1 /*
2 * Public Key abstraction layer
3 *
4 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
5 * SPDX-License-Identifier: Apache-2.0
6 *
7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
8 * not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 *
19 * This file is part of mbed TLS (https://tls.mbed.org)
20 */
21
22 #if !defined(MBEDTLS_CONFIG_FILE)
23 #include "mbedtls/config.h"
24 #else
25 #include MBEDTLS_CONFIG_FILE
26 #endif
27
28 #if defined(MBEDTLS_PK_C)
29 #include "mbedtls/pk.h"
30 #include "mbedtls/pk_internal.h"
31
32 #if defined(MBEDTLS_RSA_C)
33 #include "mbedtls/rsa.h"
34 #endif
35 #if defined(MBEDTLS_ECP_C)
36 #include "mbedtls/ecp.h"
37 #endif
38 #if defined(MBEDTLS_ECDSA_C)
39 #include "mbedtls/ecdsa.h"
40 #endif
41
42 /* Implementation that should never be optimized out by the compiler */
mbedtls_zeroize(void * v,size_t n)43 static void mbedtls_zeroize( void *v, size_t n ) {
44 volatile unsigned char *p = v; while( n-- ) *p++ = 0;
45 }
46
47 /*
48 * Initialise a mbedtls_pk_context
49 */
mbedtls_pk_init(mbedtls_pk_context * ctx)50 void mbedtls_pk_init( mbedtls_pk_context *ctx )
51 {
52 if( ctx == NULL )
53 return;
54
55 ctx->pk_info = NULL;
56 ctx->pk_ctx = NULL;
57 }
58
59 /*
60 * Free (the components of) a mbedtls_pk_context
61 */
mbedtls_pk_free(mbedtls_pk_context * ctx)62 void mbedtls_pk_free( mbedtls_pk_context *ctx )
63 {
64 if( ctx == NULL || ctx->pk_info == NULL )
65 return;
66
67 ctx->pk_info->ctx_free_func( ctx->pk_ctx );
68
69 mbedtls_zeroize( ctx, sizeof( mbedtls_pk_context ) );
70 }
71
72 /*
73 * Get pk_info structure from type
74 */
mbedtls_pk_info_from_type(mbedtls_pk_type_t pk_type)75 const mbedtls_pk_info_t * mbedtls_pk_info_from_type( mbedtls_pk_type_t pk_type )
76 {
77 switch( pk_type ) {
78 #if defined(MBEDTLS_RSA_C)
79 case MBEDTLS_PK_RSA:
80 return( &mbedtls_rsa_info );
81 #endif
82 #if defined(MBEDTLS_ECP_C)
83 case MBEDTLS_PK_ECKEY:
84 return( &mbedtls_eckey_info );
85 case MBEDTLS_PK_ECKEY_DH:
86 return( &mbedtls_eckeydh_info );
87 #endif
88 #if defined(MBEDTLS_ECDSA_C)
89 case MBEDTLS_PK_ECDSA:
90 return( &mbedtls_ecdsa_info );
91 #endif
92 /* MBEDTLS_PK_RSA_ALT omitted on purpose */
93 default:
94 return( NULL );
95 }
96 }
97
98 /*
99 * Initialise context
100 */
mbedtls_pk_setup(mbedtls_pk_context * ctx,const mbedtls_pk_info_t * info)101 int mbedtls_pk_setup( mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info )
102 {
103 if( ctx == NULL || info == NULL || ctx->pk_info != NULL )
104 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
105
106 if( ( ctx->pk_ctx = info->ctx_alloc_func() ) == NULL )
107 return( MBEDTLS_ERR_PK_ALLOC_FAILED );
108
109 ctx->pk_info = info;
110
111 return( 0 );
112 }
113
114 #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
115 /*
116 * Initialize an RSA-alt context
117 */
mbedtls_pk_setup_rsa_alt(mbedtls_pk_context * ctx,void * key,mbedtls_pk_rsa_alt_decrypt_func decrypt_func,mbedtls_pk_rsa_alt_sign_func sign_func,mbedtls_pk_rsa_alt_key_len_func key_len_func)118 int mbedtls_pk_setup_rsa_alt( mbedtls_pk_context *ctx, void * key,
119 mbedtls_pk_rsa_alt_decrypt_func decrypt_func,
120 mbedtls_pk_rsa_alt_sign_func sign_func,
121 mbedtls_pk_rsa_alt_key_len_func key_len_func )
122 {
123 mbedtls_rsa_alt_context *rsa_alt;
124 const mbedtls_pk_info_t *info = &mbedtls_rsa_alt_info;
125
126 if( ctx == NULL || ctx->pk_info != NULL )
127 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
128
129 if( ( ctx->pk_ctx = info->ctx_alloc_func() ) == NULL )
130 return( MBEDTLS_ERR_PK_ALLOC_FAILED );
131
132 ctx->pk_info = info;
133
134 rsa_alt = (mbedtls_rsa_alt_context *) ctx->pk_ctx;
135
136 rsa_alt->key = key;
137 rsa_alt->decrypt_func = decrypt_func;
138 rsa_alt->sign_func = sign_func;
139 rsa_alt->key_len_func = key_len_func;
140
141 return( 0 );
142 }
143 #endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
144
145 /*
146 * Tell if a PK can do the operations of the given type
147 */
