psa: Change psa_driver_wrapper_sign/verify_hash signature

Change psa_driver_wrapper_sign/verify_hash signature
to that of a sign/verify_hash driver entry point.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron 2020-12-08 17:07:25 +01:00
parent 1865993763
commit 9f17aa48c2
3 changed files with 72 additions and 80 deletions

View file

@ -3449,22 +3449,21 @@ psa_status_t psa_sign_hash( mbedtls_svc_key_id_t key,
goto exit; goto exit;
} }
psa_key_attributes_t attributes = {
.core = slot->attr
};
/* Try any of the available accelerators first */ /* Try any of the available accelerators first */
status = psa_driver_wrapper_sign_hash( slot, status = psa_driver_wrapper_sign_hash(
alg, &attributes, slot->key.data, slot->key.bytes,
hash, alg, hash, hash_length,
hash_length, signature, signature_size, signature_length );
signature,
signature_size,
signature_length );
if( status != PSA_ERROR_NOT_SUPPORTED || if( status != PSA_ERROR_NOT_SUPPORTED ||
psa_key_lifetime_is_external( slot->attr.lifetime ) ) psa_key_lifetime_is_external( slot->attr.lifetime ) )
goto exit; goto exit;
/* If the operation was not supported by any accelerator, try fallback. */ /* If the operation was not supported by any accelerator, try fallback. */
psa_key_attributes_t attributes = {
.core = slot->attr
};
status = psa_sign_hash_internal( status = psa_sign_hash_internal(
&attributes, slot->key.data, slot->key.bytes, &attributes, slot->key.data, slot->key.bytes,
alg, hash, hash_length, alg, hash, hash_length,
@ -3575,20 +3574,20 @@ psa_status_t psa_verify_hash( mbedtls_svc_key_id_t key,
if( status != PSA_SUCCESS ) if( status != PSA_SUCCESS )
return( status ); return( status );
psa_key_attributes_t attributes = {
.core = slot->attr
};
/* Try any of the available accelerators first */ /* Try any of the available accelerators first */
status = psa_driver_wrapper_verify_hash( slot, status = psa_driver_wrapper_verify_hash(
alg, &attributes, slot->key.data, slot->key.bytes,
hash, alg, hash, hash_length,
hash_length, signature, signature_length );
signature,
signature_length );
if( status != PSA_ERROR_NOT_SUPPORTED || if( status != PSA_ERROR_NOT_SUPPORTED ||
psa_key_lifetime_is_external( slot->attr.lifetime ) ) psa_key_lifetime_is_external( slot->attr.lifetime ) )
goto exit; goto exit;
psa_key_attributes_t attributes = {
.core = slot->attr
};
status = psa_verify_hash_internal( status = psa_verify_hash_internal(
&attributes, slot->key.data, slot->key.bytes, &attributes, slot->key.data, slot->key.bytes,
alg, hash, hash_length, alg, hash, hash_length,

