From 5cd24d26e2f78c416a5cf085cec5a47c7ca8f187 Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Mon, 22 Oct 2018 17:12:26 +0200 Subject: [PATCH] botan: Add helper function for signature verification --- .../plugins/botan/botan_ec_public_key.c | 19 +------ .../plugins/botan/botan_rsa_public_key.c | 53 +++++-------------- src/libstrongswan/plugins/botan/botan_util.c | 26 +++++++++ src/libstrongswan/plugins/botan/botan_util.h | 12 +++++ 4 files changed, 52 insertions(+), 58 deletions(-) diff --git a/src/libstrongswan/plugins/botan/botan_ec_public_key.c b/src/libstrongswan/plugins/botan/botan_ec_public_key.c index 4c85dbcec..095ae3f20 100644 --- a/src/libstrongswan/plugins/botan/botan_ec_public_key.c +++ b/src/libstrongswan/plugins/botan/botan_ec_public_key.c @@ -69,9 +69,7 @@ static bool verify_signature(private_botan_ec_public_key_t *this, const char* hash_and_padding, int signature_format, size_t keylen, chunk_t data, chunk_t signature) { - botan_pk_op_verify_t verify_op; chunk_t sig = signature; - bool valid = FALSE; if (signature_format == SIG_FORMAT_DER_SEQUENCE) { @@ -104,22 +102,7 @@ static bool verify_signature(private_botan_ec_public_key_t *this, memcpy(sig.ptr + (keylen - r.len), r.ptr, r.len); memcpy(sig.ptr + keylen + (keylen - s.len), s.ptr, s.len); } - - if (botan_pk_op_verify_create(&verify_op, this->key, hash_and_padding, 0)) - { - return FALSE; - } - - if (botan_pk_op_verify_update(verify_op, data.ptr, data.len)) - { - botan_pk_op_verify_destroy(verify_op); - return FALSE; - } - - valid = !(botan_pk_op_verify_finish(verify_op, sig.ptr, sig.len)); - - botan_pk_op_verify_destroy(verify_op); - return valid; + return botan_verify_signature(this->key, hash_and_padding, data, sig); } METHOD(public_key_t, get_type, key_type_t, diff --git a/src/libstrongswan/plugins/botan/botan_rsa_public_key.c b/src/libstrongswan/plugins/botan/botan_rsa_public_key.c index c6e2e8861..d043f4ca1 100644 --- a/src/libstrongswan/plugins/botan/botan_rsa_public_key.c +++ b/src/libstrongswan/plugins/botan/botan_rsa_public_key.c @@ -68,33 +68,6 @@ struct private_botan_rsa_public_key_t { */ bool botan_emsa_pss_identifier(rsa_pss_params_t *params, char *id, size_t len); -/** - * Verify RSA signature - */ -static bool verify_rsa_signature(private_botan_rsa_public_key_t *this, - const char* hash_and_padding, chunk_t data, - chunk_t signature) -{ - botan_pk_op_verify_t verify_op; - bool valid = FALSE; - - if (botan_pk_op_verify_create(&verify_op, this->key, hash_and_padding, 0)) - { - return FALSE; - } - - if (botan_pk_op_verify_update(verify_op, data.ptr, data.len)) - { - botan_pk_op_verify_destroy(verify_op); - return FALSE; - } - - valid = !botan_pk_op_verify_finish(verify_op, signature.ptr, signature.len); - - botan_pk_op_verify_destroy(verify_op); - return valid; -} - /** * Verification of an EMSA PSS signature described in PKCS#1 */ @@ -109,7 +82,7 @@ static bool verify_emsa_pss_signature(private_botan_rsa_public_key_t *this, { return FALSE; } - return verify_rsa_signature(this, hash_and_padding, data, signature); + return botan_verify_signature(this->key, hash_and_padding, data, signature); } METHOD(public_key_t, get_type, key_type_t, @@ -125,23 +98,23 @@ METHOD(public_key_t, verify, bool, switch (scheme) { case SIGN_RSA_EMSA_PKCS1_NULL: - return verify_rsa_signature(this, "EMSA_PKCS1(Raw)", data, - signature); + return botan_verify_signature(this->key, "EMSA_PKCS1(Raw)", data, + signature); case SIGN_RSA_EMSA_PKCS1_SHA1: - return verify_rsa_signature(this, "EMSA_PKCS1(SHA-1)", data, - signature); + return botan_verify_signature(this->key, "EMSA_PKCS1(SHA-1)", data, + signature); case SIGN_RSA_EMSA_PKCS1_SHA2_224: - return verify_rsa_signature(this, "EMSA_PKCS1(SHA-224)", - data, signature); + return botan_verify_signature(this->key, "EMSA_PKCS1(SHA-224)", + data, signature); case SIGN_RSA_EMSA_PKCS1_SHA2_256: - return verify_rsa_signature(this, "EMSA_PKCS1(SHA-256)", - data, signature); + return botan_verify_signature(this->key, "EMSA_PKCS1(SHA-256)", + data, signature); case SIGN_RSA_EMSA_PKCS1_SHA2_384: - return verify_rsa_signature(this, "EMSA_PKCS1(SHA-384)", - data, signature); + return botan_verify_signature(this->key, "EMSA_PKCS1(SHA-384)", + data, signature); case SIGN_RSA_EMSA_PKCS1_SHA2_512: - return verify_rsa_signature(this, "EMSA_PKCS1(SHA-512)", - data, signature); + return botan_verify_signature(this->key, "EMSA_PKCS1(SHA-512)", + data, signature); case SIGN_RSA_EMSA_PSS: return verify_emsa_pss_signature(this, params, data, signature); default: diff --git a/src/libstrongswan/plugins/botan/botan_util.c b/src/libstrongswan/plugins/botan/botan_util.c index 5e18405d7..e5859e5be 100644 --- a/src/libstrongswan/plugins/botan/botan_util.c +++ b/src/libstrongswan/plugins/botan/botan_util.c @@ -249,6 +249,32 @@ bool botan_get_signature(botan_privkey_t key, const char *scheme, return TRUE; } +/* + * Described in header + */ +bool botan_verify_signature(botan_pubkey_t key, const char *scheme, + chunk_t data, chunk_t signature) +{ + botan_pk_op_verify_t verify_op; + bool valid = FALSE; + + if (botan_pk_op_verify_create(&verify_op, key, scheme, 0)) + { + return FALSE; + } + + if (botan_pk_op_verify_update(verify_op, data.ptr, data.len)) + { + botan_pk_op_verify_destroy(verify_op); + return FALSE; + } + + valid = !botan_pk_op_verify_finish(verify_op, signature.ptr, signature.len); + + botan_pk_op_verify_destroy(verify_op); + return valid; +} + /* * Described in header */ diff --git a/src/libstrongswan/plugins/botan/botan_util.h b/src/libstrongswan/plugins/botan/botan_util.h index 08830356e..7fb74ec5d 100644 --- a/src/libstrongswan/plugins/botan/botan_util.h +++ b/src/libstrongswan/plugins/botan/botan_util.h @@ -100,6 +100,18 @@ bool botan_get_fingerprint(botan_pubkey_t pubkey, void *cache, bool botan_get_signature(botan_privkey_t key, const char *scheme, chunk_t data, chunk_t *signature); +/** + * Verify the given signature using the provided data and key with the specified + * signature scheme (hash/padding). + * + * @param key private key object + * @param scheme hash/padding algorithm + * @param data signed data + * @param signature signature to verify + */ +bool botan_verify_signature(botan_pubkey_t key, const char* scheme, + chunk_t data, chunk_t signature); + /** * Do the Diffie-Hellman key derivation using the given private key and public * value.