sandbox
mbedtls ported to mbed-classic
Fork of
mbedtls
by 
Christopher Haster
Embed:
(wiki syntax)
Show/hide line numbers
pk_wrap.c
00001 /* 00002 * Public Key abstraction layer: wrapper functions 00003 * 00004 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 00005 * SPDX-License-Identifier: Apache-2.0 00006 * 00007 * Licensed under the Apache License, Version 2.0 (the "License"); you may 00008 * not use this file except in compliance with the License. 00009 * You may obtain a copy of the License at 00010 * 00011 * http://www.apache.org/licenses/LICENSE-2.0 00012 * 00013 * Unless required by applicable law or agreed to in writing, software 00014 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 00015 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 00016 * See the License for the specific language governing permissions and 00017 * limitations under the License. 00018 * 00019 * This file is part of mbed TLS (https://tls.mbed.org) 00020 */ 00021 00022 #if !defined(MBEDTLS_CONFIG_FILE) 00023 #include "mbedtls/config.h" 00024 #else 00025 #include MBEDTLS_CONFIG_FILE 00026 #endif 00027 00028 #if defined(MBEDTLS_PK_C) 00029 #include "mbedtls/pk_internal.h" 00030 00031 /* Even if RSA not activated, for the sake of RSA-alt */ 00032 #include "mbedtls/rsa.h" 00033 00034 #include <string.h> 00035 00036 #if defined(MBEDTLS_ECP_C) 00037 #include "mbedtls/ecp.h" 00038 #endif 00039 00040 #if defined(MBEDTLS_ECDSA_C) 00041 #include "mbedtls/ecdsa.h" 00042 #endif 00043 00044 #if defined(MBEDTLS_PLATFORM_C) 00045 #include "mbedtls/platform.h" 00046 #else 00047 #include <stdlib.h> 00048 #define mbedtls_calloc calloc 00049 #define mbedtls_free free 00050 #endif 00051 00052 #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT) 00053 /* Implementation that should never be optimized out by the compiler */ 00054 static void mbedtls_zeroize( void *v, size_t n ) { 00055 volatile unsigned char *p = v; while( n-- ) *p++ = 0; 00056 } 00057 #endif 00058 00059 #if defined(MBEDTLS_RSA_C) 00060 static int rsa_can_do( mbedtls_pk_type_t type ) 00061 { 00062 return( type == MBEDTLS_PK_RSA || 00063 type == MBEDTLS_PK_RSASSA_PSS ); 00064 } 00065 00066 static size_t rsa_get_bitlen( const void *ctx ) 00067 { 00068 return( 8 * ((const mbedtls_rsa_context *) ctx)->len ); 00069 } 00070 00071 static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, 00072 const unsigned char *hash, size_t hash_len, 00073 const unsigned char *sig, size_t sig_len ) 00074 { 00075 int ret; 00076 00077 if( sig_len < ((mbedtls_rsa_context *) ctx)->len ) 00078 return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); 00079 00080 if( ( ret = mbedtls_rsa_pkcs1_verify( (mbedtls_rsa_context *) ctx, NULL, NULL, 00081 MBEDTLS_RSA_PUBLIC, md_alg, 00082 (unsigned int) hash_len, hash, sig ) ) != 0 ) 00083 return( ret ); 00084 00085 if( sig_len > ((mbedtls_rsa_context *) ctx)->len ) 00086 return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH ); 00087 00088 return( 0 ); 00089 } 00090 00091 static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, 00092 const unsigned char *hash, size_t hash_len, 00093 unsigned char *sig, size_t *sig_len, 00094 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) 00095 { 00096 *sig_len = ((mbedtls_rsa_context *) ctx)->len; 00097 00098 return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, 00099 md_alg, (unsigned int) hash_len, hash, sig ) ); 00100 } 00101 00102 static int rsa_decrypt_wrap( void *ctx, 00103 const unsigned char *input, size_t ilen, 00104 unsigned char *output, size_t *olen, size_t osize, 00105 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) 00106 { 00107 if( ilen != ((mbedtls_rsa_context *) ctx)->len ) 00108 return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); 00109 00110 return( mbedtls_rsa_pkcs1_decrypt( (mbedtls_rsa_context *) ctx, f_rng, p_rng, 00111 MBEDTLS_RSA_PRIVATE, olen, input, output, osize ) ); 00112 } 00113 00114 static int rsa_encrypt_wrap( void *ctx, 00115 const unsigned char *input, size_t ilen, 00116 unsigned char *output, size_t *olen, size_t osize, 00117 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) 00118 { 00119 *olen = ((mbedtls_rsa_context *) ctx)->len; 00120 00121 if( *olen > osize ) 00122 return( MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE ); 00123 00124 return( mbedtls_rsa_pkcs1_encrypt( (mbedtls_rsa_context *) ctx, 00125 f_rng, p_rng, MBEDTLS_RSA_PUBLIC, ilen, input, output ) ); 00126 } 00127 00128 static int rsa_check_pair_wrap( const void *pub, const void *prv ) 00129 { 00130 return( mbedtls_rsa_check_pub_priv( (const mbedtls_rsa_context *) pub, 00131 (const mbedtls_rsa_context *) prv ) ); 00132 } 00133 00134 static void *rsa_alloc_wrap( void ) 00135 { 00136 void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_rsa_context ) ); 00137 00138 if( ctx != NULL ) 00139 mbedtls_rsa_init( (mbedtls_rsa_context *) ctx, 0, 0 ); 00140 00141 return( ctx ); 00142 } 00143 00144 static void rsa_free_wrap( void *ctx ) 00145 { 00146 mbedtls_rsa_free( (mbedtls_rsa_context *) ctx ); 00147 mbedtls_free( ctx ); 00148 } 00149 00150 static void rsa_debug( const void *ctx, mbedtls_pk_debug_item *items ) 00151 { 00152 items->type = MBEDTLS_PK_DEBUG_MPI; 00153 items->name = "rsa.N"; 00154 items->value = &( ((mbedtls_rsa_context *) ctx)->N ); 00155 00156 items++; 00157 00158 items->type = MBEDTLS_PK_DEBUG_MPI; 00159 items->name = "rsa.E"; 00160 items->value = &( ((mbedtls_rsa_context *) ctx)->E ); 00161 } 00162 00163 const mbedtls_pk_info_t mbedtls_rsa_info = { 00164 MBEDTLS_PK_RSA, 00165 "RSA", 00166 rsa_get_bitlen, 00167 rsa_can_do, 00168 rsa_verify_wrap, 00169 rsa_sign_wrap, 00170 rsa_decrypt_wrap, 00171 rsa_encrypt_wrap, 00172 rsa_check_pair_wrap, 00173 rsa_alloc_wrap, 00174 rsa_free_wrap, 00175 rsa_debug, 00176 }; 00177 #endif /* MBEDTLS_RSA_C */ 00178 00179 #if defined(MBEDTLS_ECP_C) 00180 /* 00181 * Generic EC key 00182 */ 00183 static int eckey_can_do( mbedtls_pk_type_t type ) 00184 { 00185 return( type == MBEDTLS_PK_ECKEY || 00186 type == MBEDTLS_PK_ECKEY_DH || 00187 type == MBEDTLS_PK_ECDSA ); 00188 } 00189 00190 static size_t eckey_get_bitlen( const void *ctx ) 00191 { 00192 return( ((mbedtls_ecp_keypair *) ctx)->grp.pbits ); 00193 } 00194 00195 #if defined(MBEDTLS_ECDSA_C) 00196 /* Forward declarations */ 00197 static int ecdsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, 00198 const unsigned char *hash, size_t hash_len, 00199 const unsigned char *sig, size_t sig_len ); 00200 00201 static int ecdsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, 00202 const unsigned char *hash, size_t hash_len, 00203 unsigned char *sig, size_t *sig_len, 00204 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); 00205 00206 static int eckey_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, 00207 const unsigned char *hash, size_t hash_len, 00208 const unsigned char *sig, size_t sig_len ) 00209 { 00210 int ret; 00211 mbedtls_ecdsa_context ecdsa; 00212 00213 mbedtls_ecdsa_init( &ecdsa ); 00214 00215 if( ( ret = mbedtls_ecdsa_from_keypair( &ecdsa, ctx ) ) == 0 ) 00216 ret = ecdsa_verify_wrap( &ecdsa, md_alg, hash, hash_len, sig, sig_len ); 00217 00218 mbedtls_ecdsa_free( &ecdsa ); 00219 00220 return( ret ); 00221 } 00222 00223 static int eckey_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, 00224 const unsigned char *hash, size_t hash_len, 00225 unsigned char *sig, size_t *sig_len, 00226 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) 00227 { 00228 int ret; 00229 mbedtls_ecdsa_context ecdsa; 00230 00231 mbedtls_ecdsa_init( &ecdsa ); 00232 00233 if( ( ret = mbedtls_ecdsa_from_keypair( &ecdsa, ctx ) ) == 0 ) 00234 ret = ecdsa_sign_wrap( &ecdsa, md_alg, hash, hash_len, sig, sig_len, 00235 f_rng, p_rng ); 00236 00237 mbedtls_ecdsa_free( &ecdsa ); 00238 00239 return( ret ); 00240 } 00241 00242 #endif /* MBEDTLS_ECDSA_C */ 00243 00244 static int eckey_check_pair( const void *pub, const void *prv ) 00245 { 00246 return( mbedtls_ecp_check_pub_priv( (const mbedtls_ecp_keypair *) pub, 00247 (const mbedtls_ecp_keypair *) prv ) ); 00248 } 00249 00250 static void *eckey_alloc_wrap( void ) 00251 { 00252 void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ecp_keypair ) ); 00253 00254 if( ctx != NULL ) 00255 mbedtls_ecp_keypair_init( ctx ); 00256 00257 return( ctx ); 00258 } 00259 00260 static void eckey_free_wrap( void *ctx ) 00261 { 00262 mbedtls_ecp_keypair_free( (mbedtls_ecp_keypair *) ctx ); 00263 mbedtls_free( ctx ); 00264 } 00265 00266 static void eckey_debug( const void *ctx, mbedtls_pk_debug_item *items ) 00267 { 00268 items->type = MBEDTLS_PK_DEBUG_ECP; 00269 items->name = "eckey.Q"; 00270 items->value = &( ((mbedtls_ecp_keypair *) ctx)->Q ); 00271 } 00272 00273 const mbedtls_pk_info_t mbedtls_eckey_info = { 00274 MBEDTLS_PK_ECKEY, 00275 "EC", 00276 eckey_get_bitlen, 00277 eckey_can_do, 00278 #if defined(MBEDTLS_ECDSA_C) 00279 eckey_verify_wrap, 00280 eckey_sign_wrap, 00281 #else 00282 NULL, 00283 NULL, 00284 #endif 00285 NULL, 00286 NULL, 00287 eckey_check_pair, 00288 eckey_alloc_wrap, 00289 eckey_free_wrap, 00290 eckey_debug, 00291 }; 00292 00293 /* 00294 * EC key restricted to ECDH 00295 */ 00296 static int eckeydh_can_do( mbedtls_pk_type_t type ) 00297 { 00298 return( type == MBEDTLS_PK_ECKEY || 00299 type == MBEDTLS_PK_ECKEY_DH ); 00300 } 00301 00302 const mbedtls_pk_info_t mbedtls_eckeydh_info = { 00303 MBEDTLS_PK_ECKEY_DH, 00304 "EC_DH", 00305 eckey_get_bitlen, /* Same underlying key structure */ 00306 eckeydh_can_do, 00307 NULL, 00308 NULL, 00309 NULL, 00310 NULL, 00311 eckey_check_pair, 00312 eckey_alloc_wrap, /* Same underlying key structure */ 00313 eckey_free_wrap, /* Same underlying key structure */ 00314 eckey_debug, /* Same underlying key structure */ 00315 }; 00316 #endif /* MBEDTLS_ECP_C */ 00317 00318 #if defined(MBEDTLS_ECDSA_C) 00319 static int ecdsa_can_do( mbedtls_pk_type_t type ) 00320 { 00321 return( type == MBEDTLS_PK_ECDSA ); 00322 } 00323 00324 static int ecdsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, 00325 const unsigned char *hash, size_t hash_len, 00326 const unsigned char *sig, size_t sig_len ) 00327 { 00328 int ret; 00329 ((void) md_alg); 00330 00331 ret = mbedtls_ecdsa_read_signature( (mbedtls_ecdsa_context *) ctx, 00332 hash, hash_len, sig, sig_len ); 00333 00334 if( ret == MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH ) 00335 return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH ); 00336 00337 return( ret ); 00338 } 00339 00340 static int ecdsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, 00341 const unsigned char *hash, size_t hash_len, 00342 unsigned char *sig, size_t *sig_len, 00343 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) 00344 { 00345 return( mbedtls_ecdsa_write_signature( (mbedtls_ecdsa_context *) ctx, 00346 md_alg, hash, hash_len, sig, sig_len, f_rng, p_rng ) ); 00347 } 00348 00349 static void *ecdsa_alloc_wrap( void ) 00350 { 00351 void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ecdsa_context ) ); 00352 00353 if( ctx != NULL ) 00354 mbedtls_ecdsa_init( (mbedtls_ecdsa_context *) ctx ); 00355 00356 return( ctx ); 00357 } 00358 00359 static void ecdsa_free_wrap( void *ctx ) 00360 { 00361 mbedtls_ecdsa_free( (mbedtls_ecdsa_context *) ctx ); 00362 mbedtls_free( ctx ); 00363 } 00364 00365 const mbedtls_pk_info_t mbedtls_ecdsa_info = { 00366 MBEDTLS_PK_ECDSA, 00367 "ECDSA", 00368 eckey_get_bitlen, /* Compatible key structures */ 