result_t PKey::copy(const mbedtls_pk_context &key)
{
mbedtls_pk_type_t type = mbedtls_pk_get_type(&key);
int32_t ret;
if (type == MBEDTLS_PK_RSA)
{
mbedtls_rsa_context *rsa = mbedtls_pk_rsa(key);
ret = mbedtls_pk_setup(&m_key, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA));
if (ret != 0)
return CHECK_ERROR(_ssl::setError(ret));
mbedtls_rsa_context *rsa1 = mbedtls_pk_rsa(m_key);
ret = mbedtls_rsa_copy(rsa1, rsa);
if (ret != 0)
return CHECK_ERROR(_ssl::setError(ret));
return 0;
}
if (type == MBEDTLS_PK_ECKEY)
{
mbedtls_ecp_keypair *ecp = mbedtls_pk_ec(key);
ret = mbedtls_pk_setup(&m_key, mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY));
if (ret != 0)
return CHECK_ERROR(_ssl::setError(ret));
mbedtls_ecp_keypair *ecp1 = mbedtls_pk_ec(m_key);
ret = mbedtls_ecp_group_copy(&ecp1->grp, &ecp->grp);
if (ret != 0)
return CHECK_ERROR(_ssl::setError(ret));
ret = mbedtls_mpi_copy(&ecp1->d, &ecp->d);
if (ret != 0)
return CHECK_ERROR(_ssl::setError(ret));
ret = mbedtls_ecp_copy(&ecp1->Q, &ecp->Q);
if (ret != 0)
return CHECK_ERROR(_ssl::setError(ret));
return 0;
}
return CHECK_ERROR(CALL_E_INVALID_CALL);
}
result_t PKey::genEcKey(const char *curve, AsyncEvent *ac)
{
if (!ac)
return CHECK_ERROR(CALL_E_NOSYNC);
const mbedtls_ecp_curve_info *curve_info;
curve_info = mbedtls_ecp_curve_info_from_name(curve);
if (curve_info == NULL)
return CHECK_ERROR(Runtime::setError("PKey: Unknown curve"));
int32_t ret;
clear();
ret = mbedtls_pk_setup(&m_key, mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY));
if (ret != 0)
return CHECK_ERROR(_ssl::setError(ret));
ret = mbedtls_ecp_gen_key(curve_info->grp_id, mbedtls_pk_ec(m_key),
mbedtls_ctr_drbg_random, &g_ssl.ctr_drbg);
if (ret != 0)
return CHECK_ERROR(_ssl::setError(ret));
return 0;
}
/*
* SubjectPublicKeyInfo ::= SEQUENCE {
* algorithm AlgorithmIdentifier,
* subjectPublicKey BIT STRING }
*/
int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end,
mbedtls_pk_context *pk )
{
int ret;
size_t len;
mbedtls_asn1_buf alg_params;
mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE;
const mbedtls_pk_info_t *pk_info;
if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
{
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
}
end = *p + len;
if( ( ret = pk_get_pk_alg( p, end, &pk_alg, &alg_params ) ) != 0 )
return( ret );
if( ( ret = mbedtls_asn1_get_bitstring_null( p, end, &len ) ) != 0 )
return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret );
if( *p + len != end )
return( MBEDTLS_ERR_PK_INVALID_PUBKEY +
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
if( ( pk_info = mbedtls_pk_info_from_type( pk_alg ) ) == NULL )
return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 )
return( ret );
#if defined(MBEDTLS_RSA_C)
if( pk_alg == MBEDTLS_PK_RSA )
{
ret = pk_get_rsapubkey( p, end, mbedtls_pk_rsa( *pk ) );
} else
#endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_ECP_C)
if( pk_alg == MBEDTLS_PK_ECKEY_DH || pk_alg == MBEDTLS_PK_ECKEY )
{
ret = pk_use_ecparams( &alg_params, &mbedtls_pk_ec( *pk )->grp );
if( ret == 0 )
ret = pk_get_ecpubkey( p, end, mbedtls_pk_ec( *pk ) );
} else
#endif /* MBEDTLS_ECP_C */
ret = MBEDTLS_ERR_PK_UNKNOWN_PK_ALG;
if( ret == 0 && *p != end )
ret = MBEDTLS_ERR_PK_INVALID_PUBKEY
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH;
if( ret != 0 )
mbedtls_pk_free( pk );
return( ret );
}
int pki_privkey_build_rsa(ssh_key key,
ssh_string n,
ssh_string e,
ssh_string d,
ssh_string iqmp,
ssh_string p,
ssh_string q)
{
mbedtls_rsa_context *rsa = NULL;
const mbedtls_pk_info_t *pk_info = NULL;
int rc;
key->rsa = malloc(sizeof(mbedtls_pk_context));
if (key->rsa == NULL) {
return SSH_ERROR;
}
mbedtls_pk_init(key->rsa);
pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_RSA);
mbedtls_pk_setup(key->rsa, pk_info);
rc = mbedtls_pk_can_do(key->rsa, MBEDTLS_PK_RSA);
if (rc == 0) {
goto fail;
}
rsa = mbedtls_pk_rsa(*key->rsa);
rc = mbedtls_rsa_import_raw(rsa,
ssh_string_data(n), ssh_string_len(n),
ssh_string_data(p), ssh_string_len(p),
ssh_string_data(q), ssh_string_len(q),
ssh_string_data(d), ssh_string_len(d),
ssh_string_data(e), ssh_string_len(e));
if (rc != 0) {
SSH_LOG(SSH_LOG_WARN, "Failed to import private RSA key");
goto fail;
}
rc = mbedtls_rsa_complete(rsa);
if (rc != 0) {
SSH_LOG(SSH_LOG_WARN, "Failed to complete private RSA key");
goto fail;
}
rc = mbedtls_rsa_check_privkey(rsa);
if (rc != 0) {
SSH_LOG(SSH_LOG_WARN, "Inconsistent private RSA key");
goto fail;
}
return SSH_OK;
fail:
mbedtls_pk_free(key->rsa);
SAFE_FREE(key->rsa);
return SSH_ERROR;
}
int extract_public_ec_key_length(uint8_t* buffer, size_t max_length, const uint8_t* private_key, size_t private_key_len)
{
mbedtls_pk_context key;
mbedtls_pk_init(&key);
int error = mbedtls_pk_setup(&key, mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY));
if (!error)
error = mbedtls_pk_parse_key(&key, private_key, private_key_len, nullptr, 0);
if (!error)
error = mbedtls_pk_write_pubkey_der(&key, buffer, max_length);
mbedtls_pk_free(&key);
return error;
}
/**
* Given the indirected identifier for the cipher algorithm return its label.
