Rename some signature-related identifiers
Rename some macros and functions related to signature which are
changing as part of the addition of psa_sign_message and
psa_verify_message.
perl -i -pe '%t = (
PSA_KEY_USAGE_SIGN => PSA_KEY_USAGE_SIGN_HASH,
PSA_KEY_USAGE_VERIFY => PSA_KEY_USAGE_VERIFY_HASH,
PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE => PSA_SIGNATURE_MAX_SIZE,
PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE => PSA_SIGN_OUTPUT_SIZE,
psa_asymmetric_sign => psa_sign_hash,
psa_asymmetric_verify => psa_verify_hash,
); s/\b(@{[join("|", keys %t)]})\b/$t{$1}/ge' $(git ls-files . ':!:**/crypto_compat.h')
diff --git a/library/pk.c b/library/pk.c
index e93ccfd..da92e2a 100644
--- a/library/pk.c
+++ b/library/pk.c
@@ -621,7 +621,7 @@
/* prepare the key attributes */
psa_set_key_type( &attributes, key_type );
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN );
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH );
psa_set_key_algorithm( &attributes, PSA_ALG_ECDSA(hash_alg) );
/* import private key into PSA */
diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index 702c3bb..6fc981c 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -578,7 +578,7 @@
psa_sig_md = PSA_ALG_ECDSA( psa_md );
psa_set_key_type( &attributes, PSA_KEY_TYPE_ECC_PUBLIC_KEY( curve ) );
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY );
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH );
psa_set_key_algorithm( &attributes, psa_sig_md );
status = psa_import_key( &attributes,
@@ -605,9 +605,9 @@
goto cleanup;
}
- if( psa_asymmetric_verify( key_handle, psa_sig_md,
- hash, hash_len,
- buf, 2 * signature_part_size )
+ if( psa_verify_hash( key_handle, psa_sig_md,
+ hash, hash_len,
+ buf, 2 * signature_part_size )
!= PSA_SUCCESS )
{
ret = MBEDTLS_ERR_ECP_VERIFY_FAILED;
@@ -1023,8 +1023,8 @@
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
/* make the signature */
- status = psa_asymmetric_sign( *key, alg, hash, hash_len,
- sig, buf_len, sig_len );
+ status = psa_sign_hash( *key, alg, hash, hash_len,
+ sig, buf_len, sig_len );
if( status != PSA_SUCCESS )
return( mbedtls_psa_err_translate_pk( status ) );
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index e4d4924..25aff01 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -1462,8 +1462,8 @@
PSA_KEY_USAGE_COPY |
PSA_KEY_USAGE_ENCRYPT |
PSA_KEY_USAGE_DECRYPT |
- PSA_KEY_USAGE_SIGN |
- PSA_KEY_USAGE_VERIFY |
+ PSA_KEY_USAGE_SIGN_HASH |
+ PSA_KEY_USAGE_VERIFY_HASH |
PSA_KEY_USAGE_DERIVE ) ) != 0 )
return( PSA_ERROR_INVALID_ARGUMENT );
@@ -2726,7 +2726,7 @@
psa_key_slot_t *slot;
size_t key_bits;
psa_key_usage_t usage =
- is_sign ? PSA_KEY_USAGE_SIGN : PSA_KEY_USAGE_VERIFY;
+ is_sign ? PSA_KEY_USAGE_SIGN_HASH : PSA_KEY_USAGE_VERIFY_HASH;
uint8_t truncated = PSA_MAC_TRUNCATED_LENGTH( alg );
psa_algorithm_t full_length_alg = PSA_ALG_FULL_LENGTH_MAC( alg );
@@ -3310,13 +3310,13 @@
}
#endif /* MBEDTLS_ECDSA_C */
-psa_status_t psa_asymmetric_sign( psa_key_handle_t handle,
- psa_algorithm_t alg,
- const uint8_t *hash,
- size_t hash_length,
- uint8_t *signature,
- size_t signature_size,
- size_t *signature_length )
+psa_status_t psa_sign_hash( psa_key_handle_t handle,
+ psa_algorithm_t alg,
+ const uint8_t *hash,
+ size_t hash_length,
+ uint8_t *signature,
+ size_t signature_size,
+ size_t *signature_length )
{
psa_key_slot_t *slot;
psa_status_t status;
@@ -3333,7 +3333,7 @@
if( signature_size == 0 )
return( PSA_ERROR_BUFFER_TOO_SMALL );
- status = psa_get_key_from_slot( handle, &slot, PSA_KEY_USAGE_SIGN, alg );
+ status = psa_get_key_from_slot( handle, &slot, PSA_KEY_USAGE_SIGN_HASH, alg );
if( status != PSA_SUCCESS )
goto exit;
if( ! PSA_KEY_TYPE_IS_KEY_PAIR( slot->attr.type ) )
@@ -3414,12 +3414,12 @@
return( status );
}
-psa_status_t psa_asymmetric_verify( psa_key_handle_t handle,
- psa_algorithm_t alg,
- const uint8_t *hash,
- size_t hash_length,
- const uint8_t *signature,
- size_t signature_length )
+psa_status_t psa_verify_hash( psa_key_handle_t handle,
+ psa_algorithm_t alg,
+ const uint8_t *hash,
+ size_t hash_length,
+ const uint8_t *signature,
+ size_t signature_length )
{
psa_key_slot_t *slot;
psa_status_t status;
@@ -3428,7 +3428,7 @@
psa_drv_se_context_t *drv_context;
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
- status = psa_get_key_from_slot( handle, &slot, PSA_KEY_USAGE_VERIFY, alg );
+ status = psa_get_key_from_slot( handle, &slot, PSA_KEY_USAGE_VERIFY_HASH, alg );
if( status != PSA_SUCCESS )
return( status );