Remove salt from asymmetric_{sign,verify}
No common signature algorithm uses a salt (RSA-PKCS#1v1.5, RSA-PSS,
DSA, ECDSA, EdDSA). We don't even take an IV for MAC whereas MAC
algorithms with IV are uncommon but heard of. So remove the salt
parameter from psa_asymmetric_sign and psa_asymmetric_verify.
diff --git a/include/psa/crypto.h b/include/psa/crypto.h
index 8ac817a..68e3b0a 100644
--- a/include/psa/crypto.h
+++ b/include/psa/crypto.h
@@ -2241,15 +2241,6 @@
* the type of \p key.
* \param[in] hash The hash or message to sign.
* \param hash_length Size of the \p hash buffer in bytes.
- * \param[in] salt A salt or label, if supported by the
- * signature algorithm.
- * If the signature algorithm does not support
- * a salt, pass \c NULL.
- * If the signature algorithm supports an
- * optional salt and you do not want to pass
- * a salt, pass \c NULL.
- * \param salt_length Size of the \p salt buffer in bytes.
- * If \p salt is \c NULL, pass 0.
* \param[out] signature Buffer where the signature is to be written.
* \param signature_size Size of the \p signature buffer in bytes.
* \param[out] signature_length On success, the number of bytes
@@ -2274,8 +2265,6 @@
psa_algorithm_t alg,
const uint8_t *hash,
size_t hash_length,
- const uint8_t *salt,
- size_t salt_length,
uint8_t *signature,
size_t signature_size,
size_t *signature_length);
@@ -2296,15 +2285,6 @@
* \param[in] hash The hash or message whose signature is to be
* verified.
* \param hash_length Size of the \p hash buffer in bytes.
- * \param[in] salt A salt or label, if supported by the signature
- * algorithm.
- * If the signature algorithm does not support a
- * salt, pass \c NULL.
- * If the signature algorithm supports an optional
- * salt and you do not want to pass a salt,
- * pass \c NULL.
- * \param salt_length Size of the \p salt buffer in bytes.
- * If \p salt is \c NULL, pass 0.
* \param[in] signature Buffer containing the signature to verify.
* \param signature_length Size of the \p signature buffer in bytes.
*
@@ -2324,8 +2304,6 @@
psa_algorithm_t alg,
const uint8_t *hash,
size_t hash_length,
- const uint8_t *salt,
- size_t salt_length,
const uint8_t *signature,
size_t signature_length);
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index eb140ea..9988ec0 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -1983,8 +1983,6 @@
psa_algorithm_t alg,
const uint8_t *hash,
size_t hash_length,
- const uint8_t *salt,
- size_t salt_length,
uint8_t *signature,
size_t signature_size,
size_t *signature_length )
@@ -1994,9 +1992,6 @@
*signature_length = signature_size;
- (void) salt;
- (void) salt_length;
-
status = psa_get_key_from_slot( key, &slot, PSA_KEY_USAGE_SIGN, alg );
if( status != PSA_SUCCESS )
goto exit;
@@ -2058,17 +2053,12 @@
psa_algorithm_t alg,
const uint8_t *hash,
size_t hash_length,
- const uint8_t *salt,
- size_t salt_length,
const uint8_t *signature,
size_t signature_length )
{
key_slot_t *slot;
psa_status_t status;
- (void) salt;
- (void) salt_length;
-
status = psa_get_key_from_slot( key, &slot, PSA_KEY_USAGE_VERIFY, alg );
if( status != PSA_SUCCESS )
return( status );
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index cbb3f37..9505ab6 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -294,7 +294,6 @@
{
TEST_ASSERT( psa_asymmetric_sign( key, alg,
payload, payload_length,
- NULL, 0,
signature, sizeof( signature ),
&signature_length ) == PSA_SUCCESS );
}
@@ -307,7 +306,6 @@
PSA_ERROR_INVALID_SIGNATURE );
TEST_ASSERT( psa_asymmetric_verify( key, alg,
payload, payload_length,
- NULL, 0,
signature, signature_length ) ==
verify_status );
}
@@ -965,7 +963,6 @@
status = psa_asymmetric_sign( key_slot, exercise_alg,
payload, payload_length,
- NULL, 0,
signature, sizeof( signature ),
&signature_length );
if( policy_alg == exercise_alg &&
@@ -977,7 +974,6 @@
memset( signature, 0, sizeof( signature ) );
status = psa_asymmetric_verify( key_slot, exercise_alg,
payload, payload_length,
- NULL, 0,
signature, sizeof( signature ) );
if( policy_alg == exercise_alg &&
( policy_usage & PSA_KEY_USAGE_VERIFY ) != 0 )
@@ -2011,7 +2007,6 @@
/* Perform the signature. */
TEST_ASSERT( psa_asymmetric_sign( slot, alg,
input_data->x, input_data->len,
- NULL, 0,
signature, signature_size,
&signature_length ) == PSA_SUCCESS );
/* Verify that the signature is what is expected. */
@@ -2061,7 +2056,6 @@
actual_status = psa_asymmetric_sign( slot, alg,
input_data->x, input_data->len,
- NULL, 0,
signature, signature_size,
&signature_length );
TEST_ASSERT( actual_status == expected_status );
@@ -2118,7 +2112,6 @@
/* Perform the signature. */
TEST_ASSERT( psa_asymmetric_sign( slot, alg,
input_data->x, input_data->len,
- NULL, 0,
signature, signature_size,
&signature_length ) == PSA_SUCCESS );
/* Check that the signature length looks sensible. */
@@ -2129,7 +2122,6 @@
TEST_ASSERT( psa_asymmetric_verify(
slot, alg,
input_data->x, input_data->len,
- NULL, 0,
signature, signature_length ) == PSA_SUCCESS );
if( input_data->len != 0 )
@@ -2141,7 +2133,6 @@
TEST_ASSERT( psa_asymmetric_verify(
slot, alg,
input_data->x, input_data->len,
- NULL, 0,
signature,
signature_length ) == PSA_ERROR_INVALID_SIGNATURE );
}
@@ -2184,7 +2175,6 @@
TEST_ASSERT( psa_asymmetric_verify( slot, alg,
hash_data->x, hash_data->len,
- NULL, 0,
signature_data->x,
signature_data->len ) == PSA_SUCCESS );
exit:
@@ -2225,7 +2215,6 @@
actual_status = psa_asymmetric_verify( slot, alg,
hash_data->x, hash_data->len,
- NULL, 0,
signature_data->x,
signature_data->len );