Implement pick-a-curve when ECP_LIGHT is disabled

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2024-01-24 14:15:02 +01:00
parent 9cd2e9ad1b
commit 2bd4ddc8e0

View file

@ -160,6 +160,43 @@ size_t mbedtls_rsa_key_len_func(void *ctx)
}
#endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_PSA_CRYPTO_C) && defined(MBEDTLS_PK_HAVE_ECC_KEYS)
static mbedtls_ecp_group_id ecc_pick_grp_id(void)
{
#if defined(MBEDTLS_ECP_LIGHT)
return mbedtls_ecp_grp_id_list()[0];
#elif defined(PSA_WANT_ECC_SECP_R1_192)
return MBEDTLS_ECP_DP_SECP192R1;
#elif defined(PSA_WANT_ECC_SECP_R1_224)
return MBEDTLS_ECP_DP_SECP224R1;
#elif defined(PSA_WANT_ECC_SECP_R1_256)
return MBEDTLS_ECP_DP_SECP256R1;
#elif defined(PSA_WANT_ECC_SECP_R1_384)
return MBEDTLS_ECP_DP_SECP384R1;
#elif defined(PSA_WANT_ECC_SECP_R1_521)
return MBEDTLS_ECP_DP_SECP521R1;
#elif defined(PSA_WANT_ECC_SECP_K1_192)
return MBEDTLS_ECP_DP_SECP192K1;
#elif defined(PSA_WANT_ECC_SECP_K1_224)
return MBEDTLS_ECP_DP_SECP224K1;
#elif defined(PSA_WANT_ECC_SECP_K1_256)
return MBEDTLS_ECP_DP_SECP256K1;
#elif defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
return MBEDTLS_ECP_DP_BP256R1;
#elif defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
return MBEDTLS_ECP_DP_BP384R1;
#elif defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
return MBEDTLS_ECP_DP_BP512R1;
#elif defined(PSA_WANT_ECC_MONTGOMERY_255)
return MBEDTLS_ECP_DP_CURVE25519;
#elif defined(PSA_WANT_ECC_MONTGOMERY_448)
return MBEDTLS_ECP_DP_CURVE448;
#else
return 0;
#endif
}
#endif /* defined(MBEDTLS_PSA_CRYPTO_C) && defined(MBEDTLS_PK_HAVE_ECC_KEYS) */
#if defined(MBEDTLS_PSA_CRYPTO_C)
static int pk_setup_for_type(mbedtls_pk_type_t pk_type, int want_pair,
mbedtls_pk_context *pk, psa_key_type_t *psa_type)
@ -201,7 +238,7 @@ static int pk_setup_for_type(mbedtls_pk_type_t pk_type, int want_pair,
case MBEDTLS_PK_ECKEY_DH:
case MBEDTLS_PK_ECDSA:
{
mbedtls_ecp_group_id grp_id = mbedtls_ecp_grp_id_list()[0];
mbedtls_ecp_group_id grp_id = ecc_pick_grp_id();
size_t bits;
*psa_type = PSA_KEY_TYPE_ECC_KEY_PAIR(mbedtls_ecc_group_to_psa(grp_id, &bits));
TEST_EQUAL(pk_genkey(pk, grp_id), 0);