[PATCH 1/9] unit: Remove asymmetric cipher tests
by Mat Martineau
The RSA cipher is tested by test-key, using the keyctl crypto calls.
AF_ALG akcipher is not expected to get merged in the mainline kernel.
---
unit/test-cipher.c | 119 -----------------------------------------------------
1 file changed, 119 deletions(-)
diff --git a/unit/test-cipher.c b/unit/test-cipher.c
index 12a922a..a958402 100644
--- a/unit/test-cipher.c
+++ b/unit/test-cipher.c
@@ -123,123 +123,6 @@ static void test_arc4(const void *data)
l_cipher_free(cipher);
}
-/*
- * openssl genrsa 1024 | openssl rsa -outform DER | xxd -i
- */
-static uint8_t rsa_priv_key[] = {
- 0x30, 0x82, 0x02, 0x5e, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xe1,
- 0xec, 0x78, 0x3c, 0x5f, 0x62, 0x74, 0x1e, 0x6d, 0x1d, 0x44, 0xac, 0x40,
- 0xb3, 0xec, 0x01, 0x96, 0x01, 0x8a, 0xfe, 0xcf, 0x5d, 0xc5, 0xe6, 0x0c,
- 0x36, 0x03, 0x2c, 0x4e, 0x84, 0x8f, 0x51, 0xf3, 0xc5, 0x32, 0x4f, 0xc4,
- 0x73, 0x22, 0x92, 0x30, 0x7c, 0x75, 0xd7, 0x4b, 0xae, 0xc6, 0xd0, 0x59,
- 0x6b, 0xd8, 0x46, 0x79, 0xbc, 0x6a, 0x6e, 0xde, 0x27, 0x11, 0x2f, 0xde,
- 0x84, 0xe3, 0x64, 0x84, 0x07, 0x82, 0x83, 0xbf, 0x90, 0xf5, 0x80, 0x6f,
- 0x63, 0x3a, 0xd1, 0x74, 0xd5, 0x6d, 0x2f, 0xde, 0xdc, 0xea, 0xab, 0xe5,
- 0x20, 0x7d, 0x26, 0x3e, 0x20, 0x99, 0x97, 0x41, 0x47, 0x81, 0x04, 0x7e,
- 0x53, 0x5c, 0xb2, 0xa9, 0xe0, 0x3d, 0x72, 0x37, 0x85, 0xcc, 0x5c, 0xda,
- 0x04, 0x96, 0xfa, 0x02, 0xc2, 0x23, 0x8b, 0x20, 0x5d, 0xe1, 0x2a, 0x69,
- 0xec, 0xcd, 0xce, 0x85, 0xc2, 0xf5, 0x49, 0x02, 0x03, 0x01, 0x00, 0x01,
- 0x02, 0x81, 0x81, 0x00, 0xa5, 0x31, 0x72, 0xf9, 0x32, 0x05, 0x9b, 0x42,
- 0x64, 0x26, 0x72, 0x80, 0x41, 0x0f, 0x4e, 0x12, 0x1a, 0xcd, 0x26, 0x05,
- 0x0b, 0x3b, 0x55, 0xe8, 0xd0, 0x24, 0xee, 0x4d, 0x07, 0x5c, 0x86, 0x2f,
- 0x36, 0x3f, 0x8a, 0x7a, 0x28, 0xfa, 0xc6, 0xdc, 0x7d, 0xf7, 0x83, 0x72,
- 0xd9, 0x34, 0x02, 0xcb, 0x75, 0x97, 0x15, 0x9c, 0xf2, 0x86, 0x82, 0x8c,
- 0x6e, 0x83, 0xc2, 0x5d, 0x6e, 0x27, 0x5c, 0xdc, 0x52, 0xb8, 0x8d, 0xa8,
- 0x0d, 0x09, 0xcf, 0x69, 0xae, 0x61, 0x0e, 0xcb, 0x6a, 0x76, 0xac, 0xdd,
- 0x85, 0xda, 0x9c, 0xac, 0x2b, 0xf0, 0xf6, 0x2e, 0x2e, 0x4d, 0x9b, 0xc7,
- 0x67, 0xc2, 0xfa, 0x7b, 0x0e, 0x68, 0xf7, 0x1e, 0x03, 0x28, 0xea, 0x0e,
- 0x9a, 0xd6, 0xc3, 0x28, 0x3d, 0xde, 0x11, 0x26, 0xb1, 0x95, 0xf6, 0x10,
- 0x2f, 0x81, 0xa5, 0x60, 0x2c, 0x4f, 0x37, 0x5c, 0x2a, 0xd2, 0x30, 0x01,
- 0x02, 0x41, 0x00, 0xf2, 0x80, 0xa2, 0x57, 0x5c, 0xe0, 0x41, 0x82, 0x00,
- 0xac, 0x0b, 0xbd, 0xad, 0x98, 0x04, 0x33, 0x49, 0x64, 0x0b, 0x94, 0x94,
- 0xc3, 0xd7, 0xd9, 0xfe, 0x1f, 0xa3, 0xd1, 0x83, 0x42, 0x3a, 0x2d, 0xaf,
- 0xc5, 0x4c, 0xa4, 0x1b, 0xe4, 0x1c, 0x9c, 0x17, 0x8e, 0x28, 0xe9, 0xa5,
- 0xd4, 0xbd, 0x9a, 0xce, 0x6e, 0x33, 0xb4, 0xaf, 0xce, 0x13, 0xd2, 0xab,
- 0x0c, 0x4b, 0x34, 0x0d, 0x03, 0x87, 0xa1, 0x02, 0x41, 0x00, 0xee, 0x7f,
- 0x9b, 0xb4, 0x3c, 0x21, 0x76, 0xf2, 0x0c, 0xdf, 0xb6, 0xea, 0xc9, 0x31,
- 0xd4, 0xeb, 0x8f, 0x46, 0x41, 0x9b, 0xc1, 0x60, 0x4f, 0x50, 0x54, 0x32,
- 0xd2, 0xf4, 0xfd, 0xd0, 0xc8, 0x58, 0x6d, 0x17, 0x4e, 0xac, 0x5f, 0x9e,
- 0xb7, 0xd4, 0xfc, 0xce, 0xe0, 0x92, 0x0e, 0x1d, 0xd1, 0xa7, 0x54, 0xd3,
- 0x98, 0xca, 0x5b, 0x9c, 0x41, 0x68, 0xbf, 0x0d, 0x1b, 0xe2, 0xdb, 0xa6,
- 0xec, 0xa9, 0x02, 0x40, 0x0b, 0xc1, 0x72, 0x9d, 0x3b, 0x92, 0x5f, 0x7a,
- 0x96, 0xdf, 0xc0, 0x3d, 0xf4, 0xb1, 0x5e, 0xda, 0xc1, 0x9f, 0x08, 0xf4,
- 0xad, 0xf5, 0x84, 0x7c, 0x3b, 0xd6, 0x7a, 0xd1, 0x88, 0x44, 0x68, 0x9f,
- 0x98, 0x5a, 0xbf, 0x29, 0x61, 0x74, 0xc0, 0x72, 0x4c, 0xae, 0x06, 0x8b,
- 0xb5, 0x0f, 0x48, 0x15, 0xbe, 0x16, 0x17, 0x89, 0x95, 0xd0, 0x2e, 0xa3,
- 0xd2, 0xc8, 0xe8, 0xc8, 0x60, 0x2d, 0x20, 0xa1, 0x02, 0x41, 0x00, 0xdb,
- 0x39, 0xbf, 0x14, 0xf8, 0x24, 0xc6, 0xa2, 0x0d, 0xc5, 0x61, 0xed, 0x05,
- 0x0d, 0x62, 0x2b, 0x38, 0xe2, 0x9a, 0x92, 0x22, 0x39, 0x76, 0x0e, 0x5f,
- 0xa6, 0xec, 0x14, 0xb8, 0x6e, 0x3e, 0x8a, 0x51, 0x94, 0x98, 0x03, 0x88,
- 0x4d, 0x6b, 0xab, 0x42, 0xca, 0xa2, 0xd0, 0x7e, 0x5b, 0x58, 0x88, 0x98,
- 0x47, 0x7b, 0xed, 0x9e, 0x31, 0xce, 0x4a, 0x0b, 0x3b, 0x70, 0x83, 0xa1,
- 0xe6, 0x19, 0x29, 0x02, 0x41, 0x00, 0x9c, 0x88, 0xbb, 0x56, 0x6b, 0x4a,
- 0x81, 0x2c, 0xb3, 0x70, 0xdc, 0xf5, 0x65, 0x45, 0xd4, 0xed, 0xdd, 0xc3,
- 0xdc, 0xc5, 0x27, 0xa3, 0xa0, 0x66, 0x5c, 0x51, 0xeb, 0x52, 0x8c, 0x8d,
- 0x4e, 0xa6, 0x8f, 0x42, 0x5d, 0xb8, 0xa4, 0xa4, 0x26, 0xf3, 0xd6, 0xe5,
- 0x01, 0x6b, 0x51, 0x8a, 0xa4, 0xee, 0xec, 0xff, 0x71, 0x8c, 0xbb, 0xba,
- 0x05, 0x3e, 0x55, 0x14, 0xd9, 0xe4, 0xa4, 0x7f, 0xb7, 0x4f
-};
-
-/* Reference ciphertext:
- * $ openssl rsautl -in fixed_str -inkey privkey.der -keyform DER -encrypt \
- * > -pkcs -out ciphertext
- * $ xxd -i ciphertext
- *
- * where fixed_str is a file containing the first 100 characters of
- * FIXED_STR (above) and privkey.der contains the binary data from the
- * rsa_priv_key array.
- */
-static uint8_t ciphertext[128] = {
- 0x50, 0x86, 0x87, 0x72, 0x37, 0xc1, 0xc7, 0x99, 0xa9, 0xff, 0x56, 0x92,
- 0x9b, 0x8a, 0xf6, 0x31, 0x9b, 0x11, 0x2c, 0x27, 0x1c, 0xa9, 0x07, 0x9b,
- 0xac, 0xb9, 0x31, 0xcd, 0xc1, 0x10, 0x90, 0xd7, 0x3c, 0xa1, 0x43, 0xa1,
- 0xdb, 0xb2, 0x67, 0x48, 0x28, 0xac, 0x0e, 0xbd, 0xd4, 0x62, 0x6b, 0xbd,
- 0x81, 0xf9, 0x5b, 0xd0, 0x29, 0xe5, 0xc8, 0x9a, 0x71, 0x69, 0xd1, 0x61,
- 0x72, 0x95, 0xa5, 0x10, 0x83, 0xee, 0xb4, 0x6d, 0x79, 0xf8, 0xae, 0xe1,
- 0x49, 0xdd, 0x5b, 0x1f, 0x4d, 0x2e, 0xd7, 0xa9, 0xf0, 0xf0, 0x81, 0x01,
- 0x38, 0x58, 0x78, 0x0f, 0x89, 0x3d, 0x60, 0xdb, 0x99, 0x19, 0xb0, 0x14,
- 0x9d, 0xf7, 0xc8, 0x6e, 0xc3, 0x69, 0xdd, 0xb2, 0xcc, 0x07, 0x32, 0x3b,
- 0x88, 0xd3, 0xfa, 0x72, 0xe9, 0xaa, 0x66, 0xc5, 0xd3, 0x4a, 0xff, 0x87,
- 0x6a, 0x78, 0x05, 0x2d, 0x16, 0x7c, 0x98, 0x58
-};
-
-static void test_rsa(const void *data)
-{
- struct l_asymmetric_cipher *cipher;
- char buf[128];
- ssize_t encrypted, decrypted;
-
- cipher = l_asymmetric_cipher_new(L_CIPHER_RSA_PKCS1_V1_5,
- rsa_priv_key,
- sizeof(rsa_priv_key), false);
- assert(cipher);
- encrypted = l_asymmetric_cipher_encrypt(cipher, FIXED_STR, buf,
- 100, 128);
- assert(encrypted == 128);
-
- assert(memcmp(FIXED_STR, buf, 100));
-
- decrypted = l_asymmetric_cipher_decrypt(cipher, buf, buf, 128, 128);
- assert(decrypted == 100);
- assert(!memcmp(FIXED_STR, buf, 100));
-
- /* Decrypt reference ciphertext */
- memset(buf, 0, 128);
- decrypted = l_asymmetric_cipher_decrypt(cipher, ciphertext, buf,
- 128, 128);
- assert(decrypted == 100);
- assert(!memcmp(FIXED_STR, buf, 100));
-
- /* Decrypt corrupted ciphertext */
- ciphertext[0] = ciphertext[0] ^ (uint8_t)0xFF;
- memset(buf, 0, 128);
- decrypted = l_asymmetric_cipher_decrypt(cipher, ciphertext, buf,
- 128, 128);
- assert(decrypted < 0);
-
- l_asymmetric_cipher_free(cipher);
-}
-
int main(int argc, char *argv[])
{
l_test_init(&argc, &argv);
@@ -250,7 +133,5 @@ int main(int argc, char *argv[])
l_test_add("arc4", test_arc4, NULL);
- l_test_add("rsa", test_rsa, NULL);
-
return l_test_run();
}
--
2.10.0
5 years, 7 months
ell-key-crypto kernel branch updated for v4.8
by Mat Martineau
Hello -
To go along with today's ELL patch set, there's an updated ell-key-crypto
branch on git.kernel.org:
https://git.kernel.org/cgit/linux/kernel/git/martineau/linux.git/
This is based on v4.8-rc1 of the kernel and includes:
* linux-fs/keys-next (for keyctl crypto ops)
* My keyctl restricted keyring patch set
* Denis' nl80211 patches
Note that the branch no longer includes the AF_ALG akcipher patch set, as
it did for v4.7 and earlier. The previous v4.7 key crypto kernel is tagged
as ell-key-crypto-47.
Relative to my Fedora 24 kernel 4.7 config, the following commands will
enable the required config options:
$ cp /boot/config-<recent kernel-version> .config
$ scripts/config --enable CONFIG_KEY_DH_OPERATIONS
$ scripts/config --enable CONFIG_PKCS8_PRIVATE_KEY_PARSER
$ make olddefconfig
--
Mat Martineau
Intel OTC
5 years, 7 months
[PATCH] dbus: Handle optional properties in PropertiesChanged
by Andrew Zaborowski
Handle property getter returning an error when building the
PropertiesChanged signal instead of returning NULL. This is important
because the signal may include multiple properties and if one getter
fails other properties should still be included. One options is to only
error out if all getters fail, another is to add them to the invalidated
properties list of the signal. The latter seems to be the right thing
to do for optional properties that may appear and disappear.
---
ell/dbus-service.c | 26 +++++++++++++++++++++++---
1 file changed, 23 insertions(+), 3 deletions(-)
diff --git a/ell/dbus-service.c b/ell/dbus-service.c
index deffc07..57cafbe 100644
--- a/ell/dbus-service.c
+++ b/ell/dbus-service.c
@@ -962,6 +962,7 @@ static struct l_dbus_message *build_properties_changed_signal(
const struct l_queue_entry *entry;
const struct _dbus_property *property;
const char *signature;
+ struct l_queue *invalidated;
signal = l_dbus_message_new_signal(dbus, rec->path,
L_DBUS_INTERFACE_PROPERTIES,
@@ -969,6 +970,8 @@ static struct l_dbus_message *build_properties_changed_signal(
builder = l_dbus_message_builder_new(signal);
+ invalidated = l_queue_new();
+
l_dbus_message_builder_append_basic(builder, 's',
rec->instance->interface->name);
l_dbus_message_builder_enter_array(builder, "{sv}");
@@ -978,6 +981,8 @@ static struct l_dbus_message *build_properties_changed_signal(
property = entry->data;
signature = property->metainfo + strlen(property->metainfo) + 1;
+ _dbus_message_builder_mark(builder);
+
l_dbus_message_builder_enter_dict(builder, "sv");
l_dbus_message_builder_append_basic(builder, 's',
property->metainfo);
@@ -985,10 +990,16 @@ static struct l_dbus_message *build_properties_changed_signal(
if (!property->getter(dbus, signal, builder,
rec->instance->user_data)) {
- l_dbus_message_builder_destroy(builder);
- l_dbus_message_unref(signal);
+ if (!_dbus_message_builder_rewind(builder)) {
+ l_dbus_message_unref(signal);
+ signal = NULL;
- return NULL;
+ goto done;
+ }
+
+ l_queue_push_tail(invalidated, (void *) property);
+
+ continue;
}
l_dbus_message_builder_leave_variant(builder);
@@ -997,10 +1008,19 @@ static struct l_dbus_message *build_properties_changed_signal(
l_dbus_message_builder_leave_array(builder);
l_dbus_message_builder_enter_array(builder, "s");
+
+ while ((property = l_queue_pop_head(invalidated)))
+ l_dbus_message_builder_append_basic(builder, 's',
+ property->metainfo);
+
l_dbus_message_builder_leave_array(builder);
l_dbus_message_builder_finalize(builder);
+
+done:
l_dbus_message_builder_destroy(builder);
+ l_queue_destroy(invalidated, NULL);
+
return signal;
}
--
2.7.4
5 years, 7 months