Merge pull request #5571 from superna9999/5162-pk-rsa-signing
PK: RSA signing
diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index f7480c6..03516b5 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -191,6 +191,75 @@
return( 0 );
}
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ unsigned char *sig, size_t sig_size, size_t *sig_len,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+{
+ mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
+ psa_status_t status;
+ mbedtls_pk_context key;
+ int key_len;
+ unsigned char buf[MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES];
+ mbedtls_pk_info_t pk_info = mbedtls_rsa_info;
+ psa_algorithm_t psa_alg_md =
+ PSA_ALG_RSA_PKCS1V15_SIGN( mbedtls_psa_translate_md( md_alg ) );
+
+ ((void) f_rng);
+ ((void) p_rng);
+
+#if SIZE_MAX > UINT_MAX
+ if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len )
+ return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+#endif /* SIZE_MAX > UINT_MAX */
+
+ *sig_len = mbedtls_rsa_get_len( rsa );
+ if( sig_size < *sig_len )
+ return( MBEDTLS_ERR_PK_BUFFER_TOO_SMALL );
+
+ /* mbedtls_pk_write_key_der() expects a full PK context;
+ * re-construct one to make it happy */
+ key.pk_info = &pk_info;
+ key.pk_ctx = ctx;
+ key_len = mbedtls_pk_write_key_der( &key, buf, sizeof( buf ) );
+ if( key_len <= 0 )
+ return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH );
+ psa_set_key_algorithm( &attributes, psa_alg_md );
+ psa_set_key_type( &attributes, PSA_KEY_TYPE_RSA_KEY_PAIR );
+
+ status = psa_import_key( &attributes,
+ buf + sizeof( buf ) - key_len, key_len,
+ &key_id );
+ if( status != PSA_SUCCESS )
+ {
+ ret = mbedtls_pk_error_from_psa( status );
+ goto cleanup;
+ }
+
+ status = psa_sign_hash( key_id, psa_alg_md, hash, hash_len,
+ sig, sig_size, sig_len );
+ if( status != PSA_SUCCESS )
+ {
+ ret = mbedtls_pk_error_from_psa_rsa( status );
+ goto cleanup;
+ }
+
+ ret = 0;
+
+cleanup:
+ status = psa_destroy_key( key_id );
+ if( ret == 0 && status != PSA_SUCCESS )
+ ret = mbedtls_pk_error_from_psa( status );
+
+ return( ret );
+}
+#else
static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
unsigned char *sig, size_t sig_size, size_t *sig_len,
@@ -211,6 +280,7 @@
md_alg, (unsigned int) hash_len,
hash, sig ) );
}
+#endif
static int rsa_decrypt_wrap( void *ctx,
const unsigned char *input, size_t ilen,
diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function
index 261794c..1e88191 100644
--- a/tests/suites/test_suite_x509write.function
+++ b/tests/suites/test_suite_x509write.function
@@ -93,6 +93,8 @@
memset( &rnd_info, 0x2a, sizeof( mbedtls_test_rnd_pseudo_info ) );
+ USE_PSA_INIT( );
+
mbedtls_pk_init( &key );
TEST_ASSERT( mbedtls_pk_parse_keyfile( &key, key_file, NULL,
mbedtls_test_rnd_std_rand, NULL ) == 0 );
@@ -140,6 +142,7 @@
exit:
mbedtls_x509write_csr_free( &req );
mbedtls_pk_free( &key );
+ USE_PSA_DONE( );
}
/* END_CASE */
@@ -220,6 +223,8 @@
memset( &rnd_info, 0x2a, sizeof( mbedtls_test_rnd_pseudo_info ) );
mbedtls_mpi_init( &serial );
+ USE_PSA_INIT( );
+
mbedtls_pk_init( &subject_key );
mbedtls_pk_init( &issuer_key );
mbedtls_pk_init( &issuer_key_alt );
@@ -316,6 +321,7 @@
mbedtls_pk_free( &subject_key );
mbedtls_pk_free( &issuer_key );
mbedtls_mpi_free( &serial );
+ USE_PSA_DONE( );
}
/* END_CASE */