summaryrefslogtreecommitdiffstats
path: root/src/crypto
Commit message (Collapse)AuthorAgeFilesLines
* [ocsp] Accept response certID with missing hashAlgorithm parametersMichael Brown2019-03-101-12/+30
| | | | | | | | | | | | | | | | | | One of the design goals of ASN.1 DER is to provide a canonical serialization of a data structure, thereby allowing for equality of values to be tested by simply comparing the serialized bytes. Some OCSP servers will modify the request certID to omit the optional (and null) "parameters" portion of the hashAlgorithm. This is arguably legal but breaks the ability to perform a straightforward bitwise comparison on the entire certID field between request and response. Fix by comparing the OID-identified hashAlgorithm separately from the remaining certID fields. Originally-fixed-by: Thilo Fromm <Thilo@kinvolk.io> Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [init] Show startup and shutdown function names in debug messagesMichael Brown2019-01-252-0/+2
| | | | Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [rng] Use fixed-point calculations for min-entropy quantitiesMichael Brown2018-03-201-2/+3
| | | | | | | | | | | | | | We currently perform various min-entropy calculations using build-time floating-point arithmetic. No floating-point code ends up in the final binary, since the results are eventually converted to integers and asserted to be compile-time constants. Though this mechanism is undoubtedly cute, it inhibits us from using "-mno-sse" to prevent the use of SSE registers by the compiler. Fix by using fixed-point arithmetic instead. Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [ocsp] Centralise test for whether or not an OCSP check is requiredMichael Brown2018-03-181-2/+2
| | | | Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [ntlm] Add support for NTLM authentication mechanismMichael Brown2017-11-121-0/+334
| | | | Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [crypto] Add MD4 message digest algorithmMichael Brown2017-11-121-0/+280
| | | | Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [crypto] Eliminate repetitions in MD5 round constant tableMichael Brown2017-11-121-7/+10
| | | | Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [crypto] Fix endianness typo in commentMichael Brown2017-11-121-1/+1
| | | | Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [crypto] Expose asn1_grow()Michael Brown2017-06-201-1/+1
| | | | Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [crypto] Expose RSA_CTX_SIZE constantMichael Brown2017-06-201-1/+1
| | | | Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [crypto] Mark permanent certificates as permanentMichael Brown2016-08-311-0/+1
| | | | Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [crypto] Add certstat() to display basic certificate informationMichael Brown2016-08-311-2/+2
| | | | Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [crypto] Allow certificates to be marked as having been added explicitlyMichael Brown2016-08-311-4/+19
| | | | | | | | Allow certificates to be marked as having been added explicitly at run time. Such certificates will not be discarded via the certificate store cache discarder. Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [crypto] Expose certstore_del() to explicitly remove stored certificatesMichael Brown2016-08-311-4/+15
| | | | Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [crypto] Generalise X.509 "valid" field to a "flags" fieldMichael Brown2016-08-252-5/+5
| | | | Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [crypto] Add image_x509() to extract X.509 certificates from imageMichael Brown2016-08-251-0/+42
| | | | Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [crypto] Enable both DER and PEM formats by defaultMichael Brown2016-07-291-0/+42
| | | | | | | | | | Enable both IMAGE_DER and IMAGE_PEM by default, and drag in the relevant objects only when image_asn1() is present in the binary. This allows "imgverify" to transparently use either DER or PEM signature files. Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [crypto] Allow for parsing of partial ASN.1 cursorsMichael Brown2016-07-281-6/+7
| | | | | | | | | Allow code to create a partial ASN.1 cursor containing only the type and length bytes, so that asn1_start() may be used to determine the length of a large ASN.1 blob without first allocating memory to hold the entire blob. Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [arm] Avoid instruction references to symbols defined via ".equ"Michael Brown2016-05-081-2/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | When building for 64-bit ARM, some symbol references may be resolved via an "adrp" instruction (to obtain the start of the 4kB page containing the symbol) and a separate 12-bit offset. For example (taken from the GNU assembler documentation): adrp x0, foo ldr x0, [x0, #:lo12:foo] We occasionally refer to symbols defined via mechanisms that are not directly visible to gcc. For example: extern char some_magic_symbol[]; __asm__ ( ".equ some_magic_symbol, some_magic_expression" ); The subsequent use of the ":lo12:" prefix on such magically-defined symbols triggers an assertion failure in the assembler. This problem seems to affect only "private_key_len" in the current codebase. Fix by storing this value as static data; this avoids the need to provide the value as a literal within the instruction stream, and so avoids the problematic use of the ":lo12:" prefix. Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [crypto] Allow trusted certificates to be stored in non-volatile optionsMichael Brown2016-03-201-3/+7
| | | | | | | | | | | | | | | | | | | The intention of the existing code (as documented in its own comments) is that it should be possible to override the list of trusted root certificates using a "trust" setting held in non-volatile stored options. However, the rootcert_init() function currently executes before any devices have been probed, and so will not be able to retrieve any such non-volatile stored options. Fix by executing rootcert_init() only after devices have been probed. Since startup functions may be executed multiple times (unlike initialisation functions), add an explicit flag to preserve the property that rootcert_init() should run only once. As before, if an explicit root of trust is specified at build time, then any runtime "trust" setting will be ignored. Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [build] Allow assembler section type character to vary by architectureMichael Brown2016-03-132-2/+2
| | | | | | | | | | | | | | | On some architectures (such as ARM) the "@" character is used as a comment delimiter. A section type argument such as "@progbits" therefore becomes "%progbits". This is further complicated by the fact that the "%" character has special meaning for inline assembly when input or output operands are used, in which cases "@progbits" becomes "%%progbits". Allow the section type character(s) to be defined via Makefile variables. Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [crypto] Allow for zero-length ASN.1 cursorsMichael Brown2016-03-111-12/+0Star
| | | | | | | | | | | | | The assumption in asn1_type() that an ASN.1 cursor will always contain a type byte is incorrect. A cursor that has been cleanly invalidated via asn1_invalidate_cursor() will contain a type byte, but there are other ways in which to arrive at a zero-length cursor. Fix by explicitly checking the cursor length in asn1_type(). This allows asn1_invalidate_cursor() to be reduced to simply zeroing the length field. Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [ocsp] Avoid including a double path separator in request URIMichael Brown2016-01-211-28/+26Star
| | | | | | | | | | | | | The OCSP responder URI included within an X.509 certificate may or may not include a trailing slash. We currently rely on the fact that format_uri() incorrectly inserts an initial slash, which we include unconditionally within the OCSP request URI. Switch to using uri_encode() directly, and insert a slash only if the X.509 certificate's OCSP responder URI does not already include a trailing slash. Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [crypto] Dual-license more selected DRBG filesMichael Brown2016-01-041-0/+12
| | | | | | | | Allow the use of the iPXE DRBG implementation in BSD-licensed projects. Requested-by: Sean Davis <dive@hq.endersgame.net> Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [crypto] Dual-license selected DRBG filesMichael Brown2015-12-314-0/+48
| | | | | | | | Allow the use of the iPXE DRBG implementation in BSD-licensed projects. Requested-by: Sean Davis <dive@hq.endersgame.net> Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [crypto] Support SHA-{224,384,512} in X.509 certificatesMichael Brown2015-08-0210-72/+460
| | | | | | | | | Add support for SHA-224, SHA-384, and SHA-512 as digest algorithms in X.509 certificates, and allow the choice of public-key, cipher, and digest algorithms to be configured at build time via config/crypto.h. Originally-implemented-by: Tufan Karadere <tufank@gmail.com> Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [build] Fix strict-aliasing warning on older gcc versionsMichael Brown2015-07-281-4/+8
| | | | | | Reported-by: James A. Peltier <jpeltier@sfu.ca> Reported-by: Matthew Helton <mwhelton@gmail.com> Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [crypto] Remove AXTLS headersMichael Brown2015-07-275-526/+0Star
| | | | | | | | Remove AXTLS headers now that no AXTLS code remains, with many thanks to the AXTLS project for use of their cryptography code over the past several years. Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [crypto] Replace AES implementationMichael Brown2015-07-273-622/+804
| | | | | | | | | Replace the AES implementation from AXTLS with a dedicated iPXE implementation which is slightly smaller and around 1000% faster. This implementation has been verified using the existing self-tests based on the NIST AES test vectors. Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [crypto] Add ECB block cipher mode (for debug and self-tests only)Michael Brown2015-07-272-1/+86
| | | | Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [base64] Add buffer size parameter to base64_encode() and base64_decode()Michael Brown2015-04-241-1/+1
| | | | Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [base16] Add buffer size parameter to base16_encode() and base16_decode()Michael Brown2015-04-241-1/+2
| | | | | | | | | | | | | | The current API for Base16 (and Base64) encoding requires the caller to always provide sufficient buffer space. This prevents the use of the generic encoding/decoding functionality in some situations, such as in formatting the hex setting types. Implement a generic hex_encode() (based on the existing format_hex_setting()), implement base16_encode() and base16_decode() in terms of the more generic hex_encode() and hex_decode(), and update all callers to provide the additional buffer length parameter. Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [crypto] Add SHA-512/224 algorithmMichael Brown2015-04-121-0/+83
| | | | | | | | | | SHA-512/224 is almost identical to SHA-512, with differing initial hash values and a truncated output length. This implementation has been verified using the NIST SHA-512/224 test vectors. Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [crypto] Add SHA-512/256 algorithmMichael Brown2015-04-121-0/+83
| | | | | | | | | | SHA-512/256 is almost identical to SHA-512, with differing initial hash values and a truncated output length. This implementation has been verified using the NIST SHA-512/256 test vectors. Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [crypto] Add SHA-384 algorithmMichael Brown2015-04-121-0/+82
| | | | | | | | | | SHA-384 is almost identical to SHA-512, with differing initial hash values and a truncated output length. This implementation has been verified using the NIST SHA-384 test vectors. Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [crypto] Add SHA-512 algorithmMichael Brown2015-04-122-4/+307
| | | | | | | This implementation has been verified using the NIST SHA-512 test vectors. Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [crypto] Add SHA-224 algorithmMichael Brown2015-04-122-13/+118
| | | | | | | | | | SHA-224 is almost identical to SHA-256, with differing initial hash values and a truncated output length. This implementation has been verified using the NIST SHA-224 test vectors. Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [build] Fix the REQUIRE_SYMBOL mechanismMichael Brown2015-03-051-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | At some point in the past few years, binutils became more aggressive at removing unused symbols. To function as a symbol requirement, a relocation record must now be in a section marked with @progbits and must not be in a section which gets discarded during the link (either via --gc-sections or via /DISCARD/). Update REQUIRE_SYMBOL() to generate relocation records meeting these criteria. To minimise the impact upon the final binary size, we use existing symbols (specified via the REQUIRING_SYMBOL() macro) as the relocation targets where possible. We use R_386_NONE or R_X86_64_NONE relocation types to prevent any actual unwanted relocation taking place. Where no suitable symbol exists for REQUIRING_SYMBOL() (such as in config.c), the macro PROVIDE_REQUIRING_SYMBOL() can be used to generate a one-byte-long symbol to act as the relocation target. If there are versions of binutils for which this approach fails, then the fallback will probably involve killing off REQUEST_SYMBOL(), redefining REQUIRE_SYMBOL() to use the current definition of REQUEST_SYMBOL(), and postprocessing the linked ELF file with something along the lines of "nm -u | wc -l" to check that there are no undefined symbols remaining. Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [legal] Relicense files under GPL2_OR_LATER_OR_UBDLMichael Brown2015-03-0223-23/+115
| | | | | | | Relicense files for which I am the sole author (as identified by util/relicense.pl). Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [crypto] Fix parsing of OCSP responder ID key hashMichael Brown2014-11-241-3/+8
| | | | | | | | | | | | | | | | | | | | We currently compare the entirety of the KeyHash object (including the ASN.1 tag and length byte) against the raw SHA-1 hash of the certificate's public key. This causes OCSP validation to fail for any responses which identify the responder by key hash rather than by name, and hence prevents the use of X.509 certificates where any certificate in the chain has an OCSP responder which chooses to identify itself via its key hash. Fix by adding the missing asn1_enter() required to enter the ASN.1 octet string containing the key hash. Also add a corresponding test case including an OCSP response where the responder is identified by key hash, to ensure that this functionality cannot be broken in future. Debugged-by: Brian Rak <brak@gameservers.com> Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [crypto] Fix debug messageMichael Brown2014-07-121-1/+1
| | | | Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [crypto] Add support for iPAddress subject alternative namesMichael Brown2014-07-111-0/+55
| | | | | Originally-implemented-by: Jarrod Johnson <jarrod.b.johnson@gmail.com> Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [crypto] Allow wildcard matches on commonName as well as subjectAltNameMichael Brown2014-04-011-10/+8Star
| | | | Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [crypto] Add support for subjectAltName and wildcard certificatesMichael Brown2014-03-311-8/+132
| | | | | Originally-implemented-by: Alex Chernyakhovsky <achernya@google.com> Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [crypto] Allow signed timestamp error margin to be configured at build timeMichael Brown2014-03-302-4/+6
| | | | Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [crypto] Use fingerprint when no common name is available for debug messagesMichael Brown2014-03-281-4/+14
| | | | Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [crypto] Generalise X.509 cache to a full certificate storeMichael Brown2014-03-285-238/+437
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Expand the concept of the X.509 cache to provide the functionality of a certificate store. Certificates in the store will be automatically used to complete certificate chains where applicable. The certificate store may be prepopulated at build time using the CERT=... build command line option. For example: make bin/ipxe.usb CERT=mycert1.crt,mycert2.crt Certificates within the certificate store are not implicitly trusted; the trust list is specified using TRUST=... as before. For example: make bin/ipxe.usb CERT=root.crt TRUST=root.crt This can be used to embed the full trusted root certificate within the iPXE binary, which is potentially useful in an HTTPS-only environment in which there is no HTTP server from which to automatically download cross-signed certificates or other certificate chain fragments. This usage of CERT= extends the existing use of CERT= to specify the client certificate. The client certificate is now identified automatically by checking for a match against the private key. For example: make bin/ipxe.usb CERT=root.crt,client.crt TRUST=root.crt KEY=client.key Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [crypto] Add pubkey_match() to check for matching public/private key pairsMichael Brown2014-03-271-26/+89
| | | | Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [crypto] Remove dynamically-allocated storage for certificate OCSP URIMichael Brown2014-03-252-33/+17Star
| | | | Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [crypto] Remove dynamically-allocated storage for certificate nameMichael Brown2014-03-253-96/+134
| | | | | | | | | | | | | | iPXE currently allocates a copy the certificate's common name as a string. This string is used by the TLS and CMS code to check certificate names against an expected name, and also appears in debugging messages. Provide a function x509_check_name() to centralise certificate name checking (in preparation for adding subjectAlternativeName support), and a function x509_name() to provide a name to be used in debugging messages, and remove the dynamically allocated string. Signed-off-by: Michael Brown <mcb30@ipxe.org>