Implement PK Opaque RSA PSS signature
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
diff --git a/library/pk.c b/library/pk.c
index e238911..5f8cbc2 100644
--- a/library/pk.c
+++ b/library/pk.c
@@ -545,6 +545,33 @@
if( ! mbedtls_pk_can_do( ctx, pk_type ) )
return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
+ if( pk_type == MBEDTLS_PK_RSASSA_PSS &&
+ mbedtls_pk_get_type( ctx ) == MBEDTLS_PK_OPAQUE )
+ {
+#if defined(MBEDTLS_RSA_C)
+ const mbedtls_svc_key_id_t *key = (const mbedtls_svc_key_id_t *) ctx->pk_ctx;
+ psa_status_t status;
+
+ /* PSA has its own RNG */
+ (void) f_rng;
+ (void) p_rng;
+
+ psa_md_alg = mbedtls_psa_translate_md( md_alg );
+ if( psa_md_alg == 0 )
+ return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+
+ status = psa_sign_hash( *key, PSA_ALG_RSA_PSS( psa_md_alg ),
+ hash, hash_len,
+ sig, sig_size, sig_len );
+ if( status != PSA_SUCCESS )
+ return( mbedtls_pk_error_from_psa_rsa( status ) );
+
+ return 0;
+#else
+ return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
+#endif /* MBEDTLS_RSA_C */
+ }
+
if( pk_type != MBEDTLS_PK_RSASSA_PSS )
{
return( mbedtls_pk_sign( ctx, md_alg, hash, hash_len,
diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index a9c3c71..852c46e 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -1501,7 +1501,8 @@
static int pk_opaque_rsa_can_do( mbedtls_pk_type_t type )
{
- return( type == MBEDTLS_PK_RSA );
+ return( type == MBEDTLS_PK_RSA ||
+ type == MBEDTLS_PK_RSASSA_PSS );
}
static int pk_opaque_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,