psa: Call sign/verify hash software implementation as a driver
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 2176d9f..6e9e191 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3459,16 +3459,6 @@
alg, hash, hash_length,
signature, signature_size, signature_length );
- if( status != PSA_ERROR_NOT_SUPPORTED ||
- psa_key_lifetime_is_external( slot->attr.lifetime ) )
- goto exit;
-
- /* If the operation was not supported by any accelerator, try fallback. */
- status = psa_sign_hash_internal(
- &attributes, slot->key.data, slot->key.bytes,
- alg, hash, hash_length,
- signature, signature_size, signature_length );
-
exit:
/* Fill the unused part of the output buffer (the whole buffer on error,
* the trailing part on success) with something that isn't a valid mac
@@ -3584,16 +3574,6 @@
alg, hash, hash_length,
signature, signature_length );
- if( status != PSA_ERROR_NOT_SUPPORTED ||
- psa_key_lifetime_is_external( slot->attr.lifetime ) )
- goto exit;
-
- status = psa_verify_hash_internal(
- &attributes, slot->key.data, slot->key.bytes,
- alg, hash, hash_length,
- signature, signature_length );
-
-exit:
unlock_status = psa_unlock_key_slot( slot );
return( ( status == PSA_SUCCESS ) ? unlock_status : status );
diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c
index 7597080..7e42e48 100644
--- a/library/psa_crypto_driver_wrappers.c
+++ b/library/psa_crypto_driver_wrappers.c
@@ -65,7 +65,6 @@
{
(void)key_buffer_size;
-#if defined(PSA_CRYPTO_DRIVER_PRESENT)
/* Try dynamically-registered SE interface first */
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
const psa_drv_se_t *drv;
@@ -86,9 +85,7 @@
}
#endif /* PSA_CRYPTO_SE_C */
- /* Then try accelerator API */
-#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
- psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_location_t location =
PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
@@ -97,6 +94,7 @@
case PSA_KEY_LOCATION_LOCAL_STORAGE:
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
+#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
status = test_transparent_signature_sign_hash( attributes,
key_buffer,
@@ -111,9 +109,20 @@
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
+#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
/* Fell through, meaning no accelerator supports this operation */
- return( PSA_ERROR_NOT_SUPPORTED );
+ return( psa_sign_hash_internal( attributes,
+ key_buffer,
+ key_buffer_size,
+ alg,
+ hash,
+ hash_length,
+ signature,
+ signature_size,
+ signature_length ) );
+
/* Add cases for opaque driver here */
+#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
return( test_opaque_signature_sign_hash( attributes,
@@ -126,25 +135,12 @@
signature_size,
signature_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
+#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
default:
/* Key is declared with a lifetime not known to us */
- return( status );
+ (void)status;
+ return( PSA_ERROR_INVALID_ARGUMENT );
}
-#else /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
- return( PSA_ERROR_NOT_SUPPORTED );
-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
-#else /* PSA_CRYPTO_DRIVER_PRESENT */
- (void)attributes;
- (void)key_buffer;
- (void)alg;
- (void)hash;
- (void)hash_length;
- (void)signature;
- (void)signature_size;
- (void)signature_length;
-
- return( PSA_ERROR_NOT_SUPPORTED );
-#endif /* PSA_CRYPTO_DRIVER_PRESENT */
}
psa_status_t psa_driver_wrapper_verify_hash(
@@ -155,7 +151,6 @@
{
(void)key_buffer_size;
-#if defined(PSA_CRYPTO_DRIVER_PRESENT)
/* Try dynamically-registered SE interface first */
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
const psa_drv_se_t *drv;
@@ -176,9 +171,7 @@
}
#endif /* PSA_CRYPTO_SE_C */
- /* Then try accelerator API */
-#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
- psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_location_t location =
PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
@@ -187,6 +180,7 @@
case PSA_KEY_LOCATION_LOCAL_STORAGE:
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
+#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
status = test_transparent_signature_verify_hash( attributes,
key_buffer,
@@ -200,9 +194,19 @@
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
- /* Fell through, meaning no accelerator supports this operation */
- return( PSA_ERROR_NOT_SUPPORTED );
+#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+
+ return( psa_verify_hash_internal( attributes,
+ key_buffer,
+ key_buffer_size,
+ alg,
+ hash,
+ hash_length,
+ signature,
+ signature_length ) );
+
/* Add cases for opaque driver here */
+#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
return( test_opaque_signature_verify_hash( attributes,
@@ -214,24 +218,12 @@
signature,
signature_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
+#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
default:
/* Key is declared with a lifetime not known to us */
- return( status );
+ (void)status;
+ return( PSA_ERROR_INVALID_ARGUMENT );
}
-#else /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
- return( PSA_ERROR_NOT_SUPPORTED );
-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
-#else /* PSA_CRYPTO_DRIVER_PRESENT */
- (void)attributes;
- (void)key_buffer;
- (void)alg;
- (void)hash;
- (void)hash_length;
- (void)signature;
- (void)signature_length;
-
- return( PSA_ERROR_NOT_SUPPORTED );
-#endif /* PSA_CRYPTO_DRIVER_PRESENT */
}
/** Get the key buffer size for the key material of a generated key in the
