From 714e3a131815f0d4c15f7408c838ca93fb063c53 Mon Sep 17 00:00:00 2001 From: John Durkop Date: Tue, 29 Sep 2020 22:07:04 -0700 Subject: [PATCH] Minor cleanup to fix errors with some unit tests With the new feature MBEDTLS_PSA_CRYPTO_CONFIG, needed to add support that when the feature is disabled, if there are defines like MBEDTLS_ECDSA_C defined, then the PSA_WANT_ equivalent define is also enabled. This ensures the guards in the library psa_crypto will work properly. Also fixed an error return code in the driver wrapper for cipher encrypt setup so it will properly pass unit tests. Ensured config.py full works properly with the new MBEDTLS_PSA_CRYPTO_CONFIG, it should not be set when the full option is used. Signed-off-by: John Durkop --- include/mbedtls/config_psa.h | 18 +++++++++++++++++- library/psa_crypto_driver_wrappers.c | 2 +- scripts/config.py | 1 + 3 files changed, 19 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index 528e21503..8b32378ef 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -26,7 +26,9 @@ #ifndef MBEDTLS_CONFIG_PSA_H #define MBEDTLS_CONFIG_PSA_H +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) #include "psa/crypto_config.h" +#endif /* defined(MBEDTLS_PSAY_CRYPTO_CONFIG) */ #ifdef __cplusplus extern "C" { @@ -42,7 +44,7 @@ extern "C" { #endif /* !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) */ #endif /* defined(PSA_WANT_ALG_ECDSA) */ -#if defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA) +#if defined(PSA_WANT_ALG_ECDSA_DETERMINISTIC) #if !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA_DETERMINISTIC) #define MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA #else /* && !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA_DETERMINISTIC) */ @@ -50,6 +52,20 @@ extern "C" { #endif /* !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA_DETERMINISTIC) */ #endif /* defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA) */ +#else /* MBEDTLS_PSA_CRYPTO_CONFIG */ + +/* + * Ensure PSA_WANT_* defines are setup properly if MBEDTLS_PSA_CRYPTO_CONFIG + * is not defined + */ +#ifdef MBEDTLS_ECDSA_C +#define PSA_WANT_ALG_ECDSA +#endif /* MBEDTLS_ECDSA_C */ + +#ifdef MBEDTLS_ECDSA_DETERMINISTIC +#define PSA_WANT_ALG_ECDSA_DETERMINISTIC +#endif /* MBEDTLS_ECDSA_DETERMINISTIC */ + #endif /* MBEDTLS_PSA_CRYPTO_CONFIG */ #ifdef __cplusplus diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index d41209bbf..140bab626 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -583,7 +583,7 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup( #endif /* PSA_CRYPTO_DRIVER_TEST */ default: /* Key is declared with a lifetime not known to us */ - return( PSA_ERROR_BAD_STATE ); + return( PSA_ERROR_NOT_SUPPORTED ); } #else /* PSA_CRYPTO_DRIVER_PRESENT */ (void)slot; diff --git a/scripts/config.py b/scripts/config.py index 017bba0aa..bb3fa1b4a 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -184,6 +184,7 @@ EXCLUDE_FROM_FULL = frozenset([ 'MBEDTLS_NO_UDBL_DIVISION', # influences anything that uses bignum 'MBEDTLS_PKCS11_C', # build dependency (libpkcs11-helper) 'MBEDTLS_PLATFORM_NO_STD_FUNCTIONS', # removes a feature + 'MBEDTLS_PSA_CRYPTO_CONFIG', # used to switch between old/new style config 'MBEDTLS_PSA_CRYPTO_SPM', # platform dependency (PSA SPM) 'MBEDTLS_PSA_INJECT_ENTROPY', # build dependency (hook functions) 'MBEDTLS_REMOVE_3DES_CIPHERSUITES', # removes a feature