TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / c1905a1c3debef865c6ecc19be121e4f205a13cb / . / library / psa_crypto_rsa.c
blob: f2e9a1c052738aca90d468aef0b6390f900fe645 [file] [log] [blame]
Ronald Cron00b7bfc2020-11-25 15:25:26 +0100[diff] [blame]1/*
2 * PSA RSA layer on top of Mbed TLS crypto
3 */
4/*
5 * Copyright The Mbed TLS Contributors
6 * SPDX-License-Identifier: Apache-2.0
7 *
8 * Licensed under the Apache License, Version 2.0 (the "License"); you may
9 * not use this file except in compliance with the License.
10 * You may obtain a copy of the License at
11 *
12 * http://www.apache.org/licenses/LICENSE-2.0
13 *
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
16 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * See the License for the specific language governing permissions and
18 * limitations under the License.
19 */
20
21#include "common.h"
22
23#if defined(MBEDTLS_PSA_CRYPTO_C)
24
25#include <psa/crypto.h>
26#include "psa_crypto_core.h"
Ronald Cron9e18fc12020-11-05 17:36:40 +0100[diff] [blame]27#include "psa_crypto_random_impl.h"
Ronald Cron00b7bfc2020-11-25 15:25:26 +0100[diff] [blame]28#include "psa_crypto_rsa.h"
Steven Cooreman5f88e772021-03-15 11:07:12 +0100[diff] [blame]29#include "psa_crypto_hash.h"
Ronald Cron00b7bfc2020-11-25 15:25:26 +0100[diff] [blame]30
31#include <stdlib.h>
32#include <string.h>
33#include "mbedtls/platform.h"
34#if !defined(MBEDTLS_PLATFORM_C)
35#define mbedtls_calloc calloc
36#define mbedtls_free free
37#endif
38
39#include <mbedtls/rsa.h>
40#include <mbedtls/error.h>
41#include <mbedtls/pk.h>
Dave Rodgman3b5e6f02021-04-06 17:58:16 +0100[diff] [blame]42#include "pk_wrap.h"
Ronald Cron00b7bfc2020-11-25 15:25:26 +0100[diff] [blame]43
Ronald Cronf1057d32020-11-26 19:19:10 +0100[diff] [blame]44#if ( defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \
45 ( defined(PSA_CRYPTO_DRIVER_TEST) && \
46 defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) ) )
47#define BUILTIN_KEY_TYPE_RSA_KEY_PAIR 1
48#endif
49
50#if ( defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) || \
51 ( defined(PSA_CRYPTO_DRIVER_TEST) && \
52 defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY) ) )
53#define BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY 1
54#endif
55
Ronald Crond2fb8542020-12-09 15:18:01 +0100[diff] [blame]56#if ( defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
57 ( defined(PSA_CRYPTO_DRIVER_TEST) && \
58 defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) && \
59 defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PKCS1_V15) ) )
60#define BUILTIN_ALG_RSA_PKCS1V15_SIGN 1
61#endif
62
63#if ( defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) || \
64 ( defined(PSA_CRYPTO_DRIVER_TEST) && \
65 defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) && \
66 defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PKCS1_V21) ) )
67#define BUILTIN_ALG_RSA_PSS 1
68#endif
69
Ronald Cron00b7bfc2020-11-25 15:25:26 +0100[diff] [blame]70#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \
Ronald Cron00b7bfc2020-11-25 15:25:26 +0100[diff] [blame]71 defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || \
Ronald Crond2fb8542020-12-09 15:18:01 +0100[diff] [blame]72 defined(BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
73 defined(BUILTIN_ALG_RSA_PSS) || \
Ronald Cronf1057d32020-11-26 19:19:10 +0100[diff] [blame]74 defined(BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \
75 defined(BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
Ronald Cron00b7bfc2020-11-25 15:25:26 +0100[diff] [blame]76
77/* Mbed TLS doesn't support non-byte-aligned key sizes (i.e. key sizes
78 * that are not a multiple of 8) well. For example, there is only
79 * mbedtls_rsa_get_len(), which returns a number of bytes, and no
80 * way to return the exact bit size of a key.
