mirrors/cosmopolitan
1
0
Fork 0
mirror of https://github.com/jart/cosmopolitan.git synced 2025-05-28 00:02:28 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Add SSL to redbean

Browse source 
Your redbean can now interoperate with clients that require TLS crypto.
This is accomplished using a protocol polyglot that lets us distinguish
between HTTP and HTTPS regardless of the port number. Certificates will
be generated automatically, if none are supplied by the user. Footprint
increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb

- Add lseek() polyfills for ZIP executable
- Automatically polyfill /tmp/FOO paths on NT
- Fix readdir() / ftw() / nftw() bugs on Windows
- Introduce -B flag for slower SSL that's stronger
- Remove mbedtls features Cosmopolitan doesn't need
- Have base64 decoder support the uri-safe alternative
- Remove Truncated HMAC because it's forbidden by the IETF
- Add all the mbedtls test suites and make them go 3x faster
- Support opendir() / readdir() / closedir() on ZIP executable
- Use Everest for ECDHE-ECDSA because it's so good it's so good
- Add tinier implementation of sha1 since it's not worth the rom
- Add chi-square monte-carlo mean correlation tests for getrandom()
- Source entropy on Windows from the proper interface everyone uses

We're continuing to outperform NGINX and other servers on raw message
throughput. Using SSL means that instead of 1,000,000 qps you can get
around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL
handshakes, since redbean can do 2,627 per second and NGINX does 4.3k

Right now, the SSL UX story works best if you give your redbean a key
signing key since that can be easily generated by openssl using a one
liner then redbean will do all the things that are impossibly hard to
do like signing ecdsa and rsa certificates that'll work in chrome. We
should integrate the let's encrypt acme protocol in the future.

Live Demo: https://redbean.justine.lol/
Root Cert: https://redbean.justine.lol/redbean1.crt
This commit is contained in:
Justine Tunney 2021-06-24 12:31:26 -07:00
parent 1beeb7a829
commit cc1920749e
1032 changed files with 152673 additions and 69310 deletions
Download patch file Download diff file Expand all files Collapse all files

441
third_party/mbedtls/pk_wrap.c vendored
View file

@ -1,5 +1,20 @@
/* clang-format off */
#include "third_party/mbedtls/asn1.h"
#include "third_party/mbedtls/asn1write.h"
#include "third_party/mbedtls/common.h"
#include "third_party/mbedtls/ecdsa.h"
#include "third_party/mbedtls/ecp.h"
#include "third_party/mbedtls/error.h"
#include "third_party/mbedtls/pk_internal.h"
#include "third_party/mbedtls/platform.h"
#include "third_party/mbedtls/rsa.h"
asm(".ident\t\"\\n\\n\
Mbed TLS (Apache 2.0)\\n\
Copyright ARM Limited\\n\
Copyright Mbed TLS Contributors\"");
asm(".include \"libc/disclaimer.inc\"");
/* clang-format off */
/*
* Public Key abstraction layer: wrapper functions
*
@ -19,46 +34,7 @@
* limitations under the License.
*/
#include "third_party/mbedtls/common.h"
#include "third_party/mbedtls/sheesh.h"
#if defined(MBEDTLS_PK_C)
#include "third_party/mbedtls/pk_internal.h"
#include "third_party/mbedtls/error.h"
/* Even if RSA not activated, for the sake of RSA-alt */
#include "third_party/mbedtls/rsa.h"
#if defined(MBEDTLS_ECP_C)
#include "third_party/mbedtls/ecp.h"
#endif
#if defined(MBEDTLS_ECDSA_C)
#include "third_party/mbedtls/ecdsa.h"
#endif
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "third_party/mbedtls/asn1write.h"
#endif
#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
#include "third_party/mbedtls/platform_util.h"
#endif
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "third_party/mbedtls/crypto.h"
#include "third_party/mbedtls/psa_util.h"
#include "third_party/mbedtls/asn1.h"
#endif
#if defined(MBEDTLS_PLATFORM_C)
#include "third_party/mbedtls/platform.h"
#else
#define mbedtls_calloc calloc
#define mbedtls_free free
#endif
#if defined(MBEDTLS_RSA_C)
static int rsa_can_do( mbedtls_pk_type_t type )
@ -80,20 +56,16 @@ static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
size_t rsa_len = mbedtls_rsa_get_len( rsa );
#if SIZE_MAX > UINT_MAX
if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len )
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
#endif /* SIZE_MAX > UINT_MAX */
if( sig_len < rsa_len )
return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
if( ( ret = mbedtls_rsa_pkcs1_verify( rsa, NULL, NULL,
MBEDTLS_RSA_PUBLIC, md_alg,
(unsigned int) hash_len, hash, sig ) ) != 0 )
return( ret );
/* The buffer contains a valid signature followed by extra data.
* We have a special error code for that so that so that callers can
* use mbedtls_pk_verify() to check "Does the buffer start with a
@ -101,7 +73,6 @@ static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
* signature?". */
if( sig_len > rsa_len )
return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );
return( 0 );
}
@ -111,14 +82,11 @@ static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
#if SIZE_MAX > UINT_MAX
if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len )
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
#endif /* SIZE_MAX > UINT_MAX */
*sig_len = mbedtls_rsa_get_len( rsa );
return( mbedtls_rsa_pkcs1_sign( rsa, f_rng, p_rng, MBEDTLS_RSA_PRIVATE,
md_alg, (unsigned int) hash_len, hash, sig ) );
}
@ -129,10 +97,8 @@ static int rsa_decrypt_wrap( void *ctx,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
if( ilen != mbedtls_rsa_get_len( rsa ) )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
return( mbedtls_rsa_pkcs1_decrypt( rsa, f_rng, p_rng,
MBEDTLS_RSA_PRIVATE, olen, input, output, osize ) );
}
@ -144,10 +110,8 @@ static int rsa_encrypt_wrap( void *ctx,
{
mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
*olen = mbedtls_rsa_get_len( rsa );
if( *olen > osize )
return( MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE );
return( mbedtls_rsa_pkcs1_encrypt( rsa, f_rng, p_rng, MBEDTLS_RSA_PUBLIC,
ilen, input, output ) );
}
@ -161,10 +125,8 @@ static int rsa_check_pair_wrap( const void *pub, const void *prv )
static void *rsa_alloc_wrap( void )
{
void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_rsa_context ) );
if( ctx != NULL )
mbedtls_rsa_init( (mbedtls_rsa_context *) ctx, 0, 0 );
return( ctx );
}
@ -179,9 +141,7 @@ static void rsa_debug( const void *ctx, mbedtls_pk_debug_item *items )
items->type = MBEDTLS_PK_DEBUG_MPI;
items->name = "rsa.N";
items->value = &( ((mbedtls_rsa_context *) ctx)->N );
items++;
items->type = MBEDTLS_PK_DEBUG_MPI;
items->name = "rsa.E";
items->value = &( ((mbedtls_rsa_context *) ctx)->E );
@ -389,10 +349,8 @@ static int eckey_check_pair( const void *pub, const void *prv )
static void *eckey_alloc_wrap( void )
{
void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ecp_keypair ) );
if( ctx != NULL )
mbedtls_ecp_keypair_init( ctx );
return( ctx );
}
@ -476,164 +434,18 @@ static int ecdsa_can_do( mbedtls_pk_type_t type )
return( type == MBEDTLS_PK_ECDSA );
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)
/*
* An ASN.1 encoded signature is a sequence of two ASN.1 integers. Parse one of
* those integers and convert it to the fixed-length encoding expected by PSA.
*/
static int extract_ecdsa_sig_int( unsigned char **from, const unsigned char *end,
unsigned char *to, size_t to_len )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t unpadded_len, padding_len;
if( ( ret = mbedtls_asn1_get_tag( from, end, &unpadded_len,
MBEDTLS_ASN1_INTEGER ) ) != 0 )
{
return( ret );
}
while( unpadded_len > 0 && **from == 0x00 )
{
( *from )++;
unpadded_len--;
}
if( unpadded_len > to_len || unpadded_len == 0 )
return( MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
padding_len = to_len - unpadded_len;
memset( to, 0x00, padding_len );
memcpy( to + padding_len, *from, unpadded_len );
( *from ) += unpadded_len;
return( 0 );
}
/*
* Convert a signature from an ASN.1 sequence of two integers
* to a raw {r,s} buffer. Note: the provided sig buffer must be at least
* twice as big as int_size.
