TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / OP-TEE / optee_os / d3aa2143a9aa349b52b93d918347a8db9d801748 / . / lib / libmbedtls / mbedtls / library / pk_wrap.c
blob: db6274cbf9e3447e0c70025fabd94355d4215178 [file] [log] [blame]
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1/*
2 * Public Key abstraction layer: wrapper functions
3 *
4 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
5 * SPDX-License-Identifier: Apache-2.0
6 *
7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
8 * not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 *
19 * This file is part of mbed TLS (https://tls.mbed.org)
20 */
21
22#if !defined(MBEDTLS_CONFIG_FILE)
23#include "mbedtls/config.h"
24#else
25#include MBEDTLS_CONFIG_FILE
26#endif
27
28#if defined(MBEDTLS_PK_C)
29#include "mbedtls/pk_internal.h"
30
31/* Even if RSA not activated, for the sake of RSA-alt */
32#include "mbedtls/rsa.h"
33#include "mbedtls/bignum.h"
34
35#include <string.h>
36
37#if defined(MBEDTLS_ECP_C)
38#include "mbedtls/ecp.h"
39#endif
40
41#if defined(MBEDTLS_ECDSA_C)
42#include "mbedtls/ecdsa.h"
43#endif
44
45#if defined(MBEDTLS_PLATFORM_C)
46#include "mbedtls/platform.h"
47#else
48#include <stdlib.h>
49#define mbedtls_calloc calloc
50#define mbedtls_free free
51#endif
52
53#include <limits.h>
54
55#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
56/* Implementation that should never be optimized out by the compiler */
57static void mbedtls_zeroize( void *v, size_t n ) {
58 volatile unsigned char *p = v; while( n-- ) *p++ = 0;
59}
60#endif
61
62#if defined(MBEDTLS_RSA_C)
63static int rsa_can_do( mbedtls_pk_type_t type )
64{
65 return( type == MBEDTLS_PK_RSA ||
66 type == MBEDTLS_PK_RSASSA_PSS );
67}
68
69static size_t rsa_get_bitlen( const void *ctx )
70{
71 return( 8 * ((const mbedtls_rsa_context *) ctx)->len );
72}
73
74static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
75 const unsigned char *hash, size_t hash_len,
76 const unsigned char *sig, size_t sig_len )
77{
78 int ret;
79
80#if defined(MBEDTLS_HAVE_INT64)
81 if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len )
82 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
83#endif /* MBEDTLS_HAVE_INT64 */
84
85 if( sig_len < ((mbedtls_rsa_context *) ctx)->len )
86 return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
87
88 if( ( ret = mbedtls_rsa_pkcs1_verify( (mbedtls_rsa_context *) ctx, NULL, NULL,
89 MBEDTLS_RSA_PUBLIC, md_alg,
90 (unsigned int) hash_len, hash, sig ) ) != 0 )
91 return( ret );
92
93 if( sig_len > ((mbedtls_rsa_context *) ctx)->len )
94 return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );
95
96 return( 0 );
97}
98
99static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
100 const unsigned char *hash, size_t hash_len,
101 unsigned char *sig, size_t *sig_len,
102 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
103{
104#if defined(MBEDTLS_HAVE_INT64)
105 if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len )
106 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
107#endif /* MBEDTLS_HAVE_INT64 */
108
109 *sig_len = ((mbedtls_rsa_context *) ctx)->len;
110
111 return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx, f_rng, p_rng, MBEDTLS_RSA_PRIVATE,
112 md_alg, (unsigned int) hash_len, hash, sig ) );
113}
114
115static int rsa_decrypt_wrap( void *ctx,
116 const unsigned char *input, size_t ilen,
117 unsigned char *output, size_t *olen, size_t osize,
118 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
119{
120 if( ilen != ((mbedtls_rsa_context *) ctx)->len )
121 return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
122
123 return( mbedtls_rsa_pkcs1_decrypt( (mbedtls_rsa_context *) ctx, f_rng, p_rng,
124 MBEDTLS_RSA_PRIVATE, olen, input, output, osize ) );
125}
126
127static int rsa_encrypt_wrap( void *ctx,
128 const unsigned char *input, size_t ilen,
129 unsigned char *output, size_t *olen, size_t osize,
130 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
131{
132 *olen = ((mbedtls_rsa_context *) ctx)->len;
133
134 if( *olen > osize )
135 return( MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE );
136
137 return( mbedtls_rsa_pkcs1_encrypt( (mbedtls_rsa_context *) ctx,
138 f_rng, p_rng, MBEDTLS_RSA_PUBLIC, ilen, input, output ) );
139}
140
141static int rsa_check_pair_wrap( const void *pub, const void *prv )
142{
143 return( mbedtls_rsa_check_pub_priv( (const mbedtls_rsa_context *) pub,
144 (const mbedtls_rsa_context *) prv ) );
145}
146
147static void *rsa_alloc_wrap( void )
148{
149 void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_rsa_context ) );
150
151 if( ctx != NULL )
152 mbedtls_rsa_init( (mbedtls_rsa_context *) ctx, 0, 0 );
153
154 return( ctx );
155}
156
157static void rsa_free_wrap( void *ctx )
158{
159 mbedtls_rsa_free( (mbedtls_rsa_context *) ctx );
160 mbedtls_free( ctx );
161}
162
163static void rsa_debug( const void *ctx, mbedtls_pk_debug_item *items )
164{
165 items->type = MBEDTLS_PK_DEBUG_MPI;
166 items->name = "rsa.N";
167 items->value = &( ((mbedtls_rsa_context *) ctx)->N );
168
169 items++;
170
171 items->type = MBEDTLS_PK_DEBUG_MPI;
172 items->name = "rsa.E";
173 items->value = &( ((mbedtls_rsa_context *) ctx)->E );
174}
175
176const mbedtls_pk_info_t mbedtls_rsa_info = {
177 MBEDTLS_PK_RSA,
178 "RSA",
179 rsa_get_bitlen,
180 rsa_can_do,
181 rsa_verify_wrap,
182 rsa_sign_wrap,
183 rsa_decrypt_wrap,
184 rsa_encrypt_wrap,
185 rsa_check_pair_wrap,
186 rsa_alloc_wrap,
187 rsa_free_wrap,
188 rsa_debug,
189};
190#endif /* MBEDTLS_RSA_C */
191
192#if defined(MBEDTLS_ECP_C)
193/*
194 * Generic EC key
195 */
196static int eckey_can_do( mbedtls_pk_type_t type )
197{
198 return( type == MBEDTLS_PK_ECKEY ||
199 type == MBEDTLS_PK_ECKEY_DH ||
200 type == MBEDTLS_PK_ECDSA );
201}
202
203static size_t eckey_get_bitlen( const void *ctx )
204{
205 return( ((mbedtls_ecp_keypair *) ctx)->grp.pbits );
206}
207
208#if defined(MBEDTLS_ECDSA_C)
209/* Forward declarations */
210static int ecdsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
211 const unsigned char *hash, size_t hash_len,
212 const unsigned char *sig, size_t sig_len );
213
214static int ecdsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
215 const unsigned char *hash, size_t hash_len,
216 unsigned char *sig, size_t *sig_len,
217 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
218
219static int eckey_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
220 const unsigned char *hash, size_t hash_len,
221 const unsigned char *sig, size_t sig_len )
222{
223 int ret;
224 mbedtls_ecdsa_context ecdsa;
225
226 mbedtls_ecdsa_init( &ecdsa );
227
228 if( ( ret = mbedtls_ecdsa_from_keypair( &ecdsa, ctx ) ) == 0 )
229 ret = ecdsa_verify_wrap( &ecdsa, md_alg, hash, hash_len, sig, sig_len );
230
231 mbedtls_ecdsa_free( &ecdsa );
232
233 return( ret );
234}
235
236static int eckey_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
237 const unsigned char *hash, size_t hash_len,
238 unsigned char *sig, size_t *sig_len,
239 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
240{
241 int ret;
242 mbedtls_ecdsa_context ecdsa;
243
244 mbedtls_ecdsa_init( &ecdsa );
245
