From 79ae7eb4d1bd58f9d871cf665722a57e47f384e3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 5 Dec 2022 12:55:51 +0100 Subject: [PATCH] Use deterministic ECDSA in PSA when we do in legacy MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This fixes the two failing cases in test_suite_pk when ECP_RESTARTABLE and USE_PSA_CRYPTO are both enabled. The two failing cases where ECDSA restartable sign/verify: ECDSA, max_ops=0 (disabled) ECDSA restartable sign/verify: ECKEY, max_ops=0 (disabled) associated with test function pk_sign_verify_restart(). The failure was caused by the interaction of several things that are each reasonable on their own: 1. The test function relies on ECDSA restartable, which is reasonable as it allows making sure that the generated signature is correct with a simple memcmp(). 2. The implementation of pk_sign_restartable() has a shortcut to dispatch to the sign function (as opposed to sign_restartable) when restart is disabled (max_ops == 0). 3. When USE_PSA is enabled, the sign function dispatches to PSA, which so far always used ECDSA (non-deterministic) even when the non-PSA version would use deterministic ECDSA. This could be fixed by changing any of those. I chose (3) because I think it makes sense that when PK dispatches to PSA instead of legacy this should not change which version of ECDSA is selected. OTOH, I think it makes sense to keep (2), because that means more opportunities to dispatch to PSA. Signed-off-by: Manuel Pégourié-Gonnard --- library/pk_wrap.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 5de8fa65f7..00abffb2df 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -1162,8 +1162,13 @@ static int ecdsa_sign_wrap( void *ctx_arg, mbedtls_md_type_t md_alg, size_t key_len; unsigned char buf[MBEDTLS_PK_ECP_PRV_DER_MAX_BYTES]; unsigned char *p; +#if defined(MBEDTLS_ECDSA_DETERMINISTIC) + psa_algorithm_t psa_sig_md = + PSA_ALG_DETERMINISTIC_ECDSA( mbedtls_hash_info_psa_from_md( md_alg ) ); +#else psa_algorithm_t psa_sig_md = PSA_ALG_ECDSA( mbedtls_hash_info_psa_from_md( md_alg ) ); +#endif size_t curve_bits; psa_ecc_family_t curve = mbedtls_ecc_group_to_psa( ctx->grp.id, &curve_bits );