From 99b8ed7fda5b2aeec18f21c2ec88b2e2adc1f0d4 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 17 Feb 2021 10:33:32 +0100 Subject: [PATCH 01/20] psa: Prepare sign/verify code for software implementation split Signed-off-by: Ronald Cron --- library/psa_crypto.c | 50 ++++++++++++++++++++++++++++---------------- 1 file changed, 32 insertions(+), 18 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index f304950e0..fecfda640 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3384,16 +3384,23 @@ psa_status_t psa_sign_hash( mbedtls_svc_key_id_t key, psa_key_lifetime_is_external( slot->attr.lifetime ) ) goto exit; + psa_key_attributes_t attributes_struct = { + .core = slot->attr + }; + psa_key_attributes_t *attributes = &attributes_struct; + const uint8_t *key_buffer = slot->key.data; + size_t key_buffer_size = slot->key.bytes; + /* If the operation was not supported by any accelerator, try fallback. */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) - if( slot->attr.type == PSA_KEY_TYPE_RSA_KEY_PAIR ) + if( attributes->core.type == PSA_KEY_TYPE_RSA_KEY_PAIR ) { mbedtls_rsa_context *rsa = NULL; - status = mbedtls_psa_rsa_load_representation( slot->attr.type, - slot->key.data, - slot->key.bytes, + status = mbedtls_psa_rsa_load_representation( attributes->core.type, + key_buffer, + key_buffer_size, &rsa ); if( status != PSA_SUCCESS ) goto exit; @@ -3410,7 +3417,7 @@ psa_status_t psa_sign_hash( mbedtls_svc_key_id_t key, else #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) */ - if( PSA_KEY_TYPE_IS_ECC( slot->attr.type ) ) + if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) ) { #if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) @@ -3423,10 +3430,10 @@ psa_status_t psa_sign_hash( mbedtls_svc_key_id_t key, ) { mbedtls_ecp_keypair *ecp = NULL; - status = mbedtls_psa_ecp_load_representation( slot->attr.type, - slot->attr.bits, - slot->key.data, - slot->key.bytes, + status = mbedtls_psa_ecp_load_representation( attributes->core.type, + attributes->core.bits, + key_buffer, + key_buffer_size, &ecp ); if( status != PSA_SUCCESS ) goto exit; @@ -3496,15 +3503,22 @@ psa_status_t psa_verify_hash( mbedtls_svc_key_id_t key, psa_key_lifetime_is_external( slot->attr.lifetime ) ) goto exit; + psa_key_attributes_t attributes_struct = { + .core = slot->attr + }; + psa_key_attributes_t *attributes = &attributes_struct; + const uint8_t *key_buffer = slot->key.data; + size_t key_buffer_size = slot->key.bytes; + #if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) - if( PSA_KEY_TYPE_IS_RSA( slot->attr.type ) ) + if( PSA_KEY_TYPE_IS_RSA( attributes->core.type ) ) { mbedtls_rsa_context *rsa = NULL; - status = mbedtls_psa_rsa_load_representation( slot->attr.type, - slot->key.data, - slot->key.bytes, + status = mbedtls_psa_rsa_load_representation( attributes->core.type, + key_buffer, + key_buffer_size, &rsa ); if( status != PSA_SUCCESS ) goto exit; @@ -3520,17 +3534,17 @@ psa_status_t psa_verify_hash( mbedtls_svc_key_id_t key, else #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) */ - if( PSA_KEY_TYPE_IS_ECC( slot->attr.type ) ) + if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) ) { #if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) if( PSA_ALG_IS_ECDSA( alg ) ) { mbedtls_ecp_keypair *ecp = NULL; - status = mbedtls_psa_ecp_load_representation( slot->attr.type, - slot->attr.bits, - slot->key.data, - slot->key.bytes, + status = mbedtls_psa_ecp_load_representation( attributes->core.type, + attributes->core.bits, + key_buffer, + key_buffer_size, &ecp ); if( status != PSA_SUCCESS ) goto exit; From 1865993763eca47b2e74fce276055df9254c70fc Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 8 Dec 2020 16:32:23 +0100 Subject: [PATCH 02/20] psa: sign/verify_hash: Wrap software implementation Wrap sign/verify_hash software implementation into psa_sign/verify_hash_internal() functions whose signature is that of a sign/verify_hash driver entry point. Signed-off-by: Ronald Cron --- library/psa_crypto.c | 186 ++++++++++++++++++++++++------------------- 1 file changed, 106 insertions(+), 80 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index fecfda640..fb97b699c 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3341,57 +3341,14 @@ cleanup: #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */ -psa_status_t psa_sign_hash( mbedtls_svc_key_id_t key, - psa_algorithm_t alg, - const uint8_t *hash, - size_t hash_length, - uint8_t *signature, - size_t signature_size, - size_t *signature_length ) +static psa_status_t psa_sign_hash_internal( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, + uint8_t *signature, size_t signature_size, size_t *signature_length ) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_slot_t *slot; - *signature_length = signature_size; - /* Immediately reject a zero-length signature buffer. This guarantees - * that signature must be a valid pointer. (On the other hand, the hash - * buffer can in principle be empty since it doesn't actually have - * to be a hash.) */ - if( signature_size == 0 ) - return( PSA_ERROR_BUFFER_TOO_SMALL ); - - status = psa_get_and_lock_key_slot_with_policy( key, &slot, - PSA_KEY_USAGE_SIGN_HASH, - alg ); - if( status != PSA_SUCCESS ) - goto exit; - if( ! PSA_KEY_TYPE_IS_KEY_PAIR( slot->attr.type ) ) - { - status = PSA_ERROR_INVALID_ARGUMENT; - goto exit; - } - - /* Try any of the available accelerators first */ - status = psa_driver_wrapper_sign_hash( slot, - alg, - hash, - hash_length, - signature, - signature_size, - signature_length ); - if( status != PSA_ERROR_NOT_SUPPORTED || - psa_key_lifetime_is_external( slot->attr.lifetime ) ) - goto exit; - - psa_key_attributes_t attributes_struct = { - .core = slot->attr - }; - psa_key_attributes_t *attributes = &attributes_struct; - const uint8_t *key_buffer = slot->key.data; - size_t key_buffer_size = slot->key.bytes; - - /* If the operation was not supported by any accelerator, try fallback. */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) if( attributes->core.type == PSA_KEY_TYPE_RSA_KEY_PAIR ) @@ -3457,6 +3414,62 @@ psa_status_t psa_sign_hash( mbedtls_svc_key_id_t key, status = PSA_ERROR_NOT_SUPPORTED; } +exit: + return( status ); +} + +psa_status_t psa_sign_hash( mbedtls_svc_key_id_t key, + psa_algorithm_t alg, + const uint8_t *hash, + size_t hash_length, + uint8_t *signature, + size_t signature_size, + size_t *signature_length ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; + psa_key_slot_t *slot; + + *signature_length = signature_size; + /* Immediately reject a zero-length signature buffer. This guarantees + * that signature must be a valid pointer. (On the other hand, the hash + * buffer can in principle be empty since it doesn't actually have + * to be a hash.) */ + if( signature_size == 0 ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + + status = psa_get_and_lock_key_slot_with_policy( key, &slot, + PSA_KEY_USAGE_SIGN_HASH, + alg ); + if( status != PSA_SUCCESS ) + goto exit; + if( ! PSA_KEY_TYPE_IS_KEY_PAIR( slot->attr.type ) ) + { + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; + } + + /* Try any of the available accelerators first */ + status = psa_driver_wrapper_sign_hash( slot, + alg, + hash, + hash_length, + signature, + signature_size, + signature_length ); + if( status != PSA_ERROR_NOT_SUPPORTED || + psa_key_lifetime_is_external( slot->attr.lifetime ) ) + goto exit; + + /* If the operation was not supported by any accelerator, try fallback. */ + psa_key_attributes_t attributes = { + .core = slot->attr + }; + status = psa_sign_hash_internal( + &attributes, slot->key.data, slot->key.bytes, + alg, hash, hash_length, + signature, signature_size, signature_length ); + exit: /* Fill the unused part of the output buffer (the whole buffer on error, * the trailing part on success) with something that isn't a valid mac @@ -3475,40 +3488,13 @@ exit: return( ( status == PSA_SUCCESS ) ? unlock_status : status ); } -psa_status_t psa_verify_hash( mbedtls_svc_key_id_t key, - psa_algorithm_t alg, - const uint8_t *hash, - size_t hash_length, - const uint8_t *signature, - size_t signature_length ) +static psa_status_t psa_verify_hash_internal( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, + const uint8_t *signature, size_t signature_length ) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_slot_t *slot; - - status = psa_get_and_lock_key_slot_with_policy( key, &slot, - PSA_KEY_USAGE_VERIFY_HASH, - alg ); - if( status != PSA_SUCCESS ) - return( status ); - - /* Try any of the available accelerators first */ - status = psa_driver_wrapper_verify_hash( slot, - alg, - hash, - hash_length, - signature, - signature_length ); - if( status != PSA_ERROR_NOT_SUPPORTED || - psa_key_lifetime_is_external( slot->attr.lifetime ) ) - goto exit; - - psa_key_attributes_t attributes_struct = { - .core = slot->attr - }; - psa_key_attributes_t *attributes = &attributes_struct; - const uint8_t *key_buffer = slot->key.data; - size_t key_buffer_size = slot->key.bytes; #if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) @@ -3568,6 +3554,46 @@ psa_status_t psa_verify_hash( mbedtls_svc_key_id_t key, status = PSA_ERROR_NOT_SUPPORTED; } +exit: + return( status ); +} + +psa_status_t psa_verify_hash( mbedtls_svc_key_id_t key, + psa_algorithm_t alg, + const uint8_t *hash, + size_t hash_length, + const uint8_t *signature, + size_t signature_length ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; + psa_key_slot_t *slot; + + status = psa_get_and_lock_key_slot_with_policy( key, &slot, + PSA_KEY_USAGE_VERIFY_HASH, + alg ); + if( status != PSA_SUCCESS ) + return( status ); + + /* Try any of the available accelerators first */ + status = psa_driver_wrapper_verify_hash( slot, + alg, + hash, + hash_length, + signature, + signature_length ); + if( status != PSA_ERROR_NOT_SUPPORTED || + psa_key_lifetime_is_external( slot->attr.lifetime ) ) + goto exit; + + psa_key_attributes_t attributes = { + .core = slot->attr + }; + status = psa_verify_hash_internal( + &attributes, slot->key.data, slot->key.bytes, + alg, hash, hash_length, + signature, signature_length ); + exit: unlock_status = psa_unlock_key_slot( slot ); From 9f17aa48c2fae215c3edd8238d7a1f7b35185b6b Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 8 Dec 2020 17:07:25 +0100 Subject: [PATCH 03/20] psa: Change psa_driver_wrapper_sign/verify_hash signature Change psa_driver_wrapper_sign/verify_hash signature to that of a sign/verify_hash driver entry point. Signed-off-by: Ronald Cron --- library/psa_crypto.c | 37 ++++++----- library/psa_crypto_driver_wrappers.c | 92 +++++++++++++--------------- library/psa_crypto_driver_wrappers.h | 23 +++---- 3 files changed, 72 insertions(+), 80 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index fb97b699c..b40be0714 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3449,22 +3449,21 @@ psa_status_t psa_sign_hash( mbedtls_svc_key_id_t key, goto exit; } + psa_key_attributes_t attributes = { + .core = slot->attr + }; + /* Try any of the available accelerators first */ - status = psa_driver_wrapper_sign_hash( slot, - alg, - hash, - hash_length, - signature, - signature_size, - signature_length ); + status = psa_driver_wrapper_sign_hash( + &attributes, slot->key.data, slot->key.bytes, + alg, hash, hash_length, + signature, signature_size, signature_length ); + if( status != PSA_ERROR_NOT_SUPPORTED || psa_key_lifetime_is_external( slot->attr.lifetime ) ) goto exit; /* If the operation was not supported by any accelerator, try fallback. */ - psa_key_attributes_t attributes = { - .core = slot->attr - }; status = psa_sign_hash_internal( &attributes, slot->key.data, slot->key.bytes, alg, hash, hash_length, @@ -3575,20 +3574,20 @@ psa_status_t psa_verify_hash( mbedtls_svc_key_id_t key, if( status != PSA_SUCCESS ) return( status ); + psa_key_attributes_t attributes = { + .core = slot->attr + }; + /* Try any of the available accelerators first */ - status = psa_driver_wrapper_verify_hash( slot, - alg, - hash, - hash_length, - signature, - signature_length ); + status = psa_driver_wrapper_verify_hash( + &attributes, slot->key.data, slot->key.bytes, + alg, hash, hash_length, + signature, signature_length ); + if( status != PSA_ERROR_NOT_SUPPORTED || psa_key_lifetime_is_external( slot->attr.lifetime ) ) goto exit; - psa_key_attributes_t attributes = { - .core = slot->attr - }; status = psa_verify_hash_internal( &attributes, slot->key.data, slot->key.bytes, alg, hash, hash_length, diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index 3cb75576e..759708075 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -57,21 +57,21 @@ #endif /* Start delegation functions */ -psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot, - psa_algorithm_t alg, - const uint8_t *hash, - size_t hash_length, - uint8_t *signature, - size_t signature_size, - size_t *signature_length ) +psa_status_t psa_driver_wrapper_sign_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, + uint8_t *signature, size_t signature_size, size_t *signature_length ) { + (void)key_buffer_size; + #if defined(PSA_CRYPTO_DRIVER_PRESENT) /* Try dynamically-registered SE interface first */ #if defined(MBEDTLS_PSA_CRYPTO_SE_C) const psa_drv_se_t *drv; psa_drv_se_context_t *drv_context; - if( psa_get_se_driver( slot->attr.lifetime, &drv, &drv_context ) ) + if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) ) { if( drv->asymmetric == NULL || drv->asymmetric->p_sign == NULL ) @@ -79,22 +79,18 @@ psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot, /* Key is defined in SE, but we have no way to exercise it */ return( PSA_ERROR_NOT_SUPPORTED ); } - return( drv->asymmetric->p_sign( drv_context, - psa_key_slot_get_slot_number( slot ), - alg, - hash, hash_length, - signature, signature_size, - signature_length ) ); + return( drv->asymmetric->p_sign( + drv_context, *( (psa_key_slot_number_t *)key_buffer ), + alg, hash, hash_length, + signature, signature_size, signature_length ) ); } #endif /* PSA_CRYPTO_SE_C */ /* Then try accelerator API */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; - psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime); - psa_key_attributes_t attributes = { - .core = slot->attr - }; + psa_key_location_t location = + PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); switch( location ) { @@ -102,9 +98,9 @@ psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot, /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_DRIVER_TEST) - status = test_transparent_signature_sign_hash( &attributes, - slot->key.data, - slot->key.bytes, + status = test_transparent_signature_sign_hash( attributes, + key_buffer, + key_buffer_size, alg, hash, hash_length, @@ -120,9 +116,9 @@ psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot, /* Add cases for opaque driver here */ #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TEST_DRIVER_LIFETIME: - return( test_opaque_signature_sign_hash( &attributes, - slot->key.data, - slot->key.bytes, + return( test_opaque_signature_sign_hash( attributes, + key_buffer, + key_buffer_size, alg, hash, hash_length, @@ -138,7 +134,8 @@ psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot, return( PSA_ERROR_NOT_SUPPORTED ); #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ #else /* PSA_CRYPTO_DRIVER_PRESENT */ - (void)slot; + (void)attributes; + (void)key_buffer; (void)alg; (void)hash; (void)hash_length; @@ -150,20 +147,21 @@ psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot, #endif /* PSA_CRYPTO_DRIVER_PRESENT */ } -psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot, - psa_algorithm_t alg, - const uint8_t *hash, - size_t hash_length, - const uint8_t *signature, - size_t signature_length ) +psa_status_t psa_driver_wrapper_verify_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, + const uint8_t *signature, size_t signature_length ) { + (void)key_buffer_size; + #if defined(PSA_CRYPTO_DRIVER_PRESENT) /* Try dynamically-registered SE interface first */ #if defined(MBEDTLS_PSA_CRYPTO_SE_C) const psa_drv_se_t *drv; psa_drv_se_context_t *drv_context; - if( psa_get_se_driver( slot->attr.lifetime, &drv, &drv_context ) ) + if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) ) { if( drv->asymmetric == NULL || drv->asymmetric->p_verify == NULL ) @@ -171,21 +169,18 @@ psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot, /* Key is defined in SE, but we have no way to exercise it */ return( PSA_ERROR_NOT_SUPPORTED ); } - return( drv->asymmetric->p_verify( drv_context, - psa_key_slot_get_slot_number( slot ), - alg, - hash, hash_length, - signature, signature_length ) ); + return( drv->asymmetric->p_verify( + drv_context, *( (psa_key_slot_number_t *)key_buffer ), + alg, hash, hash_length, + signature, signature_length ) ); } #endif /* PSA_CRYPTO_SE_C */ /* Then try accelerator API */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; - psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime); - psa_key_attributes_t attributes = { - .core = slot->attr - }; + psa_key_location_t location = + PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); switch( location ) { @@ -193,9 +188,9 @@ psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot, /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_DRIVER_TEST) - status = test_transparent_signature_verify_hash( &attributes, - slot->key.data, - slot->key.bytes, + status = test_transparent_signature_verify_hash( attributes, + key_buffer, + key_buffer_size, alg, hash, hash_length, @@ -210,9 +205,9 @@ psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot, /* Add cases for opaque driver here */ #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TEST_DRIVER_LIFETIME: - return( test_opaque_signature_verify_hash( &attributes, - slot->key.data, - slot->key.bytes, + return( test_opaque_signature_verify_hash( attributes, + key_buffer, + key_buffer_size, alg, hash, hash_length, @@ -227,7 +222,8 @@ psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot, return( PSA_ERROR_NOT_SUPPORTED ); #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ #else /* PSA_CRYPTO_DRIVER_PRESENT */ - (void)slot; + (void)attributes; + (void)key_buffer; (void)alg; (void)hash; (void)hash_length; diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h index ad16cddea..22d22d61c 100644 --- a/library/psa_crypto_driver_wrappers.h +++ b/library/psa_crypto_driver_wrappers.h @@ -28,20 +28,17 @@ /* * Signature functions */ -psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot, - psa_algorithm_t alg, - const uint8_t *hash, - size_t hash_length, - uint8_t *signature, - size_t signature_size, - size_t *signature_length ); +psa_status_t psa_driver_wrapper_sign_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, + uint8_t *signature, size_t signature_size, size_t *signature_length ); -psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot, - psa_algorithm_t alg, - const uint8_t *hash, - size_t hash_length, - const uint8_t *signature, - size_t signature_length ); +psa_status_t psa_driver_wrapper_verify_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, + const uint8_t *signature, size_t signature_length ); /* * Key handling functions From 67b1eb309b7df1e07cd3b258820bc51196eb94a7 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 8 Dec 2020 17:37:27 +0100 Subject: [PATCH 04/20] psa: Export "internally" psa_sign/verify_hash_internal Export psa_sign/verify_hash_internal from psa_crypto.c to make it available to the driver wrapper. Signed-off-by: Ronald Cron --- library/psa_crypto.c | 4 +-- library/psa_crypto_core.h | 76 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 78 insertions(+), 2 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index b40be0714..2f3d2e887 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3341,7 +3341,7 @@ cleanup: #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */ -static psa_status_t psa_sign_hash_internal( +psa_status_t psa_sign_hash_internal( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, @@ -3487,7 +3487,7 @@ exit: return( ( status == PSA_SUCCESS ) ? unlock_status : status ); } -static psa_status_t psa_verify_hash_internal( +psa_status_t psa_verify_hash_internal( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h index 9f108681a..ec7ac8049 100644 --- a/library/psa_crypto_core.h +++ b/library/psa_crypto_core.h @@ -324,4 +324,80 @@ psa_status_t psa_generate_key_internal( const psa_key_attributes_t *attributes, size_t key_buffer_size, size_t *key_buffer_length ); +/** Sign an already-calculated hash with a private key. + * + * \note The signature of this function is that of a PSA driver + * sign_hash entry point. This function behaves as a sign_hash + * entry point as defined in the PSA driver interface specification for + * transparent drivers. + * + * \param[in] attributes The attributes of the key to use for the + * operation. + * \param[in] key_buffer The buffer containing the key context. + * format. + * \param[in] key_buffer_size Size of the \p key_buffer buffer in bytes. + * \param[in] alg A signature algorithm that is compatible with + * the type of the key. + * \param[in] hash The hash or message to sign. + * \param[in] hash_length Size of the \p hash buffer in bytes. + * \param[out] signature Buffer where the signature is to be written. + * \param[in] signature_size Size of the \p signature buffer in bytes. + * \param[out] signature_length On success, the number of bytes + * that make up the returned signature value. + * + * \retval #PSA_SUCCESS + * \retval #PSA_ERROR_BUFFER_TOO_SMALL + * The size of the \p signature buffer is too small. You can + * determine a sufficient buffer size by calling + * #PSA_SIGN_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg) + * where \c key_type and \c key_bits are the type and bit-size + * respectively of the key. + * \retval #PSA_ERROR_NOT_SUPPORTED + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY + */ +psa_status_t psa_sign_hash_internal( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, + uint8_t *signature, size_t signature_size, size_t *signature_length ); + +/** + * \brief Verify the signature a hash or short message using a public key. + * + * \note The signature of this function is that of a PSA driver + * verify_hash entry point. This function behaves as a verify_hash + * entry point as defined in the PSA driver interface specification for + * transparent drivers. + * + * \param[in] attributes The attributes of the key to use for the + * operation. + * \param[in] key_buffer The buffer containing the key context. + * format. + * \param[in] key_buffer_size Size of the \p key_buffer buffer in bytes. + * \param[in] alg A signature algorithm that is compatible with + * the type of the key. + * \param[in] hash The hash or message whose signature is to be + * verified. + * \param[in] hash_length Size of the \p hash buffer in bytes. + * \param[in] signature Buffer containing the signature to verify. + * \param[in] signature_length Size of the \p signature buffer in bytes. + * + * \retval #PSA_SUCCESS + * The signature is valid. + * \retval #PSA_ERROR_INVALID_SIGNATURE + * The calculation was performed successfully, but the passed + * signature is not a valid signature. + * \retval #PSA_ERROR_NOT_SUPPORTED + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + */ +psa_status_t psa_verify_hash_internal( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, + const uint8_t *signature, size_t signature_length ); + #endif /* PSA_CRYPTO_CORE_H */ From 36f641bd16922e3911c060c2b7ea09de0ad88432 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 16 Feb 2021 17:20:43 +0100 Subject: [PATCH 05/20] psa: Export "internally" mbedtls_md_info_from_psa() Export mbedtls_md_info_from_psa() from psa_crypto.c to make it available to psa_crypto_rsa/ecp.c. Signed-off-by: Ronald Cron --- library/psa_crypto.c | 2 +- library/psa_crypto_core.h | 11 +++++++++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 2f3d2e887..2176d9f52 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1923,7 +1923,7 @@ exit: defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) -static const mbedtls_md_info_t *mbedtls_md_info_from_psa( psa_algorithm_t alg ) +const mbedtls_md_info_t *mbedtls_md_info_from_psa( psa_algorithm_t alg ) { switch( alg ) { diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h index ec7ac8049..da690444c 100644 --- a/library/psa_crypto_core.h +++ b/library/psa_crypto_core.h @@ -30,6 +30,8 @@ #include "psa/crypto.h" #include "psa/crypto_se_driver.h" +#include + /** The data structure representing a key slot, containing key material * and metadata for one key. */ @@ -212,6 +214,15 @@ psa_status_t psa_copy_key_material_into_slot( psa_key_slot_t *slot, */ psa_status_t mbedtls_to_psa_error( int ret ); +/** Get Mbed TLS MD information of a hash algorithm given its PSA identifier + * + * \param[in] alg PSA hash algorithm identifier + * + * \return The Mbed TLS MD information of the hash algorithm. \c NULL if the + * PSA hash algorithm is not supported. + */ +const mbedtls_md_info_t *mbedtls_md_info_from_psa( psa_algorithm_t alg ); + /** Import a key in binary format. * * \note The signature of this function is that of a PSA driver From fce9df2cad62ce3ba88dd04e7bb1941fe343c504 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 8 Dec 2020 18:06:03 +0100 Subject: [PATCH 06/20] psa: Call sign/verify hash software implementation as a driver Signed-off-by: Ronald Cron --- library/psa_crypto.c | 20 -------- library/psa_crypto_driver_wrappers.c | 76 +++++++++++++--------------- 2 files changed, 34 insertions(+), 62 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 2176d9f52..6e9e191af 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3459,16 +3459,6 @@ psa_status_t psa_sign_hash( mbedtls_svc_key_id_t key, alg, hash, hash_length, signature, signature_size, signature_length ); - if( status != PSA_ERROR_NOT_SUPPORTED || - psa_key_lifetime_is_external( slot->attr.lifetime ) ) - goto exit; - - /* If the operation was not supported by any accelerator, try fallback. */ - status = psa_sign_hash_internal( - &attributes, slot->key.data, slot->key.bytes, - alg, hash, hash_length, - signature, signature_size, signature_length ); - exit: /* Fill the unused part of the output buffer (the whole buffer on error, * the trailing part on success) with something that isn't a valid mac @@ -3584,16 +3574,6 @@ psa_status_t psa_verify_hash( mbedtls_svc_key_id_t key, alg, hash, hash_length, signature, signature_length ); - if( status != PSA_ERROR_NOT_SUPPORTED || - psa_key_lifetime_is_external( slot->attr.lifetime ) ) - goto exit; - - status = psa_verify_hash_internal( - &attributes, slot->key.data, slot->key.bytes, - alg, hash, hash_length, - signature, signature_length ); - -exit: unlock_status = psa_unlock_key_slot( slot ); return( ( status == PSA_SUCCESS ) ? unlock_status : status ); diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index 759708075..7e42e48f9 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -65,7 +65,6 @@ psa_status_t psa_driver_wrapper_sign_hash( { (void)key_buffer_size; -#if defined(PSA_CRYPTO_DRIVER_PRESENT) /* Try dynamically-registered SE interface first */ #if defined(MBEDTLS_PSA_CRYPTO_SE_C) const psa_drv_se_t *drv; @@ -86,9 +85,7 @@ psa_status_t psa_driver_wrapper_sign_hash( } #endif /* PSA_CRYPTO_SE_C */ - /* Then try accelerator API */ -#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) - psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); @@ -97,6 +94,7 @@ psa_status_t psa_driver_wrapper_sign_hash( case PSA_KEY_LOCATION_LOCAL_STORAGE: /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) status = test_transparent_signature_sign_hash( attributes, key_buffer, @@ -111,9 +109,20 @@ psa_status_t psa_driver_wrapper_sign_hash( if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ /* Fell through, meaning no accelerator supports this operation */ - return( PSA_ERROR_NOT_SUPPORTED ); + return( psa_sign_hash_internal( attributes, + key_buffer, + key_buffer_size, + alg, + hash, + hash_length, + signature, + signature_size, + signature_length ) ); + /* Add cases for opaque driver here */ +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TEST_DRIVER_LIFETIME: return( test_opaque_signature_sign_hash( attributes, @@ -126,25 +135,12 @@ psa_status_t psa_driver_wrapper_sign_hash( signature_size, signature_length ) ); #endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ default: /* Key is declared with a lifetime not known to us */ - return( status ); + (void)status; + return( PSA_ERROR_INVALID_ARGUMENT ); } -#else /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ - return( PSA_ERROR_NOT_SUPPORTED ); -#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ -#else /* PSA_CRYPTO_DRIVER_PRESENT */ - (void)attributes; - (void)key_buffer; - (void)alg; - (void)hash; - (void)hash_length; - (void)signature; - (void)signature_size; - (void)signature_length; - - return( PSA_ERROR_NOT_SUPPORTED ); -#endif /* PSA_CRYPTO_DRIVER_PRESENT */ } psa_status_t psa_driver_wrapper_verify_hash( @@ -155,7 +151,6 @@ psa_status_t psa_driver_wrapper_verify_hash( { (void)key_buffer_size; -#if defined(PSA_CRYPTO_DRIVER_PRESENT) /* Try dynamically-registered SE interface first */ #if defined(MBEDTLS_PSA_CRYPTO_SE_C) const psa_drv_se_t *drv; @@ -176,9 +171,7 @@ psa_status_t psa_driver_wrapper_verify_hash( } #endif /* PSA_CRYPTO_SE_C */ - /* Then try accelerator API */ -#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) - psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); @@ -187,6 +180,7 @@ psa_status_t psa_driver_wrapper_verify_hash( case PSA_KEY_LOCATION_LOCAL_STORAGE: /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) status = test_transparent_signature_verify_hash( attributes, key_buffer, @@ -200,9 +194,19 @@ psa_status_t psa_driver_wrapper_verify_hash( if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ - /* Fell through, meaning no accelerator supports this operation */ - return( PSA_ERROR_NOT_SUPPORTED ); +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + + return( psa_verify_hash_internal( attributes, + key_buffer, + key_buffer_size, + alg, + hash, + hash_length, + signature, + signature_length ) ); + /* Add cases for opaque driver here */ +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TEST_DRIVER_LIFETIME: return( test_opaque_signature_verify_hash( attributes, @@ -214,24 +218,12 @@ psa_status_t psa_driver_wrapper_verify_hash( signature, signature_length ) ); #endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ default: /* Key is declared with a lifetime not known to us */ - return( status ); + (void)status; + return( PSA_ERROR_INVALID_ARGUMENT ); } -#else /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ - return( PSA_ERROR_NOT_SUPPORTED ); -#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ -#else /* PSA_CRYPTO_DRIVER_PRESENT */ - (void)attributes; - (void)key_buffer; - (void)alg; - (void)hash; - (void)hash_length; - (void)signature; - (void)signature_length; - - return( PSA_ERROR_NOT_SUPPORTED ); -#endif /* PSA_CRYPTO_DRIVER_PRESENT */ } /** Get the key buffer size for the key material of a generated key in the From a99bcc0e1738b9aaa7ac24c9fd36982ff4ef7df3 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 16 Feb 2021 16:49:34 +0100 Subject: [PATCH 07/20] psa: Change psa_rsa_sign/verify signature Change psa_rsa_sign/verify signature to that of a sign/verify_hash driver entry point before to move them to the psa_crypto_rsa.c RSA specific file. Signed-off-by: Ronald Cron --- library/psa_crypto.c | 125 +++++++++++++++++++++++-------------------- 1 file changed, 67 insertions(+), 58 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 6e9e191af..552c45f27 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3116,24 +3116,33 @@ static psa_status_t psa_rsa_decode_md_type( psa_algorithm_t alg, return( PSA_SUCCESS ); } -static psa_status_t psa_rsa_sign( mbedtls_rsa_context *rsa, - psa_algorithm_t alg, - const uint8_t *hash, - size_t hash_length, - uint8_t *signature, - size_t signature_size, - size_t *signature_length ) +static psa_status_t psa_rsa_sign( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, + uint8_t *signature, size_t signature_size, size_t *signature_length ) { - psa_status_t status; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + mbedtls_rsa_context *rsa = NULL; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_md_type_t md_alg; - status = psa_rsa_decode_md_type( alg, hash_length, &md_alg ); + status = mbedtls_psa_rsa_load_representation( attributes->core.type, + key_buffer, + key_buffer_size, + &rsa ); if( status != PSA_SUCCESS ) return( status ); + status = psa_rsa_decode_md_type( alg, hash_length, &md_alg ); + if( status != PSA_SUCCESS ) + goto exit; + if( signature_size < mbedtls_rsa_get_len( rsa ) ) - return( PSA_ERROR_BUFFER_TOO_SMALL ); + { + status = PSA_ERROR_BUFFER_TOO_SMALL; + goto exit; + } #if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) ) @@ -3167,31 +3176,48 @@ static psa_status_t psa_rsa_sign( mbedtls_rsa_context *rsa, else #endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS */ { - return( PSA_ERROR_INVALID_ARGUMENT ); + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; } if( ret == 0 ) *signature_length = mbedtls_rsa_get_len( rsa ); - return( mbedtls_to_psa_error( ret ) ); + status = mbedtls_to_psa_error( ret ); + +exit: + mbedtls_rsa_free( rsa ); + mbedtls_free( rsa ); + + return( status ); } -static psa_status_t psa_rsa_verify( mbedtls_rsa_context *rsa, - psa_algorithm_t alg, - const uint8_t *hash, - size_t hash_length, - const uint8_t *signature, - size_t signature_length ) +static psa_status_t psa_rsa_verify( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, + const uint8_t *signature, size_t signature_length ) { - psa_status_t status; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + mbedtls_rsa_context *rsa = NULL; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_md_type_t md_alg; + status = mbedtls_psa_rsa_load_representation( attributes->core.type, + key_buffer, + key_buffer_size, + &rsa ); + if( status != PSA_SUCCESS ) + goto exit; + status = psa_rsa_decode_md_type( alg, hash_length, &md_alg ); if( status != PSA_SUCCESS ) - return( status ); + goto exit; if( signature_length != mbedtls_rsa_get_len( rsa ) ) - return( PSA_ERROR_INVALID_SIGNATURE ); + { + status = PSA_ERROR_INVALID_SIGNATURE; + goto exit; + } #if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) ) @@ -3225,16 +3251,24 @@ static psa_status_t psa_rsa_verify( mbedtls_rsa_context *rsa, else #endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS */ { - return( PSA_ERROR_INVALID_ARGUMENT ); + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; } /* Mbed TLS distinguishes "invalid padding" from "valid padding but * the rest of the signature is invalid". This has little use in * practice and PSA doesn't report this distinction. */ - if( ret == MBEDTLS_ERR_RSA_INVALID_PADDING ) - return( PSA_ERROR_INVALID_SIGNATURE ); - return( mbedtls_to_psa_error( ret ) ); + status = ( ret == MBEDTLS_ERR_RSA_INVALID_PADDING ) ? + PSA_ERROR_INVALID_SIGNATURE : + mbedtls_to_psa_error( ret ); + +exit: + mbedtls_rsa_free( rsa ); + mbedtls_free( rsa ); + + return( status ); } + #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) */ @@ -3353,23 +3387,10 @@ psa_status_t psa_sign_hash_internal( defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) if( attributes->core.type == PSA_KEY_TYPE_RSA_KEY_PAIR ) { - mbedtls_rsa_context *rsa = NULL; - - status = mbedtls_psa_rsa_load_representation( attributes->core.type, - key_buffer, - key_buffer_size, - &rsa ); - if( status != PSA_SUCCESS ) - goto exit; - - status = psa_rsa_sign( rsa, - alg, - hash, hash_length, - signature, signature_size, - signature_length ); - - mbedtls_rsa_free( rsa ); - mbedtls_free( rsa ); + return( psa_rsa_sign( attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_size, signature_length ) ); } else #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || @@ -3489,22 +3510,10 @@ psa_status_t psa_verify_hash_internal( defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) if( PSA_KEY_TYPE_IS_RSA( attributes->core.type ) ) { - mbedtls_rsa_context *rsa = NULL; - - status = mbedtls_psa_rsa_load_representation( attributes->core.type, - key_buffer, - key_buffer_size, - &rsa ); - if( status != PSA_SUCCESS ) - goto exit; - - status = psa_rsa_verify( rsa, - alg, - hash, hash_length, - signature, signature_length ); - mbedtls_rsa_free( rsa ); - mbedtls_free( rsa ); - goto exit; + return( psa_rsa_verify( attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_length ) ); } else #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || From 7bdbca33b24bb161372cd6535fa254262af17c77 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 9 Dec 2020 13:34:54 +0100 Subject: [PATCH 08/20] psa: Move RSA sign/verify hash to the PSA RSA specific file Signed-off-by: Ronald Cron --- library/psa_crypto.c | 219 ++------------------------------------- library/psa_crypto_rsa.c | 206 ++++++++++++++++++++++++++++++++++++ library/psa_crypto_rsa.h | 75 ++++++++++++++ 3 files changed, 291 insertions(+), 209 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 552c45f27..6d5256a38 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3071,207 +3071,6 @@ cleanup: /* Asymmetric cryptography */ /****************************************************************/ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) -/* Decode the hash algorithm from alg and store the mbedtls encoding in - * md_alg. Verify that the hash length is acceptable. */ -static psa_status_t psa_rsa_decode_md_type( psa_algorithm_t alg, - size_t hash_length, - mbedtls_md_type_t *md_alg ) -{ - psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg ); - const mbedtls_md_info_t *md_info = mbedtls_md_info_from_psa( hash_alg ); - *md_alg = mbedtls_md_get_type( md_info ); - - /* The Mbed TLS RSA module uses an unsigned int for hash length - * parameters. Validate that it fits so that we don't risk an - * overflow later. */ -#if SIZE_MAX > UINT_MAX - if( hash_length > UINT_MAX ) - return( PSA_ERROR_INVALID_ARGUMENT ); -#endif - -#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) - /* For PKCS#1 v1.5 signature, if using a hash, the hash length - * must be correct. */ - if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) && - alg != PSA_ALG_RSA_PKCS1V15_SIGN_RAW ) - { - if( md_info == NULL ) - return( PSA_ERROR_NOT_SUPPORTED ); - if( mbedtls_md_get_size( md_info ) != hash_length ) - return( PSA_ERROR_INVALID_ARGUMENT ); - } -#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN */ - -#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) - /* PSS requires a hash internally. */ - if( PSA_ALG_IS_RSA_PSS( alg ) ) - { - if( md_info == NULL ) - return( PSA_ERROR_NOT_SUPPORTED ); - } -#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS */ - - return( PSA_SUCCESS ); -} - -static psa_status_t psa_rsa_sign( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, size_t key_buffer_size, - psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, - uint8_t *signature, size_t signature_size, size_t *signature_length ) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_rsa_context *rsa = NULL; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_md_type_t md_alg; - - status = mbedtls_psa_rsa_load_representation( attributes->core.type, - key_buffer, - key_buffer_size, - &rsa ); - if( status != PSA_SUCCESS ) - return( status ); - - status = psa_rsa_decode_md_type( alg, hash_length, &md_alg ); - if( status != PSA_SUCCESS ) - goto exit; - - if( signature_size < mbedtls_rsa_get_len( rsa ) ) - { - status = PSA_ERROR_BUFFER_TOO_SMALL; - goto exit; - } - -#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) - if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) ) - { - mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V15, - MBEDTLS_MD_NONE ); - ret = mbedtls_rsa_pkcs1_sign( rsa, - mbedtls_psa_get_random, - MBEDTLS_PSA_RANDOM_STATE, - MBEDTLS_RSA_PRIVATE, - md_alg, - (unsigned int) hash_length, - hash, - signature ); - } - else -#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) - if( PSA_ALG_IS_RSA_PSS( alg ) ) - { - mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg ); - ret = mbedtls_rsa_rsassa_pss_sign( rsa, - mbedtls_psa_get_random, - MBEDTLS_PSA_RANDOM_STATE, - MBEDTLS_RSA_PRIVATE, - MBEDTLS_MD_NONE, - (unsigned int) hash_length, - hash, - signature ); - } - else -#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS */ - { - status = PSA_ERROR_INVALID_ARGUMENT; - goto exit; - } - - if( ret == 0 ) - *signature_length = mbedtls_rsa_get_len( rsa ); - status = mbedtls_to_psa_error( ret ); - -exit: - mbedtls_rsa_free( rsa ); - mbedtls_free( rsa ); - - return( status ); -} - -static psa_status_t psa_rsa_verify( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, size_t key_buffer_size, - psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, - const uint8_t *signature, size_t signature_length ) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_rsa_context *rsa = NULL; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_md_type_t md_alg; - - status = mbedtls_psa_rsa_load_representation( attributes->core.type, - key_buffer, - key_buffer_size, - &rsa ); - if( status != PSA_SUCCESS ) - goto exit; - - status = psa_rsa_decode_md_type( alg, hash_length, &md_alg ); - if( status != PSA_SUCCESS ) - goto exit; - - if( signature_length != mbedtls_rsa_get_len( rsa ) ) - { - status = PSA_ERROR_INVALID_SIGNATURE; - goto exit; - } - -#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) - if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) ) - { - mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V15, - MBEDTLS_MD_NONE ); - ret = mbedtls_rsa_pkcs1_verify( rsa, - mbedtls_psa_get_random, - MBEDTLS_PSA_RANDOM_STATE, - MBEDTLS_RSA_PUBLIC, - md_alg, - (unsigned int) hash_length, - hash, - signature ); - } - else -#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) - if( PSA_ALG_IS_RSA_PSS( alg ) ) - { - mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg ); - ret = mbedtls_rsa_rsassa_pss_verify( rsa, - mbedtls_psa_get_random, - MBEDTLS_PSA_RANDOM_STATE, - MBEDTLS_RSA_PUBLIC, - MBEDTLS_MD_NONE, - (unsigned int) hash_length, - hash, - signature ); - } - else -#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS */ - { - status = PSA_ERROR_INVALID_ARGUMENT; - goto exit; - } - - /* Mbed TLS distinguishes "invalid padding" from "valid padding but - * the rest of the signature is invalid". This has little use in - * practice and PSA doesn't report this distinction. */ - status = ( ret == MBEDTLS_ERR_RSA_INVALID_PADDING ) ? - PSA_ERROR_INVALID_SIGNATURE : - mbedtls_to_psa_error( ret ); - -exit: - mbedtls_rsa_free( rsa ); - mbedtls_free( rsa ); - - return( status ); -} - -#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || - * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) */ - #if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) /* `ecp` cannot be const because `ecp->grp` needs to be non-const @@ -3387,10 +3186,11 @@ psa_status_t psa_sign_hash_internal( defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) if( attributes->core.type == PSA_KEY_TYPE_RSA_KEY_PAIR ) { - return( psa_rsa_sign( attributes, - key_buffer, key_buffer_size, - alg, hash, hash_length, - signature, signature_size, signature_length ) ); + return( mbedtls_psa_rsa_sign_hash( + attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_size, signature_length ) ); } else #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || @@ -3510,10 +3310,11 @@ psa_status_t psa_verify_hash_internal( defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) if( PSA_KEY_TYPE_IS_RSA( attributes->core.type ) ) { - return( psa_rsa_verify( attributes, - key_buffer, key_buffer_size, - alg, hash, hash_length, - signature, signature_length ) ); + return( mbedtls_psa_rsa_verify_hash( + attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_length ) ); } else #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c index fa64001ed..288614670 100644 --- a/library/psa_crypto_rsa.c +++ b/library/psa_crypto_rsa.c @@ -319,6 +319,212 @@ static psa_status_t rsa_generate_key( } #endif /* defined(BUILTIN_KEY_TYPE_RSA_KEY_PAIR) */ +/****************************************************************/ +/* Sign/verify hashes */ +/****************************************************************/ + +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) + +/* Decode the hash algorithm from alg and store the mbedtls encoding in + * md_alg. Verify that the hash length is acceptable. */ +static psa_status_t psa_rsa_decode_md_type( psa_algorithm_t alg, + size_t hash_length, + mbedtls_md_type_t *md_alg ) +{ + psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg ); + const mbedtls_md_info_t *md_info = mbedtls_md_info_from_psa( hash_alg ); + *md_alg = mbedtls_md_get_type( md_info ); + + /* The Mbed TLS RSA module uses an unsigned int for hash length + * parameters. Validate that it fits so that we don't risk an + * overflow later. */ +#if SIZE_MAX > UINT_MAX + if( hash_length > UINT_MAX ) + return( PSA_ERROR_INVALID_ARGUMENT ); +#endif + +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) + /* For PKCS#1 v1.5 signature, if using a hash, the hash length + * must be correct. */ + if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) && + alg != PSA_ALG_RSA_PKCS1V15_SIGN_RAW ) + { + if( md_info == NULL ) + return( PSA_ERROR_NOT_SUPPORTED ); + if( mbedtls_md_get_size( md_info ) != hash_length ) + return( PSA_ERROR_INVALID_ARGUMENT ); + } +#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN */ + +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) + /* PSS requires a hash internally. */ + if( PSA_ALG_IS_RSA_PSS( alg ) ) + { + if( md_info == NULL ) + return( PSA_ERROR_NOT_SUPPORTED ); + } +#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS */ + + return( PSA_SUCCESS ); +} + +psa_status_t mbedtls_psa_rsa_sign_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, + uint8_t *signature, size_t signature_size, size_t *signature_length ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + mbedtls_rsa_context *rsa = NULL; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + mbedtls_md_type_t md_alg; + + status = mbedtls_psa_rsa_load_representation( attributes->core.type, + key_buffer, + key_buffer_size, + &rsa ); + if( status != PSA_SUCCESS ) + return( status ); + + status = psa_rsa_decode_md_type( alg, hash_length, &md_alg ); + if( status != PSA_SUCCESS ) + goto exit; + + if( signature_size < mbedtls_rsa_get_len( rsa ) ) + { + status = PSA_ERROR_BUFFER_TOO_SMALL; + goto exit; + } + +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) + if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) ) + { + mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V15, + MBEDTLS_MD_NONE ); + ret = mbedtls_rsa_pkcs1_sign( rsa, + mbedtls_psa_get_random, + MBEDTLS_PSA_RANDOM_STATE, + MBEDTLS_RSA_PRIVATE, + md_alg, + (unsigned int) hash_length, + hash, + signature ); + } + else +#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) + if( PSA_ALG_IS_RSA_PSS( alg ) ) + { + mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg ); + ret = mbedtls_rsa_rsassa_pss_sign( rsa, + mbedtls_psa_get_random, + MBEDTLS_PSA_RANDOM_STATE, + MBEDTLS_RSA_PRIVATE, + MBEDTLS_MD_NONE, + (unsigned int) hash_length, + hash, + signature ); + } + else +#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS */ + { + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; + } + + if( ret == 0 ) + *signature_length = mbedtls_rsa_get_len( rsa ); + status = mbedtls_to_psa_error( ret ); + +exit: + mbedtls_rsa_free( rsa ); + mbedtls_free( rsa ); + + return( status ); +} + +psa_status_t mbedtls_psa_rsa_verify_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, + const uint8_t *signature, size_t signature_length ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + mbedtls_rsa_context *rsa = NULL; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + mbedtls_md_type_t md_alg; + + status = mbedtls_psa_rsa_load_representation( attributes->core.type, + key_buffer, + key_buffer_size, + &rsa ); + if( status != PSA_SUCCESS ) + goto exit; + + status = psa_rsa_decode_md_type( alg, hash_length, &md_alg ); + if( status != PSA_SUCCESS ) + goto exit; + + if( signature_length != mbedtls_rsa_get_len( rsa ) ) + { + status = PSA_ERROR_INVALID_SIGNATURE; + goto exit; + } + +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) + if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) ) + { + mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V15, + MBEDTLS_MD_NONE ); + ret = mbedtls_rsa_pkcs1_verify( rsa, + mbedtls_psa_get_random, + MBEDTLS_PSA_RANDOM_STATE, + MBEDTLS_RSA_PUBLIC, + md_alg, + (unsigned int) hash_length, + hash, + signature ); + } + else +#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) + if( PSA_ALG_IS_RSA_PSS( alg ) ) + { + mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg ); + ret = mbedtls_rsa_rsassa_pss_verify( rsa, + mbedtls_psa_get_random, + MBEDTLS_PSA_RANDOM_STATE, + MBEDTLS_RSA_PUBLIC, + MBEDTLS_MD_NONE, + (unsigned int) hash_length, + hash, + signature ); + } + else +#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS */ + { + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; + } + + /* Mbed TLS distinguishes "invalid padding" from "valid padding but + * the rest of the signature is invalid". This has little use in + * practice and PSA doesn't report this distinction. */ + status = ( ret == MBEDTLS_ERR_RSA_INVALID_PADDING ) ? + PSA_ERROR_INVALID_SIGNATURE : + mbedtls_to_psa_error( ret ); + +exit: + mbedtls_rsa_free( rsa ); + mbedtls_free( rsa ); + + return( status ); +} + +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) */ + #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) diff --git a/library/psa_crypto_rsa.h b/library/psa_crypto_rsa.h index 08182a7f2..bbf4e7d1e 100644 --- a/library/psa_crypto_rsa.h +++ b/library/psa_crypto_rsa.h @@ -137,6 +137,81 @@ psa_status_t mbedtls_psa_rsa_generate_key( const psa_key_attributes_t *attributes, uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length ); +/** Sign an already-calculated hash with an RSA private key. + * + * \note The signature of this function is that of a PSA driver + * sign_hash entry point. This function behaves as a sign_hash + * entry point as defined in the PSA driver interface specification for + * transparent drivers. + * + * \param[in] attributes The attributes of the RSA key to use for the + * operation. + * \param[in] key_buffer The buffer containing the RSA key context. + * format. + * \param[in] key_buffer_size Size of the \p key_buffer buffer in bytes. + * \param[in] alg A signature algorithm that is compatible with + * an RSA key. + * \param[in] hash The hash or message to sign. + * \param[in] hash_length Size of the \p hash buffer in bytes. + * \param[out] signature Buffer where the signature is to be written. + * \param[in] signature_size Size of the \p signature buffer in bytes. + * \param[out] signature_length On success, the number of bytes + * that make up the returned signature value. + * + * \retval #PSA_SUCCESS + * \retval #PSA_ERROR_BUFFER_TOO_SMALL + * The size of the \p signature buffer is too small. You can + * determine a sufficient buffer size by calling + * #PSA_SIGN_OUTPUT_SIZE(\c PSA_KEY_TYPE_RSA_KEY_PAIR, \c key_bits, + * \p alg) where \c key_bits is the bit-size of the RSA key. + * \retval #PSA_ERROR_NOT_SUPPORTED + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY + */ +psa_status_t mbedtls_psa_rsa_sign_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, + uint8_t *signature, size_t signature_size, size_t *signature_length ); + +/** + * \brief Verify the signature a hash or short message using a public RSA key. + * + * \note The signature of this function is that of a PSA driver + * verify_hash entry point. This function behaves as a verify_hash + * entry point as defined in the PSA driver interface specification for + * transparent drivers. + * + * \param[in] attributes The attributes of the RSA key to use for the + * operation. + * \param[in] key_buffer The buffer containing the RSA key context. + * format. + * \param[in] key_buffer_size Size of the \p key_buffer buffer in bytes. + * \param[in] alg A signature algorithm that is compatible with + * an RSA key. + * \param[in] hash The hash or message whose signature is to be + * verified. + * \param[in] hash_length Size of the \p hash buffer in bytes. + * \param[in] signature Buffer containing the signature to verify. + * \param[in] signature_length Size of the \p signature buffer in bytes. + * + * \retval #PSA_SUCCESS + * The signature is valid. + * \retval #PSA_ERROR_INVALID_SIGNATURE + * The calculation was performed successfully, but the passed + * signature is not a valid signature. + * \retval #PSA_ERROR_NOT_SUPPORTED + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + */ +psa_status_t mbedtls_psa_rsa_verify_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, + const uint8_t *signature, size_t signature_length ); + /* * BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY. */ From d2fb85479ab1cc3f56149c55cf24697cfd5998d6 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 9 Dec 2020 15:18:01 +0100 Subject: [PATCH 09/20] psa: Add RSA sign/verify hash support to the transparent test driver Signed-off-by: Ronald Cron --- library/psa_crypto_rsa.c | 144 ++++++++++++++++++++++++++++------ library/psa_crypto_rsa.h | 12 +++ tests/src/drivers/signature.c | 27 +++++++ 3 files changed, 161 insertions(+), 22 deletions(-) diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c index 288614670..3e95d3ada 100644 --- a/library/psa_crypto_rsa.c +++ b/library/psa_crypto_rsa.c @@ -52,10 +52,24 @@ #define BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY 1 #endif +#if ( defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ + ( defined(PSA_CRYPTO_DRIVER_TEST) && \ + defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) && \ + defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PKCS1_V15) ) ) +#define BUILTIN_ALG_RSA_PKCS1V15_SIGN 1 +#endif + +#if ( defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) || \ + ( defined(PSA_CRYPTO_DRIVER_TEST) && \ + defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) && \ + defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PKCS1_V21) ) ) +#define BUILTIN_ALG_RSA_PSS 1 +#endif + #if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) || \ + defined(BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ + defined(BUILTIN_ALG_RSA_PSS) || \ defined(BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ defined(BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) @@ -131,9 +145,9 @@ exit: return( status ); } #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || - * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || - * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) || + * defined(BUILTIN_ALG_RSA_PKCS1V15_SIGN) || + * defined(BUILTIN_ALG_RSA_PSS) || * defined(BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || * defined(BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */ @@ -323,8 +337,7 @@ static psa_status_t rsa_generate_key( /* Sign/verify hashes */ /****************************************************************/ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) +#if defined(BUILTIN_ALG_RSA_PKCS1V15_SIGN) || defined(BUILTIN_ALG_RSA_PSS) /* Decode the hash algorithm from alg and store the mbedtls encoding in * md_alg. Verify that the hash length is acceptable. */ @@ -344,7 +357,7 @@ static psa_status_t psa_rsa_decode_md_type( psa_algorithm_t alg, return( PSA_ERROR_INVALID_ARGUMENT ); #endif -#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) +#if defined(BUILTIN_ALG_RSA_PKCS1V15_SIGN) /* For PKCS#1 v1.5 signature, if using a hash, the hash length * must be correct. */ if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) && @@ -355,21 +368,21 @@ static psa_status_t psa_rsa_decode_md_type( psa_algorithm_t alg, if( mbedtls_md_get_size( md_info ) != hash_length ) return( PSA_ERROR_INVALID_ARGUMENT ); } -#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN */ +#endif /* BUILTIN_ALG_RSA_PKCS1V15_SIGN */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) +#if defined(BUILTIN_ALG_RSA_PSS) /* PSS requires a hash internally. */ if( PSA_ALG_IS_RSA_PSS( alg ) ) { if( md_info == NULL ) return( PSA_ERROR_NOT_SUPPORTED ); } -#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS */ +#endif /* BUILTIN_ALG_RSA_PSS */ return( PSA_SUCCESS ); } -psa_status_t mbedtls_psa_rsa_sign_hash( +static psa_status_t rsa_sign_hash( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, @@ -397,7 +410,7 @@ psa_status_t mbedtls_psa_rsa_sign_hash( goto exit; } -#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) +#if defined(BUILTIN_ALG_RSA_PKCS1V15_SIGN) if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) ) { mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V15, @@ -412,8 +425,8 @@ psa_status_t mbedtls_psa_rsa_sign_hash( signature ); } else -#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) +#endif /* BUILTIN_ALG_RSA_PKCS1V15_SIGN */ +#if defined(BUILTIN_ALG_RSA_PSS) if( PSA_ALG_IS_RSA_PSS( alg ) ) { mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg ); @@ -427,7 +440,7 @@ psa_status_t mbedtls_psa_rsa_sign_hash( signature ); } else -#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS */ +#endif /* BUILTIN_ALG_RSA_PSS */ { status = PSA_ERROR_INVALID_ARGUMENT; goto exit; @@ -444,7 +457,7 @@ exit: return( status ); } -psa_status_t mbedtls_psa_rsa_verify_hash( +static psa_status_t rsa_verify_hash( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, @@ -472,7 +485,7 @@ psa_status_t mbedtls_psa_rsa_verify_hash( goto exit; } -#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) +#if defined(BUILTIN_ALG_RSA_PKCS1V15_SIGN) if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) ) { mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V15, @@ -487,8 +500,8 @@ psa_status_t mbedtls_psa_rsa_verify_hash( signature ); } else -#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) +#endif /* BUILTIN_ALG_RSA_PKCS1V15_SIGN */ +#if defined(BUILTIN_ALG_RSA_PSS) if( PSA_ALG_IS_RSA_PSS( alg ) ) { mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg ); @@ -502,7 +515,7 @@ psa_status_t mbedtls_psa_rsa_verify_hash( signature ); } else -#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS */ +#endif /* BUILTIN_ALG_RSA_PSS */ { status = PSA_ERROR_INVALID_ARGUMENT; goto exit; @@ -522,8 +535,8 @@ exit: return( status ); } -#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || - * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) */ +#endif /* defined(BUILTIN_ALG_RSA_PKCS1V15_SIGN) || + * defined(BUILTIN_ALG_RSA_PSS) */ #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) @@ -561,6 +574,36 @@ psa_status_t mbedtls_psa_rsa_generate_key( } #endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) +psa_status_t mbedtls_psa_rsa_sign_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, + uint8_t *signature, size_t signature_size, size_t *signature_length ) +{ + return( rsa_sign_hash( + attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_size, signature_length ) ); +} + +psa_status_t mbedtls_psa_rsa_verify_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, + const uint8_t *signature, size_t signature_length ) +{ + return( rsa_verify_hash( + attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_length ) ); +} +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) */ + /* * BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY. */ @@ -603,6 +646,63 @@ psa_status_t mbedtls_transparent_test_driver_rsa_generate_key( } #endif /* defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) */ +#if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || \ + defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) +psa_status_t mbedtls_transparent_test_driver_rsa_sign_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, + uint8_t *signature, size_t signature_size, size_t *signature_length ) +{ +#if defined(MBEDTLS_RSA_C) && \ + (defined(MBEDTLS_PKCS1_V15) || defined(MBEDTLS_PKCS1_V21)) + return( rsa_sign_hash( + attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_size, signature_length ) ); +#else + (void)attributes; + (void)key_buffer; + (void)key_buffer_size; + (void)alg; + (void)hash; + (void)hash_length; + (void)signature; + (void)signature_size; + (void)signature_length; + return( PSA_ERROR_NOT_SUPPORTED ); +#endif +} + +psa_status_t mbedtls_transparent_test_driver_rsa_verify_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, + const uint8_t *signature, size_t signature_length ) +{ +#if defined(MBEDTLS_RSA_C) && \ + (defined(MBEDTLS_PKCS1_V15) || defined(MBEDTLS_PKCS1_V21)) + return( rsa_verify_hash( + attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_length ) ); +#else + (void)attributes; + (void)key_buffer; + (void)key_buffer_size; + (void)alg; + (void)hash; + (void)hash_length; + (void)signature; + (void)signature_length; + return( PSA_ERROR_NOT_SUPPORTED ); +#endif +} +#endif /* defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || + * defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) */ + #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* MBEDTLS_PSA_CRYPTO_C */ diff --git a/library/psa_crypto_rsa.h b/library/psa_crypto_rsa.h index bbf4e7d1e..41a90f78e 100644 --- a/library/psa_crypto_rsa.h +++ b/library/psa_crypto_rsa.h @@ -233,6 +233,18 @@ psa_status_t mbedtls_transparent_test_driver_rsa_generate_key( const psa_key_attributes_t *attributes, uint8_t *key, size_t key_size, size_t *key_length ); +psa_status_t mbedtls_transparent_test_driver_rsa_sign_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, + uint8_t *signature, size_t signature_size, size_t *signature_length ); + +psa_status_t mbedtls_transparent_test_driver_rsa_verify_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, + const uint8_t *signature, size_t signature_length ); + #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_RSA_H */ diff --git a/tests/src/drivers/signature.c b/tests/src/drivers/signature.c index cea035190..78b7ff993 100644 --- a/tests/src/drivers/signature.c +++ b/tests/src/drivers/signature.c @@ -28,6 +28,7 @@ #if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) #include "psa/crypto.h" #include "psa_crypto_core.h" +#include "psa_crypto_rsa.h" #include "mbedtls/ecp.h" #include "test/drivers/signature.h" @@ -66,6 +67,19 @@ psa_status_t test_transparent_signature_sign_hash( psa_status_t status = PSA_ERROR_NOT_SUPPORTED; +#if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || \ + defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) + if( attributes->core.type == PSA_KEY_TYPE_RSA_KEY_PAIR ) + { + return( mbedtls_transparent_test_driver_rsa_sign_hash( + attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_size, signature_length ) ); + } +#endif /* defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || + * defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) */ + #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \ defined(MBEDTLS_SHA256_C) if( alg != PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ) ) @@ -178,6 +192,19 @@ psa_status_t test_transparent_signature_verify_hash( psa_status_t status = PSA_ERROR_NOT_SUPPORTED; +#if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || \ + defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) + if( PSA_KEY_TYPE_IS_RSA( attributes->core.type ) ) + { + return( mbedtls_transparent_test_driver_rsa_verify_hash( + attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_length ) ); + } +#endif /* defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || + * defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) */ + #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \ defined(MBEDTLS_SHA256_C) if( alg != PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ) ) From d1cb91c603f87652134965a7d8aee71d8dcdd288 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 16 Feb 2021 20:37:54 +0100 Subject: [PATCH 10/20] psa: Change psa_ecdsa_sign/verify signature Change psa_ecdsa_sign/verify signature to that of a sign/verify_hash driver entry point before to move them to the psa_crypto_ecp.c ECP specific file. Signed-off-by: Ronald Cron --- library/psa_crypto.c | 119 +++++++++++++++++++++++-------------------- 1 file changed, 65 insertions(+), 54 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 6d5256a38..a9ce66479 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3073,20 +3073,28 @@ cleanup: #if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) -/* `ecp` cannot be const because `ecp->grp` needs to be non-const - * for mbedtls_ecdsa_sign() and mbedtls_ecdsa_sign_det() - * (even though these functions don't modify it). */ -static psa_status_t psa_ecdsa_sign( mbedtls_ecp_keypair *ecp, - psa_algorithm_t alg, - const uint8_t *hash, - size_t hash_length, - uint8_t *signature, - size_t signature_size, - size_t *signature_length ) + +static psa_status_t psa_ecdsa_sign( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, + uint8_t *signature, size_t signature_size, size_t *signature_length ) { + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + mbedtls_ecp_keypair *ecp = NULL; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + size_t curve_bytes; mbedtls_mpi r, s; - size_t curve_bytes = PSA_BITS_TO_BYTES( ecp->grp.pbits ); + + status = mbedtls_psa_ecp_load_representation( attributes->core.type, + attributes->core.bits, + key_buffer, + key_buffer_size, + &ecp ); + if( status != PSA_SUCCESS ) + return( status ); + + curve_bytes = PSA_BITS_TO_BYTES( ecp->grp.pbits ); mbedtls_mpi_init( &r ); mbedtls_mpi_init( &s ); @@ -3102,11 +3110,12 @@ static psa_status_t psa_ecdsa_sign( mbedtls_ecp_keypair *ecp, psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg ); const mbedtls_md_info_t *md_info = mbedtls_md_info_from_psa( hash_alg ); mbedtls_md_type_t md_alg = mbedtls_md_get_type( md_info ); - MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign_det_ext( &ecp->grp, &r, &s, - &ecp->d, hash, - hash_length, md_alg, - mbedtls_psa_get_random, - MBEDTLS_PSA_RANDOM_STATE ) ); + MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign_det_ext( + &ecp->grp, &r, &s, + &ecp->d, hash, + hash_length, md_alg, + mbedtls_psa_get_random, + MBEDTLS_PSA_RANDOM_STATE ) ); } else #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */ @@ -3124,29 +3133,49 @@ static psa_status_t psa_ecdsa_sign( mbedtls_ecp_keypair *ecp, MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &s, signature + curve_bytes, curve_bytes ) ); - cleanup: mbedtls_mpi_free( &r ); mbedtls_mpi_free( &s ); if( ret == 0 ) *signature_length = 2 * curve_bytes; + + mbedtls_ecp_keypair_free( ecp ); + mbedtls_free( ecp ); + return( mbedtls_to_psa_error( ret ) ); } -static psa_status_t psa_ecdsa_verify( mbedtls_ecp_keypair *ecp, - const uint8_t *hash, - size_t hash_length, - const uint8_t *signature, - size_t signature_length ) +static psa_status_t psa_ecdsa_verify( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, + const uint8_t *signature, size_t signature_length ) { + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + mbedtls_ecp_keypair *ecp = NULL; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + size_t curve_bytes; mbedtls_mpi r, s; - size_t curve_bytes = PSA_BITS_TO_BYTES( ecp->grp.pbits ); + + (void)alg; + + status = mbedtls_psa_ecp_load_representation( attributes->core.type, + attributes->core.bits, + key_buffer, + key_buffer_size, + &ecp ); + if( status != PSA_SUCCESS ) + return( status ); + + curve_bytes = PSA_BITS_TO_BYTES( ecp->grp.pbits ); mbedtls_mpi_init( &r ); mbedtls_mpi_init( &s ); if( signature_length != 2 * curve_bytes ) - return( PSA_ERROR_INVALID_SIGNATURE ); + { + ret = MBEDTLS_ERR_ECP_VERIFY_FAILED; + goto cleanup; + } MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &r, signature, @@ -3169,6 +3198,9 @@ static psa_status_t psa_ecdsa_verify( mbedtls_ecp_keypair *ecp, cleanup: mbedtls_mpi_free( &r ); mbedtls_mpi_free( &s ); + mbedtls_ecp_keypair_free( ecp ); + mbedtls_free( ecp ); + return( mbedtls_to_psa_error( ret ) ); } #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || @@ -3207,21 +3239,11 @@ psa_status_t psa_sign_hash_internal( #endif ) { - mbedtls_ecp_keypair *ecp = NULL; - status = mbedtls_psa_ecp_load_representation( attributes->core.type, - attributes->core.bits, - key_buffer, - key_buffer_size, - &ecp ); - if( status != PSA_SUCCESS ) - goto exit; - status = psa_ecdsa_sign( ecp, - alg, - hash, hash_length, - signature, signature_size, - signature_length ); - mbedtls_ecp_keypair_free( ecp ); - mbedtls_free( ecp ); + return( psa_ecdsa_sign( attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_size, + signature_length ) ); } else #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || @@ -3235,7 +3257,6 @@ psa_status_t psa_sign_hash_internal( status = PSA_ERROR_NOT_SUPPORTED; } -exit: return( status ); } @@ -3325,20 +3346,10 @@ psa_status_t psa_verify_hash_internal( defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) if( PSA_ALG_IS_ECDSA( alg ) ) { - mbedtls_ecp_keypair *ecp = NULL; - status = mbedtls_psa_ecp_load_representation( attributes->core.type, - attributes->core.bits, - key_buffer, - key_buffer_size, - &ecp ); - if( status != PSA_SUCCESS ) - goto exit; - status = psa_ecdsa_verify( ecp, - hash, hash_length, - signature, signature_length ); - mbedtls_ecp_keypair_free( ecp ); - mbedtls_free( ecp ); - goto exit; + return( psa_ecdsa_verify( attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_length ) ); } else #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || From 072722ccb0566790d099cdc27ded694bbae96cce Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 9 Dec 2020 16:36:19 +0100 Subject: [PATCH 11/20] psa: Move ECDSA sign/verify to PSA ECP specific file Signed-off-by: Ronald Cron --- library/psa_crypto.c | 154 +++------------------------------------ library/psa_crypto_ecp.c | 140 +++++++++++++++++++++++++++++++++++ library/psa_crypto_ecp.h | 72 ++++++++++++++++++ 3 files changed, 222 insertions(+), 144 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index a9ce66479..2d237a6e9 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3071,141 +3071,6 @@ cleanup: /* Asymmetric cryptography */ /****************************************************************/ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) - -static psa_status_t psa_ecdsa_sign( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, size_t key_buffer_size, - psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, - uint8_t *signature, size_t signature_size, size_t *signature_length ) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_ecp_keypair *ecp = NULL; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t curve_bytes; - mbedtls_mpi r, s; - - status = mbedtls_psa_ecp_load_representation( attributes->core.type, - attributes->core.bits, - key_buffer, - key_buffer_size, - &ecp ); - if( status != PSA_SUCCESS ) - return( status ); - - curve_bytes = PSA_BITS_TO_BYTES( ecp->grp.pbits ); - mbedtls_mpi_init( &r ); - mbedtls_mpi_init( &s ); - - if( signature_size < 2 * curve_bytes ) - { - ret = MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL; - goto cleanup; - } - -#if defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) - if( PSA_ALG_DSA_IS_DETERMINISTIC( alg ) ) - { - psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg ); - const mbedtls_md_info_t *md_info = mbedtls_md_info_from_psa( hash_alg ); - mbedtls_md_type_t md_alg = mbedtls_md_get_type( md_info ); - MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign_det_ext( - &ecp->grp, &r, &s, - &ecp->d, hash, - hash_length, md_alg, - mbedtls_psa_get_random, - MBEDTLS_PSA_RANDOM_STATE ) ); - } - else -#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */ - { - (void) alg; - MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign( &ecp->grp, &r, &s, &ecp->d, - hash, hash_length, - mbedtls_psa_get_random, - MBEDTLS_PSA_RANDOM_STATE ) ); - } - - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &r, - signature, - curve_bytes ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &s, - signature + curve_bytes, - curve_bytes ) ); -cleanup: - mbedtls_mpi_free( &r ); - mbedtls_mpi_free( &s ); - if( ret == 0 ) - *signature_length = 2 * curve_bytes; - - mbedtls_ecp_keypair_free( ecp ); - mbedtls_free( ecp ); - - return( mbedtls_to_psa_error( ret ) ); -} - -static psa_status_t psa_ecdsa_verify( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, size_t key_buffer_size, - psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, - const uint8_t *signature, size_t signature_length ) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_ecp_keypair *ecp = NULL; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t curve_bytes; - mbedtls_mpi r, s; - - (void)alg; - - status = mbedtls_psa_ecp_load_representation( attributes->core.type, - attributes->core.bits, - key_buffer, - key_buffer_size, - &ecp ); - if( status != PSA_SUCCESS ) - return( status ); - - curve_bytes = PSA_BITS_TO_BYTES( ecp->grp.pbits ); - mbedtls_mpi_init( &r ); - mbedtls_mpi_init( &s ); - - if( signature_length != 2 * curve_bytes ) - { - ret = MBEDTLS_ERR_ECP_VERIFY_FAILED; - goto cleanup; - } - - MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &r, - signature, - curve_bytes ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &s, - signature + curve_bytes, - curve_bytes ) ); - - /* Check whether the public part is loaded. If not, load it. */ - if( mbedtls_ecp_is_zero( &ecp->Q ) ) - { - MBEDTLS_MPI_CHK( - mbedtls_ecp_mul( &ecp->grp, &ecp->Q, &ecp->d, &ecp->grp.G, - mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE ) ); - } - - ret = mbedtls_ecdsa_verify( &ecp->grp, hash, hash_length, - &ecp->Q, &r, &s ); - -cleanup: - mbedtls_mpi_free( &r ); - mbedtls_mpi_free( &s ); - mbedtls_ecp_keypair_free( ecp ); - mbedtls_free( ecp ); - - return( mbedtls_to_psa_error( ret ) ); -} -#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || - * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */ - psa_status_t psa_sign_hash_internal( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, @@ -3239,11 +3104,11 @@ psa_status_t psa_sign_hash_internal( #endif ) { - return( psa_ecdsa_sign( attributes, - key_buffer, key_buffer_size, - alg, hash, hash_length, - signature, signature_size, - signature_length ) ); + return( mbedtls_psa_ecdsa_sign_hash( + attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_size, signature_length ) ); } else #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || @@ -3346,10 +3211,11 @@ psa_status_t psa_verify_hash_internal( defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) if( PSA_ALG_IS_ECDSA( alg ) ) { - return( psa_ecdsa_verify( attributes, - key_buffer, key_buffer_size, - alg, hash, hash_length, - signature, signature_length ) ); + return( mbedtls_psa_ecdsa_verify_hash( + attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_length ) ); } else #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || diff --git a/library/psa_crypto_ecp.c b/library/psa_crypto_ecp.c index 23ec6acef..bd40f2ea9 100644 --- a/library/psa_crypto_ecp.c +++ b/library/psa_crypto_ecp.c @@ -35,6 +35,7 @@ #define mbedtls_free free #endif +#include #include #include @@ -337,6 +338,145 @@ static psa_status_t ecp_generate_key( } #endif /* defined(BUILTIN_KEY_TYPE_ECC_KEY_PAIR) */ +/****************************************************************/ +/* ECDSA sign/verify */ +/****************************************************************/ + +#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) +psa_status_t mbedtls_psa_ecdsa_sign_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, + uint8_t *signature, size_t signature_size, size_t *signature_length ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + mbedtls_ecp_keypair *ecp = NULL; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + size_t curve_bytes; + mbedtls_mpi r, s; + + status = mbedtls_psa_ecp_load_representation( attributes->core.type, + attributes->core.bits, + key_buffer, + key_buffer_size, + &ecp ); + if( status != PSA_SUCCESS ) + return( status ); + + curve_bytes = PSA_BITS_TO_BYTES( ecp->grp.pbits ); + mbedtls_mpi_init( &r ); + mbedtls_mpi_init( &s ); + + if( signature_size < 2 * curve_bytes ) + { + ret = MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL; + goto cleanup; + } + +#if defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) + if( PSA_ALG_DSA_IS_DETERMINISTIC( alg ) ) + { + psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg ); + const mbedtls_md_info_t *md_info = mbedtls_md_info_from_psa( hash_alg ); + mbedtls_md_type_t md_alg = mbedtls_md_get_type( md_info ); + MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign_det_ext( + &ecp->grp, &r, &s, + &ecp->d, hash, + hash_length, md_alg, + mbedtls_psa_get_random, + MBEDTLS_PSA_RANDOM_STATE ) ); + } + else +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */ + { + (void) alg; + MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign( &ecp->grp, &r, &s, &ecp->d, + hash, hash_length, + mbedtls_psa_get_random, + MBEDTLS_PSA_RANDOM_STATE ) ); + } + + MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &r, + signature, + curve_bytes ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &s, + signature + curve_bytes, + curve_bytes ) ); +cleanup: + mbedtls_mpi_free( &r ); + mbedtls_mpi_free( &s ); + if( ret == 0 ) + *signature_length = 2 * curve_bytes; + + mbedtls_ecp_keypair_free( ecp ); + mbedtls_free( ecp ); + + return( mbedtls_to_psa_error( ret ) ); +} + +psa_status_t mbedtls_psa_ecdsa_verify_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, + const uint8_t *signature, size_t signature_length ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + mbedtls_ecp_keypair *ecp = NULL; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + size_t curve_bytes; + mbedtls_mpi r, s; + + (void)alg; + + status = mbedtls_psa_ecp_load_representation( attributes->core.type, + attributes->core.bits, + key_buffer, + key_buffer_size, + &ecp ); + if( status != PSA_SUCCESS ) + return( status ); + + curve_bytes = PSA_BITS_TO_BYTES( ecp->grp.pbits ); + mbedtls_mpi_init( &r ); + mbedtls_mpi_init( &s ); + + if( signature_length != 2 * curve_bytes ) + { + ret = MBEDTLS_ERR_ECP_VERIFY_FAILED; + goto cleanup; + } + + MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &r, + signature, + curve_bytes ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &s, + signature + curve_bytes, + curve_bytes ) ); + + /* Check whether the public part is loaded. If not, load it. */ + if( mbedtls_ecp_is_zero( &ecp->Q ) ) + { + MBEDTLS_MPI_CHK( + mbedtls_ecp_mul( &ecp->grp, &ecp->Q, &ecp->d, &ecp->grp.G, + mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE ) ); + } + + ret = mbedtls_ecdsa_verify( &ecp->grp, hash, hash_length, + &ecp->Q, &r, &s ); + +cleanup: + mbedtls_mpi_free( &r ); + mbedtls_mpi_free( &s ); + mbedtls_ecp_keypair_free( ecp ); + mbedtls_free( ecp ); + + return( mbedtls_to_psa_error( ret ) ); +} + +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ + * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */ + #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) diff --git a/library/psa_crypto_ecp.h b/library/psa_crypto_ecp.h index 5c9b63c39..72453e668 100644 --- a/library/psa_crypto_ecp.h +++ b/library/psa_crypto_ecp.h @@ -146,6 +146,78 @@ psa_status_t mbedtls_psa_ecp_generate_key( const psa_key_attributes_t *attributes, uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length ); +/** Sign an already-calculated hash with ECDSA. + * + * \note The signature of this function is that of a PSA driver + * sign_hash entry point. This function behaves as a sign_hash + * entry point as defined in the PSA driver interface specification for + * transparent drivers. + * + * \param[in] attributes The attributes of the ECC key to use for the + * operation. + * \param[in] key_buffer The buffer containing the ECC key context. + * format. + * \param[in] key_buffer_size Size of the \p key_buffer buffer in bytes. + * \param[in] alg Randomized or deterministic ECDSA algorithm. + * \param[in] hash The hash or message to sign. + * \param[in] hash_length Size of the \p hash buffer in bytes. + * \param[out] signature Buffer where the signature is to be written. + * \param[in] signature_size Size of the \p signature buffer in bytes. + * \param[out] signature_length On success, the number of bytes + * that make up the returned signature value. + * + * \retval #PSA_SUCCESS + * \retval #PSA_ERROR_BUFFER_TOO_SMALL + * The size of the \p signature buffer is too small. You can + * determine a sufficient buffer size by calling + * #PSA_SIGN_OUTPUT_SIZE(\c PSA_KEY_TYPE_ECC_KEY_PAIR, \c key_bits, + * \p alg) where \c key_bits is the bit-size of the ECC key. + * \retval #PSA_ERROR_NOT_SUPPORTED + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY + */ +psa_status_t mbedtls_psa_ecdsa_sign_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, + uint8_t *signature, size_t signature_size, size_t *signature_length ); + +/** + * \brief Verify an ECDSA hash or short message signature. + * + * \note The signature of this function is that of a PSA driver + * verify_hash entry point. This function behaves as a verify_hash + * entry point as defined in the PSA driver interface specification for + * transparent drivers. + * + * \param[in] attributes The attributes of the ECC key to use for the + * operation. + * \param[in] key_buffer The buffer containing the ECC key context. + * format. + * \param[in] key_buffer_size Size of the \p key_buffer buffer in bytes. + * \param[in] alg Randomized or deterministic ECDSA algorithm. + * \param[in] hash The hash or message whose signature is to be + * verified. + * \param[in] hash_length Size of the \p hash buffer in bytes. + * \param[in] signature Buffer containing the signature to verify. + * \param[in] signature_length Size of the \p signature buffer in bytes. + * + * \retval #PSA_SUCCESS + * The signature is valid. + * \retval #PSA_ERROR_INVALID_SIGNATURE + * The calculation was performed successfully, but the passed + * signature is not a valid signature. + * \retval #PSA_ERROR_NOT_SUPPORTED + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + */ +psa_status_t mbedtls_psa_ecdsa_verify_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, + const uint8_t *signature, size_t signature_length ); /* * BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY. */ From 8a494f3ebdbe042a3982b4c193dc4eb2d3952aff Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 17 Feb 2021 09:49:51 +0100 Subject: [PATCH 12/20] psa: Post move adjustments to psa_sign/verify_hash_internal Signed-off-by: Ronald Cron --- library/psa_crypto.c | 35 +++++++++++++++++++++-------------- 1 file changed, 21 insertions(+), 14 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 2d237a6e9..ecb00f0b0 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3077,8 +3077,6 @@ psa_status_t psa_sign_hash_internal( psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, uint8_t *signature, size_t signature_size, size_t *signature_length ) { - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - #if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) if( attributes->core.type == PSA_KEY_TYPE_RSA_KEY_PAIR ) @@ -3114,15 +3112,22 @@ psa_status_t psa_sign_hash_internal( #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */ { - status = PSA_ERROR_INVALID_ARGUMENT; + return( PSA_ERROR_INVALID_ARGUMENT ); } } else { - status = PSA_ERROR_NOT_SUPPORTED; - } + (void)key_buffer; + (void)key_buffer_size; + (void)alg; + (void)hash; + (void)hash_length; + (void)signature; + (void)signature_size; + (void)signature_length; - return( status ); + return( PSA_ERROR_NOT_SUPPORTED ); + } } psa_status_t psa_sign_hash( mbedtls_svc_key_id_t key, @@ -3190,8 +3195,6 @@ psa_status_t psa_verify_hash_internal( psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, const uint8_t *signature, size_t signature_length ) { - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - #if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) if( PSA_KEY_TYPE_IS_RSA( attributes->core.type ) ) @@ -3221,17 +3224,21 @@ psa_status_t psa_verify_hash_internal( #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */ { - status = PSA_ERROR_INVALID_ARGUMENT; - goto exit; + return( PSA_ERROR_INVALID_ARGUMENT ); } } else { - status = PSA_ERROR_NOT_SUPPORTED; - } + (void)key_buffer; + (void)key_buffer_size; + (void)alg; + (void)hash; + (void)hash_length; + (void)signature; + (void)signature_length; -exit: - return( status ); + return( PSA_ERROR_NOT_SUPPORTED ); + } } psa_status_t psa_verify_hash( mbedtls_svc_key_id_t key, From b5399a8346bb5ce07e639e3cf8dc3598ecd3fb34 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 10 Dec 2020 09:35:33 +0100 Subject: [PATCH 13/20] psa: Rework ECDSA sign/verify support in the transparent test driver Signed-off-by: Ronald Cron --- library/psa_crypto_ecp.c | 130 +++++++++++++++++-- library/psa_crypto_ecp.h | 12 ++ tests/src/drivers/signature.c | 235 ++++++++++------------------------ 3 files changed, 197 insertions(+), 180 deletions(-) diff --git a/library/psa_crypto_ecp.c b/library/psa_crypto_ecp.c index bd40f2ea9..15e5d0238 100644 --- a/library/psa_crypto_ecp.c +++ b/library/psa_crypto_ecp.c @@ -51,11 +51,25 @@ #define BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY 1 #endif +#if ( defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ + ( defined(PSA_CRYPTO_DRIVER_TEST) && \ + defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) && \ + defined(MBEDTLS_ECDSA_C) ) ) +#define BUILTIN_ALG_ECDSA 1 +#endif + +#if ( defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) || \ + ( defined(PSA_CRYPTO_DRIVER_TEST) && \ + defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) && \ + defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) ) ) +#define BUILTIN_ALG_DETERMINISTIC_ECDSA 1 +#endif + #if defined(BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ defined(BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) + defined(BUILTIN_ALG_ECDSA) || \ + defined(BUILTIN_ALG_DETERMINISTIC_ECDSA) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) psa_status_t mbedtls_psa_ecp_load_representation( psa_key_type_t type, size_t curve_bits, const uint8_t *data, size_t data_length, @@ -168,9 +182,9 @@ exit: } #endif /* defined(BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || * defined(BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) || - * defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || - * defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) || - * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */ + * defined(BUILTIN_ALG_ECDSA) || + * defined(BUILTIN_ALG_DETERMINISTIC_ECDSA) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) */ #if defined(BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ defined(BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) @@ -342,9 +356,9 @@ static psa_status_t ecp_generate_key( /* ECDSA sign/verify */ /****************************************************************/ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) -psa_status_t mbedtls_psa_ecdsa_sign_hash( +#if defined(BUILTIN_ALG_ECDSA) || \ + defined(BUILTIN_ALG_DETERMINISTIC_ECDSA) +static psa_status_t ecdsa_sign_hash( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, @@ -374,7 +388,7 @@ psa_status_t mbedtls_psa_ecdsa_sign_hash( goto cleanup; } -#if defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) +#if defined(BUILTIN_ALG_DETERMINISTIC_ECDSA) if( PSA_ALG_DSA_IS_DETERMINISTIC( alg ) ) { psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg ); @@ -388,7 +402,7 @@ psa_status_t mbedtls_psa_ecdsa_sign_hash( MBEDTLS_PSA_RANDOM_STATE ) ); } else -#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */ +#endif /* defined(BUILTIN_ALG_DETERMINISTIC_ECDSA) */ { (void) alg; MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign( &ecp->grp, &r, &s, &ecp->d, @@ -415,7 +429,7 @@ cleanup: return( mbedtls_to_psa_error( ret ) ); } -psa_status_t mbedtls_psa_ecdsa_verify_hash( +static psa_status_t ecdsa_verify_hash( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, @@ -474,8 +488,8 @@ cleanup: return( mbedtls_to_psa_error( ret ) ); } -#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ - * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */ +#endif /* defined(BUILTIN_ALG_ECDSA) || \ + * defined(BUILTIN_ALG_DETERMINISTIC_ECDSA) */ #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) @@ -513,6 +527,38 @@ psa_status_t mbedtls_psa_ecp_generate_key( } #endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) */ + +#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) + +psa_status_t mbedtls_psa_ecdsa_sign_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, + uint8_t *signature, size_t signature_size, size_t *signature_length ) +{ + + return( ecdsa_sign_hash( attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_size, signature_length ) ); +} + +psa_status_t mbedtls_psa_ecdsa_verify_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, + const uint8_t *signature, size_t signature_length ) +{ + return( ecdsa_verify_hash( attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_length ) ); +} + +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */ + /* * BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY. */ @@ -557,6 +603,62 @@ psa_status_t mbedtls_transparent_test_driver_ecp_generate_key( #endif /* defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) && defined(MBEDTLS_GENPRIME) */ +#if defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || \ + defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) + +psa_status_t mbedtls_transparent_test_driver_ecdsa_sign_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, + uint8_t *signature, size_t signature_size, size_t *signature_length ) +{ + +#if defined(MBEDTLS_ECDSA_C) + return( ecdsa_sign_hash( attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_size, signature_length ) ); +#else + (void)attributes; + (void)key_buffer; + (void)key_buffer_size; + (void)alg; + (void)hash; + (void)hash_length; + (void)signature; + (void)signature_size; + (void)signature_length; + return( PSA_ERROR_NOT_SUPPORTED ); +#endif +} + +psa_status_t mbedtls_transparent_test_driver_ecdsa_verify_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, + const uint8_t *signature, size_t signature_length ) +{ +#if defined(MBEDTLS_ECDSA_C) + return( ecdsa_verify_hash( attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_length ) ); +#else + (void)attributes; + (void)key_buffer; + (void)key_buffer_size; + (void)alg; + (void)hash; + (void)hash_length; + (void)signature; + (void)signature_length; + return( PSA_ERROR_NOT_SUPPORTED ); +#endif +} + +#endif /* defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || + * defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) */ + #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* MBEDTLS_PSA_CRYPTO_C */ diff --git a/library/psa_crypto_ecp.h b/library/psa_crypto_ecp.h index 72453e668..0c2b92895 100644 --- a/library/psa_crypto_ecp.h +++ b/library/psa_crypto_ecp.h @@ -239,6 +239,18 @@ psa_status_t mbedtls_transparent_test_driver_ecp_generate_key( const psa_key_attributes_t *attributes, uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length ); +psa_status_t mbedtls_transparent_test_driver_ecdsa_sign_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, + uint8_t *signature, size_t signature_size, size_t *signature_length ); + +psa_status_t mbedtls_transparent_test_driver_ecdsa_verify_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, + const uint8_t *signature, size_t signature_length ); + #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_ECP_H */ diff --git a/tests/src/drivers/signature.c b/tests/src/drivers/signature.c index 78b7ff993..47c6debc5 100644 --- a/tests/src/drivers/signature.c +++ b/tests/src/drivers/signature.c @@ -28,6 +28,7 @@ #if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) #include "psa/crypto.h" #include "psa_crypto_core.h" +#include "psa_crypto_ecp.h" #include "psa_crypto_rsa.h" #include "mbedtls/ecp.h" @@ -45,7 +46,7 @@ test_driver_signature_hooks_t test_driver_signature_verify_hooks = TEST_DRIVER_S psa_status_t test_transparent_signature_sign_hash( const psa_key_attributes_t *attributes, - const uint8_t *key, size_t key_length, + const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, uint8_t *signature, size_t signature_size, size_t *signature_length ) @@ -65,8 +66,6 @@ psa_status_t test_transparent_signature_sign_hash( return( PSA_SUCCESS ); } - psa_status_t status = PSA_ERROR_NOT_SUPPORTED; - #if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || \ defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) if( attributes->core.type == PSA_KEY_TYPE_RSA_KEY_PAIR ) @@ -77,86 +76,48 @@ psa_status_t test_transparent_signature_sign_hash( alg, hash, hash_length, signature, signature_size, signature_length ) ); } + else #endif /* defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || * defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) */ -#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \ - defined(MBEDTLS_SHA256_C) - if( alg != PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ) ) +#if defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || \ + defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) + if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) ) + { + if( +#if defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) + PSA_ALG_IS_ECDSA( alg ) +#else + PSA_ALG_IS_RANDOMIZED_ECDSA( alg ) +#endif + ) + { + return( mbedtls_transparent_test_driver_ecdsa_sign_hash( + attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_size, signature_length ) ); + } + else + { + return( PSA_ERROR_INVALID_ARGUMENT ); + } + } + else +#endif /* defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || + * defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) */ + { + (void)attributes; + (void)key_buffer; + (void)key_buffer_size; + (void)alg; + (void)hash; + (void)hash_length; + (void)signature; + (void)signature_size; + (void)signature_length; return( PSA_ERROR_NOT_SUPPORTED ); - mbedtls_ecp_group_id grp_id; - switch( psa_get_key_type( attributes ) ) - { - case PSA_ECC_CURVE_SECP_R1: - switch( psa_get_key_bits( attributes ) ) - { - case 256: - grp_id = MBEDTLS_ECP_DP_SECP256R1; - break; - case 384: - grp_id = MBEDTLS_ECP_DP_SECP384R1; - break; - case 521: - grp_id = MBEDTLS_ECP_DP_SECP521R1; - break; - default: - return( PSA_ERROR_NOT_SUPPORTED ); - } - break; - default: - return( PSA_ERROR_NOT_SUPPORTED ); } - - /* Beyond this point, the driver is actually doing the work of - * calculating the signature. */ - - status = PSA_ERROR_GENERIC_ERROR; - int ret = 0; - mbedtls_mpi r, s; - mbedtls_mpi_init( &r ); - mbedtls_mpi_init( &s ); - mbedtls_ecp_keypair ecp; - mbedtls_ecp_keypair_init( &ecp ); - size_t curve_bytes = PSA_BITS_TO_BYTES( ecp.grp.pbits ); - - MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &ecp.grp, grp_id ) ); - MBEDTLS_MPI_CHK( mbedtls_ecp_point_read_binary( &ecp.grp, &ecp.Q, - key, key_length ) ); - - /* Code adapted from psa_ecdsa_sign() in psa_crypto.c. */ - mbedtls_md_type_t md_alg = MBEDTLS_MD_SHA256; - if( signature_size < 2 * curve_bytes ) - { - status = PSA_ERROR_BUFFER_TOO_SMALL; - goto cleanup; - } - MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign_det( &ecp.grp, &r, &s, &ecp.d, - hash, hash_length, md_alg ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &r, - signature, - curve_bytes ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &s, - signature + curve_bytes, - curve_bytes ) ); -cleanup: - status = mbedtls_to_psa_error( ret ); - mbedtls_mpi_free( &r ); - mbedtls_mpi_free( &s ); - mbedtls_ecp_keypair_free( &ecp ); - if( status == PSA_SUCCESS ) - *signature_length = 2 * curve_bytes; -#else /* defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \ - defined(MBEDTLS_SHA256_C) */ - (void) attributes; - (void) key; - (void) key_length; - (void) alg; - (void) hash; - (void) hash_length; -#endif /* defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \ - defined(MBEDTLS_SHA256_C) */ - - return( status ); } psa_status_t test_opaque_signature_sign_hash( @@ -175,12 +136,13 @@ psa_status_t test_opaque_signature_sign_hash( (void) signature; (void) signature_size; (void) signature_length; + return( PSA_ERROR_NOT_SUPPORTED ); } psa_status_t test_transparent_signature_verify_hash( const psa_key_attributes_t *attributes, - const uint8_t *key, size_t key_length, + const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, const uint8_t *signature, size_t signature_length ) @@ -190,8 +152,6 @@ psa_status_t test_transparent_signature_verify_hash( if( test_driver_signature_verify_hooks.forced_status != PSA_SUCCESS ) return( test_driver_signature_verify_hooks.forced_status ); - psa_status_t status = PSA_ERROR_NOT_SUPPORTED; - #if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || \ defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) if( PSA_KEY_TYPE_IS_RSA( attributes->core.type ) ) @@ -202,99 +162,42 @@ psa_status_t test_transparent_signature_verify_hash( alg, hash, hash_length, signature, signature_length ) ); } + else #endif /* defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || * defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) */ -#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \ - defined(MBEDTLS_SHA256_C) - if( alg != PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ) ) - return( PSA_ERROR_NOT_SUPPORTED ); - mbedtls_ecp_group_id grp_id; - switch( psa_get_key_type( attributes ) ) +#if defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || \ + defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) + if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) ) { - case PSA_ECC_CURVE_SECP_R1: - switch( psa_get_key_bits( attributes ) ) - { - case 256: - grp_id = MBEDTLS_ECP_DP_SECP256R1; - break; - case 384: - grp_id = MBEDTLS_ECP_DP_SECP384R1; - break; - case 521: - grp_id = MBEDTLS_ECP_DP_SECP521R1; - break; - default: - return( PSA_ERROR_NOT_SUPPORTED ); - } - break; - default: - return( PSA_ERROR_NOT_SUPPORTED ); + if( PSA_ALG_IS_ECDSA( alg ) ) + { + return( mbedtls_transparent_test_driver_ecdsa_verify_hash( + attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_length ) ); + } + else + { + return( PSA_ERROR_INVALID_ARGUMENT ); + } } - - /* Beyond this point, the driver is actually doing the work of - * calculating the signature. */ - - status = PSA_ERROR_GENERIC_ERROR; - int ret = 0; - mbedtls_mpi r, s; - mbedtls_mpi_init( &r ); - mbedtls_mpi_init( &s ); - mbedtls_ecp_keypair ecp; - mbedtls_ecp_keypair_init( &ecp ); - mbedtls_test_rnd_pseudo_info rnd_info; - memset( &rnd_info, 0x5A, sizeof( mbedtls_test_rnd_pseudo_info ) ); - size_t curve_bytes = PSA_BITS_TO_BYTES( ecp.grp.pbits ); - - MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &ecp.grp, grp_id ) ); - - /* Code adapted from psa_ecdsa_verify() in psa_crypto.c. */ - if( signature_length < 2 * curve_bytes ) - { - status = PSA_ERROR_BUFFER_TOO_SMALL; - goto cleanup; - } - - MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &r, - signature, - curve_bytes ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &s, - signature + curve_bytes, - curve_bytes ) ); - - if( PSA_KEY_TYPE_IS_PUBLIC_KEY( psa_get_key_type( attributes ) ) ) - MBEDTLS_MPI_CHK( mbedtls_ecp_point_read_binary( &ecp.grp, &ecp.Q, - key, key_length ) ); else +#endif /* defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || + * defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) */ { - MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ecp.d, key, key_length ) ); - MBEDTLS_MPI_CHK( - mbedtls_ecp_mul( &ecp.grp, &ecp.Q, &ecp.d, &ecp.grp.G, - &mbedtls_test_rnd_pseudo_rand, - &rnd_info ) ); + (void)attributes; + (void)key_buffer; + (void)key_buffer_size; + (void)alg; + (void)hash; + (void)hash_length; + (void)signature; + (void)signature_length; + + return( PSA_ERROR_NOT_SUPPORTED ); } - - MBEDTLS_MPI_CHK( mbedtls_ecdsa_verify( &ecp.grp, hash, hash_length, - &ecp.Q, &r, &s ) ); -cleanup: - status = mbedtls_to_psa_error( ret ); - mbedtls_mpi_free( &r ); - mbedtls_mpi_free( &s ); - mbedtls_ecp_keypair_free( &ecp ); -#else /* defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \ - defined(MBEDTLS_SHA256_C) */ - (void) attributes; - (void) key; - (void) key_length; - (void) alg; - (void) hash; - (void) hash_length; - (void) signature; - (void) signature_length; -#endif /* defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \ - defined(MBEDTLS_SHA256_C) */ - - return( status ); } psa_status_t test_opaque_signature_verify_hash( From 4993c13cd338aede6b552820a18e926773e778e0 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 10 Dec 2020 17:49:22 +0100 Subject: [PATCH 14/20] tests: psa: Change test driver default forced return value Change signature test driver default forced return value from PSA_ERROR_NOT_SUPPORTED to PSA_SUCCESS to be able to run the PSA unit tests with hash signature and signature verification being handled by the transparent test driver. Signed-off-by: Ronald Cron --- tests/include/test/drivers/signature.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/include/test/drivers/signature.h b/tests/include/test/drivers/signature.h index 8abcb111a..e78515125 100644 --- a/tests/include/test/drivers/signature.h +++ b/tests/include/test/drivers/signature.h @@ -40,7 +40,7 @@ typedef struct { unsigned long hits; } test_driver_signature_hooks_t; -#define TEST_DRIVER_SIGNATURE_INIT { NULL, 0, PSA_ERROR_NOT_SUPPORTED, 0 } +#define TEST_DRIVER_SIGNATURE_INIT { NULL, 0, PSA_SUCCESS, 0 } static inline test_driver_signature_hooks_t test_driver_signature_hooks_init( void ) { const test_driver_signature_hooks_t v = TEST_DRIVER_SIGNATURE_INIT; From 8d5645a858891a686b0f1d23fffed4c812a52c4d Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 10 Dec 2020 18:09:33 +0100 Subject: [PATCH 15/20] tests: psa driver wrapper: Fix sign/verify unit test dependency In test_suite_psa_crypto_driver_wrappers test suite, the sign/verify tests with software fallback tests should be run only if the software fallback is available. Signed-off-by: Ronald Cron --- tests/suites/test_suite_psa_crypto_driver_wrappers.data | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.data b/tests/suites/test_suite_psa_crypto_driver_wrappers.data index 14f84c023..8ac27a902 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.data +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.data @@ -2,6 +2,7 @@ sign_hash through transparent driver: calculate in driver ecdsa_sign:PSA_SUCCESS:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":0:PSA_SUCCESS sign_hash through transparent driver: fallback +depends_on:MBEDTLS_PSA_BUILTIN_ALG_ECDSA ecdsa_sign:PSA_ERROR_NOT_SUPPORTED:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":0:PSA_SUCCESS sign_hash through transparent driver: error @@ -14,6 +15,7 @@ verify_hash using private key through transparent driver: calculate in driver ecdsa_verify:PSA_SUCCESS:0:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_SUCCESS verify_hash using private key through transparent driver: fallback +depends_on:MBEDTLS_PSA_BUILTIN_ALG_ECDSA ecdsa_verify:PSA_ERROR_NOT_SUPPORTED:0:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_SUCCESS verify_hash using private key through transparent driver: error @@ -23,6 +25,7 @@ verify_hash using public key through transparent driver: calculate in driver ecdsa_verify:PSA_SUCCESS:1:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_SUCCESS verify_hash using public key through transparent driver: fallback +depends_on:MBEDTLS_PSA_BUILTIN_ALG_ECDSA ecdsa_verify:PSA_ERROR_NOT_SUPPORTED:1:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_SUCCESS verify_hash using public key through transparent driver: error From 17b3afcc336e94365b3fa9dc5b4ab7e0af6b8591 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 10 Dec 2020 18:17:09 +0100 Subject: [PATCH 16/20] tests: psa: Test sign/verify hash by a transparent driver Test signature and signature verification by a transparent driver in all.sh test_psa_crypto_config_basic and test_psa_crypto_drivers components. Signed-off-by: Ronald Cron --- tests/scripts/all.sh | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 1036a7cfd..f6a1ac753 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1371,7 +1371,17 @@ component_test_psa_crypto_config_basic() { scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" + loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST" + loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR" + loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR" + loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN" + loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_RSA_PSS" + loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_ECDSA" + loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA" + loc_cflags="${loc_cflags} -I../tests/include -O2" + + make CC=gcc CFLAGS="$loc_cflags" LDFLAGS="$ASAN_CFLAGS" + unset loc_cflags msg "test: full + MBEDTLS_PSA_CRYPTO_CONFIG" make test @@ -2139,7 +2149,17 @@ component_test_psa_crypto_drivers () { msg "build: MBEDTLS_PSA_CRYPTO_DRIVERS w/ driver hooks" scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR -DMBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" + loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST" + loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR" + loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR" + loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN" + loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_RSA_PSS" + loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_ECDSA" + loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA" + loc_cflags="${loc_cflags} -I../tests/include -O2" + + make CC=gcc CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS" + unset loc_cflags msg "test: MBEDTLS_PSA_CRYPTO_DRIVERS, signature" make test From cbc135599ee68956f21497ec5f8723bc571f3b9c Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 3 Mar 2021 17:22:09 +0100 Subject: [PATCH 17/20] psa: wrapper: Remove unnecessary compiler warning workarounds Signed-off-by: Ronald Cron --- library/psa_crypto_driver_wrappers.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index 7e42e48f9..6cf23cef9 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -63,8 +63,6 @@ psa_status_t psa_driver_wrapper_sign_hash( psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, uint8_t *signature, size_t signature_size, size_t *signature_length ) { - (void)key_buffer_size; - /* Try dynamically-registered SE interface first */ #if defined(MBEDTLS_PSA_CRYPTO_SE_C) const psa_drv_se_t *drv; @@ -149,8 +147,6 @@ psa_status_t psa_driver_wrapper_verify_hash( psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, const uint8_t *signature, size_t signature_length ) { - (void)key_buffer_size; - /* Try dynamically-registered SE interface first */ #if defined(MBEDTLS_PSA_CRYPTO_SE_C) const psa_drv_se_t *drv; From 566899eefae1eae26eb971b68ae535b2d06b124a Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 4 Mar 2021 08:56:17 +0100 Subject: [PATCH 18/20] psa: Remove outdated comments Signed-off-by: Ronald Cron --- library/psa_crypto.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index ecb00f0b0..3ba056d24 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3165,7 +3165,6 @@ psa_status_t psa_sign_hash( mbedtls_svc_key_id_t key, .core = slot->attr }; - /* Try any of the available accelerators first */ status = psa_driver_wrapper_sign_hash( &attributes, slot->key.data, slot->key.bytes, alg, hash, hash_length, @@ -3262,7 +3261,6 @@ psa_status_t psa_verify_hash( mbedtls_svc_key_id_t key, .core = slot->attr }; - /* Try any of the available accelerators first */ status = psa_driver_wrapper_verify_hash( &attributes, slot->key.data, slot->key.bytes, alg, hash, hash_length, From 9103d490e8955c2b9723a266af000fc99eeb8f85 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 4 Mar 2021 11:26:03 +0100 Subject: [PATCH 19/20] psa: ecdsa: Rework deterministic support check Move the check that ECDSA is supported from the caller of the function responsible for Mbed TLS ECDSA signatures to this function, namely mbedtls_psa_ecdsa_sign_hash(). This makes the caller code more readable and is more aligned with what is expected from a sign_hash() PSA driver entry point. Add a negative test case where a deterministic ECDSA signature is requested while the library does not support deterministic ECDSA. Signed-off-by: Ronald Cron --- library/psa_crypto.c | 8 +------- library/psa_crypto_ecp.c | 9 ++++++--- tests/suites/test_suite_psa_crypto.data | 4 ++++ 3 files changed, 11 insertions(+), 10 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 3ba056d24..7a2b65d64 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3094,13 +3094,7 @@ psa_status_t psa_sign_hash_internal( { #if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) - if( -#if defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) - PSA_ALG_IS_ECDSA( alg ) -#else - PSA_ALG_IS_RANDOMIZED_ECDSA( alg ) -#endif - ) + if( PSA_ALG_IS_ECDSA( alg ) ) { return( mbedtls_psa_ecdsa_sign_hash( attributes, diff --git a/library/psa_crypto_ecp.c b/library/psa_crypto_ecp.c index 15e5d0238..9cce3af6a 100644 --- a/library/psa_crypto_ecp.c +++ b/library/psa_crypto_ecp.c @@ -388,9 +388,9 @@ static psa_status_t ecdsa_sign_hash( goto cleanup; } -#if defined(BUILTIN_ALG_DETERMINISTIC_ECDSA) - if( PSA_ALG_DSA_IS_DETERMINISTIC( alg ) ) + if( PSA_ALG_ECDSA_IS_DETERMINISTIC( alg ) ) { +#if defined(BUILTIN_ALG_DETERMINISTIC_ECDSA) psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg ); const mbedtls_md_info_t *md_info = mbedtls_md_info_from_psa( hash_alg ); mbedtls_md_type_t md_alg = mbedtls_md_get_type( md_info ); @@ -400,9 +400,12 @@ static psa_status_t ecdsa_sign_hash( hash_length, md_alg, mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE ) ); +#else + ret = MBEDTLS_ERR_ECP_INVALID_KEY; + goto cleanup; +#endif /* defined(BUILTIN_ALG_DETERMINISTIC_ECDSA) */ } else -#endif /* defined(BUILTIN_ALG_DETERMINISTIC_ECDSA) */ { (void) alg; MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign( &ecp->grp, &r, &s, &ecp->d, diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index c981e98a8..ab3b5a19b 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -1972,6 +1972,10 @@ PSA sign: invalid algorithm for ECC key depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_C sign_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_INVALID_ARGUMENT +PSA sign: deterministic ECDSA not supported +depends_on:!PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_C +sign_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":96:PSA_ERROR_INVALID_ARGUMENT + PSA sign/verify: RSA PKCS#1 v1.5, raw depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C sign_verify:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:"616263" From bb9cbc7a23c117437e3ef58076da76601053caf4 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 4 Mar 2021 17:09:00 +0100 Subject: [PATCH 20/20] psa: ecdsa: Prefer NOT_SUPPORTED error code When ECDSA is not supported by the library, prefer to return NOT_SUPPORTED than INVALID_ARGUMENT when asked for an ECDSA signature. Signed-off-by: Ronald Cron --- library/psa_crypto.c | 9 +++++---- library/psa_crypto_ecp.c | 2 +- tests/suites/test_suite_psa_crypto.data | 4 ++-- 3 files changed, 8 insertions(+), 7 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 7a2b65d64..3b5e33d6a 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3090,10 +3090,10 @@ psa_status_t psa_sign_hash_internal( else #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) */ - if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) ) - { #if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) + if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) ) + { if( PSA_ALG_IS_ECDSA( alg ) ) { return( mbedtls_psa_ecdsa_sign_hash( @@ -3103,14 +3103,15 @@ psa_status_t psa_sign_hash_internal( signature, signature_size, signature_length ) ); } else -#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || - * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */ { return( PSA_ERROR_INVALID_ARGUMENT ); } } else +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */ { + (void)attributes; (void)key_buffer; (void)key_buffer_size; (void)alg; diff --git a/library/psa_crypto_ecp.c b/library/psa_crypto_ecp.c index 9cce3af6a..75ab1690d 100644 --- a/library/psa_crypto_ecp.c +++ b/library/psa_crypto_ecp.c @@ -401,7 +401,7 @@ static psa_status_t ecdsa_sign_hash( mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE ) ); #else - ret = MBEDTLS_ERR_ECP_INVALID_KEY; + ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; goto cleanup; #endif /* defined(BUILTIN_ALG_DETERMINISTIC_ECDSA) */ } diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index ab3b5a19b..809fc0441 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -1969,12 +1969,12 @@ depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDT sign_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_INVALID_ARGUMENT PSA sign: invalid algorithm for ECC key -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_C sign_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_INVALID_ARGUMENT PSA sign: deterministic ECDSA not supported depends_on:!PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_C -sign_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":96:PSA_ERROR_INVALID_ARGUMENT +sign_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":96:PSA_ERROR_NOT_SUPPORTED PSA sign/verify: RSA PKCS#1 v1.5, raw depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C