Change the driver calling logic for psa_sign/verify_messsage
The changed logic is to try a sign-message driver (opaque or transparent);
if there isn't one, fallback to builtin sofware and do the hashing,
then try a sign-hash driver. This will enable to the opaque driver
to fallback to software.
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c
index 0b7bd55..95daf80 100644
--- a/library/psa_crypto_driver_wrappers.c
+++ b/library/psa_crypto_driver_wrappers.c
@@ -102,22 +102,13 @@
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
- /* Fell through, meaning no accelerator supports this operation */
- return( psa_sign_message_builtin( attributes,
- key_buffer,
- key_buffer_size,
- alg,
- input,
- input_length,
- signature,
- signature_size,
- signature_length ) );
+ break;
/* Add cases for opaque driver here */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TEST_DRIVER_LOCATION:
- return( mbedtls_test_opaque_signature_sign_message(
+ status = mbedtls_test_opaque_signature_sign_message(
attributes,
key_buffer,
key_buffer_size,
@@ -126,7 +117,10 @@
input_length,
signature,
signature_size,
- signature_length ) );
+ signature_length );
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+ break;
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
default:
@@ -134,6 +128,16 @@
(void)status;
return( PSA_ERROR_INVALID_ARGUMENT );
}
+
+ return( psa_sign_message_builtin( attributes,
+ key_buffer,
+ key_buffer_size,
+ alg,
+ input,
+ input_length,
+ signature,
+ signature_size,
+ signature_length ) );
}
psa_status_t psa_driver_wrapper_verify_message(
@@ -171,15 +175,7 @@
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
-
- return( psa_verify_message_builtin( attributes,
- key_buffer,
- key_buffer_size,
- alg,
- input,
- input_length,
- signature,
- signature_length ) );
+ break;
/* Add cases for opaque driver here */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
@@ -194,6 +190,9 @@
input_length,
signature,
signature_length ) );
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+ break;
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
default:
@@ -201,6 +200,15 @@
(void)status;
return( PSA_ERROR_INVALID_ARGUMENT );
}
+
+ return( psa_verify_message_builtin( attributes,
+ key_buffer,
+ key_buffer_size,
+ alg,
+ input,
+ input_length,
+ signature,
+ signature_length ) );
}
psa_status_t psa_driver_wrapper_sign_hash(