git.zerfleddert.de Git - proxmark3-svn/blob - common/mbedtls/pk_wrap.c

   1 /*
   2  *  Public Key abstraction layer: wrapper functions
   3  *
   4  *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
   5  *  SPDX-License-Identifier: GPL-2.0
   6  *
   7  *  This program is free software; you can redistribute it and/or modify
   8  *  it under the terms of the GNU General Public License as published by
   9  *  the Free Software Foundation; either version 2 of the License, or
  10  *  (at your option) any later version.
  11  *
  12  *  This program is distributed in the hope that it will be useful,
  13  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  14  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15  *  GNU General Public License for more details.
  16  *
  17  *  You should have received a copy of the GNU General Public License along
  18  *  with this program; if not, write to the Free Software Foundation, Inc.,
  19  *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  *  This file is part of mbed TLS (https://tls.mbed.org)
  22  */
  23
  24 #if !defined(MBEDTLS_CONFIG_FILE)
  25 #include "mbedtls/config.h"
  26 #else
  27 #include MBEDTLS_CONFIG_FILE
  28 #endif
  29
  30 #if defined(MBEDTLS_PK_C)
  31 #include "mbedtls/pk_internal.h"
  32
  33 /* Even if RSA not activated, for the sake of RSA-alt */
  34 #include "mbedtls/rsa.h"
  35
  36 #include <string.h>
  37
  38 #if defined(MBEDTLS_ECP_C)
  39 #include "mbedtls/ecp.h"
  40 #endif
  41
  42 #if defined(MBEDTLS_ECDSA_C)
  43 #include "mbedtls/ecdsa.h"
  44 #endif
  45
  46 #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
  47 #include "mbedtls/platform_util.h"
  48 #endif
  49
  50 #if defined(MBEDTLS_PLATFORM_C)
  51 #include "mbedtls/platform.h"
  52 #else
  53 #include <stdlib.h>
  54 #define mbedtls_calloc    calloc
  55 #define mbedtls_free       free
  56 #endif
  57
  58 #include <limits.h>
  59 #include <stdint.h>
  60
  61 #if defined(MBEDTLS_RSA_C)
  62 static int rsa_can_do( mbedtls_pk_type_t type )
  63 {
  64     return( type == MBEDTLS_PK_RSA ||
  65             type == MBEDTLS_PK_RSASSA_PSS );
  66 }
  67
  68 static size_t rsa_get_bitlen( const void *ctx )
  69 {
  70     const mbedtls_rsa_context * rsa = (const mbedtls_rsa_context *) ctx;
  71     return( 8 * mbedtls_rsa_get_len( rsa ) );
  72 }
  73
  74 static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
  75                    const unsigned char *hash, size_t hash_len,
  76                    const unsigned char *sig, size_t sig_len )
  77 {
  78     int ret;
  79     mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
  80     size_t rsa_len = mbedtls_rsa_get_len( rsa );
  81
  82 #if SIZE_MAX > UINT_MAX
  83     if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len )
  84         return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
  85 #endif /* SIZE_MAX > UINT_MAX */
  86
  87     if( sig_len < rsa_len )
  88         return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
  89
  90     if( ( ret = mbedtls_rsa_pkcs1_verify( rsa, NULL, NULL,
  91                                   MBEDTLS_RSA_PUBLIC, md_alg,
  92                                   (unsigned int) hash_len, hash, sig ) ) != 0 )
  93         return( ret );
  94
  95     /* The buffer contains a valid signature followed by extra data.
  96      * We have a special error code for that so that so that callers can
  97      * use mbedtls_pk_verify() to check "Does the buffer start with a
  98      * valid signature?" and not just "Does the buffer contain a valid
  99      * signature?". */
 100     if( sig_len > rsa_len )
 101         return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );
 102
 103     return( 0 );
 104 }
 105
 106 static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
 107                    const unsigned char *hash, size_t hash_len,
 108                    unsigned char *sig, size_t *sig_len,
 109                    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
 110 {
 111     mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
 112
 113 #if SIZE_MAX > UINT_MAX
 114     if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len )
 115         return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
 116 #endif /* SIZE_MAX > UINT_MAX */
 117
 118     *sig_len = mbedtls_rsa_get_len( rsa );
 119
 120     return( mbedtls_rsa_pkcs1_sign( rsa, f_rng, p_rng, MBEDTLS_RSA_PRIVATE,
 121                 md_alg, (unsigned int) hash_len, hash, sig ) );
 122 }
 123
 124 static int rsa_decrypt_wrap( void *ctx,
 125                     const unsigned char *input, size_t ilen,
 126                     unsigned char *output, size_t *olen, size_t osize,
 127                     int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
 128 {
 129     mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
 130
 131     if( ilen != mbedtls_rsa_get_len( rsa ) )
 132         return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
 133
 134     return( mbedtls_rsa_pkcs1_decrypt( rsa, f_rng, p_rng,
 135                 MBEDTLS_RSA_PRIVATE, olen, input, output, osize ) );
 136 }
 137
 138 static int rsa_encrypt_wrap( void *ctx,
 139                     const unsigned char *input, size_t ilen,
 140                     unsigned char *output, size_t *olen, size_t osize,
 141                     int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
 142 {
 143     mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
 144     *olen = mbedtls_rsa_get_len( rsa );
 145
 146     if( *olen > osize )
 147         return( MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE );
 148
 149     return( mbedtls_rsa_pkcs1_encrypt( rsa, f_rng, p_rng, MBEDTLS_RSA_PUBLIC,
 150                                        ilen, input, output ) );
 151 }
 152
 153 static int rsa_check_pair_wrap( const void *pub, const void *prv )
 154 {
 155     return( mbedtls_rsa_check_pub_priv( (const mbedtls_rsa_context *) pub,
 156                                 (const mbedtls_rsa_context *) prv ) );
 157 }
 158
 159 static void *rsa_alloc_wrap( void )
 160 {
 161     void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_rsa_context ) );
 162
 163     if( ctx != NULL )
 164         mbedtls_rsa_init( (mbedtls_rsa_context *) ctx, 0, 0 );
 165
 166     return( ctx );
 167 }
 168
 169 static void rsa_free_wrap( void *ctx )
 170 {
 171     mbedtls_rsa_free( (mbedtls_rsa_context *) ctx );
 172     mbedtls_free( ctx );
 173 }
 174
 175 static void rsa_debug( const void *ctx, mbedtls_pk_debug_item *items )
 176 {
 177     items->type = MBEDTLS_PK_DEBUG_MPI;
 178     items->name = "rsa.N";
 179     items->value = &( ((mbedtls_rsa_context *) ctx)->N );
 180
 181     items++;
 182
 183     items->type = MBEDTLS_PK_DEBUG_MPI;
 184     items->name = "rsa.E";
 185     items->value = &( ((mbedtls_rsa_context *) ctx)->E );
 186 }
 187
 188 const mbedtls_pk_info_t mbedtls_rsa_info = {
