From 919130c03547d358bf047ac89574a109b61415dd Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 23 Feb 2022 10:40:19 +0800 Subject: [PATCH 01/41] Add rsa_pss_rsae_sha256 support Signed-off-by: Jerry Yu --- library/ssl_tls13_generic.c | 50 +++++++++++++++++++++++++++++++++---- tests/ssl-opt.sh | 10 +++----- 2 files changed, 49 insertions(+), 11 deletions(-) diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 24a3d9dc34..8b0f668e9c 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -980,9 +980,9 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, unsigned char verify_buffer[ SSL_VERIFY_STRUCT_MAX_SIZE ]; size_t verify_buffer_len; unsigned char signature_type; -#if defined(MBEDTLS_ECDSA_C) +#if defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) size_t own_key_size; -#endif /* MBEDTLS_ECDSA_C */ +#endif /* MBEDTLS_ECDSA_C || MBEDTLS_X509_RSASSA_PSS_SUPPORT */ mbedtls_md_type_t md_alg; uint16_t algorithm = MBEDTLS_TLS1_3_SIG_NONE; size_t signature_len = 0; @@ -1022,10 +1022,10 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, * } CertificateVerify; */ signature_type = mbedtls_ssl_sig_from_pk( own_key ); -#if defined(MBEDTLS_ECDSA_C) +#if defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) /* Determine the size of the key */ own_key_size = mbedtls_pk_get_bitlen( own_key ); -#endif /* MBEDTLS_ECDSA_C */ +#endif /* MBEDTLS_ECDSA_C || MBEDTLS_X509_RSASSA_PSS_SUPPORT */ switch( signature_type ) { #if defined(MBEDTLS_ECDSA_C) @@ -1054,10 +1054,50 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, break; #endif /* MBEDTLS_ECDSA_C */ +#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) + case MBEDTLS_SSL_SIG_RSA: + if( own_key_size <= 2048 && + mbedtls_ssl_sig_alg_is_received( ssl, + MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256 ) ) + { + md_alg = MBEDTLS_MD_SHA256; + algorithm = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256; + } + else if( own_key_size <= 3072 && + mbedtls_ssl_sig_alg_is_received( ssl, + MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384 ) ) + { + md_alg = MBEDTLS_MD_SHA384; + algorithm = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384; + } + else if( own_key_size <= 4096 && + mbedtls_ssl_sig_alg_is_received( ssl, + MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512 ) ) + { + md_alg = MBEDTLS_MD_SHA512; + algorithm = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512; + } + else + { + MBEDTLS_SSL_DEBUG_MSG( 3, ( "unknown key size: %" + MBEDTLS_PRINTF_SIZET " bits", + own_key_size ) ); + break; + } + + if( mbedtls_rsa_set_padding( mbedtls_pk_rsa( *own_key ), + MBEDTLS_RSA_PKCS_V21, + md_alg ) != 0 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "Set RSA padding Fail" ) ); + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + } + break; +#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ default: MBEDTLS_SSL_DEBUG_MSG( 1, ( "unkown pk type : %d", signature_type ) ); - break; + return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); } if( algorithm == MBEDTLS_TLS1_3_SIG_NONE || diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index d5334cece3..44a754650d 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -10037,12 +10037,11 @@ run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha256 - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/cert_sha256.crt \ key_file=data_files/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256" \ - 1 \ + 0 \ -c "got a certificate request" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "unkown pk type" \ - -c "signature algorithm not in received or offered list." + -c "Protocol is TLSv1.3" requires_gnutls_tls1_3 requires_gnutls_next_no_ticket @@ -10055,12 +10054,11 @@ run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha256 - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ "$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/server2-sha256.crt \ key_file=data_files/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256" \ - 1 \ + 0 \ -c "got a certificate request" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ - -c "unkown pk type" \ - -c "signature algorithm not in received or offered list." + -c "Protocol is TLSv1.3" requires_openssl_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 From bfcfe74b4e7ce9ed83dd9a9627b4b453501c3875 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 22 Feb 2022 16:41:39 +0800 Subject: [PATCH 02/41] add signature algorithm debug helper Signed-off-by: Jerry Yu --- library/ssl_debug_helpers.h | 2 +- scripts/generate_ssl_debug_helpers.py | 64 ++++++++++++++++++++++++++- 2 files changed, 63 insertions(+), 3 deletions(-) diff --git a/library/ssl_debug_helpers.h b/library/ssl_debug_helpers.h index 2ffc5f41fc..29b64dc4ea 100644 --- a/library/ssl_debug_helpers.h +++ b/library/ssl_debug_helpers.h @@ -39,7 +39,7 @@ const char *mbedtls_tls_prf_types_str( mbedtls_tls_prf_types in ); const char *mbedtls_ssl_key_export_type_str( mbedtls_ssl_key_export_type in ); - +const char *mbedtls_ssl_sig_alg_to_str( uint16_t in ); #endif /* MBEDTLS_DEBUG_C */ diff --git a/scripts/generate_ssl_debug_helpers.py b/scripts/generate_ssl_debug_helpers.py index 98e1c48c8c..6c9d670f75 100755 --- a/scripts/generate_ssl_debug_helpers.py +++ b/scripts/generate_ssl_debug_helpers.py @@ -88,7 +88,8 @@ def preprocess_c_source_code(source, *classes): if has_instance is False: has_instance = True yield pair_start, start_line - yield instance.span()[0], instance + if instance: + yield instance.span()[0], instance if has_instance: yield start, end_line @@ -234,6 +235,63 @@ class EnumDefinition: prototype=self._prototype) return body +class SignatureAlgorithmDefinition: + """ + Generate helper functions for signature algorithms. + + It generates translation function from signature algorithm define to string. + Signature algorithm definition looks like: + #define MBEDTLS_TLS1_3_SIG_[ upper case signature algorithm ] [ value(hex) ] + + Known limitation: + - the definitions SHOULD exist in same macro blocks. + """ + + @classmethod + def extract(cls, source_code, start=0, end=-1): + sig_alg_pattern = re.compile(r'#define\s+(?PMBEDTLS_TLS1_3_SIG_\w+)\s+' + + r'(?P0[xX][0-9a-fA-F]+)$', + re.MULTILINE | re.DOTALL) + matches = list(sig_alg_pattern.finditer(source_code, start, end)) + if matches: + yield SignatureAlgorithmDefinition(source_code, definitions=matches) + + def __init__(self, source_code, definitions=None): + if definitions is None: + definitions = [] + assert isinstance(definitions, list) and definitions + self._definitions = definitions + self._source = source_code + + def __repr__(self): + return 'SigAlgs({})'.format(self._definitions[0].span()) + + def span(self): + return self._definitions[0].span() + def __str__(self): + """ + Generate function for translating value to string + """ + translation_table = [] + for m in self._definitions: + name = m.groupdict()['name'] + translation_table.append( + '\tcase {}:\n\t return "{}";'.format(name, + name[len('MBEDTLS_TLS1_3_SIG_'):].lower()) + ) + + body = textwrap.dedent('''\ + const char *mbedtls_ssl_sig_alg_to_str( uint16_t in ) + {{ + switch( in ) + {{ + {translation_table} + }}; + + return "UNKOWN"; + }}''') + body = body.format(translation_table='\n'.join(translation_table)) + return body OUTPUT_C_TEMPLATE = '''\ /* Automatically generated by generate_ssl_debug_helpers.py. DO NOT EDIT. */ @@ -283,7 +341,9 @@ def generate_ssl_debug_helpers(output_directory, mbedtls_root): source_code = remove_c_comments(f.read()) definitions = dict() - for start, instance in preprocess_c_source_code(source_code, EnumDefinition): + for start, instance in preprocess_c_source_code(source_code, + EnumDefinition, + SignatureAlgorithmDefinition): if start in definitions: continue if isinstance(instance, EnumDefinition): From 3a58b462b6c64435c233a13c766ca6169c09eb65 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 22 Feb 2022 16:42:29 +0800 Subject: [PATCH 03/41] add pss_rsae_sha{384,512} Signed-off-by: Jerry Yu --- library/ssl_misc.h | 4 +++ library/ssl_tls13_generic.c | 23 ++++++++++++- programs/ssl/ssl_client2.c | 10 ++++++ tests/ssl-opt.sh | 66 +++++++++++++++++++++++++++++++++++++ 4 files changed, 102 insertions(+), 1 deletion(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index a02b712ceb..cb9b6aaa79 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2058,6 +2058,10 @@ static inline int mbedtls_ssl_sig_alg_is_supported( defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256: break; + case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384: + break; + case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512: + break; #endif /* MBEDTLS_SHA256_C && MBEDTLS_X509_RSASSA_PSS_SUPPORT */ diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 8b0f668e9c..913280e0e5 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -350,11 +350,26 @@ static int ssl_tls13_parse_certificate_verify( mbedtls_ssl_context *ssl, sig_alg = MBEDTLS_PK_ECDSA; break; #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) +#if defined(MBEDTLS_SHA256_C) case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256: - MBEDTLS_SSL_DEBUG_MSG( 4, ( "Certificate Verify: using RSA PSS" ) ); md_alg = MBEDTLS_MD_SHA256; sig_alg = MBEDTLS_PK_RSASSA_PSS; break; +#endif /* MBEDTLS_SHA256_C */ + +#if defined(MBEDTLS_SHA384_C) + case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384: + md_alg = MBEDTLS_MD_SHA384; + sig_alg = MBEDTLS_PK_RSASSA_PSS; + break; +#endif /* MBEDTLS_SHA384_C */ + +#if defined(MBEDTLS_SHA512_C) + case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512: + md_alg = MBEDTLS_MD_SHA256; + sig_alg = MBEDTLS_PK_RSASSA_PSS; + break; +#endif /* MBEDTLS_SHA512_C */ #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ default: MBEDTLS_SSL_DEBUG_MSG( 1, ( "Certificate Verify: Unknown signature algorithm." ) ); @@ -1062,6 +1077,8 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, { md_alg = MBEDTLS_MD_SHA256; algorithm = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256; + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "signature algorthm is rsa_pss_rsae_sha256" ) ); } else if( own_key_size <= 3072 && mbedtls_ssl_sig_alg_is_received( ssl, @@ -1069,6 +1086,8 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, { md_alg = MBEDTLS_MD_SHA384; algorithm = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384; + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "signature algorthm is rsa_pss_rsae_sha384" ) ); } else if( own_key_size <= 4096 && mbedtls_ssl_sig_alg_is_received( ssl, @@ -1076,6 +1095,8 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, { md_alg = MBEDTLS_MD_SHA512; algorithm = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512; + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "signature algorthm is rsa_pss_rsae_sha512" ) ); } else { diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index f83af070b8..d8a3a4e540 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -1542,6 +1542,14 @@ int main( int argc, char *argv[] ) { sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256; } + else if( strcmp( q, "rsa_pss_rsae_sha384" ) == 0 ) + { + sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384; + } + else if( strcmp( q, "rsa_pss_rsae_sha512" ) == 0 ) + { + sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512; + } else if( strcmp( q, "rsa_pkcs1_sha256" ) == 0 ) { sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256; @@ -1554,6 +1562,8 @@ int main( int argc, char *argv[] ) mbedtls_printf( "ecdsa_secp384r1_sha384 " ); mbedtls_printf( "ecdsa_secp521r1_sha512 " ); mbedtls_printf( "rsa_pss_rsae_sha256 " ); + mbedtls_printf( "rsa_pss_rsae_sha384 " ); + mbedtls_printf( "rsa_pss_rsae_sha512 " ); mbedtls_printf( "rsa_pkcs1_sha256 " ); mbedtls_printf( "\n" ); goto exit; diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 44a754650d..aff2411e6e 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -10060,6 +10060,72 @@ run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha256 - gnutls" \ -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ -c "Protocol is TLSv1.3" +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha384 - openssl" \ + "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ + "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/cert_sha256.crt \ + key_file=data_files/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha384" \ + 0 \ + -c "got a certificate request" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ + -c "Protocol is TLSv1.3" + +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha384 - gnutls" \ + "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ + "$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/server2-sha256.crt \ + key_file=data_files/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha384" \ + 0 \ + -c "got a certificate request" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ + -c "Protocol is TLSv1.3" + +requires_openssl_tls1_3 +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha512 - openssl" \ + "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ + "$P_CLI debug_level=4 force_version=tls13 crt_file=data_files/cert_sha256.crt \ + key_file=data_files/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha512" \ + 0 \ + -c "got a certificate request" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ + -c "Protocol is TLSv1.3" + +requires_gnutls_tls1_3 +requires_gnutls_next_no_ticket +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha512 - gnutls" \ + "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ + "$P_CLI debug_level=3 force_version=tls13 crt_file=data_files/server2-sha256.crt \ + key_file=data_files/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha512" \ + 0 \ + -c "got a certificate request" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ + -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ + -c "Protocol is TLSv1.3" + requires_openssl_tls1_3 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_DEBUG_C From d69439aa61dacd39979a9d3f263422eedbe3fb81 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 24 Feb 2022 15:52:15 +0800 Subject: [PATCH 04/41] add mbedtls_pk_sign_ext Signed-off-by: Jerry Yu --- include/mbedtls/pk.h | 39 ++++++++++++++++++++++++ library/pk.c | 70 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 109 insertions(+) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index 9ad7a1df6d..b5ca6ea5d9 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -535,6 +535,45 @@ int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, unsigned char *sig, size_t sig_size, size_t *sig_len, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); +/** + * \brief Make signature with options, including padding if relevant. + * + * \param type Signature type (inc. possible padding type) to verify + * \param options Pointer to type-specific options, or NULL + * \param ctx The PK context to use. It must have been set up + * with a private key. + * \param md_alg Hash algorithm used (see notes) + * \param hash Hash of the message to sign + * \param hash_len Hash length + * \param sig Place to write the signature. + * It must have enough room for the signature. + * #MBEDTLS_PK_SIGNATURE_MAX_SIZE is always enough. + * You may use a smaller buffer if it is large enough + * given the key type. + * \param sig_size The size of the \p sig buffer in bytes. + * \param sig_len On successful return, + * the number of bytes written to \p sig. + * \param f_rng RNG function, must not be \c NULL. + * \param p_rng RNG parameter + * + * \return 0 on success, or a specific error code. + * + * \note For RSA keys, the default padding type is PKCS#1 v1.5. + * There is no interface in the PK module to make RSASSA-PSS + * signatures yet. + * + * \note For RSA, md_alg may be MBEDTLS_MD_NONE if hash_len != 0. + * For ECDSA, md_alg may never be MBEDTLS_MD_NONE. + * + * \note For RSA, md_alg may be MBEDTLS_MD_NONE if hash_len != 0. + * For ECDSA, md_alg may never be MBEDTLS_MD_NONE. + */ +int mbedtls_pk_sign_ext( mbedtls_pk_type_t type, const void *options, + mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + unsigned char *sig, size_t sig_size, size_t *sig_len, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); + /** * \brief Restartable version of \c mbedtls_pk_sign() * diff --git a/library/pk.c b/library/pk.c index 79eccaada7..cb25354018 100644 --- a/library/pk.c +++ b/library/pk.c @@ -518,6 +518,76 @@ int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, f_rng, p_rng, NULL ) ); } +/* + * Make a signature with options + */ +int mbedtls_pk_sign_ext( mbedtls_pk_type_t type, const void *options, + mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + unsigned char *sig, size_t sig_size, size_t *sig_len, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) +{ + PK_VALIDATE_RET( ctx != NULL ); + PK_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hash_len == 0 ) || + hash != NULL ); + PK_VALIDATE_RET( sig != NULL ); + + *sig_len = 0; + if( ctx->pk_info == NULL ) + return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + + if( ! mbedtls_pk_can_do( ctx, type ) ) + return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); + + if( type != MBEDTLS_PK_RSASSA_PSS ) + { + /* General case: no options */ + if( options != NULL ) + return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + + return( mbedtls_pk_sign_restartable( ctx, md_alg, hash, hash_len, + sig, sig_size, sig_len, + f_rng, p_rng, NULL ) ); + } + +#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PKCS1_V21) + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + const mbedtls_pk_rsassa_pss_options *pss_opts; + +#if SIZE_MAX > UINT_MAX + if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len ) + return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); +#endif /* SIZE_MAX > UINT_MAX */ + + if( options == NULL ) + return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + + pss_opts = (const mbedtls_pk_rsassa_pss_options *) options; + if( sig_size < mbedtls_pk_get_len( ctx ) ) + return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); + + if( mbedtls_rsa_set_padding( mbedtls_pk_rsa( *ctx ), + MBEDTLS_RSA_PKCS_V21, + md_alg ) != 0 ) + { + return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + } + + *sig_len = mbedtls_pk_get_len( ctx ); + ret = mbedtls_rsa_rsassa_pss_sign_ext( mbedtls_pk_rsa( *ctx ), + f_rng, p_rng, + md_alg, + (unsigned int) hash_len, + hash,pss_opts->expected_salt_len, + sig + ); + return( ret ); +#else + return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); +#endif /* MBEDTLS_RSA_C && MBEDTLS_PKCS1_V21 */ + +} + /* * Decrypt message */ From 67eced01320c407bb4bc6e067d35f07d6f9583e5 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 25 Feb 2022 