src/core/crypto/mbedtls.cpp - third_party/openthread - Git at Google

 /*
  *  Copyright (c) 2016, The OpenThread Authors.
  *  All rights reserved.
  *
  *  Redistribution and use in source and binary forms, with or without
  *  modification, are permitted provided that the following conditions are met:
  *  1. Redistributions of source code must retain the above copyright
  *     notice, this list of conditions and the following disclaimer.
  *  2. Redistributions in binary form must reproduce the above copyright
  *     notice, this list of conditions and the following disclaimer in the
  *     documentation and/or other materials provided with the distribution.
  *  3. Neither the name of the copyright holder nor the
  *     names of its contributors may be used to endorse or promote products
  *     derived from this software without specific prior written permission.
  *
  *  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
  *  AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  *  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  *  ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
  *  LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
  *  CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
  *  SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
  *  INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
  *  CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  *  ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  *  POSSIBILITY OF SUCH DAMAGE.
  */

 /**
  * @file
  *   This file implements the use of mbedTLS.
  */

 #include "mbedtls.hpp"

 #include <mbedtls/ctr_drbg.h>
 #include <mbedtls/debug.h>
 #include <mbedtls/entropy.h>
 #include <mbedtls/platform.h>
 #include <mbedtls/threading.h>

 #ifdef MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
 #include <mbedtls/pem.h>
 #endif

 #include "common/code_utils.hpp"
 #include "common/error.hpp"
 #include "common/heap.hpp"
 #include "common/random.hpp"

 namespace ot {
 namespace Crypto {

 MbedTls::MbedTls(void)
 {
 #if OPENTHREAD_CONFIG_ENABLE_BUILTIN_MBEDTLS_MANAGEMENT
 #ifdef MBEDTLS_DEBUG_C
     // mbedTLS's debug level is almost the same as OpenThread's
     mbedtls_debug_set_threshold(OPENTHREAD_CONFIG_LOG_LEVEL);
 #endif
     mbedtls_platform_set_calloc_free(Heap::CAlloc, Heap::Free);
 #endif // OPENTHREAD_CONFIG_ENABLE_BUILTIN_MBEDTLS_MANAGEMENT
 }

 Error MbedTls::MapError(int aMbedTlsError)
 {
     Error error = kErrorNone;

     switch (aMbedTlsError)
     {
 #if OPENTHREAD_CONFIG_ECDSA_ENABLE
     case MBEDTLS_ERR_ECP_BAD_INPUT_DATA:
     case MBEDTLS_ERR_MPI_BAD_INPUT_DATA:
     case MBEDTLS_ERR_MPI_INVALID_CHARACTER:
 #endif
 #ifdef MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
     case MBEDTLS_ERR_PK_TYPE_MISMATCH:
     case MBEDTLS_ERR_PK_FILE_IO_ERROR:
     case MBEDTLS_ERR_PK_KEY_INVALID_VERSION:
     case MBEDTLS_ERR_PK_KEY_INVALID_FORMAT:
     case MBEDTLS_ERR_PK_UNKNOWN_PK_ALG:
     case MBEDTLS_ERR_PK_PASSWORD_REQUIRED:
     case MBEDTLS_ERR_PK_PASSWORD_MISMATCH:
     case MBEDTLS_ERR_PK_INVALID_PUBKEY:
     case MBEDTLS_ERR_PK_INVALID_ALG:
     case MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE:
     case MBEDTLS_ERR_PK_BAD_INPUT_DATA:
     case MBEDTLS_ERR_X509_SIG_MISMATCH:
     case MBEDTLS_ERR_X509_BAD_INPUT_DATA:
     case MBEDTLS_ERR_X509_FILE_IO_ERROR:
     case MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT:
     case MBEDTLS_ERR_X509_INVALID_VERSION:
     case MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG:
     case MBEDTLS_ERR_X509_INVALID_SERIAL:
     case MBEDTLS_ERR_X509_UNKNOWN_OID:
     case MBEDTLS_ERR_X509_INVALID_FORMAT:
     case MBEDTLS_ERR_X509_INVALID_ALG:
     case MBEDTLS_ERR_X509_INVALID_NAME:
     case MBEDTLS_ERR_X509_INVALID_DATE:
     case MBEDTLS_ERR_X509_INVALID_SIGNATURE:
     case MBEDTLS_ERR_X509_INVALID_EXTENSIONS:
     case MBEDTLS_ERR_X509_UNKNOWN_VERSION:
 #endif // MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
     case MBEDTLS_ERR_SSL_BAD_INPUT_DATA:
     case MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG:
     case MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG:
         error = kErrorInvalidArgs;
         break;

 #if OPENTHREAD_CONFIG_ECDSA_ENABLE
     case MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL:
     case MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL:
     case MBEDTLS_ERR_MPI_ALLOC_FAILED:
 #endif
 #ifdef MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
     case MBEDTLS_ERR_PEM_ALLOC_FAILED:
     case MBEDTLS_ERR_PK_ALLOC_FAILED:
     case MBEDTLS_ERR_X509_BUFFER_TOO_SMALL:
     case MBEDTLS_ERR_X509_ALLOC_FAILED:
 #endif
     case MBEDTLS_ERR_SSL_ALLOC_FAILED:
     case MBEDTLS_ERR_SSL_WANT_WRITE:
     case MBEDTLS_ERR_ENTROPY_MAX_SOURCES:
         error = kErrorNoBufs;
         break;

 #ifdef MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
     case MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE:
     case MBEDTLS_ERR_PK_SIG_LEN_MISMATCH:
     case MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE:
     case MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:
 #endif // MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
     case MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED:
     case MBEDTLS_ERR_ENTROPY_SOURCE_FAILED:
     case MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED:
     case MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE:
 #if (MBEDTLS_VERSION_NUMBER < 0x03000000)
     case MBEDTLS_ERR_SSL_PEER_VERIFY_FAILED:
 #endif
     case MBEDTLS_ERR_THREADING_BAD_INPUT_DATA:
     case MBEDTLS_ERR_THREADING_MUTEX_ERROR:
         error = kErrorSecurity;
         break;

 #ifdef MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
     case MBEDTLS_ERR_X509_FATAL_ERROR:
         error = kErrorFailed;
         break;
 #endif
     case MBEDTLS_ERR_SSL_TIMEOUT:
     case MBEDTLS_ERR_SSL_WANT_READ:
         error = kErrorBusy;
         break;

 #if OPENTHREAD_CONFIG_ECDSA_ENABLE
     case MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE:
         error = kErrorNotCapable;
         break;
 #endif

     default:
         if (aMbedTlsError < 0)
         {
             error = kErrorFailed;
         }

         break;
     }

     return error;
 }

 #if !OPENTHREAD_RADIO

 int MbedTls::CryptoSecurePrng(void *, unsigned char *aBuffer, size_t aSize)
 {
     IgnoreError(ot::Random::Crypto::FillBuffer(aBuffer, static_cast<uint16_t>(aSize)));

     return 0;
 }

 #endif // !OPENTHREAD_RADIO

 } // namespace Crypto
 } // namespace ot
	/*
	* Copyright (c) 2016, The OpenThread Authors.
	* All rights reserved.
	*
	* Redistribution and use in source and binary forms, with or without
	* modification, are permitted provided that the following conditions are met:
	* 1. Redistributions of source code must retain the above copyright
	* notice, this list of conditions and the following disclaimer.
	* 2. Redistributions in binary form must reproduce the above copyright
	* notice, this list of conditions and the following disclaimer in the
	* documentation and/or other materials provided with the distribution.
	* 3. Neither the name of the copyright holder nor the
	* names of its contributors may be used to endorse or promote products
	* derived from this software without specific prior written permission.
	*
	* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
	* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
	* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
	* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
	* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
	* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
	* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
	* POSSIBILITY OF SUCH DAMAGE.
	*/

	/**
	* @file
	* This file implements the use of mbedTLS.
	*/

	#include "mbedtls.hpp"

	#include <mbedtls/ctr_drbg.h>
	#include <mbedtls/debug.h>
	#include <mbedtls/entropy.h>
	#include <mbedtls/platform.h>
	#include <mbedtls/threading.h>

	#ifdef MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
	#include <mbedtls/pem.h>
	#endif

	#include "common/code_utils.hpp"
	#include "common/error.hpp"
	#include "common/heap.hpp"
	#include "common/random.hpp"

	namespace ot {
	namespace Crypto {

	MbedTls::MbedTls(void)
	{
	#if OPENTHREAD_CONFIG_ENABLE_BUILTIN_MBEDTLS_MANAGEMENT
	#ifdef MBEDTLS_DEBUG_C
	// mbedTLS's debug level is almost the same as OpenThread's
	mbedtls_debug_set_threshold(OPENTHREAD_CONFIG_LOG_LEVEL);
	#endif
	mbedtls_platform_set_calloc_free(Heap::CAlloc, Heap::Free);
	#endif // OPENTHREAD_CONFIG_ENABLE_BUILTIN_MBEDTLS_MANAGEMENT
	}

