1 /* 2 * Public Key abstraction layer 3 * 4 * Copyright The Mbed TLS Contributors 5 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 6 * 7 * This file is provided under the Apache License 2.0, or the 8 * GNU General Public License v2.0 or later. 9 * 10 * ********** 11 * Apache License 2.0: 12 * 13 * Licensed under the Apache License, Version 2.0 (the "License"); you may 14 * not use this file except in compliance with the License. 15 * You may obtain a copy of the License at 16 * 17 * http://www.apache.org/licenses/LICENSE-2.0 18 * 19 * Unless required by applicable law or agreed to in writing, software 20 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 21 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 22 * See the License for the specific language governing permissions and 23 * limitations under the License. 24 * 25 * ********** 26 * 27 * ********** 28 * GNU General Public License v2.0 or later: 29 * 30 * This program is free software; you can redistribute it and/or modify 31 * it under the terms of the GNU General Public License as published by 32 * the Free Software Foundation; either version 2 of the License, or 33 * (at your option) any later version. 34 * 35 * This program is distributed in the hope that it will be useful, 36 * but WITHOUT ANY WARRANTY; without even the implied warranty of 37 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 38 * GNU General Public License for more details. 39 * 40 * You should have received a copy of the GNU General Public License along 41 * with this program; if not, write to the Free Software Foundation, Inc., 42 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 43 * 44 * ********** 45 */ 46 47 #if !defined(MBEDTLS_CONFIG_FILE) 48 #include "mbedtls/config.h" 49 #else 50 #include MBEDTLS_CONFIG_FILE 51 #endif 52 53 #if defined(MBEDTLS_PK_C) 54 #include "mbedtls/pk.h" 55 #include "mbedtls/pk_internal.h" 56 57 #include "mbedtls/platform_util.h" 58 59 #if defined(MBEDTLS_RSA_C) 60 #include "mbedtls/rsa.h" 61 #endif 62 #if defined(MBEDTLS_ECP_C) 63 #include "mbedtls/ecp.h" 64 #endif 65 #if defined(MBEDTLS_ECDSA_C) 66 #include "mbedtls/ecdsa.h" 67 #endif 68 69 #include <limits.h> 70 #include <stdint.h> 71 72 /* Parameter validation macros based on platform_util.h */ 73 #define PK_VALIDATE_RET( cond ) \ 74 MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_PK_BAD_INPUT_DATA ) 75 #define PK_VALIDATE( cond ) \ 76 MBEDTLS_INTERNAL_VALIDATE( cond ) 77 78 /* 79 * Initialise a mbedtls_pk_context 80 */ 81 void mbedtls_pk_init( mbedtls_pk_context *ctx ) 82 { 83 PK_VALIDATE( ctx != NULL ); 84 85 ctx->pk_info = NULL; 86 ctx->pk_ctx = NULL; 87 } 88 89 /* 90 * Free (the components of) a mbedtls_pk_context 91 */ 92 void mbedtls_pk_free( mbedtls_pk_context *ctx ) 93 { 94 if( ctx == NULL ) 95 return; 96 97 if ( ctx->pk_info != NULL ) 98 ctx->pk_info->ctx_free_func( ctx->pk_ctx ); 99 100 mbedtls_platform_zeroize( ctx, sizeof( mbedtls_pk_context ) ); 101 } 102 103 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 104 /* 105 * Initialize a restart context 106 */ 107 void mbedtls_pk_restart_init( mbedtls_pk_restart_ctx *ctx ) 108 { 109 PK_VALIDATE( ctx != NULL ); 110 ctx->pk_info = NULL; 111 ctx->rs_ctx = NULL; 112 } 113 114 /* 115 * Free the components of a restart context 116 */ 117 void mbedtls_pk_restart_free( mbedtls_pk_restart_ctx *ctx ) 118 { 119 if( ctx == NULL || ctx->pk_info == NULL || 120 