From e7e704ac830e9bde79d21af677855e7de67531f2 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Wed, 20 Nov 2024 20:31:20 +0100
Subject: [PATCH] p256-m: allow deterministic ECDSA verification

For ECDSA verification, there is no difference between the deterministic and
randomized algorithm. The PSA core consider the two variants as identical as
far as key policies are concerned, and the built-in implementation accepts
either variant even if only the other variant is supported for signature.

In p256-m, accept to perform an ECDSA verification when the algorithm is
specified as deterministic ECDSA. This makes the behavior identical to the
built-in implementation, which is less surprising for users and saves us
from having to cope with a difference in our testing.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 .../driver_templates/psa_crypto_driver_wrappers.h.jinja       | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/tf-psa-crypto/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja b/tf-psa-crypto/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja
index d3b7d6fb31..ed5c9a02d0 100644
--- a/tf-psa-crypto/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja
+++ b/tf-psa-crypto/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja
@@ -307,8 +307,7 @@ static inline psa_status_t psa_driver_wrapper_sign_hash(
 #endif /* PSA_CRYPTO_DRIVER_TEST */
 #if defined (MBEDTLS_PSA_P256M_DRIVER_ENABLED)
             if( PSA_KEY_TYPE_IS_ECC( psa_get_key_type(attributes) ) &&
-                PSA_ALG_IS_ECDSA(alg) &&
-                !PSA_ALG_ECDSA_IS_DETERMINISTIC( alg ) &&
+                PSA_ALG_IS_RANDOMIZED_ECDSA(alg) &&
                 PSA_KEY_TYPE_ECC_GET_FAMILY(psa_get_key_type(attributes)) == PSA_ECC_FAMILY_SECP_R1 &&
                 psa_get_key_bits(attributes) == 256 )
             {
@@ -412,7 +411,6 @@ static inline psa_status_t psa_driver_wrapper_verify_hash(
 #if defined (MBEDTLS_PSA_P256M_DRIVER_ENABLED)
             if( PSA_KEY_TYPE_IS_ECC( psa_get_key_type(attributes) ) &&
                 PSA_ALG_IS_ECDSA(alg) &&
-                !PSA_ALG_ECDSA_IS_DETERMINISTIC( alg ) &&
                 PSA_KEY_TYPE_ECC_GET_FAMILY(psa_get_key_type(attributes)) == PSA_ECC_FAMILY_SECP_R1 &&
                 psa_get_key_bits(attributes) == 256 )
             {