Used Openssl RSA_verify function
This commit is contained in:
parent
97280c7a47
commit
60bcdb7452
|
@ -27,6 +27,10 @@
|
|||
#include <sys/utsname.h>
|
||||
#include <errno.h>
|
||||
|
||||
#include <openssl/rsa.h>
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/x509.h>
|
||||
|
||||
#define PTS_BUF_SIZE 4096
|
||||
|
||||
typedef struct private_pts_t private_pts_t;
|
||||
|
@ -1170,8 +1174,11 @@ METHOD(pts_t, get_quote_info, bool,
|
|||
METHOD(pts_t, verify_quote_signature, bool,
|
||||
private_pts_t *this, chunk_t data, chunk_t signature)
|
||||
{
|
||||
/** Implementation using strongswan -> not working */
|
||||
public_key_t *aik_pub_key;
|
||||
chunk_t key_encoding;
|
||||
EVP_PKEY *pkey = NULL;
|
||||
RSA *rsa = NULL;
|
||||
unsigned char *p;
|
||||
|
||||
aik_pub_key = this->aik->get_public_key(this->aik);
|
||||
if (!aik_pub_key)
|
||||
|
@ -1187,10 +1194,59 @@ METHOD(pts_t, verify_quote_signature, bool,
|
|||
DESTROY_IF(aik_pub_key);
|
||||
return FALSE;
|
||||
}
|
||||
*/
|
||||
|
||||
aik_pub_key->destroy(aik_pub_key);
|
||||
if (!aik_pub_key->get_encoding(aik_pub_key, PUBKEY_SPKI_ASN1_DER, &key_encoding))
|
||||
{
|
||||
DBG1(DBG_PTS, "failed to get encoding of AIK public key");
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
p = key_encoding.ptr;
|
||||
pkey = d2i_PUBKEY(NULL, (const unsigned char**)&p, key_encoding.len);
|
||||
if (!pkey)
|
||||
{
|
||||
DBG1(DBG_PTS, "failed to get EVP_PKEY object from AIK public key encoding");
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
rsa = EVP_PKEY_get1_RSA(pkey);
|
||||
if (!rsa)
|
||||
{
|
||||
DBG1(DBG_PTS, "failed to get RSA object from EVP_PKEY");
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
if (RSA_verify(NID_sha1, data.ptr, data.len, signature.ptr, signature.len, rsa) != 1)
|
||||
{
|
||||
DBG1(DBG_PTS, "signature verification failed for TPM Quote Info");
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
RSA_free(rsa);
|
||||
EVP_PKEY_free(pkey);
|
||||
if (key_encoding.ptr)
|
||||
{
|
||||
chunk_clear(&key_encoding);
|
||||
}
|
||||
aik_pub_key->destroy(aik_pub_key);
|
||||
return TRUE;
|
||||
|
||||
cleanup:
|
||||
if (rsa)
|
||||
{
|
||||
RSA_free(rsa);
|
||||
}
|
||||
if (pkey)
|
||||
{
|
||||
EVP_PKEY_free(pkey);
|
||||
}
|
||||
if (key_encoding.ptr)
|
||||
{
|
||||
chunk_clear(&key_encoding);
|
||||
}
|
||||
DESTROY_IF(aik_pub_key);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
METHOD(pts_t, destroy, void,
|
||||
|
|
Loading…
Reference in New Issue