1 /*
2  * Test driver for signature functions.
3  * Currently supports signing and verifying precalculated hashes, using
4  * only deterministic ECDSA on curves secp256r1, secp384r1 and secp521r1.
5  */
6 /*  Copyright The Mbed TLS Contributors
7  *  SPDX-License-Identifier: Apache-2.0
8  *
9  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
10  *  not use this file except in compliance with the License.
11  *  You may obtain a copy of the License at
12  *
13  *  http://www.apache.org/licenses/LICENSE-2.0
14  *
15  *  Unless required by applicable law or agreed to in writing, software
16  *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
17  *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18  *  See the License for the specific language governing permissions and
19  *  limitations under the License.
20  */
21 
22 #if !defined(MBEDTLS_CONFIG_FILE)
23 #include "mbedtls/config.h"
24 #else
25 #include MBEDTLS_CONFIG_FILE
26 #endif
27 
28 #if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST)
29 #include "psa/crypto.h"
30 #include "psa_crypto_core.h"
31 #include "psa_crypto_ecp.h"
32 #include "psa_crypto_hash.h"
33 #include "psa_crypto_rsa.h"
34 #include "mbedtls/ecp.h"
35 
36 #include "test/drivers/hash.h"
37 #include "test/drivers/signature.h"
38 #include "test/drivers/hash.h"
39 
40 #include "mbedtls/md.h"
41 #include "mbedtls/ecdsa.h"
42 
43 #include "test/random.h"
44 
45 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
46 #include "libtestdriver1/library/psa_crypto_ecp.h"
47 #include "libtestdriver1/library/psa_crypto_hash.h"
48 #include "libtestdriver1/library/psa_crypto_rsa.h"
49 #endif
50 
51 #include <string.h>
52 
53 mbedtls_test_driver_signature_hooks_t
54     mbedtls_test_driver_signature_sign_hooks = MBEDTLS_TEST_DRIVER_SIGNATURE_INIT;
55 mbedtls_test_driver_signature_hooks_t
56     mbedtls_test_driver_signature_verify_hooks = MBEDTLS_TEST_DRIVER_SIGNATURE_INIT;
57 
sign_hash(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * hash,size_t hash_length,uint8_t * signature,size_t signature_size,size_t * signature_length)58 psa_status_t sign_hash(
59     const psa_key_attributes_t *attributes,
60     const uint8_t *key_buffer,
61     size_t key_buffer_size,
62     psa_algorithm_t alg,
63     const uint8_t *hash,
64     size_t hash_length,
65     uint8_t *signature,
66     size_t signature_size,
67     size_t *signature_length )
68 {
69     if( attributes->core.type == PSA_KEY_TYPE_RSA_KEY_PAIR )
70     {
71         if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) ||
72             PSA_ALG_IS_RSA_PSS( alg) )
73         {
74 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
75     ( defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
76       defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) )
77             return( libtestdriver1_mbedtls_psa_rsa_sign_hash(
78                         (const libtestdriver1_psa_key_attributes_t *) attributes,
79                         key_buffer, key_buffer_size,
80                         alg, hash, hash_length,
81                         signature, signature_size, signature_length ) );
82 #elif defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
83       defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
84             return( mbedtls_psa_rsa_sign_hash(
85                         attributes,
86                         key_buffer, key_buffer_size,
87                         alg, hash, hash_length,
88                         signature, signature_size, signature_length ) );
89 #endif
90         }
91         else
92         {
93             return( PSA_ERROR_INVALID_ARGUMENT );
94         }
95     }
96     else if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) )
97     {
98         if( PSA_ALG_IS_ECDSA( alg ) )
99         {
100 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
101     ( defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
102       defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) )
103             return( libtestdriver1_mbedtls_psa_ecdsa_sign_hash(
104                         (const libtestdriver1_psa_key_attributes_t *) attributes,
105                         key_buffer, key_buffer_size,
106                         alg, hash, hash_length,
107                         signature, signature_size, signature_length ) );
108 #elif defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
109       defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
110             return( mbedtls_psa_ecdsa_sign_hash(
111                         attributes,
112                         key_buffer, key_buffer_size,
