September 2016 - ell - Ml01.01.Org

[PATCH 1/9] unit: Remove asymmetric cipher tests

by Mat Martineau

The RSA cipher is tested by test-key, using the keyctl crypto calls. AF_ALG akcipher is not expected to get merged in the mainline kernel. --- unit/test-cipher.c | 119 ----------------------------------------------------- 1 file changed, 119 deletions(-) diff --git a/unit/test-cipher.c b/unit/test-cipher.c index 12a922a..a958402 100644 --- a/unit/test-cipher.c +++ b/unit/test-cipher.c @@ -123,123 +123,6 @@ static void test_arc4(const void *data) l_cipher_free(cipher); } -/* - * openssl genrsa 1024 | openssl rsa -outform DER | xxd -i - */ -static uint8_t rsa_priv_key[] = { - 0x30, 0x82, 0x02, 0x5e, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xe1, - 0xec, 0x78, 0x3c, 0x5f, 0x62, 0x74, 0x1e, 0x6d, 0x1d, 0x44, 0xac, 0x40, - 0xb3, 0xec, 0x01, 0x96, 0x01, 0x8a, 0xfe, 0xcf, 0x5d, 0xc5, 0xe6, 0x0c, - 0x36, 0x03, 0x2c, 0x4e, 0x84, 0x8f, 0x51, 0xf3, 0xc5, 0x32, 0x4f, 0xc4, - 0x73, 0x22, 0x92, 0x30, 0x7c, 0x75, 0xd7, 0x4b, 0xae, 0xc6, 0xd0, 0x59, - 0x6b, 0xd8, 0x46, 0x79, 0xbc, 0x6a, 0x6e, 0xde, 0x27, 0x11, 0x2f, 0xde, - 0x84, 0xe3, 0x64, 0x84, 0x07, 0x82, 0x83, 0xbf, 0x90, 0xf5, 0x80, 0x6f, - 0x63, 0x3a, 0xd1, 0x74, 0xd5, 0x6d, 0x2f, 0xde, 0xdc, 0xea, 0xab, 0xe5, - 0x20, 0x7d, 0x26, 0x3e, 0x20, 0x99, 0x97, 0x41, 0x47, 0x81, 0x04, 0x7e, - 0x53, 0x5c, 0xb2, 0xa9, 0xe0, 0x3d, 0x72, 0x37, 0x85, 0xcc, 0x5c, 0xda, - 0x04, 0x96, 0xfa, 0x02, 0xc2, 0x23, 0x8b, 0x20, 0x5d, 0xe1, 0x2a, 0x69, - 0xec, 0xcd, 0xce, 0x85, 0xc2, 0xf5, 0x49, 0x02, 0x03, 0x01, 0x00, 0x01, - 0x02, 0x81, 0x81, 0x00, 0xa5, 0x31, 0x72, 0xf9, 0x32, 0x05, 0x9b, 0x42, - 0x64, 0x26, 0x72, 0x80, 0x41, 0x0f, 0x4e, 0x12, 0x1a, 0xcd, 0x26, 0x05, - 0x0b, 0x3b, 0x55, 0xe8, 0xd0, 0x24, 0xee, 0x4d, 0x07, 0x5c, 0x86, 0x2f, - 0x36, 0x3f, 0x8a, 0x7a, 0x28, 0xfa, 0xc6, 0xdc, 0x7d, 0xf7, 0x83, 0x72, - 0xd9, 0x34, 0x02, 0xcb, 0x75, 0x97, 0x15, 0x9c, 0xf2, 0x86, 0x82, 0x8c, - 0x6e, 0x83, 0xc2, 0x5d, 0x6e, 0x27, 0x5c, 0xdc, 0x52, 0xb8, 0x8d, 0xa8, - 0x0d, 0x09, 0xcf, 0x69, 0xae, 0x61, 0x0e, 0xcb, 0x6a, 0x76, 0xac, 0xdd, - 0x85, 0xda, 0x9c, 0xac, 0x2b, 0xf0, 0xf6, 0x2e, 0x2e, 0x4d, 0x9b, 0xc7, - 0x67, 0xc2, 0xfa, 0x7b, 0x0e, 0x68, 0xf7, 0x1e, 0x03, 0x28, 0xea, 0x0e, - 0x9a, 0xd6, 0xc3, 0x28, 0x3d, 0xde, 0x11, 0x26, 0xb1, 0x95, 0xf6, 0x10, - 0x2f, 0x81, 0xa5, 0x60, 0x2c, 0x4f, 0x37, 0x5c, 0x2a, 0xd2, 0x30, 0x01, - 0x02, 0x41, 0x00, 0xf2, 0x80, 0xa2, 0x57, 0x5c, 0xe0, 0x41, 0x82, 0x00, - 0xac, 0x0b, 0xbd, 0xad, 0x98, 0x04, 0x33, 0x49, 0x64, 0x0b, 0x94, 0x94, - 0xc3, 0xd7, 0xd9, 0xfe, 0x1f, 0xa3, 0xd1, 0x83, 0x42, 0x3a, 0x2d, 0xaf, - 0xc5, 0x4c, 0xa4, 0x1b, 0xe4, 0x1c, 0x9c, 0x17, 0x8e, 0x28, 0xe9, 0xa5, - 0xd4, 0xbd, 0x9a, 0xce, 0x6e, 0x33, 0xb4, 0xaf, 0xce, 0x13, 0xd2, 0xab, - 0x0c, 0x4b, 0x34, 0x0d, 0x03, 0x87, 0xa1, 0x02, 0x41, 0x00, 0xee, 0x7f, - 0x9b, 0xb4, 0x3c, 0x21, 0x76, 0xf2, 0x0c, 0xdf, 0xb6, 0xea, 0xc9, 0x31, - 0xd4, 0xeb, 0x8f, 0x46, 0x41, 0x9b, 0xc1, 0x60, 0x4f, 0x50, 0x54, 0x32, - 0xd2, 0xf4, 0xfd, 0xd0, 0xc8, 0x58, 0x6d, 0x17, 0x4e, 0xac, 0x5f, 0x9e, - 0xb7, 0xd4, 0xfc, 0xce, 0xe0, 0x92, 0x0e, 0x1d, 0xd1, 0xa7, 0x54, 0xd3, - 0x98, 0xca, 0x5b, 0x9c, 0x41, 0x68, 0xbf, 0x0d, 0x1b, 0xe2, 0xdb, 0xa6, - 0xec, 0xa9, 0x02, 0x40, 0x0b, 0xc1, 0x72, 0x9d, 0x3b, 0x92, 0x5f, 0x7a, - 0x96, 0xdf, 0xc0, 0x3d, 0xf4, 0xb1, 0x5e, 0xda, 0xc1, 0x9f, 0x08, 0xf4, - 0xad, 0xf5, 0x84, 0x7c, 0x3b, 0xd6, 0x7a, 0xd1, 0x88, 0x44, 0x68, 0x9f, - 0x98, 0x5a, 0xbf, 0x29, 0x61, 0x74, 0xc0, 0x72, 0x4c, 0xae, 0x06, 0x8b, - 0xb5, 0x0f, 0x48, 0x15, 0xbe, 0x16, 0x17, 0x89, 0x95, 0xd0, 0x2e, 0xa3, - 0xd2, 0xc8, 0xe8, 0xc8, 0x60, 0x2d, 0x20, 0xa1, 0x02, 0x41, 0x00, 0xdb, - 0x39, 0xbf, 0x14, 0xf8, 0x24, 0xc6, 0xa2, 0x0d, 0xc5, 0x61, 0xed, 0x05, - 0x0d, 0x62, 0x2b, 0x38, 0xe2, 0x9a, 0x92, 0x22, 0x39, 0x76, 0x0e, 0x5f, - 0xa6, 0xec, 0x14, 0xb8, 0x6e, 0x3e, 0x8a, 0x51, 0x94, 0x98, 0x03, 0x88, - 0x4d, 0x6b, 0xab, 0x42, 0xca, 0xa2, 0xd0, 0x7e, 0x5b, 0x58, 0x88, 0x98, - 0x47, 0x7b, 0xed, 0x9e, 0x31, 0xce, 0x4a, 0x0b, 0x3b, 0x70, 0x83, 0xa1, - 0xe6, 0x19, 0x29, 0x02, 0x41, 0x00, 0x9c, 0x88, 0xbb, 0x56, 0x6b, 0x4a, - 0x81, 0x2c, 0xb3, 0x70, 0xdc, 0xf5, 0x65, 0x45, 0xd4, 0xed, 0xdd, 0xc3, - 0xdc, 0xc5, 0x27, 0xa3, 0xa0, 0x66, 0x5c, 0x51, 0xeb, 0x52, 0x8c, 0x8d, - 0x4e, 0xa6, 0x8f, 0x42, 0x5d, 0xb8, 0xa4, 0xa4, 0x26, 0xf3, 0xd6, 0xe5, - 0x01, 0x6b, 0x51, 0x8a, 0xa4, 0xee, 0xec, 0xff, 0x71, 0x8c, 0xbb, 0xba, - 0x05, 0x3e, 0x55, 0x14, 0xd9, 0xe4, 0xa4, 0x7f, 0xb7, 0x4f -}; - -/* Reference ciphertext: - * $ openssl rsautl -in fixed_str -inkey privkey.der -keyform DER -encrypt \ - * > -pkcs -out ciphertext - * $ xxd -i ciphertext - * - * where fixed_str is a file containing the first 100 characters of - * FIXED_STR (above) and privkey.der contains the binary data from the - * rsa_priv_key array. - */ -static uint8_t ciphertext[128] = { - 0x50, 0x86, 0x87, 0x72, 0x37, 0xc1, 0xc7, 0x99, 0xa9, 0xff, 0x56, 0x92, - 0x9b, 0x8a, 0xf6, 0x31, 0x9b, 0x11, 0x2c, 0x27, 0x1c, 0xa9, 0x07, 0x9b, - 0xac, 0xb9, 0x31, 0xcd, 0xc1, 0x10, 0x90, 0xd7, 0x3c, 0xa1, 0x43, 0xa1, - 0xdb, 0xb2, 0x67, 0x48, 0x28, 0xac, 0x0e, 0xbd, 0xd4, 0x62, 0x6b, 0xbd, - 0x81, 0xf9, 0x5b, 0xd0, 0x29, 0xe5, 0xc8, 0x9a, 0x71, 0x69, 0xd1, 0x61, - 0x72, 0x95, 0xa5, 0x10, 0x83, 0xee, 0xb4, 0x6d, 0x79, 0xf8, 0xae, 0xe1, - 0x49, 0xdd, 0x5b, 0x1f, 0x4d, 0x2e, 0xd7, 0xa9, 0xf0, 0xf0, 0x81, 0x01, - 0x38, 0x58, 0x78, 0x0f, 0x89, 0x3d, 0x60, 0xdb, 0x99, 0x19, 0xb0, 0x14, - 0x9d, 0xf7, 0xc8, 0x6e, 0xc3, 0x69, 0xdd, 0xb2, 0xcc, 0x07, 0x32, 0x3b, - 0x88, 0xd3, 0xfa, 0x72, 0xe9, 0xaa, 0x66, 0xc5, 0xd3, 0x4a, 0xff, 0x87, - 0x6a, 0x78, 0x05, 0x2d, 0x16, 0x7c, 0x98, 0x58 -}; - -static void test_rsa(const void *data) -{ - struct l_asymmetric_cipher *cipher; - char buf[128]; - ssize_t encrypted, decrypted; - - cipher = l_asymmetric_cipher_new(L_CIPHER_RSA_PKCS1_V1_5, - rsa_priv_key, - sizeof(rsa_priv_key), false); - assert(cipher); - encrypted = l_asymmetric_cipher_encrypt(cipher, FIXED_STR, buf, - 100, 128); - assert(encrypted == 128); - - assert(memcmp(FIXED_STR, buf, 100)); - - decrypted = l_asymmetric_cipher_decrypt(cipher, buf, buf, 128, 128); - assert(decrypted == 100); - assert(!memcmp(FIXED_STR, buf, 100)); - - /* Decrypt reference ciphertext */ - memset(buf, 0, 128); - decrypted = l_asymmetric_cipher_decrypt(cipher, ciphertext, buf, - 128, 128); - assert(decrypted == 100); - assert(!memcmp(FIXED_STR, buf, 100)); - - /* Decrypt corrupted ciphertext */ - ciphertext[0] = ciphertext[0] ^ (uint8_t)0xFF; - memset(buf, 0, 128); - decrypted = l_asymmetric_cipher_decrypt(cipher, ciphertext, buf, - 128, 128); - assert(decrypted < 0); - - l_asymmetric_cipher_free(cipher); -} - int main(int argc, char *argv[]) { l_test_init(&argc, &argv); @@ -250,7 +133,5 @@ int main(int argc, char *argv[]) l_test_add("arc4", test_arc4, NULL); - l_test_add("rsa", test_rsa, NULL); - return l_test_run(); } -- 2.10.0

