1 /*
2 * PSA ECP layer on top of Mbed TLS crypto
3 */
4 /*
5 * Copyright The Mbed TLS Contributors
6 * SPDX-License-Identifier: Apache-2.0
7 *
8 * Licensed under the Apache License, Version 2.0 (the "License"); you may
9 * not use this file except in compliance with the License.
10 * You may obtain a copy of the License at
11 *
12 * http://www.apache.org/licenses/LICENSE-2.0
13 *
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
16 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * See the License for the specific language governing permissions and
18 * limitations under the License.
19 */
20
21 #include "common.h"
22
23 #if defined(MBEDTLS_PSA_CRYPTO_C)
24
25 #include <psa/crypto.h>
26 #include "psa_crypto_core.h"
27 #include "psa_crypto_ecp.h"
28 #include "psa_crypto_random_impl.h"
29 #include "psa_crypto_hash.h"
30
31 #include <stdlib.h>
32 #include <string.h>
33 #include "mbedtls/platform.h"
34 #if !defined(MBEDTLS_PLATFORM_C)
35 #define mbedtls_calloc calloc
36 #define mbedtls_free free
37 #endif
38
39 #include <mbedtls/ecdsa.h>
40 #include <mbedtls/ecp.h>
41 #include <mbedtls/error.h>
42
43 #if ( defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \
44 ( defined(PSA_CRYPTO_DRIVER_TEST) && \
45 defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) ) )
46 #define BUILTIN_KEY_TYPE_ECC_KEY_PAIR 1
47 #endif
48
49 #if ( defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) || \
50 ( defined(PSA_CRYPTO_DRIVER_TEST) && \
51 defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) ) )
52 #define BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY 1
53 #endif
54
55 #if ( defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
56 ( defined(PSA_CRYPTO_DRIVER_TEST) && \
57 defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) && \
58 defined(MBEDTLS_ECDSA_C) ) )
59 #define BUILTIN_ALG_ECDSA 1
60 #endif
61
62 #if ( defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) || \
63 ( defined(PSA_CRYPTO_DRIVER_TEST) && \
64 defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) && \
65 defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) ) )
66 #define BUILTIN_ALG_DETERMINISTIC_ECDSA 1
67 #endif
68
69 #if defined(BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \
70 defined(BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) || \
71 defined(BUILTIN_ALG_ECDSA) || \
72 defined(BUILTIN_ALG_DETERMINISTIC_ECDSA) || \
73 defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH)
mbedtls_psa_ecp_load_representation(psa_key_type_t type,size_t curve_bits,const uint8_t * data,size_t data_length,mbedtls_ecp_keypair ** p_ecp)74 psa_status_t mbedtls_psa_ecp_load_representation(
75 psa_key_type_t type, size_t curve_bits,
76 const uint8_t *data, size_t data_length,
77 mbedtls_ecp_keypair **p_ecp )
78 {
79 mbedtls_ecp_group_id grp_id = MBEDTLS_ECP_DP_NONE;
80 psa_status_t status;
81 mbedtls_ecp_keypair *ecp = NULL;
82 size_t curve_bytes = data_length;
83 int explicit_bits = ( curve_bits != 0 );
84
85 if( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) &&
86 PSA_KEY_TYPE_ECC_GET_FAMILY( type ) != PSA_ECC_FAMILY_MONTGOMERY )
87 {
88 /* A Weierstrass public key is represented as:
89 * - The byte 0x04;
90 * - `x_P` as a `ceiling(m/8)`-byte string, big-endian;
91 * - `y_P` as a `ceiling(m/8)`-byte string, big-endian.
92 * So its data length is 2m+1 where m is the curve size in bits.
93 */
94 if( ( data_length & 1 ) == 0 )
95 return( PSA_ERROR_INVALID_ARGUMENT );
96 curve_bytes = data_length / 2;
97
98 /* Montgomery public keys are represented in compressed format, meaning
99 * their curve_bytes is equal to the amount of input. */
100
101 /* Private keys are represented in uncompressed private random integer
102 * format, meaning their curve_bytes is equal to the amount of input. */
103 }
104
105 if( explicit_bits )
106 {
107 /* With an explicit bit-size, the data must have the matching length. */
108 if( curve_bytes != PSA_BITS_TO_BYTES( curve_bits ) )
109 return( PSA_ERROR_INVALID_ARGUMENT );
110 }
111 else
112 {
113 /* We need to infer the bit-size from the data. Since the only
114 * information we have is the length in bytes, the value of curve_bits
115 * at this stage is rounded up to the nearest multiple of 8. */
116 curve_bits = PSA_BYTES_TO_BITS( curve_bytes );
117 }
118
119 /* Allocate and initialize a key representation. */
120 ecp = mbedtls_calloc( 1, sizeof( mbedtls_ecp_keypair ) );
121 if( ecp == NULL )
122 return( PSA_ERROR_INSUFFICIENT_MEMORY );
123 mbedtls_ecp_keypair_init( ecp );
124
125 /* Load the group. */
126 grp_id = mbedtls_ecc_group_of_psa( PSA_KEY_TYPE_ECC_GET_FAMILY( type ),
127 curve_bits, !explicit_bits );
128 if( grp_id == MBEDTLS_ECP_DP_NONE )
129 {
130 /* We can't distinguish between a nonsensical family/size combination
131 * (which would warrant PSA_ERROR_INVALID_ARGUMENT) and a
132 * well-regarded curve that Mbed TLS just doesn't know about (which
133 * would warrant PSA_ERROR_NOT_SUPPORTED). For uniformity with how
134 * curves that Mbed TLS knows about but for which support is disabled
135 * at build time, return NOT_SUPPORTED. */
136 status = PSA_ERROR_NOT_SUPPORTED;
137 goto exit;
138 }
139
140 status = mbedtls_to_psa_error(
141 mbedtls_ecp_group_load( &ecp->grp, grp_id ) );
142 if( status != PSA_SUCCESS )
143 goto exit;
144
145 /* Load the key material. */
146 if( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) )
147 {
148 /* Load the public value. */
149 status = mbedtls_to_psa_error(
150 mbedtls_ecp_point_read_binary( &ecp->grp, &ecp->Q,
151 data,
152 data_length ) );
153 if( status != PSA_SUCCESS )
154 goto exit;
155
156 /* Check that the point is on the curve. */
157 status = mbedtls_to_psa_error(
158 mbedtls_ecp_check_pubkey( &ecp->grp, &ecp->Q ) );
159 if( status != PSA_SUCCESS )
160 goto exit;
161 }
162 else
163 {
164 /* Load and validate the secret value. */
165 status = mbedtls_to_psa_error(
166 mbedtls_ecp_read_key( ecp->grp.id,
167 ecp,
168 data,
169 data_length ) );
170 if( status != PSA_SUCCESS )
171 goto exit;
172 }
173
174 *p_ecp = ecp;
175 exit:
176 if( status != PSA_SUCCESS )
177 {
178 mbedtls_ecp_keypair_free( ecp );
179 mbedtls_free( ecp );
180 }
181
182 return( status );
183 }
184 #endif /* defined(BUILTIN_KEY_TYPE_ECC_KEY_PAIR) ||
185 * defined(BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) ||
186 * defined(BUILTIN_ALG_ECDSA) ||
187 * defined(BUILTIN_ALG_DETERMINISTIC_ECDSA) ||
188 * defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) */
189
190 #if defined(BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \
191 defined(BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)
192
ecp_import_key(const psa_key_attributes_t * attributes,const uint8_t * data,size_t data_length,uint8_t * key_buffer,size_t key_buffer_size,size_t * key_buffer_length,size_t * bits)193 static psa_status_t ecp_import_key(
194 const psa_key_attributes_t *attributes,
195 const uint8_t *data, size_t data_length,
196 uint8_t *key_buffer, size_t key_buffer_size,
197 size_t *key_buffer_length, size_t *bits )
198 {
199 psa_status_t status;
200 mbedtls_ecp_keypair *ecp = NULL;
201
202 /* Parse input */
203 status = mbedtls_psa_ecp_load_representation( attributes->core.type,
204 attributes->core.bits,
205 data,
206 data_length,
207 &ecp );
208 if( status != PSA_SUCCESS )
209 goto exit;
210
211 if( PSA_KEY_TYPE_ECC_GET_FAMILY( attributes->core.type ) ==
212 PSA_ECC_FAMILY_MONTGOMERY )
213 *bits = ecp->grp.nbits + 1;
214 else
215 *bits = ecp->grp.nbits;
216
217 /* Re-export the data to PSA export format. There is currently no support
218 * for other input formats then the export format, so this is a 1-1
219 * copy operation. */
220 status = mbedtls_psa_ecp_export_key( attributes->core.type,
221 ecp,
222 key_buffer,
223 key_buffer_size,
224 key_buffer_length );
225 exit:
226 /* Always free the PK object (will also free contained ECP context) */
227 mbedtls_ecp_keypair_free( ecp );
228 mbedtls_free( ecp );
229
230 return( status );
231 }
232
mbedtls_psa_ecp_export_key(psa_key_type_t type,mbedtls_ecp_keypair * ecp,uint8_t * data,size_t data_size,size_t * data_length)233 psa_status_t mbedtls_psa_ecp_export_key( psa_key_type_t type,
234 mbedtls_ecp_keypair *ecp,
235 uint8_t *data,
236 size_t data_size,
237 size_t *data_length )
238 {
239 psa_status_t status;
240
241 if( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) )
242 {
243 /* Check whether the public part is loaded */
244 if( mbedtls_ecp_is_zero( &ecp->Q ) )
245 {
246 /* Calculate the public key */
247 status = mbedtls_to_psa_error(
248 mbedtls_ecp_mul( &ecp->grp, &ecp->Q, &ecp->d, &ecp->grp.G,
249 mbedtls_psa_get_random,
250 MBEDTLS_PSA_RANDOM_STATE ) );
251 if( status != PSA_SUCCESS )
252 return( status );
253 }
254
255 status = mbedtls_to_psa_error(
256 mbedtls_ecp_point_write_binary( &ecp->grp, &ecp->Q,
257 MBEDTLS_ECP_PF_UNCOMPRESSED,
258 data_length,
259 data,
260 data_size ) );
261 if( status != PSA_SUCCESS )
262 memset( data, 0, data_size );
263
264 return( status );
265 }
266 else
267 {
268 if( data_size < PSA_BITS_TO_BYTES( ecp->grp.nbits ) )
269 return( PSA_ERROR_BUFFER_TOO_SMALL );
270
271 status = mbedtls_to_psa_error(
272 mbedtls_ecp_write_key( ecp,
273 data,
274 PSA_BITS_TO_BYTES( ecp->grp.nbits ) ) );
275 if( status == PSA_SUCCESS )
276 *data_length = PSA_BITS_TO_BYTES( ecp->grp.nbits );
277 else
278 memset( data, 0, data_size );
279
280 return( status );
281 }
282 }
283
ecp_export_public_key(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,uint8_t * data,size_t data_size,size_t * data_length)284 static psa_status_t ecp_export_public_key(
285 const psa_key_attributes_t *attributes,
286 const uint8_t *key_buffer, size_t key_buffer_size,
287 uint8_t *data, size_t data_size, size_t *data_length )
288 {
289 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
290 mbedtls_ecp_keypair *ecp = NULL;
291
292 status = mbedtls_psa_ecp_load_representation(
293 attributes->core.type, attributes->core.bits,
294 key_buffer, key_buffer_size, &ecp );
295 if( status != PSA_SUCCESS )
296 return( status );
297
298 status = mbedtls_psa_ecp_export_key(
299 PSA_KEY_TYPE_ECC_PUBLIC_KEY(
300 PSA_KEY_TYPE_ECC_GET_FAMILY( attributes->core.type ) ),
301 ecp, data, data_size, data_length );
302
303 mbedtls_ecp_keypair_free( ecp );
304 mbedtls_free( ecp );
305
306 return( status );
307 }
308 #endif /* defined(BUILTIN_KEY_TYPE_ECC_KEY_PAIR) ||
309 * defined(BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) */
310
311 #if defined(BUILTIN_KEY_TYPE_ECC_KEY_PAIR)
ecp_generate_key(const psa_key_attributes_t * attributes,uint8_t * key_buffer,size_t key_buffer_size,size_t * key_buffer_length)312 static psa_status_t ecp_generate_key(
313 const psa_key_attributes_t *attributes,
314 uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
315 {
316 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
317 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
318
319 psa_ecc_family_t curve = PSA_KEY_TYPE_ECC_GET_FAMILY(
320 attributes->core.type );
321 mbedtls_ecp_group_id grp_id =
322 mbedtls_ecc_group_of_psa( curve, attributes->core.bits, 0 );
323
324 const mbedtls_ecp_curve_info *curve_info =
325 mbedtls_ecp_curve_info_from_grp_id( grp_id );
326 mbedtls_ecp_keypair ecp;
327
328 if( attributes->domain_parameters_size != 0 )
329 return( PSA_ERROR_NOT_SUPPORTED );
330
331 if( grp_id == MBEDTLS_ECP_DP_NONE || curve_info == NULL )
332 return( PSA_ERROR_NOT_SUPPORTED );
333
334 mbedtls_ecp_keypair_init( &ecp );
335 ret = mbedtls_ecp_gen_key( grp_id, &ecp,
336 mbedtls_psa_get_random,
337 MBEDTLS_PSA_RANDOM_STATE );
338 if( ret != 0 )
339 {
340 mbedtls_ecp_keypair_free( &ecp );
341 return( mbedtls_to_psa_error( ret ) );
342 }
343
344 status = mbedtls_to_psa_error(
345 mbedtls_ecp_write_key( &ecp, key_buffer, key_buffer_size ) );
346
347 mbedtls_ecp_keypair_free( &ecp );
348
349 if( status == PSA_SUCCESS )
350 *key_buffer_length = key_buffer_size;
351
352 return( status );
353 }
354 #endif /* defined(BUILTIN_KEY_TYPE_ECC_KEY_PAIR) */
355
356 /****************************************************************/
357 /* ECDSA sign/verify */
358 /****************************************************************/
359
360 #if defined(BUILTIN_ALG_ECDSA) || \
361 defined(BUILTIN_ALG_DETERMINISTIC_ECDSA)
ecdsa_sign_hash(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * hash,size_t hash_length,uint8_t * signature,size_t signature_size,size_t * signature_length)362 static psa_status_t ecdsa_sign_hash(
363 const psa_key_attributes_t *attributes,
364 const uint8_t *key_buffer, size_t key_buffer_size,
365 psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
366 uint8_t *signature, size_t signature_size, size_t *signature_length )
367 {
368 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
369 mbedtls_ecp_keypair *ecp = NULL;
370 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
371 size_t curve_bytes;
372 mbedtls_mpi r, s;
373
374 status = mbedtls_psa_ecp_load_representation( attributes->core.type,
375 attributes->core.bits,
376 key_buffer,
377 key_buffer_size,
378 &ecp );
379 if( status != PSA_SUCCESS )
380 return( status );
381
382 curve_bytes = PSA_BITS_TO_BYTES( ecp->grp.pbits );
383 mbedtls_mpi_init( &r );
384 mbedtls_mpi_init( &s );
385
386 if( signature_size < 2 * curve_bytes )
387 {
388 ret = MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
389 goto cleanup;
390 }
391
392 if( PSA_ALG_ECDSA_IS_DETERMINISTIC( alg ) )
393 {
394 #if defined(BUILTIN_ALG_DETERMINISTIC_ECDSA)
395 psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg );
396 const mbedtls_md_info_t *md_info = mbedtls_md_info_from_psa( hash_alg );
397 mbedtls_md_type_t md_alg = mbedtls_md_get_type( md_info );
398 MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign_det_ext(
399 &ecp->grp, &r, &s,
400 &ecp->d, hash,
401 hash_length, md_alg,
402 mbedtls_psa_get_random,
403 MBEDTLS_PSA_RANDOM_STATE ) );
404 #else
405 ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
406 goto cleanup;
407 #endif /* defined(BUILTIN_ALG_DETERMINISTIC_ECDSA) */
408 }
409 else
410 {
411 (void) alg;
412 MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign( &ecp->grp, &r, &s, &ecp->d,
413 hash, hash_length,
414 mbedtls_psa_get_random,
415 MBEDTLS_PSA_RANDOM_STATE ) );
416 }
417
418 MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &r,
419 signature,
420 curve_bytes ) );
421 MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &s,
422 signature + curve_bytes,
423 curve_bytes ) );
424 cleanup:
425 mbedtls_mpi_free( &r );
426 mbedtls_mpi_free( &s );
427 if( ret == 0 )
428 *signature_length = 2 * curve_bytes;
429
430 mbedtls_ecp_keypair_free( ecp );
431 mbedtls_free( ecp );
432
433 return( mbedtls_to_psa_error( ret ) );
434 }
435
ecdsa_verify_hash(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * hash,size_t hash_length,const uint8_t * signature,size_t signature_length)436 static psa_status_t ecdsa_verify_hash(
437 const psa_key_attributes_t *attributes,
438 const uint8_t *key_buffer, size_t key_buffer_size,
439 psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
440 const uint8_t *signature, size_t signature_length )
441 {
442 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
443 mbedtls_ecp_keypair *ecp = NULL;
444 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
445 size_t curve_bytes;
446 mbedtls_mpi r, s;
447
448 (void)alg;
449
450 status = mbedtls_psa_ecp_load_representation( attributes->core.type,
451 attributes->core.bits,
452 key_buffer,
453 key_buffer_size,
454 &ecp );
455 if( status != PSA_SUCCESS )
456 return( status );
457
458 curve_bytes = PSA_BITS_TO_BYTES( ecp->grp.pbits );
459 mbedtls_mpi_init( &r );
460 mbedtls_mpi_init( &s );
461
462 if( signature_length != 2 * curve_bytes )
463 {
464 ret = MBEDTLS_ERR_ECP_VERIFY_FAILED;
465 goto cleanup;
466 }
467
468 MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &r,
469 signature,
470 curve_bytes ) );
471 MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &s,
472 signature + curve_bytes,
473 curve_bytes ) );
474
475 /* Check whether the public part is loaded. If not, load it. */
476 if( mbedtls_ecp_is_zero( &ecp->Q ) )
477 {
478 MBEDTLS_MPI_CHK(
479 mbedtls_ecp_mul( &ecp->grp, &ecp->Q, &ecp->d, &ecp->grp.G,
480 mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE ) );
481 }
482
483 ret = mbedtls_ecdsa_verify( &ecp->grp, hash, hash_length,
484 &ecp->Q, &r, &s );
485
486 cleanup:
487 mbedtls_mpi_free( &r );
488 mbedtls_mpi_free( &s );
489 mbedtls_ecp_keypair_free( ecp );
490 mbedtls_free( ecp );
491
492 return( mbedtls_to_psa_error( ret ) );
493 }
494
495 #endif /* defined(BUILTIN_ALG_ECDSA) || \
496 * defined(BUILTIN_ALG_DETERMINISTIC_ECDSA) */
497
498 #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \
499 defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)
500
mbedtls_psa_ecp_import_key(const psa_key_attributes_t * attributes,const uint8_t * data,size_t data_length,uint8_t * key_buffer,size_t key_buffer_size,size_t * key_buffer_length,size_t * bits)501 psa_status_t mbedtls_psa_ecp_import_key(
502 const psa_key_attributes_t *attributes,
503 const uint8_t *data, size_t data_length,
504 uint8_t *key_buffer, size_t key_buffer_size,
505 size_t *key_buffer_length, size_t *bits )
506 {
507 return( ecp_import_key( attributes, data, data_length,
508 key_buffer, key_buffer_size,
509 key_buffer_length, bits ) );
510 }
511
mbedtls_psa_ecp_export_public_key(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,uint8_t * data,size_t data_size,size_t * data_length)512 psa_status_t mbedtls_psa_ecp_export_public_key(
513 const psa_key_attributes_t *attributes,
514 const uint8_t *key_buffer, size_t key_buffer_size,
515 uint8_t *data, size_t data_size, size_t *data_length )
516 {
517 return( ecp_export_public_key( attributes, key_buffer, key_buffer_size,
518 data, data_size, data_length ) );
519 }
520
521 #endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) ||
522 * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) */
523
524 #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR)
mbedtls_psa_ecp_generate_key(const psa_key_attributes_t * attributes,uint8_t * key_buffer,size_t key_buffer_size,size_t * key_buffer_length)525 psa_status_t mbedtls_psa_ecp_generate_key(
526 const psa_key_attributes_t *attributes,
527 uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
528 {
529 return( ecp_generate_key( attributes, key_buffer, key_buffer_size,
530 key_buffer_length ) );
531 }
532 #endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) */
533
534
535 #if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
536 defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
537
mbedtls_psa_ecdsa_sign_hash(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * hash,size_t hash_length,uint8_t * signature,size_t signature_size,size_t * signature_length)538 psa_status_t mbedtls_psa_ecdsa_sign_hash(
539 const psa_key_attributes_t *attributes,
540 const uint8_t *key_buffer, size_t key_buffer_size,
541 psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
542 uint8_t *signature, size_t signature_size, size_t *signature_length )
543 {
544
545 return( ecdsa_sign_hash( attributes,
546 key_buffer, key_buffer_size,
547 alg, hash, hash_length,
548 signature, signature_size, signature_length ) );
549 }
550
mbedtls_psa_ecdsa_verify_hash(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * hash,size_t hash_length,const uint8_t * signature,size_t signature_length)551 psa_status_t mbedtls_psa_ecdsa_verify_hash(
552 const psa_key_attributes_t *attributes,
553 const uint8_t *key_buffer, size_t key_buffer_size,
554 psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
555 const uint8_t *signature, size_t signature_length )
556 {
557 return( ecdsa_verify_hash( attributes,
558 key_buffer, key_buffer_size,
559 alg, hash, hash_length,
560 signature, signature_length ) );
561 }
562
563 #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) ||
564 * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */
565
566 /*
567 * BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY.
568 */
569
570 #if defined(PSA_CRYPTO_DRIVER_TEST)
571
572 #if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \
573 defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY)
574
mbedtls_test_driver_ecp_import_key(const psa_key_attributes_t * attributes,const uint8_t * data,size_t data_length,uint8_t * key_buffer,size_t key_buffer_size,size_t * key_buffer_length,size_t * bits)575 psa_status_t mbedtls_test_driver_ecp_import_key(
576 const psa_key_attributes_t *attributes,
577 const uint8_t *data, size_t data_length,
578 uint8_t *key_buffer, size_t key_buffer_size,
579 size_t *key_buffer_length, size_t *bits )
580 {
581 return( ecp_import_key( attributes, data, data_length,
582 key_buffer, key_buffer_size,
583 key_buffer_length, bits ) );
584 }
585
mbedtls_test_driver_ecp_export_public_key(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,uint8_t * data,size_t data_size,size_t * data_length)586 psa_status_t mbedtls_test_driver_ecp_export_public_key(
587 const psa_key_attributes_t *attributes,
588 const uint8_t *key_buffer, size_t key_buffer_size,
589 uint8_t *data, size_t data_size, size_t *data_length )
590 {
591 return( ecp_export_public_key( attributes, key_buffer, key_buffer_size,
592 data, data_size, data_length ) );
593 }
594
595 #endif /* defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) ||
596 defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) */
597
598 #if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) && \
599 defined(MBEDTLS_GENPRIME)
mbedtls_transparent_test_driver_ecp_generate_key(const psa_key_attributes_t * attributes,uint8_t * key_buffer,size_t key_buffer_size,size_t * key_buffer_length)600 psa_status_t mbedtls_transparent_test_driver_ecp_generate_key(
601 const psa_key_attributes_t *attributes,
602 uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
603 {
604 return( ecp_generate_key( attributes, key_buffer, key_buffer_size,
605 key_buffer_length ) );
606 }
607 #endif /* defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) &&
608 defined(MBEDTLS_GENPRIME) */
609
610 #if defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || \
611 defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA)
612
mbedtls_transparent_test_driver_ecdsa_sign_hash(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * hash,size_t hash_length,uint8_t * signature,size_t signature_size,size_t * signature_length)613 psa_status_t mbedtls_transparent_test_driver_ecdsa_sign_hash(
614 const psa_key_attributes_t *attributes,
615 const uint8_t *key_buffer, size_t key_buffer_size,
616 psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
617 uint8_t *signature, size_t signature_size, size_t *signature_length )
618 {
619
620 #if defined(MBEDTLS_ECDSA_C)
621 return( ecdsa_sign_hash( attributes,
622 key_buffer, key_buffer_size,
623 alg, hash, hash_length,
624 signature, signature_size, signature_length ) );
625 #else
626 (void)attributes;
627 (void)key_buffer;
628 (void)key_buffer_size;
629 (void)alg;
630 (void)hash;
631 (void)hash_length;
632 (void)signature;
633 (void)signature_size;
634 (void)signature_length;
635 return( PSA_ERROR_NOT_SUPPORTED );
636 #endif
637 }
638
mbedtls_transparent_test_driver_ecdsa_verify_hash(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * hash,size_t hash_length,const uint8_t * signature,size_t signature_length)639 psa_status_t mbedtls_transparent_test_driver_ecdsa_verify_hash(
640 const psa_key_attributes_t *attributes,
641 const uint8_t *key_buffer, size_t key_buffer_size,
642 psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
643 const uint8_t *signature, size_t signature_length )
644 {
645 #if defined(MBEDTLS_ECDSA_C)
646 return( ecdsa_verify_hash( attributes,
647 key_buffer, key_buffer_size,
648 alg, hash, hash_length,
649 signature, signature_length ) );
650 #else
651 (void)attributes;
652 (void)key_buffer;
653 (void)key_buffer_size;
654 (void)alg;
655 (void)hash;
656 (void)hash_length;
657 (void)signature;
658 (void)signature_length;
659 return( PSA_ERROR_NOT_SUPPORTED );
660 #endif
661 }
662
663 #endif /* defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) ||
664 * defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) */
665
666 #endif /* PSA_CRYPTO_DRIVER_TEST */
667
668 #endif /* MBEDTLS_PSA_CRYPTO_C */
669