13:37:36 +0800 Subject: [PATCH 05/41] replace pk_sign with pk_sign_ext Signed-off-by: Jerry Yu --- library/ssl_tls13_generic.c | 211 ++++++++++++++++++++---------------- 1 file changed, 117 insertions(+), 94 deletions(-) diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 913280e0e5..7dd8fb4de8 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -32,6 +32,7 @@ #include "ssl_misc.h" #include "ssl_tls13_keys.h" +#include "ssl_debug_helpers.h" int mbedtls_ssl_tls13_fetch_handshake_msg( mbedtls_ssl_context *ssl, unsigned hs_type, @@ -981,6 +982,70 @@ cleanup: /* * STATE HANDLING: Output Certificate Verify */ +static uint16_t ssl_tls13_get_sig_alg_from_pk( mbedtls_ssl_context *ssl, + mbedtls_pk_context *own_key ) +{ + mbedtls_pk_type_t sig = mbedtls_ssl_sig_from_pk( own_key ); + /* Determine the size of the key */ + size_t own_key_size = mbedtls_pk_get_bitlen( own_key ); + uint16_t algorithm = MBEDTLS_TLS1_3_SIG_NONE; + ((void) own_key_size); + + switch( sig ) + { +#if defined(MBEDTLS_ECDSA_C) + case MBEDTLS_SSL_SIG_ECDSA: + switch( own_key_size ) + { + case 256: + algorithm = MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256; + break; + case 384: + algorithm = MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384; + break; + case 521: + algorithm = MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512; + break; + default: + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "unknown key size: %" + MBEDTLS_PRINTF_SIZET " bits", + own_key_size ) ); + break; + } + break; +#endif /* MBEDTLS_ECDSA_C */ + +#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) + case MBEDTLS_SSL_SIG_RSA: + if( own_key_size <= 2048 && + mbedtls_ssl_sig_alg_is_received( ssl, + MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256 ) ) + { + algorithm = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256; + } + else if( own_key_size <= 3072 && + mbedtls_ssl_sig_alg_is_received( ssl, + MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384 ) ) + { + algorithm = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384; + } + else if( own_key_size <= 4096 && + mbedtls_ssl_sig_alg_is_received( ssl, + MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512 ) ) + { + algorithm = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512; + } + break; +#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ + default: + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "unkown signature type : %u", sig ) ); + break; + } + return( algorithm ); +} + static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, unsigned char *buf, unsigned char *end, @@ -994,12 +1059,11 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, size_t handshake_hash_len; unsigned char verify_buffer[ SSL_VERIFY_STRUCT_MAX_SIZE ]; size_t verify_buffer_len; - unsigned char signature_type; -#if defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) - size_t own_key_size; -#endif /* MBEDTLS_ECDSA_C || MBEDTLS_X509_RSASSA_PSS_SUPPORT */ - mbedtls_md_type_t md_alg; + mbedtls_pk_type_t pk_type = MBEDTLS_PK_NONE; + const void *options = NULL; + mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE; uint16_t algorithm = MBEDTLS_TLS1_3_SIG_NONE; + mbedtls_pk_rsassa_pss_options pss_opts; size_t signature_len = 0; const mbedtls_md_info_t *md_info; unsigned char verify_hash[ MBEDTLS_MD_MAX_SIZE ]; @@ -1036,101 +1100,60 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, * opaque signature<0..2^16-1>; * } CertificateVerify; */ - signature_type = mbedtls_ssl_sig_from_pk( own_key ); -#if defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) - /* Determine the size of the key */ - own_key_size = mbedtls_pk_get_bitlen( own_key ); -#endif /* MBEDTLS_ECDSA_C || MBEDTLS_X509_RSASSA_PSS_SUPPORT */ - switch( signature_type ) - { -#if defined(MBEDTLS_ECDSA_C) - case MBEDTLS_SSL_SIG_ECDSA: - switch( own_key_size ) - { - case 256: - md_alg = MBEDTLS_MD_SHA256; - algorithm = MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256; - break; - case 384: - md_alg = MBEDTLS_MD_SHA384; - algorithm = MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384; - break; - case 521: - md_alg = MBEDTLS_MD_SHA512; - algorithm = MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512; - break; - default: - MBEDTLS_SSL_DEBUG_MSG( 3, - ( "unknown key size: %" - MBEDTLS_PRINTF_SIZET " bits", - own_key_size ) ); - break; - } - break; -#endif /* MBEDTLS_ECDSA_C */ - -#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) - case MBEDTLS_SSL_SIG_RSA: - if( own_key_size <= 2048 && - mbedtls_ssl_sig_alg_is_received( ssl, - MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256 ) ) - { - md_alg = MBEDTLS_MD_SHA256; - algorithm = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256; - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "signature algorthm is rsa_pss_rsae_sha256" ) ); - } - else if( own_key_size <= 3072 && - mbedtls_ssl_sig_alg_is_received( ssl, - MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384 ) ) - { - md_alg = MBEDTLS_MD_SHA384; - algorithm = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384; - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "signature algorthm is rsa_pss_rsae_sha384" ) ); - } - else if( own_key_size <= 4096 && - mbedtls_ssl_sig_alg_is_received( ssl, - MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512 ) ) - { - md_alg = MBEDTLS_MD_SHA512; - algorithm = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512; - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "signature algorthm is rsa_pss_rsae_sha512" ) ); - } - else - { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "unknown key size: %" - MBEDTLS_PRINTF_SIZET " bits", - own_key_size ) ); - break; - } - - if( mbedtls_rsa_set_padding( mbedtls_pk_rsa( *own_key ), - MBEDTLS_RSA_PKCS_V21, - md_alg ) != 0 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Set RSA padding Fail" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - } - break; -#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ - default: - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "unkown pk type : %d", signature_type ) ); - return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); - } - + algorithm = ssl_tls13_get_sig_alg_from_pk( ssl, own_key ); if( algorithm == MBEDTLS_TLS1_3_SIG_NONE || ! mbedtls_ssl_sig_alg_is_received( ssl, algorithm ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "signature algorithm not in received or offered list." ) ); + + MBEDTLS_SSL_DEBUG_MSG( 1, ( "Signature algorithm is %s", + mbedtls_ssl_sig_alg_to_str( algorithm ) ) ); + MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE, MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); } + switch( algorithm ) + { +#if defined(MBEDTLS_ECDSA_C) + case MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256: + md_alg = MBEDTLS_MD_SHA256; + pk_type = MBEDTLS_PK_ECDSA; + break; + case MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384: + md_alg = MBEDTLS_MD_SHA384; + pk_type = MBEDTLS_PK_ECDSA; + break; + case MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512: + md_alg = MBEDTLS_MD_SHA512; + pk_type = MBEDTLS_PK_ECDSA; + break; +#endif /* MBEDTLS_ECDSA_C */ +#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) + case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256: + md_alg = MBEDTLS_MD_SHA256; + pss_opts.expected_salt_len = MBEDTLS_RSA_SALT_LEN_ANY; + options = &pss_opts; + pk_type = MBEDTLS_PK_RSASSA_PSS; + break; + case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384: + md_alg = MBEDTLS_MD_SHA384; + pss_opts.expected_salt_len = MBEDTLS_RSA_SALT_LEN_ANY; + options = &pss_opts; + pk_type = MBEDTLS_PK_RSASSA_PSS; + break; + case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512: + md_alg = MBEDTLS_MD_SHA512; + pss_opts.expected_salt_len = MBEDTLS_RSA_SALT_LEN_ANY; + options = &pss_opts; + pk_type = MBEDTLS_PK_RSASSA_PSS; + break; +#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ + default: + break; + } /* Check there is space for the algorithm identifier (2 bytes) and the * signature length (2 bytes). */ @@ -1150,10 +1173,10 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, verify_hash_len = mbedtls_md_get_size( md_info ); MBEDTLS_SSL_DEBUG_BUF( 3, "verify hash", verify_hash, verify_hash_len ); - if( ( ret = mbedtls_pk_sign( own_key, md_alg, - verify_hash, verify_hash_len, - p + 2, (size_t)( end - ( p + 2 ) ), &signature_len, - ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) + if( ( ret = mbedtls_pk_sign_ext( pk_type, options, + own_key, md_alg, verify_hash, verify_hash_len, + p + 2, (size_t)( end - ( p + 2 ) ), &signature_len, + ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_sign", ret ); return( ret ); From 8beb9e173df7fccd1d008a7b02d69764536c35d9 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Sat, 12 Mar 2022 16:23:53 +0800 Subject: [PATCH 06/41] Change prototype of pk_sign_ext Signed-off-by: Jerry Yu --- ChangeLog.d/mbedtls_pk_sign_ext.txt | 3 +++ include/mbedtls/pk.h | 23 ++++++++++++----------- library/pk.c | 23 ++++++++--------------- library/ssl_tls13_generic.c | 12 ++---------- 4 files changed, 25 insertions(+), 36 deletions(-) create mode 100644 ChangeLog.d/mbedtls_pk_sign_ext.txt diff --git a/ChangeLog.d/mbedtls_pk_sign_ext.txt b/ChangeLog.d/mbedtls_pk_sign_ext.txt new file mode 100644 index 0000000000..8dfa2e501b --- /dev/null +++ b/ChangeLog.d/mbedtls_pk_sign_ext.txt @@ -0,0 +1,3 @@ +Features + * Add mbedtls_pk_sign_ext() which allows generating RSA-PSS signatures when + PSA Crypto is enabled. diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index b5ca6ea5d9..2ef3b91be2 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -536,10 +536,9 @@ int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); /** - * \brief Make signature with options, including padding if relevant. + * \brief Make signature with input pk type. not the type of \p ctx . * - * \param type Signature type (inc. possible padding type) to verify - * \param options Pointer to type-specific options, or NULL + * \param pk_type Signature type. * \param ctx The PK context to use. It must have been set up * with a private key. * \param md_alg Hash algorithm used (see notes) @@ -558,9 +557,9 @@ int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, * * \return 0 on success, or a specific error code. * - * \note For RSA keys, the default padding type is PKCS#1 v1.5. - * There is no interface in the PK module to make RSASSA-PSS - * signatures yet. + * \note For RSA keys, the padding type depends on the value of the + * \p pk_type parameter: MBEDTLS_PK_RSA for PKCS#1 v1.5, and + * MBEDTLS_PK_RSASSA_PSS for PKCS#1 v2.1 with any salt. * * \note For RSA, md_alg may be MBEDTLS_MD_NONE if hash_len != 0. * For ECDSA, md_alg may never be MBEDTLS_MD_NONE. @@ -568,11 +567,13 @@ int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, * \note For RSA, md_alg may be MBEDTLS_MD_NONE if hash_len != 0. * For ECDSA, md_alg may never be MBEDTLS_MD_NONE. */ -int mbedtls_pk_sign_ext( mbedtls_pk_type_t type, const void *options, - mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hash_len, - unsigned char *sig, size_t sig_size, size_t *sig_len, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); +int mbedtls_pk_sign_ext( mbedtls_pk_type_t type, + mbedtls_pk_context *ctx, + mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + unsigned char *sig, size_t sig_size, size_t *sig_len, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng ); /** * \brief Restartable version of \c mbedtls_pk_sign() diff --git a/library/pk.c b/library/pk.c index cb25354018..b6dd99d953 100644 --- a/library/pk.c +++ b/library/pk.c @@ -521,11 +521,13 @@ int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, /* * Make a signature with options */ -int mbedtls_pk_sign_ext( mbedtls_pk_type_t type, const void *options, - mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hash_len, - unsigned char *sig, size_t sig_size, size_t *sig_len, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) +int mbedtls_pk_sign_ext( mbedtls_pk_type_t type, + mbedtls_pk_context *ctx, + mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + unsigned char *sig, size_t sig_size, size_t *sig_len, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng ) { PK_VALIDATE_RET( ctx != NULL ); PK_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hash_len == 0 ) || @@ -541,10 +543,6 @@ int mbedtls_pk_sign_ext( mbedtls_pk_type_t type, const void *options, if( type != MBEDTLS_PK_RSASSA_PSS ) { - /* General case: no options */ - if( options != NULL ) - return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); - return( mbedtls_pk_sign_restartable( ctx, md_alg, hash, hash_len, sig, sig_size, sig_len, f_rng, p_rng, NULL ) ); @@ -552,17 +550,12 @@ int mbedtls_pk_sign_ext( mbedtls_pk_type_t type, const void *options, #if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PKCS1_V21) int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - const mbedtls_pk_rsassa_pss_options *pss_opts; #if SIZE_MAX > UINT_MAX if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); #endif /* SIZE_MAX > UINT_MAX */ - if( options == NULL ) - return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); - - pss_opts = (const mbedtls_pk_rsassa_pss_options *) options; if( sig_size < mbedtls_pk_get_len( ctx ) ) return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); @@ -578,7 +571,7 @@ int mbedtls_pk_sign_ext( mbedtls_pk_type_t type, const void *options, f_rng, p_rng, md_alg, (unsigned int) hash_len, - hash,pss_opts->expected_salt_len, + hash,MBEDTLS_RSA_SALT_LEN_ANY, sig ); return( ret ); diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 7dd8fb4de8..a8c3570722 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -1060,10 +1060,8 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, unsigned char verify_buffer[ SSL_VERIFY_STRUCT_MAX_SIZE ]; size_t verify_buffer_len; mbedtls_pk_type_t pk_type = MBEDTLS_PK_NONE; - const void *options = NULL; mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE; uint16_t algorithm = MBEDTLS_TLS1_3_SIG_NONE; - mbedtls_pk_rsassa_pss_options pss_opts; size_t signature_len = 0; const mbedtls_md_info_t *md_info; unsigned char verify_hash[ MBEDTLS_MD_MAX_SIZE ]; @@ -1134,20 +1132,14 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256: md_alg = MBEDTLS_MD_SHA256; - pss_opts.expected_salt_len = MBEDTLS_RSA_SALT_LEN_ANY; - options = &pss_opts; pk_type = MBEDTLS_PK_RSASSA_PSS; break; case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384: md_alg = MBEDTLS_MD_SHA384; - pss_opts.expected_salt_len = MBEDTLS_RSA_SALT_LEN_ANY; - options = &pss_opts; pk_type = MBEDTLS_PK_RSASSA_PSS; break; case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512: md_alg = MBEDTLS_MD_SHA512; - pss_opts.expected_salt_len = MBEDTLS_RSA_SALT_LEN_ANY; - options = &pss_opts; pk_type = MBEDTLS_PK_RSASSA_PSS; break; #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ @@ -1173,8 +1165,8 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, verify_hash_len = mbedtls_md_get_size( md_info ); MBEDTLS_SSL_DEBUG_BUF( 3, "verify hash", verify_hash, verify_hash_len ); - if( ( ret = mbedtls_pk_sign_ext( pk_type, options, - own_key, md_alg, verify_hash, verify_hash_len, + if( ( ret = mbedtls_pk_sign_ext( pk_type, own_key, + md_alg, verify_hash, verify_hash_len, p + 2, (size_t)( end - ( p + 2 ) ), &signature_len, ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) { From 79c004148dcd1b193de53117e1497f5c86166b98 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 1 Mar 2022 17:03:56 +0800 Subject: [PATCH 07/41] Add PSA && TLS1_3 check_config Signed-off-by: Jerry Yu --- include/mbedtls/check_config.h | 3 +- programs/ssl/ssl_test_lib.h | 2 +- tests/configs/tls13-only.h | 1 + tests/scripts/all.sh | 61 ++++++++++++++-------------------- 4 files changed, 29 insertions(+), 38 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 06ba6b7d44..378fcef702 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -649,7 +649,8 @@ #if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \ ( ( !defined(MBEDTLS_HKDF_C) ) || \ ( !defined(MBEDTLS_SHA256_C) && !defined(MBEDTLS_SHA384_C) ) || \ - ( !defined(MBEDTLS_PSA_CRYPTO_C) ) ) + ( !defined(MBEDTLS_PSA_CRYPTO_C) ) || \ + ( !defined(MBEDTLS_USE_PSA_CRYPTO) ) ) #error "MBEDTLS_SSL_PROTO_TLS1_3 defined, but not all prerequisites" #endif diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h index b3c4cfa0f8..a359b3fe2c 100644 --- a/programs/ssl/ssl_test_lib.h +++ b/programs/ssl/ssl_test_lib.h @@ -133,7 +133,7 @@ void my_debug( void *ctx, int level, mbedtls_time_t dummy_constant_time( mbedtls_time_t* time ); #endif -#if defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG) /* If MBEDTLS_TEST_USE_PSA_CRYPTO_RNG is defined, the SSL test programs will use * mbedtls_psa_get_random() rather than entropy+DRBG as a random generator. * diff --git a/tests/configs/tls13-only.h b/tests/configs/tls13-only.h index 0a22c544b7..27e8ffd40d 100644 --- a/tests/configs/tls13-only.h +++ b/tests/configs/tls13-only.h @@ -24,6 +24,7 @@ #define MBEDTLS_SSL_PROTO_TLS1_3 #define MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +#define MBEDTLS_USE_PSA_CRYPTO #undef MBEDTLS_SSL_ENCRYPT_THEN_MAC #undef MBEDTLS_SSL_EXTENDED_MASTER_SECRET diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 69b1fc83e2..6d8737da39 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1058,7 +1058,6 @@ component_test_no_ctr_drbg_classic () { msg "build: Full minus CTR_DRBG, classic crypto in TLS" scripts/config.py full scripts/config.py unset MBEDTLS_CTR_DRBG_C - scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . make @@ -1103,7 +1102,6 @@ component_test_no_hmac_drbg_classic () { scripts/config.py full scripts/config.py unset MBEDTLS_HMAC_DRBG_C scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG - scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . make @@ -1155,7 +1153,7 @@ component_test_no_hmac_drbg_use_psa () { component_test_psa_external_rng_no_drbg_classic () { msg "build: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, classic crypto in TLS" scripts/config.py full - scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO + scripts/config.py set MBEDTLS_USE_PSA_CRYPTO scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG scripts/config.py unset MBEDTLS_ENTROPY_C scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED @@ -1802,7 +1800,7 @@ component_test_psa_crypto_config_no_driver() { scripts/config.py full scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py unset MBEDTLS_PSA_CRYPTO_DRIVERS - scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO + scripts/config.py set MBEDTLS_USE_PSA_CRYPTO make CC=gcc CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS" msg "test: full + MBEDTLS_PSA_CRYPTO_CONFIG minus MBEDTLS_PSA_CRYPTO_DRIVERS" @@ -1832,7 +1830,7 @@ component_build_psa_accel_alg_ecdsa() { scripts/config.py full scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS - scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO + scripts/config.py set MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_ECDSA_C scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED @@ -1848,7 +1846,7 @@ component_build_psa_accel_alg_ecdh() { scripts/config.py full scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS - scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO + scripts/config.py set MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_ECDH_C scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED @@ -1866,7 +1864,7 @@ component_build_psa_accel_key_type_ecc_key_pair() { scripts/config.py full scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS - scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO + scripts/config.py set MBEDTLS_USE_PSA_CRYPTO scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_ECC_KEY_PAIR 1 scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1 # Need to define the correct symbol and include the test driver header path in order to build with the test driver @@ -1880,7 +1878,7 @@ component_build_psa_accel_key_type_ecc_public_key() { scripts/config.py full scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS - scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO + scripts/config.py set MBEDTLS_USE_PSA_CRYPTO scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR # Need to define the correct symbol and include the test driver header path in order to build with the test driver @@ -1894,7 +1892,7 @@ component_build_psa_accel_alg_hmac() { scripts/config.py full scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS - scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO + scripts/config.py set MBEDTLS_USE_PSA_CRYPTO # Need to define the correct symbol and include the test driver header path in order to build with the test driver make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HMAC -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" } @@ -1907,7 +1905,7 @@ component_build_psa_accel_alg_hkdf() { scripts/config.py full scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS - scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO + scripts/config.py set MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_HKDF_C # Make sure to unset TLS1_3 since it requires HKDF_C and will not build properly without it. scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 @@ -1922,7 +1920,7 @@ component_build_psa_accel_alg_md5() { scripts/config.py full scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS - scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO + scripts/config.py set MBEDTLS_USE_PSA_CRYPTO scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224 @@ -1940,7 +1938,7 @@ component_build_psa_accel_alg_ripemd160() { scripts/config.py full scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS - scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO + scripts/config.py set MBEDTLS_USE_PSA_CRYPTO scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224 @@ -1958,7 +1956,7 @@ component_build_psa_accel_alg_sha1() { scripts/config.py full scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS - scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO + scripts/config.py set MBEDTLS_USE_PSA_CRYPTO scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224 @@ -1976,7 +1974,7 @@ component_build_psa_accel_alg_sha224() { scripts/config.py full scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS - scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO + scripts/config.py set MBEDTLS_USE_PSA_CRYPTO scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1 @@ -1993,7 +1991,7 @@ component_build_psa_accel_alg_sha256() { scripts/config.py full scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS - scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO + scripts/config.py set MBEDTLS_USE_PSA_CRYPTO scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1 @@ -2011,7 +2009,7 @@ component_build_psa_accel_alg_sha384() { scripts/config.py full scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS - scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO + scripts/config.py set MBEDTLS_USE_PSA_CRYPTO scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1 @@ -2028,7 +2026,7 @@ component_build_psa_accel_alg_sha512() { scripts/config.py full scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS - scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO + scripts/config.py set MBEDTLS_USE_PSA_CRYPTO scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1 @@ -2046,7 +2044,7 @@ component_build_psa_accel_alg_rsa_pkcs1v15_crypt() { scripts/config.py full scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS - scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO + scripts/config.py set MBEDTLS_USE_PSA_CRYPTO scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_OAEP @@ -2062,7 +2060,7 @@ component_build_psa_accel_alg_rsa_pkcs1v15_sign() { scripts/config.py full scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS - scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO + scripts/config.py set MBEDTLS_USE_PSA_CRYPTO scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_OAEP @@ -2078,7 +2076,7 @@ component_build_psa_accel_alg_rsa_oaep() { scripts/config.py full scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS - scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO + scripts/config.py set MBEDTLS_USE_PSA_CRYPTO scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_OAEP 1 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN @@ -2094,7 +2092,7 @@ component_build_psa_accel_alg_rsa_pss() { scripts/config.py full scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS - scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO + scripts/config.py set MBEDTLS_USE_PSA_CRYPTO scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_PSS 1 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN @@ -2110,7 +2108,7 @@ component_build_psa_accel_key_type_rsa_key_pair() { scripts/config.py full scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS - scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO + scripts/config.py set MBEDTLS_USE_PSA_CRYPTO scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_PSS 1 scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_RSA_KEY_PAIR 1 # Need to define the correct symbol and include the test driver header path in order to build with the test driver @@ -2124,7 +2122,7 @@ component_build_psa_accel_key_type_rsa_public_key() { scripts/config.py full scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS - scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO + scripts/config.py set MBEDTLS_USE_PSA_CRYPTO scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_PSS 1 scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1 # Need to define the correct symbol and include the test driver header path in order to build with the test driver @@ -2781,6 +2779,7 @@ component_test_tls13 () { scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3 scripts/config.py set MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE scripts/config.py set MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 1 + scripts/config.py set MBEDTLS_USE_PSA_CRYPTO CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . make msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, without padding" @@ -2794,6 +2793,7 @@ component_test_tls13_no_compatibility_mode () { scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3 scripts/config.py unset MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE scripts/config.py set MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 1 + scripts/config.py set MBEDTLS_USE_PSA_CRYPTO CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . make msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, without padding" @@ -2807,6 +2807,7 @@ component_test_tls13_with_padding () { scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3 scripts/config.py set MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE scripts/config.py set MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 16 + scripts/config.py set MBEDTLS_USE_PSA_CRYPTO CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . make msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, with padding" @@ -2815,24 +2816,12 @@ component_test_tls13_with_padding () { tests/ssl-opt.sh } -component_test_tls13_with_ecp_restartable () { - msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, with ecp_restartable" - scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3 - scripts/config.py set MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE - scripts/config.py set MBEDTLS_ECP_RESTARTABLE - CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . - make - msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, with ecp_restartable" - make test - msg "ssl-opt.sh (TLS 1.3 with ecp_restartable)" - tests/ssl-opt.sh -} - component_test_tls13_with_everest () { msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, with Everest" scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3 scripts/config.py set MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED + scripts/config.py set MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_ECP_RESTARTABLE CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . make From 1d172a3483bae356e6f8b2707cc324a0902d24ce Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Sat, 12 Mar 2022 19:12:05 +0800 Subject: [PATCH 08/41] Add pk_psa_sign_ext Signed-off-by: Jerry Yu --- library/pk.c | 47 ++++++++++++---------------------------------- library/pk_wrap.c | 48 ++++++++++++++++++++++++++++------------------- library/pk_wrap.h | 11 ++++++++++- 3 files changed, 51 insertions(+), 55 deletions(-) diff --git a/library/pk.c b/library/pk.c index b6dd99d953..369472a0a1 100644 --- a/library/pk.c +++ b/library/pk.c @@ -518,6 +518,7 @@ int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, f_rng, p_rng, NULL ) ); } +#if defined(MBEDTLS_PSA_CRYPTO_C) /* * Make a signature with options */ @@ -529,12 +530,9 @@ int mbedtls_pk_sign_ext( mbedtls_pk_type_t type, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { - PK_VALIDATE_RET( ctx != NULL ); - PK_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hash_len == 0 ) || - hash != NULL ); - PK_VALIDATE_RET( sig != NULL ); *sig_len = 0; + if( ctx->pk_info == NULL ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); @@ -543,43 +541,22 @@ int mbedtls_pk_sign_ext( mbedtls_pk_type_t type, if( type != MBEDTLS_PK_RSASSA_PSS ) { - return( mbedtls_pk_sign_restartable( ctx, md_alg, hash, hash_len, - sig, sig_size, sig_len, - f_rng, p_rng, NULL ) ); + return( mbedtls_pk_sign( ctx, md_alg, hash, hash_len, + sig, sig_size, sig_len, f_rng, p_rng ) ); } -#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PKCS1_V21) - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; +#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && defined(MBEDTLS_USE_PSA_CRYPTO) -#if SIZE_MAX > UINT_MAX - if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len ) - return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); -#endif /* SIZE_MAX > UINT_MAX */ - - if( sig_size < mbedtls_pk_get_len( ctx ) ) - return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); - - if( mbedtls_rsa_set_padding( mbedtls_pk_rsa( *ctx ), - MBEDTLS_RSA_PKCS_V21, - md_alg ) != 0 ) - { - return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); - } - - *sig_len = mbedtls_pk_get_len( ctx ); - ret = mbedtls_rsa_rsassa_pss_sign_ext( mbedtls_pk_rsa( *ctx ), - f_rng, p_rng, - md_alg, - (unsigned int) hash_len, - hash,MBEDTLS_RSA_SALT_LEN_ANY, - sig - ); - return( ret ); -#else + return( mbedtls_pk_psa_sign_ext( PSA_ALG_RSA_PSS_ANY_SALT( + mbedtls_psa_translate_md( md_alg ) ), + ctx->pk_ctx, hash, hash_len, + sig, sig_size, sig_len ) ); +#else /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); -#endif /* MBEDTLS_RSA_C && MBEDTLS_PKCS1_V21 */ +#endif /* !MBEDTLS_X509_RSASSA_PSS_SUPPORT */ } +#endif /* MBEDTLS_PSA_CRYPTO_C */ /* * Decrypt message diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 92e9bf4bc4..b910242441 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -192,12 +192,12 @@ static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, } #if defined(MBEDTLS_USE_PSA_CRYPTO) -static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hash_len, - unsigned char *sig, size_t sig_size, size_t *sig_len, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) +int mbedtls_pk_psa_sign_ext( psa_algorithm_t psa_alg_md, void *pk_ctx, + const unsigned char *hash, size_t hash_len, + unsigned char *sig, size_t sig_size, + size_t *sig_len ) { - mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx; + mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) pk_ctx; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; @@ -206,16 +206,6 @@ static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, int key_len; unsigned char buf[MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES]; mbedtls_pk_info_t pk_info = mbedtls_rsa_info; - psa_algorithm_t psa_alg_md = - PSA_ALG_RSA_PKCS1V15_SIGN( mbedtls_psa_translate_md( md_alg ) ); - - ((void) f_rng); - ((void) p_rng); - -#if SIZE_MAX > UINT_MAX - if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len ) - return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); -#endif /* SIZE_MAX > UINT_MAX */ *sig_len = mbedtls_rsa_get_len( rsa ); if( sig_size < *sig_len ) @@ -224,11 +214,10 @@ static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, /* mbedtls_pk_write_key_der() expects a full PK context; * re-construct one to make it happy */ key.pk_info = &pk_info; - key.pk_ctx = ctx; + key.pk_ctx = pk_ctx; key_len = mbedtls_pk_write_key_der( &key, buf, sizeof( buf ) ); if( key_len <= 0 ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); - psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH ); psa_set_key_algorithm( &attributes, psa_alg_md ); psa_set_key_type( &attributes, PSA_KEY_TYPE_RSA_KEY_PAIR ); @@ -241,7 +230,6 @@ static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, ret = mbedtls_pk_error_from_psa( status ); goto cleanup; } - status = psa_sign_hash( key_id, psa_alg_md, hash, hash_len, sig, sig_size, sig_len ); if( status != PSA_SUCCESS ) @@ -256,9 +244,31 @@ cleanup: status = psa_destroy_key( key_id ); if( ret == 0 && status != PSA_SUCCESS ) ret = mbedtls_pk_error_from_psa( status ); - return( ret ); } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + +#if defined(MBEDTLS_USE_PSA_CRYPTO) +static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + unsigned char *sig, size_t sig_size, size_t *sig_len, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) +{ + + ((void) f_rng); + ((void) p_rng); + ((void) md_alg); + +#if SIZE_MAX > UINT_MAX + if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len ) + return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); +#endif /* SIZE_MAX > UINT_MAX */ + + return( mbedtls_pk_psa_sign_ext( PSA_ALG_RSA_PKCS1V15_SIGN( + mbedtls_psa_translate_md( md_alg ) ), + ctx, hash, hash_len, + sig, sig_size, sig_len ) ); +} #else static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hash_len, diff --git a/library/pk_wrap.h b/library/pk_wrap.h index ca0d8d837e..eead322cbe 100644 --- a/library/pk_wrap.h +++ b/library/pk_wrap.h @@ -145,6 +145,15 @@ int mbedtls_pk_error_from_psa_ecdca( psa_status_t status ); #if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) int mbedtls_pk_error_from_psa_rsa( psa_status_t status ); #endif -#endif + +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + +#if defined(MBEDTLS_USE_PSA_CRYPTO) +int mbedtls_pk_psa_sign_ext( psa_algorithm_t psa_alg_md, void *ctx, + const unsigned char *hash, size_t hash_len, + unsigned char *sig, size_t sig_size, + size_t *sig_len ); + +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_PK_WRAP_H */ From 1f45b674743d0d46ada3b59c1a5e2046357816de Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Sat, 12 Mar 2022 19:24:50 +0800 Subject: [PATCH 09/41] Add unit tests Signed-off-by: Jerry Yu --- tests/suites/test_suite_pk.data | 5 +++++ tests/suites/test_suite_pk.function | 30 +++++++++++++++++++++++++++++ 2 files changed, 35 insertions(+) diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data index 7d4fbcd8e7..b9a8d5d3b0 100644 --- a/tests/suites/test_suite_pk.data +++ b/tests/suites/test_suite_pk.data @@ -340,3 +340,8 @@ pk_psa_sign:MBEDTLS_ECP_DP_BP384R1:PSA_ECC_FAMILY_BRAINPOOL_P_R1:384 PSA wrapped sign: BP512R1 depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED pk_psa_sign:MBEDTLS_ECP_DP_BP512R1:PSA_ECC_FAMILY_BRAINPOOL_P_R1:512 + +PK test valid mebdtls_pk_sign_ext +depends_on:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C +pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA512 + diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index ed3d602313..e89ae74a14 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -1087,3 +1087,33 @@ exit: USE_PSA_DONE( ); } /* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_USE_PSA_CRYPTO */ +void pk_psa_sign_ext( int pk_type, int parameter, int key_pk_type, int md_alg ) +{ + mbedtls_pk_context pk; + size_t sig_len; + unsigned char sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE]; + unsigned char hash[MBEDTLS_MD_MAX_SIZE]; + size_t hash_len = sizeof( hash ); + + memset( hash, 0x2a, sizeof hash ); + memset( sig, 0, sizeof sig ); + + mbedtls_pk_init( &pk ); + USE_PSA_INIT(); + + TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( pk_type ) ) == 0 ); + + TEST_ASSERT( pk_genkey( &pk, parameter ) == 0 ); + + TEST_ASSERT( mbedtls_pk_sign_ext( key_pk_type, &pk, md_alg, hash, hash_len, + sig, sizeof sig , &sig_len, + mbedtls_test_rnd_std_rand, NULL ) == 0 ); + +exit: + mbedtls_pk_free( &pk ); + USE_PSA_DONE( ); +} +/* END_CASE */ + From bc18c23531ff9ef76a4ce0f6c6018f27e78d7243 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Sat, 12 Mar 2022 19:40:29 +0800 Subject: [PATCH 10/41] Guard pk_sign_ext with PSA_CRYPTO_C Signed-off-by: Jerry Yu --- include/mbedtls/pk.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index 2ef3b91be2..45c80b419c 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -535,6 +535,7 @@ int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, unsigned char *sig, size_t sig_size, size_t *sig_len, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); +#if defined(MBEDTLS_PSA_CRYPTO_C) /** * \brief Make signature with input pk type. not the type of \p ctx . * @@ -574,6 +575,7 @@ int mbedtls_pk_sign_ext( mbedtls_pk_type_t type, unsigned char *sig, size_t sig_size, size_t *sig_len, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); +#endif /* MBEDTLS_PSA_CRYPTO_C */ /** * \brief Restartable version of \c mbedtls_pk_sign() From 718a9b4a3f13e640436914b8680c60676af46d7e Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Sat, 12 Mar 2022 22:43:01 +0800 Subject: [PATCH 11/41] fix doxgen fail Signed-off-by: Jerry Yu --- include/mbedtls/pk.h | 2 +- library/pk.c | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index 45c80b419c..345762c424 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -568,7 +568,7 @@ int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, * \note For RSA, md_alg may be MBEDTLS_MD_NONE if hash_len != 0. * For ECDSA, md_alg may never be MBEDTLS_MD_NONE. */ -int mbedtls_pk_sign_ext( mbedtls_pk_type_t type, +int mbedtls_pk_sign_ext( mbedtls_pk_type_t pk_type, mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hash_len, diff --git a/library/pk.c b/library/pk.c index 369472a0a1..0dab428996 100644 --- a/library/pk.c +++ b/library/pk.c @@ -522,7 +522,7 @@ int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, /* * Make a signature with options */ -int mbedtls_pk_sign_ext( mbedtls_pk_type_t type, +int mbedtls_pk_sign_ext( mbedtls_pk_type_t pk_type, mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hash_len, @@ -536,10 +536,10 @@ int mbedtls_pk_sign_ext( mbedtls_pk_type_t type, if( ctx->pk_info == NULL ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); - if( ! mbedtls_pk_can_do( ctx, type ) ) + if( ! mbedtls_pk_can_do( ctx, pk_type ) ) return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); - if( type != MBEDTLS_PK_RSASSA_PSS ) + if( pk_type != MBEDTLS_PK_RSASSA_PSS ) { return( mbedtls_pk_sign( ctx, md_alg, hash, hash_len, sig, sig_size, sig_len, f_rng, p_rng ) ); From 704cfd2a86ec39febd9fe6e0fbb598d56cf38051 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 16 Mar 2022 10:06:59 +0800 Subject: [PATCH 12/41] fix comments and style issues Signed-off-by: Jerry Yu --- include/mbedtls/pk.h | 4 +--- library/pk.c | 1 - 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index 345762c424..fbc179463e 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -558,9 +558,7 @@ int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, * * \return 0 on success, or a specific error code. * - * \note For RSA keys, the padding type depends on the value of the - * \p pk_type parameter: MBEDTLS_PK_RSA for PKCS#1 v1.5, and - * MBEDTLS_PK_RSASSA_PSS for PKCS#1 v2.1 with any salt. + * \note see #PSA_ALG_RSA_PSS also. * * \note For RSA, md_alg may be MBEDTLS_MD_NONE if hash_len != 0. * For ECDSA, md_alg may never be MBEDTLS_MD_NONE. diff --git a/library/pk.c b/library/pk.c index 0dab428996..ee10980589 100644 --- a/library/pk.c +++ b/library/pk.c @@ -546,7 +546,6 @@ int mbedtls_pk_sign_ext( mbedtls_pk_type_t pk_type, } #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && defined(MBEDTLS_USE_PSA_CRYPTO) - return( mbedtls_pk_psa_sign_ext( PSA_ALG_RSA_PSS_ANY_SALT( mbedtls_psa_translate_md( md_alg ) ), ctx->pk_ctx, hash, hash_len, From b6875bc17a607e9715fec8964ed28bab927df824 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 16 Mar 2022 10:09:52 +0800 Subject: [PATCH 13/41] change rsa_pss salt type Signed-off-by: Jerry Yu --- library/pk.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/pk.c b/library/pk.c index ee10980589..091cb6b831 100644 --- a/library/pk.c +++ b/library/pk.c @@ -546,7 +546,7 @@ int mbedtls_pk_sign_ext( mbedtls_pk_type_t pk_type, } #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && defined(MBEDTLS_USE_PSA_CRYPTO) - return( mbedtls_pk_psa_sign_ext( PSA_ALG_RSA_PSS_ANY_SALT( + return( mbedtls_pk_psa_sign_ext( PSA_ALG_RSA_PSS( mbedtls_psa_translate_md( md_alg ) ), ctx->pk_ctx, hash, hash_len, sig, sig_size, sig_len ) ); From b02ee18e645433d948facc8dd9103a0743c60234 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 16 Mar 2022 10:30:41 +0800 Subject: [PATCH 14/41] replace use_psa_crypto with psa_crypto_c Signed-off-by: Jerry Yu --- include/mbedtls/check_config.h | 3 +-- include/mbedtls/psa_util.h | 4 ++-- library/pk.c | 4 ++-- library/pk_wrap.c | 4 ++-- library/pk_wrap.h | 9 +++++---- 5 files changed, 12 insertions(+), 12 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 378fcef702..06ba6b7d44 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -649,8 +649,7 @@ #if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \ ( ( !defined(MBEDTLS_HKDF_C) ) || \ ( !defined(MBEDTLS_SHA256_C) && !defined(MBEDTLS_SHA384_C) ) || \ - ( !defined(MBEDTLS_PSA_CRYPTO_C) ) || \ - ( !defined(MBEDTLS_USE_PSA_CRYPTO) ) ) + ( !defined(MBEDTLS_PSA_CRYPTO_C) ) ) #error "MBEDTLS_SSL_PROTO_TLS1_3 defined, but not all prerequisites" #endif diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index b4c7ba8a26..1aa365f1fc 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -29,7 +29,7 @@ #include "mbedtls/build_info.h" -#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) +#if defined(MBEDTLS_PSA_CRYPTO_C) #include "psa/crypto.h" @@ -277,7 +277,7 @@ static inline psa_key_type_t mbedtls_psa_parse_tls_ecc_group( } #endif /* MBEDTLS_ECP_C */ -#endif /* MBEDTLS_USE_PSA_CRYPTO */ +#endif /* MBEDTLS_PSA_CRYPTO_C */ /* Expose whatever RNG the PSA subsystem uses to applications using the * mbedtls_xxx API. The declarations and definitions here need to be diff --git a/library/pk.c b/library/pk.c index 091cb6b831..4c3c7740b4 100644 --- a/library/pk.c +++ b/library/pk.c @@ -36,7 +36,7 @@ #include "mbedtls/ecdsa.h" #endif -#if defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_PSA_CRYPTO_C) #include "mbedtls/psa_util.h" #endif @@ -545,7 +545,7 @@ int mbedtls_pk_sign_ext( mbedtls_pk_type_t pk_type, sig, sig_size, sig_len, f_rng, p_rng ) ); } -#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) return( mbedtls_pk_psa_sign_ext( PSA_ALG_RSA_PSS( mbedtls_psa_translate_md( md_alg ) ), ctx->pk_ctx, hash, hash_len, diff --git a/library/pk_wrap.c b/library/pk_wrap.c index b910242441..4e84ae5db8 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -65,7 +65,7 @@ #include #include -#if defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_PSA_CRYPTO_C) int mbedtls_pk_error_from_psa( psa_status_t status ) { switch( status ) @@ -191,7 +191,7 @@ static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, return( 0 ); } -#if defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_PSA_CRYPTO_C) int mbedtls_pk_psa_sign_ext( psa_algorithm_t psa_alg_md, void *pk_ctx, const unsigned char *hash, size_t hash_len, unsigned char *sig, size_t sig_size, diff --git a/library/pk_wrap.h b/library/pk_wrap.h index eead322cbe..ae970f9af4 100644 --- a/library/pk_wrap.h +++ b/library/pk_wrap.h @@ -27,6 +27,10 @@ #include "mbedtls/pk.h" +#if defined(MBEDTLS_PSA_CRYPTO_C) +#include "psa/crypto.h" +#endif /* MBEDTLS_PSA_CRYPTO_C */ + struct mbedtls_pk_info_t { /** Public key type */ @@ -135,7 +139,7 @@ extern const mbedtls_pk_info_t mbedtls_rsa_alt_info; extern const mbedtls_pk_info_t mbedtls_pk_opaque_info; #endif -#if defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_PSA_CRYPTO_C) int mbedtls_pk_error_from_psa( psa_status_t status ); #if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) @@ -146,9 +150,6 @@ int mbedtls_pk_error_from_psa_ecdca( psa_status_t status ); int mbedtls_pk_error_from_psa_rsa( psa_status_t status ); #endif -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - -#if defined(MBEDTLS_USE_PSA_CRYPTO) int mbedtls_pk_psa_sign_ext( psa_algorithm_t psa_alg_md, void *ctx, const unsigned char *hash, size_t hash_len, unsigned char *sig, size_t sig_size, From 07869e804c028f428161cacef387ced147efe397 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 16 Mar 2022 16:40:50 +0800 Subject: [PATCH 15/41] fix psa crypto test fail Signed-off-by: Jerry Yu --- library/pk_wrap.c | 49 ++++++++++++++++++++++++++--------------------- 1 file changed, 27 insertions(+), 22 deletions(-) diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 4e84ae5db8..896b876d09 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -100,28 +100,6 @@ int mbedtls_pk_error_from_psa( psa_status_t status ) } } -#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) -int mbedtls_pk_error_from_psa_ecdca( psa_status_t status ) -{ - switch( status ) - { - case PSA_ERROR_NOT_PERMITTED: - case PSA_ERROR_INVALID_ARGUMENT: - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); - case PSA_ERROR_INVALID_HANDLE: - return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); - case PSA_ERROR_BUFFER_TOO_SMALL: - return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL ); - case PSA_ERROR_INSUFFICIENT_ENTROPY: - return( MBEDTLS_ERR_ECP_RANDOM_FAILED ); - case PSA_ERROR_INVALID_SIGNATURE: - return( MBEDTLS_ERR_ECP_VERIFY_FAILED ); - default: - return( mbedtls_pk_error_from_psa( status ) ); - } -} -#endif - #if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) int mbedtls_pk_error_from_psa_rsa( psa_status_t status ) { @@ -144,6 +122,33 @@ int mbedtls_pk_error_from_psa_rsa( psa_status_t status ) } } #endif + +#endif /* MBEDTLS_PSA_CRYPTO_C */ + +#if defined(MBEDTLS_USE_PSA_CRYPTO) + +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) +int mbedtls_pk_error_from_psa_ecdca( psa_status_t status ) +{ + switch( status ) + { + case PSA_ERROR_NOT_PERMITTED: + case PSA_ERROR_INVALID_ARGUMENT: + return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + case PSA_ERROR_INVALID_HANDLE: + return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); + case PSA_ERROR_BUFFER_TOO_SMALL: + return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL ); + case PSA_ERROR_INSUFFICIENT_ENTROPY: + return( MBEDTLS_ERR_ECP_RANDOM_FAILED ); + case PSA_ERROR_INVALID_SIGNATURE: + return( MBEDTLS_ERR_ECP_VERIFY_FAILED ); + default: + return( mbedtls_pk_error_from_psa( status ) ); + } +} +#endif + #endif #if defined(MBEDTLS_RSA_C) From 20f9f819bbd44f362d412ebac389de492f854f44 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 17 Mar 2022 10:54:34 +0800 Subject: [PATCH 16/41] Remove use_psa_crypto in test scripts Signed-off-by: Jerry Yu --- tests/configs/tls13-only.h | 1 - tests/scripts/all.sh | 61 ++++++++++++++++++++++---------------- 2 files changed, 36 insertions(+), 26 deletions(-) diff --git a/tests/configs/tls13-only.h b/tests/configs/tls13-only.h index 27e8ffd40d..0a22c544b7 100644 --- a/tests/configs/tls13-only.h +++ b/tests/configs/tls13-only.h @@ -24,7 +24,6 @@ #define MBEDTLS_SSL_PROTO_TLS1_3 #define MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE -#define MBEDTLS_USE_PSA_CRYPTO #undef MBEDTLS_SSL_ENCRYPT_THEN_MAC #undef MBEDTLS_SSL_EXTENDED_MASTER_SECRET diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 6d8737da39..69b1fc83e2 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1058,6 +1058,7 @@ component_test_no_ctr_drbg_classic () { msg "build: Full minus CTR_DRBG, classic crypto in TLS" scripts/config.py full scripts/config.py unset MBEDTLS_CTR_DRBG_C + scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . make @@ -1102,6 +1103,7 @@ component_test_no_hmac_drbg_classic () { scripts/config.py full scripts/config.py unset MBEDTLS_HMAC_DRBG_C scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG + scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . make @@ -1153,7 +1155,7 @@ component_test_no_hmac_drbg_use_psa () { component_test_psa_external_rng_no_drbg_classic () { msg "build: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, classic crypto in TLS" scripts/config.py full - scripts/config.py set MBEDTLS_USE_PSA_CRYPTO + scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG scripts/config.py unset MBEDTLS_ENTROPY_C scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED @@ -1800,7 +1802,7 @@ component_test_psa_crypto_config_no_driver() { scripts/config.py full scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py unset MBEDTLS_PSA_CRYPTO_DRIVERS - scripts/config.py set MBEDTLS_USE_PSA_CRYPTO + scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO make CC=gcc CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS" msg "test: full + MBEDTLS_PSA_CRYPTO_CONFIG minus MBEDTLS_PSA_CRYPTO_DRIVERS" @@ -1830,7 +1832,7 @@ component_build_psa_accel_alg_ecdsa() { scripts/config.py full scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS - scripts/config.py set MBEDTLS_USE_PSA_CRYPTO + scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_ECDSA_C scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED @@ -1846,7 +1848,7 @@ component_build_psa_accel_alg_ecdh() { scripts/config.py full scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS - scripts/config.py set MBEDTLS_USE_PSA_CRYPTO + scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_ECDH_C scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED @@ -1864,7 +1866,7 @@ component_build_psa_accel_key_type_ecc_key_pair() { scripts/config.py full scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS - scripts/config.py set MBEDTLS_USE_PSA_CRYPTO + scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_ECC_KEY_PAIR 1 scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1 # Need to define the correct symbol and include the test driver header path in order to build with the test driver @@ -1878,7 +1880,7 @@ component_build_psa_accel_key_type_ecc_public_key() { scripts/config.py full scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS - scripts/config.py set MBEDTLS_USE_PSA_CRYPTO + scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR # Need to define the correct symbol and include the test driver header path in order to build with the test driver @@ -1892,7 +1894,7 @@ component_build_psa_accel_alg_hmac() { scripts/config.py full scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS - scripts/config.py set MBEDTLS_USE_PSA_CRYPTO + scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO # Need to define the correct symbol and include the test driver header path in order to build with the test driver make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HMAC -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" } @@ -1905,7 +1907,7 @@ component_build_psa_accel_alg_hkdf() { scripts/config.py full scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS - scripts/config.py set MBEDTLS_USE_PSA_CRYPTO + scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_HKDF_C # Make sure to unset TLS1_3 since it requires HKDF_C and will not build properly without it. scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 @@ -1920,7 +1922,7 @@ component_build_psa_accel_alg_md5() { scripts/config.py full scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS - scripts/config.py set MBEDTLS_USE_PSA_CRYPTO + scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224 @@ -1938,7 +1940,7 @@ component_build_psa_accel_alg_ripemd160() { scripts/config.py full scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS - scripts/config.py set MBEDTLS_USE_PSA_CRYPTO + scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224 @@ -1956,7 +1958,7 @@ component_build_psa_accel_alg_sha1() { scripts/config.py full scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS - scripts/config.py set MBEDTLS_USE_PSA_CRYPTO + scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224 @@ -1974,7 +1976,7 @@ component_build_psa_accel_alg_sha224() { scripts/config.py full scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS - scripts/config.py set MBEDTLS_USE_PSA_CRYPTO + scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1 @@ -1991,7 +1993,7 @@ component_build_psa_accel_alg_sha256() { scripts/config.py full scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS - scripts/config.py set MBEDTLS_USE_PSA_CRYPTO + scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1 @@ -2009,7 +2011,7 @@ component_build_psa_accel_alg_sha384() { scripts/config.py full scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS - scripts/config.py set MBEDTLS_USE_PSA_CRYPTO + scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1 @@ -2026,7 +2028,7 @@ component_build_psa_accel_alg_sha512() { scripts/config.py full scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS - scripts/config.py set MBEDTLS_USE_PSA_CRYPTO + scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1 @@ -2044,7 +2046,7 @@ component_build_psa_accel_alg_rsa_pkcs1v15_crypt() { scripts/config.py full scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS - scripts/config.py set MBEDTLS_USE_PSA_CRYPTO + scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_OAEP @@ -2060,7 +2062,7 @@ component_build_psa_accel_alg_rsa_pkcs1v15_sign() { scripts/config.py full scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS - scripts/config.py set MBEDTLS_USE_PSA_CRYPTO + scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_OAEP @@ -2076,7 +2078,7 @@ component_build_psa_accel_alg_rsa_oaep() { scripts/config.py full scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS - scripts/config.py set MBEDTLS_USE_PSA_CRYPTO + scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_OAEP 1 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN @@ -2092,7 +2094,7 @@ component_build_psa_accel_alg_rsa_pss() { scripts/config.py full scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS - scripts/config.py set MBEDTLS_USE_PSA_CRYPTO + scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_PSS 1 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN @@ -2108,7 +2110,7 @@ component_build_psa_accel_key_type_rsa_key_pair() { scripts/config.py full scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS - scripts/config.py set MBEDTLS_USE_PSA_CRYPTO + scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_PSS 1 scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_RSA_KEY_PAIR 1 # Need to define the correct symbol and include the test driver header path in order to build with the test driver @@ -2122,7 +2124,7 @@ component_build_psa_accel_key_type_rsa_public_key() { scripts/config.py full scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS - scripts/config.py set MBEDTLS_USE_PSA_CRYPTO + scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_PSS 1 scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1 # Need to define the correct symbol and include the test driver header path in order to build with the test driver @@ -2779,7 +2781,6 @@ component_test_tls13 () { scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3 scripts/config.py set MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE scripts/config.py set MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 1 - scripts/config.py set MBEDTLS_USE_PSA_CRYPTO CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . make msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, without