TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 02768b436b8673beff406bc6df09d9eb2a6ca5fe^! / . / library / pk_wrap.c
commit02768b436b8673beff406bc6df09d9eb2a6ca5fe[log] [tgz]
authorGilles Peskine <Gilles.Peskine@arm.com>Fri Nov 03 19:20:27 2017 +0100
committerAndrzej Kurek <andrzej.kurek@mobica.com>Mon Jan 22 07:52:56 2018 -0500
treed61cb5f18235bd32f1d352b04f5772b21ce0716b
parent5cc7bc596da2bd97e1e7ad121e40d499d17ddbfb [diff] [blame]
PK: support for opaque keys

Add a new key pair object type: MBEDTLS_PK_OPAQUE, intended for
implementations of asymmetric cryptography operations that call an
external cryptographic module.

External cryptographic module engines must implement the API described
by a mbedtls_pk_info_t structure and, usually, a custom setup function.

Document the fields of the mbedtls_pk_info_t structure and the
requirements on a PK engine. Also document non-obvious aspects of the
behavior of the pk interface functions on opaque keys.

Change the interface of check_pair_func to take a pointer to a full
mbedtls_pk_context as its pub argument, and not just the data part of
the context. This is necessary because when prv is opaque, pub may
legitimately be of a different type (typically prv would be opaque and
pub would be transparent).

diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index dafd7a4..393fdeb 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c

@@ -148,10 +148,9 @@
                                        ilen, input, output ) );
 }
 
-static int rsa_check_pair_wrap( const void *pub, const void *prv )
+static int rsa_check_pair_wrap( const mbedtls_pk_context *pub, const void *prv )
 {
-    return( mbedtls_rsa_check_pub_priv( (const mbedtls_rsa_context *) pub,
-                                (const mbedtls_rsa_context *) prv ) );
+    return( mbedtls_rsa_check_pub_priv( pub->pk_ctx, prv ) );
 }
 
 static void *rsa_alloc_wrap( void )
@@ -272,10 +271,9 @@
 
 #endif /* MBEDTLS_ECDSA_C */
 
-static int eckey_check_pair( const void *pub, const void *prv )
+static int eckey_check_pair( const mbedtls_pk_context *pub, const void *prv )
 {
-    return( mbedtls_ecp_check_pub_priv( (const mbedtls_ecp_keypair *) pub,
-                                (const mbedtls_ecp_keypair *) prv ) );
+    return( mbedtls_ecp_check_pub_priv( pub->pk_ctx, prv ) );
 }
 
 static void *eckey_alloc_wrap( void )
@@ -472,14 +470,14 @@
 }
 
 #if defined(MBEDTLS_RSA_C)
-static int rsa_alt_check_pair( const void *pub, const void *prv )
+static int rsa_alt_check_pair( const mbedtls_pk_context *pub, const void *prv )
 {
     unsigned char sig[MBEDTLS_MPI_MAX_SIZE];
     unsigned char hash[32];
     size_t sig_len = 0;
     int ret;
 
-    if( rsa_alt_get_bitlen( prv ) != rsa_get_bitlen( pub ) )
+    if( rsa_alt_get_bitlen( prv ) != rsa_get_bitlen( pub->pk_ctx ) )
         return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
 
     memset( hash, 0x2a, sizeof( hash ) );
@@ -491,7 +489,7 @@
         return( ret );
     }
 
-    if( rsa_verify_wrap( (void *) pub, MBEDTLS_MD_NONE,
+    if( rsa_verify_wrap( pub->pk_ctx, MBEDTLS_MD_NONE,
                          hash, sizeof( hash ), sig, sig_len ) != 0 )
     {
         return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );