TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-crypto / refs/heads/dev/mbed-crypto-0.1.0-alpha / . / library / pk_wrap.c
blob: 987244c97fcc2676e1f4390a5762feaa5a32154b [file] [log] [blame]
Jaeden Ameroe54e6932018-08-06 16:19:58 +0100[diff] [blame]1/*
2 * Public Key abstraction layer: wrapper functions
3 *
4 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
5 * SPDX-License-Identifier: Apache-2.0
6 *
7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
8 * not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 *
19 * This file is part of Mbed Crypto (https://tls.mbed.org)
20 */
21
22#if !defined(MBEDCRYPTO_CONFIG_FILE)
23#include "mbedcrypto/config.h"
24#else
25#include MBEDCRYPTO_CONFIG_FILE
26#endif
27
28#if defined(MBEDCRYPTO_PK_C)
29#include "mbedcrypto/pk_internal.h"
30
31/* Even if RSA not activated, for the sake of RSA-alt */
32#include "mbedcrypto/rsa.h"
33
34#include <string.h>
35
36#if defined(MBEDCRYPTO_ECP_C)
37#include "mbedcrypto/ecp.h"
38#endif
39
40#if defined(MBEDCRYPTO_ECDSA_C)
41#include "mbedcrypto/ecdsa.h"
42#endif
43
44#if defined(MBEDCRYPTO_PK_RSA_ALT_SUPPORT)
45#include "mbedcrypto/platform_util.h"
46#endif
47
48#if defined(MBEDCRYPTO_PLATFORM_C)
49#include "mbedcrypto/platform.h"
50#else
51#include <stdlib.h>
52#define mbedcrypto_calloc calloc
53#define mbedcrypto_free free
54#endif
55
56#include <limits.h>
57#include <stdint.h>
58
59#if defined(MBEDCRYPTO_RSA_C)
60static int rsa_can_do( mbedcrypto_pk_type_t type )
61{
62 return( type == MBEDCRYPTO_PK_RSA ||
63 type == MBEDCRYPTO_PK_RSASSA_PSS );
64}
65
66static size_t rsa_get_bitlen( const void *ctx )
67{
68 const mbedcrypto_rsa_context * rsa = (const mbedcrypto_rsa_context *) ctx;
69 return( mbedcrypto_rsa_get_bitlen( rsa ) );
70}
71
72static int rsa_verify_wrap( void *ctx, mbedcrypto_md_type_t md_alg,
73 const unsigned char *hash, size_t hash_len,
74 const unsigned char *sig, size_t sig_len )
75{
76 int ret;
77 mbedcrypto_rsa_context * rsa = (mbedcrypto_rsa_context *) ctx;
78 size_t rsa_len = mbedcrypto_rsa_get_len( rsa );
79
80#if SIZE_MAX > UINT_MAX
81 if( md_alg == MBEDCRYPTO_MD_NONE && UINT_MAX < hash_len )
82 return( MBEDCRYPTO_ERR_PK_BAD_INPUT_DATA );
83#endif /* SIZE_MAX > UINT_MAX */
84
85 if( sig_len < rsa_len )
86 return( MBEDCRYPTO_ERR_RSA_VERIFY_FAILED );
87
88 if( ( ret = mbedcrypto_rsa_pkcs1_verify( rsa, NULL, NULL,
89 MBEDCRYPTO_RSA_PUBLIC, md_alg,
90 (unsigned int) hash_len, hash, sig ) ) != 0 )
91 return( ret );
92
93 /* The buffer contains a valid signature followed by extra data.
94 * We have a special error code for that so that so that callers can
95 * use mbedcrypto_pk_verify() to check "Does the buffer start with a
96 * valid signature?" and not just "Does the buffer contain a valid
97 * signature?". */
98 if( sig_len > rsa_len )
99 return( MBEDCRYPTO_ERR_PK_SIG_LEN_MISMATCH );
100
101 return( 0 );
102}
103
104static int rsa_sign_wrap( void *ctx, mbedcrypto_md_type_t md_alg,
105 const unsigned char *hash, size_t hash_len,
106 unsigned char *sig, size_t *sig_len,
107 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
108{
109 mbedcrypto_rsa_context * rsa = (mbedcrypto_rsa_context *) ctx;
110
111#if SIZE_MAX > UINT_MAX
112 if( md_alg == MBEDCRYPTO_MD_NONE && UINT_MAX < hash_len )
113 return( MBEDCRYPTO_ERR_PK_BAD_INPUT_DATA );
114#endif /* SIZE_MAX > UINT_MAX */
115
116 *sig_len = mbedcrypto_rsa_get_len( rsa );
117
118 return( mbedcrypto_rsa_pkcs1_sign( rsa, f_rng, p_rng, MBEDCRYPTO_RSA_PRIVATE,
119 md_alg, (unsigned int) hash_len, hash, sig ) );
120}
121
122static int rsa_decrypt_wrap( void *ctx,
123 const unsigned char *input, size_t ilen,
124 unsigned char *output, size_t *olen, size_t osize,
125 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
126{
127 mbedcrypto_rsa_context * rsa = (mbedcrypto_rsa_context *) ctx;
128
129 if( ilen != mbedcrypto_rsa_get_len( rsa ) )
130 return( MBEDCRYPTO_ERR_RSA_BAD_INPUT_DATA );
131
132 return( mbedcrypto_rsa_pkcs1_decrypt( rsa, f_rng, p_rng,
133 MBEDCRYPTO_RSA_PRIVATE, olen, input, output, osize ) );
134}
135
136static int rsa_encrypt_wrap( void *ctx,
137 const unsigned char *input, size_t ilen,
138 unsigned char *output, size_t *olen, size_t osize,
139 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
140{
141 mbedcrypto_rsa_context * rsa = (mbedcrypto_rsa_context *) ctx;
142 *olen = mbedcrypto_rsa_get_len( rsa );
143
144 if( *olen > osize )
145 return( MBEDCRYPTO_ERR_RSA_OUTPUT_TOO_LARGE );
146
147 return( mbedcrypto_rsa_pkcs1_encrypt( rsa, f_rng, p_rng, MBEDCRYPTO_RSA_PUBLIC,
148 ilen, input, output ) );
149}
150
151static int rsa_check_pair_wrap( const void *pub, const void *prv )
152{
153 return( mbedcrypto_rsa_check_pub_priv( (const mbedcrypto_rsa_context *) pub,
154 (const mbedcrypto_rsa_context *) prv ) );
155}
156
157static void *rsa_alloc_wrap( void )
158{
159 void *ctx = mbedcrypto_calloc( 1, sizeof( mbedcrypto_rsa_context ) );
160
161 if( ctx != NULL )
162 mbedcrypto_rsa_init( (mbedcrypto_rsa_context *) ctx, 0, 0 );
163
164 return( ctx );
165}
166
167static void rsa_free_wrap( void *ctx )
168{
169 mbedcrypto_rsa_free( (mbedcrypto_rsa_context *) ctx );
170 mbedcrypto_free( ctx );
171}
172
173static void rsa_debug( const void *ctx, mbedcrypto_pk_debug_item *items )
174{
175 items->type = MBEDCRYPTO_PK_DEBUG_MPI;
176 items->name = "rsa.N";
177 items->value = &( ((mbedcrypto_rsa_context *) ctx)->N );
178
179 items++;
180
181 items->type = MBEDCRYPTO_PK_DEBUG_MPI;
182 items->name = "rsa.E";
183 items->value = &( ((mbedcrypto_rsa_context *) ctx)->E );
184}
185
186const mbedcrypto_pk_info_t mbedcrypto_rsa_info = {
187 MBEDCRYPTO_PK_RSA,
188 "RSA",
189 rsa_get_bitlen,
190 rsa_can_do,
191 rsa_verify_wrap,
192 rsa_sign_wrap,
193 rsa_decrypt_wrap,
194 rsa_encrypt_wrap,
195 rsa_check_pair_wrap,
196 rsa_alloc_wrap,
197 rsa_free_wrap,
198 rsa_debug,
199};
200#endif /* MBEDCRYPTO_RSA_C */
201
202#if defined(MBEDCRYPTO_ECP_C)
203/*
204 * Generic EC key
205 */
206static int eckey_can_do( mbedcrypto_pk_type_t type )
207{
208 return( type == MBEDCRYPTO_PK_ECKEY ||
209 type == MBEDCRYPTO_PK_ECKEY_DH ||
210 type == MBEDCRYPTO_PK_ECDSA );
211}
212
213static size_t eckey_get_bitlen( const void *ctx )
214{
215 return( ((mbedcrypto_ecp_keypair *) ctx)->grp.pbits );
216}
217
218#if defined(MBEDCRYPTO_ECDSA_C)
219/* Forward declarations */
220static int ecdsa_verify_wrap( void *ctx, mbedcrypto_md_type_t md_alg,
221 const unsigned char *hash, size_t hash_len,
222 const unsigned char *sig, size_t sig_len );
223
224static int ecdsa_sign_wrap( void *ctx, mbedcrypto_md_type_t md_alg,
225 const unsigned char *hash, size_t hash_len,
226 unsigned char *sig, size_t *sig_len,
227 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
228
229static int eckey_verify_wrap( void *ctx, mbedcrypto_md_type_t md_alg,
230 const unsigned char *hash, size_t hash_len,
231 const unsigned char *sig, size_t sig_len )
232{
233 int ret;
234 mbedcrypto_ecdsa_context ecdsa;
235
236 mbedcrypto_ecdsa_init( &ecdsa );
237
238 if( ( ret = mbedcrypto_ecdsa_from_keypair( &ecdsa, ctx ) ) == 0 )
239 ret = ecdsa_verify_wrap( &ecdsa, md_alg, hash, hash_len, sig, sig_len );
240
241 mbedcrypto_ecdsa_free( &ecdsa );
242
243 return( ret );
244}
245
246static int eckey_sign_wrap( void *ctx, mbedcrypto_md_type_t md_alg,
247 const unsigned char *hash, size_t hash_len,
248 unsigned char *sig, size_t *sig_len,
249 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
250{
251 int ret;
252 mbedcrypto_ecdsa_context ecdsa;
253
254 mbedcrypto_ecdsa_init( &ecdsa );
255
256 if( ( ret = mbedcrypto_ecdsa_from_keypair( &ecdsa, ctx ) ) == 0 )
257 ret = ecdsa_sign_wrap( &ecdsa, md_alg, hash, hash_len, sig, sig_len,
258 f_rng, p_rng );
259
260 mbedcrypto_ecdsa_free( &ecdsa );
261
262 return( ret );
263}
264
265#endif /* MBEDCRYPTO_ECDSA_C */
266
267static int eckey_check_pair( const void *pub, const void *prv )
268{
269 return( mbedcrypto_ecp_check_pub_priv( (const mbedcrypto_ecp_keypair *) pub,
270 (const mbedcrypto_ecp_keypair *) prv ) );
271}
272
273static void *eckey_alloc_wrap( void )
274{
275 void *ctx = mbedcrypto_calloc( 1, sizeof( mbedcrypto_ecp_keypair ) );
276
277 if( ctx != NULL )
278 mbedcrypto_ecp_keypair_init( ctx );
279
280 return( ctx );
281}
282
283static void eckey_free_wrap( void *ctx )
284{
285 mbedcrypto_ecp_keypair_free( (mbedcrypto_ecp_keypair *) ctx );
286 mbedcrypto_free( ctx );
287}
288
289static void eckey_debug( const void *ctx, mbedcrypto_pk_debug_item *items )
290{
291 items->type = MBEDCRYPTO_PK_DEBUG_ECP;
292 items->name = "eckey.Q";
293 items->value = &( ((mbedcrypto_ecp_keypair *) ctx)->Q );
294}
295
296const mbedcrypto_pk_info_t mbedcrypto_eckey_info = {
297 MBEDCRYPTO_PK_ECKEY,
298 "EC",
299 eckey_get_bitlen,
300 eckey_can_do,
301#if defined(MBEDCRYPTO_ECDSA_C)
302 eckey_verify_wrap,
303 eckey_sign_wrap,
304#else
305 NULL,
306 NULL,
307#endif
308 NULL,
309 NULL,
310 eckey_check_pair,
311 eckey_alloc_wrap,
312 eckey_free_wrap,
313 eckey_debug,
314};
315
316/*
317 * EC key restricted to ECDH
318 */
319static int eckeydh_can_do( mbedcrypto_pk_type_t type )
320{
321 return( type == MBEDCRYPTO_PK_ECKEY ||
322 type == MBEDCRYPTO_PK_ECKEY_DH );
323}
324
325const mbedcrypto_pk_info_t mbedcrypto_eckeydh_info = {
326 MBEDCRYPTO_PK_ECKEY_DH,
327 "EC_DH",
328 eckey_get_bitlen, /* Same underlying key structure */
329 eckeydh_can_do,
330 NULL,
331 NULL,
332 NULL,
333 NULL,
334 eckey_check_pair,
335 eckey_alloc_wrap, /* Same underlying key structure */
336 eckey_free_wrap, /* Same underlying key structure */
337 eckey_debug, /* Same underlying key structure */
338};
339#endif /* MBEDCRYPTO_ECP_C */
340
341#if defined(MBEDCRYPTO_ECDSA_C)
342static int ecdsa_can_do( mbedcrypto_pk_type_t type )
343{
344 return( type == MBEDCRYPTO_PK_ECDSA );
345}
346
347static int ecdsa_verify_wrap( void *ctx, mbedcrypto_md_type_t md_alg,
348 const unsigned char *hash, size_t hash_len,
349 const unsigned char *sig, size_t sig_len )
350{
351 int ret;
352 ((void) md_alg);
353
354 ret = mbedcrypto_ecdsa_read_signature( (mbedcrypto_ecdsa_context *) ctx,
355 hash, hash_len, sig, sig_len );
356
357 if( ret == MBEDCRYPTO_ERR_ECP_SIG_LEN_MISMATCH )
358 return( MBEDCRYPTO_ERR_PK_SIG_LEN_MISMATCH );
359
360 return( ret );
361}
362
363static int ecdsa_sign_wrap( void *ctx, mbedcrypto_md_type_t md_alg,
364 const unsigned char *hash, size_t hash_len,
365 unsigned char *sig, size_t *sig_len,
366 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
367{
368 return( mbedcrypto_ecdsa_write_signature( (mbedcrypto_ecdsa_context *) ctx,
369 md_alg, hash, hash_len, sig, sig_len, f_rng, p_rng ) );
370}
371
372static void *ecdsa_alloc_wrap( void )
373{
374 void *ctx = mbedcrypto_calloc( 1, sizeof( mbedcrypto_ecdsa_context ) );
375
376 if( ctx != NULL )
377 mbedcrypto_ecdsa_init( (mbedcrypto_ecdsa_context *) ctx );
378
379 return( ctx );
380}
381
382static void ecdsa_free_wrap( void *ctx )
383{
384 mbedcrypto_ecdsa_free( (mbedcrypto_ecdsa_context *) ctx );
385 mbedcrypto_free( ctx );
386}
387
388const mbedcrypto_pk_info_t mbedcrypto_ecdsa_info = {
389 MBEDCRYPTO_PK_ECDSA,
390 "ECDSA",
391 eckey_get_bitlen, /* Compatible key structures */
392 ecdsa_can_do,
393 ecdsa_verify_wrap,
394 ecdsa_sign_wrap,
395 NULL,
396 NULL,
397 eckey_check_pair, /* Compatible key structures */
398 ecdsa_alloc_wrap,
399 ecdsa_free_wrap,
400 eckey_debug, /* Compatible key structures */
401};
402#endif /* MBEDCRYPTO_ECDSA_C */
403
404#if defined(MBEDCRYPTO_PK_RSA_ALT_SUPPORT)
405/*
406 * Support for alternative RSA-private implementations
407 */
408
409static int rsa_alt_can_do( mbedcrypto_pk_type_t type )
410{
411 return( type == MBEDCRYPTO_PK_RSA );
412}
413
414static size_t rsa_alt_get_bitlen( const void *ctx )
