TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 7c494e7211437a443872f4caee7eb10b140ed03f^! / .
commit7c494e7211437a443872f4caee7eb10b140ed03f[log] [tgz]
authorValerio Setti <valerio.setti@nordicsemi.no>Thu Jul 27 14:58:53 2023 +0200
committerValerio Setti <valerio.setti@nordicsemi.no>Thu Aug 10 07:05:47 2023 +0200
tree2ce797bb401fc9bc0fab7c259bcacf4af405d0a5
parenta7c9e09dd0f59ee6a6773d71e34f6f5180605dae [diff]
pk: move PK_HAVE_ECC_KEYS to build_info.h

This is usefuls to use PK_HAVE_ECC_KEYS in check_config.h instead
of redefining it twice in different ways.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>

diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h
index 5b8a40d..0b1ef1d 100644
--- a/include/mbedtls/build_info.h
+++ b/include/mbedtls/build_info.h

@@ -208,6 +208,35 @@
 #define MBEDTLS_PK_PARSE_C
 #endif
 
+/* Internal helper to define which fields in the pk_context structure should
+ * be used for EC keys: legacy ecp_keypair or the raw (PSA friendly) format.
+ * It should be noticed that this only affect how data is stored, not which
+ * functions are used for various operations. The overall picture looks like
+ * this:
+ * - if USE_PSA is not defined and ECP_C is then use ecp_keypair data structure
+ *   and legacy functions
+ * - if USE_PSA is defined and
+ *     - if ECP_C then use ecp_keypair structure, convert data to a PSA friendly
+ *       format and use PSA functions
+ *     - if !ECP_C then use new raw data and PSA functions directly.
+ *
+ * The main reason for the "intermediate" (USE_PSA + ECP_C) above is that as long
+ * as ECP_C is defined mbedtls_pk_ec() gives the user a read/write access to the
+ * ecp_keypair structure inside the pk_context so he/she can modify it using
+ * ECP functions which are not under PK module's control.
+ */
+#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && \
+    !defined(MBEDTLS_ECP_C)
+#define MBEDTLS_PK_USE_PSA_EC_DATA
+#endif /* MBEDTLS_USE_PSA_CRYPTO && !MBEDTLS_ECP_C */
+
+/* Helper symbol to state that the PK module has support for EC keys. This
+ * can either be provided through the legacy ECP solution or through the
+ * PSA friendly MBEDTLS_PK_USE_PSA_EC_DATA. */
+#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) || defined(MBEDTLS_ECP_C)
+#define MBEDTLS_PK_HAVE_ECC_KEYS
+#endif /* MBEDTLS_PK_USE_PSA_EC_DATA || MBEDTLS_ECP_C */
+
 /* The following blocks make it easier to disable all of TLS,
  * or of TLS 1.2 or 1.3 or DTLS, without having to manually disable all
  * key exchanges, options and extensions related to them. */

diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index e503fdf..264c2c9 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h

@@ -425,8 +425,7 @@
 #endif
 
 #if defined(MBEDTLS_PK_C) && \
-    !defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_ECP_LIGHT) && \
-    !( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) )
+    !defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_PK_HAVE_ECC_KEYS)
 #error "MBEDTLS_PK_C defined, but not all prerequisites"
 #endif