mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-26 01:05:40 +01:00
- Added reading of DHM context from memory and file
This commit is contained in:
parent
8123e9d8f1
commit
1b57b06751
@ -8,6 +8,7 @@ Features
|
|||||||
with OpenVPN (donated by Fox-IT)
|
with OpenVPN (donated by Fox-IT)
|
||||||
* Added generic cipher wrapper for integration
|
* Added generic cipher wrapper for integration
|
||||||
with OpenVPN (donated by Fox-IT)
|
with OpenVPN (donated by Fox-IT)
|
||||||
|
* Added reading of DHM context from memory and file
|
||||||
|
|
||||||
= Version 0.14.0 released on 2010-08-16
|
= Version 0.14.0 released on 2010-08-16
|
||||||
Features
|
Features
|
||||||
|
@ -38,6 +38,7 @@ extern const char test_srv_crt[];
|
|||||||
extern const char test_srv_key[];
|
extern const char test_srv_key[];
|
||||||
extern const char test_cli_crt[];
|
extern const char test_cli_crt[];
|
||||||
extern const char test_cli_key[];
|
extern const char test_cli_key[];
|
||||||
|
extern const char test_dhm_params[];
|
||||||
|
|
||||||
#ifdef __cplusplus
|
#ifdef __cplusplus
|
||||||
}
|
}
|
||||||
|
@ -41,6 +41,8 @@ typedef enum {
|
|||||||
POLARSSL_MD_SHA512,
|
POLARSSL_MD_SHA512,
|
||||||
} md_type_t;
|
} md_type_t;
|
||||||
|
|
||||||
|
#define POLARSSL_MD_MAX_SIZE 64 /* longest known is SHA512 */
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Message digest information. Allows message digest functions to be called
|
* Message digest information. Allows message digest functions to be called
|
||||||
* in a generic way.
|
* in a generic way.
|
||||||
|
@ -453,6 +453,17 @@ void ssl_set_own_cert( ssl_context *ssl, x509_cert *own_cert,
|
|||||||
*/
|
*/
|
||||||
int ssl_set_dh_param( ssl_context *ssl, const char *dhm_P, const char *dhm_G );
|
int ssl_set_dh_param( ssl_context *ssl, const char *dhm_P, const char *dhm_G );
|
||||||
|
|
||||||
|
/**
|
||||||
|
* \brief Set the Diffie-Hellman public P and G values,
|
||||||
|
* read from existing context (server-side only)
|
||||||
|
*
|
||||||
|
* \param ssl SSL context
|
||||||
|
* \param dhm_ctx Diffie-Hellman-Merkle context
|
||||||
|
*
|
||||||
|
* \return 0 if successful
|
||||||
|
*/
|
||||||
|
int ssl_set_dh_param_ctx( ssl_context *ssl, dhm_context *dhm_ctx );
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \brief Set hostname for ServerName TLS Extension
|
* \brief Set hostname for ServerName TLS Extension
|
||||||
*
|
*
|
||||||
|
@ -28,6 +28,7 @@
|
|||||||
#define POLARSSL_X509_H
|
#define POLARSSL_X509_H
|
||||||
|
|
||||||
#include "polarssl/rsa.h"
|
#include "polarssl/rsa.h"
|
||||||
|
#include "polarssl/dhm.h"
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @addtogroup x509_module
|
* @addtogroup x509_module
|
||||||
@ -322,7 +323,7 @@ extern "C" {
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @name Functions to read in a certificate, CRL or private RSA key
