From 1814bb785f8add11bca7c890cb2680bb0f1e27d9 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 14 Jun 2023 14:17:48 +0200 Subject: [PATCH 01/11] test: re-enable PK and RSA in component without ECP/ECP_LIGHT Signed-off-by: Valerio Setti --- tests/scripts/all.sh | 30 ------------------------------ 1 file changed, 30 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index c1e2b9f80..18c259353 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2433,22 +2433,6 @@ config_psa_crypto_no_ecp_at_all () { scripts/config.py unset MBEDTLS_ECP_C fi - # Disable PK module since it depends on ECP - scripts/config.py unset MBEDTLS_PK_C - scripts/config.py unset MBEDTLS_PK_PARSE_C - scripts/config.py unset MBEDTLS_PK_WRITE_C - # Disable also RSA_C that would re-enable PK - scripts/config.py unset MBEDTLS_RSA_C - scripts/config.py unset MBEDTLS_PKCS1_V15 - scripts/config.py unset MBEDTLS_PKCS1_V21 - scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT - # Disable also key exchanges that depend on RSA for completeness - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_ENABLED - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED - # Disable all the features that auto-enable ECP_LIGHT (see build_info.h) scripts/config.py unset MBEDTLS_PK_PARSE_EC_EXTENDED scripts/config.py unset MBEDTLS_PK_PARSE_EC_COMPRESSED @@ -2458,16 +2442,6 @@ config_psa_crypto_no_ecp_at_all () { # the future, the following line could be removed (see issues # 6061, 6332 and following ones) scripts/config.py unset MBEDTLS_ECP_RESTARTABLE - - # Disable PSA_WANT symbols that would re-enable PK - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY - for ALG in $(sed -n 's/^#define \(PSA_WANT_ALG_RSA_[0-9A-Z_a-z]*\).*/\1/p' <"$CRYPTO_CONFIG_H"); do - scripts/config.py -f include/psa/crypto_config.h unset $ALG - done } # Build and test a configuration where driver accelerates all EC algs while @@ -2507,7 +2481,6 @@ component_test_psa_crypto_config_accel_ecc_no_ecp_at_all () { not grep mbedtls_ecjpake_ library/ecjpake.o # Also ensure that ECP or RSA modules were not re-enabled not grep mbedtls_ecp_ library/ecp.o - not grep mbedtls_rsa_ library/rsa.o # Run the tests # ------------- @@ -2526,9 +2499,6 @@ component_test_psa_crypto_config_reference_ecc_no_ecp_at_all () { make - # Esure that the RSA module was not re-enabled - not grep mbedtls_rsa_ library/rsa.o - msg "test suites: crypto_full + non accelerated EC algs + USE_PSA" make test } From e489e81437e496bd39c50e525028919328a6962a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 14 Jun 2023 14:28:06 +0200 Subject: [PATCH 02/11] pk: add new symbol to state that PK has support for EC keys Note: both MBEDTLS_PK_USE_PSA_EC_DATA and MBEDTLS_PK_HAVE_ECC_KEYS has been move on top of the pk.h file because we need these symbols when crypto.h is evaluated otherwise functions like mbedtls_ecc_group_of_psa() won't be available. Signed-off-by: Valerio Setti --- include/mbedtls/pk.h | 50 +++++++++++++++++++++++++------------------- 1 file changed, 29 insertions(+), 21 deletions(-) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index cbeaf51db..ba1544739 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -40,6 +40,35 @@ #include "mbedtls/ecdsa.h" #endif +/* Internal helper to define which fields in the pk_context structure below + * should be used for EC keys: legacy ecp_keypair or the raw (PSA friendly) + * format. It should be noticed that this only affect how data is stored, not + * which functions are used for various operations. The overall picture looks + * like this: + * - if USE_PSA is not defined and ECP_C is then use ecp_keypair data structure + * and legacy functions + * - if USE_PSA is defined and + * - if ECP_C then use ecp_keypair structure, convert data to a PSA friendly + * format and use PSA functions + * - if !ECP_C then use new raw data and PSA functions directly. + * + * The main reason for the "intermediate" (USE_PSA + ECP_C) above is that as long + * as ECP_C is defined mbedtls_pk_ec() gives the user a read/write access to the + * ecp_keypair structure inside the pk_context so he/she can modify it using + * ECP functions which are not under PK module's control. + */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && \ + !defined(MBEDTLS_ECP_C) +#define MBEDTLS_PK_USE_PSA_EC_DATA +#endif /* MBEDTLS_USE_PSA_CRYPTO && !MBEDTLS_ECP_C */ + +/* Helper symbol to state that the PK module has support for EC keys. This + * can either be provided through the legacy ECP solution or through the + * PSA friendly MBEDTLS_PK_USE_PSA_EC_DATA. */ +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) || defined(MBEDTLS_ECP_C) +#define MBEDTLS_PK_HAVE_ECC_KEYS +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA || MBEDTLS_ECP_C */ + #if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_PSA_CRYPTO_C) #include "psa/crypto.h" #endif @@ -202,27 +231,6 @@ typedef struct mbedtls_pk_rsassa_pss_options { #define MBEDTLS_PK_CAN_ECDH #endif -/* Internal helper to define which fields in the pk_context structure below - * should be used for EC keys: legacy ecp_keypair or the raw (PSA friendly) - * format. It should be noticed that this only affect how data is stored, not - * which functions are used for various operations. The overall picture looks - * like this: - * - if ECP_C is defined then use legacy functions - * - if USE_PSA is defined and - * - if ECP_C then use ecp_keypair structure, convert data to a PSA friendly - * format and use PSA functions - * - if !ECP_C then use new raw data and PSA functions directly. - * - * The main reason for the "intermediate" (USE_PSA + ECP_C) above is that as long - * as ECP_C is defined mbedtls_pk_ec() gives the user a read/write access to the - * ecp_keypair structure inside the pk_context so he/she can modify it using - * ECP functions which are not under PK module's control. - */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_ECP_C) && \ - defined(MBEDTLS_ECP_LIGHT) -#define MBEDTLS_PK_USE_PSA_EC_DATA -#endif /* MBEDTLS_USE_PSA_CRYPTO && !MBEDTLS_ECP_C */ - /** * \brief Types for interfacing with the debug module */ From 81d75127ba1fa4663b41c4012ddb9e426ae73116 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 14 Jun 2023 14:49:33 +0200 Subject: [PATCH 03/11] library: replace occurencies of ECP_LIGHT with PK_HAVE_ECC_KEYS Signed-off-by: Valerio Setti --- include/mbedtls/oid.h | 4 +-- include/psa/crypto_extra.h | 6 ++-- library/oid.c | 4 +-- library/pk.c | 16 +++++----- library/pk_internal.h | 6 ++-- library/pk_wrap.c | 4 +-- library/pk_wrap.h | 2 +- library/pkparse.c | 52 +++++++++++++------------------ library/pkwrite.c | 63 +++++++++++++++++++------------------- library/pkwrite.h | 6 ++-- library/psa_crypto.c | 4 +-- 11 files changed, 78 insertions(+), 89 deletions(-) diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h index ec36748ce..e333ba11b 100644 --- a/include/mbedtls/oid.h +++ b/include/mbedtls/oid.h @@ -545,7 +545,7 @@ int mbedtls_oid_get_pk_alg(const mbedtls_asn1_buf *oid, mbedtls_pk_type_t *pk_al int mbedtls_oid_get_oid_by_pk_alg(mbedtls_pk_type_t pk_alg, const char **oid, size_t *olen); -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) /** * \brief Translate NamedCurve OID into an EC group identifier * @@ -591,7 +591,7 @@ int mbedtls_oid_get_ec_grp_algid(const mbedtls_asn1_buf *oid, mbedtls_ecp_group_ */ int mbedtls_oid_get_oid_by_ec_grp_algid(mbedtls_ecp_group_id grp_id, const char **oid, size_t *olen); -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ /** * \brief Translate SignatureAlgorithm OID into md_type and pk_type diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index cc70e6fe5..fb639fadb 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -572,8 +572,8 @@ psa_status_t psa_get_key_domain_parameters( /** \defgroup psa_tls_helpers TLS helper functions * @{ */ - -#if defined(MBEDTLS_ECP_LIGHT) +#include +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) #include /** Convert an ECC curve identifier from the Mbed TLS encoding to PSA. @@ -660,7 +660,7 @@ static inline psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grp mbedtls_ecp_group_id mbedtls_ecc_group_of_psa(psa_ecc_family_t curve, size_t bits, int bits_is_sloppy); -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ /**@}*/ diff --git a/library/oid.c b/library/oid.c index a580992e0..47a311b94 100644 --- a/library/oid.c +++ b/library/oid.c @@ -543,7 +543,7 @@ FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_pk_alg, mbedtls_pk_type_t, pk_alg) -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) /* * For elliptic curves that use namedCurve inside ECParams (RFC 5480) */ @@ -674,7 +674,7 @@ FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_ec_grp_algid, oid_ecp_grp_algid, mbedtls_ecp_group_id, grp_id) -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ #if defined(MBEDTLS_CIPHER_C) /* diff --git a/library/pk.c b/library/pk.c index 91796dec9..aa8e997aa 100644 --- a/library/pk.c +++ b/library/pk.c @@ -31,7 +31,7 @@ #if defined(MBEDTLS_RSA_C) #include "mbedtls/rsa.h" #endif -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) #include "mbedtls/ecp.h" #endif #if defined(MBEDTLS_ECDSA_C) @@ -125,12 +125,12 @@ const mbedtls_pk_info_t *mbedtls_pk_info_from_type(mbedtls_pk_type_t pk_type) case MBEDTLS_PK_RSA: return &mbedtls_rsa_info; #endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) case MBEDTLS_PK_ECKEY: return &mbedtls_eckey_info; case MBEDTLS_PK_ECKEY_DH: return &mbedtls_eckeydh_info; -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ #if defined(MBEDTLS_PK_CAN_ECDSA_SOME) case MBEDTLS_PK_ECDSA: return &mbedtls_ecdsa_info; @@ -903,14 +903,14 @@ int mbedtls_pk_wrap_as_opaque(mbedtls_pk_context *pk, psa_key_usage_t usage, psa_algorithm_t alg2) { -#if !defined(MBEDTLS_ECP_LIGHT) && !defined(MBEDTLS_RSA_C) +#if !defined(MBEDTLS_PK_HAVE_ECC_KEYS) && !defined(MBEDTLS_RSA_C) ((void) pk); ((void) key); ((void) alg); ((void) usage); ((void) alg2); -#else /* !MBEDTLS_ECP_LIGHT && !MBEDTLS_RSA_C */ -#if defined(MBEDTLS_ECP_LIGHT) +#else /* !MBEDTLS_PK_HAVE_ECC_KEYS && !MBEDTLS_RSA_C */ +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECKEY) { size_t d_len; psa_ecc_family_t curve_id; @@ -965,7 +965,7 @@ int mbedtls_pk_wrap_as_opaque(mbedtls_pk_context *pk, return mbedtls_pk_setup_opaque(pk, *key); } else -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ #if defined(MBEDTLS_RSA_C) if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_RSA) { unsigned char buf[MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES]; @@ -1006,7 +1006,7 @@ int mbedtls_pk_wrap_as_opaque(mbedtls_pk_context *pk, return mbedtls_pk_setup_opaque(pk, *key); } else #endif /* MBEDTLS_RSA_C */ -#endif /* !MBEDTLS_ECP_LIGHT && !MBEDTLS_RSA_C */ +#endif /* !MBEDTLS_PK_HAVE_ECC_KEYS && !MBEDTLS_RSA_C */ return MBEDTLS_ERR_PK_TYPE_MISMATCH; } #endif /* MBEDTLS_USE_PSA_CRYPTO */ diff --git a/library/pk_internal.h b/library/pk_internal.h index 388f94ac8..263a1c777 100644 --- a/library/pk_internal.h +++ b/library/pk_internal.h @@ -25,7 +25,7 @@ #include "mbedtls/pk.h" -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) #include "mbedtls/ecp.h" #endif @@ -44,7 +44,7 @@ psa_pk_status_to_mbedtls) #endif -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) /** * Public function mbedtls_pk_ec() can be used to get direct access to the * wrapped ecp_keypair structure pointed to the pk_ctx. However this is not @@ -115,7 +115,7 @@ static inline mbedtls_ecp_group_id mbedtls_pk_get_group_id(const mbedtls_pk_cont #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) #define MBEDTLS_PK_HAVE_RFC8410_CURVES #endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED || MBEDTLS_ECP_DP_CURVE448_ENABLED */ -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) /** diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 0cadab280..54a4d5d5f 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -634,7 +634,7 @@ const mbedtls_pk_info_t mbedtls_rsa_info = { }; #endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) /* * Generic EC key */ @@ -1335,7 +1335,7 @@ const mbedtls_pk_info_t mbedtls_eckeydh_info = { #endif eckey_debug, /* Same underlying key structure */ }; -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ #if defined(MBEDTLS_PK_CAN_ECDSA_SOME) static int ecdsa_can_do(mbedtls_pk_type_t type) diff --git a/library/pk_wrap.h b/library/pk_wrap.h index b4b974fc9..1436d7812 100644 --- a/library/pk_wrap.h +++ b/library/pk_wrap.h @@ -120,7 +120,7 @@ typedef struct { extern const mbedtls_pk_info_t mbedtls_rsa_info; #endif -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) extern const mbedtls_pk_info_t mbedtls_eckey_info; extern const mbedtls_pk_info_t mbedtls_eckeydh_info; #endif diff --git a/library/pkparse.c b/library/pkparse.c index 4c55d341b..483176abc 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -37,7 +37,7 @@ #if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECP_C) #include "pkwrite.h" #endif -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) #include "pk_internal.h" #endif #if defined(MBEDTLS_ECDSA_C) @@ -64,10 +64,10 @@ #include "mbedtls/platform.h" /* Helper for Montgomery curves */ -#if defined(MBEDTLS_ECP_LIGHT) && defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) && defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) #define MBEDTLS_PK_IS_RFC8410_GROUP_ID(id) \ ((id == MBEDTLS_ECP_DP_CURVE25519) || (id == MBEDTLS_ECP_DP_CURVE448)) -#endif /* MBEDTLS_ECP_LIGHT && MBEDTLS_PK_HAVE_RFC8410_CURVES */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS && MBEDTLS_PK_HAVE_RFC8410_CURVES */ #if defined(MBEDTLS_FS_IO) /* @@ -174,7 +174,7 @@ int mbedtls_pk_parse_public_keyfile(mbedtls_pk_context *ctx, const char *path) } #endif /* MBEDTLS_FS_IO */ -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) /* Minimally parse an ECParameters buffer to and mbedtls_asn1_buf * * ECParameters ::= CHOICE { @@ -655,7 +655,6 @@ static int pk_parse_key_rfc8410_der(mbedtls_pk_context *pk, mbedtls_ecp_keypair *eck = mbedtls_pk_ec_rw(*pk); if ((ret = mbedtls_mpi_read_binary_le(&eck->d, key, len)) != 0) { - mbedtls_ecp_keypair_free(eck); return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); } #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ @@ -664,9 +663,6 @@ static int pk_parse_key_rfc8410_der(mbedtls_pk_context *pk, * which never contain a public key. As such, derive the public key * unconditionally. */ if ((ret = pk_derive_public_key(pk, key, len, f_rng, p_rng)) != 0) { -#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA) - mbedtls_ecp_keypair_free(eck); -#endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */ return ret; } @@ -674,7 +670,6 @@ static int pk_parse_key_rfc8410_der(mbedtls_pk_context *pk, * into PSA. */ #if !defined(MBEDTLS_PK_USE_PSA_EC_DATA) if ((ret = mbedtls_ecp_check_privkey(&eck->grp, &eck->d)) != 0) { - mbedtls_ecp_keypair_free(eck); return ret; } #endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */ @@ -793,7 +788,7 @@ static int pk_get_ecpubkey(unsigned char **p, const unsigned char *end, return ret; } -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ #if defined(MBEDTLS_RSA_C) /* @@ -878,7 +873,7 @@ static int pk_get_pk_alg(unsigned char **p, } ret = mbedtls_oid_get_pk_alg(&alg_oid, pk_alg); -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) if (ret == MBEDTLS_ERR_OID_NOT_FOUND) { ret = mbedtls_oid_get_ec_grp_algid(&alg_oid, ec_grp_id); if (ret == 0) { @@ -952,7 +947,7 @@ int mbedtls_pk_parse_subpubkey(unsigned char **p, const unsigned char *end, ret = pk_get_rsapubkey(p, end, mbedtls_pk_rsa(*pk)); } else #endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) if (pk_alg == MBEDTLS_PK_ECKEY_DH || pk_alg == MBEDTLS_PK_ECKEY) { #if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) if (MBEDTLS_PK_IS_RFC8410_GROUP_ID(ec_grp_id)) { @@ -966,7 +961,7 @@ int mbedtls_pk_parse_subpubkey(unsigned char **p, const unsigned char *end, ret = pk_get_ecpubkey(p, end, pk); } } else -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ ret = MBEDTLS_ERR_PK_UNKNOWN_PK_ALG; if (ret == 0 && *p != end) { @@ -1170,7 +1165,7 @@ cleanup: } #endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) /* * Parse a SEC1 encoded private EC key */ @@ -1186,10 +1181,11 @@ static int pk_parse_key_sec1_der(mbedtls_pk_context *pk, unsigned char *d; unsigned char *end = p + keylen; unsigned char *end2; - mbedtls_ecp_keypair *eck = mbedtls_pk_ec_rw(*pk); #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t status; +#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ + mbedtls_ecp_keypair *eck = mbedtls_pk_ec_rw(*pk); #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ /* @@ -1226,7 +1222,6 @@ static int pk_parse_key_sec1_der(mbedtls_pk_context *pk, #if !defined(MBEDTLS_PK_USE_PSA_EC_DATA) if ((ret = mbedtls_mpi_read_binary(&eck->d, p, len)) != 0) { - mbedtls_ecp_keypair_free(eck); return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); } #endif @@ -1243,11 +1238,9 @@ static int pk_parse_key_sec1_der(mbedtls_pk_context *pk, 0)) == 0) { if ((ret = pk_get_ecparams(&p, p + len, ¶ms)) != 0 || (ret = pk_use_ecparams(¶ms, pk)) != 0) { - mbedtls_ecp_keypair_free(eck); return ret; } } else if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { - mbedtls_ecp_keypair_free(eck); return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); } } @@ -1283,7 +1276,6 @@ static int pk_parse_key_sec1_der(mbedtls_pk_context *pk, } } } else if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { - mbedtls_ecp_keypair_free(eck); return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); } } @@ -1311,21 +1303,19 @@ static int pk_parse_key_sec1_der(mbedtls_pk_context *pk, if (!pubkey_done) { if ((ret = pk_derive_public_key(pk, d, d_len, f_rng, p_rng)) != 0) { - mbedtls_ecp_keypair_free(eck); return ret; } } #if !defined(MBEDTLS_PK_USE_PSA_EC_DATA) if ((ret = mbedtls_ecp_check_privkey(&eck->grp, &eck->d)) != 0) { - mbedtls_ecp_keypair_free(eck); return ret; } #endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */ return 0; } -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ /* * Parse an unencrypted PKCS#8 encoded private key @@ -1354,7 +1344,7 @@ static int pk_parse_key_pkcs8_unencrypted_der( mbedtls_ecp_group_id ec_grp_id = MBEDTLS_ECP_DP_NONE; const mbedtls_pk_info_t *pk_info; -#if !defined(MBEDTLS_ECP_LIGHT) +#if !defined(MBEDTLS_PK_HAVE_ECC_KEYS) (void) f_rng; (void) p_rng; #endif @@ -1419,7 +1409,7 @@ static int pk_parse_key_pkcs8_unencrypted_der( } } else #endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) if (pk_alg == MBEDTLS_PK_ECKEY || pk_alg == MBEDTLS_PK_ECKEY_DH) { #if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) if (MBEDTLS_PK_IS_RFC8410_GROUP_ID(ec_grp_id)) { @@ -1441,7 +1431,7 @@ static int pk_parse_key_pkcs8_unencrypted_der( } } } else -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ return MBEDTLS_ERR_PK_UNKNOWN_PK_ALG; return 0; @@ -1608,7 +1598,7 @@ int mbedtls_pk_parse_key(mbedtls_pk_context *pk, } #endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ if (key[keylen - 1] != '\0') { ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; @@ -1637,7 +1627,7 @@ int mbedtls_pk_parse_key(mbedtls_pk_context *pk, } else if (ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) { return ret; } -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ if (key[keylen - 1] != '\0') { @@ -1743,7 +1733,7 @@ int mbedtls_pk_parse_key(mbedtls_pk_context *pk, mbedtls_pk_init(pk); #endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY); if (mbedtls_pk_setup(pk, pk_info) == 0 && pk_parse_key_sec1_der(pk, @@ -1751,13 +1741,13 @@ int mbedtls_pk_parse_key(mbedtls_pk_context *pk, return 0; } mbedtls_pk_free(pk); -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ - /* If MBEDTLS_RSA_C is defined but MBEDTLS_ECP_LIGHT isn't, + /* If MBEDTLS_RSA_C is defined but MBEDTLS_PK_HAVE_ECC_KEYS isn't, * it is ok to leave the PK context initialized but not * freed: It is the caller's responsibility to call pk_init() * before calling this function, and to call pk_free() - * when it fails. If MBEDTLS_ECP_LIGHT is defined but MBEDTLS_RSA_C + * when it fails. If MBEDTLS_PK_HAVE_ECC_KEYS is defined but MBEDTLS_RSA_C * isn't, this leads to mbedtls_pk_free() being called * twice, once here and once by the caller, but this is * also ok and in line with the mbedtls_pk_free() calls diff --git a/library/pkwrite.c b/library/pkwrite.c index 218d0c1ab..e6f1aefaf 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -38,10 +38,10 @@ #include "mbedtls/ecp.h" #include "mbedtls/platform_util.h" #endif -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) #include "pk_internal.h" #endif -#if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_PK_HAVE_ECC_KEYS) #include "pkwrite.h" #endif #if defined(MBEDTLS_ECDSA_C) @@ -58,7 +58,7 @@ #include "mbedtls/platform.h" /* Helper for Montgomery curves */ -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) #if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) static inline int mbedtls_pk_is_rfc8410(const mbedtls_pk_context *pk) { @@ -76,6 +76,8 @@ static inline int mbedtls_pk_is_rfc8410(const