From 84941bcc9f25cbe3fd3b2604080d0a1cfd8fbaa7 Mon Sep 17 00:00:00 2001 From: peterbell10 Date: Wed, 30 Aug 2017 15:00:06 +0100 Subject: Update mbedtls to 2.5.1 (#3964) * Renaming changes: * macro prefix "POLARSSL" -> "MBEDTLS" * functions now prefixed with "mbedtls_" * rename PolarSSL++ -> mbedTLS++ * rename polarssl submodule * Use mbedtls' AES-CFB8 implementation. * Add cSslConfig to wrap mbedtls_ssl_config * Update cTCPLink and cBlockingSslClientSocket to use cSslConfig * Use cSslConfig in cHTTPServer * Use cSslConfig for cMojangAPI::SecureRequest * CI Fixes * Set -fomit-frame-pointer on the right target --- src/mbedTLS++/CryptoKey.cpp | 149 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 149 insertions(+) create mode 100644 src/mbedTLS++/CryptoKey.cpp (limited to 'src/mbedTLS++/CryptoKey.cpp') diff --git a/src/mbedTLS++/CryptoKey.cpp b/src/mbedTLS++/CryptoKey.cpp new file mode 100644 index 000000000..4ebb0f300 --- /dev/null +++ b/src/mbedTLS++/CryptoKey.cpp @@ -0,0 +1,149 @@ + +// CryptoKey.cpp + +// Implements the cCryptoKey class representing a RSA public key in mbedTLS + +#include "Globals.h" +#include "CryptoKey.h" + + + + + +cCryptoKey::cCryptoKey(void) +{ + mbedtls_pk_init(&m_Pk); + m_CtrDrbg.Initialize("rsa_pubkey", 10); +} + + + + + +cCryptoKey::cCryptoKey(const AString & a_PublicKeyData) +{ + mbedtls_pk_init(&m_Pk); + m_CtrDrbg.Initialize("rsa_pubkey", 10); + int res = ParsePublic(a_PublicKeyData.data(), a_PublicKeyData.size()); + if (res != 0) + { + LOGWARNING("Failed to parse public key: -0x%x", res); + ASSERT(!"Cannot parse PubKey"); + return; + } +} + + + + + +cCryptoKey::cCryptoKey(const AString & a_PrivateKeyData, const AString & a_Password) +{ + mbedtls_pk_init(&m_Pk); + m_CtrDrbg.Initialize("rsa_privkey", 11); + int res = ParsePrivate(a_PrivateKeyData.data(), a_PrivateKeyData.size(), a_Password); + if (res != 0) + { + LOGWARNING("Failed to parse private key: -0x%x", res); + ASSERT(!"Cannot parse PrivKey"); + return; + } +} + + + + + +cCryptoKey::~cCryptoKey() +{ + mbedtls_pk_free(&m_Pk); +} + + + + + +int cCryptoKey::Decrypt(const Byte * a_EncryptedData, size_t a_EncryptedLength, Byte * a_DecryptedData, size_t a_DecryptedMaxLength) +{ + ASSERT(IsValid()); + + size_t DecryptedLen = a_DecryptedMaxLength; + int res = mbedtls_pk_decrypt(&m_Pk, + a_EncryptedData, a_EncryptedLength, + a_DecryptedData, &DecryptedLen, a_DecryptedMaxLength, + mbedtls_ctr_drbg_random, m_CtrDrbg.GetInternal() + ); + if (res != 0) + { + return res; + } + return static_cast(DecryptedLen); +} + + + + + +int cCryptoKey::Encrypt(const Byte * a_PlainData, size_t a_PlainLength, Byte * a_EncryptedData, size_t a_EncryptedMaxLength) +{ + ASSERT(IsValid()); + + size_t EncryptedLength = a_EncryptedMaxLength; + int res = mbedtls_pk_encrypt(&m_Pk, + a_PlainData, a_PlainLength, a_EncryptedData, &EncryptedLength, a_EncryptedMaxLength, + mbedtls_ctr_drbg_random, m_CtrDrbg.GetInternal() + ); + if (res != 0) + { + return res; + } + return static_cast(EncryptedLength); +} + + + + + + +int cCryptoKey::ParsePublic(const void * a_Data, size_t a_NumBytes) +{ + ASSERT(!IsValid()); // Cannot parse a second key + + return mbedtls_pk_parse_public_key(&m_Pk, reinterpret_cast(a_Data), a_NumBytes); +} + + + + + + +int cCryptoKey::ParsePrivate(const void * a_Data, size_t a_NumBytes, const AString & a_Password) +{ + ASSERT(!IsValid()); // Cannot parse a second key + + if (a_Password.empty()) + { + return mbedtls_pk_parse_key(&m_Pk, reinterpret_cast(a_Data), a_NumBytes, nullptr, 0); + } + else + { + return mbedtls_pk_parse_key( + &m_Pk, + reinterpret_cast(a_Data), a_NumBytes, + reinterpret_cast(a_Password.c_str()), a_Password.size() + ); + } +} + + + + + +bool cCryptoKey::IsValid(void) const +{ + return (mbedtls_pk_get_type(&m_Pk) != MBEDTLS_PK_NONE); +} + + + + -- cgit v1.2.3