00369 ecdsa_can_do, 00370 ecdsa_verify_wrap, 00371 ecdsa_sign_wrap, 00372 NULL, 00373 NULL, 00374 eckey_check_pair, /* Compatible key structures */ 00375 ecdsa_alloc_wrap, 00376 ecdsa_free_wrap, 00377 eckey_debug, /* Compatible key structures */ 00378 }; 00379 #endif /* MBEDTLS_ECDSA_C */ 00380 00381 #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT) 00382 /* 00383 * Support for alternative RSA-private implementations 00384 */ 00385 00386 static int rsa_alt_can_do( mbedtls_pk_type_t type ) 00387 { 00388 return( type == MBEDTLS_PK_RSA ); 00389 } 00390 00391 static size_t rsa_alt_get_bitlen( const void *ctx ) 00392 { 00393 const mbedtls_rsa_alt_context *rsa_alt = (const mbedtls_rsa_alt_context *) ctx; 00394 00395 return( 8 * rsa_alt->key_len_func( rsa_alt->key ) ); 00396 } 00397 00398 static int rsa_alt_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, 00399 const unsigned char *hash, size_t hash_len, 00400 unsigned char *sig, size_t *sig_len, 00401 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) 00402 { 00403 mbedtls_rsa_alt_context *rsa_alt = (mbedtls_rsa_alt_context *) ctx; 00404 00405 *sig_len = rsa_alt->key_len_func( rsa_alt->key ); 00406 00407 return( rsa_alt->sign_func( rsa_alt->key, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, 00408 md_alg, (unsigned int) hash_len, hash, sig ) ); 00409 } 00410 00411 static int rsa_alt_decrypt_wrap( void *ctx, 00412 const unsigned char *input, size_t ilen, 00413 unsigned char *output, size_t *olen, size_t osize, 00414 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) 00415 { 00416 mbedtls_rsa_alt_context *rsa_alt = (mbedtls_rsa_alt_context *) ctx; 00417 00418 ((void) f_rng); 00419 ((void) p_rng); 00420 00421 if( ilen != rsa_alt->key_len_func( rsa_alt->key ) ) 00422 return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); 00423 00424 return( rsa_alt->decrypt_func( rsa_alt->key, 00425 MBEDTLS_RSA_PRIVATE, olen, input, output, osize ) ); 00426 } 00427 00428 #if defined(MBEDTLS_RSA_C) 00429 static int rsa_alt_check_pair( const void *pub, const void *prv ) 00430 { 00431 unsigned char sig[MBEDTLS_MPI_MAX_SIZE]; 00432 unsigned char hash[32]; 00433 size_t sig_len = 0; 00434 int ret; 00435 00436 if( rsa_alt_get_bitlen( prv ) != rsa_get_bitlen( pub ) ) 00437 return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); 00438 00439 memset( hash, 0x2a, sizeof( hash ) ); 00440 00441 if( ( ret = rsa_alt_sign_wrap( (void *) prv, MBEDTLS_MD_NONE, 00442 hash, sizeof( hash ), 00443 sig, &sig_len, NULL, NULL ) ) != 0 ) 00444 { 00445 return( ret ); 00446 } 00447 00448 if( rsa_verify_wrap( (void *) pub, MBEDTLS_MD_NONE, 00449 hash, sizeof( hash ), sig, sig_len ) != 0 ) 00450 { 00451 return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); 00452 } 00453 00454 return( 0 ); 00455 } 00456 #endif /* MBEDTLS_RSA_C */ 00457 00458 static void *rsa_alt_alloc_wrap( void ) 00459 { 00460 void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_rsa_alt_context ) ); 00461 00462 if( ctx != NULL ) 00463 memset( ctx, 0, sizeof( mbedtls_rsa_alt_context ) ); 00464 00465 return( ctx ); 00466 } 00467 00468 static void rsa_alt_free_wrap( void *ctx ) 00469 { 00470 mbedtls_zeroize( ctx, sizeof( mbedtls_rsa_alt_context ) ); 00471 mbedtls_free( ctx ); 00472 } 00473 00474 const mbedtls_pk_info_t mbedtls_rsa_alt_info = { 00475 MBEDTLS_PK_RSA_ALT, 00476 "RSA-alt", 00477 rsa_alt_get_bitlen, 00478 rsa_alt_can_do, 00479 NULL, 00480 rsa_alt_sign_wrap, 00481 rsa_alt_decrypt_wrap, 00482 NULL, 00483 #if defined(MBEDTLS_RSA_C) 00484 rsa_alt_check_pair, 00485 #else 00486 NULL, 00487 #endif 00488 rsa_alt_alloc_wrap, 00489 rsa_alt_free_wrap, 00490 NULL, 00491 }; 00492 00493 #endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */ 00494 00495 #endif /* MBEDTLS_PK_C */
Generated on Tue Jul 12 2022 12:52:45 by
1.7.2