2018-02-08 19:04:43 +01:00
|
|
|
/*
|
|
|
|
* Public Key abstraction layer
|
|
|
|
*
|
2020-09-05 12:53:20 +02:00
|
|
|
* Copyright The Mbed TLS Contributors
|
2024-01-30 14:09:13 +01:00
|
|
|
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
2018-02-08 19:04:43 +01:00
|
|
|
*/
|
|
|
|
|
2021-12-21 12:54:05 +01:00
|
|
|
#include "common.h"
|
2018-02-08 19:04:43 +01:00
|
|
|
|
|
|
|
#if defined(MBEDTLS_PK_C)
|
|
|
|
#include "mbedtls/pk.h"
|
|
|
|
#include "mbedtls/pk_internal.h"
|
|
|
|
|
2018-06-07 16:25:01 +02:00
|
|
|
#include "mbedtls/platform_util.h"
|
2021-12-21 12:54:05 +01:00
|
|
|
#include "mbedtls/error.h"
|
2018-06-07 16:25:01 +02:00
|
|
|
|
2018-02-08 19:04:43 +01:00
|
|
|
#if defined(MBEDTLS_RSA_C)
|
|
|
|
#include "mbedtls/rsa.h"
|
|
|
|
#endif
|
|
|
|
#if defined(MBEDTLS_ECP_C)
|
|
|
|
#include "mbedtls/ecp.h"
|
|
|
|
#endif
|
|
|
|
#if defined(MBEDTLS_ECDSA_C)
|
|
|
|
#include "mbedtls/ecdsa.h"
|
|
|
|
#endif
|
|
|
|
|
2021-12-21 12:54:05 +01:00
|
|
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
|
|
|
#include "mbedtls/psa_util.h"
|
|
|
|
#endif
|
|
|
|
|
2018-02-08 19:04:43 +01:00
|
|
|
#include <limits.h>
|
|
|
|
#include <stdint.h>
|
|
|
|
|
2019-02-16 17:19:46 +01:00
|
|
|
/* Parameter validation macros based on platform_util.h */
|
2023-04-18 10:38:24 +02:00
|
|
|
#define PK_VALIDATE_RET(cond) \
|
|
|
|
MBEDTLS_INTERNAL_VALIDATE_RET(cond, MBEDTLS_ERR_PK_BAD_INPUT_DATA)
|
|
|
|
#define PK_VALIDATE(cond) \
|
|
|
|
MBEDTLS_INTERNAL_VALIDATE(cond)
|
2019-02-16 17:19:46 +01:00
|
|
|
|
2018-02-08 19:04:43 +01:00
|
|
|
/*
|
|
|
|
* Initialise a mbedtls_pk_context
|
|
|
|
*/
|
2023-04-18 10:38:24 +02:00
|
|
|
void mbedtls_pk_init(mbedtls_pk_context *ctx)
|
2018-02-08 19:04:43 +01:00
|
|
|
{
|
2023-04-18 10:38:24 +02:00
|
|
|
PK_VALIDATE(ctx != NULL);
|
2018-02-08 19:04:43 +01:00
|
|
|
|
|
|
|
ctx->pk_info = NULL;
|
|
|
|
ctx->pk_ctx = NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Free (the components of) a mbedtls_pk_context
|
|
|
|
*/
|
2023-04-18 10:38:24 +02:00
|
|
|
void mbedtls_pk_free(mbedtls_pk_context *ctx)
|
2018-02-08 19:04:43 +01:00
|
|
|
{
|
2023-04-18 10:38:24 +02:00
|
|
|
if (ctx == NULL) {
|
2018-02-08 19:04:43 +01:00
|
|
|
return;
|
2023-04-18 10:38:24 +02:00
|
|
|
}
|
2018-02-08 19:04:43 +01:00
|
|
|
|
2023-04-18 10:38:24 +02:00
|
|
|
if (ctx->pk_info != NULL) {
|
|
|
|
ctx->pk_info->ctx_free_func(ctx->pk_ctx);
|
|
|
|
}
|
2018-02-08 19:04:43 +01:00
|
|
|
|
2023-04-18 10:38:24 +02:00
|
|
|
mbedtls_platform_zeroize(ctx, sizeof(mbedtls_pk_context));
|
2018-02-08 19:04:43 +01:00
|
|
|
}
|
|
|
|
|
2019-02-16 17:19:46 +01:00
|
|
|
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
|
|
|
|
/*
|
|
|
|
* Initialize a restart context
|
|
|
|
*/
|
2023-04-18 10:38:24 +02:00
|
|
|
void mbedtls_pk_restart_init(mbedtls_pk_restart_ctx *ctx)
|
2019-02-16 17:19:46 +01:00
|
|
|
{
|
2023-04-18 10:38:24 +02:00
|
|
|
PK_VALIDATE(ctx != NULL);
|
2019-02-16 17:19:46 +01:00
|
|
|
ctx->pk_info = NULL;
|
|
|
|
ctx->rs_ctx = NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Free the components of a restart context
|
|
|
|
*/
|
2023-04-18 10:38:24 +02:00
|
|
|
void mbedtls_pk_restart_free(mbedtls_pk_restart_ctx *ctx)
|
2019-02-16 17:19:46 +01:00
|
|
|
{
|
2023-04-18 10:38:24 +02:00
|
|
|
if (ctx == NULL || ctx->pk_info == NULL ||
|
|
|
|
ctx->pk_info->rs_free_func == NULL) {
|
2019-02-16 17:19:46 +01:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2023-04-18 10:38:24 +02:00
|
|
|
ctx->pk_info->rs_free_func(ctx->rs_ctx);
|
2019-02-16 17:19:46 +01:00
|
|
|
|
|
|
|
ctx->pk_info = NULL;
|
|
|
|
ctx->rs_ctx = NULL;
|
|
|
|
}
|
|
|
|
#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
|
|
|
|
|
2018-02-08 19:04:43 +01:00
|
|
|
/*
|
|
|
|
* Get pk_info structure from type
