TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 55ae2176ab9943a654c3789600d52ba598159667 / . / tests / src / drivers / signature.c
blob: 32ebbfdffefac72f97bf549ee1a01a811ea4782c [file] [log] [blame]
Steven Cooremana70d5882020-07-16 20:26:18 +0200[diff] [blame]1/*
2 * Test driver for signature functions
3 */
4/* Copyright (C) 2020, ARM Limited, All Rights Reserved
5 * SPDX-License-Identifier: Apache-2.0
6 *
7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
8 * not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 *
19 * This file is part of mbed TLS (https://tls.mbed.org)
20 */
21
22#if !defined(MBEDTLS_CONFIG_FILE)
23#include "mbedtls/config.h"
24#else
25#include MBEDTLS_CONFIG_FILE
26#endif
27
28#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(MBEDTLS_TEST_HOOKS)
29#include "psa/crypto.h"
30#include "mbedtls/ecp.h"
31
32#include "drivers/signature.h"
33
34#include "mbedtls/md.h"
35#include "mbedtls/ecdsa.h"
36
Steven Cooreman55ae2172020-07-17 19:46:15 +0200[diff] [blame^]37#include "test/random.h"
38
Steven Cooremana70d5882020-07-16 20:26:18 +0200[diff] [blame]39#include <string.h>
40
41/* If non-null, on success, copy this to the output. */
42void *test_driver_forced_output = NULL;
43size_t test_driver_forced_output_length = 0;
44
45psa_status_t test_transparent_signature_sign_hash_status = PSA_ERROR_NOT_SUPPORTED;
46unsigned long test_transparent_signature_sign_hash_hit = 0;
47
Steven Cooreman55ae2172020-07-17 19:46:15 +0200[diff] [blame^]48psa_status_t test_transparent_signature_verify_hash_status = PSA_ERROR_NOT_SUPPORTED;
49unsigned long test_transparent_signature_verify_hash_hit = 0;
50
Steven Cooremana70d5882020-07-16 20:26:18 +0200[diff] [blame]51psa_status_t test_transparent_signature_sign_hash(
52 const psa_key_attributes_t *attributes,
53 const uint8_t *key, size_t key_length,
54 psa_algorithm_t alg,
55 const uint8_t *hash, size_t hash_length,
56 uint8_t *signature, size_t signature_size, size_t *signature_length )
57{
58 ++test_transparent_signature_sign_hash_hit;
59
60 if( test_transparent_signature_sign_hash_status != PSA_SUCCESS )
61 return( test_transparent_signature_sign_hash_status );
62
63 if( test_driver_forced_output != NULL )
64 {
65 if( test_driver_forced_output_length > signature_size )
66 return( PSA_ERROR_BUFFER_TOO_SMALL );
67 memcpy( signature, test_driver_forced_output,
68 test_driver_forced_output_length );
69 *signature_length = test_driver_forced_output_length;
70 return( PSA_SUCCESS );
71 }
72
73 psa_status_t status = PSA_ERROR_NOT_SUPPORTED;
74
75#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \
76 defined(MBEDTLS_SHA256_C)
77 if( alg != PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ) )
78 return( PSA_ERROR_NOT_SUPPORTED );
79 mbedtls_ecp_group_id grp_id;
80 switch( psa_get_key_type( attributes ) )
81 {
82 case PSA_ECC_CURVE_SECP_R1:
83 switch( psa_get_key_bits( attributes ) )
84 {
85 case 256:
86 grp_id = MBEDTLS_ECP_DP_SECP256R1;
87 break;
88 case 384:
89 grp_id = MBEDTLS_ECP_DP_SECP384R1;
90 break;
91 case 521:
92 grp_id = MBEDTLS_ECP_DP_SECP521R1;
93 break;
94 default:
95 return( PSA_ERROR_NOT_SUPPORTED );
96 }
97 break;
98 default:
99 return( PSA_ERROR_NOT_SUPPORTED );
100 }
101
102 /* Beyond this point, the driver is actually doing the work of
103 * calculating the signature. */
104
105 status = PSA_ERROR_GENERIC_ERROR;
106 int ret = 0;
107 mbedtls_mpi r, s;
108 mbedtls_mpi_init( &r );
109 mbedtls_mpi_init( &s );
110 mbedtls_ecp_keypair ecp;
111 mbedtls_ecp_keypair_init( &ecp );
112 size_t curve_bytes = PSA_BITS_TO_BYTES( ecp.grp.pbits );
113
114 MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &ecp.grp, grp_id ) );
115 MBEDTLS_MPI_CHK( mbedtls_ecp_point_read_binary( &ecp.grp, &ecp.Q,
116 key, key_length ) );
117
118 /* Code adapted from psa_ecdsa_sign() in psa_crypto.c. */
119 mbedtls_md_type_t md_alg = MBEDTLS_MD_SHA256;
120 if( signature_size < 2 * curve_bytes )
121 {
122 status = PSA_ERROR_BUFFER_TOO_SMALL;
123 goto cleanup;
124 }
125 MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign_det( &ecp.grp, &r, &s, &ecp.d,
126 hash, hash_length, md_alg ) );
127 MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &r,
128 signature,
129 curve_bytes ) );
130 MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &s,
131 signature + curve_bytes,
132 curve_bytes ) );
133cleanup:
134 /* There's no easy way to translate the error code except through a
135 * library function that's not exported. Use a debugger. */
136 if( ret == 0 )
137 status = PSA_SUCCESS;
138 mbedtls_mpi_free( &r );
139 mbedtls_mpi_free( &s );
140 mbedtls_ecp_keypair_free( &ecp );
141 if( status == PSA_SUCCESS )
142 *signature_length = 2 * curve_bytes;
143#else /* defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \
144 defined(MBEDTLS_SHA256_C) */
145 (void) attributes;
146 (void) key;
147 (void) key_length;
148 (void) alg;
149 (void) hash;
150 (void) hash_length;
151#endif /* defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \
152 defined(MBEDTLS_SHA256_C) */
153
154 return( status );
155}
156
157psa_status_t test_opaque_signature_sign_hash(
158 const psa_key_attributes_t *attributes,
159 const uint8_t *key, size_t key_length,
160 psa_algorithm_t alg,
161 const uint8_t *hash, size_t hash_length,
162 uint8_t *signature, size_t signature_size, size_t *signature_length )
163{
164 (void) attributes;
165 (void) key;
166 (void) key_length;
167 (void) alg;
168 (void) hash;
169 (void) hash_length;
170 (void) signature;
171 (void) signature_size;
172 (void) signature_length;
173 return( PSA_ERROR_NOT_SUPPORTED );
174}
175
Steven Cooreman55ae2172020-07-17 19:46:15 +0200[diff] [blame^]176psa_status_t test_transparent_signature_verify_hash(
177 const psa_key_attributes_t *attributes,
178 const uint8_t *key, size_t key_length,
179 psa_algorithm_t alg,
180 const uint8_t *hash, size_t hash_length,
181 const uint8_t *signature, size_t signature_length )
182{
183 ++test_transparent_signature_verify_hash_hit;
184
185 if( test_transparent_signature_verify_hash_status != PSA_SUCCESS )
186 return( test_transparent_signature_verify_hash_status );
187
188 psa_status_t status = PSA_ERROR_NOT_SUPPORTED;
189
190#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \
191 defined(MBEDTLS_SHA256_C)
192 if( alg != PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ) )
193 return( PSA_ERROR_NOT_SUPPORTED );
194 mbedtls_ecp_group_id grp_id;
195 switch( psa_get_key_type( attributes ) )
196 {
197 case PSA_ECC_CURVE_SECP_R1:
198 switch( psa_get_key_bits( attributes ) )
199 {
200 case 256:
201 grp_id = MBEDTLS_ECP_DP_SECP256R1;
202 break;
203 case 384:
204 grp_id = MBEDTLS_ECP_DP_SECP384R1;
205 break;
206 case 521:
207 grp_id = MBEDTLS_ECP_DP_SECP521R1;
208 break;
209 default:
210 return( PSA_ERROR_NOT_SUPPORTED );
211 }
212 break;
213 default:
214 return( PSA_ERROR_NOT_SUPPORTED );
215 }
216
217 /* Beyond this point, the driver is actually doing the work of
218 * calculating the signature. */
219
220 status = PSA_ERROR_GENERIC_ERROR;
221 int ret = 0;
222 mbedtls_mpi r, s;
223 mbedtls_mpi_init( &r );
224 mbedtls_mpi_init( &s );
225 mbedtls_ecp_keypair ecp;
226 mbedtls_ecp_keypair_init( &ecp );
227 mbedtls_test_rnd_pseudo_info rnd_info;
228 memset( &rnd_info, 0x5A, sizeof( mbedtls_test_rnd_pseudo_info ) );
229 size_t curve_bytes = PSA_BITS_TO_BYTES( ecp.grp.pbits );
230
231 MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &ecp.grp, grp_id ) );
232
233 /* Code adapted from psa_ecdsa_verify() in psa_crypto.c. */
234 if( signature_length < 2 * curve_bytes )
235 {
236 status = PSA_ERROR_BUFFER_TOO_SMALL;
237 goto cleanup;
238 }
239
240 MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &r,
241 signature,
242 curve_bytes ) );
243 MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &s,
244 signature + curve_bytes,
245 curve_bytes ) );
246
247 if( PSA_KEY_TYPE_IS_PUBLIC_KEY( psa_get_key_type( attributes ) ) )
248 MBEDTLS_MPI_CHK( mbedtls_ecp_point_read_binary( &ecp.grp, &ecp.Q,
249 key, key_length ) );
250 else
251 {
252 MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ecp.d, key, key_length ) );
253 MBEDTLS_MPI_CHK(
254 mbedtls_ecp_mul( &ecp.grp, &ecp.Q, &ecp.d, &ecp.grp.G,
255 &mbedtls_test_rnd_pseudo_rand,
256 &rnd_info ) );
257 }
258
259 MBEDTLS_MPI_CHK( mbedtls_ecdsa_verify( &ecp.grp, hash, hash_length,
260 &ecp.Q, &r, &s ) );
261cleanup:
262 /* There's no easy way to translate the error code except through a
263 * library function that's not exported. Use a debugger. */
264 if( ret == 0 )
265 status = PSA_SUCCESS;
266 mbedtls_mpi_free( &r );
267 mbedtls_mpi_free( &s );
268 mbedtls_ecp_keypair_free( &ecp );
269#else /* defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \
270 defined(MBEDTLS_SHA256_C) */
271 (void) attributes;
272 (void) key;
273 (void) key_length;
274 (void) alg;
275 (void) hash;
276 (void) hash_length;
277#endif /* defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \
278 defined(MBEDTLS_SHA256_C) */
279
280 return( status );
281}
282
283psa_status_t test_opaque_signature_verify_hash(
284 const psa_key_attributes_t *attributes,
285 const uint8_t *key, size_t key_length,
286 psa_algorithm_t alg,
287 const uint8_t *hash, size_t hash_length,
288 const uint8_t *signature, size_t signature_length )
289{
290 (void) attributes;
291 (void) key;
292 (void) key_length;
293 (void) alg;
294 (void) hash;
295 (void) hash_length;
296 (void) signature;
297 (void) signature_length;
298 return( PSA_ERROR_NOT_SUPPORTED );
299}
300
Steven Cooremana70d5882020-07-16 20:26:18 +0200[diff] [blame]301#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && MBEDTLS_TEST_HOOKS */