|
* @name Functions to read in DHM parameters, a certificate, CRL or private RSA key
|
||||||
* @{
|
* @{
|
||||||
*/
|
*/
|
||||||
|
|
||||||
@ -404,7 +405,31 @@ int x509parse_key( rsa_context *rsa,
|
|||||||
*/
|
*/
|
||||||
int x509parse_keyfile( rsa_context *rsa, const char *path,
|
int x509parse_keyfile( rsa_context *rsa, const char *path,
|
||||||
const char *password );
|
const char *password );
|
||||||
/** @} name Functions to read in a certificate, CRL or private RSA key */
|
|
||||||
|
/** @ingroup x509_module */
|
||||||
|
/**
|
||||||
|
* \brief Parse DHM parameters
|
||||||
|
*
|
||||||
|
* \param dhm DHM context to be initialized
|
||||||
|
* \param dhmin input buffer
|
||||||
|
* \param dhminlen size of the buffer
|
||||||
|
*
|
||||||
|
* \return 0 if successful, or a specific X509 error code
|
||||||
|
*/
|
||||||
|
int x509parse_dhm( dhm_context *dhm, const unsigned char *dhmin, int dhminlen );
|
||||||
|
|
||||||
|
/** @ingroup x509_module */
|
||||||
|
/**
|
||||||
|
* \brief Load and parse DHM parameters
|
||||||
|
*
|
||||||
|
* \param dhm DHM context to be initialized
|
||||||
|
* \param path filename to read the DHM Parameters from
|
||||||
|
*
|
||||||
|
* \return 0 if successful, or a specific X509 error code
|
||||||
|
*/
|
||||||
|
int x509parse_dhmfile( dhm_context *rsa, const char *path );
|
||||||
|
|
||||||
|
/** @} name Functions to read in DHM parameters, a certificate, CRL or private RSA key */
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
@ -186,4 +186,11 @@ const char test_cli_key[] =
|
|||||||
"3vMGjy6jnBSaKoktW8ikY+4FHq+t5z63UN3RF367Iz0dWzIVocbxAQ==\r\n"
|
"3vMGjy6jnBSaKoktW8ikY+4FHq+t5z63UN3RF367Iz0dWzIVocbxAQ==\r\n"
|
||||||
"-----END RSA PRIVATE KEY-----\r\n";
|
"-----END RSA PRIVATE KEY-----\r\n";
|
||||||
|
|
||||||
|
const char test_dhm_params[] =
|
||||||
|
"-----BEGIN DH PARAMETERS-----\r\n"
|
||||||
|
"MIGHAoGBAJ419DBEOgmQTzo5qXl5fQcN9TN455wkOL7052HzxxRVMyhYmwQcgJvh\r\n"
|
||||||
|
"1sa18fyfR9OiVEMYglOpkqVoGLN7qd5aQNNi5W7/C+VBdHTBJcGZJyyP5B3qcz32\r\n"
|
||||||
|
"9mLJKudlVudV0Qxk5qUJaPZ/xupz0NyoVpviuiBOI1gNi8ovSXWzAgEC\r\n"
|
||||||
|
"-----END DH PARAMETERS-----\r\n";
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
@ -1806,6 +1806,25 @@ int ssl_set_dh_param( ssl_context *ssl, const char *dhm_P, const char *dhm_G )
|
|||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int ssl_set_dh_param_ctx( ssl_context *ssl, dhm_context *dhm_ctx )
|
||||||
|
{
|
||||||
|
int ret;
|
||||||
|
|
||||||
|
if( ( ret = mpi_copy(&ssl->dhm_ctx.P, &dhm_ctx->P) ) != 0 )
|
||||||
|
{
|
||||||
|
SSL_DEBUG_RET( 1, "mpi_copy", ret );
|
||||||
|
return( ret );
|
||||||
|
}
|
||||||
|
|
||||||
|
if( ( ret = mpi_copy(&ssl->dhm_ctx.G, &dhm_ctx->G) ) != 0 )
|
||||||
|
{
|
||||||
|
SSL_DEBUG_RET( 1, "mpi_copy", ret );
