mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-23 02:45:41 +01:00
69baf70984
It's better for names in the API to describe the "what" (opaque keys) rather than the "how" (using PSA), at least since we don't intend to have multiple function doing the same "what" in different ways in the foreseeable future.
893 lines
25 KiB
C
893 lines
25 KiB
C
/*
|
|
* Public Key abstraction layer: wrapper functions
|
|
*
|
|
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
|
* SPDX-License-Identifier: Apache-2.0
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
* not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*
|
|
* This file is part of mbed TLS (https://tls.mbed.org)
|
|
*/
|
|
|
|
#if !defined(MBEDTLS_CONFIG_FILE)
|
|
#include "mbedtls/config.h"
|
|
#else
|
|
#include MBEDTLS_CONFIG_FILE
|
|
#endif
|
|
|
|
#if defined(MBEDTLS_PK_C)
|
|
#include "mbedtls/pk_internal.h"
|
|
|
|
/* Even if RSA not activated, for the sake of RSA-alt */
|
|
#include "mbedtls/rsa.h"
|
|
|
|
#include <string.h>
|
|
|
|
#if defined(MBEDTLS_ECP_C)
|
|
#include "mbedtls/ecp.h"
|
|
#endif
|
|
|
|
#if defined(MBEDTLS_ECDSA_C)
|
|
#include "mbedtls/ecdsa.h"
|
|
#endif
|
|
|
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
|
#include "mbedtls/asn1write.h"
|
|
#endif
|
|
|
|
#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
|
|
#include "mbedtls/platform_util.h"
|
|
#endif
|
|
|
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
|
#include "mbedtls/psa_util.h"
|
|
#endif
|
|
|
|
#if defined(MBEDTLS_PLATFORM_C)
|
|
#include "mbedtls/platform.h"
|
|
#else
|
|
#include <stdlib.h>
|
|
#define mbedtls_calloc calloc
|
|
#define mbedtls_free free
|
|
#endif
|
|
|
|
#include <limits.h>
|
|
#include <stdint.h>
|
|
|
|
#if defined(MBEDTLS_RSA_C)
|
|
static int rsa_can_do( mbedtls_pk_type_t type )
|
|
{
|
|
return( type == MBEDTLS_PK_RSA ||
|
|
type == MBEDTLS_PK_RSASSA_PSS );
|
|
}
|
|
|
|
static size_t rsa_get_bitlen( const void *ctx )
|
|
{
|
|
const mbedtls_rsa_context * rsa = (const mbedtls_rsa_context *) ctx;
|
|
return( 8 * mbedtls_rsa_get_len( rsa ) );
|
|
}
|
|
|
|
static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
|
|
const unsigned char *hash, size_t hash_len,
|
|
const unsigned char *sig, size_t sig_len )
|
|
{
|
|
int ret;
|
|
mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
|
|
size_t rsa_len = mbedtls_rsa_get_len( rsa );
|
|
|
|
#if SIZE_MAX > UINT_MAX
|
|
if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len )
|
|
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
|
|
#endif /* SIZE_MAX > UINT_MAX */
|
|
|
|
if( sig_len < rsa_len )
|
|
return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
|
|
|
|
if( ( ret = mbedtls_rsa_pkcs1_verify( rsa, NULL, NULL,
|
|
MBEDTLS_RSA_PUBLIC, md_alg,
|
|
(unsigned int) hash_len, hash, sig ) ) != 0 )
|
|
return( ret );
|
|
|
|
/* The buffer contains a valid signature followed by extra data.
