From 47c7171348d70c2d369363c247d74f954e3b778d Mon Sep 17 00:00:00 2001 From: Govindraj Raja Date: Fri, 3 Feb 2023 11:08:00 +0000 Subject: [PATCH] refactor(crypto): avoid using struct mbedtls_pk_rsassa_pss_options In preparation for supporting mbedtls 3.3, usage of mbedtls_pk_rsassa_pss_options[1] is made private and is broken on 3.3 However looking closely into the usage in 'verify_signature' function is no hard reason behind usage of this struct and they could be easily replaced with independent variables. This Minor refactor to avoid using the struct mbedtls_pk_rsassa_pss_options and use independent variable will provide compatibility with both 2.x and 3.x [1]: https://github.com/Mbed-TLS/mbedtls/issues/7040 Change-Id: If0107d860d11d13cba7fd5d7941e7142e70c7b11 Signed-off-by: Govindraj Raja --- drivers/auth/cryptocell/712/cryptocell_crypto.c | 17 ++++++++--------- drivers/auth/cryptocell/713/cryptocell_crypto.c | 16 ++++++++-------- 2 files changed, 16 insertions(+), 17 deletions(-) diff --git a/drivers/auth/cryptocell/712/cryptocell_crypto.c b/drivers/auth/cryptocell/712/cryptocell_crypto.c index c7ee36fa7..142f36477 100644 --- a/drivers/auth/cryptocell/712/cryptocell_crypto.c +++ b/drivers/auth/cryptocell/712/cryptocell_crypto.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2017-2020, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2017-2023, ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -95,11 +95,10 @@ static int verify_signature(void *data_ptr, unsigned int data_len, CCError_t error; CCSbNParams_t pk; CCSbSignature_t signature; - int rc, exp; + int rc, exp, expected_salt_len; mbedtls_asn1_buf sig_oid, alg_oid, params; - mbedtls_md_type_t md_alg; + mbedtls_md_type_t md_alg, mgf1_hash_id; mbedtls_pk_type_t pk_alg; - mbedtls_pk_rsassa_pss_options pss_opts; size_t len; uint8_t *p, *end; /* Temp buf to store the public key modulo (N) in LE format */ @@ -119,22 +118,22 @@ static int verify_signature(void *data_ptr, unsigned int data_len, return CRYPTO_ERR_SIGNATURE; /* The CryptoCell only supports RSASSA-PSS signature */ - if (pk_alg != MBEDTLS_PK_RSASSA_PSS || md_alg != MBEDTLS_MD_NONE) + if ((pk_alg != MBEDTLS_PK_RSASSA_PSS) || (md_alg != MBEDTLS_MD_NONE)) return CRYPTO_ERR_SIGNATURE; /* Verify the RSASSA-PSS params */ /* The trailer field is verified to be 0xBC internally by this API */ rc = mbedtls_x509_get_rsassa_pss_params(¶ms, &md_alg, - &pss_opts.mgf1_hash_id, - &pss_opts.expected_salt_len); + &mgf1_hash_id, + &expected_salt_len); if (rc != 0) return CRYPTO_ERR_SIGNATURE; /* The CryptoCell only supports SHA256 as hash algorithm */ - if (md_alg != MBEDTLS_MD_SHA256 || pss_opts.mgf1_hash_id != MBEDTLS_MD_SHA256) + if ((md_alg != MBEDTLS_MD_SHA256) || (mgf1_hash_id != MBEDTLS_MD_SHA256)) return CRYPTO_ERR_SIGNATURE; - if (pss_opts.expected_salt_len != RSA_SALT_LEN) + if (expected_salt_len != RSA_SALT_LEN) return CRYPTO_ERR_SIGNATURE; /* Parse the public key */ diff --git a/drivers/auth/cryptocell/713/cryptocell_crypto.c b/drivers/auth/cryptocell/713/cryptocell_crypto.c index 3ac16af20..af175e4e3 100644 --- a/drivers/auth/cryptocell/713/cryptocell_crypto.c +++ b/drivers/auth/cryptocell/713/cryptocell_crypto.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2017-2023 ARM Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -82,11 +82,11 @@ static int verify_signature(void *data_ptr, unsigned int data_len, CCError_t error; CCBsvNBuff_t NBuff; CCBsvSignature_t signature; - int rc, exp; + int rc, exp, expected_salt_len; mbedtls_asn1_buf sig_oid, alg_oid, params; - mbedtls_md_type_t md_alg; + mbedtls_md_type_t md_alg, mgf1_hash_id; mbedtls_pk_type_t pk_alg; - mbedtls_pk_rsassa_pss_options pss_opts; + size_t len; uint8_t *p, *end; CCHashResult_t digest; @@ -114,17 +114,17 @@ static int verify_signature(void *data_ptr, unsigned int data_len, /* Verify the RSASSA-PSS params */ /* The trailer field is verified to be 0xBC internally by this API */ rc = mbedtls_x509_get_rsassa_pss_params(¶ms, &md_alg, - &pss_opts.mgf1_hash_id, - &pss_opts.expected_salt_len); + &mgf1_hash_id, + &expected_salt_len); if (rc != 0) return CRYPTO_ERR_SIGNATURE; /* The CryptoCell only supports SHA256 as hash algorithm */ if (md_alg != MBEDTLS_MD_SHA256 || - pss_opts.mgf1_hash_id != MBEDTLS_MD_SHA256) + mgf1_hash_id != MBEDTLS_MD_SHA256) return CRYPTO_ERR_SIGNATURE; - if (pss_opts.expected_salt_len != RSA_SALT_LEN) + if (expected_salt_len != RSA_SALT_LEN) return CRYPTO_ERR_SIGNATURE; /* Parse the public key */ -- 2.39.5