TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 20422e9a3a104a940d6768cef4f5e8d605cdff90^! / . / library
commit20422e9a3a104a940d6768cef4f5e8d605cdff90[log] [tgz]
authorManuel Pégourié-Gonnard <mpg@elzevir.fr>Thu Jun 05 13:41:44 2014 +0200
committerManuel Pégourié-Gonnard <mpg@elzevir.fr>Thu Jun 05 14:02:05 2014 +0200
tree5116cd7b726c8381626fef26b45052f40cc67700
parent3a6a95d67c025946dc664a15bbb8d370bf673c56 [diff]
Add pk_verify_ext()

diff --git a/library/pk.c b/library/pk.c
index ce17107..8000c10 100644
--- a/library/pk.c
+++ b/library/pk.c

@@ -189,6 +189,59 @@
 }
 
 /*
+ * Verify a signature with options
+ */
+int pk_verify_ext( pk_type_t type, const void *options,
+                   pk_context *ctx, md_type_t md_alg,
+                   const unsigned char *hash, size_t hash_len,
+                   const unsigned char *sig, size_t sig_len )
+{
+    if( ctx == NULL || ctx->pk_info == NULL )
+        return( POLARSSL_ERR_PK_BAD_INPUT_DATA );
+
+    if( ! pk_can_do( ctx, type ) )
+        return( POLARSSL_ERR_PK_TYPE_MISMATCH );
+
+    if( type == POLARSSL_PK_RSASSA_PSS )
+    {
+#if defined(POLARSSL_RSA_C) && defined(POLARSSL_PKCS1_V21)
+        int ret;
+        const pk_rsassa_pss_options *pss_opts;
+
+        if( options == NULL )
+            return( POLARSSL_ERR_PK_BAD_INPUT_DATA );
+
+        pss_opts = (const pk_rsassa_pss_options *) options;
+
+        if( sig_len < pk_get_len( ctx ) )
+            return( POLARSSL_ERR_RSA_VERIFY_FAILED );
+
+        ret = rsa_rsassa_pss_verify_ext( pk_rsa( *ctx ),
+                NULL, NULL, RSA_PUBLIC,
+                md_alg, hash_len, hash,
+                pss_opts->mgf1_hash_id,
+                pss_opts->expected_salt_len,
+                sig );
+        if( ret != 0 )
+            return( ret );
+
+        if( sig_len > pk_get_len( ctx ) )
+            return( POLARSSL_ERR_PK_SIG_LEN_MISMATCH );
+
+        return( 0 );
+#else
+        return( POLARSSL_ERR_PK_FEATURE_UNAVAILABLE );
+#endif
+    }
+
+    /* General case: no options */
+    if( options != NULL )
+        return( POLARSSL_ERR_PK_BAD_INPUT_DATA );
+
+    return( pk_verify( ctx, md_alg, hash, hash_len, sig, sig_len ) );
+}
+
+/*
  * Make a signature
  */
 int pk_sign( pk_context *ctx, md_type_t md_alg,

diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index c0ad10d..6bfc4d2 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c

@@ -52,13 +52,13 @@
 #define polarssl_free       free
 #endif
 
-/* Used by RSA-alt too */
+#if defined(POLARSSL_RSA_C)
 static int rsa_can_do( pk_type_t type )
 {
-    return( type == POLARSSL_PK_RSA );
+    return( type == POLARSSL_PK_RSA ||
+            type == POLARSSL_PK_RSASSA_PSS );
 }
 
-#if defined(POLARSSL_RSA_C)
 static size_t rsa_get_size( const void *ctx )
 {
     return( 8 * ((const rsa_context *) ctx)->len );
@@ -372,6 +372,11 @@
  * Support for alternative RSA-private implementations
  */
 
+static int rsa_alt_can_do( pk_type_t type )
+{
+    return( type == POLARSSL_PK_RSA );
+}
+
 static size_t rsa_alt_get_size( const void *ctx )
 {
     const rsa_alt_context *rsa_alt = (const rsa_alt_context *) ctx;
@@ -428,7 +433,7 @@
     POLARSSL_PK_RSA_ALT,
     "RSA-alt",
     rsa_alt_get_size,
-    rsa_can_do,
+    rsa_alt_can_do,
     NULL,
     rsa_alt_sign_wrap,
     rsa_alt_decrypt_wrap,