feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Added new callbacks for the VerifyRsaSign, which uses a private key to verify a created signature. The new callbacks API's are wolfSSL_CTX_SetRsaVerifySignCb and wolfSSL_CTX_SetRsaPssVerifySignCb. These use the same callback prototype as the CallbackRsaVerify and use the same context.

Browse Source
This commit is contained in:
David Garske
2018-03-15 14:43:41 -07:00
parent d8fe341998
commit ed7774e94a
5 changed files with 91 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/internal.c
View File

@@ -3139,7 +3139,7 @@ int VerifyRsaSign(WOLFSSL* ssl, byte* verifySig, word32 sigSz,
return ret; return ret;
#ifdef HAVE_PK_CALLBACKS #ifdef HAVE_PK_CALLBACKS
if (ssl->ctx->RsaPssVerifyCb) { if (ssl->ctx->RsaPssVerifyCb) {
ret = ssl->ctx->RsaPssVerifyCb(ssl, verifySig, sigSz, &out, ret = ssl->ctx->RsaPssVerifySignCb(ssl, verifySig, sigSz, &out,
TypeHash(hashAlgo), mgf, TypeHash(hashAlgo), mgf,
keyBuf, keySz, ctx); keyBuf, keySz, ctx);
} }
@@ -3161,7 +3161,7 @@ int VerifyRsaSign(WOLFSSL* ssl, byte* verifySig, word32 sigSz,
{ {
#ifdef HAVE_PK_CALLBACKS #ifdef HAVE_PK_CALLBACKS
if (ssl->ctx->RsaVerifyCb) { if (ssl->ctx->RsaVerifyCb) {
ret = ssl->ctx->RsaVerifyCb(ssl, verifySig, sigSz, &out, ret = ssl->ctx->RsaVerifySignCb(ssl, verifySig, sigSz, &out,
keyBuf, keySz, ctx); keyBuf, keySz, ctx);
} }
else else

12
src/ssl.c
View File

@@ -28685,6 +28685,12 @@ void wolfSSL_CTX_SetRsaVerifyCb(WOLFSSL_CTX* ctx, CallbackRsaVerify cb)
ctx->RsaVerifyCb = cb; ctx->RsaVerifyCb = cb;
} }
void wolfSSL_CTX_SetRsaVerifySignCb(WOLFSSL_CTX* ctx, CallbackRsaVerify cb)
{
if (ctx)
ctx->RsaVerifySignCb = cb;
}
void wolfSSL_SetRsaVerifyCtx(WOLFSSL* ssl, void *ctx) void wolfSSL_SetRsaVerifyCtx(WOLFSSL* ssl, void *ctx)
{ {
@@ -28731,6 +28737,12 @@ void wolfSSL_CTX_SetRsaPssVerifyCb(WOLFSSL_CTX* ctx, CallbackRsaPssVerify cb)
ctx->RsaPssVerifyCb = cb; ctx->RsaPssVerifyCb = cb;
} }
void wolfSSL_CTX_SetRsaPssVerifySignCb(WOLFSSL_CTX* ctx, CallbackRsaPssVerify cb)
{
if (ctx)
ctx->RsaPssVerifySignCb = cb;
}
void wolfSSL_SetRsaPssVerifyCtx(WOLFSSL* ssl, void *ctx) void wolfSSL_SetRsaPssVerifyCtx(WOLFSSL* ssl, void *ctx)
{ {

10
wolfssl/internal.h
View File

@@ -2507,11 +2507,13 @@ struct WOLFSSL_CTX {
CallbackDhAgree DhAgreeCb; /* User DH Agree Callback handler */ CallbackDhAgree DhAgreeCb; /* User DH Agree Callback handler */
#endif #endif
#ifndef NO_RSA #ifndef NO_RSA
CallbackRsaSign RsaSignCb; /* User RsaSign Callback handler */ CallbackRsaSign RsaSignCb; /* User RsaSign Callback handler (priv key) */
CallbackRsaVerify RsaVerifyCb; /* User RsaVerify Callback handler */ CallbackRsaVerify RsaVerifyCb; /* User RsaVerify Callback handler (pub key) */
CallbackRsaVerify RsaVerifySignCb; /* User RsaVerifySign Callback handler (priv key) */
#ifdef WC_RSA_PSS #ifdef WC_RSA_PSS
CallbackRsaPssSign RsaPssSignCb; /* User RsaPssSign */ CallbackRsaPssSign RsaPssSignCb; /* User RsaPssSign (priv key) */
CallbackRsaPssVerify RsaPssVerifyCb; /* User RsaPssVerify */ CallbackRsaPssVerify RsaPssVerifyCb; /* User RsaPssVerify (pub key) */
CallbackRsaPssVerify RsaPssVerifySignCb; /* User RsaPssVerifySign (priv key) */
#endif #endif
CallbackRsaEnc RsaEncCb; /* User Rsa Public Encrypt handler */ CallbackRsaEnc RsaEncCb; /* User Rsa Public Encrypt handler */
CallbackRsaDec RsaDecCb; /* User Rsa Private Decrypt handler */ CallbackRsaDec RsaDecCb; /* User Rsa Private Decrypt handler */

3
wolfssl/ssl.h
View File

@@ -1893,6 +1893,7 @@ typedef int (*CallbackRsaVerify)(WOLFSSL* ssl,
const unsigned char* keyDer, unsigned int keySz, const unsigned char* keyDer, unsigned int keySz,
void* ctx); void* ctx);
WOLFSSL_API void wolfSSL_CTX_SetRsaVerifyCb(WOLFSSL_CTX*, CallbackRsaVerify); WOLFSSL_API void wolfSSL_CTX_SetRsaVerifyCb(WOLFSSL_CTX*, CallbackRsaVerify);
WOLFSSL_API void wolfSSL_CTX_SetRsaVerifySignCb(WOLFSSL_CTX*, CallbackRsaVerify);
WOLFSSL_API void wolfSSL_SetRsaVerifyCtx(WOLFSSL* ssl, void *ctx); WOLFSSL_API void wolfSSL_SetRsaVerifyCtx(WOLFSSL* ssl, void *ctx);
WOLFSSL_API void* wolfSSL_GetRsaVerifyCtx(WOLFSSL* ssl); WOLFSSL_API void* wolfSSL_GetRsaVerifyCtx(WOLFSSL* ssl);
@@ -1915,6 +1916,8 @@ typedef int (*CallbackRsaPssVerify)(WOLFSSL* ssl,
void* ctx); void* ctx);
WOLFSSL_API void wolfSSL_CTX_SetRsaPssVerifyCb(WOLFSSL_CTX*, WOLFSSL_API void wolfSSL_CTX_SetRsaPssVerifyCb(WOLFSSL_CTX*,
CallbackRsaPssVerify); CallbackRsaPssVerify);
WOLFSSL_API void wolfSSL_CTX_SetRsaPssVerifySignCb(WOLFSSL_CTX*,
CallbackRsaPssVerify);
WOLFSSL_API void wolfSSL_SetRsaPssVerifyCtx(WOLFSSL* ssl, void *ctx); WOLFSSL_API void wolfSSL_SetRsaPssVerifyCtx(WOLFSSL* ssl, void *ctx);
WOLFSSL_API void* wolfSSL_GetRsaPssVerifyCtx(WOLFSSL* ssl); WOLFSSL_API void* wolfSSL_GetRsaPssVerifyCtx(WOLFSSL* ssl);
#endif #endif

69
wolfssl/test.h
View File

@@ -2101,9 +2101,7 @@ static INLINE int myRsaSign(WOLFSSL* ssl, const byte* in, word32 inSz,
static INLINE int myRsaVerify(WOLFSSL* ssl, byte* sig, word32 sigSz, static INLINE int myRsaVerify(WOLFSSL* ssl, byte* sig, word32 sigSz,
byte** out, byte** out, const byte* key, word32 keySz, void* ctx)
const byte* key, word32 keySz,
void* ctx)
{ {
int ret; int ret;
word32 idx = 0; word32 idx = 0;
@@ -2123,6 +2121,27 @@ static INLINE int myRsaVerify(WOLFSSL* ssl, byte* sig, word32 sigSz,
return ret; return ret;
} }
static INLINE int myRsaVerifySign(WOLFSSL* ssl, byte* sig, word32 sigSz,
byte** out, const byte* key, word32 keySz, void* ctx)
{
int ret;
word32 idx = 0;
RsaKey myKey;
(void)ssl;
(void)ctx;
ret = wc_InitRsaKey(&myKey, NULL);
if (ret == 0) {
ret = wc_RsaPrivateKeyDecode(key, &idx, &myKey, keySz);
if (ret == 0)
ret = wc_RsaSSL_VerifyInline(sig, sigSz, out, &myKey);
wc_FreeRsaKey(&myKey);
}
return ret;
}
#ifdef WC_RSA_PSS #ifdef WC_RSA_PSS
static INLINE int myRsaPssSign(WOLFSSL* ssl, const byte* in, word32 inSz, static INLINE int myRsaPssSign(WOLFSSL* ssl, const byte* in, word32 inSz,
byte* out, word32* outSz, int hash, int mgf, const byte* key, byte* out, word32* outSz, int hash, int mgf, const byte* key,
@@ -2219,6 +2238,48 @@ static INLINE int myRsaPssVerify(WOLFSSL* ssl, byte* sig, word32 sigSz,
return ret; return ret;
} }
static INLINE int myRsaPssVerifySign(WOLFSSL* ssl, byte* sig, word32 sigSz,
byte** out, int hash, int mgf, const byte* key, word32 keySz, void* ctx)
{
enum wc_HashType hashType = WC_HASH_TYPE_NONE;
int ret;
word32 idx = 0;
RsaKey myKey;
(void)ssl;
(void)ctx;
switch (hash) {
#ifndef NO_SHA256
case SHA256h:
hashType = WC_HASH_TYPE_SHA256;
break;
#endif
#ifdef WOLFSSL_SHA384
case SHA384h:
hashType = WC_HASH_TYPE_SHA384;
break;
#endif
#ifdef WOLFSSL_SHA512
case SHA512h:
hashType = WC_HASH_TYPE_SHA512;
break;
#endif
}
ret = wc_InitRsaKey(&myKey, NULL);
if (ret == 0) {
ret = wc_RsaPrivateKeyDecode(key, &idx, &myKey, keySz);
if (ret == 0) {
ret = wc_RsaPSS_VerifyInline(sig, sigSz, out, hashType, mgf,
&myKey);
}
wc_FreeRsaKey(&myKey);
}
return ret;
}
#endif #endif
@@ -2310,9 +2371,11 @@ static INLINE void SetupPkCallbacks(WOLFSSL_CTX* ctx, WOLFSSL* ssl)
#ifndef NO_RSA #ifndef NO_RSA
wolfSSL_CTX_SetRsaSignCb(ctx, myRsaSign); wolfSSL_CTX_SetRsaSignCb(ctx, myRsaSign);
wolfSSL_CTX_SetRsaVerifyCb(ctx, myRsaVerify); wolfSSL_CTX_SetRsaVerifyCb(ctx, myRsaVerify);
wolfSSL_CTX_SetRsaVerifySignCb(ctx, myRsaVerifySign);
#ifdef WC_RSA_PSS #ifdef WC_RSA_PSS
wolfSSL_CTX_SetRsaPssSignCb(ctx, myRsaPssSign); wolfSSL_CTX_SetRsaPssSignCb(ctx, myRsaPssSign);
wolfSSL_CTX_SetRsaPssVerifyCb(ctx, myRsaPssVerify); wolfSSL_CTX_SetRsaPssVerifyCb(ctx, myRsaPssVerify);
wolfSSL_CTX_SetRsaPssVerifySignCb(ctx, myRsaPssVerifySign);
#endif #endif
wolfSSL_CTX_SetRsaEncCb(ctx, myRsaEnc); wolfSSL_CTX_SetRsaEncCb(ctx, myRsaEnc);
wolfSSL_CTX_SetRsaDecCb(ctx, myRsaDec); wolfSSL_CTX_SetRsaDecCb(ctx, myRsaDec);