TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 08620cbb62b7ce26d58cdba335b7b87407764929 / . / library / pk.c
blob: 9f85718c934cfd8781c63f908d95c40f2fbf18f8 [file] [log] [blame]
Manuel Pégourié-Gonnard12e0ed92013-07-04 13:31:32 +0200[diff] [blame]1/*
2 * Public Key abstraction layer
3 *
Manuel Pégourié-Gonnard6fb81872015-07-27 11:11:48 +0200[diff] [blame]4 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
Manuel Pégourié-Gonnard37ff1402015-09-04 14:21:07 +0200[diff] [blame]5 * SPDX-License-Identifier: Apache-2.0
6 *
7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
8 * not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
Manuel Pégourié-Gonnard12e0ed92013-07-04 13:31:32 +0200[diff] [blame]18 *
Manuel Pégourié-Gonnardfe446432015-03-06 13:17:10 +0000[diff] [blame]19 * This file is part of mbed TLS (https://tls.mbed.org)
Manuel Pégourié-Gonnard12e0ed92013-07-04 13:31:32 +0200[diff] [blame]20 */
21
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]22#if !defined(MBEDTLS_CONFIG_FILE)
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]23#include "mbedtls/config.h"
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +0200[diff] [blame]24#else
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]25#include MBEDTLS_CONFIG_FILE
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +0200[diff] [blame]26#endif
Manuel Pégourié-Gonnard12e0ed92013-07-04 13:31:32 +0200[diff] [blame]27
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]28#if defined(MBEDTLS_PK_C)
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]29#include "mbedtls/pk.h"
Manuel Pégourié-Gonnard50518f42015-05-26 11:04:15 +0200[diff] [blame]30#include "mbedtls/pk_internal.h"
Manuel Pégourié-Gonnard12e0ed92013-07-04 13:31:32 +0200[diff] [blame]31
Manuel Pégourié-Gonnard8cd28892019-09-19 10:45:14 +0200[diff] [blame]32#if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]33#include "mbedtls/rsa.h"
Manuel Pégourié-Gonnard81c313c2013-07-09 10:35:54 +0200[diff] [blame]34#endif
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]35#if defined(MBEDTLS_ECP_C)
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]36#include "mbedtls/ecp.h"
Manuel Pégourié-Gonnard81c313c2013-07-09 10:35:54 +0200[diff] [blame]37#endif
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]38#if defined(MBEDTLS_ECDSA_C)
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]39#include "mbedtls/ecdsa.h"
Manuel Pégourié-Gonnard7c5819e2013-07-10 12:29:57 +0200[diff] [blame]40#endif
Manuel Pégourié-Gonnard4ed179f2019-09-19 10:45:14 +0200[diff] [blame]41#if defined(MBEDTLS_USE_TINYCRYPT)
42#include "tinycrypt/ecc.h"
43#include "tinycrypt/ecc_dsa.h"
44#include "mbedtls/asn1.h"
45#include "mbedtls/asn1write.h"
46#endif /* MBEDTLS_USE_TINYCRYPT */
47
Manuel Pégourié-Gonnard4ed179f2019-09-19 10:45:14 +0200[diff] [blame]48#include "mbedtls/platform_util.h"
Manuel Pégourié-Gonnard4ed179f2019-09-19 10:45:14 +0200[diff] [blame]49
50#if defined(MBEDTLS_PLATFORM_C)
51#include "mbedtls/platform.h"
52#else
53#include <stdlib.h>
54#define mbedtls_calloc calloc
55#define mbedtls_free free
56#endif
57
Manuel Pégourié-Gonnard8cd28892019-09-19 10:45:14 +0200[diff] [blame]58#include <string.h>
Manuel Pégourié-Gonnard4ed179f2019-09-19 10:45:14 +0200[diff] [blame]59#include <limits.h>
60#include <stdint.h>
61
Manuel Pégourié-Gonnard8cd28892019-09-19 10:45:14 +0200[diff] [blame]62/* Parameter validation macros based on platform_util.h */
63#define PK_VALIDATE_RET( cond ) \
64 MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_PK_BAD_INPUT_DATA )
65#define PK_VALIDATE( cond ) \
66 MBEDTLS_INTERNAL_VALIDATE( cond )
67
68/*
69 * Internal wrappers around RSA functions
70 */
Manuel Pégourié-Gonnard4ed179f2019-09-19 10:45:14 +0200[diff] [blame]71#if defined(MBEDTLS_RSA_C)
72static int rsa_can_do( mbedtls_pk_type_t type )
73{
74 return( type == MBEDTLS_PK_RSA ||
75 type == MBEDTLS_PK_RSASSA_PSS );
76}
77
78static size_t rsa_get_bitlen( const void *ctx )
79{
80 const mbedtls_rsa_context * rsa = (const mbedtls_rsa_context *) ctx;
81 return( 8 * mbedtls_rsa_get_len( rsa ) );
82}
83
84static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
85 const unsigned char *hash, size_t hash_len,
86 const unsigned char *sig, size_t sig_len )
87{
88 int ret;
89 mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
90 size_t rsa_len = mbedtls_rsa_get_len( rsa );
91
92#if SIZE_MAX > UINT_MAX
93 if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len )
94 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
95#endif /* SIZE_MAX > UINT_MAX */
96
97 if( sig_len < rsa_len )
98 return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
99
100 if( ( ret = mbedtls_rsa_pkcs1_verify( rsa, NULL, NULL,
101 MBEDTLS_RSA_PUBLIC, md_alg,
102 (unsigned int) hash_len, hash, sig ) ) != 0 )
103 return( ret );
104
105 /* The buffer contains a valid signature followed by extra data.
106 * We have a special error code for that so that so that callers can
107 * use mbedtls_pk_verify() to check "Does the buffer start with a
108 * valid signature?" and not just "Does the buffer contain a valid
109 * signature?". */
110 if( sig_len > rsa_len )
111 return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );
112
113 return( 0 );
114}
115
116static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
117 const unsigned char *hash, size_t hash_len,
118 unsigned char *sig, size_t *sig_len,
119 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
120{
121 mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
122
123#if SIZE_MAX > UINT_MAX
124 if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len )
125 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
126#endif /* SIZE_MAX > UINT_MAX */
127
128 *sig_len = mbedtls_rsa_get_len( rsa );
129
130 return( mbedtls_rsa_pkcs1_sign( rsa, f_rng, p_rng, MBEDTLS_RSA_PRIVATE,
131 md_alg, (unsigned int) hash_len, hash, sig ) );
132}
133
134static int rsa_decrypt_wrap( void *ctx,
135 const unsigned char *input, size_t ilen,
136 unsigned char *output, size_t *olen, size_t osize,
137 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
138{
139 mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
140
141 if( ilen != mbedtls_rsa_get_len( rsa ) )
142 return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
143
144 return( mbedtls_rsa_pkcs1_decrypt( rsa, f_rng, p_rng,
145 MBEDTLS_RSA_PRIVATE, olen, input, output, osize ) );
146}
147
148static int rsa_encrypt_wrap( void *ctx,
149 const unsigned char *input, size_t ilen,
150 unsigned char *output, size_t *olen, size_t osize,
151 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
152{
153 mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
154 *olen = mbedtls_rsa_get_len( rsa );
155
156 if( *olen > osize )
157 return( MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE );
158
159 return( mbedtls_rsa_pkcs1_encrypt( rsa, f_rng, p_rng, MBEDTLS_RSA_PUBLIC,
160 ilen, input, output ) );
161}
162
163static int rsa_check_pair_wrap( const void *pub, const void *prv )
164{
165 return( mbedtls_rsa_check_pub_priv( (const mbedtls_rsa_context *) pub,
166 (const mbedtls_rsa_context *) prv ) );
167}
168
169static void *rsa_alloc_wrap( void )
170{
171 void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_rsa_context ) );
172
173 if( ctx != NULL )
174 mbedtls_rsa_init( (mbedtls_rsa_context *) ctx, 0, 0 );
175
176 return( ctx );
177}
178
179static void rsa_free_wrap( void *ctx )
180{
181 mbedtls_rsa_free( (mbedtls_rsa_context *) ctx );
182 mbedtls_free( ctx );
183}
184
185static void rsa_debug( const void *ctx, mbedtls_pk_debug_item *items )
186{
187 items->type = MBEDTLS_PK_DEBUG_MPI;
188 items->name = "rsa.N";
189 items->value = &( ((mbedtls_rsa_context *) ctx)->N );
190
191 items++;
192
193 items->type = MBEDTLS_PK_DEBUG_MPI;
194 items->name = "rsa.E";
195 items->value = &( ((mbedtls_rsa_context *) ctx)->E );
196}
197
198const mbedtls_pk_info_t mbedtls_rsa_info = {
199 MBEDTLS_PK_RSA,
200 "RSA",
201 rsa_get_bitlen,
202 rsa_can_do,
203 rsa_verify_wrap,
204 rsa_sign_wrap,
205#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
206 NULL,
207 NULL,
208#endif
209 rsa_decrypt_wrap,
210 rsa_encrypt_wrap,
211 rsa_check_pair_wrap,
212 rsa_alloc_wrap,
213 rsa_free_wrap,
214#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
215 NULL,
216 NULL,
217#endif
218 rsa_debug,
219};
220#endif /* MBEDTLS_RSA_C */
221
Manuel Pégourié-Gonnard8cd28892019-09-19 10:45:14 +0200[diff] [blame]222/*
223 * Internal wrappers around ECC functions - based on ECP module
224 */
Manuel Pégourié-Gonnard4ed179f2019-09-19 10:45:14 +0200[diff] [blame]225#if defined(MBEDTLS_ECP_C)
226/*
227 * Generic EC key
228 */
229static int eckey_can_do( mbedtls_pk_type_t type )
230{
231 return( type == MBEDTLS_PK_ECKEY ||
232 type == MBEDTLS_PK_ECKEY_DH ||
233 type == MBEDTLS_PK_ECDSA );
234}
235
236static size_t eckey_get_bitlen( const void *ctx )
237{
238 return( ((mbedtls_ecp_keypair *) ctx)->grp.pbits );
239}
240
241#if defined(MBEDTLS_ECDSA_C)
242/* Forward declarations */
243static int ecdsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
244 const unsigned char *hash, size_t hash_len,
245 const unsigned char *sig, size_t sig_len );
246
247static int ecdsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
248 const unsigned char *hash, size_t hash_len,
249 unsigned char *sig, size_t *sig_len,
250 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
251
252static int eckey_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
253 const unsigned char *hash, size_t hash_len,
254 const unsigned char *sig, size_t sig_len )
255{
256 int ret;
257 mbedtls_ecdsa_context ecdsa;
258
259 mbedtls_ecdsa_init( &ecdsa );
260
261 if( ( ret = mbedtls_ecdsa_from_keypair( &ecdsa, ctx ) ) == 0 )
262 ret = ecdsa_verify_wrap( &ecdsa, md_alg, hash, hash_len, sig, sig_len );
263
264 mbedtls_ecdsa_free( &ecdsa );
265
266 return( ret );
267}
268
269static int eckey_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
270 const unsigned char *hash, size_t hash_len,
271 unsigned char *sig, size_t *sig_len,
272 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
273{
274 int ret;
275 mbedtls_ecdsa_context ecdsa;
276
277 mbedtls_ecdsa_init( &ecdsa );
278
279 if( ( ret = mbedtls_ecdsa_from_keypair( &ecdsa, ctx ) ) == 0 )
280 ret = ecdsa_sign_wrap( &ecdsa, md_alg, hash, hash_len, sig, sig_len,
281 f_rng, p_rng );
282
283 mbedtls_ecdsa_free( &ecdsa );
284
285 return( ret );
286}
287
288#if defined(MBEDTLS_ECP_RESTARTABLE)
289/* Forward declarations */
290static int ecdsa_verify_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
291 const unsigned char *hash, size_t hash_len,
292 const unsigned char *sig, size_t sig_len,
293 void *rs_ctx );
294
295static int ecdsa_sign_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
296 const unsigned char *hash, size_t hash_len,
297 unsigned char *sig, size_t *sig_len,
298 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
299 void *rs_ctx );
300
301/*
302 * Restart context for ECDSA operations with ECKEY context
303 *
304 * We need to store an actual ECDSA context, as we need to pass the same to
305 * the underlying ecdsa function, so we can't create it on the fly every time.
306 */
307typedef struct
308{
309 mbedtls_ecdsa_restart_ctx ecdsa_rs;
310 mbedtls_ecdsa_context ecdsa_ctx;
311} eckey_restart_ctx;
312
313static void *eckey_rs_alloc( void )
314{
315 eckey_restart_ctx *rs_ctx;
316
317 void *ctx = mbedtls_calloc( 1, sizeof( eckey_restart_ctx ) );
318
319 if( ctx != NULL )
320 {
321 rs_ctx = ctx;
322 mbedtls_ecdsa_restart_init( &rs_ctx->ecdsa_rs );
323 mbedtls_ecdsa_init( &rs_ctx->ecdsa_ctx );
324 }
325
326 return( ctx );
327}
328
329static void eckey_rs_free( void *ctx )
330{
331 eckey_restart_ctx *rs_ctx;
332
333 if( ctx == NULL)
334 return;
335
336 rs_ctx = ctx;
337 mbedtls_ecdsa_restart_free( &rs_ctx->ecdsa_rs );
338 mbedtls_ecdsa_free( &rs_ctx->ecdsa_ctx );
339
340 mbedtls_free( ctx );
341}
342
343static int eckey_verify_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
344 const unsigned char *hash, size_t hash_len,
345 const unsigned char *sig, size_t sig_len,
346 void *rs_ctx )
347{
348 int ret;
349 eckey_restart_ctx *rs = rs_ctx;
350
351 /* Should never happen */
352 if( rs == NULL )
353 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
354
355 /* set up our own sub-context if needed (that is, on first run) */
356 if( rs->ecdsa_ctx.grp.pbits == 0 )
357 MBEDTLS_MPI_CHK( mbedtls_ecdsa_from_keypair( &rs->ecdsa_ctx, ctx ) );
358
359 MBEDTLS_MPI_CHK( ecdsa_verify_rs_wrap( &rs->ecdsa_ctx,
360 md_alg, hash, hash_len,
361 sig, sig_len, &rs->ecdsa_rs ) );
362
363cleanup:
364 return( ret );
365}
366
367static int eckey_sign_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
368 const unsigned char *hash, size_t hash_len,
369 unsigned char *sig, size_t *sig_len,
370 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
371 void *rs_ctx )
372{
373 int ret;
374 eckey_restart_ctx *rs = rs_ctx;
375
376 /* Should never happen */
377 if( rs == NULL )
378 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
379
380 /* set up our own sub-context if needed (that is, on first run) */
381 if( rs->ecdsa_ctx.grp.pbits == 0 )
382 MBEDTLS_MPI_CHK( mbedtls_ecdsa_from_keypair( &rs->ecdsa_ctx, ctx ) );
383
384 MBEDTLS_MPI_CHK( ecdsa_sign_rs_wrap( &rs->ecdsa_ctx, md_alg,
385 hash, hash_len, sig, sig_len,
386 f_rng, p_rng, &rs->ecdsa_rs ) );
387
388cleanup:
389 return( ret );
390}
391#endif /* MBEDTLS_ECP_RESTARTABLE */
392#endif /* MBEDTLS_ECDSA_C */
393
394static int eckey_check_pair( const void *pub, const void *prv )
395{
396 return( mbedtls_ecp_check_pub_priv( (const mbedtls_ecp_keypair *) pub,
397 (const mbedtls_ecp_keypair *) prv ) );
398}
399
400static void *eckey_alloc_wrap( void )
401{
402 void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ecp_keypair ) );
403
404 if( ctx != NULL )
405 mbedtls_ecp_keypair_init( ctx );
406
407 return( ctx );
408}
409
410static void eckey_free_wrap( void *ctx )
411{
412 mbedtls_ecp_keypair_free( (mbedtls_ecp_keypair *) ctx );
413 mbedtls_free( ctx );
414}
415
416static void eckey_debug( const void *ctx, mbedtls_pk_debug_item *items )
417{
418 items->type = MBEDTLS_PK_DEBUG_ECP;
419 items->name = "eckey.Q";
420 items->value = &( ((mbedtls_ecp_keypair *) ctx)->Q );
421}
422
423const mbedtls_pk_info_t mbedtls_eckey_info = {
424 MBEDTLS_PK_ECKEY,
425 "EC",
426 eckey_get_bitlen,
427 eckey_can_do,
428#if defined(MBEDTLS_ECDSA_C)
429 eckey_verify_wrap,
430 eckey_sign_wrap,
431#if defined(MBEDTLS_ECP_RESTARTABLE)
432 eckey_verify_rs_wrap,
433 eckey_sign_rs_wrap,
434#endif
435#else /* MBEDTLS_ECDSA_C */
436 NULL,
437 NULL,
438#endif /* MBEDTLS_ECDSA_C */
439 NULL,
440 NULL,
441 eckey_check_pair,
442 eckey_alloc_wrap,
443 eckey_free_wrap,
444#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
445 eckey_rs_alloc,
446 eckey_rs_free,
447#endif
448 eckey_debug,
449};
450
451/*
452 * EC key restricted to ECDH
453 */
454static int eckeydh_can_do( mbedtls_pk_type_t type )
455{
456 return( type == MBEDTLS_PK_ECKEY ||
457 type == MBEDTLS_PK_ECKEY_DH );
458}
459
460const mbedtls_pk_info_t mbedtls_eckeydh_info = {
461 MBEDTLS_PK_ECKEY_DH,
462 "EC_DH",
463 eckey_get_bitlen, /* Same underlying key structure */
464 eckeydh_can_do,
465 NULL,
466 NULL,
467#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
468 NULL,
469 NULL,
470#endif
471 NULL,
472 NULL,
473 eckey_check_pair,
474 eckey_alloc_wrap, /* Same underlying key structure */
475 eckey_free_wrap, /* Same underlying key structure */
476#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
477 NULL,
478 NULL,
479#endif
480 eckey_debug, /* Same underlying key structure */
481};
482#endif /* MBEDTLS_ECP_C */
483
Manuel Pégourié-Gonnard8cd28892019-09-19 10:45:14 +0200[diff] [blame]484/*
485 * Internal wrappers around ECC functions - based on TinyCrypt
486 */
Manuel Pégourié-Gonnard4ed179f2019-09-19 10:45:14 +0200[diff] [blame]487#if defined(MBEDTLS_USE_TINYCRYPT)
Manuel Pégourié-Gonnard4ed179f2019-09-19 10:45:14 +0200[diff] [blame]488/*
489 * An ASN.1 encoded signature is a sequence of two ASN.1 integers. Parse one of
490 * those integers and convert it to the fixed-length encoding.
491 */
492static int extract_ecdsa_sig_int( unsigned char **from, const unsigned char *end,
493 unsigned char *to, size_t to_len )
494{
495 int ret;
496 size_t unpadded_len, padding_len;
497
498 if( ( ret = mbedtls_asn1_get_tag( from, end, &unpadded_len,
499 MBEDTLS_ASN1_INTEGER ) ) != 0 )
500 {
501 return( ret );
502 }
503
504 while( unpadded_len > 0 && **from == 0x00 )
505 {
506 ( *from )++;
507 unpadded_len--;
508 }
509
510 if( unpadded_len > to_len || unpadded_len == 0 )
511 return( MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
512
513 padding_len = to_len - unpadded_len;
514 memset( to, 0x00, padding_len );
515 memcpy( to + padding_len, *from, unpadded_len );
516 ( *from ) += unpadded_len;
517
518 return( 0 );
519}
520
521/*
522 * Convert a signature from an ASN.1 sequence of two integers
523 * to a raw {r,s} buffer. Note: the provided sig buffer must be at least
524 * twice as big as int_size.
525 */
526static int extract_ecdsa_sig( unsigned char **p, const unsigned char *end,
527 unsigned char *sig, size_t int_size )
528{
529 int ret;
530 size_t tmp_size;
531
532 if( ( ret = mbedtls_asn1_get_tag( p, end, &tmp_size,
533 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
534 return( ret );
535
536 /* Extract r */
537 if( ( ret = extract_ecdsa_sig_int( p, end, sig, int_size ) ) != 0 )
538 return( ret );
539 /* Extract s */
540 if( ( ret = extract_ecdsa_sig_int( p, end, sig + int_size, int_size ) ) != 0 )
541 return( ret );
542
543 return( 0 );
544}
545
546static size_t uecc_eckey_get_bitlen( const void *ctx )
547{
548 (void) ctx;
549 return( (size_t) ( NUM_ECC_BYTES * 8 ) );
550}
551
552static int uecc_eckey_check_pair( const void *pub, const void *prv )
553{
554 const mbedtls_uecc_keypair *uecc_pub =
555 (const mbedtls_uecc_keypair *) pub;
556 const mbedtls_uecc_keypair *uecc_prv =
557 (const mbedtls_uecc_keypair *) prv;
558
559 if( memcmp( uecc_pub->public_key,
560 uecc_prv->public_key,
561 2 * NUM_ECC_BYTES ) == 0 )
562 {
563 return( 0 );
564 }
565
566 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
567}
568
569static int uecc_eckey_can_do( mbedtls_pk_type_t type )
570{
571 return( type == MBEDTLS_PK_ECDSA ||
572 type == MBEDTLS_PK_ECKEY );
573}
574
575static int uecc_eckey_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
576 const unsigned char *hash, size_t hash_len,
577 const unsigned char *sig, size_t sig_len )
578{
579 int ret;
580 uint8_t signature[2*NUM_ECC_BYTES];
581 unsigned char *p;
582 const struct uECC_Curve_t * uecc_curve = uECC_secp256r1();
583 const mbedtls_uecc_keypair *keypair = (const mbedtls_uecc_keypair *) ctx;
584
585 ((void) md_alg);
586 p = (unsigned char*) sig;
587
588 ret = extract_ecdsa_sig( &p, sig + sig_len, signature, NUM_ECC_BYTES );
589 if( ret != 0 )
590 return( ret );
591
592 ret = uECC_verify( keypair->public_key, hash,
593 (unsigned) hash_len, signature, uecc_curve );
594 if( ret == 0 )
595 return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );
596
597 return( 0 );
598}
599
600/*
601 * Simultaneously convert and move raw MPI from the beginning of a buffer
602 * to an ASN.1 MPI at the end of the buffer.
603 * See also mbedtls_asn1_write_mpi().
604 *
605 * p: pointer to the end of the output buffer
606 * start: start of the output buffer, and also of the mpi to write at the end
607 * n_len: length of the mpi to read from start
608 *
609 * Warning:
610 * The total length of the output buffer must be smaller than 128 Bytes.
611 */
612static int asn1_write_mpibuf( unsigned char **p, unsigned char *start,
613 size_t n_len )
614{
615 size_t len = 0;
616
617 if( (size_t)( *p - start ) < n_len )
618 return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
619
620 len = n_len;
621 *p -= len;
622 memmove( *p, start, len );
623
624 /* ASN.1 DER encoding requires minimal length, so skip leading 0s.
625 * Neither r nor s should be 0, but as a failsafe measure, still detect
626 * that rather than overflowing the buffer in case of an error. */
627 while( len > 0 && **p == 0x00 )
628 {
629 ++(*p);
630 --len;
631 }
632
633 /* this is only reached if the signature was invalid */
634 if( len == 0 )
635 return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );
636
637 /* if the msb is 1, ASN.1 requires that we prepend a 0.
638 * Neither r nor s can be 0, so we can assume len > 0 at all times. */
639 if( **p & 0x80 )
640 {
641 if( *p - start < 1 )
642 return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
643
644 *--(*p) = 0x00;
645 len += 1;
646 }
647
648 /* The ASN.1 length encoding is just a single Byte containing the length,
649 * as we assume that the total buffer length is smaller than 128 Bytes. */
650 *--(*p) = len;
651 *--(*p) = MBEDTLS_ASN1_INTEGER;
652 len += 2;
653
654 return( (int) len );
655}
656
657/* Transcode signature from uECC format to ASN.1 sequence.
658 * See ecdsa_signature_to_asn1 in ecdsa.c, but with byte buffers instead of
659 * MPIs, and in-place.
660 *
661 * [in/out] sig: the signature pre- and post-transcoding
662 * [in/out] sig_len: signature length pre- and post-transcoding
663 * [int] buf_len: the available size the in/out buffer
664 *
665 * Warning: buf_len must be smaller than 128 Bytes.
666 */
667static int pk_ecdsa_sig_asn1_from_uecc( unsigned char *sig, size_t *sig_len,
668 size_t buf_len )
669{
670 int ret;
671 size_t len = 0;
672 const size_t rs_len = *sig_len / 2;
673 unsigned char *p = sig + buf_len;
674
675 MBEDTLS_ASN1_CHK_ADD( len, asn1_write_mpibuf( &p, sig + rs_len, rs_len ) );
676 MBEDTLS_ASN1_CHK_ADD( len, asn1_write_mpibuf( &p, sig, rs_len ) );
677
678 /* The ASN.1 length encoding is just a single Byte containing the length,
679 * as we assume that the total buffer length is smaller than 128 Bytes. */
680 *--p = len;
681 *--p = MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE;
682 len += 2;
683
684 memmove( sig, p, len );
685 *sig_len = len;
686
687 return( 0 );
688}
689
690static int uecc_eckey_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
691 const unsigned char *hash, size_t hash_len,
692 unsigned char *sig, size_t *sig_len,
693 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
694{
695 const mbedtls_uecc_keypair *keypair = (const mbedtls_uecc_keypair *) ctx;
696 const struct uECC_Curve_t * uecc_curve = uECC_secp256r1();
697 int ret;
698
699 /*
700 * RFC-4492 page 20:
701 *
702 * Ecdsa-Sig-Value ::= SEQUENCE {
703 * r INTEGER,
704 * s INTEGER
705 * }
706 *
707 * Size is at most
708 * 1 (tag) + 1 (len) + 1 (initial 0) + NUM_ECC_BYTES for each of r and s,
709 * twice that + 1 (tag) + 2 (len) for the sequence
710 *
711 * (The ASN.1 length encodings are all 1-Byte encodings because
712 * the total size is smaller than 128 Bytes).
713 */
714 #define MAX_SECP256R1_ECDSA_SIG_LEN ( 3 + 2 * ( 3 + NUM_ECC_BYTES ) )
715
716 ret = uECC_sign( keypair->private_key, hash, hash_len, sig, uecc_curve );
717 /* TinyCrypt uses 0 to signal errors. */
718 if( ret == 0 )
719 return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );
720
721 *sig_len = 2 * NUM_ECC_BYTES;
722
723 /* uECC owns its rng function pointer */
724 (void) f_rng;
725 (void) p_rng;
726 (void) md_alg;
727
728 return( pk_ecdsa_sig_asn1_from_uecc( sig, sig_len,
729 MAX_SECP256R1_ECDSA_SIG_LEN ) );
730
731 #undef MAX_SECP256R1_ECDSA_SIG_LEN
732}
733
734static void *uecc_eckey_alloc_wrap( void )
735{
736 return( mbedtls_calloc( 1, sizeof( mbedtls_uecc_keypair ) ) );
737}
738
739static void uecc_eckey_free_wrap( void *ctx )
740{
741 if( ctx == NULL )
742 return;
743
744 mbedtls_platform_zeroize( ctx, sizeof( mbedtls_uecc_keypair ) );
745 mbedtls_free( ctx );
746}
747
748const mbedtls_pk_info_t mbedtls_uecc_eckey_info =
749 MBEDTLS_PK_INFO( MBEDTLS_PK_INFO_ECKEY );
750#endif /* MBEDTLS_USE_TINYCRYPT */
751
Manuel Pégourié-Gonnard8cd28892019-09-19 10:45:14 +0200[diff] [blame]752/*
753 * Internal wrappers around ECDSA functions
754 */
Manuel Pégourié-Gonnard4ed179f2019-09-19 10:45:14 +0200[diff] [blame]755#if defined(MBEDTLS_ECDSA_C)
756static int ecdsa_can_do( mbedtls_pk_type_t type )
757{
758 return( type == MBEDTLS_PK_ECDSA );
759}
760
761static int ecdsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
762 const unsigned char *hash, size_t hash_len,
763 const unsigned char *sig, size_t sig_len )
764{
765 int ret;
766 ((void) md_alg);
767
768 ret = mbedtls_ecdsa_read_signature( (mbedtls_ecdsa_context *) ctx,
769 hash, hash_len, sig, sig_len );
770
771 if( ret == MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH )
772 return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );
773
774 return( ret );
775}
776
777static int ecdsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
778 const unsigned char *hash, size_t hash_len,
779 unsigned char *sig, size_t *sig_len,
780 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
781{
782 return( mbedtls_ecdsa_write_signature( (mbedtls_ecdsa_context *) ctx,
783 md_alg, hash, hash_len, sig, sig_len, f_rng, p_rng ) );
784}
785
786#if defined(MBEDTLS_ECP_RESTARTABLE)
787static int ecdsa_verify_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
788 const unsigned char *hash, size_t hash_len,
789 const unsigned char *sig, size_t sig_len,
790 void *rs_ctx )
791{
792 int ret;
793 ((void) md_alg);
794
795 ret = mbedtls_ecdsa_read_signature_restartable(
796 (mbedtls_ecdsa_context *) ctx,
797 hash, hash_len, sig, sig_len,
798 (mbedtls_ecdsa_restart_ctx *) rs_ctx );
799
800 if( ret == MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH )
801 return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );
802
803 return( ret );
804}
805
806static int ecdsa_sign_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
807 const unsigned char *hash, size_t hash_len,
808 unsigned char *sig, size_t *sig_len,
809 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
810 void *rs_ctx )
811{
812 return( mbedtls_ecdsa_write_signature_restartable(
813 (mbedtls_ecdsa_context *) ctx,
814 md_alg, hash, hash_len, sig, sig_len, f_rng, p_rng,
815 (mbedtls_ecdsa_restart_ctx *) rs_ctx ) );
816
817}
818#endif /* MBEDTLS_ECP_RESTARTABLE */
819
820static void *ecdsa_alloc_wrap( void )
821{
822 void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ecdsa_context ) );
823
824 if( ctx != NULL )
825 mbedtls_ecdsa_init( (mbedtls_ecdsa_context *) ctx );
826
827 return( ctx );
828}
829
830static void ecdsa_free_wrap( void *ctx )
831{
832 mbedtls_ecdsa_free( (mbedtls_ecdsa_context *) ctx );
833 mbedtls_free( ctx );
834}
835
836#if defined(MBEDTLS_ECP_RESTARTABLE)
837static void *ecdsa_rs_alloc( void )
838{
839 void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ecdsa_restart_ctx ) );
840
841 if( ctx != NULL )
842 mbedtls_ecdsa_restart_init( ctx );
843
844 return( ctx );
845}
846
847static void ecdsa_rs_free( void *ctx )
848{
849 mbedtls_ecdsa_restart_free( ctx );
850 mbedtls_free( ctx );
851}
852#endif /* MBEDTLS_ECP_RESTARTABLE */
853
854const mbedtls_pk_info_t mbedtls_ecdsa_info = {
855 MBEDTLS_PK_ECDSA,
856 "ECDSA",
857 eckey_get_bitlen, /* Compatible key structures */
858 ecdsa_can_do,
859 ecdsa_verify_wrap,
860 ecdsa_sign_wrap,
861#if defined(MBEDTLS_ECP_RESTARTABLE)
862 ecdsa_verify_rs_wrap,
863 ecdsa_sign_rs_wrap,
864#endif
865 NULL,
866 NULL,
867 eckey_check_pair, /* Compatible key structures */
868 ecdsa_alloc_wrap,
869 ecdsa_free_wrap,
870#if defined(MBEDTLS_ECP_RESTARTABLE)
871 ecdsa_rs_alloc,
872 ecdsa_rs_free,
873#endif
874 eckey_debug, /* Compatible key structures */
875};
876#endif /* MBEDTLS_ECDSA_C */
877
Manuel Pégourié-Gonnard4ed179f2019-09-19 10:45:14 +0200[diff] [blame]878/*
Manuel Pégourié-Gonnard8cd28892019-09-19 10:45:14 +0200[diff] [blame]879 * Internal wrappers for RSA-alt support
Manuel Pégourié-Gonnard4ed179f2019-09-19 10:45:14 +0200[diff] [blame]880 */
Manuel Pégourié-Gonnard8cd28892019-09-19 10:45:14 +0200[diff] [blame]881#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
Manuel Pégourié-Gonnard4ed179f2019-09-19 10:45:14 +0200[diff] [blame]882static int rsa_alt_can_do( mbedtls_pk_type_t type )
883{
884 return( type == MBEDTLS_PK_RSA );
885}
886
887static size_t rsa_alt_get_bitlen( const void *ctx )
888{
889 const mbedtls_rsa_alt_context *rsa_alt = (const mbedtls_rsa_alt_context *) ctx;
890
891 return( 8 * rsa_alt->key_len_func( rsa_alt->key ) );
892}
893
894static int rsa_alt_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
895 const unsigned char *hash, size_t hash_len,
896 unsigned char *sig, size_t *sig_len,
897 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
898{
899 mbedtls_rsa_alt_context *rsa_alt = (mbedtls_rsa_alt_context *) ctx;
900
901#if SIZE_MAX > UINT_MAX
902 if( UINT_MAX < hash_len )
903 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
904#endif /* SIZE_MAX > UINT_MAX */
905
906 *sig_len = rsa_alt->key_len_func( rsa_alt->key );
907
908 return( rsa_alt->sign_func( rsa_alt->key, f_rng, p_rng, MBEDTLS_RSA_PRIVATE,
909 md_alg, (unsigned int) hash_len, hash, sig ) );
910}
911
912static int rsa_alt_decrypt_wrap( void *ctx,
913 const unsigned char *input, size_t ilen,
914 unsigned char *output, size_t *olen, size_t osize,
915 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
916{
917 mbedtls_rsa_alt_context *rsa_alt = (mbedtls_rsa_alt_context *) ctx;
918
919 ((void) f_rng);
920 ((void) p_rng);
921
922 if( ilen != rsa_alt->key_len_func( rsa_alt->key ) )
923 return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
924
925 return( rsa_alt->decrypt_func( rsa_alt->key,
926 MBEDTLS_RSA_PRIVATE, olen, input, output, osize ) );
927}
928
929#if defined(MBEDTLS_RSA_C)
930static int rsa_alt_check_pair( const void *pub, const void *prv )
931{
932 unsigned char sig[MBEDTLS_MPI_MAX_SIZE];
933 unsigned char hash[32];
934 size_t sig_len = 0;
935 int ret;
936
937 if( rsa_alt_get_bitlen( prv ) != rsa_get_bitlen( pub ) )
938 return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
939
940 memset( hash, 0x2a, sizeof( hash ) );
941
942 if( ( ret = rsa_alt_sign_wrap( (void *) prv, MBEDTLS_MD_NONE,
943 hash, sizeof( hash ),
944 sig, &sig_len, NULL, NULL ) ) != 0 )
945 {
946 return( ret );
947 }
948
949 if( rsa_verify_wrap( (void *) pub, MBEDTLS_MD_NONE,
950 hash, sizeof( hash ), sig, sig_len ) != 0 )
951 {
952 return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
953 }
954
955 return( 0 );
956}
957#endif /* MBEDTLS_RSA_C */
958
959static void *rsa_alt_alloc_wrap( void )
960{
961 void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_rsa_alt_context ) );
962
963 if( ctx != NULL )
964 memset( ctx, 0, sizeof( mbedtls_rsa_alt_context ) );
965
966 return( ctx );
967}
968
969static void rsa_alt_free_wrap( void *ctx )
970{
971 mbedtls_platform_zeroize( ctx, sizeof( mbedtls_rsa_alt_context ) );
972 mbedtls_free( ctx );
973}
974
975const mbedtls_pk_info_t mbedtls_rsa_alt_info = {
976 MBEDTLS_PK_RSA_ALT,
977 "RSA-alt",
978 rsa_alt_get_bitlen,
979 rsa_alt_can_do,
980 NULL,
981 rsa_alt_sign_wrap,
982#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
983 NULL,
984 NULL,
985#endif
986 rsa_alt_decrypt_wrap,
987 NULL,
988#if defined(MBEDTLS_RSA_C)
989 rsa_alt_check_pair,
990#else
991 NULL,
992#endif
993 rsa_alt_alloc_wrap,
994 rsa_alt_free_wrap,
995#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
996 NULL,
997 NULL,
998#endif
999 NULL,
1000};
Manuel Pégourié-Gonnard4ed179f2019-09-19 10:45:14 +0200[diff] [blame]1001#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
1002
Manuel Pégourié-Gonnard12e0ed92013-07-04 13:31:32 +0200[diff] [blame]1003/*
Manuel Pégourié-Gonnard08620cb2019-09-19 10:45:14 +0200[diff] [blame^]1004 * Access to members of the pk_info structure. When a single PK type is
1005 * hardcoded, these should have zero runtime cost; otherwise, the usual
1006 * dynamic dispatch based on pk_info is used.
Manuel Pégourié-Gonnardc10f0922019-09-19 10:45:14 +0200[diff] [blame]1007 *
1008 * For function members, don't make a getter, but a function that directly
1009 * calls the method, so that we can entirely get rid of function pointers
1010 * when hardcoding a single PK - some compilers optimize better that way.
1011 *
1012 * Not implemented for members that are only present in builds with
1013 * MBEDTLS_ECP_RESTARTABLE for now, as the main target for hardcoded is builds
1014 * with MBEDTLS_USE_TINYCRYPT, which don't have MBEDTLS_ECP_RESTARTABLE.
1015 */
Manuel Pégourié-Gonnard08620cb2019-09-19 10:45:14 +0200[diff] [blame^]1016#if defined(MBEDTLS_PK_SINGLE_TYPE)
1017
1018MBEDTLS_ALWAYS_INLINE static inline mbedtls_pk_type_t pk_info_type(
1019 const mbedtls_pk_info_t *info )
1020{
1021 (void) info;
1022 return( MBEDTLS_PK_INFO_TYPE( MBEDTLS_PK_SINGLE_TYPE ) );
1023}
1024
1025MBEDTLS_ALWAYS_INLINE static inline const char * pk_info_name(
1026 const mbedtls_pk_info_t *info )
1027{
1028 (void) info;
1029 return( MBEDTLS_PK_INFO_NAME( MBEDTLS_PK_SINGLE_TYPE ) );
1030}
1031
1032MBEDTLS_ALWAYS_INLINE static inline size_t pk_info_get_bitlen(
1033 const mbedtls_pk_info_t *info, const void *ctx )
1034{
1035 (void) info;
1036 return( MBEDTLS_PK_INFO_GET_BITLEN( MBEDTLS_PK_SINGLE_TYPE )( ctx ) );
1037}
1038
1039MBEDTLS_ALWAYS_INLINE static inline int pk_info_can_do(
1040 const mbedtls_pk_info_t *info, mbedtls_pk_type_t type )
1041{
1042 (void) info;
1043 return( MBEDTLS_PK_INFO_CAN_DO( MBEDTLS_PK_SINGLE_TYPE )( type ) );
1044}
1045
1046MBEDTLS_ALWAYS_INLINE static inline int pk_info_verify_func(
1047 const mbedtls_pk_info_t *info, void *ctx, mbedtls_md_type_t md_alg,
1048 const unsigned char *hash, size_t hash_len,
1049 const unsigned char *sig, size_t sig_len )
1050{
1051 (void) info;
1052#if MBEDTLS_PK_INFO_VERIFY_OMIT( MBEDTLS_PK_SINGLE_TYPE )
1053 (void) ctx;
1054 (void) md_alg;
1055 (void) hash;
1056 (void) hash_len;
1057 (void) sig;
1058 (void) sig_len;
1059 return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
1060#else
1061 return( MBEDTLS_PK_INFO_VERIFY_FUNC( MBEDTLS_PK_SINGLE_TYPE )(
1062 ctx, md_alg, hash, hash_len, sig, sig_len ) );
1063#endif
1064}
1065
1066MBEDTLS_ALWAYS_INLINE static inline int pk_info_sign_func(
1067 const mbedtls_pk_info_t *info, void *ctx, mbedtls_md_type_t md_alg,
1068 const unsigned char *hash, size_t hash_len,
1069 unsigned char *sig, size_t *sig_len,
1070 int (*f_rng)(void *, unsigned char *, size_t),
1071 void *p_rng )
1072{
1073 (void) info;
1074#if MBEDTLS_PK_INFO_SIGN_OMIT( MBEDTLS_PK_SINGLE_TYPE )
1075 (void) ctx;
1076 (void) md_alg;
1077 (void) hash;
1078 (void) hash_len;
1079 (void) sig;
1080 (void) sig_len;
1081 (void) f_rng;
1082 (void) p_rng;
1083 return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
1084#else
1085 return( MBEDTLS_PK_INFO_SIGN_FUNC( MBEDTLS_PK_SINGLE_TYPE )(
1086 ctx, md_alg, hash, hash_len, sig, sig_len, f_rng, p_rng ) );
1087#endif
1088}
1089
1090MBEDTLS_ALWAYS_INLINE static inline int pk_info_decrypt_func(
1091 const mbedtls_pk_info_t *info, void *ctx,
1092 const unsigned char *input, size_t ilen,
1093 unsigned char *output, size_t *olen, size_t osize,
1094 int (*f_rng)(void *, unsigned char *, size_t),
1095 void *p_rng )
1096{
1097 (void) info;
1098#if MBEDTLS_PK_INFO_DECRYPT_OMIT( MBEDTLS_PK_SINGLE_TYPE )
1099 (void) ctx;
1100 (void) input;
1101 (void) ilen;
1102 (void) output;
1103 (void) olen;
1104 (void) osize;
1105 (void) f_rng;
1106 (void) p_rng;
1107 return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
1108#else
1109 return( MBEDTLS_PK_INFO_DECRYPT_FUNC( MBEDTLS_PK_SINGLE_TYPE )(
1110 ctx, input, ilen, output, olen, osize, f_rng, p_rng ) );
1111#endif
1112}
1113
1114MBEDTLS_ALWAYS_INLINE static inline int pk_info_encrypt_func(
1115 const mbedtls_pk_info_t *info, void *ctx,
1116 const unsigned char *input, size_t ilen,
1117 unsigned char *output, size_t *olen, size_t osize,
1118 int (*f_rng)(void *, unsigned char *, size_t),
1119 void *p_rng )
1120{
1121 (void) info;
1122#if MBEDTLS_PK_INFO_ENCRYPT_OMIT( MBEDTLS_PK_SINGLE_TYPE )
1123 (void) ctx;
1124 (void) input;
1125 (void) ilen;
1126 (void) output;
1127 (void) olen;
1128 (void) osize;
1129 (void) f_rng;
1130 (void) p_rng;
1131 return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
1132#else
1133 return( MBEDTLS_PK_INFO_ENCRYPT_FUNC( MBEDTLS_PK_SINGLE_TYPE )(
1134 ctx, input, ilen, output, olen, osize, f_rng, p_rng ) );
1135#endif
1136}
1137
1138MBEDTLS_ALWAYS_INLINE static inline int pk_info_check_pair_func(
1139 const mbedtls_pk_info_t *info, const void *pub, const void *prv )
1140{
1141 (void) info;
1142#if MBEDTLS_PK_INFO_CHECK_PAIR_OMIT( MBEDTLS_PK_SINGLE_TYPE )
1143 (void) pub;
1144 (void) prv;
1145 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
1146#else
1147 return( MBEDTLS_PK_INFO_CHECK_PAIR_FUNC( MBEDTLS_PK_SINGLE_TYPE )(
1148 pub, prv ) );
1149#endif
1150}
1151
1152MBEDTLS_ALWAYS_INLINE static inline void *pk_info_ctx_alloc_func(
1153 const mbedtls_pk_info_t *info )
1154{
1155 (void) info;
1156 return( MBEDTLS_PK_INFO_CTX_ALLOC_FUNC( MBEDTLS_PK_SINGLE_TYPE )( ) );
1157}
1158
1159MBEDTLS_ALWAYS_INLINE static inline void pk_info_ctx_free_func(
1160 const mbedtls_pk_info_t *info, void *ctx )
1161{
1162 (void) info;
1163 MBEDTLS_PK_INFO_CTX_FREE_FUNC( MBEDTLS_PK_SINGLE_TYPE )( ctx );
1164}
1165
1166MBEDTLS_ALWAYS_INLINE static inline int pk_info_debug_func(
1167 const mbedtls_pk_info_t *info,
1168 const void *ctx, mbedtls_pk_debug_item *items )
1169{
1170 (void) info;
1171#if MBEDTLS_PK_INFO_DEBUG_OMIT( MBEDTLS_PK_SINGLE_TYPE )
1172 (void) ctx;
1173 (void) items;
1174 return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
1175#else
1176 return( MBEDTLS_PK_INFO_DEBUG_FUNC( MBEDTLS_PK_SINGLE_TYPE )( ctx, items ) );
1177#endif
1178}
1179
1180#else /* MBEDTLS_PK_SINGLE_TYPE */
Manuel Pégourié-Gonnardc10f0922019-09-19 10:45:14 +0200[diff] [blame]1181
1182MBEDTLS_ALWAYS_INLINE static inline mbedtls_pk_type_t pk_info_type(
1183 const mbedtls_pk_info_t *info )
1184{
1185 return( info->type );
1186}
1187
1188MBEDTLS_ALWAYS_INLINE static inline const char * pk_info_name(
1189 const mbedtls_pk_info_t *info )
1190{
1191 return( info->name );
1192}
1193
1194MBEDTLS_ALWAYS_INLINE static inline size_t pk_info_get_bitlen(
1195 const mbedtls_pk_info_t *info, const void *ctx )
1196{
1197 return( info->get_bitlen( ctx ) );
1198}
1199
1200MBEDTLS_ALWAYS_INLINE static inline int pk_info_can_do(
1201 const mbedtls_pk_info_t *info, mbedtls_pk_type_t type )
1202{
1203 return( info->can_do( type ) );
1204}
1205
1206MBEDTLS_ALWAYS_INLINE static inline int pk_info_verify_func(
1207 const mbedtls_pk_info_t *info, void *ctx, mbedtls_md_type_t md_alg,
1208 const unsigned char *hash, size_t hash_len,
1209 const unsigned char *sig, size_t sig_len )
1210{
Manuel Pégourié-Gonnard57d96cd2019-09-19 10:45:14 +0200[diff] [blame]1211 if( info->verify_func == NULL )
1212 return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
1213
Manuel Pégourié-Gonnardc10f0922019-09-19 10:45:14 +0200[diff] [blame]1214 return( info->verify_func( ctx, md_alg, hash, hash_len, sig, sig_len ) );
1215}
1216
1217MBEDTLS_ALWAYS_INLINE static inline int pk_info_sign_func(
1218 const mbedtls_pk_info_t *info, void *ctx, mbedtls_md_type_t md_alg,
1219 const unsigned char *hash, size_t hash_len,
1220 unsigned char *sig, size_t *sig_len,
1221 int (*f_rng)(void *, unsigned char *, size_t),
1222 void *p_rng )
1223{
Manuel Pégourié-Gonnard57d96cd2019-09-19 10:45:14 +0200[diff] [blame]1224 if( info->sign_func == NULL )
1225 return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
1226
Manuel Pégourié-Gonnardc10f0922019-09-19 10:45:14 +0200[diff] [blame]1227 return( info->sign_func( ctx, md_alg, hash, hash_len, sig, sig_len,
1228 f_rng, p_rng ) );
1229}
1230
1231MBEDTLS_ALWAYS_INLINE static inline int pk_info_decrypt_func(
1232 const mbedtls_pk_info_t *info, void *ctx,
1233 const unsigned char *input, size_t ilen,
1234 unsigned char *output, size_t *olen, size_t osize,
1235 int (*f_rng)(void *, unsigned char *, size_t),
1236 void *p_rng )
1237{
Manuel Pégourié-Gonnard57d96cd2019-09-19 10:45:14 +0200[diff] [blame]1238 if( info->decrypt_func == NULL )
1239 return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
1240
Manuel Pégourié-Gonnardc10f0922019-09-19 10:45:14 +0200[diff] [blame]1241 return( info->decrypt_func( ctx, input, ilen, output, olen, osize,
1242 f_rng, p_rng ) );
1243}
1244
1245MBEDTLS_ALWAYS_INLINE static inline int pk_info_encrypt_func(
1246 const mbedtls_pk_info_t *info, void *ctx,
1247 const unsigned char *input, size_t ilen,
1248 unsigned char *output, size_t *olen, size_t osize,
1249 int (*f_rng)(void *, unsigned char *, size_t),
1250 void *p_rng )
1251{
Manuel Pégourié-Gonnard57d96cd2019-09-19 10:45:14 +0200[diff] [blame]1252 if( info->encrypt_func == NULL )
1253 return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
1254
Manuel Pégourié-Gonnardc10f0922019-09-19 10:45:14 +0200[diff] [blame]1255 return( info->encrypt_func( ctx, input, ilen, output, olen, osize,
1256 f_rng, p_rng ) );
1257}
1258
1259MBEDTLS_ALWAYS_INLINE static inline int pk_info_check_pair_func(
1260 const mbedtls_pk_info_t *info, const void *pub, const void *prv )
1261{
Manuel Pégourié-Gonnard57d96cd2019-09-19 10:45:14 +0200[diff] [blame]1262 if( info->check_pair_func == NULL )
1263 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
1264
Manuel Pégourié-Gonnardc10f0922019-09-19 10:45:14 +0200[diff] [blame]1265 return( info->check_pair_func( pub, prv ) );
1266}
1267
1268MBEDTLS_ALWAYS_INLINE static inline void *pk_info_ctx_alloc_func(
1269 const mbedtls_pk_info_t *info )
1270{
1271 return( info->ctx_alloc_func( ) );
1272}
1273
1274MBEDTLS_ALWAYS_INLINE static inline void pk_info_ctx_free_func(
1275 const mbedtls_pk_info_t *info, void *ctx )
1276{
1277 info->ctx_free_func( ctx );
1278}
1279
Manuel Pégourié-Gonnard57d96cd2019-09-19 10:45:14 +0200[diff] [blame]1280MBEDTLS_ALWAYS_INLINE static inline int pk_info_debug_func(
Manuel Pégourié-Gonnardc10f0922019-09-19 10:45:14 +0200[diff] [blame]1281 const mbedtls_pk_info_t *info,
1282 const void *ctx, mbedtls_pk_debug_item *items )
1283{
Manuel Pégourié-Gonnard57d96cd2019-09-19 10:45:14 +0200[diff] [blame]1284 if( info->debug_func == NULL )
1285 return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
1286
Manuel Pégourié-Gonnardc10f0922019-09-19 10:45:14 +0200[diff] [blame]1287 info->debug_func( ctx, items );
Manuel Pégourié-Gonnard57d96cd2019-09-19 10:45:14 +0200[diff] [blame]1288 return( 0 );
Manuel Pégourié-Gonnardc10f0922019-09-19 10:45:14 +0200[diff] [blame]1289}
1290
Manuel Pégourié-Gonnard08620cb2019-09-19 10:45:14 +0200[diff] [blame^]1291#endif /* MBEDTLS_PK_SINGLE_TYPE */
1292
Manuel Pégourié-Gonnardc10f0922019-09-19 10:45:14 +0200[diff] [blame]1293/*
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1294 * Initialise a mbedtls_pk_context
Manuel Pégourié-Gonnard12e0ed92013-07-04 13:31:32 +0200[diff] [blame]1295 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1296void mbedtls_pk_init( mbedtls_pk_context *ctx )
Manuel Pégourié-Gonnard12e0ed92013-07-04 13:31:32 +0200[diff] [blame]1297{
Gilles Peskinee97dc602018-12-19 00:51:38 +0100[diff] [blame]1298 PK_VALIDATE( ctx != NULL );
Manuel Pégourié-Gonnard12e0ed92013-07-04 13:31:32 +0200[diff] [blame]1299
Manuel Pégourié-Gonnard3fb5c5e2013-08-14 18:26:41 +0200[diff] [blame]1300 ctx->pk_info = NULL;
1301 ctx->pk_ctx = NULL;
Manuel Pégourié-Gonnard12e0ed92013-07-04 13:31:32 +0200[diff] [blame]1302}
1303
1304/*
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1305 * Free (the components of) a mbedtls_pk_context
Manuel Pégourié-Gonnard12e0ed92013-07-04 13:31:32 +0200[diff] [blame]1306 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1307void mbedtls_pk_free( mbedtls_pk_context *ctx )
Manuel Pégourié-Gonnard12e0ed92013-07-04 13:31:32 +0200[diff] [blame]1308{
irwir2239a862018-06-12 18:25:09 +0300[diff] [blame]1309 if( ctx == NULL )
Manuel Pégourié-Gonnard12e0ed92013-07-04 13:31:32 +0200[diff] [blame]1310 return;
1311
irwir2239a862018-06-12 18:25:09 +0300[diff] [blame]1312 if ( ctx->pk_info != NULL )
Manuel Pégourié-Gonnardc10f0922019-09-19 10:45:14 +0200[diff] [blame]1313 pk_info_ctx_free_func( ctx->pk_info, ctx->pk_ctx );
Manuel Pégourié-Gonnard1f73a652013-07-09 10:26:41 +0200[diff] [blame]1314
Andres Amaya Garcia1f6301b2018-04-17 09:51:09 -0500[diff] [blame]1315 mbedtls_platform_zeroize( ctx, sizeof( mbedtls_pk_context ) );
Manuel Pégourié-Gonnard765db072013-08-14 15:00:27 +0200[diff] [blame]1316}
1317
Manuel Pégourié-Gonnardaaa98142017-08-18 17:30:37 +0200[diff] [blame]1318#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
Manuel Pégourié-Gonnard15d7df22017-08-17 14:33:31 +0200[diff] [blame]1319/*
1320 * Initialize a restart context
1321 */
1322void mbedtls_pk_restart_init( mbedtls_pk_restart_ctx *ctx )
1323{
Gilles Peskinee97dc602018-12-19 00:51:38 +0100[diff] [blame]1324 PK_VALIDATE( ctx != NULL );
Manuel Pégourié-Gonnard0bbc66c2017-08-18 16:22:06 +0200[diff] [blame]1325 ctx->pk_info = NULL;
1326 ctx->rs_ctx = NULL;
Manuel Pégourié-Gonnard15d7df22017-08-17 14:33:31 +0200[diff] [blame]1327}
1328
1329/*
1330 * Free the components of a restart context
1331 */
1332void mbedtls_pk_restart_free( mbedtls_pk_restart_ctx *ctx )
1333{
Gilles Peskine1f19fa62018-12-19 14:18:39 +0100[diff] [blame]1334 if( ctx == NULL || ctx->pk_info == NULL ||
Manuel Pégourié-Gonnard0bbc66c2017-08-18 16:22:06 +0200[diff] [blame]1335 ctx->pk_info->rs_free_func == NULL )
1336 {
Manuel Pégourié-Gonnard15d7df22017-08-17 14:33:31 +0200[diff] [blame]1337 return;
Manuel Pégourié-Gonnard0bbc66c2017-08-18 16:22:06 +0200[diff] [blame]1338 }
Manuel Pégourié-Gonnard15d7df22017-08-17 14:33:31 +0200[diff] [blame]1339
Manuel Pégourié-Gonnard0bbc66c2017-08-18 16:22:06 +0200[diff] [blame]1340 ctx->pk_info->rs_free_func( ctx->rs_ctx );
1341
1342 ctx->pk_info = NULL;
1343 ctx->rs_ctx = NULL;
Manuel Pégourié-Gonnard15d7df22017-08-17 14:33:31 +0200[diff] [blame]1344}
Manuel Pégourié-Gonnardaaa98142017-08-18 17:30:37 +0200[diff] [blame]1345#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
Manuel Pégourié-Gonnard15d7df22017-08-17 14:33:31 +0200[diff] [blame]1346
Manuel Pégourié-Gonnard765db072013-08-14 15:00:27 +0200[diff] [blame]1347/*
1348 * Get pk_info structure from type
1349 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1350const mbedtls_pk_info_t * mbedtls_pk_info_from_type( mbedtls_pk_type_t pk_type )
Manuel Pégourié-Gonnard765db072013-08-14 15:00:27 +0200[diff] [blame]1351{
1352 switch( pk_type ) {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1353#if defined(MBEDTLS_RSA_C)
1354 case MBEDTLS_PK_RSA:
1355 return( &mbedtls_rsa_info );
Manuel Pégourié-Gonnard765db072013-08-14 15:00:27 +0200[diff] [blame]1356#endif
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1357#if defined(MBEDTLS_ECP_C)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1358 case MBEDTLS_PK_ECKEY_DH:
1359 return( &mbedtls_eckeydh_info );
Manuel Pégourié-Gonnard765db072013-08-14 15:00:27 +0200[diff] [blame]1360#endif
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1361#if defined(MBEDTLS_ECDSA_C)
1362 case MBEDTLS_PK_ECDSA:
1363 return( &mbedtls_ecdsa_info );
Manuel Pégourié-Gonnard765db072013-08-14 15:00:27 +0200[diff] [blame]1364#endif
Hanno Beckeradf11e12019-08-21 13:03:44 +0100[diff] [blame]1365#if defined(MBEDTLS_USE_TINYCRYPT)
1366 case MBEDTLS_PK_ECKEY:
1367 return( &mbedtls_uecc_eckey_info );
1368#else /* MBEDTLS_USE_TINYCRYPT */
1369#if defined(MBEDTLS_ECP_C)
1370 case MBEDTLS_PK_ECKEY:
1371 return( &mbedtls_eckey_info );
1372#endif
Jarno Lamsa42b83db2019-04-16 16:48:22 +0300[diff] [blame]1373#endif /* MBEDTLS_USE_TINYCRYPT */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1374 /* MBEDTLS_PK_RSA_ALT omitted on purpose */
Manuel Pégourié-Gonnard765db072013-08-14 15:00:27 +0200[diff] [blame]1375 default:
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]1376 return( NULL );
Manuel Pégourié-Gonnard765db072013-08-14 15:00:27 +0200[diff] [blame]1377 }
Manuel Pégourié-Gonnard12e0ed92013-07-04 13:31:32 +0200[diff] [blame]1378}
1379
1380/*
Manuel Pégourié-Gonnardab466942013-08-15 11:30:27 +0200[diff] [blame]1381 * Initialise context
Manuel Pégourié-Gonnard12e0ed92013-07-04 13:31:32 +0200[diff] [blame]1382 */
Manuel Pégourié-Gonnardd9e6a3a2015-05-14 19:41:36 +0200[diff] [blame]1383int mbedtls_pk_setup( mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info )
Manuel Pégourié-Gonnard12e0ed92013-07-04 13:31:32 +0200[diff] [blame]1384{
Gilles Peskinee97dc602018-12-19 00:51:38 +0100[diff] [blame]1385 PK_VALIDATE_RET( ctx != NULL );
1386 if( info == NULL || ctx->pk_info != NULL )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1387 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
Manuel Pégourié-Gonnard12e0ed92013-07-04 13:31:32 +0200[diff] [blame]1388
Manuel Pégourié-Gonnardc10f0922019-09-19 10:45:14 +0200[diff] [blame]1389 if( ( ctx->pk_ctx = pk_info_ctx_alloc_func( info ) ) == NULL )
Manuel Pégourié-Gonnard6a8ca332015-05-28 09:33:39 +0200[diff] [blame]1390 return( MBEDTLS_ERR_PK_ALLOC_FAILED );
