Commit ac755235 authored by Manuel Pégourié-Gonnard's avatar Manuel Pégourié-Gonnard
Browse files

Adapt ssl_set_own_cert() to generic keys

parent 09edda88
......@@ -578,6 +578,7 @@ struct _ssl_context
/*
* PKI layer
*/
pk_context *pk_key; /*!< own private key */
#if defined(POLARSSL_RSA_C)
void *rsa_key; /*!< own RSA private key */
rsa_decrypt_func rsa_decrypt; /*!< function for RSA decrypt*/
......@@ -903,13 +904,29 @@ void ssl_set_ca_chain( ssl_context *ssl, x509_cert *ca_chain,
*
* \param ssl SSL context
* \param own_cert own public certificate chain
* \param rsa_key own private RSA key
* \param pk_key own private key
*/
void ssl_set_own_cert( ssl_context *ssl, x509_cert *own_cert,
rsa_context *rsa_key );
pk_context *rsa_key );
#if defined(POLARSSL_RSA_C)
/**
* \brief Set own certificate chain and private RSA key
*
* Note: own_cert should contain IN order from the bottom
* up your certificate chain. The top certificate (self-signed)
* can be omitted.
*
* \param ssl SSL context
* \param own_cert own public certificate chain
* \param rsa_key own private RSA key
*/
void ssl_set_own_cert_rsa( ssl_context *ssl, x509_cert *own_cert,
rsa_context *rsa_key );
#endif /* POLARSSL_RSA_C */
/**
* \brief Set own certificate and alternate non-PolarSSL private
* \brief Set own certificate and alternate non-PolarSSL RSA private
* key and handling callbacks, such as the PKCS#11 wrappers
* or any other external private key handler.
* (see the respective RSA functions in rsa.h for documentation
......@@ -927,11 +944,11 @@ void ssl_set_own_cert( ssl_context *ssl, x509_cert *own_cert,
* \param rsa_sign_func alternate implementation of \c rsa_pkcs1_sign()
* \param rsa_key_len_func function returning length of RSA key in bytes
*/
void ssl_set_own_cert_alt( ssl_context *ssl, x509_cert *own_cert,
void *rsa_key,
rsa_decrypt_func rsa_decrypt,
rsa_sign_func rsa_sign,
rsa_key_len_func rsa_key_len );
void ssl_set_own_cert_alt_rsa( ssl_context *ssl, x509_cert *own_cert,
void *rsa_key,
rsa_decrypt_func rsa_decrypt,
rsa_sign_func rsa_sign,
rsa_key_len_func rsa_key_len );
#endif /* POLARSSL_X509_PARSE_C */
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
......
......@@ -3143,22 +3143,35 @@ void ssl_set_ca_chain( ssl_context *ssl, x509_cert *ca_chain,
}
void ssl_set_own_cert( ssl_context *ssl, x509_cert *own_cert,
rsa_context *rsa_key )
pk_context *pk_key )
{
ssl->own_cert = own_cert;
ssl->rsa_key = rsa_key;
ssl->pk_key = pk_key;
/* Temporary, until everything is moved to PK */
if( pk_key->pk_info->type == POLARSSL_PK_RSA )
ssl->rsa_key = pk_key->pk_ctx;
}
void ssl_set_own_cert_alt( ssl_context *ssl, x509_cert *own_cert,
void *rsa_key,
rsa_decrypt_func rsa_decrypt,
rsa_sign_func rsa_sign,
rsa_key_len_func rsa_key_len )
#if defined(POLARSSL_RSA_C)
void ssl_set_own_cert_rsa( ssl_context *ssl, x509_cert *own_cert,
rsa_context *rsa_key )
{
ssl->own_cert = own_cert;
ssl->rsa_key = rsa_key;
}
#endif /* POLARSSL_RSA_C */
void ssl_set_own_cert_alt_rsa( ssl_context *ssl, x509_cert *own_cert,
void *rsa_key,
rsa_decrypt_func rsa_decrypt,
rsa_sign_func rsa_sign,
rsa_key_len_func rsa_key_len )
{
ssl->own_cert = own_cert;
ssl->rsa_key = rsa_key;
ssl->rsa_decrypt = rsa_decrypt;
ssl->rsa_sign = rsa_sign;
ssl->rsa_sign = rsa_sign;
ssl->rsa_key_len = rsa_key_len;
}
#endif /* POLARSSL_X509_PARSE_C */
......
......@@ -257,7 +257,7 @@ int main( int argc, char *argv[] )
#if defined(POLARSSL_X509_PARSE_C)
x509_cert cacert;
x509_cert clicert;
rsa_context rsa;
pk_context pkey;
#endif
char *p, *q;
const int *list;
......@@ -271,7 +271,7 @@ int main( int argc, char *argv[] )
#if defined(POLARSSL_X509_PARSE_C)
memset( &cacert, 0, sizeof( x509_cert ) );
memset( &clicert, 0, sizeof( x509_cert ) );
memset( &rsa, 0, sizeof( rsa_context ) );
pk_init( &pkey );
#endif
if( argc == 0 )
......@@ -626,11 +626,11 @@ int main( int argc, char *argv[] )
#if defined(POLARSSL_FS_IO)
if( strlen( opt.key_file ) )
ret = x509parse_keyfile_rsa( &rsa, opt.key_file, "" );
ret = x509parse_keyfile( &pkey, opt.key_file, "" );
else
#endif
#if defined(POLARSSL_CERTS_C)
ret = x509parse_key_rsa( &rsa, (const unsigned char *) test_cli_key,
ret = x509parse_key( &pkey, (const unsigned char *) test_cli_key,
strlen( test_cli_key ), NULL, 0 );
#else
{
......@@ -640,7 +640,7 @@ int main( int argc, char *argv[] )
#endif
if( ret != 0 )
{
printf( " failed\n ! x509parse_key_rsa returned -0x%x\n\n", -ret );
printf( " failed\n ! x509parse_key returned -0x%x\n\n", -ret );
goto exit;
}
......@@ -711,7 +711,7 @@ int main( int argc, char *argv[] )
#if defined(POLARSSL_X509_PARSE_C)
ssl_set_ca_chain( &ssl, &cacert, NULL, opt.server_name );
ssl_set_own_cert( &ssl, &clicert, &rsa );
ssl_set_own_cert( &ssl, &clicert, &pkey );
#endif
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
......@@ -911,7 +911,7 @@ exit:
#if defined(POLARSSL_X509_PARSE_C)
x509_free( &clicert );
x509_free( &cacert );
rsa_free( &rsa );
pk_free( &pkey );
#endif
ssl_session_free( &saved_session );
ssl_free( &ssl );
......
......@@ -104,7 +104,7 @@ int main( int argc, char *argv[] )
ctr_drbg_context ctr_drbg;
ssl_context ssl;
x509_cert srvcert;
rsa_context rsa;
pk_context pkey;
((void) argc);
((void) argv);
......@@ -139,7 +139,7 @@ int main( int argc, char *argv[] )
/*
* This demonstration program uses embedded test certificates.
* Instead, you may want to use x509parse_crtfile() to read the
* server and CA certificates, as well as x509parse_keyfile_rsa().
* server and CA certificates, as well as x509parse_keyfile().
*/
ret = x509parse_crt( &srvcert, (const unsigned char *) test_srv_crt,
strlen( test_srv_crt ) );
......@@ -157,12 +157,12 @@ int main( int argc, char *argv[] )
goto exit;
}
rsa_init( &rsa, RSA_PKCS_V15, 0 );
ret = x509parse_key_rsa( &rsa, (const unsigned char *) test_srv_key,
pk_init( &pkey );
ret = x509parse_key( &pkey, (const unsigned char *) test_srv_key,
strlen( test_srv_key ), NULL, 0 );
if( ret != 0 )
{
printf( " failed\n ! x509parse_key_rsa returned %d\n\n", ret );
printf( " failed\n ! x509parse_key returned %d\n\n", ret );
goto exit;
}
......@@ -265,7 +265,7 @@ int main( int argc, char *argv[] )
net_send, &client_fd );
ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL );
ssl_set_own_cert( &ssl, &srvcert, &rsa );
ssl_set_own_cert( &ssl, &srvcert, &pkey );
/*
* 5. Handshake
......@@ -363,7 +363,7 @@ exit:
net_close( client_fd );
x509_free( &srvcert );
rsa_free( &rsa );
pk_free( &pkey );
ssl_free( &ssl );
#if defined(_WIN32)
......
......@@ -352,7 +352,7 @@ int main( int argc, char *argv[] )
ssl_context ssl;
x509_cert cacert;
x509_cert clicert;
rsa_context rsa;
pk_context pkey;
int i;
size_t n;
char *p, *q;
......@@ -364,7 +364,7 @@ int main( int argc, char *argv[] )
server_fd = 0;
memset( &cacert, 0, sizeof( x509_cert ) );
memset( &clicert, 0, sizeof( x509_cert ) );
memset( &rsa, 0, sizeof( rsa_context ) );
pk_init( &pkey );
if( argc == 0 )
{
......@@ -532,11 +532,11 @@ int main( int argc, char *argv[] )
#if defined(POLARSSL_FS_IO)
if( strlen( opt.key_file ) )
ret = x509parse_keyfile_rsa( &rsa, opt.key_file, "" );
ret = x509parse_keyfile( &pkey, opt.key_file, "" );
else
#endif
#if defined(POLARSSL_CERTS_C)
ret = x509parse_key_rsa( &rsa, (const unsigned char *) test_cli_key,
ret = x509parse_key( &pkey, (const unsigned char *) test_cli_key,
strlen( test_cli_key ), NULL, 0 );
#else
{
......@@ -546,7 +546,7 @@ int main( int argc, char *argv[] )
#endif
if( ret != 0 )
{
printf( " failed\n ! x509parse_key_rsa returned %d\n\n", ret );
printf( " failed\n ! x509parse_key returned %d\n\n", ret );
goto exit;
}
......@@ -594,7 +594,7 @@ int main( int argc, char *argv[] )
ssl_set_ciphersuites( &ssl, opt.force_ciphersuite );
ssl_set_ca_chain( &ssl, &cacert, NULL, opt.server_name );
ssl_set_own_cert( &ssl, &clicert, &rsa );
ssl_set_own_cert( &ssl, &clicert, &pkey );
ssl_set_hostname( &ssl, opt.server_name );
......@@ -789,7 +789,7 @@ exit:
net_close( server_fd );
x509_free( &clicert );
x509_free( &cacert );
rsa_free( &rsa );
pk_free( &pkey );
ssl_free( &ssl );
#if defined(_WIN32)
......
......@@ -94,7 +94,7 @@ int main( int argc, char *argv[] )
ctr_drbg_context ctr_drbg;
ssl_context ssl;
x509_cert srvcert;
rsa_context rsa;
pk_context pkey;
#if defined(POLARSSL_SSL_CACHE_C)
ssl_cache_context cache;
#endif
......@@ -117,7 +117,7 @@ int main( int argc, char *argv[] )
/*
* This demonstration program uses embedded test certificates.
* Instead, you may want to use x509parse_crtfile() to read the
* server and CA certificates, as well as x509parse_keyfile_rsa().
* server and CA certificates, as well as x509parse_keyfile().
*/
ret = x509parse_crt( &srvcert, (const unsigned char *) test_srv_crt,
strlen( test_srv_crt ) );
......@@ -135,12 +135,12 @@ int main( int argc, char *argv[] )
goto exit;
}
rsa_init( &rsa, RSA_PKCS_V15, 0 );
ret = x509parse_key_rsa( &rsa, (const unsigned char *) test_srv_key,
pk_init( &pkey );
ret = x509parse_key( &pkey, (const unsigned char *) test_srv_key,
strlen( test_srv_key ), NULL, 0 );
if( ret != 0 )
{
printf( " failed\n ! x509parse_key_rsa returned %d\n\n", ret );
printf( " failed\n ! x509parse_key returned %d\n\n", ret );
goto exit;
}
......@@ -201,7 +201,7 @@ int main( int argc, char *argv[] )
#endif
ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL );
ssl_set_own_cert( &ssl, &srvcert, &rsa );
ssl_set_own_cert( &ssl, &srvcert, &pkey );
printf( " ok\n" );
......@@ -364,7 +364,7 @@ exit:
net_close( client_fd );
x509_free( &srvcert );
rsa_free( &rsa );
pk_free( &pkey );
ssl_free( &ssl );
#if defined(POLARSSL_SSL_CACHE_C)
ssl_cache_free( &cache );
......
......@@ -215,7 +215,7 @@ int main( int argc, char *argv[] )
#if defined(POLARSSL_X509_PARSE_C)
x509_cert cacert;
x509_cert srvcert;
rsa_context rsa;
pk_context pkey;
#endif
#if defined(POLARSSL_SSL_CACHE_C)
ssl_cache_context cache;
......@@ -239,7 +239,7 @@ int main( int argc, char *argv[] )
#if defined(POLARSSL_X509_PARSE_C)
memset( &cacert, 0, sizeof( x509_cert ) );
memset( &srvcert, 0, sizeof( x509_cert ) );
memset( &rsa, 0, sizeof( rsa_context ) );
pk_init( &pkey );
#endif
#if defined(POLARSSL_SSL_CACHE_C)
ssl_cache_init( &cache );
......@@ -575,11 +575,11 @@ int main( int argc, char *argv[] )
#if defined(POLARSSL_FS_IO)
if( strlen( opt.key_file ) )
ret = x509parse_keyfile_rsa( &rsa, opt.key_file, "" );
ret = x509parse_keyfile( &pkey, opt.key_file, "" );
else
#endif
#if defined(POLARSSL_CERTS_C)
ret = x509parse_key_rsa( &rsa, (const unsigned char *) test_srv_key,
ret = x509parse_key( &pkey, (const unsigned char *) test_srv_key,
strlen( test_srv_key ), NULL, 0 );
#else
{
......@@ -589,7 +589,7 @@ int main( int argc, char *argv[] )
#endif
if( ret != 0 )
{
printf( " failed\n ! x509parse_key_rsa returned -0x%x\n\n", -ret );
printf( " failed\n ! x509parse_key returned -0x%x\n\n", -ret );
goto exit;
}
......@@ -649,7 +649,7 @@ int main( int argc, char *argv[] )
#if defined(POLARSSL_X509_PARSE_C)
ssl_set_ca_chain( &ssl, &cacert, NULL, NULL );
ssl_set_own_cert( &ssl, &srvcert, &rsa );
ssl_set_own_cert( &ssl, &srvcert, &pkey );
#endif
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
......@@ -877,7 +877,7 @@ exit:
#if defined(POLARSSL_X509_PARSE_C)
x509_free( &srvcert );
x509_free( &cacert );
rsa_free( &rsa );
pk_free( &pkey );
#endif
ssl_free( &ssl );
......
......@@ -166,7 +166,7 @@ static int ssl_test( struct options *opt )
ctr_drbg_context ctr_drbg;
ssl_context ssl;
x509_cert srvcert;
rsa_context rsa;
pk_context pkey;
ret = 1;
......@@ -187,7 +187,7 @@ static int ssl_test( struct options *opt )
memset( write_state, 0, sizeof( write_state ) );
memset( &srvcert, 0, sizeof( x509_cert ) );
memset( &rsa, 0, sizeof( rsa_context ) );
pk_init( &pkey );
if( opt->opmode == OPMODE_CLIENT )
{
......@@ -229,11 +229,11 @@ static int ssl_test( struct options *opt )
goto exit;
}
ret = x509parse_key_rsa( &rsa, (const unsigned char *) test_srv_key,
ret = x509parse_key( &pkey, (const unsigned char *) test_srv_key,
strlen( test_srv_key ), NULL, 0 );
if( ret != 0 )
{
printf( " ! x509parse_key_rsa returned %d\n\n", ret );
printf( " ! x509parse_key returned %d\n\n", ret );
goto exit;
}
#endif
......@@ -262,7 +262,7 @@ static int ssl_test( struct options *opt )
ssl_set_endpoint( &ssl, SSL_IS_SERVER );
ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL );
ssl_set_own_cert( &ssl, &srvcert, &rsa );
ssl_set_own_cert( &ssl, &srvcert, &pkey );
}
ssl_set_authmode( &ssl, SSL_VERIFY_NONE );
......@@ -400,7 +400,7 @@ exit:
ssl_close_notify( &ssl );
x509_free( &srvcert );
rsa_free( &rsa );
pk_free( &pkey );
ssl_free( &ssl );
net_close( client_fd );
......
......@@ -157,7 +157,7 @@ int main( int argc, char *argv[] )
ssl_context ssl;
x509_cert cacert;
x509_cert clicert;
rsa_context rsa;
pk_context pkey;
int i, j, n;
int flags, verify = 0;
char *p, *q;
......@@ -169,7 +169,7 @@ int main( int argc, char *argv[] )
server_fd = 0;
memset( &cacert, 0, sizeof( x509_cert ) );
memset( &clicert, 0, sizeof( x509_cert ) );
memset( &rsa, 0, sizeof( rsa_context ) );
pk_init( &pkey );
if( argc == 0 )
{
......@@ -404,7 +404,7 @@ int main( int argc, char *argv[] )
ssl_set_bio( &ssl, net_recv, &server_fd,
net_send, &server_fd );
ssl_set_own_cert( &ssl, &clicert, &rsa );
ssl_set_own_cert( &ssl, &clicert, &pkey );
ssl_set_hostname( &ssl, opt.server_name );
......@@ -450,7 +450,7 @@ exit:
net_close( server_fd );
x509_free( &cacert );
x509_free( &clicert );
rsa_free( &rsa );
pk_free( &pkey );
#if defined(_WIN32)
printf( " + Press Enter to exit this program.\n" );
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment