Add and use pk_encrypt(), pk_decrypt()
This commit is contained in:
parent
8df2769178
commit
a2d3f22007
5 changed files with 142 additions and 19 deletions
|
@ -136,6 +136,18 @@ typedef struct
|
|||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng );
|
||||
|
||||
/** Decrypt message */
|
||||
int (*decrypt_func)( void *ctx, const unsigned char *input, size_t ilen,
|
||||
unsigned char *output, size_t *olen, size_t osize,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng );
|
||||
|
||||
/** Encrypt message */
|
||||
int (*encrypt_func)( void *ctx, const unsigned char *input, size_t ilen,
|
||||
unsigned char *output, size_t *olen, size_t osize,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng );
|
||||
|
||||
/** Allocate a new context */
|
||||
void * (*ctx_alloc_func)( void );
|
||||
|
||||
|
@ -244,6 +256,40 @@ int pk_sign( pk_context *ctx, md_type_t md_alg,
|
|||
unsigned char *sig, size_t *sig_len,
|
||||
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
|
||||
|
||||
/**
|
||||
* \brief Decrypt message
|
||||
*
|
||||
* \param ctx PK context to use
|
||||
* \param input Input to decrypt
|
||||
* \param ilen Input size
|
||||
* \param output Decrypted output
|
||||
* \param olen Decrypted message lenght
|
||||
* \param osize Size of the output buffer
|
||||
*
|
||||
* \return 0 on success, or a specific error code.
|
||||
*/
|
||||
int pk_decrypt( pk_context *ctx,
|
||||
const unsigned char *input, size_t ilen,
|
||||
unsigned char *output, size_t *olen, size_t osize,
|
||||
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
|
||||
|
||||
/**
|
||||
* \brief Encrypt message
|
||||
*
|
||||
* \param ctx PK context to use
|
||||
* \param input Message to encrypt
|
||||
* \param ilen Message size
|
||||
* \param output Encrypted output
|
||||
* \param olen Encrypted output length
|
||||
* \param osize Size of the output buffer
|
||||
*
|
||||
* \return 0 on success, or a specific error code.
|
||||
*/
|
||||
int pk_encrypt( pk_context *ctx,
|
||||
const unsigned char *input, size_t ilen,
|
||||
unsigned char *output, size_t *olen, size_t osize,
|
||||
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
|
||||
|
||||
/**
|
||||
* \brief Export debug information
|
||||
*
|
||||
|
|
36
library/pk.c
36
library/pk.c
|
@ -152,6 +152,42 @@ int pk_sign( pk_context *ctx, md_type_t md_alg,
|
|||
sig, sig_len, f_rng, p_rng ) );
|
||||
}
|
||||
|
||||
/*
|
||||
* Decrypt message
|
||||
*/
|
||||
int pk_decrypt( pk_context *ctx,
|
||||
const unsigned char *input, size_t ilen,
|
||||
unsigned char *output, size_t *olen, size_t osize,
|
||||
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
|
||||
{
|
||||
if( ctx == NULL || ctx->pk_info == NULL )
|
||||
return( POLARSSL_ERR_PK_BAD_INPUT_DATA );
|
||||
|
||||
if( ctx->pk_info->decrypt_func == NULL )
|
||||
return( POLARSSL_ERR_PK_TYPE_MISMATCH );
|
||||
|
||||
return( ctx->pk_info->decrypt_func( ctx->pk_ctx, input, ilen,
|
||||
