1 /*
2 * Copyright (c) 2021-2023 Arm Limited. All rights reserved.
3 * SPDX-License-Identifier: BSD-3-Clause
4 */
5
6 #include "psa_adac_config.h"
7 #include "psa_adac_debug.h"
8 #include "adac_crypto_cc312.h"
9
10 #if defined (PSA_ADAC_RSA3072) || defined (PSA_ADAC_RSA4096)
11 #include "cc_rsa_build.h"
12 #include "rsa/cc_rsa_local.h"
13 #include "cc_rsa_schemes.h"
14 #endif
15
16 #if defined (PSA_ADAC_EC_P256) || defined (PSA_ADAC_EC_P521)
17 #include "cc_ecpki_build.h"
18 #include "ec_wrst/cc_ecpki_local.h"
19 #if defined (PSA_ADAC_EC_P256)
20 #include "ec_wrst/ecc_domains/cc_ecpki_domain_secp256r1.h"
21 #endif
22 #if defined (PSA_ADAC_EC_P521)
23 #include "ec_wrst/ecc_domains/cc_ecpki_domain_secp521r1.h"
24 #endif
25 #endif
26
27 #include <string.h>
28
psa_adac_verify_signature(uint8_t key_type,uint8_t * key,size_t key_size,psa_algorithm_t hash_algo,const uint8_t * inputs[],size_t input_sizes[],size_t input_count,psa_algorithm_t sig_algo,uint8_t * sig,size_t sig_size)29 psa_status_t psa_adac_verify_signature(uint8_t key_type, uint8_t *key,
30 size_t key_size, psa_algorithm_t hash_algo, const uint8_t *inputs[],
31 size_t input_sizes[], size_t input_count, psa_algorithm_t sig_algo,
32 uint8_t *sig, size_t sig_size)
33 {
34 psa_status_t r;
35 uint8_t hash[PSA_HASH_MAX_SIZE];
36 size_t hash_size;
37 CCError_t error = CC_FAIL;
38
39 r = psa_adac_hash_multiple(hash_algo, inputs, input_sizes, input_count,
40 hash, sizeof(hash), &hash_size);
41
42 if (r != PSA_SUCCESS) {
43 return r;
44 }
45
46 if ((key_type == RSA_3072_SHA256) || (key_type == RSA_4096_SHA256)) {
47 #if defined (PSA_ADAC_RSA3072) || defined (PSA_ADAC_RSA4096)
48 CCRsaPubUserContext_t rsaPubUserContext;
49 CCRsaUserPubKey_t pubKey;
50 uint8_t F4[3] = {0x01, 0x0, 0x1};
51 CCRsaHashOpMode_t hashOpMode =
52 (hash_algo == PSA_ALG_SHA_256) ? CC_RSA_After_SHA256_mode :
53 ((hash_algo == PSA_ALG_SHA_512) ? CC_RSA_After_SHA512_mode :
54 CC_RSA_HASH_NO_HASH_mode);
55
56 PSA_ADAC_LOG_TRACE("cc312", "psa_adac_verify_signature Rsa%d\r\n",
57 key_size);
58
59 error = CC_RsaPubKeyBuild(&pubKey, F4, sizeof(F4), key, key_size);
60 if (error != CC_OK) {
61 PSA_ADAC_LOG_ERR("cc312", "Error in CC_RsaPubKeyBuild %lx\r\n",
62 error);
63 } else {
64 error = CC_RsaPssVerify(&rsaPubUserContext, &pubKey, hashOpMode,
65 CC_PKCS1_MGF1, 32, (uint8_t *)hash,
66 hash_size, (uint8_t *)sig);
67 if (error != CC_OK) {
68 PSA_ADAC_LOG_ERR("cc312", "Error in CC_RsaPssVerify %lx\r\n",
69 error);
70 }
71 }
72
73 #else
74 return PSA_ERROR_NOT_SUPPORTED;
75 #endif
76 } else if ((key_type == ECDSA_P256_SHA256) ||
77 (key_type == ECDSA_P521_SHA512)) {
78 #if defined (PSA_ADAC_EC_P256) || defined (PSA_ADAC_EC_P521)
79 CCEcdsaVerifyUserContext_t ecdsaVerifyUserContext;
80 CCEcpkiUserPublKey_t pubKey;
81
82 CCEcpkiHashOpMode_t hashOpMode =
83 (hash_algo == PSA_ALG_SHA_256) ? CC_ECPKI_AFTER_HASH_SHA256_mode :
84 ((hash_algo == PSA_ALG_SHA_512) ? CC_ECPKI_AFTER_HASH_SHA512_mode :
85 CC_ECPKI_HASH_NumOfModes);
86
87 if (key_type == ECDSA_P256_SHA256) {
88 #if defined (PSA_ADAC_EC_P256)
89 if (key_size == ECDSA_P256_PUBLIC_KEY_SIZE) {
90 uint8_t pub_key[ECDSA_P256_PUBLIC_KEY_SIZE + 1] = {0x04};
91 memcpy(pub_key + 1, key, ECDSA_P256_PUBLIC_KEY_SIZE);
92 PSA_ADAC_LOG_TRACE("cc312",
93 "psa_adac_verify_signature EcdsaP256\r\n");
94 error = CC_EcpkiPubKeyBuild(CC_EcpkiGetSecp256r1DomainP(),
95 pub_key, sizeof(pub_key), &pubKey);
96 } else {
97 return PSA_ERROR_INVALID_ARGUMENT;
98 }
99 #else
100 return PSA_ERROR_NOT_SUPPORTED;
101 #endif
102 } else if (key_type == ECDSA_P521_SHA512) {
103 #if defined (PSA_ADAC_EC_P521)
104 if (key_size == ECDSA_P521_PUBLIC_KEY_SIZE) {
105 uint8_t pub_key[ECDSA_P521_PUBLIC_KEY_SIZE + 1] = {0x04};
106 memcpy(pub_key + 1, key, ECDSA_P521_PUBLIC_KEY_SIZE);
107 PSA_ADAC_LOG_TRACE("cc312",
108 "psa_adac_verify_signature EcdsaP521\r\n");
109 error = CC_EcpkiPubKeyBuild(CC_EcpkiGetSecp521r1DomainP(),
110 pub_key, sizeof(pub_key), &pubKey);
111 } else {
112 return PSA_ERROR_INVALID_ARGUMENT;
113 }
114 #else
115 return PSA_ERROR_NOT_SUPPORTED;
116 #endif
117 } else {
118 return PSA_ERROR_INVALID_ARGUMENT;
119 }
120
121 if (CC_OK != error) {
122 PSA_ADAC_LOG_ERR("cc312", "Error in CC_EcpkiPubKeyBuild %lx\r\n",
123 error);
124 } else if (CC_OK != (error = EcdsaVerifyInit(&ecdsaVerifyUserContext,
125 &pubKey, hashOpMode))) {
126 PSA_ADAC_LOG_ERR("cc312", "Error in EcdsaVerifyInit %lx\r\n", error);
127 } else if (CC_OK != (error = EcdsaVerifyUpdate(&ecdsaVerifyUserContext,
128 hash, hash_size))) {
129 PSA_ADAC_LOG_ERR("cc312", "Error in EcdsaVerifyUpdate %lx\r\n",
130 error);
131 } else if (CC_OK != (error = EcdsaVerifyFinish(&ecdsaVerifyUserContext,
132 sig, sig_size))) {
133 PSA_ADAC_LOG_ERR("cc312", "Error in EcdsaVerifyFinish %lx\r\n",
134 error);
135 }
136 #else
137 return PSA_ERROR_NOT_SUPPORTED;
138 #endif
139 } else {
140 return PSA_ERROR_NOT_SUPPORTED;
141 }
142
143 PSA_ADAC_LOG_DEBUG("cc312", "Signature verification: %s\r\n",
144 error == CC_OK ? "success" : "failure");
145 return (error == CC_OK) ? PSA_SUCCESS : PSA_ERROR_INVALID_SIGNATURE;
146 }
147