mbedtls_pk_context *pk) #endif return 0; } +#endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */ + #if defined(MBEDTLS_USE_PSA_CRYPTO) /* It is assumed that the input key is opaque */ static psa_ecc_family_t pk_get_opaque_ec_family(const mbedtls_pk_context *pk) @@ -91,11 +93,7 @@ static psa_ecc_family_t pk_get_opaque_ec_family(const mbedtls_pk_context *pk) return ec_family; } -#endif /* MBETLS_USE_PSA_CRYPTO */ -#endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */ -#endif /* MBEDTLS_ECP_LIGHT */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) /* It is assumed that the input key is opaque */ static psa_key_type_t pk_get_opaque_key_type(const mbedtls_pk_context *pk) { @@ -111,6 +109,7 @@ static psa_key_type_t pk_get_opaque_key_type(const mbedtls_pk_context *pk) return opaque_key_type; } #endif /* MBETLS_USE_PSA_CRYPTO */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ #if defined(MBEDTLS_RSA_C) /* @@ -158,7 +157,7 @@ end_of_export: } #endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) static int pk_write_ec_pubkey(unsigned char **p, unsigned char *start, const mbedtls_pk_context *pk) @@ -316,7 +315,7 @@ exit: return ret; } #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ #if defined(MBEDTLS_USE_PSA_CRYPTO) static int pk_write_opaque_pubkey(unsigned char **p, unsigned char *start, @@ -353,7 +352,7 @@ int mbedtls_pk_write_pubkey(unsigned char **p, unsigned char *start, MBEDTLS_ASN1_CHK_ADD(len, pk_write_rsa_pubkey(p, start, key)); } else #endif -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) if (mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) { MBEDTLS_ASN1_CHK_ADD(len, pk_write_ec_pubkey(p, start, key)); } else @@ -375,7 +374,7 @@ int mbedtls_pk_write_pubkey_der(const mbedtls_pk_context *key, unsigned char *bu int has_par = 1; size_t len = 0, par_len = 0, oid_len = 0; mbedtls_pk_type_t pk_type; -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) mbedtls_ecp_group_id ec_grp_id = MBEDTLS_ECP_DP_NONE; #endif const char *oid; @@ -404,20 +403,20 @@ int mbedtls_pk_write_pubkey_der(const mbedtls_pk_context *key, unsigned char *bu MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c, buf, MBEDTLS_ASN1_BIT_STRING)); pk_type = mbedtls_pk_get_type(key); -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) if (pk_type == MBEDTLS_PK_ECKEY) { ec_grp_id = mbedtls_pk_get_group_id(key); } -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ #if defined(MBEDTLS_USE_PSA_CRYPTO) if (pk_type == MBEDTLS_PK_OPAQUE) { psa_key_type_t opaque_key_type = pk_get_opaque_key_type(key); -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) if (PSA_KEY_TYPE_IS_ECC(opaque_key_type)) { pk_type = MBEDTLS_PK_ECKEY; ec_grp_id = mbedtls_pk_get_group_id(key); } else -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ if (PSA_KEY_TYPE_IS_RSA(opaque_key_type)) { /* The rest of the function works as for legacy RSA contexts. */ pk_type = MBEDTLS_PK_RSA; @@ -429,7 +428,7 @@ int mbedtls_pk_write_pubkey_der(const mbedtls_pk_context *key, unsigned char *bu } #endif /* MBEDTLS_USE_PSA_CRYPTO */ -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) if (pk_type == MBEDTLS_PK_ECKEY) { /* Some groups have their own AlgorithmIdentifier OID, others are handled * by mbedtls_oid_get_oid_by_pk_alg() below */ @@ -445,7 +444,7 @@ int mbedtls_pk_write_pubkey_der(const mbedtls_pk_context *key, unsigned char *bu return ret; } } -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ if (oid_len == 0) { if ((ret = mbedtls_oid_get_oid_by_pk_alg(pk_type, &oid, @@ -464,7 +463,7 @@ int mbedtls_pk_write_pubkey_der(const mbedtls_pk_context *key, unsigned char *bu return (int) len; } -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) #if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) /* * RFC8410 section 7 @@ -572,7 +571,7 @@ static int pk_write_ec_der(unsigned char **p, unsigned char *buf, return (int) len; } -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ #if defined(MBEDTLS_RSA_C) static int pk_write_rsa_der(unsigned char **p, unsigned char *buf, @@ -691,9 +690,9 @@ int mbedtls_pk_write_key_der(const mbedtls_pk_context *key, unsigned char *buf, #if defined(MBEDTLS_RSA_C) int is_rsa_opaque = 0; #endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) int is_ec_opaque = 0; -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_key_type_t opaque_key_type; #endif /* MBEDTLS_USE_PSA_CRYPTO */ @@ -710,9 +709,9 @@ int mbedtls_pk_write_key_der(const mbedtls_pk_context *key, unsigned char *buf, #if defined(MBEDTLS_RSA_C) is_rsa_opaque = PSA_KEY_TYPE_IS_RSA(opaque_key_type); #endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) is_ec_opaque = PSA_KEY_TYPE_IS_ECC(opaque_key_type); -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ } #endif /* MBEDTLS_USE_PSA_CRYPTO */ @@ -721,7 +720,7 @@ int mbedtls_pk_write_key_der(const mbedtls_pk_context *key, unsigned char *buf, return pk_write_rsa_der(&c, buf, key); } else #endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) if ((mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) || is_ec_opaque) { #if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) if (mbedtls_pk_is_rfc8410(key)) { @@ -730,7 +729,7 @@ int mbedtls_pk_write_key_der(const mbedtls_pk_context *key, unsigned char *buf, #endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */ return pk_write_ec_der(&c, buf, key); } else -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; return (int) len; @@ -781,12 +780,12 @@ int mbedtls_pk_write_key_pem(const mbedtls_pk_context *key, unsigned char *buf, unsigned char output_buf[PRV_DER_MAX_BYTES]; const char *begin, *end; size_t olen = 0; -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) int is_ec_opaque = 0; #if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) int is_montgomery_opaque = 0; #endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */ -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ #if defined(MBEDTLS_RSA_C) int is_rsa_opaque = 0; #endif @@ -802,14 +801,14 @@ int mbedtls_pk_write_key_pem(const mbedtls_pk_context *key, unsigned char *buf, #if defined(MBEDTLS_RSA_C) is_rsa_opaque = PSA_KEY_TYPE_IS_RSA(opaque_key_type); #endif -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) is_ec_opaque = PSA_KEY_TYPE_IS_ECC(opaque_key_type); #if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) if (pk_get_opaque_ec_family(key) == PSA_ECC_FAMILY_MONTGOMERY) { is_montgomery_opaque = 1; } #endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */ -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ } #endif /* MBEDTLS_USE_PSA_CRYPTO */ @@ -819,7 +818,7 @@ int mbedtls_pk_write_key_pem(const mbedtls_pk_context *key, unsigned char *buf, end = PEM_END_PRIVATE_KEY_RSA; } else #endif -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) if ((mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) || is_ec_opaque) { #if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) if (is_montgomery_opaque || @@ -828,13 +827,13 @@ int mbedtls_pk_write_key_pem(const mbedtls_pk_context *key, unsigned char *buf, begin = PEM_BEGIN_PRIVATE_KEY_PKCS8; end = PEM_END_PRIVATE_KEY_PKCS8; } else -#endif +#endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */ { begin = PEM_BEGIN_PRIVATE_KEY_EC; end = PEM_END_PRIVATE_KEY_EC; } } else -#endif +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; if ((ret = mbedtls_pem_write_buffer(begin, end, diff --git a/library/pkwrite.h b/library/pkwrite.h index 8db233373..aa2f17b02 100644 --- a/library/pkwrite.h +++ b/library/pkwrite.h @@ -73,7 +73,7 @@ #endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) /* * EC public keys: * SubjectPublicKeyInfo ::= SEQUENCE { 1 + 2 @@ -98,10 +98,10 @@ */ #define MBEDTLS_PK_ECP_PRV_DER_MAX_BYTES (29 + 3 * MBEDTLS_ECP_MAX_BYTES) -#else /* MBEDTLS_ECP_LIGHT */ +#else /* MBEDTLS_PK_HAVE_ECC_KEYS */ #define MBEDTLS_PK_ECP_PUB_DER_MAX_BYTES 0 #define MBEDTLS_PK_ECP_PRV_DER_MAX_BYTES 0 -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ #endif /* MBEDTLS_PK_WRITE_H */ diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 5e38c3ad6..9fdb366ca 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -390,7 +390,7 @@ static void psa_wipe_tag_output_buffer(uint8_t *output_buffer, psa_status_t stat /* Key management */ /****************************************************************/ -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) mbedtls_ecp_group_id mbedtls_ecc_group_of_psa(psa_ecc_family_t curve, size_t bits, int bits_is_sloppy) @@ -482,7 +482,7 @@ mbedtls_ecp_group_id mbedtls_ecc_group_of_psa(psa_ecc_family_t curve, (void) bits_is_sloppy; return MBEDTLS_ECP_DP_NONE; } -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ psa_status_t psa_validate_unstructured_key_bit_size(psa_key_type_t type, size_t bits) From 545a0d643f04f4515d475077fe943fe8f0176dc1 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 14 Jun 2023 14:56:48 +0200 Subject: [PATCH 04/11] test: replace occurencies of ECP_LIGHT with PK_HAVE_ECC_KEYS Signed-off-by: Valerio Setti --- tests/suites/test_suite_pk.data | 24 +++---- tests/suites/test_suite_pk.function | 15 +---- tests/suites/test_suite_pkparse.data | 82 ++++++++++++------------ tests/suites/test_suite_pkparse.function | 4 +- tests/suites/test_suite_pkwrite.data | 58 ++++++++--------- 5 files changed, 87 insertions(+), 96 deletions(-) diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data index 8c3c5e71b..e84c28851 100644 --- a/tests/suites/test_suite_pk.data +++ b/tests/suites/test_suite_pk.data @@ -13,19 +13,19 @@ depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME pk_utils:MBEDTLS_PK_RSA:512:512:64:"RSA" PK utils: ECKEY SECP192R1 -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED pk_utils:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP192R1:192:24:"EC" PK utils: ECKEY_DH SECP192R1 -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED pk_utils:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_SECP192R1:192:24:"EC_DH" PK utils: ECKEY_DH Curve25519 -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_CURVE25519_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE25519_ENABLED pk_utils:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_CURVE25519:255:32:"EC_DH" PK utils: ECKEY_DH Curve448 -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_CURVE448_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE448_ENABLED pk_utils:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_CURVE448:448:56:"EC_DH" PK utils: ECDSA SECP192R1 @@ -289,11 +289,11 @@ depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):1024:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1 PK can do ext: MBEDTLS_PK_ECKEY, check ECDSA(SHA256) -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP256R1_ENABLED pk_can_do_ext:0:MBEDTLS_PK_ECKEY:0:0:0:MBEDTLS_ECP_DP_SECP256R1:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1 PK can do ext: MBEDTLS_PK_ECKEY, check ECDH -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP256R1_ENABLED pk_can_do_ext:0:MBEDTLS_PK_ECKEY:0:0:0:MBEDTLS_ECP_DP_SECP256R1:PSA_ALG_ECDH:PSA_KEY_USAGE_DERIVE:1 PK can do ext: MBEDTLS_PK_RSA, check RSA_PKCS1V15_SIGN(SHA256) @@ -397,7 +397,7 @@ depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_ pk_sign_verify:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP192R1:0:0 EC_DH (no) sign-verify: SECP192R1 -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED pk_sign_verify:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ERR_PK_TYPE_MISMATCH:MBEDTLS_ERR_PK_TYPE_MISMATCH RSA sign-verify @@ -425,11 +425,11 @@ depends_on:MBEDTLS_PKCS1_V15 pk_wrap_rsa_decrypt_test_vec:"a42eda41e56235e666e7faaa77100197f657288a1bf183e4820f0c37ce2c456b960278d6003e0bbcd4be4a969f8e8fd9231e1f492414f00ed09844994c86ec32db7cde3bec7f0c3dbf6ae55baeb2712fa609f5fc3207a824eb3dace31849cd6a6084318523912bccb84cf42e3c6d6d1685131d69bb545acec827d2b0dfdd5568b7dcc4f5a11d6916583fefa689d367f8c9e1d95dcd2240895a9470b0c1730f97cd6e8546860bd254801769f54be96e16362ddcbf34d56035028890199e0f48db38642cb66a4181e028a6443a404feb284ce02b4614b683367d40874e505611d23142d49f06feea831d52d347b13610b413c4efc43a6de9f0b08d2a951dc503b6":2048:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"3":"4E636AF98E40F3ADCFCCB698F4E80B9F":MBEDTLS_ERR_RSA_INVALID_PADDING EC nocrypt -depends_on:MBEDTLS_ECP_LIGHT +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS pk_ec_nocrypt:MBEDTLS_PK_ECKEY EC-DH nocrypt -depends_on:MBEDTLS_ECP_LIGHT +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS pk_ec_nocrypt:MBEDTLS_PK_ECKEY_DH ECDSA nocrypt @@ -525,11 +525,11 @@ depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA256 pk_rsa_verify_ext_test_vec:"ae6e43dd387c25741e42fc3570cdfc52e4f51a2343294f3b677dfe01cd5339f6":MBEDTLS_MD_SHA256:1024:"00dd118a9f99bab068ca2aea3b6a6d5997ed4ec954e40deecea07da01eaae80ec2bb1340db8a128e891324a5c5f5fad8f590d7c8cacbc5fe931dafda1223735279461abaa0572b761631b3a8afe7389b088b63993a0a25ee45d21858bab9931aedd4589a631b37fcf714089f856549f359326dd1e0e86dde52ed66b4a90bda4095":"010001":"0d2bdb0456a3d651d5bd48a4204493898f72cf1aaddd71387cc058bc3f4c235ea6be4010fd61b28e1fbb275462b53775c04be9022d38b6a2e0387dddba86a3f8554d2858044a59fddbd594753fc056fe33c8daddb85dc70d164690b1182209ff84824e0be10e35c379f2f378bf176a9f7cb94d95e44d90276a298c8810f741c9":MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA256:94:129:MBEDTLS_ERR_RSA_VERIFY_FAILED Check pair #1 (EC, OK) -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_PEM_PARSE_C +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_PEM_PARSE_C mbedtls_pk_check_pair:"data_files/ec_256_pub.pem":"data_files/ec_256_prv.pem":0 Check pair #2 (EC, bad) -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_PEM_PARSE_C +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_PEM_PARSE_C mbedtls_pk_check_pair:"data_files/ec_256_pub.pem":"data_files/server5.key":MBEDTLS_ERR_ECP_BAD_INPUT_DATA Check pair #3 (RSA, OK) @@ -541,7 +541,7 @@ depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_PEM_PARSE_C mbedtls_pk_check_pair:"data_files/server1.pubkey":"data_files/server2.key":MBEDTLS_ERR_RSA_KEY_CHECK_FAILED Check pair #5 (RSA vs EC) -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PEM_PARSE_C +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PEM_PARSE_C mbedtls_pk_check_pair:"data_files/ec_256_pub.pem":"data_files/server1.key":MBEDTLS_ERR_PK_TYPE_MISMATCH RSA hash_len overflow (size_t vs unsigned int) diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 78711404a..150296e6c 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -94,7 +94,7 @@ static int pk_genkey(mbedtls_pk_context *pk, int parameter) parameter, 3); } #endif -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECKEY || mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECKEY_DH || mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECDSA) { @@ -112,25 +112,16 @@ static int pk_genkey(mbedtls_pk_context *pk, int parameter) #endif /* MBEDTLS_ECP_C */ #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) - mbedtls_ecp_group grp; - /* Duplicating the mbedtls_ecp_group_load call to make this part - * more future future proof for when ECP_C will not be defined. */ - mbedtls_ecp_group_init(&grp); - ret = mbedtls_ecp_group_load(&grp, parameter); + ret = pk_genkey_ec(pk, parameter); if (ret != 0) { return ret; } - ret = pk_genkey_ec(pk, grp.id); - if (ret != 0) { - return ret; - } - mbedtls_ecp_group_free(&grp); return 0; #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ } -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ return -1; } diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data index 9a5b55c81..144646cc8 100644 --- a/tests/suites/test_suite_pkparse.data +++ b/tests/suites/test_suite_pkparse.data @@ -905,11 +905,11 @@ Parse Public RSA Key #4 (PKCS#1 wrapped, DER) pk_parse_public_keyfile_rsa:"data_files/rsa_pkcs1_2048_public.der":0 Parse Public EC Key #1 (RFC 5480, DER) -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED pk_parse_public_keyfile_ec:"data_files/ec_pub.der":0 Parse Public EC Key #2 (RFC 5480, PEM) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED pk_parse_public_keyfile_ec:"data_files/ec_pub.pem":0 Parse Public EC Key #2a (RFC 5480, PEM, secp192r1, compressed) @@ -917,7 +917,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SEC pk_parse_public_keyfile_ec:"data_files/ec_pub.comp.pem":0 Parse Public EC Key #3 (RFC 5480, secp224r1) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP224R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP224R1_ENABLED pk_parse_public_keyfile_ec:"data_files/ec_224_pub.pem":0 # Compressed points parsing does not support MBEDTLS_ECP_DP_SECP224R1 and @@ -927,7 +927,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SEC pk_parse_public_keyfile_ec:"data_files/ec_224_pub.comp.pem":MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE Parse Public EC Key #4 (RFC 5480, secp256r1) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP256R1_ENABLED pk_parse_public_keyfile_ec:"data_files/ec_256_pub.pem":0 Parse Public EC Key #4a (RFC 5480, secp256r1, compressed) @@ -935,7 +935,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SEC pk_parse_public_keyfile_ec:"data_files/ec_256_pub.comp.pem":0 Parse Public EC Key #5 (RFC 5480, secp384r1) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED pk_parse_public_keyfile_ec:"data_files/ec_384_pub.pem":0 Parse Public EC Key #5a (RFC 5480, secp384r1, compressed) @@ -943,7 +943,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SEC pk_parse_public_keyfile_ec:"data_files/ec_384_pub.comp.pem":0 Parse Public EC Key #6 (RFC 5480, secp521r1) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP521R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP521R1_ENABLED pk_parse_public_keyfile_ec:"data_files/ec_521_pub.pem":0 Parse Public EC Key #6a (RFC 5480, secp521r1, compressed) @@ -951,7 +951,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SEC pk_parse_public_keyfile_ec:"data_files/ec_521_pub.comp.pem":0 Parse Public EC Key #7 (RFC 5480, brainpoolP256r1) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_BP256R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_BP256R1_ENABLED pk_parse_public_keyfile_ec:"data_files/ec_bp256_pub.pem":0 Parse Public EC Key #7a (RFC 5480, brainpoolP256r1, compressed) @@ -959,7 +959,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_BP2 pk_parse_public_keyfile_ec:"data_files/ec_bp256_pub.comp.pem":0 Parse Public EC Key #8 (RFC 5480, brainpoolP384r1) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_BP384R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_BP384R1_ENABLED pk_parse_public_keyfile_ec:"data_files/ec_bp384_pub.pem":0 Parse Public EC Key #8a (RFC 5480, brainpoolP384r1, compressed) @@ -967,7 +967,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_BP3 pk_parse_public_keyfile_ec:"data_files/ec_bp384_pub.comp.pem":0 Parse Public EC Key #9 (RFC 5480, brainpoolP512r1) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_BP512R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_BP512R1_ENABLED pk_parse_public_keyfile_ec:"data_files/ec_bp512_pub.pem":0 Parse Public EC Key #9a (RFC 5480, brainpoolP512r1, compressed) @@ -975,27 +975,27 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_BP5 pk_parse_public_keyfile_ec:"data_files/ec_bp512_pub.comp.pem":0 Parse Public EC Key #10 (RFC 8410, DER, X25519) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_CURVE25519_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE25519_ENABLED pk_parse_public_keyfile_ec:"data_files/ec_x25519_pub.der":0 Parse Public EC Key #11 (RFC 8410, DER, X448) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_CURVE448_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE448_ENABLED pk_parse_public_keyfile_ec:"data_files/ec_x448_pub.der":0 Parse Public EC Key #12 (RFC 8410, PEM, X25519) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_CURVE25519_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE25519_ENABLED pk_parse_public_keyfile_ec:"data_files/ec_x25519_pub.pem":0 Parse Public EC Key #13 (RFC 8410, PEM, X448) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_CURVE448_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE448_ENABLED pk_parse_public_keyfile_ec:"data_files/ec_x448_pub.pem":0 Parse EC Key #1 (SEC1 DER) -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_prv.sec1.der":"NULL":0 Parse EC Key #2 (SEC1 PEM) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_prv.sec1.pem":"NULL":0 Parse EC Key #2a (SEC1 PEM, secp192r1, compressed) @@ -1003,43 +1003,43 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SEC pk_parse_keyfile_ec:"data_files/ec_prv.sec1.comp.pem":"NULL":0 Parse EC Key #3 (SEC1 PEM encrypted) -depends_on:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA +depends_on:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA pk_parse_keyfile_ec:"data_files/ec_prv.sec1.pw.pem":"polar":0 Parse EC Key #4 (PKCS8 DER) -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_prv.pk8.der":"NULL":0 Parse EC Key #4a (PKCS8 DER, no public key) -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP256R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopub.der":"NULL":0 Parse EC Key #4b (PKCS8 DER, no public key, with parameters) -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP256R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopubparam.der":"NULL":0 Parse EC Key #4c (PKCS8 DER, with parameters) -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP256R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_prv.pk8param.der":"NULL":0 Parse EC Key #5 (PKCS8 PEM) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_prv.pk8.pem":"NULL":0 Parse EC Key #5a (PKCS8 PEM, no public key) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP256R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopub.pem":"NULL":0 Parse EC Key #5b (PKCS8 PEM, no public key, with parameters) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP256R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopubparam.pem":"NULL":0 Parse EC Key #5c (PKCS8 PEM, with parameters) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP256R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_prv.pk8param.pem":"NULL":0 Parse EC Key #8 (SEC1 PEM, secp224r1) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP224R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP224R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_224_prv.pem":"NULL":0 Parse EC Key #8a (SEC1 PEM, secp224r1, compressed) @@ -1047,7 +1047,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SEC pk_parse_keyfile_ec:"data_files/ec_224_prv.comp.pem":"NULL":0 Parse EC Key #9 (SEC1 PEM, secp256r1) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP256R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_256_prv.pem":"NULL":0 Parse EC Key #9a (SEC1 PEM, secp256r1, compressed) @@ -1055,7 +1055,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SEC pk_parse_keyfile_ec:"data_files/ec_256_prv.comp.pem":"NULL":0 Parse EC Key #10 (SEC1 PEM, secp384r1) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_384_prv.pem":"NULL":0 Parse EC Key #10a (SEC1 PEM, secp384r1, compressed) @@ -1063,7 +1063,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SEC pk_parse_keyfile_ec:"data_files/ec_384_prv.comp.pem":"NULL":0 Parse EC Key #11 (SEC1 PEM, secp521r1) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP521R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP521R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_521_prv.pem":"NULL":0 Parse EC Key #11a (SEC1 PEM, secp521r1, compressed) @@ -1071,7 +1071,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SEC pk_parse_keyfile_ec:"data_files/ec_521_prv.comp.pem":"NULL":0 Parse EC Key #12 (SEC1 PEM, bp256r1) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_BP256R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_BP256R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_bp256_prv.pem":"NULL":0 Parse EC Key #12a (SEC1 PEM, bp256r1, compressed) @@ -1079,7 +1079,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_BP2 pk_parse_keyfile_ec:"data_files/ec_bp256_prv.comp.pem":"NULL":0 Parse EC Key #13 (SEC1 PEM, bp384r1) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_BP384R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_BP384R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_bp384_prv.pem":"NULL":0 Parse EC Key #13a (SEC1 PEM, bp384r1, compressed) @@ -1087,7 +1087,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_BP3 pk_parse_keyfile_ec:"data_files/ec_bp384_prv.comp.pem":"NULL":0 Parse EC Key #14 (SEC1 PEM, bp512r1) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_BP512R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_BP512R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_bp512_prv.pem":"NULL":0 Parse EC Key #14a (SEC1 PEM, bp512r1, compressed) @@ -1099,19 +1099,19 @@ depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED:MBEDTLS_PK_PARSE_EC_EXTENDED pk_parse_keyfile_ec:"data_files/ec_prv.specdom.der":"NULL":0 Parse EC Key #16 (RFC 8410, DER, X25519) -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_CURVE25519_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE25519_ENABLED pk_parse_keyfile_ec:"data_files/ec_x25519_prv.der":"NULL":0 Parse EC Key #17 (RFC 8410, DER, X448) -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_CURVE448_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE448_ENABLED pk_parse_keyfile_ec:"data_files/ec_x448_prv.der":"NULL":0 Parse EC Key #18 (RFC 8410, PEM, X25519) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_CURVE25519_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE25519_ENABLED pk_parse_keyfile_ec:"data_files/ec_x25519_prv.pem":"NULL":0 Parse EC Key #19 (RFC 8410, PEM, X448) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_CURVE448_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE448_ENABLED pk_parse_keyfile_ec:"data_files/ec_x448_prv.pem":"NULL":0 Key ASN1 (No data) @@ -1193,7 +1193,7 @@ depends_on:MBEDTLS_RSA_C pk_parse_key:"3063020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b7221FF08052b93d01747a87c":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Key ASN1 (ECPrivateKey, empty parameters) -depends_on:MBEDTLS_ECP_LIGHT +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS pk_parse_key:"30070201010400a000":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Key ASN1 (OneAsymmetricKey X25519, doesn't match masking requirements, from RFC8410 Appendix A but made into version 0) @@ -1201,24 +1201,24 @@ depends_on:MBEDTLS_ECP_C pk_parse_key:"302e020100300506032b656e04220420f8ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff3f":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Key ASN1 (OneAsymmetricKey X25519, with invalid optional AlgorithIdentifier parameters) -depends_on:MBEDTLS_ECP_LIGHT +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS pk_parse_key:"3030020100300706032b656e050004220420b06d829655543a51cba36e53522bc0acfd60af59466555fb3e1e796872ab1a59":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Key ASN1 (OneAsymmetricKey X25519, with NULL private key) -depends_on:MBEDTLS_ECP_LIGHT +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS pk_parse_key:"300e020100300506032b656e04020500":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Key ASN1 (OneAsymmetricKey with invalid AlgorithIdentifier) pk_parse_key:"3013020100300a06082b0601040181fd5904020500":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Key ASN1 (OneAsymmetricKey X25519, with unsupported attributes) -depends_on:MBEDTLS_ECP_LIGHT +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS pk_parse_key:"304f020100300506032b656e04220420b06d829655543a51cba36e53522bc0acfd60af59466555fb3e1e796872ab1a59a01f301d060a2a864886f70d01090914310f0c0d437572646c6520436861697273":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Key ASN1 (OneAsymmetricKey X25519, unsupported version 2 with public key) -depends_on:MBEDTLS_ECP_LIGHT +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS pk_parse_key:"3051020101300506032b656e04220420b06d829655543a51cba36e53522bc0acfd60af59466555fb3e1e796872ab1a598121009bc3b0e93d8233fe6a8ba6138948cc12a91362d5c2ed81584db05ab5419c9d11":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Key ASN1 (OneAsymmetricKey X25519, unsupported version 2 with public key and unsupported attributes) -depends_on:MBEDTLS_ECP_LIGHT +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS pk_parse_key:"3072020101300506032b656e04220420b06d829655543a51cba36e53522bc0acfd60af59466555fb3e1e796872ab1a59a01f301d060a2a864886f70d01090914310f0c0d437572646c65204368616972738121009bc3b0e93d8233fe6a8ba6138948cc12a91362d5c2ed81584db05ab5419c9d11":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT diff --git a/tests/suites/test_suite_pkparse.function b/tests/suites/test_suite_pkparse.function index 6fa78c149..fd098b043 100644 --- a/tests/suites/test_suite_pkparse.function +++ b/tests/suites/test_suite_pkparse.function @@ -70,7 +70,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_ECP_LIGHT */ +/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_PK_HAVE_ECC_KEYS */ void pk_parse_public_keyfile_ec(char *key_file, int result) { mbedtls_pk_context ctx; @@ -102,7 +102,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_ECP_LIGHT */ +/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_PK_HAVE_ECC_KEYS */ void pk_parse_keyfile_ec(char *key_file, char *password, int result) { mbedtls_pk_context ctx; diff --git a/tests/suites/test_suite_pkwrite.data b/tests/suites/test_suite_pkwrite.data index 4199ff264..4256a88a6 100644 --- a/tests/suites/test_suite_pkwrite.data +++ b/tests/suites/test_suite_pkwrite.data @@ -15,43 +15,43 @@ depends_on:MBEDTLS_RSA_C pk_write_pubkey_check:"data_files/rsa4096_pub.der":TEST_DER Public key write check EC 192 bits -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED pk_write_pubkey_check:"data_files/ec_pub.pem":TEST_PEM Public key write check EC 192 bits (DER) -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED pk_write_pubkey_check:"data_files/ec_pub.der":TEST_DER Public key write check EC 521 bits -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED pk_write_pubkey_check:"data_files/ec_521_pub.pem":TEST_PEM Public key write check EC 521 bits (DER) -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP521R1_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP521R1_ENABLED pk_write_pubkey_check:"data_files/ec_521_pub.der":TEST_DER Public key write check EC Brainpool 512 bits -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_BP512R1_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_BP512R1_ENABLED pk_write_pubkey_check:"data_files/ec_bp512_pub.pem":TEST_PEM Public key write check EC Brainpool 512 bits (DER) -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_BP512R1_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_BP512R1_ENABLED pk_write_pubkey_check:"data_files/ec_bp512_pub.der":TEST_DER Public key write check EC X25519 -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED pk_write_pubkey_check:"data_files/ec_x25519_pub.pem":TEST_PEM Public key write check EC X25519 (DER) -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED pk_write_pubkey_check:"data_files/ec_x25519_pub.der":TEST_DER Public key write check EC X448 -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE448_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE448_ENABLED pk_write_pubkey_check:"data_files/ec_x448_pub.pem":TEST_PEM Public key write check EC X448 (DER) -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE448_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE448_ENABLED pk_write_pubkey_check:"data_files/ec_x448_pub.der":TEST_DER Private key write check RSA @@ -71,59 +71,59 @@ depends_on:MBEDTLS_RSA_C pk_write_key_check:"data_files/rsa4096_prv.der":TEST_DER Private key write check EC 192 bits -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED pk_write_key_check:"data_files/ec_prv.sec1.pem":TEST_PEM Private key write check EC 192 bits (DER) -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED pk_write_key_check:"data_files/ec_prv.sec1.der":TEST_DER Private key write check EC 256 bits (top bit set) -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED pk_write_key_check:"data_files/ec_256_long_prv.pem":TEST_PEM Private key write check EC 256 bits (top bit set) (DER) -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP256R1_ENABLED pk_write_key_check:"data_files/ec_256_long_prv.der":TEST_DER Private key write check EC 521 bits -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED pk_write_key_check:"data_files/ec_521_prv.pem":TEST_PEM Private key write check EC 521 bits (DER) -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP521R1_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP521R1_ENABLED pk_write_key_check:"data_files/ec_521_prv.der":TEST_DER Private key write check EC 521 bits (top byte is 0) -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED pk_write_key_check:"data_files/ec_521_short_prv.pem":TEST_PEM Private key write check EC 521 bits (top byte is 0) (DER) -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP521R1_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP521R1_ENABLED pk_write_key_check:"data_files/ec_521_short_prv.der":TEST_DER Private key write check EC Brainpool 512 bits -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_BP512R1_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_BP512R1_ENABLED pk_write_key_check:"data_files/ec_bp512_prv.pem":TEST_PEM Private key write check EC Brainpool 512 bits (DER) -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_BP512R1_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_BP512R1_ENABLED pk_write_key_check:"data_files/ec_bp512_prv.der":TEST_DER Private key write check EC X25519 -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED pk_write_key_check:"data_files/ec_x25519_prv.pem":TEST_PEM Private key write check EC X25519 (DER) -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED pk_write_key_check:"data_files/ec_x25519_prv.der":TEST_DER Private key write check EC X448 -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE448_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE448_ENABLED pk_write_key_check:"data_files/ec_x448_prv.pem":TEST_PEM Private key write check EC X448 (DER) -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE448_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE448_ENABLED pk_write_key_check:"data_files/ec_x448_prv.der":TEST_DER Derive public key RSA @@ -135,21 +135,21 @@ depends_on:MBEDTLS_RSA_C pk_write_public_from_private:"data_files/rsa4096_prv.der":"data_files/rsa4096_pub.der" Derive public key EC 192 bits -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED pk_write_public_from_private:"data_files/ec_prv.sec1.der":"data_files/ec_pub.der" Derive public key EC 521 bits -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP521R1_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP521R1_ENABLED pk_write_public_from_private:"data_files/ec_521_prv.der":"data_files/ec_521_pub.der" Derive public key EC Brainpool 512 bits -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_BP512R1_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_BP512R1_ENABLED pk_write_public_from_private:"data_files/ec_bp512_prv.der":"data_files/ec_bp512_pub.der" Derive public key EC X25519 -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_CURVE25519_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE25519_ENABLED pk_write_public_from_private:"data_files/ec_x25519_prv.der":"data_files/ec_x25519_pub.der" Derive public key EC X448 -depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_CURVE448_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE448_ENABLED pk_write_public_from_private:"data_files/ec_x448_prv.der":"data_files/ec_x448_pub.der" From 30fdc03819fe4d4eecfd6511408e35b842fdc0f2 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 14 Jun 2023 14:57:46 +0200 Subject: [PATCH 05/11] pk: remove useless internal function Signed-off-by: Valerio Setti --- library/pk.c | 36 ----------------------------- library/pk_internal.h | 14 ----------- tests/suites/test_suite_pk.function | 13 ++++------- 3 files changed, 4 insertions(+), 59 deletions(-) diff --git a/library/pk.c b/library/pk.c index aa8e997aa..52eb0d550 100644 --- a/library/pk.c +++ b/library/pk.c @@ -196,42 +196,6 @@ int mbedtls_pk_setup_opaque(mbedtls_pk_context *ctx, } #endif /* MBEDTLS_USE_PSA_CRYPTO */ -#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) -int mbedtls_pk_update_public_key_from_keypair(mbedtls_pk_context *pk, - mbedtls_ecp_keypair *ecp_keypair) -{ - int ret = MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; - - if (pk == NULL) { - return MBEDTLS_ERR_PK_BAD_INPUT_DATA; - } - /* The raw public key storing mechanism is only supported for EC keys so - * we fail silently for other ones. */ - if ((pk->pk_info->type != MBEDTLS_PK_ECKEY) && - (pk->pk_info->type != MBEDTLS_PK_ECKEY_DH) && - (pk->pk_info->type != MBEDTLS_PK_ECDSA)) { - return 0; - } - - ret = mbedtls_ecp_point_write_binary(&ecp_keypair->grp, &ecp_keypair->Q, - MBEDTLS_ECP_PF_UNCOMPRESSED, - &pk->pub_raw_len, - pk->pub_raw, - MBEDTLS_PK_MAX_EC_PUBKEY_RAW_LEN); - if (ret != 0) { - return ret; - } - - pk->ec_family = mbedtls_ecc_group_to_psa(ecp_keypair->grp.id, - &pk->ec_bits); - if (pk->ec_family == 0) { - return MBEDTLS_ERR_PK_BAD_INPUT_DATA; - } - - return 0; -} -#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ - #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT) /* * Initialize an RSA-alt context diff --git a/library/pk_internal.h b/library/pk_internal.h index 263a1c777..3d05f57b9 100644 --- a/library/pk_internal.h +++ b/library/pk_internal.h @@ -117,19 +117,5 @@ static inline mbedtls_ecp_group_id mbedtls_pk_get_group_id(const mbedtls_pk_cont #endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED || MBEDTLS_ECP_DP_CURVE448_ENABLED */ #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ -#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) -/** - * \brief Copy the public key content in raw format from "ctx->pk_ctx" - * (which is an ecp_keypair) into the internal "ctx->pub_raw" buffer. - * - * \note This is a temporary function that can be removed as soon as the pk - * module is free from ECP_C - * - * \param pk It is the pk_context which is going to be updated. It acts both - * as input and output. - */ -int mbedtls_pk_update_public_key_from_keypair(mbedtls_pk_context *pk, - mbedtls_ecp_keypair *ecp_keypair); -#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ #endif /* MBEDTLS_PK_INTERNAL_H */ diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 150296e6c..4074e13f8 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -728,15 +728,10 @@ void pk_ec_test_vec(int type, int id, data_t *key, data_t *hash, TEST_ASSERT(mbedtls_pk_can_do(&pk, MBEDTLS_PK_ECDSA)); #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) - mbedtls_ecp_keypair ecp; - mbedtls_ecp_keypair_init(&ecp); - - TEST_ASSERT(mbedtls_ecp_group_load(&ecp.grp, id) == 0); - TEST_ASSERT(mbedtls_ecp_point_read_binary(&ecp.grp, &ecp.Q, - key->x, key->len) == 0); - TEST_ASSERT(mbedtls_pk_update_public_key_from_keypair(&pk, &ecp) == 0); - - mbedtls_ecp_keypair_free(&ecp); + TEST_ASSERT(key->len <= MBEDTLS_PK_MAX_EC_PUBKEY_RAW_LEN); + memcpy(pk.pub_raw, key->x, key->len); + pk.ec_family = mbedtls_ecc_group_to_psa(id, &(pk.ec_bits)); + pk.pub_raw_len = key->len; #else mbedtls_ecp_keypair *eckey = (mbedtls_ecp_keypair *) mbedtls_pk_ec(pk); From f54ca35b8a76a332b717fb81a52cafff6e813d15 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 15 Jun 2023 12:09:30 +0200 Subject: [PATCH 06/11] build_info: do not enable ECP_LIGHT when PSA_WANT_ALG_ECDSA Signed-off-by: Valerio Setti --- include/mbedtls/build_info.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h index e01f57152..24c394112 100644 --- a/include/mbedtls/build_info.h +++ b/include/mbedtls/build_info.h @@ -148,8 +148,7 @@ #if defined(MBEDTLS_ECP_C) || \ defined(MBEDTLS_PK_PARSE_EC_EXTENDED) || \ defined(MBEDTLS_PK_PARSE_EC_COMPRESSED) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_DERIVE) || \ - (defined(MBEDTLS_PK_C) && defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_ECDSA)) + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_DERIVE) #define MBEDTLS_ECP_LIGHT #endif From bc2b1d32888e7a4996ff4cf6c5e2a07f8433a49c Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 19 Jun 2023 12:15:13 +0200 Subject: [PATCH 07/11] psa: move mbedtls_ecc_group_to_psa() from inline function to standard one Signed-off-by: Valerio Setti --- include/psa/crypto_extra.h | 50 ++------------------------------------ library/psa_crypto.c | 49 +++++++++++++++++++++++++++++++++++++ 2 files changed, 51 insertions(+), 48 deletions(-) diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index fb639fadb..cfa7a67be 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -589,54 +589,8 @@ psa_status_t psa_get_key_domain_parameters( * (`PSA_ECC_FAMILY_xxx`). * \return \c 0 on failure (\p grpid is not recognized). */ -static inline psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid, - size_t *bits) -{ - switch (grpid) { - case MBEDTLS_ECP_DP_SECP192R1: - *bits = 192; - return PSA_ECC_FAMILY_SECP_R1; - case MBEDTLS_ECP_DP_SECP224R1: - *bits = 224; - return PSA_ECC_FAMILY_SECP_R1; - case MBEDTLS_ECP_DP_SECP256R1: - *bits = 256; - return PSA_ECC_FAMILY_SECP_R1; - case MBEDTLS_ECP_DP_SECP384R1: - *bits = 384; - return PSA_ECC_FAMILY_SECP_R1; - case MBEDTLS_ECP_DP_SECP521R1: - *bits = 521; - return PSA_ECC_FAMILY_SECP_R1; - case MBEDTLS_ECP_DP_BP256R1: - *bits = 256; - return PSA_ECC_FAMILY_BRAINPOOL_P_R1; - case MBEDTLS_ECP_DP_BP384R1: - *bits = 384; - return PSA_ECC_FAMILY_BRAINPOOL_P_R1; - case MBEDTLS_ECP_DP_BP512R1: - *bits = 512; - return PSA_ECC_FAMILY_BRAINPOOL_P_R1; - case MBEDTLS_ECP_DP_CURVE25519: - *bits = 255; - return PSA_ECC_FAMILY_MONTGOMERY; - case MBEDTLS_ECP_DP_SECP192K1: - *bits = 192; - return PSA_ECC_FAMILY_SECP_K1; - case MBEDTLS_ECP_DP_SECP224K1: - *bits = 224; - return PSA_ECC_FAMILY_SECP_K1; - case MBEDTLS_ECP_DP_SECP256K1: - *bits = 256; - return PSA_ECC_FAMILY_SECP_K1; - case MBEDTLS_ECP_DP_CURVE448: - *bits = 448; - return PSA_ECC_FAMILY_MONTGOMERY; - default: - *bits = 0; - return 0; - } -} +psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid, + size_t *bits); /** Convert an ECC curve identifier from the PSA encoding to Mbed TLS. * diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 9fdb366ca..d6723b27e 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -391,6 +391,55 @@ static void psa_wipe_tag_output_buffer(uint8_t *output_buffer, psa_status_t stat /****************************************************************/ #if defined(MBEDTLS_PK_HAVE_ECC_KEYS) +psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid, + size_t *bits) +{ + switch (grpid) { + case MBEDTLS_ECP_DP_SECP192R1: + *bits = 192; + return PSA_ECC_FAMILY_SECP_R1; + case MBEDTLS_ECP_DP_SECP224R1: + *bits = 224; + return PSA_ECC_FAMILY_SECP_R1; + case MBEDTLS_ECP_DP_SECP256R1: + *bits = 256; + return PSA_ECC_FAMILY_SECP_R1; + case MBEDTLS_ECP_DP_SECP384R1: + *bits = 384; + return PSA_ECC_FAMILY_SECP_R1; + case MBEDTLS_ECP_DP_SECP521R1: + *bits = 521; + return PSA_ECC_FAMILY_SECP_R1; + case MBEDTLS_ECP_DP_BP256R1: + *bits = 256; + return PSA_ECC_FAMILY_BRAINPOOL_P_R1; + case MBEDTLS_ECP_DP_BP384R1: + *bits = 384; + return PSA_ECC_FAMILY_BRAINPOOL_P_R1; + case MBEDTLS_ECP_DP_BP512R1: + *bits = 512; + return PSA_ECC_FAMILY_BRAINPOOL_P_R1; + case MBEDTLS_ECP_DP_CURVE25519: + *bits = 255; + return PSA_ECC_FAMILY_MONTGOMERY; + case MBEDTLS_ECP_DP_SECP192K1: + *bits = 192; + return PSA_ECC_FAMILY_SECP_K1; + case MBEDTLS_ECP_DP_SECP224K1: + *bits = 224; + return PSA_ECC_FAMILY_SECP_K1; + case MBEDTLS_ECP_DP_SECP256K1: + *bits = 256; + return PSA_ECC_FAMILY_SECP_K1; + case MBEDTLS_ECP_DP_CURVE448: + *bits = 448; + return PSA_ECC_FAMILY_MONTGOMERY; + default: + *bits = 0; + return 0; + } +} + mbedtls_ecp_group_id mbedtls_ecc_group_of_psa(psa_ecc_family_t curve, size_t bits, int bits_is_sloppy) From a9aab1a85bd3d2639af4485a77c577a3d78e5858 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 19 Jun 2023 13:39:54 +0200 Subject: [PATCH 08/11] pk/psa: use PSA guard for mbedtls_ecc_group_to_psa() and mbedtls_ecc_group_of_psa() This allows also to: - removing the dependency on ECP_C for these functions and only rely on PSA symbols - removing extra header inclusing from crypto_extra.h - return MBEDTLS_PK_USE_PSA_EC_DATA and MBEDTLS_PK_HAVE_ECC_KEYS to their original position in pk.h Signed-off-by: Valerio Setti --- include/mbedtls/pk.h | 58 +++++++++++++++++++------------------- include/psa/crypto_extra.h | 5 ++-- library/psa_crypto.c | 4 +-- 3 files changed, 33 insertions(+), 34 deletions(-) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index ba1544739..089333d7e 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -40,35 +40,6 @@ #include "mbedtls/ecdsa.h" #endif -/* Internal helper to define which fields in the pk_context structure below - * should be used for EC keys: legacy ecp_keypair or the raw (PSA friendly) - * format. It should be noticed that this only affect how data is stored, not - * which functions are used for various operations. The overall picture looks - * like this: - * - if USE_PSA is not defined and ECP_C is then use ecp_keypair data structure - * and legacy functions - * - if USE_PSA is defined and - * - if ECP_C then use ecp_keypair structure, convert data to a PSA friendly - * format and use PSA functions - * - if !ECP_C then use new raw data and PSA functions directly. - * - * The main reason for the "intermediate" (USE_PSA + ECP_C) above is that as long - * as ECP_C is defined mbedtls_pk_ec() gives the user a read/write access to the - * ecp_keypair structure inside the pk_context so he/she can modify it using - * ECP functions which are not under PK module's control. - */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && \ - !defined(MBEDTLS_ECP_C) -#define MBEDTLS_PK_USE_PSA_EC_DATA -#endif /* MBEDTLS_USE_PSA_CRYPTO && !MBEDTLS_ECP_C */ - -/* Helper symbol to state that the PK module has support for EC keys. This - * can either be provided through the legacy ECP solution or through the - * PSA friendly MBEDTLS_PK_USE_PSA_EC_DATA. */ -#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) || defined(MBEDTLS_ECP_C) -#define MBEDTLS_PK_HAVE_ECC_KEYS -#endif /* MBEDTLS_PK_USE_PSA_EC_DATA || MBEDTLS_ECP_C */ - #if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_PSA_CRYPTO_C) #include "psa/crypto.h" #endif @@ -231,6 +202,35 @@ typedef struct mbedtls_pk_rsassa_pss_options { #define MBEDTLS_PK_CAN_ECDH #endif +/* Internal helper to define which fields in the pk_context structure below + * should be used for EC keys: legacy ecp_keypair or the raw (PSA friendly) + * format. It should be noticed that this only affect how data is stored, not + * which functions are used for various operations. The overall picture looks + * like this: + * - if USE_PSA is not defined and ECP_C is then use ecp_keypair data structure + * and legacy functions + * - if USE_PSA is defined and + * - if ECP_C then use ecp_keypair structure, convert data to a PSA friendly + * format and use PSA functions + * - if !ECP_C then use new raw data and PSA functions directly. + * + * The main reason for the "intermediate" (USE_PSA + ECP_C) above is that as long + * as ECP_C is defined mbedtls_pk_ec() gives the user a read/write access to the + * ecp_keypair structure inside the pk_context so he/she can modify it using + * ECP functions which are not under PK module's control. + */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && \ + !defined(MBEDTLS_ECP_C) +#define MBEDTLS_PK_USE_PSA_EC_DATA +#endif /* MBEDTLS_USE_PSA_CRYPTO && !MBEDTLS_ECP_C */ + +/* Helper symbol to state that the PK module has support for EC keys. This + * can either be provided through the legacy ECP solution or through the + * PSA friendly MBEDTLS_PK_USE_PSA_EC_DATA. */ +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) || defined(MBEDTLS_ECP_C) +#define MBEDTLS_PK_HAVE_ECC_KEYS +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA || MBEDTLS_ECP_C */ + /** * \brief Types for interfacing with the debug module */ diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index cfa7a67be..5529dd1c8 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -572,8 +572,7 @@ psa_status_t psa_get_key_domain_parameters( /** \defgroup psa_tls_helpers TLS helper functions * @{ */ -#include -#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) #include /** Convert an ECC curve identifier from the Mbed TLS encoding to PSA. @@ -614,7 +613,7 @@ psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid, mbedtls_ecp_group_id mbedtls_ecc_group_of_psa(psa_ecc_family_t curve, size_t bits, int bits_is_sloppy); -#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ +#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ /**@}*/ diff --git a/library/psa_crypto.c b/library/psa_crypto.c index d6723b27e..217348323 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -390,7 +390,7 @@ static void psa_wipe_tag_output_buffer(uint8_t *output_buffer, psa_status_t stat /* Key management */ /****************************************************************/ -#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid, size_t *bits) { @@ -531,7 +531,7 @@ mbedtls_ecp_group_id mbedtls_ecc_group_of_psa(psa_ecc_family_t curve, (void) bits_is_sloppy; return MBEDTLS_ECP_DP_NONE; } -#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ +#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ psa_status_t psa_validate_unstructured_key_bit_size(psa_key_type_t type, size_t bits) From e1651360c02eae921e8484813712c80268b011bf Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 19 Jun 2023 14:19:44 +0200 Subject: [PATCH 09/11] pkwrite: fix wrong guard position for pk_get_opaque_ec_family() Signed-off-by: Valerio Setti --- library/pkwrite.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/library/pkwrite.c b/library/pkwrite.c index e6f1aefaf..5f801e27d 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -76,7 +76,6 @@ static inline int mbedtls_pk_is_rfc8410(const mbedtls_pk_context *pk) #endif return 0; } -#endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */ #if defined(MBEDTLS_USE_PSA_CRYPTO) /* It is assumed that the input key is opaque */ @@ -93,7 +92,11 @@ static psa_ecc_family_t pk_get_opaque_ec_family(const mbedtls_pk_context *pk) return ec_family; } +#endif /* MBETLS_USE_PSA_CRYPTO */ +#endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) /* It is assumed that the input key is opaque */ static psa_key_type_t pk_get_opaque_key_type(const mbedtls_pk_context *pk) { @@ -109,7 +112,6 @@ static psa_key_type_t pk_get_opaque_key_type(const mbedtls_pk_context *pk) return opaque_key_type; } #endif /* MBETLS_USE_PSA_CRYPTO */ -#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ #if defined(MBEDTLS_RSA_C) /* From 5bd2523178be84f6eba42e720bd3e74d242667ee Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 19 Jun 2023 19:32:14 +0200 Subject: [PATCH 10/11] test: ignore compressed points' tests when checking coverage without ECP at all Signed-off-by: Valerio Setti --- tests/scripts/analyze_outcomes.py | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 2d054d7b3..46c21f73a 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -302,6 +302,28 @@ TASKS = { # case above. ('Key ASN1 (OneAsymmetricKey X25519, doesn\'t match masking ' 'requirements, from RFC8410 Appendix A but made into version 0)'), + # When PK_PARSE_C and ECP_C are defined then PK_PARSE_EC_COMPRESSED + # is automatically enabled in build_info.h (backward compatibility) + # even if it is disabled in config_psa_crypto_no_ecp_at_all(). As a + # consequence compressed points are supported in the reference + # component but not in the accelerated one, so they should be skipped + # while checking driver's coverage. + 'Parse EC Key #10a (SEC1 PEM, secp384r1, compressed)', + 'Parse EC Key #11a (SEC1 PEM, secp521r1, compressed)', + 'Parse EC Key #12a (SEC1 PEM, bp256r1, compressed)', + 'Parse EC Key #13a (SEC1 PEM, bp384r1, compressed)', + 'Parse EC Key #14a (SEC1 PEM, bp512r1, compressed)', + 'Parse EC Key #2a (SEC1 PEM, secp192r1, compressed)', + 'Parse EC Key #8a (SEC1 PEM, secp224r1, compressed)', + 'Parse EC Key #9a (SEC1 PEM, secp256r1, compressed)', + 'Parse Public EC Key #2a (RFC 5480, PEM, secp192r1, compressed)', + 'Parse Public EC Key #3a (RFC 5480, secp224r1, compressed)', + 'Parse Public EC Key #4a (RFC 5480, secp256r1, compressed)', + 'Parse Public EC Key #5a (RFC 5480, secp384r1, compressed)', + 'Parse Public EC Key #6a (RFC 5480, secp521r1, compressed)', + 'Parse Public EC Key #7a (RFC 5480, brainpoolP256r1, compressed)', + 