lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-30 22:43:08 +03:00
Code Activity

Merge pull request #5117 from gilles-peskine-arm/psa-rsa-pss_any_salt-2.x

Browse Source 
Backport 2.x: PSA: fix salt length for PSS verification
This commit is contained in:
Manuel Pégourié-Gonnard
2021-10-29 16:36:46 +02:00
committed by GitHub
parent 6295dcb600 f8362ca847
commit 1f1bc2df7c
11 changed files with 486 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

68
include/psa/crypto_values.h
View File

@ -837,7 +837,7 @@
* algorithm parametrized with any supported hash.
*
* That is, suppose that `PSA_xxx_SIGNATURE` is one of the following macros:
* - #PSA_ALG_RSA_PKCS1V15_SIGN, #PSA_ALG_RSA_PSS,
* - #PSA_ALG_RSA_PKCS1V15_SIGN, #PSA_ALG_RSA_PSS, #PSA_ALG_RSA_PSS_ANY_SALT,
* - #PSA_ALG_ECDSA, #PSA_ALG_DETERMINISTIC_ECDSA.
* Then you may create and use a key as follows:
* - Set the key usage field using #PSA_ALG_ANY_HASH, for example:
@ -1293,6 +1293,7 @@
(((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_RSA_PKCS1V15_SIGN_BASE)
#define PSA_ALG_RSA_PSS_BASE ((psa_algorithm_t)0x06000300)
#define PSA_ALG_RSA_PSS_ANY_SALT_BASE ((psa_algorithm_t)0x06001300)
/** RSA PSS signature with hashing.
*
* This is the signature scheme defined by RFC 8017
@ -1313,9 +1314,72 @@
*/
#define PSA_ALG_RSA_PSS(hash_alg) \
(PSA_ALG_RSA_PSS_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
#define PSA_ALG_IS_RSA_PSS(alg) \
/** RSA PSS signature with hashing with relaxed verification.
*
* This algorithm has the same behavior as #PSA_ALG_RSA_PSS when signing,
* but allows an arbitrary salt length (including \c 0) when verifying a
* signature.
*
* \param hash_alg A hash algorithm (\c PSA_ALG_XXX value such that
* #PSA_ALG_IS_HASH(\p hash_alg) is true).
* This includes #PSA_ALG_ANY_HASH
* when specifying the algorithm in a usage policy.
*
* \return The corresponding RSA PSS signature algorithm.
* \return Unspecified if \p hash_alg is not a supported
* hash algorithm.
*/
#define PSA_ALG_RSA_PSS_ANY_SALT(hash_alg) \
(PSA_ALG_RSA_PSS_ANY_SALT_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
/** Whether the specified algorithm is RSA PSS with standard salt.
*
* \param alg An algorithm value or an algorithm policy wildcard.
*
* \return 1 if \p alg is of the form
* #PSA_ALG_RSA_PSS(\c hash_alg),
* where \c hash_alg is a hash algorithm or
* #PSA_ALG_ANY_HASH. 0 otherwise.
* This macro may return either 0 or 1 if \p alg is not
* a supported algorithm identifier or policy.
*/
#define PSA_ALG_IS_RSA_PSS_STANDARD_SALT(alg) \
(((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_RSA_PSS_BASE)
/** Whether the specified algorithm is RSA PSS with any salt.
*
* \param alg An algorithm value or an algorithm policy wildcard.
*
* \return 1 if \p alg is of the form
* #PSA_ALG_RSA_PSS_ANY_SALT_BASE(\c hash_alg),
* where \c hash_alg is a hash algorithm or
* #PSA_ALG_ANY_HASH. 0 otherwise.
* This macro may return either 0 or 1 if \p alg is not
* a supported algorithm identifier or policy.
*/
#define PSA_ALG_IS_RSA_PSS_ANY_SALT(alg) \
(((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_RSA_PSS_ANY_SALT_BASE)
/** Whether the specified algorithm is RSA PSS.
*
* This includes any of the RSA PSS algorithm variants, regardless of the
* constraints on salt length.
*
* \param alg An algorithm value or an algorithm policy wildcard.
*
* \return 1 if \p alg is of the form
* #PSA_ALG_RSA_PSS(\c hash_alg) or
* #PSA_ALG_RSA_PSS_ANY_SALT_BASE(\c hash_alg),
* where \c hash_alg is a hash algorithm or
* #PSA_ALG_ANY_HASH. 0 otherwise.
* This macro may return either 0 or 1 if \p alg is not
* a supported algorithm identifier or policy.
*/
#define PSA_ALG_IS_RSA_PSS(alg) \
(PSA_ALG_IS_RSA_PSS_STANDARD_SALT(alg) || \
PSA_ALG_IS_RSA_PSS_ANY_SALT(alg))
#define PSA_ALG_ECDSA_BASE ((psa_algorithm_t)0x06000600)
/** ECDSA signature with hashing.
*