1 /*
2 * Test driver for signature functions.
3 * Currently supports signing and verifying precalculated hashes, using
4 * only deterministic ECDSA on curves secp256r1, secp384r1 and secp521r1.
5 */
6 /* Copyright The Mbed TLS Contributors
7 * SPDX-License-Identifier: Apache-2.0
8 *
9 * Licensed under the Apache License, Version 2.0 (the "License"); you may
10 * not use this file except in compliance with the License.
11 * You may obtain a copy of the License at
12 *
13 * http://www.apache.org/licenses/LICENSE-2.0
14 *
15 * Unless required by applicable law or agreed to in writing, software
16 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
17 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18 * See the License for the specific language governing permissions and
19 * limitations under the License.
20 */
21
22 #include <test/helpers.h>
23
24 #if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST)
25 #include "psa/crypto.h"
26 #include "psa_crypto_core.h"
27 #include "psa_crypto_ecp.h"
28 #include "psa_crypto_hash.h"
29 #include "psa_crypto_rsa.h"
30 #include "mbedtls/ecp.h"
31
32 #include "test/drivers/signature.h"
33
34 #include "mbedtls/md.h"
35 #include "mbedtls/ecdsa.h"
36
37 #include "test/random.h"
38
39 #include <string.h>
40
41 mbedtls_test_driver_signature_hooks_t
42 mbedtls_test_driver_signature_sign_hooks = MBEDTLS_TEST_DRIVER_SIGNATURE_INIT;
43 mbedtls_test_driver_signature_hooks_t
44 mbedtls_test_driver_signature_verify_hooks = MBEDTLS_TEST_DRIVER_SIGNATURE_INIT;
45
sign_hash(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * hash,size_t hash_length,uint8_t * signature,size_t signature_size,size_t * signature_length)46 psa_status_t sign_hash(
47 const psa_key_attributes_t *attributes,
48 const uint8_t *key_buffer,
49 size_t key_buffer_size,
50 psa_algorithm_t alg,
51 const uint8_t *hash,
52 size_t hash_length,
53 uint8_t *signature,
54 size_t signature_size,
55 size_t *signature_length )
56 {
57 #if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || \
58 defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS)
59 if( attributes->core.type == PSA_KEY_TYPE_RSA_KEY_PAIR )
60 {
61 return( mbedtls_transparent_test_driver_rsa_sign_hash(
62 attributes,
63 key_buffer, key_buffer_size,
64 alg, hash, hash_length,
65 signature, signature_size, signature_length ) );
66 }
67 else
68 #endif /* defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) ||
69 * defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) */
70
71 #if defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || \
72 defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA)
73 if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) )
74 {
75 if(
76 #if defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA)
77 PSA_ALG_IS_ECDSA( alg )
78 #else
79 PSA_ALG_IS_RANDOMIZED_ECDSA( alg )
80 #endif
81 )
82 {
83 return( mbedtls_transparent_test_driver_ecdsa_sign_hash(
84 attributes,
85 key_buffer, key_buffer_size,
86 alg, hash, hash_length,
87 signature, signature_size, signature_length ) );
88 }
89 else
90 {
91 return( PSA_ERROR_INVALID_ARGUMENT );
92 }
93 }
94 else
95 #endif /* defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) ||
96 * defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) */
97 {
98 (void)attributes;
99 (void)key_buffer;
100 (void)key_buffer_size;
101 (void)alg;
102 (void)hash;
103 (void)hash_length;
104 (void)signature;
105 (void)signature_size;
106 (void)signature_length;
107 return( PSA_ERROR_NOT_SUPPORTED );
108 }
109 }
110
verify_hash(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * hash,size_t hash_length,const uint8_t * signature,size_t signature_length)111 psa_status_t verify_hash(
112 const psa_key_attributes_t *attributes,
113 const uint8_t *key_buffer,
114 size_t key_buffer_size,
115 psa_algorithm_t alg,
116 const uint8_t *hash,
117 size_t hash_length,
118 const uint8_t *signature,
119 size_t signature_length )
120 {
121 #if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || \
122 defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS)
123 if( PSA_KEY_TYPE_IS_RSA( attributes->core.type ) )
124 {
125 return( mbedtls_transparent_test_driver_rsa_verify_hash(
126 attributes,
127 key_buffer, key_buffer_size,
128 alg, hash, hash_length,
129 signature, signature_length ) );
130 }
131 else
132 #endif /* defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) ||
133 * defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) */
134
135 #if defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || \
136 defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA)
137 if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) )
138 {
139 if( PSA_ALG_IS_ECDSA( alg ) )
140 {
141 return( mbedtls_transparent_test_driver_ecdsa_verify_hash(
142 attributes,
143 key_buffer, key_buffer_size,
144 alg, hash, hash_length,
145 signature, signature_length ) );
146 }
147 else
148 {
149 return( PSA_ERROR_INVALID_ARGUMENT );
150 }
151 }
152 else
153 #endif /* defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) ||
154 * defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) */
155 {
156 (void)attributes;
157 (void)key_buffer;
158 (void)key_buffer_size;
159 (void)alg;
160 (void)hash;
161 (void)hash_length;
162 (void)signature;
163 (void)signature_length;
164
165 return( PSA_ERROR_NOT_SUPPORTED );
166 }
167 }
168
mbedtls_test_transparent_signature_sign_message(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * input,size_t input_length,uint8_t * signature,size_t signature_size,size_t * signature_length)169 psa_status_t mbedtls_test_transparent_signature_sign_message(
170 const psa_key_attributes_t *attributes,
171 const uint8_t *key_buffer,
172 size_t key_buffer_size,
173 psa_algorithm_t alg,
174 const uint8_t *input,
175 size_t input_length,
176 uint8_t *signature,
177 size_t signature_size,
178 size_t *signature_length )
179 {
180 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
181 size_t hash_length;
182 uint8_t hash[PSA_HASH_MAX_SIZE];
183
184 ++mbedtls_test_driver_signature_sign_hooks.hits;
185
186 if( mbedtls_test_driver_signature_sign_hooks.forced_status != PSA_SUCCESS )
187 return( mbedtls_test_driver_signature_sign_hooks.forced_status );
188
189 if( mbedtls_test_driver_signature_sign_hooks.forced_output != NULL )
190 {
191 if( mbedtls_test_driver_signature_sign_hooks.forced_output_length > signature_size )
192 return( PSA_ERROR_BUFFER_TOO_SMALL );
193
194 memcpy( signature, mbedtls_test_driver_signature_sign_hooks.forced_output,
195 mbedtls_test_driver_signature_sign_hooks.forced_output_length );
196 *signature_length = mbedtls_test_driver_signature_sign_hooks.forced_output_length;
197
198 return( PSA_SUCCESS );
199 }
200
201 status = mbedtls_transparent_test_driver_hash_compute(
202 PSA_ALG_SIGN_GET_HASH( alg ), input, input_length,
203 hash, sizeof( hash ), &hash_length );
204
205 if( status != PSA_SUCCESS )
206 return status;
207
208 return sign_hash( attributes, key_buffer, key_buffer_size,
209 alg, hash, hash_length,
210 signature, signature_size, signature_length );
211 }
212
mbedtls_test_opaque_signature_sign_message(const psa_key_attributes_t * attributes,const uint8_t * key,size_t key_length,psa_algorithm_t alg,const uint8_t * input,size_t input_length,uint8_t * signature,size_t signature_size,size_t * signature_length)213 psa_status_t mbedtls_test_opaque_signature_sign_message(
214 const psa_key_attributes_t *attributes,
215 const uint8_t *key,
216 size_t key_length,
217 psa_algorithm_t alg,
218 const uint8_t *input,
219 size_t input_length,
220 uint8_t *signature,
221 size_t signature_size,
222 size_t *signature_length )
223 {
224 (void) attributes;
225 (void) key;
226 (void) key_length;
227 (void) alg;
228 (void) input;
229 (void) input_length;
230 (void) signature;
231 (void) signature_size;
232 (void) signature_length;
233
234 return( PSA_ERROR_NOT_SUPPORTED );
235 }
236
mbedtls_test_transparent_signature_verify_message(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * input,size_t input_length,const uint8_t * signature,size_t signature_length)237 psa_status_t mbedtls_test_transparent_signature_verify_message(
238 const psa_key_attributes_t *attributes,
239 const uint8_t *key_buffer,
240 size_t key_buffer_size,
241 psa_algorithm_t alg,
242 const uint8_t *input,
243 size_t input_length,
244 const uint8_t *signature,
245 size_t signature_length )
246 {
247 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
248 size_t hash_length;
249 uint8_t hash[PSA_HASH_MAX_SIZE];
250
251 ++mbedtls_test_driver_signature_verify_hooks.hits;
252
253 if( mbedtls_test_driver_signature_verify_hooks.forced_status != PSA_SUCCESS )
254 return( mbedtls_test_driver_signature_verify_hooks.forced_status );
255
256 status = mbedtls_transparent_test_driver_hash_compute(
257 PSA_ALG_SIGN_GET_HASH( alg ), input, input_length,
258 hash, sizeof( hash ), &hash_length );
259
260 if( status != PSA_SUCCESS )
261 return status;
262
263 return verify_hash( attributes, key_buffer, key_buffer_size,
264 alg, hash, hash_length,
265 signature, signature_length );
266 }
267
mbedtls_test_opaque_signature_verify_message(const psa_key_attributes_t * attributes,const uint8_t * key,size_t key_length,psa_algorithm_t alg,const uint8_t * input,size_t input_length,const uint8_t * signature,size_t signature_length)268 psa_status_t mbedtls_test_opaque_signature_verify_message(
269 const psa_key_attributes_t *attributes,
270 const uint8_t *key,
271 size_t key_length,
272 psa_algorithm_t alg,
273 const uint8_t *input,
274 size_t input_length,
275 const uint8_t *signature,
276 size_t signature_length )
277 {
278 (void) attributes;
279 (void) key;
280 (void) key_length;
281 (void) alg;
282 (void) input;
283 (void) input_length;
284 (void) signature;
285 (void) signature_length;
286
287 return( PSA_ERROR_NOT_SUPPORTED );
288 }
289
mbedtls_test_transparent_signature_sign_hash(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * hash,size_t hash_length,uint8_t * signature,size_t signature_size,size_t * signature_length)290 psa_status_t mbedtls_test_transparent_signature_sign_hash(
291 const psa_key_attributes_t *attributes,
292 const uint8_t *key_buffer, size_t key_buffer_size,
293 psa_algorithm_t alg,
294 const uint8_t *hash, size_t hash_length,
295 uint8_t *signature, size_t signature_size, size_t *signature_length )
296 {
297 ++mbedtls_test_driver_signature_sign_hooks.hits;
298
299 if( mbedtls_test_driver_signature_sign_hooks.forced_status != PSA_SUCCESS )
300 return( mbedtls_test_driver_signature_sign_hooks.forced_status );
301
302 if( mbedtls_test_driver_signature_sign_hooks.forced_output != NULL )
303 {
304 if( mbedtls_test_driver_signature_sign_hooks.forced_output_length > signature_size )
305 return( PSA_ERROR_BUFFER_TOO_SMALL );
306 memcpy( signature, mbedtls_test_driver_signature_sign_hooks.forced_output,
307 mbedtls_test_driver_signature_sign_hooks.forced_output_length );
308 *signature_length = mbedtls_test_driver_signature_sign_hooks.forced_output_length;
309 return( PSA_SUCCESS );
310 }
311
312 return sign_hash( attributes, key_buffer, key_buffer_size,
313 alg, hash, hash_length,
314 signature, signature_size, signature_length );
315 }
316
mbedtls_test_opaque_signature_sign_hash(const psa_key_attributes_t * attributes,const uint8_t * key,size_t key_length,psa_algorithm_t alg,const uint8_t * hash,size_t hash_length,uint8_t * signature,size_t signature_size,size_t * signature_length)317 psa_status_t mbedtls_test_opaque_signature_sign_hash(
318 const psa_key_attributes_t *attributes,
319 const uint8_t *key, size_t key_length,
320 psa_algorithm_t alg,
321 const uint8_t *hash, size_t hash_length,
322 uint8_t *signature, size_t signature_size, size_t *signature_length )
323 {
324 (void) attributes;
325 (void) key;
326 (void) key_length;
327 (void) alg;
328 (void) hash;
329 (void) hash_length;
330 (void) signature;
331 (void) signature_size;
332 (void) signature_length;
333
334 return( PSA_ERROR_NOT_SUPPORTED );
335 }
336
mbedtls_test_transparent_signature_verify_hash(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * hash,size_t hash_length,const uint8_t * signature,size_t signature_length)337 psa_status_t mbedtls_test_transparent_signature_verify_hash(
338 const psa_key_attributes_t *attributes,
339 const uint8_t *key_buffer, size_t key_buffer_size,
340 psa_algorithm_t alg,
341 const uint8_t *hash, size_t hash_length,
342 const uint8_t *signature, size_t signature_length )
343 {
344 ++mbedtls_test_driver_signature_verify_hooks.hits;
345
346 if( mbedtls_test_driver_signature_verify_hooks.forced_status != PSA_SUCCESS )
347 return( mbedtls_test_driver_signature_verify_hooks.forced_status );
348
349 return verify_hash( attributes, key_buffer, key_buffer_size,
350 alg, hash, hash_length,
351 signature, signature_length );
352 }
353
mbedtls_test_opaque_signature_verify_hash(const psa_key_attributes_t * attributes,const uint8_t * key,size_t key_length,psa_algorithm_t alg,const uint8_t * hash,size_t hash_length,const uint8_t * signature,size_t signature_length)354 psa_status_t mbedtls_test_opaque_signature_verify_hash(
355 const psa_key_attributes_t *attributes,
356 const uint8_t *key, size_t key_length,
357 psa_algorithm_t alg,
358 const uint8_t *hash, size_t hash_length,
359 const uint8_t *signature, size_t signature_length )
360 {
361 (void) attributes;
362 (void) key;
363 (void) key_length;
364 (void) alg;
365 (void) hash;
366 (void) hash_length;
367 (void) signature;
368 (void) signature_length;
369 return( PSA_ERROR_NOT_SUPPORTED );
370 }
371
372 #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */
373