pk: implement non-PSA mbedtls_pk_sign_ext()
This makes the function always available with its
its implementation depending on MBEDTLS_USE_PSA_CRYPTO.
Related dependencies and tests are updated as well.
Fixes #7583.
Signed-off-by: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com>
diff --git a/library/pk.c b/library/pk.c
index 957f64e..344d29f 100644
--- a/library/pk.c
+++ b/library/pk.c
@@ -579,7 +579,7 @@
return PSA_PK_RSA_TO_MBEDTLS_ERR(status);
} else
-#endif
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
{
if (sig_len < mbedtls_pk_get_len(ctx)) {
return MBEDTLS_ERR_RSA_VERIFY_FAILED;
@@ -672,7 +672,6 @@
f_rng, p_rng, NULL);
}
-#if defined(MBEDTLS_PSA_CRYPTO_C)
/*
* Make a signature given a signature type.
*/
@@ -684,11 +683,6 @@
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng)
{
-#if defined(MBEDTLS_RSA_C)
- psa_algorithm_t psa_md_alg;
-#endif /* MBEDTLS_RSA_C */
- *sig_len = 0;
-
if (ctx->pk_info == NULL) {
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
}
@@ -702,8 +696,10 @@
sig, sig_size, sig_len, f_rng, p_rng);
}
-#if defined(MBEDTLS_RSA_C)
- psa_md_alg = mbedtls_md_psa_alg_from_type(md_alg);
+#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PKCS1_V21)
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ const psa_algorithm_t psa_md_alg = mbedtls_md_psa_alg_from_type(md_alg);
if (psa_md_alg == 0) {
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
}
@@ -720,12 +716,31 @@
return mbedtls_pk_psa_rsa_sign_ext(PSA_ALG_RSA_PSS(psa_md_alg),
ctx->pk_ctx, hash, hash_len,
sig, sig_size, sig_len);
-#else /* MBEDTLS_RSA_C */
- return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
-#endif /* !MBEDTLS_RSA_C */
+#else /* MBEDTLS_USE_PSA_CRYPTO */
+ if (sig_size < mbedtls_pk_get_len(ctx)) {
+ return MBEDTLS_ERR_PK_BUFFER_TOO_SMALL;
+ }
+
+ if (pk_hashlen_helper(md_alg, &hash_len) != 0) {
+ return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+ }
+
+ mbedtls_rsa_context *const rsa_ctx = mbedtls_pk_rsa(*ctx);
+
+ const int ret = mbedtls_rsa_rsassa_pss_sign(rsa_ctx, f_rng, p_rng, md_alg,
+ (unsigned int) hash_len, hash, sig);
+ if (ret == 0) {
+ *sig_len = rsa_ctx->len;
+ }
+ return ret;
+
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+#else
+ return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
+#endif /* MBEDTLS_RSA_C && MBEDTLS_PKCS1_V21 */
}
-#endif /* MBEDTLS_PSA_CRYPTO_C */
/*
* Decrypt message
diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index 0fb3c42..b1fbd86 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -281,7 +281,7 @@
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
-#if defined(MBEDTLS_PSA_CRYPTO_C)
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
int mbedtls_pk_psa_rsa_sign_ext(psa_algorithm_t alg,
mbedtls_rsa_context *rsa_ctx,
const unsigned char *hash, size_t hash_len,
@@ -344,7 +344,7 @@
}
return ret;
}
-#endif /* MBEDTLS_PSA_CRYPTO_C */
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_USE_PSA_CRYPTO)
static int rsa_sign_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg,
diff --git a/library/pk_wrap.h b/library/pk_wrap.h
index 28c815a..a6237bf 100644
--- a/library/pk_wrap.h
+++ b/library/pk_wrap.h
@@ -131,6 +131,14 @@
#endif
#endif
+#if defined(MBEDTLS_RSA_C)
+int mbedtls_pk_psa_rsa_sign_ext(psa_algorithm_t psa_alg_md,
+ mbedtls_rsa_context *rsa_ctx,
+ const unsigned char *hash, size_t hash_len,
+ unsigned char *sig, size_t sig_size,
+ size_t *sig_len);
+#endif /* MBEDTLS_RSA_C */
+
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_PSA_CRYPTO_C)
@@ -143,14 +151,6 @@
#endif /* PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY || PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC */
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
-#if defined(MBEDTLS_RSA_C)
-int mbedtls_pk_psa_rsa_sign_ext(psa_algorithm_t psa_alg_md,
- mbedtls_rsa_context *rsa_ctx,
- const unsigned char *hash, size_t hash_len,
- unsigned char *sig, size_t sig_size,
- size_t *sig_len);
-#endif /* MBEDTLS_RSA_C */
-
#endif /* MBEDTLS_PSA_CRYPTO_C */
#endif /* MBEDTLS_PK_WRAP_H */