1 // SPDX-License-Identifier: Apache-2.0 2 /* 3 * Public Key abstraction layer: wrapper functions 4 * 5 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 6 * 7 * Licensed under the Apache License, Version 2.0 (the "License"); you may 8 * not use this file except in compliance with the License. 9 * You may obtain a copy of the License at 10 * 11 * http://www.apache.org/licenses/LICENSE-2.0 12 * 13 * Unless required by applicable law or agreed to in writing, software 14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 * See the License for the specific language governing permissions and 17 * limitations under the License. 18 * 19 * This file is part of mbed TLS (https://tls.mbed.org) 20 */ 21 22 #if !defined(MBEDTLS_CONFIG_FILE) 23 #include "mbedtls/config.h" 24 #else 25 #include MBEDTLS_CONFIG_FILE 26 #endif 27 28 #if defined(MBEDTLS_PK_C) 29 #include "mbedtls/pk_internal.h" 30 31 /* Even if RSA not activated, for the sake of RSA-alt */ 32 #include "mbedtls/rsa.h" 33 34 #include <string.h> 35 36 #if defined(MBEDTLS_ECP_C) 37 #include "mbedtls/ecp.h" 38 #endif 39 40 #if defined(MBEDTLS_ECDSA_C) 41 #include "mbedtls/ecdsa.h" 42 #endif 43 44 #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT) 45 #include "mbedtls/platform_util.h" 46 #endif 47 48 #if defined(MBEDTLS_PLATFORM_C) 49 #include "mbedtls/platform.h" 50 #else 51 #include <stdlib.h> 52 #define mbedtls_calloc calloc 53 #define mbedtls_free free 54 #endif 55 56 #include <limits.h> 57 #include <stdint.h> 58 59 #if defined(MBEDTLS_RSA_C) 60 static int rsa_can_do( mbedtls_pk_type_t type ) 61 { 62 return( type == MBEDTLS_PK_RSA || 63 type == MBEDTLS_PK_RSASSA_PSS ); 64 } 65 66 static size_t rsa_get_bitlen( const void *ctx ) 67 { 68 const mbedtls_rsa_context * rsa = (const mbedtls_rsa_context *) ctx; 69 return( 8 * mbedtls_rsa_get_len( rsa ) ); 70 } 71 72 static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, 73 const unsigned char *hash, size_t hash_len, 74 const unsigned char *sig, size_t sig_len ) 75 { 76 int ret; 77 mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx; 78 size_t rsa_len = mbedtls_rsa_get_len( rsa ); 79 80 #if SIZE_MAX > UINT_MAX 81 if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len ) 82 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 83 #endif /* SIZE_MAX > UINT_MAX */ 84 85 if( sig_len < rsa_len ) 86 return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); 87 88 if( ( ret = mbedtls_rsa_pkcs1_verify( rsa, NULL, NULL, 89 MBEDTLS_RSA_PUBLIC, md_alg, 90 (unsigned int) hash_len, hash, sig ) ) != 0 ) 91 return( ret ); 92 93 /* The buffer contains a valid signature followed by extra data. 94 * We have a special error code for that so that so that callers can 95 * use mbedtls_pk_verify() to check "Does the buffer start with a 96 * valid signature?" and not just "Does the buffer contain a valid 97 * signature?". */ 98 if( sig_len > rsa_len ) 99 return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH ); 100 101 return( 0 ); 102 } 103 104 static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, 105 const unsigned char *hash, size_t hash_len, 106 unsigned char *sig, size_t *sig_len, 107 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) 108 { 109 mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx; 110 111 #if SIZE_MAX > UINT_MAX 112 if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len ) 113 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 114 #endif /* SIZE_MAX > UINT_MAX */ 115 116 *sig_len = mbedtls_rsa_get_len( rsa ); 117 118 return( mbedtls_rsa_pkcs1_sign( rsa, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, 119 md_alg, (unsigned int) hash_len, hash, sig ) ); 120 } 121 122 static int rsa_decrypt_wrap( void *ctx, 123 const unsigned char *input, size_t ilen, 124 unsigned char *output, size_t *olen, size_t osize, 125 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) 126 { 127 mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx; 128 129 if( ilen != mbedtls_rsa_get_len( rsa ) ) 130 return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); 131 132 return( mbedtls_rsa_pkcs1_decrypt( rsa, f_rng, p_rng, 133 MBEDTLS_RSA_PRIVATE, olen, input, output, osize ) ); 134 } 135 136 static int rsa_encrypt_wrap( void *ctx, 137 const unsigned char *input, size_t ilen, 138 unsigned char *output, size_t *olen, size_t osize, 139 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) 140 { 141 mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx; 142 *olen = mbedtls_rsa_get_len( rsa ); 143 144 if( *olen > osize ) 145 return( MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE ); 146 147 return( mbedtls_rsa_pkcs1_encrypt( rsa, f_rng, p_rng, MBEDTLS_RSA_PUBLIC, 148 ilen, input, output ) ); 149 } 150 151 static int rsa_check_pair_wrap( const void *pub, const void *prv ) 152 { 153 return( mbedtls_rsa_check_pub_priv( (const mbedtls_rsa_context *) pub, 154 (const mbedtls_rsa_context *) prv ) ); 155 } 156 157 static void *rsa_alloc_wrap( void ) 158 { 159 void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_rsa_context ) ); 160 161 if( ctx != NULL ) 162 mbedtls_rsa_init( (mbedtls_rsa_context *) ctx, 0, 0 ); 163 164 return( ctx ); 165 } 166 167 static void rsa_free_wrap( void *ctx ) 168 { 169 mbedtls_rsa_free( (mbedtls_rsa_context *) ctx ); 170 mbedtls_free( ctx ); 171 } 172 173 static void rsa_debug( const void *ctx, mbedtls_pk_debug_item *items ) 174 { 175 items->type = MBEDTLS_PK_DEBUG_MPI; 176 items->name = "rsa.N"; 177 items->value = &( ((mbedtls_rsa_context *) ctx)->N ); 178 179 items++; 180 181 items->type = MBEDTLS_PK_DEBUG_MPI; 182 items->name = "rsa.E"; 183 items->value = &( ((mbedtls_rsa_context *) ctx)->E ); 184 } 185 186 const mbedtls_pk_info_t mbedtls_rsa_info = { 187 MBEDTLS_PK_RSA, 188 "RSA", 189 rsa_get_bitlen, 190 rsa_can_do, 191 rsa_verify_wrap, 192 rsa_sign_wrap, 193 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 194 NULL, 195 NULL, 196 #endif 197 rsa_decrypt_wrap, 198 rsa_encrypt_wrap, 199 rsa_check_pair_wrap, 200 rsa_alloc_wrap, 201 rsa_free_wrap, 202 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 203 NULL, 204 NULL, 205 #endif 206 rsa_debug, 207 }; 208 #endif /* MBEDTLS_RSA_C */ 209 210 #if defined(MBEDTLS_ECP_C) 211 /* 212 * Generic EC key 213 */ 214 static int eckey_can_do( mbedtls_pk_type_t type ) 215 { 216 return( type == MBEDTLS_PK_ECKEY || 217 type == MBEDTLS_PK_ECKEY_DH || 218 type == MBEDTLS_PK_ECDSA ); 219 } 220 221 static size_t eckey_get_bitlen( const void *ctx ) 222 { 223 return( ((mbedtls_ecp_keypair *) ctx)->grp.pbits ); 224 } 225 226 #if defined(MBEDTLS_ECDSA_C) 227 /* Forward declarations */ 228 static int ecdsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, 229 const unsigned char *hash, size_t hash_len, 230 const unsigned char *sig, size_t sig_len ); 231 232 static int ecdsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, 233 const unsigned char *hash, size_t hash_len, 234 unsigned char *sig, size_t *sig_len, 235 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); 236 237 static int eckey_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, 238 const unsigned char *hash, size_t hash_len, 239 const unsigned char *sig, size_t sig_len ) 240 { 241 int ret; 242 mbedtls_ecdsa_context ecdsa; 243 244 mbedtls_ecdsa_init( &ecdsa ); 245 246 if( ( ret = mbedtls_ecdsa_from_keypair( &ecdsa, ctx ) ) == 0 ) 247 ret = ecdsa_verify_wrap( &ecdsa, md_alg, hash, hash_len, sig, sig_len ); 248 249 mbedtls_ecdsa_free( &ecdsa ); 250 251 return( ret ); 252 } 253 254 static int eckey_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, 255 const unsigned char *hash, size_t hash_len, 256 unsigned char *sig, size_t *sig_len, 257 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) 258 { 259 int ret; 260 mbedtls_ecdsa_context ecdsa; 261 262 mbedtls_ecdsa_init( &ecdsa ); 263 264 if( ( ret = mbedtls_ecdsa_from_keypair( &ecdsa, ctx ) ) == 0 ) 265 ret = ecdsa_sign_wrap( &ecdsa, md_alg, hash, hash_len, sig, sig_len, 266 f_rng, p_rng ); 267 268 mbedtls_ecdsa_free( &ecdsa ); 269 270 return( ret ); 271 } 272 273 #if defined(MBEDTLS_ECP_RESTARTABLE) 274 /* Forward declarations */ 275 static int ecdsa_verify_rs_wrap( void *ctx, mbedtls_md_type_t md_alg, 276 const unsigned char *hash, size_t hash_len, 277 const unsigned char *sig, size_t sig_len, 278 void *rs_ctx ); 279 280 static int ecdsa_sign_rs_wrap( void *ctx, mbedtls_md_type_t md_alg, 281 const unsigned char *hash, size_t hash_len, 282 unsigned char *sig, size_t *sig_len, 283 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, 284 void *rs_ctx ); 285 286 /* 287 * Restart context for ECDSA operations with ECKEY context 288 * 289 * We need to store an actual ECDSA context, as we need to pass the same to 290 * the underlying ecdsa function, so we can't create it on the fly every time. 291 */ 292 typedef struct 293 { 294 mbedtls_ecdsa_restart_ctx ecdsa_rs; 295 mbedtls_ecdsa_context ecdsa_ctx; 296 } eckey_restart_ctx; 297 298 static void *eckey_rs_alloc( void ) 299 { 300 eckey_restart_ctx *rs_ctx; 301 302 void *ctx = mbedtls_calloc( 1, sizeof( eckey_restart_ctx ) ); 303 304 if( ctx != NULL ) 305 { 306 rs_ctx = ctx; 307 mbedtls_ecdsa_restart_init( &rs_ctx->ecdsa_rs ); 308 mbedtls_ecdsa_init( &rs_ctx->ecdsa_ctx ); 309 } 310 311 return( ctx ); 312 } 313 314 static void eckey_rs_free( void *ctx ) 315 { 316 eckey_restart_ctx *rs_ctx; 317 318 if( ctx == NULL) 319 return; 320 321 rs_ctx = ctx; 322 mbedtls_ecdsa_restart_free( &rs_ctx->ecdsa_rs ); 323 mbedtls_ecdsa_free( &rs_ctx->ecdsa_ctx ); 324 325 mbedtls_free( ctx ); 326 } 327 328 static int eckey_verify_rs_wrap( void *ctx, mbedtls_md_type_t md_alg, 329 const unsigned char *hash, size_t hash_len, 330 const unsigned char *sig, size_t sig_len, 331 void *rs_ctx ) 332 { 333 int ret; 334 eckey_restart_ctx *rs = rs_ctx; 335 336 /* Should never happen */ 337 if( rs == NULL ) 338 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 339 340 /* set up our own sub-context if needed (that is, on first run) */ 341 if( rs->ecdsa_ctx.grp.pbits == 0 ) 342 MBEDTLS_MPI_CHK( mbedtls_ecdsa_from_keypair( &rs->ecdsa_ctx, ctx ) ); 343 344 MBEDTLS_MPI_CHK( ecdsa_verify_rs_wrap( &rs->ecdsa_ctx, 345 md_alg, hash, hash_len, 346 sig, sig_len, &rs->ecdsa_rs ) ); 347 348 cleanup: 349 return( ret ); 350 } 351 352 static int eckey_sign_rs_wrap( void *ctx, mbedtls_md_type_t md_alg, 353 const unsigned char *hash, size_t hash_len, 354 unsigned char *sig, size_t *sig_len, 355 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, 356 void *rs_ctx ) 357 { 358 int ret; 359 eckey_restart_ctx *rs = rs_ctx; 360 361 /* Should never happen */ 362 if( rs == NULL ) 363 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 364 365 /* set up our own sub-context if needed (that is, on first run) */ 366 if( rs->ecdsa_ctx.grp.pbits == 0 ) 367 MBEDTLS_MPI_CHK( mbedtls_ecdsa_from_keypair( &rs->ecdsa_ctx, ctx ) ); 368 369 MBEDTLS_MPI_CHK( ecdsa_sign_rs_wrap( &rs->ecdsa_ctx, md_alg, 370 hash, hash_len, sig, sig_len, 371 f_rng, p_rng, &rs->ecdsa_rs ) ); 372 373 cleanup: 374 return( ret ); 375 } 376 #endif /* MBEDTLS_ECP_RESTARTABLE */ 377 #endif /* MBEDTLS_ECDSA_C */ 378 379 static int eckey_check_pair( const void *pub, const void *prv ) 380 { 381 return( mbedtls_ecp_check_pub_priv( (const mbedtls_ecp_keypair *) pub, 382 (const mbedtls_ecp_keypair *) prv ) ); 383 } 384 385 static void *eckey_alloc_wrap( void ) 386 { 387 void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ecp_keypair ) ); 388 389 if( ctx != NULL ) 390 mbedtls_ecp_keypair_init( ctx ); 391 392 return( ctx ); 393 } 394 395 static void eckey_free_wrap( void *ctx ) 396 { 397 mbedtls_ecp_keypair_free( (mbedtls_ecp_keypair *) ctx ); 398 mbedtls_free( ctx ); 399 } 400 401 static void eckey_debug( const void *ctx, mbedtls_pk_debug_item *items ) 402 { 403 items->type = MBEDTLS_PK_DEBUG_ECP; 404 items->name = "eckey.Q"; 405 items->value = &( ((mbedtls_ecp_keypair *) ctx)->Q ); 406 } 407 408 const mbedtls_pk_info_t mbedtls_eckey_info = { 409 MBEDTLS_PK_ECKEY, 410 "EC", 411 eckey_get_bitlen, 412 eckey_can_do, 413 #if defined(MBEDTLS_ECDSA_C) 414 eckey_verify_wrap, 415 eckey_sign_wrap, 416 #if defined(MBEDTLS_ECP_RESTARTABLE) 417 eckey_verify_rs_wrap, 418 eckey_sign_rs_wrap, 419 #endif 420 #else /* MBEDTLS_ECDSA_C */ 421 NULL, 422 NULL, 423 #endif /* MBEDTLS_ECDSA_C */ 424 NULL, 425 NULL, 426 eckey_check_pair, 427 eckey_alloc_wrap, 428 eckey_free_wrap, 429 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 430 eckey_rs_alloc, 431 eckey_rs_free, 432 #endif 433 eckey_debug, 434 }; 435 436 /* 437 * EC key restricted to ECDH 438 */ 439 static int eckeydh_can_do( mbedtls_pk_type_t type ) 440 { 441 return( type == MBEDTLS_PK_ECKEY || 442 type == MBEDTLS_PK_ECKEY_DH ); 443 } 444 445 const mbedtls_pk_info_t mbedtls_eckeydh_info = { 446 MBEDTLS_PK_ECKEY_DH, 447 "EC_DH", 448 eckey_get_bitlen, /* Same underlying key structure */ 449 eckeydh_can_do, 450 NULL, 451 NULL, 452 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 453 NULL, 454 NULL, 455 #endif 456 NULL, 457 NULL, 458 eckey_check_pair, 459 eckey_alloc_wrap, /* Same underlying key structure */ 460 eckey_free_wrap, /* Same underlying key structure */ 461 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 462 NULL, 463 NULL, 464 #endif 465 eckey_debug, /* Same underlying key structure */ 466 }; 467 #endif /* MBEDTLS_ECP_C */ 468 469 #if defined(MBEDTLS_ECDSA_C) 470 static int ecdsa_can_do( mbedtls_pk_type_t type ) 471 { 472 return( type == MBEDTLS_PK_ECDSA ); 473 } 474 475 static int ecdsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, 476 const unsigned char *hash, size_t hash_len, 477 const unsigned char *sig, size_t sig_len ) 478 { 479 int ret; 480 ((void) md_alg); 481 482 ret = mbedtls_ecdsa_read_signature( (mbedtls_ecdsa_context *) ctx, 483 hash, hash_len, sig, sig_len ); 484 485 if( ret == MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH ) 486 return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH ); 487 488 return( ret ); 489 } 490 491 static int ecdsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, 492 const unsigned char *hash, size_t hash_len, 493 unsigned char *sig, size_t *sig_len, 494 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) 495 { 496 return( mbedtls_ecdsa_write_signature( (mbedtls_ecdsa_context *) ctx, 497 md_alg, hash, hash_len, sig, sig_len, f_rng, p_rng ) ); 498 } 499 500 #if defined(MBEDTLS_ECP_RESTARTABLE) 501 static int ecdsa_verify_rs_wrap( void *ctx, mbedtls_md_type_t md_alg, 502 const unsigned char *hash, size_t hash_len, 503 const unsigned char *sig, size_t sig_len, 504 void *rs_ctx ) 505 { 506 int ret; 507 ((void) md_alg); 508 509 ret = mbedtls_ecdsa_read_signature_restartable( 510 (mbedtls_ecdsa_context *) ctx, 511 hash, hash_len, sig, sig_len, 512 (mbedtls_ecdsa_restart_ctx *) rs_ctx ); 513 514 if( ret == MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH ) 515 return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH ); 516 517 return( ret ); 518 } 519 520 static int ecdsa_sign_rs_wrap( void *ctx, mbedtls_md_type_t md_alg, 521 const unsigned char *hash, size_t hash_len, 522 unsigned char *sig, size_t *sig_len, 523 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, 524 void *rs_ctx ) 525 { 526 return( mbedtls_ecdsa_write_signature_restartable( 527 (mbedtls_ecdsa_context *) ctx, 528 md_alg, hash, hash_len, sig, sig_len, f_rng, p_rng, 529 (mbedtls_ecdsa_restart_ctx *) rs_ctx ) ); 530 531 } 532 #endif /* MBEDTLS_ECP_RESTARTABLE */ 533 534 static void *ecdsa_alloc_wrap( void ) 535 { 536 void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ecdsa_context ) ); 537 538 if( ctx != NULL ) 539 mbedtls_ecdsa_init( (mbedtls_ecdsa_context *) ctx ); 540 541 return( ctx ); 542 } 543 544 static void ecdsa_free_wrap( void *ctx ) 545 { 546 mbedtls_ecdsa_free( (mbedtls_ecdsa_context *) ctx ); 547 mbedtls_free( ctx ); 548 } 549 550 #if defined(MBEDTLS_ECP_RESTARTABLE) 551 static void *ecdsa_rs_alloc( void ) 552 { 553 void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ecdsa_restart_ctx ) ); 554 555 if( ctx != NULL ) 556 mbedtls_ecdsa_restart_init( ctx ); 557 558 return( ctx ); 559 } 560 561 static void ecdsa_rs_free( void *ctx ) 562 { 563 mbedtls_ecdsa_restart_free( ctx ); 564 mbedtls_free( ctx ); 565 } 566 #endif /* MBEDTLS_ECP_RESTARTABLE */ 567 568 const mbedtls_pk_info_t mbedtls_ecdsa_info = { 569 MBEDTLS_PK_ECDSA, 570 "ECDSA", 571 eckey_get_bitlen, /* Compatible key structures */ 572 ecdsa_can_do, 573 ecdsa_verify_wrap, 574 ecdsa_sign_wrap, 575 #if defined(MBEDTLS_ECP_RESTARTABLE) 576 ecdsa_verify_rs_wrap, 577 ecdsa_sign_rs_wrap, 578 #endif 579 NULL, 580 NULL, 581 eckey_check_pair, /* Compatible key structures */ 582 ecdsa_alloc_wrap, 583 ecdsa_free_wrap, 584 #if defined(MBEDTLS_ECP_RESTARTABLE) 585 ecdsa_rs_alloc, 586 ecdsa_rs_free, 587 #endif 588 eckey_debug, /* Compatible key structures */ 589 }; 590 #endif /* MBEDTLS_ECDSA_C */ 591 592 #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT) 593 /* 594 * Support for alternative RSA-private implementations 595 */ 596 597 static int rsa_alt_can_do( mbedtls_pk_type_t type ) 598 { 599 return( type == MBEDTLS_PK_RSA ); 600 } 601 602 static size_t rsa_alt_get_bitlen( const void *ctx ) 603 { 604 const mbedtls_rsa_alt_context *rsa_alt = (const mbedtls_rsa_alt_context *) ctx; 605 606 return( 8 * rsa_alt->key_len_func( rsa_alt->key ) ); 607 } 608 609 static int rsa_alt_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, 610 const unsigned char *hash, size_t hash_len, 611 unsigned char *sig, size_t *sig_len, 612 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) 613 { 614 mbedtls_rsa_alt_context *rsa_alt = (mbedtls_rsa_alt_context *) ctx; 615 616 #if SIZE_MAX > UINT_MAX 617 if( UINT_MAX < hash_len ) 618 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); 619 #endif /* SIZE_MAX > UINT_MAX */ 620 621 *sig_len = rsa_alt->key_len_func( rsa_alt->key ); 622 623 return( rsa_alt->sign_func( rsa_alt->key, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, 624 md_alg, (unsigned int) hash_len, hash, sig ) ); 625 } 626 627 static int rsa_alt_decrypt_wrap( void *ctx, 628 const unsigned char *input, size_t ilen, 629 unsigned char *output, size_t *olen, size_t osize, 630 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) 631 { 632 mbedtls_rsa_alt_context *rsa_alt = (mbedtls_rsa_alt_context *) ctx; 633 634 ((void) f_rng); 635 ((void) p_rng); 636 637 if( ilen != rsa_alt->key_len_func( rsa_alt->key ) ) 638 return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); 639 640 return( rsa_alt->decrypt_func( rsa_alt->key, 641 MBEDTLS_RSA_PRIVATE, olen, input, output, osize ) ); 642 } 643 644 #if defined(MBEDTLS_RSA_C) 645 static int rsa_alt_check_pair( const void *pub, const void *prv ) 646 { 647 unsigned char sig[MBEDTLS_MPI_MAX_SIZE]; 648 unsigned char hash[32]; 649 size_t sig_len = 0; 650 int ret; 651 652 if( rsa_alt_get_bitlen( prv ) != rsa_get_bitlen( pub ) ) 653 return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); 654 655 memset( hash, 0x2a, sizeof( hash ) ); 656 657 if( ( ret = rsa_alt_sign_wrap( (void *) prv, MBEDTLS_MD_NONE, 658 hash, sizeof( hash ), 659 sig, &sig_len, NULL, NULL ) ) != 0 ) 660 { 661 return( ret ); 662 } 663 664 if( rsa_verify_wrap( (void *) pub, MBEDTLS_MD_NONE, 665 hash, sizeof( hash ), sig, sig_len ) != 0 ) 666 { 667 return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); 668 } 669 670 return( 0 ); 671 } 672 #endif /* MBEDTLS_RSA_C */ 673 674 static void *rsa_alt_alloc_wrap( void ) 675 { 676 void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_rsa_alt_context ) ); 677 678 if( ctx != NULL ) 679 memset( ctx, 0, sizeof( mbedtls_rsa_alt_context ) ); 680 681 return( ctx ); 682 } 683 684 static void rsa_alt_free_wrap( void *ctx ) 685 { 686 mbedtls_platform_zeroize( ctx, sizeof( mbedtls_rsa_alt_context ) ); 687 mbedtls_free( ctx ); 688 } 689 690 const mbedtls_pk_info_t mbedtls_rsa_alt_info = { 691 MBEDTLS_PK_RSA_ALT, 692 "RSA-alt", 693 rsa_alt_get_bitlen, 694 rsa_alt_can_do, 695 NULL, 696 rsa_alt_sign_wrap, 697 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 698 NULL, 699 NULL, 700 #endif 701 rsa_alt_decrypt_wrap, 702 NULL, 703 #if defined(MBEDTLS_RSA_C) 704 rsa_alt_check_pair, 705 #else 706 NULL, 707 #endif 708 rsa_alt_alloc_wrap, 709 rsa_alt_free_wrap, 710 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 711 NULL, 712 NULL, 713 #endif 714 NULL, 715 }; 716 717 #endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */ 718 719 #endif /* MBEDTLS_PK_C */ 720