diff --git a/platform/ext/target/arm/drivers/cc3xx/common/cc3xx_error.h b/platform/ext/target/arm/drivers/cc3xx/common/cc3xx_error.h index 574f6214d7..1319cb8aa6 100644 --- a/platform/ext/target/arm/drivers/cc3xx/common/cc3xx_error.h +++ b/platform/ext/target/arm/drivers/cc3xx/common/cc3xx_error.h @@ -46,6 +46,8 @@ enum cc3xx_error { CC3XX_ERR_DRBG_INVALID_ID, CC3XX_ERR_DCU_LOCKED, CC3XX_ERR_DCU_MASK_MISMATCH, + CC3XX_ERR_RSA_ENCODE_MSG_TOO_LONG, + CC3XX_ERR_INVALID_ALGORITHM, CC3XX_ERR_MAX_VALUE = UINT32_MAX }; diff --git a/platform/ext/target/arm/drivers/cc3xx/low_level_driver/CMakeLists.txt b/platform/ext/target/arm/drivers/cc3xx/low_level_driver/CMakeLists.txt index 42bec904ea..8269850408 100644 --- a/platform/ext/target/arm/drivers/cc3xx/low_level_driver/CMakeLists.txt +++ b/platform/ext/target/arm/drivers/cc3xx/low_level_driver/CMakeLists.txt @@ -13,8 +13,8 @@ endif() target_sources(${CC3XX_TARGET_NAME} PRIVATE - src/cc3xx_lcs.c - src/cc3xx_otp.c + # src/cc3xx_lcs.c + # src/cc3xx_otp.c src/cc3xx_rng.c src/cc3xx_hash.c src/cc3xx_aes.c @@ -37,18 +37,10 @@ target_sources(${CC3XX_TARGET_NAME} src/cc3xx_ec_projective_point.c src/cc3xx_ecdh.c src/cc3xx_dcu.c + src/cc3xx_rsa.c ../common/cc3xx_stdlib.c ) -# This file is the performance-limit for ECDSA, so should be compiled with the -# highest possible optimizations for speed, even when we are optimizing for -# code size. -string(TOLOWER "${CMAKE_BUILD_TYPE}" BUILD_TYPE_LOWER) -if (${BUILD_TYPE_LOWER} STREQUAL "release" OR ${BUILD_TYPE_LOWER} STREQUAL "minsizerel") - set_source_files_properties(src/cc3xx_pka.c - PROPERTIES COMPILE_FLAGS -Ofast - ) -endif() target_include_directories(${CC3XX_TARGET_NAME} PUBLIC diff --git a/platform/ext/target/arm/drivers/cc3xx/low_level_driver/include/cc3xx_pka.h b/platform/ext/target/arm/drivers/cc3xx/low_level_driver/include/cc3xx_pka.h index 08ad03b8a2..acce1044c4 100644 --- a/platform/ext/target/arm/drivers/cc3xx/low_level_driver/include/cc3xx_pka.h +++ b/platform/ext/target/arm/drivers/cc3xx/low_level_driver/include/cc3xx_pka.h @@ -95,7 +95,7 @@ void cc3xx_lowlevel_pka_write_reg_swap_endian(cc3xx_pka_reg_id_t reg_id, const u /** * @brief Read data from a PKA register. * - * @param[in] id The register ID to write data into. + * @param[in] id The register ID to write data into. TYPO???? TO READ DATA FROM MAYBE? * @param[out] data Buffer the data will be written into. * @param[in] len The size in bytes of the data to be read. Must * be a multiple of sizeof(uint32_t). The buffer diff --git a/platform/ext/target/arm/drivers/cc3xx/low_level_driver/include/cc3xx_rsa.h b/platform/ext/target/arm/drivers/cc3xx/low_level_driver/include/cc3xx_rsa.h new file mode 100644 index 0000000000..e7e201724f --- /dev/null +++ b/platform/ext/target/arm/drivers/cc3xx/low_level_driver/include/cc3xx_rsa.h @@ -0,0 +1,36 @@ +// #ifdef USE_PSA_CRYPTOCELL +// #include "psa/crypto.h" +// #include "psa_crypto_driver_wrappers.h" +// #endif + + +#include +#include +#include + +/*Should I just throw an error or ignore this? If this is not defined +bigger problems probably exists*/ +#ifndef PSA_MAX_RSA_KEY_BITS + #define PSA_MAX_RSA_KEY_BITS 2048 +#endif + +/*There has to exist macro for this "8" --can use "#define PKA_WORD_SIZE 8" +but that's defined in a cc3xx_pka.c file? Should I move it to header file?*/ +#define PSA_MAX_RSA_KEY_BYTES PSA_MAX_RSA_KEY_BITS/8 +#define PSA_MAX_RSA_KEY_WORDS PSA_MAX_RSA_KEY_BYTES/sizeof(uint32_t) + +cc3xx_err_t cc3xx_lowlevel_rsa_pkcs1v15_encode( + const uint8_t *input, /* Message */ + size_t input_size, /* Lenght of the message to encode inn octets */ + uint32_t encoded_msg_length, /* Intended length of the encoded msg*/ + psa_algorithm_t hash_alg, /*The hash alh used*/ + uint8_t *output_buf /* Pointer to the output buffer */ + +); + +cc3xx_err_t cc3xx_lowlevel_rsa_sign( + const uint8_t *key, /* Priv key id */ + const uint8_t *input, /* DataIn to encrypt */ + size_t input_size, + uint32_t *signature /* Buffer for data out */ + ); \ No newline at end of file diff --git a/platform/ext/target/arm/drivers/cc3xx/low_level_driver/src/cc3xx_rsa.c b/platform/ext/target/arm/drivers/cc3xx/low_level_driver/src/cc3xx_rsa.c new file mode 100644 index 0000000000..9b340072b3 --- /dev/null +++ b/platform/ext/target/arm/drivers/cc3xx/low_level_driver/src/cc3xx_rsa.c @@ -0,0 +1,331 @@ +/* + * Probably a lot of defines and ifdefs needed in order to run anything + */ + +/* #ifdef USE_PSA_CRYPTOCELL */ +#include "psa/crypto.h" +#include "psa_crypto_driver_wrappers.h" +/* #endif */ +#include "cc3xx_rsa.h" +#include +#include +#include // To be removed when I find correct error handling for printf + +#define MODSIZE_IN_BYTES 256 +#define PRIV_EXP_IN_BYTES 256 + + +// /*Should I just throw an error or ignore this?*/ +// #ifndef PSA_MAX_RSA_KEY_BITS +// #define PSA_MAX_RSA_KEY_BITS 2048 +// #endif + +// /*There has to exist macro for this "8" */ +// #define PSA_MAX_RSA_KEY_BYTES PSA_MAX_RSA_KEY_BITS/8 + +typedef enum { + VERSION = 0, + MODULUS, + PUBLIC_EXPONENT, + PRIVATE_EXPONENT, + PRIME1, + PRIME2, + EXPONENT1, + EXPONENT2, + COEFFICIENT, + + OTHER +} rsa_key_compotents ; +#define HASH_DER_CODE_MAX_SIZE_BYTES 20 +typedef struct HashDerCode_t { + uint32_t algIdSizeBytes; + psa_algorithm_t hashMode; + uint8_t algId[HASH_DER_CODE_MAX_SIZE_BYTES]; +}HashDerCode_t; + + +static const HashDerCode_t gHashDerCodes[] = { + {15,PSA_ALG_SHA_1 , {0x30,0x21,0x30,0x09,0x06,0x05,0x2b,0x0e,0x03,0x02,0x1a,0x05,0x00,0x04,0x14}}, /*SHA1*/ + {19,PSA_ALG_SHA_224, {0x30,0x2D,0x30,0x0D,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x04,0x05,0x00,0x04,0x1C}}, /*SHA224*/ + {19,PSA_ALG_SHA_256 , {0x30,0x31,0x30,0x0D,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05,0x00,0x04,0x20}}, /*SHA256*/ + {19,PSA_ALG_SHA_384, {0x30,0x41,0x30,0x0D,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x02,0x05,0x00,0x04,0x30}}, /*SHA384*/ + {19,PSA_ALG_SHA_512 , {0x30,0x51,0x30,0x0D,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,0x05,0x00,0x04,0x40}}, /*SHA512*/ + {18,PSA_ALG_MD5 , {0x30,0x20,0x30,0x0c,0x06,0x08,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x02,0x05,0x05,0x00,0x04,0x10}}, /*MD5*/ + {19,PSA_ALG_SHA_512_224, {0x30,0x2d,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x05,0x05,0x00,0x04,0x1c}}, /*SHA512/224*/ + {19,PSA_ALG_SHA_512_256, {0x30,0x31,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x06,0x05,0x00,0x04,0x20}}, /*SHA512/256*/ + + + +}; +int cc3xx_get_rsa_key_component(const uint8_t *key_buffer, uint32_t *output_buf, rsa_key_compotents component); + +// Swap in a buffer +cc3xx_err_t cc3xx_word_swap(uint32_t *input_buf, uint32_t *output_buf, uint8_t buf_size); + +cc3xx_err_t cc3xx_get_der_encoding(psa_algorithm_t hash_alg, uint8_t **pHashAlgId, uint32_t *hashAlgIdSize ); + +cc3xx_err_t cc3xx_get_der_encoding(psa_algorithm_t hash_alg, uint8_t **pHashAlgId, uint32_t *hashAlgIdSize ){ + + switch (hash_alg) + { + case PSA_ALG_SHA_1: + *pHashAlgId = gHashDerCodes[0].algId; + *hashAlgIdSize = gHashDerCodes[0].algIdSizeBytes; + return CC3XX_ERR_SUCCESS; + case PSA_ALG_SHA_224: + *pHashAlgId = gHashDerCodes[1].algId; + *hashAlgIdSize = gHashDerCodes[1].algIdSizeBytes; + return CC3XX_ERR_SUCCESS; + case PSA_ALG_SHA_256: + *pHashAlgId = gHashDerCodes[2].algId; + *hashAlgIdSize = gHashDerCodes[2].algIdSizeBytes; + return CC3XX_ERR_SUCCESS; + case PSA_ALG_SHA_384: + *pHashAlgId = gHashDerCodes[3].algId; + *hashAlgIdSize = gHashDerCodes[3].algIdSizeBytes; + return CC3XX_ERR_SUCCESS; + case PSA_ALG_SHA_512: + *pHashAlgId = gHashDerCodes[4].algId; + *hashAlgIdSize = gHashDerCodes[4].algIdSizeBytes; + return CC3XX_ERR_SUCCESS; + case PSA_ALG_MD5: + *pHashAlgId = gHashDerCodes[5].algId; + *hashAlgIdSize = gHashDerCodes[5].algIdSizeBytes; + return CC3XX_ERR_SUCCESS; + case PSA_ALG_SHA_512_224: + *pHashAlgId = gHashDerCodes[6].algId; + *hashAlgIdSize = gHashDerCodes[6].algIdSizeBytes; + return CC3XX_ERR_SUCCESS; + case PSA_ALG_SHA_512_256: + *pHashAlgId = gHashDerCodes[7].algId; + *hashAlgIdSize = gHashDerCodes[7].algIdSizeBytes; + return CC3XX_ERR_SUCCESS; + default: + return CC3XX_ERR_INVALID_ALGORITHM; + } +} + + +cc3xx_err_t cc3xx_lowlevel_rsa_pkcs1v15_encode( + const uint8_t *input, /* Message */ + size_t input_size, /* Lenght of the message to encode inn octets */ + uint32_t encoded_msg_length, /* Intended length of the encoded msg*/ + psa_algorithm_t hash_alg, + uint8_t *output_buf /* Pointer to the output buffer */ + +) +{ + /*----------------IGNORING HASHING--------------*/ + + /* Error to success, ask if this is something that is supposed to be one */ + cc3xx_err_t err = CC3XX_ERR_SUCCESS; + /* Assume RAW MODE, remember to edit and add guards later + * Check if intended length in octets of the encoded message, at + least tLen + 11, where tLen is the octet length of the + Distinguished Encoding Rules (DER) encoding T of + a certain value computed during the encoding operation (per def) + */ + /* The pointer to Hash Alg. ID (DER code) and its size */ + + + + int32_t PSSize; + if(encoded_msg_length < input_size + 11){ + return CC3XX_ERR_RSA_ENCODE_MSG_TOO_LONG; + } + /*---------------------------------------------------*/ + /* Encryption block formating for EMSA-PKCS1-v1_5: */ + /* 00 || 01 || PS || 00 || T */ + /* MSB LSB */ + /* Note: BT=02, PS=FF...FF, T=DER||Hash(M) */ + /*---------------------------------------------------*/ + /* The pointer to Hash Alg. ID (DER code) and its size */ + uint8_t *pHashAlgId = NULL; + uint32_t hashAlgIdSize = 0; + // To be fixed, won't return correct value, dict would be perfect here, think of another implementation, maybe switch statement? + // hashAlgIdSize = gHashDerCodes[hash_alg].algIdSizeBytes; // Returns size in bytes + // *pHashAlgId = gHashDerCodes[hash_alg].algId; + err = cc3xx_get_der_encoding(hash_alg, &pHashAlgId, &hashAlgIdSize); + + if(err != CC3XX_ERR_SUCCESS){ + return err; + } + + + PSSize = encoded_msg_length - input_size - 3 - hashAlgIdSize; + output_buf[0] = 0x00; + output_buf[1] = 0x01; + memset(output_buf + 2, 0xFF, PSSize); + output_buf[PSSize + 2] = 0x00; + + // If statement for later is_hash ignore as of now + if(1){ + memcpy(&output_buf[PSSize + 3], pHashAlgId, hashAlgIdSize); + memcpy(&output_buf[PSSize + 3 + hashAlgIdSize], input, input_size); + }else { + memcpy(&output_buf[PSSize + 3], input, input_size); + } + + return err; +} + +cc3xx_err_t cc3xx_lowlevel_rsa_sign( + const uint8_t *key, /* Priv key id */ + const uint8_t *input, /* DataIn to encrypt */ + size_t input_size, /* Size of the input msg*/ + uint32_t *signature/* Buffer for data out */ + ) + { + + /* BEFORE ANYTHING ELSE remember to check if pointers are valid */ + cc3xx_err_t err; + cc3xx_lowlevel_pka_init(PSA_MAX_RSA_KEY_BYTES); + //psa_status_t status; + + /* ASSUME NON CTR---- ?CTR TO BE ADDED? */ + /*s = m ^d mod n.