Fixup: Don't reference legacy ECP curve identifier in config.h
TinyCrypt should be used as a replacement of legacy ECC. In particular,
there shouldn't be any use of identifiers from the legacy ECC module.
So far, there's the configuration option
MBEDTLS_SSL_CONF_SINGLE_EC_GRP_ID
that's relevant if MBEDTLS_SSL_CONF_SINGLE_CURVE is set, and which in
this case must resolve to an identifier of type mbedtls_ecp_group_id
indicating which single curve to enable.
With the introduction of TinyCrypt, we must either change the type
of this option to mbedtls_uecc_group_id, or introduce a separate
compilation option.
In order to avoid type confusion, this commit follows tha latter
approach, introducing the configuration option
MBEDTLS_SSL_CONF_SINGLE_UECC_GRP_ID
that indicatesthe TinyCrypt group identifier of the single curve
to use (must be Secp256r1) if MBEDTLS_SSL_CONF_SINGLE_CURVE
and MBEDTLS_USE_TINYCRYPT are set.
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 0b43802..7b50ef0 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -2577,7 +2577,7 @@
* Requires: MBEDTLS_SSL_CONF_RNG
* MBEDTLS_SSL_CONF_SINGLE_EC
* MBEDTLS_SSL_CONF_SINGLE_EC_TLS_ID == 23
- * MBEDTLS_SSL_CONF_SINGLE_EC_GRP_ID == MBEDTLS_ECP_DP_SECP256R1
+ * MBEDTLS_SSL_CONF_SINGLE_UECC_GRP_ID == MBEDTLS_UECC_DP_SECP256R1
*
* \see MBEDTLS_SSL_CONF_RNG
*
@@ -3755,11 +3755,13 @@
* curve operations during the handshake.
*
* If this is set, you must also define the following:
- * - MBEDTLS_SSL_CONF_SINGLE_EC_GRP_ID
+ * - MBEDTLS_SSL_CONF_SINGLE_EC_GRP_ID (if MBEDTLS_ECP_C is set)
* This must resolve to the Mbed TLS group ID for the elliptic
* curve to use (e.g. MBEDTLS_ECP_DP_SECP256R1); see
* ::mbedtls_ecp_group_id in mbedtls/ecp.h for a complete list
* of curve identifiers.
+ * - MBEDTLS_SSL_CONF_SINGLE_UECC_GRP_ID (if MBEDTLS_USE_TINYCRYPT is set)
+ * This must resolve to MBEDTLS_UECC_DP_SECP256R1.
* - MBEDTLS_SSL_CONF_SINGLE_EC_TLS_ID
* This must resolve to the identifier for the elliptic curve
* to use according to the IANA NamedCurve registry:
@@ -3771,6 +3773,7 @@
//#define MBEDTLS_SSL_CONF_SINGLE_EC
//#define MBEDTLS_SSL_CONF_SINGLE_EC_TLS_ID 23
//#define MBEDTLS_SSL_CONF_SINGLE_EC_GRP_ID MBEDTLS_ECP_DP_SECP256R1
+//#define MBEDTLS_SSL_CONF_SINGLE_UECC_GRP_ID MBEDTLS_UECC_DP_SECP256R1
/* Enable support a single signature hash algorithm
* at compile-time, at the benefit of code-size.
diff --git a/programs/ssl/query_config.c b/programs/ssl/query_config.c
index c179419..dd50514 100644
--- a/programs/ssl/query_config.c
+++ b/programs/ssl/query_config.c
@@ -2866,6 +2866,14 @@
}
#endif /* MBEDTLS_SSL_CONF_SINGLE_EC_GRP_ID */
+#if defined(MBEDTLS_SSL_CONF_SINGLE_UECC_GRP_ID)
+ if( strcmp( "MBEDTLS_SSL_CONF_SINGLE_UECC_GRP_ID", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_CONF_SINGLE_UECC_GRP_ID );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_CONF_SINGLE_UECC_GRP_ID */
+
#if defined(MBEDTLS_SSL_CONF_SINGLE_SIG_HASH)
if( strcmp( "MBEDTLS_SSL_CONF_SINGLE_SIG_HASH", config ) == 0 )
{
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index ef5dfcc..7b25ad2 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -1423,7 +1423,7 @@
scripts/config.pl set MBEDTLS_SSL_CONF_RNG rng_wrap
scripts/config.pl set MBEDTLS_SSL_CONF_SINGLE_EC
scripts/config.pl set MBEDTLS_SSL_CONF_SINGLE_EC_TLS_ID 23
- scripts/config.pl set MBEDTLS_SSL_CONF_SINGLE_EC_GRP_ID MBEDTLS_ECP_DP_SECP256R1
+ scripts/config.pl set MBEDTLS_SSL_CONF_SINGLE_UECC_GRP_ID MBEDTLS_UECC_DP_SECP256R1
scripts/config.pl unset MBEDTLS_ECDH_C
scripts/config.pl unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
scripts/config.pl unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED