Home Explore Help
Sign In
miti
/
graphene
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 8d99e037ea
Branches Tags
graphene
/
Pal
/
lib
/
crypto
/
adapters
/
mbedtls_adapter.c

mbedtls_adapter.c 6.1 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197 
  1. /* This file is part of Graphene Library OS.
    2. 

  2. 

  3.    Graphene Library OS is free software: you can redistribute it and/or
    4. 

  4.    modify it under the terms of the GNU General Public License
    5. 

  5.    as published by the Free Software Foundation, either version 3 of the
    6. 

  6.    License, or (at your option) any later version.
    7. 

  7. 

  8.    Graphene Library OS is distributed in the hope that it will be useful,
    9. 

  9.    but WITHOUT ANY WARRANTY; without even the implied warranty of
    10. 

  10.    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    11. 

  11.    GNU General Public License for more details.
    12. 

  12. 

  13.    You should have received a copy of the GNU General Public License
    14. 

  14.    along with this program.  If not, see <http://www.gnu.org/licenses/>.  */
    15. 

  15. 

  16. #include <stdint.h>
    17. 

  17. #include <limits.h>
    18. 

  18. #include "pal.h"
    19. 

  19. #include "pal_crypto.h"
    20. 

  20. #include "pal_error.h"
    21. 

  21. #include "pal_debug.h"
    22. 

  22. #include "assert.h"
    23. 

  23. #include "crypto/mbedtls/mbedtls/cmac.h"
    24. 

  24. #include "crypto/mbedtls/mbedtls/sha256.h"
    25. 

  25. #include "crypto/mbedtls/mbedtls/rsa.h"
    26. 

  26. 

  27. #define BITS_PER_BYTE 8
    28. 

  28. 

  29. /* This is declared in pal_internal.h, but that can't be included here. */
    30. 

  30. int _DkRandomBitsRead(void *buffer, int size);
    31. 

  31. 

  32. /* Wrapper to provide mbedtls the RNG interface it expects. It passes an
    33. 

  33.  * extra context parameter, and expects a return value of 0 for success
    34. 

  34.  * and nonzero for failure. */
    35. 

  35. static int RandomWrapper(void *private, unsigned char *data, size_t size)
    36. 

  36. {
    37. 

  37.     return _DkRandomBitsRead(data, size) != size;
    38. 

  38. }
    39. 

  39. 

  40. #define BITS_PER_BYTE 8
    41. 

  41. 

  42. int lib_SHA256Init(LIB_SHA256_CONTEXT *context)
    43. 

  43. {
    44. 

  44.     mbedtls_sha256_init(context);
    45. 

  45.     mbedtls_sha256_starts(context, 0 /* 0 = use SSH256 */);
    46. 

  46.     return 0;
    47. 

  47. }
    48. 

  48. 

  49. int lib_SHA256Update(LIB_SHA256_CONTEXT *context, const uint8_t *data,
    50. 

  50.                    uint64_t len)
    51. 

  51. {
    52. 

  52.     /* For compatibility with other SHA256 providers, don't support
    53. 

  53.      * large lengths. */
    54. 

  54.     if (len > UINT32_MAX) {
    55. 

  55.         return -PAL_ERROR_INVAL;
    56. 

  56.     }
    57. 

  57.     mbedtls_sha256_update(context, data, len);
    58. 

  58.     return 0;
    59. 

  59. }
    60. 

  60. 

  61. int lib_SHA256Final(LIB_SHA256_CONTEXT *context, uint8_t *output)
    62. 

  62. {
    63. 

  63.     mbedtls_sha256_finish(context, output);
    64. 

  64.     /* This function is called free, but it doesn't actually free the memory.
    65. 

  65.      * It zeroes out the context to avoid potentially leaking information
    66. 

  66.      * about the hash that was just performed. */
    67. 

  67.     mbedtls_sha256_free(context);
    68. 

  68.     return 0;
    69. 

  69. }
    70. 

  70. 

  71. int lib_AESCMAC(const uint8_t *key, uint64_t key_len, const uint8_t *input,
    72. 

  72.                 uint64_t input_len, uint8_t *mac, uint64_t mac_len) {
    73. 

  73.     mbedtls_cipher_type_t cipher;
    74. 

  74. 

  75.     switch (key_len) {
    76. 

  76.     case 16:
    77. 

  77.         cipher = MBEDTLS_CIPHER_AES_128_ECB;
    78. 

  78.         break;
    79. 

  79.     case 24:
    80. 

  80.         cipher = MBEDTLS_CIPHER_AES_192_ECB;
    81. 

  81.         break;
    82. 

  82.     case 32:
    83. 

  83.         cipher = MBEDTLS_CIPHER_AES_256_ECB;
    84. 

  84.         break;
    85. 

  85.     default:
    86. 

  86.         return -PAL_ERROR_INVAL;
    87. 

  87.     }
    88. 

  88. 

  89.     const mbedtls_cipher_info_t *cipher_info =
    90. 

  90.         mbedtls_cipher_info_from_type(cipher);
    91. 

  91. 

  92.     if (mac_len < cipher_info->block_size) {
    93. 

  93.         return -PAL_ERROR_INVAL;
    94. 

  94.     }
    95. 

  95. 

  96.     return mbedtls_cipher_cmac(cipher_info,
    97. 

  97.                                key, key_len * BITS_PER_BYTE,
    98. 

  98.                                input, input_len, mac);
    99. 

  99. }
    100. 

  100. 

  101. int lib_RSAInitKey(LIB_RSA_KEY *key)
    102. 

  102. {
    103. 

  103.     /* For now, we only need PKCS_V15 type padding. If we need to support
    104. 

  104.      * multiple padding types, I guess we'll need to add the padding type
    105. 

  105.      * to this API. We might need to add a wrapper type around the crypto
    106. 

  106.      * library's key/context type, since not all crypto providers store this
    107. 

  107.      * in the conext, and instead require you to pass it on each call. */
    108. 

  108. 

  109.     /* Last parameter here is the hash type, which is only used for
    110. 

  110.      * PKCS padding type 2.0. */
    111. 

  111.     mbedtls_rsa_init(key, MBEDTLS_RSA_PKCS_V15, 0);
    112. 

  112.     return 0;
    113. 

  113. }
    114. 

  114. 

  115. int lib_RSAGenerateKey(LIB_RSA_KEY *key, uint64_t length_in_bits, uint64_t exponent)
    116. 

  116. {
    117. 

  117.     if (length_in_bits > UINT_MAX) {
    118. 

  118.         return -PAL_ERROR_INVAL;
    119. 

  119.     }
    120. 

  120.     if (exponent > UINT_MAX || (int) exponent < 0) {
    121. 

  121.         return -PAL_ERROR_INVAL;
    122. 

  122.     }
    123. 

  123.     return mbedtls_rsa_gen_key(key, RandomWrapper, NULL, length_in_bits,
    124. 

  124.                                exponent);
    125. 

  125. }
    126. 

  126. 

  127. int lib_RSAExportPublicKey(LIB_RSA_KEY *key, uint8_t *e, uint64_t *e_size,
    128. 

  128.                            uint8_t *n, uint64_t *n_size)
    129. 

  129. {
    130. 

  130.     int ret;
    131. 

  131. 

  132.     /* Public exponent. */
    133. 

  133.     if ((ret = mbedtls_mpi_write_binary(&key->E, e, *e_size)) != 0) {
    134. 

  134.         return ret;
    135. 

  135.     }
    136. 

  136. 

  137.     /* Modulus. */
    138. 

  138.     if ((ret = mbedtls_mpi_write_binary(&key->N, n, *n_size)) != 0) {
    139. 

  139.         return ret;
    140. 

  140.     }
    141. 

  141.     return 0;
    142. 

  142. }
    143. 

  143. 

  144. int lib_RSAImportPublicKey(LIB_RSA_KEY *key, const uint8_t *e, uint64_t e_size,
    145. 

  145.                            const uint8_t *n, uint64_t n_size)
    146. 

  146. {
    147. 

  147.     int ret;
    148. 

  148. 

  149.     /* Public exponent. */
    150. 

  150.     if ((ret = mbedtls_mpi_read_binary(&key->E, e, e_size)) != 0) {
    151. 

  151.         return ret;
    152. 

  152.     }
    153. 

  153. 

  154.     /* Modulus. */
    155. 

  155.     if ((ret = mbedtls_mpi_read_binary(&key->N, n, n_size)) != 0) {
    156. 

  156.         return ret;
    157. 

  157.     }
    158. 

  158. 

  159.     /* This length is in bytes. */
    160. 

  160.     key->len = (mbedtls_mpi_bitlen(&key->N) + 7) >> 3;
    161. 

  161. 

  162.     return 0;
    163. 

  163. }
    164. 

  164. 

  165. int lib_RSAVerifySHA256(LIB_RSA_KEY *key, const uint8_t *signature,
    166. 

  166.                         uint64_t signature_len, uint8_t *signed_data_out,
    167. 

  167.                         uint64_t signed_data_out_len)
    168. 

  168. {
    169. 

  169.     size_t real_data_out_len;
    170. 

  170. 

  171.     /* The mbedtls decrypt API assumes that you have a memory buffer that
    172. 

  172.      * is as large as the key size and take the length as a parameter. We
    173. 

  173.      * check, so that in the event the caller makes a mistake, you'll get
    174. 

  174.      * an error instead of reading off the end of the buffer. */
    175. 

  175.     if (signature_len != key->len) {
    176. 

  176.         return -PAL_ERROR_INVAL;
    177. 

  177.     }
    178. 

  178.     int ret = mbedtls_rsa_rsaes_pkcs1_v15_decrypt(key, NULL, NULL,
    179. 

  179.                                                   MBEDTLS_RSA_PUBLIC,
    180. 

  180.                                                   &real_data_out_len,
    181. 

  181.                                                   signature,
    182. 

  182.                                                   signed_data_out,
    183. 

  183.                                                   signed_data_out_len);
    184. 

  184.     if (ret == 0) {
    185. 

  185.         if (real_data_out_len != SHA256_DIGEST_LEN) {
    186. 

  186.             return -PAL_ERROR_INVAL;
    187. 

  187.         }
    188. 

  188.     }
    189. 

  189.     return ret;
    190. 

  190. }
    191. 

  191. 

  192. int lib_RSAFreeKey(LIB_RSA_KEY *key)
    193. 

  193. {
    194. 

  194.     mbedtls_rsa_free(key);
    195. 

  195.     return 0;
    196. 

  196. }
    197. 

  197.