TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / shared / psa-adac / 5204dc01cb9e22b59e145e6682b615357d671486 / . / psa_crypto / adac_crypto_psa_pk.c
blob: d78d0afa7abb7751ae8961cfb53665688dc5bee2 [file] [log] [blame]
Maulik Patel5204dc02023-11-08 08:36:31 +0000[diff] [blame^]1/*
2 * Copyright (c) 2020-2023, Arm Limited. All rights reserved.
3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 *
6 */
7
8#include "adac_crypto_psa.h"
9#include "psa_adac_debug.h"
10#include "psa_adac_config.h"
11
12#include <string.h>
13
14#define PSA_ADAC_RSA3072
15#define PSA_ADAC_RSA4096
16
17#if defined(PSA_ADAC_RSA3072) || defined(PSA_ADAC_RSA4096)
18#define ENCODED_EXPONENT_SIZE 5U
19static const uint8_t encoded_exponent[ENCODED_EXPONENT_SIZE] =
20 {0x02, 0x03, 0x01, 0x00, 0x01};
21#endif
22
23#ifdef PSA_ADAC_RSA3072
24
25#define RSA3072_HEADER_SIZE 8U
26#define RSA3072_KEY_SIZE 384U /* 3072 bits */
27#define RSA3072_ENCODED_PUB_KEY_SIZE (RSA3072_HEADER_SIZE + \
28 RSA3072_KEY_SIZE + \
29 ENCODED_EXPONENT_SIZE)
30
31/* If MSB of the unsigned modulus is set, then an extra byte (0x00) needs to be
32 * inserted before modulus
33 */
34#define RSA3072_ENCODED_PUB_KEY_MAX_SIZE (RSA3072_ENCODED_PUB_KEY_SIZE + 1U)
35
36static const uint8_t rsa3072_header[RSA3072_HEADER_SIZE] = {
37 0x30, /* Start of sequence */
38 0x82, /* Length field indicator */
39 0x01, 0x89, /* 0x189 (hex) or 393 (dec) bytes is length of data to follow */
40 0x02, /* Integer tag */
41 0x82, /* Length field indicator */
42 0x01, 0x80 /* 0x180 (hex) or 384 (dec) bytes modulus size */
43};
44
45/* RFC3279 Section 2.3.1 - For rsa public keys, it expects key format as DER
46 * encoding of the representation defined by Algorithms and IDs for
47 * Internet X.509 PKI Certificate & CRL Profile
48 */
49static psa_status_t load_rsa_3072_public_key(uint8_t *key,
50 size_t key_size,
51 psa_key_handle_t *handle)
52{
53 psa_status_t ret;
54 uint8_t pub_key[RSA3072_ENCODED_PUB_KEY_MAX_SIZE];
55 size_t offset = RSA3072_HEADER_SIZE;
56 size_t pub_size = RSA3072_ENCODED_PUB_KEY_SIZE;
57
58 if (key_size == RSA_3072_PUBLIC_KEY_SIZE) {
59 /* Copy the header */
60 (void) memcpy(pub_key, rsa3072_header, sizeof(rsa3072_header));
61
62 /* If MSB is set, modulus need to be prefixed by 0x00 value */
63 if ((key[0] & (uint8_t) 0x80U) != 0x00U) {
64 /* Insert 0x00 after header */
65 pub_key[offset] = 0x00;
66 /* Increase the lengths by 1 */
67 pub_key[3] = 0x8aU;
68 pub_key[7] = 0x81U;
69 offset += 1UL;
70 pub_size += 1UL;
71 }
72
73 (void) memcpy(&(pub_key[offset]), key, RSA_3072_PUBLIC_KEY_SIZE);
74 offset += RSA_3072_PUBLIC_KEY_SIZE;
75 (void) memcpy(&(pub_key[offset]), encoded_exponent,
76 sizeof(encoded_exponent));
77
78 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
79 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH);
80 psa_set_key_type(&attributes, PSA_KEY_TYPE_RSA_PUBLIC_KEY);
81 psa_set_key_algorithm(&attributes, PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH));
82 psa_set_key_lifetime(&attributes, PSA_KEY_LIFETIME_VOLATILE);
83 psa_set_key_bits(&attributes, 3072);
84
85 ret = psa_import_key(&attributes, pub_key, pub_size, handle);
86 } else {
87 ret = PSA_ERROR_INVALID_ARGUMENT;
88 }
89
90 return ret;
91}
92
93#endif /* PSA_ADAC_RSA3072 */
94
95#ifdef PSA_ADAC_RSA4096
96
97#define RSA4096_HEADER_SIZE 8U
98#define RSA4096_KEY_SIZE 512U /* 4096 bits */
99#define RSA4096_ENCODED_PUB_KEY_SIZE (RSA4096_HEADER_SIZE + \
100 RSA4096_KEY_SIZE + \