81 * To keep things simple, reject non-byte-aligned key sizes. */
82static psa_status_t psa_check_rsa_key_byte_aligned(
83 const mbedtls_rsa_context *rsa )
84{
85 mbedtls_mpi n;
86 psa_status_t status;
87 mbedtls_mpi_init( &n );
88 status = mbedtls_to_psa_error(
89 mbedtls_rsa_export( rsa, &n, NULL, NULL, NULL, NULL ) );
90 if( status == PSA_SUCCESS )
91 {
92 if( mbedtls_mpi_bitlen( &n ) % 8 != 0 )
93 status = PSA_ERROR_NOT_SUPPORTED;
94 }
95 mbedtls_mpi_free( &n );
96 return( status );
97}
98
99psa_status_t mbedtls_psa_rsa_load_representation(
100 psa_key_type_t type, const uint8_t *data, size_t data_length,
101 mbedtls_rsa_context **p_rsa )
102{
103 psa_status_t status;
104 mbedtls_pk_context ctx;
105 size_t bits;
106 mbedtls_pk_init( &ctx );
107
108 /* Parse the data. */
109 if( PSA_KEY_TYPE_IS_KEY_PAIR( type ) )
110 status = mbedtls_to_psa_error(
111 mbedtls_pk_parse_key( &ctx, data, data_length, NULL, 0 ) );
112 else
113 status = mbedtls_to_psa_error(
114 mbedtls_pk_parse_public_key( &ctx, data, data_length ) );
115 if( status != PSA_SUCCESS )
116 goto exit;
117
118 /* We have something that the pkparse module recognizes. If it is a
119 * valid RSA key, store it. */
120 if( mbedtls_pk_get_type( &ctx ) != MBEDTLS_PK_RSA )
121 {
122 status = PSA_ERROR_INVALID_ARGUMENT;
123 goto exit;
124 }
125
126 /* The size of an RSA key doesn't have to be a multiple of 8. Mbed TLS
127 * supports non-byte-aligned key sizes, but not well. For example,
128 * mbedtls_rsa_get_len() returns the key size in bytes, not in bits. */
129 bits = PSA_BYTES_TO_BITS( mbedtls_rsa_get_len( mbedtls_pk_rsa( ctx ) ) );
130 if( bits > PSA_VENDOR_RSA_MAX_KEY_BITS )
131 {
132 status = PSA_ERROR_NOT_SUPPORTED;
133 goto exit;
134 }
135 status = psa_check_rsa_key_byte_aligned( mbedtls_pk_rsa( ctx ) );
136 if( status != PSA_SUCCESS )
137 goto exit;
138
139 /* Copy out the pointer to the RSA context, and reset the PK context
140 * such that pk_free doesn't free the RSA context we just grabbed. */
141 *p_rsa = mbedtls_pk_rsa( ctx );
142 ctx.pk_info = NULL;
143
144exit:
145 mbedtls_pk_free( &ctx );
146 return( status );
147}
Ronald Cron00b7bfc2020-11-25 15:25:26 +0100[diff] [blame]148#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) ||
Ronald Cron00b7bfc2020-11-25 15:25:26 +0100[diff] [blame]149 * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) ||
Ronald Crond2fb8542020-12-09 15:18:01 +0100[diff] [blame]150 * defined(BUILTIN_ALG_RSA_PKCS1V15_SIGN) ||
151 * defined(BUILTIN_ALG_RSA_PSS) ||
Ronald Cronf1057d32020-11-26 19:19:10 +0100[diff] [blame]152 * defined(BUILTIN_KEY_TYPE_RSA_KEY_PAIR) ||
153 * defined(BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */
Ronald Cron00b7bfc2020-11-25 15:25:26 +0100[diff] [blame]154
Ronald Cronf1057d32020-11-26 19:19:10 +0100[diff] [blame]155#if defined(BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \
156 defined(BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
Ronald Cronabf2aef2020-11-27 18:13:44 +0100[diff] [blame]157
Ronald Cron784fb322020-11-30 13:55:05 +0100[diff] [blame]158static psa_status_t rsa_import_key(
Ronald Cronabf2aef2020-11-27 18:13:44 +0100[diff] [blame]159 const psa_key_attributes_t *attributes,
160 const uint8_t *data, size_t data_length,
161 uint8_t *key_buffer, size_t key_buffer_size,
162 size_t *key_buffer_length, size_t *bits )
163{
164 psa_status_t status;
165 mbedtls_rsa_context *rsa = NULL;
166
167 /* Parse input */
168 status = mbedtls_psa_rsa_load_representation( attributes->core.type,
169 data,
170 data_length,
171 &rsa );
172 if( status != PSA_SUCCESS )
173 goto exit;
174
175 *bits = (psa_key_bits_t) PSA_BYTES_TO_BITS( mbedtls_rsa_get_len( rsa ) );
176
177 /* Re-export the data to PSA export format, such that we can store export
178 * representation in the key slot. Export representation in case of RSA is
179 * the smallest representation that's allowed as input, so a straight-up
180 * allocation of the same size as the input buffer will be large enough. */
181 status = mbedtls_psa_rsa_export_key( attributes->core.type,
182 rsa,
183 key_buffer,
184 key_buffer_size,
185 key_buffer_length );
186exit:
187 /* Always free the RSA object */
188 mbedtls_rsa_free( rsa );
189 mbedtls_free( rsa );
190
191 return( status );
192}
193
Ronald Crone5ca3d82020-11-26 16:36:16 +0100[diff] [blame]194psa_status_t mbedtls_psa_rsa_export_key( psa_key_type_t type,
195 mbedtls_rsa_context *rsa,
196 uint8_t *data,
197 size_t data_size,
198 size_t *data_length )
199{
200#if defined(MBEDTLS_PK_WRITE_C)
201 int ret;
202 mbedtls_pk_context pk;
203 uint8_t *pos = data + data_size;
204
205 mbedtls_pk_init( &pk );
206 pk.pk_info = &mbedtls_rsa_info;
207 pk.pk_ctx = rsa;
208
209 /* PSA Crypto API defines the format of an RSA key as a DER-encoded
210 * representation of the non-encrypted PKCS#1 RSAPrivateKey for a
211 * private key and of the RFC3279 RSAPublicKey for a public key. */
212 if( PSA_KEY_TYPE_IS_KEY_PAIR( type ) )
213 ret = mbedtls_pk_write_key_der( &pk, data, data_size );
214 else
215 ret = mbedtls_pk_write_pubkey( &pos, data, &pk );
216
217 if( ret < 0 )
218 {
219 /* Clean up in case pk_write failed halfway through. */
220 memset( data, 0, data_size );
221 return( mbedtls_to_psa_error( ret ) );
222 }
223
224 /* The mbedtls_pk_xxx functions write to the end of the buffer.
225 * Move the data to the beginning and erase remaining data
226 * at the original location. */
227 if( 2 * (size_t) ret <= data_size )
228 {
229 memcpy( data, data + data_size - ret, ret );
230 memset( data + data_size - ret, 0, ret );
231 }
232 else if( (size_t) ret < data_size )
233 {
234 memmove( data, data + data_size - ret, ret );
235 memset( data + ret, 0, data_size - ret );
236 }
237
238 *data_length = ret;
239 return( PSA_SUCCESS );
240#else
241 (void) type;
242 (void) rsa;
243 (void) data;
244 (void) data_size;
245 (void) data_length;
246 return( PSA_ERROR_NOT_SUPPORTED );
247#endif /* MBEDTLS_PK_WRITE_C */
248}
249
Ronald Cronf1057d32020-11-26 19:19:10 +0100[diff] [blame]250static psa_status_t rsa_export_public_key(
Ronald Crone5ca3d82020-11-26 16:36:16 +0100[diff] [blame]251 const psa_key_attributes_t *attributes,
252 const uint8_t *key_buffer, size_t key_buffer_size,
253 uint8_t *data, size_t data_size, size_t *data_length )
254{
255 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
256 mbedtls_rsa_context *rsa = NULL;
257
258 status = mbedtls_psa_rsa_load_representation(
259 attributes->core.type, key_buffer, key_buffer_size, &rsa );
260 if( status != PSA_SUCCESS )
261 return( status );
262
263 status = mbedtls_psa_rsa_export_key( PSA_KEY_TYPE_RSA_PUBLIC_KEY,
264 rsa,
265 data,
266 data_size,
267 data_length );
268
269 mbedtls_rsa_free( rsa );
270 mbedtls_free( rsa );
271
272 return( status );
273}
Ronald Cronf1057d32020-11-26 19:19:10 +0100[diff] [blame]274#endif /* defined(BUILTIN_KEY_TYPE_RSA_KEY_PAIR) ||
275 * defined(BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */
276
Jaeden Amero424fa932021-05-14 08:34:32 +0100[diff] [blame]277#if defined(BUILTIN_KEY_TYPE_RSA_KEY_PAIR) && \
278 defined(MBEDTLS_GENPRIME)
Ronald Cron2365fde2021-02-08 09:52:24 +0100[diff] [blame]279static psa_status_t psa_rsa_read_exponent( const uint8_t *domain_parameters,
Ronald Cron9e18fc12020-11-05 17:36:40 +0100[diff] [blame]280 size_t domain_parameters_size,
281 int *exponent )
282{
283 size_t i;
284 uint32_t acc = 0;
285
286 if( domain_parameters_size == 0 )
287 {
288 *exponent = 65537;
289 return( PSA_SUCCESS );
290 }
291
292 /* Mbed TLS encodes the public exponent as an int. For simplicity, only
293 * support values that fit in a 32-bit integer, which is larger than
294 * int on just about every platform anyway. */
295 if( domain_parameters_size > sizeof( acc ) )
296 return( PSA_ERROR_NOT_SUPPORTED );
297 for( i = 0; i < domain_parameters_size; i++ )
298 acc = ( acc << 8 ) | domain_parameters[i];
299 if( acc > INT_MAX )
300 return( PSA_ERROR_NOT_SUPPORTED );
301 *exponent = acc;
302 return( PSA_SUCCESS );
303}
304
Ronald Cron3a9c46b2020-11-06 09:38:35 +0100[diff] [blame]305static psa_status_t rsa_generate_key(
Ronald Cron9e18fc12020-11-05 17:36:40 +0100[diff] [blame]306 const psa_key_attributes_t *attributes,
307 uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
308{
309 psa_status_t status;
310 mbedtls_rsa_context rsa;
311 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
312 int exponent;
313
Ronald Cron2365fde2021-02-08 09:52:24 +0100[diff] [blame]314 status = psa_rsa_read_exponent( attributes->domain_parameters,
Ronald Cron9e18fc12020-11-05 17:36:40 +0100[diff] [blame]315 attributes->domain_parameters_size,
316 &exponent );
317 if( status != PSA_SUCCESS )
318 return( status );
319
Ronald Cronc1905a12021-06-05 11:11:14 +0200[diff] [blame^]320 mbedtls_rsa_init( &rsa );
Ronald Cron9e18fc12020-11-05 17:36:40 +0100[diff] [blame]321 ret = mbedtls_rsa_gen_key( &rsa,
322 mbedtls_psa_get_random,
323 MBEDTLS_PSA_RANDOM_STATE,
324 (unsigned int)attributes->core.bits,
325 exponent );
326 if( ret != 0 )
327 return( mbedtls_to_psa_error( ret ) );
328
329 status = mbedtls_psa_rsa_export_key( attributes->core.type,
330 &rsa, key_buffer, key_buffer_size,
331 key_buffer_length );
332 mbedtls_rsa_free( &rsa );
333
334 return( status );
335}
Jaeden Amero424fa932021-05-14 08:34:32 +0100[diff] [blame]336#endif /* defined(BUILTIN_KEY_TYPE_RSA_KEY_PAIR)
337 * defined(MBEDTLS_GENPRIME) */
Ronald Cron9e18fc12020-11-05 17:36:40 +0100[diff] [blame]338
Ronald Cron7bdbca32020-12-09 13:34:54 +0100[diff] [blame]339/****************************************************************/
340/* Sign/verify hashes */
341/****************************************************************/
342
Ronald Crond2fb8542020-12-09 15:18:01 +0100[diff] [blame]343#if defined(BUILTIN_ALG_RSA_PKCS1V15_SIGN) || defined(BUILTIN_ALG_RSA_PSS)
Ronald Cron7bdbca32020-12-09 13:34:54 +0100[diff] [blame]344
345/* Decode the hash algorithm from alg and store the mbedtls encoding in
346 * md_alg. Verify that the hash length is acceptable. */
347static psa_status_t psa_rsa_decode_md_type( psa_algorithm_t alg,
348 size_t hash_length,
349 mbedtls_md_type_t *md_alg )
350{
351 psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg );
352 const mbedtls_md_info_t *md_info = mbedtls_md_info_from_psa( hash_alg );
353 *md_alg = mbedtls_md_get_type( md_info );
