From d1a983fe7755be3d0d1e34e49f856dbe1adb04f4 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Mon, 16 Sep 2013 22:26:53 +0200 Subject: [PATCH] Removed x509parse key functions and moved them to compat-1.2.h --- include/polarssl/compat-1.2.h | 284 ++++++++++++++++++++++++++++++++++ include/polarssl/x509.h | 66 -------- library/x509.c | 107 ------------- 3 files changed, 284 insertions(+), 173 deletions(-) create mode 100644 include/polarssl/compat-1.2.h diff --git a/include/polarssl/compat-1.2.h b/include/polarssl/compat-1.2.h new file mode 100644 index 000000000..c0d7e01e5 --- /dev/null +++ b/include/polarssl/compat-1.2.h @@ -0,0 +1,284 @@ +/** + * \file compat-1.2.h + * + * \brief Backwards compatibility header for PolarSSL-1.2 from PolarSSL-1.3 + * + * Copyright (C) 2006-2013, Brainspark B.V. + * + * This file is part of PolarSSL (http://www.polarssl.org) + * Lead Maintainer: Paul Bakker + * + * All rights reserved. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#ifndef POLARSSL_COMPAT_1_2_H +#define POLARSSL_COMPAT_1_2_H + +#include "config.h" + +#define SHOW_PROTOTYPE_CHANGE_WARNINGS + +#if defined(POLARSSL_SHA256_C) +#define POLARSSL_SHA2_C +#include "sha256.h" + +/* + * SHA-2 -> SHA-256 + */ +typedef sha256_context sha2_context; + +inline void sha2_starts( sha256_context *ctx, int is224 ) { + sha256_starts( ctx, is224 ); +} +inline void sha2_update( sha256_context *ctx, const unsigned char *input, + size_t ilen ) { + sha256_update( ctx, input, ilen ); +} +inline void sha2_finish( sha256_context *ctx, unsigned char output[32] ) { + return sha256_finish( ctx, output ); +} +inline int sha2_file( const char *path, unsigned char output[32], int is224 ) { + return sha256_file( path, output, is224 ); +} +inline void sha2( const unsigned char *input, size_t ilen, + unsigned char output[32], int is224 ) { + return sha256( input, ilen, output, is224 ); +} +inline void sha2_hmac_starts( sha256_context *ctx, const unsigned char *key, + size_t keylen, int is224 ) { + sha256_hmac_starts( ctx, key, keylen, is224 ); +} +inline void sha2_hmac_update( sha256_context *ctx, const unsigned char *input, size_t ilen ) { + sha256_hmac_update( ctx, input, ilen ); +} +inline void sha2_hmac_finish( sha256_context *ctx, unsigned char output[32] ) { + sha256_hmac_finish( ctx, output ); +} +inline void sha2_hmac_reset( sha256_context *ctx ) { + sha256_hmac_reset( ctx ); +} +inline void sha2_hmac( const unsigned char *key, size_t keylen, + const unsigned char *input, size_t ilen, + unsigned char output[32], int is224 ) { + sha256_hmac( key, keylen, input, ilen, output, is224 ); +} +inline int sha2_self_test( int verbose ) { + return sha256_self_test( verbose ); +} +#endif /* POLARSSL_SHA256_C */ + +#if defined(POLARSSL_SHA512_C) +#define POLARSSL_SHA4_C +#include "sha512.h" + +/* + * SHA-4 -> SHA-512 + */ +typedef sha512_context sha4_context; + +inline void sha4_starts( sha512_context *ctx, int is384 ) { + sha512_starts( ctx, is384 ); +} +inline void sha4_update( sha512_context *ctx, const unsigned char *input, + size_t ilen ) { + sha512_update( ctx, input, ilen ); +} +inline void sha4_finish( sha512_context *ctx, unsigned char output[64] ) { + return sha512_finish( ctx, output ); +} +inline int sha4_file( const char *path, unsigned char output[64], int is384 ) { + return sha512_file( path, output, is384 ); +} +inline void sha4( const unsigned char *input, size_t ilen, + unsigned char output[32], int is384 ) { + return sha512( input, ilen, output, is384 ); +} +inline void sha4_hmac_starts( sha512_context *ctx, const unsigned char *key, + size_t keylen, int is384 ) { + sha512_hmac_starts( ctx, key, keylen, is384 ); +} +inline void sha4_hmac_update( sha512_context *ctx, const unsigned char *input, size_t ilen ) { + sha512_hmac_update( ctx, input, ilen ); +} +inline void sha4_hmac_finish( sha512_context *ctx, unsigned char output[64] ) { + sha512_hmac_finish( ctx, output ); +} +inline void sha4_hmac_reset( sha512_context *ctx ) { + sha512_hmac_reset( ctx ); +} +inline void sha4_hmac( const unsigned char *key, size_t keylen, + const unsigned char *input, size_t ilen, + unsigned char output[64], int is384 ) { + sha512_hmac( key, keylen, input, ilen, output, is384 ); +} +inline int sha4_self_test( int verbose ) { + return sha512_self_test( verbose ); +} +#endif /* POLARSSL_SHA512_C */ + +#if defined(POLARSSL_CIPHER_C) +#if defined(SHOW_PROTOTYPE_CHANGE_WARNINGS) +#warning "cipher_reset() prototype changed. Manual change required if used" +#endif +#endif + +#if defined(POLARSSL_RSA_C) +#define SIG_RSA_RAW POLARSSL_MD_NONE +#define SIG_RSA_MD2 POLARSSL_MD_MD2 +#define SIG_RSA_MD4 POLARSSL_MD_MD4 +#define SIG_RSA_MD5 POLARSSL_MD_MD5 +#define SIG_RSA_SHA1 POLARSSL_MD_SHA1 +#define SIG_RSA_SHA224 POLARSSL_MD_SHA224 +#define SIG_RSA_SHA256 POLARSSL_MD_SHA256 +#define SIG_RSA_SHA384 POLARSSL_MD_SHA384 +#define SIG_RSA_SHA512 POLARSSL_MD_SHA512 +#if defined(SHOW_PROTOTYPE_CHANGE_WARNINGS) +#warning "rsa_pkcs1_verify() prototype changed. Manual change required if used" +#warning "rsa_pkcs1_decrypt() prototype changed. Manual change required if used" +#endif +#endif + +#if defined(POLARSSL_DHM_C) +#if defined(SHOW_PROTOTYPE_CHANGE_WARNINGS) +#warning "dhm_calc_secret() prototype changed. Manual change required if used" +#endif +#endif + +#if defined(POLARSSL_GCM_C) +#if defined(SHOW_PROTOTYPE_CHANGE_WARNINGS) +#warning "gcm_init() prototype changed. Manual change required if used" +#endif +#endif + +#if defined(POLARSSL_SSL_CLI_C) +#if defined(SHOW_PROTOTYPE_CHANGE_WARNINGS) +#warning "ssl_set_own_cert() prototype changed. Change to ssl_set_own_cert_rsa(). Manual change required if used" +#endif +#endif + +#if defined(POLARSSL_X509_CRT_PARSE_C) +#define POLARSSL_X509_PARSE_C +#include "x509_crt.h" + +inline void x509_free( x509_cert *crt ) { + return x509_crt_free( crt ); +} +#endif /* POLARSSL_X509_CRT_PARSE_C */ + +#if defined(POLARSSL_SSL_TLS_C) +#include "ssl_ciphersuites.h" + +#define ssl_default_ciphersuites ssl_list_ciphersuites() +#endif + +#if defined(POLARSSL_PK_PARSE_C) && defined(POLARSSL_RSA_C) +#include "rsa.h" +#include "pk.h" + +#define POLARSSL_ERR_X509_PASSWORD_MISMATCH POLARSSL_ERR_PK_PASSWORD_MISMATCH +#define POLARSSL_ERR_X509_KEY_INVALID_FORMAT POLARSSL_ERR_PK_KEY_INVALID_FORMAT +#define POLARSSL_ERR_X509_UNKNOWN_PK_ALG POLARSSL_ERR_PK_UNKNOWN_PK_ALG +#define POLARSSL_ERR_X509_CERT_INVALID_PUBKEY POLARSSL_ERR_PK_INVALID_PUBKEY + +#if defined(POLARSSL_FS_IO) +inline int x509parse_keyfile( rsa_context *rsa, const char *path, + const char *pwd ) { + int ret; + pk_context pk; + pk_init( &pk ); + ret = pk_parse_keyfile( &pk, path, pwd ); + if( ret == 0 && ! pk_can_do( &pk, POLARSSL_PK_RSA ) ) + ret = POLARSSL_ERR_PK_TYPE_MISMATCH; + if( ret == 0 ) + rsa_copy( rsa, pk_rsa( pk ) ); + else + rsa_free( rsa ); + pk_free( &pk ); + return( ret ); +} +inline int x509parse_public_keyfile( rsa_context *rsa, const char *path ) { + int ret; + pk_context pk; + pk_init( &pk ); + ret = pk_parse_public_keyfile( &pk, path ); + if( ret == 0 && ! pk_can_do( &pk, POLARSSL_PK_RSA ) ) + ret = POLARSSL_ERR_PK_TYPE_MISMATCH; + if( ret == 0 ) + rsa_copy( rsa, pk_rsa( pk ) ); + else + rsa_free( rsa ); + pk_free( &pk ); + return( ret ); +} +#endif /* POLARSSL_FS_IO */ + +inline int x509parse_key( rsa_context *rsa, const unsigned char *key, + size_t keylen, + const unsigned char *pwd, size_t pwdlen ) { + int ret; + pk_context pk; + pk_init( &pk ); + ret = pk_parse_key( &pk, key, keylen, pwd, pwdlen ); + if( ret == 0 && ! pk_can_do( &pk, POLARSSL_PK_RSA ) ) + ret = POLARSSL_ERR_PK_TYPE_MISMATCH; + if( ret == 0 ) + rsa_copy( rsa, pk_rsa( pk ) ); + else + rsa_free( rsa ); + pk_free( &pk ); + return( ret ); +} + +inline int x509parse_public_key( rsa_context *rsa, + const unsigned char *key, size_t keylen ) +{ + int ret; + pk_context pk; + pk_init( &pk ); + ret = pk_parse_public_key( &pk, key, keylen ); + if( ret == 0 && ! pk_can_do( &pk, POLARSSL_PK_RSA ) ) + ret = POLARSSL_ERR_PK_TYPE_MISMATCH; + if( ret == 0 ) + rsa_copy( rsa, pk_rsa( pk ) ); + else + rsa_free( rsa ); + pk_free( &pk ); + return( ret ); +} +#endif /* POLARSSL_PK_PARSE_C && POLARSSL_RSA_C */ + +#if defined(POLARSSL_PK_WRITE_C) && defined(POLARSSL_RSA_C) +#include "pk.h" +inline int x509_write_pubkey_der( unsigned char *buf, size_t len, rsa_context *rsa ) { + int ret; + pk_context ctx; + if( ( ret = pk_init_ctx( &ctx, pk_info_from_type( POLARSSL_PK_RSA ) ) ) != 0 ) return( ret ); + if( ( ret = rsa_copy( ctx.pk_ctx, rsa ) ) != 0 ) return( ret ); + ret = pk_write_pubkey_der( &ctx, buf, len ); + pk_free( &ctx ); + return( ret ); +} +inline int x509_write_key_der( unsigned char *buf, size_t len, rsa_context *rsa ) { + int ret; + pk_context ctx; + if( ( ret = pk_init_ctx( &ctx, pk_info_from_type( POLARSSL_PK_RSA ) ) ) != 0 ) return( ret ); + if( ( ret = rsa_copy( ctx.pk_ctx, rsa ) ) != 0 ) return( ret ); + ret = pk_write_key_der( &ctx, buf, len ); + pk_free( &ctx ); + return( ret ); +} +#endif /* POLARSSL_PK_WRITE_C && POLARSSL_RSA_C */ +#endif /* compat-1.2.h */ diff --git a/include/polarssl/x509.h b/include/polarssl/x509.h index 4a5c994f9..0e4db60b8 100644 --- a/include/polarssl/x509.h +++ b/include/polarssl/x509.h @@ -182,72 +182,6 @@ x509_time; /** \} name Structures for parsing X.509 certificates, CRLs and CSRs */ /** \} addtogroup x509_module */ -/** - * \name Functions to read in DHM parameters, a certificate, CRL or private RSA key - * \{ - */ - -#if defined(POLARSSL_RSA_C) -/** \ingroup x509_module */ -/** - * \brief Parse a private RSA key - * - * \param rsa RSA context to be initialized - * \param key input buffer - * \param keylen size of the buffer - * \param pwd password for decryption (optional) - * \param pwdlen size of the password - * - * \return 0 if successful, or a specific X509 or PEM error code - */ -int x509parse_key_rsa( rsa_context *rsa, - const unsigned char *key, size_t keylen, - const unsigned char *pwd, size_t pwdlen ); - -#if defined(POLARSSL_FS_IO) -/** \ingroup x509_module */ -/** - * \brief Load and parse a private RSA key - * - * \param rsa RSA context to be initialized - * \param path filename to read the private key from - * \param password password to decrypt the file (can be NULL) - * - * \return 0 if successful, or a specific X509 or PEM error code - */ -int x509parse_keyfile_rsa( rsa_context *rsa, const char *path, - const char *password ); -#endif /* POLARSSL_FS_IO */ - -/** \ingroup x509_module */ -/** - * \brief Parse a public RSA key - * - * \param rsa RSA context to be initialized - * \param key input buffer - * \param keylen size of the buffer - * - * \return 0 if successful, or a specific X509 or PEM error code - */ -int x509parse_public_key_rsa( rsa_context *rsa, - const unsigned char *key, size_t keylen ); - -#if defined(POLARSSL_FS_IO) -/** \ingroup x509_module */ -/** - * \brief Load and parse a public RSA key - * - * \param rsa RSA context to be initialized - * \param path filename to read the private key from - * - * \return 0 if successful, or a specific X509 or PEM error code - */ -int x509parse_public_keyfile_rsa( rsa_context *rsa, const char *path ); -#endif /* POLARSSL_FS_IO */ -#endif /* POLARSSL_RSA_C */ - -/** \} name Functions to read in DHM parameters, a certificate, CRL or private RSA key */ - /** * \brief Store the certificate DN in printable form into buf; * no more than size characters will be written. diff --git a/library/x509.c b/library/x509.c index 40ee1803e..9f7d162c8 100644 --- a/library/x509.c +++ b/library/x509.c @@ -422,115 +422,8 @@ int x509_load_file( const char *path, unsigned char **buf, size_t *n ) return( 0 ); } - -#if defined(POLARSSL_RSA_C) -/* - * Load and parse a private RSA key - */ -int x509parse_keyfile_rsa( rsa_context *rsa, const char *path, const char *pwd ) -{ - int ret; - pk_context pk; - - pk_init( &pk ); - - ret = pk_parse_keyfile( &pk, path, pwd ); - - if( ret == 0 && ! pk_can_do( &pk, POLARSSL_PK_RSA ) ) - ret = POLARSSL_ERR_PK_TYPE_MISMATCH; - - if( ret == 0 ) - rsa_copy( rsa, pk_rsa( pk ) ); - else - rsa_free( rsa ); - - pk_free( &pk ); - - return( ret ); -} - -/* - * Load and parse a public RSA key - */ -int x509parse_public_keyfile_rsa( rsa_context *rsa, const char *path ) -{ - int ret; - pk_context pk; - - pk_init( &pk ); - - ret = pk_parse_public_keyfile( &pk, path ); - - if( ret == 0 && ! pk_can_do( &pk, POLARSSL_PK_RSA ) ) - ret = POLARSSL_ERR_PK_TYPE_MISMATCH; - - if( ret == 0 ) - rsa_copy( rsa, pk_rsa( pk ) ); - else - rsa_free( rsa ); - - pk_free( &pk ); - - return( ret ); -} -#endif /* POLARSSL_RSA_C */ #endif /* POLARSSL_FS_IO */ -#if defined(POLARSSL_RSA_C) -/* - * Parse a private RSA key - */ -int x509parse_key_rsa( rsa_context *rsa, - const unsigned char *key, size_t keylen, - const unsigned char *pwd, size_t pwdlen ) -{ - int ret; - pk_context pk; - - pk_init( &pk ); - - ret = pk_parse_key( &pk, key, keylen, pwd, pwdlen ); - - if( ret == 0 && ! pk_can_do( &pk, POLARSSL_PK_RSA ) ) - ret = POLARSSL_ERR_PK_TYPE_MISMATCH; - - if( ret == 0 ) - rsa_copy( rsa, pk_rsa( pk ) ); - else - rsa_free( rsa ); - - pk_free( &pk ); - - return( ret ); -} - -/* - * Parse a public RSA key - */ -int x509parse_public_key_rsa( rsa_context *rsa, - const unsigned char *key, size_t keylen ) -{ - int ret; - pk_context pk; - - pk_init( &pk ); - - ret = pk_parse_public_key( &pk, key, keylen ); - - if( ret == 0 && ! pk_can_do( &pk, POLARSSL_PK_RSA ) ) - ret = POLARSSL_ERR_PK_TYPE_MISMATCH; - - if( ret == 0 ) - rsa_copy( rsa, pk_rsa( pk ) ); - else - rsa_free( rsa ); - - pk_free( &pk ); - - return( ret ); -} -#endif /* POLARSSL_RSA_C */ - #if defined _MSC_VER && !defined snprintf #include