Added support for EdDSA signature.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
2023-08-22 17:10:03 +02:00
parent 22d8793683
commit faef2dc278
7 changed files with 66 additions and 39 deletions
--- a/src/hsm/cmd_signature.c
+++ b/src/hsm/cmd_signature.c
@@ -20,6 +20,7 @@
 #include "asn1.h"
 #include "mbedtls/oid.h"
 #include "random.h"
+#include "mbedtls/eddsa.h"

 extern mbedtls_ecp_keypair hd_context;
 extern uint8_t hd_keytype;
@@ -233,8 +234,8 @@ int cmd_signature() {
        mbedtls_rsa_free(&ctx);
    }
    else if (p2 >= ALGO_EC_RAW && p2 <= ALGO_EC_SHA512) {
-        mbedtls_ecdsa_context ctx;
-        mbedtls_ecdsa_init(&ctx);
+        mbedtls_ecp_keypair ctx;
+        mbedtls_ecp_keypair_init(&ctx);
        md = MBEDTLS_MD_SHA256;
        if (p2 == ALGO_EC_RAW) {
            if (apdu.nc == 32) {
@@ -268,9 +269,9 @@ int cmd_signature() {
        else if (p2 == ALGO_EC_SHA512) {
            md = MBEDTLS_MD_SHA512;
        }
-        int r = load_private_key_ecdsa(&ctx, fkey);
+        int r = load_private_key_ec(&ctx, fkey);
        if (r != CCID_OK) {
-            mbedtls_ecdsa_free(&ctx);
+            mbedtls_ecp_keypair_free(&ctx);
            if (r == CCID_VERIFICATION_FAILED) {
                return SW_SECURE_MESSAGE_EXEC_ERROR();
            }
@@ -278,14 +279,20 @@ int cmd_signature() {
        }
        size_t olen = 0;
        uint8_t buf[MBEDTLS_ECDSA_MAX_LEN];
-        if (mbedtls_ecdsa_write_signature(&ctx, md, apdu.data, apdu.nc, buf, MBEDTLS_ECDSA_MAX_LEN,
-                                          &olen, random_gen, NULL) != 0) {
-            mbedtls_ecdsa_free(&ctx);
+        if (ctx.grp.id == MBEDTLS_ECP_DP_ED25519 || ctx.grp.id == MBEDTLS_ECP_DP_ED448) {
+            r = mbedtls_eddsa_write_signature(&ctx, apdu.data, apdu.nc, buf, sizeof(buf), &olen, MBEDTLS_EDDSA_PURE, NULL, 0, random_gen, NULL);
+        }
+        else {
+            r = mbedtls_ecdsa_write_signature(&ctx, md, apdu.data, apdu.nc, buf, MBEDTLS_ECDSA_MAX_LEN,
+                                              &olen, random_gen, NULL);
+        }
+        if (r != 0) {
+            mbedtls_ecp_keypair_free(&ctx);
            return SW_EXEC_ERROR();
        }
        memcpy(res_APDU, buf, olen);
        res_APDU_size = olen;
-        mbedtls_ecdsa_free(&ctx);
+        mbedtls_ecp_keypair_free(&ctx);
    }
    else if (p2 == ALGO_HD) {
        size_t olen = 0;