PK: change pk_verify arguments (md_info "optional")

f73da029 · Manuel Pégourié-Gonnard · ab466945 · f73da029 · f73da029 · f73da029
Commit f73da029 authored Aug 17, 2013 by Manuel Pégourié-Gonnard
Showing with 36 additions and 27 deletions

include/polarssl/pk.h include/polarssl/pk.h +8 -5

library/pk.c library/pk.c +6 -4

library/pk_wrap.c library/pk_wrap.c +19 -15

library/x509parse.c library/x509parse.c +3 -3

No files found.
--- a/include/polarssl/pk.h
+++ b/include/polarssl/pk.h
@@ -30,6 +30,8 @@

 #include "config.h"

+#include "md.h"
+
 #if defined(POLARSSL_RSA_C)
 #include "rsa.h"
 #endif
@@ -123,8 +125,8 @@ typedef struct
    int (*can_do)( pk_type_t type );

    /** Verify signature */
-    int (*verify_func)( void *ctx,
-                        const unsigned char *hash, const md_info_t *md_info,
+    int (*verify_func)( void *ctx, md_type_t md_alg,
+                        const unsigned char *hash, size_t hash_len,
                        const unsigned char *sig, size_t sig_len );

    /** Allocate a new context */
@@ -203,16 +205,17 @@ int pk_can_do( pk_context *ctx, pk_type_t type );
 * \brief           Verify signature
 *
 * \param ctx       PK context to use
+ * \param md_alg    Hash algorithm used
 * \param hash      Hash of the message to sign
- * \param md_info   Information about the hash function used
+ * \param hash_len  Hash length
 * \param sig       Signature to verify
 * \param sig_len   Signature length
 *
 * \return          0 on success (signature is valid),
 *                  or a specific error code.
 */
-int pk_verify( pk_context *ctx,
-               const unsigned char *hash, const md_info_t *md_info,
+int pk_verify( pk_context *ctx, md_type_t md_alg,
+               const unsigned char *hash, size_t hash_len,
               const unsigned char *sig, size_t sig_len );

 /**

--- a/library/pk.c
+++ b/library/pk.c
@@ -110,7 +110,7 @@ int pk_init_ctx( pk_context *ctx, const pk_info_t *info )
 */
 int pk_can_do( pk_context *ctx, pk_type_t type )
 {
-    /* null of NONE context can't do anything */
+    /* null or NONE context can't do anything */
    if( ctx == NULL || ctx->pk_info == NULL )
        return( 0 );

@@ -120,14 +120,16 @@ int pk_can_do( pk_context *ctx, pk_type_t type )
 /*
 * Verify a signature
 */
-int pk_verify( pk_context *ctx,
-               const unsigned char *hash, const md_info_t *md_info,
+int pk_verify( pk_context *ctx, md_type_t md_alg,
+               const unsigned char *hash, size_t hash_len,
               const unsigned char *sig, size_t sig_len )
 {
    if( ctx == NULL || ctx->pk_info == NULL )
        return( POLARSSL_ERR_PK_BAD_INPUT_DATA );

-    return( ctx->pk_info->verify_func( ctx->pk_ctx, hash, md_info, sig, sig_len ) );
+    return( ctx->pk_info->verify_func( ctx->pk_ctx, md_alg,
+                                       hash, hash_len,
+                                       sig, sig_len ) );
 }

 /*

--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -58,15 +58,15 @@ static size_t rsa_get_size( const void * ctx )
    return( 8 * ((rsa_context *) ctx)->len );
 }

-static int rsa_verify_wrap( void *ctx,
-                   const unsigned char *hash, const md_info_t *md_info,
+static int rsa_verify_wrap( void *ctx, md_type_t md_alg,
+                   const unsigned char *hash, size_t hash_len,
                   const unsigned char *sig, size_t sig_len )
 {
    if( sig_len != ((rsa_context *) ctx)->len )
        return( POLARSSL_ERR_RSA_VERIFY_FAILED );

    return( rsa_pkcs1_verify( (rsa_context *) ctx,
-                RSA_PUBLIC, md_info->type, 0, hash, sig ) );
+                RSA_PUBLIC, md_alg, hash_len, hash, sig ) );
 }

 static void *rsa_alloc_wrap( void )
@@ -128,19 +128,20 @@ static size_t eckey_get_size( const void *ctx )

 #if defined(POLARSSL_ECDSA_C)
 /* Forward declaration */
-static int ecdsa_verify_wrap( void *ctx,
-                       const unsigned char *hash, const md_info_t *md_info,
+static int ecdsa_verify_wrap( void *ctx, md_type_t md_alg,
+                       const unsigned char *hash, size_t hash_len,
                       const unsigned char *sig, size_t sig_len );
 #endif

-static int eckey_verify_wrap( void *ctx,
-                       const unsigned char *hash, const md_info_t *md_info,
+static int eckey_verify_wrap( void *ctx, md_type_t md_alg,
+                       const unsigned char *hash, size_t hash_len,
                       const unsigned char *sig, size_t sig_len )
 {
 #if !defined(POLARSSL_ECDSA_C)
    ((void) ctx);
+    ((void) md_alg);
    ((void) hash);
-    ((void) md_info);
+    ((void) hash_len);
    ((void) sig);
    ((void) sig_len);

@@ -152,7 +153,7 @@ static int eckey_verify_wrap( void *ctx,
    ecdsa_init( &ecdsa );

    ret = ecdsa_from_keypair( &ecdsa, ctx ) ||
-          ecdsa_verify_wrap( &ecdsa, hash, md_info, sig, sig_len );
+          ecdsa_verify_wrap( &ecdsa, md_alg, hash, hash_len, sig, sig_len );

    ecdsa_free( &ecdsa );

@@ -203,13 +204,14 @@ static int eckeydh_can_do( pk_type_t type )
            type == POLARSSL_PK_ECKEY_DH );
 }

-static int eckeydh_verify_wrap( void *ctx,
-                       const unsigned char *hash, const md_info_t *md_info,
+static int eckeydh_verify_wrap( void *ctx, md_type_t md_alg,
+                       const unsigned char *hash, size_t hash_len,
                       const unsigned char *sig, size_t sig_len )
 {
    ((void) ctx);
+    ((void) md_alg);
    ((void) hash);
-    ((void) md_info);
+    ((void) hash_len);
    ((void) sig);
    ((void) sig_len);

@@ -234,12 +236,14 @@ static int ecdsa_can_do( pk_type_t type )
    return( type == POLARSSL_PK_ECDSA );
 }

-static int ecdsa_verify_wrap( void *ctx,
-                       const unsigned char *hash, const md_info_t *md_info,
+static int ecdsa_verify_wrap( void *ctx, md_type_t md_alg,
+                       const unsigned char *hash, size_t hash_len,
                       const unsigned char *sig, size_t sig_len )
 {
+    ((void) md_alg);
+
    return( ecdsa_read_signature( (ecdsa_context *) ctx,
-                hash, md_info->size, sig, sig_len ) );
+                hash, hash_len, sig, sig_len ) );
 }

 static void *ecdsa_alloc_wrap( void )

--- a/library/x509parse.c
+++ b/library/x509parse.c
@@ -3429,7 +3429,7 @@ static int x509parse_verifycrl(x509_cert *crt, x509_cert *ca,
        md( md_info, crl_list->tbs.p, crl_list->tbs.len, hash );

        if( pk_can_do( &ca->pk, crl_list->sig_pk ) == 0 ||
-            pk_verify( &ca->pk, hash, md_info,
+            pk_verify( &ca->pk, crl_list->sig_md, hash, md_info->size,
                       crl_list->sig.p, crl_list->sig.len ) != 0 )
        {
            flags |= BADCRL_NOT_TRUSTED;
@@ -3546,7 +3546,7 @@ static int x509parse_verify_top(
        md( md_info, child->tbs.p, child->tbs.len, hash );

        if( pk_can_do( &trust_ca->pk, child->sig_pk ) == 0 ||
-            pk_verify( &trust_ca->pk, hash, md_info,
+            pk_verify( &trust_ca->pk, child->sig_md, hash, md_info->size,
                       child->sig.p, child->sig.len ) != 0 )
        {
            trust_ca = trust_ca->next;
@@ -3623,7 +3623,7 @@ static int x509parse_verify_child(
        md( md_info, child->tbs.p, child->tbs.len, hash );

        if( pk_can_do( &parent->pk, child->sig_pk ) == 0 ||
-            pk_verify( &parent->pk, hash, md_info,
+            pk_verify( &parent->pk, child->sig_md, hash, md_info->size,
                       child->sig.p, child->sig.len ) != 0 )
        {
            *flags |= BADCERT_NOT_TRUSTED;