1 /*
2 * Public Key abstraction layer: wrapper functions
3 *
4 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
5 * SPDX-License-Identifier: Apache-2.0
6 *
7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
8 * not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 *
19 * This file is part of mbed TLS (https://tls.mbed.org)
20 */
21
22 #if !defined(MBEDTLS_CONFIG_FILE)
23 #include "mbedtls/config.h"
24 #else
25 #include MBEDTLS_CONFIG_FILE
26 #endif
27
28 #if defined(MBEDTLS_PK_C)
29 #include "mbedtls/pk_internal.h"
30
31 /* Even if RSA not activated, for the sake of RSA-alt */
32 #include "mbedtls/rsa.h"
33
34 #include <string.h>
35
36 #if defined(MBEDTLS_ECP_C)
37 #include "mbedtls/ecp.h"
38 #endif
39
40 #if defined(MBEDTLS_ECDSA_C)
41 #include "mbedtls/ecdsa.h"
42 #endif
43
44 #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
45 #include "mbedtls/platform_util.h"
46 #endif
47
48 #if defined(MBEDTLS_PLATFORM_C)
49 #include "mbedtls/platform.h"
50 #else
51 #include <stdlib.h>
52 #define mbedtls_calloc calloc
53 #define mbedtls_free free
54 #endif
55
56 #include <limits.h>
57 #include <stdint.h>
58
59 #if defined(MBEDTLS_RSA_C)
rsa_can_do(mbedtls_pk_type_t type)60 static int rsa_can_do( mbedtls_pk_type_t type )
61 {
62 return( type == MBEDTLS_PK_RSA ||
63 type == MBEDTLS_PK_RSASSA_PSS );
64 }
65
rsa_get_bitlen(const void * ctx)66 static size_t rsa_get_bitlen( const void *ctx )
67 {
68 const mbedtls_rsa_context * rsa = (const mbedtls_rsa_context *) ctx;
69 return( 8 * mbedtls_rsa_get_len( rsa ) );
70 }
71
rsa_verify_wrap(void * ctx,mbedtls_md_type_t md_alg,const unsigned char * hash,size_t hash_len,const unsigned char * sig,size_t sig_len)72 static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
73 const unsigned char *hash, size_t hash_len,
74 const unsigned char *sig, size_t sig_len )
75 {
76 int ret;
77 mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
78 size_t rsa_len = mbedtls_rsa_get_len( rsa );
79
80 #if SIZE_MAX > UINT_MAX
81 if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len )
82 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
83 #endif /* SIZE_MAX > UINT_MAX */
84
85 if( sig_len < rsa_len )
86 return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
87
88 if( ( ret = mbedtls_rsa_pkcs1_verify( rsa, NULL, NULL,
89 MBEDTLS_RSA_PUBLIC, md_alg,
90 (unsigned int) hash_len, hash, sig ) ) != 0 )
91 return( ret );
92
93 /* The buffer contains a valid signature followed by extra data.
