mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-22 22:15:43 +01:00
Implement pk_sign() for opaque ECDSA keys
This commit is contained in:
parent
d97390e97d
commit
3686771dfa
@ -41,10 +41,18 @@
|
||||
#include "mbedtls/ecdsa.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
#include "mbedtls/asn1write.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
|
||||
#include "mbedtls/platform_util.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
#include "mbedtls/psa_util.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_C)
|
||||
#include "mbedtls/platform.h"
|
||||
#else
|
||||
@ -753,13 +761,116 @@ static int pk_psa_can_do( mbedtls_pk_type_t type )
|
||||
type == MBEDTLS_PK_ECDSA );
|
||||
}
|
||||
|
||||
/* Like mbedtls_asn1_write_mpi, but from a buffer */
|
||||
static int asn1_write_mpibuf( unsigned char **p, unsigned char *start,
|
||||
const unsigned char *src, size_t slen )
|
||||
{
|
||||
int ret;
|
||||
size_t len = 0;
|
||||
|
||||
if( (size_t)( *p - start ) < slen )
|
||||
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
|
||||
|
||||
len = slen;
|
||||
*p -= len;
|
||||
memcpy( *p, src, len );
|
||||
|
||||
if( **p & 0x80 )
|
||||
{
|
||||
if( *p - start < 1 )
|
||||
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
|
||||
|
||||
*--(*p) = 0x00;
|
||||
len += 1;
|
||||
}
|
||||
|
||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
|
||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_INTEGER ) );
|
||||
|
||||
return( (int) len );
|
||||
}
|
||||
|
||||
/* Transcode signature from PSA format to ASN.1 sequence.
|
||||
* See ecdsa_signature_to_asn1 in ecdsa.c.
|
||||
*
|
||||
* [in] sig: the signature in PSA format
|
||||
* [in/out] sig_len: signature length pre- and post-transcoding
|
||||
* [out] dst: the signature in ASN.1 format
|
||||
*/
|
||||
static int pk_ecdsa_sig_asn1_from_psa( const unsigned char *sig, size_t *sig_len,
|
||||
unsigned char *dst )
|
||||
{
|
||||
int ret;
|
||||
unsigned char buf[MBEDTLS_ECDSA_MAX_LEN];
|
||||
unsigned char *p = buf + sizeof( buf );
|
||||
size_t len = 0;
|
||||
const size_t mpi_len = *sig_len / 2;
|
||||
|
||||
MBEDTLS_ASN1_CHK_ADD( len, asn1_write_mpibuf( &p, buf, sig + mpi_len, mpi_len ) );
|
||||
MBEDTLS_ASN1_CHK_ADD( len, asn1_write_mpibuf( &p, buf, sig, mpi_len ) );
|
||||
|
||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &p, buf, len ) );
|
||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &p, buf,
|
||||
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) );
|
||||
|
||||
memcpy( dst, p, len );
|
||||
*sig_len = len;
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
static int pk_psa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
|
||||
const unsigned char *hash, size_t hash_len,
|
||||
unsigned char *sig, size_t *sig_len,
|
||||
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
|
||||
{
|
||||
const psa_key_slot_t *key = (const psa_key_slot_t *) ctx;
|
||||
psa_status_t status;
|
||||
psa_algorithm_t alg = PSA_ALG_ECDSA( mbedtls_psa_translate_md( md_alg ) );
|
||||
/* PSA needs a buffer of know size */
|
||||
unsigned char buf[2 * MBEDTLS_ECP_MAX_BYTES];
|
||||
const size_t buf_len = sizeof( buf );
|
||||
|
||||
/* PSA has its own RNG */
|
||||
(void) f_rng;
|
||||
(void) p_rng;
|
||||
|
||||
status = psa_asymmetric_sign( *key, alg, hash, hash_len,
|
||||
buf, buf_len, sig_len );
|
||||
|
||||
/* translate errors to best approximation */
|
||||
switch( status )
|
||||
{
|
||||
case PSA_SUCCESS:
|
||||
break; /* don't return now */
|
||||
case PSA_ERROR_NOT_SUPPORTED:
|
||||
return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
|
||||
case PSA_ERROR_INSUFFICIENT_MEMORY:
|
||||
return( MBEDTLS_ERR_PK_ALLOC_FAILED );
|
||||
case PSA_ERROR_COMMUNICATION_FAILURE:
|
||||
case PSA_ERROR_HARDWARE_FAILURE:
|
||||
case PSA_ERROR_TAMPERING_DETECTED:
|
||||
return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );
|
||||
case PSA_ERROR_INSUFFICIENT_ENTROPY:
|
||||
return( MBEDTLS_ERR_ECP_RANDOM_FAILED );
|
||||
case PSA_ERROR_BAD_STATE:
|
||||
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
|
||||
default: /* should never happen */
|
||||
return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );
|
||||
}
|
||||
|
||||
pk_ecdsa_sig_asn1_from_psa( buf, sig_len, sig );
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
const mbedtls_pk_info_t mbedtls_pk_opaque_psa_info = {
|
||||
MBEDTLS_PK_OPAQUE_PSA,
|
||||
"Opaque (PSA)",
|
||||
pk_psa_get_bitlen,
|
||||
pk_psa_can_do,
|
||||
NULL, /* verify - will be done later */
|
||||
NULL, /* coming soon: sign */
|
||||
pk_psa_sign_wrap,
|
||||
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
|
||||
NULL, /* restartable verify - not relevant */
|
||||
NULL, /* restartable sign - not relevant */
|
||||
|
@ -188,3 +188,6 @@ pk_sign_verify_restart:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75
|
||||
ECDSA restartable sign/verify: ECKEY, max_ops=250
|
||||
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
|
||||
pk_sign_verify_restart:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":"60FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB6":"7903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299":MBEDTLS_MD_SHA256:"test":"3045022100f1abb023518351cd71d881567b1ea663ed3efcf6c5132b354f28d3b0b7d383670220019f4113742a2b14bd25926b49c649155f267e60d3814b4c0cc84250e46f0083":250:2:64
|
||||
|
||||
PSA wrapped sign
|
||||
pk_psa_sign:
|
||||
|
@ -72,6 +72,7 @@ size_t mbedtls_rsa_key_len_func( void *ctx )
|
||||
/*
|
||||
* Generate a key in a free key slot and return this key slot,
|
||||
* or PK_PSA_INVALID_SLOT if no slot was available.
