crypto: Update the service for Mbed Crypto 3.x

Update Mbed OS's PSA Crypto service to work with Mbed Crypto 3.x.

- psa_asymmetric_verify() is now called psa_verify_hash().
- psa_asymmetric_sign() is now called psa_sign_hash().

Compatibilty wrappers are provided via crypto_compat.h for source-level
backwards compatibility.

Author: Patater

TESTS/mbed-crypto/sanity/main.cpp

@@ -262,13 +262,13 @@ void test_crypto_asymmetric_sign_verify(void)
     psa_set_key_algorithm(&attributes, alg);
     psa_set_key_type(&attributes, key_type);
     TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_import_key(&attributes, key, sizeof(key), &key_handle));
-    TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_asymmetric_sign(key_handle, alg, input, sizeof(input),
-                                                       signature, sizeof(signature), &signature_len));
+    TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_sign_hash(key_handle, alg, input, sizeof(input),
+                                                 signature, sizeof(signature), &signature_len));
     TEST_ASSERT_EQUAL(sizeof(signature), signature_len);
     TEST_ASSERT_EQUAL_HEX8_ARRAY(expected_signature, signature, signature_len);
 
-    TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_asymmetric_verify(key_handle, alg, input, sizeof(input),
-                                                         signature, signature_len));
+    TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_verify_hash(key_handle, alg, input, sizeof(input),
+                                                   signature, signature_len));
     TEST_ASSERT_EQUAL(PSA_SUCCESS, psa_destroy_key(key_handle));
 }
 

TESTS/psa/crypto_access_control/COMPONENT_NSPE/main.cpp

@@ -373,12 +373,12 @@ void test_use_other_partition_key_asymmetric_sign_verify(void)
     TEST_ASSERT_NOT_EQUAL(0, key_handle);
 
     /* try to asymmetric sign using the key that was created by the test partition */
-    TEST_ASSERT_EQUAL(PSA_ERROR_INVALID_HANDLE, psa_asymmetric_sign(key_handle, key_alg, input, sizeof(input),
-                                                                    signature, sizeof(signature), &len));
+    TEST_ASSERT_EQUAL(PSA_ERROR_INVALID_HANDLE, psa_sign_hash(key_handle, key_alg, input, sizeof(input),
+                                                              signature, sizeof(signature), &len));
 
     /* try to asymmetric verify using the key that was created by the test partition */
-    TEST_ASSERT_EQUAL(PSA_ERROR_INVALID_HANDLE, psa_asymmetric_verify(key_handle, key_alg, input, sizeof(input),
-                                                                      signature, sizeof(signature)));
+    TEST_ASSERT_EQUAL(PSA_ERROR_INVALID_HANDLE, psa_verify_hash(key_handle, key_alg, input, sizeof(input),
+                                                                signature, sizeof(signature)));
 
     /* via test partition - destroy the key created by the test partition */
     TEST_ASSERT_EQUAL(PSA_SUCCESS, test_partition_crypto_destroy_key(key_handle));

components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/attest_crypto.c

@@ -58,13 +58,13 @@ t_cose_crypto_pub_key_sign(int32_t cose_alg_id,
         return T_COSE_ERR_NO_KID;
     }
 
-    crypto_ret = psa_asymmetric_sign(handle,
-                                     PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256),
-                                     hash_to_sign.ptr,
-                                     hash_to_sign.len,
-                                     signature_buffer.ptr,
-                                     signature_buffer.len,
-                                     &(signature->len));
+    crypto_ret = psa_sign_hash(handle,
+                               PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256),
+                               hash_to_sign.ptr,
+                               hash_to_sign.len,
+                               signature_buffer.ptr,
+                               signature_buffer.len,
+                               &(signature->len));
 
 
     if (crypto_ret != PSA_SUCCESS)

components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/tfm_impl/attestation_core.c

@@ -942,7 +942,7 @@ attest_create_token(struct useful_buf_c *challenge,
 
 /* Limitations of the current implementation:
  *  - Token is not signed yet properly, just a fake signature is added to the
- *    token due to lack of psa_asymmetric_sign() implementation in crypto
+ *    token due to lack of psa_sign_hash() implementation in crypto
  *    service.
  */
 enum psa_attest_err_t

components/TARGET_PSA/services/crypto/COMPONENT_PSA_SRV_IPC/crypto_platform_spe.h

@@ -87,8 +87,8 @@ typedef enum psa_sec_function_s {
     PSA_AEAD_FINISH,
     PSA_AEAD_VERIFY,
     PSA_AEAD_ABORT,
-    PSA_ASYMMETRIC_SIGN,
-    PSA_ASYMMETRIC_VERIFY,
+    PSA_SIGN_HASH,
+    PSA_VERIFY_HASH,
     PSA_ASYMMETRIC_ENCRYPT,
     PSA_ASYMMETRIC_DECRYPT,
     PSA_KEY_DERIVATION_SETUP,

components/TARGET_PSA/services/crypto/COMPONENT_PSA_SRV_IPC/psa_crypto_spm.c

@@ -1216,16 +1216,16 @@ psa_status_t psa_aead_abort(psa_aead_operation_t *operation)
     return ipc_call(&operation->handle, &in_vec, 1, NULL, 0, true);
 }
 
-psa_status_t psa_asymmetric_sign(psa_key_handle_t handle,
-                                 psa_algorithm_t alg,
-                                 const uint8_t *hash,
-                                 size_t hash_length,
-                                 uint8_t *signature,
-                                 size_t signature_size,
-                                 size_t *signature_length)
+psa_status_t psa_sign_hash(psa_key_handle_t handle,
+                           psa_algorithm_t alg,
+                           const uint8_t *hash,
+                           size_t hash_length,
+                           uint8_t *signature,
+                           size_t signature_size,
+                           size_t *signature_length)
 {
     psa_crypto_ipc_asymmetric_t psa_crypto_ipc = {
-        .func           = PSA_ASYMMETRIC_SIGN,
+        .func           = PSA_SIGN_HASH,
         .handle         = handle,
         .alg            = alg,
         .input_length   = 0,
@@ -1246,15 +1246,15 @@ psa_status_t psa_asymmetric_sign(psa_key_handle_t handle,
     return (status);
 }
 
-psa_status_t psa_asymmetric_verify(psa_key_handle_t handle,
-                                   psa_algorithm_t alg,
-                                   const uint8_t *hash,
-                                   size_t hash_length,
-                                   const uint8_t *signature,
-                                   size_t signature_size)
+psa_status_t psa_verify_hash(psa_key_handle_t handle,
+                             psa_algorithm_t alg,
+                             const uint8_t *hash,
+                             size_t hash_length,
+                             const uint8_t *signature,
+                             size_t signature_size)
 {
     psa_crypto_ipc_asymmetric_t psa_crypto_ipc = {
-        .func           = PSA_ASYMMETRIC_VERIFY,
+        .func           = PSA_VERIFY_HASH,
         .handle         = handle,
         .alg            = alg,
         .input_length   = 0,

components/TARGET_PSA/services/crypto/COMPONENT_SPE/crypto_spe.h

@@ -59,8 +59,8 @@ extern "C" {
 #define psa_aead_finish  psa_sec_aead_finish
 #define psa_aead_verify  psa_sec_aead_verify
 #define psa_aead_abort  psa_sec_aead_abort
-#define psa_asymmetric_sign  psa_sec_asymmetric_sign
-#define psa_asymmetric_verify  psa_sec_asymmetric_verify
+#define psa_sign_hash  psa_sec_sign_hash
+#define psa_verify_hash  psa_sec_verify_hash
 #define psa_asymmetric_encrypt  psa_sec_asymmetric_encrypt
 #define psa_asymmetric_decrypt  psa_sec_asymmetric_decrypt
 #define psa_key_derivation_setup  psa_sec_key_derivation_setup

components/TARGET_PSA/services/crypto/COMPONENT_SPE/psa_crypto_partition.c

@@ -989,7 +989,7 @@ static void psa_asymmetric_operation(void)
             }
 
             switch (psa_crypto.func) {
-                case PSA_ASYMMETRIC_SIGN: {
+                case PSA_SIGN_HASH: {
                     uint8_t *signature = NULL;
                     uint8_t *hash = NULL;
                     size_t signature_length = 0,
@@ -1015,9 +1015,9 @@ static void psa_asymmetric_operation(void)
                     }
 
                     if (status == PSA_SUCCESS) {
-                        status = psa_asymmetric_sign(psa_crypto.handle, psa_crypto.alg,
-                                                     hash, hash_size,
-                                                     signature, signature_size, &signature_length);
+                        status = psa_sign_hash(psa_crypto.handle, psa_crypto.alg,
+                                               hash, hash_size,
+                                               signature, signature_size, &signature_length);
 
                         if (status == PSA_SUCCESS) {
                             psa_write(msg.handle, 0, signature, signature_length);
@@ -1030,7 +1030,7 @@ static void psa_asymmetric_operation(void)
                     break;
                 }
 
-                case PSA_ASYMMETRIC_VERIFY: {
+                case PSA_VERIFY_HASH: {
                     uint8_t *signature = NULL;
                     uint8_t *hash = NULL;
                     size_t signature_size = msg.in_size[1],
@@ -1060,9 +1060,9 @@ static void psa_asymmetric_operation(void)
                     }
 
                     if (status == PSA_SUCCESS) {
-                        status = psa_asymmetric_verify(psa_crypto.handle, psa_crypto.alg,
-                                                       hash, hash_size,
-                                                       signature, signature_size);
+                        status = psa_verify_hash(psa_crypto.handle, psa_crypto.alg,
+                                                 hash, hash_size,
+                                                 signature, signature_size);
                     }
 
                     mbedtls_free(signature);