Kenji Arai
/
mbed-os_TYBLE16
Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Dependents: TYBLE16_simple_data_logger TYBLE16_MP3_Air
Embed:
(wiki syntax)
Show/hide line numbers
pk.c
00001 /* 00002 * Public Key abstraction layer 00003 * 00004 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 00005 * SPDX-License-Identifier: Apache-2.0 00006 * 00007 * Licensed under the Apache License, Version 2.0 (the "License"); you may 00008 * not use this file except in compliance with the License. 00009 * You may obtain a copy of the License at 00010 * 00011 * http://www.apache.org/licenses/LICENSE-2.0 00012 * 00013 * Unless required by applicable law or agreed to in writing, software 00014 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 00015 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 00016 * See the License for the specific language governing permissions and 00017 * limitations under the License. 00018 * 00019 * This file is part of mbed TLS (https://tls.mbed.org) 00020 */ 00021 00022 #if !defined(MBEDTLS_CONFIG_FILE) 00023 #include "mbedtls/config.h" 00024 #else 00025 #include MBEDTLS_CONFIG_FILE 00026 #endif 00027 00028 #if defined(MBEDTLS_PK_C) 00029 #include "mbedtls/pk.h" 00030 #include "mbedtls/pk_internal.h" 00031 00032 #include "mbedtls/platform_util.h" 00033 00034 #if defined(MBEDTLS_RSA_C) 00035 #include "mbedtls/rsa.h" 00036 #endif 00037 #if defined(MBEDTLS_ECP_C) 00038 #include "mbedtls/ecp.h" 00039 #endif 00040 #if defined(MBEDTLS_ECDSA_C) 00041 #include "mbedtls/ecdsa.h" 00042 #endif 00043 00044 #if defined(MBEDTLS_USE_PSA_CRYPTO) 00045 #include "mbedtls/psa_util.h" 00046 #endif 00047 00048 #include <limits.h> 00049 #include <stdint.h> 00050 00051 /* Parameter validation macros based on platform_util.h */ 00052 #define PK_VALIDATE_RET( cond ) \ 00053 MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_PK_BAD_INPUT_DATA ) 00054 #define PK_VALIDATE( cond ) \ 00055 MBEDTLS_INTERNAL_VALIDATE( cond ) 00056 00057 /* 00058 * Initialise a mbedtls_pk_context 00059 */ 00060 void mbedtls_pk_init( mbedtls_pk_context *ctx ) 00061 { 00062 PK_VALIDATE( ctx != NULL ); 00063 00064 ctx->pk_info = NULL; 00065 ctx->pk_ctx = NULL; 00066 } 00067 00068 /* 00069 * Free (the components of) a mbedtls_pk_context 00070 */ 00071 void mbedtls_pk_free( mbedtls_pk_context *ctx ) 00072 { 00073 if( ctx == NULL ) 00074 return; 00075 00076 if ( ctx->pk_info != NULL ) 00077 ctx->pk_info->ctx_free_func( ctx->pk_ctx ); 00078 00079 mbedtls_platform_zeroize( ctx, sizeof( mbedtls_pk_context ) ); 00080 } 00081 00082 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 00083 /* 00084 * Initialize a restart context 00085 */ 00086 void mbedtls_pk_restart_init( mbedtls_pk_restart_ctx *ctx ) 00087 { 00088 PK_VALIDATE( ctx != NULL ); 00089 ctx->pk_info = NULL; 00090 ctx->rs_ctx = NULL; 00091 } 00092 00093 /* 00094 * Free the components of a restart context 00095 */ 00096 void mbedtls_pk_restart_free( mbedtls_pk_restart_ctx *ctx ) 00097 { 00098 if( ctx == NULL || ctx->pk_info == NULL || 00099 ctx->pk_info->rs_free_func == NULL ) 00100 { 00101 return; 00102 } 00103 00104 ctx->pk_info->rs_free_func( ctx->rs_ctx ); 00105 00106 ctx->pk_info = NULL; 00107 ctx->rs_ctx = NULL; 00108 } 00109 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ 00110 00111 /* 00112 * Get pk_info structure from type 00113 */ 00114 const mbedtls_pk_info_t * mbedtls_pk_info_from_type( mbedtls_pk_type_t pk_type ) 00115 { 00116 switch( pk_type ) { 