yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-03-24 22:35:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

Introduce pk_sign() and use it in ssl

Browse source
This commit is contained in:
Manuel Pégourié-Gonnard 2013-08-21 10:34:38 +02:00
parent 583b608401
commit 8df2769178
7 changed files with 148 additions and 47 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
include/polarssl/pk.h
View file

@ -129,6 +129,13 @@ typedef struct
const unsigned char *hash, size_t hash_len, const unsigned char *hash, size_t hash_len,
const unsigned char *sig, size_t sig_len ); const unsigned char *sig, size_t sig_len );
/** Make signature */
int (*sign_func)( void *ctx, md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
unsigned char *sig, size_t *sig_len,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng );
/** Allocate a new context */ /** Allocate a new context */
void * (*ctx_alloc_func)( void ); void * (*ctx_alloc_func)( void );
@ -218,6 +225,25 @@ int pk_verify( pk_context *ctx, md_type_t md_alg,
const unsigned char *hash, size_t hash_len, const unsigned char *hash, size_t hash_len,
const unsigned char *sig, size_t sig_len ); const unsigned char *sig, size_t sig_len );
/**
* \brief Make signature
*
* \param ctx PK context to use
* \param md_alg Hash algorithm used
* \param hash Hash of the message to sign
* \param hash_len Hash length
* \param sig Place to write the signature
* \param sig_len Number of bytes written
* \param f_rng RNG function
* \param p_rng RNG parameter
*
* \return 0 on success, or a specific error code.
*/
int pk_sign( pk_context *ctx, md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
unsigned char *sig, size_t *sig_len,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
/** /**
* \brief Export debug information * \brief Export debug information
* *

1
include/polarssl/ssl.h
View file

@ -580,6 +580,7 @@ struct _ssl_context
*/ */
pk_context *pk_key; /*!< own private key */ pk_context *pk_key; /*!< own private key */
#if defined(POLARSSL_RSA_C) #if defined(POLARSSL_RSA_C)
int rsa_use_alt; /*<! flag for alt (temporary) */
void *rsa_key; /*!< own RSA private key */ void *rsa_key; /*!< own RSA private key */
rsa_decrypt_func rsa_decrypt; /*!< function for RSA decrypt*/ rsa_decrypt_func rsa_decrypt; /*!< function for RSA decrypt*/
rsa_sign_func rsa_sign; /*!< function for RSA sign */ rsa_sign_func rsa_sign; /*!< function for RSA sign */

21
library/pk.c
View file

@ -130,11 +130,28 @@ int pk_verify( pk_context *ctx, md_type_t md_alg,
if( ctx->pk_info->verify_func == NULL ) if( ctx->pk_info->verify_func == NULL )
return( POLARSSL_ERR_PK_TYPE_MISMATCH ); return( POLARSSL_ERR_PK_TYPE_MISMATCH );
return( ctx->pk_info->verify_func( ctx->pk_ctx, md_alg, return( ctx->pk_info->verify_func( ctx->pk_ctx, md_alg, hash, hash_len,
hash, hash_len,
sig, sig_len ) ); sig, sig_len ) );
} }
/*
* Make a signature
*/
int pk_sign( pk_context *ctx, md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
unsigned char *sig, size_t *sig_len,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
if( ctx == NULL || ctx->pk_info == NULL )
return( POLARSSL_ERR_PK_BAD_INPUT_DATA );
if( ctx->pk_info->sign_func == NULL )
return( POLARSSL_ERR_PK_TYPE_MISMATCH );
return( ctx->pk_info->sign_func( ctx->pk_ctx, md_alg, hash, hash_len,
sig, sig_len, f_rng, p_rng ) );
}
/* /*
* Get key size in bits * Get key size in bits
*/ */