padding" @@ -2793,7 +2794,6 @@ component_test_tls13_no_compatibility_mode () { scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3 scripts/config.py unset MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE scripts/config.py set MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 1 - scripts/config.py set MBEDTLS_USE_PSA_CRYPTO CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . make msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, without padding" @@ -2807,7 +2807,6 @@ component_test_tls13_with_padding () { scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3 scripts/config.py set MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE scripts/config.py set MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 16 - scripts/config.py set MBEDTLS_USE_PSA_CRYPTO CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . make msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, with padding" @@ -2816,12 +2815,24 @@ component_test_tls13_with_padding () { tests/ssl-opt.sh } +component_test_tls13_with_ecp_restartable () { + msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, with ecp_restartable" + scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3 + scripts/config.py set MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE + scripts/config.py set MBEDTLS_ECP_RESTARTABLE + CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + make + msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, with ecp_restartable" + make test + msg "ssl-opt.sh (TLS 1.3 with ecp_restartable)" + tests/ssl-opt.sh +} + component_test_tls13_with_everest () { msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, with Everest" scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3 scripts/config.py set MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED - scripts/config.py set MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_ECP_RESTARTABLE CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . make From 5a0afc8a129798962a61da7bd37c69397c6e92a5 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 22 Mar 2022 12:47:28 +0800 Subject: [PATCH 17/41] fix test fail for pk_sign_ext Signed-off-by: Jerry Yu --- tests/suites/test_suite_pk.function | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index e89ae74a14..dc6bf188c5 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -1088,7 +1088,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_USE_PSA_CRYPTO */ +/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C */ void pk_psa_sign_ext( int pk_type, int parameter, int key_pk_type, int md_alg ) { mbedtls_pk_context pk; @@ -1101,7 +1101,7 @@ void pk_psa_sign_ext( int pk_type, int parameter, int key_pk_type, int md_alg ) memset( sig, 0, sizeof sig ); mbedtls_pk_init( &pk ); - USE_PSA_INIT(); + PSA_INIT(); TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( pk_type ) ) == 0 ); @@ -1112,8 +1112,8 @@ void pk_psa_sign_ext( int pk_type, int parameter, int key_pk_type, int md_alg ) mbedtls_test_rnd_std_rand, NULL ) == 0 ); exit: + PSA_DONE( ); mbedtls_pk_free( &pk ); - USE_PSA_DONE( ); } /* END_CASE */ From 848ecce990bee1db92f412d7531981b51cda2985 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 22 Mar 2022 10:58:48 +0800 Subject: [PATCH 18/41] fix wrong typo in function name Signed-off-by: Jerry Yu --- library/pk_wrap.c | 8 ++++---- library/pk_wrap.h | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 896b876d09..4c66e5f091 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -128,7 +128,7 @@ int mbedtls_pk_error_from_psa_rsa( psa_status_t status ) #if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) -int mbedtls_pk_error_from_psa_ecdca( psa_status_t status ) +int mbedtls_pk_error_from_psa_ecdsa( psa_status_t status ) { switch( status ) { @@ -926,7 +926,7 @@ static int ecdsa_verify_wrap( void *ctx_arg, mbedtls_md_type_t md_alg, buf, 2 * signature_part_size ); if( status != PSA_SUCCESS ) { - ret = mbedtls_pk_error_from_psa_ecdca( status ); + ret = mbedtls_pk_error_from_psa_ecdsa( status ); goto cleanup; } @@ -1147,7 +1147,7 @@ static int ecdsa_sign_wrap( void *ctx_arg, mbedtls_md_type_t md_alg, sig, sig_size, sig_len ); if( status != PSA_SUCCESS ) { - ret = mbedtls_pk_error_from_psa_ecdca( status ); + ret = mbedtls_pk_error_from_psa_ecdsa( status ); goto cleanup; } @@ -1469,7 +1469,7 @@ static int pk_opaque_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, status = psa_sign_hash( *key, alg, hash, hash_len, sig, sig_size, sig_len ); if( status != PSA_SUCCESS ) - return( mbedtls_pk_error_from_psa_ecdca( status ) ); + return( mbedtls_pk_error_from_psa_ecdsa( status ) ); /* transcode it to ASN.1 sequence */ return( pk_ecdsa_sig_asn1_from_psa( sig, sig_len, sig_size ) ); diff --git a/library/pk_wrap.h b/library/pk_wrap.h index ae970f9af4..d4a90aba9a 100644 --- a/library/pk_wrap.h +++ b/library/pk_wrap.h @@ -143,7 +143,7 @@ extern const mbedtls_pk_info_t mbedtls_pk_opaque_info; int mbedtls_pk_error_from_psa( psa_status_t status ); #if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) -int mbedtls_pk_error_from_psa_ecdca( psa_status_t status ); +int mbedtls_pk_error_from_psa_ecdsa( psa_status_t status ); #endif #if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) From 406cf27cb5fbf687058fb2428a552f0bf954c85b Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 22 Mar 2022 11:33:42 +0800 Subject: [PATCH 19/41] fix various issues Signed-off-by: Jerry Yu --- include/mbedtls/pk.h | 2 +- include/mbedtls/psa_util.h | 6 ++---- library/pk.c | 4 ---- library/pk_wrap.c | 2 +- library/pk_wrap.h | 2 +- library/ssl_tls13_generic.c | 2 -- 6 files changed, 5 insertions(+), 13 deletions(-) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index fbc179463e..4ac4e28bbe 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -537,7 +537,7 @@ int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, #if defined(MBEDTLS_PSA_CRYPTO_C) /** - * \brief Make signature with input pk type. not the type of \p ctx . + * \brief Make signature given a signature type. * * \param pk_type Signature type. * \param ctx The PK context to use. It must have been set up diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index 1aa365f1fc..8dd47f6445 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -277,13 +277,11 @@ static inline psa_key_type_t mbedtls_psa_parse_tls_ecc_group( } #endif /* MBEDTLS_ECP_C */ -#endif /* MBEDTLS_PSA_CRYPTO_C */ - /* Expose whatever RNG the PSA subsystem uses to applications using the * mbedtls_xxx API. The declarations and definitions here need to be * consistent with the implementation in library/psa_crypto_random_impl.h. * See that file for implementation documentation. */ -#if defined(MBEDTLS_PSA_CRYPTO_C) + /* The type of a `f_rng` random generator function that many library functions * take. @@ -363,6 +361,6 @@ extern mbedtls_psa_drbg_context_t *const mbedtls_psa_random_state; #endif /* !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) */ -#endif /* defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) */ +#endif /* MBEDTLS_PSA_CRYPTO_C */ #endif /* MBEDTLS_PSA_UTIL_H */ diff --git a/library/pk.c b/library/pk.c index 4c3c7740b4..0a7a40bf6e 100644 --- a/library/pk.c +++ b/library/pk.c @@ -545,14 +545,10 @@ int mbedtls_pk_sign_ext( mbedtls_pk_type_t pk_type, sig, sig_size, sig_len, f_rng, p_rng ) ); } -#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) return( mbedtls_pk_psa_sign_ext( PSA_ALG_RSA_PSS( mbedtls_psa_translate_md( md_alg ) ), ctx->pk_ctx, hash, hash_len, sig, sig_size, sig_len ) ); -#else /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ - return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); -#endif /* !MBEDTLS_X509_RSASSA_PSS_SUPPORT */ } #endif /* MBEDTLS_PSA_CRYPTO_C */ diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 4c66e5f091..76b7a1b8d6 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -251,7 +251,7 @@ cleanup: ret = mbedtls_pk_error_from_psa( status ); return( ret ); } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ +#endif /* MBEDTLS_PSA_CRYPTO_C */ #if defined(MBEDTLS_USE_PSA_CRYPTO) static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, diff --git a/library/pk_wrap.h b/library/pk_wrap.h index d4a90aba9a..e310005966 100644 --- a/library/pk_wrap.h +++ b/library/pk_wrap.h @@ -155,6 +155,6 @@ int mbedtls_pk_psa_sign_ext( psa_algorithm_t psa_alg_md, void *ctx, unsigned char *sig, size_t sig_size, size_t *sig_len ); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ +#endif /* MBEDTLS_PSA_CRYPTO_C */ #endif /* MBEDTLS_PK_WRAP_H */ diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index a8c3570722..91c5448294 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -1129,7 +1129,6 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, pk_type = MBEDTLS_PK_ECDSA; break; #endif /* MBEDTLS_ECDSA_C */ -#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256: md_alg = MBEDTLS_MD_SHA256; pk_type = MBEDTLS_PK_RSASSA_PSS; @@ -1142,7 +1141,6 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, md_alg = MBEDTLS_MD_SHA512; pk_type = MBEDTLS_PK_RSASSA_PSS; break; -#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ default: break; } From b3bfe9f5d2a2f6cbce482d9c7cf7136dd74ea827 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 22 Mar 2022 13:20:39 +0800 Subject: [PATCH 20/41] Add verify for pk_sign_ext test Signed-off-by: Jerry Yu --- tests/suites/test_suite_pk.data | 2 +- tests/suites/test_suite_pk.function | 27 +++++++++++++++++++++------ 2 files changed, 22 insertions(+), 7 deletions(-) diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data index b9a8d5d3b0..e8f790c8bf 100644 --- a/tests/suites/test_suite_pk.data +++ b/tests/suites/test_suite_pk.data @@ -341,7 +341,7 @@ PSA wrapped sign: BP512R1 depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED pk_psa_sign:MBEDTLS_ECP_DP_BP512R1:PSA_ECC_FAMILY_BRAINPOOL_P_R1:512 -PK test valid mebdtls_pk_sign_ext +PK Sign ext:PK_RSASSA_PSS,MD_SHA512 depends_on:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA512 diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index dc6bf188c5..3b4b7c3c62 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -1096,21 +1096,36 @@ void pk_psa_sign_ext( int pk_type, int parameter, int key_pk_type, int md_alg ) unsigned char sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE]; unsigned char hash[MBEDTLS_MD_MAX_SIZE]; size_t hash_len = sizeof( hash ); - - memset( hash, 0x2a, sizeof hash ); - memset( sig, 0, sizeof sig ); + void const *options = NULL; +#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) + mbedtls_pk_rsassa_pss_options rsassa_pss_options; +#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ + memset( hash, 0x2a, sizeof( hash ) ); + memset( sig, 0, sizeof( sig ) ); mbedtls_pk_init( &pk ); PSA_INIT(); - TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( pk_type ) ) == 0 ); + TEST_ASSERT( mbedtls_pk_setup( &pk, + mbedtls_pk_info_from_type( pk_type ) ) == 0 ); TEST_ASSERT( pk_genkey( &pk, parameter ) == 0 ); TEST_ASSERT( mbedtls_pk_sign_ext( key_pk_type, &pk, md_alg, hash, hash_len, - sig, sizeof sig , &sig_len, + sig, sizeof( sig ), &sig_len, mbedtls_test_rnd_std_rand, NULL ) == 0 ); - +#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) + if( key_pk_type == MBEDTLS_PK_RSASSA_PSS ) + { + const mbedtls_md_info_t* md_info = mbedtls_md_info_from_type( md_alg ); + rsassa_pss_options.mgf1_hash_id = md_alg; + TEST_ASSERT( md_info != NULL ); + rsassa_pss_options.expected_salt_len = mbedtls_md_get_size( md_info ); + options = (const void*) &rsassa_pss_options; + } +#endif + TEST_ASSERT( mbedtls_pk_verify_ext( key_pk_type, options, &pk, md_alg, + hash, sizeof( hash ), sig, sig_len ) == 0 ); exit: PSA_DONE( ); mbedtls_pk_free( &pk ); From 92339d25b4fdac1e1cafaac8335baf2cf36db539 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 22 Mar 2022 13:50:40 +0800 Subject: [PATCH 21/41] Add more unit test for pk_sign_ext Signed-off-by: Jerry Yu --- tests/suites/test_suite_pk.data | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data index e8f790c8bf..8a3a176cee 100644 --- a/tests/suites/test_suite_pk.data +++ b/tests/suites/test_suite_pk.data @@ -341,7 +341,11 @@ PSA wrapped sign: BP512R1 depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED pk_psa_sign:MBEDTLS_ECP_DP_BP512R1:PSA_ECC_FAMILY_BRAINPOOL_P_R1:512 -PK Sign ext:PK_RSASSA_PSS,MD_SHA512 +PK Sign ext:RSA2048,PK_RSASSA_PSS,MD_SHA512 depends_on:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA512 +PK Sign ext:RSA2048,PK_RSA,MD_SHA512 +depends_on:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C:MBEDTLS_PKCS1_V15 +pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA512 + From 89107d1bc2b6bac3f9b118232832bc4b3802aa5e Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 22 Mar 2022 14:20:15 +0800 Subject: [PATCH 22/41] fix ci fail without RSA_C Signed-off-by: Jerry Yu --- library/pk.c | 13 ++++++++----- library/pk_wrap.c | 16 ++++++++-------- library/pk_wrap.h | 10 ++++++---- 3 files changed, 22 insertions(+), 17 deletions(-) diff --git a/library/pk.c b/library/pk.c index 0a7a40bf6e..5171961a78 100644 --- a/library/pk.c +++ b/library/pk.c @@ -544,11 +544,14 @@ int mbedtls_pk_sign_ext( mbedtls_pk_type_t pk_type, return( mbedtls_pk_sign( ctx, md_alg, hash, hash_len, sig, sig_size, sig_len, f_rng, p_rng ) ); } - - return( mbedtls_pk_psa_sign_ext( PSA_ALG_RSA_PSS( - mbedtls_psa_translate_md( md_alg ) ), - ctx->pk_ctx, hash, hash_len, - sig, sig_size, sig_len ) ); +#if defined(MBEDTLS_RSA_C) + return( mbedtls_pk_psa_rsa_sign_ext( PSA_ALG_RSA_PSS( + mbedtls_psa_translate_md( md_alg ) ), + ctx->pk_ctx, hash, hash_len, + sig, sig_size, sig_len ) ); +#else /* MBEDTLS_RSA_C */ + return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); +#endif /* !MBEDTLS_RSA_C */ } #endif /* MBEDTLS_PSA_CRYPTO_C */ diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 76b7a1b8d6..cc4d6f225b 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -197,10 +197,10 @@ static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, } #if defined(MBEDTLS_PSA_CRYPTO_C) -int mbedtls_pk_psa_sign_ext( psa_algorithm_t psa_alg_md, void *pk_ctx, - const unsigned char *hash, size_t hash_len, - unsigned char *sig, size_t sig_size, - size_t *sig_len ) +int mbedtls_pk_psa_rsa_sign_ext( psa_algorithm_t psa_alg_md, void *pk_ctx, + const unsigned char *hash, size_t hash_len, + unsigned char *sig, size_t sig_size, + size_t *sig_len ) { mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) pk_ctx; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -269,10 +269,10 @@ static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); #endif /* SIZE_MAX > UINT_MAX */ - return( mbedtls_pk_psa_sign_ext( PSA_ALG_RSA_PKCS1V15_SIGN( - mbedtls_psa_translate_md( md_alg ) ), - ctx, hash, hash_len, - sig, sig_size, sig_len ) ); + return( mbedtls_pk_psa_rsa_sign_ext( PSA_ALG_RSA_PKCS1V15_SIGN( + mbedtls_psa_translate_md( md_alg ) ), + ctx, hash, hash_len, + sig, sig_size, sig_len ) ); } #else static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, diff --git a/library/pk_wrap.h b/library/pk_wrap.h index e310005966..5dae6b45cc 100644 --- a/library/pk_wrap.h +++ b/library/pk_wrap.h @@ -150,10 +150,12 @@ int mbedtls_pk_error_from_psa_ecdsa( psa_status_t status ); int mbedtls_pk_error_from_psa_rsa( psa_status_t status ); #endif -int mbedtls_pk_psa_sign_ext( psa_algorithm_t psa_alg_md, void *ctx, - const unsigned char *hash, size_t hash_len, - unsigned char *sig, size_t sig_size, - size_t *sig_len ); +#if defined(MBEDTLS_RSA_C) +int mbedtls_pk_psa_rsa_sign_ext( psa_algorithm_t psa_alg_md, void *ctx, + const unsigned char *hash, size_t hash_len, + unsigned char *sig, size_t sig_size, + size_t *sig_len ); +#endif /* MBEDTLS_RSA_C */ #endif /* MBEDTLS_PSA_CRYPTO_C */ From 5512ad9df85721b47e438a58efa8535b9b498d64 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 22 Mar 2022 14:34:56 +0800 Subject: [PATCH 23/41] fix genkey fail Signed-off-by: Jerry Yu --- tests/suites/test_suite_pk.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 3b4b7c3c62..dceb477436 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -1088,7 +1088,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C */ +/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_GENPRIME */ void pk_psa_sign_ext( int pk_type, int parameter, int key_pk_type, int md_alg ) { mbedtls_pk_context pk; From dddf5a0e18dbd31eb4c86b13bd3ab73c62d0507a Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 22 Mar 2022 15:47:19 +0800 Subject: [PATCH 24/41] Refactor get_sig_alg_from_pk Signed-off-by: Jerry Yu --- library/ssl_tls13_generic.c | 50 +++++++++++++------------------------ 1 file changed, 17 insertions(+), 33 deletions(-) diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 91c5448294..51fd98248c 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -983,7 +983,9 @@ cleanup: * STATE HANDLING: Output Certificate Verify */ static uint16_t ssl_tls13_get_sig_alg_from_pk( mbedtls_ssl_context *ssl, - mbedtls_pk_context *own_key ) + mbedtls_pk_context *own_key, + mbedtls_pk_type_t *pk_type, + mbedtls_md_type_t *md_alg) { mbedtls_pk_type_t sig = mbedtls_ssl_sig_from_pk( own_key ); /* Determine the size of the key */ @@ -999,12 +1001,18 @@ static uint16_t ssl_tls13_get_sig_alg_from_pk( mbedtls_ssl_context *ssl, { case 256: algorithm = MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256; + *md_alg = MBEDTLS_MD_SHA256; + *pk_type = MBEDTLS_PK_ECDSA; break; case 384: algorithm = MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384; + *md_alg = MBEDTLS_MD_SHA384; + *pk_type = MBEDTLS_PK_ECDSA; break; case 521: algorithm = MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512; + *md_alg = MBEDTLS_MD_SHA512; + *pk_type = MBEDTLS_PK_ECDSA; break; default: MBEDTLS_SSL_DEBUG_MSG( 3, @@ -1023,18 +1031,24 @@ static uint16_t ssl_tls13_get_sig_alg_from_pk( mbedtls_ssl_context *ssl, MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256 ) ) { algorithm = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256; + *md_alg = MBEDTLS_MD_SHA256; + *pk_type = MBEDTLS_PK_RSASSA_PSS; } else if( own_key_size <= 3072 && mbedtls_ssl_sig_alg_is_received( ssl, MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384 ) ) { algorithm = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384; + *md_alg = MBEDTLS_MD_SHA384; + *pk_type = MBEDTLS_PK_RSASSA_PSS; } else if( own_key_size <= 4096 && mbedtls_ssl_sig_alg_is_received( ssl, MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512 ) ) { algorithm = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512; + *md_alg = MBEDTLS_MD_SHA512; + *pk_type = MBEDTLS_PK_RSASSA_PSS; } break; #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ @@ -1098,7 +1112,8 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, * opaque signature<0..2^16-1>; * } CertificateVerify; */ - algorithm = ssl_tls13_get_sig_alg_from_pk( ssl, own_key ); + algorithm = ssl_tls13_get_sig_alg_from_pk( ssl, own_key, + &pk_type, &md_alg ); if( algorithm == MBEDTLS_TLS1_3_SIG_NONE || ! mbedtls_ssl_sig_alg_is_received( ssl, algorithm ) ) { @@ -1113,37 +1128,6 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); } - switch( algorithm ) - { -#if defined(MBEDTLS_ECDSA_C) - case MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256: - md_alg = MBEDTLS_MD_SHA256; - pk_type = MBEDTLS_PK_ECDSA; - break; - case MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384: - md_alg = MBEDTLS_MD_SHA384; - pk_type = MBEDTLS_PK_ECDSA; - break; - case MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512: - md_alg = MBEDTLS_MD_SHA512; - pk_type = MBEDTLS_PK_ECDSA; - break; -#endif /* MBEDTLS_ECDSA_C */ - case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256: - md_alg = MBEDTLS_MD_SHA256; - pk_type = MBEDTLS_PK_RSASSA_PSS; - break; - case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384: - md_alg = MBEDTLS_MD_SHA384; - pk_type = MBEDTLS_PK_RSASSA_PSS; - break; - case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512: - md_alg = MBEDTLS_MD_SHA512; - pk_type = MBEDTLS_PK_RSASSA_PSS; - break; - default: - break; - } /* Check there is space for the algorithm identifier (2 bytes) and the * signature length (2 bytes). */ From e2c882518cd6ba7f8b33174aa6101accb32e8cb5 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 22 Mar 2022 21:18:52 +0800 Subject: [PATCH 25/41] Add pk_sign_ext unit tests Signed-off-by: Jerry Yu --- tests/suites/test_suite_pk.data | 40 ++++++++++++++++++++++++----- tests/suites/test_suite_pk.function | 5 ++-- 2 files changed, 37 insertions(+), 8 deletions(-) diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data index 8a3a176cee..a83c66f436 100644 --- a/tests/suites/test_suite_pk.data +++ b/tests/suites/test_suite_pk.data @@ -341,11 +341,39 @@ PSA wrapped sign: BP512R1 depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED pk_psa_sign:MBEDTLS_ECP_DP_BP512R1:PSA_ECC_FAMILY_BRAINPOOL_P_R1:512 -PK Sign ext:RSA2048,PK_RSASSA_PSS,MD_SHA512 -depends_on:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C -pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA512 +PK Sign ext:RSA2048,PK_RSA,MD_SHA256 +depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C +pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA256 -PK Sign ext:RSA2048,PK_RSA,MD_SHA512 -depends_on:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C:MBEDTLS_PKCS1_V15 -pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA512 +PK Sign ext:RSA2048,PK_RSASSA_PSS,MD_SHA256 +depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C +pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA256 + +PK Sign ext:RSA3072,PK_RSA,MD_SHA384 +depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_SHA384_C +pk_psa_sign_ext:MBEDTLS_PK_RSA:3072:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA384 + +PK Sign ext:RSA3072,PK_RSASSA_PSS,MD_SHA384 +depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_SHA384_C +pk_psa_sign_ext:MBEDTLS_PK_RSA:3072:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA384 + +PK Sign ext:RSA4096,PK_RSA,MD_SHA512 +depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_SHA512_C +pk_psa_sign_ext:MBEDTLS_PK_RSA:4096:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA512 + +PK Sign ext:RSA4096,PK_RSASSA_PSS,MD_SHA512 +depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_SHA512_C +pk_psa_sign_ext:MBEDTLS_PK_RSA:4096:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA512 + +PK Sign ext:SECP256R1,PK_ECDSA,MD_SHA256 +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C +pk_psa_sign_ext:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_PK_ECDSA:MBEDTLS_MD_SHA256 + +PK Sign ext:SECP384R1,PK_ECDSA,MD_SHA384 +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA384_C +pk_psa_sign_ext:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP384R1:MBEDTLS_PK_ECDSA:MBEDTLS_MD_SHA384 + +PK Sign ext:SECP521R1,PK_ECDSA,MD_SHA512 +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_SHA512_C +pk_psa_sign_ext:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP521R1:MBEDTLS_PK_ECDSA:MBEDTLS_MD_SHA512 diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index dceb477436..046517fc58 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -1095,7 +1095,8 @@ void pk_psa_sign_ext( int pk_type, int parameter, int key_pk_type, int md_alg ) size_t sig_len; unsigned char sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE]; unsigned char hash[MBEDTLS_MD_MAX_SIZE]; - size_t hash_len = sizeof( hash ); + const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg ); + size_t hash_len = mbedtls_md_get_size( md_info ); void const *options = NULL; #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) mbedtls_pk_rsassa_pss_options rsassa_pss_options; @@ -1125,7 +1126,7 @@ void pk_psa_sign_ext( int pk_type, int parameter, int key_pk_type, int md_alg ) } #endif TEST_ASSERT( mbedtls_pk_verify_ext( key_pk_type, options, &pk, md_alg, - hash, sizeof( hash ), sig, sig_len ) == 0 ); + hash, hash_len, sig, sig_len ) == 0 ); exit: PSA_DONE( ); mbedtls_pk_free( &pk ); From bf455e7516322b82dd0700975940324fccaa2c32 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 22 Mar 2022 21:39:41 +0800 Subject: [PATCH 26/41] rename pk_psa_rsa_sign_ext param Signed-off-by: Jerry Yu --- library/pk_wrap.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/pk_wrap.c b/library/pk_wrap.c index cc4d6f225b..76154ed3ac 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -197,7 +197,7 @@ static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, } #if defined(MBEDTLS_PSA_CRYPTO_C) -int mbedtls_pk_psa_rsa_sign_ext( psa_algorithm_t psa_alg_md, void *pk_ctx, +int mbedtls_pk_psa_rsa_sign_ext( psa_algorithm_t alg, void *pk_ctx, const unsigned char *hash, size_t hash_len, unsigned char *sig, size_t sig_size, size_t *sig_len ) @@ -224,7 +224,7 @@ int mbedtls_pk_psa_rsa_sign_ext( psa_algorithm_t psa_alg_md, void *pk_ctx, if( key_len <= 0 ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH ); - psa_set_key_algorithm( &attributes, psa_alg_md ); + psa_set_key_algorithm( &attributes, alg ); psa_set_key_type( &attributes, PSA_KEY_TYPE_RSA_KEY_PAIR ); status = psa_import_key( &attributes, @@ -235,7 +235,7 @@ int mbedtls_pk_psa_rsa_sign_ext( psa_algorithm_t psa_alg_md, void *pk_ctx, ret = mbedtls_pk_error_from_psa( status ); goto cleanup; } - status = psa_sign_hash( key_id, psa_alg_md, hash, hash_len, + status = psa_sign_hash( key_id, alg, hash, hash_len, sig, sig_size, sig_len ); if( status != PSA_SUCCESS ) { From e91a51a539cfd93d87368978d2e8cc2ed0f36801 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 22 Mar 2022 21:42:50 +0800 Subject: [PATCH 27/41] Refactor get_sig_alg_from pk Signed-off-by: Jerry Yu --- library/ssl_tls13_generic.c | 41 ++++++++++++++++++++----------------- 1 file changed, 22 insertions(+), 19 deletions(-) diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 51fd98248c..cc7a0ac01a 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -982,15 +982,16 @@ cleanup: /* * STATE HANDLING: Output Certificate Verify */ -static uint16_t ssl_tls13_get_sig_alg_from_pk( mbedtls_ssl_context *ssl, - mbedtls_pk_context *own_key, - mbedtls_pk_type_t *pk_type, - mbedtls_md_type_t *md_alg) +static int ssl_tls13_get_sig_alg_from_pk( mbedtls_ssl_context *ssl, + mbedtls_pk_context *own_key, + uint16_t *algorithm, + mbedtls_pk_type_t *pk_type, + mbedtls_md_type_t *md_alg) { mbedtls_pk_type_t sig = mbedtls_ssl_sig_from_pk( own_key ); /* Determine the size of the key */ size_t own_key_size = mbedtls_pk_get_bitlen( own_key ); - uint16_t algorithm = MBEDTLS_TLS1_3_SIG_NONE; + *algorithm = MBEDTLS_TLS1_3_SIG_NONE; ((void) own_key_size); switch( sig ) @@ -1000,20 +1001,20 @@ static uint16_t ssl_tls13_get_sig_alg_from_pk( mbedtls_ssl_context *ssl, switch( own_key_size ) { case 256: - algorithm = MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256; + *algorithm = MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256; *md_alg = MBEDTLS_MD_SHA256; *pk_type = MBEDTLS_PK_ECDSA; - break; + return( 0 ); case 384: - algorithm = MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384; + *algorithm = MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384; *md_alg = MBEDTLS_MD_SHA384; *pk_type = MBEDTLS_PK_ECDSA; - break; + return( 0 ); case 521: - algorithm = MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512; + *algorithm = MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512; *md_alg = MBEDTLS_MD_SHA512; *pk_type = MBEDTLS_PK_ECDSA; - break; + return( 0 ); default: MBEDTLS_SSL_DEBUG_MSG( 3, ( "unknown key size: %" @@ -1030,25 +1031,28 @@ static uint16_t ssl_tls13_get_sig_alg_from_pk( mbedtls_ssl_context *ssl, mbedtls_ssl_sig_alg_is_received( ssl, MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256 ) ) { - algorithm = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256; + *algorithm = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256; *md_alg = MBEDTLS_MD_SHA256; *pk_type = MBEDTLS_PK_RSASSA_PSS; + return( 0 ); } else if( own_key_size <= 3072 && mbedtls_ssl_sig_alg_is_received( ssl, MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384 ) ) { - algorithm = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384; + *algorithm = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384; *md_alg = MBEDTLS_MD_SHA384; *pk_type = MBEDTLS_PK_RSASSA_PSS; + return( 0 ); } else if( own_key_size <= 4096 && mbedtls_ssl_sig_alg_is_received( ssl, MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512 ) ) { - algorithm = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512; + *algorithm = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512; *md_alg = MBEDTLS_MD_SHA512; *pk_type = MBEDTLS_PK_RSASSA_PSS; + return( 0 ); } break; #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ @@ -1057,7 +1061,7 @@ static uint16_t ssl_tls13_get_sig_alg_from_pk( mbedtls_ssl_context *ssl, ( "unkown signature type : %u", sig ) ); break; } - return( algorithm ); + return( -1 ); } static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, @@ -1112,10 +1116,9 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, * opaque signature<0..2^16-1>; * } CertificateVerify; */ - algorithm = ssl_tls13_get_sig_alg_from_pk( ssl, own_key, - &pk_type, &md_alg ); - if( algorithm == MBEDTLS_TLS1_3_SIG_NONE || - ! mbedtls_ssl_sig_alg_is_received( ssl, algorithm ) ) + ret = ssl_tls13_get_sig_alg_from_pk( ssl, own_key, &algorithm, + &pk_type, &md_alg ); + if( ret != 0 || ! mbedtls_ssl_sig_alg_is_received( ssl, algorithm ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "signature algorithm not in received or offered list." ) ); From 701656fb292bf1fed5d4663f360a0be4b1ccd219 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 22 Mar 2022 21:52:05 +0800 Subject: [PATCH 28/41] fix redefine error Signed-off-by: Jerry Yu --- tests/suites/test_suite_pk.function | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 046517fc58..c0171b9b3e 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -1118,7 +1118,6 @@ void pk_psa_sign_ext( int pk_type, int parameter, int key_pk_type, int md_alg ) #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) if( key_pk_type == MBEDTLS_PK_RSASSA_PSS ) { - const mbedtls_md_info_t* md_info = mbedtls_md_info_from_type( md_alg ); rsassa_pss_options.mgf1_hash_id = md_alg; TEST_ASSERT( md_info != NULL ); rsassa_pss_options.expected_salt_len = mbedtls_md_get_size( md_info ); From cef3f330128dfe39ea6f8d88bc9f42738d41d0c7 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 22 Mar 2022 23:00:13 +0800 Subject: [PATCH 29/41] Guard rsa sig algs with rsa_c and pkcs1_v{15,21} Signed-off-by: Jerry Yu --- library/ssl_misc.h | 48 +++++++++++++++++-- library/ssl_tls13_generic.c | 71 +++++++++++++++++++++++++---- tests/suites/test_suite_pk.data | 12 ++--- tests/suites/test_suite_pk.function | 5 +- 4 files changed, 113 insertions(+), 23 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index cb9b6aaa79..0caaa28e50 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2055,20 +2055,58 @@ static inline int mbedtls_ssl_sig_alg_is_supported( MBEDTLS_ECDSA_C */ #if defined(MBEDTLS_SHA256_C) && \ - defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) + defined(MBEDTLS_PKCS1_V21) && \ + defined(MBEDTLS_RSA_C) case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256: break; +#endif /* MBEDTLS_SHA256_C && \ + MBEDTLS_PKCS1_V21 && \ + MBEDTLS_RSA_C */ + +#if defined(MBEDTLS_SHA384_C) && \ + defined(MBEDTLS_PKCS1_V21) && \ + defined(MBEDTLS_RSA_C) case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384: break; +#endif /* MBEDTLS_SHA384_C && \ + MBEDTLS_PKCS1_V21 && \ + MBEDTLS_RSA_C */ + +#if defined(MBEDTLS_SHA512_C) && \ + defined(MBEDTLS_PKCS1_V21) && \ + defined(MBEDTLS_RSA_C) case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512: break; -#endif /* MBEDTLS_SHA256_C && - MBEDTLS_X509_RSASSA_PSS_SUPPORT */ +#endif /* MBEDTLS_SHA512_C && \ + MBEDTLS_PKCS1_V21 && \ + MBEDTLS_RSA_C */ -#if defined(MBEDTLS_SHA256_C) && defined(MBEDTLS_RSA_C) +#if defined(MBEDTLS_SHA256_C) && \ + defined(MBEDTLS_PKCS1_V15) && \ + defined(MBEDTLS_RSA_C) case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256: break; -#endif /* MBEDTLS_SHA256_C && MBEDTLS_RSA_C*/ +#endif /* MBEDTLS_SHA256_C && \ + MBEDTLS_PKCS1_V15 && \ + MBEDTLS_RSA_C */ + +#if defined(MBEDTLS_SHA384_C) && \ + defined(MBEDTLS_PKCS1_V15) && \ + defined(MBEDTLS_RSA_C) + case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384: + break; +#endif /* MBEDTLS_SHA384_C && \ + MBEDTLS_PKCS1_V15 && \ + MBEDTLS_RSA_C */ + +#if defined(MBEDTLS_SHA512_C) && \ + defined(MBEDTLS_PKCS1_V15) && \ + defined(MBEDTLS_RSA_C) + case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512: + break; +#endif /* MBEDTLS_SHA384_C && \ + MBEDTLS_PKCS1_V15 && \ + MBEDTLS_RSA_C */ default: return( 0 ); diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index cc7a0ac01a..d1dcaed4dc 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -350,7 +350,7 @@ static int ssl_tls13_parse_certificate_verify( mbedtls_ssl_context *ssl, md_alg = MBEDTLS_MD_SHA512; sig_alg = MBEDTLS_PK_ECDSA; break; -#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) +#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PKCS1_V21) #if defined(MBEDTLS_SHA256_C) case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256: md_alg = MBEDTLS_MD_SHA256; @@ -371,7 +371,7 @@ static int ssl_tls13_parse_certificate_verify( mbedtls_ssl_context *ssl, sig_alg = MBEDTLS_PK_RSASSA_PSS; break; #endif /* MBEDTLS_SHA512_C */ -#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ +#endif /* MBEDTLS_RSA_C && MBEDTLS_PKCS1_V21 */ default: MBEDTLS_SSL_DEBUG_MSG( 1, ( "Certificate Verify: Unknown signature algorithm." ) ); goto error; @@ -1025,8 +1025,10 @@ static int ssl_tls13_get_sig_alg_from_pk( mbedtls_ssl_context *ssl, break; #endif /* MBEDTLS_ECDSA_C */ -#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) +#if defined(MBEDTLS_RSA_C) case MBEDTLS_SSL_SIG_RSA: +#if defined(MBEDTLS_PKCS1_V21) +#if defined(MBEDTLS_SHA256_C) if( own_key_size <= 2048 && mbedtls_ssl_sig_alg_is_received( ssl, MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256 ) ) @@ -1036,8 +1038,11 @@ static int ssl_tls13_get_sig_alg_from_pk( mbedtls_ssl_context *ssl, *pk_type = MBEDTLS_PK_RSASSA_PSS; return( 0 ); } - else if( own_key_size <= 3072 && - mbedtls_ssl_sig_alg_is_received( ssl, + else +#endif /* MBEDTLS_SHA256_C */ +#if defined(MBEDTLS_SHA384_C) + if( own_key_size <= 3072 && + mbedtls_ssl_sig_alg_is_received( ssl, MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384 ) ) { *algorithm = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384; @@ -1045,8 +1050,11 @@ static int ssl_tls13_get_sig_alg_from_pk( mbedtls_ssl_context *ssl, *pk_type = MBEDTLS_PK_RSASSA_PSS; return( 0 ); } - else if( own_key_size <= 4096 && - mbedtls_ssl_sig_alg_is_received( ssl, + else +#endif /* MBEDTLS_SHA384_C */ +#if defined(MBEDTLS_SHA512_C) + if( own_key_size <= 4096 && + mbedtls_ssl_sig_alg_is_received( ssl, MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512 ) ) { *algorithm = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512; @@ -1054,8 +1062,55 @@ static int ssl_tls13_get_sig_alg_from_pk( mbedtls_ssl_context *ssl, *pk_type = MBEDTLS_PK_RSASSA_PSS; return( 0 ); } + else +#endif /* MBEDTLS_SHA512_C */ +#endif /* MBEDTLS_PKCS1_V21 */ +#if defined(MBEDTLS_PKCS1_V15) +#if defined(MBEDTLS_SHA256_C) + if( own_key_size <= 2048 && + mbedtls_ssl_sig_alg_is_received( ssl, + MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256 ) ) + { + *algorithm = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256; + *md_alg = MBEDTLS_MD_SHA256; + *pk_type = MBEDTLS_PK_RSA; + return( 0 ); + } + else +#endif /* MBEDTLS_SHA256_C */ +#if defined(MBEDTLS_SHA384_C) + if( own_key_size <= 3072 && + mbedtls_ssl_sig_alg_is_received( ssl, + MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384 ) ) + { + *algorithm = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384; + *md_alg = MBEDTLS_MD_SHA384; + *pk_type = MBEDTLS_PK_RSA; + return( 0 ); + } + else +#endif /* MBEDTLS_SHA384_C */ +#if defined(MBEDTLS_SHA512_C) + if( own_key_size <= 4096 && + mbedtls_ssl_sig_alg_is_received( ssl, + MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512 ) ) + { + *algorithm = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512; + *md_alg = MBEDTLS_MD_SHA512; + *pk_type = MBEDTLS_PK_RSA; + return( 0 ); + } + else +#endif /* MBEDTLS_SHA512_C */ +#endif /* MBEDTLS_PKCS1_V15 */ + { + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "unknown key size: %" + MBEDTLS_PRINTF_SIZET " bits", + own_key_size ) ); + } break; -#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ +#endif /* MBEDTLS_RSA_C */ default: MBEDTLS_SSL_DEBUG_MSG( 1, ( "unkown signature type : %u", sig ) ); diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data index a83c66f436..de0b01bf42 100644 --- a/tests/suites/test_suite_pk.data +++ b/tests/suites/test_suite_pk.data @@ -342,27 +342,27 @@ depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED pk_psa_sign:MBEDTLS_ECP_DP_BP512R1:PSA_ECC_FAMILY_BRAINPOOL_P_R1:512 PK Sign ext:RSA2048,PK_RSA,MD_SHA256 -depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C +depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_RSA_C pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA256 PK Sign ext:RSA2048,PK_RSASSA_PSS,MD_SHA256 -depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C +depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C:MBEDTLS_RSA_C pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA256 PK Sign ext:RSA3072,PK_RSA,MD_SHA384 -depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_SHA384_C +depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_SHA384_C:MBEDTLS_RSA_C pk_psa_sign_ext:MBEDTLS_PK_RSA:3072:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA384 PK Sign ext:RSA3072,PK_RSASSA_PSS,MD_SHA384 -depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_SHA384_C +depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_SHA384_C:MBEDTLS_RSA_C pk_psa_sign_ext:MBEDTLS_PK_RSA:3072:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA384 PK Sign ext:RSA4096,PK_RSA,MD_SHA512 -depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_SHA512_C +depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_SHA512_C:MBEDTLS_RSA_C pk_psa_sign_ext:MBEDTLS_PK_RSA:4096:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA512 PK Sign ext:RSA4096,PK_RSASSA_PSS,MD_SHA512 -depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_SHA512_C +depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_SHA512_C:MBEDTLS_RSA_C pk_psa_sign_ext:MBEDTLS_PK_RSA:4096:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA512 PK Sign ext:SECP256R1,PK_ECDSA,MD_SHA256 diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index c0171b9b3e..e0877a2051 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -1098,9 +1098,7 @@ void pk_psa_sign_ext( int pk_type, int parameter, int key_pk_type, int md_alg ) const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg ); size_t hash_len = mbedtls_md_get_size( md_info ); void const *options = NULL; -#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) mbedtls_pk_rsassa_pss_options rsassa_pss_options; -#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ memset( hash, 0x2a, sizeof( hash ) ); memset( sig, 0, sizeof( sig ) ); @@ -1115,7 +1113,7 @@ void pk_psa_sign_ext( int pk_type, int parameter, int key_pk_type, int md_alg ) TEST_ASSERT( mbedtls_pk_sign_ext( key_pk_type, &pk, md_alg, hash, hash_len, sig, sizeof( sig ), &sig_len, mbedtls_test_rnd_std_rand, NULL ) == 0 ); -#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) + if( key_pk_type == MBEDTLS_PK_RSASSA_PSS ) { rsassa_pss_options.mgf1_hash_id = md_alg; @@ -1123,7 +1121,6 @@ void pk_psa_sign_ext( int pk_type, int parameter, int key_pk_type, int md_alg ) rsassa_pss_options.expected_salt_len = mbedtls_md_get_size( md_info ); options = (const void*) &rsassa_pss_options; } -#endif TEST_ASSERT( mbedtls_pk_verify_ext( key_pk_type, options, &pk, md_alg, hash, hash_len, sig, sig_len ) == 0 ); exit: From 5fb7d176f3d47f60d258ecf7ec687d89aab86bfc Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 23 Mar 2022 11:05:01 +0800 Subject: [PATCH 30/41] Replace rsakey to 2048bits for test Signed-off-by: Jerry Yu --- tests/suites/test_suite_pk.data | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data index de0b01bf42..cf40e5514e 100644 --- a/tests/suites/test_suite_pk.data +++ b/tests/suites/test_suite_pk.data @@ -349,21 +349,21 @@ PK Sign ext:RSA2048,PK_RSASSA_PSS,MD_SHA256 depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C:MBEDTLS_RSA_C pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA256 -PK Sign ext:RSA3072,PK_RSA,MD_SHA384 +PK Sign ext:RSA2048,PK_RSA,MD_SHA384 depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_SHA384_C:MBEDTLS_RSA_C -pk_psa_sign_ext:MBEDTLS_PK_RSA:3072:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA384 +pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA384 -PK Sign ext:RSA3072,PK_RSASSA_PSS,MD_SHA384 +PK Sign ext:RSA2048,PK_RSASSA_PSS,MD_SHA384 depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_SHA384_C:MBEDTLS_RSA_C -pk_psa_sign_ext:MBEDTLS_PK_RSA:3072:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA384 +pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA384 -PK Sign ext:RSA4096,PK_RSA,MD_SHA512 +PK Sign ext:RSA2048,PK_RSA,MD_SHA512 depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_SHA512_C:MBEDTLS_RSA_C -pk_psa_sign_ext:MBEDTLS_PK_RSA:4096:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA512 +pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA512 -PK Sign ext:RSA4096,PK_RSASSA_PSS,MD_SHA512 +PK Sign ext:RSA2048,PK_RSASSA_PSS,MD_SHA512 depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_SHA512_C:MBEDTLS_RSA_C -pk_psa_sign_ext:MBEDTLS_PK_RSA:4096:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA512 +pk_psa_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA512 PK Sign ext:SECP256R1,PK_ECDSA,MD_SHA256 depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C From fb0621d8414b13388f22598c05859c2fab7f7dcc Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 23 Mar 2022 11:42:06 +0800 Subject: [PATCH 31/41] fix pk_sign_ext issues Signed-off-by: Jerry Yu --- library/pk.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/library/pk.c b/library/pk.c index 5171961a78..7f4d5fe949 100644 --- a/library/pk.c +++ b/library/pk.c @@ -520,7 +520,7 @@ int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, #if defined(MBEDTLS_PSA_CRYPTO_C) /* - * Make a signature with options + * Make a signature given a signature type. */ int mbedtls_pk_sign_ext( mbedtls_pk_type_t pk_type, mbedtls_pk_context *ctx, @@ -530,7 +530,9 @@ int mbedtls_pk_sign_ext( mbedtls_pk_type_t pk_type, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { - +#if defined(MBEDTLS_RSA_C) + psa_algorithm_t psa_md_alg; +#endif /* MBEDTLS_RSA_C */ *sig_len = 0; if( ctx->pk_info == NULL ) @@ -545,8 +547,10 @@ int mbedtls_pk_sign_ext( mbedtls_pk_type_t pk_type, sig, sig_size, sig_len, f_rng, p_rng ) ); } #if defined(MBEDTLS_RSA_C) - return( mbedtls_pk_psa_rsa_sign_ext( PSA_ALG_RSA_PSS( - mbedtls_psa_translate_md( md_alg ) ), + psa_md_alg = mbedtls_psa_translate_md( md_alg ); + if( psa_md_alg == 0 ) + return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + return( mbedtls_pk_psa_rsa_sign_ext( PSA_ALG_RSA_PSS( psa_md_alg ), ctx->pk_ctx, hash, hash_len, sig, sig_size, sig_len ) ); #else /* MBEDTLS_RSA_C */ From e010de4be35105a672d4bca50fca121b272b3218 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 23 Mar 2022 11:45:55 +0800 Subject: [PATCH 32/41] Rename ctx to rsa_ctx Signed-off-by: Jerry Yu --- library/pk_wrap.c | 8 ++++---- library/pk_wrap.h | 3 ++- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 76154ed3ac..2badfe7af1 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -197,12 +197,12 @@ static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, } #if defined(MBEDTLS_PSA_CRYPTO_C) -int mbedtls_pk_psa_rsa_sign_ext( psa_algorithm_t alg, void *pk_ctx, +int mbedtls_pk_psa_rsa_sign_ext( psa_algorithm_t alg, + mbedtls_rsa_context *rsa_ctx, const unsigned char *hash, size_t hash_len, unsigned char *sig, size_t sig_size, size_t *sig_len ) { - mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) pk_ctx; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; @@ -212,14 +212,14 @@ int mbedtls_pk_psa_rsa_sign_ext( psa_algorithm_t alg, void *pk_ctx, unsigned char buf[MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES]; mbedtls_pk_info_t pk_info = mbedtls_rsa_info; - *sig_len = mbedtls_rsa_get_len( rsa ); + *sig_len = mbedtls_rsa_get_len( rsa_ctx ); if( sig_size < *sig_len ) return( MBEDTLS_ERR_PK_BUFFER_TOO_SMALL ); /* mbedtls_pk_write_key_der() expects a full PK context; * re-construct one to make it happy */ key.pk_info = &pk_info; - key.pk_ctx = pk_ctx; + key.pk_ctx = rsa_ctx; key_len = mbedtls_pk_write_key_der( &key, buf, sizeof( buf ) ); if( key_len <= 0 ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); diff --git a/library/pk_wrap.h b/library/pk_wrap.h index 5dae6b45cc..02a636f8bb 100644 --- a/library/pk_wrap.h +++ b/library/pk_wrap.h @@ -151,7 +151,8 @@ int mbedtls_pk_error_from_psa_rsa( psa_status_t status ); #endif #if defined(MBEDTLS_RSA_C) -int mbedtls_pk_psa_rsa_sign_ext( psa_algorithm_t psa_alg_md, void *ctx, +int mbedtls_pk_psa_rsa_sign_ext( psa_algorithm_t psa_alg_md, + mbedtls_rsa_context *rsa_ctx, const unsigned char *hash, size_t hash_len, unsigned char *sig, size_t sig_size, size_t *sig_len ); From 7533982f68c26a57a432fe446c5c3ba9aa9bbf3a Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 23 Mar 2022 12:06:31 +0800 Subject: [PATCH 33/41] guard pk_error_from_psa_ecdsa with USE_PSA_CRYPTO Signed-off-by: Jerry Yu --- library/pk_wrap.c | 4 ++-- library/pk_wrap.h | 9 +++++---- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 2badfe7af1..9c6cf9c91e 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -147,9 +147,9 @@ int mbedtls_pk_error_from_psa_ecdsa( psa_status_t status ) return( mbedtls_pk_error_from_psa( status ) ); } } -#endif +#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ -#endif +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_RSA_C) static int rsa_can_do( mbedtls_pk_type_t type ) diff --git a/library/pk_wrap.h b/library/pk_wrap.h index 02a636f8bb..7375da134a 100644 --- a/library/pk_wrap.h +++ b/library/pk_wrap.h @@ -137,15 +137,16 @@ extern const mbedtls_pk_info_t mbedtls_rsa_alt_info; #if defined(MBEDTLS_USE_PSA_CRYPTO) extern const mbedtls_pk_info_t mbedtls_pk_opaque_info; -#endif - -#if defined(MBEDTLS_PSA_CRYPTO_C) -int mbedtls_pk_error_from_psa( psa_status_t status ); #if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) int mbedtls_pk_error_from_psa_ecdsa( psa_status_t status ); #endif +#endif + +#if defined(MBEDTLS_PSA_CRYPTO_C) +int mbedtls_pk_error_from_psa( psa_status_t status ); + #if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) int mbedtls_pk_error_from_psa_rsa( psa_status_t status ); #endif From 0c23fc39c3425c945f472b21b682c95e90bafbb0 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 23 Mar 2022 12:20:01 +0800 Subject: [PATCH 34/41] fix various guards issues Signed-off-by: Jerry Yu --- library/ssl_misc.h | 18 ++++++------------ library/ssl_tls13_generic.c | 7 +++++-- 2 files changed, 11 insertions(+), 14 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 0caaa28e50..7fbf9f81c8 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2055,31 +2055,25 @@ static inline int mbedtls_ssl_sig_alg_is_supported( MBEDTLS_ECDSA_C */ #if defined(MBEDTLS_SHA256_C) && \ - defined(MBEDTLS_PKCS1_V21) && \ - defined(MBEDTLS_RSA_C) + defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256: break; #endif /* MBEDTLS_SHA256_C && \ - MBEDTLS_PKCS1_V21 && \ - MBEDTLS_RSA_C */ + MBEDTLS_X509_RSASSA_PSS_SUPPORT */ #if defined(MBEDTLS_SHA384_C) && \ - defined(MBEDTLS_PKCS1_V21) && \ - defined(MBEDTLS_RSA_C) + defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384: break; #endif /* MBEDTLS_SHA384_C && \ - MBEDTLS_PKCS1_V21 && \ - MBEDTLS_RSA_C */ + MBEDTLS_X509_RSASSA_PSS_SUPPORT */ #if defined(MBEDTLS_SHA512_C) && \ - defined(MBEDTLS_PKCS1_V21) && \ - defined(MBEDTLS_RSA_C) + defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512: break; #endif /* MBEDTLS_SHA512_C && \ - MBEDTLS_PKCS1_V21 && \ - MBEDTLS_RSA_C */ + MBEDTLS_X509_RSASSA_PSS_SUPPORT */ #if defined(MBEDTLS_SHA256_C) && \ defined(MBEDTLS_PKCS1_V15) && \ diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index d1dcaed4dc..e71456e1a9 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -338,6 +338,7 @@ static int ssl_tls13_parse_certificate_verify( mbedtls_ssl_context *ssl, /* We currently only support ECDSA-based signatures */ switch( algorithm ) { +#if defined(MBEDTLS_ECDSA_C) case MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256: md_alg = MBEDTLS_MD_SHA256; sig_alg = MBEDTLS_PK_ECDSA; @@ -350,7 +351,9 @@ static int ssl_tls13_parse_certificate_verify( mbedtls_ssl_context *ssl, md_alg = MBEDTLS_MD_SHA512; sig_alg = MBEDTLS_PK_ECDSA; break; -#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PKCS1_V21) +#endif /* MBEDTLS_ECDSA_C */ + +#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) #if defined(MBEDTLS_SHA256_C) case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256: md_alg = MBEDTLS_MD_SHA256; @@ -371,7 +374,7 @@ static int ssl_tls13_parse_certificate_verify( mbedtls_ssl_context *ssl, sig_alg = MBEDTLS_PK_RSASSA_PSS; break; #endif /* MBEDTLS_SHA512_C */ -#endif /* MBEDTLS_RSA_C && MBEDTLS_PKCS1_V21 */ +#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ default: MBEDTLS_SSL_DEBUG_MSG( 1, ( "Certificate Verify: Unknown signature algorithm." ) ); goto error; From 8c3388620d05f0903b1d7a1f60581ea0359a3e2f Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 23 Mar 2022 13:34:04 +0800 Subject: [PATCH 35/41] create sig_alg decode function Signed-off-by: Jerry Yu --- library/ssl_misc.h | 195 +++++++++++++++++++++--------------- library/ssl_tls13_generic.c | 90 +++++------------ 2 files changed, 139 insertions(+), 146 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 7fbf9f81c8..e7dbe69587 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1954,6 +1954,115 @@ static inline int mbedtls_ssl_sig_alg_is_offered( const mbedtls_ssl_context *ssl return( 0 ); } +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) +static inline int mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg( + uint16_t sig_alg, mbedtls_pk_type_t *pk_type, mbedtls_md_type_t *md_alg) +{ + *pk_type = MBEDTLS_PK_NONE; + *md_alg = MBEDTLS_MD_NONE; + ((void) sig_alg); + switch( sig_alg ) + { +#if defined(MBEDTLS_SHA256_C) && \ + defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) && \ + defined(MBEDTLS_ECDSA_C) + case MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256: + *md_alg = MBEDTLS_MD_SHA256; + *pk_type = MBEDTLS_PK_ECDSA; + break; +#endif /* MBEDTLS_SHA256_C && + MBEDTLS_ECP_DP_SECP256R1_ENABLED && + MBEDTLS_ECDSA_C */ + +#if defined(MBEDTLS_SHA384_C) && \ + defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) && \ + defined(MBEDTLS_ECDSA_C) + case MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384: + *md_alg = MBEDTLS_MD_SHA384; + *pk_type = MBEDTLS_PK_ECDSA; + break; +#endif /* MBEDTLS_SHA384_C && + MBEDTLS_ECP_DP_SECP384R1_ENABLED && + MBEDTLS_ECDSA_C */ + +#if defined(MBEDTLS_SHA512_C) && \ + defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) && \ + defined(MBEDTLS_ECDSA_C) + case MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512: + *md_alg = MBEDTLS_MD_SHA512; + *pk_type = MBEDTLS_PK_ECDSA; + break; +#endif /* MBEDTLS_SHA512_C && + MBEDTLS_ECP_DP_SECP521R1_ENABLED && + MBEDTLS_ECDSA_C */ + +#if defined(MBEDTLS_SHA256_C) && \ + defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) + case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256: + *md_alg = MBEDTLS_MD_SHA256; + *pk_type = MBEDTLS_PK_RSASSA_PSS; + break; +#endif /* MBEDTLS_SHA256_C && \ + MBEDTLS_X509_RSASSA_PSS_SUPPORT */ + +#if defined(MBEDTLS_SHA384_C) && \ + defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) + case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384: + *md_alg = MBEDTLS_MD_SHA384; + *pk_type = MBEDTLS_PK_RSASSA_PSS; + break; +#endif /* MBEDTLS_SHA384_C && \ + MBEDTLS_X509_RSASSA_PSS_SUPPORT */ + +#if defined(MBEDTLS_SHA512_C) && \ + defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) + case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512: + *md_alg = MBEDTLS_MD_SHA512; + *pk_type = MBEDTLS_PK_RSASSA_PSS; + break; +#endif /* MBEDTLS_SHA512_C && \ + MBEDTLS_X509_RSASSA_PSS_SUPPORT */ + +#if defined(MBEDTLS_SHA256_C) && \ + defined(MBEDTLS_PKCS1_V15) && \ + defined(MBEDTLS_RSA_C) + case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256: + *md_alg = MBEDTLS_MD_SHA256; + *pk_type = MBEDTLS_PK_RSA; + break; +#endif /* MBEDTLS_SHA256_C && \ + MBEDTLS_PKCS1_V15 && \ + MBEDTLS_RSA_C */ + +#if defined(MBEDTLS_SHA384_C) && \ + defined(MBEDTLS_PKCS1_V15) && \ + defined(MBEDTLS_RSA_C) + case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384: + *md_alg = MBEDTLS_MD_SHA384; + *pk_type = MBEDTLS_PK_RSA; + break; +#endif /* MBEDTLS_SHA384_C && \ + MBEDTLS_PKCS1_V15 && \ + MBEDTLS_RSA_C */ + +#if defined(MBEDTLS_SHA512_C) && \ + defined(MBEDTLS_PKCS1_V15) && \ + defined(MBEDTLS_RSA_C) + case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512: + *md_alg = MBEDTLS_MD_SHA512; + *pk_type = MBEDTLS_PK_RSA; + break; +#endif /* MBEDTLS_SHA384_C && \ + MBEDTLS_PKCS1_V15 && \ + MBEDTLS_RSA_C */ + + default: + return( 0 ); + } + return( 1 ); +} +#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ + static inline int mbedtls_ssl_sig_alg_is_supported( const mbedtls_ssl_context *ssl, const uint16_t sig_alg ) @@ -2025,88 +2134,10 @@ static inline int mbedtls_ssl_sig_alg_is_supported( #if defined(MBEDTLS_SSL_PROTO_TLS1_3) if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4) { - switch( sig_alg ) - { -#if defined(MBEDTLS_SHA256_C) && \ - defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) && \ - defined(MBEDTLS_ECDSA_C) - case MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256: - break; -#endif /* MBEDTLS_SHA256_C && - MBEDTLS_ECP_DP_SECP256R1_ENABLED && - MBEDTLS_ECDSA_C */ - -#if defined(MBEDTLS_SHA384_C) && \ - defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) && \ - defined(MBEDTLS_ECDSA_C) - case MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384: - break; -#endif /* MBEDTLS_SHA384_C && - MBEDTLS_ECP_DP_SECP384R1_ENABLED && - MBEDTLS_ECDSA_C */ - -#if defined(MBEDTLS_SHA512_C) && \ - defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) && \ - defined(MBEDTLS_ECDSA_C) - case MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512: - break; -#endif /* MBEDTLS_SHA512_C && - MBEDTLS_ECP_DP_SECP521R1_ENABLED && - MBEDTLS_ECDSA_C */ - -#if defined(MBEDTLS_SHA256_C) && \ - defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) - case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256: - break; -#endif /* MBEDTLS_SHA256_C && \ - MBEDTLS_X509_RSASSA_PSS_SUPPORT */ - -#if defined(MBEDTLS_SHA384_C) && \ - defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) - case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384: - break; -#endif /* MBEDTLS_SHA384_C && \ - MBEDTLS_X509_RSASSA_PSS_SUPPORT */ - -#if defined(MBEDTLS_SHA512_C) && \ - defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) - case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512: - break; -#endif /* MBEDTLS_SHA512_C && \ - MBEDTLS_X509_RSASSA_PSS_SUPPORT */ - -#if defined(MBEDTLS_SHA256_C) && \ - defined(MBEDTLS_PKCS1_V15) && \ - defined(MBEDTLS_RSA_C) - case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256: - break; -#endif /* MBEDTLS_SHA256_C && \ - MBEDTLS_PKCS1_V15 && \ - MBEDTLS_RSA_C */ - -#if defined(MBEDTLS_SHA384_C) && \ - defined(MBEDTLS_PKCS1_V15) && \ - defined(MBEDTLS_RSA_C) - case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384: - break; -#endif /* MBEDTLS_SHA384_C && \ - MBEDTLS_PKCS1_V15 && \ - MBEDTLS_RSA_C */ - -#if defined(MBEDTLS_SHA512_C) && \ - defined(MBEDTLS_PKCS1_V15) && \ - defined(MBEDTLS_RSA_C) - case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512: - break; -#endif /* MBEDTLS_SHA384_C && \ - MBEDTLS_PKCS1_V15 && \ - MBEDTLS_RSA_C */ - - default: - return( 0 ); - } - - return( 1 ); + mbedtls_pk_type_t pk_type; + mbedtls_md_type_t md_alg; + return( mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg( + sig_alg, &pk_type, &md_alg ) ); } #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ ((void) ssl); diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index e71456e1a9..5aa8587775 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -336,48 +336,14 @@ static int ssl_tls13_parse_certificate_verify( mbedtls_ssl_context *ssl, } /* We currently only support ECDSA-based signatures */ - switch( algorithm ) + if( mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg( + algorithm, &sig_alg, &md_alg ) == 0 ) { -#if defined(MBEDTLS_ECDSA_C) - case MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256: - md_alg = MBEDTLS_MD_SHA256; - sig_alg = MBEDTLS_PK_ECDSA; - break; - case MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384: - md_alg = MBEDTLS_MD_SHA384; - sig_alg = MBEDTLS_PK_ECDSA; - break; - case MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512: - md_alg = MBEDTLS_MD_SHA512; - sig_alg = MBEDTLS_PK_ECDSA; - break; -#endif /* MBEDTLS_ECDSA_C */ - -#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) -#if defined(MBEDTLS_SHA256_C) - case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256: - md_alg = MBEDTLS_MD_SHA256; - sig_alg = MBEDTLS_PK_RSASSA_PSS; - break; -#endif /* MBEDTLS_SHA256_C */ - -#if defined(MBEDTLS_SHA384_C) - case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384: - md_alg = MBEDTLS_MD_SHA384; - sig_alg = MBEDTLS_PK_RSASSA_PSS; - break; -#endif /* MBEDTLS_SHA384_C */ - -#if defined(MBEDTLS_SHA512_C) - case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512: - md_alg = MBEDTLS_MD_SHA256; - sig_alg = MBEDTLS_PK_RSASSA_PSS; - break; -#endif /* MBEDTLS_SHA512_C */ -#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ - default: - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Certificate Verify: Unknown signature algorithm." ) ); - goto error; + /* algorithm not in offered signature algorithms list */ + MBEDTLS_SSL_DEBUG_MSG( 1, ( "Get pk type and md algorithm from " + "signature algorithm(%04x) fail.", + ( unsigned int ) algorithm ) ); + goto error; } MBEDTLS_SSL_DEBUG_MSG( 3, ( "Certificate Verify: Signature algorithm ( %04x )", @@ -987,9 +953,7 @@ cleanup: */ static int ssl_tls13_get_sig_alg_from_pk( mbedtls_ssl_context *ssl, mbedtls_pk_context *own_key, - uint16_t *algorithm, - mbedtls_pk_type_t *pk_type, - mbedtls_md_type_t *md_alg) + uint16_t *algorithm ) { mbedtls_pk_type_t sig = mbedtls_ssl_sig_from_pk( own_key ); /* Determine the size of the key */ @@ -1005,18 +969,12 @@ static int ssl_tls13_get_sig_alg_from_pk( mbedtls_ssl_context *ssl, { case 256: *algorithm = MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256; - *md_alg = MBEDTLS_MD_SHA256; - *pk_type = MBEDTLS_PK_ECDSA; return( 0 ); case 384: *algorithm = MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384; - *md_alg = MBEDTLS_MD_SHA384; - *pk_type = MBEDTLS_PK_ECDSA; return( 0 ); case 521: *algorithm = MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512; - *md_alg = MBEDTLS_MD_SHA512; - *pk_type = MBEDTLS_PK_ECDSA; return( 0 ); default: MBEDTLS_SSL_DEBUG_MSG( 3, @@ -1037,8 +995,6 @@ static int ssl_tls13_get_sig_alg_from_pk( mbedtls_ssl_context *ssl, MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256 ) ) { *algorithm = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256; - *md_alg = MBEDTLS_MD_SHA256; - *pk_type = MBEDTLS_PK_RSASSA_PSS; return( 0 ); } else @@ -1049,8 +1005,6 @@ static int ssl_tls13_get_sig_alg_from_pk( mbedtls_ssl_context *ssl, MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384 ) ) { *algorithm = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384; - *md_alg = MBEDTLS_MD_SHA384; - *pk_type = MBEDTLS_PK_RSASSA_PSS; return( 0 ); } else @@ -1061,8 +1015,6 @@ static int ssl_tls13_get_sig_alg_from_pk( mbedtls_ssl_context *ssl, MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512 ) ) { *algorithm = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512; - *md_alg = MBEDTLS_MD_SHA512; - *pk_type = MBEDTLS_PK_RSASSA_PSS; return( 0 ); } else @@ -1075,8 +1027,6 @@ static int ssl_tls13_get_sig_alg_from_pk( mbedtls_ssl_context *ssl, MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256 ) ) { *algorithm = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256; - *md_alg = MBEDTLS_MD_SHA256; - *pk_type = MBEDTLS_PK_RSA; return( 0 ); } else @@ -1087,8 +1037,6 @@ static int ssl_tls13_get_sig_alg_from_pk( mbedtls_ssl_context *ssl, MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384 ) ) { *algorithm = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384; - *md_alg = MBEDTLS_MD_SHA384; - *pk_type = MBEDTLS_PK_RSA; return( 0 ); } else @@ -1099,8 +1047,6 @@ static int ssl_tls13_get_sig_alg_from_pk( mbedtls_ssl_context *ssl, MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512 ) ) { *algorithm = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512; - *md_alg = MBEDTLS_MD_SHA512; - *pk_type = MBEDTLS_PK_RSA; return( 0 ); } else @@ -1174,8 +1120,7 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, * opaque signature<0..2^16-1>; * } CertificateVerify; */ - ret = ssl_tls13_get_sig_alg_from_pk( ssl, own_key, &algorithm, - &pk_type, &md_alg ); + ret = ssl_tls13_get_sig_alg_from_pk( ssl, own_key, &algorithm ); if( ret != 0 || ! mbedtls_ssl_sig_alg_is_received( ssl, algorithm ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, @@ -1189,6 +1134,23 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); } + ret = mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg( algorithm, + &pk_type, + &md_alg ); + if( ret == 0 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "signature algorithm is not supported." ) ); + + MBEDTLS_SSL_DEBUG_MSG( 1, ( "Signature algorithm is %s", + mbedtls_ssl_sig_alg_to_str( algorithm ) ) ); + + MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE, + MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); + return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); + + } + /* Check there is space for the algorithm identifier (2 bytes) and the * signature length (2 bytes). */ From f8aa9a44aa37dd493fc5ac3736e8fcc4c48bc718 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 23 Mar 2022 20:40:28 +0800 Subject: [PATCH 36/41] fix various issues Signed-off-by: Jerry Yu --- library/pk_wrap.h | 2 +- library/ssl_misc.h | 10 +++++----- library/ssl_tls13_generic.c | 19 +++---------------- tests/suites/test_suite_pk.function | 1 + 4 files changed, 10 insertions(+), 22 deletions(-) diff --git a/library/pk_wrap.h b/library/pk_wrap.h index 7375da134a..1b490cc31b 100644 --- a/library/pk_wrap.h +++ b/library/pk_wrap.h @@ -142,7 +142,7 @@ extern const mbedtls_pk_info_t mbedtls_pk_opaque_info; int mbedtls_pk_error_from_psa_ecdsa( psa_status_t status ); #endif -#endif +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_PSA_CRYPTO_C) int mbedtls_pk_error_from_psa( psa_status_t status ); diff --git a/library/ssl_misc.h b/library/ssl_misc.h index e7dbe69587..92bb63ff98 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1956,11 +1956,11 @@ static inline int mbedtls_ssl_sig_alg_is_offered( const mbedtls_ssl_context *ssl #if defined(MBEDTLS_SSL_PROTO_TLS1_3) static inline int mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg( - uint16_t sig_alg, mbedtls_pk_type_t *pk_type, mbedtls_md_type_t *md_alg) + uint16_t sig_alg, mbedtls_pk_type_t *pk_type, mbedtls_md_type_t *md_alg ) { *pk_type = MBEDTLS_PK_NONE; *md_alg = MBEDTLS_MD_NONE; - ((void) sig_alg); + switch( sig_alg ) { #if defined(MBEDTLS_SHA256_C) && \ @@ -2057,9 +2057,9 @@ static inline int mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg( MBEDTLS_RSA_C */ default: - return( 0 ); + return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); } - return( 1 ); + return( 0 ); } #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ @@ -2136,7 +2136,7 @@ static inline int mbedtls_ssl_sig_alg_is_supported( { mbedtls_pk_type_t pk_type; mbedtls_md_type_t md_alg; - return( mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg( + return( ! mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg( sig_alg, &pk_type, &md_alg ) ); } #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 5aa8587775..25004fd8a3 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -335,14 +335,9 @@ static int ssl_tls13_parse_certificate_verify( mbedtls_ssl_context *ssl, goto error; } - /* We currently only support ECDSA-based signatures */ if( mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg( - algorithm, &sig_alg, &md_alg ) == 0 ) + algorithm, &sig_alg, &md_alg ) != 0 ) { - /* algorithm not in offered signature algorithms list */ - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Get pk type and md algorithm from " - "signature algorithm(%04x) fail.", - ( unsigned int ) algorithm ) ); goto error; } @@ -1137,17 +1132,9 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, ret = mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg( algorithm, &pk_type, &md_alg ); - if( ret == 0 ) + if( ret != 0 ) { - MBEDTLS_SSL_DEBUG_MSG( 1, - ( "signature algorithm is not supported." ) ); - - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Signature algorithm is %s", - mbedtls_ssl_sig_alg_to_str( algorithm ) ) ); - - MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE, - MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); - return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index e0877a2051..237a8095d8 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -1091,6 +1091,7 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_GENPRIME */ void pk_psa_sign_ext( int pk_type, int parameter, int key_pk_type, int md_alg ) { + /* See the description of pk_genkey() for the description of the `parameter` argument. */ mbedtls_pk_context pk; size_t sig_len; unsigned char sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE]; From e26acee896fe6ca69454afdb2849d5388888e138 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 23 Mar 2022 21:01:33 +0800 Subject: [PATCH 37/41] Refactor guards for sig algs Signed-off-by: Jerry Yu --- library/ssl_misc.h | 78 ++++++++++++++++++---------------------------- 1 file changed, 30 insertions(+), 48 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 92bb63ff98..5180a16db0 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1963,98 +1963,80 @@ static inline int mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg( switch( sig_alg ) { -#if defined(MBEDTLS_SHA256_C) && \ - defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) && \ - defined(MBEDTLS_ECDSA_C) +#if defined(MBEDTLS_ECDSA_C) + +#if defined(MBEDTLS_SHA256_C) && defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) case MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256: *md_alg = MBEDTLS_MD_SHA256; *pk_type = MBEDTLS_PK_ECDSA; break; -#endif /* MBEDTLS_SHA256_C && - MBEDTLS_ECP_DP_SECP256R1_ENABLED && - MBEDTLS_ECDSA_C */ +#endif /* MBEDTLS_SHA256_C && MBEDTLS_ECP_DP_SECP256R1_ENABLED */ -#if defined(MBEDTLS_SHA384_C) && \ - defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) && \ - defined(MBEDTLS_ECDSA_C) +#if defined(MBEDTLS_SHA384_C) && defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) case MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384: *md_alg = MBEDTLS_MD_SHA384; *pk_type = MBEDTLS_PK_ECDSA; break; -#endif /* MBEDTLS_SHA384_C && - MBEDTLS_ECP_DP_SECP384R1_ENABLED && - MBEDTLS_ECDSA_C */ +#endif /* MBEDTLS_SHA384_C && MBEDTLS_ECP_DP_SECP384R1_ENABLED */ -#if defined(MBEDTLS_SHA512_C) && \ - defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) && \ - defined(MBEDTLS_ECDSA_C) +#if defined(MBEDTLS_SHA512_C) && defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) case MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512: *md_alg = MBEDTLS_MD_SHA512; *pk_type = MBEDTLS_PK_ECDSA; break; -#endif /* MBEDTLS_SHA512_C && - MBEDTLS_ECP_DP_SECP521R1_ENABLED && - MBEDTLS_ECDSA_C */ +#endif /* MBEDTLS_SHA512_C && MBEDTLS_ECP_DP_SECP521R1_ENABLED */ -#if defined(MBEDTLS_SHA256_C) && \ - defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) +#endif /* MBEDTLS_ECDSA_C */ + +#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) + +#if defined(MBEDTLS_SHA256_C) case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256: *md_alg = MBEDTLS_MD_SHA256; *pk_type = MBEDTLS_PK_RSASSA_PSS; break; -#endif /* MBEDTLS_SHA256_C && \ - MBEDTLS_X509_RSASSA_PSS_SUPPORT */ +#endif /* MBEDTLS_SHA256_C */ -#if defined(MBEDTLS_SHA384_C) && \ - defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) +#if defined(MBEDTLS_SHA384_C) case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384: *md_alg = MBEDTLS_MD_SHA384; *pk_type = MBEDTLS_PK_RSASSA_PSS; break; -#endif /* MBEDTLS_SHA384_C && \ - MBEDTLS_X509_RSASSA_PSS_SUPPORT */ +#endif /* MBEDTLS_SHA384_C */ -#if defined(MBEDTLS_SHA512_C) && \ - defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) +#if defined(MBEDTLS_SHA512_C) case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512: *md_alg = MBEDTLS_MD_SHA512; *pk_type = MBEDTLS_PK_RSASSA_PSS; break; -#endif /* MBEDTLS_SHA512_C && \ - MBEDTLS_X509_RSASSA_PSS_SUPPORT */ +#endif /* MBEDTLS_SHA512_C */ -#if defined(MBEDTLS_SHA256_C) && \ - defined(MBEDTLS_PKCS1_V15) && \ - defined(MBEDTLS_RSA_C) +#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ + +#if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) + +#if defined(MBEDTLS_SHA256_C) case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256: *md_alg = MBEDTLS_MD_SHA256; *pk_type = MBEDTLS_PK_RSA; break; -#endif /* MBEDTLS_SHA256_C && \ - MBEDTLS_PKCS1_V15 && \ - MBEDTLS_RSA_C */ +#endif /* MBEDTLS_SHA256_C */ -#if defined(MBEDTLS_SHA384_C) && \ - defined(MBEDTLS_PKCS1_V15) && \ - defined(MBEDTLS_RSA_C) +#if defined(MBEDTLS_SHA384_C) case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384: *md_alg = MBEDTLS_MD_SHA384; *pk_type = MBEDTLS_PK_RSA; break; -#endif /* MBEDTLS_SHA384_C && \ - MBEDTLS_PKCS1_V15 && \ - MBEDTLS_RSA_C */ +#endif /* MBEDTLS_SHA384_C */ -#if defined(MBEDTLS_SHA512_C) && \ - defined(MBEDTLS_PKCS1_V15) && \ - defined(MBEDTLS_RSA_C) +#if defined(MBEDTLS_SHA512_C) case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512: *md_alg = MBEDTLS_MD_SHA512; *pk_type = MBEDTLS_PK_RSA; break; -#endif /* MBEDTLS_SHA384_C && \ - MBEDTLS_PKCS1_V15 && \ - MBEDTLS_RSA_C */ +#endif /* MBEDTLS_SHA384_C */ + +#endif /* MBEDTLS_PKCS1_V15 && MBEDTLS_RSA_C */ default: return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); From e6e73d63ec732f270f7752b2c0930fc88a49c05d Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 24 Mar 2022 13:05:08 +0800 Subject: [PATCH 38/41] fix comments issue Signed-off-by: Jerry Yu --- include/mbedtls/pk.h | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index 4ac4e28bbe..324612a243 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -558,13 +558,12 @@ int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, * * \return 0 on success, or a specific error code. * - * \note see #PSA_ALG_RSA_PSS also. + * \note When \p pk_type is #MBEDTLS_PK_RSASSA_PSS, + * see #PSA_ALG_RSA_PSS for a description of PSS options used. * * \note For RSA, md_alg may be MBEDTLS_MD_NONE if hash_len != 0. * For ECDSA, md_alg may never be MBEDTLS_MD_NONE. * - * \note For RSA, md_alg may be MBEDTLS_MD_NONE if hash_len != 0. - * For ECDSA, md_alg may never be MBEDTLS_MD_NONE. */ int mbedtls_pk_sign_ext( mbedtls_pk_type_t pk_type, mbedtls_pk_context *ctx, From bd1b3278b1aea05ad948ce7cbd27b825b009858a Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 24 Mar 2022 13:05:20 +0800 Subject: [PATCH 39/41] Remove useless code Signed-off-by: Jerry Yu --- library/pk_wrap.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 9c6cf9c91e..2569b9c729 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -259,18 +259,16 @@ static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, unsigned char *sig, size_t sig_size, size_t *sig_len, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { - ((void) f_rng); ((void) p_rng); - ((void) md_alg); -#if SIZE_MAX > UINT_MAX - if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len ) + psa_algorithm_t psa_md_alg; + psa_md_alg = mbedtls_psa_translate_md( md_alg ); + if( psa_md_alg == 0 ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); -#endif /* SIZE_MAX > UINT_MAX */ - return( mbedtls_pk_psa_rsa_sign_ext( PSA_ALG_RSA_PKCS1V15_SIGN( - mbedtls_psa_translate_md( md_alg ) ), + return( mbedtls_pk_psa_rsa_sign_ext( PSA_ALG_RSA_PKCS1V15_SIGN( + psa_md_alg ), ctx, hash, hash_len, sig, sig_size, sig_len ) ); } From 6c6f10265d24cee2c7e577b73cefd8b08e2694e5 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 25 Mar 2022 11:09:50 +0800 Subject: [PATCH 40/41] fix various issues Signed-off-by: Jerry Yu --- library/ssl_misc.h | 2 +- library/ssl_tls13_generic.c | 7 ++----- 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 5180a16db0..2f4884cab7 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2034,7 +2034,7 @@ static inline int mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg( *md_alg = MBEDTLS_MD_SHA512; *pk_type = MBEDTLS_PK_RSA; break; -#endif /* MBEDTLS_SHA384_C */ +#endif /* MBEDTLS_SHA512_C */ #endif /* MBEDTLS_PKCS1_V15 && MBEDTLS_RSA_C */ diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 25004fd8a3..f7212214e2 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -1129,13 +1129,10 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); } - ret = mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg( algorithm, - &pk_type, - &md_alg ); - if( ret != 0 ) + if( mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg( + algorithm, &pk_type, &md_alg ) != 0 ) { return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - } /* Check there is space for the algorithm identifier (2 bytes) and the From d73d0a327a18ac3c2e55a38da23e694f565484d6 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 29 Mar 2022 16:37:51 +0800 Subject: [PATCH 41/41] remove unnecessary condition Signed-off-by: Jerry Yu --- scripts/generate_ssl_debug_helpers.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/scripts/generate_ssl_debug_helpers.py b/scripts/generate_ssl_debug_helpers.py index 6c9d670f75..a722c19f00 100755 --- a/scripts/generate_ssl_debug_helpers.py +++ b/scripts/generate_ssl_debug_helpers.py @@ -88,8 +88,7 @@ def preprocess_c_source_code(source, *classes): if has_instance is False: has_instance = True yield pair_start, start_line - if instance: - yield instance.span()[0], instance + yield instance.span()[0], instance if has_instance: yield start, end_line