tt_result_t tt_ecdsa_verify(IN tt_ecdsa_t *dsa,
IN tt_u8_t *input,
IN tt_u32_t len,
IN tt_md_type_t md_type,
IN tt_u8_t *sig,
IN tt_u32_t sig_len)
{
mbedtls_ecdsa_context *ctx = &dsa->ctx;
mbedtls_md_type_t t;
const mbedtls_md_info_t *md_type_info;
tt_u8_t hash[MBEDTLS_MD_MAX_SIZE];
tt_u32_t hashlen;
int e;
t = tt_g_md_type_map[md_type];
md_type_info = mbedtls_md_info_from_type(t);
mbedtls_md(md_type_info, input, len, hash);
hashlen = mbedtls_md_get_size(md_type_info);
e = mbedtls_ecdsa_read_signature(ctx, hash, hashlen, sig, sig_len);
if (e != 0) {
tt_crypto_error("ecdsa verify failed");
return TT_FAIL;
}
return TT_SUCCESS;
}
/* We don't need the exported key anymore and can
* reuse its buffer for signature extraction. */
if( 2 * signature_part_size > sizeof( buf ) )
{
ret = MBEDTLS_ERR_PK_BAD_INPUT_DATA;
goto cleanup;
}
if( ( ret = extract_ecdsa_sig( &p, sig + sig_len, buf,
signature_part_size ) ) != 0 )
{
goto cleanup;
}
if( psa_asymmetric_verify( key_slot, psa_sig_md,
hash, hash_len,
buf, 2 * signature_part_size )
!= PSA_SUCCESS )
{
ret = MBEDTLS_ERR_ECP_VERIFY_FAILED;
goto cleanup;
}
if( p != sig + sig_len )
{
ret = MBEDTLS_ERR_PK_SIG_LEN_MISMATCH;
goto cleanup;
}
ret = 0;
cleanup:
psa_destroy_key( key_slot );
return( ret );
}
#else /* MBEDTLS_USE_PSA_CRYPTO */
static int ecdsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
const unsigned char *sig, size_t sig_len )
{
int ret;
((void) md_alg);
ret = mbedtls_ecdsa_read_signature( (mbedtls_ecdsa_context *) ctx,
hash, hash_len, sig, sig_len );
if( ret == MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH )
return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );
return( ret );
}
static int
bootutil_cmp_sig(mbedtls_ecdsa_context *ctx, uint8_t *hash, uint32_t hlen,
uint8_t *sig, int slen)
{
return mbedtls_ecdsa_read_signature(ctx, hash, hlen, sig, slen);
}
