1c6672fdcSEdison Ai // SPDX-License-Identifier: Apache-2.0 2817466cbSJens Wiklander /* 3817466cbSJens Wiklander * Public Key abstraction layer 4817466cbSJens Wiklander * 5817466cbSJens Wiklander * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 6817466cbSJens Wiklander * 7817466cbSJens Wiklander * Licensed under the Apache License, Version 2.0 (the "License"); you may 8817466cbSJens Wiklander * not use this file except in compliance with the License. 9817466cbSJens Wiklander * You may obtain a copy of the License at 10817466cbSJens Wiklander * 11817466cbSJens Wiklander * http://www.apache.org/licenses/LICENSE-2.0 12817466cbSJens Wiklander * 13817466cbSJens Wiklander * Unless required by applicable law or agreed to in writing, software 14817466cbSJens Wiklander * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 15817466cbSJens Wiklander * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16817466cbSJens Wiklander * See the License for the specific language governing permissions and 17817466cbSJens Wiklander * limitations under the License. 18817466cbSJens Wiklander * 19817466cbSJens Wiklander * This file is part of mbed TLS (https://tls.mbed.org) 20817466cbSJens Wiklander */ 21817466cbSJens Wiklander 22817466cbSJens Wiklander #if !defined(MBEDTLS_CONFIG_FILE) 23817466cbSJens Wiklander #include "mbedtls/config.h" 24817466cbSJens Wiklander #else 25817466cbSJens Wiklander #include MBEDTLS_CONFIG_FILE 26817466cbSJens Wiklander #endif 27817466cbSJens Wiklander 28817466cbSJens Wiklander #if defined(MBEDTLS_PK_C) 29817466cbSJens Wiklander #include "mbedtls/pk.h" 30817466cbSJens Wiklander #include "mbedtls/pk_internal.h" 31817466cbSJens Wiklander 323d3b0591SJens Wiklander #include "mbedtls/platform_util.h" 33*11fa71b9SJerome Forissier #include "mbedtls/error.h" 34817466cbSJens Wiklander 35817466cbSJens Wiklander #if defined(MBEDTLS_RSA_C) 36817466cbSJens Wiklander #include "mbedtls/rsa.h" 37817466cbSJens Wiklander #endif 38817466cbSJens Wiklander #if defined(MBEDTLS_ECP_C) 39817466cbSJens Wiklander #include "mbedtls/ecp.h" 40817466cbSJens Wiklander #endif 41817466cbSJens Wiklander #if defined(MBEDTLS_ECDSA_C) 42817466cbSJens Wiklander #include "mbedtls/ecdsa.h" 43817466cbSJens Wiklander #endif 44817466cbSJens Wiklander 45*11fa71b9SJerome Forissier #if defined(MBEDTLS_USE_PSA_CRYPTO) 46*11fa71b9SJerome Forissier #include "mbedtls/psa_util.h" 47*11fa71b9SJerome Forissier #endif 48*11fa71b9SJerome Forissier 49817466cbSJens Wiklander #include <limits.h> 503d3b0591SJens Wiklander #include <stdint.h> 51817466cbSJens Wiklander 523d3b0591SJens Wiklander /* Parameter validation macros based on platform_util.h */ 533d3b0591SJens Wiklander #define PK_VALIDATE_RET( cond ) \ 543d3b0591SJens Wiklander MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_PK_BAD_INPUT_DATA ) 553d3b0591SJens Wiklander #define PK_VALIDATE( cond ) \ 563d3b0591SJens Wiklander MBEDTLS_INTERNAL_VALIDATE( cond ) 57817466cbSJens Wiklander 58817466cbSJens Wiklander /* 59817466cbSJens Wiklander * Initialise a mbedtls_pk_context 60817466cbSJens Wiklander */ 61817466cbSJens Wiklander void mbedtls_pk_init( mbedtls_pk_context *ctx ) 62817466cbSJens Wiklander { 633d3b0591SJens Wiklander PK_VALIDATE( ctx != NULL ); 64817466cbSJens Wiklander 65817466cbSJens Wiklander ctx->pk_info = NULL; 66817466cbSJens Wiklander ctx->pk_ctx = NULL; 67817466cbSJens Wiklander } 68817466cbSJens Wiklander 69817466cbSJens Wiklander /* 70817466cbSJens Wiklander * Free (the components of) a mbedtls_pk_context 71817466cbSJens Wiklander */ 72817466cbSJens Wiklander void mbedtls_pk_free( mbedtls_pk_context *ctx ) 73817466cbSJens Wiklander { 743d3b0591SJens Wiklander if( ctx == NULL ) 75817466cbSJens Wiklander return; 76817466cbSJens Wiklander 773d3b0591SJens Wiklander if ( ctx->pk_info != NULL ) 78817466cbSJens Wiklander ctx->pk_info->ctx_free_func( ctx->pk_ctx ); 79817466cbSJens Wiklander 803d3b0591SJens Wiklander mbedtls_platform_zeroize( ctx, sizeof( mbedtls_pk_context ) ); 81817466cbSJens Wiklander } 82817466cbSJens Wiklander 833d3b0591SJens Wiklander #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 843d3b0591SJens Wiklander /* 853d3b0591SJens Wiklander * Initialize a restart context 863d3b0591SJens Wiklander */ 873d3b0591SJens Wiklander void mbedtls_pk_restart_init( mbedtls_pk_restart_ctx *ctx ) 883d3b0591SJens Wiklander { 893d3b0591SJens Wiklander PK_VALIDATE( ctx != NULL ); 903d3b0591SJens Wiklander ctx->pk_info = NULL; 913d3b0591SJens Wiklander ctx->rs_ctx = NULL; 923d3b0591SJens Wiklander } 933d3b0591SJens Wiklander 943d3b0591SJens Wiklander /* 953d3b0591SJens Wiklander * Free the components of a restart context 963d3b0591SJens Wiklander */ 973d3b0591SJens Wiklander void mbedtls_pk_restart_free( mbedtls_pk_restart_ctx *ctx ) 983d3b0591SJens Wiklander { 993d3b0591SJens Wiklander if( ctx == NULL || ctx->pk_info == NULL || 1003d3b0591SJens Wiklander ctx->pk_info->rs_free_func == NULL ) 1013d3b0591SJens Wiklander { 1023d3b0591SJens Wiklander return; 1033d3b0591SJens Wiklander } 1043d3b0591SJens Wiklander 1053d3b0591SJens Wiklander ctx->pk_info->rs_free_func( ctx->rs_ctx ); 1063d3b0591SJens Wiklander 1073d3b0591SJens Wiklander ctx->pk_info = NULL; 1083d3b0591SJens Wiklander ctx->rs_ctx = NULL; 1093d3b0591SJens Wiklander } 1103d3b0591SJens Wiklander #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ 1113d3b0591SJens Wiklander 112817466cbSJens Wiklander /* 113817466cbSJens Wiklander * Get pk_info structure from type 114817466cbSJens Wiklander */ 115817466cbSJens Wiklander const mbedtls_pk_info_t * mbedtls_pk_info_from_type( mbedtls_pk_type_t pk_type ) 116817466cbSJens Wiklander { 117817466cbSJens Wiklander switch( pk_type ) { 118817466cbSJens Wiklander #if defined(MBEDTLS_RSA_C) 119817466cbSJens Wiklander case MBEDTLS_PK_RSA: 120817466cbSJens Wiklander return( &mbedtls_rsa_info ); 121817466cbSJens Wiklander #endif 122817466cbSJens Wiklander #if defined(MBEDTLS_ECP_C) 123817466cbSJens Wiklander case MBEDTLS_PK_ECKEY: 124817466cbSJens Wiklander return( &mbedtls_eckey_info ); 125817466cbSJens Wiklander case MBEDTLS_PK_ECKEY_DH: 126817466cbSJens Wiklander return( &mbedtls_eckeydh_info ); 127817466cbSJens Wiklander #endif 128817466cbSJens Wiklander #if defined(MBEDTLS_ECDSA_C) 129817466cbSJens Wiklander case MBEDTLS_PK_ECDSA: 130817466cbSJens Wiklander return( &mbedtls_ecdsa_info ); 131817466cbSJens Wiklander #endif 132817466cbSJens Wiklander /* MBEDTLS_PK_RSA_ALT omitted on purpose */ 133817466cbSJens Wiklander default: 134817466cbSJens Wiklander return( NULL ); 135817466cbSJens Wiklander } 136817466cbSJens Wiklander } 137817466cbSJens Wiklander 138817466cbSJens Wiklander /* 139817466cbSJens Wiklander * Initialise context 140817466cbSJens Wiklander */ 141817466cbSJens Wiklander int mbedtls_pk_setup( mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info ) 142817466cbSJens Wiklander { 1433d3b0591SJens Wiklander PK_VALIDATE_RET( ctx != NULL ); 1443d3b0591SJens Wiklander if( info == NULL || ctx->pk_info != NULL ) 145817466cbSJens Wiklander return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 146817466cbSJens Wiklander 147817466cbSJens Wiklander if( ( ctx->pk_ctx = info->ctx_alloc_func() ) == NULL ) 148817466cbSJens Wiklander return( MBEDTLS_ERR_PK_ALLOC_FAILED ); 149817466cbSJens Wiklander 150817466cbSJens Wiklander ctx->pk_info = info; 151817466cbSJens Wiklander 152817466cbSJens Wiklander return( 0 ); 153817466cbSJens Wiklander } 154817466cbSJens Wiklander 155*11fa71b9SJerome Forissier #if defined(MBEDTLS_USE_PSA_CRYPTO) 156*11fa71b9SJerome Forissier /* 157*11fa71b9SJerome Forissier * Initialise a PSA-wrapping context 158*11fa71b9SJerome Forissier */ 159*11fa71b9SJerome Forissier int mbedtls_pk_setup_opaque( mbedtls_pk_context *ctx, const psa_key_handle_t key ) 160*11fa71b9SJerome Forissier { 161*11fa71b9SJerome Forissier const mbedtls_pk_info_t * const info = &mbedtls_pk_opaque_info; 162*11fa71b9SJerome Forissier psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 163*11fa71b9SJerome Forissier psa_key_handle_t *pk_ctx; 164*11fa71b9SJerome Forissier psa_key_type_t type; 165*11fa71b9SJerome Forissier 166*11fa71b9SJerome Forissier if( ctx == NULL || ctx->pk_info != NULL ) 167*11fa71b9SJerome Forissier return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 168*11fa71b9SJerome Forissier 169*11fa71b9SJerome Forissier if( PSA_SUCCESS != psa_get_key_attributes( key, &attributes ) ) 170*11fa71b9SJerome Forissier return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 171*11fa71b9SJerome Forissier type = psa_get_key_type( &attributes ); 172*11fa71b9SJerome Forissier psa_reset_key_attributes( &attributes ); 173*11fa71b9SJerome