94 * We have a special error code for that so that so that callers can
95 * use mbedtls_pk_verify() to check "Does the buffer start with a
96 * valid signature?" and not just "Does the buffer contain a valid
97 * signature?". */
98 if( sig_len > rsa_len )
99 return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );
100
101 return( 0 );
102 }
103
rsa_sign_wrap(void * ctx,mbedtls_md_type_t md_alg,const unsigned char * hash,size_t hash_len,unsigned char * sig,size_t * sig_len,int (* f_rng)(void *,unsigned char *,size_t),void * p_rng)104 static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
105 const unsigned char *hash, size_t hash_len,
106 unsigned char *sig, size_t *sig_len,
107 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
108 {
109 mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
110
111 #if SIZE_MAX > UINT_MAX
112 if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len )
113 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
114 #endif /* SIZE_MAX > UINT_MAX */
115
116 *sig_len = mbedtls_rsa_get_len( rsa );
117
118 return( mbedtls_rsa_pkcs1_sign( rsa, f_rng, p_rng, MBEDTLS_RSA_PRIVATE,
119 md_alg, (unsigned int) hash_len, hash, sig ) );
120 }
121
rsa_decrypt_wrap(void * ctx,const unsigned char * input,size_t ilen,unsigned char * output,size_t * olen,size_t osize,int (* f_rng)(void *,unsigned char *,size_t),void * p_rng)122 static int rsa_decrypt_wrap( void *ctx,
123 const unsigned char *input, size_t ilen,
124 unsigned char *output, size_t *olen, size_t osize,
125 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
126 {
127 mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
128
129 if( ilen != mbedtls_rsa_get_len( rsa ) )
130 return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
131
132 return( mbedtls_rsa_pkcs1_decrypt( rsa, f_rng, p_rng,
133 MBEDTLS_RSA_PRIVATE, olen, input, output, osize ) );
134 }
135
rsa_encrypt_wrap(void * ctx,const unsigned char * input,size_t ilen,unsigned char * output,size_t * olen,size_t osize,int (* f_rng)(void *,unsigned char *,size_t),void * p_rng)136 static int rsa_encrypt_wrap( void *ctx,
137 const unsigned char *input, size_t ilen,
138 unsigned char *output, size_t *olen, size_t osize,
139 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
140 {
141 mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
142 *olen = mbedtls_rsa_get_len( rsa );
143
144 if( *olen > osize )
145 return( MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE );
146
147 return( mbedtls_rsa_pkcs1_encrypt( rsa, f_rng, p_rng, MBEDTLS_RSA_PUBLIC,
148 ilen, input, output ) );
149 }
150
rsa_check_pair_wrap(const void * pub,const void * prv)151 static int rsa_check_pair_wrap( const void *pub, const void *prv )
152 {
153 return( mbedtls_rsa_check_pub_priv( (const mbedtls_rsa_context *) pub,
154 (const mbedtls_rsa_context *) prv ) );
155 }
156
rsa_alloc_wrap(void)157 static void *rsa_alloc_wrap( void )
158 {
159 void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_rsa_context ) );
160
161 if( ctx != NULL )
162 mbedtls_rsa_init( (mbedtls_rsa_context *) ctx, 0, 0 );
163
164 return( ctx );
165 }
166
rsa_free_wrap(void * ctx)167 static void rsa_free_wrap( void *ctx )
168 {
169 mbedtls_rsa_free( (mbedtls_rsa_context *) ctx );
170 mbedtls_free( ctx );
171 }
172
rsa_debug(const void * ctx,mbedtls_pk_debug_item * items)173 static void rsa_debug( const void *ctx, mbedtls_pk_debug_item *items )
174 {
175 items->type = MBEDTLS_PK_DEBUG_MPI;
176 items->name = "rsa.N";
177 items->value = &( ((mbedtls_rsa_context *) ctx)->N );
178
179 items++;
180
181 items->type = MBEDTLS_PK_DEBUG_MPI;
