mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-27 03:25:55 +00:00
psa: Change psa_driver_wrapper_sign/verify_hash signature
Change psa_driver_wrapper_sign/verify_hash signature to that of a sign/verify_hash driver entry point. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
parent
1865993763
commit
9f17aa48c2
|
@ -3449,22 +3449,21 @@ psa_status_t psa_sign_hash( mbedtls_svc_key_id_t key,
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
psa_key_attributes_t attributes = {
|
||||||
|
.core = slot->attr
|
||||||
|
};
|
||||||
|
|
||||||
/* Try any of the available accelerators first */
|
/* Try any of the available accelerators first */
|
||||||
status = psa_driver_wrapper_sign_hash( slot,
|
status = psa_driver_wrapper_sign_hash(
|
||||||
alg,
|
&attributes, slot->key.data, slot->key.bytes,
|
||||||
hash,
|
alg, hash, hash_length,
|
||||||
hash_length,
|
signature, signature_size, signature_length );
|
||||||
signature,
|
|
||||||
signature_size,
|
|
||||||
signature_length );
|
|
||||||
if( status != PSA_ERROR_NOT_SUPPORTED ||
|
if( status != PSA_ERROR_NOT_SUPPORTED ||
|
||||||
psa_key_lifetime_is_external( slot->attr.lifetime ) )
|
psa_key_lifetime_is_external( slot->attr.lifetime ) )
|
||||||
goto exit;
|
goto exit;
|
||||||
|
|
||||||
/* If the operation was not supported by any accelerator, try fallback. */
|
/* If the operation was not supported by any accelerator, try fallback. */
|
||||||
psa_key_attributes_t attributes = {
|
|
||||||
.core = slot->attr
|
|
||||||
};
|
|
||||||
status = psa_sign_hash_internal(
|
status = psa_sign_hash_internal(
|
||||||
&attributes, slot->key.data, slot->key.bytes,
|
&attributes, slot->key.data, slot->key.bytes,
|
||||||
alg, hash, hash_length,
|
alg, hash, hash_length,
|
||||||
|
@ -3575,20 +3574,20 @@ psa_status_t psa_verify_hash( mbedtls_svc_key_id_t key,
|
||||||
if( status != PSA_SUCCESS )
|
if( status != PSA_SUCCESS )
|
||||||
return( status );
|
return( status );
|
||||||
|
|
||||||
|
psa_key_attributes_t attributes = {
|
||||||
|
.core = slot->attr
|
||||||
|
};
|
||||||
|
|
||||||
/* Try any of the available accelerators first */
|
/* Try any of the available accelerators first */
|
||||||
status = psa_driver_wrapper_verify_hash( slot,
|
status = psa_driver_wrapper_verify_hash(
|
||||||
alg,
|
&attributes, slot->key.data, slot->key.bytes,
|
||||||
hash,
|
alg, hash, hash_length,
|
||||||
hash_length,
|
signature, signature_length );
|
||||||
signature,
|
|
||||||
signature_length );
|
|
||||||
if( status != PSA_ERROR_NOT_SUPPORTED ||
|
if( status != PSA_ERROR_NOT_SUPPORTED ||
|
||||||
psa_key_lifetime_is_external( slot->attr.lifetime ) )
|
psa_key_lifetime_is_external( slot->attr.lifetime ) )
|
||||||
goto exit;
|
goto exit;
|
||||||
|
|
||||||
psa_key_attributes_t attributes = {
|
|
||||||
.core = slot->attr
|
|
||||||
};
|
|
||||||
status = psa_verify_hash_internal(
|
status = psa_verify_hash_internal(
|
||||||
&attributes, slot->key.data, slot->key.bytes,
|
&attributes, slot->key.data, slot->key.bytes,
|
||||||
alg, hash, hash_length,
|
alg, hash, hash_length,
|
||||||
|
|
|
@ -57,21 +57,21 @@
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/* Start delegation functions */
|
/* Start delegation functions */
|
||||||
psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot,
|
psa_status_t psa_driver_wrapper_sign_hash(
|
||||||
psa_algorithm_t alg,
|
const psa_key_attributes_t *attributes,
|
||||||
const uint8_t *hash,
|
const uint8_t *key_buffer, size_t key_buffer_size,
|
||||||
size_t hash_length,
|
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
|
||||||
uint8_t *signature,
|
uint8_t *signature, size_t signature_size, size_t *signature_length )
|
||||||
size_t signature_size,
|
|
||||||
size_t *signature_length )
|
|
||||||
{
|
{
|
||||||
|
(void)key_buffer_size;
|
||||||
|
|
||||||
#if defined(PSA_CRYPTO_DRIVER_PRESENT)
|
#if defined(PSA_CRYPTO_DRIVER_PRESENT)
|
||||||
/* Try dynamically-registered SE interface first */
|
/* Try dynamically-registered SE interface first */
|
||||||
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
|
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
|
||||||
const psa_drv_se_t *drv;
|
const psa_drv_se_t *drv;
|
||||||
psa_drv_se_context_t *drv_context;
|
psa_drv_se_context_t *drv_context;
|
||||||
|
|
||||||
if( psa_get_se_driver( slot->attr.lifetime, &drv, &drv_context ) )
|
if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
|
||||||
{
|
{
|
||||||
if( drv->asymmetric == NULL ||
|
if( drv->asymmetric == NULL ||
|
||||||
drv->asymmetric->p_sign == NULL )
|
drv->asymmetric->p_sign == NULL )
|
||||||
|
@ -79,22 +79,18 @@ psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot,
|
||||||
/* Key is defined in SE, but we have no way to exercise it */
|
/* Key is defined in SE, but we have no way to exercise it */
|
||||||
return( PSA_ERROR_NOT_SUPPORTED );
|
return( PSA_ERROR_NOT_SUPPORTED );
|
||||||
}
|
}
|
||||||
return( drv->asymmetric->p_sign( drv_context,
|
return( drv->asymmetric->p_sign(
|
||||||
psa_key_slot_get_slot_number( slot ),
|
drv_context, *( (psa_key_slot_number_t *)key_buffer ),
|
||||||
alg,
|
alg, hash, hash_length,
|
||||||
hash, hash_length,
|
signature, signature_size, signature_length ) );
|
||||||
signature, signature_size,
|
|
||||||
signature_length ) );
|
|
||||||
}
|
}
|
||||||
#endif /* PSA_CRYPTO_SE_C */
|
#endif /* PSA_CRYPTO_SE_C */
|
||||||
|
|
||||||
/* Then try accelerator API */
|
/* Then try accelerator API */
|
||||||
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
|
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
|
||||||
psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
|
psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
|
||||||
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime);
|
psa_key_location_t location =
|
||||||
psa_key_attributes_t attributes = {
|
PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
|
||||||
.core = slot->attr
|
|
||||||
};
|
|
||||||
|
|
||||||
switch( location )
|
switch( location )
|
||||||
{
|
{
|
||||||
|
@ -102,9 +98,9 @@ psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot,
|
||||||
/* Key is stored in the slot in export representation, so
|
/* Key is stored in the slot in export representation, so
|
||||||
* cycle through all known transparent accelerators */
|
* cycle through all known transparent accelerators */
|
||||||
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
||||||
status = test_transparent_signature_sign_hash( &attributes,
|
status = test_transparent_signature_sign_hash( attributes,
|
||||||
slot->key.data,
|
key_buffer,
|
||||||
slot->key.bytes,
|
key_buffer_size,
|
||||||
alg,
|
alg,
|
||||||
hash,
|
hash,
|
||||||
hash_length,
|
hash_length,
|
||||||
|
@ -120,9 +116,9 @@ psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot,
|
||||||
/* Add cases for opaque driver here */
|
/* Add cases for opaque driver here */
|
||||||
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
||||||
case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
|
case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
