Merge pull request #4250 from gilles-peskine-arm/psa-curves-fix-tests

PSA: don't run tests for unsupported curves
This commit is contained in:
Ronald Cron 2021-03-23 16:31:35 +01:00 committed by GitHub
commit 49eee980c3
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 42 additions and 6 deletions

View file

@ -642,7 +642,8 @@ extern "C" {
#define PSA_WANT_ECC_MONTGOMERY_255
#endif
#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
/* Curve448 is not yet supported via the PSA API (https://github.com/ARMmbed/mbedtls/issues/4249) */
#if 0 && defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
#define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_448 1
#define PSA_WANT_ECC_MONTGOMERY_448
#endif
@ -677,7 +678,8 @@ extern "C" {
#define PSA_WANT_ECC_SECP_K1_192
#endif
#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
/* SECP224K1 is buggy via the PSA API (https://github.com/ARMmbed/mbedtls/issues/3541) */
#if 0 && defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_224 1
#define PSA_WANT_ECC_SECP_K1_224
#endif

View file

@ -84,9 +84,11 @@
#define PSA_WANT_ECC_BRAINPOOL_P_R1_384 1
#define PSA_WANT_ECC_BRAINPOOL_P_R1_512 1
#define PSA_WANT_ECC_MONTGOMERY_255 1
#define PSA_WANT_ECC_MONTGOMERY_448 1
/* Curve448 is not yet supported via the PSA API (https://github.com/ARMmbed/mbedtls/issues/4249) */
//#define PSA_WANT_ECC_MONTGOMERY_448 1
#define PSA_WANT_ECC_SECP_K1_192 1
#define PSA_WANT_ECC_SECP_K1_224 1
/* SECP224K1 is buggy via the PSA API (https://github.com/ARMmbed/mbedtls/issues/3541) */
//#define PSA_WANT_ECC_SECP_K1_224 1
#define PSA_WANT_ECC_SECP_K1_256 1
#define PSA_WANT_ECC_SECP_R1_192 1
#define PSA_WANT_ECC_SECP_R1_224 1

View file

@ -423,62 +423,89 @@ mbedtls_ecp_group_id mbedtls_ecc_group_of_psa( psa_ecc_family_t curve,
case PSA_ECC_FAMILY_SECP_R1:
switch( bits )
{
#if defined(PSA_WANT_ECC_SECP_R1_192)
case 192:
return( MBEDTLS_ECP_DP_SECP192R1 );
#endif
#if defined(PSA_WANT_ECC_SECP_R1_224)
case 224:
return( MBEDTLS_ECP_DP_SECP224R1 );
#endif
#if defined(PSA_WANT_ECC_SECP_R1_256)
case 256:
return( MBEDTLS_ECP_DP_SECP256R1 );
#endif
#if defined(PSA_WANT_ECC_SECP_R1_384)
case 384:
return( MBEDTLS_ECP_DP_SECP384R1 );
#endif
#if defined(PSA_WANT_ECC_SECP_R1_521)
case 521:
return( MBEDTLS_ECP_DP_SECP521R1 );
case 528:
if( bits_is_sloppy )
return( MBEDTLS_ECP_DP_SECP521R1 );
break;
#endif
}
break;
case PSA_ECC_FAMILY_BRAINPOOL_P_R1:
switch( bits )
{
#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
case 256:
return( MBEDTLS_ECP_DP_BP256R1 );
#endif
#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
case 384:
return( MBEDTLS_ECP_DP_BP384R1 );
#endif
#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
case 512:
return( MBEDTLS_ECP_DP_BP512R1 );
#endif
}
break;
case PSA_ECC_FAMILY_MONTGOMERY:
switch( bits )
{
#if defined(PSA_WANT_ECC_MONTGOMERY_255)
case 255:
return( MBEDTLS_ECP_DP_CURVE25519 );
case 256:
if( bits_is_sloppy )
return( MBEDTLS_ECP_DP_CURVE25519 );
break;
#endif
#if defined(PSA_WANT_ECC_MONTGOMERY_448)
case 448:
return( MBEDTLS_ECP_DP_CURVE448 );
#endif
}
break;
case PSA_ECC_FAMILY_SECP_K1:
switch( bits )
{
#if defined(PSA_WANT_ECC_SECP_K1_192)
case 192:
return( MBEDTLS_ECP_DP_SECP192K1 );
#endif
#if defined(PSA_WANT_ECC_SECP_K1_224)
case 224:
return( MBEDTLS_ECP_DP_SECP224K1 );
#endif
#if defined(PSA_WANT_ECC_SECP_K1_256)
case 256:
return( MBEDTLS_ECP_DP_SECP256K1 );
#endif
}
break;
}
(void) bits_is_sloppy;
return( MBEDTLS_ECP_DP_NONE );
}
#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) ||

View file

@ -1306,8 +1306,13 @@ requires_config_enabled MBEDTLS_ECP_DP_BP256R1_ENABLED
run_test_psa_force_curve "brainpoolP256r1"
requires_config_enabled MBEDTLS_ECP_DP_SECP224R1_ENABLED
run_test_psa_force_curve "secp224r1"
requires_config_enabled MBEDTLS_ECP_DP_SECP224K1_ENABLED
run_test_psa_force_curve "secp224k1"
## SECP224K1 is buggy via the PSA API
## (https://github.com/ARMmbed/mbedtls/issues/3541),
## so it is disabled in PSA even when it's enabled in Mbed TLS.
## The proper dependency would be on PSA_WANT_ECC_SECP_K1_224 but
## dependencies on PSA symbols in ssl-opt.sh are not implemented yet.
#requires_config_enabled MBEDTLS_ECP_DP_SECP224K1_ENABLED
#run_test_psa_force_curve "secp224k1"
requires_config_enabled MBEDTLS_ECP_DP_SECP192R1_ENABLED
run_test_psa_force_curve "secp192r1"
requires_config_enabled MBEDTLS_ECP_DP_SECP192K1_ENABLED