yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-11-04 10:04:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge opaque-keys-interfaces into develop

Browse source
This commit is contained in:
Andrzej Kurek 2018-02-08 09:03:21 -05:00
parent 32605dc830 21e449db2f
commit 49241637e8
21 changed files with 1419 additions and 236 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
.gitignore vendored
View file

@ -23,3 +23,15 @@ massif-*
# CMake generates *.dir/ folders for in-tree builds (used by MSVC projects), ignore all of those:
*.dir/
# Generated documentation
/apidoc
# Common developer files
/GPATH
/GSYMS
/GRTAGS
/GTAGS
/TAGS
/tags
.gdbinit

62
include/mbedtls/ecdsa.h
View file

@ -51,9 +51,40 @@
#if MBEDTLS_ECP_MAX_BYTES > 124
#error "MBEDTLS_ECP_MAX_BYTES bigger than expected, please fix MBEDTLS_ECDSA_MAX_LEN"
#endif
/** The maximal size of an ECDSA signature in Bytes. */
#define MBEDTLS_ECDSA_MAX_LEN ( 3 + 2 * ( 3 + MBEDTLS_ECP_MAX_BYTES ) )
/**
* \brief Maximum ECDSA signature size for a given curve bit size
*
* \param bits Curve size in bits
* \return Maximum signature size in bytes
*
* \note This macro returns a compile-time constant if its argument
* is one. It may evaluate its argument multiple times; if
* this is a problem, call the function
* mbedtls_ecdsa_max_sig_len instead.
*/
#define MBEDTLS_ECDSA_MAX_SIG_LEN( bits ) \
( /*T,L of SEQUENCE*/ ( ( bits ) >= 61 * 8 ? 3 : 2 ) + \
/*T,L of r,s*/ 2 * ( ( ( bits ) >= 127 * 8 ? 3 : 2 ) + \
/*V of r,s*/ ( ( bits ) + 8 ) / 8 ) )
/**
* \brief Maximum ECDSA signature size for a given curve bit size
*
* \param bits Curve size in bits
* \return Maximum signature size in bytes
*
* \note If you need a compile-time constant, call the macro
* MBEDTLS_ECDSA_MAX_SIG_LEN instead.
*/
static inline size_t mbedtls_ecdsa_max_sig_len( size_t bits )
{
return( MBEDTLS_ECDSA_MAX_SIG_LEN( bits ) );
}
/** The maximal size of an ECDSA signature in Bytes. */
#define MBEDTLS_ECDSA_MAX_LEN (MBEDTLS_ECDSA_MAX_SIG_LEN( \
8 * MBEDTLS_ECP_MAX_BYTES ) )
/**
* \brief The ECDSA context structure.
*/
@ -255,6 +286,33 @@ int mbedtls_ecdsa_write_signature_det( mbedtls_ecdsa_context *ctx,
#endif /* MBEDTLS_DEPRECATED_REMOVED */
#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
/**
* \brief Convert a signature from numbers to ASN.1
*
* \param r First number of the signature
* \param s Second number of the signature
* \param sig Buffer that will hold the signature
* \param slen Length of the signature written
* \param ssize Size of the sig buffer
*
* \note The size of the buffer \c ssize should be at least
* `MBEDTLS_ECDSA_MAX_SIG_LEN(grp->pbits)` bytes long if
* the signature was produced from curve \c grp,
* otherwise this function will return an error.
* The output ASN.1 SEQUENCE format is as follows:
* Ecdsa-Sig-Value ::= SEQUENCE {
* r INTEGER,
* s INTEGER
* }
*
* \return 0 if successful,
* or a MBEDTLS_ERR_MPI_XXX or MBEDTLS_ERR_ASN1_XXX error code
*
*/
int mbedtls_ecdsa_signature_to_asn1( const mbedtls_mpi *r, const mbedtls_mpi *s,
unsigned char *sig, size_t *slen,
size_t ssize );
/**
* \brief This function reads and verifies an ECDSA signature.
*

52
include/mbedtls/ecp.h
View file

@ -503,6 +503,58 @@ int mbedtls_ecp_tls_read_group( mbedtls_ecp_group *grp, const unsigned char **bu
int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp, size_t *olen,
unsigned char *buf, size_t blen );
#if defined(MBEDTLS_ASN1_WRITE_C) && defined(MBEDTLS_OID_C)
/**
* \brief Maximum size of the output of mbedtls_ecp_ansi_write_group
*
* \note The maximum size of the OID of a supported group + 2 for
* tag and length. Maximum size 30 is based on the length of
* the OID for primeCurves 10-38 over GF(p) defined by the
* CDC Group, as they seem to have the longest OID out of
* curves in use.
*/
#define MBEDTLS_ECP_GRP_OID_MAX_SIZE ( 30 + 2 )
/**
* \brief Write the ANSI X9.62/RFC5480 OID ECParameters of a group
*
* The output is the group's OID wrapped as ASN.1.
*
* \param grp ECP group used
* \param buf Buffer to write to
* \param size Buffer size
* \param olen Number of bytes written to \c buf
* \return 0 on success
* or \c MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL
* or \c MBEDTLS_ERR_OID_NOT_FOUND
*/
int mbedtls_ecp_ansi_write_group( const mbedtls_ecp_group *grp,
unsigned char *p, size_t size,
size_t *olen );
/**
* \brief Export a point in ANSI X9.62/RFC5480 ECPoint
*
* The output is the point wrapped as an ASN.1 octet string
* as defined in X9.62 and RFC 5480.
*
* \param ec ECP public key or key pair
* \param format Point format, should be a MBEDTLS_ECP_PF_XXX macro
* \param p Buffer to write to
* \param size Buffer size
* \param olen Number of bytes written to \c buf
*
* \return 0 on success
* or \c MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL
* or \c MBEDTLS_ERR_ECP_BAD_INPUT_DATA
* or \c MBEDTLS_ERR_ASN1_BUF_TOO_SMALL
*/
int mbedtls_ecp_ansi_write_point( const mbedtls_ecp_keypair *ec,
int format,
unsigned char *p,
size_t size, size_t *olen );
#endif /* defined(MBEDTLS_ASN1_WRITE_C) && defined(MBEDTLS_OID_C) */
/**
* \brief Multiplication by an integer: R = m * P
* (Not thread-safe to use same group in multiple threads)

2
include/mbedtls/error.h
View file

@ -84,7 +84,7 @@
* X509 2 20
* PKCS5 2 4 (Started from top)
* DHM 3 11
* PK 3 15 (Started from top)
* PK 3 18 (Started from top)
* RSA 4 11
* ECP 4 9 (Started from top)
* MD 5 5

2
include/mbedtls/oid.h
View file

@ -283,6 +283,8 @@
/*
* ECParameters namedCurve identifiers, from RFC 5480, RFC 5639, and SEC2
* When adding new OID's, please update \c MBEDTLS_ECP_GRP_OID_MAX_SIZE
* in ecp.h
*/
/* secp192r1 OBJECT IDENTIFIER ::= {

251
include/mbedtls/pk.h
View file

@ -1,10 +1,9 @@
/**
* \file pk.h
*
* \brief Public Key abstraction layer
*/
/*
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
* \brief Public Key cryptography abstraction layer
*
* Copyright (C) 2006-2018, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
@ -50,6 +49,9 @@
#define inline __inline
#endif
/** \name Error codes */
/**@{*/
#define MBEDTLS_ERR_PK_ALLOC_FAILED -0x3F80 /**< Memory allocation failed. */
#define MBEDTLS_ERR_PK_TYPE_MISMATCH -0x3F00 /**< Type mismatch, eg attempt to encrypt with an ECDSA key */
#define MBEDTLS_ERR_PK_BAD_INPUT_DATA -0x3E80 /**< Bad input parameters to function. */
@ -65,22 +67,34 @@
#define MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE -0x3980 /**< Unavailable feature, e.g. RSA disabled for RSA key. */
#define MBEDTLS_ERR_PK_SIG_LEN_MISMATCH -0x3900 /**< The signature is valid but its length is less than expected. */
#define MBEDTLS_ERR_PK_HW_ACCEL_FAILED -0x3880 /**< PK hardware accelerator failed. */
#define MBEDTLS_ERR_PK_INVALID_SIGNATURE -0x3800 /**< Invalid signature */
#define MBEDTLS_ERR_PK_BUFFER_TOO_SMALL -0x3780 /**< Output buffer too small */
#define MBEDTLS_ERR_PK_NOT_PERMITTED -0x3700 /**< Operation not permitted */
/**@}*/
#ifdef __cplusplus
extern "C" {
#endif
/** \name Asymmetric cryptography operation contexts */
/**@{*/
/**
* \brief Public key types
*/
* \brief Asymmetric operation context types
*
* \note An opaque key may be an RSA or ECC key or a key of an
* unrecognized type. Call \c mbedtls_pk_can_do() to check
* whether a key is of a recognized type. */
typedef enum {
MBEDTLS_PK_NONE=0,
MBEDTLS_PK_RSA,
MBEDTLS_PK_ECKEY,
MBEDTLS_PK_ECKEY_DH,
MBEDTLS_PK_ECDSA,
MBEDTLS_PK_RSA_ALT,
MBEDTLS_PK_RSASSA_PSS,
MBEDTLS_PK_NONE=0, /**< Unused context object */
MBEDTLS_PK_RSA, /**< RSA key pair (normal software implementation) with PKCS#1 v1.5 or PSS context */
MBEDTLS_PK_ECKEY, /**< ECC key pair with ECDSA context */
MBEDTLS_PK_ECKEY_DH, /**< ECC key pair with ECDH context */
MBEDTLS_PK_ECDSA, /**< ECC key pair with ECDSA context */
MBEDTLS_PK_RSA_ALT, /**< RSA (alternative implementation) */
MBEDTLS_PK_RSASSA_PSS, /**< RSA key pair; same context as MBEDTLS_PK_RSA, but used to represent keys with the algorithm identifier id-RSASSA-PSS */
MBEDTLS_PK_OPAQUE, /**< Opaque key pair (cryptographic material held in an external module).*/
} mbedtls_pk_type_t;
/**
@ -118,29 +132,88 @@ typedef struct
#define MBEDTLS_PK_DEBUG_MAX_ITEMS 3
/**
* \brief Public key information and operations
* \brief Key pair information and operations
*/
typedef struct mbedtls_pk_info_t mbedtls_pk_info_t;
/**
* \brief Public key container
* \brief Key pair container
*/
typedef struct
{
const mbedtls_pk_info_t * pk_info; /**< Public key informations */
void * pk_ctx; /**< Underlying public key context */
const mbedtls_pk_info_t * pk_info; /**< Algorithm information */
void * pk_ctx; /**< Underlying key pair context */
} mbedtls_pk_context;
/**
* \brief Access the type name
*
* \param ctx Context to use
*
* \return Type name on success, or "invalid PK"
*/
const char * mbedtls_pk_get_name( const mbedtls_pk_context *ctx );
/**
* \brief Get the key type
*
* \param ctx Context to use
*
* \return Type on success, or MBEDTLS_PK_NONE
*
* \note This function returns the type of the key pair object. The
* type encodes the representation of the object as well as
* the operations that it can be used for. To test whether
* the object represents a key of a recognized type such
* as RSA or ECDSA, call \c mbedtls_pk_can_do().
*/
mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx );
/**
* \brief Get the representation type associated with a given type
*
* \param type Any key type
* \return A canonical representative among the types with the
* same key representation. This is \c MBEDTLS_PK_RSA
* for RSA keys using the built-in software engine and
* MBEDTLS_PK_ECKEY for EC keys using the built-in
* software engine. Note that for keys of type
* \c MBEDTLS_PK_OPAQUE, the type does not specify the
* representation.
*/
static inline mbedtls_pk_type_t mbedtls_pk_representation_type( mbedtls_pk_type_t type )
{
switch( type )
{
case MBEDTLS_PK_RSA:
case MBEDTLS_PK_RSASSA_PSS:
return( MBEDTLS_PK_RSA );
case MBEDTLS_PK_ECKEY:
case MBEDTLS_PK_ECKEY_DH:
case MBEDTLS_PK_ECDSA:
return( MBEDTLS_PK_ECKEY );
default:
return( type );
}
}
#if defined(MBEDTLS_RSA_C)
/**
* Quick access to an RSA context inside a PK context.
*
* \warning You must make sure the PK context actually holds an RSA context
* before using this function!
* \warning You must either make sure the PK context actually holds a
* transparent RSA context by checking
* \c mbedtls_pk_representation_type( mbedtls_pk_get_type( &pk ) ) before using
* this function, or check that the return value is not NULL before using it.
*/
static inline mbedtls_rsa_context *mbedtls_pk_rsa( const mbedtls_pk_context pk )
{
return( (mbedtls_rsa_context *) (pk).pk_ctx );
mbedtls_pk_type_t type =
mbedtls_pk_representation_type( mbedtls_pk_get_type( &pk ) );
if( type == MBEDTLS_PK_RSA )
return( (mbedtls_rsa_context *)( pk.pk_ctx ) );
else
return( NULL );
}
#endif /* MBEDTLS_RSA_C */
@ -148,12 +221,19 @@ static inline mbedtls_rsa_context *mbedtls_pk_rsa( const mbedtls_pk_context pk )
/**
* Quick access to an EC context inside a PK context.
*
* \warning You must make sure the PK context actually holds an EC context
* before using this function!
* \warning You must either make sure the PK context actually holds a
* transparent RSA context by checking
* \c mbedtls_pk_representation_type( mbedtls_pk_get_type( &pk ) ) before using
* this function, or check that the return value is not NULL before using it.
*/
static inline mbedtls_ecp_keypair *mbedtls_pk_ec( const mbedtls_pk_context pk )
{
return( (mbedtls_ecp_keypair *) (pk).pk_ctx );
mbedtls_pk_type_t type =
mbedtls_pk_representation_type( mbedtls_pk_get_type( &pk ) );
if( type == MBEDTLS_PK_ECKEY )
return( (mbedtls_ecp_keypair *)( pk.pk_ctx ) );
else
return( NULL );
}
#endif /* MBEDTLS_ECP_C */
@ -172,10 +252,17 @@ typedef size_t (*mbedtls_pk_rsa_alt_key_len_func)( void *ctx );
#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
/**
* \brief Return information associated with the given PK type
* \brief Return default information associated with the given PK type
*
* \param pk_type PK type to search for.
*
* \note Different PK objects with the same type may have different
* information. This function returns the information needed
* to create a object with the default implementation
* for the given PK operation type (rsa module for an RSA
* context, ecdh module for an ECDH context, ecdsa module for
* an ECDSA context).
*
* \return The PK info associated with the type or NULL if not found.
*/
const mbedtls_pk_info_t *mbedtls_pk_info_from_type( mbedtls_pk_type_t pk_type );
@ -201,7 +288,17 @@ void mbedtls_pk_free( mbedtls_pk_context *ctx );
* MBEDTLS_ERR_PK_BAD_INPUT_DATA on invalid input,
* MBEDTLS_ERR_PK_ALLOC_FAILED on allocation failure.
*
* \note For contexts holding an RSA-alt key, use
* \note Engines that implement opaque keys may offer an
* alternative setup function that take engine-dependent
* parameters. If such a function exists, call it
* instead of mbedtls_pk_setup. A standard way of providing
* such function is by first calling the generic
* mbedtls_pk_setup function (in particular taking care of
* context allocation through ctx_alloc) and afterwards
* proceeding to initialize the implementation-specific
* context structure.
*
* \note For contexts holding an RSA-alt key pair, use
* \c mbedtls_pk_setup_rsa_alt() instead.
*/
int mbedtls_pk_setup( mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info );
@ -211,7 +308,7 @@ int mbedtls_pk_setup( mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info );
* \brief Initialize an RSA-alt context
*
* \param ctx Context to initialize. Must be empty (type NONE).
* \param key RSA key pointer
* \param key RSA key pair pointer
* \param decrypt_func Decryption function
* \param sign_func Signing function
* \param key_len_func Function returning key length in bytes
@ -240,6 +337,11 @@ size_t mbedtls_pk_get_bitlen( const mbedtls_pk_context *ctx );
* \brief Get the length in bytes of the underlying key
* \param ctx Context to use
*
* \note This returns the minimum number of bytes required to
* store the part of the key that defines its size (modulus
* for RSA, coordinate for ECC). The way the key is stored
* in the context may have a different size.
*
* \return Key length in bytes, or 0 on error
*/
static inline size_t mbedtls_pk_get_len( const mbedtls_pk_context *ctx )
@ -248,13 +350,24 @@ static inline size_t mbedtls_pk_get_len( const mbedtls_pk_context *ctx )
}
/**
* \brief Tell if a context can do the operation given by type
* \brief Tell if a context can do the operations given by type
*
* \note This function can be used to identify the type of key
* (e.g. RSA vs ECC), and a superset of permitted
* operations. It is possible that this function returns
* true but some operations are not allowed. For example
* this function always returns true if ctx is an RSA
* context and type is MBEDTLS_PK_RSA, but the key may
* be restricted to any subset of operations among signature,
* verification, encryption and decryption. To determine
* which operations a key allow, attempt the operation and
* check the return status.
*
* \param ctx Context to test
* \param type Target type
*
* \return 0 if context can't do the operations,
* 1 otherwise.
* \return 1 if context can do the operations,
* 0 otherwise.
*/
int mbedtls_pk_can_do( const mbedtls_pk_context *ctx, mbedtls_pk_type_t type );
@ -271,7 +384,7 @@ int mbedtls_pk_can_do( const mbedtls_pk_context *ctx, mbedtls_pk_type_t type );
* \return 0 on success (signature is valid),
* MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if the signature is
* valid but its actual length is less than sig_len,
* or a specific error code.
* or a type-specific error code.
*
* \note For RSA keys, the default padding type is PKCS#1 v1.5.
* Use \c mbedtls_pk_verify_ext( MBEDTLS_PK_RSASSA_PSS, ... )
@ -304,7 +417,7 @@ int mbedtls_pk_verify( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
* used for this type of signatures,
* MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if the signature is
* valid but its actual length is less than sig_len,
* or a specific error code.
* or a type-specific error code.
*
* \note If hash_len is 0, then the length associated with md_alg
* is used instead, or an error returned if it is invalid.
@ -328,11 +441,18 @@ int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options,
* \param hash Hash of the message to sign
* \param hash_len Hash length or 0 (see notes)
* \param sig Place to write the signature
* \param sig_len Number of bytes written
* \param sig_len Actual length in bytes of the created signature
* \param f_rng RNG function
* \param p_rng RNG parameter
*
* \return 0 on success, or a specific error code.
* \return 0 on success, or a type-specific error code.
*
* \note The signature buffer \c sig must be of appropriate size
* which can be calculated with
* \c mbedtls_pk_get_signature_size.
* Depending on the algorithm, the value returned in
* \c sig_len may be less or equal to the value returned by
* \c mbedtls_pk_get_signature_size.
*
* \note For RSA keys, the default padding type is PKCS#1 v1.5.
* There is no interface in the PK module to make RSASSA-PSS
@ -349,6 +469,15 @@ int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
unsigned char *sig, size_t *sig_len,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
/**
* \brief Calculate the size of a signature made with this key.
*
* \param ctx PK context to use
*
* \return Maximum size in bytes of a signature made with this key.
*/
size_t mbedtls_pk_get_signature_size( const mbedtls_pk_context *ctx );
/**
* \brief Decrypt message (including padding if relevant).
*
@ -363,7 +492,7 @@ int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
*
* \note For RSA keys, the default padding type is PKCS#1 v1.5.
*
* \return 0 on success, or a specific error code.
* \return 0 on success, or a type-specific error code.
*/
int mbedtls_pk_decrypt( mbedtls_pk_context *ctx,
const unsigned char *input, size_t ilen,
@ -384,7 +513,7 @@ int mbedtls_pk_decrypt( mbedtls_pk_context *ctx,
*
* \note For RSA keys, the default padding type is PKCS#1 v1.5.
*
* \return 0 on success, or a specific error code.
* \return 0 on success, or a type-specific error code.
*/
int mbedtls_pk_encrypt( mbedtls_pk_context *ctx,
const unsigned char *input, size_t ilen,
@ -397,7 +526,19 @@ int mbedtls_pk_encrypt( mbedtls_pk_context *ctx,
* \param pub Context holding a public key.
* \param prv Context holding a private (and public) key.
*
* \return 0 on success or MBEDTLS_ERR_PK_BAD_INPUT_DATA
* \return * 0 on success.
* * MBEDTLS_ERR_PK_BAD_INPUT_DATA if one of the contexts
* is ill-formed.
* * MBEDTLS_ERR_PK_TYPE_MISMATCH if the contexts cannot
* represent keys of the same type.
* * MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE if it is impossible
* to determine whether the keys match. This can only happen
* if \c prv is an opaque key.
* * Or a type-specific error code.
*
* \note Opaque key types may omit implementing this function
* by providing a NULL pointer in the mbedtls_pk_info_t structure.
* An opaque \c pub never matches a transparent \c prv.
*/
int mbedtls_pk_check_pair( const mbedtls_pk_context *pub, const mbedtls_pk_context *prv );
@ -407,27 +548,16 @@ int mbedtls_pk_check_pair( const mbedtls_pk_context *pub, const mbedtls_pk_conte
* \param ctx Context to use
* \param items Place to write debug items
*
* \return 0 on success or MBEDTLS_ERR_PK_BAD_INPUT_DATA
* \return * 0 on success.
* * MBEDTLS_ERR_PK_BAD_INPUT_DATA if the context is ill-formed.
* * MBEDTLS_ERR_PK_TYPE_MISMATCH if the context does not
* support exporting debug information.
* * Or a type-specific error code.
*/
int mbedtls_pk_debug( const mbedtls_pk_context *ctx, mbedtls_pk_debug_item *items );
/**
* \brief Access the type name
*
* \param ctx Context to use
*
* \return Type name on success, or "invalid PK"
*/
const char * mbedtls_pk_get_name( const mbedtls_pk_context *ctx );
/**@}*/
/**
* \brief Get the key type
*
* \param ctx Context to use
*
* \return Type on success, or MBEDTLS_PK_NONE
*/
mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx );
#if defined(MBEDTLS_PK_PARSE_C)
/** \ingroup pk_module */
@ -513,7 +643,12 @@ int mbedtls_pk_parse_public_keyfile( mbedtls_pk_context *ctx, const char *path )
#endif /* MBEDTLS_FS_IO */
#endif /* MBEDTLS_PK_PARSE_C */
#if defined(MBEDTLS_PK_WRITE_C)
/** \name Key pair serialization */
/**@{*/
/**
* \brief Write a private key to a PKCS#1 or SEC1 DER structure
* Note: data is written at the end of the buffer! Use the
@ -567,11 +702,13 @@ int mbedtls_pk_write_pubkey_pem( mbedtls_pk_context *ctx, unsigned char *buf, si
*/
int mbedtls_pk_write_key_pem( mbedtls_pk_context *ctx, unsigned char *buf, size_t size );
#endif /* MBEDTLS_PEM_WRITE_C */
/**@}*/
#endif /* MBEDTLS_PK_WRITE_C */
/*
* WARNING: Low-level functions. You probably do not want to use these unless
* you are certain you do ;)
/** \name Low-level functions */
/**@{*/
/**
* \warning You probably do not want to use these unless you are certain you do ;)
*/
#if defined(MBEDTLS_PK_PARSE_C)
@ -611,6 +748,8 @@ int mbedtls_pk_write_pubkey( unsigned char **p, unsigned char *start,
int mbedtls_pk_load_file( const char *path, unsigned char **buf, size_t *n );
#endif
/**@}*/
#ifdef __cplusplus
}
#endif

273
include/mbedtls/pk_info.h Normal file
View file

@ -0,0 +1,273 @@
/**
* \file pk_info.h
*
* \brief Public Key cryptography abstraction layer: object interface
*
* This file contains the info structure interface used by developers to
* provide engine-specific implementations of opaque key handling functions.
*
* Copyright (C) 2006-2018, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_PK_INFO_H
#define MBEDTLS_PK_INFO_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
#include "pk.h"
#ifdef __cplusplus
extern "C" {
#endif
/**
* Methods that opaque key pair objects must implement.
*
* Engines that interface with external cryptographic processors must
* implement this interface. It allows using different engines for each key.
* Platform-specific hardware accelerators that can be used for all keys of
* a given type should not use this interface, but rather provide an
* alternative implementation of the respective cryptographic module - for
* example to use an RSA accelerator you can define MBEDTLS_RSA_ALT, and
* provide your own implementation of the RSA module.
*
* \warning: If you are using the PK interface to perform operations on
* keys, call the functions in pk.h. The interface in this file should only
* be used by implementers of opaque key engines.
*
* An engine for asymmetric cryptography must implement the interface
* described in this structure. The interface for the engine may be
* exposed in one of two ways:
*
* - Declare the mbedtls_pk_info_t structure and instruct users to call
* mbedtls_pk_setup with that structure.
* - Keep the mbedtls_pk_info_t structure hidden and declare a function
* to call instead of mbedtls_pk_setup. This function should have an
* interface of the form
* `int mbedtls_pk_setup_myengine(mbedtls_pk_context *, ...)`
* where the extra parameters depend on the engine, e.g. handles to keys
* stored in an external cryptographic module.
*
* Unless otherwise indicated, functions returning int must return an
* Mbed TLS status code, either 0 for success or a negative value to indicate
* an error. It is recommended to use the MBEDTLS_ERR_PK_XXX error codes
* defined in pk.h.
*
* Some methods are optional; this is clearly indicated in their description.
* If a method is optional, then an opaque key implementation may put NULL
* in the corresponding field. The corresponding function in pk.h will
* return MBEDTLS_ERR_PK_TYPE_MISMATCH in this case.
*
*
* \warning: Do not declare this structure directly! It may be extended in
* future* versions of Mbed TLS. Call the macro
* MBEDTLS_PK_OPAQUE_INFO_1() instead.
* This macro is guaranteed to take parameters with the same type
* and semantics as previous versions and fill any new field of the
* structure with sensible values.
*/
struct mbedtls_pk_info_t
{
/** Key pair type.
*
* mbedtls_pk_get_type() returns this value.
*
* For transparent keys, this contains an indication of supported
* algorithms. For opaque keys, this is \c MBEDTLS_PK_OPAQUE. */
mbedtls_pk_type_t type;
/** Type name.
*
* mbedtls_pk_get_name() returns this value. It must be a
* null-terminated string.
*
* For transparent keys, this reflects the key type. For opaque keys,
* this reflects the cryptographic module driver. */
const char *name;
/** Get key size in bits.
*
* mbedtls_pk_get_bitlen() returns this value.
*
* This function cannot fail. */
size_t (*get_bitlen)( const void *ctx );
/** Tell if the context implements the algorithm specified by
* the provided type (e.g.\ ECKEY can do ECDSA).
*
* mbedtls_pk_can_do() calls this function.
*
* This function is only based on the key type. It does not take any
* usage restrictions into account. */
int (*can_do)( const void * ctx, mbedtls_pk_type_t type );
/** Upper bound of the signature length
*
* mbedtls_pk_get_signature_size() returns this value.
*
* In case of an error, or an unsupported key type, 0 should be returned.
*
* Opaque implementations may omit this method if they do not support
* signature. */
size_t (*signature_size_func)( const void *ctx );
/** Verify signature
*
* mbedtls_pk_verify() calls this function.
*
* Opaque implementations may omit this method if they do not support
* signature verification. */
int (*verify_func)( void *ctx, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
const unsigned char *sig, size_t sig_len );
/** Make signature
*
* mbedtls_pk_sign() calls this function.
*
* Assume that the buffer \c sig has room for
* \c signature_size_func(ctx) bytes.
*
* The arguments \c f_rng and \c p_rng are provided in case the
* algorithm requires randomization. Implementations are not
* required to use it if they have their own random source. If \c
* f_rng is null, the implementation should operate if it can, and
* return #MBEDTLS_ERR_PK_BAD_INPUT_DATA otherwise.
*
* Opaque implementations may omit this method if they do not support
* signature. */
int (*sign_func)( void *ctx, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
unsigned char *sig, size_t *sig_len,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng );
/** Decrypt message
*
* mbedtls_pk_decrypt() calls this function.
*
* The arguments \c f_rng and \c p_rng are provided in case the
* algorithm requires randomization. Implementations are not
* required to use it if they have their own random source. If \c
* f_rng is null, the implementation should operate if it can, and
* return #MBEDTLS_ERR_PK_BAD_INPUT_DATA otherwise.
*
* Opaque implementations may omit this method if they do not support
* decryption. */
int (*decrypt_func)( void *ctx, const unsigned char *input, size_t ilen,
unsigned char *output, size_t *olen, size_t osize,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng );
/** Encrypt message
*
* mbedtls_pk_decrypt() calls this function.
*
* The arguments \c f_rng and \c p_rng are provided in case the
* algorithm requires randomization. Implementations are not
* required to use it if they have their own random source. If \c
* f_rng is null, the implementation should operate if it can, and
* return #MBEDTLS_ERR_PK_BAD_INPUT_DATA otherwise.
*
* Opaque implementations may omit this method if they do not support
* encryption. */
int (*encrypt_func)( void *ctx, const unsigned char *input, size_t ilen,
unsigned char *output, size_t *olen, size_t osize,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng );
/** Check public-private key pair
*
* mbedtls_pk_check_pair() calls this function on the private key pair
* object \c prv. The other argument \c pub may be of any type, but it
* is guaranteed to be initialized.
*
* Opaque implementations may omit this method. */
int (*check_pair_func)( const mbedtls_pk_context *pub, const mbedtls_pk_context *prv );
/** Allocate a new context
*
* mbedtls_pk_setup() calls this function.
*
* If this function returns NULL, the allocation is considered to
* have failed and the the object remains uninitialized.
*
* Opaque implementations may omit this method. In this case,
* mbedtls_pk_setup will set the \c pk_ctx field of the mbedtls_pk_context
* object to NULL, and it is up to an engine-specific setup function to
* initialize the \c pk_ctx field. This is useful if the size of the
* memory depends on extra parameters passed to the engine-specific setup
* function. */
void * (*ctx_alloc_func)( void );
/** Free the given context
*
* mbedtls_pk_free() calls this function. It must free the data allocated
* by \b ctx_alloc_func as well as any other resource that belongs to
* the object.
* */
void (*ctx_free_func)( void *ctx );
/** Interface with the debug module
*
* mbedtls_pk_debug() calls this function.
*
* Opaque implementations may omit this method. */
void (*debug_func)( const void *ctx, mbedtls_pk_debug_item *items );
};
#define MBEDTLS_PK_OPAQUE_INFO_1( \
name \
, get_bitlen \
, can_do \
, signature_size_func \
, verify_func \
, sign_func \
, decrypt_func \
, encrypt_func \
, check_pair_func \
, ctx_alloc_func \
, ctx_free_func \
, debug_func \
) \
{ \
MBEDTLS_PK_OPAQUE \
, name \
, get_bitlen \
, can_do \
, signature_size_func \
, verify_func \
, sign_func \
, decrypt_func \
, encrypt_func \
, check_pair_func \
, ctx_alloc_func \
, ctx_free_func \
, debug_func \
}
#ifdef __cplusplus
}
#endif
#endif /* MBEDTLS_PK_INFO_H */

67
include/mbedtls/pk_internal.h
View file

@ -1,10 +1,12 @@
/**
* \file pk_internal.h
*
* \brief Public Key abstraction layer: wrapper functions
*/
/*
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
* \brief Public Key cryptography abstraction layer: built-in key types
*
* This file contains built-in types for handling various key types using
* the interface defined in pk_info.h.
*
* Copyright (C) 2006-2018, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
@ -22,8 +24,8 @@
* This file is part of mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_PK_WRAP_H
#define MBEDTLS_PK_WRAP_H
#ifndef MBEDTLS_PK_INTERNAL_H
#define MBEDTLS_PK_INTERNAL_H
#if !defined(MBEDTLS_CONFIG_FILE)
#include "config.h"
@ -33,57 +35,6 @@
#include "pk.h"
struct mbedtls_pk_info_t
{
/** Public key type */
mbedtls_pk_type_t type;
/** Type name */
const char *name;
/** Get key size in bits */
size_t (*get_bitlen)( const void * );
/** Tell if the context implements this type (e.g. ECKEY can do ECDSA) */
int (*can_do)( mbedtls_pk_type_t type );
/** Verify signature */
int (*verify_func)( void *ctx, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
const unsigned char *sig, size_t sig_len );
/** Make signature */
int (*sign_func)( void *ctx, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
unsigned char *sig, size_t *sig_len,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng );
/** Decrypt message */
int (*decrypt_func)( void *ctx, const unsigned char *input, size_t ilen,
unsigned char *output, size_t *olen, size_t osize,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng );
/** Encrypt message */
int (*encrypt_func)( void *ctx, const unsigned char *input, size_t ilen,
unsigned char *output, size_t *olen, size_t osize,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng );
/** Check public-private key pair */
int (*check_pair_func)( const void *pub, const void *prv );
/** Allocate a new context */
void * (*ctx_alloc_func)( void );
/** Free the given context */
void (*ctx_free_func)( void *ctx );
/** Interface with the debug module */
void (*debug_func)( const void *ctx, mbedtls_pk_debug_item *items );
};
#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
/* Container for RSA-alt */
typedef struct
@ -112,4 +63,4 @@ extern const mbedtls_pk_info_t mbedtls_ecdsa_info;
extern const mbedtls_pk_info_t mbedtls_rsa_alt_info;
#endif
#endif /* MBEDTLS_PK_WRAP_H */
#endif /* MBEDTLS_PK_INTERNAL_H */

