psa: Change psa_driver_wrapper_sign/verify_hash signature
Change psa_driver_wrapper_sign/verify_hash signature
to that of a sign/verify_hash driver entry point.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index fb97b69..b40be07 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3449,22 +3449,21 @@
goto exit;
}
+ psa_key_attributes_t attributes = {
+ .core = slot->attr
+ };
+
/* Try any of the available accelerators first */
- status = psa_driver_wrapper_sign_hash( slot,
- alg,
- hash,
- hash_length,
- signature,
- signature_size,
- signature_length );
+ status = psa_driver_wrapper_sign_hash(
+ &attributes, slot->key.data, slot->key.bytes,
+ alg, hash, hash_length,
+ signature, signature_size, signature_length );
+
if( status != PSA_ERROR_NOT_SUPPORTED ||
psa_key_lifetime_is_external( slot->attr.lifetime ) )
goto exit;
/* If the operation was not supported by any accelerator, try fallback. */
- psa_key_attributes_t attributes = {
- .core = slot->attr
- };
status = psa_sign_hash_internal(
&attributes, slot->key.data, slot->key.bytes,
alg, hash, hash_length,
@@ -3575,20 +3574,20 @@
if( status != PSA_SUCCESS )
return( status );
+ psa_key_attributes_t attributes = {
+ .core = slot->attr
+ };
+
/* Try any of the available accelerators first */
- status = psa_driver_wrapper_verify_hash( slot,
- alg,
- hash,
- hash_length,
- signature,
- signature_length );
+ status = psa_driver_wrapper_verify_hash(
+ &attributes, slot->key.data, slot->key.bytes,
+ alg, hash, hash_length,
+ signature, signature_length );
+
if( status != PSA_ERROR_NOT_SUPPORTED ||
psa_key_lifetime_is_external( slot->attr.lifetime ) )
goto exit;
- psa_key_attributes_t attributes = {
- .core = slot->attr
- };
status = psa_verify_hash_internal(
&attributes, slot->key.data, slot->key.bytes,
alg, hash, hash_length,
diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c
index 3cb7557..7597080 100644
--- a/library/psa_crypto_driver_wrappers.c
+++ b/library/psa_crypto_driver_wrappers.c
@@ -57,21 +57,21 @@
#endif
/* Start delegation functions */
-psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot,
- psa_algorithm_t alg,
- const uint8_t *hash,
- size_t hash_length,
- uint8_t *signature,
- size_t signature_size,
- size_t *signature_length )
+psa_status_t psa_driver_wrapper_sign_hash(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer, size_t key_buffer_size,
+ psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
+ uint8_t *signature, size_t signature_size, size_t *signature_length )
{
+ (void)key_buffer_size;
+
#if defined(PSA_CRYPTO_DRIVER_PRESENT)
/* Try dynamically-registered SE interface first */
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
const psa_drv_se_t *drv;
psa_drv_se_context_t *drv_context;
- if( psa_get_se_driver( slot->attr.lifetime, &drv, &drv_context ) )
+ if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
{
if( drv->asymmetric == NULL ||
drv->asymmetric->p_sign == NULL )
@@ -79,22 +79,18 @@
/* Key is defined in SE, but we have no way to exercise it */
return( PSA_ERROR_NOT_SUPPORTED );
}
- return( drv->asymmetric->p_sign( drv_context,
- psa_key_slot_get_slot_number( slot ),
- alg,
- hash, hash_length,
- signature, signature_size,
- signature_length ) );
+ return( drv->asymmetric->p_sign(
+ drv_context, *( (psa_key_slot_number_t *)key_buffer ),
+ alg, hash, hash_length,
+ signature, signature_size, signature_length ) );
}
#endif /* PSA_CRYPTO_SE_C */
/* Then try accelerator API */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
- psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime);
- psa_key_attributes_t attributes = {
- .core = slot->attr
- };
+ psa_key_location_t location =
+ PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
switch( location )
{
@@ -102,9 +98,9 @@
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_DRIVER_TEST)
- status = test_transparent_signature_sign_hash( &attributes,
- slot->key.data,
- slot->key.bytes,
+ status = test_transparent_signature_sign_hash( attributes,
+ key_buffer,
+ key_buffer_size,
alg,
hash,
hash_length,
@@ -120,9 +116,9 @@
/* Add cases for opaque driver here */
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
- return( test_opaque_signature_sign_hash( &attributes,
- slot->key.data,
- slot->key.bytes,
+ return( test_opaque_signature_sign_hash( attributes,
+ key_buffer,
+ key_buffer_size,
alg,
hash,
hash_length,
@@ -138,7 +134,8 @@
return( PSA_ERROR_NOT_SUPPORTED );
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
#else /* PSA_CRYPTO_DRIVER_PRESENT */
- (void)slot;
+ (void)attributes;
+ (void)key_buffer;
(void)alg;
(void)hash;
(void)hash_length;
@@ -150,20 +147,21 @@
#endif /* PSA_CRYPTO_DRIVER_PRESENT */
}
-psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot,
- psa_algorithm_t alg,
- const uint8_t *hash,
- size_t hash_length,
- const uint8_t *signature,
- size_t signature_length )
+psa_status_t psa_driver_wrapper_verify_hash(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer, size_t key_buffer_size,
+ psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
+ const uint8_t *signature, size_t signature_length )
{
+ (void)key_buffer_size;
+
#if defined(PSA_CRYPTO_DRIVER_PRESENT)
/* Try dynamically-registered SE interface first */
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
const psa_drv_se_t *drv;
psa_drv_se_context_t *drv_context;
- if( psa_get_se_driver( slot->attr.lifetime, &drv, &drv_context ) )
+ if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
{
if( drv->asymmetric == NULL ||
drv->asymmetric->p_verify == NULL )
@@ -171,21 +169,18 @@
/* Key is defined in SE, but we have no way to exercise it */
return( PSA_ERROR_NOT_SUPPORTED );
}
- return( drv->asymmetric->p_verify( drv_context,
- psa_key_slot_get_slot_number( slot ),
- alg,
- hash, hash_length,
- signature, signature_length ) );
+ return( drv->asymmetric->p_verify(
+ drv_context, *( (psa_key_slot_number_t *)key_buffer ),
+ alg, hash, hash_length,
+ signature, signature_length ) );
}
#endif /* PSA_CRYPTO_SE_C */
/* Then try accelerator API */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
- psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime);
- psa_key_attributes_t attributes = {
- .core = slot->attr
- };
+ psa_key_location_t location =
+ PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
switch( location )
{
@@ -193,9 +188,9 @@
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_DRIVER_TEST)
- status = test_transparent_signature_verify_hash( &attributes,
- slot->key.data,
- slot->key.bytes,
+ status = test_transparent_signature_verify_hash( attributes,
+ key_buffer,
+ key_buffer_size,
alg,
hash,
hash_length,
@@ -210,9 +205,9 @@
/* Add cases for opaque driver here */
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
- return( test_opaque_signature_verify_hash( &attributes,
- slot->key.data,
- slot->key.bytes,
+ return( test_opaque_signature_verify_hash( attributes,
+ key_buffer,
+ key_buffer_size,
alg,
hash,
hash_length,
@@ -227,7 +222,8 @@
return( PSA_ERROR_NOT_SUPPORTED );
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
#else /* PSA_CRYPTO_DRIVER_PRESENT */
- (void)slot;
+ (void)attributes;
+ (void)key_buffer;
(void)alg;
(void)hash;
(void)hash_length;
diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h
index ad16cdd..22d22d6 100644
--- a/library/psa_crypto_driver_wrappers.h
+++ b/library/psa_crypto_driver_wrappers.h
@@ -28,20 +28,17 @@
/*
* Signature functions
*/
-psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot,
- psa_algorithm_t alg,
- const uint8_t *hash,
- size_t hash_length,
- uint8_t *signature,
- size_t signature_size,
- size_t *signature_length );
+psa_status_t psa_driver_wrapper_sign_hash(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer, size_t key_buffer_size,
+ psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
+ uint8_t *signature, size_t signature_size, size_t *signature_length );
-psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot,
- psa_algorithm_t alg,
- const uint8_t *hash,
- size_t hash_length,
- const uint8_t *signature,
- size_t signature_length );
+psa_status_t psa_driver_wrapper_verify_hash(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer, size_t key_buffer_size,
+ psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
+ const uint8_t *signature, size_t signature_length );
/*
* Key handling functions