Used Openssl RSA_verify function
authorSansar Choinyambuu <schoinya@hsr.ch>
Fri, 21 Oct 2011 11:50:28 +0000 (13:50 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Mon, 28 Nov 2011 18:11:47 +0000 (19:11 +0100)
src/libpts/pts/pts.c

index becfdae..7692ba2 100644 (file)
 #include <sys/utsname.h>
 #include <errno.h>
 
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+
 #define PTS_BUF_SIZE   4096
 
 typedef struct private_pts_t private_pts_t;
@@ -1170,8 +1174,11 @@ METHOD(pts_t, get_quote_info, bool,
 METHOD(pts_t, verify_quote_signature, bool,
                                private_pts_t *this, chunk_t data, chunk_t signature)
 {
-       /** Implementation using strongswan -> not working */
        public_key_t *aik_pub_key;
+       chunk_t key_encoding;
+       EVP_PKEY *pkey = NULL;
+       RSA *rsa = NULL;
+       unsigned char *p;
 
        aik_pub_key = this->aik->get_public_key(this->aik);
        if (!aik_pub_key)
@@ -1187,10 +1194,59 @@ METHOD(pts_t, verify_quote_signature, bool,
                DESTROY_IF(aik_pub_key);
                return FALSE;
        }
+       */
 
-       aik_pub_key->destroy(aik_pub_key);
+       if (!aik_pub_key->get_encoding(aik_pub_key, PUBKEY_SPKI_ASN1_DER, &key_encoding))
+       {
+               DBG1(DBG_PTS, "failed to get encoding of AIK public key");
+               goto cleanup;
+       }
        
+       p = key_encoding.ptr;
+       pkey = d2i_PUBKEY(NULL, (const unsigned char**)&p, key_encoding.len);
+       if (!pkey)
+       {
+               DBG1(DBG_PTS, "failed to get EVP_PKEY object from AIK public key encoding");
+               goto cleanup;
+       }
+
+       rsa = EVP_PKEY_get1_RSA(pkey);
+       if (!rsa)
+       {
+               DBG1(DBG_PTS, "failed to get RSA object from EVP_PKEY");
+               goto cleanup;
+       }
+
+       if (RSA_verify(NID_sha1, data.ptr, data.len, signature.ptr, signature.len, rsa) != 1)
+       {
+               DBG1(DBG_PTS, "signature verification failed for TPM Quote Info");
+               goto cleanup;
+       }
+
+       RSA_free(rsa);
+       EVP_PKEY_free(pkey);
+       if (key_encoding.ptr)
+       {
+               chunk_clear(&key_encoding);
+       }
+       aik_pub_key->destroy(aik_pub_key);
        return TRUE;
+
+cleanup:
+       if (rsa)
+       {
+               RSA_free(rsa);
+       }
+       if (pkey)
+       {
+               EVP_PKEY_free(pkey);
+       }
+       if (key_encoding.ptr)
+       {
+               chunk_clear(&key_encoding);
+       }
+       DESTROY_IF(aik_pub_key);
+       return FALSE;
 }
 
 METHOD(pts_t, destroy, void,