TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / b980c9b48c1d21cfc47c0e6ba4991ade8bb1adec^! / . / library / pk_wrap.c
commitb980c9b48c1d21cfc47c0e6ba4991ade8bb1adec[log] [tgz]
authorNeil Armstrong <narmstrong@baylibre.com>Tue Mar 15 16:19:16 2022 +0100
committerNeil Armstrong <narmstrong@baylibre.com>Thu Apr 07 15:01:24 2022 +0200
tree09b2190c73811e906d2f3c250968abf04a4099db
parentca5b55f0d1115734d07d2f496b95cf551bd0c1d1 [diff] [blame]
Add support for RSA in pk_opaque_sign_wrap()

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>

diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index 8ad6fa1..31645e1 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c

@@ -1512,7 +1512,7 @@
                    unsigned char *sig, size_t sig_size, size_t *sig_len,
                    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
 {
-#if !defined(MBEDTLS_ECDSA_C)
+#if !defined(MBEDTLS_ECDSA_C) && !defined(MBEDTLS_RSA_C)
     ((void) ctx);
     ((void) md_alg);
     ((void) hash);
@@ -1523,36 +1523,62 @@
     ((void) f_rng);
     ((void) p_rng);
     return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
-#else /* !MBEDTLS_ECDSA_C */
+#else /* !MBEDTLS_ECDSA_C && !MBEDTLS_RSA_C */
     const mbedtls_svc_key_id_t *key = (const mbedtls_svc_key_id_t *) ctx;
-    psa_algorithm_t alg = PSA_ALG_ECDSA( mbedtls_psa_translate_md( md_alg ) );
     psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+    psa_algorithm_t alg;
     psa_key_type_t type;
     psa_status_t status;
 
-    status = psa_get_key_attributes( *key, &attributes );
-    if( status != PSA_SUCCESS )
-        return( mbedtls_pk_error_from_psa_ecdca( status ) );
-
-    type = psa_get_key_type( &attributes );
-    psa_reset_key_attributes( &attributes );
-
-    if( ! PSA_KEY_TYPE_IS_ECC_KEY_PAIR( type ) )
-        return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
-
     /* PSA has its own RNG */
     (void) f_rng;
     (void) p_rng;
 
+    status = psa_get_key_attributes( *key, &attributes );
+    if( status != PSA_SUCCESS )
+        return( mbedtls_pk_error_from_psa( status ) );
+
+    type = psa_get_key_type( &attributes );
+    psa_reset_key_attributes( &attributes );
+
+#if defined(MBEDTLS_ECDSA_C)
+    if( PSA_KEY_TYPE_IS_ECC_KEY_PAIR( type ) )
+        alg = PSA_ALG_ECDSA( mbedtls_psa_translate_md( md_alg ) );
+    else
+#endif /* MBEDTLS_ECDSA_C */
+#if defined(MBEDTLS_RSA_C)
+    if( PSA_KEY_TYPE_IS_RSA( type ) )
+        alg = PSA_ALG_RSA_PKCS1V15_SIGN( mbedtls_psa_translate_md( md_alg ) );
+    else
+#endif /* MBEDTLS_RSA_C */
+        return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
+
     /* make the signature */
     status = psa_sign_hash( *key, alg, hash, hash_len,
                             sig, sig_size, sig_len );
     if( status != PSA_SUCCESS )
-        return( mbedtls_pk_error_from_psa_ecdsa( status ) );
+    {
+#if defined(MBEDTLS_ECDSA_C)
+        if( PSA_KEY_TYPE_IS_ECC_KEY_PAIR( type ) )
+            return( mbedtls_pk_error_from_psa_ecdsa( status ) );
+        else
+#endif /* MBEDTLS_ECDSA_C */
+#if defined(MBEDTLS_RSA_C)
+        if( PSA_KEY_TYPE_IS_RSA( type ) )
+            return( mbedtls_pk_error_from_psa_rsa( status ) );
+        else
+#endif /* MBEDTLS_RSA_C */
+            return( mbedtls_pk_error_from_psa( status ) );
+    }
 
-    /* transcode it to ASN.1 sequence */
-    return( pk_ecdsa_sig_asn1_from_psa( sig, sig_len, sig_size ) );
-#endif /* !MBEDTLS_ECDSA_C */
+#if defined(MBEDTLS_ECDSA_C)
+    if( PSA_KEY_TYPE_IS_ECC_KEY_PAIR( type ) )
+        /* transcode it to ASN.1 sequence */
+        return( pk_ecdsa_sig_asn1_from_psa( sig, sig_len, sig_size ) );
+#endif /* MBEDTLS_ECDSA_C */
+
+    return 0;
+#endif /* !MBEDTLS_ECDSA_C && !MBEDTLS_RSA_C */
 }
 
 const mbedtls_pk_info_t mbedtls_pk_ecdsa_opaque_info = {