182 items->name = "rsa.E";
183 items->value = &( ((mbedtls_rsa_context *) ctx)->E );
184 }
185
186 const mbedtls_pk_info_t mbedtls_rsa_info = {
187 MBEDTLS_PK_RSA,
188 "RSA",
189 rsa_get_bitlen,
190 rsa_can_do,
191 rsa_verify_wrap,
192 rsa_sign_wrap,
193 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
194 NULL,
195 NULL,
196 #endif
197 rsa_decrypt_wrap,
198 rsa_encrypt_wrap,
199 rsa_check_pair_wrap,
200 rsa_alloc_wrap,
201 rsa_free_wrap,
202 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
203 NULL,
204 NULL,
205 #endif
206 rsa_debug,
207 };
208 #endif /* MBEDTLS_RSA_C */
209
210 #if defined(MBEDTLS_ECP_C)
211 /*
212 * Generic EC key
213 */
eckey_can_do(mbedtls_pk_type_t type)214 static int eckey_can_do( mbedtls_pk_type_t type )
215 {
216 return( type == MBEDTLS_PK_ECKEY ||
217 type == MBEDTLS_PK_ECKEY_DH ||
218 type == MBEDTLS_PK_ECDSA );
219 }
220
eckey_get_bitlen(const void * ctx)221 static size_t eckey_get_bitlen( const void *ctx )
222 {
223 return( ((mbedtls_ecp_keypair *) ctx)->grp.pbits );
224 }
225
226 #if defined(MBEDTLS_ECDSA_C)
227 /* Forward declarations */
228 static int ecdsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
229 const unsigned char *hash, size_t hash_len,
230 const unsigned char *sig, size_t sig_len );
231
232 static int ecdsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
233 const unsigned char *hash, size_t hash_len,
234 unsigned char *sig, size_t *sig_len,
235 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
236
eckey_verify_wrap(void * ctx,mbedtls_md_type_t md_alg,const unsigned char * hash,size_t hash_len,const unsigned char * sig,size_t sig_len)237 static int eckey_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
238 const unsigned char *hash, size_t hash_len,
239 const unsigned char *sig, size_t sig_len )
240 {
241 int ret;
242 mbedtls_ecdsa_context ecdsa;
243
244 mbedtls_ecdsa_init( &ecdsa );
245
246 if( ( ret = mbedtls_ecdsa_from_keypair( &ecdsa, ctx ) ) == 0 )
247 ret = ecdsa_verify_wrap( &ecdsa, md_alg, hash, hash_len, sig, sig_len );
248
249 mbedtls_ecdsa_free( &ecdsa );
250
251 return( ret );
252 }
253
eckey_sign_wrap(void * ctx,mbedtls_md_type_t md_alg,const unsigned char * hash,size_t hash_len,unsigned char * sig,size_t * sig_len,int (* f_rng)(void *,unsigned char *,size_t),void * p_rng)254 static int eckey_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
255 const unsigned char *hash, size_t hash_len,
256 unsigned char *sig, size_t *sig_len,
257 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
258 {
259 int ret;
260 mbedtls_ecdsa_context ecdsa;
261
262 mbedtls_ecdsa_init( &ecdsa );
263
264 if( ( ret = mbedtls_ecdsa_from_keypair( &ecdsa, ctx ) ) == 0 )
265 ret = ecdsa_sign_wrap( &ecdsa, md_alg, hash, hash_len, sig, sig_len,
266 f_rng, p_rng );
267
268 mbedtls_ecdsa_free( &ecdsa );
269
270 return( ret );
271 }
272
273 #if defined(MBEDTLS_ECP_RESTARTABLE)
274 /* Forward declarations */
275 static int ecdsa_verify_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
276 const unsigned char *hash, size_t hash_len,
277 const unsigned char *sig, size_t sig_len,
278 void *rs_ctx );
279
280 static int ecdsa_sign_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
281 const unsigned char *hash, size_t hash_len,
282 unsigned char *sig, size_t *sig_len,
283 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
284 void *rs_ctx );
285
286 /*
287 * Restart context for ECDSA operations with ECKEY context
288 *
289 * We need to store an actual ECDSA context, as we need to pass the same to
290 * the underlying ecdsa function, so we can't create it on the fly every time.
