From 48859cc7d84e682c80ff7b5a3aa0643381e4602d Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 11 Apr 2023 10:50:47 +0200 Subject: [PATCH 1/5] remove PSA_HAVE_FULL_ECDH symbol Signed-off-by: Valerio Setti --- include/mbedtls/check_config.h | 2 +- include/mbedtls/config_psa.h | 6 ------ 2 files changed, 1 insertion(+), 7 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 8e1accdaf6..3001f7dd02 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -306,7 +306,7 @@ /* Helper for ECDH dependencies, will be undefined at the end of the file */ #if defined(MBEDTLS_USE_PSA_CRYPTO) -#if defined(PSA_HAVE_FULL_ECDH) +#if defined(PSA_WANT_ALG_ECDH) && defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) #define MBEDTLS_PK_HAVE_ECDH #endif #else /* MBEDTLS_USE_PSA_CRYPTO */ diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index 6af9eae2e4..984a871dfa 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -887,12 +887,6 @@ extern "C" { #define PSA_HAVE_FULL_JPAKE 1 #endif -/* Having support for ECDH implicitly includes support for private and - * public keys, so we don't specify that requirement here. */ -#if defined(PSA_WANT_ALG_ECDH) -#define PSA_HAVE_FULL_ECDH 1 -#endif - /* These features are always enabled. */ #define PSA_WANT_KEY_TYPE_DERIVE 1 #define PSA_WANT_KEY_TYPE_PASSWORD 1 From 6f66664ed6291f9a9358c16ed333aa44e2650809 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 11 Apr 2023 10:54:22 +0200 Subject: [PATCH 2/5] remove PSA_HAVE_FULL_ECDSA symbol Signed-off-by: Valerio Setti --- include/mbedtls/check_config.h | 3 ++- include/mbedtls/config_psa.h | 5 ----- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 3001f7dd02..84a91c8c57 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -284,7 +284,8 @@ /* Helper for ECDSA dependencies, will be undefined at the end of the file */ #if defined(MBEDTLS_USE_PSA_CRYPTO) -#if defined(PSA_HAVE_FULL_ECDSA) +#if defined(PSA_WANT_ALG_ECDSA) && defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) && \ + defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) #define MBEDTLS_PK_HAVE_ECDSA #endif #else /* MBEDTLS_USE_PSA_CRYPTO */ diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index 984a871dfa..41973b021a 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -877,11 +877,6 @@ extern "C" { #endif /* MBEDTLS_PSA_CRYPTO_CONFIG */ -#if defined(PSA_WANT_ALG_ECDSA) && defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) && \ - defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) -#define PSA_HAVE_FULL_ECDSA 1 -#endif - #if defined(PSA_WANT_ALG_JPAKE) && defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) && \ defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) #define PSA_HAVE_FULL_JPAKE 1 From 969e206e28f7d2e54229656a6a64a9a0a6fec124 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 11 Apr 2023 10:55:25 +0200 Subject: [PATCH 3/5] remove PSA_HAVE_FULL_JPAKE symbol Signed-off-by: Valerio Setti --- include/mbedtls/check_config.h | 3 ++- include/mbedtls/config_psa.h | 5 ----- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 84a91c8c57..0035afec45 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -296,7 +296,8 @@ /* Helper for JPAKE dependencies, will be undefined at the end of the file */ #if defined(MBEDTLS_USE_PSA_CRYPTO) -#if defined(PSA_HAVE_FULL_JPAKE) +#if defined(PSA_WANT_ALG_JPAKE) && defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) && \ + defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) #define MBEDTLS_PK_HAVE_JPAKE #endif #else /* MBEDTLS_USE_PSA_CRYPTO */ diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index 41973b021a..20d4358f9b 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -877,11 +877,6 @@ extern "C" { #endif /* MBEDTLS_PSA_CRYPTO_CONFIG */ -#if defined(PSA_WANT_ALG_JPAKE) && defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) && \ - defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) -#define PSA_HAVE_FULL_JPAKE 1 -#endif - /* These features are always enabled. */ #define PSA_WANT_KEY_TYPE_DERIVE 1 #define PSA_WANT_KEY_TYPE_PASSWORD 1 From 6b006c126be1a1d7db138c158a1bc9386b3e50db Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 11 Apr 2023 12:02:19 +0200 Subject: [PATCH 4/5] remove KEY_TYPE_ECC_PUBLIC_KEY unnecessary requirement Signed-off-by: Valerio Setti --- include/mbedtls/check_config.h | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 0035afec45..2a202705ec 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -284,8 +284,7 @@ /* Helper for ECDSA dependencies, will be undefined at the end of the file */ #if defined(MBEDTLS_USE_PSA_CRYPTO) -#if defined(PSA_WANT_ALG_ECDSA) && defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) && \ - defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) +#if defined(PSA_WANT_ALG_ECDSA) && defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) #define MBEDTLS_PK_HAVE_ECDSA #endif #else /* MBEDTLS_USE_PSA_CRYPTO */ @@ -296,8 +295,7 @@ /* Helper for JPAKE dependencies, will be undefined at the end of the file */ #if defined(MBEDTLS_USE_PSA_CRYPTO) -#if defined(PSA_WANT_ALG_JPAKE) && defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) && \ - defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) +#if defined(PSA_WANT_ALG_JPAKE) && defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) #define MBEDTLS_PK_HAVE_JPAKE #endif #else /* MBEDTLS_USE_PSA_CRYPTO */ From 48fba6fbac6d8b80ba4bc6a2165318c8a890da46 Mon Sep 17 00:00:00 2001 From: Stephan Koch Date: Tue, 11 Apr 2023 14:24:55 +0200 Subject: [PATCH 5/5] Fix so that PSA_WANT_ALG_DETERMINISTIC_ECDSA implies PSA_HAVE_FULL_ECDSA. Signed-off-by: Stephan Koch Signed-off-by: Valerio Setti --- include/mbedtls/check_config.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 2a202705ec..eec766496c 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -284,7 +284,9 @@ /* Helper for ECDSA dependencies, will be undefined at the end of the file */ #if defined(MBEDTLS_USE_PSA_CRYPTO) -#if defined(PSA_WANT_ALG_ECDSA) && defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) +#if (defined(PSA_WANT_ALG_ECDSA) || \ + defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA)) && \ + defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) #define MBEDTLS_PK_HAVE_ECDSA #endif #else /* MBEDTLS_USE_PSA_CRYPTO */