mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-10 23:15:40 +00:00
PK: use wrappers and function pointers for verify
This commit is contained in:
parent
f499993cb2
commit
d73b3c13be
|
@ -24,6 +24,7 @@
|
|||
* with this program; if not, write to the Free Software Foundation, Inc.,
|
||||
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
*/
|
||||
|
||||
#ifndef POLARSSL_PK_H
|
||||
#define POLARSSL_PK_H
|
||||
|
||||
|
@ -33,6 +34,10 @@
|
|||
#include "rsa.h"
|
||||
#endif
|
||||
|
||||
#if defined(POLARSSL_ECP_C)
|
||||
#include "ecp.h"
|
||||
#endif
|
||||
|
||||
#if defined(POLARSSL_ECDSA_C)
|
||||
#include "ecdsa.h"
|
||||
#endif
|
||||
|
@ -76,14 +81,29 @@ typedef enum {
|
|||
POLARSSL_PK_ECDSA,
|
||||
} pk_type_t;
|
||||
|
||||
/**
|
||||
* \brief Public key info
|
||||
*/
|
||||
typedef struct
|
||||
{
|
||||
/** Public key type */
|
||||
pk_type_t type;
|
||||
|
||||
/** Verify signature */
|
||||
int (*verify_func)( void *ctx,
|
||||
const unsigned char *hash, const md_info_t *md_info,
|
||||
const unsigned char *sig, size_t sig_len );
|
||||
} pk_info_t;
|
||||
|
||||
/**
|
||||
* \brief Public key container
|
||||
*/
|
||||
typedef struct
|
||||
{
|
||||
pk_type_t type; /**< Public key type */
|
||||
void * data; /**< Public key data */
|
||||
int dont_free; /**< True if data must not be freed */
|
||||
const pk_info_t * info; /**< Public key informations */
|
||||
pk_type_t type; /**< Public key type (temporary) */
|
||||
void * data; /**< Public key data */
|
||||
int dont_free; /**< True if data must not be freed */
|
||||
} pk_context;
|
||||
|
||||
/**
|
||||
|
@ -157,4 +177,4 @@ int pk_wrap_rsa( pk_context *ctx, const rsa_context *rsa);
|
|||
}
|
||||
#endif
|
||||
|
||||
#endif /* pk.h */
|
||||
#endif /* POLARSSL_PK_H */
|
||||
|
|
47
include/polarssl/pk_wrap.h
Normal file
47
include/polarssl/pk_wrap.h
Normal file
|
@ -0,0 +1,47 @@
|
|||
/**
|
||||
* \file pk.h
|
||||
*
|
||||
* \brief Public Key abstraction layer: wrapper functions
|
||||
*
|
||||
* Copyright (C) 2006-2013, Brainspark B.V.
|
||||
*
|
||||
* This file is part of PolarSSL (http://www.polarssl.org)
|
||||
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
|
||||
*
|
||||
* All rights reserved.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License along
|
||||
* with this program; if not, write to the Free Software Foundation, Inc.,
|
||||
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
*/
|
||||
|
||||
#ifndef POLARSSL_PK_WRAP_H
|
||||
#define POLARSSL_PK_WRAP_H
|
||||
|
||||
#include "config.h"
|
||||
|
||||
#include "pk.h"
|
||||
|
||||
#if defined(POLARSSL_RSA_C)
|
||||
extern const pk_info_t rsa_info;
|
||||
#endif
|
||||
|
||||
#if defined(POLARSSL_ECP_C)