View file

@ -57,21 +57,21 @@
#endif #endif
/* Start delegation functions */ /* Start delegation functions */
psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot, psa_status_t psa_driver_wrapper_sign_hash(
psa_algorithm_t alg, const psa_key_attributes_t *attributes,
const uint8_t *hash, const uint8_t *key_buffer, size_t key_buffer_size,
size_t hash_length, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
uint8_t *signature, uint8_t *signature, size_t signature_size, size_t *signature_length )
size_t signature_size,
size_t *signature_length )
{ {
(void)key_buffer_size;
#if defined(PSA_CRYPTO_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_PRESENT)
/* Try dynamically-registered SE interface first */ /* Try dynamically-registered SE interface first */
#if defined(MBEDTLS_PSA_CRYPTO_SE_C) #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
const psa_drv_se_t *drv; const psa_drv_se_t *drv;
psa_drv_se_context_t *drv_context; psa_drv_se_context_t *drv_context;
if( psa_get_se_driver( slot->attr.lifetime, &drv, &drv_context ) ) if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
{ {
if( drv->asymmetric == NULL || if( drv->asymmetric == NULL ||
drv->asymmetric->p_sign == NULL ) drv->asymmetric->p_sign == NULL )
@ -79,22 +79,18 @@ psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot,
/* Key is defined in SE, but we have no way to exercise it */ /* Key is defined in SE, but we have no way to exercise it */
return( PSA_ERROR_NOT_SUPPORTED ); return( PSA_ERROR_NOT_SUPPORTED );
} }
return( drv->asymmetric->p_sign( drv_context, return( drv->asymmetric->p_sign(
psa_key_slot_get_slot_number( slot ), drv_context, *( (psa_key_slot_number_t *)key_buffer ),
alg, alg, hash, hash_length,
hash, hash_length, signature, signature_size, signature_length ) );
signature, signature_size,
signature_length ) );
} }
#endif /* PSA_CRYPTO_SE_C */ #endif /* PSA_CRYPTO_SE_C */
/* Then try accelerator API */ /* Then try accelerator API */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime); psa_key_location_t location =
psa_key_attributes_t attributes = { PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
.core = slot->attr
};
switch( location ) switch( location )
{ {
@ -102,9 +98,9 @@ psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot,
/* Key is stored in the slot in export representation, so /* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */ * cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_DRIVER_TEST) #if defined(PSA_CRYPTO_DRIVER_TEST)
status = test_transparent_signature_sign_hash( &attributes, status = test_transparent_signature_sign_hash( attributes,
slot->key.data, key_buffer,
slot->key.bytes, key_buffer_size,
alg, alg,
hash, hash,
hash_length, hash_length,
@ -120,9 +116,9 @@ psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot,
/* Add cases for opaque driver here */ /* Add cases for opaque driver here */
#if defined(PSA_CRYPTO_DRIVER_TEST) #if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TEST_DRIVER_LIFETIME: case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
return( test_opaque_signature_sign_hash( &attributes, return( test_opaque_signature_sign_hash( attributes,
slot->key.data, key_buffer,
slot->key.bytes, key_buffer_size,
alg, alg,
hash, hash,
hash_length, hash_length,
@ -138,7 +134,8 @@ psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot,
return( PSA_ERROR_NOT_SUPPORTED ); return( PSA_ERROR_NOT_SUPPORTED );
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
#else /* PSA_CRYPTO_DRIVER_PRESENT */ #else /* PSA_CRYPTO_DRIVER_PRESENT */
(void)slot; (void)attributes;
(void)key_buffer;
(void)alg; (void)alg;
(void)hash; (void)hash;
(void)hash_length; (void)hash_length;
@ -150,20 +147,21 @@ psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot,
#endif /* PSA_CRYPTO_DRIVER_PRESENT */ #endif /* PSA_CRYPTO_DRIVER_PRESENT */
} }
psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot, psa_status_t psa_driver_wrapper_verify_hash(
psa_algorithm_t alg, const psa_key_attributes_t *attributes,
const uint8_t *hash, const uint8_t *key_buffer, size_t key_buffer_size,
size_t hash_length, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
const uint8_t *signature, const uint8_t *signature, size_t signature_length )
size_t signature_length )
{ {
(void)key_buffer_size;
#if defined(PSA_CRYPTO_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_PRESENT)
/* Try dynamically-registered SE interface first */ /* Try dynamically-registered SE interface first */
#if defined(MBEDTLS_PSA_CRYPTO_SE_C) #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
const psa_drv_se_t *drv; const psa_drv_se_t *drv;
psa_drv_se_context_t *drv_context; psa_drv_se_context_t *drv_context;
if( psa_get_se_driver( slot->attr.lifetime, &drv, &drv_context ) ) if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
{ {
if( drv->asymmetric == NULL || if( drv->asymmetric == NULL ||
drv->asymmetric->p_verify == NULL ) drv->asymmetric->p_verify == NULL )
@ -171,10 +169,9 @@ psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot,
/* Key is defined in SE, but we have no way to exercise it */ /* Key is defined in SE, but we have no way to exercise it */
return( PSA_ERROR_NOT_SUPPORTED ); return( PSA_ERROR_NOT_SUPPORTED );
} }
return( drv->asymmetric->p_verify( drv_context, return( drv->asymmetric->p_verify(
psa_key_slot_get_slot_number( slot ), drv_context, *( (psa_key_slot_number_t *)key_buffer ),
alg, alg, hash, hash_length,
hash, hash_length,
signature, signature_length ) ); signature, signature_length ) );
} }
#endif /* PSA_CRYPTO_SE_C */ #endif /* PSA_CRYPTO_SE_C */
@ -182,10 +179,8 @@ psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot,
/* Then try accelerator API */ /* Then try accelerator API */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime); psa_key_location_t location =
psa_key_attributes_t attributes = { PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
.core = slot->attr
};
switch( location ) switch( location )
{ {
@ -193,9 +188,9 @@ psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot,
/* Key is stored in the slot in export representation, so /* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */ * cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_DRIVER_TEST) #if defined(PSA_CRYPTO_DRIVER_TEST)
status = test_transparent_signature_verify_hash( &attributes, status = test_transparent_signature_verify_hash( attributes,
slot->key.data, key_buffer,
slot->key.bytes, key_buffer_size,
alg, alg,
hash, hash,
hash_length, hash_length,
@ -210,9 +205,9 @@ psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot,
/* Add cases for opaque driver here */ /* Add cases for opaque driver here */
#if defined(PSA_CRYPTO_DRIVER_TEST) #if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TEST_DRIVER_LIFETIME: case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
return( test_opaque_signature_verify_hash( &attributes, return( test_opaque_signature_verify_hash( attributes,
slot->key.data, key_buffer,
slot->key.bytes, key_buffer_size,
alg, alg,
hash, hash,
hash_length, hash_length,
@ -227,7 +222,8 @@ psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot,
return( PSA_ERROR_NOT_SUPPORTED ); return( PSA_ERROR_NOT_SUPPORTED );
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
#else /* PSA_CRYPTO_DRIVER_PRESENT */ #else /* PSA_CRYPTO_DRIVER_PRESENT */
(void)slot; (void)attributes;
(void)key_buffer;
(void)alg; (void)alg;
(void)hash; (void)hash;
(void)hash_length; (void)hash_length;

View file

@ -28,20 +28,17 @@
/* /*
* Signature functions * Signature functions
*/ */
psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot, psa_status_t psa_driver_wrapper_sign_hash(
psa_algorithm_t alg, const psa_key_attributes_t *attributes,
const uint8_t *hash, const uint8_t *key_buffer, size_t key_buffer_size,
size_t hash_length, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
uint8_t *signature, uint8_t *signature, size_t signature_size, size_t *signature_length );
size_t signature_size,
size_t *signature_length );
psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot, psa_status_t psa_driver_wrapper_verify_hash(
psa_algorithm_t alg, const psa_key_attributes_t *attributes,
const uint8_t *hash, const uint8_t *key_buffer, size_t key_buffer_size,
size_t hash_length, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
const uint8_t *signature, const uint8_t *signature, size_t signature_length );
size_t signature_length );
/* /*
* Key handling functions * Key handling functions