Knight KE / Mbed OS Game_Master
Embed: (wiki syntax)

« Back to documentation index

Show/hide line numbers pk_wrap.c Source File

pk_wrap.c

00001 /*
00002  *  Public Key abstraction layer: wrapper functions
00003  *
00004  *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
00005  *  SPDX-License-Identifier: Apache-2.0
00006  *
00007  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
00008  *  not use this file except in compliance with the License.
00009  *  You may obtain a copy of the License at
00010  *
00011  *  http://www.apache.org/licenses/LICENSE-2.0
00012  *
00013  *  Unless required by applicable law or agreed to in writing, software
00014  *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
00015  *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
00016  *  See the License for the specific language governing permissions and
00017  *  limitations under the License.
00018  *
00019  *  This file is part of mbed TLS (https://tls.mbed.org)
00020  */
00021 
00022 #if !defined(MBEDTLS_CONFIG_FILE)
00023 #include "mbedtls/config.h"
00024 #else
00025 #include MBEDTLS_CONFIG_FILE
00026 #endif
00027 
00028 #if defined(MBEDTLS_PK_C)
00029 #include "mbedtls/pk_internal.h"
00030 
00031 /* Even if RSA not activated, for the sake of RSA-alt */
00032 #include "mbedtls/rsa.h"
00033 
00034 #include <string.h>
00035 
00036 #if defined(MBEDTLS_ECP_C)
00037 #include "mbedtls/ecp.h"
00038 #endif
00039 
00040 #if defined(MBEDTLS_ECDSA_C)
00041 #include "mbedtls/ecdsa.h"
00042 #endif
00043 
00044 #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
00045 #include "mbedtls/platform_util.h"
00046 #endif
00047 
00048 #if defined(MBEDTLS_PLATFORM_C)
00049 #include "mbedtls/platform.h"
00050 #else
00051 #include <stdlib.h>
00052 #define mbedtls_calloc    calloc
00053 #define mbedtls_free       free
00054 #endif
00055 
00056 #include <limits.h>
00057 #include <stdint.h>
00058 
00059 #if defined(MBEDTLS_RSA_C)
00060 static int rsa_can_do( mbedtls_pk_type_t type )
00061 {
00062     return( type == MBEDTLS_PK_RSA ||
00063             type == MBEDTLS_PK_RSASSA_PSS );
00064 }
00065 
00066 static size_t rsa_get_bitlen( const void *ctx )
00067 {
00068     const mbedtls_rsa_context * rsa = (const mbedtls_rsa_context *) ctx;
00069     return( 8 * mbedtls_rsa_get_len( rsa ) );
00070 }
00071 
00072 static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
00073                    const unsigned char *hash, size_t hash_len,
00074                    const unsigned char *sig, size_t sig_len )
00075 {
00076     int ret;
00077     mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
00078     size_t rsa_len = mbedtls_rsa_get_len( rsa );
00079 
00080 #if SIZE_MAX > UINT_MAX
00081     if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len )
00082         return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
00083 #endif /* SIZE_MAX > UINT_MAX */
00084 
00085     if( sig_len < rsa_len )
00086         return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
00087 
00088     if( ( ret = mbedtls_rsa_pkcs1_verify( rsa, NULL, NULL,
00089                                   MBEDTLS_RSA_PUBLIC, md_alg,
00090                                   (unsigned int) hash_len, hash, sig ) ) != 0 )
00091         return( ret );
00092 
00093     /* The buffer contains a valid signature followed by extra data.
00094      * We have a special error code for that so that so that callers can
00095      * use mbedtls_pk_verify() to check "Does the buffer start with a
00096      * valid signature?" and not just "Does the buffer contain a valid
00097      * signature?". */
00098     if( sig_len > rsa_len )
00099         return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );
00100 
00101     return( 0 );
00102 }
00103 
00104 static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
00105                    const unsigned char *hash, size_t hash_len,
00106                    unsigned char *sig, size_t *sig_len,
00107                    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
00108 {
00109     mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
00110 
00111 #if SIZE_MAX > UINT_MAX
00112     if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len )
00113         return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
00114 #endif /* SIZE_MAX > UINT_MAX */
00115 
00116     *sig_len = mbedtls_rsa_get_len( rsa );
00117 
00118     return( mbedtls_rsa_pkcs1_sign( rsa, f_rng, p_rng, MBEDTLS_RSA_PRIVATE,
00119                 md_alg, (unsigned int) hash_len, hash, sig ) );
00120 }
00121 
00122 static int rsa_decrypt_wrap( void *ctx,
00123                     const unsigned char *input, size_t ilen,
00124                     unsigned char *output, size_t *olen, size_t osize,
00125                     int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
00126 {
00127     mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
00128 
00129     if( ilen != mbedtls_rsa_get_len( rsa ) )
00130         return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
00131 
00132     return( mbedtls_rsa_pkcs1_decrypt( rsa, f_rng, p_rng,
00133                 MBEDTLS_RSA_PRIVATE, olen, input, output, osize ) );
00134 }
00135 
00136 static int rsa_encrypt_wrap( void *ctx,
00137                     const unsigned char *input, size_t ilen,
00138                     unsigned char *output, size_t *olen, size_t osize,
00139                     int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
00140 {
00141     mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
00142     *olen = mbedtls_rsa_get_len( rsa );
00143 
00144     if( *olen > osize )
00145         return( MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE );
00146 
00147     return( mbedtls_rsa_pkcs1_encrypt( rsa, f_rng, p_rng, MBEDTLS_RSA_PUBLIC,
00148                                        ilen, input, output ) );
00149 }
00150 
00151 static int rsa_check_pair_wrap( const void *pub, const void *prv )
00152 {
00153     return( mbedtls_rsa_check_pub_priv( (const mbedtls_rsa_context *) pub,
00154                                 (const mbedtls_rsa_context *) prv ) );
00155 }
00156 
00157 static void *rsa_alloc_wrap( void )
00158 {
00159     void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_rsa_context ) );
00160 
00161     if( ctx != NULL )
00162         mbedtls_rsa_init( (mbedtls_rsa_context *) ctx, 0, 0 );
00163 
00164     return( ctx );
00165 }
00166 
00167 static void rsa_free_wrap( void *ctx )
00168 {
00169     mbedtls_rsa_free( (mbedtls_rsa_context *) ctx );
00170     mbedtls_free( ctx );
00171 }
00172 
00173 static void rsa_debug( const void *ctx, mbedtls_pk_debug_item *items )
00174 {
00175     items->type = MBEDTLS_PK_DEBUG_MPI;
00176     items->name = "rsa.N";
00177     items->value = &( ((mbedtls_rsa_context *) ctx)->N );
00178 
00179     items++;
00180 
00181     items->type = MBEDTLS_PK_DEBUG_MPI;
00182     items->name = "rsa.E";
00183     items->value = &( ((mbedtls_rsa_context *) ctx)->E );
00184 }
00185 
00186 const mbedtls_pk_info_t mbedtls_rsa_info = {
00187     MBEDTLS_PK_RSA,
