1 /*
2  * Test driver for signature functions.
3  * Currently supports signing and verifying precalculated hashes, using
4  * only deterministic ECDSA on curves secp256r1, secp384r1 and secp521r1.
5  */
6 /*  Copyright The Mbed TLS Contributors
7  *  SPDX-License-Identifier: Apache-2.0
8  *
9  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
10  *  not use this file except in compliance with the License.
11  *  You may obtain a copy of the License at
12  *
13  *  http://www.apache.org/licenses/LICENSE-2.0
14  *
15  *  Unless required by applicable law or agreed to in writing, software
16  *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
17  *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18  *  See the License for the specific language governing permissions and
19  *  limitations under the License.
20  */
21 
22 #include <test/helpers.h>
23 
24 #if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST)
25 #include "psa/crypto.h"
26 #include "psa_crypto_core.h"
27 #include "psa_crypto_ecp.h"
28 #include "psa_crypto_hash.h"
29 #include "psa_crypto_rsa.h"
30 #include "mbedtls/ecp.h"
31 
32 #include "test/drivers/hash.h"
33 #include "test/drivers/signature.h"
34 #include "test/drivers/hash.h"
35 
36 #include "mbedtls/md.h"
37 #include "mbedtls/ecdsa.h"
38 
39 #include "test/random.h"
40 
41 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
42 #include "libtestdriver1/library/psa_crypto_ecp.h"
43 #include "libtestdriver1/library/psa_crypto_hash.h"
44 #include "libtestdriver1/library/psa_crypto_rsa.h"
45 #endif
46 
47 #include <string.h>
48 
49 mbedtls_test_driver_signature_hooks_t
50     mbedtls_test_driver_signature_sign_hooks = MBEDTLS_TEST_DRIVER_SIGNATURE_INIT;
51 mbedtls_test_driver_signature_hooks_t
52     mbedtls_test_driver_signature_verify_hooks = MBEDTLS_TEST_DRIVER_SIGNATURE_INIT;
53 
sign_hash(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * hash,size_t hash_length,uint8_t * signature,size_t signature_size,size_t * signature_length)54 psa_status_t sign_hash(
55     const psa_key_attributes_t *attributes,
56     const uint8_t *key_buffer,
57     size_t key_buffer_size,
58     psa_algorithm_t alg,
59     const uint8_t *hash,
60     size_t hash_length,
61     uint8_t *signature,
62     size_t signature_size,
63     size_t *signature_length )
64 {
65     if( attributes->core.type == PSA_KEY_TYPE_RSA_KEY_PAIR )
66     {
67         if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) ||
68             PSA_ALG_IS_RSA_PSS( alg) )
69         {
70 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
71     ( defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
72       defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) )
73             return( libtestdriver1_mbedtls_psa_rsa_sign_hash(
74                         (const libtestdriver1_psa_key_attributes_t *) attributes,
75                         key_buffer, key_buffer_size,
76                         alg, hash, hash_length,
77                         signature, signature_size, signature_length ) );
78 #elif defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
79       defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
80             return( mbedtls_psa_rsa_sign_hash(
81                         attributes,
82                         key_buffer, key_buffer_size,
83                         alg, hash, hash_length,
84                         signature, signature_size, signature_length ) );
85 #endif
86         }
87         else
88         {
89             return( PSA_ERROR_INVALID_ARGUMENT );
90         }
91     }
92     else if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) )
93     {
94         if( PSA_ALG_IS_ECDSA( alg ) )
95         {
96 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
97     ( defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
98       defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) )
99             return( libtestdriver1_mbedtls_psa_ecdsa_sign_hash(
100                         (const libtestdriver1_psa_key_attributes_t *) attributes,
101                         key_buffer, key_buffer_size,
102                         alg, hash, hash_length,
103                         signature, signature_size, signature_length ) );
104 #elif defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
105       defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
106             return( mbedtls_psa_ecdsa_sign_hash(
107                         attributes,
108                         key_buffer, key_buffer_size,
109                         alg, hash, hash_length,
