Merge pull request #5559 from yuhaoth/pr/add-rsae-sha384-sha512

Add rsae sha384 sha512
2025-07-29 11:41:15 +03:00 · 2022-03-29 14:01:51 +02:00
parent 39f2f73e69 d73d0a327a
commit 63d97ad0bb
15 changed files with 627 additions and 191 deletions
--- a/include/mbedtls/pk.h
+++ b/include/mbedtls/pk.h
@ -535,6 +535,45 @@ int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
             unsigned char *sig, size_t sig_size, size_t *sig_len,
             int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );

+#if defined(MBEDTLS_PSA_CRYPTO_C)
+/**
+ * \brief           Make signature given a signature type.
+ *
+ * \param pk_type   Signature type.
+ * \param ctx       The PK context to use. It must have been set up
+ *                  with a private key.
+ * \param md_alg    Hash algorithm used (see notes)
+ * \param hash      Hash of the message to sign
+ * \param hash_len  Hash length
+ * \param sig       Place to write the signature.
+ *                  It must have enough room for the signature.
+ *                  #MBEDTLS_PK_SIGNATURE_MAX_SIZE is always enough.
+ *                  You may use a smaller buffer if it is large enough
+ *                  given the key type.
+ * \param sig_size  The size of the \p sig buffer in bytes.
+ * \param sig_len   On successful return,
+ *                  the number of bytes written to \p sig.
+ * \param f_rng     RNG function, must not be \c NULL.
+ * \param p_rng     RNG parameter
+ *
+ * \return          0 on success, or a specific error code.
+ *
+ * \note            When \p pk_type is #MBEDTLS_PK_RSASSA_PSS,
+ *                  see #PSA_ALG_RSA_PSS for a description of PSS options used.
+ *
+ * \note            For RSA, md_alg may be MBEDTLS_MD_NONE if hash_len != 0.
+ *                  For ECDSA, md_alg may never be MBEDTLS_MD_NONE.
+ *
+ */
+int mbedtls_pk_sign_ext( mbedtls_pk_type_t pk_type,
+                         mbedtls_pk_context *ctx,
+                         mbedtls_md_type_t md_alg,
+                         const unsigned char *hash, size_t hash_len,
+                         unsigned char *sig, size_t sig_size, size_t *sig_len,
+                         int (*f_rng)(void *, unsigned char *, size_t),
+                         void *p_rng );
+#endif /* MBEDTLS_PSA_CRYPTO_C */
+
 /**
 * \brief           Restartable version of \c mbedtls_pk_sign()
 *
--- a/include/mbedtls/psa_util.h
+++ b/include/mbedtls/psa_util.h
@ -29,7 +29,7 @@

 #include "mbedtls/build_info.h"

-#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
+#if defined(MBEDTLS_PSA_CRYPTO_C)

 #include "psa/crypto.h"

@ -277,13 +277,11 @@ static inline psa_key_type_t mbedtls_psa_parse_tls_ecc_group(
 }
 #endif /* MBEDTLS_ECP_C */

-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
 /* Expose whatever RNG the PSA subsystem uses to applications using the
 * mbedtls_xxx API. The declarations and definitions here need to be
 * consistent with the implementation in library/psa_crypto_random_impl.h.
 * See that file for implementation documentation. */
-#if defined(MBEDTLS_PSA_CRYPTO_C)
+

 /* The type of a `f_rng` random generator function that many library functions
 * take.
@ -363,6 +361,6 @@ extern mbedtls_psa_drbg_context_t *const mbedtls_psa_random_state;

 #endif /* !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) */

-#endif /* defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) */
+#endif /* MBEDTLS_PSA_CRYPTO_C */

 #endif /* MBEDTLS_PSA_UTIL_H */