TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / OP-TEE / optee_os / 11fa71b9ddb429088f325cfda430183003ccd1db / . / lib / libmbedtls / mbedtls / library / pk_wrap.c
blob: 919a7ba08ac9cec6a7bacef4d4583fb9db3b9655 [file] [log] [blame]
Edison Aic6672fd2018-02-28 15:01:47 +0800[diff] [blame]1// SPDX-License-Identifier: Apache-2.0
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]2/*
3 * Public Key abstraction layer: wrapper functions
4 *
5 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]6 *
7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
8 * not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 *
19 * This file is part of mbed TLS (https://tls.mbed.org)
20 */
21
22#if !defined(MBEDTLS_CONFIG_FILE)
23#include "mbedtls/config.h"
24#else
25#include MBEDTLS_CONFIG_FILE
26#endif
27
28#if defined(MBEDTLS_PK_C)
29#include "mbedtls/pk_internal.h"
Jerome Forissier11fa71b2020-04-20 17:17:56 +0200[diff] [blame^]30#include "mbedtls/error.h"
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]31
32/* Even if RSA not activated, for the sake of RSA-alt */
33#include "mbedtls/rsa.h"
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]34
35#include <string.h>
36
37#if defined(MBEDTLS_ECP_C)
38#include "mbedtls/ecp.h"
39#endif
40
41#if defined(MBEDTLS_ECDSA_C)
42#include "mbedtls/ecdsa.h"
43#endif
44
Jerome Forissier11fa71b2020-04-20 17:17:56 +0200[diff] [blame^]45#if defined(MBEDTLS_USE_PSA_CRYPTO)
46#include "mbedtls/asn1write.h"
47#endif
48
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]49#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
50#include "mbedtls/platform_util.h"
51#endif
52
Jerome Forissier11fa71b2020-04-20 17:17:56 +0200[diff] [blame^]53#if defined(MBEDTLS_USE_PSA_CRYPTO)
54#include "psa/crypto.h"
55#include "mbedtls/psa_util.h"
56#include "mbedtls/asn1.h"
57#endif
58
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]59#if defined(MBEDTLS_PLATFORM_C)
60#include "mbedtls/platform.h"
61#else
62#include <stdlib.h>
63#define mbedtls_calloc calloc
64#define mbedtls_free free
65#endif
66
67#include <limits.h>
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]68#include <stdint.h>
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]69
70#if defined(MBEDTLS_RSA_C)
71static int rsa_can_do( mbedtls_pk_type_t type )
72{
73 return( type == MBEDTLS_PK_RSA ||
74 type == MBEDTLS_PK_RSASSA_PSS );
75}
76
77static size_t rsa_get_bitlen( const void *ctx )
78{
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]79 const mbedtls_rsa_context * rsa = (const mbedtls_rsa_context *) ctx;
80 return( 8 * mbedtls_rsa_get_len( rsa ) );
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]81}
82
83static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
84 const unsigned char *hash, size_t hash_len,
85 const unsigned char *sig, size_t sig_len )
86{
Jerome Forissier11fa71b2020-04-20 17:17:56 +0200[diff] [blame^]87 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]88 mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
89 size_t rsa_len = mbedtls_rsa_get_len( rsa );
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]90
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]91#if SIZE_MAX > UINT_MAX
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]92 if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len )
93 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]94#endif /* SIZE_MAX > UINT_MAX */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]95
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]96 if( sig_len < rsa_len )
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]97 return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
98
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]99 if( ( ret = mbedtls_rsa_pkcs1_verify( rsa, NULL, NULL,
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]100 MBEDTLS_RSA_PUBLIC, md_alg,
101 (unsigned int) hash_len, hash, sig ) ) != 0 )
102 return( ret );
103
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]104 /* The buffer contains a valid signature followed by extra data.
