TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / a70d588f741385a8287e6c84d400ddb7a4d96f54 / . / tests / src / drivers / signature.c
blob: 0f006c70aa7f3764ea563a7ad6c84c69266de6e8 [file] [log] [blame]
Steven Cooremana70d5882020-07-16 20:26:18 +0200[diff] [blame^]1/*
2 * Test driver for signature functions
3 */
4/* Copyright (C) 2020, ARM Limited, All Rights Reserved
5 * SPDX-License-Identifier: Apache-2.0
6 *
7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
8 * not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 *
19 * This file is part of mbed TLS (https://tls.mbed.org)
20 */
21
22#if !defined(MBEDTLS_CONFIG_FILE)
23#include "mbedtls/config.h"
24#else
25#include MBEDTLS_CONFIG_FILE
26#endif
27
28#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(MBEDTLS_TEST_HOOKS)
29#include "psa/crypto.h"
30#include "mbedtls/ecp.h"
31
32#include "drivers/signature.h"
33
34#include "mbedtls/md.h"
35#include "mbedtls/ecdsa.h"
36
37#include <string.h>
38
39/* If non-null, on success, copy this to the output. */
40void *test_driver_forced_output = NULL;
41size_t test_driver_forced_output_length = 0;
42
43psa_status_t test_transparent_signature_sign_hash_status = PSA_ERROR_NOT_SUPPORTED;
44unsigned long test_transparent_signature_sign_hash_hit = 0;
45
46psa_status_t test_transparent_signature_sign_hash(
47 const psa_key_attributes_t *attributes,
48 const uint8_t *key, size_t key_length,
49 psa_algorithm_t alg,
50 const uint8_t *hash, size_t hash_length,
51 uint8_t *signature, size_t signature_size, size_t *signature_length )
52{
53 ++test_transparent_signature_sign_hash_hit;
54
55 if( test_transparent_signature_sign_hash_status != PSA_SUCCESS )
56 return( test_transparent_signature_sign_hash_status );
57
58 if( test_driver_forced_output != NULL )
59 {
60 if( test_driver_forced_output_length > signature_size )
61 return( PSA_ERROR_BUFFER_TOO_SMALL );
62 memcpy( signature, test_driver_forced_output,
63 test_driver_forced_output_length );
64 *signature_length = test_driver_forced_output_length;
65 return( PSA_SUCCESS );
66 }
67
68 psa_status_t status = PSA_ERROR_NOT_SUPPORTED;
69
70#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \
71 defined(MBEDTLS_SHA256_C)
72 if( alg != PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ) )
73 return( PSA_ERROR_NOT_SUPPORTED );
74 mbedtls_ecp_group_id grp_id;
75 switch( psa_get_key_type( attributes ) )
76 {
77 case PSA_ECC_CURVE_SECP_R1:
78 switch( psa_get_key_bits( attributes ) )
79 {
80 case 256:
81 grp_id = MBEDTLS_ECP_DP_SECP256R1;
82 break;
83 case 384:
84 grp_id = MBEDTLS_ECP_DP_SECP384R1;
85 break;
86 case 521:
87 grp_id = MBEDTLS_ECP_DP_SECP521R1;
88 break;
89 default:
90 return( PSA_ERROR_NOT_SUPPORTED );
91 }
92 break;
93 default:
94 return( PSA_ERROR_NOT_SUPPORTED );
95 }
96
97 /* Beyond this point, the driver is actually doing the work of
98 * calculating the signature. */
99
100 status = PSA_ERROR_GENERIC_ERROR;
101 int ret = 0;
102 mbedtls_mpi r, s;
103 mbedtls_mpi_init( &r );
104 mbedtls_mpi_init( &s );
105 mbedtls_ecp_keypair ecp;
106 mbedtls_ecp_keypair_init( &ecp );
107 size_t curve_bytes = PSA_BITS_TO_BYTES( ecp.grp.pbits );
108
109 MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &ecp.grp, grp_id ) );
110 MBEDTLS_MPI_CHK( mbedtls_ecp_point_read_binary( &ecp.grp, &ecp.Q,
111 key, key_length ) );
112
113 /* Code adapted from psa_ecdsa_sign() in psa_crypto.c. */
114 mbedtls_md_type_t md_alg = MBEDTLS_MD_SHA256;
115 if( signature_size < 2 * curve_bytes )
116 {
117 status = PSA_ERROR_BUFFER_TOO_SMALL;
118 goto cleanup;
119 }
120 MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign_det( &ecp.grp, &r, &s, &ecp.d,
121 hash, hash_length, md_alg ) );
122 MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &r,
123 signature,
124 curve_bytes ) );
125 MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &s,
126 signature + curve_bytes,
127 curve_bytes ) );
128cleanup:
129 /* There's no easy way to translate the error code except through a
130 * library function that's not exported. Use a debugger. */
131 if( ret == 0 )
132 status = PSA_SUCCESS;
133 mbedtls_mpi_free( &r );
134 mbedtls_mpi_free( &s );
135 mbedtls_ecp_keypair_free( &ecp );
136 if( status == PSA_SUCCESS )
137 *signature_length = 2 * curve_bytes;
138#else /* defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \
139 defined(MBEDTLS_SHA256_C) */
140 (void) attributes;
141 (void) key;
142 (void) key_length;
143 (void) alg;
144 (void) hash;
145 (void) hash_length;
146#endif /* defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \
147 defined(MBEDTLS_SHA256_C) */
148
149 return( status );
150}
151
152psa_status_t test_opaque_signature_sign_hash(
153 const psa_key_attributes_t *attributes,
154 const uint8_t *key, size_t key_length,
155 psa_algorithm_t alg,
156 const uint8_t *hash, size_t hash_length,
157 uint8_t *signature, size_t signature_size, size_t *signature_length )
158{
159 (void) attributes;
160 (void) key;
161 (void) key_length;
162 (void) alg;
163 (void) hash;
164 (void) hash_length;
165 (void) signature;
166 (void) signature_size;
167 (void) signature_length;
168 return( PSA_ERROR_NOT_SUPPORTED );
169}
170
171#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && MBEDTLS_TEST_HOOKS */