113                         alg, hash, hash_length,
114                         signature, signature_size, signature_length ) );
115 #endif
116         }
117         else
118         {
119             return( PSA_ERROR_INVALID_ARGUMENT );
120         }
121     }
122 
123     (void)attributes;
124     (void)key_buffer;
125     (void)key_buffer_size;
126     (void)alg;
127     (void)hash;
128     (void)hash_length;
129     (void)signature;
130     (void)signature_size;
131     (void)signature_length;
132     return( PSA_ERROR_NOT_SUPPORTED );
133 }
134 
verify_hash(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * hash,size_t hash_length,const uint8_t * signature,size_t signature_length)135 psa_status_t verify_hash(
136     const psa_key_attributes_t *attributes,
137     const uint8_t *key_buffer,
138     size_t key_buffer_size,
139     psa_algorithm_t alg,
140     const uint8_t *hash,
141     size_t hash_length,
142     const uint8_t *signature,
143     size_t signature_length )
144 {
145     if( PSA_KEY_TYPE_IS_RSA( attributes->core.type ) )
146     {
147         if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) ||
148             PSA_ALG_IS_RSA_PSS( alg) )
149         {
150 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
151     ( defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
152       defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) )
153             return( libtestdriver1_mbedtls_psa_rsa_verify_hash(
154                         (const libtestdriver1_psa_key_attributes_t *) attributes,
155                         key_buffer, key_buffer_size,
156                         alg, hash, hash_length,
157                         signature, signature_length ) );
158 #elif defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
159       defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
160             return( mbedtls_psa_rsa_verify_hash(
161                         attributes,
162                         key_buffer, key_buffer_size,
163                         alg, hash, hash_length,
164                         signature, signature_length ) );
165 #endif
166         }
167         else
168         {
169             return( PSA_ERROR_INVALID_ARGUMENT );
170         }
171     }
172     else if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) )
173     {
174         if( PSA_ALG_IS_ECDSA( alg ) )
175         {
176 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
177     ( defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
178       defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) )
179             return( libtestdriver1_mbedtls_psa_ecdsa_verify_hash(
180                         (const libtestdriver1_psa_key_attributes_t *) attributes,
181                         key_buffer, key_buffer_size,
182                         alg, hash, hash_length,
183                         signature, signature_length ) );
184 #elif defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
185       defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
186             return( mbedtls_psa_ecdsa_verify_hash(
187                         attributes,
188                         key_buffer, key_buffer_size,
189                         alg, hash, hash_length,
190                         signature, signature_length ) );
191 #endif
192         }
193         else
194         {
195             return( PSA_ERROR_INVALID_ARGUMENT );
196         }
197     }
198 
199     (void)attributes;
200     (void)key_buffer;
201     (void)key_buffer_size;
202     (void)alg;
203     (void)hash;
204     (void)hash_length;
205     (void)signature;
206     (void)signature_length;
207     return( PSA_ERROR_NOT_SUPPORTED );
208 }
209 
mbedtls_test_transparent_signature_sign_message(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * input,size_t input_length,uint8_t * signature,size_t signature_size,size_t * signature_length)210 psa_status_t mbedtls_test_transparent_signature_sign_message(
211     const psa_key_attributes_t *attributes,
212     const uint8_t *key_buffer,
213     size_t key_buffer_size,
214     psa_algorithm_t alg,
215     const uint8_t *input,
216     size_t input_length,
217     uint8_t *signature,
218     size_t signature_size,
219     size_t *signature_length )
220 {
221     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
222     size_t hash_length;
223     uint8_t hash[PSA_HASH_MAX_SIZE];
224 
225     ++mbedtls_test_driver_signature_sign_hooks.hits;
226 
227     if( mbedtls_test_driver_signature_sign_hooks.forced_status != PSA_SUCCESS )