110                         signature, signature_size, signature_length ) );
111 #endif
112         }
113         else
114         {
115             return( PSA_ERROR_INVALID_ARGUMENT );
116         }
117     }
118 
119     (void)attributes;
120     (void)key_buffer;
121     (void)key_buffer_size;
122     (void)alg;
123     (void)hash;
124     (void)hash_length;
125     (void)signature;
126     (void)signature_size;
127     (void)signature_length;
128     return( PSA_ERROR_NOT_SUPPORTED );
129 }
130 
verify_hash(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * hash,size_t hash_length,const uint8_t * signature,size_t signature_length)131 psa_status_t verify_hash(
132     const psa_key_attributes_t *attributes,
133     const uint8_t *key_buffer,
134     size_t key_buffer_size,
135     psa_algorithm_t alg,
136     const uint8_t *hash,
137     size_t hash_length,
138     const uint8_t *signature,
139     size_t signature_length )
140 {
141     if( PSA_KEY_TYPE_IS_RSA( attributes->core.type ) )
142     {
143         if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) ||
144             PSA_ALG_IS_RSA_PSS( alg) )
145         {
146 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
147     ( defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
148       defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) )
149             return( libtestdriver1_mbedtls_psa_rsa_verify_hash(
150                         (const libtestdriver1_psa_key_attributes_t *) attributes,
151                         key_buffer, key_buffer_size,
152                         alg, hash, hash_length,
153                         signature, signature_length ) );
154 #elif defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
155       defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
156             return( mbedtls_psa_rsa_verify_hash(
157                         attributes,
158                         key_buffer, key_buffer_size,
159                         alg, hash, hash_length,
160                         signature, signature_length ) );
161 #endif
162         }
163         else
164         {
165             return( PSA_ERROR_INVALID_ARGUMENT );
166         }
167     }
168     else if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) )
169     {
170         if( PSA_ALG_IS_ECDSA( alg ) )
171         {
172 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
173     ( defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
174       defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) )
175             return( libtestdriver1_mbedtls_psa_ecdsa_verify_hash(
176                         (const libtestdriver1_psa_key_attributes_t *) attributes,
177                         key_buffer, key_buffer_size,
178                         alg, hash, hash_length,
179                         signature, signature_length ) );
180 #elif defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
181       defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
182             return( mbedtls_psa_ecdsa_verify_hash(
183                         attributes,
184                         key_buffer, key_buffer_size,
185                         alg, hash, hash_length,
186                         signature, signature_length ) );
187 #endif
188         }
189         else
190         {
191             return( PSA_ERROR_INVALID_ARGUMENT );
192         }
193     }
194 
195     (void)attributes;
196     (void)key_buffer;
197     (void)key_buffer_size;
198     (void)alg;
199     (void)hash;
200     (void)hash_length;
201     (void)signature;
202     (void)signature_length;
203     return( PSA_ERROR_NOT_SUPPORTED );
204 }
205 
mbedtls_test_transparent_signature_sign_message(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * input,size_t input_length,uint8_t * signature,size_t signature_size,size_t * signature_length)206 psa_status_t mbedtls_test_transparent_signature_sign_message(
207     const psa_key_attributes_t *attributes,
208     const uint8_t *key_buffer,
209     size_t key_buffer_size,
210     psa_algorithm_t alg,
211     const uint8_t *input,
212     size_t input_length,
213     uint8_t *signature,
214     size_t signature_size,
215     size_t *signature_length )
216 {
217     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
218     size_t hash_length;
219     uint8_t hash[PSA_HASH_MAX_SIZE];
220 
221     ++mbedtls_test_driver_signature_sign_hooks.hits;
222 
223     if( mbedtls_test_driver_signature_sign_hooks.forced_status != PSA_SUCCESS )
224         return( mbedtls_test_driver_signature_sign_hooks.forced_status );
225 
226     if( mbedtls_test_driver_signature_sign_hooks.forced_output != NULL )
227     {
228         if( mbedtls_test_driver_signature_sign_hooks.forced_output_length > signature_size )
229             return( PSA_ERROR_BUFFER_TOO_SMALL );
230 
231         memcpy( signature, mbedtls_test_driver_signature_sign_hooks.forced_output,
232                 mbedtls_test_driver_signature_sign_hooks.forced_output_length );
233         *signature_length = mbedtls_test_driver_signature_sign_hooks.forced_output_length;
234 
235         return( PSA_SUCCESS );
236     }
237 
238 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
239     defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH)
240     status = libtestdriver1_mbedtls_psa_hash_compute(
241                 PSA_ALG_SIGN_GET_HASH( alg ), input, input_length,
242                 hash, sizeof( hash ), &hash_length );
243 #elif defined(MBEDTLS_PSA_BUILTIN_HASH)
244     status = mbedtls_psa_hash_compute(
245                 PSA_ALG_SIGN_GET_HASH( alg ), input, input_length,
246                 hash, sizeof( hash ), &hash_length );
247 #else
248     (void) input;
249     (void) input_length;
250     status = PSA_ERROR_NOT_SUPPORTED;
251 #endif
252     if( status != PSA_SUCCESS )
253         return status;
254 
255     return( sign_hash( attributes, key_buffer, key_buffer_size,
256                        alg, hash, hash_length,
257                        signature, signature_size, signature_length ) );
258 }
259 
mbedtls_test_opaque_signature_sign_message(const psa_key_attributes_t * attributes,const uint8_t * key,size_t key_length,psa_algorithm_t alg,const uint8_t * input,size_t input_length,uint8_t * signature,size_t signature_size,size_t * signature_length)260 psa_status_t mbedtls_test_opaque_signature_sign_message(
261     const psa_key_attributes_t *attributes,
262     const uint8_t *key,
263     size_t key_length,
264     psa_algorithm_t alg,
265     const uint8_t *input,
266     size_t input_length,
267     uint8_t *signature,
268     size_t signature_size,
269     size_t *signature_length )
270 {
271     (void) attributes;
272     (void) key;
273     (void) key_length;
274     (void) alg;
275     (void) input;
276     (void) input_length;
277     (void) signature;
278     (void) signature_size;
279     (void) signature_length;
280 
281     return( PSA_ERROR_NOT_SUPPORTED );
282 }
283 
mbedtls_test_transparent_signature_verify_message(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * input,size_t input_length,const uint8_t * signature,size_t signature_length)284 psa_status_t mbedtls_test_transparent_signature_verify_message(
285     const psa_key_attributes_t *attributes,
286     const uint8_t *key_buffer,
287     size_t key_buffer_size,
288     psa_algorithm_t alg,
289     const uint8_t *input,
290     size_t input_length,
291     const uint8_t *signature,
292     size_t signature_length )
293 {
294     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
295     size_t hash_length;
296     uint8_t hash[PSA_HASH_MAX_SIZE];
297 
298     ++mbedtls_test_driver_signature_verify_hooks.hits;
299 
300     if( mbedtls_test_driver_signature_verify_hooks.forced_status != PSA_SUCCESS )
301         return( mbedtls_test_driver_signature_verify_hooks.forced_status );
302 
303 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
304     defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH)
305     status = libtestdriver1_mbedtls_psa_hash_compute(
306                 PSA_ALG_SIGN_GET_HASH( alg ), input, input_length,
307                 hash, sizeof( hash ), &hash_length );
308 #elif defined(MBEDTLS_PSA_BUILTIN_HASH)
309     status = mbedtls_psa_hash_compute(
310                 PSA_ALG_SIGN_GET_HASH( alg ), input, input_length,
311                 hash, sizeof( hash ), &hash_length );
312 #else
313     (void) input;
314     (void) input_length;
315     status = PSA_ERROR_NOT_SUPPORTED;
316 #endif
317     if( status != PSA_SUCCESS )
318         return status;
319 
320     return( verify_hash( attributes, key_buffer, key_buffer_size,
321                          alg, hash, hash_length,
322                          signature, signature_length ) );
323 }
324 
mbedtls_test_opaque_signature_verify_message(const psa_key_attributes_t * attributes,const uint8_t * key,size_t key_length,psa_algorithm_t alg,const uint8_t * input,size_t input_length,const uint8_t * signature,size_t signature_length)325 psa_status_t mbedtls_test_opaque_signature_verify_message(
326     const psa_key_attributes_t *attributes,
327     const uint8_t *key,
