commit 9103d490e8955c2b9723a266af000fc99eeb8f85
author Ronald Cron <ronald.cron@arm.com> Thu Mar 04 11:26:03 2021 +0100
committer Ronald Cron <ronald.cron@arm.com> Thu Mar 04 13:32:27 2021 +0100
tree 6c35a040567e844b7183bcfedc15a6d6866d2111
parent 566899eefae1eae26eb971b68ae535b2d06b124a

psa: ecdsa: Rework deterministic support check

Move the check that ECDSA is supported from the
caller of the function responsible for Mbed TLS
ECDSA signatures to this function, namely
mbedtls_psa_ecdsa_sign_hash().

This makes the caller code more readable and is
more aligned with what is expected from a
sign_hash() PSA driver entry point.

Add a negative test case where a deterministic
ECDSA signature is requested while the library
does not support deterministic ECDSA.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>

library/psa_crypto_ecp.c

diff --git a/library/psa_crypto_ecp.c b/library/psa_crypto_ecp.c
index 15e5d02..9cce3af 100644
--- a/library/psa_crypto_ecp.c
+++ b/library/psa_crypto_ecp.c
@@ -388,9 +388,9 @@
         goto cleanup;
     }
 
-#if defined(BUILTIN_ALG_DETERMINISTIC_ECDSA)
-    if( PSA_ALG_DSA_IS_DETERMINISTIC( alg ) )
+    if( PSA_ALG_ECDSA_IS_DETERMINISTIC( alg ) )
     {
+#if defined(BUILTIN_ALG_DETERMINISTIC_ECDSA)
         psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg );
         const mbedtls_md_info_t *md_info = mbedtls_md_info_from_psa( hash_alg );
         mbedtls_md_type_t md_alg = mbedtls_md_get_type( md_info );
@@ -400,9 +400,12 @@
                              hash_length, md_alg,
                              mbedtls_psa_get_random,
                              MBEDTLS_PSA_RANDOM_STATE ) );
+#else
+       ret = MBEDTLS_ERR_ECP_INVALID_KEY;
+       goto cleanup;
+#endif /* defined(BUILTIN_ALG_DETERMINISTIC_ECDSA) */
     }
     else
-#endif /* defined(BUILTIN_ALG_DETERMINISTIC_ECDSA) */
     {
         (void) alg;
         MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign( &ecp->grp, &r, &s, &ecp->d,