Manuel Pégourié-Gonnard12e0ed92013-07-04 13:31:32 +0200[diff] [blame]1391
Manuel Pégourié-Gonnard3fb5c5e2013-08-14 18:26:41 +0200[diff] [blame]1392 ctx->pk_info = info;
Manuel Pégourié-Gonnard12e0ed92013-07-04 13:31:32 +0200[diff] [blame]1393
1394 return( 0 );
1395}
Manuel Pégourié-Gonnardb3d91872013-08-14 15:56:19 +0200[diff] [blame]1396
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1397#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
Manuel Pégourié-Gonnardb4fae572014-01-20 11:22:25 +0100[diff] [blame]1398/*
Manuel Pégourié-Gonnard12c1ff02013-08-21 12:28:31 +0200[diff] [blame]1399 * Initialize an RSA-alt context
1400 */
Manuel Pégourié-Gonnardd9e6a3a2015-05-14 19:41:36 +0200[diff] [blame]1401int mbedtls_pk_setup_rsa_alt( mbedtls_pk_context *ctx, void * key,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1402 mbedtls_pk_rsa_alt_decrypt_func decrypt_func,
1403 mbedtls_pk_rsa_alt_sign_func sign_func,
1404 mbedtls_pk_rsa_alt_key_len_func key_len_func )
Manuel Pégourié-Gonnard12c1ff02013-08-21 12:28:31 +0200[diff] [blame]1405{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1406 mbedtls_rsa_alt_context *rsa_alt;
1407 const mbedtls_pk_info_t *info = &mbedtls_rsa_alt_info;
Manuel Pégourié-Gonnard12c1ff02013-08-21 12:28:31 +0200[diff] [blame]1408
Gilles Peskinee97dc602018-12-19 00:51:38 +0100[diff] [blame]1409 PK_VALIDATE_RET( ctx != NULL );
1410 if( ctx->pk_info != NULL )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1411 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
Manuel Pégourié-Gonnard12c1ff02013-08-21 12:28:31 +0200[diff] [blame]1412
1413 if( ( ctx->pk_ctx = info->ctx_alloc_func() ) == NULL )
Manuel Pégourié-Gonnard6a8ca332015-05-28 09:33:39 +0200[diff] [blame]1414 return( MBEDTLS_ERR_PK_ALLOC_FAILED );
Manuel Pégourié-Gonnard12c1ff02013-08-21 12:28:31 +0200[diff] [blame]1415
1416 ctx->pk_info = info;
1417
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1418 rsa_alt = (mbedtls_rsa_alt_context *) ctx->pk_ctx;
Manuel Pégourié-Gonnard12c1ff02013-08-21 12:28:31 +0200[diff] [blame]1419
1420 rsa_alt->key = key;
1421 rsa_alt->decrypt_func = decrypt_func;
1422 rsa_alt->sign_func = sign_func;
1423 rsa_alt->key_len_func = key_len_func;
1424
1425 return( 0 );
1426}
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1427#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
Manuel Pégourié-Gonnard12c1ff02013-08-21 12:28:31 +0200[diff] [blame]1428
1429/*
Manuel Pégourié-Gonnardb3d91872013-08-14 15:56:19 +0200[diff] [blame]1430 * Tell if a PK can do the operations of the given type
1431 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1432int mbedtls_pk_can_do( const mbedtls_pk_context *ctx, mbedtls_pk_type_t type )
Manuel Pégourié-Gonnardb3d91872013-08-14 15:56:19 +0200[diff] [blame]1433{
Gilles Peskine6af45ec2018-12-19 17:52:05 +0100[diff] [blame]1434 /* A context with null pk_info is not set up yet and can't do anything.
1435 * For backward compatibility, also accept NULL instead of a context
1436 * pointer. */
Manuel Pégourié-Gonnard3fb5c5e2013-08-14 18:26:41 +0200[diff] [blame]1437 if( ctx == NULL || ctx->pk_info == NULL )
Manuel Pégourié-Gonnardb3d91872013-08-14 15:56:19 +0200[diff] [blame]1438 return( 0 );
1439
Manuel Pégourié-Gonnardc10f0922019-09-19 10:45:14 +0200[diff] [blame]1440 return( pk_info_can_do( ctx->pk_info, type ) );
Manuel Pégourié-Gonnardb3d91872013-08-14 15:56:19 +0200[diff] [blame]1441}
1442
1443/*
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1444 * Helper for mbedtls_pk_sign and mbedtls_pk_verify
Manuel Pégourié-Gonnardbfe32ef2013-08-22 14:55:30 +0200[diff] [blame]1445 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1446static inline int pk_hashlen_helper( mbedtls_md_type_t md_alg, size_t *hash_len )
Manuel Pégourié-Gonnardbfe32ef2013-08-22 14:55:30 +0200[diff] [blame]1447{
Hanno Beckera5cedbc2019-07-17 11:21:02 +0100[diff] [blame]1448 mbedtls_md_handle_t md_info;
Manuel Pégourié-Gonnardbfe32ef2013-08-22 14:55:30 +0200[diff] [blame]1449
1450 if( *hash_len != 0 )
1451 return( 0 );
1452
Hanno Beckera5cedbc2019-07-17 11:21:02 +0100[diff] [blame]1453 if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) ==
1454 MBEDTLS_MD_INVALID_HANDLE )
1455 {
Manuel Pégourié-Gonnardbfe32ef2013-08-22 14:55:30 +0200[diff] [blame]1456 return( -1 );
Hanno Beckera5cedbc2019-07-17 11:21:02 +0100[diff] [blame]1457 }
Manuel Pégourié-Gonnardbfe32ef2013-08-22 14:55:30 +0200[diff] [blame]1458
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1459 *hash_len = mbedtls_md_get_size( md_info );
Manuel Pégourié-Gonnardbfe32ef2013-08-22 14:55:30 +0200[diff] [blame]1460 return( 0 );
1461}
1462
Manuel Pégourié-Gonnardaaa98142017-08-18 17:30:37 +0200[diff] [blame]1463#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
Manuel Pégourié-Gonnard0bbc66c2017-08-18 16:22:06 +0200[diff] [blame]1464/*
1465 * Helper to set up a restart context if needed
1466 */
1467static int pk_restart_setup( mbedtls_pk_restart_ctx *ctx,
Manuel Pégourié-Gonnardee68cff2018-10-15 15:27:49 +0200[diff] [blame]1468 const mbedtls_pk_info_t *info )
Manuel Pégourié-Gonnard0bbc66c2017-08-18 16:22:06 +0200[diff] [blame]1469{
Manuel Pégourié-Gonnardc8c12b62018-07-02 13:09:39 +0200[diff] [blame]1470 /* Don't do anything if already set up or invalid */
1471 if( ctx == NULL || ctx->pk_info != NULL )
Manuel Pégourié-Gonnard0bbc66c2017-08-18 16:22:06 +0200[diff] [blame]1472 return( 0 );
1473
1474 /* Should never happen when we're called */
1475 if( info->rs_alloc_func == NULL || info->rs_free_func == NULL )
1476 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
1477
1478 if( ( ctx->rs_ctx = info->rs_alloc_func() ) == NULL )
1479 return( MBEDTLS_ERR_PK_ALLOC_FAILED );
1480
1481 ctx->pk_info = info;
1482
1483 return( 0 );
1484}
Manuel Pégourié-Gonnardaaa98142017-08-18 17:30:37 +0200[diff] [blame]1485#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
Manuel Pégourié-Gonnard0bbc66c2017-08-18 16:22:06 +0200[diff] [blame]1486
Manuel Pégourié-Gonnardbfe32ef2013-08-22 14:55:30 +0200[diff] [blame]1487/*
Manuel Pégourié-Gonnard82cb27b2017-05-03 10:59:45 +0200[diff] [blame]1488 * Verify a signature (restartable)
Manuel Pégourié-Gonnardb3d91872013-08-14 15:56:19 +0200[diff] [blame]1489 */
Manuel Pégourié-Gonnard82cb27b2017-05-03 10:59:45 +0200[diff] [blame]1490int mbedtls_pk_verify_restartable( mbedtls_pk_context *ctx,
1491 mbedtls_md_type_t md_alg,
Manuel Pégourié-Gonnardf73da022013-08-17 14:36:32 +0200[diff] [blame]1492 const unsigned char *hash, size_t hash_len,
Manuel Pégourié-Gonnard82cb27b2017-05-03 10:59:45 +0200[diff] [blame]1493 const unsigned char *sig, size_t sig_len,
Manuel Pégourié-Gonnard15d7df22017-08-17 14:33:31 +0200[diff] [blame]1494 mbedtls_pk_restart_ctx *rs_ctx )
Manuel Pégourié-Gonnardb3d91872013-08-14 15:56:19 +0200[diff] [blame]1495{
Gilles Peskinee97dc602018-12-19 00:51:38 +0100[diff] [blame]1496 PK_VALIDATE_RET( ctx != NULL );
Gilles Peskineee3cfec2018-12-19 17:10:02 +0100[diff] [blame]1497 PK_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hash_len == 0 ) ||
1498 hash != NULL );
Gilles Peskinee97dc602018-12-19 00:51:38 +0100[diff] [blame]1499 PK_VALIDATE_RET( sig != NULL );
1500
1501 if( ctx->pk_info == NULL ||
Manuel Pégourié-Gonnardbfe32ef2013-08-22 14:55:30 +0200[diff] [blame]1502 pk_hashlen_helper( md_alg, &hash_len ) != 0 )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1503 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
Manuel Pégourié-Gonnardb3d91872013-08-14 15:56:19 +0200[diff] [blame]1504
Manuel Pégourié-Gonnardaaa98142017-08-18 17:30:37 +0200[diff] [blame]1505#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
Manuel Pégourié-Gonnardd55f7762017-08-18 17:40:15 +0200[diff] [blame]1506 /* optimization: use non-restartable version if restart disabled */
1507 if( rs_ctx != NULL &&
Manuel Pégourié-Gonnardb843b152018-10-16 10:41:31 +0200[diff] [blame]1508 mbedtls_ecp_restart_is_enabled() &&
Manuel Pégourié-Gonnardd55f7762017-08-18 17:40:15 +0200[diff] [blame]1509 ctx->pk_info->verify_rs_func != NULL )
Manuel Pégourié-Gonnard1f596062017-05-09 10:42:40 +0200[diff] [blame]1510 {
Manuel Pégourié-Gonnard0bbc66c2017-08-18 16:22:06 +0200[diff] [blame]1511 int ret;
1512
1513 if( ( ret = pk_restart_setup( rs_ctx, ctx->pk_info ) ) != 0 )
1514 return( ret );
1515
1516 ret = ctx->pk_info->verify_rs_func( ctx->pk_ctx,
1517 md_alg, hash, hash_len, sig, sig_len, rs_ctx->rs_ctx );
1518
1519 if( ret != MBEDTLS_ERR_ECP_IN_PROGRESS )
1520 mbedtls_pk_restart_free( rs_ctx );
1521
1522 return( ret );
Manuel Pégourié-Gonnard1f596062017-05-09 10:42:40 +0200[diff] [blame]1523 }
