yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-03-24 22:25:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Adapt x509write_csr prototypes for PK

Browse source
This commit is contained in:
Manuel Pégourié-Gonnard 2013-09-11 22:48:40 +02:00 committed by Paul Bakker
parent 8053da4057
commit ee73179b2f
5 changed files with 98 additions and 55 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
include/polarssl/x509write.h
View file

@ -121,13 +121,13 @@ void x509write_csr_init( x509write_csr *ctx );
int x509write_csr_set_subject_name( x509write_csr *ctx, char *subject_name ); int x509write_csr_set_subject_name( x509write_csr *ctx, char *subject_name );
/** /**
* \brief Set the RSA key for a CSR (public key will be included, * \brief Set the key for a CSR (public key will be included,
* private key used to sign the CSR when writing it) * private key used to sign the CSR when writing it)
* *
* \param ctx CSR context to use * \param ctx CSR context to use
* \param rsa RSA key to include * \param key Asymetric key to include
*/ */
void x509write_csr_set_rsa_key( x509write_csr *ctx, rsa_context *rsa ); void x509write_csr_set_key( x509write_csr *ctx, pk_context *key );
/** /**
* \brief Set the MD algorithm to use for the signature * \brief Set the MD algorithm to use for the signature
@ -419,11 +419,20 @@ int x509write_key_der( rsa_context *rsa, unsigned char *buf, size_t size );
* \param rsa CSR to write away * \param rsa CSR to write away
* \param buf buffer to write to * \param buf buffer to write to
* \param size size of the buffer * \param size size of the buffer
* \param f_rng RNG function (for signature, see note)
* \param p_rng RNG parameter
* *
* \return length of data written if successful, or a specific * \return length of data written if successful, or a specific
* error code * error code
*
* \note f_rng may be NULL if RSA is used for signature and the
* signature is made offline (otherwise f_rng is desirable
* for countermeasures against timing attacks).
* ECDSA signatures always require a non-NULL f_rng.
*/ */
int x509write_csr_der( x509write_csr *ctx, unsigned char *buf, size_t size ); int x509write_csr_der( x509write_csr *ctx, unsigned char *buf, size_t size,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng );
#if defined(POLARSSL_BASE64_C) #if defined(POLARSSL_BASE64_C)
/** /**
@ -466,10 +475,19 @@ int x509write_key_pem( rsa_context *rsa, unsigned char *buf, size_t size );
* \param rsa CSR to write away * \param rsa CSR to write away
* \param buf buffer to write to * \param buf buffer to write to
* \param size size of the buffer * \param size size of the buffer
* \param f_rng RNG function (for signature, see note)
* \param p_rng RNG parameter
* *
* \return 0 successful, or a specific error code * \return 0 successful, or a specific error code
*
* \note f_rng may be NULL if RSA is used for signature and the
* signature is made offline (otherwise f_rng is desirable
* for couermeasures against timing attacks).
* ECDSA signatures always require a non-NULL f_rng.
*/ */
int x509write_csr_pem( x509write_csr *ctx, unsigned char *buf, size_t size ); int x509write_csr_pem( x509write_csr *ctx, unsigned char *buf, size_t size,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng );
#endif /* POLARSSL_BASE64_C */ #endif /* POLARSSL_BASE64_C */
#ifdef __cplusplus #ifdef __cplusplus

25
library/x509write.c
View file

@ -156,16 +156,9 @@ void x509write_csr_set_md_alg( x509write_csr *ctx, md_type_t md_alg )
ctx->md_alg = md_alg; ctx->md_alg = md_alg;
} }
// TODO: take a pk_context void x509write_csr_set_key( x509write_csr *ctx, pk_context *key )
// TODO: return int
void x509write_csr_set_rsa_key( x509write_csr *ctx, rsa_context *rsa )
{ {
// temporary ctx->key = key;
ctx->key = polarssl_malloc( sizeof( pk_context ) );
// TODO: check errors
pk_init_ctx( ctx->key, pk_info_from_type( POLARSSL_PK_RSA ) );
rsa_copy( pk_rsa( *ctx->key ), rsa );
} }
int x509write_csr_set_subject_name( x509write_csr *ctx, char *subject_name ) int x509write_csr_set_subject_name( x509write_csr *ctx, char *subject_name )
@ -698,7 +691,9 @@ static int x509_write_extensions( unsigned char **p, unsigned char *start,
return( len ); return( len );
} }
int x509write_csr_der( x509write_csr *ctx, unsigned char *buf, size_t size ) int x509write_csr_der( x509write_csr *ctx, unsigned char *buf, size_t size,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{ {
int ret; int ret;
const char *sig_oid; const char *sig_oid;
@ -761,7 +756,7 @@ int x509write_csr_der( x509write_csr *ctx, unsigned char *buf, size_t size )
md( md_info_from_type( ctx->md_alg ), c, len, hash ); md( md_info_from_type( ctx->md_alg ), c, len, hash );
if( ( ret = pk_sign( ctx->key, ctx->md_alg, hash, 0, sig, &sig_len, if( ( ret = pk_sign( ctx->key, ctx->md_alg, hash, 0, sig, &sig_len,
NULL, NULL ) ) != 0 || f_rng, p_rng ) ) != 0 ||
( ret = oid_get_oid_by_sig_alg( pk_get_type( ctx->key ), ctx->md_alg, ( ret = oid_get_oid_by_sig_alg( pk_get_type( ctx->key ), ctx->md_alg,
&sig_oid, &sig_oid_len ) ) != 0 ) &sig_oid, &sig_oid_len ) ) != 0 )
{ {
@ -1006,13 +1001,15 @@ int x509write_key_pem( rsa_context *rsa, unsigned char *buf, size_t size )
return( 0 ); return( 0 );
} }
int x509write_csr_pem( x509write_csr *ctx, unsigned char *buf, size_t size ) int x509write_csr_pem( x509write_csr *ctx, unsigned char *buf, size_t size,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{ {
int ret; int ret;
unsigned char output_buf[4096]; unsigned char output_buf[4096];
if( ( ret = x509write_csr_der( ctx, output_buf, if( ( ret = x509write_csr_der( ctx, output_buf, sizeof(output_buf),
sizeof(output_buf) ) ) < 0 ) f_rng, p_rng ) ) < 0 )
{ {
return( ret ); return( ret );
} }

9
programs/pkey/ecdsa.c
View file

@ -51,7 +51,7 @@
#endif #endif
#endif /* !defined(ECPARAMS) */ #endif /* !defined(ECPARAMS) */
#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_ECDSA_C) || \ #if !defined(POLARSSL_ECDSA_C) || \
!defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_CTR_DRBG_C) || \ !defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_CTR_DRBG_C) || \
!defined(ECPARAMS) !defined(ECPARAMS)
int main( int argc, char *argv[] ) int main( int argc, char *argv[] )
@ -59,9 +59,9 @@ int main( int argc, char *argv[] )
((void) argc); ((void) argc);
((void) argv); ((void) argv);
printf("POLARSSL_BIGNUM_C and/or POLARSSL_ECDSA_C and/or " printf("POLARSSL_ECDSA_C and/or "
"POLARSSL_ENTROPY_C and/or POLARSSL_CTR_DRBG_C not defined," "POLARSSL_ENTROPY_C and/or POLARSSL_CTR_DRBG_C not defined,"
"and/or not EC domain parameter available\n" ); "and/or no EC domain parameter available\n" );
return( 0 ); return( 0 );
} }
#else #else
@ -194,6 +194,5 @@ exit:
return( ret ); return( ret );
} }
#endif /* POLARSSL_BIGNUM_C && POLARSSL_ECDSA_C && #endif /* POLARSSL_ECDSA_C && POLARSSL_ENTROPY_C && POLARSSL_CTR_DRBG_C &&
POLARSSL_ENTROPY_C && POLARSSL_CTR_DRBG_C &&
ECPARAMS */ ECPARAMS */

72
programs/x509/cert_req.c
View file

@ -33,24 +33,22 @@
#include "polarssl/config.h" #include "polarssl/config.h"
#include "polarssl/error.h"
#include "polarssl/rsa.h"
#include "polarssl/x509.h"
#include "polarssl/base64.h"
#include "polarssl/x509write.h" #include "polarssl/x509write.h"
#include "polarssl/oid.h" #include "polarssl/error.h"
#include "polarssl/entropy.h"
#include "polarssl/ctr_drbg.h"
#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_RSA_C) || \ #if !defined(POLARSSL_X509_PARSE_C) || !defined(POLARSSL_FS_IO) || \
!defined(POLARSSL_X509_PARSE_C) || !defined(POLARSSL_FS_IO) || \ !defined(POLARSSL_ENTROPY_C) || !defined(POLARSSL_CTR_DRBG_C) || \
!defined(POLARSSL_ERROR_C) !defined(POLARSSL_ERROR_C)
int main( int argc, char *argv[] ) int main( int argc, char *argv[] )
{ {
((void) argc); ((void) argc);
((void) argv); ((void) argv);
printf("POLARSSL_BIGNUM_C and/or POLARSSL_RSA_C and/or " printf( "POLARSSL_X509_PARSE_C and/or POLARSSL_FS_IO and/or "
"POLARSSL_X509_PARSE_C and/or POLARSSL_FS_IO and/or " "POLARSSL_ENTROPY_C and/or POLARSSL_CTR_DRBG_C and/or "
"POLARSSL_ERROR_C not defined.\n"); "POLARSSL_ERROR_C not defined.\n");
return( 0 ); return( 0 );
} }
#else #else
@ -75,7 +73,9 @@ struct options
unsigned char ns_cert_type; /* NS cert type */ unsigned char ns_cert_type; /* NS cert type */
} opt; } opt;
int write_certificate_request( x509write_csr *req, char *output_file ) int write_certificate_request( x509write_csr *req, char *output_file,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{ {
int ret; int ret;
FILE *f; FILE *f;
@ -83,7 +83,7 @@ int write_certificate_request( x509write_csr *req, char *output_file )
size_t len = 0; size_t len = 0;
memset( output_buf, 0, 4096 ); memset( output_buf, 0, 4096 );
if( ( ret = x509write_csr_pem( req, output_buf, 4096 ) ) < 0 ) if( ( ret = x509write_csr_pem( req, output_buf, 4096, f_rng, p_rng ) ) < 0 )
return( ret ); return( ret );
len = strlen( (char *) output_buf ); len = strlen( (char *) output_buf );
@ -129,18 +129,21 @@ int write_certificate_request( x509write_csr *req, char *output_file )
int main( int argc, char *argv[] ) int main( int argc, char *argv[] )
{ {
int ret = 0; int ret = 0;
rsa_context rsa; pk_context key;
char buf[1024]; char buf[1024];
int i, j, n; int i, j, n;
char *p, *q, *r; char *p, *q, *r;
x509write_csr req; x509write_csr req;
entropy_context entropy;
ctr_drbg_context ctr_drbg;
const char *pers = "csr example app";
/* /*
* Set to sane values * Set to sane values
*/ */
x509write_csr_init( &req ); x509write_csr_init( &req );
x509write_csr_set_md_alg( &req, POLARSSL_MD_SHA1 ); x509write_csr_set_md_alg( &req, POLARSSL_MD_SHA1 );
memset( &rsa, 0, sizeof( rsa_context ) ); pk_init( &key );
memset( buf, 0, 1024 ); memset( buf, 0, 1024 );
if( argc == 0 ) if( argc == 0 )
@ -251,9 +254,30 @@ int main( int argc, char *argv[] )
if( opt.ns_cert_type ) if( opt.ns_cert_type )
x509write_csr_set_ns_cert_type( &req, opt.ns_cert_type ); x509write_csr_set_ns_cert_type( &req, opt.ns_cert_type );
/*
* 0. Seed the PRNG
*/
printf( " . Seeding the random number generator..." );
fflush( stdout );
entropy_init( &entropy );
if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
error_strerror( ret, buf, 1024 );
printf( " failed\n ! ctr_drbg_init returned %d - %s\n", ret, buf );
goto exit;
}
printf( " ok\n" );
/* /*
* 1.0. Check the subject name for validity * 1.0. Check the subject name for validity
*/ */
printf( " . Checking subjet name..." );
fflush( stdout );
if( ( ret = x509write_csr_set_subject_name( &req, opt.subject_name ) ) != 0 ) if( ( ret = x509write_csr_set_subject_name( &req, opt.subject_name ) ) != 0 )
{ {
error_strerror( ret, buf, 1024 ); error_strerror( ret, buf, 1024 );
@ -261,22 +285,24 @@ int main( int argc, char *argv[] )
goto exit; goto exit;
} }
printf( " ok\n" );
/* /*
* 1.1. Load the key * 1.1. Load the key
*/ */
printf( "\n . Loading the private key ..." ); printf( " . Loading the private key ..." );
fflush( stdout ); fflush( stdout );
ret = x509parse_keyfile_rsa( &rsa, opt.filename, NULL ); ret = x509parse_keyfile( &key, opt.filename, NULL );
if( ret != 0 ) if( ret != 0 )
{ {
error_strerror( ret, buf, 1024 ); error_strerror( ret, buf, 1024 );
printf( " failed\n ! x509parse_key_rsa returned %d - %s\n\n", ret, buf ); printf( " failed\n ! x509parse_keyfile returned %d - %s\n\n", ret, buf );
goto exit; goto exit;
} }
x509write_csr_set_rsa_key( &req, &rsa ); x509write_csr_set_key( &req, &key );
printf( " ok\n" ); printf( " ok\n" );
@ -286,7 +312,8 @@ int main( int argc, char *argv[] )
printf( " . Writing the certificate request ..." ); printf( " . Writing the certificate request ..." );
fflush( stdout ); fflush( stdout );
if( ( ret = write_certificate_request( &req, opt.output_file ) ) != 0 ) if( ( ret = write_certificate_request( &req, opt.output_file,
ctr_drbg_random, &ctr_drbg ) ) != 0 )
{ {
error_strerror( ret, buf, 1024 ); error_strerror( ret, buf, 1024 );
printf( " failed\n ! write_certifcate_request %d - %s\n\n", ret, buf ); printf( " failed\n ! write_certifcate_request %d - %s\n\n", ret, buf );
@ -297,7 +324,7 @@ int main( int argc, char *argv[] )
exit: exit:
x509write_csr_free( &req ); x509write_csr_free( &req );
rsa_free( &rsa ); pk_free( &key );
#if defined(_WIN32) #if defined(_WIN32)
printf( " + Press Enter to exit this program.\n" ); printf( " + Press Enter to exit this program.\n" );
@ -306,5 +333,6 @@ exit:
return( ret ); return( ret );
} }
#endif /* POLARSSL_BIGNUM_C && POLARSSL_RSA_C && #endif /* POLARSSL_X509_PARSE_C && POLARSSL_FS_IO &&
POLARSSL_X509_PARSE_C && POLARSSL_FS_IO */ POLARSSL_ENTROPY_C && POLARSSL_CTR_DRBG_C &&
POLARSSL_ERROR_C */

19
tests/suites/test_suite_x509write.function
View file

@ -14,7 +14,7 @@
void x509_csr_check( char *key_file, int md_type, void x509_csr_check( char *key_file, int md_type,
char *cert_req_check_file ) char *cert_req_check_file )
{ {
rsa_context rsa; pk_context key;
pem_context pem; pem_context pem;
x509write_csr req; x509write_csr req;
unsigned char *c; unsigned char *c;
@ -24,19 +24,20 @@ void x509_csr_check( char *key_file, int md_type,
size_t olen = sizeof( check_buf ); size_t olen = sizeof( check_buf );
FILE *f; FILE *f;
char *subject_name = "C=NL,O=PolarSSL,CN=PolarSSL Server 1"; char *subject_name = "C=NL,O=PolarSSL,CN=PolarSSL Server 1";
rnd_pseudo_info rnd_info;
memset( &rsa, 0, sizeof(rsa_context) ); memset( &rnd_info, 0x2a, sizeof( rnd_pseudo_info ) );
ret = x509parse_keyfile_rsa( &rsa, key_file, NULL );
TEST_ASSERT( ret == 0 ); pk_init( &key );
if( ret != 0 ) TEST_ASSERT( x509parse_keyfile( &key, key_file, NULL ) == 0 );
return;
x509write_csr_init( &req ); x509write_csr_init( &req );
x509write_csr_set_md_alg( &req, md_type ); x509write_csr_set_md_alg( &req, md_type );
x509write_csr_set_rsa_key( &req, &rsa ); x509write_csr_set_key( &req, &key );
TEST_ASSERT( x509write_csr_set_subject_name( &req, subject_name ) == 0 ); TEST_ASSERT( x509write_csr_set_subject_name( &req, subject_name ) == 0 );
ret = x509write_csr_der( &req, buf, sizeof( buf ) ); ret = x509write_csr_der( &req, buf, sizeof( buf ),
rnd_pseudo_rand, &rnd_info );
TEST_ASSERT( ret >= 0 ); TEST_ASSERT( ret >= 0 );
c = buf + sizeof( buf ) - ret; c = buf + sizeof( buf ) - ret;
@ -53,8 +54,8 @@ void x509_csr_check( char *key_file, int md_type,
TEST_ASSERT( memcmp( c, pem.buf, pem.buflen ) == 0 ); TEST_ASSERT( memcmp( c, pem.buf, pem.buflen ) == 0 );
x509write_csr_free( &req ); x509write_csr_free( &req );
rsa_free( &rsa );
pem_free( &pem ); pem_free( &pem );
pk_free( &key );
} }
/* END_CASE */ /* END_CASE */