'Parse Public EC Key #8a (RFC 5480, brainpoolP384r1, compressed)', + 'Parse Public EC Key #9a (RFC 5480, brainpoolP512r1, compressed)', ], } } From 4b3c02b626d25ba2f67bf3aec8c590c7b4324546 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 21 Jun 2023 11:23:06 +0200 Subject: [PATCH 11/11] test: remove duplicate PK_HAVE_ECC_KEYS dependency in pkparse suite Signed-off-by: Valerio Setti --- tests/suites/test_suite_pkparse.data | 68 ++++++++++++++-------------- 1 file changed, 34 insertions(+), 34 deletions(-) diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data index 144646cc8..ed5a57655 100644 --- a/tests/suites/test_suite_pkparse.data +++ b/tests/suites/test_suite_pkparse.data @@ -905,11 +905,11 @@ Parse Public RSA Key #4 (PKCS#1 wrapped, DER) pk_parse_public_keyfile_rsa:"data_files/rsa_pkcs1_2048_public.der":0 Parse Public EC Key #1 (RFC 5480, DER) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED +depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED pk_parse_public_keyfile_ec:"data_files/ec_pub.der":0 Parse Public EC Key #2 (RFC 5480, PEM) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED pk_parse_public_keyfile_ec:"data_files/ec_pub.pem":0 Parse Public EC Key #2a (RFC 5480, PEM, secp192r1, compressed) @@ -917,7 +917,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SEC pk_parse_public_keyfile_ec:"data_files/ec_pub.comp.pem":0 Parse Public EC Key #3 (RFC 5480, secp224r1) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP224R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP224R1_ENABLED pk_parse_public_keyfile_ec:"data_files/ec_224_pub.pem":0 # Compressed points parsing does not support MBEDTLS_ECP_DP_SECP224R1 and @@ -927,7 +927,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SEC pk_parse_public_keyfile_ec:"data_files/ec_224_pub.comp.pem":MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE Parse Public EC Key #4 (RFC 5480, secp256r1) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED pk_parse_public_keyfile_ec:"data_files/ec_256_pub.pem":0 Parse Public EC Key #4a (RFC 5480, secp256r1, compressed) @@ -935,7 +935,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SEC pk_parse_public_keyfile_ec:"data_files/ec_256_pub.comp.pem":0 Parse Public EC Key #5 (RFC 5480, secp384r1) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED pk_parse_public_keyfile_ec:"data_files/ec_384_pub.pem":0 Parse Public EC Key #5a (RFC 5480, secp384r1, compressed) @@ -943,7 +943,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SEC pk_parse_public_keyfile_ec:"data_files/ec_384_pub.comp.pem":0 Parse Public EC Key #6 (RFC 5480, secp521r1) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP521R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED pk_parse_public_keyfile_ec:"data_files/ec_521_pub.pem":0 Parse Public EC Key #6a (RFC 5480, secp521r1, compressed) @@ -951,7 +951,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SEC pk_parse_public_keyfile_ec:"data_files/ec_521_pub.comp.pem":0 Parse Public EC Key #7 (RFC 5480, brainpoolP256r1) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_BP256R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_BP256R1_ENABLED pk_parse_public_keyfile_ec:"data_files/ec_bp256_pub.pem":0 Parse Public EC Key #7a (RFC 5480, brainpoolP256r1, compressed) @@ -959,7 +959,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_BP2 pk_parse_public_keyfile_ec:"data_files/ec_bp256_pub.comp.pem":0 Parse Public EC Key #8 (RFC 5480, brainpoolP384r1) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_BP384R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_BP384R1_ENABLED pk_parse_public_keyfile_ec:"data_files/ec_bp384_pub.pem":0 Parse Public EC Key #8a (RFC 5480, brainpoolP384r1, compressed) @@ -967,7 +967,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_BP3 pk_parse_public_keyfile_ec:"data_files/ec_bp384_pub.comp.pem":0 Parse Public EC Key #9 (RFC 5480, brainpoolP512r1) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_BP512R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_BP512R1_ENABLED pk_parse_public_keyfile_ec:"data_files/ec_bp512_pub.pem":0 Parse Public EC Key #9a (RFC 5480, brainpoolP512r1, compressed) @@ -975,19 +975,19 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_BP5 pk_parse_public_keyfile_ec:"data_files/ec_bp512_pub.comp.pem":0 Parse Public EC Key #10 (RFC 8410, DER, X25519) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE25519_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED pk_parse_public_keyfile_ec:"data_files/ec_x25519_pub.der":0 Parse Public EC Key #11 (RFC 8410, DER, X448) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE448_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_CURVE448_ENABLED pk_parse_public_keyfile_ec:"data_files/ec_x448_pub.der":0 Parse Public EC Key #12 (RFC 8410, PEM, X25519) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE25519_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED pk_parse_public_keyfile_ec:"data_files/ec_x25519_pub.pem":0 Parse Public EC Key #13 (RFC 8410, PEM, X448) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE448_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_CURVE448_ENABLED pk_parse_public_keyfile_ec:"data_files/ec_x448_pub.pem":0 Parse EC Key #1 (SEC1 DER) @@ -995,7 +995,7 @@ depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_prv.sec1.der":"NULL":0 Parse EC Key #2 (SEC1 PEM) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_prv.sec1.pem":"NULL":0 Parse EC Key #2a (SEC1 PEM, secp192r1, compressed) @@ -1003,43 +1003,43 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SEC pk_parse_keyfile_ec:"data_files/ec_prv.sec1.comp.pem":"NULL":0 Parse EC Key #3 (SEC1 PEM encrypted) -depends_on:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA +depends_on:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA pk_parse_keyfile_ec:"data_files/ec_prv.sec1.pw.pem":"polar":0 Parse EC Key #4 (PKCS8 DER) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED +depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_prv.pk8.der":"NULL":0 Parse EC Key #4a (PKCS8 DER, no public key) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopub.der":"NULL":0 Parse EC Key #4b (PKCS8 DER, no public key, with parameters) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopubparam.der":"NULL":0 Parse EC Key #4c (PKCS8 DER, with parameters) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_prv.pk8param.der":"NULL":0 Parse EC Key #5 (PKCS8 PEM) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_prv.pk8.pem":"NULL":0 Parse EC Key #5a (PKCS8 PEM, no public key) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopub.pem":"NULL":0 Parse EC Key #5b (PKCS8 PEM, no public key, with parameters) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopubparam.pem":"NULL":0 Parse EC Key #5c (PKCS8 PEM, with parameters) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_prv.pk8param.pem":"NULL":0 Parse EC Key #8 (SEC1 PEM, secp224r1) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP224R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP224R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_224_prv.pem":"NULL":0 Parse EC Key #8a (SEC1 PEM, secp224r1, compressed) @@ -1047,7 +1047,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SEC pk_parse_keyfile_ec:"data_files/ec_224_prv.comp.pem":"NULL":0 Parse EC Key #9 (SEC1 PEM, secp256r1) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP256R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_256_prv.pem":"NULL":0 Parse EC Key #9a (SEC1 PEM, secp256r1, compressed) @@ -1055,7 +1055,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SEC pk_parse_keyfile_ec:"data_files/ec_256_prv.comp.pem":"NULL":0 Parse EC Key #10 (SEC1 PEM, secp384r1) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_384_prv.pem":"NULL":0 Parse EC Key #10a (SEC1 PEM, secp384r1, compressed) @@ -1063,7 +1063,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SEC pk_parse_keyfile_ec:"data_files/ec_384_prv.comp.pem":"NULL":0 Parse EC Key #11 (SEC1 PEM, secp521r1) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP521R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_521_prv.pem":"NULL":0 Parse EC Key #11a (SEC1 PEM, secp521r1, compressed) @@ -1071,7 +1071,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SEC pk_parse_keyfile_ec:"data_files/ec_521_prv.comp.pem":"NULL":0 Parse EC Key #12 (SEC1 PEM, bp256r1) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_BP256R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_BP256R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_bp256_prv.pem":"NULL":0 Parse EC Key #12a (SEC1 PEM, bp256r1, compressed) @@ -1079,7 +1079,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_BP2 pk_parse_keyfile_ec:"data_files/ec_bp256_prv.comp.pem":"NULL":0 Parse EC Key #13 (SEC1 PEM, bp384r1) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_BP384R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_BP384R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_bp384_prv.pem":"NULL":0 Parse EC Key #13a (SEC1 PEM, bp384r1, compressed) @@ -1087,7 +1087,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_BP3 pk_parse_keyfile_ec:"data_files/ec_bp384_prv.comp.pem":"NULL":0 Parse EC Key #14 (SEC1 PEM, bp512r1) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_BP512R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_BP512R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_bp512_prv.pem":"NULL":0 Parse EC Key #14a (SEC1 PEM, bp512r1, compressed) @@ -1099,19 +1099,19 @@ depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED:MBEDTLS_PK_PARSE_EC_EXTENDED pk_parse_keyfile_ec:"data_files/ec_prv.specdom.der":"NULL":0 Parse EC Key #16 (RFC 8410, DER, X25519) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE25519_ENABLED +depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED pk_parse_keyfile_ec:"data_files/ec_x25519_prv.der":"NULL":0 Parse EC Key #17 (RFC 8410, DER, X448) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE448_ENABLED +depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED pk_parse_keyfile_ec:"data_files/ec_x448_prv.der":"NULL":0 Parse EC Key #18 (RFC 8410, PEM, X25519) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE25519_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED pk_parse_keyfile_ec:"data_files/ec_x25519_prv.pem":"NULL":0 Parse EC Key #19 (RFC 8410, PEM, X448) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE448_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_CURVE448_ENABLED pk_parse_keyfile_ec:"data_files/ec_x448_prv.pem":"NULL":0 Key ASN1 (No data)