pk_wrap.c: add support for ecdsa signature verification using PSA
Use PSA internally to verify signatures.
Add a conversion to a raw signature format.
diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index 87806be..f48b850 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -45,6 +45,12 @@
#include "mbedtls/platform_util.h"
#endif
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#include "psa/crypto.h"
+#include "mbedtls/x509.h"
+#include "mbedtls/asn1.h"
+#endif
+
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
#else
@@ -472,6 +478,259 @@
return( type == MBEDTLS_PK_ECDSA );
}
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+static psa_status_t mbedtls_psa_get_free_key_slot( psa_key_slot_t *key )
+{
+ for( psa_key_slot_t slot = 1; slot <= 32; slot++ )
+ {
+ if( psa_get_key_information( slot, NULL, NULL ) == PSA_ERROR_EMPTY_SLOT )
+ {
+ *key = slot;
+ return( PSA_SUCCESS );
+ }
+ }
+ return( PSA_ERROR_INSUFFICIENT_MEMORY );
+}
+
+static psa_algorithm_t translate_md_to_psa( mbedtls_md_type_t md_alg )
+{
+ switch( md_alg )
+ {
+#if defined(MBEDTLS_MD2_C)
+ case MBEDTLS_MD_MD2:
+ return( PSA_ALG_MD2 );
+#endif
+#if defined(MBEDTLS_MD4_C)
+ case MBEDTLS_MD_MD4:
+ return( PSA_ALG_MD4 );
+#endif
+#if defined(MBEDTLS_MD5_C)
+ case MBEDTLS_MD_MD5:
+ return( PSA_ALG_MD5 );
+#endif
+#if defined(MBEDTLS_SHA1_C)
+ case MBEDTLS_MD_SHA1:
+ return( PSA_ALG_SHA_1 );
+#endif
+#if defined(MBEDTLS_SHA256_C)
+ case MBEDTLS_MD_SHA224:
+ return( PSA_ALG_SHA_224 );
+ case MBEDTLS_MD_SHA256:
+ return( PSA_ALG_SHA_256 );
+#endif
+#if defined(MBEDTLS_SHA512_C)
+ case MBEDTLS_MD_SHA384:
+ return( PSA_ALG_SHA_384 );
+ case MBEDTLS_MD_SHA512:
+ return( PSA_ALG_SHA_512 );
+#endif
+#if defined(MBEDTLS_RIPEMD160_C)
+ case MBEDTLS_MD_RIPEMD160:
+ return( PSA_ALG_RIPEMD160 );
+#endif
+ case MBEDTLS_MD_NONE: // Intentional fallthrough
+ default:
+ return( 0 );
+ }
+}
+
+/*
+ * Convert a signature from an ASN.1 sequence of two integers
+ * to a raw {r,s} buffer. Note: upon a successful call, the caller
+ * takes ownership of the sig->p buffer.
+ */
+static int extract_ecdsa_sig( unsigned char **p, const unsigned char *end,
+ mbedtls_asn1_buf *sig )
+{
+ int ret;
+ size_t len_signature;
+ size_t len_partial;
+ int tag_type;
+ if( ( end - *p ) < 1 )
+ return( MBEDTLS_ERR_X509_INVALID_SIGNATURE +
+ MBEDTLS_ERR_ASN1_OUT_OF_DATA );
+ tag_type = **p;
+
+ if( ( ret = mbedtls_asn1_get_tag(p, end, &len_partial,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) {
+ return( MBEDTLS_ERR_X509_INVALID_SIGNATURE + ret );
+ }
+
+ if( ( ret = mbedtls_asn1_get_tag( p, end, &len_partial, MBEDTLS_ASN1_INTEGER ) )
+ != 0 )
+ return( ret );
+
+ if( **p == '\0' ) {
+ ( *p )++;
+ len_partial--;
+ }
+
+ sig->p = mbedtls_calloc( 2, len_partial );
+ if( sig->p == NULL ) {
+ return( MBEDTLS_ERR_ASN1_ALLOC_FAILED );
+ }
+
+ memcpy( sig->p, *p, len_partial );
+ len_signature = len_partial;
+ ( *p ) += len_partial;
+ if( ( ret = mbedtls_asn1_get_tag( p, end, &len_partial, MBEDTLS_ASN1_INTEGER ) )
+ != 0 )
+ {
+ mbedtls_free( sig->p );
+ return( ret );
+ }
+
+ if( **p == '\0' ) {
+ ( *p )++;
+ len_partial--;
+ }
+
+ memcpy( sig->p + len_partial, *p, len_partial );
+ len_signature += len_partial;
+ sig->tag = tag_type;
+ sig->len = len_signature;
+ ( *p ) += len_partial;
+ return( 0 );
+}
+
+static psa_ecc_curve_t mbedtls_ecc_group_to_psa( mbedtls_ecp_group_id grpid )
+{
+ switch( grpid )
+ {
+#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
+ case MBEDTLS_ECP_DP_SECP192R1:
+ return( PSA_ECC_CURVE_SECP192R1 );
+#endif
+#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
+ case MBEDTLS_ECP_DP_SECP224R1:
+ return( PSA_ECC_CURVE_SECP224R1 );
+#endif
+#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
+ case MBEDTLS_ECP_DP_SECP256R1:
+ return( PSA_ECC_CURVE_SECP256R1 );
+#endif
+#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
+ case MBEDTLS_ECP_DP_SECP384R1:
+ return( PSA_ECC_CURVE_SECP384R1 );
+#endif
+#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
+ case MBEDTLS_ECP_DP_SECP521R1:
+ return( PSA_ECC_CURVE_SECP521R1 );
+#endif
+#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
+ case MBEDTLS_ECP_DP_BP256R1:
+ return( PSA_ECC_CURVE_BRAINPOOL_P256R1 );
+#endif
+#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
+ case MBEDTLS_ECP_DP_BP384R1:
+ return( PSA_ECC_CURVE_BRAINPOOL_P384R1 );
+#endif
+#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
+ case MBEDTLS_ECP_DP_BP512R1:
+ return( PSA_ECC_CURVE_BRAINPOOL_P512R1 );
+#endif
+#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
+ case MBEDTLS_ECP_DP_CURVE25519:
+ return( PSA_ECC_CURVE_CURVE25519 );
+#endif
+#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
+ case MBEDTLS_ECP_DP_SECP192K1:
+ return( PSA_ECC_CURVE_SECP192K1 );
+#endif
+#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
+ case MBEDTLS_ECP_DP_SECP224K1:
+ return( PSA_ECC_CURVE_SECP224K1 );
+#endif
+#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
+ case MBEDTLS_ECP_DP_SECP256K1:
+ return( PSA_ECC_CURVE_SECP256K1 );
+#endif
+#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
+ case MBEDTLS_ECP_DP_CURVE448:
+ return( PSA_ECC_CURVE_CURVE448 );
+#endif
+ default:
+ return( 0 );
+ }
+}
+
+static int ecdsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ const unsigned char *sig, size_t sig_len )
+{
+ int ret;
+ psa_key_slot_t key_slot;
+ psa_key_policy_t policy;
+ psa_key_type_t psa_type;
+ mbedtls_pk_context key;
+ mbedtls_asn1_buf signature;
+ int key_len;
+ const int buff_len = 30 + 2 * MBEDTLS_ECP_MAX_BYTES; // Equivalent of ECP_PUB_DER_MAX_BYTES
+ unsigned char buf[buff_len];
+ unsigned char *p = ( unsigned char* ) sig;
+ mbedtls_pk_info_t pk_info = mbedtls_eckey_info;
+ psa_algorithm_t psa_sig_md = PSA_ALG_ECDSA( translate_md_to_psa( md_alg ) );
+ psa_ecc_curve_t curve = mbedtls_ecc_group_to_psa ( ( (mbedtls_ecdsa_context *) ctx )->grp.id );
+ ((void) md_alg);
+
+ memset( &signature, 0, sizeof( mbedtls_asn1_buf ) );
+ mbedtls_platform_zeroize( buf, buff_len );
+ key.pk_info = &pk_info;
+ key.pk_ctx = ctx;
+ psa_crypto_init();
+
+ psa_type = PSA_KEY_TYPE_ECC_PUBLIC_KEY( curve );
+
+ if( extract_ecdsa_sig( &p, p + sig_len, &signature ) != 0 )
+ {
+ ret = MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+ goto cleanup;
+ }
+
+ key_len = mbedtls_pk_write_pubkey_der( &key, buf, buff_len );
+ if( key_len <= 0 )
+ {
+ ret = MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+ goto cleanup;
+ }
+
+ if( mbedtls_psa_get_free_key_slot( &key_slot ) != PSA_SUCCESS )
+ {
+ ret = MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
+ goto cleanup;
+ }
+ psa_key_policy_init( &policy );
+ psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_VERIFY, psa_sig_md );
+ if( psa_set_key_policy( key_slot, &policy ) != PSA_SUCCESS )
+ {
+ ret = MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
+ goto cleanup;
+ }
+
+ if( psa_import_key( key_slot, psa_type, buf+buff_len-key_len, key_len )
+ != PSA_SUCCESS )
+ {
+ ret = MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+ goto cleanup;
+ }
+
+ if( psa_asymmetric_verify( key_slot, psa_sig_md,
+ hash, hash_len,
+ signature.p, signature.len )
+ != PSA_SUCCESS )
+ {
+ psa_destroy_key( key_slot );
+ ret = MBEDTLS_ERR_ECP_VERIFY_FAILED;
+ goto cleanup;
+ }
+ ret = 0;
+ psa_destroy_key( key_slot );
+
+ cleanup:
+ mbedtls_free( signature.p );
+ return( ret );
+}
+#else /* MBEDTLS_USE_PSA_CRYPTO */
static int ecdsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
const unsigned char *sig, size_t sig_len )
@@ -487,6 +746,7 @@
return( ret );
}
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
static int ecdsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,