Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
pk.c
00001 /* 00002 * Public Key abstraction layer 00003 * 00004 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 00005 * SPDX-License-Identifier: Apache-2.0 00006 * 00007 * Licensed under the Apache License, Version 2.0 (the "License"); you may 00008 * not use this file except in compliance with the License. 00009 * You may obtain a copy of the License at 00010 * 00011 * http://www.apache.org/licenses/LICENSE-2.0 00012 * 00013 * Unless required by applicable law or agreed to in writing, software 00014 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 00015 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 00016 * See the License for the specific language governing permissions and 00017 * limitations under the License. 00018 * 00019 * This file is part of mbed TLS (https://tls.mbed.org) 00020 */ 00021 00022 #if !defined(MBEDTLS_CONFIG_FILE) 00023 #include "mbedtls/config.h" 00024 #else 00025 #include MBEDTLS_CONFIG_FILE 00026 #endif 00027 00028 #if defined(MBEDTLS_PK_C) 00029 #include "mbedtls/pk.h" 00030 #include "mbedtls/pk_internal.h" 00031 00032 #include "mbedtls/platform_util.h" 00033 00034 #if defined(MBEDTLS_RSA_C) 00035 #include "mbedtls/rsa.h" 00036 #endif 00037 #if defined(MBEDTLS_ECP_C) 00038 #include "mbedtls/ecp.h" 00039 #endif 00040 #if defined(MBEDTLS_ECDSA_C) 00041 #include "mbedtls/ecdsa.h" 00042 #endif 00043 00044 #include <limits.h> 00045 #include <stdint.h> 00046 00047 /* 00048 * Initialise a mbedtls_pk_context 00049 */ 00050 void mbedtls_pk_init( mbedtls_pk_context *ctx ) 00051 { 00052 if( ctx == NULL ) 00053 return; 00054 00055 ctx->pk_info = NULL; 00056 ctx->pk_ctx = NULL; 00057 } 00058 00059 /* 00060 * Free (the components of) a mbedtls_pk_context 00061 */ 00062 void mbedtls_pk_free( mbedtls_pk_context *ctx ) 00063 { 00064 if( ctx == NULL || ctx->pk_info == NULL ) 00065 return; 00066 00067 ctx->pk_info->ctx_free_func( ctx->pk_ctx ); 00068 00069 mbedtls_platform_zeroize( ctx, sizeof( mbedtls_pk_context ) ); 00070 } 00071 00072 /* 00073 * Get pk_info structure from type 00074 */ 00075 const mbedtls_pk_info_t * mbedtls_pk_info_from_type( mbedtls_pk_type_t pk_type ) 00076 { 00077 switch( pk_type ) { 00078 #if defined(MBEDTLS_RSA_C) 00079 case MBEDTLS_PK_RSA: 00080 return( &mbedtls_rsa_info ); 00081 #endif 00082 #if defined(MBEDTLS_ECP_C) 00083 case MBEDTLS_PK_ECKEY: 00084 return( &mbedtls_eckey_info ); 00085 case MBEDTLS_PK_ECKEY_DH: 00086 return( &mbedtls_eckeydh_info ); 00087 #endif 00088 #if defined(MBEDTLS_ECDSA_C) 00089 case MBEDTLS_PK_ECDSA: 00090 return( &mbedtls_ecdsa_info ); 00091 #endif 00092 /* MBEDTLS_PK_RSA_ALT omitted on purpose */ 00093 default: 00094 return( NULL ); 00095 } 00096 } 00097 00098 /* 00099 * Initialise context 00100 */ 00101 int mbedtls_pk_setup( mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info ) 00102 { 00103 if( ctx == NULL || info == NULL || ctx->pk_info != NULL ) 00104 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 00105 00106 if( ( ctx->pk_ctx = info->ctx_alloc_func() ) == NULL ) 00107 return( MBEDTLS_ERR_PK_ALLOC_FAILED ); 00108 00109 ctx->pk_info = info; 00110 00111 return( 0 ); 00112 } 00113 00114 #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT) 00115 /* 00116 * Initialize an RSA-alt context 00117 */ 00118 int mbedtls_pk_setup_rsa_alt( mbedtls_pk_context *ctx, void * key, 00119 mbedtls_pk_rsa_alt_decrypt_func decrypt_func, 00120 mbedtls_pk_rsa_alt_sign_func sign_func, 00121 mbedtls_pk_rsa_alt_key_len_func key_len_func ) 00122 { 00123 mbedtls_rsa_alt_context *rsa_alt; 00124 const mbedtls_pk_info_t *info = &mbedtls_rsa_alt_info; 00125 00126 if( ctx == NULL || ctx->pk_info != NULL ) 00127 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 00128 00129 if( ( ctx->pk_ctx = info->ctx_alloc_func() ) == NULL ) 00130 return( MBEDTLS_ERR_PK_ALLOC_FAILED ); 00131 00132 ctx->pk_info = info; 00133 00134 rsa_alt = (mbedtls_rsa_alt_context *) ctx->pk_ctx; 00135 00136 rsa_alt->key = key; 00137 rsa_alt->decrypt_func = decrypt_func; 00138 rsa_alt->sign_func = sign_func; 00139 rsa_alt->key_len_func = key_len_func; 00140 00141 return( 0 ); 00142 } 00143 #endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */ 00144 00145 /* 00146 * Tell if a PK can do the operations of the given type 00147 */ 00148 int mbedtls_pk_can_do( const mbedtls_pk_context *ctx, mbedtls_pk_type_t type ) 00149 { 00150 /* null or NONE context can't do anything */ 00151 if( ctx == NULL || ctx->pk_info == NULL ) 00152 return( 0 ); 00153 00154 return( ctx->pk_info->can_do( type ) ); 00155 } 00156 00157 /* 00158 * Helper for mbedtls_pk_sign and mbedtls_pk_verify 00159 */ 00160 static inline int pk_hashlen_helper( mbedtls_md_type_t md_alg, size_t *hash_len ) 00161 { 00162 const mbedtls_md_info_t *md_info; 00163 00164 if( *hash_len != 0 ) 00165 return( 0 ); 00166 00167 if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) == NULL ) 00168 return( -1 ); 00169 00170 *hash_len = mbedtls_md_get_size( md_info ); 00171 return( 0 ); 00172 } 00173 00174 /* 00175 * Verify a signature 00176 */ 00177 int mbedtls_pk_verify( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, 00178 const unsigned char *hash, size_t hash_len, 00179 const unsigned char *sig, size_t sig_len ) 00180 { 00181 if( ctx == NULL || ctx->pk_info == NULL || 00182 pk_hashlen_helper( md_alg, &hash_len ) != 0 ) 00183 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 00184 00185 if( ctx->pk_info->verify_func == NULL ) 00186 return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); 00187 00188 return( ctx->pk_info->verify_func( ctx->pk_ctx, md_alg, hash, hash_len, 00189 sig, sig_len ) ); 00190 } 00191 00192 /* 00193 * Verify a signature with options 00194 */ 00195 int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options, 00196 mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, 00197 const unsigned char *hash, size_t hash_len, 00198 const unsigned char *sig, size_t sig_len ) 00199 { 00200 if( ctx == NULL || ctx->pk_info == NULL ) 00201 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 00202 00203 if( ! mbedtls_pk_can_do( ctx, type ) ) 00204 return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); 00205 00206 if( type == MBEDTLS_PK_RSASSA_PSS ) 00207 { 00208 #if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PKCS1_V21) 00209 int ret; 00210 const mbedtls_pk_rsassa_pss_options *pss_opts; 00211 00212 #if SIZE_MAX > UINT_MAX 00213 if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len ) 00214 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 00215 #endif /* SIZE_MAX > UINT_MAX */ 00216 00217 if( options == NULL ) 00218 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 00219 00220 pss_opts = (const mbedtls_pk_rsassa_pss_options *) options; 00221 00222 if( sig_len < mbedtls_pk_get_len( ctx ) ) 00223 return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); 00224 00225 ret = mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_pk_rsa( *ctx ), 00226 NULL, NULL, MBEDTLS_RSA_PUBLIC, 00227 md_alg, (unsigned int) hash_len, hash, 00228 pss_opts->mgf1_hash_id, 00229 pss_opts->expected_salt_len, 00230 sig ); 00231 if( ret != 0 ) 00232 return( ret ); 00233 00234 if( sig_len > mbedtls_pk_get_len( ctx ) ) 00235 return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH ); 00236 00237 return( 0 ); 00238 #else 00239 return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); 00240 #endif /* MBEDTLS_RSA_C && MBEDTLS_PKCS1_V21 */ 00241 } 00242 00243 /* General case: no options */ 00244 if( options != NULL ) 00245 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 00246 00247 return( mbedtls_pk_verify( ctx, md_alg, hash, hash_len, sig, sig_len ) ); 00248 } 00249 00250 /* 00251 * Make a signature 00252 */ 00253 int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, 00254 const unsigned char *hash, size_t