psa: Rework ECDSA sign/verify support in the transparent test driver
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
diff --git a/library/psa_crypto_ecp.c b/library/psa_crypto_ecp.c
index bd40f2e..15e5d02 100644
--- a/library/psa_crypto_ecp.c
+++ b/library/psa_crypto_ecp.c
@@ -51,11 +51,25 @@
#define BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY 1
#endif
+#if ( defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
+ ( defined(PSA_CRYPTO_DRIVER_TEST) && \
+ defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) && \
+ defined(MBEDTLS_ECDSA_C) ) )
+#define BUILTIN_ALG_ECDSA 1
+#endif
+
+#if ( defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) || \
+ ( defined(PSA_CRYPTO_DRIVER_TEST) && \
+ defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) && \
+ defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) ) )
+#define BUILTIN_ALG_DETERMINISTIC_ECDSA 1
+#endif
+
#if defined(BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \
defined(BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) || \
- defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
- defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) || \
- defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
+ defined(BUILTIN_ALG_ECDSA) || \
+ defined(BUILTIN_ALG_DETERMINISTIC_ECDSA) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH)
psa_status_t mbedtls_psa_ecp_load_representation(
psa_key_type_t type, size_t curve_bits,
const uint8_t *data, size_t data_length,
@@ -168,9 +182,9 @@
}
#endif /* defined(BUILTIN_KEY_TYPE_ECC_KEY_PAIR) ||
* defined(BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) ||
- * defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) ||
- * defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) ||
- * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */
+ * defined(BUILTIN_ALG_ECDSA) ||
+ * defined(BUILTIN_ALG_DETERMINISTIC_ECDSA) ||
+ * defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) */
#if defined(BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \
defined(BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)
@@ -342,9 +356,9 @@
/* ECDSA sign/verify */
/****************************************************************/
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
- defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
-psa_status_t mbedtls_psa_ecdsa_sign_hash(
+#if defined(BUILTIN_ALG_ECDSA) || \
+ defined(BUILTIN_ALG_DETERMINISTIC_ECDSA)
+static psa_status_t ecdsa_sign_hash(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
@@ -374,7 +388,7 @@
goto cleanup;
}
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
+#if defined(BUILTIN_ALG_DETERMINISTIC_ECDSA)
if( PSA_ALG_DSA_IS_DETERMINISTIC( alg ) )
{
psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg );
@@ -388,7 +402,7 @@
MBEDTLS_PSA_RANDOM_STATE ) );
}
else
-#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */
+#endif /* defined(BUILTIN_ALG_DETERMINISTIC_ECDSA) */
{
(void) alg;
MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign( &ecp->grp, &r, &s, &ecp->d,
@@ -415,7 +429,7 @@
return( mbedtls_to_psa_error( ret ) );
}
-psa_status_t mbedtls_psa_ecdsa_verify_hash(
+static psa_status_t ecdsa_verify_hash(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
@@ -474,8 +488,8 @@
return( mbedtls_to_psa_error( ret ) );
}
-#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
- * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */
+#endif /* defined(BUILTIN_ALG_ECDSA) || \
+ * defined(BUILTIN_ALG_DETERMINISTIC_ECDSA) */
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)
@@ -513,6 +527,38 @@
}
#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) */
+
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
+
+psa_status_t mbedtls_psa_ecdsa_sign_hash(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer, size_t key_buffer_size,
+ psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
+ uint8_t *signature, size_t signature_size, size_t *signature_length )
+{
+
+ return( ecdsa_sign_hash( attributes,
+ key_buffer, key_buffer_size,
+ alg, hash, hash_length,
+ signature, signature_size, signature_length ) );
+}
+
+psa_status_t mbedtls_psa_ecdsa_verify_hash(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer, size_t key_buffer_size,
+ psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
+ const uint8_t *signature, size_t signature_length )
+{
+ return( ecdsa_verify_hash( attributes,
+ key_buffer, key_buffer_size,
+ alg, hash, hash_length,
+ signature, signature_length ) );
+}
+
+#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) ||
+ * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */
+
/*
* BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY.
*/
@@ -557,6 +603,62 @@
#endif /* defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) &&
defined(MBEDTLS_GENPRIME) */
+#if defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || \
+ defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA)
+
+psa_status_t mbedtls_transparent_test_driver_ecdsa_sign_hash(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer, size_t key_buffer_size,
+ psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
+ uint8_t *signature, size_t signature_size, size_t *signature_length )
+{
+
+#if defined(MBEDTLS_ECDSA_C)
+ return( ecdsa_sign_hash( attributes,
+ key_buffer, key_buffer_size,
+ alg, hash, hash_length,
+ signature, signature_size, signature_length ) );
+#else
+ (void)attributes;
+ (void)key_buffer;
+ (void)key_buffer_size;
+ (void)alg;
+ (void)hash;
+ (void)hash_length;
+ (void)signature;
+ (void)signature_size;
+ (void)signature_length;
+ return( PSA_ERROR_NOT_SUPPORTED );
+#endif
+}
+
+psa_status_t mbedtls_transparent_test_driver_ecdsa_verify_hash(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer, size_t key_buffer_size,
+ psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
+ const uint8_t *signature, size_t signature_length )
+{
+#if defined(MBEDTLS_ECDSA_C)
+ return( ecdsa_verify_hash( attributes,
+ key_buffer, key_buffer_size,
+ alg, hash, hash_length,
+ signature, signature_length ) );
+#else
+ (void)attributes;
+ (void)key_buffer;
+ (void)key_buffer_size;
+ (void)alg;
+ (void)hash;
+ (void)hash_length;
+ (void)signature;
+ (void)signature_length;
+ return( PSA_ERROR_NOT_SUPPORTED );
+#endif
+}
+
+#endif /* defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) ||
+ * defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) */
+
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* MBEDTLS_PSA_CRYPTO_C */
diff --git a/library/psa_crypto_ecp.h b/library/psa_crypto_ecp.h
index 72453e6..0c2b928 100644
--- a/library/psa_crypto_ecp.h
+++ b/library/psa_crypto_ecp.h
@@ -239,6 +239,18 @@
const psa_key_attributes_t *attributes,
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length );
+psa_status_t mbedtls_transparent_test_driver_ecdsa_sign_hash(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer, size_t key_buffer_size,
+ psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
+ uint8_t *signature, size_t signature_size, size_t *signature_length );
+
+psa_status_t mbedtls_transparent_test_driver_ecdsa_verify_hash(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer, size_t key_buffer_size,
+ psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
+ const uint8_t *signature, size_t signature_length );
+
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ECP_H */
diff --git a/tests/src/drivers/signature.c b/tests/src/drivers/signature.c
index 78b7ff9..47c6deb 100644
--- a/tests/src/drivers/signature.c
+++ b/tests/src/drivers/signature.c
@@ -28,6 +28,7 @@
#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST)
#include "psa/crypto.h"
#include "psa_crypto_core.h"
+#include "psa_crypto_ecp.h"
#include "psa_crypto_rsa.h"
#include "mbedtls/ecp.h"
@@ -45,7 +46,7 @@
psa_status_t test_transparent_signature_sign_hash(
const psa_key_attributes_t *attributes,
- const uint8_t *key, size_t key_length,
+ const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *hash, size_t hash_length,
uint8_t *signature, size_t signature_size, size_t *signature_length )
@@ -65,8 +66,6 @@
return( PSA_SUCCESS );
}
- psa_status_t status = PSA_ERROR_NOT_SUPPORTED;
-
#if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || \
defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS)
if( attributes->core.type == PSA_KEY_TYPE_RSA_KEY_PAIR )
@@ -77,86 +76,48 @@
alg, hash, hash_length,
signature, signature_size, signature_length ) );
}
+ else
#endif /* defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) ||
* defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) */
-#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \
- defined(MBEDTLS_SHA256_C)
- if( alg != PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ) )
+#if defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || \
+ defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA)
+ if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) )
+ {
+ if(
+#if defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA)
+ PSA_ALG_IS_ECDSA( alg )
+#else
+ PSA_ALG_IS_RANDOMIZED_ECDSA( alg )
+#endif
+ )
+ {
+ return( mbedtls_transparent_test_driver_ecdsa_sign_hash(
+ attributes,
+ key_buffer, key_buffer_size,
+ alg, hash, hash_length,
+ signature, signature_size, signature_length ) );
+ }
+ else
+ {
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
+ }
+ else
+#endif /* defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) ||
+ * defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) */
+ {
+ (void)attributes;
+ (void)key_buffer;
+ (void)key_buffer_size;
+ (void)alg;
+ (void)hash;
+ (void)hash_length;
+ (void)signature;
+ (void)signature_size;
+ (void)signature_length;
return( PSA_ERROR_NOT_SUPPORTED );
- mbedtls_ecp_group_id grp_id;
- switch( psa_get_key_type( attributes ) )
- {
- case PSA_ECC_CURVE_SECP_R1:
- switch( psa_get_key_bits( attributes ) )
- {
- case 256:
- grp_id = MBEDTLS_ECP_DP_SECP256R1;
- break;
- case 384:
- grp_id = MBEDTLS_ECP_DP_SECP384R1;
- break;
- case 521:
- grp_id = MBEDTLS_ECP_DP_SECP521R1;
- break;
- default:
- return( PSA_ERROR_NOT_SUPPORTED );
- }
- break;
- default:
- return( PSA_ERROR_NOT_SUPPORTED );
}
-
- /* Beyond this point, the driver is actually doing the work of
- * calculating the signature. */
-
- status = PSA_ERROR_GENERIC_ERROR;
- int ret = 0;
- mbedtls_mpi r, s;
- mbedtls_mpi_init( &r );
- mbedtls_mpi_init( &s );
- mbedtls_ecp_keypair ecp;
- mbedtls_ecp_keypair_init( &ecp );
- size_t curve_bytes = PSA_BITS_TO_BYTES( ecp.grp.pbits );
-
- MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &ecp.grp, grp_id ) );
- MBEDTLS_MPI_CHK( mbedtls_ecp_point_read_binary( &ecp.grp, &ecp.Q,
- key, key_length ) );
-
- /* Code adapted from psa_ecdsa_sign() in psa_crypto.c. */
- mbedtls_md_type_t md_alg = MBEDTLS_MD_SHA256;
- if( signature_size < 2 * curve_bytes )
- {
- status = PSA_ERROR_BUFFER_TOO_SMALL;
- goto cleanup;
- }
- MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign_det( &ecp.grp, &r, &s, &ecp.d,
- hash, hash_length, md_alg ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &r,
- signature,
- curve_bytes ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &s,
- signature + curve_bytes,
- curve_bytes ) );
-cleanup:
- status = mbedtls_to_psa_error( ret );
- mbedtls_mpi_free( &r );
- mbedtls_mpi_free( &s );
- mbedtls_ecp_keypair_free( &ecp );
- if( status == PSA_SUCCESS )
- *signature_length = 2 * curve_bytes;
-#else /* defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \
- defined(MBEDTLS_SHA256_C) */
- (void) attributes;
- (void) key;
- (void) key_length;
- (void) alg;
- (void) hash;
- (void) hash_length;
-#endif /* defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \
- defined(MBEDTLS_SHA256_C) */
-
- return( status );
}
psa_status_t test_opaque_signature_sign_hash(
@@ -175,12 +136,13 @@
(void) signature;
(void) signature_size;
(void) signature_length;
+
return( PSA_ERROR_NOT_SUPPORTED );
}
psa_status_t test_transparent_signature_verify_hash(
const psa_key_attributes_t *attributes,
- const uint8_t *key, size_t key_length,
+ const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *hash, size_t hash_length,
const uint8_t *signature, size_t signature_length )
@@ -190,8 +152,6 @@
if( test_driver_signature_verify_hooks.forced_status != PSA_SUCCESS )
return( test_driver_signature_verify_hooks.forced_status );
