Embed:
(wiki syntax)
Show/hide line numbers
pk_wrap.c
00001 /* 00002 * Public Key abstraction layer: wrapper functions 00003 * 00004 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 00005 * SPDX-License-Identifier: Apache-2.0 00006 * 00007 * Licensed under the Apache License, Version 2.0 (the "License"); you may 00008 * not use this file except in compliance with the License. 00009 * You may obtain a copy of the License at 00010 * 00011 * http://www.apache.org/licenses/LICENSE-2.0 00012 * 00013 * Unless required by applicable law or agreed to in writing, software 00014 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 00015 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 00016 * See the License for the specific language governing permissions and 00017 * limitations under the License. 00018 * 00019 * This file is part of mbed TLS (https://tls.mbed.org) 00020 */ 00021 00022 #if !defined(MBEDTLS_CONFIG_FILE) 00023 #include "mbedtls/config.h" 00024 #else 00025 #include MBEDTLS_CONFIG_FILE 00026 #endif 00027 00028 #if defined(MBEDTLS_PK_C) 00029 #include "mbedtls/pk_internal.h" 00030 00031 /* Even if RSA not activated, for the sake of RSA-alt */ 00032 #include "mbedtls/rsa.h" 00033 00034 #include <string.h> 00035 00036 #if defined(MBEDTLS_ECP_C) 00037 #include "mbedtls/ecp.h" 00038 #endif 00039 00040 #if defined(MBEDTLS_ECDSA_C) 00041 #include "mbedtls/ecdsa.h" 00042 #endif 00043 00044 #if defined(MBEDTLS_PLATFORM_C) 00045 #include "mbedtls/platform.h" 00046 #else 00047 #include <stdlib.h> 00048 #define mbedtls_calloc calloc 00049 #define mbedtls_free free 00050 #endif 00051 00052 #include <limits.h> 00053 #include <stdint.h> 00054 00055 #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT) 00056 /* Implementation that should never be optimized out by the compiler */ 00057 static void mbedtls_zeroize( void *v, size_t n ) { 00058 volatile unsigned char *p = v; while( n-- ) *p++ = 0; 00059 } 00060 #endif 00061 00062 #if defined(MBEDTLS_RSA_C) 00063 static int rsa_can_do( mbedtls_pk_type_t type ) 00064 { 00065 return( type == MBEDTLS_PK_RSA || 00066 type == MBEDTLS_PK_RSASSA_PSS ); 00067 } 00068 00069 static size_t rsa_get_bitlen( const void *ctx ) 00070 { 00071 const mbedtls_rsa_context * rsa = (const mbedtls_rsa_context *) ctx; 00072 return( 8 * mbedtls_rsa_get_len( rsa ) ); 00073 } 00074 00075 static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, 00076 const unsigned char *hash, size_t hash_len, 00077 const unsigned char *sig, size_t sig_len ) 00078 { 00079 int ret; 00080 mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx; 00081 size_t rsa_len = mbedtls_rsa_get_len( rsa ); 00082 00083 #if SIZE_MAX > UINT_MAX 00084 if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len ) 00085 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 00086 #endif /* SIZE_MAX > UINT_MAX */ 00087 00088 if( sig_len < rsa_len ) 00089 return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); 00090 00091 if( ( ret = mbedtls_rsa_pkcs1_verify( rsa, NULL, NULL, 00092 MBEDTLS_RSA_PUBLIC, md_alg, 00093 (unsigned int) hash_len, hash, sig ) ) != 0 ) 00094 return( ret ); 00095 00096 if( sig_len > rsa_len ) 00097 return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH ); 00098 00099 return( 0 ); 00100 } 00101 00102 static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, 00103 const unsigned char *hash, size_t hash_len, 00104 unsigned char *sig, size_t *sig_len, 00105 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) 00106 { 00107 mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx; 00108 00109 #if SIZE_MAX > UINT_MAX 00110 if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len ) 00111 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 00112 #endif /* SIZE_MAX > UINT_MAX */ 00113 00114 *sig_len = mbedtls_rsa_get_len( rsa ); 00115 00116 return( mbedtls_rsa_pkcs1_sign( rsa, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, 00117 md_alg, (unsigned int) hash_len, hash, sig ) ); 00118 } 00119 00120 static int rsa_decrypt_wrap( void *ctx, 00121 const unsigned char *input, size_t ilen, 00122 unsigned char *output, size_t *olen, size_t osize, 00123 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) 00124 { 00125 mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx; 00126 00127 if( ilen != mbedtls_rsa_get_len( rsa ) ) 00128 return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); 00129 00130 return( mbedtls_rsa_pkcs1_decrypt( rsa, f_rng, p_rng, 00131 MBEDTLS_RSA_PRIVATE, olen, input, output, osize ) ); 00132 } 00133 00134 static int rsa_encrypt_wrap( void *ctx, 00135 const unsigned char *input, size_t ilen, 00136 unsigned char *output, size_t *olen, size_t osize, 00137 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) 00138 { 00139 mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx; 00140 *olen = mbedtls_rsa_get_len( rsa ); 00141 00142 if( *olen > osize ) 00143 return( MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE ); 00144 00145 return( mbedtls_rsa_pkcs1_encrypt( rsa, f_rng, p_rng, MBEDTLS_RSA_PUBLIC, 00146 ilen, input, output ) ); 00147 } 00148 00149 static int rsa_check_pair_wrap( const void *pub, const void *prv ) 00150 { 00151 return( mbedtls_rsa_check_pub_priv( (const mbedtls_rsa_context *) pub, 00152 (const mbedtls_rsa_context *) prv ) ); 00153 } 00154 00155 static void *rsa_alloc_wrap( void ) 00156 { 00157 void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_rsa_context ) ); 00158 00159 if( ctx != NULL ) 00160 mbedtls_rsa_init( (mbedtls_rsa_context *) ctx, 0, 0 ); 00161 00162 return( ctx ); 00163 } 00164 00165 static void rsa_free_wrap( void *ctx ) 00166 { 00167 mbedtls_rsa_free( (mbedtls_rsa_context *) ctx ); 00168 mbedtls_free( ctx ); 00169 } 00170 00171 static void rsa_debug( const void *ctx, mbedtls_pk_debug_item *items ) 00172 { 00173 items->type = MBEDTLS_PK_DEBUG_MPI; 00174 items->name = "rsa.N"; 00175 items->value = &( ((mbedtls_rsa_context *) ctx)->N ); 00176 00177 items++; 00178 00179 items->type = MBEDTLS_PK_DEBUG_MPI; 00180 items->name = "rsa.E"; 00181 items->value = &( ((mbedtls_rsa_context *) ctx)->E ); 00182 } 00183 00184 const mbedtls_pk_info_t mbedtls_rsa_info = { 00185 MBEDTLS_PK_RSA, 00186 "RSA", 00187 rsa_get_bitlen, 00188 rsa_can_do, 00189 rsa_verify_wrap, 00190 rsa_sign_wrap, 00191 rsa_decrypt_wrap, 00192 rsa_encrypt_wrap, 00193 rsa_check_pair_wrap, 00194 rsa_alloc_wrap, 00195 rsa_free_wrap, 00196 rsa_debug, 00197 }; 00198 #endif /* MBEDTLS_RSA_C */ 00199 00200 #if defined(MBEDTLS_ECP_C) 00201 /* 00202 * Generic EC key 00203 */ 00204 static int eckey_can_do( mbedtls_pk_type_t type ) 00205 { 00206 return( type == MBEDTLS_PK_ECKEY || 00207 type == MBEDTLS_PK_ECKEY_DH || 00208 type == MBEDTLS_PK_ECDSA ); 00209 } 00210 00211 static size_t eckey_get_bitlen( const void *ctx ) 00212 { 00213 return( ((mbedtls_ecp_keypair *) ctx)->grp.pbits ); 00214 } 00215 00216 #if defined(MBEDTLS_ECDSA_C) 00217 /* Forward declarations */ 00218 static int ecdsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, 00219 const unsigned char *hash, size_t hash_len, 00220 const unsigned char *sig, size_t sig_len ); 00221 00222 static int ecdsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, 00223 const unsigned char *hash, size_t hash_len, 00224 unsigned char *sig, size_t *sig_len, 00225 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); 00226 00227 static int eckey_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, 00228 const unsigned char *hash, size_t hash_len, 00229 const unsigned char *sig, size_t sig_len ) 00230 { 00231 int ret; 00232 mbedtls_ecdsa_context ecdsa; 00233 00234 mbedtls_ecdsa_init( &ecdsa ); 00235 00236 if( ( ret = mbedtls_ecdsa_from_keypair( &ecdsa, ctx ) ) == 0 ) 00237 ret = ecdsa_verify_wrap( &ecdsa, md_alg, hash, hash_len, sig, sig_len ); 00238 00239 mbedtls_ecdsa_free( &ecdsa ); 00240 00241 return( ret ); 00242 } 00243 00244 static int eckey_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, 00245 const unsigned char *hash, size_t hash_len, 00246 unsigned char *sig, size_t *sig_len, 00247 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) 00248 { 00249 int ret; 00250 mbedtls_ecdsa_context ecdsa; 00251 00252 mbedtls_ecdsa_init( &ecdsa ); 00253 00254 if( ( ret = mbedtls_ecdsa_from_keypair( &ecdsa, ctx ) ) == 0 ) 00255 ret = ecdsa_sign_wrap( &ecdsa, md_alg, hash, hash_len, sig, sig_len, 00256 f_rng, p_rng ); 00257 00258 mbedtls_ecdsa_free( &ecdsa ); 00259 00260 return( ret ); 00261 } 00262 00263 #endif /* MBEDTLS_ECDSA_C */ 00264 00265 static int eckey_check_pair( const void *pub, const void *prv ) 00266 { 00267 return( mbedtls_ecp_check_pub_priv( (const mbedtls_ecp_keypair *) pub, 00268 (const mbedtls_ecp_keypair *) prv ) ); 00269 } 00270 00271 static void *eckey_alloc_wrap( void ) 00272 { 00273 void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ecp_keypair ) ); 00274 00275 if( ctx != NULL ) 00276 mbedtls_ecp_keypair_init( ctx ); 00277 00278 return( ctx ); 00279 } 00280 00281 static void eckey_free_wrap( void *ctx ) 00282 { 00283 mbedtls_ecp_keypair_free( (mbedtls_ecp_keypair *) ctx ); 00284 mbedtls_free( ctx ); 00285 } 00286 00287 static void eckey_debug( const void *ctx, mbedtls_pk_debug_item *items ) 00288 { 00289 items->type = MBEDTLS_PK_DEBUG_ECP; 00290 items->name = "eckey.Q"; 00291 items->value = &( ((mbedtls_ecp_keypair *) ctx)->Q ); 00292 } 00293 00294 const mbedtls_pk_info_t mbedtls_eckey_info = { 00295 MBEDTLS_PK_ECKEY, 00296 "EC", 00297 eckey_get_bitlen, 00298 eckey_can_do, 00299 #if defined(MBEDTLS_ECDSA_C) 00300 eckey_verify_wrap, 00301 eckey_sign_wrap, 00302 #else 00303 NULL, 00304 NULL, 00305 #endif 00306 NULL, 00307 