added support for PKCSv1.5 signature verification and encryption/decryption and very basic tests.
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index edb81c4..a18abcd 100755
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -1353,7 +1353,247 @@
}
}
+psa_status_t psa_asymmetric_verify(psa_key_slot_t key,
+ psa_algorithm_t alg,
+ const uint8_t *hash,
+ size_t hash_length,
+ const uint8_t *salt,
+ size_t salt_length,
+ uint8_t *signature,
+ size_t signature_size)
+{
+ key_slot_t *slot;
+ (void) salt;
+ (void) salt_length;
+ if( key == 0 || key > MBEDTLS_PSA_KEY_SLOT_COUNT )
+ return( PSA_ERROR_EMPTY_SLOT );
+ slot = &global_data.key_slots[key];
+ if( slot->type == PSA_KEY_TYPE_NONE )
+ return( PSA_ERROR_EMPTY_SLOT );
+ if( ! PSA_KEY_TYPE_IS_KEYPAIR( slot->type ) )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+
+ #if defined(MBEDTLS_RSA_C)
+ if( slot->type == PSA_KEY_TYPE_RSA_KEYPAIR )
+ {
+ mbedtls_rsa_context *rsa = slot->data.rsa;
+ int ret;
+ psa_algorithm_t hash_alg = PSA_ALG_RSA_GET_HASH( alg );
+ const mbedtls_md_info_t *md_info = mbedtls_md_info_from_psa( hash_alg );
+ mbedtls_md_type_t md_alg =
+ hash_alg == 0 ? MBEDTLS_MD_NONE : mbedtls_md_get_type( md_info );
+ if( md_alg == MBEDTLS_MD_NONE )
+ {
+#if SIZE_MAX > UINT_MAX
+ if( hash_length > UINT_MAX )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+#endif
+ }
+ else
+ {
+ if( mbedtls_md_get_size( md_info ) != hash_length )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ if( md_info == NULL )
+ return( PSA_ERROR_NOT_SUPPORTED );
+ }
+ if( signature_size < rsa->len )
+ return( PSA_ERROR_BUFFER_TOO_SMALL );
+#if defined(MBEDTLS_PKCS1_V15)
+ if( PSA_ALG_IS_RSA_PKCS1V15( alg ) )
+ {
+ mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V15,
+ MBEDTLS_MD_NONE );
+
+ ret = mbedtls_rsa_pkcs1_verify( rsa,
+ mbedtls_ctr_drbg_random,
+ &global_data.ctr_drbg,
+ MBEDTLS_RSA_PUBLIC,
+ md_alg,
+ hash_length,
+ hash,
+ signature );
+
+ }
+ else
+#endif /* MBEDTLS_PKCS1_V15 */
+#if defined(MBEDTLS_PKCS1_V21)
+ if( alg == PSA_ALG_RSA_PSS_MGF1 )
+ {
+ return( PSA_ERROR_NOT_SUPPORTED );
+ }
+ else
+#endif /* MBEDTLS_PKCS1_V21 */
+ {
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
+ return( mbedtls_to_psa_error( ret ) );
+ }
+ else
+#endif /* defined(MBEDTLS_RSA_C) */
+#if defined(MBEDTLS_ECP_C)
+ if( PSA_KEY_TYPE_IS_ECC( slot->type ) )
+ {
+ // TODO
+ return( PSA_ERROR_NOT_SUPPORTED );
+ }
+ else
+#endif /* defined(MBEDTLS_ECP_C) */
+ {
+ return( PSA_ERROR_NOT_SUPPORTED );
+ }
+}
+
+
+psa_status_t psa_asymmetric_encrypt(psa_key_slot_t key,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ const uint8_t *salt,
+ size_t salt_length,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length)
+{
+ key_slot_t *slot;
+ (void) salt;
+ (void) salt_length;
+
+ if( key == 0 || key > MBEDTLS_PSA_KEY_SLOT_COUNT )
+ return( PSA_ERROR_EMPTY_SLOT );
+ slot = &global_data.key_slots[key];
+ if( slot->type == PSA_KEY_TYPE_NONE )
+ return( PSA_ERROR_EMPTY_SLOT );
+ if( ! PSA_KEY_TYPE_IS_KEYPAIR( slot->type ) )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+
+ // check output size?
