Merged ECDSA-based key-exchange and ciphersuites into development
Conflicts:
include/polarssl/config.h
library/ssl_cli.c
library/ssl_srv.c
library/ssl_tls.c
diff --git a/library/bignum.c b/library/bignum.c
index b0bbf8f..f94d08d 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -1980,7 +1980,7 @@
return( ret );
}
-#endif
+#endif /* POLARSSL_GENPRIME */
#if defined(POLARSSL_SELF_TEST)
@@ -2092,7 +2092,6 @@
if( verbose != 0 )
printf( "passed\n" );
-#if defined(POLARSSL_GENPRIME)
MPI_CHK( mpi_inv_mod( &X, &A, &N ) );
MPI_CHK( mpi_read_string( &U, 16,
@@ -2113,7 +2112,6 @@
if( verbose != 0 )
printf( "passed\n" );
-#endif
if( verbose != 0 )
printf( " MPI test #5 (simple gcd): " );
diff --git a/library/certs.c b/library/certs.c
index e2d07f7..ecfc829 100644
--- a/library/certs.c
+++ b/library/certs.c
@@ -27,6 +27,77 @@
#if defined(POLARSSL_CERTS_C)
+#if defined(POLARSSL_ECDSA_C)
+const char test_ca_crt[] =
+"-----BEGIN CERTIFICATE-----\r\n"
+"MIICEjCCAbmgAwIBAgIJAK1CeXaecvbhMAkGByqGSM49BAEwPjELMAkGA1UEBhMC\r\n"
+"TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD\r\n"
+"IENBMB4XDTEzMDgwOTA3NDk0NloXDTIzMDgwNzA3NDk0NlowPjELMAkGA1UEBhMC\r\n"
+"TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD\r\n"
+"IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAElrizLPspIX2+kNvC+BOpJnw1\r\n"
+"9tnAi5nsUnt8r6N+KDybdaVUWmLIqZCrjuaGKwOdOZtl/bBp8KOpLZ4UDujV/qOB\r\n"
+"oDCBnTAdBgNVHQ4EFgQUvEDvue6auzY54S2porosu6a9EHEwbgYDVR0jBGcwZYAU\r\n"
+"vEDvue6auzY54S2porosu6a9EHGhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQK\r\n"
+"EwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAK1CeXae\r\n"
+"cvbhMAwGA1UdEwQFMAMBAf8wCQYHKoZIzj0EAQNIADBFAiBs5rd9NzQs/wQZVS6D\r\n"
+"rjpOpzFteqBkqe6YgKWkG5kDVwIhAKr4Lr4v+MU1G5D5oSZXYxvUPBa4yARcD7QM\r\n"
+"espQnlFX\r\n"
+"-----END CERTIFICATE-----\r\n";
+
+const char test_ca_key[] =
+"-----BEGIN EC PRIVATE KEY-----\r\n"
+"Proc-Type: 4,ENCRYPTED\r\n"
+"DEK-Info: AES-128-CBC,2A7435F5137D68C6402DB35E5BFD277A\r\n"
+"\r\n"
+"Sw5YgGVvNxXMvnGKYPuUqiDfjXhK/VTQ6dE9+33jwobKJvqR4pIrelw5QbJ5MCi2\r\n"
+"dRGEMi4hT+EiS1UZtagqYUQyYZegZB48eoSRySsfW3kqQ4aG99+4iDLCY+JhICs9\r\n"
+"aZdJhyUSOy2KRnFN/ZUy/Hvlsy10dw/Cp73TpJZmTz4=\r\n"
+"-----END EC PRIVATE KEY-----\r\n";
+
+const char test_ca_pwd[] = "PolarSSLTest";
+
+const char test_srv_crt[] =
+"-----BEGIN CERTIFICATE-----\r\n"
+"MIIB7TCCAZSgAwIBAgIBAzAJBgcqhkjOPQQBMD4xCzAJBgNVBAYTAk5MMREwDwYD\r\n"
+"VQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTAeFw0x\r\n"
+"MzA4MDkwNzU3NDBaFw0yMzA4MDcwNzU3NDBaMDQxCzAJBgNVBAYTAk5MMREwDwYD\r\n"
+"VQQKEwhQb2xhclNTTDESMBAGA1UEAxMJbG9jYWxob3N0MEkwEwYHKoZIzj0CAQYI\r\n"
+"KoZIzj0DAQEDMgAEy0Lh3ZfhEwBiC8jmJfEg8NGxCDqHEtz+hPgYs37hDz9wTOoY\r\n"
+"+CJDtEUcDedgFCpqo4GdMIGaMAkGA1UdEwQCMAAwHQYDVR0OBBYEFKItALYotNzi\r\n"
+"cfBPd7LwETtkYmdBMG4GA1UdIwRnMGWAFLxA77numrs2OeEtqaK6LLumvRBxoUKk\r\n"
+"QDA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1Bv\r\n"
+"bGFyc3NsIFRlc3QgRUMgQ0GCCQCtQnl2nnL24TAJBgcqhkjOPQQBA0gAMEUCIE/J\r\n"
+"rb3TrYL+z1OsZ2rtCmji7hrPj570X4Qkm1Pb5QEvAiEAiq46sM0+1DSAU0u8FcuL\r\n"
+"jbRvSP9W7EJjb9QR3zNYbX4=\r\n"
+"-----END CERTIFICATE-----\r\n";
+
+const char test_srv_key[] =
+"-----BEGIN EC PRIVATE KEY-----\r\n"
+"MF8CAQEEGO82j8OXBoUhVyauCA8XZ288l595u7BXWqAKBggqhkjOPQMBAaE0AzIA\r\n"
+"BMtC4d2X4RMAYgvI5iXxIPDRsQg6hxLc/oT4GLN+4Q8/cEzqGPgiQ7RFHA3nYBQq\r\n"
+"ag==\r\n"
+"-----END EC PRIVATE KEY-----\r\n";
+
+const char test_cli_crt[] =
+"-----BEGIN CERTIFICATE-----\r\n"
+"MIIBUjCB+gIBEjAJBgcqhkjOPQQBMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQ\r\n"
+"b2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTAeFw0xMzA4MjIx\r\n"
+"NDQyMTdaFw0yMzA4MjAxNDQyMTdaMD8xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQ\r\n"
+"b2xhclNTTDEdMBsGA1UEAxMUUG9sYXJTU0wgVGVzdCBDbGllbnQwSTATBgcqhkjO\r\n"
+"PQIBBggqhkjOPQMBAQMyAATnnXkhKuPh1tou3B+DV9lyE4IlISuYVm86E776WBm5\r\n"
+"+hNTqK0AaV6gqEL/XdLEGVwwCQYHKoZIzj0EAQNIADBFAiEA/xaze0PZk51nJJSR\r\n"
+"Z5SmN9VlzqgN2aSmL4JQRPzjDr0CIFOmuwP8WRdPUJvXh7NQgvl4kW3xkcrmfd6a\r\n"
+"zJbBMLxH\r\n"
+"-----END CERTIFICATE-----\r\n";
+
+const char test_cli_key[] =
+"-----BEGIN EC PRIVATE KEY-----\r\n"
+"MF8CAQEEGCTQxP5vTfEwCWdeLdPqgGQ4AuxGG3gPA6AKBggqhkjOPQMBAaE0AzIA\r\n"
+"BOedeSEq4+HW2i7cH4NX2XITgiUhK5hWbzoTvvpYGbn6E1OorQBpXqCoQv9d0sQZ\r\n"
+"XA==\r\n"
+"-----END EC PRIVATE KEY-----\r\n";
+
+#else /* !POLARSSL_ECDSA_C, so POLARSSL_RSA_C */
const char test_ca_crt[] =
"-----BEGIN CERTIFICATE-----\r\n"
"MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n"
@@ -123,7 +194,7 @@
"oArQJGgkAdaq0pcTyOIjtTQVMFygdVmCEJmxh/3RutPcTeydqW9fphKDMej32J8e\r\n"
"GniGmNGiclbcfNOS8E5TGp445yZb9P1+7AHng16bGg3Ykj5EA4G+HCcCgYEAyHAl\r\n"
"//ekk8YjQElm+8izLtFkymIK0aCtEe9C/RIRhFYBeFaotC5dStNhBOncn4ovMAPD\r\n"
-"lX/92yDi9OP8PPLN3a4B9XpW3k/SS5GrbT5cwOivBHNllZSmu/2qz5WPGcjVCOrB\r\n"
+"Lx/92YdI9op8ppln3a4B9XpW3k/SS5GrbT5cwOivBHNllZSmu/2qz5WPGcjVCOrB\r\n"
"LYl3YWr2h3EGKICT03kEoTkiDBvCeOpW7cCGl2cCgYBD5whoXHz1+ptPlI4YVjZt\r\n"
"Xh86aU+ajpVPiEyJ84I6xXmO4SZXv8q6LaycR0ZMbcL+zBelMb4Z2nBv7jNrtuR7\r\n"
"ZF28cdPv+YVr3esaybZE/73VjXup4SQPH6r3l7qKTVi+y6+FeJ4b2Xn8/MwgnT23\r\n"
@@ -185,6 +256,7 @@
"bHFVW2r0dBTqegP2/KTOxKzaHfC1qf0RGDsUoJCNJrd1cwoCLG8P2EF4w3OBrKqv\r\n"
"8u4ytY0F+Vlanj5lm3TaoHSVF1+NWPyOTiwevIECGKwSxvlki4fDAA==\r\n"
"-----END RSA PRIVATE KEY-----\r\n";
+#endif /* !POLARSSL_ECDSA_C, so POLARSSL_RSA_C */
const char test_dhm_params[] =
"-----BEGIN DH PARAMETERS-----\r\n"
@@ -193,4 +265,4 @@
"9mLJKudlVudV0Qxk5qUJaPZ/xupz0NyoVpviuiBOI1gNi8ovSXWzAgEC\r\n"
"-----END DH PARAMETERS-----\r\n";
-#endif
+#endif /* POLARSSL_CERTS_C */
diff --git a/library/ecdsa.c b/library/ecdsa.c
index bdb3567..67774c9 100644
--- a/library/ecdsa.c
+++ b/library/ecdsa.c
@@ -134,7 +134,7 @@
if( mpi_cmp_int( r, 1 ) < 0 || mpi_cmp_mpi( r, &grp->N ) >= 0 ||
mpi_cmp_int( s, 1 ) < 0 || mpi_cmp_mpi( s, &grp->N ) >= 0 )
{
- ret = POLARSSL_ERR_ECP_BAD_INPUT_DATA;
+ ret = POLARSSL_ERR_ECP_VERIFY_FAILED;
goto cleanup;
}
@@ -168,7 +168,7 @@
if( ecp_is_zero( &R ) )
{
- ret = POLARSSL_ERR_ECP_BAD_INPUT_DATA;
+ ret = POLARSSL_ERR_ECP_VERIFY_FAILED;
goto cleanup;
}
@@ -177,7 +177,7 @@
*/
if( mpi_cmp_mpi( &R.X, r ) != 0 )
{
- ret = POLARSSL_ERR_ECP_BAD_INPUT_DATA;
+ ret = POLARSSL_ERR_ECP_VERIFY_FAILED;
goto cleanup;
}
diff --git a/library/error.c b/library/error.c
index 0ea3c29..35a4af0 100644
--- a/library/error.c
+++ b/library/error.c
@@ -251,7 +251,7 @@
if( use_ret == -(POLARSSL_ERR_PK_MALLOC_FAILED) )
snprintf( buf, buflen, "PK - Memory alloation failed" );
if( use_ret == -(POLARSSL_ERR_PK_TYPE_MISMATCH) )
- snprintf( buf, buflen, "PK - Type mismatch, eg attempt to use a RSA key as EC, or to modify key type" );
+ snprintf( buf, buflen, "PK - Type mismatch, eg attempt to encrypt with an ECDSA key" );
if( use_ret == -(POLARSSL_ERR_PK_BAD_INPUT_DATA) )
snprintf( buf, buflen, "PK - Bad input parameters to function" );
#endif /* POLARSSL_PK_C */
diff --git a/library/pk.c b/library/pk.c
index 3711794..77f5034 100644
--- a/library/pk.c
+++ b/library/pk.c
@@ -25,6 +25,8 @@
#include "polarssl/config.h"
+#if defined(POLARSSL_PK_C)
+
#include "polarssl/pk.h"
#include "polarssl/pk_wrap.h"
@@ -84,6 +86,7 @@
case POLARSSL_PK_ECDSA:
return &ecdsa_info;
#endif
+ /* POLARSSL_PK_RSA_ALT ommited on purpose */
default:
return NULL;
}
@@ -106,6 +109,35 @@
}
/*
+ * Initialize an RSA-alt context
+ */
+int pk_init_ctx_rsa_alt( pk_context *ctx, void * key,
+ pk_rsa_alt_decrypt_func decrypt_func,
+ pk_rsa_alt_sign_func sign_func,
+ pk_rsa_alt_key_len_func key_len_func )
+{
+ rsa_alt_context *rsa_alt;
+ const pk_info_t *info = &rsa_alt_info;
+
+ if( ctx == NULL || ctx->pk_info != NULL )
+ return( POLARSSL_ERR_PK_BAD_INPUT_DATA );
+
+ if( ( ctx->pk_ctx = info->ctx_alloc_func() ) == NULL )
+ return( POLARSSL_ERR_PK_MALLOC_FAILED );
+
+ ctx->pk_info = info;
+
+ rsa_alt = (rsa_alt_context *) ctx->pk_ctx;
+
+ rsa_alt->key = key;
+ rsa_alt->decrypt_func = decrypt_func;
+ rsa_alt->sign_func = sign_func;
+ rsa_alt->key_len_func = key_len_func;
+
+ return( 0 );
+}
+
+/*
* Tell if a PK can do the operations of the given type
*/
int pk_can_do( pk_context *ctx, pk_type_t type )
@@ -118,24 +150,96 @@
}
/*
+ * Helper for pk_sign and pk_verify
+ */
+static inline int pk_hashlen_helper( md_type_t md_alg, size_t *hash_len )
