mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-07-29 11:41:15 +03:00
Jerry Yu
47
library/pk.c
47
library/pk.c
@ -518,6 +518,7 @@ int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
|
|||||||
f_rng, p_rng, NULL ) );
|
f_rng, p_rng, NULL ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_PSA_CRYPTO_C)
|
||||||
/*
|
/*
|
||||||
* Make a signature with options
|
* Make a signature with options
|
||||||
*/
|
*/
|
||||||
@ -529,12 +530,9 @@ int mbedtls_pk_sign_ext( mbedtls_pk_type_t type,
|
|||||||
int (*f_rng)(void *, unsigned char *, size_t),
|
int (*f_rng)(void *, unsigned char *, size_t),
|
||||||
void *p_rng )
|
void *p_rng )
|
||||||
{
|
{
|
||||||
PK_VALIDATE_RET( ctx != NULL );
|
|
||||||
PK_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hash_len == 0 ) ||
|
|
||||||
hash != NULL );
|
|
||||||
PK_VALIDATE_RET( sig != NULL );
|
|
||||||
|
|
||||||
*sig_len = 0;
|
*sig_len = 0;
|
||||||
|
|
||||||
if( ctx->pk_info == NULL )
|
if( ctx->pk_info == NULL )
|
||||||
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
|
||||||
|
|
||||||
@ -543,43 +541,22 @@ int mbedtls_pk_sign_ext( mbedtls_pk_type_t type,
|
|||||||
|
|
||||||
if( type != MBEDTLS_PK_RSASSA_PSS )
|
if( type != MBEDTLS_PK_RSASSA_PSS )
|
||||||
{
|
{
|
||||||
return( mbedtls_pk_sign_restartable( ctx, md_alg, hash, hash_len,
|
return( mbedtls_pk_sign( ctx, md_alg, hash, hash_len,
|
||||||
sig, sig_size, sig_len,
|
sig, sig_size, sig_len, f_rng, p_rng ) );
|
||||||
f_rng, p_rng, NULL ) );
|
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PKCS1_V21)
|
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
|
||||||
|
|
||||||
#if SIZE_MAX > UINT_MAX
|
return( mbedtls_pk_psa_sign_ext( PSA_ALG_RSA_PSS_ANY_SALT(
|
||||||
if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len )
|
mbedtls_psa_translate_md( md_alg ) ),
|
||||||
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
|
ctx->pk_ctx, hash, hash_len,
|
||||||
#endif /* SIZE_MAX > UINT_MAX */
|
sig, sig_size, sig_len ) );
|
||||||
|
#else /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
|
||||||
if( sig_size < mbedtls_pk_get_len( ctx ) )
|
|
||||||
return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
|
|
||||||
|
|
||||||
if( mbedtls_rsa_set_padding( mbedtls_pk_rsa( *ctx ),
|
|
||||||
MBEDTLS_RSA_PKCS_V21,
|
|
||||||
md_alg ) != 0 )
|
|
||||||
{
|
|
||||||
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
|
|
||||||
}
|
|
||||||
|
|
||||||
*sig_len = mbedtls_pk_get_len( ctx );
|
|
||||||
ret = mbedtls_rsa_rsassa_pss_sign_ext( mbedtls_pk_rsa( *ctx ),
|
|
||||||
f_rng, p_rng,
|
|
||||||
md_alg,
|
|
||||||
(unsigned int) hash_len,
|
|
||||||
hash,MBEDTLS_RSA_SALT_LEN_ANY,
|
|
||||||
sig
|
|
||||||
);
|
|
||||||
return( ret );
|
|
||||||
#else
|
|
||||||
return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
|
return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
|
||||||
#endif /* MBEDTLS_RSA_C && MBEDTLS_PKCS1_V21 */
|
#endif /* !MBEDTLS_X509_RSASSA_PSS_SUPPORT */
|
||||||
|
|
||||||
}
|
}
|
||||||
|
#endif /* MBEDTLS_PSA_CRYPTO_C */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Decrypt message
|
* Decrypt message
|
||||||
|
|||||||
@ -192,12 +192,12 @@ static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
|
|||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
|
int mbedtls_pk_psa_sign_ext( psa_algorithm_t psa_alg_md, void *pk_ctx,
|
||||||
const unsigned char *hash, size_t hash_len,
|
const unsigned char *hash, size_t hash_len,
|
||||||
unsigned char *sig, size_t sig_size, size_t *sig_len,
|
unsigned char *sig, size_t sig_size,
|
||||||
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
|
size_t *sig_len )
|
||||||
{
|
{
|
||||||
mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
|
mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) pk_ctx;
|
||||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||||
mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
|
mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
|
||||||
@ -206,16 +206,6 @@ static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
|
|||||||
int key_len;
|
int key_len;
|
||||||
unsigned char buf[MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES];
|
unsigned char buf[MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES];
|
||||||
mbedtls_pk_info_t pk_info = mbedtls_rsa_info;
|
mbedtls_pk_info_t pk_info = mbedtls_rsa_info;
|
||||||
psa_algorithm_t psa_alg_md =
|
|
||||||
PSA_ALG_RSA_PKCS1V15_SIGN( mbedtls_psa_translate_md( md_alg ) );
|
|
||||||
|
|
||||||
((void) f_rng);
|
|
||||||
((void) p_rng);
|
|
||||||
|
|
||||||
#if SIZE_MAX > UINT_MAX
|
|
||||||
if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len )
|
|
||||||
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
|
|
||||||
#endif /* SIZE_MAX > UINT_MAX */
|
|
||||||
|
|
||||||
*sig_len = mbedtls_rsa_get_len( rsa );
|
*sig_len = mbedtls_rsa_get_len( rsa );
|
||||||
if( sig_size < *sig_len )
|
if( sig_size < *sig_len )
|
||||||
@ -224,11 +214,10 @@ static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
|
|||||||
/* mbedtls_pk_write_key_der() expects a full PK context;
|
/* mbedtls_pk_write_key_der() expects a full PK context;
|
||||||
* re-construct one to make it happy */
|
* re-construct one to make it happy */
|
||||||
key.pk_info = &pk_info;
|
key.pk_info = &pk_info;
|
||||||
key.pk_ctx = ctx;
|
key.pk_ctx = pk_ctx;
|
||||||
key_len = mbedtls_pk_write_key_der( &key, buf, sizeof( buf ) );
|
key_len = mbedtls_pk_write_key_der( &key, buf, sizeof( buf ) );
|
||||||
if( key_len <= 0 )
|
if( key_len <= 0 )
|
||||||
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
|
||||||
|
|
||||||
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH );
|
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH );
|
||||||
psa_set_key_algorithm( &attributes, psa_alg_md );
|
psa_set_key_algorithm( &attributes, psa_alg_md );
|
||||||
psa_set_key_type( &attributes, PSA_KEY_TYPE_RSA_KEY_PAIR );
|
psa_set_key_type( &attributes, PSA_KEY_TYPE_RSA_KEY_PAIR );
|
||||||
@ -241,7 +230,6 @@ static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
|
|||||||
ret = mbedtls_pk_error_from_psa( status );
|
ret = mbedtls_pk_error_from_psa( status );
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
status = psa_sign_hash( key_id, psa_alg_md, hash, hash_len,
|
status = psa_sign_hash( key_id, psa_alg_md, hash, hash_len,
|
||||||
sig, sig_size, sig_len );
|
sig, sig_size, sig_len );
|
||||||
if( status != PSA_SUCCESS )
|
if( status != PSA_SUCCESS )
|
||||||
@ -256,9 +244,31 @@ cleanup:
|
|||||||
status = psa_destroy_key( key_id );
|
status = psa_destroy_key( key_id );
|
||||||
if( ret == 0 && status != PSA_SUCCESS )
|
if( ret == 0 && status != PSA_SUCCESS )
|
||||||
ret = mbedtls_pk_error_from_psa( status );
|
ret = mbedtls_pk_error_from_psa( status );
|
||||||
|
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
|
static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
|
||||||
|
const unsigned char *hash, size_t hash_len,
|
||||||
|
unsigned char *sig, size_t sig_size, size_t *sig_len,
|
||||||
|
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
|
||||||
|
{
|
||||||
|
|
||||||
|
((void) f_rng);
|
||||||
|
((void) p_rng);
|
||||||
|
((void) md_alg);
|
||||||
|
|
||||||
|
#if SIZE_MAX > UINT_MAX
|
||||||
|
if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len )
|
||||||
|
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
|
||||||
|
#endif /* SIZE_MAX > UINT_MAX */
|
||||||
|
|
||||||
|
return( mbedtls_pk_psa_sign_ext( PSA_ALG_RSA_PKCS1V15_SIGN(
|
||||||
|
mbedtls_psa_translate_md( md_alg ) ),
|
||||||
|
ctx, hash, hash_len,
|
||||||
|
sig, sig_size, sig_len ) );
|
||||||
|
}
|
||||||
#else
|
#else
|
||||||
static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
|
static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
|
||||||
const unsigned char *hash, size_t hash_len,
|
const unsigned char *hash, size_t hash_len,
|
||||||
|
|||||||
@ -145,6 +145,15 @@ int mbedtls_pk_error_from_psa_ecdca( psa_status_t status );
|
|||||||
#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY)
|
#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY)
|
||||||
int mbedtls_pk_error_from_psa_rsa( psa_status_t status );
|
int mbedtls_pk_error_from_psa_rsa( psa_status_t status );
|
||||||
#endif
|
#endif
|
||||||
#endif
|
|
||||||
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
|
int mbedtls_pk_psa_sign_ext( psa_algorithm_t psa_alg_md, void *ctx,
|
||||||
|
const unsigned char *hash, size_t hash_len,
|
||||||
|
unsigned char *sig, size_t sig_size,
|
||||||
|
size_t *sig_len );
|
||||||
|
|
||||||
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||||
|
|
||||||
#endif /* MBEDTLS_PK_WRAP_H */
|
#endif /* MBEDTLS_PK_WRAP_H */
|
||||||
|
|||||||
Reference in New Issue
Block a user