105 * We have a special error code for that so that so that callers can
106 * use mbedtls_pk_verify() to check "Does the buffer start with a
107 * valid signature?" and not just "Does the buffer contain a valid
108 * signature?". */
109 if( sig_len > rsa_len )
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]110 return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );
111
112 return( 0 );
113}
114
115static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
116 const unsigned char *hash, size_t hash_len,
117 unsigned char *sig, size_t *sig_len,
118 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
119{
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]120 mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
121
122#if SIZE_MAX > UINT_MAX
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]123 if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len )
124 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]125#endif /* SIZE_MAX > UINT_MAX */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]126
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]127 *sig_len = mbedtls_rsa_get_len( rsa );
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]128
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]129 return( mbedtls_rsa_pkcs1_sign( rsa, f_rng, p_rng, MBEDTLS_RSA_PRIVATE,
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]130 md_alg, (unsigned int) hash_len, hash, sig ) );
131}
132
133static int rsa_decrypt_wrap( void *ctx,
134 const unsigned char *input, size_t ilen,
135 unsigned char *output, size_t *olen, size_t osize,
136 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
137{
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]138 mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
139
140 if( ilen != mbedtls_rsa_get_len( rsa ) )
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]141 return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
142
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]143 return( mbedtls_rsa_pkcs1_decrypt( rsa, f_rng, p_rng,
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]144 MBEDTLS_RSA_PRIVATE, olen, input, output, osize ) );
145}
146
147static int rsa_encrypt_wrap( void *ctx,
148 const unsigned char *input, size_t ilen,
149 unsigned char *output, size_t *olen, size_t osize,
150 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
151{
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]152 mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
153 *olen = mbedtls_rsa_get_len( rsa );
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]154
155 if( *olen > osize )
156 return( MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE );
157
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]158 return( mbedtls_rsa_pkcs1_encrypt( rsa, f_rng, p_rng, MBEDTLS_RSA_PUBLIC,
159 ilen, input, output ) );
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]160}
161
162static int rsa_check_pair_wrap( const void *pub, const void *prv )
163{
164 return( mbedtls_rsa_check_pub_priv( (const mbedtls_rsa_context *) pub,
165 (const mbedtls_rsa_context *) prv ) );
166}
167
168static void *rsa_alloc_wrap( void )
169{
170 void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_rsa_context ) );
171
172 if( ctx != NULL )
173 mbedtls_rsa_init( (mbedtls_rsa_context *) ctx, 0, 0 );
174
175 return( ctx );
176}
177
178static void rsa_free_wrap( void *ctx )
179{
180 mbedtls_rsa_free( (mbedtls_rsa_context *) ctx );
181 mbedtls_free( ctx );
182}
183
184static void rsa_debug( const void *ctx, mbedtls_pk_debug_item *items )
185{
186 items->type = MBEDTLS_PK_DEBUG_MPI;
187 items->name = "rsa.N";
188 items->value = &( ((mbedtls_rsa_context *) ctx)->N );
189
190 items++;
191
192 items->type = MBEDTLS_PK_DEBUG_MPI;
193 items->name = "rsa.E";
194 items->value = &( ((mbedtls_rsa_context *) ctx)->E );
195}
196
197const mbedtls_pk_info_t mbedtls_rsa_info = {
198 MBEDTLS_PK_RSA,
199 "RSA",
200 rsa_get_bitlen,
201 rsa_can_do,
202 rsa_verify_wrap,
203 rsa_sign_wrap,
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]204#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
205 NULL,
206 NULL,
207#endif
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]208 rsa_decrypt_wrap,
209 rsa_encrypt_wrap,
210 rsa_check_pair_wrap,
211 rsa_alloc_wrap,
212 rsa_free_wrap,
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]213#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
214 NULL,
215 NULL,
216#endif
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]217 rsa_debug,
218};
219#endif /* MBEDTLS_RSA_C */
220
221#if defined(MBEDTLS_ECP_C)
222/*
223 * Generic EC key
224 */
225static int eckey_can_do( mbedtls_pk_type_t type )
226{
227 return( type == MBEDTLS_PK_ECKEY ||
228 type == MBEDTLS_PK_ECKEY_DH ||
229 type == MBEDTLS_PK_ECDSA );
230}
231
232static size_t eckey_get_bitlen( const void *ctx )
233{
234 return( ((mbedtls_ecp_keypair *) ctx)->grp.pbits );
235}
236
237#if defined(MBEDTLS_ECDSA_C)
238/* Forward declarations */
239static int ecdsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
240 const unsigned char *hash, size_t hash_len,
241 const unsigned char *sig, size_t sig_len );
242
243static int ecdsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
244 const unsigned char *hash, size_t hash_len,
245 unsigned char *sig, size_t *sig_len,
246 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
247
248static int eckey_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
249 const unsigned char *hash, size_t hash_len,
250 const unsigned char *sig, size_t sig_len )
251{
Jerome Forissier11fa71b2020-04-20 17:17:56 +0200[diff] [blame^]252 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]253 mbedtls_ecdsa_context ecdsa;
254
255 mbedtls_ecdsa_init( &ecdsa );
256
257 if( ( ret = mbedtls_ecdsa_from_keypair( &ecdsa, ctx ) ) == 0 )
258 ret = ecdsa_verify_wrap( &ecdsa, md_alg, hash, hash_len, sig, sig_len );
259
260 mbedtls_ecdsa_free( &ecdsa );
261
262 return( ret );
263}
264
265static int eckey_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
266 const unsigned char *hash, size_t hash_len,
267 unsigned char *sig, size_t *sig_len,
268 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
269{
Jerome Forissier11fa71b2020-04-20 17:17:56 +0200[diff] [blame^]270 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]271 mbedtls_ecdsa_context ecdsa;
272
273 mbedtls_ecdsa_init( &ecdsa );
274
275 if( ( ret = mbedtls_ecdsa_from_keypair( &ecdsa, ctx ) ) == 0 )
276 ret = ecdsa_sign_wrap( &ecdsa, md_alg, hash, hash_len, sig, sig_len,
277 f_rng, p_rng );
278
279 mbedtls_ecdsa_free( &ecdsa );
280
281 return( ret );
282}
283
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]284#if defined(MBEDTLS_ECP_RESTARTABLE)
285/* Forward declarations */
286static int ecdsa_verify_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
287 const unsigned char *hash, size_t hash_len,
288 const unsigned char *sig, size_t sig_len,
289 void *rs_ctx );
290
291static int ecdsa_sign_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
292 const unsigned char *hash, size_t hash_len,
293 unsigned char *sig, size_t *sig_len,
294 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
295 void *rs_ctx );
296
297/*
298 * Restart context for ECDSA operations with ECKEY context
299 *
300 * We need to store an actual ECDSA context, as we need to pass the same to
301 * the underlying ecdsa function, so we can't create it on the fly every time.
302 */
303typedef struct
304{
305 mbedtls_ecdsa_restart_ctx ecdsa_rs;
306 mbedtls_ecdsa_context ecdsa_ctx;
307} eckey_restart_ctx;
308
309static void *eckey_rs_alloc( void )
310{
311 eckey_restart_ctx *rs_ctx;
312
313 void *ctx = mbedtls_calloc( 1, sizeof( eckey_restart_ctx ) );
314
315 if( ctx != NULL )
316 {
317 rs_ctx = ctx;
318 mbedtls_ecdsa_restart_init( &rs_ctx->ecdsa_rs );
319 mbedtls_ecdsa_init( &rs_ctx->ecdsa_ctx );
320 }
321
322 return( ctx );
323}
324
325static void eckey_rs_free( void *ctx )
326{
327 eckey_restart_ctx *rs_ctx;
328
329 if( ctx == NULL)
330 return;
331
332 rs_ctx = ctx;
333 mbedtls_ecdsa_restart_free( &rs_ctx->ecdsa_rs );
334 mbedtls_ecdsa_free( &rs_ctx->ecdsa_ctx );
335
336 mbedtls_free( ctx );
337}
338
339static int eckey_verify_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
340 const unsigned char *hash, size_t hash_len,
341 const unsigned char *sig, size_t sig_len,
342 void *rs_ctx )
343{
Jerome Forissier11fa71b2020-04-20 17:17:56 +0200[diff] [blame^]344 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]345 eckey_restart_ctx *rs = rs_ctx;
346
347 /* Should never happen */
348 if( rs == NULL )
349 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
350
351 /* set up our own sub-context if needed (that is, on first run) */
352 if( rs->ecdsa_ctx.grp.pbits == 0 )
353 MBEDTLS_MPI_CHK( mbedtls_ecdsa_from_keypair( &rs->ecdsa_ctx, ctx ) );
354
355 MBEDTLS_MPI_CHK( ecdsa_verify_rs_wrap( &rs->ecdsa_ctx,
356 md_alg, hash, hash_len,
357 sig, sig_len, &rs->ecdsa_rs ) );
358
359cleanup:
360 return( ret );
361}
362
363static int eckey_sign_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
364 const unsigned char *hash, size_t hash_len,
365 unsigned char *sig, size_t *sig_len,
366 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
367 void *rs_ctx )
368{
Jerome Forissier11fa71b2020-04-20 17:17:56 +0200[diff] [blame^]369 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]370 eckey_restart_ctx *rs = rs_ctx;
371
372 /* Should never happen */
373 if( rs == NULL )
374 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
375
376 /* set up our own sub-context if needed (that is, on first run) */
377 if( rs->ecdsa_ctx.grp.pbits == 0 )
378 MBEDTLS_MPI_CHK( mbedtls_ecdsa_from_keypair( &rs->ecdsa_ctx, ctx ) );
379
380 MBEDTLS_MPI_CHK( ecdsa_sign_rs_wrap( &rs->ecdsa_ctx, md_alg,
381 hash, hash_len, sig, sig_len,
382 f_rng, p_rng, &rs->ecdsa_rs ) );
383
384cleanup:
385 return( ret );
386}
387#endif /* MBEDTLS_ECP_RESTARTABLE */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]388#endif /* MBEDTLS_ECDSA_C */
389
390static int eckey_check_pair( const void *pub, const void *prv )
391{
392 return( mbedtls_ecp_check_pub_priv( (const mbedtls_ecp_keypair *) pub,
393 (const mbedtls_ecp_keypair *) prv ) );
394}
395
396static void *eckey_alloc_wrap( void )
397{
398 void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ecp_keypair ) );
399
400 if( ctx != NULL )
401 mbedtls_ecp_keypair_init( ctx );
402
403 return( ctx );
404}
405
406static void eckey_free_wrap( void *ctx )
407{
408 mbedtls_ecp_keypair_free( (mbedtls_ecp_keypair *) ctx );
409 mbedtls_free( ctx );
410}
411
412static void eckey_debug( const void *ctx, mbedtls_pk_debug_item *items )
413{
414 items->type = MBEDTLS_PK_DEBUG_ECP;
415 items->name = "eckey.Q";
416 items->value = &( ((mbedtls_ecp_keypair *) ctx)->Q );
