pk_{sign,verify}() now accept hash_len = 0

This commit is contained in:
Manuel Pégourié-Gonnard 2013-08-22 14:55:30 +02:00
parent a20c58c6f1
commit bfe32efb9b
4 changed files with 48 additions and 45 deletions

View File

@ -270,14 +270,19 @@ int pk_can_do( pk_context *ctx, pk_type_t type );
* \brief Verify signature * \brief Verify signature
* *
* \param ctx PK context to use * \param ctx PK context to use
* \param md_alg Hash algorithm used * \param md_alg Hash algorithm used (see notes)
* \param hash Hash of the message to sign * \param hash Hash of the message to sign
* \param hash_len Hash length * \param hash_len Hash length or 0 (see notes)
* \param sig Signature to verify * \param sig Signature to verify
* \param sig_len Signature length * \param sig_len Signature length
* *
* \return 0 on success (signature is valid), * \return 0 on success (signature is valid),
* or a specific error code. * or a specific error code.
*
* \note If hash_len is 0, then the length associated with md_alg
* is used instead, or an error returned if it is invalid.
*
* \note md_alg may be POLARSSL_MD_NONE, only if hash_len != 0
*/ */
int pk_verify( pk_context *ctx, md_type_t md_alg, int pk_verify( pk_context *ctx, md_type_t md_alg,
const unsigned char *hash, size_t hash_len, const unsigned char *hash, size_t hash_len,
@ -287,15 +292,20 @@ int pk_verify( pk_context *ctx, md_type_t md_alg,
* \brief Make signature * \brief Make signature
* *
* \param ctx PK context to use * \param ctx PK context to use
* \param md_alg Hash algorithm used * \param md_alg Hash algorithm used (see notes)
* \param hash Hash of the message to sign * \param hash Hash of the message to sign
* \param hash_len Hash length * \param hash_len Hash length or 0 (see notes)
* \param sig Place to write the signature * \param sig Place to write the signature
* \param sig_len Number of bytes written * \param sig_len Number of bytes written
* \param f_rng RNG function * \param f_rng RNG function
* \param p_rng RNG parameter * \param p_rng RNG parameter
* *
* \return 0 on success, or a specific error code. * \return 0 on success, or a specific error code.
*
* \note If hash_len is 0, then the length associated with md_alg
* is used instead, or an error returned if it is invalid.
*
* \note md_alg may be POLARSSL_MD_NONE, only if hash_len != 0
*/ */
int pk_sign( pk_context *ctx, md_type_t md_alg, int pk_sign( pk_context *ctx, md_type_t md_alg,
const unsigned char *hash, size_t hash_len, const unsigned char *hash, size_t hash_len,

View File

@ -149,6 +149,23 @@ int pk_can_do( pk_context *ctx, pk_type_t type )
return( ctx->pk_info->can_do( type ) ); return( ctx->pk_info->can_do( type ) );
} }
/*
* Helper for pk_sign and pk_verify
*/
static inline int pk_hashlen_helper( md_type_t md_alg, size_t *hash_len )
{
const md_info_t *md_info;
if( *hash_len != 0 )
return( 0 );
if( ( md_info = md_info_from_type( md_alg ) ) == NULL )
return( -1 );
*hash_len = md_info->size;
return( 0 );
}
/* /*
* Verify a signature * Verify a signature
*/ */
@ -156,7 +173,8 @@ int pk_verify( pk_context *ctx, md_type_t md_alg,
const unsigned char *hash, size_t hash_len, const unsigned char *hash, size_t hash_len,
const unsigned char *sig, size_t sig_len ) const unsigned char *sig, size_t sig_len )
{ {
if( ctx == NULL || ctx->pk_info == NULL ) if( ctx == NULL || ctx->pk_info == NULL ||
pk_hashlen_helper( md_alg, &hash_len ) != 0 )
return( POLARSSL_ERR_PK_BAD_INPUT_DATA ); return( POLARSSL_ERR_PK_BAD_INPUT_DATA );
if( ctx->pk_info->verify_func == NULL ) if( ctx->pk_info->verify_func == NULL )
@ -174,7 +192,8 @@ int pk_sign( pk_context *ctx, md_type_t md_alg,
unsigned char *sig, size_t *sig_len, unsigned char *sig, size_t *sig_len,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{ {
if( ctx == NULL || ctx->pk_info == NULL ) if( ctx == NULL || ctx->pk_info == NULL ||
pk_hashlen_helper( md_alg, &hash_len ) != 0 )
return( POLARSSL_ERR_PK_BAD_INPUT_DATA ); return( POLARSSL_ERR_PK_BAD_INPUT_DATA );
if( ctx->pk_info->sign_func == NULL ) if( ctx->pk_info->sign_func == NULL )

