TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 4ebe2a737273667125c5723d38189f871257f3f4^1..4ebe2a737273667125c5723d38189f871257f3f4 / .
commit4ebe2a737273667125c5723d38189f871257f3f4[log] [tgz]
authorManuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>Mon Mar 20 09:54:47 2023 +0100
committerGitHub <noreply@github.com>Mon Mar 20 09:54:47 2023 +0100
tree0a8a4e61356992c52e21f0416900d4030223034e
parente91aadaeedf90af6b181c42c5cef455d191796f9 [diff]
parent82b484ecbcc5e9e1de8d58dfac591451d2381039 [diff]
Merge pull request #7300 from valeriosetti/issue7281

Driver only EC JPAKE: re-enable the EC J-PAKE key exchange and get test parity
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index 3e48cf9..ab6b5dd 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h

@@ -293,6 +293,17 @@
 #endif
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
+/* Helper for JPAKE dependencies, will be undefined at the end of the file */
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(PSA_HAVE_FULL_JPAKE)
+#define MBEDTLS_PK_HAVE_JPAKE
+#endif
+#else /* MBEDTLS_USE_PSA_CRYPTO */
+#if defined(MBEDTLS_ECJPAKE_C)
+#define MBEDTLS_PK_HAVE_JPAKE
+#endif
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
 #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) &&                 \
     ( !defined(MBEDTLS_ECDH_C) ||                                       \
       !defined(MBEDTLS_PK_HAVE_ECDSA) ||                                \
@@ -347,7 +358,7 @@
 #endif
 
 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) &&                    \
-    ( !defined(MBEDTLS_ECJPAKE_C) ||                                    \
+    ( !defined(MBEDTLS_PK_HAVE_JPAKE) ||                                    \
       !defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) )
 #error "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED defined, but not all prerequisites"
 #endif
@@ -1088,6 +1099,7 @@
 
 /* Undefine helper symbols */
 #undef MBEDTLS_PK_HAVE_ECDSA
+#undef MBEDTLS_PK_HAVE_JPAKE
 
 /*
  * Avoid warning from -pedantic. This is a convenient place for this

diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h
index 568d8c2..cedce1e 100644
--- a/include/mbedtls/config_psa.h
+++ b/include/mbedtls/config_psa.h

@@ -848,6 +848,11 @@
 #define PSA_HAVE_FULL_ECDSA 1
 #endif
 
+#if defined(PSA_WANT_ALG_JPAKE) && defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) && \
+    defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
+#define PSA_HAVE_FULL_JPAKE 1
+#endif
+
 /* These features are always enabled. */
 #define PSA_WANT_KEY_TYPE_DERIVE 1
 #define PSA_WANT_KEY_TYPE_PASSWORD 1

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 7ba99ec..4670697 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh

@@ -2354,8 +2354,6 @@
         # Disable the module that's accelerated
         scripts/config.py unset MBEDTLS_ECJPAKE_C
     fi
-    # Disable things that depend on it (regardless of driver or built-in)
-    scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
 
     # Dynamic secure element support is a deprecated feature and needs to be disabled here.
     # This is done to have the same form of psa_key_attributes_s for libdriver and library.