Migrate makerom to modern mbedtls

This commit is contained in:
jakcron
2022-04-16 23:21:21 +08:00
parent 2118652df9
commit 82a3f7e8c7
4 changed files with 86 additions and 48 deletions
+2 -2
View File
@@ -24,8 +24,8 @@ ifeq ($(ROOT_PROJECT_NAME),)
endif
# Project Dependencies
PROJECT_DEPEND = mbedtls polarssl blz yaml
PROJECT_DEPEND_LOCAL_DIR = libmbedtls libpolarssl libblz libyaml
PROJECT_DEPEND = mbedtls blz yaml
PROJECT_DEPEND_LOCAL_DIR = libmbedtls libblz libyaml
# Generate compiler flags for including project include path
ifneq ($(PROJECT_INCLUDE_PATH),)
+69 -31
View File
@@ -1,15 +1,16 @@
#include "lib.h"
#include "crypto.h"
#include <polarssl/rsa.h>
#include <mbedtls/aes.h>
#include <mbedtls/rsa.h>
#include <mbedtls/md.h>
#include <mbedtls/entropy.h>
#include <mbedtls/ctr_drbg.h>
#include <mbedtls/sha1.h>
#include <mbedtls/sha256.h>
const u8 RSA_PUB_EXP[0x3] = {0x01,0x00,0x01};
const int HASH_MAX_LEN = 0x20;
static const u8 RSA_PUB_EXP[0x3] = {0x01,0x00,0x01};
static const int HASH_MAX_LEN = 0x20;
bool VerifySha256(void *data, u64 size, u8 hash[32])
{
@@ -65,13 +66,13 @@ void AesCbcCrypt(u8 *key, u8 *iv, u8 *input, u8 *output, u64 length, u8 mode)
}
}
bool RsaKeyInit(rsa_context* ctx, u8 *modulus, u8 *private_exp, u8 *exponent, u8 rsa_type)
bool RsaKeyInit(mbedtls_rsa_context* ctx, const u8 *modulus, const u8 *private_exp, const u8 *public_exp, u8 rsa_type)
{
// Sanity Check
if(!ctx)
return false;
rsa_init(ctx, RSA_PKCS_V15, 0);
mbedtls_rsa_init( ctx, MBEDTLS_RSA_PKCS_V15, 0 );
u16 n_size = 0;
u16 d_size = 0;
@@ -92,18 +93,20 @@ bool RsaKeyInit(rsa_context* ctx, u8 *modulus, u8 *private_exp, u8 *exponent, u8
break;
default: return false;
}
int ret = mbedtls_rsa_import_raw(ctx, \
modulus ? modulus : NULL, modulus ? n_size : 0, \
NULL, 0, \
NULL, 0, \
private_exp ? private_exp : NULL, private_exp ? d_size : 0, \
public_exp ? public_exp : NULL, public_exp ? e_size : 0);
if (modulus && mpi_read_binary(&ctx->N, modulus, n_size))
if (ret != 0)
goto clean;
if (exponent && mpi_read_binary(&ctx->E, exponent, e_size))
goto clean;
if (private_exp && mpi_read_binary(&ctx->D, private_exp, d_size))
goto clean;
return true;
clean:
rsa_free(ctx);
mbedtls_rsa_free(ctx);
return false;
}
@@ -135,19 +138,6 @@ u32 GetSigHashType(u32 sig_type)
return 0;
}
int GetRsaHashType(u32 sig_type)
{
switch(sig_type){
case RSA_4096_SHA1:
case RSA_2048_SHA1:
return SIG_RSA_SHA1;
case RSA_4096_SHA256:
case RSA_2048_SHA256:
return SIG_RSA_SHA256;
}
return 0;
}
u32 GetSigHashLen(u32 sig_type)
{
switch(sig_type){
@@ -163,6 +153,28 @@ u32 GetSigHashLen(u32 sig_type)
return 0;
}
mbedtls_md_type_t getMdWrappedHashType(u32 sig_type)
{
mbedtls_md_type_t md_type = MBEDTLS_MD_NONE;
switch(sig_type){
case RSA_4096_SHA1:
case RSA_2048_SHA1:
case ECC_SHA1:
md_type = MBEDTLS_MD_SHA1;
break;
case RSA_4096_SHA256:
case RSA_2048_SHA256:
case ECC_SHA256:
md_type = MBEDTLS_MD_SHA256;
break;
default:
break;
}
return md_type;
}
bool CalcHashForSign(void *data, u64 len, u8 *hash, u32 sig_type)
{
if(GetSigHashType(sig_type) == 0)
@@ -176,20 +188,46 @@ bool CalcHashForSign(void *data, u64 len, u8 *hash, u32 sig_type)
int RsaSignVerify(void *data, u64 len, u8 *sign, u8 *mod, u8 *priv_exp, u32 sig_type, u8 rsa_mode)
{
int rsa_result = 0;
rsa_context ctx;
mbedtls_rsa_context ctx;
u8 hash[HASH_MAX_LEN];
if(!RsaKeyInit(&ctx, mod, priv_exp, (u8*)RSA_PUB_EXP, GetRsaType(sig_type)))
if(!RsaKeyInit(&ctx, mod, priv_exp, RSA_PUB_EXP, GetRsaType(sig_type)))
return -1;
if(!CalcHashForSign(data, len, hash, sig_type))
return -1;
if(rsa_mode == CTR_RSA_VERIFY)
rsa_result = rsa_pkcs1_verify(&ctx, RSA_PUBLIC, GetRsaHashType(sig_type), 0, hash, sign);
{
//rsa_result = rsa_pkcs1_verify(&ctx, RSA_PUBLIC, GetRsaHashType(sig_type), 0, hash, sign);
rsa_result = mbedtls_rsa_rsassa_pkcs1_v15_verify(&ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, getMdWrappedHashType(sig_type), GetSigHashLen(sig_type), hash, sign);
}
else // CTR_RSA_SIGN
rsa_result = rsa_rsassa_pkcs1_v15_sign(&ctx, RSA_PRIVATE, GetRsaHashType(sig_type), 0, hash, sign);
{
// mbedtls API requires we init their PRBG before signing, but it isn't strictly required for the specific signture type we are generating
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_entropy_init( &entropy );
mbedtls_ctr_drbg_init( &ctr_drbg );
// init PRBG
const char* pers = "RsaSignVerify";
rsa_result = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, (const uint8_t*)pers, strlen(pers));
// if initing the PRBG succeeded we can sign
if (rsa_result == 0)
{
//rsa_result = rsa_rsassa_pkcs1_v15_sign(&ctx, RSA_PRIVATE, GetRsaHashType(sig_type), 0, hash, sign);
rsa_result = mbedtls_rsa_rsassa_pkcs1_v15_sign(&ctx, mbedtls_ctr_drbg_random, &ctr_drbg, MBEDTLS_RSA_PRIVATE, getMdWrappedHashType(sig_type), GetSigHashLen(sig_type), hash, sign);
}
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
}
rsa_free(&ctx);
mbedtls_rsa_free(&ctx);
return rsa_result;
}
+12 -12
View File
@@ -1,5 +1,5 @@
#include "lib.h"
#include <polarssl/base64.h>
#include <mbedtls/base64.h>
#define IO_BLOCKSIZE 5*MB
@@ -110,10 +110,10 @@ bool IsValidB64Char(char chr)
return (isalnum(chr) || chr == '+' || chr == '/' || chr == '=');
}
u32 b64_strlen(char *str)
size_t b64_strlen(const char *str)
{
u32 count = 0;
u32 i = 0;
size_t count = 0;
size_t i = 0;
while(str[i] != 0x0){
if(IsValidB64Char(str[i])) {
//printf("Is Valid: %c\n",str[i]);
@@ -125,11 +125,11 @@ u32 b64_strlen(char *str)
return count;
}
void b64_strcpy(char *dst, char *src)
void b64_strcpy(char *dst, const char *src)
{
u32 src_len = strlen(src);
u32 j = 0;
for(u32 i = 0; i < src_len; i++){
size_t src_len = strlen(src);
size_t j = 0;
for(size_t i = 0; i < src_len; i++){
if(IsValidB64Char(src[i])){
dst[j] = src[i];
j++;
@@ -141,15 +141,15 @@ void b64_strcpy(char *dst, char *src)
//memdump(stdout,"dst: ",(u8*)dst,j+1);
}
int b64_decode(u8 *dst, char *src, u32 dst_size)
int b64_decode(u8 *dst, const char *src, size_t dst_size)
{
int ret;
u32 size = dst_size;
size_t size = dst_size;
ret = base64_decode(dst,(size_t*)&size,(const u8*)src,strlen(src));
ret = mbedtls_base64_decode(dst, size, &size, (const u8*)src, strlen(src));
if(size != dst_size)
ret = POLARSSL_ERR_BASE64_BUFFER_TOO_SMALL;
ret = MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL;
return ret;
}
+3 -3
View File
@@ -23,9 +23,9 @@ char* replace_filextention(const char *input, const char *extention);
// Base64
bool IsValidB64Char(char chr);
u32 b64_strlen(char *str);
void b64_strcpy(char *dst, char *src);
int b64_decode(u8 *dst, char *src, u32 dst_size);
size_t b64_strlen(const char *str);
void b64_strcpy(char *dst, const char *src);
int b64_decode(u8 *dst, const char *src, size_t dst_size);
// Pseudo-Random Number Generator
void initRand(void);