1*62c56f98SSadaf Ebrahimi /*
2*62c56f98SSadaf Ebrahimi * Driver entry points for p256-m
3*62c56f98SSadaf Ebrahimi */
4*62c56f98SSadaf Ebrahimi /*
5*62c56f98SSadaf Ebrahimi * Copyright The Mbed TLS Contributors
6*62c56f98SSadaf Ebrahimi * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
7*62c56f98SSadaf Ebrahimi */
8*62c56f98SSadaf Ebrahimi
9*62c56f98SSadaf Ebrahimi #include "mbedtls/platform.h"
10*62c56f98SSadaf Ebrahimi #include "p256-m_driver_entrypoints.h"
11*62c56f98SSadaf Ebrahimi #include "p256-m/p256-m.h"
12*62c56f98SSadaf Ebrahimi #include "psa/crypto.h"
13*62c56f98SSadaf Ebrahimi #include <stddef.h>
14*62c56f98SSadaf Ebrahimi #include <string.h>
15*62c56f98SSadaf Ebrahimi #include "psa_crypto_driver_wrappers_no_static.h"
16*62c56f98SSadaf Ebrahimi
17*62c56f98SSadaf Ebrahimi #if defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED)
18*62c56f98SSadaf Ebrahimi
19*62c56f98SSadaf Ebrahimi /* INFORMATION ON PSA KEY EXPORT FORMATS:
20*62c56f98SSadaf Ebrahimi *
21*62c56f98SSadaf Ebrahimi * PSA exports SECP256R1 keys in two formats:
22*62c56f98SSadaf Ebrahimi * 1. Keypair format: 32 byte string which is just the private key (public key
23*62c56f98SSadaf Ebrahimi * can be calculated from the private key)
24*62c56f98SSadaf Ebrahimi * 2. Public Key format: A leading byte 0x04 (indicating uncompressed format),
25*62c56f98SSadaf Ebrahimi * followed by the 64 byte public key. This results in a
26*62c56f98SSadaf Ebrahimi * total of 65 bytes.
27*62c56f98SSadaf Ebrahimi *
28*62c56f98SSadaf Ebrahimi * p256-m's internal format for private keys matches PSA. Its format for public
29*62c56f98SSadaf Ebrahimi * keys is only 64 bytes: the same as PSA but without the leading byte (0x04).
30*62c56f98SSadaf Ebrahimi * Hence, when passing public keys from PSA to p256-m, the leading byte is
31*62c56f98SSadaf Ebrahimi * removed.
32*62c56f98SSadaf Ebrahimi *
33*62c56f98SSadaf Ebrahimi * Shared secret and signature have the same format between PSA and p256-m.
34*62c56f98SSadaf Ebrahimi */
35*62c56f98SSadaf Ebrahimi #define PSA_PUBKEY_SIZE 65
36*62c56f98SSadaf Ebrahimi #define PSA_PUBKEY_HEADER_BYTE 0x04
37*62c56f98SSadaf Ebrahimi #define P256_PUBKEY_SIZE 64
38*62c56f98SSadaf Ebrahimi #define PRIVKEY_SIZE 32
39*62c56f98SSadaf Ebrahimi #define SHARED_SECRET_SIZE 32
40*62c56f98SSadaf Ebrahimi #define SIGNATURE_SIZE 64
41*62c56f98SSadaf Ebrahimi
42*62c56f98SSadaf Ebrahimi #define CURVE_BITS 256
43*62c56f98SSadaf Ebrahimi
44*62c56f98SSadaf Ebrahimi /* Convert between p256-m and PSA error codes */
p256_to_psa_error(int ret)45*62c56f98SSadaf Ebrahimi static psa_status_t p256_to_psa_error(int ret)
46*62c56f98SSadaf Ebrahimi {
47*62c56f98SSadaf Ebrahimi switch (ret) {
48*62c56f98SSadaf Ebrahimi case P256_SUCCESS:
49*62c56f98SSadaf Ebrahimi return PSA_SUCCESS;
50*62c56f98SSadaf Ebrahimi case P256_INVALID_PUBKEY:
51*62c56f98SSadaf Ebrahimi case P256_INVALID_PRIVKEY:
52*62c56f98SSadaf Ebrahimi return PSA_ERROR_INVALID_ARGUMENT;
53*62c56f98SSadaf Ebrahimi case P256_INVALID_SIGNATURE:
54*62c56f98SSadaf Ebrahimi return PSA_ERROR_INVALID_SIGNATURE;
55*62c56f98SSadaf Ebrahimi case P256_RANDOM_FAILED:
56*62c56f98SSadaf Ebrahimi default:
57*62c56f98SSadaf Ebrahimi return PSA_ERROR_GENERIC_ERROR;
58*62c56f98SSadaf Ebrahimi }
59*62c56f98SSadaf Ebrahimi }
60*62c56f98SSadaf Ebrahimi
p256_transparent_import_key(const psa_key_attributes_t * attributes,const uint8_t * data,size_t data_length,uint8_t * key_buffer,size_t key_buffer_size,size_t * key_buffer_length,size_t * bits)61*62c56f98SSadaf Ebrahimi psa_status_t p256_transparent_import_key(const psa_key_attributes_t *attributes,
62*62c56f98SSadaf Ebrahimi const uint8_t *data,
63*62c56f98SSadaf Ebrahimi size_t data_length,
64*62c56f98SSadaf Ebrahimi uint8_t *key_buffer,
65*62c56f98SSadaf Ebrahimi size_t key_buffer_size,
66*62c56f98SSadaf Ebrahimi size_t *key_buffer_length,
67*62c56f98SSadaf Ebrahimi size_t *bits)
68*62c56f98SSadaf Ebrahimi {
69*62c56f98SSadaf Ebrahimi /* Check the key size */
70*62c56f98SSadaf Ebrahimi if (*bits != 0 && *bits != CURVE_BITS) {
71*62c56f98SSadaf Ebrahimi return PSA_ERROR_NOT_SUPPORTED;
72*62c56f98SSadaf Ebrahimi }
73*62c56f98SSadaf Ebrahimi
74*62c56f98SSadaf Ebrahimi /* Validate the key (and its type and size) */
75*62c56f98SSadaf Ebrahimi psa_key_type_t type = psa_get_key_type(attributes);
76*62c56f98SSadaf Ebrahimi if (type == PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1)) {
77*62c56f98SSadaf Ebrahimi if (data_length != PSA_PUBKEY_SIZE) {
78*62c56f98SSadaf Ebrahimi return *bits == 0 ? PSA_ERROR_NOT_SUPPORTED : PSA_ERROR_INVALID_ARGUMENT;
79*62c56f98SSadaf Ebrahimi }
80*62c56f98SSadaf Ebrahimi /* See INFORMATION ON PSA KEY EXPORT FORMATS near top of file */
81*62c56f98SSadaf Ebrahimi if (p256_validate_pubkey(data + 1) != P256_SUCCESS) {
82*62c56f98SSadaf Ebrahimi return PSA_ERROR_INVALID_ARGUMENT;
83*62c56f98SSadaf Ebrahimi }
84*62c56f98SSadaf Ebrahimi } else if (type == PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)) {
85*62c56f98SSadaf Ebrahimi if (data_length != PRIVKEY_SIZE) {
86*62c56f98SSadaf Ebrahimi return *bits == 0 ? PSA_ERROR_NOT_SUPPORTED : PSA_ERROR_INVALID_ARGUMENT;
87*62c56f98SSadaf Ebrahimi }
88*62c56f98SSadaf Ebrahimi if (p256_validate_privkey(data) != P256_SUCCESS) {
89*62c56f98SSadaf Ebrahimi return PSA_ERROR_INVALID_ARGUMENT;
90*62c56f98SSadaf Ebrahimi }
91*62c56f98SSadaf Ebrahimi } else {
92*62c56f98SSadaf Ebrahimi return PSA_ERROR_NOT_SUPPORTED;
93*62c56f98SSadaf Ebrahimi }
94*62c56f98SSadaf Ebrahimi *bits = CURVE_BITS;
95*62c56f98SSadaf Ebrahimi
96*62c56f98SSadaf Ebrahimi /* We only support the export format for input, so just copy. */
97*62c56f98SSadaf Ebrahimi if (key_buffer_size < data_length) {
98*62c56f98SSadaf Ebrahimi return PSA_ERROR_BUFFER_TOO_SMALL;
99*62c56f98SSadaf Ebrahimi }
100*62c56f98SSadaf Ebrahimi memcpy(key_buffer, data, data_length);
101*62c56f98SSadaf Ebrahimi *key_buffer_length = data_length;
102*62c56f98SSadaf Ebrahimi
103*62c56f98SSadaf Ebrahimi return PSA_SUCCESS;
104*62c56f98SSadaf Ebrahimi }
105*62c56f98SSadaf Ebrahimi
p256_transparent_export_public_key(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,uint8_t * data,size_t data_size,size_t * data_length)106*62c56f98SSadaf Ebrahimi psa_status_t p256_transparent_export_public_key(const psa_key_attributes_t *attributes,
107*62c56f98SSadaf Ebrahimi const uint8_t *key_buffer,
108*62c56f98SSadaf Ebrahimi size_t key_buffer_size,
109*62c56f98SSadaf Ebrahimi uint8_t *data,
110*62c56f98SSadaf Ebrahimi size_t data_size,
111*62c56f98SSadaf Ebrahimi size_t *data_length)
112*62c56f98SSadaf Ebrahimi {
113*62c56f98SSadaf Ebrahimi /* Is this the right curve? */
114*62c56f98SSadaf Ebrahimi size_t bits = psa_get_key_bits(attributes);
115*62c56f98SSadaf Ebrahimi psa_key_type_t type = psa_get_key_type(attributes);
116*62c56f98SSadaf Ebrahimi if (bits != CURVE_BITS || type != PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)) {
117*62c56f98SSadaf Ebrahimi return PSA_ERROR_NOT_SUPPORTED;
118*62c56f98SSadaf Ebrahimi }
119*62c56f98SSadaf Ebrahimi
120*62c56f98SSadaf Ebrahimi /* Validate sizes, as p256-m expects fixed-size buffers */
121*62c56f98SSadaf Ebrahimi if (key_buffer_size != PRIVKEY_SIZE) {
122*62c56f98SSadaf Ebrahimi return PSA_ERROR_INVALID_ARGUMENT;
123*62c56f98SSadaf Ebrahimi }
124*62c56f98SSadaf Ebrahimi if (data_size < PSA_PUBKEY_SIZE) {
125*62c56f98SSadaf Ebrahimi return PSA_ERROR_BUFFER_TOO_SMALL;
126*62c56f98SSadaf Ebrahimi }
127*62c56f98SSadaf Ebrahimi
128*62c56f98SSadaf Ebrahimi /* See INFORMATION ON PSA KEY EXPORT FORMATS near top of file */
129*62c56f98SSadaf Ebrahimi data[0] = PSA_PUBKEY_HEADER_BYTE;
130*62c56f98SSadaf Ebrahimi int ret = p256_public_from_private(data + 1, key_buffer);
131*62c56f98SSadaf Ebrahimi if (ret == P256_SUCCESS) {
132*62c56f98SSadaf Ebrahimi *data_length = PSA_PUBKEY_SIZE;
133*62c56f98SSadaf Ebrahimi }
134*62c56f98SSadaf Ebrahimi
135*62c56f98SSadaf Ebrahimi return p256_to_psa_error(ret);
136*62c56f98SSadaf Ebrahimi }
137*62c56f98SSadaf Ebrahimi
p256_transparent_generate_key(const psa_key_attributes_t * attributes,uint8_t * key_buffer,size_t key_buffer_size,size_t * key_buffer_length)138*62c56f98SSadaf Ebrahimi psa_status_t p256_transparent_generate_key(
139*62c56f98SSadaf Ebrahimi const psa_key_attributes_t *attributes,
140*62c56f98SSadaf Ebrahimi uint8_t *key_buffer,
141*62c56f98SSadaf Ebrahimi size_t key_buffer_size,
142*62c56f98SSadaf Ebrahimi size_t *key_buffer_length)
143*62c56f98SSadaf Ebrahimi {
144*62c56f98SSadaf Ebrahimi /* We don't use this argument, but the specification mandates the signature
145*62c56f98SSadaf Ebrahimi * of driver entry-points. (void) used to avoid compiler warning. */
146*62c56f98SSadaf Ebrahimi (void) attributes;
147*62c56f98SSadaf Ebrahimi
148*62c56f98SSadaf Ebrahimi /* Validate sizes, as p256-m expects fixed-size buffers */
149*62c56f98SSadaf Ebrahimi if (key_buffer_size != PRIVKEY_SIZE) {
150*62c56f98SSadaf Ebrahimi return PSA_ERROR_BUFFER_TOO_SMALL;
151*62c56f98SSadaf Ebrahimi }
152*62c56f98SSadaf Ebrahimi
153*62c56f98SSadaf Ebrahimi /*
154*62c56f98SSadaf Ebrahimi * p256-m's keypair generation function outputs both public and private
155*62c56f98SSadaf Ebrahimi * keys. Allocate a buffer to which the public key will be written. The
156*62c56f98SSadaf Ebrahimi * private key will be written to key_buffer, which is passed to this
157*62c56f98SSadaf Ebrahimi * function as an argument. */
158*62c56f98SSadaf Ebrahimi uint8_t public_key_buffer[P256_PUBKEY_SIZE];
159*62c56f98SSadaf Ebrahimi
160*62c56f98SSadaf Ebrahimi int ret = p256_gen_keypair(key_buffer, public_key_buffer);
161*62c56f98SSadaf Ebrahimi if (ret == P256_SUCCESS) {
162*62c56f98SSadaf Ebrahimi *key_buffer_length = PRIVKEY_SIZE;
163*62c56f98SSadaf Ebrahimi }
164*62c56f98SSadaf Ebrahimi
165*62c56f98SSadaf Ebrahimi return p256_to_psa_error(ret);
166*62c56f98SSadaf Ebrahimi }
167*62c56f98SSadaf Ebrahimi
p256_transparent_key_agreement(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * peer_key,size_t peer_key_length,uint8_t * shared_secret,size_t shared_secret_size,size_t * shared_secret_length)168*62c56f98SSadaf Ebrahimi psa_status_t p256_transparent_key_agreement(
169*62c56f98SSadaf Ebrahimi const psa_key_attributes_t *attributes,
170*62c56f98SSadaf Ebrahimi const uint8_t *key_buffer,
171*62c56f98SSadaf Ebrahimi size_t key_buffer_size,
172*62c56f98SSadaf Ebrahimi psa_algorithm_t alg,
173*62c56f98SSadaf Ebrahimi const uint8_t *peer_key,
174*62c56f98SSadaf Ebrahimi size_t peer_key_length,
175*62c56f98SSadaf Ebrahimi uint8_t *shared_secret,
176*62c56f98SSadaf Ebrahimi size_t shared_secret_size,
177*62c56f98SSadaf Ebrahimi size_t *shared_secret_length)
178*62c56f98SSadaf Ebrahimi {
179*62c56f98SSadaf Ebrahimi /* We don't use these arguments, but the specification mandates the
180*62c56f98SSadaf Ebrahimi * sginature of driver entry-points. (void) used to avoid compiler
181*62c56f98SSadaf Ebrahimi * warning. */
182*62c56f98SSadaf Ebrahimi (void) attributes;
183*62c56f98SSadaf Ebrahimi (void) alg;
184*62c56f98SSadaf Ebrahimi
185*62c56f98SSadaf Ebrahimi /* Validate sizes, as p256-m expects fixed-size buffers */
186*62c56f98SSadaf Ebrahimi if (key_buffer_size != PRIVKEY_SIZE || peer_key_length != PSA_PUBKEY_SIZE) {
187*62c56f98SSadaf Ebrahimi return PSA_ERROR_INVALID_ARGUMENT;
188*62c56f98SSadaf Ebrahimi }
189*62c56f98SSadaf Ebrahimi if (shared_secret_size < SHARED_SECRET_SIZE) {
190*62c56f98SSadaf Ebrahimi return PSA_ERROR_BUFFER_TOO_SMALL;
191*62c56f98SSadaf Ebrahimi }
192*62c56f98SSadaf Ebrahimi
193*62c56f98SSadaf Ebrahimi /* See INFORMATION ON PSA KEY EXPORT FORMATS near top of file */
194*62c56f98SSadaf Ebrahimi const uint8_t *peer_key_p256m = peer_key + 1;
195*62c56f98SSadaf Ebrahimi int ret = p256_ecdh_shared_secret(shared_secret, key_buffer, peer_key_p256m);
196*62c56f98SSadaf Ebrahimi if (ret == P256_SUCCESS) {
197*62c56f98SSadaf Ebrahimi *shared_secret_length = SHARED_SECRET_SIZE;
198*62c56f98SSadaf Ebrahimi }
199*62c56f98SSadaf Ebrahimi
200*62c56f98SSadaf Ebrahimi return p256_to_psa_error(ret);
201*62c56f98SSadaf Ebrahimi }
202*62c56f98SSadaf Ebrahimi
p256_transparent_sign_hash(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * hash,size_t hash_length,uint8_t * signature,size_t signature_size,size_t * signature_length)203*62c56f98SSadaf Ebrahimi psa_status_t p256_transparent_sign_hash(
204*62c56f98SSadaf Ebrahimi const psa_key_attributes_t *attributes,
205*62c56f98SSadaf Ebrahimi const uint8_t *key_buffer,
206*62c56f98SSadaf Ebrahimi size_t key_buffer_size,
207*62c56f98SSadaf Ebrahimi psa_algorithm_t alg,
208*62c56f98SSadaf Ebrahimi const uint8_t *hash,
209*62c56f98SSadaf Ebrahimi size_t hash_length,
210*62c56f98SSadaf Ebrahimi uint8_t *signature,
211*62c56f98SSadaf Ebrahimi size_t signature_size,
212*62c56f98SSadaf Ebrahimi size_t *signature_length)
213*62c56f98SSadaf Ebrahimi {
214*62c56f98SSadaf Ebrahimi /* We don't use these arguments, but the specification mandates the
215*62c56f98SSadaf Ebrahimi * sginature of driver entry-points. (void) used to avoid compiler
216*62c56f98SSadaf Ebrahimi * warning. */
217*62c56f98SSadaf Ebrahimi (void) attributes;
218*62c56f98SSadaf Ebrahimi (void) alg;
219*62c56f98SSadaf Ebrahimi
220*62c56f98SSadaf Ebrahimi /* Validate sizes, as p256-m expects fixed-size buffers */
221*62c56f98SSadaf Ebrahimi if (key_buffer_size != PRIVKEY_SIZE) {
222*62c56f98SSadaf Ebrahimi return PSA_ERROR_INVALID_ARGUMENT;
223*62c56f98SSadaf Ebrahimi }
224*62c56f98SSadaf Ebrahimi if (signature_size < SIGNATURE_SIZE) {
225*62c56f98SSadaf Ebrahimi return PSA_ERROR_BUFFER_TOO_SMALL;
226*62c56f98SSadaf Ebrahimi }
227*62c56f98SSadaf Ebrahimi
228*62c56f98SSadaf Ebrahimi int ret = p256_ecdsa_sign(signature, key_buffer, hash, hash_length);
229*62c56f98SSadaf Ebrahimi if (ret == P256_SUCCESS) {
230*62c56f98SSadaf Ebrahimi *signature_length = SIGNATURE_SIZE;
231*62c56f98SSadaf Ebrahimi }
232*62c56f98SSadaf Ebrahimi
233*62c56f98SSadaf Ebrahimi return p256_to_psa_error(ret);
234*62c56f98SSadaf Ebrahimi }
235*62c56f98SSadaf Ebrahimi
236*62c56f98SSadaf Ebrahimi /* This function expects the key buffer to contain a PSA public key,
237*62c56f98SSadaf Ebrahimi * as exported by psa_export_public_key() */
p256_verify_hash_with_public_key(const uint8_t * key_buffer,size_t key_buffer_size,const uint8_t * hash,size_t hash_length,const uint8_t * signature,size_t signature_length)238*62c56f98SSadaf Ebrahimi static psa_status_t p256_verify_hash_with_public_key(
239*62c56f98SSadaf Ebrahimi const uint8_t *key_buffer,
240*62c56f98SSadaf Ebrahimi size_t key_buffer_size,
241*62c56f98SSadaf Ebrahimi const uint8_t *hash,
242*62c56f98SSadaf Ebrahimi size_t hash_length,
243*62c56f98SSadaf Ebrahimi const uint8_t *signature,
244*62c56f98SSadaf Ebrahimi size_t signature_length)
245*62c56f98SSadaf Ebrahimi {
246*62c56f98SSadaf Ebrahimi /* Validate sizes, as p256-m expects fixed-size buffers */
247*62c56f98SSadaf Ebrahimi if (key_buffer_size != PSA_PUBKEY_SIZE || *key_buffer != PSA_PUBKEY_HEADER_BYTE) {
248*62c56f98SSadaf Ebrahimi return PSA_ERROR_INVALID_ARGUMENT;
249*62c56f98SSadaf Ebrahimi }
250*62c56f98SSadaf Ebrahimi if (signature_length != SIGNATURE_SIZE) {
251*62c56f98SSadaf Ebrahimi return PSA_ERROR_INVALID_SIGNATURE;
252*62c56f98SSadaf Ebrahimi }
253*62c56f98SSadaf Ebrahimi
254*62c56f98SSadaf Ebrahimi /* See INFORMATION ON PSA KEY EXPORT FORMATS near top of file */
255*62c56f98SSadaf Ebrahimi const uint8_t *public_key_p256m = key_buffer + 1;
256*62c56f98SSadaf Ebrahimi int ret = p256_ecdsa_verify(signature, public_key_p256m, hash, hash_length);
257*62c56f98SSadaf Ebrahimi
258*62c56f98SSadaf Ebrahimi return p256_to_psa_error(ret);
259*62c56f98SSadaf Ebrahimi }
260*62c56f98SSadaf Ebrahimi
p256_transparent_verify_hash(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * hash,size_t hash_length,const uint8_t * signature,size_t signature_length)261*62c56f98SSadaf Ebrahimi psa_status_t p256_transparent_verify_hash(
262*62c56f98SSadaf Ebrahimi const psa_key_attributes_t *attributes,
263*62c56f98SSadaf Ebrahimi const uint8_t *key_buffer,
264*62c56f98SSadaf Ebrahimi size_t key_buffer_size,
265*62c56f98SSadaf Ebrahimi psa_algorithm_t alg,
266*62c56f98SSadaf Ebrahimi const uint8_t *hash,
267*62c56f98SSadaf Ebrahimi size_t hash_length,
268*62c56f98SSadaf Ebrahimi const uint8_t *signature,
269*62c56f98SSadaf Ebrahimi size_t signature_length)
270*62c56f98SSadaf Ebrahimi {
271*62c56f98SSadaf Ebrahimi /* We don't use this argument, but the specification mandates the signature
272*62c56f98SSadaf Ebrahimi * of driver entry-points. (void) used to avoid compiler warning. */
273*62c56f98SSadaf Ebrahimi (void) alg;
274*62c56f98SSadaf Ebrahimi
275*62c56f98SSadaf Ebrahimi psa_status_t status;
276*62c56f98SSadaf Ebrahimi uint8_t public_key_buffer[PSA_PUBKEY_SIZE];
277*62c56f98SSadaf Ebrahimi size_t public_key_buffer_size = PSA_PUBKEY_SIZE;
278*62c56f98SSadaf Ebrahimi
279*62c56f98SSadaf Ebrahimi size_t public_key_length = PSA_PUBKEY_SIZE;
280*62c56f98SSadaf Ebrahimi /* As p256-m doesn't require dynamic allocation, we want to avoid it in
281*62c56f98SSadaf Ebrahimi * the entrypoint functions as well. psa_driver_wrapper_export_public_key()
282*62c56f98SSadaf Ebrahimi * requires size_t*, so we use a pointer to a stack variable. */
283*62c56f98SSadaf Ebrahimi size_t *public_key_length_ptr = &public_key_length;
284*62c56f98SSadaf Ebrahimi
285*62c56f98SSadaf Ebrahimi /* The contents of key_buffer may either be the 32 byte private key
286*62c56f98SSadaf Ebrahimi * (keypair format), or 0x04 followed by the 64 byte public key (public
287*62c56f98SSadaf Ebrahimi * key format). To ensure the key is in the latter format, the public key
288*62c56f98SSadaf Ebrahimi * is exported. */
289*62c56f98SSadaf Ebrahimi status = psa_driver_wrapper_export_public_key(
290*62c56f98SSadaf Ebrahimi attributes,
291*62c56f98SSadaf Ebrahimi key_buffer,
292*62c56f98SSadaf Ebrahimi key_buffer_size,
293*62c56f98SSadaf Ebrahimi public_key_buffer,
294*62c56f98SSadaf Ebrahimi public_key_buffer_size,
295*62c56f98SSadaf Ebrahimi public_key_length_ptr);
296*62c56f98SSadaf Ebrahimi if (status != PSA_SUCCESS) {
297*62c56f98SSadaf Ebrahimi goto exit;
298*62c56f98SSadaf Ebrahimi }
299*62c56f98SSadaf Ebrahimi
300*62c56f98SSadaf Ebrahimi status = p256_verify_hash_with_public_key(
301*62c56f98SSadaf Ebrahimi public_key_buffer,
302*62c56f98SSadaf Ebrahimi public_key_buffer_size,
303*62c56f98SSadaf Ebrahimi hash,
304*62c56f98SSadaf Ebrahimi hash_length,
305*62c56f98SSadaf Ebrahimi signature,
306*62c56f98SSadaf Ebrahimi signature_length);
307*62c56f98SSadaf Ebrahimi
308*62c56f98SSadaf Ebrahimi exit:
309*62c56f98SSadaf Ebrahimi return status;
310*62c56f98SSadaf Ebrahimi }
311*62c56f98SSadaf Ebrahimi
312*62c56f98SSadaf Ebrahimi #endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */
313