Add a PK can_do() method and simplify code
diff --git a/include/polarssl/pk.h b/include/polarssl/pk.h
index f06ec68..a2d166f 100644
--- a/include/polarssl/pk.h
+++ b/include/polarssl/pk.h
@@ -89,6 +89,9 @@
/** Public key type */
pk_type_t type;
+ /** Tell if the context implements this type (eg ECKEY can do ECDSA) */
+ int (*can_do)( pk_type_t type );
+
/** Verify signature */
int (*verify_func)( void *ctx,
const unsigned char *hash, const md_info_t *md_info,
@@ -131,33 +134,6 @@
*/
int pk_set_type( pk_context *ctx, pk_type_t type );
-#if defined(POLARSSL_ECDSA_C)
-/**
- * \brief Convert a generic EC key into an ECDSA context
- *
- * \param ctx Context to convert
- *
- * \return 0 on success, or
- * POLARSSL_ERR_PK_MALLOC_FAILED or
- * POLARSSL_ERR_PK_TYPE_MISMATCH.
- */
-int pk_ec_to_ecdsa( pk_context *ctx );
-
-/**
- * \brief Tell if a PK context can be used for ECDSA
- *
- * \param ctx Context to check
- *
- * \return 0 if context cannot be used for ECDSA,
- * 1 otherwise
- */
-static inline int pk_can_ecdsa( pk_context ctx )
-{
- return( ctx.type == POLARSSL_PK_ECKEY ||
- ctx.type == POLARSSL_PK_ECDSA );
-}
-#endif /* POLARSSL_ECDSA_C */
-
#if defined(POLARSSL_RSA_C)
/**
* \brief Wrap a RSA context in a PK context
diff --git a/library/pk.c b/library/pk.c
index 1210490..6cfc16b 100644
--- a/library/pk.c
+++ b/library/pk.c
@@ -146,42 +146,6 @@
return( 0 );
}
-#if defined(POLARSSL_ECDSA_C)
-/*
- * Convert generic EC context to ECDSA
- */
-int pk_ec_to_ecdsa( pk_context *ctx )
-{
- ecp_keypair *eckey;
- ecdsa_context *ecdsa;
-
- if( ctx->type == POLARSSL_PK_ECDSA )
- return( 0 );
-
- if( ctx->type != POLARSSL_PK_ECKEY )
- return( POLARSSL_ERR_PK_TYPE_MISMATCH );
-
- eckey = (ecp_keypair *) ctx->data;
-
- if( ( ecdsa = polarssl_malloc( sizeof( ecdsa_context ) ) ) == NULL )
- return( POLARSSL_ERR_PK_MALLOC_FAILED );
-
- ecdsa_init( ecdsa );
-
- /* struct ecdsa_context begins the same as struct ecp_keypair */
- memcpy( ecdsa, eckey, sizeof( ecp_keypair ) );
-
- if( ! ctx->dont_free )
- polarssl_free( eckey );
-
- ctx->dont_free = 0;
- ctx->type = POLARSSL_PK_ECDSA;
- ctx->data = ecdsa;
-
- return( 0 );
-}
-#endif /* POLARSSL_ECDSA_C */
-
#if defined(POLARSSL_RSA_C)
/*
* Wrap an RSA context in a PK context
diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index fe47b38..f7b0833 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -40,6 +40,11 @@
#endif
#if defined(POLARSSL_RSA_C)
+static int rsa_can_do( pk_type_t type )
+{
+ return( type == POLARSSL_PK_RSA );
+}
+
static int rsa_verify_wrap( void *ctx,
const unsigned char *hash, const md_info_t *md_info,
const unsigned char *sig, size_t sig_len )
@@ -52,11 +57,17 @@
const pk_info_t rsa_info = {
POLARSSL_PK_RSA,
+ rsa_can_do,
rsa_verify_wrap,
};
#endif /* POLARSSL_RSA_C */
#if defined(POLARSSL_ECDSA_C)
+int ecdsa_can_do( pk_type_t type )
+{
+ return( type == POLARSSL_PK_ECDSA );
+}
+
int ecdsa_verify_wrap( void *ctx,
const unsigned char *hash, const md_info_t *md_info,
const unsigned char *sig, size_t sig_len )
@@ -67,11 +78,19 @@
const pk_info_t ecdsa_info = {
POLARSSL_PK_ECDSA,
+ ecdsa_can_do,
ecdsa_verify_wrap,
};
#endif /* POLARSSL_ECDSA_C */
#if defined(POLARSSL_ECP_C)
+static int eckey_can_do( pk_type_t type )
+{
+ return( type == POLARSSL_PK_ECKEY ||
+ type == POLARSSL_PK_ECKEY_DH ||
+ type == POLARSSL_PK_ECDSA );
+}
+
static int eckey_verify_wrap( void *ctx,
const unsigned char *hash, const md_info_t *md_info,
const unsigned char *sig, size_t sig_len )
@@ -101,6 +120,7 @@
const pk_info_t eckey_info = {
POLARSSL_PK_ECKEY,
+ eckey_can_do,
eckey_verify_wrap,
};
#endif /* POLARSSL_ECP_C */
diff --git a/library/x509parse.c b/library/x509parse.c
index 15823bd..31b1fa0 100644
--- a/library/x509parse.c
+++ b/library/x509parse.c
@@ -3344,33 +3344,13 @@
md( md_info, crl_list->tbs.p, crl_list->tbs.len, hash );
-#if defined(POLARSSL_RSA_C)
- if( crl_list->sig_pk == POLARSSL_PK_RSA )
+ if( ca->pk.info->can_do( crl_list->sig_pk ) == 0 ||
+ ca->pk.info->verify_func( ca->pk.data, hash, md_info,
+ crl_list->sig.p, crl_list->sig.len ) != 0 )
{
- if( ca->pk.type != POLARSSL_PK_RSA ||
- ca->pk.info->verify_func( ca->pk.data,
- hash, md_info, crl_list->sig.p, crl_list->sig.len ) != 0 )
- {
- flags |= BADCRL_NOT_TRUSTED;
- break;
- }
+ flags |= BADCRL_NOT_TRUSTED;
+ break;
}
- else
-#endif /* POLARSSL_RSA_C */
-#if defined(POLARSSL_ECDSA_C)
- if( crl_list->sig_pk == POLARSSL_PK_ECDSA )
- {
- if( ! pk_can_ecdsa( ca->pk ) ||
- ca->pk.info->verify_func( ca->pk.data,
- hash, md_info, crl_list->sig.p, crl_list->sig.len ) != 0 )
- {
- flags |= BADCRL_NOT_TRUSTED;
- break;
- }
- }
- else
-#endif /* POLARSSL_ECDSA_C */
- return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
/*
* Check for validity of CRL (Do not drop out)
@@ -3457,7 +3437,7 @@
*/
if( child->subject_raw.len == trust_ca->subject_raw.len &&
memcmp( child->subject_raw.p, trust_ca->subject_raw.p,
- child->issuer_raw.len ) == 0 )
+ child->issuer_raw.len ) == 0 )
{
check_path_cnt--;
}
@@ -3481,33 +3461,13 @@
md( md_info, child->tbs.p, child->tbs.len, hash );
-#if defined(POLARSSL_RSA_C)
- if( child->sig_pk == POLARSSL_PK_RSA )
+ if( trust_ca->pk.info->can_do( child->sig_pk ) == 0 ||
+ trust_ca->pk.info->verify_func( trust_ca->pk.data, hash, md_info,
+ child->sig.p, child->sig.len ) != 0 )
{
- if( trust_ca->pk.type != POLARSSL_PK_RSA ||
- trust_ca->pk.info->verify_func( trust_ca->pk.data,
- hash, md_info, child->sig.p, child->sig.len ) != 0 )
- {
- trust_ca = trust_ca->next;
- continue;
- }
+ trust_ca = trust_ca->next;
+ continue;
}
- else
-#endif /* POLARSSL_RSA_C */
-#if defined(POLARSSL_ECDSA_C)
- if( child->sig_pk == POLARSSL_PK_ECDSA )
- {
- if( ! pk_can_ecdsa( trust_ca->pk ) ||
- trust_ca->pk.info->verify_func( trust_ca->pk.data,
- hash, md_info, child->sig.p, child->sig.len ) != 0 )
- {
- trust_ca = trust_ca->next;
- continue;
- }
- }
- else
-#endif /* POLARSSL_ECDSA_C */
- return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
/*
* Top of chain is signed by a trusted CA
@@ -3578,31 +3538,12 @@
{
md( md_info, child->tbs.p, child->tbs.len, hash );
-#if defined(POLARSSL_RSA_C)
- if( child->sig_pk == POLARSSL_PK_RSA )
+ if( parent->pk.info->can_do( child->sig_pk ) == 0 ||
+ parent->pk.info->verify_func( parent->pk.data, hash, md_info,
+ child->sig.p, child->sig.len ) != 0 )
{
- if( parent->pk.type != POLARSSL_PK_RSA ||
- parent->pk.info->verify_func( parent->pk.data,
- hash, md_info, child->sig.p, child->sig.len ) != 0 )
- {
- *flags |= BADCERT_NOT_TRUSTED;
- }
+ *flags |= BADCERT_NOT_TRUSTED;
}
- else
-#endif /* POLARSSL_RSA_C */
-#if defined(POLARSSL_ECDSA_C)
- if( child->sig_pk == POLARSSL_PK_ECDSA )
- {
- if( ! pk_can_ecdsa( parent->pk ) ||
- parent->pk.info->verify_func( parent->pk.data,
- hash, md_info, child->sig.p, child->sig.len ) != 0 )
- {
- *flags |= BADCERT_NOT_TRUSTED;
- }
- }
- else
-#endif /* POLARSSL_ECDSA_C */
- return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
}
/* Check trusted CA's CRL for the given crt */
