mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-27 11:05:42 +00:00
psa: Change psa_rsa_sign/verify signature
Change psa_rsa_sign/verify signature to that of a sign/verify_hash driver entry point before to move them to the psa_crypto_rsa.c RSA specific file. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
parent
fce9df2cad
commit
a99bcc0e17
|
@ -3116,24 +3116,33 @@ static psa_status_t psa_rsa_decode_md_type( psa_algorithm_t alg,
|
||||||
return( PSA_SUCCESS );
|
return( PSA_SUCCESS );
|
||||||
}
|
}
|
||||||
|
|
||||||
static psa_status_t psa_rsa_sign( mbedtls_rsa_context *rsa,
|
static psa_status_t psa_rsa_sign(
|
||||||
psa_algorithm_t alg,
|
const psa_key_attributes_t *attributes,
|
||||||
const uint8_t *hash,
|
const uint8_t *key_buffer, size_t key_buffer_size,
|
||||||
size_t hash_length,
|
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
|
||||||
uint8_t *signature,
|
uint8_t *signature, size_t signature_size, size_t *signature_length )
|
||||||
size_t signature_size,
|
|
||||||
size_t *signature_length )
|
|
||||||
{
|
{
|
||||||
psa_status_t status;
|
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||||
|
mbedtls_rsa_context *rsa = NULL;
|
||||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||||
mbedtls_md_type_t md_alg;
|
mbedtls_md_type_t md_alg;
|
||||||
|
|
||||||
status = psa_rsa_decode_md_type( alg, hash_length, &md_alg );
|
status = mbedtls_psa_rsa_load_representation( attributes->core.type,
|
||||||
|
key_buffer,
|
||||||
|
key_buffer_size,
|
||||||
|
&rsa );
|
||||||
if( status != PSA_SUCCESS )
|
if( status != PSA_SUCCESS )
|
||||||
return( status );
|
return( status );
|
||||||
|
|
||||||
|
status = psa_rsa_decode_md_type( alg, hash_length, &md_alg );
|
||||||
|
if( status != PSA_SUCCESS )
|
||||||
|
goto exit;
|
||||||
|
|
||||||
if( signature_size < mbedtls_rsa_get_len( rsa ) )
|
if( signature_size < mbedtls_rsa_get_len( rsa ) )
|
||||||
return( PSA_ERROR_BUFFER_TOO_SMALL );
|
{
|
||||||
|
status = PSA_ERROR_BUFFER_TOO_SMALL;
|
||||||
|
goto exit;
|
||||||
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN)
|
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN)
|
||||||
if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) )
|
if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) )
|
||||||
|
@ -3167,31 +3176,48 @@ static psa_status_t psa_rsa_sign( mbedtls_rsa_context *rsa,
|
||||||
else
|
else
|
||||||
#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS */
|
#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS */
|
||||||
{
|
{
|
||||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
status = PSA_ERROR_INVALID_ARGUMENT;
|
||||||
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
if( ret == 0 )
|
if( ret == 0 )
|
||||||
*signature_length = mbedtls_rsa_get_len( rsa );
|
*signature_length = mbedtls_rsa_get_len( rsa );
|
||||||
return( mbedtls_to_psa_error( ret ) );
|
status = mbedtls_to_psa_error( ret );
|
||||||
|
|
||||||
|
exit:
|
||||||
|
mbedtls_rsa_free( rsa );
|
||||||
|
mbedtls_free( rsa );
|
||||||
|
|
||||||
|
return( status );
|
||||||
}
|
}
|
||||||
|
|
||||||
static psa_status_t psa_rsa_verify( mbedtls_rsa_context *rsa,
|
static psa_status_t psa_rsa_verify(
|
||||||
psa_algorithm_t alg,
|
const psa_key_attributes_t *attributes,
|
||||||
const uint8_t *hash,
|
const uint8_t *key_buffer, size_t key_buffer_size,
|
||||||
size_t hash_length,
|
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
|
||||||
const uint8_t *signature,
|
const uint8_t *signature, size_t signature_length )
|
||||||
size_t signature_length )
|
|
||||||
{
|
{
|
||||||
psa_status_t status;
|
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||||
|
mbedtls_rsa_context *rsa = NULL;
|
||||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||||
mbedtls_md_type_t md_alg;
|
mbedtls_md_type_t md_alg;
|
||||||
|
|
||||||
|
status = mbedtls_psa_rsa_load_representation( attributes->core.type,
|
||||||
|
key_buffer,
|
||||||
|
key_buffer_size,
|
||||||
|
&rsa );
|
||||||
|
if( status != PSA_SUCCESS )
|
||||||
|
goto exit;
|
||||||
|
|
||||||
status = psa_rsa_decode_md_type( alg, hash_length, &md_alg );
|
status = psa_rsa_decode_md_type( alg, hash_length, &md_alg );
|
||||||
if( status != PSA_SUCCESS )
|
if( status != PSA_SUCCESS )
|
||||||
return( status );
|
goto exit;
|
||||||
|
|
||||||
if( signature_length != mbedtls_rsa_get_len( rsa ) )
|
if( signature_length != mbedtls_rsa_get_len( rsa ) )
|
||||||
return( PSA_ERROR_INVALID_SIGNATURE );
|
{
|
||||||
|
status = PSA_ERROR_INVALID_SIGNATURE;
|
||||||
|
goto exit;
|
||||||
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN)
|
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN)
|
||||||
if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) )
|
if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) )
|
||||||
|
@ -3225,16 +3251,24 @@ static psa_status_t psa_rsa_verify( mbedtls_rsa_context *rsa,
|
||||||
else
|
else
|
||||||
#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS */
|
#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS */
|
||||||
{
|
{
|
||||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
status = PSA_ERROR_INVALID_ARGUMENT;
|
||||||
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Mbed TLS distinguishes "invalid padding" from "valid padding but
|
/* Mbed TLS distinguishes "invalid padding" from "valid padding but
|
||||||
* the rest of the signature is invalid". This has little use in
|
* the rest of the signature is invalid". This has little use in
|
||||||
* practice and PSA doesn't report this distinction. */
|
* practice and PSA doesn't report this distinction. */
|
||||||
if( ret == MBEDTLS_ERR_RSA_INVALID_PADDING )
|
status = ( ret == MBEDTLS_ERR_RSA_INVALID_PADDING ) ?
|
||||||
return( PSA_ERROR_INVALID_SIGNATURE );
|
PSA_ERROR_INVALID_SIGNATURE :
|
||||||
return( mbedtls_to_psa_error( ret ) );
|
mbedtls_to_psa_error( ret );
|
||||||
|
|
||||||
|
exit:
|
||||||
|
mbedtls_rsa_free( rsa );
|
||||||
|
mbedtls_free( rsa );
|
||||||
|
|
||||||
|
return( status );
|
||||||
}
|
}
|
||||||
|
|
||||||
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) ||
|
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) ||
|
||||||
* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) */
|
* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) */
|
||||||
|
|
||||||
|
@ -3353,23 +3387,10 @@ psa_status_t psa_sign_hash_internal(
|
||||||
defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
|
defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
|
||||||
if( attributes->core.type == PSA_KEY_TYPE_RSA_KEY_PAIR )
|
if( attributes->core.type == PSA_KEY_TYPE_RSA_KEY_PAIR )
|
||||||
{
|
{
|
||||||
mbedtls_rsa_context *rsa = NULL;
|
return( psa_rsa_sign( attributes,
|
||||||
|
key_buffer, key_buffer_size,
|
||||||
status = mbedtls_psa_rsa_load_representation( attributes->core.type,
|
alg, hash, hash_length,
|
||||||
key_buffer,
|
signature, signature_size, signature_length ) );
|
||||||
key_buffer_size,
|
|
||||||
&rsa );
|
|
||||||
if( status != PSA_SUCCESS )
|
|
||||||
goto exit;
|
|
||||||
|
|
||||||
status = psa_rsa_sign( rsa,
|
|
||||||
alg,
|
|
||||||
hash, hash_length,
|
|
||||||
signature, signature_size,
|
|
||||||
signature_length );
|
|
||||||
|
|
||||||
mbedtls_rsa_free( rsa );
|
|
||||||
mbedtls_free( rsa );
|
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) ||
|
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) ||
|
||||||
|
@ -3489,22 +3510,10 @@ psa_status_t psa_verify_hash_internal(
|
||||||
defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
|
defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
|
||||||
if( PSA_KEY_TYPE_IS_RSA( attributes->core.type ) )
|
if( PSA_KEY_TYPE_IS_RSA( attributes->core.type ) )
|
||||||
{
|
{
|
||||||
mbedtls_rsa_context *rsa = NULL;
|
return( psa_rsa_verify( attributes,
|
||||||
|
key_buffer, key_buffer_size,
|
||||||
status = mbedtls_psa_rsa_load_representation( attributes->core.type,
|
alg, hash, hash_length,
|
||||||
key_buffer,
|
signature, signature_length ) );
|
||||||
key_buffer_size,
|
|
||||||
&rsa );
|
|
||||||
if( status != PSA_SUCCESS )
|
|
||||||
goto exit;
|
|
||||||
|
|
||||||
status = psa_rsa_verify( rsa,
|
|
||||||
alg,
|
|
||||||
hash, hash_length,
|
|
||||||
signature, signature_length );
|
|
||||||
mbedtls_rsa_free( rsa );
|
|
||||||
mbedtls_free( rsa );
|
|
||||||
goto exit;
|
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) ||
|
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) ||
|
||||||
|
|
Loading…
Reference in a new issue