static value dgst_sign(value data, value key, value alg){
const mbedtls_md_info_t *md;
int r = -1;
size_t olen = 0;
value out;
unsigned char *buf;
unsigned char hash[32];
val_check(data, string);
val_check_kind(key, k_pkey);
val_check(alg, string);
md = mbedtls_md_info_from_string(val_string(alg));
if( md == NULL ){
val_throw(alloc_string("Invalid hash algorithm"));
return val_null;
}
if( (r = mbedtls_md( md, (const unsigned char *)val_string(data), val_strlen(data), hash )) != 0 )
return ssl_error(r);
out = alloc_empty_string(MBEDTLS_MPI_MAX_SIZE);
buf = (unsigned char *)val_string(out);
if( (r = mbedtls_pk_sign( val_pkey(key), mbedtls_md_get_type(md), hash, 0, buf, &olen, mbedtls_ctr_drbg_random, &ctr_drbg )) != 0 )
return ssl_error(r);
buf[olen] = 0;
val_set_size(out, olen);
return out;
}
result_t PKey::sign(Buffer_base *data, int32_t alg, obj_ptr<Buffer_base> &retVal,
AsyncEvent *ac)
{
if (!ac)
return CHECK_ERROR(CALL_E_NOSYNC);
result_t hr;
bool priv;
hr = isPrivate(priv);
if (hr < 0)
return hr;
if (!priv)
return CHECK_ERROR(CALL_E_INVALID_CALL);
int32_t ret;
std::string str;
std::string output;
size_t olen;
data->toString(str);
output.resize(MBEDTLS_PREMASTER_SIZE);
//alg=0~9 see https://tls.mbed.org/api/md_8h.html enum mbedtls_md_type_t
ret = mbedtls_pk_sign(&m_key, (mbedtls_md_type_t)alg,
(const unsigned char *)str.c_str(), str.length(),
(unsigned char *)&output[0], &olen,
mbedtls_ctr_drbg_random, &g_ssl.ctr_drbg);
if (ret != 0)
return CHECK_ERROR(_ssl::setError(ret));
output.resize(olen);
retVal = new Buffer(output);
return 0;
}
int rsa_sign(mbedtls_pk_context *pk, const uint8_t *input,
size_t input_size, uint8_t *output, size_t *output_size)
{
// TODO(KAA-982): Use asserts
if (!input || !input_size || !output || !output_size) {
return KAA_ERR_BADPARAM;
}
int ret = 0;
uint8_t hash[32];
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
const uint8_t pers[] = "mbedtls_pk_sign";
mbedtls_entropy_init(&entropy);
mbedtls_ctr_drbg_init(&ctr_drbg);
if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
pers,sizeof(pers) - 1)) != 0) {
goto exit;
}
const mbedtls_md_info_t *info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA1);
if ((ret = mbedtls_md(info, input, input_size, hash)) != 0) {
goto exit;
}
ret = mbedtls_pk_sign(pk, MBEDTLS_MD_SHA1, hash, 0, output, output_size,
mbedtls_ctr_drbg_random, &ctr_drbg);
exit:
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
return ret ? KAA_ERR_BADDATA : KAA_ERR_NONE;
}
int main( int argc, char *argv[] )
{
FILE *f;
int ret = 1;
mbedtls_pk_context pk;
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
unsigned char hash[32];
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
char filename[512];
const char *pers = "rsa_sign_pss";
size_t olen = 0;
mbedtls_entropy_init( &entropy );
mbedtls_pk_init( &pk );
mbedtls_ctr_drbg_init( &ctr_drbg );
if( argc != 3 )
{
mbedtls_printf( "usage: rsa_sign_pss <key_file> <filename>\n" );
#if defined(_WIN32)
mbedtls_printf( "\n" );
#endif
goto exit;
}
mbedtls_printf( "\n . Seeding the random number generator..." );
fflush( stdout );
if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret );
goto exit;
}
mbedtls_printf( "\n . Reading private key from '%s'", argv[1] );
fflush( stdout );
if( ( ret = mbedtls_pk_parse_keyfile( &pk, argv[1], "" ) ) != 0 )
{
ret = 1;
mbedtls_printf( " failed\n ! Could not read key from '%s'\n", argv[1] );
mbedtls_printf( " ! mbedtls_pk_parse_public_keyfile returned %d\n\n", ret );
goto exit;
}
if( !mbedtls_pk_can_do( &pk, MBEDTLS_PK_RSA ) )
{
ret = 1;
mbedtls_printf( " failed\n ! Key is not an RSA key\n" );
goto exit;
}
mbedtls_rsa_set_padding( mbedtls_pk_rsa( pk ), MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_SHA256 );
/*
* Compute the SHA-256 hash of the input file,
* then calculate the RSA signature of the hash.
*/
mbedtls_printf( "\n . Generating the RSA/SHA-256 signature" );
fflush( stdout );
if( ( ret = mbedtls_md_file(
mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 ),
argv[2], hash ) ) != 0 )
{
mbedtls_printf( " failed\n ! Could not open or read %s\n\n", argv[2] );
goto exit;
}
if( ( ret = mbedtls_pk_sign( &pk, MBEDTLS_MD_SHA256, hash, 0, buf, &olen,
mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_pk_sign returned %d\n\n", ret );
goto exit;
}
/*
* Write the signature into <filename>.sig
*/
mbedtls_snprintf( filename, 512, "%s.sig", argv[2] );
if( ( f = fopen( filename, "wb+" ) ) == NULL )
{
ret = 1;
mbedtls_printf( " failed\n ! Could not create %s\n\n", filename );
goto exit;
}
if( fwrite( buf, 1, olen, f ) != olen )
{
mbedtls_printf( "failed\n ! fwrite failed\n\n" );
goto exit;
}
fclose( f );
mbedtls_printf( "\n . Done (created \"%s\")\n\n", filename );
exit:
mbedtls_pk_free( &pk );
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
#if defined(_WIN32)
mbedtls_printf( " + Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
return( ret );
}
int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
int ret;
const char *sig_oid;
size_t sig_oid_len = 0;
unsigned char *c, *c2;
unsigned char hash[64];
unsigned char sig[MBEDTLS_MPI_MAX_SIZE];
unsigned char tmp_buf[2048];
size_t sub_len = 0, pub_len = 0, sig_and_oid_len = 0, sig_len;
size_t len = 0;
mbedtls_pk_type_t pk_alg;
/*
* Prepare data to be signed in tmp_buf
*/
c = tmp_buf + sizeof( tmp_buf );
/* Signature algorithm needed in TBS, and later for actual signature */
pk_alg = mbedtls_pk_get_type( ctx->issuer_key );
if( pk_alg == MBEDTLS_PK_ECKEY )
pk_alg = MBEDTLS_PK_ECDSA;
if( ( ret = mbedtls_oid_get_oid_by_sig_alg( pk_alg, ctx->md_alg,
&sig_oid, &sig_oid_len ) ) != 0 )
{
return( ret );
}
/*
* Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
*/
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_x509_write_extensions( &c, tmp_buf, ctx->extensions ) );
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) );
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED |
MBEDTLS_ASN1_SEQUENCE ) );
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) );
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONTEXT_SPECIFIC |
MBEDTLS_ASN1_CONSTRUCTED | 3 ) );
/*
* SubjectPublicKeyInfo
*/
MBEDTLS_ASN1_CHK_ADD( pub_len, mbedtls_pk_write_pubkey_der( ctx->subject_key,
tmp_buf, c - tmp_buf ) );
c -= pub_len;
len += pub_len;
/*
* Subject ::= Name
*/
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_x509_write_names( &c, tmp_buf, ctx->subject ) );
/*
* Validity ::= SEQUENCE {
* notBefore Time,
* notAfter Time }
*/
sub_len = 0;
MBEDTLS_ASN1_CHK_ADD( sub_len, x509_write_time( &c, tmp_buf, ctx->not_after,
MBEDTLS_X509_RFC5280_UTC_TIME_LEN ) );
MBEDTLS_ASN1_CHK_ADD( sub_len, x509_write_time( &c, tmp_buf, ctx->not_before,
MBEDTLS_X509_RFC5280_UTC_TIME_LEN ) );
len += sub_len;
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, sub_len ) );
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED |
MBEDTLS_ASN1_SEQUENCE ) );
/*
* Issuer ::= Name
*/
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_x509_write_names( &c, tmp_buf, ctx->issuer ) );
/*
* Signature ::= AlgorithmIdentifier
*/
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_algorithm_identifier( &c, tmp_buf,
sig_oid, strlen( sig_oid ), 0 ) );
/*
* Serial ::= INTEGER
*/
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( &c, tmp_buf, &ctx->serial ) );
/*
* Version ::= INTEGER { v1(0), v2(1), v3(2) }
*/
sub_len = 0;
MBEDTLS_ASN1_CHK_ADD( sub_len, mbedtls_asn1_write_int( &c, tmp_buf, ctx->version ) );
len += sub_len;
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, sub_len ) );
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONTEXT_SPECIFIC |
MBEDTLS_ASN1_CONSTRUCTED | 0 ) );
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) );
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED |
MBEDTLS_ASN1_SEQUENCE ) );
/*
* Make signature
*/
mbedtls_md( mbedtls_md_info_from_type( ctx->md_alg ), c, len, hash );
if( ( ret = mbedtls_pk_sign( ctx->issuer_key, ctx->md_alg, hash, 0, sig, &sig_len,
f_rng, p_rng ) ) != 0 )
{
return( ret );
}
/*
* Write data to output buffer
*/
c2 = buf + size;
MBEDTLS_ASN1_CHK_ADD( sig_and_oid_len, mbedtls_x509_write_sig( &c2, buf,
sig_oid, sig_oid_len, sig, sig_len ) );
if( len > (size_t)( c2 - buf ) )
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
c2 -= len;
memcpy( c2, c, len );
len += sig_and_oid_len;
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c2, buf, len ) );
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c2, buf, MBEDTLS_ASN1_CONSTRUCTED |
MBEDTLS_ASN1_SEQUENCE ) );
return( (int) len );
}
int mbedtls_x509write_csr_der( mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
int ret;
const char *sig_oid;
size_t sig_oid_len = 0;
unsigned char *c, *c2;
unsigned char hash[64];
unsigned char sig[MBEDTLS_MPI_MAX_SIZE];
unsigned char tmp_buf[2048];
size_t pub_len = 0, sig_and_oid_len = 0, sig_len;
size_t len = 0;
mbedtls_pk_type_t pk_alg;
/*
* Prepare data to be signed in tmp_buf
*/
c = tmp_buf + sizeof( tmp_buf );
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_x509_write_extensions( &c, tmp_buf, ctx->extensions ) );
if( len )
{
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) );
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED |
MBEDTLS_ASN1_SEQUENCE ) );
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) );
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED |
MBEDTLS_ASN1_SET ) );
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_oid( &c, tmp_buf, MBEDTLS_OID_PKCS9_CSR_EXT_REQ,
MBEDTLS_OID_SIZE( MBEDTLS_OID_PKCS9_CSR_EXT_REQ ) ) );
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) );
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED |
MBEDTLS_ASN1_SEQUENCE ) );
}
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) );
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED |
MBEDTLS_ASN1_CONTEXT_SPECIFIC ) );
MBEDTLS_ASN1_CHK_ADD( pub_len, mbedtls_pk_write_pubkey_der( ctx->key,
tmp_buf, c - tmp_buf ) );
c -= pub_len;
len += pub_len;
/*
* Subject ::= Name
*/
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_x509_write_names( &c, tmp_buf, ctx->subject ) );
/*
* Version ::= INTEGER { v1(0), v2(1), v3(2) }
*/
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_int( &c, tmp_buf, 0 ) );
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) );
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED |
MBEDTLS_ASN1_SEQUENCE ) );
/*
* Prepare signature
*/
mbedtls_md( mbedtls_md_info_from_type( ctx->md_alg ), c, len, hash );
pk_alg = mbedtls_pk_get_type( ctx->key );
if( pk_alg == MBEDTLS_PK_ECKEY )
pk_alg = MBEDTLS_PK_ECDSA;
if( ( ret = mbedtls_pk_sign( ctx->key, ctx->md_alg, hash, 0, sig, &sig_len,
f_rng, p_rng ) ) != 0 ||
( ret = mbedtls_oid_get_oid_by_sig_alg( pk_alg, ctx->md_alg,
&sig_oid, &sig_oid_len ) ) != 0 )
{
return( ret );
}
/*
* Write data to output buffer
*/
c2 = buf + size;
MBEDTLS_ASN1_CHK_ADD( sig_and_oid_len, mbedtls_x509_write_sig( &c2, buf,
sig_oid, sig_oid_len, sig, sig_len ) );
c2 -= len;
memcpy( c2, c, len );
len += sig_and_oid_len;
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c2, buf, len ) );
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c2, buf, MBEDTLS_ASN1_CONSTRUCTED |
MBEDTLS_ASN1_SEQUENCE ) );
return( (int) len );
}
int main( int argc, char *argv[] )
{
FILE *f;
int ret = 1;
int exit_code = MBEDTLS_EXIT_FAILURE;
mbedtls_pk_context pk;
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
unsigned char hash[32];
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
char filename[512];
const char *pers = "mbedtls_pk_sign";
size_t olen = 0;
mbedtls_entropy_init( &entropy );
mbedtls_ctr_drbg_init( &ctr_drbg );
mbedtls_pk_init( &pk );
if( argc != 3 )
{
mbedtls_printf( "usage: mbedtls_pk_sign <key_file> <filename>\n" );
#if defined(_WIN32)
mbedtls_printf( "\n" );
#endif
goto exit;
}
mbedtls_printf( "\n . Seeding the random number generator..." );
fflush( stdout );
if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n", -ret );
goto exit;
}
mbedtls_printf( "\n . Reading private key from '%s'", argv[1] );
fflush( stdout );
if( ( ret = mbedtls_pk_parse_keyfile( &pk, argv[1], "" ) ) != 0 )
{
mbedtls_printf( " failed\n ! Could not parse '%s'\n", argv[1] );
goto exit;
}
/*
* Compute the SHA-256 hash of the input file,
* then calculate the signature of the hash.
*/
mbedtls_printf( "\n . Generating the SHA-256 signature" );
fflush( stdout );
if( ( ret = mbedtls_md_file(
mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 ),
argv[2], hash ) ) != 0 )
{
mbedtls_printf( " failed\n ! Could not open or read %s\n\n", argv[2] );
goto exit;
}
if( ( ret = mbedtls_pk_sign( &pk, MBEDTLS_MD_SHA256, hash, 0, buf, &olen,
mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_pk_sign returned -0x%04x\n", -ret );
goto exit;
}
/*
* Write the signature into <filename>.sig
*/
mbedtls_snprintf( filename, sizeof(filename), "%s.sig", argv[2] );
if( ( f = fopen( filename, "wb+" ) ) == NULL )
{
mbedtls_printf( " failed\n ! Could not create %s\n\n", filename );
goto exit;
}
if( fwrite( buf, 1, olen, f ) != olen )
{
mbedtls_printf( "failed\n ! fwrite failed\n\n" );
fclose( f );
goto exit;
}
fclose( f );
mbedtls_printf( "\n . Done (created \"%s\")\n\n", filename );
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
mbedtls_pk_free( &pk );
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
#if defined(MBEDTLS_ERROR_C)
if( exit_code != MBEDTLS_EXIT_SUCCESS )
{
mbedtls_strerror( ret, (char *) buf, sizeof(buf) );
mbedtls_printf( " ! Last error was: %s\n", buf );
}
#endif
#if defined(_WIN32)
mbedtls_printf( " + Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
return( exit_code );
}
/**
* Wrapper for sign-verify operations.
*
* @param Cipher Algorithm class
* @param CryptoKey Key parameters
* @param Hashes Digest alg to use.
* @param uint8_t* Buffer to be signed/verified...
* @param int ...and its length.
* @param uint8_t* Buffer to hold signature...
* @param int* ...and its length.
* @param uint8_t* Buffer holding the key...
* @param int ...and its length.
* @param uint32_t Options to the operations.
* @return 0 if the operation completed successfully.
*/
int __attribute__((weak)) wrapped_sign_verify(Cipher c, CryptoKey k, Hashes h, uint8_t* msg, int msg_len, uint8_t* sig, size_t* sig_len, uint8_t* key, int key_len, uint32_t opts) {
if (keygen_deferred_handling(k)) {
// If overriden by user implementation.
return _s_v_overrides[k](c, k, h, msg, msg_len, sig, sig_len, key, key_len, opts);
}
int ret = -1; // Failure by default.
uint8_t* hash;
int hashlen;
if (Hashes::NONE != h) {
hashlen = get_digest_output_length(h);
hash = (uint8_t*) alloca(hashlen);
if (hash) {
ret = wrapped_hash(msg, msg_len, hash, h);
}
}
else {
// This is the no-digest case.
hashlen = msg_len;
hash = msg;
ret = 0; // TODO: Fail if size is greater than the maximum input length for the Key type.
}
if (0 == ret) {
// If we are here, the hashing operation worked. Now we case-off on key/algo.
mbedtls_pk_context k_ctx;
mbedtls_pk_init(&k_ctx);
uint32_t pers = randomInt();
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_ctr_drbg_init(&ctr_drbg);
ret = mbedtls_ctr_drbg_seed(
&ctr_drbg, mbedtls_entropy_func, &entropy,
(const uint8_t*) &pers, 4
);
if (0 == ret) {
switch (c) {
#if defined(WRAPPED_ASYM_RSA)
case Cipher::ASYM_RSA:
//ret = mbedtls_pk_setup(&k_ctx, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA));
if (opts & OP_SIGN) {
ret = mbedtls_pk_setup(&k_ctx, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA));
if (0 == ret) {
ret = mbedtls_pk_parse_key(&k_ctx, key, key_len, nullptr, 0);
if (0 == ret) {
ret = mbedtls_pk_sign(
&k_ctx,
(mbedtls_md_type_t) h, hash, hashlen,
sig, sig_len,
mbedtls_ctr_drbg_random, &ctr_drbg
);
}
}
}
else {
ret = mbedtls_pk_parse_public_key(&k_ctx, key, key_len);
if (0 == ret) {
ret = mbedtls_pk_verify(
&k_ctx,
(mbedtls_md_type_t) h, hash, hashlen,
sig, *sig_len
);
}
}
break;
#endif
#if defined(MBEDTLS_ECDSA_C)
case Cipher::ASYM_ECDSA:
if (opts & OP_SIGN) {
ret = mbedtls_pk_setup(&k_ctx, mbedtls_pk_info_from_type(MBEDTLS_PK_ECDSA));
if (0 == ret) {
ret = mbedtls_pk_parse_key(&k_ctx, key, key_len, nullptr, 0);
if (0 == ret) {
ret = mbedtls_pk_sign(
&k_ctx,
(mbedtls_md_type_t) h, hash, hashlen,
sig, sig_len,
mbedtls_ctr_drbg_random, &ctr_drbg
);
}
}
}
else {
ret = mbedtls_pk_parse_public_key(&k_ctx, key, key_len);
if (0 == ret) {
ret = mbedtls_pk_verify(
&k_ctx,
(mbedtls_md_type_t) h, hash, hashlen,
sig, *sig_len
);
}
}
break;
#endif
#if defined(MBEDTLS_ECP_C)
case Cipher::ASYM_ECKEY:
if (opts & OP_SIGN) {
ret = mbedtls_pk_setup(&k_ctx, mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY));
if (0 == ret) {
ret = mbedtls_pk_parse_key(&k_ctx, key, key_len, nullptr, 0);
if (0 == ret) {
ret = mbedtls_pk_sign(
&k_ctx,
(mbedtls_md_type_t) h, hash, hashlen,
sig, sig_len,
mbedtls_ctr_drbg_random, &ctr_drbg
);
}
}
}
else {
ret = mbedtls_pk_parse_public_key(&k_ctx, key, key_len);
if (0 == ret) {
ret = mbedtls_pk_verify(
&k_ctx,
(mbedtls_md_type_t) h, hash, hashlen,
sig, *sig_len
);
}
}
break;
#endif
default:
break;
}
}
}
return ret;
}
