pk.c 19 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643
  1. /*
  2. * Public Key abstraction layer
  3. *
  4. * Copyright The Mbed TLS Contributors
  5. * SPDX-License-Identifier: Apache-2.0
  6. *
  7. * Licensed under the Apache License, Version 2.0 (the "License"); you may
  8. * not use this file except in compliance with the License.
  9. * You may obtain a copy of the License at
  10. *
  11. * http://www.apache.org/licenses/LICENSE-2.0
  12. *
  13. * Unless required by applicable law or agreed to in writing, software
  14. * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
  15. * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16. * See the License for the specific language governing permissions and
  17. * limitations under the License.
  18. */
  19. #include "common.h"
  20. #if defined(MBEDTLS_PK_C)
  21. #include "mbedtls/pk.h"
  22. #include "mbedtls/pk_internal.h"
  23. #include "mbedtls/platform_util.h"
  24. #include "mbedtls/error.h"
  25. #if defined(MBEDTLS_RSA_C)
  26. #include "mbedtls/rsa.h"
  27. #endif
  28. #if defined(MBEDTLS_ECP_C)
  29. #include "mbedtls/ecp.h"
  30. #endif
  31. #if defined(MBEDTLS_ECDSA_C)
  32. #include "mbedtls/ecdsa.h"
  33. #endif
  34. #if defined(MBEDTLS_USE_PSA_CRYPTO)
  35. #include "mbedtls/psa_util.h"
  36. #endif
  37. #include <limits.h>
  38. #include <stdint.h>
  39. /* Parameter validation macros based on platform_util.h */
  40. #define PK_VALIDATE_RET( cond ) \
  41. MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_PK_BAD_INPUT_DATA )
  42. #define PK_VALIDATE( cond ) \
  43. MBEDTLS_INTERNAL_VALIDATE( cond )
  44. /*
  45. * Initialise a mbedtls_pk_context
  46. */
  47. void mbedtls_pk_init( mbedtls_pk_context *ctx )
  48. {
  49. PK_VALIDATE( ctx != NULL );
  50. ctx->pk_info = NULL;
  51. ctx->pk_ctx = NULL;
  52. }
  53. /*
  54. * Free (the components of) a mbedtls_pk_context
  55. */
  56. void mbedtls_pk_free( mbedtls_pk_context *ctx )
  57. {
  58. if( ctx == NULL )
  59. return;
  60. if ( ctx->pk_info != NULL )
  61. ctx->pk_info->ctx_free_func( ctx->pk_ctx );
  62. mbedtls_platform_zeroize( ctx, sizeof( mbedtls_pk_context ) );
  63. }
  64. #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
  65. /*
  66. * Initialize a restart context
  67. */
  68. void mbedtls_pk_restart_init( mbedtls_pk_restart_ctx *ctx )
  69. {
  70. PK_VALIDATE( ctx != NULL );
  71. ctx->pk_info = NULL;
  72. ctx->rs_ctx = NULL;
  73. }
  74. /*
  75. * Free the components of a restart context
  76. */
  77. void mbedtls_pk_restart_free( mbedtls_pk_restart_ctx *ctx )
  78. {
  79. if( ctx == NULL || ctx->pk_info == NULL ||
  80. ctx->pk_info->rs_free_func == NULL )
  81. {
  82. return;
  83. }
  84. ctx->pk_info->rs_free_func( ctx->rs_ctx );
  85. ctx->pk_info = NULL;
  86. ctx->rs_ctx = NULL;
  87. }
  88. #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
  89. /*
  90. * Get pk_info structure from type
  91. */
  92. const mbedtls_pk_info_t * mbedtls_pk_info_from_type( mbedtls_pk_type_t pk_type )
  93. {
  94. switch( pk_type ) {
  95. #if defined(MBEDTLS_RSA_C)
  96. case MBEDTLS_PK_RSA:
  97. return( &mbedtls_rsa_info );
  98. #endif
  99. #if defined(MBEDTLS_ECP_C)
  100. case MBEDTLS_PK_ECKEY:
  101. return( &mbedtls_eckey_info );
  102. case MBEDTLS_PK_ECKEY_DH:
  103. return( &mbedtls_eckeydh_info );
  104. #endif
  105. #if defined(MBEDTLS_ECDSA_C)
  106. case MBEDTLS_PK_ECDSA:
  107. return( &mbedtls_ecdsa_info );
  108. #endif
  109. /* MBEDTLS_PK_RSA_ALT omitted on purpose */
  110. default:
  111. return( NULL );
  112. }
  113. }
  114. /*
  115. * Initialise context
  116. */
  117. int mbedtls_pk_setup( mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info )
  118. {
  119. PK_VALIDATE_RET( ctx != NULL );
  120. if( info == NULL || ctx->pk_info != NULL )
  121. return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
  122. if( ( ctx->pk_ctx = info->ctx_alloc_func() ) == NULL )
  123. return( MBEDTLS_ERR_PK_ALLOC_FAILED );
  124. ctx->pk_info = info;
  125. return( 0 );
  126. }
  127. #if defined(MBEDTLS_USE_PSA_CRYPTO)
  128. /*
  129. * Initialise a PSA-wrapping context
  130. */
  131. int mbedtls_pk_setup_opaque( mbedtls_pk_context *ctx,
  132. const psa_key_id_t key )
  133. {
  134. const mbedtls_pk_info_t * const info = &mbedtls_pk_opaque_info;
  135. psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
  136. psa_key_id_t *pk_ctx;
  137. psa_key_type_t type;
  138. if( ctx == NULL || ctx->pk_info != NULL )
  139. return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
  140. if( PSA_SUCCESS != psa_get_key_attributes( key, &attributes ) )
  141. return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
  142. type = psa_get_key_type( &attributes );
  143. psa_reset_key_attributes( &attributes );
  144. /* Current implementation of can_do() relies on this. */
  145. if( ! PSA_KEY_TYPE_IS_ECC_KEY_PAIR( type ) )
  146. return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE) ;
  147. if( ( ctx->pk_ctx = info->ctx_alloc_func() ) == NULL )
  148. return( MBEDTLS_ERR_PK_ALLOC_FAILED );
  149. ctx->pk_info = info;
  150. pk_ctx = (psa_key_id_t *) ctx->pk_ctx;
  151. *pk_ctx = key;
  152. return( 0 );
  153. }
  154. #endif /* MBEDTLS_USE_PSA_CRYPTO */
  155. #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
  156. /*
  157. * Initialize an RSA-alt context
  158. */
  159. int mbedtls_pk_setup_rsa_alt( mbedtls_pk_context *ctx, void * key,
  160. mbedtls_pk_rsa_alt_decrypt_func decrypt_func,
  161. mbedtls_pk_rsa_alt_sign_func sign_func,
  162. mbedtls_pk_rsa_alt_key_len_func key_len_func )
  163. {
  164. mbedtls_rsa_alt_context *rsa_alt;
  165. const mbedtls_pk_info_t *info = &mbedtls_rsa_alt_info;
  166. PK_VALIDATE_RET( ctx != NULL );
  167. if( ctx->pk_info != NULL )
  168. return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
  169. if( ( ctx->pk_ctx = info->ctx_alloc_func() ) == NULL )
  170. return( MBEDTLS_ERR_PK_ALLOC_FAILED );
  171. ctx->pk_info = info;
  172. rsa_alt = (mbedtls_rsa_alt_context *) ctx->pk_ctx;
  173. rsa_alt->key = key;
  174. rsa_alt->decrypt_func = decrypt_func;
  175. rsa_alt->sign_func = sign_func;
  176. rsa_alt->key_len_func = key_len_func;
  177. return( 0 );
  178. }
  179. #endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
  180. /*
  181. * Tell if a PK can do the operations of the given type
  182. */
  183. int mbedtls_pk_can_do( const mbedtls_pk_context *ctx, mbedtls_pk_type_t type )
  184. {
  185. /* A context with null pk_info is not set up yet and can't do anything.
  186. * For backward compatibility, also accept NULL instead of a context
  187. * pointer. */
  188. if( ctx == NULL || ctx->pk_info == NULL )
  189. return( 0 );
  190. return( ctx->pk_info->can_do( type ) );
  191. }
  192. /*
  193. * Helper for mbedtls_pk_sign and mbedtls_pk_verify
  194. */
  195. static inline int pk_hashlen_helper( mbedtls_md_type_t md_alg, size_t *hash_len )
  196. {
  197. const mbedtls_md_info_t *md_info;
  198. if( *hash_len != 0 && md_alg == MBEDTLS_MD_NONE )
  199. return( 0 );
  200. if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) == NULL )
  201. return( -1 );
  202. if ( *hash_len != 0 && *hash_len != mbedtls_md_get_size( md_info ) )
  203. return ( -1 );
  204. *hash_len = mbedtls_md_get_size( md_info );
  205. return( 0 );
  206. }
  207. #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
  208. /*
  209. * Helper to set up a restart context if needed
  210. */
  211. static int pk_restart_setup( mbedtls_pk_restart_ctx *ctx,
  212. const mbedtls_pk_info_t *info )
  213. {
  214. /* Don't do anything if already set up or invalid */
  215. if( ctx == NULL || ctx->pk_info != NULL )
  216. return( 0 );
  217. /* Should never happen when we're called */
  218. if( info->rs_alloc_func == NULL || info->rs_free_func == NULL )
  219. return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
  220. if( ( ctx->rs_ctx = info->rs_alloc_func() ) == NULL )
  221. return( MBEDTLS_ERR_PK_ALLOC_FAILED );
  222. ctx->pk_info = info;
  223. return( 0 );
  224. }
  225. #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
  226. /*
  227. * Verify a signature (restartable)
  228. */
  229. int mbedtls_pk_verify_restartable( mbedtls_pk_context *ctx,
  230. mbedtls_md_type_t md_alg,
  231. const unsigned char *hash, size_t hash_len,
  232. const unsigned char *sig, size_t sig_len,
  233. mbedtls_pk_restart_ctx *rs_ctx )
  234. {
  235. PK_VALIDATE_RET( ctx != NULL );
  236. PK_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hash_len == 0 ) ||
  237. hash != NULL );
  238. PK_VALIDATE_RET( sig != NULL );
  239. if( ctx->pk_info == NULL ||
  240. pk_hashlen_helper( md_alg, &hash_len ) != 0 )
  241. return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
  242. #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
  243. /* optimization: use non-restartable version if restart disabled */
  244. if( rs_ctx != NULL &&
  245. mbedtls_ecp_restart_is_enabled() &&
  246. ctx->pk_info->verify_rs_func != NULL )
  247. {
  248. int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
  249. if( ( ret = pk_restart_setup( rs_ctx, ctx->pk_info ) ) != 0 )
  250. return( ret );
  251. ret = ctx->pk_info->verify_rs_func( ctx->pk_ctx,
  252. md_alg, hash, hash_len, sig, sig_len, rs_ctx->rs_ctx );
  253. if( ret != MBEDTLS_ERR_ECP_IN_PROGRESS )
  254. mbedtls_pk_restart_free( rs_ctx );
  255. return( ret );
  256. }
  257. #else /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
  258. (void) rs_ctx;
  259. #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
  260. if( ctx->pk_info->verify_func == NULL )
  261. return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
  262. return( ctx->pk_info->verify_func( ctx->pk_ctx, md_alg, hash, hash_len,
  263. sig, sig_len ) );
  264. }
  265. /*
  266. * Verify a signature
  267. */
  268. int mbedtls_pk_verify( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
  269. const unsigned char *hash, size_t hash_len,
  270. const unsigned char *sig, size_t sig_len )
  271. {
  272. return( mbedtls_pk_verify_restartable( ctx, md_alg, hash, hash_len,
  273. sig, sig_len, NULL ) );
  274. }
  275. /*
  276. * Verify a signature with options
  277. */
  278. int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options,
  279. mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
  280. const unsigned char *hash, size_t hash_len,
  281. const unsigned char *sig, size_t sig_len )
  282. {
  283. PK_VALIDATE_RET( ctx != NULL );
  284. PK_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hash_len == 0 ) ||
  285. hash != NULL );
  286. PK_VALIDATE_RET( sig != NULL );
  287. if( ctx->pk_info == NULL )
  288. return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
  289. if( ! mbedtls_pk_can_do( ctx, type ) )
  290. return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
  291. if( type == MBEDTLS_PK_RSASSA_PSS )
  292. {
  293. #if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PKCS1_V21)
  294. int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
  295. const mbedtls_pk_rsassa_pss_options *pss_opts;
  296. #if SIZE_MAX > UINT_MAX
  297. if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len )
  298. return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
  299. #endif /* SIZE_MAX > UINT_MAX */
  300. if( options == NULL )
  301. return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
  302. pss_opts = (const mbedtls_pk_rsassa_pss_options *) options;
  303. if( sig_len < mbedtls_pk_get_len( ctx ) )
  304. return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
  305. ret = mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_pk_rsa( *ctx ),
  306. NULL, NULL, MBEDTLS_RSA_PUBLIC,
  307. md_alg, (unsigned int) hash_len, hash,
  308. pss_opts->mgf1_hash_id,
  309. pss_opts->expected_salt_len,
  310. sig );
  311. if( ret != 0 )
  312. return( ret );
  313. if( sig_len > mbedtls_pk_get_len( ctx ) )
  314. return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );
  315. return( 0 );
  316. #else
  317. return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
  318. #endif /* MBEDTLS_RSA_C && MBEDTLS_PKCS1_V21 */
  319. }
  320. /* General case: no options */
  321. if( options != NULL )
  322. return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
  323. return( mbedtls_pk_verify( ctx, md_alg, hash, hash_len, sig, sig_len ) );
  324. }
  325. /*
  326. * Make a signature (restartable)
  327. */
  328. int mbedtls_pk_sign_restartable( mbedtls_pk_context *ctx,
  329. mbedtls_md_type_t md_alg,
  330. const unsigned char *hash, size_t hash_len,
  331. unsigned char *sig, size_t *sig_len,
  332. int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
  333. mbedtls_pk_restart_ctx *rs_ctx )
  334. {
  335. PK_VALIDATE_RET( ctx != NULL );
  336. PK_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hash_len == 0 ) ||
  337. hash != NULL );
  338. PK_VALIDATE_RET( sig != NULL );
  339. if( ctx->pk_info == NULL ||
  340. pk_hashlen_helper( md_alg, &hash_len ) != 0 )
  341. return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
  342. #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
  343. /* optimization: use non-restartable version if restart disabled */
  344. if( rs_ctx != NULL &&
  345. mbedtls_ecp_restart_is_enabled() &&
  346. ctx->pk_info->sign_rs_func != NULL )
  347. {
  348. int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
  349. if( ( ret = pk_restart_setup( rs_ctx, ctx->pk_info ) ) != 0 )
  350. return( ret );
  351. ret = ctx->pk_info->sign_rs_func( ctx->pk_ctx, md_alg,
  352. hash, hash_len, sig, sig_len, f_rng, p_rng, rs_ctx->rs_ctx );
  353. if( ret != MBEDTLS_ERR_ECP_IN_PROGRESS )
  354. mbedtls_pk_restart_free( rs_ctx );
  355. return( ret );
  356. }
  357. #else /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
  358. (void) rs_ctx;
  359. #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
  360. if( ctx->pk_info->sign_func == NULL )
  361. return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
  362. return( ctx->pk_info->sign_func( ctx->pk_ctx, md_alg, hash, hash_len,
  363. sig, sig_len, f_rng, p_rng ) );
  364. }
  365. /*
  366. * Make a signature
  367. */
  368. int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
  369. const unsigned char *hash, size_t hash_len,
  370. unsigned char *sig, size_t *sig_len,
  371. int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
  372. {
  373. return( mbedtls_pk_sign_restartable( ctx, md_alg, hash, hash_len,
  374. sig, sig_len, f_rng, p_rng, NULL ) );
  375. }
  376. /*
  377. * Decrypt message
  378. */
  379. int mbedtls_pk_decrypt( mbedtls_pk_context *ctx,
  380. const unsigned char *input, size_t ilen,
  381. unsigned char *output, size_t *olen, size_t osize,
  382. int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
  383. {
  384. PK_VALIDATE_RET( ctx != NULL );
  385. PK_VALIDATE_RET( input != NULL || ilen == 0 );
  386. PK_VALIDATE_RET( output != NULL || osize == 0 );
  387. PK_VALIDATE_RET( olen != NULL );
  388. if( ctx->pk_info == NULL )
  389. return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
  390. if( ctx->pk_info->decrypt_func == NULL )
  391. return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
  392. return( ctx->pk_info->decrypt_func( ctx->pk_ctx, input, ilen,
  393. output, olen, osize, f_rng, p_rng ) );
  394. }
  395. /*
  396. * Encrypt message
  397. */
  398. int mbedtls_pk_encrypt( mbedtls_pk_context *ctx,
  399. const unsigned char *input, size_t ilen,
  400. unsigned char *output, size_t *olen, size_t osize,
  401. int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
  402. {
  403. PK_VALIDATE_RET( ctx != NULL );
  404. PK_VALIDATE_RET( input != NULL || ilen == 0 );
  405. PK_VALIDATE_RET( output != NULL || osize == 0 );
  406. PK_VALIDATE_RET( olen != NULL );
  407. if( ctx->pk_info == NULL )
  408. return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
  409. if( ctx->pk_info->encrypt_func == NULL )
  410. return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
  411. return( ctx->pk_info->encrypt_func( ctx->pk_ctx, input, ilen,
  412. output, olen, osize, f_rng, p_rng ) );
  413. }
  414. /*
  415. * Check public-private key pair
  416. */
  417. int mbedtls_pk_check_pair( const mbedtls_pk_context *pub, const mbedtls_pk_context *prv )
  418. {
  419. PK_VALIDATE_RET( pub != NULL );
  420. PK_VALIDATE_RET( prv != NULL );
  421. if( pub->pk_info == NULL ||
  422. prv->pk_info == NULL )
  423. {
  424. return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
  425. }
  426. if( prv->pk_info->check_pair_func == NULL )
  427. return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
  428. if( prv->pk_info->type == MBEDTLS_PK_RSA_ALT )
  429. {
  430. if( pub->pk_info->type != MBEDTLS_PK_RSA )
  431. return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
  432. }
  433. else
  434. {
  435. if( pub->pk_info != prv->pk_info )
  436. return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
  437. }
  438. return( prv->pk_info->check_pair_func( pub->pk_ctx, prv->pk_ctx ) );
  439. }
  440. /*
  441. * Get key size in bits
  442. */
  443. size_t mbedtls_pk_get_bitlen( const mbedtls_pk_context *ctx )
  444. {
  445. /* For backward compatibility, accept NULL or a context that
  446. * isn't set up yet, and return a fake value that should be safe. */
  447. if( ctx == NULL || ctx->pk_info == NULL )
  448. return( 0 );
  449. return( ctx->pk_info->get_bitlen( ctx->pk_ctx ) );
  450. }
  451. /*
  452. * Export debug information
  453. */
  454. int mbedtls_pk_debug( const mbedtls_pk_context *ctx, mbedtls_pk_debug_item *items )
  455. {
  456. PK_VALIDATE_RET( ctx != NULL );
  457. if( ctx->pk_info == NULL )
  458. return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
  459. if( ctx->pk_info->debug_func == NULL )
  460. return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
  461. ctx->pk_info->debug_func( ctx->pk_ctx, items );
  462. return( 0 );
  463. }
  464. /*
  465. * Access the PK type name
  466. */
  467. const char *mbedtls_pk_get_name( const mbedtls_pk_context *ctx )
  468. {
  469. if( ctx == NULL || ctx->pk_info == NULL )
  470. return( "invalid PK" );
  471. return( ctx->pk_info->name );
  472. }
  473. /*
  474. * Access the PK type
  475. */
  476. mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx )
  477. {
  478. if( ctx == NULL || ctx->pk_info == NULL )
  479. return( MBEDTLS_PK_NONE );
  480. return( ctx->pk_info->type );
  481. }
  482. #if defined(MBEDTLS_USE_PSA_CRYPTO)
  483. /*
  484. * Load the key to a PSA key slot,
  485. * then turn the PK context into a wrapper for that key slot.
  486. *
  487. * Currently only works for EC private keys.
  488. */
  489. int mbedtls_pk_wrap_as_opaque( mbedtls_pk_context *pk,
  490. psa_key_id_t *key,
  491. psa_algorithm_t hash_alg )
  492. {
  493. #if !defined(MBEDTLS_ECP_C)
  494. ((void) pk);
  495. ((void) key);
  496. ((void) hash_alg);
  497. return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
  498. #else
  499. const mbedtls_ecp_keypair *ec;
  500. unsigned char d[MBEDTLS_ECP_MAX_BYTES];
  501. size_t d_len;
  502. psa_ecc_family_t curve_id;
  503. psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
  504. psa_key_type_t key_type;
  505. size_t bits;
  506. int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
  507. /* export the private key material in the format PSA wants */
  508. if( mbedtls_pk_get_type( pk ) != MBEDTLS_PK_ECKEY )
  509. return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
  510. ec = mbedtls_pk_ec( *pk );
  511. d_len = ( ec->grp.nbits + 7 ) / 8;
  512. if( ( ret = mbedtls_mpi_write_binary( &ec->d, d, d_len ) ) != 0 )
  513. return( ret );
  514. curve_id = mbedtls_ecc_group_to_psa( ec->grp.id, &bits );
  515. key_type = PSA_KEY_TYPE_ECC_KEY_PAIR( curve_id );
  516. /* prepare the key attributes */
  517. psa_set_key_type( &attributes, key_type );
  518. psa_set_key_bits( &attributes, bits );
  519. psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH );
  520. psa_set_key_algorithm( &attributes, PSA_ALG_ECDSA(hash_alg) );
  521. /* import private key into PSA */
  522. if( PSA_SUCCESS != psa_import_key( &attributes, d, d_len, key ) )
  523. return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );
  524. /* make PK context wrap the key slot */
  525. mbedtls_pk_free( pk );
  526. mbedtls_pk_init( pk );
  527. return( mbedtls_pk_setup_opaque( pk, *key ) );
  528. #endif /* MBEDTLS_ECP_C */
  529. }
  530. #endif /* MBEDTLS_USE_PSA_CRYPTO */
  531. #endif /* MBEDTLS_PK_C */