101 ENCODED_EXPONENT_SIZE)
102
103/* If MSB of the unsigned modulus is set, then an extra byte (0x00) needs to be
104 * inserted before modulus
105 */
106#define RSA4096_ENCODED_PUB_KEY_MAX_SIZE (RSA4096_ENCODED_PUB_KEY_SIZE + 1U)
107
108static const uint8_t rsa4096_header[RSA4096_HEADER_SIZE] = {
109 0x30, /* Start of sequence */
110 0x82, /* Length field indicator */
111 0x02, 0x09, /* 0x209 (hex) or 521 (dec) bytes is length of data to follow */
112 0x02, /* Integer tag */
113 0x82, /* Length field indicator */
114 0x02, 0x00 /* 0x200 (hex) or 512 (dec) bytes modulus size */
115};
116
117/* RFC3279 Section 2.3.1 - For rsa public keys, it expects key format as DER
118 * encoding of the representation defined by Algorithms and IDs for
119 * Internet X.509 PKI Certificate & CRL Profile
120 */
121static psa_status_t load_rsa_4096_public_key(uint8_t *key,
122 size_t key_size,
123 psa_key_handle_t *handle)
124{
125 psa_status_t ret;
126 uint8_t pub_key[RSA4096_ENCODED_PUB_KEY_MAX_SIZE];
127 size_t offset = RSA4096_HEADER_SIZE;
128 size_t pub_size = RSA4096_ENCODED_PUB_KEY_SIZE;
129
130 if (RSA_4096_PUBLIC_KEY_SIZE == key_size) {
131
132 /* Copy the header */
133 (void) memcpy(pub_key, rsa4096_header, sizeof(rsa4096_header));
134
135 /* If MSB is set, modulus need to be prefixed by 0x00 value */
136 if ((key[0] & (uint8_t) 0x80) != 0x00U) {
137 /* Insert 0x00 after header */
138 pub_key[offset] = 0x00;
139 /* Increase the lengths by 1 */
140 pub_key[3] = 0x0a;
141 pub_key[7] = 0x01;
142 offset += 1UL;
143 pub_size += 1UL;
144 }
145
146 (void) memcpy(&(pub_key[offset]), key, RSA_4096_PUBLIC_KEY_SIZE);
147 offset += RSA_4096_PUBLIC_KEY_SIZE;
148 (void) memcpy(&(pub_key[offset]), encoded_exponent,
149 sizeof(encoded_exponent));
150
151 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
152 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH);
153 psa_set_key_type(&attributes, PSA_KEY_TYPE_RSA_PUBLIC_KEY);
154 psa_set_key_algorithm(&attributes, PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH));
155 psa_set_key_lifetime(&attributes, PSA_KEY_LIFETIME_VOLATILE);
156 psa_set_key_bits(&attributes, 4096);
157
158 ret = psa_import_key(&attributes, pub_key, pub_size, handle);
159 } else {
160 ret = PSA_ERROR_INVALID_ARGUMENT;
161 }
162
163 return ret;
164}
165
166#endif /* PSA_ADAC_RSA4096 */
167
168#ifdef PSA_ADAC_EC_P256
169
170static psa_status_t load_ecdsa_p256_public_key(uint8_t *key,
171 size_t key_size,
172 psa_key_handle_t *handle)
173{
174 psa_status_t ret;
175 uint8_t pub_key[ECDSA_P256_PUBLIC_KEY_SIZE + 1] = {0x04};
176
177 if (ECDSA_P256_PUBLIC_KEY_SIZE == key_size) {
178
179 (void) memcpy(&(pub_key[1]), key, ECDSA_P256_PUBLIC_KEY_SIZE);
180 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
181 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH);
182 psa_set_key_type(&attributes, PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1));
183 psa_set_key_algorithm(&attributes, PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256));
184 psa_set_key_lifetime(&attributes, PSA_KEY_LIFETIME_VOLATILE);
185 psa_set_key_bits(&attributes, 256);
186
187 ret = psa_import_key(&attributes, pub_key, sizeof(pub_key), handle);
188 } else {
189
190 ret = PSA_ERROR_INVALID_ARGUMENT;
191 }
192
193 return ret;
194}
195
196#endif /* PSA_ADAC_EC_P256 */
197
198#ifdef PSA_ADAC_EC_P521
199
200static psa_status_t load_ecdsa_p521_public_key(uint8_t *key,
201 size_t key_size,
202 psa_key_handle_t *handle)
203{
204 psa_status_t ret;
205 uint8_t pub_key[ECDSA_P521_PUBLIC_KEY_SIZE + 1] = {0x04};
206
207 if (ECDSA_P521_PUBLIC_KEY_SIZE == key_size) {
208
209 (void) memcpy(&(pub_key[1]), key, ECDSA_P521_PUBLIC_KEY_SIZE);
210 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
211 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH);
212 psa_set_key_type(&attributes, PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1));
213 psa_set_key_algorithm(&attributes, PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_512));
214 psa_set_key_lifetime(&attributes, PSA_KEY_LIFETIME_VOLATILE);
215 psa_set_key_bits(&attributes, 521);
216
217 ret = psa_import_key(&attributes, pub_key, sizeof(pub_key), handle);
218 } else {
219 ret = PSA_ERROR_INVALID_ARGUMENT;
220 }
221
222 return ret;
223}
224
225#endif /* PSA_ADAC_EC_P521 */
226
227psa_status_t psa_adac_load_public_key(uint8_t key_type,
228 uint8_t *key,
229 size_t key_size,
230 psa_key_handle_t *handle)
231{
232 psa_status_t ret = PSA_ERROR_NOT_SUPPORTED;
233
234 if (key_type == ECDSA_P256_SHA256) {
235#ifdef PSA_ADAC_EC_P256
236 PSA_ADAC_LOG_TRACE("psa-crypto", "Load EcdsaP256 Public-key\n");
237 ret = load_ecdsa_p256_public_key(key, key_size, handle);
238#endif /* PSA_ADAC_EC_P256 */
239 } else if (key_type == ECDSA_P521_SHA512) {
240#ifdef PSA_ADAC_EC_P521
241 PSA_ADAC_LOG_TRACE("psa-crypto", "Load EcdsaP521 Public-key\n");
242 ret = load_ecdsa_p521_public_key(key, key_size, handle);
243#endif /* PSA_ADAC_EC_P521 */
244 } else if (key_type == RSA_3072_SHA256) {
245#ifdef PSA_ADAC_RSA3072
246 PSA_ADAC_LOG_TRACE("psa-crypto", "Load Rsa3072 Public-key\n");
247 ret = load_rsa_3072_public_key(key, key_size, handle);
248#endif /* PSA_ADAC_RSA3072 */
249 } else if (key_type == RSA_4096_SHA256) {
250#ifdef PSA_ADAC_RSA4096
251 PSA_ADAC_LOG_TRACE("psa-crypto", "Load Rsa4096 Public-key\n");
252 ret = load_rsa_4096_public_key(key, key_size, handle);
253#endif /* PSA_ADAC_RSA4096 */
254 } else {
255 ret = PSA_ERROR_NOT_SUPPORTED;
256 }
257
258 return ret;
259}
260
261psa_status_t psa_adac_verify_signature(uint8_t key_type,
262 uint8_t *key,
263 size_t key_size,
264 psa_algorithm_t hash_algo,
265 const uint8_t *inputs[],
266 size_t input_sizes[],
267 size_t input_count,
268 psa_algorithm_t sig_algo,
269 uint8_t *sig, size_t sig_size)
270{
271 uint8_t hash[PSA_HASH_MAX_SIZE];
272 size_t hash_size;
273 psa_key_handle_t handle;
274 psa_status_t ret;
275
276 if ((PSA_ALG_IS_VENDOR_DEFINED(sig_algo) != 0) ||
277 (sig_algo == PSA_ALG_HMAC(PSA_ALG_SHA_256)) || (sig_algo == PSA_ALG_CMAC)) {
278 ret = psa_adac_verify_vendor(key_type, key, key_size, hash_algo,
279 inputs, input_sizes, input_count,
280 sig_algo, sig, sig_size);
281 } else {
282 ret = psa_adac_load_public_key(key_type, key, key_size, &handle);
283 if (PSA_SUCCESS != ret) {
284 PSA_ADAC_LOG_ERR("psa-crypto", "Error loading public key (%d)\n", ret);
285 } else {
286 ret = psa_adac_hash_multiple(hash_algo, inputs, input_sizes, input_count,
287 hash, sizeof(hash), &hash_size);
288 if (PSA_SUCCESS != ret) {
289 PSA_ADAC_LOG_ERR("psa-crypto", "Error hashing content (%d)\n", ret);
290 } else {
291 PSA_ADAC_LOG_TRACE("psa-crypto", "Verify signature\n");
292 ret = psa_verify_hash(handle, sig_algo, hash, hash_size, sig, sig_size);
293 PSA_ADAC_LOG_DEBUG("psa-crypto", "Signature verification %s\n",
294 (ret == PSA_SUCCESS) ? "successful" : "failed");
295 }
296
297 psa_destroy_key(handle);
298 }
299 }
300
301 return ret;
302}