00117 #if defined(MBEDTLS_RSA_C) 00118 case MBEDTLS_PK_RSA: 00119 return( &mbedtls_rsa_info ); 00120 #endif 00121 #if defined(MBEDTLS_ECP_C) 00122 case MBEDTLS_PK_ECKEY: 00123 return( &mbedtls_eckey_info ); 00124 case MBEDTLS_PK_ECKEY_DH: 00125 return( &mbedtls_eckeydh_info ); 00126 #endif 00127 #if defined(MBEDTLS_ECDSA_C) 00128 case MBEDTLS_PK_ECDSA: 00129 return( &mbedtls_ecdsa_info ); 00130 #endif 00131 /* MBEDTLS_PK_RSA_ALT omitted on purpose */ 00132 default: 00133 return( NULL ); 00134 } 00135 } 00136 00137 /* 00138 * Initialise context 00139 */ 00140 int mbedtls_pk_setup( mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info ) 00141 { 00142 PK_VALIDATE_RET( ctx != NULL ); 00143 if( info == NULL || ctx->pk_info != NULL ) 00144 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 00145 00146 if( ( ctx->pk_ctx = info->ctx_alloc_func() ) == NULL ) 00147 return( MBEDTLS_ERR_PK_ALLOC_FAILED ); 00148 00149 ctx->pk_info = info; 00150 00151 return( 0 ); 00152 } 00153 00154 #if defined(MBEDTLS_USE_PSA_CRYPTO) 00155 /* 00156 * Initialise a PSA-wrapping context 00157 */ 00158 int mbedtls_pk_setup_opaque( mbedtls_pk_context *ctx, const psa_key_handle_t key ) 00159 { 00160 const mbedtls_pk_info_t * const info = &mbedtls_pk_opaque_info; 00161 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 00162 psa_key_handle_t *pk_ctx; 00163 psa_key_type_t type; 00164 00165 if( ctx == NULL || ctx->pk_info != NULL ) 00166 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 00167 00168 if( PSA_SUCCESS != psa_get_key_attributes( key, &attributes ) ) 00169 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 00170 type = psa_get_key_type( &attributes ); 00171 psa_reset_key_attributes( &attributes ); 00172 00173 /* Current implementation of can_do() relies on this. */ 00174 if( ! PSA_KEY_TYPE_IS_ECC_KEY_PAIR( type ) ) 00175 return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE) ; 00176 00177 if( ( ctx->pk_ctx = info->ctx_alloc_func() ) == NULL ) 00178 return( MBEDTLS_ERR_PK_ALLOC_FAILED ); 00179 00180 ctx->pk_info = info; 00181 00182 pk_ctx = (psa_key_handle_t *) ctx->pk_ctx; 00183 *pk_ctx = key; 00184 00185 return( 0 ); 00186 } 00187 #endif /* MBEDTLS_USE_PSA_CRYPTO */ 00188 00189 #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT) 00190 /* 00191 * Initialize an RSA-alt context 00192 */ 00193 int mbedtls_pk_setup_rsa_alt( mbedtls_pk_context *ctx, void * key, 00194 mbedtls_pk_rsa_alt_decrypt_func decrypt_func, 00195 mbedtls_pk_rsa_alt_sign_func sign_func, 00196 mbedtls_pk_rsa_alt_key_len_func key_len_func ) 00197 { 00198 mbedtls_rsa_alt_context *rsa_alt; 00199 const mbedtls_pk_info_t *info = &mbedtls_rsa_alt_info; 00200 00201 PK_VALIDATE_RET( ctx != NULL ); 00202 if( ctx->pk_info != NULL ) 00203 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 00204 00205 if( ( ctx->pk_ctx = info->ctx_alloc_func() ) == NULL ) 00206 return( MBEDTLS_ERR_PK_ALLOC_FAILED ); 00207 00208 ctx->pk_info = info; 00209 00210 rsa_alt = (mbedtls_rsa_alt_context *) ctx->pk_ctx; 00211 00212 rsa_alt->key = key; 00213 rsa_alt->decrypt_func = decrypt_func; 00214 rsa_alt->sign_func = sign_func; 00215 rsa_alt->key_len_func = key_len_func; 00216 00217 return( 0 ); 00218 } 00219 #endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */ 00220 00221 /* 00222 * Tell if a PK can do the operations of the given type 00223 */ 00224 int mbedtls_pk_can_do( const mbedtls_pk_context *ctx, mbedtls_pk_type_t type ) 00225 { 00226 /* A context with null pk_info is not set up yet and can't do anything. 