yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-12-26 19:45:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

psa: Change psa_rsa_sign/verify signature

Browse source 
Change psa_rsa_sign/verify signature to that of
a sign/verify_hash driver entry point before to
move them to the psa_crypto_rsa.c RSA specific file.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron 2021-02-16 16:49:34 +01:00
parent fce9df2cad
commit a99bcc0e17
1 changed files with 67 additions and 58 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

125
library/psa_crypto.c
View file

@ -3116,24 +3116,33 @@ static psa_status_t psa_rsa_decode_md_type( psa_algorithm_t alg,
return( PSA_SUCCESS ); return( PSA_SUCCESS );
} }
static psa_status_t psa_rsa_sign( mbedtls_rsa_context *rsa, static psa_status_t psa_rsa_sign(
psa_algorithm_t alg, const psa_key_attributes_t *attributes,
const uint8_t *hash, const uint8_t *key_buffer, size_t key_buffer_size,
size_t hash_length, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
uint8_t *signature, uint8_t *signature, size_t signature_size, size_t *signature_length )
size_t signature_size,
size_t *signature_length )
{ {
psa_status_t status; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
mbedtls_rsa_context *rsa = NULL;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_md_type_t md_alg; mbedtls_md_type_t md_alg;
status = psa_rsa_decode_md_type( alg, hash_length, &md_alg ); status = mbedtls_psa_rsa_load_representation( attributes->core.type,
key_buffer,
key_buffer_size,
&rsa );
if( status != PSA_SUCCESS ) if( status != PSA_SUCCESS )
return( status ); return( status );
status = psa_rsa_decode_md_type( alg, hash_length, &md_alg );
if( status != PSA_SUCCESS )
goto exit;
if( signature_size < mbedtls_rsa_get_len( rsa ) ) if( signature_size < mbedtls_rsa_get_len( rsa ) )
return( PSA_ERROR_BUFFER_TOO_SMALL ); {
status = PSA_ERROR_BUFFER_TOO_SMALL;
goto exit;
}
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) #if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN)
if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) ) if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) )
@ -3167,31 +3176,48 @@ static psa_status_t psa_rsa_sign( mbedtls_rsa_context *rsa,
else else
#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS */ #endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS */
{ {
return( PSA_ERROR_INVALID_ARGUMENT ); status = PSA_ERROR_INVALID_ARGUMENT;
goto exit;
} }
if( ret == 0 ) if( ret == 0 )
*signature_length = mbedtls_rsa_get_len( rsa ); *signature_length = mbedtls_rsa_get_len( rsa );
return( mbedtls_to_psa_error( ret ) ); status = mbedtls_to_psa_error( ret );
exit:
mbedtls_rsa_free( rsa );
mbedtls_free( rsa );
return( status );
} }
static psa_status_t psa_rsa_verify( mbedtls_rsa_context *rsa, static psa_status_t psa_rsa_verify(
psa_algorithm_t alg, const psa_key_attributes_t *attributes,
const uint8_t *hash, const uint8_t *key_buffer, size_t key_buffer_size,
size_t hash_length, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
const uint8_t *signature, const uint8_t *signature, size_t signature_length )
size_t signature_length )
{ {
psa_status_t status; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
mbedtls_rsa_context *rsa = NULL;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_md_type_t md_alg; mbedtls_md_type_t md_alg;
status = mbedtls_psa_rsa_load_representation( attributes->core.type,
key_buffer,
key_buffer_size,
&rsa );
if( status != PSA_SUCCESS )
goto exit;
status = psa_rsa_decode_md_type( alg, hash_length, &md_alg ); status = psa_rsa_decode_md_type( alg, hash_length, &md_alg );
if( status != PSA_SUCCESS ) if( status != PSA_SUCCESS )
return( status ); goto exit;
if( signature_length != mbedtls_rsa_get_len( rsa ) ) if( signature_length != mbedtls_rsa_get_len( rsa ) )
return( PSA_ERROR_INVALID_SIGNATURE ); {
status = PSA_ERROR_INVALID_SIGNATURE;
goto exit;
}
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) #if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN)
if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) ) if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) )
@ -3225,16 +3251,24 @@ static psa_status_t psa_rsa_verify( mbedtls_rsa_context *rsa,
else else
#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS */ #endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS */
{ {
return( PSA_ERROR_INVALID_ARGUMENT ); status = PSA_ERROR_INVALID_ARGUMENT;
goto exit;
} }
/* Mbed TLS distinguishes "invalid padding" from "valid padding but /* Mbed TLS distinguishes "invalid padding" from "valid padding but
* the rest of the signature is invalid". This has little use in * the rest of the signature is invalid". This has little use in
* practice and PSA doesn't report this distinction. */ * practice and PSA doesn't report this distinction. */
if( ret == MBEDTLS_ERR_RSA_INVALID_PADDING ) status = ( ret == MBEDTLS_ERR_RSA_INVALID_PADDING ) ?
return( PSA_ERROR_INVALID_SIGNATURE ); PSA_ERROR_INVALID_SIGNATURE :
return( mbedtls_to_psa_error( ret ) ); mbedtls_to_psa_error( ret );
exit:
mbedtls_rsa_free( rsa );
mbedtls_free( rsa );
return( status );
} }
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) ||
* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) */ * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) */
@ -3353,23 +3387,10 @@ psa_status_t psa_sign_hash_internal(
defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
if( attributes->core.type == PSA_KEY_TYPE_RSA_KEY_PAIR ) if( attributes->core.type == PSA_KEY_TYPE_RSA_KEY_PAIR )
{ {
mbedtls_rsa_context *rsa = NULL; return( psa_rsa_sign( attributes,
key_buffer, key_buffer_size,
status = mbedtls_psa_rsa_load_representation( attributes->core.type, alg, hash, hash_length,
key_buffer, signature, signature_size, signature_length ) );
key_buffer_size,
&rsa );
if( status != PSA_SUCCESS )
goto exit;
status = psa_rsa_sign( rsa,
alg,
hash, hash_length,
signature, signature_size,
signature_length );
mbedtls_rsa_free( rsa );
mbedtls_free( rsa );
} }
else else
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) ||
@ -3489,22 +3510,10 @@ psa_status_t psa_verify_hash_internal(
defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
if( PSA_KEY_TYPE_IS_RSA( attributes->core.type ) ) if( PSA_KEY_TYPE_IS_RSA( attributes->core.type ) )
{ {
mbedtls_rsa_context *rsa = NULL; return( psa_rsa_verify( attributes,
key_buffer, key_buffer_size,
status = mbedtls_psa_rsa_load_representation( attributes->core.type, alg, hash, hash_length,
key_buffer, signature, signature_length ) );
key_buffer_size,
&rsa );
if( status != PSA_SUCCESS )
goto exit;
status = psa_rsa_verify( rsa,
alg,
hash, hash_length,
signature, signature_length );
mbedtls_rsa_free( rsa );
mbedtls_free( rsa );
goto exit;
} }
else else
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) ||