54
library/pk_wrap.c
View file

@ -69,6 +69,17 @@ static int rsa_verify_wrap( void *ctx, md_type_t md_alg,
RSA_PUBLIC, md_alg, hash_len, hash, sig ) ); RSA_PUBLIC, md_alg, hash_len, hash, sig ) );
} }
static int rsa_sign_wrap( void *ctx, md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
unsigned char *sig, size_t *sig_len,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
*sig_len = ((rsa_context *) ctx)->len;
return( rsa_pkcs1_sign( (rsa_context *) ctx, f_rng, p_rng, RSA_PRIVATE,
md_alg, hash_len, hash, sig ) );
}
static void *rsa_alloc_wrap( void ) static void *rsa_alloc_wrap( void )
{ {
void *ctx = polarssl_malloc( sizeof( rsa_context ) ); void *ctx = polarssl_malloc( sizeof( rsa_context ) );
@ -104,6 +115,7 @@ const pk_info_t rsa_info = {
rsa_get_size, rsa_get_size,
rsa_can_do, rsa_can_do,
rsa_verify_wrap, rsa_verify_wrap,
rsa_sign_wrap,
rsa_alloc_wrap, rsa_alloc_wrap,
rsa_free_wrap, rsa_free_wrap,
rsa_debug, rsa_debug,
@ -127,11 +139,16 @@ static size_t eckey_get_size( const void *ctx )
} }
#if defined(POLARSSL_ECDSA_C) #if defined(POLARSSL_ECDSA_C)
/* Forward declaration */ /* Forward declarations */
static int ecdsa_verify_wrap( void *ctx, md_type_t md_alg, static int ecdsa_verify_wrap( void *ctx, md_type_t md_alg,
const unsigned char *hash, size_t hash_len, const unsigned char *hash, size_t hash_len,
const unsigned char *sig, size_t sig_len ); const unsigned char *sig, size_t sig_len );
static int ecdsa_sign_wrap( void *ctx, md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
unsigned char *sig, size_t *sig_len,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
static int eckey_verify_wrap( void *ctx, md_type_t md_alg, static int eckey_verify_wrap( void *ctx, md_type_t md_alg,
const unsigned char *hash, size_t hash_len, const unsigned char *hash, size_t hash_len,
const unsigned char *sig, size_t sig_len ) const unsigned char *sig, size_t sig_len )
@ -148,6 +165,26 @@ static int eckey_verify_wrap( void *ctx, md_type_t md_alg,
return( ret ); return( ret );
} }
static int eckey_sign_wrap( void *ctx, md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
unsigned char *sig, size_t *sig_len,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
int ret;
ecdsa_context ecdsa;
ecdsa_init( &ecdsa );
if( ( ret = ecdsa_from_keypair( &ecdsa, ctx ) ) == 0 )
ret = ecdsa_sign_wrap( &ecdsa, md_alg, hash, hash_len, sig, sig_len,
f_rng, p_rng );
ecdsa_free( &ecdsa );
return( ret );
}
#endif /* POLARSSL_ECDSA_C */ #endif /* POLARSSL_ECDSA_C */
static void *eckey_alloc_wrap( void ) static void *eckey_alloc_wrap( void )
@ -180,8 +217,10 @@ const pk_info_t eckey_info = {
eckey_can_do, eckey_can_do,
#if defined(POLARSSL_ECDSA_C) #if defined(POLARSSL_ECDSA_C)
eckey_verify_wrap, eckey_verify_wrap,
eckey_sign_wrap,
#else #else
NULL, NULL,
NULL,
#endif #endif
eckey_alloc_wrap, eckey_alloc_wrap,
eckey_free_wrap, eckey_free_wrap,
@ -203,6 +242,7 @@ const pk_info_t eckeydh_info = {
eckey_get_size, /* Same underlying key structure */ eckey_get_size, /* Same underlying key structure */
eckeydh_can_do, eckeydh_can_do,
NULL, NULL,
NULL,
eckey_alloc_wrap, /* Same underlying key structure */ eckey_alloc_wrap, /* Same underlying key structure */
eckey_free_wrap, /* Same underlying key structure */ eckey_free_wrap, /* Same underlying key structure */
eckey_debug, /* Same underlying key structure */ eckey_debug, /* Same underlying key structure */
@ -225,6 +265,17 @@ static int ecdsa_verify_wrap( void *ctx, md_type_t md_alg,
hash, hash_len, sig, sig_len ) ); hash, hash_len, sig, sig_len ) );
} }
static int ecdsa_sign_wrap( void *ctx, md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
unsigned char *sig, size_t *sig_len,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
((void) md_alg);
return( ecdsa_write_signature( (ecdsa_context *) ctx,
hash, hash_len, sig, sig_len, f_rng, p_rng ) );
}
static void *ecdsa_alloc_wrap( void ) static void *ecdsa_alloc_wrap( void )
{ {
void *ctx = polarssl_malloc( sizeof( ecdsa_context ) ); void *ctx = polarssl_malloc( sizeof( ecdsa_context ) );
@ -247,6 +298,7 @@ const pk_info_t ecdsa_info = {
eckey_get_size, /* Compatible key structures */ eckey_get_size, /* Compatible key structures */
ecdsa_can_do, ecdsa_can_do,
ecdsa_verify_wrap, ecdsa_verify_wrap,
ecdsa_sign_wrap,
ecdsa_alloc_wrap, ecdsa_alloc_wrap,
ecdsa_free_wrap, ecdsa_free_wrap,
eckey_debug, /* Compatible key structures */ eckey_debug, /* Compatible key structures */

