From b5399a8346bb5ce07e639e3cf8dc3598ecd3fb34 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 10 Dec 2020 09:35:33 +0100 Subject: [PATCH] psa: Rework ECDSA sign/verify support in the transparent test driver Signed-off-by: Ronald Cron --- library/psa_crypto_ecp.c | 130 +++++++++++++++++-- library/psa_crypto_ecp.h | 12 ++ tests/src/drivers/signature.c | 235 ++++++++++------------------------ 3 files changed, 197 insertions(+), 180 deletions(-) diff --git a/library/psa_crypto_ecp.c b/library/psa_crypto_ecp.c index bd40f2ea9..15e5d0238 100644 --- a/library/psa_crypto_ecp.c +++ b/library/psa_crypto_ecp.c @@ -51,11 +51,25 @@ #define BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY 1 #endif +#if ( defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ + ( defined(PSA_CRYPTO_DRIVER_TEST) && \ + defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) && \ + defined(MBEDTLS_ECDSA_C) ) ) +#define BUILTIN_ALG_ECDSA 1 +#endif + +#if ( defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) || \ + ( defined(PSA_CRYPTO_DRIVER_TEST) && \ + defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) && \ + defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) ) ) +#define BUILTIN_ALG_DETERMINISTIC_ECDSA 1 +#endif + #if defined(BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ defined(BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) + defined(BUILTIN_ALG_ECDSA) || \ + defined(BUILTIN_ALG_DETERMINISTIC_ECDSA) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) psa_status_t mbedtls_psa_ecp_load_representation( psa_key_type_t type, size_t curve_bits, const uint8_t *data, size_t data_length, @@ -168,9 +182,9 @@ exit: } #endif /* defined(BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || * defined(BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) || - * defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || - * defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) || - * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */ + * defined(BUILTIN_ALG_ECDSA) || + * defined(BUILTIN_ALG_DETERMINISTIC_ECDSA) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) */ #if defined(BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ defined(BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) @@ -342,9 +356,9 @@ static psa_status_t ecp_generate_key( /* ECDSA sign/verify */ /****************************************************************/ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) -psa_status_t mbedtls_psa_ecdsa_sign_hash( +#if defined(BUILTIN_ALG_ECDSA) || \ + defined(BUILTIN_ALG_DETERMINISTIC_ECDSA) +static psa_status_t ecdsa_sign_hash( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, @@ -374,7 +388,7 @@ psa_status_t mbedtls_psa_ecdsa_sign_hash( goto cleanup; } -#if defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) +#if defined(BUILTIN_ALG_DETERMINISTIC_ECDSA) if( PSA_ALG_DSA_IS_DETERMINISTIC( alg ) ) { psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg ); @@ -388,7 +402,7 @@ psa_status_t mbedtls_psa_ecdsa_sign_hash( MBEDTLS_PSA_RANDOM_STATE ) ); } else -#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */ +#endif /* defined(BUILTIN_ALG_DETERMINISTIC_ECDSA) */ { (void) alg; MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign( &ecp->grp, &r, &s, &ecp->d, @@ -415,7 +429,7 @@ cleanup: return( mbedtls_to_psa_error( ret ) ); } -psa_status_t mbedtls_psa_ecdsa_verify_hash( +static psa_status_t ecdsa_verify_hash( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, @@ -474,8 +488,8 @@ cleanup: return( mbedtls_to_psa_error( ret ) ); } -#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ - * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */ +#endif /* defined(BUILTIN_ALG_ECDSA) || \ + * defined(BUILTIN_ALG_DETERMINISTIC_ECDSA) */ #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) @@ -513,6 +527,38 @@ psa_status_t mbedtls_psa_ecp_generate_key( } #endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) */ + +#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) + +psa_status_t mbedtls_psa_ecdsa_sign_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, + uint8_t *signature, size_t signature_size, size_t *signature_length ) +{ + + return( ecdsa_sign_hash( attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_size, signature_length ) ); +} + +psa_status_t mbedtls_psa_ecdsa_verify_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, + const uint8_t *signature, size_t signature_length ) +{ + return( ecdsa_verify_hash( attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_length ) ); +} + +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */ + /* * BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY. */ @@ -557,6 +603,62 @@ psa_status_t mbedtls_transparent_test_driver_ecp_generate_key( #endif /* defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) && defined(MBEDTLS_GENPRIME) */ +#if defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || \ + defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) + +psa_status_t mbedtls_transparent_test_driver_ecdsa_sign_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, + uint8_t *signature, size_t signature_size, size_t *signature_length ) +{ + +#if defined(MBEDTLS_ECDSA_C) + return( ecdsa_sign_hash( attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_size, signature_length ) ); +#else + (void)attributes; + (void)key_buffer; + (void)key_buffer_size; + (void)alg; + (void)hash; + (void)hash_length; + (void)signature; + (void)signature_size; + (void)signature_length; + return( PSA_ERROR_NOT_SUPPORTED ); +#endif +} + +psa_status_t mbedtls_transparent_test_driver_ecdsa_verify_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, + const uint8_t *signature, size_t signature_length ) +{ +#if defined(MBEDTLS_ECDSA_C) + return( ecdsa_verify_hash( attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_length ) ); +#else + (void)attributes; + (void)key_buffer; + (void)key_buffer_size; + (void)alg; + (void)hash; + (void)hash_length; + (void)signature; + (void)signature_length; + return( PSA_ERROR_NOT_SUPPORTED ); +#endif +} + +#endif /* defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || + * defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) */ + #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* MBEDTLS_PSA_CRYPTO_C */ diff --git a/library/psa_crypto_ecp.h b/library/psa_crypto_ecp.h index 72453e668..0c2b92895 100644 --- a/library/psa_crypto_ecp.h +++ b/library/psa_crypto_ecp.h @@ -239,6 +239,18 @@ psa_status_t mbedtls_transparent_test_driver_ecp_generate_key( const psa_key_attributes_t *attributes, uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length ); +psa_status_t mbedtls_transparent_test_driver_ecdsa_sign_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, + uint8_t *signature, size_t signature_size, size_t *signature_length ); + +psa_status_t mbedtls_transparent_test_driver_ecdsa_verify_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, + const uint8_t *signature, size_t signature_length ); + #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_ECP_H */ diff --git a/tests/src/drivers/signature.c b/tests/src/drivers/signature.c index 78b7ff993..47c6debc5 100644 --- a/tests/src/drivers/signature.c +++ b/tests/src/drivers/signature.c @@ -28,6 +28,7 @@ #if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) #include "psa/crypto.h" #include "psa_crypto_core.h" +#include "psa_crypto_ecp.h" #include "psa_crypto_rsa.h" #include "mbedtls/ecp.h" @@ -45,7 +46,7 @@ test_driver_signature_hooks_t test_driver_signature_verify_hooks = TEST_DRIVER_S psa_status_t test_transparent_signature_sign_hash( const psa_key_attributes_t *attributes, - const uint8_t *key, size_t key_length, + const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, uint8_t *signature, size_t signature_size, size_t *signature_length ) @@ -65,8 +66,6 @@ psa_status_t test_transparent_signature_sign_hash( return( PSA_SUCCESS ); } - psa_status_t status = PSA_ERROR_NOT_SUPPORTED; - #if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || \ defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) if( attributes->core.type == PSA_KEY_TYPE_RSA_KEY_PAIR ) @@ -77,86 +76,48 @@ psa_status_t test_transparent_signature_sign_hash( alg, hash, hash_length, signature, signature_size, signature_length ) ); } + else #endif /* defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || * defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) */ -#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \ - defined(MBEDTLS_SHA256_C) - if( alg != PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ) ) +#if defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || \ + defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) + if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) ) + { + if( +#if defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) + PSA_ALG_IS_ECDSA( alg ) +#else + PSA_ALG_IS_RANDOMIZED_ECDSA( alg ) +#endif + ) + { + return( mbedtls_transparent_test_driver_ecdsa_sign_hash( + attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_size, signature_length ) ); + } + else + { + return( PSA_ERROR_INVALID_ARGUMENT ); + } + } + else +#endif /* defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || + * defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) */ + { + (void)attributes; + (void)key_buffer; + (void)key_buffer_size; + (void)alg; + (void)hash; + (void)hash_length; + (void)signature; + (void)signature_size; + (void)signature_length; return( PSA_ERROR_NOT_SUPPORTED ); - mbedtls_ecp_group_id grp_id; - switch( psa_get_key_type( attributes ) ) - { - case PSA_ECC_CURVE_SECP_R1: - switch( psa_get_key_bits( attributes ) ) - { - case 256: - grp_id = MBEDTLS_ECP_DP_SECP256R1; - break; - case 384: - grp_id = MBEDTLS_ECP_DP_SECP384R1; - break; - case 521: - grp_id = MBEDTLS_ECP_DP_SECP521R1; - break; - default: - return( PSA_ERROR_NOT_SUPPORTED ); - } - break; - default: - return( PSA_ERROR_NOT_SUPPORTED ); } - - /* Beyond this point, the driver is actually doing the work of - * calculating the signature. */ - - status = PSA_ERROR_GENERIC_ERROR; - int ret = 0; - mbedtls_mpi r, s; - mbedtls_mpi_init( &r ); - mbedtls_mpi_init( &s ); - mbedtls_ecp_keypair ecp; - mbedtls_ecp_keypair_init( &ecp ); - size_t curve_bytes = PSA_BITS_TO_BYTES( ecp.grp.pbits ); - - MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &ecp.grp, grp_id ) ); - MBEDTLS_MPI_CHK( mbedtls_ecp_point_read_binary( &ecp.grp, &ecp.Q, - key, key_length ) ); - - /* Code adapted from psa_ecdsa_sign() in psa_crypto.c. */ - mbedtls_md_type_t md_alg = MBEDTLS_MD_SHA256; - if( signature_size < 2 * curve_bytes ) - { - status = PSA_ERROR_BUFFER_TOO_SMALL; - goto cleanup; - } - MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign_det( &ecp.grp, &r, &s, &ecp.d, - hash, hash_length, md_alg ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &r, - signature, - curve_bytes ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &s, - signature + curve_bytes, - curve_bytes ) ); -cleanup: - status = mbedtls_to_psa_error( ret ); - mbedtls_mpi_free( &r ); - mbedtls_mpi_free( &s ); - mbedtls_ecp_keypair_free( &ecp ); - if( status == PSA_SUCCESS ) - *signature_length = 2 * curve_bytes; -#else /* defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \ - defined(MBEDTLS_SHA256_C) */ - (void) attributes; - (void) key; - (void) key_length; - (void) alg; - (void) hash; - (void) hash_length; -#endif /* defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \ - defined(MBEDTLS_SHA256_C) */ - - return( status ); } psa_status_t test_opaque_signature_sign_hash( @@ -175,12 +136,13 @@ psa_status_t test_opaque_signature_sign_hash( (void) signature; (void) signature_size; (void) signature_length; + return( PSA_ERROR_NOT_SUPPORTED ); } psa_status_t test_transparent_signature_verify_hash( const psa_key_attributes_t *attributes, - const uint8_t *key, size_t key_length, + const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, const uint8_t *signature, size_t signature_length ) @@ -190,8 +152,6 @@ psa_status_t test_transparent_signature_verify_hash( if( test_driver_signature_verify_hooks.forced_status != PSA_SUCCESS ) return( test_driver_signature_verify_hooks.forced_status ); - psa_status_t status = PSA_ERROR_NOT_SUPPORTED; - #if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || \ defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) if( PSA_KEY_TYPE_IS_RSA( attributes->core.type ) ) @@ -202,99 +162,42 @@ psa_status_t test_transparent_signature_verify_hash( alg, hash, hash_length, signature, signature_length ) ); } + else #endif /* defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || * defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) */ -#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \ - defined(MBEDTLS_SHA256_C) - if( alg != PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ) ) - return( PSA_ERROR_NOT_SUPPORTED ); - mbedtls_ecp_group_id grp_id; - switch( psa_get_key_type( attributes ) ) +#if defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || \ + defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) + if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) ) { - case PSA_ECC_CURVE_SECP_R1: - switch( psa_get_key_bits( attributes ) ) - { - case 256: - grp_id = MBEDTLS_ECP_DP_SECP256R1; - break; - case 384: - grp_id = MBEDTLS_ECP_DP_SECP384R1; - break; - case 521: - grp_id = MBEDTLS_ECP_DP_SECP521R1; - break; - default: - return( PSA_ERROR_NOT_SUPPORTED ); - } - break; - default: - return( PSA_ERROR_NOT_SUPPORTED ); + if( PSA_ALG_IS_ECDSA( alg ) ) + { + return( mbedtls_transparent_test_driver_ecdsa_verify_hash( + attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_length ) ); + } + else + { + return( PSA_ERROR_INVALID_ARGUMENT ); + } } - - /* Beyond this point, the driver is actually doing the work of - * calculating the signature. */ - - status = PSA_ERROR_GENERIC_ERROR; - int ret = 0; - mbedtls_mpi r, s; - mbedtls_mpi_init( &r ); - mbedtls_mpi_init( &s ); - mbedtls_ecp_keypair ecp; - mbedtls_ecp_keypair_init( &ecp ); - mbedtls_test_rnd_pseudo_info rnd_info; - memset( &rnd_info, 0x5A, sizeof( mbedtls_test_rnd_pseudo_info ) ); - size_t curve_bytes = PSA_BITS_TO_BYTES( ecp.grp.pbits ); - - MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &ecp.grp, grp_id ) ); - - /* Code adapted from psa_ecdsa_verify() in psa_crypto.c. */ - if( signature_length < 2 * curve_bytes ) - { - status = PSA_ERROR_BUFFER_TOO_SMALL; - goto cleanup; - } - - MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &r, - signature, - curve_bytes ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &s, - signature + curve_bytes, - curve_bytes ) ); - - if( PSA_KEY_TYPE_IS_PUBLIC_KEY( psa_get_key_type( attributes ) ) ) - MBEDTLS_MPI_CHK( mbedtls_ecp_point_read_binary( &ecp.grp, &ecp.Q, - key, key_length ) ); else +#endif /* defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || + * defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) */ { - MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ecp.d, key, key_length ) ); - MBEDTLS_MPI_CHK( - mbedtls_ecp_mul( &ecp.grp, &ecp.Q, &ecp.d, &ecp.grp.G, - &mbedtls_test_rnd_pseudo_rand, - &rnd_info ) ); + (void)attributes; + (void)key_buffer; + (void)key_buffer_size; + (void)alg; + (void)hash; + (void)hash_length; + (void)signature; + (void)signature_length; + + return( PSA_ERROR_NOT_SUPPORTED ); } - - MBEDTLS_MPI_CHK( mbedtls_ecdsa_verify( &ecp.grp, hash, hash_length, - &ecp.Q, &r, &s ) ); -cleanup: - status = mbedtls_to_psa_error( ret ); - mbedtls_mpi_free( &r ); - mbedtls_mpi_free( &s ); - mbedtls_ecp_keypair_free( &ecp ); -#else /* defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \ - defined(MBEDTLS_SHA256_C) */ - (void) attributes; - (void) key; - (void) key_length; - (void) alg; - (void) hash; - (void) hash_length; - (void) signature; - (void) signature_length; -#endif /* defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \ - defined(MBEDTLS_SHA256_C) */ - - return( status ); } psa_status_t test_opaque_signature_verify_hash(