Merge pull request #7300 from valeriosetti/issue7281

Driver only EC JPAKE: re-enable the EC J-PAKE key exchange and get test parity
2023-03-20 09:54:47 +01:00 · 2023-03-20 09:54:47 +01:00 · 4ebe2a7372
commit 4ebe2a7372
parent e91aadaeed 82b484ecbc
3 changed files with 18 additions and 3 deletions
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@ -293,6 +293,17 @@
 #endif
 #endif /* MBEDTLS_USE_PSA_CRYPTO */

+/* Helper for JPAKE dependencies, will be undefined at the end of the file */
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(PSA_HAVE_FULL_JPAKE)
+#define MBEDTLS_PK_HAVE_JPAKE
+#endif
+#else /* MBEDTLS_USE_PSA_CRYPTO */
+#if defined(MBEDTLS_ECJPAKE_C)
+#define MBEDTLS_PK_HAVE_JPAKE
+#endif
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
 #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) &&                 \
    ( !defined(MBEDTLS_ECDH_C) ||                                       \
      !defined(MBEDTLS_PK_HAVE_ECDSA) ||                                \
@ -347,7 +358,7 @@
 #endif

 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) &&                    \
-    ( !defined(MBEDTLS_ECJPAKE_C) ||                                    \
+    ( !defined(MBEDTLS_PK_HAVE_JPAKE) ||                                    \
      !defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) )
 #error "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED defined, but not all prerequisites"
 #endif
@ -1088,6 +1099,7 @@

 /* Undefine helper symbols */
 #undef MBEDTLS_PK_HAVE_ECDSA
+#undef MBEDTLS_PK_HAVE_JPAKE

 /*
 * Avoid warning from -pedantic. This is a convenient place for this
--- a/include/mbedtls/config_psa.h
+++ b/include/mbedtls/config_psa.h
@ -848,6 +848,11 @@ extern "C" {
 #define PSA_HAVE_FULL_ECDSA 1
 #endif

+#if defined(PSA_WANT_ALG_JPAKE) && defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) && \
+    defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
+#define PSA_HAVE_FULL_JPAKE 1
+#endif
+
 /* These features are always enabled. */
 #define PSA_WANT_KEY_TYPE_DERIVE 1
 #define PSA_WANT_KEY_TYPE_PASSWORD 1
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@ -2354,8 +2354,6 @@ config_psa_crypto_config_ecjpake_use_psa () {
        # Disable the module that's accelerated
        scripts/config.py unset MBEDTLS_ECJPAKE_C
    fi
-    # Disable things that depend on it (regardless of driver or built-in)
-    scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED

    # Dynamic secure element support is a deprecated feature and needs to be disabled here.
    # This is done to have the same form of psa_key_attributes_s for libdriver and library.