mbedtls_pk_can_do(const mbedtls_pk_context * ctx,mbedtls_pk_type_t type)148 int mbedtls_pk_can_do( const mbedtls_pk_context *ctx, mbedtls_pk_type_t type )
149 {
150 /* null or NONE context can't do anything */
151 if( ctx == NULL || ctx->pk_info == NULL )
152 return( 0 );
153
154 return( ctx->pk_info->can_do( type ) );
155 }
156
157 /*
158 * Helper for mbedtls_pk_sign and mbedtls_pk_verify
159 */
pk_hashlen_helper(mbedtls_md_type_t md_alg,size_t * hash_len)160 static inline int pk_hashlen_helper( mbedtls_md_type_t md_alg, size_t *hash_len )
161 {
162 const mbedtls_md_info_t *md_info;
163
164 if( *hash_len != 0 )
165 return( 0 );
166
167 if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) == NULL )
168 return( -1 );
169
170 *hash_len = mbedtls_md_get_size( md_info );
171 return( 0 );
172 }
173
174 /*
175 * Verify a signature
176 */
mbedtls_pk_verify(mbedtls_pk_context * ctx,mbedtls_md_type_t md_alg,const unsigned char * hash,size_t hash_len,const unsigned char * sig,size_t sig_len)177 int mbedtls_pk_verify( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
178 const unsigned char *hash, size_t hash_len,
179 const unsigned char *sig, size_t sig_len )
180 {
181 if( ctx == NULL || ctx->pk_info == NULL ||
182 pk_hashlen_helper( md_alg, &hash_len ) != 0 )
183 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
184
185 if( ctx->pk_info->verify_func == NULL )
186 return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
187
188 return( ctx->pk_info->verify_func( ctx->pk_ctx, md_alg, hash, hash_len,
189 sig, sig_len ) );
190 }
191
192 /*
193 * Verify a signature with options
194 */
mbedtls_pk_verify_ext(mbedtls_pk_type_t type,const void * options,mbedtls_pk_context * ctx,mbedtls_md_type_t md_alg,const unsigned char * hash,size_t hash_len,const unsigned char * sig,size_t sig_len)195 int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options,
196 mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
197 const unsigned char *hash, size_t hash_len,
198 const unsigned char *sig, size_t sig_len )
199 {
200 if( ctx == NULL || ctx->pk_info == NULL )
201 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
202
203 if( ! mbedtls_pk_can_do( ctx, type ) )
204 return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
205
206 if( type == MBEDTLS_PK_RSASSA_PSS )
207 {
208 #if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PKCS1_V21)
209 int ret;
210 const mbedtls_pk_rsassa_pss_options *pss_opts;
211
212 if( options == NULL )
213 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
214
215 pss_opts = (const mbedtls_pk_rsassa_pss_options *) options;
216
217 if( sig_len < mbedtls_pk_get_len( ctx ) )
218 return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
219
220 ret = mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_pk_rsa( *ctx ),
221 NULL, NULL, MBEDTLS_RSA_PUBLIC,
222 md_alg, (unsigned int) hash_len, hash,
223 pss_opts->mgf1_hash_id,
224 pss_opts->expected_salt_len,
225 sig );
226 if( ret != 0 )
227 return( ret );
228
229 if( sig_len > mbedtls_pk_get_len( ctx ) )
230 return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );
231
232 return( 0 );
233 #else
234 return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
235 #endif
236 }
237
238 /* General case: no options */
239 if( options != NULL )
240 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
241
242 return( mbedtls_pk_verify( ctx, md_alg, hash, hash_len, sig, sig_len ) );
243 }
244
245 /*
246 * Make a signature
247 */
mbedtls_pk_sign(mbedtls_pk_context * ctx,mbedtls_md_type_t md_alg,const unsigned char * hash,size_t hash_len,unsigned char * sig,size_t * sig_len,int (* f_rng)(void *,unsigned char *,size_t),void * p_rng)248 int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
249 const unsigned char *hash, size_t hash_len,
250 unsigned char *sig, size_t *sig_len,
251 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
252 {
253 if( ctx == NULL || ctx->pk_info == NULL ||
254 pk_hashlen_helper( md_alg, &hash_len ) != 0 )
255 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
256
257 if( ctx->pk_info->sign_func == NULL )
258 return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
259
260 return( ctx->pk_info->sign_func( ctx->pk_ctx, md_alg, hash, hash_len,
261 sig, sig_len, f_rng, p_rng ) );
262 }
263
264 /*
265 * Decrypt message
266 */
mbedtls_pk_decrypt(mbedtls_pk_context * ctx,const unsigned char * input,size_t ilen,unsigned char * output,size_t * olen,size_t osize,int (* f_rng)(void *,unsigned char *,size_t),void * p_rng)267 int mbedtls_pk_decrypt( mbedtls_pk_context *ctx,
268 const unsigned char *input, size_t ilen,
269 unsigned char *output, size_t *olen, size_t osize,
270 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
271 {
272 if( ctx == NULL || ctx->pk_info == NULL )
273 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
274
275 if( ctx->pk_info->decrypt_func == NULL )
276 return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
277
278 return( ctx->pk_info->decrypt_func( ctx->pk_ctx, input, ilen,
279 output, olen, osize, f_rng, p_rng ) );
280 }
281
282 /*
283 * Encrypt message
284 */
mbedtls_pk_encrypt(mbedtls_pk_context * ctx,const unsigned char * input,size_t ilen,unsigned char * output,size_t * olen,size_t osize,int (* f_rng)(void *,unsigned char *,size_t),void * p_rng)285 int mbedtls_pk_encrypt( mbedtls_pk_context *ctx,
286 const unsigned char *input, size_t ilen,
287 unsigned char *output, size_t *olen, size_t osize,
288 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
289 {
290 if( ctx == NULL || ctx->pk_info == NULL )
291 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
292
293 if( ctx->pk_info->encrypt_func == NULL )
294 return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
295
296 return( ctx->pk_info->encrypt_func( ctx->pk_ctx, input, ilen,
297 output, olen, osize, f_rng, p_rng ) );
298 }
299
300 /*
301 * Check public-private key pair
302 */
mbedtls_pk_check_pair(const mbedtls_pk_context * pub,const mbedtls_pk_context * prv)303 int mbedtls_pk_check_pair( const mbedtls_pk_context *pub, const mbedtls_pk_context *prv )
304 {
305 if( pub == NULL || pub->pk_info == NULL ||
306 prv == NULL || prv->pk_info == NULL ||
307 prv->pk_info->check_pair_func == NULL )
308 {
309 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
310 }
311
312 if( prv->pk_info->type == MBEDTLS_PK_RSA_ALT )
313 {
314 if( pub->pk_info->type != MBEDTLS_PK_RSA )
315 return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
316 }
317 else
318 {
319 if( pub->pk_info != prv->pk_info )
320 return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
321 }
322
323 return( prv->pk_info->check_pair_func( pub->pk_ctx, prv->pk_ctx ) );
324 }
325
326 /*
327 * Get key size in bits
328 */
mbedtls_pk_get_bitlen(const mbedtls_pk_context * ctx)329 size_t mbedtls_pk_get_bitlen( const mbedtls_pk_context *ctx )
330 {
331 if( ctx == NULL || ctx->pk_info == NULL )
332 return( 0 );
333
334 return( ctx->pk_info->get_bitlen( ctx->pk_ctx ) );
335 }
336
337 /*
338 * Export debug information
339 */
mbedtls_pk_debug(const mbedtls_pk_context * ctx,mbedtls_pk_debug_item * items)340 int mbedtls_pk_debug( const mbedtls_pk_context *ctx, mbedtls_pk_debug_item *items )
341 {
342 if( ctx == NULL || ctx->pk_info == NULL )
343 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
344
345 if( ctx->pk_info->debug_func == NULL )
346 return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
347
348 ctx->pk_info->debug_func( ctx->pk_ctx, items );
349 return( 0 );
350 }
351
352 /*
353 * Access the PK type name
354 */
mbedtls_pk_get_name(const mbedtls_pk_context * ctx)355 const char *mbedtls_pk_get_name( const mbedtls_pk_context *ctx )
356 {
357 if( ctx == NULL || ctx->pk_info == NULL )
358 return( "invalid PK" );
359
360 return( ctx->pk_info->name );
361 }
362
363 /*
364 * Access the PK type
365 */
mbedtls_pk_get_type(const mbedtls_pk_context * ctx)366 mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx )
367 {
368 if( ctx == NULL || ctx->pk_info == NULL )
369 return( MBEDTLS_PK_NONE );
370
371 return( ctx->pk_info->type );
372 }
373
374 #endif /* MBEDTLS_PK_C */
375
