Merge pull request #7682 from valeriosetti/issue7453

driver-only ECC: ECPf.PK testing
2023-06-22 09:45:57 +02:00 · 2023-06-22 09:45:57 +02:00 · 2fb9d00f6d
commit 2fb9d00f6d
parent f2154a6e10 4b3c02b626
20 changed files with 252 additions and 324 deletions
--- a/include/mbedtls/build_info.h
+++ b/include/mbedtls/build_info.h
@ -148,8 +148,7 @@
 #if defined(MBEDTLS_ECP_C) || \
    defined(MBEDTLS_PK_PARSE_EC_EXTENDED) || \
    defined(MBEDTLS_PK_PARSE_EC_COMPRESSED) || \
-    defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_DERIVE) || \
-    (defined(MBEDTLS_PK_C) && defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_ECDSA))
+    defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_DERIVE)
 #define MBEDTLS_ECP_LIGHT
 #endif

--- a/include/mbedtls/oid.h
+++ b/include/mbedtls/oid.h
@ -545,7 +545,7 @@ int mbedtls_oid_get_pk_alg(const mbedtls_asn1_buf *oid, mbedtls_pk_type_t *pk_al
 int mbedtls_oid_get_oid_by_pk_alg(mbedtls_pk_type_t pk_alg,
                                  const char **oid, size_t *olen);

-#if defined(MBEDTLS_ECP_LIGHT)
+#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
 /**
 * \brief          Translate NamedCurve OID into an EC group identifier
 *
@ -591,7 +591,7 @@ int mbedtls_oid_get_ec_grp_algid(const mbedtls_asn1_buf *oid, mbedtls_ecp_group_
 */
 int mbedtls_oid_get_oid_by_ec_grp_algid(mbedtls_ecp_group_id grp_id,
                                        const char **oid, size_t *olen);
-#endif /* MBEDTLS_ECP_LIGHT */
+#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */

 /**
 * \brief          Translate SignatureAlgorithm OID into md_type and pk_type
--- a/include/mbedtls/pk.h
+++ b/include/mbedtls/pk.h
@ -207,7 +207,8 @@ typedef struct mbedtls_pk_rsassa_pss_options {
 * format. It should be noticed that this only affect how data is stored, not
 * which functions are used for various operations. The overall picture looks
 * like this:
- * - if ECP_C is defined then use legacy functions
+ * - if USE_PSA is not defined and ECP_C is then use ecp_keypair data structure
+ *   and legacy functions
 * - if USE_PSA is defined and
 *     - if ECP_C then use ecp_keypair structure, convert data to a PSA friendly
 *       format and use PSA functions
@ -218,11 +219,18 @@ typedef struct mbedtls_pk_rsassa_pss_options {
 * ecp_keypair structure inside the pk_context so he/she can modify it using
 * ECP functions which are not under PK module's control.
 */
-#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_ECP_C) && \
-    defined(MBEDTLS_ECP_LIGHT)
+#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && \
+    !defined(MBEDTLS_ECP_C)
 #define MBEDTLS_PK_USE_PSA_EC_DATA
 #endif /* MBEDTLS_USE_PSA_CRYPTO && !MBEDTLS_ECP_C */

+/* Helper symbol to state that the PK module has support for EC keys. This
+ * can either be provided through the legacy ECP solution or through the
+ * PSA friendly MBEDTLS_PK_USE_PSA_EC_DATA. */
+#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) || defined(MBEDTLS_ECP_C)
+#define MBEDTLS_PK_HAVE_ECC_KEYS
+#endif /* MBEDTLS_PK_USE_PSA_EC_DATA || MBEDTLS_ECP_C */
+
 /**
 * \brief           Types for interfacing with the debug module
 */