*
* @param Cipher The cipher algorithm in question.
* @return The label for the cipher.
*/
const char* get_cipher_label(Cipher c) {
if (_is_cipher_symmetric(c)) {
const mbedtls_cipher_info_t* info = mbedtls_cipher_info_from_type((mbedtls_cipher_type_t)c);
if (info) {
return info->name;
}
}
else {
const mbedtls_pk_info_t* info = mbedtls_pk_info_from_type((mbedtls_pk_type_t)c);
if (info) {
return info->name;
}
}
return "<UNKNOWN>";
}
/**
* Given the identifier for the cipher algorithm return the key size.
*
* @param Cipher The cipher algorithm in question.
* @return The size of the buffer (in bytes) required to hold the cipher key.
*/
int get_cipher_key_length(Cipher c) {
if (_is_cipher_symmetric(c)) {
const mbedtls_cipher_info_t* info = mbedtls_cipher_info_from_type((mbedtls_cipher_type_t)c);
if (info) {
return info->key_bitlen;
}
}
else {
const mbedtls_pk_info_t* info = mbedtls_pk_info_from_type((mbedtls_pk_type_t)c);
if (info) {
//return info->key_bitlen;
}
//mbedtls_pk_get_bitlen
}
return 0;
}
int gen_ec_key(uint8_t* buffer, size_t max_length, int (*f_rng) (void *, uint8_t* buf, size_t len), void *p_rng)
{
mbedtls_pk_context key;
memset(&key, 0, sizeof(key));
int error = mbedtls_pk_setup(&key, mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY));
if (!error)
error = mbedtls_ecp_gen_key(MBEDTLS_ECP_DP_SECP256R1, mbedtls_pk_ec(key), f_rng, p_rng );
if (!error) {
int result = mbedtls_pk_write_key_der(&key, buffer, max_length);
if (result<0)
error = result;
else if (result>0)
{
// the key is written to the end of the buffer - align to the start
memmove(buffer, buffer+max_length-result, result);
}
}
mbedtls_pk_free(&key);
return error;
}
int mbedtls_ecies_write_originator(unsigned char **p, unsigned char *start,
mbedtls_ecp_keypair *originator_keypair)
{
int result = 0;
size_t len = 0;
mbedtls_pk_context pk;
if (originator_keypair == NULL)
{
return MBEDTLS_ERR_ECIES_BAD_INPUT_DATA;
}
pk.pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY);
pk.pk_ctx = originator_keypair;
ACCUMULATE_AND_CHECK(result, len,
mbedtls_pk_write_pubkey_der(&pk, start , *p - start)
);
*p -= len;
return (int)len;
}
int pki_pubkey_build_rsa(ssh_key key, ssh_string e, ssh_string n)
{
mbedtls_rsa_context *rsa = NULL;
const mbedtls_pk_info_t *pk_info = NULL;
int rc;
key->rsa = malloc(sizeof(mbedtls_pk_context));
if (key->rsa == NULL) {
return SSH_ERROR;
}
mbedtls_pk_init(key->rsa);
pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_RSA);
mbedtls_pk_setup(key->rsa, pk_info);
rc = mbedtls_pk_can_do(key->rsa, MBEDTLS_PK_RSA);
if (rc == 0) {
goto fail;
}
rsa = mbedtls_pk_rsa(*key->rsa);
rc = mbedtls_mpi_read_binary(&rsa->N, ssh_string_data(n),
ssh_string_len(n));
if (rc != 0) {
goto fail;
}
rc = mbedtls_mpi_read_binary(&rsa->E, ssh_string_data(e),
ssh_string_len(e));
if (rc != 0) {
goto fail;
}
rsa->len = (mbedtls_mpi_bitlen(&rsa->N) + 7) >> 3;
return SSH_OK;
fail:
mbedtls_pk_free(key->rsa);
SAFE_FREE(key->rsa);
return SSH_ERROR;
}
result_t PKey::genRsaKey(int32_t size, AsyncEvent *ac)
{
if (size < 128 || size > 8192)
return CHECK_ERROR(Runtime::setError("PKey: Invalid key size"));
if (!ac)
return CHECK_ERROR(CALL_E_NOSYNC);
int32_t ret;
clear();
ret = mbedtls_pk_setup(&m_key, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA));
if (ret != 0)
return CHECK_ERROR(_ssl::setError(ret));
ret = mbedtls_rsa_gen_key(mbedtls_pk_rsa(m_key), mbedtls_ctr_drbg_random,
&g_ssl.ctr_drbg, size, 65537);
if (ret != 0)
return CHECK_ERROR(_ssl::setError(ret));
return 0;
}
TEE_Result crypto_acipher_ecc_sign(uint32_t algo, struct ecc_keypair *key,
const uint8_t *msg, size_t msg_len,
uint8_t *sig, size_t *sig_len)
{
TEE_Result res = TEE_SUCCESS;
int lmd_res = 0;
const mbedtls_pk_info_t *pk_info = NULL;
mbedtls_ecdsa_context ecdsa;
size_t key_size_bytes = 0;
size_t key_size_bits = 0;
mbedtls_mpi r;
mbedtls_mpi s;
memset(&ecdsa, 0, sizeof(ecdsa));
memset(&r, 0, sizeof(r));
memset(&s, 0, sizeof(s));
if (algo == 0)
return TEE_ERROR_BAD_PARAMETERS;
mbedtls_mpi_init(&r);
mbedtls_mpi_init(&s);
mbedtls_ecdsa_init(&ecdsa);
lmd_res = mbedtls_ecp_group_load(&ecdsa.grp, key->curve);
if (lmd_res != 0) {
res = TEE_ERROR_NOT_SUPPORTED;
goto out;
}
ecdsa.d = *(mbedtls_mpi *)key->d;
res = ecc_get_keysize(key->curve, algo, &key_size_bytes,
&key_size_bits);
if (res != TEE_SUCCESS)
goto out;
pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_ECDSA);
if (pk_info == NULL) {
res = TEE_ERROR_NOT_SUPPORTED;
goto out;
}
lmd_res = mbedtls_ecdsa_sign(&ecdsa.grp, &r, &s, &ecdsa.d, msg,
msg_len, mbd_rand, NULL);
if (lmd_res == 0) {
*sig_len = 2 * key_size_bytes;
memset(sig, 0, *sig_len);
mbedtls_mpi_write_binary(&r, sig + *sig_len / 2 -
mbedtls_mpi_size(&r),
mbedtls_mpi_size(&r));
mbedtls_mpi_write_binary(&s, sig + *sig_len -
mbedtls_mpi_size(&s),
mbedtls_mpi_size(&s));
res = TEE_SUCCESS;
} else {
FMSG("mbedtls_ecdsa_sign failed, returned 0x%x\n", -lmd_res);
res = TEE_ERROR_GENERIC;
}
out:
mbedtls_mpi_free(&r);
mbedtls_mpi_free(&s);
/* Reset mpi to skip freeing here, those mpis will be freed with key */
mbedtls_mpi_init(&ecdsa.d);
mbedtls_ecdsa_free(&ecdsa);
return res;
}
/*******************************************************************************
* Asymmetric ciphers *
*******************************************************************************/
int __attribute__((weak)) wrapped_asym_keygen(Cipher c, CryptoKey key_type, uint8_t* pub, size_t* pub_len, uint8_t* priv, size_t* priv_len) {
if (keygen_deferred_handling(key_type)) {
// If overriden by user implementation.
return _keygen_overrides[key_type](c, key_type, pub, pub_len, priv, priv_len);
}
int ret = -1;
mbedtls_pk_context key;
mbedtls_pk_init(&key);
uint32_t pers = randomInt();
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_ctr_drbg_init(&ctr_drbg);
ret = mbedtls_ctr_drbg_seed(
&ctr_drbg, mbedtls_entropy_func, &entropy,
(const uint8_t*) &pers, 4
);
if (0 == ret) {
switch (c) {
#if defined(WRAPPED_ASYM_RSA)
case Cipher::ASYM_RSA:
{
ret = mbedtls_pk_setup(&key, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA));
if (0 == ret) {
mbedtls_rsa_context* rsa = mbedtls_pk_rsa(key);
ret = mbedtls_rsa_gen_key(rsa,
mbedtls_ctr_drbg_random, &ctr_drbg,
(int) key_type, 65537
);
if (0 == ret) {
ret--;
memset(pub, 0, *pub_len);
memset(priv, 0, *priv_len);
int written = mbedtls_pk_write_pubkey_der(&key, pub, *pub_len);
if (0 < written) {
*pub_len = written;
written = mbedtls_pk_write_key_der(&key, priv, *priv_len);
if (0 < written) {
*priv_len = written;
ret = 0;
}
}
}
}
}
break;
#endif
#if defined(MBEDTLS_ECDSA_C)
case Cipher::ASYM_ECDSA:
{
ret = mbedtls_pk_setup(&key, mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY));
if (0 == ret) {
mbedtls_ecp_keypair* ec_kp = mbedtls_pk_ec(key);
ret = mbedtls_ecdsa_genkey(ec_kp,
(mbedtls_ecp_group_id) key_type,
mbedtls_ctr_drbg_random, &ctr_drbg
);
if (0 == ret) {
ret--;
memset(pub, 0, *pub_len);
memset(priv, 0, *priv_len);
int written = mbedtls_pk_write_pubkey_der(&key, pub, *pub_len);
if (0 < written) {
*pub_len = written;
written = mbedtls_pk_write_key_der(&key, priv, *priv_len);
if (0 < written) {
*priv_len = written;
ret = 0;
}
}
}
}
}
break;
#endif
#if defined(MBEDTLS_ECP_C)
case Cipher::ASYM_ECKEY:
{
ret = mbedtls_pk_setup(&key, mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY));
if (0 == ret) {
mbedtls_ecp_keypair* ec_kp = mbedtls_pk_ec(key);
ret = mbedtls_ecp_gen_key(
(mbedtls_ecp_group_id) key_type,
ec_kp,
mbedtls_ctr_drbg_random, &ctr_drbg
);
if (0 == ret) {
ret--;
memset(pub, 0, *pub_len);
memset(priv, 0, *priv_len);
int written = mbedtls_pk_write_pubkey_der(&key, pub, *pub_len);
if (0 < written) {
*pub_len = written;
written = mbedtls_pk_write_key_der(&key, priv, *priv_len);
if (0 < written) {
*priv_len = written;
ret = 0;
}
}
}
}
}
break;
#endif
default:
break;
}
}
mbedtls_pk_free(&key);
mbedtls_ctr_drbg_free(&ctr_drbg);
return ret;
}
result_t PKey::get_publicKey(obj_ptr<PKey_base> &retVal)
{
result_t hr;
bool priv;
hr = isPrivate(priv);
if (hr < 0)
return hr;
if (!priv)
return CALL_RETURN_NULL;
mbedtls_pk_type_t type = mbedtls_pk_get_type(&m_key);
int32_t ret;
if (type == MBEDTLS_PK_RSA)
{
mbedtls_rsa_context *rsa = mbedtls_pk_rsa(m_key);
obj_ptr<PKey> pk1 = new PKey();
ret = mbedtls_pk_setup(&pk1->m_key, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA));
if (ret != 0)
return CHECK_ERROR(_ssl::setError(ret));
mbedtls_rsa_context *rsa1 = mbedtls_pk_rsa(pk1->m_key);
rsa1->len = rsa->len;
rsa1->padding = rsa->padding;
rsa1->hash_id = rsa->hash_id;
ret = mbedtls_mpi_copy(&rsa1->N, &rsa->N);
if (ret != 0)
return CHECK_ERROR(_ssl::setError(ret));
ret = mbedtls_mpi_copy(&rsa1->E, &rsa->E);
if (ret != 0)
return CHECK_ERROR(_ssl::setError(ret));
retVal = pk1;
return 0;
}
if (type == MBEDTLS_PK_ECKEY)
{
mbedtls_ecp_keypair *ecp = mbedtls_pk_ec(m_key);
obj_ptr<PKey> pk1 = new PKey();
ret = mbedtls_pk_setup(&pk1->m_key, mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY));
if (ret != 0)
return CHECK_ERROR(_ssl::setError(ret));
mbedtls_ecp_keypair *ecp1 = mbedtls_pk_ec(pk1->m_key);
ret = mbedtls_ecp_group_copy(&ecp1->grp, &ecp->grp);
if (ret != 0)
return CHECK_ERROR(_ssl::setError(ret));
ret = mbedtls_ecp_copy(&ecp1->Q, &ecp->Q);
if (ret != 0)
return CHECK_ERROR(_ssl::setError(ret));
retVal = pk1;
return 0;
}
return CHECK_ERROR(CALL_E_INVALID_CALL);
}
/**
* Wrapper for sign-verify operations.
*
* @param Cipher Algorithm class
* @param CryptoKey Key parameters
* @param Hashes Digest alg to use.
* @param uint8_t* Buffer to be signed/verified...
* @param int ...and its length.
* @param uint8_t* Buffer to hold signature...
* @param int* ...and its length.
* @param uint8_t* Buffer holding the key...
* @param int ...and its length.
* @param uint32_t Options to the operations.
* @return 0 if the operation completed successfully.
*/
int __attribute__((weak)) wrapped_sign_verify(Cipher c, CryptoKey k, Hashes h, uint8_t* msg, int msg_len, uint8_t* sig, size_t* sig_len, uint8_t* key, int key_len, uint32_t opts) {
if (keygen_deferred_handling(k)) {
// If overriden by user implementation.
return _s_v_overrides[k](c, k, h, msg, msg_len, sig, sig_len, key, key_len, opts);
}
int ret = -1; // Failure by default.
uint8_t* hash;
int hashlen;
if (Hashes::NONE != h) {
hashlen = get_digest_output_length(h);
hash = (uint8_t*) alloca(hashlen);
if (hash) {
ret = wrapped_hash(msg, msg_len, hash, h);
}
}
else {
// This is the no-digest case.
hashlen = msg_len;
hash = msg;
ret = 0; // TODO: Fail if size is greater than the maximum input length for the Key type.
}
if (0 == ret) {
// If we are here, the hashing operation worked. Now we case-off on key/algo.
mbedtls_pk_context k_ctx;
mbedtls_pk_init(&k_ctx);
uint32_t pers = randomInt();
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_ctr_drbg_init(&ctr_drbg);
ret = mbedtls_ctr_drbg_seed(
&ctr_drbg, mbedtls_entropy_func, &entropy,
(const uint8_t*) &pers, 4
);
if (0 == ret) {
switch (c) {
#if defined(WRAPPED_ASYM_RSA)
case Cipher::ASYM_RSA:
//ret = mbedtls_pk_setup(&k_ctx, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA));
if (opts & OP_SIGN) {
ret = mbedtls_pk_setup(&k_ctx, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA));
if (0 == ret) {
ret = mbedtls_pk_parse_key(&k_ctx, key, key_len, nullptr, 0);
if (0 == ret) {
ret = mbedtls_pk_sign(
&k_ctx,
(mbedtls_md_type_t) h, hash, hashlen,
sig, sig_len,
mbedtls_ctr_drbg_random, &ctr_drbg
);
}
}
}
else {
ret = mbedtls_pk_parse_public_key(&k_ctx, key, key_len);
if (0 == ret) {
ret = mbedtls_pk_verify(
&k_ctx,
(mbedtls_md_type_t) h, hash, hashlen,
sig, *sig_len
);
}
}
break;
#endif
#if defined(MBEDTLS_ECDSA_C)
case Cipher::ASYM_ECDSA:
if (opts & OP_SIGN) {
ret = mbedtls_pk_setup(&k_ctx, mbedtls_pk_info_from_type(MBEDTLS_PK_ECDSA));
if (0 == ret) {
ret = mbedtls_pk_parse_key(&k_ctx, key, key_len, nullptr, 0);
if (0 == ret) {
ret = mbedtls_pk_sign(
&k_ctx,
(mbedtls_md_type_t) h, hash, hashlen,
sig, sig_len,
mbedtls_ctr_drbg_random, &ctr_drbg
);
}
}
}
else {
ret = mbedtls_pk_parse_public_key(&k_ctx, key, key_len);
if (0 == ret) {
ret = mbedtls_pk_verify(
&k_ctx,
(mbedtls_md_type_t) h, hash, hashlen,
sig, *sig_len
);
}
}
break;
#endif
#if defined(MBEDTLS_ECP_C)
case Cipher::ASYM_ECKEY:
if (opts & OP_SIGN) {
ret = mbedtls_pk_setup(&k_ctx, mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY));
if (0 == ret) {
ret = mbedtls_pk_parse_key(&k_ctx, key, key_len, nullptr, 0);
if (0 == ret) {
ret = mbedtls_pk_sign(
&k_ctx,
(mbedtls_md_type_t) h, hash, hashlen,
sig, sig_len,
mbedtls_ctr_drbg_random, &ctr_drbg
);
}
}
}
else {
ret = mbedtls_pk_parse_public_key(&k_ctx, key, key_len);
if (0 == ret) {
ret = mbedtls_pk_verify(
&k_ctx,
(mbedtls_md_type_t) h, hash, hashlen,
sig, *sig_len
);
}
}
break;
#endif
default:
break;
}
}
}
return ret;
}
/*
* Parse a private key
*/
int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
const unsigned char *key, size_t keylen,
const unsigned char *pwd, size_t pwdlen )
{
int ret;
const mbedtls_pk_info_t *pk_info;
#if defined(MBEDTLS_PEM_PARSE_C)
size_t len;
mbedtls_pem_context pem;
mbedtls_pem_init( &pem );
#if defined(MBEDTLS_RSA_C)
/* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
if( keylen == 0 || key[keylen - 1] != '\0' )
ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
else
ret = mbedtls_pem_read_buffer( &pem,
"-----BEGIN RSA PRIVATE KEY-----",
"-----END RSA PRIVATE KEY-----",
key, pwd, pwdlen, &len );
if( ret == 0 )
{
if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL )
return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ),
pem.buf, pem.buflen ) ) != 0 )
{
mbedtls_pk_free( pk );
}
mbedtls_pem_free( &pem );
return( ret );
}
else if( ret == MBEDTLS_ERR_PEM_PASSWORD_MISMATCH )
return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH );
else if( ret == MBEDTLS_ERR_PEM_PASSWORD_REQUIRED )
return( MBEDTLS_ERR_PK_PASSWORD_REQUIRED );
else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
return( ret );
#endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_ECP_C)
/* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
if( keylen == 0 || key[keylen - 1] != '\0' )
ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
else
ret = mbedtls_pem_read_buffer( &pem,
"-----BEGIN EC PRIVATE KEY-----",
"-----END EC PRIVATE KEY-----",
key, pwd, pwdlen, &len );
if( ret == 0 )
{
if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ) ) == NULL )
return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ),
pem.buf, pem.buflen ) ) != 0 )
{
mbedtls_pk_free( pk );
}
mbedtls_pem_free( &pem );
return( ret );
}
else if( ret == MBEDTLS_ERR_PEM_PASSWORD_MISMATCH )
return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH );
else if( ret == MBEDTLS_ERR_PEM_PASSWORD_REQUIRED )
return( MBEDTLS_ERR_PK_PASSWORD_REQUIRED );
else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
return( ret );
#endif /* MBEDTLS_ECP_C */
/* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
if( keylen == 0 || key[keylen - 1] != '\0' )
ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
else
ret = mbedtls_pem_read_buffer( &pem,
"-----BEGIN PRIVATE KEY-----",
"-----END PRIVATE KEY-----",
key, NULL, 0, &len );
if( ret == 0 )
{
if( ( ret = pk_parse_key_pkcs8_unencrypted_der( pk,
pem.buf, pem.buflen ) ) != 0 )
{
mbedtls_pk_free( pk );
}
mbedtls_pem_free( &pem );
return( ret );
}
else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
return( ret );
#if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C)
/* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
if( keylen == 0 || key[keylen - 1] != '\0' )
ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
else
ret = mbedtls_pem_read_buffer( &pem,
"-----BEGIN ENCRYPTED PRIVATE KEY-----",
"-----END ENCRYPTED PRIVATE KEY-----",
key, NULL, 0, &len );
if( ret == 0 )
{
if( ( ret = pk_parse_key_pkcs8_encrypted_der( pk,
pem.buf, pem.buflen,
pwd, pwdlen ) ) != 0 )
{
mbedtls_pk_free( pk );
}
mbedtls_pem_free( &pem );
return( ret );
}
else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
return( ret );
#endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */
#else
((void) ret);
((void) pwd);
((void) pwdlen);
#endif /* MBEDTLS_PEM_PARSE_C */
/*
* At this point we only know it's not a PEM formatted key. Could be any
* of the known DER encoded private key formats
*
* We try the different DER format parsers to see if one passes without
* error
*/
#if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C)
if( ( ret = pk_parse_key_pkcs8_encrypted_der( pk, key, keylen,
pwd, pwdlen ) ) == 0 )
{
return( 0 );
}
mbedtls_pk_free( pk );
if( ret == MBEDTLS_ERR_PK_PASSWORD_MISMATCH )
{
return( ret );
}
#endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */
if( ( ret = pk_parse_key_pkcs8_unencrypted_der( pk, key, keylen ) ) == 0 )
return( 0 );
mbedtls_pk_free( pk );
#if defined(MBEDTLS_RSA_C)
if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL )
return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), key, keylen ) ) == 0 )
{
return( 0 );
}
mbedtls_pk_free( pk );
#endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_ECP_C)
if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ) ) == NULL )
return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ), key, keylen ) ) == 0 )
{
return( 0 );
}
mbedtls_pk_free( pk );
#endif /* MBEDTLS_ECP_C */
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
}
int main( int argc, char *argv[] )
{
int ret = 0;
mbedtls_pk_context key;
char buf[1024];
int i;
char *p, *q;
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
const char *pers = "gen_key";
#if defined(MBEDTLS_ECP_C)
const mbedtls_ecp_curve_info *curve_info;
#endif
/*
* Set to sane values
*/
mbedtls_pk_init( &key );
mbedtls_ctr_drbg_init( &ctr_drbg );
memset( buf, 0, sizeof( buf ) );
if( argc == 0 )
{
usage:
ret = 1;
mbedtls_printf( USAGE );
#if defined(MBEDTLS_ECP_C)
mbedtls_printf( " available ec_curve values:\n" );
curve_info = mbedtls_ecp_curve_list();
mbedtls_printf( " %s (default)\n", curve_info->name );
while( ( ++curve_info )->name != NULL )
mbedtls_printf( " %s\n", curve_info->name );
#endif
goto exit;
}
opt.type = DFL_TYPE;
opt.rsa_keysize = DFL_RSA_KEYSIZE;
opt.ec_curve = DFL_EC_CURVE;
opt.filename = DFL_FILENAME;
opt.format = DFL_FORMAT;
opt.use_dev_random = DFL_USE_DEV_RANDOM;
for( i = 1; i < argc; i++ )
{
p = argv[i];
if( ( q = strchr( p, '=' ) ) == NULL )
goto usage;
*q++ = '\0';
if( strcmp( p, "type" ) == 0 )
{
if( strcmp( q, "rsa" ) == 0 )
opt.type = MBEDTLS_PK_RSA;
else if( strcmp( q, "ec" ) == 0 )
opt.type = MBEDTLS_PK_ECKEY;
else
goto usage;
}
else if( strcmp( p, "format" ) == 0 )
{
if( strcmp( q, "pem" ) == 0 )
opt.format = FORMAT_PEM;
else if( strcmp( q, "der" ) == 0 )
opt.format = FORMAT_DER;
else
goto usage;
}
else if( strcmp( p, "rsa_keysize" ) == 0 )
{
opt.rsa_keysize = atoi( q );
if( opt.rsa_keysize < 1024 ||
opt.rsa_keysize > MBEDTLS_MPI_MAX_BITS )
goto usage;
}
#if defined(MBEDTLS_ECP_C)
else if( strcmp( p, "ec_curve" ) == 0 )
{
if( ( curve_info = mbedtls_ecp_curve_info_from_name( q ) ) == NULL )
goto usage;
opt.ec_curve = curve_info->grp_id;
}
#endif
else if( strcmp( p, "filename" ) == 0 )
opt.filename = q;
else if( strcmp( p, "use_dev_random" ) == 0 )
{
opt.use_dev_random = atoi( q );
if( opt.use_dev_random < 0 || opt.use_dev_random > 1 )
goto usage;
}
else
goto usage;
}
mbedtls_printf( "\n . Seeding the random number generator..." );
fflush( stdout );
mbedtls_entropy_init( &entropy );
#if !defined(_WIN32) && defined(MBEDTLS_FS_IO)
if( opt.use_dev_random )
{
if( ( ret = mbedtls_entropy_add_source( &entropy, dev_random_entropy_poll,
NULL, DEV_RANDOM_THRESHOLD,
MBEDTLS_ENTROPY_SOURCE_STRONG ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_entropy_add_source returned -0x%04x\n", -ret );
goto exit;
}
mbedtls_printf("\n Using /dev/random, so can take a long time! " );
fflush( stdout );
}
#endif /* !_WIN32 && MBEDTLS_FS_IO */
if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n", -ret );
goto exit;
}
/*
* 1.1. Generate the key
*/
mbedtls_printf( "\n . Generating the private key ..." );
fflush( stdout );
if( ( ret = mbedtls_pk_setup( &key, mbedtls_pk_info_from_type( opt.type ) ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_pk_setup returned -0x%04x", -ret );
goto exit;
}
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME)
if( opt.type == MBEDTLS_PK_RSA )
{
ret = mbedtls_rsa_gen_key( mbedtls_pk_rsa( key ), mbedtls_ctr_drbg_random, &ctr_drbg,
opt.rsa_keysize, 65537 );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_rsa_gen_key returned -0x%04x", -ret );
goto exit;
}
}
else
#endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_ECP_C)
if( opt.type == MBEDTLS_PK_ECKEY )
{
ret = mbedtls_ecp_gen_key( opt.ec_curve, mbedtls_pk_ec( key ),
mbedtls_ctr_drbg_random, &ctr_drbg );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_rsa_gen_key returned -0x%04x", -ret );
goto exit;
}
}
else
#endif /* MBEDTLS_ECP_C */
{
mbedtls_printf( " failed\n ! key type not supported\n" );
goto exit;
}
/*
* 1.2 Print the key
*/
mbedtls_printf( " ok\n . Key information:\n" );
#if defined(MBEDTLS_RSA_C)
if( mbedtls_pk_get_type( &key ) == MBEDTLS_PK_RSA )
{
mbedtls_rsa_context *rsa = mbedtls_pk_rsa( key );
mbedtls_mpi_write_file( "N: ", &rsa->N, 16, NULL );
mbedtls_mpi_write_file( "E: ", &rsa->E, 16, NULL );
mbedtls_mpi_write_file( "D: ", &rsa->D, 16, NULL );
mbedtls_mpi_write_file( "P: ", &rsa->P, 16, NULL );
mbedtls_mpi_write_file( "Q: ", &rsa->Q, 16, NULL );
mbedtls_mpi_write_file( "DP: ", &rsa->DP, 16, NULL );
mbedtls_mpi_write_file( "DQ: ", &rsa->DQ, 16, NULL );
mbedtls_mpi_write_file( "QP: ", &rsa->QP, 16, NULL );
}
else
#endif
#if defined(MBEDTLS_ECP_C)
if( mbedtls_pk_get_type( &key ) == MBEDTLS_PK_ECKEY )
{
mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( key );
mbedtls_printf( "curve: %s\n",
mbedtls_ecp_curve_info_from_grp_id( ecp->grp.id )->name );
mbedtls_mpi_write_file( "X_Q: ", &ecp->Q.X, 16, NULL );
mbedtls_mpi_write_file( "Y_Q: ", &ecp->Q.Y, 16, NULL );
mbedtls_mpi_write_file( "D: ", &ecp->d , 16, NULL );
}
else
#endif
mbedtls_printf(" ! key type not supported\n");
/*
* 1.3 Export key
*/
mbedtls_printf( " . Writing key to file..." );
if( ( ret = write_private_key( &key, opt.filename ) ) != 0 )
{
mbedtls_printf( " failed\n" );
goto exit;
}
mbedtls_printf( " ok\n" );
exit:
if( ret != 0 && ret != 1)
{
#ifdef MBEDTLS_ERROR_C
mbedtls_strerror( ret, buf, sizeof( buf ) );
mbedtls_printf( " - %s\n", buf );
#else
mbedtls_printf("\n");
#endif
}
mbedtls_pk_free( &key );
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
#if defined(_WIN32)
mbedtls_printf( " + Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
return( ret );
}
/*
* Parse an unencrypted PKCS#8 encoded private key
*/
static int pk_parse_key_pkcs8_unencrypted_der(
mbedtls_pk_context *pk,
const unsigned char* key,
size_t keylen )
{
int ret, version;
size_t len;
mbedtls_asn1_buf params;
unsigned char *p = (unsigned char *) key;
unsigned char *end = p + keylen;
mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE;
const mbedtls_pk_info_t *pk_info;
/*
* This function parses the PrivatKeyInfo object (PKCS#8 v1.2 = RFC 5208)
*
* PrivateKeyInfo ::= SEQUENCE {
* version Version,
* privateKeyAlgorithm PrivateKeyAlgorithmIdentifier,
* privateKey PrivateKey,
* attributes [0] IMPLICIT Attributes OPTIONAL }
*
* Version ::= INTEGER
* PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier
* PrivateKey ::= OCTET STRING
*
* The PrivateKey OCTET STRING is a SEC1 ECPrivateKey
*/
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
{
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
}
end = p + len;
if( ( ret = mbedtls_asn1_get_int( &p, end, &version ) ) != 0 )
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
if( version != 0 )
return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION + ret );
if( ( ret = pk_get_pk_alg( &p, end, &pk_alg, ¶ms ) ) != 0 )
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
if( len < 1 )
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +
MBEDTLS_ERR_ASN1_OUT_OF_DATA );
if( ( pk_info = mbedtls_pk_info_from_type( pk_alg ) ) == NULL )
return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 )
return( ret );
#if defined(MBEDTLS_RSA_C)
if( pk_alg == MBEDTLS_PK_RSA )
{
if( ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), p, len ) ) != 0 )
{
mbedtls_pk_free( pk );
return( ret );
}
} else
#endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_ECP_C)
if( pk_alg == MBEDTLS_PK_ECKEY || pk_alg == MBEDTLS_PK_ECKEY_DH )
{
if( ( ret = pk_use_ecparams( ¶ms, &mbedtls_pk_ec( *pk )->grp ) ) != 0 ||
( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ), p, len ) ) != 0 )
{
mbedtls_pk_free( pk );
return( ret );
}
} else
#endif /* MBEDTLS_ECP_C */
return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
return( 0 );
}
/*
* CSR is output formatted as b64url(DER)
* Private key is output as a PEM in memory
*/
LWS_VISIBLE LWS_EXTERN int
lws_tls_acme_sni_csr_create(struct lws_context *context, const char *elements[],
uint8_t *dcsr, size_t csr_len, char **privkey_pem,
size_t *privkey_len)
{
mbedtls_x509write_csr csr;
char subject[200];
mbedtls_pk_context mpk;
int buf_size = 4096, n;
uint8_t *buf = malloc(buf_size); /* malloc because given to user code */
if (!buf)
return -1;
mbedtls_x509write_csr_init(&csr);
mbedtls_pk_init(&mpk);
if (mbedtls_pk_setup(&mpk, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA))) {
lwsl_notice("%s: pk_setup failed\n", __func__);
goto fail;
}
n = mbedtls_rsa_gen_key(mbedtls_pk_rsa(mpk), _rngf, context,
lws_plat_recommended_rsa_bits(), 65537);
if (n) {
lwsl_notice("%s: failed to generate keys\n", __func__);
goto fail1;
}
/* subject must be formatted like "C=TW,O=warmcat,CN=myserver" */
lws_snprintf(subject, sizeof(subject) - 1,
"C=%s,ST=%s,L=%s,O=%s,CN=%s",
elements[LWS_TLS_REQ_ELEMENT_COUNTRY],
elements[LWS_TLS_REQ_ELEMENT_STATE],
elements[LWS_TLS_REQ_ELEMENT_LOCALITY],
elements[LWS_TLS_REQ_ELEMENT_ORGANIZATION],
elements[LWS_TLS_REQ_ELEMENT_COMMON_NAME]);
if (mbedtls_x509write_csr_set_subject_name(&csr, subject))
goto fail1;
mbedtls_x509write_csr_set_key(&csr, &mpk);
mbedtls_x509write_csr_set_md_alg(&csr, MBEDTLS_MD_SHA256);
/*
* data is written at the end of the buffer! Use the
* return value to determine where you should start
* using the buffer
*/
n = mbedtls_x509write_csr_der(&csr, buf, buf_size, _rngf, context);
if (n < 0) {
lwsl_notice("%s: write csr der failed\n", __func__);
goto fail1;
}
/* we have it in DER, we need it in b64URL */
n = lws_jws_base64_enc((char *)(buf + buf_size) - n, n,
(char *)dcsr, csr_len);
if (n < 0)
goto fail1;
/*
* okay, the CSR is done, last we need the private key in PEM
* re-use the DER CSR buf as the result buffer since we cn do it in
* one step
*/
if (mbedtls_pk_write_key_pem(&mpk, buf, buf_size)) {
lwsl_notice("write key pem failed\n");
goto fail1;
}
*privkey_pem = (char *)buf;
*privkey_len = strlen((const char *)buf);
mbedtls_pk_free(&mpk);
mbedtls_x509write_csr_free(&csr);
return n;
fail1:
mbedtls_pk_free(&mpk);
fail:
mbedtls_x509write_csr_free(&csr);
free(buf);
return -1;
}
