2013-07-04 13:31:32 +02:00
|
|
|
/*
|
|
|
|
* Public Key abstraction layer
|
|
|
|
*
|
2020-08-07 13:07:28 +02:00
|
|
|
* Copyright The Mbed TLS Contributors
|
2015-09-04 14:21:07 +02:00
|
|
|
* SPDX-License-Identifier: Apache-2.0
|
2013-07-04 13:31:32 +02:00
|
|
|
*
|
2015-09-04 14:21:07 +02:00
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
|
|
* not use this file except in compliance with the License.
|
|
|
|
* You may obtain a copy of the License at
|
2013-07-04 13:31:32 +02:00
|
|
|
*
|
2015-09-04 14:21:07 +02:00
|
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
2013-07-04 13:31:32 +02:00
|
|
|
*
|
2015-09-04 14:21:07 +02:00
|
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
|
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
|
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
* See the License for the specific language governing permissions and
|
|
|
|
* limitations under the License.
|
2013-07-04 13:31:32 +02:00
|
|
|
*/
|
|
|
|
|
2020-06-03 01:43:33 +02:00
|
|
|
#include "common.h"
|
2013-07-04 13:31:32 +02:00
|
|
|
|
2015-04-08 12:49:31 +02:00
|
|
|
#if defined(MBEDTLS_PK_C)
|
2015-03-09 18:05:11 +01:00
|
|
|
#include "mbedtls/pk.h"
|
2021-03-09 18:03:29 +01:00
|
|
|
#include "pk_wrap.h"
|
2022-03-15 15:00:55 +01:00
|
|
|
#include "pkwrite.h"
|
2023-05-15 12:57:06 +02:00
|
|
|
#include "pk_internal.h"
|
2013-07-09 10:35:54 +02:00
|
|
|
|
2022-07-18 13:00:40 +02:00
|
|
|
#include "hash_info.h"
|
2022-07-05 11:55:20 +02:00
|
|
|
|
2018-04-17 16:51:09 +02:00
|
|
|
#include "mbedtls/platform_util.h"
|
2019-11-22 14:21:35 +01:00
|
|
|
#include "mbedtls/error.h"
|
2017-01-19 12:24:33 +01:00
|
|
|
|
2015-04-08 12:49:31 +02:00
|
|
|
#if defined(MBEDTLS_RSA_C)
|
2015-03-09 18:05:11 +01:00
|
|
|
#include "mbedtls/rsa.h"
|
2013-07-09 10:35:54 +02:00
|
|
|
#endif
|
2023-04-05 18:17:13 +02:00
|
|
|
#if defined(MBEDTLS_ECP_LIGHT)
|
2015-03-09 18:05:11 +01:00
|
|
|
#include "mbedtls/ecp.h"
|
2013-07-09 10:35:54 +02:00
|
|
|
#endif
|
2015-04-08 12:49:31 +02:00
|
|
|
#if defined(MBEDTLS_ECDSA_C)
|
2015-03-09 18:05:11 +01:00
|
|
|
#include "mbedtls/ecdsa.h"
|
2013-07-10 12:29:57 +02:00
|
|
|
#endif
|
2013-07-04 13:31:32 +02:00
|
|
|
|
2022-03-16 03:30:41 +01:00
|
|
|
#if defined(MBEDTLS_PSA_CRYPTO_C)
|
2018-11-19 12:25:37 +01:00
|
|
|
#include "mbedtls/psa_util.h"
|
|
|
|
#endif
|
|
|
|
|
2017-01-19 12:24:33 +01:00
|
|
|
#include <limits.h>
|
2017-08-04 14:32:15 +02:00
|
|
|
#include <stdint.h>
|
2014-06-13 17:20:13 +02:00
|
|
|
|
2013-07-04 13:31:32 +02:00
|
|
|
/*
|
2015-04-08 12:49:31 +02:00
|
|
|
* Initialise a mbedtls_pk_context
|
2013-07-04 13:31:32 +02:00
|
|
|
*/
|
2023-01-11 14:50:10 +01:00
|
|
|
void mbedtls_pk_init(mbedtls_pk_context *ctx)
|
2013-07-04 13:31:32 +02:00
|
|
|
{
|
2013-08-14 18:26:41 +02:00
|
|
|
ctx->pk_info = NULL;
|
|
|
|
ctx->pk_ctx = NULL;
|
2023-04-28 15:24:32 +02:00
|
|
|
#if defined(MBEDTLS_PSA_CRYPTO_C)
|
2023-05-02 14:15:59 +02:00
|
|
|
ctx->priv_id = MBEDTLS_SVC_KEY_ID_INIT;
|
2023-04-28 15:24:32 +02:00
|
|
|
#endif /* MBEDTLS_PSA_CRYPTO_C */
|
2023-05-17 15:31:21 +02:00
|
|
|
#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
|
|
|
|
memset(ctx->pub_raw, 0, sizeof(ctx->pub_raw));
|
|
|
|
ctx->pub_raw_len = 0;
|
|
|
|
ctx->ec_family = 0;
|
|
|
|
ctx->ec_bits = 0;
|
|
|
|
#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
|
2013-07-04 13:31:32 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
2015-04-08 12:49:31 +02:00
|
|
|
* Free (the components of) a mbedtls_pk_context
|
2013-07-04 13:31:32 +02:00
|
|
|
*/
|
2023-01-11 14:50:10 +01:00
|
|
|
void mbedtls_pk_free(mbedtls_pk_context *ctx)
|
2013-07-04 13:31:32 +02:00
|
|
|
{
|
2023-01-11 14:50:10 +01:00
|
|
|
if (ctx == NULL) {
|
2013-07-04 13:31:32 +02:00
|
|
|
return;
|
2023-01-11 14:50:10 +01:00
|
|
|
}
|
2013-07-04 13:31:32 +02:00
|
|
|
|
2023-04-28 15:24:32 +02:00
|
|
|
if ((ctx->pk_info != NULL) && (ctx->pk_info->ctx_free_func != NULL)) {
|
2023-01-11 14:50:10 +01:00
|
|
|
ctx->pk_info->ctx_free_func(ctx->pk_ctx);
|
|
|
|
}
|
2013-08-14 15:00:27 +02:00
|
|
|
|
2023-05-18 18:51:58 +02:00
|
|
|
#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
|
|
|
|
/* The ownership of the priv_id key for opaque keys is external of the PK
|
|
|
|
* module. It's the user responsibility to clear it after use. */
|
|
|
|
if ((ctx->pk_info != NULL) && (ctx->pk_info->type != MBEDTLS_PK_OPAQUE)) {
|
|
|
|
psa_destroy_key(ctx->priv_id);
|
|
|
|
}
|
|
|
|
#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
|
|
|
|
|
2023-01-11 14:50:10 +01:00
|
|
|
mbedtls_platform_zeroize(ctx, sizeof(mbedtls_pk_context));
|
2013-08-14 15:00:27 +02:00
|
|
|
}
|
|
|
|
|
2017-08-18 17:30:37 +02:00
|
|
|
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
|
2017-08-17 14:33:31 +02:00
|
|
|
/*
|
|
|
|
* Initialize a restart context
|
|
|
|
*/
|
2023-01-11 14:50:10 +01:00
|
|
|
void mbedtls_pk_restart_init(mbedtls_pk_restart_ctx *ctx)
|
2017-08-17 14:33:31 +02:00
|
|
|
{
|
2017-08-18 16:22:06 +02:00
|
|
|
ctx->pk_info = NULL;
|
|
|
|
ctx->rs_ctx = NULL;
|
2017-08-17 14:33:31 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Free the components of a restart context
|
|
|
|
*/
|
2023-01-11 14:50:10 +01:00
|
|
|
void mbedtls_pk_restart_free(mbedtls_pk_restart_ctx *ctx)
|
2017-08-17 14:33:31 +02:00
|
|
|
{
|
2023-01-11 14:50:10 +01:00
|
|
|
if (ctx == NULL || ctx->pk_info == NULL ||
|
|
|
|
ctx->pk_info->rs_free_func == NULL) {
|
2017-08-17 14:33:31 +02:00
|
|
|
return;
|
2017-08-18 16:22:06 +02:00
|
|
|
}
|
2017-08-17 14:33:31 +02:00
|
|
|
|
2023-01-11 14:50:10 +01:00
|
|
|
ctx->pk_info->rs_free_func(ctx->rs_ctx);
|
2017-08-18 16:22:06 +02:00
|
|
|
|
|
|
|
ctx->pk_info = NULL;
|
|
|
|
ctx->rs_ctx = NULL;
|
2017-08-17 14:33:31 +02:00
|
|
|
}
|
2017-08-18 17:30:37 +02:00
|
|
|
#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
|
2017-08-17 14:33:31 +02:00
|
|
|
|
2013-08-14 15:00:27 +02:00
|
|
|
/*
|
|
|
|
* Get pk_info structure from type
|
|
|
|
*/
|
2023-01-11 14:50:10 +01:00
|
|
|
const mbedtls_pk_info_t *mbedtls_pk_info_from_type(mbedtls_pk_type_t pk_type)
|
2013-08-14 15:00:27 +02:00
|
|
|
{
|
2023-01-11 14:50:10 +01:00
|
|
|
switch (pk_type) {
|
2015-04-08 12:49:31 +02:00
|
|
|
#if defined(MBEDTLS_RSA_C)
|
|
|
|
case MBEDTLS_PK_RSA:
|
2023-01-11 14:50:10 +01:00
|
|
|
return &mbedtls_rsa_info;
|
2023-04-05 18:17:13 +02:00
|
|
|
#endif /* MBEDTLS_RSA_C */
|
|
|
|
#if defined(MBEDTLS_ECP_LIGHT)
|
2015-04-08 12:49:31 +02:00
|
|
|
case MBEDTLS_PK_ECKEY:
|
2023-01-11 14:50:10 +01:00
|
|
|
return &mbedtls_eckey_info;
|
2015-04-08 12:49:31 +02:00
|
|
|
case MBEDTLS_PK_ECKEY_DH:
|
2023-01-11 14:50:10 +01:00
|
|
|
return &mbedtls_eckeydh_info;
|
2023-04-05 18:17:13 +02:00
|
|
|
#endif /* MBEDTLS_ECP_LIGHT */
|
2023-01-27 13:22:42 +01:00
|
|
|
#if defined(MBEDTLS_PK_CAN_ECDSA_SOME)
|
2015-04-08 12:49:31 +02:00
|
|
|
case MBEDTLS_PK_ECDSA:
|
2023-01-11 14:50:10 +01:00
|
|
|
return &mbedtls_ecdsa_info;
|
2023-04-05 18:17:13 +02:00
|
|
|
#endif /* MBEDTLS_PK_CAN_ECDSA_SOME */
|
2015-04-08 12:49:31 +02:00
|
|
|
/* MBEDTLS_PK_RSA_ALT omitted on purpose */
|
2013-08-14 15:00:27 +02:00
|
|
|
default:
|
2023-01-11 14:50:10 +01:00
|
|
|
return NULL;
|
2013-07-04 13:31:32 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
2013-08-15 11:30:27 +02:00
|
|
|
* Initialise context
|
2013-07-04 13:31:32 +02:00
|
|
|
*/
|
2023-01-11 14:50:10 +01:00
|
|
|
int mbedtls_pk_setup(mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info)
|
2013-07-04 13:31:32 +02:00
|
|
|
{
|
2023-01-11 14:50:10 +01:00
|
|
|
if (info == NULL || ctx->pk_info != NULL) {
|
|
|
|
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
|
|
|
|
}
|
2013-07-04 13:31:32 +02:00
|
|
|
|
2023-05-18 18:51:58 +02:00
|
|
|
if ((info->ctx_alloc_func != NULL) &&
|
2023-04-28 15:24:32 +02:00
|
|
|
((ctx->pk_ctx = info->ctx_alloc_func()) == NULL)) {
|
2023-01-11 14:50:10 +01:00
|
|
|
return MBEDTLS_ERR_PK_ALLOC_FAILED;
|
|
|
|
}
|
2013-07-04 13:31:32 +02:00
|
|
|
|
2013-08-14 18:26:41 +02:00
|
|
|
ctx->pk_info = info;
|
2013-07-04 13:31:32 +02:00
|
|
|
|
2023-01-11 14:50:10 +01:00
|
|
|
return 0;
|
2013-07-04 13:31:32 +02:00
|
|
|
}
|
2013-08-14 15:56:19 +02:00
|
|
|
|
2018-10-22 12:11:15 +02:00
|
|
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
|
|
|
/*
|
|
|
|
* Initialise a PSA-wrapping context
|
|
|
|
*/
|
2023-01-11 14:50:10 +01:00
|
|
|
int mbedtls_pk_setup_opaque(mbedtls_pk_context *ctx,
|
|
|
|
const mbedtls_svc_key_id_t key)
|
2018-10-22 12:11:15 +02:00
|
|
|
{
|
2022-03-15 12:01:26 +01:00
|
|
|
const mbedtls_pk_info_t *info = NULL;
|
2019-05-27 14:53:13 +02:00
|
|
|
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
2018-10-31 10:57:29 +01:00
|
|
|
psa_key_type_t type;
|
2018-10-22 12:11:15 +02:00
|
|
|
|
2023-01-11 14:50:10 +01:00
|
|
|
if (ctx == NULL || ctx->pk_info != NULL) {
|
|
|
|
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
|
|
|
|
}
|
2018-10-22 12:11:15 +02:00
|
|
|
|
2023-01-11 14:50:10 +01:00
|
|
|
if (PSA_SUCCESS != psa_get_key_attributes(key, &attributes)) {
|
|
|
|
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
|
|
|
|
}
|
|
|
|
type = psa_get_key_type(&attributes);
|
|
|
|
psa_reset_key_attributes(&attributes);
|
2018-10-31 10:57:29 +01:00
|
|
|
|
2023-01-11 14:50:10 +01:00
|
|
|
if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(type)) {
|
2022-03-15 12:01:26 +01:00
|
|
|
info = &mbedtls_pk_ecdsa_opaque_info;
|
2023-01-11 14:50:10 +01:00
|
|
|
} else if (type == PSA_KEY_TYPE_RSA_KEY_PAIR) {
|
2022-03-15 12:01:26 +01:00
|
|
|
info = &mbedtls_pk_rsa_opaque_info;
|
2023-01-11 14:50:10 +01:00
|
|
|
} else {
|
|
|
|
return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
|
|
|
|
}
|
2018-10-31 10:57:29 +01:00
|
|
|
|
2018-10-22 12:11:15 +02:00
|
|
|
ctx->pk_info = info;
|
2023-05-02 14:15:59 +02:00
|
|
|
ctx->priv_id = key;
|
2018-10-31 09:57:45 +01:00
|
|
|
|
2023-01-11 14:50:10 +01:00
|
|
|
return 0;
|
2018-10-22 12:11:15 +02:00
|
|
|
}
|
|
|
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
|
|
|
|
2023-05-17 15:37:29 +02:00
|
|
|
#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
|
|
|
|
int mbedtls_pk_update_public_key_from_keypair(mbedtls_pk_context *pk,
|
|
|
|
mbedtls_ecp_keypair *ecp_keypair)
|
|
|
|
{
|
|
|
|
int ret = MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
|
|
|
|
|
|
|
|
if (pk == NULL) {
|
|
|
|
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
|
|
|
|
}
|
|
|
|
/* The raw public key storing mechanism is only supported for EC keys so
|
|
|
|
* we fail silently for other ones. */
|
|
|
|
if ((pk->pk_info->type != MBEDTLS_PK_ECKEY) &&
|
|
|
|
(pk->pk_info->type != MBEDTLS_PK_ECKEY_DH) &&
|
|
|
|
(pk->pk_info->type != MBEDTLS_PK_ECDSA)) {
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
ret = mbedtls_ecp_point_write_binary(&ecp_keypair->grp, &ecp_keypair->Q,
|
|
|
|
MBEDTLS_ECP_PF_UNCOMPRESSED,
|
|
|
|
&pk->pub_raw_len,
|
|
|
|
pk->pub_raw,
|
|
|
|
MBEDTLS_PK_MAX_EC_PUBKEY_RAW_LEN);
|
|
|
|
if (ret != 0) {
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
pk->ec_family = mbedtls_ecc_group_to_psa(ecp_keypair->grp.id,
|
|
|
|
&pk->ec_bits);
|
2023-05-22 18:39:43 +02:00
|
|
|
if (pk->ec_family == 0) {
|
|
|
|
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
|
|
|
|
}
|
2023-05-17 15:37:29 +02:00
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
2023-05-17 15:49:55 +02:00
|
|
|
#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
|
2023-05-17 15:37:29 +02:00
|
|
|
|
2015-04-08 12:49:31 +02:00
|
|
|
#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
|
2013-08-21 12:28:31 +02:00
|
|
|
/*
|
|
|
|
* Initialize an RSA-alt context
|
|
|
|
*/
|
2023-01-11 14:50:10 +01:00
|
|
|
int mbedtls_pk_setup_rsa_alt(mbedtls_pk_context *ctx, void *key,
|
|
|
|
mbedtls_pk_rsa_alt_decrypt_func decrypt_func,
|
|
|
|
mbedtls_pk_rsa_alt_sign_func sign_func,
|
|
|
|
mbedtls_pk_rsa_alt_key_len_func key_len_func)
|
2013-08-21 12:28:31 +02:00
|
|
|
{
|
2015-04-08 12:49:31 +02:00
|
|
|
mbedtls_rsa_alt_context *rsa_alt;
|
|
|
|
const mbedtls_pk_info_t *info = &mbedtls_rsa_alt_info;
|
2013-08-21 12:28:31 +02:00
|
|
|
|
2023-01-11 14:50:10 +01:00
|
|
|
if (ctx->pk_info != NULL) {
|
|
|
|
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
|
|
|
|
}
|
2013-08-21 12:28:31 +02:00
|
|
|
|
2023-01-11 14:50:10 +01:00
|
|
|
if ((ctx->pk_ctx = info->ctx_alloc_func()) == NULL) {
|
|
|
|
return MBEDTLS_ERR_PK_ALLOC_FAILED;
|
|
|
|
}
|
2013-08-21 12:28:31 +02:00
|
|
|
|
|
|
|
ctx->pk_info = info;
|
|
|
|
|
2015-04-08 12:49:31 +02:00
|
|
|
rsa_alt = (mbedtls_rsa_alt_context *) ctx->pk_ctx;
|
2013-08-21 12:28:31 +02:00
|
|
|
|
|
|
|
rsa_alt->key = key;
|
|
|
|
rsa_alt->decrypt_func = decrypt_func;
|
|
|
|
rsa_alt->sign_func = sign_func;
|
|
|
|
rsa_alt->key_len_func = key_len_func;
|
|
|
|
|
2023-01-11 14:50:10 +01:00
|
|
|
return 0;
|
2013-08-21 12:28:31 +02:00
|
|
|
}
|
2015-04-08 12:49:31 +02:00
|
|
|
#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
|
2013-08-21 12:28:31 +02:00
|
|
|
|
2013-08-14 15:56:19 +02:00
|
|
|
/*
|
|
|
|
* Tell if a PK can do the operations of the given type
|
|
|
|
*/
|
2023-01-11 14:50:10 +01:00
|
|
|
int mbedtls_pk_can_do(const mbedtls_pk_context *ctx, mbedtls_pk_type_t type)
|
2013-08-14 15:56:19 +02:00
|
|
|
{
|
2019-01-31 14:20:20 +01:00
|
|
|
/* A context with null pk_info is not set up yet and can't do anything.
|
|
|
|
* For backward compatibility, also accept NULL instead of a context
|
|
|
|
* pointer. */
|
2023-01-11 14:50:10 +01:00
|
|
|
if (ctx == NULL || ctx->pk_info == NULL) {
|
|
|
|
return 0;
|
|
|
|
}
|
2013-08-14 15:56:19 +02:00
|
|
|
|
2023-01-11 14:50:10 +01:00
|
|
|
return ctx->pk_info->can_do(type);
|
2013-08-14 15:56:19 +02:00
|
|
|
}
|
|
|
|
|
2022-05-11 14:11:25 +02:00
|
|
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
|
|
|
/*
|
|
|
|
* Tell if a PK can do the operations of the given PSA algorithm
|
|
|
|
*/
|
2023-01-11 14:50:10 +01:00
|
|
|
int mbedtls_pk_can_do_ext(const mbedtls_pk_context *ctx, psa_algorithm_t alg,
|
|
|
|
psa_key_usage_t usage)
|
2022-05-11 14:11:25 +02:00
|
|
|
{
|
2022-05-17 14:23:20 +02:00
|
|
|
psa_key_usage_t key_usage;
|
|
|
|
|
2022-05-11 14:11:25 +02:00
|
|
|
/* A context with null pk_info is not set up yet and can't do anything.
|
|
|
|
* For backward compatibility, also accept NULL instead of a context
|
|
|
|
* pointer. */
|
2023-01-11 14:50:10 +01:00
|
|
|
if (ctx == NULL || ctx->pk_info == NULL) {
|
|
|
|
return 0;
|
|
|
|
}
|
2022-05-11 14:11:25 +02:00
|
|
|
|
|
|
|
/* Filter out non allowed algorithms */
|
2023-01-11 14:50:10 +01:00
|
|
|
if (PSA_ALG_IS_ECDSA(alg) == 0 &&
|
|
|
|
PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) == 0 &&
|
|
|
|
PSA_ALG_IS_RSA_PSS(alg) == 0 &&
|
2022-05-11 14:11:25 +02:00
|
|
|
alg != PSA_ALG_RSA_PKCS1V15_CRYPT &&
|
2023-01-11 14:50:10 +01:00
|
|
|
PSA_ALG_IS_ECDH(alg) == 0) {
|
|
|
|
return 0;
|
|
|
|
}
|
2022-05-11 14:11:25 +02:00
|
|
|
|
2022-05-17 14:23:20 +02:00
|
|
|
/* Filter out non allowed usage flags */
|
2023-01-11 14:50:10 +01:00
|
|
|
if (usage == 0 ||
|
|
|
|
(usage & ~(PSA_KEY_USAGE_SIGN_HASH |
|
|
|
|
PSA_KEY_USAGE_DECRYPT |
|
|
|
|
PSA_KEY_USAGE_DERIVE)) != 0) {
|
|
|
|
return 0;
|
|
|
|
}
|
2022-05-17 14:23:20 +02:00
|
|
|
|
2022-05-11 14:11:25 +02:00
|
|
|
/* Wildcard hash is not allowed */
|
2023-01-11 14:50:10 +01:00
|
|
|
if (PSA_ALG_IS_SIGN_HASH(alg) &&
|
|
|
|
PSA_ALG_SIGN_GET_HASH(alg) == PSA_ALG_ANY_HASH) {
|
|
|
|
return 0;
|
|
|
|
}
|
2022-05-11 14:11:25 +02:00
|
|
|
|
2023-01-11 14:50:10 +01:00
|
|
|
if (mbedtls_pk_get_type(ctx) != MBEDTLS_PK_OPAQUE) {
|
2022-05-11 14:11:25 +02:00
|
|
|
mbedtls_pk_type_t type;
|
|
|
|
|
2023-01-11 14:50:10 +01:00
|
|
|
if (PSA_ALG_IS_ECDSA(alg) || PSA_ALG_IS_ECDH(alg)) {
|
2022-05-11 14:11:25 +02:00
|
|
|
type = MBEDTLS_PK_ECKEY;
|
2023-01-11 14:50:10 +01:00
|
|
|
} else if (PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) ||
|
|
|
|
alg == PSA_ALG_RSA_PKCS1V15_CRYPT) {
|
2022-05-11 14:11:25 +02:00
|
|
|
type = MBEDTLS_PK_RSA;
|
2023-01-11 14:50:10 +01:00
|
|
|
} else if (PSA_ALG_IS_RSA_PSS(alg)) {
|
2022-05-11 14:11:25 +02:00
|
|
|
type = MBEDTLS_PK_RSASSA_PSS;
|
2023-01-11 14:50:10 +01:00
|
|
|
} else {
|
|
|
|
return 0;
|
|
|
|
}
|
2022-05-11 14:11:25 +02:00
|
|
|
|
2023-01-11 14:50:10 +01:00
|
|
|
if (ctx->pk_info->can_do(type) == 0) {
|
|
|
|
return 0;
|
|
|
|
}
|
2022-05-17 14:23:20 +02:00
|
|
|
|
2023-01-11 14:50:10 +01:00
|
|
|
switch (type) {
|
2022-05-19 16:22:40 +02:00
|
|
|
case MBEDTLS_PK_ECKEY:
|
|
|
|
key_usage = PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_DERIVE;
|
|
|
|
break;
|
|
|
|
case MBEDTLS_PK_RSA:
|
|
|
|
case MBEDTLS_PK_RSASSA_PSS:
|
|
|
|
key_usage = PSA_KEY_USAGE_SIGN_HASH |
|
|
|
|
PSA_KEY_USAGE_SIGN_MESSAGE |
|
|
|
|
PSA_KEY_USAGE_DECRYPT;
|
|
|
|
break;
|
|
|
|
default:
|
2022-05-20 09:25:55 +02:00
|
|
|
/* Should never happen */
|
2023-01-11 14:50:10 +01:00
|
|
|
return 0;
|
2022-05-19 16:22:40 +02:00
|
|
|
}
|
|
|
|
|
2023-01-11 14:50:10 +01:00
|
|
|
return (key_usage & usage) == usage;
|
2022-05-11 14:11:25 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
|
|
|
psa_algorithm_t key_alg, key_alg2;
|
|
|
|
psa_status_t status;
|
|
|
|
|
2023-05-02 14:15:59 +02:00
|
|
|
status = psa_get_key_attributes(ctx->priv_id, &attributes);
|
2023-01-11 14:50:10 +01:00
|
|
|
if (status != PSA_SUCCESS) {
|
|
|
|
return 0;
|
|
|
|
}
|
2022-05-11 14:11:25 +02:00
|
|
|
|
2023-01-11 14:50:10 +01:00
|
|
|
key_alg = psa_get_key_algorithm(&attributes);
|
|
|
|
key_alg2 = psa_get_key_enrollment_algorithm(&attributes);
|
|
|
|
key_usage = psa_get_key_usage_flags(&attributes);
|
|
|
|
psa_reset_key_attributes(&attributes);
|
2022-05-11 14:11:25 +02:00
|
|
|
|
2023-01-11 14:50:10 +01:00
|
|
|
if ((key_usage & usage) != usage) {
|
|
|
|
return 0;
|
|
|
|
}
|
2022-05-17 14:23:20 +02:00
|
|
|
|
2022-05-11 14:11:25 +02:00
|
|
|
/*
|
2022-05-17 11:56:55 +02:00
|
|
|
* Common case: the key alg or alg2 only allows alg.
|
2022-05-11 14:11:25 +02:00
|
|
|
* This will match PSA_ALG_RSA_PKCS1V15_CRYPT & PSA_ALG_IS_ECDH
|
|
|
|
* directly.
|
|
|
|
* This would also match ECDSA/RSA_PKCS1V15_SIGN/RSA_PSS with
|
|
|
|
* a fixed hash on key_alg/key_alg2.
