8HhI=; b=v1k7+AgIznHuLxj18vW+Go2v6aRC7qym8SOR0u/S4SxSgPXhdR6g3jac4ghf0wmEzw iRk0aP65M1y2bzmXt4EJpoS1RB4WRMV/zkj1la+JbAHQ8SiAAzOxpNvIQurjLLm89bxw g4EIAvibcdA0HTCKNcbC/FdiQmCq5Er7tvCgftWEmw0cE6ZHER4dRhl/Cu666oQrkJcb gZIu4qHvNoNvJBd5IhvuyyM6DyQioE54lNuEKm1JWE5JSBwxQTgrJbzMGydToaD3Mu2e /yEtVLo1+aXZes9NJb6PO9T1A/HaezKgUUAv1aM47vRfXbteh3/8byN+3EOp49d5CVZ2 ZzQw== X-Gm-Message-State: ANoB5plF3JkZknVxuNU4jY2ephfcESJUTWarPZG8FxIxt3fGLzHFRaSF yimmJvMJMY5BHRBejp6Kl3ifkNgtNkg= X-Google-Smtp-Source: AA0mqf44yKZc0X9Y47NOK1FqSeIaTspvRO4PwSLEadonHsy04877ZpaOSIErYwWV8ikf9rAH4HTU9A== X-Received: by 2002:a17:902:c3cc:b0:186:acb1:891d with SMTP id j12-20020a170902c3cc00b00186acb1891dmr1109068plj.160.1668806200142; Fri, 18 Nov 2022 13:16:40 -0800 (PST) Received: from jprestwo-xps.none ([50.39.160.234]) by smtp.gmail.com with ESMTPSA id y12-20020aa79aec000000b0056ee49d6e95sm3630142pfp.86.2022.11.18.13.16.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 18 Nov 2022 13:16:39 -0800 (PST) From: James Prestwood To: ell@lists.linux.dev Cc: James Prestwood Subject: [RFC 2/8] unit: add key search test Date: Fri, 18 Nov 2022 13:16:18 -0800 Message-Id: <20221118211624.19298-3-prestwoj@gmail.com> X-Mailer: git-send-email 2.34.3 In-Reply-To: <20221118211624.19298-1-prestwoj@gmail.com> References: <20221118211624.19298-1-prestwoj@gmail.com> Precedence: bulk X-Mailing-List: ell@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Creates a keyring and key using syscall directly as this is the intended use case of l_key_search() (keys outside of ELL). Then verifies that l_key_search() returns the same ID as the created key. --- unit/test-key.c | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/unit/test-key.c b/unit/test-key.c index 240a02c..0e09cf4 100644 --- a/unit/test-key.c +++ b/unit/test-key.c @@ -24,6 +24,9 @@ #include #endif +#include +#include +#include #include #include @@ -661,6 +664,27 @@ static void test_key_crypto(const void *data) l_key_free(pubkey); } +static void test_key_search(const void *data) +{ + long keyring_id; + long key_id; + + /* + * Search is used to find a key out side of ELL's internal keyring. So + * manually create a keyring/key here rather than using l_key APIs + */ + + keyring_id = syscall(__NR_add_key, "keyring", "my-keyring", NULL, + 0, KEY_SPEC_USER_KEYRING); + assert(keyring_id >= 0); + + key_id = syscall(__NR_add_key, "user", "my-key", + KEY1_STR, KEY1_LEN, keyring_id); + assert(key_id >= 0); + + assert(key_id == l_key_search(L_KEY_RAW, "my-keyring", "my-key")); +} + int main(int argc, char *argv[]) { l_test_init(&argc, &argv); @@ -685,5 +709,7 @@ int main(int argc, char *argv[]) if (l_key_is_supported(L_KEY_FEATURE_CRYPTO)) l_test_add("key crypto", test_key_crypto, NULL); + l_test_add("key search", test_key_search, NULL); + return l_test_run(); } From patchwork Fri Nov 18 21:16:19 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Prestwood X-Patchwork-Id: 13048800 Received: from mail-pg1-f179.google.com (mail-pg1-f179.google.com [209.85.215.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 75977A48D for ; Fri, 18 Nov 2022 21:16:41 +0000 (UTC) Received: by mail-pg1-f179.google.com with SMTP id f3so6051788pgc.2 for ; Fri, 18 Nov 2022 13:16:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=X5GC5gLzE1EINRN6KowrVk/o57xY4IZpmv+uiURo/Lo=; b=GrHu7KwNwui23n8PyWDosw4w4N2LzZgKOAnNfHhklLvxbk3cyGrGiMznx49+vV8Bb4 CGryAQX7SIkY83gWTdxDV6VRg4Cpz2c25TPlsvJ6UWKzmIX/PiC21IWixRsWzSM+g7nI wv4neJAsW7H3KUdyA+N6rAifiFi9sFeHPEO+SzWLqjyhccZMEFcg2yZRpE0AWqmkPu1f ylvLcDRW+6yi5Fg9IbZWcVSG0YniLFevmX2PRti+DREP0DqW7uvY+mWucHTk13PNvJoq Aix5nNw/LxZc2Ki52k297WeUonOmiWdO6bMHC0Zpmn0gjX43iggxfakNlCqf61En5Va7 7pyw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=X5GC5gLzE1EINRN6KowrVk/o57xY4IZpmv+uiURo/Lo=; b=qxxmVpW/RYrq1smpRiA4zz67ALyCgpadiW8n3C6Yua48+oD0Br8ArK3ijRUdJtoAQ6 1Lh7nJqcfqXVaB6musp2FUv9+pIIcyePsDQkpf8GnvRBnEH+ziuKqo/1qm256TECN1bC iEsw+jLBYEHCenD13g030pCEJyTNM1Xb981ULTAboFEuaMu/nnXHK+H2MWy3cjY5SMfy xTiAO5e5MkIUInWSYx9tz4bYnr74mv2H+idvpDHg5V6//vplq6FJJruGBf0uIlBK8mps uBa99GDfafYtMQhrO9kCps/KfMm5sk6tPxjRpSCEJ5rdreBRq46MHMd2CzqqM3TeEfeg x5ZA== X-Gm-Message-State: ANoB5plCr3DcpTu7cCQbN+h0pcbf3GllVjWhyrpV8qBLOtX6muARBHhQ fOreprEx0II2B69WrSbIjFh0uysOLkQ= X-Google-Smtp-Source: AA0mqf6Hy5x7M0AUJYCkzgKlFxMio2225MMxTzwQAdL9aKYEBeHvE8v2YoJkQOIz5vFOZ8tRr19xrg== X-Received: by 2002:a05:6a00:3029:b0:572:8c05:6e2c with SMTP id ay41-20020a056a00302900b005728c056e2cmr9554656pfb.85.1668806200779; Fri, 18 Nov 2022 13:16:40 -0800 (PST) Received: from jprestwo-xps.none ([50.39.160.234]) by smtp.gmail.com with ESMTPSA id y12-20020aa79aec000000b0056ee49d6e95sm3630142pfp.86.2022.11.18.13.16.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 18 Nov 2022 13:16:40 -0800 (PST) From: James Prestwood To: ell@lists.linux.dev Cc: James Prestwood Subject: [RFC 3/8] checksum: commonize checksum creation Date: Fri, 18 Nov 2022 13:16:19 -0800 Message-Id: <20221118211624.19298-4-prestwoj@gmail.com> X-Mailer: git-send-email 2.34.3 In-Reply-To: <20221118211624.19298-1-prestwoj@gmail.com> References: <20221118211624.19298-1-prestwoj@gmail.com> Precedence: bulk X-Mailing-List: ell@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 The various checksums were using virutally the same init code. Make this common which will make initialization by key ID much simpler to add. --- ell/checksum.c | 103 ++++++++++++++++++------------------------------- 1 file changed, 37 insertions(+), 66 deletions(-) diff --git a/ell/checksum.c b/ell/checksum.c index c71205a..e17f070 100644 --- a/ell/checksum.c +++ b/ell/checksum.c @@ -146,55 +146,22 @@ static int create_alg(const char *alg) return sk; } -/** - * l_checksum_new: - * @type: checksum type - * - * Creates new #l_checksum, using the checksum algorithm @type. - * - * Returns: a newly allocated #l_checksum object. - **/ -LIB_EXPORT struct l_checksum *l_checksum_new(enum l_checksum_type type) -{ - struct l_checksum *checksum; - int fd; - - if (!is_valid_index(checksum_algs, type) || !checksum_algs[type].name) - return NULL; - - checksum = l_new(struct l_checksum, 1); - checksum->alg_info = &checksum_algs[type]; - - fd = create_alg(checksum->alg_info->name); - if (fd < 0) - goto error; - - checksum->sk = accept4(fd, NULL, 0, SOCK_CLOEXEC); - close(fd); - - if (checksum->sk < 0) - goto error; - - return checksum; - -error: - l_free(checksum); - return NULL; -} - -LIB_EXPORT struct l_checksum *l_checksum_new_cmac_aes(const void *key, - size_t key_len) +static struct l_checksum *checksum_new_common(const char *alg, int sockopt, + const void *data, size_t len, + struct checksum_info *info) { struct l_checksum *checksum; int fd; - fd = create_alg("cmac(aes)"); + fd = create_alg(alg); if (fd < 0) return NULL; - if (setsockopt(fd, SOL_ALG, ALG_SET_KEY, key, key_len) < 0) { - close(fd); - return NULL; + if (data) { + if (setsockopt(fd, SOL_ALG, sockopt, data, len) < 0) { + close(fd); + return NULL; + } } checksum = l_new(struct l_checksum, 1); @@ -206,40 +173,44 @@ LIB_EXPORT struct l_checksum *l_checksum_new_cmac_aes(const void *key, return NULL; } - checksum->alg_info = &checksum_cmac_aes_alg; + checksum->alg_info = info; return checksum; } -LIB_EXPORT struct l_checksum *l_checksum_new_hmac(enum l_checksum_type type, - const void *key, size_t key_len) +/** + * l_checksum_new: + * @type: checksum type + * + * Creates new #l_checksum, using the checksum algorithm @type. + * + * Returns: a newly allocated #l_checksum object. + **/ +LIB_EXPORT struct l_checksum *l_checksum_new(enum l_checksum_type type) { - struct l_checksum *checksum; - int fd; - - if (!is_valid_index(checksum_hmac_algs, type) || - !checksum_hmac_algs[type].name) - return NULL; - - fd = create_alg(checksum_hmac_algs[type].name); - if (fd < 0) + if (!is_valid_index(checksum_algs, type) || !checksum_algs[type].name) return NULL; - if (setsockopt(fd, SOL_ALG, ALG_SET_KEY, key, key_len) < 0) { - close(fd); - return NULL; - } + return checksum_new_common(checksum_algs[type].name, 0, NULL, 0, + &checksum_algs[type]); +} - checksum = l_new(struct l_checksum, 1); - checksum->sk = accept4(fd, NULL, 0, SOCK_CLOEXEC); - close(fd); +LIB_EXPORT struct l_checksum *l_checksum_new_cmac_aes(const void *key, + size_t key_len) +{ + return checksum_new_common("cmac(aes)", ALG_SET_KEY, key, key_len, + &checksum_cmac_aes_alg); +} - if (checksum->sk < 0) { - l_free(checksum); +LIB_EXPORT struct l_checksum *l_checksum_new_hmac(enum l_checksum_type type, + const void *key, size_t key_len) +{ + if (!is_valid_index(checksum_hmac_algs, type) || + !checksum_hmac_algs[type].name) return NULL; - } - checksum->alg_info = &checksum_hmac_algs[type]; - return checksum; + return checksum_new_common(checksum_hmac_algs[type].name, + ALG_SET_KEY, key, key_len, + &checksum_hmac_algs[type]); } /** From patchwork Fri Nov 18 21:16:20 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Prestwood X-Patchwork-Id: 13048802 Received: from mail-pj1-f54.google.com (mail-pj1-f54.google.com [209.85.216.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0CDDFA48B for ; Fri, 18 Nov 2022 21:16:41 +0000 (UTC) Received: by mail-pj1-f54.google.com with SMTP id w15-20020a17090a380f00b0021873113cb4so5767989pjb.0 for ; Fri, 18 Nov 2022 13:16:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=CAUTsZ3m+AAOnrwq/bW9M0ZTo/k+K/GGIkWw32M8Ukc=; b=iMIwMvGQJxCSUSsG+vY6rzSuNDPDeWYsGHl4PREcQRvvxocYsjVvYzFjQXnS7tNCPS 6eLtjiyaxMjcbKiBq8/2QPsBKTsvkWc0umD1tHUijgGkls/vzvkq5hxzc66H6Q+BBL6+ QaIJkd1IhAHytis27eWz6Pm186EMR1LDlpx5QwfW4eZd1k3RT7HAHqYTyVDMoaCS9OQc DgG/DRQeyrRSIAVIcf2A6rareFCTOavPoilMdNE3grmQaIXlfZHowoXGC7KqsX/SCBTf YPJJ1L7LOZQ+4bcOD7OpOxbue8HceLkn2c+WuHjpiPZkT258PV0H3xpjhS6KFVH5PZX/ LrBw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=CAUTsZ3m+AAOnrwq/bW9M0ZTo/k+K/GGIkWw32M8Ukc=; b=znK+18Gy3RAXSlka+r4OjXSD5SqtcajSES9ZSZNxu2vikpoH6O6xjsFzEl1UZ8cY42 lyy8TfN+TSxEVBeM5bkiK0wlpfRyXNwgdRQtq+5hdmQzT3HlAhHiayAKw6JZPyh1TUE2 8kVGSrMuxziDOfiVHPhCWOasIAXgP/qJa/zvjouY25KYBSNZer2QF0kjRx7GTCRpzgYy 2Yl+dBgKY0TIVThCFpqp4ZoyPn49isnbb4uj5G6hdABNnUvqC6eWC6WIXYmt1pR0ilse rFUBpQpwwnT/Ffr1Zts7gD1Bq33XjWA3i49xG6TUMjsYF/vc4xLk6fFRoeDwC9/Twu7H z5Fg== X-Gm-Message-State: ANoB5pmcV2ndvujpAl9n2D9X297kIsB7ArCvnynVhqOL6kPqGRzF9RDo 7vQqMrg9WymzeDKP4lzCR4sM0SsFIQI= X-Google-Smtp-Source: AA0mqf7zKvr8zBKz+yCJZhMKTOOoGdIpGgeRjUT19cOlrOJnTEjqs8Swat3mnV3NBWsHSXqdZBbu/g== X-Received: by 2002:a17:902:ed93:b0:188:b5d6:2873 with SMTP id e19-20020a170902ed9300b00188b5d62873mr1189082plj.144.1668806201439; Fri, 18 Nov 2022 13:16:41 -0800 (PST) Received: from jprestwo-xps.none ([50.39.160.234]) by smtp.gmail.com with ESMTPSA id y12-20020aa79aec000000b0056ee49d6e95sm3630142pfp.86.2022.11.18.13.16.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 18 Nov 2022 13:16:41 -0800 (PST) From: James Prestwood To: ell@lists.linux.dev Cc: James Prestwood Subject: [RFC 4/8] checksum: add l_checksum_new_hmac_from_key_id Date: Fri, 18 Nov 2022 13:16:20 -0800 Message-Id: <20221118211624.19298-5-prestwoj@gmail.com> X-Mailer: git-send-email 2.34.3 In-Reply-To: <20221118211624.19298-1-prestwoj@gmail.com> References: <20221118211624.19298-1-prestwoj@gmail.com> Precedence: bulk X-Mailing-List: ell@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Same as l_checksum_new_hmac but uses a key ID rather than a key directly. --- ell/checksum.c | 17 +++++++++++++++++ ell/checksum.h | 2 ++ ell/ell.sym | 1 + 3 files changed, 20 insertions(+) diff --git a/ell/checksum.c b/ell/checksum.c index e17f070..dc5e61a 100644 --- a/ell/checksum.c +++ b/ell/checksum.c @@ -68,6 +68,10 @@ struct sockaddr_alg { #define SOL_ALG 279 #endif +#ifndef ALG_SET_KEY_BY_KEY_SERIAL +#define ALG_SET_KEY_BY_KEY_SERIAL 7 +#endif + struct checksum_info { const char *name; uint8_t digest_len; @@ -213,6 +217,19 @@ LIB_EXPORT struct l_checksum *l_checksum_new_hmac(enum l_checksum_type type, &checksum_hmac_algs[type]); } +struct l_checksum *l_checksum_new_hmac_from_key_id(enum l_checksum_type type, + int32_t key_id) +{ + if (!is_valid_index(checksum_hmac_algs, type) || + !checksum_hmac_algs[type].name) + return NULL; + + return checksum_new_common(checksum_hmac_algs[type].name, + ALG_SET_KEY_BY_KEY_SERIAL, + &key_id, sizeof(key_id), + &checksum_hmac_algs[type]); +} + /** * l_checksum_clone: * @checksum: parent checksum object diff --git a/ell/checksum.h b/ell/checksum.h index 531fcb0..3dab13f 100644 --- a/ell/checksum.h +++ b/ell/checksum.h @@ -48,6 +48,8 @@ struct l_checksum *l_checksum_new(enum l_checksum_type type); struct l_checksum *l_checksum_new_cmac_aes(const void *key, size_t key_len); struct l_checksum *l_checksum_new_hmac(enum l_checksum_type type, const void *key, size_t key_len); +struct l_checksum *l_checksum_new_hmac_from_key_id(enum l_checksum_type type, + int32_t key_id); struct l_checksum *l_checksum_clone(struct l_checksum *checksum); void l_checksum_free(struct l_checksum *checksum); diff --git a/ell/ell.sym b/ell/ell.sym index 414b288..08252b8 100644 --- a/ell/ell.sym +++ b/ell/ell.sym @@ -115,6 +115,7 @@ global: l_checksum_new; l_checksum_new_cmac_aes; l_checksum_new_hmac; + l_checksum_new_hmac_from_key_id; l_checksum_clone; l_checksum_free; l_checksum_reset; From patchwork Fri Nov 18 21:16:21 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Prestwood X-Patchwork-Id: 13048803 Received: from mail-pj1-f50.google.com (mail-pj1-f50.google.com [209.85.216.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AEEE6A492 for ; Fri, 18 Nov 2022 21:16:42 +0000 (UTC) Received: by mail-pj1-f50.google.com with SMTP id h14so5549580pjv.4 for ; Fri, 18 Nov 2022 13:16:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=KusMdMhGMdqC/lhe6s1xSGLhI9LFB4lCd0CO28FyslY=; b=MUTs2JIw+oqOnnud03x6uWP9BJ5jgxHn1D444+8INSZt4WgIxjncZiSa602egssly9 mStTtK4Rd0swsmfzs54T8MDq1ezOaDwd9i1tVybHAl/Sf7SZzbEs+8YnsmXagkKd7LvJ ihm0hNbN8D/lpaNL6ntEXVs1izUochNtHgHmz3SWl9A5tPI/F+QzImvte8CkhEUcLT7J aR4ITCITMwzO37r9ja74ZRPQJoODmUeSZGmtH09I9aQ5UqP0dGc99n1gcJNBUYZj8pe4 q89cxbWCC7urWB/rYvuWCME52zai7Jscnux4G1nopcmibcEDuOh10XY1mF7G+Vn2oWdA YlOw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=KusMdMhGMdqC/lhe6s1xSGLhI9LFB4lCd0CO28FyslY=; b=5aXAG+utIlwmG+XjDns2pkOgQa6fTfG8MIZi8DzWGkzw2Ef8mYNXwR1Ge2uV30rp7q /cAFmNjXEre9sEaOogYgAJZ//7P58/A63Yuklp3Mi7fq11wqpn7ZEu31Bmemx/aZ++b8 XH7TGFUyStDcKq9KRsqk+/wscUzt7JLHsF+y31ris2ybP8dtw0vnTuduqa0pJJfSa6jW T3lLMPYcz1niPX8Cov6sLkJmYVVVYso+R4BZ2Th7aOQPygY6vEBmuih59s3Sb3vFyDDF sm3EwaUXgrkB+FpRm7XxayHm6LfyG+84MpLefI3T0Z0xpoahm5DYzBddy5NT0inVRibM qr4g== X-Gm-Message-State: ANoB5pkFyF9xo6K2Amm9DsN2q2uUjWUaV2FJ8Yj8Jj9re1fIeOxbVKbG gaqQPC2akZyy63V6Co9WDi5PzW7WtiM= X-Google-Smtp-Source: AA0mqf6NPTYyBJZrwdQ1LhKrKqw2it/AwRWM2ZJ9oyRPTOH3yuPGCbMuamDqzQbpSXQhwThxqvjZwQ== X-Received: by 2002:a17:902:ab41:b0:187:4738:bf85 with SMTP id ij1-20020a170902ab4100b001874738bf85mr1274555plb.94.1668806202031; Fri, 18 Nov 2022 13:16:42 -0800 (PST) Received: from jprestwo-xps.none ([50.39.160.234]) by smtp.gmail.com with ESMTPSA id y12-20020aa79aec000000b0056ee49d6e95sm3630142pfp.86.2022.11.18.13.16.