Add build with some curves accelerated but not all

I chose to divide along the lines of Weierstrass vs other curve shapes (currently just Montgomery), mainly because it's the first thing that came to mind. It happened to reveal an issue in the logic for when (deterministic) ECDSA and ECJPAKE are built-in, which this commit is also fixing. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-09-25 12:35:15 +02:00 · 2023-09-25 12:35:15 +02:00 · 561bce6b16
commit 561bce6b16
parent 702b645dce
2 changed files with 135 additions and 4 deletions
--- a/include/mbedtls/config_adjust_legacy_from_psa.h
+++ b/include/mbedtls/config_adjust_legacy_from_psa.h
@ -48,16 +48,19 @@
 #if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) && \
    !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256)
 #define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES
+#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_WEIERSTRASS_CURVES
 #endif

 #if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384) && \
    !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384)
 #define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES
+#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_WEIERSTRASS_CURVES
 #endif

 #if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512) && \
    !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512)
 #define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES
+#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_WEIERSTRASS_CURVES
 #endif

 #if defined(PSA_WANT_ECC_MONTGOMERY_255) && \
@ -73,41 +76,49 @@
 #if defined(PSA_WANT_ECC_SECP_R1_192) && \
    !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192)
 #define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES
+#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_WEIERSTRASS_CURVES
 #endif

 #if defined(PSA_WANT_ECC_SECP_R1_224) && \
    !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224)
 #define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES
+#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_WEIERSTRASS_CURVES
 #endif

 #if defined(PSA_WANT_ECC_SECP_R1_256) && \
    !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256)
 #define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES
+#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_WEIERSTRASS_CURVES
 #endif

 #if defined(PSA_WANT_ECC_SECP_R1_384) && \
    !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384)
 #define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES
+#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_WEIERSTRASS_CURVES
 #endif

 #if defined(PSA_WANT_ECC_SECP_R1_521) && \
    !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521)
 #define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES
+#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_WEIERSTRASS_CURVES
 #endif

 #if defined(PSA_WANT_ECC_SECP_K1_192) && \
    !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192)
 #define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES
+#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_WEIERSTRASS_CURVES
 #endif

 #if defined(PSA_WANT_ECC_SECP_K1_224) && \
    !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224)
 #define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES
+#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_WEIERSTRASS_CURVES
 #endif

 #if defined(PSA_WANT_ECC_SECP_K1_256) && \
    !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256)
 #define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES
+#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_WEIERSTRASS_CURVES
 #endif

 /* ECC: algs: is acceleration complete? */
@ -295,12 +306,17 @@
 *
 * We need the alg built-in:
 * - if it's not accelerated, or
- * - if there's a curve with missing acceleration, or
+ * - if there's a relevant curve (see below) with missing acceleration, or
 * - if there's a key type among (public, basic) with missing acceleration.
+ *
+ * Relevant curves are:
+ * - all curves for ECDH
+ * - Weierstrass curves for (deterministic) ECDSA
+ * - secp256r1 for EC J-PAKE
 */
 #if defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA)
 #if !defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) || \
-    defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES) || \
+    defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_WEIERSTRASS_CURVES) || \
    defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEYTYPES_BASIC)
 #define MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA 1
 #define MBEDTLS_ECDSA_DETERMINISTIC
@ -327,7 +343,7 @@

 #if defined(PSA_WANT_ALG_ECDSA)
 #if !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || \
-    defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES) || \
+    defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_WEIERSTRASS_CURVES) || \
    defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEYTYPES_BASIC)
 #define MBEDTLS_PSA_BUILTIN_ALG_ECDSA 1
 #define MBEDTLS_ECDSA_C
@ -340,7 +356,7 @@

 #if defined(PSA_WANT_ALG_JPAKE)
 #if !defined(MBEDTLS_PSA_ACCEL_ALG_JPAKE) || \
-    defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES) || \
+    !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256) || \
    defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEYTYPES_BASIC)
 #define MBEDTLS_PSA_BUILTIN_PAKE 1
 #define MBEDTLS_PSA_BUILTIN_ALG_JPAKE 1