291 */
292 typedef struct
293 {
294 mbedtls_ecdsa_restart_ctx ecdsa_rs;
295 mbedtls_ecdsa_context ecdsa_ctx;
296 } eckey_restart_ctx;
297
eckey_rs_alloc(void)298 static void *eckey_rs_alloc( void )
299 {
300 eckey_restart_ctx *rs_ctx;
301
302 void *ctx = mbedtls_calloc( 1, sizeof( eckey_restart_ctx ) );
303
304 if( ctx != NULL )
305 {
306 rs_ctx = ctx;
307 mbedtls_ecdsa_restart_init( &rs_ctx->ecdsa_rs );
308 mbedtls_ecdsa_init( &rs_ctx->ecdsa_ctx );
309 }
310
311 return( ctx );
312 }
313
eckey_rs_free(void * ctx)314 static void eckey_rs_free( void *ctx )
315 {
316 eckey_restart_ctx *rs_ctx;
317
318 if( ctx == NULL)
319 return;
320
321 rs_ctx = ctx;
322 mbedtls_ecdsa_restart_free( &rs_ctx->ecdsa_rs );
323 mbedtls_ecdsa_free( &rs_ctx->ecdsa_ctx );
324
325 mbedtls_free( ctx );
326 }
327
eckey_verify_rs_wrap(void * ctx,mbedtls_md_type_t md_alg,const unsigned char * hash,size_t hash_len,const unsigned char * sig,size_t sig_len,void * rs_ctx)328 static int eckey_verify_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
329 const unsigned char *hash, size_t hash_len,
330 const unsigned char *sig, size_t sig_len,
331 void *rs_ctx )
332 {
333 int ret;
334 eckey_restart_ctx *rs = rs_ctx;
335
336 /* Should never happen */
337 if( rs == NULL )
338 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
339
340 /* set up our own sub-context if needed (that is, on first run) */
341 if( rs->ecdsa_ctx.grp.pbits == 0 )
342 MBEDTLS_MPI_CHK( mbedtls_ecdsa_from_keypair( &rs->ecdsa_ctx, ctx ) );
343
344 MBEDTLS_MPI_CHK( ecdsa_verify_rs_wrap( &rs->ecdsa_ctx,
345 md_alg, hash, hash_len,
346 sig, sig_len, &rs->ecdsa_rs ) );
347
348 cleanup:
349 return( ret );
350 }
351
eckey_sign_rs_wrap(void * ctx,mbedtls_md_type_t md_alg,const unsigned char * hash,size_t hash_len,unsigned char * sig,size_t * sig_len,int (* f_rng)(void *,unsigned char *,size_t),void * p_rng,void * rs_ctx)352 static int eckey_sign_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
353 const unsigned char *hash, size_t hash_len,
354 unsigned char *sig, size_t *sig_len,
355 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
356 void *rs_ctx )
357 {
358 int ret;
359 eckey_restart_ctx *rs = rs_ctx;
360
361 /* Should never happen */
362 if( rs == NULL )
363 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
364
365 /* set up our own sub-context if needed (that is, on first run) */
366 if( rs->ecdsa_ctx.grp.pbits == 0 )
367 MBEDTLS_MPI_CHK( mbedtls_ecdsa_from_keypair( &rs->ecdsa_ctx, ctx ) );
368
369 MBEDTLS_MPI_CHK( ecdsa_sign_rs_wrap( &rs->ecdsa_ctx, md_alg,
370 hash, hash_len, sig, sig_len,
371 f_rng, p_rng, &rs->ecdsa_rs ) );
372
373 cleanup:
374 return( ret );
375 }
376 #endif /* MBEDTLS_ECP_RESTARTABLE */
377 #endif /* MBEDTLS_ECDSA_C */
378
eckey_check_pair(const void * pub,const void * prv)379 static int eckey_check_pair( const void *pub, const void *prv )
380 {
381 return( mbedtls_ecp_check_pub_priv( (const mbedtls_ecp_keypair *) pub,
382 (const mbedtls_ecp_keypair *) prv ) );
383 }
384
eckey_alloc_wrap(void)385 static void *eckey_alloc_wrap( void )
386 {
387 void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ecp_keypair ) );
388
389 if( ctx != NULL )
390 mbedtls_ecp_keypair_init( ctx );
391
392 return( ctx );
393 }
394
eckey_free_wrap(void * ctx)395 static void eckey_free_wrap( void *ctx )
396 {
397 mbedtls_ecp_keypair_free( (mbedtls_ecp_keypair *) ctx );
398 mbedtls_free( ctx );
399 }
400
eckey_debug(const void * ctx,mbedtls_pk_debug_item * items)401 static void eckey_debug( const void *ctx, mbedtls_pk_debug_item *items )
402 {
403 items->type = MBEDTLS_PK_DEBUG_ECP;
404 items->name = "eckey.Q";
405 items->value = &( ((mbedtls_ecp_keypair *) ctx)->Q );
406 }
407
408 const mbedtls_pk_info_t mbedtls_eckey_info = {
409 MBEDTLS_PK_ECKEY,
410 "EC",
411 eckey_get_bitlen,
412 eckey_can_do,
413 #if defined(MBEDTLS_ECDSA_C)
414 eckey_verify_wrap,
415 eckey_sign_wrap,
416 #if defined(MBEDTLS_ECP_RESTARTABLE)
417 eckey_verify_rs_wrap,
418 eckey_sign_rs_wrap,
419 #endif
420 #else /* MBEDTLS_ECDSA_C */
421 NULL,
422 NULL,
423 #endif /* MBEDTLS_ECDSA_C */
424 NULL,
425 NULL,
426 eckey_check_pair,
427 eckey_alloc_wrap,
428 eckey_free_wrap,
429 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
430 eckey_rs_alloc,
431 eckey_rs_free,
432 #endif
433 eckey_debug,
434 };
435
436 /*
437 * EC key restricted to ECDH
438 */
eckeydh_can_do(mbedtls_pk_type_t type)439 static int eckeydh_can_do( mbedtls_pk_type_t type )
440 {
441 return( type == MBEDTLS_PK_ECKEY ||
442 type == MBEDTLS_PK_ECKEY_DH );
443 }
444
445 const mbedtls_pk_info_t mbedtls_eckeydh_info = {
446 MBEDTLS_PK_ECKEY_DH,
447 "EC_DH",
448 eckey_get_bitlen, /* Same underlying key structure */
449 eckeydh_can_do,
450 NULL,
451 NULL,
452 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
453 NULL,
454 NULL,
455 #endif
456 NULL,
457 NULL,
458 eckey_check_pair,
459 eckey_alloc_wrap, /* Same underlying key structure */
460 eckey_free_wrap, /* Same underlying key structure */
461 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
462 NULL,
463 NULL,
464 #endif
465 eckey_debug, /* Same underlying key structure */
466 };
467 #endif /* MBEDTLS_ECP_C */
468
469 #if defined(MBEDTLS_ECDSA_C)
ecdsa_can_do(mbedtls_pk_type_t type)470 static int ecdsa_can_do( mbedtls_pk_type_t type )
471 {
472 return( type == MBEDTLS_PK_ECDSA );
473 }
474
ecdsa_verify_wrap(void * ctx,mbedtls_md_type_t md_alg,const unsigned char * hash,size_t hash_len,const unsigned char * sig,size_t sig_len)475 static int ecdsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
476 const unsigned char *hash, size_t hash_len,
477 const unsigned char *sig, size_t sig_len )
478 {
479 int ret;
480 ((void) md_alg);
481
482 ret = mbedtls_ecdsa_read_signature( (mbedtls_ecdsa_context *) ctx,
483 hash, hash_len, sig, sig_len );
484
485 if( ret == MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH )
486 return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );
487
488 return( ret );
489 }
490
ecdsa_sign_wrap(void * ctx,mbedtls_md_type_t md_alg,const unsigned char * hash,size_t hash_len,unsigned char * sig,size_t * sig_len,int (* f_rng)(void *,unsigned char *,size_t),void * p_rng)491 static int ecdsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
492 const unsigned char *hash, size_t hash_len,
493 unsigned char *sig, size_t *sig_len,
494 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
495 {
496 return( mbedtls_ecdsa_write_signature( (mbedtls_ecdsa_context *) ctx,
497 md_alg, hash, hash_len, sig, sig_len, f_rng, p_rng ) );
498 }
499
500 #if defined(MBEDTLS_ECP_RESTARTABLE)
ecdsa_verify_rs_wrap(void * ctx,mbedtls_md_type_t md_alg,const unsigned char * hash,size_t hash_len,const unsigned char * sig,size_t sig_len,void * rs_ctx)501 static int ecdsa_verify_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