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 18 Nov 2022 13:16:41 -0800 (PST) From: James Prestwood To: ell@lists.linux.dev Cc: James Prestwood Subject: [RFC 5/8] cert-crypto: refactor l_cert_pkcs5_pbkdf2 Date: Fri, 18 Nov 2022 13:16:21 -0800 Message-Id: <20221118211624.19298-6-prestwoj@gmail.com> X-Mailer: git-send-email 2.34.3 In-Reply-To: <20221118211624.19298-1-prestwoj@gmail.com> References: <20221118211624.19298-1-prestwoj@gmail.com> Precedence: bulk X-Mailing-List: ell@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 This makes the actual algorithm common to prepare for adding a new variant which uses a key ID rather than password. --- ell/cert-crypto.c | 67 +++++++++++++++++++++++++++++------------------ 1 file changed, 41 insertions(+), 26 deletions(-) diff --git a/ell/cert-crypto.c b/ell/cert-crypto.c index e6e8876..bf748b0 100644 --- a/ell/cert-crypto.c +++ b/ell/cert-crypto.c @@ -103,44 +103,34 @@ LIB_EXPORT bool l_cert_pkcs5_pbkdf1(enum l_checksum_type type, return !iter_count; } -/* RFC8018 section 5.2 */ -LIB_EXPORT bool l_cert_pkcs5_pbkdf2(enum l_checksum_type type, - const char *password, - const uint8_t *salt, size_t salt_len, - unsigned int iter_count, - uint8_t *out_dk, size_t dk_len) +static size_t cert_checksum_to_length(enum l_checksum_type type) { - size_t h_len; - struct l_checksum *checksum; - unsigned int i; - switch (type) { case L_CHECKSUM_SHA1: - h_len = 20; - break; + return 20; case L_CHECKSUM_SHA224: - h_len = 28; - break; + return 28; case L_CHECKSUM_SHA256: - h_len = 32; - break; + return 32; case L_CHECKSUM_SHA384: - h_len = 48; - break; + return 48; case L_CHECKSUM_SHA512: - h_len = 64; - break; + return 64; case L_CHECKSUM_NONE: case L_CHECKSUM_MD4: case L_CHECKSUM_MD5: - return false; + return 0; default: - return false; + return 0; } +} - checksum = l_checksum_new_hmac(type, password, strlen(password)); - if (!checksum) - return false; +static bool cert_pkcs5_pbkdf2(struct l_checksum *checksum, const uint8_t *salt, + size_t salt_len, size_t h_len, + unsigned int iter_count, uint8_t *out_dk, + size_t dk_len) +{ + unsigned int i; for (i = 1; dk_len; i++) { unsigned int j, k; @@ -180,9 +170,34 @@ LIB_EXPORT bool l_cert_pkcs5_pbkdf2(enum l_checksum_type type, dk_len -= block_len; } + return !dk_len; +} + +/* RFC8018 section 5.2 */ +LIB_EXPORT bool l_cert_pkcs5_pbkdf2(enum l_checksum_type type, + const char *password, + const uint8_t *salt, size_t salt_len, + unsigned int iter_count, + uint8_t *out_dk, size_t dk_len) +{ + size_t h_len; + struct l_checksum *checksum; + bool r; + + h_len = cert_checksum_to_length(type); + if (!h_len) + return false; + + checksum = l_checksum_new_hmac(type, password, strlen(password)); + if (!checksum) + return false; + + r = cert_pkcs5_pbkdf2(checksum, salt, salt_len, h_len, iter_count, + out_dk, dk_len); + l_checksum_free(checksum); - return !dk_len; + return r; } /* RFC7292 Appendix B */ From patchwork Fri Nov 18 21:16:22 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Prestwood X-Patchwork-Id: 13048804 Received: from mail-pj1-f54.google.com (mail-pj1-f54.google.com [209.85.216.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5759BA48C for ; Fri, 18 Nov 2022 21:16:43 +0000 (UTC) Received: by mail-pj1-f54.google.com with SMTP id w15-20020a17090a380f00b0021873113cb4so5768032pjb.0 for ; Fri, 18 Nov 2022 13:16:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=31QRjXSAHfA4ORht9KleG0HRgqsjkQiBmzqp/g3m96w=; b=hCuc2DKwpQAUYTQOT0CayuFw8MGWoLNAVnHtesHapH5Xlggm+DdRip7INx/GxgkA+5 c2/RcHW+yB1XrK2J3kJe8DXETo1VEMft5k7FHmUDBj1caF0HokWnvPRBDhslj0+PTcJ0 4JlroM/7uOL8ZiCTiFxJLBYadzrLmgZBqvHGRnwmYMWc7TeYiobcqRav7tnYZlMI6HiE bKxoVO923oiWfBbgm4STwZx1xde0aqGOxpti79+7i3Nqzd3bENWkel5G6buIAwI9Tfg8 0/m2nElVOG/xq3y9qMtplkjK/25NP9opSsATCxnksKdLcxa8WQ2hqxB86DGD92gtPx1Y Ky7A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=31QRjXSAHfA4ORht9KleG0HRgqsjkQiBmzqp/g3m96w=; b=l5aloQfTaA+jNEG4RlMu4px1EAI7qDO/Z0tI1uZsVnbLmYXdfXEA8+qUw8ew50cp9l te5pN8ihJXcb1qH1o6iPjElMyc5S6Wrslhb5d9UR6J64zXod6AdCmLjuag5BjHG88MvW gS83hibAW5r3IYi7sE0VZaIBrSl1eKvaNusP5nB2mpDtu2GMYPkRbLEeYWnjkrexJwUZ tZb7FYu6peUyUdMCb6GtlEiwQkGY3vmHhfKa845w+aI2TrPTtGxgaB5LV02ukF3qkY4D UW8eXSF+HwoW7o3zQmw6Uw3ps18ewv1eubhl7HPKYUlR9xoWqh1H1ujOrzq93GWySbAp OMig== X-Gm-Message-State: ANoB5plIqsWerYDAD6dRigNG+Ps5o18w3JydpWtrid3gd8RZagBUO9LY DPSM4K7volMl2cQzWlppTCaGfgzTQ8o= X-Google-Smtp-Source: AA0mqf7SEAPv/MMTOF1QVi+5hYd9uDCb20Pnd1K56o7iE5kwB818SX6bHccL4A8M22VJP0GOqGTiDA== X-Received: by 2002:a17:902:ca8d:b0:186:7db1:d294 with SMTP id v13-20020a170902ca8d00b001867db1d294mr1351783pld.68.1668806202747; Fri, 18 Nov 2022 13:16:42 -0800 (PST) Received: from jprestwo-xps.none ([50.39.160.234]) by smtp.gmail.com with ESMTPSA id y12-20020aa79aec000000b0056ee49d6e95sm3630142pfp.86.2022.11.18.13.16.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 18 Nov 2022 13:16:42 -0800 (PST) From: James Prestwood To: ell@lists.linux.dev Cc: James Prestwood Subject: [RFC 6/8] cert: add l_cert_pkcs5_pbkdf2_from_key_id Date: Fri, 18 Nov 2022 13:16:22 -0800 Message-Id: <20221118211624.19298-7-prestwoj@gmail.com> X-Mailer: git-send-email 2.34.3 In-Reply-To: <20221118211624.19298-1-prestwoj@gmail.com> References: <20221118211624.19298-1-prestwoj@gmail.com> Precedence: bulk X-Mailing-List: ell@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 The same pbkdf2 algorithm but uses a key ID as the password. --- ell/cert-crypto.c | 27 +++++++++++++++++++++++++++ ell/cert.h | 6 +++++- ell/ell.sym | 1 + 3 files changed, 33 insertions(+), 1 deletion(-) diff --git a/ell/cert-crypto.c b/ell/cert-crypto.c index bf748b0..42f602e 100644 --- a/ell/cert-crypto.c +++ b/ell/cert-crypto.c @@ -200,6 +200,33 @@ LIB_EXPORT bool l_cert_pkcs5_pbkdf2(enum l_checksum_type type, return r; } +LIB_EXPORT bool l_cert_pkcs5_pbkdf2_from_key_id(enum l_checksum_type type, + int32_t key_id, + const uint8_t *salt, + size_t salt_len, + unsigned int iter_count, + uint8_t *out_dk, size_t dk_len) +{ + size_t h_len; + struct l_checksum *checksum; + bool r; + + h_len = cert_checksum_to_length(type); + if (!h_len) + return false; + + checksum = l_checksum_new_hmac_from_key_id(type, key_id); + if (!checksum) + return false; + + r = cert_pkcs5_pbkdf2(checksum, salt, salt_len, h_len, iter_count, + out_dk, dk_len); + + l_checksum_free(checksum); + + return r; +} + /* RFC7292 Appendix B */ uint8_t *cert_pkcs12_pbkdf(const char *password, const struct cert_pkcs12_hash *hash, diff --git a/ell/cert.h b/ell/cert.h index f637588..ce430fa 100644 --- a/ell/cert.h +++ b/ell/cert.h @@ -76,7 +76,11 @@ bool l_cert_pkcs5_pbkdf2(enum l_checksum_type type, const char *password, const uint8_t *salt, size_t salt_len, unsigned int iter_count, uint8_t *out_dk, size_t dk_len); - +bool l_cert_pkcs5_pbkdf2_from_key_id(enum l_checksum_type type, + int32_t key_id, const uint8_t *salt, + size_t salt_len, + unsigned int iter_count, + uint8_t *out_dk, size_t dk_len); #ifdef __cplusplus } #endif diff --git