328     size_t key_length,
329     psa_algorithm_t alg,
330     const uint8_t *input,
331     size_t input_length,
332     const uint8_t *signature,
333     size_t signature_length )
334 {
335     (void) attributes;
336     (void) key;
337     (void) key_length;
338     (void) alg;
339     (void) input;
340     (void) input_length;
341     (void) signature;
342     (void) signature_length;
343 
344     return( PSA_ERROR_NOT_SUPPORTED );
345 }
346 
mbedtls_test_transparent_signature_sign_hash(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * hash,size_t hash_length,uint8_t * signature,size_t signature_size,size_t * signature_length)347 psa_status_t mbedtls_test_transparent_signature_sign_hash(
348     const psa_key_attributes_t *attributes,
349     const uint8_t *key_buffer, size_t key_buffer_size,
350     psa_algorithm_t alg,
351     const uint8_t *hash, size_t hash_length,
352     uint8_t *signature, size_t signature_size, size_t *signature_length )
353 {
354     ++mbedtls_test_driver_signature_sign_hooks.hits;
355 
356     if( mbedtls_test_driver_signature_sign_hooks.forced_status != PSA_SUCCESS )
357         return( mbedtls_test_driver_signature_sign_hooks.forced_status );
358 
359     if( mbedtls_test_driver_signature_sign_hooks.forced_output != NULL )
360     {
361         if( mbedtls_test_driver_signature_sign_hooks.forced_output_length > signature_size )
362             return( PSA_ERROR_BUFFER_TOO_SMALL );
363         memcpy( signature, mbedtls_test_driver_signature_sign_hooks.forced_output,
364                 mbedtls_test_driver_signature_sign_hooks.forced_output_length );
365         *signature_length = mbedtls_test_driver_signature_sign_hooks.forced_output_length;
366         return( PSA_SUCCESS );
367     }
368 
369     return( sign_hash( attributes, key_buffer, key_buffer_size,
370                       alg, hash, hash_length,
371                       signature, signature_size, signature_length ) );
372 }
373 
mbedtls_test_opaque_signature_sign_hash(const psa_key_attributes_t * attributes,const uint8_t * key,size_t key_length,psa_algorithm_t alg,const uint8_t * hash,size_t hash_length,uint8_t * signature,size_t signature_size,size_t * signature_length)374 psa_status_t mbedtls_test_opaque_signature_sign_hash(
375     const psa_key_attributes_t *attributes,
376     const uint8_t *key, size_t key_length,
377     psa_algorithm_t alg,
378     const uint8_t *hash, size_t hash_length,
379     uint8_t *signature, size_t signature_size, size_t *signature_length )
380 {
381     (void) attributes;
382     (void) key;
383     (void) key_length;
384     (void) alg;
385     (void) hash;
386     (void) hash_length;
387     (void) signature;
388     (void) signature_size;
389     (void) signature_length;
390 
391     return( PSA_ERROR_NOT_SUPPORTED );
392 }
393 
mbedtls_test_transparent_signature_verify_hash(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * hash,size_t hash_length,const uint8_t * signature,size_t signature_length)394 psa_status_t mbedtls_test_transparent_signature_verify_hash(
395     const psa_key_attributes_t *attributes,
396     const uint8_t *key_buffer, size_t key_buffer_size,
397     psa_algorithm_t alg,
398     const uint8_t *hash, size_t hash_length,
399     const uint8_t *signature, size_t signature_length )
400 {
401     ++mbedtls_test_driver_signature_verify_hooks.hits;
402 
403     if( mbedtls_test_driver_signature_verify_hooks.forced_status != PSA_SUCCESS )
404         return( mbedtls_test_driver_signature_verify_hooks.forced_status );
405 
406     return verify_hash( attributes, key_buffer, key_buffer_size,
407                         alg, hash, hash_length,
408                         signature, signature_length );
409 }
410 
mbedtls_test_opaque_signature_verify_hash(const psa_key_attributes_t * attributes,const uint8_t * key,size_t key_length,psa_algorithm_t alg,const uint8_t * hash,size_t hash_length,const uint8_t * signature,size_t signature_length)411 psa_status_t mbedtls_test_opaque_signature_verify_hash(
412     const psa_key_attributes_t *attributes,
413     const uint8_t *key, size_t key_length,
414     psa_algorithm_t alg,
415     const uint8_t *hash, size_t hash_length,
416     const uint8_t *signature, size_t signature_length )
417 {
418     (void) attributes;
419     (void) key;
420     (void) key_length;
421     (void) alg;
422     (void) hash;
423     (void) hash_length;
424     (void) signature;
425     (void) signature_length;
426     return( PSA_ERROR_NOT_SUPPORTED );
427 }
428 
429 #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */
430