Add and use pk_encrypt(), pk_decrypt()

This commit is contained in:
Manuel Pégourié-Gonnard 2013-08-21 11:51:08 +02:00
parent 8df2769178
commit a2d3f22007
5 changed files with 142 additions and 19 deletions

View File

@ -136,6 +136,18 @@ typedef struct
int (*f_rng)(void *, unsigned char *, size_t), int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng ); void *p_rng );
/** Decrypt message */
int (*decrypt_func)( void *ctx, const unsigned char *input, size_t ilen,
unsigned char *output, size_t *olen, size_t osize,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng );
/** Encrypt message */
int (*encrypt_func)( void *ctx, const unsigned char *input, size_t ilen,
unsigned char *output, size_t *olen, size_t osize,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng );
/** Allocate a new context */ /** Allocate a new context */
void * (*ctx_alloc_func)( void ); void * (*ctx_alloc_func)( void );
@ -244,6 +256,40 @@ int pk_sign( pk_context *ctx, md_type_t md_alg,
unsigned char *sig, size_t *sig_len, unsigned char *sig, size_t *sig_len,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
/**
* \brief Decrypt message
*
* \param ctx PK context to use
* \param input Input to decrypt
* \param ilen Input size
* \param output Decrypted output
* \param olen Decrypted message lenght
* \param osize Size of the output buffer
*
* \return 0 on success, or a specific error code.
*/
int pk_decrypt( pk_context *ctx,
const unsigned char *input, size_t ilen,
unsigned char *output, size_t *olen, size_t osize,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
/**
* \brief Encrypt message
*
* \param ctx PK context to use
* \param input Message to encrypt
* \param ilen Message size
* \param output Encrypted output
* \param olen Encrypted output length
* \param osize Size of the output buffer
*
* \return 0 on success, or a specific error code.
*/
int pk_encrypt( pk_context *ctx,
const unsigned char *input, size_t ilen,
unsigned char *output, size_t *olen, size_t osize,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
/** /**
* \brief Export debug information * \brief Export debug information
* *

View File

@ -152,6 +152,42 @@ int pk_sign( pk_context *ctx, md_type_t md_alg,
sig, sig_len, f_rng, p_rng ) ); sig, sig_len, f_rng, p_rng ) );
} }
/*
* Decrypt message
*/
int pk_decrypt( pk_context *ctx,
const unsigned char *input, size_t ilen,
unsigned char *output, size_t *olen, size_t osize,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
if( ctx == NULL || ctx->pk_info == NULL )
return( POLARSSL_ERR_PK_BAD_INPUT_DATA );
if( ctx->pk_info->decrypt_func == NULL )
return( POLARSSL_ERR_PK_TYPE_MISMATCH );
return( ctx->pk_info->decrypt_func( ctx->pk_ctx, input, ilen,
output, olen, osize, f_rng, p_rng ) );
}
/*
* Encrypt message
*/
int pk_encrypt( pk_context *ctx,
const unsigned char *input, size_t ilen,
unsigned char *output, size_t *olen, size_t osize,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
if( ctx == NULL || ctx->pk_info == NULL )
return( POLARSSL_ERR_PK_BAD_INPUT_DATA );
if( ctx->pk_info->encrypt_func == NULL )
return( POLARSSL_ERR_PK_TYPE_MISMATCH );
return( ctx->pk_info->encrypt_func( ctx->pk_ctx, input, ilen,
output, olen, osize, f_rng, p_rng ) );
}
/* /*
* Get key size in bits * Get key size in bits
*/ */

View File

@ -80,6 +80,34 @@ static int rsa_sign_wrap( void *ctx, md_type_t md_alg,
md_alg, hash_len, hash, sig ) ); md_alg, hash_len, hash, sig ) );
} }
static int rsa_decrypt_wrap( void *ctx,
const unsigned char *input, size_t ilen,
unsigned char *output, size_t *olen, size_t osize,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
((void) f_rng);
((void) p_rng);
if( ilen != ((rsa_context *) ctx)->len )
return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
return( rsa_pkcs1_decrypt( (rsa_context *) ctx,
RSA_PRIVATE, olen, input, output, osize ) );
}
static int rsa_encrypt_wrap( void *ctx,
const unsigned char *input, size_t ilen,
unsigned char *output, size_t *olen, size_t osize,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
((void) osize);
*olen = ((rsa_context *) ctx)->len;
return( rsa_pkcs1_encrypt( (rsa_context *) ctx,
f_rng, p_rng, RSA_PUBLIC, ilen, input, output ) );
}
static void *rsa_alloc_wrap( void ) static void *rsa_alloc_wrap( void )
{ {
void *ctx = polarssl_malloc( sizeof( rsa_context ) ); void *ctx = polarssl_malloc( sizeof( rsa_context ) );
@ -116,6 +144,8 @@ const pk_info_t rsa_info = {
rsa_can_do, rsa_can_do,
rsa_verify_wrap, rsa_verify_wrap,
rsa_sign_wrap, rsa_sign_wrap,
rsa_decrypt_wrap,
rsa_encrypt_wrap,
rsa_alloc_wrap, rsa_alloc_wrap,
rsa_free_wrap, rsa_free_wrap,
rsa_debug, rsa_debug,
@ -222,6 +252,8 @@ const pk_info_t eckey_info = {
NULL, NULL,
NULL, NULL,
#endif #endif
NULL,
NULL,
eckey_alloc_wrap, eckey_alloc_wrap,
eckey_free_wrap, eckey_free_wrap,
eckey_debug, eckey_debug,
@ -243,6 +275,8 @@ const pk_info_t eckeydh_info = {
eckeydh_can_do, eckeydh_can_do,
NULL, NULL,
NULL, NULL,
NULL,
NULL,
eckey_alloc_wrap, /* Same underlying key structure */ eckey_alloc_wrap, /* Same underlying key structure */
eckey_free_wrap, /* Same underlying key structure */ eckey_free_wrap, /* Same underlying key structure */
eckey_debug, /* Same underlying key structure */ eckey_debug, /* Same underlying key structure */
@ -299,6 +333,8 @@ const pk_info_t ecdsa_info = {
ecdsa_can_do, ecdsa_can_do,
ecdsa_verify_wrap, ecdsa_verify_wrap,
ecdsa_sign_wrap, ecdsa_sign_wrap,
NULL,
NULL,
ecdsa_alloc_wrap, ecdsa_alloc_wrap,
ecdsa_free_wrap, ecdsa_free_wrap,
eckey_debug, /* Compatible key structures */ eckey_debug, /* Compatible key structures */

View File

@ -1870,26 +1870,24 @@ static int ssl_write_client_key_exchange( ssl_context *ssl )
return( POLARSSL_ERR_SSL_PK_TYPE_MISMATCH ); return( POLARSSL_ERR_SSL_PK_TYPE_MISMATCH );
} }
i = 4; i = ssl->minor_ver == SSL_MINOR_VERSION_0 ? 4 : 6;
n = pk_get_size( &ssl->session_negotiate->peer_cert->pk ) / 8;
if( ssl->minor_ver != SSL_MINOR_VERSION_0 ) ret = pk_encrypt( &ssl->session_negotiate->peer_cert->pk,
{ ssl->handshake->premaster, ssl->handshake->pmslen,
i += 2; ssl->out_msg + i, &n, SSL_BUFFER_LEN,
ssl->out_msg[4] = (unsigned char)( n >> 8 ); ssl->f_rng, ssl->p_rng );
ssl->out_msg[5] = (unsigned char)( n );
}
ret = rsa_pkcs1_encrypt(
pk_rsa( ssl->session_negotiate->peer_cert->pk ),
ssl->f_rng, ssl->p_rng, RSA_PUBLIC,
ssl->handshake->pmslen, ssl->handshake->premaster,
ssl->out_msg + i );
if( ret != 0 ) if( ret != 0 )
{ {
SSL_DEBUG_RET( 1, "rsa_pkcs1_encrypt", ret ); SSL_DEBUG_RET( 1, "rsa_pkcs1_encrypt", ret );
return( ret ); return( ret );
} }
if( ssl->minor_ver != SSL_MINOR_VERSION_0 )
{
ssl->out_msg[4] = (unsigned char)( n >> 8 );
ssl->out_msg[5] = (unsigned char)( n );
}
} }
else else
#endif /* POLARSSL_KEY_EXCHANGE_RSA_ENABLED */ #endif /* POLARSSL_KEY_EXCHANGE_RSA_ENABLED */

View File

@ -2259,9 +2259,9 @@ static int ssl_parse_encrypted_pms_secret( ssl_context *ssl )
int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE; int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
size_t i, n = 0; size_t i, n = 0;
if( ssl->rsa_key == NULL ) if( ! pk_can_do( ssl->pk_key, POLARSSL_PK_RSA ) )
{ {
SSL_DEBUG_MSG( 1, ( "got no private key" ) ); SSL_DEBUG_MSG( 1, ( "got no RSA private key" ) );
return( POLARSSL_ERR_SSL_PRIVATE_KEY_REQUIRED ); return( POLARSSL_ERR_SSL_PRIVATE_KEY_REQUIRED );
} }
@ -2269,8 +2269,7 @@ static int ssl_parse_encrypted_pms_secret( ssl_context *ssl )
* Decrypt the premaster using own private RSA key * Decrypt the premaster using own private RSA key
*/ */
i = 4; i = 4;
if( ssl->rsa_key ) n = ssl->rsa_key_len( ssl->rsa_key );
n = ssl->rsa_key_len( ssl->rsa_key );
ssl->handshake->pmslen = 48; ssl->handshake->pmslen = 48;
if( ssl->minor_ver != SSL_MINOR_VERSION_0 ) if( ssl->minor_ver != SSL_MINOR_VERSION_0 )
@ -2290,13 +2289,21 @@ static int ssl_parse_encrypted_pms_secret( ssl_context *ssl )
return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
} }
if( ssl->rsa_key ) { if( ssl->rsa_use_alt ) {
ret = ssl->rsa_decrypt( ssl->rsa_key, RSA_PRIVATE, ret = ssl->rsa_decrypt( ssl->rsa_key, RSA_PRIVATE,
&ssl->handshake->pmslen, &ssl->handshake->pmslen,
ssl->in_msg + i, ssl->in_msg + i,
ssl->handshake->premaster, ssl->handshake->premaster,
sizeof(ssl->handshake->premaster) ); sizeof(ssl->handshake->premaster) );
} }
else
{
ret = pk_decrypt( ssl->pk_key,
ssl->in_msg + i, n,
ssl->handshake->premaster, &ssl->handshake->pmslen,
sizeof(ssl->handshake->premaster),
ssl->f_rng, ssl->p_rng );
}
if( ret != 0 || ssl->handshake->pmslen != 48 || if( ret != 0 || ssl->handshake->pmslen != 48 ||
ssl->handshake->premaster[0] != ssl->handshake->max_major_ver || ssl->handshake->premaster[0] != ssl->handshake->max_major_ver ||