yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge pull request #8579 from valeriosetti/issue7995

Browse source 
PK: clean up pkwrite
This commit is contained in:
Manuel Pégourié-Gonnard 2023-12-20 08:20:10 +00:00 committed by GitHub
commit a4b38f24fd
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 486 additions and 577 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
library/pk_internal.h
View file

@ -21,6 +21,20 @@
#include "psa/crypto.h" #include "psa/crypto.h"
#endif #endif
/* Headers/footers for PEM files */
#define PEM_BEGIN_PUBLIC_KEY "-----BEGIN PUBLIC KEY-----"
#define PEM_END_PUBLIC_KEY "-----END PUBLIC KEY-----"
#define PEM_BEGIN_PRIVATE_KEY_RSA "-----BEGIN RSA PRIVATE KEY-----"
#define PEM_END_PRIVATE_KEY_RSA "-----END RSA PRIVATE KEY-----"
#define PEM_BEGIN_PUBLIC_KEY_RSA "-----BEGIN RSA PUBLIC KEY-----"
#define PEM_END_PUBLIC_KEY_RSA "-----END RSA PUBLIC KEY-----"
#define PEM_BEGIN_PRIVATE_KEY_EC "-----BEGIN EC PRIVATE KEY-----"
#define PEM_END_PRIVATE_KEY_EC "-----END EC PRIVATE KEY-----"
#define PEM_BEGIN_PRIVATE_KEY_PKCS8 "-----BEGIN PRIVATE KEY-----"
#define PEM_END_PRIVATE_KEY_PKCS8 "-----END PRIVATE KEY-----"
#define PEM_BEGIN_ENCRYPTED_PRIVATE_KEY_PKCS8 "-----BEGIN ENCRYPTED PRIVATE KEY-----"
#define PEM_END_ENCRYPTED_PRIVATE_KEY_PKCS8 "-----END ENCRYPTED PRIVATE KEY-----"
#if defined(MBEDTLS_PSA_CRYPTO_C) #if defined(MBEDTLS_PSA_CRYPTO_C)
#include "psa_util_internal.h" #include "psa_util_internal.h"
#define PSA_PK_TO_MBEDTLS_ERR(status) psa_pk_status_to_mbedtls(status) #define PSA_PK_TO_MBEDTLS_ERR(status) psa_pk_status_to_mbedtls(status)
@ -71,7 +85,7 @@ static inline mbedtls_ecp_keypair *mbedtls_pk_ec_rw(const mbedtls_pk_context pk)
#endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */ #endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) #if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
static inline mbedtls_ecp_group_id mbedtls_pk_get_group_id(const mbedtls_pk_context *pk) static inline mbedtls_ecp_group_id mbedtls_pk_get_ec_group_id(const mbedtls_pk_context *pk)
{ {
mbedtls_ecp_group_id id; mbedtls_ecp_group_id id;
@ -105,6 +119,16 @@ static inline mbedtls_ecp_group_id mbedtls_pk_get_group_id(const mbedtls_pk_cont
#if defined(MBEDTLS_ECP_HAVE_CURVE25519) || defined(MBEDTLS_ECP_HAVE_CURVE448) #if defined(MBEDTLS_ECP_HAVE_CURVE25519) || defined(MBEDTLS_ECP_HAVE_CURVE448)
#define MBEDTLS_PK_HAVE_RFC8410_CURVES #define MBEDTLS_PK_HAVE_RFC8410_CURVES
#endif /* MBEDTLS_ECP_HAVE_CURVE25519 || MBEDTLS_ECP_DP_CURVE448 */ #endif /* MBEDTLS_ECP_HAVE_CURVE25519 || MBEDTLS_ECP_DP_CURVE448 */
#define MBEDTLS_PK_IS_RFC8410_GROUP_ID(id) \
((id == MBEDTLS_ECP_DP_CURVE25519) || (id == MBEDTLS_ECP_DP_CURVE448))
static inline int mbedtls_pk_is_rfc8410(const mbedtls_pk_context *pk)
{
mbedtls_ecp_group_id id = mbedtls_pk_get_ec_group_id(pk);
return MBEDTLS_PK_IS_RFC8410_GROUP_ID(id);
}
#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
/* Helper for (deterministic) ECDSA */ /* Helper for (deterministic) ECDSA */

28
library/pkparse.c
View file

@ -15,6 +15,7 @@
#include "mbedtls/platform_util.h" #include "mbedtls/platform_util.h"
#include "mbedtls/platform.h" #include "mbedtls/platform.h"
#include "mbedtls/error.h" #include "mbedtls/error.h"
#include "pk_internal.h"
#include <string.h> #include <string.h>
@ -29,7 +30,6 @@
#endif #endif
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) #if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
#include "mbedtls/ecp.h" #include "mbedtls/ecp.h"
#include "pk_internal.h"
#endif #endif
/* Extended formats */ /* Extended formats */
@ -868,12 +868,6 @@ static int pk_get_pk_alg(unsigned char **p,
return 0; return 0;
} }
/* Helper for Montgomery curves */
#if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES)
#define MBEDTLS_PK_IS_RFC8410_GROUP_ID(id) \
((id == MBEDTLS_ECP_DP_CURVE25519) || (id == MBEDTLS_ECP_DP_CURVE448))
#endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */
/* /*
* SubjectPublicKeyInfo ::= SEQUENCE { * SubjectPublicKeyInfo ::= SEQUENCE {
* algorithm AlgorithmIdentifier, * algorithm AlgorithmIdentifier,
@ -1539,8 +1533,7 @@ int mbedtls_pk_parse_key(mbedtls_pk_context *pk,
ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
} else { } else {
ret = mbedtls_pem_read_buffer(&pem, ret = mbedtls_pem_read_buffer(&pem,
"-----BEGIN RSA PRIVATE KEY-----", PEM_BEGIN_PRIVATE_KEY_RSA, PEM_END_PRIVATE_KEY_RSA,
"-----END RSA PRIVATE KEY-----",
key, pwd, pwdlen, &len); key, pwd, pwdlen, &len);
} }
@ -1569,8 +1562,8 @@ int mbedtls_pk_parse_key(mbedtls_pk_context *pk,
ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
} else { } else {
ret = mbedtls_pem_read_buffer(&pem, ret = mbedtls_pem_read_buffer(&pem,
"-----BEGIN EC PRIVATE KEY-----", PEM_BEGIN_PRIVATE_KEY_EC,
"-----END EC PRIVATE KEY-----", PEM_END_PRIVATE_KEY_EC,
key, pwd, pwdlen, &len); key, pwd, pwdlen, &len);
} }
if (ret == 0) { if (ret == 0) {
@ -1599,8 +1592,7 @@ int mbedtls_pk_parse_key(mbedtls_pk_context *pk,
ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
} else { } else {
ret = mbedtls_pem_read_buffer(&pem, ret = mbedtls_pem_read_buffer(&pem,
"-----BEGIN PRIVATE KEY-----", PEM_BEGIN_PRIVATE_KEY_PKCS8, PEM_END_PRIVATE_KEY_PKCS8,
"-----END PRIVATE KEY-----",
key, NULL, 0, &len); key, NULL, 0, &len);
} }
if (ret == 0) { if (ret == 0) {
@ -1621,8 +1613,8 @@ int mbedtls_pk_parse_key(mbedtls_pk_context *pk,
ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
} else { } else {
ret = mbedtls_pem_read_buffer(&pem, ret = mbedtls_pem_read_buffer(&pem,
"-----BEGIN ENCRYPTED PRIVATE KEY-----", PEM_BEGIN_ENCRYPTED_PRIVATE_KEY_PKCS8,
"-----END ENCRYPTED PRIVATE KEY-----", PEM_END_ENCRYPTED_PRIVATE_KEY_PKCS8,
key, NULL, 0, &len); key, NULL, 0, &len);
} }
if (ret == 0) { if (ret == 0) {
@ -1748,8 +1740,7 @@ int mbedtls_pk_parse_public_key(mbedtls_pk_context *ctx,
ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
} else { } else {
ret = mbedtls_pem_read_buffer(&pem, ret = mbedtls_pem_read_buffer(&pem,
"-----BEGIN RSA PUBLIC KEY-----", PEM_BEGIN_PUBLIC_KEY_RSA, PEM_END_PUBLIC_KEY_RSA,
"-----END RSA PUBLIC KEY-----",
key, NULL, 0, &len); key, NULL, 0, &len);
} }
@ -1782,8 +1773,7 @@ int mbedtls_pk_parse_public_key(mbedtls_pk_context *ctx,
ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
} else { } else {
ret = mbedtls_pem_read_buffer(&pem, ret = mbedtls_pem_read_buffer(&pem,
"-----BEGIN PUBLIC KEY-----", PEM_BEGIN_PUBLIC_KEY, PEM_END_PUBLIC_KEY,
"-----END PUBLIC KEY-----",
key, NULL, 0, &len); key, NULL, 0, &len);
} }

999
library/pkwrite.c
View file

File diff suppressed because it is too large Load diff

2
library/ssl_tls.c
View file

@ -7419,7 +7419,7 @@ static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl,
/* and in the unlikely case the above assumption no longer holds /* and in the unlikely case the above assumption no longer holds
* we are making sure that pk_ec() here does not return a NULL * we are making sure that pk_ec() here does not return a NULL
*/ */
mbedtls_ecp_group_id grp_id = mbedtls_pk_get_group_id(pk); mbedtls_ecp_group_id grp_id = mbedtls_pk_get_ec_group_id(pk);
if (grp_id == MBEDTLS_ECP_DP_NONE) { if (grp_id == MBEDTLS_ECP_DP_NONE) {
MBEDTLS_SSL_DEBUG_MSG(1, ("invalid group ID")); MBEDTLS_SSL_DEBUG_MSG(1, ("invalid group ID"));
return MBEDTLS_ERR_SSL_INTERNAL_ERROR; return MBEDTLS_ERR_SSL_INTERNAL_ERROR;

2
library/ssl_tls12_client.c
View file

@ -2012,7 +2012,7 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl)
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
uint16_t tls_id = 0; uint16_t tls_id = 0;
psa_key_type_t key_type = PSA_KEY_TYPE_NONE; psa_key_type_t key_type = PSA_KEY_TYPE_NONE;
mbedtls_ecp_group_id grp_id = mbedtls_pk_get_group_id(peer_pk); mbedtls_ecp_group_id grp_id = mbedtls_pk_get_ec_group_id(peer_pk);
if (mbedtls_ssl_check_curve(ssl, grp_id) != 0) { if (mbedtls_ssl_check_curve(ssl, grp_id) != 0) {
MBEDTLS_SSL_DEBUG_MSG(1, ("bad server certificate (ECDH curve)")); MBEDTLS_SSL_DEBUG_MSG(1, ("bad server certificate (ECDH curve)"));

4
library/ssl_tls12_server.c
View file

@ -664,7 +664,7 @@ static int ssl_check_key_curve(mbedtls_pk_context *pk,
uint16_t *curves_tls_id) uint16_t *curves_tls_id)
{ {
uint16_t *curr_tls_id = curves_tls_id; uint16_t *curr_tls_id = curves_tls_id;
mbedtls_ecp_group_id grp_id = mbedtls_pk_get_group_id(pk); mbedtls_ecp_group_id grp_id = mbedtls_pk_get_ec_group_id(pk);
mbedtls_ecp_group_id curr_grp_id; mbedtls_ecp_group_id curr_grp_id;
while (*curr_tls_id != 0) { while (*curr_tls_id != 0) {
@ -2678,7 +2678,7 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl)
case MBEDTLS_PK_ECKEY_DH: case MBEDTLS_PK_ECKEY_DH:
case MBEDTLS_PK_ECDSA: case MBEDTLS_PK_ECDSA:
key = mbedtls_pk_ec_rw(*pk); key = mbedtls_pk_ec_rw(*pk);
grp_id = mbedtls_pk_get_group_id(pk); grp_id = mbedtls_pk_get_ec_group_id(pk);
if (grp_id == MBEDTLS_ECP_DP_NONE) { if (grp_id == MBEDTLS_ECP_DP_NONE) {
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
} }

2
library/x509_crt.c
View file

@ -222,7 +222,7 @@ static int x509_profile_check_key(const mbedtls_x509_crt_profile *profile,
if (pk_alg == MBEDTLS_PK_ECDSA || if (pk_alg == MBEDTLS_PK_ECDSA ||
pk_alg == MBEDTLS_PK_ECKEY || pk_alg == MBEDTLS_PK_ECKEY ||
pk_alg == MBEDTLS_PK_ECKEY_DH) { pk_alg == MBEDTLS_PK_ECKEY_DH) {
const mbedtls_ecp_group_id gid = mbedtls_pk_get_group_id(pk); const mbedtls_ecp_group_id gid = mbedtls_pk_get_ec_group_id(pk);
if (gid == MBEDTLS_ECP_DP_NONE) { if (gid == MBEDTLS_ECP_DP_NONE) {
return -1; return -1;