00188     "RSA",
00189     rsa_get_bitlen,
00190     rsa_can_do,
00191     rsa_verify_wrap,
00192     rsa_sign_wrap,
00193     rsa_decrypt_wrap,
00194     rsa_encrypt_wrap,
00195     rsa_check_pair_wrap,
00196     rsa_alloc_wrap,
00197     rsa_free_wrap,
00198     rsa_debug,
00199 };
00200 #endif /* MBEDTLS_RSA_C */
00201 
00202 #if defined(MBEDTLS_ECP_C)
00203 /*
00204  * Generic EC key
00205  */
00206 static int eckey_can_do( mbedtls_pk_type_t type )
00207 {
00208     return( type == MBEDTLS_PK_ECKEY ||
00209             type == MBEDTLS_PK_ECKEY_DH ||
00210             type == MBEDTLS_PK_ECDSA );
00211 }
00212 
00213 static size_t eckey_get_bitlen( const void *ctx )
00214 {
00215     return( ((mbedtls_ecp_keypair *) ctx)->grp.pbits );
00216 }
00217 
00218 #if defined(MBEDTLS_ECDSA_C)
00219 /* Forward declarations */
00220 static int ecdsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
00221                        const unsigned char *hash, size_t hash_len,
00222                        const unsigned char *sig, size_t sig_len );
00223 
00224 static int ecdsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
00225                    const unsigned char *hash, size_t hash_len,
00226                    unsigned char *sig, size_t *sig_len,
00227                    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
00228 
00229 static int eckey_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
00230                        const unsigned char *hash, size_t hash_len,
00231                        const unsigned char *sig, size_t sig_len )
00232 {
00233     int ret;
00234     mbedtls_ecdsa_context ecdsa;
00235 
00236     mbedtls_ecdsa_init( &ecdsa );
00237 
00238     if( ( ret = mbedtls_ecdsa_from_keypair( &ecdsa, ctx ) ) == 0 )
00239         ret = ecdsa_verify_wrap( &ecdsa, md_alg, hash, hash_len, sig, sig_len );
00240 
00241     mbedtls_ecdsa_free( &ecdsa );
00242 
00243     return( ret );
00244 }
00245 
00246 static int eckey_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
00247                    const unsigned char *hash, size_t hash_len,
00248                    unsigned char *sig, size_t *sig_len,
00249                    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
00250 {
00251     int ret;
00252     mbedtls_ecdsa_context ecdsa;
00253 
00254     mbedtls_ecdsa_init( &ecdsa );
00255 
00256     if( ( ret = mbedtls_ecdsa_from_keypair( &ecdsa, ctx ) ) == 0 )
00257         ret = ecdsa_sign_wrap( &ecdsa, md_alg, hash, hash_len, sig, sig_len,
00258                                f_rng, p_rng );
00259 
00260     mbedtls_ecdsa_free( &ecdsa );
00261 
00262     return( ret );
00263 }
00264 
00265 #endif /* MBEDTLS_ECDSA_C */
00266 
00267 static int eckey_check_pair( const void *pub, const void *prv )
00268 {
00269     return( mbedtls_ecp_check_pub_priv( (const mbedtls_ecp_keypair *) pub,
00270                                 (const mbedtls_ecp_keypair *) prv ) );
00271 }
00272 
00273 static void *eckey_alloc_wrap( void )
00274 {
00275     void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ecp_keypair ) );
00276 
00277     if( ctx != NULL )
00278         mbedtls_ecp_keypair_init( ctx );
00279 
00280     return( ctx );
00281 }
00282 
00283 static void eckey_free_wrap( void *ctx )
00284 {
00285     mbedtls_ecp_keypair_free( (mbedtls_ecp_keypair *) ctx );
00286     mbedtls_free( ctx );
00287 }
00288 
00289 static void eckey_debug( const void *ctx, mbedtls_pk_debug_item *items )
00290 {
00291     items->type = MBEDTLS_PK_DEBUG_ECP;
00292     items->name = "eckey.Q";
00293     items->value = &( ((mbedtls_ecp_keypair *) ctx)->Q );
00294 }
00295 
00296 const mbedtls_pk_info_t mbedtls_eckey_info = {
00297     MBEDTLS_PK_ECKEY,
00298     "EC",