|
|
|
|
*/
|
2023-04-18 10:38:24 +02:00
|
|
|
const mbedtls_pk_info_t *mbedtls_pk_info_from_type(mbedtls_pk_type_t pk_type)
|
2018-02-08 19:04:43 +01:00
|
|
|
{
|
2023-04-18 10:38:24 +02:00
|
|
|
switch (pk_type) {
|
2018-02-08 19:04:43 +01:00
|
|
|
#if defined(MBEDTLS_RSA_C)
|
|
|
|
case MBEDTLS_PK_RSA:
|
2023-04-18 10:38:24 +02:00
|
|
|
return &mbedtls_rsa_info;
|
2018-02-08 19:04:43 +01:00
|
|
|
#endif
|
|
|
|
#if defined(MBEDTLS_ECP_C)
|
|
|
|
case MBEDTLS_PK_ECKEY:
|
2023-04-18 10:38:24 +02:00
|
|
|
return &mbedtls_eckey_info;
|
2018-02-08 19:04:43 +01:00
|
|
|
case MBEDTLS_PK_ECKEY_DH:
|
2023-04-18 10:38:24 +02:00
|
|
|
return &mbedtls_eckeydh_info;
|
2018-02-08 19:04:43 +01:00
|
|
|
#endif
|
|
|
|
#if defined(MBEDTLS_ECDSA_C)
|
|
|
|
case MBEDTLS_PK_ECDSA:
|
2023-04-18 10:38:24 +02:00
|
|
|
return &mbedtls_ecdsa_info;
|
2018-02-08 19:04:43 +01:00
|
|
|
#endif
|
|
|
|
/* MBEDTLS_PK_RSA_ALT omitted on purpose */
|
|
|
|
default:
|
2023-04-18 10:38:24 +02:00
|
|
|
return NULL;
|
2018-02-08 19:04:43 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Initialise context
|
|
|
|
*/
|
2023-04-18 10:38:24 +02:00
|
|
|
int mbedtls_pk_setup(mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info)
|
2018-02-08 19:04:43 +01:00
|
|
|
{
|
2023-04-18 10:38:24 +02:00
|
|
|
PK_VALIDATE_RET(ctx != NULL);
|
|
|
|
if (info == NULL || ctx->pk_info != NULL) {
|
|
|
|
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
|
|
|
|
}
|
2018-02-08 19:04:43 +01:00
|
|
|
|
2023-04-18 10:38:24 +02:00
|
|
|
if ((ctx->pk_ctx = info->ctx_alloc_func()) == NULL) {
|
|
|
|
return MBEDTLS_ERR_PK_ALLOC_FAILED;
|
|
|
|
}
|
2018-02-08 19:04:43 +01:00
|
|
|
|
|
|
|
ctx->pk_info = info;
|
|
|
|
|
2023-04-18 10:38:24 +02:00
|
|
|
return 0;
|
2018-02-08 19:04:43 +01:00
|
|
|
}
|
|
|
|
|
2021-12-21 12:54:05 +01:00
|
|
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
|
|
|
/*
|
|
|
|
* Initialise a PSA-wrapping context
|
|
|
|
*/
|
2023-04-18 10:38:24 +02:00
|
|
|
int mbedtls_pk_setup_opaque(mbedtls_pk_context *ctx,
|
|
|
|
const psa_key_id_t key)
|
2021-12-21 12:54:05 +01:00
|
|
|
{
|
|
|
|
const mbedtls_pk_info_t * const info = &mbedtls_pk_opaque_info;
|
|
|
|
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
|
|
|
psa_key_id_t *pk_ctx;
|
|
|
|
psa_key_type_t type;
|
|
|
|
|
2023-04-18 10:38:24 +02:00
|
|
|
if (ctx == NULL || ctx->pk_info != NULL) {
|
|
|
|
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
|
|
|
|
}
|
2021-12-21 12:54:05 +01:00
|
|
|
|
2023-04-18 10:38:24 +02:00
|
|
|
if (PSA_SUCCESS != psa_get_key_attributes(key, &attributes)) {
|
|
|
|
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
|
|
|
|
}
|
|
|
|
type = psa_get_key_type(&attributes);
|
|
|
|
psa_reset_key_attributes(&attributes);
|
2021-12-21 12:54:05 +01:00
|
|
|
|
|
|
|
/* Current implementation of can_do() relies on this. */
|
2023-04-18 10:38:24 +02:00
|
|
|
if (!PSA_KEY_TYPE_IS_ECC_KEY_PAIR(type)) {
|
|
|
|
return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
|
|
|
|
}
|
2021-12-21 12:54:05 +01:00
|
|
|
|
2023-04-18 10:38:24 +02:00
|
|
|
if ((ctx->pk_ctx = info->ctx_alloc_func()) == NULL) {
|
|
|
|
return MBEDTLS_ERR_PK_ALLOC_FAILED;
|
|
|
|
}
|
2021-12-21 12:54:05 +01:00
|
|
|
|
|
|
|
ctx->pk_info = info;
|
|
|
|
|
|
|
|
pk_ctx = (psa_key_id_t *) ctx->pk_ctx;
|
|
|
|
*pk_ctx = key;
|
|
|
|
|
2023-04-18 10:38:24 +02:00
|
|
|
return 0;
|
2021-12-21 12:54:05 +01:00
|
|
|
}
|
|
|
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
|
|
|
|
2018-02-08 19:04:43 +01:00
|
|
|
#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
|
|
|
|
/*
|
|
|
|
* Initialize an RSA-alt context
|
|
|
|
*/
|
2023-04-18 10:38:24 +02:00
|
|
|
int mbedtls_pk_setup_rsa_alt(mbedtls_pk_context *ctx, void *key,
|
|
|
|
mbedtls_pk_rsa_alt_decrypt_func decrypt_func,
