Rename some signature-related identifiers
Rename some macros and functions related to signature which are
changing as part of the addition of psa_sign_message and
psa_verify_message.
perl -i -pe '%t = (
PSA_KEY_USAGE_SIGN => PSA_KEY_USAGE_SIGN_HASH,
PSA_KEY_USAGE_VERIFY => PSA_KEY_USAGE_VERIFY_HASH,
PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE => PSA_SIGNATURE_MAX_SIZE,
PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE => PSA_SIGN_OUTPUT_SIZE,
psa_asymmetric_sign => psa_sign_hash,
psa_asymmetric_verify => psa_verify_hash,
); s/\b(@{[join("|", keys %t)]})\b/$t{$1}/ge' $(git ls-files . ':!:**/crypto_compat.h')
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index f3f79ab..3ce8df8 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -222,7 +222,7 @@
psa_key_handle_t handle = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN );
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH );
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, key_type );
PSA_ASSERT( psa_import_key( &attributes, key_bytes, key_length,
@@ -291,7 +291,7 @@
unsigned char mac[PSA_MAC_MAX_SIZE] = {0};
size_t mac_length = sizeof( mac );
- if( usage & PSA_KEY_USAGE_SIGN )
+ if( usage & PSA_KEY_USAGE_SIGN_HASH )
{
PSA_ASSERT( psa_mac_sign_setup( &operation,
handle, alg ) );
@@ -302,10 +302,10 @@
&mac_length ) );
}
- if( usage & PSA_KEY_USAGE_VERIFY )
+ if( usage & PSA_KEY_USAGE_VERIFY_HASH )
{
psa_status_t verify_status =
- ( usage & PSA_KEY_USAGE_SIGN ?
+ ( usage & PSA_KEY_USAGE_SIGN_HASH ?
PSA_SUCCESS :
PSA_ERROR_INVALID_SIGNATURE );
PSA_ASSERT( psa_mac_verify_setup( &operation,
@@ -445,7 +445,7 @@
{
unsigned char payload[PSA_HASH_MAX_SIZE] = {1};
size_t payload_length = 16;
- unsigned char signature[PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE] = {0};
+ unsigned char signature[PSA_SIGNATURE_MAX_SIZE] = {0};
size_t signature_length = sizeof( signature );
psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg );
@@ -461,28 +461,28 @@
#endif
}
- if( usage & PSA_KEY_USAGE_SIGN )
+ if( usage & PSA_KEY_USAGE_SIGN_HASH )
{
/* Some algorithms require the payload to have the size of
* the hash encoded in the algorithm. Use this input size
* even for algorithms that allow other input sizes. */
if( hash_alg != 0 )
payload_length = PSA_HASH_SIZE( hash_alg );
- PSA_ASSERT( psa_asymmetric_sign( handle, alg,
- payload, payload_length,
- signature, sizeof( signature ),
- &signature_length ) );
+ PSA_ASSERT( psa_sign_hash( handle, alg,
+ payload, payload_length,
+ signature, sizeof( signature ),
+ &signature_length ) );
}
- if( usage & PSA_KEY_USAGE_VERIFY )
+ if( usage & PSA_KEY_USAGE_VERIFY_HASH )
{
psa_status_t verify_status =
- ( usage & PSA_KEY_USAGE_SIGN ?
+ ( usage & PSA_KEY_USAGE_SIGN_HASH ?
PSA_SUCCESS :
PSA_ERROR_INVALID_SIGNATURE );
- TEST_EQUAL( psa_asymmetric_verify( handle, alg,
- payload, payload_length,
- signature, signature_length ),
+ TEST_EQUAL( psa_verify_hash( handle, alg,
+ payload, payload_length,
+ signature, signature_length ),
verify_status );
}
@@ -1061,8 +1061,8 @@
if( PSA_ALG_IS_MAC( alg ) || PSA_ALG_IS_SIGN( alg ) )
{
return( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ?
- PSA_KEY_USAGE_VERIFY :
- PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY );
+ PSA_KEY_USAGE_VERIFY_HASH :
+ PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH );
}
else if( PSA_ALG_IS_CIPHER( alg ) || PSA_ALG_IS_AEAD( alg ) ||
PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) )
@@ -1725,7 +1725,7 @@
status = psa_mac_sign_setup( &operation, handle, exercise_alg );
if( policy_alg == exercise_alg &&
- ( policy_usage & PSA_KEY_USAGE_SIGN ) != 0 )
+ ( policy_usage & PSA_KEY_USAGE_SIGN_HASH ) != 0 )
PSA_ASSERT( status );
else
TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
@@ -1734,7 +1734,7 @@
memset( mac, 0, sizeof( mac ) );
status = psa_mac_verify_setup( &operation, handle, exercise_alg );
if( policy_alg == exercise_alg &&
- ( policy_usage & PSA_KEY_USAGE_VERIFY ) != 0 )
+ ( policy_usage & PSA_KEY_USAGE_VERIFY_HASH ) != 0 )
PSA_ASSERT( status );
else
TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
@@ -1930,7 +1930,7 @@
* `exercise_alg` is supposed to be forbidden by the policy. */
int compatible_alg = payload_length_arg > 0;
size_t payload_length = compatible_alg ? payload_length_arg : 0;
- unsigned char signature[PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE] = {0};
+ unsigned char signature[PSA_SIGNATURE_MAX_SIZE] = {0};
size_t signature_length;
PSA_ASSERT( psa_crypto_init( ) );
@@ -1942,20 +1942,20 @@
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
&handle ) );
- status = psa_asymmetric_sign( handle, exercise_alg,
- payload, payload_length,
- signature, sizeof( signature ),
- &signature_length );
- if( compatible_alg && ( policy_usage & PSA_KEY_USAGE_SIGN ) != 0 )
+ status = psa_sign_hash( handle, exercise_alg,
+ payload, payload_length,
+ signature, sizeof( signature ),
+ &signature_length );
+ if( compatible_alg && ( policy_usage & PSA_KEY_USAGE_SIGN_HASH ) != 0 )
PSA_ASSERT( status );
else
TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
memset( signature, 0, sizeof( signature ) );
- status = psa_asymmetric_verify( handle, exercise_alg,
- payload, payload_length,
- signature, sizeof( signature ) );
- if( compatible_alg && ( policy_usage & PSA_KEY_USAGE_VERIFY ) != 0 )
+ status = psa_verify_hash( handle, exercise_alg,
+ payload, payload_length,
+ signature, sizeof( signature ) );
+ if( compatible_alg && ( policy_usage & PSA_KEY_USAGE_VERIFY_HASH ) != 0 )
TEST_EQUAL( status, PSA_ERROR_INVALID_SIGNATURE );
else
TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
@@ -2640,7 +2640,7 @@
0x2c, 0xf9, 0x18, 0xca, 0x59, 0x7e, 0x5d, 0xf6 };
PSA_ASSERT( psa_crypto_init( ) );
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY );
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH );
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, key_type );
@@ -2768,7 +2768,7 @@
PSA_ASSERT( psa_crypto_init( ) );
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN );
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH );
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, key_type );
@@ -2814,7 +2814,7 @@
PSA_ASSERT( psa_crypto_init( ) );
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY );
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH );
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, key_type );
@@ -3700,7 +3700,7 @@
{
psa_key_type_t type = type_arg;
psa_algorithm_t alg = alg_arg;
- size_t actual_size = PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE( type, bits, alg );
+ size_t actual_size = PSA_SIGN_OUTPUT_SIZE( type, bits, alg );
TEST_EQUAL( actual_size, (size_t) expected_size_arg );
exit:
;
@@ -3723,7 +3723,7 @@
PSA_ASSERT( psa_crypto_init( ) );
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN );
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH );
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, key_type );
@@ -3734,17 +3734,17 @@
/* Allocate a buffer which has the size advertized by the
* library. */
- signature_size = PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE( key_type,
+ signature_size = PSA_SIGN_OUTPUT_SIZE( key_type,
key_bits, alg );
TEST_ASSERT( signature_size != 0 );
- TEST_ASSERT( signature_size <= PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE );
+ TEST_ASSERT( signature_size <= PSA_SIGNATURE_MAX_SIZE );
ASSERT_ALLOC( signature, signature_size );
/* Perform the signature. */
- PSA_ASSERT( psa_asymmetric_sign( handle, alg,
- input_data->x, input_data->len,
- signature, signature_size,
- &signature_length ) );
+ PSA_ASSERT( psa_sign_hash( handle, alg,
+ input_data->x, input_data->len,
+ signature, signature_size,
+ &signature_length ) );
/* Verify that the signature is what is expected. */
ASSERT_COMPARE( output_data->x, output_data->len,
signature, signature_length );
@@ -3776,17 +3776,17 @@
PSA_ASSERT( psa_crypto_init( ) );
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN );
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH );
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, key_type );
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
&handle ) );
- actual_status = psa_asymmetric_sign( handle, alg,
- input_data->x, input_data->len,
- signature, signature_size,
- &signature_length );
+ actual_status = psa_sign_hash( handle, alg,
+ input_data->x, input_data->len,
+ signature, signature_size,
+ &signature_length );
TEST_EQUAL( actual_status, expected_status );
/* The value of *signature_length is unspecified on error, but
* whatever it is, it should be less than signature_size, so that
@@ -3817,7 +3817,7 @@
PSA_ASSERT( psa_crypto_init( ) );
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN | PSA_KEY_USAGE_VERIFY );
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH );
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, key_type );
@@ -3828,26 +3828,25 @@
/* Allocate a buffer which has the size advertized by the
* library. */
- signature_size = PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE( key_type,
+ signature_size = PSA_SIGN_OUTPUT_SIZE( key_type,
key_bits, alg );
TEST_ASSERT( signature_size != 0 );
- TEST_ASSERT( signature_size <= PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE );
+ TEST_ASSERT( signature_size <= PSA_SIGNATURE_MAX_SIZE );
ASSERT_ALLOC( signature, signature_size );
/* Perform the signature. */
- PSA_ASSERT( psa_asymmetric_sign( handle, alg,
- input_data->x, input_data->len,
- signature, signature_size,
- &signature_length ) );
+ PSA_ASSERT( psa_sign_hash( handle, alg,
+ input_data->x, input_data->len,
+ signature, signature_size,
+ &signature_length ) );
/* Check that the signature length looks sensible. */
TEST_ASSERT( signature_length <= signature_size );
TEST_ASSERT( signature_length > 0 );
/* Use the library to verify that the signature is correct. */
- PSA_ASSERT( psa_asymmetric_verify(
- handle, alg,
- input_data->x, input_data->len,
- signature, signature_length ) );
+ PSA_ASSERT( psa_verify_hash( handle, alg,
+ input_data->x, input_data->len,
+ signature, signature_length ) );
if( input_data->len != 0 )
{
@@ -3855,9 +3854,9 @@
* detected as invalid. Flip a bit at the beginning, not at the end,
* because ECDSA may ignore the last few bits of the input. */
input_data->x[0] ^= 1;
- TEST_EQUAL( psa_asymmetric_verify( handle, alg,
- input_data->x, input_data->len,
- signature, signature_length ),
+ TEST_EQUAL( psa_verify_hash( handle, alg,
+ input_data->x, input_data->len,
+ signature, signature_length ),
PSA_ERROR_INVALID_SIGNATURE );
}
@@ -3879,21 +3878,20 @@
psa_algorithm_t alg = alg_arg;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- TEST_ASSERT( signature_data->len <= PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE );
+ TEST_ASSERT( signature_data->len <= PSA_SIGNATURE_MAX_SIZE );
PSA_ASSERT( psa_crypto_init( ) );
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY );
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH );
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, key_type );
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
&handle ) );
- PSA_ASSERT( psa_asymmetric_verify( handle, alg,
- hash_data->x, hash_data->len,
- signature_data->x,
- signature_data->len ) );
+ PSA_ASSERT( psa_verify_hash( handle, alg,
+ hash_data->x, hash_data->len,
+ signature_data->x, signature_data->len ) );
exit:
psa_reset_key_attributes( &attributes );
psa_destroy_key( handle );
@@ -3916,17 +3914,16 @@
PSA_ASSERT( psa_crypto_init( ) );
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY );
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH );
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, key_type );
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
&handle ) );
- actual_status = psa_asymmetric_verify( handle, alg,
- hash_data->x, hash_data->len,
- signature_data->x,
- signature_data->len );
+ actual_status = psa_verify_hash( handle, alg,
+ hash_data->x, hash_data->len,
+ signature_data->x, signature_data->len );
TEST_EQUAL( actual_status, expected_status );