ARMmbed
/
mbed-os
mirror of https://github.com/ARMmbed/mbed-os.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
mbed-os/secure_time/crypto/secure_time_mbedtls.c

153 lines
4.2 KiB
C
Raw Permalink Blame History

/* Copyright (c) 2018 ARM Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "secure_time_crypto.h"
#include "secure_time_client_spe.h"
#include "mbed_error.h"
#include "mbedtls/pk.h"
#include "mbedtls/md.h"
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
#include <stdbool.h>
#if SECURE_TIME_ENABLED
/*
* Structure containing contexts for random number generation.
*/
typedef struct secure_time_random_ctx {
bool initialized;
mbedtls_ctr_drbg_context ctr_drbg_ctx; /* CTR_DRBG context structure. */
mbedtls_entropy_context entropy_ctx; /* Entropy context structure. */
} secure_time_random_ctx_t;
static secure_time_random_ctx_t random_ctx = {0};
static void random_ctx_init(secure_time_random_ctx_t *ctx)
{
int rc = SECURE_TIME_SUCCESS;
mbedtls_entropy_init(&(ctx->entropy_ctx));
mbedtls_ctr_drbg_init(&(ctx->ctr_drbg_ctx));
rc = mbedtls_ctr_drbg_seed(
&(ctx->ctr_drbg_ctx),
mbedtls_entropy_func,
&(ctx->entropy_ctx),
0,
0
);
if (SECURE_TIME_SUCCESS != rc) {
error("mbedtls_ctr_drbg_seed() failed! (rc=%d)", rc);
}
}
static mbedtls_md_type_t md_type_from_signature_alg(SignatureAlg alg)
{
switch(alg) {
case SIGNATURE_ALG_SHA256_ECDSA:
return MBEDTLS_MD_SHA256;
default:
return MBEDTLS_MD_NONE;
}
}
static mbedtls_pk_type_t pk_type_from_signature_alg(SignatureAlg alg)
{
switch(alg) {
case SIGNATURE_ALG_SHA256_ECDSA:
return MBEDTLS_PK_ECDSA;
default:
return MBEDTLS_PK_NONE;
}
}
static void calculate_hash(
const void *data,
size_t data_size,
mbedtls_md_type_t md_type,
uint8_t *hash
)
{
int rc = SECURE_TIME_SUCCESS;
const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(md_type);
if (NULL == md_info) {
error("mbedtls_md_info_from_type() returned NULL!");
}
rc = mbedtls_md(md_info, data, data_size, hash);
if (SECURE_TIME_SUCCESS != rc) {
error("mbedtls_md() failed! (rc=%d)", rc);
}
}
int32_t secure_time_verify_signature(
const void *data,
size_t data_size,
const void *sign,
size_t sign_size,
const void *pubkey,
size_t pubkey_size
)
{
int rc = SECURE_TIME_SUCCESS;
uint8_t hash[MBEDTLS_MD_MAX_SIZE];
mbedtls_pk_context pubkey_ctx = {0};
mbedtls_md_type_t md_type = md_type_from_signature_alg(SIGNATURE_ALG_SHA256_ECDSA);
mbedtls_pk_type_t pk_type = pk_type_from_signature_alg(SIGNATURE_ALG_SHA256_ECDSA);
if ((MBEDTLS_MD_NONE == md_type) || (MBEDTLS_PK_NONE == pk_type)) {
error("Failed to determine the signature algorithm!");
}
calculate_hash(data, data_size, md_type, hash);
mbedtls_pk_init(&pubkey_ctx);
rc = mbedtls_pk_parse_public_key(&pubkey_ctx, pubkey, pubkey_size);
if (0 != rc) {
error("Failed to parse public key! (rc=%d)", rc);
}
if (!mbedtls_pk_can_do(&pubkey_ctx, pk_type)) {
error("Unable to verify signature");
}
rc = mbedtls_pk_verify(&pubkey_ctx, md_type, hash, 0, sign, sign_size);
if (SECURE_TIME_SUCCESS != rc) {
rc = SECURE_TIME_SIGNATURE_VERIFICATION_FAILED;
}
mbedtls_pk_free(&pubkey_ctx);
return rc;
}
void secure_time_generate_random_bytes(size_t size, void *random_buf)
{
int rc = SECURE_TIME_SUCCESS;
if (false == random_ctx.initialized) {
random_ctx_init(&random_ctx);
random_ctx.initialized = true;
}
rc = mbedtls_ctr_drbg_random(&(random_ctx.ctr_drbg_ctx), random_buf, size);
if (SECURE_TIME_SUCCESS != rc) {
error("mbedtls_ctr_drbg_random() failed! (rc=%d)", rc);
}
}
#endif // SECURE_TIME_ENABLED
Reference in New Issue View Git Blame Copy Permalink