mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-08-05 19:35:48 +03:00
Merge pull request #7192 from joerchan/psa-update-mbedtls
psa_crypto: Fix psa_key_derivation_output_key ECC without builtin keys
This commit is contained in:
Manuel Pégourié-Gonnard
GitHub
@@ -377,8 +377,8 @@ static void psa_wipe_tag_output_buffer(uint8_t *output_buffer, psa_status_t stat
|
|||||||
/* Key management */
|
/* Key management */
|
||||||
/****************************************************************/
|
/****************************************************************/
|
||||||
|
|
||||||
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \
|
#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) || \
|
||||||
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) || \
|
defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) || \
|
||||||
defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
|
defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
|
||||||
defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) || \
|
defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) || \
|
||||||
defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH)
|
defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH)
|
||||||
@@ -473,8 +473,8 @@ mbedtls_ecp_group_id mbedtls_ecc_group_of_psa(psa_ecc_family_t curve,
|
|||||||
(void) bits_is_sloppy;
|
(void) bits_is_sloppy;
|
||||||
return MBEDTLS_ECP_DP_NONE;
|
return MBEDTLS_ECP_DP_NONE;
|
||||||
}
|
}
|
||||||
#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) ||
|
#endif /* defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) ||
|
||||||
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) ||
|
defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) ||
|
||||||
defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) ||
|
defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) ||
|
||||||
defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) ||
|
defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) ||
|
||||||
defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) */
|
defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) */
|
||||||
@@ -5547,8 +5547,8 @@ static void psa_des_set_key_parity(uint8_t *data, size_t data_size)
|
|||||||
* Note: Function allocates memory for *data buffer, so given *data should be
|
* Note: Function allocates memory for *data buffer, so given *data should be
|
||||||
* always NULL.
|
* always NULL.
|
||||||
*/
|
*/
|
||||||
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \
|
#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) || \
|
||||||
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) || \
|
defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) || \
|
||||||
defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
|
defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
|
||||||
defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) || \
|
defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) || \
|
||||||
defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH)
|
defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH)
|
||||||
@@ -5559,6 +5559,7 @@ static psa_status_t psa_generate_derived_ecc_key_weierstrass_helper(
|
|||||||
uint8_t **data
|
uint8_t **data
|
||||||
)
|
)
|
||||||
{
|
{
|
||||||
|
#if defined(MBEDTLS_ECP_C)
|
||||||
unsigned key_out_of_range = 1;
|
unsigned key_out_of_range = 1;
|
||||||
mbedtls_mpi k;
|
mbedtls_mpi k;
|
||||||
mbedtls_mpi diff_N_2;
|
mbedtls_mpi diff_N_2;
|
||||||
@@ -5642,6 +5643,13 @@ cleanup:
|
|||||||
mbedtls_mpi_free(&k);
|
mbedtls_mpi_free(&k);
|
||||||
mbedtls_mpi_free(&diff_N_2);
|
mbedtls_mpi_free(&diff_N_2);
|
||||||
return status;
|
return status;
|
||||||
|
#else /* MBEDTLS_ECP_C */
|
||||||
|
(void) slot;
|
||||||
|
(void) bits;
|
||||||
|
(void) operation;
|
||||||
|
(void) data;
|
||||||
|
return PSA_ERROR_NOT_SUPPORTED;
|
||||||
|
#endif /* MBEDTLS_ECP_C */
|
||||||
}
|
}
|
||||||
|
|
||||||
/* ECC keys on a Montgomery elliptic curve draws a byte string whose length
|
/* ECC keys on a Montgomery elliptic curve draws a byte string whose length
|
||||||
@@ -5708,8 +5716,8 @@ static psa_status_t psa_generate_derived_ecc_key_montgomery_helper(
|
|||||||
|
|
||||||
return status;
|
return status;
|
||||||
}
|
}
|
||||||
#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) ||
|
#endif /* defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) ||
|
||||||
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) ||
|
defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) ||
|
||||||
defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) ||
|
defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) ||
|
||||||
defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) ||
|
defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) ||
|
||||||
defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) */
|
defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) */
|
||||||
@@ -5728,8 +5736,8 @@ static psa_status_t psa_generate_derived_key_internal(
|
|||||||
return PSA_ERROR_INVALID_ARGUMENT;
|
return PSA_ERROR_INVALID_ARGUMENT;
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \
|
#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) || \
|
||||||
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) || \
|
defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) || \
|
||||||
defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
|
defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
|
||||||
defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) || \
|
defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) || \
|
||||||
defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH)
|
defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH)
|
||||||
@@ -5749,8 +5757,8 @@ static psa_status_t psa_generate_derived_key_internal(
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
} else
|
} else
|
||||||
#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) ||
|
#endif /* defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) ||
|
||||||
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) ||
|
defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) ||
|
||||||
defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) ||
|
defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) ||
|
||||||
defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) ||
|
defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) ||
|
||||||
defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) */
|
defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) */
|
||||||
|
|||||||
@@ -2423,6 +2423,64 @@ component_test_psa_crypto_config_reference_ecjpake_use_psa () {
|
|||||||
# follow up activities
|
# follow up activities
|
||||||
}
|
}
|
||||||
|
|
||||||
|
component_test_psa_crypto_config_accel_ecc () {
|
||||||
|
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECC"
|
||||||
|
|
||||||
|
# Algorithms and key types to accelerate
|
||||||
|
loc_accel_list="ALG_ECDH ALG_ECDSA ALG_DETERMINISTIC_ECDSA ALG_JPAKE KEY_TYPE_ECC_KEY_PAIR KEY_TYPE_ECC_PUBLIC_KEY"
|
||||||
|
|
||||||
|
# Configure and build the test driver library
|
||||||
|
# --------------------------------------------
|
||||||
|
|
||||||
|
# Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having
|
||||||
|
# partial support for cipher operations in the driver test library.
|
||||||
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER
|
||||||
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING
|
||||||
|
|
||||||
|
loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
|
||||||
|
# These hashes are needed for some ECDSA signature tests.
|
||||||
|
loc_accel_flags="$loc_accel_flags -DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_ALG_SHA_224"
|
||||||
|
loc_accel_flags="$loc_accel_flags -DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_ALG_SHA_256"
|
||||||
|
loc_accel_flags="$loc_accel_flags -DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_ALG_SHA_384"
|
||||||
|
loc_accel_flags="$loc_accel_flags -DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_ALG_SHA_512"
|
||||||
|
make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS"
|
||||||
|
|
||||||
|
# Configure and build the main libraries
|
||||||
|
# ---------------------------------------
|
||||||
|
|
||||||
|
# start with default + driver support
|
||||||
|
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
|
||||||
|
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
|
||||||
|
|
||||||
|
# disable modules for which we have drivers
|
||||||
|
scripts/config.py unset MBEDTLS_ECDSA_C
|
||||||
|
scripts/config.py unset MBEDTLS_ECDH_C
|
||||||
|
scripts/config.py unset MBEDTLS_ECJPAKE_C
|
||||||
|
|
||||||
|
# dependencies
|
||||||
|
#scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 # not in default anyway
|
||||||
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
||||||
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
|
||||||
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
|
||||||
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
|
||||||
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
|
||||||
|
|
||||||
|
# build and link with test drivers
|
||||||
|
loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )"
|
||||||
|
make CFLAGS="$ASAN_CFLAGS -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS"
|
||||||
|
|
||||||
|
# make sure these were not auto-re-enabled by accident
|
||||||
|
not grep mbedtls_ecdh_ library/ecdh.o
|
||||||
|
not grep mbedtls_ecdsa_ library/ecdsa.o
|
||||||
|
not grep mbedtls_ecjpake_ library/ecjpake.o
|
||||||
|
|
||||||
|
# Run the tests
|
||||||
|
# -------------
|
||||||
|
|
||||||
|
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECC"
|
||||||
|
make test
|
||||||
|
}
|
||||||
|
|
||||||
component_test_psa_crypto_config_accel_rsa_signature () {
|
component_test_psa_crypto_config_accel_rsa_signature () {
|
||||||
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated RSA signature"
|
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated RSA signature"
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user