Instead of setting both algorithm and enrollement algorithm in the
PK module when parsing the key:
- for Weierstrass keys we only set ECDSA algorithm,
- for Montgomery keys we don't set any algorithm.
Reasons:
- PK module can only do ECDSA and not ECDH
- ECDH is only used in TLS
- Montgomery keys cannot be used to do ECDSA, while Weierstrass ones
can do both ECDSA and ECDH.
So the idea is that once TLS needs the key to do ECDH (either Weierstrass
and Montgomery), it exports the one parsed from the PK module and then
re-imports it setting proper algorithm and flags. In this way the TLS
module will own the new key so it will be its duty to clear it on
exit.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Instead of re-defining MBEDTLS_PKCS5_[EN/DE]CRYPT and
MBEDTLS_PKCS12_PBE_[EN/DE]CRYPT from scratch, since these values
are to be used with the mbedtls_cipher_setkey() function, ensure
that their value matches with enums in cipher.h.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Same test cases as in the previous commit.
Remove the redundant symmetric crypto dependency.
The dependency is ensured by the fact that:
1) the test case forces a cipher suite
2) ssl-opt.sh enforces automatically that the
forced ciphersuite is available.
3) The fact that the forced ciphersuite is
available implies that the symmetric
cipher algorithm it uses is available as
well.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Fix some dependencies on symmetric crypto that
were not correct in case of driver but not
builtin support. Revealed by "Analyze driver
test_psa_crypto_config_accel_cipher_aead vs reference
test_psa_crypto_config_reference_cipher_aead" in
analyze_outcomes.py.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
While the PSA builtin implementation of cipher still depends on
CIPHER_C, the same is no more true for AEADs. When CIPHER_C is not
defined, BLOCK_CIPHER_C is used instead, thus making it possible
to support AEADs without CIPHER_C.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Some PSA_WANT symbols do not have a 1:1 matching with legacy ones.
For example, previous to this commit:
- CCM_C enabled both PSA_WANT_ALG_CCM and PSA_WANT_ALG_CCM_STAR_NO_TAG
even thought the two are not equivalent (authenticated VS
non-authenticated).
- there was no legacy equivalent for ECB_NO_PADDING
What it is common to both PSA_WANT_ALG_CCM_STAR_NO_TAG and
PSA_WANT_ALG_ECB_NO_PADDING is the fact that the builtin implementation
depends on CIPHER_C. Therefore this commits adds this guards to
select whether or not to enable the above mentioned PSA_WANT symbols.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Move all changes local to Mbed TLS into config-tfm.h (except for commenting
out a couple of #include's).
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