View File

@ -1164,8 +1164,6 @@ static int ssl_parse_signature_algorithm( ssl_context *ssl,
size_t *hash_len, size_t *hash_len,
pk_type_t *pk_alg ) pk_type_t *pk_alg )
{ {
const md_info_t *md_info;
((void) ssl); ((void) ssl);
*md_alg = POLARSSL_MD_NONE; *md_alg = POLARSSL_MD_NONE;
*pk_alg = POLARSSL_PK_NONE; *pk_alg = POLARSSL_PK_NONE;
@ -1180,6 +1178,9 @@ static int ssl_parse_signature_algorithm( ssl_context *ssl,
if( (*p) + 2 > end ) if( (*p) + 2 > end )
return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
/* Info from md_alg will be used instead */
*hash_len = 0;
/* /*
* Get hash algorithm * Get hash algorithm
*/ */
@ -1190,18 +1191,6 @@ static int ssl_parse_signature_algorithm( ssl_context *ssl,
return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
} }
/*
* Get hash_len from hash alg
*/
if( ( md_info = md_info_from_type( *md_alg ) ) == NULL )
{
SSL_DEBUG_MSG( 2, ( "Server used unsupported "
"HashAlgorithm %d", *(p)[0] ) );
return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
}
*hash_len = md_info->size;
/* /*
* Get signature algorithm * Get signature algorithm
*/ */
@ -1956,7 +1945,6 @@ static int ssl_write_certificate_verify( ssl_context *ssl )
} }
else else
{ {
const md_info_t *md_info;
/* /*
* digitally-signed struct { * digitally-signed struct {
* opaque handshake_messages[handshake_messages_length]; * opaque handshake_messages[handshake_messages_length];
@ -1985,13 +1973,8 @@ static int ssl_write_certificate_verify( ssl_context *ssl )
} }
ssl->out_msg[5] = ssl_sig_from_pk( ssl->pk_key ); ssl->out_msg[5] = ssl_sig_from_pk( ssl->pk_key );
if( ( md_info = md_info_from_type( md_alg ) ) == NULL ) /* Info from md_alg will be used instead */
{ hashlen = 0;
SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
}
hashlen = md_info->size;
offset = 2; offset = 2;
} }

View File

@ -1989,7 +1989,9 @@ static int ssl_write_server_key_exchange( ssl_context *ssl )
else else
{ {
md_context_t ctx; md_context_t ctx;
const md_info_t *md_info;
/* Info from md_alg will be used instead */
hashlen = 0;
/* /*
* digitally-signed struct { * digitally-signed struct {
@ -1998,17 +2000,14 @@ static int ssl_write_server_key_exchange( ssl_context *ssl )
* ServerDHParams params; * ServerDHParams params;
* }; * };
*/ */
md_alg = ssl_md_alg_from_hash( ssl->handshake->sig_alg ); if( ( md_alg = ssl_md_alg_from_hash( ssl->handshake->sig_alg ) )
== POLARSSL_MD_NONE )
if( ( md_info = md_info_from_type( md_alg ) ) == NULL )
{ {
SSL_DEBUG_MSG( 1, ( "should never happen" ) ); SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE ); return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
} }
hashlen = md_info->size; if( ( ret = md_init_ctx( &ctx, md_info_from_type(md_alg) ) ) != 0 )
if( ( ret = md_init_ctx( &ctx, md_info ) ) != 0 )
{ {
SSL_DEBUG_RET( 1, "md_init_ctx", ret ); SSL_DEBUG_RET( 1, "md_init_ctx", ret );
return( ret ); return( ret );
@ -2502,7 +2501,6 @@ static int ssl_parse_certificate_verify( ssl_context *ssl )
size_t hashlen; size_t hashlen;
pk_type_t pk_alg; pk_type_t pk_alg;
md_type_t md_alg; md_type_t md_alg;
const md_info_t *md_info;
const ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info; const ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
SSL_DEBUG_MSG( 2, ( "=> parse certificate verify" ) ); SSL_DEBUG_MSG( 2, ( "=> parse certificate verify" ) );
@ -2575,15 +2573,8 @@ static int ssl_parse_certificate_verify( ssl_context *ssl )
md_alg = ssl_md_alg_from_hash( ssl->handshake->verify_sig_alg ); md_alg = ssl_md_alg_from_hash( ssl->handshake->verify_sig_alg );
/* /* Info from md_alg will be used instead */
* Get hashlen from MD hashlen = 0;
*/
if( ( md_info = md_info_from_type( md_alg ) ) == NULL )
{
SSL_DEBUG_MSG( 1, ( "requested hash not available " ) );
return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
}
hashlen = md_info->size;
/* /*
* Signature * Signature