1 /*
2 * Test driver for signature functions.
3 * Currently supports signing and verifying precalculated hashes, using
4 * only deterministic ECDSA on curves secp256r1, secp384r1 and secp521r1.
5 */
6 /* Copyright The Mbed TLS Contributors
7 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
8 */
9
10 #include <test/helpers.h>
11
12 #if defined(PSA_CRYPTO_DRIVER_TEST)
13 #include "psa/crypto.h"
14 #include "psa_crypto_core.h"
15 #include "psa_crypto_ecp.h"
16 #include "psa_crypto_hash.h"
17 #include "psa_crypto_rsa.h"
18 #include "mbedtls/ecp.h"
19
20 #include "test/drivers/hash.h"
21 #include "test/drivers/signature.h"
22 #include "test/drivers/hash.h"
23
24 #include "mbedtls/ecdsa.h"
25
26 #include "test/random.h"
27
28 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
29 #include "libtestdriver1/library/psa_crypto_ecp.h"
30 #include "libtestdriver1/library/psa_crypto_hash.h"
31 #include "libtestdriver1/library/psa_crypto_rsa.h"
32 #endif
33
34 #include <string.h>
35
36 mbedtls_test_driver_signature_hooks_t
37 mbedtls_test_driver_signature_sign_hooks = MBEDTLS_TEST_DRIVER_SIGNATURE_INIT;
38 mbedtls_test_driver_signature_hooks_t
39 mbedtls_test_driver_signature_verify_hooks = MBEDTLS_TEST_DRIVER_SIGNATURE_INIT;
40
sign_hash(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * hash,size_t hash_length,uint8_t * signature,size_t signature_size,size_t * signature_length)41 psa_status_t sign_hash(
42 const psa_key_attributes_t *attributes,
43 const uint8_t *key_buffer,
44 size_t key_buffer_size,
45 psa_algorithm_t alg,
46 const uint8_t *hash,
47 size_t hash_length,
48 uint8_t *signature,
49 size_t signature_size,
50 size_t *signature_length)
51 {
52 if (attributes->type == PSA_KEY_TYPE_RSA_KEY_PAIR) {
53 if (PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) ||
54 PSA_ALG_IS_RSA_PSS(alg)) {
55 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
56 (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
57 defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS))
58 return libtestdriver1_mbedtls_psa_rsa_sign_hash(
59 (const libtestdriver1_psa_key_attributes_t *) attributes,
60 key_buffer, key_buffer_size,
61 alg, hash, hash_length,
62 signature, signature_size, signature_length);
63 #elif defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
64 defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
65 return mbedtls_psa_rsa_sign_hash(
66 attributes,
67 key_buffer, key_buffer_size,
68 alg, hash, hash_length,
69 signature, signature_size, signature_length);
70 #endif
71 } else {
72 return PSA_ERROR_INVALID_ARGUMENT;
73 }
74 } else if (PSA_KEY_TYPE_IS_ECC(attributes->type)) {
75 if (PSA_ALG_IS_ECDSA(alg)) {
76 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
77 (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
78 defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA))
79 return libtestdriver1_mbedtls_psa_ecdsa_sign_hash(
80 (const libtestdriver1_psa_key_attributes_t *) attributes,
81 key_buffer, key_buffer_size,
82 alg, hash, hash_length,
83 signature, signature_size, signature_length);
84 #elif defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
85 defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
86 return mbedtls_psa_ecdsa_sign_hash(
87 attributes,
88 key_buffer, key_buffer_size,
89 alg, hash, hash_length,
90 signature, signature_size, signature_length);
91 #endif
92 } else {
93 return PSA_ERROR_INVALID_ARGUMENT;
94 }
95 }
96
97 (void) attributes;
98 (void) key_buffer;
99 (void) key_buffer_size;
100 (void) alg;
101 (void) hash;
102 (void) hash_length;
103 (void) signature;
104 (void) signature_size;
105 (void) signature_length;
106 return PSA_ERROR_NOT_SUPPORTED;
107 }
108