NULL, 00308 eckey_check_pair, 00309 eckey_alloc_wrap, 00310 eckey_free_wrap, 00311 eckey_debug, 00312 }; 00313 00314 /* 00315 * EC key restricted to ECDH 00316 */ 00317 static int eckeydh_can_do( mbedtls_pk_type_t type ) 00318 { 00319 return( type == MBEDTLS_PK_ECKEY || 00320 type == MBEDTLS_PK_ECKEY_DH ); 00321 } 00322 00323 const mbedtls_pk_info_t mbedtls_eckeydh_info = { 00324 MBEDTLS_PK_ECKEY_DH, 00325 "EC_DH", 00326 eckey_get_bitlen, /* Same underlying key structure */ 00327 eckeydh_can_do, 00328 NULL, 00329 NULL, 00330 NULL, 00331 NULL, 00332 eckey_check_pair, 00333 eckey_alloc_wrap, /* Same underlying key structure */ 00334 eckey_free_wrap, /* Same underlying key structure */ 00335 eckey_debug, /* Same underlying key structure */ 00336 }; 00337 #endif /* MBEDTLS_ECP_C */ 00338 00339 #if defined(MBEDTLS_ECDSA_C) 00340 static int ecdsa_can_do( mbedtls_pk_type_t type ) 00341 { 00342 return( type == MBEDTLS_PK_ECDSA ); 00343 } 00344 00345 static int ecdsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, 00346 const unsigned char *hash, size_t hash_len, 00347 const unsigned char *sig, size_t sig_len ) 00348 { 00349 int ret; 00350 ((void) md_alg); 00351 00352 ret = mbedtls_ecdsa_read_signature( (mbedtls_ecdsa_context *) ctx, 00353 hash, hash_len, sig, sig_len ); 00354 00355 if( ret == MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH ) 00356 return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH ); 00357 00358 return( ret ); 00359 } 00360 00361 static int ecdsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, 00362 const unsigned char *hash, size_t hash_len, 00363 unsigned char *sig, size_t *sig_len, 00364 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) 00365 { 00366 return( mbedtls_ecdsa_write_signature( (mbedtls_ecdsa_context *) ctx, 00367 md_alg, hash, hash_len, sig, sig_len, f_rng, p_rng ) ); 00368 } 00369 00370 static void *ecdsa_alloc_wrap( void ) 00371 { 00372 void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ecdsa_context ) ); 00373 00374 if( ctx != NULL ) 00375 mbedtls_ecdsa_init( (mbedtls_ecdsa_context *) ctx ); 00376 00377 return( ctx ); 00378 } 00379 00380 static void ecdsa_free_wrap( void *ctx ) 00381 { 00382 mbedtls_ecdsa_free( (mbedtls_ecdsa_context *) ctx ); 00383 mbedtls_free( ctx ); 00384 } 00385 00386 const mbedtls_pk_info_t mbedtls_ecdsa_info = { 00387 MBEDTLS_PK_ECDSA, 00388 "ECDSA", 00389 eckey_get_bitlen, /* Compatible key structures */ 00390 ecdsa_can_do, 00391 ecdsa_verify_wrap, 00392 ecdsa_sign_wrap, 00393 NULL, 00394 NULL, 00395 eckey_check_pair, /* Compatible key structures */ 00396 ecdsa_alloc_wrap, 00397 ecdsa_free_wrap, 00398 eckey_debug, /* Compatible key structures */ 00399 }; 00400 #endif /* MBEDTLS_ECDSA_C */ 00401 00402 #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT) 00403 /* 00404 * Support for alternative RSA-private implementations 00405 */ 00406 00407 static int rsa_alt_can_do( mbedtls_pk_type_t type ) 00408 { 00409 return( type == MBEDTLS_PK_RSA ); 00410 } 00411 00412 static size_t rsa_alt_get_bitlen( const void *ctx ) 00413 { 00414 const mbedtls_rsa_alt_context *rsa_alt = (const mbedtls_rsa_alt_context *) ctx; 00415 00416 return( 8 * rsa_alt->key_len_func( rsa_alt->key ) ); 00417 } 00418 00419 static int rsa_alt_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, 00420 const unsigned char *hash, size_t hash_len, 00421 unsigned char *sig, size_t *sig_len, 00422 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) 00423 { 00424 mbedtls_rsa_alt_context *rsa_alt = (mbedtls_rsa_alt_context *) ctx; 00425 00426 #if SIZE_MAX > UINT_MAX 00427 if( UINT_MAX < hash_len ) 00428 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 00429 #endif /* SIZE_MAX > UINT_MAX */ 00430 00431 *sig_len = rsa_alt->key_len_func( rsa_alt->key ); 00432 00433 return( rsa_alt->sign_func( rsa_alt->key, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, 00434 md_alg, (unsigned int) hash_len, hash, sig ) ); 00435 } 00436 00437 static int rsa_alt_decrypt_wrap( void *ctx, 00438 const unsigned char *input, size_t ilen, 00439 unsigned char *output, size_t *olen, size_t osize, 00440 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) 00441 { 00442 mbedtls_rsa_alt_context *rsa_alt = (mbedtls_rsa_alt_context *) ctx; 00443 00444 ((void) f_rng); 00445 ((void) p_rng); 00446 00447 if( ilen != rsa_alt->key_len_func( rsa_alt->key ) ) 00448 return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); 00449 00450 return( rsa_alt->decrypt_func( rsa_alt->key, 00451 MBEDTLS_RSA_PRIVATE, olen, input, output, osize ) ); 00452 } 00453 00454 #if defined(MBEDTLS_RSA_C) 00455 static int rsa_alt_check_pair( const void *pub, const void *prv ) 00456 { 00457 unsigned char sig[MBEDTLS_MPI_MAX_SIZE]; 00458 unsigned char hash[32]; 00459 size_t sig_len = 0; 00460 int ret; 00461 00462 if( rsa_alt_get_bitlen( prv ) != rsa_get_bitlen( pub ) ) 00463 return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); 00464 00465 memset( hash, 0x2a, sizeof( hash ) ); 00466 00467 if( ( ret = rsa_alt_sign_wrap( (void *) prv, MBEDTLS_MD_NONE, 00468 hash, sizeof( hash ), 00469 sig, &sig_len, NULL, NULL ) ) != 0 ) 00470 { 00471 return( ret ); 00472 } 00473 00474 if( rsa_verify_wrap( (void *) pub, MBEDTLS_MD_NONE, 00475 hash, sizeof( hash ), sig, sig_len ) != 0 ) 00476 { 00477 return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); 00478 } 00479 00480 return( 0 ); 00481 } 00482 #endif /* MBEDTLS_RSA_C */ 00483 00484 static void *rsa_alt_alloc_wrap( void ) 00485 { 00486 void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_rsa_alt_context ) ); 00487 00488 if( ctx != NULL ) 00489 memset( ctx, 0, sizeof( mbedtls_rsa_alt_context ) ); 00490 00491 return( ctx ); 00492 } 00493 00494 static void rsa_alt_free_wrap( void *ctx ) 00495 { 00496 mbedtls_zeroize( ctx, sizeof( mbedtls_rsa_alt_context ) ); 00497 mbedtls_free( ctx ); 00498 } 00499 00500 const mbedtls_pk_info_t mbedtls_rsa_alt_info = { 00501 MBEDTLS_PK_RSA_ALT, 00502 "RSA-alt", 00503 rsa_alt_get_bitlen, 00504 rsa_alt_can_do, 00505 NULL, 00506 rsa_alt_sign_wrap, 00507 rsa_alt_decrypt_wrap, 00508 NULL, 00509 #if defined(MBEDTLS_RSA_C) 00510 rsa_alt_check_pair, 00511 #else 00512 NULL, 00513 #endif 00514 rsa_alt_alloc_wrap, 00515 rsa_alt_free_wrap, 00516 NULL, 00517 }; 00518 00519 #endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */ 00520 00521 #endif /* MBEDTLS_PK_C */
Generated on Tue Jul 12 2022 12:22:17 by
1.7.2