diff --git a/library/pk_internal.h b/library/pk_internal.h index f5924adf38..c85e4ffd35 100644 --- a/library/pk_internal.h +++ b/library/pk_internal.h @@ -87,7 +87,7 @@ static inline mbedtls_ecp_group_id mbedtls_pk_get_ec_group_id(const mbedtls_pk_c { mbedtls_ecp_group_id id; -#if defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_OPAQUE) { psa_key_attributes_t opaque_attrs = PSA_KEY_ATTRIBUTES_INIT; psa_key_type_t opaque_key_type; @@ -101,7 +101,7 @@ static inline mbedtls_ecp_group_id mbedtls_pk_get_ec_group_id(const mbedtls_pk_c id = mbedtls_ecc_group_from_psa(curve, psa_get_key_bits(&opaque_attrs)); psa_reset_key_attributes(&opaque_attrs); } else -#endif /* MBEDTLS_USE_PSA_CRYPTO */ +#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */ { #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) id = mbedtls_ecc_group_from_psa(pk->ec_family, pk->ec_bits); diff --git a/library/pkwrite.c b/library/pkwrite.c index b9ddcf1d8d..16af2b6c21 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -348,7 +348,7 @@ static int pk_write_ec_der(unsigned char **p, unsigned char *buf, /****************************************************************************** * Internal functions for Opaque keys. ******************************************************************************/ -#if defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) static int pk_write_opaque_pubkey(unsigned char **p, unsigned char *start, const mbedtls_pk_context *pk) { @@ -370,7 +370,7 @@ static int pk_write_opaque_pubkey(unsigned char **p, unsigned char *start, return (int) len; } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ +#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */ /****************************************************************************** * Generic helpers @@ -382,7 +382,7 @@ static mbedtls_pk_type_t pk_get_type_ext(const mbedtls_pk_context *pk) { mbedtls_pk_type_t pk_type = mbedtls_pk_get_type(pk); -#if defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) if (pk_type == MBEDTLS_PK_OPAQUE) { psa_key_attributes_t opaque_attrs = PSA_KEY_ATTRIBUTES_INIT; psa_key_type_t opaque_key_type; @@ -424,11 +424,11 @@ int mbedtls_pk_write_pubkey(unsigned char **p, unsigned char *start, MBEDTLS_ASN1_CHK_ADD(len, pk_write_ec_pubkey(p, start, key)); } else #endif -#if defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) if (mbedtls_pk_get_type(key) == MBEDTLS_PK_OPAQUE) { MBEDTLS_ASN1_CHK_ADD(len, pk_write_opaque_pubkey(p, start, key)); } else -#endif /* MBEDTLS_USE_PSA_CRYPTO */ +#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */ return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; return (int) len; diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index a625b56ab8..a6b4b1b28d 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -737,27 +737,35 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_FS_IO */ +/* BEGIN_CASE depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_FS_IO:MBEDTLS_PSA_CRYPTO_C */ void mbedtls_pk_check_pair(char *pub_file, char *prv_file, int ret) { mbedtls_pk_context pub, prv, alt; -#if defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) mbedtls_svc_key_id_t opaque_key_id = MBEDTLS_SVC_KEY_ID_INIT; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ + int opaque_ret = ret; +#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */ mbedtls_pk_init(&pub); mbedtls_pk_init(&prv); mbedtls_pk_init(&alt); USE_PSA_INIT(); -#if defined(MBEDTLS_USE_PSA_CRYPTO) - /* mbedtls_pk_check_pair() returns either PK or ECP error codes depending - on MBEDTLS_USE_PSA_CRYPTO so here we dynamically translate between the - two */ + /* In case of EC keys, mbedtls_pk_check_pair() returns either PK or ECP + * error codes depending on whether PSA or ECP functions are used to perform + * the check. + * - For non-opaque keys PSA functions are used when USE_PSA is enabled, + * otherwise legacy ones (ECP) are used. + * - For opaque keys PSA functions are always used as soon as opaque keys + * are supported (i.e. MBEDTLS_PSA_CRYPTO_C enabled). */ if (ret == MBEDTLS_ERR_ECP_BAD_INPUT_DATA) { +#if defined(MBEDTLS_USE_PSA_CRYPTO) ret = MBEDTLS_ERR_PK_BAD_INPUT_DATA; - } #endif /* MBEDTLS_USE_PSA_CRYPTO */ +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) + opaque_ret = MBEDTLS_ERR_PK_BAD_INPUT_DATA; +#endif + } TEST_ASSERT(mbedtls_pk_parse_public_keyfile(&pub, pub_file) == 0); TEST_ASSERT(mbedtls_pk_parse_keyfile(&prv, prv_file, NULL, @@ -778,20 +786,23 @@ void mbedtls_pk_check_pair(char *pub_file, char *prv_file, int ret) == ret); } #endif -#if defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) if (mbedtls_pk_get_type(&prv) == MBEDTLS_PK_ECKEY) { + if (ret == MBEDTLS_ERR_ECP_BAD_INPUT_DATA) { + ret = MBEDTLS_ERR_PK_BAD_INPUT_DATA; + } TEST_EQUAL(mbedtls_pk_wrap_as_opaque(&prv, &opaque_key_id, PSA_ALG_ANY_HASH, PSA_KEY_USAGE_EXPORT, 0), 0); TEST_EQUAL(mbedtls_pk_check_pair(&pub, &prv, mbedtls_test_rnd_std_rand, - NULL), ret); + NULL), opaque_ret); } #endif exit: -#if defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) psa_destroy_key(opaque_key_id); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ +#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */ mbedtls_pk_free(&pub); mbedtls_pk_free(&prv); mbedtls_pk_free(&alt); @@ -1250,7 +1261,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_RSA_C:MBEDTLS_USE_PSA_CRYPTO */ +/* BEGIN_CASE depends_on:MBEDTLS_RSA_C:MBEDTLS_PSA_CRYPTO_C */ void pk_wrap_rsa_decrypt_test_vec(data_t *cipher, int mod, char *input_P, char *input_Q, char *input_N, char *input_E, @@ -1489,7 +1500,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_PK_PSA_SIGN */ +/* BEGIN_CASE depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_TEST_PK_PSA_SIGN */ void pk_psa_sign(int curve_or_keybits, int psa_type, int expected_bits) { mbedtls_pk_context pk;