pk: do not duplicate internal symbols for ECDH/ECDSA capabilities
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This commit is contained in:
parent
e87915b66f
commit
a15078b784
3 changed files with 39 additions and 61 deletions
|
@ -161,6 +161,35 @@
|
|||
#define MBEDTLS_PK_PARSE_EC_COMPRESSED
|
||||
#endif
|
||||
|
||||
/* PK module can achieve ECDH and ECDSA functionalities by means of either
|
||||
* software implementations (ECDH_C and ECDSA_C) or through a PSA driver. The
|
||||
* following defines are meant to list these capabilities in a general way
|
||||
* which abstracts how they are implemented under the hood. */
|
||||
#if (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_ECDH)) || \
|
||||
(!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_ECDH_C))
|
||||
#define MBEDTLS_PK_CAN_ECDH
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
#if defined(MBEDTLS_ECDSA_C)
|
||||
#define MBEDTLS_PK_CAN_ECDSA_SIGN
|
||||
#define MBEDTLS_PK_CAN_ECDSA_VERIFY
|
||||
#endif /* MBEDTLS_ECDSA_C */
|
||||
#else /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
#if defined(PSA_WANT_ALG_ECDSA)
|
||||
#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC)
|
||||
#define MBEDTLS_PK_CAN_ECDSA_SIGN
|
||||
#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC */
|
||||
#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
|
||||
#define MBEDTLS_PK_CAN_ECDSA_VERIFY
|
||||
#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
|
||||
#endif /* PSA_WANT_ALG_ECDSA */
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
#if defined(MBEDTLS_PK_CAN_ECDSA_VERIFY) || defined(MBEDTLS_PK_CAN_ECDSA_SIGN)
|
||||
#define MBEDTLS_PK_CAN_ECDSA_SOME
|
||||
#endif
|
||||
|
||||
/* If MBEDTLS_PSA_CRYPTO_C is defined, make sure MBEDTLS_PSA_CRYPTO_CLIENT
|
||||
* is defined as well to include all PSA code.
|
||||
*/
|
||||
|
|
|
@ -275,19 +275,6 @@
|
|||
#error "MBEDTLS_HMAC_DRBG_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
/* Helper for ECDSA dependencies, will be undefined at the end of the file */
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
#if (defined(PSA_WANT_ALG_ECDSA) || \
|
||||
defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA)) && \
|
||||
defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC)
|
||||
#define MBEDTLS_PK_HAVE_ECDSA
|
||||
#endif
|
||||
#else /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
#if defined(MBEDTLS_ECDSA_C)
|
||||
#define MBEDTLS_PK_HAVE_ECDSA
|
||||
#endif
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
/* Helper for JPAKE dependencies, will be undefined at the end of the file */
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
#if defined(PSA_WANT_ALG_JPAKE) && defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC)
|
||||
|
@ -299,17 +286,6 @@
|
|||
#endif
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
/* Helper for ECDH dependencies, will be undefined at the end of the file */
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
#if defined(PSA_WANT_ALG_ECDH) && defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC)
|
||||
#define MBEDTLS_PK_HAVE_ECDH
|
||||
#endif
|
||||
#else /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
#if defined(MBEDTLS_ECDH_C)
|
||||
#define MBEDTLS_PK_HAVE_ECDH
|
||||
#endif
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
/* Helper for curve SECP256R1 */
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
#if defined(PSA_WANT_ECC_SECP_R1_256)
|
||||
|
@ -322,14 +298,14 @@
|
|||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) && \
|
||||
( !defined(MBEDTLS_PK_HAVE_ECDH) || \
|
||||
!defined(MBEDTLS_PK_HAVE_ECDSA) || \
|
||||
( !defined(MBEDTLS_PK_CAN_ECDH) || \
|
||||
!defined(MBEDTLS_PK_CAN_ECDSA_SIGN) || \
|
||||
!defined(MBEDTLS_X509_CRT_PARSE_C) )
|
||||
#error "MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) && \
|
||||
( !defined(MBEDTLS_PK_HAVE_ECDH) || !defined(MBEDTLS_RSA_C) || \
|
||||
( !defined(MBEDTLS_PK_CAN_ECDH) || !defined(MBEDTLS_RSA_C) || \
|
||||
!defined(MBEDTLS_X509_CRT_PARSE_C) )
|
||||
#error "MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED defined, but not all prerequisites"
|
||||
#endif
|
||||
|
@ -339,7 +315,7 @@
|
|||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) && \
|
||||
!defined(MBEDTLS_PK_HAVE_ECDH)
|
||||
!defined(MBEDTLS_PK_CAN_ECDH)
|
||||
#error "MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
|
@ -350,14 +326,14 @@
|
|||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \
|
||||
( !defined(MBEDTLS_PK_HAVE_ECDH) || !defined(MBEDTLS_RSA_C) || \
|
||||
( !defined(MBEDTLS_PK_CAN_ECDH) || !defined(MBEDTLS_RSA_C) || \
|
||||
!defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_PKCS1_V15) )
|
||||
#error "MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) && \
|
||||
( !defined(MBEDTLS_PK_HAVE_ECDH) || \
|
||||
!defined(MBEDTLS_PK_HAVE_ECDSA) || \
|
||||
( !defined(MBEDTLS_PK_CAN_ECDH) || \
|
||||
!defined(MBEDTLS_PK_CAN_ECDSA_SIGN) || \
|
||||
!defined(MBEDTLS_X509_CRT_PARSE_C) )
|
||||
#error "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED defined, but not all prerequisites"
|
||||
#endif
|
||||
|
@ -814,8 +790,9 @@
|
|||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
|
||||
#if !( (defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH)) && defined(MBEDTLS_X509_CRT_PARSE_C) && \
|
||||
( defined(MBEDTLS_PK_HAVE_ECDSA) || defined(MBEDTLS_PKCS1_V21) ) )
|
||||
#if !( (defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH)) && \
|
||||
defined(MBEDTLS_X509_CRT_PARSE_C) && \
|
||||
( defined(MBEDTLS_PK_CAN_ECDSA_SIGN) || defined(MBEDTLS_PKCS1_V21) ) )
|
||||
#error "MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED defined, but not all prerequisites"
|
||||
#endif
|
||||
#endif
|
||||
|
@ -1129,9 +1106,7 @@
|
|||
#endif
|
||||
|
||||
/* Undefine helper symbols */
|
||||
#undef MBEDTLS_PK_HAVE_ECDSA
|
||||
#undef MBEDTLS_PK_HAVE_JPAKE
|
||||
#undef MBEDTLS_PK_HAVE_ECDH
|
||||
#undef MBEDTLS_MD_HAVE_SHA256
|
||||
#undef MBEDTLS_MD_HAVE_SHA384
|
||||
#undef MBEDTLS_MD_HAVE_SHA512
|
||||
|
|
|
@ -171,32 +171,6 @@ typedef struct mbedtls_pk_rsassa_pss_options {
|
|||
#endif
|
||||
#endif /* defined(MBEDTLS_USE_PSA_CRYPTO) */
|
||||
|
||||
/**
|
||||
* \brief The following defines are meant to list ECDSA capabilities of the
|
||||
* PK module in a general way (without any reference to how this
|
||||
* is achieved, which can be either through PSA driver or
|
||||
* MBEDTLS_ECDSA_C)
|
||||
*/
|
||||
#if !defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
#if defined(MBEDTLS_ECDSA_C)
|
||||
#define MBEDTLS_PK_CAN_ECDSA_SIGN
|
||||
#define MBEDTLS_PK_CAN_ECDSA_VERIFY
|
||||
#endif
|
||||
#else /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
#if defined(PSA_WANT_ALG_ECDSA)
|
||||
#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC)
|
||||
#define MBEDTLS_PK_CAN_ECDSA_SIGN
|
||||
#endif
|
||||
#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
|
||||
#define MBEDTLS_PK_CAN_ECDSA_VERIFY
|
||||
#endif
|
||||
#endif /* PSA_WANT_ALG_ECDSA */
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
#if defined(MBEDTLS_PK_CAN_ECDSA_VERIFY) || defined(MBEDTLS_PK_CAN_ECDSA_SIGN)
|
||||
#define MBEDTLS_PK_CAN_ECDSA_SOME
|
||||
#endif
|
||||
|
||||
/* Internal helper to define which fields in the pk_context structure below
|
||||
* should be used for EC keys: legacy ecp_keypair or the raw (PSA friendly)
|
||||
* format. It should be noticed that this only affect how data is stored, not
|
||||
|
|
Loading…
Reference in a new issue