Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
pk_wrap.c
00001 /* 00002 * Public Key abstraction layer: wrapper functions 00003 * 00004 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 00005 * SPDX-License-Identifier: Apache-2.0 00006 * 00007 * Licensed under the Apache License, Version 2.0 (the "License"); you may 00008 * not use this file except in compliance with the License. 00009 * You may obtain a copy of the License at 00010 * 00011 * http://www.apache.org/licenses/LICENSE-2.0 00012 * 00013 * Unless required by applicable law or agreed to in writing, software 00014 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 00015 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 00016 * See the License for the specific language governing permissions and 00017 * limitations under the License. 00018 * 00019 * This file is part of mbed TLS (https://tls.mbed.org) 00020 */ 00021 00022 #if !defined(MBEDTLS_CONFIG_FILE) 00023 #include "mbedtls/config.h" 00024 #else 00025 #include MBEDTLS_CONFIG_FILE 00026 #endif 00027 00028 #if defined(MBEDTLS_PK_C) 00029 #include "mbedtls/pk_internal.h" 00030 00031 /* Even if RSA not activated, for the sake of RSA-alt */ 00032 #include "mbedtls/rsa.h" 00033 00034 #include <string.h> 00035 00036 #if defined(MBEDTLS_ECP_C) 00037 #include "mbedtls/ecp.h" 00038 #endif 00039 00040 #if defined(MBEDTLS_ECDSA_C) 00041 #include "mbedtls/ecdsa.h" 00042 #endif 00043 00044 #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT) 00045 #include "mbedtls/platform_util.h" 00046 #endif 00047 00048 #if defined(MBEDTLS_PLATFORM_C) 00049 #include "mbedtls/platform.h" 00050 #else 00051 #include <stdlib.h> 00052 #define mbedtls_calloc calloc 00053 #define mbedtls_free free 00054 #endif 00055 00056 #include <limits.h> 00057 #include <stdint.h> 00058 00059 #if defined(MBEDTLS_RSA_C) 00060 static int rsa_can_do( mbedtls_pk_type_t type ) 00061 { 00062 return( type == MBEDTLS_PK_RSA || 00063 type == MBEDTLS_PK_RSASSA_PSS ); 00064 } 00065 00066 static size_t rsa_get_bitlen( const void *ctx ) 00067 { 00068 const mbedtls_rsa_context * rsa = (const mbedtls_rsa_context *) ctx; 00069 return( 8 * mbedtls_rsa_get_len( rsa ) ); 00070 } 00071 00072 static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, 00073 const unsigned char *hash, size_t hash_len, 00074 const unsigned char *sig, size_t sig_len ) 00075 { 00076 int ret; 00077 mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx; 00078 size_t rsa_len = mbedtls_rsa_get_len( rsa ); 00079 00080 #if SIZE_MAX > UINT_MAX 00081 if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len ) 00082 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 00083 #endif /* SIZE_MAX > UINT_MAX */ 00084 00085 if( sig_len < rsa_len ) 00086 return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); 00087 00088 if( ( ret = mbedtls_rsa_pkcs1_verify( rsa, NULL, NULL, 00089 MBEDTLS_RSA_PUBLIC, md_alg, 00090 (unsigned int) hash_len, hash, sig ) ) != 0 ) 00091 return( ret ); 00092 00093 /* The buffer contains a valid signature followed by extra data. 00094 * We have a special error code for that so that so that callers can 00095 * use mbedtls_pk_verify() to check "Does the buffer start with a 00096 * valid signature?" and not just "Does the buffer contain a valid 00097 * signature?". */ 00098 if( sig_len > rsa_len ) 00099 return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH ); 00100 00101 return( 0 ); 00102 } 00103 00104 static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, 00105 const unsigned char *hash, size_t hash_len, 00106 unsigned char *sig, size_t *sig_len, 00107 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) 00108 { 00109 mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx; 00110 00111 #if SIZE_MAX > UINT_MAX 00112 if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len ) 00113 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 00114 #endif /* SIZE_MAX > UINT_MAX */ 00115 00116 *sig_len = mbedtls_rsa_get_len( rsa ); 00117 00118 return( mbedtls_rsa_pkcs1_sign( rsa, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, 00119 md_alg, (unsigned int) hash_len, hash, sig ) ); 00120 } 00121 00122 static int rsa_decrypt_wrap( void *ctx, 00123 const unsigned char *input, size_t ilen, 00124 unsigned char *output, size_t *olen, size_t osize, 00125 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) 00126 { 00127 mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx; 00128 00129 if( ilen != mbedtls_rsa_get_len( rsa ) ) 00130 return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); 00131 00132 return( mbedtls_rsa_pkcs1_decrypt( rsa, f_rng, p_rng, 00133 MBEDTLS_RSA_PRIVATE, olen, input, output, osize ) ); 00134 } 00135 00136 static int rsa_encrypt_wrap( void *ctx, 00137 const unsigned char *input, size_t ilen, 00138 unsigned char *output, size_t *olen, size_t osize, 00139 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) 00140 { 00141 mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx; 00142 *olen = mbedtls_rsa_get_len( rsa ); 00143 00144 if( *olen > osize ) 00145 return( MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE ); 00146 00147 return( mbedtls_rsa_pkcs1_encrypt( rsa, f_rng, p_rng, MBEDTLS_RSA_PUBLIC, 00148 ilen, input, output ) ); 00149 } 00150 00151 static int rsa_check_pair_wrap( const void *pub, const void *prv ) 00152 { 00153 return( mbedtls_rsa_check_pub_priv( (const mbedtls_rsa_context *) pub, 00154 (const mbedtls_rsa_context *) prv ) ); 00155 } 00156 00157 static void *rsa_alloc_wrap( void ) 00158 { 00159 void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_rsa_context ) ); 00160 00161 if( ctx != NULL ) 00162 mbedtls_rsa_init( (mbedtls_rsa_context *) ctx, 0, 0 ); 00163 00164 return( ctx ); 00165 } 00166 00167 static void rsa_free_wrap( void *ctx ) 00168 { 00169 mbedtls_rsa_free( (mbedtls_rsa_context *) ctx ); 00170 mbedtls_free( ctx ); 00171 } 00172 00173 static void rsa_debug( const void *ctx, mbedtls_pk_debug_item *items ) 00174 { 00175 items->type = MBEDTLS_PK_DEBUG_MPI; 00176 items->name = "rsa.N"; 00177 items->value = &( ((mbedtls_rsa_context *) ctx)->N ); 00178 00179 items++; 00180 00181 items->type = MBEDTLS_PK_DEBUG_MPI; 00182 items->name = "rsa.E"; 00183 items->value = &( ((mbedtls_rsa_context *) ctx)->E ); 00184 } 00185 00186 const mbedtls_pk_info_t mbedtls_rsa_info = { 00187 MBEDTLS_PK_RSA, 00188 "RSA", 00189 rsa_get_bitlen, 00190 rsa_can_do, 00191 rsa_verify_wrap, 00192 rsa_sign_wrap, 00193 rsa_decrypt_wrap, 00194 rsa_encrypt_wrap, 00195 rsa_check_pair_wrap, 00196 rsa_alloc_wrap, 00197 rsa_free_wrap, 00198 rsa_debug, 00199 }; 00200 #endif /* MBEDTLS_RSA_C */ 00201 00202 #if defined(MBEDTLS_ECP_C) 00203 /* 00204 * Generic EC key 00205 */ 00206 static int eckey_can_do( mbedtls_pk_type_t type ) 00207 { 00208 return( type == MBEDTLS_PK_ECKEY || 00209 type == MBEDTLS_PK_ECKEY_DH || 00210 type == MBEDTLS_PK_ECDSA ); 00211 } 00212 00213 static size_t eckey_get_bitlen( const void *ctx ) 00214 { 00215 return( ((mbedtls_ecp_keypair *) ctx)->grp.pbits ); 00216 } 00217 00218 #if defined(MBEDTLS_ECDSA_C) 00219 /* Forward declarations */ 00220 static int ecdsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, 00221 const unsigned char *hash, size_t hash_len, 00222 const unsigned char *sig, size_t sig_len ); 00223 00224 static int ecdsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, 00225 const unsigned char *hash, size_t hash_len, 00226 unsigned char *sig, size_t *sig_len, 00227 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); 00228 00229 static int eckey_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, 00230 const unsigned char *hash, size_t hash_len, 00231 const unsigned char *sig, size_t sig_len ) 00232 { 00233 int ret; 00234 mbedtls_ecdsa_context ecdsa; 00235 00236 mbedtls_ecdsa_init( &ecdsa ); 00237 00238 if( ( ret = mbedtls_ecdsa_from_keypair( &ecdsa, ctx ) ) == 0 ) 00239 ret = ecdsa_verify_wrap( &ecdsa, md_alg, hash, hash_len, sig, sig_len ); 00240 00241 mbedtls_ecdsa_free( &ecdsa ); 00242 00243 return( ret ); 00244 } 00245 00246 static int eckey_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, 00247 const unsigned char *hash, size_t hash_len, 00248 unsigned char *sig, size_t *sig_len, 00249 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) 00250 { 00251 int ret; 00252 mbedtls_ecdsa_context ecdsa; 00253 00254 mbedtls_ecdsa_init( &ecdsa ); 00255 00256 if( ( ret = mbedtls_ecdsa_from_keypair( &ecdsa, ctx ) ) == 0 ) 00257 ret = ecdsa_sign_wrap( &ecdsa, md_alg, hash, hash_len, sig, sig_len, 00258 f_rng, p_rng ); 00259 00260 mbedtls_ecdsa_free( &ecdsa ); 00261 00262 return( ret ); 00263 } 00264 00265 #endif /* MBEDTLS_ECDSA_C */ 00266 00267 static int eckey_check_pair( const void *pub, const void *prv ) 00268 { 00269 return( mbedtls_ecp_check_pub_priv( (const mbedtls_ecp_keypair *) pub, 00270 (const mbedtls_ecp_keypair *) prv ) ); 00271 } 00272 00273 static void *eckey_alloc_wrap( void ) 00274 { 00275 void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ecp_keypair ) ); 00276 00277 if( ctx != NULL ) 00278 mbedtls_ecp_keypair_init( ctx ); 00279 00280 return( ctx ); 00281 } 00282 00283 static void eckey_free_wrap( void *ctx ) 00284 { 00285 mbedtls_ecp_keypair_free( (mbedtls_ecp_keypair *) ctx ); 00286 mbedtls_free( ctx ); 00287 } 00288 00289 static void eckey_debug( const void *ctx, mbedtls_pk_debug_item *items ) 00290 { 00291 items->type = MBEDTLS_PK_DEBUG_ECP; 00292 items->name = "eckey.Q"; 00293 items->value = &( ((mbedtls_ecp_keypair *) ctx)->Q ); 00294 } 00295 00296 const mbedtls_pk_info_t mbedtls_eckey_info = { 00297 MBEDTLS_PK_ECKEY, 00298 "EC", 00299 eckey_get_bitlen, 00300 eckey_can_do, 00301 #if defined(MBEDTLS_ECDSA_C) 00302 eckey_verify_wrap, 00303 eckey_sign_wrap, 00304 #else 00305 NULL, 00306 NULL, 00307 #endif 00308 NULL, 00309 NULL, 00310 eckey_check_pair, 00311 eckey_alloc_wrap, 00312 eckey_free_wrap, 00313 eckey_debug, 00314 }; 00315 00316 /* 00317 * EC key restricted to ECDH 00318 */ 00319 static int eckeydh_can_do( mbedtls_pk_type_t type ) 00320 { 00321 return( type == MBEDTLS_PK_ECKEY || 00322 type == MBEDTLS_PK_ECKEY_DH ); 00323 } 00324 00325 const mbedtls_pk_info_t mbedtls_eckeydh_info = { 00326 MBEDTLS_PK_ECKEY_DH, 00327 "EC_DH", 00328 eckey_get_bitlen, /* Same underlying key structure */ 00329 eckeydh_can_do, 00330 NULL, 00331 NULL, 00332 NULL, 00333 NULL, 00334 eckey_check_pair, 00335 eckey_alloc_wrap, /* Same underlying key structure */ 00336 eckey_free_wrap, /* Same underlying key structure */ 00337 eckey_debug, /* Same underlying key structure */ 00338 }; 00339 #endif /* MBEDTLS_ECP_C */ 00340 00341 #if defined(MBEDTLS_ECDSA_C) 00342 static int ecdsa_can_do( mbedtls_pk_type_t type ) 00343 { 00344 return( type == MBEDTLS_PK_ECDSA ); 00345 } 00346 00347 static int ecdsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, 00348 const unsigned char *hash, size_t hash_len, 00349 const unsigned char *sig, size_t sig_len ) 00350 { 00351 int ret; 00352 ((void) md_alg); 00353 00354 ret = mbedtls_ecdsa_read_signature( (mbedtls_ecdsa_context *) ctx, 00355 hash, hash_len, sig, sig_len ); 00356 00357 if( ret == MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH ) 00358 return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH ); 00359 00360 return( ret ); 00361 } 00362 00363 static int ecdsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, 00364 const unsigned char *hash, size_t hash_len, 00365 unsigned char *sig, size_t *sig_len, 00366 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) 00367 { 00368 return( mbedtls_ecdsa_write_signature( (mbedtls_ecdsa_context *) ctx, 00369 md_alg, hash, hash_len, sig, sig_len, f_rng, p_rng ) ); 00370 } 00371 00372 static void *ecdsa_alloc_wrap( void ) 00373 { 00374 void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ecdsa_context ) ); 00375 00376 if( ctx != NULL ) 00377 mbedtls_ecdsa_init( (mbedtls_ecdsa_context *) ctx ); 00378 00379 return( ctx ); 00380 } 00381 00382 static void ecdsa_free_wrap( void *ctx ) 00383 { 00384 mbedtls_ecdsa_free( (mbedtls_ecdsa_context *) ctx ); 00385 mbedtls_free( ctx ); 00386 } 00387 00388 const mbedtls_pk_info_t mbedtls_ecdsa_info = { 00389 MBEDTLS_PK_ECDSA, 00390 "ECDSA", 00391 eckey_get_bitlen, /* Compatible key structures */ 00392 ecdsa_can_do, 00393 ecdsa_verify_wrap, 00394 ecdsa_sign_wrap, 00395 NULL, 00396 NULL, 00397 eckey_check_pair, /* Compatible key structures */ 00398 ecdsa_alloc_wrap, 00399 ecdsa_free_wrap, 00400 eckey_debug, /* Compatible key structures */ 00401 }; 00402 #endif /* MBEDTLS_ECDSA_C */ 00403 00404 #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT) 00405 /* 00406 * Support for alternative RSA-private implementations 00407 */ 00408 00409 static int rsa_alt_can_do( mbedtls_pk_type_t type ) 00410 { 00411 return( type == MBEDTLS_PK_RSA ); 00412 } 00413 00414 static size_t rsa_alt_get_bitlen( const void *ctx ) 00415 { 00416 const mbedtls_rsa_alt_context *rsa_alt = (const mbedtls_rsa_alt_context *) ctx; 00417 00418 return( 8 * rsa_alt->key_len_func( rsa_alt->key ) ); 00419 } 00420 00421 static int rsa_alt_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, 00422 const unsigned char *hash, size_t hash_len, 00423 unsigned char *sig, size_t *sig_len, 00424 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) 00425 { 00426 mbedtls_rsa_alt_context *rsa_alt = (mbedtls_rsa_alt_context *) ctx; 00427 00428 #if SIZE_MAX > UINT_MAX 00429 if( UINT_MAX < hash_len ) 00430 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 00431 #endif /* SIZE_MAX > UINT_MAX */ 00432 00433 *sig_len = rsa_alt->key_len_func( rsa_alt->key ); 00434 00435 return( rsa_alt->sign_func( rsa_alt->key, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, 00436 md_alg, (unsigned int) hash_len, hash, sig ) ); 00437 } 00438 00439 static int rsa_alt_decrypt_wrap( void *ctx, 00440 const unsigned char *input, size_t ilen, 00441 unsigned char *output, size_t *olen, size_t osize, 00442 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) 00443 { 00444 mbedtls_rsa_alt_context *rsa_alt = (mbedtls_rsa_alt_context *) ctx; 00445 00446 ((void) f_rng); 00447 ((void) p_rng); 00448 00449 if( ilen != rsa_alt->key_len_func( rsa_alt->key ) ) 00450 return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); 00451 00452 return( rsa_alt->decrypt_func( rsa_alt->key, 00453 MBEDTLS_RSA_PRIVATE, olen, input, output, osize ) ); 00454 } 00455 00456 #if defined(MBEDTLS_RSA_C) 00457 static int rsa_alt_check_pair( const void *pub, const void *prv ) 00458 { 00459 unsigned char sig[MBEDTLS_MPI_MAX_SIZE]; 00460 unsigned char hash[32]; 00461 size_t sig_len = 0; 00462 int ret; 00463 00464 if( rsa_alt_get_bitlen( prv ) != rsa_get_bitlen( pub ) ) 00465 return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); 00466 00467 memset( hash, 0x2a, sizeof( hash ) ); 00468 00469 if( ( ret = rsa_alt_sign_wrap( (void *) prv, MBEDTLS_MD_NONE, 00470 hash, sizeof( hash ), 00471 sig, &sig_len, NULL, NULL ) ) != 0 ) 00472 { 00473 return( ret ); 00474 } 00475 00476 if( rsa_verify_wrap( (void *) pub, MBEDTLS_MD_NONE, 00477 hash, sizeof( hash ), sig, sig_len ) != 0 ) 00478 { 00479 return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); 00480 } 00481 00482 return( 0 ); 00483 } 00484 #endif /* MBEDTLS_RSA_C */ 00485 00486 static void *rsa_alt_alloc_wrap( void ) 00487 { 00488 void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_rsa_alt_context ) ); 00489 00490 if( ctx != NULL ) 00491 memset( ctx, 0, sizeof( mbedtls_rsa_alt_context ) ); 00492 00493 return( ctx ); 00494 } 00495 00496 static void rsa_alt_free_wrap( void *ctx ) 00497 { 00498 mbedtls_platform_zeroize( ctx, sizeof( mbedtls_rsa_alt_context ) ); 00499 mbedtls_free( ctx ); 00500 } 00501 00502 const mbedtls_pk_info_t mbedtls_rsa_alt_info = { 00503 MBEDTLS_PK_RSA_ALT, 00504 "RSA-alt", 00505 rsa_alt_get_bitlen, 00506 rsa_alt_can_do, 00507 NULL, 00508 rsa_alt_sign_wrap, 00509 rsa_alt_decrypt_wrap, 00510 NULL, 00511 #if defined(MBEDTLS_RSA_C) 00512 rsa_alt_check_pair, 00513 #else 00514 NULL, 00515 #endif 00516 rsa_alt_alloc_wrap, 00517 rsa_alt_free_wrap, 00518 NULL, 00519 }; 00520 00521 #endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */ 00522 00523 #endif /* MBEDTLS_PK_C */
Generated on Tue Jul 12 2022 12:45:41 by
