Make RSA_ALT support optionnal

This commit is contained in:
Manuel Pégourié-Gonnard 2015-03-31 14:01:33 +02:00
parent 32076e66be
commit 348bcb3694
7 changed files with 29 additions and 2 deletions

View file

@ -46,6 +46,9 @@ Default behavior changes
* Support for receiving SSLv2 ClientHello is now disabled by default at * Support for receiving SSLv2 ClientHello is now disabled by default at
compile time. compile time.
* The default authmode for SSL/TLS clients is now REQUIRED. * The default authmode for SSL/TLS clients is now REQUIRED.
* Support for RSA_ALT contexts in the PK layer is now optional. Since is is
enabled in the default configuration, this is only noticeable if using a
custom config.h
Changes Changes
* Remove test program o_p_test, the script compat.sh does more. * Remove test program o_p_test, the script compat.sh does more.

View file

@ -768,6 +768,15 @@
*/ */
//#define POLARSSL_MEMORY_BACKTRACE //#define POLARSSL_MEMORY_BACKTRACE
/**
* \def POLARSSL_PK_RSA_ALT_SUPPORT
*
* Support external private RSA keys (eg from a HSM) in the PK layer.
*
* Comment this macro to disable support for external private RSA keys.
*/
#define POLARSSL_PK_RSA_ALT_SUPPORT
/** /**
* \def POLARSSL_PKCS1_V15 * \def POLARSSL_PKCS1_V15
* *

View file

@ -197,6 +197,7 @@ typedef struct
void * pk_ctx; /**< Underlying public key context */ void * pk_ctx; /**< Underlying public key context */
} pk_context; } pk_context;
#if defined(POLARSSL_PK_RSA_ALT_SUPPORT)
/** /**
* \brief Types for RSA-alt abstraction * \brief Types for RSA-alt abstraction
*/ */
@ -208,6 +209,7 @@ typedef int (*pk_rsa_alt_sign_func)( void *ctx,
int mode, md_type_t md_alg, unsigned int hashlen, int mode, md_type_t md_alg, unsigned int hashlen,
const unsigned char *hash, unsigned char *sig ); const unsigned char *hash, unsigned char *sig );
typedef size_t (*pk_rsa_alt_key_len_func)( void *ctx ); typedef size_t (*pk_rsa_alt_key_len_func)( void *ctx );
#endif /* POLARSSL_PK_RSA_ALT_SUPPORT */
/** /**
* \brief Return information associated with the given PK type * \brief Return information associated with the given PK type
@ -244,6 +246,7 @@ void pk_free( pk_context *ctx );
*/ */
int pk_init_ctx( pk_context *ctx, const pk_info_t *info ); int pk_init_ctx( pk_context *ctx, const pk_info_t *info );
#if defined(POLARSSL_PK_RSA_ALT_SUPPORT)
/** /**
* \brief Initialize an RSA-alt context * \brief Initialize an RSA-alt context
* *
@ -262,6 +265,7 @@ int pk_init_ctx_rsa_alt( pk_context *ctx, void * key,
pk_rsa_alt_decrypt_func decrypt_func, pk_rsa_alt_decrypt_func decrypt_func,
pk_rsa_alt_sign_func sign_func, pk_rsa_alt_sign_func sign_func,
pk_rsa_alt_key_len_func key_len_func ); pk_rsa_alt_key_len_func key_len_func );
#endif /* POLARSSL_PK_RSA_ALT_SUPPORT */
/** /**
* \brief Get the size in bits of the underlying key * \brief Get the size in bits of the underlying key

View file

@ -33,6 +33,7 @@
#include "pk.h" #include "pk.h"
#if defined(POLARSSL_PK_RSA_ALT_SUPPORT)
/* Container for RSA-alt */ /* Container for RSA-alt */
typedef struct typedef struct
{ {
@ -41,6 +42,7 @@ typedef struct
pk_rsa_alt_sign_func sign_func; pk_rsa_alt_sign_func sign_func;
pk_rsa_alt_key_len_func key_len_func; pk_rsa_alt_key_len_func key_len_func;
} rsa_alt_context; } rsa_alt_context;
#endif
#if defined(POLARSSL_RSA_C) #if defined(POLARSSL_RSA_C)
extern const pk_info_t rsa_info; extern const pk_info_t rsa_info;
@ -55,6 +57,8 @@ extern const pk_info_t eckeydh_info;
extern const pk_info_t ecdsa_info; extern const pk_info_t ecdsa_info;
#endif #endif
#if defined(POLARSSL_PK_RSA_ALT_SUPPORT)
extern const pk_info_t rsa_alt_info; extern const pk_info_t rsa_alt_info;
#endif
#endif /* POLARSSL_PK_WRAP_H */ #endif /* POLARSSL_PK_WRAP_H */

View file

@ -112,6 +112,7 @@ int pk_init_ctx( pk_context *ctx, const pk_info_t *info )
return( 0 ); return( 0 );
} }
#if defined(POLARSSL_PK_RSA_ALT_SUPPORT)
/* /*
* Initialize an RSA-alt context * Initialize an RSA-alt context
*/ */
@ -140,6 +141,7 @@ int pk_init_ctx_rsa_alt( pk_context *ctx, void * key,
return( 0 ); return( 0 );
} }
#endif /* POLARSSL_PK_RSA_ALT_SUPPORT */
/* /*
* Tell if a PK can do the operations of the given type * Tell if a PK can do the operations of the given type

View file

@ -50,10 +50,12 @@
#define polarssl_free free #define polarssl_free free
#endif #endif
#if defined(POLARSSL_PK_RSA_ALT_SUPPORT)
/* Implementation that should never be optimized out by the compiler */ /* Implementation that should never be optimized out by the compiler */
static void polarssl_zeroize( void *v, size_t n ) { static void polarssl_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0; volatile unsigned char *p = v; while( n-- ) *p++ = 0;
} }
#endif
#if defined(POLARSSL_RSA_C) #if defined(POLARSSL_RSA_C)
static int rsa_can_do( pk_type_t type ) static int rsa_can_do( pk_type_t type )
@ -377,6 +379,7 @@ const pk_info_t ecdsa_info = {
}; };
#endif /* POLARSSL_ECDSA_C */ #endif /* POLARSSL_ECDSA_C */
#if defined(POLARSSL_PK_RSA_ALT_SUPPORT)
/* /*
* Support for alternative RSA-private implementations * Support for alternative RSA-private implementations
*/ */
@ -488,4 +491,6 @@ const pk_info_t rsa_alt_info = {
NULL, NULL,
}; };
#endif /* POLARSSL_PK_RSA_ALT_SUPPORT */
#endif /* POLARSSL_PK_C */ #endif /* POLARSSL_PK_C */

View file

@ -98,7 +98,7 @@ void pk_check_pair( char *pub_file, char *prv_file, int ret )
TEST_ASSERT( pk_check_pair( &pub, &prv ) == ret ); TEST_ASSERT( pk_check_pair( &pub, &prv ) == ret );
#if defined(POLARSSL_RSA_C) #if defined(POLARSSL_RSA_C) && defined(POLARSSL_PK_RSA_ALT_SUPPORT)
if( pk_get_type( &prv ) == POLARSSL_PK_RSA ) if( pk_get_type( &prv ) == POLARSSL_PK_RSA )
{ {
TEST_ASSERT( pk_init_ctx_rsa_alt( &alt, pk_rsa( prv ), TEST_ASSERT( pk_init_ctx_rsa_alt( &alt, pk_rsa( prv ),
@ -414,7 +414,7 @@ exit:
} }
/* END_CASE */ /* END_CASE */
/* BEGIN_CASE depends_on:POLARSSL_RSA_C */ /* BEGIN_CASE depends_on:POLARSSL_RSA_C:POLARSSL_PK_RSA_ALT_SUPPORT */
void pk_rsa_alt( ) void pk_rsa_alt( )
{ {
/* /*