output, olen, osize, f_rng, p_rng ) );
|
||||
}
|
||||
|
||||
/*
|
||||
* Encrypt message
|
||||
*/
|
||||
int pk_encrypt( pk_context *ctx,
|
||||
const unsigned char *input, size_t ilen,
|
||||
unsigned char *output, size_t *olen, size_t osize,
|
||||
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
|
||||
{
|
||||
if( ctx == NULL || ctx->pk_info == NULL )
|
||||
return( POLARSSL_ERR_PK_BAD_INPUT_DATA );
|
||||
|
||||
if( ctx->pk_info->encrypt_func == NULL )
|
||||
return( POLARSSL_ERR_PK_TYPE_MISMATCH );
|
||||
|
||||
return( ctx->pk_info->encrypt_func( ctx->pk_ctx, input, ilen,
|
||||
output, olen, osize, f_rng, p_rng ) );
|
||||
}
|
||||
|
||||
/*
|
||||
* Get key size in bits
|
||||
*/
|
||||
|
|
|
@ -80,6 +80,34 @@ static int rsa_sign_wrap( void *ctx, md_type_t md_alg,
|
|||
md_alg, hash_len, hash, sig ) );
|
||||
}
|
||||
|
||||
static int rsa_decrypt_wrap( void *ctx,
|
||||
const unsigned char *input, size_t ilen,
|
||||
unsigned char *output, size_t *olen, size_t osize,
|
||||
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
|
||||
{
|
||||
((void) f_rng);
|
||||
((void) p_rng);
|
||||
|
||||
if( ilen != ((rsa_context *) ctx)->len )
|
||||
return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
|
||||
|
||||
return( rsa_pkcs1_decrypt( (rsa_context *) ctx,
|
||||
RSA_PRIVATE, olen, input, output, osize ) );
|
||||
}
|
||||
|
||||
static int rsa_encrypt_wrap( void *ctx,
|
||||
const unsigned char *input, size_t ilen,
|
||||
unsigned char *output, size_t *olen, size_t osize,
|
||||
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
|
||||
{
|
||||
((void) osize);
|
||||
|
||||
*olen = ((rsa_context *) ctx)->len;
|
||||
|
||||
return( rsa_pkcs1_encrypt( (rsa_context *) ctx,
|
||||
f_rng, p_rng, RSA_PUBLIC, ilen, input, output ) );
|
||||
}
|
||||
|
||||
static void *rsa_alloc_wrap( void )
|
||||
{
|
||||
void *ctx = polarssl_malloc( sizeof( rsa_context ) );
|
||||
|
@ -116,6 +144,8 @@ const pk_info_t rsa_info = {
|
|||
rsa_can_do,
|
||||
rsa_verify_wrap,
|
||||
rsa_sign_wrap,
|
||||
rsa_decrypt_wrap,
|
||||
rsa_encrypt_wrap,
|
||||
rsa_alloc_wrap,
|
||||
rsa_free_wrap,
|
||||
rsa_debug,
|
||||
|
@ -222,6 +252,8 @@ const pk_info_t eckey_info = {
|
|||
NULL,
|
||||
NULL,
|
||||
#endif
|
||||
NULL,
|
||||
NULL,
|
||||
eckey_alloc_wrap,
|
||||
eckey_free_wrap,
|
||||
eckey_debug,
|
||||
|
@ -243,6 +275,8 @@ const pk_info_t eckeydh_info = {
|
|||
eckeydh_can_do,
|
||||
NULL,
|
||||
NULL,
|
||||
NULL,
|
||||
NULL,
|
||||
eckey_alloc_wrap, /* Same underlying key structure */
|
||||
eckey_free_wrap, /* Same underlying key structure */
|
||||
eckey_debug, /* Same underlying key structure */
|
||||
|
@ -299,6 +333,8 @@ const pk_info_t ecdsa_info = {
|
|||
ecdsa_can_do,
|
||||
ecdsa_verify_wrap,
|
||||
ecdsa_sign_wrap,
|
||||
NULL,
|
||||
NULL,
|
||||
ecdsa_alloc_wrap,
|
||||
ecdsa_free_wrap,
|
||||
eckey_debug, /* Compatible key structures */
|
||||
|
|
|
@ -1870,26 +1870,24 @@ static int ssl_write_client_key_exchange( ssl_context *ssl )
|
|||
return( POLARSSL_ERR_SSL_PK_TYPE_MISMATCH );
|
||||
}
|
||||
|
||||
i = 4;
|
||||
n = pk_get_size( &ssl->session_negotiate->peer_cert->pk ) / 8;
|
||||
i = ssl->minor_ver == SSL_MINOR_VERSION_0 ? 4 : 6;
|
||||
|
||||
if( ssl->minor_ver != SSL_MINOR_VERSION_0 )
|
||||
{
|
||||
i += 2;
|
||||
ssl->out_msg[4] = (unsigned char)( n >> 8 );
|
||||
ssl->out_msg[5] = (unsigned char)( n );
|
||||
}
|
||||
|
||||
ret = rsa_pkcs1_encrypt(
|
||||
pk_rsa( ssl->session_negotiate->peer_cert->pk ),
|
||||
ssl->f_rng, ssl->p_rng, RSA_PUBLIC,
|
||||
ssl->handshake->pmslen, ssl->handshake->premaster,
|
||||
ssl->out_msg + i );
|
||||
ret = pk_encrypt( &ssl->session_negotiate->peer_cert->pk,
|
||||
ssl->handshake->premaster, ssl->handshake->pmslen,
|
||||
ssl->out_msg + i, &n, SSL_BUFFER_LEN,
|
||||
ssl->f_rng, ssl->p_rng );
|
||||
if( ret != 0 )
|
||||
{
|
||||
SSL_DEBUG_RET( 1, "rsa_pkcs1_encrypt", ret );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
if( ssl->minor_ver != SSL_MINOR_VERSION_0 )
|
||||
{
|
||||
ssl->out_msg[4] = (unsigned char)( n >> 8 );
|
||||
ssl->out_msg[5] = (unsigned char)( n );
|
||||
}
|
||||
|
||||
}
|
||||
else
|
||||
#endif /* POLARSSL_KEY_EXCHANGE_RSA_ENABLED */
|
||||
|
|
|
@ -2259,9 +2259,9 @@ static int ssl_parse_encrypted_pms_secret( ssl_context *ssl )
|
|||
int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
|
||||
size_t i, n = 0;
|
||||
|
||||
if( ssl->rsa_key == NULL )
|
||||
if( ! pk_can_do( ssl->pk_key, POLARSSL_PK_RSA ) )
|
||||
{
|
||||
SSL_DEBUG_MSG( 1, ( "got no private key" ) );
|
||||
SSL_DEBUG_MSG( 1, ( "got no RSA private key" ) );
|
||||
return( POLARSSL_ERR_SSL_PRIVATE_KEY_REQUIRED );
|
||||
}
|
||||
|
||||
|
@ -2269,8 +2269,7 @@ static int ssl_parse_encrypted_pms_secret( ssl_context *ssl )
|
|||
* Decrypt the premaster using own private RSA key
|
||||
*/
|
||||
i = 4;
|
||||
if( ssl->rsa_key )
|
||||
n = ssl->rsa_key_len( ssl->rsa_key );
|
||||
n = ssl->rsa_key_len( ssl->rsa_key );
|
||||
ssl->handshake->pmslen = 48;
|
||||
|
||||
if( ssl->minor_ver != SSL_MINOR_VERSION_0 )
|
||||
|
@ -2290,13 +2289,21 @@ static int ssl_parse_encrypted_pms_secret( ssl_context *ssl )
|
|||
return( POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
|
||||
}
|
||||
|
||||
if( ssl->rsa_key ) {
|
||||
if( ssl->rsa_use_alt ) {
|
||||
ret = ssl->rsa_decrypt( ssl->rsa_key, RSA_PRIVATE,
|
||||
&ssl->handshake->pmslen,
|
||||
ssl->in_msg + i,
|
||||
ssl->handshake->premaster,
|
||||
sizeof(ssl->handshake->premaster) );
|
||||
}
|
||||
else
|
||||
{
|
||||
ret = pk_decrypt( ssl->pk_key,
|
||||
ssl->in_msg + i, n,
|
||||
ssl->handshake->premaster, &ssl->handshake->pmslen,
|
||||
sizeof(ssl->handshake->premaster),
|
||||
ssl->f_rng, ssl->p_rng );
|
||||
}
|
||||
|
||||
if( ret != 0 || ssl->handshake->pmslen != 48 ||
|
||||
ssl->handshake->premaster[0] != ssl->handshake->max_major_ver ||
|
||||
|
|
Loading…
Reference in a new issue