Adapt ssl_set_own_cert() to generic keys
This commit is contained in:
Manuel Pégourié-Gonnard
parent
09edda888e
commit
ac75523593
9 changed files with 92 additions and 62 deletions
|
|
@ -578,6 +578,7 @@ struct _ssl_context
|
|||
/*
|
||||
* PKI layer
|
||||
*/
|
||||
pk_context *pk_key; /*!< own private key */
|
||||
#if defined(POLARSSL_RSA_C)
|
||||
void *rsa_key; /*!< own RSA private key */
|
||||
rsa_decrypt_func rsa_decrypt; /*!< function for RSA decrypt*/
|
||||
|
|
@ -903,13 +904,29 @@ void ssl_set_ca_chain( ssl_context *ssl, x509_cert *ca_chain,
|
|||
*
|
||||
* \param ssl SSL context
|
||||
* \param own_cert own public certificate chain
|
||||
* \param rsa_key own private RSA key
|
||||
* \param pk_key own private key
|
||||
*/
|
||||
void ssl_set_own_cert( ssl_context *ssl, x509_cert *own_cert,
|
||||
rsa_context *rsa_key );
|
||||
pk_context *rsa_key );
|
||||
|
||||
#if defined(POLARSSL_RSA_C)
|
||||
/**
|
||||
* \brief Set own certificate chain and private RSA key
|
||||
*
|
||||
* Note: own_cert should contain IN order from the bottom
|
||||
* up your certificate chain. The top certificate (self-signed)
|
||||
* can be omitted.
|
||||
*
|
||||
* \param ssl SSL context
|
||||
* \param own_cert own public certificate chain
|
||||
* \param rsa_key own private RSA key
|
||||
*/
|
||||
void ssl_set_own_cert_rsa( ssl_context *ssl, x509_cert *own_cert,
|
||||
rsa_context *rsa_key );
|
||||
#endif /* POLARSSL_RSA_C */
|
||||
|
||||
/**
|
||||
* \brief Set own certificate and alternate non-PolarSSL private
|
||||
* \brief Set own certificate and alternate non-PolarSSL RSA private
|
||||
* key and handling callbacks, such as the PKCS#11 wrappers
|
||||
* or any other external private key handler.
|
||||
* (see the respective RSA functions in rsa.h for documentation
|
||||
|
|
@ -927,11 +944,11 @@ void ssl_set_own_cert( ssl_context *ssl, x509_cert *own_cert,
|
|||
* \param rsa_sign_func alternate implementation of \c rsa_pkcs1_sign()
|
||||
* \param rsa_key_len_func function returning length of RSA key in bytes
|
||||
*/
|
||||
void ssl_set_own_cert_alt( ssl_context *ssl, x509_cert *own_cert,
|
||||
void *rsa_key,
|
||||
rsa_decrypt_func rsa_decrypt,
|
||||
rsa_sign_func rsa_sign,
|
||||
rsa_key_len_func rsa_key_len );
|
||||
void ssl_set_own_cert_alt_rsa( ssl_context *ssl, x509_cert *own_cert,
|
||||
void *rsa_key,
|
||||
rsa_decrypt_func rsa_decrypt,
|
||||
rsa_sign_func rsa_sign,
|
||||
rsa_key_len_func rsa_key_len );
|
||||
#endif /* POLARSSL_X509_PARSE_C */
|
||||
|
||||
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
|
||||
|
|
|
|||
|
|
@ -3143,22 +3143,35 @@ void ssl_set_ca_chain( ssl_context *ssl, x509_cert *ca_chain,
|
|||
}
|
||||
|
||||
void ssl_set_own_cert( ssl_context *ssl, x509_cert *own_cert,
|
||||
rsa_context *rsa_key )
|
||||
pk_context *pk_key )
|
||||
{
|
||||
ssl->own_cert = own_cert;
|
||||
ssl->pk_key = pk_key;
|
||||
|
||||
/* Temporary, until everything is moved to PK */
|
||||
if( pk_key->pk_info->type == POLARSSL_PK_RSA )
|
||||
ssl->rsa_key = pk_key->pk_ctx;
|
||||
}
|
||||
|
||||
#if defined(POLARSSL_RSA_C)
|
||||
void ssl_set_own_cert_rsa( ssl_context *ssl, x509_cert *own_cert,
|
||||
rsa_context *rsa_key )
|
||||
{
|
||||
ssl->own_cert = own_cert;
|
||||
ssl->rsa_key = rsa_key;
|
||||
}
|
||||
#endif /* POLARSSL_RSA_C */
|
||||
|
||||
void ssl_set_own_cert_alt( ssl_context *ssl, x509_cert *own_cert,
|
||||
void *rsa_key,
|
||||
rsa_decrypt_func rsa_decrypt,
|
||||
rsa_sign_func rsa_sign,
|
||||
rsa_key_len_func rsa_key_len )
|
||||
void ssl_set_own_cert_alt_rsa( ssl_context *ssl, x509_cert *own_cert,
|
||||
void *rsa_key,
|
||||
rsa_decrypt_func rsa_decrypt,
|
||||
rsa_sign_func rsa_sign,
|
||||
rsa_key_len_func rsa_key_len )
|
||||
{
|
||||
ssl->own_cert = own_cert;
|
||||
ssl->rsa_key = rsa_key;
|
||||
ssl->own_cert = own_cert;
|
||||
ssl->rsa_key = rsa_key;
|
||||
ssl->rsa_decrypt = rsa_decrypt;
|
||||
ssl->rsa_sign = rsa_sign;
|
||||
ssl->rsa_sign = rsa_sign;
|
||||
ssl->rsa_key_len = rsa_key_len;
|
||||
}
|
||||
#endif /* POLARSSL_X509_PARSE_C */
|
||||
|
|
|
|||
|
|
@ -257,7 +257,7 @@ int main( int argc, char *argv[] )
|
|||
#if defined(POLARSSL_X509_PARSE_C)
|
||||
x509_cert cacert;
|
||||
x509_cert clicert;
|
||||
rsa_context rsa;
|
||||
pk_context pkey;
|
||||
#endif
|
||||
char *p, *q;
|
||||
const int *list;
|
||||
|
|
@ -271,7 +271,7 @@ int main( int argc, char *argv[] )
|
|||
#if defined(POLARSSL_X509_PARSE_C)
|
||||
memset( &cacert, 0, sizeof( x509_cert ) );
|
||||
memset( &clicert, 0, sizeof( x509_cert ) );
|
||||
memset( &rsa, 0, sizeof( rsa_context ) );
|
||||
pk_init( &pkey );
|
||||
#endif
|
||||
|
||||
if( argc == 0 )
|
||||
|
|
@ -626,11 +626,11 @@ int main( int argc, char *argv[] )
|
|||
|
||||
#if defined(POLARSSL_FS_IO)
|
||||
if( strlen( opt.key_file ) )
|
||||
ret = x509parse_keyfile_rsa( &rsa, opt.key_file, "" );
|
||||
ret = x509parse_keyfile( &pkey, opt.key_file, "" );
|
||||
else
|
||||
#endif
|
||||
#if defined(POLARSSL_CERTS_C)
|
||||
ret = x509parse_key_rsa( &rsa, (const unsigned char *) test_cli_key,
|
||||
ret = x509parse_key( &pkey, (const unsigned char *) test_cli_key,
|
||||
strlen( test_cli_key ), NULL, 0 );
|
||||
#else
|
||||
{
|
||||
|
|
@ -640,7 +640,7 @@ int main( int argc, char *argv[] )
|
|||
#endif
|
||||
if( ret != 0 )
|
||||
{
|
||||
printf( " failed\n ! x509parse_key_rsa returned -0x%x\n\n", -ret );
|
||||
printf( " failed\n ! x509parse_key returned -0x%x\n\n", -ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
|
@ -711,7 +711,7 @@ int main( int argc, char *argv[] )
|
|||
|
||||
#if defined(POLARSSL_X509_PARSE_C)
|
||||
ssl_set_ca_chain( &ssl, &cacert, NULL, opt.server_name );
|
||||
ssl_set_own_cert( &ssl, &clicert, &rsa );
|
||||
ssl_set_own_cert( &ssl, &clicert, &pkey );
|
||||
#endif
|
||||
|
||||
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
|
||||
|
|
@ -911,7 +911,7 @@ exit:
|
|||
#if defined(POLARSSL_X509_PARSE_C)
|
||||
x509_free( &clicert );
|
||||
x509_free( &cacert );
|
||||
rsa_free( &rsa );
|
||||
pk_free( &pkey );
|
||||
#endif
|
||||
ssl_session_free( &saved_session );
|
||||
ssl_free( &ssl );
|
||||
|
|
|
|||
|
|
@ -104,7 +104,7 @@ int main( int argc, char *argv[] )
|
|||
ctr_drbg_context ctr_drbg;
|
||||
ssl_context ssl;
|
||||
x509_cert srvcert;
|
||||
rsa_context rsa;
|
||||
pk_context pkey;
|
||||
|
||||
((void) argc);
|
||||
((void) argv);
|
||||
|
|
@ -139,7 +139,7 @@ int main( int argc, char *argv[] )
|
|||
/*
|
||||
* This demonstration program uses embedded test certificates.
|
||||
* Instead, you may want to use x509parse_crtfile() to read the
|
||||
* server and CA certificates, as well as x509parse_keyfile_rsa().
|
||||
* server and CA certificates, as well as x509parse_keyfile().
|
||||
*/
|
||||
ret = x509parse_crt( &srvcert, (const unsigned char *) test_srv_crt,
|
||||
strlen( test_srv_crt ) );
|
||||
|
|
@ -157,12 +157,12 @@ int main( int argc, char *argv[] )
|
|||
goto exit;
|
||||
}
|
||||
|
||||
rsa_init( &rsa, RSA_PKCS_V15, 0 );
|
||||
ret = x509parse_key_rsa( &rsa, (const unsigned char *) test_srv_key,
|
||||
pk_init( &pkey );
|
||||
ret = x509parse_key( &pkey, (const unsigned char *) test_srv_key,
|
||||
strlen( test_srv_key ), NULL, 0 );
|
||||
if( ret != 0 )
|
||||
{
|
||||
printf( " failed\n ! x509parse_key_rsa returned %d\n\n", ret );
|
||||
printf( " failed\n ! x509parse_key returned %d\n\n", ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
|
@ -265,7 +265,7 @@ int main( int argc, char *argv[] )
|
|||
net_send, &client_fd );
|
||||
|
||||
ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL );
|
||||
ssl_set_own_cert( &ssl, &srvcert, &rsa );
|
||||
ssl_set_own_cert( &ssl, &srvcert, &pkey );
|
||||
|
||||
/*
|
||||
* 5. Handshake
|
||||
|
|
@ -363,7 +363,7 @@ exit:
|
|||
|
||||
net_close( client_fd );
|
||||
x509_free( &srvcert );
|
||||
rsa_free( &rsa );
|
||||
pk_free( &pkey );
|
||||
ssl_free( &ssl );
|
||||
|
||||
#if defined(_WIN32)
|
||||
|
|
|
|||
|
|
@ -352,7 +352,7 @@ int main( int argc, char *argv[] )
|
|||
ssl_context ssl;
|
||||
x509_cert cacert;
|
||||
x509_cert clicert;
|
||||
rsa_context rsa;
|
||||
pk_context pkey;
|
||||
int i;
|
||||
size_t n;
|
||||
char *p, *q;
|
||||
|
|
@ -364,7 +364,7 @@ int main( int argc, char *argv[] )
|
|||
server_fd = 0;
|
||||
memset( &cacert, 0, sizeof( x509_cert ) );
|
||||
memset( &clicert, 0, sizeof( x509_cert ) );
|
||||
memset( &rsa, 0, sizeof( rsa_context ) );
|
||||
pk_init( &pkey );
|
||||
|
||||
if( argc == 0 )
|
||||
{
|
||||
|
|
@ -532,11 +532,11 @@ int main( int argc, char *argv[] )
|
|||
|
||||
#if defined(POLARSSL_FS_IO)
|
||||
if( strlen( opt.key_file ) )
|
||||
ret = x509parse_keyfile_rsa( &rsa, opt.key_file, "" );
|
||||
ret = x509parse_keyfile( &pkey, opt.key_file, "" );
|
||||
else
|
||||
#endif
|
||||
#if defined(POLARSSL_CERTS_C)
|
||||
ret = x509parse_key_rsa( &rsa, (const unsigned char *) test_cli_key,
|
||||
ret = x509parse_key( &pkey, (const unsigned char *) test_cli_key,
|
||||
strlen( test_cli_key ), NULL, 0 );
|
||||
#else
|
||||
{
|
||||
|
|
@ -546,7 +546,7 @@ int main( int argc, char *argv[] )
|
|||
#endif
|
||||
if( ret != 0 )
|
||||
{
|
||||
printf( " failed\n ! x509parse_key_rsa returned %d\n\n", ret );
|
||||
printf( " failed\n ! x509parse_key returned %d\n\n", ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
|
@ -594,7 +594,7 @@ int main( int argc, char *argv[] )
|
|||
ssl_set_ciphersuites( &ssl, opt.force_ciphersuite );
|
||||
|
||||
ssl_set_ca_chain( &ssl, &cacert, NULL, opt.server_name );
|
||||
ssl_set_own_cert( &ssl, &clicert, &rsa );
|
||||
ssl_set_own_cert( &ssl, &clicert, &pkey );
|
||||
|
||||
ssl_set_hostname( &ssl, opt.server_name );
|
||||
|
||||
|
|
@ -789,7 +789,7 @@ exit:
|
|||
net_close( server_fd );
|
||||
x509_free( &clicert );
|
||||
x509_free( &cacert );
|
||||
rsa_free( &rsa );
|
||||
pk_free( &pkey );
|
||||
ssl_free( &ssl );
|
||||
|
||||
#if defined(_WIN32)
|
||||
|
|
|
|||
|
|
@ -94,7 +94,7 @@ int main( int argc, char *argv[] )
|
|||
ctr_drbg_context ctr_drbg;
|
||||
ssl_context ssl;
|
||||
x509_cert srvcert;
|
||||
rsa_context rsa;
|
||||
pk_context pkey;
|
||||
#if defined(POLARSSL_SSL_CACHE_C)
|
||||
ssl_cache_context cache;
|
||||
#endif
|
||||
|
|
@ -117,7 +117,7 @@ int main( int argc, char *argv[] )
|
|||
/*
|
||||
* This demonstration program uses embedded test certificates.
|
||||
* Instead, you may want to use x509parse_crtfile() to read the
|
||||
* server and CA certificates, as well as x509parse_keyfile_rsa().
|
||||
* server and CA certificates, as well as x509parse_keyfile().
|
||||
*/
|
||||
ret = x509parse_crt( &srvcert, (const unsigned char *) test_srv_crt,
|
||||
strlen( test_srv_crt ) );
|
||||
|
|
@ -135,12 +135,12 @@ int main( int argc, char *argv[] )
|
|||
goto exit;
|
||||
}
|
||||
|
||||
rsa_init( &rsa, RSA_PKCS_V15, 0 );
|
||||
ret = x509parse_key_rsa( &rsa, (const unsigned char *) test_srv_key,
|
||||
pk_init( &pkey );
|
||||
ret = x509parse_key( &pkey, (const unsigned char *) test_srv_key,
|
||||
strlen( test_srv_key ), NULL, 0 );
|
||||
if( ret != 0 )
|
||||
{
|
||||
printf( " failed\n ! x509parse_key_rsa returned %d\n\n", ret );
|
||||
printf( " failed\n ! x509parse_key returned %d\n\n", ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
|
@ -201,7 +201,7 @@ int main( int argc, char *argv[] )
|
|||
#endif
|
||||
|
||||
ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL );
|
||||
ssl_set_own_cert( &ssl, &srvcert, &rsa );
|
||||
ssl_set_own_cert( &ssl, &srvcert, &pkey );
|
||||
|
||||
printf( " ok\n" );
|
||||
|
||||
|
|
@ -364,7 +364,7 @@ exit:
|
|||
|
||||
net_close( client_fd );
|
||||
x509_free( &srvcert );
|
||||
rsa_free( &rsa );
|
||||
pk_free( &pkey );
|
||||
ssl_free( &ssl );
|
||||
#if defined(POLARSSL_SSL_CACHE_C)
|
||||
ssl_cache_free( &cache );
|
||||
|
|
|
|||
|
|
@ -215,7 +215,7 @@ int main( int argc, char *argv[] )
|
|||
#if defined(POLARSSL_X509_PARSE_C)
|
||||
x509_cert cacert;
|
||||
x509_cert srvcert;
|
||||
rsa_context rsa;
|
||||
pk_context pkey;
|
||||
#endif
|
||||
#if defined(POLARSSL_SSL_CACHE_C)
|
||||
ssl_cache_context cache;
|
||||
|
|
@ -239,7 +239,7 @@ int main( int argc, char *argv[] )
|
|||
#if defined(POLARSSL_X509_PARSE_C)
|
||||
memset( &cacert, 0, sizeof( x509_cert ) );
|
||||
memset( &srvcert, 0, sizeof( x509_cert ) );
|
||||
memset( &rsa, 0, sizeof( rsa_context ) );
|
||||
pk_init( &pkey );
|
||||
#endif
|
||||
#if defined(POLARSSL_SSL_CACHE_C)
|
||||
ssl_cache_init( &cache );
|
||||
|
|
@ -575,11 +575,11 @@ int main( int argc, char *argv[] )
|
|||
|
||||
#if defined(POLARSSL_FS_IO)
|
||||
if( strlen( opt.key_file ) )
|
||||
ret = x509parse_keyfile_rsa( &rsa, opt.key_file, "" );
|
||||
ret = x509parse_keyfile( &pkey, opt.key_file, "" );
|
||||
else
|
||||
#endif
|
||||
#if defined(POLARSSL_CERTS_C)
|
||||
ret = x509parse_key_rsa( &rsa, (const unsigned char *) test_srv_key,
|
||||
ret = x509parse_key( &pkey, (const unsigned char *) test_srv_key,
|
||||
strlen( test_srv_key ), NULL, 0 );
|
||||
#else
|
||||
{
|
||||
|
|
@ -589,7 +589,7 @@ int main( int argc, char *argv[] )
|
|||
#endif
|
||||
if( ret != 0 )
|
||||
{
|
||||
printf( " failed\n ! x509parse_key_rsa returned -0x%x\n\n", -ret );
|
||||
printf( " failed\n ! x509parse_key returned -0x%x\n\n", -ret );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
|
@ -649,7 +649,7 @@ int main( int argc, char *argv[] )
|
|||
|
||||
#if defined(POLARSSL_X509_PARSE_C)
|
||||
ssl_set_ca_chain( &ssl, &cacert, NULL, NULL );
|
||||
ssl_set_own_cert( &ssl, &srvcert, &rsa );
|
||||
ssl_set_own_cert( &ssl, &srvcert, &pkey );
|
||||
#endif
|
||||
|
||||
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
|
||||
|
|
@ -877,7 +877,7 @@ exit:
|
|||
#if defined(POLARSSL_X509_PARSE_C)
|
||||
x509_free( &srvcert );
|
||||
x509_free( &cacert );
|
||||
rsa_free( &rsa );
|
||||
pk_free( &pkey );
|
||||
#endif
|
||||
|
||||
ssl_free( &ssl );
|
||||
|
|
|
|||
|
|
@ -166,7 +166,7 @@ static int ssl_test( struct options *opt )
|
|||
ctr_drbg_context ctr_drbg;
|
||||
ssl_context ssl;
|
||||
x509_cert srvcert;
|
||||
rsa_context rsa;
|
||||
pk_context pkey;
|
||||
|
||||
ret = 1;
|
||||
|
||||
|
|
@ -187,7 +187,7 @@ static int ssl_test( struct options *opt )
|
|||
memset( write_state, 0, sizeof( write_state ) );
|
||||
|
||||
memset( &srvcert, 0, sizeof( x509_cert ) );
|
||||
memset( &rsa, 0, sizeof( rsa_context ) );
|
||||
pk_init( &pkey );
|
||||
|
||||
if( opt->opmode == OPMODE_CLIENT )
|
||||
{
|
||||
|
|
@ -229,11 +229,11 @@ static int ssl_test( struct options *opt )
|
|||
goto exit;
|
||||
}
|
||||
|
||||
ret = x509parse_key_rsa( &rsa, (const unsigned char *) test_srv_key,
|
||||
ret = x509parse_key( &pkey, (const unsigned char *) test_srv_key,
|
||||
strlen( test_srv_key ), NULL, 0 );
|
||||
if( ret != 0 )
|
||||
{
|
||||
printf( " ! x509parse_key_rsa returned %d\n\n", ret );
|
||||
printf( " ! x509parse_key returned %d\n\n", ret );
|
||||
goto exit;
|
||||
}
|
||||
#endif
|
||||
|
|
@ -262,7 +262,7 @@ static int ssl_test( struct options *opt )
|
|||
|
||||
ssl_set_endpoint( &ssl, SSL_IS_SERVER );
|
||||
ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL );
|
||||
ssl_set_own_cert( &ssl, &srvcert, &rsa );
|
||||
ssl_set_own_cert( &ssl, &srvcert, &pkey );
|
||||
}
|
||||
|
||||
ssl_set_authmode( &ssl, SSL_VERIFY_NONE );
|
||||
|
|
@ -400,7 +400,7 @@ exit:
|
|||
|
||||
ssl_close_notify( &ssl );
|
||||
x509_free( &srvcert );
|
||||
rsa_free( &rsa );
|
||||
pk_free( &pkey );
|
||||
ssl_free( &ssl );
|
||||
net_close( client_fd );
|
||||
|
||||
|
|
|
|||
|
|
@ -157,7 +157,7 @@ int main( int argc, char *argv[] )
|
|||
ssl_context ssl;
|
||||
x509_cert cacert;
|
||||
x509_cert clicert;
|
||||
rsa_context rsa;
|
||||
pk_context pkey;
|
||||
int i, j, n;
|
||||
int flags, verify = 0;
|
||||
char *p, *q;
|
||||
|
|
@ -169,7 +169,7 @@ int main( int argc, char *argv[] )
|
|||
server_fd = 0;
|
||||
memset( &cacert, 0, sizeof( x509_cert ) );
|
||||
memset( &clicert, 0, sizeof( x509_cert ) );
|
||||
memset( &rsa, 0, sizeof( rsa_context ) );
|
||||
pk_init( &pkey );
|
||||
|
||||
if( argc == 0 )
|
||||
{
|
||||
|
|
@ -404,7 +404,7 @@ int main( int argc, char *argv[] )
|
|||
ssl_set_bio( &ssl, net_recv, &server_fd,
|
||||
net_send, &server_fd );
|
||||
|
||||
ssl_set_own_cert( &ssl, &clicert, &rsa );
|
||||
ssl_set_own_cert( &ssl, &clicert, &pkey );
|
||||
|
||||
ssl_set_hostname( &ssl, opt.server_name );
|
||||
|
||||
|
|
@ -450,7 +450,7 @@ exit:
|
|||
net_close( server_fd );
|
||||
x509_free( &cacert );
|
||||
x509_free( &clicert );
|
||||
rsa_free( &rsa );
|
||||
pk_free( &pkey );
|
||||
|
||||
#if defined(_WIN32)
|
||||
printf( " + Press Enter to exit this program.\n" );
|
||||
|
|
|
|||
Loading…
Reference in a new issue