Commit d73b3c13 authored by Manuel Pégourié-Gonnard's avatar Manuel Pégourié-Gonnard
Browse files

PK: use wrappers and function pointers for verify

parent f499993c
......@@ -24,6 +24,7 @@
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#ifndef POLARSSL_PK_H
#define POLARSSL_PK_H
......@@ -33,6 +34,10 @@
#include "rsa.h"
#endif
#if defined(POLARSSL_ECP_C)
#include "ecp.h"
#endif
#if defined(POLARSSL_ECDSA_C)
#include "ecdsa.h"
#endif
......@@ -76,14 +81,29 @@ typedef enum {
POLARSSL_PK_ECDSA,
} pk_type_t;
/**
* \brief Public key info
*/
typedef struct
{
/** Public key type */
pk_type_t type;
/** Verify signature */
int (*verify_func)( void *ctx,
const unsigned char *hash, const md_info_t *md_info,
const unsigned char *sig, size_t sig_len );
} pk_info_t;
/**
* \brief Public key container
*/
typedef struct
{
pk_type_t type; /**< Public key type */
void * data; /**< Public key data */
int dont_free; /**< True if data must not be freed */
const pk_info_t * info; /**< Public key informations */
pk_type_t type; /**< Public key type (temporary) */
void * data; /**< Public key data */
int dont_free; /**< True if data must not be freed */
} pk_context;
/**
......@@ -157,4 +177,4 @@ int pk_wrap_rsa( pk_context *ctx, const rsa_context *rsa);
}
#endif
#endif /* pk.h */
#endif /* POLARSSL_PK_H */
/**
* \file pk.h
*
* \brief Public Key abstraction layer: wrapper functions
*
* Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
*
* All rights reserved.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#ifndef POLARSSL_PK_WRAP_H
#define POLARSSL_PK_WRAP_H
#include "config.h"
#include "pk.h"
#if defined(POLARSSL_RSA_C)
extern const pk_info_t rsa_info;
#endif
#if defined(POLARSSL_ECP_C)
extern const pk_info_t eckey_info;
#endif
#if defined(POLARSSL_ECDSA_C)
extern const pk_info_t ecdsa_info;
#endif
#endif /* POLARSSL_PK_WRAP_H */
......@@ -40,6 +40,7 @@ set(src
pkcs11.c
pkcs12.c
pk.c
pk_wrap.c
rsa.c
sha1.c
sha256.c
......
......@@ -49,7 +49,7 @@ OBJS= aes.o arc4.o asn1parse.o \
oid.o \
padlock.o pbkdf2.o pem.o \
pkcs5.o pkcs11.o pkcs12.o \
pk.o \
pk.o pk_wrap.o \
rsa.o sha1.o sha256.o \
sha512.o ssl_cache.o ssl_cli.o \
ssl_srv.o ssl_ciphersuites.o \
......
......@@ -26,6 +26,7 @@
#include "polarssl/config.h"
#include "polarssl/pk.h"
#include "polarssl/pk_wrap.h"
#if defined(POLARSSL_RSA_C)
#include "polarssl/rsa.h"
......@@ -54,6 +55,7 @@ void pk_init( pk_context *ctx )
if( ctx == NULL )
return;
ctx->info = NULL;
ctx->type = POLARSSL_PK_NONE;
ctx->data = NULL;
ctx->dont_free = 0;
......@@ -89,6 +91,7 @@ void pk_free( pk_context *ctx )
if( ! ctx->dont_free )
polarssl_free( ctx->data );
ctx->info = NULL;
ctx->type = POLARSSL_PK_NONE;
ctx->data = NULL;
}
......@@ -99,6 +102,7 @@ void pk_free( pk_context *ctx )
int pk_set_type( pk_context *ctx, pk_type_t type )
{
size_t size;
const pk_info_t *info;
if( ctx->type == type )
return( 0 );
......@@ -108,17 +112,26 @@ int pk_set_type( pk_context *ctx, pk_type_t type )
#if defined(POLARSSL_RSA_C)
if( type == POLARSSL_PK_RSA )
{
size = sizeof( rsa_context );
info = &rsa_info;
}
else
#endif
#if defined(POLARSSL_ECP_C)
if( type == POLARSSL_PK_ECKEY || type == POLARSSL_PK_ECKEY_DH )
{
size = sizeof( ecp_keypair );
info = &eckey_info;
}
else
#endif
#if defined(POLARSSL_ECDSA_C)
if( type == POLARSSL_PK_ECDSA )
{
size = sizeof( ecdsa_context );
info = &ecdsa_info;
}
else
#endif
return( POLARSSL_ERR_PK_TYPE_MISMATCH );
......@@ -128,6 +141,7 @@ int pk_set_type( pk_context *ctx, pk_type_t type )
memset( ctx->data, 0, size );
ctx->type = type;
ctx->info = info;
return( 0 );
}
......
/*
* Public Key abstraction layer: wrapper functions
*
* Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
*
* All rights reserved.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#include "polarssl/config.h"
#include "polarssl/pk_wrap.h"
#if defined(POLARSSL_RSA_C)
#include "polarssl/rsa.h"
#endif
#if defined(POLARSSL_ECP_C)
#include "polarssl/ecp.h"
#endif
#if defined(POLARSSL_ECDSA_C)
#include "polarssl/ecdsa.h"
#endif
#if defined(POLARSSL_RSA_C)
static int rsa_verify_wrap( void *ctx,
const unsigned char *hash, const md_info_t *md_info,
const unsigned char *sig, size_t sig_len )
{
((void) sig_len);
return( rsa_pkcs1_verify( (rsa_context *) ctx,
RSA_PUBLIC, md_info->type, 0, hash, sig ) );
}
const pk_info_t rsa_info = {
POLARSSL_PK_RSA,
rsa_verify_wrap,
};
#endif /* POLARSSL_RSA_C */
#if defined(POLARSSL_ECDSA_C)
int ecdsa_verify_wrap( void *ctx,
const unsigned char *hash, const md_info_t *md_info,
const unsigned char *sig, size_t sig_len )
{
return( ecdsa_read_signature( (ecdsa_context *) ctx,
hash, md_info->size, sig, sig_len ) );
}
const pk_info_t ecdsa_info = {
POLARSSL_PK_ECDSA,
ecdsa_verify_wrap,
};
#endif /* POLARSSL_ECDSA_C */
#if defined(POLARSSL_ECP_C)
static int eckey_verify_wrap( void *ctx,
const unsigned char *hash, const md_info_t *md_info,
const unsigned char *sig, size_t sig_len )
{
#if !defined(POLARSSL_ECDSA_C)
((void) ctx);
((void) hash);
((void) md_info);
((void) sig);
((void) sig_len);
return( POLARSSL_ERR_PK_TYPE_MISMATCH );
#else
int ret;
ecdsa_context ecdsa;
ecdsa_init( &ecdsa );
ret = ecdsa_from_keypair( &ecdsa, ctx ) ||
ecdsa_verify_wrap( &ecdsa, hash, md_info, sig, sig_len );
ecdsa_free( &ecdsa );
return( ret );
#endif /* POLARSSL_ECDSA_C */
}
const pk_info_t eckey_info = {
POLARSSL_PK_ECKEY,
eckey_verify_wrap,
};
#endif /* POLARSSL_ECP_C */
......@@ -3348,8 +3348,8 @@ static int x509parse_verifycrl(x509_cert *crt, x509_cert *ca,
if( crl_list->sig_pk == POLARSSL_PK_RSA )
{
if( ca->pk.type != POLARSSL_PK_RSA ||
rsa_pkcs1_verify( pk_rsa( ca->pk ), RSA_PUBLIC,
crl_list->sig_md, 0, hash, crl_list->sig.p ) != 0 )
ca->pk.info->verify_func( ca->pk.data,
hash, md_info, crl_list->sig.p, crl_list->sig.len ) != 0 )
{
flags |= BADCRL_NOT_TRUSTED;
break;
......@@ -3361,10 +3361,8 @@ static int x509parse_verifycrl(x509_cert *crt, x509_cert *ca,
if( crl_list->sig_pk == POLARSSL_PK_ECDSA )
{
if( ! pk_can_ecdsa( ca->pk ) ||
pk_ec_to_ecdsa( &ca->pk ) != 0 ||
ecdsa_read_signature( (ecdsa_context *) ca->pk.data,
hash, md_info->size,
crl_list->sig.p, crl_list->sig.len ) != 0 )
ca->pk.info->verify_func( ca->pk.data,
hash, md_info, crl_list->sig.p, crl_list->sig.len ) != 0 )
{
flags |= BADCRL_NOT_TRUSTED;
break;
......@@ -3487,8 +3485,8 @@ static int x509parse_verify_top(
if( child->sig_pk == POLARSSL_PK_RSA )
{
if( trust_ca->pk.type != POLARSSL_PK_RSA ||
rsa_pkcs1_verify( pk_rsa( trust_ca->pk ), RSA_PUBLIC,
child->sig_md, 0, hash, child->sig.p ) != 0 )
trust_ca->pk.info->verify_func( trust_ca->pk.data,
hash, md_info, child->sig.p, child->sig.len ) != 0 )
{
trust_ca = trust_ca->next;
continue;
......@@ -3500,10 +3498,8 @@ static int x509parse_verify_top(
if( child->sig_pk == POLARSSL_PK_ECDSA )
{
if( ! pk_can_ecdsa( trust_ca->pk ) ||
pk_ec_to_ecdsa( &trust_ca->pk ) != 0 ||
ecdsa_read_signature( (ecdsa_context *) trust_ca->pk.data,
hash, md_info->size,
child->sig.p, child->sig.len ) != 0 )
trust_ca->pk.info->verify_func( trust_ca->pk.data,
hash, md_info, child->sig.p, child->sig.len ) != 0 )
{
trust_ca = trust_ca->next;
continue;
......@@ -3586,8 +3582,8 @@ static int x509parse_verify_child(
if( child->sig_pk == POLARSSL_PK_RSA )
{
if( parent->pk.type != POLARSSL_PK_RSA ||
rsa_pkcs1_verify( pk_rsa( parent->pk ), RSA_PUBLIC,
child->sig_md, 0, hash, child->sig.p ) != 0 )
parent->pk.info->verify_func( parent->pk.data,
hash, md_info, child->sig.p, child->sig.len ) != 0 )
{
*flags |= BADCERT_NOT_TRUSTED;
}
......@@ -3598,10 +3594,8 @@ static int x509parse_verify_child(
if( child->sig_pk == POLARSSL_PK_ECDSA )
{
if( ! pk_can_ecdsa( parent->pk ) ||
pk_ec_to_ecdsa( &parent->pk ) != 0 ||
ecdsa_read_signature( (ecdsa_context *) parent->pk.data,
hash, md_info->size,
child->sig.p, child->sig.len ) != 0 )
parent->pk.info->verify_func( parent->pk.data,
hash, md_info, child->sig.p, child->sig.len ) != 0 )
{
*flags |= BADCERT_NOT_TRUSTED;
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment