From 81d75127ba1fa4663b41c4012ddb9e426ae73116 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 14 Jun 2023 14:49:33 +0200 Subject: [PATCH] library: replace occurencies of ECP_LIGHT with PK_HAVE_ECC_KEYS Signed-off-by: Valerio Setti --- include/mbedtls/oid.h | 4 +-- include/psa/crypto_extra.h | 6 ++-- library/oid.c | 4 +-- library/pk.c | 16 +++++----- library/pk_internal.h | 6 ++-- library/pk_wrap.c | 4 +-- library/pk_wrap.h | 2 +- library/pkparse.c | 52 +++++++++++++------------------ library/pkwrite.c | 63 +++++++++++++++++++------------------- library/pkwrite.h | 6 ++-- library/psa_crypto.c | 4 +-- 11 files changed, 78 insertions(+), 89 deletions(-) diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h index ec36748ce..e333ba11b 100644 --- a/include/mbedtls/oid.h +++ b/include/mbedtls/oid.h @@ -545,7 +545,7 @@ int mbedtls_oid_get_pk_alg(const mbedtls_asn1_buf *oid, mbedtls_pk_type_t *pk_al int mbedtls_oid_get_oid_by_pk_alg(mbedtls_pk_type_t pk_alg, const char **oid, size_t *olen); -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) /** * \brief Translate NamedCurve OID into an EC group identifier * @@ -591,7 +591,7 @@ int mbedtls_oid_get_ec_grp_algid(const mbedtls_asn1_buf *oid, mbedtls_ecp_group_ */ int mbedtls_oid_get_oid_by_ec_grp_algid(mbedtls_ecp_group_id grp_id, const char **oid, size_t *olen); -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ /** * \brief Translate SignatureAlgorithm OID into md_type and pk_type diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index cc70e6fe5..fb639fadb 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -572,8 +572,8 @@ psa_status_t psa_get_key_domain_parameters( /** \defgroup psa_tls_helpers TLS helper functions * @{ */ - -#if defined(MBEDTLS_ECP_LIGHT) +#include +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) #include /** Convert an ECC curve identifier from the Mbed TLS encoding to PSA. @@ -660,7 +660,7 @@ static inline psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grp mbedtls_ecp_group_id mbedtls_ecc_group_of_psa(psa_ecc_family_t curve, size_t bits, int bits_is_sloppy); -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ /**@}*/ diff --git a/library/oid.c b/library/oid.c index a580992e0..47a311b94 100644 --- a/library/oid.c +++ b/library/oid.c @@ -543,7 +543,7 @@ FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_pk_alg, mbedtls_pk_type_t, pk_alg) -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) /* * For elliptic curves that use namedCurve inside ECParams (RFC 5480) */ @@ -674,7 +674,7 @@ FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_ec_grp_algid, oid_ecp_grp_algid, mbedtls_ecp_group_id, grp_id) -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ #if defined(MBEDTLS_CIPHER_C) /* diff --git a/library/pk.c b/library/pk.c index 91796dec9..aa8e997aa 100644 --- a/library/pk.c +++ b/library/pk.c @@ -31,7 +31,7 @@ #if defined(MBEDTLS_RSA_C) #include "mbedtls/rsa.h" #endif -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) #include "mbedtls/ecp.h" #endif #if defined(MBEDTLS_ECDSA_C) @@ -125,12 +125,12 @@ const mbedtls_pk_info_t *mbedtls_pk_info_from_type(mbedtls_pk_type_t pk_type) case MBEDTLS_PK_RSA: return &mbedtls_rsa_info; #endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) case MBEDTLS_PK_ECKEY: return &mbedtls_eckey_info; case MBEDTLS_PK_ECKEY_DH: return &mbedtls_eckeydh_info; -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ #if defined(MBEDTLS_PK_CAN_ECDSA_SOME) case MBEDTLS_PK_ECDSA: return &mbedtls_ecdsa_info; @@ -903,14 +903,14 @@ int mbedtls_pk_wrap_as_opaque(mbedtls_pk_context *pk, psa_key_usage_t usage, psa_algorithm_t alg2) { -#if !defined(MBEDTLS_ECP_LIGHT) && !defined(MBEDTLS_RSA_C) +#if !defined(MBEDTLS_PK_HAVE_ECC_KEYS) && !defined(MBEDTLS_RSA_C) ((void) pk); ((void) key); ((void) alg); ((void) usage); ((void) alg2); -#else /* !MBEDTLS_ECP_LIGHT && !MBEDTLS_RSA_C */ -#if defined(MBEDTLS_ECP_LIGHT) +#else /* !MBEDTLS_PK_HAVE_ECC_KEYS && !MBEDTLS_RSA_C */ +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECKEY) { size_t d_len; psa_ecc_family_t curve_id; @@ -965,7 +965,7 @@ int mbedtls_pk_wrap_as_opaque(mbedtls_pk_context *pk, return mbedtls_pk_setup_opaque(pk, *key); } else -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ #if defined(MBEDTLS_RSA_C) if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_RSA) { unsigned char buf[MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES]; @@ -1006,7 +1006,7 @@ int mbedtls_pk_wrap_as_opaque(mbedtls_pk_context *pk, return mbedtls_pk_setup_opaque(pk, *key); } else #endif /* MBEDTLS_RSA_C */ -#endif /* !MBEDTLS_ECP_LIGHT && !MBEDTLS_RSA_C */ +#endif /* !MBEDTLS_PK_HAVE_ECC_KEYS && !MBEDTLS_RSA_C */ return MBEDTLS_ERR_PK_TYPE_MISMATCH; } #endif /* MBEDTLS_USE_PSA_CRYPTO */ diff --git a/library/pk_internal.h b/library/pk_internal.h index 388f94ac8..263a1c777 100644 --- a/library/pk_internal.h +++ b/library/pk_internal.h @@ -25,7 +25,7 @@ #include "mbedtls/pk.h" -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) #include "mbedtls/ecp.h" #endif @@ -44,7 +44,7 @@ psa_pk_status_to_mbedtls) #endif -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) /** * Public function mbedtls_pk_ec() can be used to get direct access to the * wrapped ecp_keypair structure pointed to the pk_ctx. However this is not @@ -115,7 +115,7 @@ static inline mbedtls_ecp_group_id mbedtls_pk_get_group_id(const mbedtls_pk_cont #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) #define MBEDTLS_PK_HAVE_RFC8410_CURVES #endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED || MBEDTLS_ECP_DP_CURVE448_ENABLED */ -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) /** diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 0cadab280..54a4d5d5f 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -634,7 +634,7 @@ const mbedtls_pk_info_t mbedtls_rsa_info = { }; #endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) /* * Generic EC key */ @@ -1335,7 +1335,7 @@ const mbedtls_pk_info_t mbedtls_eckeydh_info = { #endif eckey_debug, /* Same underlying key structure */ }; -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ #if defined(MBEDTLS_PK_CAN_ECDSA_SOME) static int ecdsa_can_do(mbedtls_pk_type_t type) diff --git a/library/pk_wrap.h b/library/pk_wrap.h index b4b974fc9..1436d7812 100644 --- a/library/pk_wrap.h +++ b/library/pk_wrap.h @@ -120,7 +120,7 @@ typedef struct { extern const mbedtls_pk_info_t mbedtls_rsa_info; #endif -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) extern const mbedtls_pk_info_t mbedtls_eckey_info; extern const mbedtls_pk_info_t mbedtls_eckeydh_info; #endif diff --git a/library/pkparse.c b/library/pkparse.c index 4c55d341b..483176abc 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -37,7 +37,7 @@ #if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECP_C) #include "pkwrite.h" #endif -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) #include "pk_internal.h" #endif #if defined(MBEDTLS_ECDSA_C) @@ -64,10 +64,10 @@ #include "mbedtls/platform.h" /* Helper for Montgomery curves */ -#if defined(MBEDTLS_ECP_LIGHT) && defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) && defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) #define MBEDTLS_PK_IS_RFC8410_GROUP_ID(id) \ ((id == MBEDTLS_ECP_DP_CURVE25519) || (id == MBEDTLS_ECP_DP_CURVE448)) -#endif /* MBEDTLS_ECP_LIGHT && MBEDTLS_PK_HAVE_RFC8410_CURVES */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS && MBEDTLS_PK_HAVE_RFC8410_CURVES */ #if defined(MBEDTLS_FS_IO) /* @@ -174,7 +174,7 @@ int mbedtls_pk_parse_public_keyfile(mbedtls_pk_context *ctx, const char *path) } #endif /* MBEDTLS_FS_IO */ -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) /* Minimally parse an ECParameters buffer to and mbedtls_asn1_buf * * ECParameters ::= CHOICE { @@ -655,7 +655,6 @@ static int pk_parse_key_rfc8410_der(mbedtls_pk_context *pk, mbedtls_ecp_keypair *eck = mbedtls_pk_ec_rw(*pk); if ((ret = mbedtls_mpi_read_binary_le(&eck->d, key, len)) != 0) { - mbedtls_ecp_keypair_free(eck); return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); } #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ @@ -664,9 +663,6 @@ static int pk_parse_key_rfc8410_der(mbedtls_pk_context *pk, * which never contain a public key. As such, derive the public key * unconditionally. */ if ((ret = pk_derive_public_key(pk, key, len, f_rng, p_rng)) != 0) { -#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA) - mbedtls_ecp_keypair_free(eck); -#endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */ return ret; } @@ -674,7 +670,6 @@ static int pk_parse_key_rfc8410_der(mbedtls_pk_context *pk, * into PSA. */ #if !defined(MBEDTLS_PK_USE_PSA_EC_DATA) if ((ret = mbedtls_ecp_check_privkey(&eck->grp, &eck->d)) != 0) { - mbedtls_ecp_keypair_free(eck); return ret; } #endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */ @@ -793,7 +788,7 @@ static int pk_get_ecpubkey(unsigned char **p, const unsigned char *end, return ret; } -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ #if defined(MBEDTLS_RSA_C) /* @@ -878,7 +873,7 @@ static int pk_get_pk_alg(unsigned char **p, } ret = mbedtls_oid_get_pk_alg(&alg_oid, pk_alg); -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) if (ret == MBEDTLS_ERR_OID_NOT_FOUND) { ret = mbedtls_oid_get_ec_grp_algid(&alg_oid, ec_grp_id); if (ret == 0) { @@ -952,7 +947,7 @@ int mbedtls_pk_parse_subpubkey(unsigned char **p, const unsigned char *end, ret = pk_get_rsapubkey(p, end, mbedtls_pk_rsa(*pk)); } else #endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) if (pk_alg == MBEDTLS_PK_ECKEY_DH || pk_alg == MBEDTLS_PK_ECKEY) { #if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) if (MBEDTLS_PK_IS_RFC8410_GROUP_ID(ec_grp_id)) { @@ -966,7 +961,7 @@ int mbedtls_pk_parse_subpubkey(unsigned char **p, const unsigned char *end, ret = pk_get_ecpubkey(p, end, pk); } } else -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ ret = MBEDTLS_ERR_PK_UNKNOWN_PK_ALG; if (ret == 0 && *p != end) { @@ -1170,7 +1165,7 @@ cleanup: } #endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) /* * Parse a SEC1 encoded private EC key */ @@ -1186,10 +1181,11 @@ static int pk_parse_key_sec1_der(mbedtls_pk_context *pk, unsigned char *d; unsigned char *end = p + keylen; unsigned char *end2; - mbedtls_ecp_keypair *eck = mbedtls_pk_ec_rw(*pk); #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t status; +#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ + mbedtls_ecp_keypair *eck = mbedtls_pk_ec_rw(*pk); #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ /* @@ -1226,7 +1222,6 @@ static int pk_parse_key_sec1_der(mbedtls_pk_context *pk, #if !defined(MBEDTLS_PK_USE_PSA_EC_DATA) if ((ret = mbedtls_mpi_read_binary(&eck->d, p, len)) != 0) { - mbedtls_ecp_keypair_free(eck); return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); } #endif @@ -1243,11 +1238,9 @@ static int pk_parse_key_sec1_der(mbedtls_pk_context *pk, 0)) == 0) { if ((ret = pk_get_ecparams(&p, p + len, ¶ms)) != 0 || (ret = pk_use_ecparams(¶ms, pk)) != 0) { - mbedtls_ecp_keypair_free(eck); return ret; } } else if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { - mbedtls_ecp_keypair_free(eck); return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); } } @@ -1283,7 +1276,6 @@ static int pk_parse_key_sec1_der(mbedtls_pk_context *pk, } } } else if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { - mbedtls_ecp_keypair_free(eck); return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); } } @@ -1311,21 +1303,19 @@ static int pk_parse_key_sec1_der(mbedtls_pk_context *pk, if (!pubkey_done) { if ((ret = pk_derive_public_key(pk, d, d_len, f_rng, p_rng)) != 0) { - mbedtls_ecp_keypair_free(eck); return ret; } } #if !defined(MBEDTLS_PK_USE_PSA_EC_DATA) if ((ret = mbedtls_ecp_check_privkey(&eck->grp, &eck->d)) != 0) { - mbedtls_ecp_keypair_free(eck); return ret; } #endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */ return 0; } -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ /* * Parse an unencrypted PKCS#8 encoded private key @@ -1354,7 +1344,7 @@ static int pk_parse_key_pkcs8_unencrypted_der( mbedtls_ecp_group_id ec_grp_id = MBEDTLS_ECP_DP_NONE; const mbedtls_pk_info_t *pk_info; -#if !defined(MBEDTLS_ECP_LIGHT) +#if !defined(MBEDTLS_PK_HAVE_ECC_KEYS) (void) f_rng; (void) p_rng; #endif @@ -1419,7 +1409,7 @@ static int pk_parse_key_pkcs8_unencrypted_der( } } else #endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) if (pk_alg == MBEDTLS_PK_ECKEY || pk_alg == MBEDTLS_PK_ECKEY_DH) { #if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) if (MBEDTLS_PK_IS_RFC8410_GROUP_ID(ec_grp_id)) { @@ -1441,7 +1431,7 @@ static int pk_parse_key_pkcs8_unencrypted_der( } } } else -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ return MBEDTLS_ERR_PK_UNKNOWN_PK_ALG; return 0; @@ -1608,7 +1598,7 @@ int mbedtls_pk_parse_key(mbedtls_pk_context *pk, } #endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ if (key[keylen - 1] != '\0') { ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; @@ -1637,7 +1627,7 @@ int mbedtls_pk_parse_key(mbedtls_pk_context *pk, } else if (ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) { return ret; } -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ if (key[keylen - 1] != '\0') { @@ -1743,7 +1733,7 @@ int mbedtls_pk_parse_key(mbedtls_pk_context *pk, mbedtls_pk_init(pk); #endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY); if (mbedtls_pk_setup(pk, pk_info) == 0 && pk_parse_key_sec1_der(pk, @@ -1751,13 +1741,13 @@ int mbedtls_pk_parse_key(mbedtls_pk_context *pk, return 0; } mbedtls_pk_free(pk); -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ - /* If MBEDTLS_RSA_C is defined but MBEDTLS_ECP_LIGHT isn't, + /* If MBEDTLS_RSA_C is defined but MBEDTLS_PK_HAVE_ECC_KEYS isn't, * it is ok to leave the PK context initialized but not * freed: It is the caller's responsibility to call pk_init() * before calling this function, and to call pk_free() - * when it fails. If MBEDTLS_ECP_LIGHT is defined but MBEDTLS_RSA_C + * when it fails. If MBEDTLS_PK_HAVE_ECC_KEYS is defined but MBEDTLS_RSA_C * isn't, this leads to mbedtls_pk_free() being called * twice, once here and once by the caller, but this is * also ok and in line with the mbedtls_pk_free() calls diff --git a/library/pkwrite.c b/library/pkwrite.c index 218d0c1ab..e6f1aefaf 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -38,10 +38,10 @@ #include "mbedtls/ecp.h" #include "mbedtls/platform_util.h" #endif -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) #include "pk_internal.h" #endif -#if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_PK_HAVE_ECC_KEYS) #include "pkwrite.h" #endif #if defined(MBEDTLS_ECDSA_C) @@ -58,7 +58,7 @@ #include "mbedtls/platform.h" /* Helper for Montgomery curves */ -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) #if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) static inline int mbedtls_pk_is_rfc8410(const mbedtls_pk_context *pk) { @@ -76,6 +76,8 @@ static inline int mbedtls_pk_is_rfc8410(const mbedtls_pk_context *pk) #endif return 0; } +#endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */ + #if defined(MBEDTLS_USE_PSA_CRYPTO) /* It is assumed that the input key is opaque */ static psa_ecc_family_t pk_get_opaque_ec_family(const mbedtls_pk_context *pk) @@ -91,11 +93,7 @@ static psa_ecc_family_t pk_get_opaque_ec_family(const mbedtls_pk_context *pk) return ec_family; } -#endif /* MBETLS_USE_PSA_CRYPTO */ -#endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */ -#endif /* MBEDTLS_ECP_LIGHT */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) /* It is assumed that the input key is opaque */ static psa_key_type_t pk_get_opaque_key_type(const mbedtls_pk_context *pk) { @@ -111,6 +109,7 @@ static psa_key_type_t pk_get_opaque_key_type(const mbedtls_pk_context *pk) return opaque_key_type; } #endif /* MBETLS_USE_PSA_CRYPTO */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ #if defined(MBEDTLS_RSA_C) /* @@ -158,7 +157,7 @@ end_of_export: } #endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) static int pk_write_ec_pubkey(unsigned char **p, unsigned char *start, const mbedtls_pk_context *pk) @@ -316,7 +315,7 @@ exit: return ret; } #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ #if defined(MBEDTLS_USE_PSA_CRYPTO) static int pk_write_opaque_pubkey(unsigned char **p, unsigned char *start, @@ -353,7 +352,7 @@ int mbedtls_pk_write_pubkey(unsigned char **p, unsigned char *start, MBEDTLS_ASN1_CHK_ADD(len, pk_write_rsa_pubkey(p, start, key)); } else #endif -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) if (mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) { MBEDTLS_ASN1_CHK_ADD(len, pk_write_ec_pubkey(p, start, key)); } else @@ -375,7 +374,7 @@ int mbedtls_pk_write_pubkey_der(const mbedtls_pk_context *key, unsigned char *bu int has_par = 1; size_t len = 0, par_len = 0, oid_len = 0; mbedtls_pk_type_t pk_type; -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) mbedtls_ecp_group_id ec_grp_id = MBEDTLS_ECP_DP_NONE; #endif const char *oid; @@ -404,20 +403,20 @@ int mbedtls_pk_write_pubkey_der(const mbedtls_pk_context *key, unsigned char *bu MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c, buf, MBEDTLS_ASN1_BIT_STRING)); pk_type = mbedtls_pk_get_type(key); -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) if (pk_type == MBEDTLS_PK_ECKEY) { ec_grp_id = mbedtls_pk_get_group_id(key); } -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ #if defined(MBEDTLS_USE_PSA_CRYPTO) if (pk_type == MBEDTLS_PK_OPAQUE) { psa_key_type_t opaque_key_type = pk_get_opaque_key_type(key); -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) if (PSA_KEY_TYPE_IS_ECC(opaque_key_type)) { pk_type = MBEDTLS_PK_ECKEY; ec_grp_id = mbedtls_pk_get_group_id(key); } else -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ if (PSA_KEY_TYPE_IS_RSA(opaque_key_type)) { /* The rest of the function works as for legacy RSA contexts. */ pk_type = MBEDTLS_PK_RSA; @@ -429,7 +428,7 @@ int mbedtls_pk_write_pubkey_der(const mbedtls_pk_context *key, unsigned char *bu } #endif /* MBEDTLS_USE_PSA_CRYPTO */ -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) if (pk_type == MBEDTLS_PK_ECKEY) { /* Some groups have their own AlgorithmIdentifier OID, others are handled * by mbedtls_oid_get_oid_by_pk_alg() below */ @@ -445,7 +444,7 @@ int mbedtls_pk_write_pubkey_der(const mbedtls_pk_context *key, unsigned char *bu return ret; } } -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ if (oid_len == 0) { if ((ret = mbedtls_oid_get_oid_by_pk_alg(pk_type, &oid, @@ -464,7 +463,7 @@ int mbedtls_pk_write_pubkey_der(const mbedtls_pk_context *key, unsigned char *bu return (int) len; } -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) #if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) /* * RFC8410 section 7 @@ -572,7 +571,7 @@ static int pk_write_ec_der(unsigned char **p, unsigned char *buf, return (int) len; } -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ #if defined(MBEDTLS_RSA_C) static int pk_write_rsa_der(unsigned char **p, unsigned char *buf, @@ -691,9 +690,9 @@ int mbedtls_pk_write_key_der(const mbedtls_pk_context *key, unsigned char *buf, #if defined(MBEDTLS_RSA_C) int is_rsa_opaque = 0; #endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) int is_ec_opaque = 0; -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_key_type_t opaque_key_type; #endif /* MBEDTLS_USE_PSA_CRYPTO */ @@ -710,9 +709,9 @@ int mbedtls_pk_write_key_der(const mbedtls_pk_context *key, unsigned char *buf, #if defined(MBEDTLS_RSA_C) is_rsa_opaque = PSA_KEY_TYPE_IS_RSA(opaque_key_type); #endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) is_ec_opaque = PSA_KEY_TYPE_IS_ECC(opaque_key_type); -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ } #endif /* MBEDTLS_USE_PSA_CRYPTO */ @@ -721,7 +720,7 @@ int mbedtls_pk_write_key_der(const mbedtls_pk_context *key, unsigned char *buf, return pk_write_rsa_der(&c, buf, key); } else #endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) if ((mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) || is_ec_opaque) { #if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) if (mbedtls_pk_is_rfc8410(key)) { @@ -730,7 +729,7 @@ int mbedtls_pk_write_key_der(const mbedtls_pk_context *key, unsigned char *buf, #endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */ return pk_write_ec_der(&c, buf, key); } else -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; return (int) len; @@ -781,12 +780,12 @@ int mbedtls_pk_write_key_pem(const mbedtls_pk_context *key, unsigned char *buf, unsigned char output_buf[PRV_DER_MAX_BYTES]; const char *begin, *end; size_t olen = 0; -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) int is_ec_opaque = 0; #if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) int is_montgomery_opaque = 0; #endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */ -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ #if defined(MBEDTLS_RSA_C) int is_rsa_opaque = 0; #endif @@ -802,14 +801,14 @@ int mbedtls_pk_write_key_pem(const mbedtls_pk_context *key, unsigned char *buf, #if defined(MBEDTLS_RSA_C) is_rsa_opaque = PSA_KEY_TYPE_IS_RSA(opaque_key_type); #endif -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) is_ec_opaque = PSA_KEY_TYPE_IS_ECC(opaque_key_type); #if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) if (pk_get_opaque_ec_family(key) == PSA_ECC_FAMILY_MONTGOMERY) { is_montgomery_opaque = 1; } #endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */ -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ } #endif /* MBEDTLS_USE_PSA_CRYPTO */ @@ -819,7 +818,7 @@ int mbedtls_pk_write_key_pem(const mbedtls_pk_context *key, unsigned char *buf, end = PEM_END_PRIVATE_KEY_RSA; } else #endif -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) if ((mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) || is_ec_opaque) { #if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) if (is_montgomery_opaque || @@ -828,13 +827,13 @@ int mbedtls_pk_write_key_pem(const mbedtls_pk_context *key, unsigned char *buf, begin = PEM_BEGIN_PRIVATE_KEY_PKCS8; end = PEM_END_PRIVATE_KEY_PKCS8; } else -#endif +#endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */ { begin = PEM_BEGIN_PRIVATE_KEY_EC; end = PEM_END_PRIVATE_KEY_EC; } } else -#endif +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; if ((ret = mbedtls_pem_write_buffer(begin, end, diff --git a/library/pkwrite.h b/library/pkwrite.h index 8db233373..aa2f17b02 100644 --- a/library/pkwrite.h +++ b/library/pkwrite.h @@ -73,7 +73,7 @@ #endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) /* * EC public keys: * SubjectPublicKeyInfo ::= SEQUENCE { 1 + 2 @@ -98,10 +98,10 @@ */ #define MBEDTLS_PK_ECP_PRV_DER_MAX_BYTES (29 + 3 * MBEDTLS_ECP_MAX_BYTES) -#else /* MBEDTLS_ECP_LIGHT */ +#else /* MBEDTLS_PK_HAVE_ECC_KEYS */ #define MBEDTLS_PK_ECP_PUB_DER_MAX_BYTES 0 #define MBEDTLS_PK_ECP_PRV_DER_MAX_BYTES 0 -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ #endif /* MBEDTLS_PK_WRITE_H */ diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 5e38c3ad6..9fdb366ca 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -390,7 +390,7 @@ static void psa_wipe_tag_output_buffer(uint8_t *output_buffer, psa_status_t stat /* Key management */ /****************************************************************/ -#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) mbedtls_ecp_group_id mbedtls_ecc_group_of_psa(psa_ecc_family_t curve, size_t bits, int bits_is_sloppy) @@ -482,7 +482,7 @@ mbedtls_ecp_group_id mbedtls_ecc_group_of_psa(psa_ecc_family_t curve, (void) bits_is_sloppy; return MBEDTLS_ECP_DP_NONE; } -#endif /* MBEDTLS_ECP_LIGHT */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ psa_status_t psa_validate_unstructured_key_bit_size(psa_key_type_t type, size_t bits)