summaryrefslogtreecommitdiff
path: root/modules
diff options
context:
space:
mode:
authorFabio Alessandrelli <fabio.alessandrelli@gmail.com>2020-06-06 15:42:46 +0200
committerFabio Alessandrelli <fabio.alessandrelli@gmail.com>2020-06-18 15:29:39 +0200
commitdfcc11fa52622680fe427c19dfe0528563a0691e (patch)
tree11a69fcc6dda0aef7edabd80c98813ae94680cc1 /modules
parent788f18086e01c67c817c1c095e88fd4cbbd3d345 (diff)
Implement sign and verify in crypto.
Diffstat (limited to 'modules')
-rw-r--r--modules/mbedtls/crypto_mbedtls.cpp45
-rw-r--r--modules/mbedtls/crypto_mbedtls.h3
2 files changed, 48 insertions, 0 deletions
diff --git a/modules/mbedtls/crypto_mbedtls.cpp b/modules/mbedtls/crypto_mbedtls.cpp
index 0d1a1f0138..a432a88fd1 100644
--- a/modules/mbedtls/crypto_mbedtls.cpp
+++ b/modules/mbedtls/crypto_mbedtls.cpp
@@ -317,3 +317,48 @@ PackedByteArray CryptoMbedTLS::generate_random_bytes(int p_bytes) {
mbedtls_ctr_drbg_random(&ctr_drbg, out.ptrw(), p_bytes);
return out;
}
+
+mbedtls_md_type_t CryptoMbedTLS::_md_type_from_hashtype(HashingContext::HashType p_hash_type, int &r_size) {
+ switch (p_hash_type) {
+ case HashingContext::HASH_MD5:
+ r_size = 16;
+ return MBEDTLS_MD_MD5;
+ case HashingContext::HASH_SHA1:
+ r_size = 20;
+ return MBEDTLS_MD_SHA1;
+ case HashingContext::HASH_SHA256:
+ r_size = 32;
+ return MBEDTLS_MD_SHA256;
+ default:
+ r_size = 0;
+ ERR_FAIL_V_MSG(MBEDTLS_MD_NONE, "Invalid hash type.");
+ }
+}
+
+Vector<uint8_t> CryptoMbedTLS::sign(HashingContext::HashType p_hash_type, Vector<uint8_t> p_hash, Ref<CryptoKey> p_key) {
+ int size;
+ mbedtls_md_type_t type = _md_type_from_hashtype(p_hash_type, size);
+ ERR_FAIL_COND_V_MSG(type == MBEDTLS_MD_NONE, Vector<uint8_t>(), "Invalid hash type.");
+ ERR_FAIL_COND_V_MSG(p_hash.size() != size, Vector<uint8_t>(), "Invalid hash provided. Size must be " + itos(size));
+ Ref<CryptoKeyMbedTLS> key = static_cast<Ref<CryptoKeyMbedTLS>>(p_key);
+ ERR_FAIL_COND_V_MSG(!key.is_valid(), Vector<uint8_t>(), "Invalid key provided.");
+ ERR_FAIL_COND_V_MSG(key->is_public_only(), Vector<uint8_t>(), "Invalid key provided. Cannot sign with public_only keys.");
+ size_t sig_size = 0;
+ unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
+ Vector<uint8_t> out;
+ int ret = mbedtls_pk_sign(&(key->pkey), type, p_hash.ptr(), size, buf, &sig_size, mbedtls_ctr_drbg_random, &ctr_drbg);
+ ERR_FAIL_COND_V_MSG(ret, out, "Error while signing: " + itos(ret));
+ out.resize(sig_size);
+ copymem(out.ptrw(), buf, sig_size);
+ return out;
+}
+
+bool CryptoMbedTLS::verify(HashingContext::HashType p_hash_type, Vector<uint8_t> p_hash, Vector<uint8_t> p_signature, Ref<CryptoKey> p_key) {
+ int size;
+ mbedtls_md_type_t type = _md_type_from_hashtype(p_hash_type, size);
+ ERR_FAIL_COND_V_MSG(type == MBEDTLS_MD_NONE, false, "Invalid hash type.");
+ ERR_FAIL_COND_V_MSG(p_hash.size() != size, false, "Invalid hash provided. Size must be " + itos(size));
+ Ref<CryptoKeyMbedTLS> key = static_cast<Ref<CryptoKeyMbedTLS>>(p_key);
+ ERR_FAIL_COND_V_MSG(!key.is_valid(), false, "Invalid key provided.");
+ return mbedtls_pk_verify(&(key->pkey), type, p_hash.ptr(), size, p_signature.ptr(), p_signature.size()) == 0;
+}
diff --git a/modules/mbedtls/crypto_mbedtls.h b/modules/mbedtls/crypto_mbedtls.h
index b3dd0e2a39..c22ddcdb42 100644
--- a/modules/mbedtls/crypto_mbedtls.h
+++ b/modules/mbedtls/crypto_mbedtls.h
@@ -106,6 +106,7 @@ private:
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
static X509CertificateMbedTLS *default_certs;
+ mbedtls_md_type_t _md_type_from_hashtype(HashingContext::HashType p_hash_type, int &r_size);
public:
static Crypto *create();
@@ -117,6 +118,8 @@ public:
virtual PackedByteArray generate_random_bytes(int p_bytes);
virtual Ref<CryptoKey> generate_rsa(int p_bytes);
virtual Ref<X509Certificate> generate_self_signed_certificate(Ref<CryptoKey> p_key, String p_issuer_name, String p_not_before, String p_not_after);
+ virtual Vector<uint8_t> sign(HashingContext::HashType p_hash_type, Vector<uint8_t> p_hash, Ref<CryptoKey> p_key);
+ virtual bool verify(HashingContext::HashType p_hash_type, Vector<uint8_t> p_hash, Vector<uint8_t> p_signature, Ref<CryptoKey> p_key);
CryptoMbedTLS();
~CryptoMbedTLS();