PBKDF2-AES-CMAC works if we provide the driver of AES-CMAC or
KEY-TYPE-AES or both. So if PBKDF2-AES-CMAC is requested via PSA,
we don't need to additionally enable builtin AES-CMAC or builtin
KEY-TYPE-AES.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
ECP_LIGHT is not usable without any curve, just the same as ECP_C.
We forgot to update this check when introducing the ECP_LIGHT subset.
Note: the message doesn't mention ECP_LIGHT as that's not a public
config knob, hence the message with "ECP_C or a subset" (that's how it's
referred to in user-facing documentation such as
docs/driver-only-builds.md).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
In PSA headers include psa/build_info.h instead
of mbedtls/build_info.h. In Mbed TLS, both are
equivalent but not in TF-PSA-Crypto where
psa/build_info.h is the correct one.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Manual test: run test_psa_crypto_config_accel_ecc_non_weierstrass_curves
or test_psa_crypto_config_accel_ecc_weierstrass_curves as they are now,
observe it failing with the expected #error.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Tested manually as follows: in
component_test_psa_crypto_config_accel_ecc_some_key_types, modify
loc_accel_list to remove one of the key types between
helper_libtestdriver1_make_drivers and helper_libtestdriver1_make_main,
and observe that the 2nd build fails with the expected #error.
Note: removing one of the key types before
helper_libtestdriver1_make_drivers causes the build of libtestdriver1 to
fail, which is quite acceptable, just not what we're trying to observe.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Restore guards from the previous release, instead of the new, more
permissive guards.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
We can't have a public header or library file reference our test
environment (except possibly under test-only options, and even so, it would
be with great reluctance). This breaks the build for other people.
Fix#8259.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
I chose to divide along the lines of Weierstrass vs other curve shapes
(currently just Montgomery), mainly because it's the first thing that
came to mind.
It happened to reveal an issue in the logic for when (deterministic)
ECDSA and ECJPAKE are built-in, which this commit is also fixing.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
More key management operations only require ECP_LIGHT, except:
- generate (scalar multiplication)
- export (exporting public from private also needs scalar
multiplication).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
The usual order is:
- MBEDTLS_PSA_BUILTIN_xxx macro
- MBEDTLS_xxx legacy macros
But curves had it the other way round for some reason.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
The previous fix was enabling more than needed in some circumstances,
for example:
- requested: (`PSA_WANT`): all ECC algs, all ECC key types, all curves;
- we have acceleration (`MBEDTLS_PSA_ACCEL`) for: ECDH, all ECC key types, all curves;
- as a consequence, we need built-in: all algs except ECDH, all ECC key types, all curves.
This is what's happening in test_psa_crypto_config_accel_ecdh which,
before this commit, was failing as built-in ECDH was enabled contrary to
the component's (rightful) expectations.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
