diff options
| author | Michael Brown <mcb30@ipxe.org> | 2024-08-12 12:36:41 +0100 |
|---|---|---|
| committer | Michael Brown <mcb30@ipxe.org> | 2024-08-14 13:04:01 +0100 |
| commit | 97635eb71b5ad7e81e79f32fef5f4394bcee0722 (patch) | |
| tree | 5cade59887c1c710ccd184bfc62cb16339b5a22b /src/tests | |
| parent | 998edc6ec515a6c9b0635d728b1cc51253e7dd7f (diff) | |
| download | ipxe-97635eb71b5ad7e81e79f32fef5f4394bcee0722.tar.gz | |
[crypto] Generalise cms_signature to cms_message
There is some exploitable similarity between the data structures used
for representing CMS signatures and CMS encryption keys. In both
cases, the CMS message fundamentally encodes a list of participants
(either message signers or message recipients), where each participant
has an associated certificate and an opaque octet string representing
the signature or encrypted cipher key. The ASN.1 structures are not
identical, but are sufficiently similar to be worth exploiting: for
example, the SignerIdentifier and RecipientIdentifier data structures
are defined identically.
Rename data structures and functions, and add the concept of a CMS
message type.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Diffstat (limited to 'src/tests')
| -rw-r--r-- | src/tests/cms_test.c | 24 |
1 files changed, 12 insertions, 12 deletions
diff --git a/src/tests/cms_test.c b/src/tests/cms_test.c index d98b2c3e5..86f9bb98f 100644 --- a/src/tests/cms_test.c +++ b/src/tests/cms_test.c @@ -55,8 +55,8 @@ struct cms_test_code { struct cms_test_signature { /** Signature image */ struct image image; - /** Parsed signature */ - struct cms_signature *sig; + /** Parsed message */ + struct cms_message *cms; }; /** Define inline data */ @@ -1366,7 +1366,7 @@ static void cms_signature_okx ( struct cms_test_signature *sgn, sgn->image.data = virt_to_user ( data ); /* Check ability to parse signature */ - okx ( cms_signature ( &sgn->image, &sgn->sig ) == 0, file, line ); + okx ( cms_message ( &sgn->image, &sgn->cms ) == 0, file, line ); /* Reset image data pointer */ sgn->image.data = ( ( userptr_t ) data ); @@ -1397,10 +1397,10 @@ static void cms_verify_okx ( struct cms_test_signature *sgn, code->image.data = virt_to_user ( data ); /* Invalidate any certificates from previous tests */ - x509_invalidate_chain ( sgn->sig->certificates ); + x509_invalidate_chain ( sgn->cms->certificates ); /* Check ability to verify signature */ - okx ( cms_verify ( sgn->sig, &code->image, name, time, store, + okx ( cms_verify ( sgn->cms, &code->image, name, time, store, root ) == 0, file, line ); okx ( code->image.flags & IMAGE_TRUSTED, file, line ); @@ -1434,10 +1434,10 @@ static void cms_verify_fail_okx ( struct cms_test_signature *sgn, code->image.data = virt_to_user ( data ); /* Invalidate any certificates from previous tests */ - x509_invalidate_chain ( sgn->sig->certificates ); + x509_invalidate_chain ( sgn->cms->certificates ); /* Check inability to verify signature */ - okx ( cms_verify ( sgn->sig, &code->image, name, time, store, + okx ( cms_verify ( sgn->cms, &code->image, name, time, store, root ) != 0, file, line ); okx ( ! ( code->image.flags & IMAGE_TRUSTED ), file, line ); @@ -1498,11 +1498,11 @@ static void cms_test_exec ( void ) { /* Sanity check */ assert ( list_empty ( &empty_store.links ) ); - /* Drop signature references */ - cms_put ( nonsigned_sig.sig ); - cms_put ( genericsigned_sig.sig ); - cms_put ( brokenchain_sig.sig ); - cms_put ( codesigned_sig.sig ); + /* Drop message references */ + cms_put ( nonsigned_sig.cms ); + cms_put ( genericsigned_sig.cms ); + cms_put ( brokenchain_sig.cms ); + cms_put ( codesigned_sig.cms ); } /** CMS self-test */ |