diff --git a/include/mbedtls/check_config_psa.h b/include/mbedtls/check_config_psa.h
index 3fb5850c6..483aa0e06 100644
--- a/include/mbedtls/check_config_psa.h
+++ b/include/mbedtls/check_config_psa.h
@@ -36,4 +36,52 @@
#error "MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA defined, but not all prerequisites"
#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) && \
+ !( defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \
+ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) || \
+ defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \
+ defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) )
+#error "MBEDTLS_PSA_BUILTIN_ALG_ECDSA defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) && \
+ !( defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \
+ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) || \
+ defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \
+ defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) )
+#error "MBEDTLS_PSA_BUILTIN_ALG_ECDH defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) && \
+ !( defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \
+ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) || \
+ defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \
+ defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY) )
+#error "MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) && \
+ !( defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \
+ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) || \
+ defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \
+ defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY) )
+#error "MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) && \
+ !( defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \
+ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) || \
+ defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \
+ defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY) )
+#error "MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) && \
+ !( defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \
+ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) || \
+ defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \
+ defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY) )
+#error "MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS defined, but not all prerequisites"
+#endif
+
#endif /* MBEDTLS_CHECK_CONFIG_PSA_H */
diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h
index 48046e07b..0690ee719 100644
--- a/include/mbedtls/config_psa.h
+++ b/include/mbedtls/config_psa.h
@@ -91,6 +91,7 @@ extern "C" {
#if defined(PSA_WANT_ALG_HKDF)
#if !defined(MBEDTLS_PSA_ACCEL_ALG_HKDF)
+#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
#define MBEDTLS_PSA_BUILTIN_ALG_HKDF 1
#define MBEDTLS_HKDF_C
#define MBEDTLS_MD_C
@@ -187,6 +188,7 @@ extern "C" {
#endif /* MBEDTLS_MD_C */
#if defined(MBEDTLS_HKDF_C)
+#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
#define MBEDTLS_PSA_BUILTIN_ALG_HKDF 1
#endif /* MBEDTLS_HKDF_C */
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 31506ef3b..78d0b9a3f 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -371,7 +371,9 @@ static inline int psa_key_slot_is_external( const psa_key_slot_t *slot )
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \
- defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)
+ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) || \
+ defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \
+ defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY)
mbedtls_ecp_group_id mbedtls_ecc_group_of_psa( psa_ecc_family_t curve,
size_t byte_length )
{
@@ -440,7 +442,9 @@ mbedtls_ecp_group_id mbedtls_ecc_group_of_psa( psa_ecc_family_t curve,
}
}
#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) ||
- * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) */
+ * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) ||
+ * defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) ||
+ * defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) */
static psa_status_t validate_unstructured_key_bit_size( psa_key_type_t type,
size_t bits )
@@ -593,6 +597,16 @@ exit:
#endif /* MBEDTLS_PK_PARSE_C */
}
+#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) ||
+ * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) ||
+ * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) ||
+ * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) ||
+ * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) ||
+ * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */
+
+#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \
+ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
+
/** Export an RSA key to export representation
*
* \param[in] type The type of key (public/private) to export
@@ -716,15 +730,15 @@ exit:
return( PSA_SUCCESS );
}
-#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) ||
- * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) ||
- * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) ||
- * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) ||
- * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) ||
+
+#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) ||
* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \
- defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)
+ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
/** Load the contents of a key buffer into an internal ECP representation
*
* \param[in] type The type of key contained in \p data.
@@ -824,7 +838,14 @@ exit:
return( status );
}
+#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) ||
+ * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) ||
+ * defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) ||
+ * defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) ||
+ * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */
+#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \
+ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)
/** Export an ECP key to export representation
*
* \param[in] type The type of key (public/private) to export
@@ -1444,7 +1465,11 @@ psa_status_t psa_get_key_domain_parameters(
return( PSA_SUCCESS );
}
-#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) || \
+ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
static psa_status_t psa_get_rsa_public_exponent(
const mbedtls_rsa_context *rsa,
@@ -1485,7 +1510,11 @@ exit:
mbedtls_free( buffer );
return( mbedtls_to_psa_error( ret ) );
}
-#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) ||
+#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) ||
+ * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) ||
+ * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) ||
+ * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) ||
+ * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) ||
* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */
/** Retrieve all the publicly-accessible attributes of a key.
@@ -1513,7 +1542,11 @@ psa_status_t psa_get_key_attributes( psa_key_handle_t handle,
switch( slot->attr.type )
{
-#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) || \
+ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
case PSA_KEY_TYPE_RSA_KEY_PAIR:
case PSA_KEY_TYPE_RSA_PUBLIC_KEY:
@@ -1541,7 +1574,11 @@ psa_status_t psa_get_key_attributes( psa_key_handle_t handle,
mbedtls_free( rsa );
}
break;
-#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) ||
+#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) ||
+ * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) ||
+ * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) ||
+ * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) ||
+ * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) ||
* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */
default:
/* Nothing else to do. */
@@ -1671,7 +1708,8 @@ static psa_status_t psa_internal_export_key( const psa_key_slot_t *slot,
}
else
{
-#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)
+#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \
+ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)
mbedtls_ecp_keypair *ecp = NULL;
psa_status_t status = psa_load_ecp_representation(
slot->attr.type,
@@ -2884,7 +2922,7 @@ static const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa(
(int) key_bits, mode ) );
}
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) || defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF)
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC)
static size_t psa_get_hash_block_size( psa_algorithm_t alg )
{
switch( alg )
@@ -2911,7 +2949,7 @@ static size_t psa_get_hash_block_size( psa_algorithm_t alg )
return( 0 );
}
}
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC || MBEDTLS_PSA_BUILTIN_ALG_HKDF */
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */
/* Initialize the MAC operation structure. Once this function has been
* called, psa_mac_abort can run and will do the right thing. */
@@ -2955,13 +2993,13 @@ static psa_status_t psa_mac_init( psa_mac_operation_t *operation,
return( status );
}
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) || defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF)
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC)
static psa_status_t psa_hmac_abort_internal( psa_hmac_internal_data *hmac )
{
mbedtls_platform_zeroize( hmac->opad, sizeof( hmac->opad ) );
return( psa_hash_abort( &hmac->hash_ctx ) );
}
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC || MBEDTLS_PSA_BUILTIN_ALG_HKDF */
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */
psa_status_t psa_mac_abort( psa_mac_operation_t *operation )
{
@@ -3032,7 +3070,7 @@ static int psa_cmac_setup( psa_mac_operation_t *operation,
}
#endif /* MBEDTLS_CMAC_C */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) || defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF)
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC)
static psa_status_t psa_hmac_setup_internal( psa_hmac_internal_data *hmac,
const uint8_t *key,
size_t key_length,
@@ -3094,7 +3132,7 @@ cleanup:
return( status );
}
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC || MBEDTLS_PSA_BUILTIN_ALG_HKDF */
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */
static psa_status_t psa_mac_setup( psa_mac_operation_t *operation,
psa_key_handle_t handle,
@@ -3266,7 +3304,7 @@ psa_status_t psa_mac_update( psa_mac_operation_t *operation,
return( status );
}
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) || defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF)
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC)
static psa_status_t psa_hmac_finish_internal( psa_hmac_internal_data *hmac,
uint8_t *mac,
size_t mac_size )
@@ -3304,7 +3342,7 @@ exit:
mbedtls_platform_zeroize( tmp, hash_size );
return( status );
}
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC || MBEDTLS_PSA_BUILTIN_ALG_HKDF */
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */
static psa_status_t psa_mac_finish_internal( psa_mac_operation_t *operation,
uint8_t *mac,
@@ -3433,11 +3471,8 @@ cleanup:
/* Asymmetric cryptography */
/****************************************************************/
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \
- defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
- defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || \
- defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) || \
- defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR)
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
/* Decode the hash algorithm from alg and store the mbedtls encoding in
* md_alg. Verify that the hash length is acceptable. */
static psa_status_t psa_rsa_decode_md_type( psa_algorithm_t alg,
@@ -3481,7 +3516,6 @@ static psa_status_t psa_rsa_decode_md_type( psa_algorithm_t alg,
return( PSA_SUCCESS );
}
-#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR)
static psa_status_t psa_rsa_sign( mbedtls_rsa_context *rsa,
psa_algorithm_t alg,
const uint8_t *hash,
@@ -3544,7 +3578,6 @@ static psa_status_t psa_rsa_sign( mbedtls_rsa_context *rsa,
*signature_length = mbedtls_rsa_get_len( rsa );
return( mbedtls_to_psa_error( ret ) );
}
-#endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR */
static psa_status_t psa_rsa_verify( mbedtls_rsa_context *rsa,
psa_algorithm_t alg,
@@ -3610,16 +3643,11 @@ static psa_status_t psa_rsa_verify( mbedtls_rsa_context *rsa,
return( PSA_ERROR_INVALID_SIGNATURE );
return( mbedtls_to_psa_error( ret ) );