|
||||
extern const pk_info_t eckey_info;
|
||||
#endif
|
||||
|
||||
#if defined(POLARSSL_ECDSA_C)
|
||||
extern const pk_info_t ecdsa_info;
|
||||
#endif
|
||||
|
||||
#endif /* POLARSSL_PK_WRAP_H */
|
|
@ -40,6 +40,7 @@ set(src
|
|||
pkcs11.c
|
||||
pkcs12.c
|
||||
pk.c
|
||||
pk_wrap.c
|
||||
rsa.c
|
||||
sha1.c
|
||||
sha256.c
|
||||
|
|
|
@ -49,7 +49,7 @@ OBJS= aes.o arc4.o asn1parse.o \
|
|||
oid.o \
|
||||
padlock.o pbkdf2.o pem.o \
|
||||
pkcs5.o pkcs11.o pkcs12.o \
|
||||
pk.o \
|
||||
pk.o pk_wrap.o \
|
||||
rsa.o sha1.o sha256.o \
|
||||
sha512.o ssl_cache.o ssl_cli.o \
|
||||
ssl_srv.o ssl_ciphersuites.o \
|
||||
|
|
14
library/pk.c
14
library/pk.c
|
@ -26,6 +26,7 @@
|
|||
#include "polarssl/config.h"
|
||||
|
||||
#include "polarssl/pk.h"
|
||||
#include "polarssl/pk_wrap.h"
|
||||
|
||||
#if defined(POLARSSL_RSA_C)
|
||||
#include "polarssl/rsa.h"
|
||||
|
@ -54,6 +55,7 @@ void pk_init( pk_context *ctx )
|
|||
if( ctx == NULL )
|
||||
return;
|
||||
|
||||
ctx->info = NULL;
|
||||
ctx->type = POLARSSL_PK_NONE;
|
||||
ctx->data = NULL;
|
||||
ctx->dont_free = 0;
|
||||
|
@ -89,6 +91,7 @@ void pk_free( pk_context *ctx )
|
|||
if( ! ctx->dont_free )
|
||||
polarssl_free( ctx->data );
|
||||
|
||||
ctx->info = NULL;
|
||||
ctx->type = POLARSSL_PK_NONE;
|
||||
ctx->data = NULL;
|
||||
}
|
||||
|
@ -99,6 +102,7 @@ void pk_free( pk_context *ctx )
|
|||
int pk_set_type( pk_context *ctx, pk_type_t type )
|
||||
{
|
||||
size_t size;
|
||||
const pk_info_t *info;
|
||||
|
||||
if( ctx->type == type )
|
||||
return( 0 );
|
||||
|
@ -108,17 +112,26 @@ int pk_set_type( pk_context *ctx, pk_type_t type )
|
|||
|
||||
#if defined(POLARSSL_RSA_C)
|
||||
if( type == POLARSSL_PK_RSA )
|
||||
{
|
||||
size = sizeof( rsa_context );
|
||||
info = &rsa_info;
|
||||
}
|
||||
else
|
||||
#endif
|
||||
#if defined(POLARSSL_ECP_C)
|
||||
if( type == POLARSSL_PK_ECKEY || type == POLARSSL_PK_ECKEY_DH )
|
||||
{
|
||||
size = sizeof( ecp_keypair );
|
||||
info = &eckey_info;
|
||||
}
|
||||
else
|
||||
#endif
|
||||
#if defined(POLARSSL_ECDSA_C)
|
||||
if( type == POLARSSL_PK_ECDSA )
|
||||
{
|
||||
size = sizeof( ecdsa_context );
|
||||
info = &ecdsa_info;
|
||||
}
|
||||
else
|
||||
#endif
|
||||
return( POLARSSL_ERR_PK_TYPE_MISMATCH );
|
||||
|
@ -128,6 +141,7 @@ int pk_set_type( pk_context *ctx, pk_type_t type )
|
|||
|
||||
memset( ctx->data, 0, size );
|
||||
ctx->type = type;
|
||||
ctx->info = info;
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
|
106
library/pk_wrap.c
Normal file
106
library/pk_wrap.c
Normal file
|
@ -0,0 +1,106 @@
|
|||
/*
|
||||
* Public Key abstraction layer: wrapper functions
|
||||
*
|
||||
* Copyright (C) 2006-2013, Brainspark B.V.
|
||||
*
|
||||
* This file is part of PolarSSL (http://www.polarssl.org)
|
||||
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
|
||||
*
|
||||
* All rights reserved.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License along
|
||||
* with this program; if not, write to the Free Software Foundation, Inc.,
|
||||
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
*/
|
||||
|
||||
#include "polarssl/config.h"
|
||||
|
||||
#include "polarssl/pk_wrap.h"
|
||||
|
||||
#if defined(POLARSSL_RSA_C)
|
||||
#include "polarssl/rsa.h"
|
||||
#endif
|
||||
|
||||
#if defined(POLARSSL_ECP_C)
|
||||
#include "polarssl/ecp.h"
|
||||
#endif
|
||||
|
||||
#if defined(POLARSSL_ECDSA_C)
|
||||
#include "polarssl/ecdsa.h"
|
||||
#endif
|
||||
|
||||
#if defined(POLARSSL_RSA_C)
|
||||
static int rsa_verify_wrap( void *ctx,
|
||||
const unsigned char *hash, const md_info_t *md_info,
|
||||
const unsigned char *sig, size_t sig_len )
|
||||
{
|
||||
((void) sig_len);
|
||||
|
||||
return( rsa_pkcs1_verify( (rsa_context *) ctx,
|
||||
RSA_PUBLIC, md_info->type, 0, hash, sig ) );
|
||||
}
|
||||
|
||||
const pk_info_t rsa_info = {
|
||||
POLARSSL_PK_RSA,
|
||||
rsa_verify_wrap,
|
||||
};
|
||||
#endif /* POLARSSL_RSA_C */
|
||||
|
||||
#if defined(POLARSSL_ECDSA_C)
|
||||
int ecdsa_verify_wrap( void *ctx,
|
||||
const unsigned char *hash, const md_info_t *md_info,
|
||||
const unsigned char *sig, size_t sig_len )
|
||||
{
|
||||
return( ecdsa_read_signature( (ecdsa_context *) ctx,
|
||||
hash, md_info->size, sig, sig_len ) );
|
||||
}
|
||||
|
||||
const pk_info_t ecdsa_info = {
|
||||
POLARSSL_PK_ECDSA,
|
||||
ecdsa_verify_wrap,
|
||||
};
|
||||
#endif /* POLARSSL_ECDSA_C */
|
||||
|
||||
#if defined(POLARSSL_ECP_C)
|
||||
static int eckey_verify_wrap( void *ctx,
|
||||
const unsigned char *hash, const md_info_t *md_info,
|
||||
const unsigned char *sig, size_t sig_len )
|
||||
{
|
||||
#if !defined(POLARSSL_ECDSA_C)
|
||||
((void) ctx);
|
||||
((void) hash);
|
||||
((void) md_info);
|
||||
((void) sig);
|
||||
((void) sig_len);
|
||||
|
||||
return( POLARSSL_ERR_PK_TYPE_MISMATCH );
|
||||
#else
|
||||
int ret;
|
||||
ecdsa_context ecdsa;
|
||||
|
||||
ecdsa_init( &ecdsa );
|
||||
|
||||
ret = ecdsa_from_keypair( &ecdsa, ctx ) ||
|
||||
ecdsa_verify_wrap( &ecdsa, hash, md_info, sig, sig_len );
|
||||
|
||||
ecdsa_free( &ecdsa );
|
||||
|
||||
return( ret );
|
||||
#endif /* POLARSSL_ECDSA_C */
|
||||
}
|
||||
|
||||
const pk_info_t eckey_info = {
|
||||
POLARSSL_PK_ECKEY,
|
||||
eckey_verify_wrap,
|
||||
};
|
||||
#endif /* POLARSSL_ECP_C */
|
|
@ -3348,8 +3348,8 @@ static int x509parse_verifycrl(x509_cert *crt, x509_cert *ca,
|
|||
if( crl_list->sig_pk == POLARSSL_PK_RSA )
|
||||
{
|
||||
if( ca->pk.type != POLARSSL_PK_RSA ||
|
||||
rsa_pkcs1_verify( pk_rsa( ca->pk ), RSA_PUBLIC,
|
||||
crl_list->sig_md, 0, hash, crl_list->sig.p ) != 0 )
|
||||
ca->pk.info->verify_func( ca->pk.data,
|
||||
hash, md_info, crl_list->sig.p, crl_list->sig.len ) != 0 )
|
||||
{
|
||||
flags |= BADCRL_NOT_TRUSTED;
|
||||
break;
|
||||
|
@ -3361,10 +3361,8 @@ static int x509parse_verifycrl(x509_cert *crt, x509_cert *ca,
|
|||
if( crl_list->sig_pk == POLARSSL_PK_ECDSA )
|
||||
{
|
||||
if( ! pk_can_ecdsa( ca->pk ) ||
|
||||
pk_ec_to_ecdsa( &ca->pk ) != 0 ||
|
||||
ecdsa_read_signature( (ecdsa_context *) ca->pk.data,
|
||||
hash, md_info->size,
|
||||
crl_list->sig.p, crl_list->sig.len ) != 0 )
|
||||
ca->pk.info->verify_func( ca->pk.data,
|
||||
hash, md_info, crl_list->sig.p, crl_list->sig.len ) != 0 )
|
||||
{
|
||||
flags |= BADCRL_NOT_TRUSTED;
|
||||
break;
|
||||
|
@ -3487,8 +3485,8 @@ static int x509parse_verify_top(
|
|||
if( child->sig_pk == POLARSSL_PK_RSA )
|
||||
{
|
||||
if( trust_ca->pk.type != POLARSSL_PK_RSA ||
|
||||
rsa_pkcs1_verify( pk_rsa( trust_ca->pk ), RSA_PUBLIC,
|
||||
child->sig_md, 0, hash, child->sig.p ) != 0 )
|
||||
trust_ca->pk.info->verify_func( trust_ca->pk.data,
|
||||
hash, md_info, child->sig.p, child->sig.len ) != 0 )
|
||||
{
|
||||
trust_ca = trust_ca->next;
|
||||
continue;
|
||||
|
@ -3500,10 +3498,8 @@ static int x509parse_verify_top(
|
|||
if( child->sig_pk == POLARSSL_PK_ECDSA )
|
||||
{
|
||||
if( ! pk_can_ecdsa( trust_ca->pk ) ||
|
||||
pk_ec_to_ecdsa( &trust_ca->pk ) != 0 ||
|
||||
ecdsa_read_signature( (ecdsa_context *) trust_ca->pk.data,
|
||||
hash, md_info->size,
|
||||
child->sig.p, child->sig.len ) != 0 )
|
||||
trust_ca->pk.info->verify_func( trust_ca->pk.data,
|
||||
hash, md_info, child->sig.p, child->sig.len ) != 0 )
|
||||
{
|
||||
trust_ca = trust_ca->next;
|
||||
continue;
|
||||
|
@ -3586,8 +3582,8 @@ static int x509parse_verify_child(
|
|||
if( child->sig_pk == POLARSSL_PK_RSA )
|
||||
{
|
||||
if( parent->pk.type != POLARSSL_PK_RSA ||
|
||||
rsa_pkcs1_verify( pk_rsa( parent->pk ), RSA_PUBLIC,
|
||||
child->sig_md, 0, hash, child->sig.p ) != 0 )
|
||||
parent->pk.info->verify_func( parent->pk.data,
|
||||
hash, md_info, child->sig.p, child->sig.len ) != 0 )
|
||||
{
|
||||
*flags |= BADCERT_NOT_TRUSTED;
|
||||
}
|
||||
|
@ -3598,10 +3594,8 @@ static int x509parse_verify_child(
|
|||
if( child->sig_pk == POLARSSL_PK_ECDSA )
|
||||
{
|
||||
if( ! pk_can_ecdsa( parent->pk ) ||
|
||||
pk_ec_to_ecdsa( &parent->pk ) != 0 ||
|
||||
ecdsa_read_signature( (ecdsa_context *) parent->pk.data,
|
||||
hash, md_info->size,
|
||||
child->sig.p, child->sig.len ) != 0 )
|
||||
parent->pk.info->verify_func( parent->pk.data,
|
||||
hash, md_info, child->sig.p, child->sig.len ) != 0 )
|
||||
{
|
||||
*flags |= BADCERT_NOT_TRUSTED;
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue