yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-22 22:05:42 +01:00
Code Issues Packages Projects Releases Wiki Activity

Implement psa_sign_message and psa_verify_message functions

Browse Source 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
This commit is contained in:
gabor-mezei-arm 2021-04-14 21:14:28 +02:00
parent 0ac7dbcfdc
commit e8efa3911c
No known key found for this signature in database
GPG Key ID: 106F5A41ECC305BD
4 changed files with 305 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

119
include/psa/crypto.h
View File

@ -2889,6 +2889,123 @@ psa_status_t psa_aead_abort(psa_aead_operation_t *operation);
* @{
*/
/**
* \brief Sign a message with a private key. For hash-and-sign algorithms,
* this includes the hashing step.
*
* \note To perform a multi-part hash-and-sign signature algorithm, first use
* a multi-part hash operation and then pass the resulting hash to
* psa_sign_hash(). PSA_ALG_GET_HASH(\p alg) can be used to determine the
* hash algorithm to use.
*
* \param[in] key Identifier of the key to use for the operation.
* It must be an asymmetric key pair. The key must
* allow the usage #PSA_KEY_USAGE_SIGN_MESSAGE.
* \param[in] alg An asymmetric signature algorithm (PSA_ALG_XXX
* value such that #PSA_ALG_IS_SIGN_MESSAGE(\p alg)
* is true), that is compatible with the type of
* \p key.
* \param[in] input The input message to sign.
* \param[in] input_length Size of the \p input buffer in bytes.
* \param[out] signature Buffer where the signature is to be written.
* \param[in] signature_size Size of the \p signature buffer in bytes. This
* must be appropriate for the selected
* algorithm and key:
* - The required signature size is
* #PSA_SIGN_OUTPUT_SIZE(key_type, key_bits, \p alg)
* where key_type and key_bits are the type and
* bit-size respectively of key.
* - #PSA_SIGNATURE_MAX_SIZE evaluates to the
* maximum signature size of any supported
* signature algorithm.
* \param[out] signature_length On success, the number of bytes that make up
* the returned signature value.
*
* \retval #PSA_SUCCESS
* \retval #PSA_ERROR_INVALID_HANDLE
* \retval #PSA_ERROR_NOT_PERMITTED
* The key does not have the #PSA_KEY_USAGE_SIGN_MESSAGE flag,
* or it does not permit the requested algorithm.
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p signature buffer is too small. You can
* determine a sufficient buffer size by calling
* #PSA_SIGN_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg)
* where \c key_type and \c key_bits are the type and bit-size
* respectively of \p key.
* \retval #PSA_ERROR_NOT_SUPPORTED
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_DATA_CORRUPT
* \retval #PSA_ERROR_DATA_INVALID
* \retval #PSA_ERROR_INSUFFICIENT_ENTROPY
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
psa_status_t psa_sign_message( mbedtls_svc_key_id_t key,
psa_algorithm_t alg,
const uint8_t * input,
size_t input_length,
uint8_t * signature,
size_t signature_size,
size_t * signature_length );
/** \brief Verify the signature of a message with a public key, using
* a hash-and-sign verification algorithm.
*
* \note To perform a multi-part hash-and-sign signature verification
* algorithm, first use a multi-part hash operation to hash the message
* and then pass the resulting hash to psa_verify_hash().
* PSA_ALG_GET_HASH(\p alg) can be used to determine the hash algorithm
* to use.
*
* \param[in] key Identifier of the key to use for the operation.
* It must be a public key or an asymmetric key
* pair. The key must allow the usage
* #PSA_KEY_USAGE_VERIFY_MESSAGE.
* \param[in] alg An asymmetric signature algorithm (PSA_ALG_XXX
* value such that #PSA_ALG_IS_SIGN_MESSAGE(\p alg)
* is true), that is compatible with the type of
* \p key.
* \param[in] input The message whose signature is to be verified.
* \param[in] input_length Size of the \p input buffer in bytes.
* \param[out] signature Buffer containing the signature to verify.
* \param[in] signature_length Size of the \p signature buffer in bytes.
*
* \retval #PSA_SUCCESS
* \retval #PSA_ERROR_INVALID_HANDLE
* \retval #PSA_ERROR_NOT_PERMITTED
* The key does not have the #PSA_KEY_USAGE_SIGN_MESSAGE flag,
* or it does not permit the requested algorithm.
* \retval #PSA_ERROR_INVALID_SIGNATURE
* The calculation was performed successfully, but the passed signature
* is not a valid signature.
* \retval #PSA_ERROR_NOT_SUPPORTED
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_STORAGE_FAILURE
* \retval #PSA_ERROR_DATA_CORRUPT
* \retval #PSA_ERROR_DATA_INVALID
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
psa_status_t psa_verify_message( mbedtls_svc_key_id_t key,
psa_algorithm_t alg,
const uint8_t * input,
size_t input_length,
const uint8_t * signature,
size_t signature_length );
/**
* \brief Sign a hash or short message with a private key.
*
@ -2942,7 +3059,7 @@ psa_status_t psa_sign_hash(mbedtls_svc_key_id_t key,
size_t *signature_length);
/**
* \brief Verify the signature a hash or short message using a public key.
* \brief Verify the signature of a hash or short message using a public key.
*
* Note that to perform a hash-and-sign signature algorithm, you must
* first calculate the hash by calling psa_hash_setup(), psa_hash_update()

37
include/psa/crypto_values.h
View File

@ -1487,6 +1487,23 @@
PSA_ALG_IS_ECDSA(alg) || PSA_ALG_IS_HASH_EDDSA(alg) || \
PSA_ALG_IS_VENDOR_HASH_AND_SIGN(alg))
/** Whether the specified algorithm is a signature algorithm that can be used
* with psa_sign_message() and psa_verify_message().
*
* \param alg An algorithm identifier (value of type #psa_algorithm_t).
*
* \return 1 if alg is a signature algorithm that can be used to sign a
* message. 0 if alg is a signature algorithm that can only be used
* to sign an already-calculated hash. 0 if alg is not a signature
* algorithm. This macro can return either 0 or 1 if alg is not a
* supported algorithm identifier.
*/
#define PSA_ALG_IS_SIGN_MESSAGE(alg) \
(PSA_ALG_IS_RSA_PSS(alg) || PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) || \
PSA_ALG_IS_ECDSA(alg) || PSA_ALG_IS_HASH_EDDSA(alg) || \
PSA_ALG_IS_VENDOR_HASH_AND_SIGN(alg))
/** Get the hash used by a hash-and-sign signature algorithm.
*
* A hash-and-sign algorithm is a signature algorithm which is
@ -2063,6 +2080,26 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key )
*/
#define PSA_KEY_USAGE_DECRYPT ((psa_key_usage_t)0x00000200)
/** Whether the key may be used to sign a message.
*
* This flag allows the key to be used for a MAC calculation operation or for
* an asymmetric message signature operation, if otherwise permitted by the
* keys type and policy.
*
* For a key pair, this concerns the private key.
*/
#define PSA_KEY_USAGE_SIGN_MESSAGE ((psa_key_usage_t)0x00000400)
/** Whether the key may be used to verify a message.
*
* This flag allows the key to be used for a MAC verification operation or for
* an asymmetric message signature verification operation, if otherwise
* permitted by the keys type and policy.
*
* For a key pair, this concerns the public key.
*/
#define PSA_KEY_USAGE_VERIFY_MESSAGE ((psa_key_usage_t)0x00000800)
/** Whether the key may be used to sign a message.
*
* This flag allows the key to be used for a MAC calculation operation

