Commit f18c3e03 authored by Manuel Pégourié-Gonnard's avatar Manuel Pégourié-Gonnard
Browse files

Add a PK can_do() method and simplify code

parent d73b3c13
......@@ -89,6 +89,9 @@ typedef struct
/** Public key type */
pk_type_t type;
/** Tell if the context implements this type (eg ECKEY can do ECDSA) */
int (*can_do)( pk_type_t type );
/** Verify signature */
int (*verify_func)( void *ctx,
const unsigned char *hash, const md_info_t *md_info,
......@@ -131,33 +134,6 @@ void pk_free( pk_context *ctx );
*/
int pk_set_type( pk_context *ctx, pk_type_t type );
#if defined(POLARSSL_ECDSA_C)
/**
* \brief Convert a generic EC key into an ECDSA context
*
* \param ctx Context to convert
*
* \return 0 on success, or
* POLARSSL_ERR_PK_MALLOC_FAILED or
* POLARSSL_ERR_PK_TYPE_MISMATCH.
*/
int pk_ec_to_ecdsa( pk_context *ctx );
/**
* \brief Tell if a PK context can be used for ECDSA
*
* \param ctx Context to check
*
* \return 0 if context cannot be used for ECDSA,
* 1 otherwise
*/
static inline int pk_can_ecdsa( pk_context ctx )
{
return( ctx.type == POLARSSL_PK_ECKEY ||
ctx.type == POLARSSL_PK_ECDSA );
}
#endif /* POLARSSL_ECDSA_C */
#if defined(POLARSSL_RSA_C)
/**
* \brief Wrap a RSA context in a PK context
......
......@@ -146,42 +146,6 @@ int pk_set_type( pk_context *ctx, pk_type_t type )
return( 0 );
}
#if defined(POLARSSL_ECDSA_C)
/*
* Convert generic EC context to ECDSA
*/
int pk_ec_to_ecdsa( pk_context *ctx )
{
ecp_keypair *eckey;
ecdsa_context *ecdsa;
if( ctx->type == POLARSSL_PK_ECDSA )
return( 0 );
if( ctx->type != POLARSSL_PK_ECKEY )
return( POLARSSL_ERR_PK_TYPE_MISMATCH );
eckey = (ecp_keypair *) ctx->data;
if( ( ecdsa = polarssl_malloc( sizeof( ecdsa_context ) ) ) == NULL )
return( POLARSSL_ERR_PK_MALLOC_FAILED );
ecdsa_init( ecdsa );
/* struct ecdsa_context begins the same as struct ecp_keypair */
memcpy( ecdsa, eckey, sizeof( ecp_keypair ) );
if( ! ctx->dont_free )
polarssl_free( eckey );
ctx->dont_free = 0;
ctx->type = POLARSSL_PK_ECDSA;
ctx->data = ecdsa;
return( 0 );
}
#endif /* POLARSSL_ECDSA_C */
#if defined(POLARSSL_RSA_C)
/*
* Wrap an RSA context in a PK context
......
......@@ -40,6 +40,11 @@
#endif
#if defined(POLARSSL_RSA_C)
static int rsa_can_do( pk_type_t type )
{
return( type == POLARSSL_PK_RSA );
}
static int rsa_verify_wrap( void *ctx,
const unsigned char *hash, const md_info_t *md_info,
const unsigned char *sig, size_t sig_len )
......@@ -52,11 +57,17 @@ static int rsa_verify_wrap( void *ctx,
const pk_info_t rsa_info = {
POLARSSL_PK_RSA,
rsa_can_do,
rsa_verify_wrap,
};
#endif /* POLARSSL_RSA_C */
#if defined(POLARSSL_ECDSA_C)
int ecdsa_can_do( pk_type_t type )
{
return( type == POLARSSL_PK_ECDSA );
}
int ecdsa_verify_wrap( void *ctx,
const unsigned char *hash, const md_info_t *md_info,
const unsigned char *sig, size_t sig_len )
......@@ -67,11 +78,19 @@ int ecdsa_verify_wrap( void *ctx,
const pk_info_t ecdsa_info = {
POLARSSL_PK_ECDSA,
ecdsa_can_do,
ecdsa_verify_wrap,
};
#endif /* POLARSSL_ECDSA_C */
#if defined(POLARSSL_ECP_C)
static int eckey_can_do( pk_type_t type )
{
return( type == POLARSSL_PK_ECKEY ||
type == POLARSSL_PK_ECKEY_DH ||
type == POLARSSL_PK_ECDSA );
}
static int eckey_verify_wrap( void *ctx,
const unsigned char *hash, const md_info_t *md_info,
const unsigned char *sig, size_t sig_len )
......@@ -101,6 +120,7 @@ static int eckey_verify_wrap( void *ctx,
const pk_info_t eckey_info = {
