Change prototype of pk_sign_ext

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-12 16:23:53 +08:00 · 2022-03-12 16:23:53 +08:00 · 8beb9e173d
commit 8beb9e173d
parent 67eced0132
4 changed files with 25 additions and 36 deletions
--- a/ChangeLog.d/mbedtls_pk_sign_ext.txt
+++ b/ChangeLog.d/mbedtls_pk_sign_ext.txt
@ -0,0 +1,3 @@
+Features
+    * Add mbedtls_pk_sign_ext() which allows generating RSA-PSS signatures when
+      PSA Crypto is enabled.
--- a/include/mbedtls/pk.h
+++ b/include/mbedtls/pk.h
@ -536,10 +536,9 @@ int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
             int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );

 /**
- * \brief           Make signature with options, including padding if relevant.
+ * \brief           Make signature with input pk type. not the type of \p ctx .
 *
- * \param type      Signature type (inc. possible padding type) to verify
- * \param options   Pointer to type-specific options, or NULL
+ * \param pk_type   Signature type.
 * \param ctx       The PK context to use. It must have been set up
 *                  with a private key.
 * \param md_alg    Hash algorithm used (see notes)
@ -558,9 +557,9 @@ int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
 *
 * \return          0 on success, or a specific error code.
 *
- * \note            For RSA keys, the default padding type is PKCS#1 v1.5.
- *                  There is no interface in the PK module to make RSASSA-PSS
- *                  signatures yet.
+ * \note            For RSA keys, the padding type depends on the value of the
+ *                  \p pk_type parameter: MBEDTLS_PK_RSA for PKCS#1 v1.5, and
+ *                  MBEDTLS_PK_RSASSA_PSS for PKCS#1 v2.1 with any salt.
 *
 * \note            For RSA, md_alg may be MBEDTLS_MD_NONE if hash_len != 0.
 *                  For ECDSA, md_alg may never be MBEDTLS_MD_NONE.
@ -568,11 +567,13 @@ int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
 * \note            For RSA, md_alg may be MBEDTLS_MD_NONE if hash_len != 0.
 *                  For ECDSA, md_alg may never be MBEDTLS_MD_NONE.
 */
-int mbedtls_pk_sign_ext( mbedtls_pk_type_t type, const void *options,
-             mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
-             const unsigned char *hash, size_t hash_len,
-             unsigned char *sig, size_t sig_size, size_t *sig_len,
-             int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
+int mbedtls_pk_sign_ext( mbedtls_pk_type_t type,
+                         mbedtls_pk_context *ctx,
+                         mbedtls_md_type_t md_alg,
+                         const unsigned char *hash, size_t hash_len,
+                         unsigned char *sig, size_t sig_size, size_t *sig_len,
+                         int (*f_rng)(void *, unsigned char *, size_t),
+                         void *p_rng );

 /**
 * \brief           Restartable version of \c mbedtls_pk_sign()
--- a/library/pk.c
+++ b/library/pk.c
@ -521,11 +521,13 @@ int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
 /*
 * Make a signature with options
 */
-int mbedtls_pk_sign_ext( mbedtls_pk_type_t type, const void *options,
-             mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
-             const unsigned char *hash, size_t hash_len,
-             unsigned char *sig, size_t sig_size, size_t *sig_len,
-             int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+int mbedtls_pk_sign_ext( mbedtls_pk_type_t type,
+                         mbedtls_pk_context *ctx,
+                         mbedtls_md_type_t md_alg,
+                         const unsigned char *hash, size_t hash_len,
+                         unsigned char *sig, size_t sig_size, size_t *sig_len,
+                         int (*f_rng)(void *, unsigned char *, size_t),
+                         void *p_rng )
 {
    PK_VALIDATE_RET( ctx != NULL );
    PK_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hash_len == 0 ) ||
@ -541,10 +543,6 @@ int mbedtls_pk_sign_ext( mbedtls_pk_type_t type, const void *options,

    if( type != MBEDTLS_PK_RSASSA_PSS )
    {
-        /* General case: no options */
-        if( options != NULL )
-            return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
-
        return( mbedtls_pk_sign_restartable( ctx, md_alg, hash, hash_len,
                                             sig, sig_size, sig_len,
                                             f_rng, p_rng, NULL ) );
@ -552,17 +550,12 @@ int mbedtls_pk_sign_ext( mbedtls_pk_type_t type, const void *options,

 #if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PKCS1_V21)
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    const mbedtls_pk_rsassa_pss_options *pss_opts;

 #if SIZE_MAX > UINT_MAX
    if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len )
        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
 #endif /* SIZE_MAX > UINT_MAX */

-    if( options == NULL )
-        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
-
-    pss_opts = (const mbedtls_pk_rsassa_pss_options *) options;
    if( sig_size < mbedtls_pk_get_len( ctx ) )
        return( MBEDTLS_ERR_RSA_VERIFY_FAILED );

@ -578,7 +571,7 @@ int mbedtls_pk_sign_ext( mbedtls_pk_type_t type, const void *options,
                                           f_rng, p_rng,
                                           md_alg,
                                           (unsigned int) hash_len,
-                                           hash,pss_opts->expected_salt_len,
+                                           hash,MBEDTLS_RSA_SALT_LEN_ANY,
                                           sig
                                         );
    return( ret );
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@ -1060,10 +1060,8 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl,
    unsigned char verify_buffer[ SSL_VERIFY_STRUCT_MAX_SIZE ];
    size_t verify_buffer_len;
    mbedtls_pk_type_t pk_type = MBEDTLS_PK_NONE;
-    const void *options = NULL;
    mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE;
    uint16_t algorithm = MBEDTLS_TLS1_3_SIG_NONE;
-    mbedtls_pk_rsassa_pss_options pss_opts;
    size_t signature_len = 0;
    const mbedtls_md_info_t *md_info;
    unsigned char verify_hash[ MBEDTLS_MD_MAX_SIZE ];
@ -1134,20 +1132,14 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl,
 #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
    case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256:
        md_alg = MBEDTLS_MD_SHA256;
-        pss_opts.expected_salt_len = MBEDTLS_RSA_SALT_LEN_ANY;
-        options = &pss_opts;
        pk_type = MBEDTLS_PK_RSASSA_PSS;
        break;
    case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384:
        md_alg = MBEDTLS_MD_SHA384;
-        pss_opts.expected_salt_len = MBEDTLS_RSA_SALT_LEN_ANY;
-        options = &pss_opts;
        pk_type = MBEDTLS_PK_RSASSA_PSS;
        break;
    case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512:
        md_alg = MBEDTLS_MD_SHA512;
-        pss_opts.expected_salt_len = MBEDTLS_RSA_SALT_LEN_ANY;
-        options = &pss_opts;
        pk_type = MBEDTLS_PK_RSASSA_PSS;
        break;
 #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
@ -1173,8 +1165,8 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl,
    verify_hash_len = mbedtls_md_get_size( md_info );
    MBEDTLS_SSL_DEBUG_BUF( 3, "verify hash", verify_hash, verify_hash_len );

-    if( ( ret = mbedtls_pk_sign_ext( pk_type, options,
-                        own_key, md_alg, verify_hash, verify_hash_len,
+    if( ( ret = mbedtls_pk_sign_ext( pk_type, own_key,
+                        md_alg, verify_hash, verify_hash_len,
                        p + 2, (size_t)( end - ( p + 2 ) ), &signature_len,
                        ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
    {