136
library/psa_crypto.c
View File

@ -1556,6 +1556,8 @@ static psa_status_t psa_validate_key_policy( const psa_key_policy_t *policy )
PSA_KEY_USAGE_COPY |
PSA_KEY_USAGE_ENCRYPT |
PSA_KEY_USAGE_DECRYPT |
PSA_KEY_USAGE_SIGN_MESSAGE |
PSA_KEY_USAGE_VERIFY_MESSAGE |
PSA_KEY_USAGE_SIGN_HASH |
PSA_KEY_USAGE_VERIFY_HASH |
PSA_KEY_USAGE_DERIVE ) ) != 0 )
@ -2840,6 +2842,140 @@ cleanup:
/* Asymmetric cryptography */
/****************************************************************/
psa_status_t psa_sign_message( mbedtls_svc_key_id_t key,
psa_algorithm_t alg,
const uint8_t * input,
size_t input_length,
uint8_t * signature,
size_t signature_size,
size_t * signature_length )
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot;
size_t hash_length;
uint8_t hash[PSA_HASH_MAX_SIZE];
*signature_length = 0;
if( ! PSA_ALG_IS_SIGN_MESSAGE( alg ) )
return( PSA_ERROR_INVALID_ARGUMENT );
if ( ! PSA_ALG_IS_HASH( PSA_ALG_SIGN_GET_HASH( alg ) ) )
return( PSA_ERROR_INVALID_ARGUMENT );
/* Immediately reject a zero-length signature buffer. This guarantees
* that signature must be a valid pointer. (On the other hand, the hash
* buffer can in principle be empty since it doesn't actually have
* to be a hash.) */
if( signature_size == 0 )
return( PSA_ERROR_BUFFER_TOO_SMALL );
status = psa_get_and_lock_key_slot_with_policy( key, &slot,
PSA_KEY_USAGE_SIGN_MESSAGE,
alg );
if( status != PSA_SUCCESS )
goto exit;
if( ! PSA_KEY_TYPE_IS_KEY_PAIR( slot->attr.type ) )
{
status = PSA_ERROR_INVALID_ARGUMENT;
goto exit;
}
psa_key_attributes_t attributes = {
.core = slot->attr
};
status = psa_driver_wrapper_hash_compute( PSA_ALG_SIGN_GET_HASH( alg ),
input, input_length,
hash, sizeof( hash ),
&hash_length );
if( status != PSA_SUCCESS )
{
memset( hash, 0, sizeof( hash ) );
goto exit;
}
status = psa_driver_wrapper_sign_hash(
&attributes, slot->key.data, slot->key.bytes,
alg, hash, hash_length,
signature, signature_size, signature_length );
memset( hash, 0, hash_length );
exit:
/* Fill the unused part of the output buffer (the whole buffer on error,
* the trailing part on success) with something that isn't a valid signature
* (barring an attack on the signature and deliberately-crafted input),
* in case the caller doesn't check the return status properly. */
if( status == PSA_SUCCESS )
memset( signature + *signature_length, '!',
signature_size - *signature_length );
else
memset( signature, '!', signature_size );
/* If signature_size is 0 then we have nothing to do. We must not call
* memset because signature may be NULL in this case. */
unlock_status = psa_unlock_key_slot( slot );
return( ( status == PSA_SUCCESS ) ? unlock_status : status );
}
psa_status_t psa_verify_message( mbedtls_svc_key_id_t key,
psa_algorithm_t alg,
const uint8_t * input,
size_t input_length,
const uint8_t * signature,
size_t signature_length )
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot;
size_t hash_length;
uint8_t hash[PSA_HASH_MAX_SIZE];
if( ! PSA_ALG_IS_SIGN_MESSAGE( alg ) )
return( PSA_ERROR_INVALID_ARGUMENT );
if ( ! PSA_ALG_IS_HASH( PSA_ALG_SIGN_GET_HASH( alg ) ) )
return( PSA_ERROR_INVALID_ARGUMENT );
status = psa_get_and_lock_key_slot_with_policy( key, &slot,
PSA_KEY_USAGE_VERIFY_MESSAGE,
alg );
if( status != PSA_SUCCESS )
return( status );
psa_key_attributes_t attributes = {
.core = slot->attr
};
status = psa_driver_wrapper_hash_compute( PSA_ALG_SIGN_GET_HASH( alg ),
input, input_length,
hash, sizeof( hash ),
&hash_length );
if( status != PSA_SUCCESS )
{
memset( hash, 0, sizeof( hash ) );
goto exit;
}
status = psa_driver_wrapper_verify_hash(
&attributes, slot->key.data, slot->key.bytes,
alg, hash, hash_length,
signature, signature_length );
memset( hash, 0, hash_length );
exit:
unlock_status = psa_unlock_key_slot( slot );
return( ( status == PSA_SUCCESS ) ? unlock_status : status );
}
psa_status_t psa_sign_hash_internal(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,

14
programs/psa/psa_constant_names_generated.c
View File

@ -394,6 +394,13 @@ static int psa_snprint_key_usage(char *buffer, size_t buffer_size,
append(&buffer, buffer_size, &required_size, "PSA_KEY_USAGE_SIGN_HASH", 23);
usage ^= PSA_KEY_USAGE_SIGN_HASH;
}
if (usage & PSA_KEY_USAGE_SIGN_MESSAGE) {
if (required_size != 0) {
append(&buffer, buffer_size, &required_size, " | ", 3);
}
append(&buffer, buffer_size, &required_size, "PSA_KEY_USAGE_SIGN_MESSAGE", 26);
usage ^= PSA_KEY_USAGE_SIGN_MESSAGE;
}
if (usage & PSA_KEY_USAGE_VERIFY_HASH) {
if (required_size != 0) {
append(&buffer, buffer_size, &required_size, " | ", 3);
@ -401,6 +408,13 @@ static int psa_snprint_key_usage(char *buffer, size_t buffer_size,
append(&buffer, buffer_size, &required_size, "PSA_KEY_USAGE_VERIFY_HASH", 25);
usage ^= PSA_KEY_USAGE_VERIFY_HASH;
}
if (usage & PSA_KEY_USAGE_VERIFY_MESSAGE) {
if (required_size != 0) {
append(&buffer, buffer_size, &required_size, " | ", 3);
}
append(&buffer, buffer_size, &required_size, "PSA_KEY_USAGE_VERIFY_MESSAGE", 28);
usage ^= PSA_KEY_USAGE_VERIFY_MESSAGE;
}
if (usage != 0) {
if (required_size != 0) {
append(&buffer, buffer_size, &required_size, " | ", 3);