a/ell/ell.sym b/ell/ell.sym index 08252b8..2572989 100644 --- a/ell/ell.sym +++ b/ell/ell.sym @@ -565,6 +565,7 @@ global: l_cert_load_container_file; l_cert_pkcs5_pbkdf1; l_cert_pkcs5_pbkdf2; + l_cert_pkcs5_pbkdf2_from_key_id; /* ecc */ l_ecc_supported_ike_groups; l_ecc_supported_tls_groups; From patchwork Fri Nov 18 21:16:23 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Prestwood X-Patchwork-Id: 13048805 Received: from mail-pj1-f46.google.com (mail-pj1-f46.google.com [209.85.216.46]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F0B60A48B for ; Fri, 18 Nov 2022 21:16:43 +0000 (UTC) Received: by mail-pj1-f46.google.com with SMTP id q1-20020a17090a750100b002139ec1e999so6220187pjk.1 for ; Fri, 18 Nov 2022 13:16:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=noSpRLIm8x9UjqoiqGwbEMBQch6vT/oyXTLlibiFOys=; b=YIVFLqBP3mgqcYZzpkJYr9j7+cBhxvIz8Q4vYwtalfl+qJdjo8eu5c27Jw9/i9C6Md D6pANUix2SCl3wUt7gdy6AwUqJ7RPcTbrCuU0q9Sh2T2DsdrrsT4nu4tshFxOkUwwBQZ ftrG2tp/zqXMhlqyCBLUBn3lm63ww6nhYQC/DP1VIVhATre18H5SAMVLwved1BmtynKC xxzvj82AO/TRTSDC3MNfhCCHnHkLWhIInvs0qLJwVBmzJeArHN4neuq+5UIvrIMn053T RR7tHKT4R/nKNYG6n0b5XSxefROLZaW/psMw+Py/b2gHG8RHPcjntRPCgQceswoBdHds mHOQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=noSpRLIm8x9UjqoiqGwbEMBQch6vT/oyXTLlibiFOys=; b=ZzHkeBTGCD4y4FNY4Sap/ZR68Ti0Z2xmXk/TfKA+lHp2D+I4P7TeTqPVVN+C/erVN+ Za0FHuhmjBdHfcLmhGQjhvCD3zSneeQe7QR4ViuAJiEgZ388PB3Ny5lArs0uifEclGhq //GT+STt1MBVkM1JKEcF4+ngn8CXC4ogG+K3qZ9XojUfCYx+mIh4CJZZk37i5E1jgurR /HIRWjGNsN7fvBOKVPT39Ogoa76eTP2hSj98V/5kmHJKZ16W5oRy7V7CjjECkPutNOn3 xNuDoaV2Xkwh8msRgrDlej0vkk4Y7iDUrE+LlvogxvTx81WIUdLszMRXxNXhRA59OqKD Qy5Q== X-Gm-Message-State: ANoB5pm2sLSMKEvvpetSg5+Jt4KxlpuidMeWkT3x2qWPOMoxTOqFstjm +81pIumCV5LtkDGd1IqRFvn+rT5ViaI= X-Google-Smtp-Source: AA0mqf7r/Fv17O+32rHxw7a872vtHC7ha/tFqKGgelQD9q8V8wYRosf7rnqs3L69+XJFHnffhqr+Pg== X-Received: by 2002:a17:902:da84:b0:185:3ecb:d464 with SMTP id j4-20020a170902da8400b001853ecbd464mr1297333plx.78.1668806203294; Fri, 18 Nov 2022 13:16:43 -0800 (PST) Received: from jprestwo-xps.none ([50.39.160.234]) by smtp.gmail.com with ESMTPSA id y12-20020aa79aec000000b0056ee49d6e95sm3630142pfp.86.2022.11.18.13.16.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 18 Nov 2022 13:16:43 -0800 (PST) From: James Prestwood To: ell@lists.linux.dev Cc: James Prestwood Subject: [RFC 7/8] cert: add explicit length to l_cert_pkcs5_pbkdf2 Date: Fri, 18 Nov 2022 13:16:23 -0800 Message-Id: <20221118211624.19298-8-prestwoj@gmail.com> X-Mailer: git-send-email 2.34.3 In-Reply-To: <20221118211624.19298-1-prestwoj@gmail.com> References: <20221118211624.19298-1-prestwoj@gmail.com> Precedence: bulk X-Mailing-List: ell@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Rather than assume the password/key is a NULL terminated string pass the length in too. This is more flexible in case of a binary key. --- ell/cert-crypto.c | 7 ++++--- ell/cert.h | 1 + 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/ell/cert-crypto.c b/ell/cert-crypto.c index 42f602e..ec14c04 100644 --- a/ell/cert-crypto.c +++ b/ell/cert-crypto.c @@ -175,7 +175,7 @@ static bool cert_pkcs5_pbkdf2(struct l_checksum *checksum, const uint8_t *salt, /* RFC8018 section 5.2 */ LIB_EXPORT bool l_cert_pkcs5_pbkdf2(enum l_checksum_type type, - const char *password, + const char *password, size_t pass_len, const uint8_t *salt, size_t salt_len, unsigned int iter_count, uint8_t *out_dk, size_t dk_len) @@ -188,7 +188,7 @@ LIB_EXPORT bool l_cert_pkcs5_pbkdf2(enum l_checksum_type type, if (!h_len) return false; - checksum = l_checksum_new_hmac(type, password, strlen(password)); + checksum = l_checksum_new_hmac(type, password, pass_len); if (!checksum) return false; @@ -648,7 +648,8 @@ static struct l_cipher *cipher_from_pkcs5_pbes2_params( /* RFC8018 section 6.2 */ - if (!l_cert_pkcs5_pbkdf2(prf_alg, password, salt, salt_len, iter_count, + if (!l_cert_pkcs5_pbkdf2(prf_alg, password, strlen(password), salt, + salt_len, iter_count, derived_key, key_len)) return NULL; diff --git a/ell/cert.h b/ell/cert.h index ce430fa..8ad57b6 100644 --- a/ell/cert.h +++ b/ell/cert.h @@ -73,6 +73,7 @@ bool l_cert_pkcs5_pbkdf1(enum l_checksum_type type, const char *password, unsigned int iter_count, uint8_t *out_dk, size_t dk_len); bool l_cert_pkcs5_pbkdf2(enum l_checksum_type type, const char *password, + size_t pass_len, const uint8_t *salt, size_t salt_len, unsigned int iter_count, uint8_t *out_dk, size_t dk_len); From patchwork Fri Nov 18 21:16:24 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Prestwood X-Patchwork-Id: 13048806 Received: from mail-pj1-f41.google.com (mail-pj1-f41.google.com [209.85.216.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 99A80A492 for ; Fri, 18 Nov 2022 21:16:44 +0000 (UTC) Received: by mail-pj1-f41.google.com with SMTP id k2-20020a17090a4c8200b002187cce2f92so4195768pjh.2 for ; Fri, 18 Nov 2022 13:16:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Lakz4iyOJ09x8nvUgCiLLujzVUcwk8jT6aN4/3Fx8UA=; b=c7gCXyFI2t02Oguv5KQ8Fm30KBKao7o032/AZMO8JhcE3DBZty71WAITsXcEgsQ9nf rgSayRqJlFBundvyhkQTYFWRGieeTcqHCEtAUomys+oJslmM3lNdEWQrEAfpTidU7OSN D8xEEbYM7PJcIsuL1WRnQuD22bRbUCIcOp+KE5RhF67y4JsbgOXiiGjpqSvCeVq2bnss U8/61n/4es60uyG69NHMPjKQ/+1wGTnnUKv14rR2lWf1NL5jwMg3spUafzxSwfI0f1nO QFb3iaymlR0NhHkjHyVMEFKHsqVpnZepa9+0XzXa2bT+SO5E3UpGq25cTOtLVKWUIQd1 4keQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Lakz4iyOJ09x8nvUgCiLLujzVUcwk8jT6aN4/3Fx8UA=; b=6jdWfXAkLkP4TDyTj4t0pYFx2A67Hs1mOJiEnSgWDbnaRNk8qTEI0c91mVJGFT9WMs sBWYll4YREl6zI/zQDUa5DsfuB94f1nVLH7pN9C28K6TereSadAmNAlqnCg68Mjd4PPz r83PNrhpABuYyYC4c+89TJixfoJ1hTxSgWYVPH/6VaZ2sfqE/1e5D/BkCzBn+6QbvZpd L00UNVRI4S6kBQrCHA8ySYCafEn8mUVn9Ed3324kSkPI0sUOFczMshY9ESiXG4a7iBzQ VsOyTwk+XsW3El7XhSir+l8BzSlhIDylc6Dt11jl7UVu8qyGXeazI/hLh2C6l7KYs+yi Q3PQ== X-Gm-Message-State: ANoB5pkAdsmIGXeugjYq8ElOwO9+A6Tpl0KRJGxOmVkTOdRB9WBG1MFZ +F+xiuCY4MVSNWuJF/soDoY1h7XxjwQ= X-Google-Smtp-Source: AA0mqf4PrpfbQf7ROhEr3FvJx/4jvT/HOCxag+ZqCQuxPESsWsD9YTMk33UEcn63sBhMtTXgE9q+Dw== X-Received: by 2002:a17:902:ee53:b0:186:9fb9:1f84 with SMTP id 19-20020a170902ee5300b001869fb91f84mr1358229plo.45.1668806203937; Fri, 18 Nov 2022 13:16:43 -0800 (PST) Received: from jprestwo-xps.none ([50.39.160.234]) by smtp.gmail.com with ESMTPSA id y12-20020aa79aec000000b0056ee49d6e95sm3630142pfp.86.2022.11.18.13.16.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 18 Nov 2022 13:16:43 -0800 (PST) From: James Prestwood To: ell@lists.linux.dev Cc: James Prestwood Subject: [RFC 8/8] unit: update test-pbkdf2 with API change Date: Fri, 18 Nov 2022 13:16:24 -0800 Message-Id: <20221118211624.19298-9-prestwoj@gmail.com> X-Mailer: git-send-email 2.34.3 In-Reply-To: <20221118211624.19298-1-prestwoj@gmail.com> References: <20221118211624.19298-1-prestwoj@gmail.com> Precedence: bulk X-Mailing-List: ell@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 --- unit/test-pbkdf2.c | 1 + 1 file changed, 1 insertion(+) diff --git a/unit/test-pbkdf2.c b/unit/test-pbkdf2.c index 3f272ce..1053de2 100644 --- a/unit/test-pbkdf2.c +++ b/unit/test-pbkdf2.c @@ -52,6 +52,7 @@ static void pbkdf2_test(const void *data) key_len = test->key_len ? : (strlen(test->key) / 2); result = l_cert_pkcs5_pbkdf2(L_CHECKSUM_SHA1, test->password, + strlen(test->password), (const uint8_t *) test->salt, salt_len, test->count, output, key_len);