TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 4ed179f693caf653c317f29abdb1f10a6548c888 / . / library / pk.c
blob: ceaf63f9cd75befaed5ce972fcb89bf21486d23d [file] [log] [blame]
Manuel Pégourié-Gonnard12e0ed92013-07-04 13:31:32 +0200[diff] [blame]1/*
2 * Public Key abstraction layer
3 *
Manuel Pégourié-Gonnard6fb81872015-07-27 11:11:48 +0200[diff] [blame]4 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
Manuel Pégourié-Gonnard37ff1402015-09-04 14:21:07 +0200[diff] [blame]5 * SPDX-License-Identifier: Apache-2.0
6 *
7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
8 * not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
Manuel Pégourié-Gonnard12e0ed92013-07-04 13:31:32 +0200[diff] [blame]18 *
Manuel Pégourié-Gonnardfe446432015-03-06 13:17:10 +0000[diff] [blame]19 * This file is part of mbed TLS (https://tls.mbed.org)
Manuel Pégourié-Gonnard12e0ed92013-07-04 13:31:32 +0200[diff] [blame]20 */
21
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]22#if !defined(MBEDTLS_CONFIG_FILE)
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]23#include "mbedtls/config.h"
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +0200[diff] [blame]24#else
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]25#include MBEDTLS_CONFIG_FILE
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +0200[diff] [blame]26#endif
Manuel Pégourié-Gonnard12e0ed92013-07-04 13:31:32 +0200[diff] [blame]27
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]28#if defined(MBEDTLS_PK_C)
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]29#include "mbedtls/pk.h"
Manuel Pégourié-Gonnard50518f42015-05-26 11:04:15 +0200[diff] [blame]30#include "mbedtls/pk_internal.h"
Manuel Pégourié-Gonnard12e0ed92013-07-04 13:31:32 +0200[diff] [blame]31
Andres Amaya Garcia1f6301b2018-04-17 09:51:09 -0500[diff] [blame]32#include "mbedtls/platform_util.h"
Andres AG72849872017-01-19 11:24:33 +0000[diff] [blame]33
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]34#if defined(MBEDTLS_RSA_C)
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]35#include "mbedtls/rsa.h"
Manuel Pégourié-Gonnard81c313c2013-07-09 10:35:54 +0200[diff] [blame]36#endif
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]37#if defined(MBEDTLS_ECP_C)
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]38#include "mbedtls/ecp.h"
Manuel Pégourié-Gonnard81c313c2013-07-09 10:35:54 +0200[diff] [blame]39#endif
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]40#if defined(MBEDTLS_ECDSA_C)
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]41#include "mbedtls/ecdsa.h"
Manuel Pégourié-Gonnard7c5819e2013-07-10 12:29:57 +0200[diff] [blame]42#endif
Manuel Pégourié-Gonnard81c313c2013-07-09 10:35:54 +0200[diff] [blame]43
Andres AG72849872017-01-19 11:24:33 +0000[diff] [blame]44#include <limits.h>
Andres Amaya Garcia7c02c502017-08-04 13:32:15 +0100[diff] [blame]45#include <stdint.h>
Paul Bakker34617722014-06-13 17:20:13 +0200[diff] [blame]46
Gilles Peskinee97dc602018-12-19 00:51:38 +0100[diff] [blame]47/* Parameter validation macros based on platform_util.h */
48#define PK_VALIDATE_RET( cond ) \
49 MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_PK_BAD_INPUT_DATA )
50#define PK_VALIDATE( cond ) \
51 MBEDTLS_INTERNAL_VALIDATE( cond )
52
Manuel Pégourié-Gonnard4ed179f2019-09-19 10:45:14 +0200[diff] [blame^]53/* Raw contents of former pk_wrap.c file */
54#if defined(MBEDTLS_PK_C)
55#include "mbedtls/pk_internal.h"
56
57/* Even if RSA not activated, for the sake of RSA-alt */
58#include "mbedtls/rsa.h"
59
60#include <string.h>
61
62#if defined(MBEDTLS_USE_TINYCRYPT)
63#include "tinycrypt/ecc.h"
64#include "tinycrypt/ecc_dsa.h"
65#include "mbedtls/asn1.h"
66#include "mbedtls/asn1write.h"
67#endif /* MBEDTLS_USE_TINYCRYPT */
68
69#if defined(MBEDTLS_ECP_C)
70#include "mbedtls/ecp.h"
71#endif
72
73#if defined(MBEDTLS_ECDSA_C)
74#include "mbedtls/ecdsa.h"
75#endif
76
77#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT) || \
78 defined(MBEDTLS_USE_TINYCRYPT)
79#include "mbedtls/platform_util.h"
80#endif
81
82#if defined(MBEDTLS_PLATFORM_C)
83#include "mbedtls/platform.h"
84#else
85#include <stdlib.h>
86#define mbedtls_calloc calloc
87#define mbedtls_free free
88#endif
89
90#include <limits.h>
91#include <stdint.h>
92
93#if defined(MBEDTLS_RSA_C)
94static int rsa_can_do( mbedtls_pk_type_t type )
95{
96 return( type == MBEDTLS_PK_RSA ||
97 type == MBEDTLS_PK_RSASSA_PSS );
98}
99
100static size_t rsa_get_bitlen( const void *ctx )
101{
102 const mbedtls_rsa_context * rsa = (const mbedtls_rsa_context *) ctx;
103 return( 8 * mbedtls_rsa_get_len( rsa ) );
104}
105
106static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
107 const unsigned char *hash, size_t hash_len,
108 const unsigned char *sig, size_t sig_len )
109{
110 int ret;
111 mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
112 size_t rsa_len = mbedtls_rsa_get_len( rsa );
113
114#if SIZE_MAX > UINT_MAX
115 if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len )
116 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
117#endif /* SIZE_MAX > UINT_MAX */
118
119 if( sig_len < rsa_len )
120 return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
121
122 if( ( ret = mbedtls_rsa_pkcs1_verify( rsa, NULL, NULL,
123 MBEDTLS_RSA_PUBLIC, md_alg,
124 (unsigned int) hash_len, hash, sig ) ) != 0 )
125 return( ret );
126
127 /* The buffer contains a valid signature followed by extra data.
128 * We have a special error code for that so that so that callers can
129 * use mbedtls_pk_verify() to check "Does the buffer start with a
130 * valid signature?" and not just "Does the buffer contain a valid
131 * signature?". */
132 if( sig_len > rsa_len )
133 return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );
134
135 return( 0 );
136}
137
138static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
139 const unsigned char *hash, size_t hash_len,
140 unsigned char *sig, size_t *sig_len,
141 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
142{
143 mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
144
145#if SIZE_MAX > UINT_MAX
146 if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len )
147 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
148#endif /* SIZE_MAX > UINT_MAX */
149
150 *sig_len = mbedtls_rsa_get_len( rsa );
151
152 return( mbedtls_rsa_pkcs1_sign( rsa, f_rng, p_rng, MBEDTLS_RSA_PRIVATE,
153 md_alg, (unsigned int) hash_len, hash, sig ) );
154}
155
156static int rsa_decrypt_wrap( void *ctx,
157 const unsigned char *input, size_t ilen,
158 unsigned char *output, size_t *olen, size_t osize,
159 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
160{
161 mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
162
163 if( ilen != mbedtls_rsa_get_len( rsa ) )
164 return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
165
166 return( mbedtls_rsa_pkcs1_decrypt( rsa, f_rng, p_rng,
167 MBEDTLS_RSA_PRIVATE, olen, input, output, osize ) );
168}
169
170static int rsa_encrypt_wrap( void *ctx,
171 const unsigned char *input, size_t ilen,
172 unsigned char *output, size_t *olen, size_t osize,
173 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
174{
175 mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
176 *olen = mbedtls_rsa_get_len( rsa );
177
178 if( *olen > osize )
179 return( MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE );
180
181 return( mbedtls_rsa_pkcs1_encrypt( rsa, f_rng, p_rng, MBEDTLS_RSA_PUBLIC,
182 ilen, input, output ) );
183}
184
185static int rsa_check_pair_wrap( const void *pub, const void *prv )
186{
187 return( mbedtls_rsa_check_pub_priv( (const mbedtls_rsa_context *) pub,
188 (const mbedtls_rsa_context *) prv ) );
189}
190
191static void *rsa_alloc_wrap( void )
192{
193 void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_rsa_context ) );
194
195 if( ctx != NULL )
196 mbedtls_rsa_init( (mbedtls_rsa_context *) ctx, 0, 0 );
197
198 return( ctx );
199}
200
201static void rsa_free_wrap( void *ctx )
202{
203 mbedtls_rsa_free( (mbedtls_rsa_context *) ctx );
204 mbedtls_free( ctx );
205}
206
207static void rsa_debug( const void *ctx, mbedtls_pk_debug_item *items )
208{
209 items->type = MBEDTLS_PK_DEBUG_MPI;
210 items->name = "rsa.N";
211 items->value = &( ((mbedtls_rsa_context *) ctx)->N );
212
213 items++;
214
215 items->type = MBEDTLS_PK_DEBUG_MPI;
216 items->name = "rsa.E";
217 items->value = &( ((mbedtls_rsa_context *) ctx)->E );
218}
219
220const mbedtls_pk_info_t mbedtls_rsa_info = {
221 MBEDTLS_PK_RSA,
222 "RSA",
223 rsa_get_bitlen,
224 rsa_can_do,
225 rsa_verify_wrap,
226 rsa_sign_wrap,
227#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
228 NULL,
229 NULL,
230#endif
231 rsa_decrypt_wrap,
232 rsa_encrypt_wrap,
233 rsa_check_pair_wrap,
234 rsa_alloc_wrap,
235 rsa_free_wrap,
236#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
237 NULL,
238 NULL,
239#endif
240 rsa_debug,
241};
242#endif /* MBEDTLS_RSA_C */
243
244#if defined(MBEDTLS_ECP_C)
245/*
246 * Generic EC key
247 */
248static int eckey_can_do( mbedtls_pk_type_t type )
249{
250 return( type == MBEDTLS_PK_ECKEY ||
251 type == MBEDTLS_PK_ECKEY_DH ||
252 type == MBEDTLS_PK_ECDSA );
253}
254
255static size_t eckey_get_bitlen( const void *ctx )
256{
257 return( ((mbedtls_ecp_keypair *) ctx)->grp.pbits );
258}
259
260#if defined(MBEDTLS_ECDSA_C)
261/* Forward declarations */
262static int ecdsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
263 const unsigned char *hash, size_t hash_len,
264 const unsigned char *sig, size_t sig_len );
265
266static int ecdsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
267 const unsigned char *hash, size_t hash_len,
268 unsigned char *sig, size_t *sig_len,
269 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
270
271static int eckey_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
272 const unsigned char *hash, size_t hash_len,
273 const unsigned char *sig, size_t sig_len )
274{
275 int ret;
276 mbedtls_ecdsa_context ecdsa;
277
278 mbedtls_ecdsa_init( &ecdsa );
279
280 if( ( ret = mbedtls_ecdsa_from_keypair( &ecdsa, ctx ) ) == 0 )
281 ret = ecdsa_verify_wrap( &ecdsa, md_alg, hash, hash_len, sig, sig_len );
282
283 mbedtls_ecdsa_free( &ecdsa );
284
285 return( ret );
286}
287
288static int eckey_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
289 const unsigned char *hash, size_t hash_len,
290 unsigned char *sig, size_t *sig_len,
291 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
292{
293 int ret;
294 mbedtls_ecdsa_context ecdsa;
295
296 mbedtls_ecdsa_init( &ecdsa );
297
298 if( ( ret = mbedtls_ecdsa_from_keypair( &ecdsa, ctx ) ) == 0 )
299 ret = ecdsa_sign_wrap( &ecdsa, md_alg, hash, hash_len, sig, sig_len,
300 f_rng, p_rng );
301
302 mbedtls_ecdsa_free( &ecdsa );
303
304 return( ret );
305}
306
307#if defined(MBEDTLS_ECP_RESTARTABLE)
308/* Forward declarations */
309static int ecdsa_verify_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
310 const unsigned char *hash, size_t hash_len,
311 const unsigned char *sig, size_t sig_len,
312 void *rs_ctx );
313
314static int ecdsa_sign_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
315 const unsigned char *hash, size_t hash_len,
316 unsigned char *sig, size_t *sig_len,
317 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
318 void *rs_ctx );
319
320/*
321 * Restart context for ECDSA operations with ECKEY context
322 *
323 * We need to store an actual ECDSA context, as we need to pass the same to
324 * the underlying ecdsa function, so we can't create it on the fly every time.
325 */
326typedef struct
327{
328 mbedtls_ecdsa_restart_ctx ecdsa_rs;
329 mbedtls_ecdsa_context ecdsa_ctx;
330} eckey_restart_ctx;
331
332static void *eckey_rs_alloc( void )
333{
334 eckey_restart_ctx *rs_ctx;
335
336 void *ctx = mbedtls_calloc( 1, sizeof( eckey_restart_ctx ) );
337
338 if( ctx != NULL )
339 {
340 rs_ctx = ctx;
341 mbedtls_ecdsa_restart_init( &rs_ctx->ecdsa_rs );
342 mbedtls_ecdsa_init( &rs_ctx->ecdsa_ctx );
343 }
344
345 return( ctx );
346}
347
348static void eckey_rs_free( void *ctx )
349{
350 eckey_restart_ctx *rs_ctx;
351
352 if( ctx == NULL)
353 return;
354
355 rs_ctx = ctx;
356 mbedtls_ecdsa_restart_free( &rs_ctx->ecdsa_rs );
357 mbedtls_ecdsa_free( &rs_ctx->ecdsa_ctx );
358
359 mbedtls_free( ctx );
360}
361
362static int eckey_verify_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
363 const unsigned char *hash, size_t hash_len,
364 const unsigned char *sig, size_t sig_len,
365 void *rs_ctx )
366{
367 int ret;
368 eckey_restart_ctx *rs = rs_ctx;
369
370 /* Should never happen */
371 if( rs == NULL )
372 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
373
374 /* set up our own sub-context if needed (that is, on first run) */
375 if( rs->ecdsa_ctx.grp.pbits == 0 )
376 MBEDTLS_MPI_CHK( mbedtls_ecdsa_from_keypair( &rs->ecdsa_ctx, ctx ) );
377
378 MBEDTLS_MPI_CHK( ecdsa_verify_rs_wrap( &rs->ecdsa_ctx,
379 md_alg, hash, hash_len,
380 sig, sig_len, &rs->ecdsa_rs ) );
381
382cleanup:
383 return( ret );
384}
385
386static int eckey_sign_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
387 const unsigned char *hash, size_t hash_len,
388 unsigned char *sig, size_t *sig_len,
389 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
390 void *rs_ctx )
391{
392 int ret;
393 eckey_restart_ctx *rs = rs_ctx;
394
395 /* Should never happen */
396 if( rs == NULL )
397 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
398
399 /* set up our own sub-context if needed (that is, on first run) */
400 if( rs->ecdsa_ctx.grp.pbits == 0 )
401 MBEDTLS_MPI_CHK( mbedtls_ecdsa_from_keypair( &rs->ecdsa_ctx, ctx ) );
402
403 MBEDTLS_MPI_CHK( ecdsa_sign_rs_wrap( &rs->ecdsa_ctx, md_alg,
404 hash, hash_len, sig, sig_len,
405 f_rng, p_rng, &rs->ecdsa_rs ) );
406
407cleanup:
408 return( ret );
409}
410#endif /* MBEDTLS_ECP_RESTARTABLE */
411#endif /* MBEDTLS_ECDSA_C */
412
413static int eckey_check_pair( const void *pub, const void *prv )
414{
415 return( mbedtls_ecp_check_pub_priv( (const mbedtls_ecp_keypair *) pub,
416 (const mbedtls_ecp_keypair *) prv ) );
417}
418
419static void *eckey_alloc_wrap( void )
420{
421 void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ecp_keypair ) );
422
423 if( ctx != NULL )
424 mbedtls_ecp_keypair_init( ctx );
425
426 return( ctx );
427}
428
429static void eckey_free_wrap( void *ctx )
430{
431 mbedtls_ecp_keypair_free( (mbedtls_ecp_keypair *) ctx );
432 mbedtls_free( ctx );
433}
434
435static void eckey_debug( const void *ctx, mbedtls_pk_debug_item *items )
436{
437 items->type = MBEDTLS_PK_DEBUG_ECP;
438 items->name = "eckey.Q";
439 items->value = &( ((mbedtls_ecp_keypair *) ctx)->Q );
440}
441
442const mbedtls_pk_info_t mbedtls_eckey_info = {
443 MBEDTLS_PK_ECKEY,
444 "EC",
445 eckey_get_bitlen,
446 eckey_can_do,
447#if defined(MBEDTLS_ECDSA_C)
448 eckey_verify_wrap,
449 eckey_sign_wrap,
450#if defined(MBEDTLS_ECP_RESTARTABLE)
451 eckey_verify_rs_wrap,
452 eckey_sign_rs_wrap,
453#endif
454#else /* MBEDTLS_ECDSA_C */
455 NULL,
456 NULL,
457#endif /* MBEDTLS_ECDSA_C */
458 NULL,
459 NULL,
460 eckey_check_pair,
461 eckey_alloc_wrap,
462 eckey_free_wrap,
463#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
464 eckey_rs_alloc,
465 eckey_rs_free,
466#endif
467 eckey_debug,
468};
469
470/*
471 * EC key restricted to ECDH
472 */
473static int eckeydh_can_do( mbedtls_pk_type_t type )
474{
475 return( type == MBEDTLS_PK_ECKEY ||
476 type == MBEDTLS_PK_ECKEY_DH );
477}
478
479const mbedtls_pk_info_t mbedtls_eckeydh_info = {
480 MBEDTLS_PK_ECKEY_DH,
481 "EC_DH",
482 eckey_get_bitlen, /* Same underlying key structure */
483 eckeydh_can_do,
484 NULL,
485 NULL,
486#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
487 NULL,
488 NULL,
489#endif
490 NULL,
491 NULL,
492 eckey_check_pair,
493 eckey_alloc_wrap, /* Same underlying key structure */
494 eckey_free_wrap, /* Same underlying key structure */
495#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
496 NULL,
497 NULL,
498#endif
499 eckey_debug, /* Same underlying key structure */
500};
501#endif /* MBEDTLS_ECP_C */
502
503#if defined(MBEDTLS_USE_TINYCRYPT)
504
505/*
506 * An ASN.1 encoded signature is a sequence of two ASN.1 integers. Parse one of
507 * those integers and convert it to the fixed-length encoding.
508 */
509static int extract_ecdsa_sig_int( unsigned char **from, const unsigned char *end,
510 unsigned char *to, size_t to_len )
511{
512 int ret;
513 size_t unpadded_len, padding_len;
514
515 if( ( ret = mbedtls_asn1_get_tag( from, end, &unpadded_len,
516 MBEDTLS_ASN1_INTEGER ) ) != 0 )
517 {
518 return( ret );
519 }
520
521 while( unpadded_len > 0 && **from == 0x00 )
522 {
523 ( *from )++;
524 unpadded_len--;
525 }
526
527 if( unpadded_len > to_len || unpadded_len == 0 )
528 return( MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
529
530 padding_len = to_len - unpadded_len;
531 memset( to, 0x00, padding_len );
532 memcpy( to + padding_len, *from, unpadded_len );
533 ( *from ) += unpadded_len;
534
535 return( 0 );
536}
537
538/*
539 * Convert a signature from an ASN.1 sequence of two integers
540 * to a raw {r,s} buffer. Note: the provided sig buffer must be at least
541 * twice as big as int_size.
542 */
543static int extract_ecdsa_sig( unsigned char **p, const unsigned char *end,
544 unsigned char *sig, size_t int_size )
545{
546 int ret;
547 size_t tmp_size;
548
549 if( ( ret = mbedtls_asn1_get_tag( p, end, &tmp_size,
550 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
551 return( ret );
552
553 /* Extract r */
554 if( ( ret = extract_ecdsa_sig_int( p, end, sig, int_size ) ) != 0 )
555 return( ret );
556 /* Extract s */
557 if( ( ret = extract_ecdsa_sig_int( p, end, sig + int_size, int_size ) ) != 0 )
558 return( ret );
559
560 return( 0 );
561}
562
563static size_t uecc_eckey_get_bitlen( const void *ctx )
564{
565 (void) ctx;
566 return( (size_t) ( NUM_ECC_BYTES * 8 ) );
567}
568
569static int uecc_eckey_check_pair( const void *pub, const void *prv )
570{
571 const mbedtls_uecc_keypair *uecc_pub =
572 (const mbedtls_uecc_keypair *) pub;
573 const mbedtls_uecc_keypair *uecc_prv =
574 (const mbedtls_uecc_keypair *) prv;
575
576 if( memcmp( uecc_pub->public_key,
577 uecc_prv->public_key,
578 2 * NUM_ECC_BYTES ) == 0 )
579 {
580 return( 0 );
581 }
582
583 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
584}
585
586static int uecc_eckey_can_do( mbedtls_pk_type_t type )
587{
588 return( type == MBEDTLS_PK_ECDSA ||
589 type == MBEDTLS_PK_ECKEY );
590}
591
592static int uecc_eckey_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
593 const unsigned char *hash, size_t hash_len,
594 const unsigned char *sig, size_t sig_len )
595{
596 int ret;
597 uint8_t signature[2*NUM_ECC_BYTES];
598 unsigned char *p;
599 const struct uECC_Curve_t * uecc_curve = uECC_secp256r1();
600 const mbedtls_uecc_keypair *keypair = (const mbedtls_uecc_keypair *) ctx;
601
602 ((void) md_alg);
603 p = (unsigned char*) sig;
604
605 ret = extract_ecdsa_sig( &p, sig + sig_len, signature, NUM_ECC_BYTES );
606 if( ret != 0 )
607 return( ret );
608
609 ret = uECC_verify( keypair->public_key, hash,
610 (unsigned) hash_len, signature, uecc_curve );
611 if( ret == 0 )
612 return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );
613
614 return( 0 );
615}
616
617/*
618 * Simultaneously convert and move raw MPI from the beginning of a buffer
619 * to an ASN.1 MPI at the end of the buffer.
620 * See also mbedtls_asn1_write_mpi().
621 *
622 * p: pointer to the end of the output buffer
623 * start: start of the output buffer, and also of the mpi to write at the end
624 * n_len: length of the mpi to read from start
625 *
626 * Warning:
627 * The total length of the output buffer must be smaller than 128 Bytes.
628 */
629static int asn1_write_mpibuf( unsigned char **p, unsigned char *start,
630 size_t n_len )
631{
632 size_t len = 0;
633
634 if( (size_t)( *p - start ) < n_len )
635 return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
636
637 len = n_len;
638 *p -= len;
639 memmove( *p, start, len );
640
641 /* ASN.1 DER encoding requires minimal length, so skip leading 0s.
642 * Neither r nor s should be 0, but as a failsafe measure, still detect
643 * that rather than overflowing the buffer in case of an error. */
644 while( len > 0 && **p == 0x00 )
645 {
646 ++(*p);
647 --len;
648 }
649
650 /* this is only reached if the signature was invalid */
651 if( len == 0 )
652 return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );
653
654 /* if the msb is 1, ASN.1 requires that we prepend a 0.
655 * Neither r nor s can be 0, so we can assume len > 0 at all times. */
656 if( **p & 0x80 )
657 {
658 if( *p - start < 1 )
659 return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
660
661 *--(*p) = 0x00;
662 len += 1;
663 }
664
665 /* The ASN.1 length encoding is just a single Byte containing the length,
666 * as we assume that the total buffer length is smaller than 128 Bytes. */
667 *--(*p) = len;
668 *--(*p) = MBEDTLS_ASN1_INTEGER;
669 len += 2;
670
671 return( (int) len );
672}
673
674/* Transcode signature from uECC format to ASN.1 sequence.
675 * See ecdsa_signature_to_asn1 in ecdsa.c, but with byte buffers instead of
676 * MPIs, and in-place.
677 *
678 * [in/out] sig: the signature pre- and post-transcoding
679 * [in/out] sig_len: signature length pre- and post-transcoding
680 * [int] buf_len: the available size the in/out buffer
681 *
682 * Warning: buf_len must be smaller than 128 Bytes.
683 */
684static int pk_ecdsa_sig_asn1_from_uecc( unsigned char *sig, size_t *sig_len,
685 size_t buf_len )
686{
687 int ret;
688 size_t len = 0;
689 const size_t rs_len = *sig_len / 2;
690 unsigned char *p = sig + buf_len;
691
692 MBEDTLS_ASN1_CHK_ADD( len, asn1_write_mpibuf( &p, sig + rs_len, rs_len ) );
693 MBEDTLS_ASN1_CHK_ADD( len, asn1_write_mpibuf( &p, sig, rs_len ) );
694
695 /* The ASN.1 length encoding is just a single Byte containing the length,
696 * as we assume that the total buffer length is smaller than 128 Bytes. */
697 *--p = len;
698 *--p = MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE;
699 len += 2;
700
701 memmove( sig, p, len );
702 *sig_len = len;
703
704 return( 0 );
705}
706
707static int uecc_eckey_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
708 const unsigned char *hash, size_t hash_len,
709 unsigned char *sig, size_t *sig_len,
710 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
711{
712 const mbedtls_uecc_keypair *keypair = (const mbedtls_uecc_keypair *) ctx;
713 const struct uECC_Curve_t * uecc_curve = uECC_secp256r1();
714 int ret;
715
716 /*
717 * RFC-4492 page 20:
718 *
719 * Ecdsa-Sig-Value ::= SEQUENCE {
720 * r INTEGER,
721 * s INTEGER
722 * }
723 *
724 * Size is at most
725 * 1 (tag) + 1 (len) + 1 (initial 0) + NUM_ECC_BYTES for each of r and s,
726 * twice that + 1 (tag) + 2 (len) for the sequence
727 *
728 * (The ASN.1 length encodings are all 1-Byte encodings because
729 * the total size is smaller than 128 Bytes).
730 */
731 #define MAX_SECP256R1_ECDSA_SIG_LEN ( 3 + 2 * ( 3 + NUM_ECC_BYTES ) )
732
733 ret = uECC_sign( keypair->private_key, hash, hash_len, sig, uecc_curve );
734 /* TinyCrypt uses 0 to signal errors. */
735 if( ret == 0 )
736 return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );
737
738 *sig_len = 2 * NUM_ECC_BYTES;
739
740 /* uECC owns its rng function pointer */
741 (void) f_rng;
742 (void) p_rng;
743 (void) md_alg;
744
745 return( pk_ecdsa_sig_asn1_from_uecc( sig, sig_len,
746 MAX_SECP256R1_ECDSA_SIG_LEN ) );
747
748 #undef MAX_SECP256R1_ECDSA_SIG_LEN
749}
750
751static void *uecc_eckey_alloc_wrap( void )
752{
753 return( mbedtls_calloc( 1, sizeof( mbedtls_uecc_keypair ) ) );
754}
755
756static void uecc_eckey_free_wrap( void *ctx )
757{
758 if( ctx == NULL )
759 return;
760
761 mbedtls_platform_zeroize( ctx, sizeof( mbedtls_uecc_keypair ) );
762 mbedtls_free( ctx );
763}
764
765const mbedtls_pk_info_t mbedtls_uecc_eckey_info =
766 MBEDTLS_PK_INFO( MBEDTLS_PK_INFO_ECKEY );
767#endif /* MBEDTLS_USE_TINYCRYPT */
768
769#if defined(MBEDTLS_ECDSA_C)
770static int ecdsa_can_do( mbedtls_pk_type_t type )
771{
772 return( type == MBEDTLS_PK_ECDSA );
773}
774
775static int ecdsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
776 const unsigned char *hash, size_t hash_len,
777 const unsigned char *sig, size_t sig_len )
778{
779 int ret;
780 ((void) md_alg);
781
782 ret = mbedtls_ecdsa_read_signature( (mbedtls_ecdsa_context *) ctx,
783 hash, hash_len, sig, sig_len );
784
785 if( ret == MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH )
786 return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );
787
788 return( ret );
789}
790
791static int ecdsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
792 const unsigned char *hash, size_t hash_len,
793 unsigned char *sig, size_t *sig_len,
794 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
795{
796 return( mbedtls_ecdsa_write_signature( (mbedtls_ecdsa_context *) ctx,
797 md_alg, hash, hash_len, sig, sig_len, f_rng, p_rng ) );
798}
799
800#if defined(MBEDTLS_ECP_RESTARTABLE)
801static int ecdsa_verify_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
802 const unsigned char *hash, size_t hash_len,
803 const unsigned char *sig, size_t sig_len,
804 void *rs_ctx )
805{
806 int ret;
807 ((void) md_alg);
808
809 ret = mbedtls_ecdsa_read_signature_restartable(
810 (mbedtls_ecdsa_context *) ctx,
811 hash, hash_len, sig, sig_len,
812 (mbedtls_ecdsa_restart_ctx *) rs_ctx );
813
814 if( ret == MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH )
815 return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );
816
817 return( ret );
818}
819
820static int ecdsa_sign_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
821 const unsigned char *hash, size_t hash_len,
822 unsigned char *sig, size_t *sig_len,
823 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
824 void *rs_ctx )
825{
826 return( mbedtls_ecdsa_write_signature_restartable(
827 (mbedtls_ecdsa_context *) ctx,
828 md_alg, hash, hash_len, sig, sig_len, f_rng, p_rng,
829 (mbedtls_ecdsa_restart_ctx *) rs_ctx ) );
830
831}
832#endif /* MBEDTLS_ECP_RESTARTABLE */
833
834static void *ecdsa_alloc_wrap( void )
835{
836 void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ecdsa_context ) );
837
838 if( ctx != NULL )
839 mbedtls_ecdsa_init( (mbedtls_ecdsa_context *) ctx );
840
841 return( ctx );
842}
843
844static void ecdsa_free_wrap( void *ctx )
845{
846 mbedtls_ecdsa_free( (mbedtls_ecdsa_context *) ctx );
847 mbedtls_free( ctx );
848}
849
850#if defined(MBEDTLS_ECP_RESTARTABLE)
851static void *ecdsa_rs_alloc( void )
852{
853 void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ecdsa_restart_ctx ) );
854
855 if( ctx != NULL )
856 mbedtls_ecdsa_restart_init( ctx );
857
858 return( ctx );
859}
860
861static void ecdsa_rs_free( void *ctx )
862{
863 mbedtls_ecdsa_restart_free( ctx );
864 mbedtls_free( ctx );
865}
866#endif /* MBEDTLS_ECP_RESTARTABLE */
867
868const mbedtls_pk_info_t mbedtls_ecdsa_info = {
869 MBEDTLS_PK_ECDSA,
870 "ECDSA",
871 eckey_get_bitlen, /* Compatible key structures */
872 ecdsa_can_do,
873 ecdsa_verify_wrap,
874 ecdsa_sign_wrap,
875#if defined(MBEDTLS_ECP_RESTARTABLE)
876 ecdsa_verify_rs_wrap,
877 ecdsa_sign_rs_wrap,
878#endif
879 NULL,
880 NULL,
881 eckey_check_pair, /* Compatible key structures */
882 ecdsa_alloc_wrap,
883 ecdsa_free_wrap,
884#if defined(MBEDTLS_ECP_RESTARTABLE)
885 ecdsa_rs_alloc,
886 ecdsa_rs_free,
887#endif
888 eckey_debug, /* Compatible key structures */
889};
890#endif /* MBEDTLS_ECDSA_C */
891
892#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
893/*
894 * Support for alternative RSA-private implementations
895 */
896
897static int rsa_alt_can_do( mbedtls_pk_type_t type )
898{
899 return( type == MBEDTLS_PK_RSA );
900}
901
902static size_t rsa_alt_get_bitlen( const void *ctx )
903{
904 const mbedtls_rsa_alt_context *rsa_alt = (const mbedtls_rsa_alt_context *) ctx;
905
906 return( 8 * rsa_alt->key_len_func( rsa_alt->key ) );
907}
908
909static int rsa_alt_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
910 const unsigned char *hash, size_t hash_len,
911 unsigned char *sig, size_t *sig_len,
912 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
913{
914 mbedtls_rsa_alt_context *rsa_alt = (mbedtls_rsa_alt_context *) ctx;
915
916#if SIZE_MAX > UINT_MAX
917 if( UINT_MAX < hash_len )
918 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
919#endif /* SIZE_MAX > UINT_MAX */
920
921 *sig_len = rsa_alt->key_len_func( rsa_alt->key );
922
923 return( rsa_alt->sign_func( rsa_alt->key, f_rng, p_rng, MBEDTLS_RSA_PRIVATE,
924 md_alg, (unsigned int) hash_len, hash, sig ) );
925}
926
927static int rsa_alt_decrypt_wrap( void *ctx,
928 const unsigned char *input, size_t ilen,
929 unsigned char *output, size_t *olen, size_t osize,
930 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
931{
932 mbedtls_rsa_alt_context *rsa_alt = (mbedtls_rsa_alt_context *) ctx;
933
934 ((void) f_rng);
935 ((void) p_rng);
936
937 if( ilen != rsa_alt->key_len_func( rsa_alt->key ) )
938 return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
939
940 return( rsa_alt->decrypt_func( rsa_alt->key,
941 MBEDTLS_RSA_PRIVATE, olen, input, output, osize ) );
942}
943
944#if defined(MBEDTLS_RSA_C)
945static int rsa_alt_check_pair( const void *pub, const void *prv )
946{
947 unsigned char sig[MBEDTLS_MPI_MAX_SIZE];
948 unsigned char hash[32];
949 size_t sig_len = 0;
950 int ret;
951
952 if( rsa_alt_get_bitlen( prv ) != rsa_get_bitlen( pub ) )
953 return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
954
955 memset( hash, 0x2a, sizeof( hash ) );
956
957 if( ( ret = rsa_alt_sign_wrap( (void *) prv, MBEDTLS_MD_NONE,
958 hash, sizeof( hash ),
959 sig, &sig_len, NULL, NULL ) ) != 0 )
960 {
961 return( ret );
962 }
963
964 if( rsa_verify_wrap( (void *) pub, MBEDTLS_MD_NONE,
965 hash, sizeof( hash ), sig, sig_len ) != 0 )
966 {
967 return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
968 }
969
970 return( 0 );
971}
972#endif /* MBEDTLS_RSA_C */
973
974static void *rsa_alt_alloc_wrap( void )
975{
976 void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_rsa_alt_context ) );
977
978 if( ctx != NULL )
979 memset( ctx, 0, sizeof( mbedtls_rsa_alt_context ) );
980
981 return( ctx );
982}
983
984static void rsa_alt_free_wrap( void *ctx )
985{
986 mbedtls_platform_zeroize( ctx, sizeof( mbedtls_rsa_alt_context ) );
987 mbedtls_free( ctx );
988}
989
990const mbedtls_pk_info_t mbedtls_rsa_alt_info = {
991 MBEDTLS_PK_RSA_ALT,
992 "RSA-alt",
993 rsa_alt_get_bitlen,
994 rsa_alt_can_do,
995 NULL,
996 rsa_alt_sign_wrap,
997#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
998 NULL,
999 NULL,
1000#endif
1001 rsa_alt_decrypt_wrap,
1002 NULL,
1003#if defined(MBEDTLS_RSA_C)
1004 rsa_alt_check_pair,
1005#else
1006 NULL,
1007#endif
1008 rsa_alt_alloc_wrap,
1009 rsa_alt_free_wrap,
1010#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
1011 NULL,
1012 NULL,
1013#endif
1014 NULL,
1015};
1016
1017#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
1018
1019#endif /* MBEDTLS_PK_C */
Manuel Pégourié-Gonnard12e0ed92013-07-04 13:31:32 +0200[diff] [blame]1020/*
Manuel Pégourié-Gonnardc10f0922019-09-19 10:45:14 +0200[diff] [blame]1021 * Access to members of the pk_info structure. These are meant to be replaced
1022 * by zero-runtime-cost accessors when a single PK type is hardcoded.
1023 *
1024 * For function members, don't make a getter, but a function that directly
1025 * calls the method, so that we can entirely get rid of function pointers
1026 * when hardcoding a single PK - some compilers optimize better that way.
1027 *
1028 * Not implemented for members that are only present in builds with
1029 * MBEDTLS_ECP_RESTARTABLE for now, as the main target for hardcoded is builds
1030 * with MBEDTLS_USE_TINYCRYPT, which don't have MBEDTLS_ECP_RESTARTABLE.
1031 */
1032
1033MBEDTLS_ALWAYS_INLINE static inline mbedtls_pk_type_t pk_info_type(
1034 const mbedtls_pk_info_t *info )
1035{
1036 return( info->type );
1037}
1038
1039MBEDTLS_ALWAYS_INLINE static inline const char * pk_info_name(
1040 const mbedtls_pk_info_t *info )
1041{
1042 return( info->name );
1043}
1044
1045MBEDTLS_ALWAYS_INLINE static inline size_t pk_info_get_bitlen(
1046 const mbedtls_pk_info_t *info, const void *ctx )
1047{
1048 return( info->get_bitlen( ctx ) );
1049}
1050
1051MBEDTLS_ALWAYS_INLINE static inline int pk_info_can_do(
1052 const mbedtls_pk_info_t *info, mbedtls_pk_type_t type )
1053{
1054 return( info->can_do( type ) );
1055}
1056
1057MBEDTLS_ALWAYS_INLINE static inline int pk_info_verify_func(
1058 const mbedtls_pk_info_t *info, void *ctx, mbedtls_md_type_t md_alg,
1059 const unsigned char *hash, size_t hash_len,
1060 const unsigned char *sig, size_t sig_len )
1061{
Manuel Pégourié-Gonnard57d96cd2019-09-19 10:45:14 +0200[diff] [blame]1062 if( info->verify_func == NULL )
1063 return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
1064
Manuel Pégourié-Gonnardc10f0922019-09-19 10:45:14 +0200[diff] [blame]1065 return( info->verify_func( ctx, md_alg, hash, hash_len, sig, sig_len ) );
1066}
1067
1068MBEDTLS_ALWAYS_INLINE static inline int pk_info_sign_func(
1069 const mbedtls_pk_info_t *info, void *ctx, mbedtls_md_type_t md_alg,
1070 const unsigned char *hash, size_t hash_len,
1071 unsigned char *sig, size_t *sig_len,
1072 int (*f_rng)(void *, unsigned char *, size_t),
1073 void *p_rng )
1074{
Manuel Pégourié-Gonnard57d96cd2019-09-19 10:45:14 +0200[diff] [blame]1075 if( info->sign_func == NULL )
1076 return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
1077
Manuel Pégourié-Gonnardc10f0922019-09-19 10:45:14 +0200[diff] [blame]1078 return( info->sign_func( ctx, md_alg, hash, hash_len, sig, sig_len,
1079 f_rng, p_rng ) );
1080}
1081
1082MBEDTLS_ALWAYS_INLINE static inline int pk_info_decrypt_func(
1083 const mbedtls_pk_info_t *info, void *ctx,
1084 const unsigned char *input, size_t ilen,
1085 unsigned char *output, size_t *olen, size_t osize,
1086 int (*f_rng)(void *, unsigned char *, size_t),
1087 void *p_rng )
1088{
Manuel Pégourié-Gonnard57d96cd2019-09-19 10:45:14 +0200[diff] [blame]1089 if( info->decrypt_func == NULL )
1090 return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
1091
Manuel Pégourié-Gonnardc10f0922019-09-19 10:45:14 +0200[diff] [blame]1092 return( info->decrypt_func( ctx, input, ilen, output, olen, osize,
1093 f_rng, p_rng ) );
1094}
1095
1096MBEDTLS_ALWAYS_INLINE static inline int pk_info_encrypt_func(
1097 const mbedtls_pk_info_t *info, void *ctx,
1098 const unsigned char *input, size_t ilen,
1099 unsigned char *output, size_t *olen, size_t osize,
1100 int (*f_rng)(void *, unsigned char *, size_t),
1101 void *p_rng )
1102{
Manuel Pégourié-Gonnard57d96cd2019-09-19 10:45:14 +0200[diff] [blame]1103 if( info->encrypt_func == NULL )
1104 return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
1105
Manuel Pégourié-Gonnardc10f0922019-09-19 10:45:14 +0200[diff] [blame]1106 return( info->encrypt_func( ctx, input, ilen, output, olen, osize,
1107 f_rng, p_rng ) );
1108}
1109
1110MBEDTLS_ALWAYS_INLINE static inline int pk_info_check_pair_func(
1111 const mbedtls_pk_info_t *info, const void *pub, const void *prv )
1112{
Manuel Pégourié-Gonnard57d96cd2019-09-19 10:45:14 +0200[diff] [blame]1113 if( info->check_pair_func == NULL )
1114 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
1115
Manuel Pégourié-Gonnardc10f0922019-09-19 10:45:14 +0200[diff] [blame]1116 return( info->check_pair_func( pub, prv ) );
1117}
1118
1119MBEDTLS_ALWAYS_INLINE static inline void *pk_info_ctx_alloc_func(
1120 const mbedtls_pk_info_t *info )
1121{
1122 return( info->ctx_alloc_func( ) );
1123}
1124
1125MBEDTLS_ALWAYS_INLINE static inline void pk_info_ctx_free_func(
1126 const mbedtls_pk_info_t *info, void *ctx )
1127{
1128 info->ctx_free_func( ctx );
1129}
1130
Manuel Pégourié-Gonnard57d96cd2019-09-19 10:45:14 +0200[diff] [blame]1131MBEDTLS_ALWAYS_INLINE static inline int pk_info_debug_func(
Manuel Pégourié-Gonnardc10f0922019-09-19 10:45:14 +0200[diff] [blame]1132 const mbedtls_pk_info_t *info,
1133 const void *ctx, mbedtls_pk_debug_item *items )
1134{
Manuel Pégourié-Gonnard57d96cd2019-09-19 10:45:14 +0200[diff] [blame]1135 if( info->debug_func == NULL )
1136 return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
1137
Manuel Pégourié-Gonnardc10f0922019-09-19 10:45:14 +0200[diff] [blame]1138 info->debug_func( ctx, items );
Manuel Pégourié-Gonnard57d96cd2019-09-19 10:45:14 +0200[diff] [blame]1139 return( 0 );
Manuel Pégourié-Gonnardc10f0922019-09-19 10:45:14 +0200[diff] [blame]1140}
1141
1142/*
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1143 * Initialise a mbedtls_pk_context
Manuel Pégourié-Gonnard12e0ed92013-07-04 13:31:32 +0200[diff] [blame]1144 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1145void mbedtls_pk_init( mbedtls_pk_context *ctx )
Manuel Pégourié-Gonnard12e0ed92013-07-04 13:31:32 +0200[diff] [blame]1146{
Gilles Peskinee97dc602018-12-19 00:51:38 +0100[diff] [blame]1147 PK_VALIDATE( ctx != NULL );
Manuel Pégourié-Gonnard12e0ed92013-07-04 13:31:32 +0200[diff] [blame]1148
Manuel Pégourié-Gonnard3fb5c5e2013-08-14 18:26:41 +0200[diff] [blame]1149 ctx->pk_info = NULL;
1150 ctx->pk_ctx = NULL;
Manuel Pégourié-Gonnard12e0ed92013-07-04 13:31:32 +0200[diff] [blame]1151}
1152
1153/*
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1154 * Free (the components of) a mbedtls_pk_context
Manuel Pégourié-Gonnard12e0ed92013-07-04 13:31:32 +0200[diff] [blame]1155 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1156void mbedtls_pk_free( mbedtls_pk_context *ctx )
Manuel Pégourié-Gonnard12e0ed92013-07-04 13:31:32 +0200[diff] [blame]1157{
irwir2239a862018-06-12 18:25:09 +0300[diff] [blame]1158 if( ctx == NULL )
Manuel Pégourié-Gonnard12e0ed92013-07-04 13:31:32 +0200[diff] [blame]1159 return;
1160
irwir2239a862018-06-12 18:25:09 +0300[diff] [blame]1161 if ( ctx->pk_info != NULL )
Manuel Pégourié-Gonnardc10f0922019-09-19 10:45:14 +0200[diff] [blame]1162 pk_info_ctx_free_func( ctx->pk_info, ctx->pk_ctx );
Manuel Pégourié-Gonnard1f73a652013-07-09 10:26:41 +0200[diff] [blame]1163
Andres Amaya Garcia1f6301b2018-04-17 09:51:09 -0500[diff] [blame]1164 mbedtls_platform_zeroize( ctx, sizeof( mbedtls_pk_context ) );
Manuel Pégourié-Gonnard765db072013-08-14 15:00:27 +0200[diff] [blame]1165}
1166
Manuel Pégourié-Gonnardaaa98142017-08-18 17:30:37 +0200[diff] [blame]1167#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
Manuel Pégourié-Gonnard15d7df22017-08-17 14:33:31 +0200[diff] [blame]1168/*
1169 * Initialize a restart context
1170 */
1171void mbedtls_pk_restart_init( mbedtls_pk_restart_ctx *ctx )
1172{
Gilles Peskinee97dc602018-12-19 00:51:38 +0100[diff] [blame]1173 PK_VALIDATE( ctx != NULL );
Manuel Pégourié-Gonnard0bbc66c2017-08-18 16:22:06 +0200[diff] [blame]1174 ctx->pk_info = NULL;
1175 ctx->rs_ctx = NULL;
Manuel Pégourié-Gonnard15d7df22017-08-17 14:33:31 +0200[diff] [blame]1176}
1177
1178/*
1179 * Free the components of a restart context
1180 */
1181void mbedtls_pk_restart_free( mbedtls_pk_restart_ctx *ctx )
1182{
Gilles Peskine1f19fa62018-12-19 14:18:39 +0100[diff] [blame]1183 if( ctx == NULL || ctx->pk_info == NULL ||
Manuel Pégourié-Gonnard0bbc66c2017-08-18 16:22:06 +0200[diff] [blame]1184 ctx->pk_info->rs_free_func == NULL )
1185 {
Manuel Pégourié-Gonnard15d7df22017-08-17 14:33:31 +0200[diff] [blame]1186 return;
Manuel Pégourié-Gonnard0bbc66c2017-08-18 16:22:06 +0200[diff] [blame]1187 }
Manuel Pégourié-Gonnard15d7df22017-08-17 14:33:31 +0200[diff] [blame]1188
Manuel Pégourié-Gonnard0bbc66c2017-08-18 16:22:06 +0200[diff] [blame]1189 ctx->pk_info->rs_free_func( ctx->rs_ctx );
1190
1191 ctx->pk_info = NULL;
1192 ctx->rs_ctx = NULL;
Manuel Pégourié-Gonnard15d7df22017-08-17 14:33:31 +0200[diff] [blame]1193}
Manuel Pégourié-Gonnardaaa98142017-08-18 17:30:37 +0200[diff] [blame]1194#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
Manuel Pégourié-Gonnard15d7df22017-08-17 14:33:31 +0200[diff] [blame]1195
Manuel Pégourié-Gonnard765db072013-08-14 15:00:27 +0200[diff] [blame]1196/*
1197 * Get pk_info structure from type
1198 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1199const mbedtls_pk_info_t * mbedtls_pk_info_from_type( mbedtls_pk_type_t pk_type )
Manuel Pégourié-Gonnard765db072013-08-14 15:00:27 +0200[diff] [blame]1200{
1201 switch( pk_type ) {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1202#if defined(MBEDTLS_RSA_C)
1203 case MBEDTLS_PK_RSA:
1204 return( &mbedtls_rsa_info );
Manuel Pégourié-Gonnard765db072013-08-14 15:00:27 +0200[diff] [blame]1205#endif
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1206#if defined(MBEDTLS_ECP_C)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1207 case MBEDTLS_PK_ECKEY_DH:
1208 return( &mbedtls_eckeydh_info );
Manuel Pégourié-Gonnard765db072013-08-14 15:00:27 +0200[diff] [blame]1209#endif
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1210#if defined(MBEDTLS_ECDSA_C)
1211 case MBEDTLS_PK_ECDSA:
1212 return( &mbedtls_ecdsa_info );
Manuel Pégourié-Gonnard765db072013-08-14 15:00:27 +0200[diff] [blame]1213#endif
Hanno Beckeradf11e12019-08-21 13:03:44 +0100[diff] [blame]1214#if defined(MBEDTLS_USE_TINYCRYPT)
1215 case MBEDTLS_PK_ECKEY:
1216 return( &mbedtls_uecc_eckey_info );
1217#else /* MBEDTLS_USE_TINYCRYPT */
1218#if defined(MBEDTLS_ECP_C)
1219 case MBEDTLS_PK_ECKEY:
1220 return( &mbedtls_eckey_info );
1221#endif
Jarno Lamsa42b83db2019-04-16 16:48:22 +0300[diff] [blame]1222#endif /* MBEDTLS_USE_TINYCRYPT */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1223 /* MBEDTLS_PK_RSA_ALT omitted on purpose */
Manuel Pégourié-Gonnard765db072013-08-14 15:00:27 +0200[diff] [blame]1224 default:
Paul Bakkerd8bb8262014-06-17 14:06:49 +0200[diff] [blame]1225 return( NULL );
Manuel Pégourié-Gonnard765db072013-08-14 15:00:27 +0200[diff] [blame]1226 }
Manuel Pégourié-Gonnard12e0ed92013-07-04 13:31:32 +0200[diff] [blame]1227}
1228
1229/*
Manuel Pégourié-Gonnardab466942013-08-15 11:30:27 +0200[diff] [blame]1230 * Initialise context
Manuel Pégourié-Gonnard12e0ed92013-07-04 13:31:32 +0200[diff] [blame]1231 */
Manuel Pégourié-Gonnardd9e6a3a2015-05-14 19:41:36 +0200[diff] [blame]1232int mbedtls_pk_setup( mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info )
Manuel Pégourié-Gonnard12e0ed92013-07-04 13:31:32 +0200[diff] [blame]1233{
Gilles Peskinee97dc602018-12-19 00:51:38 +0100[diff] [blame]1234 PK_VALIDATE_RET( ctx != NULL );
1235 if( info == NULL || ctx->pk_info != NULL )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1236 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
Manuel Pégourié-Gonnard12e0ed92013-07-04 13:31:32 +0200[diff] [blame]1237
Manuel Pégourié-Gonnardc10f0922019-09-19 10:45:14 +0200[diff] [blame]1238 if( ( ctx->pk_ctx = pk_info_ctx_alloc_func( info ) ) == NULL )
Manuel Pégourié-Gonnard6a8ca332015-05-28 09:33:39 +0200[diff] [blame]1239 return( MBEDTLS_ERR_PK_ALLOC_FAILED );
Manuel Pégourié-Gonnard12e0ed92013-07-04 13:31:32 +0200[diff] [blame]1240
Manuel Pégourié-Gonnard3fb5c5e2013-08-14 18:26:41 +0200[diff] [blame]1241 ctx->pk_info = info;
Manuel Pégourié-Gonnard12e0ed92013-07-04 13:31:32 +0200[diff] [blame]1242
1243 return( 0 );
1244}
Manuel Pégourié-Gonnardb3d91872013-08-14 15:56:19 +0200[diff] [blame]1245
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1246#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
Manuel Pégourié-Gonnardb4fae572014-01-20 11:22:25 +0100[diff] [blame]1247/*
Manuel Pégourié-Gonnard12c1ff02013-08-21 12:28:31 +0200[diff] [blame]1248 * Initialize an RSA-alt context
1249 */
Manuel Pégourié-Gonnardd9e6a3a2015-05-14 19:41:36 +0200[diff] [blame]1250int mbedtls_pk_setup_rsa_alt( mbedtls_pk_context *ctx, void * key,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1251 mbedtls_pk_rsa_alt_decrypt_func decrypt_func,
1252 mbedtls_pk_rsa_alt_sign_func sign_func,
1253 mbedtls_pk_rsa_alt_key_len_func key_len_func )
Manuel Pégourié-Gonnard12c1ff02013-08-21 12:28:31 +0200[diff] [blame]1254{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1255 mbedtls_rsa_alt_context *rsa_alt;
1256 const mbedtls_pk_info_t *info = &mbedtls_rsa_alt_info;
Manuel Pégourié-Gonnard12c1ff02013-08-21 12:28:31 +0200[diff] [blame]1257
Gilles Peskinee97dc602018-12-19 00:51:38 +0100[diff] [blame]1258 PK_VALIDATE_RET( ctx != NULL );
1259 if( ctx->pk_info != NULL )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1260 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
Manuel Pégourié-Gonnard12c1ff02013-08-21 12:28:31 +0200[diff] [blame]1261
1262 if( ( ctx->pk_ctx = info->ctx_alloc_func() ) == NULL )
Manuel Pégourié-Gonnard6a8ca332015-05-28 09:33:39 +0200[diff] [blame]1263 return( MBEDTLS_ERR_PK_ALLOC_FAILED );
Manuel Pégourié-Gonnard12c1ff02013-08-21 12:28:31 +0200[diff] [blame]1264
1265 ctx->pk_info = info;
1266
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1267 rsa_alt = (mbedtls_rsa_alt_context *) ctx->pk_ctx;
Manuel Pégourié-Gonnard12c1ff02013-08-21 12:28:31 +0200[diff] [blame]1268
1269 rsa_alt->key = key;
1270 rsa_alt->decrypt_func = decrypt_func;
1271 rsa_alt->sign_func = sign_func;
1272 rsa_alt->key_len_func = key_len_func;
1273
1274 return( 0 );
1275}
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1276#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
Manuel Pégourié-Gonnard12c1ff02013-08-21 12:28:31 +0200[diff] [blame]1277
1278/*
Manuel Pégourié-Gonnardb3d91872013-08-14 15:56:19 +0200[diff] [blame]1279 * Tell if a PK can do the operations of the given type
1280 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1281int mbedtls_pk_can_do( const mbedtls_pk_context *ctx, mbedtls_pk_type_t type )
Manuel Pégourié-Gonnardb3d91872013-08-14 15:56:19 +0200[diff] [blame]1282{
Gilles Peskine6af45ec2018-12-19 17:52:05 +0100[diff] [blame]1283 /* A context with null pk_info is not set up yet and can't do anything.
1284 * For backward compatibility, also accept NULL instead of a context
1285 * pointer. */
Manuel Pégourié-Gonnard3fb5c5e2013-08-14 18:26:41 +0200[diff] [blame]1286 if( ctx == NULL || ctx->pk_info == NULL )
Manuel Pégourié-Gonnardb3d91872013-08-14 15:56:19 +0200[diff] [blame]1287 return( 0 );
1288
Manuel Pégourié-Gonnardc10f0922019-09-19 10:45:14 +0200[diff] [blame]1289 return( pk_info_can_do( ctx->pk_info, type ) );
Manuel Pégourié-Gonnardb3d91872013-08-14 15:56:19 +0200[diff] [blame]1290}
1291
1292/*
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1293 * Helper for mbedtls_pk_sign and mbedtls_pk_verify
Manuel Pégourié-Gonnardbfe32ef2013-08-22 14:55:30 +0200[diff] [blame]1294 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1295static inline int pk_hashlen_helper( mbedtls_md_type_t md_alg, size_t *hash_len )
Manuel Pégourié-Gonnardbfe32ef2013-08-22 14:55:30 +0200[diff] [blame]1296{
Hanno Beckera5cedbc2019-07-17 11:21:02 +0100[diff] [blame]1297 mbedtls_md_handle_t md_info;
Manuel Pégourié-Gonnardbfe32ef2013-08-22 14:55:30 +0200[diff] [blame]1298
1299 if( *hash_len != 0 )
1300 return( 0 );
1301
Hanno Beckera5cedbc2019-07-17 11:21:02 +0100[diff] [blame]1302 if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) ==
1303 MBEDTLS_MD_INVALID_HANDLE )
1304 {
Manuel Pégourié-Gonnardbfe32ef2013-08-22 14:55:30 +0200[diff] [blame]1305 return( -1 );
Hanno Beckera5cedbc2019-07-17 11:21:02 +0100[diff] [blame]1306 }
Manuel Pégourié-Gonnardbfe32ef2013-08-22 14:55:30 +0200[diff] [blame]1307
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1308 *hash_len = mbedtls_md_get_size( md_info );
Manuel Pégourié-Gonnardbfe32ef2013-08-22 14:55:30 +0200[diff] [blame]1309 return( 0 );
1310}
1311
Manuel Pégourié-Gonnardaaa98142017-08-18 17:30:37 +0200[diff] [blame]1312#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
Manuel Pégourié-Gonnard0bbc66c2017-08-18 16:22:06 +0200[diff] [blame]1313/*
1314 * Helper to set up a restart context if needed
1315 */
1316static int pk_restart_setup( mbedtls_pk_restart_ctx *ctx,
Manuel Pégourié-Gonnardee68cff2018-10-15 15:27:49 +0200[diff] [blame]1317 const mbedtls_pk_info_t *info )
Manuel Pégourié-Gonnard0bbc66c2017-08-18 16:22:06 +0200[diff] [blame]1318{
Manuel Pégourié-Gonnardc8c12b62018-07-02 13:09:39 +0200[diff] [blame]1319 /* Don't do anything if already set up or invalid */
1320 if( ctx == NULL || ctx->pk_info != NULL )
Manuel Pégourié-Gonnard0bbc66c2017-08-18 16:22:06 +0200[diff] [blame]1321 return( 0 );
1322
1323 /* Should never happen when we're called */
1324 if( info->rs_alloc_func == NULL || info->rs_free_func == NULL )
1325 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
1326
1327 if( ( ctx->rs_ctx = info->rs_alloc_func() ) == NULL )
1328 return( MBEDTLS_ERR_PK_ALLOC_FAILED );
1329
1330 ctx->pk_info = info;
1331
1332 return( 0 );
1333}
Manuel Pégourié-Gonnardaaa98142017-08-18 17:30:37 +0200[diff] [blame]1334#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
Manuel Pégourié-Gonnard0bbc66c2017-08-18 16:22:06 +0200[diff] [blame]1335
Manuel Pégourié-Gonnardbfe32ef2013-08-22 14:55:30 +0200[diff] [blame]1336/*
Manuel Pégourié-Gonnard82cb27b2017-05-03 10:59:45 +0200[diff] [blame]1337 * Verify a signature (restartable)
Manuel Pégourié-Gonnardb3d91872013-08-14 15:56:19 +0200[diff] [blame]1338 */
Manuel Pégourié-Gonnard82cb27b2017-05-03 10:59:45 +0200[diff] [blame]1339int mbedtls_pk_verify_restartable( mbedtls_pk_context *ctx,
1340 mbedtls_md_type_t md_alg,
Manuel Pégourié-Gonnardf73da022013-08-17 14:36:32 +0200[diff] [blame]1341 const unsigned char *hash, size_t hash_len,
Manuel Pégourié-Gonnard82cb27b2017-05-03 10:59:45 +0200[diff] [blame]1342 const unsigned char *sig, size_t sig_len,
Manuel Pégourié-Gonnard15d7df22017-08-17 14:33:31 +0200[diff] [blame]1343 mbedtls_pk_restart_ctx *rs_ctx )
Manuel Pégourié-Gonnardb3d91872013-08-14 15:56:19 +0200[diff] [blame]1344{
Gilles Peskinee97dc602018-12-19 00:51:38 +0100[diff] [blame]1345 PK_VALIDATE_RET( ctx != NULL );
Gilles Peskineee3cfec2018-12-19 17:10:02 +0100[diff] [blame]1346 PK_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hash_len == 0 ) ||
1347 hash != NULL );
Gilles Peskinee97dc602018-12-19 00:51:38 +0100[diff] [blame]1348 PK_VALIDATE_RET( sig != NULL );
1349
1350 if( ctx->pk_info == NULL ||
Manuel Pégourié-Gonnardbfe32ef2013-08-22 14:55:30 +0200[diff] [blame]1351 pk_hashlen_helper( md_alg, &hash_len ) != 0 )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1352 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
Manuel Pégourié-Gonnardb3d91872013-08-14 15:56:19 +0200[diff] [blame]1353
Manuel Pégourié-Gonnardaaa98142017-08-18 17:30:37 +0200[diff] [blame]1354#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
Manuel Pégourié-Gonnardd55f7762017-08-18 17:40:15 +0200[diff] [blame]1355 /* optimization: use non-restartable version if restart disabled */
1356 if( rs_ctx != NULL &&
Manuel Pégourié-Gonnardb843b152018-10-16 10:41:31 +0200[diff] [blame]1357 mbedtls_ecp_restart_is_enabled() &&
Manuel Pégourié-Gonnardd55f7762017-08-18 17:40:15 +0200[diff] [blame]1358 ctx->pk_info->verify_rs_func != NULL )
Manuel Pégourié-Gonnard1f596062017-05-09 10:42:40 +0200[diff] [blame]1359 {
Manuel Pégourié-Gonnard0bbc66c2017-08-18 16:22:06 +0200[diff] [blame]1360 int ret;
1361
1362 if( ( ret = pk_restart_setup( rs_ctx, ctx->pk_info ) ) != 0 )
1363 return( ret );
1364
1365 ret = ctx->pk_info->verify_rs_func( ctx->pk_ctx,
1366 md_alg, hash, hash_len, sig, sig_len, rs_ctx->rs_ctx );
1367
1368 if( ret != MBEDTLS_ERR_ECP_IN_PROGRESS )
1369 mbedtls_pk_restart_free( rs_ctx );
1370
1371 return( ret );
Manuel Pégourié-Gonnard1f596062017-05-09 10:42:40 +0200[diff] [blame]1372 }
