Refactor call hierarchy for ECDH so that it goes through the driver wrapper in a similar fashion to ECDSA.
Add component_test_psa_config_accel_ecdh to all.sh to test key agreement driver wrapper with libtestdriver1.
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 86b84bf..07f3151 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -5735,62 +5735,6 @@
/****************************************************************/
/* Key agreement */
/****************************************************************/
-
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH)
-static psa_status_t psa_key_agreement_ecdh( const uint8_t *peer_key,
- size_t peer_key_length,
- const mbedtls_ecp_keypair *our_key,
- uint8_t *shared_secret,
- size_t shared_secret_size,
- size_t *shared_secret_length )
-{
- mbedtls_ecp_keypair *their_key = NULL;
- mbedtls_ecdh_context ecdh;
- psa_status_t status;
- size_t bits = 0;
- psa_ecc_family_t curve = mbedtls_ecc_group_to_psa( our_key->grp.id, &bits );
- mbedtls_ecdh_init( &ecdh );
-
- status = mbedtls_psa_ecp_load_representation(
- PSA_KEY_TYPE_ECC_PUBLIC_KEY(curve),
- bits,
- peer_key,
- peer_key_length,
- &their_key );
- if( status != PSA_SUCCESS )
- goto exit;
-
- status = mbedtls_to_psa_error(
- mbedtls_ecdh_get_params( &ecdh, their_key, MBEDTLS_ECDH_THEIRS ) );
- if( status != PSA_SUCCESS )
- goto exit;
- status = mbedtls_to_psa_error(
- mbedtls_ecdh_get_params( &ecdh, our_key, MBEDTLS_ECDH_OURS ) );
- if( status != PSA_SUCCESS )
- goto exit;
-
- status = mbedtls_to_psa_error(
- mbedtls_ecdh_calc_secret( &ecdh,
- shared_secret_length,
- shared_secret, shared_secret_size,
- mbedtls_psa_get_random,
- MBEDTLS_PSA_RANDOM_STATE ) );
- if( status != PSA_SUCCESS )
- goto exit;
- if( PSA_BITS_TO_BYTES( bits ) != *shared_secret_length )
- status = PSA_ERROR_CORRUPTION_DETECTED;
-
-exit:
- if( status != PSA_SUCCESS )
- mbedtls_platform_zeroize( shared_secret, shared_secret_size );
- mbedtls_ecdh_free( &ecdh );
- mbedtls_ecp_keypair_free( their_key );
- mbedtls_free( their_key );
-
- return( status );
-}
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_ECDH */
-
#define PSA_KEY_AGREEMENT_MAX_SHARED_SECRET_SIZE MBEDTLS_ECP_MAX_BYTES
psa_status_t psa_key_agreement_raw_builtin( const psa_key_attributes_t *attributes,
@@ -5807,24 +5751,12 @@
{
#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH)
case PSA_ALG_ECDH:
- if( ! PSA_KEY_TYPE_IS_ECC_KEY_PAIR( attributes->core.type ) )
- return( PSA_ERROR_INVALID_ARGUMENT );
- mbedtls_ecp_keypair *ecp = NULL;
- psa_status_t status = mbedtls_psa_ecp_load_representation(
- attributes->core.type,
- attributes->core.bits,
- key_buffer,
- key_buffer_size,
- &ecp );
- if( status != PSA_SUCCESS )
- return( status );
- status = psa_key_agreement_ecdh( peer_key, peer_key_length,
- ecp,
- shared_secret, shared_secret_size,
- shared_secret_length );
- mbedtls_ecp_keypair_free( ecp );
- mbedtls_free( ecp );
- return( status );
+ return( mbedtls_psa_key_agreement_ecdh( attributes, key_buffer,
+ key_buffer_size, alg,
+ peer_key, peer_key_length,
+ shared_secret,
+ shared_secret_size,
+ shared_secret_length ) );
#endif /* MBEDTLS_PSA_BUILTIN_ALG_ECDH */
default:
(void) attributes;
diff --git a/library/psa_crypto_ecp.c b/library/psa_crypto_ecp.c
