From 24e24f2b5ac965ba5ade96662fec8f3c60d4a14e Mon Sep 17 00:00:00 2001 From: Elena Uziunaite Date: Thu, 4 Jul 2024 17:53:40 +0100 Subject: [PATCH] Replace MBEDTLS_ECP_HAVE_SECP521R1 with PSA_WANT_ECC_SECP_R1_521 Signed-off-by: Elena Uziunaite --- library/ssl_tls.c | 4 ++-- tests/suites/test_suite_pk.data | 10 +++++----- tests/suites/test_suite_pkparse.data | 4 ++-- tests/suites/test_suite_pkwrite.data | 14 +++++++------- tests/suites/test_suite_ssl.function | 2 +- tf-psa-crypto/core/psa_util.c | 2 +- tf-psa-crypto/drivers/builtin/src/oid.c | 4 ++-- 7 files changed, 20 insertions(+), 20 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index c794a92f4e..82a40faa6e 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -5623,7 +5623,7 @@ static const uint16_t ssl_preset_default_groups[] = { #if defined(MBEDTLS_ECP_HAVE_CURVE448) MBEDTLS_SSL_IANA_TLS_GROUP_X448, #endif -#if defined(MBEDTLS_ECP_HAVE_SECP521R1) +#if defined(PSA_WANT_ECC_SECP_R1_521) MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1, #endif #if defined(MBEDTLS_ECP_HAVE_BP256R1) @@ -6240,7 +6240,7 @@ static const struct { uint16_t bits; } tls_id_match_table[] = { -#if defined(MBEDTLS_ECP_HAVE_SECP521R1) +#if defined(PSA_WANT_ECC_SECP_R1_521) { 25, MBEDTLS_ECP_DP_SECP521R1, PSA_ECC_FAMILY_SECP_R1, 521 }, #endif #if defined(MBEDTLS_ECP_HAVE_BP512R1) diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data index f93cd5fa71..5770d2a5f5 100644 --- a/tests/suites/test_suite_pk.data +++ b/tests/suites/test_suite_pk.data @@ -55,7 +55,7 @@ depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP384R1 pk_utils:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP384R1:384:48:"ECDSA" PK utils: ECDSA SECP521R1 -depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_SECP521R1 +depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_521 pk_utils:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP521R1:521:66:"ECDSA" PK PSA utilities: ECDSA setup/free, info functions, unsupported operations @@ -415,7 +415,7 @@ depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAV pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP384R1:0:0:0:0 ECDSA sign-verify: SECP521R1 -depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP521R1 +depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:PSA_WANT_ECC_SECP_R1_521 pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP521R1:0:0:0:0 ECDSA sign-verify: BP256R1 @@ -659,7 +659,7 @@ depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP384R1 pk_psa_sign:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):384:0 PSA wrapped sign: SECP521R1 -depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP521R1 +depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:PSA_WANT_ECC_SECP_R1_521 pk_psa_sign:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):521:0 PSA wrapped sign: SECP192K1 @@ -728,7 +728,7 @@ depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP384R1:PSA_WANT_ALG_SHA pk_sign_ext:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP384R1:MBEDTLS_PK_ECDSA:MBEDTLS_MD_SHA384 PK sign ext: SECP521R1, PK_ECDSA, MD_SHA512 -depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP521R1:MBEDTLS_MD_CAN_SHA512 +depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:PSA_WANT_ECC_SECP_R1_521:MBEDTLS_MD_CAN_SHA512 pk_sign_ext:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP521R1:MBEDTLS_PK_ECDSA:MBEDTLS_MD_SHA512 PSA wrapped sign ext: RSA2048, PK_RSA, MD_SHA256 @@ -1584,7 +1584,7 @@ depends_on:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_E pk_copy_from_psa_success:"587CF7C57EB7C6254CBF80CC59846521B4FBCBA8BC4B362A9B043F0DEB49CCA1":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_ECDSA_ANY Copy from PSA: valid EC (SECP_R1_521 + ECDSA + SHA_256) -depends_on:MBEDTLS_ECP_HAVE_SECP521R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_ECC_SECP_R1_521:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256 pk_copy_from_psa_success:"005dbb8e12240a62932b88cdd93c31cdd8873a2c15e40cc3c9f8e695b77fae015a44fe5267ef7868cb28cfb9579282fe060de44fe6de26f74a0d94afdaa870befbc5":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_ECDSA(PSA_ALG_SHA_256) Copy from PSA: valid EC (SECP_K1_256 + ECDSA + SHA_256) diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data index 854c7539d1..f5a626bbd5 100644 --- a/tests/suites/test_suite_pkparse.data +++ b/tests/suites/test_suite_pkparse.data @@ -985,7 +985,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SEC pk_parse_public_keyfile_ec:"../framework/data_files/ec_384_pub.comp.pem":0 Parse Public EC Key #6 (RFC 5480, secp521r1) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_SECP521R1 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ECC_SECP_R1_521 pk_parse_public_keyfile_ec:"../framework/data_files/ec_521_pub.pem":0 Parse Public EC Key #6a (RFC 5480, secp521r1, compressed) @@ -1105,7 +1105,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SEC pk_parse_keyfile_ec:"../framework/data_files/ec_384_prv.comp.pem":"NULL":0 Parse EC Key #11 (SEC1 PEM, secp521r1) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_SECP521R1 +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ECC_SECP_R1_521 pk_parse_keyfile_ec:"../framework/data_files/ec_521_prv.pem":"NULL":0 Parse EC Key #11a (SEC1 PEM, secp521r1, compressed) diff --git a/tests/suites/test_suite_pkwrite.data b/tests/suites/test_suite_pkwrite.data index 338876f253..f53f67d4ab 100644 --- a/tests/suites/test_suite_pkwrite.data +++ b/tests/suites/test_suite_pkwrite.data @@ -23,11 +23,11 @@ depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_SECP_R1_192 pk_write_pubkey_check:"../framework/data_files/ec_pub.der":TEST_DER Public key write check EC 521 bits -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_HAVE_SECP521R1 +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:PSA_WANT_ECC_SECP_R1_521 pk_write_pubkey_check:"../framework/data_files/ec_521_pub.pem":TEST_PEM Public key write check EC 521 bits (DER) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP521R1 +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_SECP_R1_521 pk_write_pubkey_check:"../framework/data_files/ec_521_pub.der":TEST_DER Public key write check EC Brainpool 512 bits @@ -87,19 +87,19 @@ depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP256R1 pk_write_key_check:"../framework/data_files/ec_256_long_prv.der":TEST_DER Private key write check EC 521 bits -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_HAVE_SECP521R1 +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:PSA_WANT_ECC_SECP_R1_521 pk_write_key_check:"../framework/data_files/ec_521_prv.pem":TEST_PEM Private key write check EC 521 bits (DER) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP521R1 +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_SECP_R1_521 pk_write_key_check:"../framework/data_files/ec_521_prv.der":TEST_DER Private key write check EC 521 bits (top byte is 0) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_HAVE_SECP521R1 +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:PSA_WANT_ECC_SECP_R1_521 pk_write_key_check:"../framework/data_files/ec_521_short_prv.pem":TEST_PEM Private key write check EC 521 bits (top byte is 0) (DER) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP521R1 +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_SECP_R1_521 pk_write_key_check:"../framework/data_files/ec_521_short_prv.der":TEST_DER Private key write check EC Brainpool 512 bits @@ -139,7 +139,7 @@ depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_SECP_R1_192 pk_write_public_from_private:"../framework/data_files/ec_prv.sec1.der":"../framework/data_files/ec_pub.der" Derive public key EC 521 bits -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP521R1 +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:PSA_WANT_ECC_SECP_R1_521 pk_write_public_from_private:"../framework/data_files/ec_521_prv.der":"../framework/data_files/ec_521_pub.der" Derive public key EC Brainpool 512 bits diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 9c56b4447e..521c703542 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3555,7 +3555,7 @@ void elliptic_curve_get_properties() MD_OR_USE_PSA_INIT(); -#if defined(MBEDTLS_ECP_HAVE_SECP521R1) || defined(PSA_WANT_ECC_SECP_R1_521) +#if defined(PSA_WANT_ECC_SECP_R1_521) TEST_AVAILABLE_ECC(25, MBEDTLS_ECP_DP_SECP521R1, PSA_ECC_FAMILY_SECP_R1, 521); #else TEST_UNAVAILABLE_ECC(25, MBEDTLS_ECP_DP_SECP521R1, PSA_ECC_FAMILY_SECP_R1, 521); diff --git a/tf-psa-crypto/core/psa_util.c b/tf-psa-crypto/core/psa_util.c index dad6f0a5ad..390ce5a1c5 100644 --- a/tf-psa-crypto/core/psa_util.c +++ b/tf-psa-crypto/core/psa_util.c @@ -210,7 +210,7 @@ psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid, *bits = 384; return PSA_ECC_FAMILY_SECP_R1; #endif -#if defined(MBEDTLS_ECP_HAVE_SECP521R1) +#if defined(PSA_WANT_ECC_SECP_R1_521) case MBEDTLS_ECP_DP_SECP521R1: *bits = 521; return PSA_ECC_FAMILY_SECP_R1; diff --git a/tf-psa-crypto/drivers/builtin/src/oid.c b/tf-psa-crypto/drivers/builtin/src/oid.c index a928bc1b65..6aa288bb87 100644 --- a/tf-psa-crypto/drivers/builtin/src/oid.c +++ b/tf-psa-crypto/drivers/builtin/src/oid.c @@ -566,12 +566,12 @@ static const oid_ecp_grp_t oid_ecp_grp[] = MBEDTLS_ECP_DP_SECP384R1, }, #endif /* MBEDTLS_ECP_HAVE_SECP384R1 */ -#if defined(MBEDTLS_ECP_HAVE_SECP521R1) +#if defined(PSA_WANT_ECC_SECP_R1_521) { OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP521R1, "secp521r1", "secp521r1"), MBEDTLS_ECP_DP_SECP521R1, }, -#endif /* MBEDTLS_ECP_HAVE_SECP521R1 */ +#endif /* PSA_WANT_ECC_SECP_R1_521 */ #if defined(PSA_WANT_ECC_SECP_K1_192) { OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP192K1, "secp192k1", "secp192k1"),