 189     MBEDTLS_PK_RSA,
 190     "RSA",
 191     rsa_get_bitlen,
 192     rsa_can_do,
 193     rsa_verify_wrap,
 194     rsa_sign_wrap,
 195     rsa_decrypt_wrap,
 196     rsa_encrypt_wrap,
 197     rsa_check_pair_wrap,
 198     rsa_alloc_wrap,
 199     rsa_free_wrap,
 200     rsa_debug,
 201 };
 202 #endif /* MBEDTLS_RSA_C */
 203
 204 #if defined(MBEDTLS_ECP_C)
 205 /*
 206  * Generic EC key
 207  */
 208 static int eckey_can_do( mbedtls_pk_type_t type )
 209 {
 210     return( type == MBEDTLS_PK_ECKEY ||
 211             type == MBEDTLS_PK_ECKEY_DH ||
 212             type == MBEDTLS_PK_ECDSA );
 213 }
 214
 215 static size_t eckey_get_bitlen( const void *ctx )
 216 {
 217     return( ((mbedtls_ecp_keypair *) ctx)->grp.pbits );
 218 }
 219
 220 #if defined(MBEDTLS_ECDSA_C)
 221 /* Forward declarations */
 222 static int ecdsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
 223                        const unsigned char *hash, size_t hash_len,
 224                        const unsigned char *sig, size_t sig_len );
 225
 226 static int ecdsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
 227                    const unsigned char *hash, size_t hash_len,
 228                    unsigned char *sig, size_t *sig_len,
 229                    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
 230
 231 static int eckey_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
 232                        const unsigned char *hash, size_t hash_len,
 233                        const unsigned char *sig, size_t sig_len )
 234 {
 235     int ret;
 236     mbedtls_ecdsa_context ecdsa;
 237
 238     mbedtls_ecdsa_init( &ecdsa );
 239
 240     if( ( ret = mbedtls_ecdsa_from_keypair( &ecdsa, ctx ) ) == 0 )
 241         ret = ecdsa_verify_wrap( &ecdsa, md_alg, hash, hash_len, sig, sig_len );
 242
 243     mbedtls_ecdsa_free( &ecdsa );
 244
 245     return( ret );
 246 }
 247
 248 static int eckey_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
 249                    const unsigned char *hash, size_t hash_len,
 250                    unsigned char *sig, size_t *sig_len,
 251                    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
 252 {
 253     int ret;
 254     mbedtls_ecdsa_context ecdsa;
 255
 256     mbedtls_ecdsa_init( &ecdsa );
 257
 258     if( ( ret = mbedtls_ecdsa_from_keypair( &ecdsa, ctx ) ) == 0 )
 259         ret = ecdsa_sign_wrap( &ecdsa, md_alg, hash, hash_len, sig, sig_len,
 260                                f_rng, p_rng );
 261
 262     mbedtls_ecdsa_free( &ecdsa );
 263
 264     return( ret );
 265 }
 266
 267 #endif /* MBEDTLS_ECDSA_C */
 268
 269 static int eckey_check_pair( const void *pub, const void *prv )
 270 {
 271     return( mbedtls_ecp_check_pub_priv( (const mbedtls_ecp_keypair *) pub,
 272                                 (const mbedtls_ecp_keypair *) prv ) );
 273 }
 274
 275 static void *eckey_alloc_wrap( void )
 276 {
 277     void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ecp_keypair ) );
 278
 279     if( ctx != NULL )
 280         mbedtls_ecp_keypair_init( ctx );
 281
 282     return( ctx );
 283 }
 284
 285 static void eckey_free_wrap( void *ctx )
 286 {
 287     mbedtls_ecp_keypair_free( (mbedtls_ecp_keypair *) ctx );
 288     mbedtls_free( ctx );
 289 }
 290
 291 static void eckey_debug( const void *ctx, mbedtls_pk_debug_item *items )
 292 {
 293     items->type = MBEDTLS_PK_DEBUG_ECP;
 294     items->name = "eckey.Q";
 295     items->value = &( ((mbedtls_ecp_keypair *) ctx)->Q );
 296 }
 297
 298 const mbedtls_pk_info_t mbedtls_eckey_info = {
 299     MBEDTLS_PK_ECKEY,
 300     "EC",
 301     eckey_get_bitlen,
 302     eckey_can_do,
 303 #if defined(MBEDTLS_ECDSA_C)
 304     eckey_verify_wrap,
 305     eckey_sign_wrap,
 306 #else
 307     NULL,
 308     NULL,
 309 #endif
 310     NULL,
 311     NULL,
 312     eckey_check_pair,
 313     eckey_alloc_wrap,
 314     eckey_free_wrap,
 315     eckey_debug,
 316 };
 317
 318 /*
 319  * EC key restricted to ECDH
 320  */
 321 static int eckeydh_can_do( mbedtls_pk_type_t type )
 322 {
 323     return( type == MBEDTLS_PK_ECKEY ||
 324             type == MBEDTLS_PK_ECKEY_DH );
 325 }
 326
 327 const mbedtls_pk_info_t mbedtls_eckeydh_info = {
 328     MBEDTLS_PK_ECKEY_DH,
 329     "EC_DH",
 330     eckey_get_bitlen,         /* Same underlying key structure */
 331     eckeydh_can_do,
 332     NULL,
 333     NULL,
 334     NULL,
 335     NULL,
 336     eckey_check_pair,
 337     eckey_alloc_wrap,       /* Same underlying key structure */
 338     eckey_free_wrap,        /* Same underlying key structure */
 339     eckey_debug,            /* Same underlying key structure */
 340 };
 341 #endif /* MBEDTLS_ECP_C */
 342
 343 #if defined(MBEDTLS_ECDSA_C)
 344 static int ecdsa_can_do( mbedtls_pk_type_t type )
 345 {
 346     return( type == MBEDTLS_PK_ECDSA );
 347 }
 348
 349 static int ecdsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
 350                        const unsigned char *hash, size_t hash_len,
 351                        const unsigned char *sig, size_t sig_len )
 352 {
 353     int ret;
 354     ((void) md_alg);
 355
 356     ret = mbedtls_ecdsa_read_signature( (mbedtls_ecdsa_context *) ctx,
 357                                 hash, hash_len, sig, sig_len );
 358
 359     if( ret == MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH )
 360         return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );
 361
 362     return( ret );
 363 }
 364
 365 static int ecdsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
 366                    const unsigned char *hash, size_t hash_len,
 367                    unsigned char *sig, size_t *sig_len,
 368                    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
 369 {
 370     return( mbedtls_ecdsa_write_signature( (mbedtls_ecdsa_context *) ctx,
 371                 md_alg, hash, hash_len, sig, sig_len, f_rng, p_rng ) );
 372 }
 373
 374 static void *ecdsa_alloc_wrap( void )
 375 {
 376     void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ecdsa_context ) );
 377
 378     if( ctx != NULL )
 379         mbedtls_ecdsa_init( (mbedtls_ecdsa_context *) ctx );
 380
 381     return( ctx );
 382 }
 383
 384 static void ecdsa_free_wrap( void *ctx )
 385 {
 386     mbedtls_ecdsa_free( (mbedtls_ecdsa_context *) ctx );
 387     mbedtls_free( ctx );
 388 }
 389
 390 const mbedtls_pk_info_t mbedtls_ecdsa_info = {
 391     MBEDTLS_PK_ECDSA,
 392     "ECDSA",
 393     eckey_get_bitlen,     /* Compatible key structures */
 394     ecdsa_can_do,
 395     ecdsa_verify_wrap,
 396     ecdsa_sign_wrap,
 397     NULL,
 398     NULL,
 399     eckey_check_pair,   /* Compatible key structures */
 400     ecdsa_alloc_wrap,
 401     ecdsa_free_wrap,
 402     eckey_debug,        /* Compatible key structures */
 403 };
 404 #endif /* MBEDTLS_ECDSA_C */
 405
 406 #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
 407 /*
 408  * Support for alternative RSA-private implementations
 409  */
 410
 411 static int rsa_alt_can_do( mbedtls_pk_type_t type )
 412 {
 413     return( type == MBEDTLS_PK_RSA );
 414 }
 415
 416 static size_t rsa_alt_get_bitlen( const void *ctx )
 417 {