|
|
|
|
*/
|
2023-01-11 14:50:10 +01:00
|
|
|
if (alg == key_alg || alg == key_alg2) {
|
|
|
|
return 1;
|
|
|
|
}
|
2022-05-11 14:11:25 +02:00
|
|
|
|
|
|
|
/*
|
2022-05-17 14:58:27 +02:00
|
|
|
* If key_alg or key_alg2 is a hash-and-sign with a wildcard for the hash,
|
|
|
|
* and alg is the same hash-and-sign family with any hash,
|
2022-05-11 14:11:25 +02:00
|
|
|
* then alg is compliant with this key alg
|
|
|
|
*/
|
2023-01-11 14:50:10 +01:00
|
|
|
if (PSA_ALG_IS_SIGN_HASH(alg)) {
|
2022-05-11 14:11:25 +02:00
|
|
|
|
2023-01-11 14:50:10 +01:00
|
|
|
if (PSA_ALG_IS_SIGN_HASH(key_alg) &&
|
|
|
|
PSA_ALG_SIGN_GET_HASH(key_alg) == PSA_ALG_ANY_HASH &&
|
|
|
|
(alg & ~PSA_ALG_HASH_MASK) == (key_alg & ~PSA_ALG_HASH_MASK)) {
|
|
|
|
return 1;
|
|
|
|
}
|
2022-05-11 14:11:25 +02:00
|
|
|
|
2023-01-11 14:50:10 +01:00
|
|
|
if (PSA_ALG_IS_SIGN_HASH(key_alg2) &&
|
|
|
|
PSA_ALG_SIGN_GET_HASH(key_alg2) == PSA_ALG_ANY_HASH &&
|
|
|
|
(alg & ~PSA_ALG_HASH_MASK) == (key_alg2 & ~PSA_ALG_HASH_MASK)) {
|
|
|
|
return 1;
|
|
|
|
}
|
2022-05-11 14:11:25 +02:00
|
|
|
}
|
|
|
|
|
2023-01-11 14:50:10 +01:00
|
|
|
return 0;
|
2022-05-11 14:11:25 +02:00
|
|
|
}
|
|
|
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
|
|
|
|
2013-08-22 14:55:30 +02:00
|
|
|
/*
|
2015-04-08 12:49:31 +02:00
|
|
|
* Helper for mbedtls_pk_sign and mbedtls_pk_verify
|
2013-08-22 14:55:30 +02:00
|
|
|
*/
|
2023-01-11 14:50:10 +01:00
|
|
|
static inline int pk_hashlen_helper(mbedtls_md_type_t md_alg, size_t *hash_len)
|
2013-08-22 14:55:30 +02:00
|
|
|
{
|
2023-01-11 14:50:10 +01:00
|
|
|
if (*hash_len != 0) {
|
|
|
|
return 0;
|
|
|
|
}
|
2013-08-22 14:55:30 +02:00
|
|
|
|
2023-01-11 14:50:10 +01:00
|
|
|
*hash_len = mbedtls_hash_info_get_size(md_alg);
|
2022-07-05 11:55:20 +02:00
|
|
|
|
2023-01-11 14:50:10 +01:00
|
|
|
if (*hash_len == 0) {
|
|
|
|
return -1;
|
|
|
|
}
|
2013-08-22 14:55:30 +02:00
|
|
|
|
2023-01-11 14:50:10 +01:00
|
|
|
return 0;
|
2013-08-22 14:55:30 +02:00
|
|
|
}
|
|
|
|
|
2017-08-18 17:30:37 +02:00
|
|
|
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
|
2017-08-18 16:22:06 +02:00
|
|
|
/*
|
|
|
|
* Helper to set up a restart context if needed
|
|
|
|
*/
|
2023-01-11 14:50:10 +01:00
|
|
|
static int pk_restart_setup(mbedtls_pk_restart_ctx *ctx,
|
|
|
|
const mbedtls_pk_info_t *info)
|
2017-08-18 16:22:06 +02:00
|
|
|
{
|
2018-07-02 13:09:39 +02:00
|
|
|
/* Don't do anything if already set up or invalid */
|
2023-01-11 14:50:10 +01:00
|
|
|
if (ctx == NULL || ctx->pk_info != NULL) {
|
|
|
|
return 0;
|
|
|
|
}
|
2017-08-18 16:22:06 +02:00
|
|
|
|
|
|
|
/* Should never happen when we're called */
|
2023-01-11 14:50:10 +01:00
|
|
|
if (info->rs_alloc_func == NULL || info->rs_free_func == NULL) {
|
|
|
|
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
|
|
|
|
}
|
2017-08-18 16:22:06 +02:00
|
|
|
|
2023-01-11 14:50:10 +01:00
|
|
|
if ((ctx->rs_ctx = info->rs_alloc_func()) == NULL) {
|
|
|
|
return MBEDTLS_ERR_PK_ALLOC_FAILED;
|
|
|
|
}
|
2017-08-18 16:22:06 +02:00
|
|
|
|
|
|
|
ctx->pk_info = info;
|
|
|
|
|
2023-01-11 14:50:10 +01:00
|
|
|
return 0;
|
2017-08-18 16:22:06 +02:00
|
|
|
}
|
2017-08-18 17:30:37 +02:00
|
|
|
#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
|
2017-08-18 16:22:06 +02:00
|
|
|
|
2013-08-14 15:56:19 +02:00
|
|
|
/*
|
2017-05-03 10:59:45 +02:00
|
|
|
* Verify a signature (restartable)
|
2013-08-14 15:56:19 +02:00
|
|
|
*/
|
2023-01-11 14:50:10 +01:00
|
|
|
int mbedtls_pk_verify_restartable(mbedtls_pk_context *ctx,
|
|
|
|
mbedtls_md_type_t md_alg,
|
|
|
|
const unsigned char *hash, size_t hash_len,
|
|
|
|
const unsigned char *sig, size_t sig_len,
|
|
|
|
mbedtls_pk_restart_ctx *rs_ctx)
|
2013-08-14 15:56:19 +02:00
|
|
|
{
|
2023-01-11 14:50:10 +01:00
|
|
|
if ((md_alg != MBEDTLS_MD_NONE || hash_len != 0) && hash == NULL) {
|
2022-07-29 15:51:50 +02:00
|
|
|
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
|
2023-01-11 14:50:10 +01:00
|
|
|
}
|
2019-01-31 14:20:20 +01:00
|
|
|
|
2023-01-11 14:50:10 +01:00
|
|
|
if (ctx->pk_info == NULL ||
|
|
|
|
pk_hashlen_helper(md_alg, &hash_len) != 0) {
|
|
|
|
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
|
|
|
|
}
|
2013-08-14 15:56:19 +02:00
|
|
|
|
2017-08-18 17:30:37 +02:00
|
|
|
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
|
2017-08-18 17:40:15 +02:00
|
|
|
/* optimization: use non-restartable version if restart disabled */
|
2023-01-11 14:50:10 +01:00
|
|
|
if (rs_ctx != NULL &&
|
2018-10-16 10:41:31 +02:00
|
|
|
mbedtls_ecp_restart_is_enabled() &&
|
2023-01-11 14:50:10 +01:00
|
|
|
ctx->pk_info->verify_rs_func != NULL) {
|
2019-11-22 14:21:35 +01:00
|
|
|
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
2017-08-18 16:22:06 +02:00
|
|
|
|
2023-01-11 14:50:10 +01:00
|
|
|
if ((ret = pk_restart_setup(rs_ctx, ctx->pk_info)) != 0) {
|
|
|
|
return ret;
|
|
|
|
}
|
2017-08-18 16:22:06 +02:00
|
|
|
|
2023-04-20 09:56:30 +02:00
|
|
|
ret = ctx->pk_info->verify_rs_func(ctx,
|
2023-01-11 14:50:10 +01:00
|
|
|
md_alg, hash, hash_len, sig, sig_len, rs_ctx->rs_ctx);
|
2017-08-18 16:22:06 +02:00
|
|
|
|
2023-01-11 14:50:10 +01:00
|
|
|
if (ret != MBEDTLS_ERR_ECP_IN_PROGRESS) {
|
|
|
|
mbedtls_pk_restart_free(rs_ctx);
|
|
|
|
}
|
2017-08-18 16:22:06 +02:00
|
|
|
|
2023-01-11 14:50:10 +01:00
|
|
|
return ret;
|
2017-05-09 10:42:40 +02:00
|
|
|
}
|
2017-08-18 17:30:37 +02:00
|
|
|
#else /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
|
2017-05-09 10:42:40 +02:00
|
|
|
(void) rs_ctx;
|
2017-08-18 17:30:37 +02:00
|
|
|
#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
|
2017-05-09 10:42:40 +02:00
|
|
|
|
2023-01-11 14:50:10 +01:00
|
|
|
if (ctx->pk_info->verify_func == NULL) {
|
|
|
|
return MBEDTLS_ERR_PK_TYPE_MISMATCH;
|
|
|
|
}
|
2013-08-17 15:20:06 +02:00
|
|
|
|
2023-04-20 09:56:30 +02:00
|
|
|
return ctx->pk_info->verify_func(ctx, md_alg, hash, hash_len,
|
2023-01-11 14:50:10 +01:00
|
|
|
sig, sig_len);
|
2013-08-14 15:56:19 +02:00
|
|
|
}
|
|
|
|
|
2017-05-03 10:59:45 +02:00
|
|
|
/*
|
|
|
|
* Verify a signature
|
|
|
|
*/
|
2023-01-11 14:50:10 +01:00
|
|
|
int mbedtls_pk_verify(mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
|
|
|
|
const unsigned char *hash, size_t hash_len,
|
|
|
|
const unsigned char *sig, size_t sig_len)
|
2017-05-03 10:59:45 +02:00
|
|
|
{
|
2023-01-11 14:50:10 +01:00
|
|
|
return mbedtls_pk_verify_restartable(ctx, md_alg, hash, hash_len,
|
|
|
|
sig, sig_len, NULL);
|
2017-05-03 10:59:45 +02:00
|
|
|
}
|
|
|
|
|
2014-06-05 13:41:44 +02:00
|
|
|
/*
|
|
|
|
* Verify a signature with options
|
|
|
|
*/
|
2023-01-11 14:50:10 +01:00
|
|
|
int mbedtls_pk_verify_ext(mbedtls_pk_type_t type, const void *options,
|
|
|
|
mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
|
|
|
|
const unsigned char *hash, size_t hash_len,
|
|
|
|
const unsigned char *sig, size_t sig_len)
|
2014-06-05 13:41:44 +02:00
|
|
|
{
|
2023-01-11 14:50:10 +01:00
|
|
|
if ((md_alg != MBEDTLS_MD_NONE || hash_len != 0) && hash == NULL) {
|
2022-07-29 15:51:50 +02:00
|
|
|
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
|
2023-01-11 14:50:10 +01:00
|
|
|
}
|
2019-01-31 14:20:20 +01:00
|
|
|
|
2023-01-11 14:50:10 +01:00
|
|
|
if (ctx->pk_info == NULL) {
|
|
|
|
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
|
|
|
|
}
|
2014-06-05 13:41:44 +02:00
|
|
|
|
2023-01-11 14:50:10 +01:00
|
|
|
if (!mbedtls_pk_can_do(ctx, type)) {
|
|
|
|
return MBEDTLS_ERR_PK_TYPE_MISMATCH;
|
|
|
|
}
|
2014-06-05 13:41:44 +02:00
|
|
|
|
2023-01-11 14:50:10 +01:00
|
|
|
if (type != MBEDTLS_PK_RSASSA_PSS) {
|
2022-02-09 20:13:44 +01:00
|
|
|
/* General case: no options */
|
2023-01-11 14:50:10 +01:00
|
|
|
if (options != NULL) {
|
|
|
|
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
|
|
|
|
}
|
2022-02-09 20:13:44 +01:00
|
|
|
|
2023-01-11 14:50:10 +01:00
|
|
|
return mbedtls_pk_verify(ctx, md_alg, hash, hash_len, sig, sig_len);
|
2022-02-09 20:13:44 +01:00
|
|
|
}
|
|
|
|
|
2015-04-08 12:49:31 +02:00
|
|
|
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PKCS1_V21)
|
2022-02-09 20:13:44 +01:00
|
|
|
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
|
|
|
const mbedtls_pk_rsassa_pss_options *pss_opts;
|
2014-06-05 13:41:44 +02:00
|
|
|
|
2023-01-11 14:50:10 +01:00
|
|
|
if (md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len) {
|
|
|
|
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
|
|
|
|
}
|
2017-01-19 12:24:33 +01:00
|
|
|
|
2023-01-11 14:50:10 +01:00
|
|
|
if (options == NULL) {
|
|
|
|
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
|
|
|
|
}
|
2014-06-05 13:41:44 +02:00
|
|
|
|
2022-02-09 20:13:44 +01:00
|
|
|
pss_opts = (const mbedtls_pk_rsassa_pss_options *) options;
|
2014-06-05 13:41:44 +02:00
|
|
|
|
2022-02-09 20:13:44 +01:00
|
|
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
2023-01-11 14:50:10 +01:00
|
|
|
if (pss_opts->mgf1_hash_id == md_alg) {
|
2022-06-10 12:50:00 +02:00
|
|
|
unsigned char buf[MBEDTLS_PK_RSA_PUB_DER_MAX_BYTES];
|
2022-02-09 20:13:44 +01:00
|
|
|
unsigned char *p;
|
2022-02-16 13:46:42 +01:00
|
|
|
int key_len;
|
|
|
|
size_t signature_length;
|
2022-02-17 16:51:15 +01:00
|
|
|
psa_status_t status = PSA_ERROR_DATA_CORRUPT;
|
|
|
|
psa_status_t destruction_status = PSA_ERROR_DATA_CORRUPT;
|
2022-02-16 13:46:42 +01:00
|
|
|
|
2023-01-11 14:50:10 +01:00
|
|
|
psa_algorithm_t psa_md_alg = mbedtls_hash_info_psa_from_md(md_alg);
|
2022-02-09 20:13:44 +01:00
|
|
|
mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
|
|
|
|
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
2023-01-11 14:50:10 +01:00
|
|
|
psa_algorithm_t psa_sig_alg = PSA_ALG_RSA_PSS_ANY_SALT(psa_md_alg);
|
|
|
|
p = buf + sizeof(buf);
|
|
|
|
key_len = mbedtls_pk_write_pubkey(&p, buf, ctx);
|
|
|
|
|
|
|
|
if (key_len < 0) {
|
|
|
|
return key_len;
|
|
|
|
}
|
|
|
|
|
|
|
|
psa_set_key_type(&attributes, PSA_KEY_TYPE_RSA_PUBLIC_KEY);
|
|
|
|
psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH);
|
|
|
|
psa_set_key_algorithm(&attributes, psa_sig_alg);
|
|
|
|
|
|
|
|
status = psa_import_key(&attributes,
|
|
|
|
buf + sizeof(buf) - key_len, key_len,
|
|
|
|
&key_id);
|
|
|
|
if (status != PSA_SUCCESS) {
|
|
|
|
psa_destroy_key(key_id);
|
2022-12-23 17:00:06 +01:00
|
|
|
return PSA_PK_TO_MBEDTLS_ERR(status);
|
2022-02-09 20:13:44 +01:00
|
|
|
}
|
|
|
|
|
2022-02-16 12:13:35 +01:00
|
|
|
/* This function requires returning MBEDTLS_ERR_PK_SIG_LEN_MISMATCH
|
|
|
|
* on a valid signature with trailing data in a buffer, but
|
|
|
|
* mbedtls_psa_rsa_verify_hash requires the sig_len to be exact,
|
|
|
|
* so for this reason the passed sig_len is overwritten. Smaller
|
|
|
|
* signature lengths should not be accepted for verification. */
|
2023-01-11 14:50:10 +01:00
|
|
|
signature_length = sig_len > mbedtls_pk_get_len(ctx) ?
|
|
|
|
mbedtls_pk_get_len(ctx) : sig_len;
|
|
|
|
status = psa_verify_hash(key_id, psa_sig_alg, hash,
|
|
|
|
hash_len, sig, signature_length);
|
|
|
|
destruction_status = psa_destroy_key(key_id);
|
|
|
|
|
|
|
|
if (status == PSA_SUCCESS && sig_len > mbedtls_pk_get_len(ctx)) {
|
|
|
|
return MBEDTLS_ERR_PK_SIG_LEN_MISMATCH;
|
|
|
|
}
|
2022-02-15 14:23:02 +01:00
|
|
|
|
2023-01-11 14:50:10 +01:00
|
|
|
if (status == PSA_SUCCESS) {
|
2022-02-17 16:51:15 +01:00
|
|
|
status = destruction_status;
|
2023-01-11 14:50:10 +01:00
|
|
|
}
|
2022-02-17 16:51:15 +01:00
|
|
|
|
2022-12-23 17:00:06 +01:00
|
|
|
return PSA_PK_RSA_TO_MBEDTLS_ERR(status);
|
2023-01-11 14:50:10 +01:00
|
|
|
} else
|
2022-02-09 20:13:44 +01:00
|
|
|
#endif
|
|
|
|
{
|
2023-01-11 14:50:10 +01:00
|
|
|
if (sig_len < mbedtls_pk_get_len(ctx)) {
|
|
|
|
return MBEDTLS_ERR_RSA_VERIFY_FAILED;
|
|
|
|
}
|
2014-06-05 13:41:44 +02:00
|
|
|
|
2023-01-11 14:50:10 +01:00
|
|
|
ret = mbedtls_rsa_rsassa_pss_verify_ext(mbedtls_pk_rsa(*ctx),
|
|
|
|
md_alg, (unsigned int) hash_len, hash,
|
|
|
|
pss_opts->mgf1_hash_id,
|
|
|
|
pss_opts->expected_salt_len,
|
|
|
|
sig);
|
|
|
|
if (ret != 0) {
|
|
|
|
return ret;
|
|
|
|
}
|
2014-06-05 13:41:44 +02:00
|
|
|
|
2023-01-11 14:50:10 +01:00
|
|
|
if (sig_len > mbedtls_pk_get_len(ctx)) {
|
|
|
|
return MBEDTLS_ERR_PK_SIG_LEN_MISMATCH;
|
|
|
|
}
|
2022-02-15 14:18:44 +01:00
|
|
|
|
2023-01-11 14:50:10 +01:00
|
|
|
return 0;
|
2022-02-09 20:13:44 +01:00
|
|
|
}
|
2014-06-05 13:41:44 +02:00
|
|
|
#else
|
2023-01-11 14:50:10 +01:00
|
|
|
return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
|
2017-01-19 12:24:33 +01:00
|
|
|
#endif /* MBEDTLS_RSA_C && MBEDTLS_PKCS1_V21 */
|
2014-06-05 13:41:44 +02:00
|
|
|
}
|
|
|
|
|
2013-08-21 10:34:38 +02:00
|
|
|
/*
|
2017-05-03 10:59:45 +02:00
|
|
|
* Make a signature (restartable)
|
2013-08-21 10:34:38 +02:00
|
|
|
*/
|
2023-01-11 14:50:10 +01:00
|
|
|
int mbedtls_pk_sign_restartable(mbedtls_pk_context *ctx,
|
|
|
|
mbedtls_md_type_t md_alg,
|
|
|
|
const unsigned char *hash, size_t hash_len,
|
|
|
|
unsigned char *sig, size_t sig_size, size_t *sig_len,
|
|
|
|
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
|
|
|
|
mbedtls_pk_restart_ctx *rs_ctx)
|
2013-08-21 10:34:38 +02:00
|
|
|
{
|
2023-01-11 14:50:10 +01:00
|
|
|
if ((md_alg != MBEDTLS_MD_NONE || hash_len != 0) && hash == NULL) {
|
2022-07-29 15:51:50 +02:00
|
|
|
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
|
2023-01-11 14:50:10 +01:00
|
|
|
}
|
2019-01-31 14:20:20 +01:00
|
|
|
|
2023-01-11 14:50:10 +01:00
|
|
|
if (ctx->pk_info == NULL || pk_hashlen_helper(md_alg, &hash_len) != 0) {
|
|
|
|
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
|
|
|
|
}
|
2013-08-21 10:34:38 +02:00
|
|
|
|
2017-08-18 17:30:37 +02:00
|
|
|
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
|
2017-08-18 17:40:15 +02:00
|
|
|
/* optimization: use non-restartable version if restart disabled */
|
2023-01-11 14:50:10 +01:00
|
|
|
if (rs_ctx != NULL &&
|
2018-10-16 10:41:31 +02:00
|
|
|
mbedtls_ecp_restart_is_enabled() &&
|
2023-01-11 14:50:10 +01:00
|
|
|
ctx->pk_info->sign_rs_func != NULL) {
|
2019-11-22 14:21:35 +01:00
|
|
|
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
2017-08-18 16:22:06 +02:00
|
|
|
|
2023-01-11 14:50:10 +01:00
|
|
|
if ((ret = pk_restart_setup(rs_ctx, ctx->pk_info)) != 0) {
|
|
|
|
return ret;
|
|
|
|
}
|
2017-08-18 16:22:06 +02:00
|
|
|
|
2023-04-20 09:56:30 +02:00
|
|
|
ret = ctx->pk_info->sign_rs_func(ctx, md_alg,
|
2023-01-11 14:50:10 +01:00
|
|
|
hash, hash_len,
|
|
|
|
sig, sig_size, sig_len,
|
|
|
|
f_rng, p_rng, rs_ctx->rs_ctx);
|
2017-08-18 16:22:06 +02:00
|
|
|
|
2023-01-11 14:50:10 +01:00
|
|
|
if (ret != MBEDTLS_ERR_ECP_IN_PROGRESS) {
|
|
|
|
mbedtls_pk_restart_free(rs_ctx);
|
|
|
|
}
|
2017-08-18 16:22:06 +02:00
|
|
|
|
2023-01-11 14:50:10 +01:00
|
|
|
return ret;
|
2017-05-09 10:42:40 +02:00
|
|
|
}
|
2017-08-18 17:30:37 +02:00
|
|
|
#else /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
|
2017-05-09 10:42:40 +02:00
|
|
|
(void) rs_ctx;
|
2017-08-18 17:30:37 +02:00
|
|
|
#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
|
2017-05-09 10:42:40 +02:00
|
|
|
|
2023-01-11 14:50:10 +01:00
|
|
|
if (ctx->pk_info->sign_func == NULL) {
|
|
|
|
return MBEDTLS_ERR_PK_TYPE_MISMATCH;
|
|
|
|
}
|
2013-08-21 10:34:38 +02:00
|
|
|
|
2023-04-20 09:56:30 +02:00
|
|
|
return ctx->pk_info->sign_func(ctx, md_alg,
|
2023-01-11 14:50:10 +01:00
|
|
|
hash, hash_len,
|
|
|
|
sig, sig_size, sig_len,
|
|
|
|
f_rng, p_rng);
|
2013-08-21 10:34:38 +02:00
|
|
|
}
|
|
|
|
|
2017-05-03 10:59:45 +02:00
|
|
|
/*
|
|
|
|
* Make a signature
|
|
|
|
*/
|
2023-01-11 14:50:10 +01:00
|
|
|
int mbedtls_pk_sign(mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
|
|
|
|
const unsigned char *hash, size_t hash_len,
|
|
|
|
unsigned char *sig, size_t sig_size, size_t *sig_len,
|
|
|
|
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
|
2017-05-03 10:59:45 +02:00
|
|
|
{
|
2023-01-11 14:50:10 +01:00
|
|
|
return mbedtls_pk_sign_restartable(ctx, md_alg, hash, hash_len,
|
|
|
|
sig, sig_size, sig_len,
|
|
|
|
f_rng, p_rng, NULL);
|
2017-05-03 10:59:45 +02:00
|
|
|
}
|
|
|
|
|
2022-03-12 12:12:05 +01:00
|
|
|
#if defined(MBEDTLS_PSA_CRYPTO_C)
|
2022-02-24 08:52:15 +01:00
|
|
|
/*
|
2022-03-23 04:42:06 +01:00
|
|
|
* Make a signature given a signature type.
|
2022-02-24 08:52:15 +01:00
|
|
|
*/
|
2023-01-11 14:50:10 +01:00
|
|
|
int mbedtls_pk_sign_ext(mbedtls_pk_type_t pk_type,
|
|
|
|
mbedtls_pk_context *ctx,
|
|
|
|
mbedtls_md_type_t md_alg,
|
|
|
|
const unsigned char *hash, size_t hash_len,
|
|
|
|
unsigned char *sig, size_t sig_size, size_t *sig_len,
|
|
|
|
int (*f_rng)(void *, unsigned char *, size_t),
|
|
|
|
void *p_rng)
|
2022-02-24 08:52:15 +01:00
|
|
|
{
|
2022-03-23 04:42:06 +01:00
|
|
|
#if defined(MBEDTLS_RSA_C)
|
|
|
|
psa_algorithm_t psa_md_alg;
|
|
|
|
#endif /* MBEDTLS_RSA_C */
|
2022-02-24 08:52:15 +01:00
|
|
|
*sig_len = 0;
|
2022-03-12 12:12:05 +01:00
|
|
|
|
2023-01-11 14:50:10 +01:00
|
|
|
if (ctx->pk_info == NULL) {
|
|
|
|
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
|
|
|
|
}
|
2022-02-24 08:52:15 +01:00
|
|
|
|
2023-01-11 14:50:10 +01:00
|
|
|
if (!mbedtls_pk_can_do(ctx, pk_type)) {
|
|
|
|
return MBEDTLS_ERR_PK_TYPE_MISMATCH;
|
|
|
|
}
|
2022-02-24 08:52:15 +01:00
|
|
|
|
2023-01-11 14:50:10 +01:00
|
|
|
if (pk_type != MBEDTLS_PK_RSASSA_PSS) {
|
|
|
|
return mbedtls_pk_sign(ctx, md_alg, hash, hash_len,
|
|
|
|
sig, sig_size, sig_len, f_rng, p_rng);
|
2022-04-21 12:08:52 +02:00
|
|
|
}
|
|
|
|
|
2022-04-12 15:11:49 +02:00
|
|
|
#if defined(MBEDTLS_RSA_C)
|
2023-01-11 14:50:10 +01:00
|
|
|
psa_md_alg = mbedtls_hash_info_psa_from_md(md_alg);
|
|
|
|
if (psa_md_alg == 0) {
|
|
|
|
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
|
|
|
|
}
|
2022-04-21 12:08:52 +02:00
|
|
|
|
2023-01-11 14:50:10 +01:00
|
|
|
if (mbedtls_pk_get_type(ctx) == MBEDTLS_PK_OPAQUE) {
|
2022-04-12 15:11:49 +02:00
|
|
|
psa_status_t status;
|
|
|
|
|
2023-05-02 14:15:59 +02:00
|
|
|
status = psa_sign_hash(ctx->priv_id, PSA_ALG_RSA_PSS(psa_md_alg),
|
2023-01-11 14:50:10 +01:00
|
|
|
hash, hash_len,
|
|
|
|
sig, sig_size, sig_len);
|
2022-12-23 17:00:06 +01:00
|
|
|
return PSA_PK_RSA_TO_MBEDTLS_ERR(status);
|
2022-04-12 15:11:49 +02:00
|
|
|
}
|
|
|
|
|
2023-01-11 14:50:10 +01:00
|
|
|
return mbedtls_pk_psa_rsa_sign_ext(PSA_ALG_RSA_PSS(psa_md_alg),
|
|
|
|
ctx->pk_ctx, hash, hash_len,
|
|
|
|
sig, sig_size, sig_len);
|
2022-03-22 07:20:15 +01:00
|
|
|
#else /* MBEDTLS_RSA_C */
|
2023-01-11 14:50:10 +01:00
|
|
|
return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
|
2022-03-22 07:20:15 +01:00
|
|
|
#endif /* !MBEDTLS_RSA_C */
|
2022-02-24 08:52:15 +01:00
|
|
|
|
|
|
|
}
|
2022-03-12 12:12:05 +01:00
|
|
|
#endif /* MBEDTLS_PSA_CRYPTO_C */
|
2022-02-24 08:52:15 +01:00
|
|
|
|
2013-08-21 11:51:08 +02:00
|
|
|
/*
|
|
|
|
* Decrypt message
|
|
|
|
*/
|
2023-01-11 14:50:10 +01:00
|
|
|
int mbedtls_pk_decrypt(mbedtls_pk_context *ctx,
|
|
|
|
const unsigned char *input, size_t ilen,
|
|
|
|
unsigned char *output, size_t *olen, size_t osize,
|
|
|
|
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
|
2013-08-21 11:51:08 +02:00
|
|
|
{
|
2023-01-11 14:50:10 +01:00
|
|
|
if (ctx->pk_info == NULL) {
|
|
|
|
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
|
|
|
|
}
|
2013-08-21 11:51:08 +02:00
|
|
|
|
2023-01-11 14:50:10 +01:00
|
|
|
if (ctx->pk_info->decrypt_func == NULL) {
|
|
|
|
return MBEDTLS_ERR_PK_TYPE_MISMATCH;
|
|
|
|
}
|
2013-08-21 11:51:08 +02:00
|
|
|
|
2023-04-20 09:56:30 +02:00
|
|
|
return ctx->pk_info->decrypt_func(ctx, input, ilen,
|
2023-01-11 14:50:10 +01:00
|
|
|
output, olen, osize, f_rng, p_rng);
|
2013-08-21 11:51:08 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Encrypt message
|
|
|
|
*/
|
2023-01-11 14:50:10 +01:00
|
|
|
int mbedtls_pk_encrypt(mbedtls_pk_context *ctx,
|
|
|
|
const unsigned char *input, size_t ilen,
|
|
|
|
unsigned char *output, size_t *olen, size_t osize,
|
|
|
|
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
|
2013-08-21 11:51:08 +02:00
|
|
|
{
|
2023-01-11 14:50:10 +01:00
|
|
|
if (ctx->pk_info == NULL) {
|
|
|
|
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
|
|
|
|
}
|
2013-08-21 11:51:08 +02:00
|
|
|
|
2023-01-11 14:50:10 +01:00
|
|
|
if (ctx->pk_info->encrypt_func == NULL) {
|
|
|
|
return MBEDTLS_ERR_PK_TYPE_MISMATCH;
|
|
|
|
}
|
2013-08-21 11:51:08 +02:00
|
|
|
|
2023-04-20 09:56:30 +02:00
|
|
|
return ctx->pk_info->encrypt_func(ctx, input, ilen,
|
2023-01-11 14:50:10 +01:00
|
|
|
output, olen, osize, f_rng, p_rng);
|
2013-08-21 11:51:08 +02:00
|
|
|
}
|
|
|
|
|
2014-11-06 16:51:20 +01:00
|
|
|
/*
|
|
|
|
* Check public-private key pair
|
|
|
|
*/
|
2023-01-11 14:50:10 +01:00
|
|
|
int mbedtls_pk_check_pair(const mbedtls_pk_context *pub,
|
|
|
|
const mbedtls_pk_context *prv,
|
|
|
|
int (*f_rng)(void *, unsigned char *, size_t),
|
|
|
|
void *p_rng)
|
2014-11-06 16:51:20 +01:00
|
|
|
{
|
2023-01-11 14:50:10 +01:00
|
|
|
if (pub->pk_info == NULL ||
|
|
|
|
prv->pk_info == NULL) {
|
|
|
|
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
|
2014-11-06 16:51:20 +01:00
|
|
|
}
|
|
|
|
|
2023-01-11 14:50:10 +01:00
|
|
|
if (f_rng == NULL) {
|
|
|
|
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
|
|
|
|
}
|
2018-10-24 12:37:44 +02:00
|
|
|
|
2023-01-11 14:50:10 +01:00
|
|
|
if (prv->pk_info->check_pair_func == NULL) {
|
|
|
|
return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
|
2014-11-08 17:08:08 +01:00
|
|
|
}
|
2023-01-11 14:50:10 +01:00
|
|
|
|
|
|
|
if (prv->pk_info->type == MBEDTLS_PK_RSA_ALT) {
|
|
|
|
if (pub->pk_info->type != MBEDTLS_PK_RSA) {
|
|
|
|
return MBEDTLS_ERR_PK_TYPE_MISMATCH;
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
if (pub->pk_info != prv->pk_info) {
|
|
|
|
return MBEDTLS_ERR_PK_TYPE_MISMATCH;
|
|
|
|
}
|
2014-11-06 16:51:20 +01:00
|
|
|
}
|
|
|
|
|
2023-04-20 09:56:30 +02:00
|
|
|
return prv->pk_info->check_pair_func((mbedtls_pk_context *) pub,
|
|
|
|
(mbedtls_pk_context *) prv,
|
|
|
|
f_rng, p_rng);
|
2014-11-06 16:51:20 +01:00
|
|
|
}
|
|
|
|
|
2013-08-14 15:56:19 +02:00
|
|
|
/*
|
|
|
|
* Get key size in bits
|
|
|
|
*/
|
2023-01-11 14:50:10 +01:00
|
|
|
size_t mbedtls_pk_get_bitlen(const mbedtls_pk_context *ctx)
|
2013-08-14 15:56:19 +02:00
|
|
|
{
|
2019-01-31 14:20:20 +01:00
|
|
|
/* For backward compatibility, accept NULL or a context that
|
|
|
|
* isn't set up yet, and return a fake value that should be safe. */
|
2023-01-11 14:50:10 +01:00
|
|
|
if (ctx == NULL || ctx->pk_info == NULL) {
|
|
|
|
return 0;
|
|
|
|
}
|
2013-08-14 15:56:19 +02:00
|
|
|
|
2023-04-20 09:56:30 +02:00
|
|
|
return ctx->pk_info->get_bitlen((mbedtls_pk_context *) ctx);
|
2013-08-14 15:56:19 +02:00
|
|
|
}
|
2013-08-14 18:04:18 +02:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Export debug information
|
|
|
|
*/
|
2023-01-11 14:50:10 +01:00
|
|
|
int mbedtls_pk_debug(const mbedtls_pk_context *ctx, mbedtls_pk_debug_item *items)
|
2013-08-14 18:04:18 +02:00
|
|
|
{
|
2023-01-11 14:50:10 +01:00
|
|
|
if (ctx->pk_info == NULL) {
|
|
|
|
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
|
|
|
|
}
|
2013-08-14 18:04:18 +02:00
|
|
|
|
2023-01-11 14:50:10 +01:00
|
|
|
if (ctx->pk_info->debug_func == NULL) {
|
|
|
|
return MBEDTLS_ERR_PK_TYPE_MISMATCH;
|
|
|
|
}
|
2014-04-03 22:09:18 +02:00
|
|
|
|
2023-04-20 09:56:30 +02:00
|
|
|
ctx->pk_info->debug_func((mbedtls_pk_context *) ctx, items);
|
2023-01-11 14:50:10 +01:00
|
|
|
return 0;
|
2013-08-14 18:04:18 +02:00
|
|
|
}
|
2013-08-14 18:26:41 +02:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Access the PK type name
|
|
|
|
*/
|
2023-01-11 14:50:10 +01:00
|
|
|
const char *mbedtls_pk_get_name(const mbedtls_pk_context *ctx)
|
2013-08-14 18:26:41 +02:00
|
|
|
{
|
2023-01-11 14:50:10 +01:00
|
|
|
if (ctx == NULL || ctx->pk_info == NULL) {
|
|
|
|
return "invalid PK";
|
|
|
|
}
|
2013-08-14 18:26:41 +02:00
|
|
|
|
2023-01-11 14:50:10 +01:00
|
|
|
return ctx->pk_info->name;
|
2013-08-14 18:26:41 +02:00
|
|
|
}
|
2013-08-22 13:29:31 +02:00
|
|
|
|
2013-09-11 22:28:30 +02:00
|
|
|
/*
|
|
|
|
* Access the PK type
|
|
|
|
*/
|
2023-01-11 14:50:10 +01:00
|
|
|
mbedtls_pk_type_t mbedtls_pk_get_type(const mbedtls_pk_context *ctx)
|
2013-09-11 22:28:30 +02:00
|
|
|
{
|
2023-01-11 14:50:10 +01:00
|
|
|
if (ctx == NULL || ctx->pk_info == NULL) {
|
|
|
|
return MBEDTLS_PK_NONE;
|
|
|
|
}
|
2013-09-11 22:28:30 +02:00
|
|
|
|
2023-01-11 14:50:10 +01:00
|
|
|
return ctx->pk_info->type;
|
2013-09-11 22:28:30 +02:00
|
|
|
}
|
|
|
|
|
2018-11-19 12:25:37 +01:00
|
|
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
|
|
|
/*
|
|
|
|
* Load the key to a PSA key slot,
|
|
|
|
* then turn the PK context into a wrapper for that key slot.
|
|
|
|
*
|
2022-04-08 15:12:42 +02:00
|
|
|
* Currently only works for EC & RSA private keys.
|
2018-11-19 12:25:37 +01:00
|
|
|
*/
|
2023-01-11 14:50:10 +01:00
|
|
|
int mbedtls_pk_wrap_as_opaque(mbedtls_pk_context *pk,
|
|
|
|
mbedtls_svc_key_id_t *key,
|
|
|
|
psa_algorithm_t alg,
|
|
|
|
psa_key_usage_t usage,
|
|
|
|
psa_algorithm_t alg2)
|
2018-11-19 12:25:37 +01:00
|
|
|
{
|
2023-04-05 18:17:13 +02:00
|
|
|
#if !defined(MBEDTLS_ECP_LIGHT) && !defined(MBEDTLS_RSA_C)
|
2020-08-18 07:05:14 +02:00
|
|
|
((void) pk);
|
2020-08-04 09:51:30 +02:00
|
|
|
((void) key);
|
2022-04-22 13:57:14 +02:00
|
|
|
((void) alg);
|
|
|
|
((void) usage);
|
|
|
|
((void) alg2);
|
2023-04-05 18:17:13 +02:00
|
|
|
#else /* !MBEDTLS_ECP_LIGHT && !MBEDTLS_RSA_C */
|
|
|
|
#if defined(MBEDTLS_ECP_LIGHT)
|
2023-01-11 14:50:10 +01:00
|
|
|
if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECKEY) {
|
2022-03-15 15:00:55 +01:00
|
|
|
size_t d_len;
|
|
|
|
psa_ecc_family_t curve_id;
|
|
|
|
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
|
|
|
psa_key_type_t key_type;
|
|
|
|
size_t bits;
|
2022-03-22 10:29:06 +01:00
|
|
|
psa_status_t status;
|
2018-11-19 12:25:37 +01:00
|
|
|
|
2022-03-15 15:00:55 +01:00
|
|
|
/* export the private key material in the format PSA wants */
|
2023-05-18 18:57:57 +02:00
|
|
|
#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
|
2023-05-24 13:15:58 +02:00
|
|
|
unsigned char d[MBEDTLS_PSA_MAX_EC_KEY_PAIR_LENGTH];
|
2023-05-18 18:57:57 +02:00
|
|
|
status = psa_export_key(pk->priv_id, d, sizeof(d), &d_len);
|
|
|
|
if (status != PSA_SUCCESS) {
|
|
|
|
return psa_pk_status_to_mbedtls(status);
|
|
|
|
}
|
|
|
|
|
|
|
|
curve_id = pk->ec_family;
|
|
|
|
bits = pk->ec_bits;
|
|
|
|
#else /* MBEDTLS_PK_USE_PSA_EC_DATA */
|
2023-05-24 13:15:58 +02:00
|
|
|
unsigned char d[MBEDTLS_ECP_MAX_BYTES];
|
2023-05-18 18:57:57 +02:00
|
|
|
mbedtls_ecp_keypair *ec = mbedtls_pk_ec_rw(*pk);
|
|
|
|
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
|
|
|
|
2023-01-11 14:50:10 +01:00
|
|
|
d_len = PSA_BITS_TO_BYTES(ec->grp.nbits);
|
2023-05-03 18:25:27 +02:00
|
|
|
if ((ret = mbedtls_ecp_write_key(ec, d, d_len)) != 0) {
|
2023-01-11 14:50:10 +01:00
|
|
|
return ret;
|
|
|
|
}
|
2018-11-19 12:25:37 +01:00
|
|
|
|
2023-01-11 14:50:10 +01:00
|
|
|
curve_id = mbedtls_ecc_group_to_psa(ec->grp.id, &bits);
|
2023-05-18 18:57:57 +02:00
|
|
|
#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
|
2023-01-11 14:50:10 +01:00
|
|
|
key_type = PSA_KEY_TYPE_ECC_KEY_PAIR(curve_id);
|
2018-11-19 12:25:37 +01:00
|
|
|
|
2022-03-15 15:00:55 +01:00
|
|
|
/* prepare the key attributes */
|
2023-01-11 14:50:10 +01:00
|
|
|
psa_set_key_type(&attributes, key_type);
|
|
|
|
psa_set_key_bits(&attributes, bits);
|
|
|
|
psa_set_key_usage_flags(&attributes, usage);
|
|
|
|
psa_set_key_algorithm(&attributes, alg);
|
|
|
|
if (alg2 != PSA_ALG_NONE) {
|
|
|
|
psa_set_key_enrollment_algorithm(&attributes, alg2);
|
|
|
|
}
|
2018-11-19 12:25:37 +01:00
|
|
|
|
2022-03-15 15:00:55 +01:00
|
|
|
/* import private key into PSA */
|
2023-01-11 14:50:10 +01:00
|
|
|
status = psa_import_key(&attributes, d, d_len, key);
|
2023-04-27 10:05:03 +02:00
|
|
|
mbedtls_platform_zeroize(d, sizeof(d));
|
2023-01-11 14:50:10 +01:00
|
|
|
if (status != PSA_SUCCESS) {
|
2022-12-23 17:00:06 +01:00
|
|
|
return PSA_PK_TO_MBEDTLS_ERR(status);
|
2023-01-11 14:50:10 +01:00
|
|
|
}
|
2018-11-19 12:25:37 +01:00
|
|
|
|
2022-03-15 15:00:55 +01:00
|
|
|
/* make PK context wrap the key slot */
|
2023-01-11 14:50:10 +01:00
|
|
|
mbedtls_pk_free(pk);
|
|
|
|
mbedtls_pk_init(pk);
|
2018-11-19 12:25:37 +01:00
|
|
|
|
2023-01-11 14:50:10 +01:00
|
|
|
return mbedtls_pk_setup_opaque(pk, *key);
|
|
|
|
} else
|
2023-04-05 18:17:13 +02:00
|
|
|
#endif /* MBEDTLS_ECP_LIGHT */
|
2022-03-15 15:00:55 +01:00
|
|
|
#if defined(MBEDTLS_RSA_C)
|
2023-01-11 14:50:10 +01:00
|
|
|
if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_RSA) {
|
2022-03-15 15:00:55 +01:00
|
|
|
unsigned char buf[MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES];
|
|
|
|
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
|
|
|
int key_len;
|
|
|
|
psa_status_t status;
|
|
|
|
|
|
|
|
/* export the private key material in the format PSA wants */
|
2023-01-11 14:50:10 +01:00
|
|
|
key_len = mbedtls_pk_write_key_der(pk, buf, sizeof(buf));
|
|
|
|
if (key_len <= 0) {
|
|
|
|
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
|
|
|
|
}
|
2022-03-15 15:00:55 +01:00
|
|
|
|
|
|
|
/* prepare the key attributes */
|
2023-01-11 14:50:10 +01:00
|
|
|
psa_set_key_type(&attributes, PSA_KEY_TYPE_RSA_KEY_PAIR);
|
|
|
|
psa_set_key_bits(&attributes, mbedtls_pk_get_bitlen(pk));
|
|
|
|
psa_set_key_usage_flags(&attributes, usage);
|
|
|
|
psa_set_key_algorithm(&attributes, alg);
|
|
|
|
if (alg2 != PSA_ALG_NONE) {
|
|
|
|
psa_set_key_enrollment_algorithm(&attributes, alg2);
|
|
|
|
}
|
2022-03-15 15:00:55 +01:00
|
|
|
|
|
|
|
/* import private key into PSA */
|
2023-01-11 14:50:10 +01:00
|
|
|
status = psa_import_key(&attributes,
|
|
|
|
buf + sizeof(buf) - key_len,
|
|
|
|
key_len, key);
|
2022-03-15 15:00:55 +01:00
|
|
|
|
2023-01-11 14:50:10 +01:00
|
|
|
mbedtls_platform_zeroize(buf, sizeof(buf));
|
2022-03-15 15:00:55 +01:00
|
|
|
|
2023-01-11 14:50:10 +01:00
|
|
|
if (status != PSA_SUCCESS) {
|
2022-12-23 17:00:06 +01:00
|
|
|
return PSA_PK_TO_MBEDTLS_ERR(status);
|
2023-01-11 14:50:10 +01:00
|
|
|
}
|
2022-03-15 15:00:55 +01:00
|
|
|
|
|
|
|
/* make PK context wrap the key slot */
|
2023-01-11 14:50:10 +01:00
|
|
|
mbedtls_pk_free(pk);
|
|
|
|
mbedtls_pk_init(pk);
|
2022-03-15 15:00:55 +01:00
|
|
|
|
2023-01-11 14:50:10 +01:00
|
|
|
return mbedtls_pk_setup_opaque(pk, *key);
|
|
|
|
} else
|
2022-03-15 15:00:55 +01:00
|
|
|
#endif /* MBEDTLS_RSA_C */
|
2023-04-05 18:17:13 +02:00
|
|
|
#endif /* !MBEDTLS_ECP_LIGHT && !MBEDTLS_RSA_C */
|
2023-01-11 14:50:10 +01:00
|
|
|
return MBEDTLS_ERR_PK_TYPE_MISMATCH;
|
2018-11-19 12:25:37 +01:00
|
|
|
}
|
|
|
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
2015-04-08 12:49:31 +02:00
|
|
|
#endif /* MBEDTLS_PK_C */
|