diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index 919543cc61..931630724e 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -233,9 +233,9 @@ typedef struct mbedtls_pk_context { * Note: this private key storing solution only affects EC keys, not the * other ones. The latters still use the pk_ctx to store their own * context. */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) mbedtls_svc_key_id_t MBEDTLS_PRIVATE(priv_id); /**< Key ID for opaque keys */ -#endif /* MBEDTLS_USE_PSA_CRYPTO */ +#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */ /* The following fields are meant for storing the public key in raw format * which is handy for: * - easily importing it into the PSA context @@ -357,7 +357,7 @@ void mbedtls_pk_restart_free(mbedtls_pk_restart_ctx *ctx); */ int mbedtls_pk_setup(mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info); -#if defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) /** * \brief Initialize a PK context to wrap a PSA key. * @@ -388,7 +388,7 @@ int mbedtls_pk_setup(mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info); */ int mbedtls_pk_setup_opaque(mbedtls_pk_context *ctx, const mbedtls_svc_key_id_t key); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ +#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */ #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT) /** diff --git a/library/pk.c b/library/pk.c index 076d3a833d..e7a2af4582 100644 --- a/library/pk.c +++ b/library/pk.c @@ -151,7 +151,7 @@ int mbedtls_pk_setup(mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info) return 0; } -#if defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) /* * Initialise a PSA-wrapping context */ @@ -188,7 +188,7 @@ int mbedtls_pk_setup_opaque(mbedtls_pk_context *ctx, return 0; } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ +#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */ #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT) /* diff --git a/library/pk_internal.h b/library/pk_internal.h index da6c7f1b4f..f5924adf38 100644 --- a/library/pk_internal.h +++ b/library/pk_internal.h @@ -17,7 +17,7 @@ #include "mbedtls/ecp.h" #endif -#if defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) #include "psa/crypto.h" #include "psa_util_internal.h" @@ -28,7 +28,7 @@ #define PSA_PK_ECDSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ psa_to_pk_ecdsa_errors, \ psa_pk_status_to_mbedtls) -#endif /* MBEDTLS_USE_PSA_CRYPTO */ +#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */ /* Headers/footers for PEM files */ #define PEM_BEGIN_PUBLIC_KEY "-----BEGIN PUBLIC KEY-----" diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 69e1baf2e1..47c1bc87a1 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -522,7 +522,7 @@ static size_t eckey_get_bitlen(mbedtls_pk_context *pk) } #if defined(MBEDTLS_PK_CAN_ECDSA_VERIFY) -#if defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) /* Common helper for ECDSA verify using PSA functions. */ static int ecdsa_verify_psa(unsigned char *key, size_t key_len, psa_ecc_family_t curve, size_t curve_bits, @@ -656,7 +656,7 @@ static int ecdsa_verify_wrap(mbedtls_pk_context *pk, hash, hash_len, sig, sig_len); } #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ -#else /* MBEDTLS_USE_PSA_CRYPTO */ +#else /* MBEDTLS_PSA_CRYPTO_CLIENT */ static int ecdsa_verify_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hash_len, const unsigned char *sig, size_t sig_len) @@ -673,11 +673,11 @@ static int ecdsa_verify_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg, return ret; } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ +#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */ #endif /* MBEDTLS_PK_CAN_ECDSA_VERIFY */ #if defined(MBEDTLS_PK_CAN_ECDSA_SIGN) -#if defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) /* Common helper for ECDSA sign using PSA functions. * Instead of extracting key's properties in order to check which kind of ECDSA * signature it supports, we try both deterministic and non-deterministic. @@ -794,7 +794,7 @@ cleanup: return ret; } #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ -#else /* MBEDTLS_USE_PSA_CRYPTO */ +#else /* MBEDTLS_PSA_CRYPTO_CLIENT */ static int ecdsa_sign_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hash_len, unsigned char *sig, size_t sig_size, size_t *sig_len, @@ -805,7 +805,7 @@ static int ecdsa_sign_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg, sig, sig_size, sig_len, f_rng, p_rng); } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ +#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */ #endif /* MBEDTLS_PK_CAN_ECDSA_SIGN */ #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) @@ -916,7 +916,7 @@ cleanup: } #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) static int eckey_check_pair_psa(mbedtls_pk_context *pub, mbedtls_pk_context *prv) { @@ -1013,7 +1013,7 @@ static int eckey_check_pair_wrap(mbedtls_pk_context *pub, mbedtls_pk_context *pr (void) p_rng; return eckey_check_pair_psa(pub, prv); } -#else /* MBEDTLS_USE_PSA_CRYPTO */ +#else /* MBEDTLS_PSA_CRYPTO_CLIENT */ static int eckey_check_pair_wrap(mbedtls_pk_context *pub, mbedtls_pk_context *prv, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) @@ -1022,9 +1022,9 @@ static int eckey_check_pair_wrap(mbedtls_pk_context *pub, mbedtls_pk_context *pr (const mbedtls_ecp_keypair *) prv->pk_ctx, f_rng, p_rng); } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ +#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) /* When PK_USE_PSA_EC_DATA is defined opaque and non-opaque keys end up * using the same function. */ @@ -1064,7 +1064,7 @@ static int ecdsa_opaque_check_pair_wrap(mbedtls_pk_context *pub, return 0; } #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ -#endif /* MBEDTLS_USE_PSA_CRYPTO */ +#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */ #if !defined(MBEDTLS_PK_USE_PSA_EC_DATA) static void *eckey_alloc_wrap(void) @@ -1394,7 +1394,7 @@ const mbedtls_pk_info_t mbedtls_rsa_alt_info = { }; #endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) static size_t opaque_get_bitlen(mbedtls_pk_context *pk) { size_t bits; @@ -1556,6 +1556,6 @@ const mbedtls_pk_info_t mbedtls_rsa_opaque_info = { .debug_func = NULL, }; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ +#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */ #endif /* MBEDTLS_PK_C */ diff --git a/library/pk_wrap.h b/library/pk_wrap.h index be096da53a..70d3d6045c 100644 --- a/library/pk_wrap.h +++ b/library/pk_wrap.h @@ -121,7 +121,7 @@ extern const mbedtls_pk_info_t mbedtls_ecdsa_info; extern const mbedtls_pk_info_t mbedtls_rsa_alt_info; #endif -#if defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) extern const mbedtls_pk_info_t mbedtls_ecdsa_opaque_info; extern const mbedtls_pk_info_t mbedtls_rsa_opaque_info; @@ -133,6 +133,6 @@ int mbedtls_pk_psa_rsa_sign_ext(psa_algorithm_t psa_alg_md, size_t *sig_len); #endif /* MBEDTLS_RSA_C */ -#endif /* MBEDTLS_USE_PSA_CRYPTO */ +#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */ #endif /* MBEDTLS_PK_WRAP_H */ diff --git a/library/psa_util.c b/library/psa_util.c index 09dc80a1a7..3f81ed1772 100644 --- a/library/psa_util.c +++ b/library/psa_util.c @@ -107,7 +107,7 @@ const mbedtls_error_pair_t psa_to_pk_rsa_errors[] = }; #endif -#if defined(MBEDTLS_USE_PSA_CRYPTO) && \ +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && \ defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) const mbedtls_error_pair_t psa_to_pk_ecdsa_errors[] = { diff --git a/library/psa_util_internal.h b/library/psa_util_internal.h index 70a08a02cd..6a936fc8f7 100644 --- a/library/psa_util_internal.h +++ b/library/psa_util_internal.h @@ -69,7 +69,7 @@ extern const mbedtls_error_pair_t psa_to_ssl_errors[7]; extern const mbedtls_error_pair_t psa_to_pk_rsa_errors[8]; #endif -#if defined(MBEDTLS_USE_PSA_CRYPTO) && \ +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && \ defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) extern const mbedtls_error_pair_t psa_to_pk_ecdsa_errors[7]; #endif diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h index 41d204da93..9a84335fd1 100644 --- a/tests/include/test/psa_crypto_helpers.h +++ b/tests/include/test/psa_crypto_helpers.h @@ -318,9 +318,9 @@ uint64_t mbedtls_test_parse_binary_string(data_t *bin_string); /** \def USE_PSA_INIT * - * Call this macro to initialize the PSA subsystem if #MBEDTLS_USE_PSA_CRYPTO - * or #MBEDTLS_SSL_PROTO_TLS1_3 (In contrast to TLS 1.2 implementation, the - * TLS 1.3 one uses PSA independently of the definition of + * Call this macro to initialize the PSA subsystem if #MBEDTLS_USE_PSA_CRYPTO or + * #MBEDTLS_PSA_CRYPTO_CLIENT or #MBEDTLS_SSL_PROTO_TLS1_3 (In contrast to + * TLS 1.2 implementation, the TLS 1.3 one uses PSA independently of the definition of * #MBEDTLS_USE_PSA_CRYPTO) is enabled and do nothing otherwise. * * If the initialization fails, mark the test case as failed and jump to the @@ -333,16 +333,19 @@ uint64_t mbedtls_test_parse_binary_string(data_t *bin_string); * This is like #PSA_DONE except it does nothing under the same conditions as * #USE_PSA_INIT. */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) +#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) || \ + defined(MBEDTLS_PSA_CRYPTO_CLIENT) #define USE_PSA_INIT() PSA_INIT() #define USE_PSA_DONE() PSA_DONE() -#else /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */ +#else /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 || + MBEDTLS_PSA_CRYPTO_CLIENT */ /* Define empty macros so that we can use them in the preamble and teardown * of every test function that uses PSA conditionally based on * MBEDTLS_USE_PSA_CRYPTO. */ #define USE_PSA_INIT() ((void) 0) #define USE_PSA_DONE() ((void) 0) -#endif /* !MBEDTLS_USE_PSA_CRYPTO && !MBEDTLS_SSL_PROTO_TLS1_3 */ +#endif /* !MBEDTLS_USE_PSA_CRYPTO && !MBEDTLS_SSL_PROTO_TLS1_3 && + !MBEDTLS_PSA_CRYPTO_CLIENT */ /** \def MD_PSA_INIT * @@ -394,8 +397,8 @@ uint64_t mbedtls_test_parse_binary_string(data_t *bin_string); /** \def MD_OR_USE_PSA_INIT * * Call this macro to initialize the PSA subsystem if MD uses a driver, - * or if #MBEDTLS_USE_PSA_CRYPTO or #MBEDTLS_SSL_PROTO_TLS1_3 is enabled, - * and do nothing otherwise. + * or if #MBEDTLS_USE_PSA_CRYPTO or #MBEDTLS_PSA_CRYPTO_CLIENT or + * #MBEDTLS_SSL_PROTO_TLS1_3 is enabled, and do nothing otherwise. * * If the initialization fails, mark the test case as failed and jump to the * \p exit label. @@ -408,7 +411,8 @@ uint64_t mbedtls_test_parse_binary_string(data_t *bin_string); * #MD_OR_USE_PSA_INIT. */ #if defined(MBEDTLS_MD_SOME_PSA) || \ - defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) + defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) || \ + defined(MBEDTLS_PSA_CRYPTO_CLIENT) #define MD_OR_USE_PSA_INIT() PSA_INIT() #define MD_OR_USE_PSA_DONE() PSA_DONE() #else diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data index 35f02cb810..e744ac8764 100644 --- a/tests/suites/test_suite_pk.data +++ b/tests/suites/test_suite_pk.data @@ -544,7 +544,7 @@ mbedtls_pk_check_pair:"data_files/ec_256_pub.pem":"data_files/ec_256_prv.pem":0 Check pair #2 (EC, bad) depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PEM_PARSE_C -mbedtls_pk_check_pair:"data_files/ec_256_pub.pem":"data_files/server5.key":MBEDTLS_ERR_ECP_BAD_INPUT_DATA +mbedtls_pk_check_pair:"data_files/ec_256_pub.pem":"data_files/server5.key":MBEDTLS_ERR_PK_BAD_INPUT_DATA Check pair #3 (RSA, OK) depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_PEM_PARSE_C