	Error MbedTls::MapError(int aMbedTlsError)
	{
	Error error = kErrorNone;

	switch (aMbedTlsError)
	{
	#if OPENTHREAD_CONFIG_ECDSA_ENABLE
	case MBEDTLS_ERR_ECP_BAD_INPUT_DATA:
	case MBEDTLS_ERR_MPI_BAD_INPUT_DATA:
	case MBEDTLS_ERR_MPI_INVALID_CHARACTER:
	#endif
	#ifdef MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
	case MBEDTLS_ERR_PK_TYPE_MISMATCH:
	case MBEDTLS_ERR_PK_FILE_IO_ERROR:
	case MBEDTLS_ERR_PK_KEY_INVALID_VERSION:
	case MBEDTLS_ERR_PK_KEY_INVALID_FORMAT:
	case MBEDTLS_ERR_PK_UNKNOWN_PK_ALG:
	case MBEDTLS_ERR_PK_PASSWORD_REQUIRED:
	case MBEDTLS_ERR_PK_PASSWORD_MISMATCH:
	case MBEDTLS_ERR_PK_INVALID_PUBKEY:
	case MBEDTLS_ERR_PK_INVALID_ALG:
	case MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE:
	case MBEDTLS_ERR_PK_BAD_INPUT_DATA:
	case MBEDTLS_ERR_X509_SIG_MISMATCH:
	case MBEDTLS_ERR_X509_BAD_INPUT_DATA:
	case MBEDTLS_ERR_X509_FILE_IO_ERROR:
	case MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT:
	case MBEDTLS_ERR_X509_INVALID_VERSION:
	case MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG:
	case MBEDTLS_ERR_X509_INVALID_SERIAL:
	case MBEDTLS_ERR_X509_UNKNOWN_OID:
	case MBEDTLS_ERR_X509_INVALID_FORMAT:
	case MBEDTLS_ERR_X509_INVALID_ALG:
	case MBEDTLS_ERR_X509_INVALID_NAME:
	case MBEDTLS_ERR_X509_INVALID_DATE:
	case MBEDTLS_ERR_X509_INVALID_SIGNATURE:
	case MBEDTLS_ERR_X509_INVALID_EXTENSIONS:
	case MBEDTLS_ERR_X509_UNKNOWN_VERSION:
	#endif // MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
	case MBEDTLS_ERR_SSL_BAD_INPUT_DATA:
	case MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG:
	case MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG:
	error = kErrorInvalidArgs;
	break;

	#if OPENTHREAD_CONFIG_ECDSA_ENABLE
	case MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL:
	case MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL:
	case MBEDTLS_ERR_MPI_ALLOC_FAILED:
	#endif
	#ifdef MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
	case MBEDTLS_ERR_PEM_ALLOC_FAILED:
	case MBEDTLS_ERR_PK_ALLOC_FAILED:
	case MBEDTLS_ERR_X509_BUFFER_TOO_SMALL:
	case MBEDTLS_ERR_X509_ALLOC_FAILED:
	#endif
	case MBEDTLS_ERR_SSL_ALLOC_FAILED:
	case MBEDTLS_ERR_SSL_WANT_WRITE:
	case MBEDTLS_ERR_ENTROPY_MAX_SOURCES:
	error = kErrorNoBufs;
	break;

	#ifdef MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
	case MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE:
	case MBEDTLS_ERR_PK_SIG_LEN_MISMATCH:
	case MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE:
	case MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:
	#endif // MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
	case MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED:
	case MBEDTLS_ERR_ENTROPY_SOURCE_FAILED:
	case MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED:
	case MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE:
	#if (MBEDTLS_VERSION_NUMBER < 0x03000000)
	case MBEDTLS_ERR_SSL_PEER_VERIFY_FAILED:
	#endif
	case MBEDTLS_ERR_THREADING_BAD_INPUT_DATA:
	case MBEDTLS_ERR_THREADING_MUTEX_ERROR:
	error = kErrorSecurity;
	break;

	#ifdef MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
	case MBEDTLS_ERR_X509_FATAL_ERROR:
	error = kErrorFailed;
	break;
	#endif
	case MBEDTLS_ERR_SSL_TIMEOUT:
	case MBEDTLS_ERR_SSL_WANT_READ:
	error = kErrorBusy;
	break;

	#if OPENTHREAD_CONFIG_ECDSA_ENABLE
	case MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE:
	error = kErrorNotCapable;
	break;
	#endif

	default:
	if (aMbedTlsError < 0)
	{
	error = kErrorFailed;
	}

	break;
	}

	return error;
	}

	#if !OPENTHREAD_RADIO

	int MbedTls::CryptoSecurePrng(void , unsigned char aBuffer, size_t aSize)
	{
	IgnoreError(ot::Random::Crypto::FillBuffer(aBuffer, static_cast<uint16_t>(aSize)));

	return 0;
	}

	#endif // !OPENTHREAD_RADIO

	} // namespace Crypto
	} // namespace ot