Merge pull request #7103 from valeriosetti/issue6622

Some MAX_SIZE macros are too small when PSA ECC is accelerated
2025-07-29 11:41:15 +03:00 · 2023-04-03 16:23:27 +02:00
parent dd48c6e3df 3a3a756431
commit 86d5d4bf31
7 changed files with 179 additions and 35 deletions
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@ -315,6 +315,17 @@
 #endif
 #endif /* MBEDTLS_USE_PSA_CRYPTO */

+/* Helper for curve SECP256R1 */
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(PSA_WANT_ECC_SECP_R1_256)
+#define MBEDTLS_PK_HAVE_CURVE_SECP256R1
+#endif
+#else /* MBEDTLS_USE_PSA_CRYPTO */
+#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
+#define MBEDTLS_PK_HAVE_CURVE_SECP256R1
+#endif
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
 #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) &&                 \
    ( !defined(MBEDTLS_PK_HAVE_ECDH) ||                                       \
      !defined(MBEDTLS_PK_HAVE_ECDSA) ||                                \
@ -369,8 +380,8 @@
 #endif

 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) &&                    \
-    ( !defined(MBEDTLS_PK_HAVE_JPAKE) ||                                    \
-      !defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) )
+    ( !defined(MBEDTLS_PK_HAVE_JPAKE) ||                                \
+      !defined(MBEDTLS_PK_HAVE_CURVE_SECP256R1) )
 #error "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED defined, but not all prerequisites"
 #endif

@ -1129,6 +1140,7 @@
 #undef MBEDTLS_MD_HAVE_SHA256
 #undef MBEDTLS_MD_HAVE_SHA384
 #undef MBEDTLS_MD_HAVE_SHA512
+#undef MBEDTLS_PK_HAVE_CURVE_SECP256R1

 /*
 * Avoid warning from -pedantic. This is a convenient place for this
--- a/include/psa/crypto_sizes.h
+++ b/include/psa/crypto_sizes.h
@ -192,31 +192,31 @@

 /* The maximum size of an ECC key on this implementation, in bits.
 * This is a vendor-specific macro. */
-#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
+#if defined(PSA_WANT_ECC_SECP_R1_521)
 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 521
-#elif defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
+#elif defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 512
-#elif defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
+#elif defined(PSA_WANT_ECC_MONTGOMERY_448)
 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 448
-#elif defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
+#elif defined(PSA_WANT_ECC_SECP_R1_384)
 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 384
-#elif defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
+#elif defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 384
-#elif defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
+#elif defined(PSA_WANT_ECC_SECP_R1_256)
 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 256
-#elif defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
+#elif defined(PSA_WANT_ECC_SECP_K1_256)
 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 256
-#elif defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
+#elif defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 256
-#elif defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
+#elif defined(PSA_WANT_ECC_MONTGOMERY_255)
 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 255
-#elif defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
+#elif defined(PSA_WANT_ECC_SECP_R1_224)
 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 224
-#elif defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
+#elif defined(PSA_WANT_ECC_SECP_K1_224)
 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 224
-#elif defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
+#elif defined(PSA_WANT_ECC_SECP_R1_192)
 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 192
-#elif defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
+#elif defined(PSA_WANT_ECC_SECP_K1_192)
 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 192
 #else
 #define PSA_VENDOR_ECC_MAX_CURVE_BITS 0