mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-23 11:42:31 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

pk_wrap: add support for ECDSA verify for opaque keys

Browse Source 
This commit also add tests to verify the functionality

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This commit is contained in:
Valerio Setti 2023-06-21 16:58:40 +02:00
parent ed7d6af670
commit e77307738d
2 changed files with 41 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
library/pk_wrap.c
View File

@ -781,6 +781,36 @@ cleanup:
return ret; return ret;
} }
static int ecdsa_verify_wrap_opaque(mbedtls_pk_context *pk,
mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
const unsigned char *sig, size_t sig_len)
{
(void) md_alg;
unsigned char key[MBEDTLS_PK_MAX_EC_PUBKEY_RAW_LEN];
size_t key_len;
psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT;
psa_ecc_family_t curve;
size_t curve_bits;
psa_status_t status;
status = psa_get_key_attributes(pk->priv_id, &key_attr);
if (status != PSA_SUCCESS) {
return PSA_PK_ECDSA_TO_MBEDTLS_ERR(status);
}
curve = PSA_KEY_TYPE_ECC_GET_FAMILY(psa_get_key_type(&key_attr));
curve_bits = psa_get_key_bits(&key_attr);
psa_reset_key_attributes(&key_attr);
status = psa_export_public_key(pk->priv_id, key, sizeof(key), &key_len);
if (status != PSA_SUCCESS) {
return PSA_PK_ECDSA_TO_MBEDTLS_ERR(status);
}
return ecdsa_verify_psa(key, key_len, curve, curve_bits,
hash, hash_len, sig, sig_len);
}
#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) #if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
static int ecdsa_verify_wrap(mbedtls_pk_context *pk, static int ecdsa_verify_wrap(mbedtls_pk_context *pk,
mbedtls_md_type_t md_alg, mbedtls_md_type_t md_alg,
@ -1757,7 +1787,7 @@ const mbedtls_pk_info_t mbedtls_pk_ecdsa_opaque_info = {
"Opaque", "Opaque",
pk_opaque_get_bitlen, pk_opaque_get_bitlen,
pk_opaque_ecdsa_can_do, pk_opaque_ecdsa_can_do,
NULL, /* verify - will be done later */ ecdsa_verify_wrap_opaque,
ecdsa_sign_wrap_opaque, ecdsa_sign_wrap_opaque,
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
NULL, /* restartable verify - not relevant */ NULL, /* restartable verify - not relevant */

10
tests/suites/test_suite_pk.function
View File

@ -223,8 +223,6 @@ void pk_psa_utils(int key_is_rsa)
mbedtls_pk_init(&pk2); mbedtls_pk_init(&pk2);
USE_PSA_INIT(); USE_PSA_INIT();
TEST_ASSERT(psa_crypto_init() == PSA_SUCCESS);
TEST_ASSERT(mbedtls_pk_setup_opaque(&pk, MBEDTLS_SVC_KEY_ID_INIT) == TEST_ASSERT(mbedtls_pk_setup_opaque(&pk, MBEDTLS_SVC_KEY_ID_INIT) ==
MBEDTLS_ERR_PK_BAD_INPUT_DATA); MBEDTLS_ERR_PK_BAD_INPUT_DATA);
@ -261,10 +259,11 @@ void pk_psa_utils(int key_is_rsa)
} }
/* unsupported operations: verify, decrypt, encrypt */ /* unsupported operations: verify, decrypt, encrypt */
if (key_is_rsa == 1) {
TEST_ASSERT(mbedtls_pk_verify(&pk, md_alg, TEST_ASSERT(mbedtls_pk_verify(&pk, md_alg,
b1, sizeof(b1), b2, sizeof(b2)) b1, sizeof(b1), b2, sizeof(b2))
== MBEDTLS_ERR_PK_TYPE_MISMATCH); == MBEDTLS_ERR_PK_TYPE_MISMATCH);
if (key_is_rsa == 0) { } else {
TEST_ASSERT(mbedtls_pk_decrypt(&pk, b1, sizeof(b1), TEST_ASSERT(mbedtls_pk_decrypt(&pk, b1, sizeof(b1),
b2, &len, sizeof(b2), b2, &len, sizeof(b2),
NULL, NULL) NULL, NULL)
@ -1367,6 +1366,11 @@ void pk_psa_sign(int parameter_arg,
TEST_ASSERT(mbedtls_pk_sign(&pk, MBEDTLS_MD_SHA256, TEST_ASSERT(mbedtls_pk_sign(&pk, MBEDTLS_MD_SHA256,
hash, sizeof(hash), sig, sizeof(sig), &sig_len, hash, sizeof(hash), sig, sizeof(sig), &sig_len,
NULL, NULL) == 0); NULL, NULL) == 0);
/* Only opaque EC keys support verification. */
if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(psa_type_arg)) {
TEST_ASSERT(mbedtls_pk_verify(&pk, MBEDTLS_MD_SHA256,
hash, sizeof(hash), sig, sig_len) == 0);
}
/* Export underlying public key for re-importing in a psa context. */ /* Export underlying public key for re-importing in a psa context. */
#if defined(MBEDTLS_PK_WRITE_C) #if defined(MBEDTLS_PK_WRITE_C)