1 /*
2 * Test driver for signature functions.
3 * Currently supports signing and verifying precalculated hashes, using
4 * only deterministic ECDSA on curves secp256r1, secp384r1 and secp521r1.
5 */
6 /* Copyright The Mbed TLS Contributors
7 * SPDX-License-Identifier: Apache-2.0
8 *
9 * Licensed under the Apache License, Version 2.0 (the "License"); you may
10 * not use this file except in compliance with the License.
11 * You may obtain a copy of the License at
12 *
13 * http://www.apache.org/licenses/LICENSE-2.0
14 *
15 * Unless required by applicable law or agreed to in writing, software
16 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
17 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18 * See the License for the specific language governing permissions and
19 * limitations under the License.
20 */
21
22 #include <test/helpers.h>
23
24 #if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST)
25 #include "psa/crypto.h"
26 #include "psa_crypto_core.h"
27 #include "psa_crypto_ecp.h"
28 #include "psa_crypto_hash.h"
29 #include "psa_crypto_rsa.h"
30 #include "mbedtls/ecp.h"
31
32 #include "test/drivers/hash.h"
33 #include "test/drivers/signature.h"
34 #include "test/drivers/hash.h"
35
36 #include "mbedtls/md.h"
37 #include "mbedtls/ecdsa.h"
38
39 #include "test/random.h"
40
41 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
42 #include "libtestdriver1/library/psa_crypto_ecp.h"
43 #include "libtestdriver1/library/psa_crypto_hash.h"
44 #include "libtestdriver1/library/psa_crypto_rsa.h"
45 #endif
46
47 #include <string.h>
48
49 mbedtls_test_driver_signature_hooks_t
50 mbedtls_test_driver_signature_sign_hooks = MBEDTLS_TEST_DRIVER_SIGNATURE_INIT;
51 mbedtls_test_driver_signature_hooks_t
52 mbedtls_test_driver_signature_verify_hooks = MBEDTLS_TEST_DRIVER_SIGNATURE_INIT;
53
sign_hash(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * hash,size_t hash_length,uint8_t * signature,size_t signature_size,size_t * signature_length)54 psa_status_t sign_hash(
55 const psa_key_attributes_t *attributes,
56 const uint8_t *key_buffer,
57 size_t key_buffer_size,
58 psa_algorithm_t alg,
59 const uint8_t *hash,
60 size_t hash_length,
61 uint8_t *signature,
62 size_t signature_size,
63 size_t *signature_length)
64 {
65 if (attributes->core.type == PSA_KEY_TYPE_RSA_KEY_PAIR) {
66 if (PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) ||
67 PSA_ALG_IS_RSA_PSS(alg)) {
68 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
69 (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
70 defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS))
71 return libtestdriver1_mbedtls_psa_rsa_sign_hash(
72 (const libtestdriver1_psa_key_attributes_t *) attributes,
73 key_buffer, key_buffer_size,
74 alg, hash, hash_length,
75 signature, signature_size, signature_length);
76 #elif defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
77 defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
78 return mbedtls_psa_rsa_sign_hash(
79 attributes,
80 key_buffer, key_buffer_size,
81 alg, hash, hash_length,
82 signature, signature_size, signature_length);
83 #endif
84 } else {
85 return PSA_ERROR_INVALID_ARGUMENT;
86 }
87 } else if (PSA_KEY_TYPE_IS_ECC(attributes->core.type)) {
88 if (PSA_ALG_IS_ECDSA(alg)) {
89 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
90 (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
91 defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA))
92 return libtestdriver1_mbedtls_psa_ecdsa_sign_hash(
93 (const libtestdriver1_psa_key_attributes_t *) attributes,
94 key_buffer, key_buffer_size,
95 alg, hash, hash_length,
96 signature, signature_size, signature_length);
97 #elif defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
98 defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
99 return mbedtls_psa_ecdsa_sign_hash(
100 attributes,
101 key_buffer, key_buffer_size,
102 alg, hash, hash_length,
