mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-25 07:15:32 +00:00
Remove salt from asymmetric_{sign,verify}
No common signature algorithm uses a salt (RSA-PKCS#1v1.5, RSA-PSS, DSA, ECDSA, EdDSA). We don't even take an IV for MAC whereas MAC algorithms with IV are uncommon but heard of. So remove the salt parameter from psa_asymmetric_sign and psa_asymmetric_verify.
This commit is contained in:
parent
9911b02f32
commit
3ff2162d14
|
@ -2241,15 +2241,6 @@ psa_status_t psa_aead_decrypt( psa_key_slot_t key,
|
||||||
* the type of \p key.
|
* the type of \p key.
|
||||||
* \param[in] hash The hash or message to sign.
|
* \param[in] hash The hash or message to sign.
|
||||||
* \param hash_length Size of the \p hash buffer in bytes.
|
* \param hash_length Size of the \p hash buffer in bytes.
|
||||||
* \param[in] salt A salt or label, if supported by the
|
|
||||||
* signature algorithm.
|
|
||||||
* If the signature algorithm does not support
|
|
||||||
* a salt, pass \c NULL.
|
|
||||||
* If the signature algorithm supports an
|
|
||||||
* optional salt and you do not want to pass
|
|
||||||
* a salt, pass \c NULL.
|
|
||||||
* \param salt_length Size of the \p salt buffer in bytes.
|
|
||||||
* If \p salt is \c NULL, pass 0.
|
|
||||||
* \param[out] signature Buffer where the signature is to be written.
|
* \param[out] signature Buffer where the signature is to be written.
|
||||||
* \param signature_size Size of the \p signature buffer in bytes.
|
* \param signature_size Size of the \p signature buffer in bytes.
|
||||||
* \param[out] signature_length On success, the number of bytes
|
* \param[out] signature_length On success, the number of bytes
|
||||||
|
@ -2274,8 +2265,6 @@ psa_status_t psa_asymmetric_sign(psa_key_slot_t key,
|
||||||
psa_algorithm_t alg,
|
psa_algorithm_t alg,
|
||||||
const uint8_t *hash,
|
const uint8_t *hash,
|
||||||
size_t hash_length,
|
size_t hash_length,
|
||||||
const uint8_t *salt,
|
|
||||||
size_t salt_length,
|
|
||||||
uint8_t *signature,
|
uint8_t *signature,
|
||||||
size_t signature_size,
|
size_t signature_size,
|
||||||
size_t *signature_length);
|
size_t *signature_length);
|
||||||
|
@ -2296,15 +2285,6 @@ psa_status_t psa_asymmetric_sign(psa_key_slot_t key,
|
||||||
* \param[in] hash The hash or message whose signature is to be
|
* \param[in] hash The hash or message whose signature is to be
|
||||||
* verified.
|
* verified.
|
||||||
* \param hash_length Size of the \p hash buffer in bytes.
|
* \param hash_length Size of the \p hash buffer in bytes.
|
||||||
* \param[in] salt A salt or label, if supported by the signature
|
|
||||||
* algorithm.
|
|
||||||
* If the signature algorithm does not support a
|
|
||||||
* salt, pass \c NULL.
|
|
||||||
* If the signature algorithm supports an optional
|
|
||||||
* salt and you do not want to pass a salt,
|
|
||||||
* pass \c NULL.
|
|
||||||
* \param salt_length Size of the \p salt buffer in bytes.
|
|
||||||
* If \p salt is \c NULL, pass 0.
|
|
||||||
* \param[in] signature Buffer containing the signature to verify.
|
* \param[in] signature Buffer containing the signature to verify.
|
||||||
* \param signature_length Size of the \p signature buffer in bytes.
|
* \param signature_length Size of the \p signature buffer in bytes.