|
|
|
|
mbedtls_pk_rsa_alt_sign_func sign_func,
|
|
|
|
mbedtls_pk_rsa_alt_key_len_func key_len_func)
|
2018-02-08 19:04:43 +01:00
|
|
|
{
|
|
|
|
mbedtls_rsa_alt_context *rsa_alt;
|
|
|
|
const mbedtls_pk_info_t *info = &mbedtls_rsa_alt_info;
|
|
|
|
|
2023-04-18 10:38:24 +02:00
|
|
|
PK_VALIDATE_RET(ctx != NULL);
|
|
|
|
if (ctx->pk_info != NULL) {
|
|
|
|
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
|
|
|
|
}
|
2018-02-08 19:04:43 +01:00
|
|
|
|
2023-04-18 10:38:24 +02:00
|
|
|
if ((ctx->pk_ctx = info->ctx_alloc_func()) == NULL) {
|
|
|
|
return MBEDTLS_ERR_PK_ALLOC_FAILED;
|
|
|
|
}
|
2018-02-08 19:04:43 +01:00
|
|
|
|
|
|
|
ctx->pk_info = info;
|
|
|
|
|
|
|
|
rsa_alt = (mbedtls_rsa_alt_context *) ctx->pk_ctx;
|
|
|
|
|
|
|
|
rsa_alt->key = key;
|
|
|
|
rsa_alt->decrypt_func = decrypt_func;
|
|
|
|
rsa_alt->sign_func = sign_func;
|
|
|
|
rsa_alt->key_len_func = key_len_func;
|
|
|
|
|
2023-04-18 10:38:24 +02:00
|
|
|
return 0;
|
2018-02-08 19:04:43 +01:00
|
|
|
}
|
|
|
|
#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Tell if a PK can do the operations of the given type
|
|
|
|
*/
|
2023-04-18 10:38:24 +02:00
|
|
|
int mbedtls_pk_can_do(const mbedtls_pk_context *ctx, mbedtls_pk_type_t type)
|
2018-02-08 19:04:43 +01:00
|
|
|
{
|
2019-02-16 17:19:46 +01:00
|
|
|
/* A context with null pk_info is not set up yet and can't do anything.
|
|
|
|
* For backward compatibility, also accept NULL instead of a context
|
|
|
|
* pointer. */
|
2023-04-18 10:38:24 +02:00
|
|
|
if (ctx == NULL || ctx->pk_info == NULL) {
|
|
|
|
return 0;
|
|
|
|
}
|
2018-02-08 19:04:43 +01:00
|
|
|
|
2023-04-18 10:38:24 +02:00
|
|
|
return ctx->pk_info->can_do(type);
|
2018-02-08 19:04:43 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Helper for mbedtls_pk_sign and mbedtls_pk_verify
|
|
|
|
*/
|
2023-04-18 10:38:24 +02:00
|
|
|
static inline int pk_hashlen_helper(mbedtls_md_type_t md_alg, size_t *hash_len)
|
2018-02-08 19:04:43 +01:00
|
|
|
{
|
|
|
|
const mbedtls_md_info_t *md_info;
|
|
|
|
|
2023-04-18 10:38:24 +02:00
|
|
|
if (*hash_len != 0 && md_alg == MBEDTLS_MD_NONE) {
|
|
|
|
return 0;
|
|
|
|
}
|
2018-02-08 19:04:43 +01:00
|
|
|
|
2023-04-18 10:38:24 +02:00
|
|
|
if ((md_info = mbedtls_md_info_from_type(md_alg)) == NULL) {
|
|
|
|
return -1;
|
|
|
|
}
|
2018-02-08 19:04:43 +01:00
|
|
|
|
2023-04-18 10:38:24 +02:00
|
|
|
if (*hash_len != 0 && *hash_len != mbedtls_md_get_size(md_info)) {
|
|
|
|
return -1;
|
|
|
|
}
|
2021-07-20 12:32:46 +02:00
|
|
|
|
2023-04-18 10:38:24 +02:00
|
|
|
*hash_len = mbedtls_md_get_size(md_info);
|
|
|
|
return 0;
|
2018-02-08 19:04:43 +01:00
|
|
|
}
|
|
|
|
|
2019-02-16 17:19:46 +01:00
|
|
|
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
|
2018-02-08 19:04:43 +01:00
|
|
|
/*
|
2019-02-16 17:19:46 +01:00
|
|
|
* Helper to set up a restart context if needed
|
2018-02-08 19:04:43 +01:00
|
|
|
*/
|
2023-04-18 10:38:24 +02:00
|
|
|
static int pk_restart_setup(mbedtls_pk_restart_ctx *ctx,
|
|
|
|
const mbedtls_pk_info_t *info)
|
2019-02-16 17:19:46 +01:00
|
|
|
{
|
|
|
|
/* Don't do anything if already set up or invalid */
|
2023-04-18 10:38:24 +02:00
|
|
|
if (ctx == NULL || ctx->pk_info != NULL) {
|
|
|
|
return 0;
|
|
|
|
}
|
2019-02-16 17:19:46 +01:00
|
|
|
|
|
|
|
/* Should never happen when we're called */
|
2023-04-18 10:38:24 +02:00
|
|
|
if (info->rs_alloc_func == NULL || info->rs_free_func == NULL) {
|
|
|
|
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
|
|
|
|
}
|
2019-02-16 17:19:46 +01:00
|
|
|
|
2023-04-18 10:38:24 +02:00
|
|
|
if ((ctx->rs_ctx = info->rs_alloc_func()) == NULL) {
|
|
|
|
return MBEDTLS_ERR_PK_ALLOC_FAILED;
|
|
|
|
}
|
2019-02-16 17:19:46 +01:00
|
|
|
|
|
|
|
ctx->pk_info = info;
|
|
|
|
|
2023-04-18 10:38:24 +02:00
|
|
|
return 0;
|
2019-02-16 17:19:46 +01:00
|
|
|
}
|
|
|
|
#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Verify a signature (restartable)
|
|
|
|
*/
|
2023-04-18 10:38:24 +02:00
|
|
|
int mbedtls_pk_verify_restartable(mbedtls_pk_context *ctx,
|
|
|
|
mbedtls_md_type_t md_alg,
|
|
|
|
const unsigned char *hash, size_t hash_len,
|
|
|
|
const unsigned char *sig, size_t sig_len,
|
|
|
|
mbedtls_pk_restart_ctx *rs_ctx)
|
2018-02-08 19:04:43 +01:00
|
|
|
{
|
2023-04-18 10:38:24 +02:00
|
|
|
PK_VALIDATE_RET(ctx != NULL);
|
|
|
|
PK_VALIDATE_RET((md_alg == MBEDTLS_MD_NONE && hash_len == 0) ||
|
|
|
|
hash != NULL);
|
|
|
|
PK_VALIDATE_RET(sig != NULL);
|
|
|
|
|
|
|
|
if (ctx->pk_info == NULL ||
|
|
|
|
pk_hashlen_helper(md_alg, &hash_len) != 0) {
|
|
|
|
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
|
|
|
|
}
|
2018-02-08 19:04:43 +01:00
|
|
|
|
2019-02-16 17:19:46 +01:00
|
|
|
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
|
|
|
|
/* optimization: use non-restartable version if restart disabled */
|
2023-04-18 10:38:24 +02:00
|
|
|
if (rs_ctx != NULL &&
|
2019-02-16 17:19:46 +01:00
|
|
|
mbedtls_ecp_restart_is_enabled() &&
|
2023-04-18 10:38:24 +02:00
|
|
|
ctx->pk_info->verify_rs_func != NULL) {
|
2021-12-21 12:54:05 +01:00
|
|
|
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
2019-02-16 17:19:46 +01:00
|
|
|
|
2023-04-18 10:38:24 +02:00
|
|
|
if ((ret = pk_restart_setup(rs_ctx, ctx->pk_info)) != 0) {
|
|
|
|
return ret;
|
|
|
|
}
|
2019-02-16 17:19:46 +01:00
|
|
|
|
2023-04-18 10:38:24 +02:00
|
|
|
ret = ctx->pk_info->verify_rs_func(ctx->pk_ctx,
|
|
|
|
md_alg, hash, hash_len, sig, sig_len, rs_ctx->rs_ctx);
|
2019-02-16 17:19:46 +01:00
|
|
|
|
2023-04-18 10:38:24 +02:00
|
|
|
if (ret != MBEDTLS_ERR_ECP_IN_PROGRESS) {
|
|
|
|
mbedtls_pk_restart_free(rs_ctx);
|
|
|
|
}
|
2019-02-16 17:19:46 +01:00
|
|
|
|
2023-04-18 10:38:24 +02:00
|
|
|
return ret;
|
2019-02-16 17:19:46 +01:00
|
|
|
}
|
|
|
|
#else /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
|
|
|
|
(void) rs_ctx;
|
|
|
|
#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
|
|
|
|
|
2023-04-18 10:38:24 +02:00
|
|
|
if (ctx->pk_info->verify_func == NULL) {
|
|
|
|
return MBEDTLS_ERR_PK_TYPE_MISMATCH;
|
|
|
|
}
|
2018-02-08 19:04:43 +01:00
|
|
|
|
2023-04-18 10:38:24 +02:00
|
|
|
return ctx->pk_info->verify_func(ctx->pk_ctx, md_alg, hash, hash_len,
|
|
|
|
sig, sig_len);
|
2018-02-08 19:04:43 +01:00
|
|
|
}
|
|
|
|
|
2019-02-16 17:19:46 +01:00
|
|
|
/*
|
|
|
|
* Verify a signature
|
|
|
|
*/
|
2023-04-18 10:38:24 +02:00
|
|
|
int mbedtls_pk_verify(mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
|
|
|
|
const unsigned char *hash, size_t hash_len,
|
|
|
|
const unsigned char *sig, size_t sig_len)
|
2019-02-16 17:19:46 +01:00
|
|
|
{
|
2023-04-18 10:38:24 +02:00
|
|
|
return mbedtls_pk_verify_restartable(ctx, md_alg, hash, hash_len,
|
|
|
|
sig, sig_len, NULL);
|
2019-02-16 17:19:46 +01:00
|
|
|
}
|
|
|
|
|
2018-02-08 19:04:43 +01:00
|
|
|
/*
|
|
|
|
* Verify a signature with options
|
|
|
|
*/
|
2023-04-18 10:38:24 +02:00
|
|
|
int mbedtls_pk_verify_ext(mbedtls_pk_type_t type, const void *options,
|
|
|
|
mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
|
|
|
|
const unsigned char *hash, size_t hash_len,
|
|
|
|
const unsigned char *sig, size_t sig_len)
|
2018-02-08 19:04:43 +01:00
|
|
|
{
|
2023-04-18 10:38:24 +02:00
|
|
|
PK_VALIDATE_RET(ctx != NULL);
|
|
|
|
PK_VALIDATE_RET((md_alg == MBEDTLS_MD_NONE && hash_len == 0) ||
|
|
|
|
hash != NULL);
|
|
|
|
PK_VALIDATE_RET(sig != NULL);
|
2019-02-16 17:19:46 +01:00
|
|
|
|
2023-04-18 10:38:24 +02:00
|
|
|
if (ctx->pk_info == NULL) {
|
|
|
|
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
|
|
|
|
}
|
2018-02-08 19:04:43 +01:00
|
|
|
|
