NCBI C++ ToolKit
pk_wrap.c
Go to the documentation of this file.

Go to the SVN repository for this file.

1 /*
2  * Public Key abstraction layer: wrapper functions
3  *
4  * Copyright The Mbed TLS Contributors
5  * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
6  */
7 
8 #include "common.h"
9 
10 #include "mbedtls/platform_util.h"
11 
12 #if defined(MBEDTLS_PK_C)
13 #include "pk_wrap.h"
14 #include "pk_internal.h"
15 #include "mbedtls/error.h"
16 #include "mbedtls/psa_util.h"
17 
18 /* Even if RSA not activated, for the sake of RSA-alt */
19 #include "mbedtls/rsa.h"
20 
21 #if defined(MBEDTLS_ECP_C)
22 #include "mbedtls/ecp.h"
23 #endif
24 
25 #if defined(MBEDTLS_ECDSA_C)
26 #include "mbedtls/ecdsa.h"
27 #endif
28 
29 #if defined(MBEDTLS_USE_PSA_CRYPTO)
30 #include "psa_util_internal.h"
31 #include "psa/crypto.h"
32 #include "mbedtls/psa_util.h"
33 
34 #if defined(MBEDTLS_RSA_C)
35 #include "pkwrite.h"
36 #include "rsa_internal.h"
37 #endif
38 
39 #if defined(MBEDTLS_PK_CAN_ECDSA_SOME)
40 #include "mbedtls/asn1write.h"
41 #include "mbedtls/asn1.h"
42 #endif
43 #endif /* MBEDTLS_USE_PSA_CRYPTO */
44 
45 #include "mbedtls/platform.h"
46 
47 #include <limits.h>
48 #include <stdint.h>
49 #include <string.h>
50 
51 #if defined(MBEDTLS_RSA_C)
52 static int rsa_can_do(mbedtls_pk_type_t type)
53 {
54  return type == MBEDTLS_PK_RSA ||
56 }
57 
58 static size_t rsa_get_bitlen(mbedtls_pk_context *pk)
59 {
60  const mbedtls_rsa_context *rsa = (const mbedtls_rsa_context *) pk->pk_ctx;
61  return mbedtls_rsa_get_bitlen(rsa);
62 }
63 
64 #if defined(MBEDTLS_USE_PSA_CRYPTO)
65 static int rsa_verify_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg,
66  const unsigned char *hash, size_t hash_len,
67  const unsigned char *sig, size_t sig_len)
68 {
69  mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) pk->pk_ctx;
73  psa_status_t status;
74  int key_len;
76  unsigned char *p = buf + sizeof(buf);
77  psa_algorithm_t psa_alg_md;
78  size_t rsa_len = mbedtls_rsa_get_len(rsa);
79 
80 #if SIZE_MAX > UINT_MAX
81  if (md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len) {
83  }
84 #endif
85 
87  psa_alg_md = PSA_ALG_RSA_PSS(mbedtls_md_psa_alg_from_type(md_alg));
88  } else {
89  psa_alg_md = PSA_ALG_RSA_PKCS1V15_SIGN(mbedtls_md_psa_alg_from_type(md_alg));
90  }
91 
92  if (sig_len < rsa_len) {
94  }
95 
96  key_len = mbedtls_rsa_write_pubkey(rsa, buf, &p);
97  if (key_len <= 0) {
99  }
100 
102  psa_set_key_algorithm(&attributes, psa_alg_md);
104 
105  status = psa_import_key(&attributes,
106  buf + sizeof(buf) - key_len, key_len,
107  &key_id);
108  if (status != PSA_SUCCESS) {
109  ret = PSA_PK_TO_MBEDTLS_ERR(status);
110  goto cleanup;
111  }
112 
113  status = psa_verify_hash(key_id, psa_alg_md, hash, hash_len,
114  sig, sig_len);
115  if (status != PSA_SUCCESS) {
116  ret = PSA_PK_RSA_TO_MBEDTLS_ERR(status);
117  goto cleanup;
118  }
119  ret = 0;
120 
121 cleanup:
122  status = psa_destroy_key(key_id);
123  if (ret == 0 && status != PSA_SUCCESS) {
124  ret = PSA_PK_TO_MBEDTLS_ERR(status);
125  }
126 
127  return ret;
128 }
129 #else /* MBEDTLS_USE_PSA_CRYPTO */
130 static int rsa_verify_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg,
131  const unsigned char *hash, size_t hash_len,
132  const unsigned char *sig, size_t sig_len)
133 {
135  mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) pk->pk_ctx;
136  size_t rsa_len = mbedtls_rsa_get_len(rsa);
137 
138 #if SIZE_MAX > UINT_MAX
139  if (md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len) {
141  }
142 #endif
143 
144  if (sig_len < rsa_len) {
146  }
147 
148  if ((ret = mbedtls_rsa_pkcs1_verify(rsa, md_alg,
149  (unsigned int) hash_len,
150  hash, sig)) != 0) {
151  return ret;
152  }
153 
154  /* The buffer contains a valid signature followed by extra data.
155  * We have a special error code for that so that so that callers can
156  * use mbedtls_pk_verify() to check "Does the buffer start with a
157  * valid signature?" and not just "Does the buffer contain a valid
158  * signature?". */
159  if (sig_len > rsa_len) {
161  }
162 
163  return 0;
164 }
165 #endif /* MBEDTLS_USE_PSA_CRYPTO */
166 
167 #if defined(MBEDTLS_USE_PSA_CRYPTO)
168 int mbedtls_pk_psa_rsa_sign_ext(psa_algorithm_t alg,
169  mbedtls_rsa_context *rsa_ctx,
170  const unsigned char *hash, size_t hash_len,
171  unsigned char *sig, size_t sig_size,
172  size_t *sig_len)
173 {
177  psa_status_t status;
178  int key_len;
179  unsigned char *buf = NULL;
180  unsigned char *p;
181 
183  if (buf == NULL) {
185  }
187 
188  *sig_len = mbedtls_rsa_get_len(rsa_ctx);
189  if (sig_size < *sig_len) {
190  mbedtls_free(buf);
192  }
193 
194  key_len = mbedtls_rsa_write_key(rsa_ctx, buf, &p);
195  if (key_len <= 0) {
196  mbedtls_free(buf);
198  }
202 
203  status = psa_import_key(&attributes,
204  buf + MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES - key_len, key_len,
205  &key_id);
206  if (status != PSA_SUCCESS) {
207  ret = PSA_PK_TO_MBEDTLS_ERR(status);
208  goto cleanup;
209  }
210  status = psa_sign_hash(key_id, alg, hash, hash_len,
211  sig, sig_size, sig_len);
212  if (status != PSA_SUCCESS) {
213  ret = PSA_PK_RSA_TO_MBEDTLS_ERR(status);
214  goto cleanup;
215  }
216 
217  ret = 0;
218 
219 cleanup:
220  mbedtls_free(buf);
221  status = psa_destroy_key(key_id);
222  if (ret == 0 && status != PSA_SUCCESS) {
223  ret = PSA_PK_TO_MBEDTLS_ERR(status);
224  }
225  return ret;
226 }
227 #endif /* MBEDTLS_USE_PSA_CRYPTO */
228 
229 #if defined(MBEDTLS_USE_PSA_CRYPTO)
230 static int rsa_sign_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg,
231  const unsigned char *hash, size_t hash_len,
232  unsigned char *sig, size_t sig_size, size_t *sig_len,
233  int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
234 {
235  ((void) f_rng);
236  ((void) p_rng);
237 
238  psa_algorithm_t psa_md_alg;
239  psa_md_alg = mbedtls_md_psa_alg_from_type(md_alg);
240  if (psa_md_alg == 0) {
242  }
243  psa_algorithm_t psa_alg;
244  if (mbedtls_rsa_get_padding_mode(mbedtls_pk_rsa(*pk)) == MBEDTLS_RSA_PKCS_V21) {
245  psa_alg = PSA_ALG_RSA_PSS(psa_md_alg);
246  } else {
247  psa_alg = PSA_ALG_RSA_PKCS1V15_SIGN(psa_md_alg);
248  }
249 
250  return mbedtls_pk_psa_rsa_sign_ext(psa_alg, pk->pk_ctx, hash, hash_len,
251  sig, sig_size, sig_len);
252 }
253 #else /* MBEDTLS_USE_PSA_CRYPTO */
254 static int rsa_sign_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg,
255  const unsigned char *hash, size_t hash_len,
256  unsigned char *sig, size_t sig_size, size_t *sig_len,
257  int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
258 {
259  mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) pk->pk_ctx;
260 
261 #if SIZE_MAX > UINT_MAX
262  if (md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len) {
264  }
265 #endif
266 
267  *sig_len = mbedtls_rsa_get_len(rsa);
268  if (sig_size < *sig_len) {
270  }
271 
272  return mbedtls_rsa_pkcs1_sign(rsa, f_rng, p_rng,
273  md_alg, (unsigned int) hash_len,
274  hash, sig);
275 }
276 #endif /* MBEDTLS_USE_PSA_CRYPTO */
277 
278 #if defined(MBEDTLS_USE_PSA_CRYPTO)
279 static int rsa_decrypt_wrap(mbedtls_pk_context *pk,
280  const unsigned char *input, size_t ilen,
281  unsigned char *output, size_t *olen, size_t osize,
282  int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
283 {
284  mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) pk->pk_ctx;
288  psa_algorithm_t psa_md_alg, decrypt_alg;
289  psa_status_t status;
290  int key_len;
291  unsigned char buf[MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES];
292  unsigned char *p = buf + sizeof(buf);
293 
294  ((void) f_rng);
295  ((void) p_rng);
296 
297  if (ilen != mbedtls_rsa_get_len(rsa)) {
299  }
300 
301  key_len = mbedtls_rsa_write_key(rsa, buf, &p);
302  if (key_len <= 0) {
304  }
305 
309  psa_md_alg = mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) mbedtls_rsa_get_md_alg(rsa));
310  decrypt_alg = PSA_ALG_RSA_OAEP(psa_md_alg);
311  } else {
312  decrypt_alg = PSA_ALG_RSA_PKCS1V15_CRYPT;
313  }
314  psa_set_key_algorithm(&attributes, decrypt_alg);
315 
316  status = psa_import_key(&attributes,
317  buf + sizeof(buf) - key_len, key_len,
318  &key_id);
319  if (status != PSA_SUCCESS) {
320  ret = PSA_PK_TO_MBEDTLS_ERR(status);
321  goto cleanup;
322  }
323 
324  status = psa_asymmetric_decrypt(key_id, decrypt_alg,
325  input, ilen,
326  NULL, 0,
327  output, osize, olen);
328  if (status != PSA_SUCCESS) {
329  ret = PSA_PK_RSA_TO_MBEDTLS_ERR(status);
330  goto cleanup;
331  }
332 
333  ret = 0;
334 
335 cleanup:
336  mbedtls_platform_zeroize(buf, sizeof(buf));
337  status = psa_destroy_key(key_id);
338  if (ret == 0 && status != PSA_SUCCESS) {
339  ret = PSA_PK_TO_MBEDTLS_ERR(status);
340  }
341 
342  return ret;
343 }
344 #else /* MBEDTLS_USE_PSA_CRYPTO */
345 static int rsa_decrypt_wrap(mbedtls_pk_context *pk,
346  const unsigned char *input, size_t ilen,
347  unsigned char *output, size_t *olen, size_t osize,
348  int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
349 {
350  mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) pk->pk_ctx;
351 
352  if (ilen != mbedtls_rsa_get_len(rsa)) {
354  }
355 
356  return mbedtls_rsa_pkcs1_decrypt(rsa, f_rng, p_rng,
357  olen, input, output, osize);
358 }
359 #endif /* MBEDTLS_USE_PSA_CRYPTO */
360 
361 #if defined(MBEDTLS_USE_PSA_CRYPTO)
362 static int rsa_encrypt_wrap(mbedtls_pk_context *pk,
363  const unsigned char *input, size_t ilen,
364  unsigned char *output, size_t *olen, size_t osize,
365  int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
366 {
367  mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) pk->pk_ctx;
371  psa_algorithm_t psa_md_alg, psa_encrypt_alg;
372  psa_status_t status;
373  int key_len;
374  unsigned char buf[MBEDTLS_PK_RSA_PUB_DER_MAX_BYTES];
375  unsigned char *p = buf + sizeof(buf);
376 
377  ((void) f_rng);
378  ((void) p_rng);
379 
380  if (mbedtls_rsa_get_len(rsa) > osize) {
382  }
383 
384  key_len = mbedtls_rsa_write_pubkey(rsa, buf, &p);
385  if (key_len <= 0) {
387  }
388 
391  psa_md_alg = mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) mbedtls_rsa_get_md_alg(rsa));
392  psa_encrypt_alg = PSA_ALG_RSA_OAEP(psa_md_alg);
393  } else {
394  psa_encrypt_alg = PSA_ALG_RSA_PKCS1V15_CRYPT;
395  }
396  psa_set_key_algorithm(&attributes, psa_encrypt_alg);
398 
399  status = psa_import_key(&attributes,
400  buf + sizeof(buf) - key_len, key_len,
401  &key_id);
402  if (status != PSA_SUCCESS) {
403  ret = PSA_PK_TO_MBEDTLS_ERR(status);
404  goto cleanup;
405  }
406 
407  status = psa_asymmetric_encrypt(key_id, psa_encrypt_alg,
408  input, ilen,
409  NULL, 0,
410  output, osize, olen);
411  if (status != PSA_SUCCESS) {
412  ret = PSA_PK_RSA_TO_MBEDTLS_ERR(status);
413  goto cleanup;
414  }
415 
416  ret = 0;
417 
418 cleanup:
419  status = psa_destroy_key(key_id);
420  if (ret == 0 && status != PSA_SUCCESS) {
421  ret = PSA_PK_TO_MBEDTLS_ERR(status);
422  }
423 
424  return ret;
425 }
426 #else /* MBEDTLS_USE_PSA_CRYPTO */
427 static int rsa_encrypt_wrap(mbedtls_pk_context *pk,
428  const unsigned char *input, size_t ilen,
429  unsigned char *output, size_t *olen, size_t osize,
430  int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
431 {
432  mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) pk->pk_ctx;
433  *olen = mbedtls_rsa_get_len(rsa);
434 
435  if (*olen > osize) {
437  }
438 
439  return mbedtls_rsa_pkcs1_encrypt(rsa, f_rng, p_rng,
440  ilen, input, output);
441 }
442 #endif /* MBEDTLS_USE_PSA_CRYPTO */
443 
444 static int rsa_check_pair_wrap(mbedtls_pk_context *pub, mbedtls_pk_context *prv,
445  int (*f_rng)(void *, unsigned char *, size_t),
446  void *p_rng)
447 {
448  (void) f_rng;
449  (void) p_rng;
450  return mbedtls_rsa_check_pub_priv((const mbedtls_rsa_context *) pub->pk_ctx,
451  (const mbedtls_rsa_context *) prv->pk_ctx);
452 }
453 
454 static void *rsa_alloc_wrap(void)
455 {
456  void *ctx = mbedtls_calloc(1, sizeof(mbedtls_rsa_context));
457 
458  if (ctx != NULL) {
460  }
461 
462  return ctx;
463 }
464 
465 static void rsa_free_wrap(void *ctx)
466 {
468  mbedtls_free(ctx);
469 }
470 
471 static void rsa_debug(mbedtls_pk_context *pk, mbedtls_pk_debug_item *items)
472 {
473 #if defined(MBEDTLS_RSA_ALT)
474  /* Not supported */
475  (void) pk;
476  (void) items;
477 #else
478  mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) pk->pk_ctx;
479 
480  items->type = MBEDTLS_PK_DEBUG_MPI;
481  items->name = "rsa.N";
482  items->value = &(rsa->N);
483 
484  items++;
485 
486  items->type = MBEDTLS_PK_DEBUG_MPI;
487  items->name = "rsa.E";
488  items->value = &(rsa->E);
489 #endif
490 }
491 
493  .type = MBEDTLS_PK_RSA,
494  .name = "RSA",
495  .get_bitlen = rsa_get_bitlen,
496  .can_do = rsa_can_do,
497  .verify_func = rsa_verify_wrap,
498  .sign_func = rsa_sign_wrap,
499 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
500  .verify_rs_func = NULL,
501  .sign_rs_func = NULL,
502  .rs_alloc_func = NULL,
503  .rs_free_func = NULL,
504 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
505  .decrypt_func = rsa_decrypt_wrap,
506  .encrypt_func = rsa_encrypt_wrap,
507  .check_pair_func = rsa_check_pair_wrap,
508  .ctx_alloc_func = rsa_alloc_wrap,
509  .ctx_free_func = rsa_free_wrap,
510  .debug_func = rsa_debug,
511 };
512 #endif /* MBEDTLS_RSA_C */
513 
514 #if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
515 /*
516  * Generic EC key
517  */
518 static int eckey_can_do(mbedtls_pk_type_t type)
519 {
520  return type == MBEDTLS_PK_ECKEY ||
523 }
524 
525 static size_t eckey_get_bitlen(mbedtls_pk_context *pk)
526 {
527 #if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
528  return pk->ec_bits;
529 #else /* MBEDTLS_PK_USE_PSA_EC_DATA */
530  mbedtls_ecp_keypair *ecp = (mbedtls_ecp_keypair *) pk->pk_ctx;
531  return ecp->grp.pbits;
532 #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
533 }
534 
535 #if defined(MBEDTLS_PK_CAN_ECDSA_VERIFY)
536 #if defined(MBEDTLS_USE_PSA_CRYPTO)
537 /* Common helper for ECDSA verify using PSA functions. */
538 static int ecdsa_verify_psa(unsigned char *key, size_t key_len,
539  psa_ecc_family_t curve, size_t curve_bits,
540  const unsigned char *hash, size_t hash_len,
541  const unsigned char *sig, size_t sig_len)
542 {
546  psa_algorithm_t psa_sig_md = PSA_ALG_ECDSA_ANY;
547  size_t signature_len = PSA_ECDSA_SIGNATURE_SIZE(curve_bits);
548  size_t converted_sig_len;
549  unsigned char extracted_sig[PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE];
550  unsigned char *p;
551  psa_status_t status;
552 
553  if (curve == 0) {
555  }
556 
559  psa_set_key_algorithm(&attributes, psa_sig_md);
560 
561  status = psa_import_key(&attributes, key, key_len, &key_id);
562  if (status != PSA_SUCCESS) {
563  ret = PSA_PK_TO_MBEDTLS_ERR(status);
564  goto cleanup;
565  }
566 
567  if (signature_len > sizeof(extracted_sig)) {
569  goto cleanup;
570  }
571 
572  p = (unsigned char *) sig;
573  ret = mbedtls_ecdsa_der_to_raw(curve_bits, p, sig_len, extracted_sig,
574  sizeof(extracted_sig), &converted_sig_len);
575  if (ret != 0) {
576  goto cleanup;
577  }
578 
579  if (converted_sig_len != signature_len) {
581  goto cleanup;
582  }
583 
584  status = psa_verify_hash(key_id, psa_sig_md, hash, hash_len,
585  extracted_sig, signature_len);
586  if (status != PSA_SUCCESS) {
587  ret = PSA_PK_ECDSA_TO_MBEDTLS_ERR(status);
588  goto cleanup;
589  }
590 
591  ret = 0;
592 
593 cleanup:
594  status = psa_destroy_key(key_id);
595  if (ret == 0 && status != PSA_SUCCESS) {
596  ret = PSA_PK_TO_MBEDTLS_ERR(status);
597  }
598 
599  return ret;
600 }
601 
602 static int ecdsa_opaque_verify_wrap(mbedtls_pk_context *pk,
603  mbedtls_md_type_t md_alg,
604  const unsigned char *hash, size_t hash_len,
605  const unsigned char *sig, size_t sig_len)
606 {
607  (void) md_alg;
608  unsigned char key[MBEDTLS_PK_MAX_EC_PUBKEY_RAW_LEN];
609  size_t key_len;
611  psa_ecc_family_t curve;
612  size_t curve_bits;
613  psa_status_t status;
614 
615  status = psa_get_key_attributes(pk->priv_id, &key_attr);
616  if (status != PSA_SUCCESS) {
617  return PSA_PK_ECDSA_TO_MBEDTLS_ERR(status);
618  }
619  curve = PSA_KEY_TYPE_ECC_GET_FAMILY(psa_get_key_type(&key_attr));
620  curve_bits = psa_get_key_bits(&key_attr);
621  psa_reset_key_attributes(&key_attr);
622 
623  status = psa_export_public_key(pk->priv_id, key, sizeof(key), &key_len);
624  if (status != PSA_SUCCESS) {
625  return PSA_PK_ECDSA_TO_MBEDTLS_ERR(status);
626  }
627 
628  return ecdsa_verify_psa(key, key_len, curve, curve_bits,
629  hash, hash_len, sig, sig_len);
630 }
631 
632 #if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
633 static int ecdsa_verify_wrap(mbedtls_pk_context *pk,
634  mbedtls_md_type_t md_alg,
635  const unsigned char *hash, size_t hash_len,
636  const unsigned char *sig, size_t sig_len)
637 {
638  (void) md_alg;
639  psa_ecc_family_t curve = pk->ec_family;
640  size_t curve_bits = pk->ec_bits;
641 
642  return ecdsa_verify_psa(pk->pub_raw, pk->pub_raw_len, curve, curve_bits,
643  hash, hash_len, sig, sig_len);
644 }
645 #else /* MBEDTLS_PK_USE_PSA_EC_DATA */
646 static int ecdsa_verify_wrap(mbedtls_pk_context *pk,
647  mbedtls_md_type_t md_alg,
648  const unsigned char *hash, size_t hash_len,
649  const unsigned char *sig, size_t sig_len)
650 {
651  (void) md_alg;
653  mbedtls_ecp_keypair *ctx = pk->pk_ctx;
654  unsigned char key[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH];
655  size_t key_len;
656  size_t curve_bits;
657  psa_ecc_family_t curve = mbedtls_ecc_group_to_psa(ctx->grp.id, &curve_bits);
658 
659  ret = mbedtls_ecp_point_write_binary(&ctx->grp, &ctx->Q,
661  &key_len, key, sizeof(key));
662  if (ret != 0) {
663  return ret;
664  }
665 
666  return ecdsa_verify_psa(key, key_len, curve, curve_bits,
667  hash, hash_len, sig, sig_len);
668 }
669 #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
670 #else /* MBEDTLS_USE_PSA_CRYPTO */
671 static int ecdsa_verify_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg,
672  const unsigned char *hash, size_t hash_len,
673  const unsigned char *sig, size_t sig_len)
674 {
676  ((void) md_alg);
677 
679  hash, hash_len, sig, sig_len);
680 
683  }
684 
685  return ret;
686 }
687 #endif /* MBEDTLS_USE_PSA_CRYPTO */
688 #endif /* MBEDTLS_PK_CAN_ECDSA_VERIFY */
689 
690 #if defined(MBEDTLS_PK_CAN_ECDSA_SIGN)
691 #if defined(MBEDTLS_USE_PSA_CRYPTO)
692 /* Common helper for ECDSA sign using PSA functions.
693  * Instead of extracting key's properties in order to check which kind of ECDSA
694  * signature it supports, we try both deterministic and non-deterministic.
695  */
696 static int ecdsa_sign_psa(mbedtls_svc_key_id_t key_id, mbedtls_md_type_t md_alg,
697  const unsigned char *hash, size_t hash_len,
698  unsigned char *sig, size_t sig_size, size_t *sig_len)
699 {
701  psa_status_t status;
703  size_t key_bits = 0;
704 
705  status = psa_get_key_attributes(key_id, &key_attr);
706  if (status != PSA_SUCCESS) {
707  return PSA_PK_ECDSA_TO_MBEDTLS_ERR(status);
708  }
709  key_bits = psa_get_key_bits(&key_attr);
710  psa_reset_key_attributes(&key_attr);
711 
712  status = psa_sign_hash(key_id,
713  PSA_ALG_DETERMINISTIC_ECDSA(mbedtls_md_psa_alg_from_type(md_alg)),
714  hash, hash_len, sig, sig_size, sig_len);
715  if (status == PSA_SUCCESS) {
716  goto done;
717  } else if (status != PSA_ERROR_NOT_PERMITTED) {
718  return PSA_PK_ECDSA_TO_MBEDTLS_ERR(status);
719  }
720 
721  status = psa_sign_hash(key_id,
722  PSA_ALG_ECDSA(mbedtls_md_psa_alg_from_type(md_alg)),
723  hash, hash_len, sig, sig_size, sig_len);
724  if (status != PSA_SUCCESS) {
725  return PSA_PK_ECDSA_TO_MBEDTLS_ERR(status);
726  }
727 
728 done:
729  ret = mbedtls_ecdsa_raw_to_der(key_bits, sig, *sig_len, sig, sig_size, sig_len);
730 
731  return ret;
732 }
733 
734 static int ecdsa_opaque_sign_wrap(mbedtls_pk_context *pk,
735  mbedtls_md_type_t md_alg,
736  const unsigned char *hash, size_t hash_len,
737  unsigned char *sig, size_t sig_size,
738  size_t *sig_len,
739  int (*f_rng)(void *, unsigned char *, size_t),
740  void *p_rng)
741 {
742  ((void) f_rng);
743  ((void) p_rng);
744 
745  return ecdsa_sign_psa(pk->priv_id, md_alg, hash, hash_len, sig, sig_size,
746  sig_len);
747 }
748 
749 #if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
750 /* When PK_USE_PSA_EC_DATA is defined opaque and non-opaque keys end up
751  * using the same function. */
752 #define ecdsa_sign_wrap ecdsa_opaque_sign_wrap
753 #else /* MBEDTLS_PK_USE_PSA_EC_DATA */
754 static int ecdsa_sign_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg,
755  const unsigned char *hash, size_t hash_len,
756  unsigned char *sig, size_t sig_size, size_t *sig_len,
757  int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
758 {
761  psa_status_t status;
762  mbedtls_ecp_keypair *ctx = pk->pk_ctx;
764  unsigned char buf[MBEDTLS_PSA_MAX_EC_KEY_PAIR_LENGTH];
765  size_t curve_bits;
766  psa_ecc_family_t curve =
767  mbedtls_ecc_group_to_psa(ctx->grp.id, &curve_bits);
768  size_t key_len = PSA_BITS_TO_BYTES(curve_bits);
769  psa_algorithm_t psa_hash = mbedtls_md_psa_alg_from_type(md_alg);
771  ((void) f_rng);
772  ((void) p_rng);
773 
774  if (curve == 0) {
776  }
777 
778  if (key_len > sizeof(buf)) {
780  }
781  ret = mbedtls_mpi_write_binary(&ctx->d, buf, key_len);
782  if (ret != 0) {
783  goto cleanup;
784  }
785 
788  psa_set_key_algorithm(&attributes, psa_sig_md);
789 
790  status = psa_import_key(&attributes, buf, key_len, &key_id);
791  if (status != PSA_SUCCESS) {
792  ret = PSA_PK_TO_MBEDTLS_ERR(status);
793  goto cleanup;
794  }
795 
796  ret = ecdsa_sign_psa(key_id, md_alg, hash, hash_len, sig, sig_size, sig_len);
797 
798 cleanup:
799  mbedtls_platform_zeroize(buf, sizeof(buf));
800  status = psa_destroy_key(key_id);
801  if (ret == 0 && status != PSA_SUCCESS) {
802  ret = PSA_PK_TO_MBEDTLS_ERR(status);
803  }
804 
805  return ret;
806 }
807 #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
808 #else /* MBEDTLS_USE_PSA_CRYPTO */
809 static int ecdsa_sign_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg,
810  const unsigned char *hash, size_t hash_len,
811  unsigned char *sig, size_t sig_size, size_t *sig_len,
812  int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
813 {
815  md_alg, hash, hash_len,
816  sig, sig_size, sig_len,
817  f_rng, p_rng);
818 }
819 #endif /* MBEDTLS_USE_PSA_CRYPTO */
820 #endif /* MBEDTLS_PK_CAN_ECDSA_SIGN */
821 
822 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
823 /* Forward declarations */
824 static int ecdsa_verify_rs_wrap(mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
825  const unsigned char *hash, size_t hash_len,
826  const unsigned char *sig, size_t sig_len,
827  void *rs_ctx);
828 
829 static int ecdsa_sign_rs_wrap(mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
830  const unsigned char *hash, size_t hash_len,
831  unsigned char *sig, size_t sig_size, size_t *sig_len,
832  int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
833  void *rs_ctx);
834 
835 /*
836  * Restart context for ECDSA operations with ECKEY context
837  *
838  * We need to store an actual ECDSA context, as we need to pass the same to
839  * the underlying ecdsa function, so we can't create it on the fly every time.
840  */
841 typedef struct {
842  mbedtls_ecdsa_restart_ctx ecdsa_rs;
843  mbedtls_ecdsa_context ecdsa_ctx;
844 } eckey_restart_ctx;
845 
846 static void *eckey_rs_alloc(void)
847 {
848  eckey_restart_ctx *rs_ctx;
849 
850  void *ctx = mbedtls_calloc(1, sizeof(eckey_restart_ctx));
851 
852  if (ctx != NULL) {
853  rs_ctx = ctx;
854  mbedtls_ecdsa_restart_init(&rs_ctx->ecdsa_rs);
855  mbedtls_ecdsa_init(&rs_ctx->ecdsa_ctx);
856  }
857 
858  return ctx;
859 }
860 
861 static void eckey_rs_free(void *ctx)
862 {
863  eckey_restart_ctx *rs_ctx;
864 
865  if (ctx == NULL) {
866  return;
867  }
868 
869  rs_ctx = ctx;
870  mbedtls_ecdsa_restart_free(&rs_ctx->ecdsa_rs);
871  mbedtls_ecdsa_free(&rs_ctx->ecdsa_ctx);
872 
873  mbedtls_free(ctx);
874 }
875 
876 static int eckey_verify_rs_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg,
877  const unsigned char *hash, size_t hash_len,
878  const unsigned char *sig, size_t sig_len,
879  void *rs_ctx)
880 {
882  eckey_restart_ctx *rs = rs_ctx;
883 
884  /* Should never happen */
885  if (rs == NULL) {
887  }
888 
889  /* set up our own sub-context if needed (that is, on first run) */
890  if (rs->ecdsa_ctx.grp.pbits == 0) {
891  MBEDTLS_MPI_CHK(mbedtls_ecdsa_from_keypair(&rs->ecdsa_ctx, pk->pk_ctx));
892  }
893 
894  MBEDTLS_MPI_CHK(ecdsa_verify_rs_wrap(pk,
895  md_alg, hash, hash_len,
896  sig, sig_len, &rs->ecdsa_rs));
897 
898 cleanup:
899  return ret;
900 }
901 
902 static int eckey_sign_rs_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg,
903  const unsigned char *hash, size_t hash_len,
904  unsigned char *sig, size_t sig_size, size_t *sig_len,
905  int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
906  void *rs_ctx)
907 {
909  eckey_restart_ctx *rs = rs_ctx;
910 
911  /* Should never happen */
912  if (rs == NULL) {
914  }
915 
916  /* set up our own sub-context if needed (that is, on first run) */
917  if (rs->ecdsa_ctx.grp.pbits == 0) {
918  MBEDTLS_MPI_CHK(mbedtls_ecdsa_from_keypair(&rs->ecdsa_ctx, pk->pk_ctx));
919  }
920 
921  MBEDTLS_MPI_CHK(ecdsa_sign_rs_wrap(pk, md_alg,
922  hash, hash_len, sig, sig_size, sig_len,
923  f_rng, p_rng, &rs->ecdsa_rs));
924 
925 cleanup:
926  return ret;
927 }
928 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
929 
930 #if defined(MBEDTLS_USE_PSA_CRYPTO)
931 #if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
932 static int eckey_check_pair_psa(mbedtls_pk_context *pub, mbedtls_pk_context *prv)
933 {
934  psa_status_t status;
936  uint8_t prv_key_buf[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH];
937  size_t prv_key_len;
938  mbedtls_svc_key_id_t key_id = prv->priv_id;
939 
940  status = psa_export_public_key(key_id, prv_key_buf, sizeof(prv_key_buf),
941  &prv_key_len);
942  ret = PSA_PK_TO_MBEDTLS_ERR(status);
943  if (ret != 0) {
944  return ret;
945  }
946 
947  if (memcmp(prv_key_buf, pub->pub_raw, pub->pub_raw_len) != 0) {
949  }
950 
951  return 0;
952 }
953 #else /* MBEDTLS_PK_USE_PSA_EC_DATA */
954 static int eckey_check_pair_psa(mbedtls_pk_context *pub, mbedtls_pk_context *prv)
955 {
956  psa_status_t status;
958  uint8_t prv_key_buf[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH];
959  size_t prv_key_len;
960  psa_status_t destruction_status;
963  uint8_t pub_key_buf[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH];
964  size_t pub_key_len;
965  size_t curve_bits;
966  const psa_ecc_family_t curve =
967  mbedtls_ecc_group_to_psa(mbedtls_pk_ec_ro(*prv)->grp.id, &curve_bits);
968  const size_t curve_bytes = PSA_BITS_TO_BYTES(curve_bits);
969 
970  if (curve == 0) {
972  }
973 
974  psa_set_key_type(&key_attr, PSA_KEY_TYPE_ECC_KEY_PAIR(curve));
976 
977  ret = mbedtls_mpi_write_binary(&mbedtls_pk_ec_ro(*prv)->d,
978  prv_key_buf, curve_bytes);
979  if (ret != 0) {
980  mbedtls_platform_zeroize(prv_key_buf, sizeof(prv_key_buf));
981  return ret;
982  }
983 
984  status = psa_import_key(&key_attr, prv_key_buf, curve_bytes, &key_id);
985  mbedtls_platform_zeroize(prv_key_buf, sizeof(prv_key_buf));
986  ret = PSA_PK_TO_MBEDTLS_ERR(status);
987  if (ret != 0) {
988  return ret;
989  }
990 
991  // From now on prv_key_buf is used to store the public key of prv.
992  status = psa_export_public_key(key_id, prv_key_buf, sizeof(prv_key_buf),
993  &prv_key_len);
994  ret = PSA_PK_TO_MBEDTLS_ERR(status);
995  destruction_status = psa_destroy_key(key_id);
996  if (ret != 0) {
997  return ret;
998  } else if (destruction_status != PSA_SUCCESS) {
999  return PSA_PK_TO_MBEDTLS_ERR(destruction_status);
1000  }
1001 
1002  ret = mbedtls_ecp_point_write_binary(&mbedtls_pk_ec_rw(*pub)->grp,
1003  &mbedtls_pk_ec_rw(*pub)->Q,
1005  &pub_key_len, pub_key_buf,
1006  sizeof(pub_key_buf));
1007  if (ret != 0) {
1008  return ret;
1009  }
1010 
1011  if (memcmp(prv_key_buf, pub_key_buf, curve_bytes) != 0) {
1013  }
1014 
1015  return 0;
1016 }
1017 #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
1018 
1019 static int eckey_check_pair_wrap(mbedtls_pk_context *pub, mbedtls_pk_context *prv,
1020  int (*f_rng)(void *, unsigned char *, size_t),
1021  void *p_rng)
1022 {
1023  (void) f_rng;
1024  (void) p_rng;
1025  return eckey_check_pair_psa(pub, prv);
1026 }
1027 #else /* MBEDTLS_USE_PSA_CRYPTO */
1028 static int eckey_check_pair_wrap(mbedtls_pk_context *pub, mbedtls_pk_context *prv,
1029  int (*f_rng)(void *, unsigned char *, size_t),
1030  void *p_rng)
1031 {
1032  return mbedtls_ecp_check_pub_priv((const mbedtls_ecp_keypair *) pub->pk_ctx,
1033  (const mbedtls_ecp_keypair *) prv->pk_ctx,
1034  f_rng, p_rng);
1035 }
1036 #endif /* MBEDTLS_USE_PSA_CRYPTO */
1037 
1038 #if defined(MBEDTLS_USE_PSA_CRYPTO)
1039 #if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
1040 /* When PK_USE_PSA_EC_DATA is defined opaque and non-opaque keys end up
1041  * using the same function. */
1042 #define ecdsa_opaque_check_pair_wrap eckey_check_pair_wrap
1043 #else /* MBEDTLS_PK_USE_PSA_EC_DATA */
1044 static int ecdsa_opaque_check_pair_wrap(mbedtls_pk_context *pub,
1045  mbedtls_pk_context *prv,
1046  int (*f_rng)(void *, unsigned char *, size_t),
1047  void *p_rng)
1048 {
1049  psa_status_t status;
1051  size_t exp_pub_key_len = 0;
1053  size_t pub_key_len = 0;
1054  int ret;
1055  (void) f_rng;
1056  (void) p_rng;
1057 
1058  status = psa_export_public_key(prv->priv_id, exp_pub_key, sizeof(exp_pub_key),
1059  &exp_pub_key_len);
1060  if (status != PSA_SUCCESS) {
1061  ret = psa_pk_status_to_mbedtls(status);
1062  return ret;
1063  }
1064  ret = mbedtls_ecp_point_write_binary(&(mbedtls_pk_ec_ro(*pub)->grp),
1065  &(mbedtls_pk_ec_ro(*pub)->Q),
1067  &pub_key_len, pub_key, sizeof(pub_key));
1068  if (ret != 0) {
1069  return ret;
1070  }
1071  if ((exp_pub_key_len != pub_key_len) ||
1072  memcmp(exp_pub_key, pub_key, exp_pub_key_len)) {
1074  }
1075  return 0;
1076 }
1077 #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
1078 #endif /* MBEDTLS_USE_PSA_CRYPTO */
1079 
1080 #if !defined(MBEDTLS_PK_USE_PSA_EC_DATA)
1081 static void *eckey_alloc_wrap(void)
1082 {
1083  void *ctx = mbedtls_calloc(1, sizeof(mbedtls_ecp_keypair));
1084 
1085  if (ctx != NULL) {
1087  }
1088 
1089  return ctx;
1090 }
1091 
1092 static void eckey_free_wrap(void *ctx)
1093 {
1095  mbedtls_free(ctx);
1096 }
1097 #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
1098 
1099 static void eckey_debug(mbedtls_pk_context *pk, mbedtls_pk_debug_item *items)
1100 {
1101 #if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
1102  items->type = MBEDTLS_PK_DEBUG_PSA_EC;
1103  items->name = "eckey.Q";
1104  items->value = pk;
1105 #else /* MBEDTLS_PK_USE_PSA_EC_DATA */
1106  mbedtls_ecp_keypair *ecp = (mbedtls_ecp_keypair *) pk->pk_ctx;
1107  items->type = MBEDTLS_PK_DEBUG_ECP;
1108  items->name = "eckey.Q";
1109  items->value = &(ecp->Q);
1110 #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
1111 }
1112 
1114  .type = MBEDTLS_PK_ECKEY,
1115  .name = "EC",
1116  .get_bitlen = eckey_get_bitlen,
1117  .can_do = eckey_can_do,
1118 #if defined(MBEDTLS_PK_CAN_ECDSA_VERIFY)
1119  .verify_func = ecdsa_verify_wrap, /* Compatible key structures */
1120 #else /* MBEDTLS_PK_CAN_ECDSA_VERIFY */
1121  .verify_func = NULL,
1122 #endif /* MBEDTLS_PK_CAN_ECDSA_VERIFY */
1123 #if defined(MBEDTLS_PK_CAN_ECDSA_SIGN)
1124  .sign_func = ecdsa_sign_wrap, /* Compatible key structures */
1125 #else /* MBEDTLS_PK_CAN_ECDSA_VERIFY */
1126  .sign_func = NULL,
1127 #endif /* MBEDTLS_PK_CAN_ECDSA_VERIFY */
1128 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
1129  .verify_rs_func = eckey_verify_rs_wrap,
1130  .sign_rs_func = eckey_sign_rs_wrap,
1131  .rs_alloc_func = eckey_rs_alloc,
1132  .rs_free_func = eckey_rs_free,
1133 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
1134  .decrypt_func = NULL,
1135  .encrypt_func = NULL,
1136  .check_pair_func = eckey_check_pair_wrap,
1137 #if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
1138  .ctx_alloc_func = NULL,
1139  .ctx_free_func = NULL,
1140 #else /* MBEDTLS_PK_USE_PSA_EC_DATA */
1141  .ctx_alloc_func = eckey_alloc_wrap,
1142  .ctx_free_func = eckey_free_wrap,
1143 #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
1144  .debug_func = eckey_debug,
1145 };
1146 
1147 /*
1148  * EC key restricted to ECDH
1149  */
1150 static int eckeydh_can_do(mbedtls_pk_type_t type)
1151 {
1152  return type == MBEDTLS_PK_ECKEY ||
1154 }
1155 
1157  .type = MBEDTLS_PK_ECKEY_DH,
1158  .name = "EC_DH",
1159  .get_bitlen = eckey_get_bitlen, /* Same underlying key structure */
1160  .can_do = eckeydh_can_do,
1161  .verify_func = NULL,
1162  .sign_func = NULL,
1163 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
1164  .verify_rs_func = NULL,
1165  .sign_rs_func = NULL,
1166 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
1167  .decrypt_func = NULL,
1168  .encrypt_func = NULL,
1169  .check_pair_func = eckey_check_pair_wrap,
1170 #if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
1171  .ctx_alloc_func = NULL,
1172  .ctx_free_func = NULL,
1173 #else /* MBEDTLS_PK_USE_PSA_EC_DATA */
1174  .ctx_alloc_func = eckey_alloc_wrap, /* Same underlying key structure */
1175  .ctx_free_func = eckey_free_wrap, /* Same underlying key structure */
1176 #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
1177  .debug_func = eckey_debug, /* Same underlying key structure */
1178 };
1179 
1180 #if defined(MBEDTLS_PK_CAN_ECDSA_SOME)
1181 static int ecdsa_can_do(mbedtls_pk_type_t type)
1182 {
1183  return type == MBEDTLS_PK_ECDSA;
1184 }
1185 
1186 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
1187 static int ecdsa_verify_rs_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg,
1188  const unsigned char *hash, size_t hash_len,
1189  const unsigned char *sig, size_t sig_len,
1190  void *rs_ctx)
1191 {
1193  ((void) md_alg);
1194 
1196  (mbedtls_ecdsa_context *) pk->pk_ctx,
1197  hash, hash_len, sig, sig_len,
1198  (mbedtls_ecdsa_restart_ctx *) rs_ctx);
1199 
1200  if (ret == MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH) {
1202  }
1203 
1204  return ret;
1205 }
1206 
1207 static int ecdsa_sign_rs_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg,
1208  const unsigned char *hash, size_t hash_len,
1209  unsigned char *sig, size_t sig_size, size_t *sig_len,
1210  int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
1211  void *rs_ctx)
1212 {
1214  (mbedtls_ecdsa_context *) pk->pk_ctx,
1215  md_alg, hash, hash_len, sig, sig_size, sig_len, f_rng, p_rng,
1216  (mbedtls_ecdsa_restart_ctx *) rs_ctx);
1217 
1218 }
1219 
1220 static void *ecdsa_rs_alloc(void)
1221 {
1222  void *ctx = mbedtls_calloc(1, sizeof(mbedtls_ecdsa_restart_ctx));
1223 
1224  if (ctx != NULL) {
1225  mbedtls_ecdsa_restart_init(ctx);
1226  }
1227 
1228  return ctx;
1229 }
1230 
1231 static void ecdsa_rs_free(void *ctx)
1232 {
1233  mbedtls_ecdsa_restart_free(ctx);
1234  mbedtls_free(ctx);
1235 }
1236 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
1237 
1239  .type = MBEDTLS_PK_ECDSA,
1240  .name = "ECDSA",
1241  .get_bitlen = eckey_get_bitlen, /* Compatible key structures */
1242  .can_do = ecdsa_can_do,
1243 #if defined(MBEDTLS_PK_CAN_ECDSA_VERIFY)
1244  .verify_func = ecdsa_verify_wrap, /* Compatible key structures */
1245 #else /* MBEDTLS_PK_CAN_ECDSA_VERIFY */
1246  .verify_func = NULL,
1247 #endif /* MBEDTLS_PK_CAN_ECDSA_VERIFY */
1248 #if defined(MBEDTLS_PK_CAN_ECDSA_SIGN)
1249  .sign_func = ecdsa_sign_wrap, /* Compatible key structures */
1250 #else /* MBEDTLS_PK_CAN_ECDSA_SIGN */
1251  .sign_func = NULL,
1252 #endif /* MBEDTLS_PK_CAN_ECDSA_SIGN */
1253 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
1254  .verify_rs_func = ecdsa_verify_rs_wrap,
1255  .sign_rs_func = ecdsa_sign_rs_wrap,
1256  .rs_alloc_func = ecdsa_rs_alloc,
1257  .rs_free_func = ecdsa_rs_free,
1258 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
1259  .decrypt_func = NULL,
1260  .encrypt_func = NULL,
1261  .check_pair_func = eckey_check_pair_wrap, /* Compatible key structures */
1262 #if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
1263  .ctx_alloc_func = NULL,
1264  .ctx_free_func = NULL,
1265 #else /* MBEDTLS_PK_USE_PSA_EC_DATA */
1266  .ctx_alloc_func = eckey_alloc_wrap, /* Compatible key structures */
1267  .ctx_free_func = eckey_free_wrap, /* Compatible key structures */
1268 #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
1269  .debug_func = eckey_debug, /* Compatible key structures */
1270 };
1271 #endif /* MBEDTLS_PK_CAN_ECDSA_SOME */
1272 #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
1273 
1274 #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
1275 /*
1276  * Support for alternative RSA-private implementations
1277  */
1278 
1279 static int rsa_alt_can_do(mbedtls_pk_type_t type)
1280 {
1281  return type == MBEDTLS_PK_RSA;
1282 }
1283 
1284 static size_t rsa_alt_get_bitlen(mbedtls_pk_context *pk)
1285 {
1286  const mbedtls_rsa_alt_context *rsa_alt = pk->pk_ctx;
1287 
1288  return 8 * rsa_alt->key_len_func(rsa_alt->key);
1289 }
1290 
1291 static int rsa_alt_sign_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg,
1292  const unsigned char *hash, size_t hash_len,
1293  unsigned char *sig, size_t sig_size, size_t *sig_len,
1294  int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
1295 {
1296  mbedtls_rsa_alt_context *rsa_alt = pk->pk_ctx;
1297 
1298 #if SIZE_MAX > UINT_MAX
1299  if (UINT_MAX < hash_len) {
1301  }
1302 #endif
1303 
1304  *sig_len = rsa_alt->key_len_func(rsa_alt->key);
1305  if (*sig_len > MBEDTLS_PK_SIGNATURE_MAX_SIZE) {
1307  }
1308  if (*sig_len > sig_size) {
1310  }
1311 
1312  return rsa_alt->sign_func(rsa_alt->key, f_rng, p_rng,
1313  md_alg, (unsigned int) hash_len, hash, sig);
1314 }
1315 
1316 static int rsa_alt_decrypt_wrap(mbedtls_pk_context *pk,
1317  const unsigned char *input, size_t ilen,
1318  unsigned char *output, size_t *olen, size_t osize,
1319  int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
1320 {
1321  mbedtls_rsa_alt_context *rsa_alt = pk->pk_ctx;
1322 
1323  ((void) f_rng);
1324  ((void) p_rng);
1325 
1326  if (ilen != rsa_alt->key_len_func(rsa_alt->key)) {
1328  }
1329 
1330  return rsa_alt->decrypt_func(rsa_alt->key,
1331  olen, input, output, osize);
1332 }
1333 
1334 #if defined(MBEDTLS_RSA_C)
1335 static int rsa_alt_check_pair(mbedtls_pk_context *pub, mbedtls_pk_context *prv,
1336  int (*f_rng)(void *, unsigned char *, size_t),
1337  void *p_rng)
1338 {
1339  unsigned char sig[MBEDTLS_MPI_MAX_SIZE];
1340  unsigned char hash[32];
1341  size_t sig_len = 0;
1343 
1344  if (rsa_alt_get_bitlen(prv) != rsa_get_bitlen(pub)) {
1346  }
1347 
1348  memset(hash, 0x2a, sizeof(hash));
1349 
1350  if ((ret = rsa_alt_sign_wrap(prv, MBEDTLS_MD_NONE,
1351  hash, sizeof(hash),
1352  sig, sizeof(sig), &sig_len,
1353  f_rng, p_rng)) != 0) {
1354  return ret;
1355  }
1356 
1357  if (rsa_verify_wrap(pub, MBEDTLS_MD_NONE,
1358  hash, sizeof(hash), sig, sig_len) != 0) {
1360  }
1361 
1362  return 0;
1363 }
1364 #endif /* MBEDTLS_RSA_C */
1365 
1366 static void *rsa_alt_alloc_wrap(void)
1367 {
1368  void *ctx = mbedtls_calloc(1, sizeof(mbedtls_rsa_alt_context));
1369 
1370  if (ctx != NULL) {
1371  memset(ctx, 0, sizeof(mbedtls_rsa_alt_context));
1372  }
1373 
1374  return ctx;
1375 }
1376 
1377 static void rsa_alt_free_wrap(void *ctx)
1378 {
1379  mbedtls_zeroize_and_free(ctx, sizeof(mbedtls_rsa_alt_context));
1380 }
1381 
1383  .type = MBEDTLS_PK_RSA_ALT,
1384  .name = "RSA-alt",
1385  .get_bitlen = rsa_alt_get_bitlen,
1386  .can_do = rsa_alt_can_do,
1387  .verify_func = NULL,
1388  .sign_func = rsa_alt_sign_wrap,
1389 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
1390  .verify_rs_func = NULL,
1391  .sign_rs_func = NULL,
1392  .rs_alloc_func = NULL,
1393  .rs_free_func = NULL,
1394 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
1395  .decrypt_func = rsa_alt_decrypt_wrap,
1396  .encrypt_func = NULL,
1397 #if defined(MBEDTLS_RSA_C)
1398  .check_pair_func = rsa_alt_check_pair,
1399 #else
1400  .check_pair_func = NULL,
1401 #endif
1402  .ctx_alloc_func = rsa_alt_alloc_wrap,
1403  .ctx_free_func = rsa_alt_free_wrap,
1404  .debug_func = NULL,
1405 };
1406 #endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
1407 
1408 #if defined(MBEDTLS_USE_PSA_CRYPTO)
1409 static size_t opaque_get_bitlen(mbedtls_pk_context *pk)
1410 {
1411  size_t bits;
1413 
1414  if (PSA_SUCCESS != psa_get_key_attributes(pk->priv_id, &attributes)) {
1415  return 0;
1416  }
1417 
1418  bits = psa_get_key_bits(&attributes);
1420  return bits;
1421 }
1422 
1423 #if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
1424 static int ecdsa_opaque_can_do(mbedtls_pk_type_t type)
1425 {
1426  return type == MBEDTLS_PK_ECKEY ||
1428 }
1429 
1430 const mbedtls_pk_info_t mbedtls_ecdsa_opaque_info = {
1432  .name = "Opaque",
1433  .get_bitlen = opaque_get_bitlen,
1434  .can_do = ecdsa_opaque_can_do,
1435 #if defined(MBEDTLS_PK_CAN_ECDSA_VERIFY)
1436  .verify_func = ecdsa_opaque_verify_wrap,
1437 #else /* MBEDTLS_PK_CAN_ECDSA_VERIFY */
1438  .verify_func = NULL,
1439 #endif /* MBEDTLS_PK_CAN_ECDSA_VERIFY */
1440 #if defined(MBEDTLS_PK_CAN_ECDSA_SIGN)
1441  .sign_func = ecdsa_opaque_sign_wrap,
1442 #else /* MBEDTLS_PK_CAN_ECDSA_SIGN */
1443  .sign_func = NULL,
1444 #endif /* MBEDTLS_PK_CAN_ECDSA_SIGN */
1445 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
1446  .verify_rs_func = NULL,
1447  .sign_rs_func = NULL,
1448  .rs_alloc_func = NULL,
1449  .rs_free_func = NULL,
1450 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
1451  .decrypt_func = NULL,
1452  .encrypt_func = NULL,
1453  .check_pair_func = ecdsa_opaque_check_pair_wrap,
1454  .ctx_alloc_func = NULL,
1455  .ctx_free_func = NULL,
1456  .debug_func = NULL,
1457 };
1458 #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
1459 
1460 static int rsa_opaque_can_do(mbedtls_pk_type_t type)
1461 {
1462  return type == MBEDTLS_PK_RSA ||
1464 }
1465 
1466 #if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC)
1467 static int rsa_opaque_decrypt(mbedtls_pk_context *pk,
1468  const unsigned char *input, size_t ilen,
1469  unsigned char *output, size_t *olen, size_t osize,
1470  int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
1471 {
1473  psa_algorithm_t alg;
1475  psa_status_t status;
1476 
1477  /* PSA has its own RNG */
1478  (void) f_rng;
1479  (void) p_rng;
1480 
1481  status = psa_get_key_attributes(pk->priv_id, &attributes);
1482  if (status != PSA_SUCCESS) {
1483  return PSA_PK_TO_MBEDTLS_ERR(status);
1484  }
1485 
1489 
1490  if (!PSA_KEY_TYPE_IS_RSA(type)) {
1492  }
1493 
1494  status = psa_asymmetric_decrypt(pk->priv_id, alg, input, ilen, NULL, 0, output, osize, olen);
1495  if (status != PSA_SUCCESS) {
1496  return PSA_PK_RSA_TO_MBEDTLS_ERR(status);
1497  }
1498 
1499  return 0;
1500 }
1501 #endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC */
1502 
1503 static int rsa_opaque_sign_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg,
1504  const unsigned char *hash, size_t hash_len,
1505  unsigned char *sig, size_t sig_size, size_t *sig_len,
1506  int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
1507 {
1508 #if defined(MBEDTLS_RSA_C)
1510  psa_algorithm_t alg;
1512  psa_status_t status;
1513 
1514  /* PSA has its own RNG */
1515  (void) f_rng;
1516  (void) p_rng;
1517 
1518  status = psa_get_key_attributes(pk->priv_id, &attributes);
1519  if (status != PSA_SUCCESS) {
1520  return PSA_PK_TO_MBEDTLS_ERR(status);
1521  }
1522 
1526 
1527  if (PSA_KEY_TYPE_IS_RSA(type)) {
1528  alg = (alg & ~PSA_ALG_HASH_MASK) | mbedtls_md_psa_alg_from_type(md_alg);
1529  } else {
1531  }
1532 
1533  status = psa_sign_hash(pk->priv_id, alg, hash, hash_len, sig, sig_size, sig_len);
1534  if (status != PSA_SUCCESS) {
1535  if (PSA_KEY_TYPE_IS_RSA(type)) {
1536  return PSA_PK_RSA_TO_MBEDTLS_ERR(status);
1537  } else {
1538  return PSA_PK_TO_MBEDTLS_ERR(status);
1539  }
1540  }
1541 
1542  return 0;
1543 #else /* !MBEDTLS_RSA_C */
1544  ((void) pk);
1545  ((void) md_alg);
1546  ((void) hash);
1547  ((void) hash_len);
1548  ((void) sig);
1549  ((void) sig_size);
1550  ((void) sig_len);
1551  ((void) f_rng);
1552  ((void) p_rng);
1554 #endif /* !MBEDTLS_RSA_C */
1555 }
1556 
1557 const mbedtls_pk_info_t mbedtls_rsa_opaque_info = {
1559  .name = "Opaque",
1560  .get_bitlen = opaque_get_bitlen,
1561  .can_do = rsa_opaque_can_do,
1562  .verify_func = NULL,
1563  .sign_func = rsa_opaque_sign_wrap,
1564 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
1565  .verify_rs_func = NULL,
1566  .sign_rs_func = NULL,
1567  .rs_alloc_func = NULL,
1568  .rs_free_func = NULL,
1569 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
1570 #if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC)
1571  .decrypt_func = rsa_opaque_decrypt,
1572 #else /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC */
1573  .decrypt_func = NULL,
1574 #endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC */
1575  .encrypt_func = NULL,
1576  .check_pair_func = NULL,
1577  .ctx_alloc_func = NULL,
1578  .ctx_free_func = NULL,
1579  .debug_func = NULL,
1580 };
1581 
1582 #endif /* MBEDTLS_USE_PSA_CRYPTO */
1583 
1584 #endif /* MBEDTLS_PK_C */
Generic ASN.1 parsing.
ASN.1 buffer writing functionality.
#define MBEDTLS_MPI_MAX_SIZE
Maximum number of bytes for usable MPIs.
Definition: bignum.h:73
#define MBEDTLS_MPI_CHK(f)
Definition: bignum.h:40
int mbedtls_mpi_write_binary(const mbedtls_mpi *X, unsigned char *buf, size_t buflen)
Export X into unsigned binary data, big endian.
Platform Security Architecture cryptography module.
#define PSA_ECDSA_SIGNATURE_SIZE(curve_bits)
ECDSA signature size for a given curve bit size.
Definition: crypto_sizes.h:618
#define PSA_BITS_TO_BYTES(bits)
Definition: crypto_sizes.h:40
#define PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE
Definition: crypto_sizes.h:651
This file contains ECDSA definitions and functions.
void mbedtls_ecdsa_free(mbedtls_ecdsa_context *ctx)
This function frees an ECDSA context.
int mbedtls_ecdsa_from_keypair(mbedtls_ecdsa_context *ctx, const mbedtls_ecp_keypair *key)
This function sets up an ECDSA context from an EC key pair.
int mbedtls_ecdsa_read_signature_restartable(mbedtls_ecdsa_context *ctx, const unsigned char *hash, size_t hlen, const unsigned char *sig, size_t slen, mbedtls_ecdsa_restart_ctx *rs_ctx)
This function reads and verifies an ECDSA signature, in a restartable way.
int mbedtls_ecdsa_write_signature_restartable(mbedtls_ecdsa_context *ctx, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hlen, unsigned char *sig, size_t sig_size, size_t *slen, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, mbedtls_ecdsa_restart_ctx *rs_ctx)
This function computes the ECDSA signature and writes it to a buffer, in a restartable way.
int mbedtls_ecdsa_read_signature(mbedtls_ecdsa_context *ctx, const unsigned char *hash, size_t hlen, const unsigned char *sig, size_t slen)
This function reads and verifies an ECDSA signature.
int mbedtls_ecdsa_write_signature(mbedtls_ecdsa_context *ctx, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hlen, unsigned char *sig, size_t sig_size, size_t *slen, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
This function computes the ECDSA signature and writes it to a buffer, serialized as defined in RFC-44...
void mbedtls_ecdsa_restart_ctx
Definition: ecdsa.h:111
void mbedtls_ecdsa_init(mbedtls_ecdsa_context *ctx)
This function initializes an ECDSA context.
This file provides an API for Elliptic Curves over GF(P) (ECP).
void mbedtls_ecp_keypair_free(mbedtls_ecp_keypair *key)
This function frees the components of a key pair.
#define MBEDTLS_ECP_PF_UNCOMPRESSED
The uncompressed point format for Short Weierstrass curves (MBEDTLS_ECP_DP_SECP_XXX and MBEDTLS_ECP_D...
Definition: ecp.h:439
#define MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH
The buffer contains a valid signature followed by more data.
Definition: ecp.h:49
void mbedtls_ecp_keypair_init(mbedtls_ecp_keypair *key)
This function initializes a key pair as an invalid one.
int mbedtls_ecp_check_pub_priv(const mbedtls_ecp_keypair *pub, const mbedtls_ecp_keypair *prv, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
This function checks that the keypair objects pub and prv have the same group and the same public poi...
int mbedtls_ecp_point_write_binary(const mbedtls_ecp_group *grp, const mbedtls_ecp_point *P, int format, size_t *olen, unsigned char *buf, size_t buflen)
This function exports a point into unsigned binary data.
static void cleanup(void)
Definition: ct_dynamic.c:30
CS_CONTEXT * ctx
Definition: t0006.c:12
static const struct attribute attributes[]
Definition: attributes.c:165
static int type
Definition: getdata.c:31
static SQLCHAR output[256]
Definition: print.c:5
unsigned char uint8_t
#define NULL
Definition: ncbistd.hpp:225
#define SIZE_MAX
Definition: ncbistd.hpp:217
psa_status_t psa_asymmetric_decrypt(mbedtls_svc_key_id_t key, psa_algorithm_t alg, const uint8_t *input, size_t input_length, const uint8_t *salt, size_t salt_length, uint8_t *output, size_t output_size, size_t *output_length)
Decrypt a short message with a private key.
psa_status_t psa_sign_hash(mbedtls_svc_key_id_t key, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, uint8_t *signature, size_t signature_size, size_t *signature_length)
Sign a hash or short message with a private key.
psa_status_t psa_asymmetric_encrypt(mbedtls_svc_key_id_t key, psa_algorithm_t alg, const uint8_t *input, size_t input_length, const uint8_t *salt, size_t salt_length, uint8_t *output, size_t output_size, size_t *output_length)
Encrypt a short message with a public key.
psa_status_t psa_verify_hash(mbedtls_svc_key_id_t key, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, const uint8_t *signature, size_t signature_length)
Verify the signature of a hash or short message using a public key.
void psa_reset_key_attributes(psa_key_attributes_t *attributes)
Reset a key attribute structure to a freshly initialized state.
static void psa_set_key_usage_flags(psa_key_attributes_t *attributes, psa_key_usage_t usage_flags)
Declare usage flags for a key.
static size_t psa_get_key_bits(const psa_key_attributes_t *attributes)
Retrieve the key size from key attributes.
static void psa_set_key_type(psa_key_attributes_t *attributes, psa_key_type_t type)
Declare the type of a key.
static psa_algorithm_t psa_get_key_algorithm(const psa_key_attributes_t *attributes)
Retrieve the algorithm policy from key attributes.
#define PSA_KEY_ATTRIBUTES_INIT
This macro returns a suitable initializer for a key attribute structure of type psa_key_attributes_t.
psa_status_t psa_get_key_attributes(mbedtls_svc_key_id_t key, psa_key_attributes_t *attributes)
Retrieve the attributes of a key.
static psa_key_type_t psa_get_key_type(const psa_key_attributes_t *attributes)
Retrieve the key type from key attributes.
static void psa_set_key_algorithm(psa_key_attributes_t *attributes, psa_algorithm_t alg)
Declare the permitted algorithm policy for a key.
#define PSA_KEY_TYPE_ECC_KEY_PAIR(curve)
Elliptic curve key pair.
#define PSA_KEY_TYPE_IS_RSA(type)
Whether a key type is an RSA key (pair or public-only).
#define PSA_KEY_TYPE_RSA_KEY_PAIR
RSA key pair (private and public key).
#define PSA_ALG_DETERMINISTIC_ECDSA(hash_alg)
Deterministic ECDSA signature with hashing.
#define PSA_KEY_TYPE_ECC_GET_FAMILY(type)
Extract the curve from an elliptic curve key type.
#define PSA_ALG_RSA_PKCS1V15_CRYPT
RSA PKCS#1 v1.5 encryption.
#define PSA_ALG_ECDSA_ANY
ECDSA signature without hashing.
#define PSA_ALG_RSA_PSS(hash_alg)
RSA PSS signature with hashing.
uint16_t psa_key_type_t
Encoding of a key type.
Definition: crypto_types.h:78
#define PSA_ALG_RSA_PKCS1V15_SIGN(hash_alg)
RSA PKCS#1 v1.5 signature with hashing.
#define PSA_ALG_ECDSA(hash_alg)
ECDSA signature with hashing.
#define PSA_KEY_TYPE_RSA_PUBLIC_KEY
RSA public key.
#define PSA_ALG_RSA_OAEP(hash_alg)
RSA OAEP encryption.
uint32_t psa_algorithm_t
Encoding of a cryptographic algorithm.
Definition: crypto_types.h:134
#define PSA_ALG_HASH_MASK
#define PSA_KEY_TYPE_ECC_PUBLIC_KEY(curve)
Elliptic curve public key.
uint8_t psa_ecc_family_t
The type of PSA elliptic curve family identifiers.
Definition: crypto_types.h:97
int32_t psa_status_t
Function return status.
Definition: crypto_types.h:59
#define PSA_SUCCESS
The action was completed successfully.
Definition: crypto_values.h:57
#define PSA_ERROR_NOT_PERMITTED
The requested action is denied by a policy.
Definition: crypto_values.h:86
psa_status_t psa_import_key(const psa_key_attributes_t *attributes, const uint8_t *data, size_t data_length, mbedtls_svc_key_id_t *key)
Import a key in binary format.
psa_status_t psa_export_public_key(mbedtls_svc_key_id_t key, uint8_t *data, size_t data_size, size_t *data_length)
Export a public key or the public part of a key pair in binary format.
#define MBEDTLS_SVC_KEY_ID_INIT
psa_key_id_t mbedtls_svc_key_id_t
Encoding of key identifiers as seen inside the PSA Crypto implementation.
Definition: crypto_types.h:292
psa_status_t psa_destroy_key(mbedtls_svc_key_id_t key)
Destroy a key.
#define PSA_KEY_USAGE_SIGN_HASH
Whether the key may be used to sign a message.
#define PSA_KEY_USAGE_ENCRYPT
Whether the key may be used to encrypt a message.
#define PSA_KEY_USAGE_EXPORT
Whether the key may be exported.
#define PSA_KEY_USAGE_DECRYPT
Whether the key may be used to decrypt a message.
#define PSA_KEY_USAGE_VERIFY_HASH
Whether the key may be used to verify a message signature.
char * buf
static int input()
if(yy_accept[yy_current_state])
mbedtls_md_type_t
Supported message digests.
Definition: md.h:47
@ MBEDTLS_MD_NONE
None.
Definition: md.h:48
const struct ncbi::grid::netcache::search::fields::KEY key
#define mbedtls_platform_zeroize
#define mbedtls_ecdsa_raw_to_der
#define mbedtls_eckey_info
#define mbedtls_zeroize_and_free
#define mbedtls_ecc_group_to_psa
#define mbedtls_rsa_info
#define psa_pk_status_to_mbedtls
#define mbedtls_rsa_alt_info
#define mbedtls_eckeydh_info
#define mbedtls_ecdsa_info
#define mbedtls_ecdsa_der_to_raw
mbedtls_pk_type_t
Public key types.
Definition: pk.h:73
@ MBEDTLS_PK_OPAQUE
Definition: pk.h:81
@ MBEDTLS_PK_ECDSA
Definition: pk.h:78
@ MBEDTLS_PK_RSASSA_PSS
Definition: pk.h:80
@ MBEDTLS_PK_RSA_ALT
Definition: pk.h:79
@ MBEDTLS_PK_RSA
Definition: pk.h:75
@ MBEDTLS_PK_ECKEY_DH
Definition: pk.h:77
@ MBEDTLS_PK_ECKEY
Definition: pk.h:76
#define MBEDTLS_ERR_PK_BUFFER_TOO_SMALL
The output buffer is too small.
Definition: pk.h:64
@ MBEDTLS_PK_DEBUG_MPI
Definition: pk.h:189
@ MBEDTLS_PK_DEBUG_ECP
Definition: pk.h:190
@ MBEDTLS_PK_DEBUG_PSA_EC
Definition: pk.h:191
#define MBEDTLS_ERR_PK_BAD_INPUT_DATA
Bad input parameters to function.
Definition: pk.h:40
#define MBEDTLS_PK_MAX_EC_PUBKEY_RAW_LEN
Definition: pk.h:215
#define MBEDTLS_ERR_PK_SIG_LEN_MISMATCH
The buffer contains a valid signature followed by more data.
Definition: pk.h:62
#define MBEDTLS_ERR_PK_ALLOC_FAILED
Memory allocation failed.
Definition: pk.h:36
#define MBEDTLS_PK_SIGNATURE_MAX_SIZE
Maximum size of a signature made by mbedtls_pk_sign().
Definition: pk.h:122
#define MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE
Unavailable feature, e.g.
Definition: pk.h:60
Public Key abstraction layer: internal (i.e.
#define MBEDTLS_PK_PSA_ALG_ECDSA_MAYBE_DET
Definition: pk_internal.h:192
Public Key abstraction layer: wrapper functions.
Internal defines shared by the PK write module.
#define MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES
Definition: pkwrite.h:64
#define MBEDTLS_PK_RSA_PUB_DER_MAX_BYTES
Definition: pkwrite.h:63
This file contains the definitions and functions of the Mbed TLS platform abstraction layer.
#define mbedtls_free
Definition: platform.h:166
#define mbedtls_calloc
Definition: platform.h:167
Common and shared functions used by multiple modules in the Mbed TLS library.
Utility functions for the use of the PSA Crypto library.
Internal utility functions for use of PSA Crypto.
This file provides an API for the RSA public-key cryptosystem.
#define MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE
The output buffer for decryption is not large enough.
Definition: rsa.h:47
int mbedtls_rsa_check_pub_priv(const mbedtls_rsa_context *pub, const mbedtls_rsa_context *prv)
This function checks a public-private RSA key pair.
#define MBEDTLS_ERR_RSA_VERIFY_FAILED
The PKCS#1 verification failed.
Definition: rsa.h:45
int mbedtls_rsa_get_padding_mode(const mbedtls_rsa_context *ctx)
This function retrieves padding mode of initialized RSA context.
size_t mbedtls_rsa_get_len(const mbedtls_rsa_context *ctx)
This function retrieves the length of RSA modulus in Bytes.
int mbedtls_rsa_pkcs1_decrypt(mbedtls_rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, size_t *olen, const unsigned char *input, unsigned char *output, size_t output_max_len)
This function performs an RSA operation, then removes the message padding.
size_t mbedtls_rsa_get_bitlen(const mbedtls_rsa_context *ctx)
This function retrieves the length of the RSA modulus in bits.
int mbedtls_rsa_get_md_alg(const mbedtls_rsa_context *ctx)
This function retrieves hash identifier of mbedtls_md_type_t type.
int mbedtls_rsa_pkcs1_encrypt(mbedtls_rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, size_t ilen, const unsigned char *input, unsigned char *output)
This function adds the message padding, then performs an RSA operation.
void mbedtls_rsa_free(mbedtls_rsa_context *ctx)
This function frees the components of an RSA key.
#define MBEDTLS_ERR_RSA_KEY_CHECK_FAILED
Key failed to pass the validity check of the library.
Definition: rsa.h:39
#define MBEDTLS_RSA_PKCS_V21
Use PKCS#1 v2.1 encoding.
Definition: rsa.h:56
int mbedtls_rsa_pkcs1_sign(mbedtls_rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, unsigned char *sig)
This function performs a private RSA operation to sign a message digest using PKCS#1.
void mbedtls_rsa_init(mbedtls_rsa_context *ctx)
This function initializes an RSA context.
#define MBEDTLS_ERR_RSA_BAD_INPUT_DATA
Bad input parameters to function.
Definition: rsa.h:33
int mbedtls_rsa_pkcs1_verify(mbedtls_rsa_context *ctx, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, const unsigned char *sig)
This function performs a public RSA operation and checks the message digest.
Internal-only RSA public-key cryptosystem API.
int mbedtls_rsa_write_key(const mbedtls_rsa_context *rsa, unsigned char *start, unsigned char **p)
Write a PKCS#1 (ASN.1) encoded private RSA key.
int mbedtls_rsa_write_pubkey(const mbedtls_rsa_context *rsa, unsigned char *start, unsigned char **p)
Parse a PKCS#1 (ASN.1) encoded public RSA key.
Error to string translation.
#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED
This is a bug in the library.
Definition: error.h:100
Definition: _hash_fun.h:40
The ECP key-pair structure.
Definition: ecp.h:428
Public key container.
Definition: pk.h:220
Item to send to the debug module.
Definition: pk.h:197
mbedtls_pk_type_t type
Public key type.
Definition: pk_wrap.h:24
The RSA context structure.
Definition: rsa.h:85
Definition: type.c:6
done
Definition: token1.c:1
Modified on Mon May 20 05:03:26 2024 by modify_doxy.py rev. 669887