246 if( ( ret = mbedtls_ecdsa_from_keypair( &ecdsa, ctx ) ) == 0 )
247 ret = ecdsa_sign_wrap( &ecdsa, md_alg, hash, hash_len, sig, sig_len,
248 f_rng, p_rng );
249
250 mbedtls_ecdsa_free( &ecdsa );
251
252 return( ret );
253}
254
255#endif /* MBEDTLS_ECDSA_C */
256
257static int eckey_check_pair( const void *pub, const void *prv )
258{
259 return( mbedtls_ecp_check_pub_priv( (const mbedtls_ecp_keypair *) pub,
260 (const mbedtls_ecp_keypair *) prv ) );
261}
262
263static void *eckey_alloc_wrap( void )
264{
265 void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ecp_keypair ) );
266
267 if( ctx != NULL )
268 mbedtls_ecp_keypair_init( ctx );
269
270 return( ctx );
271}
272
273static void eckey_free_wrap( void *ctx )
274{
275 mbedtls_ecp_keypair_free( (mbedtls_ecp_keypair *) ctx );
276 mbedtls_free( ctx );
277}
278
279static void eckey_debug( const void *ctx, mbedtls_pk_debug_item *items )
280{
281 items->type = MBEDTLS_PK_DEBUG_ECP;
282 items->name = "eckey.Q";
283 items->value = &( ((mbedtls_ecp_keypair *) ctx)->Q );
284}
285
286const mbedtls_pk_info_t mbedtls_eckey_info = {
287 MBEDTLS_PK_ECKEY,
288 "EC",
289 eckey_get_bitlen,
290 eckey_can_do,
291#if defined(MBEDTLS_ECDSA_C)
292 eckey_verify_wrap,
293 eckey_sign_wrap,
294#else
295 NULL,
296 NULL,
297#endif
298 NULL,
299 NULL,
300 eckey_check_pair,
301 eckey_alloc_wrap,
302 eckey_free_wrap,
303 eckey_debug,
304};
305
306/*
307 * EC key restricted to ECDH
308 */
309static int eckeydh_can_do( mbedtls_pk_type_t type )
310{
311 return( type == MBEDTLS_PK_ECKEY ||
312 type == MBEDTLS_PK_ECKEY_DH );
313}
314
315const mbedtls_pk_info_t mbedtls_eckeydh_info = {
316 MBEDTLS_PK_ECKEY_DH,
317 "EC_DH",
318 eckey_get_bitlen, /* Same underlying key structure */
319 eckeydh_can_do,
320 NULL,
321 NULL,
322 NULL,
323 NULL,
324 eckey_check_pair,
325 eckey_alloc_wrap, /* Same underlying key structure */
326 eckey_free_wrap, /* Same underlying key structure */
327 eckey_debug, /* Same underlying key structure */
328};
329#endif /* MBEDTLS_ECP_C */
330
331#if defined(MBEDTLS_ECDSA_C)
332static int ecdsa_can_do( mbedtls_pk_type_t type )
333{
334 return( type == MBEDTLS_PK_ECDSA );
335}
336
337static int ecdsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
338 const unsigned char *hash, size_t hash_len,
339 const unsigned char *sig, size_t sig_len )
340{
341 int ret;
342 ((void) md_alg);
343
344 ret = mbedtls_ecdsa_read_signature( (mbedtls_ecdsa_context *) ctx,
345 hash, hash_len, sig, sig_len );
346
347 if( ret == MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH )
348 return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );
349
350 return( ret );
351}
352
353static int ecdsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
354 const unsigned char *hash, size_t hash_len,
355 unsigned char *sig, size_t *sig_len,
356 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
357{
358 return( mbedtls_ecdsa_write_signature( (mbedtls_ecdsa_context *) ctx,
359 md_alg, hash, hash_len, sig, sig_len, f_rng, p_rng ) );
360}
361
362static void *ecdsa_alloc_wrap( void )
363{
364 void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ecdsa_context ) );
365
366 if( ctx != NULL )
367 mbedtls_ecdsa_init( (mbedtls_ecdsa_context *) ctx );
368
369 return( ctx );
370}
371
372static void ecdsa_free_wrap( void *ctx )
373{
374 mbedtls_ecdsa_free( (mbedtls_ecdsa_context *) ctx );
375 mbedtls_free( ctx );
376}
377
378const mbedtls_pk_info_t mbedtls_ecdsa_info = {
379 MBEDTLS_PK_ECDSA,
380 "ECDSA",
381 eckey_get_bitlen, /* Compatible key structures */
382 ecdsa_can_do,
383 ecdsa_verify_wrap,
