Added ECC vendor macros
Made vendor support more generic
diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h
index 826a314..5b4a310 100644
--- a/include/psa/crypto_values.h
+++ b/include/psa/crypto_values.h
@@ -386,7 +386,7 @@
* The size of the key can be 16 bytes (AES-128), 24 bytes (AES-192) or
* 32 bytes (AES-256).
*/
-#define PSA_KEY_TYPE_AES_VENDOR ((psa_key_type_t)0xC0000001)
+#define PSA_KEY_TYPE_AES_VENDOR ((psa_key_type_t)(PSA_KEY_TYPE_VENDOR_FLAG | PSA_KEY_TYPE_AES))
/** Whether a key type is AES. */
#define PSA_KEY_TYPE_IS_AES(type) (((type)&PSA_KEY_TYPE_AES) != 0)
@@ -436,8 +436,14 @@
#define PSA_KEY_TYPE_ECC_KEY_PAIR(curve) \
(PSA_KEY_TYPE_ECC_KEY_PAIR_BASE | (curve))
/** Elliptic curve public key. */
-#define PSA_KEY_TYPE_ECC_PUBLIC_KEY(curve) \
+#define PSA_KEY_TYPE_ECC_PUBLIC_KEY(curve) \
(PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE | (curve))
+/** Elliptic curve key pair (Vendor defined format). */
+#define PSA_KEY_TYPE_ECC_KEY_PAIR_VENDOR(curve) \
+ (PSA_KEY_TYPE_VENDOR_FLAG | PSA_KEY_TYPE_ECC_KEY_PAIR_BASE | (curve))
+/** Elliptic curve public key (Vendor defined format). */
+#define PSA_KEY_TYPE_ECC_PUBLIC_KEY_VENDOR(curve) \
+ (PSA_KEY_TYPE_VENDOR_FLAG | PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE | (curve))
/** Whether a key type is an elliptic curve key (pair or public-only). */
#define PSA_KEY_TYPE_IS_ECC(type) \
@@ -449,14 +455,27 @@
PSA_KEY_TYPE_ECC_KEY_PAIR_BASE)
/** Whether a key type is an elliptic curve public key. */
#define PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(type) \
- (((type) & ~PSA_KEY_TYPE_ECC_CURVE_MASK) == \
+ (((type) & ~PSA_KEY_TYPE_ECC_CURVE_MASK) == \
PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE)
+/** Whether a key type is an elliptic curve key (pair or public-only). */
+#define PSA_KEY_TYPE_IS_ECC_VENDOR(type) \
+ ((PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) & \
+ ~PSA_KEY_TYPE_ECC_CURVE_MASK) == (PSA_KEY_TYPE_VENDOR_FLAG | PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE))
+/** Whether a key type is an elliptic curve key pair. */
+#define PSA_KEY_TYPE_IS_ECC_KEY_PAIR_VENDOR(type) \
+ (((type) & ~PSA_KEY_TYPE_ECC_CURVE_MASK) == \
+ (PSA_KEY_TYPE_VENDOR_FLAG | PSA_KEY_TYPE_ECC_KEY_PAIR_BASE))
+/** Whether a key type is an elliptic curve public key. */
+#define PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY_VENDOR(type) \
+ (((type) & ~PSA_KEY_TYPE_ECC_CURVE_MASK) == \
+ (PSA_KEY_TYPE_VENDOR_FLAG | PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE))
/** Extract the curve from an elliptic curve key type. */
-#define PSA_KEY_TYPE_GET_CURVE(type) \
- ((psa_ecc_curve_t) (PSA_KEY_TYPE_IS_ECC(type) ? \
- ((type) & PSA_KEY_TYPE_ECC_CURVE_MASK) : \
- 0))
+#define PSA_KEY_TYPE_GET_CURVE(type) \
+ ((psa_ecc_curve_t)(PSA_KEY_TYPE_IS_ECC(type) ? ((type)&PSA_KEY_TYPE_ECC_CURVE_MASK) : 0))
+/** Extract the curve from an elliptic curve key type. */
+#define PSA_KEY_TYPE_GET_CURVE_VENDOR(type) \
+ ((psa_ecc_curve_t)(PSA_KEY_TYPE_IS_ECC_VENDOR(type) ? ((type)&PSA_KEY_TYPE_ECC_CURVE_MASK) : 0))
/* The encoding of curve identifiers is currently aligned with the
* TLS Supported Groups Registry (formerly known as the
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 929f457..a7d018b 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -5435,30 +5435,6 @@
}
#endif /* MBEDTLS_RSA_C && MBEDTLS_GENPRIME */
-// The weakly linked function "prepare_raw_data_slot_vendor_weak" which returns "PSA_ERROR_NOT_SUPPORTED" will be linked if
-// the vendor does not provide a definition for "prepare_raw_data_slot_vendor"
-psa_status_t prepare_raw_data_slot_vendor( psa_key_type_t type, size_t bits, struct raw_data *raw) __attribute__ ((weak, alias("prepare_raw_data_slot_vendor_weak")));
-psa_status_t prepare_raw_data_slot_vendor_weak( psa_key_type_t type, size_t bits, struct raw_data *raw);
-psa_status_t prepare_raw_data_slot_vendor_weak( psa_key_type_t type, size_t bits, struct raw_data *raw)
-{
- (void)type;
- (void)bits;
- (void)raw;
- return PSA_ERROR_NOT_SUPPORTED;
-}
-
-// The weakly linked function "psa_generate_symmetric_vendor_weak" which returns "PSA_ERROR_NOT_SUPPORTED" will be linked if
-// the vendor does not provide a definition for "psa_generate_symmetric_vendor"
-psa_status_t psa_generate_symmetric_vendor( psa_key_type_t type, size_t bits, uint8_t * output, size_t output_size) __attribute__ ((weak, alias("psa_generate_symmetric_vendor_weak")));
-psa_status_t psa_generate_symmetric_vendor_weak( psa_key_type_t type, size_t bits, uint8_t * output, size_t output_size);
-psa_status_t psa_generate_symmetric_vendor_weak( psa_key_type_t type, size_t bits, uint8_t * output, size_t output_size)
-{
- (void)type;
- (void)output;
- (void)output_size;
- return PSA_ERROR_NOT_SUPPORTED;
-}
-
static psa_status_t psa_generate_key_internal(
psa_key_slot_t *slot, size_t bits,
const uint8_t *domain_parameters, size_t domain_parameters_size )
@@ -5471,31 +5447,18 @@
if( key_type_is_raw_bytes( type ) )
{
psa_status_t status;
- if (PSA_KEY_TYPE_IS_VENDOR_DEFINED(type))
- {
- status = prepare_raw_data_slot_vendor( type, bits, &slot->data.raw );
- if( status != PSA_SUCCESS )
- return( status );
- status = psa_generate_symmetric_vendor( type, bits, slot->data.raw.data,
- slot->data.raw.bytes );
- if( status != PSA_SUCCESS )
- return( status );
- }
- else
- {
- status = prepare_raw_data_slot( type, bits, &slot->data.raw );
- if( status != PSA_SUCCESS )
- return( status );
- status = psa_generate_random( slot->data.raw.data,
- slot->data.raw.bytes );
- if( status != PSA_SUCCESS )
- return( status );
- #if defined(MBEDTLS_DES_C)
- if( type == PSA_KEY_TYPE_DES )
- psa_des_set_key_parity( slot->data.raw.data,
- slot->data.raw.bytes );
- #endif /* MBEDTLS_DES_C */
- }
+ status = prepare_raw_data_slot( type, bits, &slot->data.raw );
+ if( status != PSA_SUCCESS )
+ return( status );
+ status = psa_generate_random( slot->data.raw.data,
+ slot->data.raw.bytes );
+ if( status != PSA_SUCCESS )
+ return( status );
+ #if defined(MBEDTLS_DES_C)
+ if( type == PSA_KEY_TYPE_DES )
+ psa_des_set_key_parity( slot->data.raw.data,
+ slot->data.raw.bytes );
+ #endif /* MBEDTLS_DES_C */
}
else
@@ -5574,7 +5537,19 @@
return( PSA_SUCCESS );
}
-
+// The weakly linked function "psa_generate_key_vendor_weak" which returns "PSA_ERROR_NOT_SUPPORTED" will be linked if
+// the vendor does not provide a definition for "psa_generate_key_vendor"
+psa_status_t psa_generate_key_vendor( psa_key_slot_t *slot, size_t bits,
+ const uint8_t *domain_parameters, size_t domain_parameters_size ) __attribute__ ((weak, alias("psa_generate_key_vendor_weak")));
+psa_status_t psa_generate_key_vendor_weak( psa_key_slot_t *slot, size_t bits,
+ const uint8_t *domain_parameters, size_t domain_parameters_size );
+psa_status_t psa_generate_key_vendor_weak( psa_key_slot_t *slot, size_t bits,
+ const uint8_t *domain_parameters, size_t domain_parameters_size )
+{
+ (void) slot;
+
+ return PSA_ERROR_NOT_SUPPORTED;
+}
psa_status_t psa_generate_key( const psa_key_attributes_t *attributes,
psa_key_handle_t *handle )
{
@@ -5605,6 +5580,12 @@
}
else
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
+ if (PSA_KEY_TYPE_IS_VENDOR_DEFINED(slot->attr.type))
+ {
+ status = psa_generate_key_vendor(slot, attributes->core.bits,
+ attributes->domain_parameters, attributes->domain_parameters_size);
+ }
+ else
{
status = psa_generate_key_internal(
slot, attributes->core.bits,
diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h
index f29ae4f..0525cf1 100644
--- a/library/psa_crypto_core.h
+++ b/library/psa_crypto_core.h
@@ -46,23 +46,27 @@
struct raw_data
{
uint8_t *data;
- size_t bytes;
+ size_t bytes;
} raw;
#if defined(MBEDTLS_RSA_C)
+
/* RSA public key or key pair */
- mbedtls_rsa_context *rsa;
-#endif /* MBEDTLS_RSA_C */
+ mbedtls_rsa_context * rsa;
+#endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_ECP_C)
+
/* EC public key or key pair */
- mbedtls_ecp_keypair *ecp;
-#endif /* MBEDTLS_ECP_C */
+ mbedtls_ecp_keypair * ecp;
+#endif /* MBEDTLS_ECP_C */
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
+
/* Any key type in a secure element */
struct se
{
psa_key_slot_number_t slot_number;
} se;
-#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
+#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
+ void * vendor_context;
} data;
} psa_key_slot_t;