psa: Change psa_ecdsa_sign/verify signature

Change psa_ecdsa_sign/verify signature to that of
a sign/verify_hash driver entry point before to
move them to the psa_crypto_ecp.c ECP specific file.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron 2021-02-16 20:37:54 +01:00
parent d2fb85479a
commit d1cb91c603

View file

@ -3073,20 +3073,28 @@ cleanup:
#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ #if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
/* `ecp` cannot be const because `ecp->grp` needs to be non-const
* for mbedtls_ecdsa_sign() and mbedtls_ecdsa_sign_det() static psa_status_t psa_ecdsa_sign(
* (even though these functions don't modify it). */ const psa_key_attributes_t *attributes,
static psa_status_t psa_ecdsa_sign( mbedtls_ecp_keypair *ecp, const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
const uint8_t *hash, uint8_t *signature, size_t signature_size, size_t *signature_length )
size_t hash_length,
uint8_t *signature,
size_t signature_size,
size_t *signature_length )
{ {
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
mbedtls_ecp_keypair *ecp = NULL;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t curve_bytes;
mbedtls_mpi r, s; mbedtls_mpi r, s;
size_t curve_bytes = PSA_BITS_TO_BYTES( ecp->grp.pbits );
status = mbedtls_psa_ecp_load_representation( attributes->core.type,
attributes->core.bits,
key_buffer,
key_buffer_size,
&ecp );
if( status != PSA_SUCCESS )
return( status );
curve_bytes = PSA_BITS_TO_BYTES( ecp->grp.pbits );
mbedtls_mpi_init( &r ); mbedtls_mpi_init( &r );
mbedtls_mpi_init( &s ); mbedtls_mpi_init( &s );
@ -3102,7 +3110,8 @@ static psa_status_t psa_ecdsa_sign( mbedtls_ecp_keypair *ecp,
psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg ); psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg );
const mbedtls_md_info_t *md_info = mbedtls_md_info_from_psa( hash_alg ); const mbedtls_md_info_t *md_info = mbedtls_md_info_from_psa( hash_alg );
mbedtls_md_type_t md_alg = mbedtls_md_get_type( md_info ); mbedtls_md_type_t md_alg = mbedtls_md_get_type( md_info );
MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign_det_ext( &ecp->grp, &r, &s, MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign_det_ext(
&ecp->grp, &r, &s,
&ecp->d, hash, &ecp->d, hash,
hash_length, md_alg, hash_length, md_alg,
mbedtls_psa_get_random, mbedtls_psa_get_random,
@ -3124,29 +3133,49 @@ static psa_status_t psa_ecdsa_sign( mbedtls_ecp_keypair *ecp,
MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &s, MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &s,
signature + curve_bytes, signature + curve_bytes,
curve_bytes ) ); curve_bytes ) );
cleanup: cleanup:
mbedtls_mpi_free( &r ); mbedtls_mpi_free( &r );
mbedtls_mpi_free( &s ); mbedtls_mpi_free( &s );
if( ret == 0 ) if( ret == 0 )
*signature_length = 2 * curve_bytes; *signature_length = 2 * curve_bytes;
mbedtls_ecp_keypair_free( ecp );
mbedtls_free( ecp );
return( mbedtls_to_psa_error( ret ) ); return( mbedtls_to_psa_error( ret ) );
} }
static psa_status_t psa_ecdsa_verify( mbedtls_ecp_keypair *ecp, static psa_status_t psa_ecdsa_verify(
const uint8_t *hash, const psa_key_attributes_t *attributes,
size_t hash_length, const uint8_t *key_buffer, size_t key_buffer_size,
const uint8_t *signature, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
size_t signature_length ) const uint8_t *signature, size_t signature_length )
{ {
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
mbedtls_ecp_keypair *ecp = NULL;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t curve_bytes;
mbedtls_mpi r, s; mbedtls_mpi r, s;
size_t curve_bytes = PSA_BITS_TO_BYTES( ecp->grp.pbits );
(void)alg;
status = mbedtls_psa_ecp_load_representation( attributes->core.type,
attributes->core.bits,
key_buffer,
key_buffer_size,
&ecp );
if( status != PSA_SUCCESS )
return( status );
curve_bytes = PSA_BITS_TO_BYTES( ecp->grp.pbits );
mbedtls_mpi_init( &r ); mbedtls_mpi_init( &r );
mbedtls_mpi_init( &s ); mbedtls_mpi_init( &s );
if( signature_length != 2 * curve_bytes ) if( signature_length != 2 * curve_bytes )
return( PSA_ERROR_INVALID_SIGNATURE ); {
ret = MBEDTLS_ERR_ECP_VERIFY_FAILED;
goto cleanup;
}
MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &r, MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &r,
signature, signature,
@ -3169,6 +3198,9 @@ static psa_status_t psa_ecdsa_verify( mbedtls_ecp_keypair *ecp,
cleanup: cleanup:
mbedtls_mpi_free( &r ); mbedtls_mpi_free( &r );
mbedtls_mpi_free( &s ); mbedtls_mpi_free( &s );
mbedtls_ecp_keypair_free( ecp );
mbedtls_free( ecp );
return( mbedtls_to_psa_error( ret ) ); return( mbedtls_to_psa_error( ret ) );
} }
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) ||
@ -3207,21 +3239,11 @@ psa_status_t psa_sign_hash_internal(
#endif #endif
) )
{ {
mbedtls_ecp_keypair *ecp = NULL; return( psa_ecdsa_sign( attributes,
status = mbedtls_psa_ecp_load_representation( attributes->core.type, key_buffer, key_buffer_size,
attributes->core.bits, alg, hash, hash_length,
key_buffer,
key_buffer_size,
&ecp );
if( status != PSA_SUCCESS )
goto exit;
status = psa_ecdsa_sign( ecp,
alg,
hash, hash_length,
signature, signature_size, signature, signature_size,
signature_length ); signature_length ) );
mbedtls_ecp_keypair_free( ecp );
mbedtls_free( ecp );
} }
else else
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) ||
@ -3235,7 +3257,6 @@ psa_status_t psa_sign_hash_internal(
status = PSA_ERROR_NOT_SUPPORTED; status = PSA_ERROR_NOT_SUPPORTED;
} }
exit:
return( status ); return( status );
} }
@ -3325,20 +3346,10 @@ psa_status_t psa_verify_hash_internal(
defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
if( PSA_ALG_IS_ECDSA( alg ) ) if( PSA_ALG_IS_ECDSA( alg ) )
{ {
mbedtls_ecp_keypair *ecp = NULL; return( psa_ecdsa_verify( attributes,
status = mbedtls_psa_ecp_load_representation( attributes->core.type, key_buffer, key_buffer_size,
attributes->core.bits, alg, hash, hash_length,
key_buffer, signature, signature_length ) );
key_buffer_size,
&ecp );
if( status != PSA_SUCCESS )
goto exit;
status = psa_ecdsa_verify( ecp,
hash, hash_length,
signature, signature_length );
mbedtls_ecp_keypair_free( ecp );
mbedtls_free( ecp );
goto exit;
} }
else else
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) ||