xref: /optee_os/lib/libmbedtls/mbedtls/library/pk.c (revision 817466cb476de705a8e3dabe1ef165fe27a18c2f) 
1 /*
2  *  Public Key abstraction layer
3  *
4  *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
5  *  SPDX-License-Identifier: Apache-2.0
6  *
7  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
8  *  not use this file except in compliance with the License.
9  *  You may obtain a copy of the License at
10  *
11  *  http://www.apache.org/licenses/LICENSE-2.0
12  *
13  *  Unless required by applicable law or agreed to in writing, software
14  *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15  *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  *  See the License for the specific language governing permissions and
17  *  limitations under the License.
18  *
19  *  This file is part of mbed TLS (https://tls.mbed.org)
20  */
21 
22 #if !defined(MBEDTLS_CONFIG_FILE)
23 #include "mbedtls/config.h"
24 #else
25 #include MBEDTLS_CONFIG_FILE
26 #endif
27 
28 #if defined(MBEDTLS_PK_C)
29 #include "mbedtls/pk.h"
30 #include "mbedtls/pk_internal.h"
31 
32 #include "mbedtls/bignum.h"
33 
34 #if defined(MBEDTLS_RSA_C)
35 #include "mbedtls/rsa.h"
36 #endif
37 #if defined(MBEDTLS_ECP_C)
38 #include "mbedtls/ecp.h"
39 #endif
40 #if defined(MBEDTLS_ECDSA_C)
41 #include "mbedtls/ecdsa.h"
42 #endif
43 
44 #include <limits.h>
45 
46 /* Implementation that should never be optimized out by the compiler */
47 static void mbedtls_zeroize( void *v, size_t n ) {
48     volatile unsigned char *p = v; while( n-- ) *p++ = 0;
49 }
50 
51 /*
52  * Initialise a mbedtls_pk_context
53  */
54 void mbedtls_pk_init( mbedtls_pk_context *ctx )
55 {
56     if( ctx == NULL )
57         return;
58 
59     ctx->pk_info = NULL;
60     ctx->pk_ctx = NULL;
61 }
62 
63 /*
64  * Free (the components of) a mbedtls_pk_context
65  */
66 void mbedtls_pk_free( mbedtls_pk_context *ctx )
67 {
68     if( ctx == NULL || ctx->pk_info == NULL )
69         return;
70 
71     ctx->pk_info->ctx_free_func( ctx->pk_ctx );
72 
73     mbedtls_zeroize( ctx, sizeof( mbedtls_pk_context ) );
74 }
75 
76 /*
77  * Get pk_info structure from type
78  */
79 const mbedtls_pk_info_t * mbedtls_pk_info_from_type( mbedtls_pk_type_t pk_type )
80 {
81     switch( pk_type ) {
82 #if defined(MBEDTLS_RSA_C)
83         case MBEDTLS_PK_RSA:
84             return( &mbedtls_rsa_info );
85 #endif
86 #if defined(MBEDTLS_ECP_C)
87         case MBEDTLS_PK_ECKEY:
88             return( &mbedtls_eckey_info );
89         case MBEDTLS_PK_ECKEY_DH:
90             return( &mbedtls_eckeydh_info );
91 #endif
92 #if defined(MBEDTLS_ECDSA_C)
93         case MBEDTLS_PK_ECDSA:
94             return( &mbedtls_ecdsa_info );
95 #endif
96         /* MBEDTLS_PK_RSA_ALT omitted on purpose */
97         default:
98             return( NULL );
99     }
100 }
101 
102 /*
103  * Initialise context
104  */
105 int mbedtls_pk_setup( mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info )
106 {
107     if( ctx == NULL || info == NULL || ctx->pk_info != NULL )
108         return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
109 
110     if( ( ctx->pk_ctx = info->ctx_alloc_func() ) == NULL )
111         return( MBEDTLS_ERR_PK_ALLOC_FAILED );
112 
113     ctx->pk_info = info;
114 
115     return( 0 );
116 }
117 
118 #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
119 /*
120  * Initialize an RSA-alt context
121  */
122 int mbedtls_pk_setup_rsa_alt( mbedtls_pk_context *ctx, void * key,
123                          mbedtls_pk_rsa_alt_decrypt_func decrypt_func,
124                          mbedtls_pk_rsa_alt_sign_func sign_func,
125                          mbedtls_pk_rsa_alt_key_len_func key_len_func )
126 {
127     mbedtls_rsa_alt_context *rsa_alt;
128     const mbedtls_pk_info_t *info = &mbedtls_rsa_alt_info;
129 
130     if( ctx == NULL || ctx->pk_info != NULL )
131         return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
132 
133     if( ( ctx->pk_ctx = info->ctx_alloc_func() ) == NULL )
134         return( MBEDTLS_ERR_PK_ALLOC_FAILED );
135 
136     ctx->pk_info = info;
137 
138     rsa_alt = (mbedtls_rsa_alt_context *) ctx->pk_ctx;
139 
140     rsa_alt->key = key;
141     rsa_alt->decrypt_func = decrypt_func;
142     rsa_alt->sign_func = sign_func;
143     rsa_alt->key_len_func = key_len_func;
144 
145     return( 0 );
146 }
147 #endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
148 
149 /*
150  * Tell if a PK can do the operations of the given type
151  */
152 int mbedtls_pk_can_do( const mbedtls_pk_context *ctx, mbedtls_pk_type_t type )
153 {
154     /* null or NONE context can't do anything */
155     if( ctx == NULL || ctx->pk_info == NULL )
156         return( 0 );
157 
158     return( ctx->pk_info->can_do( type ) );
159 }
160 
161 /*
162  * Helper for mbedtls_pk_sign and mbedtls_pk_verify
163  */
164 static inline int pk_hashlen_helper( mbedtls_md_type_t md_alg, size_t *hash_len )
165 {
166     const mbedtls_md_info_t *md_info;
167 
168     if( *hash_len != 0 )
169         return( 0 );
170 
171     if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) == NULL )
172         return( -1 );
173 
174     *hash_len = mbedtls_md_get_size( md_info );
175     return( 0 );
176 }
177 
178 /*
179  * Verify a signature
180  */
181 int mbedtls_pk_verify( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
182                const unsigned char *hash, size_t hash_len,
183                const unsigned char *sig, size_t sig_len )
184 {
185     if( ctx == NULL || ctx->pk_info == NULL ||
186         pk_hashlen_helper( md_alg, &hash_len ) != 0 )
187         return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
188 
189     if( ctx->pk_info->verify_func == NULL )
190         return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
191 
192     return( ctx->pk_info->verify_func( ctx->pk_ctx, md_alg, hash, hash_len,
193                                        sig, sig_len ) );
194 }
195 
196 /*
197  * Verify a signature with options
198  */
199 int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options,
200                    mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
201                    const unsigned char *hash, size_t hash_len,
202                    const unsigned char *sig, size_t sig_len )
203 {
204     if( ctx == NULL || ctx->pk_info == NULL )
205         return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
206 
207     if( ! mbedtls_pk_can_do( ctx, type ) )
208         return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
209 
210     if( type == MBEDTLS_PK_RSASSA_PSS )
211     {
212 #if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PKCS1_V21)
213         int ret;
214         const mbedtls_pk_rsassa_pss_options *pss_opts;
215 
216 #if defined(MBEDTLS_HAVE_INT64)
217         if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len )
218             return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
219 #endif /* MBEDTLS_HAVE_INT64 */
220 
221         if( options == NULL )
222             return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
223 
224         pss_opts = (const mbedtls_pk_rsassa_pss_options *) options;
225 
226         if( sig_len < mbedtls_pk_get_len( ctx ) )
227             return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
228 
229         ret = mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_pk_rsa( *ctx ),
230                 NULL, NULL, MBEDTLS_RSA_PUBLIC,
231                 md_alg, (unsigned int) hash_len, hash,
232                 pss_opts->mgf1_hash_id,
233                 pss_opts->expected_salt_len,
234                 sig );
235         if( ret != 0 )
236             return( ret );
237 
238         if( sig_len > mbedtls_pk_get_len( ctx ) )
239             return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );
240 
241         return( 0 );
242 #else
243         return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
244 #endif /* MBEDTLS_RSA_C && MBEDTLS_PKCS1_V21 */
245     }
246 
247     /* General case: no options */
248     if( options != NULL )
249         return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
250 
251     return( mbedtls_pk_verify( ctx, md_alg, hash, hash_len, sig, sig_len ) );
252 }
253 
254 /*
255  * Make a signature
256  */
257 int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
258              const unsigned char *hash, size_t hash_len,
259              unsigned char *sig, size_t *sig_len,
260              int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
261 {
262     if( ctx == NULL || ctx->pk_info == NULL ||
263         pk_hashlen_helper( md_alg, &hash_len ) != 0 )
264         return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
265 
266     if( ctx->pk_info->sign_func == NULL )
267         return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
268 
269     return( ctx->pk_info->sign_func( ctx->pk_ctx, md_alg, hash, hash_len,
270                                      sig, sig_len, f_rng, p_rng ) );
271 }
272 
273 /*
274  * Decrypt message
275  */
276 int mbedtls_pk_decrypt( mbedtls_pk_context *ctx,
277                 const unsigned char *input, size_t ilen,
278                 unsigned char *output, size_t *olen, size_t osize,
279                 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
280 {
281     if( ctx == NULL || ctx->pk_info == NULL )
282         return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
283 
284     if( ctx->pk_info->decrypt_func == NULL )
285         return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
286 
287     return( ctx->pk_info->decrypt_func( ctx->pk_ctx, input, ilen,
288                 output, olen, osize, f_rng, p_rng ) );
289 }
290 
291 /*
292  * Encrypt message
293  */
294 int mbedtls_pk_encrypt( mbedtls_pk_context *ctx,
295                 const unsigned char *input, size_t ilen,
296                 unsigned char *output, size_t *olen, size_t osize,
297                 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
298 {
299     if( ctx == NULL || ctx->pk_info == NULL )
300         return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
301 
302     if( ctx->pk_info->encrypt_func == NULL )
303         return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
304 
305     return( ctx->pk_info->encrypt_func( ctx->pk_ctx, input, ilen,
306                 output, olen, osize, f_rng, p_rng ) );
307 }
308 
309 /*
310  * Check public-private key pair
311  */
312 int mbedtls_pk_check_pair( const mbedtls_pk_context *pub, const mbedtls_pk_context *prv )
313 {
314     if( pub == NULL || pub->pk_info == NULL ||
315         prv == NULL || prv->pk_info == NULL ||
316         prv->pk_info->check_pair_func == NULL )
317     {
318         return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
319     }
320 
321     if( prv->pk_info->type == MBEDTLS_PK_RSA_ALT )
322     {
323         if( pub->pk_info->type != MBEDTLS_PK_RSA )
324             return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
325     }
326     else
327     {
328         if( pub->pk_info != prv->pk_info )
329             return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
330     }
331 
332     return( prv->pk_info->check_pair_func( pub->pk_ctx, prv->pk_ctx ) );
333 }
334 
335 /*
336  * Get key size in bits
337  */
338 size_t mbedtls_pk_get_bitlen( const mbedtls_pk_context *ctx )
339 {
340     if( ctx == NULL || ctx->pk_info == NULL )
341         return( 0 );
342 
343     return( ctx->pk_info->get_bitlen( ctx->pk_ctx ) );
344 }
345 
346 /*
347  * Export debug information
348  */
349 int mbedtls_pk_debug( const mbedtls_pk_context *ctx, mbedtls_pk_debug_item *items )
350 {
351     if( ctx == NULL || ctx->pk_info == NULL )
352         return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
353 
354     if( ctx->pk_info->debug_func == NULL )
355         return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
356 
357     ctx->pk_info->debug_func( ctx->pk_ctx, items );
358     return( 0 );
359 }
360 
361 /*
362  * Access the PK type name
363  */
364 const char *mbedtls_pk_get_name( const mbedtls_pk_context *ctx )
365 {
366     if( ctx == NULL || ctx->pk_info == NULL )
367         return( "invalid PK" );
368 
369     return( ctx->pk_info->name );
370 }
371 
372 /*
373  * Access the PK type
374  */
375 mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx )
376 {
377     if( ctx == NULL || ctx->pk_info == NULL )
378         return( MBEDTLS_PK_NONE );
379 
380     return( ctx->pk_info->type );
381 }
382 
383 #endif /* MBEDTLS_PK_C */
384