Skip to content

Commit f5b55b2

Browse files
mahavirjmahavirj
committed
Merge branch 'fix/ecdsa_verify_check_hash_len' into 'master'
Wrap some mbedtls' ECDSA verification related APIs See merge request espressif/esp-idf!33349
2 parents 564d777 + c4f60d9 commit f5b55b2

File tree

2 files changed

+113
-4
lines changed

2 files changed

+113
-4
lines changed

components/mbedtls/CMakeLists.txt

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -292,6 +292,9 @@ if(CONFIG_MBEDTLS_HARDWARE_ECDSA_SIGN OR CONFIG_MBEDTLS_HARDWARE_ECDSA_VERIFY)
292292

293293
if(CONFIG_MBEDTLS_HARDWARE_ECDSA_VERIFY)
294294
target_link_libraries(${COMPONENT_LIB} INTERFACE "-Wl,--wrap=mbedtls_ecdsa_verify")
295+
target_link_libraries(${COMPONENT_LIB} INTERFACE "-Wl,--wrap=mbedtls_ecdsa_verify_restartable")
296+
target_link_libraries(${COMPONENT_LIB} INTERFACE "-Wl,--wrap=mbedtls_ecdsa_read_signature")
297+
target_link_libraries(${COMPONENT_LIB} INTERFACE "-Wl,--wrap=mbedtls_ecdsa_read_signature_restartable")
295298
endif()
296299
endif()
297300

components/mbedtls/port/ecdsa/ecdsa_alt.c

Lines changed: 110 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,7 @@
1515
#include "esp_private/esp_crypto_lock_internal.h"
1616
#include "mbedtls/error.h"
1717
#include "mbedtls/ecdsa.h"
18+
#include "mbedtls/asn1.h"
1819
#include "mbedtls/asn1write.h"
1920
#include "mbedtls/platform_util.h"
2021
#include "ecdsa/ecdsa_alt.h"
@@ -653,6 +654,37 @@ static int esp_ecdsa_verify(mbedtls_ecp_group *grp,
653654
return ret;
654655
}
655656

657+
/*
658+
* Verify ECDSA signature of hashed message
659+
*/
660+
extern int __real_mbedtls_ecdsa_verify_restartable(mbedtls_ecp_group *grp,
661+
const unsigned char *buf, size_t blen,
662+
const mbedtls_ecp_point *Q,
663+
const mbedtls_mpi *r,
664+
const mbedtls_mpi *s,
665+
mbedtls_ecdsa_restart_ctx *rs_ctx);
666+
667+
int __wrap_mbedtls_ecdsa_verify_restartable(mbedtls_ecp_group *grp,
668+
const unsigned char *buf, size_t blen,
669+
const mbedtls_ecp_point *Q,
670+
const mbedtls_mpi *r,
671+
const mbedtls_mpi *s,
672+
mbedtls_ecdsa_restart_ctx *rs_ctx);
673+
674+
int __wrap_mbedtls_ecdsa_verify_restartable(mbedtls_ecp_group *grp,
675+
const unsigned char *buf, size_t blen,
676+
const mbedtls_ecp_point *Q,
677+
const mbedtls_mpi *r,
678+
const mbedtls_mpi *s,
679+
mbedtls_ecdsa_restart_ctx *rs_ctx)
680+
{
681+
if ((grp->id == MBEDTLS_ECP_DP_SECP192R1 || grp->id == MBEDTLS_ECP_DP_SECP256R1) && blen == ECDSA_SHA_LEN) {
682+
return esp_ecdsa_verify(grp, buf, blen, Q, r, s);
683+
} else {
684+
return __real_mbedtls_ecdsa_verify_restartable(grp, buf, blen, Q, r, s, rs_ctx);
685+
}
686+
}
687+
656688
/*
657689
* Verify ECDSA signature of hashed message
658690
*/
@@ -674,10 +706,84 @@ int __wrap_mbedtls_ecdsa_verify(mbedtls_ecp_group *grp,
674706
const mbedtls_mpi *r,
675707
const mbedtls_mpi *s)
676708
{
677-
if (grp->id == MBEDTLS_ECP_DP_SECP192R1 || grp->id == MBEDTLS_ECP_DP_SECP256R1) {
678-
return esp_ecdsa_verify(grp, buf, blen, Q, r, s);
679-
} else {
680-
return __real_mbedtls_ecdsa_verify(grp, buf, blen, Q, r, s);
709+
return __wrap_mbedtls_ecdsa_verify_restartable(grp, buf, blen, Q, r, s, NULL);
710+
}
711+
712+
713+
int __real_mbedtls_ecdsa_read_signature_restartable(mbedtls_ecdsa_context *ctx,
714+
const unsigned char *hash, size_t hlen,
715+
const unsigned char *sig, size_t slen,
716+
mbedtls_ecdsa_restart_ctx *rs_ctx);
717+
718+
int __wrap_mbedtls_ecdsa_read_signature_restartable(mbedtls_ecdsa_context *ctx,
719+
const unsigned char *hash, size_t hlen,
720+
const unsigned char *sig, size_t slen,
721+
mbedtls_ecdsa_restart_ctx *rs_ctx);
722+
723+
int __wrap_mbedtls_ecdsa_read_signature_restartable(mbedtls_ecdsa_context *ctx,
724+
const unsigned char *hash, size_t hlen,
725+
const unsigned char *sig, size_t slen,
726+
mbedtls_ecdsa_restart_ctx *rs_ctx)
727+
{
728+
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
729+
unsigned char *p = (unsigned char *) sig;
730+
const unsigned char *end = sig + slen;
731+
size_t len;
732+
mbedtls_mpi r, s;
733+
mbedtls_mpi_init(&r);
734+
mbedtls_mpi_init(&s);
735+
736+
if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
737+
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
738+
ret += MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
739+
goto cleanup;
740+
}
741+
742+
if (p + len != end) {
743+
ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
744+
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
745+
goto cleanup;
746+
}
747+
748+
if ((ret = mbedtls_asn1_get_mpi(&p, end, &r)) != 0 ||
749+
(ret = mbedtls_asn1_get_mpi(&p, end, &s)) != 0) {
750+
ret += MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
751+
goto cleanup;
752+
}
753+
754+
if ((ret = __wrap_mbedtls_ecdsa_verify_restartable(&ctx->MBEDTLS_PRIVATE(grp), hash, hlen,
755+
&ctx->MBEDTLS_PRIVATE(Q), &r, &s, NULL)) != 0) {
756+
goto cleanup;
757+
}
758+
759+
/* At this point we know that the buffer starts with a valid signature.
760+
* Return 0 if the buffer just contains the signature, and a specific
761+
* error code if the valid signature is followed by more data. */
762+
if (p != end) {
763+
ret = MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH;
681764
}
765+
766+
cleanup:
767+
mbedtls_mpi_free(&r);
768+
mbedtls_mpi_free(&s);
769+
770+
return ret;
771+
}
772+
773+
774+
int __real_mbedtls_ecdsa_read_signature(mbedtls_ecdsa_context *ctx,
775+
const unsigned char *hash, size_t hlen,
776+
const unsigned char *sig, size_t slen);
777+
778+
int __wrap_mbedtls_ecdsa_read_signature(mbedtls_ecdsa_context *ctx,
779+
const unsigned char *hash, size_t hlen,
780+
const unsigned char *sig, size_t slen);
781+
782+
int __wrap_mbedtls_ecdsa_read_signature(mbedtls_ecdsa_context *ctx,
783+
const unsigned char *hash, size_t hlen,
784+
const unsigned char *sig, size_t slen)
785+
{
786+
return __wrap_mbedtls_ecdsa_read_signature_restartable(
787+
ctx, hash, hlen, sig, slen, NULL);
682788
}
683789
#endif /* CONFIG_MBEDTLS_HARDWARE_ECDSA_VERIFY */

0 commit comments

Comments
 (0)