psa: sign: Return INVALID_ARGUMENT instead of NOT_SUPPORTED
To run succesfully the test "PSA sign: invalid algorithm for ECC key" of test_suite_psa_crypto when ECDSA support is not included in the library, always return INVALID_ARGUMENT in case of an ECC key not used for ECDSA, whether ECDSA support is present or not. Then apply the same logic to RSA sign RSA and RSA/ECC verify for the sake of consistency. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
parent
9f97c6ecdf
commit
4501c98fc2
1 changed files with 66 additions and 57 deletions
|
@ -2951,30 +2951,20 @@ psa_status_t psa_sign_hash_internal(
|
|||
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
|
||||
uint8_t *signature, size_t signature_size, size_t *signature_length )
|
||||
{
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
|
||||
defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
|
||||
if( attributes->core.type == PSA_KEY_TYPE_RSA_KEY_PAIR )
|
||||
{
|
||||
return( mbedtls_psa_rsa_sign_hash(
|
||||
attributes,
|
||||
key_buffer, key_buffer_size,
|
||||
alg, hash, hash_length,
|
||||
signature, signature_size, signature_length ) );
|
||||
}
|
||||
else
|
||||
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) ||
|
||||
* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) */
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
|
||||
defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
|
||||
if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) )
|
||||
{
|
||||
if( PSA_ALG_IS_ECDSA( alg ) )
|
||||
if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) ||
|
||||
PSA_ALG_IS_RSA_PSS( alg) )
|
||||
{
|
||||
return( mbedtls_psa_ecdsa_sign_hash(
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
|
||||
defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
|
||||
return( mbedtls_psa_rsa_sign_hash(
|
||||
attributes,
|
||||
key_buffer, key_buffer_size,
|
||||
alg, hash, hash_length,
|
||||
signature, signature_size, signature_length ) );
|
||||
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) ||
|
||||
* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) */
|
||||
}
|
||||
else
|
||||
{
|
||||
|
@ -2982,21 +2972,35 @@ psa_status_t psa_sign_hash_internal(
|
|||
}
|
||||
}
|
||||
else
|
||||
if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) )
|
||||
{
|
||||
if( PSA_ALG_IS_ECDSA( alg ) )
|
||||
{
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
|
||||
defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
|
||||
return( mbedtls_psa_ecdsa_sign_hash(
|
||||
attributes,
|
||||
key_buffer, key_buffer_size,
|
||||
alg, hash, hash_length,
|
||||
signature, signature_size, signature_length ) );
|
||||
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) ||
|
||||
* defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */
|
||||
{
|
||||
(void)attributes;
|
||||
(void)key_buffer;
|
||||
(void)key_buffer_size;
|
||||
(void)alg;
|
||||
(void)hash;
|
||||
(void)hash_length;
|
||||
(void)signature;
|
||||
(void)signature_size;
|
||||
(void)signature_length;
|
||||
|
||||
return( PSA_ERROR_NOT_SUPPORTED );
|
||||
}
|
||||
else
|
||||
{
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
}
|
||||
}
|
||||
|
||||
(void)key_buffer;
|
||||
(void)key_buffer_size;
|
||||
(void)hash;
|
||||
(void)hash_length;
|
||||
(void)signature;
|
||||
(void)signature_size;
|
||||
(void)signature_length;
|
||||
|
||||
return( PSA_ERROR_NOT_SUPPORTED );
|
||||
}
|
||||
|
||||
psa_status_t psa_sign_hash( mbedtls_svc_key_id_t key,
|
||||
|
@ -3063,50 +3067,55 @@ psa_status_t psa_verify_hash_internal(
|
|||
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
|
||||
const uint8_t *signature, size_t signature_length )
|
||||
{
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
|
||||
defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
|
||||
if( PSA_KEY_TYPE_IS_RSA( attributes->core.type ) )
|
||||
{
|
||||
return( mbedtls_psa_rsa_verify_hash(
|
||||
attributes,
|
||||
key_buffer, key_buffer_size,
|
||||
alg, hash, hash_length,
|
||||
signature, signature_length ) );
|
||||
}
|
||||
else
|
||||
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) ||
|
||||
* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) */
|
||||
if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) )
|
||||
{
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
|
||||
defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
|
||||
if( PSA_ALG_IS_ECDSA( alg ) )
|
||||
if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) ||
|
||||
PSA_ALG_IS_RSA_PSS( alg) )
|
||||
{
|
||||
return( mbedtls_psa_ecdsa_verify_hash(
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
|
||||
defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
|
||||
return( mbedtls_psa_rsa_verify_hash(
|
||||
attributes,
|
||||
key_buffer, key_buffer_size,
|
||||
alg, hash, hash_length,
|
||||
signature, signature_length ) );
|
||||
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) ||
|
||||
* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) */
|
||||
}
|
||||
else
|
||||
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) ||
|
||||
* defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */
|
||||
{
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
}
|
||||
}
|
||||
else
|
||||
if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) )
|
||||
{
|
||||
(void)key_buffer;
|
||||
(void)key_buffer_size;
|
||||
(void)alg;
|
||||
(void)hash;
|
||||
(void)hash_length;
|
||||
(void)signature;
|
||||
(void)signature_length;
|
||||
|
||||
return( PSA_ERROR_NOT_SUPPORTED );
|
||||
if( PSA_ALG_IS_ECDSA( alg ) )
|
||||
{
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
|
||||
defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
|
||||
return( mbedtls_psa_ecdsa_verify_hash(
|
||||
attributes,
|
||||
key_buffer, key_buffer_size,
|
||||
alg, hash, hash_length,
|
||||
signature, signature_length ) );
|
||||
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) ||
|
||||
* defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */
|
||||
}
|
||||
else
|
||||
{
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
}
|
||||
}
|
||||
|
||||
(void)key_buffer;
|
||||
(void)key_buffer_size;
|
||||
(void)hash;
|
||||
(void)hash_length;
|
||||
(void)signature;
|
||||
(void)signature_length;
|
||||
|
||||
return( PSA_ERROR_NOT_SUPPORTED );
|
||||
}
|
||||
|
||||
psa_status_t psa_verify_hash( mbedtls_svc_key_id_t key,
|
||||
|
|
Loading…
Reference in a new issue