123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199 |
- #include <errno.h>
- #include <stdint.h>
- #include <limits.h>
- #include "pal.h"
- #include "pal_crypto.h"
- #include "pal_error.h"
- #include "pal_debug.h"
- #include "assert.h"
- #include "crypto/mbedtls/mbedtls/cmac.h"
- #include "crypto/mbedtls/mbedtls/sha256.h"
- #include "crypto/mbedtls/mbedtls/rsa.h"
- #define BITS_PER_BYTE 8
- int _DkRandomBitsRead(void *buffer, int size);
- static int RandomWrapper(void *private, unsigned char *data, size_t size)
- {
- return _DkRandomBitsRead(data, size) != size;
- }
- #define BITS_PER_BYTE 8
- int lib_SHA256Init(LIB_SHA256_CONTEXT *context)
- {
- mbedtls_sha256_init(context);
- mbedtls_sha256_starts(context, 0 );
- return 0;
- }
- int lib_SHA256Update(LIB_SHA256_CONTEXT *context, const uint8_t *data,
- uint64_t len)
- {
-
- if (len > UINT32_MAX) {
- return -PAL_ERROR_INVAL;
- }
- mbedtls_sha256_update(context, data, len);
- return 0;
- }
- int lib_SHA256Final(LIB_SHA256_CONTEXT *context, uint8_t *output)
- {
- mbedtls_sha256_finish(context, output);
-
- mbedtls_sha256_free(context);
- return 0;
- }
- int lib_AESCMAC(const uint8_t *key, uint64_t key_len, const uint8_t *input,
- uint64_t input_len, uint8_t *mac, uint64_t mac_len) {
- mbedtls_cipher_type_t cipher;
- switch (key_len) {
- case 16:
- cipher = MBEDTLS_CIPHER_AES_128_ECB;
- break;
- case 24:
- cipher = MBEDTLS_CIPHER_AES_192_ECB;
- break;
- case 32:
- cipher = MBEDTLS_CIPHER_AES_256_ECB;
- break;
- default:
- return -PAL_ERROR_INVAL;
- }
- const mbedtls_cipher_info_t *cipher_info =
- mbedtls_cipher_info_from_type(cipher);
- if (mac_len < cipher_info->block_size) {
- return -PAL_ERROR_INVAL;
- }
- return mbedtls_cipher_cmac(cipher_info,
- key, key_len * BITS_PER_BYTE,
- input, input_len, mac);
- }
- int lib_RSAInitKey(LIB_RSA_KEY *key)
- {
-
-
- mbedtls_rsa_init(key, MBEDTLS_RSA_PKCS_V15, 0);
- return 0;
- }
- int lib_RSAGenerateKey(LIB_RSA_KEY *key, uint64_t length_in_bits, uint64_t exponent)
- {
- if (length_in_bits > UINT_MAX) {
- return -PAL_ERROR_INVAL;
- }
- if (exponent > UINT_MAX || (int) exponent < 0) {
- return -PAL_ERROR_INVAL;
- }
- return mbedtls_rsa_gen_key(key, RandomWrapper, NULL, length_in_bits,
- exponent);
- }
- int lib_RSAExportPublicKey(LIB_RSA_KEY *key, uint8_t *e, uint64_t *e_size,
- uint8_t *n, uint64_t *n_size)
- {
- int ret;
-
- if ((ret = mbedtls_mpi_write_binary(&key->E, e, *e_size)) != 0) {
- return ret;
- }
-
- if ((ret = mbedtls_mpi_write_binary(&key->N, n, *n_size)) != 0) {
- return ret;
- }
- return 0;
- }
- int lib_RSAImportPublicKey(LIB_RSA_KEY *key, const uint8_t *e, uint64_t e_size,
- const uint8_t *n, uint64_t n_size)
- {
- int ret;
-
- if ((ret = mbedtls_mpi_read_binary(&key->E, e, e_size)) != 0) {
- return ret;
- }
-
- if ((ret = mbedtls_mpi_read_binary(&key->N, n, n_size)) != 0) {
- return ret;
- }
-
- key->len = (mbedtls_mpi_bitlen(&key->N) + 7) >> 3;
- return 0;
- }
- int lib_RSAVerifySHA256(LIB_RSA_KEY *key, const uint8_t *signature,
- uint64_t signature_len, uint8_t *signed_data_out,
- uint64_t signed_data_out_len)
- {
- size_t real_data_out_len;
-
- if (signature_len != key->len) {
- return -PAL_ERROR_INVAL;
- }
- int ret = mbedtls_rsa_rsaes_pkcs1_v15_decrypt(key, NULL, NULL,
- MBEDTLS_RSA_PUBLIC,
- &real_data_out_len,
- signature,
- signed_data_out,
- signed_data_out_len);
- if (ret == 0) {
- if (real_data_out_len != SHA256_DIGEST_LEN) {
- return -PAL_ERROR_INVAL;
- }
- }
- return ret;
- }
- int lib_RSAFreeKey(LIB_RSA_KEY *key)
- {
- mbedtls_rsa_free(key);
- return 0;
- }
|