xref: /reactos/dll/3rdparty/mbedtls/pk_wrap.c (revision 05c39d8d) 
1 /*
2  *  Public Key abstraction layer: wrapper functions
3  *
4  *  Copyright The Mbed TLS Contributors
5  *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
6  *
7  *  This file is provided under the Apache License 2.0, or the
8  *  GNU General Public License v2.0 or later.
9  *
10  *  **********
11  *  Apache License 2.0:
12  *
13  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
14  *  not use this file except in compliance with the License.
15  *  You may obtain a copy of the License at
16  *
17  *  http://www.apache.org/licenses/LICENSE-2.0
18  *
19  *  Unless required by applicable law or agreed to in writing, software
20  *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
21  *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
22  *  See the License for the specific language governing permissions and
23  *  limitations under the License.
24  *
25  *  **********
26  *
27  *  **********
28  *  GNU General Public License v2.0 or later:
29  *
30  *  This program is free software; you can redistribute it and/or modify
31  *  it under the terms of the GNU General Public License as published by
32  *  the Free Software Foundation; either version 2 of the License, or
33  *  (at your option) any later version.
34  *
35  *  This program is distributed in the hope that it will be useful,
36  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
37  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
38  *  GNU General Public License for more details.
39  *
40  *  You should have received a copy of the GNU General Public License along
41  *  with this program; if not, write to the Free Software Foundation, Inc.,
42  *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
43  *
44  *  **********
45  */
46 
47 #if !defined(MBEDTLS_CONFIG_FILE)
48 #include "mbedtls/config.h"
49 #else
50 #include MBEDTLS_CONFIG_FILE
51 #endif
52 
53 #if defined(MBEDTLS_PK_C)
54 #include "mbedtls/pk_internal.h"
55 
56 /* Even if RSA not activated, for the sake of RSA-alt */
57 #include "mbedtls/rsa.h"
58 
59 #include <string.h>
60 
61 #if defined(MBEDTLS_ECP_C)
62 #include "mbedtls/ecp.h"
63 #endif
64 
65 #if defined(MBEDTLS_ECDSA_C)
66 #include "mbedtls/ecdsa.h"
67 #endif
68 
69 #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
70 #include "mbedtls/platform_util.h"
71 #endif
72 
73 #if defined(MBEDTLS_PLATFORM_C)
74 #include "mbedtls/platform.h"
75 #else
76 #include <stdlib.h>
77 #define mbedtls_calloc    calloc
78 #define mbedtls_free       free
79 #endif
80 
81 #include <limits.h>
82 #include <stdint.h>
83 
84 #if defined(MBEDTLS_RSA_C)
85 static int rsa_can_do( mbedtls_pk_type_t type )
86 {
87     return( type == MBEDTLS_PK_RSA ||
88             type == MBEDTLS_PK_RSASSA_PSS );
89 }
90 
91 static size_t rsa_get_bitlen( const void *ctx )
92 {
93     const mbedtls_rsa_context * rsa = (const mbedtls_rsa_context *) ctx;
94     return( 8 * mbedtls_rsa_get_len( rsa ) );
95 }
96 
97 static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
98                    const unsigned char *hash, size_t hash_len,
99                    const unsigned char *sig, size_t sig_len )
100 {
101     int ret;
102     mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
103     size_t rsa_len = mbedtls_rsa_get_len( rsa );
104 
105 #if SIZE_MAX > UINT_MAX
106     if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len )
107         return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
108 #endif /* SIZE_MAX > UINT_MAX */
109 
110     if( sig_len < rsa_len )
111         return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
112 
113     if( ( ret = mbedtls_rsa_pkcs1_verify( rsa, NULL, NULL,
114                                   MBEDTLS_RSA_PUBLIC, md_alg,
115                                   (unsigned int) hash_len, hash, sig ) ) != 0 )
116         return( ret );
117 
118     /* The buffer contains a valid signature followed by extra data.