21
library/ecdsa.c
View file

@ -289,22 +289,22 @@ cleanup:
/*
* Convert a signature (given by context) to ASN.1
*/
static int ecdsa_signature_to_asn1( const mbedtls_mpi *r, const mbedtls_mpi *s,
unsigned char *sig, size_t *slen )
int mbedtls_ecdsa_signature_to_asn1( const mbedtls_mpi *r, const mbedtls_mpi *s,
unsigned char *sig, size_t *slen, size_t ssize )
{
int ret;
unsigned char buf[MBEDTLS_ECDSA_MAX_LEN];
unsigned char *p = buf + sizeof( buf );
unsigned char *p = sig + ssize;
size_t len = 0;
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( &p, buf, s ) );
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( &p, buf, r ) );
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( &p, sig, s ) );
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( &p, sig, r ) );
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &p, buf, len ) );
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &p, buf,
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &p, sig, len ) );
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &p, sig,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) );
memcpy( sig, p, len );
memmove( sig, p, len );
memset( sig + len, 0, ssize - len );
*slen = len;
return( 0 );
@ -321,6 +321,7 @@ int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx, mbedtls_md_type_t
{
int ret;
mbedtls_mpi r, s;
const size_t ssize = MBEDTLS_ECDSA_MAX_SIG_LEN( ctx->grp.pbits );
mbedtls_mpi_init( &r );
mbedtls_mpi_init( &s );
@ -338,7 +339,7 @@ int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx, mbedtls_md_type_t
hash, hlen, f_rng, p_rng ) );
#endif
MBEDTLS_MPI_CHK( ecdsa_signature_to_asn1( &r, &s, sig, slen ) );
MBEDTLS_MPI_CHK( mbedtls_ecdsa_signature_to_asn1( &r, &s, sig, slen, ssize ) );
cleanup:
mbedtls_mpi_free( &r );

57
library/ecp.c
View file

@ -51,6 +51,11 @@
#include "mbedtls/ecp.h"
#include "mbedtls/threading.h"
#if defined(MBEDTLS_ASN1_WRITE_C) && defined(MBEDTLS_OID_C)
#include "mbedtls/asn1write.h"
#include "mbedtls/oid.h"
#endif
#include <string.h>
#if !defined(MBEDTLS_ECP_ALT)
@ -2059,6 +2064,58 @@ cleanup:
return( ret );
}
#if defined(MBEDTLS_ASN1_WRITE_C) && defined(MBEDTLS_OID_C)
int mbedtls_ecp_ansi_write_group( const mbedtls_ecp_group *grp,
unsigned char *p,
size_t size, size_t *olen )
{
const char *oid;
unsigned char *q;
size_t oid_length;
int ret;
ret = mbedtls_oid_get_oid_by_ec_grp( grp->id, &oid, &oid_length );
if( ret != 0 )
return( ret );
// Output is a TLV with len(T)=1, len(L)=1, V=OID
if( size < 2 + oid_length )
return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
q = p + 2 + oid_length;
*olen = mbedtls_asn1_write_oid( &q, p, oid, oid_length );
return ( 0 );
}
int mbedtls_ecp_ansi_write_point( const mbedtls_ecp_keypair *ec,
int format,
unsigned char *p,
size_t size, size_t *olen )
{
unsigned char *q;
size_t tl_max_size = 3; /* room for the OCTET_STRING tag and length */
int ret;
if( size < tl_max_size )
return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
q = p + tl_max_size;
ret = mbedtls_ecp_point_write_binary( &ec->grp, &ec->Q,
format,
olen, q, size - tl_max_size );
if( ret < 0 )
return( ret );
ret = mbedtls_asn1_write_len( &q, p, *olen );
if( ret < 0 )
return( ret );
ret = mbedtls_asn1_write_tag( &q, p, MBEDTLS_ASN1_OCTET_STRING );
if( ret < 0 )
return( ret );
*olen += tl_max_size - ( q - p );
if( q != p )
memmove( p, q, *olen );
return( 0 );
}
#endif /* defined(MBEDTLS_ASN1_WRITE_C) && defined(MBEDTLS_OID_C) */
#if defined(MBEDTLS_SELF_TEST)
/*

6
library/error.c
View file

@ -336,6 +336,12 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
mbedtls_snprintf( buf, buflen, "PK - The signature is valid but its length is less than expected" );
if( use_ret == -(MBEDTLS_ERR_PK_HW_ACCEL_FAILED) )
mbedtls_snprintf( buf, buflen, "PK - PK hardware accelerator failed" );
if( use_ret == -(MBEDTLS_ERR_PK_INVALID_SIGNATURE) )
mbedtls_snprintf( buf, buflen, "PK - Invalid signature" );
if( use_ret == -(MBEDTLS_ERR_PK_BUFFER_TOO_SMALL) )
mbedtls_snprintf( buf, buflen, "PK - Output buffer too small" );
if( use_ret == -(MBEDTLS_ERR_PK_NOT_PERMITTED) )
mbedtls_snprintf( buf, buflen, "PK - Operation not permitted" );
#endif /* MBEDTLS_PK_C */
#if defined(MBEDTLS_PKCS12_C)

54
library/pk.c
View file

@ -28,6 +28,7 @@
#if defined(MBEDTLS_PK_C)
#include "mbedtls/pk.h"
#include "mbedtls/pk_internal.h"
#include "mbedtls/pk_info.h"
#if defined(MBEDTLS_RSA_C)
#include "mbedtls/rsa.h"
@ -93,6 +94,7 @@ const mbedtls_pk_info_t * mbedtls_pk_info_from_type( mbedtls_pk_type_t pk_type )
return( &mbedtls_ecdsa_info );
#endif
/* MBEDTLS_PK_RSA_ALT omitted on purpose */
/* MBEDTLS_PK_OPAQUE omitted on purpose: they can't be built by parsing */
default:
return( NULL );
}
@ -106,8 +108,11 @@ int mbedtls_pk_setup( mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info )
if( ctx == NULL || info == NULL || ctx->pk_info != NULL )
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
if( ( ctx->pk_ctx = info->ctx_alloc_func() ) == NULL )
return( MBEDTLS_ERR_PK_ALLOC_FAILED );
if( info->ctx_alloc_func != NULL )
{
if( ( ctx->pk_ctx = info->ctx_alloc_func( ) ) == NULL )
return( MBEDTLS_ERR_PK_ALLOC_FAILED );
}
ctx->pk_info = info;
@ -154,7 +159,7 @@ int mbedtls_pk_can_do( const mbedtls_pk_context *ctx, mbedtls_pk_type_t type )
if( ctx == NULL || ctx->pk_info == NULL )
return( 0 );
return( ctx->pk_info->can_do( type ) );
return( ctx->pk_info->can_do( ctx->pk_ctx, type ) );
}
/*
@ -311,24 +316,27 @@ int mbedtls_pk_encrypt( mbedtls_pk_context *ctx,
int mbedtls_pk_check_pair( const mbedtls_pk_context *pub, const mbedtls_pk_context *prv )
{
if( pub == NULL || pub->pk_info == NULL ||
prv == NULL || prv->pk_info == NULL ||
prv->pk_info->check_pair_func == NULL )
prv == NULL || prv->pk_info == NULL )
{
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
}
if( prv->pk_info->type == MBEDTLS_PK_RSA_ALT )
if( pub->pk_info == prv->pk_info && pub->pk_ctx == prv->pk_ctx )
return( 0 );
if( prv->pk_info->check_pair_func == NULL )
{
if( pub->pk_info->type != MBEDTLS_PK_RSA )
return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
}
else
{
if( pub->pk_info != prv->pk_info )
return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
}
return( prv->pk_info->check_pair_func( pub->pk_ctx, prv->pk_ctx ) );
if( prv->pk_info->type != MBEDTLS_PK_OPAQUE &&
prv->pk_info->type != MBEDTLS_PK_RSA_ALT )
{
if( pub->pk_info != prv->pk_info )
return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
}
return( prv->pk_info->check_pair_func( pub, prv ) );
}
/*
@ -342,6 +350,20 @@ size_t mbedtls_pk_get_bitlen( const mbedtls_pk_context *ctx )
return( ctx->pk_info->get_bitlen( ctx->pk_ctx ) );
}
/*
* Maximum signature size
*/
size_t mbedtls_pk_get_signature_size( const mbedtls_pk_context *ctx )
{
if( ctx == NULL || ctx->pk_info == NULL )
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
if( ctx->pk_info->signature_size_func == NULL )
return( 0 );
return( ctx->pk_info->signature_size_func( ctx->pk_ctx ) );
}
/*
* Export debug information
*/
@ -369,7 +391,9 @@ const char *mbedtls_pk_get_name( const mbedtls_pk_context *ctx )
}
/*
* Access the PK type
* Access the PK type.
* For an opaque key pair object, this does not give any information on the
* underlying cryptographic material.
*/
mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx )
{

65
library/pk_wrap.c
View file

@ -26,6 +26,7 @@
#endif
#if defined(MBEDTLS_PK_C)
#include "mbedtls/pk_info.h"
#include "mbedtls/pk_internal.h"
/* Even if RSA not activated, for the sake of RSA-alt */
@ -60,8 +61,9 @@ static void mbedtls_zeroize( void *v, size_t n ) {
#endif
#if defined(MBEDTLS_RSA_C)
static int rsa_can_do( mbedtls_pk_type_t type )
static int rsa_can_do( const void *ctx, mbedtls_pk_type_t type )
{
(void) ctx;
return( type == MBEDTLS_PK_RSA ||
type == MBEDTLS_PK_RSASSA_PSS );
}
@ -117,6 +119,12 @@ static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
md_alg, (unsigned int) hash_len, hash, sig ) );
}
static size_t rsa_signature_size( const void *ctx_arg )
{
const mbedtls_rsa_context *ctx = ctx_arg;
return( ctx->len );
}
static int rsa_decrypt_wrap( void *ctx,
const unsigned char *input, size_t ilen,
unsigned char *output, size_t *olen, size_t osize,
@ -146,10 +154,10 @@ static int rsa_encrypt_wrap( void *ctx,
ilen, input, output ) );
}
static int rsa_check_pair_wrap( const void *pub, const void *prv )
static int rsa_check_pair_wrap( const mbedtls_pk_context *pub,
const mbedtls_pk_context *prv )
{
return( mbedtls_rsa_check_pub_priv( (const mbedtls_rsa_context *) pub,
(const mbedtls_rsa_context *) prv ) );
return( mbedtls_rsa_check_pub_priv( pub->pk_ctx, prv->pk_ctx ) );
}
static void *rsa_alloc_wrap( void )
@ -186,6 +194,7 @@ const mbedtls_pk_info_t mbedtls_rsa_info = {
"RSA",
rsa_get_bitlen,
rsa_can_do,
rsa_signature_size,
rsa_verify_wrap,
rsa_sign_wrap,
rsa_decrypt_wrap,
@ -201,8 +210,9 @@ const mbedtls_pk_info_t mbedtls_rsa_info = {
/*
* Generic EC key
*/
static int eckey_can_do( mbedtls_pk_type_t type )
static int eckey_can_do( const void *ctx, mbedtls_pk_type_t type )
{
(void) ctx;
return( type == MBEDTLS_PK_ECKEY ||
type == MBEDTLS_PK_ECKEY_DH ||
type == MBEDTLS_PK_ECDSA );
@ -260,12 +270,18 @@ static int eckey_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
return( ret );
}
static size_t ecdsa_signature_size( const void *ctx_arg )
{
const mbedtls_ecp_keypair *ctx = ctx_arg;
return( MBEDTLS_ECDSA_MAX_SIG_LEN( ctx->grp.pbits ) );
}
#endif /* MBEDTLS_ECDSA_C */
static int eckey_check_pair( const void *pub, const void *prv )
static int eckey_check_pair( const mbedtls_pk_context *pub,
const mbedtls_pk_context *prv )
{
return( mbedtls_ecp_check_pub_priv( (const mbedtls_ecp_keypair *) pub,
(const mbedtls_ecp_keypair *) prv ) );
return( mbedtls_ecp_check_pub_priv( pub->pk_ctx, prv->pk_ctx ) );
}
static void *eckey_alloc_wrap( void )
@ -297,11 +313,13 @@ const mbedtls_pk_info_t mbedtls_eckey_info = {
eckey_get_bitlen,
eckey_can_do,
#if defined(MBEDTLS_ECDSA_C)
ecdsa_signature_size,
eckey_verify_wrap,
eckey_sign_wrap,
#else
NULL,
NULL,
NULL,
#endif
NULL,
NULL,
@ -314,8 +332,9 @@ const mbedtls_pk_info_t mbedtls_eckey_info = {
/*
* EC key restricted to ECDH
*/
static int eckeydh_can_do( mbedtls_pk_type_t type )
static int eckeydh_can_do( const void *ctx, mbedtls_pk_type_t type )
{
(void) ctx;
return( type == MBEDTLS_PK_ECKEY ||
type == MBEDTLS_PK_ECKEY_DH );
}
@ -329,6 +348,7 @@ const mbedtls_pk_info_t mbedtls_eckeydh_info = {
NULL,
NULL,
NULL,
NULL,
eckey_check_pair,
eckey_alloc_wrap, /* Same underlying key structure */
eckey_free_wrap, /* Same underlying key structure */
@ -337,8 +357,9 @@ const mbedtls_pk_info_t mbedtls_eckeydh_info = {
#endif /* MBEDTLS_ECP_C */
#if defined(MBEDTLS_ECDSA_C)
static int ecdsa_can_do( mbedtls_pk_type_t type )
static int ecdsa_can_do( const void *ctx, mbedtls_pk_type_t type )
{
(void) ctx;
return( type == MBEDTLS_PK_ECDSA );
}
@ -388,6 +409,7 @@ const mbedtls_pk_info_t mbedtls_ecdsa_info = {
"ECDSA",
eckey_get_bitlen, /* Compatible key structures */
ecdsa_can_do,
ecdsa_signature_size,
ecdsa_verify_wrap,
ecdsa_sign_wrap,
NULL,
@ -404,8 +426,9 @@ const mbedtls_pk_info_t mbedtls_ecdsa_info = {
* Support for alternative RSA-private implementations
*/
static int rsa_alt_can_do( mbedtls_pk_type_t type )
static int rsa_alt_can_do( const void *ctx, mbedtls_pk_type_t type )
{
(void) ctx;
return( type == MBEDTLS_PK_RSA );
}
@ -434,6 +457,13 @@ static int rsa_alt_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
md_alg, (unsigned int) hash_len, hash, sig ) );
}
static size_t rsa_alt_signature_size( const void *ctx )
{
const mbedtls_rsa_alt_context *rsa_alt = (const mbedtls_rsa_alt_context *) ctx;
return( rsa_alt->key_len_func( rsa_alt->key ) );
}
static int rsa_alt_decrypt_wrap( void *ctx,
const unsigned char *input, size_t ilen,
unsigned char *output, size_t *olen, size_t osize,
@ -452,26 +482,30 @@ static int rsa_alt_decrypt_wrap( void *ctx,
}
#if defined(MBEDTLS_RSA_C)
static int rsa_alt_check_pair( const void *pub, const void *prv )
static int rsa_alt_check_pair( const mbedtls_pk_context *pub,
const mbedtls_pk_context *prv )
{
unsigned char sig[MBEDTLS_MPI_MAX_SIZE];
unsigned char hash[32];
size_t sig_len = 0;
int ret;
if( rsa_alt_get_bitlen( prv ) != rsa_get_bitlen( pub ) )
if( pub->pk_info->type != MBEDTLS_PK_RSA )
return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
if( rsa_alt_get_bitlen( prv->pk_ctx ) != rsa_get_bitlen( pub->pk_ctx ) )
return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
memset( hash, 0x2a, sizeof( hash ) );
if( ( ret = rsa_alt_sign_wrap( (void *) prv, MBEDTLS_MD_NONE,
if( ( ret = rsa_alt_sign_wrap( (void *) prv->pk_ctx, MBEDTLS_MD_NONE,
hash, sizeof( hash ),
sig, &sig_len, NULL, NULL ) ) != 0 )
{
return( ret );
}
if( rsa_verify_wrap( (void *) pub, MBEDTLS_MD_NONE,
if( rsa_verify_wrap( pub->pk_ctx, MBEDTLS_MD_NONE,
hash, sizeof( hash ), sig, sig_len ) != 0 )
{
return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
@ -502,6 +536,7 @@ const mbedtls_pk_info_t mbedtls_rsa_alt_info = {
"RSA-alt",
rsa_alt_get_bitlen,
rsa_alt_can_do,
rsa_alt_signature_size,
NULL,
rsa_alt_sign_wrap,
rsa_alt_decrypt_wrap,

2
library/ssl_srv.c
View file

@ -739,7 +739,7 @@ static int ssl_pick_cert( mbedtls_ssl_context *ssl,
#if defined(MBEDTLS_ECDSA_C)
if( pk_alg == MBEDTLS_PK_ECDSA &&
ssl_check_key_curve( cur->key, ssl->handshake->curves ) != 0 )
ssl_check_key_curve( &cur->cert->pk, ssl->handshake->curves ) != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "certificate mismatch: elliptic curve" ) );
continue;

7
tests/scripts/generate_code.pl
View file

@ -111,12 +111,7 @@ my @test_cases_lines = split/^/, <TEST_CASES>;
my $test_cases;
my $index = 2;
for my $line (@test_cases_lines) {
if ($line =~ /^\/\* BEGIN_SUITE_HELPERS .*\*\//)
{
$line = $line."#line $index \"$test_case_file\"\n";
}
if ($line =~ /^\/\* BEGIN_CASE .*\*\//)
if ($line =~ /^\/\* BEGIN_.*\*\//)
{
$line = $line."#line $index \"$test_case_file\"\n";
}

8
tests/suites/test_suite_ecdsa.function
View file

@ -142,7 +142,7 @@ void ecdsa_write_read_random( int id )
rnd_pseudo_info rnd_info;
unsigned char hash[32];
unsigned char sig[200];
size_t sig_len, i;
size_t sig_len, max_sig_len, i;
mbedtls_ecdsa_init( &ctx );
memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) );
@ -162,8 +162,10 @@ void ecdsa_write_read_random( int id )
TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
sig, sig_len ) == 0 );
/* check we didn't write past the announced length */
for( i = sig_len; i < sizeof( sig ); i++ )
/* check we didn't write past the maximum length */
max_sig_len = MBEDTLS_ECDSA_MAX_SIG_LEN( ctx.grp.pbits );
TEST_ASSERT( sig_len <= max_sig_len );
for( i = max_sig_len; i < sizeof( sig ); i++ )
TEST_ASSERT( sig[i] == 0x2a );
/* try verification with invalid length */

20
tests/suites/test_suite_ecp.data
View file

@ -30,6 +30,26 @@ ECP curve info #8
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
mbedtls_ecp_curve_info:MBEDTLS_ECP_DP_SECP192R1:19:192:"secp192r1"
ECP write ECParameters OID secp192r1
depends_on:MBEDTLS_ASN1_WRITE_C:MBEDTLS_OID_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
ecp_ansi_write_group:MBEDTLS_ECP_DP_SECP192R1:"06082a8648ce3d030101"
ECP write ECParameters OID secp521r1
depends_on:MBEDTLS_ASN1_WRITE_C:MBEDTLS_OID_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED
ecp_ansi_write_group:MBEDTLS_ECP_DP_SECP521R1:"06052b81040023"
ECP write ECParameters OID brainpoolP512r1
depends_on:MBEDTLS_ASN1_WRITE_C:MBEDTLS_OID_C:MBEDTLS_ECP_DP_BP512R1_ENABLED
ecp_ansi_write_group:MBEDTLS_ECP_DP_BP512R1:"06092b240303020801010d"
ECP write ECPoint octet string (uncompressed)
depends_on:MBEDTLS_ASN1_WRITE_C:MBEDTLS_OID_C:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
ecp_ansi_write_point:"data_files/ec_pub.der":MBEDTLS_ECP_PF_UNCOMPRESSED:"043104bc797db3ae7f08ec3d496b4fb411b3f620a558a501e0222d08cfe0dc8aec8b1a7bf24be92951cc5ba1bebb2474909ae0"
ECP write ECPoint octet string (compressed)
depends_on:MBEDTLS_ASN1_WRITE_C:MBEDTLS_OID_C:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
ecp_ansi_write_point:"data_files/ec_pub.der":MBEDTLS_ECP_PF_COMPRESSED:"041902bc797db3ae7f08ec3d496b4fb411b3f620a558a501e0222d"
ECP check pubkey Montgomery #1 (too big)
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
ecp_check_pub:MBEDTLS_ECP_DP_CURVE25519:"010000000000000000000000000000000000000000000000000000000000000000":"0":"1":MBEDTLS_ERR_ECP_INVALID_KEY

64
tests/suites/test_suite_ecp.function
View file

@ -1,5 +1,6 @@
/* BEGIN_HEADER */
#include "mbedtls/ecp.h"
#include "mbedtls/pk.h"
#define ECP_PF_UNKNOWN -1
/* END_HEADER */
@ -412,6 +413,69 @@ exit:
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_ASN1_WRITE_C:MBEDTLS_OID_C */
void ecp_ansi_write_group( int id, char *hex )
{
mbedtls_ecp_group grp;
unsigned char good[MBEDTLS_ECP_GRP_OID_MAX_SIZE];
unsigned char tested[MBEDTLS_ECP_GRP_OID_MAX_SIZE];
size_t good_len = unhexify( good, hex );
size_t received_len = 0;
int ret = 0;
mbedtls_ecp_group_init( &grp );
TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
/* Positive test */
ret = mbedtls_ecp_ansi_write_group( &grp, tested, sizeof( tested ),
&received_len );
TEST_ASSERT( ret == 0 && good_len == (unsigned) received_len );
TEST_ASSERT( memcmp( good, tested, good_len ) == 0 );
/* Buffer too small */
TEST_ASSERT( mbedtls_ecp_ansi_write_group( &grp, tested, good_len - 1,
&received_len ) ==
MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
exit:
mbedtls_ecp_group_free( &grp );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_ASN1_WRITE_C:MBEDTLS_OID_C:MBEDTLS_PK_PARSE_C:MBEDTLS_FS_IO */
void ecp_ansi_write_point( char *key_file, int format, char *good_hex )
{
unsigned char good_buf[1000];
unsigned char tested_buf[1000];
size_t good_len = unhexify( good_buf, good_hex );
size_t received_len = 0;
mbedtls_pk_context pk;
int ret = -1;
mbedtls_pk_init( &pk );
TEST_ASSERT( mbedtls_pk_parse_public_keyfile( &pk, key_file ) == 0 );
/* Positive test */
ret = mbedtls_ecp_ansi_write_point( mbedtls_pk_ec( pk ), format,
tested_buf, sizeof( tested_buf ),
&received_len );
TEST_ASSERT( ret == 0 && good_len == (unsigned) received_len );
TEST_ASSERT( memcmp( good_buf, tested_buf, good_len ) == 0 );
/* Buffer too small */
TEST_ASSERT( mbedtls_ecp_ansi_write_point( mbedtls_pk_ec( pk ), format,
tested_buf, good_len - 1,
&received_len ) ==
MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
exit:
if( ret >= 0 ) {
unsigned char out[999] = {0};
hexify( out, tested_buf, ret );
printf("== %s ==\n", out);
}
mbedtls_pk_free( &pk );
}
/* END_CASE */
/* BEGIN_CASE */
void mbedtls_ecp_check_privkey( int id, char *key_hex, int ret )
{

30
tests/suites/test_suite_pk.data
View file

@ -138,14 +138,14 @@ Check pair #2 (EC, bad)
depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
mbedtls_pk_check_pair:"data_files/ec_256_pub.pem":"data_files/server5.key":MBEDTLS_ERR_ECP_BAD_INPUT_DATA
Check pair #3 (RSA, OK)
depends_on:MBEDTLS_RSA_C
mbedtls_pk_check_pair:"data_files/server1.pubkey":"data_files/server1.key":0
Check pair #4 (RSA, bad)
depends_on:MBEDTLS_RSA_C
mbedtls_pk_check_pair:"data_files/server1.pubkey":"data_files/server2.key":MBEDTLS_ERR_RSA_KEY_CHECK_FAILED
#Check pair #3 (RSA, OK)
#depends_on:MBEDTLS_RSA_C
#mbedtls_pk_check_pair:"data_files/server1.pubkey":"data_files/server1.key":0
#
#Check pair #4 (RSA, bad)
#depends_on:MBEDTLS_RSA_C
#mbedtls_pk_check_pair:"data_files/server1.pubkey":"data_files/server2.key":MBEDTLS_ERR_RSA_KEY_CHECK_FAILED
#
Check pair #5 (RSA vs EC)
depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C
mbedtls_pk_check_pair:"data_files/ec_256_pub.pem":"data_files/server1.key":MBEDTLS_ERR_PK_TYPE_MISMATCH
@ -153,3 +153,17 @@ mbedtls_pk_check_pair:"data_files/ec_256_pub.pem":"data_files/server1.key":MBEDT
RSA hash_len overflow (size_t vs unsigned int)
depends_on:MBEDTLS_RSA_C:MBEDTLS_HAVE_INT64
pk_rsa_overflow:
PK opaque mock
pk_opaque_mock:
PK opaque with failed allocation
pk_opaque_fail_allocation:
PK opaque minimal
pk_opaque_minimal:
#PK opaque wrapper (RSA)
#depends_on:MBEDTLS_RSA_C
#pk_opaque_wrapper:
#

599
tests/suites/test_suite_pk.function
View file

@ -1,5 +1,8 @@
/* BEGIN_HEADER */
#include <string.h>
#include "mbedtls/pk.h"
#include "mbedtls/pk_info.h"
/* For error codes */
#include "mbedtls/ecp.h"
@ -39,14 +42,15 @@ static int pk_genkey( mbedtls_pk_context *pk )
}
#if defined(MBEDTLS_RSA_C)
int mbedtls_rsa_decrypt_func( void *ctx, int mode, size_t *olen,
static int mbedtls_rsa_decrypt_func( void *ctx, int mode, size_t *olen,
const unsigned char *input, unsigned char *output,
size_t output_max_len )
{
return( mbedtls_rsa_pkcs1_decrypt( (mbedtls_rsa_context *) ctx, NULL, NULL, mode, olen,
input, output, output_max_len ) );
}
int mbedtls_rsa_sign_func( void *ctx,
static int mbedtls_rsa_sign_func( void *ctx,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
int mode, mbedtls_md_type_t md_alg, unsigned int hashlen,
const unsigned char *hash, unsigned char *sig )
@ -54,11 +58,269 @@ int mbedtls_rsa_sign_func( void *ctx,
return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx, f_rng, p_rng, mode,
md_alg, hashlen, hash, sig ) );
}
size_t mbedtls_rsa_key_len_func( void *ctx )
static size_t mbedtls_rsa_key_len_func( void *ctx )
{
return( ((const mbedtls_rsa_context *) ctx)->len );
}
/* Prepare a raw RSA context with a small random key. */
static void pk_rsa_prepare( mbedtls_rsa_context *raw )
{
mbedtls_rsa_init( raw, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_NONE );
mbedtls_rsa_gen_key( raw, rnd_std_rand, NULL, RSA_KEY_SIZE, 3 );
}
/* Test the RSA context tested_ctx by comparing its operation with a
generic RSA context which is initialized with the key in raw. */
static void pk_rsa_match( mbedtls_rsa_context *raw,
mbedtls_pk_context *tested_ctx,
int sign_ret, int verify_ret,
int encrypt_ret, int decrypt_ret,
int debug_ret )
{
mbedtls_pk_context basic_ctx;
mbedtls_pk_debug_item dbg_items[10];
unsigned char hash[50], sig[1000];
unsigned char msg[50], ciph[1000], test[1000];
size_t sig_len, ciph_len, test_len;
memset( hash, 0x2a, sizeof hash );
memset( sig, 0, sizeof sig );
memset( msg, 0x2a, sizeof msg );
memset( ciph, 0, sizeof ciph );
memset( test, 0, sizeof test );
/* Initialize basic PK RSA context with raw key */
mbedtls_pk_init( &basic_ctx );
TEST_ASSERT( mbedtls_pk_setup( &basic_ctx,
mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 );
TEST_ASSERT( mbedtls_rsa_copy( mbedtls_pk_rsa( basic_ctx ), raw ) == 0 );
/* Test administrative functions */
TEST_ASSERT( mbedtls_pk_can_do( tested_ctx, MBEDTLS_PK_RSA ) );
TEST_ASSERT( mbedtls_pk_get_bitlen( tested_ctx ) == RSA_KEY_SIZE );
TEST_ASSERT( mbedtls_pk_get_len( tested_ctx ) == RSA_KEY_LEN );
TEST_ASSERT( mbedtls_pk_get_signature_size( tested_ctx ) == RSA_KEY_LEN );
/* Test signature */
TEST_ASSERT( mbedtls_pk_sign( tested_ctx, MBEDTLS_MD_NONE, hash, sizeof hash,
sig, &sig_len, rnd_std_rand, NULL ) == sign_ret );
if( sign_ret == 0 )
{
#if defined(MBEDTLS_HAVE_INT64)
TEST_ASSERT( mbedtls_pk_sign( tested_ctx, MBEDTLS_MD_NONE, hash, (size_t)-1,
NULL, NULL, rnd_std_rand, NULL ) ==
MBEDTLS_ERR_PK_BAD_INPUT_DATA );
#endif /* MBEDTLS_HAVE_INT64 */
TEST_ASSERT( sig_len == RSA_KEY_LEN );
TEST_ASSERT( mbedtls_pk_verify( &basic_ctx, MBEDTLS_MD_NONE,
hash, sizeof hash, sig, sig_len ) == 0 );
}
/* Test verification */
TEST_ASSERT( mbedtls_pk_sign( &basic_ctx, MBEDTLS_MD_NONE, hash, sizeof hash,
sig, &sig_len, rnd_std_rand, NULL ) == 0 );
TEST_ASSERT( mbedtls_pk_verify( tested_ctx, MBEDTLS_MD_NONE,
hash, sizeof hash, sig, sig_len ) == verify_ret );
if( verify_ret == 0 )
{
TEST_ASSERT( mbedtls_pk_verify( tested_ctx, MBEDTLS_MD_NONE,
hash, sizeof hash, sig, sig_len - 1 ) == MBEDTLS_ERR_RSA_VERIFY_FAILED );
sig[sig_len-1] ^= 1;
TEST_ASSERT( mbedtls_pk_verify( tested_ctx, MBEDTLS_MD_NONE,
hash, sizeof hash, sig, sig_len ) == MBEDTLS_ERR_RSA_INVALID_PADDING );
}
/* Test encryption */
TEST_ASSERT( mbedtls_pk_encrypt( tested_ctx, msg, sizeof msg,
ciph, &ciph_len, sizeof ciph,
rnd_std_rand, NULL ) == encrypt_ret );
if( encrypt_ret == 0 )
{
TEST_ASSERT( mbedtls_pk_decrypt( &basic_ctx, ciph, ciph_len,
test, &test_len, sizeof test,
rnd_std_rand, NULL ) == 0 );
TEST_ASSERT( test_len == sizeof msg );
TEST_ASSERT( memcmp( test, msg, test_len ) == 0 );
}
/* Test decryption */
TEST_ASSERT( mbedtls_pk_encrypt( &basic_ctx, msg, sizeof msg,
ciph, &ciph_len, sizeof ciph,
rnd_std_rand, NULL ) == 0 );
TEST_ASSERT( mbedtls_pk_decrypt( tested_ctx, ciph, ciph_len,
test, &test_len, sizeof test,
rnd_std_rand, NULL ) == decrypt_ret );
if( decrypt_ret == 0 )
{
TEST_ASSERT( test_len == sizeof msg );
TEST_ASSERT( memcmp( test, msg, test_len ) == 0 );
}
/* Test debug */
TEST_ASSERT( mbedtls_pk_debug( tested_ctx, dbg_items ) == debug_ret );
exit:
mbedtls_pk_free( &basic_ctx );
}
#define OPAQUE_MOCK_CAN_DO MBEDTLS_PK_RSA
#define OPAQUE_MOCK_BITLEN 'b'
#define OPAQUE_MOCK_MD_ALG MBEDTLS_MD_SHA256
#define OPAQUE_MOCK_SIGNATURE_SIZE 4
#define OPAQUE_MOCK_GOOD_SIGNATURE "good"
static const unsigned char opaque_mock_hash[8] = "HASHhash";
static const unsigned char opaque_mock_reference_input[10] = "INPUTinput";
static const unsigned char opaque_mock_input[10] = "INPUTinput";
static const unsigned char opaque_mock_reference_encrypted[12] = "C:JOQVUjoqvu";
static const unsigned char opaque_mock_reference_decrypted[12] = "P:HMOTShmots";
static char opaque_mock_fake_ctx = 'c';
static mbedtls_pk_debug_item opaque_mock_pk_debug_item;
static int opaque_mock_debug_called_correctly = 0;
static int opaque_mock_free_called_correctly = 0;
static size_t opaque_mock_get_bitlen( const void *ctx )
{
TEST_ASSERT( ctx == &opaque_mock_fake_ctx );
return( OPAQUE_MOCK_BITLEN );
exit:
return( INT_MIN );
}
static int opaque_mock_can_do( const void *ctx,
mbedtls_pk_type_t type )
{
TEST_ASSERT( ctx == &opaque_mock_fake_ctx );
return( type == OPAQUE_MOCK_CAN_DO );
exit:
return( INT_MIN );
}
static int opaque_mock_verify_func( void *ctx, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
const unsigned char *sig, size_t sig_len )
{
TEST_ASSERT( ctx == &opaque_mock_fake_ctx );
TEST_ASSERT( md_alg == OPAQUE_MOCK_MD_ALG );
TEST_ASSERT( hash_len == sizeof( opaque_mock_hash ) );
TEST_ASSERT( hash == opaque_mock_hash );
if( sig_len != OPAQUE_MOCK_SIGNATURE_SIZE )
return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );
if( memcmp( sig, OPAQUE_MOCK_GOOD_SIGNATURE, OPAQUE_MOCK_SIGNATURE_SIZE ) )
return( MBEDTLS_ERR_PK_INVALID_SIGNATURE );
return( 0 );
exit:
return( INT_MIN );
}
static int opaque_mock_sign_func( void *ctx, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
unsigned char *sig, size_t *sig_len,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
TEST_ASSERT( ctx == &opaque_mock_fake_ctx );
TEST_ASSERT( md_alg == OPAQUE_MOCK_MD_ALG );
TEST_ASSERT( hash_len == sizeof( opaque_mock_hash ) );
TEST_ASSERT( hash == opaque_mock_hash );
memcpy( sig, OPAQUE_MOCK_GOOD_SIGNATURE, OPAQUE_MOCK_SIGNATURE_SIZE );
*sig_len = OPAQUE_MOCK_SIGNATURE_SIZE;
(void) f_rng;
(void) p_rng;
return( 0 );
exit:
return( INT_MIN );
}
static int opaque_mock_decrypt_func( void *ctx, const unsigned char *input, size_t ilen,
unsigned char *output, size_t *olen, size_t osize,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
TEST_ASSERT( ctx == &opaque_mock_fake_ctx );
TEST_ASSERT( ilen == sizeof( opaque_mock_reference_input ) );
TEST_ASSERT( !memcmp( input, opaque_mock_reference_input,
sizeof( opaque_mock_reference_input ) ) );
if( osize < sizeof( opaque_mock_reference_decrypted ) )
return( MBEDTLS_ERR_PK_BUFFER_TOO_SMALL );
*olen = sizeof( opaque_mock_reference_decrypted );
memcpy( output, opaque_mock_reference_decrypted, sizeof( opaque_mock_reference_decrypted ) );
(void) f_rng;
(void) p_rng;
return( 0 );
exit:
return( INT_MIN );
}
static int opaque_mock_encrypt_func( void *ctx, const unsigned char *input, size_t ilen,
unsigned char *output, size_t *olen, size_t osize,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
TEST_ASSERT( ctx == &opaque_mock_fake_ctx );
TEST_ASSERT( ilen == sizeof( opaque_mock_reference_input ) );
TEST_ASSERT( !memcmp( input, opaque_mock_reference_input,
sizeof( opaque_mock_reference_input ) ) );
if( osize < sizeof( opaque_mock_reference_encrypted ) )
return( MBEDTLS_ERR_PK_BUFFER_TOO_SMALL );
*olen = sizeof( opaque_mock_reference_encrypted );
memcpy( output, opaque_mock_reference_encrypted, sizeof( opaque_mock_reference_encrypted ) );
(void) f_rng;
(void) p_rng;
return( 0 );
exit:
return( INT_MIN );
}
static int opaque_mock_check_pair_func( const mbedtls_pk_context *pub,
const mbedtls_pk_context *prv )
{
TEST_ASSERT( prv->pk_ctx == &opaque_mock_fake_ctx );
if( mbedtls_pk_get_type( pub ) != MBEDTLS_PK_RSA )
return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
return( 0 );
exit:
return( INT_MIN );
}
static void *opaque_mock_ctx_alloc_func( void )
{
return( &opaque_mock_fake_ctx );
}
static void *opaque_mock_ctx_alloc_fail( void )
{
return( NULL );
}
static void opaque_mock_ctx_free_func( void *ctx )
{
TEST_ASSERT( ctx == &opaque_mock_fake_ctx );
opaque_mock_free_called_correctly = 1;
exit:
return;
}
static void opaque_mock_debug_func( const void *ctx,
mbedtls_pk_debug_item *items )
{
TEST_ASSERT( ctx == &opaque_mock_fake_ctx );
TEST_ASSERT( items == &opaque_mock_pk_debug_item );
opaque_mock_debug_called_correctly = 1;
exit:
return;
}
static size_t opaque_mock_signature_size_func( const void *ctx )
{
TEST_ASSERT( ctx == &opaque_mock_fake_ctx );
return( OPAQUE_MOCK_SIGNATURE_SIZE );
exit:
return( -1 );
}
#endif /* MBEDTLS_RSA_C */
/* END_HEADER */
/* BEGIN_DEPENDENCIES
@ -270,6 +532,8 @@ void pk_sign_verify( int type, int sign_ret, int verify_ret )
TEST_ASSERT( mbedtls_pk_sign( &pk, MBEDTLS_MD_SHA256, hash, sizeof hash,
sig, &sig_len, rnd_std_rand, NULL ) == sign_ret );
if( sign_ret == 0 )
TEST_ASSERT( sig_len <= mbedtls_pk_get_signature_size( &pk ) );
TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_SHA256,
hash, sizeof hash, sig, sig_len ) == verify_ret );
@ -449,74 +713,287 @@ void pk_rsa_alt( )
* Test it against the public operations (encrypt, verify) of a
* corresponding rsa context.
*/
mbedtls_pk_context alt;
mbedtls_rsa_context raw;
mbedtls_pk_context rsa, alt;
mbedtls_pk_debug_item dbg_items[10];
unsigned char hash[50], sig[1000];
unsigned char msg[50], ciph[1000], test[1000];
size_t sig_len, ciph_len, test_len;
int ret = MBEDTLS_ERR_PK_TYPE_MISMATCH;
mbedtls_rsa_init( &raw, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_NONE );
mbedtls_pk_init( &rsa ); mbedtls_pk_init( &alt );
/* Generate an RSA key to use in both contexts */
pk_rsa_prepare( &raw );
memset( hash, 0x2a, sizeof hash );
memset( sig, 0, sizeof sig );
memset( msg, 0x2a, sizeof msg );