+{
+ const md_info_t *md_info;
+
+ if( *hash_len != 0 )
+ return( 0 );
+
+ if( ( md_info = md_info_from_type( md_alg ) ) == NULL )
+ return( -1 );
+
+ *hash_len = md_info->size;
+ return( 0 );
+}
+
+/*
* Verify a signature
*/
int pk_verify( pk_context *ctx, md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
const unsigned char *sig, size_t sig_len )
{
- if( ctx == NULL || ctx->pk_info == NULL )
+ if( ctx == NULL || ctx->pk_info == NULL ||
+ pk_hashlen_helper( md_alg, &hash_len ) != 0 )
return( POLARSSL_ERR_PK_BAD_INPUT_DATA );
if( ctx->pk_info->verify_func == NULL )
return( POLARSSL_ERR_PK_TYPE_MISMATCH );
- return( ctx->pk_info->verify_func( ctx->pk_ctx, md_alg,
- hash, hash_len,
+ return( ctx->pk_info->verify_func( ctx->pk_ctx, md_alg, hash, hash_len,
sig, sig_len ) );
}
/*
+ * Make a signature
+ */
+int pk_sign( pk_context *ctx, md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ unsigned char *sig, size_t *sig_len,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+{
+ if( ctx == NULL || ctx->pk_info == NULL ||
+ pk_hashlen_helper( md_alg, &hash_len ) != 0 )
+ return( POLARSSL_ERR_PK_BAD_INPUT_DATA );
+
+ if( ctx->pk_info->sign_func == NULL )
+ return( POLARSSL_ERR_PK_TYPE_MISMATCH );
+
+ return( ctx->pk_info->sign_func( ctx->pk_ctx, md_alg, hash, hash_len,
+ sig, sig_len, f_rng, p_rng ) );
+}
+
+/*
+ * Decrypt message
+ */
+int pk_decrypt( pk_context *ctx,
+ const unsigned char *input, size_t ilen,
+ unsigned char *output, size_t *olen, size_t osize,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+{
+ if( ctx == NULL || ctx->pk_info == NULL )
+ return( POLARSSL_ERR_PK_BAD_INPUT_DATA );
+
+ if( ctx->pk_info->decrypt_func == NULL )
+ return( POLARSSL_ERR_PK_TYPE_MISMATCH );
+
+ return( ctx->pk_info->decrypt_func( ctx->pk_ctx, input, ilen,
+ output, olen, osize, f_rng, p_rng ) );
+}
+
+/*
+ * Encrypt message
+ */
+int pk_encrypt( pk_context *ctx,
+ const unsigned char *input, size_t ilen,
+ unsigned char *output, size_t *olen, size_t osize,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+{
+ if( ctx == NULL || ctx->pk_info == NULL )
+ return( POLARSSL_ERR_PK_BAD_INPUT_DATA );
+
+ if( ctx->pk_info->encrypt_func == NULL )
+ return( POLARSSL_ERR_PK_TYPE_MISMATCH );
+
+ return( ctx->pk_info->encrypt_func( ctx->pk_ctx, input, ilen,
+ output, olen, osize, f_rng, p_rng ) );
+}
+
+/*
* Get key size in bits
*/
size_t pk_get_size( const pk_context *ctx )
@@ -168,3 +272,5 @@
return( ctx->pk_info->name );
}
+
+#endif /* POLARSSL_PK_C */
diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index c2a4c7f..94f5282 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -25,11 +25,12 @@
#include "polarssl/config.h"
+#if defined(POLARSSL_PK_C)
+
#include "polarssl/pk_wrap.h"
-#if defined(POLARSSL_RSA_C)
+/* Even if RSA not activated, for the sake of RSA-alt */
#include "polarssl/rsa.h"
-#endif
#if defined(POLARSSL_ECP_C)
#include "polarssl/ecp.h"
@@ -47,13 +48,14 @@
#define polarssl_free free
#endif
-#if defined(POLARSSL_RSA_C)
+/* Used by RSA-alt too */
static int rsa_can_do( pk_type_t type )
{
return( type == POLARSSL_PK_RSA );
}
-static size_t rsa_get_size( const void * ctx )
+#if defined(POLARSSL_RSA_C)
+static size_t rsa_get_size( const void *ctx )
{
return( 8 * ((rsa_context *) ctx)->len );
}
@@ -69,6 +71,45 @@
RSA_PUBLIC, md_alg, hash_len, hash, sig ) );
}
+static int rsa_sign_wrap( void *ctx, md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ unsigned char *sig, size_t *sig_len,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+{
+ *sig_len = ((rsa_context *) ctx)->len;
+
+ return( rsa_pkcs1_sign( (rsa_context *) ctx, f_rng, p_rng, RSA_PRIVATE,
+ md_alg, hash_len, hash, sig ) );
+}
+
+static int rsa_decrypt_wrap( void *ctx,
+ const unsigned char *input, size_t ilen,
+ unsigned char *output, size_t *olen, size_t osize,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+{
+ ((void) f_rng);
+ ((void) p_rng);
+
+ if( ilen != ((rsa_context *) ctx)->len )
+ return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
+
+ return( rsa_pkcs1_decrypt( (rsa_context *) ctx,
+ RSA_PRIVATE, olen, input, output, osize ) );
+}
+
+static int rsa_encrypt_wrap( void *ctx,
+ const unsigned char *input, size_t ilen,
+ unsigned char *output, size_t *olen, size_t osize,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+{
+ ((void) osize);
+
+ *olen = ((rsa_context *) ctx)->len;
+
+ return( rsa_pkcs1_encrypt( (rsa_context *) ctx,
+ f_rng, p_rng, RSA_PUBLIC, ilen, input, output ) );
+}
+
static void *rsa_alloc_wrap( void )
{
void *ctx = polarssl_malloc( sizeof( rsa_context ) );
@@ -104,6 +145,9 @@
rsa_get_size,
rsa_can_do,
rsa_verify_wrap,
+ rsa_sign_wrap,
+ rsa_decrypt_wrap,
+ rsa_encrypt_wrap,
rsa_alloc_wrap,
rsa_free_wrap,
rsa_debug,
@@ -127,11 +171,16 @@
}
#if defined(POLARSSL_ECDSA_C)
-/* Forward declaration */
+/* Forward declarations */
static int ecdsa_verify_wrap( void *ctx, md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
const unsigned char *sig, size_t sig_len );
+static int ecdsa_sign_wrap( void *ctx, md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ unsigned char *sig, size_t *sig_len,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
+
static int eckey_verify_wrap( void *ctx, md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
const unsigned char *sig, size_t sig_len )
@@ -141,13 +190,33 @@
ecdsa_init( &ecdsa );
- ret = ecdsa_from_keypair( &ecdsa, ctx ) ||
- ecdsa_verify_wrap( &ecdsa, md_alg, hash, hash_len, sig, sig_len );
+ if( ( ret = ecdsa_from_keypair( &ecdsa, ctx ) ) == 0 )
+ ret = ecdsa_verify_wrap( &ecdsa, md_alg, hash, hash_len, sig, sig_len );
ecdsa_free( &ecdsa );
return( ret );
}
+
+static int eckey_sign_wrap( void *ctx, md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ unsigned char *sig, size_t *sig_len,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+{
+ int ret;
+ ecdsa_context ecdsa;
+
+ ecdsa_init( &ecdsa );
+
+ if( ( ret = ecdsa_from_keypair( &ecdsa, ctx ) ) == 0 )
+ ret = ecdsa_sign_wrap( &ecdsa, md_alg, hash, hash_len, sig, sig_len,
+ f_rng, p_rng );
+
+ ecdsa_free( &ecdsa );
+
+ return( ret );
+}
+
#endif /* POLARSSL_ECDSA_C */
static void *eckey_alloc_wrap( void )
@@ -180,9 +249,13 @@
eckey_can_do,
#if defined(POLARSSL_ECDSA_C)
eckey_verify_wrap,
+ eckey_sign_wrap,
#else
NULL,
+ NULL,
#endif
+ NULL,
+ NULL,
eckey_alloc_wrap,
eckey_free_wrap,
eckey_debug,
@@ -203,6 +276,9 @@
eckey_get_size, /* Same underlying key structure */
eckeydh_can_do,
NULL,
+ NULL,
+ NULL,
+ NULL,
eckey_alloc_wrap, /* Same underlying key structure */
eckey_free_wrap, /* Same underlying key structure */
eckey_debug, /* Same underlying key structure */
@@ -225,6 +301,17 @@
hash, hash_len, sig, sig_len ) );
}
+static int ecdsa_sign_wrap( void *ctx, md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ unsigned char *sig, size_t *sig_len,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+{
+ ((void) md_alg);
+
+ return( ecdsa_write_signature( (ecdsa_context *) ctx,
+ hash, hash_len, sig, sig_len, f_rng, p_rng ) );
+}
+
static void *ecdsa_alloc_wrap( void )
{
void *ctx = polarssl_malloc( sizeof( ecdsa_context ) );
@@ -247,8 +334,83 @@
eckey_get_size, /* Compatible key structures */
ecdsa_can_do,
ecdsa_verify_wrap,
+ ecdsa_sign_wrap,
+ NULL,
+ NULL,
ecdsa_alloc_wrap,
ecdsa_free_wrap,
eckey_debug, /* Compatible key structures */
};
#endif /* POLARSSL_ECDSA_C */
+
+/*
+ * Support for alternative RSA-private implementations
+ */
+
+static size_t rsa_alt_get_size( const void *ctx )
+{
+ rsa_alt_context *rsa_alt = (rsa_alt_context *) ctx;
+
+ return( rsa_alt->key_len_func( rsa_alt->key ) );
+}
+
+static int rsa_alt_sign_wrap( void *ctx, md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ unsigned char *sig, size_t *sig_len,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+{
+ rsa_alt_context *rsa_alt = (rsa_alt_context *) ctx;
+
+ *sig_len = rsa_alt->key_len_func( rsa_alt->key );
+
+ return( rsa_alt->sign_func( rsa_alt->key, f_rng, p_rng, RSA_PRIVATE,
+ md_alg, hash_len, hash, sig ) );
+}
+
+static int rsa_alt_decrypt_wrap( void *ctx,
+ const unsigned char *input, size_t ilen,
+ unsigned char *output, size_t *olen, size_t osize,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+{
