1 /*
2  *  Public Key abstraction layer: wrapper functions
3  *
4  *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
5  *  SPDX-License-Identifier: Apache-2.0
6  *
7  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
8  *  not use this file except in compliance with the License.
9  *  You may obtain a copy of the License at
10  *
11  *  http://www.apache.org/licenses/LICENSE-2.0
12  *
13  *  Unless required by applicable law or agreed to in writing, software
14  *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15  *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  *  See the License for the specific language governing permissions and
17  *  limitations under the License.
18  *
19  *  This file is part of mbed TLS (https://tls.mbed.org)
20  */
21 
22 #if !defined(MBEDTLS_CONFIG_FILE)
23 #include "mbedtls/config.h"
24 #else
25 #include MBEDTLS_CONFIG_FILE
26 #endif
27 
28 #if defined(MBEDTLS_PK_C)
29 #include "mbedtls/pk_internal.h"
30 
31 /* Even if RSA not activated, for the sake of RSA-alt */
32 #include "mbedtls/rsa.h"
33 
34 #include <string.h>
35 
36 #if defined(MBEDTLS_ECP_C)
37 #include "mbedtls/ecp.h"
38 #endif
39 
40 #if defined(MBEDTLS_ECDSA_C)
41 #include "mbedtls/ecdsa.h"
42 #endif
43 
44 #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
45 #include "mbedtls/platform_util.h"
46 #endif
47 
48 #if defined(MBEDTLS_PLATFORM_C)
49 #include "mbedtls/platform.h"
50 #else
51 #include <stdlib.h>
52 #define mbedtls_calloc    calloc
53 #define mbedtls_free       free
54 #endif
55 
56 #include <limits.h>
57 #include <stdint.h>
58 
59 #if defined(MBEDTLS_RSA_C)
rsa_can_do(mbedtls_pk_type_t type)60 static int rsa_can_do( mbedtls_pk_type_t type )
61 {
62     return( type == MBEDTLS_PK_RSA ||
63             type == MBEDTLS_PK_RSASSA_PSS );
64 }
65 
rsa_get_bitlen(const void * ctx)66 static size_t rsa_get_bitlen( const void *ctx )
67 {
68     const mbedtls_rsa_context * rsa = (const mbedtls_rsa_context *) ctx;
69     return( 8 * mbedtls_rsa_get_len( rsa ) );
70 }
71 
rsa_verify_wrap(void * ctx,mbedtls_md_type_t md_alg,const unsigned char * hash,size_t hash_len,const unsigned char * sig,size_t sig_len)72 static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
73                    const unsigned char *hash, size_t hash_len,
74                    const unsigned char *sig, size_t sig_len )
75 {
76     int ret;
77     mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
78     size_t rsa_len = mbedtls_rsa_get_len( rsa );
79 
80 #if SIZE_MAX > UINT_MAX
81     if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len )
82         return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
83 #endif /* SIZE_MAX > UINT_MAX */
84 
85     if( sig_len < rsa_len )
86         return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
87 
88     if( ( ret = mbedtls_rsa_pkcs1_verify( rsa, NULL, NULL,
89                                   MBEDTLS_RSA_PUBLIC, md_alg,
90                                   (unsigned int) hash_len, hash, sig ) ) != 0 )
91         return( ret );
92 
93     /* The buffer contains a valid signature followed by extra data.