354
355 /* The Mbed TLS RSA module uses an unsigned int for hash length
356 * parameters. Validate that it fits so that we don't risk an
357 * overflow later. */
358#if SIZE_MAX > UINT_MAX
359 if( hash_length > UINT_MAX )
360 return( PSA_ERROR_INVALID_ARGUMENT );
361#endif
362
Ronald Crond2fb8542020-12-09 15:18:01 +0100[diff] [blame]363#if defined(BUILTIN_ALG_RSA_PKCS1V15_SIGN)
Ronald Cron7bdbca32020-12-09 13:34:54 +0100[diff] [blame]364 /* For PKCS#1 v1.5 signature, if using a hash, the hash length
365 * must be correct. */
366 if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) &&
367 alg != PSA_ALG_RSA_PKCS1V15_SIGN_RAW )
368 {
369 if( md_info == NULL )
370 return( PSA_ERROR_NOT_SUPPORTED );
371 if( mbedtls_md_get_size( md_info ) != hash_length )
372 return( PSA_ERROR_INVALID_ARGUMENT );
373 }
Ronald Crond2fb8542020-12-09 15:18:01 +0100[diff] [blame]374#endif /* BUILTIN_ALG_RSA_PKCS1V15_SIGN */
Ronald Cron7bdbca32020-12-09 13:34:54 +0100[diff] [blame]375
Ronald Crond2fb8542020-12-09 15:18:01 +0100[diff] [blame]376#if defined(BUILTIN_ALG_RSA_PSS)
Ronald Cron7bdbca32020-12-09 13:34:54 +0100[diff] [blame]377 /* PSS requires a hash internally. */
378 if( PSA_ALG_IS_RSA_PSS( alg ) )
379 {
380 if( md_info == NULL )
381 return( PSA_ERROR_NOT_SUPPORTED );
382 }
Ronald Crond2fb8542020-12-09 15:18:01 +0100[diff] [blame]383#endif /* BUILTIN_ALG_RSA_PSS */
Ronald Cron7bdbca32020-12-09 13:34:54 +0100[diff] [blame]384
385 return( PSA_SUCCESS );
386}
387
Ronald Crond2fb8542020-12-09 15:18:01 +0100[diff] [blame]388static psa_status_t rsa_sign_hash(
Ronald Cron7bdbca32020-12-09 13:34:54 +0100[diff] [blame]389 const psa_key_attributes_t *attributes,
390 const uint8_t *key_buffer, size_t key_buffer_size,
391 psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
392 uint8_t *signature, size_t signature_size, size_t *signature_length )
393{
394 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
395 mbedtls_rsa_context *rsa = NULL;
396 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
397 mbedtls_md_type_t md_alg;
398
399 status = mbedtls_psa_rsa_load_representation( attributes->core.type,
400 key_buffer,
401 key_buffer_size,
402 &rsa );
403 if( status != PSA_SUCCESS )
404 return( status );
405
406 status = psa_rsa_decode_md_type( alg, hash_length, &md_alg );
407 if( status != PSA_SUCCESS )
408 goto exit;
409
410 if( signature_size < mbedtls_rsa_get_len( rsa ) )
411 {
412 status = PSA_ERROR_BUFFER_TOO_SMALL;
413 goto exit;
414 }
415
Ronald Crond2fb8542020-12-09 15:18:01 +0100[diff] [blame]416#if defined(BUILTIN_ALG_RSA_PKCS1V15_SIGN)
Ronald Cron7bdbca32020-12-09 13:34:54 +0100[diff] [blame]417 if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) )
418 {
Ronald Cronea7631b2021-06-03 18:51:59 +0200[diff] [blame]419 ret = mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V15,
420 MBEDTLS_MD_NONE );
421 if( ret == 0 )
422 {
423 ret = mbedtls_rsa_pkcs1_sign( rsa,
424 mbedtls_psa_get_random,
425 MBEDTLS_PSA_RANDOM_STATE,
426 md_alg,
427 (unsigned int) hash_length,
428 hash,
429 signature );
430 }
Ronald Cron7bdbca32020-12-09 13:34:54 +0100[diff] [blame]431 }
432 else
Ronald Crond2fb8542020-12-09 15:18:01 +0100[diff] [blame]433#endif /* BUILTIN_ALG_RSA_PKCS1V15_SIGN */
434#if defined(BUILTIN_ALG_RSA_PSS)
Ronald Cron7bdbca32020-12-09 13:34:54 +0100[diff] [blame]435 if( PSA_ALG_IS_RSA_PSS( alg ) )
436 {
Ronald Cronea7631b2021-06-03 18:51:59 +0200[diff] [blame]437 ret = mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg );
438
439 if( ret == 0 )
440 {
441 ret = mbedtls_rsa_rsassa_pss_sign( rsa,
442 mbedtls_psa_get_random,
443 MBEDTLS_PSA_RANDOM_STATE,
444 MBEDTLS_MD_NONE,
445 (unsigned int) hash_length,
446 hash,
447 signature );
448 }
Ronald Cron7bdbca32020-12-09 13:34:54 +0100[diff] [blame]449 }
450 else
Ronald Crond2fb8542020-12-09 15:18:01 +0100[diff] [blame]451#endif /* BUILTIN_ALG_RSA_PSS */
Ronald Cron7bdbca32020-12-09 13:34:54 +0100[diff] [blame]452 {
453 status = PSA_ERROR_INVALID_ARGUMENT;
454 goto exit;
455 }
456
457 if( ret == 0 )
458 *signature_length = mbedtls_rsa_get_len( rsa );
459 status = mbedtls_to_psa_error( ret );
460
461exit:
462 mbedtls_rsa_free( rsa );
463 mbedtls_free( rsa );
464
465 return( status );
466}
467
Ronald Crond2fb8542020-12-09 15:18:01 +0100[diff] [blame]468static psa_status_t rsa_verify_hash(
Ronald Cron7bdbca32020-12-09 13:34:54 +0100[diff] [blame]469 const psa_key_attributes_t *attributes,
470 const uint8_t *key_buffer, size_t key_buffer_size,
471 psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
472 const uint8_t *signature, size_t signature_length )
473{
474 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
475 mbedtls_rsa_context *rsa = NULL;
476 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
477 mbedtls_md_type_t md_alg;
478
479 status = mbedtls_psa_rsa_load_representation( attributes->core.type,
480 key_buffer,
481 key_buffer_size,
482 &rsa );
483 if( status != PSA_SUCCESS )
484 goto exit;
485
486 status = psa_rsa_decode_md_type( alg, hash_length, &md_alg );
487 if( status != PSA_SUCCESS )
488 goto exit;
489
490 if( signature_length != mbedtls_rsa_get_len( rsa ) )
491 {
492 status = PSA_ERROR_INVALID_SIGNATURE;
493 goto exit;
494 }
495
Ronald Crond2fb8542020-12-09 15:18:01 +0100[diff] [blame]496#if defined(BUILTIN_ALG_RSA_PKCS1V15_SIGN)
Ronald Cron7bdbca32020-12-09 13:34:54 +0100[diff] [blame]497 if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) )
498 {
Ronald Cronea7631b2021-06-03 18:51:59 +0200[diff] [blame]499 ret = mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V15,
500 MBEDTLS_MD_NONE );
501 if( ret == 0 )
502 {
503 ret = mbedtls_rsa_pkcs1_verify( rsa,
504 md_alg,
505 (unsigned int) hash_length,
506 hash,
507 signature );
508 }
Ronald Cron7bdbca32020-12-09 13:34:54 +0100[diff] [blame]509 }
510 else
Ronald Crond2fb8542020-12-09 15:18:01 +0100[diff] [blame]511#endif /* BUILTIN_ALG_RSA_PKCS1V15_SIGN */
512#if defined(BUILTIN_ALG_RSA_PSS)
Ronald Cron7bdbca32020-12-09 13:34:54 +0100[diff] [blame]513 if( PSA_ALG_IS_RSA_PSS( alg ) )
514 {
Ronald Cronea7631b2021-06-03 18:51:59 +0200[diff] [blame]515 ret = mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg );
516 if( ret == 0 )
517 {
518 ret = mbedtls_rsa_rsassa_pss_verify( rsa,
519 MBEDTLS_MD_NONE,
520 (unsigned int) hash_length,
521 hash,
522 signature );
523 }
Ronald Cron7bdbca32020-12-09 13:34:54 +0100[diff] [blame]524 }
525 else
Ronald Crond2fb8542020-12-09 15:18:01 +0100[diff] [blame]526#endif /* BUILTIN_ALG_RSA_PSS */
Ronald Cron7bdbca32020-12-09 13:34:54 +0100[diff] [blame]527 {
528 status = PSA_ERROR_INVALID_ARGUMENT;
529 goto exit;
530 }
531
532 /* Mbed TLS distinguishes "invalid padding" from "valid padding but
533 * the rest of the signature is invalid". This has little use in
534 * practice and PSA doesn't report this distinction. */
535 status = ( ret == MBEDTLS_ERR_RSA_INVALID_PADDING ) ?