- psa_status_t status = PSA_ERROR_NOT_SUPPORTED;
-
#if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || \
defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS)
if( PSA_KEY_TYPE_IS_RSA( attributes->core.type ) )
@@ -202,99 +162,42 @@
alg, hash, hash_length,
signature, signature_length ) );
}
+ else
#endif /* defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) ||
* defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) */
-#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \
- defined(MBEDTLS_SHA256_C)
- if( alg != PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ) )
- return( PSA_ERROR_NOT_SUPPORTED );
- mbedtls_ecp_group_id grp_id;
- switch( psa_get_key_type( attributes ) )
+#if defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || \
+ defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA)
+ if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) )
{
- case PSA_ECC_CURVE_SECP_R1:
- switch( psa_get_key_bits( attributes ) )
- {
- case 256:
- grp_id = MBEDTLS_ECP_DP_SECP256R1;
- break;
- case 384:
- grp_id = MBEDTLS_ECP_DP_SECP384R1;
- break;
- case 521:
- grp_id = MBEDTLS_ECP_DP_SECP521R1;
- break;
- default:
- return( PSA_ERROR_NOT_SUPPORTED );
- }
- break;
- default:
- return( PSA_ERROR_NOT_SUPPORTED );
+ if( PSA_ALG_IS_ECDSA( alg ) )
+ {
+ return( mbedtls_transparent_test_driver_ecdsa_verify_hash(
+ attributes,
+ key_buffer, key_buffer_size,
+ alg, hash, hash_length,
+ signature, signature_length ) );
+ }
+ else
+ {
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
}
-
- /* Beyond this point, the driver is actually doing the work of
- * calculating the signature. */
-
- status = PSA_ERROR_GENERIC_ERROR;
- int ret = 0;
- mbedtls_mpi r, s;
- mbedtls_mpi_init( &r );
- mbedtls_mpi_init( &s );
- mbedtls_ecp_keypair ecp;
- mbedtls_ecp_keypair_init( &ecp );
- mbedtls_test_rnd_pseudo_info rnd_info;
- memset( &rnd_info, 0x5A, sizeof( mbedtls_test_rnd_pseudo_info ) );
- size_t curve_bytes = PSA_BITS_TO_BYTES( ecp.grp.pbits );
-
- MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &ecp.grp, grp_id ) );
-
- /* Code adapted from psa_ecdsa_verify() in psa_crypto.c. */
- if( signature_length < 2 * curve_bytes )
- {
- status = PSA_ERROR_BUFFER_TOO_SMALL;
- goto cleanup;
- }
-
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &r,
- signature,
- curve_bytes ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &s,
- signature + curve_bytes,
- curve_bytes ) );
-
- if( PSA_KEY_TYPE_IS_PUBLIC_KEY( psa_get_key_type( attributes ) ) )
- MBEDTLS_MPI_CHK( mbedtls_ecp_point_read_binary( &ecp.grp, &ecp.Q,
- key, key_length ) );
else
+#endif /* defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) ||
+ * defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) */
{
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ecp.d, key, key_length ) );
- MBEDTLS_MPI_CHK(
- mbedtls_ecp_mul( &ecp.grp, &ecp.Q, &ecp.d, &ecp.grp.G,
- &mbedtls_test_rnd_pseudo_rand,
- &rnd_info ) );
+ (void)attributes;
+ (void)key_buffer;
+ (void)key_buffer_size;
+ (void)alg;
+ (void)hash;
+ (void)hash_length;
+ (void)signature;
+ (void)signature_length;
+
+ return( PSA_ERROR_NOT_SUPPORTED );
}
-
- MBEDTLS_MPI_CHK( mbedtls_ecdsa_verify( &ecp.grp, hash, hash_length,
- &ecp.Q, &r, &s ) );
-cleanup:
- status = mbedtls_to_psa_error( ret );
- mbedtls_mpi_free( &r );
- mbedtls_mpi_free( &s );
- mbedtls_ecp_keypair_free( &ecp );
-#else /* defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \
- defined(MBEDTLS_SHA256_C) */
- (void) attributes;
- (void) key;
- (void) key_length;
- (void) alg;
- (void) hash;
- (void) hash_length;
- (void) signature;
- (void) signature_length;
-#endif /* defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \
- defined(MBEDTLS_SHA256_C) */
-
- return( status );
}
psa_status_t test_opaque_signature_verify_hash(