mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-16 17:43:14 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #5571 from superna9999/5162-pk-rsa-signing

Browse Source 
PK: RSA signing
This commit is contained in:
Gilles Peskine 2022-03-07 17:09:14 +01:00 committed by GitHub
commit 44311f5c98
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 76 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

70
library/pk_wrap.c
View File

@ -191,6 +191,75 @@ static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
return( 0 );
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)
static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
unsigned char *sig, size_t sig_size, size_t *sig_len,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
psa_status_t status;
mbedtls_pk_context key;
int key_len;
unsigned char buf[MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES];
mbedtls_pk_info_t pk_info = mbedtls_rsa_info;
psa_algorithm_t psa_alg_md =
PSA_ALG_RSA_PKCS1V15_SIGN( mbedtls_psa_translate_md( md_alg ) );
((void) f_rng);
((void) p_rng);
#if SIZE_MAX > UINT_MAX
if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len )
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
#endif /* SIZE_MAX > UINT_MAX */
*sig_len = mbedtls_rsa_get_len( rsa );
if( sig_size < *sig_len )
return( MBEDTLS_ERR_PK_BUFFER_TOO_SMALL );
/* mbedtls_pk_write_key_der() expects a full PK context;
* re-construct one to make it happy */
key.pk_info = &pk_info;
key.pk_ctx = ctx;
key_len = mbedtls_pk_write_key_der( &key, buf, sizeof( buf ) );
if( key_len <= 0 )
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH );
psa_set_key_algorithm( &attributes, psa_alg_md );
psa_set_key_type( &attributes, PSA_KEY_TYPE_RSA_KEY_PAIR );
status = psa_import_key( &attributes,
buf + sizeof( buf ) - key_len, key_len,
&key_id );
if( status != PSA_SUCCESS )
{
ret = mbedtls_pk_error_from_psa( status );
goto cleanup;
}
status = psa_sign_hash( key_id, psa_alg_md, hash, hash_len,
sig, sig_size, sig_len );
if( status != PSA_SUCCESS )
{
ret = mbedtls_pk_error_from_psa_rsa( status );
goto cleanup;
}
ret = 0;
cleanup:
status = psa_destroy_key( key_id );
if( ret == 0 && status != PSA_SUCCESS )
ret = mbedtls_pk_error_from_psa( status );
return( ret );
}
#else
static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
unsigned char *sig, size_t sig_size, size_t *sig_len,
@ -211,6 +280,7 @@ static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
md_alg, (unsigned int) hash_len,
hash, sig ) );
}
#endif
static int rsa_decrypt_wrap( void *ctx,
const unsigned char *input, size_t ilen,

6
tests/suites/test_suite_x509write.function
View File

@ -93,6 +93,8 @@ void x509_csr_check( char * key_file, char * cert_req_check_file, int md_type,
memset( &rnd_info, 0x2a, sizeof( mbedtls_test_rnd_pseudo_info ) );
USE_PSA_INIT( );
mbedtls_pk_init( &key );
TEST_ASSERT( mbedtls_pk_parse_keyfile( &key, key_file, NULL,
mbedtls_test_rnd_std_rand, NULL ) == 0 );
@ -140,6 +142,7 @@ void x509_csr_check( char * key_file, char * cert_req_check_file, int md_type,
exit:
mbedtls_x509write_csr_free( &req );
mbedtls_pk_free( &key );
USE_PSA_DONE( );
}
/* END_CASE */
@ -220,6 +223,8 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd,
memset( &rnd_info, 0x2a, sizeof( mbedtls_test_rnd_pseudo_info ) );
mbedtls_mpi_init( &serial );
USE_PSA_INIT( );
mbedtls_pk_init( &subject_key );
mbedtls_pk_init( &issuer_key );
mbedtls_pk_init( &issuer_key_alt );
@ -316,6 +321,7 @@ exit:
mbedtls_pk_free( &subject_key );
mbedtls_pk_free( &issuer_key );
mbedtls_mpi_free( &serial );
USE_PSA_DONE( );
}
/* END_CASE */