00227 * For backward compatibility, also accept NULL instead of a context 00228 * pointer. */ 00229 if( ctx == NULL || ctx->pk_info == NULL ) 00230 return( 0 ); 00231 00232 return( ctx->pk_info->can_do( type ) ); 00233 } 00234 00235 /* 00236 * Helper for mbedtls_pk_sign and mbedtls_pk_verify 00237 */ 00238 static inline int pk_hashlen_helper( mbedtls_md_type_t md_alg, size_t *hash_len ) 00239 { 00240 const mbedtls_md_info_t *md_info; 00241 00242 if( *hash_len != 0 ) 00243 return( 0 ); 00244 00245 if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) == NULL ) 00246 return( -1 ); 00247 00248 *hash_len = mbedtls_md_get_size( md_info ); 00249 return( 0 ); 00250 } 00251 00252 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 00253 /* 00254 * Helper to set up a restart context if needed 00255 */ 00256 static int pk_restart_setup( mbedtls_pk_restart_ctx *ctx, 00257 const mbedtls_pk_info_t *info ) 00258 { 00259 /* Don't do anything if already set up or invalid */ 00260 if( ctx == NULL || ctx->pk_info != NULL ) 00261 return( 0 ); 00262 00263 /* Should never happen when we're called */ 00264 if( info->rs_alloc_func == NULL || info->rs_free_func == NULL ) 00265 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 00266 00267 if( ( ctx->rs_ctx = info->rs_alloc_func() ) == NULL ) 00268 return( MBEDTLS_ERR_PK_ALLOC_FAILED ); 00269 00270 ctx->pk_info = info; 00271 00272 return( 0 ); 00273 } 00274 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ 00275 00276 /* 00277 * Verify a signature (restartable) 00278 */ 00279 int mbedtls_pk_verify_restartable( mbedtls_pk_context *ctx, 00280 mbedtls_md_type_t md_alg, 00281 const unsigned char *hash, size_t hash_len, 00282 const unsigned char *sig, size_t sig_len, 00283 mbedtls_pk_restart_ctx *rs_ctx ) 00284 { 00285 PK_VALIDATE_RET( ctx != NULL ); 00286 PK_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hash_len == 0 ) || 00287 hash != NULL ); 00288 PK_VALIDATE_RET( sig != NULL ); 00289 00290 if( ctx->pk_info == NULL || 00291 pk_hashlen_helper( md_alg, &hash_len ) != 0 ) 00292 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 00293 00294 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 00295 /* optimization: use non-restartable version if restart disabled */ 00296 if( rs_ctx != NULL && 00297 mbedtls_ecp_restart_is_enabled() && 00298 ctx->pk_info->verify_rs_func != NULL ) 00299 { 00300 int ret; 00301 00302 if( ( ret = pk_restart_setup( rs_ctx, ctx->pk_info ) ) != 0 ) 00303 return( ret ); 00304 00305 ret = ctx->pk_info->verify_rs_func( ctx->pk_ctx, 00306 md_alg, hash, hash_len, sig, sig_len, rs_ctx->rs_ctx ); 00307 00308 if( ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) 00309 mbedtls_pk_restart_free( rs_ctx ); 00310 00311 return( ret ); 00312 } 00313 #else /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ 00314 (void) rs_ctx; 00315 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ 00316 00317 if( ctx->pk_info->verify_func == NULL ) 00318 return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); 00319 00320 return( ctx->pk_info->verify_func( ctx->pk_ctx, md_alg, hash, hash_len, 00321 sig, sig_len ) ); 00322 } 00323 00324 /* 00325 * Verify a signature 00326 */ 00327 int mbedtls_pk_verify( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, 00328 const unsigned char *hash, size_t hash_len, 00329 const unsigned char *sig, size_t sig_len ) 00330 { 00331 