228         return( mbedtls_test_driver_signature_sign_hooks.forced_status );
229 
230     if( mbedtls_test_driver_signature_sign_hooks.forced_output != NULL )
231     {
232         if( mbedtls_test_driver_signature_sign_hooks.forced_output_length > signature_size )
233             return( PSA_ERROR_BUFFER_TOO_SMALL );
234 
235         memcpy( signature, mbedtls_test_driver_signature_sign_hooks.forced_output,
236                 mbedtls_test_driver_signature_sign_hooks.forced_output_length );
237         *signature_length = mbedtls_test_driver_signature_sign_hooks.forced_output_length;
238 
239         return( PSA_SUCCESS );
240     }
241 
242 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
243     defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH)
244     status = libtestdriver1_mbedtls_psa_hash_compute(
245                 PSA_ALG_SIGN_GET_HASH( alg ), input, input_length,
246                 hash, sizeof( hash ), &hash_length );
247 #elif defined(MBEDTLS_PSA_BUILTIN_HASH)
248     status = mbedtls_psa_hash_compute(
249                 PSA_ALG_SIGN_GET_HASH( alg ), input, input_length,
250                 hash, sizeof( hash ), &hash_length );
251 #else
252     (void) input;
253     (void) input_length;
254     status = PSA_ERROR_NOT_SUPPORTED;
255 #endif
256     if( status != PSA_SUCCESS )
257         return status;
258 
259     return( sign_hash( attributes, key_buffer, key_buffer_size,
260                        alg, hash, hash_length,
261                        signature, signature_size, signature_length ) );
262 }
263 
mbedtls_test_opaque_signature_sign_message(const psa_key_attributes_t * attributes,const uint8_t * key,size_t key_length,psa_algorithm_t alg,const uint8_t * input,size_t input_length,uint8_t * signature,size_t signature_size,size_t * signature_length)264 psa_status_t mbedtls_test_opaque_signature_sign_message(
265     const psa_key_attributes_t *attributes,
266     const uint8_t *key,
267     size_t key_length,
268     psa_algorithm_t alg,
269     const uint8_t *input,
270     size_t input_length,
271     uint8_t *signature,
272     size_t signature_size,
273     size_t *signature_length )
274 {
275     (void) attributes;
276     (void) key;
277     (void) key_length;
278     (void) alg;
279     (void) input;
280     (void) input_length;
281     (void) signature;
282     (void) signature_size;
283     (void) signature_length;
284 
285     return( PSA_ERROR_NOT_SUPPORTED );
286 }
287 
mbedtls_test_transparent_signature_verify_message(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * input,size_t input_length,const uint8_t * signature,size_t signature_length)288 psa_status_t mbedtls_test_transparent_signature_verify_message(
289     const psa_key_attributes_t *attributes,
290     const uint8_t *key_buffer,
291     size_t key_buffer_size,
292     psa_algorithm_t alg,
293     const uint8_t *input,
294     size_t input_length,
295     const uint8_t *signature,
296     size_t signature_length )
297 {
298     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
299     size_t hash_length;
300     uint8_t hash[PSA_HASH_MAX_SIZE];
301 
302     ++mbedtls_test_driver_signature_verify_hooks.hits;
303 
304     if( mbedtls_test_driver_signature_verify_hooks.forced_status != PSA_SUCCESS )
305         return( mbedtls_test_driver_signature_verify_hooks.forced_status );
306 
307 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
308     defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH)
309     status = libtestdriver1_mbedtls_psa_hash_compute(
310                 PSA_ALG_SIGN_GET_HASH( alg ), input, input_length,
311                 hash, sizeof( hash ), &hash_length );
312 #elif defined(MBEDTLS_PSA_BUILTIN_HASH)
313     status = mbedtls_psa_hash_compute(
314                 PSA_ALG_SIGN_GET_HASH( alg ), input, input_length,
315                 hash, sizeof( hash ), &hash_length );
316 #else
317     (void) input;
318     (void) input_length;
319     status = PSA_ERROR_NOT_SUPPORTED;
320 #endif
321     if( status != PSA_SUCCESS )
322         return status;
323 
324     return( verify_hash( attributes, key_buffer, key_buffer_size,
325                          alg, hash, hash_length,
326                          signature, signature_length ) );
327 }
328 
mbedtls_test_opaque_signature_verify_message(const psa_key_attributes_t * attributes,const uint8_t * key,size_t key_length,psa_algorithm_t alg,const uint8_t * input,size_t input_length,const uint8_t * signature,size_t signature_length)329 psa_status_t mbedtls_test_opaque_signature_verify_message(
330     const psa_key_attributes_t *attributes,