94      * We have a special error code for that so that so that callers can
95      * use mbedtls_pk_verify() to check "Does the buffer start with a
96      * valid signature?" and not just "Does the buffer contain a valid
97      * signature?". */
98     if( sig_len > rsa_len )
99         return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );
100 
101     return( 0 );
102 }
103 
rsa_sign_wrap(void * ctx,mbedtls_md_type_t md_alg,const unsigned char * hash,size_t hash_len,unsigned char * sig,size_t * sig_len,int (* f_rng)(void *,unsigned char *,size_t),void * p_rng)104 static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
105                    const unsigned char *hash, size_t hash_len,
106                    unsigned char *sig, size_t *sig_len,
107                    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
108 {
109     mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
110 
111 #if SIZE_MAX > UINT_MAX
112     if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len )
113         return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
114 #endif /* SIZE_MAX > UINT_MAX */
115 
116     *sig_len = mbedtls_rsa_get_len( rsa );
117 
118     return( mbedtls_rsa_pkcs1_sign( rsa, f_rng, p_rng, MBEDTLS_RSA_PRIVATE,
119                 md_alg, (unsigned int) hash_len, hash, sig ) );
120 }
121 
rsa_decrypt_wrap(void * ctx,const unsigned char * input,size_t ilen,unsigned char * output,size_t * olen,size_t osize,int (* f_rng)(void *,unsigned char *,size_t),void * p_rng)122 static int rsa_decrypt_wrap( void *ctx,
123                     const unsigned char *input, size_t ilen,
124                     unsigned char *output, size_t *olen, size_t osize,
125                     int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
126 {
127     mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
128 
129     if( ilen != mbedtls_rsa_get_len( rsa ) )
130         return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
131 
132     return( mbedtls_rsa_pkcs1_decrypt( rsa, f_rng, p_rng,
133                 MBEDTLS_RSA_PRIVATE, olen, input, output, osize ) );
134 }
135 
rsa_encrypt_wrap(void * ctx,const unsigned char * input,size_t ilen,unsigned char * output,size_t * olen,size_t osize,int (* f_rng)(void *,unsigned char *,size_t),void * p_rng)136 static int rsa_encrypt_wrap( void *ctx,
137                     const unsigned char *input, size_t ilen,
138                     unsigned char *output, size_t *olen, size_t osize,
139                     int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
140 {
141     mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
142     *olen = mbedtls_rsa_get_len( rsa );
143 
144     if( *olen > osize )
145         return( MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE );
146 
147     return( mbedtls_rsa_pkcs1_encrypt( rsa, f_rng, p_rng, MBEDTLS_RSA_PUBLIC,
148                                        ilen, input, output ) );
149 }
150 
rsa_check_pair_wrap(const void * pub,const void * prv)151 static int rsa_check_pair_wrap( const void *pub, const void *prv )
152 {
153     return( mbedtls_rsa_check_pub_priv( (const mbedtls_rsa_context *) pub,
154                                 (const mbedtls_rsa_context *) prv ) );
155 }
156 
rsa_alloc_wrap(void)157 static void *rsa_alloc_wrap( void )
158 {
159     void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_rsa_context ) );
160 
161     if( ctx != NULL )
162         mbedtls_rsa_init( (mbedtls_rsa_context *) ctx, 0, 0 );
163 
164     return( ctx );
165 }
166 
rsa_free_wrap(void * ctx)167 static void rsa_free_wrap( void *ctx )
168 {
169     mbedtls_rsa_free( (mbedtls_rsa_context *) ctx );
170     mbedtls_free( ctx );
171 }
172 
rsa_debug(const void * ctx,mbedtls_pk_debug_item * items)173 static void rsa_debug( const void *ctx, mbedtls_pk_debug_item *items )
174 {
175     items->type = MBEDTLS_PK_DEBUG_MPI;
176     items->name = "rsa.N";
177     items->value = &( ((mbedtls_rsa_context *) ctx)->N );
178 
179     items++;
180 
181     items->type = MBEDTLS_PK_DEBUG_MPI;
182     items->name = "rsa.E";
