Arcola
/
mbedtls
Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Fork of
mbedtls
by 
Mark Radbourne
Embed:
(wiki syntax)
Show/hide line numbers
pk_wrap.c
00001 /* 00002 * Public Key abstraction layer: wrapper functions 00003 * 00004 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 00005 * SPDX-License-Identifier: Apache-2.0 00006 * 00007 * Licensed under the Apache License, Version 2.0 (the "License"); you may 00008 * not use this file except in compliance with the License. 00009 * You may obtain a copy of the License at 00010 * 00011 * http://www.apache.org/licenses/LICENSE-2.0 00012 * 00013 * Unless required by applicable law or agreed to in writing, software 00014 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 00015 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 00016 * See the License for the specific language governing permissions and 00017 * limitations under the License. 00018 * 00019 * This file is part of mbed TLS (https://tls.mbed.org) 00020 */ 00021 00022 #if !defined(MBEDTLS_CONFIG_FILE) 00023 #include "mbedtls/config.h" 00024 #else 00025 #include MBEDTLS_CONFIG_FILE 00026 #endif 00027 00028 #if defined(MBEDTLS_PK_C) 00029 #include "mbedtls/pk_internal.h" 00030 00031 /* Even if RSA not activated, for the sake of RSA-alt */ 00032 #include "mbedtls/rsa.h" 00033 #include "mbedtls/bignum.h" 00034 00035 #include <string.h> 00036 00037 #if defined(MBEDTLS_ECP_C) 00038 #include "mbedtls/ecp.h" 00039 #endif 00040 00041 #if defined(MBEDTLS_ECDSA_C) 00042 #include "mbedtls/ecdsa.h" 00043 #endif 00044 00045 #if defined(MBEDTLS_PLATFORM_C) 00046 #include "mbedtls/platform.h" 00047 #else 00048 #include <stdlib.h> 00049 #define mbedtls_calloc calloc 00050 #define mbedtls_free free 00051 #endif 00052 00053 #include <limits.h> 00054 00055 #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT) 00056 /* Implementation that should never be optimized out by the compiler */ 00057 static void mbedtls_zeroize( void *v, size_t n ) { 00058 volatile unsigned char *p = v; while( n-- ) *p++ = 0; 00059 } 00060 #endif 00061 00062 #if defined(MBEDTLS_RSA_C) 00063 static int rsa_can_do( mbedtls_pk_type_t type ) 00064 { 00065 return( type == MBEDTLS_PK_RSA || 00066 type == MBEDTLS_PK_RSASSA_PSS ); 00067 } 00068 00069 static size_t rsa_get_bitlen( const void *ctx ) 00070 { 00071 return( 8 * ((const mbedtls_rsa_context *) ctx)->len ); 00072 } 00073 00074 static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, 00075 const unsigned char *hash, size_t hash_len, 00076 const unsigned char *sig, size_t sig_len ) 00077 { 00078 int ret; 00079 00080 #if defined(MBEDTLS_HAVE_INT64) 00081 if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len ) 00082 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 00083 #endif /* MBEDTLS_HAVE_INT64 */ 00084 00085 if( sig_len < ((mbedtls_rsa_context *) ctx)->len ) 00086 return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); 00087 00088 if( ( ret = mbedtls_rsa_pkcs1_verify( (mbedtls_rsa_context *) ctx, NULL, NULL, 00089 MBEDTLS_RSA_PUBLIC, md_alg, 00090 (unsigned int) hash_len, hash, sig ) ) != 0 ) 00091 return( ret ); 00092 00093 if( sig_len > ((mbedtls_rsa_context *) ctx)->len ) 00094 return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH ); 00095 00096 return( 0 ); 00097 } 00098 00099 static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, 00100 const unsigned char *hash, size_t hash_len, 00101 unsigned char *sig, size_t *sig_len, 00102 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) 00103 { 00104 #if defined(MBEDTLS_HAVE_INT64) 00105 if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len ) 00106 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 00107 #endif /* MBEDTLS_HAVE_INT64 */ 00108 00109 *sig_len = ((mbedtls_rsa_context *) ctx)->len; 00110 00111 return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, 00112 md_alg, (unsigned int) hash_len, hash, sig ) ); 00113 } 00114 00115 static int rsa_decrypt_wrap( void *ctx, 00116 const unsigned char *input, size_t ilen, 00117 unsigned char *output, size_t *olen, size_t osize, 00118 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) 00119 { 00120 if( ilen != ((mbedtls_rsa_context *) ctx)->len ) 00121 return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); 00122 00123 return( mbedtls_rsa_pkcs1_decrypt( (mbedtls_rsa_context *) ctx, f_rng, p_rng, 00124 MBEDTLS_RSA_PRIVATE, olen, input, output, osize ) ); 00125 } 00126 00127 static int rsa_encrypt_wrap( void *ctx, 00128 const unsigned char *input, size_t ilen, 00129 unsigned char *output, size_t *olen, size_t osize, 00130 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) 00131 { 00132 *olen = ((mbedtls_rsa_context *) ctx)->len; 00133 00134 if( *olen > osize ) 00135 return( MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE ); 00136 00137 return( mbedtls_rsa_pkcs1_encrypt( (mbedtls_rsa_context *) ctx, 00138 f_rng, p_rng, MBEDTLS_RSA_PUBLIC, ilen, input, output ) ); 00139 } 00140 00141 static int rsa_check_pair_wrap( const void *pub, const void *prv ) 00142 { 00143 return( mbedtls_rsa_check_pub_priv( (const mbedtls_rsa_context *) pub, 00144 (const mbedtls_rsa_context *) prv ) ); 00145 } 00146 00147 static void *rsa_alloc_wrap( void ) 00148 { 00149 void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_rsa_context ) ); 00150 00151 if( ctx != NULL ) 00152 mbedtls_rsa_init( (mbedtls_rsa_context *) ctx, 0, 0 ); 00153 00154 return( ctx ); 00155 } 00156 00157 static void rsa_free_wrap( void *ctx ) 00158 { 00159 mbedtls_rsa_free( (mbedtls_rsa_context *) ctx ); 00160 mbedtls_free( ctx ); 00161 } 00162 00163 static void rsa_debug( const void *ctx, mbedtls_pk_debug_item *items ) 00164 { 00165 items->type = MBEDTLS_PK_DEBUG_MPI; 00166 items->name = "rsa.N"; 00167 items->value = &( ((mbedtls_rsa_context *) ctx)->N ); 00168 00169 items++; 00170 00171 items->type = MBEDTLS_PK_DEBUG_MPI; 00172 items->name = "rsa.E"; 00173 items->value = &( ((mbedtls_rsa_context *) ctx)->E ); 00174 } 00175 00176 const mbedtls_pk_info_t mbedtls_rsa_info = { 00177 MBEDTLS_PK_RSA, 00178 "RSA", 00179 rsa_get_bitlen, 00180 rsa_can_do, 00181 rsa_verify_wrap, 00182 rsa_sign_wrap, 00183 rsa_decrypt_wrap, 00184 rsa_encrypt_wrap, 00185 rsa_check_pair_wrap, 00186 rsa_alloc_wrap, 00187 rsa_free_wrap, 00188 rsa_debug, 00189 }; 00190 #endif /* MBEDTLS_RSA_C */ 00191 00192 #if defined(MBEDTLS_ECP_C) 00193 /* 00194 * Generic EC key 00195 */ 00196 static int eckey_can_do( mbedtls_pk_type_t type ) 00197 { 00198 return( type == MBEDTLS_PK_ECKEY || 00199 type == MBEDTLS_PK_ECKEY_DH || 00200 type == MBEDTLS_PK_ECDSA ); 00201 } 00202 00203 static size_t eckey_get_bitlen( const void *ctx ) 00204 { 00205 return( ((mbedtls_ecp_keypair *) ctx)->grp.pbits ); 00206 } 00207 00208 #if defined(MBEDTLS_ECDSA_C) 00209 /* Forward declarations */ 00210 static int ecdsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, 00211 const unsigned char *hash, size_t hash_len, 00212 const unsigned char *sig, size_t sig_len ); 00213 00214 static int ecdsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, 00215 const unsigned char *hash, size_t hash_len, 00216 unsigned char *sig, size_t *sig_len, 00217 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); 00218 00219 static int eckey_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, 00220 const unsigned char *hash, size_t hash_len, 00221 const unsigned char *sig, size_t sig_len ) 00222 { 00223 int ret; 00224 mbedtls_ecdsa_context ecdsa; 00225 00226 mbedtls_ecdsa_init( &ecdsa ); 00227 00228 if( ( ret = mbedtls_ecdsa_from_keypair( &ecdsa, ctx ) ) == 0 ) 00229 ret = ecdsa_verify_wrap( &ecdsa, md_alg, hash, hash_len, sig, sig_len ); 00230 00231 mbedtls_ecdsa_free( &ecdsa ); 00232 00233 return( ret ); 00234 } 00235 00236 static int eckey_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, 00237 const unsigned char *hash, size_t hash_len, 00238 unsigned char *sig, size_t *sig_len, 00239 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) 00240 { 00241 int ret; 00242 mbedtls_ecdsa_context ecdsa; 00243 00244 mbedtls_ecdsa_init( &ecdsa ); 00245 00246 if( ( ret = mbedtls_ecdsa_from_keypair( &ecdsa, ctx ) ) == 0 ) 00247 ret = ecdsa_sign_wrap( &ecdsa, md_alg, hash, hash_len, sig, sig_len, 00248 f_rng, p_rng ); 00249 00250 mbedtls_ecdsa_free( &ecdsa ); 00251 00252 return( ret ); 00253 } 00254 00255 #endif /* MBEDTLS_ECDSA_C */ 00256 00257 static int eckey_check_pair( const void *pub, const void *prv ) 00258 { 00259 return( mbedtls_ecp_check_pub_priv( (const mbedtls_ecp_keypair *) pub, 00260 (const mbedtls_ecp_keypair *) prv ) ); 00261 } 00262 00263 static void *eckey_alloc_wrap( void ) 00264 { 00265 void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ecp_keypair ) ); 00266 00267 if( ctx != NULL ) 00268 mbedtls_ecp_keypair_init( ctx ); 00269 00270 return( ctx ); 00271 } 00272 00273 static void eckey_free_wrap( void *ctx ) 00274 { 00275 mbedtls_ecp_keypair_free( (mbedtls_ecp_keypair *) ctx ); 00276 mbedtls_free( ctx ); 00277 } 00278 00279 static void eckey_debug( const void *ctx, mbedtls_pk_debug_item *items ) 00280 { 00281 items->type = MBEDTLS_PK_DEBUG_ECP; 00282 items->name = "eckey.Q"; 00283 items->value = &( ((mbedtls_ecp_keypair *) ctx)->Q ); 00284 } 00285 00286 const mbedtls_pk_info_t mbedtls_eckey_info = { 00287 MBEDTLS_PK_ECKEY, 00288 "EC", 00289 eckey_get_bitlen, 00290 eckey_can_do, 00291 #if defined(MBEDTLS_ECDSA_C) 00292 eckey_verify_wrap, 00293 eckey_sign_wrap, 00294 #else 00295 NULL, 00296 NULL, 00297 #endif 00298 NULL, 00299 NULL, 00300 eckey_check_pair, 00301 eckey_alloc_wrap, 00302 eckey_free_wrap, 00303 eckey_debug, 00304 }; 00305 00306 /* 00307 * EC key restricted to ECDH 00308 */ 00309 static int eckeydh_can_do( mbedtls_pk_type_t type ) 00310 { 00311 return( type == MBEDTLS_PK_ECKEY || 00312 type == MBEDTLS_PK_ECKEY_DH ); 00313 } 00314 00315 const mbedtls_pk_info_t mbedtls_eckeydh_info = { 00316 MBEDTLS_PK_ECKEY_DH, 00317 "EC_DH", 00318 eckey_get_bitlen, /* Same underlying key structure */ 00319 eckeydh_can_do, 00320 NULL, 00321 NULL, 00322 NULL, 00323 NULL, 00324 eckey_check_pair, 00325 eckey_alloc_wrap, /* Same underlying key structure */ 00326 eckey_free_wrap, /* Same underlying key structure */ 00327 eckey_debug, /* Same underlying key structure */ 00328 }; 00329 #endif /* MBEDTLS_ECP_C */ 00330 00331 #if defined(MBEDTLS_ECDSA_C) 00332 static int ecdsa_can_do( mbedtls_pk_type_t type ) 00333 { 00334 return( type == MBEDTLS_PK_ECDSA ); 00335 } 00336 00337 static int ecdsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, 00338 const unsigned char *hash, size_t hash_len, 00339 const unsigned char *sig, size_t sig_len ) 00340 { 00341 int ret; 00342 ((void) md_alg); 00343 00344 ret = mbedtls_ecdsa_read_signature( (mbedtls_ecdsa_context *) ctx, 00345 hash, hash_len, sig, sig_len ); 00346 00347 if( ret == MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH ) 00348 return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH ); 00349 00350 return( ret ); 00351 } 00352 00353 static int ecdsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, 00354 const unsigned char *hash, size_t hash_len, 00355 unsigned char *sig, size_t *sig_len, 00356 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) 00357 { 00358 return( mbedtls_ecdsa_write_signature( (mbedtls_ecdsa_context *) ctx, 00359 md_alg, hash, hash_len, sig, sig_len, f_rng, p_rng ) ); 00360 } 00361 00362 static void *ecdsa_alloc_wrap( void ) 00363 { 00364 void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ecdsa_context ) ); 00365 00366 if( ctx != NULL ) 00367 mbedtls_ecdsa_init( (mbedtls_ecdsa_context *) ctx ); 00368 00369 return( ctx ); 00370 } 00371 00372 static void ecdsa_free_wrap( void *ctx ) 00373 { 00374 mbedtls_ecdsa_free( (mbedtls_ecdsa_context *) ctx ); 00375 mbedtls_free( ctx ); 00376 } 00377 00378 const mbedtls_pk_info_t mbedtls_ecdsa_info = { 00379 MBEDTLS_PK_ECDSA, 00380 "ECDSA", 00381 eckey_get_bitlen, /* Compatible key structures */ 00382 ecdsa_can_do, 00383 ecdsa_verify_wrap, 00384 ecdsa_sign_wrap, 00385 NULL, 00386 NULL, 00387 eckey_check_pair, /* Compatible key structures */ 00388 ecdsa_alloc_wrap, 00389 ecdsa_free_wrap, 00390 eckey_debug, /* Compatible key structures */ 00391 }; 00392 #endif /* MBEDTLS_ECDSA_C */ 00393 00394 #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT) 00395 /* 00396 * Support for alternative RSA-private implementations 00397 */ 00398 00399 static int rsa_alt_can_do( mbedtls_pk_type_t type ) 00400 { 00401 return( type == MBEDTLS_PK_RSA ); 00402 } 00403 00404 static size_t rsa_alt_get_bitlen( const void *ctx ) 00405 { 00406 const mbedtls_rsa_alt_context *rsa_alt = (const mbedtls_rsa_alt_context *) ctx; 00407 00408 return( 8 * rsa_alt->key_len_func( rsa_alt->key ) ); 00409 } 00410 00411 static int rsa_alt_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, 00412 const unsigned char *hash, size_t hash_len, 00413 unsigned char *sig, size_t *sig_len, 00414 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) 00415 { 00416 mbedtls_rsa_alt_context *rsa_alt = (mbedtls_rsa_alt_context *) ctx; 00417 00418 #if defined(MBEDTLS_HAVE_INT64) 00419 if( UINT_MAX < hash_len ) 00420 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 00421 #endif /* MBEDTLS_HAVE_INT64 */ 00422 00423 *sig_len = rsa_alt->key_len_func( rsa_alt->key ); 00424 00425 return( rsa_alt->sign_func( rsa_alt->key, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, 00426 md_alg, (unsigned int) hash_len, hash, sig ) ); 00427 } 00428 00429 static int rsa_alt_decrypt_wrap( void *ctx, 00430 const unsigned char *input, size_t ilen, 00431 unsigned char *output, size_t *olen, size_t osize, 00432 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) 00433 { 00434 mbedtls_rsa_alt_context *rsa_alt = (mbedtls_rsa_alt_context *) ctx; 00435 00436 ((void) f_rng); 00437 ((void) p_rng); 00438 00439 if( ilen != rsa_alt->key_len_func( rsa_alt->key ) ) 00440 return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); 00441 00442 return( rsa_alt->decrypt_func( rsa_alt->key, 00443 MBEDTLS_RSA_PRIVATE, olen, input, output, osize ) ); 00444 } 00445 00446 #if defined(MBEDTLS_RSA_C) 00447 static int rsa_alt_check_pair( const void *pub, const void *prv ) 00448 { 00449 unsigned char sig[MBEDTLS_MPI_MAX_SIZE]; 00450 unsigned char hash[32]; 00451 size_t sig_len = 0; 00452 int ret; 00453 00454 if( rsa_alt_get_bitlen( prv ) != rsa_get_bitlen( pub ) ) 00455 return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); 00456 00457 memset( hash, 0x2a, sizeof( hash ) ); 00458 00459 if( ( ret = rsa_alt_sign_wrap( (void *) prv, MBEDTLS_MD_NONE, 00460 hash, sizeof( hash ), 00461 sig, &sig_len, NULL, NULL ) ) != 0 ) 00462 { 00463 return( ret ); 00464 } 00465 00466 if( rsa_verify_wrap( (void *) pub, MBEDTLS_MD_NONE, 00467 hash, sizeof( hash ), sig, sig_len ) != 0 ) 00468 { 00469 return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); 00470 } 00471 00472 return( 0 ); 00473 } 00474 #endif /* MBEDTLS_RSA_C */ 00475 00476 static void *rsa_alt_alloc_wrap( void ) 00477 { 00478 void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_rsa_alt_context ) ); 00479 00480 if( ctx != NULL ) 00481 memset( ctx, 0, sizeof( mbedtls_rsa_alt_context ) ); 00482 00483 return( ctx ); 00484 } 00485 00486 static void rsa_alt_free_wrap( void *ctx ) 00487 { 00488 mbedtls_zeroize( ctx, sizeof( mbedtls_rsa_alt_context ) ); 00489 mbedtls_free( ctx ); 00490 } 00491 00492 const mbedtls_pk_info_t mbedtls_rsa_alt_info = { 00493 MBEDTLS_PK_RSA_ALT, 00494 "RSA-alt", 00495 rsa_alt_get_bitlen, 00496 rsa_alt_can_do, 00497 NULL, 00498 rsa_alt_sign_wrap, 00499 rsa_alt_decrypt_wrap, 00500 NULL, 00501 #if defined(MBEDTLS_RSA_C) 00502 rsa_alt_check_pair, 00503 #else 00504 NULL, 00505 #endif 00506 rsa_alt_alloc_wrap, 00507 rsa_alt_free_wrap, 00508 NULL, 00509 }; 00510 00511 #endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */ 00512 00513 #endif /* MBEDTLS_PK_C */
Generated on Tue Jul 12 2022 17:25:42 by
1.7.2