*/ + cc3xx_pka_reg_id_t sig_reg; + cc3xx_pka_reg_id_t input_reg; + cc3xx_pka_reg_id_t mod_reg; + cc3xx_pka_reg_id_t priv_exp_reg; + cc3xx_pka_reg_id_t barrett_reg; + /*REMEMBER TO INITIALIZE PKA*/ + + /* Initializing registers */ + + sig_reg = cc3xx_lowlevel_pka_allocate_reg(); + input_reg = cc3xx_lowlevel_pka_allocate_reg(); + mod_reg = cc3xx_lowlevel_pka_allocate_reg(); + priv_exp_reg = cc3xx_lowlevel_pka_allocate_reg(); + barrett_reg = cc3xx_lowlevel_pka_allocate_reg(); + + uint32_t mod[PSA_MAX_RSA_KEY_WORDS]; + uint32_t priv_exp[PSA_MAX_RSA_KEY_WORDS]; + + // Error handling needs to be added here + err = cc3xx_get_rsa_key_component(key, priv_exp, PRIVATE_EXPONENT); + err = cc3xx_get_rsa_key_component(key, mod, MODULUS); + + if(err != CC3XX_ERR_SUCCESS ){ + return err; + } + + cc3xx_lowlevel_pka_write_reg_swap_endian(mod_reg, mod, MODSIZE_IN_BYTES); + cc3xx_lowlevel_pka_write_reg_swap_endian(priv_exp_reg, priv_exp, PRIV_EXP_IN_BYTES); + cc3xx_lowlevel_pka_write_reg_swap_endian(input_reg,(uint32_t*) input, input_size); + + /* It is necessary to set the barret tag true and allocate a register for it, otherwise, + only the first byte will be correct, and the rest will be ?random? */ + + cc3xx_lowlevel_pka_set_modulus(mod_reg, true, barrett_reg); + + cc3xx_lowlevel_pka_mod_exp(input_reg, priv_exp_reg, sig_reg); + + cc3xx_lowlevel_pka_read_reg_swap_endian(sig_reg, signature, input_size); + + /*Clean up*/ + + memset(priv_exp, 0, PSA_MAX_RSA_KEY_BYTES); + memset(mod, 0, PSA_MAX_RSA_KEY_BYTES); + + + cc3xx_lowlevel_pka_uninit(); // Do I need more clean up then this? + + return err; + +} + +#define PUBLIC_RSA_KEY_TYPE 1 +#define PRIVATE_RSA_KEY_TYPE 2 + +/* This implementation as it stands is suboptimal, it only takes the standard format into consideration and will breake as soon + * as someone adds custom fields and if there is a sequence at the beginning too.... + */ + +size_t cc3xx_get_val_length(uint8_t **key_buffer); + +int cc3xx_get_rsa_key_component(const uint8_t *key_buffer, uint32_t *output_buf, rsa_key_compotents component){ + + // TODO check that the lenght field indicates the correct length of the key? Otherwise something went wrong? + uint8_t *key_p = (uint8_t*)key_buffer; // Casts so I can manipulate the new ptr, (key_buffer is const) + + size_t val_length; + key_p += 4; // For the sake of skipping the introducing bits + // Now I iterate throught the data which won't be needed and should end up behind the correct + for (uint8_t i = 0; i < component; i++) + { + val_length = cc3xx_get_val_length(&key_p); + // Remove or change, bad practice, since uint8 is returned so it can actidentally hit true?? Maybe? + if(val_length == -1){ + return -1; + } + // TODO, needs to skip the length of the length field itself + key_p += val_length; + + //Checks if the next field is an int and returns errors since we should only handle integers for now + if(*key_p != 0x02){ + return -1; // Something something, then something other then int is met, need to be changed,(1 week went by and I almost did not understand my own comment) + } + } + val_length = cc3xx_get_val_length(&key_p); + // Ugly ugly, increasing the buffer past the length field itself + // Need to skip 0x00 if that's the first byte. Also need a better impd obviously but let me check if this works + // What is this design choice!?! Why did they chose to slap on 0x00 sometimes just to ignore it later? + + // if(*key_p == 0x00){ + // key_p ++; + // } + + while (*key_p == 0x00) + { + key_p++; + } + + + // if(component == MODULUS){ + // key_p ++; + // key_p ++; + + // }else{ + + // key_p ++; + // } + // Copy the value from the key_bufer to the output_buffer + // Maybe rather use cc3xx hardened copy function? + memcpy(output_buf, key_p, val_length); + return 0; +}; + +size_t cc3xx_get_val_length(uint8_t **key_buffer){ + // Stolen from old driver, not quite sure if the syntax is valid + size_t length; + *key_buffer += 1; + if ((**key_buffer & 0x80) == 0) { + length = (size_t)(*key_buffer)[0]; + *key_buffer += 1; + return length; + }else{ + switch (**key_buffer & 0x7F) { + case 1: + length = (size_t)(*key_buffer)[1]; + *key_buffer += 2; + return length; + case 2: + length = ((size_t)(*key_buffer)[1] << 8) | (*key_buffer)[2]; + *key_buffer += 3; + return length; + case 3: + length = ((size_t)(*key_buffer)[1] << 16) | ((size_t)(*key_buffer)[2] << 8) | (*key_buffer)[3]; + *key_buffer += 4; + return length; + case 4: // Up to case 4 since the old driver did this in this way ... anything past 2 is insane so maybe just have 2 cases? + length = ((size_t)(*key_buffer)[1] << 24) | ((size_t)(*key_buffer)[2] << 16) | + ((size_t)(*key_buffer)[3] << 8) | (*key_buffer)[4]; + *key_buffer += 4; + return length; + default: + return -1; //ADD some error code to let the func know it didn't find the lenght + } + } + +} diff --git a/platform/ext/target/arm/drivers/cc3xx/psa_driver_api/src/cc3xx_psa_asymmetric_signature.c b/platform/ext/target/arm/drivers/cc3xx/psa_driver_api/src/cc3xx_psa_asymmetric_signature.c index a899b9c5c8..7333e98702 100644 --- a/platform/ext/target/arm/drivers/cc3xx/psa_driver_api/src/cc3xx_psa_asymmetric_signature.c +++ b/platform/ext/target/arm/drivers/cc3xx/psa_driver_api/src/cc3xx_psa_asymmetric_signature.c @@ -21,12 +21,77 @@ #include "cc3xx_stdlib.h" #include "cc3xx_ecdsa.h" #include "cc3xx_ec_curve_data.h" - +#include "cc3xx_rsa.h" +#include +#include /* ToDo: This needs to be sorted out at TF-M level * To be able to include the PSA style configuration */ + #include "mbedtls/build_info.h" +#if defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN) +/** + * @brief wrapper for rsa, ifdef just to be cool and keep structure, needs to be + * looked at in detail + */ + +static psa_status_t rsa_sign(const uint8_t *key, size_t key_length, psa_algorithm_t alg, + const uint8_t *input, size_t input_length, uint8_t *signature, + size_t signature_size, size_t *signature_length, uint8_t is_input_hash) +{ + + cc3xx_err_t err; + psa_status_t status = PSA_SUCCESS; + uint32_t encoded_msg_size = PSA_MAX_RSA_KEY_BYTES; + + psa_algorithm_t hash_alg; + hash_alg = PSA_ALG_SIGN_GET_HASH(alg); + assert(PSA_ALG_IS_HASH(hash_alg)); + + printf("RSA SIGN\n"); + printf("--------------------HASHING--------------------\n"); + + const size_t hash_length = PSA_HASH_LENGTH(hash_alg); + uint32_t hash[CEIL_ALLOC_SZ(hash_length, sizeof(uint32_t))]; + + + if (!is_input_hash) { + // assert(PSA_ALG_IS_HASH(hash_alg) && hash_alg != PSA_ALG_ANY_HASH); + /* Compute the size of the local buffer to hold the hash, aligned to uint32_t */ + + size_t hash_size; + status = cc3xx_hash_compute(hash_alg, input, input_length, (uint8_t *)hash, + sizeof(hash), &hash_size); + }else{ + memcpy(hash, (uint32_t*)input, hash_length); // Seems sketchy, is this allowed? + } + // uint32_t key_buf[64]; + // Initialize the engine + // TODO: Check lenght of key and init accordingly + + uint8_t encoded_msg[256] = {0}; + if (status != PSA_SUCCESS) { + return status; + } + printf("--------------------ENCODING-------------------\n"); + err = cc3xx_lowlevel_rsa_pkcs1v15_encode( + (uint8_t *)hash, /* Message */ + hash_length, encoded_msg_size, /* Intended length of the encoded msg*/ + hash_alg, encoded_msg); + printf("--------------------SIGNING--------------------\n"); + + err = cc3xx_lowlevel_rsa_sign(key, /* Priv key id */ + encoded_msg, /* DataIn to encrypt */ + 256, (uint32_t *)signature /* Buffer for data out */ + ); + // Not random at all, this this the lenght of the + *signature_length = encoded_msg_size; + return status; +} + +#endif + #if defined(PSA_WANT_ALG_ECDSA) && defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) /** * @brief Wrapper function around the lowlevel ECDSA signing API that takes care @@ -45,61 +110,58 @@ * * @return psa_status_t */ -static psa_status_t ecdsa_sign(cc3xx_ec_curve_id_t curve_id, - const uint8_t *key, size_t key_length, - const uint8_t *input, size_t input_length, - uint8_t *sig, size_t sig_length, size_t *sig_size, - bool is_input_hash, psa_algorithm_t hash_alg) +static psa_status_t ecdsa_sign(cc3xx_ec_curve_id_t curve_id, const uint8_t *key, size_t key_length, + const uint8_t *input, size_t input_length, uint8_t *sig, + size_t sig_length, size_t *sig_size, bool is_input_hash, + psa_algorithm_t hash_alg) { - cc3xx_err_t err; - psa_status_t status; - - if (!is_input_hash) { - assert(PSA_ALG_IS_HASH(hash_alg) && hash_alg != PSA_ALG_ANY_HASH); - } - - const size_t modulus_sz = cc3xx_lowlevel_ec_get_modulus_size_from_curve(curve_id); - - uint32_t scratch_r[modulus_sz / sizeof(uint32_t)]; - uint32_t scratch_s[modulus_sz / sizeof(uint32_t)]; - size_t sig_r_sz, sig_s_sz; - uint32_t key_buf[CEIL_ALLOC_SZ(key_length, sizeof(uint32_t))]; - /* Compute the size of the local buffer to hold the hash, aligned to uint32_t */ - const size_t hash_length = (is_input_hash) ? input_length : PSA_HASH_LENGTH(hash_alg); - uint32_t hash[CEIL_ALLOC_SZ(hash_length, sizeof(uint32_t))]; - size_t hash_size; - - if (is_input_hash) { - memcpy(hash, input, input_length); - hash_size = input_length; - } else { - status = cc3xx_hash_compute(hash_alg, input, input_length, - (uint8_t *)hash, sizeof(hash), &hash_size); - if (status != PSA_SUCCESS) { - return status; - } - } - - cc3xx_dpa_hardened_word_copy(key_buf, (uint32_t *)key, key_length / sizeof(uint32_t)); - - err = cc3xx_lowlevel_ecdsa_sign(curve_id, - key_buf, key_length, - hash, hash_size, - scratch_r, sizeof(scratch_r), &sig_r_sz, - scratch_s, sizeof(scratch_s), &sig_s_sz); - - cc3xx_secure_erase_buffer(key_buf, sizeof(key_buf) / sizeof(uint32_t)); - - if (err != CC3XX_ERR_SUCCESS) { - return cc3xx_to_psa_err(err); - } - - /* Copy the result in the correct output buffer */ - memcpy(sig, scratch_r, sig_r_sz); - memcpy(&sig[sig_r_sz], scratch_s, sig_s_sz); - *sig_size = sig_r_sz + sig_s_sz; - - return PSA_SUCCESS; + cc3xx_err_t err; + psa_status_t status; + + if (!is_input_hash) { + assert(PSA_ALG_IS_HASH(hash_alg) && hash_alg != PSA_ALG_ANY_HASH); + } + + const size_t modulus_sz = cc3xx_lowlevel_ec_get_modulus_size_from_curve(curve_id); + + uint32_t scratch_r[modulus_sz / sizeof(uint32_t)]; + uint32_t scratch_s[modulus_sz / sizeof(uint32_t)]; + size_t sig_r_sz, sig_s_sz; + uint32_t key_buf[CEIL_ALLOC_SZ(key_length, sizeof(uint32_t))]; + /* Compute the size of the local buffer to hold the hash, aligned to uint32_t */ + const size_t hash_length = (is_input_hash) ? input_length : PSA_HASH_LENGTH(hash_alg); + uint32_t hash[CEIL_ALLOC_SZ(hash_length, sizeof(uint32_t))]; + size_t hash_size; + + if (is_input_hash) { + memcpy(hash, input, input_length); + hash_size = input_length; + } else { + status = cc3xx_hash_compute(hash_alg, input, input_length, (uint8_t *)hash, + sizeof(hash), &hash_size); + if (status != PSA_SUCCESS) { + return status; + } + } + + cc3xx_dpa_hardened_word_copy(key_buf, (uint32_t *)key, key_length / sizeof(uint32_t)); + + err = cc3xx_lowlevel_ecdsa_sign(curve_id, key_buf, key_length, hash, hash_size, scratch_r, + sizeof(scratch_r), &sig_r_sz, scratch_s, sizeof(scratch_s), + &sig_s_sz); + + cc3xx_secure_erase_buffer(key_buf, sizeof(key_buf) / sizeof(uint32_t)); + + if (err != CC3XX_ERR_SUCCESS) { + return cc3xx_to_psa_err(err); + } + + /* Copy the result in the correct output buffer */ + memcpy(sig, scratch_r, sig_r_sz); + memcpy(&sig[sig_r_sz], scratch_s, sig_s_sz); + *sig_size = sig_r_sz + sig_s_sz; + + return PSA_SUCCESS; } #endif /* PSA_WANT_ALG_ECDSA && PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC */ @@ -122,88 +184,86 @@ static psa_status_t ecdsa_sign(cc3xx_ec_curve_id_t curve_id, * * @return psa_status_t */ -static psa_status_t ecdsa_verify(const psa_key_attributes_t *attributes, cc3xx_ec_curve_id_t curve_id, - const uint8_t *key, size_t key_length, bool is_key_private, - const uint8_t *input, size_t input_length, - const uint8_t *sig, size_t sig_length, - bool is_input_hash, psa_algorithm_t hash_alg) +static psa_status_t ecdsa_verify(const psa_key_attributes_t *attributes, + cc3xx_ec_curve_id_t curve_id, const uint8_t *key, + size_t key_length, bool is_key_private, const uint8_t *input, + size_t input_length, const uint8_t *sig, size_t sig_length, + bool is_input_hash, psa_algorithm_t hash_alg) { - cc3xx_err_t err; - psa_status_t status; + cc3xx_err_t err; + psa_status_t status; #if !defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) - assert(is_key_private == false); + assert(is_key_private == false); #endif - if (!is_input_hash) { - assert(PSA_ALG_IS_HASH(hash_alg) && hash_alg != PSA_ALG_ANY_HASH); - } + if (!is_input_hash) { + assert(PSA_ALG_IS_HASH(hash_alg) && hash_alg != PSA_ALG_ANY_HASH); + } - const size_t modulus_sz = cc3xx_lowlevel_ec_get_modulus_size_from_curve(curve_id); + const size_t modulus_sz = cc3xx_lowlevel_ec_get_modulus_size_from_curve(curve_id); - uint32_t sig_r[modulus_sz / sizeof(uint32_t)]; - uint32_t sig_s[modulus_sz / sizeof(uint32_t)]; + uint32_t sig_r[modulus_sz / sizeof(uint32_t)]; + uint32_t sig_s[modulus_sz / sizeof(uint32_t)]; - memcpy(sig_r, sig, sig_length / 2); - memcpy(sig_s, &sig[sig_length / 2], sig_length / 2); + memcpy(sig_r, sig, sig_length / 2); + memcpy(sig_s, &sig[sig_length / 2], sig_length / 2); - /* Compute the size of the local buffer to hold the hash, aligned to uint32_t */ - const size_t hash_length = (is_input_hash) ? input_length : PSA_HASH_LENGTH(hash_alg); - uint32_t hash[CEIL_ALLOC_SZ(hash_length, sizeof(uint32_t))]; - size_t hash_size; - - if (is_input_hash) { - memcpy(hash, input, input_length); - hash_size = input_length; - } else { - status = cc3xx_hash_compute(hash_alg, input, input_length, - (uint8_t *)hash, sizeof(hash), &hash_size); - if (status != PSA_SUCCESS) { - return status; - } - } + /* Compute the size of the local buffer to hold the hash, aligned to uint32_t */ + const size_t hash_length = (is_input_hash) ? input_length : PSA_HASH_LENGTH(hash_alg); + uint32_t hash[CEIL_ALLOC_SZ(hash_length, sizeof(uint32_t))]; + size_t hash_size; + + if (is_input_hash) { + memcpy(hash, input, input_length); + hash_size = input_length; + } else { + status = cc3xx_hash_compute(hash_alg, input, input_length, (uint8_t *)hash, + sizeof(hash), &hash_size); + if (status != PSA_SUCCESS) { + return status; + } + } - /* Public keys are in uncompressed format, i.e. 0x04 X Y */ + /* Public keys are in uncompressed format, i.e. 0x04 X Y */ #if !defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) - const size_t modulus_size_in_bytes = (key_length - 1) / 2; + const size_t modulus_size_in_bytes = (key_length - 1) / 2; #else - const size_t modulus_size_in_bytes = (is_key_private) ? key_length : (key_length - 1) / 2; + const size_t modulus_size_in_bytes = (is_key_private) ? key_length : (key_length - 1) / 2; #endif - uint32_t pubkey[1 + 2 * CEIL_ALLOC_SZ(modulus_size_in_bytes, sizeof(uint32_t))]; - uint32_t *key_x = &pubkey[1]; - uint32_t *key_y = &pubkey[1 + CEIL_ALLOC_SZ(modulus_size_in_bytes, sizeof(uint32_t))]; + uint32_t pubkey[1 + 2 * CEIL_ALLOC_SZ(modulus_size_in_bytes, sizeof(uint32_t))]; + uint32_t *key_x = &pubkey[1]; + uint32_t *key_y = &pubkey[1 + CEIL_ALLOC_SZ(modulus_size_in_bytes, sizeof(uint32_t))]; - const uint8_t *p_key; - size_t key_length_public; + const uint8_t *p_key; + size_t key_length_public; #if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) - if (is_key_private) { - p_key = &((uint8_t *)pubkey)[3]; - /* In this case we need to extract the public key from the private first */ - psa_status_t status = cc3xx_export_public_key( - attributes, key, key_length, - (uint8_t *)p_key, sizeof(pubkey) - 3, &key_length_public); - if (status != PSA_SUCCESS) { - return status; - } - } else + if (is_key_private) { + p_key = &((uint8_t *)pubkey)[3]; + /* In this case we need to extract the public key from the private first */ + psa_status_t status = + cc3xx_export_public_key(attributes, key, key_length, (uint8_t *)p_key, + sizeof(pubkey) - 3, &key_length_public); + if (status != PSA_SUCCESS) { + return status; + } + } else #endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC */ - { - /* Just copy the public key points in the aligned buffers */ - p_key = key; - key_length_public = key_length; - } + { + /* Just copy the public key points in the aligned buffers */ + p_key = key; + key_length_public = key_length; + } - memcpy(key_x, &p_key[1], (key_length_public - 1) / 2); - memcpy(key_y, &p_key[1 + (key_length_public - 1) / 2], (key_length_public - 1) / 2); + memcpy(key_x, &p_key[1], (key_length_public - 1) / 2); + memcpy(key_y, &p_key[1 + (key_length_public - 1) / 2], (key_length_public - 1) / 2); - err = cc3xx_lowlevel_ecdsa_verify(curve_id, - (const uint32_t *)key_x, modulus_size_in_bytes, - (const uint32_t *)key_y, modulus_size_in_bytes, - hash, hash_size, - (const uint32_t *)sig_r, sig_length / 2, - (const uint32_t *)sig_s, sig_length / 2); + err = cc3xx_lowlevel_ecdsa_verify(curve_id, (const uint32_t *)key_x, modulus_size_in_bytes, + (const uint32_t *)key_y, modulus_size_in_bytes, hash, + hash_size, (const uint32_t *)sig_r, sig_length / 2, + (const uint32_t *)sig_s, sig_length / 2); - return cc3xx_to_psa_err(err); + return cc3xx_to_psa_err(err); } #endif /* PSA_WANT_ALG_ECDSA && PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ @@ -214,252 +274,251 @@ static psa_status_t ecdsa_verify(const psa_key_attributes_t *attributes, cc3xx_e * * @{ */ -psa_status_t cc3xx_sign_hash(const psa_key_attributes_t *attributes, - const uint8_t *key, size_t key_length, - psa_algorithm_t alg, const uint8_t *hash, - size_t hash_length, uint8_t *signature, - size_t signature_size, size_t *signature_length) +psa_status_t cc3xx_sign_hash(const psa_key_attributes_t *attributes, const uint8_t *key, + size_t key_length, psa_algorithm_t alg, const uint8_t *hash, + size_t hash_length, uint8_t *signature, size_t signature_size, + size_t *signature_length) { - CC3XX_ASSERT(attributes != NULL); - CC3XX_ASSERT(key != NULL); - CC3XX_ASSERT(hash != NULL); - CC3XX_ASSERT(signature != NULL); - CC3XX_ASSERT(signature_length != NULL); + CC3XX_ASSERT(attributes != NULL); + CC3XX_ASSERT(key != NULL); + CC3XX_ASSERT(hash != NULL); + CC3XX_ASSERT(signature != NULL); + CC3XX_ASSERT(signature_length != NULL); - psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH(alg); + psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH(alg); - psa_key_type_t key_type = psa_get_key_type(attributes); - psa_key_bits_t key_bits = psa_get_key_bits(attributes); + psa_key_type_t key_type = psa_get_key_type(attributes); + psa_key_bits_t key_bits = psa_get_key_bits(attributes); - /* Initialise the return value to 0 */ - *signature_length = 0; + /* Initialise the return value to 0 */ + *signature_length = 0; #if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) - if (PSA_KEY_TYPE_IS_ECC(key_type)) { - - if (!PSA_ALG_IS_HASH_AND_SIGN(alg) || PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(key_type)) { - return PSA_ERROR_INVALID_ARGUMENT; - } - - if (hash_alg != PSA_ALG_ANY_HASH) { - /* We can check that the input length is compliant if the hash is specified */ - if (hash_length != PSA_HASH_LENGTH(hash_alg)) { - return PSA_ERROR_INVALID_ARGUMENT; - } - } - - if (PSA_ALG_ECDSA_IS_DETERMINISTIC(alg)) { - /* The lowlevel driver does not implement Deterministic ECDSA RFC 6979 because - * the algorithm to compute the value of K would not be hardenend against side - * channel attacks - */ - return PSA_ERROR_NOT_SUPPORTED; - } - - /* Translate from PSA curve ID to CC3XX curve ID*/ - const cc3xx_ec_curve_id_t curve_id = - cc3xx_to_curve_id(PSA_KEY_TYPE_ECC_GET_FAMILY(key_type), key_bits); - - if (CC3XX_IS_CURVE_ID_INVALID(curve_id)) { - return PSA_ERROR_NOT_SUPPORTED; - } - - return ecdsa_sign(curve_id, key, key_length, - hash, hash_length, - signature, signature_size, signature_length, - true, hash_alg); - } else + if (PSA_KEY_TYPE_IS_ECC(key_type)) { + + if (!PSA_ALG_IS_HASH_AND_SIGN(alg) || PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(key_type)) { + return PSA_ERROR_INVALID_ARGUMENT; + } + + if (hash_alg != PSA_ALG_ANY_HASH) { + /* We can check that the input length is compliant if the hash is specified + */ + if (hash_length != PSA_HASH_LENGTH(hash_alg)) { + return PSA_ERROR_INVALID_ARGUMENT; + } + } + + if (PSA_ALG_ECDSA_IS_DETERMINISTIC(alg)) { + /* The lowlevel driver does not implement Deterministic ECDSA RFC 6979 + * because the algorithm to compute the value of K would not be hardenend + * against side channel attacks + */ + return PSA_ERROR_NOT_SUPPORTED; + } + + /* Translate from PSA curve ID to CC3XX curve ID*/ + const cc3xx_ec_curve_id_t curve_id = + cc3xx_to_curve_id(PSA_KEY_TYPE_ECC_GET_FAMILY(key_type), key_bits); + + if (CC3XX_IS_CURVE_ID_INVALID(curve_id)) { + return PSA_ERROR_NOT_SUPPORTED; + } + + return ecdsa_sign(curve_id, key, key_length, hash, hash_length, signature, + signature_size, signature_length, true, hash_alg); + } else #endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC */ #if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) - if (PSA_KEY_TYPE_IS_RSA(key_type)) { - return PSA_ERROR_NOT_SUPPORTED; + if (PSA_WANT_ALG_RSA_PKCS1V15_SIGN) { + return rsa_sign(key, key_length, alg, hash, hash_length, signature, signature_size, + signature_length, 1); + } else { + return PSA_ERROR_NOT_SUPPORTED; + } - } else #endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC */ - { - (void)hash_alg; - (void)key_bits; - (void)key_type; - return PSA_ERROR_INVALID_ARGUMENT; - } + { + (void)hash_alg; + (void)key_bits; + (void)key_type; + return PSA_ERROR_INVALID_ARGUMENT; + } } -psa_status_t cc3xx_verify_hash(const psa_key_attributes_t *attributes, - const uint8_t *key, size_t key_length, - psa_algorithm_t alg, const uint8_t *hash, - size_t hash_length, const uint8_t *signature, - size_t signature_length) +psa_status_t cc3xx_verify_hash(const psa_key_attributes_t *attributes, const uint8_t *key, + size_t key_length, psa_algorithm_t alg, const uint8_t *hash, + size_t hash_length, const uint8_t *signature, + size_t signature_length) { - CC3XX_ASSERT(attributes != NULL); - CC3XX_ASSERT(key != NULL); - CC3XX_ASSERT(hash != NULL); - CC3XX_ASSERT(signature != NULL); + CC3XX_ASSERT(attributes != NULL); + CC3XX_ASSERT(key != NULL); + CC3XX_ASSERT(hash != NULL); + CC3XX_ASSERT(signature != NULL); - psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH(alg); + psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH(alg); - psa_key_type_t key_type = psa_get_key_type(attributes); - psa_key_bits_t key_bits = psa_get_key_bits(attributes); + psa_key_type_t key_type = psa_get_key_type(attributes); + psa_key_bits_t key_bits = psa_get_key_bits(attributes); #if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) || defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) - if (PSA_KEY_TYPE_IS_ECC(key_type)) { - - if (!PSA_ALG_IS_HASH_AND_SIGN(alg)) { - return PSA_ERROR_INVALID_ARGUMENT; - } - - if (hash_alg != PSA_ALG_ANY_HASH) { - /* We can check that the input length is compliant if the hash is specified */ - if (hash_length != PSA_HASH_LENGTH(hash_alg)) { - return PSA_ERROR_INVALID_ARGUMENT; - } - } - - /* Translate from PSA curve ID to CC3XX curve ID*/ - const cc3xx_ec_curve_id_t curve_id = - cc3xx_to_curve_id(PSA_KEY_TYPE_ECC_GET_FAMILY(key_type), key_bits); - - if (CC3XX_IS_CURVE_ID_INVALID(curve_id)) { - return PSA_ERROR_NOT_SUPPORTED; - } - - return ecdsa_verify(attributes, curve_id, - key, key_length, !PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(key_type), - hash, hash_length, - signature, signature_length, - true, hash_alg); - } else + if (PSA_KEY_TYPE_IS_ECC(key_type)) { + + if (!PSA_ALG_IS_HASH_AND_SIGN(alg)) { + return PSA_ERROR_INVALID_ARGUMENT; + } + + if (hash_alg != PSA_ALG_ANY_HASH) { + /* We can check that the input length is compliant if the hash is specified + */ + if (hash_length != PSA_HASH_LENGTH(hash_alg)) { + return PSA_ERROR_INVALID_ARGUMENT; + } + } + + /* Translate from PSA curve ID to CC3XX curve ID*/ + const cc3xx_ec_curve_id_t curve_id = + cc3xx_to_curve_id(PSA_KEY_TYPE_ECC_GET_FAMILY(key_type), key_bits); + + if (CC3XX_IS_CURVE_ID_INVALID(curve_id)) { + return PSA_ERROR_NOT_SUPPORTED; + } + + return ecdsa_verify(attributes, curve_id, key, key_length, + !PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(key_type), hash, hash_length, + signature, signature_length, true, hash_alg); + } else #endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC || defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC) */ #if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) || defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) - if (PSA_KEY_TYPE_IS_RSA(key_type)) { + if (PSA_KEY_TYPE_IS_RSA(key_type)) { - return PSA_ERROR_NOT_SUPPORTED; + return PSA_ERROR_NOT_SUPPORTED; - } else + } else #endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC || PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY */ - { - (void)hash_alg; - (void)key_bits; - (void)key_type; - return PSA_ERROR_INVALID_ARGUMENT; - } + { + (void)hash_alg; + (void)key_bits; + (void)key_type; + return PSA_ERROR_INVALID_ARGUMENT; + } } -psa_status_t cc3xx_sign_message(const psa_key_attributes_t *attributes, - const uint8_t *key, size_t key_length, - psa_algorithm_t alg, const uint8_t *input, - size_t input_length, uint8_t *signature, - size_t signature_size, size_t *signature_length) +psa_status_t cc3xx_sign_message(const psa_key_attributes_t *attributes, const uint8_t *key, + size_t key_length, psa_algorithm_t alg, const uint8_t *input, + size_t input_length, uint8_t *signature, size_t signature_size, + size_t *signature_length) { - CC3XX_ASSERT(attributes != NULL); - CC3XX_ASSERT(key != NULL); - CC3XX_ASSERT(input != NULL); - CC3XX_ASSERT(signature != NULL); - CC3XX_ASSERT(signature_length != NULL); + CC3XX_ASSERT(attributes != NULL); + CC3XX_ASSERT(key != NULL); + CC3XX_ASSERT(input != NULL); + CC3XX_ASSERT(signature != NULL); + CC3XX_ASSERT(signature_length != NULL); - psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH(alg); + psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH(alg); - psa_key_type_t key_type = psa_get_key_type(attributes); - psa_key_bits_t key_bits = psa_get_key_bits(attributes); + psa_key_type_t key_type = psa_get_key_type(attributes); + psa_key_bits_t key_bits = psa_get_key_bits(attributes); - /* Initialise the return value to 0 */ - *signature_length = 0; + /* Initialise the return value to 0 */ + *signature_length = 0; #if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) - if (PSA_KEY_TYPE_IS_ECC(key_type)) { - - if (!PSA_ALG_IS_HASH_AND_SIGN(alg) || PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(key_type) || hash_alg == PSA_ALG_ANY_HASH) { - return