ctx->pk_info->rs_free_func == NULL ) 121 { 122 return; 123 } 124 125 ctx->pk_info->rs_free_func( ctx->rs_ctx ); 126 127 ctx->pk_info = NULL; 128 ctx->rs_ctx = NULL; 129 } 130 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ 131 132 /* 133 * Get pk_info structure from type 134 */ 135 const mbedtls_pk_info_t * mbedtls_pk_info_from_type( mbedtls_pk_type_t pk_type ) 136 { 137 switch( pk_type ) { 138 #if defined(MBEDTLS_RSA_C) 139 case MBEDTLS_PK_RSA: 140 return( &mbedtls_rsa_info ); 141 #endif 142 #if defined(MBEDTLS_ECP_C) 143 case MBEDTLS_PK_ECKEY: 144 return( &mbedtls_eckey_info ); 145 case MBEDTLS_PK_ECKEY_DH: 146 return( &mbedtls_eckeydh_info ); 147 #endif 148 #if defined(MBEDTLS_ECDSA_C) 149 case MBEDTLS_PK_ECDSA: 150 return( &mbedtls_ecdsa_info ); 151 #endif 152 /* MBEDTLS_PK_RSA_ALT omitted on purpose */ 153 default: 154 return( NULL ); 155 } 156 } 157 158 /* 159 * Initialise context 160 */ 161 int mbedtls_pk_setup( mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info ) 162 { 163 PK_VALIDATE_RET( ctx != NULL ); 164 if( info == NULL || ctx->pk_info != NULL ) 165 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 166 167 if( ( ctx->pk_ctx = info->ctx_alloc_func() ) == NULL ) 168 return( MBEDTLS_ERR_PK_ALLOC_FAILED ); 169 170 ctx->pk_info = info; 171 172 return( 0 ); 173 } 174 175 #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT) 176 /* 177 * Initialize an RSA-alt context 178 */ 179 int mbedtls_pk_setup_rsa_alt( mbedtls_pk_context *ctx, void * key, 180 mbedtls_pk_rsa_alt_decrypt_func decrypt_func, 181 mbedtls_pk_rsa_alt_sign_func sign_func, 182 mbedtls_pk_rsa_alt_key_len_func key_len_func ) 183 { 184 mbedtls_rsa_alt_context *rsa_alt; 185 const mbedtls_pk_info_t *info = &mbedtls_rsa_alt_info; 186 187 PK_VALIDATE_RET( ctx != NULL ); 188 if( ctx->pk_info != NULL ) 189 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 190 191 if( ( ctx->pk_ctx = info->ctx_alloc_func() ) == NULL ) 192 return( MBEDTLS_ERR_PK_ALLOC_FAILED ); 193 194 ctx->pk_info = info; 195 196 rsa_alt = (mbedtls_rsa_alt_context *) ctx->pk_ctx; 197 198 rsa_alt->key = key; 199 rsa_alt->decrypt_func = decrypt_func; 200 rsa_alt->sign_func = sign_func; 201 rsa_alt->key_len_func = key_len_func; 202 203 return( 0 ); 204 } 205 #endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */ 206 207 /* 208 * Tell if a PK can do the operations of the given type 209 */ 210 int mbedtls_pk_can_do( const mbedtls_pk_context *ctx, mbedtls_pk_type_t type ) 211 { 212 /* A context with null pk_info is not set up yet and can't do anything. 213 * For backward compatibility, also accept NULL instead of a context 214 * pointer. */ 215 if( ctx == NULL || ctx->pk_info == NULL ) 216 return( 0 ); 217 218 return( ctx->pk_info->can_do( type ) ); 219 } 220 221 /* 222 * Helper for mbedtls_pk_sign and mbedtls_pk_verify 223 */ 224 static inline int pk_hashlen_helper( mbedtls_md_type_t md_alg, size_t *hash_len ) 225 { 226 const mbedtls_md_info_t *md_info; 227 228 if( *hash_len != 0 && md_alg == MBEDTLS_MD_NONE ) 229 return( 0 ); 230 231 if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) == NULL ) 232 return( -1 ); 233 234 if ( *hash_len != 0 && *hash_len < mbedtls_md_get_size( md_info ) ) 235 return ( -1 ); 236 237 *hash_len = mbedtls_md_get_size( md_info ); 238 return( 0 ); 239 } 240 241 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 242 /* 243 * Helper to set up a restart context if needed 244 */ 245 static