Commit 126239fb authored by johan's avatar johan

Add wrapper to mbedtls 2.2

parent 5230840f
......@@ -67,8 +67,16 @@ set(exec_prefix ${prefix}/bin)
set(libdir ${prefix}/lib)
set(includedir ${prefix}/include)
get_filename_component(polarssl_library_path "${POLARSSL_LIBRARIES}" PATH)
set(LIBS_PRIVATE "${LIBS_PRIVATE} -L${polarssl_library_path} -lpolarssl")
if (MBEDTLS_FOUND)
get_filename_component(mbedtls_library_path "${MBEDTLS_LIBRARIES}" PATH)
set(LIBS_PRIVATE "${LIBS_PRIVATE} -L${mbedlts_library_path}")
endif()
if (POLARSSL_FOUND)
get_filename_component(polarssl_library_path "${POLARSSL_LIBRARIES}" PATH)
set(LIBS_PRIVATE "${LIBS_PRIVATE} -L${polarssl_library_path} -lpolarssl")
endif()
configure_file(${CMAKE_CURRENT_SOURCE_DIR}/bctoolbox.pc.in ${CMAKE_CURRENT_BINARY_DIR}/bctoolbox.pc)
install(FILES ${CMAKE_CURRENT_BINARY_DIR}/bctoolbox.pc DESTINATION lib/pkgconfig)
......@@ -76,8 +84,16 @@ install(FILES ${CMAKE_CURRENT_BINARY_DIR}/bctoolbox.pc DESTINATION lib/pkgconfig
include_directories(
include
src
${POLARSSL_INCLUDE_DIRS}
)
if (MBEDTLS_FOUND)
include_directories(${MBEDTLS_INCLUDE_DIRS})
endif()
if (POLARSSL_FOUND)
include_directories(${POLARSSL_INCLUDE_DIRS})
endif()
if(MSVC)
include_directories(${MSVC_INCLUDE_DIR})
endif()
......
......@@ -70,13 +70,24 @@ Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#define BCTOOLBOX_CERTIFICATE_VERIFY_BADCERT_REVOKED 0x02 /**< The certificate has been revoked (is on a CRL). */
#define BCTOOLBOX_CERTIFICATE_VERIFY_BADCERT_CN_MISMATCH 0x04 /**< The certificate Common Name (CN) does not match with the expected CN. */
#define BCTOOLBOX_CERTIFICATE_VERIFY_BADCERT_NOT_TRUSTED 0x08 /**< The certificate is not correctly signed by the trusted CA. */
#define BCTOOLBOX_CERTIFICATE_VERIFY_BADCRL_NOT_TRUSTED 0x10 /**< CRL is not correctly signed by the trusted CA. */
#define BCTOOLBOX_CERTIFICATE_VERIFY_BADCRL_EXPIRED 0x20 /**< CRL is expired. */
#define BCTOOLBOX_CERTIFICATE_VERIFY_BADCERT_MISSING 0x40 /**< Certificate was missing. */
#define BCTOOLBOX_CERTIFICATE_VERIFY_BADCERT_SKIP_VERIFY 0x80 /**< Certificate verification was skipped. */
#define BCTOOLBOX_CERTIFICATE_VERIFY_BADCERT_MISSING 0x10 /**< Certificate was missing. */
#define BCTOOLBOX_CERTIFICATE_VERIFY_BADCERT_SKIP_VERIFY 0x20 /**< Certificate verification was skipped. */
#define BCTOOLBOX_CERTIFICATE_VERIFY_BADCERT_OTHER 0x0100 /**< Other reason (can be used by verify callback) */
#define BCTOOLBOX_CERTIFICATE_VERIFY_BADCERT_FUTURE 0x0200 /**< The certificate validity starts in the future. */
#define BCTOOLBOX_CERTIFICATE_VERIFY_BADCRL_FUTURE 0x0400 /**< The CRL is from the future */
#define BCTOOLBOX_CERTIFICATE_VERIFY_BADCERT_KEY_USAGE 0x0400 /**< Usage does not match the keyUsage extension. */
#define BCTOOLBOX_CERTIFICATE_VERIFY_BADCERT_EXT_KEY_USAGE 0x0800 /**< Usage does not match the extendedKeyUsage extension. */
#define BCTOOLBOX_CERTIFICATE_VERIFY_BADCERT_NS_CERT_TYPE 0x1000 /**< Usage does not match the nsCertType extension. */
#define BCTOOLBOX_CERTIFICATE_VERIFY_BADCERT_BAD_MD 0x2000 /**< The certificate is signed with an unacceptable hash. */
#define BCTOOLBOX_CERTIFICATE_VERIFY_BADCERT_BAD_PK 0x4000 /**< The certificate is signed with an unacceptable PK alg (eg RSA vs ECDSA). */
#define BCTOOLBOX_CERTIFICATE_VERIFY_BADCERT_BAD_KEY 0x8000 /**< The certificate is signed with an unacceptable key (eg bad curve, RSA too short). */
#define BCTOOLBOX_CERTIFICATE_VERIFY_BADCRL_FUTURE 0x10000 /**< The CRL is from the future */
#define BCTOOLBOX_CERTIFICATE_VERIFY_BADCRL_NOT_TRUSTED 0x20000 /**< CRL is not correctly signed by the trusted CA. */
#define BCTOOLBOX_CERTIFICATE_VERIFY_BADCRL_EXPIRED 0x40000 /**< CRL is expired. */
#define BCTOOLBOX_CERTIFICATE_VERIFY_BADCRL_BAD_MD 0x80000 /**< The CRL is signed with an unacceptable hash. */
#define BCTOOLBOX_CERTIFICATE_VERIFY_BADCRL_BAD_PK 0x100000 /**< The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA). */
#define BCTOOLBOX_CERTIFICATE_VERIFY_BADCRL_BAD_KEY 0x200000 /**< The CRL is signed with an unacceptable key (eg bad curve, RSA too short). */
/* Hash functions type */
typedef enum bctoolbox_md_type {
......@@ -157,6 +168,7 @@ void bctoolbox_ssl_set_io_callbacks(bctoolbox_ssl_context_t *ssl_ctx, void *call
const bctoolbox_x509_certificate_t *bctoolbox_ssl_get_peer_certificate(bctoolbox_ssl_context_t *ssl_ctx);
bctoolbox_ssl_config_t *bctoolbox_ssl_config_new(void);
int32_t bctoolbox_ssl_config_set_crypto_library_config(bctoolbox_ssl_config_t *ssl_config, void *internal_config);
void bctoolbox_ssl_config_free(bctoolbox_ssl_config_t *ssl_config);
int32_t bctoolbox_ssl_config_defaults(bctoolbox_ssl_config_t *ssl_config, int endpoint, int transport);
int32_t bctoolbox_ssl_config_set_endpoint(bctoolbox_ssl_config_t *ssl_config, int endpoint);
......
......@@ -22,9 +22,19 @@
set(BCTOOLBOX_SOURCE_FILES
crypto.c
)
if (POLARSSL_FOUND)
set(BCTOOLBOX_SOURCE_FILES
${BCTOOLBOX_SOURCE_FILES}
crypto_polarssl.c
)
elseif (MBEDTLS_FOUND)
set(BCTOOLBOX_SOURCE_FILES
${BCTOOLBOX_SOURCE_FILES}
crypto_mbedtls.c
)
endif()
if(ENABLE_STATIC)
add_library(bctoolbox STATIC ${BCTOOLBOX_HEADER_FILES} ${BCTOOLBOX_SOURCE_FILES})
......@@ -41,8 +51,15 @@ else()
endif()
endif()
list(APPEND INCLUDES ${POLARSSL_INCLUDE_DIR})
list(APPEND LIBS ${POLARSSL_LIBRARIES})
if (POLARSSL_FOUND)
list(APPEND INCLUDES ${POLARSSL_INCLUDE_DIRS})
list(APPEND LIBS ${POLARSSL_LIBRARIES})
elseif (MBEDTLS_FOUND)
list(APPEND INCLUDES ${MBEDTLS_INCLUDE_DIRS})
list(APPEND LIBS ${MBEDTLS_LIBRARIES})
endif()
target_include_directories(bctoolbox PUBLIC ${INCLUDES})
......
This diff is collapsed.
/*
crypto.c
crypto_polarssl.c
Copyright (C) 2016 Belledonne Communications SARL
This program is free software; you can redistribute it and/or
......@@ -128,7 +128,7 @@ char *bctoolbox_signing_key_get_pem(bctoolbox_signing_key_t *key) {
int32_t bctoolbox_signing_key_parse(bctoolbox_signing_key_t *key, const char *buffer, size_t buffer_length, const unsigned char *password, size_t password_length) {
int err;
err=pk_parse_key((pk_context *)key, (const unsigned char *)buffer, buffer_length, password, password_length);
err=pk_parse_key((pk_context *)key, (const unsigned char *)buffer, buffer_length+1, password, password_length);
if(err==0 && !pk_can_do((pk_context *)key, POLARSSL_PK_RSA)) {
err=POLARSSL_ERR_PK_TYPE_MISMATCH;
}
......@@ -193,7 +193,7 @@ int32_t bctoolbox_x509_certificate_parse_path(bctoolbox_x509_certificate_t *cert
}
int32_t bctoolbox_x509_certificate_parse(bctoolbox_x509_certificate_t *cert, const char *buffer, size_t buffer_length) {
return x509_crt_parse((x509_crt *)cert, (const unsigned char *)buffer, buffer_length);
return x509_crt_parse((x509_crt *)cert, (const unsigned char *)buffer, buffer_length+1);
}
int32_t bctoolbox_x509_certificate_get_der_length(bctoolbox_x509_certificate_t *cert) {
......@@ -304,6 +304,8 @@ int32_t bctoolbox_x509_certificate_generate_selfsigned(const char *subject, bcto
}
x509write_crt_free(&crt);
ctr_drbg_free(&ctr_drbg);
entropy_free(&entropy);
/* copy the key+cert in pem format into the given buffer */
if (pem != NULL) {
......@@ -803,6 +805,10 @@ bctoolbox_ssl_config_t *bctoolbox_ssl_config_new(void) {
return ssl_config;
}
int32_t bctoolbox_ssl_config_set_crypto_library_config(bctoolbox_ssl_config_t *ssl_config, void *internal_config) {
return BCTOOLBOX_ERROR_UNAVAILABLE_FUNCTION;
}
void bctoolbox_ssl_config_free(bctoolbox_ssl_config_t *ssl_config) {
bctoolbox_free(ssl_config);
}
......@@ -1000,10 +1006,11 @@ int32_t bctoolbox_ssl_context_setup(bctoolbox_ssl_context_t *ssl_ctx, bctoolbox_
ssl_set_own_cert(&(ssl_ctx->ssl_ctx) , ssl_config->own_cert , ssl_config->own_cert_pk);
}
#ifdef HAVE_DTLS_SRTP
if (ssl_config->dtls_srtp_profiles_number > 0) {
ssl_set_dtls_srtp_protection_profiles(&(ssl_ctx->ssl_ctx), ssl_config->dtls_srtp_profiles, ssl_config->dtls_srtp_profiles_number );
}
#endif
return 0;
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment