int mbedtls_ecies_read_hmac(unsigned char **p, const unsigned char *end,
mbedtls_md_type_t *hmac_type, unsigned char **hmac, size_t *hmac_len)
{
int result = 0;
size_t len = 0;
mbedtls_asn1_buf hmac_alg;
if (hmac_type == NULL || hmac == NULL)
{
return MBEDTLS_ERR_ECIES_BAD_INPUT_DATA;
}
INVOKE_AND_CHECK(result,
mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)
);
INVOKE_AND_CHECK(result,
mbedtls_asn1_get_alg_null(p, end, &hmac_alg)
);
INVOKE_AND_CHECK(result,
mbedtls_oid_get_md_alg(&hmac_alg, hmac_type)
);
INVOKE_AND_CHECK(result,
mbedtls_asn1_get_tag(p, end, hmac_len, MBEDTLS_ASN1_OCTET_STRING)
);
*hmac = *p;
*p += *hmac_len;
return result;
}
int mbedtls_ecies_read_kdf(unsigned char **p, const unsigned char *end,
mbedtls_kdf_type_t *kdf_type, mbedtls_md_type_t *md_type)
{
int result = 0;
size_t len = 0;
mbedtls_asn1_buf kdf_alg;
mbedtls_asn1_buf md_alg;
if (kdf_type == NULL || md_type == NULL)
{
return MBEDTLS_ERR_ECIES_BAD_INPUT_DATA;
}
INVOKE_AND_CHECK(result,
mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)
);
if ((end - *p) < 1)
{
INVOKE_AND_CHECK(result, MBEDTLS_ERR_ASN1_OUT_OF_DATA);
}
kdf_alg.tag = **p;
INVOKE_AND_CHECK(result,
mbedtls_asn1_get_tag(p, end, &kdf_alg.len, MBEDTLS_ASN1_OID)
);
kdf_alg.p = *p;
*p += kdf_alg.len;
INVOKE_AND_CHECK(result,
mbedtls_oid_get_kdf_alg(&kdf_alg, kdf_type)
);
INVOKE_AND_CHECK(result,
mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)
);
md_alg.tag = **p;
INVOKE_AND_CHECK(result,
mbedtls_asn1_get_tag(p, end, &md_alg.len, MBEDTLS_ASN1_OID)
);
md_alg.p = *p;
*p += md_alg.len;
INVOKE_AND_CHECK(result,
mbedtls_oid_get_md_alg(&md_alg, md_type)
);
INVOKE_AND_CHECK(result,
mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_NULL)
);
return result;
}
/*
* HashAlgorithm ::= AlgorithmIdentifier
*
* AlgorithmIdentifier ::= SEQUENCE {
* algorithm OBJECT IDENTIFIER,
* parameters ANY DEFINED BY algorithm OPTIONAL }
*
* For HashAlgorithm, parameters MUST be NULL or absent.
*/
static int x509_get_hash_alg( const mbedtls_x509_buf *alg, mbedtls_md_type_t *md_alg )
{
int ret;
unsigned char *p;
const unsigned char *end;
mbedtls_x509_buf md_oid;
size_t len;
/* Make sure we got a SEQUENCE and setup bounds */
if( alg->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) )
return( MBEDTLS_ERR_X509_INVALID_ALG +
MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
p = (unsigned char *) alg->p;
end = p + alg->len;
if( p >= end )
return( MBEDTLS_ERR_X509_INVALID_ALG +
MBEDTLS_ERR_ASN1_OUT_OF_DATA );
/* Parse md_oid */
md_oid.tag = *p;
if( ( ret = mbedtls_asn1_get_tag( &p, end, &md_oid.len, MBEDTLS_ASN1_OID ) ) != 0 )
return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
md_oid.p = p;
p += md_oid.len;
/* Get md_alg from md_oid */
if( ( ret = mbedtls_oid_get_md_alg( &md_oid, md_alg ) ) != 0 )
return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
/* Make sure params is absent of NULL */
if( p == end )
return( 0 );
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_NULL ) ) != 0 || len != 0 )
return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
if( p != end )
return( MBEDTLS_ERR_X509_INVALID_ALG +
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
return( 0 );
}
/*
* RSASSA-PSS-params ::= SEQUENCE {
* hashAlgorithm [0] HashAlgorithm DEFAULT sha1Identifier,
* maskGenAlgorithm [1] MaskGenAlgorithm DEFAULT mgf1SHA1Identifier,
* saltLength [2] INTEGER DEFAULT 20,
* trailerField [3] INTEGER DEFAULT 1 }
* -- Note that the tags in this Sequence are explicit.
*
* RFC 4055 (which defines use of RSASSA-PSS in PKIX) states that the value
* of trailerField MUST be 1, and PKCS#1 v2.2 doesn't even define any other
* option. Enfore this at parsing time.
*/
int mbedtls_x509_get_rsassa_pss_params( const mbedtls_x509_buf *params,
mbedtls_md_type_t *md_alg, mbedtls_md_type_t *mgf_md,
int *salt_len )
{
int ret;
unsigned char *p;
const unsigned char *end, *end2;
size_t len;
mbedtls_x509_buf alg_id, alg_params;
/* First set everything to defaults */
*md_alg = MBEDTLS_MD_SHA1;
*mgf_md = MBEDTLS_MD_SHA1;
*salt_len = 20;
/* Make sure params is a SEQUENCE and setup bounds */
if( params->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) )
return( MBEDTLS_ERR_X509_INVALID_ALG +
MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
p = (unsigned char *) params->p;
end = p + params->len;
if( p == end )
return( 0 );
/*
* HashAlgorithm
*/
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0 ) ) == 0 )
{
end2 = p + len;
/* HashAlgorithm ::= AlgorithmIdentifier (without parameters) */
if( ( ret = mbedtls_x509_get_alg_null( &p, end2, &alg_id ) ) != 0 )
return( ret );
if( ( ret = mbedtls_oid_get_md_alg( &alg_id, md_alg ) ) != 0 )
return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
if( p != end2 )
return( MBEDTLS_ERR_X509_INVALID_ALG +
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
}
else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
if( p == end )
return( 0 );
/*
* MaskGenAlgorithm
*/
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 1 ) ) == 0 )
{
end2 = p + len;
/* MaskGenAlgorithm ::= AlgorithmIdentifier (params = HashAlgorithm) */
if( ( ret = mbedtls_x509_get_alg( &p, end2, &alg_id, &alg_params ) ) != 0 )
return( ret );
/* Only MFG1 is recognised for now */
if( MBEDTLS_OID_CMP( MBEDTLS_OID_MGF1, &alg_id ) != 0 )
return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE +
MBEDTLS_ERR_OID_NOT_FOUND );
/* Parse HashAlgorithm */
if( ( ret = x509_get_hash_alg( &alg_params, mgf_md ) ) != 0 )
return( ret );
if( p != end2 )
return( MBEDTLS_ERR_X509_INVALID_ALG +
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
}
else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
if( p == end )
return( 0 );
/*
* salt_len
*/
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 2 ) ) == 0 )
{
end2 = p + len;
if( ( ret = mbedtls_asn1_get_int( &p, end2, salt_len ) ) != 0 )
return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
if( p != end2 )
return( MBEDTLS_ERR_X509_INVALID_ALG +
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
}
else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
if( p == end )
return( 0 );
/*
* trailer_field (if present, must be 1)
*/
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 3 ) ) == 0 )
{
int trailer_field;
end2 = p + len;
if( ( ret = mbedtls_asn1_get_int( &p, end2, &trailer_field ) ) != 0 )
return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
if( p != end2 )
return( MBEDTLS_ERR_X509_INVALID_ALG +
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
if( trailer_field != 1 )
return( MBEDTLS_ERR_X509_INVALID_ALG );
}
else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
if( p != end )
return( MBEDTLS_ERR_X509_INVALID_ALG +
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
return( 0 );
}
/*
* Match a hash
*
* Digest info is passed in DER format following the ASN.1 structure detailed
* above.
*/
static int verify_hash(void *data_ptr, unsigned int data_len,
void *digest_info_ptr, unsigned int digest_info_len)
{
mbedtls_asn1_buf hash_oid, params;
mbedtls_md_type_t md_alg;
const mbedtls_md_info_t *md_info;
unsigned char *p, *end, *hash;
unsigned char data_hash[MBEDTLS_MD_MAX_SIZE];
size_t len;
int rc;
/* Digest info should be an MBEDTLS_ASN1_SEQUENCE */
p = (unsigned char *)digest_info_ptr;
end = p + digest_info_len;
rc = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED |
MBEDTLS_ASN1_SEQUENCE);
if (rc != 0) {
return CRYPTO_ERR_HASH;
}
/* Get the hash algorithm */
rc = mbedtls_asn1_get_alg(&p, end, &hash_oid, ¶ms);
if (rc != 0) {
return CRYPTO_ERR_HASH;
}
rc = mbedtls_oid_get_md_alg(&hash_oid, &md_alg);
if (rc != 0) {
return CRYPTO_ERR_HASH;
}
md_info = mbedtls_md_info_from_type(md_alg);
if (md_info == NULL) {
return CRYPTO_ERR_HASH;
}
/* Hash should be octet string type */
rc = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OCTET_STRING);
if (rc != 0) {
return CRYPTO_ERR_HASH;
}
/* Length of hash must match the algorithm's size */
if (len != mbedtls_md_get_size(md_info)) {
return CRYPTO_ERR_HASH;
}
hash = p;
/* Calculate the hash of the data */
p = (unsigned char *)data_ptr;
rc = mbedtls_md(md_info, p, data_len, data_hash);
if (rc != 0) {
return CRYPTO_ERR_HASH;
}
/* Compare values */
rc = memcmp(data_hash, hash, mbedtls_md_get_size(md_info));
if (rc != 0) {
return CRYPTO_ERR_HASH;
}
return CRYPTO_SUCCESS;
}