static value dgst_sign(value data, value key, value alg){ const mbedtls_md_info_t *md; int r = -1; size_t olen = 0; value out; unsigned char *buf; unsigned char hash[32]; val_check(data, string); val_check_kind(key, k_pkey); val_check(alg, string); md = mbedtls_md_info_from_string(val_string(alg)); if( md == NULL ){ val_throw(alloc_string("Invalid hash algorithm")); return val_null; } if( (r = mbedtls_md( md, (const unsigned char *)val_string(data), val_strlen(data), hash )) != 0 ) return ssl_error(r); out = alloc_empty_string(MBEDTLS_MPI_MAX_SIZE); buf = (unsigned char *)val_string(out); if( (r = mbedtls_pk_sign( val_pkey(key), mbedtls_md_get_type(md), hash, 0, buf, &olen, mbedtls_ctr_drbg_random, &ctr_drbg )) != 0 ) return ssl_error(r); buf[olen] = 0; val_set_size(out, olen); return out; }
result_t PKey::sign(Buffer_base *data, int32_t alg, obj_ptr<Buffer_base> &retVal, AsyncEvent *ac) { if (!ac) return CHECK_ERROR(CALL_E_NOSYNC); result_t hr; bool priv; hr = isPrivate(priv); if (hr < 0) return hr; if (!priv) return CHECK_ERROR(CALL_E_INVALID_CALL); int32_t ret; std::string str; std::string output; size_t olen; data->toString(str); output.resize(MBEDTLS_PREMASTER_SIZE); //alg=0~9 see https://tls.mbed.org/api/md_8h.html enum mbedtls_md_type_t ret = mbedtls_pk_sign(&m_key, (mbedtls_md_type_t)alg, (const unsigned char *)str.c_str(), str.length(), (unsigned char *)&output[0], &olen, mbedtls_ctr_drbg_random, &g_ssl.ctr_drbg); if (ret != 0) return CHECK_ERROR(_ssl::setError(ret)); output.resize(olen); retVal = new Buffer(output); return 0; }
int rsa_sign(mbedtls_pk_context *pk, const uint8_t *input, size_t input_size, uint8_t *output, size_t *output_size) { // TODO(KAA-982): Use asserts if (!input || !input_size || !output || !output_size) { return KAA_ERR_BADPARAM; } int ret = 0; uint8_t hash[32]; mbedtls_entropy_context entropy; mbedtls_ctr_drbg_context ctr_drbg; const uint8_t pers[] = "mbedtls_pk_sign"; mbedtls_entropy_init(&entropy); mbedtls_ctr_drbg_init(&ctr_drbg); if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, pers,sizeof(pers) - 1)) != 0) { goto exit; } const mbedtls_md_info_t *info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA1); if ((ret = mbedtls_md(info, input, input_size, hash)) != 0) { goto exit; } ret = mbedtls_pk_sign(pk, MBEDTLS_MD_SHA1, hash, 0, output, output_size, mbedtls_ctr_drbg_random, &ctr_drbg); exit: mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); return ret ? KAA_ERR_BADDATA : KAA_ERR_NONE; }
int main( int argc, char *argv[] ) { FILE *f; int ret = 1; mbedtls_pk_context pk; mbedtls_entropy_context entropy; mbedtls_ctr_drbg_context ctr_drbg; unsigned char hash[32]; unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; char filename[512]; const char *pers = "rsa_sign_pss"; size_t olen = 0; mbedtls_entropy_init( &entropy ); mbedtls_pk_init( &pk ); mbedtls_ctr_drbg_init( &ctr_drbg ); if( argc != 3 ) { mbedtls_printf( "usage: rsa_sign_pss <key_file> <filename>\n" ); #if defined(_WIN32) mbedtls_printf( "\n" ); #endif goto exit; } mbedtls_printf( "\n . Seeding the random number generator..." ); fflush( stdout ); if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, (const unsigned char *) pers, strlen( pers ) ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret ); goto exit; } mbedtls_printf( "\n . Reading private key from '%s'", argv[1] ); fflush( stdout ); if( ( ret = mbedtls_pk_parse_keyfile( &pk, argv[1], "" ) ) != 0 ) { ret = 1; mbedtls_printf( " failed\n ! Could not read key from '%s'\n", argv[1] ); mbedtls_printf( " ! mbedtls_pk_parse_public_keyfile returned %d\n\n", ret ); goto exit; } if( !mbedtls_pk_can_do( &pk, MBEDTLS_PK_RSA ) ) { ret = 1; mbedtls_printf( " failed\n ! Key is not an RSA key\n" ); goto exit; } mbedtls_rsa_set_padding( mbedtls_pk_rsa( pk ), MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_SHA256 ); /* * Compute the SHA-256 hash of the input file, * then calculate the RSA signature of the hash. */ mbedtls_printf( "\n . Generating the RSA/SHA-256 signature" ); fflush( stdout ); if( ( ret = mbedtls_md_file( mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 ), argv[2], hash ) ) != 0 ) { mbedtls_printf( " failed\n ! Could not open or read %s\n\n", argv[2] ); goto exit; } if( ( ret = mbedtls_pk_sign( &pk, MBEDTLS_MD_SHA256, hash, 0, buf, &olen, mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_pk_sign returned %d\n\n", ret ); goto exit; } /* * Write the signature into <filename>.sig */ mbedtls_snprintf( filename, 512, "%s.sig", argv[2] ); if( ( f = fopen( filename, "wb+" ) ) == NULL ) { ret = 1; mbedtls_printf( " failed\n ! Could not create %s\n\n", filename ); goto exit; } if( fwrite( buf, 1, olen, f ) != olen ) { mbedtls_printf( "failed\n ! fwrite failed\n\n" ); goto exit; } fclose( f ); mbedtls_printf( "\n . Done (created \"%s\")\n\n", filename ); exit: mbedtls_pk_free( &pk ); mbedtls_ctr_drbg_free( &ctr_drbg ); mbedtls_entropy_free( &entropy ); #if defined(_WIN32) mbedtls_printf( " + Press Enter to exit this program.\n" ); fflush( stdout ); getchar(); #endif return( ret ); }
int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { int ret; const char *sig_oid; size_t sig_oid_len = 0; unsigned char *c, *c2; unsigned char hash[64]; unsigned char sig[MBEDTLS_MPI_MAX_SIZE]; unsigned char tmp_buf[2048]; size_t sub_len = 0, pub_len = 0, sig_and_oid_len = 0, sig_len; size_t len = 0; mbedtls_pk_type_t pk_alg; /* * Prepare data to be signed in tmp_buf */ c = tmp_buf + sizeof( tmp_buf ); /* Signature algorithm needed in TBS, and later for actual signature */ pk_alg = mbedtls_pk_get_type( ctx->issuer_key ); if( pk_alg == MBEDTLS_PK_ECKEY ) pk_alg = MBEDTLS_PK_ECDSA; if( ( ret = mbedtls_oid_get_oid_by_sig_alg( pk_alg, ctx->md_alg, &sig_oid, &sig_oid_len ) ) != 0 ) { return( ret ); } /* * Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension */ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_x509_write_extensions( &c, tmp_buf, ctx->extensions ) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 3 ) ); /* * SubjectPublicKeyInfo */ MBEDTLS_ASN1_CHK_ADD( pub_len, mbedtls_pk_write_pubkey_der( ctx->subject_key, tmp_buf, c - tmp_buf ) ); c -= pub_len; len += pub_len; /* * Subject ::= Name */ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_x509_write_names( &c, tmp_buf, ctx->subject ) ); /* * Validity ::= SEQUENCE { * notBefore Time, * notAfter Time } */ sub_len = 0; MBEDTLS_ASN1_CHK_ADD( sub_len, x509_write_time( &c, tmp_buf, ctx->not_after, MBEDTLS_X509_RFC5280_UTC_TIME_LEN ) ); MBEDTLS_ASN1_CHK_ADD( sub_len, x509_write_time( &c, tmp_buf, ctx->not_before, MBEDTLS_X509_RFC5280_UTC_TIME_LEN ) ); len += sub_len; MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, sub_len ) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ); /* * Issuer ::= Name */ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_x509_write_names( &c, tmp_buf, ctx->issuer ) ); /* * Signature ::= AlgorithmIdentifier */ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_algorithm_identifier( &c, tmp_buf, sig_oid, strlen( sig_oid ), 0 ) ); /* * Serial ::= INTEGER */ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( &c, tmp_buf, &ctx->serial ) ); /* * Version ::= INTEGER { v1(0), v2(1), v3(2) } */ sub_len = 0; MBEDTLS_ASN1_CHK_ADD( sub_len, mbedtls_asn1_write_int( &c, tmp_buf, ctx->version ) ); len += sub_len; MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, sub_len ) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0 ) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ); /* * Make signature */ mbedtls_md( mbedtls_md_info_from_type( ctx->md_alg ), c, len, hash ); if( ( ret = mbedtls_pk_sign( ctx->issuer_key, ctx->md_alg, hash, 0, sig, &sig_len, f_rng, p_rng ) ) != 0 ) { return( ret ); } /* * Write data to output buffer */ c2 = buf + size; MBEDTLS_ASN1_CHK_ADD( sig_and_oid_len, mbedtls_x509_write_sig( &c2, buf, sig_oid, sig_oid_len, sig, sig_len ) ); if( len > (size_t)( c2 - buf ) ) return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); c2 -= len; memcpy( c2, c, len ); len += sig_and_oid_len; MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c2, buf, len ) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c2, buf, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ); return( (int) len ); }
int mbedtls_x509write_csr_der( mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { int ret; const char *sig_oid; size_t sig_oid_len = 0; unsigned char *c, *c2; unsigned char hash[64]; unsigned char sig[MBEDTLS_MPI_MAX_SIZE]; unsigned char tmp_buf[2048]; size_t pub_len = 0, sig_and_oid_len = 0, sig_len; size_t len = 0; mbedtls_pk_type_t pk_alg; /* * Prepare data to be signed in tmp_buf */ c = tmp_buf + sizeof( tmp_buf ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_x509_write_extensions( &c, tmp_buf, ctx->extensions ) ); if( len ) { MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SET ) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_oid( &c, tmp_buf, MBEDTLS_OID_PKCS9_CSR_EXT_REQ, MBEDTLS_OID_SIZE( MBEDTLS_OID_PKCS9_CSR_EXT_REQ ) ) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ); } MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC ) ); MBEDTLS_ASN1_CHK_ADD( pub_len, mbedtls_pk_write_pubkey_der( ctx->key, tmp_buf, c - tmp_buf ) ); c -= pub_len; len += pub_len; /* * Subject ::= Name */ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_x509_write_names( &c, tmp_buf, ctx->subject ) ); /* * Version ::= INTEGER { v1(0), v2(1), v3(2) } */ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_int( &c, tmp_buf, 0 ) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ); /* * Prepare signature */ mbedtls_md( mbedtls_md_info_from_type( ctx->md_alg ), c, len, hash ); pk_alg = mbedtls_pk_get_type( ctx->key ); if( pk_alg == MBEDTLS_PK_ECKEY ) pk_alg = MBEDTLS_PK_ECDSA; if( ( ret = mbedtls_pk_sign( ctx->key, ctx->md_alg, hash, 0, sig, &sig_len, f_rng, p_rng ) ) != 0 || ( ret = mbedtls_oid_get_oid_by_sig_alg( pk_alg, ctx->md_alg, &sig_oid, &sig_oid_len ) ) != 0 ) { return( ret ); } /* * Write data to output buffer */ c2 = buf + size; MBEDTLS_ASN1_CHK_ADD( sig_and_oid_len, mbedtls_x509_write_sig( &c2, buf, sig_oid, sig_oid_len, sig, sig_len ) ); c2 -= len; memcpy( c2, c, len ); len += sig_and_oid_len; MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c2, buf, len ) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c2, buf, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ); return( (int) len ); }
int main( int argc, char *argv[] ) { FILE *f; int ret = 1; int exit_code = MBEDTLS_EXIT_FAILURE; mbedtls_pk_context pk; mbedtls_entropy_context entropy; mbedtls_ctr_drbg_context ctr_drbg; unsigned char hash[32]; unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; char filename[512]; const char *pers = "mbedtls_pk_sign"; size_t olen = 0; mbedtls_entropy_init( &entropy ); mbedtls_ctr_drbg_init( &ctr_drbg ); mbedtls_pk_init( &pk ); if( argc != 3 ) { mbedtls_printf( "usage: mbedtls_pk_sign <key_file> <filename>\n" ); #if defined(_WIN32) mbedtls_printf( "\n" ); #endif goto exit; } mbedtls_printf( "\n . Seeding the random number generator..." ); fflush( stdout ); if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, (const unsigned char *) pers, strlen( pers ) ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n", -ret ); goto exit; } mbedtls_printf( "\n . Reading private key from '%s'", argv[1] ); fflush( stdout ); if( ( ret = mbedtls_pk_parse_keyfile( &pk, argv[1], "" ) ) != 0 ) { mbedtls_printf( " failed\n ! Could not parse '%s'\n", argv[1] ); goto exit; } /* * Compute the SHA-256 hash of the input file, * then calculate the signature of the hash. */ mbedtls_printf( "\n . Generating the SHA-256 signature" ); fflush( stdout ); if( ( ret = mbedtls_md_file( mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 ), argv[2], hash ) ) != 0 ) { mbedtls_printf( " failed\n ! Could not open or read %s\n\n", argv[2] ); goto exit; } if( ( ret = mbedtls_pk_sign( &pk, MBEDTLS_MD_SHA256, hash, 0, buf, &olen, mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_pk_sign returned -0x%04x\n", -ret ); goto exit; } /* * Write the signature into <filename>.sig */ mbedtls_snprintf( filename, sizeof(filename), "%s.sig", argv[2] ); if( ( f = fopen( filename, "wb+" ) ) == NULL ) { mbedtls_printf( " failed\n ! Could not create %s\n\n", filename ); goto exit; } if( fwrite( buf, 1, olen, f ) != olen ) { mbedtls_printf( "failed\n ! fwrite failed\n\n" ); fclose( f ); goto exit; } fclose( f ); mbedtls_printf( "\n . Done (created \"%s\")\n\n", filename ); exit_code = MBEDTLS_EXIT_SUCCESS; exit: mbedtls_pk_free( &pk ); mbedtls_ctr_drbg_free( &ctr_drbg ); mbedtls_entropy_free( &entropy ); #if defined(MBEDTLS_ERROR_C) if( exit_code != MBEDTLS_EXIT_SUCCESS ) { mbedtls_strerror( ret, (char *) buf, sizeof(buf) ); mbedtls_printf( " ! Last error was: %s\n", buf ); } #endif #if defined(_WIN32) mbedtls_printf( " + Press Enter to exit this program.\n" ); fflush( stdout ); getchar(); #endif return( exit_code ); }
/** * Wrapper for sign-verify operations. * * @param Cipher Algorithm class * @param CryptoKey Key parameters * @param Hashes Digest alg to use. * @param uint8_t* Buffer to be signed/verified... * @param int ...and its length. * @param uint8_t* Buffer to hold signature... * @param int* ...and its length. * @param uint8_t* Buffer holding the key... * @param int ...and its length. * @param uint32_t Options to the operations. * @return 0 if the operation completed successfully. */ int __attribute__((weak)) wrapped_sign_verify(Cipher c, CryptoKey k, Hashes h, uint8_t* msg, int msg_len, uint8_t* sig, size_t* sig_len, uint8_t* key, int key_len, uint32_t opts) { if (keygen_deferred_handling(k)) { // If overriden by user implementation. return _s_v_overrides[k](c, k, h, msg, msg_len, sig, sig_len, key, key_len, opts); } int ret = -1; // Failure by default. uint8_t* hash; int hashlen; if (Hashes::NONE != h) { hashlen = get_digest_output_length(h); hash = (uint8_t*) alloca(hashlen); if (hash) { ret = wrapped_hash(msg, msg_len, hash, h); } } else { // This is the no-digest case. hashlen = msg_len; hash = msg; ret = 0; // TODO: Fail if size is greater than the maximum input length for the Key type. } if (0 == ret) { // If we are here, the hashing operation worked. Now we case-off on key/algo. mbedtls_pk_context k_ctx; mbedtls_pk_init(&k_ctx); uint32_t pers = randomInt(); mbedtls_ctr_drbg_context ctr_drbg; mbedtls_ctr_drbg_init(&ctr_drbg); ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, (const uint8_t*) &pers, 4 ); if (0 == ret) { switch (c) { #if defined(WRAPPED_ASYM_RSA) case Cipher::ASYM_RSA: //ret = mbedtls_pk_setup(&k_ctx, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)); if (opts & OP_SIGN) { ret = mbedtls_pk_setup(&k_ctx, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)); if (0 == ret) { ret = mbedtls_pk_parse_key(&k_ctx, key, key_len, nullptr, 0); if (0 == ret) { ret = mbedtls_pk_sign( &k_ctx, (mbedtls_md_type_t) h, hash, hashlen, sig, sig_len, mbedtls_ctr_drbg_random, &ctr_drbg ); } } } else { ret = mbedtls_pk_parse_public_key(&k_ctx, key, key_len); if (0 == ret) { ret = mbedtls_pk_verify( &k_ctx, (mbedtls_md_type_t) h, hash, hashlen, sig, *sig_len ); } } break; #endif #if defined(MBEDTLS_ECDSA_C) case Cipher::ASYM_ECDSA: if (opts & OP_SIGN) { ret = mbedtls_pk_setup(&k_ctx, mbedtls_pk_info_from_type(MBEDTLS_PK_ECDSA)); if (0 == ret) { ret = mbedtls_pk_parse_key(&k_ctx, key, key_len, nullptr, 0); if (0 == ret) { ret = mbedtls_pk_sign( &k_ctx, (mbedtls_md_type_t) h, hash, hashlen, sig, sig_len, mbedtls_ctr_drbg_random, &ctr_drbg ); } } } else { ret = mbedtls_pk_parse_public_key(&k_ctx, key, key_len); if (0 == ret) { ret = mbedtls_pk_verify( &k_ctx, (mbedtls_md_type_t) h, hash, hashlen, sig, *sig_len ); } } break; #endif #if defined(MBEDTLS_ECP_C) case Cipher::ASYM_ECKEY: if (opts & OP_SIGN) { ret = mbedtls_pk_setup(&k_ctx, mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY)); if (0 == ret) { ret = mbedtls_pk_parse_key(&k_ctx, key, key_len, nullptr, 0); if (0 == ret) { ret = mbedtls_pk_sign( &k_ctx, (mbedtls_md_type_t) h, hash, hashlen, sig, sig_len, mbedtls_ctr_drbg_random, &ctr_drbg ); } } } else { ret = mbedtls_pk_parse_public_key(&k_ctx, key, key_len); if (0 == ret) { ret = mbedtls_pk_verify( &k_ctx, (mbedtls_md_type_t) h, hash, hashlen, sig, *sig_len ); } } break; #endif default: break; } } } return ret; }