+ rsa_alt_context *rsa_alt = (rsa_alt_context *) ctx;
+
+ ((void) f_rng);
+ ((void) p_rng);
+
+ if( ilen != rsa_alt->key_len_func( rsa_alt->key ) )
+ return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
+
+ return( rsa_alt->decrypt_func( rsa_alt->key,
+ RSA_PRIVATE, olen, input, output, osize ) );
+}
+
+static void *rsa_alt_alloc_wrap( void )
+{
+ void *ctx = polarssl_malloc( sizeof( rsa_alt_context ) );
+
+ if( ctx != NULL )
+ memset( ctx, 0, sizeof( rsa_alt_context ) );
+
+ return ctx;
+}
+
+static void rsa_alt_free_wrap( void *ctx )
+{
+ polarssl_free( ctx );
+}
+
+const pk_info_t rsa_alt_info = {
+ POLARSSL_PK_RSA_ALT,
+ "RSA-alt",
+ rsa_alt_get_size,
+ rsa_can_do,
+ NULL,
+ rsa_alt_sign_wrap,
+ rsa_alt_decrypt_wrap,
+ NULL,
+ rsa_alt_alloc_wrap,
+ rsa_alt_free_wrap,
+ NULL,
+};
+
+#endif /* POLARSSL_PK_C */
diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c
index e714a3c..6089ca8 100644
--- a/library/ssl_ciphersuites.c
+++ b/library/ssl_ciphersuites.c
@@ -40,34 +40,44 @@
static const int ciphersuite_preference[] =
{
/* All AES-256 ephemeral suites */
+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
+ TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
/* All CAMELLIA-256 ephemeral suites */
+ TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
/* All AES-128 ephemeral suites */
+ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
+ TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
+ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
/* All CAMELLIA-128 ephemeral suites */
+ TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
/* All remaining > 128-bit ephemeral suites */
+ TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
+ TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
TLS_ECDHE_RSA_WITH_RC4_128_SHA,
/* The PSK ephemeral suites */
@@ -132,6 +142,7 @@
/* Weak or NULL suites */
TLS_DHE_RSA_WITH_DES_CBC_SHA,
TLS_RSA_WITH_DES_CBC_SHA,
+ TLS_ECDHE_ECDSA_WITH_NULL_SHA,
TLS_ECDHE_RSA_WITH_NULL_SHA,
TLS_RSA_WITH_NULL_SHA256,
TLS_RSA_WITH_NULL_SHA,
@@ -149,12 +160,96 @@
0
};
-#define MAX_CIPHERSUITES 60
+#define MAX_CIPHERSUITES 128
static int supported_ciphersuites[MAX_CIPHERSUITES];
static int supported_init = 0;
static const ssl_ciphersuite_t ciphersuite_definitions[] =
{
+#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
+#if defined(POLARSSL_AES_C)
+ { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA",
+ POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ POLARSSL_CIPHERSUITE_EC },
+ { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA",
+ POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ POLARSSL_CIPHERSUITE_EC },
+#if defined(POLARSSL_SHA256_C)
+ { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256",
+ POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ POLARSSL_CIPHERSUITE_EC },
+#if defined(POLARSSL_GCM_C)
+ { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256",
+ POLARSSL_CIPHER_AES_128_GCM, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ POLARSSL_CIPHERSUITE_EC },
+#endif /* POLARSSL_GCM_C */
+#endif /* POLARSSL_SHA256_C */
+#if defined(POLARSSL_SHA512_C)
+ { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384",
+ POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ POLARSSL_CIPHERSUITE_EC },
+#if defined(POLARSSL_GCM_C)
+ { TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384",
+ POLARSSL_CIPHER_AES_256_GCM, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ POLARSSL_CIPHERSUITE_EC },
+#endif /* POLARSSL_GCM_C */
+#endif /* POLARSSL_SHA512_C */
+#endif /* POLARSSL_AES_C */
+
+#if defined(POLARSSL_CAMELLIA_C)
+#if defined(POLARSSL_SHA256_C)
+ { TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
+ POLARSSL_CIPHER_CAMELLIA_128_CBC, POLARSSL_MD_SHA256, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ POLARSSL_CIPHERSUITE_EC },
+#endif /* POLARSSL_SHA256_C */
+#if defined(POLARSSL_SHA512_C)
+ { TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
+ POLARSSL_CIPHER_CAMELLIA_256_CBC, POLARSSL_MD_SHA384, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ POLARSSL_CIPHERSUITE_EC },
+#endif /* POLARSSL_SHA512_C */
+#endif /* POLARSSL_CAMELLIA_C */
+
+#if defined(POLARSSL_DES_C)
+ { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA",
+ POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ POLARSSL_CIPHERSUITE_EC },
+#endif /* POLARSSL_DES_C */
+
+#if defined(POLARSSL_ARC4_C)
+ { TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, "TLS-ECDHE-ECDSA-WITH-RC4-128-SHA",
+ POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ POLARSSL_CIPHERSUITE_EC },
+#endif /* POLARSSL_ARC4_C */
+
+#if defined(POLARSSL_CIPHER_NULL_CIPHER)
+ { TLS_ECDHE_ECDSA_WITH_NULL_SHA, "TLS-ECDHE-ECDSA-WITH-NULL-SHA",
+ POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
+ SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
+ POLARSSL_CIPHERSUITE_EC | POLARSSL_CIPHERSUITE_WEAK },
+#endif /* POLARSSL_CIPHER_NULL_CIPHER */
+#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
+
#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
#if defined(POLARSSL_AES_C)
{ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
@@ -746,16 +841,18 @@
{
const int *p = ciphersuite_preference;
int *q = supported_ciphersuites;
+ size_t i;
+ size_t max = sizeof(supported_ciphersuites) / sizeof(int);
memset( supported_ciphersuites, 0x00, sizeof(supported_ciphersuites) );
- while( *p != 0 )
+ /* Leave room for a final 0 */
+ for( i = 0; i < max - 1 && p[i] != 0; i++ )
{
- if( ssl_ciphersuite_from_id( *p ) != NULL )
- *(q++) = *p;
-
- p++;
+ if( ssl_ciphersuite_from_id( p[i] ) != NULL )
+ *(q++) = p[i];
}
+
supported_init = 1;
}
@@ -819,4 +916,20 @@
return( cur->id );
}
+pk_type_t ssl_get_ciphersuite_sig_pk_alg( const ssl_ciphersuite_t *info )
+{
+ switch( info->key_exchange )
+ {
+ case POLARSSL_KEY_EXCHANGE_DHE_RSA:
+ case POLARSSL_KEY_EXCHANGE_ECDHE_RSA:
+ return( POLARSSL_PK_RSA );
+
+ case POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA:
+ return( POLARSSL_PK_ECDSA );
+
+ default:
+ return( POLARSSL_PK_NONE );
+ }
+}
+
#endif
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index e37a3c0..18094a3 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -137,7 +137,7 @@
size_t *olen )
{
unsigned char *p = buf;
- unsigned char sig_alg_list[20];
+ unsigned char *sig_alg_list = buf + 6;
size_t sig_alg_len = 0;
*olen = 0;
@@ -150,6 +150,7 @@
/*
* Prepare signature_algorithms extension (TLS 1.2)
*/
+#if defined(POLARSSL_RSA_C)
#if defined(POLARSSL_SHA512_C)
sig_alg_list[sig_alg_len++] = SSL_HASH_SHA512;
sig_alg_list[sig_alg_len++] = SSL_SIG_RSA;
@@ -170,6 +171,29 @@
sig_alg_list[sig_alg_len++] = SSL_HASH_MD5;
sig_alg_list[sig_alg_len++] = SSL_SIG_RSA;
#endif
+#endif /* POLARSSL_RSA_C */
+#if defined(POLARSSL_ECDSA_C)
+#if defined(POLARSSL_SHA512_C)
+ sig_alg_list[sig_alg_len++] = SSL_HASH_SHA512;
+ sig_alg_list[sig_alg_len++] = SSL_SIG_ECDSA;
+ sig_alg_list[sig_alg_len++] = SSL_HASH_SHA384;
+ sig_alg_list[sig_alg_len++] = SSL_SIG_ECDSA;
+#endif
+#if defined(POLARSSL_SHA256_C)
+ sig_alg_list[sig_alg_len++] = SSL_HASH_SHA256;
+ sig_alg_list[sig_alg_len++] = SSL_SIG_ECDSA;
+ sig_alg_list[sig_alg_len++] = SSL_HASH_SHA224;
+ sig_alg_list[sig_alg_len++] = SSL_SIG_ECDSA;
+#endif
+#if defined(POLARSSL_SHA1_C)
+ sig_alg_list[sig_alg_len++] = SSL_HASH_SHA1;
+ sig_alg_list[sig_alg_len++] = SSL_SIG_ECDSA;
+#endif
+#if defined(POLARSSL_MD5_C)
+ sig_alg_list[sig_alg_len++] = SSL_HASH_MD5;
+ sig_alg_list[sig_alg_len++] = SSL_SIG_ECDSA;
+#endif
+#endif /* POLARSSL_ECDSA_C */
/*
* enum {
@@ -197,8 +221,6 @@
*p++ = (unsigned char)( ( sig_alg_len >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( sig_alg_len ) & 0xFF );
- memcpy( p, sig_alg_list, sig_alg_len );
-
*olen = 6 + sig_alg_len;
}
#endif /* POLARSSL_SSL_PROTO_TLS1_2 */
@@ -1055,7 +1077,8 @@
return( 0 );
}
-#if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED)
+#if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
+ defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED)
static int ssl_parse_server_dh_params( ssl_context *ssl, unsigned char **p,
unsigned char *end )
{
@@ -1089,9 +1112,11 @@
return( ret );
}
-#endif /* POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED */
+#endif /* POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED ||
+ POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED */
-#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
+#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
+ defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
static int ssl_parse_server_ecdh_params( ssl_context *ssl,
unsigned char **p,
unsigned char *end )
@@ -1124,7 +1149,8 @@
return( ret );
}
-#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
+#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
+ POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) || \
defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED)
@@ -1162,55 +1188,45 @@
#if defined(POLARSSL_SSL_PROTO_TLS1_2)
#if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
- defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
+ defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
+ defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
static int ssl_parse_signature_algorithm( ssl_context *ssl,
unsigned char **p,
unsigned char *end,
- md_type_t *md_alg )
+ md_type_t *md_alg,
+ pk_type_t *pk_alg )
{
((void) ssl);
*md_alg = POLARSSL_MD_NONE;
+ *pk_alg = POLARSSL_PK_NONE;
+
+ /* Only in TLS 1.2 */
+ if( ssl->minor_ver != SSL_MINOR_VERSION_3 )
+ {
+ return( 0 );
+ }
if( (*p) + 2 > end )
return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
- if( (*p)[1] != SSL_SIG_RSA )
+ /*
+ * Get hash algorithm
+ */
+ if( ( *md_alg = ssl_md_alg_from_hash( (*p)[0] ) ) == POLARSSL_MD_NONE )
{
- SSL_DEBUG_MSG( 2, ( "server used unsupported SignatureAlgorithm %d", (*p)[1] ) );
+ SSL_DEBUG_MSG( 2, ( "Server used unsupported "
+ "HashAlgorithm %d", *(p)[0] ) );
return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
}
- switch( (*p)[0] )
+ /*
+ * Get signature algorithm
+ */
+ if( ( *pk_alg = ssl_pk_alg_from_sig( (*p)[1] ) ) == POLARSSL_PK_NONE )
{
-#if defined(POLARSSL_MD5_C)
- case SSL_HASH_MD5:
- *md_alg = POLARSSL_MD_MD5;
- break;
-#endif
-#if defined(POLARSSL_SHA1_C)
- case SSL_HASH_SHA1:
- *md_alg = POLARSSL_MD_SHA1;
- break;
-#endif
-#if defined(POLARSSL_SHA256_C)
- case SSL_HASH_SHA224:
- *md_alg = POLARSSL_MD_SHA224;
- break;
- case SSL_HASH_SHA256:
- *md_alg = POLARSSL_MD_SHA256;
- break;
-#endif
-#if defined(POLARSSL_SHA512_C)
- case SSL_HASH_SHA384:
- *md_alg = POLARSSL_MD_SHA384;
- break;
- case SSL_HASH_SHA512:
- *md_alg = POLARSSL_MD_SHA512;
- break;
-#endif
- default:
- SSL_DEBUG_MSG( 2, ( "Server used unsupported HashAlgorithm %d", *(p)[0] ) );
- return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
+ SSL_DEBUG_MSG( 2, ( "server used unsupported "
+ "SignatureAlgorithm %d", (*p)[1] ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
}
SSL_DEBUG_MSG( 2, ( "Server used SignatureAlgorithm %d", (*p)[1] ) );
@@ -1220,7 +1236,8 @@
return( 0 );
}
#endif /* POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED ||
- POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
+ POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
+ POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
#endif /* POLARSSL_SSL_PROTO_TLS1_2 */
static int ssl_parse_server_key_exchange( ssl_context *ssl )
@@ -1229,17 +1246,20 @@
const ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
unsigned char *p, *end;
#if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
- defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
- size_t n;
+ defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
+ defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
+ size_t sig_len, params_len;
unsigned char hash[64];
md_type_t md_alg = POLARSSL_MD_NONE;
- unsigned int hashlen = 0;
+ size_t hashlen;
+ pk_type_t pk_alg = POLARSSL_PK_NONE;
#endif
SSL_DEBUG_MSG( 2, ( "=> parse server key exchange" ) );
if( ciphersuite_info->key_exchange != POLARSSL_KEY_EXCHANGE_DHE_RSA &&
ciphersuite_info->key_exchange != POLARSSL_KEY_EXCHANGE_ECDHE_RSA &&
+ ciphersuite_info->key_exchange != POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA &&
ciphersuite_info->key_exchange != POLARSSL_KEY_EXCHANGE_PSK &&
ciphersuite_info->key_exchange != POLARSSL_KEY_EXCHANGE_DHE_PSK )
{
@@ -1288,8 +1308,10 @@
}
else
#endif /* POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED */
-#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
- if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_RSA )
+#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
+ defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
+ if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_RSA ||
+ ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA )
{
if( ssl_parse_server_ecdh_params( ssl, &p, end ) != 0 )
{
@@ -1298,7 +1320,8 @@
}
}
else
-#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
+#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
+ POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK )
{
@@ -1331,54 +1354,69 @@
}
#if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
- defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
+ defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
+ defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_RSA ||
- ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_RSA )
+ ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_RSA ||
+ ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA )
{
+ params_len = p - ( ssl->in_msg + 4 );
+
#if defined(POLARSSL_SSL_PROTO_TLS1_2)
/*
* Handle the digitally-signed structure
*/
- if( ssl->minor_ver == SSL_MINOR_VERSION_3 )
+ if( ssl_parse_signature_algorithm( ssl, &p, end,
+ &md_alg, &pk_alg ) != 0 )
{
- if( ssl_parse_signature_algorithm( ssl, &p, end, &md_alg ) != 0 )
+ SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
+ }
+
+ if( pk_alg != POLARSSL_PK_NONE )
+ {
+ if( pk_alg != ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info ) )
{
SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
}
}
-#endif /* POLARSSL_SSL_PROTO_TLS1_2 */
+ else
+#endif
+ {
+ pk_alg = ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info );
+ }
- n = ( p[0] << 8 ) | p[1];
+ /* Default hash for ECDSA is SHA-1 */
+ if( pk_alg == POLARSSL_PK_ECDSA && md_alg == POLARSSL_MD_NONE )
+ md_alg = POLARSSL_MD_SHA1;
+
+ /*
+ * Read signature
+ */
+ sig_len = ( p[0] << 8 ) | p[1];
p += 2;
- if( end != p + n )
+ if( end != p + sig_len )
{
SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
}
- if( ! pk_can_do( &ssl->session_negotiate->peer_cert->pk,
- POLARSSL_PK_RSA ) )
- {
- SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
- return( POLARSSL_ERR_SSL_PK_TYPE_MISMATCH );
- }
+ SSL_DEBUG_BUF( 3, "signature", p, sig_len );
- if( 8 * (unsigned int)( end - p ) !=
- pk_get_size( &ssl->session_negotiate->peer_cert->pk ) )
- {
- SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
- return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
- }
-
+ /*
+ * Compute the hash that has been signed
+ */
#if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1) || \
defined(POLARSSL_SSL_PROTO_TLS1_1)
- if( ssl->minor_ver != SSL_MINOR_VERSION_3 )
+ if( md_alg == POLARSSL_MD_NONE )
{
md5_context md5;
sha1_context sha1;
+ hashlen = 36;
+
/*
* digitally-signed struct {
* opaque md5_hash[16];
@@ -1392,30 +1430,25 @@
* SHA(ClientHello.random + ServerHello.random
* + ServerParams);
*/
- n = ssl->in_hslen - ( end - p ) - 6;
-
md5_starts( &md5 );
md5_update( &md5, ssl->handshake->randbytes, 64 );
- md5_update( &md5, ssl->in_msg + 4, n );
+ md5_update( &md5, ssl->in_msg + 4, params_len );
md5_finish( &md5, hash );
sha1_starts( &sha1 );
sha1_update( &sha1, ssl->handshake->randbytes, 64 );
- sha1_update( &sha1, ssl->in_msg + 4, n );
+ sha1_update( &sha1, ssl->in_msg + 4, params_len );
sha1_finish( &sha1, hash + 16 );
-
- md_alg = POLARSSL_MD_NONE;
- hashlen = 36;
}
else
#endif /* POLARSSL_SSL_PROTO_SSL3 || POLARSSL_SSL_PROTO_TLS1 || \
POLARSSL_SSL_PROTO_TLS1_1 */
-#if defined(POLARSSL_SSL_PROTO_TLS1_2)
- if( ssl->minor_ver == SSL_MINOR_VERSION_3 )
+ if( md_alg != POLARSSL_MD_NONE )
{
md_context_t ctx;
- n = ssl->in_hslen - ( end - p ) - 8;
+ /* Info from md_alg will be used instead */
+ hashlen = 0;
/*
* digitally-signed struct {
@@ -1432,27 +1465,38 @@
md_starts( &ctx );
md_update( &ctx, ssl->handshake->randbytes, 64 );