*/
static int extract_ecdsa_sig( unsigned char **p, const unsigned char *end,
unsigned char *sig, size_t int_size )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t tmp_size;
if( ( ret = mbedtls_asn1_get_tag( p, end, &tmp_size,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
return( ret );
/* Extract r */
if( ( ret = extract_ecdsa_sig_int( p, end, sig, int_size ) ) != 0 )
return( ret );
/* Extract s */
if( ( ret = extract_ecdsa_sig_int( p, end, sig + int_size, int_size ) ) != 0 )
return( ret );
return( 0 );
}
static int ecdsa_verify_wrap( void *ctx_arg, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
const unsigned char *sig, size_t sig_len )
{
mbedtls_ecdsa_context *ctx = ctx_arg;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_id_t key_id = 0;
psa_status_t status;
mbedtls_pk_context key;
int key_len;
/* see ECP_PUB_DER_MAX_BYTES in pkwrite.c */
unsigned char buf[30 + 2 * MBEDTLS_ECP_MAX_BYTES];
unsigned char *p;
mbedtls_pk_info_t pk_info = mbedtls_eckey_info;
psa_algorithm_t psa_sig_md = PSA_ALG_ECDSA_ANY;
size_t curve_bits;
psa_ecc_family_t curve =
mbedtls_ecc_group_to_psa( ctx->grp.id, &curve_bits );
const size_t signature_part_size = ( ctx->grp.nbits + 7 ) / 8;
((void) md_alg);
if( curve == 0 )
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
/* mbedtls_pk_write_pubkey() expects a full PK context;
* re-construct one to make it happy */
key.pk_info = &pk_info;
key.pk_ctx = ctx;
p = buf + sizeof( buf );
key_len = mbedtls_pk_write_pubkey( &p, buf, &key );
if( key_len <= 0 )
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
psa_set_key_type( &attributes, PSA_KEY_TYPE_ECC_PUBLIC_KEY( curve ) );
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH );
psa_set_key_algorithm( &attributes, psa_sig_md );
status = psa_import_key( &attributes,
buf + sizeof( buf ) - key_len, key_len,
&key_id );
if( status != PSA_SUCCESS )
{
ret = mbedtls_psa_err_translate_pk( status );
goto cleanup;
}
/* We don't need the exported key anymore and can
* reuse its buffer for signature extraction. */
if( 2 * signature_part_size > sizeof( buf ) )
{
ret = MBEDTLS_ERR_PK_BAD_INPUT_DATA;
goto cleanup;
}
p = (unsigned char*) sig;
if( ( ret = extract_ecdsa_sig( &p, sig + sig_len, buf,
signature_part_size ) ) != 0 )
{
goto cleanup;
}
if( psa_verify_hash( key_id, psa_sig_md,
hash, hash_len,
buf, 2 * signature_part_size )
!= PSA_SUCCESS )
{
ret = MBEDTLS_ERR_ECP_VERIFY_FAILED;
goto cleanup;
}
if( p != sig + sig_len )
{
ret = MBEDTLS_ERR_PK_SIG_LEN_MISMATCH;
goto cleanup;
}
ret = 0;
cleanup:
psa_destroy_key( key_id );
return( ret );
}
#else /* MBEDTLS_USE_PSA_CRYPTO */
static int ecdsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
const unsigned char *sig, size_t sig_len )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
((void) md_alg);
ret = mbedtls_ecdsa_read_signature( (mbedtls_ecdsa_context *) ctx,
hash, hash_len, sig, sig_len );
if( ret == MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH )
return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );
return( ret );
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
static int ecdsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
@ -681,10 +493,8 @@ static int ecdsa_sign_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
static void *ecdsa_alloc_wrap( void )
{
void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ecdsa_context ) );
if( ctx != NULL )
mbedtls_ecdsa_init( (mbedtls_ecdsa_context *) ctx );
return( ctx );
}
@ -698,10 +508,8 @@ static void ecdsa_free_wrap( void *ctx )
static void *ecdsa_rs_alloc( void )
{
void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ecdsa_restart_ctx ) );
if( ctx != NULL )
mbedtls_ecdsa_restart_init( ctx );
return( ctx );
}
@ -736,7 +544,6 @@ const mbedtls_pk_info_t mbedtls_ecdsa_info = {
};
#endif /* MBEDTLS_ECDSA_C */
#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
/*
* Support for alternative RSA-private implementations
*/
@ -749,7 +556,6 @@ static int rsa_alt_can_do( mbedtls_pk_type_t type )
static size_t rsa_alt_get_bitlen( const void *ctx )
{
const mbedtls_rsa_alt_context *rsa_alt = (const mbedtls_rsa_alt_context *) ctx;
return( 8 * rsa_alt->key_len_func( rsa_alt->key ) );
}
@ -759,16 +565,13 @@ static int rsa_alt_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
mbedtls_rsa_alt_context *rsa_alt = (mbedtls_rsa_alt_context *) ctx;
#if SIZE_MAX > UINT_MAX
if( UINT_MAX < hash_len )
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
#endif /* SIZE_MAX > UINT_MAX */
*sig_len = rsa_alt->key_len_func( rsa_alt->key );
if( *sig_len > MBEDTLS_PK_SIGNATURE_MAX_SIZE )
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
return( rsa_alt->sign_func( rsa_alt->key, f_rng, p_rng, MBEDTLS_RSA_PRIVATE,
md_alg, (unsigned int) hash_len, hash, sig ) );
}
@ -779,13 +582,10 @@ static int rsa_alt_decrypt_wrap( void *ctx,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
mbedtls_rsa_alt_context *rsa_alt = (mbedtls_rsa_alt_context *) ctx;
((void) f_rng);
((void) p_rng);
if( ilen != rsa_alt->key_len_func( rsa_alt->key ) )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
return( rsa_alt->decrypt_func( rsa_alt->key,
MBEDTLS_RSA_PRIVATE, olen, input, output, osize ) );
}
@ -797,25 +597,20 @@ static int rsa_alt_check_pair( const void *pub, const void *prv )
unsigned char hash[32];
size_t sig_len = 0;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
if( rsa_alt_get_bitlen( prv ) != rsa_get_bitlen( pub ) )
return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
memset( hash, 0x2a, sizeof( hash ) );
if( ( ret = rsa_alt_sign_wrap( (void *) prv, MBEDTLS_MD_NONE,
hash, sizeof( hash ),
sig, &sig_len, NULL, NULL ) ) != 0 )
{
return( ret );
}
if( rsa_verify_wrap( (void *) pub, MBEDTLS_MD_NONE,
hash, sizeof( hash ), sig, sig_len ) != 0 )
{
return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
}
return( 0 );
}
#endif /* MBEDTLS_RSA_C */
@ -823,10 +618,8 @@ static int rsa_alt_check_pair( const void *pub, const void *prv )
static void *rsa_alt_alloc_wrap( void )
{
void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_rsa_alt_context ) );
if( ctx != NULL )
memset( ctx, 0, sizeof( mbedtls_rsa_alt_context ) );
return( ctx );
}
@ -863,206 +656,4 @@ const mbedtls_pk_info_t mbedtls_rsa_alt_info = {
NULL,
};
#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
#if defined(MBEDTLS_USE_PSA_CRYPTO)
static void *pk_opaque_alloc_wrap( void )
{
void *ctx = mbedtls_calloc( 1, sizeof( psa_key_id_t ) );
/* no _init() function to call, an calloc() already zeroized */
return( ctx );
}
static void pk_opaque_free_wrap( void *ctx )
{
mbedtls_platform_zeroize( ctx, sizeof( psa_key_id_t ) );
mbedtls_free( ctx );
}
static size_t pk_opaque_get_bitlen( const void *ctx )
{
const psa_key_id_t *key = (const psa_key_id_t *) ctx;
size_t bits;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
if( PSA_SUCCESS != psa_get_key_attributes( *key, &attributes ) )
return( 0 );
bits = psa_get_key_bits( &attributes );
psa_reset_key_attributes( &attributes );
return( bits );
}
static int pk_opaque_can_do( mbedtls_pk_type_t type )
{
/* For now opaque PSA keys can only wrap ECC keypairs,
* as checked by setup_psa().
* Also, ECKEY_DH does not really make sense with the current API. */
return( type == MBEDTLS_PK_ECKEY ||
type == MBEDTLS_PK_ECDSA );
}
#if defined(MBEDTLS_ECDSA_C)
/*
* Simultaneously convert and move raw MPI from the beginning of a buffer
* to an ASN.1 MPI at the end of the buffer.
* See also mbedtls_asn1_write_mpi().
*
* p: pointer to the end of the output buffer
* start: start of the output buffer, and also of the mpi to write at the end
* n_len: length of the mpi to read from start
*/
static int asn1_write_mpibuf( unsigned char **p, unsigned char *start,
size_t n_len )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
if( (size_t)( *p - start ) < n_len )
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
len = n_len;
*p -= len;
memmove( *p, start, len );
/* ASN.1 DER encoding requires minimal length, so skip leading 0s.
* Neither r nor s should be 0, but as a failsafe measure, still detect
* that rather than overflowing the buffer in case of a PSA error. */
while( len > 0 && **p == 0x00 )
{
++(*p);
--len;
}
/* this is only reached if the signature was invalid */
if( len == 0 )
return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );
/* if the msb is 1, ASN.1 requires that we prepend a 0.
* Neither r nor s can be 0, so we can assume len > 0 at all times. */
if( **p & 0x80 )
{
if( *p - start < 1 )
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
*--(*p) = 0x00;
len += 1;
}
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start,
MBEDTLS_ASN1_INTEGER ) );
return( (int) len );
}
/* Transcode signature from PSA format to ASN.1 sequence.
* See ecdsa_signature_to_asn1 in ecdsa.c, but with byte buffers instead of
* MPIs, and in-place.
*
* [in/out] sig: the signature pre- and post-transcoding
* [in/out] sig_len: signature length pre- and post-transcoding
* [int] buf_len: the available size the in/out buffer
*/
static int pk_ecdsa_sig_asn1_from_psa( unsigned char *sig, size_t *sig_len,
size_t buf_len )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
const size_t rs_len = *sig_len / 2;
unsigned char *p = sig + buf_len;
MBEDTLS_ASN1_CHK_ADD( len, asn1_write_mpibuf( &p, sig + rs_len, rs_len ) );
MBEDTLS_ASN1_CHK_ADD( len, asn1_write_mpibuf( &p, sig, rs_len ) );
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &p, sig, len ) );
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &p, sig,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) );
memmove( sig, p, len );
*sig_len = len;
return( 0 );
}
#endif /* MBEDTLS_ECDSA_C */
static int pk_opaque_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
unsigned char *sig, size_t *sig_len,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
#if !defined(MBEDTLS_ECDSA_C)
((void) ctx);
((void) md_alg);
((void) hash);
((void) hash_len);
((void) sig);
((void) sig_len);
((void) f_rng);
((void) p_rng);
return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
#else /* !MBEDTLS_ECDSA_C */
const psa_key_id_t *key = (const psa_key_id_t *) ctx;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_algorithm_t alg = PSA_ALG_ECDSA( mbedtls_psa_translate_md( md_alg ) );
size_t buf_len;
psa_status_t status;
/* PSA has its own RNG */
(void) f_rng;
(void) p_rng;
/* PSA needs an output buffer of known size, but our API doesn't provide
* that information. Assume that the buffer is large enough for a
* maximal-length signature with that key (otherwise the application is
* buggy anyway). */
status = psa_get_key_attributes( *key, &attributes );
if( status != PSA_SUCCESS )
return( mbedtls_psa_err_translate_pk( status ) );
buf_len = MBEDTLS_ECDSA_MAX_SIG_LEN( psa_get_key_bits( &attributes ) );
psa_reset_key_attributes( &attributes );
if( buf_len > MBEDTLS_PK_SIGNATURE_MAX_SIZE )
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
/* make the signature */
status = psa_sign_hash( *key, alg, hash, hash_len,
sig, buf_len, sig_len );
if( status != PSA_SUCCESS )
return( mbedtls_psa_err_translate_pk( status ) );
/* transcode it to ASN.1 sequence */
return( pk_ecdsa_sig_asn1_from_psa( sig, sig_len, buf_len ) );
#endif /* !MBEDTLS_ECDSA_C */
}
const mbedtls_pk_info_t mbedtls_pk_opaque_info = {
MBEDTLS_PK_OPAQUE,
"Opaque",
pk_opaque_get_bitlen,
pk_opaque_can_do,
NULL, /* verify - will be done later */
pk_opaque_sign_wrap,
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
NULL, /* restartable verify - not relevant */
NULL, /* restartable sign - not relevant */
#endif
NULL, /* decrypt - will be done later */
NULL, /* encrypt - will be done later */
NULL, /* check_pair - could be done later or left NULL */
pk_opaque_alloc_wrap,
pk_opaque_free_wrap,
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
NULL, /* restart alloc - not relevant */
NULL, /* restart free - not relevant */
#endif
NULL, /* debug - could be done later, or even left NULL */
};
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#endif /* MBEDTLS_PK_C */