feat(mbedtls-psa): use PSA crypto API for hash verification

A PSA crypto API is used for hash verification, namely
psa_hash_verify, which internally calculates and verifies the hash
of the given data payload.

Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ib48aa6b74b59aea6036333ff00f6ca566b910e60
diff --git a/drivers/auth/mbedtls/mbedtls_psa_crypto.c b/drivers/auth/mbedtls/mbedtls_psa_crypto.c
index 64778e8..b0b3d86 100644
--- a/drivers/auth/mbedtls/mbedtls_psa_crypto.c
+++ b/drivers/auth/mbedtls/mbedtls_psa_crypto.c
@@ -42,6 +42,16 @@
 	* CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC
 	*/
 
+static inline psa_algorithm_t mbedtls_md_psa_alg_from_type(
+						mbedtls_md_type_t md_type)
+{
+	assert((md_type == MBEDTLS_MD_SHA256) ||
+	       (md_type == MBEDTLS_MD_SHA384) ||
+	       (md_type == MBEDTLS_MD_SHA512));
+
+	return PSA_ALG_CATEGORY_HASH | (psa_algorithm_t) (md_type + 0x5);
+}
+
 /*
  * AlgorithmIdentifier  ::=  SEQUENCE  {
  *     algorithm               OBJECT IDENTIFIER,
@@ -195,11 +205,11 @@
 {
 	mbedtls_asn1_buf hash_oid, params;
 	mbedtls_md_type_t md_alg;
-	const mbedtls_md_info_t *md_info;
 	unsigned char *p, *end, *hash;
-	unsigned char data_hash[MBEDTLS_MD_MAX_SIZE];
 	size_t len;
 	int rc;
+	psa_status_t status;
+	psa_algorithm_t psa_md_alg;
 
 	/*
 	 * Digest info should be an MBEDTLS_ASN1_SEQUENCE, but padding after
@@ -222,38 +232,35 @@
 		return CRYPTO_ERR_HASH;
 	}
 
-	rc = mbedtls_oid_get_md_alg(&hash_oid, &md_alg);
-	if (rc != 0) {
-		return CRYPTO_ERR_HASH;
-	}
-
-	md_info = mbedtls_md_info_from_type(md_alg);
-	if (md_info == NULL) {
-		return CRYPTO_ERR_HASH;
-	}
-
 	/* Hash should be octet string type and consume all bytes */
 	rc = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OCTET_STRING);
 	if ((rc != 0) || ((size_t)(end - p) != len)) {
 		return CRYPTO_ERR_HASH;
 	}
+	hash = p;
 
-	/* Length of hash must match the algorithm's size */
-	if (len != mbedtls_md_get_size(md_info)) {
+	rc = mbedtls_oid_get_md_alg(&hash_oid, &md_alg);
+	if (rc != 0) {
 		return CRYPTO_ERR_HASH;
 	}
-	hash = p;
 
-	/* Calculate the hash of the data */
-	p = (unsigned char *)data_ptr;
-	rc = mbedtls_md(md_info, p, data_len, data_hash);
-	if (rc != 0) {
+	/* convert the md_alg to psa_algo */
+	psa_md_alg = mbedtls_md_psa_alg_from_type(md_alg);
+
+	/* Length of hash must match the algorithm's size */
+	if (len != PSA_HASH_LENGTH(psa_md_alg)) {
 		return CRYPTO_ERR_HASH;
 	}
 
-	/* Compare values */
-	rc = memcmp(data_hash, hash, mbedtls_md_get_size(md_info));
-	if (rc != 0) {
+	/*
+	 * Calculate Hash and compare it against the retrieved hash from
+	 * the certificate (one shot API).
+	 */
+	status = psa_hash_compare(psa_md_alg,
+				  data_ptr, (size_t)data_len,
+				  (const uint8_t *)hash, len);
+
+	if (status != PSA_SUCCESS) {
 		return CRYPTO_ERR_HASH;
 	}