Added ECDSA sign and verify weak functions
diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h
index ddd132b..23d7c8a 100644
--- a/include/psa/crypto_extra.h
+++ b/include/psa/crypto_extra.h
@@ -8,6 +8,7 @@
*
* This file is reserved for vendor-specific definitions.
*/
+
/*
* Copyright (C) 2018, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
@@ -67,6 +68,75 @@
*/
/**
+ * \brief Sign a hash or short message with a vendor defined private key.
+ *
+ * Note that to perform a hash-and-sign signature algorithm, you must
+ * first calculate the hash by calling psa_hash_setup(), psa_hash_update()
+ * and psa_hash_finish(). Then pass the resulting hash as the \p hash
+ * parameter to this function. You can use #PSA_ALG_SIGN_GET_HASH(\p alg)
+ * to determine the hash algorithm to use.
+ *
+ * \param handle Handle to the key to use for the operation.
+ * It must be an asymmetric key pair.
+ * \param alg A signature algorithm that is compatible with
+ * the type of \p handle.
+ * \param[in] hash The hash or message to sign.
+ * \param hash_length Size of the \p hash buffer in bytes.
+ * \param[out] signature Buffer where the signature is to be written.
+ * \param signature_size Size of the \p signature buffer in bytes.
+ * \param[out] signature_length On success, the number of bytes
+ * that make up the returned signature value.
+ *
+ * \retval #PSA_SUCCESS
+ * \retval #PSA_ERROR_BUFFER_TOO_SMALL
+ * The size of the \p signature buffer is too small. You can
+ * determine a sufficient buffer size by calling
+ * #PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg)
+ * where \c key_type and \c key_bits are the type and bit-size
+ * respectively of \p handle.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * \retval Implementation dependent
+ */
+psa_status_t psa_asymmetric_sign_vendor(psa_key_handle_t handle,
+ psa_algorithm_t alg,
+ const uint8_t * hash,
+ size_t hash_length,
+ uint8_t * signature,
+ size_t signature_size,
+ size_t * signature_length);
+
+/**
+ * \brief Verify the signature a hash or short message using a vendor defined public key.
+ *
+ * Note that to perform a hash-and-sign signature algorithm, you must
+ * first calculate the hash by calling psa_hash_setup(), psa_hash_update()
+ * and psa_hash_finish(). Then pass the resulting hash as the \p hash
+ * parameter to this function. You can use #PSA_ALG_SIGN_GET_HASH(\p alg)
+ * to determine the hash algorithm to use.
+ *
+ * \param handle Handle to the key to use for the operation.
+ * It must be a public key or an asymmetric key pair.
+ * \param alg A signature algorithm that is compatible with
+ * the type of \p handle.
+ * \param[in] hash The hash or message whose signature is to be
+ * verified.
+ * \param hash_length Size of the \p hash buffer in bytes.
+ * \param[in] signature Buffer containing the signature to verify.
+ * \param signature_length Size of the \p signature buffer in bytes.
+ *
+ * \retval #PSA_SUCCESS
+ * The signature is valid.
+ * \retval #PSA_ERROR_INVALID_SIGNATURE
+ * \retval Implementation dependent
+ */
+psa_status_t psa_asymmetric_verify_vendor(psa_key_handle_t handle,
+ psa_algorithm_t alg,
+ const uint8_t * hash,
+ size_t hash_length,
+ uint8_t * signature,
+ size_t * signature_length);
+
+/**
* \brief Generate symmetric key of vendor defined format.
*
* \warning This function **can** fail! Callers MUST check the return status
@@ -84,15 +154,7 @@
*
* \retval #PSA_SUCCESS
* \retval #PSA_ERROR_NOT_SUPPORTED
- * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
- * It is implementation-dependent whether a failure to initialize
- * results in this error code.
+ * \retval Implementation dependent
*/
psa_status_t psa_generate_symmetric_vendor(psa_key_type_t type, size_t bits, uint8_t * output, size_t output_size);
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index a7d018b..a9c265c 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3334,6 +3334,41 @@
}
#endif /* MBEDTLS_ECDSA_C */
+// The weakly linked function "psa_asymmetric_sign_vendor_weak" which returns "PSA_ERROR_NOT_SUPPORTED" will be linked if
+// the vendor does not provide a definition for "psa_asymmetric_sign_vendor"
+psa_status_t psa_asymmetric_sign_vendor( psa_key_handle_t handle,
+ psa_algorithm_t alg,
+ const uint8_t *hash,
+ size_t hash_length,
+ uint8_t *signature,
+ size_t signature_size,
+ size_t *signature_length ) __attribute__ ((weak, alias("psa_asymmetric_sign_vendor_weak")));
+psa_status_t psa_asymmetric_sign_vendor_weak( psa_key_handle_t handle,
+ psa_algorithm_t alg,
+ const uint8_t *hash,
+ size_t hash_length,
+ uint8_t *signature,
+ size_t signature_size,
+ size_t *signature_length );
+psa_status_t psa_asymmetric_sign_vendor_weak( psa_key_handle_t handle,
+ psa_algorithm_t alg,
+ const uint8_t *hash,
+ size_t hash_length,
+ uint8_t *signature,
+ size_t signature_size,
+ size_t *signature_length )
+{
+ (void) handle;
+ (void) alg;
+ (void)hash;
+ (void)hash_length;
+ (void)signature;
+ (void)signature_size;
+ (void)signature_length;
+
+
+ return PSA_ERROR_NOT_SUPPORTED;
+}
psa_status_t psa_asymmetric_sign( psa_key_handle_t handle,
psa_algorithm_t alg,
const uint8_t *hash,
@@ -3378,6 +3413,14 @@
}
else
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
+if (PSA_KEY_TYPE_IS_VENDOR_DEFINED(slot->attr.type))
+ {
+ status = psa_asymmetric_sign_vendor(handle,alg,
+ hash, hash_length,
+ signature, signature_size,
+ signature_length );
+ }
+ else
#if defined(MBEDTLS_RSA_C)
if( slot->attr.type == PSA_KEY_TYPE_RSA_KEY_PAIR )
{
@@ -3431,7 +3474,37 @@
* memset because signature may be NULL in this case. */
return( status );
}
+// The weakly linked function "psa_asymmetric_verify_vendor_weak" which returns "PSA_ERROR_NOT_SUPPORTED" will be linked if
+// the vendor does not provide a definition for "psa_asymmetric_verify_vendor"
+psa_status_t psa_asymmetric_verify_vendor( psa_key_handle_t handle,
+ psa_algorithm_t alg,
+ const uint8_t *hash,
+ size_t hash_length,
+ uint8_t *signature,
+ size_t *signature_length ) __attribute__ ((weak, alias("psa_asymmetric_verify_vendor_weak")));
+psa_status_t psa_asymmetric_verify_vendor_weak( psa_key_handle_t handle,
+ psa_algorithm_t alg,
+ const uint8_t *hash,
+ size_t hash_length,
+ uint8_t *signature,
+ size_t *signature_length );
+psa_status_t psa_asymmetric_verify_vendor_weak( psa_key_handle_t handle,
+ psa_algorithm_t alg,
+ const uint8_t *hash,
+ size_t hash_length,
+ uint8_t *signature,
+ size_t *signature_length )
+{
+ (void) handle;
+ (void) alg;
+ (void)hash;
+ (void)hash_length;
+ (void)signature;
+ (void)signature_length;
+
+ return PSA_ERROR_NOT_SUPPORTED;
+}
psa_status_t psa_asymmetric_verify( psa_key_handle_t handle,
psa_algorithm_t alg,
const uint8_t *hash,
@@ -3464,6 +3537,13 @@
}
else
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
+if (PSA_KEY_TYPE_IS_VENDOR_DEFINED(slot->attr.type))
+ {
+ status = psa_asymmetric_verify_vendor(handle,alg,
+ hash, hash_length,
+ signature, signature_length );
+ }
+ else
#if defined(MBEDTLS_RSA_C)
if( PSA_KEY_TYPE_IS_RSA( slot->attr.type ) )
{
diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h
index 0525cf1..fd09ffb 100644
--- a/library/psa_crypto_core.h
+++ b/library/psa_crypto_core.h
@@ -133,13 +133,39 @@
* \param[in,out] slot The key slot to modify.
* \param mask The mask of bits to clear.
*/
-static inline void psa_key_slot_clear_bits(psa_key_slot_t *slot,
- uint16_t mask)
+static inline void psa_key_slot_clear_bits (psa_key_slot_t * slot, uint16_t mask)
{
slot->attr.flags &= ~mask;
}
/**
+ * \brief Generate a vendor defined key or key pair.
+ *
+ * \note This function has to be defined by the vendor.
+ * A weakly linked version is provided by default and returns
+ * PSA_ERROR_NOT_SUPPORTED. Do not use this function directly;
+ * to generate a key, use psa_generate_key() instead.
+ *
+ * \param[in] slot
+ * \param[in] bits
+ * \param[in] domain_parameters
+ * \param[in] domain_parameters_size
+ *
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ * If the key is persistent, the key material and the key's metadata
+ * have been saved to persistent storage.
+ *
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * \retval Implementation dependent.
+ */
+psa_status_t psa_generate_key_vendor(psa_key_slot_t * slot,
+ size_t bits,
+ const uint8_t * domain_parameters,
+ size_t domain_parameters_size);
+
+/**
* \brief Prepare a slot for vendor defined key type.
*
* \warning This function **can** fail! Callers MUST check the return status