384 ecdsa_sign_wrap,
385 NULL,
386 NULL,
387 eckey_check_pair, /* Compatible key structures */
388 ecdsa_alloc_wrap,
389 ecdsa_free_wrap,
390 eckey_debug, /* Compatible key structures */
391};
392#endif /* MBEDTLS_ECDSA_C */
393
394#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
395/*
396 * Support for alternative RSA-private implementations
397 */
398
399static int rsa_alt_can_do( mbedtls_pk_type_t type )
400{
401 return( type == MBEDTLS_PK_RSA );
402}
403
404static size_t rsa_alt_get_bitlen( const void *ctx )
405{
406 const mbedtls_rsa_alt_context *rsa_alt = (const mbedtls_rsa_alt_context *) ctx;
407
408 return( 8 * rsa_alt->key_len_func( rsa_alt->key ) );
409}
410
411static int rsa_alt_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
412 const unsigned char *hash, size_t hash_len,
413 unsigned char *sig, size_t *sig_len,
414 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
415{
416 mbedtls_rsa_alt_context *rsa_alt = (mbedtls_rsa_alt_context *) ctx;
417
418#if defined(MBEDTLS_HAVE_INT64)
419 if( UINT_MAX < hash_len )
420 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
421#endif /* MBEDTLS_HAVE_INT64 */
422
423 *sig_len = rsa_alt->key_len_func( rsa_alt->key );
424
425 return( rsa_alt->sign_func( rsa_alt->key, f_rng, p_rng, MBEDTLS_RSA_PRIVATE,
426 md_alg, (unsigned int) hash_len, hash, sig ) );
427}
428
429static int rsa_alt_decrypt_wrap( void *ctx,
430 const unsigned char *input, size_t ilen,
431 unsigned char *output, size_t *olen, size_t osize,
432 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
433{
434 mbedtls_rsa_alt_context *rsa_alt = (mbedtls_rsa_alt_context *) ctx;
435
436 ((void) f_rng);
437 ((void) p_rng);
438
439 if( ilen != rsa_alt->key_len_func( rsa_alt->key ) )
440 return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
441
442 return( rsa_alt->decrypt_func( rsa_alt->key,
443 MBEDTLS_RSA_PRIVATE, olen, input, output, osize ) );
444}
445
446#if defined(MBEDTLS_RSA_C)
447static int rsa_alt_check_pair( const void *pub, const void *prv )
448{
449 unsigned char sig[MBEDTLS_MPI_MAX_SIZE];
450 unsigned char hash[32];
451 size_t sig_len = 0;
452 int ret;
453
454 if( rsa_alt_get_bitlen( prv ) != rsa_get_bitlen( pub ) )
455 return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
456
457 memset( hash, 0x2a, sizeof( hash ) );
458
459 if( ( ret = rsa_alt_sign_wrap( (void *) prv, MBEDTLS_MD_NONE,
460 hash, sizeof( hash ),
461 sig, &sig_len, NULL, NULL ) ) != 0 )
462 {
463 return( ret );
464 }
465
466 if( rsa_verify_wrap( (void *) pub, MBEDTLS_MD_NONE,
467 hash, sizeof( hash ), sig, sig_len ) != 0 )
468 {
469 return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
470 }
471
472 return( 0 );
473}
474#endif /* MBEDTLS_RSA_C */
475
476static void *rsa_alt_alloc_wrap( void )
477{
478 void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_rsa_alt_context ) );
479
480 if( ctx != NULL )
481 memset( ctx, 0, sizeof( mbedtls_rsa_alt_context ) );
482
483 return( ctx );
484}
485
486static void rsa_alt_free_wrap( void *ctx )
487{
488 mbedtls_zeroize( ctx, sizeof( mbedtls_rsa_alt_context ) );
489 mbedtls_free( ctx );
490}
491
492const mbedtls_pk_info_t mbedtls_rsa_alt_info = {
493 MBEDTLS_PK_RSA_ALT,
494 "RSA-alt",
495 rsa_alt_get_bitlen,
496 rsa_alt_can_do,
497 NULL,
498 rsa_alt_sign_wrap,
499 rsa_alt_decrypt_wrap,
500 NULL,
501#if defined(MBEDTLS_RSA_C)
502 rsa_alt_check_pair,
503#else
504 NULL,
505#endif
506 rsa_alt_alloc_wrap,
507 rsa_alt_free_wrap,
508 NULL,
509};
510
511#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
512
513#endif /* MBEDTLS_PK_C */