tt_result_t tt_ecdsa_verify(IN tt_ecdsa_t *dsa, IN tt_u8_t *input, IN tt_u32_t len, IN tt_md_type_t md_type, IN tt_u8_t *sig, IN tt_u32_t sig_len) { mbedtls_ecdsa_context *ctx = &dsa->ctx; mbedtls_md_type_t t; const mbedtls_md_info_t *md_type_info; tt_u8_t hash[MBEDTLS_MD_MAX_SIZE]; tt_u32_t hashlen; int e; t = tt_g_md_type_map[md_type]; md_type_info = mbedtls_md_info_from_type(t); mbedtls_md(md_type_info, input, len, hash); hashlen = mbedtls_md_get_size(md_type_info); e = mbedtls_ecdsa_read_signature(ctx, hash, hashlen, sig, sig_len); if (e != 0) { tt_crypto_error("ecdsa verify failed"); return TT_FAIL; } return TT_SUCCESS; }
/* We don't need the exported key anymore and can * reuse its buffer for signature extraction. */ if( 2 * signature_part_size > sizeof( buf ) ) { ret = MBEDTLS_ERR_PK_BAD_INPUT_DATA; goto cleanup; } if( ( ret = extract_ecdsa_sig( &p, sig + sig_len, buf, signature_part_size ) ) != 0 ) { goto cleanup; } if( psa_asymmetric_verify( key_slot, psa_sig_md, hash, hash_len, buf, 2 * signature_part_size ) != PSA_SUCCESS ) { ret = MBEDTLS_ERR_ECP_VERIFY_FAILED; goto cleanup; } if( p != sig + sig_len ) { ret = MBEDTLS_ERR_PK_SIG_LEN_MISMATCH; goto cleanup; } ret = 0; cleanup: psa_destroy_key( key_slot ); return( ret ); } #else /* MBEDTLS_USE_PSA_CRYPTO */ static int ecdsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hash_len, const unsigned char *sig, size_t sig_len ) { int ret; ((void) md_alg); ret = mbedtls_ecdsa_read_signature( (mbedtls_ecdsa_context *) ctx, hash, hash_len, sig, sig_len ); if( ret == MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH ) return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH ); return( ret ); }
static int bootutil_cmp_sig(mbedtls_ecdsa_context *ctx, uint8_t *hash, uint32_t hlen, uint8_t *sig, int slen) { return mbedtls_ecdsa_read_signature(ctx, hash, hlen, sig, slen); }