Google Git
Sign in
coral / a71ch-crypto-support / 8dc1f1434da50a4b7361d651239c1f3f4f8cc25b / . / sss / plugin / mbedtls / sss_mbedtls_rsa.c
blob: e2e83c798c1ee1deec76b01dfe082c177cd3c91f [file] [log] [blame]
/*
*
* Copyright 2018-2019 NXP
* SPDX-License-Identifier: Apache-2.0
*/
/**
* @file sss_mbedtls_rsa.c
*
* @par Description
* Implementation of key association between SSS and mbedtls.
*
*****************************************************************************/
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif
/** @ingroup ax_mbed_tls */
/** @{ */
#if defined(MBEDTLS_RSA_ALT)
#include <fsl_sss_util_asn1_der.h>
#include <nxLog_sss.h>
#include <string.h>
#include "fsl_sss_api.h"
#include "mbedtls/pk_internal.h"
#include "mbedtls/platform.h"
#include "mbedtls/rsa.h"
#include "mbedtls/ssl.h"
#include "mbedtls/ssl_internal.h"
#include "mbedtls/version.h"
#include "sss_mbedtls.h"
#if defined(FLOW_VERBOSE) && (FLOW_VERBOSE == 1)
#define LOG_API_CALLS 1
#else
#define LOG_API_CALLS 0
#endif /* FLOW_VERBOSE */
#ifndef LOG_API_CALLS
#define LOG_API_CALLS 1 /* Log by default */
#endif
static size_t sss_rsakey_get_bitlen(const void *ctx);
static int sss_rsakey_sign(void *ctx,
mbedtls_md_type_t md_alg,
const unsigned char *hash,
size_t hash_len,
unsigned char *sig,
size_t *sig_len,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng);
static int sss_rsakey_verify(void *ctx,
mbedtls_md_type_t md_alg,
const unsigned char *hash,
size_t hash_len,
const unsigned char *sig,
size_t sig_len);
static int sss_rsakey_check_pair(const void *pub, const void *prv);
static int sss_rsakeypair_can_do(mbedtls_pk_type_t type);
static int sss_rsapubkey_can_do(mbedtls_pk_type_t type);
static void sss_rsakeypair_free_func(void *ctx);
static void sss_rsapubkey_free_func(void *ctx);
const mbedtls_pk_info_t ax_mbedtls_rsakeypair_info = {
MBEDTLS_PK_RSA,
"AxRSA_Keypair",
&sss_rsakey_get_bitlen,
&sss_rsakeypair_can_do,
NULL,
&sss_rsakey_sign,
NULL, // decrypt_func,
NULL, // encrypt_func,
&sss_rsakey_check_pair,
NULL, //&ax_rsakey_alloc,
&sss_rsakeypair_free_func,
NULL, //&ax_rsakey_debug,
};
const mbedtls_pk_info_t ax_mbedtls_rsapubkey_info = {
MBEDTLS_PK_RSA,
"AxRSA_pubkey",
&sss_rsakey_get_bitlen,
&sss_rsapubkey_can_do,
&sss_rsakey_verify,
NULL,
NULL,
NULL,
NULL,
NULL,
&sss_rsapubkey_free_func,
NULL,
};
static size_t sss_rsakey_get_bitlen(const void *ctx)
{
mbedtls_rsa_context *pax_ctx = (mbedtls_rsa_context *)ctx;
return pax_ctx->len;
}
static int sss_rsakey_verify(void *ctx,
mbedtls_md_type_t md_alg,
const unsigned char *hash,
size_t hash_len,
const unsigned char *sig,
size_t sig_len)
{
sss_status_t status = kStatus_SSS_Success;
sss_asymmetric_t asymVerifyCtx;
sss_object_t *sssObject = NULL;
sss_algorithm_t algorithm;
mbedtls_rsa_context *pax_ctx = (mbedtls_rsa_context *)ctx;
switch (md_alg) {
case MBEDTLS_MD_SHA1:
algorithm = kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA1;
break;
case MBEDTLS_MD_SHA224:
algorithm = kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA224;
break;
case MBEDTLS_MD_SHA256:
algorithm = kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA256;
break;
case MBEDTLS_MD_SHA384:
algorithm = kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA384;
break;
case MBEDTLS_MD_SHA512:
algorithm = kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA512;
break;
default:
return 1;
}
sssObject = (sss_object_t *)pax_ctx->pSSSObject;
LOG_D("Using RSA key-pair '0x%08X'", pax_ctx->pSSSObject->keyId);
status = sss_asymmetric_context_init(
&asymVerifyCtx, sssObject->keyStore->session, sssObject, algorithm, kMode_SSS_Verify);
if (status != kStatus_SSS_Success) {
LOG_E(" sss_asymmetric_context_init verify context Failed.");
return 1;
}
status = sss_asymmetric_verify_digest(&asymVerifyCtx, (uint8_t *)hash, hash_len, (uint8_t *)sig, sig_len);
if (status != kStatus_SSS_Success) {
LOG_E(" sss_asymmetric_verify_digest Failed.");
return 1;
}
return (0);
}
static int sss_rsakey_sign(void *ctx,
mbedtls_md_type_t md_alg,
const unsigned char *hash,
size_t hash_len,
unsigned char *sig,
size_t *sig_len,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng)
{
int ret = 0;
size_t u16_sig_len = 1024;
sss_asymmetric_t asymVerifyCtx;
sss_status_t status = kStatus_SSS_Success;
sss_object_t *sssObject = NULL;
mbedtls_rsa_context *pax_ctx = NULL;
sss_algorithm_t algorithm;
pax_ctx = (mbedtls_rsa_context *)ctx;
sssObject = (sss_object_t *)pax_ctx->pSSSObject;
switch (md_alg) {
case MBEDTLS_MD_SHA1:
algorithm = kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA1;
break;
case MBEDTLS_MD_SHA224:
algorithm = kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA224;
break;
case MBEDTLS_MD_SHA256:
algorithm = kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA256;
break;
case MBEDTLS_MD_SHA384:
algorithm = kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA384;
break;
case MBEDTLS_MD_SHA512:
algorithm = kAlgorithm_SSS_RSASSA_PKCS1_V1_5_SHA512;
break;
default:
return 1;
}
status =
sss_asymmetric_context_init(&asymVerifyCtx, sssObject->keyStore->session, sssObject, algorithm, kMode_SSS_Sign);
if (status != kStatus_SSS_Success) {
LOG_E(" sss_asymmetric_context_init verify context Failed.");
return 1;
}
LOG_D("Signing using key %08lX\r\n", pax_ctx->pSSSObject->keyId);
status = sss_asymmetric_sign_digest(&asymVerifyCtx, (uint8_t *)hash, hash_len, sig, &u16_sig_len);
if (status != kStatus_SSS_Success) {
LOG_E(" sss_asymmetric_sign_digest failed.");
return 1;
}
*sig_len = u16_sig_len;
return (ret);
}
static int sss_rsakey_check_pair(const void *pub, const void *prv)
{
return 0;
}
static int sss_rsakeypair_can_do(mbedtls_pk_type_t type)
{
return (type == MBEDTLS_PK_RSA || type == MBEDTLS_PK_RSASSA_PSS);
}
static int sss_rsapubkey_can_do(mbedtls_pk_type_t type)
{
return (type == MBEDTLS_PK_RSA || type == MBEDTLS_PK_RSASSA_PSS);
}
static void sss_rsakeypair_free_func(void *ctx)
{
mbedtls_rsa_context *pax_ctx = (mbedtls_rsa_context *)ctx;
if (pax_ctx != NULL) {
mbedtls_free(ctx);
}
return;
}
static void sss_rsapubkey_free_func(void *ctx)
{
mbedtls_rsa_context *pax_ctx = (mbedtls_rsa_context *)ctx;
if (pax_ctx != NULL) {
mbedtls_free(ctx);
}
return;
}
#endif /* MBEDTLS_RSA_ALT */
/** @} */