00299     eckey_get_bitlen,
00300     eckey_can_do,
00301 #if defined(MBEDTLS_ECDSA_C)
00302     eckey_verify_wrap,
00303     eckey_sign_wrap,
00304 #else
00305     NULL,
00306     NULL,
00307 #endif
00308     NULL,
00309     NULL,
00310     eckey_check_pair,
00311     eckey_alloc_wrap,
00312     eckey_free_wrap,
00313     eckey_debug,
00314 };
00315 
00316 /*
00317  * EC key restricted to ECDH
00318  */
00319 static int eckeydh_can_do( mbedtls_pk_type_t type )
00320 {
00321     return( type == MBEDTLS_PK_ECKEY ||
00322             type == MBEDTLS_PK_ECKEY_DH );
00323 }
00324 
00325 const mbedtls_pk_info_t mbedtls_eckeydh_info = {
00326     MBEDTLS_PK_ECKEY_DH,
00327     "EC_DH",
00328     eckey_get_bitlen,         /* Same underlying key structure */
00329     eckeydh_can_do,
00330     NULL,
00331     NULL,
00332     NULL,
00333     NULL,
00334     eckey_check_pair,
00335     eckey_alloc_wrap,       /* Same underlying key structure */
00336     eckey_free_wrap,        /* Same underlying key structure */
00337     eckey_debug,            /* Same underlying key structure */
00338 };
00339 #endif /* MBEDTLS_ECP_C */
00340 
00341 #if defined(MBEDTLS_ECDSA_C)
00342 static int ecdsa_can_do( mbedtls_pk_type_t type )
00343 {
00344     return( type == MBEDTLS_PK_ECDSA );
00345 }
00346 
00347 static int ecdsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
00348                        const unsigned char *hash, size_t hash_len,
00349                        const unsigned char *sig, size_t sig_len )
00350 {
00351     int ret;
00352     ((void) md_alg);
00353 
00354     ret = mbedtls_ecdsa_read_signature( (mbedtls_ecdsa_context *) ctx,
00355                                 hash, hash_len, sig, sig_len );
00356 
00357     if( ret == MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH )
00358         return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );
00359 
00360     return( ret );
00361 }
00362 
00363 static int ecdsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
00364                    const unsigned char *hash, size_t hash_len,
00365                    unsigned char *sig, size_t *sig_len,
00366                    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
00367 {
00368     return( mbedtls_ecdsa_write_signature( (mbedtls_ecdsa_context *) ctx,
00369                 md_alg, hash, hash_len, sig, sig_len, f_rng, p_rng ) );
00370 }
00371 
00372 static void *ecdsa_alloc_wrap( void )
00373 {
00374     void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ecdsa_context ) );
00375 
00376     if( ctx != NULL )
00377         mbedtls_ecdsa_init( (mbedtls_ecdsa_context *) ctx );
00378 
00379     return( ctx );
00380 }
00381 
00382 static void ecdsa_free_wrap( void *ctx )
00383 {
00384     mbedtls_ecdsa_free( (mbedtls_ecdsa_context *) ctx );
00385     mbedtls_free( ctx );
00386 }
00387 
00388 const mbedtls_pk_info_t mbedtls_ecdsa_info = {
00389     MBEDTLS_PK_ECDSA,
00390     "ECDSA",
00391     eckey_get_bitlen,     /* Compatible key structures */
00392     ecdsa_can_do,
00393     ecdsa_verify_wrap,
00394     ecdsa_sign_wrap,
00395     NULL,
00396     NULL,
00397     eckey_check_pair,   /* Compatible key structures */
00398     ecdsa_alloc_wrap,
00399     ecdsa_free_wrap,
00400     eckey_debug,        /* Compatible key structures */
00401 };
00402 #endif /* MBEDTLS_ECDSA_C */
00403 
00404 #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
00405 /*
00406  * Support for alternative RSA-private implementations
00407  */
00408 
00409 static int rsa_alt_can_do( mbedtls_pk_type_t type )
00410 {
00411     return( type == MBEDTLS_PK_RSA );
00412 }
00413 
00414 static size_t rsa_alt_get_bitlen( const void *ctx )
00415 {
