/* * SPDX-FileCopyrightText: Copyright (c) 2024 NVIDIA CORPORATION & AFFILIATES. All rights reserved. * SPDX-License-Identifier: MIT * * Permission is hereby granted, free of charge, to any person obtaining a * copy of this software and associated documentation files (the "Software"), * to deal in the Software without restriction, including without limitation * the rights to use, copy, modify, merge, publish, distribute, sublicense, * and/or sell copies of the Software, and to permit persons to whom the * Software is furnished to do so, subject to the following conditions: * * The above copyright notice and this permission notice shall be included in * all copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER * DEALINGS IN THE SOFTWARE. * * Comments, prototypes and checks taken from DMTF: Copyright 2021-2022 DMTF. All rights reserved. * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md */ /** @file * RSA Asymmetric Cipher Wrapper Implementation. * * This file implements following APIs which provide more capabilities for RSA: * 1) rsa_pss_sign * * RFC 8017 - PKCS #1: RSA Cryptography Specifications version 2.2 **/ #include "internal_crypt_lib.h" #include "library/cryptlib.h" /** * Carries out the RSA-PSS signature generation with EMSA-PSS encoding scheme. * * This function carries out the RSA-PSS signature generation with EMSA-PSS encoding scheme defined in * RSA PKCS#1 v2.2. * * The salt length is same as digest length. * * If the signature buffer is too small to hold the contents of signature, false * is returned and sig_size is set to the required buffer size to obtain the signature. * * If rsa_context is NULL, then return false. * If message_hash is NULL, then return false. * If hash_size need match the hash_nid. nid could be SHA256, SHA384, SHA512, SHA3_256, SHA3_384, SHA3_512. * If sig_size is large enough but signature is NULL, then return false. * * @param[in] rsa_context Pointer to RSA context for signature generation. * @param[in] hash_nid hash NID * @param[in] message_hash Pointer to octet message hash to be signed. * @param[in] hash_size size of the message hash in bytes. * @param[out] signature Pointer to buffer to receive RSA-SSA PSS signature. * @param[in, out] sig_size On input, the size of signature buffer in bytes. * On output, the size of data returned in signature buffer in bytes. * * @retval true signature successfully generated in RSA-SSA PSS. * @retval false signature generation failed. * @retval false sig_size is too small. * **/ bool libspdm_rsa_pss_sign(void *rsa_context, size_t hash_nid, const uint8_t *message_hash, size_t hash_size, uint8_t *signature, size_t *sig_size) { return lkca_rsa_pss_sign(rsa_context, hash_nid, message_hash, hash_size, signature, sig_size); } // // In RM, we just need sign process; so we stub verification function. // Verification function is needed in GSP code only, // bool libspdm_rsa_pss_verify(void *rsa_context, size_t hash_nid, const uint8_t *message_hash, size_t hash_size, const uint8_t *signature, size_t sig_size) { return false; }