Manuel Pégourié-Gonnardaaa98142017-08-18 17:30:37 +0200[diff] [blame]1524#else /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
Manuel Pégourié-Gonnard1f596062017-05-09 10:42:40 +0200[diff] [blame]1525 (void) rs_ctx;
Manuel Pégourié-Gonnardaaa98142017-08-18 17:30:37 +0200[diff] [blame]1526#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
Manuel Pégourié-Gonnard1f596062017-05-09 10:42:40 +0200[diff] [blame]1527
Manuel Pégourié-Gonnardc10f0922019-09-19 10:45:14 +0200[diff] [blame]1528 return( pk_info_verify_func( ctx->pk_info, ctx->pk_ctx, md_alg, hash, hash_len,
Manuel Pégourié-Gonnardf73da022013-08-17 14:36:32 +0200[diff] [blame]1529 sig, sig_len ) );
Manuel Pégourié-Gonnardb3d91872013-08-14 15:56:19 +0200[diff] [blame]1530}
1531
1532/*
Manuel Pégourié-Gonnard82cb27b2017-05-03 10:59:45 +0200[diff] [blame]1533 * Verify a signature
1534 */
1535int mbedtls_pk_verify( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
1536 const unsigned char *hash, size_t hash_len,
1537 const unsigned char *sig, size_t sig_len )
1538{
1539 return( mbedtls_pk_verify_restartable( ctx, md_alg, hash, hash_len,
1540 sig, sig_len, NULL ) );
1541}
1542
1543/*
Manuel Pégourié-Gonnard20422e92014-06-05 13:41:44 +0200[diff] [blame]1544 * Verify a signature with options
1545 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1546int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options,
1547 mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
Manuel Pégourié-Gonnard20422e92014-06-05 13:41:44 +0200[diff] [blame]1548 const unsigned char *hash, size_t hash_len,
1549 const unsigned char *sig, size_t sig_len )
1550{
Gilles Peskinee97dc602018-12-19 00:51:38 +0100[diff] [blame]1551 PK_VALIDATE_RET( ctx != NULL );
Gilles Peskineee3cfec2018-12-19 17:10:02 +0100[diff] [blame]1552 PK_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hash_len == 0 ) ||
1553 hash != NULL );
Gilles Peskinee97dc602018-12-19 00:51:38 +0100[diff] [blame]1554 PK_VALIDATE_RET( sig != NULL );
1555
1556 if( ctx->pk_info == NULL )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1557 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
Manuel Pégourié-Gonnard20422e92014-06-05 13:41:44 +0200[diff] [blame]1558
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1559 if( ! mbedtls_pk_can_do( ctx, type ) )
1560 return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
Manuel Pégourié-Gonnard20422e92014-06-05 13:41:44 +0200[diff] [blame]1561
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1562 if( type == MBEDTLS_PK_RSASSA_PSS )
Manuel Pégourié-Gonnard20422e92014-06-05 13:41:44 +0200[diff] [blame]1563 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1564#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PKCS1_V21)
Manuel Pégourié-Gonnard20422e92014-06-05 13:41:44 +0200[diff] [blame]1565 int ret;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1566 const mbedtls_pk_rsassa_pss_options *pss_opts;
Manuel Pégourié-Gonnard20422e92014-06-05 13:41:44 +0200[diff] [blame]1567
Andres Amaya Garcia7c02c502017-08-04 13:32:15 +0100[diff] [blame]1568#if SIZE_MAX > UINT_MAX
Andres AG72849872017-01-19 11:24:33 +0000[diff] [blame]1569 if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len )
1570 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
Andres Amaya Garcia7c02c502017-08-04 13:32:15 +0100[diff] [blame]1571#endif /* SIZE_MAX > UINT_MAX */
Andres AG72849872017-01-19 11:24:33 +0000[diff] [blame]1572
Manuel Pégourié-Gonnard20422e92014-06-05 13:41:44 +0200[diff] [blame]1573 if( options == NULL )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1574 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
Manuel Pégourié-Gonnard20422e92014-06-05 13:41:44 +0200[diff] [blame]1575
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1576 pss_opts = (const mbedtls_pk_rsassa_pss_options *) options;
Manuel Pégourié-Gonnard20422e92014-06-05 13:41:44 +0200[diff] [blame]1577
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1578 if( sig_len < mbedtls_pk_get_len( ctx ) )
1579 return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
Manuel Pégourié-Gonnard20422e92014-06-05 13:41:44 +0200[diff] [blame]1580
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1581 ret = mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_pk_rsa( *ctx ),
1582 NULL, NULL, MBEDTLS_RSA_PUBLIC,
Sander Niemeijeref5087d2014-08-16 12:45:52 +0200[diff] [blame]1583 md_alg, (unsigned int) hash_len, hash,
Manuel Pégourié-Gonnard20422e92014-06-05 13:41:44 +0200[diff] [blame]1584 pss_opts->mgf1_hash_id,
1585 pss_opts->expected_salt_len,
1586 sig );
1587 if( ret != 0 )
1588 return( ret );
1589
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1590 if( sig_len > mbedtls_pk_get_len( ctx ) )
1591 return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );
Manuel Pégourié-Gonnard20422e92014-06-05 13:41:44 +0200[diff] [blame]1592
1593 return( 0 );
1594#else
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1595 return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
Andres AG72849872017-01-19 11:24:33 +0000[diff] [blame]1596#endif /* MBEDTLS_RSA_C && MBEDTLS_PKCS1_V21 */
Manuel Pégourié-Gonnard20422e92014-06-05 13:41:44 +0200[diff] [blame]1597 }
1598
1599 /* General case: no options */
1600 if( options != NULL )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1601 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
Manuel Pégourié-Gonnard20422e92014-06-05 13:41:44 +0200[diff] [blame]1602
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1603 return( mbedtls_pk_verify( ctx, md_alg, hash, hash_len, sig, sig_len ) );
Manuel Pégourié-Gonnard20422e92014-06-05 13:41:44 +0200[diff] [blame]1604}
1605
1606/*
Manuel Pégourié-Gonnard82cb27b2017-05-03 10:59:45 +0200[diff] [blame]1607 * Make a signature (restartable)
Manuel Pégourié-Gonnard8df27692013-08-21 10:34:38 +0200[diff] [blame]1608 */
Manuel Pégourié-Gonnard82cb27b2017-05-03 10:59:45 +0200[diff] [blame]1609int mbedtls_pk_sign_restartable( mbedtls_pk_context *ctx,
1610 mbedtls_md_type_t md_alg,
Manuel Pégourié-Gonnard8df27692013-08-21 10:34:38 +0200[diff] [blame]1611 const unsigned char *hash, size_t hash_len,
1612 unsigned char *sig, size_t *sig_len,
Manuel Pégourié-Gonnard82cb27b2017-05-03 10:59:45 +0200[diff] [blame]1613 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
Manuel Pégourié-Gonnard15d7df22017-08-17 14:33:31 +0200[diff] [blame]1614 mbedtls_pk_restart_ctx *rs_ctx )
Manuel Pégourié-Gonnard8df27692013-08-21 10:34:38 +0200[diff] [blame]1615{
Gilles Peskinee97dc602018-12-19 00:51:38 +0100[diff] [blame]1616 PK_VALIDATE_RET( ctx != NULL );
Gilles Peskineee3cfec2018-12-19 17:10:02 +0100[diff] [blame]1617 PK_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hash_len == 0 ) ||
1618 hash != NULL );
Gilles Peskinee97dc602018-12-19 00:51:38 +0100[diff] [blame]1619 PK_VALIDATE_RET( sig != NULL );
1620
1621 if( ctx->pk_info == NULL ||
Manuel Pégourié-Gonnardbfe32ef2013-08-22 14:55:30 +0200[diff] [blame]1622 pk_hashlen_helper( md_alg, &hash_len ) != 0 )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1623 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
Manuel Pégourié-Gonnard8df27692013-08-21 10:34:38 +0200[diff] [blame]1624
Manuel Pégourié-Gonnardaaa98142017-08-18 17:30:37 +0200[diff] [blame]1625#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
Manuel Pégourié-Gonnardd55f7762017-08-18 17:40:15 +0200[diff] [blame]1626 /* optimization: use non-restartable version if restart disabled */
1627 if( rs_ctx != NULL &&
Manuel Pégourié-Gonnardb843b152018-10-16 10:41:31 +0200[diff] [blame]1628 mbedtls_ecp_restart_is_enabled() &&
Manuel Pégourié-Gonnardd55f7762017-08-18 17:40:15 +0200[diff] [blame]1629 ctx->pk_info->sign_rs_func != NULL )
Manuel Pégourié-Gonnard1f596062017-05-09 10:42:40 +0200[diff] [blame]1630 {
Manuel Pégourié-Gonnard0bbc66c2017-08-18 16:22:06 +0200[diff] [blame]1631 int ret;
1632
1633 if( ( ret = pk_restart_setup( rs_ctx, ctx->pk_info ) ) != 0 )
1634 return( ret );
1635
1636 ret = ctx->pk_info->sign_rs_func( ctx->pk_ctx, md_alg,
1637 hash, hash_len, sig, sig_len, f_rng, p_rng, rs_ctx->rs_ctx );
1638
1639 if( ret != MBEDTLS_ERR_ECP_IN_PROGRESS )
1640 mbedtls_pk_restart_free( rs_ctx );
1641
1642 return( ret );
Manuel Pégourié-Gonnard1f596062017-05-09 10:42:40 +0200[diff] [blame]1643 }
Manuel Pégourié-Gonnardaaa98142017-08-18 17:30:37 +0200[diff] [blame]1644#else /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
Manuel Pégourié-Gonnard1f596062017-05-09 10:42:40 +0200[diff] [blame]1645 (void) rs_ctx;
Manuel Pégourié-Gonnardaaa98142017-08-18 17:30:37 +0200[diff] [blame]1646#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
Manuel Pégourié-Gonnard1f596062017-05-09 10:42:40 +0200[diff] [blame]1647
Manuel Pégourié-Gonnardc10f0922019-09-19 10:45:14 +0200[diff] [blame]1648 return( pk_info_sign_func( ctx->pk_info, ctx->pk_ctx, md_alg, hash, hash_len,
Manuel Pégourié-Gonnard8df27692013-08-21 10:34:38 +0200[diff] [blame]1649 sig, sig_len, f_rng, p_rng ) );
1650}
1651
1652/*
Manuel Pégourié-Gonnard82cb27b2017-05-03 10:59:45 +0200[diff] [blame]1653 * Make a signature
1654 */
1655int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
1656 const unsigned char *hash, size_t hash_len,
1657 unsigned char *sig, size_t *sig_len,
1658 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
1659{
1660 return( mbedtls_pk_sign_restartable( ctx, md_alg, hash, hash_len,
1661 sig, sig_len, f_rng, p_rng, NULL ) );
1662}
1663
1664/*
Manuel Pégourié-Gonnarda2d3f222013-08-21 11:51:08 +0200[diff] [blame]1665 * Decrypt message
1666 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1667int mbedtls_pk_decrypt( mbedtls_pk_context *ctx,
Manuel Pégourié-Gonnarda2d3f222013-08-21 11:51:08 +0200[diff] [blame]1668 const unsigned char *input, size_t ilen,
1669 unsigned char *output, size_t *olen, size_t osize,
1670 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
1671{
Gilles Peskinee97dc602018-12-19 00:51:38 +0100[diff] [blame]1672 PK_VALIDATE_RET( ctx != NULL );
1673 PK_VALIDATE_RET( input != NULL || ilen == 0 );
1674 PK_VALIDATE_RET( output != NULL || osize == 0 );
1675 PK_VALIDATE_RET( olen != NULL );
1676
1677 if( ctx->pk_info == NULL )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1678 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
Manuel Pégourié-Gonnarda2d3f222013-08-21 11:51:08 +0200[diff] [blame]1679
Manuel Pégourié-Gonnardc10f0922019-09-19 10:45:14 +0200[diff] [blame]1680 return( pk_info_decrypt_func( ctx->pk_info, ctx->pk_ctx, input, ilen,
Manuel Pégourié-Gonnarda2d3f222013-08-21 11:51:08 +0200[diff] [blame]1681 output, olen, osize, f_rng, p_rng ) );
1682}
1683
1684/*
1685 * Encrypt message
1686 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1687int mbedtls_pk_encrypt( mbedtls_pk_context *ctx,
Manuel Pégourié-Gonnarda2d3f222013-08-21 11:51:08 +0200[diff] [blame]1688 const unsigned char *input, size_t ilen,
1689 unsigned char *output, size_t *olen, size_t osize,
1690 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
1691{
Gilles Peskinee97dc602018-12-19 00:51:38 +0100[diff] [blame]1692 PK_VALIDATE_RET( ctx != NULL );
1693 PK_VALIDATE_RET( input != NULL || ilen == 0 );
1694 PK_VALIDATE_RET( output != NULL || osize == 0 );
1695 PK_VALIDATE_RET( olen != NULL );
1696
1697 if( ctx->pk_info == NULL )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1698 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
Manuel Pégourié-Gonnarda2d3f222013-08-21 11:51:08 +0200[diff] [blame]1699
Manuel Pégourié-Gonnardc10f0922019-09-19 10:45:14 +0200[diff] [blame]1700 return( pk_info_encrypt_func( ctx->pk_info, ctx->pk_ctx, input, ilen,
Manuel Pégourié-Gonnarda2d3f222013-08-21 11:51:08 +0200[diff] [blame]1701 output, olen, osize, f_rng, p_rng ) );
1702}
1703
1704/*
Manuel Pégourié-Gonnard70bdadf2014-11-06 16:51:20 +0100[diff] [blame]1705 * Check public-private key pair
1706 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1707int mbedtls_pk_check_pair( const mbedtls_pk_context *pub, const mbedtls_pk_context *prv )
Manuel Pégourié-Gonnard70bdadf2014-11-06 16:51:20 +0100[diff] [blame]1708{
Gilles Peskinee97dc602018-12-19 00:51:38 +0100[diff] [blame]1709 PK_VALIDATE_RET( pub != NULL );
1710 PK_VALIDATE_RET( prv != NULL );
1711
Manuel Pégourié-Gonnard2d9466f2019-09-19 10:45:14 +0200[diff] [blame]1712 if( pub->pk_info == NULL || prv->pk_info == NULL )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1713 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
Manuel Pégourié-Gonnard70bdadf2014-11-06 16:51:20 +0100[diff] [blame]1714
Manuel Pégourié-Gonnard2d9466f2019-09-19 10:45:14 +0200[diff] [blame]1715#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
Manuel Pégourié-Gonnardc10f0922019-09-19 10:45:14 +0200[diff] [blame]1716 if( pk_info_type( prv->pk_info ) == MBEDTLS_PK_RSA_ALT )
Manuel Pégourié-Gonnard70bdadf2014-11-06 16:51:20 +0100[diff] [blame]1717 {
Manuel Pégourié-Gonnardc10f0922019-09-19 10:45:14 +0200[diff] [blame]1718 if( pk_info_type( pub->pk_info ) != MBEDTLS_PK_RSA )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1719 return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
Manuel Pégourié-Gonnarda1efcb02014-11-08 17:08:08 +0100[diff] [blame]1720 }
1721 else
Manuel Pégourié-Gonnard2d9466f2019-09-19 10:45:14 +0200[diff] [blame]1722#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
Manuel Pégourié-Gonnarda1efcb02014-11-08 17:08:08 +0100[diff] [blame]1723 {
1724 if( pub->pk_info != prv->pk_info )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1725 return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
Manuel Pégourié-Gonnard70bdadf2014-11-06 16:51:20 +0100[diff] [blame]1726 }
1727
Manuel Pégourié-Gonnardc10f0922019-09-19 10:45:14 +0200[diff] [blame]1728 return( pk_info_check_pair_func( prv->pk_info, pub->pk_ctx, prv->pk_ctx ) );
Manuel Pégourié-Gonnard70bdadf2014-11-06 16:51:20 +0100[diff] [blame]1729}
1730
1731/*
Manuel Pégourié-Gonnardb3d91872013-08-14 15:56:19 +0200[diff] [blame]1732 * Get key size in bits
1733 */
Manuel Pégourié-Gonnard097c7bb2015-06-18 16:43:38 +0200[diff] [blame]1734size_t mbedtls_pk_get_bitlen( const mbedtls_pk_context *ctx )
Manuel Pégourié-Gonnardb3d91872013-08-14 15:56:19 +0200[diff] [blame]1735{
Gilles Peskine6af45ec2018-12-19 17:52:05 +0100[diff] [blame]1736 /* For backward compatibility, accept NULL or a context that
1737 * isn't set up yet, and return a fake value that should be safe. */
Manuel Pégourié-Gonnard3fb5c5e2013-08-14 18:26:41 +0200[diff] [blame]1738 if( ctx == NULL || ctx->pk_info == NULL )
Manuel Pégourié-Gonnardb3d91872013-08-14 15:56:19 +0200[diff] [blame]1739 return( 0 );
1740
Manuel Pégourié-Gonnardc10f0922019-09-19 10:45:14 +0200[diff] [blame]1741 return( pk_info_get_bitlen( ctx->pk_info, ctx->pk_ctx ) );
Manuel Pégourié-Gonnardb3d91872013-08-14 15:56:19 +0200[diff] [blame]1742}
Manuel Pégourié-Gonnardc6ac8872013-08-14 18:04:18 +0200[diff] [blame]1743
1744/*
1745 * Export debug information
1746 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1747int mbedtls_pk_debug( const mbedtls_pk_context *ctx, mbedtls_pk_debug_item *items )
Manuel Pégourié-Gonnardc6ac8872013-08-14 18:04:18 +0200[diff] [blame]1748{
Gilles Peskinee97dc602018-12-19 00:51:38 +0100[diff] [blame]1749 PK_VALIDATE_RET( ctx != NULL );
1750 if( ctx->pk_info == NULL )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1751 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
Manuel Pégourié-Gonnardc6ac8872013-08-14 18:04:18 +0200[diff] [blame]1752
Manuel Pégourié-Gonnard57d96cd2019-09-19 10:45:14 +0200[diff] [blame]1753 return( pk_info_debug_func( ctx->pk_info, ctx->pk_ctx, items ) );
Manuel Pégourié-Gonnardc6ac8872013-08-14 18:04:18 +0200[diff] [blame]1754}
Manuel Pégourié-Gonnard3fb5c5e2013-08-14 18:26:41 +0200[diff] [blame]1755
1756/*
1757 * Access the PK type name
1758 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1759const char *mbedtls_pk_get_name( const mbedtls_pk_context *ctx )
Manuel Pégourié-Gonnard3fb5c5e2013-08-14 18:26:41 +0200[diff] [blame]1760{
1761 if( ctx == NULL || ctx->pk_info == NULL )
1762 return( "invalid PK" );
1763
Manuel Pégourié-Gonnardc10f0922019-09-19 10:45:14 +0200[diff] [blame]1764 return( pk_info_name( ctx->pk_info ) );
Manuel Pégourié-Gonnard3fb5c5e2013-08-14 18:26:41 +0200[diff] [blame]1765}
Manuel Pégourié-Gonnardc40b4c32013-08-22 13:29:31 +0200[diff] [blame]1766
Manuel Pégourié-Gonnard8053da42013-09-11 22:28:30 +0200[diff] [blame]1767/*
1768 * Access the PK type
1769 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1770mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx )
Manuel Pégourié-Gonnard8053da42013-09-11 22:28:30 +0200[diff] [blame]1771{
1772 if( ctx == NULL || ctx->pk_info == NULL )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1773 return( MBEDTLS_PK_NONE );
Manuel Pégourié-Gonnard8053da42013-09-11 22:28:30 +0200[diff] [blame]1774
Manuel Pégourié-Gonnardc10f0922019-09-19 10:45:14 +0200[diff] [blame]1775 return( pk_info_type( ctx->pk_info ) );
Manuel Pégourié-Gonnard8053da42013-09-11 22:28:30 +0200[diff] [blame]1776}
1777
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1778#endif /* MBEDTLS_PK_C */