PSA_ERROR_INVALID_ARGUMENT; - } - - if (PSA_ALG_ECDSA_IS_DETERMINISTIC(alg)) { - /* The lowlevel driver does not implement Deterministic ECDSA RFC 6979 because - * the algorithm to compute the value of K would not be hardenend against side - * channel attacks - */ - return PSA_ERROR_NOT_SUPPORTED; - } - - /* Translate from PSA curve ID to CC3XX curve ID*/ - const cc3xx_ec_curve_id_t curve_id = - cc3xx_to_curve_id(PSA_KEY_TYPE_ECC_GET_FAMILY(key_type), key_bits); - - if (CC3XX_IS_CURVE_ID_INVALID(curve_id)) { - return PSA_ERROR_NOT_SUPPORTED; - } - - return ecdsa_sign(curve_id, key, key_length, - input, input_length, - signature, signature_size, signature_length, - false, hash_alg); - } else + if (PSA_KEY_TYPE_IS_ECC(key_type)) { + + if (!PSA_ALG_IS_HASH_AND_SIGN(alg) || PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(key_type) || + hash_alg == PSA_ALG_ANY_HASH) { + return PSA_ERROR_INVALID_ARGUMENT; + } + + if (PSA_ALG_ECDSA_IS_DETERMINISTIC(alg)) { + /* The lowlevel driver does not implement Deterministic ECDSA RFC 6979 + * because the algorithm to compute the value of K would not be hardenend + * against side channel attacks + */ + return PSA_ERROR_NOT_SUPPORTED; + } + + /* Translate from PSA curve ID to CC3XX curve ID*/ + const cc3xx_ec_curve_id_t curve_id = + cc3xx_to_curve_id(PSA_KEY_TYPE_ECC_GET_FAMILY(key_type), key_bits); + + if (CC3XX_IS_CURVE_ID_INVALID(curve_id)) { + return PSA_ERROR_NOT_SUPPORTED; + } + + return ecdsa_sign(curve_id, key, key_length, input, input_length, signature, + signature_size, signature_length, false, hash_alg); + } else #endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC */ #if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) - if (PSA_KEY_TYPE_IS_RSA(key_type)) { - - return PSA_ERROR_NOT_SUPPORTED; - - } else + if (PSA_KEY_TYPE_IS_RSA(key_type)) { + /*Check somewhere if the algorithm is correct*/ + if (PSA_WANT_ALG_RSA_PKCS1V15_SIGN) { + return rsa_sign(key, key_length, alg, input, input_length, signature, + signature_size, signature_length, 0); + } else { + return PSA_ERROR_NOT_SUPPORTED; + } + + return PSA_ERROR_NOT_SUPPORTED; + } else #endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC */ - { - (void)key_type; - (void)key_bits; - (void)hash_alg; - return PSA_ERROR_INVALID_ARGUMENT; - } + { + (void)key_type; + (void)key_bits; + (void)hash_alg; + return PSA_ERROR_INVALID_ARGUMENT; + } } -psa_status_t cc3xx_verify_message(const psa_key_attributes_t *attributes, - const uint8_t *key, size_t key_length, - psa_algorithm_t alg, const uint8_t *input, - size_t input_length, const uint8_t *signature, - size_t signature_length) +psa_status_t cc3xx_verify_message(const psa_key_attributes_t *attributes, const uint8_t *key, + size_t key_length, psa_algorithm_t alg, const uint8_t *input, + size_t input_length, const uint8_t *signature, + size_t signature_length) { - CC3XX_ASSERT(attributes != NULL); - CC3XX_ASSERT(key != NULL); - CC3XX_ASSERT(input != NULL); - CC3XX_ASSERT(signature != NULL); + CC3XX_ASSERT(attributes != NULL); + CC3XX_ASSERT(key != NULL); + CC3XX_ASSERT(input != NULL); + CC3XX_ASSERT(signature != NULL); - psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH(alg); + psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH(alg); - psa_key_type_t key_type = psa_get_key_type(attributes); - psa_key_bits_t key_bits = psa_get_key_bits(attributes); + psa_key_type_t key_type = psa_get_key_type(attributes); + psa_key_bits_t key_bits = psa_get_key_bits(attributes); #if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) - if (PSA_KEY_TYPE_IS_ECC(key_type)) { - - if (!PSA_ALG_IS_HASH_AND_SIGN(alg) || hash_alg == PSA_ALG_ANY_HASH) { - return PSA_ERROR_INVALID_ARGUMENT; - } - - /* Translate from PSA curve ID to CC3XX curve ID*/ - const cc3xx_ec_curve_id_t curve_id = - cc3xx_to_curve_id(PSA_KEY_TYPE_ECC_GET_FAMILY(key_type), key_bits); - - if (CC3XX_IS_CURVE_ID_INVALID(curve_id)) { - return PSA_ERROR_NOT_SUPPORTED; - } - - return ecdsa_verify(attributes, curve_id, - key, key_length, !PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(key_type), - input, input_length, - signature, signature_length, - false, hash_alg); - } else + if (PSA_KEY_TYPE_IS_ECC(key_type)) { + + if (!PSA_ALG_IS_HASH_AND_SIGN(alg) || hash_alg == PSA_ALG_ANY_HASH) { + return PSA_ERROR_INVALID_ARGUMENT; + } + + /* Translate from PSA curve ID to CC3XX curve ID*/ + const cc3xx_ec_curve_id_t curve_id = + cc3xx_to_curve_id(PSA_KEY_TYPE_ECC_GET_FAMILY(key_type), key_bits); + + if (CC3XX_IS_CURVE_ID_INVALID(curve_id)) { + return PSA_ERROR_NOT_SUPPORTED; + } + + return ecdsa_verify(attributes, curve_id, key, key_length, + !PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(key_type), input, input_length, + signature, signature_length, false, hash_alg); + } else #endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC */ #if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) - if (PSA_KEY_TYPE_IS_RSA(key_type)) { + if (PSA_KEY_TYPE_IS_RSA(key_type)) { - return PSA_ERROR_NOT_SUPPORTED; + return PSA_ERROR_NOT_SUPPORTED; - } else + } else #endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC */ - { - (void)key_type; - (void)key_bits; - (void)hash_alg; - return PSA_ERROR_INVALID_ARGUMENT; - } - + { + (void)key_type; + (void)key_bits; + (void)hash_alg; + return PSA_ERROR_INVALID_ARGUMENT; + } } /** @} */ // end of psa_asym_sign