502 const unsigned char *hash, size_t hash_len,
503 const unsigned char *sig, size_t sig_len,
504 void *rs_ctx )
505 {
506 int ret;
507 ((void) md_alg);
508
509 ret = mbedtls_ecdsa_read_signature_restartable(
510 (mbedtls_ecdsa_context *) ctx,
511 hash, hash_len, sig, sig_len,
512 (mbedtls_ecdsa_restart_ctx *) rs_ctx );
513
514 if( ret == MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH )
515 return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );
516
517 return( ret );
518 }
519
ecdsa_sign_rs_wrap(void * ctx,mbedtls_md_type_t md_alg,const unsigned char * hash,size_t hash_len,unsigned char * sig,size_t * sig_len,int (* f_rng)(void *,unsigned char *,size_t),void * p_rng,void * rs_ctx)520 static int ecdsa_sign_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
521 const unsigned char *hash, size_t hash_len,
522 unsigned char *sig, size_t *sig_len,
523 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
524 void *rs_ctx )
525 {
526 return( mbedtls_ecdsa_write_signature_restartable(
527 (mbedtls_ecdsa_context *) ctx,
528 md_alg, hash, hash_len, sig, sig_len, f_rng, p_rng,
529 (mbedtls_ecdsa_restart_ctx *) rs_ctx ) );
530
531 }
532 #endif /* MBEDTLS_ECP_RESTARTABLE */
533
ecdsa_alloc_wrap(void)534 static void *ecdsa_alloc_wrap( void )
535 {
536 void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ecdsa_context ) );
537
538 if( ctx != NULL )
539 mbedtls_ecdsa_init( (mbedtls_ecdsa_context *) ctx );
540
541 return( ctx );
542 }
543
ecdsa_free_wrap(void * ctx)544 static void ecdsa_free_wrap( void *ctx )
545 {
546 mbedtls_ecdsa_free( (mbedtls_ecdsa_context *) ctx );
547 mbedtls_free( ctx );
548 }
549
550 #if defined(MBEDTLS_ECP_RESTARTABLE)
ecdsa_rs_alloc(void)551 static void *ecdsa_rs_alloc( void )
552 {
553 void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ecdsa_restart_ctx ) );
554
555 if( ctx != NULL )
556 mbedtls_ecdsa_restart_init( ctx );
557
558 return( ctx );
559 }
560
ecdsa_rs_free(void * ctx)561 static void ecdsa_rs_free( void *ctx )
562 {
563 mbedtls_ecdsa_restart_free( ctx );
564 mbedtls_free( ctx );
565 }
566 #endif /* MBEDTLS_ECP_RESTARTABLE */
567
568 const mbedtls_pk_info_t mbedtls_ecdsa_info = {
569 MBEDTLS_PK_ECDSA,
570 "ECDSA",
571 eckey_get_bitlen, /* Compatible key structures */
572 ecdsa_can_do,
573 ecdsa_verify_wrap,
574 ecdsa_sign_wrap,
575 #if defined(MBEDTLS_ECP_RESTARTABLE)
576 ecdsa_verify_rs_wrap,
577 ecdsa_sign_rs_wrap,
578 #endif
579 NULL,
580 NULL,
581 eckey_check_pair, /* Compatible key structures */
582 ecdsa_alloc_wrap,
583 ecdsa_free_wrap,
584 #if defined(MBEDTLS_ECP_RESTARTABLE)
585 ecdsa_rs_alloc,
586 ecdsa_rs_free,
587 #endif
588 eckey_debug, /* Compatible key structures */
589 };
590 #endif /* MBEDTLS_ECDSA_C */
591
592 #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
593 /*
594 * Support for alternative RSA-private implementations
595 */
596
rsa_alt_can_do(mbedtls_pk_type_t type)597 static int rsa_alt_can_do( mbedtls_pk_type_t type )
598 {
599 return( type == MBEDTLS_PK_RSA );
600 }
601
rsa_alt_get_bitlen(const void * ctx)602 static size_t rsa_alt_get_bitlen( const void *ctx )
603 {
604 const mbedtls_rsa_alt_context *rsa_alt = (const mbedtls_rsa_alt_context *) ctx;
605
606 return( 8 * rsa_alt->key_len_func( rsa_alt->key ) );
607 }
608
rsa_alt_sign_wrap(void * ctx,mbedtls_md_type_t md_alg,const unsigned char * hash,size_t hash_len,unsigned char * sig,size_t * sig_len,int (* f_rng)(void *,unsigned char *,size_t),void * p_rng)609 static int rsa_alt_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
