Knight KE
/
Game_Master
Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Embed:
(wiki syntax)
Show/hide line numbers
pk.c
00001 /* 00002 * Public Key abstraction layer 00003 * 00004 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 00005 * SPDX-License-Identifier: Apache-2.0 00006 * 00007 * Licensed under the Apache License, Version 2.0 (the "License"); you may 00008 * not use this file except in compliance with the License. 00009 * You may obtain a copy of the License at 00010 * 00011 * http://www.apache.org/licenses/LICENSE-2.0 00012 * 00013 * Unless required by applicable law or agreed to in writing, software 00014 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 00015 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 00016 * See the License for the specific language governing permissions and 00017 * limitations under the License. 00018 * 00019 * This file is part of mbed TLS (https://tls.mbed.org) 00020 */ 00021 00022 #if !defined(MBEDTLS_CONFIG_FILE) 00023 #include "mbedtls/config.h" 00024 #else 00025 #include MBEDTLS_CONFIG_FILE 00026 #endif 00027 00028 #if defined(MBEDTLS_PK_C) 00029 #include "mbedtls/pk.h" 00030 #include "mbedtls/pk_internal.h" 00031 00032 #include "mbedtls/platform_util.h" 00033 00034 #if defined(MBEDTLS_RSA_C) 00035 #include "mbedtls/rsa.h" 00036 #endif 00037 #if defined(MBEDTLS_ECP_C) 00038 #include "mbedtls/ecp.h" 00039 #endif 00040 #if defined(MBEDTLS_ECDSA_C) 00041 #include "mbedtls/ecdsa.h" 00042 #endif 00043 00044 #include <limits.h> 00045 #include <stdint.h> 00046 00047 /* 00048 * Initialise a mbedtls_pk_context 00049 */ 00050 void mbedtls_pk_init( mbedtls_pk_context *ctx ) 00051 { 00052 if( ctx == NULL ) 00053 return; 00054 00055 ctx->pk_info = NULL; 00056 ctx->pk_ctx = NULL; 00057 } 00058 00059 /* 00060 * Free (the components of) a mbedtls_pk_context 00061 */ 00062 void mbedtls_pk_free( mbedtls_pk_context *ctx ) 00063 { 00064 if( ctx == NULL || ctx->pk_info == NULL ) 00065 return; 00066 00067 ctx->pk_info->ctx_free_func( ctx->pk_ctx ); 00068 00069 mbedtls_platform_zeroize( ctx, sizeof( mbedtls_pk_context ) ); 00070 } 00071 00072 /* 00073 * Get pk_info structure from type 00074 */ 00075 const mbedtls_pk_info_t * mbedtls_pk_info_from_type( mbedtls_pk_type_t pk_type ) 00076 { 00077 switch( pk_type ) { 00078 #if defined(MBEDTLS_RSA_C) 00079 case MBEDTLS_PK_RSA: 00080 return( &mbedtls_rsa_info ); 00081 #endif 00082 #if defined(MBEDTLS_ECP_C) 00083 case MBEDTLS_PK_ECKEY: 00084 return( &mbedtls_eckey_info ); 00085 case MBEDTLS_PK_ECKEY_DH: 00086 return( &mbedtls_eckeydh_info ); 00087 #endif 00088 #if defined(MBEDTLS_ECDSA_C) 00089 case MBEDTLS_PK_ECDSA: 00090 return( &mbedtls_ecdsa_info ); 00091 #endif 00092 /* MBEDTLS_PK_RSA_ALT omitted on purpose */ 00093 default: 00094 return( NULL ); 00095 } 00096 } 00097 00098 /* 00099 * Initialise context 00100 */ 00101 int mbedtls_pk_setup( mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info ) 00102 { 00103 if( ctx == NULL || info == NULL || ctx->pk_info != NULL ) 00104 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 00105 00106 if( ( ctx->pk_ctx = info->ctx_alloc_func() ) == NULL ) 00107 return( MBEDTLS_ERR_PK_ALLOC_FAILED ); 00108 00109 ctx->pk_info = info; 00110 00111 return( 0 ); 00112 } 00113 00114 #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT) 00115 /* 00116 * Initialize an RSA-alt context 00117 */ 00118 int mbedtls_pk_setup_rsa_alt( mbedtls_pk_context *ctx, void * key, 00119 mbedtls_pk_rsa_alt_decrypt_func decrypt_func, 00120 mbedtls_pk_rsa_alt_sign_func sign_func, 00121 mbedtls_pk_rsa_alt_key_len_func key_len_func ) 00122 { 00123 mbedtls_rsa_alt_context *rsa_alt; 00124 const mbedtls_pk_info_t *info = &mbedtls_rsa_alt_info; 00125 00126 if( ctx == NULL || ctx->pk_info != NULL ) 00127 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 00128 00129 if( ( ctx->pk_ctx = info->ctx_alloc_func() ) == NULL ) 00130 return( MBEDTLS_ERR_PK_ALLOC_FAILED ); 00131 00132 