From 842d3552b61d4473abf651a357cd5854afbb3e7f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 28 Sep 2023 09:29:43 +0200 Subject: [PATCH] Add check for unsupported partial key type acceleration MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Tested manually as follows: in component_test_psa_crypto_config_accel_ecc_some_key_types, modify loc_accel_list to remove one of the key types between helper_libtestdriver1_make_drivers and helper_libtestdriver1_make_main, and observe that the 2nd build fails with the expected #error. Note: removing one of the key types before helper_libtestdriver1_make_drivers causes the build of libtestdriver1 to fail, which is quite acceptable, just not what we're trying to observe. Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/check_config.h | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 6a2f9d21a..86598608b 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -125,6 +125,22 @@ #endif /* MBEDTLS_PSA_CRYPTO_CONFIG || MBEDTLS_PSA_CRYPTO_C */ +/* Limitations on ECC key types acceleration: if we have any of `PUBLIC_KEY`, + * `KEY_PAIR_BASIC`, `KEY_PAIR_IMPORT`, `KEY_PAIR_EXPORT` then we must have + * all 4 of them. + */ +#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) || \ + defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC) || \ + defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT) || \ + defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT) +#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) || \ + !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC) || \ + !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT) || \ + !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT) +#error "Unsupported partial support for ECC key type acceleration, see docs/driver-only-builds.md" +#endif /* not all of public, basic, import, export */ +#endif /* one of public, basic, import, export */ + #if defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_AES_C) #error "MBEDTLS_CTR_DRBG_C defined, but not all prerequisites" #endif