From d1fba7cdf0ffcc3fb3d5c2cd37728b2de7ed133a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 28 Jul 2023 16:42:58 +0200 Subject: [PATCH] pk: return PK_USE_PSA_EC_DATA to pk.h Signed-off-by: Valerio Setti --- include/mbedtls/pk.h | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index 41e980d627..28ec29d6ba 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -222,6 +222,28 @@ typedef struct mbedtls_pk_rsassa_pss_options { #define MBEDTLS_PK_USE_PSA_EC_DATA #endif /* MBEDTLS_USE_PSA_CRYPTO && !MBEDTLS_ECP_C */ +/* Internal helper to define which fields in the pk_context structure below + * should be used for EC keys: legacy ecp_keypair or the raw (PSA friendly) + * format. It should be noticed that this only affect how data is stored, not + * which functions are used for various operations. The overall picture looks + * like this: + * - if USE_PSA is not defined and ECP_C is then use ecp_keypair data structure + * and legacy functions + * - if USE_PSA is defined and + * - if ECP_C then use ecp_keypair structure, convert data to a PSA friendly + * format and use PSA functions + * - if !ECP_C then use new raw data and PSA functions directly. + * + * The main reason for the "intermediate" (USE_PSA + ECP_C) above is that as long + * as ECP_C is defined mbedtls_pk_ec() gives the user a read/write access to the + * ecp_keypair structure inside the pk_context so he/she can modify it using + * ECP functions which are not under PK module's control. + */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && \ + !defined(MBEDTLS_ECP_C) +#define MBEDTLS_PK_USE_PSA_EC_DATA +#endif /* MBEDTLS_USE_PSA_CRYPTO && !MBEDTLS_ECP_C */ + /** * \brief Types for interfacing with the debug module */