diff --git a/library/pk_wrap.c b/library/pk_wrap.c index f7480c63b..03516b5f0 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -191,6 +191,75 @@ static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, return( 0 ); } +#if defined(MBEDTLS_USE_PSA_CRYPTO) +static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + unsigned char *sig, size_t sig_size, size_t *sig_len, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) +{ + mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; + psa_status_t status; + mbedtls_pk_context key; + int key_len; + unsigned char buf[MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES]; + mbedtls_pk_info_t pk_info = mbedtls_rsa_info; + psa_algorithm_t psa_alg_md = + PSA_ALG_RSA_PKCS1V15_SIGN( mbedtls_psa_translate_md( md_alg ) ); + + ((void) f_rng); + ((void) p_rng); + +#if SIZE_MAX > UINT_MAX + if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len ) + return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); +#endif /* SIZE_MAX > UINT_MAX */ + + *sig_len = mbedtls_rsa_get_len( rsa ); + if( sig_size < *sig_len ) + return( MBEDTLS_ERR_PK_BUFFER_TOO_SMALL ); + + /* mbedtls_pk_write_key_der() expects a full PK context; + * re-construct one to make it happy */ + key.pk_info = &pk_info; + key.pk_ctx = ctx; + key_len = mbedtls_pk_write_key_der( &key, buf, sizeof( buf ) ); + if( key_len <= 0 ) + return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH ); + psa_set_key_algorithm( &attributes, psa_alg_md ); + psa_set_key_type( &attributes, PSA_KEY_TYPE_RSA_KEY_PAIR ); + + status = psa_import_key( &attributes, + buf + sizeof( buf ) - key_len, key_len, + &key_id ); + if( status != PSA_SUCCESS ) + { + ret = mbedtls_pk_error_from_psa( status ); + goto cleanup; + } + + status = psa_sign_hash( key_id, psa_alg_md, hash, hash_len, + sig, sig_size, sig_len ); + if( status != PSA_SUCCESS ) + { + ret = mbedtls_pk_error_from_psa_rsa( status ); + goto cleanup; + } + + ret = 0; + +cleanup: + status = psa_destroy_key( key_id ); + if( ret == 0 && status != PSA_SUCCESS ) + ret = mbedtls_pk_error_from_psa( status ); + + return( ret ); +} +#else static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hash_len, unsigned char *sig, size_t sig_size, size_t *sig_len, @@ -211,6 +280,7 @@ static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, md_alg, (unsigned int) hash_len, hash, sig ) ); } +#endif static int rsa_decrypt_wrap( void *ctx, const unsigned char *input, size_t ilen, diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index 261794c7f..1e8819137 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -93,6 +93,8 @@ void x509_csr_check( char * key_file, char * cert_req_check_file, int md_type, memset( &rnd_info, 0x2a, sizeof( mbedtls_test_rnd_pseudo_info ) ); + USE_PSA_INIT( ); + mbedtls_pk_init( &key ); TEST_ASSERT( mbedtls_pk_parse_keyfile( &key, key_file, NULL, mbedtls_test_rnd_std_rand, NULL ) == 0 ); @@ -140,6 +142,7 @@ void x509_csr_check( char * key_file, char * cert_req_check_file, int md_type, exit: mbedtls_x509write_csr_free( &req ); mbedtls_pk_free( &key ); + USE_PSA_DONE( ); } /* END_CASE */ @@ -220,6 +223,8 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd, memset( &rnd_info, 0x2a, sizeof( mbedtls_test_rnd_pseudo_info ) ); mbedtls_mpi_init( &serial ); + USE_PSA_INIT( ); + mbedtls_pk_init( &subject_key ); mbedtls_pk_init( &issuer_key ); mbedtls_pk_init( &issuer_key_alt ); @@ -316,6 +321,7 @@ exit: mbedtls_pk_free( &subject_key ); mbedtls_pk_free( &issuer_key ); mbedtls_mpi_free( &serial ); + USE_PSA_DONE( ); } /* END_CASE */