2023-04-18 10:38:24 +02:00
|
|
|
if (!mbedtls_pk_can_do(ctx, type)) {
|
|
|
|
return MBEDTLS_ERR_PK_TYPE_MISMATCH;
|
|
|
|
}
|
2018-02-08 19:04:43 +01:00
|
|
|
|
2023-04-18 10:38:24 +02:00
|
|
|
if (type == MBEDTLS_PK_RSASSA_PSS) {
|
2018-02-08 19:04:43 +01:00
|
|
|
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PKCS1_V21)
|
2021-12-21 12:54:05 +01:00
|
|
|
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
2018-02-08 19:04:43 +01:00
|
|
|
const mbedtls_pk_rsassa_pss_options *pss_opts;
|
|
|
|
|
|
|
|
#if SIZE_MAX > UINT_MAX
|
2023-04-18 10:38:24 +02:00
|
|
|
if (md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len) {
|
|
|
|
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
|
|
|
|
}
|
2018-02-08 19:04:43 +01:00
|
|
|
#endif /* SIZE_MAX > UINT_MAX */
|
|
|
|
|
2023-04-18 10:38:24 +02:00
|
|
|
if (options == NULL) {
|
|
|
|
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
|
|
|
|
}
|
2018-02-08 19:04:43 +01:00
|
|
|
|
|
|
|
pss_opts = (const mbedtls_pk_rsassa_pss_options *) options;
|
|
|
|
|
2023-04-18 10:38:24 +02:00
|
|
|
if (sig_len < mbedtls_pk_get_len(ctx)) {
|
|
|
|
return MBEDTLS_ERR_RSA_VERIFY_FAILED;
|
|
|
|
}
|
|
|
|
|
|
|
|
ret = mbedtls_rsa_rsassa_pss_verify_ext(mbedtls_pk_rsa(*ctx),
|
|
|
|
NULL, NULL, MBEDTLS_RSA_PUBLIC,
|
|
|
|
md_alg, (unsigned int) hash_len, hash,
|
|
|
|
pss_opts->mgf1_hash_id,
|
|
|
|
pss_opts->expected_salt_len,
|
|
|
|
sig);
|
|
|
|
if (ret != 0) {
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (sig_len > mbedtls_pk_get_len(ctx)) {
|
|
|
|
return MBEDTLS_ERR_PK_SIG_LEN_MISMATCH;
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
2018-02-08 19:04:43 +01:00
|
|
|
#else
|
2023-04-18 10:38:24 +02:00
|
|
|
return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
|
2018-02-08 19:04:43 +01:00
|
|
|
#endif /* MBEDTLS_RSA_C && MBEDTLS_PKCS1_V21 */
|
|
|
|
}
|
|
|
|
|
|
|
|
/* General case: no options */
|
2023-04-18 10:38:24 +02:00
|
|
|
if (options != NULL) {
|
|
|
|
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
|
|
|
|
}
|
2018-02-08 19:04:43 +01:00
|
|
|
|
2023-04-18 10:38:24 +02:00
|
|
|
return mbedtls_pk_verify(ctx, md_alg, hash, hash_len, sig, sig_len);
|
2018-02-08 19:04:43 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
2019-02-16 17:19:46 +01:00
|
|
|
* Make a signature (restartable)
|
2018-02-08 19:04:43 +01:00
|
|
|
*/
|
2023-04-18 10:38:24 +02:00
|
|
|
int mbedtls_pk_sign_restartable(mbedtls_pk_context *ctx,
|
|
|
|
mbedtls_md_type_t md_alg,
|
|
|
|
const unsigned char *hash, size_t hash_len,
|
|
|
|
unsigned char *sig, size_t *sig_len,
|
|
|
|
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
|
|
|
|
mbedtls_pk_restart_ctx *rs_ctx)
|
2018-02-08 19:04:43 +01:00
|
|
|
{
|
2023-04-18 10:38:24 +02:00
|
|
|
PK_VALIDATE_RET(ctx != NULL);
|
|
|
|
PK_VALIDATE_RET((md_alg == MBEDTLS_MD_NONE && hash_len == 0) ||
|
|
|
|
hash != NULL);
|
|
|
|
PK_VALIDATE_RET(sig != NULL);
|
|
|
|
|
|
|
|
if (ctx->pk_info == NULL ||
|
|
|
|
pk_hashlen_helper(md_alg, &hash_len) != 0) {
|
|
|
|
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
|
|
|
|
}
|
2018-02-08 19:04:43 +01:00
|
|
|
|
2019-02-16 17:19:46 +01:00
|
|
|
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
|
|
|
|
/* optimization: use non-restartable version if restart disabled */
|
2023-04-18 10:38:24 +02:00
|
|
|
if (rs_ctx != NULL &&
|
2019-02-16 17:19:46 +01:00
|
|
|
mbedtls_ecp_restart_is_enabled() &&
|
2023-04-18 10:38:24 +02:00
|
|
|
ctx->pk_info->sign_rs_func != NULL) {
|
2021-12-21 12:54:05 +01:00
|
|
|
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
2019-02-16 17:19:46 +01:00
|
|
|
|
2023-04-18 10:38:24 +02:00
|
|
|
if ((ret = pk_restart_setup(rs_ctx, ctx->pk_info)) != 0) {
|
|
|
|
return ret;
|
|
|
|
}
|
2019-02-16 17:19:46 +01:00
|
|
|
|
2023-04-18 10:38:24 +02:00
|
|
|
ret = ctx->pk_info->sign_rs_func(ctx->pk_ctx, md_alg,
|
|
|
|
hash, hash_len, sig, sig_len, f_rng, p_rng,
|
|
|
|
rs_ctx->rs_ctx);
|
2019-02-16 17:19:46 +01:00
|
|
|
|
2023-04-18 10:38:24 +02:00
|
|
|
if (ret != MBEDTLS_ERR_ECP_IN_PROGRESS) {
|
|
|
|
mbedtls_pk_restart_free(rs_ctx);
|
|
|
|
}
|
2019-02-16 17:19:46 +01:00
|
|
|
|
2023-04-18 10:38:24 +02:00
|
|
|
return ret;
|
2019-02-16 17:19:46 +01:00
|
|
|
}
|
|
|
|
#else /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
|
|
|
|
(void) rs_ctx;
|
|
|
|
#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
|
|
|
|
|
2023-04-18 10:38:24 +02:00
|
|
|
if (ctx->pk_info->sign_func == NULL) {
|
|
|
|
return MBEDTLS_ERR_PK_TYPE_MISMATCH;
|
|
|
|
}
|
2018-02-08 19:04:43 +01:00
|
|
|
|
2023-04-18 10:38:24 +02:00
|
|
|
return ctx->pk_info->sign_func(ctx->pk_ctx, md_alg, hash, hash_len,
|
|
|
|
sig, sig_len, f_rng, p_rng);
|
2018-02-08 19:04:43 +01:00
|
|
|
}
|
|
|
|
|
2019-02-16 17:19:46 +01:00
|
|
|
/*
|
|
|
|
* Make a signature
|
|
|
|
*/
|
2023-04-18 10:38:24 +02:00
|
|
|
int mbedtls_pk_sign(mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
|
|
|
|
const unsigned char *hash, size_t hash_len,
|
|
|
|
unsigned char *sig, size_t *sig_len,
|
|
|
|
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
|
2019-02-16 17:19:46 +01:00
|
|
|
{
|
2023-04-18 10:38:24 +02:00
|
|
|
return mbedtls_pk_sign_restartable(ctx, md_alg, hash, hash_len,
|
|
|
|
sig, sig_len, f_rng, p_rng, NULL);
|
2019-02-16 17:19:46 +01:00
|
|
|
}
|
|
|
|
|
2018-02-08 19:04:43 +01:00
|
|
|
/*
|
|
|
|
* Decrypt message
|
|
|
|
*/
|
2023-04-18 10:38:24 +02:00
|
|
|
int mbedtls_pk_decrypt(mbedtls_pk_context *ctx,
|
|
|
|
const unsigned char *input, size_t ilen,
|
|
|
|
unsigned char *output, size_t *olen, size_t osize,
|
|
|
|
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
|
2018-02-08 19:04:43 +01:00
|
|
|
{
|
2023-04-18 10:38:24 +02:00
|
|
|
PK_VALIDATE_RET(ctx != NULL);
|
|
|
|
PK_VALIDATE_RET(input != NULL || ilen == 0);
|
|
|
|
PK_VALIDATE_RET(output != NULL || osize == 0);
|
|
|
|
PK_VALIDATE_RET(olen != NULL);
|
2019-02-16 17:19:46 +01:00
|
|
|
|
2023-04-18 10:38:24 +02:00
|
|
|
if (ctx->pk_info == NULL) {
|
|
|
|
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
|
|
|
|
}
|
2018-02-08 19:04:43 +01:00
|
|
|
|
2023-04-18 10:38:24 +02:00
|
|
|
if (ctx->pk_info->decrypt_func == NULL) {
|
|
|
|
return MBEDTLS_ERR_PK_TYPE_MISMATCH;
|
|
|
|
}
|
2018-02-08 19:04:43 +01:00
|
|
|
|
2023-04-18 10:38:24 +02:00
|
|
|
return ctx->pk_info->decrypt_func(ctx->pk_ctx, input, ilen,
|
|
|
|
output, olen, osize, f_rng, p_rng);
|
2018-02-08 19:04:43 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Encrypt message
|
|
|
|
*/
|
2023-04-18 10:38:24 +02:00
|
|
|
int mbedtls_pk_encrypt(mbedtls_pk_context *ctx,
|
|
|
|
const unsigned char *input, size_t ilen,
|
|
|
|
unsigned char *output, size_t *olen, size_t osize,
|
|
|
|
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
|
2018-02-08 19:04:43 +01:00
|
|
|
{
|
2023-04-18 10:38:24 +02:00
|
|
|
PK_VALIDATE_RET(ctx != NULL);
|
|
|
|
PK_VALIDATE_RET(input != NULL || ilen == 0);
|
|
|
|
PK_VALIDATE_RET(output != NULL || osize == 0);
|
|
|
|
PK_VALIDATE_RET(olen != NULL);
|
2019-02-16 17:19:46 +01:00
|
|
|
|
2023-04-18 10:38:24 +02:00
|
|
|
if (ctx->pk_info == NULL) {
|
|
|
|
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
|
|
|
|
}
|
2018-02-08 19:04:43 +01:00
|
|
|
|
2023-04-18 10:38:24 +02:00
|
|
|
if (ctx->pk_info->encrypt_func == NULL) {
|
|
|
|
return MBEDTLS_ERR_PK_TYPE_MISMATCH;
|
|
|
|
}
|
2018-02-08 19:04:43 +01:00
|
|
|
|
2023-04-18 10:38:24 +02:00
|
|
|
return ctx->pk_info->encrypt_func(ctx->pk_ctx, input, ilen,
|
|
|
|
output, olen, osize, f_rng, p_rng);
|
2018-02-08 19:04:43 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Check public-private key pair
|
|
|
|
*/
|
2023-04-18 10:38:24 +02:00
|
|
|
int mbedtls_pk_check_pair(const mbedtls_pk_context *pub, const mbedtls_pk_context *prv)
|
2018-02-08 19:04:43 +01:00
|
|
|
{
|
2023-04-18 10:38:24 +02:00
|
|
|
PK_VALIDATE_RET(pub != NULL);
|
|
|
|
PK_VALIDATE_RET(prv != NULL);
|
2019-02-16 17:19:46 +01:00
|
|
|
|
2023-04-18 10:38:24 +02:00
|
|
|
if (pub->pk_info == NULL ||
|
|
|
|
prv->pk_info == NULL) {
|
|
|
|
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
|
2018-02-08 19:04:43 +01:00
|
|
|
}
|
|
|
|
|
2023-04-18 10:38:24 +02:00
|
|
|
if (prv->pk_info->check_pair_func == NULL) {
|
|
|
|
return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
|
2018-02-08 19:04:43 +01:00
|
|
|
}
|
2023-04-18 10:38:24 +02:00
|
|
|
|
|
|
|
if (prv->pk_info->type == MBEDTLS_PK_RSA_ALT) {
|
|
|
|
if (pub->pk_info->type != MBEDTLS_PK_RSA) {
|
|
|
|
return MBEDTLS_ERR_PK_TYPE_MISMATCH;
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
if (pub->pk_info != prv->pk_info) {
|
|
|
|
return MBEDTLS_ERR_PK_TYPE_MISMATCH;
|
|
|
|
}
|
2018-02-08 19:04:43 +01:00
|
|
|
}
|
|
|
|
|
2023-04-18 10:38:24 +02:00
|
|
|
return prv->pk_info->check_pair_func(pub->pk_ctx, prv->pk_ctx);
|
2018-02-08 19:04:43 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Get key size in bits
|
|
|
|
*/
|
2023-04-18 10:38:24 +02:00
|
|
|
size_t mbedtls_pk_get_bitlen(const mbedtls_pk_context *ctx)
|
2018-02-08 19:04:43 +01:00
|
|
|
{
|
2019-02-16 17:19:46 +01:00
|
|
|
/* For backward compatibility, accept NULL or a context that
|
|
|
|
* isn't set up yet, and return a fake value that should be safe. */
|
2023-04-18 10:38:24 +02:00
|
|
|
if (ctx == NULL || ctx->pk_info == NULL) {
|
|
|
|
return 0;
|
|
|
|
}
|
2018-02-08 19:04:43 +01:00
|
|
|
|
2023-04-18 10:38:24 +02:00
|
|
|
return ctx->pk_info->get_bitlen(ctx->pk_ctx);
|
2018-02-08 19:04:43 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Export debug information
|
|
|
|
*/
|
2023-04-18 10:38:24 +02:00
|
|
|
int mbedtls_pk_debug(const mbedtls_pk_context *ctx, mbedtls_pk_debug_item *items)
|
2018-02-08 19:04:43 +01:00
|
|
|
{
|
2023-04-18 10:38:24 +02:00
|
|
|
PK_VALIDATE_RET(ctx != NULL);
|
|
|
|
if (ctx->pk_info == NULL) {
|
|
|
|
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
|
|
|
|
}
|
2018-02-08 19:04:43 +01:00
|
|
|
|
2023-04-18 10:38:24 +02:00
|
|
|
if (ctx->pk_info->debug_func == NULL) {
|
|
|
|
return MBEDTLS_ERR_PK_TYPE_MISMATCH;
|
|
|
|
}
|
2018-02-08 19:04:43 +01:00
|
|
|
|
2023-04-18 10:38:24 +02:00
|
|
|
ctx->pk_info->debug_func(ctx->pk_ctx, items);
|
|
|
|
return 0;
|
2018-02-08 19:04:43 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Access the PK type name
|
|
|
|
*/
|
2023-04-18 10:38:24 +02:00
|
|
|
const char *mbedtls_pk_get_name(const mbedtls_pk_context *ctx)
|
2018-02-08 19:04:43 +01:00
|
|
|
{
|
2023-04-18 10:38:24 +02:00
|
|
|
if (ctx == NULL || ctx->pk_info == NULL) {
|
|
|
|
return "invalid PK";
|
|
|
|
}
|
2018-02-08 19:04:43 +01:00
|
|
|
|
2023-04-18 10:38:24 +02:00
|
|
|
return ctx->pk_info->name;
|
2018-02-08 19:04:43 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Access the PK type
|
|
|
|
*/
|
2023-04-18 10:38:24 +02:00
|
|
|
mbedtls_pk_type_t mbedtls_pk_get_type(const mbedtls_pk_context *ctx)
|
2018-02-08 19:04:43 +01:00
|
|
|
{
|
2023-04-18 10:38:24 +02:00
|
|
|
if (ctx == NULL || ctx->pk_info == NULL) {
|
|
|
|
return MBEDTLS_PK_NONE;
|
|
|
|
}
|
2018-02-08 19:04:43 +01:00
|
|
|
|
2023-04-18 10:38:24 +02:00
|
|
|
return ctx->pk_info->type;
|
2018-02-08 19:04:43 +01:00
|
|
|
}
|
|
|
|
|
2021-12-21 12:54:05 +01:00
|
|
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
|
|
|
/*
|
|
|
|
* Load the key to a PSA key slot,
|
|
|
|
* then turn the PK context into a wrapper for that key slot.
|
|
|
|
*
|
|
|
|
* Currently only works for EC private keys.
|
|
|
|
*/
|
2023-04-18 10:38:24 +02:00
|
|
|
int mbedtls_pk_wrap_as_opaque(mbedtls_pk_context *pk,
|
|
|
|
psa_key_id_t *key,
|
|
|
|
psa_algorithm_t hash_alg)
|
2021-12-21 12:54:05 +01:00
|
|
|
{
|
|
|
|
#if !defined(MBEDTLS_ECP_C)
|
|
|
|
((void) pk);
|
|
|
|
((void) key);
|
|
|
|
((void) hash_alg);
|
2023-04-18 10:38:24 +02:00
|
|
|
return MBEDTLS_ERR_PK_TYPE_MISMATCH;
|
2021-12-21 12:54:05 +01:00
|
|
|
#else
|
|
|
|
const mbedtls_ecp_keypair *ec;
|
|
|
|
unsigned char d[MBEDTLS_ECP_MAX_BYTES];
|
|
|
|
size_t d_len;
|
|
|
|
psa_ecc_family_t curve_id;
|
|
|
|
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
|
|
|
psa_key_type_t key_type;
|
|
|
|
size_t bits;
|
|
|
|
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
2023-08-04 18:09:03 +02:00
|
|
|
psa_status_t status;
|
2021-12-21 12:54:05 +01:00
|
|
|
|
|
|
|
/* export the private key material in the format PSA wants */
|
2023-04-18 10:38:24 +02:00
|
|
|
if (mbedtls_pk_get_type(pk) != MBEDTLS_PK_ECKEY) {
|
|
|
|
return MBEDTLS_ERR_PK_TYPE_MISMATCH;
|
|
|
|
}
|
2021-12-21 12:54:05 +01:00
|
|
|
|
2023-04-18 10:38:24 +02:00
|
|
|
ec = mbedtls_pk_ec(*pk);
|
|
|
|
d_len = (ec->grp.nbits + 7) / 8;
|
|
|
|
if ((ret = mbedtls_mpi_write_binary(&ec->d, d, d_len)) != 0) {
|
|
|
|
return ret;
|
|
|
|
}
|
2021-12-21 12:54:05 +01:00
|
|
|
|
2023-04-18 10:38:24 +02:00
|
|
|
curve_id = mbedtls_ecc_group_to_psa(ec->grp.id, &bits);
|
|
|
|
key_type = PSA_KEY_TYPE_ECC_KEY_PAIR(curve_id);
|
2021-12-21 12:54:05 +01:00
|
|
|
|
|
|
|
/* prepare the key attributes */
|
2023-04-18 10:38:24 +02:00
|
|
|
psa_set_key_type(&attributes, key_type);
|
|
|
|
psa_set_key_bits(&attributes, bits);
|
|
|
|
psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH);
|
|
|
|
psa_set_key_algorithm(&attributes, PSA_ALG_ECDSA(hash_alg));
|
2021-12-21 12:54:05 +01:00
|
|
|
|
|
|
|
/* import private key into PSA */
|
2023-08-04 18:09:03 +02:00
|
|
|
status = psa_import_key(&attributes, d, d_len, key);
|
|
|
|
mbedtls_platform_zeroize(d, sizeof(d));
|
|
|
|
if (status != PSA_SUCCESS) {
|
2023-04-18 10:38:24 +02:00
|
|
|
return MBEDTLS_ERR_PK_HW_ACCEL_FAILED;
|
|
|
|
}
|
2021-12-21 12:54:05 +01:00
|
|
|
|
|
|
|
/* make PK context wrap the key slot */
|
2023-04-18 10:38:24 +02:00
|
|
|
mbedtls_pk_free(pk);
|
|
|
|
mbedtls_pk_init(pk);
|
2021-12-21 12:54:05 +01:00
|
|
|
|
2023-04-18 10:38:24 +02:00
|
|
|
return mbedtls_pk_setup_opaque(pk, *key);
|
2021-12-21 12:54:05 +01:00
|
|
|
#endif /* MBEDTLS_ECP_C */
|
|
|
|
}
|
|
|
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
2018-02-08 19:04:43 +01:00
|
|
|
#endif /* MBEDTLS_PK_C */
|