Forissier 174*11fa71b9SJerome Forissier /* Current implementation of can_do() relies on this. */ 175*11fa71b9SJerome Forissier if( ! PSA_KEY_TYPE_IS_ECC_KEY_PAIR( type ) ) 176*11fa71b9SJerome Forissier return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE) ; 177*11fa71b9SJerome Forissier 178*11fa71b9SJerome Forissier if( ( ctx->pk_ctx = info->ctx_alloc_func() ) == NULL ) 179*11fa71b9SJerome Forissier return( MBEDTLS_ERR_PK_ALLOC_FAILED ); 180*11fa71b9SJerome Forissier 181*11fa71b9SJerome Forissier ctx->pk_info = info; 182*11fa71b9SJerome Forissier 183*11fa71b9SJerome Forissier pk_ctx = (psa_key_handle_t *) ctx->pk_ctx; 184*11fa71b9SJerome Forissier *pk_ctx = key; 185*11fa71b9SJerome Forissier 186*11fa71b9SJerome Forissier return( 0 ); 187*11fa71b9SJerome Forissier } 188*11fa71b9SJerome Forissier #endif /* MBEDTLS_USE_PSA_CRYPTO */ 189*11fa71b9SJerome Forissier 190817466cbSJens Wiklander #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT) 191817466cbSJens Wiklander /* 192817466cbSJens Wiklander * Initialize an RSA-alt context 193817466cbSJens Wiklander */ 194817466cbSJens Wiklander int mbedtls_pk_setup_rsa_alt( mbedtls_pk_context *ctx, void * key, 195817466cbSJens Wiklander mbedtls_pk_rsa_alt_decrypt_func decrypt_func, 196817466cbSJens Wiklander mbedtls_pk_rsa_alt_sign_func sign_func, 197817466cbSJens Wiklander mbedtls_pk_rsa_alt_key_len_func key_len_func ) 198817466cbSJens Wiklander { 199817466cbSJens Wiklander mbedtls_rsa_alt_context *rsa_alt; 200817466cbSJens Wiklander const mbedtls_pk_info_t *info = &mbedtls_rsa_alt_info; 201817466cbSJens Wiklander 2023d3b0591SJens Wiklander PK_VALIDATE_RET( ctx != NULL ); 2033d3b0591SJens Wiklander if( ctx->pk_info != NULL ) 204817466cbSJens Wiklander return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 205817466cbSJens Wiklander 206817466cbSJens Wiklander if( ( ctx->pk_ctx = info->ctx_alloc_func() ) == NULL ) 207817466cbSJens Wiklander return( MBEDTLS_ERR_PK_ALLOC_FAILED ); 208817466cbSJens Wiklander 209817466cbSJens Wiklander ctx->pk_info = info; 210817466cbSJens Wiklander 211817466cbSJens Wiklander rsa_alt = (mbedtls_rsa_alt_context *) ctx->pk_ctx; 212817466cbSJens Wiklander 213817466cbSJens Wiklander rsa_alt->key = key; 214817466cbSJens Wiklander rsa_alt->decrypt_func = decrypt_func; 215817466cbSJens Wiklander rsa_alt->sign_func = sign_func; 216817466cbSJens Wiklander rsa_alt->key_len_func = key_len_func; 217817466cbSJens Wiklander 218817466cbSJens Wiklander return( 0 ); 219817466cbSJens Wiklander } 220817466cbSJens Wiklander #endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */ 221817466cbSJens Wiklander 222817466cbSJens Wiklander /* 223817466cbSJens Wiklander * Tell if a PK can do the operations of the given type 224817466cbSJens Wiklander */ 225817466cbSJens Wiklander int mbedtls_pk_can_do( const mbedtls_pk_context *ctx, mbedtls_pk_type_t type ) 226817466cbSJens Wiklander { 2273d3b0591SJens Wiklander /* A context with null pk_info is not set up yet and can't do anything. 2283d3b0591SJens Wiklander * For backward compatibility, also accept NULL instead of a context 2293d3b0591SJens Wiklander * pointer. */ 230817466cbSJens Wiklander if( ctx == NULL || ctx->pk_info == NULL ) 231817466cbSJens Wiklander return( 0 ); 232817466cbSJens Wiklander 233817466cbSJens Wiklander return( ctx->pk_info->can_do( type ) ); 234817466cbSJens Wiklander } 235817466cbSJens Wiklander 236817466cbSJens Wiklander /* 237817466cbSJens Wiklander * Helper for mbedtls_pk_sign and mbedtls_pk_verify 238817466cbSJens Wiklander */ 239817466cbSJens Wiklander static inline int pk_hashlen_helper( mbedtls_md_type_t md_alg, size_t *hash_len ) 240817466cbSJens Wiklander { 241817466cbSJens Wiklander const mbedtls_md_info_t *md_info; 242817466cbSJens Wiklander 243817466cbSJens Wiklander if( *hash_len != 0 ) 244817466cbSJens Wiklander return( 0 ); 245817466cbSJens Wiklander 246817466cbSJens Wiklander if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) == NULL ) 247817466cbSJens Wiklander return( -1 ); 248817466cbSJens Wiklander 249817466cbSJens Wiklander *hash_len = mbedtls_md_get_size( md_info ); 250817466cbSJens Wiklander return( 0 ); 251817466cbSJens Wiklander } 252817466cbSJens Wiklander 2533d3b0591SJens Wiklander #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 2543d3b0591SJens Wiklander /* 2553d3b0591SJens