return( mbedtls_pk_verify_restartable( ctx, md_alg, hash, hash_len, 00332 sig, sig_len, NULL ) ); 00333 } 00334 00335 /* 00336 * Verify a signature with options 00337 */ 00338 int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options, 00339 mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, 00340 const unsigned char *hash, size_t hash_len, 00341 const unsigned char *sig, size_t sig_len ) 00342 { 00343 PK_VALIDATE_RET( ctx != NULL ); 00344 PK_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hash_len == 0 ) || 00345 hash != NULL ); 00346 PK_VALIDATE_RET( sig != NULL ); 00347 00348 if( ctx->pk_info == NULL ) 00349 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 00350 00351 if( ! mbedtls_pk_can_do( ctx, type ) ) 00352 return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); 00353 00354 if( type == MBEDTLS_PK_RSASSA_PSS ) 00355 { 00356 #if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PKCS1_V21) 00357 int ret; 00358 const mbedtls_pk_rsassa_pss_options *pss_opts; 00359 00360 #if SIZE_MAX > UINT_MAX 00361 if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len ) 00362 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 00363 #endif /* SIZE_MAX > UINT_MAX */ 00364 00365 if( options == NULL ) 00366 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 00367 00368 pss_opts = (const mbedtls_pk_rsassa_pss_options *) options; 00369 00370 if( sig_len < mbedtls_pk_get_len( ctx ) ) 00371 return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); 00372 00373 ret = mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_pk_rsa( *ctx ), 00374 NULL, NULL, MBEDTLS_RSA_PUBLIC, 00375 md_alg, (unsigned int) hash_len, hash, 00376 pss_opts->mgf1_hash_id, 00377 pss_opts->expected_salt_len, 00378 sig ); 00379 if( ret != 0 ) 00380 return( ret ); 00381 00382 if( sig_len > mbedtls_pk_get_len( ctx ) ) 00383 return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH ); 00384 00385 return( 0 ); 00386 #else 00387 return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); 00388 #endif /* MBEDTLS_RSA_C && MBEDTLS_PKCS1_V21 */ 00389 } 00390 00391 /* General case: no options */ 00392 if( options != NULL ) 00393 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 00394 00395 return( mbedtls_pk_verify( ctx, md_alg, hash, hash_len, sig, sig_len ) ); 00396 } 00397 00398 /* 00399 * Make a signature (restartable) 00400 */ 00401 int mbedtls_pk_sign_restartable( mbedtls_pk_context *ctx, 00402 mbedtls_md_type_t md_alg, 00403 const unsigned char *hash, size_t hash_len, 00404 unsigned char *sig, size_t *sig_len, 00405 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, 00406 mbedtls_pk_restart_ctx *rs_ctx ) 00407 { 00408 PK_VALIDATE_RET( ctx != NULL ); 00409 PK_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hash_len == 0 ) || 00410 hash != NULL ); 00411 PK_VALIDATE_RET( sig != NULL ); 00412 00413 if( ctx->pk_info == NULL || 00414 pk_hashlen_helper( md_alg, &hash_len ) != 0 ) 00415 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 00416 00417 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 00418 /* optimization: use non-restartable version if restart disabled */ 00419 if( rs_ctx != NULL && 00420 mbedtls_ecp_restart_is_enabled() && 00421 ctx->pk_info->sign_rs_func != NULL ) 00422 { 00423 int ret; 00424 00425 if( ( ret = pk_restart_setup( rs_ctx, ctx->pk_info ) ) != 0 ) 00426 return( ret ); 00427 00428 ret = ctx->pk_info->sign_rs_func( ctx->pk_ctx, md_alg, 00429 hash, hash_len, sig, sig_len, f_rng, p_rng, rs_ctx->rs_ctx ); 00430 00431 if( ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) 00432 mbedtls_pk_restart_free( rs_ctx ); 00433 00434 return( ret ); 00435 } 00436 #else /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ 00437 (void) rs_ctx; 00438 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ 00439 00440 if( ctx->pk_info->sign_func == NULL ) 00441 return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); 00442 00443 return( ctx->pk_info->sign_func( ctx->pk_ctx, md_alg, hash, hash_len, 00444 sig, sig_len, f_rng, p_rng ) ); 00445 } 00446 00447 /* 00448 * Make a signature 00449 */ 00450 int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, 00451 const unsigned char *hash, size_t hash_len, 00452 unsigned char *sig, size_t *sig_len, 00453 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) 00454 { 00455 return( mbedtls_pk_sign_restartable( ctx, md_alg, hash, hash_len, 00456 sig, sig_len, f_rng, p_rng, NULL ) ); 00457 } 00458 00459 /* 00460 * Decrypt message 00461 */ 00462 int mbedtls_pk_decrypt( mbedtls_pk_context *ctx, 00463 const unsigned char *input, size_t ilen, 00464 unsigned char *output, size_t *olen, size_t osize, 00465 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) 00466 { 00467 PK_VALIDATE_RET( ctx != NULL ); 00468 PK_VALIDATE_RET( input != NULL || ilen == 0 ); 00469 PK_VALIDATE_RET( output != NULL || osize == 0 ); 00470 PK_VALIDATE_RET( olen != NULL ); 00471 00472 if( ctx->pk_info == NULL ) 00473 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 00474 00475 if( ctx->pk_info->decrypt_func == NULL ) 00476 return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); 00477 00478 return( ctx->pk_info->decrypt_func( ctx->pk_ctx, input, ilen, 00479 output, olen, osize, f_rng, p_rng ) ); 00480 } 00481 00482 /* 00483 * Encrypt message 00484 */ 00485 int mbedtls_pk_encrypt( mbedtls_pk_context *ctx, 00486 const unsigned char *input, size_t ilen, 00487 unsigned char *output, size_t *olen, size_t osize, 00488 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) 00489 { 00490 PK_VALIDATE_RET( ctx != NULL ); 00491 PK_VALIDATE_RET( input != NULL || ilen == 0 ); 00492 PK_VALIDATE_RET( output != NULL || osize == 0 ); 00493 PK_VALIDATE_RET( olen != NULL ); 00494 00495 if( ctx->pk_info == NULL ) 00496 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 00497 00498 if( ctx->pk_info->encrypt_func == NULL ) 00499 return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); 00500 00501 return( ctx->pk_info->encrypt_func( ctx->pk_ctx, input, ilen, 00502 output, olen, osize, f_rng, p_rng ) ); 00503 } 00504 00505 /* 00506 * Check public-private key pair 00507 */ 00508 int mbedtls_pk_check_pair( const mbedtls_pk_context *pub, const mbedtls_pk_context *prv ) 00509 { 00510 PK_VALIDATE_RET( pub != NULL ); 00511 PK_VALIDATE_RET( prv != NULL ); 00512 00513 if( pub->pk_info == NULL || 00514 prv->pk_info == NULL ) 00515 { 00516 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 00517 } 00518 00519 if( prv->pk_info->check_pair_func == NULL ) 00520 return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); 00521 00522 if( prv->pk_info->type == MBEDTLS_PK_RSA_ALT ) 00523 { 00524 if( pub->pk_info->type != MBEDTLS_PK_RSA ) 00525 return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); 00526 } 00527 else 00528 { 00529 if( pub->pk_info != prv->pk_info ) 00530 return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); 00531 } 00532 00533 return( prv->pk_info->check_pair_func( pub->pk_ctx, prv->pk_ctx ) ); 00534 } 00535 00536 /* 00537 * Get key size in bits 00538 */ 00539 size_t mbedtls_pk_get_bitlen( const mbedtls_pk_context *ctx ) 00540 { 00541 /* For backward compatibility, accept NULL or a context that 00542 * isn't set up yet, and return a fake value that should be safe. */ 00543 if( ctx == NULL || ctx->pk_info == NULL ) 00544 return( 0 ); 00545 00546 return( ctx->pk_info->get_bitlen( ctx->pk_ctx ) ); 00547 } 00548 00549 /* 00550 * Export debug information 00551 */ 00552 int mbedtls_pk_debug( const mbedtls_pk_context *ctx, mbedtls_pk_debug_item *items ) 00553 { 00554 PK_VALIDATE_RET( ctx != NULL ); 00555 if( ctx->pk_info == NULL ) 00556 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 00557 00558 if( ctx->pk_info->debug_func == NULL ) 00559 return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); 00560 00561 ctx->pk_info->debug_func( ctx->pk_ctx, items ); 00562 return( 0 ); 00563 } 00564 00565 /* 00566 * Access the PK type name 00567 */ 00568 const char *mbedtls_pk_get_name( const mbedtls_pk_context *ctx ) 00569 { 00570 if( ctx == NULL || ctx->pk_info == NULL ) 00571 return( "invalid PK" ); 00572 00573 return( ctx->pk_info->name ); 00574 } 00575 00576 /* 00577 * Access the PK type 00578 */ 00579 mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx ) 00580 { 00581 if( ctx == NULL || ctx->pk_info == NULL ) 00582 return( MBEDTLS_PK_NONE ); 00583 00584 return( ctx->pk_info->type ); 00585 } 00586 00587 #if defined(MBEDTLS_USE_PSA_CRYPTO) 00588 /* 00589 * Load the key to a PSA key slot, 00590 * then turn the PK context into a wrapper for that key slot. 00591 * 00592 * Currently only works for EC private keys. 00593 */ 00594 int mbedtls_pk_wrap_as_opaque( mbedtls_pk_context *pk, 00595 psa_key_handle_t *handle, 00596 psa_algorithm_t hash_alg ) 00597 { 00598 #if !defined(MBEDTLS_ECP_C) 00599 return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); 00600 #else 00601 const mbedtls_ecp_keypair *ec; 00602 unsigned char d[MBEDTLS_ECP_MAX_BYTES]; 00603 size_t d_len; 00604 psa_ecc_curve_t curve_id; 00605 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 00606 psa_key_type_t key_type; 00607 int ret; 00608 00609 /* export the private key material in the format PSA wants */ 00610 if( mbedtls_pk_get_type( pk ) != MBEDTLS_PK_ECKEY ) 00611 return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); 00612 00613 ec = mbedtls_pk_ec( *pk ); 00614 d_len = ( ec->grp .nbits + 7 ) / 8; 00615 if( ( ret = mbedtls_mpi_write_binary( &ec->d , d, d_len ) ) != 0 ) 00616 return( ret ); 00617 00618 curve_id = mbedtls_ecp_curve_info_from_grp_id( ec->grp .id )->tls_id ; 00619 key_type = PSA_KEY_TYPE_ECC_KEY_PAIR( 00620 mbedtls_psa_parse_tls_ecc_group ( curve_id ) ); 00621 00622 /* prepare the key attributes */ 00623 psa_set_key_type( &attributes, key_type ); 00624 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN ); 00625 psa_set_key_algorithm( &attributes, PSA_ALG_ECDSA(hash_alg) ); 00626 00627 /* import private key into PSA */ 00628 if( PSA_SUCCESS != psa_import_key( &attributes, d, d_len, handle ) ) 00629 return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED ); 00630 00631 /* make PK context wrap the key slot */ 00632 mbedtls_pk_free( pk ); 00633 mbedtls_pk_init( pk ); 00634 00635 return( mbedtls_pk_setup_opaque( pk, *handle ) ); 00636 #endif /* MBEDTLS_ECP_C */ 00637 } 00638 #endif /* MBEDTLS_USE_PSA_CRYPTO */ 00639 #endif /* MBEDTLS_PK_C */
Generated on Tue Jul 12 2022 13:54:41 by
1.7.2