183     items->value = &( ((mbedtls_rsa_context *) ctx)->E );
184 }
185 
186 const mbedtls_pk_info_t mbedtls_rsa_info = {
187     MBEDTLS_PK_RSA,
188     "RSA",
189     rsa_get_bitlen,
190     rsa_can_do,
191     rsa_verify_wrap,
192     rsa_sign_wrap,
193 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
194     NULL,
195     NULL,
196 #endif
197     rsa_decrypt_wrap,
198     rsa_encrypt_wrap,
199     rsa_check_pair_wrap,
200     rsa_alloc_wrap,
201     rsa_free_wrap,
202 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
203     NULL,
204     NULL,
205 #endif
206     rsa_debug,
207 };
208 #endif /* MBEDTLS_RSA_C */
209 
210 #if defined(MBEDTLS_ECP_C)
211 /*
212  * Generic EC key
213  */
eckey_can_do(mbedtls_pk_type_t type)214 static int eckey_can_do( mbedtls_pk_type_t type )
215 {
216     return( type == MBEDTLS_PK_ECKEY ||
217             type == MBEDTLS_PK_ECKEY_DH ||
218             type == MBEDTLS_PK_ECDSA );
219 }
220 
eckey_get_bitlen(const void * ctx)221 static size_t eckey_get_bitlen( const void *ctx )
222 {
223     return( ((mbedtls_ecp_keypair *) ctx)->grp.pbits );
224 }
225 
226 #if defined(MBEDTLS_ECDSA_C)
227 /* Forward declarations */
228 static int ecdsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
229                        const unsigned char *hash, size_t hash_len,
230                        const unsigned char *sig, size_t sig_len );
231 
232 static int ecdsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
233                    const unsigned char *hash, size_t hash_len,
234                    unsigned char *sig, size_t *sig_len,
235                    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
236 
eckey_verify_wrap(void * ctx,mbedtls_md_type_t md_alg,const unsigned char * hash,size_t hash_len,const unsigned char * sig,size_t sig_len)237 static int eckey_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
238                        const unsigned char *hash, size_t hash_len,
239                        const unsigned char *sig, size_t sig_len )
240 {
241     int ret;
242     mbedtls_ecdsa_context ecdsa;
243 
244     mbedtls_ecdsa_init( &ecdsa );
245 
246     if( ( ret = mbedtls_ecdsa_from_keypair( &ecdsa, ctx ) ) == 0 )
247         ret = ecdsa_verify_wrap( &ecdsa, md_alg, hash, hash_len, sig, sig_len );
248 
249     mbedtls_ecdsa_free( &ecdsa );
250 
251     return( ret );
252 }
253 
eckey_sign_wrap(void * ctx,mbedtls_md_type_t md_alg,const unsigned char * hash,size_t hash_len,unsigned char * sig,size_t * sig_len,int (* f_rng)(void *,unsigned char *,size_t),void * p_rng)254 static int eckey_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
255                    const unsigned char *hash, size_t hash_len,
256                    unsigned char *sig, size_t *sig_len,
257                    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
258 {
259     int ret;
260     mbedtls_ecdsa_context ecdsa;
261 
262     mbedtls_ecdsa_init( &ecdsa );
263 
264     if( ( ret = mbedtls_ecdsa_from_keypair( &ecdsa, ctx ) ) == 0 )
265         ret = ecdsa_sign_wrap( &ecdsa, md_alg, hash, hash_len, sig, sig_len,
266                                f_rng, p_rng );
267 
268     mbedtls_ecdsa_free( &ecdsa );
269 
270     return( ret );
271 }
272 
273 #if defined(MBEDTLS_ECP_RESTARTABLE)
274 /* Forward declarations */
275 static int ecdsa_verify_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
276                        const unsigned char *hash, size_t hash_len,
277                        const unsigned char *sig, size_t sig_len,
278                        void *rs_ctx );
279 
280 static int ecdsa_sign_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
281                    const unsigned char *hash, size_t hash_len,
282                    unsigned char *sig, size_t *sig_len,
283                    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
284                    void *rs_ctx );
285 
286 /*
287  * Restart context for ECDSA operations with ECKEY context
288  *
289  * We need to store an actual ECDSA context, as we need to pass the same to
290  * the underlying ecdsa function, so we can't create it on the fly every time.
291  */
292 typedef struct
293 {
294     mbedtls_ecdsa_restart_ctx ecdsa_rs;
295     mbedtls_ecdsa_context ecdsa_ctx;
296 } eckey_restart_ctx;
297 
eckey_rs_alloc(void)298 static void *eckey_rs_alloc( void )
299 {
300     eckey_restart_ctx *rs_ctx;
301 
302     void *ctx = mbedtls_calloc( 1, sizeof( eckey_restart_ctx ) );
303 
304     if( ctx != NULL )
305     {
306         rs_ctx = ctx;
307         mbedtls_ecdsa_restart_init( &rs_ctx->ecdsa_rs );
308         mbedtls_ecdsa_init( &rs_ctx->ecdsa_ctx );
309     }
310 
311     return( ctx );
312 }
313 
eckey_rs_free(void * ctx)314 static void eckey_rs_free( void *ctx )
315 {
316     eckey_restart_ctx *rs_ctx;
317 
318     if( ctx == NULL)
319         return;
320 
321     rs_ctx = ctx;
322     mbedtls_ecdsa_restart_free( &rs_ctx->ecdsa_rs );
323     mbedtls_ecdsa_free( &rs_ctx->ecdsa_ctx );
324 
325     mbedtls_free( ctx );
326 }
327 
eckey_verify_rs_wrap(void * ctx,mbedtls_md_type_t md_alg,const unsigned char * hash,size_t hash_len,const unsigned char * sig,size_t sig_len,void * rs_ctx)328 static int eckey_verify_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
329                        const unsigned char *hash, size_t hash_len,
330                        const unsigned char *sig, size_t sig_len,
331                        void *rs_ctx )
332 {
333     int ret;
334     eckey_restart_ctx *rs = rs_ctx;
335 
336     /* Should never happen */
337     if( rs == NULL )
338         return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
339 
340     /* set up our own sub-context if needed (that is, on first run) */
341     if( rs->ecdsa_ctx.grp.pbits == 0 )
342         MBEDTLS_MPI_CHK( mbedtls_ecdsa_from_keypair( &rs->ecdsa_ctx, ctx ) );
343 
344     MBEDTLS_MPI_CHK( ecdsa_verify_rs_wrap( &rs->ecdsa_ctx,
345                                            md_alg, hash, hash_len,
346                                            sig, sig_len, &rs->ecdsa_rs ) );
347 
348 cleanup:
349     return( ret );
350 }
351 
eckey_sign_rs_wrap(void * ctx,mbedtls_md_type_t md_alg,const unsigned char * hash,size_t hash_len,unsigned char * sig,size_t * sig_len,int (* f_rng)(void *,unsigned char *,size_t),void * p_rng,void * rs_ctx)352 static int eckey_sign_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
353                    const unsigned char *hash, size_t hash_len,
354                    unsigned char *sig, size_t *sig_len,
355                    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
356                        void *rs_ctx )
357 {
358     int ret;
359     eckey_restart_ctx *rs = rs_ctx;
360 
361     /* Should never happen */
362     if( rs == NULL )
363         return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
364 
365     /* set up our own sub-context if needed (that is, on first run) */
366     if( rs->ecdsa_ctx.grp.pbits == 0 )
367         MBEDTLS_MPI_CHK( mbedtls_ecdsa_from_keypair( &rs->ecdsa_ctx, ctx ) );
368 
369     MBEDTLS_MPI_CHK( ecdsa_sign_rs_wrap( &rs->ecdsa_ctx, md_alg,
370                                          hash, hash_len, sig, sig_len,
371                                          f_rng, p_rng, &rs->ecdsa_rs ) );
372 
373 cleanup:
374     return( ret );
375 }
376 #endif /* MBEDTLS_ECP_RESTARTABLE */
377 #endif /* MBEDTLS_ECDSA_C */
378 
eckey_check_pair(const void * pub,const void * prv)379 static int eckey_check_pair( const void *pub, const void *prv )
380 {
381     return( mbedtls_ecp_check_pub_priv( (const mbedtls_ecp_keypair *) pub,
382                                 (const mbedtls_ecp_keypair *) prv ) );
383 }
384 
eckey_alloc_wrap(void)385 static void *eckey_alloc_wrap( void )
386 {
387     void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ecp_keypair ) );
388 
389     if( ctx != NULL )
390         mbedtls_ecp_keypair_init( ctx );
391 
392     return( ctx );
393 }
394 
eckey_free_wrap(void * ctx)395 static void eckey_free_wrap( void *ctx )