Wiklander * Helper to set up a restart context if needed 2563d3b0591SJens Wiklander */ 2573d3b0591SJens Wiklander static int pk_restart_setup( mbedtls_pk_restart_ctx *ctx, 2583d3b0591SJens Wiklander const mbedtls_pk_info_t *info ) 2593d3b0591SJens Wiklander { 2603d3b0591SJens Wiklander /* Don't do anything if already set up or invalid */ 2613d3b0591SJens Wiklander if( ctx == NULL || ctx->pk_info != NULL ) 2623d3b0591SJens Wiklander return( 0 ); 2633d3b0591SJens Wiklander 2643d3b0591SJens Wiklander /* Should never happen when we're called */ 2653d3b0591SJens Wiklander if( info->rs_alloc_func == NULL || info->rs_free_func == NULL ) 2663d3b0591SJens Wiklander return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 2673d3b0591SJens Wiklander 2683d3b0591SJens Wiklander if( ( ctx->rs_ctx = info->rs_alloc_func() ) == NULL ) 2693d3b0591SJens Wiklander return( MBEDTLS_ERR_PK_ALLOC_FAILED ); 2703d3b0591SJens Wiklander 2713d3b0591SJens Wiklander ctx->pk_info = info; 2723d3b0591SJens Wiklander 2733d3b0591SJens Wiklander return( 0 ); 2743d3b0591SJens Wiklander } 2753d3b0591SJens Wiklander #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ 2763d3b0591SJens Wiklander 2773d3b0591SJens Wiklander /* 2783d3b0591SJens Wiklander * Verify a signature (restartable) 2793d3b0591SJens Wiklander */ 2803d3b0591SJens Wiklander int mbedtls_pk_verify_restartable( mbedtls_pk_context *ctx, 2813d3b0591SJens Wiklander mbedtls_md_type_t md_alg, 2823d3b0591SJens Wiklander const unsigned char *hash, size_t hash_len, 2833d3b0591SJens Wiklander const unsigned char *sig, size_t sig_len, 2843d3b0591SJens Wiklander mbedtls_pk_restart_ctx *rs_ctx ) 2853d3b0591SJens Wiklander { 2863d3b0591SJens Wiklander PK_VALIDATE_RET( ctx != NULL ); 2873d3b0591SJens Wiklander PK_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hash_len == 0 ) || 2883d3b0591SJens Wiklander hash != NULL ); 2893d3b0591SJens Wiklander PK_VALIDATE_RET( sig != NULL ); 2903d3b0591SJens Wiklander 2913d3b0591SJens Wiklander if( ctx->pk_info == NULL || 2923d3b0591SJens Wiklander pk_hashlen_helper( md_alg, &hash_len ) != 0 ) 2933d3b0591SJens Wiklander return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 2943d3b0591SJens Wiklander 2953d3b0591SJens Wiklander #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 2963d3b0591SJens Wiklander /* optimization: use non-restartable version if restart disabled */ 2973d3b0591SJens Wiklander if( rs_ctx != NULL && 2983d3b0591SJens Wiklander mbedtls_ecp_restart_is_enabled() && 2993d3b0591SJens Wiklander ctx->pk_info->verify_rs_func != NULL ) 3003d3b0591SJens Wiklander { 301*11fa71b9SJerome Forissier int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 3023d3b0591SJens Wiklander 3033d3b0591SJens Wiklander if( ( ret = pk_restart_setup( rs_ctx, ctx->pk_info ) ) != 0 ) 3043d3b0591SJens Wiklander return( ret ); 3053d3b0591SJens Wiklander 3063d3b0591SJens Wiklander ret = ctx->pk_info->verify_rs_func( ctx->pk_ctx, 3073d3b0591SJens Wiklander md_alg, hash, hash_len, sig, sig_len, rs_ctx->rs_ctx ); 3083d3b0591SJens Wiklander 3093d3b0591SJens Wiklander if( ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) 3103d3b0591SJens Wiklander mbedtls_pk_restart_free( rs_ctx ); 3113d3b0591SJens Wiklander 3123d3b0591SJens Wiklander return( ret ); 3133d3b0591SJens Wiklander } 3143d3b0591SJens Wiklander #else /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ 3153d3b0591SJens Wiklander (void) rs_ctx; 3163d3b0591SJens Wiklander #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ 3173d3b0591SJens Wiklander 3183d3b0591SJens Wiklander if( ctx->pk_info->verify_func == NULL ) 3193d3b0591SJens Wiklander return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); 3203d3b0591SJens Wiklander 3213d3b0591SJens Wiklander return( ctx->pk_info->verify_func( ctx->pk_ctx, md_alg, hash, hash_len, 3223d3b0591SJens Wiklander sig, sig_len ) ); 3233d3b0591SJens Wiklander } 3243d3b0591SJens Wiklander 325817466cbSJens Wiklander /* 326817466cbSJens Wiklander * Verify a signature 327817466cbSJens Wiklander */ 328817466cbSJens Wiklander int mbedtls_pk_verify( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, 329817466cbSJens Wiklander const unsigned char *hash, size_t hash_len, 330817466cbSJens Wiklander const unsigned char *sig, size_t sig_len ) 331817466cbSJens Wiklander { 3323d3b0591SJens