|
||||||
*
|
*
|
||||||
|
@ -2324,8 +2304,6 @@ psa_status_t psa_asymmetric_verify(psa_key_slot_t key,
|
||||||
psa_algorithm_t alg,
|
psa_algorithm_t alg,
|
||||||
const uint8_t *hash,
|
const uint8_t *hash,
|
||||||
size_t hash_length,
|
size_t hash_length,
|
||||||
const uint8_t *salt,
|
|
||||||
size_t salt_length,
|
|
||||||
const uint8_t *signature,
|
const uint8_t *signature,
|
||||||
size_t signature_length);
|
size_t signature_length);
|
||||||
|
|
||||||
|
|
|
@ -1983,8 +1983,6 @@ psa_status_t psa_asymmetric_sign( psa_key_slot_t key,
|
||||||
psa_algorithm_t alg,
|
psa_algorithm_t alg,
|
||||||
const uint8_t *hash,
|
const uint8_t *hash,
|
||||||
size_t hash_length,
|
size_t hash_length,
|
||||||
const uint8_t *salt,
|
|
||||||
size_t salt_length,
|
|
||||||
uint8_t *signature,
|
uint8_t *signature,
|
||||||
size_t signature_size,
|
size_t signature_size,
|
||||||
size_t *signature_length )
|
size_t *signature_length )
|
||||||
|
@ -1994,9 +1992,6 @@ psa_status_t psa_asymmetric_sign( psa_key_slot_t key,
|
||||||
|
|
||||||
*signature_length = signature_size;
|
*signature_length = signature_size;
|
||||||
|
|
||||||
(void) salt;
|
|
||||||
(void) salt_length;
|
|
||||||
|
|
||||||
status = psa_get_key_from_slot( key, &slot, PSA_KEY_USAGE_SIGN, alg );
|
status = psa_get_key_from_slot( key, &slot, PSA_KEY_USAGE_SIGN, alg );
|
||||||
if( status != PSA_SUCCESS )
|
if( status != PSA_SUCCESS )
|
||||||
goto exit;
|
goto exit;
|
||||||
|
@ -2058,17 +2053,12 @@ psa_status_t psa_asymmetric_verify( psa_key_slot_t key,
|
||||||
psa_algorithm_t alg,
|
psa_algorithm_t alg,
|
||||||
const uint8_t *hash,
|
const uint8_t *hash,
|
||||||
size_t hash_length,
|
size_t hash_length,
|
||||||
const uint8_t *salt,
|
|
||||||
size_t salt_length,
|
|
||||||
const uint8_t *signature,
|
const uint8_t *signature,
|
||||||
size_t signature_length )
|
size_t signature_length )
|
||||||
{
|
{
|
||||||
key_slot_t *slot;
|
key_slot_t *slot;
|
||||||
psa_status_t status;
|
psa_status_t status;
|
||||||
|
|
||||||
(void) salt;
|
|
||||||
(void) salt_length;
|
|
||||||
|
|
||||||
status = psa_get_key_from_slot( key, &slot, PSA_KEY_USAGE_VERIFY, alg );
|
status = psa_get_key_from_slot( key, &slot, PSA_KEY_USAGE_VERIFY, alg );
|
||||||
if( status != PSA_SUCCESS )
|
if( status != PSA_SUCCESS )
|
||||||
return( status );
|
return( status );
|
||||||
|
|
|
@ -294,7 +294,6 @@ static int exercise_signature_key( psa_key_slot_t key,
|
||||||
{
|
{
|
||||||
TEST_ASSERT( psa_asymmetric_sign( key, alg,
|
TEST_ASSERT( psa_asymmetric_sign( key, alg,
|
||||||
payload, payload_length,
|
payload, payload_length,
|
||||||
NULL, 0,
|
|
||||||
signature, sizeof( signature ),
|
signature, sizeof( signature ),
|
||||||
&signature_length ) == PSA_SUCCESS );
|
&signature_length ) == PSA_SUCCESS );
|
||||||
}
|
}
|
||||||
|
@ -307,7 +306,6 @@ static int exercise_signature_key( psa_key_slot_t key,
|
||||||
PSA_ERROR_INVALID_SIGNATURE );
|
PSA_ERROR_INVALID_SIGNATURE );
|
||||||
TEST_ASSERT( psa_asymmetric_verify( key, alg,
|
TEST_ASSERT( psa_asymmetric_verify( key, alg,
|
||||||
payload, payload_length,
|
payload, payload_length,
|
||||||
NULL, 0,
|
|
||||||
signature, signature_length ) ==
|
signature, signature_length ) ==
|
||||||
verify_status );
|
verify_status );
|
||||||
}
|
}
|
||||||
|
@ -965,7 +963,6 @@ void asymmetric_signature_key_policy( int policy_usage,
|
||||||
|
|
||||||
status = psa_asymmetric_sign( key_slot, exercise_alg,
|
status = psa_asymmetric_sign( key_slot, exercise_alg,
|
||||||
payload, payload_length,
|
payload, payload_length,
|
||||||
NULL, 0,
|
|
||||||
signature, sizeof( signature ),
|
signature, sizeof( signature ),
|
||||||
&signature_length );
|
&signature_length );
|
||||||
if( policy_alg == exercise_alg &&
|
if( policy_alg == exercise_alg &&
|
||||||
|
@ -977,7 +974,6 @@ void asymmetric_signature_key_policy( int policy_usage,
|
||||||
memset( signature, 0, sizeof( signature ) );
|
memset( signature, 0, sizeof( signature ) );
|
||||||
status = psa_asymmetric_verify( key_slot, exercise_alg,
|
status = psa_asymmetric_verify( key_slot, exercise_alg,
|
||||||
payload, payload_length,
|
payload, payload_length,
|
||||||
NULL, 0,
|
|
||||||
signature, sizeof( signature ) );
|
signature, sizeof( signature ) );
|
||||||
if( policy_alg == exercise_alg &&
|
if( policy_alg == exercise_alg &&
|
||||||
( policy_usage & PSA_KEY_USAGE_VERIFY ) != 0 )
|
( policy_usage & PSA_KEY_USAGE_VERIFY ) != 0 )
|
||||||
|
@ -2011,7 +2007,6 @@ void sign_deterministic( int key_type_arg, data_t *key_data,
|
||||||
/* Perform the signature. */
|
/* Perform the signature. */
|
||||||
TEST_ASSERT( psa_asymmetric_sign( slot, alg,
|
TEST_ASSERT( psa_asymmetric_sign( slot, alg,
|
||||||
input_data->x, input_data->len,
|
input_data->x, input_data->len,
|
||||||
NULL, 0,
|
|
||||||
signature, signature_size,
|
signature, signature_size,
|
||||||
&signature_length ) == PSA_SUCCESS );
|
&signature_length ) == PSA_SUCCESS );
|
||||||
/* Verify that the signature is what is expected. */
|
/* Verify that the signature is what is expected. */
|
||||||
|
@ -2061,7 +2056,6 @@ void sign_fail( int key_type_arg, data_t *key_data,
|
||||||
|
|
||||||
actual_status = psa_asymmetric_sign( slot, alg,
|
actual_status = psa_asymmetric_sign( slot, alg,
|
||||||
input_data->x, input_data->len,
|
input_data->x, input_data->len,
|
||||||
NULL, 0,
|
|
||||||
signature, signature_size,
|
signature, signature_size,
|
||||||
&signature_length );
|
&signature_length );
|
||||||
TEST_ASSERT( actual_status == expected_status );
|
TEST_ASSERT( actual_status == expected_status );
|
||||||
|
@ -2118,7 +2112,6 @@ void sign_verify( int key_type_arg, data_t *key_data,
|
||||||
/* Perform the signature. */
|
/* Perform the signature. */
|
||||||
TEST_ASSERT( psa_asymmetric_sign( slot, alg,
|
TEST_ASSERT( psa_asymmetric_sign( slot, alg,
|
||||||
input_data->x, input_data->len,
|
input_data->x, input_data->len,
|
||||||
NULL, 0,
|
|
||||||
signature, signature_size,
|
signature, signature_size,
|
||||||
&signature_length ) == PSA_SUCCESS );
|
&signature_length ) == PSA_SUCCESS );
|
||||||
/* Check that the signature length looks sensible. */
|
/* Check that the signature length looks sensible. */
|
||||||
|
@ -2129,7 +2122,6 @@ void sign_verify( int key_type_arg, data_t *key_data,
|
||||||
TEST_ASSERT( psa_asymmetric_verify(
|
TEST_ASSERT( psa_asymmetric_verify(
|
||||||
slot, alg,
|
slot, alg,
|
||||||
input_data->x, input_data->len,
|
input_data->x, input_data->len,
|
||||||
NULL, 0,
|
|
||||||
signature, signature_length ) == PSA_SUCCESS );
|
signature, signature_length ) == PSA_SUCCESS );
|
||||||
|
|
||||||
if( input_data->len != 0 )
|
if( input_data->len != 0 )
|
||||||
|
@ -2141,7 +2133,6 @@ void sign_verify( int key_type_arg, data_t *key_data,
|
||||||
TEST_ASSERT( psa_asymmetric_verify(
|
TEST_ASSERT( psa_asymmetric_verify(
|
||||||
slot, alg,
|
slot, alg,
|
||||||
input_data->x, input_data->len,
|
input_data->x, input_data->len,
|
||||||
NULL, 0,
|
|
||||||
signature,
|
signature,
|
||||||
signature_length ) == PSA_ERROR_INVALID_SIGNATURE );
|
signature_length ) == PSA_ERROR_INVALID_SIGNATURE );
|
||||||
}
|
}
|
||||||
|
@ -2184,7 +2175,6 @@ void asymmetric_verify( int key_type_arg, data_t *key_data,
|
||||||
|
|
||||||
TEST_ASSERT( psa_asymmetric_verify( slot, alg,
|
TEST_ASSERT( psa_asymmetric_verify( slot, alg,
|
||||||
hash_data->x, hash_data->len,
|
hash_data->x, hash_data->len,
|
||||||
NULL, 0,
|
|
||||||
signature_data->x,
|
signature_data->x,
|
||||||
signature_data->len ) == PSA_SUCCESS );
|
signature_data->len ) == PSA_SUCCESS );
|
||||||
exit:
|
exit:
|
||||||
|
@ -2225,7 +2215,6 @@ void asymmetric_verify_fail( int key_type_arg, data_t *key_data,
|
||||||
|
|
||||||
actual_status = psa_asymmetric_verify( slot, alg,
|
actual_status = psa_asymmetric_verify( slot, alg,
|
||||||
hash_data->x, hash_data->len,
|
hash_data->x, hash_data->len,
|
||||||
NULL, 0,
|
|
||||||
signature_data->x,
|
signature_data->x,
|
||||||
signature_data->len );
|
signature_data->len );
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue