yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-26 03:05:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add a PK can_do() method and simplify code

Browse Source
This commit is contained in:
Manuel Pégourié-Gonnard 2013-08-12 18:41:18 +02:00
parent d73b3c13be
commit f18c3e0378
4 changed files with 38 additions and 137 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
include/polarssl/pk.h
View File

@ -89,6 +89,9 @@ typedef struct
/** Public key type */ /** Public key type */
pk_type_t type; pk_type_t type;
/** Tell if the context implements this type (eg ECKEY can do ECDSA) */
int (*can_do)( pk_type_t type );
/** Verify signature */ /** Verify signature */
int (*verify_func)( void *ctx, int (*verify_func)( void *ctx,
const unsigned char *hash, const md_info_t *md_info, const unsigned char *hash, const md_info_t *md_info,
@ -131,33 +134,6 @@ void pk_free( pk_context *ctx );
*/ */
int pk_set_type( pk_context *ctx, pk_type_t type ); int pk_set_type( pk_context *ctx, pk_type_t type );
#if defined(POLARSSL_ECDSA_C)
/**
* \brief Convert a generic EC key into an ECDSA context
*
* \param ctx Context to convert
*
* \return 0 on success, or
* POLARSSL_ERR_PK_MALLOC_FAILED or
* POLARSSL_ERR_PK_TYPE_MISMATCH.
*/
int pk_ec_to_ecdsa( pk_context *ctx );
/**
* \brief Tell if a PK context can be used for ECDSA
*
* \param ctx Context to check
*
* \return 0 if context cannot be used for ECDSA,
* 1 otherwise
*/
static inline int pk_can_ecdsa( pk_context ctx )
{
return( ctx.type == POLARSSL_PK_ECKEY ||
ctx.type == POLARSSL_PK_ECDSA );
}
#endif /* POLARSSL_ECDSA_C */
#if defined(POLARSSL_RSA_C) #if defined(POLARSSL_RSA_C)
/** /**
* \brief Wrap a RSA context in a PK context * \brief Wrap a RSA context in a PK context

36
library/pk.c
View File

@ -146,42 +146,6 @@ int pk_set_type( pk_context *ctx, pk_type_t type )
return( 0 ); return( 0 );
} }
#if defined(POLARSSL_ECDSA_C)
/*
* Convert generic EC context to ECDSA
*/
int pk_ec_to_ecdsa( pk_context *ctx )
{
ecp_keypair *eckey;
ecdsa_context *ecdsa;
if( ctx->type == POLARSSL_PK_ECDSA )
return( 0 );
if( ctx->type != POLARSSL_PK_ECKEY )
return( POLARSSL_ERR_PK_TYPE_MISMATCH );
eckey = (ecp_keypair *) ctx->data;
if( ( ecdsa = polarssl_malloc( sizeof( ecdsa_context ) ) ) == NULL )
return( POLARSSL_ERR_PK_MALLOC_FAILED );
ecdsa_init( ecdsa );
/* struct ecdsa_context begins the same as struct ecp_keypair */
memcpy( ecdsa, eckey, sizeof( ecp_keypair ) );
if( ! ctx->dont_free )
polarssl_free( eckey );
ctx->dont_free = 0;
ctx->type = POLARSSL_PK_ECDSA;
ctx->data = ecdsa;
return( 0 );
}
#endif /* POLARSSL_ECDSA_C */
#if defined(POLARSSL_RSA_C) #if defined(POLARSSL_RSA_C)
/* /*
* Wrap an RSA context in a PK context * Wrap an RSA context in a PK context

