mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-22 18:15:40 +01:00
PK: change pk_verify arguments (md_info "optional")
This commit is contained in:
Manuel Pégourié-Gonnard
parent
ab46694558
commit
f73da02962
@ -30,6 +30,8 @@
|
|||||||
|
|
||||||
#include "config.h"
|
#include "config.h"
|
||||||
|
|
||||||
|
#include "md.h"
|
||||||
|
|
||||||
#if defined(POLARSSL_RSA_C)
|
#if defined(POLARSSL_RSA_C)
|
||||||
#include "rsa.h"
|
#include "rsa.h"
|
||||||
#endif
|
#endif
|
||||||
@ -123,8 +125,8 @@ typedef struct
|
|||||||
int (*can_do)( pk_type_t type );
|
int (*can_do)( pk_type_t type );
|
||||||
|
|
||||||
/** Verify signature */
|
/** Verify signature */
|
||||||
int (*verify_func)( void *ctx,
|
int (*verify_func)( void *ctx, md_type_t md_alg,
|
||||||
const unsigned char *hash, const md_info_t *md_info,
|
const unsigned char *hash, size_t hash_len,
|
||||||
const unsigned char *sig, size_t sig_len );
|
const unsigned char *sig, size_t sig_len );
|
||||||
|
|
||||||
/** Allocate a new context */
|
/** Allocate a new context */
|
||||||
@ -203,16 +205,17 @@ int pk_can_do( pk_context *ctx, pk_type_t type );
|
|||||||
* \brief Verify signature
|
* \brief Verify signature
|
||||||
*
|
*
|
||||||
* \param ctx PK context to use
|
* \param ctx PK context to use
|
||||||
|
* \param md_alg Hash algorithm used
|
||||||
* \param hash Hash of the message to sign
|
* \param hash Hash of the message to sign
|
||||||
* \param md_info Information about the hash function used
|
* \param hash_len Hash length
|
||||||
* \param sig Signature to verify
|
* \param sig Signature to verify
|
||||||
* \param sig_len Signature length
|
* \param sig_len Signature length
|
||||||
*
|
*
|
||||||
* \return 0 on success (signature is valid),
|
* \return 0 on success (signature is valid),
|
||||||
* or a specific error code.
|
* or a specific error code.
|
||||||
*/
|
*/
|
||||||
int pk_verify( pk_context *ctx,
|
int pk_verify( pk_context *ctx, md_type_t md_alg,
|
||||||
const unsigned char *hash, const md_info_t *md_info,
|
const unsigned char *hash, size_t hash_len,
|
||||||
const unsigned char *sig, size_t sig_len );
|
const unsigned char *sig, size_t sig_len );
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
10
library/pk.c
10
library/pk.c
@ -110,7 +110,7 @@ int pk_init_ctx( pk_context *ctx, const pk_info_t *info )
|
|||||||
*/
|
*/
|
||||||
int pk_can_do( pk_context *ctx, pk_type_t type )
|
int pk_can_do( pk_context *ctx, pk_type_t type )
|
||||||
{
|
{
|
||||||
/* null of NONE context can't do anything */
|
/* null or NONE context can't do anything */
|
||||||
if( ctx == NULL || ctx->pk_info == NULL )
|
if( ctx == NULL || ctx->pk_info == NULL )
|
||||||
return( 0 );
|
return( 0 );
|
||||||
|
|
||||||
@ -120,14 +120,16 @@ int pk_can_do( pk_context *ctx, pk_type_t type )
|
|||||||
/*
|
/*
|
||||||
* Verify a signature
|
* Verify a signature
|
||||||
*/
|
*/
|
||||||
int pk_verify( pk_context *ctx,
|
int pk_verify( pk_context *ctx, md_type_t md_alg,
|
||||||
const unsigned char *hash, const md_info_t *md_info,
|
const unsigned char *hash, size_t hash_len,
|
||||||
const unsigned char *sig, size_t sig_len )
|
const unsigned char *sig, size_t sig_len )
|
||||||
{
|
{
|
||||||
if( ctx == NULL || ctx->pk_info == NULL )
|
if( ctx == NULL || ctx->pk_info == NULL )
|
||||||
return( POLARSSL_ERR_PK_BAD_INPUT_DATA );
|
return( POLARSSL_ERR_PK_BAD_INPUT_DATA );
|
||||||
|
|
||||||
return( ctx->pk_info->verify_func( ctx->pk_ctx, hash, md_info, sig, sig_len ) );
|
return( ctx->pk_info->verify_func( ctx->pk_ctx, md_alg,
|
||||||
|
hash, hash_len,
|
||||||
|
sig, sig_len ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|||||||
@ -58,15 +58,15 @@ static size_t rsa_get_size( const void * ctx )
|
|||||||
return( 8 * ((rsa_context *) ctx)->len );
|
return( 8 * ((rsa_context *) ctx)->len );
|
||||||
}
|
}
|
||||||
|
|
||||||
static int rsa_verify_wrap( void *ctx,
|
static int rsa_verify_wrap( void *ctx, md_type_t md_alg,
|
||||||
const unsigned char *hash, const md_info_t *md_info,
|
const unsigned char *hash, size_t hash_len,
|
||||||
const unsigned char *sig, size_t sig_len )
|
const unsigned char *sig, size_t sig_len )
|
||||||
{
|
{
|
||||||
if( sig_len != ((rsa_context *) ctx)->len )
|
if( sig_len != ((rsa_context *) ctx)->len )
|
||||||
return( POLARSSL_ERR_RSA_VERIFY_FAILED );
|
return( POLARSSL_ERR_RSA_VERIFY_FAILED );
|
||||||
|
|
||||||
return( rsa_pkcs1_verify( (rsa_context *) ctx,
|
return( rsa_pkcs1_verify( (rsa_context *) ctx,
|
||||||
RSA_PUBLIC, md_info->type, 0, hash, sig ) );
|
RSA_PUBLIC, md_alg, hash_len, hash, sig ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
static void *rsa_alloc_wrap( void )
|
static void *rsa_alloc_wrap( void )
|
||||||
@ -128,19 +128,20 @@ static size_t eckey_get_size( const void *ctx )
|
|||||||
|
|
||||||
#if defined(POLARSSL_ECDSA_C)
|
#if defined(POLARSSL_ECDSA_C)
|
||||||
/* Forward declaration */
|
/* Forward declaration */
|
||||||
static int ecdsa_verify_wrap( void *ctx,
|
static int ecdsa_verify_wrap( void *ctx, md_type_t md_alg,
|
||||||
const unsigned char *hash, const md_info_t *md_info,
|
const unsigned char *hash, size_t hash_len,
|
||||||
const unsigned char *sig, size_t sig_len );
|
const unsigned char *sig, size_t sig_len );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
static int eckey_verify_wrap( void *ctx,
|
static int eckey_verify_wrap( void *ctx, md_type_t md_alg,
|
||||||
const unsigned char *hash, const md_info_t *md_info,
|
const unsigned char *hash, size_t hash_len,
|
||||||
const unsigned char *sig, size_t sig_len )
|
const unsigned char *sig, size_t sig_len )
|
||||||
{
|
{
|
||||||
#if !defined(POLARSSL_ECDSA_C)
|
#if !defined(POLARSSL_ECDSA_C)
|
||||||
((void) ctx);
|
((void) ctx);
|
||||||
|
((void) md_alg);
|
||||||
((void) hash);
|
((void) hash);
|
||||||
((void) md_info);
|
((void) hash_len);
|
||||||
((void) sig);
|
((void) sig);
|
||||||
((void) sig_len);
|
((void) sig_len);
|
||||||
|
|
||||||
@ -152,7 +153,7 @@ static int eckey_verify_wrap( void *ctx,
|
|||||||
ecdsa_init( &ecdsa );
|
ecdsa_init( &ecdsa );
|
||||||
|
|
||||||
ret = ecdsa_from_keypair( &ecdsa, ctx ) ||
|
ret = ecdsa_from_keypair( &ecdsa, ctx ) ||
|
||||||
ecdsa_verify_wrap( &ecdsa, hash, md_info, sig, sig_len );
|
ecdsa_verify_wrap( &ecdsa, md_alg, hash, hash_len, sig, sig_len );
|
||||||
|
|
||||||
ecdsa_free( &ecdsa );
|
ecdsa_free( &ecdsa );
|
||||||
|
|
||||||
@ -203,13 +204,14 @@ static int eckeydh_can_do( pk_type_t type )
|
|||||||
type == POLARSSL_PK_ECKEY_DH );
|
type == POLARSSL_PK_ECKEY_DH );
|
||||||
}
|
}
|
||||||
|
|
||||||
static int eckeydh_verify_wrap( void *ctx,
|
static int eckeydh_verify_wrap( void *ctx, md_type_t md_alg,
|
||||||
const unsigned char *hash, const md_info_t *md_info,
|
const unsigned char *hash, size_t hash_len,
|
||||||
const unsigned char *sig, size_t sig_len )
|
const unsigned char *sig, size_t sig_len )
|
||||||
{
|
{
|
||||||
((void) ctx);
|
((void) ctx);
|
||||||
|
((void) md_alg);
|
||||||
((void) hash);
|
((void) hash);
|
||||||
((void) md_info);
|
((void) hash_len);
|
||||||
((void) sig);
|
((void) sig);
|
||||||
((void) sig_len);
|
((void) sig_len);
|
||||||
|
|
||||||
@ -234,12 +236,14 @@ static int ecdsa_can_do( pk_type_t type )
|
|||||||
return( type == POLARSSL_PK_ECDSA );
|
return( type == POLARSSL_PK_ECDSA );
|
||||||
}
|
}
|
||||||
|
|
||||||
static int ecdsa_verify_wrap( void *ctx,
|
static int ecdsa_verify_wrap( void *ctx, md_type_t md_alg,
|
||||||
const unsigned char *hash, const md_info_t *md_info,
|
const unsigned char *hash, size_t hash_len,
|
||||||
const unsigned char *sig, size_t sig_len )
|
const unsigned char *sig, size_t sig_len )
|
||||||
{
|
{
|
||||||
|
((void) md_alg);
|
||||||
|
|
||||||
return( ecdsa_read_signature( (ecdsa_context *) ctx,
|
return( ecdsa_read_signature( (ecdsa_context *) ctx,
|
||||||
hash, md_info->size, sig, sig_len ) );
|
hash, hash_len, sig, sig_len ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
static void *ecdsa_alloc_wrap( void )
|
static void *ecdsa_alloc_wrap( void )
|
||||||
|
|||||||
@ -3429,7 +3429,7 @@ static int x509parse_verifycrl(x509_cert *crt, x509_cert *ca,
|
|||||||
md( md_info, crl_list->tbs.p, crl_list->tbs.len, hash );
|
md( md_info, crl_list->tbs.p, crl_list->tbs.len, hash );
|
||||||
|
|
||||||
if( pk_can_do( &ca->pk, crl_list->sig_pk ) == 0 ||
|
if( pk_can_do( &ca->pk, crl_list->sig_pk ) == 0 ||
|
||||||
pk_verify( &ca->pk, hash, md_info,
|
pk_verify( &ca->pk, crl_list->sig_md, hash, md_info->size,
|
||||||
crl_list->sig.p, crl_list->sig.len ) != 0 )
|
crl_list->sig.p, crl_list->sig.len ) != 0 )
|
||||||
{
|
{
|
||||||
flags |= BADCRL_NOT_TRUSTED;
|
flags |= BADCRL_NOT_TRUSTED;
|
||||||
@ -3546,7 +3546,7 @@ static int x509parse_verify_top(
|
|||||||
md( md_info, child->tbs.p, child->tbs.len, hash );
|
md( md_info, child->tbs.p, child->tbs.len, hash );
|
||||||
|
|
||||||
if( pk_can_do( &trust_ca->pk, child->sig_pk ) == 0 ||
|
if( pk_can_do( &trust_ca->pk, child->sig_pk ) == 0 ||
|
||||||
pk_verify( &trust_ca->pk, hash, md_info,
|
pk_verify( &trust_ca->pk, child->sig_md, hash, md_info->size,
|
||||||
child->sig.p, child->sig.len ) != 0 )
|
child->sig.p, child->sig.len ) != 0 )
|
||||||
{
|
{
|
||||||
trust_ca = trust_ca->next;
|
trust_ca = trust_ca->next;
|
||||||
@ -3623,7 +3623,7 @@ static int x509parse_verify_child(
|
|||||||
md( md_info, child->tbs.p, child->tbs.len, hash );
|
md( md_info, child->tbs.p, child->tbs.len, hash );
|
||||||
|
|
||||||
if( pk_can_do( &parent->pk, child->sig_pk ) == 0 ||
|
if( pk_can_do( &parent->pk, child->sig_pk ) == 0 ||
|
||||||
pk_verify( &parent->pk, hash, md_info,
|
pk_verify( &parent->pk, child->sig_md, hash, md_info->size,
|
||||||
child->sig.p, child->sig.len ) != 0 )
|
child->sig.p, child->sig.len ) != 0 )
|
||||||
{
|
{
|
||||||
*flags |= BADCERT_NOT_TRUSTED;
|
*flags |= BADCERT_NOT_TRUSTED;
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user