From b484e37d917a5af8e1fe204750d138b66d33b93a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 27 Feb 2024 16:21:12 +0100 Subject: [PATCH] pk: fix alg selection in mbedtls_pk_sign_ext() for opaque keys This commit also fixes pk_psa_wrap_sign_ext() setting the RSA padding mode so that mbedtls_pk_get_psa_attributes() correctly guesses the PSA alg to be used. Signed-off-by: Valerio Setti --- library/pk.c | 25 ++++++++++++++++++++++++- tests/suites/test_suite_pk.function | 16 ++++------------ 2 files changed, 28 insertions(+), 13 deletions(-) diff --git a/library/pk.c b/library/pk.c index 7aee940902..8a5124f260 100644 --- a/library/pk.c +++ b/library/pk.c @@ -1188,9 +1188,32 @@ int mbedtls_pk_sign_ext(mbedtls_pk_type_t pk_type, } if (mbedtls_pk_get_type(ctx) == MBEDTLS_PK_OPAQUE) { + psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; + psa_algorithm_t psa_alg, psa_enrollment_alg, sign_alg; psa_status_t status; - status = psa_sign_hash(ctx->priv_id, PSA_ALG_RSA_PSS(psa_md_alg), + status = psa_get_key_attributes(ctx->priv_id, &key_attr); + if (status != PSA_SUCCESS) { + return PSA_PK_RSA_TO_MBEDTLS_ERR(status); + } + psa_alg = psa_get_key_algorithm(&key_attr); + psa_enrollment_alg = psa_get_key_enrollment_algorithm(&key_attr); + psa_reset_key_attributes(&key_attr); + + /* Since we're PK type is MBEDTLS_PK_RSASSA_PSS at least one between + * alg and enrollment alg should be of type RSA_PSS. */ + if (PSA_ALG_IS_RSA_PSS(psa_alg)) { + sign_alg = psa_alg; + } else if (PSA_ALG_IS_RSA_PSS(psa_enrollment_alg)) { + sign_alg = psa_enrollment_alg; + } else { + /* The opaque key has no RSA PSS algorithm associated. */ + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + } + /* Adjust the hashing algorithm. */ + sign_alg = (sign_alg & ~PSA_ALG_HASH_MASK) | PSA_ALG_GET_HASH(psa_md_alg); + + status = psa_sign_hash(ctx->priv_id, sign_alg, hash, hash_len, sig, sig_size, sig_len); return PSA_PK_RSA_TO_MBEDTLS_ERR(status); diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index e1a0011b78..3d75ad0e1c 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -1833,7 +1833,6 @@ void pk_psa_wrap_sign_ext(int pk_type, int key_bits, int key_pk_type, int md_alg unsigned char *pkey_start; unsigned char hash[PSA_HASH_MAX_SIZE]; psa_algorithm_t psa_md_alg = mbedtls_md_psa_alg_from_type(md_alg); - psa_algorithm_t psa_alg; size_t hash_len = PSA_HASH_LENGTH(psa_md_alg); void const *options = NULL; mbedtls_pk_rsassa_pss_options rsassa_pss_options; @@ -1850,6 +1849,10 @@ void pk_psa_wrap_sign_ext(int pk_type, int key_bits, int key_pk_type, int md_alg mbedtls_test_rnd_std_rand, NULL, key_bits, 3), 0); + if (key_pk_type == MBEDTLS_PK_RSASSA_PSS) { + mbedtls_rsa_set_padding(mbedtls_pk_rsa(pk), MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_NONE); + } + /* Export underlying public key for re-importing in a legacy context. */ ret = mbedtls_pk_write_pubkey_der(&pk, pkey, sizeof(pkey)); TEST_ASSERT(ret >= 0); @@ -1858,19 +1861,8 @@ void pk_psa_wrap_sign_ext(int pk_type, int key_bits, int key_pk_type, int md_alg /* mbedtls_pk_write_pubkey_der() writes backwards in the data buffer. */ pkey_start = pkey + sizeof(pkey) - pkey_len; - if (key_pk_type == MBEDTLS_PK_RSA) { - psa_alg = PSA_ALG_RSA_PKCS1V15_SIGN(psa_md_alg); - } else if (key_pk_type == MBEDTLS_PK_RSASSA_PSS) { - psa_alg = PSA_ALG_RSA_PSS(psa_md_alg); - } else { - TEST_ASSUME(!"PK key type not supported in this configuration"); - } - /* Turn PK context into an opaque one. */ TEST_EQUAL(mbedtls_pk_get_psa_attributes(&pk, PSA_KEY_USAGE_SIGN_HASH, &key_attr), 0); - /* Tweak the algorithm associated with the PSA key because get_psa_attributes() returns - * a PSA_ALG_RSA_PSS_ANY_SALT(), but mbedtls_pk_sign_ext() requires a PSA_ALG_RSA_PSS().*/ - psa_set_key_algorithm(&key_attr, psa_alg); TEST_EQUAL(mbedtls_pk_import_into_psa(&pk, &key_attr, &key_id), 0); mbedtls_pk_free(&pk); mbedtls_pk_init(&pk);