Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Restyle feature/HSM-P256-Signature-asn1-to-raw #8535

Closed
wants to merge 3 commits into from
Closed

Restyle feature/HSM-P256-Signature-asn1-to-raw #8535

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
c99bf39
converting hsm signature from asn format to raw format
sujaygkulkarni-nxp Jul 20, 2021
6a4045e
reduced buffer to 80 bytes
sujaygkulkarni-nxp Jul 21, 2021
6a66087
Restyled by clang-format
restyled-commits Jul 21, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
71 changes: 48 additions & 23 deletions src/crypto/hsm/nxp/CHIPCryptoPALHsm_SE05X_P256.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -129,10 +129,11 @@ CHIP_ERROR P256KeypairHSM::ECDSA_sign_msg(const uint8_t * msg, size_t msg_length
uint8_t hash[kSHA256_Hash_Length] = {
0,
};
size_t hashLen = sizeof(hash);
sss_status_t status = kStatus_SSS_Success;
sss_object_t keyObject = { 0 };
size_t siglen = out_signature.Capacity();
size_t hashLen = sizeof(hash);
sss_status_t status = kStatus_SSS_Success;
sss_object_t keyObject = { 0 };
uint8_t signature_se05x[80] = { 0 };
size_t signature_se05x_len = sizeof(signature_se05x);

VerifyOrReturnError(msg != nullptr, CHIP_ERROR_INVALID_ARGUMENT);
VerifyOrReturnError(msg_length > 0, CHIP_ERROR_INVALID_ARGUMENT);
Expand Down Expand Up @@ -182,10 +183,15 @@ CHIP_ERROR P256KeypairHSM::ECDSA_sign_msg(const uint8_t * msg, size_t msg_length
status = sss_asymmetric_context_init(&asymm_ctx, &gex_sss_chip_ctx.session, &keyObject, kAlgorithm_SSS_SHA256, kMode_SSS_Sign);
VerifyOrExit(status == kStatus_SSS_Success, error = CHIP_ERROR_INTERNAL);

status = sss_asymmetric_sign_digest(&asymm_ctx, hash, hashLen, Uint8::to_uchar(out_signature), &siglen);
status = sss_asymmetric_sign_digest(&asymm_ctx, hash, hashLen, signature_se05x, &signature_se05x_len);
VerifyOrExit(status == kStatus_SSS_Success, error = CHIP_ERROR_INTERNAL);

SuccessOrExit(out_signature.SetLength(siglen));
VerifyOrExit(CHIP_NO_ERROR ==
EcdsaAsn1SignatureToRaw(kP256_FE_Length, signature_se05x, signature_se05x_len, out_signature.Bytes(),
out_signature.Capacity()),
error = CHIP_ERROR_INTERNAL);

SuccessOrExit(out_signature.SetLength(2 * kP256_FE_Length));

error = CHIP_NO_ERROR;
exit:
Expand All @@ -202,11 +208,12 @@ CHIP_ERROR P256KeypairHSM::ECDSA_sign_msg(const uint8_t * msg, size_t msg_length

CHIP_ERROR P256KeypairHSM::ECDSA_sign_hash(const uint8_t * hash, size_t hash_length, P256ECDSASignature & out_signature)
{
CHIP_ERROR error = CHIP_ERROR_INTERNAL;
sss_asymmetric_t asymm_ctx = { 0 };
sss_status_t status = kStatus_SSS_Success;
sss_object_t keyObject = { 0 };
size_t siglen = out_signature.Capacity();
CHIP_ERROR error = CHIP_ERROR_INTERNAL;
sss_asymmetric_t asymm_ctx = { 0 };
sss_status_t status = kStatus_SSS_Success;
sss_object_t keyObject = { 0 };
uint8_t signature_se05x[80] = { 0 };
size_t signature_se05x_len = sizeof(signature_se05x);

VerifyOrReturnError(hash != nullptr, CHIP_ERROR_INVALID_ARGUMENT);
VerifyOrReturnError(hash_length == kSHA256_Hash_Length, CHIP_ERROR_INVALID_ARGUMENT);
Expand All @@ -228,10 +235,15 @@ CHIP_ERROR P256KeypairHSM::ECDSA_sign_hash(const uint8_t * hash, size_t hash_len
VerifyOrExit(status == kStatus_SSS_Success, error = CHIP_ERROR_INTERNAL);

status =
sss_asymmetric_sign_digest(&asymm_ctx, const_cast<uint8_t *>(hash), hash_length, Uint8::to_uchar(out_signature), &siglen);
sss_asymmetric_sign_digest(&asymm_ctx, const_cast<uint8_t *>(hash), hash_length, signature_se05x, &signature_se05x_len);
VerifyOrExit(status == kStatus_SSS_Success, error = CHIP_ERROR_INTERNAL);

SuccessOrExit(out_signature.SetLength(siglen));
VerifyOrExit(CHIP_NO_ERROR ==
EcdsaAsn1SignatureToRaw(kP256_FE_Length, signature_se05x, signature_se05x_len, out_signature.Bytes(),
out_signature.Capacity()),
error = CHIP_ERROR_INTERNAL);

SuccessOrExit(out_signature.SetLength(2 * kP256_FE_Length));

error = CHIP_NO_ERROR;
exit:
Expand Down Expand Up @@ -364,8 +376,10 @@ CHIP_ERROR P256PublicKeyHSM::ECDSA_validate_msg_signature(const uint8_t * msg, s
uint8_t hash[32] = {
0,
};
size_t hash_length = sizeof(hash);
sss_object_t keyObject = { 0 };
size_t hash_length = sizeof(hash);
sss_object_t keyObject = { 0 };
uint8_t signature_se05x[80] = { 0 };
size_t signature_se05x_len = sizeof(signature_se05x);

VerifyOrReturnError(msg != nullptr, CHIP_ERROR_INVALID_ARGUMENT);
VerifyOrReturnError(msg_length > 0, CHIP_ERROR_INVALID_ARGUMENT);
Expand Down Expand Up @@ -425,8 +439,12 @@ CHIP_ERROR P256PublicKeyHSM::ECDSA_validate_msg_signature(const uint8_t * msg, s
sss_asymmetric_context_init(&asymm_ctx, &gex_sss_chip_ctx.session, &keyObject, kAlgorithm_SSS_SHA256, kMode_SSS_Verify);
VerifyOrExit(status == kStatus_SSS_Success, error = CHIP_ERROR_INTERNAL);

status = sss_asymmetric_verify_digest(&asymm_ctx, hash, hash_length, (uint8_t *) Uint8::to_const_uchar(signature),
signature.Length());
VerifyOrExit(CHIP_NO_ERROR ==
EcdsaRawSignatureToAsn1(kP256_FE_Length, Uint8::to_const_uchar(signature.ConstBytes()), signature.Length(),
signature_se05x, signature_se05x_len, signature_se05x_len),
error = CHIP_ERROR_INVALID_SIGNATURE);

status = sss_asymmetric_verify_digest(&asymm_ctx, hash, hash_length, (uint8_t *) signature_se05x, signature_se05x_len);
VerifyOrExit(status == kStatus_SSS_Success, error = CHIP_ERROR_INVALID_SIGNATURE);

error = CHIP_NO_ERROR;
Expand All @@ -452,10 +470,12 @@ CHIP_ERROR P256PublicKeyHSM::ECDSA_validate_msg_signature(const uint8_t * msg, s
CHIP_ERROR P256PublicKeyHSM::ECDSA_validate_hash_signature(const uint8_t * hash, size_t hash_length,
const P256ECDSASignature & signature) const
{
CHIP_ERROR error = CHIP_ERROR_INTERNAL;
sss_status_t status = kStatus_SSS_Success;
sss_asymmetric_t asymm_ctx = { 0 };
sss_object_t keyObject = { 0 };
CHIP_ERROR error = CHIP_ERROR_INTERNAL;
sss_status_t status = kStatus_SSS_Success;
sss_asymmetric_t asymm_ctx = { 0 };
sss_object_t keyObject = { 0 };
uint8_t signature_se05x[80] = { 0 };
size_t signature_se05x_len = sizeof(signature_se05x);

VerifyOrReturnError(hash != nullptr, CHIP_ERROR_INVALID_ARGUMENT);
VerifyOrReturnError(hash_length > 0, CHIP_ERROR_INVALID_ARGUMENT);
Expand Down Expand Up @@ -485,8 +505,13 @@ CHIP_ERROR P256PublicKeyHSM::ECDSA_validate_hash_signature(const uint8_t * hash,
sss_asymmetric_context_init(&asymm_ctx, &gex_sss_chip_ctx.session, &keyObject, kAlgorithm_SSS_SHA256, kMode_SSS_Verify);
VerifyOrExit(status == kStatus_SSS_Success, error = CHIP_ERROR_INTERNAL);

status = sss_asymmetric_verify_digest(&asymm_ctx, const_cast<uint8_t *>(hash), hash_length,
(uint8_t *) Uint8::to_const_uchar(signature), signature.Length());
VerifyOrExit(CHIP_NO_ERROR ==
EcdsaRawSignatureToAsn1(kP256_FE_Length, Uint8::to_const_uchar(signature.ConstBytes()), signature.Length(),
signature_se05x, signature_se05x_len, signature_se05x_len),
error = CHIP_ERROR_INVALID_SIGNATURE);

status = sss_asymmetric_verify_digest(&asymm_ctx, const_cast<uint8_t *>(hash), hash_length, (uint8_t *) signature_se05x,
signature_se05x_len);
VerifyOrExit(status == kStatus_SSS_Success, error = CHIP_ERROR_INVALID_SIGNATURE);

error = CHIP_NO_ERROR;
Expand Down
2 changes: 0 additions & 2 deletions src/crypto/hsm/nxp/CHIPCryptoPALHsm_SE05X_Spake2p.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -286,7 +286,6 @@ CHIP_ERROR Spake2pHSM_P256_SHA256_HKDF_HMAC::BeginVerifier(const uint8_t * my_id
const uint8_t * w0in, size_t w0in_len, const uint8_t * Lin,
size_t Lin_len)
{
CHIP_ERROR error = CHIP_ERROR_INTERNAL;
uint8_t w0in_mod[32] = {
0,
};
Expand Down Expand Up @@ -353,7 +352,6 @@ CHIP_ERROR Spake2pHSM_P256_SHA256_HKDF_HMAC::BeginProver(const uint8_t * my_iden
const uint8_t * w0in, size_t w0in_len, const uint8_t * w1in,
size_t w1in_len)
{
CHIP_ERROR error = CHIP_ERROR_INTERNAL;
smStatus_t smstatus = SM_NOT_OK;
uint8_t w0in_mod[32] = {
0,
Expand Down