diff --git a/library/ssl_tls.c b/library/ssl_tls.c index b0d7911a8c..2825f304e0 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6255,7 +6255,7 @@ static const struct { #if defined(MBEDTLS_ECP_HAVE_SECP256R1) { 23, MBEDTLS_ECP_DP_SECP256R1, PSA_ECC_FAMILY_SECP_R1, 256 }, #endif -#if defined(MBEDTLS_ECP_HAVE_SECP256K1) +#if defined(PSA_WANT_ECC_SECP_K1_256) { 22, MBEDTLS_ECP_DP_SECP256K1, PSA_ECC_FAMILY_SECP_K1, 256 }, #endif #if defined(MBEDTLS_ECP_HAVE_BP256R1) @@ -6270,7 +6270,7 @@ static const struct { #if defined(MBEDTLS_ECP_HAVE_SECP192R1) { 19, MBEDTLS_ECP_DP_SECP192R1, PSA_ECC_FAMILY_SECP_R1, 192 }, #endif -#if defined(MBEDTLS_ECP_HAVE_SECP192K1) +#if defined(PSA_WANT_ECC_SECP_K1_192) { 18, MBEDTLS_ECP_DP_SECP192K1, PSA_ECC_FAMILY_SECP_K1, 192 }, #endif #if defined(MBEDTLS_ECP_HAVE_CURVE25519) diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data index aa3ab47a8d..979fcef426 100644 --- a/tests/suites/test_suite_pk.data +++ b/tests/suites/test_suite_pk.data @@ -663,7 +663,7 @@ depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP521R1 pk_psa_sign:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):521:0 PSA wrapped sign: SECP192K1 -depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP192K1 +depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:PSA_WANT_ECC_SECP_K1_192 pk_psa_sign:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):192:0 ## Currently buggy: https://github.com/ARMmbed/mbed-crypto/issues/336 @@ -672,7 +672,7 @@ pk_psa_sign:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):192:0 # pk_psa_sign:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):224:0 PSA wrapped sign: SECP256K1 -depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256K1 +depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:PSA_WANT_ECC_SECP_K1_256 pk_psa_sign:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):256:0 PSA wrapped sign: BP256R1 @@ -1588,7 +1588,7 @@ depends_on:MBEDTLS_ECP_HAVE_SECP521R1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_E pk_copy_from_psa_success:"005dbb8e12240a62932b88cdd93c31cdd8873a2c15e40cc3c9f8e695b77fae015a44fe5267ef7868cb28cfb9579282fe060de44fe6de26f74a0d94afdaa870befbc5":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_ECDSA(PSA_ALG_SHA_256) Copy from PSA: valid EC (SECP_K1_256 + ECDSA + SHA_256) -depends_on:MBEDTLS_ECP_HAVE_SECP256K1:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_ECC_SECP_K1_256:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_PK_CAN_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256 pk_copy_from_psa_success:"7154f04fcc79ac9df1652dcf99031610592b2b27f74f5985690a987357ba0428":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):PSA_ALG_ECDSA(PSA_ALG_SHA_256) # The key's algorithm only allows ECDH, but pk_copy_from_psa() ignores this information diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 7269fab176..09924d6670 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3580,7 +3580,7 @@ void