#include <sys/utsname.h>
#include <errno.h>
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+
#define PTS_BUF_SIZE 4096
typedef struct private_pts_t private_pts_t;
METHOD(pts_t, verify_quote_signature, bool,
private_pts_t *this, chunk_t data, chunk_t signature)
{
- /** Implementation using strongswan -> not working */
public_key_t *aik_pub_key;
+ chunk_t key_encoding;
+ EVP_PKEY *pkey = NULL;
+ RSA *rsa = NULL;
+ unsigned char *p;
aik_pub_key = this->aik->get_public_key(this->aik);
if (!aik_pub_key)
DESTROY_IF(aik_pub_key);
return FALSE;
}
+ */
- aik_pub_key->destroy(aik_pub_key);
+ if (!aik_pub_key->get_encoding(aik_pub_key, PUBKEY_SPKI_ASN1_DER, &key_encoding))
+ {
+ DBG1(DBG_PTS, "failed to get encoding of AIK public key");
+ goto cleanup;
+ }
+ p = key_encoding.ptr;
+ pkey = d2i_PUBKEY(NULL, (const unsigned char**)&p, key_encoding.len);
+ if (!pkey)
+ {
+ DBG1(DBG_PTS, "failed to get EVP_PKEY object from AIK public key encoding");
+ goto cleanup;
+ }
+
+ rsa = EVP_PKEY_get1_RSA(pkey);
+ if (!rsa)
+ {
+ DBG1(DBG_PTS, "failed to get RSA object from EVP_PKEY");
+ goto cleanup;
+ }
+
+ if (RSA_verify(NID_sha1, data.ptr, data.len, signature.ptr, signature.len, rsa) != 1)
+ {
+ DBG1(DBG_PTS, "signature verification failed for TPM Quote Info");
+ goto cleanup;
+ }
+
+ RSA_free(rsa);
+ EVP_PKEY_free(pkey);
+ if (key_encoding.ptr)
+ {
+ chunk_clear(&key_encoding);
+ }
+ aik_pub_key->destroy(aik_pub_key);
return TRUE;
+
+cleanup:
+ if (rsa)
+ {
+ RSA_free(rsa);
+ }
+ if (pkey)
+ {
+ EVP_PKEY_free(pkey);
+ }
+ if (key_encoding.ptr)
+ {
+ chunk_clear(&key_encoding);
+ }
+ DESTROY_IF(aik_pub_key);
+ return FALSE;
}
METHOD(pts_t, destroy, void,
projects / strongswan.git / commitdiff