|
||||||
|
return( ret );
|
||||||
|
}
|
||||||
|
|
||||||
|
return( 0 );
|
||||||
|
}
|
||||||
|
|
||||||
int ssl_set_hostname( ssl_context *ssl, const char *hostname )
|
int ssl_set_hostname( ssl_context *ssl, const char *hostname )
|
||||||
{
|
{
|
||||||
if( hostname == NULL )
|
if( hostname == NULL )
|
||||||
|
@ -47,6 +47,7 @@
|
|||||||
#include "polarssl/sha1.h"
|
#include "polarssl/sha1.h"
|
||||||
#include "polarssl/sha2.h"
|
#include "polarssl/sha2.h"
|
||||||
#include "polarssl/sha4.h"
|
#include "polarssl/sha4.h"
|
||||||
|
#include "polarssl/dhm.h"
|
||||||
|
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
@ -1819,6 +1820,122 @@ int x509parse_keyfile( rsa_context *rsa, const char *path, const char *pwd )
|
|||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Parse DHM parameters
|
||||||
|
*/
|
||||||
|
int x509parse_dhm( dhm_context *dhm, const unsigned char *dhmin, int dhminlen )
|
||||||
|
{
|
||||||
|
int ret, len;
|
||||||
|
unsigned char *buf, *s1, *s2;
|
||||||
|
unsigned char *p, *end;
|
||||||
|
|
||||||
|
s1 = (unsigned char *) strstr( (char *) dhmin,
|
||||||
|
"-----BEGIN DH PARAMETERS-----" );
|
||||||
|
|
||||||
|
if( s1 != NULL )
|
||||||
|
{
|
||||||
|
s2 = (unsigned char *) strstr( (char *) dhmin,
|
||||||
|
"-----END DH PARAMETERS-----" );
|
||||||
|
|
||||||
|
if( s2 == NULL || s2 <= s1 )
|
||||||
|
return( POLARSSL_ERR_X509_KEY_INVALID_PEM );
|
||||||
|
|
||||||
|
s1 += 29;
|
||||||
|
if( *s1 == '\r' ) s1++;
|
||||||
|
if( *s1 == '\n' ) s1++;
|
||||||
|
else return( POLARSSL_ERR_X509_KEY_INVALID_PEM );
|
||||||
|
|
||||||
|
len = 0;
|
||||||
|
ret = base64_decode( NULL, &len, s1, s2 - s1 );
|
||||||
|
|
||||||
|
if( ret == POLARSSL_ERR_BASE64_INVALID_CHARACTER )
|
||||||
|
return( ret | POLARSSL_ERR_X509_KEY_INVALID_PEM );
|
||||||
|
|
||||||
|
if( ( buf = (unsigned char *) malloc( len ) ) == NULL )
|
||||||
|
return( 1 );
|
||||||
|
|
||||||
|
if( ( ret = base64_decode( buf, &len, s1, s2 - s1 ) ) != 0 )
|
||||||
|
{
|
||||||
|
free( buf );
|
||||||
|
return( ret | POLARSSL_ERR_X509_KEY_INVALID_PEM );
|
||||||
|
}
|
||||||
|
|
||||||
|
dhminlen = len;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
buf = NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
memset( dhm, 0, sizeof( dhm_context ) );
|
||||||
|
|
||||||
|
p = ( s1 != NULL ) ? buf : (unsigned char *) dhmin;
|
||||||
|
end = p + dhminlen;
|
||||||
|
|
||||||
|
/*
|
||||||
|
* DHParams ::= SEQUENCE {
|
||||||
|
* prime INTEGER, -- P
|
||||||
|
* generator INTEGER, -- g
|
||||||
|
* }
|
||||||
|
*/
|
||||||
|
if( ( ret = asn1_get_tag( &p, end, &len,
|
||||||
|
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
|
||||||
|
{
|
||||||
|
if( s1 != NULL )
|
||||||
|
free( buf );
|
||||||
|
|
||||||
|
dhm_free( dhm );
|
||||||
|