verify_hash(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * hash,size_t hash_length,const uint8_t * signature,size_t signature_length)109 psa_status_t verify_hash(
110 const psa_key_attributes_t *attributes,
111 const uint8_t *key_buffer,
112 size_t key_buffer_size,
113 psa_algorithm_t alg,
114 const uint8_t *hash,
115 size_t hash_length,
116 const uint8_t *signature,
117 size_t signature_length)
118 {
119 if (PSA_KEY_TYPE_IS_RSA(attributes->type)) {
120 if (PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) ||
121 PSA_ALG_IS_RSA_PSS(alg)) {
122 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
123 (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
124 defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS))
125 return libtestdriver1_mbedtls_psa_rsa_verify_hash(
126 (const libtestdriver1_psa_key_attributes_t *) attributes,
127 key_buffer, key_buffer_size,
128 alg, hash, hash_length,
129 signature, signature_length);
130 #elif defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
131 defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
132 return mbedtls_psa_rsa_verify_hash(
133 attributes,
134 key_buffer, key_buffer_size,
135 alg, hash, hash_length,
136 signature, signature_length);
137 #endif
138 } else {
139 return PSA_ERROR_INVALID_ARGUMENT;
140 }
141 } else if (PSA_KEY_TYPE_IS_ECC(attributes->type)) {
142 if (PSA_ALG_IS_ECDSA(alg)) {
143 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
144 (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
145 defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA))
146 return libtestdriver1_mbedtls_psa_ecdsa_verify_hash(
147 (const libtestdriver1_psa_key_attributes_t *) attributes,
148 key_buffer, key_buffer_size,
149 alg, hash, hash_length,
150 signature, signature_length);
151 #elif defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
152 defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
153 return mbedtls_psa_ecdsa_verify_hash(
154 attributes,
155 key_buffer, key_buffer_size,
156 alg, hash, hash_length,
157 signature, signature_length);
158 #endif
159 } else {
160 return PSA_ERROR_INVALID_ARGUMENT;
161 }
162 }
163
164 (void) attributes;
165 (void) key_buffer;
166 (void) key_buffer_size;
167 (void) alg;
168 (void) hash;
169 (void) hash_length;
170 (void) signature;
171 (void) signature_length;
172 return PSA_ERROR_NOT_SUPPORTED;
173 }
174
mbedtls_test_transparent_signature_sign_message(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * input,size_t input_length,uint8_t * signature,size_t signature_size,size_t * signature_length)175 psa_status_t mbedtls_test_transparent_signature_sign_message(
176 const psa_key_attributes_t *attributes,
177 const uint8_t *key_buffer,
178 size_t key_buffer_size,
179 psa_algorithm_t alg,
180 const uint8_t *input,
181 size_t input_length,
182 uint8_t *signature,
183 size_t signature_size,
184 size_t *signature_length)
185 {
186 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
187 size_t hash_length;
188 uint8_t hash[PSA_HASH_MAX_SIZE];
189
190 ++mbedtls_test_driver_signature_sign_hooks.hits;
191
192 if (mbedtls_test_driver_signature_sign_hooks.forced_status != PSA_SUCCESS) {
193 return mbedtls_test_driver_signature_sign_hooks.forced_status;
194 }
195
196 if (mbedtls_test_driver_signature_sign_hooks.forced_output != NULL) {
197 if (mbedtls_test_driver_signature_sign_hooks.forced_output_length > signature_size) {
198 return PSA_ERROR_BUFFER_TOO_SMALL;
199 }
200
201 memcpy(signature, mbedtls_test_driver_signature_sign_hooks.forced_output,
202 mbedtls_test_driver_signature_sign_hooks.forced_output_length);
203 *signature_length = mbedtls_test_driver_signature_sign_hooks.forced_output_length;
204
205 return PSA_SUCCESS;
206 }
207
208 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
209 defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH)
210 status = libtestdriver1_mbedtls_psa_hash_compute(
211 PSA_ALG_SIGN_GET_HASH(alg), input, input_length,
212 hash, sizeof(hash), &hash_length);
213 #elif defined(MBEDTLS_PSA_BUILTIN_HASH)
214 status = mbedtls_psa_hash_compute(
215 PSA_ALG_SIGN_GET_HASH(alg), input, input_length,
216 hash, sizeof(hash), &hash_length);
217 #else
218 (void) input;
219 (void) input_length;
220 status = PSA_ERROR_NOT_SUPPORTED;
221 #endif
222 if (status != PSA_SUCCESS) {
223 return status;
224 }
225
226 return sign_hash(attributes, key_buffer, key_buffer_size,
227 alg, hash, hash_length,
228 signature, signature_size, signature_length);
229 }
230
mbedtls_test_opaque_signature_sign_message(const psa_key_attributes_t * attributes,const uint8_t * key,size_t key_length,psa_algorithm_t alg,const uint8_t * input,size_t input_length,uint8_t * signature,size_t signature_size,size_t * signature_length)231 psa_status_t mbedtls_test_opaque_signature_sign_message(
232 const psa_key_attributes_t *attributes,
233 const uint8_t *key,
234 size_t key_length,
235 psa_algorithm_t alg,
236 const uint8_t *input,
237 size_t input_length,
238 uint8_t *signature,
239 size_t signature_size,
240 size_t *signature_length)
241 {
242 (void) attributes;
243 (void) key;
244 (void) key_length;
245 (void) alg;
246 (void) input;
247 (void) input_length;
248 (void) signature;
249 (void) signature_size;
250 (void) signature_length;
251
252 return PSA_ERROR_NOT_SUPPORTED;
253 }
254
mbedtls_test_transparent_signature_verify_message(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * input,size_t input_length,const uint8_t * signature,size_t signature_length)255 psa_status_t mbedtls_test_transparent_signature_verify_message(
256 const psa_key_attributes_t *attributes,
257 const uint8_t *key_buffer,
258 size_t key_buffer_size,
259 psa_algorithm_t alg,
260 const uint8_t *input,
261 size_t input_length,
262 const uint8_t *signature,
263 size_t signature_length)
264 {
265 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
266 size_t hash_length;
267 uint8_t hash[PSA_HASH_MAX_SIZE];
268
269 ++mbedtls_test_driver_signature_verify_hooks.hits;
270
271 if (mbedtls_test_driver_signature_verify_hooks.forced_status != PSA_SUCCESS) {
272 return mbedtls_test_driver_signature_verify_hooks.forced_status;
273 }
274
275 #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
276 defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH)
277 status = libtestdriver1_mbedtls_psa_hash_compute(
278 PSA_ALG_SIGN_GET_HASH(alg), input, input_length,
279 hash, sizeof(hash), &hash_length);
280 #elif defined(MBEDTLS_PSA_BUILTIN_HASH)
281 status = mbedtls_psa_hash_compute(
282 PSA_ALG_SIGN_GET_HASH(alg), input, input_length,
283 hash, sizeof(hash), &hash_length);
284 #else
285 (void) input;
286 (void) input_length;
287 status = PSA_ERROR_NOT_SUPPORTED;
288 #endif
289 if (status != PSA_SUCCESS) {
290 return status;
291 }
292
293 return verify_hash(attributes, key_buffer, key_buffer_size,
294 alg, hash, hash_length,
295 signature, signature_length);
296 }
297
mbedtls_test_opaque_signature_verify_message(const psa_key_attributes_t * attributes,const uint8_t * key,size_t key_length,psa_algorithm_t alg,const uint8_t * input,size_t input_length,const uint8_t * signature,size_t signature_length)298 psa_status_t mbedtls_test_opaque_signature_verify_message(
299 const psa_key_attributes_t *attributes,
300 const uint8_t *key,
301 size_t key_length,
302 psa_algorithm_t alg,
303 const uint8_t *input,
304 size_t input_length,
305 const uint8_t *signature,
306 size_t signature_length)
307 {
308 (void) attributes;
309 (void) key;
310 (void) key_length;
311 (void) alg;
312 (void) input;
313 (void) input_length;
314 (void) signature;
315 (void) signature_length;
316
317 return PSA_ERROR_NOT_SUPPORTED;
318 }
319
mbedtls_test_transparent_signature_sign_hash(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * hash,size_t hash_length,uint8_t * signature,size_t signature_size,size_t * signature_length)320 psa_status_t mbedtls_test_transparent_signature_sign_hash(
321 const psa_key_attributes_t *attributes,
322 const uint8_t *key_buffer, size_t key_buffer_size,
323 psa_algorithm_t alg,
324 const uint8_t *hash, size_t hash_length,
325 uint8_t *signature, size_t signature_size, size_t *signature_length)
326 {
327 ++mbedtls_test_driver_signature_sign_hooks.hits;
328
329 if (mbedtls_test_driver_signature_sign_hooks.forced_status != PSA_SUCCESS) {
330 return mbedtls_test_driver_signature_sign_hooks.forced_status;
331 }
332
333 if (mbedtls_test_driver_signature_sign_hooks.forced_output != NULL) {
334 if (mbedtls_test_driver_signature_sign_hooks.forced_output_length > signature_size) {
335 return PSA_ERROR_BUFFER_TOO_SMALL;
336 }
337 memcpy(signature, mbedtls_test_driver_signature_sign_hooks.forced_output,
338 mbedtls_test_driver_signature_sign_hooks.forced_output_length);
339 *signature_length = mbedtls_test_driver_signature_sign_hooks.forced_output_length;
340 return PSA_SUCCESS;
341 }
342
343 return sign_hash(attributes, key_buffer, key_buffer_size,
344 alg, hash, hash_length,
345 signature, signature_size, signature_length);
346 }
347
mbedtls_test_opaque_signature_sign_hash(const psa_key_attributes_t * attributes,const uint8_t * key,size_t key_length,psa_algorithm_t alg,const uint8_t * hash,size_t hash_length,uint8_t * signature,size_t signature_size,size_t * signature_length)348 psa_status_t mbedtls_test_opaque_signature_sign_hash(
349 const psa_key_attributes_t *attributes,
350 const uint8_t *key, size_t key_length,
351 psa_algorithm_t alg,
352 const uint8_t *hash, size_t hash_length,
353 uint8_t *signature, size_t signature_size, size_t *signature_length)
354 {
355 (void) attributes;
356 (void) key;
357 (void) key_length;
358 (void) alg;
359 (void) hash;
360 (void) hash_length;
361 (void) signature;
362 (void) signature_size;
363 (void) signature_length;
364
365 return PSA_ERROR_NOT_SUPPORTED;
366 }
367
mbedtls_test_transparent_signature_verify_hash(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * hash,size_t hash_length,const uint8_t * signature,size_t signature_length)368 psa_status_t mbedtls_test_transparent_signature_verify_hash(
369 const psa_key_attributes_t *attributes,
370 const uint8_t *key_buffer, size_t key_buffer_size,
371 psa_algorithm_t alg,
372 const uint8_t *hash, size_t hash_length,
373 const uint8_t *signature, size_t signature_length)
374 {
375 ++mbedtls_test_driver_signature_verify_hooks.hits;
376
377 if (mbedtls_test_driver_signature_verify_hooks.forced_status != PSA_SUCCESS) {
378 return mbedtls_test_driver_signature_verify_hooks.forced_status;
379 }
380
381 return verify_hash(attributes, key_buffer, key_buffer_size,
382 alg, hash, hash_length,
383 signature, signature_length);
384 }
385
mbedtls_test_opaque_signature_verify_hash(const psa_key_attributes_t * attributes,const uint8_t * key,size_t key_length,psa_algorithm_t alg,const uint8_t * hash,size_t hash_length,const uint8_t * signature,size_t signature_length)386 psa_status_t mbedtls_test_opaque_signature_verify_hash(
387 const psa_key_attributes_t *attributes,
388 const uint8_t *key, size_t key_length,
389 psa_algorithm_t alg,
390 const uint8_t *hash, size_t hash_length,
391 const uint8_t *signature, size_t signature_length)
392 {
393 (void) attributes;
394 (void) key;
395 (void) key_length;
396 (void) alg;
397 (void) hash;
398 (void) hash_length;
399 (void) signature;
400 (void) signature_length;
401 return PSA_ERROR_NOT_SUPPORTED;
402 }
403
404 #endif /* PSA_CRYPTO_DRIVER_TEST */
405
