mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-02 01:24:16 +01:00
Use generic x509_get_pubkey() for RSA functions
This commit is contained in:
parent
4fa0476675
commit
244569f4b1
@ -27,6 +27,12 @@
|
|||||||
#ifndef POLARSSL_PK_H
|
#ifndef POLARSSL_PK_H
|
||||||
#define POLARSSL_PK_H
|
#define POLARSSL_PK_H
|
||||||
|
|
||||||
|
#include "config.h"
|
||||||
|
|
||||||
|
#if defined(POLARSSL_RSA_C)
|
||||||
|
#include "rsa.h"
|
||||||
|
#endif
|
||||||
|
|
||||||
#define POLARSSL_ERR_PK_MALLOC_FAILED -0x2F80 /**< Memory alloation failed. */
|
#define POLARSSL_ERR_PK_MALLOC_FAILED -0x2F80 /**< Memory alloation failed. */
|
||||||
#define POLARSSL_ERR_PK_TYPE_MISMATCH -0x2F00 /**< Type mismatch, eg attempt to use a RSA key as EC, or to modify key type */
|
#define POLARSSL_ERR_PK_TYPE_MISMATCH -0x2F00 /**< Type mismatch, eg attempt to use a RSA key as EC, or to modify key type */
|
||||||
|
|
||||||
@ -55,6 +61,7 @@ typedef struct
|
|||||||
{
|
{
|
||||||
pk_type_t type; /**< Public key type */
|
pk_type_t type; /**< Public key type */
|
||||||
void * data; /**< Public key data */
|
void * data; /**< Public key data */
|
||||||
|
int dont_free; /**< True if data must not be freed */
|
||||||
} pk_context;
|
} pk_context;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -82,6 +89,21 @@ void pk_free( pk_context *ctx );
|
|||||||
*/
|
*/
|
||||||
int pk_set_type( pk_context *ctx, pk_type_t type );
|
int pk_set_type( pk_context *ctx, pk_type_t type );
|
||||||
|
|
||||||
|
#if defined(POLARSSL_RSA_C)
|
||||||
|
/**
|
||||||
|
* \brief Wrap a RSA context in a PK context
|
||||||
|
*
|
||||||
|
* \param ctx PK context to initiliaze
|
||||||
|
* \param rsa RSA context to use
|
||||||
|
*
|
||||||
|
* \note The PK context must be freshly initialized.
|
||||||
|
*
|
||||||
|
* \return O on success,
|
||||||
|
* POLARSSL_ERR_PK_TYPE_MISMATCH if ctx was not empty.
|
||||||
|
*/
|
||||||
|
int pk_wrap_rsa( pk_context *ctx, const rsa_context *rsa);
|
||||||
|
#endif
|
||||||
|
|
||||||
#ifdef __cplusplus
|
#ifdef __cplusplus
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
21
library/pk.c
21
library/pk.c
@ -46,6 +46,7 @@ void pk_init( pk_context *ctx )
|
|||||||
|
|
||||||
ctx->type = POLARSSL_PK_NONE;
|
ctx->type = POLARSSL_PK_NONE;
|
||||||
ctx->data = NULL;
|
ctx->data = NULL;
|
||||||
|
ctx->dont_free = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -75,7 +76,8 @@ void pk_free( pk_context *ctx )
|
|||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
free( ctx-> data );
|
if( ! ctx->dont_free )
|
||||||
|
free( ctx->data );
|
||||||
|
|
||||||
ctx->type = POLARSSL_PK_NONE;
|
ctx->type = POLARSSL_PK_NONE;
|
||||||
ctx->data = NULL;
|
ctx->data = NULL;
|
||||||
@ -121,3 +123,20 @@ int pk_set_type( pk_context *ctx, pk_type_t type )
|
|||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#if defined(POLARSSL_RSA_C)
|
||||||
|
/*
|
||||||
|
* Wrap an RSA context in a PK context
|
||||||
|
*/
|
||||||
|
int pk_wrap_rsa( pk_context *ctx, const rsa_context *rsa)
|
||||||
|
{
|
||||||
|
if( ctx->type != POLARSSL_PK_NONE )
|
||||||
|
return( POLARSSL_ERR_PK_TYPE_MISMATCH );
|
||||||
|
|
||||||
|
ctx->type = POLARSSL_PK_RSA;
|
||||||
|
ctx->data = (rsa_context *) rsa;
|
||||||
|
ctx->dont_free = 1;
|
||||||
|
|
||||||
|
return( 0 );
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
@ -660,56 +660,18 @@ static int x509_get_pubkey( unsigned char **p,
|
|||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* SubjectPublicKeyInfo ::= SEQUENCE {
|
* Get an RSA public key (compatibility wrapper)
|
||||||
* algorithm AlgorithmIdentifier,
|
|
||||||
* subjectPublicKey BIT STRING }
|
|
||||||
*/
|
*/
|
||||||
static int x509_get_pubkey_rsa( unsigned char **p,
|
static int x509_get_pubkey_rsa( unsigned char **p,
|
||||||
const unsigned char *end,
|
const unsigned char *end,
|
||||||
rsa_context *rsa )
|
rsa_context *rsa )
|
||||||
{
|
{
|
||||||
int ret;
|
pk_context pk_ctx;
|
||||||
size_t len;
|
|
||||||
x509_buf pk_alg_oid;
|
|
||||||
pk_type_t pk_alg = POLARSSL_PK_NONE;
|
|
||||||
|
|
||||||
if( ( ret = asn1_get_tag( p, end, &len,
|
pk_init( &pk_ctx );
|
||||||
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
|
pk_wrap_rsa( &pk_ctx, rsa );
|
||||||
{
|
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT + ret );
|
|
||||||
}
|
|
||||||
|
|
||||||
end = *p + len;
|
return( x509_get_pubkey( p, end, &pk_ctx ) );
|
||||||
|
|
||||||
if( ( ret = asn1_get_alg_null( p, end, &pk_alg_oid ) ) != 0 )
|
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_PUBKEY + ret );
|
|
||||||
|
|
||||||
/*
|
|
||||||
* only RSA public keys handled at this time
|
|
||||||
*/
|
|
||||||
if( oid_get_pk_alg( &pk_alg_oid, &pk_alg ) != 0 )
|
|
||||||
{
|
|
||||||
return( POLARSSL_ERR_X509_UNKNOWN_PK_ALG );
|
|
||||||
}
|
|
||||||
|
|
||||||
if (pk_alg != POLARSSL_PK_RSA )
|
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_ALG );
|
|
||||||
|
|
||||||
if( ( ret = asn1_get_tag( p, end, &len, ASN1_BIT_STRING ) ) != 0 )
|
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_PUBKEY + ret );
|
|
||||||
|
|
||||||
if( ( end - *p ) < 1 )
|
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_PUBKEY +
|
|
||||||
POLARSSL_ERR_ASN1_OUT_OF_DATA );
|
|
||||||
|
|
||||||
if( *p + len != end )
|
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_PUBKEY +
|
|
||||||
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
|
|
||||||
|
|
||||||
if( *(*p)++ != 0 )
|
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_PUBKEY );
|
|
||||||
|
|
||||||
return( x509_get_rsapubkey( p, end, rsa ) );
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static int x509_get_sig( unsigned char **p,
|
static int x509_get_sig( unsigned char **p,
|
||||||
@ -2675,51 +2637,12 @@ int x509parse_key_rsa( rsa_context *rsa,
|
|||||||
int x509parse_public_key_rsa( rsa_context *rsa,
|
int x509parse_public_key_rsa( rsa_context *rsa,
|
||||||
const unsigned char *key, size_t keylen )
|
const unsigned char *key, size_t keylen )
|
||||||
{
|
{
|
||||||
int ret;
|
pk_context pk_ctx;
|
||||||
size_t len;
|
|
||||||
unsigned char *p, *end;
|
|
||||||
#if defined(POLARSSL_PEM_C)
|
|
||||||
pem_context pem;
|
|
||||||
|
|
||||||
pem_init( &pem );
|
pk_init( &pk_ctx );
|
||||||
ret = pem_read_buffer( &pem,
|
pk_wrap_rsa( &pk_ctx, rsa );
|
||||||
"-----BEGIN PUBLIC KEY-----",
|
|
||||||
"-----END PUBLIC KEY-----",
|
|
||||||
key, NULL, 0, &len );
|
|
||||||
|
|
||||||
if( ret == 0 )
|
return( x509parse_public_key( &pk_ctx, key, keylen ) );
|
||||||
{
|
|
||||||
/*
|
|
||||||
* Was PEM encoded
|
|
||||||
*/
|
|
||||||
keylen = pem.buflen;
|
|
||||||
}
|
|
||||||
else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
|
|
||||||
{
|
|
||||||
pem_free( &pem );
|
|
||||||
return( ret );
|
|
||||||
}
|
|
||||||
|
|
||||||
p = ( ret == 0 ) ? pem.buf : (unsigned char *) key;
|
|
||||||
#else
|
|
||||||
p = (unsigned char *) key;
|
|
||||||
#endif
|
|
||||||
end = p + keylen;
|
|
||||||
|
|
||||||
if( ( ret = x509_get_pubkey_rsa( &p, end, rsa ) ) != 0 )
|
|
||||||
{
|
|
||||||
#if defined(POLARSSL_PEM_C)
|
|
||||||
pem_free( &pem );
|
|
||||||
#endif
|
|
||||||
rsa_free( rsa );
|
|
||||||
return( ret );
|
|
||||||
}
|
|
||||||
|
|
||||||
#if defined(POLARSSL_PEM_C)
|
|
||||||
pem_free( &pem );
|
|
||||||
#endif
|
|
||||||
|
|
||||||
return( 0 );
|
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(POLARSSL_ECP_C)
|
#if defined(POLARSSL_ECP_C)
|
||||||
|
@ -511,7 +511,7 @@ X509 Certificate ASN1 (TBSCertificate, valid subject, no pubkeyinfo)
|
|||||||
x509parse_crt:"30563054a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374":"":POLARSSL_ERR_X509_CERT_INVALID_FORMAT + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
x509parse_crt:"30563054a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374":"":POLARSSL_ERR_X509_CERT_INVALID_FORMAT + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||||
|
|
||||||
X509 Certificate ASN1 (TBSCertificate, pubkey, no alg)
|
X509 Certificate ASN1 (TBSCertificate, pubkey, no alg)
|
||||||
x509parse_crt:"30583056a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743000":"":POLARSSL_ERR_X509_CERT_INVALID_PUBKEY + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
x509parse_crt:"30583056a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743000":"":POLARSSL_ERR_X509_CERT_INVALID_ALG + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||||
|
|
||||||
X509 Certificate ASN1 (TBSCertificate, valid subject, unknown pk alg)
|
X509 Certificate ASN1 (TBSCertificate, valid subject, unknown pk alg)
|
||||||
x509parse_crt:"30673065a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374300f300d06092A864886F70D0101000500":"":POLARSSL_ERR_X509_UNKNOWN_PK_ALG
|
x509parse_crt:"30673065a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374300f300d06092A864886F70D0101000500":"":POLARSSL_ERR_X509_UNKNOWN_PK_ALG
|
||||||
|
Loading…
Reference in New Issue
Block a user