|
||||||
return( test_opaque_signature_sign_hash( &attributes,
|
return( test_opaque_signature_sign_hash( attributes,
|
||||||
slot->key.data,
|
key_buffer,
|
||||||
slot->key.bytes,
|
key_buffer_size,
|
||||||
alg,
|
alg,
|
||||||
hash,
|
hash,
|
||||||
hash_length,
|
hash_length,
|
||||||
|
@ -138,7 +134,8 @@ psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot,
|
||||||
return( PSA_ERROR_NOT_SUPPORTED );
|
return( PSA_ERROR_NOT_SUPPORTED );
|
||||||
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
|
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
|
||||||
#else /* PSA_CRYPTO_DRIVER_PRESENT */
|
#else /* PSA_CRYPTO_DRIVER_PRESENT */
|
||||||
(void)slot;
|
(void)attributes;
|
||||||
|
(void)key_buffer;
|
||||||
(void)alg;
|
(void)alg;
|
||||||
(void)hash;
|
(void)hash;
|
||||||
(void)hash_length;
|
(void)hash_length;
|
||||||
|
@ -150,20 +147,21 @@ psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot,
|
||||||
#endif /* PSA_CRYPTO_DRIVER_PRESENT */
|
#endif /* PSA_CRYPTO_DRIVER_PRESENT */
|
||||||
}
|
}
|
||||||
|
|
||||||
psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot,
|
psa_status_t psa_driver_wrapper_verify_hash(
|
||||||
psa_algorithm_t alg,
|
const psa_key_attributes_t *attributes,
|
||||||
const uint8_t *hash,
|
const uint8_t *key_buffer, size_t key_buffer_size,
|
||||||
size_t hash_length,
|
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
|
||||||
const uint8_t *signature,
|
const uint8_t *signature, size_t signature_length )
|
||||||
size_t signature_length )
|
|
||||||
{
|
{
|
||||||
|
(void)key_buffer_size;
|
||||||
|
|
||||||
#if defined(PSA_CRYPTO_DRIVER_PRESENT)
|
#if defined(PSA_CRYPTO_DRIVER_PRESENT)
|
||||||
/* Try dynamically-registered SE interface first */
|
/* Try dynamically-registered SE interface first */
|
||||||
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
|
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
|
||||||
const psa_drv_se_t *drv;
|
const psa_drv_se_t *drv;
|
||||||
psa_drv_se_context_t *drv_context;
|
psa_drv_se_context_t *drv_context;
|
||||||
|
|
||||||
if( psa_get_se_driver( slot->attr.lifetime, &drv, &drv_context ) )
|
if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
|
||||||
{
|
{
|
||||||
if( drv->asymmetric == NULL ||
|
if( drv->asymmetric == NULL ||
|
||||||
drv->asymmetric->p_verify == NULL )
|
drv->asymmetric->p_verify == NULL )
|
||||||
|
@ -171,10 +169,9 @@ psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot,
|
||||||
/* Key is defined in SE, but we have no way to exercise it */
|
/* Key is defined in SE, but we have no way to exercise it */
|
||||||
return( PSA_ERROR_NOT_SUPPORTED );
|
return( PSA_ERROR_NOT_SUPPORTED );
|
||||||
}
|
}
|
||||||
return( drv->asymmetric->p_verify( drv_context,
|
return( drv->asymmetric->p_verify(
|
||||||
psa_key_slot_get_slot_number( slot ),
|
drv_context, *( (psa_key_slot_number_t *)key_buffer ),
|
||||||
alg,
|
alg, hash, hash_length,
|
||||||
hash, hash_length,
|
|
||||||
signature, signature_length ) );
|
signature, signature_length ) );
|
||||||
}
|
}
|
||||||
#endif /* PSA_CRYPTO_SE_C */
|
#endif /* PSA_CRYPTO_SE_C */
|
||||||
|
@ -182,10 +179,8 @@ psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot,
|
||||||
/* Then try accelerator API */
|
/* Then try accelerator API */
|
||||||
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
|
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
|
||||||
psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
|
psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
