mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-23 15:25:29 +00:00
Merge code for RSA and ECDSA in SSL
This commit is contained in:
parent
070cc7fd21
commit
0d42049440
|
@ -244,6 +244,17 @@ int pk_init_ctx_rsa_alt( pk_context *ctx, void * key,
|
|||
*/
|
||||
size_t pk_get_size( const pk_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Get the length in bytes of the underlying key
|
||||
* \param ctx Context to use
|
||||
*
|
||||
* \return Key lenght in bytes, or 0 on error
|
||||
*/
|
||||
static size_t pk_get_len( const pk_context *ctx )
|
||||
{
|
||||
return( ( pk_get_size( ctx ) + 7 ) / 8 );
|
||||
}
|
||||
|
||||
/**
|
||||
* \brief Tell if a context can do the operation given by type
|
||||
*
|
||||
|
|
|
@ -202,6 +202,7 @@
|
|||
#define SSL_HASH_SHA384 5
|
||||
#define SSL_HASH_SHA512 6
|
||||
|
||||
#define SSL_SIG_ANON 0
|
||||
#define SSL_SIG_RSA 1
|
||||
#define SSL_SIG_ECDSA 3
|
||||
|
||||
|
@ -580,13 +581,6 @@ struct _ssl_context
|
|||
*/
|
||||
pk_context *pk_key; /*!< own private key */
|
||||
int pk_key_own_alloc; /*!< did we allocate pk_key? */
|
||||
#if defined(POLARSSL_RSA_C)
|
||||
int rsa_use_alt; /*<! flag for alt (temporary) */
|
||||
void *rsa_key; /*!< own RSA private key */
|
||||
rsa_decrypt_func rsa_decrypt; /*!< function for RSA decrypt*/
|
||||
rsa_sign_func rsa_sign; /*!< function for RSA sign */
|
||||
rsa_key_len_func rsa_key_len; /*!< function for RSA key len*/
|
||||
#endif /* POLARSSL_RSA_C */
|
||||
|
||||
#if defined(POLARSSL_X509_PARSE_C)
|
||||
x509_cert *own_cert; /*!< own X.509 certificate */
|
||||
|
@ -909,7 +903,7 @@ void ssl_set_ca_chain( ssl_context *ssl, x509_cert *ca_chain,
|
|||
* \param pk_key own private key
|
||||
*/
|
||||
void ssl_set_own_cert( ssl_context *ssl, x509_cert *own_cert,
|
||||
pk_context *rsa_key );
|
||||
pk_context *pk_key );
|
||||
|
||||
#if defined(POLARSSL_RSA_C)
|
||||
/**
|
||||
|
@ -922,9 +916,11 @@ void ssl_set_own_cert( ssl_context *ssl, x509_cert *own_cert,
|
|||
* \param ssl SSL context
|
||||
* \param own_cert own public certificate chain
|
||||
* \param rsa_key own private RSA key
|
||||
*
|
||||
* \return 0 on success, or a specific error code.
|
||||
*/
|
||||
void ssl_set_own_cert_rsa( ssl_context *ssl, x509_cert *own_cert,
|
||||
rsa_context *rsa_key );
|
||||
int ssl_set_own_cert_rsa( ssl_context *ssl, x509_cert *own_cert,
|
||||
rsa_context *rsa_key );
|
||||
#endif /* POLARSSL_RSA_C */
|
||||
|
||||
/**
|
||||
|
@ -1388,6 +1384,8 @@ int ssl_write_finished( ssl_context *ssl );
|
|||
|
||||
void ssl_optimize_checksum( ssl_context *ssl, const ssl_ciphersuite_t *ciphersuite_info );
|
||||
|
||||
unsigned char ssl_sig_from_pk( pk_context *pk );
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
|
|
@ -2023,7 +2023,7 @@ static int ssl_write_certificate_verify( ssl_context *ssl )
|
|||
md_alg = POLARSSL_MD_SHA256;
|
||||
ssl->out_msg[4] = SSL_HASH_SHA256;
|
||||
}
|
||||
/* SIG added later */
|
||||
ssl->out_msg[5] = ssl_sig_from_pk( ssl->pk_key );
|
||||
|
||||
if( ( md_info = md_info_from_type( md_alg ) ) == NULL )
|
||||
{
|
||||
|
@ -2036,40 +2036,13 @@ static int ssl_write_certificate_verify( ssl_context *ssl )
|
|||
offset = 2;
|
||||
}
|
||||
|
||||
#if defined(POLARSSL_RSA_C)
|
||||
if( ssl->rsa_key != NULL )
|
||||
if( ( ret = pk_sign( ssl->pk_key, md_alg, hash, hashlen,
|
||||
ssl->out_msg + 6 + offset, &n,
|
||||
ssl->f_rng, ssl->p_rng ) ) != 0 )
|
||||
{
|
||||
if( ssl->minor_ver == SSL_MINOR_VERSION_3 )
|
||||
ssl->out_msg[5] = SSL_SIG_RSA;
|
||||
|
||||
if( ( ret = pk_sign( ssl->pk_key, md_alg, hash, hashlen,
|
||||
ssl->out_msg + 6 + offset, &n,
|
||||
ssl->f_rng, ssl->p_rng ) ) != 0 )
|
||||
{
|
||||
SSL_DEBUG_RET( 1, "pk_sign", ret );
|
||||
return( ret );
|
||||
}
|
||||
SSL_DEBUG_RET( 1, "pk_sign", ret );
|
||||
return( ret );
|
||||
}
|
||||
else
|
||||
#endif /* POLARSSL_RSA_C */
|
||||
#if defined(POLARSSL_ECDSA_C)
|
||||
if( pk_can_do( ssl->pk_key, POLARSSL_PK_ECDSA ) )
|
||||
{
|
||||
if( ssl->minor_ver == SSL_MINOR_VERSION_3 )
|
||||
ssl->out_msg[5] = SSL_SIG_ECDSA;
|
||||
|
||||
if( ( ret = pk_sign( ssl->pk_key, md_alg, hash, hashlen,
|
||||
ssl->out_msg + 6 + offset, &n,
|
||||
ssl->f_rng, ssl->p_rng ) ) != 0 )
|
||||
{
|
||||
SSL_DEBUG_RET( 1, "pk_sign", ret );
|
||||
return( ret );
|
||||
}
|
||||
}
|
||||
else
|
||||
#endif /* POLARSSL_ECDSA_C */
|
||||
/* should never happen */
|
||||
return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
|
||||
|
||||
ssl->out_msg[4 + offset] = (unsigned char)( n >> 8 );
|
||||
ssl->out_msg[5 + offset] = (unsigned char)( n );
|
||||
|
|
|
@ -2069,50 +2069,21 @@ static int ssl_write_server_key_exchange( ssl_context *ssl )
|
|||
return( POLARSSL_ERR_SSL_PRIVATE_KEY_REQUIRED );
|
||||
}
|
||||
|
||||
#if defined(POLARSSL_RSA_C)
|
||||
if( ssl->rsa_key != NULL )
|
||||
if( ssl->minor_ver == SSL_MINOR_VERSION_3 )
|
||||
{
|
||||
if( ssl->minor_ver == SSL_MINOR_VERSION_3 )
|
||||
{
|
||||
*(p++) = ssl->handshake->sig_alg;
|
||||
*(p++) = SSL_SIG_RSA;
|
||||
*(p++) = ssl->handshake->sig_alg;
|
||||
*(p++) = ssl_sig_from_pk( ssl->pk_key );
|
||||
|
||||
n += 2;
|
||||
}
|
||||
|
||||
if( ( ret = pk_sign( ssl->pk_key, md_alg, hash, hashlen,
|
||||
p + 2 , &signature_len,
|
||||
ssl->f_rng, ssl->p_rng ) ) != 0 )
|
||||
{
|
||||
SSL_DEBUG_RET( 1, "pk_sign", ret );
|
||||
return( ret );
|
||||
}
|
||||
n += 2;
|
||||
}
|
||||
else
|
||||
#endif /* POLARSSL_RSA_C */
|
||||
#if defined(POLARSSL_ECDSA_C)
|
||||
if( pk_can_do( ssl->pk_key, POLARSSL_PK_ECDSA ) )
|
||||
|
||||
if( ( ret = pk_sign( ssl->pk_key, md_alg, hash, hashlen,
|
||||
p + 2 , &signature_len,
|
||||
ssl->f_rng, ssl->p_rng ) ) != 0 )
|
||||
{
|
||||
if( ssl->minor_ver == SSL_MINOR_VERSION_3 )
|
||||
{
|
||||
*(p++) = ssl->handshake->sig_alg;
|
||||
*(p++) = SSL_SIG_ECDSA;
|
||||
|
||||
n += 2;
|
||||
}
|
||||
|
||||
if( ( ret = pk_sign( ssl->pk_key, md_alg, hash, hashlen,
|
||||
p + 2 , &signature_len,
|
||||
ssl->f_rng, ssl->p_rng ) ) != 0 )
|
||||
{
|
||||
SSL_DEBUG_RET( 1, "pk_sign", ret );
|
||||
return( ret );
|
||||
}
|
||||
SSL_DEBUG_RET( 1, "pk_sign", ret );
|
||||
return( ret );
|
||||
}
|
||||
else
|
||||
#endif /* POLARSSL_ECDSA_C */
|
||||
/* should never happen */
|
||||
return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
|
||||
|
||||
*(p++) = (unsigned char)( signature_len >> 8 );
|
||||
*(p++) = (unsigned char)( signature_len );
|
||||
|
@ -2254,7 +2225,7 @@ static int ssl_parse_encrypted_pms_secret( ssl_context *ssl )
|
|||
* Decrypt the premaster using own private RSA key
|
||||
*/
|
||||
i = 4;
|
||||
n = ssl->rsa_key_len( ssl->rsa_key );
|
||||
n = pk_get_len( ssl->pk_key );
|
||||
ssl->handshake->pmslen = 48;
|
||||
|
||||
if( ssl->minor_ver != SSL_MINOR_VERSION_0 )
|
||||
|
|
|
@ -131,30 +131,6 @@ int (*ssl_hw_record_read)(ssl_context *ssl) = NULL;
|
|||
int (*ssl_hw_record_finish)(ssl_context *ssl) = NULL;
|
||||
#endif
|
||||
|
||||
#if defined(POLARSSL_RSA_C)
|
||||
static int ssl_rsa_decrypt( void *ctx, int mode, size_t *olen,
|
||||
const unsigned char *input, unsigned char *output,
|
||||
size_t output_max_len )
|
||||
{
|
||||
return rsa_pkcs1_decrypt( (rsa_context *) ctx, mode, olen, input, output,
|
||||
output_max_len );
|
||||
}
|
||||
|
||||
static int ssl_rsa_sign( void *ctx,
|
||||
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
|
||||
int mode, int hash_id, unsigned int hashlen,
|
||||
const unsigned char *hash, unsigned char *sig )
|
||||
{
|
||||
return rsa_pkcs1_sign( (rsa_context *) ctx, f_rng, p_rng, mode, hash_id,
|
||||
hashlen, hash, sig );
|
||||
}
|
||||
|
||||
static size_t ssl_rsa_key_len( void *ctx )
|
||||
{
|
||||
return ( (rsa_context *) ctx )->len;
|
||||
}
|
||||
#endif /* POLARSSL_RSA_C */
|
||||
|
||||
/*
|
