Use deterministic ECDSA in PSA when we do in legacy
This fixes the two failing cases in test_suite_pk when ECP_RESTARTABLE
and USE_PSA_CRYPTO are both enabled. The two failing cases where
ECDSA restartable sign/verify: ECDSA, max_ops=0 (disabled)
ECDSA restartable sign/verify: ECKEY, max_ops=0 (disabled)
associated with test function pk_sign_verify_restart(). The failure was
caused by the interaction of several things that are each reasonable on
their own:
1. The test function relies on ECDSA restartable, which is reasonable as it
allows making sure that the generated signature is correct with a simple
memcmp().
2. The implementation of pk_sign_restartable() has a shortcut to
dispatch to the sign function (as opposed to sign_restartable) when
restart is disabled (max_ops == 0).
3. When USE_PSA is enabled, the sign function dispatches to PSA, which
so far always used ECDSA (non-deterministic) even when the non-PSA
version would use deterministic ECDSA.
This could be fixed by changing any of those. I chose (3) because I
think it makes sense that when PK dispatches to PSA instead of legacy
this should not change which version of ECDSA is selected.
OTOH, I think it makes sense to keep (2), because that means more
opportunities to dispatch to PSA.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index 5de8fa6..00abffb 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -1162,8 +1162,13 @@
size_t key_len;
unsigned char buf[MBEDTLS_PK_ECP_PRV_DER_MAX_BYTES];
unsigned char *p;
+#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
+ psa_algorithm_t psa_sig_md =
+ PSA_ALG_DETERMINISTIC_ECDSA( mbedtls_hash_info_psa_from_md( md_alg ) );
+#else
psa_algorithm_t psa_sig_md =
PSA_ALG_ECDSA( mbedtls_hash_info_psa_from_md( md_alg ) );
+#endif
size_t curve_bits;
psa_ecc_family_t curve =
mbedtls_ecc_group_to_psa( ctx->grp.id, &curve_bits );