mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-01-26 21:35:35 +00:00
Merge pull request #7192 from joerchan/psa-update-mbedtls
psa_crypto: Fix psa_key_derivation_output_key ECC without builtin keys
This commit is contained in:
commit
c9ef476431
@ -377,8 +377,8 @@ static void psa_wipe_tag_output_buffer(uint8_t *output_buffer, psa_status_t stat
|
||||
/* Key management */
|
||||
/****************************************************************/
|
||||
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \
|
||||
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) || \
|
||||
#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) || \
|
||||
defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) || \
|
||||
defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
|
||||
defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) || \
|
||||
defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH)
|
||||
@ -473,8 +473,8 @@ mbedtls_ecp_group_id mbedtls_ecc_group_of_psa(psa_ecc_family_t curve,
|
||||
(void) bits_is_sloppy;
|
||||
return MBEDTLS_ECP_DP_NONE;
|
||||
}
|
||||
#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) ||
|
||||
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) ||
|
||||
#endif /* defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) ||
|
||||
defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) ||
|
||||
defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) ||
|
||||
defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) ||
|
||||
defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) */
|
||||
@ -5547,8 +5547,8 @@ static void psa_des_set_key_parity(uint8_t *data, size_t data_size)
|
||||
* Note: Function allocates memory for *data buffer, so given *data should be
|
||||
* always NULL.
|
||||
*/
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \
|
||||
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) || \
|
||||
#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) || \
|
||||
defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) || \
|
||||
defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
|
||||
defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) || \
|
||||
defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH)
|
||||
@ -5559,6 +5559,7 @@ static psa_status_t psa_generate_derived_ecc_key_weierstrass_helper(
|
||||
uint8_t **data
|
||||
)
|
||||
{
|
||||
#if defined(MBEDTLS_ECP_C)
|
||||
unsigned key_out_of_range = 1;
|
||||
mbedtls_mpi k;
|
||||
mbedtls_mpi diff_N_2;
|
||||
@ -5642,6 +5643,13 @@ cleanup:
|
||||
mbedtls_mpi_free(&k);
|
||||
mbedtls_mpi_free(&diff_N_2);
|
||||
return status;
|
||||
#else /* MBEDTLS_ECP_C */
|
||||
(void) slot;
|
||||
(void) bits;
|
||||
(void) operation;
|
||||
(void) data;
|
||||
return PSA_ERROR_NOT_SUPPORTED;
|
||||
#endif /* MBEDTLS_ECP_C */
|
||||
}
|
||||
|
||||
/* ECC keys on a Montgomery elliptic curve draws a byte string whose length
|
||||
@ -5708,8 +5716,8 @@ static psa_status_t psa_generate_derived_ecc_key_montgomery_helper(
|
||||
|
||||
return status;
|
||||
}
|
||||
#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) ||
|
||||
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) ||
|
||||
#endif /* defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) ||
|
||||
defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) ||
|
||||
defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) ||
|
||||
defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) ||
|
||||
defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) */
|
||||
@ -5728,8 +5736,8 @@ static psa_status_t psa_generate_derived_key_internal(
|
||||
return PSA_ERROR_INVALID_ARGUMENT;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \
|
||||
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) || \
|
||||
#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) || \
|
||||
defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) || \
|
||||
defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
|
||||
defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) || \
|
||||
defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH)
|
||||
@ -5749,8 +5757,8 @@ static psa_status_t psa_generate_derived_key_internal(
|
||||
}
|
||||
}
|
||||
} else
|
||||
#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) ||
|
||||
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) ||
|
||||
#endif /* defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) ||
|
||||
defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) ||
|
||||
defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) ||
|
||||
defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) ||
|
||||
defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) */
|
||||
|
@ -2423,6 +2423,64 @@ component_test_psa_crypto_config_reference_ecjpake_use_psa () {
|
||||
# follow up activities
|
||||
}
|
||||
|
||||
component_test_psa_crypto_config_accel_ecc () {
|
||||
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECC"
|
||||
|
||||
# Algorithms and key types to accelerate
|
||||
loc_accel_list="ALG_ECDH ALG_ECDSA ALG_DETERMINISTIC_ECDSA ALG_JPAKE KEY_TYPE_ECC_KEY_PAIR KEY_TYPE_ECC_PUBLIC_KEY"
|
||||
|
||||
# Configure and build the test driver library
|
||||
# --------------------------------------------
|
||||
|
||||
# Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having
|
||||
# partial support for cipher operations in the driver test library.
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER
|
||||
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING
|
||||
|
||||
loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
|
||||
# These hashes are needed for some ECDSA signature tests.
|
||||
loc_accel_flags="$loc_accel_flags -DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_ALG_SHA_224"
|
||||
loc_accel_flags="$loc_accel_flags -DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_ALG_SHA_256"
|
||||
loc_accel_flags="$loc_accel_flags -DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_ALG_SHA_384"
|
||||
loc_accel_flags="$loc_accel_flags -DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_ALG_SHA_512"
|
||||
make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS"
|
||||
|
||||
# Configure and build the main libraries
|
||||
# ---------------------------------------
|
||||
|
||||
# start with default + driver support
|
||||
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
|
||||
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
|
||||
|
||||
# disable modules for which we have drivers
|
||||
scripts/config.py unset MBEDTLS_ECDSA_C
|
||||
scripts/config.py unset MBEDTLS_ECDH_C
|
||||
scripts/config.py unset MBEDTLS_ECJPAKE_C
|
||||
|
||||
# dependencies
|
||||
#scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 # not in default anyway
|
||||
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
||||
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
|
||||
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
|
||||
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
|
||||
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
|
||||
|
||||
# build and link with test drivers
|
||||
loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )"
|
||||
make CFLAGS="$ASAN_CFLAGS -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS"
|
||||
|
||||
# make sure these were not auto-re-enabled by accident
|
||||
not grep mbedtls_ecdh_ library/ecdh.o
|
||||
not grep mbedtls_ecdsa_ library/ecdsa.o
|
||||
not grep mbedtls_ecjpake_ library/ecjpake.o
|
||||
|
||||
# Run the tests
|
||||
# -------------
|
||||
|
||||
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECC"
|
||||
make test
|
||||
}
|
||||
|
||||
component_test_psa_crypto_config_accel_rsa_signature () {
|
||||
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated RSA signature"
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user