||||
* Key material generation
|
||||
*/
|
||||
|
@ -2858,12 +2834,6 @@ int ssl_init( ssl_context *ssl )
|
|||
/*
|
||||
* Sane defaults
|
||||
*/
|
||||
#if defined(POLARSSL_RSA_C)
|
||||
ssl->rsa_decrypt = ssl_rsa_decrypt;
|
||||
ssl->rsa_sign = ssl_rsa_sign;
|
||||
ssl->rsa_key_len = ssl_rsa_key_len;
|
||||
#endif
|
||||
|
||||
ssl->min_major_ver = SSL_MAJOR_VERSION_3;
|
||||
ssl->min_minor_ver = SSL_MINOR_VERSION_0;
|
||||
ssl->max_major_ver = SSL_MAJOR_VERSION_3;
|
||||
|
@ -3147,18 +3117,31 @@ void ssl_set_own_cert( ssl_context *ssl, x509_cert *own_cert,
|
|||
{
|
||||
ssl->own_cert = own_cert;
|
||||
ssl->pk_key = pk_key;
|
||||
|
||||
/* Temporary, until everything is moved to PK */
|
||||
if( pk_key->pk_info->type == POLARSSL_PK_RSA )
|
||||
ssl->rsa_key = pk_key->pk_ctx;
|
||||
}
|
||||
|
||||
#if defined(POLARSSL_RSA_C)
|
||||
void ssl_set_own_cert_rsa( ssl_context *ssl, x509_cert *own_cert,
|
||||
int ssl_set_own_cert_rsa( ssl_context *ssl, x509_cert *own_cert,
|
||||
rsa_context *rsa_key )
|
||||
{
|
||||
int ret;
|
||||
|
||||
ssl->own_cert = own_cert;
|
||||
ssl->rsa_key = rsa_key;
|
||||
|
||||
if( ( ssl->pk_key = polarssl_malloc( sizeof( pk_context ) ) ) == NULL )
|
||||
return( POLARSSL_ERR_SSL_MALLOC_FAILED );
|
||||
|
||||
ssl->pk_key_own_alloc = 1;
|
||||
|
||||
pk_init( ssl->pk_key );
|
||||
|
||||
ret = pk_init_ctx( ssl->pk_key, pk_info_from_type( POLARSSL_PK_RSA ) );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
|
||||
if( ( ret = rsa_copy( ssl->pk_key->pk_ctx, rsa_key ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* POLARSSL_RSA_C */
|
||||
|
||||
|
@ -3168,14 +3151,7 @@ int ssl_set_own_cert_alt_rsa( ssl_context *ssl, x509_cert *own_cert,
|
|||
rsa_sign_func rsa_sign,
|
||||
rsa_key_len_func rsa_key_len )
|
||||
{
|
||||
int ret;
|
||||
|
||||
ssl->own_cert = own_cert;
|
||||
ssl->rsa_use_alt = 1;
|
||||
ssl->rsa_key = rsa_key;
|
||||
ssl->rsa_decrypt = rsa_decrypt;
|
||||
ssl->rsa_sign = rsa_sign;
|
||||
ssl->rsa_key_len = rsa_key_len;
|
||||
|
||||
if( ( ssl->pk_key = polarssl_malloc( sizeof( pk_context ) ) ) == NULL )
|
||||
return( POLARSSL_ERR_SSL_MALLOC_FAILED );
|
||||
|
@ -3812,4 +3788,20 @@ void ssl_free( ssl_context *ssl )
|
|||
memset( ssl, 0, sizeof( ssl_context ) );
|
||||
}
|
||||
|
||||
/*
|
||||
* Get the SSL_SIG_* constant corresponding to a public key
|
||||
*/
|
||||
unsigned char ssl_sig_from_pk( pk_context *pk )
|
||||
{
|
||||
#if defined(POLARSSL_RSA_C)
|
||||
if( pk_can_do( pk, POLARSSL_PK_RSA ) )
|
||||
return( SSL_SIG_RSA );
|
||||
#endif
|
||||
#if defined(POLARSSL_ECDSA_C)
|
||||
if( pk_can_do( pk, POLARSSL_PK_ECDSA ) )
|
||||
return( SSL_SIG_ECDSA );
|
||||
#endif
|
||||
return( SSL_SIG_ANON );
|
||||
}
|
||||
|
||||
#endif
|
||||
|
|
Loading…
Reference in a new issue