2020-07-16 20:26:18 +02:00
|
|
|
/*
|
|
|
|
|
* Test driver for signature functions
|
|
|
|
|
*/
|
|
|
|
|
/* Copyright (C) 2020, ARM Limited, All Rights Reserved
|
|
|
|
|
* SPDX-License-Identifier: Apache-2.0
|
|
|
|
|
*
|
|
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
|
|
|
* not use this file except in compliance with the License.
|
|
|
|
|
* You may obtain a copy of the License at
|
|
|
|
|
*
|
|
|
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
*
|
|
|
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
|
|
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
|
|
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
|
* See the License for the specific language governing permissions and
|
|
|
|
|
* limitations under the License.
|
|
|
|
|
*
|
|
|
|
|
* This file is part of mbed TLS (https://tls.mbed.org)
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#if !defined(MBEDTLS_CONFIG_FILE)
|
|
|
|
|
#include "mbedtls/config.h"
|
|
|
|
|
#else
|
|
|
|
|
#include MBEDTLS_CONFIG_FILE
|
|
|
|
|
#endif
|
|
|
|
|
|
2020-07-24 18:41:58 +02:00
|
|
|
#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST)
|
2020-07-16 20:26:18 +02:00
|
|
|
#include "psa/crypto.h"
|
|
|
|
|
#include "mbedtls/ecp.h"
|
|
|
|
|
|
|
|
|
|
#include "drivers/signature.h"
|
|
|
|
|
|
|
|
|
|
#include "mbedtls/md.h"
|
|
|
|
|
#include "mbedtls/ecdsa.h"
|
|
|
|
|
|
2020-07-17 19:46:15 +02:00
|
|
|
#include "test/random.h"
|
|
|
|
|
|
2020-07-16 20:26:18 +02:00
|
|
|
#include <string.h>
|
|
|
|
|
|
|
|
|
|
/* If non-null, on success, copy this to the output. */
|
|
|
|
|
void *test_driver_forced_output = NULL;
|
|
|
|
|
size_t test_driver_forced_output_length = 0;
|
|
|
|
|
|
|
|
|
|
psa_status_t test_transparent_signature_sign_hash_status = PSA_ERROR_NOT_SUPPORTED;
|
|
|
|
|
unsigned long test_transparent_signature_sign_hash_hit = 0;
|
|
|
|
|
|
2020-07-17 19:46:15 +02:00
|
|
|
psa_status_t test_transparent_signature_verify_hash_status = PSA_ERROR_NOT_SUPPORTED;
|
|
|
|
|
unsigned long test_transparent_signature_verify_hash_hit = 0;
|
|
|
|
|
|
2020-07-16 20:26:18 +02:00
|
|
|
psa_status_t test_transparent_signature_sign_hash(
|
|
|
|
|
const psa_key_attributes_t *attributes,
|
|
|
|
|
const uint8_t *key, size_t key_length,
|
|
|
|
|
psa_algorithm_t alg,
|
|
|
|
|
const uint8_t *hash, size_t hash_length,
|
|
|
|
|
uint8_t *signature, size_t signature_size, size_t *signature_length )
|
|
|
|
|
{
|
|
|
|
|
++test_transparent_signature_sign_hash_hit;
|
|
|
|
|
|
|
|
|
|
if( test_transparent_signature_sign_hash_status != PSA_SUCCESS )
|
|
|
|
|
return( test_transparent_signature_sign_hash_status );
|
|
|
|
|
|
|
|
|
|
if( test_driver_forced_output != NULL )
|
|
|
|
|
{
|
|
|
|
|
if( test_driver_forced_output_length > signature_size )
|
|
|
|
|
return( PSA_ERROR_BUFFER_TOO_SMALL );
|
|
|
|
|
memcpy( signature, test_driver_forced_output,
|
|
|
|
|
test_driver_forced_output_length );
|
|
|
|
|
*signature_length = test_driver_forced_output_length;
|
|
|
|
|
return( PSA_SUCCESS );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
psa_status_t status = PSA_ERROR_NOT_SUPPORTED;
|
|
|
|
|
|
|
|
|
|
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \
|
|
|
|
|
defined(MBEDTLS_SHA256_C)
|
|
|
|
|
if( alg != PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ) )
|
|
|
|
|
return( PSA_ERROR_NOT_SUPPORTED );
|
|
|
|
|
mbedtls_ecp_group_id grp_id;
|
|
|
|
|
switch( psa_get_key_type( attributes ) )
|
|
|
|
|
{
|
|
|
|
|
case PSA_ECC_CURVE_SECP_R1:
|
|
|
|
|
switch( psa_get_key_bits( attributes ) )
|
|
|
|
|
{
|
|
|
|
|
case 256:
|
|
|
|
|
grp_id = MBEDTLS_ECP_DP_SECP256R1;
|
|
|
|
|
break;
|
|
|
|
|
case 384:
|
|
|
|
|
grp_id = MBEDTLS_ECP_DP_SECP384R1;
|
|
|
|
|
break;
|
|
|
|
|
case 521:
|
|
|
|
|
grp_id = MBEDTLS_ECP_DP_SECP521R1;
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
return( PSA_ERROR_NOT_SUPPORTED );
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
return( PSA_ERROR_NOT_SUPPORTED );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Beyond this point, the driver is actually doing the work of
|
|
|
|
|
* calculating the signature. */
|
|
|
|
|
|
|
|
|
|
status = PSA_ERROR_GENERIC_ERROR;
|
|
|
|
|
int ret = 0;
|
|
|
|
|
mbedtls_mpi r, s;
|
|
|
|
|
mbedtls_mpi_init( &r );
|
|
|
|
|
mbedtls_mpi_init( &s );
|
|
|
|
|
mbedtls_ecp_keypair ecp;
|
|
|
|
|
mbedtls_ecp_keypair_init( &ecp );
|
|
|
|
|
size_t curve_bytes = PSA_BITS_TO_BYTES( ecp.grp.pbits );
|
|
|
|
|
|
|
|
|
|
MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &ecp.grp, grp_id ) );
|
|
|
|
|
MBEDTLS_MPI_CHK( mbedtls_ecp_point_read_binary( &ecp.grp, &ecp.Q,
|
|
|
|
|
key, key_length ) );
|
|
|
|
|
|
|
|
|
|
/* Code adapted from psa_ecdsa_sign() in psa_crypto.c. */
|
|
|
|
|
mbedtls_md_type_t md_alg = MBEDTLS_MD_SHA256;
|
|
|
|
|
if( signature_size < 2 * curve_bytes )
|
|
|
|
|
{
|
|
|
|
|
status = PSA_ERROR_BUFFER_TOO_SMALL;
|
|
|
|
|
goto cleanup;
|
|
|
|
|
}
|
|
|
|
|
MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign_det( &ecp.grp, &r, &s, &ecp.d,
|
|
|
|
|
hash, hash_length, md_alg ) );
|
|
|
|
|
MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &r,
|
|
|
|
|
signature,
|
|
|
|
|
curve_bytes ) );
|
|
|
|
|
MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &s,
|
|
|
|
|
signature + curve_bytes,
|
|
|
|
|
curve_bytes ) );
|
|
|
|
|
cleanup:
|
|
|
|
|
/* There's no easy way to translate the error code except through a
|
|
|
|
|
* library function that's not exported. Use a debugger. */
|
|
|
|
|
if( ret == 0 )
|
|
|
|
|
status = PSA_SUCCESS;
|
|
|
|
|
mbedtls_mpi_free( &r );
|
|
|
|
|
mbedtls_mpi_free( &s );
|
|
|
|
|
mbedtls_ecp_keypair_free( &ecp );
|
|
|
|
|
if( status == PSA_SUCCESS )
|
|
|
|
|
*signature_length = 2 * curve_bytes;
|
|
|
|
|