}
-#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) ||
- * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) ||
- * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) ||
- * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) ||
- * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) */
+#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) ||
+ * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) */
-#if ( defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
- defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) ) && \
- ( defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \
- defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) )
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
/* `ecp` cannot be const because `ecp->grp` needs to be non-const
* for mbedtls_ecdsa_sign() and mbedtls_ecdsa_sign_det()
* (even though these functions don't modify it). */
@@ -3718,10 +3746,8 @@ cleanup:
mbedtls_mpi_free( &s );
return( mbedtls_to_psa_error( ret ) );
}
-#endif /* ( defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) ||
- * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) ) &&
- ( defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) ||
- defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) ) */
+#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) ||
+ * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */
psa_status_t psa_sign_hash( psa_key_handle_t handle,
psa_algorithm_t alg,
@@ -3764,7 +3790,8 @@ psa_status_t psa_sign_hash( psa_key_handle_t handle,
goto exit;
/* If the operation was not supported by any accelerator, try fallback. */
-#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR)
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
if( slot->attr.type == PSA_KEY_TYPE_RSA_KEY_PAIR )
{
mbedtls_rsa_context *rsa = NULL;
@@ -3786,9 +3813,8 @@ psa_status_t psa_sign_hash( psa_key_handle_t handle,
mbedtls_free( rsa );
}
else
-#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) */
-#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \
- defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)
+#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) ||
+ * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) */
if( PSA_KEY_TYPE_IS_ECC( slot->attr.type ) )
{
#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
@@ -3824,8 +3850,6 @@ psa_status_t psa_sign_hash( psa_key_handle_t handle,
}
}
else
-#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) ||
- * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) */
{
status = PSA_ERROR_NOT_SUPPORTED;
}
@@ -3870,8 +3894,8 @@ psa_status_t psa_verify_hash( psa_key_handle_t handle,
psa_key_lifetime_is_external( slot->attr.lifetime ) )
return status;
-#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \
- defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
if( PSA_KEY_TYPE_IS_RSA( slot->attr.type ) )
{
mbedtls_rsa_context *rsa = NULL;
@@ -3892,10 +3916,8 @@ psa_status_t psa_verify_hash( psa_key_handle_t handle,
return( status );
}
else
-#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) ||
- * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */
-#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \
- defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)
+#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) ||
+ * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) */
if( PSA_KEY_TYPE_IS_ECC( slot->attr.type ) )
{
#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
@@ -3924,8 +3946,6 @@ psa_status_t psa_verify_hash( psa_key_handle_t handle,
}
}
else
-#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) ||
- * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) */
{
return( PSA_ERROR_NOT_SUPPORTED );
}
@@ -3973,8 +3993,8 @@ psa_status_t psa_asymmetric_encrypt( psa_key_handle_t handle,
PSA_KEY_TYPE_IS_KEY_PAIR( slot->attr.type ) ) )
return( PSA_ERROR_INVALID_ARGUMENT );
-#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \
- defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
if( PSA_KEY_TYPE_IS_RSA( slot->attr.type ) )
{
mbedtls_rsa_context *rsa = NULL;
@@ -4034,9 +4054,7 @@ rsa_exit:
}
else
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) ||
- * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) ||
- * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) ||
- * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) */
+ * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) */
{
return( PSA_ERROR_NOT_SUPPORTED );
}
@@ -4072,7 +4090,8 @@ psa_status_t psa_asymmetric_decrypt( psa_key_handle_t handle,
if( ! PSA_KEY_TYPE_IS_KEY_PAIR( slot->attr.type ) )
return( PSA_ERROR_INVALID_ARGUMENT );
-#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR)
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
if( slot->attr.type == PSA_KEY_TYPE_RSA_KEY_PAIR )
{
mbedtls_rsa_context *rsa = NULL;
@@ -4131,7 +4150,8 @@ rsa_exit:
return( status );
}
else
-#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) */
+#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) ||
+ * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) */
{
return( PSA_ERROR_NOT_SUPPORTED );
}
@@ -5855,8 +5875,7 @@ psa_status_t psa_key_derivation_input_key(
/* Key agreement */
/****************************************************************/
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) && \
- defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR)
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH)
static psa_status_t psa_key_agreement_ecdh( const uint8_t *peer_key,
size_t peer_key_length,
const mbedtls_ecp_keypair *our_key,
@@ -5907,7 +5926,7 @@ exit:
return( status );
}
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_ECDH && MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR */
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_ECDH */
#define PSA_KEY_AGREEMENT_MAX_SHARED_SECRET_SIZE MBEDTLS_ECP_MAX_BYTES
@@ -5921,8 +5940,7 @@ static psa_status_t psa_key_agreement_raw_internal( psa_algorithm_t alg,
{
switch( alg )
{
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) && \
- defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR)
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH)
case PSA_ALG_ECDH:
if( ! PSA_KEY_TYPE_IS_ECC_KEY_PAIR( private_key->attr.type ) )
return( PSA_ERROR_INVALID_ARGUMENT );
@@ -5941,7 +5959,7 @@ static psa_status_t psa_key_agreement_raw_internal( psa_algorithm_t alg,
mbedtls_ecp_keypair_free( ecp );
mbedtls_free( ecp );
return( status );
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_ECDH && MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR */
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_ECDH */
default:
(void) private_key;
(void) peer_key;
@@ -6105,7 +6123,8 @@ psa_status_t mbedtls_psa_inject_entropy( const uint8_t *seed,
}
#endif /* MBEDTLS_PSA_INJECT_ENTROPY */
-#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) && defined(MBEDTLS_GENPRIME)
+#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) && \
+ defined(MBEDTLS_GENPRIME)
static psa_status_t psa_read_rsa_exponent( const uint8_t *domain_parameters,
size_t domain_parameters_size,
int *exponent )
@@ -6131,7 +6150,8 @@ static psa_status_t psa_read_rsa_exponent( const uint8_t *domain_parameters,
*exponent = acc;
return( PSA_SUCCESS );
}
-#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) && defined(MBEDTLS_GENPRIME) */
+#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) &&
+ * defined(MBEDTLS_GENPRIME) */
static psa_status_t psa_generate_key_internal(
psa_key_slot_t *slot, size_t bits,
@@ -6169,7 +6189,8 @@ static psa_status_t psa_generate_key_internal(
}
else
-#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) && defined(MBEDTLS_GENPRIME)
+#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) && \
+ defined(MBEDTLS_GENPRIME)
if ( type == PSA_KEY_TYPE_RSA_KEY_PAIR )
{
mbedtls_rsa_context rsa;
@@ -6217,7 +6238,8 @@ static psa_status_t psa_generate_key_internal(
return( status );
}
else
-#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) && defined(MBEDTLS_GENPRIME) */
+#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) &&
+ * defined(MBEDTLS_GENPRIME) */
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR)
if ( PSA_KEY_TYPE_IS_ECC( type ) && PSA_KEY_TYPE_IS_KEY_PAIR( type ) )
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 138849c54..592d878a3 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -1324,7 +1324,7 @@ component_test_psa_crypto_config_no_driver() {
}
# This should be renamed to test and updated once the accelerator ECDSA code is in place and ready to test.
-component_build_psa_want_ecdsa_disabled_software() {
+component_build_psa_accel_alg_ecdsa() {
# full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_ECDSA
# without MBEDTLS_ECDSA_C
# PSA_WANT_ALG_ECDSA and PSA_WANT_ALG_DETERMINISTIC_ECDSA are already
@@ -1342,7 +1342,7 @@ component_build_psa_want_ecdsa_disabled_software() {
}
# This should be renamed to test and updated once the accelerator ECDH code is in place and ready to test.
-component_build_psa_want_ecdh_disabled_software() {
+component_build_psa_accel_alg_ecdh() {
# full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_ECDH
# without MBEDTLS_ECDH_C
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_ECDH without MBEDTLS_ECDH_C"
@@ -1361,7 +1361,7 @@ component_build_psa_want_ecdh_disabled_software() {
}
# This should be renamed to test and updated once the accelerator ECC key pair code is in place and ready to test.
-component_build_psa_want_ecc_key_pair() {
+component_build_psa_accel_key_type_ecc_key_pair() {
# full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_KEY_TYPE_ECC_KEY_PAIR"
scripts/config.py full
@@ -1375,7 +1375,7 @@ component_build_psa_want_ecc_key_pair() {
}
# This should be renamed to test and updated once the accelerator ECC public key code is in place and ready to test.
-component_build_psa_want_ecc_public_key() {
+component_build_psa_accel_key_type_ecc_public_key() {
# full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY"
scripts/config.py full
@@ -1389,7 +1389,7 @@ component_build_psa_want_ecc_public_key() {
}
# This should be renamed to test and updated once the accelerator HMAC code is in place and ready to test.
-component_build_psa_want_hmac() {
+component_build_psa_accel_alg_hmac() {
# full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_HMAC
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_HMAC"
scripts/config.py full
@@ -1401,7 +1401,7 @@ component_build_psa_want_hmac() {
}
# This should be renamed to test and updated once the accelerator HKDF code is in place and ready to test.
-component_build_psa_want_hkdf_disabled_software() {
+component_build_psa_accel_alg_hkdf() {
# full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_HKDF
# without MBEDTLS_HKDF_C
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_HKDF without MBEDTLS_HKDF_C"
@@ -1417,7 +1417,7 @@ component_build_psa_want_hkdf_disabled_software() {
}
# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test.