ctx->pk_info = info; 00133 00134 rsa_alt = (mbedtls_rsa_alt_context *) ctx->pk_ctx; 00135 00136 rsa_alt->key = key; 00137 rsa_alt->decrypt_func = decrypt_func; 00138 rsa_alt->sign_func = sign_func; 00139 rsa_alt->key_len_func = key_len_func; 00140 00141 return( 0 ); 00142 } 00143 #endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */ 00144 00145 /* 00146 * Tell if a PK can do the operations of the given type 00147 */ 00148 int mbedtls_pk_can_do( const mbedtls_pk_context *ctx, mbedtls_pk_type_t type ) 00149 { 00150 /* null or NONE context can't do anything */ 00151 if( ctx == NULL || ctx->pk_info == NULL ) 00152 return( 0 ); 00153 00154 return( ctx->pk_info->can_do( type ) ); 00155 } 00156 00157 /* 00158 * Helper for mbedtls_pk_sign and mbedtls_pk_verify 00159 */ 00160 static inline int pk_hashlen_helper( mbedtls_md_type_t md_alg, size_t *hash_len ) 00161 { 00162 const mbedtls_md_info_t *md_info; 00163 00164 if( *hash_len != 0 ) 00165 return( 0 ); 00166 00167 if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) == NULL ) 00168 return( -1 ); 00169 00170 *hash_len = mbedtls_md_get_size( md_info ); 00171 return( 0 ); 00172 } 00173 00174 /* 00175 * Verify a signature 00176 */ 00177 int mbedtls_pk_verify( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, 00178 const unsigned char *hash, size_t hash_len, 00179 const unsigned char *sig, size_t sig_len ) 00180 { 00181 if( ctx == NULL || ctx->pk_info == NULL || 00182 pk_hashlen_helper( md_alg, &hash_len ) != 0 ) 00183 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 00184 00185 if( ctx->pk_info->verify_func == NULL ) 00186 return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); 00187 00188 return( ctx->pk_info->verify_func( ctx->pk_ctx, md_alg, hash, hash_len, 00189 sig, sig_len ) ); 00190 } 00191 00192 /* 00193 * Verify a signature with options 00194 */ 00195 int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options, 00196 mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, 00197 const unsigned char *hash, size_t hash_len, 00198 const unsigned char *sig, size_t sig_len ) 00199 { 00200 if( ctx == NULL || ctx->pk_info == NULL ) 00201 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 00202 00203 if( ! mbedtls_pk_can_do( ctx, type ) ) 00204 return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); 00205 00206 if( type == MBEDTLS_PK_RSASSA_PSS ) 00207 { 00208 #if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PKCS1_V21) 00209 int ret; 00210 const mbedtls_pk_rsassa_pss_options *pss_opts; 00211 00212 #if SIZE_MAX > UINT_MAX 00213 if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len ) 00214 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 00215 #endif /* SIZE_MAX > UINT_MAX */ 00216 00217 if( options == NULL ) 00218 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 00219 00220 pss_opts = (const mbedtls_pk_rsassa_pss_options *) options; 00221 00222 if( sig_len < mbedtls_pk_get_len( ctx ) ) 00223 return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); 00224 00225 ret = mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_pk_rsa( *ctx ), 00226 NULL, NULL, MBEDTLS_RSA_PUBLIC, 00227 md_alg, (unsigned int) hash_len, hash, 00228 pss_opts->mgf1_hash_id, 00229 pss_opts->expected_salt_len, 00230 sig ); 00231 if( ret != 0 ) 00232 return( ret ); 00233 00234 if( sig_len > mbedtls_pk_get_len( ctx ) ) 00235 return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH ); 00236 00237 return( 0 ); 00238 #else 00239 return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); 00240 #endif /* MBEDTLS_RSA_C && MBEDTLS_PKCS1_V21 */ 00241 } 00242 00243 /* General case: no options */ 00244 if( options != NULL ) 00245 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 00246 00247 return( mbedtls_pk_verify( ctx, md_alg, hash, hash_len, sig, sig_len ) ); 00248 } 00249 00250 /* 00251 * Make a signature 00252 */ 00253 int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, 00254 const unsigned