|
|
* We have a special error code for that so that so that callers can
|
|
* use mbedtls_pk_verify() to check "Does the buffer start with a
|
|
* valid signature?" and not just "Does the buffer contain a valid
|
|
* signature?". */
|
|
if( sig_len > rsa_len )
|
|
return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );
|
|
|
|
return( 0 );
|
|
}
|
|
|
|
static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
|
|
const unsigned char *hash, size_t hash_len,
|
|
unsigned char *sig, size_t *sig_len,
|
|
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
|
|
{
|
|
mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
|
|
|
|
#if SIZE_MAX > UINT_MAX
|
|
if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len )
|
|
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
|
|
#endif /* SIZE_MAX > UINT_MAX */
|
|
|
|
*sig_len = mbedtls_rsa_get_len( rsa );
|
|
|
|
return( mbedtls_rsa_pkcs1_sign( rsa, f_rng, p_rng, MBEDTLS_RSA_PRIVATE,
|
|
md_alg, (unsigned int) hash_len, hash, sig ) );
|
|
}
|
|
|
|
static int rsa_decrypt_wrap( void *ctx,
|
|
const unsigned char *input, size_t ilen,
|
|
unsigned char *output, size_t *olen, size_t osize,
|
|
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
|
|
{
|
|
mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
|
|
|
|
if( ilen != mbedtls_rsa_get_len( rsa ) )
|
|
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
|
|
|
return( mbedtls_rsa_pkcs1_decrypt( rsa, f_rng, p_rng,
|
|
MBEDTLS_RSA_PRIVATE, olen, input, output, osize ) );
|
|
}
|
|
|
|
static int rsa_encrypt_wrap( void *ctx,
|
|
const unsigned char *input, size_t ilen,
|
|
unsigned char *output, size_t *olen, size_t osize,
|
|
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
|
|
{
|
|
mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
|
|
*olen = mbedtls_rsa_get_len( rsa );
|
|
|
|
if( *olen > osize )
|
|
return( MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE );
|
|
|
|
return( mbedtls_rsa_pkcs1_encrypt( rsa, f_rng, p_rng, MBEDTLS_RSA_PUBLIC,
|
|
ilen, input, output ) );
|
|
}
|
|
|
|
static int rsa_check_pair_wrap( const void *pub, const void *prv )
|
|
{
|
|
return( mbedtls_rsa_check_pub_priv( (const mbedtls_rsa_context *) pub,
|
|
(const mbedtls_rsa_context *) prv ) );
|
|
}
|
|
|
|
static void *rsa_alloc_wrap( void )
|
|
{
|
|
void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_rsa_context ) );
|
|
|
|
if( ctx != NULL )
|
|
mbedtls_rsa_init( (mbedtls_rsa_context *) ctx, 0, 0 );
|
|
|
|
return( ctx );
|
|
}
|
|
|
|
static void rsa_free_wrap( void *ctx )
|
|
{
|
|
mbedtls_rsa_free( (mbedtls_rsa_context *) ctx );
|
|
mbedtls_free( ctx );
|
|
}
|
|
|
|
static void rsa_debug( const void *ctx, mbedtls_pk_debug_item *items )
|
|
{
|
|
items->type = MBEDTLS_PK_DEBUG_MPI;
|
|
items->name = "rsa.N";
|
|
items->value = &( ((mbedtls_rsa_context *) ctx)->N );
|
|
|
|
items++;
|
|
|
|
items->type = MBEDTLS_PK_DEBUG_MPI;
|
|
items->name = "rsa.E";
|
|
items->value = &( ((mbedtls_rsa_context *) ctx)->E );
|
|
}
|
|
|
|
const mbedtls_pk_info_t mbedtls_rsa_info = {
|
|
MBEDTLS_PK_RSA,
|
|
"RSA",
|
|
rsa_get_bitlen,
|
|
rsa_can_do,
|
|
rsa_verify_wrap,
|
|
rsa_sign_wrap,
|
|
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
|
|
NULL,
|
|
NULL,
|
|
#endif
|
|
rsa_decrypt_wrap,
|
|
rsa_encrypt_wrap,
|
|
rsa_check_pair_wrap,
|
|
rsa_alloc_wrap,
|
|
rsa_free_wrap,
|
|
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
|
|
NULL,
|
|
NULL,
|
|
#endif
|
|
rsa_debug,
|
|
};
|
|
#endif /* MBEDTLS_RSA_C */
|
|
|
|
#if defined(MBEDTLS_ECP_C)
|
|
/*
|
|
* Generic EC key
|
|
*/
|
|
static int eckey_can_do( mbedtls_pk_type_t type )
|
|
{
|
|
return( type == MBEDTLS_PK_ECKEY ||
|
|
type == MBEDTLS_PK_ECKEY_DH ||
|
|
type == MBEDTLS_PK_ECDSA );
|
|
}
|
|
|
|
static size_t eckey_get_bitlen( const void *ctx )
|
|
{
|
|
return( ((mbedtls_ecp_keypair *) ctx)->grp.pbits );
|
|
}
|
|
|
|
#if defined(MBEDTLS_ECDSA_C)
|
|
/* Forward declarations */
|
|
static int ecdsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
|
|
const unsigned char *hash, size_t hash_len,
|
|
const unsigned char *sig, size_t sig_len );
|
|
|
|
static int ecdsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
|
|
const unsigned char *hash, size_t hash_len,
|
|
unsigned char *sig, size_t *sig_len,
|
|
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
|
|
|
|
static int eckey_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
|
|
const unsigned char *hash, size_t hash_len,
|
|
const unsigned char *sig, size_t sig_len )
|
|
{
|
|
int ret;
|
|
mbedtls_ecdsa_context ecdsa;
|
|
|
|
mbedtls_ecdsa_init( &ecdsa );
|
|
|
|
if( ( ret = mbedtls_ecdsa_from_keypair( &ecdsa, ctx ) ) == 0 )
|
|
ret = ecdsa_verify_wrap( &ecdsa, md_alg, hash, hash_len, sig, sig_len );
|
|
|
|
mbedtls_ecdsa_free( &ecdsa );
|
|
|
|
return( ret );
|
|
}
|
|
|
|
static int eckey_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
|
|
const unsigned char *hash, size_t hash_len,
|
|
unsigned char *sig, size_t *sig_len,
|
|
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
|
|
{
|
|
int ret;
|
|
mbedtls_ecdsa_context ecdsa;
|
|
|
|
mbedtls_ecdsa_init( &ecdsa );
|
|
|
|
if( ( ret = mbedtls_ecdsa_from_keypair( &ecdsa, ctx ) ) == 0 )
|
|
ret = ecdsa_sign_wrap( &ecdsa, md_alg, hash, hash_len, sig, sig_len,
|
|
f_rng, p_rng );
|
|
|
|
mbedtls_ecdsa_free( &ecdsa );
|
|
|
|
return( ret );
|
|
}
|
|
|
|
#if defined(MBEDTLS_ECP_RESTARTABLE)
|
|
/* Forward declarations */
|
|
static int ecdsa_verify_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
|
|
const unsigned char *hash, size_t hash_len,
|
|
const unsigned char *sig, size_t sig_len,
|
|
void *rs_ctx );
|
|
|
|
static int ecdsa_sign_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
|
|
const unsigned char *hash, size_t hash_len,
|
|
unsigned char *sig, size_t *sig_len,
|
|
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
|
|
void *rs_ctx );
|
|
|
|
/*
|
|
* Restart context for ECDSA operations with ECKEY context
|
|
*
|
|
* We need to store an actual ECDSA context, as we need to pass the same to
|
|
* the underlying ecdsa function, so we can't create it on the fly every time.
|
|
*/
|
|
typedef struct
|
|
{
|
|
mbedtls_ecdsa_restart_ctx ecdsa_rs;
|
|
mbedtls_ecdsa_context ecdsa_ctx;
|
|
} eckey_restart_ctx;
|
|
|
|
static void *eckey_rs_alloc( void )
|
|
{
|
|
eckey_restart_ctx *rs_ctx;
|
|
|
|
void *ctx = mbedtls_calloc( 1, sizeof( eckey_restart_ctx ) );
|
|
|
|
if( ctx != NULL )
|
|
{
|
|
rs_ctx = ctx;
|
|
mbedtls_ecdsa_restart_init( &rs_ctx->ecdsa_rs );
|
|
mbedtls_ecdsa_init( &rs_ctx->ecdsa_ctx );
|
|
}
|
|
|
|
return( ctx );
|
|
}
|
|
|
|
static void eckey_rs_free( void *ctx )
|
|
{
|
|
eckey_restart_ctx *rs_ctx;
|
|
|
|
if( ctx == NULL)
|
|
return;
|
|
|
|
rs_ctx = ctx;
|
|
mbedtls_ecdsa_restart_free( &rs_ctx->ecdsa_rs );
|
|
mbedtls_ecdsa_free( &rs_ctx->ecdsa_ctx );
|
|
|
|
mbedtls_free( ctx );
|
|
}
|
|
|
|
static int eckey_verify_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
|
|
const unsigned char *hash, size_t hash_len,
|
|
const unsigned char *sig, size_t sig_len,
|
|
void *rs_ctx )
|
|
{
|
|
int ret;
|
|
eckey_restart_ctx *rs = rs_ctx;
|
|
|
|
/* Should never happen */
|
|
if( rs == NULL )
|
|
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
|
|
|
|
/* set up our own sub-context if needed (that is, on first run) */
|
|
if( rs->ecdsa_ctx.grp.pbits == 0 )
|
|
MBEDTLS_MPI_CHK( mbedtls_ecdsa_from_keypair( &rs->ecdsa_ctx, ctx ) );
|
|
|
|
MBEDTLS_MPI_CHK( ecdsa_verify_rs_wrap( &rs->ecdsa_ctx,
|
|
md_alg, hash, hash_len,
|
|
sig, sig_len, &rs->ecdsa_rs ) );
|
|
|
|
cleanup:
|
|
return( ret );
|
|
}
|
|
|
|
static int eckey_sign_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
|
|
const unsigned char *hash, size_t hash_len,
|
|
unsigned char *sig, size_t *sig_len,
|
|
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
|
|
void *rs_ctx )
|
|
{
|
|
int ret;
|
|
eckey_restart_ctx *rs = rs_ctx;
|
|
|
|
/* Should never happen */
|
|
if( rs == NULL )
|
|
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
|
|
|
|
/* set up our own sub-context if needed (that is, on first run) */
|
|
if( rs->ecdsa_ctx.grp.pbits == 0 )
|
|
MBEDTLS_MPI_CHK( mbedtls_ecdsa_from_keypair( &rs->ecdsa_ctx, ctx ) );
|
|
|
|
MBEDTLS_MPI_CHK( ecdsa_sign_rs_wrap( &rs->ecdsa_ctx, md_alg,
|
|
hash, hash_len, sig, sig_len,
|
|
f_rng, p_rng, &rs->ecdsa_rs ) );
|
|
|
|
cleanup:
|
|
return( ret );
|
|
}
|
|
#endif /* MBEDTLS_ECP_RESTARTABLE */
|
|
#endif /* MBEDTLS_ECDSA_C */
|
|
|
|
static int eckey_check_pair( const void *pub, const void *prv )
|
|
{
|
|
return( mbedtls_ecp_check_pub_priv( (const mbedtls_ecp_keypair *) pub,
|
|
(const mbedtls_ecp_keypair *) prv ) );
|
|
}
|
|
|
|
static void *eckey_alloc_wrap( void )
|
|
{
|
|
void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ecp_keypair ) );
|
|
|
|
if( ctx != NULL )
|
|
mbedtls_ecp_keypair_init( ctx );
|
|
|
|
return( ctx );
|
|
}
|
|
|
|
static void eckey_free_wrap( void *ctx )
|
|
{
|
|
mbedtls_ecp_keypair_free( (mbedtls_ecp_keypair *) ctx );
|
|
mbedtls_free( ctx );
|
|
}
|
|
|
|
static void eckey_debug( const void *ctx, mbedtls_pk_debug_item *items )
|
|
{
|
|
items->type = MBEDTLS_PK_DEBUG_ECP;
|
|
items->name = "eckey.Q";
|
|
items->value = &( ((mbedtls_ecp_keypair *) ctx)->Q );
|
|
}
|
|
|
|
const mbedtls_pk_info_t mbedtls_eckey_info = {
|
|
MBEDTLS_PK_ECKEY,
|
|
"EC",
|
|
eckey_get_bitlen,
|
|
eckey_can_do,
|
|
#if defined(MBEDTLS_ECDSA_C)
|
|
eckey_verify_wrap,
|
|
eckey_sign_wrap,
|
|
#if defined(MBEDTLS_ECP_RESTARTABLE)
|
|
eckey_verify_rs_wrap,
|
|
eckey_sign_rs_wrap,
|
|
#endif
|
|
#else /* MBEDTLS_ECDSA_C */
|
|
NULL,
|
|
NULL,
|
|
#endif /* MBEDTLS_ECDSA_C */
|
|
NULL,
|
|
NULL,
|
|
eckey_check_pair,
|
|
eckey_alloc_wrap,
|
|
eckey_free_wrap,
|
|
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
|
|
eckey_rs_alloc,
|
|
eckey_rs_free,
|
|
#endif
|
|
eckey_debug,
|
|
};
|
|
|
|
/*
|
|
* EC key restricted to ECDH
|
|
*/
|
|
static int eckeydh_can_do( mbedtls_pk_type_t type )
|
|
{
|
|
return( type == MBEDTLS_PK_ECKEY ||
|
|
type == MBEDTLS_PK_ECKEY_DH );
|
|
}
|
|
|
|
const mbedtls_pk_info_t mbedtls_eckeydh_info = {
|
|
MBEDTLS_PK_ECKEY_DH,
|
|
"EC_DH",
|
|
eckey_get_bitlen, /* Same underlying key structure */
|
|
eckeydh_can_do,
|
|
NULL,
|
|
NULL,
|
|
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
|
|
NULL,
|
|
NULL,
|
|
#endif
|
|
NULL,
|
|
NULL,
|
|
eckey_check_pair,
|
|
eckey_alloc_wrap, /* Same underlying key structure */
|
|
eckey_free_wrap, /* Same underlying key structure */
|
|
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
|
|
NULL,
|
|
NULL,
|
|
#endif
|
|
eckey_debug, /* Same underlying key structure */
|
|
};
|
|
#endif /* MBEDTLS_ECP_C */
|
|
|
|
#if defined(MBEDTLS_ECDSA_C)
|
|
static int ecdsa_can_do( mbedtls_pk_type_t type )
|
|
{
|
|
return( type == MBEDTLS_PK_ECDSA );
|
|
}
|
|
|
|
static int ecdsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
|
|
const unsigned char *hash, size_t hash_len,
|
|
const unsigned char *sig, size_t sig_len )
|
|
{
|
|
int ret;
|
|
((void) md_alg);
|
|
|
|
ret = mbedtls_ecdsa_read_signature( (mbedtls_ecdsa_context *) ctx,
|
|
hash, hash_len, sig, sig_len );
|
|
|
|
if( ret == MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH )
|
|
return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );
|
|
|
|
return( ret );
|
|
}
|
|
|
|
static int ecdsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
|
|
const unsigned char *hash, size_t hash_len,
|
|
unsigned char *sig, size_t *sig_len,
|
|
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
|
|
{
|
|
return( mbedtls_ecdsa_write_signature( (mbedtls_ecdsa_context *) ctx,
|
|
md_alg, hash, hash_len, sig, sig_len, f_rng, p_rng ) );
|
|
}
|
|
|
|
#if defined(MBEDTLS_ECP_RESTARTABLE)
|
|
static int ecdsa_verify_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
|
|
const unsigned char *hash, size_t hash_len,
|
|
const unsigned char *sig, size_t sig_len,
|
|
void *rs_ctx )
|
|
{
|
|
int ret;
|
|
((void) md_alg);
|
|
|
|
ret = mbedtls_ecdsa_read_signature_restartable(
|
|
(mbedtls_ecdsa_context *) ctx,
|
|
hash, hash_len, sig, sig_len,
|
|
(mbedtls_ecdsa_restart_ctx *) rs_ctx );
|
|
|
|
if( ret == MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH )
|
|
return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );
|
|
|
|
return( ret );
|
|
}
|
|
|
|
static int ecdsa_sign_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
|
|
const unsigned char *hash, size_t hash_len,
|
|
unsigned char *sig, size_t *sig_len,
|
|
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
|
|
void *rs_ctx )
|
|
{
|
|
return( mbedtls_ecdsa_write_signature_restartable(
|
|
(mbedtls_ecdsa_context *) ctx,
|
|
md_alg, hash, hash_len, sig, sig_len, f_rng, p_rng,
|
|
(mbedtls_ecdsa_restart_ctx *) rs_ctx ) );
|
|
|
|
}
|
|
#endif /* MBEDTLS_ECP_RESTARTABLE */
|
|
|
|
static void *ecdsa_alloc_wrap( void )
|
|
{
|
|
void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ecdsa_context ) );
|
|
|
|
if( ctx != NULL )
|
|
mbedtls_ecdsa_init( (mbedtls_ecdsa_context *) ctx );
|
|
|
|
return( ctx );
|
|
}
|
|
|
|
static void ecdsa_free_wrap( void *ctx )
|
|
{
|
|
mbedtls_ecdsa_free( (mbedtls_ecdsa_context *) ctx );
|
|
mbedtls_free( ctx );
|
|
}
|
|
|
|
#if defined(MBEDTLS_ECP_RESTARTABLE)
|
|
static void *ecdsa_rs_alloc( void )
|
|
{
|
|
void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ecdsa_restart_ctx ) );
|
|
|
|
if( ctx != NULL )
|
|
mbedtls_ecdsa_restart_init( ctx );
|
|
|
|
return( ctx );
|
|
}
|
|
|
|
static void ecdsa_rs_free( void *ctx )
|
|
{
|
|
mbedtls_ecdsa_restart_free( ctx );
|
|
mbedtls_free( ctx );
|
|
}
|
|
#endif /* MBEDTLS_ECP_RESTARTABLE */
|
|
|
|
const mbedtls_pk_info_t mbedtls_ecdsa_info = {
|
|
MBEDTLS_PK_ECDSA,
|
|
"ECDSA",
|
|
eckey_get_bitlen, /* Compatible key structures */
|
|
ecdsa_can_do,
|
|
ecdsa_verify_wrap,
|
|
ecdsa_sign_wrap,
|
|
#if defined(MBEDTLS_ECP_RESTARTABLE)
|
|
ecdsa_verify_rs_wrap,
|
|
ecdsa_sign_rs_wrap,
|
|
#endif
|
|
NULL,
|
|
NULL,
|
|
eckey_check_pair, /* Compatible key structures */
|
|
ecdsa_alloc_wrap,
|
|
ecdsa_free_wrap,
|
|
#if defined(MBEDTLS_ECP_RESTARTABLE)
|
|
ecdsa_rs_alloc,
|
|
ecdsa_rs_free,
|
|
#endif
|
|
eckey_debug, /* Compatible key structures */
|
|
};
|
|
#endif /* MBEDTLS_ECDSA_C */
|
|
|
|
#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
|
|
/*
|
|
* Support for alternative RSA-private implementations
|
|
*/
|
|
|
|
static int rsa_alt_can_do( mbedtls_pk_type_t type )
|
|
{
|
|
return( type == MBEDTLS_PK_RSA );
|
|
}
|
|
|
|
static size_t rsa_alt_get_bitlen( const void *ctx )
|
|
{
|
|
const mbedtls_rsa_alt_context *rsa_alt = (const mbedtls_rsa_alt_context *) ctx;
|
|
|
|
return( 8 * rsa_alt->key_len_func( rsa_alt->key ) );
|
|
}
|
|
|
|
static int rsa_alt_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
|
|
const unsigned char *hash, size_t hash_len,
|
|
unsigned char *sig, size_t *sig_len,
|
|
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
|
|
{
|
|
mbedtls_rsa_alt_context *rsa_alt = (mbedtls_rsa_alt_context *) ctx;
|
|
|
|
#if SIZE_MAX > UINT_MAX
|
|
if( UINT_MAX < hash_len )
|
|
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
|
|
#endif /* SIZE_MAX > UINT_MAX */
|
|
|
|
*sig_len = rsa_alt->key_len_func( rsa_alt->key );
|
|
|
|
return( rsa_alt->sign_func( rsa_alt->key, f_rng, p_rng, MBEDTLS_RSA_PRIVATE,
|
|
md_alg, (unsigned int) hash_len, hash, sig ) );
|
|
}
|
|
|
|
static int rsa_alt_decrypt_wrap( void *ctx,
|
|
const unsigned char *input, size_t ilen,
|
|
unsigned char *output, size_t *olen, size_t osize,
|
|
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
|
|
{
|
|
mbedtls_rsa_alt_context *rsa_alt = (mbedtls_rsa_alt_context *) ctx;
|
|
|
|
((void) f_rng);
|
|
((void) p_rng);
|
|
|
|
if( ilen != rsa_alt->key_len_func( rsa_alt->key ) )
|
|
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
|
|
|
|
return( rsa_alt->decrypt_func( rsa_alt->key,
|
|
MBEDTLS_RSA_PRIVATE, olen, input, output, osize ) );
|
|
}
|
|
|
|
#if defined(MBEDTLS_RSA_C)
|
|
static int rsa_alt_check_pair( const void *pub, const void *prv )
|
|
{
|
|
unsigned char sig[MBEDTLS_MPI_MAX_SIZE];
|
|
unsigned char hash[32];
|
|
size_t sig_len = 0;
|
|
int ret;
|
|
|
|
if( rsa_alt_get_bitlen( prv ) != rsa_get_bitlen( pub ) )
|
|
return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
|
|
|
|
memset( hash, 0x2a, sizeof( hash ) );
|
|
|
|
if( ( ret = rsa_alt_sign_wrap( (void *) prv, MBEDTLS_MD_NONE,
|
|
hash, sizeof( hash ),
|
|
sig, &sig_len, NULL, NULL ) ) != 0 )
|
|
{
|
|
return( ret );
|
|
}
|
|
|
|
if( rsa_verify_wrap( (void *) pub, MBEDTLS_MD_NONE,
|
|
hash, sizeof( hash ), sig, sig_len ) != 0 )
|
|
{
|
|
return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
|
|
}
|
|
|
|
return( 0 );
|
|
}
|
|
#endif /* MBEDTLS_RSA_C */
|
|
|
|
static void *rsa_alt_alloc_wrap( void )
|
|
{
|
|
void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_rsa_alt_context ) );
|
|
|
|
if( ctx != NULL )
|
|
memset( ctx, 0, sizeof( mbedtls_rsa_alt_context ) );
|
|
|
|
return( ctx );
|
|
}
|
|
|
|
static void rsa_alt_free_wrap( void *ctx )
|
|
{
|
|
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_rsa_alt_context ) );
|
|
mbedtls_free( ctx );
|
|
}
|
|
|
|
const mbedtls_pk_info_t mbedtls_rsa_alt_info = {
|
|
MBEDTLS_PK_RSA_ALT,
|
|
"RSA-alt",
|
|
rsa_alt_get_bitlen,
|
|
rsa_alt_can_do,
|
|
NULL,
|
|
rsa_alt_sign_wrap,
|
|
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
|
|
NULL,
|
|
NULL,
|
|
#endif
|
|
rsa_alt_decrypt_wrap,
|
|
NULL,
|
|
#if defined(MBEDTLS_RSA_C)
|
|
rsa_alt_check_pair,
|
|
#else
|
|
NULL,
|
|
#endif
|
|
rsa_alt_alloc_wrap,
|
|
rsa_alt_free_wrap,
|
|
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
|
|
NULL,
|
|
NULL,
|
|
#endif
|
|
NULL,
|
|
};
|
|
|
|
#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
|
|
|
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
|
|
|
static void *pk_opaque_alloc_wrap( void )
|
|
{
|
|
void *ctx = mbedtls_calloc( 1, sizeof( psa_key_slot_t ) );
|
|
|
|
/* no _init() function to call, an calloc() already zeroized */
|
|
|
|
return( ctx );
|
|
}
|
|
|
|
static void pk_opaque_free_wrap( void *ctx )
|
|
{
|
|
mbedtls_platform_zeroize( ctx, sizeof( psa_key_slot_t ) );
|
|
mbedtls_free( ctx );
|
|
}
|
|
|
|
static size_t pk_opaque_get_bitlen( const void *ctx )
|
|
{
|
|
const psa_key_slot_t *key = (const psa_key_slot_t *) ctx;
|
|
size_t bits;
|
|
|
|
if( PSA_SUCCESS != psa_get_key_information( *key, NULL, &bits ) )
|
|
return( 0 );
|
|
|
|
return( bits );
|
|
}
|
|
|
|
static int pk_opaque_can_do( mbedtls_pk_type_t type )
|
|
{
|
|
/* For now opaque PSA keys can only wrap ECC keypairs,
|
|
* as checked by setup_psa().
|
|
* Also, ECKEY_DH does not really make sense with the current API. */
|
|
return( type == MBEDTLS_PK_ECKEY ||
|
|
type == MBEDTLS_PK_ECDSA );
|
|
}
|
|
|
|
/* Like mbedtls_asn1_write_mpi, but from a buffer */
|
|
static int asn1_write_mpibuf( unsigned char **p, unsigned char *start,
|
|
const unsigned char *src, size_t slen )
|
|
{
|
|
int ret;
|
|
size_t len = 0;
|
|
|
|
if( (size_t)( *p - start ) < slen )
|
|
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
|
|
|
|
len = slen;
|
|
*p -= len;
|
|
memcpy( *p, src, len );
|
|
|
|
if( **p & 0x80 )
|
|
{
|
|
if( *p - start < 1 )
|
|
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
|
|
|
|
*--(*p) = 0x00;
|
|
len += 1;
|
|
}
|
|
|
|
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
|
|
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_INTEGER ) );
|
|
|
|
return( (int) len );
|
|
}
|
|
|
|
/* Transcode signature from PSA format to ASN.1 sequence.
|
|
* See ecdsa_signature_to_asn1 in ecdsa.c.
|
|
*
|
|
* [in] sig: the signature in PSA format
|
|
* [in/out] sig_len: signature length pre- and post-transcoding
|
|
* [out] dst: the signature in ASN.1 format
|
|
*/
|
|
static int pk_ecdsa_sig_asn1_from_psa( const unsigned char *sig, size_t *sig_len,
|
|
unsigned char *dst )
|
|
{
|
|
int ret;
|
|
unsigned char buf[MBEDTLS_ECDSA_MAX_LEN];
|
|
unsigned char *p = buf + sizeof( buf );
|
|
size_t len = 0;
|
|
const size_t mpi_len = *sig_len / 2;
|
|
|
|
MBEDTLS_ASN1_CHK_ADD( len, asn1_write_mpibuf( &p, buf, sig + mpi_len, mpi_len ) );
|
|
MBEDTLS_ASN1_CHK_ADD( len, asn1_write_mpibuf( &p, buf, sig, mpi_len ) );
|
|
|
|
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &p, buf, len ) );
|
|
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &p, buf,
|
|
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) );
|
|
|
|
memcpy( dst, p, len );
|
|
*sig_len = len;
|
|
|
|
return( 0 );
|
|
}
|
|
|
|
static int pk_opaque_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
|
|
const unsigned char *hash, size_t hash_len,
|
|
unsigned char *sig, size_t *sig_len,
|
|
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
|
|
{
|
|
const psa_key_slot_t *key = (const psa_key_slot_t *) ctx;
|
|
psa_status_t status;
|
|
psa_algorithm_t alg = PSA_ALG_ECDSA( mbedtls_psa_translate_md( md_alg ) );
|
|
/* PSA needs a buffer of know size */
|
|
unsigned char buf[2 * MBEDTLS_ECP_MAX_BYTES];
|
|
const size_t buf_len = sizeof( buf );
|
|
|
|
/* PSA has its own RNG */
|
|
(void) f_rng;
|
|
(void) p_rng;
|
|
|
|
status = psa_asymmetric_sign( *key, alg, hash, hash_len,
|
|
buf, buf_len, sig_len );
|
|
|
|
/* translate errors to best approximation */
|
|
switch( status )
|
|
{
|
|
case PSA_SUCCESS:
|
|
break; /* don't return now */
|
|
case PSA_ERROR_NOT_SUPPORTED:
|
|
return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
|
|
case PSA_ERROR_INSUFFICIENT_MEMORY:
|
|
return( MBEDTLS_ERR_PK_ALLOC_FAILED );
|
|
case PSA_ERROR_COMMUNICATION_FAILURE:
|
|
case PSA_ERROR_HARDWARE_FAILURE:
|
|
case PSA_ERROR_TAMPERING_DETECTED:
|
|
return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );
|
|
case PSA_ERROR_INSUFFICIENT_ENTROPY:
|
|
return( MBEDTLS_ERR_ECP_RANDOM_FAILED );
|
|
case PSA_ERROR_BAD_STATE:
|
|
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
|
|
default: /* should never happen */
|
|
return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );
|
|
}
|
|
|
|
pk_ecdsa_sig_asn1_from_psa( buf, sig_len, sig );
|
|
|
|
return( 0 );
|
|
}
|
|
|
|
const mbedtls_pk_info_t mbedtls_pk_opaque_info = {
|
|
MBEDTLS_PK_OPAQUE,
|
|
"Opaque",
|
|
pk_opaque_get_bitlen,
|
|
pk_opaque_can_do,
|
|
NULL, /* verify - will be done later */
|
|
pk_opaque_sign_wrap,
|
|
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
|
|
NULL, /* restartable verify - not relevant */
|
|
NULL, /* restartable sign - not relevant */
|
|
#endif
|
|
NULL, /* decrypt - will be done later */
|
|
NULL, /* encrypt - will be done later */
|
|
NULL, /* check_pair - could be done later or left NULL */
|
|
pk_opaque_alloc_wrap,
|
|
pk_opaque_free_wrap,
|
|
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
|
|
NULL, /* restart alloc - not relevant */
|
|
NULL, /* restart free - not relevant */
|
|
#endif
|
|
NULL, /* debug - could be done later, or even left NULL */
|
|
};
|
|
|
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
|
|
|
#endif /* MBEDTLS_PK_C */
|