00416     const mbedtls_rsa_alt_context *rsa_alt = (const mbedtls_rsa_alt_context *) ctx;
00417 
00418     return( 8 * rsa_alt->key_len_func( rsa_alt->key ) );
00419 }
00420 
00421 static int rsa_alt_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
00422                    const unsigned char *hash, size_t hash_len,
00423                    unsigned char *sig, size_t *sig_len,
00424                    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
00425 {
00426     mbedtls_rsa_alt_context *rsa_alt = (mbedtls_rsa_alt_context *) ctx;
00427 
00428 #if SIZE_MAX > UINT_MAX
00429     if( UINT_MAX < hash_len )
00430         return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
00431 #endif /* SIZE_MAX > UINT_MAX */
00432 
00433     *sig_len = rsa_alt->key_len_func( rsa_alt->key );
00434 
00435     return( rsa_alt->sign_func( rsa_alt->key, f_rng, p_rng, MBEDTLS_RSA_PRIVATE,
00436                 md_alg, (unsigned int) hash_len, hash, sig ) );
00437 }
00438 
00439 static int rsa_alt_decrypt_wrap( void *ctx,
00440                     const unsigned char *input, size_t ilen,
00441                     unsigned char *output, size_t *olen, size_t osize,
00442                     int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
00443 {
00444     mbedtls_rsa_alt_context *rsa_alt = (mbedtls_rsa_alt_context *) ctx;
00445 
00446     ((void) f_rng);
00447     ((void) p_rng);
00448 
00449     if( ilen != rsa_alt->key_len_func( rsa_alt->key ) )
00450         return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
00451 
00452     return( rsa_alt->decrypt_func( rsa_alt->key,
00453                 MBEDTLS_RSA_PRIVATE, olen, input, output, osize ) );
00454 }
00455 
00456 #if defined(MBEDTLS_RSA_C)
00457 static int rsa_alt_check_pair( const void *pub, const void *prv )
00458 {
00459     unsigned char sig[MBEDTLS_MPI_MAX_SIZE];
00460     unsigned char hash[32];
00461     size_t sig_len = 0;
00462     int ret;
00463 
00464     if( rsa_alt_get_bitlen( prv ) != rsa_get_bitlen( pub ) )
00465         return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
00466 
00467     memset( hash, 0x2a, sizeof( hash ) );
00468 
00469     if( ( ret = rsa_alt_sign_wrap( (void *) prv, MBEDTLS_MD_NONE,
00470                                    hash, sizeof( hash ),
00471                                    sig, &sig_len, NULL, NULL ) ) != 0 )
00472     {
00473         return( ret );
00474     }
00475 
00476     if( rsa_verify_wrap( (void *) pub, MBEDTLS_MD_NONE,
00477                          hash, sizeof( hash ), sig, sig_len ) != 0 )
00478     {
00479         return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
00480     }
00481 
00482     return( 0 );
00483 }
00484 #endif /* MBEDTLS_RSA_C */
00485 
00486 static void *rsa_alt_alloc_wrap( void )
00487 {
00488     void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_rsa_alt_context ) );
00489 
00490     if( ctx != NULL )
00491         memset( ctx, 0, sizeof( mbedtls_rsa_alt_context ) );
00492 
00493     return( ctx );
00494 }
00495 
00496 static void rsa_alt_free_wrap( void *ctx )
00497 {
00498     mbedtls_platform_zeroize( ctx, sizeof( mbedtls_rsa_alt_context ) );
00499     mbedtls_free( ctx );
00500 }
00501 
00502 const mbedtls_pk_info_t mbedtls_rsa_alt_info = {
00503     MBEDTLS_PK_RSA_ALT,
00504     "RSA-alt",
00505     rsa_alt_get_bitlen,
00506     rsa_alt_can_do,
00507     NULL,
00508     rsa_alt_sign_wrap,
00509     rsa_alt_decrypt_wrap,
00510     NULL,
00511 #if defined(MBEDTLS_RSA_C)
00512     rsa_alt_check_pair,
00513 #else
00514     NULL,
00515 #endif
00516     rsa_alt_alloc_wrap,
00517     rsa_alt_free_wrap,
00518     NULL,
00519 };
00520 
00521 #endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
00522 
00523 #endif /* MBEDTLS_PK_C */