-component_build_psa_want_rsa_pkcs1v15_crypt() {
+component_build_psa_accel_alg_rsa_pkcs1v15_crypt() {
# full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_RSA_PKCS1V15_CRYPT
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RSA_PKCS1V15_CRYPT + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY"
scripts/config.py full
@@ -1433,7 +1433,7 @@ component_build_psa_want_rsa_pkcs1v15_crypt() {
}
# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test.
-component_build_psa_want_rsa_pkcs1v15_sign() {
+component_build_psa_accel_alg_rsa_pkcs1v15_sign() {
# full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_RSA_PKCS1V15_SIGN and PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RSA_PKCS1V15_SIGN + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY"
scripts/config.py full
@@ -1449,7 +1449,7 @@ component_build_psa_want_rsa_pkcs1v15_sign() {
}
# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test.
-component_build_psa_want_rsa_oaep() {
+component_build_psa_accel_alg_rsa_oaep() {
# full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_RSA_OAEP and PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RSA_OAEP + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY"
scripts/config.py full
@@ -1465,7 +1465,7 @@ component_build_psa_want_rsa_oaep() {
}
# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test.
-component_build_psa_want_rsa_pss() {
+component_build_psa_accel_alg_rsa_pss() {
# full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_RSA_PSS and PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RSA_PSS + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY"
scripts/config.py full
@@ -1481,7 +1481,7 @@ component_build_psa_want_rsa_pss() {
}
# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test.
-component_build_psa_want_rsa_key_pair() {
+component_build_psa_accel_key_type_rsa_key_pair() {
# full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_KEY_TYPE_RSA_KEY_PAIR and PSA_WANT_ALG_RSA_PSS
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_KEY_TYPE_RSA_KEY_PAIR + PSA_WANT_ALG_RSA_PSS"
scripts/config.py full
@@ -1495,7 +1495,7 @@ component_build_psa_want_rsa_key_pair() {
}
# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test.
-component_build_psa_want_rsa_public_key() {
+component_build_psa_accel_key_type_rsa_public_key() {
# full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY and PSA_WANT_ALG_RSA_PSS
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY + PSA_WANT_ALG_RSA_PSS"
scripts/config.py full
diff --git a/tests/src/drivers/key_management.c b/tests/src/drivers/key_management.c
index a788934fa..d6d75b3ed 100644
--- a/tests/src/drivers/key_management.c
+++ b/tests/src/drivers/key_management.c
@@ -43,10 +43,11 @@ psa_status_t test_transparent_generate_key(
const psa_key_attributes_t *attributes,
uint8_t *key, size_t key_size, size_t *key_length )
{
-#if !defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) && \
- !defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)
+#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) && \
+ !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY)
(void)attributes;
-#endif /* !MBEDTLS_PSA_BUILTIN_ECC_KEY_PAIR && !MBEDTLS_PSA_BUILTIN_ECC_PUBLIC_KEY */
+#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR &&
+ * !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY */
++test_driver_key_management_hooks.hits;
if( test_driver_key_management_hooks.forced_status != PSA_SUCCESS )
@@ -63,8 +64,8 @@ psa_status_t test_transparent_generate_key(
}
/* Copied from psa_crypto.c */
-#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \
- defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)
+#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \
+ defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY)
if ( PSA_KEY_TYPE_IS_ECC( psa_get_key_type( attributes ) )
&& PSA_KEY_TYPE_IS_KEY_PAIR( psa_get_key_type( attributes ) ) )
{
@@ -120,7 +121,8 @@ psa_status_t test_transparent_generate_key(
return( status );
}
else
-#endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR || MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY */
+#endif /* MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR ||
+ * MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY */
return( PSA_ERROR_NOT_SUPPORTED );
}
@@ -145,8 +147,8 @@ psa_status_t test_transparent_validate_key(const psa_key_attributes_t *attribute
if( test_driver_key_management_hooks.forced_status != PSA_SUCCESS )
return( test_driver_key_management_hooks.forced_status );
-#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \
- defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)
+#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \
+ defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY)
psa_key_type_t type = psa_get_key_type( attributes );
if ( PSA_KEY_TYPE_IS_ECC( type ) )
{
@@ -242,7 +244,8 @@ ecp_exit:
(void) data_length;
(void) bits;
return( PSA_ERROR_NOT_SUPPORTED );
-#endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR || MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY */
+#endif /* MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR ||
+ * MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY */
}
#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */