/* * PSA hashing layer on top of Mbed TLS software crypto */ /* * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ #include "common.h" /* This is needed for MBEDTLS_ERR_XXX macros */ #include <mbedtls/error.h> #if defined(MBEDTLS_ASN1_WRITE_C) #include <mbedtls/asn1write.h> #include <psa/crypto_sizes.h> #endif #include "psa_util_internal.h" #if defined(MBEDTLS_PSA_CRYPTO_CLIENT) #include <psa/crypto.h> #if defined(MBEDTLS_MD_LIGHT) #include <mbedtls/md.h> #endif #if defined(MBEDTLS_LMS_C) #include <mbedtls/lms.h> #endif #if defined(MBEDTLS_SSL_TLS_C) && \ (defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)) #include <mbedtls/ssl.h> #endif #if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) || \ defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) #include <mbedtls/rsa.h> #endif #if defined(MBEDTLS_USE_PSA_CRYPTO) && \ defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) #include <mbedtls/ecp.h> #endif #if defined(MBEDTLS_PK_C) #include <mbedtls/pk.h> #endif #if defined(MBEDTLS_BLOCK_CIPHER_SOME_PSA) #include <mbedtls/cipher.h> #endif #include <mbedtls/entropy.h> /* PSA_SUCCESS is kept at the top of each error table since * it's the most common status when everything functions properly. */ #if defined(MBEDTLS_MD_LIGHT) const mbedtls_error_pair_t psa_to_md_errors[] = …; #endif #if defined(MBEDTLS_BLOCK_CIPHER_SOME_PSA) const mbedtls_error_pair_t psa_to_cipher_errors[] = { { PSA_SUCCESS, 0 }, { PSA_ERROR_NOT_SUPPORTED, MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE }, { PSA_ERROR_INVALID_ARGUMENT, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA }, { PSA_ERROR_INSUFFICIENT_MEMORY, MBEDTLS_ERR_CIPHER_ALLOC_FAILED } }; #endif #if defined(MBEDTLS_LMS_C) const mbedtls_error_pair_t psa_to_lms_errors[] = …; #endif #if defined(MBEDTLS_SSL_TLS_C) && \ (defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)) const mbedtls_error_pair_t psa_to_ssl_errors[] = …; #endif #if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) || \ defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) const mbedtls_error_pair_t psa_to_pk_rsa_errors[] = …; #endif #if defined(MBEDTLS_USE_PSA_CRYPTO) && \ defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) const mbedtls_error_pair_t psa_to_pk_ecdsa_errors[] = { { PSA_SUCCESS, 0 }, { PSA_ERROR_NOT_PERMITTED, MBEDTLS_ERR_ECP_BAD_INPUT_DATA }, { PSA_ERROR_INVALID_ARGUMENT, MBEDTLS_ERR_ECP_BAD_INPUT_DATA }, { PSA_ERROR_INVALID_HANDLE, MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE }, { PSA_ERROR_BUFFER_TOO_SMALL, MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL }, { PSA_ERROR_INSUFFICIENT_ENTROPY, MBEDTLS_ERR_ECP_RANDOM_FAILED }, { PSA_ERROR_INVALID_SIGNATURE, MBEDTLS_ERR_ECP_VERIFY_FAILED } }; #endif int psa_generic_status_to_mbedtls(psa_status_t status) { … } int psa_status_to_mbedtls(psa_status_t status, const mbedtls_error_pair_t *local_translations, size_t local_errors_num, int (*fallback_f)(psa_status_t)) { … } #if defined(MBEDTLS_PK_C) int psa_pk_status_to_mbedtls(psa_status_t status) { … } #endif /* MBEDTLS_PK_C */ /****************************************************************/ /* Key management */ /****************************************************************/ #if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid, size_t *bits) { … } mbedtls_ecp_group_id mbedtls_ecc_group_from_psa(psa_ecc_family_t family, size_t bits) { … } #endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ /* Wrapper function allowing the classic API to use the PSA RNG. * * `mbedtls_psa_get_random(MBEDTLS_PSA_RANDOM_STATE, ...)` calls * `psa_generate_random(...)`. The state parameter is ignored since the * PSA API doesn't support passing an explicit state. */ int mbedtls_psa_get_random(void *p_rng, unsigned char *output, size_t output_size) { … } #endif /* MBEDTLS_PSA_CRYPTO_CLIENT */ #if defined(MBEDTLS_PSA_UTIL_HAVE_ECDSA) /** * \brief Convert a single raw coordinate to DER ASN.1 format. The output der * buffer is filled backward (i.e. starting from its end). * * \param raw_buf Buffer containing the raw coordinate to be * converted. * \param raw_len Length of raw_buf in bytes. This must be > 0. * \param der_buf_start Pointer to the beginning of the buffer which * will be filled with the DER converted data. * \param der_buf_end End of the buffer used to store the DER output. * * \return On success, the amount of data (in bytes) written to * the DER buffer. * \return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL if the provided der * buffer is too small to contain all the converted data. * \return MBEDTLS_ERR_ASN1_INVALID_DATA if the input raw * coordinate is null (i.e. all zeros). * * \warning Raw and der buffer must not be overlapping. */ static int convert_raw_to_der_single_int(const unsigned char *raw_buf, size_t raw_len, unsigned char *der_buf_start, unsigned char *der_buf_end) { … } int mbedtls_ecdsa_raw_to_der(size_t bits, const unsigned char *raw, size_t raw_len, unsigned char *der, size_t der_size, size_t *der_len) { … } /** * \brief Convert a single integer from ASN.1 DER format to raw. * * \param der Buffer containing the DER integer value to be * converted. * \param der_len Length of the der buffer in bytes. * \param raw Output buffer that will be filled with the * converted data. This should be at least * coordinate_size bytes and it must be zeroed before * calling this function. * \param coordinate_size Size (in bytes) of a single coordinate in raw * format. * * \return On success, the amount of DER data parsed from the * provided der buffer. * \return MBEDTLS_ERR_ASN1_UNEXPECTED_TAG if the integer tag * is missing in the der buffer. * \return MBEDTLS_ERR_ASN1_LENGTH_MISMATCH if the integer * is null (i.e. all zeros) or if the output raw buffer * is too small to contain the converted raw value. * * \warning Der and raw buffers must not be overlapping. */ static int convert_der_to_raw_single_int(unsigned char *der, size_t der_len, unsigned char *raw, size_t coordinate_size) { … } int mbedtls_ecdsa_der_to_raw(size_t bits, const unsigned char *der, size_t der_len, unsigned char *raw, size_t raw_size, size_t *raw_len) { … } #endif /* MBEDTLS_PSA_UTIL_HAVE_ECDSA */
Codebase Browser
godot