Add initial test driver conforming to the new spec
Also adjusted the different makefiles accordingly.
Note: driver lifetime is currently statically defined in the header, but
this will be replaced in the future based on autogeneration of lifetime
values by a script (TBD)
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
diff --git a/tests/src/drivers/signature.c b/tests/src/drivers/signature.c
new file mode 100644
index 0000000..0f006c7
--- /dev/null
+++ b/tests/src/drivers/signature.c
@@ -0,0 +1,171 @@
+/*
+ * Test driver for signature functions
+ */
+/* Copyright (C) 2020, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(MBEDTLS_TEST_HOOKS)
+#include "psa/crypto.h"
+#include "mbedtls/ecp.h"
+
+#include "drivers/signature.h"
+
+#include "mbedtls/md.h"
+#include "mbedtls/ecdsa.h"
+
+#include <string.h>
+
+/* If non-null, on success, copy this to the output. */
+void *test_driver_forced_output = NULL;
+size_t test_driver_forced_output_length = 0;
+
+psa_status_t test_transparent_signature_sign_hash_status = PSA_ERROR_NOT_SUPPORTED;
+unsigned long test_transparent_signature_sign_hash_hit = 0;
+
+psa_status_t test_transparent_signature_sign_hash(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key, size_t key_length,
+ psa_algorithm_t alg,
+ const uint8_t *hash, size_t hash_length,
+ uint8_t *signature, size_t signature_size, size_t *signature_length )
+{
+ ++test_transparent_signature_sign_hash_hit;
+
+ if( test_transparent_signature_sign_hash_status != PSA_SUCCESS )
+ return( test_transparent_signature_sign_hash_status );
+
+ if( test_driver_forced_output != NULL )
+ {
+ if( test_driver_forced_output_length > signature_size )
+ return( PSA_ERROR_BUFFER_TOO_SMALL );
+ memcpy( signature, test_driver_forced_output,
+ test_driver_forced_output_length );
+ *signature_length = test_driver_forced_output_length;
+ return( PSA_SUCCESS );
+ }
+
+ psa_status_t status = PSA_ERROR_NOT_SUPPORTED;
+
+#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \
+ defined(MBEDTLS_SHA256_C)
+ if( alg != PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ) )
+ return( PSA_ERROR_NOT_SUPPORTED );
+ mbedtls_ecp_group_id grp_id;
+ switch( psa_get_key_type( attributes ) )
+ {
+ case PSA_ECC_CURVE_SECP_R1:
+ switch( psa_get_key_bits( attributes ) )
+ {
+ case 256:
+ grp_id = MBEDTLS_ECP_DP_SECP256R1;
+ break;
+ case 384:
+ grp_id = MBEDTLS_ECP_DP_SECP384R1;
+ break;
+ case 521:
+ grp_id = MBEDTLS_ECP_DP_SECP521R1;
+ break;
+ default:
+ return( PSA_ERROR_NOT_SUPPORTED );
+ }
+ break;
+ default:
+ return( PSA_ERROR_NOT_SUPPORTED );
+ }
+
+ /* Beyond this point, the driver is actually doing the work of
+ * calculating the signature. */
+
+ status = PSA_ERROR_GENERIC_ERROR;
+ int ret = 0;
+ mbedtls_mpi r, s;
+ mbedtls_mpi_init( &r );
+ mbedtls_mpi_init( &s );
+ mbedtls_ecp_keypair ecp;
+ mbedtls_ecp_keypair_init( &ecp );
+ size_t curve_bytes = PSA_BITS_TO_BYTES( ecp.grp.pbits );
+
+ MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &ecp.grp, grp_id ) );
+ MBEDTLS_MPI_CHK( mbedtls_ecp_point_read_binary( &ecp.grp, &ecp.Q,
+ key, key_length ) );
+
+ /* Code adapted from psa_ecdsa_sign() in psa_crypto.c. */
+ mbedtls_md_type_t md_alg = MBEDTLS_MD_SHA256;
+ if( signature_size < 2 * curve_bytes )
+ {
+ status = PSA_ERROR_BUFFER_TOO_SMALL;
+ goto cleanup;
+ }
+ MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign_det( &ecp.grp, &r, &s, &ecp.d,
+ hash, hash_length, md_alg ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &r,
+ signature,
+ curve_bytes ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &s,
+ signature + curve_bytes,
+ curve_bytes ) );
+cleanup:
+ /* There's no easy way to translate the error code except through a
+ * library function that's not exported. Use a debugger. */
+ if( ret == 0 )
+ status = PSA_SUCCESS;
+ mbedtls_mpi_free( &r );
+ mbedtls_mpi_free( &s );
+ mbedtls_ecp_keypair_free( &ecp );
+ if( status == PSA_SUCCESS )
+ *signature_length = 2 * curve_bytes;
+#else /* defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \
+ defined(MBEDTLS_SHA256_C) */
+ (void) attributes;
+ (void) key;
+ (void) key_length;
+ (void) alg;
+ (void) hash;
+ (void) hash_length;
+#endif /* defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \
+ defined(MBEDTLS_SHA256_C) */
+
+ return( status );
+}
+
+psa_status_t test_opaque_signature_sign_hash(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key, size_t key_length,
+ psa_algorithm_t alg,
+ const uint8_t *hash, size_t hash_length,
+ uint8_t *signature, size_t signature_size, size_t *signature_length )
+{
+ (void) attributes;
+ (void) key;
+ (void) key_length;
+ (void) alg;
+ (void) hash;
+ (void) hash_length;
+ (void) signature;
+ (void) signature_size;
+ (void) signature_length;
+ return( PSA_ERROR_NOT_SUPPORTED );
+}
+
+#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && MBEDTLS_TEST_HOOKS */