Implement PK Opaque RSA PSS signature

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-12 15:11:49 +02:00 · 2022-04-12 15:11:49 +02:00 · 62d452baac
commit 62d452baac
parent 7624a5ae5e
2 changed files with 29 additions and 1 deletions
--- a/library/pk.c
+++ b/library/pk.c
@ -545,6 +545,33 @@ int mbedtls_pk_sign_ext( mbedtls_pk_type_t pk_type,
    if( ! mbedtls_pk_can_do( ctx, pk_type ) )
        return( MBEDTLS_ERR_PK_TYPE_MISMATCH );

+    if( pk_type == MBEDTLS_PK_RSASSA_PSS &&
+        mbedtls_pk_get_type( ctx ) == MBEDTLS_PK_OPAQUE )
+    {
+#if defined(MBEDTLS_RSA_C)
+        const mbedtls_svc_key_id_t *key = (const mbedtls_svc_key_id_t *) ctx->pk_ctx;
+        psa_status_t status;
+
+        /* PSA has its own RNG */
+        (void) f_rng;
+        (void) p_rng;
+
+        psa_md_alg = mbedtls_psa_translate_md( md_alg );
+        if( psa_md_alg == 0 )
+            return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+
+        status = psa_sign_hash( *key, PSA_ALG_RSA_PSS( psa_md_alg ),
+                                hash, hash_len,
+                                sig, sig_size, sig_len );
+        if( status != PSA_SUCCESS )
+            return( mbedtls_pk_error_from_psa_rsa( status ) );
+
+        return 0;
+#else
+        return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
+#endif /* MBEDTLS_RSA_C */
+    }
+
    if( pk_type != MBEDTLS_PK_RSASSA_PSS )
    {
        return( mbedtls_pk_sign( ctx, md_alg, hash, hash_len,
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@ -1501,7 +1501,8 @@ static int pk_opaque_ecdsa_can_do( mbedtls_pk_type_t type )

 static int pk_opaque_rsa_can_do( mbedtls_pk_type_t type )
 {
-    return( type == MBEDTLS_PK_RSA );
+    return( type == MBEDTLS_PK_RSA ||
+            type == MBEDTLS_PK_RSASSA_PSS );
 }

 static int pk_opaque_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,