Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[crypto] Support SHA-{224,384,512} in X.509 certificates
Add support for SHA-224, SHA-384, and SHA-512 as digest algorithms in X.509 certificates, and allow the choice of public-key, cipher, and digest algorithms to be configured at build time via config/crypto.h. Originally-implemented-by: Tufan Karadere <tufank@gmail.com> Signed-off-by: Michael Brown <mcb30@ipxe.org>
- Loading branch information
Showing
16 changed files
with
613 additions
and
146 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,76 @@ | ||
/* | ||
* This program is free software; you can redistribute it and/or | ||
* modify it under the terms of the GNU General Public License as | ||
* published by the Free Software Foundation; either version 2 of the | ||
* License, or (at your option) any later version. | ||
* | ||
* This program is distributed in the hope that it will be useful, but | ||
* WITHOUT ANY WARRANTY; without even the implied warranty of | ||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
* General Public License for more details. | ||
* | ||
* You should have received a copy of the GNU General Public License | ||
* along with this program; if not, write to the Free Software | ||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA | ||
* 02110-1301, USA. | ||
* | ||
* You can also choose to distribute this program under the terms of | ||
* the Unmodified Binary Distribution Licence (as given in the file | ||
* COPYING.UBDL), provided that you have satisfied its requirements. | ||
*/ | ||
|
||
FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); | ||
|
||
#include <config/crypto.h> | ||
|
||
/** @file | ||
* | ||
* Cryptographic configuration | ||
* | ||
* Cryptographic configuration is slightly messy since we need to drag | ||
* in objects based on combinations of build options. | ||
*/ | ||
|
||
PROVIDE_REQUIRING_SYMBOL(); | ||
|
||
/* RSA and MD5 */ | ||
#if defined ( CRYPTO_PUBKEY_RSA ) && defined ( CRYPTO_DIGEST_MD5 ) | ||
REQUIRE_OBJECT ( rsa_md5 ); | ||
#endif | ||
|
||
/* RSA and SHA-1 */ | ||
#if defined ( CRYPTO_PUBKEY_RSA ) && defined ( CRYPTO_DIGEST_SHA1 ) | ||
REQUIRE_OBJECT ( rsa_sha1 ); | ||
#endif | ||
|
||
/* RSA and SHA-224 */ | ||
#if defined ( CRYPTO_PUBKEY_RSA ) && defined ( CRYPTO_DIGEST_SHA224 ) | ||
REQUIRE_OBJECT ( rsa_sha224 ); | ||
#endif | ||
|
||
/* RSA and SHA-256 */ | ||
#if defined ( CRYPTO_PUBKEY_RSA ) && defined ( CRYPTO_DIGEST_SHA256 ) | ||
REQUIRE_OBJECT ( rsa_sha256 ); | ||
#endif | ||
|
||
/* RSA and SHA-384 */ | ||
#if defined ( CRYPTO_PUBKEY_RSA ) && defined ( CRYPTO_DIGEST_SHA384 ) | ||
REQUIRE_OBJECT ( rsa_sha384 ); | ||
#endif | ||
|
||
/* RSA and SHA-512 */ | ||
#if defined ( CRYPTO_PUBKEY_RSA ) && defined ( CRYPTO_DIGEST_SHA512 ) | ||
REQUIRE_OBJECT ( rsa_sha512 ); | ||
#endif | ||
|
||
/* RSA, AES-CBC, and SHA-1 */ | ||
#if defined ( CRYPTO_PUBKEY_RSA ) && defined ( CRYPTO_CIPHER_AES_CBC ) && \ | ||
defined ( CRYPTO_DIGEST_SHA1 ) | ||
REQUIRE_OBJECT ( rsa_aes_cbc_sha1 ); | ||
#endif | ||
|
||
/* RSA, AES-CBC, and SHA-256 */ | ||
#if defined ( CRYPTO_PUBKEY_RSA ) && defined ( CRYPTO_CIPHER_AES_CBC ) && \ | ||
defined ( CRYPTO_DIGEST_SHA256 ) | ||
REQUIRE_OBJECT ( rsa_aes_cbc_sha256 ); | ||
#endif |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
/* | ||
* Copyright (C) 2015 Michael Brown <mbrown@fensystems.co.uk>. | ||
* | ||
* This program is free software; you can redistribute it and/or | ||
* modify it under the terms of the GNU General Public License as | ||
* published by the Free Software Foundation; either version 2 of the | ||
* License, or (at your option) any later version. | ||
* | ||
* This program is distributed in the hope that it will be useful, but | ||
* WITHOUT ANY WARRANTY; without even the implied warranty of | ||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
* General Public License for more details. | ||
* | ||
* You should have received a copy of the GNU General Public License | ||
* along with this program; if not, write to the Free Software | ||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA | ||
* 02110-1301, USA. | ||
* | ||
* You can also choose to distribute this program under the terms of | ||
* the Unmodified Binary Distribution Licence (as given in the file | ||
* COPYING.UBDL), provided that you have satisfied its requirements. | ||
*/ | ||
|
||
FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); | ||
|
||
#include <byteswap.h> | ||
#include <ipxe/rsa.h> | ||
#include <ipxe/aes.h> | ||
#include <ipxe/sha1.h> | ||
#include <ipxe/tls.h> | ||
|
||
/** TLS_RSA_WITH_AES_128_CBC_SHA cipher suite */ | ||
struct tls_cipher_suite tls_rsa_with_aes_128_cbc_sha __tls_cipher_suite (03) = { | ||
.code = htons ( TLS_RSA_WITH_AES_128_CBC_SHA ), | ||
.key_len = ( 128 / 8 ), | ||
.pubkey = &rsa_algorithm, | ||
.cipher = &aes_cbc_algorithm, | ||
.digest = &sha1_algorithm, | ||
}; | ||
|
||
/** TLS_RSA_WITH_AES_256_CBC_SHA cipher suite */ | ||
struct tls_cipher_suite tls_rsa_with_aes_256_cbc_sha __tls_cipher_suite (04) = { | ||
.code = htons ( TLS_RSA_WITH_AES_256_CBC_SHA ), | ||
.key_len = ( 256 / 8 ), | ||
.pubkey = &rsa_algorithm, | ||
.cipher = &aes_cbc_algorithm, | ||
.digest = &sha1_algorithm, | ||
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
/* | ||
* Copyright (C) 2015 Michael Brown <mbrown@fensystems.co.uk>. | ||
* | ||
* This program is free software; you can redistribute it and/or | ||
* modify it under the terms of the GNU General Public License as | ||
* published by the Free Software Foundation; either version 2 of the | ||
* License, or (at your option) any later version. | ||
* | ||
* This program is distributed in the hope that it will be useful, but | ||
* WITHOUT ANY WARRANTY; without even the implied warranty of | ||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
* General Public License for more details. | ||
* | ||
* You should have received a copy of the GNU General Public License | ||
* along with this program; if not, write to the Free Software | ||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA | ||
* 02110-1301, USA. | ||
* | ||
* You can also choose to distribute this program under the terms of | ||
* the Unmodified Binary Distribution Licence (as given in the file | ||
* COPYING.UBDL), provided that you have satisfied its requirements. | ||
*/ | ||
|
||
FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); | ||
|
||
#include <byteswap.h> | ||
#include <ipxe/rsa.h> | ||
#include <ipxe/aes.h> | ||
#include <ipxe/sha256.h> | ||
#include <ipxe/tls.h> | ||
|
||
/** TLS_RSA_WITH_AES_128_CBC_SHA256 cipher suite */ | ||
struct tls_cipher_suite tls_rsa_with_aes_128_cbc_sha256 __tls_cipher_suite(01)={ | ||
.code = htons ( TLS_RSA_WITH_AES_128_CBC_SHA256 ), | ||
.key_len = ( 128 / 8 ), | ||
.pubkey = &rsa_algorithm, | ||
.cipher = &aes_cbc_algorithm, | ||
.digest = &sha256_algorithm, | ||
}; | ||
|
||
/** TLS_RSA_WITH_AES_256_CBC_SHA256 cipher suite */ | ||
struct tls_cipher_suite tls_rsa_with_aes_256_cbc_sha256 __tls_cipher_suite(02)={ | ||
.code = htons ( TLS_RSA_WITH_AES_256_CBC_SHA256 ), | ||
.key_len = ( 256 / 8 ), | ||
.pubkey = &rsa_algorithm, | ||
.cipher = &aes_cbc_algorithm, | ||
.digest = &sha256_algorithm, | ||
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,51 @@ | ||
/* | ||
* Copyright (C) 2015 Michael Brown <mbrown@fensystems.co.uk>. | ||
* | ||
* This program is free software; you can redistribute it and/or | ||
* modify it under the terms of the GNU General Public License as | ||
* published by the Free Software Foundation; either version 2 of the | ||
* License, or (at your option) any later version. | ||
* | ||
* This program is distributed in the hope that it will be useful, but | ||
* WITHOUT ANY WARRANTY; without even the implied warranty of | ||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
* General Public License for more details. | ||
* | ||
* You should have received a copy of the GNU General Public License | ||
* along with this program; if not, write to the Free Software | ||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA | ||
* 02110-1301, USA. | ||
* | ||
* You can also choose to distribute this program under the terms of | ||
* the Unmodified Binary Distribution Licence (as given in the file | ||
* COPYING.UBDL), provided that you have satisfied its requirements. | ||
*/ | ||
|
||
FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); | ||
|
||
#include <ipxe/rsa.h> | ||
#include <ipxe/md5.h> | ||
#include <ipxe/asn1.h> | ||
|
||
/** "md5WithRSAEncryption" object identifier */ | ||
static uint8_t oid_md5_with_rsa_encryption[] = | ||
{ ASN1_OID_MD5WITHRSAENCRYPTION }; | ||
|
||
/** "md5WithRSAEncryption" OID-identified algorithm */ | ||
struct asn1_algorithm md5_with_rsa_encryption_algorithm __asn1_algorithm = { | ||
.name = "md5WithRSAEncryption", | ||
.pubkey = &rsa_algorithm, | ||
.digest = &md5_algorithm, | ||
.oid = ASN1_OID_CURSOR ( oid_md5_with_rsa_encryption ), | ||
}; | ||
|
||
/** MD5 digestInfo prefix */ | ||
static const uint8_t rsa_md5_prefix_data[] = | ||
{ RSA_DIGESTINFO_PREFIX ( MD5_DIGEST_SIZE, ASN1_OID_MD5 ) }; | ||
|
||
/** MD5 digestInfo prefix */ | ||
struct rsa_digestinfo_prefix rsa_md5_prefix __rsa_digestinfo_prefix = { | ||
.digest = &md5_algorithm, | ||
.data = rsa_md5_prefix_data, | ||
.len = sizeof ( rsa_md5_prefix_data ), | ||
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,62 @@ | ||
/* | ||
* Copyright (C) 2015 Michael Brown <mbrown@fensystems.co.uk>. | ||
* | ||
* This program is free software; you can redistribute it and/or | ||
* modify it under the terms of the GNU General Public License as | ||
* published by the Free Software Foundation; either version 2 of the | ||
* License, or (at your option) any later version. | ||
* | ||
* This program is distributed in the hope that it will be useful, but | ||
* WITHOUT ANY WARRANTY; without even the implied warranty of | ||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
* General Public License for more details. | ||
* | ||
* You should have received a copy of the GNU General Public License | ||
* along with this program; if not, write to the Free Software | ||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA | ||
* 02110-1301, USA. | ||
* | ||
* You can also choose to distribute this program under the terms of | ||
* the Unmodified Binary Distribution Licence (as given in the file | ||
* COPYING.UBDL), provided that you have satisfied its requirements. | ||
*/ | ||
|
||
FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); | ||
|
||
#include <ipxe/rsa.h> | ||
#include <ipxe/sha1.h> | ||
#include <ipxe/asn1.h> | ||
#include <ipxe/tls.h> | ||
|
||
/** "sha1WithRSAEncryption" object identifier */ | ||
static uint8_t oid_sha1_with_rsa_encryption[] = | ||
{ ASN1_OID_SHA1WITHRSAENCRYPTION }; | ||
|
||
/** "sha1WithRSAEncryption" OID-identified algorithm */ | ||
struct asn1_algorithm sha1_with_rsa_encryption_algorithm __asn1_algorithm = { | ||
.name = "sha1WithRSAEncryption", | ||
.pubkey = &rsa_algorithm, | ||
.digest = &sha1_algorithm, | ||
.oid = ASN1_OID_CURSOR ( oid_sha1_with_rsa_encryption ), | ||
}; | ||
|
||
/** SHA-1 digestInfo prefix */ | ||
static const uint8_t rsa_sha1_prefix_data[] = | ||
{ RSA_DIGESTINFO_PREFIX ( SHA1_DIGEST_SIZE, ASN1_OID_SHA1 ) }; | ||
|
||
/** SHA-1 digestInfo prefix */ | ||
struct rsa_digestinfo_prefix rsa_sha1_prefix __rsa_digestinfo_prefix = { | ||
.digest = &sha1_algorithm, | ||
.data = rsa_sha1_prefix_data, | ||
.len = sizeof ( rsa_sha1_prefix_data ), | ||
}; | ||
|
||
/** RSA with SHA-1 signature hash algorithm */ | ||
struct tls_signature_hash_algorithm tls_rsa_sha1 __tls_sig_hash_algorithm = { | ||
.code = { | ||
.signature = TLS_RSA_ALGORITHM, | ||
.hash = TLS_SHA1_ALGORITHM, | ||
}, | ||
.pubkey = &rsa_algorithm, | ||
.digest = &sha1_algorithm, | ||
}; |
Oops, something went wrong.