536 PSA_ERROR_INVALID_SIGNATURE :
537 mbedtls_to_psa_error( ret );
538
539exit:
540 mbedtls_rsa_free( rsa );
541 mbedtls_free( rsa );
542
543 return( status );
544}
545
Ronald Crond2fb8542020-12-09 15:18:01 +0100[diff] [blame]546#endif /* defined(BUILTIN_ALG_RSA_PKCS1V15_SIGN) ||
547 * defined(BUILTIN_ALG_RSA_PSS) */
Ronald Cron7bdbca32020-12-09 13:34:54 +0100[diff] [blame]548
Ronald Cronf1057d32020-11-26 19:19:10 +0100[diff] [blame]549#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \
550 defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
551
Ronald Cron784fb322020-11-30 13:55:05 +0100[diff] [blame]552psa_status_t mbedtls_psa_rsa_import_key(
553 const psa_key_attributes_t *attributes,
554 const uint8_t *data, size_t data_length,
555 uint8_t *key_buffer, size_t key_buffer_size,
556 size_t *key_buffer_length, size_t *bits )
557{
558 return( rsa_import_key( attributes, data, data_length,
559 key_buffer, key_buffer_size,
560 key_buffer_length, bits ) );
561}
562
Ronald Cronf1057d32020-11-26 19:19:10 +0100[diff] [blame]563psa_status_t mbedtls_psa_rsa_export_public_key(
564 const psa_key_attributes_t *attributes,
565 const uint8_t *key_buffer, size_t key_buffer_size,
566 uint8_t *data, size_t data_size, size_t *data_length )
567{
568 return( rsa_export_public_key( attributes, key_buffer, key_buffer_size,
569 data, data_size, data_length ) );
570}
571
Ronald Crone5ca3d82020-11-26 16:36:16 +0100[diff] [blame]572#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) ||
573 * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */
574
Jaeden Amero424fa932021-05-14 08:34:32 +0100[diff] [blame]575#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) && \
576 defined(MBEDTLS_GENPRIME)
Ronald Cron3a9c46b2020-11-06 09:38:35 +0100[diff] [blame]577psa_status_t mbedtls_psa_rsa_generate_key(
578 const psa_key_attributes_t *attributes,
579 uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
580{
581 return( rsa_generate_key( attributes, key_buffer, key_buffer_size,
582 key_buffer_length ) );
583}
Jaeden Amero424fa932021-05-14 08:34:32 +0100[diff] [blame]584#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR)
585 * defined(MBEDTLS_GENPRIME) */
Ronald Cron3a9c46b2020-11-06 09:38:35 +0100[diff] [blame]586
Ronald Crond2fb8542020-12-09 15:18:01 +0100[diff] [blame]587#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
588 defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
589psa_status_t mbedtls_psa_rsa_sign_hash(
590 const psa_key_attributes_t *attributes,
591 const uint8_t *key_buffer, size_t key_buffer_size,
592 psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
593 uint8_t *signature, size_t signature_size, size_t *signature_length )
594{
595 return( rsa_sign_hash(
596 attributes,
597 key_buffer, key_buffer_size,
598 alg, hash, hash_length,
599 signature, signature_size, signature_length ) );
600}
601
602psa_status_t mbedtls_psa_rsa_verify_hash(
603 const psa_key_attributes_t *attributes,
604 const uint8_t *key_buffer, size_t key_buffer_size,
605 psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
606 const uint8_t *signature, size_t signature_length )
607{
608 return( rsa_verify_hash(
609 attributes,
610 key_buffer, key_buffer_size,
611 alg, hash, hash_length,
612 signature, signature_length ) );
613}
614#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) ||
615 * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) */
616
Ronald Cronf1057d32020-11-26 19:19:10 +0100[diff] [blame]617/*
618 * BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY.
619 */
620
621#if defined(PSA_CRYPTO_DRIVER_TEST)
622
623#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \
624 defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY)
Ronald Cron784fb322020-11-30 13:55:05 +0100[diff] [blame]625
626psa_status_t mbedtls_transparent_test_driver_rsa_import_key(
627 const psa_key_attributes_t *attributes,
628 const uint8_t *data, size_t data_length,
629 uint8_t *key_buffer, size_t key_buffer_size,
630 size_t *key_buffer_length, size_t *bits )
631{
632 return( rsa_import_key( attributes, data, data_length,
633 key_buffer, key_buffer_size,
634 key_buffer_length, bits ) );
635}
636
Ronald Cronf1057d32020-11-26 19:19:10 +0100[diff] [blame]637psa_status_t mbedtls_transparent_test_driver_rsa_export_public_key(
638 const psa_key_attributes_t *attributes,
639 const uint8_t *key_buffer, size_t key_buffer_size,
640 uint8_t *data, size_t data_size, size_t *data_length )
641{
642 return( rsa_export_public_key( attributes, key_buffer, key_buffer_size,
643 data, data_size, data_length ) );
644}
Ronald Cron784fb322020-11-30 13:55:05 +0100[diff] [blame]645
Ronald Cronf1057d32020-11-26 19:19:10 +0100[diff] [blame]646#endif /* defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) ||
647 defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY) */
648
Ronald Cron3a9c46b2020-11-06 09:38:35 +0100[diff] [blame]649#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR)
650psa_status_t mbedtls_transparent_test_driver_rsa_generate_key(
651 const psa_key_attributes_t *attributes,
652 uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
653{
654 return( rsa_generate_key( attributes, key_buffer, key_buffer_size,
655 key_buffer_length ) );
656}
657#endif /* defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) */
658
Ronald Crond2fb8542020-12-09 15:18:01 +0100[diff] [blame]659#if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || \
660 defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS)
661psa_status_t mbedtls_transparent_test_driver_rsa_sign_hash(
662 const psa_key_attributes_t *attributes,
663 const uint8_t *key_buffer, size_t key_buffer_size,
664 psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
665 uint8_t *signature, size_t signature_size, size_t *signature_length )
666{
667#if defined(MBEDTLS_RSA_C) && \
668 (defined(MBEDTLS_PKCS1_V15) || defined(MBEDTLS_PKCS1_V21))
669 return( rsa_sign_hash(
670 attributes,
671 key_buffer, key_buffer_size,
672 alg, hash, hash_length,
673 signature, signature_size, signature_length ) );
674#else
675 (void)attributes;
676 (void)key_buffer;
677 (void)key_buffer_size;
678 (void)alg;
679 (void)hash;
680 (void)hash_length;
681 (void)signature;
682 (void)signature_size;
683 (void)signature_length;
684 return( PSA_ERROR_NOT_SUPPORTED );
685#endif
686}
687
688psa_status_t mbedtls_transparent_test_driver_rsa_verify_hash(
689 const psa_key_attributes_t *attributes,
690 const uint8_t *key_buffer, size_t key_buffer_size,
691 psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
692 const uint8_t *signature, size_t signature_length )
693{
694#if defined(MBEDTLS_RSA_C) && \
695 (defined(MBEDTLS_PKCS1_V15) || defined(MBEDTLS_PKCS1_V21))
696 return( rsa_verify_hash(
697 attributes,
698 key_buffer, key_buffer_size,
699 alg, hash, hash_length,
700 signature, signature_length ) );
701#else
702 (void)attributes;
703 (void)key_buffer;
704 (void)key_buffer_size;
705 (void)alg;
706 (void)hash;
707 (void)hash_length;
708 (void)signature;
709 (void)signature_length;
710 return( PSA_ERROR_NOT_SUPPORTED );
711#endif
712}
713#endif /* defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) ||
714 * defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) */
715
Ronald Cronf1057d32020-11-26 19:19:10 +0100[diff] [blame]716#endif /* PSA_CRYPTO_DRIVER_TEST */
717
Ronald Cron00b7bfc2020-11-25 15:25:26 +0100[diff] [blame]718#endif /* MBEDTLS_PSA_CRYPTO_C */