mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-05 16:30:49 +02:00
1610 lines
41 KiB
C
1610 lines
41 KiB
C
/* ssl_api_pk.c
|
|
*
|
|
* Copyright (C) 2006-2026 wolfSSL Inc.
|
|
*
|
|
* This file is part of wolfSSL.
|
|
*
|
|
* wolfSSL is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation; either version 3 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* wolfSSL is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program; if not, write to the Free Software
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
|
*/
|
|
|
|
#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
|
|
|
|
#if !defined(WOLFSSL_SSL_API_PK_INCLUDED)
|
|
#ifndef WOLFSSL_IGNORE_FILE_WARN
|
|
#warning ssl_api_pk.c is not compiled separately from ssl.c
|
|
#endif
|
|
#else
|
|
|
|
#ifndef NO_CERTS
|
|
|
|
#ifndef NO_CHECK_PRIVATE_KEY
|
|
|
|
#ifdef WOLF_PRIVATE_KEY_ID
|
|
/* Check priv against pub for match using external device with given devId
|
|
*
|
|
* @param [in] keyOID Public key OID.
|
|
* @param [in] privKey Private key data.
|
|
* @param [in] privSz Length of private key data in bytes.
|
|
* @param [in] pubKey Public key data.
|
|
* @param [in] pubSz Length of public key data in bytes.
|
|
* @param [in] label Key data is a hardware label.
|
|
* @param [in] id Key data is a hardware id.
|
|
* @param [in] heap Heap hint for dynamic memory allocation.
|
|
* @param [in] devId Device Id.
|
|
* @return 0 on success.
|
|
* @return MISSING_KEY when privKey is NULL.
|
|
* @return Other negative value on error.
|
|
*/
|
|
static int check_cert_key_dev(word32 keyOID, byte* privKey, word32 privSz,
|
|
const byte* pubKey, word32 pubSz, int label, int id, void* heap, int devId)
|
|
{
|
|
int ret = 0;
|
|
int type = 0;
|
|
void *pkey = NULL;
|
|
|
|
if (privKey == NULL) {
|
|
ret = MISSING_KEY;
|
|
}
|
|
else {
|
|
switch (keyOID) {
|
|
#ifndef NO_RSA
|
|
case RSAk:
|
|
#ifdef WC_RSA_PSS
|
|
case RSAPSSk:
|
|
#endif
|
|
type = DYNAMIC_TYPE_RSA;
|
|
break;
|
|
#endif
|
|
#ifdef HAVE_ECC
|
|
case ECDSAk:
|
|
type = DYNAMIC_TYPE_ECC;
|
|
break;
|
|
#endif
|
|
#if defined(HAVE_DILITHIUM)
|
|
case ML_DSA_LEVEL2k:
|
|
case ML_DSA_LEVEL3k:
|
|
case ML_DSA_LEVEL5k:
|
|
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
|
|
case DILITHIUM_LEVEL2k:
|
|
case DILITHIUM_LEVEL3k:
|
|
case DILITHIUM_LEVEL5k:
|
|
#endif
|
|
type = DYNAMIC_TYPE_DILITHIUM;
|
|
break;
|
|
#endif
|
|
#if defined(HAVE_FALCON)
|
|
case FALCON_LEVEL1k:
|
|
case FALCON_LEVEL5k:
|
|
type = DYNAMIC_TYPE_FALCON;
|
|
break;
|
|
#endif
|
|
}
|
|
|
|
ret = CreateDevPrivateKey(&pkey, privKey, privSz, type, label, id, heap,
|
|
devId);
|
|
}
|
|
#ifdef WOLF_CRYPTO_CB
|
|
if (ret == 0) {
|
|
switch (keyOID) {
|
|
#ifndef NO_RSA
|
|
case RSAk:
|
|
#ifdef WC_RSA_PSS
|
|
case RSAPSSk:
|
|
#endif
|
|
ret = wc_CryptoCb_RsaCheckPrivKey((RsaKey*)pkey, pubKey, pubSz);
|
|
break;
|
|
#endif
|
|
#ifdef HAVE_ECC
|
|
case ECDSAk:
|
|
ret = wc_CryptoCb_EccCheckPrivKey((ecc_key*)pkey, pubKey,
|
|
pubSz);
|
|
break;
|
|
#endif
|
|
#if defined(HAVE_DILITHIUM)
|
|
case ML_DSA_LEVEL2k:
|
|
case ML_DSA_LEVEL3k:
|
|
case ML_DSA_LEVEL5k:
|
|
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
|
|
case DILITHIUM_LEVEL2k:
|
|
case DILITHIUM_LEVEL3k:
|
|
case DILITHIUM_LEVEL5k:
|
|
#endif
|
|
ret = wc_CryptoCb_PqcSignatureCheckPrivKey(pkey,
|
|
WC_PQC_SIG_TYPE_DILITHIUM, pubKey, pubSz);
|
|
break;
|
|
#endif
|
|
#if defined(HAVE_FALCON)
|
|
case FALCON_LEVEL1k:
|
|
case FALCON_LEVEL5k:
|
|
ret = wc_CryptoCb_PqcSignatureCheckPrivKey(pkey,
|
|
WC_PQC_SIG_TYPE_FALCON, pubKey, pubSz);
|
|
break;
|
|
#endif
|
|
default:
|
|
ret = 0;
|
|
}
|
|
}
|
|
#else
|
|
/* devId was set, don't check, for now */
|
|
/* TODO: Add callback for private key check? */
|
|
(void) pubKey;
|
|
(void) pubSz;
|
|
#endif
|
|
|
|
switch (keyOID) {
|
|
#ifndef NO_RSA
|
|
case RSAk:
|
|
#ifdef WC_RSA_PSS
|
|
case RSAPSSk:
|
|
#endif
|
|
wc_FreeRsaKey((RsaKey*)pkey);
|
|
break;
|
|
#endif
|
|
#ifdef HAVE_ECC
|
|
case ECDSAk:
|
|
wc_ecc_free((ecc_key*)pkey);
|
|
break;
|
|
#endif
|
|
#if defined(HAVE_DILITHIUM)
|
|
case ML_DSA_LEVEL2k:
|
|
case ML_DSA_LEVEL3k:
|
|
case ML_DSA_LEVEL5k:
|
|
#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
|
|
case DILITHIUM_LEVEL2k:
|
|
case DILITHIUM_LEVEL3k:
|
|
case DILITHIUM_LEVEL5k:
|
|
#endif
|
|
wc_dilithium_free((dilithium_key*)pkey);
|
|
break;
|
|
#endif
|
|
#if defined(HAVE_FALCON)
|
|
case FALCON_LEVEL1k:
|
|
case FALCON_LEVEL5k:
|
|
wc_falcon_free((falcon_key*)pkey);
|
|
break;
|
|
#endif
|
|
default:
|
|
WC_DO_NOTHING;
|
|
}
|
|
XFREE(pkey, heap, type);
|
|
|
|
return ret;
|
|
}
|
|
#endif /* WOLF_PRIVATE_KEY_ID */
|
|
|
|
/* Check private against public in certificate for match.
|
|
*
|
|
* @param [in] cert DER encoded certificate.
|
|
* @param [in] key DER encoded private key.
|
|
* @param [in] altKey Alternative DER encoded key.
|
|
* @param [in] heap Heap hint for dynamic memory allocation.
|
|
* @param [in] devId Device Id.
|
|
* @param [in] isKeyLabel Whether key is label.
|
|
* @param [in] isKeyId Whether key is an id.
|
|
* @param [in] altDevId Alternative key's device id.
|
|
* @param [in] isAltKeyLabel Is alternative key a label.
|
|
* @param [in] isAltKeyId Is alternative key an id.
|
|
* @return 1 on success.
|
|
* @return 0 on failure.
|
|
* @return MEMORY_E when memory allocation fails.
|
|
*/
|
|
static int check_cert_key(const DerBuffer* cert, const DerBuffer* key,
|
|
const DerBuffer* altKey, void* heap, int devId, int isKeyLabel, int isKeyId,
|
|
int altDevId, int isAltKeyLabel, int isAltKeyId)
|
|
{
|
|
WC_DECLARE_VAR(der, DecodedCert, 1, 0);
|
|
word32 size;
|
|
byte* buff;
|
|
int ret = 1;
|
|
|
|
WOLFSSL_ENTER("check_cert_key");
|
|
|
|
/* Validate parameters. */
|
|
if ((cert == NULL) || (key == NULL)) {
|
|
return 0;
|
|
}
|
|
if (ret == 1) {
|
|
/* Make a decoded certificate object available. */
|
|
WC_ALLOC_VAR_EX(der, DecodedCert, 1, heap, DYNAMIC_TYPE_DCERT,
|
|
return MEMORY_E);
|
|
}
|
|
|
|
if (ret == 1) {
|
|
/* Decode certificate. */
|
|
InitDecodedCert_ex(der, cert->buffer, cert->length, heap, devId);
|
|
/* Parse certificate. */
|
|
if (ParseCertRelative(der, CERT_TYPE, NO_VERIFY, NULL, NULL) != 0) {
|
|
ret = 0;
|
|
}
|
|
}
|
|
|
|
if (ret == 1) {
|
|
buff = key->buffer;
|
|
size = key->length;
|
|
#ifdef WOLF_PRIVATE_KEY_ID
|
|
if (devId != INVALID_DEVID) {
|
|
ret = check_cert_key_dev(der->keyOID, buff, size, der->publicKey,
|
|
der->pubKeySize, isKeyLabel, isKeyId, heap, devId);
|
|
if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) {
|
|
ret = (ret == 0) ? WOLFSSL_SUCCESS: WOLFSSL_FAILURE;
|
|
}
|
|
}
|
|
else {
|
|
/* fall through if unavailable */
|
|
ret = CRYPTOCB_UNAVAILABLE;
|
|
}
|
|
|
|
if (ret == WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
|
|
#endif /* WOLF_PRIVATE_KEY_ID */
|
|
{
|
|
ret = wc_CheckPrivateKeyCert(buff, size, der, 0, heap);
|
|
if (ret != 1) {
|
|
ret = 0;
|
|
}
|
|
}
|
|
|
|
#ifdef WOLFSSL_DUAL_ALG_CERTS
|
|
if ((ret == 1) && der->extSapkiSet && (der->sapkiDer != NULL)) {
|
|
/* Certificate contains an alternative public key. Hence, we also
|
|
* need an alternative private key. */
|
|
if (altKey == NULL) {
|
|
ret = MISSING_KEY;
|
|
buff = NULL;
|
|
size = 0;
|
|
}
|
|
else {
|
|
size = altKey->length;
|
|
buff = altKey->buffer;
|
|
}
|
|
#ifdef WOLF_PRIVATE_KEY_ID
|
|
if (altDevId != INVALID_DEVID) {
|
|
/* We have to decode the public key first */
|
|
/* Default to max pub key size. */
|
|
word32 pubKeyLen = MAX_PUBLIC_KEY_SZ;
|
|
byte* decodedPubKey = (byte*)XMALLOC(pubKeyLen, heap,
|
|
DYNAMIC_TYPE_PUBLIC_KEY);
|
|
if (decodedPubKey == NULL) {
|
|
ret = MEMORY_E;
|
|
}
|
|
if (ret == WOLFSSL_SUCCESS) {
|
|
if ((der->sapkiOID == RSAk) || (der->sapkiOID == ECDSAk)) {
|
|
/* Simply copy the data */
|
|
XMEMCPY(decodedPubKey, der->sapkiDer, der->sapkiLen);
|
|
pubKeyLen = der->sapkiLen;
|
|
ret = 0;
|
|
}
|
|
else {
|
|
#if defined(WC_ENABLE_ASYM_KEY_IMPORT)
|
|
word32 idx = 0;
|
|
ret = DecodeAsymKeyPublic(der->sapkiDer, &idx,
|
|
der->sapkiLen, decodedPubKey,
|
|
&pubKeyLen, der->sapkiOID);
|
|
#else
|
|
ret = NOT_COMPILED_IN;
|
|
#endif /* WC_ENABLE_ASYM_KEY_IMPORT */
|
|
}
|
|
}
|
|
if (ret == 0) {
|
|
ret = check_cert_key_dev(der->sapkiOID, buff, size,
|
|
decodedPubKey, pubKeyLen, isAltKeyLabel, isAltKeyId,
|
|
heap, altDevId);
|
|
}
|
|
XFREE(decodedPubKey, heap, DYNAMIC_TYPE_PUBLIC_KEY);
|
|
if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) {
|
|
ret = (ret == 0) ? 1: 0;
|
|
}
|
|
}
|
|
else {
|
|
/* fall through if unavailable */
|
|
ret = CRYPTOCB_UNAVAILABLE;
|
|
}
|
|
|
|
if (ret == WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
|
|
#else
|
|
if (ret == 1)
|
|
#endif /* WOLF_PRIVATE_KEY_ID */
|
|
{
|
|
ret = wc_CheckPrivateKeyCert(buff, size, der, 1, heap);
|
|
if (ret != 1) {
|
|
ret = 0;
|
|
}
|
|
}
|
|
}
|
|
#endif /* WOLFSSL_DUAL_ALG_CERTS */
|
|
}
|
|
|
|
FreeDecodedCert(der);
|
|
WC_FREE_VAR_EX(der, heap, DYNAMIC_TYPE_DCERT);
|
|
|
|
(void)devId;
|
|
(void)isKeyLabel;
|
|
(void)isKeyId;
|
|
(void)altKey;
|
|
(void)altDevId;
|
|
(void)isAltKeyLabel;
|
|
(void)isAltKeyId;
|
|
|
|
return ret;
|
|
}
|
|
|
|
/* Check private against public in certificate for match
|
|
*
|
|
* @param [in] ctx SSL/TLS context with a private key and certificate.
|
|
*
|
|
* @return 1 on good private key
|
|
* @return 0 if mismatched.
|
|
*/
|
|
int wolfSSL_CTX_check_private_key(const WOLFSSL_CTX* ctx)
|
|
{
|
|
int res = 1;
|
|
#ifdef WOLFSSL_BLIND_PRIVATE_KEY
|
|
DerBuffer *privateKey;
|
|
#ifdef WOLFSSL_DUAL_ALG_CERTS
|
|
DerBuffer *altPrivateKey;
|
|
#endif
|
|
#else
|
|
const DerBuffer *privateKey;
|
|
#ifdef WOLFSSL_DUAL_ALG_CERTS
|
|
const DerBuffer *altPrivateKey;
|
|
#endif
|
|
#endif
|
|
|
|
/* Validate parameter. */
|
|
if (ctx == NULL) {
|
|
res = 0;
|
|
}
|
|
else {
|
|
#ifdef WOLFSSL_DUAL_ALG_CERTS
|
|
#ifdef WOLFSSL_BLIND_PRIVATE_KEY
|
|
/* Unblind private keys. */
|
|
privateKey = wolfssl_priv_der_unblind(ctx->privateKey,
|
|
ctx->privateKeyMask);
|
|
if (privateKey == NULL) {
|
|
res = 0;
|
|
}
|
|
if (ctx->altPrivateKey != NULL) {
|
|
altPrivateKey = wolfssl_priv_der_unblind(ctx->altPrivateKey,
|
|
ctx->altPrivateKeyMask);
|
|
if (altPrivateKey == NULL) {
|
|
res = 0;
|
|
}
|
|
}
|
|
else {
|
|
altPrivateKey = NULL;
|
|
}
|
|
#else
|
|
privateKey = ctx->privateKey;
|
|
altPrivateKey = ctx->altPrivateKey;
|
|
#endif
|
|
if (res == 1) {
|
|
/* Check certificate and private keys. */
|
|
res = check_cert_key(ctx->certificate, privateKey, altPrivateKey,
|
|
ctx->heap, ctx->privateKeyDevId, ctx->privateKeyLabel,
|
|
ctx->privateKeyId, ctx->altPrivateKeyDevId,
|
|
ctx->altPrivateKeyLabel, ctx->altPrivateKeyId) != 0;
|
|
}
|
|
#ifdef WOLFSSL_BLIND_PRIVATE_KEY
|
|
/* Dispose of the unblinded buffers. */
|
|
wolfssl_priv_der_unblind_free(privateKey);
|
|
wolfssl_priv_der_unblind_free(altPrivateKey);
|
|
#endif
|
|
#else
|
|
#ifdef WOLFSSL_BLIND_PRIVATE_KEY
|
|
/* Unblind private key. */
|
|
privateKey = wolfssl_priv_der_unblind(ctx->privateKey,
|
|
ctx->privateKeyMask);
|
|
if (privateKey == NULL) {
|
|
res = 0;
|
|
}
|
|
#else
|
|
privateKey = ctx->privateKey;
|
|
#endif
|
|
if (res == WOLFSSL_SUCCESS) {
|
|
/* Check certificate and private key. */
|
|
res = check_cert_key(ctx->certificate, privateKey, NULL, ctx->heap,
|
|
ctx->privateKeyDevId, ctx->privateKeyLabel, ctx->privateKeyId,
|
|
INVALID_DEVID, 0, 0);
|
|
}
|
|
#ifdef WOLFSSL_BLIND_PRIVATE_KEY
|
|
/* Dispose of the unblinded buffer. */
|
|
wolfssl_priv_der_unblind_free(privateKey);
|
|
#endif
|
|
#endif
|
|
}
|
|
|
|
/* Place error into queue for Python port. */
|
|
if (res != 1) {
|
|
WOLFSSL_ERROR(WC_KEY_MISMATCH_E);
|
|
}
|
|
|
|
return res;
|
|
}
|
|
|
|
#ifdef OPENSSL_EXTRA
|
|
/* Check private against public in certificate for match.
|
|
*
|
|
* @param [in] ssl SSL/TLS object with a private key and certificate.
|
|
*
|
|
* @return 1 on good private key
|
|
* @return 0 if mismatched.
|
|
*/
|
|
int wolfSSL_check_private_key(const WOLFSSL* ssl)
|
|
{
|
|
int res = 1;
|
|
#ifdef WOLFSSL_BLIND_PRIVATE_KEY
|
|
DerBuffer *privateKey;
|
|
#ifdef WOLFSSL_DUAL_ALG_CERTS
|
|
DerBuffer *altPrivateKey;
|
|
#endif
|
|
#else
|
|
const DerBuffer *privateKey;
|
|
#ifdef WOLFSSL_DUAL_ALG_CERTS
|
|
const DerBuffer *altPrivateKey;
|
|
#endif
|
|
#endif
|
|
|
|
/* Validate parameter. */
|
|
if (ssl == NULL) {
|
|
res = 0;
|
|
}
|
|
else {
|
|
#ifdef WOLFSSL_DUAL_ALG_CERTS
|
|
#ifdef WOLFSSL_BLIND_PRIVATE_KEY
|
|
/* Unblind private keys. */
|
|
privateKey = wolfssl_priv_der_unblind(ssl->buffers.key,
|
|
ssl->buffers.keyMask);
|
|
if (privateKey == NULL) {
|
|
res = 0;
|
|
}
|
|
if (ssl->buffers.altKey != NULL) {
|
|
altPrivateKey = wolfssl_priv_der_unblind(ssl->buffers.altKey,
|
|
ssl->buffers.altKeyMask);
|
|
if (altPrivateKey == NULL) {
|
|
res = 0;
|
|
}
|
|
}
|
|
else {
|
|
altPrivateKey = NULL;
|
|
}
|
|
#else
|
|
privateKey = ssl->buffers.key;
|
|
altPrivateKey = ssl->buffers.altKey;
|
|
#endif
|
|
if (res == 1) {
|
|
/* Check certificate and private keys. */
|
|
res = check_cert_key(ssl->buffers.certificate, privateKey,
|
|
altPrivateKey, ssl->heap, ssl->buffers.keyDevId,
|
|
ssl->buffers.keyLabel, ssl->buffers.keyId,
|
|
ssl->buffers.altKeyDevId, ssl->buffers.altKeyLabel,
|
|
ssl->buffers.altKeyId);
|
|
}
|
|
#ifdef WOLFSSL_BLIND_PRIVATE_KEY
|
|
/* Dispose of the unblinded buffers. */
|
|
wolfssl_priv_der_unblind_free(privateKey);
|
|
wolfssl_priv_der_unblind_free(altPrivateKey);
|
|
#endif
|
|
#else
|
|
#ifdef WOLFSSL_BLIND_PRIVATE_KEY
|
|
/* Unblind private key. */
|
|
privateKey = wolfssl_priv_der_unblind(ssl->buffers.key,
|
|
ssl->buffers.keyMask);
|
|
if (privateKey == NULL) {
|
|
res = 0;
|
|
}
|
|
#else
|
|
privateKey = ssl->buffers.key;
|
|
#endif
|
|
if (res == 1) {
|
|
/* Check certificate and private key. */
|
|
res = check_cert_key(ssl->buffers.certificate, privateKey, NULL,
|
|
ssl->heap, ssl->buffers.keyDevId, ssl->buffers.keyLabel,
|
|
ssl->buffers.keyId, INVALID_DEVID, 0, 0);
|
|
}
|
|
#ifdef WOLFSSL_BLIND_PRIVATE_KEY
|
|
/* Dispose of the unblinded buffer. */
|
|
wolfssl_priv_der_unblind_free(privateKey);
|
|
#endif
|
|
#endif
|
|
}
|
|
|
|
return res;
|
|
}
|
|
#endif /* OPENSSL_EXTRA */
|
|
#endif /* !NO_CHECK_PRIVATE_KEY */
|
|
|
|
|
|
#ifdef OPENSSL_ALL
|
|
/**
|
|
* Return the private key of the SSL/TLS context.
|
|
*
|
|
* The caller doesn *NOT*` free the returned object.
|
|
*
|
|
* Note, even though the supplied ctx pointer is designated const, on success
|
|
* ctx->privateKeyPKey is changed by this call. The change is done safely using
|
|
* a hardware-synchronized store.
|
|
*
|
|
* @param [in] ctx SSL/TLS context.
|
|
* @return A WOFLSSL_EVP_PKEY on success.
|
|
* @return NULL on error.
|
|
*/
|
|
WOLFSSL_EVP_PKEY* wolfSSL_CTX_get0_privatekey(const WOLFSSL_CTX* ctx)
|
|
{
|
|
WOLFSSL_EVP_PKEY* res = NULL;
|
|
const unsigned char *key;
|
|
int type = WC_EVP_PKEY_NONE;
|
|
|
|
WOLFSSL_ENTER("wolfSSL_CTX_get0_privatekey");
|
|
|
|
if ((ctx == NULL) || (ctx->privateKey == NULL) ||
|
|
(ctx->privateKey->buffer == NULL)) {
|
|
WOLFSSL_MSG("Bad parameter or key not set");
|
|
}
|
|
else {
|
|
switch (ctx->privateKeyType) {
|
|
#ifndef NO_RSA
|
|
case rsa_sa_algo:
|
|
type = WC_EVP_PKEY_RSA;
|
|
break;
|
|
#endif
|
|
#ifdef HAVE_ECC
|
|
case ecc_dsa_sa_algo:
|
|
type = WC_EVP_PKEY_EC;
|
|
break;
|
|
#endif
|
|
#ifdef WOLFSSL_SM2
|
|
case sm2_sa_algo:
|
|
type = WC_EVP_PKEY_EC;
|
|
break;
|
|
#endif
|
|
default:
|
|
/* Other key types not supported either as ssl private keys
|
|
* or in the EVP layer */
|
|
WOLFSSL_MSG("Unsupported key type");
|
|
}
|
|
}
|
|
|
|
if (type != WC_EVP_PKEY_NONE) {
|
|
if (ctx->privateKeyPKey != NULL) {
|
|
res = ctx->privateKeyPKey;
|
|
}
|
|
else {
|
|
#ifdef WOLFSSL_BLIND_PRIVATE_KEY
|
|
DerBuffer* unblinded_privateKey = wolfssl_priv_der_unblind(
|
|
ctx->privateKey, ctx->privateKeyMask);
|
|
if (unblinded_privateKey != NULL) {
|
|
key = unblinded_privateKey->buffer;
|
|
}
|
|
else {
|
|
key = NULL;
|
|
}
|
|
#else
|
|
key = ctx->privateKey->buffer;
|
|
#endif
|
|
if (key != NULL) {
|
|
res = wolfSSL_d2i_PrivateKey(type, NULL, &key,
|
|
(long)ctx->privateKey->length);
|
|
#ifdef WOLFSSL_BLIND_PRIVATE_KEY
|
|
wolfssl_priv_der_unblind_free(unblinded_privateKey);
|
|
#endif
|
|
}
|
|
if (res != NULL) {
|
|
#ifdef WOLFSSL_ATOMIC_OPS
|
|
WOLFSSL_EVP_PKEY *current_pkey = NULL;
|
|
if (!wolfSSL_Atomic_Ptr_CompareExchange(
|
|
(void * volatile *)&ctx->privateKeyPKey,
|
|
(void **)¤t_pkey, res)) {
|
|
wolfSSL_EVP_PKEY_free(res);
|
|
res = current_pkey;
|
|
}
|
|
#else
|
|
((WOLFSSL_CTX *)ctx)->privateKeyPKey = res;
|
|
#endif
|
|
}
|
|
}
|
|
}
|
|
|
|
return res;
|
|
}
|
|
#endif /* OPENSSL_ALL */
|
|
|
|
#ifdef HAVE_ECC
|
|
|
|
/* Set size, in bytes, of temporary ECDHE key into SSL/TLS context.
|
|
*
|
|
* Values can be: 14 - 66 (112 - 521 bit)
|
|
* Uses the private key length if sz is 0.
|
|
*
|
|
* @param [in] ctx SSL/TLS context.
|
|
* @param [in] sz Size of EC key in bytes.
|
|
* @return 1 on success.
|
|
* @return BAD_FUNC_ARG when ctx is NULL or sz is invalid.
|
|
*/
|
|
int wolfSSL_CTX_SetTmpEC_DHE_Sz(WOLFSSL_CTX* ctx, word16 sz)
|
|
{
|
|
int ret = 0;
|
|
|
|
WOLFSSL_ENTER("wolfSSL_CTX_SetTmpEC_DHE_Sz");
|
|
|
|
/* Validate parameters. */
|
|
if (ctx == NULL) {
|
|
ret = BAD_FUNC_ARG;
|
|
}
|
|
/* If size is 0 then get value from loaded private key. */
|
|
else if (sz == 0) {
|
|
/* Applies only to ECDSA. */
|
|
if (ctx->privateKeyType != ecc_dsa_sa_algo) {
|
|
ret = 1;
|
|
}
|
|
/* Must have a key set. */
|
|
else if (ctx->privateKeySz == 0) {
|
|
WOLFSSL_MSG("Must set private key/cert first");
|
|
ret = BAD_FUNC_ARG;
|
|
}
|
|
else {
|
|
sz = (word16)ctx->privateKeySz;
|
|
}
|
|
}
|
|
if (ret == 0) {
|
|
/* Check size against bounds. */
|
|
#if ECC_MIN_KEY_SZ > 0
|
|
if (sz < ECC_MINSIZE) {
|
|
ret = BAD_FUNC_ARG;
|
|
}
|
|
else
|
|
#endif
|
|
if (sz > ECC_MAXSIZE) {
|
|
ret = BAD_FUNC_ARG;
|
|
}
|
|
else {
|
|
/* Store the size requested. */
|
|
ctx->eccTempKeySz = sz;
|
|
ret = 1;
|
|
}
|
|
}
|
|
|
|
return ret;
|
|
}
|
|
|
|
|
|
/* Set size, in bytes, of temporary ECDHE key into SSL/TLS object.
|
|
*
|
|
* Values can be: 14 - 66 (112 - 521 bit)
|
|
* Uses the private key length if sz is 0.
|
|
*
|
|
* @param [in] ssl SSL/TLS object.
|
|
* @param [in] sz Size of EC key in bytes.
|
|
* @return 1 on success.
|
|
* @return BAD_FUNC_ARG when ssl is NULL or sz is invalid.
|
|
*/
|
|
int wolfSSL_SetTmpEC_DHE_Sz(WOLFSSL* ssl, word16 sz)
|
|
{
|
|
int ret = 1;
|
|
|
|
WOLFSSL_ENTER("wolfSSL_SetTmpEC_DHE_Sz");
|
|
|
|
/* Validate parameters. */
|
|
if (ssl == NULL) {
|
|
ret = BAD_FUNC_ARG;
|
|
}
|
|
/* Check size against bounds. */
|
|
#if ECC_MIN_KEY_SZ > 0
|
|
else if (sz < ECC_MINSIZE) {
|
|
ret = BAD_FUNC_ARG;
|
|
}
|
|
#endif
|
|
else if (sz > ECC_MAXSIZE) {
|
|
ret = BAD_FUNC_ARG;
|
|
}
|
|
else {
|
|
/* Store the size requested. */
|
|
ssl->eccTempKeySz = sz;
|
|
}
|
|
|
|
return ret;
|
|
}
|
|
|
|
#endif /* HAVE_ECC */
|
|
|
|
#ifdef HAVE_PK_CALLBACKS
|
|
|
|
#ifdef HAVE_ECC
|
|
/* Set the ECC key generation callback into the SSL/TLS context.
|
|
*
|
|
* @param [in] ctx SSL/TLS context.
|
|
* @param [in] cb ECC key generation callback.
|
|
*/
|
|
void wolfSSL_CTX_SetEccKeyGenCb(WOLFSSL_CTX* ctx, CallbackEccKeyGen cb)
|
|
{
|
|
if (ctx != NULL) {
|
|
ctx->EccKeyGenCb = cb;
|
|
}
|
|
}
|
|
/* Set the context for ECC key generation callback into the SSL/TLS object.
|
|
*
|
|
* @param [in] ssl SSL/TLS object.
|
|
* @param [in] ctx Context for ECC key generation callback.
|
|
*/
|
|
void wolfSSL_SetEccKeyGenCtx(WOLFSSL* ssl, void *ctx)
|
|
{
|
|
if (ssl != NULL) {
|
|
ssl->EccKeyGenCtx = ctx;
|
|
}
|
|
}
|
|
/* Get the context for ECC key generation callback from the SSL/TLS object.
|
|
*
|
|
* @param [in] ssl SSL/TLS object.
|
|
* @return Context for ECC key generation callback.
|
|
* @return NULL when ssl is NULL.
|
|
*/
|
|
void* wolfSSL_GetEccKeyGenCtx(WOLFSSL* ssl)
|
|
{
|
|
void* ret;
|
|
|
|
if (ssl == NULL) {
|
|
ret = NULL;
|
|
}
|
|
else {
|
|
ret = ssl->EccKeyGenCtx;
|
|
}
|
|
|
|
return ret;
|
|
}
|
|
/* Set the context for ECC sign callback into the SSL/TLS context.
|
|
*
|
|
* @param [in] ctx SSL/TLS context.
|
|
* @param [in] userCtx Context for ECC sign callback.
|
|
*/
|
|
void wolfSSL_CTX_SetEccSignCtx(WOLFSSL_CTX* ctx, void *userCtx)
|
|
{
|
|
if (ctx != NULL) {
|
|
ctx->EccSignCtx = userCtx;
|
|
}
|
|
}
|
|
/* Get the context for ECC sign callback from the SSL/TLS context.
|
|
*
|
|
* @param [in] ctx SSL/TLS context.
|
|
* @return Context for ECC sign for callback.
|
|
* @return NULL when ctx is NULL.
|
|
*/
|
|
void* wolfSSL_CTX_GetEccSignCtx(WOLFSSL_CTX* ctx)
|
|
{
|
|
void* ret;
|
|
|
|
if (ctx == NULL) {
|
|
ret = NULL;
|
|
}
|
|
else {
|
|
ret = ctx->EccSignCtx;
|
|
}
|
|
|
|
return ret;
|
|
}
|
|
|
|
/* Set the ECC sign callback into the SSL/TLS context.
|
|
*
|
|
* @param [in] ctx SSL/TLS context.
|
|
* @param [in] cb ECC sign callback.
|
|
*/
|
|
WOLFSSL_ABI void wolfSSL_CTX_SetEccSignCb(WOLFSSL_CTX* ctx, CallbackEccSign cb)
|
|
{
|
|
if (ctx != NULL) {
|
|
ctx->EccSignCb = cb;
|
|
}
|
|
}
|
|
/* Set the context for ECC sign callback into the SSL/TLS object.
|
|
*
|
|
* @param [in] ssl SSL/TLS object.
|
|
* @param [in] ctx Context for ECC sign callback.
|
|
*/
|
|
void wolfSSL_SetEccSignCtx(WOLFSSL* ssl, void *ctx)
|
|
{
|
|
if (ssl != NULL) {
|
|
ssl->EccSignCtx = ctx;
|
|
}
|
|
}
|
|
/* Get the context for ECC sign callback from the SSL/TLS object.
|
|
*
|
|
* @param [in] ssl SSL/TLS object.
|
|
* @return Context for ECC sign for callback.
|
|
* @return NULL when ssl is NULL.
|
|
*/
|
|
void* wolfSSL_GetEccSignCtx(WOLFSSL* ssl)
|
|
{
|
|
void* ret;
|
|
|
|
if (ssl == NULL) {
|
|
ret = NULL;
|
|
}
|
|
else {
|
|
ret = ssl->EccSignCtx;
|
|
}
|
|
|
|
return ret;
|
|
}
|
|
|
|
/* Set the ECC verify callback into the SSL/TLS context.
|
|
*
|
|
* @param [in] ctx SSL/TLS context.
|
|
* @param [in] cb ECC verify callback.
|
|
*/
|
|
void wolfSSL_CTX_SetEccVerifyCb(WOLFSSL_CTX* ctx, CallbackEccVerify cb)
|
|
{
|
|
if (ctx != NULL) {
|
|
ctx->EccVerifyCb = cb;
|
|
}
|
|
}
|
|
/* Set the context for ECC verify callback into the SSL/TLS object.
|
|
*
|
|
* @param [in] ssl SSL/TLS object.
|
|
* @param [in] ctx Context for ECC verify callback.
|
|
*/
|
|
void wolfSSL_SetEccVerifyCtx(WOLFSSL* ssl, void *ctx)
|
|
{
|
|
if (ssl != NULL) {
|
|
ssl->EccVerifyCtx = ctx;
|
|
}
|
|
}
|
|
/* Get the context for ECC verify callback from the SSL/TLS object.
|
|
*
|
|
* @param [in] ssl SSL/TLS object.
|
|
* @return Context for ECC verify for callback.
|
|
* @return NULL when ssl is NULL.
|
|
*/
|
|
void* wolfSSL_GetEccVerifyCtx(WOLFSSL* ssl)
|
|
{
|
|
void* ret;
|
|
|
|
if (ssl == NULL) {
|
|
ret = NULL;
|
|
}
|
|
else {
|
|
ret = ssl->EccVerifyCtx;
|
|
}
|
|
|
|
return ret;
|
|
}
|
|
|
|
/* Set the ECC shared secret callback into the SSL/TLS context.
|
|
*
|
|
* @param [in] ctx SSL/TLS context.
|
|
* @param [in] cb ECC shared secret callback.
|
|
*/
|
|
void wolfSSL_CTX_SetEccSharedSecretCb(WOLFSSL_CTX* ctx,
|
|
CallbackEccSharedSecret cb)
|
|
{
|
|
if (ctx != NULL) {
|
|
ctx->EccSharedSecretCb = cb;
|
|
}
|
|
}
|
|
/* Set the context for ECC shared secret callback into the SSL/TLS object.
|
|
*
|
|
* @param [in] ssl SSL/TLS object.
|
|
* @param [in] ctx Context for ECC shared secret callback.
|
|
*/
|
|
void wolfSSL_SetEccSharedSecretCtx(WOLFSSL* ssl, void *ctx)
|
|
{
|
|
if (ssl != NULL) {
|
|
ssl->EccSharedSecretCtx = ctx;
|
|
}
|
|
}
|
|
/* Get the context for ECC shared secret callback from the SSL/TLS object.
|
|
*
|
|
* @param [in] ssl SSL/TLS object.
|
|
* @return Context for ECC shared secret callback.
|
|
* @return NULL when ssl is NULL.
|
|
*/
|
|
void* wolfSSL_GetEccSharedSecretCtx(WOLFSSL* ssl)
|
|
{
|
|
void* ret;
|
|
|
|
if (ssl == NULL) {
|
|
ret = NULL;
|
|
}
|
|
else {
|
|
ret = ssl->EccSharedSecretCtx;
|
|
}
|
|
|
|
return ret;
|
|
}
|
|
#endif /* HAVE_ECC */
|
|
|
|
#ifdef HAVE_ED25519
|
|
/* Set the Ed25519 sign callback into the SSL/TLS context.
|
|
*
|
|
* @param [in] ctx SSL/TLS context.
|
|
* @param [in] cb Ed25519 sign callback.
|
|
*/
|
|
void wolfSSL_CTX_SetEd25519SignCb(WOLFSSL_CTX* ctx, CallbackEd25519Sign cb)
|
|
{
|
|
if (ctx != NULL) {
|
|
ctx->Ed25519SignCb = cb;
|
|
}
|
|
}
|
|
/* Set the context for Ed25519 sign callback into the SSL/TLS object.
|
|
*
|
|
* @param [in] ssl SSL/TLS object.
|
|
* @param [in] ctx Context for Ed25519 sign callback.
|
|
*/
|
|
void wolfSSL_SetEd25519SignCtx(WOLFSSL* ssl, void *ctx)
|
|
{
|
|
if (ssl != NULL) {
|
|
ssl->Ed25519SignCtx = ctx;
|
|
}
|
|
}
|
|
/* Get the context for Ed25519 sign callback from the SSL/TLS object.
|
|
*
|
|
* @param [in] ssl SSL/TLS object.
|
|
* @return Context for Ed25519 sign callback.
|
|
* @return NULL when ssl is NULL.
|
|
*/
|
|
void* wolfSSL_GetEd25519SignCtx(WOLFSSL* ssl)
|
|
{
|
|
void* ret;
|
|
|
|
if (ssl == NULL) {
|
|
ret = NULL;
|
|
}
|
|
else {
|
|
ret = ssl->Ed25519SignCtx;
|
|
}
|
|
|
|
return ret;
|
|
}
|
|
|
|
/* Set the Ed25519 verify callback into the SSL/TLS context.
|
|
*
|
|
* @param [in] ctx SSL/TLS context.
|
|
* @param [in] cb Ed25519 verify callback.
|
|
*/
|
|
void wolfSSL_CTX_SetEd25519VerifyCb(WOLFSSL_CTX* ctx, CallbackEd25519Verify cb)
|
|
{
|
|
if (ctx != NULL) {
|
|
ctx->Ed25519VerifyCb = cb;
|
|
}
|
|
}
|
|
/* Set the context for Ed25519 verify callback into the SSL/TLS object.
|
|
*
|
|
* @param [in] ssl SSL/TLS object.
|
|
* @param [in] ctx Context for Ed25519 verify callback.
|
|
*/
|
|
void wolfSSL_SetEd25519VerifyCtx(WOLFSSL* ssl, void *ctx)
|
|
{
|
|
if (ssl != NULL) {
|
|
ssl->Ed25519VerifyCtx = ctx;
|
|
}
|
|
}
|
|
/* Get the context for Ed25519 verify callback from the SSL/TLS object.
|
|
*
|
|
* @param [in] ssl SSL/TLS object.
|
|
* @return Context for Ed25519 verify callback.
|
|
* @return NULL when ssl is NULL.
|
|
*/
|
|
void* wolfSSL_GetEd25519VerifyCtx(WOLFSSL* ssl)
|
|
{
|
|
void* ret;
|
|
|
|
if (ssl == NULL) {
|
|
ret = NULL;
|
|
}
|
|
else {
|
|
ret = ssl->Ed25519VerifyCtx;
|
|
}
|
|
|
|
return ret;
|
|
}
|
|
#endif /* HAVE_ED25519 */
|
|
|
|
#ifdef HAVE_CURVE25519
|
|
/* Set the X25519 key generation callback into the SSL/TLS context.
|
|
*
|
|
* @param [in] ctx SSL/TLS context.
|
|
* @param [in] cb X25519 key generation callback.
|
|
*/
|
|
void wolfSSL_CTX_SetX25519KeyGenCb(WOLFSSL_CTX* ctx, CallbackX25519KeyGen cb)
|
|
{
|
|
if (ctx != NULL) {
|
|
ctx->X25519KeyGenCb = cb;
|
|
}
|
|
}
|
|
/* Set the context for X25519 key generation callback into the SSL/TLS object.
|
|
*
|
|
* @param [in] ssl SSL/TLS object.
|
|
* @param [in] ctx Context for X25519 key generation callback.
|
|
*/
|
|
void wolfSSL_SetX25519KeyGenCtx(WOLFSSL* ssl, void *ctx)
|
|
{
|
|
if (ssl != NULL) {
|
|
ssl->X25519KeyGenCtx = ctx;
|
|
}
|
|
}
|
|
/* Get the context for X25519 key generation callback from the SSL/TLS object.
|
|
*
|
|
* @param [in] ssl SSL/TLS object.
|
|
* @return Context for X25519 key generation callback.
|
|
* @return NULL when ssl is NULL.
|
|
*/
|
|
void* wolfSSL_GetX25519KeyGenCtx(WOLFSSL* ssl)
|
|
{
|
|
void* ret;
|
|
|
|
if (ssl == NULL) {
|
|
ret = NULL;
|
|
}
|
|
else {
|
|
ret = ssl->X25519KeyGenCtx;
|
|
}
|
|
|
|
return ret;
|
|
}
|
|
|
|
/* Set the X25519 shared secret callback into the SSL/TLS context.
|
|
*
|
|
* @param [in] ctx SSL/TLS context.
|
|
* @param [in] cb X25519 shared secret callback.
|
|
*/
|
|
void wolfSSL_CTX_SetX25519SharedSecretCb(WOLFSSL_CTX* ctx,
|
|
CallbackX25519SharedSecret cb)
|
|
{
|
|
if (ctx != NULL) {
|
|
ctx->X25519SharedSecretCb = cb;
|
|
}
|
|
}
|
|
/* Set the context for X25519 shared secret callback into the SSL/TLS object.
|
|
*
|
|
* @param [in] ssl SSL/TLS object.
|
|
* @param [in] ctx Context for X25519 shared secret callback.
|
|
*/
|
|
void wolfSSL_SetX25519SharedSecretCtx(WOLFSSL* ssl, void *ctx)
|
|
{
|
|
if (ssl != NULL) {
|
|
ssl->X25519SharedSecretCtx = ctx;
|
|
}
|
|
}
|
|
/* Get the context for X25519 shared secret callback from the SSL/TLS object.
|
|
*
|
|
* @param [in] ssl SSL/TLS object.
|
|
* @return Context for X25519 shared secret callback.
|
|
* @return NULL when ssl is NULL.
|
|
*/
|
|
void* wolfSSL_GetX25519SharedSecretCtx(WOLFSSL* ssl)
|
|
{
|
|
void* ret;
|
|
|
|
if (ssl == NULL) {
|
|
ret = NULL;
|
|
}
|
|
else {
|
|
ret = ssl->X25519SharedSecretCtx;
|
|
}
|
|
|
|
return ret;
|
|
}
|
|
#endif /* HAVE_CURVE25519 */
|
|
|
|
#ifdef HAVE_ED448
|
|
/* Set the Ed448 sign callback into the SSL/TLS context.
|
|
*
|
|
* @param [in] ctx SSL/TLS context.
|
|
* @param [in] cb Ed448 sign callback.
|
|
*/
|
|
void wolfSSL_CTX_SetEd448SignCb(WOLFSSL_CTX* ctx, CallbackEd448Sign cb)
|
|
{
|
|
if (ctx != NULL) {
|
|
ctx->Ed448SignCb = cb;
|
|
}
|
|
}
|
|
/* Set the context for Ed448 sign callback into the SSL/TLS object.
|
|
*
|
|
* @param [in] ssl SSL/TLS object.
|
|
* @param [in] ctx Context for Ed448 sign callback.
|
|
*/
|
|
void wolfSSL_SetEd448SignCtx(WOLFSSL* ssl, void *ctx)
|
|
{
|
|
if (ssl != NULL) {
|
|
ssl->Ed448SignCtx = ctx;
|
|
}
|
|
}
|
|
/* Get the context for Ed448 sign callback from the SSL/TLS object.
|
|
*
|
|
* @param [in] ssl SSL/TLS object.
|
|
* @return Context for Ed448 sign callback.
|
|
* @return NULL when ssl is NULL.
|
|
*/
|
|
void* wolfSSL_GetEd448SignCtx(WOLFSSL* ssl)
|
|
{
|
|
void* ret;
|
|
|
|
if (ssl == NULL) {
|
|
ret = NULL;
|
|
}
|
|
else {
|
|
ret = ssl->Ed448SignCtx;
|
|
}
|
|
|
|
return ret;
|
|
}
|
|
|
|
/* Set the Ed448 verify callback into the SSL/TLS context.
|
|
*
|
|
* @param [in] ctx SSL/TLS context.
|
|
* @param [in] cb Ed448 verify callback.
|
|
*/
|
|
void wolfSSL_CTX_SetEd448VerifyCb(WOLFSSL_CTX* ctx, CallbackEd448Verify cb)
|
|
{
|
|
if (ctx != NULL) {
|
|
ctx->Ed448VerifyCb = cb;
|
|
}
|
|
}
|
|
/* Set the context for Ed448 verify callback into the SSL/TLS object.
|
|
*
|
|
* @param [in] ssl SSL/TLS object.
|
|
* @param [in] ctx Context for Ed448 verify callback.
|
|
*/
|
|
void wolfSSL_SetEd448VerifyCtx(WOLFSSL* ssl, void *ctx)
|
|
{
|
|
if (ssl != NULL) {
|
|
ssl->Ed448VerifyCtx = ctx;
|
|
}
|
|
}
|
|
/* Get the context for Ed448 verify callback from the SSL/TLS object.
|
|
*
|
|
* @param [in] ssl SSL/TLS object.
|
|
* @return Context for Ed448 verify callback.
|
|
* @return NULL when ssl is NULL.
|
|
*/
|
|
void* wolfSSL_GetEd448VerifyCtx(WOLFSSL* ssl)
|
|
{
|
|
void* ret;
|
|
|
|
if (ssl == NULL) {
|
|
ret = NULL;
|
|
}
|
|
else {
|
|
ret = ssl->Ed448VerifyCtx;
|
|
}
|
|
|
|
return ret;
|
|
}
|
|
#endif /* HAVE_ED448 */
|
|
|
|
#ifdef HAVE_CURVE448
|
|
/* Set the X448 key generation callback into the SSL/TLS context.
|
|
*
|
|
* @param [in] ctx SSL/TLS context.
|
|
* @param [in] cb X448 key generation callback.
|
|
*/
|
|
void wolfSSL_CTX_SetX448KeyGenCb(WOLFSSL_CTX* ctx,
|
|
CallbackX448KeyGen cb)
|
|
{
|
|
if (ctx != NULL) {
|
|
ctx->X448KeyGenCb = cb;
|
|
}
|
|
}
|
|
/* Set the context for X448 key generation callback into the SSL/TLS object.
|
|
*
|
|
* @param [in] ssl SSL/TLS object.
|
|
* @param [in] ctx Context for X448 key generation callback.
|
|
*/
|
|
void wolfSSL_SetX448KeyGenCtx(WOLFSSL* ssl, void *ctx)
|
|
{
|
|
if (ssl != NULL) {
|
|
ssl->X448KeyGenCtx = ctx;
|
|
}
|
|
}
|
|
/* Get the context for X448 key generation callback from the SSL/TLS object.
|
|
*
|
|
* @param [in] ssl SSL/TLS object.
|
|
* @return Context for X448 key generation callback.
|
|
* @return NULL when ssl is NULL.
|
|
*/
|
|
void* wolfSSL_GetX448KeyGenCtx(WOLFSSL* ssl)
|
|
{
|
|
void* ret;
|
|
|
|
if (ssl == NULL) {
|
|
ret = NULL;
|
|
}
|
|
else {
|
|
ret = ssl->X448KeyGenCtx;
|
|
}
|
|
|
|
return ret;
|
|
}
|
|
|
|
/* Set the X448 shared secret callback into the SSL/TLS context.
|
|
*
|
|
* @param [in] ctx SSL/TLS context.
|
|
* @param [in] cb X448 shared secret callback.
|
|
*/
|
|
void wolfSSL_CTX_SetX448SharedSecretCb(WOLFSSL_CTX* ctx,
|
|
CallbackX448SharedSecret cb)
|
|
{
|
|
if (ctx != NULL) {
|
|
ctx->X448SharedSecretCb = cb;
|
|
}
|
|
}
|
|
/* Set the context for X448 shared secret callback into the SSL/TLS object.
|
|
*
|
|
* @param [in] ssl SSL/TLS object.
|
|
* @param [in] ctx Context for X448 shared secret callback.
|
|
*/
|
|
void wolfSSL_SetX448SharedSecretCtx(WOLFSSL* ssl, void *ctx)
|
|
{
|
|
if (ssl != NULL) {
|
|
ssl->X448SharedSecretCtx = ctx;
|
|
}
|
|
}
|
|
/* Get the context for X448 shared secret callback from the SSL/TLS object.
|
|
*
|
|
* @param [in] ssl SSL/TLS object.
|
|
* @return Context for X448 shared secret callback.
|
|
* @return NULL when ssl is NULL.
|
|
*/
|
|
void* wolfSSL_GetX448SharedSecretCtx(WOLFSSL* ssl)
|
|
{
|
|
void* ret;
|
|
|
|
if (ssl == NULL) {
|
|
ret = NULL;
|
|
}
|
|
else {
|
|
ret = ssl->X448SharedSecretCtx;
|
|
}
|
|
|
|
return ret;
|
|
}
|
|
#endif /* HAVE_CURVE448 */
|
|
|
|
#ifndef NO_RSA
|
|
/* Set the RSA sign callback into the SSL/TLS context.
|
|
*
|
|
* @param [in] ctx SSL/TLS context.
|
|
* @param [in] cb RSA sign callback.
|
|
*/
|
|
void wolfSSL_CTX_SetRsaSignCb(WOLFSSL_CTX* ctx, CallbackRsaSign cb)
|
|
{
|
|
if (ctx != NULL) {
|
|
ctx->RsaSignCb = cb;
|
|
}
|
|
}
|
|
/* Set the RSA sign check callback into the SSL/TLS context.
|
|
*
|
|
* @param [in] ctx SSL/TLS context.
|
|
* @param [in] cb RSA sign check callback.
|
|
*/
|
|
void wolfSSL_CTX_SetRsaSignCheckCb(WOLFSSL_CTX* ctx, CallbackRsaVerify cb)
|
|
{
|
|
if (ctx != NULL) {
|
|
ctx->RsaSignCheckCb = cb;
|
|
}
|
|
}
|
|
/* Set the context for RSA sign callback into the SSL/TLS object.
|
|
*
|
|
* @param [in] ssl SSL/TLS object.
|
|
* @param [in] ctx Context for RSA sign callback.
|
|
*/
|
|
void wolfSSL_SetRsaSignCtx(WOLFSSL* ssl, void *ctx)
|
|
{
|
|
if (ssl != NULL) {
|
|
ssl->RsaSignCtx = ctx;
|
|
}
|
|
}
|
|
/* Get the context for RSA sign callback from the SSL/TLS object.
|
|
*
|
|
* @param [in] ssl SSL/TLS object.
|
|
* @return Context for RSA sign callback.
|
|
* @return NULL when ssl is NULL.
|
|
*/
|
|
void* wolfSSL_GetRsaSignCtx(WOLFSSL* ssl)
|
|
{
|
|
void* ret;
|
|
|
|
if (ssl == NULL) {
|
|
ret = NULL;
|
|
}
|
|
else {
|
|
ret = ssl->RsaSignCtx;
|
|
}
|
|
|
|
return ret;
|
|
}
|
|
|
|
/* Set the RSA verify callback into the SSL/TLS context.
|
|
*
|
|
* @param [in] ctx SSL/TLS context.
|
|
* @param [in] cb RSA verify callback.
|
|
*/
|
|
void wolfSSL_CTX_SetRsaVerifyCb(WOLFSSL_CTX* ctx, CallbackRsaVerify cb)
|
|
{
|
|
if (ctx != NULL) {
|
|
ctx->RsaVerifyCb = cb;
|
|
}
|
|
}
|
|
/* Set the context for RSA verify callback into the SSL/TLS object.
|
|
*
|
|
* @param [in] ssl SSL/TLS object.
|
|
* @param [in] ctx Context for RSA verify callback.
|
|
*/
|
|
void wolfSSL_SetRsaVerifyCtx(WOLFSSL* ssl, void *ctx)
|
|
{
|
|
if (ssl != NULL) {
|
|
ssl->RsaVerifyCtx = ctx;
|
|
}
|
|
}
|
|
/* Get the context for RSA verify callback from the SSL/TLS object.
|
|
*
|
|
* @param [in] ssl SSL/TLS object.
|
|
* @return Context for RSA verify callback.
|
|
* @return NULL when ssl is NULL.
|
|
*/
|
|
void* wolfSSL_GetRsaVerifyCtx(WOLFSSL* ssl)
|
|
{
|
|
void* ret;
|
|
|
|
if (ssl == NULL) {
|
|
ret = NULL;
|
|
}
|
|
else {
|
|
ret = ssl->RsaVerifyCtx;
|
|
}
|
|
|
|
return ret;
|
|
}
|
|
|
|
#ifdef WC_RSA_PSS
|
|
/* Set the RSA PSS sign callback into the SSL/TLS context.
|
|
*
|
|
* @param [in] ctx SSL/TLS context.
|
|
* @param [in] cb RSA PSS sign callback.
|
|
*/
|
|
void wolfSSL_CTX_SetRsaPssSignCb(WOLFSSL_CTX* ctx, CallbackRsaPssSign cb)
|
|
{
|
|
if (ctx != NULL) {
|
|
ctx->RsaPssSignCb = cb;
|
|
}
|
|
}
|
|
/* Set the RSA PSS sign check callback into the SSL/TLS context.
|
|
*
|
|
* @param [in] ctx SSL/TLS context.
|
|
* @param [in] cb RSA PSS sign check callback.
|
|
*/
|
|
void wolfSSL_CTX_SetRsaPssSignCheckCb(WOLFSSL_CTX* ctx,
|
|
CallbackRsaPssVerify cb)
|
|
{
|
|
if (ctx != NULL) {
|
|
ctx->RsaPssSignCheckCb = cb;
|
|
}
|
|
}
|
|
/* Set the context for RSA PSS sign callback into the SSL/TLS object.
|
|
*
|
|
* @param [in] ssl SSL/TLS object.
|
|
* @param [in] ctx Context for RSA PSS sign callback.
|
|
*/
|
|
void wolfSSL_SetRsaPssSignCtx(WOLFSSL* ssl, void *ctx)
|
|
{
|
|
if (ssl != NULL) {
|
|
ssl->RsaPssSignCtx = ctx;
|
|
}
|
|
}
|
|
/* Get the context for RSA PSS sign callback from the SSL/TLS object.
|
|
*
|
|
* @param [in] ssl SSL/TLS object.
|
|
* @return Context for RSA PSS sign callback.
|
|
* @return NULL when ssl is NULL.
|
|
*/
|
|
void* wolfSSL_GetRsaPssSignCtx(WOLFSSL* ssl)
|
|
{
|
|
void* ret;
|
|
|
|
if (ssl == NULL) {
|
|
ret = NULL;
|
|
}
|
|
else {
|
|
ret = ssl->RsaPssSignCtx;
|
|
}
|
|
|
|
return ret;
|
|
}
|
|
|
|
/* Set the RSA PSS verify callback into the SSL/TLS context.
|
|
*
|
|
* @param [in] ctx SSL/TLS context.
|
|
* @param [in] cb RSA PSS verify callback.
|
|
*/
|
|
void wolfSSL_CTX_SetRsaPssVerifyCb(WOLFSSL_CTX* ctx, CallbackRsaPssVerify cb)
|
|
{
|
|
if (ctx != NULL) {
|
|
ctx->RsaPssVerifyCb = cb;
|
|
}
|
|
}
|
|
/* Set the context for RSA PSS verify callback into the SSL/TLS object.
|
|
*
|
|
* @param [in] ssl SSL/TLS object.
|
|
* @param [in] ctx Context for RSA PSS verify callback.
|
|
*/
|
|
void wolfSSL_SetRsaPssVerifyCtx(WOLFSSL* ssl, void *ctx)
|
|
{
|
|
if (ssl != NULL) {
|
|
ssl->RsaPssVerifyCtx = ctx;
|
|
}
|
|
}
|
|
/* Get the context for RSA PSS verify callback from the SSL/TLS object.
|
|
*
|
|
* @param [in] ssl SSL/TLS object.
|
|
* @return Context for RSA PSS verify callback.
|
|
* @return NULL when ssl is NULL.
|
|
*/
|
|
void* wolfSSL_GetRsaPssVerifyCtx(WOLFSSL* ssl)
|
|
{
|
|
void* ret;
|
|
|
|
if (ssl == NULL) {
|
|
ret = NULL;
|
|
}
|
|
else {
|
|
ret = ssl->RsaPssVerifyCtx;
|
|
}
|
|
|
|
return ret;
|
|
}
|
|
#endif /* WC_RSA_PSS */
|
|
|
|
/* Set the RSA encrypt callback into the SSL/TLS context.
|
|
*
|
|
* @param [in] ctx SSL/TLS context.
|
|
* @param [in] cb RSA encrypt callback.
|
|
*/
|
|
void wolfSSL_CTX_SetRsaEncCb(WOLFSSL_CTX* ctx, CallbackRsaEnc cb)
|
|
{
|
|
if (ctx != NULL) {
|
|
ctx->RsaEncCb = cb;
|
|
}
|
|
}
|
|
/* Set the context for RSA encrypt callback into the SSL/TLS object.
|
|
*
|
|
* @param [in] ssl SSL/TLS object.
|
|
* @param [in] ctx Context for RSA encrypt callback.
|
|
*/
|
|
void wolfSSL_SetRsaEncCtx(WOLFSSL* ssl, void *ctx)
|
|
{
|
|
if (ssl != NULL) {
|
|
ssl->RsaEncCtx = ctx;
|
|
}
|
|
}
|
|
/* Get the context for RSA encrypt callback from the SSL/TLS object.
|
|
*
|
|
* @param [in] ssl SSL/TLS object.
|
|
* @return Context for RSA encrypt callback.
|
|
* @return NULL when ssl is NULL.
|
|
*/
|
|
void* wolfSSL_GetRsaEncCtx(WOLFSSL* ssl)
|
|
{
|
|
void* ret;
|
|
|
|
if (ssl == NULL) {
|
|
ret = NULL;
|
|
}
|
|
else {
|
|
ret = ssl->RsaEncCtx;
|
|
}
|
|
|
|
return ret;
|
|
}
|
|
|
|
/* Set the RSA decrypt callback into the SSL/TLS context.
|
|
*
|
|
* @param [in] ctx SSL/TLS context.
|
|
* @param [in] cb RSA decrypt callback.
|
|
*/
|
|
void wolfSSL_CTX_SetRsaDecCb(WOLFSSL_CTX* ctx, CallbackRsaDec cb)
|
|
{
|
|
if (ctx != NULL) {
|
|
ctx->RsaDecCb = cb;
|
|
}
|
|
}
|
|
/* Set the context for RSA decrypt callback into the SSL/TLS object.
|
|
*
|
|
* @param [in] ssl SSL/TLS object.
|
|
* @param [in] ctx Context for RSA decrypt callback.
|
|
*/
|
|
void wolfSSL_SetRsaDecCtx(WOLFSSL* ssl, void *ctx)
|
|
{
|
|
if (ssl != NULL) {
|
|
ssl->RsaDecCtx = ctx;
|
|
}
|
|
}
|
|
/* Get the context for RSA decrypt callback from the SSL/TLS object.
|
|
*
|
|
* @param [in] ssl SSL/TLS object.
|
|
* @return Context for RSA decrypt callback.
|
|
* @return NULL when ssl is NULL.
|
|
*/
|
|
void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl)
|
|
{
|
|
void* ret;
|
|
|
|
if (ssl == NULL) {
|
|
ret = NULL;
|
|
}
|
|
else {
|
|
ret = ssl->RsaDecCtx;
|
|
}
|
|
|
|
return ret;
|
|
}
|
|
#endif /* NO_RSA */
|
|
|
|
#endif /* HAVE_PK_CALLBACKS */
|
|
|
|
#endif /* !NO_CERTS */
|
|
|
|
#if defined(HAVE_PK_CALLBACKS) && !defined(NO_DH)
|
|
/* Set the DH key pair generation callback into the SSL/TLS context.
|
|
*
|
|
* @param [in] ctx SSL/TLS context.
|
|
* @param [in] cb DH key pair generation callback.
|
|
*/
|
|
void wolfSSL_CTX_SetDhGenerateKeyPair(WOLFSSL_CTX* ctx,
|
|
CallbackDhGenerateKeyPair cb)
|
|
{
|
|
if (ctx != NULL) {
|
|
ctx->DhGenerateKeyPairCb = cb;
|
|
}
|
|
}
|
|
/* Set the DH key agree callback into the SSL/TLS context.
|
|
*
|
|
* @param [in] ctx SSL/TLS context.
|
|
* @param [in] cb DH key agree callback.
|
|
*/
|
|
void wolfSSL_CTX_SetDhAgreeCb(WOLFSSL_CTX* ctx, CallbackDhAgree cb)
|
|
{
|
|
if (ctx != NULL) {
|
|
ctx->DhAgreeCb = cb;
|
|
}
|
|
}
|
|
/* Set the context for DH key agree callback into the SSL/TLS object.
|
|
*
|
|
* @param [in] ssl SSL/TLS object.
|
|
* @param [in] ctx Context for DH key agree callback.
|
|
*/
|
|
void wolfSSL_SetDhAgreeCtx(WOLFSSL* ssl, void *ctx)
|
|
{
|
|
if (ssl != NULL) {
|
|
ssl->DhAgreeCtx = ctx;
|
|
}
|
|
}
|
|
/* Get the context for DH key ageww callback from the SSL/TLS object.
|
|
*
|
|
* @param [in] ssl SSL/TLS object.
|
|
* @return Context for DH key agree callback.
|
|
* @return NULL when ssl is NULL.
|
|
*/
|
|
void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
|
|
{
|
|
void* ret;
|
|
|
|
if (ssl == NULL) {
|
|
ret = NULL;
|
|
}
|
|
else {
|
|
ret = ssl->DhAgreeCtx;
|
|
}
|
|
|
|
return ret;
|
|
}
|
|
#endif /* HAVE_PK_CALLBACKS && !NO_DH */
|
|
|
|
#endif /* !WOLFSSL_SSL_API_PK_INCLUDED */
|