hash_len, 00255 unsigned char *sig, size_t *sig_len, 00256 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) 00257 { 00258 if( ctx == NULL || ctx->pk_info == NULL || 00259 pk_hashlen_helper( md_alg, &hash_len ) != 0 ) 00260 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 00261 00262 if( ctx->pk_info->sign_func == NULL ) 00263 return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); 00264 00265 return( ctx->pk_info->sign_func( ctx->pk_ctx, md_alg, hash, hash_len, 00266 sig, sig_len, f_rng, p_rng ) ); 00267 } 00268 00269 /* 00270 * Decrypt message 00271 */ 00272 int mbedtls_pk_decrypt( mbedtls_pk_context *ctx, 00273 const unsigned char *input, size_t ilen, 00274 unsigned char *output, size_t *olen, size_t osize, 00275 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) 00276 { 00277 if( ctx == NULL || ctx->pk_info == NULL ) 00278 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 00279 00280 if( ctx->pk_info->decrypt_func == NULL ) 00281 return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); 00282 00283 return( ctx->pk_info->decrypt_func( ctx->pk_ctx, input, ilen, 00284 output, olen, osize, f_rng, p_rng ) ); 00285 } 00286 00287 /* 00288 * Encrypt message 00289 */ 00290 int mbedtls_pk_encrypt( mbedtls_pk_context *ctx, 00291 const unsigned char *input, size_t ilen, 00292 unsigned char *output, size_t *olen, size_t osize, 00293 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) 00294 { 00295 if( ctx == NULL || ctx->pk_info == NULL ) 00296 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 00297 00298 if( ctx->pk_info->encrypt_func == NULL ) 00299 return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); 00300 00301 return( ctx->pk_info->encrypt_func( ctx->pk_ctx, input, ilen, 00302 output, olen, osize, f_rng, p_rng ) ); 00303 } 00304 00305 /* 00306 * Check public-private key pair 00307 */ 00308 int mbedtls_pk_check_pair( const mbedtls_pk_context *pub, const mbedtls_pk_context *prv ) 00309 { 00310 if( pub == NULL || pub->pk_info == NULL || 00311 prv == NULL || prv->pk_info == NULL || 00312 prv->pk_info->check_pair_func == NULL ) 00313 { 00314 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 00315 } 00316 00317 if( prv->pk_info->type == MBEDTLS_PK_RSA_ALT ) 00318 { 00319 if( pub->pk_info->type != MBEDTLS_PK_RSA ) 00320 return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); 00321 } 00322 else 00323 { 00324 if( pub->pk_info != prv->pk_info ) 00325 return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); 00326 } 00327 00328 return( prv->pk_info->check_pair_func( pub->pk_ctx, prv->pk_ctx ) ); 00329 } 00330 00331 /* 00332 * Get key size in bits 00333 */ 00334 size_t mbedtls_pk_get_bitlen( const mbedtls_pk_context *ctx ) 00335 { 00336 if( ctx == NULL || ctx->pk_info == NULL ) 00337 return( 0 ); 00338 00339 return( ctx->pk_info->get_bitlen( ctx->pk_ctx ) ); 00340 } 00341 00342 /* 00343 * Export debug information 00344 */ 00345 int mbedtls_pk_debug( const mbedtls_pk_context *ctx, mbedtls_pk_debug_item *items ) 00346 { 00347 if( ctx == NULL || ctx->pk_info == NULL ) 00348 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 00349 00350 if( ctx->pk_info->debug_func == NULL ) 00351 return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); 00352 00353 ctx->pk_info->debug_func( ctx->pk_ctx, items ); 00354 return( 0 ); 00355 } 00356 00357 /* 00358 * Access the PK type name 00359 */ 00360 const char *mbedtls_pk_get_name( const mbedtls_pk_context *ctx ) 00361 { 00362 if( ctx == NULL || ctx->pk_info == NULL ) 00363 return( "invalid PK" ); 00364 00365 return( ctx->pk_info->name ); 00366 } 00367 00368 /* 00369 * Access the PK type 00370 */ 00371 mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx ) 00372 { 00373 if( ctx == NULL || ctx->pk_info == NULL ) 00374 return( MBEDTLS_PK_NONE ); 00375 00376 return( ctx->pk_info->type ); 00377 } 00378 00379 #endif /* MBEDTLS_PK_C */
Generated on Tue Jul 12 2022 12:45:41 by
