wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-04-29 17:03:21 +02:00
Code Issues Packages Projects Releases Wiki Activity

First pass at added PK_CALLBACK support for VerifyRsaSign.

Browse Source
This commit is contained in:
David Garske
2018-03-14 09:54:18 -07:00
parent 72f390a102
commit d8fe341998
3 changed files with 59 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/internal.c
+48 -8
View File
@@ -3101,7 +3101,8 @@ int RsaVerify(WOLFSSL* ssl, byte* in, word32 inSz, byte** out, int sigAlgo,
/* Verify RSA signature, 0 on success */ /* Verify RSA signature, 0 on success */
int VerifyRsaSign(WOLFSSL* ssl, byte* verifySig, word32 sigSz, int VerifyRsaSign(WOLFSSL* ssl, byte* verifySig, word32 sigSz,
const byte* plain, word32 plainSz, int sigAlgo, int hashAlgo, RsaKey* key) const byte* plain, word32 plainSz, int sigAlgo, int hashAlgo, RsaKey* key,
const byte* keyBuf, word32 keySz, void* ctx)
{ {
byte* out = NULL; /* inline result */ byte* out = NULL; /* inline result */
int ret; int ret;
@@ -3136,8 +3137,19 @@ int VerifyRsaSign(WOLFSSL* ssl, byte* verifySig, word32 sigSz,
ret = ConvertHashPss(hashAlgo, &hashType, &mgf); ret = ConvertHashPss(hashAlgo, &hashType, &mgf);
if (ret != 0) if (ret != 0)
return ret; return ret;
ret = wc_RsaPSS_VerifyInline(verifySig, sigSz, &out, hashType, mgf, #ifdef HAVE_PK_CALLBACKS
key); if (ssl->ctx->RsaPssVerifyCb) {
ret = ssl->ctx->RsaPssVerifyCb(ssl, verifySig, sigSz, &out,
TypeHash(hashAlgo), mgf,
keyBuf, keySz, ctx);
}
else
#endif /* HAVE_PK_CALLBACKS */
{
ret = wc_RsaPSS_VerifyInline(verifySig, sigSz, &out, hashType, mgf,
key);
}
if (ret > 0) { if (ret > 0) {
ret = wc_RsaPSS_CheckPadding(plain, plainSz, out, ret, hashType); ret = wc_RsaPSS_CheckPadding(plain, plainSz, out, ret, hashType);
if (ret != 0) if (ret != 0)
@@ -3145,9 +3157,19 @@ int VerifyRsaSign(WOLFSSL* ssl, byte* verifySig, word32 sigSz,
} }
} }
else else
#endif #endif /* WC_RSA_PSS */
{ {
ret = wc_RsaSSL_VerifyInline(verifySig, sigSz, &out, key); #ifdef HAVE_PK_CALLBACKS
if (ssl->ctx->RsaVerifyCb) {
ret = ssl->ctx->RsaVerifyCb(ssl, verifySig, sigSz, &out,
keyBuf, keySz, ctx);
}
else
#endif /* HAVE_PK_CALLBACKS */
{
ret = wc_RsaSSL_VerifyInline(verifySig, sigSz, &out, key);
}
if (ret > 0) { if (ret > 0) {
if (ret != (int)plainSz || !out || if (ret != (int)plainSz || !out ||
XMEMCMP(plain, out, plainSz) != 0) { XMEMCMP(plain, out, plainSz) != 0) {
@@ -20549,7 +20571,13 @@ int SendCertificateVerify(WOLFSSL* ssl)
ret = VerifyRsaSign(ssl, ret = VerifyRsaSign(ssl,
args->verifySig, args->sigSz, args->verifySig, args->sigSz,
ssl->buffers.sig.buffer, ssl->buffers.sig.length, ssl->buffers.sig.buffer, ssl->buffers.sig.length,
args->sigAlgo, ssl->suites->hashAlgo, key args->sigAlgo, ssl->suites->hashAlgo, key,
ssl->buffers.key->buffer, ssl->buffers.key->length,
#ifdef HAVE_PK_CALLBACKS
ssl->RsaVerifyCtx
#else
NULL
#endif
); );
} }
#endif /* !NO_RSA */ #endif /* !NO_RSA */
@@ -22304,7 +22332,13 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
ssl->buffers.sig.buffer, ssl->buffers.sig.buffer,
ssl->buffers.sig.length, ssl->buffers.sig.length,
ssl->suites->sigAlgo, ssl->suites->hashAlgo, ssl->suites->sigAlgo, ssl->suites->hashAlgo,
key key, ssl->buffers.key->buffer,
ssl->buffers.key->length,
#ifdef HAVE_PK_CALLBACKS
ssl->RsaVerifyCtx
#else
NULL
#endif
); );
break; break;
} }
@@ -22376,7 +22410,13 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
ssl->buffers.sig.buffer, ssl->buffers.sig.buffer,
ssl->buffers.sig.length, ssl->buffers.sig.length,
ssl->suites->sigAlgo, ssl->suites->hashAlgo, ssl->suites->sigAlgo, ssl->suites->hashAlgo,
key key, ssl->buffers.key->buffer,
ssl->buffers.key->length,
#ifdef HAVE_PK_CALLBACKS
ssl->RsaVerifyCtx
#else
NULL
#endif
); );
break; break;
} }
src/tls13.c
+8 -1
View File
@@ -4997,7 +4997,14 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
/* check for signature faults */ /* check for signature faults */
ret = VerifyRsaSign(ssl, args->verifySig, args->sigLen, ret = VerifyRsaSign(ssl, args->verifySig, args->sigLen,
sig->buffer, sig->length, args->sigAlgo, sig->buffer, sig->length, args->sigAlgo,
ssl->suites->hashAlgo, (RsaKey*)ssl->hsKey); ssl->suites->hashAlgo, (RsaKey*)ssl->hsKey,
ssl->buffers.key->buffer, ssl->buffers.key->length,
#ifdef HAVE_PK_CALLBACKS
ssl->RsaVerifyCtx
#else
NULL
#endif
);
} }
#endif /* !NO_RSA */ #endif /* !NO_RSA */
wolfssl/internal.h
+3 -5
View File
@@ -3831,11 +3831,9 @@ WOLFSSL_LOCAL int SetTicket(WOLFSSL*, const byte*, word32);
enum wc_HashType hashType); enum wc_HashType hashType);
WOLFSSL_LOCAL int ConvertHashPss(int hashAlgo, enum wc_HashType* hashType, int* mgf); WOLFSSL_LOCAL int ConvertHashPss(int hashAlgo, enum wc_HashType* hashType, int* mgf);
#endif #endif
WOLFSSL_LOCAL int VerifyRsaSign(WOLFSSL* ssl, WOLFSSL_LOCAL int VerifyRsaSign(WOLFSSL* ssl, byte* verifySig,
byte* verifySig, word32 sigSz, word32 sigSz, const byte* plain, word32 plainSz, int sigAlgo,
const byte* plain, word32 plainSz, int hashAlgo, RsaKey* key, const byte* keyBuf, word32 keySz, void* ctx);
int sigAlgo, int hashAlgo,
RsaKey* key);
WOLFSSL_LOCAL int RsaSign(WOLFSSL* ssl, const byte* in, word32 inSz, WOLFSSL_LOCAL int RsaSign(WOLFSSL* ssl, const byte* in, word32 inSz,
byte* out, word32* outSz, int sigAlgo, int hashAlgo, RsaKey* key, byte* out, word32* outSz, int sigAlgo, int hashAlgo, RsaKey* key,
const byte* keyBuf, word32 keySz, void* ctx); const byte* keyBuf, word32 keySz, void* ctx);