POLARSSL_PK_ECKEY,
eckey_can_do,
eckey_verify_wrap,
};
#endif /* POLARSSL_ECP_C */
......@@ -3344,33 +3344,13 @@ static int x509parse_verifycrl(x509_cert *crt, x509_cert *ca,
md( md_info, crl_list->tbs.p, crl_list->tbs.len, hash );
#if defined(POLARSSL_RSA_C)
if( crl_list->sig_pk == POLARSSL_PK_RSA )
if( ca->pk.info->can_do( crl_list->sig_pk ) == 0 ||
ca->pk.info->verify_func( ca->pk.data, hash, md_info,
crl_list->sig.p, crl_list->sig.len ) != 0 )
{
if( ca->pk.type != POLARSSL_PK_RSA ||
ca->pk.info->verify_func( ca->pk.data,
hash, md_info, crl_list->sig.p, crl_list->sig.len ) != 0 )
{
flags |= BADCRL_NOT_TRUSTED;
break;
}
}
else
#endif /* POLARSSL_RSA_C */
#if defined(POLARSSL_ECDSA_C)
if( crl_list->sig_pk == POLARSSL_PK_ECDSA )
{
if( ! pk_can_ecdsa( ca->pk ) ||
ca->pk.info->verify_func( ca->pk.data,
hash, md_info, crl_list->sig.p, crl_list->sig.len ) != 0 )
{
flags |= BADCRL_NOT_TRUSTED;
break;
}
flags |= BADCRL_NOT_TRUSTED;
break;
}
else
#endif /* POLARSSL_ECDSA_C */
return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
/*
* Check for validity of CRL (Do not drop out)
......@@ -3457,7 +3437,7 @@ static int x509parse_verify_top(
*/
if( child->subject_raw.len == trust_ca->subject_raw.len &&
memcmp( child->subject_raw.p, trust_ca->subject_raw.p,
child->issuer_raw.len ) == 0 )
child->issuer_raw.len ) == 0 )
{
check_path_cnt--;
}
......@@ -3481,33 +3461,13 @@ static int x509parse_verify_top(
md( md_info, child->tbs.p, child->tbs.len, hash );
#if defined(POLARSSL_RSA_C)
if( child->sig_pk == POLARSSL_PK_RSA )
if( trust_ca->pk.info->can_do( child->sig_pk ) == 0 ||
trust_ca->pk.info->verify_func( trust_ca->pk.data, hash, md_info,
child->sig.p, child->sig.len ) != 0 )
{
if( trust_ca->pk.type != POLARSSL_PK_RSA ||
trust_ca->pk.info->verify_func( trust_ca->pk.data,
hash, md_info, child->sig.p, child->sig.len ) != 0 )
{
trust_ca = trust_ca->next;
continue;
}
}
else
#endif /* POLARSSL_RSA_C */
#if defined(POLARSSL_ECDSA_C)
if( child->sig_pk == POLARSSL_PK_ECDSA )
{
if( ! pk_can_ecdsa( trust_ca->pk ) ||
trust_ca->pk.info->verify_func( trust_ca->pk.data,
hash, md_info, child->sig.p, child->sig.len ) != 0 )
{
trust_ca = trust_ca->next;
continue;
}
trust_ca = trust_ca->next;
continue;
}
else
#endif /* POLARSSL_ECDSA_C */
return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
/*
* Top of chain is signed by a trusted CA
......@@ -3578,31 +3538,12 @@ static int x509parse_verify_child(
{
md( md_info, child->tbs.p, child->tbs.len, hash );
#if defined(POLARSSL_RSA_C)
if( child->sig_pk == POLARSSL_PK_RSA )
if( parent->pk.info->can_do( child->sig_pk ) == 0 ||
parent->pk.info->verify_func( parent->pk.data, hash, md_info,
child->sig.p, child->sig.len ) != 0 )
{
if( parent->pk.type != POLARSSL_PK_RSA ||
parent->pk.info->verify_func( parent->pk.data,
hash, md_info, child->sig.p, child->sig.len ) != 0 )
{
*flags |= BADCERT_NOT_TRUSTED;
}
}
else
#endif /* POLARSSL_RSA_C */
#if defined(POLARSSL_ECDSA_C)
if( child->sig_pk == POLARSSL_PK_ECDSA )
{
if( ! pk_can_ecdsa( parent->pk ) ||
parent->pk.info->verify_func( parent->pk.data,
hash, md_info, child->sig.p, child->sig.len ) != 0 )
{
*flags |= BADCERT_NOT_TRUSTED;
}
*flags |= BADCERT_NOT_TRUSTED;
}
else
#endif /* POLARSSL_ECDSA_C */
return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
}
/* Check trusted CA's CRL for the given crt */
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment