[PATCH 1/9] unit: Remove asymmetric cipher tests

[PATCH 1/9] unit: Remove asymmetric cipher tests

[Mat Martineau]

[-- Attachment #1: Type: text/plain, Size: 6940 bytes --]

The RSA cipher is tested by test-key, using the keyctl crypto calls.
AF_ALG akcipher is not expected to get merged in the mainline kernel.
---
 unit/test-cipher.c | 119 -----------------------------------------------------
 1 file changed, 119 deletions(-)

diff --git a/unit/test-cipher.c b/unit/test-cipher.c
index 12a922a..a958402 100644
--- a/unit/test-cipher.c
+++ b/unit/test-cipher.c
@@ -123,123 +123,6 @@ static void test_arc4(const void *data)
 	l_cipher_free(cipher);
 }
 
-/*
- * openssl genrsa 1024 | openssl rsa -outform DER | xxd -i
- */
-static uint8_t rsa_priv_key[] = {
-	0x30, 0x82, 0x02, 0x5e, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xe1,
-	0xec, 0x78, 0x3c, 0x5f, 0x62, 0x74, 0x1e, 0x6d, 0x1d, 0x44, 0xac, 0x40,
-	0xb3, 0xec, 0x01, 0x96, 0x01, 0x8a, 0xfe, 0xcf, 0x5d, 0xc5, 0xe6, 0x0c,
-	0x36, 0x03, 0x2c, 0x4e, 0x84, 0x8f, 0x51, 0xf3, 0xc5, 0x32, 0x4f, 0xc4,
-	0x73, 0x22, 0x92, 0x30, 0x7c, 0x75, 0xd7, 0x4b, 0xae, 0xc6, 0xd0, 0x59,
-	0x6b, 0xd8, 0x46, 0x79, 0xbc, 0x6a, 0x6e, 0xde, 0x27, 0x11, 0x2f, 0xde,
-	0x84, 0xe3, 0x64, 0x84, 0x07, 0x82, 0x83, 0xbf, 0x90, 0xf5, 0x80, 0x6f,
-	0x63, 0x3a, 0xd1, 0x74, 0xd5, 0x6d, 0x2f, 0xde, 0xdc, 0xea, 0xab, 0xe5,
-	0x20, 0x7d, 0x26, 0x3e, 0x20, 0x99, 0x97, 0x41, 0x47, 0x81, 0x04, 0x7e,
-	0x53, 0x5c, 0xb2, 0xa9, 0xe0, 0x3d, 0x72, 0x37, 0x85, 0xcc, 0x5c, 0xda,
-	0x04, 0x96, 0xfa, 0x02, 0xc2, 0x23, 0x8b, 0x20, 0x5d, 0xe1, 0x2a, 0x69,
-	0xec, 0xcd, 0xce, 0x85, 0xc2, 0xf5, 0x49, 0x02, 0x03, 0x01, 0x00, 0x01,
-	0x02, 0x81, 0x81, 0x00, 0xa5, 0x31, 0x72, 0xf9, 0x32, 0x05, 0x9b, 0x42,
-	0x64, 0x26, 0x72, 0x80, 0x41, 0x0f, 0x4e, 0x12, 0x1a, 0xcd, 0x26, 0x05,
-	0x0b, 0x3b, 0x55, 0xe8, 0xd0, 0x24, 0xee, 0x4d, 0x07, 0x5c, 0x86, 0x2f,
-	0x36, 0x3f, 0x8a, 0x7a, 0x28, 0xfa, 0xc6, 0xdc, 0x7d, 0xf7, 0x83, 0x72,
-	0xd9, 0x34, 0x02, 0xcb, 0x75, 0x97, 0x15, 0x9c, 0xf2, 0x86, 0x82, 0x8c,
-	0x6e, 0x83, 0xc2, 0x5d, 0x6e, 0x27, 0x5c, 0xdc, 0x52, 0xb8, 0x8d, 0xa8,
-	0x0d, 0x09, 0xcf, 0x69, 0xae, 0x61, 0x0e, 0xcb, 0x6a, 0x76, 0xac, 0xdd,
-	0x85, 0xda, 0x9c, 0xac, 0x2b, 0xf0, 0xf6, 0x2e, 0x2e, 0x4d, 0x9b, 0xc7,
-	0x67, 0xc2, 0xfa, 0x7b, 0x0e, 0x68, 0xf7, 0x1e, 0x03, 0x28, 0xea, 0x0e,
-	0x9a, 0xd6, 0xc3, 0x28, 0x3d, 0xde, 0x11, 0x26, 0xb1, 0x95, 0xf6, 0x10,
-	0x2f, 0x81, 0xa5, 0x60, 0x2c, 0x4f, 0x37, 0x5c, 0x2a, 0xd2, 0x30, 0x01,
-	0x02, 0x41, 0x00, 0xf2, 0x80, 0xa2, 0x57, 0x5c, 0xe0, 0x41, 0x82, 0x00,
-	0xac, 0x0b, 0xbd, 0xad, 0x98, 0x04, 0x33, 0x49, 0x64, 0x0b, 0x94, 0x94,
-	0xc3, 0xd7, 0xd9, 0xfe, 0x1f, 0xa3, 0xd1, 0x83, 0x42, 0x3a, 0x2d, 0xaf,
-	0xc5, 0x4c, 0xa4, 0x1b, 0xe4, 0x1c, 0x9c, 0x17, 0x8e, 0x28, 0xe9, 0xa5,
-	0xd4, 0xbd, 0x9a, 0xce, 0x6e, 0x33, 0xb4, 0xaf, 0xce, 0x13, 0xd2, 0xab,
-	0x0c, 0x4b, 0x34, 0x0d, 0x03, 0x87, 0xa1, 0x02, 0x41, 0x00, 0xee, 0x7f,
-	0x9b, 0xb4, 0x3c, 0x21, 0x76, 0xf2, 0x0c, 0xdf, 0xb6, 0xea, 0xc9, 0x31,
-	0xd4, 0xeb, 0x8f, 0x46, 0x41, 0x9b, 0xc1, 0x60, 0x4f, 0x50, 0x54, 0x32,
-	0xd2, 0xf4, 0xfd, 0xd0, 0xc8, 0x58, 0x6d, 0x17, 0x4e, 0xac, 0x5f, 0x9e,
-	0xb7, 0xd4, 0xfc, 0xce, 0xe0, 0x92, 0x0e, 0x1d, 0xd1, 0xa7, 0x54, 0xd3,
-	0x98, 0xca, 0x5b, 0x9c, 0x41, 0x68, 0xbf, 0x0d, 0x1b, 0xe2, 0xdb, 0xa6,
-	0xec, 0xa9, 0x02, 0x40, 0x0b, 0xc1, 0x72, 0x9d, 0x3b, 0x92, 0x5f, 0x7a,
-	0x96, 0xdf, 0xc0, 0x3d, 0xf4, 0xb1, 0x5e, 0xda, 0xc1, 0x9f, 0x08, 0xf4,
-	0xad, 0xf5, 0x84, 0x7c, 0x3b, 0xd6, 0x7a, 0xd1, 0x88, 0x44, 0x68, 0x9f,
-	0x98, 0x5a, 0xbf, 0x29, 0x61, 0x74, 0xc0, 0x72, 0x4c, 0xae, 0x06, 0x8b,
-	0xb5, 0x0f, 0x48, 0x15, 0xbe, 0x16, 0x17, 0x89, 0x95, 0xd0, 0x2e, 0xa3,
-	0xd2, 0xc8, 0xe8, 0xc8, 0x60, 0x2d, 0x20, 0xa1, 0x02, 0x41, 0x00, 0xdb,
-	0x39, 0xbf, 0x14, 0xf8, 0x24, 0xc6, 0xa2, 0x0d, 0xc5, 0x61, 0xed, 0x05,
-	0x0d, 0x62, 0x2b, 0x38, 0xe2, 0x9a, 0x92, 0x22, 0x39, 0x76, 0x0e, 0x5f,
-	0xa6, 0xec, 0x14, 0xb8, 0x6e, 0x3e, 0x8a, 0x51, 0x94, 0x98, 0x03, 0x88,
-	0x4d, 0x6b, 0xab, 0x42, 0xca, 0xa2, 0xd0, 0x7e, 0x5b, 0x58, 0x88, 0x98,
-	0x47, 0x7b, 0xed, 0x9e, 0x31, 0xce, 0x4a, 0x0b, 0x3b, 0x70, 0x83, 0xa1,
-	0xe6, 0x19, 0x29, 0x02, 0x41, 0x00, 0x9c, 0x88, 0xbb, 0x56, 0x6b, 0x4a,
-	0x81, 0x2c, 0xb3, 0x70, 0xdc, 0xf5, 0x65, 0x45, 0xd4, 0xed, 0xdd, 0xc3,
-	0xdc, 0xc5, 0x27, 0xa3, 0xa0, 0x66, 0x5c, 0x51, 0xeb, 0x52, 0x8c, 0x8d,
-	0x4e, 0xa6, 0x8f, 0x42, 0x5d, 0xb8, 0xa4, 0xa4, 0x26, 0xf3, 0xd6, 0xe5,
-	0x01, 0x6b, 0x51, 0x8a, 0xa4, 0xee, 0xec, 0xff, 0x71, 0x8c, 0xbb, 0xba,
-	0x05, 0x3e, 0x55, 0x14, 0xd9, 0xe4, 0xa4, 0x7f, 0xb7, 0x4f
-};
-
-/* Reference ciphertext:
- * $ openssl rsautl -in fixed_str -inkey privkey.der -keyform DER -encrypt \
- * > -pkcs -out ciphertext
- * $ xxd -i ciphertext
- *
- * where fixed_str is a file containing the first 100 characters of
- * FIXED_STR (above) and privkey.der contains the binary data from the
- * rsa_priv_key array.
- */
-static uint8_t ciphertext[128] = {
-	0x50, 0x86, 0x87, 0x72, 0x37, 0xc1, 0xc7, 0x99, 0xa9, 0xff, 0x56, 0x92,
-	0x9b, 0x8a, 0xf6, 0x31, 0x9b, 0x11, 0x2c, 0x27, 0x1c, 0xa9, 0x07, 0x9b,
-	0xac, 0xb9, 0x31, 0xcd, 0xc1, 0x10, 0x90, 0xd7, 0x3c, 0xa1, 0x43, 0xa1,
-	0xdb, 0xb2, 0x67, 0x48, 0x28, 0xac, 0x0e, 0xbd, 0xd4, 0x62, 0x6b, 0xbd,
-	0x81, 0xf9, 0x5b, 0xd0, 0x29, 0xe5, 0xc8, 0x9a, 0x71, 0x69, 0xd1, 0x61,
-	0x72, 0x95, 0xa5, 0x10, 0x83, 0xee, 0xb4, 0x6d, 0x79, 0xf8, 0xae, 0xe1,
-	0x49, 0xdd, 0x5b, 0x1f, 0x4d, 0x2e, 0xd7, 0xa9, 0xf0, 0xf0, 0x81, 0x01,
-	0x38, 0x58, 0x78, 0x0f, 0x89, 0x3d, 0x60, 0xdb, 0x99, 0x19, 0xb0, 0x14,
-	0x9d, 0xf7, 0xc8, 0x6e, 0xc3, 0x69, 0xdd, 0xb2, 0xcc, 0x07, 0x32, 0x3b,
-	0x88, 0xd3, 0xfa, 0x72, 0xe9, 0xaa, 0x66, 0xc5, 0xd3, 0x4a, 0xff, 0x87,
-	0x6a, 0x78, 0x05, 0x2d, 0x16, 0x7c, 0x98, 0x58
-};
-
-static void test_rsa(const void *data)
-{
-	struct l_asymmetric_cipher *cipher;
-	char buf[128];
-	ssize_t encrypted, decrypted;
-
-	cipher = l_asymmetric_cipher_new(L_CIPHER_RSA_PKCS1_V1_5,
-						rsa_priv_key,
-						sizeof(rsa_priv_key), false);
-	assert(cipher);
-	encrypted = l_asymmetric_cipher_encrypt(cipher, FIXED_STR, buf,
-						100, 128);
-	assert(encrypted == 128);
-
-	assert(memcmp(FIXED_STR, buf, 100));
-
-	decrypted = l_asymmetric_cipher_decrypt(cipher, buf, buf, 128, 128);
-	assert(decrypted == 100);
-	assert(!memcmp(FIXED_STR, buf, 100));
-
-	/* Decrypt reference ciphertext */
-	memset(buf, 0, 128);
-	decrypted = l_asymmetric_cipher_decrypt(cipher, ciphertext, buf,
-						128, 128);
-	assert(decrypted == 100);
-	assert(!memcmp(FIXED_STR, buf, 100));
-
-	/* Decrypt corrupted ciphertext */
-	ciphertext[0] = ciphertext[0] ^ (uint8_t)0xFF;
-	memset(buf, 0, 128);
-	decrypted = l_asymmetric_cipher_decrypt(cipher, ciphertext, buf,
-						128, 128);
-	assert(decrypted < 0);
-
-	l_asymmetric_cipher_free(cipher);
-}
-
 int main(int argc, char *argv[])
 {
 	l_test_init(&argc, &argv);
@@ -250,7 +133,5 @@ int main(int argc, char *argv[])
 
 	l_test_add("arc4", test_arc4, NULL);
 
-	l_test_add("rsa", test_rsa, NULL);
-
 	return l_test_run();
 }
-- 
2.10.0

[PATCH 2/9] cipher: Remove l_asymmetric_cipher

[Mat Martineau]

[-- Attachment #1: Type: text/plain, Size: 5973 bytes --]

AF_ALG akcipher hasn't been merged to the mainline kernel, and it doesn't
appear likely that it will be. ELL has access to RSA crypto in the l_key
module using the keyctl syscall, so l_asymmetric_cipher is not needed.
---
 ell/cipher.c | 161 -----------------------------------------------------------
 ell/cipher.h |  27 ----------
 2 files changed, 188 deletions(-)

diff --git a/ell/cipher.c b/ell/cipher.c
index daa2c2b..0af0b4b 100644
--- a/ell/cipher.c
+++ b/ell/cipher.c
@@ -293,12 +293,6 @@ LIB_EXPORT bool l_cipher_set_iv(struct l_cipher *cipher, const uint8_t *iv,
 	return true;
 }
 
-struct l_asymmetric_cipher {
-	int type;
-	int sk;
-	int key_size;
-};
-
 static inline int parse_asn1_definite_length(const uint8_t **buf,
 						size_t *len)
 {
@@ -347,158 +341,3 @@ uint8_t *der_find_elem(uint8_t *buf, size_t len_in, int index,
 		len_in -= tlv_len;
 	}
 }
-
-static bool parse_rsa_key(struct l_asymmetric_cipher *cipher, const void *key,
-				size_t key_length)
-{
-	/*
-	 * Parse the DER-encoded public or private RSA key to find
-	 * and cache the size of the modulus n for later use.
-	 * (RFC3279)
-	 */
-	size_t seq_length;
-	size_t n_length;
-	uint8_t *seq;
-	uint8_t *der;
-	uint8_t tag;
-
-	if (key_length < 8)
-		return false;
-
-	/* Unpack the outer SEQUENCE */
-	seq = der_find_elem((uint8_t *) key, key_length, 0, &tag, &seq_length);
-	if (!seq || tag != ASN1_ID_SEQUENCE)
-		return false;
-
-	/* First INTEGER may be a 1-byte version (for private key) or
-	 * the modulus (public key)
-	 */
-	der = der_find_elem(seq, seq_length, 0, &tag, &n_length);
-	if (der && tag == ASN1_ID_INTEGER && n_length == 1) {
-		/* Found version number, implies this is a private key. */
-		der = der_find_elem(seq, seq_length, 1, &tag, &n_length);
-	}
-
-	if (!der || tag != ASN1_ID_INTEGER || n_length < 4)
-		return false;
-
-	/* Skip leading zeros */
-	while (n_length && der[0] == 0x00) {
-		der++;
-		n_length--;
-	}
-
-	cipher->key_size = n_length;
-
-	return true;
-}
-
-LIB_EXPORT struct l_asymmetric_cipher *l_asymmetric_cipher_new(
-					enum l_asymmetric_cipher_type type,
-					const void *key, size_t key_length,
-					bool public_key)
-{
-	struct l_asymmetric_cipher *cipher;
-	const char *alg_name;
-
-	if (unlikely(!key))
-		return NULL;
-
-	if (type != L_CIPHER_RSA_PKCS1_V1_5)
-		return NULL;
-
-	cipher = l_new(struct l_asymmetric_cipher, 1);
-	cipher->type = type;
-
-	switch (type) {
-	case L_CIPHER_RSA_PKCS1_V1_5:
-		if (!parse_rsa_key(cipher, key, key_length))
-			goto error_free;
-
-		alg_name = "pkcs1pad(rsa)";
-		break;
-	}
-
-	cipher->sk = create_alg("akcipher", alg_name, key, key_length,
-				public_key);
-	if (cipher->sk < 0)
-		goto error_free;
-
-	return cipher;
-
-error_free:
-	l_free(cipher);
-	return NULL;
-}
-
-LIB_EXPORT void l_asymmetric_cipher_free(struct l_asymmetric_cipher *cipher)
-{
-	if (unlikely(!cipher))
-		return;
-
-	close(cipher->sk);
-
-	l_free(cipher);
-}
-
-LIB_EXPORT int l_asymmetric_cipher_get_key_size(
-					struct l_asymmetric_cipher *cipher)
-{
-	return cipher->key_size;
-}
-
-LIB_EXPORT ssize_t l_asymmetric_cipher_encrypt(struct l_asymmetric_cipher *cipher,
-						const void *in, void *out,
-						size_t len_in, size_t len_out)
-{
-	if (unlikely(!cipher))
-		return false;
-
-	if (unlikely(!in) || unlikely(!out))
-		return false;
-
-	return operate_cipher(cipher->sk, ALG_OP_ENCRYPT, in, out, len_in,
-				len_out);
-}
-
-LIB_EXPORT ssize_t l_asymmetric_cipher_decrypt(struct l_asymmetric_cipher *cipher,
-						const void *in, void *out,
-						size_t len_in, size_t len_out)
-{
-	if (unlikely(!cipher))
-		return false;
-
-	if (unlikely(!in) || unlikely(!out))
-		return false;
-
-	return operate_cipher(cipher->sk, ALG_OP_DECRYPT, in, out, len_in,
-				len_out);
-}
-
-LIB_EXPORT ssize_t l_asymmetric_cipher_sign(struct l_asymmetric_cipher *cipher,
-						const void *in, void *out,
-						size_t len_in, size_t len_out)
-{
-	if (unlikely(!cipher))
-		return false;
-
-	if (unlikely(!in) || unlikely(!out))
-		return false;
-
-	return operate_cipher(cipher->sk, ALG_OP_SIGN, in, out, len_in,
-				len_out);
-}
-
-LIB_EXPORT ssize_t l_asymmetric_cipher_verify(struct l_asymmetric_cipher *cipher,
-						const void *in, void *out,
-						size_t len_in, size_t len_out)
-{
-	if (unlikely(!cipher))
-		return false;
-
-	if (unlikely(!in) || unlikely(!out))
-		return false;
-
-	return operate_cipher(cipher->sk, ALG_OP_VERIFY, in, out, len_in,
-				len_out);
-}
diff --git a/ell/cipher.h b/ell/cipher.h
index 45e51c7..9f09d76 100644
--- a/ell/cipher.h
+++ b/ell/cipher.h
@@ -50,37 +50,10 @@ bool l_cipher_decrypt(struct l_cipher *cipher,
 bool l_cipher_set_iv(struct l_cipher *cipher, const uint8_t *iv,
 			size_t iv_length);
 
-struct l_asymmetric_cipher;
-
 enum l_asymmetric_cipher_type {
 	L_CIPHER_RSA_PKCS1_V1_5,
 };
 
-struct l_asymmetric_cipher *l_asymmetric_cipher_new(
-					enum l_asymmetric_cipher_type type,
-					const void *key, size_t key_length,
-					bool public_key);
-
-void l_asymmetric_cipher_free(struct l_asymmetric_cipher *cipher);
-
-int l_asymmetric_cipher_get_key_size(struct l_asymmetric_cipher *cipher);
-
-ssize_t l_asymmetric_cipher_encrypt(struct l_asymmetric_cipher *cipher,
-					const void *in, void *out,
-					size_t len_in, size_t len_out);
-
-ssize_t l_asymmetric_cipher_decrypt(struct l_asymmetric_cipher *cipher,
-					const void *in, void *out,
-					size_t len_in, size_t len_out);
-
-ssize_t l_asymmetric_cipher_sign(struct l_asymmetric_cipher *cipher,
-					const void *in, void *out,
-					size_t len_in, size_t len_out);
-
-ssize_t l_asymmetric_cipher_verify(struct l_asymmetric_cipher *cipher,
-					const void *in, void *out,
-					size_t len_in, size_t len_out);
-
 #ifdef __cplusplus
 }
 #endif
-- 
2.10.0

[PATCH 3/9] key: Update restricted keyring syscall syntax

[Mat Martineau]

[-- Attachment #1: Type: text/plain, Size: 569 bytes --]

---
 ell/key.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/ell/key.c b/ell/key.c
index 83888c6..b529f8a 100644
--- a/ell/key.c
+++ b/ell/key.c
@@ -500,9 +500,7 @@ LIB_EXPORT struct l_keyring *l_keyring_new(enum l_keyring_type type,
 			return NULL;
 
 		payload = l_strdup_printf(
-			"restrict_type=asymmetric "
-			"restrict_by=keyring "
-			"restrict_key=%d",
+			"restrict=asymmetric:key_or_keyring:%d",
 			trusted->serial);
 		payload_length = strlen(payload);
 	} else if (type != L_KEYRING_SIMPLE) {
-- 
2.10.0

[PATCH 4/9] key: Move asymmetric cipher type definition to the key subsystem

[Mat Martineau]

[-- Attachment #1: Type: text/plain, Size: 7627 bytes --]

---
 ell/cipher.h |  4 ----
 ell/key.c    | 16 ++++++++--------
 ell/key.h    | 15 +++++++++------
 ell/tls.c    | 16 ++++++++--------
 4 files changed, 25 insertions(+), 26 deletions(-)

diff --git a/ell/cipher.h b/ell/cipher.h
index 9f09d76..f5c6646 100644
--- a/ell/cipher.h
+++ b/ell/cipher.h
@@ -50,10 +50,6 @@ bool l_cipher_decrypt(struct l_cipher *cipher,
 bool l_cipher_set_iv(struct l_cipher *cipher, const uint8_t *iv,
 			size_t iv_length);
 
-enum l_asymmetric_cipher_type {
-	L_CIPHER_RSA_PKCS1_V1_5,
-};
-
 #ifdef __cplusplus
 }
 #endif
diff --git a/ell/key.c b/ell/key.c
index b529f8a..a0cfcd4 100644
--- a/ell/key.c
+++ b/ell/key.c
@@ -336,12 +336,12 @@ LIB_EXPORT ssize_t l_key_get_payload_size(struct l_key *key)
 	return kernel_read_key(key->serial, NULL, 0);
 }
 
-static const char *lookup_cipher(enum l_asymmetric_cipher_type cipher)
+static const char *lookup_cipher(enum l_key_cipher_type cipher)
 {
 	const char* ret = NULL;
 
 	switch (cipher) {
-	case L_CIPHER_RSA_PKCS1_V1_5:
+	case L_KEY_RSA_PKCS1_V1_5:
 		ret = "pkcs1";
 		break;
 	}
@@ -376,7 +376,7 @@ static const char *lookup_checksum(enum l_checksum_type checksum)
 	return ret;
 }
 
-bool l_key_get_info(struct l_key *key, enum l_asymmetric_cipher_type cipher,
+bool l_key_get_info(struct l_key *key, enum l_key_cipher_type cipher,
 			enum l_checksum_type hash, size_t *bits,
 			bool *public)
 {
@@ -424,7 +424,7 @@ LIB_EXPORT bool l_key_compute_dh_secret(struct l_key *other_public,
 
 /* Common code for encrypt/decrypt/sign */
 static ssize_t eds_common(struct l_key *key,
-				enum l_asymmetric_cipher_type cipher,
+				enum l_key_cipher_type cipher,
 				enum l_checksum_type checksum, const void *in,
 				void *out, size_t len_in, size_t len_out,
 				int op)
@@ -438,7 +438,7 @@ static ssize_t eds_common(struct l_key *key,
 }
 
 LIB_EXPORT ssize_t l_key_encrypt(struct l_key *key,
-					enum l_asymmetric_cipher_type cipher,
+					enum l_key_cipher_type cipher,
 					enum l_checksum_type checksum,
 					const void *in, void *out,
 					size_t len_in, size_t len_out)
@@ -448,7 +448,7 @@ LIB_EXPORT ssize_t l_key_encrypt(struct l_key *key,
 }
 
 LIB_EXPORT ssize_t l_key_decrypt(struct l_key *key,
-					enum l_asymmetric_cipher_type cipher,
+					enum l_key_cipher_type cipher,
 					enum l_checksum_type checksum,
 					const void *in, void *out,
 					size_t len_in, size_t len_out)
@@ -458,7 +458,7 @@ LIB_EXPORT ssize_t l_key_decrypt(struct l_key *key,
 }
 
 LIB_EXPORT ssize_t l_key_sign(struct l_key *key,
-				enum l_asymmetric_cipher_type cipher,
+				enum l_key_cipher_type cipher,
 				enum l_checksum_type checksum, const void *in,
 				void *out, size_t len_in, size_t len_out)
 {
@@ -467,7 +467,7 @@ LIB_EXPORT ssize_t l_key_sign(struct l_key *key,
 }
 
 LIB_EXPORT bool l_key_verify(struct l_key *key,
-				enum l_asymmetric_cipher_type cipher,
+				enum l_key_cipher_type cipher,
 				enum l_checksum_type checksum, const void *data,
 				const void *sig, size_t len_data,
 				size_t len_sig)
diff --git a/ell/key.h b/ell/key.h
index 9cc69ff..4cd6cfe 100644
--- a/ell/key.h
+++ b/ell/key.h
@@ -31,7 +31,6 @@ extern "C" {
 #include <stdbool.h>
 
 #include <ell/checksum.h>
-#include <ell/cipher.h>
 
 struct l_key;
 struct l_keyring;
@@ -46,6 +45,10 @@ enum l_keyring_type {
 	L_KEYRING_TRUSTED_ASYM
 };
 
+enum l_key_cipher_type {
+	L_KEY_RSA_PKCS1_V1_5,
+};
+
 struct l_key *l_key_new(enum l_key_type type, const void *payload,
 			size_t payload_length);
 
@@ -57,7 +60,7 @@ bool l_key_extract(struct l_key *key, void *payload, size_t *len);
 
 ssize_t l_key_get_payload_size(struct l_key *key);
 
-bool l_key_get_info(struct l_key *key, enum l_asymmetric_cipher_type cipher,
+bool l_key_get_info(struct l_key *key, enum l_key_cipher_type cipher,
 			enum l_checksum_type checksum, size_t *bits,
 			bool *public);
 
@@ -67,19 +70,19 @@ bool l_key_compute_dh_public(struct l_key *generator, struct l_key *private,
 bool l_key_compute_dh_secret(struct l_key *other_public, struct l_key *private,
 			     struct l_key *prime, void *payload, size_t *len);
 
-ssize_t l_key_encrypt(struct l_key *key, enum l_asymmetric_cipher_type cipher,
+ssize_t l_key_encrypt(struct l_key *key, enum l_key_cipher_type cipher,
 			enum l_checksum_type checksum, const void *in,
 			void *out, size_t len_in, size_t len_out);
 
-ssize_t l_key_decrypt(struct l_key *key, enum l_asymmetric_cipher_type cipher,
+ssize_t l_key_decrypt(struct l_key *key, enum l_key_cipher_type cipher,
 			enum l_checksum_type checksum, const void *in,
 			void *out, size_t len_in, size_t len_out);
 
-ssize_t l_key_sign(struct l_key *key, enum l_asymmetric_cipher_type cipher,
+ssize_t l_key_sign(struct l_key *key, enum l_key_cipher_type cipher,
 			enum l_checksum_type checksum, const void *in,
 			void *out, size_t len_in, size_t len_out);
 
-bool l_key_verify(struct l_key *key, enum l_asymmetric_cipher_type cipher,
+bool l_key_verify(struct l_key *key, enum l_key_cipher_type cipher,
 			enum l_checksum_type checksum, const void *data,
 			const void *sig, size_t len_data, size_t len_sig);
 
diff --git a/ell/tls.c b/ell/tls.c
index dc14b34..9b33ffb 100644
--- a/ell/tls.c
+++ b/ell/tls.c
@@ -875,9 +875,9 @@ static bool tls_send_rsa_client_key_xchg(struct l_tls *tls)
 
 	l_put_be16(tls->peer_pubkey_size, ptr);
 	bytes_encrypted = l_key_encrypt(tls->peer_pubkey,
-					L_CIPHER_RSA_PKCS1_V1_5,
-					L_CHECKSUM_NONE, pre_master_secret,
-					ptr + 2, 48, tls->peer_pubkey_size);
+					L_KEY_RSA_PKCS1_V1_5, L_CHECKSUM_NONE,
+					pre_master_secret, ptr + 2, 48,
+					tls->peer_pubkey_size);
 	ptr += tls->peer_pubkey_size + 2;
 
 	if (bytes_encrypted != (ssize_t) tls->peer_pubkey_size) {
@@ -939,7 +939,7 @@ static ssize_t tls_rsa_sign(struct l_tls *tls, uint8_t *out, size_t len,
 		}
 
 		l_put_be16(tls->priv_key_size, out);
-		result = l_key_sign(tls->priv_key, L_CIPHER_RSA_PKCS1_V1_5,
+		result = l_key_sign(tls->priv_key, L_KEY_RSA_PKCS1_V1_5,
 					L_CHECKSUM_NONE, sign_input, out + 2,
 					sign_input_len, tls->priv_key_size);
 
@@ -1026,7 +1026,7 @@ static bool tls_rsa_verify(struct l_tls *tls, const uint8_t *in, size_t len,
 		 */
 	}
 
-	success = l_key_verify(tls->peer_pubkey, L_CIPHER_RSA_PKCS1_V1_5,
+	success = l_key_verify(tls->peer_pubkey, L_KEY_RSA_PKCS1_V1_5,
 				L_CHECKSUM_NONE, expected, in + 4,
 				expected_len, tls->peer_pubkey_size);
 
@@ -1519,7 +1519,7 @@ static void tls_handle_certificate(struct l_tls *tls,
 		goto done;
 	}
 
-	if (!l_key_get_info(tls->peer_pubkey, L_CIPHER_RSA_PKCS1_V1_5,
+	if (!l_key_get_info(tls->peer_pubkey, L_KEY_RSA_PKCS1_V1_5,
 					L_CHECKSUM_NONE, &tls->peer_pubkey_size,
 					&dummy)) {
 		tls_disconnect(tls, TLS_ALERT_INTERNAL_ERROR, 0);
@@ -1707,7 +1707,7 @@ static void tls_handle_rsa_client_key_xchg(struct l_tls *tls,
 		return;
 	}
 
-	bytes_decrypted = l_key_decrypt(tls->priv_key, L_CIPHER_RSA_PKCS1_V1_5,
+	bytes_decrypted = l_key_decrypt(tls->priv_key, L_KEY_RSA_PKCS1_V1_5,
 					L_CHECKSUM_NONE, buf + 2,
 					pre_master_secret, tls->priv_key_size,
 					48);
@@ -2232,7 +2232,7 @@ LIB_EXPORT bool l_tls_set_auth_data(struct l_tls *tls, const char *cert_path,
 			l_free(priv_key);
 		}
 
-		if (!l_key_get_info(tls->priv_key, L_CIPHER_RSA_PKCS1_V1_5,
+		if (!l_key_get_info(tls->priv_key, L_KEY_RSA_PKCS1_V1_5,
 					L_CHECKSUM_NONE, &tls->priv_key_size,
 					&is_public) || is_public) {
 			l_key_free(tls->priv_key);
-- 
2.10.0

[PATCH 5/9] unit: Update RSA cipher type name

[Mat Martineau]

[-- Attachment #1: Type: text/plain, Size: 543 bytes --]

---
 unit/test-key.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/unit/test-key.c b/unit/test-key.c
index 0742eb7..bd3e72f 100644
--- a/unit/test-key.c
+++ b/unit/test-key.c
@@ -492,7 +492,7 @@ static void test_key_crypto(const void *data)
 	ssize_t len;
 	struct l_checksum *checksum;
 	int hash = L_CHECKSUM_SHA256;
-	int rsa = L_CIPHER_RSA_PKCS1_V1_5;
+	int rsa = L_KEY_RSA_PKCS1_V1_5;
 
 	cert = l_pem_load_private_key(TESTDATADIR "/cert-client-key-pkcs8.pem",
 					NULL, &certlen);
-- 
2.10.0

[PATCH 6/9] key: Do RSA PKCS1 v1.5 padding in userspace instead of the kernel

[Mat Martineau]

[-- Attachment #1: Type: text/plain, Size: 7599 bytes --]

Kernel v4.8 removed the ability to perform RSA signing or verification
without also generating or verifying an additional hash, which breaks a
major use case for ELL crypto. Instead, rely on RSA raw operations.

Using raw RSA means the keyctl RSA verify operation no longer functions
for padded signatures, since it attempts to compare the results before
they are unpadded. Since the math for the "encrypt" op is the same, that
can be used instead.
---
 ell/key.c | 202 ++++++++++++++++++++++++++++++++++++++++++++++++++++----------
 ell/key.h |   1 +
 2 files changed, 173 insertions(+), 30 deletions(-)

diff --git a/ell/key.c b/ell/key.c
index a0cfcd4..24c42a2 100644
--- a/ell/key.c
+++ b/ell/key.c
@@ -35,6 +35,7 @@
 #include "util.h"
 #include "key.h"
 #include "string.h"
+#include "random.h"
 
 #ifndef KEYCTL_DH_COMPUTE
 #define KEYCTL_DH_COMPUTE 23
@@ -223,24 +224,6 @@ static long kernel_key_eds(int op, int32_t serial, const char *encoding,
 	return result >= 0 ? result : -errno;
 }
 
-static long kernel_key_verify(int32_t serial, const char *encoding,
-				const char *hash, const void *data,
-				const void *sig, size_t len_data,
-				size_t len_sig)
-{
-	long result;
-	struct keyctl_pkey_params params = { .key_id = serial,
-					     .in_len = len_data,
-					     .in2_len = len_sig };
-	char *info = format_key_info(encoding, hash);
-
-	result = syscall(__NR_keyctl, KEYCTL_PKEY_VERIFY, &params, info ?: "",
-				data, sig);
-	l_free(info);
-
-	return result >= 0 ? result : -errno;
-}
-
 static bool setup_internal_keyring(void)
 {
 	internal_keyring = kernel_add_key("keyring", "ell-internal", NULL, 0,
@@ -342,7 +325,13 @@ static const char *lookup_cipher(enum l_key_cipher_type cipher)
 
 	switch (cipher) {
 	case L_KEY_RSA_PKCS1_V1_5:
-		ret = "pkcs1";
+		/* Padding is handled in userspace, so the kernel only sees
+		 * raw RSA operations
+		 */
+		ret = "raw";
+		break;
+	case L_KEY_RSA_RAW:
+		ret = "raw";
 		break;
 	}
 
@@ -437,14 +426,99 @@ static ssize_t eds_common(struct l_key *key,
 				len_out);
 }
 
+static void getrandom_nonzero(uint8_t *buf, int len)
+{
+	l_getrandom(buf, len);
+
+	while (len--) {
+		while (buf[0] == 0)
+			l_getrandom(buf, 1);
+
+		buf++;
+	}
+}
+
+/* PKCS#1 v1.5 RSA padding according to RFC3447 */
+static uint8_t *pad(const uint8_t *in, size_t len_in, size_t len_out,
+			uint8_t flag, bool randfill)
+{
+	size_t fill_len;
+	uint8_t *padded;
+
+	if (len_in > len_out - 11)
+		return NULL;
+
+	padded = l_malloc(len_out);
+	fill_len = len_out - len_in - 3;
+
+	padded[0] = 0x00;
+	padded[1] = flag;
+
+	if (randfill)
+		getrandom_nonzero(padded + 2, fill_len);
+	else
+		memset(padded + 2, 0xff, fill_len);
+
+	padded[fill_len + 2] = 0x00;
+	memcpy(padded + fill_len + 3, in, len_in);
+
+	return padded;
+}
+
+static ssize_t unpad(uint8_t *in, uint8_t *out, size_t len_in, size_t len_out,
+			uint8_t flag, bool randfill)
+{
+	size_t pos;
+	ssize_t unpad_len;
+
+	if (in[0] != 0x00 || in[1] != flag)
+		return -EINVAL;
+
+	if (randfill)
+		for (pos = 2; pos < len_in && in[pos] != 0x00; pos++);
+	else
+		for (pos = 2; pos < len_in && in[pos] == 0xff; pos++);
+
+	if (pos < 10 || pos == len_in)
+		return -EINVAL;
+
+	pos++;
+	unpad_len = len_in - pos;
+
+	if (out) {
+		if ((size_t)unpad_len > len_out)
+			return -EINVAL;
+
+		memcpy(out, in + pos, unpad_len);
+	}
+
+	return unpad_len;
+}
+
 LIB_EXPORT ssize_t l_key_encrypt(struct l_key *key,
 					enum l_key_cipher_type cipher,
 					enum l_checksum_type checksum,
 					const void *in, void *out,
 					size_t len_in, size_t len_out)
 {
-	return eds_common(key, cipher, checksum, in, out, len_in, len_out,
+	uint8_t *padded = NULL;
+	ssize_t ret_len;
+
+	if (cipher == L_KEY_RSA_PKCS1_V1_5) {
+		padded = pad(in, len_in, len_out, 0x02, true);
+		if (!padded)
+			return -EOVERFLOW;
+
+		cipher = L_KEY_RSA_RAW;
+	}
+
+	ret_len = eds_common(key, cipher, checksum, padded ?: in, out,
+				padded ? len_out : len_in, len_out,
 				KEYCTL_PKEY_ENCRYPT);
+
+	l_free(padded);
+
+	return ret_len;
 }
 
 LIB_EXPORT ssize_t l_key_decrypt(struct l_key *key,
@@ -453,8 +527,25 @@ LIB_EXPORT ssize_t l_key_decrypt(struct l_key *key,
 					const void *in, void *out,
 					size_t len_in, size_t len_out)
 {
-	return eds_common(key, cipher, checksum, in, out, len_in, len_out,
-				KEYCTL_PKEY_DECRYPT);
+	uint8_t *padded = NULL;
+	ssize_t ret_len;
+
+	if (cipher == L_KEY_RSA_PKCS1_V1_5)
+		padded = l_malloc(len_in);
+
+	ret_len = eds_common(key, cipher, checksum, in, padded ?: out, len_in,
+				padded ? len_in : len_out, KEYCTL_PKEY_DECRYPT);
+
+	if (ret_len < 0)
+		goto done;
+
+	if (padded)
+		ret_len = unpad(padded, out, ret_len, len_out, 0x02, true);
+
+done:
+	l_free(padded);
+
+	return ret_len;
 }
 
 LIB_EXPORT ssize_t l_key_sign(struct l_key *key,
@@ -462,8 +553,24 @@ LIB_EXPORT ssize_t l_key_sign(struct l_key *key,
 				enum l_checksum_type checksum, const void *in,
 				void *out, size_t len_in, size_t len_out)
 {
-	return eds_common(key, cipher, checksum, in, out, len_in, len_out,
+	uint8_t *padded = NULL;
+	ssize_t ret_len;
+
+	if (cipher == L_KEY_RSA_PKCS1_V1_5) {
+		padded = pad(in, len_in, len_out, 0x01, false);
+		if (!padded)
+			return -EOVERFLOW;
+
+		cipher = L_KEY_RSA_RAW;
+	}
+
+	ret_len = eds_common(key, cipher, checksum, padded ?: in, out,
+				padded ? len_out : len_in, len_out,
 				KEYCTL_PKEY_SIGN);
+
+	l_free(padded);
+
+	return ret_len;
 }
 
 LIB_EXPORT bool l_key_verify(struct l_key *key,
@@ -472,16 +579,51 @@ LIB_EXPORT bool l_key_verify(struct l_key *key,
 				const void *sig, size_t len_data,
 				size_t len_sig)
 {
-	long result;
+	enum l_key_cipher_type kernel_cipher;
+	ssize_t hash_len;
+	uint8_t *compare_hash;
+	bool success = false;
+	uint8_t *sig_hash = l_malloc(len_sig);
 
-	if (unlikely(!key))
-		return false;
+	/* The keyctl verify implementation compares the verify results
+	 * before we get a chance to unpad it. Instead, use the *encrypt*
+	 * operation (which uses the same math as verify) to get the hash
+	 * returned to us so it can be unpadded before comparing
+	 */
+	if (cipher == L_KEY_RSA_PKCS1_V1_5)
+		kernel_cipher = L_KEY_RSA_RAW;
+	else
+		kernel_cipher = cipher;
+
+	hash_len = eds_common(key, kernel_cipher, checksum, sig, sig_hash,
+				len_sig, len_sig, KEYCTL_PKEY_ENCRYPT);
+
+	if (hash_len < 0) {
+		success = false;
+		goto done;
+	}
+
+	compare_hash = sig_hash;
+
+	if (cipher == L_KEY_RSA_PKCS1_V1_5) {
+		ssize_t unpad_len;
+
+		unpad_len = unpad(sig_hash, NULL, hash_len, 0, 0x01, false);
+		if (unpad_len < 0) {
+			success = false;
+			goto done;
+		}
+
+		compare_hash += hash_len - unpad_len;
+		hash_len = unpad_len;
+	}
 
-	result = kernel_key_verify(key->serial, lookup_cipher(cipher),
-					lookup_checksum(checksum), data, sig,
-					len_data, len_sig);
+	success = (len_data == (size_t)hash_len) &&
+		(memcmp(data, compare_hash, hash_len) == 0);
+done:
+	l_free(sig_hash);
 
-	return result == 0;
+	return success;
 }
 
 LIB_EXPORT struct l_keyring *l_keyring_new(enum l_keyring_type type,
diff --git a/ell/key.h b/ell/key.h
index 4cd6cfe..ff4b543 100644
--- a/ell/key.h
+++ b/ell/key.h
@@ -47,6 +47,7 @@ enum l_keyring_type {
 
 enum l_key_cipher_type {
 	L_KEY_RSA_PKCS1_V1_5,
+	L_KEY_RSA_RAW,
 };
 
 struct l_key *l_key_new(enum l_key_type type, const void *payload,
-- 
2.10.0

[PATCH 7/9] unit: Update key crypto unit test to remove hash usage

[Mat Martineau]

[-- Attachment #1: Type: text/plain, Size: 6527 bytes --]

---
 unit/test-key.c | 87 ++++++++++++++++++++++++++-------------------------------
 1 file changed, 40 insertions(+), 47 deletions(-)

diff --git a/unit/test-key.c b/unit/test-key.c
index bd3e72f..80a1916 100644
--- a/unit/test-key.c
+++ b/unit/test-key.c
@@ -442,37 +442,37 @@ static uint8_t reference_ciphertext[256] = {
 };
 
 /* Reference signature:
- * $ openssl dgst -sha256 -sign cert-client-key.pem -out reference_signature \
- * > good_plaintext
+ * $ openssl rsautl -sign -pkcs -in good_plaintext -inkey cert-client-key.pem \
+ * -out reference_signature
  * $ xxd -i reference_signature
  *
- * where reference_plaintext is a file containing the 183 characters of
+ * where good_plaintext is a file containing the 183 characters of
  * plaintext[] (above).
  */
 
 uint8_t reference_signature[256] = {
-	0x39, 0xaf, 0x0d, 0x23, 0x33, 0xcc, 0x48, 0xed, 0xc3, 0x15, 0x9e, 0xb9,
-	0xd3, 0x53, 0xe0, 0x0c, 0xea, 0x45, 0x65, 0xa7, 0x82, 0x8f, 0x4b, 0xfc,
-	0x5e, 0xd3, 0xc9, 0x10, 0xf5, 0xc6, 0x56, 0x3a, 0x0e, 0x60, 0xde, 0x01,
-	0xac, 0xb6, 0xf8, 0xc7, 0xe3, 0x60, 0xd1, 0xec, 0x4f, 0x38, 0x36, 0x42,
-	0xab, 0xf5, 0x90, 0xd6, 0xd8, 0x8b, 0x8a, 0x1c, 0x1a, 0xda, 0xec, 0x10,
-	0xd2, 0xec, 0x8a, 0x77, 0x9f, 0xcf, 0x25, 0x48, 0x13, 0xdf, 0xd0, 0xb1,
-	0xaf, 0x12, 0x55, 0xa0, 0x1a, 0xda, 0x8a, 0x60, 0xbf, 0x10, 0xcf, 0x02,
-	0xae, 0x3e, 0x7c, 0x01, 0x3f, 0x9d, 0xf4, 0xfb, 0x4b, 0x2c, 0x99, 0x7d,
-	0x0e, 0x06, 0xd5, 0x1e, 0x94, 0x38, 0x08, 0x18, 0x62, 0xb1, 0x73, 0x49,
-	0xae, 0x9f, 0x0e, 0x3b, 0x40, 0x48, 0x7f, 0x73, 0x73, 0xe0, 0x5c, 0xdf,
-	0xed, 0xb0, 0xf5, 0x9a, 0xbe, 0xa0, 0xff, 0x3f, 0x70, 0xe6, 0xe4, 0xf4,
-	0x99, 0x1a, 0x79, 0x1d, 0x76, 0x38, 0x8a, 0xae, 0x04, 0xba, 0x9a, 0xf7,
-	0x5e, 0x58, 0x5f, 0x4f, 0x86, 0x4b, 0x89, 0x2f, 0x6c, 0xf7, 0xf0, 0x42,
-	0x5e, 0x2f, 0x01, 0x6f, 0xb4, 0x7e, 0x7e, 0xa8, 0xeb, 0xa4, 0x7b, 0x03,
-	0x63, 0x61, 0x26, 0x1d, 0xc1, 0xba, 0xfa, 0xf3, 0xa9, 0xa4, 0xb1, 0x7e,
-	0x0a, 0x2f, 0x22, 0x30, 0x48, 0x16, 0xfb, 0x25, 0x13, 0x67, 0x86, 0x98,
-	0x39, 0x88, 0x31, 0x78, 0xb4, 0xfb, 0xe3, 0xa0, 0x2e, 0x5c, 0x97, 0xdd,
-	0xfa, 0xe1, 0xd8, 0x3e, 0xd2, 0x9f, 0x33, 0xa4, 0x65, 0xc8, 0x34, 0xa5,
-	0xe7, 0x57, 0x9a, 0xae, 0x97, 0x93, 0x17, 0xa4, 0x72, 0x85, 0x83, 0xc9,
-	0x64, 0x62, 0x58, 0xbf, 0x3b, 0xb4, 0xb8, 0x1f, 0x5c, 0xd5, 0x9a, 0x3f,
-	0x3a, 0xf8, 0xe1, 0x2d, 0x6a, 0xf3, 0x0c, 0x20, 0x6e, 0x87, 0xa6, 0xc8,
-	0xf4, 0x8e, 0x18, 0x07
+	0xd9, 0x4b, 0x60, 0x5c, 0x20, 0x0d, 0xe1, 0x21, 0x1b, 0x97, 0xcf, 0x7c,
+	0xb6, 0x19, 0xf7, 0xbc, 0x5e, 0xf9, 0x0b, 0xaf, 0x71, 0xa3, 0x52, 0x30,
+	0xbf, 0xf9, 0xb6, 0x71, 0x20, 0xfb, 0x26, 0x9e, 0xb2, 0x1c, 0x98, 0x79,
+	0x8e, 0xee, 0xd7, 0xbf, 0x9b, 0x4b, 0xd2, 0xd0, 0xc7, 0xd1, 0xb2, 0x9e,
+	0xf2, 0x7c, 0xa9, 0xb2, 0x1d, 0x57, 0x96, 0xcc, 0xb2, 0x12, 0x47, 0x3b,
+	0xaf, 0xca, 0xa4, 0x96, 0xdd, 0xbf, 0x58, 0xd0, 0x9e, 0xdf, 0x27, 0x73,
+	0x53, 0x78, 0xc5, 0xa0, 0x9e, 0x73, 0xd7, 0x7b, 0x78, 0x1b, 0xbe, 0x17,
+	0x5b, 0x34, 0x1d, 0x05, 0x26, 0xbd, 0x15, 0x82, 0x7f, 0x4a, 0xe1, 0xe1,
+	0xc4, 0x19, 0xeb, 0x08, 0xdb, 0xca, 0x2b, 0x66, 0x6a, 0x6d, 0xd6, 0x77,
+	0x06, 0x55, 0xb0, 0x6d, 0xe2, 0x44, 0xdf, 0x9f, 0x6f, 0xd6, 0x15, 0xe0,
+	0xe5, 0xa9, 0xd1, 0x8a, 0xc4, 0xdd, 0x03, 0xb3, 0xfa, 0x61, 0xeb, 0xed,
+	0xc8, 0xb8, 0x65, 0x32, 0x72, 0x38, 0x4b, 0xc8, 0x52, 0x79, 0xd4, 0x4b,
+	0x48, 0xc9, 0xc5, 0x90, 0x14, 0x27, 0xef, 0x87, 0x6b, 0x07, 0x48, 0xa9,
+	0x26, 0x44, 0x5b, 0xd9, 0x93, 0xd8, 0x00, 0x55, 0xc0, 0xa3, 0x0d, 0xf7,
+	0x42, 0x12, 0x7b, 0x3c, 0x79, 0xc2, 0x3c, 0x2b, 0xf4, 0x66, 0xb0, 0x84,
+	0xb0, 0x2f, 0x69, 0xd5, 0x32, 0xad, 0x78, 0xee, 0xcc, 0xc7, 0xdf, 0x0b,
+	0xdd, 0x31, 0xa8, 0xc0, 0x93, 0x34, 0xe6, 0x47, 0xa9, 0x0f, 0x71, 0x2d,
+	0x0e, 0x58, 0x51, 0x64, 0x40, 0x5b, 0x02, 0x4c, 0x15, 0xc9, 0x93, 0x3b,
+	0x2f, 0x3f, 0x28, 0x2c, 0xaf, 0x70, 0x20, 0x9e, 0xc3, 0x50, 0xca, 0x28,
+	0x6a, 0xce, 0x29, 0x39, 0x50, 0x99, 0xda, 0x97, 0xc3, 0x9e, 0x00, 0x3f,
+	0xbb, 0x60, 0x4d, 0xf0, 0x6a, 0x5c, 0xc8, 0x81, 0x95, 0x32, 0x5f, 0x02,
+	0xfe, 0x1a, 0x1a, 0x6e
 };
 
 static void test_key_crypto(const void *data)
@@ -488,10 +488,8 @@ static void test_key_crypto(const void *data)
 	bool success;
 	uint8_t ciphertext[256];
 	uint8_t decrypted[256];
-	uint8_t msghash[32];
 	ssize_t len;
-	struct l_checksum *checksum;
-	int hash = L_CHECKSUM_SHA256;
+	int hash = L_CHECKSUM_NONE;
 	int rsa = L_KEY_RSA_PKCS1_V1_5;
 
 	cert = l_pem_load_private_key(TESTDATADIR "/cert-client-key-pkcs8.pem",
@@ -555,37 +553,32 @@ static void test_key_crypto(const void *data)
 				sizeof(decrypted));
 	assert(len < 0);
 
-	checksum = l_checksum_new(L_CHECKSUM_SHA256);
-	assert(checksum);
-	l_checksum_update(checksum, plaintext, strlen(plaintext));
-	l_checksum_get_digest(checksum, msghash, sizeof(msghash));
-	l_checksum_free(checksum);
-
 	/* Can't sign with public key */
-	len = l_key_sign(pubkey, rsa, hash, msghash, ciphertext,
-				sizeof(msghash), sizeof(ciphertext));
+	len = l_key_sign(pubkey, rsa, hash, plaintext, ciphertext,
+				strlen(plaintext), sizeof(ciphertext));
 	assert(len < 0);
 
-	len = l_key_sign(key, rsa, hash, msghash, ciphertext, sizeof(msghash),
-				sizeof(ciphertext));
+	len = l_key_sign(key, rsa, hash, plaintext, ciphertext,
+				strlen(plaintext), sizeof(ciphertext));
 	assert(len == sizeof(ciphertext));
 
-	success = l_key_verify(pubkey, rsa, hash, msghash, ciphertext,
-				sizeof(msghash), sizeof(ciphertext));
+	success = l_key_verify(pubkey, rsa, hash, plaintext, ciphertext,
+				strlen(plaintext), sizeof(ciphertext));
 	assert(success);
 
-	success = l_key_verify(key, rsa, hash, msghash, ciphertext,
-				sizeof(msghash), sizeof(ciphertext));
+	success = l_key_verify(key, rsa, hash, plaintext, ciphertext,
+				strlen(plaintext), sizeof(ciphertext));
 	assert(success);
 
-	success = l_key_verify(pubkey, rsa, hash, msghash, reference_signature,
-				sizeof(msghash), sizeof(reference_signature));
+	success = l_key_verify(pubkey, rsa, hash, plaintext,
+				reference_signature, strlen(plaintext),
+				sizeof(reference_signature));
 	assert(success);
 
 	/* Corrupt signature */
-	msghash[10] = msghash[10] ^ (uint8_t)0xFF;
-	success = l_key_verify(key, rsa, hash, msghash, ciphertext,
-				sizeof(msghash), sizeof(ciphertext));
+	ciphertext[42] = ciphertext[52] ^ (uint8_t)0xFF;
+	success = l_key_verify(key, rsa, hash, plaintext, ciphertext,
+				strlen(plaintext), sizeof(ciphertext));
 	assert(!success);
 
 	l_key_free(key);
-- 
2.10.0

[PATCH 8/9] key: Use consistent checksum arg name for l_key_get_info()

[Mat Martineau]

[-- Attachment #1: Type: text/plain, Size: 747 bytes --]

---
 ell/key.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/ell/key.c b/ell/key.c
index 24c42a2..c7ee329 100644
--- a/ell/key.c
+++ b/ell/key.c
@@ -366,14 +366,15 @@ static const char *lookup_checksum(enum l_checksum_type checksum)
 }
 
 bool l_key_get_info(struct l_key *key, enum l_key_cipher_type cipher,
-			enum l_checksum_type hash, size_t *bits,
+			enum l_checksum_type checksum, size_t *bits,
 			bool *public)
 {
 	if (unlikely(!key))
 		return false;
 
 	return !kernel_query_key(key->serial, lookup_cipher(cipher),
-					lookup_checksum(hash), bits, public);
+					lookup_checksum(checksum), bits,
+					public);
 }
 
 static bool compute_common(struct l_key *base,
-- 
2.10.0

[PATCH 9/9] key: Check for supported checksum types

[Mat Martineau]

[-- Attachment #1: Type: text/plain, Size: 2436 bytes --]

The TLS code currently handles digest info for PKCS1, and the key API's
use of the keyctl syscall doesn't currently use the kernel's PKCS1
functionality, so make it clear that only L_CHECKSUM_NONE is supported
for now.
---

The other alternative to this is removing the checksum args
altogether. I opted to leave those args in place since it's a reasonable
piece of (future) functionality and we can avoid API churn.


 ell/key.c | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/ell/key.c b/ell/key.c
index c7ee329..ad88d81 100644
--- a/ell/key.c
+++ b/ell/key.c
@@ -372,6 +372,10 @@ bool l_key_get_info(struct l_key *key, enum l_key_cipher_type cipher,
 	if (unlikely(!key))
 		return false;
 
+	/* Other checksum types are not yet supported */
+	if (checksum != L_CHECKSUM_NONE)
+		return false;
+
 	return !kernel_query_key(key->serial, lookup_cipher(cipher),
 					lookup_checksum(checksum), bits,
 					public);
@@ -505,6 +509,10 @@ LIB_EXPORT ssize_t l_key_encrypt(struct l_key *key,
 	uint8_t *padded = NULL;
 	ssize_t ret_len;
 
+	/* Other checksum types are not yet supported */
+	if (checksum != L_CHECKSUM_NONE)
+		return -EINVAL;
+
 	if (cipher == L_KEY_RSA_PKCS1_V1_5) {
 		padded = pad(in, len_in, len_out, 0x02, true);
 		if (!padded)
@@ -531,6 +539,10 @@ LIB_EXPORT ssize_t l_key_decrypt(struct l_key *key,
 	uint8_t *padded = NULL;
 	ssize_t ret_len;
 
+	/* Other checksum types are not yet supported */
+	if (checksum != L_CHECKSUM_NONE)
+		return -EINVAL;
+
 	if (cipher == L_KEY_RSA_PKCS1_V1_5)
 		padded = l_malloc(len_in);
 
@@ -557,6 +569,10 @@ LIB_EXPORT ssize_t l_key_sign(struct l_key *key,
 	uint8_t *padded = NULL;
 	ssize_t ret_len;
 
+	/* Other checksum types are not yet supported */
+	if (checksum != L_CHECKSUM_NONE)
+		return -EINVAL;
+
 	if (cipher == L_KEY_RSA_PKCS1_V1_5) {
 		padded = pad(in, len_in, len_out, 0x01, false);
 		if (!padded)
@@ -586,6 +602,10 @@ LIB_EXPORT bool l_key_verify(struct l_key *key,
 	bool success = false;
 	uint8_t *sig_hash = l_malloc(len_sig);
 
+	/* Other checksum types are not yet supported */
+	if (checksum != L_CHECKSUM_NONE)
+		return -EINVAL;
+
 	/* The keyctl verify implementation compares the verify results
 	 * before we get a chance to unpad it. Instead, use the *encrypt*
 	 * operation (which uses the same math as verify) to get the hash
-- 
2.10.0

Re: [PATCH 1/9] unit: Remove asymmetric cipher tests

[Denis Kenzior]

[-- Attachment #1: Type: text/plain, Size: 400 bytes --]

Hi Mat,

On 09/23/2016 06:02 PM, Mat Martineau wrote:
> The RSA cipher is tested by test-key, using the keyctl crypto calls.
> AF_ALG akcipher is not expected to get merged in the mainline kernel.
> ---
>   unit/test-cipher.c | 119 -----------------------------------------------------
>   1 file changed, 119 deletions(-)
>

All 9 patches have been applied, thanks.

Regards,
-Denis