Correct use of MBEDTLS_PSA_BUILTIN_ALG_xxx in crypto library

The psa crypto library was generically using PSA_WANT_ALG_xxx, but
should have been using the correct MBEDTLS_PSA_BUILTIN_ALG_xxx
definition since that code is the builtin version. There were also
a couple of spots that needed to ensure the code block was enabled
for either ECDSA or DETERMINISTIC_ECDSA, not just one of them.

Fixed all the new ALG_ECDSA_DETERMINISTIC names to be
ALG_DETERMINISTIC_ECDSA instead.

Fixed test to use correct definitions.

Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
This commit is contained in:
John Durkop 2020-10-13 19:58:20 -07:00
parent 7b453130e2
commit 0ea39e0ee4
4 changed files with 20 additions and 20 deletions

View file

@ -47,11 +47,11 @@ extern "C" {
#endif /* !MBEDTLS_PSA_ACCEL_ALG_ECDSA */
#endif /* PSA_WANT_ALG_ECDSA */
#if defined(PSA_WANT_ALG_ECDSA_DETERMINISTIC)
#if !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA_DETERMINISTIC)
#define MBEDTLS_PSA_BUILTIN_ALG_ECDSA_DETERMINISTIC 1
#if defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA)
#if !defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA)
#define MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA 1
#define MBEDTLS_ECDSA_DETERMINISTIC
#endif /* MBEDTLS_PSA_ACCEL_ALG_ECDSA_DETERMINISTIC */
#endif /* MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA */
#endif /* PSA_WANT_ALG_DETERMINISTIC_ECDSA */
#else /* MBEDTLS_PSA_CRYPTO_CONFIG */
@ -61,11 +61,11 @@ extern "C" {
* is not defined
*/
#if defined(MBEDTLS_ECDSA_C)
#define PSA_WANT_ALG_ECDSA
#define MBEDTLS_PSA_BUILTIN_ALG_ECDSA
#endif /* MBEDTLS_ECDSA_C */
#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
#define PSA_WANT_ALG_ECDSA_DETERMINISTIC
#define MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA
#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
#endif /* MBEDTLS_PSA_CRYPTO_CONFIG */

View file

@ -50,7 +50,7 @@
#ifndef PSA_CRYPTO_CONFIG_H
#define PSA_CRYPTO_CONFIG_H
#define PSA_WANT_ALG_ECDSA 1
#define PSA_WANT_ALG_ECDSA_DETERMINISTIC 1
#define PSA_WANT_ALG_ECDSA 1
#define PSA_WANT_ALG_DETERMINISTIC_ECDSA 1
#endif /* PSA_CRYPTO_CONFIG_H */

View file

@ -2256,7 +2256,7 @@ exit:
/* Message digests */
/****************************************************************/
#if defined(MBEDTLS_RSA_C) || defined(PSA_WANT_ALG_ECDSA_DETERMINISTIC)
#if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
static const mbedtls_md_info_t *mbedtls_md_info_from_psa( psa_algorithm_t alg )
{
switch( alg )
@ -2299,7 +2299,7 @@ static const mbedtls_md_info_t *mbedtls_md_info_from_psa( psa_algorithm_t alg )
return( NULL );
}
}
#endif
#endif /* defined(MBEDTLS_RSA_C) || defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */
psa_status_t psa_hash_abort( psa_hash_operation_t *operation )
{
@ -3530,7 +3530,7 @@ static psa_status_t psa_rsa_verify( mbedtls_rsa_context *rsa,
}
#endif /* MBEDTLS_RSA_C */
#if defined(PSA_WANT_ALG_ECDSA)
#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA)
/* `ecp` cannot be const because `ecp->grp` needs to be non-const
* for mbedtls_ecdsa_sign() and mbedtls_ecdsa_sign_det()
* (even though these functions don't modify it). */
@ -3554,7 +3554,7 @@ static psa_status_t psa_ecdsa_sign( mbedtls_ecp_keypair *ecp,
goto cleanup;
}
#if defined(PSA_WANT_ALG_ECDSA_DETERMINISTIC)
#if defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
if( PSA_ALG_DSA_IS_DETERMINISTIC( alg ) )
{
psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg );
@ -3567,7 +3567,7 @@ static psa_status_t psa_ecdsa_sign( mbedtls_ecp_keypair *ecp,
&global_data.ctr_drbg ) );
}
else
#endif /* PSA_WANT_ALG_ECDSA_DETERMINISTIC */
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */
{
(void) alg;
MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign( &ecp->grp, &r, &s, &ecp->d,
@ -3629,7 +3629,7 @@ cleanup:
mbedtls_mpi_free( &s );
return( mbedtls_to_psa_error( ret ) );
}
#endif /* PSA_WANT_ALG_ECDSA */
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) */
psa_status_t psa_sign_hash( psa_key_handle_t handle,
psa_algorithm_t alg,
@ -3698,9 +3698,9 @@ psa_status_t psa_sign_hash( psa_key_handle_t handle,
#if defined(MBEDTLS_ECP_C)
if( PSA_KEY_TYPE_IS_ECC( slot->attr.type ) )
{
#if defined(PSA_WANT_ALG_ECDSA)
#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA)
if(
#if defined(PSA_WANT_ALG_ECDSA_DETERMINISTIC)
#if defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
PSA_ALG_IS_ECDSA( alg )
#else
PSA_ALG_IS_RANDOMIZED_ECDSA( alg )
@ -3723,7 +3723,7 @@ psa_status_t psa_sign_hash( psa_key_handle_t handle,
mbedtls_free( ecp );
}
else
#endif /* defined(PSA_WANT_ALG_ECDSA) */
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) */
{
status = PSA_ERROR_INVALID_ARGUMENT;
}
@ -3799,7 +3799,7 @@ psa_status_t psa_verify_hash( psa_key_handle_t handle,
#if defined(MBEDTLS_ECP_C)
if( PSA_KEY_TYPE_IS_ECC( slot->attr.type ) )
{
#if defined(PSA_WANT_ALG_ECDSA)
#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA)
if( PSA_ALG_IS_ECDSA( alg ) )
{
mbedtls_ecp_keypair *ecp = NULL;
@ -3817,7 +3817,7 @@ psa_status_t psa_verify_hash( psa_key_handle_t handle,
return( status );
}
else
#endif /* defined(PSA_WANT_ALG_ECDSA) */
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) */
{
return( PSA_ERROR_INVALID_ARGUMENT );
}

View file

@ -1314,7 +1314,7 @@ component_test_psa_want_ecdsa_disabled_software() {
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_ECDSA_C
scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_ECDSA
scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_ECDSA_DETERMINISTIC
scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_DETERMINISTIC_ECDSA
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"