20
library/pk_wrap.c
View File

@ -40,6 +40,11 @@
#endif #endif
#if defined(POLARSSL_RSA_C) #if defined(POLARSSL_RSA_C)
static int rsa_can_do( pk_type_t type )
{
return( type == POLARSSL_PK_RSA );
}
static int rsa_verify_wrap( void *ctx, static int rsa_verify_wrap( void *ctx,
const unsigned char *hash, const md_info_t *md_info, const unsigned char *hash, const md_info_t *md_info,
const unsigned char *sig, size_t sig_len ) const unsigned char *sig, size_t sig_len )
@ -52,11 +57,17 @@ static int rsa_verify_wrap( void *ctx,
const pk_info_t rsa_info = { const pk_info_t rsa_info = {
POLARSSL_PK_RSA, POLARSSL_PK_RSA,
rsa_can_do,
rsa_verify_wrap, rsa_verify_wrap,
}; };
#endif /* POLARSSL_RSA_C */ #endif /* POLARSSL_RSA_C */
#if defined(POLARSSL_ECDSA_C) #if defined(POLARSSL_ECDSA_C)
int ecdsa_can_do( pk_type_t type )
{
return( type == POLARSSL_PK_ECDSA );
}
int ecdsa_verify_wrap( void *ctx, int ecdsa_verify_wrap( void *ctx,
const unsigned char *hash, const md_info_t *md_info, const unsigned char *hash, const md_info_t *md_info,
const unsigned char *sig, size_t sig_len ) const unsigned char *sig, size_t sig_len )
@ -67,11 +78,19 @@ int ecdsa_verify_wrap( void *ctx,
const pk_info_t ecdsa_info = { const pk_info_t ecdsa_info = {
POLARSSL_PK_ECDSA, POLARSSL_PK_ECDSA,
ecdsa_can_do,
ecdsa_verify_wrap, ecdsa_verify_wrap,
}; };
#endif /* POLARSSL_ECDSA_C */ #endif /* POLARSSL_ECDSA_C */
#if defined(POLARSSL_ECP_C) #if defined(POLARSSL_ECP_C)
static int eckey_can_do( pk_type_t type )
{
return( type == POLARSSL_PK_ECKEY ||
type == POLARSSL_PK_ECKEY_DH ||
type == POLARSSL_PK_ECDSA );
}
static int eckey_verify_wrap( void *ctx, static int eckey_verify_wrap( void *ctx,
const unsigned char *hash, const md_info_t *md_info, const unsigned char *hash, const md_info_t *md_info,
const unsigned char *sig, size_t sig_len ) const unsigned char *sig, size_t sig_len )
@ -101,6 +120,7 @@ static int eckey_verify_wrap( void *ctx,
const pk_info_t eckey_info = { const pk_info_t eckey_info = {
POLARSSL_PK_ECKEY, POLARSSL_PK_ECKEY,
eckey_can_do,
eckey_verify_wrap, eckey_verify_wrap,
}; };
#endif /* POLARSSL_ECP_C */ #endif /* POLARSSL_ECP_C */

