dearsky/pico-hsm
1
0
Fork 0
Code Issues 17 Pull Requests 4 Actions Packages Projects Releases 26 Wiki Activity

Migrating from PolarSSL to MBEDTLS 3.1 (formerly PolarSSL).

Browse Source 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
Pol Henarejos
2022-01-24 18:14:42 +01:00
parent 62beedfccc
commit 756d9a3d5b
97 changed files with 44824 additions and 6389 deletions
Download Patch File Download Diff File Expand all files Collapse all files

143
call-rsa.c
View File

@@ -24,6 +24,9 @@
#include <stdint.h>
#include <string.h>
#include "common.h"
//#include <chopstx.h>
#include "config.h"
@@ -31,17 +34,17 @@
#include "gnuk.h"
#include "status-code.h"
#include "random.h"
#include "polarssl/config.h"
#include "polarssl/rsa.h"
//#include "polarssl/config.h"
#include "mbedtls/rsa.h"
static rsa_context rsa_ctx;
static mbedtls_rsa_context rsa_ctx;
//static struct chx_cleanup clp;
static void
rsa_cleanup (void *arg)
{
(void)arg;
rsa_free (&rsa_ctx);
mbedtls_rsa_free (&rsa_ctx);
}
@@ -49,31 +52,31 @@ int
rsa_sign (const uint8_t *raw_message, uint8_t *output, int msg_len,
struct key_data *kd, int pubkey_len)
{
mpi P1, Q1, H;
mbedtls_mpi P1, Q1, H;
int ret = 0;
unsigned char temp[pubkey_len];
rsa_init (&rsa_ctx, RSA_PKCS_V15, 0);
mbedtls_rsa_init (&rsa_ctx);
mpi_init (&P1); mpi_init (&Q1); mpi_init (&H);
mbedtls_mpi_init (&P1); mbedtls_mpi_init (&Q1); mbedtls_mpi_init (&H);
rsa_ctx.len = pubkey_len;
MPI_CHK( mpi_lset (&rsa_ctx.E, 0x10001) );
MPI_CHK( mpi_read_binary (&rsa_ctx.P, &kd->data[0], pubkey_len / 2) );
MPI_CHK( mpi_read_binary (&rsa_ctx.Q, &kd->data[pubkey_len / 2],
MBEDTLS_MPI_CHK( mbedtls_mpi_lset (&rsa_ctx.E, 0x10001) );
MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary (&rsa_ctx.P, &kd->data[0], pubkey_len / 2) );
MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary (&rsa_ctx.Q, &kd->data[pubkey_len / 2],
pubkey_len / 2) );
#if 0
MPI_CHK( mpi_mul_mpi (&rsa_ctx.N, &rsa_ctx.P, &rsa_ctx.Q) );
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi (&rsa_ctx.N, &rsa_ctx.P, &rsa_ctx.Q) );
#endif
MPI_CHK( mpi_sub_int (&P1, &rsa_ctx.P, 1) );
MPI_CHK( mpi_sub_int (&Q1, &rsa_ctx.Q, 1) );
MPI_CHK( mpi_mul_mpi (&H, &P1, &Q1) );
MPI_CHK( mpi_inv_mod (&rsa_ctx.D , &rsa_ctx.E, &H) );
MPI_CHK( mpi_mod_mpi (&rsa_ctx.DP, &rsa_ctx.D, &P1) );
MPI_CHK( mpi_mod_mpi (&rsa_ctx.DQ, &rsa_ctx.D, &Q1) );
MPI_CHK( mpi_inv_mod (&rsa_ctx.QP, &rsa_ctx.Q, &rsa_ctx.P) );
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int (&P1, &rsa_ctx.P, 1) );
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int (&Q1, &rsa_ctx.Q, 1) );
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi (&H, &P1, &Q1) );
MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod (&rsa_ctx.D , &rsa_ctx.E, &H) );
MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi (&rsa_ctx.DP, &rsa_ctx.D, &P1) );
MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi (&rsa_ctx.DQ, &rsa_ctx.D, &Q1) );
MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod (&rsa_ctx.QP, &rsa_ctx.Q, &rsa_ctx.P) );
cleanup:
mpi_free (&P1); mpi_free (&Q1); mpi_free (&H);
mbedtls_mpi_free (&P1); mbedtls_mpi_free (&Q1); mbedtls_mpi_free (&H);
if (ret == 0)
{
int cs;
@@ -84,8 +87,8 @@ rsa_sign (const uint8_t *raw_message, uint8_t *output, int msg_len,
//clp.arg = NULL;
//chopstx_cleanup_push (&clp);
//cs = chopstx_setcancelstate (0); /* Allow cancellation. */
ret = rsa_rsassa_pkcs1_v15_sign (&rsa_ctx, NULL, NULL,
RSA_PRIVATE, SIG_RSA_RAW,
ret = mbedtls_rsa_rsassa_pkcs1_v15_sign (&rsa_ctx, NULL, NULL,
MBEDTLS_MD_NONE,
msg_len, raw_message, temp);
memcpy (output, temp, pubkey_len);
rsa_cleanup(NULL);
@@ -93,7 +96,7 @@ rsa_sign (const uint8_t *raw_message, uint8_t *output, int msg_len,
//chopstx_cleanup_pop (0);
}
rsa_free (&rsa_ctx);
mbedtls_rsa_free (&rsa_ctx);
if (ret != 0)
{
DEBUG_INFO ("fail:");
@@ -114,16 +117,16 @@ rsa_sign (const uint8_t *raw_message, uint8_t *output, int msg_len,
int
modulus_calc (const uint8_t *p, int len, uint8_t *pubkey)
{
mpi P, Q, N;
mbedtls_mpi P, Q, N;
int ret;
mpi_init (&P); mpi_init (&Q); mpi_init (&N);
MPI_CHK( mpi_read_binary (&P, p, len / 2) );
MPI_CHK( mpi_read_binary (&Q, p + len / 2, len / 2) );
MPI_CHK( mpi_mul_mpi (&N, &P, &Q) );
MPI_CHK( mpi_write_binary (&N, pubkey, len) );
mbedtls_mpi_init (&P); mbedtls_mpi_init (&Q); mbedtls_mpi_init (&N);
MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary (&P, p, len / 2) );
MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary (&Q, p + len / 2, len / 2) );
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi (&N, &P, &Q) );
MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary (&N, pubkey, len) );
cleanup:
mpi_free (&P); mpi_free (&Q); mpi_free (&N);
mbedtls_mpi_free (&P); mbedtls_mpi_free (&Q); mbedtls_mpi_free (&N);
if (ret != 0)
return -1;
@@ -135,33 +138,33 @@ int
rsa_decrypt (const uint8_t *input, uint8_t *output, int msg_len,
struct key_data *kd, unsigned int *output_len_p)
{
mpi P1, Q1, H;
mbedtls_mpi P1, Q1, H;
int ret;
DEBUG_INFO ("RSA decrypt:");
DEBUG_WORD ((uint32_t)&ret);
rsa_init (&rsa_ctx, RSA_PKCS_V15, 0);
mpi_init (&P1); mpi_init (&Q1); mpi_init (&H);
mbedtls_rsa_init (&rsa_ctx);
mbedtls_mpi_init (&P1); mbedtls_mpi_init (&Q1); mbedtls_mpi_init (&H);
rsa_ctx.len = msg_len;
DEBUG_WORD (msg_len);
MPI_CHK( mpi_lset (&rsa_ctx.E, 0x10001) );
MPI_CHK( mpi_read_binary (&rsa_ctx.P, &kd->data[0], msg_len / 2) );
MPI_CHK( mpi_read_binary (&rsa_ctx.Q, &kd->data[msg_len / 2], msg_len / 2) );
MBEDTLS_MPI_CHK( mbedtls_mpi_lset (&rsa_ctx.E, 0x10001) );
MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary (&rsa_ctx.P, &kd->data[0], msg_len / 2) );
MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary (&rsa_ctx.Q, &kd->data[msg_len / 2], msg_len / 2) );
#if 0
MPI_CHK( mpi_mul_mpi (&rsa_ctx.N, &rsa_ctx.P, &rsa_ctx.Q) );
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi (&rsa_ctx.N, &rsa_ctx.P, &rsa_ctx.Q) );
#endif
MPI_CHK( mpi_sub_int (&P1, &rsa_ctx.P, 1) );
MPI_CHK( mpi_sub_int (&Q1, &rsa_ctx.Q, 1) );
MPI_CHK( mpi_mul_mpi (&H, &P1, &Q1) );
MPI_CHK( mpi_inv_mod (&rsa_ctx.D , &rsa_ctx.E, &H) );
MPI_CHK( mpi_mod_mpi (&rsa_ctx.DP, &rsa_ctx.D, &P1) );
MPI_CHK( mpi_mod_mpi (&rsa_ctx.DQ, &rsa_ctx.D, &Q1) );
MPI_CHK( mpi_inv_mod (&rsa_ctx.QP, &rsa_ctx.Q, &rsa_ctx.P) );
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int (&P1, &rsa_ctx.P, 1) );
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int (&Q1, &rsa_ctx.Q, 1) );
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi (&H, &P1, &Q1) );
MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod (&rsa_ctx.D , &rsa_ctx.E, &H) );
MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi (&rsa_ctx.DP, &rsa_ctx.D, &P1) );
MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi (&rsa_ctx.DQ, &rsa_ctx.D, &Q1) );
MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod (&rsa_ctx.QP, &rsa_ctx.Q, &rsa_ctx.P) );
cleanup:
mpi_free (&P1); mpi_free (&Q1); mpi_free (&H);
mbedtls_mpi_free (&P1); mbedtls_mpi_free (&Q1); mbedtls_mpi_free (&H);
if (ret == 0)
{
int cs;
@@ -172,15 +175,15 @@ rsa_decrypt (const uint8_t *input, uint8_t *output, int msg_len,
//clp.arg = NULL;
//chopstx_cleanup_push (&clp);
//cs = chopstx_setcancelstate (0); /* Allow cancellation. */
ret = rsa_rsaes_pkcs1_v15_decrypt (&rsa_ctx, NULL, NULL,
RSA_PRIVATE, output_len_p, input,
ret = mbedtls_rsa_rsaes_pkcs1_v15_decrypt (&rsa_ctx, NULL, NULL,
output_len_p, input,
output, MAX_RES_APDU_DATA_SIZE);
rsa_cleanup(NULL);
//chopstx_setcancelstate (cs);
//chopstx_cleanup_pop (0);
}
rsa_free (&rsa_ctx);
mbedtls_rsa_free (&rsa_ctx);
if (ret != 0)
{
DEBUG_INFO ("fail:");
@@ -201,21 +204,22 @@ rsa_verify (const uint8_t *pubkey, int pubkey_len,
{
int ret;
rsa_init (&rsa_ctx, RSA_PKCS_V15, 0);
mbedtls_rsa_init (&rsa_ctx);
rsa_ctx.len = pubkey_len;
MPI_CHK( mpi_lset (&rsa_ctx.E, 0x10001) );
MPI_CHK( mpi_read_binary (&rsa_ctx.N, pubkey, pubkey_len) );
MBEDTLS_MPI_CHK( mbedtls_mpi_lset (&rsa_ctx.E, 0x10001) );
MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary (&rsa_ctx.N, pubkey, pubkey_len) );
DEBUG_INFO ("RSA verify...");
MPI_CHK( rsa_rsassa_pkcs1_v15_verify (&rsa_ctx, NULL, NULL,
RSA_PUBLIC, SIG_RSA_SHA256, 32,
MBEDTLS_MPI_CHK( mbedtls_rsa_rsassa_pkcs1_v15_verify (&rsa_ctx,
MBEDTLS_MD_SHA256, 32,
hash, sig) );
cleanup:
rsa_free (&rsa_ctx);
mbedtls_rsa_free (&rsa_ctx);
if (ret != 0)
{
DEBUG_INFO ("fail:");
DEBUG_SHORT (ret);
return -1;
}
@@ -228,6 +232,27 @@ rsa_verify (const uint8_t *pubkey, int pubkey_len,
#define RSA_EXPONENT 0x10001
struct jkiss_state { uint32_t x, y, z, c; };
static struct jkiss_state jkiss_state_v;
int prng_seed (int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng)
{
int ret;
struct jkiss_state *s = &jkiss_state_v;
MBEDTLS_MPI_CHK ( f_rng (p_rng, (unsigned char *)s, sizeof (struct jkiss_state)) );
while (s->y == 0)
MBEDTLS_MPI_CHK ( f_rng (p_rng, (unsigned char *)&s->y, sizeof (uint32_t)) );
s->z |= 1; /* avoiding z=c=0 */
cleanup:
return ret;
}
int
rsa_genkey (int pubkey_len, uint8_t *pubkey, uint8_t *p_q)
{
@@ -237,24 +262,22 @@ rsa_genkey (int pubkey_len, uint8_t *pubkey, uint8_t *p_q)
uint8_t *q = p_q + pubkey_len / 2;
int cs;
extern int prng_seed (int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng);
extern void neug_flush (void);
neug_flush ();
prng_seed (random_gen, &index);
rsa_init (&rsa_ctx, RSA_PKCS_V15, 0);
mbedtls_rsa_init (&rsa_ctx);
//clp.next = NULL;
//clp.routine = rsa_cleanup;
//clp.arg = NULL;
//chopstx_cleanup_push (&clp);
//cs = chopstx_setcancelstate (0); /* Allow cancellation. */
MPI_CHK( rsa_gen_key (&rsa_ctx, random_gen, &index, pubkey_len * 8,
MBEDTLS_MPI_CHK( mbedtls_rsa_gen_key (&rsa_ctx, random_gen, &index, pubkey_len * 8,
RSA_EXPONENT) );
MPI_CHK( mpi_write_binary (&rsa_ctx.P, p, pubkey_len / 2) );
MPI_CHK( mpi_write_binary (&rsa_ctx.Q, q, pubkey_len / 2) );
MPI_CHK( mpi_write_binary (&rsa_ctx.N, pubkey, pubkey_len) );
MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary (&rsa_ctx.P, p, pubkey_len / 2) );
MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary (&rsa_ctx.Q, q, pubkey_len / 2) );
MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary (&rsa_ctx.N, pubkey, pubkey_len) );
cleanup:
//chopstx_setcancelstate (cs);