index 29f53b9..97baef9 100644
--- a/library/psa_crypto_ecp.c
+++ b/library/psa_crypto_ecp.c
@@ -33,6 +33,7 @@
#include "mbedtls/platform.h"
#include <mbedtls/ecdsa.h>
+#include <mbedtls/ecdh.h>
#include <mbedtls/ecp.h>
#include <mbedtls/error.h>
@@ -464,4 +465,75 @@
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
* defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */
+/****************************************************************/
+/* ECDH Key Agreement */
+/****************************************************************/
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH)
+psa_status_t mbedtls_psa_key_agreement_ecdh(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer, size_t key_buffer_size,
+ psa_algorithm_t alg, const uint8_t *peer_key, size_t peer_key_length,
+ uint8_t *shared_secret, size_t shared_secret_size,
+ size_t *shared_secret_length )
+{
+ if( ! PSA_KEY_TYPE_IS_ECC_KEY_PAIR( attributes->core.type ) ||
+ ! PSA_ALG_IS_ECDH(alg) )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ mbedtls_ecp_keypair *ecp = NULL;
+ psa_status_t status = mbedtls_psa_ecp_load_representation(
+ attributes->core.type,
+ attributes->core.bits,
+ key_buffer,
+ key_buffer_size,
+ &ecp );
+ if( status != PSA_SUCCESS )
+ return( status );
+ mbedtls_ecp_keypair *their_key = NULL;
+ mbedtls_ecdh_context ecdh;
+ size_t bits = 0;
+ psa_ecc_family_t curve = mbedtls_ecc_group_to_psa( ecp->grp.id, &bits );
+ mbedtls_ecdh_init( &ecdh );
+
+ status = mbedtls_psa_ecp_load_representation(
+ PSA_KEY_TYPE_ECC_PUBLIC_KEY(curve),
+ bits,
+ peer_key,
+ peer_key_length,
+ &their_key );
+ if( status != PSA_SUCCESS )
+ goto exit;
+
+ status = mbedtls_to_psa_error(
+ mbedtls_ecdh_get_params( &ecdh, their_key, MBEDTLS_ECDH_THEIRS ) );
+ if( status != PSA_SUCCESS )
+ goto exit;
+ status = mbedtls_to_psa_error(
+ mbedtls_ecdh_get_params( &ecdh, ecp, MBEDTLS_ECDH_OURS ) );
+ if( status != PSA_SUCCESS )
+ goto exit;
+
+ status = mbedtls_to_psa_error(
+ mbedtls_ecdh_calc_secret( &ecdh,
+ shared_secret_length,
+ shared_secret, shared_secret_size,
+ mbedtls_psa_get_random,
+ MBEDTLS_PSA_RANDOM_STATE ) );
+ if( status != PSA_SUCCESS )
+ goto exit;
+ if( PSA_BITS_TO_BYTES( bits ) != *shared_secret_length )
+ status = PSA_ERROR_CORRUPTION_DETECTED;
+
+exit:
+ if( status != PSA_SUCCESS )
+ mbedtls_platform_zeroize( shared_secret, shared_secret_size );
+ mbedtls_ecdh_free( &ecdh );
+ mbedtls_ecp_keypair_free( their_key );
+ mbedtls_free( their_key );
+ mbedtls_ecp_keypair_free( ecp );
+ mbedtls_free( ecp );
+ return( status );
+}
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_ECDH */
+
+
#endif /* MBEDTLS_PSA_CRYPTO_C */
diff --git a/library/psa_crypto_ecp.h b/library/psa_crypto_ecp.h
index 429c062..5a7f6f2 100644
--- a/library/psa_crypto_ecp.h
+++ b/library/psa_crypto_ecp.h
@@ -218,4 +218,11 @@
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
const uint8_t *signature, size_t signature_length );
+
+psa_status_t mbedtls_psa_key_agreement_ecdh(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer, size_t key_buffer_size,
+ psa_algorithm_t alg, const uint8_t *peer_key, size_t peer_key_length,
+ uint8_t *shared_secret, size_t shared_secret_size,
+ size_t *shared_secret_length );
#endif /* PSA_CRYPTO_ECP_H */