From 229bf1031fd71a3e6fa26bd4b757a91d9bedfada Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 15 May 2023 11:13:55 +0200 Subject: [PATCH] pk: make mbedtls_pk_ec internal when !ECP_C mbedtls_pk_ec() is not an ideal function because: - it provides direct access to the ecp_keypair structure wrapped by the pk_context and - this bypasses the PK module's control However, since for backward compatibility, it cannot be deprecated immediately, 2 alternative internal functions are proposed. As a consequence: - when ECP_C is defined, then the legacy mbedtls_pk_ec is available - when only ECP_LIGHT is defined, but ECP_C is not, then only the new internal functions will be available Signed-off-by: Valerio Setti --- include/mbedtls/pk.h | 4 +-- library/pk_internal.h | 68 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 70 insertions(+), 2 deletions(-) create mode 100644 library/pk_internal.h diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index 8d6d60f87..ec2a2513e 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -778,7 +778,7 @@ static inline mbedtls_rsa_context *mbedtls_pk_rsa(const mbedtls_pk_context pk) } #endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_ECP_C) /** * Quick access to an EC context inside a PK context. * @@ -801,7 +801,7 @@ static inline mbedtls_ecp_keypair *mbedtls_pk_ec(const mbedtls_pk_context pk) return NULL; } } -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_ECP_C */ #if defined(MBEDTLS_PK_PARSE_C) /** \ingroup pk_module */ diff --git a/library/pk_internal.h b/library/pk_internal.h new file mode 100644 index 000000000..a51482e0e --- /dev/null +++ b/library/pk_internal.h @@ -0,0 +1,68 @@ +/** + * \file pk_internal.h + * + * \brief Public Key abstraction layer: internal (i.e. library only) functions + * and definitions. + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#ifndef MBEDTLS_PK_INTERNAL_H +#define MBEDTLS_PK_INTERNAL_H + +#if defined(MBEDTLS_ECP_LIGHT) +#include "mbedtls/ecp.h" +#endif + +#if defined(MBEDTLS_ECP_LIGHT) +/** + * Public function mbedtls_pk_ec() can be used to get direct access to the + * wrapped ecp_keypair strucure pointed to the pk_ctx. However this is not + * ideal because it bypasses the PK module on the control of its internal's + * structure (pk_context) fields. + * For backward compatibility we keep mbedtls_pk_ec() when ECP_C is defined, but + * we provide 2 very similar function when only ECP_LIGHT is enabled and not + * ECP_C. + * These variants embed the "ro" or "rw" keywords in their name to make the + * usage of the returned pointer explicit. Of course the returned value is + * const or non-const accordingly. + */ +static inline const mbedtls_ecp_keypair *mbedtls_pk_ec_ro(const mbedtls_pk_context pk) +{ + switch (mbedtls_pk_get_type(&pk)) { + case MBEDTLS_PK_ECKEY: + case MBEDTLS_PK_ECKEY_DH: + case MBEDTLS_PK_ECDSA: + return (mbedtls_ecp_keypair *) (pk).MBEDTLS_PRIVATE(pk_ctx); + default: + return NULL; + } +} + +static inline mbedtls_ecp_keypair *mbedtls_pk_ec_rw(const mbedtls_pk_context pk) +{ + switch (mbedtls_pk_get_type(&pk)) { + case MBEDTLS_PK_ECKEY: + case MBEDTLS_PK_ECKEY_DH: + case MBEDTLS_PK_ECDSA: + return (mbedtls_ecp_keypair *) (pk).MBEDTLS_PRIVATE(pk_ctx); + default: + return NULL; + } +} +#endif /* MBEDTLS_ECP_LIGHT */ + +#endif /* MBEDTLS_PK_INTERNAL_H */