From 81e4f06048556d0bc309f5bcdd67766372703757 Mon Sep 17 00:00:00 2001 From: jakcron Date: Sun, 15 Apr 2018 10:33:00 +0800 Subject: [PATCH] [crypto] Add RSA-2048-PSS verification. --- lib/libcrypto/include/crypto/rsa.h | 13 + .../libpolarssl/include/polarssl/config.h | 4 +- .../source/libpolarssl/include/polarssl/md.h | 357 +++++++++ .../libpolarssl/include/polarssl/md_wrap.h | 61 ++ .../source/libpolarssl/source/polar_md.c | 300 +++++++ .../source/libpolarssl/source/polar_md_wrap.c | 743 ++++++++++++++++++ lib/libcrypto/source/rsa.cpp | 37 + 7 files changed, 1513 insertions(+), 2 deletions(-) create mode 100644 lib/libcrypto/source/libpolarssl/include/polarssl/md.h create mode 100644 lib/libcrypto/source/libpolarssl/include/polarssl/md_wrap.h create mode 100644 lib/libcrypto/source/libpolarssl/source/polar_md.c create mode 100644 lib/libcrypto/source/libpolarssl/source/polar_md_wrap.c diff --git a/lib/libcrypto/include/crypto/rsa.h b/lib/libcrypto/include/crypto/rsa.h index eba43e0..6588e8c 100644 --- a/lib/libcrypto/include/crypto/rsa.h +++ b/lib/libcrypto/include/crypto/rsa.h @@ -107,5 +107,18 @@ namespace crypto int rsaSign(const sRsa4096Key& key, sha::HashType hash_type, const uint8_t* hash, uint8_t signature[kRsa4096Size]); int rsaVerify(const sRsa4096Key& key, sha::HashType hash_type, const uint8_t* hash, const uint8_t signature[kRsa4096Size]); } + + namespace pss + { + // rsa1024 + //int rsaSign(const sRsa1024Key& key, sha::HashType hash_type, const uint8_t* hash, uint8_t signature[kRsa1024Size]); + //int rsaVerify(const sRsa1024Key& key, sha::HashType hash_type, const uint8_t* hash, const uint8_t signature[kRsa1024Size]); + // rsa2048 + //int rsaSign(const sRsa2048Key& key, sha::HashType hash_type, const uint8_t* hash, uint8_t signature[kRsa2048Size]); + int rsaVerify(const sRsa2048Key& key, sha::HashType hash_type, const uint8_t* hash, const uint8_t signature[kRsa2048Size]); + // rsa4096 + //int rsaSign(const sRsa4096Key& key, sha::HashType hash_type, const uint8_t* hash, uint8_t signature[kRsa4096Size]); + //int rsaVerify(const sRsa4096Key& key, sha::HashType hash_type, const uint8_t* hash, const uint8_t signature[kRsa4096Size]); + } } } diff --git a/lib/libcrypto/source/libpolarssl/include/polarssl/config.h b/lib/libcrypto/source/libpolarssl/include/polarssl/config.h index 2c43ff4..ae0d486 100644 --- a/lib/libcrypto/source/libpolarssl/include/polarssl/config.h +++ b/lib/libcrypto/source/libpolarssl/include/polarssl/config.h @@ -248,7 +248,7 @@ * Enable support for PKCS#1 v2.1 encoding. * This enables support for RSAES-OAEP and RSASSA-PSS operations. */ -//#define POLARSSL_PKCS1_V21 +#define POLARSSL_PKCS1_V21 /** * \def POLARSSL_RSA_NO_CRT @@ -641,7 +641,7 @@ * * Uncomment to enable generic message digest wrappers. */ -//#define POLARSSL_MD_C +#define POLARSSL_MD_C /** * \def POLARSSL_MD2_C diff --git a/lib/libcrypto/source/libpolarssl/include/polarssl/md.h b/lib/libcrypto/source/libpolarssl/include/polarssl/md.h new file mode 100644 index 0000000..ae38aad --- /dev/null +++ b/lib/libcrypto/source/libpolarssl/include/polarssl/md.h @@ -0,0 +1,357 @@ +/** + * \file md.h + * + * \brief Generic message digest wrapper + * + * \author Adriaan de Jong + * + * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * + * This file is part of mbed TLS (https://polarssl.org) + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#ifndef POLARSSL_MD_H +#define POLARSSL_MD_H + +#include + +#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ + !defined(inline) && !defined(__cplusplus) +#define inline __inline +#endif + +#define POLARSSL_ERR_MD_FEATURE_UNAVAILABLE -0x5080 /**< The selected feature is not available. */ +#define POLARSSL_ERR_MD_BAD_INPUT_DATA -0x5100 /**< Bad input parameters to function. */ +#define POLARSSL_ERR_MD_ALLOC_FAILED -0x5180 /**< Failed to allocate memory. */ +#define POLARSSL_ERR_MD_FILE_IO_ERROR -0x5200 /**< Opening or reading of file failed. */ + +typedef enum { + POLARSSL_MD_NONE=0, + POLARSSL_MD_MD2, + POLARSSL_MD_MD4, + POLARSSL_MD_MD5, + POLARSSL_MD_SHA1, + POLARSSL_MD_SHA224, + POLARSSL_MD_SHA256, + POLARSSL_MD_SHA384, + POLARSSL_MD_SHA512, +} md_type_t; + +#define POLARSSL_MD_MAX_SIZE 64 /* longest known is SHA512 */ + +/** + * Message digest information. Allows message digest functions to be called + * in a generic way. + */ +typedef struct { + /** Digest identifier */ + md_type_t type; + + /** Name of the message digest */ + const char * name; + + /** Output length of the digest function */ + int size; + + /** Digest initialisation function */ + void (*starts_func)( void *ctx ); + + /** Digest update function */ + void (*update_func)( void *ctx, const unsigned char *input, size_t ilen ); + + /** Digest finalisation