wolf SSL
wolfSSL SSL/TLS library, support up to TLS1.3
Dependents: CyaSSL-Twitter-OAuth4Tw Example-client-tls-cert TwitterReader TweetTest ... more
wolfcrypt/src/signature.c@17:a5f916481144, 2020-06-05 (annotated)
- Committer:
- wolfSSL
- Date:
- Fri Jun 05 00:11:07 2020 +0000
- Revision:
- 17:a5f916481144
- Parent:
- 16:8e0d178b1d1e
wolfSSL 4.4.0
Who changed what in which revision?
| User | Revision | Line number | New contents of line |
|---|---|---|---|
| wolfSSL | 15:117db924cf7c | 1 | /* signature.c |
| wolfSSL | 15:117db924cf7c | 2 | * |
| wolfSSL | 16:8e0d178b1d1e | 3 | * Copyright (C) 2006-2020 wolfSSL Inc. |
| wolfSSL | 15:117db924cf7c | 4 | * |
| wolfSSL | 15:117db924cf7c | 5 | * This file is part of wolfSSL. |
| wolfSSL | 15:117db924cf7c | 6 | * |
| wolfSSL | 15:117db924cf7c | 7 | * wolfSSL is free software; you can redistribute it and/or modify |
| wolfSSL | 15:117db924cf7c | 8 | * it under the terms of the GNU General Public License as published by |
| wolfSSL | 15:117db924cf7c | 9 | * the Free Software Foundation; either version 2 of the License, or |
| wolfSSL | 15:117db924cf7c | 10 | * (at your option) any later version. |
| wolfSSL | 15:117db924cf7c | 11 | * |
| wolfSSL | 15:117db924cf7c | 12 | * wolfSSL is distributed in the hope that it will be useful, |
| wolfSSL | 15:117db924cf7c | 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| wolfSSL | 15:117db924cf7c | 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| wolfSSL | 15:117db924cf7c | 15 | * GNU General Public License for more details. |
| wolfSSL | 15:117db924cf7c | 16 | * |
| wolfSSL | 15:117db924cf7c | 17 | * You should have received a copy of the GNU General Public License |
| wolfSSL | 15:117db924cf7c | 18 | * along with this program; if not, write to the Free Software |
| wolfSSL | 15:117db924cf7c | 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA |
| wolfSSL | 15:117db924cf7c | 20 | */ |
| wolfSSL | 15:117db924cf7c | 21 | |
| wolfSSL | 15:117db924cf7c | 22 | |
| wolfSSL | 15:117db924cf7c | 23 | #ifdef HAVE_CONFIG_H |
| wolfSSL | 15:117db924cf7c | 24 | #include <config.h> |
| wolfSSL | 15:117db924cf7c | 25 | #endif |
| wolfSSL | 15:117db924cf7c | 26 | |
| wolfSSL | 15:117db924cf7c | 27 | #include <wolfssl/wolfcrypt/settings.h> |
| wolfSSL | 15:117db924cf7c | 28 | #include <wolfssl/wolfcrypt/signature.h> |
| wolfSSL | 15:117db924cf7c | 29 | #include <wolfssl/wolfcrypt/error-crypt.h> |
| wolfSSL | 15:117db924cf7c | 30 | #include <wolfssl/wolfcrypt/logging.h> |
| wolfSSL | 15:117db924cf7c | 31 | #ifndef NO_ASN |
| wolfSSL | 15:117db924cf7c | 32 | #include <wolfssl/wolfcrypt/asn.h> |
| wolfSSL | 15:117db924cf7c | 33 | #endif |
| wolfSSL | 15:117db924cf7c | 34 | #ifdef HAVE_ECC |
| wolfSSL | 15:117db924cf7c | 35 | #include <wolfssl/wolfcrypt/ecc.h> |
| wolfSSL | 15:117db924cf7c | 36 | #endif |
| wolfSSL | 15:117db924cf7c | 37 | #ifndef NO_RSA |
| wolfSSL | 15:117db924cf7c | 38 | #include <wolfssl/wolfcrypt/rsa.h> |
| wolfSSL | 15:117db924cf7c | 39 | #endif |
| wolfSSL | 15:117db924cf7c | 40 | |
| wolfSSL | 15:117db924cf7c | 41 | /* If ECC and RSA are disabled then disable signature wrapper */ |
| wolfSSL | 15:117db924cf7c | 42 | #if (!defined(HAVE_ECC) || (defined(HAVE_ECC) && !defined(HAVE_ECC_SIGN) \ |
| wolfSSL | 15:117db924cf7c | 43 | && !defined(HAVE_ECC_VERIFY))) && defined(NO_RSA) |
| wolfSSL | 15:117db924cf7c | 44 | #undef NO_SIG_WRAPPER |
| wolfSSL | 15:117db924cf7c | 45 | #define NO_SIG_WRAPPER |
| wolfSSL | 15:117db924cf7c | 46 | #endif |
| wolfSSL | 15:117db924cf7c | 47 | |
| wolfSSL | 15:117db924cf7c | 48 | /* Signature wrapper disabled check */ |
| wolfSSL | 15:117db924cf7c | 49 | #ifndef NO_SIG_WRAPPER |
| wolfSSL | 15:117db924cf7c | 50 | |
| wolfSSL | 15:117db924cf7c | 51 | #if !defined(NO_RSA) && !defined(NO_ASN) |
| wolfSSL | 16:8e0d178b1d1e | 52 | static int wc_SignatureDerEncode(enum wc_HashType hash_type, byte* hash_data, |
| wolfSSL | 16:8e0d178b1d1e | 53 | word32 hash_len, word32* hash_enc_len) |
| wolfSSL | 15:117db924cf7c | 54 | { |
| wolfSSL | 16:8e0d178b1d1e | 55 | int ret, oid; |
| wolfSSL | 15:117db924cf7c | 56 | |
| wolfSSL | 16:8e0d178b1d1e | 57 | ret = wc_HashGetOID(hash_type); |
| wolfSSL | 16:8e0d178b1d1e | 58 | if (ret < 0) { |
| wolfSSL | 16:8e0d178b1d1e | 59 | return ret; |
| wolfSSL | 16:8e0d178b1d1e | 60 | } |
| wolfSSL | 16:8e0d178b1d1e | 61 | oid = ret; |
| wolfSSL | 15:117db924cf7c | 62 | |
| wolfSSL | 16:8e0d178b1d1e | 63 | ret = wc_EncodeSignature(hash_data, hash_data, hash_len, oid); |
| wolfSSL | 16:8e0d178b1d1e | 64 | if (ret > 0) { |
| wolfSSL | 16:8e0d178b1d1e | 65 | *hash_enc_len = ret; |
| wolfSSL | 16:8e0d178b1d1e | 66 | ret = 0; |
| wolfSSL | 15:117db924cf7c | 67 | } |
| wolfSSL | 16:8e0d178b1d1e | 68 | |
| wolfSSL | 15:117db924cf7c | 69 | return ret; |
| wolfSSL | 15:117db924cf7c | 70 | } |
| wolfSSL | 15:117db924cf7c | 71 | #endif /* !NO_RSA && !NO_ASN */ |
| wolfSSL | 15:117db924cf7c | 72 | |
| wolfSSL | 15:117db924cf7c | 73 | int wc_SignatureGetSize(enum wc_SignatureType sig_type, |
| wolfSSL | 15:117db924cf7c | 74 | const void* key, word32 key_len) |
| wolfSSL | 15:117db924cf7c | 75 | { |
| wolfSSL | 15:117db924cf7c | 76 | int sig_len = BAD_FUNC_ARG; |
| wolfSSL | 15:117db924cf7c | 77 | |
| wolfSSL | 15:117db924cf7c | 78 | /* Suppress possible unused args if all signature types are disabled */ |
| wolfSSL | 15:117db924cf7c | 79 | (void)key; |
| wolfSSL | 15:117db924cf7c | 80 | (void)key_len; |
| wolfSSL | 15:117db924cf7c | 81 | |
| wolfSSL | 15:117db924cf7c | 82 | switch(sig_type) { |
| wolfSSL | 15:117db924cf7c | 83 | case WC_SIGNATURE_TYPE_ECC: |
| wolfSSL | 15:117db924cf7c | 84 | #ifdef HAVE_ECC |
| wolfSSL | 15:117db924cf7c | 85 | /* Sanity check that void* key is at least ecc_key in size */ |
| wolfSSL | 15:117db924cf7c | 86 | if (key_len >= sizeof(ecc_key)) { |
| wolfSSL | 15:117db924cf7c | 87 | sig_len = wc_ecc_sig_size((ecc_key*)key); |
| wolfSSL | 15:117db924cf7c | 88 | } |
| wolfSSL | 15:117db924cf7c | 89 | else { |
| wolfSSL | 15:117db924cf7c | 90 | WOLFSSL_MSG("wc_SignatureGetSize: Invalid ECC key size"); |
| wolfSSL | 15:117db924cf7c | 91 | } |
| wolfSSL | 15:117db924cf7c | 92 | #else |
| wolfSSL | 15:117db924cf7c | 93 | sig_len = SIG_TYPE_E; |
| wolfSSL | 15:117db924cf7c | 94 | #endif |
| wolfSSL | 15:117db924cf7c | 95 | break; |
| wolfSSL | 15:117db924cf7c | 96 | |
| wolfSSL | 15:117db924cf7c | 97 | case WC_SIGNATURE_TYPE_RSA_W_ENC: |
| wolfSSL | 15:117db924cf7c | 98 | case WC_SIGNATURE_TYPE_RSA: |
| wolfSSL | 15:117db924cf7c | 99 | #ifndef NO_RSA |
| wolfSSL | 15:117db924cf7c | 100 | /* Sanity check that void* key is at least RsaKey in size */ |
| wolfSSL | 15:117db924cf7c | 101 | if (key_len >= sizeof(RsaKey)) { |
| wolfSSL | 15:117db924cf7c | 102 | sig_len = wc_RsaEncryptSize((RsaKey*)key); |
| wolfSSL | 15:117db924cf7c | 103 | } |
| wolfSSL | 15:117db924cf7c | 104 | else { |
| wolfSSL | 15:117db924cf7c | 105 | WOLFSSL_MSG("wc_SignatureGetSize: Invalid RsaKey key size"); |
| wolfSSL | 15:117db924cf7c | 106 | } |
| wolfSSL | 15:117db924cf7c | 107 | #else |
| wolfSSL | 15:117db924cf7c | 108 | sig_len = SIG_TYPE_E; |
| wolfSSL | 15:117db924cf7c | 109 | #endif |
| wolfSSL | 15:117db924cf7c | 110 | break; |
| wolfSSL | 15:117db924cf7c | 111 | |
| wolfSSL | 15:117db924cf7c | 112 | case WC_SIGNATURE_TYPE_NONE: |
| wolfSSL | 15:117db924cf7c | 113 | default: |
| wolfSSL | 15:117db924cf7c | 114 | sig_len = BAD_FUNC_ARG; |
| wolfSSL | 15:117db924cf7c | 115 | break; |
| wolfSSL | 15:117db924cf7c | 116 | } |
| wolfSSL | 15:117db924cf7c | 117 | return sig_len; |
| wolfSSL | 15:117db924cf7c | 118 | } |
| wolfSSL | 15:117db924cf7c | 119 | |
| wolfSSL | 15:117db924cf7c | 120 | int wc_SignatureVerifyHash( |
| wolfSSL | 15:117db924cf7c | 121 | enum wc_HashType hash_type, enum wc_SignatureType sig_type, |
| wolfSSL | 15:117db924cf7c | 122 | const byte* hash_data, word32 hash_len, |
| wolfSSL | 15:117db924cf7c | 123 | const byte* sig, word32 sig_len, |
| wolfSSL | 15:117db924cf7c | 124 | const void* key, word32 key_len) |
| wolfSSL | 15:117db924cf7c | 125 | { |
| wolfSSL | 15:117db924cf7c | 126 | int ret; |
| wolfSSL | 15:117db924cf7c | 127 | |
| wolfSSL | 15:117db924cf7c | 128 | /* Check arguments */ |
| wolfSSL | 16:8e0d178b1d1e | 129 | if (hash_data == NULL || hash_len == 0 || |
| wolfSSL | 16:8e0d178b1d1e | 130 | sig == NULL || sig_len == 0 || |
| wolfSSL | 16:8e0d178b1d1e | 131 | key == NULL || key_len == 0) { |
| wolfSSL | 15:117db924cf7c | 132 | return BAD_FUNC_ARG; |
| wolfSSL | 15:117db924cf7c | 133 | } |
| wolfSSL | 15:117db924cf7c | 134 | |
| wolfSSL | 15:117db924cf7c | 135 | /* Validate signature len (1 to max is okay) */ |
| wolfSSL | 15:117db924cf7c | 136 | if ((int)sig_len > wc_SignatureGetSize(sig_type, key, key_len)) { |
| wolfSSL | 15:117db924cf7c | 137 | WOLFSSL_MSG("wc_SignatureVerify: Invalid sig type/len"); |
| wolfSSL | 15:117db924cf7c | 138 | return BAD_FUNC_ARG; |
| wolfSSL | 15:117db924cf7c | 139 | } |
| wolfSSL | 15:117db924cf7c | 140 | |
| wolfSSL | 15:117db924cf7c | 141 | /* Validate hash size */ |
| wolfSSL | 15:117db924cf7c | 142 | ret = wc_HashGetDigestSize(hash_type); |
| wolfSSL | 15:117db924cf7c | 143 | if (ret < 0) { |
| wolfSSL | 15:117db924cf7c | 144 | WOLFSSL_MSG("wc_SignatureVerify: Invalid hash type/len"); |
| wolfSSL | 15:117db924cf7c | 145 | return ret; |
| wolfSSL | 15:117db924cf7c | 146 | } |
| wolfSSL | 15:117db924cf7c | 147 | ret = 0; |
| wolfSSL | 15:117db924cf7c | 148 | |
| wolfSSL | 15:117db924cf7c | 149 | /* Verify signature using hash */ |
| wolfSSL | 15:117db924cf7c | 150 | switch (sig_type) { |
| wolfSSL | 15:117db924cf7c | 151 | case WC_SIGNATURE_TYPE_ECC: |
| wolfSSL | 15:117db924cf7c | 152 | { |
| wolfSSL | 15:117db924cf7c | 153 | #if defined(HAVE_ECC) && defined(HAVE_ECC_VERIFY) |
| wolfSSL | 15:117db924cf7c | 154 | int is_valid_sig = 0; |
| wolfSSL | 15:117db924cf7c | 155 | |
| wolfSSL | 15:117db924cf7c | 156 | /* Perform verification of signature using provided ECC key */ |
| wolfSSL | 15:117db924cf7c | 157 | do { |
| wolfSSL | 15:117db924cf7c | 158 | #ifdef WOLFSSL_ASYNC_CRYPT |
| wolfSSL | 15:117db924cf7c | 159 | ret = wc_AsyncWait(ret, &((ecc_key*)key)->asyncDev, |
| wolfSSL | 15:117db924cf7c | 160 | WC_ASYNC_FLAG_CALL_AGAIN); |
| wolfSSL | 15:117db924cf7c | 161 | #endif |
| wolfSSL | 15:117db924cf7c | 162 | if (ret >= 0) |
| wolfSSL | 15:117db924cf7c | 163 | ret = wc_ecc_verify_hash(sig, sig_len, hash_data, hash_len, |
| wolfSSL | 15:117db924cf7c | 164 | &is_valid_sig, (ecc_key*)key); |
| wolfSSL | 15:117db924cf7c | 165 | } while (ret == WC_PENDING_E); |
| wolfSSL | 15:117db924cf7c | 166 | if (ret != 0 || is_valid_sig != 1) { |
| wolfSSL | 15:117db924cf7c | 167 | ret = SIG_VERIFY_E; |
| wolfSSL | 15:117db924cf7c | 168 | } |
| wolfSSL | 15:117db924cf7c | 169 | #else |
| wolfSSL | 15:117db924cf7c | 170 | ret = SIG_TYPE_E; |
| wolfSSL | 15:117db924cf7c | 171 | #endif |
| wolfSSL | 15:117db924cf7c | 172 | break; |
| wolfSSL | 15:117db924cf7c | 173 | } |
| wolfSSL | 15:117db924cf7c | 174 | |
| wolfSSL | 15:117db924cf7c | 175 | case WC_SIGNATURE_TYPE_RSA_W_ENC: |
| wolfSSL | 15:117db924cf7c | 176 | case WC_SIGNATURE_TYPE_RSA: |
| wolfSSL | 15:117db924cf7c | 177 | { |
| wolfSSL | 15:117db924cf7c | 178 | #ifndef NO_RSA |
| wolfSSL | 16:8e0d178b1d1e | 179 | #if defined(WOLFSSL_CRYPTOCELL) |
| wolfSSL | 16:8e0d178b1d1e | 180 | /* the signature must propagate to the cryptocell to get verfied */ |
| wolfSSL | 16:8e0d178b1d1e | 181 | if (sig_type == WC_SIGNATURE_TYPE_RSA_W_ENC) { |
| wolfSSL | 16:8e0d178b1d1e | 182 | ret = cc310_RsaSSL_Verify(hash_data, hash_len,(byte*)sig, key, |
| wolfSSL | 16:8e0d178b1d1e | 183 | CRYS_RSA_HASH_SHA256_mode); |
| wolfSSL | 16:8e0d178b1d1e | 184 | } |
| wolfSSL | 16:8e0d178b1d1e | 185 | else { |
| wolfSSL | 16:8e0d178b1d1e | 186 | ret = cc310_RsaSSL_Verify(hash_data, hash_len,(byte*)sig, key, |
| wolfSSL | 16:8e0d178b1d1e | 187 | CRYS_RSA_After_SHA256_mode); |
| wolfSSL | 16:8e0d178b1d1e | 188 | } |
| wolfSSL | 16:8e0d178b1d1e | 189 | |
| wolfSSL | 16:8e0d178b1d1e | 190 | if (ret != 0) { |
| wolfSSL | 16:8e0d178b1d1e | 191 | WOLFSSL_MSG("RSA Signature Verify difference!"); |
| wolfSSL | 16:8e0d178b1d1e | 192 | ret = SIG_VERIFY_E; |
| wolfSSL | 16:8e0d178b1d1e | 193 | } |
| wolfSSL | 16:8e0d178b1d1e | 194 | |
| wolfSSL | 16:8e0d178b1d1e | 195 | #else /* WOLFSSL_CRYPTOCELL */ |
| wolfSSL | 16:8e0d178b1d1e | 196 | |
| wolfSSL | 15:117db924cf7c | 197 | word32 plain_len = hash_len; |
| wolfSSL | 15:117db924cf7c | 198 | byte *plain_data; |
| wolfSSL | 15:117db924cf7c | 199 | |
| wolfSSL | 15:117db924cf7c | 200 | /* Make sure the plain text output is at least key size */ |
| wolfSSL | 15:117db924cf7c | 201 | if (plain_len < sig_len) { |
| wolfSSL | 15:117db924cf7c | 202 | plain_len = sig_len; |
| wolfSSL | 15:117db924cf7c | 203 | } |
| wolfSSL | 15:117db924cf7c | 204 | plain_data = (byte*)XMALLOC(plain_len, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| wolfSSL | 15:117db924cf7c | 205 | if (plain_data) { |
| wolfSSL | 15:117db924cf7c | 206 | /* Perform verification of signature using provided RSA key */ |
| wolfSSL | 15:117db924cf7c | 207 | do { |
| wolfSSL | 15:117db924cf7c | 208 | #ifdef WOLFSSL_ASYNC_CRYPT |
| wolfSSL | 15:117db924cf7c | 209 | ret = wc_AsyncWait(ret, &((RsaKey*)key)->asyncDev, |
| wolfSSL | 15:117db924cf7c | 210 | WC_ASYNC_FLAG_CALL_AGAIN); |
| wolfSSL | 15:117db924cf7c | 211 | #endif |
| wolfSSL | 15:117db924cf7c | 212 | if (ret >= 0) |
| wolfSSL | 15:117db924cf7c | 213 | ret = wc_RsaSSL_Verify(sig, sig_len, plain_data, |
| wolfSSL | 15:117db924cf7c | 214 | plain_len, (RsaKey*)key); |
| wolfSSL | 15:117db924cf7c | 215 | } while (ret == WC_PENDING_E); |
| wolfSSL | 15:117db924cf7c | 216 | if (ret >= 0) { |
| wolfSSL | 15:117db924cf7c | 217 | if ((word32)ret == hash_len && |
| wolfSSL | 15:117db924cf7c | 218 | XMEMCMP(plain_data, hash_data, hash_len) == 0) { |
| wolfSSL | 15:117db924cf7c | 219 | ret = 0; /* Success */ |
| wolfSSL | 15:117db924cf7c | 220 | } |
| wolfSSL | 15:117db924cf7c | 221 | else { |
| wolfSSL | 15:117db924cf7c | 222 | WOLFSSL_MSG("RSA Signature Verify difference!"); |
| wolfSSL | 15:117db924cf7c | 223 | ret = SIG_VERIFY_E; |
| wolfSSL | 15:117db924cf7c | 224 | } |
| wolfSSL | 15:117db924cf7c | 225 | } |
| wolfSSL | 15:117db924cf7c | 226 | XFREE(plain_data, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| wolfSSL | 15:117db924cf7c | 227 | } |
| wolfSSL | 15:117db924cf7c | 228 | else { |
| wolfSSL | 15:117db924cf7c | 229 | ret = MEMORY_E; |
| wolfSSL | 15:117db924cf7c | 230 | } |
| wolfSSL | 16:8e0d178b1d1e | 231 | #endif /* !WOLFSSL_CRYPTOCELL */ |
| wolfSSL | 15:117db924cf7c | 232 | #else |
| wolfSSL | 15:117db924cf7c | 233 | ret = SIG_TYPE_E; |
| wolfSSL | 15:117db924cf7c | 234 | #endif |
| wolfSSL | 15:117db924cf7c | 235 | break; |
| wolfSSL | 15:117db924cf7c | 236 | } |
| wolfSSL | 15:117db924cf7c | 237 | |
| wolfSSL | 15:117db924cf7c | 238 | case WC_SIGNATURE_TYPE_NONE: |
| wolfSSL | 15:117db924cf7c | 239 | default: |
| wolfSSL | 15:117db924cf7c | 240 | ret = BAD_FUNC_ARG; |
| wolfSSL | 15:117db924cf7c | 241 | break; |
| wolfSSL | 15:117db924cf7c | 242 | } |
| wolfSSL | 15:117db924cf7c | 243 | |
| wolfSSL | 15:117db924cf7c | 244 | return ret; |
| wolfSSL | 15:117db924cf7c | 245 | } |
| wolfSSL | 15:117db924cf7c | 246 | |
| wolfSSL | 15:117db924cf7c | 247 | int wc_SignatureVerify( |
| wolfSSL | 15:117db924cf7c | 248 | enum wc_HashType hash_type, enum wc_SignatureType sig_type, |
| wolfSSL | 15:117db924cf7c | 249 | const byte* data, word32 data_len, |
| wolfSSL | 15:117db924cf7c | 250 | const byte* sig, word32 sig_len, |
| wolfSSL | 15:117db924cf7c | 251 | const void* key, word32 key_len) |
| wolfSSL | 15:117db924cf7c | 252 | { |
| wolfSSL | 15:117db924cf7c | 253 | int ret; |
| wolfSSL | 16:8e0d178b1d1e | 254 | word32 hash_len, hash_enc_len; |
| wolfSSL | 16:8e0d178b1d1e | 255 | #if defined(WOLFSSL_SMALL_STACK) || defined(NO_ASN) |
| wolfSSL | 16:8e0d178b1d1e | 256 | byte *hash_data; |
| wolfSSL | 16:8e0d178b1d1e | 257 | #else |
| wolfSSL | 16:8e0d178b1d1e | 258 | byte hash_data[MAX_DER_DIGEST_SZ]; |
| wolfSSL | 16:8e0d178b1d1e | 259 | #endif |
| wolfSSL | 15:117db924cf7c | 260 | |
| wolfSSL | 15:117db924cf7c | 261 | /* Check arguments */ |
| wolfSSL | 16:8e0d178b1d1e | 262 | if (data == NULL || data_len == 0 || |
| wolfSSL | 16:8e0d178b1d1e | 263 | sig == NULL || sig_len == 0 || |
| wolfSSL | 16:8e0d178b1d1e | 264 | key == NULL || key_len == 0) { |
| wolfSSL | 15:117db924cf7c | 265 | return BAD_FUNC_ARG; |
| wolfSSL | 15:117db924cf7c | 266 | } |
| wolfSSL | 15:117db924cf7c | 267 | |
| wolfSSL | 15:117db924cf7c | 268 | /* Validate signature len (1 to max is okay) */ |
| wolfSSL | 15:117db924cf7c | 269 | if ((int)sig_len > wc_SignatureGetSize(sig_type, key, key_len)) { |
| wolfSSL | 15:117db924cf7c | 270 | WOLFSSL_MSG("wc_SignatureVerify: Invalid sig type/len"); |
| wolfSSL | 15:117db924cf7c | 271 | return BAD_FUNC_ARG; |
| wolfSSL | 15:117db924cf7c | 272 | } |
| wolfSSL | 15:117db924cf7c | 273 | |
| wolfSSL | 15:117db924cf7c | 274 | /* Validate hash size */ |
| wolfSSL | 15:117db924cf7c | 275 | ret = wc_HashGetDigestSize(hash_type); |
| wolfSSL | 15:117db924cf7c | 276 | if (ret < 0) { |
| wolfSSL | 15:117db924cf7c | 277 | WOLFSSL_MSG("wc_SignatureVerify: Invalid hash type/len"); |
| wolfSSL | 15:117db924cf7c | 278 | return ret; |
| wolfSSL | 15:117db924cf7c | 279 | } |
| wolfSSL | 16:8e0d178b1d1e | 280 | hash_enc_len = hash_len = ret; |
| wolfSSL | 15:117db924cf7c | 281 | |
| wolfSSL | 16:8e0d178b1d1e | 282 | #ifndef NO_RSA |
| wolfSSL | 16:8e0d178b1d1e | 283 | if (sig_type == WC_SIGNATURE_TYPE_RSA_W_ENC) { |
| wolfSSL | 16:8e0d178b1d1e | 284 | /* For RSA with ASN.1 encoding include room */ |
| wolfSSL | 16:8e0d178b1d1e | 285 | hash_enc_len += MAX_DER_DIGEST_ASN_SZ; |
| wolfSSL | 16:8e0d178b1d1e | 286 | } |
| wolfSSL | 16:8e0d178b1d1e | 287 | #endif |
| wolfSSL | 16:8e0d178b1d1e | 288 | |
| wolfSSL | 16:8e0d178b1d1e | 289 | #if defined(WOLFSSL_SMALL_STACK) || defined(NO_ASN) |
| wolfSSL | 15:117db924cf7c | 290 | /* Allocate temporary buffer for hash data */ |
| wolfSSL | 16:8e0d178b1d1e | 291 | hash_data = (byte*)XMALLOC(hash_enc_len, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| wolfSSL | 15:117db924cf7c | 292 | if (hash_data == NULL) { |
| wolfSSL | 15:117db924cf7c | 293 | return MEMORY_E; |
| wolfSSL | 15:117db924cf7c | 294 | } |
| wolfSSL | 16:8e0d178b1d1e | 295 | #endif |
| wolfSSL | 15:117db924cf7c | 296 | |
| wolfSSL | 15:117db924cf7c | 297 | /* Perform hash of data */ |
| wolfSSL | 15:117db924cf7c | 298 | ret = wc_Hash(hash_type, data, data_len, hash_data, hash_len); |
| wolfSSL | 15:117db924cf7c | 299 | if (ret == 0) { |
| wolfSSL | 15:117db924cf7c | 300 | /* Handle RSA with DER encoding */ |
| wolfSSL | 15:117db924cf7c | 301 | if (sig_type == WC_SIGNATURE_TYPE_RSA_W_ENC) { |
| wolfSSL | 15:117db924cf7c | 302 | #if defined(NO_RSA) || defined(NO_ASN) |
| wolfSSL | 15:117db924cf7c | 303 | ret = SIG_TYPE_E; |
| wolfSSL | 15:117db924cf7c | 304 | #else |
| wolfSSL | 16:8e0d178b1d1e | 305 | ret = wc_SignatureDerEncode(hash_type, hash_data, hash_len, |
| wolfSSL | 16:8e0d178b1d1e | 306 | &hash_enc_len); |
| wolfSSL | 15:117db924cf7c | 307 | #endif |
| wolfSSL | 15:117db924cf7c | 308 | } |
| wolfSSL | 15:117db924cf7c | 309 | |
| wolfSSL | 15:117db924cf7c | 310 | if (ret == 0) { |
| wolfSSL | 16:8e0d178b1d1e | 311 | #if defined(WOLFSSL_CRYPTOCELL) |
| wolfSSL | 16:8e0d178b1d1e | 312 | if ((sig_type == WC_SIGNATURE_TYPE_RSA) |
| wolfSSL | 16:8e0d178b1d1e | 313 | || (sig_type == WC_SIGNATURE_TYPE_RSA_W_ENC)) { |
| wolfSSL | 16:8e0d178b1d1e | 314 | if (sig_type == WC_SIGNATURE_TYPE_RSA_W_ENC) { |
| wolfSSL | 16:8e0d178b1d1e | 315 | ret = cc310_RsaSSL_Verify(hash_data, hash_len, sig, key, |
| wolfSSL | 16:8e0d178b1d1e | 316 | cc310_hashModeRSA(hash_type, 0)); |
| wolfSSL | 16:8e0d178b1d1e | 317 | } |
| wolfSSL | 16:8e0d178b1d1e | 318 | else { |
| wolfSSL | 16:8e0d178b1d1e | 319 | ret = cc310_RsaSSL_Verify(hash_data, hash_len, sig, key, |
| wolfSSL | 16:8e0d178b1d1e | 320 | cc310_hashModeRSA(hash_type, 1)); |
| wolfSSL | 16:8e0d178b1d1e | 321 | } |
| wolfSSL | 16:8e0d178b1d1e | 322 | } |
| wolfSSL | 16:8e0d178b1d1e | 323 | #else |
| wolfSSL | 15:117db924cf7c | 324 | /* Verify signature using hash */ |
| wolfSSL | 15:117db924cf7c | 325 | ret = wc_SignatureVerifyHash(hash_type, sig_type, |
| wolfSSL | 16:8e0d178b1d1e | 326 | hash_data, hash_enc_len, sig, sig_len, key, key_len); |
| wolfSSL | 16:8e0d178b1d1e | 327 | #endif /* WOLFSSL_CRYPTOCELL */ |
| wolfSSL | 15:117db924cf7c | 328 | } |
| wolfSSL | 15:117db924cf7c | 329 | } |
| wolfSSL | 15:117db924cf7c | 330 | |
| wolfSSL | 16:8e0d178b1d1e | 331 | #if defined(WOLFSSL_SMALL_STACK) || defined(NO_ASN) |
| wolfSSL | 16:8e0d178b1d1e | 332 | XFREE(hash_data, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| wolfSSL | 16:8e0d178b1d1e | 333 | #endif |
| wolfSSL | 15:117db924cf7c | 334 | |
| wolfSSL | 15:117db924cf7c | 335 | return ret; |
| wolfSSL | 15:117db924cf7c | 336 | } |
| wolfSSL | 15:117db924cf7c | 337 | |
| wolfSSL | 15:117db924cf7c | 338 | |
| wolfSSL | 15:117db924cf7c | 339 | int wc_SignatureGenerateHash( |
| wolfSSL | 15:117db924cf7c | 340 | enum wc_HashType hash_type, enum wc_SignatureType sig_type, |
| wolfSSL | 15:117db924cf7c | 341 | const byte* hash_data, word32 hash_len, |
| wolfSSL | 15:117db924cf7c | 342 | byte* sig, word32 *sig_len, |
| wolfSSL | 15:117db924cf7c | 343 | const void* key, word32 key_len, WC_RNG* rng) |
| wolfSSL | 15:117db924cf7c | 344 | { |
| wolfSSL | 16:8e0d178b1d1e | 345 | return wc_SignatureGenerateHash_ex(hash_type, sig_type, hash_data, hash_len, |
| wolfSSL | 16:8e0d178b1d1e | 346 | sig, sig_len, key, key_len, rng, 1); |
| wolfSSL | 16:8e0d178b1d1e | 347 | } |
| wolfSSL | 16:8e0d178b1d1e | 348 | |
| wolfSSL | 16:8e0d178b1d1e | 349 | int wc_SignatureGenerateHash_ex( |
| wolfSSL | 16:8e0d178b1d1e | 350 | enum wc_HashType hash_type, enum wc_SignatureType sig_type, |
| wolfSSL | 16:8e0d178b1d1e | 351 | const byte* hash_data, word32 hash_len, |
| wolfSSL | 16:8e0d178b1d1e | 352 | byte* sig, word32 *sig_len, |
| wolfSSL | 16:8e0d178b1d1e | 353 | const void* key, word32 key_len, WC_RNG* rng, int verify) |
| wolfSSL | 16:8e0d178b1d1e | 354 | { |
| wolfSSL | 15:117db924cf7c | 355 | int ret; |
| wolfSSL | 15:117db924cf7c | 356 | |
| wolfSSL | 15:117db924cf7c | 357 | /* Suppress possible unused arg if all signature types are disabled */ |
| wolfSSL | 15:117db924cf7c | 358 | (void)rng; |
| wolfSSL | 15:117db924cf7c | 359 | |
| wolfSSL | 15:117db924cf7c | 360 | /* Check arguments */ |
| wolfSSL | 16:8e0d178b1d1e | 361 | if (hash_data == NULL || hash_len == 0 || |
| wolfSSL | 16:8e0d178b1d1e | 362 | sig == NULL || sig_len == NULL || *sig_len == 0 || |
| wolfSSL | 16:8e0d178b1d1e | 363 | key == NULL || key_len == 0) { |
| wolfSSL | 15:117db924cf7c | 364 | return BAD_FUNC_ARG; |
| wolfSSL | 15:117db924cf7c | 365 | } |
| wolfSSL | 15:117db924cf7c | 366 | |
| wolfSSL | 15:117db924cf7c | 367 | /* Validate signature len (needs to be at least max) */ |
| wolfSSL | 15:117db924cf7c | 368 | if ((int)*sig_len < wc_SignatureGetSize(sig_type, key, key_len)) { |
| wolfSSL | 15:117db924cf7c | 369 | WOLFSSL_MSG("wc_SignatureGenerate: Invalid sig type/len"); |
| wolfSSL | 15:117db924cf7c | 370 | return BAD_FUNC_ARG; |
| wolfSSL | 15:117db924cf7c | 371 | } |
| wolfSSL | 15:117db924cf7c | 372 | |
| wolfSSL | 15:117db924cf7c | 373 | /* Validate hash size */ |
| wolfSSL | 15:117db924cf7c | 374 | ret = wc_HashGetDigestSize(hash_type); |
| wolfSSL | 15:117db924cf7c | 375 | if (ret < 0) { |
| wolfSSL | 15:117db924cf7c | 376 | WOLFSSL_MSG("wc_SignatureGenerate: Invalid hash type/len"); |
| wolfSSL | 15:117db924cf7c | 377 | return ret; |
| wolfSSL | 15:117db924cf7c | 378 | } |
| wolfSSL | 15:117db924cf7c | 379 | ret = 0; |
| wolfSSL | 15:117db924cf7c | 380 | |
| wolfSSL | 15:117db924cf7c | 381 | /* Create signature using hash as data */ |
| wolfSSL | 15:117db924cf7c | 382 | switch (sig_type) { |
| wolfSSL | 15:117db924cf7c | 383 | case WC_SIGNATURE_TYPE_ECC: |
| wolfSSL | 15:117db924cf7c | 384 | #if defined(HAVE_ECC) && defined(HAVE_ECC_SIGN) |
| wolfSSL | 15:117db924cf7c | 385 | /* Create signature using provided ECC key */ |
| wolfSSL | 15:117db924cf7c | 386 | do { |
| wolfSSL | 15:117db924cf7c | 387 | #ifdef WOLFSSL_ASYNC_CRYPT |
| wolfSSL | 15:117db924cf7c | 388 | ret = wc_AsyncWait(ret, &((ecc_key*)key)->asyncDev, |
| wolfSSL | 15:117db924cf7c | 389 | WC_ASYNC_FLAG_CALL_AGAIN); |
| wolfSSL | 15:117db924cf7c | 390 | #endif |
| wolfSSL | 15:117db924cf7c | 391 | if (ret >= 0) |
| wolfSSL | 15:117db924cf7c | 392 | ret = wc_ecc_sign_hash(hash_data, hash_len, sig, sig_len, |
| wolfSSL | 15:117db924cf7c | 393 | rng, (ecc_key*)key); |
| wolfSSL | 15:117db924cf7c | 394 | } while (ret == WC_PENDING_E); |
| wolfSSL | 15:117db924cf7c | 395 | #else |
| wolfSSL | 15:117db924cf7c | 396 | ret = SIG_TYPE_E; |
| wolfSSL | 15:117db924cf7c | 397 | #endif |
| wolfSSL | 15:117db924cf7c | 398 | break; |
| wolfSSL | 15:117db924cf7c | 399 | |
| wolfSSL | 15:117db924cf7c | 400 | case WC_SIGNATURE_TYPE_RSA_W_ENC: |
| wolfSSL | 15:117db924cf7c | 401 | case WC_SIGNATURE_TYPE_RSA: |
| wolfSSL | 16:8e0d178b1d1e | 402 | #if !defined(NO_RSA) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) |
| wolfSSL | 16:8e0d178b1d1e | 403 | #if defined(WOLFSSL_CRYPTOCELL) |
| wolfSSL | 16:8e0d178b1d1e | 404 | if (sig_type == WC_SIGNATURE_TYPE_RSA_W_ENC) { |
| wolfSSL | 16:8e0d178b1d1e | 405 | ret = cc310_RsaSSL_Sign(hash_data, hash_len, sig, *sig_len, key, |
| wolfSSL | 16:8e0d178b1d1e | 406 | cc310_hashModeRSA(hash_type, 0)); |
| wolfSSL | 16:8e0d178b1d1e | 407 | } |
| wolfSSL | 16:8e0d178b1d1e | 408 | else { |
| wolfSSL | 16:8e0d178b1d1e | 409 | ret = cc310_RsaSSL_Sign(hash_data, hash_len, sig, *sig_len, key, |
| wolfSSL | 16:8e0d178b1d1e | 410 | cc310_hashModeRSA(hash_type, 1)); |
| wolfSSL | 16:8e0d178b1d1e | 411 | } |
| wolfSSL | 16:8e0d178b1d1e | 412 | #else |
| wolfSSL | 15:117db924cf7c | 413 | /* Create signature using provided RSA key */ |
| wolfSSL | 15:117db924cf7c | 414 | do { |
| wolfSSL | 15:117db924cf7c | 415 | #ifdef WOLFSSL_ASYNC_CRYPT |
| wolfSSL | 15:117db924cf7c | 416 | ret = wc_AsyncWait(ret, &((RsaKey*)key)->asyncDev, |
| wolfSSL | 15:117db924cf7c | 417 | WC_ASYNC_FLAG_CALL_AGAIN); |
| wolfSSL | 15:117db924cf7c | 418 | #endif |
| wolfSSL | 15:117db924cf7c | 419 | if (ret >= 0) |