return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT | ret );
|
||||||
|
}
|
||||||
|
|
||||||
|
end = p + len;
|
||||||
|
|
||||||
|
if( ( ret = asn1_get_mpi( &p, end, &dhm->P ) ) != 0 ||
|
||||||
|
( ret = asn1_get_mpi( &p, end, &dhm->G ) ) != 0 )
|
||||||
|
{
|
||||||
|
if( s1 != NULL )
|
||||||
|
free( buf );
|
||||||
|
|
||||||
|
dhm_free( dhm );
|
||||||
|
return( ret | POLARSSL_ERR_X509_KEY_INVALID_FORMAT );
|
||||||
|
}
|
||||||
|
|
||||||
|
if( p != end )
|
||||||
|
{
|
||||||
|
if( s1 != NULL )
|
||||||
|
free( buf );
|
||||||
|
|
||||||
|
dhm_free( dhm );
|
||||||
|
return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT |
|
||||||
|
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
|
||||||
|
}
|
||||||
|
|
||||||
|
if( s1 != NULL )
|
||||||
|
free( buf );
|
||||||
|
|
||||||
|
return( 0 );
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Load and parse a private RSA key
|
||||||
|
*/
|
||||||
|
int x509parse_dhmfile( dhm_context *dhm, const char *path )
|
||||||
|
{
|
||||||
|
int ret;
|
||||||
|
size_t n;
|
||||||
|
unsigned char *buf;
|
||||||
|
|
||||||
|
if ( load_file( path, &buf, &n ) )
|
||||||
|
return( 1 );
|
||||||
|
|
||||||
|
ret = x509parse_dhm( dhm, buf, (int) n);
|
||||||
|
|
||||||
|
memset( buf, 0, n + 1 );
|
||||||
|
free( buf );
|
||||||
|
|
||||||
|
return( ret );
|
||||||
|
}
|
||||||
|
|
||||||
#if defined _MSC_VER && !defined snprintf
|
#if defined _MSC_VER && !defined snprintf
|
||||||
#include <stdarg.h>
|
#include <stdarg.h>
|
||||||
|
|
||||||
@ -2511,6 +2628,7 @@ int x509_self_test( int verbose )
|
|||||||
x509_cert cacert;
|
x509_cert cacert;
|
||||||
x509_cert clicert;
|
x509_cert clicert;
|
||||||
rsa_context rsa;
|
rsa_context rsa;
|
||||||
|
dhm_context dhm;
|
||||||
|
|
||||||
if( verbose != 0 )
|
if( verbose != 0 )
|
||||||
printf( " X.509 certificate load: " );
|
printf( " X.509 certificate load: " );
|
||||||
@ -2567,12 +2685,27 @@ int x509_self_test( int verbose )
|
|||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if( verbose != 0 )
|
||||||
|
printf( "passed\n X.509 DHM parameter load: " );
|
||||||
|
|
||||||
|
i = strlen( test_dhm_params );
|
||||||
|
j = strlen( test_ca_pwd );
|
||||||
|
|
||||||
|
if( ( ret = x509parse_dhm( &dhm, (unsigned char *) test_dhm_params, i ) ) != 0 )
|
||||||
|
{
|
||||||
|
if( verbose != 0 )
|
||||||
|
printf( "failed\n" );
|
||||||
|
|
||||||
|
return( ret );
|
||||||
|
}
|
||||||
|
|
||||||
if( verbose != 0 )
|
if( verbose != 0 )
|
||||||
printf( "passed\n\n" );
|
printf( "passed\n\n" );
|
||||||
|
|
||||||
x509_free( &cacert );
|
x509_free( &cacert );
|
||||||
x509_free( &clicert );
|
x509_free( &clicert );
|
||||||
rsa_free( &rsa );
|
rsa_free( &rsa );
|
||||||
|
dhm_free( &dhm );
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
#else
|
#else
|
||||||
|
Loading…
Reference in New Issue
Block a user