From 8beb9e173df7fccd1d008a7b02d69764536c35d9 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Sat, 12 Mar 2022 16:23:53 +0800 Subject: [PATCH] Change prototype of pk_sign_ext Signed-off-by: Jerry Yu --- ChangeLog.d/mbedtls_pk_sign_ext.txt | 3 +++ include/mbedtls/pk.h | 23 ++++++++++++----------- library/pk.c | 23 ++++++++--------------- library/ssl_tls13_generic.c | 12 ++---------- 4 files changed, 25 insertions(+), 36 deletions(-) create mode 100644 ChangeLog.d/mbedtls_pk_sign_ext.txt diff --git a/ChangeLog.d/mbedtls_pk_sign_ext.txt b/ChangeLog.d/mbedtls_pk_sign_ext.txt new file mode 100644 index 0000000000..8dfa2e501b --- /dev/null +++ b/ChangeLog.d/mbedtls_pk_sign_ext.txt @@ -0,0 +1,3 @@ +Features + * Add mbedtls_pk_sign_ext() which allows generating RSA-PSS signatures when + PSA Crypto is enabled. diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index b5ca6ea5d9..2ef3b91be2 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -536,10 +536,9 @@ int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); /** - * \brief Make signature with options, including padding if relevant. + * \brief Make signature with input pk type. not the type of \p ctx . * - * \param type Signature type (inc. possible padding type) to verify - * \param options Pointer to type-specific options, or NULL + * \param pk_type Signature type. * \param ctx The PK context to use. It must have been set up * with a private key. * \param md_alg Hash algorithm used (see notes) @@ -558,9 +557,9 @@ int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, * * \return 0 on success, or a specific error code. * - * \note For RSA keys, the default padding type is PKCS#1 v1.5. - * There is no interface in the PK module to make RSASSA-PSS - * signatures yet. + * \note For RSA keys, the padding type depends on the value of the + * \p pk_type parameter: MBEDTLS_PK_RSA for PKCS#1 v1.5, and + * MBEDTLS_PK_RSASSA_PSS for PKCS#1 v2.1 with any salt. * * \note For RSA, md_alg may be MBEDTLS_MD_NONE if hash_len != 0. * For ECDSA, md_alg may never be MBEDTLS_MD_NONE. @@ -568,11 +567,13 @@ int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, * \note For RSA, md_alg may be MBEDTLS_MD_NONE if hash_len != 0. * For ECDSA, md_alg may never be MBEDTLS_MD_NONE. */ -int mbedtls_pk_sign_ext( mbedtls_pk_type_t type, const void *options, - mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hash_len, - unsigned char *sig, size_t sig_size, size_t *sig_len, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); +int mbedtls_pk_sign_ext( mbedtls_pk_type_t type, + mbedtls_pk_context *ctx, + mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + unsigned char *sig, size_t sig_size, size_t *sig_len, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng ); /** * \brief Restartable version of \c mbedtls_pk_sign() diff --git a/library/pk.c b/library/pk.c index cb25354018..b6dd99d953 100644 --- a/library/pk.c +++ b/library/pk.c @@ -521,11 +521,13 @@ int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, /* * Make a signature with options */ -int mbedtls_pk_sign_ext( mbedtls_pk_type_t type, const void *options, - mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hash_len, - unsigned char *sig, size_t sig_size, size_t *sig_len, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) +int mbedtls_pk_sign_ext( mbedtls_pk_type_t type, + mbedtls_pk_context *ctx, + mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + unsigned char *sig, size_t sig_size, size_t *sig_len, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng ) { PK_VALIDATE_RET( ctx != NULL ); PK_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hash_len == 0 ) || @@ -541,10 +543,6 @@ int mbedtls_pk_sign_ext( mbedtls_pk_type_t type, const void *options, if( type != MBEDTLS_PK_RSASSA_PSS ) { - /* General case: no options */ - if( options != NULL ) - return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); - return( mbedtls_pk_sign_restartable( ctx, md_alg, hash, hash_len, sig, sig_size, sig_len, f_rng, p_rng, NULL ) ); @@ -552,17 +550,12 @@ int mbedtls_pk_sign_ext( mbedtls_pk_type_t type, const void *options, #if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PKCS1_V21) int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - const mbedtls_pk_rsassa_pss_options *pss_opts; #if SIZE_MAX > UINT_MAX if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); #endif /* SIZE_MAX > UINT_MAX */ - if( options == NULL ) - return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); - - pss_opts = (const mbedtls_pk_rsassa_pss_options *) options; if( sig_size < mbedtls_pk_get_len( ctx ) ) return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); @@ -578,7 +571,7 @@ int mbedtls_pk_sign_ext( mbedtls_pk_type_t type, const void *options, f_rng, p_rng, md_alg, (unsigned int) hash_len, - hash,pss_opts->expected_salt_len, + hash,MBEDTLS_RSA_SALT_LEN_ANY, sig ); return( ret ); diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 7dd8fb4de8..a8c3570722 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -1060,10 +1060,8 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, unsigned char verify_buffer[ SSL_VERIFY_STRUCT_MAX_SIZE ]; size_t verify_buffer_len; mbedtls_pk_type_t pk_type = MBEDTLS_PK_NONE; - const void *options = NULL; mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE; uint16_t algorithm = MBEDTLS_TLS1_3_SIG_NONE; - mbedtls_pk_rsassa_pss_options pss_opts; size_t signature_len = 0; const mbedtls_md_info_t *md_info; unsigned char verify_hash[ MBEDTLS_MD_MAX_SIZE ]; @@ -1134,20 +1132,14 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256: md_alg = MBEDTLS_MD_SHA256; - pss_opts.expected_salt_len = MBEDTLS_RSA_SALT_LEN_ANY; - options = &pss_opts; pk_type = MBEDTLS_PK_RSASSA_PSS; break; case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384: md_alg = MBEDTLS_MD_SHA384; - pss_opts.expected_salt_len = MBEDTLS_RSA_SALT_LEN_ANY; - options = &pss_opts; pk_type = MBEDTLS_PK_RSASSA_PSS; break; case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512: md_alg = MBEDTLS_MD_SHA512; - pss_opts.expected_salt_len = MBEDTLS_RSA_SALT_LEN_ANY; - options = &pss_opts; pk_type = MBEDTLS_PK_RSASSA_PSS; break; #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ @@ -1173,8 +1165,8 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, verify_hash_len = mbedtls_md_get_size( md_info ); MBEDTLS_SSL_DEBUG_BUF( 3, "verify hash", verify_hash, verify_hash_len ); - if( ( ret = mbedtls_pk_sign_ext( pk_type, options, - own_key, md_alg, verify_hash, verify_hash_len, + if( ( ret = mbedtls_pk_sign_ext( pk_type, own_key, + md_alg, verify_hash, verify_hash_len, p + 2, (size_t)( end - ( p + 2 ) ), &signature_len, ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) {