|
||||
* The key uses NIST P-256 and is usable for signing with SHA-256.
|
||||
*/
|
||||
psa_key_slot_t pk_psa_genkey( void )
|
||||
{
|
||||
@ -80,10 +81,20 @@ psa_key_slot_t pk_psa_genkey( void )
|
||||
const int curve = PSA_ECC_CURVE_SECP256R1;
|
||||
const psa_key_type_t type = PSA_KEY_TYPE_ECC_KEYPAIR(curve);
|
||||
const size_t bits = 256;
|
||||
psa_key_policy_t policy;
|
||||
|
||||
/* find a free key slot */
|
||||
if( PSA_SUCCESS != mbedtls_psa_get_free_key_slot( &key ) )
|
||||
return( PK_PSA_INVALID_SLOT );
|
||||
|
||||
/* set up policy on key slot */
|
||||
psa_key_policy_init( &policy );
|
||||
psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_SIGN,
|
||||
PSA_ALG_ECDSA(PSA_ALG_SHA_256) );
|
||||
if( PSA_SUCCESS != psa_set_key_policy( key, &policy ) )
|
||||
return( PK_PSA_INVALID_SLOT );
|
||||
|
||||
/* generate key */
|
||||
if( PSA_SUCCESS != psa_generate_key( key, type, bits, NULL, 0 ) )
|
||||
return( PK_PSA_INVALID_SLOT );
|
||||
|
||||
@ -760,3 +771,53 @@ exit:
|
||||
mbedtls_pk_free( &rsa ); mbedtls_pk_free( &alt );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED */
|
||||
void pk_psa_sign( )
|
||||
{
|
||||
mbedtls_pk_context pk;
|
||||
psa_key_slot_t key;
|
||||
unsigned char hash[50], sig[100], pkey[100];
|
||||
size_t sig_len, klen = 0;
|
||||
|
||||
/*
|
||||
* This tests making signatures with a wrapped PSA key:
|
||||
* - generate a fresh PSA key
|
||||
* - wrap it in a PK context and make a signature this way
|
||||
* - extract the public key
|
||||
* - parse it to a PK context and verify the signature this way
|
||||
*/
|
||||
|
||||
mbedtls_pk_init( &pk );
|
||||
|
||||
memset( hash, 0x2a, sizeof hash );
|
||||
memset( sig, 0, sizeof sig );
|
||||
memset( pkey, 0, sizeof pkey );
|
||||
|
||||
key = pk_psa_genkey();
|
||||
TEST_ASSERT( key != 0 );
|
||||
|
||||
TEST_ASSERT( mbedtls_pk_setup_psa( &pk, key ) == 0 );
|
||||
|
||||
TEST_ASSERT( mbedtls_pk_sign( &pk, MBEDTLS_MD_SHA256,
|
||||
hash, sizeof hash, sig, &sig_len,
|
||||
NULL, NULL ) == 0 );
|
||||
|
||||
mbedtls_pk_free( &pk );
|
||||
|
||||
TEST_ASSERT( PSA_SUCCESS == psa_export_public_key(
|
||||
key, pkey, sizeof( pkey ), &klen ) );
|
||||
TEST_ASSERT( PSA_SUCCESS == psa_destroy_key( key ) );
|
||||
|
||||
mbedtls_pk_init( &pk );
|
||||
|
||||
TEST_ASSERT( mbedtls_pk_parse_public_key( &pk, pkey, klen ) == 0 );
|
||||
|
||||
|
||||
TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_SHA256,
|
||||
hash, sizeof hash, sig, sig_len ) == 0 );
|
||||
|
||||
exit:
|
||||
mbedtls_pk_free( &pk );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
Loading…
Reference in New Issue
Block a user