Narcissus/shredos.x86_64
2
0
Fork 1
mirror of https://github.com/PartialVolume/shredos.x86_64.git synced 2026-02-20 09:35:26 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
7e198a902eacdc94fcfee52536c192dba854af82
shredos.x86_64/package/bmx7/0004-support-mbedtls-2-8-0-without-mbedtls-compat-1-3.patch
PartialVolume c525a2ff71 Updated ShredOS to Buildroot 2025.11, kernel 6.18.0
2026-01-06 22:53:29 +00:00

787 lines
28 KiB
Diff
Raw Blame History

From a47d8d55717a74a2b399c612dc5a17df8d039125 Mon Sep 17 00:00:00 2001
From: Axel Neumann <axel@notmail.org>
Date: Fri, 17 May 2024 07:07:00 +0200
Subject: [PATCH] Support mbedtls-2.8.0 without mbedtls/compat-1.3.h . Purge
Polarssl support
Upstream: https://github.com/bmx-routing/bmx7/commit/a47d8d55717a74a2b399c612dc5a17df8d039125
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
---
src/crypt.c | 357 +++++++++++++++++-----------------------------------
src/crypt.h | 11 +-
2 files changed, 115 insertions(+), 253 deletions(-)
diff --git a/src/crypt.c b/src/crypt.c
index 004b8e7..9270b75 100644
--- a/src/crypt.c
+++ b/src/crypt.c
@@ -37,34 +37,17 @@ static uint8_t shaClean = NO;
static CRYPTRSA_T *my_PrivKey = NULL;
-#if (CRYPTLIB >= POLARSSL_MIN && CRYPTLIB <= POLARSSL_MAX) || (CRYPTLIB >= MBEDTLS_MIN && CRYPTLIB <= MBEDTLS_MAX)
-
-#if (CRYPTLIB >= POLARSSL_MIN && CRYPTLIB <= POLARSSL_MAX)
-/******************* accessing polarssl: *************************************/
-#include "polarssl/config.h"
-#include "polarssl/sha256.h"
-
-#include "polarssl/entropy.h"
-//#include "polarssl/entropy_poll.h"
-
-#include "polarssl/error.h"
-#include "polarssl/md.h"
-#include "polarssl/dhm.h"
-#include "polarssl/rsa.h"
-#include "polarssl/ctr_drbg.h"
-
-#include "polarssl/x509.h"
-#if CRYPTLIB <= POLARSSL_1_2_9
-#include "polarssl/x509write.h"
-#elif CRYPTLIB >= POLARSSL_1_3_3
-#include "polarssl/pk.h"
-#endif
-#elif (CRYPTLIB >= MBEDTLS_MIN && CRYPTLIB <= MBEDTLS_MAX)
+#if (CRYPTLIB >= MBEDTLS_MIN && CRYPTLIB <= MBEDTLS_MAX)
/******************* accessing mbedtls: *************************************/
-#include "mbedtls/compat-1.3.h"
+#if (CRYPTLIB >= MBEDTLS_2_8_0 && CRYPTLIB < MBEDTLS_3_0_0)
+//#include "mbedtls/compat-1.3.h"
#include "mbedtls/config.h"
+#elif (CRYPTLIB >= MBEDTLS_3_0_0 && CRYPTLIB < MBEDTLS_MAX)
+#include "mbedtls/compat-2.x.h"
+#endif
+
#include "mbedtls/sha256.h"
#include "mbedtls/entropy.h"
#include "mbedtls/error.h"
@@ -75,10 +58,10 @@ static CRYPTRSA_T *my_PrivKey = NULL;
#endif
-static entropy_context entropy_ctx;
-static ctr_drbg_context ctr_drbg;
+static mbedtls_entropy_context entropy_ctx;
+static mbedtls_ctr_drbg_context ctr_drbg;
+static mbedtls_sha256_context sha_ctx;
-static sha256_context sha_ctx;
uint8_t cryptDhmKeyTypeByLen(int len)
{
@@ -111,7 +94,7 @@ void cryptDhmKeyFree(CRYPTDHM_T **cryptKey)
return;
if ((*cryptKey)->backendKey) {
- dhm_free((dhm_context*) ((*cryptKey)->backendKey));
+ mbedtls_dhm_free((mbedtls_dhm_context*) ((*cryptKey)->backendKey));
debugFree((*cryptKey)->backendKey, -300828);
}
@@ -129,25 +112,25 @@ void cryptDhmKeyFree(CRYPTDHM_T **cryptKey)
* http://www.cl.cam.ac.uk/~rja14/Papers/psandqs.pdf
* http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2643
*/
-static int _cryptDhmCheckRange(const mpi *param, const mpi *P)
+static int _cryptDhmCheckRange(const mbedtls_mpi *param, const mbedtls_mpi *P)
{
- mpi L, U;
+ mbedtls_mpi L, U;
int ret = FAILURE; //POLARSSL_ERR_DHM_BAD_INPUT_DATA;
- mpi_init(&L);
- mpi_init(&U);
+ mbedtls_mpi_init(&L);
+ mbedtls_mpi_init(&U);
if (
- mpi_lset(&L, 2) == 0 &&
- mpi_sub_int(&U, P, 2) == 0 &&
- mpi_cmp_mpi(param, &L) >= 0 &&
- mpi_cmp_mpi(param, &U) <= 0) {
+ mbedtls_mpi_lset(&L, 2) == 0 &&
+ mbedtls_mpi_sub_int(&U, P, 2) == 0 &&
+ mbedtls_mpi_cmp_mpi(param, &L) >= 0 &&
+ mbedtls_mpi_cmp_mpi(param, &U) <= 0) {
ret = SUCCESS;
}
- mpi_free(&L);
- mpi_free(&U);
+ mbedtls_mpi_free(&L);
+ mbedtls_mpi_free(&U);
return( ret);
}
@@ -158,20 +141,12 @@ CRYPTDHM_T *cryptDhmKeyMake(uint8_t keyType, uint8_t attempt)
char *goto_error_code = NULL;
int keyLen = 0;
CRYPTDHM_T *key = debugMallocReset(sizeof(CRYPTDHM_T), -300829);
- dhm_context *dhm = debugMallocReset(sizeof(dhm_context), -300830);
-#if !(CRYPTLIB >= MBEDTLS_2_8_0 && CRYPTLIB <= MBEDTLS_MAX)
- char *pptr = NULL;
- char *gptr = NULL;
-#endif
+ mbedtls_dhm_context *dhm = debugMallocReset(sizeof(mbedtls_dhm_context), -300830);
int pSize = 0;
int xSize = 0;
int gxSize = 0;
int count = 0;
-#if CRYPTLIB >= POLARSSL_1_3_9
- // in older versions, if dhm_init() exist, it only zero-memsets the dhm context
- dhm_init(dhm);
-#endif
key->backendKey = dhm;
if (!(keyType))
@@ -179,58 +154,36 @@ CRYPTDHM_T *cryptDhmKeyMake(uint8_t keyType, uint8_t attempt)
if ((keyLen = cryptDhmKeyLenByType(keyType)) <= 0)
goto_error(finish, "Invalid size");
-#if (CRYPTLIB >= POLARSSL_MIN && CRYPTLIB <= POLARSSL_MAX)
- if (keyType == CRYPT_DHM1024_TYPE) {
- pptr = POLARSSL_DHM_RFC5114_MODP_1024_P;
- gptr = POLARSSL_DHM_RFC5114_MODP_1024_G;
- } else if (keyType == CRYPT_DHM2048_TYPE) {
- pptr = POLARSSL_DHM_RFC3526_MODP_2048_P;
- gptr = POLARSSL_DHM_RFC3526_MODP_2048_G;
- } else if (keyType == CRYPT_DHM3072_TYPE) {
- pptr = POLARSSL_DHM_RFC3526_MODP_3072_P;
- gptr = POLARSSL_DHM_RFC3526_MODP_3072_G;
-#elif (CRYPTLIB >= MBEDTLS_MIN && CRYPTLIB < MBEDTLS_2_8_0)
- if (keyType == CRYPT_DHM2048_TYPE) {
- pptr = MBEDTLS_DHM_RFC3526_MODP_2048_P;
- gptr = MBEDTLS_DHM_RFC3526_MODP_2048_G;
- } else if (keyType == CRYPT_DHM3072_TYPE) {
- pptr = MBEDTLS_DHM_RFC3526_MODP_3072_P;
- gptr = MBEDTLS_DHM_RFC3526_MODP_3072_G;
-#elif (CRYPTLIB >= MBEDTLS_2_8_0 && CRYPTLIB <= MBEDTLS_MAX)
if (keyType == CRYPT_DHM2048_TYPE) {
static const unsigned char modp2048P[(2048/8)] = MBEDTLS_DHM_RFC3526_MODP_2048_P_BIN;
static const unsigned char modp2048G[1] = MBEDTLS_DHM_RFC3526_MODP_2048_G_BIN;
- if ((ret = mpi_read_binary(&dhm->P, modp2048P, sizeof(modp2048P) )) != 0 || (ret = mpi_read_binary(&dhm->G, modp2048G, sizeof(modp2048G))) != 0)
- goto_error(finish, "Failed setting dhm parameters!");
+
+ if ((ret = mbedtls_mpi_read_binary(&dhm->P, modp2048P, sizeof(modp2048P) )) != 0 || (ret = mbedtls_mpi_read_binary(&dhm->G, modp2048G, sizeof(modp2048G))) != 0)
+ goto_error(finish, "Failed reading dhm2048 parameters!");
} else if (keyType == CRYPT_DHM3072_TYPE) {
static const unsigned char modp3072P[(3072/8)] = MBEDTLS_DHM_RFC3526_MODP_3072_P_BIN;
static const unsigned char modp3072G[1] = MBEDTLS_DHM_RFC3526_MODP_3072_G_BIN;
- if ((ret = mpi_read_binary(&dhm->P, modp3072P, sizeof(modp3072P) )) != 0 || (ret = mpi_read_binary(&dhm->G, modp3072G, sizeof(modp3072G))) != 0)
- goto_error(finish, "Failed setting dhm parameters!");
-#endif
+ if ((ret = mbedtls_mpi_read_binary(&dhm->P, modp3072P, sizeof(modp3072P) )) != 0 || (ret = mbedtls_mpi_read_binary(&dhm->G, modp3072G, sizeof(modp3072G))) != 0)
+ goto_error(finish, "Failed reading dhm3072 parameters!");
} else {
goto_error(finish, "Unsupported dhm type!");
}
-#if !(CRYPTLIB >= MBEDTLS_2_8_0 && CRYPTLIB <= MBEDTLS_MAX)
- if ((ret = mpi_read_string(&dhm->P, 16, pptr)) != 0 || (ret = mpi_read_string(&dhm->G, 16, gptr)) != 0)
- goto_error(finish, "Failed setting dhm parameters!");
-#endif
- if (mpi_cmp_int(&dhm->P, 0) == 0)
+ if (mbedtls_mpi_cmp_int(&dhm->P, 0) == 0)
goto_error(finish, "Empty dhm->P");
// Generate X as large as possible ( < P )
- if ((pSize = mpi_size(&dhm->P)) != keyLen)
+ if ((pSize = mbedtls_mpi_size(&dhm->P)) != keyLen)
goto_error(finish, "Invalid P size");
do {
- if ((ret = mpi_fill_random(&dhm->X, pSize, ctr_drbg_random, &ctr_drbg)) != 0)
+ if ((ret = mbedtls_mpi_fill_random(&dhm->X, pSize, mbedtls_ctr_drbg_random, &ctr_drbg)) != 0)
goto_error(finish, "Failed allocating randomness");
- while (mpi_cmp_mpi(&dhm->X, &dhm->P) >= 0) {
- if ((ret = mpi_shift_r(&dhm->X, 1)) != 0)
+ while (mbedtls_mpi_cmp_mpi(&dhm->X, &dhm->P) >= 0) {
+ if ((ret = mbedtls_mpi_shift_r(&dhm->X, 1)) != 0)
goto_error(finish, "Failed shifting dhm->X param");
}
@@ -240,13 +193,13 @@ CRYPTDHM_T *cryptDhmKeyMake(uint8_t keyType, uint8_t attempt)
} while ((ret = _cryptDhmCheckRange(&dhm->X, &dhm->P)) != SUCCESS);
// Calculate GX = G^X mod P
- if (mpi_exp_mod(&dhm->GX, &dhm->G, &dhm->X, &dhm->P, &dhm->RP) != 0)
+ if (mbedtls_mpi_exp_mod(&dhm->GX, &dhm->G, &dhm->X, &dhm->P, &dhm->RP) != 0)
goto_error(finish, "Failed creating GX modulo");
- if (((int) (dhm->len = mpi_size(&dhm->P))) != keyLen)
+ if (((int) (dhm->len = mbedtls_mpi_size(&dhm->P))) != keyLen)
goto_error(finish, "Invalid len");
- if ((xSize = mpi_size(&dhm->X)) != keyLen)
+ if ((xSize = mbedtls_mpi_size(&dhm->X)) != keyLen)
goto_error(finish, "Invalid X size");
- if ((gxSize = mpi_size(&dhm->GX)) != keyLen)
+ if ((gxSize = mbedtls_mpi_size(&dhm->GX)) != keyLen)
goto_error(finish, "Invalid GX size");
if ((ret = _cryptDhmCheckRange(&dhm->GX, &dhm->P)) != SUCCESS)
goto_error(finish, "Invalid GX range");
@@ -277,19 +230,19 @@ void cryptDhmPubKeyGetRaw(CRYPTDHM_T* key, uint8_t* buff, uint16_t buffLen)
assertion_dbg(-502719, (key && buff && buffLen && key->rawGXType && buffLen == key->rawGXLen),
"Failed: key=%d buff=%d buffLen=%d key.GXLen=%d", !!key, !!buff, buffLen, key ? key->rawGXLen : 0);
- dhm_context *dhm = key->backendKey;
+ mbedtls_dhm_context *dhm = key->backendKey;
- assertion_dbg(-502720, (dhm && buffLen == mpi_size(&dhm->GX) && buffLen == dhm->len),
- "Failed: dhm.GXlen=%zd dhm.len=%zd", dhm ? mpi_size(&dhm->GX) : 0, dhm ? dhm->len : 0);
+ assertion_dbg(-502720, (dhm && buffLen == mbedtls_mpi_size(&dhm->GX) && buffLen == dhm->len),
+ "Failed: dhm.GXlen=%zd dhm.len=%zd", dhm ? mbedtls_mpi_size(&dhm->GX) : 0, dhm ? dhm->len : 0);
- mpi_write_binary(&dhm->GX, buff, key->rawGXLen);
+ mbedtls_mpi_write_binary(&dhm->GX, buff, key->rawGXLen);
}
STATIC_FUNC
IDM_T cryptDhmKeyCheck(CRYPTDHM_T *key)
{
char *goto_error_code = NULL;
- dhm_context *dhm = NULL;
+ mbedtls_dhm_context *dhm = NULL;
uint8_t keyType = 0;
int keyLen = 0;
int pSize = 0;
@@ -297,7 +250,7 @@ IDM_T cryptDhmKeyCheck(CRYPTDHM_T *key)
int gxSize = 0;
int gySize = 0;
- if (!(dhm = (dhm_context *) key->backendKey))
+ if (!(dhm = (mbedtls_dhm_context *) key->backendKey))
goto_error(finish, "Missing backend key");
if (!(keyType = key->rawGXType))
goto_error(finish, "Missing type");
@@ -305,13 +258,13 @@ IDM_T cryptDhmKeyCheck(CRYPTDHM_T *key)
goto_error(finish, "Invalid size");
if ((int) dhm->len != keyLen)
goto_error(finish, "Invalid len");
- if ((pSize = mpi_size(&dhm->P)) != keyLen)
+ if ((pSize = mbedtls_mpi_size(&dhm->P)) != keyLen)
goto_error(finish, "Invalid P size");
- if ((xSize = mpi_size(&dhm->X)) != keyLen)
+ if ((xSize = mbedtls_mpi_size(&dhm->X)) != keyLen)
goto_error(finish, "Invalid X size");
- if ((gxSize = mpi_size(&dhm->GX)) != keyLen)
+ if ((gxSize = mbedtls_mpi_size(&dhm->GX)) != keyLen)
goto_error(finish, "Invalid GX size");
- if ((gySize = mpi_size(&dhm->GY)) != keyLen)
+ if ((gySize = mbedtls_mpi_size(&dhm->GY)) != keyLen)
goto_error(finish, "Invalid GY size");
if (_cryptDhmCheckRange(&dhm->GX, &dhm->P) != SUCCESS)
goto_error(finish, "Invalid GX range");
@@ -333,7 +286,7 @@ CRYPTSHA_T *cryptDhmSecretForNeigh(CRYPTDHM_T *myDhm, uint8_t *neighRawKey, uint
uint8_t keyType = 0;
int ret = 0;
CRYPTSHA_T *secret = NULL;
- dhm_context *dhm = NULL;
+ mbedtls_dhm_context *dhm = NULL;
uint8_t buff[CRYPT_DHM_MAX_LEN];
size_t n = 0;
@@ -343,17 +296,13 @@ CRYPTSHA_T *cryptDhmSecretForNeigh(CRYPTDHM_T *myDhm, uint8_t *neighRawKey, uint
if (((keyType = cryptDhmKeyTypeByLen(neighRawKeyLen)) != myDhm->rawGXType) || ((n = dhm->len) != neighRawKeyLen) || (sizeof(buff) < neighRawKeyLen))
goto_error(finish, "Wrong type or keyLength");
- if ((ret = mpi_read_binary(&dhm->GY, neighRawKey, neighRawKeyLen)) != 0)
+ if ((ret = mbedtls_mpi_read_binary(&dhm->GY, neighRawKey, neighRawKeyLen)) != 0)
goto_error(finish, "Invalid GY");
if (cryptDhmKeyCheck(myDhm) != SUCCESS)
goto_error(finish, "Failed key check");
-#if (CRYPTLIB >= POLARSSL_MIN && CRYPTLIB <= POLARSSL_MAX)
- if ((ret = dhm_calc_secret(dhm, buff, &n, ctr_drbg_random, &ctr_drbg)) != 0)
-#elif (CRYPTLIB >= MBEDTLS_MIN && CRYPTLIB <= MBEDTLS_MAX)
- if ((ret = dhm_calc_secret(dhm, buff, sizeof(buff), &n, ctr_drbg_random, &ctr_drbg)) != 0)
-#endif
+ if ((ret = mbedtls_dhm_calc_secret(dhm, buff, sizeof(buff), &n, mbedtls_ctr_drbg_random, &ctr_drbg)) != 0)
goto_error(finish, "Failed calculating secret");
if (n > neighRawKeyLen || n < ((neighRawKeyLen / 4)*3))
@@ -368,8 +317,8 @@ CRYPTSHA_T *cryptDhmSecretForNeigh(CRYPTDHM_T *myDhm, uint8_t *neighRawKey, uint
dbgf(((goto_error_code || n != neighRawKeyLen) ? DBGL_SYS : DBGL_CHANGES), ((goto_error_code || n != neighRawKeyLen) ? DBGT_WARN : DBGT_INFO),
"%s n=%zd neighKeyLen=%d myKeyLen=%d", goto_error_code, n, neighRawKeyLen, myDhm->rawGXLen);
- mpi_free(&dhm->GY);
- mpi_free(&dhm->K);
+ mbedtls_mpi_free(&dhm->GY);
+ mbedtls_mpi_free(&dhm->K);
memset(buff, 0, sizeof(buff));
return secret; }
}
@@ -381,14 +330,10 @@ void cryptRsaKeyFree(CRYPTRSA_T **cryptKey)
return;
if ((*cryptKey)->backendKey) {
- rsa_free((rsa_context*) ((*cryptKey)->backendKey));
+ mbedtls_rsa_free((mbedtls_rsa_context*) ((*cryptKey)->backendKey));
debugFree((*cryptKey)->backendKey, -300612);
}
- // if ((*cryptKey)->__rawKey) {
- // debugFree((*cryptKey)->__rawKey, -300613);
- // }
-
debugFree((*cryptKey), -300614);
*cryptKey = NULL;
@@ -397,15 +342,15 @@ void cryptRsaKeyFree(CRYPTRSA_T **cryptKey)
int cryptRsaPubKeyGetRaw(CRYPTRSA_T *key, uint8_t *buff, uint16_t buffLen)
{
- rsa_context *rsa;
+ mbedtls_rsa_context *rsa;
if (!key || !buff || !buffLen ||
!key->rawKeyType || (buffLen != key->rawKeyLen) ||
- !(rsa = (rsa_context*) key->backendKey) || buffLen != mpi_size(&rsa->N) || buffLen != rsa->len) {
+ !(rsa = (mbedtls_rsa_context*) key->backendKey) || buffLen != mbedtls_mpi_size(&rsa->N) || buffLen != rsa->len) {
return FAILURE;
}
- if (mpi_write_binary(&rsa->N, buff, buffLen) != 0)
+ if (mbedtls_mpi_write_binary(&rsa->N, buff, buffLen) != 0)
return FAILURE;
return SUCCESS;
@@ -420,16 +365,16 @@ CRYPTRSA_T *cryptRsaPubKeyFromRaw(uint8_t *rawKey, uint16_t rawKeyLen)
CRYPTRSA_T *cryptKey = debugMallocReset(sizeof(CRYPTRSA_T), -300615);
- cryptKey->backendKey = debugMalloc(sizeof(rsa_context), -300620);
+ cryptKey->backendKey = debugMalloc(sizeof(mbedtls_rsa_context), -300620);