119      * We have a special error code for that so that so that callers can
120      * use mbedtls_pk_verify() to check "Does the buffer start with a
121      * valid signature?" and not just "Does the buffer contain a valid
122      * signature?". */
123     if( sig_len > rsa_len )
124         return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );
125 
126     return( 0 );
127 }
128 
129 static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
130                    const unsigned char *hash, size_t hash_len,
131                    unsigned char *sig, size_t *sig_len,
132                    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
133 {
134     mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
135 
136 #if SIZE_MAX > UINT_MAX
137     if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len )
138         return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
139 #endif /* SIZE_MAX > UINT_MAX */
140 
141     *sig_len = mbedtls_rsa_get_len( rsa );
142 
143     return( mbedtls_rsa_pkcs1_sign( rsa, f_rng, p_rng, MBEDTLS_RSA_PRIVATE,
144                 md_alg, (unsigned int) hash_len, hash, sig ) );
145 }
146 
147 static int rsa_decrypt_wrap( void *ctx,
148                     const unsigned char *input, size_t ilen,
149                     unsigned char *output, size_t *olen, size_t osize,
150                     int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
151 {
152     mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
153 
154     if( ilen != mbedtls_rsa_get_len( rsa ) )
155         return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
156 
157     return( mbedtls_rsa_pkcs1_decrypt( rsa, f_rng, p_rng,
158                 MBEDTLS_RSA_PRIVATE, olen, input, output, osize ) );
159 }
160 
161 static int rsa_encrypt_wrap( void *ctx,
162                     const unsigned char *input, size_t ilen,
163                     unsigned char *output, size_t *olen, size_t osize,
164                     int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
165 {
166     mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
167     *olen = mbedtls_rsa_get_len( rsa );
168 
169     if( *olen > osize )
170         return( MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE );
171 
172     return( mbedtls_rsa_pkcs1_encrypt( rsa, f_rng, p_rng, MBEDTLS_RSA_PUBLIC,
173                                        ilen, input, output ) );
174 }
175 
176 static int rsa_check_pair_wrap( const void *pub, const void *prv )
177 {
178     return( mbedtls_rsa_check_pub_priv( (const mbedtls_rsa_context *) pub,
179                                 (const mbedtls_rsa_context *) prv ) );
180 }
181 
182 static void *rsa_alloc_wrap( void )
183 {
184     void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_rsa_context ) );
185 
186     if( ctx != NULL )
187         mbedtls_rsa_init( (mbedtls_rsa_context *) ctx, 0, 0 );
188 
189     return( ctx );
190 }
191 
192 static void rsa_free_wrap( void *ctx )
193 {
194     mbedtls_rsa_free( (mbedtls_rsa_context *) ctx );
195     mbedtls_free( ctx );
196 }
197 
198 static void rsa_debug( const void *ctx, mbedtls_pk_debug_item *items )
199 {
200     items->type = MBEDTLS_PK_DEBUG_MPI;
201     items->name = "rsa.N";
202     items->value = &( ((mbedtls_rsa_context *) ctx)->N );
203 
204     items++;
205 
206     items->type = MBEDTLS_PK_DEBUG_MPI;
207     items->name = "rsa.E";
208     items->value = &( ((mbedtls_rsa_context *) ctx)->E );
209 }
210 
211 const mbedtls_pk_info_t mbedtls_rsa_info = {
212     MBEDTLS_PK_RSA,
213     "RSA",
214     rsa_get_bitlen,
215     rsa_can_do,
216     rsa_verify_wrap,
217     rsa_sign_wrap,
218 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
219     NULL,
220     NULL,
221 #endif
222     rsa_decrypt_wrap,
223     rsa_encrypt_wrap,
224     rsa_check_pair_wrap,
225     rsa_alloc_wrap,
226     rsa_free_wrap,
227 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
228     NULL,
229     NULL,
230 #endif
231     rsa_debug,
232 };
233 #endif /* MBEDTLS_RSA_C */
234 
235 #if defined(MBEDTLS_ECP_C)
236 /*
237  * Generic EC key
238  */
239 static int eckey_can_do( mbedtls_pk_type_t type )
240 {
241     return( type == MBEDTLS_PK_ECKEY ||
242             type == MBEDTLS_PK_ECKEY_DH ||
243             type == MBEDTLS_PK_ECDSA );
244 }
245 
246 static size_t eckey_get_bitlen( const void *ctx )
247 {
248     return( ((mbedtls_ecp_keypair *) ctx)->grp.pbits );
249 }
250 
251 #if defined(MBEDTLS_ECDSA_C)
252 /* Forward declarations */
253 static int ecdsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
254                        const unsigned char *hash, size_t hash_len,
255                        const unsigned char *sig, size_t sig_len );
256 
257 static int ecdsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
258                    const unsigned char *hash, size_t hash_len,
259                    unsigned char *sig, size_t *sig_len,
260                    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
261 
262 static int eckey_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
263                        const unsigned char *hash, size_t hash_len,
264                        const unsigned char *sig, size_t sig_len )
265 {
266     int ret;
267     mbedtls_ecdsa_context ecdsa;
268 
269     mbedtls_ecdsa_init( &ecdsa );
270 
271     if( ( ret = mbedtls_ecdsa_from_keypair( &ecdsa, ctx ) ) == 0 )
272         ret = ecdsa_verify_wrap( &ecdsa, md_alg, hash, hash_len, sig, sig_len );
273 
274     mbedtls_ecdsa_free( &ecdsa );
275 
276     return( ret );
277 }
278 
279 static int eckey_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
280                    const unsigned char *hash, size_t hash_len,
281                    unsigned char *sig, size_t *sig_len,
282                    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
283 {
284     int ret;
285     mbedtls_ecdsa_context ecdsa;
286 
287     mbedtls_ecdsa_init( &ecdsa );
288 
289     if( ( ret = mbedtls_ecdsa_from_keypair( &ecdsa, ctx ) ) == 0 )
290         ret = ecdsa_sign_wrap( &ecdsa, md_alg, hash, hash_len, sig, sig_len,
291                                f_rng, p_rng );
292 
293     mbedtls_ecdsa_free( &ecdsa );
294 
295     return( ret );
296 }
297 
298 #if defined(MBEDTLS_ECP_RESTARTABLE)
299 /* Forward declarations */
300 static int ecdsa_verify_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
301                        const unsigned char *hash, size_t hash_len,
302                        const unsigned char *sig, size_t sig_len,
303                        void *rs_ctx );
304 
305 static int ecdsa_sign_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
306                    const unsigned char *hash, size_t hash_len,
307                    unsigned char *sig, size_t *sig_len,
308                    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
309                    void *rs_ctx );
310 
311 /*
312  * Restart context for ECDSA operations with ECKEY context
313  *
314  * We need to store an actual ECDSA context, as we need to pass the same to
315  * the underlying ecdsa function, so we can't create it on the fly every time.
316  */
317 typedef struct
318 {
319     mbedtls_ecdsa_restart_ctx ecdsa_rs;
320     mbedtls_ecdsa_context ecdsa_ctx;
321 } eckey_restart_ctx;
322 
323 static void *eckey_rs_alloc( void )
324 {
325     eckey_restart_ctx *rs_ctx;
326 
327     void *ctx = mbedtls_calloc( 1, sizeof( eckey_restart_ctx ) );
328 
329     if( ctx != NULL )
330     {
331         rs_ctx = ctx;
332         mbedtls_ecdsa_restart_init( &rs_ctx->ecdsa_rs );
333         mbedtls_ecdsa_init( &rs_ctx->ecdsa_ctx );
334     }
335 
336     return( ctx );
337 }
338 
339 static void eckey_rs_free( void *ctx )
340 {
341     eckey_restart_ctx *rs_ctx;
342 
343     if( ctx == NULL)
344         return;
345 
346     rs_ctx = ctx;
347     mbedtls_ecdsa_restart_free( &rs_ctx->ecdsa_rs );
348     mbedtls_ecdsa_free( &rs_ctx->ecdsa_ctx );
349 
350     mbedtls_free( ctx );
351 }
352 
353 static int eckey_verify_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
354                        const unsigned char *hash, size_t hash_len,
355                        const unsigned char *sig, size_t sig_len,
356                        void *rs_ctx )
357 {
358     int ret;
359     eckey_restart_ctx *rs = rs_ctx;
360 
361     /* Should never happen */
362     if( rs == NULL )
363         return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
364 
365     /* set up our own sub-context if needed (that is, on first run) */
366     if( rs->ecdsa_ctx.grp.pbits == 0 )
367         MBEDTLS_MPI_CHK( mbedtls_ecdsa_from_keypair( &rs->ecdsa_ctx, ctx ) );
368 
369     MBEDTLS_MPI_CHK( ecdsa_verify_rs_wrap( &rs->ecdsa_ctx,
370                                            md_alg, hash, hash_len,
371                                            sig, sig_len, &rs->ecdsa_rs ) );
372 
373 cleanup:
374     return( ret );
375 }
376 
377 static int eckey_sign_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
378                    const unsigned char *hash, size_t hash_len,
379                    unsigned char *sig, size_t *sig_len,
380                    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
381                        void *rs_ctx )
382 {
383     int ret;
384     eckey_restart_ctx *rs = rs_ctx;
385 
386     /* Should never happen */
387     if( rs == NULL )
388         return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
389 
390     /* set up our own sub-context if needed (that is, on first run) */
391     if( rs->ecdsa_ctx.grp.pbits == 0 )
392         MBEDTLS_MPI_CHK( mbedtls_ecdsa_from_keypair( &rs->ecdsa_ctx, ctx ) );
393 
394     MBEDTLS_MPI_CHK( ecdsa_sign_rs_wrap( &rs->ecdsa_ctx, md_alg,
395                                          hash, hash_len, sig, sig_len,
396                                          f_rng, p_rng, &rs->ecdsa_rs ) );
397 
398 cleanup:
399     return( ret );
400 }
401 #endif /* MBEDTLS_ECP_RESTARTABLE */
402 #endif /* MBEDTLS_ECDSA_C */
403 
404 static int eckey_check_pair( const void *pub, const void *prv )
405 {
406     return( mbedtls_ecp_check_pub_priv( (const mbedtls_ecp_keypair *) pub,
407                                 (const mbedtls_ecp_keypair *) prv ) );
408 }
409 
410 static void *eckey_alloc_wrap( void )
411 {
412     void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ecp_keypair ) );
413 
414     if( ctx != NULL )
415         mbedtls_ecp_keypair_init( ctx );
416 
417     return( ctx );
418 }
419 
420 static void eckey_free_wrap( void *ctx )
421 {
422     mbedtls_ecp_keypair_free( (mbedtls_ecp_keypair *) ctx );
423     mbedtls_free( ctx );
424 }
425 
426 static void eckey_debug( const void *ctx, mbedtls_pk_debug_item *items )
427 {
428     items->type = MBEDTLS_PK_DEBUG_ECP;
429     items->name = "eckey.Q";
430     items->value = &( ((mbedtls_ecp_keypair *) ctx)->Q );
431 }
432 
433 const mbedtls_pk_info_t mbedtls_eckey_info = {
434     MBEDTLS_PK_ECKEY,
435     "EC",
436     eckey_get_bitlen,
437     eckey_can_do,
438 #if defined(MBEDTLS_ECDSA_C)
439     eckey_verify_wrap,
440     eckey_sign_wrap,
441 #if defined(MBEDTLS_ECP_RESTARTABLE)
442     eckey_verify_rs_wrap,
443     eckey_sign_rs_wrap,
444 #endif
445 #else /* MBEDTLS_ECDSA_C */
446     NULL,
447     NULL,
448 #endif /* MBEDTLS_ECDSA_C */
449     NULL,
450     NULL,
451     eckey_check_pair,
452     eckey_alloc_wrap,
453     eckey_free_wrap,
454 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
455     eckey_rs_alloc,
456     eckey_rs_free,
457 #endif
458     eckey_debug,
459 };
460 
461 /*
462  * EC key restricted to ECDH
463  */
464 static int eckeydh_can_do( mbedtls_pk_type_t type )
465 {
466     return( type == MBEDTLS_PK_ECKEY ||
467             type == MBEDTLS_PK_ECKEY_DH );
468 }
469 
470 const mbedtls_pk_info_t mbedtls_eckeydh_info = {
471     MBEDTLS_PK_ECKEY_DH,
472     "EC_DH",
473     eckey_get_bitlen,         /* Same underlying key structure */
474     eckeydh_can_do,
475     NULL,
476     NULL,
477 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
478     NULL,
479     NULL,
480 #endif
481     NULL,
482     NULL,
483     eckey_check_pair,
484     eckey_alloc_wrap,       /* Same underlying key structure */
485     eckey_free_wrap,        /* Same underlying key structure */
486 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
487     NULL,
488     NULL,
489 #endif
490     eckey_debug,            /* Same underlying key structure */
491 };
492 #endif /* MBEDTLS_ECP_C */
493 
494 #if defined(MBEDTLS_ECDSA_C)
495 static int ecdsa_can_do( mbedtls_pk_type_t type )
496 {
497     return( type == MBEDTLS_PK_ECDSA );
498 }
499 
500 static int ecdsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
501                        const unsigned char *hash, size_t hash_len,
502                        const unsigned char *sig, size_t sig_len )
503 {
504     int ret;
505     ((void) md_alg);
506 
507     ret = mbedtls_ecdsa_read_signature( (mbedtls_ecdsa_context *) ctx,
508                                 hash, hash_len, sig, sig_len );
509 
510     if( ret == MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH )
511         return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );
512 
513     return( ret );
514 }
515 
516 static int ecdsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
517                    const unsigned char *hash, size_t hash_len,
518                    unsigned char *sig, size_t *sig_len,
519                    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
520 {
521     return( mbedtls_ecdsa_write_signature( (mbedtls_ecdsa_context *) ctx,
522                 md_alg, hash, hash_len, sig, sig_len, f_rng, p_rng ) );
523 }
524 
525 #if defined(MBEDTLS_ECP_RESTARTABLE)
526 static int ecdsa_verify_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
527                        const unsigned char *hash, size_t hash_len,
528                        const unsigned char *sig, size_t sig_len,
529                        void *rs_ctx )
530 {
531     int ret;
532     ((void) md_alg);
533 
534     ret = mbedtls_ecdsa_read_signature_restartable(
535             (mbedtls_ecdsa_context *) ctx,
536             hash, hash_len, sig, sig_len,
537             (mbedtls_ecdsa_restart_ctx *) rs_ctx );
538 
539     if( ret == MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH )
540         return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );
541 
542     return( ret );
543 }
544 
545 static int ecdsa_sign_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
546                    const unsigned char *hash, size_t hash_len,
547                    unsigned char *sig, size_t *sig_len,
548                    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
549                    void *rs_ctx )
550 {
551     return( mbedtls_ecdsa_write_signature_restartable(
552                 (mbedtls_ecdsa_context *) ctx,
553                 md_alg, hash, hash_len, sig, sig_len, f_rng, p_rng,
554                 (mbedtls_ecdsa_restart_ctx *) rs_ctx ) );
555 
556 }
557 #endif /* MBEDTLS_ECP_RESTARTABLE */
558 
559 static void *ecdsa_alloc_wrap( void )
560 {
561     void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ecdsa_context ) );
562 
563     if( ctx != NULL )
564         mbedtls_ecdsa_init( (mbedtls_ecdsa_context *) ctx );
565 
566     return( ctx );
567 }
568 
569 static void ecdsa_free_wrap( void *ctx )
570 {
571     mbedtls_ecdsa_free( (mbedtls_ecdsa_context *) ctx );
572     mbedtls_free( ctx );
573 }
574 
575 #if defined(MBEDTLS_ECP_RESTARTABLE)
576 static void *ecdsa_rs_alloc( void )
577 {
578     void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ecdsa_restart_ctx ) );
579 
580     if( ctx != NULL )
581         mbedtls_ecdsa_restart_init( ctx );
582 
583     return( ctx );
584 }
585 
586 static void ecdsa_rs_free( void *ctx )
587 {
588     mbedtls_ecdsa_restart_free( ctx );
589     mbedtls_free( ctx );
590 }
591 #endif /* MBEDTLS_ECP_RESTARTABLE */
592 
593 const mbedtls_pk_info_t mbedtls_ecdsa_info = {
594     MBEDTLS_PK_ECDSA,
595     "ECDSA",
596     eckey_get_bitlen,     /* Compatible key structures */
597     ecdsa_can_do,
598     ecdsa_verify_wrap,
599     ecdsa_sign_wrap,
600 #if defined(MBEDTLS_ECP_RESTARTABLE)
601     ecdsa_verify_rs_wrap,
602     ecdsa_sign_rs_wrap,
603 #endif
604     NULL,
605     NULL,
606     eckey_check_pair,   /* Compatible key structures */
607     ecdsa_alloc_wrap,
608     ecdsa_free_wrap,
609 #if defined(MBEDTLS_ECP_RESTARTABLE)
610     ecdsa_rs_alloc,
611     ecdsa_rs_free,
612 #endif
613     eckey_debug,        /* Compatible key structures */
614 };
615 #endif /* MBEDTLS_ECDSA_C */
616 
617 #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
618 /*
619  * Support for alternative RSA-private implementations
620  */
621 
622 static int rsa_alt_can_do( mbedtls_pk_type_t type )
623 {
624     return( type == MBEDTLS_PK_RSA );
625 }
626 
627 static size_t rsa_alt_get_bitlen( const void *ctx )
628 {
629     const mbedtls_rsa_alt_context *rsa_alt = (const mbedtls_rsa_alt_context *) ctx;
630 
631     return( 8 * rsa_alt->key_len_func( rsa_alt->key ) );
632 }
633 
634 static int rsa_alt_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
635                    const unsigned char *hash, size_t hash_len,
636                    unsigned char *sig, size_t *sig_len,
637                    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
638 {
639     mbedtls_rsa_alt_context *rsa_alt = (mbedtls_rsa_alt_context *) ctx;
640 
641 #if SIZE_MAX > UINT_MAX
642     if( UINT_MAX < hash_len )
643         return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
644 #endif /* SIZE_MAX > UINT_MAX */
645 
646     *sig_len = rsa_alt->key_len_func( rsa_alt->key );
647 
648     return( rsa_alt->sign_func( rsa_alt->key, f_rng, p_rng, MBEDTLS_RSA_PRIVATE,
649                 md_alg, (unsigned int) hash_len, hash, sig ) );
650 }
651 
652 static int rsa_alt_decrypt_wrap( void *ctx,
653                     const unsigned char *input, size_t ilen,
654                     unsigned char *output, size_t *olen, size_t osize,
655                     int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
656 {
657     mbedtls_rsa_alt_context *rsa_alt = (mbedtls_rsa_alt_context *) ctx;
658 
659     ((void) f_rng);
660     ((void) p_rng);
661 
662     if( ilen != rsa_alt->key_len_func( rsa_alt->key ) )
663         return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
664 
665     return( rsa_alt->decrypt_func( rsa_alt->key,
666                 MBEDTLS_RSA_PRIVATE, olen, input, output, osize ) );
667 }
668 
669 #if defined(MBEDTLS_RSA_C)
670 static int rsa_alt_check_pair( const void *pub, const void *prv )
671 {
672     unsigned char sig[MBEDTLS_MPI_MAX_SIZE];
673     unsigned char hash[32];
674     size_t sig_len = 0;
675     int ret;
676 
677     if( rsa_alt_get_bitlen( prv ) != rsa_get_bitlen( pub ) )
678         return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
679 
680     memset( hash, 0x2a, sizeof( hash ) );
681 
682     if( ( ret = rsa_alt_sign_wrap( (void *) prv, MBEDTLS_MD_NONE,
683                                    hash, sizeof( hash ),
684                                    sig, &sig_len, NULL, NULL ) ) != 0 )
685     {
686         return( ret );
687     }
688 
689     if( rsa_verify_wrap( (void *) pub, MBEDTLS_MD_NONE,
690                          hash, sizeof( hash ), sig, sig_len ) != 0 )
691     {
692         return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
693     }
694 
695     return( 0 );
696 }
697 #endif /* MBEDTLS_RSA_C */
698 
699 static void *rsa_alt_alloc_wrap( void )
700 {
701     void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_rsa_alt_context ) );
702 
703     if( ctx != NULL )
704         memset( ctx, 0, sizeof( mbedtls_rsa_alt_context ) );
705 
706     return( ctx );
707 }
708 
709 static void rsa_alt_free_wrap( void *ctx )
710 {
711     mbedtls_platform_zeroize( ctx, sizeof( mbedtls_rsa_alt_context ) );
712     mbedtls_free( ctx );
713 }
714 
715 const mbedtls_pk_info_t mbedtls_rsa_alt_info = {
716     MBEDTLS_PK_RSA_ALT,
717     "RSA-alt",
718     rsa_alt_get_bitlen,
719     rsa_alt_can_do,
720     NULL,
721     rsa_alt_sign_wrap,
722 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
723     NULL,
724     NULL,
725 #endif
726     rsa_alt_decrypt_wrap,
727     NULL,
728 #if defined(MBEDTLS_RSA_C)
729     rsa_alt_check_pair,
730 #else
731     NULL,
732 #endif
733     rsa_alt_alloc_wrap,
734     rsa_alt_free_wrap,
735 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
736     NULL,
737     NULL,
738 #endif
739     NULL,
740 };
741 
742 #endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
743 
744 #endif /* MBEDTLS_PK_C */
745