103 signature, signature_size, signature_length);
104 #endif
105 } else {
106 return PSA_ERROR_INVALID_ARGUMENT;
107 }
108 }
109
110 (void) attributes;
111 (void) key_buffer;
112 (void) key_buffer_size;
113 (void) alg;
114 (void) hash;
115 (void) hash_length;
116 (void) signature;
117 (void) signature_size;
118 (void) signature_length;
119 return PSA_ERROR_NOT_SUPPORTED;
120 }
121
verify_hash(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * hash,size_t hash_length,const uint8_t * signature,size_t signature_length)122 psa_status_t verify_hash(
123 const psa_key_attributes_t *attributes,
124 const uint8_t *key_buffer,
125 size_t key_buffer_size,
126 psa_algorithm_t alg,
127 const uint8_t *hash,
128 size_t hash_length,
129 const uint8_t *signature,
130 size_t signature_length)
131 {
132 if (PSA_KEY_TYPE_IS_RSA(attributes->core.type)) {
133 if (PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) ||
134 PSA_ALG_IS_RSA_PSS(alg)) {
135 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
136 (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
137 defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS))
138 return libtestdriver1_mbedtls_psa_rsa_verify_hash(
139 (const libtestdriver1_psa_key_attributes_t *) attributes,
140 key_buffer, key_buffer_size,
141 alg, hash, hash_length,
142 signature, signature_length);
143 #elif defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
144 defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
145 return mbedtls_psa_rsa_verify_hash(
146 attributes,
147 key_buffer, key_buffer_size,
148 alg, hash, hash_length,
149 signature, signature_length);
150 #endif
151 } else {
152 return PSA_ERROR_INVALID_ARGUMENT;
153 }
154 } else if (PSA_KEY_TYPE_IS_ECC(attributes->core.type)) {
155 if (PSA_ALG_IS_ECDSA(alg)) {
156 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
157 (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
158 defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA))
159 return libtestdriver1_mbedtls_psa_ecdsa_verify_hash(
160 (const libtestdriver1_psa_key_attributes_t *) attributes,
161 key_buffer, key_buffer_size,
162 alg, hash, hash_length,
163 signature, signature_length);
164 #elif defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
165 defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
166 return mbedtls_psa_ecdsa_verify_hash(
167 attributes,
168 key_buffer, key_buffer_size,
169 alg, hash, hash_length,
170 signature, signature_length);
171 #endif
172 } else {
173 return PSA_ERROR_INVALID_ARGUMENT;
174 }
175 }
176
177 (void) attributes;
178 (void) key_buffer;
179 (void) key_buffer_size;
180 (void) alg;
181 (void) hash;
182 (void) hash_length;
183 (void) signature;
184 (void) signature_length;
185 return PSA_ERROR_NOT_SUPPORTED;
186 }
187
mbedtls_test_transparent_signature_sign_message(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * input,size_t input_length,uint8_t * signature,size_t signature_size,size_t * signature_length)188 psa_status_t mbedtls_test_transparent_signature_sign_message(
189 const psa_key_attributes_t *attributes,
190 const uint8_t *key_buffer,
191 size_t key_buffer_size,
192 psa_algorithm_t alg,
193 const uint8_t *input,
194 size_t input_length,
195 uint8_t *signature,
196 size_t signature_size,
197 size_t *signature_length)
198 {
199 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
200 size_t hash_length;
201 uint8_t hash[PSA_HASH_MAX_SIZE];
202
203 ++mbedtls_test_driver_signature_sign_hooks.hits;
204
205 if (mbedtls_test_driver_signature_sign_hooks.forced_status != PSA_SUCCESS) {
206 return mbedtls_test_driver_signature_sign_hooks.forced_status;
207 }
208
209 if (mbedtls_test_driver_signature_sign_hooks.forced_output != NULL) {
210 if (mbedtls_test_driver_signature_sign_hooks.forced_output_length > signature_size) {
211 return PSA_ERROR_BUFFER_TOO_SMALL;
212 }
213
214 memcpy(signature, mbedtls_test_driver_signature_sign_hooks.forced_output,
215 mbedtls_test_driver_signature_sign_hooks.forced_output_length);
216 *signature_length = mbedtls_test_driver_signature_sign_hooks.forced_output_length;
217
218 return PSA_SUCCESS;
219 }
220
221 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
222 defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH)
223 status = libtestdriver1_mbedtls_psa_hash_compute(
224 PSA_ALG_SIGN_GET_HASH(alg), input, input_length,
225 hash, sizeof(hash), &hash_length);
226 #elif defined(MBEDTLS_PSA_BUILTIN_HASH)
227 status = mbedtls_psa_hash_compute(
228 PSA_ALG_SIGN_GET_HASH(alg), input, input_length,
229 hash, sizeof(hash), &hash_length);
230 #else
231 (void) input;
232 (void) input_length;
233 status = PSA_ERROR_NOT_SUPPORTED;
234 #endif
235 if (status != PSA_SUCCESS) {
236 return status;
237 }
238
239 return sign_hash(attributes, key_buffer, key_buffer_size,
240 alg, hash, hash_length,
241 signature, signature_size, signature_length);
242 }
243
mbedtls_test_opaque_signature_sign_message(const psa_key_attributes_t * attributes,const uint8_t * key,size_t key_length,psa_algorithm_t alg,const uint8_t * input,size_t input_length,uint8_t * signature,size_t signature_size,size_t * signature_length)244 psa_status_t mbedtls_test_opaque_signature_sign_message(
245 const psa_key_attributes_t *attributes,
246 const uint8_t *key,
247 size_t key_length,
248 psa_algorithm_t alg,
249 const uint8_t *input,
250 size_t input_length,
251 uint8_t *signature,
252 size_t signature_size,
253 size_t *signature_length)
254 {
255 (void) attributes;
256 (void) key;
257 (void) key_length;
258 (void) alg;
259 (void) input;
260 (void) input_length;
261 (void) signature;
262 (void) signature_size;
263 (void) signature_length;
264
265 return PSA_ERROR_NOT_SUPPORTED;
266 }
267
mbedtls_test_transparent_signature_verify_message(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * input,size_t input_length,const uint8_t * signature,size_t signature_length)268 psa_status_t mbedtls_test_transparent_signature_verify_message(
269 const psa_key_attributes_t *attributes,
270 const uint8_t *key_buffer,
271 size_t key_buffer_size,
272 psa_algorithm_t alg,
273 const uint8_t *input,
274 size_t input_length,
275 const uint8_t *signature,
276 size_t signature_length)
277 {
278 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
279 size_t hash_length;
280 uint8_t hash[PSA_HASH_MAX_SIZE];
281
282 ++mbedtls_test_driver_signature_verify_hooks.hits;
283
284 if (mbedtls_test_driver_signature_verify_hooks.forced_status != PSA_SUCCESS) {
285 return mbedtls_test_driver_signature_verify_hooks.forced_status;
286 }
287
288 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
289 defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH)
290 status = libtestdriver1_mbedtls_psa_hash_compute(
291 PSA_ALG_SIGN_GET_HASH(alg), input, input_length,
292 hash, sizeof(hash), &hash_length);
293 #elif defined(MBEDTLS_PSA_BUILTIN_HASH)
294 status = mbedtls_psa_hash_compute(
295 PSA_ALG_SIGN_GET_HASH(alg), input, input_length,
296 hash, sizeof(hash), &hash_length);
297 #else
298 (void) input;
299 (void) input_length;
300 status = PSA_ERROR_NOT_SUPPORTED;
301 #endif
302 if (status != PSA_SUCCESS) {
303 return status;
304 }
305
306 return verify_hash(attributes, key_buffer, key_buffer_size,
307 alg, hash, hash_length,
308 signature, signature_length);
309 }
310
mbedtls_test_opaque_signature_verify_message(const psa_key_attributes_t * attributes,const uint8_t * key,size_t key_length,psa_algorithm_t alg,const uint8_t * input,size_t input_length,const uint8_t * signature,size_t signature_length)311 psa_status_t mbedtls_test_opaque_signature_verify_message(
312 const psa_key_attributes_t *attributes,
313 const uint8_t *key,
314 size_t key_length,
315 psa_algorithm_t alg,
316 const uint8_t *input,
317 size_t input_length,
318 const uint8_t *signature,
319 size_t signature_length)
320 {
321 (void) attributes;
322 (void) key;
323 (void) key_length;
324 (void) alg;
325 (void) input;
326 (void) input_length;
327 (void) signature;
328 (void) signature_length;
329
330 return PSA_ERROR_NOT_SUPPORTED;
331 }
332
mbedtls_test_transparent_signature_sign_hash(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * hash,size_t hash_length,uint8_t * signature,size_t signature_size,size_t * signature_length)333 psa_status_t mbedtls_test_transparent_signature_sign_hash(
334 const psa_key_attributes_t *attributes,
335 const uint8_t *key_buffer, size_t key_buffer_size,
336 psa_algorithm_t alg,
337 const uint8_t *hash, size_t hash_length,
338 uint8_t *signature, size_t signature_size, size_t *signature_length)
339 {
340 ++mbedtls_test_driver_signature_sign_hooks.hits;
341
342 if (mbedtls_test_driver_signature_sign_hooks.forced_status != PSA_SUCCESS) {
343 return mbedtls_test_driver_signature_sign_hooks.forced_status;
344 }
345
346 if (mbedtls_test_driver_signature_sign_hooks.forced_output != NULL) {
347 if (mbedtls_test_driver_signature_sign_hooks.forced_output_length > signature_size) {
348 return PSA_ERROR_BUFFER_TOO_SMALL;
349 }
350 memcpy(signature, mbedtls_test_driver_signature_sign_hooks.forced_output,
351 mbedtls_test_driver_signature_sign_hooks.forced_output_length);
352 *signature_length = mbedtls_test_driver_signature_sign_hooks.forced_output_length;
353 return PSA_SUCCESS;
354 }
355
356 return sign_hash(attributes, key_buffer, key_buffer_size,
357 alg, hash, hash_length,
358 signature, signature_size, signature_length);
359 }
360
mbedtls_test_opaque_signature_sign_hash(const psa_key_attributes_t * attributes,const uint8_t * key,size_t key_length,psa_algorithm_t alg,const uint8_t * hash,size_t hash_length,uint8_t * signature,size_t signature_size,size_t * signature_length)361 psa_status_t mbedtls_test_opaque_signature_sign_hash(
362 const psa_key_attributes_t *attributes,
363 const uint8_t *key, size_t key_length,
364 psa_algorithm_t alg,
365 const uint8_t *hash, size_t hash_length,
366 uint8_t *signature, size_t signature_size, size_t *signature_length)
367 {
368 (void) attributes;
369 (void) key;
370 (void) key_length;
371 (void) alg;
372 (void) hash;
373 (void) hash_length;
374 (void) signature;
375 (void) signature_size;
376 (void) signature_length;
377
378 return PSA_ERROR_NOT_SUPPORTED;
379 }
380
mbedtls_test_transparent_signature_verify_hash(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * hash,size_t hash_length,const uint8_t * signature,size_t signature_length)381 psa_status_t mbedtls_test_transparent_signature_verify_hash(
382 const psa_key_attributes_t *attributes,
383 const uint8_t *key_buffer, size_t key_buffer_size,
384 psa_algorithm_t alg,
385 const uint8_t *hash, size_t hash_length,
386 const uint8_t *signature, size_t signature_length)
387 {
388 ++mbedtls_test_driver_signature_verify_hooks.hits;
389
390 if (mbedtls_test_driver_signature_verify_hooks.forced_status != PSA_SUCCESS) {
391 return mbedtls_test_driver_signature_verify_hooks.forced_status;
392 }
393
394 return verify_hash(attributes, key_buffer, key_buffer_size,
395 alg, hash, hash_length,
396 signature, signature_length);
397 }
398
mbedtls_test_opaque_signature_verify_hash(const psa_key_attributes_t * attributes,const uint8_t * key,size_t key_length,psa_algorithm_t alg,const uint8_t * hash,size_t hash_length,const uint8_t * signature,size_t signature_length)399 psa_status_t mbedtls_test_opaque_signature_verify_hash(
400 const psa_key_attributes_t *attributes,
401 const uint8_t *key, size_t key_length,
402 psa_algorithm_t alg,
403 const uint8_t *hash, size_t hash_length,
404 const uint8_t *signature, size_t signature_length)
405 {
406 (void) attributes;
407 (void) key;
408 (void) key_length;
409 (void) alg;
410 (void) hash;
411 (void) hash_length;
412 (void) signature;
413 (void) signature_length;
414 return PSA_ERROR_NOT_SUPPORTED;
415 }
416
417 #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */
418
