From a26a1b7acdb420db9527498cace34e26ca413be5 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Mon, 19 Feb 2024 20:27:36 +0100
Subject: [PATCH] Switch back to non-PSA paths in PK when
 MBEDTLS_USE_PSA_CRYPTO is off

PK should only dispatch non-opaque operations to PSA when
MBEDTLS_USE_PSA_CRYPTO is enabled. When MBEDTLS_USE_PSA_CRYPTO is disabled
but MBEDTLS_PSA_CRYPTO_CLIENT is enabled, MBEDTLS_PK_OPAQUE should be
available but non-opaque operations should still dispatch to the built-in
legacy code. This commit fixes PK dispatch when CLIENT && !USE.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 library/pk_wrap.c               | 18 +++++++++++-------
 tests/suites/test_suite_pk.data |  2 +-
 2 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index 47c1bc87a1..ac17e2148b 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -617,7 +617,9 @@ static int ecdsa_opaque_verify_wrap(mbedtls_pk_context *pk,
     return ecdsa_verify_psa(key, key_len, curve, curve_bits,
                             hash, hash_len, sig, sig_len);
 }
+#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
 #if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
 static int ecdsa_verify_wrap(mbedtls_pk_context *pk,
                              mbedtls_md_type_t md_alg,
@@ -656,7 +658,7 @@ static int ecdsa_verify_wrap(mbedtls_pk_context *pk,
                             hash, hash_len, sig, sig_len);
 }
 #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
-#else /* MBEDTLS_PSA_CRYPTO_CLIENT */
+#else /* MBEDTLS_USE_PSA_CRYPTO */
 static int ecdsa_verify_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg,
                              const unsigned char *hash, size_t hash_len,
                              const unsigned char *sig, size_t sig_len)
@@ -673,7 +675,7 @@ static int ecdsa_verify_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg,
 
     return ret;
 }
-#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
 #endif /* MBEDTLS_PK_CAN_ECDSA_VERIFY */
 
 #if defined(MBEDTLS_PK_CAN_ECDSA_SIGN)
@@ -734,7 +736,9 @@ static int ecdsa_opaque_sign_wrap(mbedtls_pk_context *pk,
     return ecdsa_sign_psa(pk->priv_id, md_alg, hash, hash_len, sig, sig_size,
                           sig_len);
 }
+#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
 #if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
 /* When PK_USE_PSA_EC_DATA is defined opaque and non-opaque keys end up
  * using the same function. */
@@ -794,7 +798,7 @@ cleanup:
     return ret;
 }
 #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
-#else /* MBEDTLS_PSA_CRYPTO_CLIENT */
+#else /* MBEDTLS_USE_PSA_CRYPTO */
 static int ecdsa_sign_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg,
                            const unsigned char *hash, size_t hash_len,
                            unsigned char *sig, size_t sig_size, size_t *sig_len,
@@ -805,7 +809,7 @@ static int ecdsa_sign_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg,
                                          sig, sig_size, sig_len,
                                          f_rng, p_rng);
 }
-#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
 #endif /* MBEDTLS_PK_CAN_ECDSA_SIGN */
 
 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
@@ -916,7 +920,7 @@ cleanup:
 }
 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
 
-#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
 #if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
 static int eckey_check_pair_psa(mbedtls_pk_context *pub, mbedtls_pk_context *prv)
 {
@@ -1013,7 +1017,7 @@ static int eckey_check_pair_wrap(mbedtls_pk_context *pub, mbedtls_pk_context *pr
     (void) p_rng;
     return eckey_check_pair_psa(pub, prv);
 }
-#else /* MBEDTLS_PSA_CRYPTO_CLIENT */
+#else /* MBEDTLS_USE_PSA_CRYPTO */
 static int eckey_check_pair_wrap(mbedtls_pk_context *pub, mbedtls_pk_context *prv,
                                  int (*f_rng)(void *, unsigned char *, size_t),
                                  void *p_rng)
@@ -1022,7 +1026,7 @@ static int eckey_check_pair_wrap(mbedtls_pk_context *pub, mbedtls_pk_context *pr
                                       (const mbedtls_ecp_keypair *) prv->pk_ctx,
                                       f_rng, p_rng);
 }
-#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
 #if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
 #if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data
index e744ac8764..35f02cb810 100644
--- a/tests/suites/test_suite_pk.data
+++ b/tests/suites/test_suite_pk.data
@@ -544,7 +544,7 @@ mbedtls_pk_check_pair:"data_files/ec_256_pub.pem":"data_files/ec_256_prv.pem":0
 
 Check pair #2 (EC, bad)
 depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PEM_PARSE_C
-mbedtls_pk_check_pair:"data_files/ec_256_pub.pem":"data_files/server5.key":MBEDTLS_ERR_PK_BAD_INPUT_DATA
+mbedtls_pk_check_pair:"data_files/ec_256_pub.pem":"data_files/server5.key":MBEDTLS_ERR_ECP_BAD_INPUT_DATA
 
 Check pair #3 (RSA, OK)
 depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_PEM_PARSE_C