Manuel Pégourié-Gonnardaaa98142017-08-18 17:30:37 +0200[diff] [blame]1373#else /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
Manuel Pégourié-Gonnard1f596062017-05-09 10:42:40 +0200[diff] [blame]1374 (void) rs_ctx;
Manuel Pégourié-Gonnardaaa98142017-08-18 17:30:37 +0200[diff] [blame]1375#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
Manuel Pégourié-Gonnard1f596062017-05-09 10:42:40 +0200[diff] [blame]1376
Manuel Pégourié-Gonnardc10f0922019-09-19 10:45:14 +0200[diff] [blame]1377 return( pk_info_verify_func( ctx->pk_info, ctx->pk_ctx, md_alg, hash, hash_len,
Manuel Pégourié-Gonnardf73da022013-08-17 14:36:32 +0200[diff] [blame]1378 sig, sig_len ) );
Manuel Pégourié-Gonnardb3d91872013-08-14 15:56:19 +0200[diff] [blame]1379}
1380
1381/*
Manuel Pégourié-Gonnard82cb27b2017-05-03 10:59:45 +0200[diff] [blame]1382 * Verify a signature
1383 */
1384int mbedtls_pk_verify( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
1385 const unsigned char *hash, size_t hash_len,
1386 const unsigned char *sig, size_t sig_len )
1387{
1388 return( mbedtls_pk_verify_restartable( ctx, md_alg, hash, hash_len,
1389 sig, sig_len, NULL ) );
1390}
1391
1392/*
Manuel Pégourié-Gonnard20422e92014-06-05 13:41:44 +0200[diff] [blame]1393 * Verify a signature with options
1394 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1395int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options,
1396 mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
Manuel Pégourié-Gonnard20422e92014-06-05 13:41:44 +0200[diff] [blame]1397 const unsigned char *hash, size_t hash_len,
1398 const unsigned char *sig, size_t sig_len )
1399{
Gilles Peskinee97dc602018-12-19 00:51:38 +0100[diff] [blame]1400 PK_VALIDATE_RET( ctx != NULL );
Gilles Peskineee3cfec2018-12-19 17:10:02 +0100[diff] [blame]1401 PK_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hash_len == 0 ) ||
1402 hash != NULL );
Gilles Peskinee97dc602018-12-19 00:51:38 +0100[diff] [blame]1403 PK_VALIDATE_RET( sig != NULL );
1404
1405 if( ctx->pk_info == NULL )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1406 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
Manuel Pégourié-Gonnard20422e92014-06-05 13:41:44 +0200[diff] [blame]1407
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1408 if( ! mbedtls_pk_can_do( ctx, type ) )
1409 return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
Manuel Pégourié-Gonnard20422e92014-06-05 13:41:44 +0200[diff] [blame]1410
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1411 if( type == MBEDTLS_PK_RSASSA_PSS )
Manuel Pégourié-Gonnard20422e92014-06-05 13:41:44 +0200[diff] [blame]1412 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1413#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PKCS1_V21)
Manuel Pégourié-Gonnard20422e92014-06-05 13:41:44 +0200[diff] [blame]1414 int ret;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1415 const mbedtls_pk_rsassa_pss_options *pss_opts;
Manuel Pégourié-Gonnard20422e92014-06-05 13:41:44 +0200[diff] [blame]1416
Andres Amaya Garcia7c02c502017-08-04 13:32:15 +0100[diff] [blame]1417#if SIZE_MAX > UINT_MAX
Andres AG72849872017-01-19 11:24:33 +0000[diff] [blame]1418 if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len )
1419 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
Andres Amaya Garcia7c02c502017-08-04 13:32:15 +0100[diff] [blame]1420#endif /* SIZE_MAX > UINT_MAX */
Andres AG72849872017-01-19 11:24:33 +0000[diff] [blame]1421
Manuel Pégourié-Gonnard20422e92014-06-05 13:41:44 +0200[diff] [blame]1422 if( options == NULL )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1423 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
Manuel Pégourié-Gonnard20422e92014-06-05 13:41:44 +0200[diff] [blame]1424
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1425 pss_opts = (const mbedtls_pk_rsassa_pss_options *) options;
Manuel Pégourié-Gonnard20422e92014-06-05 13:41:44 +0200[diff] [blame]1426
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1427 if( sig_len < mbedtls_pk_get_len( ctx ) )
1428 return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
Manuel Pégourié-Gonnard20422e92014-06-05 13:41:44 +0200[diff] [blame]1429
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1430 ret = mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_pk_rsa( *ctx ),
1431 NULL, NULL, MBEDTLS_RSA_PUBLIC,
Sander Niemeijeref5087d2014-08-16 12:45:52 +0200[diff] [blame]1432 md_alg, (unsigned int) hash_len, hash,
Manuel Pégourié-Gonnard20422e92014-06-05 13:41:44 +0200[diff] [blame]1433 pss_opts->mgf1_hash_id,
1434 pss_opts->expected_salt_len,
1435 sig );
1436 if( ret != 0 )
1437 return( ret );
1438
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1439 if( sig_len > mbedtls_pk_get_len( ctx ) )
1440 return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );
Manuel Pégourié-Gonnard20422e92014-06-05 13:41:44 +0200[diff] [blame]1441
1442 return( 0 );
1443#else
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1444 return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
Andres AG72849872017-01-19 11:24:33 +0000[diff] [blame]1445#endif /* MBEDTLS_RSA_C && MBEDTLS_PKCS1_V21 */
Manuel Pégourié-Gonnard20422e92014-06-05 13:41:44 +0200[diff] [blame]1446 }
1447
1448 /* General case: no options */
1449 if( options != NULL )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1450 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
Manuel Pégourié-Gonnard20422e92014-06-05 13:41:44 +0200[diff] [blame]1451
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1452 return( mbedtls_pk_verify( ctx, md_alg, hash, hash_len, sig, sig_len ) );
Manuel Pégourié-Gonnard20422e92014-06-05 13:41:44 +0200[diff] [blame]1453}
1454
1455/*
Manuel Pégourié-Gonnard82cb27b2017-05-03 10:59:45 +0200[diff] [blame]1456 * Make a signature (restartable)
Manuel Pégourié-Gonnard8df27692013-08-21 10:34:38 +0200[diff] [blame]1457 */
Manuel Pégourié-Gonnard82cb27b2017-05-03 10:59:45 +0200[diff] [blame]1458int mbedtls_pk_sign_restartable( mbedtls_pk_context *ctx,
1459 mbedtls_md_type_t md_alg,
Manuel Pégourié-Gonnard8df27692013-08-21 10:34:38 +0200[diff] [blame]1460 const unsigned char *hash, size_t hash_len,
1461 unsigned char *sig, size_t *sig_len,
Manuel Pégourié-Gonnard82cb27b2017-05-03 10:59:45 +0200[diff] [blame]1462 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
Manuel Pégourié-Gonnard15d7df22017-08-17 14:33:31 +0200[diff] [blame]1463 mbedtls_pk_restart_ctx *rs_ctx )
Manuel Pégourié-Gonnard8df27692013-08-21 10:34:38 +0200[diff] [blame]1464{
Gilles Peskinee97dc602018-12-19 00:51:38 +0100[diff] [blame]1465 PK_VALIDATE_RET( ctx != NULL );
Gilles Peskineee3cfec2018-12-19 17:10:02 +0100[diff] [blame]1466 PK_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hash_len == 0 ) ||
1467 hash != NULL );
Gilles Peskinee97dc602018-12-19 00:51:38 +0100[diff] [blame]1468 PK_VALIDATE_RET( sig != NULL );
1469
1470 if( ctx->pk_info == NULL ||
Manuel Pégourié-Gonnardbfe32ef2013-08-22 14:55:30 +0200[diff] [blame]1471 pk_hashlen_helper( md_alg, &hash_len ) != 0 )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1472 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
Manuel Pégourié-Gonnard8df27692013-08-21 10:34:38 +0200[diff] [blame]1473
Manuel Pégourié-Gonnardaaa98142017-08-18 17:30:37 +0200[diff] [blame]1474#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
Manuel Pégourié-Gonnardd55f7762017-08-18 17:40:15 +0200[diff] [blame]1475 /* optimization: use non-restartable version if restart disabled */
1476 if( rs_ctx != NULL &&
Manuel Pégourié-Gonnardb843b152018-10-16 10:41:31 +0200[diff] [blame]1477 mbedtls_ecp_restart_is_enabled() &&
Manuel Pégourié-Gonnardd55f7762017-08-18 17:40:15 +0200[diff] [blame]1478 ctx->pk_info->sign_rs_func != NULL )
Manuel Pégourié-Gonnard1f596062017-05-09 10:42:40 +0200[diff] [blame]1479 {
Manuel Pégourié-Gonnard0bbc66c2017-08-18 16:22:06 +0200[diff] [blame]1480 int ret;
1481
1482 if( ( ret = pk_restart_setup( rs_ctx, ctx->pk_info ) ) != 0 )
1483 return( ret );
1484
1485 ret = ctx->pk_info->sign_rs_func( ctx->pk_ctx, md_alg,
1486 hash, hash_len, sig, sig_len, f_rng, p_rng, rs_ctx->rs_ctx );
1487
1488 if( ret != MBEDTLS_ERR_ECP_IN_PROGRESS )
1489 mbedtls_pk_restart_free( rs_ctx );
1490
1491 return( ret );
Manuel Pégourié-Gonnard1f596062017-05-09 10:42:40 +0200[diff] [blame]1492 }
Manuel Pégourié-Gonnardaaa98142017-08-18 17:30:37 +0200[diff] [blame]1493#else /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
Manuel Pégourié-Gonnard1f596062017-05-09 10:42:40 +0200[diff] [blame]1494 (void) rs_ctx;