#else /* defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \
|
|
|
|
|
defined(MBEDTLS_SHA256_C) */
|
|
|
|
|
(void) attributes;
|
|
|
|
|
(void) key;
|
|
|
|
|
(void) key_length;
|
|
|
|
|
(void) alg;
|
|
|
|
|
(void) hash;
|
|
|
|
|
(void) hash_length;
|
|
|
|
|
#endif /* defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \
|
|
|
|
|
defined(MBEDTLS_SHA256_C) */
|
|
|
|
|
|
|
|
|
|
return( status );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
psa_status_t test_opaque_signature_sign_hash(
|
|
|
|
|
const psa_key_attributes_t *attributes,
|
|
|
|
|
const uint8_t *key, size_t key_length,
|
|
|
|
|
psa_algorithm_t alg,
|
|
|
|
|
const uint8_t *hash, size_t hash_length,
|
|
|
|
|
uint8_t *signature, size_t signature_size, size_t *signature_length )
|
|
|
|
|
{
|
|
|
|
|
(void) attributes;
|
|
|
|
|
(void) key;
|
|
|
|
|
(void) key_length;
|
|
|
|
|
(void) alg;
|
|
|
|
|
(void) hash;
|
|
|
|
|
(void) hash_length;
|
|
|
|
|
(void) signature;
|
|
|
|
|
(void) signature_size;
|
|
|
|
|
(void) signature_length;
|
|
|
|
|
return( PSA_ERROR_NOT_SUPPORTED );
|
|
|
|
|
}
|
|
|
|
|
|
2020-07-17 19:46:15 +02:00
|
|
|
psa_status_t test_transparent_signature_verify_hash(
|
|
|
|
|
const psa_key_attributes_t *attributes,
|
|
|
|
|
const uint8_t *key, size_t key_length,
|
|
|
|
|
psa_algorithm_t alg,
|
|
|
|
|
const uint8_t *hash, size_t hash_length,
|
|
|
|
|
const uint8_t *signature, size_t signature_length )
|
|
|
|
|
{
|
|
|
|
|
++test_transparent_signature_verify_hash_hit;
|
|
|
|
|
|
|
|
|
|
if( test_transparent_signature_verify_hash_status != PSA_SUCCESS )
|
|
|
|
|
return( test_transparent_signature_verify_hash_status );
|
|
|
|
|
|
|
|
|
|
psa_status_t status = PSA_ERROR_NOT_SUPPORTED;
|
|
|
|
|
|
|
|
|
|
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \
|
|
|
|
|
defined(MBEDTLS_SHA256_C)
|
|
|
|
|
if( alg != PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ) )
|
|
|
|
|
return( PSA_ERROR_NOT_SUPPORTED );
|
|
|
|
|
mbedtls_ecp_group_id grp_id;
|
|
|
|
|
switch( psa_get_key_type( attributes ) )
|
|
|
|
|
{
|
|
|
|
|
case PSA_ECC_CURVE_SECP_R1:
|
|
|
|
|
switch( psa_get_key_bits( attributes ) )
|
|
|
|
|
{
|
|
|
|
|
case 256:
|
|
|
|
|
grp_id = MBEDTLS_ECP_DP_SECP256R1;
|
|
|
|
|
break;
|
|
|
|
|
case 384:
|
|
|
|
|
grp_id = MBEDTLS_ECP_DP_SECP384R1;
|
|
|
|
|
break;
|
|
|
|
|
case 521:
|
|
|
|
|
grp_id = MBEDTLS_ECP_DP_SECP521R1;
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
return( PSA_ERROR_NOT_SUPPORTED );
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
return( PSA_ERROR_NOT_SUPPORTED );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Beyond this point, the driver is actually doing the work of
|
|
|
|
|
* calculating the signature. */
|
|
|
|
|
|
|
|
|
|
status = PSA_ERROR_GENERIC_ERROR;
|
|
|
|
|
int ret = 0;
|
|
|
|
|
mbedtls_mpi r, s;
|
|
|
|
|
mbedtls_mpi_init( &r );
|
|
|
|
|
mbedtls_mpi_init( &s );
|
|
|
|
|