- rsa_context *rsa = (rsa_context*) cryptKey->backendKey;
+ mbedtls_rsa_context *rsa = (mbedtls_rsa_context*) cryptKey->backendKey;
- rsa_init(rsa, RSA_PKCS_V15, 0);
+ mbedtls_rsa_init(rsa, MBEDTLS_RSA_PKCS_V15, 0);
if (
- (mpi_read_binary(&rsa->N, rawKey, rawKeyLen)) ||
- (mpi_read_binary(&rsa->E, (uint8_t*) & e, sizeof(e)))
+ (mbedtls_mpi_read_binary(&rsa->N, rawKey, rawKeyLen)) ||
+ (mbedtls_mpi_read_binary(&rsa->E, (uint8_t*) & e, sizeof(e)))
) {
cryptRsaKeyFree(&cryptKey);
return NULL;
@@ -439,7 +384,6 @@ CRYPTRSA_T *cryptRsaPubKeyFromRaw(uint8_t *rawKey, uint16_t rawKeyLen)
cryptKey->rawKeyLen = rawKeyLen;
cryptKey->rawKeyType = cryptRsaKeyTypeByLen(rawKeyLen);
-
#ifdef EXTREME_PARANOIA
uint8_t buff[rawKeyLen];
memset(buff, 0, rawKeyLen);
@@ -448,10 +392,6 @@ CRYPTRSA_T *cryptRsaPubKeyFromRaw(uint8_t *rawKey, uint16_t rawKeyLen)
assertion(-502722, (memcmp(rawKey, buff, rawKeyLen) == 0));
#endif
-
- // cryptKey->__rawKey = debugMalloc(rawKeyLen,-300618);
- // memcpy(cryptKey->__rawKey, rawKey, rawKeyLen);
-
return cryptKey;
}
@@ -460,10 +400,10 @@ int cryptRsaPubKeyCheck(CRYPTRSA_T *pubKey)
assertion(-502141, (pubKey));
assertion(-502142, (pubKey->backendKey));
- rsa_context *rsa = (rsa_context*) pubKey->backendKey;
+ mbedtls_rsa_context *rsa = (mbedtls_rsa_context*) pubKey->backendKey;
- if (!rsa->len || (int) rsa->len != cryptRsaKeyLenByType(pubKey->rawKeyType) || rsa->len != pubKey->rawKeyLen || rsa->len != mpi_size(&rsa->N) ||
- rsa_check_pubkey((rsa_context*) pubKey->backendKey)) {
+ if (!rsa->len || (int) rsa->len != cryptRsaKeyLenByType(pubKey->rawKeyType) || rsa->len != pubKey->rawKeyLen || rsa->len != mbedtls_mpi_size(&rsa->N) ||
+ mbedtls_rsa_check_pubkey((mbedtls_rsa_context*) pubKey->backendKey)) {
return FAILURE;
}
@@ -512,48 +452,35 @@ CRYPTRSA_T *cryptRsaKeyFromDer(char *keyPath)
CRYPTRSA_T *privKey = debugMallocReset(sizeof(CRYPTRSA_T), -300619);
CRYPTRSA_T *pubKey = NULL;
- privKey->backendKey = debugMallocReset(sizeof(rsa_context), -300620);
+ privKey->backendKey = debugMallocReset(sizeof(mbedtls_rsa_context), -300620);
- rsa_context *rsa = privKey->backendKey;
+ mbedtls_rsa_context *rsa = privKey->backendKey;
int ret = 0;
int keyType = 0;
int keyLen = 0;
uint8_t keyBuff[CRYPT_RSA_MAX_LEN];
-#if CRYPTLIB <= POLARSSL_1_2_9
- if (
- (ret = x509parse_keyfile(rsa, keyPath, "")) ||
- (ret = rsa_check_privkey(rsa))
- ) {
- dbgf_sys(DBGT_ERR, "failed opening private key=%s err=%d", keyPath, ret);
- cryptRsaKeyFree(&privKey);
- return NULL;
- }
-#elif CRYPTLIB >= POLARSSL_1_3_3
- pk_context pk;
- pk_init(&pk);
- rsa_init(rsa, RSA_PKCS_V15, 0);
+ mbedtls_pk_context pk;
+ mbedtls_pk_init(&pk);
+ mbedtls_rsa_init(rsa, MBEDTLS_RSA_PKCS_V15, 0);
if (
- ((ret = pk_parse_keyfile(&pk, keyPath, "")) != 0) ||
- ((ret = rsa_copy(rsa, pk_rsa(pk))) != 0) ||
- ((ret = rsa_check_privkey(rsa)) != 0)
+ ((ret = mbedtls_pk_parse_keyfile(&pk, keyPath, "")) != 0) ||
+ ((ret = mbedtls_rsa_copy(rsa, mbedtls_pk_rsa(pk))) != 0) ||
+ ((ret = mbedtls_rsa_check_privkey(rsa)) != 0)
) {
dbgf_sys(DBGT_ERR, "failed opening private key=%s keyLen=%d keyType=%d err=-%X", keyPath, keyLen, keyType, -ret);
- pk_free(&pk);
+ mbedtls_pk_free(&pk);
cryptRsaKeyFree(&privKey);
return NULL;
}
- pk_free(&pk);
+ mbedtls_pk_free(&pk);
-#else
-#error "Please fix CRYPTLIB"
-#endif
//cryptKeyAddRaw(ckey);
if (
- ((keyLen = mpi_size(&rsa->N)) <= 0) ||
+ ((keyLen = mbedtls_mpi_size(&rsa->N)) <= 0) ||
!(keyType = cryptRsaKeyTypeByLen(keyLen)) ||
!(privKey->rawKeyType = keyType) ||
!(privKey->rawKeyLen = keyLen) ||
@@ -595,29 +522,16 @@ int cryptRsaKeyMakeDer(int32_t keyType, char *path)
memset(derBuf, 0, CRYPT_DER_BUF_SZ);
-#if CRYPTLIB <= POLARSSL_1_2_9
- rsa_context rsa;
- rsa_init(&rsa, RSA_PKCS_V15, 0);
+ mbedtls_pk_context pk;
+ mbedtls_pk_init(&pk);
+ mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA));
- if ((ret = rsa_gen_key(&rsa, ctr_drbg_random, &ctr_drbg, keyBitSize, CRYPT_KEY_E_VAL)))
+ if ((ret = mbedtls_rsa_gen_key(mbedtls_pk_rsa(pk), mbedtls_ctr_drbg_random, &ctr_drbg, keyBitSize, CRYPT_KEY_E_VAL)) ||
+ (ret = mbedtls_rsa_check_privkey(mbedtls_pk_rsa(pk))))
goto_error(finish, "Failed making rsa key! ret=%d");
- if ((derSz = x509_write_key_der(derBuf, sizeof(derBuf), &rsa)) < 0)
+ if ((derSz = mbedtls_pk_write_key_der(&pk, derBuf, sizeof(derBuf))) <= 0)
goto_error(finish, "Failed translating rsa key to der! derSz=%d");
-#elif CRYPTLIB >= POLARSSL_1_3_3
- pk_context pk;
- pk_init(&pk);
- pk_init_ctx(&pk, pk_info_from_type(POLARSSL_PK_RSA));
-
- if ((ret = rsa_gen_key(pk_rsa(pk), ctr_drbg_random, &ctr_drbg, keyBitSize, CRYPT_KEY_E_VAL)) ||
- (ret = rsa_check_privkey(pk_rsa(pk))))
- goto_error(finish, "Failed making rsa key! ret=%d");
-
- if ((derSz = pk_write_key_der(&pk, derBuf, sizeof(derBuf))) <= 0)
- goto_error(finish, "Failed translating rsa key to der! derSz=%d");
-#else
-#error "Please fix CRYPTLIB"
-#endif
unsigned char *derStart = derBuf + sizeof(derBuf) - derSz;
@@ -629,13 +543,7 @@ int cryptRsaKeyMakeDer(int32_t keyType, char *path)
{
memset(derBuf, 0, CRYPT_DER_BUF_SZ);
-#if CRYPTLIB <= POLARSSL_1_2_9
- rsa_free(&rsa);
-#elif CRYPTLIB >= POLARSSL_1_3_3
- pk_free(&pk);
-#else
-#error "Please fix CRYPTLIB"
-#endif
+ mbedtls_pk_free(&pk);
if (keyFile)
fclose(keyFile);
@@ -656,10 +564,10 @@ CRYPTRSA_T *cryptRsaKeyMake(uint8_t keyType)
char *goto_error_code = NULL;
CRYPTRSA_T *key = debugMallocReset(sizeof(CRYPTRSA_T), -300642);
- rsa_context *rsa = debugMallocReset(sizeof(rsa_context), -300643);
- rsa_init(rsa, RSA_PKCS_V15, 0);
+ mbedtls_rsa_context *rsa = debugMallocReset(sizeof(mbedtls_rsa_context), -300643);
+ mbedtls_rsa_init(rsa, MBEDTLS_RSA_PKCS_V15, 0);
- if ((ret = rsa_gen_key(rsa, ctr_drbg_random, &ctr_drbg, (keyLen * 8), CRYPT_KEY_E_VAL)))
+ if ((ret = mbedtls_rsa_gen_key(rsa, mbedtls_ctr_drbg_random, &ctr_drbg, (keyLen * 8), CRYPT_KEY_E_VAL)))
goto_error(finish, "Failed making rsa key!");
key->backendKey = rsa;
@@ -679,17 +587,17 @@ CRYPTRSA_T *cryptRsaKeyMake(uint8_t keyType)
return key; }
}
-#endif
+
int cryptRsaEncrypt(uint8_t *in, size_t inLen, uint8_t *out, size_t *outLen, CRYPTRSA_T *pubKey)
{
- rsa_context *pk = pubKey->backendKey;
+ mbedtls_rsa_context *pk = pubKey->backendKey;
- assertion(-502723, (mpi_size(&pk->N) == pubKey->rawKeyLen));
+ assertion(-502723, (mbedtls_mpi_size(&pk->N) == pubKey->rawKeyLen));
assertion(-502145, (*outLen >= pubKey->rawKeyLen));
- if (rsa_pkcs1_encrypt(pk, ctr_drbg_random, &ctr_drbg, RSA_PUBLIC, inLen, in, out))
+ if (mbedtls_rsa_pkcs1_encrypt(pk, mbedtls_ctr_drbg_random, &ctr_drbg, MBEDTLS_RSA_PUBLIC, inLen, in, out))
return FAILURE;
*outLen = pubKey->rawKeyLen;
@@ -701,19 +609,12 @@ int cryptRsaEncrypt(uint8_t *in, size_t inLen, uint8_t *out, size_t *outLen, CRY
int cryptRsaDecrypt(uint8_t *in, size_t inLen, uint8_t *out, size_t *outLen)
{
- rsa_context *pk = my_PrivKey->backendKey;
+ mbedtls_rsa_context *pk = my_PrivKey->backendKey;
- assertion(-502724, (mpi_size(&pk->N) == my_PrivKey->rawKeyLen));
+ assertion(-502724, (mbedtls_mpi_size(&pk->N) == my_PrivKey->rawKeyLen));
assertion(-502146, (inLen >= my_PrivKey->rawKeyLen));
-#if CRYPTLIB == POLARSSL_1_2_5
- if (rsa_pkcs1_decrypt(pk, RSA_PRIVATE, &inLen, in, out, *outLen))
+ if (mbedtls_rsa_pkcs1_decrypt(pk, mbedtls_ctr_drbg_random, &ctr_drbg, MBEDTLS_RSA_PRIVATE, &inLen, in, out, *outLen))
return FAILURE;
-#elif CRYPTLIB >= POLARSSL_1_2_9
- if (rsa_pkcs1_decrypt(pk, ctr_drbg_random, &ctr_drbg, RSA_PRIVATE, &inLen, in, out, *outLen))
- return FAILURE;
-#else
-#error "Please fix CRYPTLIB"
-#endif
*outLen = inLen;
return SUCCESS;
@@ -725,20 +626,13 @@ int cryptRsaSign(CRYPTSHA_T *inSha, uint8_t *out, size_t outLen, CRYPTRSA_T *cry
if (!cryptKey)
cryptKey = my_PrivKey;
- rsa_context *pk = cryptKey->backendKey;
+ mbedtls_rsa_context *pk = cryptKey->backendKey;
if (outLen < cryptKey->rawKeyLen)
return FAILURE;
-#if CRYPTLIB <= POLARSSL_1_2_9
- if (rsa_pkcs1_sign(pk, ctr_drbg_random, &ctr_drbg, RSA_PRIVATE, SIG_RSA_SHA224, sizeof(CRYPTSHA_T), (uint8_t*) inSha, out))
+ if (mbedtls_rsa_pkcs1_sign(pk, mbedtls_ctr_drbg_random, &ctr_drbg, MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_SHA224, sizeof(CRYPTSHA_T), (uint8_t*) inSha, out))
return FAILURE;
-#elif CRYPTLIB >= POLARSSL_1_3_3
- if (rsa_pkcs1_sign(pk, ctr_drbg_random, &ctr_drbg, RSA_PRIVATE, POLARSSL_MD_SHA224, sizeof(CRYPTSHA_T), (uint8_t*) inSha, out))
- return FAILURE;
-#else
-#error "Please fix CRYPTLIB"
-#endif
return SUCCESS;
}
@@ -746,23 +640,12 @@ int cryptRsaSign(CRYPTSHA_T *inSha, uint8_t *out, size_t outLen, CRYPTRSA_T *cry
int cryptRsaVerify(uint8_t *sign, size_t signLen, CRYPTSHA_T *plainSha, CRYPTRSA_T *pubKey)
{
- rsa_context *pk = pubKey->backendKey;
+ mbedtls_rsa_context *pk = pubKey->backendKey;
assertion(-502147, (signLen == pubKey->rawKeyLen));
-#if CRYPTLIB == POLARSSL_1_2_5
- if (rsa_pkcs1_verify(pk, RSA_PUBLIC, SIG_RSA_SHA224, sizeof(CRYPTSHA_T), (uint8_t*) plainSha, sign))
- return FAILURE;
-#elif CRYPTLIB == POLARSSL_1_2_9
- if (rsa_pkcs1_verify(pk, ctr_drbg_random, &ctr_drbg, RSA_PUBLIC, SIG_RSA_SHA224, sizeof(CRYPTSHA_T), (uint8_t*) plainSha, sign))
+ if (mbedtls_rsa_pkcs1_verify(pk, mbedtls_ctr_drbg_random, &ctr_drbg, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA224, sizeof(CRYPTSHA_T), (uint8_t*) plainSha, sign))
return FAILURE;
-#elif CRYPTLIB >= POLARSSL_1_3_3
- if (rsa_pkcs1_verify(pk, ctr_drbg_random, &ctr_drbg, RSA_PUBLIC, POLARSSL_MD_SHA224, sizeof(CRYPTSHA_T), (uint8_t*) plainSha, sign))
- return FAILURE;
-#else
-#error "Please fix CRYPTLIB"
-#endif
-
return SUCCESS;
}
@@ -770,18 +653,18 @@ int cryptRsaVerify(uint8_t *sign, size_t signLen, CRYPTSHA_T *plainSha, CRYPTRSA
void cryptRand(void *out, uint32_t outLen)
{
- assertion(-502139, ENTROPY_BLOCK_SIZE > sizeof(CRYPTSHA_T));
+ assertion(-502139, MBEDTLS_ENTROPY_BLOCK_SIZE > sizeof(CRYPTSHA_T));
if (outLen <= sizeof(CRYPTSHA_T)) {
- if (entropy_func(&entropy_ctx, out, outLen) != 0)
+ if (mbedtls_entropy_func(&entropy_ctx, out, outLen) != 0)
cleanup_all(-502148);
} else {
CRYPTSHA_T seed[2];
uint32_t outPos;
- if (entropy_func(&entropy_ctx, (void*) &seed[0], sizeof(CRYPTSHA_T)) != 0)
+ if (mbedtls_entropy_func(&entropy_ctx, (void*) &seed[0], sizeof(CRYPTSHA_T)) != 0)
cleanup_all(-502140);
cryptShaAtomic(&seed[0], sizeof(CRYPTSHA_T), &seed[1]);
@@ -799,20 +682,14 @@ void cryptRand(void *out, uint32_t outLen)
STATIC_FUNC
void cryptRngInit(void)
{
-
int ret;
fflush(stdout);
- entropy_init(&entropy_ctx);
+ mbedtls_entropy_init(&entropy_ctx);
-#if (CRYPTLIB >= POLARSSL_MIN && CRYPTLIB <= POLARSSL_MAX)
- if ((ret = ctr_drbg_init(&ctr_drbg, entropy_func, &entropy_ctx, NULL, 0)) != 0)
- cleanup_all(-502149);
-#elif (CRYPTLIB >= MBEDTLS_MIN && CRYPTLIB <= MBEDTLS_MAX)
mbedtls_ctr_drbg_init(&ctr_drbg);
- if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, entropy_func, &entropy_ctx, NULL, 0)) != 0)
+ if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy_ctx, NULL, 0)) != 0)
cleanup_all(-502149);
-#endif
int test = 0;
@@ -829,22 +706,14 @@ void cryptRngFree(void)
STATIC_FUNC
void cryptShaInit(void)
{
-#if CRYPTLIB < POLARSSL_1_3_9
- memset(&sha_ctx, 0, sizeof(sha_ctx));
-#else
- sha256_init(&sha_ctx);
-#endif
+ mbedtls_sha256_init(&sha_ctx);
shaClean = YES;
}
STATIC_FUNC
void cryptShaFree(void)
{
-#if CRYPTLIB < POLARSSL_1_3_9
- memset(&sha_ctx, 0, sizeof(sha_ctx));
-#else
- sha256_free(&sha_ctx);
-#endif
+ mbedtls_sha256_free(&sha_ctx);
}
void cryptShaAtomic(void *in, int32_t len, CRYPTSHA_T *sha)
@@ -855,14 +724,14 @@ void cryptShaAtomic(void *in, int32_t len, CRYPTSHA_T *sha)
unsigned char output[32];
-#if (CRYPTLIB >= MBEDTLS_2_8_0 && CRYPTLIB <= MBEDTLS_MAX)
+#if (CRYPTLIB >= MBEDTLS_2_8_0 && CRYPTLIB < MBEDTLS_3_0_0)
mbedtls_sha256_starts_ret(&sha_ctx, 1/*is224*/);
mbedtls_sha256_update_ret(&sha_ctx, in, len);
mbedtls_sha256_finish_ret(&sha_ctx, output);
#else
- sha256_starts(&sha_ctx, 1/*is224*/);
- sha256_update(&sha_ctx, in, len);
- sha256_finish(&sha_ctx, output);
+ mbedtls_sha256_starts(&sha_ctx, 1/*is224*/);
+ mbedtls_sha256_update(&sha_ctx, in, len);
+ mbedtls_sha256_finish(&sha_ctx, output);
#endif
memcpy(sha, output, sizeof(CRYPTSHA_T));
memset(output, 0, sizeof(output));
@@ -875,12 +744,12 @@ void cryptShaNew(void *in, int32_t len)
assertion(-502034, (in && len > 0 && !memcmp(in, in, len)));
shaClean = NO;
-#if (CRYPTLIB >= MBEDTLS_2_8_0 && CRYPTLIB <= MBEDTLS_MAX)
+#if (CRYPTLIB >= MBEDTLS_2_8_0 && CRYPTLIB < MBEDTLS_3_0_0)
mbedtls_sha256_starts_ret(&sha_ctx, 1/*is224*/);
mbedtls_sha256_update_ret(&sha_ctx, in, len);
#else
- sha256_starts(&sha_ctx, 1/*is224*/);
- sha256_update(&sha_ctx, in, len);
+ mbedtls_sha256_starts(&sha_ctx, 1/*is224*/);
+ mbedtls_sha256_update(&sha_ctx, in, len);
#endif
}
@@ -890,10 +759,10 @@ void cryptShaUpdate(void *in, int32_t len)
assertion(-502035, (shaClean == NO));
assertion(-502036, (in && len > 0 && !memcmp(in, in, len)));
-#if (CRYPTLIB >= MBEDTLS_2_8_0 && CRYPTLIB <= MBEDTLS_MAX)
+#if (CRYPTLIB >= MBEDTLS_2_8_0 && CRYPTLIB < MBEDTLS_3_0_0)
mbedtls_sha256_update_ret(&sha_ctx, in, len);
#else
- sha256_update(&sha_ctx, in, len);
+ mbedtls_sha256_update(&sha_ctx, in, len);
#endif
}
@@ -904,10 +773,10 @@ void cryptShaFinal(CRYPTSHA_T *sha)
assertion(-502038, (sha));
unsigned char output[32];
-#if (CRYPTLIB >= MBEDTLS_2_8_0 && CRYPTLIB <= MBEDTLS_MAX)
+#if (CRYPTLIB >= MBEDTLS_2_8_0 && CRYPTLIB < MBEDTLS_3_0_0)
mbedtls_sha256_finish_ret(&sha_ctx, output);
#else
- sha256_finish(&sha_ctx, output);
+ mbedtls_sha256_finish(&sha_ctx, output;)
#endif
memcpy(sha, output, sizeof(CRYPTSHA_T));
memset(output, 0, sizeof(output));
diff --git a/src/crypt.h b/src/crypt.h
index bcc91db..da34d4e 100644
--- a/src/crypt.h
+++ b/src/crypt.h
@@ -19,20 +19,13 @@
* Alternative cryptographic libraries are:
* libtomcrypt, gcrypt, cyassl
*/
-
-#define POLARSSL_MIN 1000
-#define POLARSSL_1_2_5 1125
-#define POLARSSL_1_2_9 1129
-#define POLARSSL_1_3_3 1133
-#define POLARSSL_1_3_4 1134
-#define POLARSSL_1_3_9 1139
-#define POLARSSL_MAX 1999
-
#define MBEDTLS_MIN 2000
#define MBEDTLS_2_4_0 2240
#define MBEDTLS_2_6_0 2260
#define MBEDTLS_2_7_0 2270
#define MBEDTLS_2_8_0 2280
+#define MBEDTLS_3_0_0 2300
+#define MBEDTLS_3_6_0 2360
#define MBEDTLS_MAX 2999
#ifndef CRYPTLIB
Reference in New Issue View Git Blame Copy Permalink