function */ + void (*finish_func)( void *ctx, unsigned char *output ); + + /** Generic digest function */ + void (*digest_func)( const unsigned char *input, size_t ilen, + unsigned char *output ); + + /** Generic file digest function */ + int (*file_func)( const char *path, unsigned char *output ); + + /** HMAC Initialisation function */ + void (*hmac_starts_func)( void *ctx, const unsigned char *key, size_t keylen ); + + /** HMAC update function */ + void (*hmac_update_func)( void *ctx, const unsigned char *input, size_t ilen ); + + /** HMAC finalisation function */ + void (*hmac_finish_func)( void *ctx, unsigned char *output); + + /** HMAC context reset function */ + void (*hmac_reset_func)( void *ctx ); + + /** Generic HMAC function */ + void (*hmac_func)( const unsigned char *key, size_t keylen, + const unsigned char *input, size_t ilen, + unsigned char *output ); + + /** Allocate a new context */ + void * (*ctx_alloc_func)( void ); + + /** Free the given context */ + void (*ctx_free_func)( void *ctx ); + +} md_info_t; + +/** + * Generic message digest context. + */ +typedef struct { + /** Information about the associated message digest */ + const md_info_t *md_info; + + /** Digest-specific context */ + void *md_ctx; +} md_context_t; + +#define MD_CONTEXT_T_INIT { \ + NULL, /* md_info */ \ + NULL, /* md_ctx */ \ +} + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * \brief Returns the list of digests supported by the generic digest module. + * + * \return a statically allocated array of digests, the last entry + * is 0. + */ +const int *md_list( void ); + +/** + * \brief Returns the message digest information associated with the + * given digest name. + * + * \param md_name Name of the digest to search for. + * + * \return The message digest information associated with md_name or + * NULL if not found. + */ +const md_info_t *md_info_from_string( const char *md_name ); + +/** + * \brief Returns the message digest information associated with the + * given digest type. + * + * \param md_type type of digest to search for. + * + * \return The message digest information associated with md_type or + * NULL if not found. + */ +const md_info_t *md_info_from_type( md_type_t md_type ); + +/** + * \brief Initialises and fills the message digest context structure with + * the appropriate values. + * + * \param ctx context to initialise. May not be NULL. The + * digest-specific context (ctx->md_ctx) must be NULL. It will + * be allocated, and must be freed using md_free_ctx() later. + * \param md_info message digest to use. + * + * \returns \c 0 on success, \c POLARSSL_ERR_MD_BAD_INPUT_DATA on + * parameter failure, \c POLARSSL_ERR_MD_ALLOC_FAILED if + * allocation of the digest-specific context failed. + */ +int md_init_ctx( md_context_t *ctx, const md_info_t *md_info ); + +/** + * \brief Free the message-specific context of ctx. Freeing ctx itself + * remains the responsibility of the caller. + * + * \param ctx Free the message-specific context + * + * \returns 0 on success, POLARSSL_ERR_MD_BAD_INPUT_DATA if parameter + * verification fails. + */ +int md_free_ctx( md_context_t *ctx ); + +/** + * \brief Returns the size of the message digest output. + * + * \param md_info message digest info + * + * \return size of the message digest output. + */ +static inline unsigned char md_get_size( const md_info_t *md_info ) +{ + if( md_info == NULL ) + return( 0 ); + + return md_info->size; +} + +/** + * \brief Returns the type of the message digest output. + * + * \param md_info message digest info + * + * \return type of the message digest output. + */ +static inline md_type_t md_get_type( const md_info_t *md_info ) +{ + if( md_info == NULL ) + return( POLARSSL_MD_NONE ); + + return md_info->type; +} + +/** + * \brief Returns the name of the message digest output. + * + * \param md_info message digest info + * + * \return name of the message digest output. + */ +static inline const char *md_get_name( const md_info_t *md_info ) +{ + if( md_info == NULL ) + return( NULL ); + + return md_info->name; +} + +/** + * \brief Set-up the given context for a new message digest + * + * \param ctx generic message digest context. + * + * \returns 0 on success, POLARSSL_ERR_MD_BAD_INPUT_DATA if parameter + * verification fails. + */ +int md_starts( md_context_t *ctx ); + +/** + * \brief Generic message digest process buffer + * + * \param ctx Generic message digest context + * \param input buffer holding the datal + * \param ilen length of the input data + * + * \returns 0 on success, POLARSSL_ERR_MD_BAD_INPUT_DATA if parameter + * verification fails. + */ +int md_update( md_context_t *ctx, const unsigned char *input, size_t ilen ); + +/** + * \brief Generic message digest final digest + * + * \param ctx Generic message digest context + * \param output Generic message digest checksum result + * + * \returns 0 on success, POLARSSL_ERR_MD_BAD_INPUT_DATA if parameter + * verification fails. + */ +int md_finish( md_context_t *ctx, unsigned char *output ); + +/** + * \brief Output = message_digest( input buffer ) + * + * \param md_info message digest info + * \param input buffer holding the data + * \param ilen length of the input data + * \param output Generic message digest checksum result + * + * \returns 0 on success, POLARSSL_ERR_MD_BAD_INPUT_DATA if parameter + * verification fails. + */ +int md( const md_info_t *md_info, const unsigned char *input, size_t ilen, + unsigned char *output ); + +/** + * \brief Output = message_digest( file contents ) + * + * \param md_info message digest info + * \param path input file name + * \param output generic message digest checksum result + * + * \return 0 if successful, POLARSSL_ERR_MD_FILE_OPEN_FAILED if fopen + * failed, POLARSSL_ERR_MD_FILE_READ_FAILED if fread failed, + * POLARSSL_ERR_MD_BAD_INPUT_DATA if md_info was NULL. + */ +int md_file( const md_info_t *md_info, const char *path, unsigned char *output ); + +/** + * \brief Generic HMAC context setup + * + * \param ctx HMAC context to be initialized + * \param key HMAC secret key + * \param keylen length of the HMAC key + * + * \returns 0 on success, POLARSSL_ERR_MD_BAD_INPUT_DATA if parameter + * verification fails. + */ +int md_hmac_starts( md_context_t *ctx, const unsigned char *key, size_t keylen ); + +/** + * \brief Generic HMAC process buffer + * + * \param ctx HMAC context + * \param input buffer holding the data + * \param ilen length of the input data + * + * \returns 0 on success, POLARSSL_ERR_MD_BAD_INPUT_DATA if parameter + * verification fails. + */ +int md_hmac_update( md_context_t *ctx, const unsigned char *input, size_t ilen ); + +/** + * \brief Generic HMAC final digest + * + * \param ctx HMAC context + * \param output Generic HMAC checksum result + * + * \returns 0 on success, POLARSSL_ERR_MD_BAD_INPUT_DATA if parameter + * verification fails. + */ +int md_hmac_finish( md_context_t *ctx, unsigned char *output); + +/** + * \brief Generic HMAC context reset + * + * \param ctx HMAC context to be reset + * + * \returns 0 on success, POLARSSL_ERR_MD_BAD_INPUT_DATA if parameter + * verification fails. + */ +int md_hmac_reset( md_context_t *ctx ); + +/** + * \brief Output = Generic_HMAC( hmac key, input buffer ) + * + * \param md_info message digest info + * \param key HMAC secret key + * \param keylen length of the HMAC key + * \param input buffer holding the data + * \param ilen length of the input data + * \param output Generic HMAC-result + * + * \returns 0 on success, POLARSSL_ERR_MD_BAD_INPUT_DATA if parameter + * verification fails. + */ +int md_hmac( const md_info_t *md_info, const unsigned char *key, size_t keylen, + const unsigned char *input, size_t ilen, + unsigned char *output ); + +#ifdef __cplusplus +} +#endif + +#endif /* POLARSSL_MD_H */ diff --git a/lib/libcrypto/source/libpolarssl/include/polarssl/md_wrap.h b/lib/libcrypto/source/libpolarssl/include/polarssl/md_wrap.h new file mode 100644 index 0000000..0c2ced5 --- /dev/null +++ b/lib/libcrypto/source/libpolarssl/include/polarssl/md_wrap.h @@ -0,0 +1,61 @@ +/** + * \file md_wrap.h + * + * \brief Message digest wrappers. + * + * \author Adriaan de Jong + * + * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * + * This file is part of mbed TLS (https://polarssl.org) + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#ifndef POLARSSL_MD_WRAP_H +#define POLARSSL_MD_WRAP_H + +#include "config.h" +#include "md.h" + +#ifdef __cplusplus +extern "C" { +#endif + +#if defined(POLARSSL_MD2_C) +extern const md_info_t md2_info; +#endif +#if defined(POLARSSL_MD4_C) +extern const md_info_t md4_info; +#endif +#if defined(POLARSSL_MD5_C) +extern const md_info_t md5_info; +#endif +#if defined(POLARSSL_SHA1_C) +extern const md_info_t sha1_info; +#endif +#if defined(POLARSSL_SHA2_C) +extern const md_info_t sha224_info; +extern const md_info_t sha256_info; +#endif +#if defined(POLARSSL_SHA4_C) +extern const md_info_t sha384_info; +extern const md_info_t sha512_info; +#endif + +#ifdef __cplusplus +} +#endif + +#endif /* POLARSSL_MD_WRAP_H */ diff --git a/lib/libcrypto/source/libpolarssl/source/polar_md.c b/lib/libcrypto/source/libpolarssl/source/polar_md.c new file mode 100644 index 0000000..c16f2fb --- /dev/null +++ b/lib/libcrypto/source/libpolarssl/source/polar_md.c @@ -0,0 +1,300 @@ +/** + * \file md.c + * + * \brief Generic message digest wrapper for PolarSSL + * + * \author Adriaan de Jong + * + * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * + * This file is part of mbed TLS (https://polarssl.org) + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include "polarssl/config.h" + +#if defined(POLARSSL_MD_C) + +#include "polarssl/md.h" +#include "polarssl/md_wrap.h" + +#include + +#if defined _MSC_VER && !defined strcasecmp +#define strcasecmp _stricmp +#endif + +/* Implementation that should never be optimized out by the compiler */ +static void polarssl_zeroize( void *v, size_t n ) { + volatile unsigned char *p = v; while( n-- ) *p++ = 0; +} + +static const int supported_digests[] = { + +#if defined(POLARSSL_MD2_C) + POLARSSL_MD_MD2, +#endif + +#if defined(POLARSSL_MD4_C) + POLARSSL_MD_MD4, +#endif + +#if defined(POLARSSL_MD5_C) + POLARSSL_MD_MD5, +#endif + +#if defined(POLARSSL_SHA1_C) + POLARSSL_MD_SHA1, +#endif + +#if defined(POLARSSL_SHA2_C) + POLARSSL_MD_SHA224, + POLARSSL_MD_SHA256, +#endif + +#if defined(POLARSSL_SHA4_C) + POLARSSL_MD_SHA384, + POLARSSL_MD_SHA512, +#endif + + 0 +}; + +const int *md_list( void ) +{ + return supported_digests; +} + +const md_info_t *md_info_from_string( const char *md_name ) +{ + if( NULL == md_name ) + return NULL; + + /* Get the appropriate digest information */ +#if defined(POLARSSL_MD2_C) + if( !strcasecmp( "MD2", md_name ) ) + return md_info_from_type( POLARSSL_MD_MD2 ); +#endif +#if defined(POLARSSL_MD4_C) + if( !strcasecmp( "MD4", md_name ) ) + return md_info_from_type( POLARSSL_MD_MD4 ); +#endif +#if defined(POLARSSL_MD5_C) + if( !strcasecmp( "MD5", md_name ) ) + return md_info_from_type( POLARSSL_MD_MD5 ); +#endif +#if defined(POLARSSL_SHA1_C) + if( !strcasecmp( "SHA1", md_name ) || !strcasecmp( "SHA", md_name ) ) + return md_info_from_type( POLARSSL_MD_SHA1 ); +#endif +#if defined(POLARSSL_SHA2_C) + if( !strcasecmp( "SHA224", md_name ) ) + return md_info_from_type( POLARSSL_MD_SHA224 ); + if( !strcasecmp( "SHA256", md_name ) ) + return md_info_from_type( POLARSSL_MD_SHA256 ); +#endif +#if defined(POLARSSL_SHA4_C) + if( !strcasecmp( "SHA384", md_name ) ) + return md_info_from_type( POLARSSL_MD_SHA384 ); + if( !strcasecmp( "SHA512", md_name ) ) + return md_info_from_type( POLARSSL_MD_SHA512 ); +#endif + return NULL; +} + +const md_info_t *md_info_from_type( md_type_t md_type ) +{ + switch( md_type ) + { +#if defined(POLARSSL_MD2_C) + case POLARSSL_MD_MD2: + return &md2_info; +#endif +#if defined(POLARSSL_MD4_C) + case POLARSSL_MD_MD4: + return &md4_info; +#endif +#if defined(POLARSSL_MD5_C) + case POLARSSL_MD_MD5: + return &md5_info; +#endif +#if defined(POLARSSL_SHA1_C) + case POLARSSL_MD_SHA1: + return &sha1_info; +#endif +#if defined(POLARSSL_SHA2_C) + case POLARSSL_MD_SHA224: + return &sha224_info; + case POLARSSL_MD_SHA256: + return &sha256_info; +#endif +#if defined(POLARSSL_SHA4_C) + case POLARSSL_MD_SHA384: + return &sha384_info; + case POLARSSL_MD_SHA512: + return &sha512_info; +#endif + default: + return NULL; + } +} + +int md_init_ctx( md_context_t *ctx, const md_info_t *md_info ) +{ + if( md_info == NULL || ctx == NULL ) + return POLARSSL_ERR_MD_BAD_INPUT_DATA; + + memset( ctx, 0, sizeof( md_context_t ) ); + + if( ( ctx->md_ctx = md_info->ctx_alloc_func() ) == NULL ) + return POLARSSL_ERR_MD_ALLOC_FAILED; + + ctx->md_info = md_info; + + md_info->starts_func( ctx->md_ctx ); + + return 0; +} + +int md_free_ctx( md_context_t *ctx ) +{ + if( ctx == NULL || ctx->md_info == NULL ) + return POLARSSL_ERR_MD_BAD_INPUT_DATA; + + ctx->md_info->ctx_free_func( ctx->md_ctx ); + + polarssl_zeroize( ctx, sizeof( md_context_t ) ); + + return 0; +} + +int md_starts( md_context_t *ctx ) +{ + if( ctx == NULL || ctx->md_info == NULL ) + return POLARSSL_ERR_MD_BAD_INPUT_DATA; + + ctx->md_info->starts_func( ctx->md_ctx ); + + return 0; +} + +int md_update( md_context_t *ctx, const unsigned char *input, size_t ilen ) +{ + if( ctx == NULL || ctx->md_info == NULL ) + return POLARSSL_ERR_MD_BAD_INPUT_DATA; + + ctx->md_info->update_func( ctx->md_ctx, input, ilen ); + + return 0; +} + +int md_finish( md_context_t *ctx, unsigned char *output ) +{ + if( ctx == NULL || ctx->md_info == NULL ) + return POLARSSL_ERR_MD_BAD_INPUT_DATA; + + ctx->md_info->finish_func( ctx->md_ctx, output ); + + return 0; +} + +int md( const md_info_t *md_info, const unsigned char *input, size_t ilen, + unsigned char *output ) +{ + if ( md_info == NULL ) + return POLARSSL_ERR_MD_BAD_INPUT_DATA; + + md_info->digest_func( input, ilen, output ); + + return 0; +} + +int md_file( const md_info_t *md_info, const char *path, unsigned char *output ) +{ +#if defined(POLARSSL_FS_IO) + int ret; +#endif + + if( md_info == NULL ) + return POLARSSL_ERR_MD_BAD_INPUT_DATA; + +#if defined(POLARSSL_FS_IO) + ret = md_info->file_func( path, output ); + if( ret != 0 ) + return( POLARSSL_ERR_MD_FILE_IO_ERROR + ret ); + + return( ret ); +#else + ((void) path); + ((void) output); + + return POLARSSL_ERR_MD_FEATURE_UNAVAILABLE; +#endif +} + +int md_hmac_starts( md_context_t *ctx, const unsigned char *key, size_t keylen ) +{ + if( ctx == NULL || ctx->md_info == NULL ) + return POLARSSL_ERR_MD_BAD_INPUT_DATA; + + ctx->md_info->hmac_starts_func( ctx->md_ctx, key, keylen); + + return 0; +} + +int md_hmac_update( md_context_t *ctx, const unsigned char *input, size_t ilen ) +{ + if( ctx == NULL || ctx->md_info == NULL ) + return POLARSSL_ERR_MD_BAD_INPUT_DATA; + + ctx->md_info->hmac_update_func( ctx->md_ctx, input, ilen ); + + return 0; +} + +int md_hmac_finish( md_context_t *ctx, unsigned char *output) +{ + if( ctx == NULL || ctx->md_info == NULL ) + return POLARSSL_ERR_MD_BAD_INPUT_DATA; + + ctx->md_info->hmac_finish_func( ctx->md_ctx, output); + + return 0; +} + +int md_hmac_reset( md_context_t *ctx ) +{ + if( ctx == NULL || ctx->md_info == NULL ) + return POLARSSL_ERR_MD_BAD_INPUT_DATA; + + ctx->md_info->hmac_reset_func( ctx->md_ctx); + + return 0; +} + +int md_hmac( const md_info_t *md_info, const unsigned char *key, size_t keylen, + const unsigned char *input, size_t ilen, + unsigned char *output ) +{ + if( md_info == NULL ) + return POLARSSL_ERR_MD_BAD_INPUT_DATA; + + md_info->hmac_func( key, keylen, input, ilen, output ); + + return 0; +} + +#endif diff --git a/lib/libcrypto/source/libpolarssl/source/polar_md_wrap.c b/lib/libcrypto/source/libpolarssl/source/polar_md_wrap.c new file mode 100644 index 0000000..a612d02 --- /dev/null +++ b/lib/libcrypto/source/libpolarssl/source/polar_md_wrap.c @@ -0,0 +1,743 @@ +/** + * \file md_wrap.c + + * \brief Generic message digest wrapper for PolarSSL + * + * \author Adriaan de Jong + * + * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * + * This file is part of mbed TLS (https://polarssl.org) + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include "polarssl/config.h" + +#if defined(POLARSSL_MD_C) + +#include "polarssl/md_wrap.h" + +#if defined(POLARSSL_MD2_C) +#include "polarssl/md2.h" +#endif + +#if defined(POLARSSL_MD4_C) +#include "polarssl/md4.h" +#endif + +#if defined(POLARSSL_MD5_C) +#include "polarssl/md5.h" +#endif + +#if defined(POLARSSL_SHA1_C) +#include "polarssl/sha1.h" +#endif + +#if defined(POLARSSL_SHA2_C) +#include "polarssl/sha2.h" +#endif + +#if defined(POLARSSL_SHA4_C) +#include "polarssl/sha4.h" +#endif + +#include + +/* Implementation that should never be optimized out by the compiler */ +static void polarssl_zeroize( void *v, size_t n ) { + volatile unsigned char *p = v; while( n-- ) *p++ = 0; +} + +#if defined(POLARSSL_MD2_C) + +static void md2_starts_wrap( void *ctx ) +{ + md2_starts( (md2_context *) ctx ); +} + +static void md2_update_wrap( void *ctx, const unsigned char *input, size_t ilen ) +{ + md2_update( (md2_context *) ctx, input, ilen ); +} + +static void md2_finish_wrap( void *ctx, unsigned char *output ) +{ + md2_finish( (md2_context *) ctx, output ); +} + +static int md2_file_wrap( const char *path, unsigned char *output ) +{ +#if defined(POLARSSL_FS_IO) + return md2_file( path, output ); +#else + ((void) path); + ((void) output); + return POLARSSL_ERR_MD_FEATURE_UNAVAILABLE; +#endif +} + +static void md2_hmac_starts_wrap( void *ctx, const unsigned char *key, size_t keylen ) +{ + md2_hmac_starts( (md2_context *) ctx, key, keylen ); +} + +static void md2_hmac_update_wrap( void *ctx, const unsigned char *input, size_t ilen ) +{ + md2_hmac_update( (md2_context *) ctx, input, ilen ); +} + +static void md2_hmac_finish_wrap( void *ctx, unsigned char *output ) +{ + md2_hmac_finish( (md2_context *) ctx, output ); +} + +static void md2_hmac_reset_wrap( void *ctx ) +{ + md2_hmac_reset( (md2_context *) ctx ); +} + +static void * md2_ctx_alloc( void ) +{ + return malloc( sizeof( md2_context ) ); +} + +static void md2_ctx_free( void *ctx ) +{ + polarssl_zeroize( ctx, sizeof( md2_context ) ); + free( ctx ); +} + +const md_info_t md2_info = { + POLARSSL_MD_MD2, + "MD2", + 16, + md2_starts_wrap, + md2_update_wrap, + md2_finish_wrap, + md2, + md2_file_wrap, + md2_hmac_starts_wrap, + md2_hmac_update_wrap, + md2_hmac_finish_wrap, + md2_hmac_reset_wrap, + md2_hmac, + md2_ctx_alloc, + md2_ctx_free, +}; + +#endif + +#if defined(POLARSSL_MD4_C) + +static void md4_starts_wrap( void *ctx ) +{ + md4_starts( (md4_context *) ctx ); +} + +static void md4_update_wrap( void *ctx, const unsigned char *input, size_t ilen ) +{ + md4_update( (md4_context *) ctx, input, ilen ); +} + +static void md4_finish_wrap( void *ctx, unsigned char *output ) +{ + md4_finish( (md4_context *) ctx, output ); +} + +static int md4_file_wrap( const char *path, unsigned char *output ) +{ +#if defined(POLARSSL_FS_IO) + return md4_file( path, output ); +#else + ((void) path); + ((void) output); + return POLARSSL_ERR_MD_FEATURE_UNAVAILABLE; +#endif +} + +static void md4_hmac_starts_wrap( void *ctx, const unsigned char *key, size_t keylen ) +{ + md4_hmac_starts( (md4_context *) ctx, key, keylen ); +} + +static void md4_hmac_update_wrap( void *ctx, const unsigned char *input, size_t ilen ) +{ + md4_hmac_update( (md4_context *) ctx, input, ilen ); +} + +static void md4_hmac_finish_wrap( void *ctx, unsigned char *output ) +{ + md4_hmac_finish( (md4_context *) ctx, output ); +} + +static void md4_hmac_reset_wrap( void *ctx ) +{ + md4_hmac_reset( (md4_context *) ctx ); +} + +static void *md4_ctx_alloc( void ) +{ + return malloc( sizeof( md4_context ) ); +} + +static void md4_ctx_free( void *ctx ) +{ + polarssl_zeroize( ctx, sizeof( md4_context ) ); + free( ctx ); +} + +const md_info_t md4_info = { + POLARSSL_MD_MD4, + "MD4", + 16, + md4_starts_wrap, + md4_update_wrap, + md4_finish_wrap, + md4, + md4_file_wrap, + md4_hmac_starts_wrap, + md4_hmac_update_wrap, + md4_hmac_finish_wrap, + md4_hmac_reset_wrap, + md4_hmac, + md4_ctx_alloc, + md4_ctx_free, +}; + +#endif + +#if defined(POLARSSL_MD5_C) + +static void md5_starts_wrap( void *ctx ) +{ + md5_starts( (md5_context *) ctx ); +} + +static void md5_update_wrap( void *ctx, const unsigned char *input, size_t ilen ) +{ + md5_update( (md5_context *) ctx, input, ilen ); +} + +static void md5_finish_wrap( void *ctx, unsigned char *output ) +{ + md5_finish( (md5_context *) ctx, output ); +} + +static int md5_file_wrap( const char *path, unsigned char *output ) +{ +#if defined(POLARSSL_FS_IO) + return md5_file( path, output ); +#else + ((void) path); + ((void) output); + return POLARSSL_ERR_MD_FEATURE_UNAVAILABLE; +#endif +} + +static void md5_hmac_starts_wrap( void *ctx, const unsigned char *key, size_t keylen ) +{ + md5_hmac_starts( (md5_context *) ctx, key, keylen ); +} + +static void md5_hmac_update_wrap( void *ctx, const unsigned char *input, size_t ilen ) +{ + md5_hmac_update( (md5_context *) ctx, input, ilen ); +} + +static void md5_hmac_finish_wrap( void *ctx, unsigned char *output ) +{ + md5_hmac_finish( (md5_context *) ctx, output ); +} + +static void md5_hmac_reset_wrap( void *ctx ) +{ + md5_hmac_reset( (md5_context *) ctx ); +} + +static void * md5_ctx_alloc( void ) +{ + return malloc( sizeof( md5_context ) ); +} + +static void md5_ctx_free( void *ctx ) +{ + polarssl_zeroize( ctx, sizeof( md5_context ) ); + free( ctx ); +} + +const md_info_t md5_info = { + POLARSSL_MD_MD5, + "MD5", + 16, + md5_starts_wrap, + md5_update_wrap, + md5_finish_wrap, + md5, + md5_file_wrap, + md5_hmac_starts_wrap, + md5_hmac_update_wrap, + md5_hmac_finish_wrap, + md5_hmac_reset_wrap, + md5_hmac, + md5_ctx_alloc, + md5_ctx_free, +}; + +#endif + +#if defined(POLARSSL_SHA1_C) + +static void sha1_starts_wrap( void *ctx ) +{ + sha1_starts( (sha1_context *) ctx ); +} + +static void sha1_update_wrap( void *ctx, const unsigned char *input, size_t ilen ) +{ + sha1_update( (sha1_context *) ctx, input, ilen ); +} + +static void sha1_finish_wrap( void *ctx, unsigned char *output ) +{ + sha1_finish( (sha1_context *) ctx, output ); +} + +static int sha1_file_wrap( const char *path, unsigned char *output ) +{ +#if defined(POLARSSL_FS_IO) + return sha1_file( path, output ); +#else + ((void) path); + ((void) output); + return POLARSSL_ERR_MD_FEATURE_UNAVAILABLE; +#endif +} + +static void sha1_hmac_starts_wrap( void *ctx, const unsigned char *key, size_t keylen ) +{ + sha1_hmac_starts( (sha1_context *) ctx, key, keylen ); +} + +static void sha1_hmac_update_wrap( void *ctx, const unsigned char *input, size_t ilen ) +{ + sha1_hmac_update( (sha1_context *) ctx, input, ilen ); +} + +static void sha1_hmac_finish_wrap( void *ctx, unsigned char *output ) +{ + sha1_hmac_finish( (sha1_context *) ctx, output ); +} + +static void sha1_hmac_reset_wrap( void *ctx ) +{ + sha1_hmac_reset( (sha1_context *) ctx ); +} + +static void * sha1_ctx_alloc( void ) +{ + return malloc( sizeof( sha1_context ) ); +} + +static void sha1_ctx_free( void *ctx ) +{ + polarssl_zeroize( ctx, sizeof( sha1_context ) ); + free( ctx ); +} + +const md_info_t sha1_info = { + POLARSSL_MD_SHA1, + "SHA1", + 20, + sha1_starts_wrap, + sha1_update_wrap, + sha1_finish_wrap, + sha1, + sha1_file_wrap, + sha1_hmac_starts_wrap, + sha1_hmac_update_wrap, + sha1_hmac_finish_wrap, + sha1_hmac_reset_wrap, + sha1_hmac, + sha1_ctx_alloc, + sha1_ctx_free, +}; + +#endif + +/* + * Wrappers for generic message digests + */ +#if defined(POLARSSL_SHA2_C) + +static void sha224_starts_wrap( void *ctx ) +{ + sha2_starts( (sha2_context *) ctx, 1 ); +} + +static void sha224_update_wrap( void *ctx, const unsigned char *input, size_t ilen ) +{ + sha2_update( (sha2_context *) ctx, input, ilen ); +} + +static void sha224_finish_wrap( void *ctx, unsigned char *output ) +{ + sha2_finish( (sha2_context *) ctx, output ); +} + +static void sha224_wrap( const unsigned char *input, size_t ilen, + unsigned char *output ) +{ + sha2( input, ilen, output, 1 ); +} + +static int sha224_file_wrap( const char *path, unsigned char *output ) +{ +#if defined(POLARSSL_FS_IO) + return sha2_file( path, output, 1 ); +#else + ((void) path); + ((void) output); + return POLARSSL_ERR_MD_FEATURE_UNAVAILABLE; +#endif +} + +static void sha224_hmac_starts_wrap( void *ctx, const unsigned char *key, size_t keylen ) +{ + sha2_hmac_starts( (sha2_context *) ctx, key, keylen, 1 ); +} + +static void sha224_hmac_update_wrap( void *ctx, const unsigned char *input, size_t ilen ) +{ + sha2_hmac_update( (sha2_context *) ctx, input, ilen ); +} + +static void sha224_hmac_finish_wrap( void *ctx, unsigned char *output ) +{ + sha2_hmac_finish( (sha2_context *) ctx, output ); +} + +static void sha224_hmac_reset_wrap( void *ctx ) +{ + sha2_hmac_reset( (sha2_context *) ctx ); +} + +static void sha224_hmac_wrap( const unsigned char *key, size_t keylen, + const unsigned char *input, size_t ilen, + unsigned char *output ) +{ + sha2_hmac( key, keylen, input, ilen, output, 1 ); +} + +static void * sha224_ctx_alloc( void ) +{ + return malloc( sizeof( sha2_context ) ); +} + +static void sha224_ctx_free( void *ctx ) +{ + polarssl_zeroize( ctx, sizeof( sha2_context ) ); + free( ctx ); +} + +const md_info_t sha224_info = { + POLARSSL_MD_SHA224, + "SHA224", + 28, + sha224_starts_wrap, + sha224_update_wrap, + sha224_finish_wrap, + sha224_wrap, + sha224_file_wrap, + sha224_hmac_starts_wrap, + sha224_hmac_update_wrap, + sha224_hmac_finish_wrap, + sha224_hmac_reset_wrap, + sha224_hmac_wrap, + sha224_ctx_alloc, + sha224_ctx_free, +}; + +static void sha256_starts_wrap( void *ctx ) +{ + sha2_starts( (sha2_context *) ctx, 0 ); +} + +static void sha256_update_wrap( void *ctx, const unsigned char *input, size_t ilen ) +{ + sha2_update( (sha2_context *) ctx, input, ilen ); +} + +static void sha256_finish_wrap( void *ctx, unsigned char *output ) +{ + sha2_finish( (sha2_context *) ctx, output ); +} + +static void sha256_wrap( const unsigned char *input, size_t ilen, + unsigned char *output ) +{ + sha2( input, ilen, output, 0 ); +} + +static int sha256_file_wrap( const char *path, unsigned char *output ) +{ +#if defined(POLARSSL_FS_IO) + return sha2_file( path, output, 0 ); +#else + ((void) path); + ((void) output); + return POLARSSL_ERR_MD_FEATURE_UNAVAILABLE; +#endif +} + +static void sha256_hmac_starts_wrap( void *ctx, const unsigned char *key, size_t keylen ) +{ + sha2_hmac_starts( (sha2_context *) ctx, key, keylen, 0 ); +} + +static void sha256_hmac_update_wrap( void *ctx, const unsigned char *input, size_t ilen ) +{ + sha2_hmac_update( (sha2_context *) ctx, input, ilen ); +} + +static void sha256_hmac_finish_wrap( void *ctx, unsigned char *output ) +{ + sha2_hmac_finish( (sha2_context *) ctx, output ); +} + +static void sha256_hmac_reset_wrap( void *ctx ) +{ + sha2_hmac_reset( (sha2_context *) ctx ); +} + +static void sha256_hmac_wrap( const unsigned char *key, size_t keylen, + const unsigned char *input, size_t ilen, + unsigned char *output ) +{ + sha2_hmac( key, keylen, input, ilen, output, 0 ); +} + +static void * sha256_ctx_alloc( void ) +{ + return malloc( sizeof( sha2_context ) ); +} + +static void sha256_ctx_free( void *ctx ) +{ + polarssl_zeroize( ctx, sizeof( sha2_context ) ); + free( ctx ); +} + +const md_info_t sha256_info = { + POLARSSL_MD_SHA256, + "SHA256", + 32, + sha256_starts_wrap, + sha256_update_wrap, + sha256_finish_wrap, + sha256_wrap, + sha256_file_wrap, + sha256_hmac_starts_wrap, + sha256_hmac_update_wrap, + sha256_hmac_finish_wrap, + sha256_hmac_reset_wrap, + sha256_hmac_wrap, + sha256_ctx_alloc, + sha256_ctx_free, +}; + +#endif + +#if defined(POLARSSL_SHA4_C) + +static void sha384_starts_wrap( void *ctx ) +{ + sha4_starts( (sha4_context *) ctx, 1 ); +} + +static void sha384_update_wrap( void *ctx, const unsigned char *input, size_t ilen ) +{ + sha4_update( (sha4_context *) ctx, input, ilen ); +} + +static void sha384_finish_wrap( void *ctx, unsigned char *output ) +{ + sha4_finish( (sha4_context *) ctx, output ); +} + +static void sha384_wrap( const unsigned char *input, size_t ilen, + unsigned char *output ) +{ + sha4( input, ilen, output, 1 ); +} + +static int sha384_file_wrap( const char *path, unsigned char *output ) +{ +#if defined(POLARSSL_FS_IO) + return sha4_file( path, output, 1 ); +#else + ((void) path); + ((void) output); + return POLARSSL_ERR_MD_FEATURE_UNAVAILABLE; +#endif +} + +static void sha384_hmac_starts_wrap( void *ctx, const unsigned char *key, size_t keylen ) +{ + sha4_hmac_starts( (sha4_context *) ctx, key, keylen, 1 ); +} + +static void sha384_hmac_update_wrap( void *ctx, const unsigned char *input, size_t ilen ) +{ + sha4_hmac_update( (sha4_context *) ctx, input, ilen ); +} + +static void sha384_hmac_finish_wrap( void *ctx, unsigned char *output ) +{ + sha4_hmac_finish( (sha4_context *) ctx, output ); +} + +static void sha384_hmac_reset_wrap( void *ctx ) +{ + sha4_hmac_reset( (sha4_context *) ctx ); +} + +static void sha384_hmac_wrap( const unsigned char *key, size_t keylen, + const unsigned char *input, size_t ilen, + unsigned char *output ) +{ + sha4_hmac( key, keylen, input, ilen, output, 1 ); +} + +static void * sha384_ctx_alloc( void ) +{ + return malloc( sizeof( sha4_context ) ); +} + +static void sha384_ctx_free( void *ctx ) +{ + polarssl_zeroize( ctx, sizeof( sha4_context ) ); + free( ctx ); +} + +const md_info_t sha384_info = { + POLARSSL_MD_SHA384, + "SHA384", + 48, + sha384_starts_wrap, + sha384_update_wrap, + sha384_finish_wrap, + sha384_wrap, + sha384_file_wrap, + sha384_hmac_starts_wrap, + sha384_hmac_update_wrap, + sha384_hmac_finish_wrap, + sha384_hmac_reset_wrap, + sha384_hmac_wrap, + sha384_ctx_alloc, + sha384_ctx_free, +}; + +static void sha512_starts_wrap( void *ctx ) +{ + sha4_starts( (sha4_context *) ctx, 0 ); +} + +static void sha512_update_wrap( void *ctx, const unsigned char *input, size_t ilen ) +{ + sha4_update( (sha4_context *) ctx, input, ilen ); +} + +static void sha512_finish_wrap( void *ctx, unsigned char *output ) +{ + sha4_finish( (sha4_context *) ctx, output ); +} + +static void sha512_wrap( const unsigned char *input, size_t ilen, + unsigned char *output ) +{ + sha4( input, ilen, output, 0 ); +} + +static int sha512_file_wrap( const char *path, unsigned char *output ) +{ +#if defined(POLARSSL_FS_IO) + return sha4_file( path, output, 0 ); +#else + ((void) path); + ((void) output); + return POLARSSL_ERR_MD_FEATURE_UNAVAILABLE; +#endif +} + +static void sha512_hmac_starts_wrap( void *ctx, const unsigned char *key, size_t keylen ) +{ + sha4_hmac_starts( (sha4_context *) ctx, key, keylen, 0 ); +} + +static void sha512_hmac_update_wrap( void *ctx, const unsigned char *input, size_t ilen ) +{ + sha4_hmac_update( (sha4_context *) ctx, input, ilen ); +} + +static void sha512_hmac_finish_wrap( void *ctx, unsigned char *output ) +{ + sha4_hmac_finish( (sha4_context *) ctx, output ); +} + +static void sha512_hmac_reset_wrap( void *ctx ) +{ + sha4_hmac_reset( (sha4_context *) ctx ); +} + +static void sha512_hmac_wrap( const unsigned char *key, size_t keylen, + const unsigned char *input, size_t ilen, + unsigned char *output ) +{ + sha4_hmac( key, keylen, input, ilen, output, 0 ); +} + +static void * sha512_ctx_alloc( void ) +{ + return malloc( sizeof( sha4_context ) ); +} + +static void sha512_ctx_free( void *ctx ) +{ + polarssl_zeroize( ctx, sizeof( sha4_context ) ); + free( ctx ); +} + +const md_info_t sha512_info = { + POLARSSL_MD_SHA512, + "SHA512", + 64, + sha512_starts_wrap, + sha512_update_wrap, + sha512_finish_wrap, + sha512_wrap, + sha512_file_wrap, + sha512_hmac_starts_wrap, + sha512_hmac_update_wrap, + sha512_hmac_finish_wrap, + sha512_hmac_reset_wrap, + sha512_hmac_wrap, + sha512_ctx_alloc, + sha512_ctx_free, +}; + +#endif + +#endif diff --git a/lib/libcrypto/source/rsa.cpp b/lib/libcrypto/source/rsa.cpp index f302990..dc2fefc 100644 --- a/lib/libcrypto/source/rsa.cpp +++ b/lib/libcrypto/source/rsa.cpp @@ -1,5 +1,6 @@ #include #include +#include using namespace crypto::rsa; using namespace crypto::sha; @@ -21,6 +22,23 @@ int getWrappedHashType(HashType type) return 0; } +int getMdWrappedHashType(HashType type) +{ + switch (type) + { + case HASH_SHA1: + return POLARSSL_MD_SHA1; + break; + case HASH_SHA256: + return POLARSSL_MD_SHA256; + break; + default: + return POLARSSL_MD_NONE; + break; + } + return 0; +} + uint32_t getWrappedHashSize(HashType type) { uint32_t size = 0; @@ -144,5 +162,24 @@ int crypto::rsa::pkcs::rsaVerify(const sRsa4096Key & key, HashType hash_type, co rsa_free(&ctx); + return ret; +} + +int crypto::rsa::pss::rsaVerify(const sRsa2048Key & key, HashType hash_type, const uint8_t * hash, const uint8_t signature[kRsa2048Size]) +{ + static const uint8_t public_exponent[3] = { 0x01, 0x00, 0x01 }; + + int ret; + rsa_context ctx; + rsa_init(&ctx, RSA_PKCS_V21, getMdWrappedHashType(hash_type)); + + ctx.len = kRsa2048Size; + mpi_read_binary(&ctx.E, public_exponent, sizeof(public_exponent)); + mpi_read_binary(&ctx.N, key.modulus, ctx.len); + + ret = rsa_rsassa_pss_verify(&ctx, RSA_PUBLIC, getWrappedHashType(hash_type), getWrappedHashSize(hash_type), hash, signature); + + rsa_free(&ctx); + return ret; } \ No newline at end of file