331     const uint8_t *key,
332     size_t key_length,
333     psa_algorithm_t alg,
334     const uint8_t *input,
335     size_t input_length,
336     const uint8_t *signature,
337     size_t signature_length )
338 {
339     (void) attributes;
340     (void) key;
341     (void) key_length;
342     (void) alg;
343     (void) input;
344     (void) input_length;
345     (void) signature;
346     (void) signature_length;
347 
348     return( PSA_ERROR_NOT_SUPPORTED );
349 }
350 
mbedtls_test_transparent_signature_sign_hash(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * hash,size_t hash_length,uint8_t * signature,size_t signature_size,size_t * signature_length)351 psa_status_t mbedtls_test_transparent_signature_sign_hash(
352     const psa_key_attributes_t *attributes,
353     const uint8_t *key_buffer, size_t key_buffer_size,
354     psa_algorithm_t alg,
355     const uint8_t *hash, size_t hash_length,
356     uint8_t *signature, size_t signature_size, size_t *signature_length )
357 {
358     ++mbedtls_test_driver_signature_sign_hooks.hits;
359 
360     if( mbedtls_test_driver_signature_sign_hooks.forced_status != PSA_SUCCESS )
361         return( mbedtls_test_driver_signature_sign_hooks.forced_status );
362 
363     if( mbedtls_test_driver_signature_sign_hooks.forced_output != NULL )
364     {
365         if( mbedtls_test_driver_signature_sign_hooks.forced_output_length > signature_size )
366             return( PSA_ERROR_BUFFER_TOO_SMALL );
367         memcpy( signature, mbedtls_test_driver_signature_sign_hooks.forced_output,
368                 mbedtls_test_driver_signature_sign_hooks.forced_output_length );
369         *signature_length = mbedtls_test_driver_signature_sign_hooks.forced_output_length;
370         return( PSA_SUCCESS );
371     }
372 
373     return( sign_hash( attributes, key_buffer, key_buffer_size,
374                       alg, hash, hash_length,
375                       signature, signature_size, signature_length ) );
376 }
377 
mbedtls_test_opaque_signature_sign_hash(const psa_key_attributes_t * attributes,const uint8_t * key,size_t key_length,psa_algorithm_t alg,const uint8_t * hash,size_t hash_length,uint8_t * signature,size_t signature_size,size_t * signature_length)378 psa_status_t mbedtls_test_opaque_signature_sign_hash(
379     const psa_key_attributes_t *attributes,
380     const uint8_t *key, size_t key_length,
381     psa_algorithm_t alg,
382     const uint8_t *hash, size_t hash_length,
383     uint8_t *signature, size_t signature_size, size_t *signature_length )
384 {
385     (void) attributes;
386     (void) key;
387     (void) key_length;
388     (void) alg;
389     (void) hash;
390     (void) hash_length;
391     (void) signature;
392     (void) signature_size;
393     (void) signature_length;
394 
395     return( PSA_ERROR_NOT_SUPPORTED );
396 }
397 
mbedtls_test_transparent_signature_verify_hash(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * hash,size_t hash_length,const uint8_t * signature,size_t signature_length)398 psa_status_t mbedtls_test_transparent_signature_verify_hash(
399     const psa_key_attributes_t *attributes,
400     const uint8_t *key_buffer, size_t key_buffer_size,
401     psa_algorithm_t alg,
402     const uint8_t *hash, size_t hash_length,
403     const uint8_t *signature, size_t signature_length )
404 {
405     ++mbedtls_test_driver_signature_verify_hooks.hits;
406 
407     if( mbedtls_test_driver_signature_verify_hooks.forced_status != PSA_SUCCESS )
408         return( mbedtls_test_driver_signature_verify_hooks.forced_status );
409 
410     return verify_hash( attributes, key_buffer, key_buffer_size,
411                         alg, hash, hash_length,
412                         signature, signature_length );
413 }
414 
mbedtls_test_opaque_signature_verify_hash(const psa_key_attributes_t * attributes,const uint8_t * key,size_t key_length,psa_algorithm_t alg,const uint8_t * hash,size_t hash_length,const uint8_t * signature,size_t signature_length)415 psa_status_t mbedtls_test_opaque_signature_verify_hash(
416     const psa_key_attributes_t *attributes,
417     const uint8_t *key, size_t key_length,
418     psa_algorithm_t alg,
419     const uint8_t *hash, size_t hash_length,
420     const uint8_t *signature, size_t signature_length )
421 {
422     (void) attributes;
423     (void) key;
424     (void) key_length;
425     (void) alg;
426     (void) hash;
427     (void) hash_length;
428     (void) signature;
429     (void) signature_length;
430     return( PSA_ERROR_NOT_SUPPORTED );
431 }
432 
433 #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */
434