46
library/ssl_cli.c
View file

@ -2044,40 +2044,42 @@ static int ssl_write_certificate_verify( ssl_context *ssl )
if( ssl->minor_ver == SSL_MINOR_VERSION_3 ) if( ssl->minor_ver == SSL_MINOR_VERSION_3 )
ssl->out_msg[5] = SSL_SIG_RSA; ssl->out_msg[5] = SSL_SIG_RSA;
if( ( ret = ssl->rsa_sign( ssl->rsa_key, ssl->f_rng, ssl->p_rng, if( ssl->rsa_use_alt )
RSA_PRIVATE, md_alg,
hashlen, hash, ssl->out_msg + 6 + offset ) ) != 0 )
{ {
SSL_DEBUG_RET( 1, "pkcs1_sign", ret ); if( ( ret = ssl->rsa_sign( ssl->rsa_key, ssl->f_rng, ssl->p_rng,
return( ret ); RSA_PRIVATE, md_alg,
} hashlen, hash, ssl->out_msg + 6 + offset ) ) != 0 )
{
SSL_DEBUG_RET( 1, "rsa_sign", ret );
return( ret );
}
n = ssl->rsa_key_len ( ssl->rsa_key ); n = ssl->rsa_key_len ( ssl->rsa_key );
}
else
{
if( ( ret = pk_sign( ssl->pk_key, md_alg, hash, hashlen,
ssl->out_msg + 6 + offset, &n,
ssl->f_rng, ssl->p_rng ) ) != 0 )
{
SSL_DEBUG_RET( 1, "pk_sign", ret );
return( ret );
}
}
} }
else else
#endif /* POLARSSL_RSA_C */ #endif /* POLARSSL_RSA_C */
#if defined(POLARSSL_ECDSA_C) #if defined(POLARSSL_ECDSA_C)
if( pk_can_do( ssl->pk_key, POLARSSL_PK_ECDSA ) ) if( pk_can_do( ssl->pk_key, POLARSSL_PK_ECDSA ) )
{ {
ecdsa_context ecdsa;
if( ssl->minor_ver == SSL_MINOR_VERSION_3 ) if( ssl->minor_ver == SSL_MINOR_VERSION_3 )
ssl->out_msg[5] = SSL_SIG_ECDSA; ssl->out_msg[5] = SSL_SIG_ECDSA;
ecdsa_init( &ecdsa ); if( ( ret = pk_sign( ssl->pk_key, md_alg, hash, hashlen,
ssl->out_msg + 6 + offset, &n,
if( ( ret = ecdsa_from_keypair( &ecdsa, ssl->pk_key->pk_ctx ) ) == 0 ) ssl->f_rng, ssl->p_rng ) ) != 0 )
{ {
ret = ecdsa_write_signature( &ecdsa, hash, hashlen, SSL_DEBUG_RET( 1, "pk_sign", ret );
ssl->out_msg + 6 + offset, &n,
ssl->f_rng, ssl->p_rng );
}
ecdsa_free( &ecdsa );
if( ret != 0 )
{
SSL_DEBUG_RET( 1, "ecdsa_sign", ret );
return( ret ); return( ret );
} }
} }

46
library/ssl_srv.c
View file

@ -2080,22 +2080,34 @@ static int ssl_write_server_key_exchange( ssl_context *ssl )
n += 2; n += 2;
} }
if( ( ret = ssl->rsa_sign( ssl->rsa_key, ssl->f_rng, ssl->p_rng, if( ssl->rsa_use_alt )
RSA_PRIVATE, md_alg, hashlen, hash, p + 2 ) ) != 0 )
{ {
SSL_DEBUG_RET( 1, "rsa_sign", ret ); if( ( ret = ssl->rsa_sign( ssl->rsa_key, ssl->f_rng,
return( ret ); ssl->p_rng, RSA_PRIVATE, md_alg, hashlen,
} hash, p + 2 ) ) != 0 )
{
SSL_DEBUG_RET( 1, "rsa_sign", ret );
return( ret );
}
signature_len = ssl->rsa_key_len( ssl->rsa_key ); signature_len = ssl->rsa_key_len( ssl->rsa_key );
}
else
{
if( ( ret = pk_sign( ssl->pk_key, md_alg, hash, hashlen,
p + 2 , &signature_len,
ssl->f_rng, ssl->p_rng ) ) != 0 )
{
SSL_DEBUG_RET( 1, "pk_sign", ret );
return( ret );
}
}
} }
else else
#endif /* POLARSSL_RSA_C */ #endif /* POLARSSL_RSA_C */
#if defined(POLARSSL_ECDSA_C) #if defined(POLARSSL_ECDSA_C)
if( pk_can_do( ssl->pk_key, POLARSSL_PK_ECDSA ) ) if( pk_can_do( ssl->pk_key, POLARSSL_PK_ECDSA ) )
{ {
ecdsa_context ecdsa;
if( ssl->minor_ver == SSL_MINOR_VERSION_3 ) if( ssl->minor_ver == SSL_MINOR_VERSION_3 )
{ {
*(p++) = ssl->handshake->sig_alg; *(p++) = ssl->handshake->sig_alg;
@ -2104,21 +2116,11 @@ static int ssl_write_server_key_exchange( ssl_context *ssl )
n += 2; n += 2;
} }
ecdsa_init( &ecdsa ); if( ( ret = pk_sign( ssl->pk_key, md_alg, hash, hashlen,
p + 2 , &signature_len,
ret = ecdsa_from_keypair( &ecdsa, ssl->pk_key->pk_ctx ); ssl->f_rng, ssl->p_rng ) ) != 0 )
if( ret == 0 )
{ {
ret = ecdsa_write_signature( &ecdsa, hash, hashlen, SSL_DEBUG_RET( 1, "pk_sign", ret );
p + 2, &signature_len,
ssl->f_rng, ssl->p_rng );
}
ecdsa_free( &ecdsa );
if( ret != 0 )
{
SSL_DEBUG_RET( 1, "ecdsa_sign", ret );
return( ret ); return( ret );
} }
} }

1
library/ssl_tls.c
View file

@ -3169,6 +3169,7 @@ void ssl_set_own_cert_alt_rsa( ssl_context *ssl, x509_cert *own_cert,
rsa_key_len_func rsa_key_len ) rsa_key_len_func rsa_key_len )
{ {
ssl->own_cert = own_cert; ssl->own_cert = own_cert;
ssl->rsa_use_alt = 1;
ssl->rsa_key = rsa_key; ssl->rsa_key = rsa_key;
ssl->rsa_decrypt = rsa_decrypt; ssl->rsa_decrypt = rsa_decrypt;
ssl->rsa_sign = rsa_sign; ssl->rsa_sign = rsa_sign;