mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-08-07 06:42:56 +03:00
pk/psa: use PSA guard for mbedtls_ecc_group_to_psa() and mbedtls_ecc_group_of_psa()
This allows also to: - removing the dependency on ECP_C for these functions and only rely on PSA symbols - removing extra header inclusing from crypto_extra.h - return MBEDTLS_PK_USE_PSA_EC_DATA and MBEDTLS_PK_HAVE_ECC_KEYS to their original position in pk.h Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This commit is contained in:
Valerio Setti
@@ -40,35 +40,6 @@
|
||||
#include "mbedtls/ecdsa.h"
|
||||
#endif
|
||||
|
||||
/* Internal helper to define which fields in the pk_context structure below
|
||||
* should be used for EC keys: legacy ecp_keypair or the raw (PSA friendly)
|
||||
* format. It should be noticed that this only affect how data is stored, not
|
||||
* which functions are used for various operations. The overall picture looks
|
||||
* like this:
|
||||
* - if USE_PSA is not defined and ECP_C is then use ecp_keypair data structure
|
||||
* and legacy functions
|
||||
* - if USE_PSA is defined and
|
||||
* - if ECP_C then use ecp_keypair structure, convert data to a PSA friendly
|
||||
* format and use PSA functions
|
||||
* - if !ECP_C then use new raw data and PSA functions directly.
|
||||
*
|
||||
* The main reason for the "intermediate" (USE_PSA + ECP_C) above is that as long
|
||||
* as ECP_C is defined mbedtls_pk_ec() gives the user a read/write access to the
|
||||
* ecp_keypair structure inside the pk_context so he/she can modify it using
|
||||
* ECP functions which are not under PK module's control.
|
||||
*/
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && \
|
||||
!defined(MBEDTLS_ECP_C)
|
||||
#define MBEDTLS_PK_USE_PSA_EC_DATA
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO && !MBEDTLS_ECP_C */
|
||||
|
||||
/* Helper symbol to state that the PK module has support for EC keys. This
|
||||
* can either be provided through the legacy ECP solution or through the
|
||||
* PSA friendly MBEDTLS_PK_USE_PSA_EC_DATA. */
|
||||
#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) || defined(MBEDTLS_ECP_C)
|
||||
#define MBEDTLS_PK_HAVE_ECC_KEYS
|
||||
#endif /* MBEDTLS_PK_USE_PSA_EC_DATA || MBEDTLS_ECP_C */
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_PSA_CRYPTO_C)
|
||||
#include "psa/crypto.h"
|
||||
#endif
|
||||
@@ -231,6 +202,35 @@ typedef struct mbedtls_pk_rsassa_pss_options {
|
||||
#define MBEDTLS_PK_CAN_ECDH
|
||||
#endif
|
||||
|
||||
/* Internal helper to define which fields in the pk_context structure below
|
||||
* should be used for EC keys: legacy ecp_keypair or the raw (PSA friendly)
|
||||
* format. It should be noticed that this only affect how data is stored, not
|
||||
* which functions are used for various operations. The overall picture looks
|
||||
* like this:
|
||||
* - if USE_PSA is not defined and ECP_C is then use ecp_keypair data structure
|
||||
* and legacy functions
|
||||
* - if USE_PSA is defined and
|
||||
* - if ECP_C then use ecp_keypair structure, convert data to a PSA friendly
|
||||
* format and use PSA functions
|
||||
* - if !ECP_C then use new raw data and PSA functions directly.
|
||||
*
|
||||
* The main reason for the "intermediate" (USE_PSA + ECP_C) above is that as long
|
||||
* as ECP_C is defined mbedtls_pk_ec() gives the user a read/write access to the
|
||||
* ecp_keypair structure inside the pk_context so he/she can modify it using
|
||||
* ECP functions which are not under PK module's control.
|
||||
*/
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && \
|
||||
!defined(MBEDTLS_ECP_C)
|
||||
#define MBEDTLS_PK_USE_PSA_EC_DATA
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO && !MBEDTLS_ECP_C */
|
||||
|
||||
/* Helper symbol to state that the PK module has support for EC keys. This
|
||||
* can either be provided through the legacy ECP solution or through the
|
||||
* PSA friendly MBEDTLS_PK_USE_PSA_EC_DATA. */
|
||||
#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) || defined(MBEDTLS_ECP_C)
|
||||
#define MBEDTLS_PK_HAVE_ECC_KEYS
|
||||
#endif /* MBEDTLS_PK_USE_PSA_EC_DATA || MBEDTLS_ECP_C */
|
||||
|
||||
/**
|
||||
* \brief Types for interfacing with the debug module
|
||||
*/
|
||||
|
||||
@@ -572,8 +572,7 @@ psa_status_t psa_get_key_domain_parameters(
|
||||
/** \defgroup psa_tls_helpers TLS helper functions
|
||||
* @{
|
||||
*/
|
||||
#include <mbedtls/pk.h>
|
||||
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
|
||||
#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
|
||||
#include <mbedtls/ecp.h>
|
||||
|
||||
/** Convert an ECC curve identifier from the Mbed TLS encoding to PSA.
|
||||
@@ -614,7 +613,7 @@ psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid,
|
||||
mbedtls_ecp_group_id mbedtls_ecc_group_of_psa(psa_ecc_family_t curve,
|
||||
size_t bits,
|
||||
int bits_is_sloppy);
|
||||
#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
|
||||
#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
|
||||
|
||||
/**@}*/
|
||||
|
||||
|
||||
Reference in New Issue
Block a user