415{
416 const mbedcrypto_rsa_alt_context *rsa_alt = (const mbedcrypto_rsa_alt_context *) ctx;
417
418 return( 8 * rsa_alt->key_len_func( rsa_alt->key ) );
419}
420
421static int rsa_alt_sign_wrap( void *ctx, mbedcrypto_md_type_t md_alg,
422 const unsigned char *hash, size_t hash_len,
423 unsigned char *sig, size_t *sig_len,
424 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
425{
426 mbedcrypto_rsa_alt_context *rsa_alt = (mbedcrypto_rsa_alt_context *) ctx;
427
428#if SIZE_MAX > UINT_MAX
429 if( UINT_MAX < hash_len )
430 return( MBEDCRYPTO_ERR_PK_BAD_INPUT_DATA );
431#endif /* SIZE_MAX > UINT_MAX */
432
433 *sig_len = rsa_alt->key_len_func( rsa_alt->key );
434
435 return( rsa_alt->sign_func( rsa_alt->key, f_rng, p_rng, MBEDCRYPTO_RSA_PRIVATE,
436 md_alg, (unsigned int) hash_len, hash, sig ) );
437}
438
439static int rsa_alt_decrypt_wrap( void *ctx,
440 const unsigned char *input, size_t ilen,
441 unsigned char *output, size_t *olen, size_t osize,
442 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
443{
444 mbedcrypto_rsa_alt_context *rsa_alt = (mbedcrypto_rsa_alt_context *) ctx;
445
446 ((void) f_rng);
447 ((void) p_rng);
448
449 if( ilen != rsa_alt->key_len_func( rsa_alt->key ) )
450 return( MBEDCRYPTO_ERR_RSA_BAD_INPUT_DATA );
451
452 return( rsa_alt->decrypt_func( rsa_alt->key,
453 MBEDCRYPTO_RSA_PRIVATE, olen, input, output, osize ) );
454}
455
456#if defined(MBEDCRYPTO_RSA_C)
457static int rsa_alt_check_pair( const void *pub, const void *prv )
458{
459 unsigned char sig[MBEDCRYPTO_MPI_MAX_SIZE];
460 unsigned char hash[32];
461 size_t sig_len = 0;
462 int ret;
463
464 if( rsa_alt_get_bitlen( prv ) != rsa_get_bitlen( pub ) )
465 return( MBEDCRYPTO_ERR_RSA_KEY_CHECK_FAILED );
466
467 memset( hash, 0x2a, sizeof( hash ) );
468
469 if( ( ret = rsa_alt_sign_wrap( (void *) prv, MBEDCRYPTO_MD_NONE,
470 hash, sizeof( hash ),
471 sig, &sig_len, NULL, NULL ) ) != 0 )
472 {
473 return( ret );
474 }
475
476 if( rsa_verify_wrap( (void *) pub, MBEDCRYPTO_MD_NONE,
477 hash, sizeof( hash ), sig, sig_len ) != 0 )
478 {
479 return( MBEDCRYPTO_ERR_RSA_KEY_CHECK_FAILED );
480 }
481
482 return( 0 );
483}
484#endif /* MBEDCRYPTO_RSA_C */
485
486static void *rsa_alt_alloc_wrap( void )
487{
488 void *ctx = mbedcrypto_calloc( 1, sizeof( mbedcrypto_rsa_alt_context ) );
489
490 if( ctx != NULL )
491 memset( ctx, 0, sizeof( mbedcrypto_rsa_alt_context ) );
492
493 return( ctx );
494}
495
496static void rsa_alt_free_wrap( void *ctx )
497{
498 mbedcrypto_platform_zeroize( ctx, sizeof( mbedcrypto_rsa_alt_context ) );
499 mbedcrypto_free( ctx );
500}
501
502const mbedcrypto_pk_info_t mbedcrypto_rsa_alt_info = {
503 MBEDCRYPTO_PK_RSA_ALT,
504 "RSA-alt",
505 rsa_alt_get_bitlen,
506 rsa_alt_can_do,
507 NULL,
508 rsa_alt_sign_wrap,
509 rsa_alt_decrypt_wrap,
510 NULL,
511#if defined(MBEDCRYPTO_RSA_C)
512 rsa_alt_check_pair,
513#else
514 NULL,
515#endif
516 rsa_alt_alloc_wrap,
517 rsa_alt_free_wrap,
518 NULL,
519};
520
521#endif /* MBEDCRYPTO_PK_RSA_ALT_SUPPORT */
522
523#endif /* MBEDCRYPTO_PK_C */