1:40 p.m.
Hi Mat,
Just a minor comment,
On 5 August 2016 at 22:53, Mat Martineau
<mathew.j.martineau(a)linux.intel.com> wrote:
diff --git a/ell/tls.c b/ell/tls.c
index 18e5fae..627b57d 100644
--- a/ell/tls.c
+++ b/ell/tls.c
@@ -36,6 +36,7 @@
#include "pem.h"
#include "tls-private.h"
#include "cipher-private.h"
+#include "key.h"
void tls10_prf(const uint8_t *secret, size_t secret_len,
const char *label,
@@ -142,6 +143,7 @@ static void tls_reset_handshake(struct l_tls *tls)
if (tls->peer_cert) {
l_free(tls->peer_cert);
+ l_key_free(tls->peer_pubkey);
tls->peer_cert = NULL;
tls->peer_pubkey = NULL;
@@ -860,9 +862,9 @@ static bool tls_send_rsa_client_key_xchg(struct l_tls *tls)
uint8_t buf[1024 + 32];
uint8_t *ptr = buf + TLS_HANDSHAKE_HEADER_SIZE;
uint8_t pre_master_secret[48];
- struct l_asymmetric_cipher *rsa_server_pubkey;
- int key_size;
+ size_t key_size;
ssize_t bytes_encrypted;
+ bool is_public;
if (!tls->peer_pubkey) {
tls_disconnect(tls, TLS_ALERT_INTERNAL_ERROR, 0);
@@ -874,37 +876,29 @@ static bool tls_send_rsa_client_key_xchg(struct l_tls *tls)
pre_master_secret[1] = (uint8_t) (TLS_VERSION >> 0);
l_getrandom(pre_master_secret + 2, 46);
- /* Fill in the RSA Client Key Exchange body */
-
- rsa_server_pubkey = l_asymmetric_cipher_new(L_CIPHER_RSA_PKCS1_V1_5,
- tls->peer_pubkey,
- tls->peer_pubkey_length,
- true);
- if (!rsa_server_pubkey) {
+ if (!l_key_get_info(tls->peer_pubkey, L_CIPHER_RSA_PKCS1_V1_5,
+ L_CHECKSUM_NONE, &key_size,
+ &is_public)) {
tls_disconnect(tls, TLS_ALERT_INTERNAL_ERROR, 0);
return false;
}
-
- key_size = l_asymmetric_cipher_get_key_size(rsa_server_pubkey);
+ key_size /= 8;
if (key_size + 32 > (int) sizeof(buf)) {
- l_asymmetric_cipher_free(rsa_server_pubkey);
-
tls_disconnect(tls, TLS_ALERT_INTERNAL_ERROR, 0);
return false;
}
l_put_be16(key_size, ptr);
- bytes_encrypted = l_asymmetric_cipher_encrypt(rsa_server_pubkey,
- pre_master_secret,
- ptr + 2, 48, key_size);
+ bytes_encrypted = l_key_encrypt(tls->peer_pubkey,
+ L_CIPHER_RSA_PKCS1_V1_5,
+ L_CHECKSUM_NONE, pre_master_secret,
+ ptr + 2, 48, key_size);
ptr += key_size + 2;
- l_asymmetric_cipher_free(rsa_server_pubkey);
-
- if (bytes_encrypted != key_size) {
+ if (bytes_encrypted != (ssize_t) key_size) {
tls_disconnect(tls, TLS_ALERT_INTERNAL_ERROR, 0);
return false;
@@ -1006,16 +1000,15 @@ static ssize_t tls_rsa_sign(struct l_tls *tls, uint8_t *out,
size_t len,
static bool tls_rsa_verify(struct l_tls *tls, const uint8_t *in, size_t len,
tls_get_hash_t get_hash)
{
- struct l_asymmetric_cipher *rsa_client_pubkey;
size_t key_size;
- ssize_t verify_bytes;
uint8_t hash[HANDSHAKE_HASH_MAX_SIZE];
size_t hash_len;
enum l_checksum_type hash_type;
uint8_t expected[HANDSHAKE_HASH_MAX_SIZE * 2 + 32];
size_t expected_len;
- uint8_t *digest_info;
unsigned int offset;
+ bool is_public;
+ bool success;
/* 2 bytes for SignatureAndHashAlgorithm if version >= 1.2 */
offset = 2;
@@ -1029,23 +1022,18 @@ static bool tls_rsa_verify(struct l_tls *tls, const uint8_t *in,
size_t len,
return false;
}
- rsa_client_pubkey = l_asymmetric_cipher_new(L_CIPHER_RSA_PKCS1_V1_5,
- tls->peer_pubkey,
- tls->peer_pubkey_length,
- true);
- if (!rsa_client_pubkey) {
+ if (!l_key_get_info(tls->peer_pubkey, L_CIPHER_RSA_PKCS1_V1_5,
+ L_CHECKSUM_NONE, &key_size,
+ &is_public)) {
tls_disconnect(tls, TLS_ALERT_INTERNAL_ERROR, 0);
-
- return false;
}
It looks like this return should stay.
Best regards