TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 7ff7965561863346218d0ec5dfa50d58893f7903 / . / library / pk_wrap.c
blob: 14c6d3f99cdbb9a6b5ce95c383d42d13fae653d4 [file] [log] [blame]
Manuel Pégourié-Gonnardd73b3c12013-08-12 17:06:05 +0200[diff] [blame]1/*
2 * Public Key abstraction layer: wrapper functions
3 *
Bence Szépkúti1e148272020-08-07 13:07:28 +0200[diff] [blame]4 * Copyright The Mbed TLS Contributors
Dave Rodgman7ff79652023-11-03 12:04:52 +0000[diff] [blame^]5 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
Manuel Pégourié-Gonnardd73b3c12013-08-12 17:06:05 +0200[diff] [blame]6 */
7
Gilles Peskinedb09ef62020-06-03 01:43:33 +0200[diff] [blame]8#include "common.h"
Manuel Pégourié-Gonnardd73b3c12013-08-12 17:06:05 +0200[diff] [blame]9
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]10#if defined(MBEDTLS_PK_C)
Manuel Pégourié-Gonnard50518f42015-05-26 11:04:15 +0200[diff] [blame]11#include "mbedtls/pk_internal.h"
Janos Follath24eed8d2019-11-22 13:21:35 +0000[diff] [blame]12#include "mbedtls/error.h"
Manuel Pégourié-Gonnardd73b3c12013-08-12 17:06:05 +0200[diff] [blame]13
Manuel Pégourié-Gonnarde511ffc2013-08-22 17:33:21 +0200[diff] [blame]14/* Even if RSA not activated, for the sake of RSA-alt */
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]15#include "mbedtls/rsa.h"
Manuel Pégourié-Gonnardd73b3c12013-08-12 17:06:05 +0200[diff] [blame]16
Rich Evans00ab4702015-02-06 13:43:58 +0000[diff] [blame]17#include <string.h>
18
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]19#if defined(MBEDTLS_ECP_C)
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]20#include "mbedtls/ecp.h"
Manuel Pégourié-Gonnardd73b3c12013-08-12 17:06:05 +0200[diff] [blame]21#endif
22
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]23#if defined(MBEDTLS_ECDSA_C)
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]24#include "mbedtls/ecdsa.h"
Manuel Pégourié-Gonnardd73b3c12013-08-12 17:06:05 +0200[diff] [blame]25#endif
26
Manuel Pégourié-Gonnard36867712018-10-31 16:22:49 +0100[diff] [blame]27#if defined(MBEDTLS_USE_PSA_CRYPTO)
28#include "mbedtls/asn1write.h"
29#endif
30
Andres Amaya Garciae32df082017-10-25 09:37:04 +0100[diff] [blame]31#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
Andres Amaya Garcia1f6301b2018-04-17 09:51:09 -0500[diff] [blame]32#include "mbedtls/platform_util.h"
Andres Amaya Garciae32df082017-10-25 09:37:04 +0100[diff] [blame]33#endif
34
Manuel Pégourié-Gonnard36867712018-10-31 16:22:49 +0100[diff] [blame]35#if defined(MBEDTLS_USE_PSA_CRYPTO)
Andrzej Kurek8b036a62018-10-31 05:16:46 -0400[diff] [blame]36#include "psa/crypto.h"
Manuel Pégourié-Gonnard36867712018-10-31 16:22:49 +0100[diff] [blame]37#include "mbedtls/psa_util.h"
Andrzej Kurek8b036a62018-10-31 05:16:46 -0400[diff] [blame]38#include "mbedtls/asn1.h"
Manuel Pégourié-Gonnard36867712018-10-31 16:22:49 +0100[diff] [blame]39#endif
40
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]41#include "mbedtls/platform.h"
Manuel Pégourié-Gonnard765db072013-08-14 15:00:27 +0200[diff] [blame]42
Andres AG72849872017-01-19 11:24:33 +0000[diff] [blame]43#include <limits.h>
Andres Amaya Garcia7c02c502017-08-04 13:32:15 +0100[diff] [blame]44#include <stdint.h>
Paul Bakker34617722014-06-13 17:20:13 +0200[diff] [blame]45
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]46#if defined(MBEDTLS_RSA_C)
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]47static int rsa_can_do(mbedtls_pk_type_t type)
Manuel Pégourié-Gonnardf18c3e02013-08-12 18:41:18 +0200[diff] [blame]48{
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]49 return type == MBEDTLS_PK_RSA ||
50 type == MBEDTLS_PK_RSASSA_PSS;
Manuel Pégourié-Gonnardf18c3e02013-08-12 18:41:18 +0200[diff] [blame]51}
52
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]53static size_t rsa_get_bitlen(const void *ctx)
Manuel Pégourié-Gonnardf8c948a2013-08-12 19:45:32 +0200[diff] [blame]54{
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]55 const mbedtls_rsa_context *rsa = (const mbedtls_rsa_context *) ctx;
56 return 8 * mbedtls_rsa_get_len(rsa);
Manuel Pégourié-Gonnardf8c948a2013-08-12 19:45:32 +0200[diff] [blame]57}
58
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]59static int rsa_verify_wrap(void *ctx, mbedtls_md_type_t md_alg,
60 const unsigned char *hash, size_t hash_len,
61 const unsigned char *sig, size_t sig_len)
Manuel Pégourié-Gonnardd73b3c12013-08-12 17:06:05 +0200[diff] [blame]62{
Janos Follath24eed8d2019-11-22 13:21:35 +0000[diff] [blame]63 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]64 mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) ctx;
65 size_t rsa_len = mbedtls_rsa_get_len(rsa);
Manuel Pégourié-Gonnard2abed842014-04-08 12:40:15 +0200[diff] [blame]66
Andres Amaya Garcia7c02c502017-08-04 13:32:15 +0100[diff] [blame]67#if SIZE_MAX > UINT_MAX
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]68 if (md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len) {
69 return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
70 }
Andres Amaya Garcia7c02c502017-08-04 13:32:15 +0100[diff] [blame]71#endif /* SIZE_MAX > UINT_MAX */
Andres AG72849872017-01-19 11:24:33 +0000[diff] [blame]72
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]73 if (sig_len < rsa_len) {
74 return MBEDTLS_ERR_RSA_VERIFY_FAILED;
75 }
Manuel Pégourié-Gonnardd73b3c12013-08-12 17:06:05 +0200[diff] [blame]76
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]77 if ((ret = mbedtls_rsa_pkcs1_verify(rsa, NULL, NULL,
78 MBEDTLS_RSA_PUBLIC, md_alg,
79 (unsigned int) hash_len, hash, sig)) != 0) {
80 return ret;
81 }
Manuel Pégourié-Gonnard2abed842014-04-08 12:40:15 +0200[diff] [blame]82
Gilles Peskine5114d3e2018-03-30 07:12:15 +0200[diff] [blame]83 /* The buffer contains a valid signature followed by extra data.
84 * We have a special error code for that so that so that callers can
85 * use mbedtls_pk_verify() to check "Does the buffer start with a
86 * valid signature?" and not just "Does the buffer contain a valid
87 * signature?". */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]88 if (sig_len > rsa_len) {
89 return MBEDTLS_ERR_PK_SIG_LEN_MISMATCH;
90 }
Manuel Pégourié-Gonnard2abed842014-04-08 12:40:15 +0200[diff] [blame]91
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]92 return 0;
Manuel Pégourié-Gonnardd73b3c12013-08-12 17:06:05 +0200[diff] [blame]93}
94
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]95static int rsa_sign_wrap(void *ctx, mbedtls_md_type_t md_alg,
96 const unsigned char *hash, size_t hash_len,
97 unsigned char *sig, size_t *sig_len,
98 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Manuel Pégourié-Gonnard8df27692013-08-21 10:34:38 +0200[diff] [blame]99{
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]100 mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) ctx;
Hanno Becker6a1e7e52017-08-22 13:55:00 +0100[diff] [blame]101
Andres Amaya Garcia7c02c502017-08-04 13:32:15 +0100[diff] [blame]102#if SIZE_MAX > UINT_MAX
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]103 if (md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len) {
104 return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
105 }
Andres Amaya Garcia7c02c502017-08-04 13:32:15 +0100[diff] [blame]106#endif /* SIZE_MAX > UINT_MAX */
Andres AG72849872017-01-19 11:24:33 +0000[diff] [blame]107
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]108 *sig_len = mbedtls_rsa_get_len(rsa);
Manuel Pégourié-Gonnard8df27692013-08-21 10:34:38 +0200[diff] [blame]109
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]110 return mbedtls_rsa_pkcs1_sign(rsa, f_rng, p_rng, MBEDTLS_RSA_PRIVATE,
111 md_alg, (unsigned int) hash_len, hash, sig);
Manuel Pégourié-Gonnard8df27692013-08-21 10:34:38 +0200[diff] [blame]112}
113
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]114static int rsa_decrypt_wrap(void *ctx,
115 const unsigned char *input, size_t ilen,
116 unsigned char *output, size_t *olen, size_t osize,
117 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Manuel Pégourié-Gonnarda2d3f222013-08-21 11:51:08 +0200[diff] [blame]118{
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]119 mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) ctx;
Hanno Becker6a1e7e52017-08-22 13:55:00 +0100[diff] [blame]120
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]121 if (ilen != mbedtls_rsa_get_len(rsa)) {
122 return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
123 }
Manuel Pégourié-Gonnarda2d3f222013-08-21 11:51:08 +0200[diff] [blame]124
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]125 return mbedtls_rsa_pkcs1_decrypt(rsa, f_rng, p_rng,
126 MBEDTLS_RSA_PRIVATE, olen, input, output, osize);
Manuel Pégourié-Gonnarda2d3f222013-08-21 11:51:08 +0200[diff] [blame]127}
128
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]129static int rsa_encrypt_wrap(void *ctx,
130 const unsigned char *input, size_t ilen,
131 unsigned char *output, size_t *olen, size_t osize,
132 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Manuel Pégourié-Gonnarda2d3f222013-08-21 11:51:08 +0200[diff] [blame]133{
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]134 mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) ctx;
135 *olen = mbedtls_rsa_get_len(rsa);
Manuel Pégourié-Gonnarda2d3f222013-08-21 11:51:08 +0200[diff] [blame]136
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]137 if (*olen > osize) {
138 return MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE;
139 }
Manuel Pégourié-Gonnarda1efcb02014-11-08 17:08:08 +0100[diff] [blame]140
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]141 return mbedtls_rsa_pkcs1_encrypt(rsa, f_rng, p_rng, MBEDTLS_RSA_PUBLIC,
142 ilen, input, output);
Manuel Pégourié-Gonnarda2d3f222013-08-21 11:51:08 +0200[diff] [blame]143}
144
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]145static int rsa_check_pair_wrap(const void *pub, const void *prv)
Manuel Pégourié-Gonnard70bdadf2014-11-06 16:51:20 +0100[diff] [blame]146{
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]147 return mbedtls_rsa_check_pub_priv((const mbedtls_rsa_context *) pub,
148 (const mbedtls_rsa_context *) prv);
Manuel Pégourié-Gonnard70bdadf2014-11-06 16:51:20 +0100[diff] [blame]149}
150
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]151static void *rsa_alloc_wrap(void)
Manuel Pégourié-Gonnard765db072013-08-14 15:00:27 +0200[diff] [blame]152{
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]153 void *ctx = mbedtls_calloc(1, sizeof(mbedtls_rsa_context));
Manuel Pégourié-Gonnard765db072013-08-14 15:00:27 +0200[diff] [blame]154
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]155 if (ctx != NULL) {
156 mbedtls_rsa_init((mbedtls_rsa_context *) ctx, 0, 0);
157 }
Manuel Pégourié-Gonnard765db072013-08-14 15:00:27 +0200[diff] [blame]158
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]159 return ctx;
Manuel Pégourié-Gonnard765db072013-08-14 15:00:27 +0200[diff] [blame]160}
161
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]162static void rsa_free_wrap(void *ctx)
Manuel Pégourié-Gonnard765db072013-08-14 15:00:27 +0200[diff] [blame]163{
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]164 mbedtls_rsa_free((mbedtls_rsa_context *) ctx);
165 mbedtls_free(ctx);
Manuel Pégourié-Gonnard765db072013-08-14 15:00:27 +0200[diff] [blame]166}
167
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]168static void rsa_debug(const void *ctx, mbedtls_pk_debug_item *items)
Manuel Pégourié-Gonnardc6ac8872013-08-14 18:04:18 +0200[diff] [blame]169{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]170 items->type = MBEDTLS_PK_DEBUG_MPI;
Manuel Pégourié-Gonnardc6ac8872013-08-14 18:04:18 +0200[diff] [blame]171 items->name = "rsa.N";
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]172 items->value = &(((mbedtls_rsa_context *) ctx)->N);
Manuel Pégourié-Gonnardc6ac8872013-08-14 18:04:18 +0200[diff] [blame]173
174 items++;
175
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]176 items->type = MBEDTLS_PK_DEBUG_MPI;
Manuel Pégourié-Gonnardc6ac8872013-08-14 18:04:18 +0200[diff] [blame]177 items->name = "rsa.E";
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]178 items->value = &(((mbedtls_rsa_context *) ctx)->E);
Manuel Pégourié-Gonnardc6ac8872013-08-14 18:04:18 +0200[diff] [blame]179}
180
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]181const mbedtls_pk_info_t mbedtls_rsa_info = {
182 MBEDTLS_PK_RSA,
Manuel Pégourié-Gonnardf8c948a2013-08-12 19:45:32 +0200[diff] [blame]183 "RSA",
Manuel Pégourié-Gonnard39a48f42015-06-18 16:06:55 +0200[diff] [blame]184 rsa_get_bitlen,
Manuel Pégourié-Gonnardf18c3e02013-08-12 18:41:18 +0200[diff] [blame]185 rsa_can_do,
Manuel Pégourié-Gonnardd73b3c12013-08-12 17:06:05 +0200[diff] [blame]186 rsa_verify_wrap,
Manuel Pégourié-Gonnard8df27692013-08-21 10:34:38 +0200[diff] [blame]187 rsa_sign_wrap,
Manuel Pégourié-Gonnardaaa98142017-08-18 17:30:37 +0200[diff] [blame]188#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
Manuel Pégourié-Gonnard1f596062017-05-09 10:42:40 +0200[diff] [blame]189 NULL,
190 NULL,
191#endif
Manuel Pégourié-Gonnarda2d3f222013-08-21 11:51:08 +0200[diff] [blame]192 rsa_decrypt_wrap,
193 rsa_encrypt_wrap,
Manuel Pégourié-Gonnard70bdadf2014-11-06 16:51:20 +0100[diff] [blame]194 rsa_check_pair_wrap,
Manuel Pégourié-Gonnard765db072013-08-14 15:00:27 +0200[diff] [blame]195 rsa_alloc_wrap,
196 rsa_free_wrap,
Manuel Pégourié-Gonnardaaa98142017-08-18 17:30:37 +0200[diff] [blame]197#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
Manuel Pégourié-Gonnard0bbc66c2017-08-18 16:22:06 +0200[diff] [blame]198 NULL,
199 NULL,
200#endif
Manuel Pégourié-Gonnardc6ac8872013-08-14 18:04:18 +0200[diff] [blame]201 rsa_debug,
Manuel Pégourié-Gonnardd73b3c12013-08-12 17:06:05 +0200[diff] [blame]202};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]203#endif /* MBEDTLS_RSA_C */
Manuel Pégourié-Gonnardd73b3c12013-08-12 17:06:05 +0200[diff] [blame]204
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]205#if defined(MBEDTLS_ECP_C)
Manuel Pégourié-Gonnard835eb592013-08-12 18:51:26 +0200[diff] [blame]206/*
207 * Generic EC key
208 */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]209static int eckey_can_do(mbedtls_pk_type_t type)
Manuel Pégourié-Gonnardf18c3e02013-08-12 18:41:18 +0200[diff] [blame]210{
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]211 return type == MBEDTLS_PK_ECKEY ||
212 type == MBEDTLS_PK_ECKEY_DH ||
213 type == MBEDTLS_PK_ECDSA;
Manuel Pégourié-Gonnardf18c3e02013-08-12 18:41:18 +0200[diff] [blame]214}
215
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]216static size_t eckey_get_bitlen(const void *ctx)
Manuel Pégourié-Gonnardf8c948a2013-08-12 19:45:32 +0200[diff] [blame]217{
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]218 return ((mbedtls_ecp_keypair *) ctx)->grp.pbits;
Manuel Pégourié-Gonnardf8c948a2013-08-12 19:45:32 +0200[diff] [blame]219}
220
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]221#if defined(MBEDTLS_ECDSA_C)
Manuel Pégourié-Gonnard8df27692013-08-21 10:34:38 +0200[diff] [blame]222/* Forward declarations */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]223static int ecdsa_verify_wrap(void *ctx, mbedtls_md_type_t md_alg,
224 const unsigned char *hash, size_t hash_len,
225 const unsigned char *sig, size_t sig_len);
Manuel Pégourié-Gonnard09162dd2013-08-14 18:16:50 +0200[diff] [blame]226
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]227static int ecdsa_sign_wrap(void *ctx, mbedtls_md_type_t md_alg,
228 const unsigned char *hash, size_t hash_len,
229 unsigned char *sig, size_t *sig_len,
230 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng);
Manuel Pégourié-Gonnard8df27692013-08-21 10:34:38 +0200[diff] [blame]231
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]232static int eckey_verify_wrap(void *ctx, mbedtls_md_type_t md_alg,
233 const unsigned char *hash, size_t hash_len,
234 const unsigned char *sig, size_t sig_len)
Manuel Pégourié-Gonnardd73b3c12013-08-12 17:06:05 +0200[diff] [blame]235{
Janos Follath24eed8d2019-11-22 13:21:35 +0000[diff] [blame]236 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]237 mbedtls_ecdsa_context ecdsa;
Manuel Pégourié-Gonnardd73b3c12013-08-12 17:06:05 +0200[diff] [blame]238
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]239 mbedtls_ecdsa_init(&ecdsa);
Manuel Pégourié-Gonnardd73b3c12013-08-12 17:06:05 +0200[diff] [blame]240
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]241 if ((ret = mbedtls_ecdsa_from_keypair(&ecdsa, ctx)) == 0) {
242 ret = ecdsa_verify_wrap(&ecdsa, md_alg, hash, hash_len, sig, sig_len);
243 }
Manuel Pégourié-Gonnardd73b3c12013-08-12 17:06:05 +0200[diff] [blame]244
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]245 mbedtls_ecdsa_free(&ecdsa);
Manuel Pégourié-Gonnardd73b3c12013-08-12 17:06:05 +0200[diff] [blame]246
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]247 return ret;
Manuel Pégourié-Gonnardd73b3c12013-08-12 17:06:05 +0200[diff] [blame]248}
Manuel Pégourié-Gonnard8df27692013-08-21 10:34:38 +0200[diff] [blame]249
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]250static int eckey_sign_wrap(void *ctx, mbedtls_md_type_t md_alg,
251 const unsigned char *hash, size_t hash_len,
252 unsigned char *sig, size_t *sig_len,
253 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Manuel Pégourié-Gonnard8df27692013-08-21 10:34:38 +0200[diff] [blame]254{
Janos Follath24eed8d2019-11-22 13:21:35 +0000[diff] [blame]255 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]256 mbedtls_ecdsa_context ecdsa;
Manuel Pégourié-Gonnard8df27692013-08-21 10:34:38 +0200[diff] [blame]257
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]258 mbedtls_ecdsa_init(&ecdsa);
Manuel Pégourié-Gonnard8df27692013-08-21 10:34:38 +0200[diff] [blame]259
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]260 if ((ret = mbedtls_ecdsa_from_keypair(&ecdsa, ctx)) == 0) {
261 ret = ecdsa_sign_wrap(&ecdsa, md_alg, hash, hash_len, sig, sig_len,
262 f_rng, p_rng);
263 }
Manuel Pégourié-Gonnard8df27692013-08-21 10:34:38 +0200[diff] [blame]264
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]265 mbedtls_ecdsa_free(&ecdsa);
Manuel Pégourié-Gonnard8df27692013-08-21 10:34:38 +0200[diff] [blame]266
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]267 return ret;
Manuel Pégourié-Gonnard8df27692013-08-21 10:34:38 +0200[diff] [blame]268}
269
Manuel Pégourié-Gonnard1f596062017-05-09 10:42:40 +0200[diff] [blame]270#if defined(MBEDTLS_ECP_RESTARTABLE)
271/* Forward declarations */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]272static int ecdsa_verify_rs_wrap(void *ctx, mbedtls_md_type_t md_alg,
273 const unsigned char *hash, size_t hash_len,
274 const unsigned char *sig, size_t sig_len,
275 void *rs_ctx);
Manuel Pégourié-Gonnard1f596062017-05-09 10:42:40 +0200[diff] [blame]276
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]277static int ecdsa_sign_rs_wrap(void *ctx, mbedtls_md_type_t md_alg,
278 const unsigned char *hash, size_t hash_len,
279 unsigned char *sig, size_t *sig_len,
280 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
281 void *rs_ctx);
Manuel Pégourié-Gonnard1f596062017-05-09 10:42:40 +0200[diff] [blame]282
Manuel Pégourié-Gonnardfe687702017-08-18 17:04:07 +0200[diff] [blame]283/*
284 * Restart context for ECDSA operations with ECKEY context
285 *
286 * We need to store an actual ECDSA context, as we need to pass the same to
287 * the underlying ecdsa function, so we can't create it on the fly every time.
