PK: add nice interface functions

Also fix a const-corectness issue.
2025-08-08 17:42:09 +03:00 · 2013-08-14 15:56:19 +02:00
parent 765db07dfb
commit b3d9187cea
9 changed files with 111 additions and 28 deletions
--- a/include/polarssl/error.h
+++ b/include/polarssl/error.h
@@ -84,7 +84,7 @@
 * ECP      4   4 (Started from top)
 * MD       5   4
 * CIPHER   6   5
- * SSL      6   5 (Started from top)
+ * SSL      6   6 (Started from top)
 * SSL      7   31
 *
 * Module dependent error code (5 bits 0x.08.-0x.F8.)
--- a/include/polarssl/pk.h
+++ b/include/polarssl/pk.h
@@ -93,7 +93,7 @@ typedef struct
    const char *name;

    /** Get key size in bits */
-    size_t (*get_size)( void * );
+    size_t (*get_size)( const void * );

    /** Tell if the context implements this type (eg ECKEY can do ECDSA) */
    int (*can_do)( pk_type_t type );
@@ -146,6 +146,42 @@ void pk_free( pk_context *ctx );
 */
 int pk_set_type( pk_context *ctx, pk_type_t type );

+/**
+ * \brief           Get the size in bits of the underlying key
+ *
+ * \param ctx       Context to use
+ *
+ * \return          Key size in bits, or 0 on error
+ */
+size_t pk_get_size( const pk_context *ctx );
+
+/**
+ * \brief           Tell if a context can do the operation given by type
+ *
+ * \param ctx       Context to test
+ * \param type      Target type
+ *
+ * \return          0 if context can't do the operations,
+ *                  1 otherwise.
+ */
+int pk_can_do( pk_context *ctx, pk_type_t type );
+
+/**
+ * \brief           Verify signature
+ *
+ * \param ctx       PK context to use
+ * \param hash      Hash of the message to sign
+ * \param md_info   Information about the hash function used
+ * \param sig       Signature to verify
+ * \param sig_len   Signature length
+ *
+ * \return          0 on success (signature is valid),
+ *                  or a specific error code.
+ */
+int pk_verify( pk_context *ctx,
+               const unsigned char *hash, const md_info_t *md_info,
+               const unsigned char *sig, size_t sig_len );
+
 #ifdef __cplusplus
 }
 #endif
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@@ -110,7 +110,7 @@
 #define POLARSSL_ERR_SSL_BAD_HS_PROTOCOL_VERSION           -0x6E80  /**< Handshake protocol not within min/max boundaries */
 #define POLARSSL_ERR_SSL_BAD_HS_NEW_SESSION_TICKET         -0x6E00  /**< Processing of the NewSessionTicket handshake message failed. */
 #define POLARSSL_ERR_SSL_SESSION_TICKET_EXPIRED            -0x6D80  /**< Session ticket has expired. */
-
+#define POLARSSL_ERR_SSL_PK_TYPE_MISMATCH                  -0x6D00  /**< Public key type mismatch (eg, asked for RSA key exchange and presented EC key) */

 /*
 * Various constants