Use convert functions for SSL_SIG_* and SSL_HASH_*

This commit is contained in:
Manuel Pégourié-Gonnard 2013-08-22 13:52:48 +02:00
parent 51be559c53
commit a20c58c6f1
4 changed files with 67 additions and 108 deletions

View file

@ -1385,6 +1385,8 @@ int ssl_write_finished( ssl_context *ssl );
void ssl_optimize_checksum( ssl_context *ssl, const ssl_ciphersuite_t *ciphersuite_info ); void ssl_optimize_checksum( ssl_context *ssl, const ssl_ciphersuite_t *ciphersuite_info );
unsigned char ssl_sig_from_pk( pk_context *pk ); unsigned char ssl_sig_from_pk( pk_context *pk );
pk_type_t ssl_pk_alg_from_sig( unsigned char sig );
md_type_t ssl_md_alg_from_hash( unsigned char hash );
#ifdef __cplusplus #ifdef __cplusplus
} }

View file

@ -1183,38 +1183,11 @@ static int ssl_parse_signature_algorithm( ssl_context *ssl,
/* /*
* Get hash algorithm * Get hash algorithm
*/ */
switch( (*p)[0] ) if( ( *md_alg = ssl_md_alg_from_hash( (*p)[0] ) ) == POLARSSL_MD_NONE )
{ {
#if defined(POLARSSL_MD5_C) SSL_DEBUG_MSG( 2, ( "Server used unsupported "
case SSL_HASH_MD5: "HashAlgorithm %d", *(p)[0] ) );
*md_alg = POLARSSL_MD_MD5; return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
break;
#endif
#if defined(POLARSSL_SHA1_C)
case SSL_HASH_SHA1:
*md_alg = POLARSSL_MD_SHA1;
break;
#endif
#if defined(POLARSSL_SHA256_C)
case SSL_HASH_SHA224:
*md_alg = POLARSSL_MD_SHA224;
break;
case SSL_HASH_SHA256:
*md_alg = POLARSSL_MD_SHA256;
break;
#endif
#if defined(POLARSSL_SHA512_C)
case SSL_HASH_SHA384:
*md_alg = POLARSSL_MD_SHA384;
break;
case SSL_HASH_SHA512:
*md_alg = POLARSSL_MD_SHA512;
break;
#endif
default:
SSL_DEBUG_MSG( 2, ( "Server used unsupported "
"HashAlgorithm %d", *(p)[0] ) );
return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
} }
/* /*
@ -1232,24 +1205,11 @@ static int ssl_parse_signature_algorithm( ssl_context *ssl,
/* /*
* Get signature algorithm * Get signature algorithm
*/ */
switch( (*p)[1] ) if( ( *pk_alg = ssl_pk_alg_from_sig( (*p)[1] ) ) == POLARSSL_PK_NONE )
{ {
#if defined(POLARSSL_RSA_C) SSL_DEBUG_MSG( 2, ( "server used unsupported "
case SSL_SIG_RSA: "SignatureAlgorithm %d", (*p)[1] ) );
*pk_alg = POLARSSL_PK_RSA; return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
break;
#endif
#if defined(POLARSSL_ECDSA_C)
case SSL_SIG_ECDSA:
*pk_alg = POLARSSL_PK_ECDSA;
break;
#endif
default:
SSL_DEBUG_MSG( 2, ( "server used unsupported "
"SignatureAlgorithm %d", (*p)[1] ) );
return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
} }
SSL_DEBUG_MSG( 2, ( "Server used SignatureAlgorithm %d", (*p)[1] ) ); SSL_DEBUG_MSG( 2, ( "Server used SignatureAlgorithm %d", (*p)[1] ) );

View file

@ -1998,38 +1998,7 @@ static int ssl_write_server_key_exchange( ssl_context *ssl )
* ServerDHParams params; * ServerDHParams params;
* }; * };
*/ */
switch( ssl->handshake->sig_alg ) md_alg = ssl_md_alg_from_hash( ssl->handshake->sig_alg );
{
#if defined(POLARSSL_MD5_C)
case SSL_HASH_MD5:
md_alg = POLARSSL_MD_MD5;
break;
#endif
#if defined(POLARSSL_SHA1_C)
case SSL_HASH_SHA1:
md_alg = POLARSSL_MD_SHA1;
break;
#endif
#if defined(POLARSSL_SHA256_C)
case SSL_HASH_SHA224:
md_alg = POLARSSL_MD_SHA224;
break;
case SSL_HASH_SHA256:
md_alg = POLARSSL_MD_SHA256;
break;
#endif
#if defined(POLARSSL_SHA512_C)
case SSL_HASH_SHA384:
md_alg = POLARSSL_MD_SHA384;
break;
case SSL_HASH_SHA512:
md_alg = POLARSSL_MD_SHA512;
break;
#endif
default:
/* Should never happen */
return( -1 );
}
if( ( md_info = md_info_from_type( md_alg ) ) == NULL ) if( ( md_info = md_info_from_type( md_alg ) ) == NULL )
{ {
@ -2595,8 +2564,7 @@ static int ssl_parse_certificate_verify( ssl_context *ssl )
sa_len = 2; sa_len = 2;
/* /*
* Hash: as server we know we either have SSL_HASH_SHA384 or * Hash
* SSL_HASH_SHA256
*/ */
if( ssl->in_msg[4] != ssl->handshake->verify_sig_alg ) if( ssl->in_msg[4] != ssl->handshake->verify_sig_alg )
{ {
@ -2605,10 +2573,7 @@ static int ssl_parse_certificate_verify( ssl_context *ssl )
return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY ); return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY );
} }
if( ssl->handshake->verify_sig_alg == SSL_HASH_SHA384 ) md_alg = ssl_md_alg_from_hash( ssl->handshake->verify_sig_alg );
md_alg = POLARSSL_MD_SHA384;
else
md_alg = POLARSSL_MD_SHA256;
/* /*
* Get hashlen from MD * Get hashlen from MD
@ -2623,27 +2588,14 @@ static int ssl_parse_certificate_verify( ssl_context *ssl )
/* /*
* Signature * Signature
*/ */
switch( ssl->in_msg[5] ) if( ( pk_alg = ssl_pk_alg_from_sig( ssl->in_msg[5] ) )
== POLARSSL_PK_NONE )
{ {
#if defined(POLARSSL_RSA_C) SSL_DEBUG_MSG( 1, ( "peer not adhering to requested sig_alg"
case SSL_SIG_RSA: " for verify message" ) );
pk_alg = POLARSSL_PK_RSA; return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY );
break;
#endif
#if defined(POLARSSL_ECDSA_C)
case SSL_SIG_ECDSA:
pk_alg = POLARSSL_PK_ECDSA;
break;
#endif
default:
SSL_DEBUG_MSG( 1, ( "peer not adhering to requested sig_alg"
" for verify message" ) );
return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY );
} }
/* /*
* Check the certificate's key type matches the signature alg * Check the certificate's key type matches the signature alg
*/ */
@ -2663,10 +2615,9 @@ static int ssl_parse_certificate_verify( ssl_context *ssl )
return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY ); return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY );
} }
ret = pk_verify( &ssl->session_negotiate->peer_cert->pk, if( ( ret = pk_verify( &ssl->session_negotiate->peer_cert->pk,
md_alg, hash, hashlen, md_alg, hash, hashlen,
ssl->in_msg + 6 + sa_len, sig_len ); ssl->in_msg + 6 + sa_len, sig_len ) ) != 0 )
if( ret != 0 )
{ {
SSL_DEBUG_RET( 1, "pk_verify", ret ); SSL_DEBUG_RET( 1, "pk_verify", ret );
return( ret ); return( ret );

View file

@ -3804,4 +3804,50 @@ unsigned char ssl_sig_from_pk( pk_context *pk )
return( SSL_SIG_ANON ); return( SSL_SIG_ANON );
} }
pk_type_t ssl_pk_alg_from_sig( unsigned char sig )
{
switch( sig )
{
#if defined(POLARSSL_RSA_C)
case SSL_SIG_RSA:
return( POLARSSL_PK_RSA );
#endif
#if defined(POLARSSL_ECDSA_C)
case SSL_SIG_ECDSA:
return( POLARSSL_PK_ECDSA );
#endif
default:
return( POLARSSL_PK_NONE );
}
}
md_type_t ssl_md_alg_from_hash( unsigned char hash )
{
switch( hash )
{
#if defined(POLARSSL_MD5_C)
case SSL_HASH_MD5:
return( POLARSSL_MD_MD5 );
#endif
#if defined(POLARSSL_SHA1_C)
case SSL_HASH_SHA1:
return( POLARSSL_MD_SHA1 );
#endif
#if defined(POLARSSL_SHA256_C)
case SSL_HASH_SHA224:
return( POLARSSL_MD_SHA224 );
case SSL_HASH_SHA256:
return( POLARSSL_MD_SHA256 );
#endif
#if defined(POLARSSL_SHA512_C)
case SSL_HASH_SHA384:
return( POLARSSL_MD_SHA384 );
case SSL_HASH_SHA512:
return( POLARSSL_MD_SHA512 );
#endif
default:
return( POLARSSL_MD_NONE );
}
}
#endif #endif