288 */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]289typedef struct {
Manuel Pégourié-Gonnardfe687702017-08-18 17:04:07 +0200[diff] [blame]290 mbedtls_ecdsa_restart_ctx ecdsa_rs;
291 mbedtls_ecdsa_context ecdsa_ctx;
292} eckey_restart_ctx;
293
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]294static void *eckey_rs_alloc(void)
Manuel Pégourié-Gonnardfe687702017-08-18 17:04:07 +0200[diff] [blame]295{
296 eckey_restart_ctx *rs_ctx;
297
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]298 void *ctx = mbedtls_calloc(1, sizeof(eckey_restart_ctx));
Manuel Pégourié-Gonnardfe687702017-08-18 17:04:07 +0200[diff] [blame]299
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]300 if (ctx != NULL) {
Manuel Pégourié-Gonnardfe687702017-08-18 17:04:07 +0200[diff] [blame]301 rs_ctx = ctx;
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]302 mbedtls_ecdsa_restart_init(&rs_ctx->ecdsa_rs);
303 mbedtls_ecdsa_init(&rs_ctx->ecdsa_ctx);
Manuel Pégourié-Gonnardfe687702017-08-18 17:04:07 +0200[diff] [blame]304 }
305
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]306 return ctx;
Manuel Pégourié-Gonnardfe687702017-08-18 17:04:07 +0200[diff] [blame]307}
308
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]309static void eckey_rs_free(void *ctx)
Manuel Pégourié-Gonnardfe687702017-08-18 17:04:07 +0200[diff] [blame]310{
311 eckey_restart_ctx *rs_ctx;
312
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]313 if (ctx == NULL) {
Manuel Pégourié-Gonnardfe687702017-08-18 17:04:07 +0200[diff] [blame]314 return;
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]315 }
Manuel Pégourié-Gonnardfe687702017-08-18 17:04:07 +0200[diff] [blame]316
317 rs_ctx = ctx;
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]318 mbedtls_ecdsa_restart_free(&rs_ctx->ecdsa_rs);
319 mbedtls_ecdsa_free(&rs_ctx->ecdsa_ctx);
Manuel Pégourié-Gonnardfe687702017-08-18 17:04:07 +0200[diff] [blame]320
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]321 mbedtls_free(ctx);
Manuel Pégourié-Gonnardfe687702017-08-18 17:04:07 +0200[diff] [blame]322}
323
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]324static int eckey_verify_rs_wrap(void *ctx, mbedtls_md_type_t md_alg,
325 const unsigned char *hash, size_t hash_len,
326 const unsigned char *sig, size_t sig_len,
327 void *rs_ctx)
Manuel Pégourié-Gonnard1f596062017-05-09 10:42:40 +0200[diff] [blame]328{
Janos Follath24eed8d2019-11-22 13:21:35 +0000[diff] [blame]329 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Manuel Pégourié-Gonnardfe687702017-08-18 17:04:07 +0200[diff] [blame]330 eckey_restart_ctx *rs = rs_ctx;
Manuel Pégourié-Gonnard1f596062017-05-09 10:42:40 +0200[diff] [blame]331
Manuel Pégourié-Gonnardfe687702017-08-18 17:04:07 +0200[diff] [blame]332 /* Should never happen */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]333 if (rs == NULL) {
334 return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
335 }
Manuel Pégourié-Gonnard1f596062017-05-09 10:42:40 +0200[diff] [blame]336
Manuel Pégourié-Gonnardee68cff2018-10-15 15:27:49 +0200[diff] [blame]337 /* set up our own sub-context if needed (that is, on first run) */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]338 if (rs->ecdsa_ctx.grp.pbits == 0) {
339 MBEDTLS_MPI_CHK(mbedtls_ecdsa_from_keypair(&rs->ecdsa_ctx, ctx));
340 }
Manuel Pégourié-Gonnard1f596062017-05-09 10:42:40 +0200[diff] [blame]341
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]342 MBEDTLS_MPI_CHK(ecdsa_verify_rs_wrap(&rs->ecdsa_ctx,
343 md_alg, hash, hash_len,
344 sig, sig_len, &rs->ecdsa_rs));
Manuel Pégourié-Gonnard1f596062017-05-09 10:42:40 +0200[diff] [blame]345
346cleanup:
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]347 return ret;
Manuel Pégourié-Gonnard1f596062017-05-09 10:42:40 +0200[diff] [blame]348}
349
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]350static int eckey_sign_rs_wrap(void *ctx, mbedtls_md_type_t md_alg,
351 const unsigned char *hash, size_t hash_len,
352 unsigned char *sig, size_t *sig_len,
353 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
354 void *rs_ctx)
Manuel Pégourié-Gonnard1f596062017-05-09 10:42:40 +0200[diff] [blame]355{
Janos Follath24eed8d2019-11-22 13:21:35 +0000[diff] [blame]356 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Manuel Pégourié-Gonnardfe687702017-08-18 17:04:07 +0200[diff] [blame]357 eckey_restart_ctx *rs = rs_ctx;
Manuel Pégourié-Gonnard1f596062017-05-09 10:42:40 +0200[diff] [blame]358
Manuel Pégourié-Gonnardfe687702017-08-18 17:04:07 +0200[diff] [blame]359 /* Should never happen */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]360 if (rs == NULL) {
361 return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
362 }
Manuel Pégourié-Gonnard1f596062017-05-09 10:42:40 +0200[diff] [blame]363
Manuel Pégourié-Gonnardee68cff2018-10-15 15:27:49 +0200[diff] [blame]364 /* set up our own sub-context if needed (that is, on first run) */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]365 if (rs->ecdsa_ctx.grp.pbits == 0) {
366 MBEDTLS_MPI_CHK(mbedtls_ecdsa_from_keypair(&rs->ecdsa_ctx, ctx));
367 }
Manuel Pégourié-Gonnard1f596062017-05-09 10:42:40 +0200[diff] [blame]368
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]369 MBEDTLS_MPI_CHK(ecdsa_sign_rs_wrap(&rs->ecdsa_ctx, md_alg,
370 hash, hash_len, sig, sig_len,
371 f_rng, p_rng, &rs->ecdsa_rs));
Manuel Pégourié-Gonnard1f596062017-05-09 10:42:40 +0200[diff] [blame]372
373cleanup:
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]374 return ret;
Manuel Pégourié-Gonnard1f596062017-05-09 10:42:40 +0200[diff] [blame]375}
376#endif /* MBEDTLS_ECP_RESTARTABLE */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]377#endif /* MBEDTLS_ECDSA_C */
Manuel Pégourié-Gonnardd73b3c12013-08-12 17:06:05 +0200[diff] [blame]378
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]379static int eckey_check_pair(const void *pub, const void *prv)
Manuel Pégourié-Gonnard70bdadf2014-11-06 16:51:20 +0100[diff] [blame]380{
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]381 return mbedtls_ecp_check_pub_priv((const mbedtls_ecp_keypair *) pub,
382 (const mbedtls_ecp_keypair *) prv);
Manuel Pégourié-Gonnard70bdadf2014-11-06 16:51:20 +0100[diff] [blame]383}
384
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]385static void *eckey_alloc_wrap(void)
Manuel Pégourié-Gonnard765db072013-08-14 15:00:27 +0200[diff] [blame]386{
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]387 void *ctx = mbedtls_calloc(1, sizeof(mbedtls_ecp_keypair));
Manuel Pégourié-Gonnard765db072013-08-14 15:00:27 +0200[diff] [blame]388
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]389 if (ctx != NULL) {
390 mbedtls_ecp_keypair_init(ctx);
391 }
Manuel Pégourié-Gonnard765db072013-08-14 15:00:27 +0200[diff] [blame]392
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]393 return ctx;
Manuel Pégourié-Gonnard765db072013-08-14 15:00:27 +0200[diff] [blame]394}
395
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]396static void eckey_free_wrap(void *ctx)
Manuel Pégourié-Gonnard765db072013-08-14 15:00:27 +0200[diff] [blame]397{
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]398 mbedtls_ecp_keypair_free((mbedtls_ecp_keypair *) ctx);
399 mbedtls_free(ctx);
Manuel Pégourié-Gonnard765db072013-08-14 15:00:27 +0200[diff] [blame]400}
401
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]402static void eckey_debug(const void *ctx, mbedtls_pk_debug_item *items)
Manuel Pégourié-Gonnardc6ac8872013-08-14 18:04:18 +0200[diff] [blame]403{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]404 items->type = MBEDTLS_PK_DEBUG_ECP;
Manuel Pégourié-Gonnardc6ac8872013-08-14 18:04:18 +0200[diff] [blame]405 items->name = "eckey.Q";
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]406 items->value = &(((mbedtls_ecp_keypair *) ctx)->Q);
Manuel Pégourié-Gonnardc6ac8872013-08-14 18:04:18 +0200[diff] [blame]407}
408
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]409const mbedtls_pk_info_t mbedtls_eckey_info = {
410 MBEDTLS_PK_ECKEY,
Manuel Pégourié-Gonnardf8c948a2013-08-12 19:45:32 +0200[diff] [blame]411 "EC",
Manuel Pégourié-Gonnard39a48f42015-06-18 16:06:55 +0200[diff] [blame]412 eckey_get_bitlen,
Manuel Pégourié-Gonnardf18c3e02013-08-12 18:41:18 +0200[diff] [blame]413 eckey_can_do,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]414#if defined(MBEDTLS_ECDSA_C)
Manuel Pégourié-Gonnardd73b3c12013-08-12 17:06:05 +0200[diff] [blame]415 eckey_verify_wrap,
Manuel Pégourié-Gonnard8df27692013-08-21 10:34:38 +0200[diff] [blame]416 eckey_sign_wrap,
Manuel Pégourié-Gonnard1f596062017-05-09 10:42:40 +0200[diff] [blame]417#if defined(MBEDTLS_ECP_RESTARTABLE)
418 eckey_verify_rs_wrap,
419 eckey_sign_rs_wrap,
420#endif
421#else /* MBEDTLS_ECDSA_C */
422 NULL,
423 NULL,
Manuel Pégourié-Gonnard1f596062017-05-09 10:42:40 +0200[diff] [blame]424#endif /* MBEDTLS_ECDSA_C */
Manuel Pégourié-Gonnarda2d3f222013-08-21 11:51:08 +0200[diff] [blame]425 NULL,
426 NULL,
Manuel Pégourié-Gonnard70bdadf2014-11-06 16:51:20 +0100[diff] [blame]427 eckey_check_pair,
Manuel Pégourié-Gonnard765db072013-08-14 15:00:27 +0200[diff] [blame]428 eckey_alloc_wrap,
429 eckey_free_wrap,
Manuel Pégourié-Gonnardaaa98142017-08-18 17:30:37 +0200[diff] [blame]430#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
Manuel Pégourié-Gonnard0bbc66c2017-08-18 16:22:06 +0200[diff] [blame]431 eckey_rs_alloc,
432 eckey_rs_free,
433#endif
Manuel Pégourié-Gonnardc6ac8872013-08-14 18:04:18 +0200[diff] [blame]434 eckey_debug,
Manuel Pégourié-Gonnardd73b3c12013-08-12 17:06:05 +0200[diff] [blame]435};
Manuel Pégourié-Gonnard835eb592013-08-12 18:51:26 +0200[diff] [blame]436
437/*
Paul Bakker75342a62014-04-08 17:35:40 +0200[diff] [blame]438 * EC key restricted to ECDH
Manuel Pégourié-Gonnard835eb592013-08-12 18:51:26 +0200[diff] [blame]439 */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]440static int eckeydh_can_do(mbedtls_pk_type_t type)
Manuel Pégourié-Gonnard835eb592013-08-12 18:51:26 +0200[diff] [blame]441{
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]442 return type == MBEDTLS_PK_ECKEY ||
443 type == MBEDTLS_PK_ECKEY_DH;
Manuel Pégourié-Gonnard835eb592013-08-12 18:51:26 +0200[diff] [blame]444}
445
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]446const mbedtls_pk_info_t mbedtls_eckeydh_info = {
447 MBEDTLS_PK_ECKEY_DH,
Manuel Pégourié-Gonnardf8c948a2013-08-12 19:45:32 +0200[diff] [blame]448 "EC_DH",
Manuel Pégourié-Gonnard39a48f42015-06-18 16:06:55 +0200[diff] [blame]449 eckey_get_bitlen, /* Same underlying key structure */
Manuel Pégourié-Gonnard835eb592013-08-12 18:51:26 +0200[diff] [blame]450 eckeydh_can_do,
Manuel Pégourié-Gonnardfff80f82013-08-17 15:20:06 +0200[diff] [blame]451 NULL,
Manuel Pégourié-Gonnard8df27692013-08-21 10:34:38 +0200[diff] [blame]452 NULL,
Manuel Pégourié-Gonnardaaa98142017-08-18 17:30:37 +0200[diff] [blame]453#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
Manuel Pégourié-Gonnard1f596062017-05-09 10:42:40 +0200[diff] [blame]454 NULL,
455 NULL,
456#endif
Manuel Pégourié-Gonnarda2d3f222013-08-21 11:51:08 +0200[diff] [blame]457 NULL,
458 NULL,
Manuel Pégourié-Gonnard70bdadf2014-11-06 16:51:20 +0100[diff] [blame]459 eckey_check_pair,
Manuel Pégourié-Gonnard765db072013-08-14 15:00:27 +0200[diff] [blame]460 eckey_alloc_wrap, /* Same underlying key structure */
461 eckey_free_wrap, /* Same underlying key structure */
Manuel Pégourié-Gonnardaaa98142017-08-18 17:30:37 +0200[diff] [blame]462#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
Manuel Pégourié-Gonnard0bbc66c2017-08-18 16:22:06 +0200[diff] [blame]463 NULL,
464 NULL,
465#endif
Manuel Pégourié-Gonnard09162dd2013-08-14 18:16:50 +0200[diff] [blame]466 eckey_debug, /* Same underlying key structure */
Manuel Pégourié-Gonnard835eb592013-08-12 18:51:26 +0200[diff] [blame]467};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]468#endif /* MBEDTLS_ECP_C */
Manuel Pégourié-Gonnard09162dd2013-08-14 18:16:50 +0200[diff] [blame]469
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]470#if defined(MBEDTLS_ECDSA_C)
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]471static int ecdsa_can_do(mbedtls_pk_type_t type)
Manuel Pégourié-Gonnard09162dd2013-08-14 18:16:50 +0200[diff] [blame]472{
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]473 return type == MBEDTLS_PK_ECDSA;
Manuel Pégourié-Gonnard09162dd2013-08-14 18:16:50 +0200[diff] [blame]474}
475
Andrzej Kurek8b036a62018-10-31 05:16:46 -0400[diff] [blame]476#if defined(MBEDTLS_USE_PSA_CRYPTO)
Andrzej Kurek8b036a62018-10-31 05:16:46 -0400[diff] [blame]477/*
Andrzej Kurek9241d182018-11-20 05:04:35 -0500[diff] [blame]478 * An ASN.1 encoded signature is a sequence of two ASN.1 integers. Parse one of
479 * those integers and convert it to the fixed-length encoding expected by PSA.
Andrzej Kurekb7b04782018-11-19 17:01:16 -0500[diff] [blame]480 */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]481static int extract_ecdsa_sig_int(unsigned char **from, const unsigned char *end,
482 unsigned char *to, size_t to_len)
Andrzej Kurekb7b04782018-11-19 17:01:16 -0500[diff] [blame]483{
Janos Follath24eed8d2019-11-22 13:21:35 +0000[diff] [blame]484 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Andrzej Kurek9241d182018-11-20 05:04:35 -0500[diff] [blame]485 size_t unpadded_len, padding_len;
Andrzej Kurekb7b04782018-11-19 17:01:16 -0500[diff] [blame]486
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]487 if ((ret = mbedtls_asn1_get_tag(from, end, &unpadded_len,
488 MBEDTLS_ASN1_INTEGER)) != 0) {
489 return ret;
Andrzej Kurekb7b04782018-11-19 17:01:16 -0500[diff] [blame]490 }
491
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]492 while (unpadded_len > 0 && **from == 0x00) {
493 (*from)++;
Andrzej Kurek9241d182018-11-20 05:04:35 -0500[diff] [blame]494 unpadded_len--;
Andrzej Kurekb7b04782018-11-19 17:01:16 -0500[diff] [blame]495 }
496
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]497 if (unpadded_len > to_len || unpadded_len == 0) {
498 return MBEDTLS_ERR_ASN1_LENGTH_MISMATCH;
499 }
Andrzej Kurekb7b04782018-11-19 17:01:16 -0500[diff] [blame]500
Andrzej Kurek9241d182018-11-20 05:04:35 -0500[diff] [blame]501 padding_len = to_len - unpadded_len;
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]502 memset(to, 0x00, padding_len);
503 memcpy(to + padding_len, *from, unpadded_len);
504 (*from) += unpadded_len;
Andrzej Kurekb7b04782018-11-19 17:01:16 -0500[diff] [blame]505
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]506 return 0;
Andrzej Kurekb7b04782018-11-19 17:01:16 -0500[diff] [blame]507}
508
509/*
Andrzej Kurek8b036a62018-10-31 05:16:46 -0400[diff] [blame]510 * Convert a signature from an ASN.1 sequence of two integers
Andrzej Kurek9241d182018-11-20 05:04:35 -0500[diff] [blame]511 * to a raw {r,s} buffer. Note: the provided sig buffer must be at least
Andrzej Kurekb6016c52018-11-19 17:41:58 -0500[diff] [blame]512 * twice as big as int_size.
Andrzej Kurek8b036a62018-10-31 05:16:46 -0400[diff] [blame]513 */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]514static int extract_ecdsa_sig(unsigned char **p, const unsigned char *end,
515 unsigned char *sig, size_t int_size)
Andrzej Kurek8b036a62018-10-31 05:16:46 -0400[diff] [blame]516{
Janos Follath24eed8d2019-11-22 13:21:35 +0000[diff] [blame]517 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Andrzej Kurek9241d182018-11-20 05:04:35 -0500[diff] [blame]518 size_t tmp_size;
Andrzej Kurek3f864c22018-11-07 09:30:50 -0500[diff] [blame]519
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]520 if ((ret = mbedtls_asn1_get_tag(p, end, &tmp_size,
521 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
522 return ret;
523 }
Andrzej Kurek8b036a62018-10-31 05:16:46 -0400[diff] [blame]524
Andrzej Kurekb7b04782018-11-19 17:01:16 -0500[diff] [blame]525 /* Extract r */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]526 if ((ret = extract_ecdsa_sig_int(p, end, sig, int_size)) != 0) {
527 return ret;
528 }
Andrzej Kurekb7b04782018-11-19 17:01:16 -0500[diff] [blame]529 /* Extract s */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]530 if ((ret = extract_ecdsa_sig_int(p, end, sig + int_size, int_size)) != 0) {
531 return ret;
532 }
Andrzej Kurek3f864c22018-11-07 09:30:50 -0500[diff] [blame]533
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]534 return 0;
Andrzej Kurek8b036a62018-10-31 05:16:46 -0400[diff] [blame]535}
536
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]537static int ecdsa_verify_wrap(void *ctx_arg, mbedtls_md_type_t md_alg,
538 const unsigned char *hash, size_t hash_len,
539 const unsigned char *sig, size_t sig_len)
Andrzej Kurek8b036a62018-10-31 05:16:46 -0400[diff] [blame]540{
Gilles Peskinefc2459d2019-12-12 17:50:44 +0100[diff] [blame]541 mbedtls_ecdsa_context *ctx = ctx_arg;
Janos Follath24eed8d2019-11-22 13:21:35 +0000[diff] [blame]542 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Gilles Peskined2d45c12019-05-27 14:53:13 +0200[diff] [blame]543 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Ronald Croncf56a0a2020-08-04 09:51:30 +0200[diff] [blame]544 psa_key_id_t key_id = 0;
Gilles Peskined2d45c12019-05-27 14:53:13 +0200[diff] [blame]545 psa_status_t status;
Andrzej Kurek8b036a62018-10-31 05:16:46 -0400[diff] [blame]546 mbedtls_pk_context key;
Andrzej Kurek8b036a62018-10-31 05:16:46 -0400[diff] [blame]547 int key_len;
Andrzej Kurek9241d182018-11-20 05:04:35 -0500[diff] [blame]548 /* see ECP_PUB_DER_MAX_BYTES in pkwrite.c */
549 unsigned char buf[30 + 2 * MBEDTLS_ECP_MAX_BYTES];
Hanno Beckera9851112019-01-25 16:37:10 +0000[diff] [blame]550 unsigned char *p;
Andrzej Kurek8b036a62018-10-31 05:16:46 -0400[diff] [blame]551 mbedtls_pk_info_t pk_info = mbedtls_eckey_info;
John Durkop2ec2eaa2020-08-24 18:29:15 -0700[diff] [blame]552 psa_algorithm_t psa_sig_md = PSA_ALG_ECDSA_ANY;
Gilles Peskinefc2459d2019-12-12 17:50:44 +0100[diff] [blame]553 size_t curve_bits;
Paul Elliott8ff510a2020-06-02 17:19:28 +0100[diff] [blame]554 psa_ecc_family_t curve =
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]555 mbedtls_ecc_group_to_psa(ctx->grp.id, &curve_bits);
556 const size_t signature_part_size = (ctx->grp.nbits + 7) / 8;
John Durkop2ec2eaa2020-08-24 18:29:15 -0700[diff] [blame]557 ((void) md_alg);
Andrzej Kurek8b036a62018-10-31 05:16:46 -0400[diff] [blame]558
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]559 if (curve == 0) {
560 return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
561 }
Andrzej Kurekb3d1b122018-11-07 08:18:52 -0500[diff] [blame]562
Hanno Beckerccf574e2019-01-29 08:26:15 +0000[diff] [blame]563 /* mbedtls_pk_write_pubkey() expects a full PK context;
Andrzej Kurek9241d182018-11-20 05:04:35 -0500[diff] [blame]564 * re-construct one to make it happy */
Andrzej Kurek8b036a62018-10-31 05:16:46 -0400[diff] [blame]565 key.pk_info = &pk_info;
566 key.pk_ctx = ctx;
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]567 p = buf + sizeof(buf);
568 key_len = mbedtls_pk_write_pubkey(&p, buf, &key);
569 if (key_len <= 0) {
570 return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
571 }
Andrzej Kurek8b036a62018-10-31 05:16:46 -0400[diff] [blame]572
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]573 psa_set_key_type(&attributes, PSA_KEY_TYPE_ECC_PUBLIC_KEY(curve));
574 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH);
575 psa_set_key_algorithm(&attributes, psa_sig_md);
Andrzej Kurek2349c4d2019-01-08 09:36:01 -0500[diff] [blame]576
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]577 status = psa_import_key(&attributes,
578 buf + sizeof(buf) - key_len, key_len,
579 &key_id);
580 if (status != PSA_SUCCESS) {
581 ret = mbedtls_psa_err_translate_pk(status);
Andrzej Kurek8b036a62018-10-31 05:16:46 -0400[diff] [blame]582 goto cleanup;
583 }
584
Andrzej Kurekeeac03b2018-11-20 06:39:06 -0500[diff] [blame]585 /* We don't need the exported key anymore and can
586 * reuse its buffer for signature extraction. */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]587 if (2 * signature_part_size > sizeof(buf)) {
Andrzej Kurekb6016c52018-11-19 17:41:58 -0500[diff] [blame]588 ret = MBEDTLS_ERR_PK_BAD_INPUT_DATA;
589 goto cleanup;
590 }
Andrzej Kurekb6016c52018-11-19 17:41:58 -0500[diff] [blame]591
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]592 p = (unsigned char *) sig;
593 if ((ret = extract_ecdsa_sig(&p, sig + sig_len, buf,
594 signature_part_size)) != 0) {
Andrzej Kurekb6016c52018-11-19 17:41:58 -0500[diff] [blame]595 goto cleanup;
596 }
597
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]598 if (psa_verify_hash(key_id, psa_sig_md,
599 hash, hash_len,
600 buf, 2 * signature_part_size)
601 != PSA_SUCCESS) {
602 ret = MBEDTLS_ERR_ECP_VERIFY_FAILED;
603 goto cleanup;
Andrzej Kurek8b036a62018-10-31 05:16:46 -0400[diff] [blame]604 }
Andrzej Kurekad5d5812018-11-20 07:59:18 -0500[diff] [blame]605
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]606 if (p != sig + sig_len) {
Andrzej Kurekad5d5812018-11-20 07:59:18 -0500[diff] [blame]607 ret = MBEDTLS_ERR_PK_SIG_LEN_MISMATCH;
608 goto cleanup;
609 }
Andrzej Kurek8b036a62018-10-31 05:16:46 -0400[diff] [blame]610 ret = 0;
Andrzej Kurek8b036a62018-10-31 05:16:46 -0400[diff] [blame]611
Andrzej Kurekb7b04782018-11-19 17:01:16 -0500[diff] [blame]612cleanup:
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]613 psa_destroy_key(key_id);
614 return ret;
Andrzej Kurek8b036a62018-10-31 05:16:46 -0400[diff] [blame]615}
616#else /* MBEDTLS_USE_PSA_CRYPTO */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]617static int ecdsa_verify_wrap(void *ctx, mbedtls_md_type_t md_alg,
618 const unsigned char *hash, size_t hash_len,
619 const unsigned char *sig, size_t sig_len)
Manuel Pégourié-Gonnard09162dd2013-08-14 18:16:50 +0200[diff] [blame]620{
Janos Follath24eed8d2019-11-22 13:21:35 +0000[diff] [blame]621 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Manuel Pégourié-Gonnardf73da022013-08-17 14:36:32 +0200[diff] [blame]622 ((void) md_alg);
623
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]624 ret = mbedtls_ecdsa_read_signature((mbedtls_ecdsa_context *) ctx,
625 hash, hash_len, sig, sig_len);
Manuel Pégourié-Gonnard2abed842014-04-08 12:40:15 +0200[diff] [blame]626
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]627 if (ret == MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH) {
628 return MBEDTLS_ERR_PK_SIG_LEN_MISMATCH;
629 }
Manuel Pégourié-Gonnard2abed842014-04-08 12:40:15 +0200[diff] [blame]630
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]631 return ret;
Manuel Pégourié-Gonnard09162dd2013-08-14 18:16:50 +0200[diff] [blame]632}
Andrzej Kurek8b036a62018-10-31 05:16:46 -0400[diff] [blame]633#endif /* MBEDTLS_USE_PSA_CRYPTO */
Manuel Pégourié-Gonnard09162dd2013-08-14 18:16:50 +0200[diff] [blame]634
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]635static int ecdsa_sign_wrap(void *ctx, mbedtls_md_type_t md_alg,
636 const unsigned char *hash, size_t hash_len,
637 unsigned char *sig, size_t *sig_len,
638 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Manuel Pégourié-Gonnard8df27692013-08-21 10:34:38 +0200[diff] [blame]639{
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]640 return mbedtls_ecdsa_write_signature((mbedtls_ecdsa_context *) ctx,
641 md_alg, hash, hash_len, sig, sig_len, f_rng, p_rng);
Manuel Pégourié-Gonnard8df27692013-08-21 10:34:38 +0200[diff] [blame]642}
643
Manuel Pégourié-Gonnard1f596062017-05-09 10:42:40 +0200[diff] [blame]644#if defined(MBEDTLS_ECP_RESTARTABLE)
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]645static int ecdsa_verify_rs_wrap(void *ctx, mbedtls_md_type_t md_alg,
646 const unsigned char *hash, size_t hash_len,
647 const unsigned char *sig, size_t sig_len,
648 void *rs_ctx)
Manuel Pégourié-Gonnard1f596062017-05-09 10:42:40 +0200[diff] [blame]649{
Janos Follath24eed8d2019-11-22 13:21:35 +0000[diff] [blame]650 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Manuel Pégourié-Gonnard1f596062017-05-09 10:42:40 +0200[diff] [blame]651 ((void) md_alg);
652
653 ret = mbedtls_ecdsa_read_signature_restartable(
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]654 (mbedtls_ecdsa_context *) ctx,
655 hash, hash_len, sig, sig_len,
656 (mbedtls_ecdsa_restart_ctx *) rs_ctx);
Manuel Pégourié-Gonnard1f596062017-05-09 10:42:40 +0200[diff] [blame]657
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]658 if (ret == MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH) {
659 return MBEDTLS_ERR_PK_SIG_LEN_MISMATCH;
660 }
Manuel Pégourié-Gonnard1f596062017-05-09 10:42:40 +0200[diff] [blame]661
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]662 return ret;
Manuel Pégourié-Gonnard1f596062017-05-09 10:42:40 +0200[diff] [blame]663}
664
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]665static int ecdsa_sign_rs_wrap(void *ctx, mbedtls_md_type_t md_alg,
666 const unsigned char *hash, size_t hash_len,
667 unsigned char *sig, size_t *sig_len,
668 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
669 void *rs_ctx)
Manuel Pégourié-Gonnard1f596062017-05-09 10:42:40 +0200[diff] [blame]670{
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]671 return mbedtls_ecdsa_write_signature_restartable(
672 (mbedtls_ecdsa_context *) ctx,
673 md_alg, hash, hash_len, sig, sig_len, f_rng, p_rng,
674 (mbedtls_ecdsa_restart_ctx *) rs_ctx);
Manuel Pégourié-Gonnard1f596062017-05-09 10:42:40 +0200[diff] [blame]675
676}
677#endif /* MBEDTLS_ECP_RESTARTABLE */
678
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]679static void *ecdsa_alloc_wrap(void)
Manuel Pégourié-Gonnard09162dd2013-08-14 18:16:50 +0200[diff] [blame]680{
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]681 void *ctx = mbedtls_calloc(1, sizeof(mbedtls_ecdsa_context));
Manuel Pégourié-Gonnard09162dd2013-08-14 18:16:50 +0200[diff] [blame]682
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]683 if (ctx != NULL) {
684 mbedtls_ecdsa_init((mbedtls_ecdsa_context *) ctx);
685 }
Manuel Pégourié-Gonnard09162dd2013-08-14 18:16:50 +0200[diff] [blame]686
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]687 return ctx;
Manuel Pégourié-Gonnard09162dd2013-08-14 18:16:50 +0200[diff] [blame]688}
689
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]690static void ecdsa_free_wrap(void *ctx)
Manuel Pégourié-Gonnard09162dd2013-08-14 18:16:50 +0200[diff] [blame]691{
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]692 mbedtls_ecdsa_free((mbedtls_ecdsa_context *) ctx);
693 mbedtls_free(ctx);
Manuel Pégourié-Gonnard09162dd2013-08-14 18:16:50 +0200[diff] [blame]694}
695
Manuel Pégourié-Gonnardfe687702017-08-18 17:04:07 +0200[diff] [blame]696#if defined(MBEDTLS_ECP_RESTARTABLE)
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]697static void *ecdsa_rs_alloc(void)
Manuel Pégourié-Gonnardfe687702017-08-18 17:04:07 +0200[diff] [blame]698{
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]699 void *ctx = mbedtls_calloc(1, sizeof(mbedtls_ecdsa_restart_ctx));
Manuel Pégourié-Gonnardfe687702017-08-18 17:04:07 +0200[diff] [blame]700
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]701 if (ctx != NULL) {
702 mbedtls_ecdsa_restart_init(ctx);
703 }
Manuel Pégourié-Gonnardfe687702017-08-18 17:04:07 +0200[diff] [blame]704
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]705 return ctx;
Manuel Pégourié-Gonnardfe687702017-08-18 17:04:07 +0200[diff] [blame]706}
707
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]708static void ecdsa_rs_free(void *ctx)
Manuel Pégourié-Gonnardfe687702017-08-18 17:04:07 +0200[diff] [blame]709{
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]710 mbedtls_ecdsa_restart_free(ctx);
711 mbedtls_free(ctx);
Manuel Pégourié-Gonnardfe687702017-08-18 17:04:07 +0200[diff] [blame]712}
713#endif /* MBEDTLS_ECP_RESTARTABLE */
714
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]715const mbedtls_pk_info_t mbedtls_ecdsa_info = {
716 MBEDTLS_PK_ECDSA,
Manuel Pégourié-Gonnard09162dd2013-08-14 18:16:50 +0200[diff] [blame]717 "ECDSA",
Manuel Pégourié-Gonnard39a48f42015-06-18 16:06:55 +0200[diff] [blame]718 eckey_get_bitlen, /* Compatible key structures */
Manuel Pégourié-Gonnard09162dd2013-08-14 18:16:50 +0200[diff] [blame]719 ecdsa_can_do,
720 ecdsa_verify_wrap,
Manuel Pégourié-Gonnard8df27692013-08-21 10:34:38 +0200[diff] [blame]721 ecdsa_sign_wrap,
Manuel Pégourié-Gonnard1f596062017-05-09 10:42:40 +0200[diff] [blame]722#if defined(MBEDTLS_ECP_RESTARTABLE)
723 ecdsa_verify_rs_wrap,
724 ecdsa_sign_rs_wrap,
725#endif
Manuel Pégourié-Gonnarda2d3f222013-08-21 11:51:08 +0200[diff] [blame]726 NULL,
727 NULL,
Manuel Pégourié-Gonnard70bdadf2014-11-06 16:51:20 +0100[diff] [blame]728 eckey_check_pair, /* Compatible key structures */
Manuel Pégourié-Gonnard09162dd2013-08-14 18:16:50 +0200[diff] [blame]729 ecdsa_alloc_wrap,
730 ecdsa_free_wrap,
Manuel Pégourié-Gonnard0bbc66c2017-08-18 16:22:06 +0200[diff] [blame]731#if defined(MBEDTLS_ECP_RESTARTABLE)
Manuel Pégourié-Gonnardfe687702017-08-18 17:04:07 +0200[diff] [blame]732 ecdsa_rs_alloc,
733 ecdsa_rs_free,
Manuel Pégourié-Gonnard0bbc66c2017-08-18 16:22:06 +0200[diff] [blame]734#endif
Manuel Pégourié-Gonnard09162dd2013-08-14 18:16:50 +0200[diff] [blame]735 eckey_debug, /* Compatible key structures */
736};
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]737#endif /* MBEDTLS_ECDSA_C */
Manuel Pégourié-Gonnard12c1ff02013-08-21 12:28:31 +0200[diff] [blame]738
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]739#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
Manuel Pégourié-Gonnard12c1ff02013-08-21 12:28:31 +0200[diff] [blame]740/*
741 * Support for alternative RSA-private implementations
742 */
743
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]744static int rsa_alt_can_do(mbedtls_pk_type_t type)
Manuel Pégourié-Gonnard20422e92014-06-05 13:41:44 +0200[diff] [blame]745{
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]746 return type == MBEDTLS_PK_RSA;
Manuel Pégourié-Gonnard20422e92014-06-05 13:41:44 +0200[diff] [blame]747}
748
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]749static size_t rsa_alt_get_bitlen(const void *ctx)
Manuel Pégourié-Gonnard12c1ff02013-08-21 12:28:31 +0200[diff] [blame]750{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]751 const mbedtls_rsa_alt_context *rsa_alt = (const mbedtls_rsa_alt_context *) ctx;
Manuel Pégourié-Gonnard12c1ff02013-08-21 12:28:31 +0200[diff] [blame]752
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]753 return 8 * rsa_alt->key_len_func(rsa_alt->key);
Manuel Pégourié-Gonnard12c1ff02013-08-21 12:28:31 +0200[diff] [blame]754}
755
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]756static int rsa_alt_sign_wrap(void *ctx, mbedtls_md_type_t md_alg,
757 const unsigned char *hash, size_t hash_len,
758 unsigned char *sig, size_t *sig_len,
759 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Manuel Pégourié-Gonnard12c1ff02013-08-21 12:28:31 +0200[diff] [blame]760{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]761 mbedtls_rsa_alt_context *rsa_alt = (mbedtls_rsa_alt_context *) ctx;
Manuel Pégourié-Gonnard12c1ff02013-08-21 12:28:31 +0200[diff] [blame]762
Andres Amaya Garcia7c02c502017-08-04 13:32:15 +0100[diff] [blame]763#if SIZE_MAX > UINT_MAX
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]764 if (UINT_MAX < hash_len) {
765 return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
766 }
Andres Amaya Garcia7c02c502017-08-04 13:32:15 +0100[diff] [blame]767#endif /* SIZE_MAX > UINT_MAX */
Andres AG72849872017-01-19 11:24:33 +0000[diff] [blame]768
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]769 *sig_len = rsa_alt->key_len_func(rsa_alt->key);
770 if (*sig_len > MBEDTLS_PK_SIGNATURE_MAX_SIZE) {
771 return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
772 }
Manuel Pégourié-Gonnard12c1ff02013-08-21 12:28:31 +0200[diff] [blame]773
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]774 return rsa_alt->sign_func(rsa_alt->key, f_rng, p_rng, MBEDTLS_RSA_PRIVATE,
775 md_alg, (unsigned int) hash_len, hash, sig);
Manuel Pégourié-Gonnard12c1ff02013-08-21 12:28:31 +0200[diff] [blame]776}
777
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]778static int rsa_alt_decrypt_wrap(void *ctx,
779 const unsigned char *input, size_t ilen,
780 unsigned char *output, size_t *olen, size_t osize,
781 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Manuel Pégourié-Gonnard12c1ff02013-08-21 12:28:31 +0200[diff] [blame]782{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]783 mbedtls_rsa_alt_context *rsa_alt = (mbedtls_rsa_alt_context *) ctx;
Manuel Pégourié-Gonnard12c1ff02013-08-21 12:28:31 +0200[diff] [blame]784
785 ((void) f_rng);
786 ((void) p_rng);
787
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]788 if (ilen != rsa_alt->key_len_func(rsa_alt->key)) {
789 return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
790 }
Manuel Pégourié-Gonnard12c1ff02013-08-21 12:28:31 +0200[diff] [blame]791
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]792 return rsa_alt->decrypt_func(rsa_alt->key,
793 MBEDTLS_RSA_PRIVATE, olen, input, output, osize);
Manuel Pégourié-Gonnard12c1ff02013-08-21 12:28:31 +0200[diff] [blame]794}
795
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]796#if defined(MBEDTLS_RSA_C)
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]797static int rsa_alt_check_pair(const void *pub, const void *prv)
Manuel Pégourié-Gonnarda1efcb02014-11-08 17:08:08 +0100[diff] [blame]798{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]799 unsigned char sig[MBEDTLS_MPI_MAX_SIZE];
Manuel Pégourié-Gonnarda1efcb02014-11-08 17:08:08 +0100[diff] [blame]800 unsigned char hash[32];
801 size_t sig_len = 0;
Janos Follath24eed8d2019-11-22 13:21:35 +0000[diff] [blame]802 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Manuel Pégourié-Gonnarda1efcb02014-11-08 17:08:08 +0100[diff] [blame]803
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]804 if (rsa_alt_get_bitlen(prv) != rsa_get_bitlen(pub)) {
805 return MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
Manuel Pégourié-Gonnarda1efcb02014-11-08 17:08:08 +0100[diff] [blame]806 }
807
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]808 memset(hash, 0x2a, sizeof(hash));
809
810 if ((ret = rsa_alt_sign_wrap((void *) prv, MBEDTLS_MD_NONE,
811 hash, sizeof(hash),
812 sig, &sig_len, NULL, NULL)) != 0) {
813 return ret;
Manuel Pégourié-Gonnarda1efcb02014-11-08 17:08:08 +0100[diff] [blame]814 }
815
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]816 if (rsa_verify_wrap((void *) pub, MBEDTLS_MD_NONE,
817 hash, sizeof(hash), sig, sig_len) != 0) {
818 return MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
819 }
820
821 return 0;
Manuel Pégourié-Gonnarda1efcb02014-11-08 17:08:08 +0100[diff] [blame]822}
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]823#endif /* MBEDTLS_RSA_C */
Manuel Pégourié-Gonnarda1efcb02014-11-08 17:08:08 +0100[diff] [blame]824
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]825static void *rsa_alt_alloc_wrap(void)
Manuel Pégourié-Gonnard12c1ff02013-08-21 12:28:31 +0200[diff] [blame]826{
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]827 void *ctx = mbedtls_calloc(1, sizeof(mbedtls_rsa_alt_context));
Manuel Pégourié-Gonnard12c1ff02013-08-21 12:28:31 +0200[diff] [blame]828
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]829 if (ctx != NULL) {
830 memset(ctx, 0, sizeof(mbedtls_rsa_alt_context));
831 }
Manuel Pégourié-Gonnard12c1ff02013-08-21 12:28:31 +0200[diff] [blame]832
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]833 return ctx;
Manuel Pégourié-Gonnard12c1ff02013-08-21 12:28:31 +0200[diff] [blame]834}
835
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]836static void rsa_alt_free_wrap(void *ctx)
Manuel Pégourié-Gonnard12c1ff02013-08-21 12:28:31 +0200[diff] [blame]837{
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]838 mbedtls_platform_zeroize(ctx, sizeof(mbedtls_rsa_alt_context));
839 mbedtls_free(ctx);
Manuel Pégourié-Gonnard12c1ff02013-08-21 12:28:31 +0200[diff] [blame]840}
841
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]842const mbedtls_pk_info_t mbedtls_rsa_alt_info = {
843 MBEDTLS_PK_RSA_ALT,
Manuel Pégourié-Gonnard12c1ff02013-08-21 12:28:31 +0200[diff] [blame]844 "RSA-alt",
Manuel Pégourié-Gonnard39a48f42015-06-18 16:06:55 +0200[diff] [blame]845 rsa_alt_get_bitlen,
Manuel Pégourié-Gonnard20422e92014-06-05 13:41:44 +0200[diff] [blame]846 rsa_alt_can_do,
Manuel Pégourié-Gonnard12c1ff02013-08-21 12:28:31 +0200[diff] [blame]847 NULL,
848 rsa_alt_sign_wrap,
Manuel Pégourié-Gonnardaaa98142017-08-18 17:30:37 +0200[diff] [blame]849#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
Manuel Pégourié-Gonnard1f596062017-05-09 10:42:40 +0200[diff] [blame]850 NULL,
851 NULL,
852#endif
Manuel Pégourié-Gonnard12c1ff02013-08-21 12:28:31 +0200[diff] [blame]853 rsa_alt_decrypt_wrap,
854 NULL,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]855#if defined(MBEDTLS_RSA_C)
Manuel Pégourié-Gonnarda1efcb02014-11-08 17:08:08 +0100[diff] [blame]856 rsa_alt_check_pair,
Manuel Pégourié-Gonnard7c13d692014-11-12 00:01:34 +0100[diff] [blame]857#else
858 NULL,
859#endif
Manuel Pégourié-Gonnard12c1ff02013-08-21 12:28:31 +0200[diff] [blame]860 rsa_alt_alloc_wrap,
861 rsa_alt_free_wrap,
Manuel Pégourié-Gonnardaaa98142017-08-18 17:30:37 +0200[diff] [blame]862#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
Manuel Pégourié-Gonnard0bbc66c2017-08-18 16:22:06 +0200[diff] [blame]863 NULL,
864 NULL,
865#endif
Manuel Pégourié-Gonnard12c1ff02013-08-21 12:28:31 +0200[diff] [blame]866 NULL,
867};
Manuel Pégourié-Gonnardc40b4c32013-08-22 13:29:31 +0200[diff] [blame]868
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]869#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
Manuel Pégourié-Gonnard348bcb32015-03-31 14:01:33 +0200[diff] [blame]870
Manuel Pégourié-Gonnard20678b22018-10-22 12:11:15 +0200[diff] [blame]871#if defined(MBEDTLS_USE_PSA_CRYPTO)
872
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]873static void *pk_opaque_alloc_wrap(void)
Manuel Pégourié-Gonnard7b5fe042018-10-31 09:57:45 +0100[diff] [blame]874{
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]875 void *ctx = mbedtls_calloc(1, sizeof(psa_key_id_t));
Manuel Pégourié-Gonnard7b5fe042018-10-31 09:57:45 +0100[diff] [blame]876
Tom Cosgrove5205c972022-07-28 06:12:08 +0100[diff] [blame]877 /* no _init() function to call, as calloc() already zeroized */
Manuel Pégourié-Gonnard7b5fe042018-10-31 09:57:45 +0100[diff] [blame]878
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]879 return ctx;
Manuel Pégourié-Gonnard7b5fe042018-10-31 09:57:45 +0100[diff] [blame]880}
881
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]882static void pk_opaque_free_wrap(void *ctx)
Manuel Pégourié-Gonnard7b5fe042018-10-31 09:57:45 +0100[diff] [blame]883{
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]884 mbedtls_platform_zeroize(ctx, sizeof(psa_key_id_t));
885 mbedtls_free(ctx);
Manuel Pégourié-Gonnard7b5fe042018-10-31 09:57:45 +0100[diff] [blame]886}
887
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]888static size_t pk_opaque_get_bitlen(const void *ctx)
Manuel Pégourié-Gonnard0184b3c2018-10-31 10:36:51 +0100[diff] [blame]889{
Ronald Croncf56a0a2020-08-04 09:51:30 +0200[diff] [blame]890 const psa_key_id_t *key = (const psa_key_id_t *) ctx;
Manuel Pégourié-Gonnard0184b3c2018-10-31 10:36:51 +0100[diff] [blame]891 size_t bits;
Gilles Peskined2d45c12019-05-27 14:53:13 +0200[diff] [blame]892 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Manuel Pégourié-Gonnard0184b3c2018-10-31 10:36:51 +0100[diff] [blame]893
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]894 if (PSA_SUCCESS != psa_get_key_attributes(*key, &attributes)) {
895 return 0;
896 }
Manuel Pégourié-Gonnard0184b3c2018-10-31 10:36:51 +0100[diff] [blame]897
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]898 bits = psa_get_key_bits(&attributes);
899 psa_reset_key_attributes(&attributes);
900 return bits;
Manuel Pégourié-Gonnard0184b3c2018-10-31 10:36:51 +0100[diff] [blame]901}
902
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]903static int pk_opaque_can_do(mbedtls_pk_type_t type)
Manuel Pégourié-Gonnard920c0632018-10-31 10:57:29 +0100[diff] [blame]904{
905 /* For now opaque PSA keys can only wrap ECC keypairs,
906 * as checked by setup_psa().
907 * Also, ECKEY_DH does not really make sense with the current API. */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]908 return type == MBEDTLS_PK_ECKEY ||
909 type == MBEDTLS_PK_ECDSA;
Manuel Pégourié-Gonnard920c0632018-10-31 10:57:29 +0100[diff] [blame]910}
911
John Durkopf35069a2020-08-17 22:05:14 -0700[diff] [blame]912#if defined(MBEDTLS_ECDSA_C)
913
Manuel Pégourié-Gonnardd8454bc2018-11-13 10:32:00 +0100[diff] [blame]914/*
Manuel Pégourié-Gonnard509aff12018-11-15 12:17:38 +0100[diff] [blame]915 * Simultaneously convert and move raw MPI from the beginning of a buffer
916 * to an ASN.1 MPI at the end of the buffer.
917 * See also mbedtls_asn1_write_mpi().
Manuel Pégourié-Gonnardd8454bc2018-11-13 10:32:00 +0100[diff] [blame]918 *
919 * p: pointer to the end of the output buffer
920 * start: start of the output buffer, and also of the mpi to write at the end
Manuel Pégourié-Gonnard509aff12018-11-15 12:17:38 +0100[diff] [blame]921 * n_len: length of the mpi to read from start
Manuel Pégourié-Gonnardd8454bc2018-11-13 10:32:00 +0100[diff] [blame]922 */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]923static int asn1_write_mpibuf(unsigned char **p, unsigned char *start,
924 size_t n_len)
Manuel Pégourié-Gonnardd8454bc2018-11-13 10:32:00 +0100[diff] [blame]925{
Janos Follath24eed8d2019-11-22 13:21:35 +0000[diff] [blame]926 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Manuel Pégourié-Gonnardd8454bc2018-11-13 10:32:00 +0100[diff] [blame]927 size_t len = 0;
928
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]929 if ((size_t) (*p - start) < n_len) {
930 return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
931 }
Manuel Pégourié-Gonnardd8454bc2018-11-13 10:32:00 +0100[diff] [blame]932
933 len = n_len;
934 *p -= len;
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]935 memmove(*p, start, len);
Manuel Pégourié-Gonnardd8454bc2018-11-13 10:32:00 +0100[diff] [blame]936
Manuel Pégourié-Gonnard45013a12018-11-16 10:09:11 +0100[diff] [blame]937 /* ASN.1 DER encoding requires minimal length, so skip leading 0s.
Manuel Pégourié-Gonnard59eecb02018-11-16 10:54:54 +0100[diff] [blame]938 * Neither r nor s should be 0, but as a failsafe measure, still detect
939 * that rather than overflowing the buffer in case of a PSA error. */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]940 while (len > 0 && **p == 0x00) {
Manuel Pégourié-Gonnard45013a12018-11-16 10:09:11 +0100[diff] [blame]941 ++(*p);
942 --len;
943 }
944
Manuel Pégourié-Gonnard59eecb02018-11-16 10:54:54 +0100[diff] [blame]945 /* this is only reached if the signature was invalid */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]946 if (len == 0) {
947 return MBEDTLS_ERR_PK_HW_ACCEL_FAILED;
948 }
Manuel Pégourié-Gonnard59eecb02018-11-16 10:54:54 +0100[diff] [blame]949
Manuel Pégourié-Gonnardd8454bc2018-11-13 10:32:00 +0100[diff] [blame]950 /* if the msb is 1, ASN.1 requires that we prepend a 0.
Manuel Pégourié-Gonnard45013a12018-11-16 10:09:11 +0100[diff] [blame]951 * Neither r nor s can be 0, so we can assume len > 0 at all times. */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]952 if (**p & 0x80) {
953 if (*p - start < 1) {
954 return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
955 }
Manuel Pégourié-Gonnardd8454bc2018-11-13 10:32:00 +0100[diff] [blame]956
957 *--(*p) = 0x00;
958 len += 1;
959 }
960
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]961 MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
962 MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start,
963 MBEDTLS_ASN1_INTEGER));
Manuel Pégourié-Gonnardd8454bc2018-11-13 10:32:00 +0100[diff] [blame]964
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]965 return (int) len;
Manuel Pégourié-Gonnardd8454bc2018-11-13 10:32:00 +0100[diff] [blame]966}
967
968/* Transcode signature from PSA format to ASN.1 sequence.
969 * See ecdsa_signature_to_asn1 in ecdsa.c, but with byte buffers instead of
970 * MPIs, and in-place.
971 *
972 * [in/out] sig: the signature pre- and post-transcoding
973 * [in/out] sig_len: signature length pre- and post-transcoding
974 * [int] buf_len: the available size the in/out buffer
975 */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]976static int pk_ecdsa_sig_asn1_from_psa(unsigned char *sig, size_t *sig_len,
977 size_t buf_len)
Manuel Pégourié-Gonnardd8454bc2018-11-13 10:32:00 +0100[diff] [blame]978{
Janos Follath24eed8d2019-11-22 13:21:35 +0000[diff] [blame]979 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Manuel Pégourié-Gonnardd8454bc2018-11-13 10:32:00 +0100[diff] [blame]980 size_t len = 0;
981 const size_t rs_len = *sig_len / 2;
982 unsigned char *p = sig + buf_len;
983
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]984 MBEDTLS_ASN1_CHK_ADD(len, asn1_write_mpibuf(&p, sig + rs_len, rs_len));
985 MBEDTLS_ASN1_CHK_ADD(len, asn1_write_mpibuf(&p, sig, rs_len));
Manuel Pégourié-Gonnardd8454bc2018-11-13 10:32:00 +0100[diff] [blame]986
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]987 MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&p, sig, len));
988 MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&p, sig,
989 MBEDTLS_ASN1_CONSTRUCTED |
990 MBEDTLS_ASN1_SEQUENCE));
Manuel Pégourié-Gonnardd8454bc2018-11-13 10:32:00 +0100[diff] [blame]991
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]992 memmove(sig, p, len);
Manuel Pégourié-Gonnardd8454bc2018-11-13 10:32:00 +0100[diff] [blame]993 *sig_len = len;
Manuel Pégourié-Gonnard36867712018-10-31 16:22:49 +0100[diff] [blame]994
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]995 return 0;
Manuel Pégourié-Gonnard36867712018-10-31 16:22:49 +0100[diff] [blame]996}
997
John Durkopd46ede02020-08-24 09:51:00 -0700[diff] [blame]998#endif /* MBEDTLS_ECDSA_C */
John Durkopf35069a2020-08-17 22:05:14 -0700[diff] [blame]999
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1000static int pk_opaque_sign_wrap(void *ctx, mbedtls_md_type_t md_alg,
1001 const unsigned char *hash, size_t hash_len,
1002 unsigned char *sig, size_t *sig_len,
1003 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Manuel Pégourié-Gonnardd8454bc2018-11-13 10:32:00 +0100[diff] [blame]1004{
John Durkopf35069a2020-08-17 22:05:14 -0700[diff] [blame]1005#if !defined(MBEDTLS_ECDSA_C)
1006 ((void) ctx);
1007 ((void) md_alg);
1008 ((void) hash);
1009 ((void) hash_len);
1010 ((void) sig);
1011 ((void) sig_len);
1012 ((void) f_rng);
1013 ((void) p_rng);
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1014 return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
John Durkopaf5363c2020-08-24 08:29:39 -0700[diff] [blame]1015#else /* !MBEDTLS_ECDSA_C */
Ronald Croncf56a0a2020-08-04 09:51:30 +0200[diff] [blame]1016 const psa_key_id_t *key = (const psa_key_id_t *) ctx;
Gilles Peskined2d45c12019-05-27 14:53:13 +0200[diff] [blame]1017 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1018 psa_algorithm_t alg = PSA_ALG_ECDSA(mbedtls_psa_translate_md(md_alg));
Gilles Peskined2d45c12019-05-27 14:53:13 +0200[diff] [blame]1019 size_t buf_len;
Manuel Pégourié-Gonnardd8454bc2018-11-13 10:32:00 +0100[diff] [blame]1020 psa_status_t status;
1021
1022 /* PSA has its own RNG */
1023 (void) f_rng;
1024 (void) p_rng;
1025
1026 /* PSA needs an output buffer of known size, but our API doesn't provide
1027 * that information. Assume that the buffer is large enough for a
1028 * maximal-length signature with that key (otherwise the application is
1029 * buggy anyway). */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1030 status = psa_get_key_attributes(*key, &attributes);
1031 if (status != PSA_SUCCESS) {
1032 return mbedtls_psa_err_translate_pk(status);
1033 }
1034 buf_len = MBEDTLS_ECDSA_MAX_SIG_LEN(psa_get_key_bits(&attributes));
1035 psa_reset_key_attributes(&attributes);
1036 if (buf_len > MBEDTLS_PK_SIGNATURE_MAX_SIZE) {
1037 return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
1038 }
Manuel Pégourié-Gonnardd8454bc2018-11-13 10:32:00 +0100[diff] [blame]1039
1040 /* make the signature */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1041 status = psa_sign_hash(*key, alg, hash, hash_len,
1042 sig, buf_len, sig_len);
1043 if (status != PSA_SUCCESS) {
1044 return mbedtls_psa_err_translate_pk(status);
1045 }
Manuel Pégourié-Gonnardd8454bc2018-11-13 10:32:00 +0100[diff] [blame]1046
1047 /* transcode it to ASN.1 sequence */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]1048 return pk_ecdsa_sig_asn1_from_psa(sig, sig_len, buf_len);
John Durkopaf5363c2020-08-24 08:29:39 -0700[diff] [blame]1049#endif /* !MBEDTLS_ECDSA_C */
Manuel Pégourié-Gonnardd8454bc2018-11-13 10:32:00 +0100[diff] [blame]1050}
1051
Manuel Pégourié-Gonnard69baf702018-11-06 09:34:30 +0100[diff] [blame]1052const mbedtls_pk_info_t mbedtls_pk_opaque_info = {
1053 MBEDTLS_PK_OPAQUE,
1054 "Opaque",
1055 pk_opaque_get_bitlen,
1056 pk_opaque_can_do,
Manuel Pégourié-Gonnard20678b22018-10-22 12:11:15 +0200[diff] [blame]1057 NULL, /* verify - will be done later */
Manuel Pégourié-Gonnard69baf702018-11-06 09:34:30 +0100[diff] [blame]1058 pk_opaque_sign_wrap,
Manuel Pégourié-Gonnard20678b22018-10-22 12:11:15 +0200[diff] [blame]1059#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
1060 NULL, /* restartable verify - not relevant */
1061 NULL, /* restartable sign - not relevant */
1062#endif
1063 NULL, /* decrypt - will be done later */
1064 NULL, /* encrypt - will be done later */
1065 NULL, /* check_pair - could be done later or left NULL */
Manuel Pégourié-Gonnard69baf702018-11-06 09:34:30 +0100[diff] [blame]1066 pk_opaque_alloc_wrap,
1067 pk_opaque_free_wrap,
Manuel Pégourié-Gonnard20678b22018-10-22 12:11:15 +0200[diff] [blame]1068#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
1069 NULL, /* restart alloc - not relevant */
1070 NULL, /* restart free - not relevant */
1071#endif
1072 NULL, /* debug - could be done later, or even left NULL */
1073};
1074
1075#endif /* MBEDTLS_USE_PSA_CRYPTO */
1076
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1077#endif /* MBEDTLS_PK_C */