- md_update( &ctx, ssl->in_msg + 4, n );
+ md_update( &ctx, ssl->in_msg + 4, params_len );
md_finish( &ctx, hash );
md_free_ctx( &ctx );
}
else
-#endif /* POLARSSL_SSL_PROTO_TLS1_2 */
- /* Should never happen */
- return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
-
- SSL_DEBUG_BUF( 3, "parameters hash", hash, hashlen );
-
- if( ( ret = rsa_pkcs1_verify(
- pk_rsa( ssl->session_negotiate->peer_cert->pk ),
- RSA_PUBLIC, md_alg, hashlen, hash, p ) ) != 0 )
{
- SSL_DEBUG_RET( 1, "rsa_pkcs1_verify", ret );
+ SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
+ }
+
+ SSL_DEBUG_BUF( 3, "parameters hash", hash, hashlen != 0 ? hashlen :
+ (unsigned int) ( md_info_from_type( md_alg ) )->size );
+
+ /*
+ * Verify signature
+ */
+ if( ! pk_can_do( &ssl->session_negotiate->peer_cert->pk, pk_alg ) )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
+ return( POLARSSL_ERR_SSL_PK_TYPE_MISMATCH );
+ }
+
+ if( ( ret = pk_verify( &ssl->session_negotiate->peer_cert->pk,
+ md_alg, hash, hashlen, p, sig_len ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "pk_verify", ret );
return( ret );
}
}
#endif /* POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED ||
- POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
+ POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
+ POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
exit:
ssl->state++;
@@ -1666,8 +1710,10 @@
}
else
#endif /* POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED */
-#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
- if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_RSA )
+#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
+ defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
+ if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_RSA ||
+ ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA )
{
/*
* ECDH key exchange -- send client public value
@@ -1698,7 +1744,8 @@
SSL_DEBUG_MPI( 3, "ECDH: z", &ssl->handshake->ecdh_ctx.z );
}
else
-#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
+#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
+ POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK )
{
@@ -1829,29 +1876,27 @@
return( POLARSSL_ERR_SSL_PK_TYPE_MISMATCH );
}
- i = 4;
- n = pk_get_size( &ssl->session_negotiate->peer_cert->pk ) / 8;
+ i = ssl->minor_ver == SSL_MINOR_VERSION_0 ? 4 : 6;
-#if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1) || \
- defined(POLARSSL_SSL_PROTO_TLS1_2)
- if( ssl->minor_ver != SSL_MINOR_VERSION_0 )
- {
- i += 2;
- ssl->out_msg[4] = (unsigned char)( n >> 8 );
- ssl->out_msg[5] = (unsigned char)( n );
- }
-#endif
-
- ret = rsa_pkcs1_encrypt(
- pk_rsa( ssl->session_negotiate->peer_cert->pk ),
- ssl->f_rng, ssl->p_rng, RSA_PUBLIC,
- ssl->handshake->pmslen, ssl->handshake->premaster,
- ssl->out_msg + i );
+ ret = pk_encrypt( &ssl->session_negotiate->peer_cert->pk,
+ ssl->handshake->premaster, ssl->handshake->pmslen,
+ ssl->out_msg + i, &n, SSL_BUFFER_LEN,
+ ssl->f_rng, ssl->p_rng );
if( ret != 0 )
{
SSL_DEBUG_RET( 1, "rsa_pkcs1_encrypt", ret );
return( ret );
}
+
+#if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1) || \
+ defined(POLARSSL_SSL_PROTO_TLS1_2)
+ if( ssl->minor_ver != SSL_MINOR_VERSION_0 )
+ {
+ ssl->out_msg[4] = (unsigned char)( n >> 8 );
+ ssl->out_msg[5] = (unsigned char)( n );
+ }
+#endif
+
}
else
#endif /* POLARSSL_KEY_EXCHANGE_RSA_ENABLED */
@@ -1910,8 +1955,9 @@
const ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
size_t n = 0, offset = 0;
unsigned char hash[48];
+ unsigned char *hash_start = hash;
md_type_t md_alg = POLARSSL_MD_NONE;
- unsigned int hashlen = 0;
+ unsigned int hashlen;
SSL_DEBUG_MSG( 2, ( "=> write certificate verify" ) );
@@ -1930,7 +1976,7 @@
return( 0 );
}
- if( ssl->rsa_key == NULL )
+ if( ssl->pk_key == NULL )
{
SSL_DEBUG_MSG( 1, ( "got no private key" ) );
return( POLARSSL_ERR_SSL_PRIVATE_KEY_REQUIRED );
@@ -1959,6 +2005,16 @@
*/
hashlen = 36;
md_alg = POLARSSL_MD_NONE;
+
+ /*
+ * For ECDSA, default hash is SHA-1 only
+ */
+ if( pk_can_do( ssl->pk_key, POLARSSL_PK_ECDSA ) )
+ {
+ hash_start += 16;
+ hashlen -= 16;
+ md_alg = POLARSSL_MD_SHA1;
+ }
}
else
#endif /* POLARSSL_SSL_PROTO_SSL3 || POLARSSL_SSL_PROTO_TLS1 || \
@@ -1986,41 +2042,36 @@
{
md_alg = POLARSSL_MD_SHA384;
ssl->out_msg[4] = SSL_HASH_SHA384;
- ssl->out_msg[5] = SSL_SIG_RSA;
}
else
{
md_alg = POLARSSL_MD_SHA256;
ssl->out_msg[4] = SSL_HASH_SHA256;
- ssl->out_msg[5] = SSL_SIG_RSA;
}
+ ssl->out_msg[5] = ssl_sig_from_pk( ssl->pk_key );
+ /* Info from md_alg will be used instead */
+ hashlen = 0;
offset = 2;
}
else
#endif /* POLARSSL_SSL_PROTO_TLS1_2 */
- /* Should never happen */
+ {
+ SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
+ }
- if ( ssl->rsa_key )
- n = ssl->rsa_key_len ( ssl->rsa_key );
+ if( ( ret = pk_sign( ssl->pk_key, md_alg, hash_start, hashlen,
+ ssl->out_msg + 6 + offset, &n,
+ ssl->f_rng, ssl->p_rng ) ) != 0 )
+ {
+ SSL_DEBUG_RET( 1, "pk_sign", ret );
+ return( ret );
+ }
ssl->out_msg[4 + offset] = (unsigned char)( n >> 8 );
ssl->out_msg[5 + offset] = (unsigned char)( n );
- if( ssl->rsa_key )
- {
- ret = ssl->rsa_sign( ssl->rsa_key, ssl->f_rng, ssl->p_rng,
- RSA_PRIVATE, md_alg,
- hashlen, hash, ssl->out_msg + 6 + offset );
- }
-
- if (ret != 0)
- {
- SSL_DEBUG_RET( 1, "pkcs1_sign", ret );
- return( ret );
- }
-
ssl->out_msglen = 6 + n + offset;
ssl->out_msgtype = SSL_MSG_HANDSHAKE;
ssl->out_msg[0] = SSL_HS_CERTIFICATE_VERIFY;
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 08b3bf9..dc684ad 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -445,12 +445,10 @@
p = buf + 2;
while( sig_alg_list_size > 0 )
{
- if( p[1] != SSL_SIG_RSA )
- {
- sig_alg_list_size -= 2;
- p += 2;
- continue;
- }
+ /*
+ * For now, just ignore signature algorithm and rely on offered
+ * ciphersuites only. To be fixed later.
+ */
#if defined(POLARSSL_SHA512_C)
if( p[0] == SSL_HASH_SHA512 )
{
@@ -916,6 +914,7 @@
int handshake_failure = 0;
const int *ciphersuites;
const ssl_ciphersuite_t *ciphersuite_info;
+ pk_type_t pk_alg;
SSL_DEBUG_MSG( 2, ( "=> parse client hello" ) );
@@ -1311,7 +1310,7 @@
if( ciphersuite_info == NULL )
{
- SSL_DEBUG_MSG( 1, ( "ciphersuite info for %02x not found",
+ SSL_DEBUG_MSG( 1, ( "ciphersuite info for %04x not found",
ciphersuites[i] ) );
return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
}
@@ -1326,6 +1325,14 @@
continue;
#endif
+ /* If ciphersuite requires us to have a private key of a
+ * certain type, make sure we do */
+ pk_alg = ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info );
+ if( pk_alg != POLARSSL_PK_NONE &&
+ ( ssl->pk_key == NULL ||
+ ! pk_can_do( ssl->pk_key, pk_alg ) ) )
+ continue;
+
goto have_ciphersuite;
}
}
@@ -1611,9 +1618,9 @@
*p++ = (unsigned char)( ssl->session_negotiate->ciphersuite );
*p++ = (unsigned char)( ssl->session_negotiate->compression );
- SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %d",
+ SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: 0x%04X",
ssl->session_negotiate->ciphersuite ) );
- SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: %d",
+ SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: 0x%02X",
ssl->session_negotiate->compression ) );
/*
@@ -1684,7 +1691,8 @@
{
int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
const ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
- size_t n = 0, dn_size, total_dn_size;
+ size_t dn_size, total_dn_size; /* excluding length bytes */
+ size_t ct_len, sa_len; /* including length bytes */
unsigned char *buf, *p;
const x509_cert *crt;
@@ -1716,39 +1724,75 @@
p = buf + 4;
/*
- * At the moment, only RSA certificates are supported
+ * Supported certificate types
+ *
+ * ClientCertificateType certificate_types<1..2^8-1>;
+ * enum { (255) } ClientCertificateType;
*/
- *p++ = 1;
- *p++ = SSL_CERT_TYPE_RSA_SIGN;
+ ct_len = 0;
+#if defined(POLARSSL_RSA_C)
+ p[1 + ct_len++] = SSL_CERT_TYPE_RSA_SIGN;
+#endif
+#if defined(POLARSSL_ECDSA_C)
+ p[1 + ct_len++] = SSL_CERT_TYPE_ECDSA_SIGN;
+#endif
+
+ p[0] = ct_len++;
+ p += ct_len;
+
+ sa_len = 0;
#if defined(POLARSSL_SSL_PROTO_TLS1_2)
/*
* Add signature_algorithms for verify (TLS 1.2)
- * Only add current running algorithm that is already required for
- * requested ciphersuite.
*
- * Length is always 2
+ * SignatureAndHashAlgorithm supported_signature_algorithms<2..2^16-2>;
+ *
+ * struct {
+ * HashAlgorithm hash;
+ * SignatureAlgorithm signature;
+ * } SignatureAndHashAlgorithm;
+ *
+ * enum { (255) } HashAlgorithm;
+ * enum { (255) } SignatureAlgorithm;
*/
if( ssl->minor_ver == SSL_MINOR_VERSION_3 )
{
+ /*
+ * Only use current running hash algorithm that is already required
+ * for requested ciphersuite.
+ */
ssl->handshake->verify_sig_alg = SSL_HASH_SHA256;
- *p++ = 0;
- *p++ = 2;
-
if( ssl->transform_negotiate->ciphersuite_info->mac ==
POLARSSL_MD_SHA384 )
{
ssl->handshake->verify_sig_alg = SSL_HASH_SHA384;
}
- *p++ = ssl->handshake->verify_sig_alg;
- *p++ = SSL_SIG_RSA;
+ /*
+ * Supported signature algorithms
+ */
+#if defined(POLARSSL_RSA_C)
+ p[2 + sa_len++] = ssl->handshake->verify_sig_alg;
+ p[2 + sa_len++] = SSL_SIG_RSA;
+#endif
+#if defined(POLARSSL_ECDSA_C)
+ p[2 + sa_len++] = ssl->handshake->verify_sig_alg;
+ p[2 + sa_len++] = SSL_SIG_ECDSA;
+#endif
- n += 4;
+ p[0] = (unsigned char)( sa_len >> 8 );
+ p[1] = (unsigned char)( sa_len );
+ sa_len += 2;
+ p += sa_len;
}
#endif /* POLARSSL_SSL_PROTO_TLS1_2 */
+ /*
+ * DistinguishedName certificate_authorities<0..2^16-1>;
+ * opaque DistinguishedName<1..2^16-1>;
+ */
p += 2;
crt = ssl->ca_chain;
@@ -1773,8 +1817,8 @@
ssl->out_msglen = p - buf;
ssl->out_msgtype = SSL_MSG_HANDSHAKE;
ssl->out_msg[0] = SSL_HS_CERTIFICATE_REQUEST;
- ssl->out_msg[6 + n] = (unsigned char)( total_dn_size >> 8 );
- ssl->out_msg[7 + n] = (unsigned char)( total_dn_size );
+ ssl->out_msg[4 + ct_len + sa_len] = (unsigned char)( total_dn_size >> 8 );
+ ssl->out_msg[5 + ct_len + sa_len] = (unsigned char)( total_dn_size );
ret = ssl_write_record( ssl );
@@ -1794,8 +1838,8 @@
md_type_t md_alg = POLARSSL_MD_NONE;
unsigned int hashlen = 0;
unsigned char *p = ssl->out_msg + 4;
- unsigned char *dig_sig = p;
- size_t dig_sig_len = 0;
+ unsigned char *dig_signed = p;
+ size_t dig_signed_len = 0;
const ssl_ciphersuite_t *ciphersuite_info;
ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
@@ -1804,6 +1848,7 @@
if( ciphersuite_info->key_exchange != POLARSSL_KEY_EXCHANGE_DHE_RSA &&
ciphersuite_info->key_exchange != POLARSSL_KEY_EXCHANGE_ECDHE_RSA &&
+ ciphersuite_info->key_exchange != POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA &&
ciphersuite_info->key_exchange != POLARSSL_KEY_EXCHANGE_DHE_PSK )
{
SSL_DEBUG_MSG( 2, ( "<= skip write server key exchange" ) );
@@ -1811,14 +1856,6 @@
return( 0 );
}
-#if defined(POLARSSL_RSA_C)
- if( ssl->rsa_key == NULL )
- {
- SSL_DEBUG_MSG( 1, ( "got no private key" ) );
- return( POLARSSL_ERR_SSL_PRIVATE_KEY_REQUIRED );
- }
-#endif /* POLARSSL_RSA_C */
-
#if defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED)
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_PSK )
{
@@ -1860,8 +1897,8 @@
return( ret );
}
- dig_sig = p;
- dig_sig_len = len;
+ dig_signed = p;
+ dig_signed_len = len;
p += len;
n += len;
@@ -1874,8 +1911,10 @@
#endif /* POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED ||
POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED */
-#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
- if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_RSA )
+#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
+ defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
+ if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_RSA ||
+ ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA )
{
/*
* Ephemeral ECDH parameters:
@@ -1901,26 +1940,61 @@
return( ret );
}
- dig_sig = p;
- dig_sig_len = len;
+ dig_signed = p;
+ dig_signed_len = len;
p += len;
n += len;
SSL_DEBUG_ECP( 3, "ECDH: Q ", &ssl->handshake->ecdh_ctx.Q );
}
-#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
+#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
+ POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
#if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
- defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
+ defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
+ defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_DHE_RSA ||
- ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_RSA )
+ ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_RSA ||
+ ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA )
{
- size_t rsa_key_len = 0;
+ size_t signature_len = 0;
+ /*
+ * Choose hash algorithm. NONE means MD5 + SHA1 here.
+ */
+#if defined(POLARSSL_SSL_PROTO_TLS1_2)
+ if( ssl->minor_ver == SSL_MINOR_VERSION_3 )
+ {
+ md_alg = ssl_md_alg_from_hash( ssl->handshake->sig_alg );
+
+ if( md_alg == POLARSSL_MD_NONE )
+ {
+ SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
+ }
+ }
+ else
+#endif
#if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1) || \
defined(POLARSSL_SSL_PROTO_TLS1_1)
- if( ssl->minor_ver != SSL_MINOR_VERSION_3 )
+ if ( ciphersuite_info->key_exchange ==
+ POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA )
+ {
+ md_alg = POLARSSL_MD_SHA1;
+ }
+ else
+#endif
+ {
+ md_alg = POLARSSL_MD_NONE;
+ }
+
+ /*
+ * Compute the hash to be signed
+ */
+#if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1) || \
+ defined(POLARSSL_SSL_PROTO_TLS1_1)
+ if( md_alg == POLARSSL_MD_NONE )
{
md5_context md5;
sha1_context sha1;
@@ -1940,25 +2014,26 @@
*/
md5_starts( &md5 );
md5_update( &md5, ssl->handshake->randbytes, 64 );
- md5_update( &md5, dig_sig, dig_sig_len );
+ md5_update( &md5, dig_signed, dig_signed_len );
md5_finish( &md5, hash );
sha1_starts( &sha1 );
sha1_update( &sha1, ssl->handshake->randbytes, 64 );
- sha1_update( &sha1, dig_sig, dig_sig_len );
+ sha1_update( &sha1, dig_signed, dig_signed_len );
sha1_finish( &sha1, hash + 16 );
hashlen = 36;
- md_alg = POLARSSL_MD_NONE;
}
else
#endif /* POLARSSL_SSL_PROTO_SSL3 || POLARSSL_SSL_PROTO_TLS1 || \
POLARSSL_SSL_PROTO_TLS1_1 */
-#if defined(POLARSSL_SSL_PROTO_TLS1_2)
- if( ssl->minor_ver == SSL_MINOR_VERSION_3 )
+ if( md_alg != POLARSSL_MD_NONE )
{
md_context_t ctx;
+ /* Info from md_alg will be used instead */
+ hashlen = 0;
+
/*
* digitally-signed struct {
* opaque client_random[32];
@@ -1966,40 +2041,7 @@
* ServerDHParams params;
* };
*/
- switch( ssl->handshake->sig_alg )
- {
-#if defined(POLARSSL_MD5_C)
- case SSL_HASH_MD5:
- md_alg = POLARSSL_MD_MD5;
- break;
-#endif
-#if defined(POLARSSL_SHA1_C)
- case SSL_HASH_SHA1:
- md_alg = POLARSSL_MD_SHA1;
- break;
-#endif
-#if defined(POLARSSL_SHA256_C)
- case SSL_HASH_SHA224:
- md_alg = POLARSSL_MD_SHA224;
- break;
- case SSL_HASH_SHA256:
- md_alg = POLARSSL_MD_SHA256;
- break;
-#endif
-#if defined(POLARSSL_SHA512_C)
- case SSL_HASH_SHA384:
- md_alg = POLARSSL_MD_SHA384;
- break;
- case SSL_HASH_SHA512:
- md_alg = POLARSSL_MD_SHA512;
- break;
-#endif
- default:
- /* Should never happen */
- return( -1 );
- }
-
- if( ( ret = md_init_ctx( &ctx, md_info_from_type( md_alg ) ) ) != 0 )
+ if( ( ret = md_init_ctx( &ctx, md_info_from_type(md_alg) ) ) != 0 )
{
SSL_DEBUG_RET( 1, "md_init_ctx", ret );
return( ret );
@@ -2007,7 +2049,7 @@
md_starts( &ctx );
md_update( &ctx, ssl->handshake->randbytes, 64 );
- md_update( &ctx, dig_sig, dig_sig_len );
+ md_update( &ctx, dig_signed, dig_signed_len );
md_finish( &ctx, hash );
if( ( ret = md_free_ctx( &ctx ) ) != 0 )
@@ -2018,48 +2060,53 @@
}
else
-#endif /* POLARSSL_SSL_PROTO_TLS1_2 */
- /* Should never happen */
+ {
+ SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
+ }
- SSL_DEBUG_BUF( 3, "parameters hash", hash, hashlen );
+ SSL_DEBUG_BUF( 3, "parameters hash", hash, hashlen != 0 ? hashlen :
+ (unsigned int) ( md_info_from_type( md_alg ) )->size );
- if ( ssl->rsa_key )
- rsa_key_len = ssl->rsa_key_len( ssl->rsa_key );
+ /*
+ * Make the signature
+ */
+ if( ssl->pk_key == NULL )
+ {
+ SSL_DEBUG_MSG( 1, ( "got no private key" ) );
+ return( POLARSSL_ERR_SSL_PRIVATE_KEY_REQUIRED );
+ }
#if defined(POLARSSL_SSL_PROTO_TLS1_2)
if( ssl->minor_ver == SSL_MINOR_VERSION_3 )
{
*(p++) = ssl->handshake->sig_alg;
- *(p++) = SSL_SIG_RSA;
+ *(p++) = ssl_sig_from_pk( ssl->pk_key );
n += 2;
}
#endif /* POLARSSL_SSL_PROTO_TLS1_2 */
- *(p++) = (unsigned char)( rsa_key_len >> 8 );
- *(p++) = (unsigned char)( rsa_key_len );
- n += 2;
-
- if ( ssl->rsa_key )
+ if( ( ret = pk_sign( ssl->pk_key, md_alg, hash, hashlen,
+ p + 2 , &signature_len,
+ ssl->f_rng, ssl->p_rng ) ) != 0 )
{
- ret = ssl->rsa_sign( ssl->rsa_key, ssl->f_rng, ssl->p_rng,
- RSA_PRIVATE, md_alg, hashlen, hash, p );
- }
-
- if( ret != 0 )
- {
- SSL_DEBUG_RET( 1, "pkcs1_sign", ret );
+ SSL_DEBUG_RET( 1, "pk_sign", ret );
return( ret );
}
- SSL_DEBUG_BUF( 3, "my RSA sig", p, rsa_key_len );
+ *(p++) = (unsigned char)( signature_len >> 8 );
+ *(p++) = (unsigned char)( signature_len );
+ n += 2;
- p += rsa_key_len;
- n += rsa_key_len;
+ SSL_DEBUG_BUF( 3, "my signature", p, signature_len );
+
+ p += signature_len;
+ n += signature_len;
}
#endif /* POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) ||
- POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
+ POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
+ POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
ssl->out_msglen = 4 + n;
ssl->out_msgtype = SSL_MSG_HANDSHAKE;
@@ -2141,7 +2188,8 @@
#endif /* POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED ||
POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED */
-#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
+#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
+ defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
static int ssl_parse_client_ecdh_public( ssl_context *ssl )
{
int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
@@ -2170,7 +2218,8 @@
return( ret );
}
-#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
+#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
+ POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
#if defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED)
static int ssl_parse_encrypted_pms_secret( ssl_context *ssl )
@@ -2178,9 +2227,9 @@
int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
size_t i, n = 0;
- if( ssl->rsa_key == NULL )
+ if( ! pk_can_do( ssl->pk_key, POLARSSL_PK_RSA ) )
{
- SSL_DEBUG_MSG( 1, ( "got no private key" ) );
+ SSL_DEBUG_MSG( 1, ( "got no RSA private key" ) );
return( POLARSSL_ERR_SSL_PRIVATE_KEY_REQUIRED );
}
@@ -2188,8 +2237,7 @@
* Decrypt the premaster using own private RSA key
*/
i = 4;
- if( ssl->rsa_key )
- n = ssl->rsa_key_len( ssl->rsa_key );
+ n = pk_get_len( ssl->pk_key );
ssl->handshake->pmslen = 48;
#if defined(POLARSSL_SSL_PROTO_TLS1) || defined(POLARSSL_SSL_PROTO_TLS1_1) || \
@@ -2212,13 +2260,11 @@
return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
}
- if( ssl->rsa_key ) {
- ret = ssl->rsa_decrypt( ssl->rsa_key, RSA_PRIVATE,
- &ssl->handshake->pmslen,
- ssl->in_msg + i,
- ssl->handshake->premaster,
- sizeof(ssl->handshake->premaster) );
- }
+ ret = pk_decrypt( ssl->pk_key,
+ ssl->in_msg + i, n,
+ ssl->handshake->premaster, &ssl->handshake->pmslen,
+ sizeof(ssl->handshake->premaster),
+ ssl->f_rng, ssl->p_rng );
if( ret != 0 || ssl->handshake->pmslen != 48 ||
ssl->handshake->premaster[0] != ssl->handshake->max_major_ver ||
@@ -2346,8 +2392,10 @@
}
else
#endif /* POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED */
-#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
- if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_RSA )
+#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
+ defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
+ if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_RSA ||
+ ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA )
{
if( ( ret = ssl_parse_client_ecdh_public( ssl ) ) != 0 )
{
@@ -2367,7 +2415,8 @@
SSL_DEBUG_MPI( 3, "ECDH: z ", &ssl->handshake->ecdh_ctx.z );
}
else
-#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
+#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
+ POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
if( ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_PSK )
{
@@ -2415,6 +2464,8 @@
*(p++) = (unsigned char)( ssl->handshake->dhm_ctx.len >> 8 );
*(p++) = (unsigned char)( ssl->handshake->dhm_ctx.len );
+ n = ssl->handshake->dhm_ctx.len;
+
if( ( ret = dhm_calc_secret( &ssl->handshake->dhm_ctx,
p, &n ) ) != 0 )
{
@@ -2453,6 +2504,7 @@
else
#endif /* POLARSSL_KEY_EXCHANGE_RSA_ENABLED */
{
+ SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
}
@@ -2493,10 +2545,14 @@
static int ssl_parse_certificate_verify( ssl_context *ssl )
{
int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
- size_t n = 0, n1, n2;
+ size_t sa_len, sig_len;
unsigned char hash[48];
- md_type_t md_alg = POLARSSL_MD_NONE;
- unsigned int hashlen = 0;
+ unsigned char *hash_start = hash;
+ size_t hashlen;
+#if defined(POLARSSL_SSL_PROTO_TLS1_2)
+ pk_type_t pk_alg;
+#endif
+ md_type_t md_alg;
const ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
SSL_DEBUG_MSG( 2, ( "=> parse certificate verify" ) );
@@ -2538,63 +2594,94 @@
return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY );
}
-#if defined(POLARSSL_SSL_PROTO_TLS1_2)
- if( ssl->minor_ver == SSL_MINOR_VERSION_3 )
- {
- /*
- * As server we know we either have SSL_HASH_SHA384 or
- * SSL_HASH_SHA256
- */
- if( ssl->in_msg[4] != ssl->handshake->verify_sig_alg ||
- ssl->in_msg[5] != SSL_SIG_RSA )
- {
- SSL_DEBUG_MSG( 1, ( "peer not adhering to requested sig_alg for verify message" ) );
- return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY );
- }
+ /*
+ * 0 . 0 handshake type
+ * 1 . 3 handshake length
+ * 4 . 5 sig alg (TLS 1.2 only)
+ * 4+n . 5+n signature length (n = sa_len)
+ * 6+n . 6+n+m signature (m = sig_len)
+ */
- if( ssl->handshake->verify_sig_alg == SSL_HASH_SHA384 )
- md_alg = POLARSSL_MD_SHA384;
- else
- md_alg = POLARSSL_MD_SHA256;
-
- n += 2;
- }
- else
-#endif /* POLARSSL_SSL_PROTO_TLS1_2 */
#if defined(POLARSSL_SSL_PROTO_SSL3) || defined(POLARSSL_SSL_PROTO_TLS1) || \
defined(POLARSSL_SSL_PROTO_TLS1_1)
if( ssl->minor_ver != SSL_MINOR_VERSION_3 )
{
- hashlen = 36;
+ sa_len = 0;
+
md_alg = POLARSSL_MD_NONE;
+ hashlen = 36;
+
+ /* For ECDSA, use SHA-1, not MD-5 + SHA-1 */
+ if( pk_can_do( &ssl->session_negotiate->peer_cert->pk,
+ POLARSSL_PK_ECDSA ) )
+ {
+ hash_start += 16;
+ hashlen -= 16;
+ md_alg = POLARSSL_MD_SHA1;
+ }
}
else
#endif
- /* Should never happen */
- return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
-
- /* EC NOT IMPLEMENTED YET */
- if( ! pk_can_do( &ssl->session_negotiate->peer_cert->pk,
- POLARSSL_PK_RSA ) )
+#if defined(POLARSSL_SSL_PROTO_TLS1_2)
+ if( ssl->minor_ver == SSL_MINOR_VERSION_3 )
{
+ sa_len = 2;
+
+ /*
+ * Hash
+ */
+ if( ssl->in_msg[4] != ssl->handshake->verify_sig_alg )
+ {
+ SSL_DEBUG_MSG( 1, ( "peer not adhering to requested sig_alg"
+ " for verify message" ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY );
+ }
+
+ md_alg = ssl_md_alg_from_hash( ssl->handshake->verify_sig_alg );
+
+ /* Info from md_alg will be used instead */
+ hashlen = 0;
+
+ /*
+ * Signature
+ */
+ if( ( pk_alg = ssl_pk_alg_from_sig( ssl->in_msg[5] ) )
+ == POLARSSL_PK_NONE )
+ {
+ SSL_DEBUG_MSG( 1, ( "peer not adhering to requested sig_alg"
+ " for verify message" ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY );
+ }
+
+ /*
+ * Check the certificate's key type matches the signature alg
+ */
+ if( ! pk_can_do( &ssl->session_negotiate->peer_cert->pk, pk_alg ) )
+ {
+ SSL_DEBUG_MSG( 1, ( "sig_alg doesn't match cert key" ) );
+ return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY );
+ }
+ }
+ else
+#endif /* POLARSSL_SSL_PROTO_TLS1_2 */
+ {
+ SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
}
- n1 = pk_get_size( &ssl->session_negotiate->peer_cert->pk ) / 8;
- n2 = ( ssl->in_msg[4 + n] << 8 ) | ssl->in_msg[5 + n];
+ sig_len = ( ssl->in_msg[4 + sa_len] << 8 ) | ssl->in_msg[5 + sa_len];
- if( n + n1 + 6 != ssl->in_hslen || n1 != n2 )
+ if( sa_len + sig_len + 6 != ssl->in_hslen )
{
SSL_DEBUG_MSG( 1, ( "bad certificate verify message" ) );
return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY );
}
- ret = rsa_pkcs1_verify( pk_rsa( ssl->session_negotiate->peer_cert->pk ),
- RSA_PUBLIC, md_alg, hashlen, hash,
- ssl->in_msg + 6 + n );
- if( ret != 0 )
+ if( ( ret = pk_verify( &ssl->session_negotiate->peer_cert->pk,
+ md_alg, hash_start, hashlen,
+ ssl->in_msg + 6 + sa_len, sig_len ) ) != 0 )
{
- SSL_DEBUG_RET( 1, "rsa_pkcs1_verify", ret );
+ SSL_DEBUG_RET( 1, "pk_verify", ret );
return( ret );
}
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 44309f6..292c96c 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -131,30 +131,6 @@
int (*ssl_hw_record_finish)(ssl_context *ssl) = NULL;
#endif
-#if defined(POLARSSL_RSA_C)
-static int ssl_rsa_decrypt( void *ctx, int mode, size_t *olen,
- const unsigned char *input, unsigned char *output,
- size_t output_max_len )
-{
- return rsa_pkcs1_decrypt( (rsa_context *) ctx, mode, olen, input, output,
- output_max_len );
-}
-
-static int ssl_rsa_sign( void *ctx,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
- int mode, int hash_id, unsigned int hashlen,
- const unsigned char *hash, unsigned char *sig )
-{
- return rsa_pkcs1_sign( (rsa_context *) ctx, f_rng, p_rng, mode, hash_id,
- hashlen, hash, sig );
-}
-
-static size_t ssl_rsa_key_len( void *ctx )
-{
- return ( (rsa_context *) ctx )->len;
-}
-#endif /* POLARSSL_RSA_C */
-
/*
* Key material generation
*/
@@ -461,8 +437,10 @@
else
#endif
#endif
- /* Should never happen */
+ {
+ SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
+ }
/*
* SSLv3:
@@ -636,8 +614,10 @@
}
else
#endif
- /* Should never happen */
+ {
+ SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
+ }
#if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
if( ssl_hw_record_init != NULL)
@@ -924,8 +904,10 @@
}
else
#endif
- /* Should never happen */
+ {
+ SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
+ }
SSL_DEBUG_BUF( 4, "computed mac",
ssl->out_msg + ssl->out_msglen, ssl->transform_out->maclen );
@@ -1356,8 +1338,10 @@
else
#endif /* POLARSSL_SSL_PROTO_TLS1 || POLARSSL_SSL_PROTO_TLS1_1 || \
POLARSSL_SSL_PROTO_TLS1_2 */
- /* Should never happen */
+ {
+ SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
+ }
}
SSL_DEBUG_BUF( 4, "raw buffer after decryption",
@@ -1419,8 +1403,10 @@
else
#endif /* POLARSSL_SSL_PROTO_TLS1 || POLARSSL_SSL_PROTO_TLS1_1 || \
POLARSSL_SSL_PROTO_TLS1_2 */
- /* Should never happen */
+ {
+ SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
+ }
SSL_DEBUG_BUF( 4, "message mac", tmp, ssl->transform_in->maclen );
SSL_DEBUG_BUF( 4, "computed mac", ssl->in_msg + ssl->in_msglen,
@@ -3000,12 +2986,6 @@
/*
* Sane defaults
*/
-#if defined(POLARSSL_RSA_C)
- ssl->rsa_decrypt = ssl_rsa_decrypt;
- ssl->rsa_sign = ssl_rsa_sign;
- ssl->rsa_key_len = ssl_rsa_key_len;
-#endif
-
ssl->min_major_ver = SSL_MIN_MAJOR_VERSION;
ssl->min_minor_ver = SSL_MIN_MINOR_VERSION;
ssl->max_major_ver = SSL_MAX_MAJOR_VERSION;
@@ -3287,23 +3267,55 @@
}
void ssl_set_own_cert( ssl_context *ssl, x509_cert *own_cert,
- rsa_context *rsa_key )
+ pk_context *pk_key )
{
ssl->own_cert = own_cert;
- ssl->rsa_key = rsa_key;
+ ssl->pk_key = pk_key;
}
-void ssl_set_own_cert_alt( ssl_context *ssl, x509_cert *own_cert,
- void *rsa_key,
- rsa_decrypt_func rsa_decrypt,
- rsa_sign_func rsa_sign,
- rsa_key_len_func rsa_key_len )
+#if defined(POLARSSL_RSA_C)
+int ssl_set_own_cert_rsa( ssl_context *ssl, x509_cert *own_cert,
+ rsa_context *rsa_key )
{
+ int ret;
+
ssl->own_cert = own_cert;
- ssl->rsa_key = rsa_key;
- ssl->rsa_decrypt = rsa_decrypt;
- ssl->rsa_sign = rsa_sign;
- ssl->rsa_key_len = rsa_key_len;
+
+ if( ( ssl->pk_key = polarssl_malloc( sizeof( pk_context ) ) ) == NULL )
+ return( POLARSSL_ERR_SSL_MALLOC_FAILED );
+
+ ssl->pk_key_own_alloc = 1;
+
+ pk_init( ssl->pk_key );
+
+ ret = pk_init_ctx( ssl->pk_key, pk_info_from_type( POLARSSL_PK_RSA ) );
+ if( ret != 0 )
+ return( ret );
+
+ if( ( ret = rsa_copy( ssl->pk_key->pk_ctx, rsa_key ) ) != 0 )
+ return( ret );
+
+ return( 0 );
+}
+#endif /* POLARSSL_RSA_C */
+
+int ssl_set_own_cert_alt( ssl_context *ssl, x509_cert *own_cert,
+ void *rsa_key,
+ rsa_decrypt_func rsa_decrypt,
+ rsa_sign_func rsa_sign,
+ rsa_key_len_func rsa_key_len )
+{
+ ssl->own_cert = own_cert;
+
+ if( ( ssl->pk_key = polarssl_malloc( sizeof( pk_context ) ) ) == NULL )
+ return( POLARSSL_ERR_SSL_MALLOC_FAILED );
+
+ ssl->pk_key_own_alloc = 1;
+
+ pk_init( ssl->pk_key );
+
+ return( pk_init_ctx_rsa_alt( ssl->pk_key, rsa_key,
+ rsa_decrypt, rsa_sign, rsa_key_len ) );
}
#endif /* POLARSSL_X509_PARSE_C */
@@ -3694,8 +3706,10 @@
}
else
#endif
- /* Should never happen */
+ {
+ SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
+ }
}
else
{
@@ -3931,6 +3945,12 @@
}
#endif
+ if( ssl->pk_key_own_alloc )
+ {
+ pk_free( ssl->pk_key );
+ polarssl_free( ssl->pk_key );
+ }
+
#if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
if( ssl_hw_record_finish != NULL )
{
@@ -3945,4 +3965,66 @@
memset( ssl, 0, sizeof( ssl_context ) );
}
+/*
+ * Get the SSL_SIG_* constant corresponding to a public key
+ */
+unsigned char ssl_sig_from_pk( pk_context *pk )
+{
+#if defined(POLARSSL_RSA_C)
+ if( pk_can_do( pk, POLARSSL_PK_RSA ) )
+ return( SSL_SIG_RSA );
+#endif
+#if defined(POLARSSL_ECDSA_C)
+ if( pk_can_do( pk, POLARSSL_PK_ECDSA ) )
+ return( SSL_SIG_ECDSA );
+#endif
+ return( SSL_SIG_ANON );
+}
+
+pk_type_t ssl_pk_alg_from_sig( unsigned char sig )
+{
+ switch( sig )
+ {
+#if defined(POLARSSL_RSA_C)
+ case SSL_SIG_RSA:
+ return( POLARSSL_PK_RSA );
+#endif
+#if defined(POLARSSL_ECDSA_C)
+ case SSL_SIG_ECDSA:
+ return( POLARSSL_PK_ECDSA );
+#endif
+ default:
+ return( POLARSSL_PK_NONE );
+ }
+}
+
+md_type_t ssl_md_alg_from_hash( unsigned char hash )
+{
+ switch( hash )
+ {
+#if defined(POLARSSL_MD5_C)
+ case SSL_HASH_MD5:
+ return( POLARSSL_MD_MD5 );
+#endif
+#if defined(POLARSSL_SHA1_C)
+ case SSL_HASH_SHA1:
+ return( POLARSSL_MD_SHA1 );
+#endif
+#if defined(POLARSSL_SHA256_C)
+ case SSL_HASH_SHA224:
+ return( POLARSSL_MD_SHA224 );
+ case SSL_HASH_SHA256:
+ return( POLARSSL_MD_SHA256 );
+#endif
+#if defined(POLARSSL_SHA512_C)
+ case SSL_HASH_SHA384:
+ return( POLARSSL_MD_SHA384 );
+ case SSL_HASH_SHA512:
+ return( POLARSSL_MD_SHA512 );
+#endif
+ default:
+ return( POLARSSL_MD_NONE );
+ }
+}
+
#endif
diff --git a/library/x509parse.c b/library/x509parse.c
index a762855..132d285 100644
--- a/library/x509parse.c
+++ b/library/x509parse.c
@@ -605,8 +605,9 @@
#if defined(POLARSSL_ECP_C)
if( pk_alg == POLARSSL_PK_ECKEY_DH || pk_alg == POLARSSL_PK_ECKEY )
{
- ret = x509_use_ecparams( &alg_params, &pk_ec( *pk )->grp ) ||
- x509_get_ecpubkey( p, end, pk_ec( *pk ) );
+ ret = x509_use_ecparams( &alg_params, &pk_ec( *pk )->grp );
+ if( ret == 0 )
+ ret = x509_get_ecpubkey( p, end, pk_ec( *pk ) );
} else
#endif /* POLARSSL_ECP_C */
ret = POLARSSL_ERR_X509_UNKNOWN_PK_ALG;
@@ -3936,7 +3937,7 @@
size_t i, j;
x509_cert cacert;
x509_cert clicert;
- rsa_context rsa;
+ pk_context pkey;
#if defined(POLARSSL_DHM_C)
dhm_context dhm;
#endif
@@ -3974,9 +3975,9 @@
i = strlen( test_ca_key );
j = strlen( test_ca_pwd );
- rsa_init( &rsa, RSA_PKCS_V15, 0 );
+ pk_init( &pkey );
- if( ( ret = x509parse_key_rsa( &rsa,
+ if( ( ret = x509parse_key( &pkey,
(const unsigned char *) test_ca_key, i,
(const unsigned char *) test_ca_pwd, j ) ) != 0 )
{
@@ -3989,12 +3990,14 @@
if( verbose != 0 )
printf( "passed\n X.509 signature verify: ");
- ret = x509parse_verify( &clicert, &cacert, NULL, "PolarSSL Client 2", &flags, NULL, NULL );
+ ret = x509parse_verify( &clicert, &cacert, NULL, NULL, &flags, NULL, NULL );
if( ret != 0 )
{
if( verbose != 0 )
printf( "failed\n" );
+ printf("ret = %d, &flags = %04x\n", ret, flags);
+
return( ret );
}
@@ -4019,7 +4022,7 @@
x509_free( &cacert );
x509_free( &clicert );
- rsa_free( &rsa );
+ pk_free( &pkey );
#if defined(POLARSSL_DHM_C)
dhm_free( &dhm );
#endif