The buffer size allocated for the raw ECDSA signatures
was too small for P-384 signatures. This led to mbedtls
aborting the generation of the raw sig.
Fix this by increasing the buffer size to the required
value.
Change-Id: I06a9cfe1f4cb2603c5fbe945714e90460c24edb8
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
This new version uses the multipart PSA AEAD API;
the authentication tag is verified via
a call to psa_aead_verify.
Change-Id: If4b7e6258223ae6fead1794d3e8d0004f0f387b3
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
This new version uses fewer internal functions
in favour of calling equivalent mbedtls APIs.
Change-Id: I0c2c20a74687211f2d554501f57898da07b01739
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
When the verify_signature function is called with the RSASSA_PSS
signature algorithm and a somewhat well-formed public key, invalid
signatures can be incorrectly verified due to this change [1].
This is primarily because of the introduction of the following code,
where a return check is missing before the goto:
if (pk_alg == MBEDTLS_PK_RSASSA_PSS) {
rc = pk_bytes_from_subpubkey((unsigned char **) &pk_ptr, &pk_len);
goto end2;
}
This code executes before the call to psa_verify_message. The
unconditional goto end2; branch leads to the immediate return of rc.
If the call to pk_bytes_from_subpubkey succeeds (i.e., the key is
formatted correctly), the signature is verified regardless of its
actual content.
This change [1] was included in the v2.11 release. Therefore, anyone
using this release with the PSA Crypto implementation must apply
this patch to ensure proper signature verification.
[1]: https://review.trustedfirmware.org/plugins/gitiles/TF-A/
trusted-firmware-a/+/55aed7d798f3d48d6aa08d58eb46c4cda318bcfb/drivers/
auth/mbedtls/mbedtls_psa_crypto.c#447
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Reported-by: Ryan Everett <ryan.everett@arm.com>
Change-Id: Ib484d97a04b7a82dd72592c8b5b153d577d01fc9
Further, remove reliance of mbedtls_md_psa_alg_from_type on
the actual values of the PSA_ALG_... defines.
And work around a prior bug that would try to import a
SubjectPublicKeyInfo into a PSA key. Instead, we import the
SubjectPublicKey itself.
Change-Id: Ib345b0bd4f2994f366629ed162d18814fd05aa2b
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
The ECDSA algorithm signature verification in the PSA differs
from the RSA algorithm in its handling of data formats. In the
case of RSA, an encoded ASN1.0 buffer is passed to the PSA API,
which then decodes the buffer. However, for ECDSA, the PSA API
expects a raw format.
To accomodate this requirement, introduce several static APIs
that allows to retrieve -
1. ECDSA public key data pointer along with its size, and also,
the ECC family in PSA format from the public key.
2. R and S pair of the ECDSA signature along with its size
Change-Id: Icc7d5659aeb3d5c1ab63c3a12c001e68b11a3a86
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
A PSA crypto API is used for signature verification, namely
psa_verify_message, which calculates the signature and verify it
for the given signed message.
Note, this functionality is as of now tested for RSA based Key
algorithm, subsequent patches will provide the signature verification
support for all the key algorithms available in TF-A (provided by KEY_ALG
build option).
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I16214e3cac6a7af445530a6dbd66cfc6ceedcfc6
A PSA crypto API is used for hash verification, namely
'psa_hash_compute', which internally calculates hash of the given
data payload.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ic90e43e68b836ee2add4b868663cfca2340c8108
A PSA crypto API is used for hash verification, namely
psa_hash_verify, which internally calculates and verifies the hash
of the given data payload.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ib48aa6b74b59aea6036333ff00f6ca566b910e60
Initialised Mbedtls PSA cryto during Crypto init using
function call 'psa_crypto_init'.
MbedTLS currently requires a Random Number Generator (RNG) once
PSA Crypto support is enabled. However, TF-A itself doesn't engage
in cryptographic operations that demand randomness. Consequently,
we simulate the presence of an external TRNG (through the configuration
option 'MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) while, in reality, we offer
a dummy implementation of mbedtls_psa_external_get_random() that always
returns an error.
Change-Id: Ife6d03909c0e6081438d2b2519ef500e5dcdb88f
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
An ad-hoc MbedTLS PSA crypto driver is registered by compiling
a new driver file, namely mbedtls_psa_crypto.c when PSA_CRYPTO=1.
As of now, this file is the same as mbedtls_crypto.c, but subsequent
patches will update crypto functions in this file to trigger
PSA crypto APIs.
Change-Id: I404c347990661d87dcf5d0501d238e36914ec3ee
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