memset( ciph, 0, sizeof ciph );
memset( test, 0, sizeof test );
/* Initiliaze PK RSA context with random key */
TEST_ASSERT( mbedtls_pk_setup( &rsa,
mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 );
TEST_ASSERT( pk_genkey( &rsa ) == 0 );
/* Extract key to the raw rsa context */
TEST_ASSERT( mbedtls_rsa_copy( &raw, mbedtls_pk_rsa( rsa ) ) == 0 );
/* Initialize PK RSA_ALT context */
/* Set up the alt context with the generated key */
mbedtls_pk_init( &alt );
TEST_ASSERT( mbedtls_pk_setup_rsa_alt( &alt, (void *) &raw,
mbedtls_rsa_decrypt_func, mbedtls_rsa_sign_func, mbedtls_rsa_key_len_func ) == 0 );
mbedtls_rsa_decrypt_func,
mbedtls_rsa_sign_func,
mbedtls_rsa_key_len_func ) == 0 );
/* Test administrative functions */
TEST_ASSERT( mbedtls_pk_can_do( &alt, MBEDTLS_PK_RSA ) );
TEST_ASSERT( mbedtls_pk_get_bitlen( &alt ) == RSA_KEY_SIZE );
TEST_ASSERT( mbedtls_pk_get_len( &alt ) == RSA_KEY_LEN );
/* Check the metadata in the alt context */
TEST_ASSERT( mbedtls_pk_get_type( &alt ) == MBEDTLS_PK_RSA_ALT );
TEST_ASSERT( strcmp( mbedtls_pk_get_name( &alt ), "RSA-alt" ) == 0 );
/* Test signature */
TEST_ASSERT( mbedtls_pk_sign( &alt, MBEDTLS_MD_NONE, hash, sizeof hash,
sig, &sig_len, rnd_std_rand, NULL ) == 0 );
#if defined(MBEDTLS_HAVE_INT64)
TEST_ASSERT( mbedtls_pk_sign( &alt, MBEDTLS_MD_NONE, hash, (size_t)-1,
NULL, NULL, rnd_std_rand, NULL ) ==
MBEDTLS_ERR_PK_BAD_INPUT_DATA );
#endif /* MBEDTLS_HAVE_INT64 */
TEST_ASSERT( sig_len == RSA_KEY_LEN );
TEST_ASSERT( mbedtls_pk_verify( &rsa, MBEDTLS_MD_NONE,
hash, sizeof hash, sig, sig_len ) == 0 );
/* Test decrypt */
TEST_ASSERT( mbedtls_pk_encrypt( &rsa, msg, sizeof msg,
ciph, &ciph_len, sizeof ciph,
rnd_std_rand, NULL ) == 0 );
TEST_ASSERT( mbedtls_pk_decrypt( &alt, ciph, ciph_len,
test, &test_len, sizeof test,
rnd_std_rand, NULL ) == 0 );
TEST_ASSERT( test_len == sizeof msg );
TEST_ASSERT( memcmp( test, msg, test_len ) == 0 );
/* Test forbidden operations */
TEST_ASSERT( mbedtls_pk_encrypt( &alt, msg, sizeof msg,
ciph, &ciph_len, sizeof ciph,
rnd_std_rand, NULL ) == ret );
TEST_ASSERT( mbedtls_pk_verify( &alt, MBEDTLS_MD_NONE,
hash, sizeof hash, sig, sig_len ) == ret );
TEST_ASSERT( mbedtls_pk_debug( &alt, dbg_items ) == ret );
/* Exercise the alt context */
pk_rsa_match( &raw, &alt,
0, MBEDTLS_ERR_PK_TYPE_MISMATCH,
MBEDTLS_ERR_PK_TYPE_MISMATCH, 0,
MBEDTLS_ERR_PK_TYPE_MISMATCH );
exit:
mbedtls_rsa_free( &raw );
mbedtls_pk_free( &rsa ); mbedtls_pk_free( &alt );
mbedtls_pk_free( &alt );
}
/* END_CASE */
/* BEGIN_CASE */
void pk_opaque_mock( )
{
mbedtls_pk_info_t info =
MBEDTLS_PK_OPAQUE_INFO_1(
"mock"
, opaque_mock_get_bitlen
, opaque_mock_can_do
, opaque_mock_signature_size_func
, opaque_mock_verify_func
, opaque_mock_sign_func
, opaque_mock_decrypt_func
, opaque_mock_encrypt_func
, opaque_mock_check_pair_func
, opaque_mock_ctx_alloc_func
, opaque_mock_ctx_free_func
, opaque_mock_debug_func
);
mbedtls_pk_context ctx;
unsigned char sig[OPAQUE_MOCK_SIGNATURE_SIZE] = OPAQUE_MOCK_GOOD_SIGNATURE;
unsigned char input[sizeof( opaque_mock_reference_input )];
unsigned char output[sizeof( opaque_mock_reference_decrypted )] = "garbage";
size_t len;
mbedtls_pk_init( &ctx );
TEST_ASSERT( mbedtls_pk_setup( &ctx, &info ) == 0 );
TEST_ASSERT( mbedtls_pk_get_type( &ctx ) == MBEDTLS_PK_OPAQUE );
TEST_ASSERT( mbedtls_pk_get_name( &ctx ) == info.name );
TEST_ASSERT( mbedtls_pk_get_bitlen( &ctx ) == OPAQUE_MOCK_BITLEN );
TEST_ASSERT( mbedtls_pk_can_do( &ctx, OPAQUE_MOCK_CAN_DO ) == 1 );
TEST_ASSERT( mbedtls_pk_can_do( &ctx, OPAQUE_MOCK_CAN_DO ^ 1 ) == 0 );
TEST_ASSERT( mbedtls_pk_get_signature_size( &ctx ) == OPAQUE_MOCK_SIGNATURE_SIZE );
TEST_ASSERT( mbedtls_pk_verify( &ctx, OPAQUE_MOCK_MD_ALG,
opaque_mock_hash, sizeof( opaque_mock_hash ),
sig, OPAQUE_MOCK_SIGNATURE_SIZE ) == 0 );
TEST_ASSERT( mbedtls_pk_verify( &ctx, OPAQUE_MOCK_MD_ALG,
opaque_mock_hash, sizeof( opaque_mock_hash ),
sig, OPAQUE_MOCK_SIGNATURE_SIZE - 1 ) ==
MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );
sig[0] ^= 1;
TEST_ASSERT( mbedtls_pk_verify( &ctx, OPAQUE_MOCK_MD_ALG,
opaque_mock_hash, sizeof( opaque_mock_hash ),
sig, OPAQUE_MOCK_SIGNATURE_SIZE ) ==
MBEDTLS_ERR_PK_INVALID_SIGNATURE );
len = -42;
TEST_ASSERT( mbedtls_pk_sign( &ctx, OPAQUE_MOCK_MD_ALG,
opaque_mock_hash, sizeof( opaque_mock_hash ),
sig, &len, NULL, NULL ) == 0 );
TEST_ASSERT( len == OPAQUE_MOCK_SIGNATURE_SIZE );
memcpy( input, opaque_mock_reference_input,
sizeof( opaque_mock_reference_input ) );
len = -42;
TEST_ASSERT( mbedtls_pk_encrypt( &ctx, input, sizeof( input ),
output, &len,
sizeof( opaque_mock_reference_encrypted ),
NULL, NULL ) == 0);
TEST_ASSERT( memcmp( input, opaque_mock_reference_input,
sizeof( opaque_mock_reference_input ) ) == 0 );
TEST_ASSERT( len == sizeof( opaque_mock_reference_encrypted ) );
TEST_ASSERT( memcmp( output, opaque_mock_reference_encrypted,
sizeof( opaque_mock_reference_encrypted ) ) == 0 );
len = -42;
TEST_ASSERT( mbedtls_pk_decrypt( &ctx, input, sizeof( input ),
output, &len,
sizeof( opaque_mock_reference_decrypted ),
NULL, NULL ) == 0);
TEST_ASSERT( memcmp( input, opaque_mock_reference_input,
sizeof( opaque_mock_reference_input ) ) == 0 );
TEST_ASSERT( len == sizeof( opaque_mock_reference_decrypted ) );
TEST_ASSERT( memcmp( output, opaque_mock_reference_decrypted,
sizeof( opaque_mock_reference_decrypted ) ) == 0 );
TEST_ASSERT( mbedtls_pk_check_pair( NULL, &ctx ) ==
MBEDTLS_ERR_PK_BAD_INPUT_DATA );
TEST_ASSERT( mbedtls_pk_check_pair( &ctx, &ctx ) == 0 );
{
mbedtls_pk_context pub;
mbedtls_pk_init( &pub );
TEST_ASSERT( mbedtls_pk_check_pair( &pub, &ctx ) ==
MBEDTLS_ERR_PK_BAD_INPUT_DATA );
TEST_ASSERT( mbedtls_pk_setup( &pub,
mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 );
TEST_ASSERT( mbedtls_pk_check_pair( &pub, &ctx ) == 0 );
mbedtls_pk_free( &pub );
TEST_ASSERT( mbedtls_pk_setup( &pub,
mbedtls_pk_info_from_type( MBEDTLS_PK_ECDSA ) ) == 0 );
TEST_ASSERT( mbedtls_pk_check_pair( &pub, &ctx ) ==
MBEDTLS_ERR_PK_TYPE_MISMATCH );
mbedtls_pk_free( &pub );
}
opaque_mock_debug_called_correctly = 0;
TEST_ASSERT( mbedtls_pk_debug( &ctx, &opaque_mock_pk_debug_item ) == 0 );
TEST_ASSERT( opaque_mock_debug_called_correctly );
opaque_mock_free_called_correctly = 0;
mbedtls_pk_free( &ctx );
TEST_ASSERT( opaque_mock_free_called_correctly );
return;
exit:
mbedtls_pk_free( &ctx );
}
/* END_CASE */
/* BEGIN_CASE */
void pk_opaque_minimal( )
{
mbedtls_pk_info_t info =
MBEDTLS_PK_OPAQUE_INFO_1(
"mock"
, opaque_mock_get_bitlen
, opaque_mock_can_do
, NULL
, NULL
, NULL
, NULL
, NULL
, NULL
, NULL
, opaque_mock_ctx_free_func
, NULL
);
mbedtls_pk_context ctx;
mbedtls_pk_init( &ctx );
TEST_ASSERT( mbedtls_pk_setup( &ctx, &info ) == 0 );
ctx.pk_ctx = &opaque_mock_fake_ctx;
TEST_ASSERT( mbedtls_pk_get_type( &ctx ) == MBEDTLS_PK_OPAQUE );
TEST_ASSERT( mbedtls_pk_get_name( &ctx ) == info.name );
TEST_ASSERT( mbedtls_pk_get_bitlen( &ctx ) == OPAQUE_MOCK_BITLEN );
TEST_ASSERT( mbedtls_pk_can_do( &ctx, OPAQUE_MOCK_CAN_DO ) == 1 );
TEST_ASSERT( mbedtls_pk_can_do( &ctx, OPAQUE_MOCK_CAN_DO ^ 1 ) == 0 );
TEST_ASSERT( mbedtls_pk_get_signature_size( &ctx ) == 0 );
TEST_ASSERT( mbedtls_pk_verify( &ctx, OPAQUE_MOCK_MD_ALG,
NULL, 0, NULL, 0 ) ==
MBEDTLS_ERR_PK_TYPE_MISMATCH );
TEST_ASSERT( mbedtls_pk_sign( &ctx, OPAQUE_MOCK_MD_ALG, NULL, 0,
NULL, NULL, NULL, NULL ) ==
MBEDTLS_ERR_PK_TYPE_MISMATCH );
TEST_ASSERT( mbedtls_pk_encrypt( &ctx, NULL, 0,
NULL, NULL, 0, NULL, NULL ) ==
MBEDTLS_ERR_PK_TYPE_MISMATCH);
TEST_ASSERT( mbedtls_pk_decrypt( &ctx, NULL, 0,
NULL, NULL, 0, NULL, NULL ) ==
MBEDTLS_ERR_PK_TYPE_MISMATCH);
TEST_ASSERT( mbedtls_pk_check_pair( NULL, &ctx ) ==
MBEDTLS_ERR_PK_BAD_INPUT_DATA );
TEST_ASSERT( mbedtls_pk_check_pair( &ctx, &ctx ) == 0 );
{
mbedtls_pk_context pub;
mbedtls_pk_init( &pub );
TEST_ASSERT( mbedtls_pk_setup( &pub,
mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 );
TEST_ASSERT( mbedtls_pk_check_pair( &pub, &ctx ) ==
MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
mbedtls_pk_free( &pub );
}
TEST_ASSERT( mbedtls_pk_debug( &ctx, &opaque_mock_pk_debug_item ) ==
MBEDTLS_ERR_PK_TYPE_MISMATCH );
opaque_mock_free_called_correctly = 0;
mbedtls_pk_free( &ctx );
TEST_ASSERT( opaque_mock_free_called_correctly );
return;
exit:
mbedtls_pk_free( &ctx );
}
/* END_CASE */
/* BEGIN_CASE */
void pk_opaque_fail_allocation( )
{
mbedtls_pk_info_t info =
MBEDTLS_PK_OPAQUE_INFO_1(
"mock"
, opaque_mock_get_bitlen
, opaque_mock_can_do
, NULL
, NULL
, NULL
, NULL
, NULL
, NULL
, opaque_mock_ctx_alloc_fail
, NULL
, NULL
);
mbedtls_pk_context ctx;
mbedtls_pk_init( &ctx );
TEST_ASSERT( mbedtls_pk_setup( &ctx, &info ) ==
MBEDTLS_ERR_PK_ALLOC_FAILED );
TEST_ASSERT( ctx.pk_info == NULL );
TEST_ASSERT( ctx.pk_ctx == NULL );
exit:
mbedtls_pk_free( &ctx );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_RSA_C:MBEDTLS_PK_RSA_ALT_SUPPORT */
void pk_opaque_wrapper( )
{
/* Test an opaque context that's a wrapper around the usual RSA
implementation against an independent raw RSA context. */
mbedtls_pk_context opaque;
mbedtls_rsa_context raw;
const mbedtls_pk_info_t *mbedtls_rsa_info =
mbedtls_pk_info_from_type( MBEDTLS_PK_RSA );
mbedtls_pk_info_t pk_rsa_opaque_info =
MBEDTLS_PK_OPAQUE_INFO_1(
"RSA-opaque-wrapper"
, mbedtls_rsa_info->get_bitlen
, mbedtls_rsa_info->can_do
, mbedtls_rsa_info->signature_size_func
, mbedtls_rsa_info->verify_func
, mbedtls_rsa_info->sign_func
, mbedtls_rsa_info->decrypt_func
, mbedtls_rsa_info->encrypt_func
, NULL // we don't test check_pair here
, mbedtls_rsa_info->ctx_alloc_func
, mbedtls_rsa_info->ctx_free_func
, mbedtls_rsa_info->debug_func
);
/* Generate an RSA key to use in both contexts */
pk_rsa_prepare( &raw );
/* Set up the opaque context with the generated key */
mbedtls_pk_init( &opaque );
TEST_ASSERT( mbedtls_pk_setup( &opaque, &pk_rsa_opaque_info ) == 0 );
mbedtls_rsa_copy( opaque.pk_ctx, &raw );
/* Check the metadata in the opaque context */
TEST_ASSERT( mbedtls_pk_get_type( &opaque ) == MBEDTLS_PK_OPAQUE );
TEST_ASSERT( strcmp( mbedtls_pk_get_name( &opaque ),
"RSA-opaque-wrapper" ) == 0 );
/* Exercise the opaque context */
pk_rsa_match( &raw, &opaque, 0, 0, 0, 0, 0 );
exit:
mbedtls_rsa_free( &raw );
mbedtls_pk_free( &opaque );
}
/* END_CASE */

1
visualc/VS2010/mbedTLS.vcxproj
View file

@ -191,6 +191,7 @@
<ClInclude Include="..\..\include\mbedtls\padlock.h" />
<ClInclude Include="..\..\include\mbedtls\pem.h" />
<ClInclude Include="..\..\include\mbedtls\pk.h" />
<ClInclude Include="..\..\include\mbedtls\pk_info.h" />
<ClInclude Include="..\..\include\mbedtls\pk_internal.h" />
<ClInclude Include="..\..\include\mbedtls\pkcs11.h" />
<ClInclude Include="..\..\include\mbedtls\pkcs12.h" />