[TA-100] Fixed RSA keygen/sign/verify, tests

danielinux · tmael · commit e0beffeb493d · 2026-03-05T15:23:42.000-08:00
diff --git a/wolfcrypt/src/port/atmel/atmel.c b/wolfcrypt/src/port/atmel/atmel.c
@@ -880,7 +880,7 @@ int wc_Microchip_rsa_create_key(struct RsaKey* key, int size, long e)
 
     /* Private key for signing AND decryption */
     ret = talib_handle_init_private_key(&rKeyA, TA_KEY_TYPE_RSA2048,
-            TA_ALG_MODE_RSA_SSA_1_5, TA_PROP_SIGN_INT_EXT_DIGEST,
+            TA_ALG_MODE_RSA_SSA_PSS, TA_PROP_SIGN_INT_EXT_DIGEST,
             TA_PROP_KEY_AGREEMENT_OUT_BUFF);
     if (ret != ATCA_SUCCESS)
         return WC_HW_E;
@@ -893,7 +893,7 @@ int wc_Microchip_rsa_create_key(struct RsaKey* key, int size, long e)
 
     /* Public key - use 0, 0 for encryption support! */
     ret = talib_handle_init_public_key(&uKeyA, TA_KEY_TYPE_RSA2048,
-            TA_ALG_MODE_RSA_SSA_1_5, 0, 0);
+            TA_ALG_MODE_RSA_SSA_PSS, 0, 0);
     if (ret != ATCA_SUCCESS)
         return WC_HW_E;
 
@@ -958,24 +958,28 @@ int wc_Microchip_rsa_sign(const byte* in, word32 inLen, byte* out, word32 outLen
 {
     int ret;
     uint16_t sign_size = (uint16_t)outLen;
-    byte hash_data[WC_SHA256_DIGEST_SIZE];
 
     if (in == NULL || out == NULL || key == NULL) {
         return BAD_FUNC_ARG;
     }
 
-    /* Hash the input message */
-    ret = wc_Sha256Hash(in, inLen, hash_data);
-    if (ret != 0) {
-        return ret;
+    /* TA100 expects a digest for RSA sign. */
+    if (inLen != WC_SHA256_DIGEST_SIZE) {
+        return BAD_FUNC_ARG;
     }
 
     /* Sign using the signing private key handle */
-    ret = talib_sign_external(atcab_get_device(), WOLFSSL_TA_KEY_TYPE_RSA,
-                              key->rKeyH, TA_HANDLE_INPUT_BUFFER, hash_data,
-                              WC_SHA256_DIGEST_SIZE, out, &sign_size);
+    ret = talib_sign_external(atcab_get_device(),
+                              (uint8_t)(TA_SIGN_MODE_EXTERNAL_MSG |
+                                        WOLFSSL_TA_KEY_TYPE_RSA),
+                              key->rKeyH, TA_HANDLE_INPUT_BUFFER, in,
+                              (uint16_t)inLen, out, &sign_size);
 
-    return atmel_ecc_translate_err(ret);
+    ret = atmel_ecc_translate_err(ret);
+    if (ret == 0) {
+        return (int)sign_size;
+    }
+    return ret;
 }
 
 
@@ -984,22 +988,20 @@ int wc_Microchip_rsa_verify(const byte* in, word32 inLen, byte* sig, word32 sigL
 {
     int ret;
     bool verified = false;
-    byte hash_data[WC_SHA256_DIGEST_SIZE];
 
     if (in == NULL || sig == NULL || key == NULL) {
         return BAD_FUNC_ARG;
     }
 
-    /* Hash the input message */
-    ret = wc_Sha256Hash(in, inLen, hash_data);
-    if (ret != 0) {
-        return ret;
+    /* TA100 expects a digest for RSA verify. */
+    if (inLen != WC_SHA256_DIGEST_SIZE) {
+        return BAD_FUNC_ARG;
     }
 
     /* Verify using the verification public key handle */
     ret = talib_verify(atcab_get_device(), WOLFSSL_TA_KEY_TYPE_RSA,
                        TA_HANDLE_INPUT_BUFFER, key->uKeyH, sig,
-                       sigLen, hash_data, WC_SHA256_DIGEST_SIZE, NULL,
+                       sigLen, in, (uint16_t)inLen, NULL,
                        sigLen, &verified);
 
     ret = atmel_ecc_translate_err(ret);
diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c
@@ -3401,6 +3401,9 @@ static int RsaPublicEncryptEx(const byte* in, word32 inLen, byte* out,
         else if (rsa_type == RSA_PRIVATE_ENCRYPT &&
                                          pad_value == RSA_BLOCK_TYPE_1) {
             if (key->rKeyH != 0) {
+                if (pad_type != WC_RSA_PSS_PAD) {
+                    return WC_HW_E;
+                }
                 return wc_Microchip_rsa_sign(in, inLen, out, outLen, key);
             }
             return WC_HW_E;
@@ -3578,6 +3581,9 @@ static int RsaPrivateDecryptEx(const byte* in, word32 inLen, byte* out,
         else if (rsa_type == RSA_PUBLIC_DECRYPT &&
                                          pad_value == RSA_BLOCK_TYPE_1) {
             if (key->uKeyH != 0) {
+                if (pad_type != WC_RSA_PSS_PAD) {
+                    return WC_HW_E;
+                }
                 int tmp;
                 return wc_Microchip_rsa_verify(in, inLen, out, outLen, key, &tmp);
             }
@@ -4277,6 +4283,17 @@ int wc_RsaPSS_VerifyCheckInline(byte* in, word32 inLen, byte** out,
                            enum wc_HashType hash, int mgf, RsaKey* key)
 {
     int ret = 0, verify, saltLen, hLen, bits = 0;
+#ifdef WOLFSSL_MICROCHIP_TA100
+    if (key != NULL && key->uKeyH != 0) {
+        int verified = 0;
+        ret = wc_Microchip_rsa_verify(digest, digestLen, in, inLen, key,
+                                      &verified);
+        if (ret != 0) {
+            return ret;
+        }
+        return verified ? (int)inLen : SIG_VERIFY_E;
+    }
+#endif
 
     hLen = wc_HashGetDigestSize(hash);
     if (hLen < 0)
@@ -4326,6 +4343,17 @@ int wc_RsaPSS_VerifyCheck(const byte* in, word32 inLen, byte* out, word32 outLen
                           RsaKey* key)
 {
     int ret = 0, verify, saltLen, hLen, bits = 0;
+#ifdef WOLFSSL_MICROCHIP_TA100
+    if (key != NULL && key->uKeyH != 0) {
+        int verified = 0;
+        ret = wc_Microchip_rsa_verify(digest, digestLen, (byte*)in, inLen,
+                                      key, &verified);
+        if (ret != 0) {
+            return ret;
+        }
+        return verified ? (int)inLen : SIG_VERIFY_E;
+    }
+#endif
 
     hLen = wc_HashGetDigestSize(hash);
     if (hLen < 0)
diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
@@ -22586,6 +22586,13 @@ static wc_test_ret_t rsa_flatten_test(RsaKey* key)
     word32 eSz = sizeof(e);
     word32 nSz = sizeof(n);
 
+#ifdef WOLFSSL_MICROCHIP_TA100
+    /* TA100 keys are hardware-only; flattening isn't supported. */
+    if (key != NULL && (key->rKeyH != 0 || key->uKeyH != 0)) {
+        return 0;
+    }
+#endif
+
     /* Parameter Validation testing. */
     ret = wc_RsaFlattenPublicKey(NULL, e, &eSz, n, &nSz);
     if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
@@ -22643,6 +22650,13 @@ static wc_test_ret_t rsa_export_key_test(RsaKey* key)
     word32 qSz = sizeof(q);
     word32 zero = 0;
 
+#ifdef WOLFSSL_MICROCHIP_TA100
+    /* TA100 keys are hardware-only; exporting components is not supported. */
+    if (key != NULL && (key->rKeyH != 0 || key->uKeyH != 0)) {
+        return 0;
+    }
+#endif
+
     ret = wc_RsaExportKey(NULL, e, &eSz, n, &nSz, d, &dSz, p, &pSz, q, &qSz);
     if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
         return WC_TEST_RET_ENC_EC(ret);
@@ -23313,6 +23327,7 @@ static wc_test_ret_t rsa_pss_test(WC_RNG* rng, RsaKey* key)
     const char       inStr[] = TEST_STRING;
     word32           inLen   = (word32)TEST_STRING_SZ;
     word32           outSz;
+    word32           sigSz;
     word32           plainSz;
     word32           digestSz;
     int              i, j;
@@ -23323,6 +23338,10 @@ static wc_test_ret_t rsa_pss_test(WC_RNG* rng, RsaKey* key)
     int              len;
 #endif
     byte*            plain;
+#ifdef WOLFSSL_MICROCHIP_TA100
+    int              mgf[]   = { WC_MGF1SHA256 };
+    enum wc_HashType hash[]  = { WC_HASH_TYPE_SHA256 };
+#else
     int              mgf[]   = {
 #ifndef NO_SHA
                                  WC_MGF1SHA1,
@@ -23357,6 +23376,7 @@ static wc_test_ret_t rsa_pss_test(WC_RNG* rng, RsaKey* key)
                                  WC_HASH_TYPE_SHA512,
 #endif
                                };
+#endif /* WOLFSSL_MICROCHIP_TA100 */
 
     WC_DECLARE_VAR(in, byte, RSA_TEST_BYTES, HEAP_HINT);
     WC_DECLARE_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
@@ -23400,11 +23420,29 @@ static wc_test_ret_t rsa_pss_test(WC_RNG* rng, RsaKey* key)
             if (ret <= 0)
                 ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
             outSz = (word32)ret;
+            /* Preserve signature length for TA100 verify. */
+            sigSz = outSz;
 
             XMEMCPY(sig, out, outSz);
             plain = NULL;
             TEST_SLEEP();
 
+#if defined(WOLFSSL_MICROCHIP_TA100)
+            do {
+            #if defined(WOLFSSL_ASYNC_CRYPT)
+                ret = wc_AsyncWait(ret, &key->asyncDev,
+                    WC_ASYNC_FLAG_CALL_AGAIN);
+            #endif
+                if (ret >= 0) {
+                    ret = wc_RsaPSS_VerifyCheck(sig, sigSz, out, outSz,
+                        digest, digestSz, hash[j], mgf[i], key);
+                }
+            } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
+            if (ret <= 0)
+                ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
+            /* TA100 PSS verify done; skip remaining software-only variants. */
+            return 0;
+#else
             do {
             #if defined(WOLFSSL_ASYNC_CRYPT)
                 ret = wc_AsyncWait(ret, &key->asyncDev,
@@ -23433,6 +23471,7 @@ static wc_test_ret_t rsa_pss_test(WC_RNG* rng, RsaKey* key)
 #endif
             if (ret != 0)
                 ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
+#endif /* WOLFSSL_MICROCHIP_TA100 */
 
 #ifdef RSA_PSS_TEST_WRONG_PARAMS
             for (k = 0; k < (int)(sizeof(mgf)/sizeof(*mgf)); k++) {
@@ -25299,13 +25338,21 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void)
     }
 #endif
 #endif
+#ifdef WOLFSSL_MICROCHIP_TA100
+    /* TA100 RSA tests are limited to PSS verify/sign with HW keys. */
+    goto ta100_rsa_pss_only;
+#endif
 #endif /* WOLFSSL_KEY_GEN && WOLFSSL_MICROCHIP_TA100 */
 
 #ifndef NO_SIG_WRAPPER
 #ifndef NO_SHA256
+    #if !defined(WOLFSSL_MICROCHIP_TA100)
     ret = rsa_sig_test(key, sizeof *key, modLen, &rng);
     if (ret != 0)
         goto exit_rsa;
+    #else
+    (void)modLen;
+    #endif /* !WOLFSSL_MICROCHIP_TA100 */
 #else /* NO_SHA256 */
     (void)modLen;
 #endif /* NO_SHA256 */
@@ -25319,6 +25366,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void)
 
 #if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
     !defined(WC_NO_RNG) && !defined(WOLF_CRYPTO_CB_ONLY_RSA)
+#ifndef WOLFSSL_MICROCHIP_TA100
     do {
 #if defined(WOLFSSL_ASYNC_CRYPT)
         ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
@@ -25385,18 +25433,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void)
         ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa);
     }
     TEST_SLEEP();
-
-    do {
-#if defined(WOLFSSL_ASYNC_CRYPT)
-        ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
-#endif
-        if (ret >= 0) {
-            ret = wc_RsaSSL_Sign(in, inLen, out, outSz, key, &rng);
-        }
-    } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
-    if (ret < 0)
-        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
-    TEST_SLEEP();
+#endif /* !WOLFSSL_MICROCHIP_TA100 */
 
 #elif defined(WOLFSSL_PUBLIC_MP)
     {
@@ -25741,6 +25778,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void)
 #endif /* WOLFSSL_CERT_REQ */
 #endif /* WOLFSSL_CERT_GEN */
 
+#ifdef WOLFSSL_MICROCHIP_TA100
+ta100_rsa_pss_only:
+#endif
+
 #if defined(WC_RSA_PSS) && \
     (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,0)) && \
     !defined(WC_NO_RNG)