elliptic_curve_get_properties() #else TEST_UNAVAILABLE_ECC(23, MBEDTLS_ECP_DP_SECP256R1, PSA_ECC_FAMILY_SECP_R1, 256); #endif -#if defined(MBEDTLS_ECP_HAVE_SECP256K1) || defined(PSA_WANT_ECC_SECP_K1_256) +#if defined(PSA_WANT_ECC_SECP_K1_256) || defined(PSA_WANT_ECC_SECP_K1_256) TEST_AVAILABLE_ECC(22, MBEDTLS_ECP_DP_SECP256K1, PSA_ECC_FAMILY_SECP_K1, 256); #else TEST_UNAVAILABLE_ECC(22, MBEDTLS_ECP_DP_SECP256K1, PSA_ECC_FAMILY_SECP_K1, 256); @@ -3605,7 +3605,7 @@ void elliptic_curve_get_properties() #else TEST_UNAVAILABLE_ECC(19, MBEDTLS_ECP_DP_SECP192R1, PSA_ECC_FAMILY_SECP_R1, 192); #endif -#if defined(MBEDTLS_ECP_HAVE_SECP192K1) || defined(PSA_WANT_ECC_SECP_K1_192) +#if defined(PSA_WANT_ECC_SECP_K1_192) TEST_AVAILABLE_ECC(18, MBEDTLS_ECP_DP_SECP192K1, PSA_ECC_FAMILY_SECP_K1, 192); #else TEST_UNAVAILABLE_ECC(18, MBEDTLS_ECP_DP_SECP192K1, PSA_ECC_FAMILY_SECP_K1, 192); diff --git a/tf-psa-crypto/core/psa_util.c b/tf-psa-crypto/core/psa_util.c index 4ccc5b05d8..3c4c7d1dda 100644 --- a/tf-psa-crypto/core/psa_util.c +++ b/tf-psa-crypto/core/psa_util.c @@ -235,7 +235,7 @@ psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid, *bits = 255; return PSA_ECC_FAMILY_MONTGOMERY; #endif -#if defined(MBEDTLS_ECP_HAVE_SECP192K1) +#if defined(PSA_WANT_ECC_SECP_K1_192) case MBEDTLS_ECP_DP_SECP192K1: *bits = 192; return PSA_ECC_FAMILY_SECP_K1; @@ -243,7 +243,7 @@ psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid, #if defined(MBEDTLS_ECP_HAVE_SECP224K1) /* secp224k1 is not and will not be supported in PSA (#3541). */ #endif -#if defined(MBEDTLS_ECP_HAVE_SECP256K1) +#if defined(PSA_WANT_ECC_SECP_K1_256) case MBEDTLS_ECP_DP_SECP256K1: *bits = 256; return PSA_ECC_FAMILY_SECP_K1; diff --git a/tf-psa-crypto/drivers/builtin/src/oid.c b/tf-psa-crypto/drivers/builtin/src/oid.c index a182066c15..7a038e3682 100644 --- a/tf-psa-crypto/drivers/builtin/src/oid.c +++ b/tf-psa-crypto/drivers/builtin/src/oid.c @@ -572,24 +572,24 @@ static const oid_ecp_grp_t oid_ecp_grp[] = MBEDTLS_ECP_DP_SECP521R1, }, #endif /* MBEDTLS_ECP_HAVE_SECP521R1 */ -#if defined(MBEDTLS_ECP_HAVE_SECP192K1) +#if defined(PSA_WANT_ECC_SECP_K1_192) { OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP192K1, "secp192k1", "secp192k1"), MBEDTLS_ECP_DP_SECP192K1, }, -#endif /* MBEDTLS_ECP_HAVE_SECP192K1 */ +#endif /* PSA_WANT_ECC_SECP_K1_192 */ #if defined(MBEDTLS_ECP_HAVE_SECP224K1) { OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP224K1, "secp224k1", "secp224k1"), MBEDTLS_ECP_DP_SECP224K1, }, #endif /* MBEDTLS_ECP_HAVE_SECP224K1 */ -#if defined(MBEDTLS_ECP_HAVE_SECP256K1) +#if defined(PSA_WANT_ECC_SECP_K1_256) { OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP256K1, "secp256k1", "secp256k1"), MBEDTLS_ECP_DP_SECP256K1, }, -#endif /* MBEDTLS_ECP_HAVE_SECP256K1 */ +#endif /* PSA_WANT_ECC_SECP_K1_256 */ #if defined(MBEDTLS_ECP_HAVE_BP256R1) { OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_BP256R1, "brainpoolP256r1", "brainpool256r1"),