diff --git a/library/pk.c b/library/pk.c index b6dd99d953..369472a0a1 100644 --- a/library/pk.c +++ b/library/pk.c @@ -518,6 +518,7 @@ int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, f_rng, p_rng, NULL ) ); } +#if defined(MBEDTLS_PSA_CRYPTO_C) /* * Make a signature with options */ @@ -529,12 +530,9 @@ int mbedtls_pk_sign_ext( mbedtls_pk_type_t type, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { - PK_VALIDATE_RET( ctx != NULL ); - PK_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hash_len == 0 ) || - hash != NULL ); - PK_VALIDATE_RET( sig != NULL ); *sig_len = 0; + if( ctx->pk_info == NULL ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); @@ -543,43 +541,22 @@ int mbedtls_pk_sign_ext( mbedtls_pk_type_t type, if( type != MBEDTLS_PK_RSASSA_PSS ) { - return( mbedtls_pk_sign_restartable( ctx, md_alg, hash, hash_len, - sig, sig_size, sig_len, - f_rng, p_rng, NULL ) ); + return( mbedtls_pk_sign( ctx, md_alg, hash, hash_len, + sig, sig_size, sig_len, f_rng, p_rng ) ); } -#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PKCS1_V21) - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; +#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && defined(MBEDTLS_USE_PSA_CRYPTO) -#if SIZE_MAX > UINT_MAX - if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len ) - return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); -#endif /* SIZE_MAX > UINT_MAX */ - - if( sig_size < mbedtls_pk_get_len( ctx ) ) - return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); - - if( mbedtls_rsa_set_padding( mbedtls_pk_rsa( *ctx ), - MBEDTLS_RSA_PKCS_V21, - md_alg ) != 0 ) - { - return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); - } - - *sig_len = mbedtls_pk_get_len( ctx ); - ret = mbedtls_rsa_rsassa_pss_sign_ext( mbedtls_pk_rsa( *ctx ), - f_rng, p_rng, - md_alg, - (unsigned int) hash_len, - hash,MBEDTLS_RSA_SALT_LEN_ANY, - sig - ); - return( ret ); -#else + return( mbedtls_pk_psa_sign_ext( PSA_ALG_RSA_PSS_ANY_SALT( + mbedtls_psa_translate_md( md_alg ) ), + ctx->pk_ctx, hash, hash_len, + sig, sig_size, sig_len ) ); +#else /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); -#endif /* MBEDTLS_RSA_C && MBEDTLS_PKCS1_V21 */ +#endif /* !MBEDTLS_X509_RSASSA_PSS_SUPPORT */ } +#endif /* MBEDTLS_PSA_CRYPTO_C */ /* * Decrypt message diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 92e9bf4bc4..b910242441 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -192,12 +192,12 @@ static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, } #if defined(MBEDTLS_USE_PSA_CRYPTO) -static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hash_len, - unsigned char *sig, size_t sig_size, size_t *sig_len, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) +int mbedtls_pk_psa_sign_ext( psa_algorithm_t psa_alg_md, void *pk_ctx, + const unsigned char *hash, size_t hash_len, + unsigned char *sig, size_t sig_size, + size_t *sig_len ) { - mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx; + mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) pk_ctx; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; @@ -206,16 +206,6 @@ static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, int key_len; unsigned char buf[MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES]; mbedtls_pk_info_t pk_info = mbedtls_rsa_info; - psa_algorithm_t psa_alg_md = - PSA_ALG_RSA_PKCS1V15_SIGN( mbedtls_psa_translate_md( md_alg ) ); - - ((void) f_rng); - ((void) p_rng); - -#if SIZE_MAX > UINT_MAX - if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len ) - return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); -#endif /* SIZE_MAX > UINT_MAX */ *sig_len = mbedtls_rsa_get_len( rsa ); if( sig_size < *sig_len ) @@ -224,11 +214,10 @@ static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, /* mbedtls_pk_write_key_der() expects a full PK context; * re-construct one to make it happy */ key.pk_info = &pk_info; - key.pk_ctx = ctx; + key.pk_ctx = pk_ctx; key_len = mbedtls_pk_write_key_der( &key, buf, sizeof( buf ) ); if( key_len <= 0 ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); - psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH ); psa_set_key_algorithm( &attributes, psa_alg_md ); psa_set_key_type( &attributes, PSA_KEY_TYPE_RSA_KEY_PAIR ); @@ -241,7 +230,6 @@ static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, ret = mbedtls_pk_error_from_psa( status ); goto cleanup; } - status = psa_sign_hash( key_id, psa_alg_md, hash, hash_len, sig, sig_size, sig_len ); if( status != PSA_SUCCESS ) @@ -256,9 +244,31 @@ cleanup: status = psa_destroy_key( key_id ); if( ret == 0 && status != PSA_SUCCESS ) ret = mbedtls_pk_error_from_psa( status ); - return( ret ); } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + +#if defined(MBEDTLS_USE_PSA_CRYPTO) +static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + unsigned char *sig, size_t sig_size, size_t *sig_len, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) +{ + + ((void) f_rng); + ((void) p_rng); + ((void) md_alg); + +#if SIZE_MAX > UINT_MAX + if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len ) + return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); +#endif /* SIZE_MAX > UINT_MAX */ + + return( mbedtls_pk_psa_sign_ext( PSA_ALG_RSA_PKCS1V15_SIGN( + mbedtls_psa_translate_md( md_alg ) ), + ctx, hash, hash_len, + sig, sig_size, sig_len ) ); +} #else static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hash_len, diff --git a/library/pk_wrap.h b/library/pk_wrap.h index ca0d8d837e..eead322cbe 100644 --- a/library/pk_wrap.h +++ b/library/pk_wrap.h @@ -145,6 +145,15 @@ int mbedtls_pk_error_from_psa_ecdca( psa_status_t status ); #if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) int mbedtls_pk_error_from_psa_rsa( psa_status_t status ); #endif -#endif + +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + +#if defined(MBEDTLS_USE_PSA_CRYPTO) +int mbedtls_pk_psa_sign_ext( psa_algorithm_t psa_alg_md, void *ctx, + const unsigned char *hash, size_t hash_len, + unsigned char *sig, size_t sig_size, + size_t *sig_len ); + +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_PK_WRAP_H */