Wiklander return( mbedtls_pk_verify_restartable( ctx, md_alg, hash, hash_len, 3333d3b0591SJens Wiklander sig, sig_len, NULL ) ); 334817466cbSJens Wiklander } 335817466cbSJens Wiklander 336817466cbSJens Wiklander /* 337817466cbSJens Wiklander * Verify a signature with options 338817466cbSJens Wiklander */ 339817466cbSJens Wiklander int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options, 340817466cbSJens Wiklander mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, 341817466cbSJens Wiklander const unsigned char *hash, size_t hash_len, 342817466cbSJens Wiklander const unsigned char *sig, size_t sig_len ) 343817466cbSJens Wiklander { 3443d3b0591SJens Wiklander PK_VALIDATE_RET( ctx != NULL ); 3453d3b0591SJens Wiklander PK_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hash_len == 0 ) || 3463d3b0591SJens Wiklander hash != NULL ); 3473d3b0591SJens Wiklander PK_VALIDATE_RET( sig != NULL ); 3483d3b0591SJens Wiklander 3493d3b0591SJens Wiklander if( ctx->pk_info == NULL ) 350817466cbSJens Wiklander return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 351817466cbSJens Wiklander 352817466cbSJens Wiklander if( ! mbedtls_pk_can_do( ctx, type ) ) 353817466cbSJens Wiklander return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); 354817466cbSJens Wiklander 355817466cbSJens Wiklander if( type == MBEDTLS_PK_RSASSA_PSS ) 356817466cbSJens Wiklander { 357817466cbSJens Wiklander #if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PKCS1_V21) 358*11fa71b9SJerome Forissier int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 359817466cbSJens Wiklander const mbedtls_pk_rsassa_pss_options *pss_opts; 360817466cbSJens Wiklander 3613d3b0591SJens Wiklander #if SIZE_MAX > UINT_MAX 362817466cbSJens Wiklander if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len ) 363817466cbSJens Wiklander return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 3643d3b0591SJens Wiklander #endif /* SIZE_MAX > UINT_MAX */ 365817466cbSJens Wiklander 366817466cbSJens Wiklander if( options == NULL ) 367817466cbSJens Wiklander return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 368817466cbSJens Wiklander 369817466cbSJens Wiklander pss_opts = (const mbedtls_pk_rsassa_pss_options *) options; 370817466cbSJens Wiklander 371817466cbSJens Wiklander if( sig_len < mbedtls_pk_get_len( ctx ) ) 372817466cbSJens Wiklander return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); 373817466cbSJens Wiklander 374817466cbSJens Wiklander ret = mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_pk_rsa( *ctx ), 375817466cbSJens Wiklander NULL, NULL, MBEDTLS_RSA_PUBLIC, 376817466cbSJens Wiklander md_alg, (unsigned int) hash_len, hash, 377817466cbSJens Wiklander pss_opts->mgf1_hash_id, 378817466cbSJens Wiklander pss_opts->expected_salt_len, 379817466cbSJens Wiklander sig ); 380817466cbSJens Wiklander if( ret != 0 ) 381817466cbSJens Wiklander return( ret ); 382817466cbSJens Wiklander 383817466cbSJens Wiklander if( sig_len > mbedtls_pk_get_len( ctx ) ) 384817466cbSJens Wiklander return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH ); 385817466cbSJens Wiklander 386817466cbSJens Wiklander return( 0 ); 387817466cbSJens Wiklander #else 388817466cbSJens Wiklander return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); 389817466cbSJens Wiklander #endif /* MBEDTLS_RSA_C && MBEDTLS_PKCS1_V21 */ 390817466cbSJens Wiklander } 391817466cbSJens Wiklander 392817466cbSJens Wiklander /* General case: no options */ 393817466cbSJens Wiklander if( options != NULL ) 394817466cbSJens Wiklander return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 395817466cbSJens Wiklander 396817466cbSJens Wiklander return( mbedtls_pk_verify( ctx, md_alg, hash, hash_len, sig, sig_len ) ); 397817466cbSJens Wiklander } 398817466cbSJens Wiklander 399817466cbSJens Wiklander /* 4003d3b0591SJens Wiklander * Make a signature (restartable) 4013d3b0591SJens Wiklander */ 4023d3b0591SJens Wiklander int mbedtls_pk_sign_restartable( mbedtls_pk_context *ctx, 4033d3b0591SJens Wiklander mbedtls_md_type_t md_alg, 4043d3b0591SJens Wiklander const unsigned char *hash, size_t hash_len, 4053d3b0591SJens Wiklander unsigned char *sig, size_t *sig_len, 4063d3b0591SJens Wiklander int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, 4073d3b0591SJens Wiklander mbedtls_pk_restart_ctx *rs_ctx ) 4083d3b0591SJens Wiklander { 4093d3b0591SJens Wiklander PK_VALIDATE_RET( ctx != NULL ); 4103d3b0591SJens Wiklander PK_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hash_len == 0 ) || 4113d3b0591SJens Wiklander hash != NULL ); 4123d3b0591SJens Wiklander PK_VALIDATE_RET( sig != NULL ); 4133d3b0591SJens Wiklander 4143d3b0591SJens Wiklander if( ctx->pk_info == NULL || 4153d3b0591SJens Wiklander pk_hashlen_helper( md_alg, &hash_len ) != 0 ) 4163d3b0591SJens Wiklander return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 4173d3b0591SJens Wiklander 4183d3b0591SJens Wiklander #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 4193d3b0591SJens Wiklander /* optimization: use non-restartable version if restart disabled */ 4203d3b0591SJens Wiklander if( rs_ctx != NULL && 4213d3b0591SJens Wiklander mbedtls_ecp_restart_is_enabled() && 4223d3b0591SJens Wiklander ctx->pk_info->sign_rs_func != NULL ) 4233d3b0591SJens Wiklander { 424*11fa71b9SJerome Forissier int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 4253d3b0591SJens Wiklander 4263d3b0591SJens Wiklander if( ( ret = pk_restart_setup( rs_ctx, ctx->pk_info ) ) != 0 ) 4273d3b0591SJens Wiklander return( ret ); 4283d3b0591SJens Wiklander 4293d3b0591SJens Wiklander ret = ctx->pk_info->sign_rs_func( ctx->pk_ctx, md_alg, 4303d3b0591SJens Wiklander hash, hash_len, sig, sig_len, f_rng, p_rng, rs_ctx->rs_ctx ); 4313d3b0591SJens Wiklander 4323d3b0591SJens Wiklander if( ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) 4333d3b0591SJens Wiklander mbedtls_pk_restart_free( rs_ctx ); 4343d3b0591SJens Wiklander 4353d3b0591SJens Wiklander return( ret ); 4363d3b0591SJens Wiklander } 4373d3b0591SJens Wiklander #else /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ 4383d3b0591SJens Wiklander (void) rs_ctx; 4393d3b0591SJens Wiklander #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ 4403d3b0591SJens Wiklander 4413d3b0591SJens Wiklander if( ctx->pk_info->sign_func == NULL ) 4423d3b0591SJens Wiklander return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); 4433d3b0591SJens Wiklander 4443d3b0591SJens Wiklander return( ctx->pk_info->sign_func( ctx->pk_ctx, md_alg, hash, hash_len, 4453d3b0591SJens Wiklander sig, sig_len, f_rng, p_rng ) ); 4463d3b0591SJens Wiklander } 4473d3b0591SJens Wiklander 4483d3b0591SJens Wiklander /* 449817466cbSJens Wiklander * Make a signature 450817466cbSJens Wiklander */ 451817466cbSJens Wiklander int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, 452817466cbSJens Wiklander const unsigned char *hash, size_t hash_len, 453817466cbSJens Wiklander unsigned char *sig, size_t *sig_len, 454817466cbSJens Wiklander int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) 455817466cbSJens Wiklander { 4563d3b0591SJens Wiklander return( mbedtls_pk_sign_restartable( ctx, md_alg, hash, hash_len, 4573d3b0591SJens Wiklander sig, sig_len, f_rng, p_rng, NULL ) ); 458817466cbSJens Wiklander } 459817466cbSJens Wiklander 460817466cbSJens Wiklander /* 461817466cbSJens Wiklander * Decrypt message 462817466cbSJens Wiklander */ 463817466cbSJens Wiklander int mbedtls_pk_decrypt( mbedtls_pk_context *ctx, 464817466cbSJens Wiklander const unsigned char *input, size_t ilen, 465817466cbSJens Wiklander unsigned char *output, size_t *olen, size_t osize, 466817466cbSJens Wiklander int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) 467817466cbSJens Wiklander { 4683d3b0591SJens Wiklander PK_VALIDATE_RET( ctx != NULL ); 4693d3b0591SJens Wiklander PK_VALIDATE_RET( input != NULL || ilen == 0 ); 4703d3b0591SJens Wiklander PK_VALIDATE_RET( output != NULL || osize == 0 ); 4713d3b0591SJens Wiklander PK_VALIDATE_RET( olen != NULL ); 4723d3b0591SJens Wiklander 4733d3b0591SJens Wiklander if( ctx->pk_info == NULL ) 474817466cbSJens Wiklander return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 475817466cbSJens Wiklander 476817466cbSJens Wiklander if( ctx->pk_info->decrypt_func == NULL ) 477817466cbSJens Wiklander return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); 478817466cbSJens Wiklander 479817466cbSJens Wiklander return( ctx->pk_info->decrypt_func( ctx->pk_ctx, input, ilen, 480817466cbSJens Wiklander output, olen, osize, f_rng, p_rng ) ); 481817466cbSJens Wiklander } 482817466cbSJens Wiklander 483817466cbSJens Wiklander /* 484817466cbSJens Wiklander * Encrypt message 485817466cbSJens Wiklander */ 486817466cbSJens Wiklander int mbedtls_pk_encrypt( mbedtls_pk_context *ctx, 487817466cbSJens Wiklander const unsigned char *input, size_t ilen, 488817466cbSJens Wiklander unsigned char *output, size_t *olen, size_t osize, 489817466cbSJens Wiklander int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) 490817466cbSJens Wiklander { 4913d3b0591SJens Wiklander PK_VALIDATE_RET( ctx != NULL ); 4923d3b0591SJens Wiklander PK_VALIDATE_RET( input != NULL || ilen == 0 ); 4933d3b0591SJens Wiklander PK_VALIDATE_RET( output != NULL || osize == 0 ); 4943d3b0591SJens Wiklander PK_VALIDATE_RET( olen != NULL ); 4953d3b0591SJens Wiklander 4963d3b0591SJens Wiklander if( ctx->pk_info == NULL ) 497817466cbSJens Wiklander return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 498817466cbSJens Wiklander 499817466cbSJens Wiklander if( ctx->pk_info->encrypt_func == NULL ) 500817466cbSJens Wiklander return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); 501817466cbSJens Wiklander 502817466cbSJens Wiklander return( ctx->pk_info->encrypt_func( ctx->pk_ctx, input, ilen, 503817466cbSJens Wiklander output, olen, osize, f_rng, p_rng ) ); 504817466cbSJens Wiklander } 505817466cbSJens Wiklander 506817466cbSJens Wiklander /* 507817466cbSJens Wiklander * Check public-private key pair 508817466cbSJens Wiklander */ 509817466cbSJens Wiklander int mbedtls_pk_check_pair( const mbedtls_pk_context *pub, const mbedtls_pk_context *prv ) 510817466cbSJens Wiklander { 5113d3b0591SJens Wiklander PK_VALIDATE_RET( pub != NULL ); 5123d3b0591SJens Wiklander PK_VALIDATE_RET( prv != NULL ); 5133d3b0591SJens Wiklander 5143d3b0591SJens Wiklander if( pub->pk_info == NULL || 515*11fa71b9SJerome Forissier prv->pk_info == NULL ) 516817466cbSJens Wiklander { 517817466cbSJens Wiklander return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 518817466cbSJens Wiklander } 519817466cbSJens Wiklander 520*11fa71b9SJerome Forissier if( prv->pk_info->check_pair_func == NULL ) 521*11fa71b9SJerome Forissier return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); 522*11fa71b9SJerome Forissier 523817466cbSJens Wiklander if( prv->pk_info->type == MBEDTLS_PK_RSA_ALT ) 524817466cbSJens Wiklander { 525817466cbSJens Wiklander if( pub->pk_info->type != MBEDTLS_PK_RSA ) 526817466cbSJens Wiklander return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); 527817466cbSJens Wiklander } 528817466cbSJens Wiklander else 529817466cbSJens Wiklander { 530817466cbSJens Wiklander if( pub->pk_info != prv->pk_info ) 531817466cbSJens Wiklander return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); 532817466cbSJens Wiklander } 533817466cbSJens Wiklander 534817466cbSJens Wiklander return( prv->pk_info->check_pair_func( pub->pk_ctx, prv->pk_ctx ) ); 535817466cbSJens Wiklander } 536817466cbSJens Wiklander 537817466cbSJens Wiklander /* 538817466cbSJens Wiklander * Get key size in bits 539817466cbSJens Wiklander */ 540817466cbSJens Wiklander size_t mbedtls_pk_get_bitlen( const mbedtls_pk_context *ctx ) 541817466cbSJens Wiklander { 5423d3b0591SJens Wiklander /* For backward compatibility, accept NULL or a context that 5433d3b0591SJens Wiklander * isn't set up yet, and return a fake value that should be safe. */ 544817466cbSJens Wiklander if( ctx == NULL || ctx->pk_info == NULL ) 545817466cbSJens Wiklander return( 0 ); 546817466cbSJens Wiklander 547817466cbSJens Wiklander return( ctx->pk_info->get_bitlen( ctx->pk_ctx ) ); 548817466cbSJens Wiklander } 549817466cbSJens Wiklander 550817466cbSJens Wiklander /* 551817466cbSJens Wiklander * Export debug information 552817466cbSJens Wiklander */ 553817466cbSJens Wiklander int mbedtls_pk_debug( const mbedtls_pk_context *ctx, mbedtls_pk_debug_item *items ) 554817466cbSJens Wiklander { 5553d3b0591SJens Wiklander PK_VALIDATE_RET( ctx != NULL ); 5563d3b0591SJens Wiklander if( ctx->pk_info == NULL ) 557817466cbSJens Wiklander return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 558817466cbSJens Wiklander 559817466cbSJens Wiklander if( ctx->pk_info->debug_func == NULL ) 560817466cbSJens Wiklander return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); 561817466cbSJens Wiklander 562817466cbSJens Wiklander ctx->pk_info->debug_func( ctx->pk_ctx, items ); 563817466cbSJens Wiklander return( 0 ); 564817466cbSJens Wiklander } 565817466cbSJens