|
||||||
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime);
|
psa_key_location_t location =
|
||||||
psa_key_attributes_t attributes = {
|
PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
|
||||||
.core = slot->attr
|
|
||||||
};
|
|
||||||
|
|
||||||
switch( location )
|
switch( location )
|
||||||
{
|
{
|
||||||
|
@ -193,9 +188,9 @@ psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot,
|
||||||
/* Key is stored in the slot in export representation, so
|
/* Key is stored in the slot in export representation, so
|
||||||
* cycle through all known transparent accelerators */
|
* cycle through all known transparent accelerators */
|
||||||
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
||||||
status = test_transparent_signature_verify_hash( &attributes,
|
status = test_transparent_signature_verify_hash( attributes,
|
||||||
slot->key.data,
|
key_buffer,
|
||||||
slot->key.bytes,
|
key_buffer_size,
|
||||||
alg,
|
alg,
|
||||||
hash,
|
hash,
|
||||||
hash_length,
|
hash_length,
|
||||||
|
@ -210,9 +205,9 @@ psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot,
|
||||||
/* Add cases for opaque driver here */
|
/* Add cases for opaque driver here */
|
||||||
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
||||||
case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
|
case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
|
||||||
return( test_opaque_signature_verify_hash( &attributes,
|
return( test_opaque_signature_verify_hash( attributes,
|
||||||
slot->key.data,
|
key_buffer,
|
||||||
slot->key.bytes,
|
key_buffer_size,
|
||||||
alg,
|
alg,
|
||||||
hash,
|
hash,
|
||||||
hash_length,
|
hash_length,
|
||||||
|
@ -227,7 +222,8 @@ psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot,
|
||||||
return( PSA_ERROR_NOT_SUPPORTED );
|
return( PSA_ERROR_NOT_SUPPORTED );
|
||||||
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
|
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
|
||||||
#else /* PSA_CRYPTO_DRIVER_PRESENT */
|
#else /* PSA_CRYPTO_DRIVER_PRESENT */
|
||||||
(void)slot;
|
(void)attributes;
|
||||||
|
(void)key_buffer;
|
||||||
(void)alg;
|
(void)alg;
|
||||||
(void)hash;
|
(void)hash;
|
||||||
(void)hash_length;
|
(void)hash_length;
|
||||||
|
|
|
@ -28,20 +28,17 @@
|
||||||
/*
|
/*
|
||||||
* Signature functions
|
* Signature functions
|
||||||
*/
|
*/
|
||||||
psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot,
|
psa_status_t psa_driver_wrapper_sign_hash(
|
||||||
psa_algorithm_t alg,
|
const psa_key_attributes_t *attributes,
|
||||||
const uint8_t *hash,
|
const uint8_t *key_buffer, size_t key_buffer_size,
|
||||||
size_t hash_length,
|
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
|
||||||
uint8_t *signature,
|
uint8_t *signature, size_t signature_size, size_t *signature_length );
|
||||||
size_t signature_size,
|
|
||||||
size_t *signature_length );
|
|
||||||
|
|
||||||
psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot,
|
psa_status_t psa_driver_wrapper_verify_hash(
|
||||||
psa_algorithm_t alg,
|
const psa_key_attributes_t *attributes,
|
||||||
const uint8_t *hash,
|
const uint8_t *key_buffer, size_t key_buffer_size,
|
||||||
size_t hash_length,
|
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
|
||||||
const uint8_t *signature,
|
const uint8_t *signature, size_t signature_length );
|
||||||
size_t signature_length );
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Key handling functions
|
* Key handling functions
|
||||||
|
|
Loading…
Reference in a new issue