char *hash, size_t hash_len, 00255 unsigned char *sig, size_t *sig_len, 00256 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) 00257 { 00258 if( ctx == NULL || ctx->pk_info == NULL || 00259 pk_hashlen_helper( md_alg, &hash_len ) != 0 ) 00260 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 00261 00262 if( ctx->pk_info->sign_func == NULL ) 00263 return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); 00264 00265 return( ctx->pk_info->sign_func( ctx->pk_ctx, md_alg, hash, hash_len, 00266 sig, sig_len, f_rng, p_rng ) ); 00267 } 00268 00269 /* 00270 * Decrypt message 00271 */ 00272 int mbedtls_pk_decrypt( mbedtls_pk_context *ctx, 00273 const unsigned char *input, size_t ilen, 00274 unsigned char *output, size_t *olen, size_t osize, 00275 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) 00276 { 00277 if( ctx == NULL || ctx->pk_info == NULL ) 00278 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 00279 00280 if( ctx->pk_info->decrypt_func == NULL ) 00281 return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); 00282 00283 return( ctx->pk_info->decrypt_func( ctx->pk_ctx, input, ilen, 00284 output, olen, osize, f_rng, p_rng ) ); 00285 } 00286 00287 /* 00288 * Encrypt message 00289 */ 00290 int mbedtls_pk_encrypt( mbedtls_pk_context *ctx, 00291 const unsigned char *input, size_t ilen, 00292 unsigned char *output, size_t *olen, size_t osize, 00293 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) 00294 { 00295 if( ctx == NULL || ctx->pk_info == NULL ) 00296 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 00297 00298 if( ctx->pk_info->encrypt_func == NULL ) 00299 return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); 00300 00301 return( ctx->pk_info->encrypt_func( ctx->pk_ctx, input, ilen, 00302 output, olen, osize, f_rng, p_rng ) ); 00303 } 00304 00305 /* 00306 * Check public-private key pair 00307 */ 00308 int mbedtls_pk_check_pair( const mbedtls_pk_context *pub, const mbedtls_pk_context *prv ) 00309 { 00310 if( pub == NULL || pub->pk_info == NULL || 00311 prv == NULL || prv->pk_info == NULL || 00312 prv->pk_info->check_pair_func == NULL ) 00313 { 00314 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 00315 } 00316 00317 if( prv->pk_info->type == MBEDTLS_PK_RSA_ALT ) 00318 { 00319 if( pub->pk_info->type != MBEDTLS_PK_RSA ) 00320 return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); 00321 } 00322 else 00323 { 00324 if( pub->pk_info != prv->pk_info ) 00325 return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); 00326 } 00327 00328 return( prv->pk_info->check_pair_func( pub->pk_ctx, prv->pk_ctx ) ); 00329 } 00330 00331 /* 00332 * Get key size in bits 00333 */ 00334 size_t mbedtls_pk_get_bitlen( const mbedtls_pk_context *ctx ) 00335 { 00336 if( ctx == NULL || ctx->pk_info == NULL ) 00337 return( 0 ); 00338 00339 return( ctx->pk_info->get_bitlen( ctx->pk_ctx ) ); 00340 } 00341 00342 /* 00343 * Export debug information 00344 */ 00345 int mbedtls_pk_debug( const mbedtls_pk_context *ctx, mbedtls_pk_debug_item *items ) 00346 { 00347 if( ctx == NULL || ctx->pk_info == NULL ) 00348 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 00349 00350 if( ctx->pk_info->debug_func == NULL ) 00351 return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); 00352 00353 ctx->pk_info->debug_func( ctx->pk_ctx, items ); 00354 return( 0 ); 00355 } 00356 00357 /* 00358 * Access the PK type name 00359 */ 00360 const char *mbedtls_pk_get_name( const mbedtls_pk_context *ctx ) 00361 { 00362 if( ctx == NULL || ctx->pk_info == NULL ) 00363 return( "invalid PK" ); 00364 00365 return( ctx->pk_info->name ); 00366 } 00367 00368 /* 00369 * Access the PK type 00370 */ 00371 mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx ) 00372 { 00373 if( ctx == NULL || ctx->pk_info == NULL ) 00374 return( MBEDTLS_PK_NONE ); 00375 00376 return( ctx->pk_info->type ); 00377 } 00378 00379 #endif /* MBEDTLS_PK_C */
Generated on Tue Jul 12 2022 12:45:41 by
1.7.2