[sedhcpv6] Fixed multiple verify for RSA

author Francis Dupont <fdupont@isc.org>

Mon, 8 Jun 2015 11:05:16 +0000 (13:05 +0200)

committer Francis Dupont <fdupont@isc.org>

Mon, 8 Jun 2015 11:05:16 +0000 (13:05 +0200)
author Francis Dupont <fdupont@isc.org>
Mon, 8 Jun 2015 11:05:16 +0000 (13:05 +0200)
committer Francis Dupont <fdupont@isc.org>
Mon, 8 Jun 2015 11:05:16 +0000 (13:05 +0200)
diff --git a/src/lib/cryptolink/botan_rsa.cc b/src/lib/cryptolink/botan_rsa.cc

index e8ac591bb79cd2573a4c45199a03b695873fb1a8..af7f854ce5bc0763569943a117c80f4799460e23 100644 (file)
--- a/src/lib/cryptolink/botan_rsa.cc
+++ b/src/lib/cryptolink/botan_rsa.cc
@@ -49,7 +49,7 @@ RsaAsymImpl::RsaAsymImpl(const void* key, size_t key_len,
          isc_throw(UnsupportedAlgorithm,
                    "Unknown hash algorithm: " << static_cast<int>(hash_));
      }
-    std::string emsa = "EMSA3(" + hash + ")";
+    emsa_ = "EMSA3(" + hash + ")";
      if (key_len == 0) {
          isc_throw(BadKey, "Bad RSA " <<
                    (kind_ != CERT ? "key" : "cert") << " length: 0");
@@ -239,13 +239,13 @@ RsaAsymImpl::RsaAsymImpl(const void* key, size_t key_len,
              isc_throw(BadKey, "priv to pub: " << exc.what());
          }
          try {
-            signer_.reset(new Botan::PK_Signer(*priv_, emsa));
+            signer_.reset(new Botan::PK_Signer(*priv_, emsa_));
          } catch (const std::exception& exc) {
              isc_throw(BadKey, "PK_Signer: " << exc.what());
          }
      } else {
          try {
-            verifier_.reset(new Botan::PK_Verifier(*pub_, emsa));
+            verifier_.reset(new Botan::PK_Verifier(*pub_, emsa_));
          } catch (const std::exception& exc) {
              isc_throw(BadKey, "PK_Verifier: " << exc.what());
          }
@@ -267,7 +267,7 @@ RsaAsymImpl::RsaAsymImpl(const std::string& filename,
          isc_throw(UnsupportedAlgorithm,
                    "Unknown hash algorithm: " << static_cast<int>(hash_));
      }
-    std::string emsa = "EMSA3(" + hash + ")";
+    emsa_ = "EMSA3(" + hash + ")";
  
      if ((kind_ == PRIVATE) && (key_format == ASN1)) {
          // PKCS#8 Private Key PEM file
@@ -663,13 +663,13 @@ RsaAsymImpl::RsaAsymImpl(const std::string& filename,
              isc_throw(BadKey, "priv to pub: " << exc.what());
          }
          try {
-            signer_.reset(new Botan::PK_Signer(*priv_, emsa));
+            signer_.reset(new Botan::PK_Signer(*priv_, emsa_));
          } catch (const std::exception& exc) {
              isc_throw(BadKey, "PK_Signer: " << exc.what());
          }
      } else {
          try {
-            verifier_.reset(new Botan::PK_Verifier(*pub_, emsa));
+            verifier_.reset(new Botan::PK_Verifier(*pub_, emsa_));
          } catch (const std::exception& exc) {
              isc_throw(BadKey, "PK_Verifier: " << exc.what());
          }
@@ -800,21 +800,15 @@ bool RsaAsymImpl::verify(const void* sig, size_t len,
  
  /// \brief Clear the crypto state and go back to the initial state
  void RsaAsymImpl::clear() {
-    std::string hash = btn::getHashAlgorithmName(hash_);
-    if (hash.compare("Unknown") == 0) {
-        isc_throw(UnsupportedAlgorithm,
-                  "Unknown hash algorithm: " << static_cast<int>(hash_));
-    }
-    std::string emsa = "EMSA3(" + hash + ")";
      if (kind_ == PRIVATE) {
          try {
-            signer_.reset(new Botan::PK_Signer(*priv_, emsa));
+            signer_.reset(new Botan::PK_Signer(*priv_, emsa_));
          } catch (const std::exception& exc) {
              isc_throw(BadKey, "PK_Signer: " << exc.what());
          }
      } else {
          try {
-            verifier_.reset(new Botan::PK_Verifier(*pub_, emsa));
+            verifier_.reset(new Botan::PK_Verifier(*pub_, emsa_));
          } catch (const std::exception& exc) {
              isc_throw(BadKey, "PK_Verifier: " << exc.what());
          }
diff --git a/src/lib/cryptolink/botan_rsa.h b/src/lib/cryptolink/botan_rsa.h

index 3c6db360af8f71367650ce8bb1adc5112914e0c6..5274e335256fbf86fd58e5d6bae05c49d5e04e3f 100644 (file)
--- a/src/lib/cryptolink/botan_rsa.h
+++ b/src/lib/cryptolink/botan_rsa.h
@@ -131,6 +131,8 @@ private:
      HashAlgorithm hash_;
      /// @brief The key kind
      AsymKeyKind kind_;
+    /// @brief The encodding method for signatures
+    std::string emsa_;
      /// @brief The protected pointer to the Botan private key
      boost::scoped_ptr<Botan::RSA_PrivateKey> priv_;
      /// @brief The protected pointer to the Botan public key
diff --git a/src/lib/cryptolink/crypto_asym.h b/src/lib/cryptolink/crypto_asym.h

index 8b92aaa15a5c90500f971c632163e48908f444d5..c2fe406d8ff279ca3258955887e8c5fdb1dc28f3 100644 (file)
--- a/src/lib/cryptolink/crypto_asym.h
+++ b/src/lib/cryptolink/crypto_asym.h
@@ -124,8 +124,7 @@ public:
      /// \param sig_format The signature binary format
      /// \return           true if the signature is correct, false otherwise
      ///
-    /// \note verify() does not destroy its context so it can be
-    /// called multiple times with different signatures.
+    /// \note verify() destroys its context: use clear().
      virtual bool verify(const void* sig, size_t len,
                          const AsymFormat sig_format) = 0;
author	Francis Dupont <fdupont@isc.org>
	Mon, 8 Jun 2015 11:05:16 +0000 (13:05 +0200)
committer	Francis Dupont <fdupont@isc.org>
	Mon, 8 Jun 2015 11:05:16 +0000 (13:05 +0200)
src/lib/cryptolink/botan_rsa.cc		patch \| blob \| blame \| history
src/lib/cryptolink/botan_rsa.h		patch \| blob \| blame \| history
src/lib/cryptolink/crypto_asym.h		patch \| blob \| blame \| history