mbedtls_ecp_keypair ecp;
|
|
|
|
|
mbedtls_ecp_keypair_init( &ecp );
|
|
|
|
|
mbedtls_test_rnd_pseudo_info rnd_info;
|
|
|
|
|
memset( &rnd_info, 0x5A, sizeof( mbedtls_test_rnd_pseudo_info ) );
|
|
|
|
|
size_t curve_bytes = PSA_BITS_TO_BYTES( ecp.grp.pbits );
|
|
|
|
|
|
|
|
|
|
MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &ecp.grp, grp_id ) );
|
|
|
|
|
|
|
|
|
|
/* Code adapted from psa_ecdsa_verify() in psa_crypto.c. */
|
|
|
|
|
if( signature_length < 2 * curve_bytes )
|
|
|
|
|
{
|
|
|
|
|
status = PSA_ERROR_BUFFER_TOO_SMALL;
|
|
|
|
|
goto cleanup;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &r,
|
|
|
|
|
signature,
|
|
|
|
|
curve_bytes ) );
|
|
|
|
|
MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &s,
|
|
|
|
|
signature + curve_bytes,
|
|
|
|
|
curve_bytes ) );
|
|
|
|
|
|
|
|
|
|
if( PSA_KEY_TYPE_IS_PUBLIC_KEY( psa_get_key_type( attributes ) ) )
|
|
|
|
|
MBEDTLS_MPI_CHK( mbedtls_ecp_point_read_binary( &ecp.grp, &ecp.Q,
|
|
|
|
|
key, key_length ) );
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ecp.d, key, key_length ) );
|
|
|
|
|
MBEDTLS_MPI_CHK(
|
|
|
|
|
mbedtls_ecp_mul( &ecp.grp, &ecp.Q, &ecp.d, &ecp.grp.G,
|
|
|
|
|
&mbedtls_test_rnd_pseudo_rand,
|
|
|
|
|
&rnd_info ) );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
MBEDTLS_MPI_CHK( mbedtls_ecdsa_verify( &ecp.grp, hash, hash_length,
|
|
|
|
|
&ecp.Q, &r, &s ) );
|
|
|
|
|
cleanup:
|
|
|
|
|
/* There's no easy way to translate the error code except through a
|
|
|
|
|
* library function that's not exported. Use a debugger. */
|
|
|
|
|
if( ret == 0 )
|
|
|
|
|
status = PSA_SUCCESS;
|
|
|
|
|
mbedtls_mpi_free( &r );
|
|
|
|
|
mbedtls_mpi_free( &s );
|
|
|
|
|
mbedtls_ecp_keypair_free( &ecp );
|
|
|
|
|
#else /* defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \
|
|
|
|
|
defined(MBEDTLS_SHA256_C) */
|
|
|
|
|
(void) attributes;
|
|
|
|
|
(void) key;
|
|
|
|
|
(void) key_length;
|
|
|
|
|
(void) alg;
|
|
|
|
|
(void) hash;
|
|
|
|
|
(void) hash_length;
|
|
|
|
|
#endif /* defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \
|
|
|
|
|
defined(MBEDTLS_SHA256_C) */
|
|
|
|
|
|
|
|
|
|
return( status );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
psa_status_t test_opaque_signature_verify_hash(
|
|
|
|
|
const psa_key_attributes_t *attributes,
|
|
|
|
|
const uint8_t *key, size_t key_length,
|
|
|
|
|
psa_algorithm_t alg,
|
|
|
|
|
const uint8_t *hash, size_t hash_length,
|
|
|
|
|
const uint8_t *signature, size_t signature_length )
|
|
|
|
|
{
|
|
|
|
|
(void) attributes;
|
|
|
|
|
(void) key;
|
|
|
|
|
(void) key_length;
|
|
|
|
|
(void) alg;
|
|
|
|
|
(void) hash;
|
|
|
|
|
(void) hash_length;
|
|
|
|
|
(void) signature;
|
|
|
|
|
(void) signature_length;
|
|
|
|
|
return( PSA_ERROR_NOT_SUPPORTED );
|
|
|
|
|
}
|
|
|
|
|
|
2020-07-24 18:41:58 +02:00
|
|
|
#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */
|