89
library/x509parse.c
View File

@ -3344,33 +3344,13 @@ static int x509parse_verifycrl(x509_cert *crt, x509_cert *ca,
md( md_info, crl_list->tbs.p, crl_list->tbs.len, hash ); md( md_info, crl_list->tbs.p, crl_list->tbs.len, hash );
#if defined(POLARSSL_RSA_C) if( ca->pk.info->can_do( crl_list->sig_pk ) == 0 ||
if( crl_list->sig_pk == POLARSSL_PK_RSA ) ca->pk.info->verify_func( ca->pk.data, hash, md_info,
crl_list->sig.p, crl_list->sig.len ) != 0 )
{ {
if( ca->pk.type != POLARSSL_PK_RSA || flags |= BADCRL_NOT_TRUSTED;
ca->pk.info->verify_func( ca->pk.data, break;
hash, md_info, crl_list->sig.p, crl_list->sig.len ) != 0 )
{
flags |= BADCRL_NOT_TRUSTED;
break;
}
} }
else
#endif /* POLARSSL_RSA_C */
#if defined(POLARSSL_ECDSA_C)
if( crl_list->sig_pk == POLARSSL_PK_ECDSA )
{
if( ! pk_can_ecdsa( ca->pk ) ||
ca->pk.info->verify_func( ca->pk.data,
hash, md_info, crl_list->sig.p, crl_list->sig.len ) != 0 )
{
flags |= BADCRL_NOT_TRUSTED;
break;
}
}
else
#endif /* POLARSSL_ECDSA_C */
return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
/* /*
* Check for validity of CRL (Do not drop out) * Check for validity of CRL (Do not drop out)
@ -3457,7 +3437,7 @@ static int x509parse_verify_top(
*/ */
if( child->subject_raw.len == trust_ca->subject_raw.len && if( child->subject_raw.len == trust_ca->subject_raw.len &&
memcmp( child->subject_raw.p, trust_ca->subject_raw.p, memcmp( child->subject_raw.p, trust_ca->subject_raw.p,
child->issuer_raw.len ) == 0 ) child->issuer_raw.len ) == 0 )
{ {
check_path_cnt--; check_path_cnt--;
} }
@ -3481,33 +3461,13 @@ static int x509parse_verify_top(
md( md_info, child->tbs.p, child->tbs.len, hash ); md( md_info, child->tbs.p, child->tbs.len, hash );
#if defined(POLARSSL_RSA_C) if( trust_ca->pk.info->can_do( child->sig_pk ) == 0 ||
if( child->sig_pk == POLARSSL_PK_RSA ) trust_ca->pk.info->verify_func( trust_ca->pk.data, hash, md_info,
child->sig.p, child->sig.len ) != 0 )
{ {
if( trust_ca->pk.type != POLARSSL_PK_RSA || trust_ca = trust_ca->next;
trust_ca->pk.info->verify_func( trust_ca->pk.data, continue;
hash, md_info, child->sig.p, child->sig.len ) != 0 )
{
trust_ca = trust_ca->next;
continue;
}
} }
else
#endif /* POLARSSL_RSA_C */
#if defined(POLARSSL_ECDSA_C)
if( child->sig_pk == POLARSSL_PK_ECDSA )
{
if( ! pk_can_ecdsa( trust_ca->pk ) ||
trust_ca->pk.info->verify_func( trust_ca->pk.data,
hash, md_info, child->sig.p, child->sig.len ) != 0 )
{
trust_ca = trust_ca->next;
continue;
}
}
else
#endif /* POLARSSL_ECDSA_C */
return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
/* /*
* Top of chain is signed by a trusted CA * Top of chain is signed by a trusted CA
@ -3578,31 +3538,12 @@ static int x509parse_verify_child(
{ {
md( md_info, child->tbs.p, child->tbs.len, hash ); md( md_info, child->tbs.p, child->tbs.len, hash );
#if defined(POLARSSL_RSA_C) if( parent->pk.info->can_do( child->sig_pk ) == 0 ||
if( child->sig_pk == POLARSSL_PK_RSA ) parent->pk.info->verify_func( parent->pk.data, hash, md_info,
child->sig.p, child->sig.len ) != 0 )
{ {
if( parent->pk.type != POLARSSL_PK_RSA || *flags |= BADCERT_NOT_TRUSTED;
parent->pk.info->verify_func( parent->pk.data,
hash, md_info, child->sig.p, child->sig.len ) != 0 )
{
*flags |= BADCERT_NOT_TRUSTED;
}
} }
else
#endif /* POLARSSL_RSA_C */
#if defined(POLARSSL_ECDSA_C)
if( child->sig_pk == POLARSSL_PK_ECDSA )
{
if( ! pk_can_ecdsa( parent->pk ) ||
parent->pk.info->verify_func( parent->pk.data,
hash, md_info, child->sig.p, child->sig.len ) != 0 )
{
*flags |= BADCERT_NOT_TRUSTED;
}
}
else
#endif /* POLARSSL_ECDSA_C */
return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
} }
/* Check trusted CA's CRL for the given crt */ /* Check trusted CA's CRL for the given crt */