ECDSA requires a short Weierstrass curve
Document in config.h, and enforce in check_config.h, that MBEDTLS_ECDSA_C requires at least one short Weierstrass curve to be enabled. A Montgomery curve is not enough. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine
parent
8f4f9a8daf
commit
799e57612a
2 changed files with 16 additions and 1 deletions
|
|
@ -103,6 +103,17 @@
|
||||||
|
|
||||||
#if defined(MBEDTLS_ECDSA_C) && \
|
#if defined(MBEDTLS_ECDSA_C) && \
|
||||||
( !defined(MBEDTLS_ECP_C) || \
|
( !defined(MBEDTLS_ECP_C) || \
|
||||||
|
!( defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || \
|
||||||
|
defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || \
|
||||||
|
defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || \
|
||||||
|
defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) || \
|
||||||
|
defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) || \
|
||||||
|
defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || \
|
||||||
|
defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || \
|
||||||
|
defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) || \
|
||||||
|
defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) || \
|
||||||
|
defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) || \
|
||||||
|
defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) ) || \
|
||||||
!defined(MBEDTLS_ASN1_PARSE_C) || \
|
!defined(MBEDTLS_ASN1_PARSE_C) || \
|
||||||
!defined(MBEDTLS_ASN1_WRITE_C) )
|
!defined(MBEDTLS_ASN1_WRITE_C) )
|
||||||
#error "MBEDTLS_ECDSA_C defined, but not all prerequisites"
|
#error "MBEDTLS_ECDSA_C defined, but not all prerequisites"
|
||||||
|
|
|
||||||
|
|
@ -756,6 +756,7 @@
|
||||||
*
|
*
|
||||||
* Comment macros to disable the curve and functions for it
|
* Comment macros to disable the curve and functions for it
|
||||||
*/
|
*/
|
||||||
|
/* Short Weierstrass curves (supporting ECP, ECDH, ECDSA) */
|
||||||
#define MBEDTLS_ECP_DP_SECP192R1_ENABLED
|
#define MBEDTLS_ECP_DP_SECP192R1_ENABLED
|
||||||
#define MBEDTLS_ECP_DP_SECP224R1_ENABLED
|
#define MBEDTLS_ECP_DP_SECP224R1_ENABLED
|
||||||
#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||||
|
|
@ -767,6 +768,7 @@
|
||||||
#define MBEDTLS_ECP_DP_BP256R1_ENABLED
|
#define MBEDTLS_ECP_DP_BP256R1_ENABLED
|
||||||
#define MBEDTLS_ECP_DP_BP384R1_ENABLED
|
#define MBEDTLS_ECP_DP_BP384R1_ENABLED
|
||||||
#define MBEDTLS_ECP_DP_BP512R1_ENABLED
|
#define MBEDTLS_ECP_DP_BP512R1_ENABLED
|
||||||
|
/* Montgomery curves (supporting ECP) */
|
||||||
#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
|
#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
|
||||||
#define MBEDTLS_ECP_DP_CURVE448_ENABLED
|
#define MBEDTLS_ECP_DP_CURVE448_ENABLED
|
||||||
|
|
||||||
|
|
@ -2571,7 +2573,9 @@
|
||||||
* This module is used by the following key exchanges:
|
* This module is used by the following key exchanges:
|
||||||
* ECDHE-ECDSA
|
* ECDHE-ECDSA
|
||||||
*
|
*
|
||||||
* Requires: MBEDTLS_ECP_C, MBEDTLS_ASN1_WRITE_C, MBEDTLS_ASN1_PARSE_C
|
* Requires: MBEDTLS_ECP_C, MBEDTLS_ASN1_WRITE_C, MBEDTLS_ASN1_PARSE_C,
|
||||||
|
* and at least one MBEDTLS_ECP_DP_XXX_ENABLED for a
|
||||||
|
* short Weierstrass curve.
|
||||||
*/
|
*/
|
||||||
#define MBEDTLS_ECDSA_C
|
#define MBEDTLS_ECDSA_C
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue