Add ECDSA verify
Add tests for external verification when signing is done both internally and externally
diff --git a/library/ecdsa.c b/library/ecdsa.c
index fdd0afb..645fbb5 100644
--- a/library/ecdsa.c
+++ b/library/ecdsa.c
@@ -287,9 +287,70 @@
#endif /* MBEDTLS_ECDSA_VERIFY_ALT */
/*
+ * Convert a signature to a raw concatenation of {r, s}
+ */
+int mbedtls_ecdsa_signature_to_raw( const unsigned char *sig,
+ size_t ssize, uint16_t byte_len,
+ unsigned char *buf, size_t* slen )
+{
+ int ret;
+ unsigned char *p = (unsigned char *) sig;
+ const unsigned char *end = sig + ssize;
+ size_t len;
+ mbedtls_mpi r, s;
+
+ if( 2 * byte_len > ssize )
+ {
+ return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+ }
+
+ mbedtls_mpi_init( &r );
+ mbedtls_mpi_init( &s );
+
+ if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
+ {
+ ret += MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+ goto cleanup;
+ }
+
+ if( p + len != end )
+ {
+ ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA +
+ MBEDTLS_ERR_ASN1_LENGTH_MISMATCH;
+ goto cleanup;
+ }
+
+ if( ( ret = mbedtls_asn1_get_mpi( &p, end, &r ) ) != 0 ||
+ ( ret = mbedtls_asn1_get_mpi( &p, end, &s ) ) != 0 )
+ {
+ ret += MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+ goto cleanup;
+ }
+ p = (unsigned char *) buf;
+ if( ( ret = mbedtls_mpi_write_binary(&r, p, byte_len) ) )
+ {
+ ret += MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+ goto cleanup;
+ }
+ p += byte_len;
+ if( ( ret = mbedtls_mpi_write_binary(&s, p, byte_len) ) )
+ {
+ ret += MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+ goto cleanup;
+ }
+ *slen = 2*byte_len;
+ cleanup:
+ mbedtls_mpi_free( &r );
+ mbedtls_mpi_free( &s );
+
+ return( ret );
+}
+
+/*
* Convert a signature (given by context) to ASN.1
*/
-int ecdsa_signature_to_asn1( const mbedtls_mpi *r, const mbedtls_mpi *s,
+int mbedtls_ecdsa_signature_to_asn1( const mbedtls_mpi *r, const mbedtls_mpi *s,
unsigned char *sig, size_t *slen, size_t ssize )
{
int ret;
@@ -339,7 +400,7 @@
hash, hlen, f_rng, p_rng ) );
#endif
- MBEDTLS_MPI_CHK( ecdsa_signature_to_asn1( &r, &s, sig, slen, ssize ) );
+ MBEDTLS_MPI_CHK( mbedtls_ecdsa_signature_to_asn1( &r, &s, sig, slen, ssize ) );
cleanup:
mbedtls_mpi_free( &r );
diff --git a/library/pkcs11_client.c b/library/pkcs11_client.c
index 92120c6..70cc0de 100644
--- a/library/pkcs11_client.c
+++ b/library/pkcs11_client.c
@@ -209,7 +209,7 @@
}
/* The signature buffer is guaranteed to have enough room for
the encoded signature by the pk_sign interface. */
- if( ecdsa_signature_to_asn1( &r, &s, sig, sig_len, sig_size ) != 0 )
+ if( mbedtls_ecdsa_signature_to_asn1( &r, &s, sig, sig_len, sig_size ) != 0 )
{
rv = CKR_GENERAL_ERROR;
goto ecdsa_exit;
@@ -231,12 +231,88 @@
return( pkcs11_err_to_mbedtls_pk_err( rv ) );
}
+static int pkcs11_verify( void *ctx_arg,
+ mbedtls_md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ const unsigned char *sig, size_t sig_len)
+{
+ mbedtls_pk_pkcs11_context_t *ctx = ctx_arg;
+ CK_RV rv;
+ CK_MECHANISM mechanism = {0, NULL_PTR, 0};
+ unsigned char *decoded_sig = NULL_PTR;
+ size_t decoded_sig_len;
+
+ /* This function takes size_t arguments but the underlying layer
+ takes unsigned long. Either type may be smaller than the other.
+ Legitimate values won't overflow either type but we still need
+ to check for overflow for robustness. */
+ if( hash_len > (CK_ULONG)( -1 ) )
+ return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+
+ switch( ctx->key_type )
+ {
+#if defined(MBEDTLS_RSA_C)
+ case MBEDTLS_PK_RSA:
+ switch( md_alg )
+ {
+ case MBEDTLS_MD_MD5:
+ mechanism.mechanism = CKM_MD5_RSA_PKCS;
+ break;
+ case MBEDTLS_MD_SHA1:
+ mechanism.mechanism = CKM_SHA1_RSA_PKCS;
+ break;
+ case MBEDTLS_MD_SHA256:
+ mechanism.mechanism = CKM_SHA256_RSA_PKCS;
+ break;
+ case MBEDTLS_MD_SHA384:
+ mechanism.mechanism = CKM_SHA384_RSA_PKCS;
+ break;
+ case MBEDTLS_MD_SHA512:
+ mechanism.mechanism = CKM_SHA512_RSA_PKCS;
+ break;
+ default:
+ return( MBEDTLS_ERR_PK_INVALID_ALG );
+ }
+ break;
+#endif /* MBEDTLS_RSA_C */
+#if defined(MBEDTLS_ECDSA_C)
+ case MBEDTLS_PK_ECKEY:
+ mechanism.mechanism = CKM_ECDSA;
+ break;
+#endif /* MBEDTLS_ECDSA_C */
+ default:
+ return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
+ }
+ if( mechanism.mechanism == CKM_ECDSA )
+ {
+ uint16_t byte_len = ( ( ctx->bit_length + 7 ) / 8 );
+ decoded_sig = malloc( 2 * byte_len );
+ if( mbedtls_ecdsa_signature_to_raw( sig, sig_len, byte_len,
+ decoded_sig, &decoded_sig_len ) != 0 )
+ {
+ rv = CKR_GENERAL_ERROR;
+ goto exit;
+ }
+ }
+ rv = C_VerifyInit( ctx->hSession, &mechanism, ctx->hPublicKey );
+ if( rv != CKR_OK )
+ goto exit;
+ rv = C_Verify( ctx->hSession, (CK_BYTE_PTR) hash, hash_len,
+ decoded_sig, decoded_sig_len );
+ if( rv != CKR_OK )
+ goto exit;
+
+exit:
+ free(decoded_sig);
+ return( pkcs11_err_to_mbedtls_pk_err( rv ) );
+}
+
static const mbedtls_pk_info_t mbedtls_pk_pkcs11_info =
MBEDTLS_PK_OPAQUE_INFO_1( "pkcs11"
, pkcs11_pk_get_bitlen
, pkcs11_pk_can_do //can_do
, pkcs11_pk_signature_size
- , NULL //pkcs11_verify
+ , pkcs11_verify
, pkcs11_sign
, NULL //pkcs11_decrypt
, NULL //pkcs11_encrypt