This Trac instance is not used for development anymore!

We migrated our development workflow to git and Gitea.
To test the future redirection, replace trac by ariadne in the page URL.

source: ps/trunk/build/premake/premake5/contrib/mbedtls/library/pk.c

Last change on this file was 20366, checked in by Itms, 7 years ago

Alpha 12 version of Premake 5, including prebuilt binary for Windows.
Directly taken from https://premake.github.io/.

Refs #3729.
File size: 10.1 KB
Line 
1/*
2 * Public Key abstraction layer
3 *
4 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
5 * SPDX-License-Identifier: Apache-2.0
6 *
7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
8 * not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 *
19 * This file is part of mbed TLS (https://tls.mbed.org)
20 */
21
22#if !defined(MBEDTLS_CONFIG_FILE)
23#include "mbedtls/config.h"
24#else
25#include MBEDTLS_CONFIG_FILE
26#endif
27
28#if defined(MBEDTLS_PK_C)
29#include "mbedtls/pk.h"
30#include "mbedtls/pk_internal.h"
31
32#if defined(MBEDTLS_RSA_C)
33#include "mbedtls/rsa.h"
34#endif
35#if defined(MBEDTLS_ECP_C)
36#include "mbedtls/ecp.h"
37#endif
38#if defined(MBEDTLS_ECDSA_C)
39#include "mbedtls/ecdsa.h"
40#endif
41
42/* Implementation that should never be optimized out by the compiler */
43static void mbedtls_zeroize( void *v, size_t n ) {
44 volatile unsigned char *p = v; while( n-- ) *p++ = 0;
45}
46
47/*
48 * Initialise a mbedtls_pk_context
49 */
50void mbedtls_pk_init( mbedtls_pk_context *ctx )
51{
52 if( ctx == NULL )
53 return;
54
55 ctx->pk_info = NULL;
56 ctx->pk_ctx = NULL;
57}
58
59/*
60 * Free (the components of) a mbedtls_pk_context
61 */
62void mbedtls_pk_free( mbedtls_pk_context *ctx )
63{
64 if( ctx == NULL || ctx->pk_info == NULL )
65 return;
66
67 ctx->pk_info->ctx_free_func( ctx->pk_ctx );
68
69 mbedtls_zeroize( ctx, sizeof( mbedtls_pk_context ) );
70}
71
72/*
73 * Get pk_info structure from type
74 */
75const mbedtls_pk_info_t * mbedtls_pk_info_from_type( mbedtls_pk_type_t pk_type )
76{
77 switch( pk_type ) {
78#if defined(MBEDTLS_RSA_C)
79 case MBEDTLS_PK_RSA:
80 return( &mbedtls_rsa_info );
81#endif
82#if defined(MBEDTLS_ECP_C)
83 case MBEDTLS_PK_ECKEY:
84 return( &mbedtls_eckey_info );
85 case MBEDTLS_PK_ECKEY_DH:
86 return( &mbedtls_eckeydh_info );
87#endif
88#if defined(MBEDTLS_ECDSA_C)
89 case MBEDTLS_PK_ECDSA:
90 return( &mbedtls_ecdsa_info );
91#endif
92 /* MBEDTLS_PK_RSA_ALT omitted on purpose */
93 default:
94 return( NULL );
95 }
96}
97
98/*
99 * Initialise context
100 */
101int mbedtls_pk_setup( mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info )
102{
103 if( ctx == NULL || info == NULL || ctx->pk_info != NULL )
104 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
105
106 if( ( ctx->pk_ctx = info->ctx_alloc_func() ) == NULL )
107 return( MBEDTLS_ERR_PK_ALLOC_FAILED );
108
109 ctx->pk_info = info;
110
111 return( 0 );
112}
113
114#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
115/*
116 * Initialize an RSA-alt context
117 */
118int mbedtls_pk_setup_rsa_alt( mbedtls_pk_context *ctx, void * key,
119 mbedtls_pk_rsa_alt_decrypt_func decrypt_func,
120 mbedtls_pk_rsa_alt_sign_func sign_func,
121 mbedtls_pk_rsa_alt_key_len_func key_len_func )
122{
123 mbedtls_rsa_alt_context *rsa_alt;
124 const mbedtls_pk_info_t *info = &mbedtls_rsa_alt_info;
125
126 if( ctx == NULL || ctx->pk_info != NULL )
127 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
128
129 if( ( ctx->pk_ctx = info->ctx_alloc_func() ) == NULL )
130 return( MBEDTLS_ERR_PK_ALLOC_FAILED );
131
132 ctx->pk_info = info;
133
134 rsa_alt = (mbedtls_rsa_alt_context *) ctx->pk_ctx;
135
136 rsa_alt->key = key;
137 rsa_alt->decrypt_func = decrypt_func;
138 rsa_alt->sign_func = sign_func;
139 rsa_alt->key_len_func = key_len_func;
140
141 return( 0 );
142}
143#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
144
145/*
146 * Tell if a PK can do the operations of the given type
147 */
148int mbedtls_pk_can_do( const mbedtls_pk_context *ctx, mbedtls_pk_type_t type )
149{
150 /* null or NONE context can't do anything */
151 if( ctx == NULL || ctx->pk_info == NULL )
152 return( 0 );
153
154 return( ctx->pk_info->can_do( type ) );
155}
156
157/*
158 * Helper for mbedtls_pk_sign and mbedtls_pk_verify
159 */
160static inline int pk_hashlen_helper( mbedtls_md_type_t md_alg, size_t *hash_len )
161{
162 const mbedtls_md_info_t *md_info;
163
164 if( *hash_len != 0 )
165 return( 0 );
166
167 if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) == NULL )
168 return( -1 );
169
170 *hash_len = mbedtls_md_get_size( md_info );
171 return( 0 );
172}
173
174/*
175 * Verify a signature
176 */
177int mbedtls_pk_verify( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
178 const unsigned char *hash, size_t hash_len,
179 const unsigned char *sig, size_t sig_len )
180{
181 if( ctx == NULL || ctx->pk_info == NULL ||
182 pk_hashlen_helper( md_alg, &hash_len ) != 0 )
183 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
184
185 if( ctx->pk_info->verify_func == NULL )
186 return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
187
188 return( ctx->pk_info->verify_func( ctx->pk_ctx, md_alg, hash, hash_len,
189 sig, sig_len ) );
190}
191
192/*
193 * Verify a signature with options
194 */
195int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options,
196 mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
197 const unsigned char *hash, size_t hash_len,
198 const unsigned char *sig, size_t sig_len )
199{
200 if( ctx == NULL || ctx->pk_info == NULL )
201 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
202
203 if( ! mbedtls_pk_can_do( ctx, type ) )
204 return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
205
206 if( type == MBEDTLS_PK_RSASSA_PSS )
207 {
208#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PKCS1_V21)
209 int ret;
210 const mbedtls_pk_rsassa_pss_options *pss_opts;
211
212 if( options == NULL )
213 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
214
215 pss_opts = (const mbedtls_pk_rsassa_pss_options *) options;
216
217 if( sig_len < mbedtls_pk_get_len( ctx ) )
218 return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
219
220 ret = mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_pk_rsa( *ctx ),
221 NULL, NULL, MBEDTLS_RSA_PUBLIC,
222 md_alg, (unsigned int) hash_len, hash,
223 pss_opts->mgf1_hash_id,
224 pss_opts->expected_salt_len,
225 sig );
226 if( ret != 0 )
227 return( ret );
228
229 if( sig_len > mbedtls_pk_get_len( ctx ) )
230 return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );
231
232 return( 0 );
233#else
234 return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
235#endif
236 }
237
238 /* General case: no options */
239 if( options != NULL )
240 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
241
242 return( mbedtls_pk_verify( ctx, md_alg, hash, hash_len, sig, sig_len ) );
243}
244
245/*
246 * Make a signature
247 */
248int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
249 const unsigned char *hash, size_t hash_len,
250 unsigned char *sig, size_t *sig_len,
251 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
252{
253 if( ctx == NULL || ctx->pk_info == NULL ||
254 pk_hashlen_helper( md_alg, &hash_len ) != 0 )
255 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
256
257 if( ctx->pk_info->sign_func == NULL )
258 return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
259
260 return( ctx->pk_info->sign_func( ctx->pk_ctx, md_alg, hash, hash_len,
261 sig, sig_len, f_rng, p_rng ) );
262}
263
264/*
265 * Decrypt message
266 */
267int mbedtls_pk_decrypt( mbedtls_pk_context *ctx,
268 const unsigned char *input, size_t ilen,
269 unsigned char *output, size_t *olen, size_t osize,
270 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
271{
272 if( ctx == NULL || ctx->pk_info == NULL )
273 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
274
275 if( ctx->pk_info->decrypt_func == NULL )
276 return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
277
278 return( ctx->pk_info->decrypt_func( ctx->pk_ctx, input, ilen,
279 output, olen, osize, f_rng, p_rng ) );
280}
281
282/*
283 * Encrypt message
284 */
285int mbedtls_pk_encrypt( mbedtls_pk_context *ctx,
286 const unsigned char *input, size_t ilen,
287 unsigned char *output, size_t *olen, size_t osize,
288 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
289{
290 if( ctx == NULL || ctx->pk_info == NULL )
291 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
292
293 if( ctx->pk_info->encrypt_func == NULL )
294 return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
295
296 return( ctx->pk_info->encrypt_func( ctx->pk_ctx, input, ilen,
297 output, olen, osize, f_rng, p_rng ) );
298}
299
300/*
301 * Check public-private key pair
302 */
303int mbedtls_pk_check_pair( const mbedtls_pk_context *pub, const mbedtls_pk_context *prv )
304{
305 if( pub == NULL || pub->pk_info == NULL ||
306 prv == NULL || prv->pk_info == NULL ||
307 prv->pk_info->check_pair_func == NULL )
308 {
309 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
310 }
311
312 if( prv->pk_info->type == MBEDTLS_PK_RSA_ALT )
313 {
314 if( pub->pk_info->type != MBEDTLS_PK_RSA )
315 return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
316 }
317 else
318 {
319 if( pub->pk_info != prv->pk_info )
320 return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
321 }
322
323 return( prv->pk_info->check_pair_func( pub->pk_ctx, prv->pk_ctx ) );
324}
325
326/*
327 * Get key size in bits
328 */
329size_t mbedtls_pk_get_bitlen( const mbedtls_pk_context *ctx )
330{
331 if( ctx == NULL || ctx->pk_info == NULL )
332 return( 0 );
333
334 return( ctx->pk_info->get_bitlen( ctx->pk_ctx ) );
335}
336
337/*
338 * Export debug information
339 */
340int mbedtls_pk_debug( const mbedtls_pk_context *ctx, mbedtls_pk_debug_item *items )
341{
342 if( ctx == NULL || ctx->pk_info == NULL )
343 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
344
345 if( ctx->pk_info->debug_func == NULL )
346 return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
347
348 ctx->pk_info->debug_func( ctx->pk_ctx, items );
349 return( 0 );
350}
351
352/*
353 * Access the PK type name
354 */
355const char *mbedtls_pk_get_name( const mbedtls_pk_context *ctx )
356{
357 if( ctx == NULL || ctx->pk_info == NULL )
358 return( "invalid PK" );
359
360 return( ctx->pk_info->name );
361}
362
363/*
364 * Access the PK type
365 */
366mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx )
367{
368 if( ctx == NULL || ctx->pk_info == NULL )
369 return( MBEDTLS_PK_NONE );
370
371 return( ctx->pk_info->type );
372}
373
374#endif /* MBEDTLS_PK_C */
Note: See TracBrowser for help on using the repository browser.