| wolfSSL | 15:117db924cf7c | 420 | ret = wc_RsaSSL_Sign(hash_data, hash_len, sig, *sig_len, |
| wolfSSL | 15:117db924cf7c | 421 | (RsaKey*)key, rng); |
| wolfSSL | 15:117db924cf7c | 422 | } while (ret == WC_PENDING_E); |
| wolfSSL | 16:8e0d178b1d1e | 423 | #endif /* WOLFSSL_CRYPTOCELL */ |
| wolfSSL | 15:117db924cf7c | 424 | if (ret >= 0) { |
| wolfSSL | 15:117db924cf7c | 425 | *sig_len = ret; |
| wolfSSL | 15:117db924cf7c | 426 | ret = 0; /* Success */ |
| wolfSSL | 15:117db924cf7c | 427 | } |
| wolfSSL | 15:117db924cf7c | 428 | #else |
| wolfSSL | 15:117db924cf7c | 429 | ret = SIG_TYPE_E; |
| wolfSSL | 15:117db924cf7c | 430 | #endif |
| wolfSSL | 15:117db924cf7c | 431 | break; |
| wolfSSL | 15:117db924cf7c | 432 | |
| wolfSSL | 15:117db924cf7c | 433 | case WC_SIGNATURE_TYPE_NONE: |
| wolfSSL | 15:117db924cf7c | 434 | default: |
| wolfSSL | 15:117db924cf7c | 435 | ret = BAD_FUNC_ARG; |
| wolfSSL | 15:117db924cf7c | 436 | break; |
| wolfSSL | 15:117db924cf7c | 437 | } |
| wolfSSL | 15:117db924cf7c | 438 | |
| wolfSSL | 16:8e0d178b1d1e | 439 | if (ret == 0 && verify) { |
| wolfSSL | 16:8e0d178b1d1e | 440 | ret = wc_SignatureVerifyHash(hash_type, sig_type, hash_data, hash_len, |
| wolfSSL | 16:8e0d178b1d1e | 441 | sig, *sig_len, key, key_len); |
| wolfSSL | 16:8e0d178b1d1e | 442 | } |
| wolfSSL | 16:8e0d178b1d1e | 443 | |
| wolfSSL | 15:117db924cf7c | 444 | return ret; |
| wolfSSL | 15:117db924cf7c | 445 | } |
| wolfSSL | 15:117db924cf7c | 446 | |
| wolfSSL | 15:117db924cf7c | 447 | int wc_SignatureGenerate( |
| wolfSSL | 15:117db924cf7c | 448 | enum wc_HashType hash_type, enum wc_SignatureType sig_type, |
| wolfSSL | 15:117db924cf7c | 449 | const byte* data, word32 data_len, |
| wolfSSL | 15:117db924cf7c | 450 | byte* sig, word32 *sig_len, |
| wolfSSL | 15:117db924cf7c | 451 | const void* key, word32 key_len, WC_RNG* rng) |
| wolfSSL | 15:117db924cf7c | 452 | { |
| wolfSSL | 16:8e0d178b1d1e | 453 | return wc_SignatureGenerate_ex(hash_type, sig_type, data, data_len, sig, |
| wolfSSL | 16:8e0d178b1d1e | 454 | sig_len, key, key_len, rng, 1); |
| wolfSSL | 16:8e0d178b1d1e | 455 | } |
| wolfSSL | 16:8e0d178b1d1e | 456 | |
| wolfSSL | 16:8e0d178b1d1e | 457 | int wc_SignatureGenerate_ex( |
| wolfSSL | 16:8e0d178b1d1e | 458 | enum wc_HashType hash_type, enum wc_SignatureType sig_type, |
| wolfSSL | 16:8e0d178b1d1e | 459 | const byte* data, word32 data_len, |
| wolfSSL | 16:8e0d178b1d1e | 460 | byte* sig, word32 *sig_len, |
| wolfSSL | 16:8e0d178b1d1e | 461 | const void* key, word32 key_len, WC_RNG* rng, int verify) |
| wolfSSL | 16:8e0d178b1d1e | 462 | { |
| wolfSSL | 15:117db924cf7c | 463 | int ret; |
| wolfSSL | 16:8e0d178b1d1e | 464 | word32 hash_len, hash_enc_len; |
| wolfSSL | 16:8e0d178b1d1e | 465 | #if defined(WOLFSSL_SMALL_STACK) || defined(NO_ASN) |
| wolfSSL | 16:8e0d178b1d1e | 466 | byte *hash_data; |
| wolfSSL | 16:8e0d178b1d1e | 467 | #else |
| wolfSSL | 16:8e0d178b1d1e | 468 | byte hash_data[MAX_DER_DIGEST_SZ]; |
| wolfSSL | 16:8e0d178b1d1e | 469 | #endif |
| wolfSSL | 15:117db924cf7c | 470 | |
| wolfSSL | 15:117db924cf7c | 471 | /* Check arguments */ |
| wolfSSL | 16:8e0d178b1d1e | 472 | if (data == NULL || data_len == 0 || |
| wolfSSL | 16:8e0d178b1d1e | 473 | sig == NULL || sig_len == NULL || *sig_len == 0 || |
| wolfSSL | 16:8e0d178b1d1e | 474 | key == NULL || key_len == 0) { |
| wolfSSL | 15:117db924cf7c | 475 | return BAD_FUNC_ARG; |
| wolfSSL | 15:117db924cf7c | 476 | } |
| wolfSSL | 15:117db924cf7c | 477 | |
| wolfSSL | 15:117db924cf7c | 478 | /* Validate signature len (needs to be at least max) */ |
| wolfSSL | 15:117db924cf7c | 479 | if ((int)*sig_len < wc_SignatureGetSize(sig_type, key, key_len)) { |
| wolfSSL | 15:117db924cf7c | 480 | WOLFSSL_MSG("wc_SignatureGenerate: Invalid sig type/len"); |
| wolfSSL | 15:117db924cf7c | 481 | return BAD_FUNC_ARG; |
| wolfSSL | 15:117db924cf7c | 482 | } |
| wolfSSL | 15:117db924cf7c | 483 | |
| wolfSSL | 15:117db924cf7c | 484 | /* Validate hash size */ |
| wolfSSL | 15:117db924cf7c | 485 | ret = wc_HashGetDigestSize(hash_type); |
| wolfSSL | 15:117db924cf7c | 486 | if (ret < 0) { |
| wolfSSL | 15:117db924cf7c | 487 | WOLFSSL_MSG("wc_SignatureGenerate: Invalid hash type/len"); |
| wolfSSL | 15:117db924cf7c | 488 | return ret; |
| wolfSSL | 15:117db924cf7c | 489 | } |
| wolfSSL | 16:8e0d178b1d1e | 490 | hash_enc_len = hash_len = ret; |
| wolfSSL | 15:117db924cf7c | 491 | |
| wolfSSL | 16:8e0d178b1d1e | 492 | #if !defined(NO_RSA) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) |
| wolfSSL | 16:8e0d178b1d1e | 493 | if (sig_type == WC_SIGNATURE_TYPE_RSA_W_ENC) { |
| wolfSSL | 16:8e0d178b1d1e | 494 | /* For RSA with ASN.1 encoding include room */ |
| wolfSSL | 16:8e0d178b1d1e | 495 | hash_enc_len += MAX_DER_DIGEST_ASN_SZ; |
| wolfSSL | 16:8e0d178b1d1e | 496 | } |
| wolfSSL | 16:8e0d178b1d1e | 497 | #endif |
| wolfSSL | 16:8e0d178b1d1e | 498 | |
| wolfSSL | 16:8e0d178b1d1e | 499 | #if defined(WOLFSSL_SMALL_STACK) || defined(NO_ASN) |
| wolfSSL | 15:117db924cf7c | 500 | /* Allocate temporary buffer for hash data */ |
| wolfSSL | 16:8e0d178b1d1e | 501 | hash_data = (byte*)XMALLOC(hash_enc_len, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| wolfSSL | 15:117db924cf7c | 502 | if (hash_data == NULL) { |
| wolfSSL | 15:117db924cf7c | 503 | return MEMORY_E; |
| wolfSSL | 15:117db924cf7c | 504 | } |
| wolfSSL | 16:8e0d178b1d1e | 505 | #endif |
| wolfSSL | 15:117db924cf7c | 506 | |
| wolfSSL | 15:117db924cf7c | 507 | /* Perform hash of data */ |
| wolfSSL | 15:117db924cf7c | 508 | ret = wc_Hash(hash_type, data, data_len, hash_data, hash_len); |
| wolfSSL | 15:117db924cf7c | 509 | if (ret == 0) { |
| wolfSSL | 15:117db924cf7c | 510 | /* Handle RSA with DER encoding */ |
| wolfSSL | 15:117db924cf7c | 511 | if (sig_type == WC_SIGNATURE_TYPE_RSA_W_ENC) { |
| wolfSSL | 16:8e0d178b1d1e | 512 | #if defined(NO_RSA) || defined(NO_ASN) || \ |
| wolfSSL | 16:8e0d178b1d1e | 513 | defined(WOLFSSL_RSA_PUBLIC_ONLY) |
| wolfSSL | 15:117db924cf7c | 514 | ret = SIG_TYPE_E; |
| wolfSSL | 15:117db924cf7c | 515 | #else |
| wolfSSL | 16:8e0d178b1d1e | 516 | ret = wc_SignatureDerEncode(hash_type, hash_data, hash_len, |
| wolfSSL | 16:8e0d178b1d1e | 517 | &hash_enc_len); |
| wolfSSL | 15:117db924cf7c | 518 | #endif |
| wolfSSL | 15:117db924cf7c | 519 | } |
| wolfSSL | 16:8e0d178b1d1e | 520 | if (ret == 0) { |
| wolfSSL | 16:8e0d178b1d1e | 521 | #if defined(WOLFSSL_CRYPTOCELL) |
| wolfSSL | 16:8e0d178b1d1e | 522 | if ((sig_type == WC_SIGNATURE_TYPE_RSA) |
| wolfSSL | 16:8e0d178b1d1e | 523 | || (sig_type == WC_SIGNATURE_TYPE_RSA_W_ENC)) { |
| wolfSSL | 16:8e0d178b1d1e | 524 | if (sig_type == WC_SIGNATURE_TYPE_RSA_W_ENC) { |
| wolfSSL | 16:8e0d178b1d1e | 525 | ret = cc310_RsaSSL_Sign(hash_data, hash_len, sig, *sig_len, |
| wolfSSL | 16:8e0d178b1d1e | 526 | key, cc310_hashModeRSA(hash_type, 0)); |
| wolfSSL | 16:8e0d178b1d1e | 527 | } |
| wolfSSL | 16:8e0d178b1d1e | 528 | else { |
| wolfSSL | 16:8e0d178b1d1e | 529 | ret = cc310_RsaSSL_Sign(hash_data, hash_len, sig, *sig_len, |
| wolfSSL | 16:8e0d178b1d1e | 530 | key, cc310_hashModeRSA(hash_type, 1)); |
| wolfSSL | 16:8e0d178b1d1e | 531 | } |
| wolfSSL | 15:117db924cf7c | 532 | |
| wolfSSL | 16:8e0d178b1d1e | 533 | if (ret == *sig_len) { |
| wolfSSL | 16:8e0d178b1d1e | 534 | ret = 0; |
| wolfSSL | 16:8e0d178b1d1e | 535 | } |
| wolfSSL | 16:8e0d178b1d1e | 536 | } |
| wolfSSL | 16:8e0d178b1d1e | 537 | } |
| wolfSSL | 16:8e0d178b1d1e | 538 | } |
| wolfSSL | 16:8e0d178b1d1e | 539 | #else |
| wolfSSL | 15:117db924cf7c | 540 | /* Generate signature using hash */ |
| wolfSSL | 15:117db924cf7c | 541 | ret = wc_SignatureGenerateHash(hash_type, sig_type, |
| wolfSSL | 16:8e0d178b1d1e | 542 | hash_data, hash_enc_len, sig, sig_len, key, key_len, rng); |
| wolfSSL | 15:117db924cf7c | 543 | } |
| wolfSSL | 15:117db924cf7c | 544 | } |
| wolfSSL | 15:117db924cf7c | 545 | |
| wolfSSL | 16:8e0d178b1d1e | 546 | if (ret == 0 && verify) { |
| wolfSSL | 16:8e0d178b1d1e | 547 | ret = wc_SignatureVerifyHash(hash_type, sig_type, hash_data, |
| wolfSSL | 16:8e0d178b1d1e | 548 | hash_enc_len, sig, *sig_len, key, key_len); |
| wolfSSL | 15:117db924cf7c | 549 | } |
| wolfSSL | 16:8e0d178b1d1e | 550 | #endif /* WOLFSSL_CRYPTOCELL */ |
| wolfSSL | 16:8e0d178b1d1e | 551 | |
| wolfSSL | 16:8e0d178b1d1e | 552 | #if defined(WOLFSSL_SMALL_STACK) || defined(NO_ASN) |
| wolfSSL | 16:8e0d178b1d1e | 553 | XFREE(hash_data, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
| wolfSSL | 16:8e0d178b1d1e | 554 | #endif |
| wolfSSL | 15:117db924cf7c | 555 | |
| wolfSSL | 15:117db924cf7c | 556 | return ret; |
| wolfSSL | 15:117db924cf7c | 557 | } |
| wolfSSL | 15:117db924cf7c | 558 | |
| wolfSSL | 15:117db924cf7c | 559 | #endif /* NO_SIG_WRAPPER */ |
| wolfSSL | 15:117db924cf7c | 560 |