Merge pull request #4250 from gilles-peskine-arm/psa-curves-fix-tests
PSA: don't run tests for unsupported curves
This commit is contained in:
commit
49eee980c3
4 changed files with 42 additions and 6 deletions
|
@ -642,7 +642,8 @@ extern "C" {
|
|||
#define PSA_WANT_ECC_MONTGOMERY_255
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
|
||||
/* Curve448 is not yet supported via the PSA API (https://github.com/ARMmbed/mbedtls/issues/4249) */
|
||||
#if 0 && defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
|
||||
#define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_448 1
|
||||
#define PSA_WANT_ECC_MONTGOMERY_448
|
||||
#endif
|
||||
|
@ -677,7 +678,8 @@ extern "C" {
|
|||
#define PSA_WANT_ECC_SECP_K1_192
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
|
||||
/* SECP224K1 is buggy via the PSA API (https://github.com/ARMmbed/mbedtls/issues/3541) */
|
||||
#if 0 && defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
|
||||
#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_224 1
|
||||
#define PSA_WANT_ECC_SECP_K1_224
|
||||
#endif
|
||||
|
|
|
@ -84,9 +84,11 @@
|
|||
#define PSA_WANT_ECC_BRAINPOOL_P_R1_384 1
|
||||
#define PSA_WANT_ECC_BRAINPOOL_P_R1_512 1
|
||||
#define PSA_WANT_ECC_MONTGOMERY_255 1
|
||||
#define PSA_WANT_ECC_MONTGOMERY_448 1
|
||||
/* Curve448 is not yet supported via the PSA API (https://github.com/ARMmbed/mbedtls/issues/4249) */
|
||||
//#define PSA_WANT_ECC_MONTGOMERY_448 1
|
||||
#define PSA_WANT_ECC_SECP_K1_192 1
|
||||
#define PSA_WANT_ECC_SECP_K1_224 1
|
||||
/* SECP224K1 is buggy via the PSA API (https://github.com/ARMmbed/mbedtls/issues/3541) */
|
||||
//#define PSA_WANT_ECC_SECP_K1_224 1
|
||||
#define PSA_WANT_ECC_SECP_K1_256 1
|
||||
#define PSA_WANT_ECC_SECP_R1_192 1
|
||||
#define PSA_WANT_ECC_SECP_R1_224 1
|
||||
|
|
|
@ -423,62 +423,89 @@ mbedtls_ecp_group_id mbedtls_ecc_group_of_psa( psa_ecc_family_t curve,
|
|||
case PSA_ECC_FAMILY_SECP_R1:
|
||||
switch( bits )
|
||||
{
|
||||
#if defined(PSA_WANT_ECC_SECP_R1_192)
|
||||
case 192:
|
||||
return( MBEDTLS_ECP_DP_SECP192R1 );
|
||||
#endif
|
||||
#if defined(PSA_WANT_ECC_SECP_R1_224)
|
||||
case 224:
|
||||
return( MBEDTLS_ECP_DP_SECP224R1 );
|
||||
#endif
|
||||
#if defined(PSA_WANT_ECC_SECP_R1_256)
|
||||
case 256:
|
||||
return( MBEDTLS_ECP_DP_SECP256R1 );
|
||||
#endif
|
||||
#if defined(PSA_WANT_ECC_SECP_R1_384)
|
||||
case 384:
|
||||
return( MBEDTLS_ECP_DP_SECP384R1 );
|
||||
#endif
|
||||
#if defined(PSA_WANT_ECC_SECP_R1_521)
|
||||
case 521:
|
||||
return( MBEDTLS_ECP_DP_SECP521R1 );
|
||||
case 528:
|
||||
if( bits_is_sloppy )
|
||||
return( MBEDTLS_ECP_DP_SECP521R1 );
|
||||
break;
|
||||
#endif
|
||||
}
|
||||
break;
|
||||
|
||||
case PSA_ECC_FAMILY_BRAINPOOL_P_R1:
|
||||
switch( bits )
|
||||
{
|
||||
#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
|
||||
case 256:
|
||||
return( MBEDTLS_ECP_DP_BP256R1 );
|
||||
#endif
|
||||
#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
|
||||
case 384:
|
||||
return( MBEDTLS_ECP_DP_BP384R1 );
|
||||
#endif
|
||||
#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
|
||||
case 512:
|
||||
return( MBEDTLS_ECP_DP_BP512R1 );
|
||||
#endif
|
||||
}
|
||||
break;
|
||||
|
||||
case PSA_ECC_FAMILY_MONTGOMERY:
|
||||
switch( bits )
|
||||
{
|
||||
#if defined(PSA_WANT_ECC_MONTGOMERY_255)
|
||||
case 255:
|
||||
return( MBEDTLS_ECP_DP_CURVE25519 );
|
||||
case 256:
|
||||
if( bits_is_sloppy )
|
||||
return( MBEDTLS_ECP_DP_CURVE25519 );
|
||||
break;
|
||||
#endif
|
||||
#if defined(PSA_WANT_ECC_MONTGOMERY_448)
|
||||
case 448:
|
||||
return( MBEDTLS_ECP_DP_CURVE448 );
|
||||
#endif
|
||||
}
|
||||
break;
|
||||
|
||||
case PSA_ECC_FAMILY_SECP_K1:
|
||||
switch( bits )
|
||||
{
|
||||
#if defined(PSA_WANT_ECC_SECP_K1_192)
|
||||
case 192:
|
||||
return( MBEDTLS_ECP_DP_SECP192K1 );
|
||||
#endif
|
||||
#if defined(PSA_WANT_ECC_SECP_K1_224)
|
||||
case 224:
|
||||
return( MBEDTLS_ECP_DP_SECP224K1 );
|
||||
#endif
|
||||
#if defined(PSA_WANT_ECC_SECP_K1_256)
|
||||
case 256:
|
||||
return( MBEDTLS_ECP_DP_SECP256K1 );
|
||||
#endif
|
||||
}
|
||||
break;
|
||||
}
|
||||
|
||||
(void) bits_is_sloppy;
|
||||
return( MBEDTLS_ECP_DP_NONE );
|
||||
}
|
||||
#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) ||
|
||||
|
|
|
@ -1306,8 +1306,13 @@ requires_config_enabled MBEDTLS_ECP_DP_BP256R1_ENABLED
|
|||
run_test_psa_force_curve "brainpoolP256r1"
|
||||
requires_config_enabled MBEDTLS_ECP_DP_SECP224R1_ENABLED
|
||||
run_test_psa_force_curve "secp224r1"
|
||||
requires_config_enabled MBEDTLS_ECP_DP_SECP224K1_ENABLED
|
||||
run_test_psa_force_curve "secp224k1"
|
||||
## SECP224K1 is buggy via the PSA API
|
||||
## (https://github.com/ARMmbed/mbedtls/issues/3541),
|
||||
## so it is disabled in PSA even when it's enabled in Mbed TLS.
|
||||
## The proper dependency would be on PSA_WANT_ECC_SECP_K1_224 but
|
||||
## dependencies on PSA symbols in ssl-opt.sh are not implemented yet.
|
||||
#requires_config_enabled MBEDTLS_ECP_DP_SECP224K1_ENABLED
|
||||
#run_test_psa_force_curve "secp224k1"
|
||||
requires_config_enabled MBEDTLS_ECP_DP_SECP192R1_ENABLED
|
||||
run_test_psa_force_curve "secp192r1"
|
||||
requires_config_enabled MBEDTLS_ECP_DP_SECP192K1_ENABLED
|
||||
|
|
Loading…
Reference in a new issue