Wiklander 566817466cbSJens Wiklander /* 567817466cbSJens Wiklander * Access the PK type name 568817466cbSJens Wiklander */ 569817466cbSJens Wiklander const char *mbedtls_pk_get_name( const mbedtls_pk_context *ctx ) 570817466cbSJens Wiklander { 571817466cbSJens Wiklander if( ctx == NULL || ctx->pk_info == NULL ) 572817466cbSJens Wiklander return( "invalid PK" ); 573817466cbSJens Wiklander 574817466cbSJens Wiklander return( ctx->pk_info->name ); 575817466cbSJens Wiklander } 576817466cbSJens Wiklander 577817466cbSJens Wiklander /* 578817466cbSJens Wiklander * Access the PK type 579817466cbSJens Wiklander */ 580817466cbSJens Wiklander mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx ) 581817466cbSJens Wiklander { 582817466cbSJens Wiklander if( ctx == NULL || ctx->pk_info == NULL ) 583817466cbSJens Wiklander return( MBEDTLS_PK_NONE ); 584817466cbSJens Wiklander 585817466cbSJens Wiklander return( ctx->pk_info->type ); 586817466cbSJens Wiklander } 587817466cbSJens Wiklander 588*11fa71b9SJerome Forissier #if defined(MBEDTLS_USE_PSA_CRYPTO) 589*11fa71b9SJerome Forissier /* 590*11fa71b9SJerome Forissier * Load the key to a PSA key slot, 591*11fa71b9SJerome Forissier * then turn the PK context into a wrapper for that key slot. 592*11fa71b9SJerome Forissier * 593*11fa71b9SJerome Forissier * Currently only works for EC private keys. 594*11fa71b9SJerome Forissier */ 595*11fa71b9SJerome Forissier int mbedtls_pk_wrap_as_opaque( mbedtls_pk_context *pk, 596*11fa71b9SJerome Forissier psa_key_handle_t *handle, 597*11fa71b9SJerome Forissier psa_algorithm_t hash_alg ) 598*11fa71b9SJerome Forissier { 599*11fa71b9SJerome Forissier #if !defined(MBEDTLS_ECP_C) 600*11fa71b9SJerome Forissier return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); 601*11fa71b9SJerome Forissier #else 602*11fa71b9SJerome Forissier const mbedtls_ecp_keypair *ec; 603*11fa71b9SJerome Forissier unsigned char d[MBEDTLS_ECP_MAX_BYTES]; 604*11fa71b9SJerome Forissier size_t d_len; 605*11fa71b9SJerome Forissier psa_ecc_curve_t curve_id; 606*11fa71b9SJerome Forissier psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 607*11fa71b9SJerome Forissier psa_key_type_t key_type; 608*11fa71b9SJerome Forissier size_t bits; 609*11fa71b9SJerome Forissier int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 610*11fa71b9SJerome Forissier 611*11fa71b9SJerome Forissier /* export the private key material in the format PSA wants */ 612*11fa71b9SJerome Forissier if( mbedtls_pk_get_type( pk ) != MBEDTLS_PK_ECKEY ) 613*11fa71b9SJerome Forissier return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); 614*11fa71b9SJerome Forissier 615*11fa71b9SJerome Forissier ec = mbedtls_pk_ec( *pk ); 616*11fa71b9SJerome Forissier d_len = ( ec->grp.nbits + 7 ) / 8; 617*11fa71b9SJerome Forissier if( ( ret = mbedtls_mpi_write_binary( &ec->d, d, d_len ) ) != 0 ) 618*11fa71b9SJerome Forissier return( ret ); 619*11fa71b9SJerome Forissier 620*11fa71b9SJerome Forissier curve_id = mbedtls_ecc_group_to_psa( ec->grp.id, &bits ); 621*11fa71b9SJerome Forissier key_type = PSA_KEY_TYPE_ECC_KEY_PAIR( curve_id ); 622*11fa71b9SJerome Forissier 623*11fa71b9SJerome Forissier /* prepare the key attributes */ 624*11fa71b9SJerome Forissier psa_set_key_type( &attributes, key_type ); 625*11fa71b9SJerome Forissier psa_set_key_bits( &attributes, bits ); 626*11fa71b9SJerome Forissier psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH ); 627*11fa71b9SJerome Forissier psa_set_key_algorithm( &attributes, PSA_ALG_ECDSA(hash_alg) ); 628*11fa71b9SJerome Forissier 629*11fa71b9SJerome Forissier /* import private key into PSA */ 630*11fa71b9SJerome Forissier if( PSA_SUCCESS != psa_import_key( &attributes, d, d_len, handle ) ) 631*11fa71b9SJerome Forissier return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED ); 632*11fa71b9SJerome Forissier 633*11fa71b9SJerome Forissier /* make PK context wrap the key slot */ 634*11fa71b9SJerome Forissier mbedtls_pk_free( pk ); 635*11fa71b9SJerome Forissier mbedtls_pk_init( pk ); 636*11fa71b9SJerome Forissier 637*11fa71b9SJerome Forissier return( mbedtls_pk_setup_opaque( pk, *handle ) ); 638*11fa71b9SJerome Forissier #endif /* MBEDTLS_ECP_C */ 639*11fa71b9SJerome Forissier } 640*11fa71b9SJerome Forissier #endif /* MBEDTLS_USE_PSA_CRYPTO */ 641817466cbSJens Wiklander #endif /* MBEDTLS_PK_C */ 642