+
+#if defined(MBEDTLS_RSA_C)
+ if( slot->type == PSA_KEY_TYPE_RSA_KEYPAIR )
+ {
+ mbedtls_rsa_context *rsa = slot->data.rsa;
+ int ret;
+ if( output_size < rsa->len )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+#if defined(MBEDTLS_PKCS1_V15)
+ if( PSA_ALG_IS_RSA_PKCS1V15( alg ) )
+ {
+ ret = mbedtls_rsa_pkcs1_encrypt( rsa,
+ mbedtls_ctr_drbg_random,
+ &global_data.ctr_drbg,
+ MBEDTLS_RSA_PUBLIC,
+ input_length,
+ input,
+ output );
+ }
+ else
+#endif /* MBEDTLS_PKCS1_V15 */
+#if defined(MBEDTLS_PKCS1_V21)
+ if( alg == PSA_ALG_RSA_PSS_MGF1 )
+ {
+ return( PSA_ERROR_NOT_SUPPORTED );
+ }
+ else
+#endif /* MBEDTLS_PKCS1_V21 */
+ {
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
+ if( ret == 0 )
+ *output_length = rsa->len; // check if this is correct
+ return( mbedtls_to_psa_error( ret ) );
+ }
+#endif
+#if defined(MBEDTLS_ECP_C)
+ if( PSA_KEY_TYPE_IS_ECC( slot->type ) )
+ {
+ // TODO
+ return( PSA_ERROR_NOT_SUPPORTED );
+ }
+ else
+#endif /* defined(MBEDTLS_ECP_C) */
+ {
+ return( PSA_ERROR_NOT_SUPPORTED );
+ }
+
+}
+
+
+psa_status_t psa_asymmetric_decrypt(psa_key_slot_t key,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ const uint8_t *salt,
+ size_t salt_length,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length)
+{
+ key_slot_t *slot;
+ (void) salt;
+ (void) salt_length;
+
+ if( key == 0 || key > MBEDTLS_PSA_KEY_SLOT_COUNT )
+ return( PSA_ERROR_EMPTY_SLOT );
+ slot = &global_data.key_slots[key];
+ if( slot->type == PSA_KEY_TYPE_NONE )
+ return( PSA_ERROR_EMPTY_SLOT );
+ if( ! PSA_KEY_TYPE_IS_KEYPAIR( slot->type ) )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+
+#if defined(MBEDTLS_RSA_C)
+ if( slot->type == PSA_KEY_TYPE_RSA_KEYPAIR )
+ {
+ mbedtls_rsa_context *rsa = slot->data.rsa;
+ int ret;
+
+ if( output_size < rsa->len )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+
+#if defined(MBEDTLS_PKCS1_V15)
+ if( PSA_ALG_IS_RSA_PKCS1V15( alg ) )
+ {
+ *output_length = input_length; // check this
+ ret = mbedtls_rsa_pkcs1_decrypt( rsa,
+ mbedtls_ctr_drbg_random,
+ &global_data.ctr_drbg,
+ MBEDTLS_RSA_PRIVATE,
+ output_length,
+ input,
+ output,
+ output_size );
+ }
+ else
+#endif /* MBEDTLS_PKCS1_V15 */
+#if defined(MBEDTLS_PKCS1_V21)
+ if( alg == PSA_ALG_RSA_PSS_MGF1 )
+ {
+ return( PSA_ERROR_NOT_SUPPORTED );
+ }
+ else
+#endif /* MBEDTLS_PKCS1_V21 */
+ {
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
+ if( ret == 0 )
+ *output_length = rsa->len; // check if this is correct
+ return( mbedtls_to_psa_error( ret ) );
+ }
+#endif
+#if defined(MBEDTLS_ECP_C)
+ if( PSA_KEY_TYPE_IS_ECC( slot->type ) )
+ {
+ // TODO
+ return( PSA_ERROR_NOT_SUPPORTED );
+ }
+ else
+#endif /* defined(MBEDTLS_ECP_C) */
+ {
+ return( PSA_ERROR_NOT_SUPPORTED );
+ }
+
+}
+
/****************************************************************/
/* Key Policy */