Home Explore Help
Sign In
miti
/
graphene
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 62302518e8
Branches Tags
graphene
/
Pal
/
lib
/
crypto
/
adapters
/
mbedtls_adapter.c

mbedtls_adapter.c 6.1 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198 
  1. /* This file is part of Graphene Library OS.
    2. 

  2. 

  3.    Graphene Library OS is free software: you can redistribute it and/or
    4. 

  4.    modify it under the terms of the GNU General Public License
    5. 

  5.    as published by the Free Software Foundation, either version 3 of the
    6. 

  6.    License, or (at your option) any later version.
    7. 

  7. 

  8.    Graphene Library OS is distributed in the hope that it will be useful,
    9. 

  9.    but WITHOUT ANY WARRANTY; without even the implied warranty of
    10. 

  10.    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    11. 

  11.    GNU General Public License for more details.
    12. 

  12. 

  13.    You should have received a copy of the GNU General Public License
    14. 

  14.    along with this program.  If not, see <http://www.gnu.org/licenses/>.  */
    15. 

  15. 

  16. #include <errno.h>
    17. 

  17. #include <stdint.h>
    18. 

  18. #include <limits.h>
    19. 

  19. #include "pal.h"
    20. 

  20. #include "pal_crypto.h"
    21. 

  21. #include "pal_error.h"
    22. 

  22. #include "pal_debug.h"
    23. 

  23. #include "assert.h"
    24. 

  24. #include "crypto/mbedtls/mbedtls/cmac.h"
    25. 

  25. #include "crypto/mbedtls/mbedtls/sha256.h"
    26. 

  26. #include "crypto/mbedtls/mbedtls/rsa.h"
    27. 

  27. 

  28. #define BITS_PER_BYTE 8
    29. 

  29. 

  30. /* This is declared in pal_internal.h, but that can't be included here. */
    31. 

  31. int _DkRandomBitsRead(void *buffer, int size);
    32. 

  32. 

  33. /* Wrapper to provide mbedtls the RNG interface it expects. It passes an
    34. 

  34.  * extra context parameter, and expects a return value of 0 for success
    35. 

  35.  * and nonzero for failure. */
    36. 

  36. static int RandomWrapper(void *private, unsigned char *data, size_t size)
    37. 

  37. {
    38. 

  38.     return _DkRandomBitsRead(data, size) != size;
    39. 

  39. }
    40. 

  40. 

  41. #define BITS_PER_BYTE 8
    42. 

  42. 

  43. int lib_SHA256Init(LIB_SHA256_CONTEXT *context)
    44. 

  44. {
    45. 

  45.     mbedtls_sha256_init(context);
    46. 

  46.     mbedtls_sha256_starts(context, 0 /* 0 = use SSH256 */);
    47. 

  47.     return 0;
    48. 

  48. }
    49. 

  49. 

  50. int lib_SHA256Update(LIB_SHA256_CONTEXT *context, const uint8_t *data,
    51. 

  51.                    uint64_t len)
    52. 

  52. {
    53. 

  53.     /* For compatibility with other SHA256 providers, don't support
    54. 

  54.      * large lengths. */
    55. 

  55.     if (len > UINT32_MAX) {
    56. 

  56.         return -PAL_ERROR_INVAL;
    57. 

  57.     }
    58. 

  58.     mbedtls_sha256_update(context, data, len);
    59. 

  59.     return 0;
    60. 

  60. }
    61. 

  61. 

  62. int lib_SHA256Final(LIB_SHA256_CONTEXT *context, uint8_t *output)
    63. 

  63. {
    64. 

  64.     mbedtls_sha256_finish(context, output);
    65. 

  65.     /* This function is called free, but it doesn't actually free the memory.
    66. 

  66.      * It zeroes out the context to avoid potentially leaking information
    67. 

  67.      * about the hash that was just performed. */
    68. 

  68.     mbedtls_sha256_free(context);
    69. 

  69.     return 0;
    70. 

  70. }
    71. 

  71. 

  72. int lib_AESCMAC(const uint8_t *key, uint64_t key_len, const uint8_t *input,
    73. 

  73.                 uint64_t input_len, uint8_t *mac, uint64_t mac_len) {
    74. 

  74.     mbedtls_cipher_type_t cipher;
    75. 

  75. 

  76.     switch (key_len) {
    77. 

  77.     case 16:
    78. 

  78.         cipher = MBEDTLS_CIPHER_AES_128_ECB;
    79. 

  79.         break;
    80. 

  80.     case 24:
    81. 

  81.         cipher = MBEDTLS_CIPHER_AES_192_ECB;
    82. 

  82.         break;
    83. 

  83.     case 32:
    84. 

  84.         cipher = MBEDTLS_CIPHER_AES_256_ECB;
    85. 

  85.         break;
    86. 

  86.     default:
    87. 

  87.         return -PAL_ERROR_INVAL;
    88. 

  88.     }
    89. 

  89. 

  90.     const mbedtls_cipher_info_t *cipher_info =
    91. 

  91.         mbedtls_cipher_info_from_type(cipher);
    92. 

  92. 

  93.     if (mac_len < cipher_info->block_size) {
    94. 

  94.         return -PAL_ERROR_INVAL;
    95. 

  95.     }
    96. 

  96. 

  97.     return mbedtls_cipher_cmac(cipher_info,
    98. 

  98.                                key, key_len * BITS_PER_BYTE,
    99. 

  99.                                input, input_len, mac);
    100. 

  100. }
    101. 

  101. 

  102. int lib_RSAInitKey(LIB_RSA_KEY *key)
    103. 

  103. {
    104. 

  104.     /* For now, we only need PKCS_V15 type padding. If we need to support
    105. 

  105.      * multiple padding types, I guess we'll need to add the padding type
    106. 

  106.      * to this API. We might need to add a wrapper type around the crypto
    107. 

  107.      * library's key/context type, since not all crypto providers store this
    108. 

  108.      * in the conext, and instead require you to pass it on each call. */
    109. 

  109. 

  110.     /* Last parameter here is the hash type, which is only used for
    111. 

  111.      * PKCS padding type 2.0. */
    112. 

  112.     mbedtls_rsa_init(key, MBEDTLS_RSA_PKCS_V15, 0);
    113. 

  113.     return 0;
    114. 

  114. }
    115. 

  115. 

  116. int lib_RSAGenerateKey(LIB_RSA_KEY *key, uint64_t length_in_bits, uint64_t exponent)
    117. 

  117. {
    118. 

  118.     if (length_in_bits > UINT_MAX) {
    119. 

  119.         return -PAL_ERROR_INVAL;
    120. 

  120.     }
    121. 

  121.     if (exponent > UINT_MAX || (int) exponent < 0) {
    122. 

  122.         return -PAL_ERROR_INVAL;
    123. 

  123.     }
    124. 

  124.     return mbedtls_rsa_gen_key(key, RandomWrapper, NULL, length_in_bits,
    125. 

  125.                                exponent);
    126. 

  126. }
    127. 

  127. 

  128. int lib_RSAExportPublicKey(LIB_RSA_KEY *key, uint8_t *e, uint64_t *e_size,
    129. 

  129.                            uint8_t *n, uint64_t *n_size)
    130. 

  130. {
    131. 

  131.     int ret;
    132. 

  132. 

  133.     /* Public exponent. */
    134. 

  134.     if ((ret = mbedtls_mpi_write_binary(&key->E, e, *e_size)) != 0) {
    135. 

  135.         return ret;
    136. 

  136.     }
    137. 

  137. 

  138.     /* Modulus. */
    139. 

  139.     if ((ret = mbedtls_mpi_write_binary(&key->N, n, *n_size)) != 0) {
    140. 

  140.         return ret;
    141. 

  141.     }
    142. 

  142.     return 0;
    143. 

  143. }
    144. 

  144. 

  145. int lib_RSAImportPublicKey(LIB_RSA_KEY *key, const uint8_t *e, uint64_t e_size,
    146. 

  146.                            const uint8_t *n, uint64_t n_size)
    147. 

  147. {
    148. 

  148.     int ret;
    149. 

  149. 

  150.     /* Public exponent. */
    151. 

  151.     if ((ret = mbedtls_mpi_read_binary(&key->E, e, e_size)) != 0) {
    152. 

  152.         return ret;
    153. 

  153.     }
    154. 

  154. 

  155.     /* Modulus. */
    156. 

  156.     if ((ret = mbedtls_mpi_read_binary(&key->N, n, n_size)) != 0) {
    157. 

  157.         return ret;
    158. 

  158.     }
    159. 

  159. 

  160.     /* This length is in bytes. */
    161. 

  161.     key->len = (mbedtls_mpi_bitlen(&key->N) + 7) >> 3;
    162. 

  162. 

  163.     return 0;
    164. 

  164. }
    165. 

  165. 

  166. int lib_RSAVerifySHA256(LIB_RSA_KEY *key, const uint8_t *signature,
    167. 

  167.                         uint64_t signature_len, uint8_t *signed_data_out,
    168. 

  168.                         uint64_t signed_data_out_len)
    169. 

  169. {
    170. 

  170.     size_t real_data_out_len;
    171. 

  171. 

  172.     /* The mbedtls decrypt API assumes that you have a memory buffer that
    173. 

  173.      * is as large as the key size and take the length as a parameter. We
    174. 

  174.      * check, so that in the event the caller makes a mistake, you'll get
    175. 

  175.      * an error instead of reading off the end of the buffer. */
    176. 

  176.     if (signature_len != key->len) {
    177. 

  177.         return -PAL_ERROR_INVAL;
    178. 

  178.     }
    179. 

  179.     int ret = mbedtls_rsa_rsaes_pkcs1_v15_decrypt(key, NULL, NULL,
    180. 

  180.                                                   MBEDTLS_RSA_PUBLIC,
    181. 

  181.                                                   &real_data_out_len,
    182. 

  182.                                                   signature,
    183. 

  183.                                                   signed_data_out,
    184. 

  184.                                                   signed_data_out_len);
    185. 

  185.     if (ret == 0) {
    186. 

  186.         if (real_data_out_len != SHA256_DIGEST_LEN) {
    187. 

  187.             return -PAL_ERROR_INVAL;
    188. 

  188.         }
    189. 

  189.     }
    190. 

  190.     return ret;
    191. 

  191. }
    192. 

  192. 

  193. int lib_RSAFreeKey(LIB_RSA_KEY *key)
    194. 

  194. {
    195. 

  195.     mbedtls_rsa_free(key);
    196. 

  196.     return 0;
    197. 

  197. }
    198. 

  198.