int pk_restart_setup( mbedtls_pk_restart_ctx *ctx, 246 const mbedtls_pk_info_t *info ) 247 { 248 /* Don't do anything if already set up or invalid */ 249 if( ctx == NULL || ctx->pk_info != NULL ) 250 return( 0 ); 251 252 /* Should never happen when we're called */ 253 if( info->rs_alloc_func == NULL || info->rs_free_func == NULL ) 254 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 255 256 if( ( ctx->rs_ctx = info->rs_alloc_func() ) == NULL ) 257 return( MBEDTLS_ERR_PK_ALLOC_FAILED ); 258 259 ctx->pk_info = info; 260 261 return( 0 ); 262 } 263 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ 264 265 /* 266 * Verify a signature (restartable) 267 */ 268 int mbedtls_pk_verify_restartable( mbedtls_pk_context *ctx, 269 mbedtls_md_type_t md_alg, 270 const unsigned char *hash, size_t hash_len, 271 const unsigned char *sig, size_t sig_len, 272 mbedtls_pk_restart_ctx *rs_ctx ) 273 { 274 PK_VALIDATE_RET( ctx != NULL ); 275 PK_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hash_len == 0 ) || 276 hash != NULL ); 277 PK_VALIDATE_RET( sig != NULL ); 278 279 if( ctx->pk_info == NULL || 280 pk_hashlen_helper( md_alg, &hash_len ) != 0 ) 281 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 282 283 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 284 /* optimization: use non-restartable version if restart disabled */ 285 if( rs_ctx != NULL && 286 mbedtls_ecp_restart_is_enabled() && 287 ctx->pk_info->verify_rs_func != NULL ) 288 { 289 int ret; 290 291 if( ( ret = pk_restart_setup( rs_ctx, ctx->pk_info ) ) != 0 ) 292 return( ret ); 293 294 ret = ctx->pk_info->verify_rs_func( ctx->pk_ctx, 295 md_alg, hash, hash_len, sig, sig_len, rs_ctx->rs_ctx ); 296 297 if( ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) 298 mbedtls_pk_restart_free( rs_ctx ); 299 300 return( ret ); 301 } 302 #else /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ 303 (void) rs_ctx; 304 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ 305 306 if( ctx->pk_info->verify_func == NULL ) 307 return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); 308 309 return( ctx->pk_info->verify_func( ctx->pk_ctx, md_alg, hash, hash_len, 310 sig, sig_len ) ); 311 } 312 313 /* 314 * Verify a signature 315 */ 316 int mbedtls_pk_verify( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, 317 const unsigned char *hash, size_t hash_len, 318 const unsigned char *sig, size_t sig_len ) 319 { 320 return( mbedtls_pk_verify_restartable( ctx, md_alg, hash, hash_len, 321 sig, sig_len, NULL ) ); 322 } 323 324 /* 325 * Verify a signature with options 326 */ 327 int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options, 328 mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, 329 const unsigned char *hash, size_t hash_len, 330 const unsigned char *sig, size_t sig_len ) 331 { 332 PK_VALIDATE_RET( ctx != NULL ); 333 PK_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hash_len == 0 ) || 334 hash != NULL ); 335 PK_VALIDATE_RET( sig != NULL ); 336 337 if( ctx->pk_info == NULL ) 338 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 339 340 if( ! mbedtls_pk_can_do( ctx, type ) ) 341 return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); 342 343 if( type == MBEDTLS_PK_RSASSA_PSS ) 344 { 345 #if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PKCS1_V21) 346 int ret; 347 const mbedtls_pk_rsassa_pss_options *pss_opts; 348 349 #if SIZE_MAX > UINT_MAX 350 if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len ) 351 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 352 #endif /* SIZE_MAX > UINT_MAX */ 353 354 if( options == NULL ) 355 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 356 357 pss_opts = (const mbedtls_pk_rsassa_pss_options *) options; 358 359 if( sig_len < mbedtls_pk_get_len( ctx ) ) 360 return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); 361 362 ret = mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_pk_rsa( *ctx ), 363 NULL, NULL, MBEDTLS_RSA_PUBLIC, 364 md_alg, (unsigned int) hash_len, hash, 365 pss_opts->mgf1_hash_id, 366 pss_opts->expected_salt_len, 367 sig ); 368 if( ret != 0 ) 369 return( ret ); 370 371 if( sig_len > mbedtls_pk_get_len( ctx ) ) 372 return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH ); 373 374 return( 0 ); 375 #else 376 return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); 377 #endif /* MBEDTLS_RSA_C && MBEDTLS_PKCS1_V21 */ 378 } 379 380 /* General case: no options */ 381 if( options != NULL ) 382 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 383 384 return( mbedtls_pk_verify( ctx, md_alg, hash, hash_len, sig, sig_len ) ); 385 } 386 387 /* 388 * Make a signature (restartable) 389 */ 390 int mbedtls_pk_sign_restartable( mbedtls_pk_context *ctx, 391 mbedtls_md_type_t md_alg, 392 const unsigned char *hash, size_t hash_len, 393 unsigned char *sig, size_t *sig_len, 394 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, 395 mbedtls_pk_restart_ctx *rs_ctx ) 396 { 397 PK_VALIDATE_RET( ctx != NULL ); 398 PK_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hash_len == 0 ) || 399 hash != NULL ); 400 PK_VALIDATE_RET( sig != NULL ); 401 402 if( ctx->pk_info == NULL || 403 pk_hashlen_helper( md_alg, &hash_len ) != 0 ) 404 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 405 406 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 407 /* optimization: use non-restartable version if restart disabled */ 408 if( rs_ctx != NULL && 409 mbedtls_ecp_restart_is_enabled() && 410 ctx->pk_info->sign_rs_func != NULL ) 411 { 412 int ret; 413 414 if( ( ret = pk_restart_setup( rs_ctx, ctx->pk_info ) ) != 0 ) 415 return( ret ); 416 417 ret = ctx->pk_info->sign_rs_func( ctx->pk_ctx, md_alg, 418 hash, hash_len, sig, sig_len, f_rng, p_rng, rs_ctx->rs_ctx ); 419 420 if( ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) 421 mbedtls_pk_restart_free( rs_ctx ); 422 423 return( ret ); 424 } 425 #else /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ 426 (void) rs_ctx; 427 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ 428 429 if( ctx->pk_info->sign_func == NULL ) 430 return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); 431 432 return( ctx->pk_info->sign_func( ctx->pk_ctx, md_alg, hash, hash_len, 433 sig, sig_len, f_rng, p_rng ) ); 434 } 435 436 /* 437 * Make a signature 438 */ 439 int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, 440 const unsigned char *hash, size_t hash_len, 441 unsigned char *sig, size_t *sig_len, 442 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) 443 { 444 return( mbedtls_pk_sign_restartable( ctx, md_alg, hash, hash_len, 445 sig, sig_len, f_rng, p_rng, NULL ) ); 446 } 447 448 /* 449 * Decrypt message 450 */ 451 int mbedtls_pk_decrypt( mbedtls_pk_context *ctx, 452 const unsigned char *input, size_t ilen, 453 unsigned char *output, size_t *olen, size_t osize, 454 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) 455 { 456 PK_VALIDATE_RET( ctx != NULL ); 457 PK_VALIDATE_RET( input != NULL || ilen == 0 ); 458 PK_VALIDATE_RET( output != NULL || osize == 0 ); 459 PK_VALIDATE_RET( olen != NULL ); 460 461 if( ctx->pk_info == NULL ) 462 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 463 464 if( ctx->pk_info->decrypt_func == NULL ) 465 return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); 466 467 return( ctx->pk_info->decrypt_func( ctx->pk_ctx, input, ilen, 468 output, olen, osize, f_rng, p_rng ) ); 469 } 470 471 /* 472 * Encrypt message 473 */ 474 int mbedtls_pk_encrypt( mbedtls_pk_context *ctx, 475 const unsigned char *input, size_t ilen, 476 unsigned char *output, size_t *olen, size_t osize, 477 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) 478 { 479 PK_VALIDATE_RET( ctx != NULL ); 480 PK_VALIDATE_RET( input != NULL || ilen == 0 ); 481 PK_VALIDATE_RET( output != NULL || osize == 0 ); 482 PK_VALIDATE_RET( olen != NULL ); 483 484 if( ctx->pk_info == NULL ) 485 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 486 487 if( ctx->pk_info->encrypt_func == NULL ) 488 return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); 489 490 return( ctx->pk_info->encrypt_func( ctx->pk_ctx, input, ilen, 491 output, olen, osize, f_rng, p_rng ) ); 492 } 493 494 /* 495 * Check public-private key pair 496 */ 497 int mbedtls_pk_check_pair( const mbedtls_pk_context *pub, const mbedtls_pk_context *prv ) 498 { 499 PK_VALIDATE_RET( pub != NULL ); 500 PK_VALIDATE_RET( prv != NULL ); 501 502 if( pub->pk_info == NULL || 503 prv->pk_info == NULL || 504 prv->pk_info->check_pair_func == NULL ) 505 { 506 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 507 } 508 509 if( prv->pk_info->type == MBEDTLS_PK_RSA_ALT ) 510 { 511 if( pub->pk_info->type != MBEDTLS_PK_RSA ) 512 return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); 513 } 514 else 515 { 516 if( pub->pk_info != prv->pk_info ) 517 return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); 518 } 519 520 return( prv->pk_info->check_pair_func( pub->pk_ctx, prv->pk_ctx ) ); 521 } 522 523 /* 524 * Get key size in bits 525 */ 526 size_t mbedtls_pk_get_bitlen( const mbedtls_pk_context *ctx ) 527 { 528 /* For backward compatibility, accept NULL or a context that 529 * isn't set up yet, and return a fake value that should be safe. */ 530 if( ctx == NULL || ctx->pk_info == NULL ) 531 return( 0 ); 532 533 return( ctx->pk_info->get_bitlen( ctx->pk_ctx ) ); 534 } 535 536 /* 537 * Export debug information 538 */ 539 int mbedtls_pk_debug( const mbedtls_pk_context *ctx, mbedtls_pk_debug_item *items ) 540 { 541 PK_VALIDATE_RET( ctx != NULL ); 542 if( ctx->pk_info == NULL ) 543 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 544 545 if( ctx->pk_info->debug_func == NULL ) 546 return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); 547 548 ctx->pk_info->debug_func( ctx->pk_ctx, items ); 549 return( 0 ); 550 } 551 552 /* 553 * Access the PK type name 554 */ 555 const char *mbedtls_pk_get_name( const mbedtls_pk_context *ctx ) 556 { 557 if( ctx == NULL || ctx->pk_info == NULL ) 558 return( "invalid PK" ); 559 560 return( ctx->pk_info->name ); 561 } 562 563 /* 564 * Access the PK type 565 */ 566 mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx ) 567 { 568 if( ctx == NULL || ctx->pk_info == NULL ) 569 return( MBEDTLS_PK_NONE ); 570 571 return( ctx->pk_info->type ); 572 } 573 574 #endif /* MBEDTLS_PK_C */ 575