diff --git a/sw/device/lib/crypto/impl/rsa_3072/rsa_3072_verify.c b/sw/device/lib/crypto/impl/rsa_3072/rsa_3072_verify.c index 14a2d4ba0ae8f..84f32be654dc8 100644 --- a/sw/device/lib/crypto/impl/rsa_3072/rsa_3072_verify.c +++ b/sw/device/lib/crypto/impl/rsa_3072/rsa_3072_verify.c @@ -148,17 +148,9 @@ otbn_error_t rsa_3072_compute_constants(const rsa_3072_public_key_t *public_key, return kOtbnErrorOk; } -// TODO: This implementation waits while OTBN is processing; it should be -// modified to be non-blocking. -otbn_error_t rsa_3072_verify(const rsa_3072_int_t *signature, - const rsa_3072_int_t *message, - const rsa_3072_public_key_t *public_key, - const rsa_3072_constants_t *constants, - hardened_bool_t *result) { - // Initially set the result to false in case of early returns due to invalid - // arguments. - *result = kHardenedBoolFalse; - +otbn_error_t rsa_3072_verify_start(const rsa_3072_int_t *signature, + const rsa_3072_public_key_t *public_key, + const rsa_3072_constants_t *constants) { // Only the F4 modulus is supported. if (public_key->e != 65537) { return kOtbnErrorInvalidArgument; @@ -195,6 +187,15 @@ otbn_error_t rsa_3072_verify(const rsa_3072_int_t *signature, // Start the OTBN routine. OTBN_RETURN_IF_ERROR(otbn_execute()); + return kOtbnErrorOk; +} + +otbn_error_t rsa_3072_verify_finalize(const rsa_3072_int_t *message, + hardened_bool_t *result) { + // Initially set the result to false in case of early returns due to invalid + // arguments. + *result = kHardenedBoolFalse; + // Spin here waiting for OTBN to complete. OTBN_RETURN_IF_ERROR(otbn_busy_wait_for_done()); @@ -214,3 +215,21 @@ otbn_error_t rsa_3072_verify(const rsa_3072_int_t *signature, return kOtbnErrorOk; } + +otbn_error_t rsa_3072_verify(const rsa_3072_int_t *signature, + const rsa_3072_int_t *message, + const rsa_3072_public_key_t *public_key, + const rsa_3072_constants_t *constants, + hardened_bool_t *result) { + // Initially set the result to false in case of early returns due to invalid + // arguments. + *result = kHardenedBoolFalse; + + // Initiate OTBN signature verification. + OTBN_RETURN_IF_ERROR(rsa_3072_verify_start(signature, public_key, constants)); + + // Wait for OTBN operations to complete and signature to be verified. + OTBN_RETURN_IF_ERROR(rsa_3072_verify_finalize(message, result)); + + return kOtbnErrorOk; +} diff --git a/sw/device/lib/crypto/impl/rsa_3072/rsa_3072_verify.h b/sw/device/lib/crypto/impl/rsa_3072/rsa_3072_verify.h index 616b56b5b0d4f..87925532ee5f5 100644 --- a/sw/device/lib/crypto/impl/rsa_3072/rsa_3072_verify.h +++ b/sw/device/lib/crypto/impl/rsa_3072/rsa_3072_verify.h @@ -109,13 +109,41 @@ status_t rsa_3072_encode_sha256(const uint8_t *msg, size_t msgLen, rsa_3072_int_t *result); /** - * Verifies an RSA-3072 signature. + * Starts an RSA-3072 signature verification; returns immediately. + * + * The key exponent must be 65537; no other exponents are supported. + * + * @param signature Signature to be verified. + * @param public_key Key to check the signature against. + * @param constants Precomputed Montgomery constants for the public_key. + * @return Result of the operation (OK or error). + */ +otbn_error_t rsa_3072_verify_start(const rsa_3072_int_t *signature, + const rsa_3072_public_key_t *public_key, + const rsa_3072_constants_t *constants); + +/** + * Waits for an RSA-3072 signature verification to complete. + * + * Should be invoked after `rsa_3072_verify_async`. The encoded `message` + * parameter should be related to the `signature` parameter passed to the prior + * invocation of `rsa_3072_verify_async`. + * + * @param message Encoded message representative to check the signature against. + * @return Result of the operation (OK or error). + */ +otbn_error_t rsa_3072_verify_finalize(const rsa_3072_int_t *message, + hardened_bool_t *result); + +/** + * Verifies an RSA-3072 signature; blocks until complete. * * The key exponent must be 65537; no other exponents are supported. * * @param signature Signature to be verified. * @param message Encoded message representative to check the signature against. * @param public_key Key to check the signature against. + * @param constants Precomputed Montgomery constants for the public_key. * @param result Buffer in which to store output (true iff signature is valid) * @return Result of the operation (OK or error). */