 418     const mbedtls_rsa_alt_context *rsa_alt = (const mbedtls_rsa_alt_context *) ctx;
 419
 420     return( 8 * rsa_alt->key_len_func( rsa_alt->key ) );
 421 }
 422
 423 static int rsa_alt_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
 424                    const unsigned char *hash, size_t hash_len,
 425                    unsigned char *sig, size_t *sig_len,
 426                    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
 427 {
 428     mbedtls_rsa_alt_context *rsa_alt = (mbedtls_rsa_alt_context *) ctx;
 429
 430 #if SIZE_MAX > UINT_MAX
 431     if( UINT_MAX < hash_len )
 432         return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
 433 #endif /* SIZE_MAX > UINT_MAX */
 434
 435     *sig_len = rsa_alt->key_len_func( rsa_alt->key );
 436
 437     return( rsa_alt->sign_func( rsa_alt->key, f_rng, p_rng, MBEDTLS_RSA_PRIVATE,
 438                 md_alg, (unsigned int) hash_len, hash, sig ) );
 439 }
 440
 441 static int rsa_alt_decrypt_wrap( void *ctx,
 442                     const unsigned char *input, size_t ilen,
 443                     unsigned char *output, size_t *olen, size_t osize,
 444                     int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
 445 {
 446     mbedtls_rsa_alt_context *rsa_alt = (mbedtls_rsa_alt_context *) ctx;
 447
 448     ((void) f_rng);
 449     ((void) p_rng);
 450
 451     if( ilen != rsa_alt->key_len_func( rsa_alt->key ) )
 452         return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
 453
 454     return( rsa_alt->decrypt_func( rsa_alt->key,
 455                 MBEDTLS_RSA_PRIVATE, olen, input, output, osize ) );
 456 }
 457
 458 #if defined(MBEDTLS_RSA_C)
 459 static int rsa_alt_check_pair( const void *pub, const void *prv )
 460 {
 461     unsigned char sig[MBEDTLS_MPI_MAX_SIZE];
 462     unsigned char hash[32];
 463     size_t sig_len = 0;
 464     int ret;
 465
 466     if( rsa_alt_get_bitlen( prv ) != rsa_get_bitlen( pub ) )
 467         return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
 468
 469     memset( hash, 0x2a, sizeof( hash ) );
 470
 471     if( ( ret = rsa_alt_sign_wrap( (void *) prv, MBEDTLS_MD_NONE,
 472                                    hash, sizeof( hash ),
 473                                    sig, &sig_len, NULL, NULL ) ) != 0 )
 474     {
 475         return( ret );
 476     }
 477
 478     if( rsa_verify_wrap( (void *) pub, MBEDTLS_MD_NONE,
 479                          hash, sizeof( hash ), sig, sig_len ) != 0 )
 480     {
 481         return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
 482     }
 483
 484     return( 0 );
 485 }
 486 #endif /* MBEDTLS_RSA_C */
 487
 488 static void *rsa_alt_alloc_wrap( void )
 489 {
 490     void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_rsa_alt_context ) );
 491
 492     if( ctx != NULL )
 493         memset( ctx, 0, sizeof( mbedtls_rsa_alt_context ) );
 494
 495     return( ctx );
 496 }
 497
 498 static void rsa_alt_free_wrap( void *ctx )
 499 {
 500     mbedtls_platform_zeroize( ctx, sizeof( mbedtls_rsa_alt_context ) );
 501     mbedtls_free( ctx );
 502 }
 503
 504 const mbedtls_pk_info_t mbedtls_rsa_alt_info = {
 505     MBEDTLS_PK_RSA_ALT,
 506     "RSA-alt",
 507     rsa_alt_get_bitlen,
 508     rsa_alt_can_do,
 509     NULL,
 510     rsa_alt_sign_wrap,
 511     rsa_alt_decrypt_wrap,
 512     NULL,
 513 #if defined(MBEDTLS_RSA_C)
 514     rsa_alt_check_pair,
 515 #else
 516     NULL,
 517 #endif
 518     rsa_alt_alloc_wrap,
 519     rsa_alt_free_wrap,
 520     NULL,
 521 };
 522
 523 #endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
 524
 525 #endif /* MBEDTLS_PK_C */