396 {
397     mbedtls_ecp_keypair_free( (mbedtls_ecp_keypair *) ctx );
398     mbedtls_free( ctx );
399 }
400 
eckey_debug(const void * ctx,mbedtls_pk_debug_item * items)401 static void eckey_debug( const void *ctx, mbedtls_pk_debug_item *items )
402 {
403     items->type = MBEDTLS_PK_DEBUG_ECP;
404     items->name = "eckey.Q";
405     items->value = &( ((mbedtls_ecp_keypair *) ctx)->Q );
406 }
407 
408 const mbedtls_pk_info_t mbedtls_eckey_info = {
409     MBEDTLS_PK_ECKEY,
410     "EC",
411     eckey_get_bitlen,
412     eckey_can_do,
413 #if defined(MBEDTLS_ECDSA_C)
414     eckey_verify_wrap,
415     eckey_sign_wrap,
416 #if defined(MBEDTLS_ECP_RESTARTABLE)
417     eckey_verify_rs_wrap,
418     eckey_sign_rs_wrap,
419 #endif
420 #else /* MBEDTLS_ECDSA_C */
421     NULL,
422     NULL,
423 #endif /* MBEDTLS_ECDSA_C */
424     NULL,
425     NULL,
426     eckey_check_pair,
427     eckey_alloc_wrap,
428     eckey_free_wrap,
429 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
430     eckey_rs_alloc,
431     eckey_rs_free,
432 #endif
433     eckey_debug,
434 };
435 
436 /*
437  * EC key restricted to ECDH
438  */
eckeydh_can_do(mbedtls_pk_type_t type)439 static int eckeydh_can_do( mbedtls_pk_type_t type )
440 {
441     return( type == MBEDTLS_PK_ECKEY ||
442             type == MBEDTLS_PK_ECKEY_DH );
443 }
444 
445 const mbedtls_pk_info_t mbedtls_eckeydh_info = {
446     MBEDTLS_PK_ECKEY_DH,
447     "EC_DH",
448     eckey_get_bitlen,         /* Same underlying key structure */
449     eckeydh_can_do,
450     NULL,
451     NULL,
452 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
453     NULL,
454     NULL,
455 #endif
456     NULL,
457     NULL,
458     eckey_check_pair,
459     eckey_alloc_wrap,       /* Same underlying key structure */
460     eckey_free_wrap,        /* Same underlying key structure */
461 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
462     NULL,
463     NULL,
464 #endif
465     eckey_debug,            /* Same underlying key structure */
466 };
467 #endif /* MBEDTLS_ECP_C */
468 
469 #if defined(MBEDTLS_ECDSA_C)
ecdsa_can_do(mbedtls_pk_type_t type)470 static int ecdsa_can_do( mbedtls_pk_type_t type )
471 {
472     return( type == MBEDTLS_PK_ECDSA );
473 }
474 
ecdsa_verify_wrap(void * ctx,mbedtls_md_type_t md_alg,const unsigned char * hash,size_t hash_len,const unsigned char * sig,size_t sig_len)475 static int ecdsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
476                        const unsigned char *hash, size_t hash_len,
477                        const unsigned char *sig, size_t sig_len )
478 {
479     int ret;
480     ((void) md_alg);
481 
482     ret = mbedtls_ecdsa_read_signature( (mbedtls_ecdsa_context *) ctx,
483                                 hash, hash_len, sig, sig_len );
484 
485     if( ret == MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH )
486         return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );
487 
488     return( ret );
489 }
490 
ecdsa_sign_wrap(void * ctx,mbedtls_md_type_t md_alg,const unsigned char * hash,size_t hash_len,unsigned char * sig,size_t * sig_len,int (* f_rng)(void *,unsigned char *,size_t),void * p_rng)491 static int ecdsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
492                    const unsigned char *hash, size_t hash_len,
493                    unsigned char *sig, size_t *sig_len,
494                    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
495 {
496     return( mbedtls_ecdsa_write_signature( (mbedtls_ecdsa_context *) ctx,
497                 md_alg, hash, hash_len, sig, sig_len, f_rng, p_rng ) );
498 }
499 
500 #if defined(MBEDTLS_ECP_RESTARTABLE)
ecdsa_verify_rs_wrap(void * ctx,mbedtls_md_type_t md_alg,const unsigned char * hash,size_t hash_len,const unsigned char * sig,size_t sig_len,void * rs_ctx)501 static int ecdsa_verify_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
502                        const unsigned char *hash, size_t hash_len,
503                        const unsigned char *sig, size_t sig_len,
504                        void *rs_ctx )
505 {
506     int ret;
507     ((void) md_alg);
508 
509     ret = mbedtls_ecdsa_read_signature_restartable(
510             (mbedtls_ecdsa_context *) ctx,
511             hash, hash_len, sig, sig_len,
512             (mbedtls_ecdsa_restart_ctx *) rs_ctx );
513 
514     if( ret == MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH )
515         return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );
516 
517     return( ret );
518 }
519 
ecdsa_sign_rs_wrap(void * ctx,mbedtls_md_type_t md_alg,const unsigned char * hash,size_t hash_len,unsigned char * sig,size_t * sig_len,int (* f_rng)(void *,unsigned char *,size_t),void * p_rng,void * rs_ctx)520 static int ecdsa_sign_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
521                    const unsigned char *hash, size_t hash_len,
522                    unsigned char *sig, size_t *sig_len,
523                    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
524                    void *rs_ctx )
525 {
526     return( mbedtls_ecdsa_write_signature_restartable(
527                 (mbedtls_ecdsa_context *) ctx,
528                 md_alg, hash, hash_len, sig, sig_len, f_rng, p_rng,
529                 (mbedtls_ecdsa_restart_ctx *) rs_ctx ) );
530 
531 }
532 #endif /* MBEDTLS_ECP_RESTARTABLE */
533 
ecdsa_alloc_wrap(void)534 static void *ecdsa_alloc_wrap( void )
535 {
536     void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ecdsa_context ) );
537 
538     if( ctx != NULL )
539         mbedtls_ecdsa_init( (mbedtls_ecdsa_context *) ctx );
540 
541     return( ctx );
542 }
543 
ecdsa_free_wrap(void * ctx)544 static void ecdsa_free_wrap( void *ctx )
545 {
546     mbedtls_ecdsa_free( (mbedtls_ecdsa_context *) ctx );
547     mbedtls_free( ctx );
548 }
549 
550 #if defined(MBEDTLS_ECP_RESTARTABLE)
ecdsa_rs_alloc(void)551 static void *ecdsa_rs_alloc( void )
552 {
553     void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ecdsa_restart_ctx ) );
554 
555     if( ctx != NULL )
556         mbedtls_ecdsa_restart_init( ctx );
557 
558     return( ctx );
559 }
560 
ecdsa_rs_free(void * ctx)561 static void ecdsa_rs_free( void *ctx )
562 {
563     mbedtls_ecdsa_restart_free( ctx );
564     mbedtls_free( ctx );
565 }
566 #endif /* MBEDTLS_ECP_RESTARTABLE */
567 
568 const mbedtls_pk_info_t mbedtls_ecdsa_info = {
569     MBEDTLS_PK_ECDSA,
570     "ECDSA",
571     eckey_get_bitlen,     /* Compatible key structures */
572     ecdsa_can_do,
573     ecdsa_verify_wrap,
574     ecdsa_sign_wrap,
575 #if defined(MBEDTLS_ECP_RESTARTABLE)
576     ecdsa_verify_rs_wrap,
577     ecdsa_sign_rs_wrap,
578 #endif
579     NULL,
580     NULL,
581     eckey_check_pair,   /* Compatible key structures */
582     ecdsa_alloc_wrap,
583     ecdsa_free_wrap,
584 #if defined(MBEDTLS_ECP_RESTARTABLE)
585     ecdsa_rs_alloc,
586     ecdsa_rs_free,
587 #endif
588     eckey_debug,        /* Compatible key structures */
589 };
590 #endif /* MBEDTLS_ECDSA_C */
591 
592 #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
593 /*
594  * Support for alternative RSA-private implementations
595  */
596 
rsa_alt_can_do(mbedtls_pk_type_t type)597 static int rsa_alt_can_do( mbedtls_pk_type_t type )
598 {
599     return( type == MBEDTLS_PK_RSA );
600 }
601 
rsa_alt_get_bitlen(const void * ctx)602 static size_t rsa_alt_get_bitlen( const void *ctx )
603 {
604     const mbedtls_rsa_alt_context *rsa_alt = (const mbedtls_rsa_alt_context *) ctx;
605 
606     return( 8 * rsa_alt->key_len_func( rsa_alt->key ) );
607 }
608 
rsa_alt_sign_wrap(void * ctx,mbedtls_md_type_t md_alg,const unsigned char * hash,size_t hash_len,unsigned char * sig,size_t * sig_len,int (* f_rng)(void *,unsigned char *,size_t),void * p_rng)609 static int rsa_alt_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
610                    const unsigned char *hash, size_t hash_len,
611                    unsigned char *sig, size_t *sig_len,
612                    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
613 {
614     mbedtls_rsa_alt_context *rsa_alt = (mbedtls_rsa_alt_context *) ctx;
615 
616 #if SIZE_MAX > UINT_MAX
617     if( UINT_MAX < hash_len )
618         return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
619 #endif /* SIZE_MAX > UINT_MAX */
620 
621     *sig_len = rsa_alt->key_len_func( rsa_alt->key );
622 
623     return( rsa_alt->sign_func( rsa_alt->key, f_rng, p_rng, MBEDTLS_RSA_PRIVATE,
624                 md_alg, (unsigned int) hash_len, hash, sig ) );
625 }
626 
rsa_alt_decrypt_wrap(void * ctx,const unsigned char * input,size_t ilen,unsigned char * output,size_t * olen,size_t osize,int (* f_rng)(void *,unsigned char *,size_t),void * p_rng)627 static int rsa_alt_decrypt_wrap( void *ctx,
628                     const unsigned char *input, size_t ilen,
629                     unsigned char *output, size_t *olen, size_t osize,
630                     int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
631 {
632     mbedtls_rsa_alt_context *rsa_alt = (mbedtls_rsa_alt_context *) ctx;
633 
634     ((void) f_rng);
635     ((void) p_rng);
636 
637     if( ilen != rsa_alt->key_len_func( rsa_alt->key ) )
638         return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
639 
640     return( rsa_alt->decrypt_func( rsa_alt->key,
641                 MBEDTLS_RSA_PRIVATE, olen, input, output, osize ) );
642 }
643 
644 #if defined(MBEDTLS_RSA_C)
rsa_alt_check_pair(const void * pub,const void * prv)645 static int rsa_alt_check_pair( const void *pub, const void *prv )
646 {
647     unsigned char sig[MBEDTLS_MPI_MAX_SIZE];
648     unsigned char hash[32];
649     size_t sig_len = 0;
650     int ret;
651 
652     if( rsa_alt_get_bitlen( prv ) != rsa_get_bitlen( pub ) )
653         return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
654 
655     memset( hash, 0x2a, sizeof( hash ) );
656 
657     if( ( ret = rsa_alt_sign_wrap( (void *) prv, MBEDTLS_MD_NONE,
658                                    hash, sizeof( hash ),
659                                    sig, &sig_len, NULL, NULL ) ) != 0 )
660     {
661         return( ret );
662     }
663 
664     if( rsa_verify_wrap( (void *) pub, MBEDTLS_MD_NONE,
665                          hash, sizeof( hash ), sig, sig_len ) != 0 )
666     {
667         return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
668     }
669 
670     return( 0 );
671 }
672 #endif /* MBEDTLS_RSA_C */
673 
rsa_alt_alloc_wrap(void)674 static void *rsa_alt_alloc_wrap( void )
675 {
676     void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_rsa_alt_context ) );
677 
678     if( ctx != NULL )
679         memset( ctx, 0, sizeof( mbedtls_rsa_alt_context ) );
680 
681     return( ctx );
682 }
683 
rsa_alt_free_wrap(void * ctx)684 static void rsa_alt_free_wrap( void *ctx )
685 {
686     mbedtls_platform_zeroize( ctx, sizeof( mbedtls_rsa_alt_context ) );
687     mbedtls_free( ctx );
688 }
689 
690 const mbedtls_pk_info_t mbedtls_rsa_alt_info = {
691     MBEDTLS_PK_RSA_ALT,
692     "RSA-alt",
693     rsa_alt_get_bitlen,
694     rsa_alt_can_do,
695     NULL,
696     rsa_alt_sign_wrap,
697 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
698     NULL,
699     NULL,
700 #endif
701     rsa_alt_decrypt_wrap,
702     NULL,
703 #if defined(MBEDTLS_RSA_C)
704     rsa_alt_check_pair,
705 #else
706     NULL,
707 #endif
708     rsa_alt_alloc_wrap,
709     rsa_alt_free_wrap,
710 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
711     NULL,
712     NULL,
713 #endif
714     NULL,
715 };
716 
717 #endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
718 
719 #endif /* MBEDTLS_PK_C */
720