610 const unsigned char *hash, size_t hash_len,
611 unsigned char *sig, size_t *sig_len,
612 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
613 {
614 mbedtls_rsa_alt_context *rsa_alt = (mbedtls_rsa_alt_context *) ctx;
615
616 #if SIZE_MAX > UINT_MAX
617 if( UINT_MAX < hash_len )
618 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
619 #endif /* SIZE_MAX > UINT_MAX */
620
621 *sig_len = rsa_alt->key_len_func( rsa_alt->key );
622
623 return( rsa_alt->sign_func( rsa_alt->key, f_rng, p_rng, MBEDTLS_RSA_PRIVATE,
624 md_alg, (unsigned int) hash_len, hash, sig ) );
625 }
626
rsa_alt_decrypt_wrap(void * ctx,const unsigned char * input,size_t ilen,unsigned char * output,size_t * olen,size_t osize,int (* f_rng)(void *,unsigned char *,size_t),void * p_rng)627 static int rsa_alt_decrypt_wrap( void *ctx,
628 const unsigned char *input, size_t ilen,
629 unsigned char *output, size_t *olen, size_t osize,
630 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
631 {
632 mbedtls_rsa_alt_context *rsa_alt = (mbedtls_rsa_alt_context *) ctx;
633
634 ((void) f_rng);
635 ((void) p_rng);
636
637 if( ilen != rsa_alt->key_len_func( rsa_alt->key ) )
638 return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
639
640 return( rsa_alt->decrypt_func( rsa_alt->key,
641 MBEDTLS_RSA_PRIVATE, olen, input, output, osize ) );
642 }
643
644 #if defined(MBEDTLS_RSA_C)
rsa_alt_check_pair(const void * pub,const void * prv)645 static int rsa_alt_check_pair( const void *pub, const void *prv )
646 {
647 unsigned char sig[MBEDTLS_MPI_MAX_SIZE];
648 unsigned char hash[32];
649 size_t sig_len = 0;
650 int ret;
651
652 if( rsa_alt_get_bitlen( prv ) != rsa_get_bitlen( pub ) )
653 return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
654
655 memset( hash, 0x2a, sizeof( hash ) );
656
657 if( ( ret = rsa_alt_sign_wrap( (void *) prv, MBEDTLS_MD_NONE,
658 hash, sizeof( hash ),
659 sig, &sig_len, NULL, NULL ) ) != 0 )
660 {
661 return( ret );
662 }
663
664 if( rsa_verify_wrap( (void *) pub, MBEDTLS_MD_NONE,
665 hash, sizeof( hash ), sig, sig_len ) != 0 )
666 {
667 return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
668 }
669
670 return( 0 );
671 }
672 #endif /* MBEDTLS_RSA_C */
673
rsa_alt_alloc_wrap(void)674 static void *rsa_alt_alloc_wrap( void )
675 {
676 void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_rsa_alt_context ) );
677
678 if( ctx != NULL )
679 memset( ctx, 0, sizeof( mbedtls_rsa_alt_context ) );
680
681 return( ctx );
682 }
683
rsa_alt_free_wrap(void * ctx)684 static void rsa_alt_free_wrap( void *ctx )
685 {
686 mbedtls_platform_zeroize( ctx, sizeof( mbedtls_rsa_alt_context ) );
687 mbedtls_free( ctx );
688 }
689
690 const mbedtls_pk_info_t mbedtls_rsa_alt_info = {
691 MBEDTLS_PK_RSA_ALT,
692 "RSA-alt",
693 rsa_alt_get_bitlen,
694 rsa_alt_can_do,
695 NULL,
696 rsa_alt_sign_wrap,
697 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
698 NULL,
699 NULL,
700 #endif
701 rsa_alt_decrypt_wrap,
702 NULL,
703 #if defined(MBEDTLS_RSA_C)
704 rsa_alt_check_pair,
705 #else
706 NULL,
707 #endif
708 rsa_alt_alloc_wrap,
709 rsa_alt_free_wrap,
710 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
711 NULL,
712 NULL,
713 #endif
714 NULL,
715 };
716
717 #endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
718
719 #endif /* MBEDTLS_PK_C */
720