Manuel Pégourié-Gonnardaaa98142017-08-18 17:30:37 +0200[diff] [blame]1495#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
Manuel Pégourié-Gonnard1f596062017-05-09 10:42:40 +0200[diff] [blame]1496
Manuel Pégourié-Gonnardc10f0922019-09-19 10:45:14 +0200[diff] [blame]1497 return( pk_info_sign_func( ctx->pk_info, ctx->pk_ctx, md_alg, hash, hash_len,
Manuel Pégourié-Gonnard8df27692013-08-21 10:34:38 +0200[diff] [blame]1498 sig, sig_len, f_rng, p_rng ) );
1499}
1500
1501/*
Manuel Pégourié-Gonnard82cb27b2017-05-03 10:59:45 +0200[diff] [blame]1502 * Make a signature
1503 */
1504int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
1505 const unsigned char *hash, size_t hash_len,
1506 unsigned char *sig, size_t *sig_len,
1507 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
1508{
1509 return( mbedtls_pk_sign_restartable( ctx, md_alg, hash, hash_len,
1510 sig, sig_len, f_rng, p_rng, NULL ) );
1511}
1512
1513/*
Manuel Pégourié-Gonnarda2d3f222013-08-21 11:51:08 +0200[diff] [blame]1514 * Decrypt message
1515 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1516int mbedtls_pk_decrypt( mbedtls_pk_context *ctx,
Manuel Pégourié-Gonnarda2d3f222013-08-21 11:51:08 +0200[diff] [blame]1517 const unsigned char *input, size_t ilen,
1518 unsigned char *output, size_t *olen, size_t osize,
1519 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
1520{
Gilles Peskinee97dc602018-12-19 00:51:38 +0100[diff] [blame]1521 PK_VALIDATE_RET( ctx != NULL );
1522 PK_VALIDATE_RET( input != NULL || ilen == 0 );
1523 PK_VALIDATE_RET( output != NULL || osize == 0 );
1524 PK_VALIDATE_RET( olen != NULL );
1525
1526 if( ctx->pk_info == NULL )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1527 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
Manuel Pégourié-Gonnarda2d3f222013-08-21 11:51:08 +0200[diff] [blame]1528
Manuel Pégourié-Gonnardc10f0922019-09-19 10:45:14 +0200[diff] [blame]1529 return( pk_info_decrypt_func( ctx->pk_info, ctx->pk_ctx, input, ilen,
Manuel Pégourié-Gonnarda2d3f222013-08-21 11:51:08 +0200[diff] [blame]1530 output, olen, osize, f_rng, p_rng ) );
1531}
1532
1533/*
1534 * Encrypt message
1535 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1536int mbedtls_pk_encrypt( mbedtls_pk_context *ctx,
Manuel Pégourié-Gonnarda2d3f222013-08-21 11:51:08 +0200[diff] [blame]1537 const unsigned char *input, size_t ilen,
1538 unsigned char *output, size_t *olen, size_t osize,
1539 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
1540{
Gilles Peskinee97dc602018-12-19 00:51:38 +0100[diff] [blame]1541 PK_VALIDATE_RET( ctx != NULL );
1542 PK_VALIDATE_RET( input != NULL || ilen == 0 );
1543 PK_VALIDATE_RET( output != NULL || osize == 0 );
1544 PK_VALIDATE_RET( olen != NULL );
1545
1546 if( ctx->pk_info == NULL )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1547 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
Manuel Pégourié-Gonnarda2d3f222013-08-21 11:51:08 +0200[diff] [blame]1548
Manuel Pégourié-Gonnardc10f0922019-09-19 10:45:14 +0200[diff] [blame]1549 return( pk_info_encrypt_func( ctx->pk_info, ctx->pk_ctx, input, ilen,
Manuel Pégourié-Gonnarda2d3f222013-08-21 11:51:08 +0200[diff] [blame]1550 output, olen, osize, f_rng, p_rng ) );
1551}
1552
1553/*
Manuel Pégourié-Gonnard70bdadf2014-11-06 16:51:20 +0100[diff] [blame]1554 * Check public-private key pair
1555 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1556int mbedtls_pk_check_pair( const mbedtls_pk_context *pub, const mbedtls_pk_context *prv )
Manuel Pégourié-Gonnard70bdadf2014-11-06 16:51:20 +0100[diff] [blame]1557{
Gilles Peskinee97dc602018-12-19 00:51:38 +0100[diff] [blame]1558 PK_VALIDATE_RET( pub != NULL );
1559 PK_VALIDATE_RET( prv != NULL );
1560
Manuel Pégourié-Gonnard2d9466f2019-09-19 10:45:14 +0200[diff] [blame]1561 if( pub->pk_info == NULL || prv->pk_info == NULL )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1562 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
Manuel Pégourié-Gonnard70bdadf2014-11-06 16:51:20 +0100[diff] [blame]1563
Manuel Pégourié-Gonnard2d9466f2019-09-19 10:45:14 +0200[diff] [blame]1564#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
Manuel Pégourié-Gonnardc10f0922019-09-19 10:45:14 +0200[diff] [blame]1565 if( pk_info_type( prv->pk_info ) == MBEDTLS_PK_RSA_ALT )
Manuel Pégourié-Gonnard70bdadf2014-11-06 16:51:20 +0100[diff] [blame]1566 {
Manuel Pégourié-Gonnardc10f0922019-09-19 10:45:14 +0200[diff] [blame]1567 if( pk_info_type( pub->pk_info ) != MBEDTLS_PK_RSA )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1568 return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
Manuel Pégourié-Gonnarda1efcb02014-11-08 17:08:08 +0100[diff] [blame]1569 }
1570 else
Manuel Pégourié-Gonnard2d9466f2019-09-19 10:45:14 +0200[diff] [blame]1571#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
Manuel Pégourié-Gonnarda1efcb02014-11-08 17:08:08 +0100[diff] [blame]1572 {
1573 if( pub->pk_info != prv->pk_info )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1574 return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
Manuel Pégourié-Gonnard70bdadf2014-11-06 16:51:20 +0100[diff] [blame]1575 }
1576
Manuel Pégourié-Gonnardc10f0922019-09-19 10:45:14 +0200[diff] [blame]1577 return( pk_info_check_pair_func( prv->pk_info, pub->pk_ctx, prv->pk_ctx ) );
Manuel Pégourié-Gonnard70bdadf2014-11-06 16:51:20 +0100[diff] [blame]1578}
1579
1580/*
Manuel Pégourié-Gonnardb3d91872013-08-14 15:56:19 +0200[diff] [blame]1581 * Get key size in bits
1582 */
Manuel Pégourié-Gonnard097c7bb2015-06-18 16:43:38 +0200[diff] [blame]1583size_t mbedtls_pk_get_bitlen( const mbedtls_pk_context *ctx )
Manuel Pégourié-Gonnardb3d91872013-08-14 15:56:19 +0200[diff] [blame]1584{
Gilles Peskine6af45ec2018-12-19 17:52:05 +0100[diff] [blame]1585 /* For backward compatibility, accept NULL or a context that
1586 * isn't set up yet, and return a fake value that should be safe. */
Manuel Pégourié-Gonnard3fb5c5e2013-08-14 18:26:41 +0200[diff] [blame]1587 if( ctx == NULL || ctx->pk_info == NULL )
Manuel Pégourié-Gonnardb3d91872013-08-14 15:56:19 +0200[diff] [blame]1588 return( 0 );
1589
Manuel Pégourié-Gonnardc10f0922019-09-19 10:45:14 +0200[diff] [blame]1590 return( pk_info_get_bitlen( ctx->pk_info, ctx->pk_ctx ) );
Manuel Pégourié-Gonnardb3d91872013-08-14 15:56:19 +0200[diff] [blame]1591}
Manuel Pégourié-Gonnardc6ac8872013-08-14 18:04:18 +0200[diff] [blame]1592
1593/*
1594 * Export debug information
1595 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1596int mbedtls_pk_debug( const mbedtls_pk_context *ctx, mbedtls_pk_debug_item *items )
Manuel Pégourié-Gonnardc6ac8872013-08-14 18:04:18 +0200[diff] [blame]1597{
Gilles Peskinee97dc602018-12-19 00:51:38 +0100[diff] [blame]1598 PK_VALIDATE_RET( ctx != NULL );
1599 if( ctx->pk_info == NULL )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1600 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
Manuel Pégourié-Gonnardc6ac8872013-08-14 18:04:18 +0200[diff] [blame]1601
Manuel Pégourié-Gonnard57d96cd2019-09-19 10:45:14 +0200[diff] [blame]1602 return( pk_info_debug_func( ctx->pk_info, ctx->pk_ctx, items ) );
Manuel Pégourié-Gonnardc6ac8872013-08-14 18:04:18 +0200[diff] [blame]1603}
Manuel Pégourié-Gonnard3fb5c5e2013-08-14 18:26:41 +0200[diff] [blame]1604
1605/*
1606 * Access the PK type name
1607 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1608const char *mbedtls_pk_get_name( const mbedtls_pk_context *ctx )
Manuel Pégourié-Gonnard3fb5c5e2013-08-14 18:26:41 +0200[diff] [blame]1609{
1610 if( ctx == NULL || ctx->pk_info == NULL )
1611 return( "invalid PK" );
1612
Manuel Pégourié-Gonnardc10f0922019-09-19 10:45:14 +0200[diff] [blame]1613 return( pk_info_name( ctx->pk_info ) );
Manuel Pégourié-Gonnard3fb5c5e2013-08-14 18:26:41 +0200[diff] [blame]1614}
Manuel Pégourié-Gonnardc40b4c32013-08-22 13:29:31 +0200[diff] [blame]1615
Manuel Pégourié-Gonnard8053da42013-09-11 22:28:30 +0200[diff] [blame]1616/*
1617 * Access the PK type
1618 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1619mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx )
Manuel Pégourié-Gonnard8053da42013-09-11 22:28:30 +0200[diff] [blame]1620{
1621 if( ctx == NULL || ctx->pk_info == NULL )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1622 return( MBEDTLS_PK_NONE );
Manuel Pégourié-Gonnard8053da42013-09-11 22:28:30 +0200[diff] [blame]1623
Manuel Pégourié-Gonnardc10f0922019-09-19 10:45:14 +0200[diff] [blame]1624 return( pk_info_type( ctx->pk_info ) );
Manuel Pégourié-Gonnard8053da42013-09-11 22:28:30 +0200[diff] [blame]1625}
1626
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1627#endif /* MBEDTLS_PK_C */