417}
418
419const mbedtls_pk_info_t mbedtls_eckey_info = {
420 MBEDTLS_PK_ECKEY,
421 "EC",
422 eckey_get_bitlen,
423 eckey_can_do,
424#if defined(MBEDTLS_ECDSA_C)
425 eckey_verify_wrap,
426 eckey_sign_wrap,
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]427#if defined(MBEDTLS_ECP_RESTARTABLE)
428 eckey_verify_rs_wrap,
429 eckey_sign_rs_wrap,
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]430#endif
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]431#else /* MBEDTLS_ECDSA_C */
432 NULL,
433 NULL,
434#endif /* MBEDTLS_ECDSA_C */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]435 NULL,
436 NULL,
437 eckey_check_pair,
438 eckey_alloc_wrap,
439 eckey_free_wrap,
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]440#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
441 eckey_rs_alloc,
442 eckey_rs_free,
443#endif
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]444 eckey_debug,
445};
446
447/*
448 * EC key restricted to ECDH
449 */
450static int eckeydh_can_do( mbedtls_pk_type_t type )
451{
452 return( type == MBEDTLS_PK_ECKEY ||
453 type == MBEDTLS_PK_ECKEY_DH );
454}
455
456const mbedtls_pk_info_t mbedtls_eckeydh_info = {
457 MBEDTLS_PK_ECKEY_DH,
458 "EC_DH",
459 eckey_get_bitlen, /* Same underlying key structure */
460 eckeydh_can_do,
461 NULL,
462 NULL,
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]463#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
464 NULL,
465 NULL,
466#endif
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]467 NULL,
468 NULL,
469 eckey_check_pair,
470 eckey_alloc_wrap, /* Same underlying key structure */
471 eckey_free_wrap, /* Same underlying key structure */
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]472#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
473 NULL,
474 NULL,
475#endif
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]476 eckey_debug, /* Same underlying key structure */
477};
478#endif /* MBEDTLS_ECP_C */
479
480#if defined(MBEDTLS_ECDSA_C)
481static int ecdsa_can_do( mbedtls_pk_type_t type )
482{
483 return( type == MBEDTLS_PK_ECDSA );
484}
485
Jerome Forissier11fa71b2020-04-20 17:17:56 +0200[diff] [blame^]486#if defined(MBEDTLS_USE_PSA_CRYPTO)
487/*
488 * An ASN.1 encoded signature is a sequence of two ASN.1 integers. Parse one of
489 * those integers and convert it to the fixed-length encoding expected by PSA.
490 */
491static int extract_ecdsa_sig_int( unsigned char **from, const unsigned char *end,
492 unsigned char *to, size_t to_len )
493{
494 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
495 size_t unpadded_len, padding_len;
496
497 if( ( ret = mbedtls_asn1_get_tag( from, end, &unpadded_len,
498 MBEDTLS_ASN1_INTEGER ) ) != 0 )
499 {
500 return( ret );
501 }
502
503 while( unpadded_len > 0 && **from == 0x00 )
504 {
505 ( *from )++;
506 unpadded_len--;
507 }
508
509 if( unpadded_len > to_len || unpadded_len == 0 )
510 return( MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
511
512 padding_len = to_len - unpadded_len;
513 memset( to, 0x00, padding_len );
514 memcpy( to + padding_len, *from, unpadded_len );
515 ( *from ) += unpadded_len;
516
517 return( 0 );
518}
519
520/*
521 * Convert a signature from an ASN.1 sequence of two integers
522 * to a raw {r,s} buffer. Note: the provided sig buffer must be at least
523 * twice as big as int_size.
524 */
525static int extract_ecdsa_sig( unsigned char **p, const unsigned char *end,
526 unsigned char *sig, size_t int_size )
527{
528 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
529 size_t tmp_size;
530
531 if( ( ret = mbedtls_asn1_get_tag( p, end, &tmp_size,
532 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
533 return( ret );
534
535 /* Extract r */
536 if( ( ret = extract_ecdsa_sig_int( p, end, sig, int_size ) ) != 0 )
537 return( ret );
538 /* Extract s */
539 if( ( ret = extract_ecdsa_sig_int( p, end, sig + int_size, int_size ) ) != 0 )
540 return( ret );
541
542 return( 0 );
543}
544
545static int ecdsa_verify_wrap( void *ctx_arg, mbedtls_md_type_t md_alg,
546 const unsigned char *hash, size_t hash_len,
547 const unsigned char *sig, size_t sig_len )
548{
549 mbedtls_ecdsa_context *ctx = ctx_arg;
550 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
551 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
552 psa_key_handle_t key_handle = 0;
553 psa_status_t status;
554 mbedtls_pk_context key;
555 int key_len;
556 /* see ECP_PUB_DER_MAX_BYTES in pkwrite.c */
557 unsigned char buf[30 + 2 * MBEDTLS_ECP_MAX_BYTES];
558 unsigned char *p;
559 mbedtls_pk_info_t pk_info = mbedtls_eckey_info;
560 psa_algorithm_t psa_sig_md, psa_md;
561 size_t curve_bits;
562 psa_ecc_curve_t curve =
563 mbedtls_ecc_group_to_psa( ctx->grp.id, &curve_bits );
564 const size_t signature_part_size = ( ctx->grp.nbits + 7 ) / 8;
565
566 if( curve == 0 )
567 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
568
569 /* mbedtls_pk_write_pubkey() expects a full PK context;
570 * re-construct one to make it happy */
571 key.pk_info = &pk_info;
572 key.pk_ctx = ctx;
573 p = buf + sizeof( buf );
574 key_len = mbedtls_pk_write_pubkey( &p, buf, &key );
575 if( key_len <= 0 )
576 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
577
578 psa_md = mbedtls_psa_translate_md( md_alg );
579 if( psa_md == 0 )
580 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
581 psa_sig_md = PSA_ALG_ECDSA( psa_md );
582
583 psa_set_key_type( &attributes, PSA_KEY_TYPE_ECC_PUBLIC_KEY( curve ) );
584 psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH );
585 psa_set_key_algorithm( &attributes, psa_sig_md );
586
587 status = psa_import_key( &attributes,
588 buf + sizeof( buf ) - key_len, key_len,
589 &key_handle );
590 if( status != PSA_SUCCESS )
591 {
592 ret = mbedtls_psa_err_translate_pk( status );
593 goto cleanup;
594 }
595
596 /* We don't need the exported key anymore and can
597 * reuse its buffer for signature extraction. */
598 if( 2 * signature_part_size > sizeof( buf ) )
599 {
600 ret = MBEDTLS_ERR_PK_BAD_INPUT_DATA;
601 goto cleanup;
602 }
603
604 p = (unsigned char*) sig;
605 if( ( ret = extract_ecdsa_sig( &p, sig + sig_len, buf,
606 signature_part_size ) ) != 0 )
607 {
608 goto cleanup;
609 }
610
611 if( psa_verify_hash( key_handle, psa_sig_md,
612 hash, hash_len,
613 buf, 2 * signature_part_size )
614 != PSA_SUCCESS )
615 {
616 ret = MBEDTLS_ERR_ECP_VERIFY_FAILED;
617 goto cleanup;
618 }
619
620 if( p != sig + sig_len )
621 {
622 ret = MBEDTLS_ERR_PK_SIG_LEN_MISMATCH;
623 goto cleanup;
624 }
625 ret = 0;
626
627cleanup:
628 psa_destroy_key( key_handle );
629 return( ret );
630}
631#else /* MBEDTLS_USE_PSA_CRYPTO */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]632static int ecdsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
633 const unsigned char *hash, size_t hash_len,
634 const unsigned char *sig, size_t sig_len )
635{
Jerome Forissier11fa71b2020-04-20 17:17:56 +0200[diff] [blame^]636 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]637 ((void) md_alg);
638
639 ret = mbedtls_ecdsa_read_signature( (mbedtls_ecdsa_context *) ctx,
640 hash, hash_len, sig, sig_len );
641
642 if( ret == MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH )
643 return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );
644
645 return( ret );
646}
Jerome Forissier11fa71b2020-04-20 17:17:56 +0200[diff] [blame^]647#endif /* MBEDTLS_USE_PSA_CRYPTO */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]648
649static int ecdsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
650 const unsigned char *hash, size_t hash_len,
651 unsigned char *sig, size_t *sig_len,
652 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
653{
654 return( mbedtls_ecdsa_write_signature( (mbedtls_ecdsa_context *) ctx,
655 md_alg, hash, hash_len, sig, sig_len, f_rng, p_rng ) );
656}
657
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]658#if defined(MBEDTLS_ECP_RESTARTABLE)
659static int ecdsa_verify_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
660 const unsigned char *hash, size_t hash_len,
661 const unsigned char *sig, size_t sig_len,
662 void *rs_ctx )
663{
Jerome Forissier11fa71b2020-04-20 17:17:56 +0200[diff] [blame^]664 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]665 ((void) md_alg);
666
667 ret = mbedtls_ecdsa_read_signature_restartable(
668 (mbedtls_ecdsa_context *) ctx,
669 hash, hash_len, sig, sig_len,
670 (mbedtls_ecdsa_restart_ctx *) rs_ctx );
671
672 if( ret == MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH )
673 return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );
674
675 return( ret );
676}
677
678static int ecdsa_sign_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
679 const unsigned char *hash, size_t hash_len,
680 unsigned char *sig, size_t *sig_len,
681 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
682 void *rs_ctx )
683{
684 return( mbedtls_ecdsa_write_signature_restartable(
685 (mbedtls_ecdsa_context *) ctx,
686 md_alg, hash, hash_len, sig, sig_len, f_rng, p_rng,
687 (mbedtls_ecdsa_restart_ctx *) rs_ctx ) );
688
689}
690#endif /* MBEDTLS_ECP_RESTARTABLE */
691
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]692static void *ecdsa_alloc_wrap( void )
693{
694 void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ecdsa_context ) );
695
696 if( ctx != NULL )
697 mbedtls_ecdsa_init( (mbedtls_ecdsa_context *) ctx );
698
699 return( ctx );
700}
701
702static void ecdsa_free_wrap( void *ctx )
703{
704 mbedtls_ecdsa_free( (mbedtls_ecdsa_context *) ctx );
705 mbedtls_free( ctx );
706}
707
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]708#if defined(MBEDTLS_ECP_RESTARTABLE)
709static void *ecdsa_rs_alloc( void )
710{
711 void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ecdsa_restart_ctx ) );
712
713 if( ctx != NULL )
714 mbedtls_ecdsa_restart_init( ctx );
715
716 return( ctx );
717}
718
719static void ecdsa_rs_free( void *ctx )
720{
721 mbedtls_ecdsa_restart_free( ctx );
722 mbedtls_free( ctx );
723}
724#endif /* MBEDTLS_ECP_RESTARTABLE */
725
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]726const mbedtls_pk_info_t mbedtls_ecdsa_info = {
727 MBEDTLS_PK_ECDSA,
728 "ECDSA",
729 eckey_get_bitlen, /* Compatible key structures */
730 ecdsa_can_do,
731 ecdsa_verify_wrap,
732 ecdsa_sign_wrap,
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]733#if defined(MBEDTLS_ECP_RESTARTABLE)
734 ecdsa_verify_rs_wrap,
735 ecdsa_sign_rs_wrap,
736#endif
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]737 NULL,
738 NULL,
739 eckey_check_pair, /* Compatible key structures */
740 ecdsa_alloc_wrap,
741 ecdsa_free_wrap,
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]742#if defined(MBEDTLS_ECP_RESTARTABLE)
743 ecdsa_rs_alloc,
744 ecdsa_rs_free,
745#endif
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]746 eckey_debug, /* Compatible key structures */
747};
748#endif /* MBEDTLS_ECDSA_C */
749
750#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
751/*
752 * Support for alternative RSA-private implementations
753 */
754
755static int rsa_alt_can_do( mbedtls_pk_type_t type )
756{
757 return( type == MBEDTLS_PK_RSA );
758}
759
760static size_t rsa_alt_get_bitlen( const void *ctx )
761{
762 const mbedtls_rsa_alt_context *rsa_alt = (const mbedtls_rsa_alt_context *) ctx;
763
764 return( 8 * rsa_alt->key_len_func( rsa_alt->key ) );
765}
766
767static int rsa_alt_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
768 const unsigned char *hash, size_t hash_len,
769 unsigned char *sig, size_t *sig_len,
770 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
771{
772 mbedtls_rsa_alt_context *rsa_alt = (mbedtls_rsa_alt_context *) ctx;
773
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]774#if SIZE_MAX > UINT_MAX
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]775 if( UINT_MAX < hash_len )
776 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]777#endif /* SIZE_MAX > UINT_MAX */
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]778
779 *sig_len = rsa_alt->key_len_func( rsa_alt->key );
Jerome Forissier11fa71b2020-04-20 17:17:56 +0200[diff] [blame^]780 if( *sig_len > MBEDTLS_PK_SIGNATURE_MAX_SIZE )
781 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]782
783 return( rsa_alt->sign_func( rsa_alt->key, f_rng, p_rng, MBEDTLS_RSA_PRIVATE,
784 md_alg, (unsigned int) hash_len, hash, sig ) );
785}
786
787static int rsa_alt_decrypt_wrap( void *ctx,
788 const unsigned char *input, size_t ilen,
789 unsigned char *output, size_t *olen, size_t osize,
790 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
791{
792 mbedtls_rsa_alt_context *rsa_alt = (mbedtls_rsa_alt_context *) ctx;
793
794 ((void) f_rng);
795 ((void) p_rng);
796
797 if( ilen != rsa_alt->key_len_func( rsa_alt->key ) )
798 return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
799
800 return( rsa_alt->decrypt_func( rsa_alt->key,
801 MBEDTLS_RSA_PRIVATE, olen, input, output, osize ) );
802}
803
804#if defined(MBEDTLS_RSA_C)
805static int rsa_alt_check_pair( const void *pub, const void *prv )
806{
807 unsigned char sig[MBEDTLS_MPI_MAX_SIZE];
808 unsigned char hash[32];
809 size_t sig_len = 0;
Jerome Forissier11fa71b2020-04-20 17:17:56 +0200[diff] [blame^]810 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]811
812 if( rsa_alt_get_bitlen( prv ) != rsa_get_bitlen( pub ) )
813 return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
814
815 memset( hash, 0x2a, sizeof( hash ) );
816
817 if( ( ret = rsa_alt_sign_wrap( (void *) prv, MBEDTLS_MD_NONE,
818 hash, sizeof( hash ),
819 sig, &sig_len, NULL, NULL ) ) != 0 )
820 {
821 return( ret );
822 }
823
824 if( rsa_verify_wrap( (void *) pub, MBEDTLS_MD_NONE,
825 hash, sizeof( hash ), sig, sig_len ) != 0 )
826 {
827 return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
828 }
829
830 return( 0 );
831}
832#endif /* MBEDTLS_RSA_C */
833
834static void *rsa_alt_alloc_wrap( void )
835{
836 void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_rsa_alt_context ) );
837
838 if( ctx != NULL )
839 memset( ctx, 0, sizeof( mbedtls_rsa_alt_context ) );
840
841 return( ctx );
842}
843
844static void rsa_alt_free_wrap( void *ctx )
845{
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]846 mbedtls_platform_zeroize( ctx, sizeof( mbedtls_rsa_alt_context ) );
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]847 mbedtls_free( ctx );
848}
849
850const mbedtls_pk_info_t mbedtls_rsa_alt_info = {
851 MBEDTLS_PK_RSA_ALT,
852 "RSA-alt",
853 rsa_alt_get_bitlen,
854 rsa_alt_can_do,
855 NULL,
856 rsa_alt_sign_wrap,
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]857#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
858 NULL,
859 NULL,
860#endif
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]861 rsa_alt_decrypt_wrap,
862 NULL,
863#if defined(MBEDTLS_RSA_C)
864 rsa_alt_check_pair,
865#else
866 NULL,
867#endif
868 rsa_alt_alloc_wrap,
869 rsa_alt_free_wrap,
Jens Wiklander3d3b0592019-03-20 15:30:29 +0100[diff] [blame]870#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
871 NULL,
872 NULL,
873#endif
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]874 NULL,
875};
876
877#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
878
Jerome Forissier11fa71b2020-04-20 17:17:56 +0200[diff] [blame^]879#if defined(MBEDTLS_USE_PSA_CRYPTO)
880
881static void *pk_opaque_alloc_wrap( void )
882{
883 void *ctx = mbedtls_calloc( 1, sizeof( psa_key_handle_t ) );
884
885 /* no _init() function to call, an calloc() already zeroized */
886
887 return( ctx );
888}
889
890static void pk_opaque_free_wrap( void *ctx )
891{
892 mbedtls_platform_zeroize( ctx, sizeof( psa_key_handle_t ) );
893 mbedtls_free( ctx );
894}
895
896static size_t pk_opaque_get_bitlen( const void *ctx )
897{
898 const psa_key_handle_t *key = (const psa_key_handle_t *) ctx;
899 size_t bits;
900 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
901
902 if( PSA_SUCCESS != psa_get_key_attributes( *key, &attributes ) )
903 return( 0 );
904
905 bits = psa_get_key_bits( &attributes );
906 psa_reset_key_attributes( &attributes );
907 return( bits );
908}
909
910static int pk_opaque_can_do( mbedtls_pk_type_t type )
911{
912 /* For now opaque PSA keys can only wrap ECC keypairs,
913 * as checked by setup_psa().
914 * Also, ECKEY_DH does not really make sense with the current API. */
915 return( type == MBEDTLS_PK_ECKEY ||
916 type == MBEDTLS_PK_ECDSA );
917}
918
919/*
920 * Simultaneously convert and move raw MPI from the beginning of a buffer
921 * to an ASN.1 MPI at the end of the buffer.
922 * See also mbedtls_asn1_write_mpi().
923 *
924 * p: pointer to the end of the output buffer
925 * start: start of the output buffer, and also of the mpi to write at the end
926 * n_len: length of the mpi to read from start
927 */
928static int asn1_write_mpibuf( unsigned char **p, unsigned char *start,
929 size_t n_len )
930{
931 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
932 size_t len = 0;
933
934 if( (size_t)( *p - start ) < n_len )
935 return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
936
937 len = n_len;
938 *p -= len;
939 memmove( *p, start, len );
940
941 /* ASN.1 DER encoding requires minimal length, so skip leading 0s.
942 * Neither r nor s should be 0, but as a failsafe measure, still detect
943 * that rather than overflowing the buffer in case of a PSA error. */
944 while( len > 0 && **p == 0x00 )
945 {
946 ++(*p);
947 --len;
948 }
949
950 /* this is only reached if the signature was invalid */
951 if( len == 0 )
952 return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );
953
954 /* if the msb is 1, ASN.1 requires that we prepend a 0.
955 * Neither r nor s can be 0, so we can assume len > 0 at all times. */
956 if( **p & 0x80 )
957 {
958 if( *p - start < 1 )
959 return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
960
961 *--(*p) = 0x00;
962 len += 1;
963 }
964
965 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
966 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start,
967 MBEDTLS_ASN1_INTEGER ) );
968
969 return( (int) len );
970}
971
972/* Transcode signature from PSA format to ASN.1 sequence.
973 * See ecdsa_signature_to_asn1 in ecdsa.c, but with byte buffers instead of
974 * MPIs, and in-place.
975 *
976 * [in/out] sig: the signature pre- and post-transcoding
977 * [in/out] sig_len: signature length pre- and post-transcoding
978 * [int] buf_len: the available size the in/out buffer
979 */
980static int pk_ecdsa_sig_asn1_from_psa( unsigned char *sig, size_t *sig_len,
981 size_t buf_len )
982{
983 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
984 size_t len = 0;
985 const size_t rs_len = *sig_len / 2;
986 unsigned char *p = sig + buf_len;
987
988 MBEDTLS_ASN1_CHK_ADD( len, asn1_write_mpibuf( &p, sig + rs_len, rs_len ) );
989 MBEDTLS_ASN1_CHK_ADD( len, asn1_write_mpibuf( &p, sig, rs_len ) );
990
991 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &p, sig, len ) );
992 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &p, sig,
993 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) );
994
995 memmove( sig, p, len );
996 *sig_len = len;
997
998 return( 0 );
999}
1000
1001static int pk_opaque_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
1002 const unsigned char *hash, size_t hash_len,
1003 unsigned char *sig, size_t *sig_len,
1004 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
1005{
1006 const psa_key_handle_t *key = (const psa_key_handle_t *) ctx;
1007 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
1008 psa_algorithm_t alg = PSA_ALG_ECDSA( mbedtls_psa_translate_md( md_alg ) );
1009 size_t buf_len;
1010 psa_status_t status;
1011
1012 /* PSA has its own RNG */
1013 (void) f_rng;
1014 (void) p_rng;
1015
1016 /* PSA needs an output buffer of known size, but our API doesn't provide
1017 * that information. Assume that the buffer is large enough for a
1018 * maximal-length signature with that key (otherwise the application is
1019 * buggy anyway). */
1020 status = psa_get_key_attributes( *key, &attributes );
1021 if( status != PSA_SUCCESS )
1022 return( mbedtls_psa_err_translate_pk( status ) );
1023 buf_len = MBEDTLS_ECDSA_MAX_SIG_LEN( psa_get_key_bits( &attributes ) );
1024 psa_reset_key_attributes( &attributes );
1025 if( buf_len > MBEDTLS_PK_SIGNATURE_MAX_SIZE )
1026 return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
1027
1028 /* make the signature */
1029 status = psa_sign_hash( *key, alg, hash, hash_len,
1030 sig, buf_len, sig_len );
1031 if( status != PSA_SUCCESS )
1032 return( mbedtls_psa_err_translate_pk( status ) );
1033
1034 /* transcode it to ASN.1 sequence */
1035 return( pk_ecdsa_sig_asn1_from_psa( sig, sig_len, buf_len ) );
1036}
1037
1038const mbedtls_pk_info_t mbedtls_pk_opaque_info = {
1039 MBEDTLS_PK_OPAQUE,
1040 "Opaque",
1041 pk_opaque_get_bitlen,
1042 pk_opaque_can_do,
1043 NULL, /* verify - will be done later */
1044 pk_opaque_sign_wrap,
1045#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
1046 NULL, /* restartable verify - not relevant */
1047 NULL, /* restartable sign - not relevant */
1048#endif
1049 NULL, /* decrypt - will be done later */
1050 NULL, /* encrypt - will be done later */
1051 NULL, /* check_pair - could be done later or left NULL */
1052 pk_opaque_alloc_wrap,
1053 pk_opaque_free_wrap,
1054#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
1055 NULL, /* restart alloc - not relevant */
1056 NULL, /* restart free - not relevant */
1057#endif
1058 NULL, /* debug - could be done later, or even left NULL */
1059};
1060
1061#endif /* MBEDTLS_USE_PSA_CRYPTO */
1062
Jens Wiklander817466c2018-05-22 13:49:31 +0200[diff] [blame]1063#endif /* MBEDTLS_PK_C */