3 years, 10 months

2
9
0 / 0

ell-key-crypto kernel branch updated for v4.8

by Mat Martineau

Hello - To go along with today's ELL patch set, there's an updated ell-key-crypto branch on git.kernel.org: https://git.kernel.org/cgit/linux/kernel/git/martineau/linux.git/ This is based on v4.8-rc1 of the kernel and includes: * linux-fs/keys-next (for keyctl crypto ops) * My keyctl restricted keyring patch set * Denis' nl80211 patches Note that the branch no longer includes the AF_ALG akcipher patch set, as it did for v4.7 and earlier. The previous v4.7 key crypto kernel is tagged as ell-key-crypto-47. Relative to my Fedora 24 kernel 4.7 config, the following commands will enable the required config options: $ cp /boot/config-<recent kernel-version> .config $ scripts/config --enable CONFIG_KEY_DH_OPERATIONS $ scripts/config --enable CONFIG_PKCS8_PRIVATE_KEY_PARSER $ make olddefconfig -- Mat Martineau Intel OTC

3 years, 10 months

1
0
0 / 0

[PATCH] dbus: Handle optional properties in PropertiesChanged

by Andrew Zaborowski

Handle property getter returning an error when building the PropertiesChanged signal instead of returning NULL. This is important because the signal may include multiple properties and if one getter fails other properties should still be included. One options is to only error out if all getters fail, another is to add them to the invalidated properties list of the signal. The latter seems to be the right thing to do for optional properties that may appear and disappear. --- ell/dbus-service.c | 26 +++++++++++++++++++++++--- 1 file changed, 23 insertions(+), 3 deletions(-) diff --git a/ell/dbus-service.c b/ell/dbus-service.c index deffc07..57cafbe 100644 --- a/ell/dbus-service.c +++ b/ell/dbus-service.c @@ -962,6 +962,7 @@ static struct l_dbus_message *build_properties_changed_signal( const struct l_queue_entry *entry; const struct _dbus_property *property; const char *signature; + struct l_queue *invalidated; signal = l_dbus_message_new_signal(dbus, rec->path, L_DBUS_INTERFACE_PROPERTIES, @@ -969,6 +970,8 @@ static struct l_dbus_message *build_properties_changed_signal( builder = l_dbus_message_builder_new(signal); + invalidated = l_queue_new(); + l_dbus_message_builder_append_basic(builder, 's', rec->instance->interface->name); l_dbus_message_builder_enter_array(builder, "{sv}"); @@ -978,6 +981,8 @@ static struct l_dbus_message *build_properties_changed_signal( property = entry->data; signature = property->metainfo + strlen(property->metainfo) + 1; + _dbus_message_builder_mark(builder); + l_dbus_message_builder_enter_dict(builder, "sv"); l_dbus_message_builder_append_basic(builder, 's', property->metainfo); @@ -985,10 +990,16 @@ static struct l_dbus_message *build_properties_changed_signal( if (!property->getter(dbus, signal, builder, rec->instance->user_data)) { - l_dbus_message_builder_destroy(builder); - l_dbus_message_unref(signal); + if (!_dbus_message_builder_rewind(builder)) { + l_dbus_message_unref(signal); + signal = NULL; - return NULL; + goto done; + } + + l_queue_push_tail(invalidated, (void *) property); + + continue; } l_dbus_message_builder_leave_variant(builder); @@ -997,10 +1008,19 @@ static struct l_dbus_message *build_properties_changed_signal( l_dbus_message_builder_leave_array(builder); l_dbus_message_builder_enter_array(builder, "s"); + + while ((property = l_queue_pop_head(invalidated))) + l_dbus_message_builder_append_basic(builder, 's', + property->metainfo); + l_dbus_message_builder_leave_array(builder); l_dbus_message_builder_finalize(builder); + +done: l_dbus_message_builder_destroy(builder); + l_queue_destroy(invalidated, NULL); + return signal; } -- 2.7.4

3 years, 10 months

2
1
0 / 0

2020

2019

2018

2017

2016

2015

2014

ell September 2016