pk: guard mbedtls_pk_setup_opaque() with CRYPTO_CLIENT instead of USE_PSA
This commit also solves related issues in order to have test
components related to CRYPTO_CLIENT passing.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h
index 919543c..9316307 100644
--- a/include/mbedtls/pk.h
+++ b/include/mbedtls/pk.h
@@ -233,9 +233,9 @@
* Note: this private key storing solution only affects EC keys, not the
* other ones. The latters still use the pk_ctx to store their own
* context. */
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
mbedtls_svc_key_id_t MBEDTLS_PRIVATE(priv_id); /**< Key ID for opaque keys */
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
+#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
/* The following fields are meant for storing the public key in raw format
* which is handy for:
* - easily importing it into the PSA context
@@ -357,7 +357,7 @@
*/
int mbedtls_pk_setup(mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
/**
* \brief Initialize a PK context to wrap a PSA key.
*
@@ -388,7 +388,7 @@
*/
int mbedtls_pk_setup_opaque(mbedtls_pk_context *ctx,
const mbedtls_svc_key_id_t key);
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
+#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
/**
diff --git a/library/pk.c b/library/pk.c
index 076d3a8..e7a2af4 100644
--- a/library/pk.c
+++ b/library/pk.c
@@ -151,7 +151,7 @@
return 0;
}
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
/*
* Initialise a PSA-wrapping context
*/
@@ -188,7 +188,7 @@
return 0;
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
+#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
/*
diff --git a/library/pk_internal.h b/library/pk_internal.h
index da6c7f1..f5924ad 100644
--- a/library/pk_internal.h
+++ b/library/pk_internal.h
@@ -17,7 +17,7 @@
#include "mbedtls/ecp.h"
#endif
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
#include "psa/crypto.h"
#include "psa_util_internal.h"
@@ -28,7 +28,7 @@
#define PSA_PK_ECDSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \
psa_to_pk_ecdsa_errors, \
psa_pk_status_to_mbedtls)
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
+#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
/* Headers/footers for PEM files */
#define PEM_BEGIN_PUBLIC_KEY "-----BEGIN PUBLIC KEY-----"
diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index 69e1baf..47c1bc8 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -522,7 +522,7 @@
}
#if defined(MBEDTLS_PK_CAN_ECDSA_VERIFY)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
/* Common helper for ECDSA verify using PSA functions. */
static int ecdsa_verify_psa(unsigned char *key, size_t key_len,
psa_ecc_family_t curve, size_t curve_bits,
@@ -656,7 +656,7 @@
hash, hash_len, sig, sig_len);
}
#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
-#else /* MBEDTLS_USE_PSA_CRYPTO */
+#else /* MBEDTLS_PSA_CRYPTO_CLIENT */
static int ecdsa_verify_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
const unsigned char *sig, size_t sig_len)
@@ -673,11 +673,11 @@
return ret;
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
+#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
#endif /* MBEDTLS_PK_CAN_ECDSA_VERIFY */
#if defined(MBEDTLS_PK_CAN_ECDSA_SIGN)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
/* Common helper for ECDSA sign using PSA functions.
* Instead of extracting key's properties in order to check which kind of ECDSA
* signature it supports, we try both deterministic and non-deterministic.
@@ -794,7 +794,7 @@
return ret;
}
#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
-#else /* MBEDTLS_USE_PSA_CRYPTO */
+#else /* MBEDTLS_PSA_CRYPTO_CLIENT */
static int ecdsa_sign_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
unsigned char *sig, size_t sig_size, size_t *sig_len,
@@ -805,7 +805,7 @@
sig, sig_size, sig_len,
f_rng, p_rng);
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
+#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
#endif /* MBEDTLS_PK_CAN_ECDSA_SIGN */
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
@@ -916,7 +916,7 @@
}
#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
static int eckey_check_pair_psa(mbedtls_pk_context *pub, mbedtls_pk_context *prv)
{
@@ -1013,7 +1013,7 @@
(void) p_rng;
return eckey_check_pair_psa(pub, prv);
}
-#else /* MBEDTLS_USE_PSA_CRYPTO */
+#else /* MBEDTLS_PSA_CRYPTO_CLIENT */
static int eckey_check_pair_wrap(mbedtls_pk_context *pub, mbedtls_pk_context *prv,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng)
@@ -1022,9 +1022,9 @@
(const mbedtls_ecp_keypair *) prv->pk_ctx,
f_rng, p_rng);
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
+#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
/* When PK_USE_PSA_EC_DATA is defined opaque and non-opaque keys end up
* using the same function. */
@@ -1064,7 +1064,7 @@
return 0;
}
#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
+#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA)
static void *eckey_alloc_wrap(void)
@@ -1394,7 +1394,7 @@
};
#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
static size_t opaque_get_bitlen(mbedtls_pk_context *pk)
{
size_t bits;
@@ -1556,6 +1556,6 @@
.debug_func = NULL,
};
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
+#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
#endif /* MBEDTLS_PK_C */
diff --git a/library/pk_wrap.h b/library/pk_wrap.h
index be096da..70d3d60 100644
--- a/library/pk_wrap.h
+++ b/library/pk_wrap.h
@@ -121,7 +121,7 @@
extern const mbedtls_pk_info_t mbedtls_rsa_alt_info;
#endif
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
extern const mbedtls_pk_info_t mbedtls_ecdsa_opaque_info;
extern const mbedtls_pk_info_t mbedtls_rsa_opaque_info;
@@ -133,6 +133,6 @@
size_t *sig_len);
#endif /* MBEDTLS_RSA_C */
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
+#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
#endif /* MBEDTLS_PK_WRAP_H */
diff --git a/library/psa_util.c b/library/psa_util.c
index 09dc80a..3f81ed1 100644
--- a/library/psa_util.c
+++ b/library/psa_util.c
@@ -107,7 +107,7 @@
};
#endif
-#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && \
defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
const mbedtls_error_pair_t psa_to_pk_ecdsa_errors[] =
{
diff --git a/library/psa_util_internal.h b/library/psa_util_internal.h
index 70a08a0..6a936fc 100644
--- a/library/psa_util_internal.h
+++ b/library/psa_util_internal.h
@@ -69,7 +69,7 @@
extern const mbedtls_error_pair_t psa_to_pk_rsa_errors[8];
#endif
-#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && \
defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
extern const mbedtls_error_pair_t psa_to_pk_ecdsa_errors[7];
#endif
diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h
index 41d204d..9a84335 100644
--- a/tests/include/test/psa_crypto_helpers.h
+++ b/tests/include/test/psa_crypto_helpers.h
@@ -318,9 +318,9 @@
/** \def USE_PSA_INIT
*
- * Call this macro to initialize the PSA subsystem if #MBEDTLS_USE_PSA_CRYPTO
- * or #MBEDTLS_SSL_PROTO_TLS1_3 (In contrast to TLS 1.2 implementation, the
- * TLS 1.3 one uses PSA independently of the definition of
+ * Call this macro to initialize the PSA subsystem if #MBEDTLS_USE_PSA_CRYPTO or
+ * #MBEDTLS_PSA_CRYPTO_CLIENT or #MBEDTLS_SSL_PROTO_TLS1_3 (In contrast to
+ * TLS 1.2 implementation, the TLS 1.3 one uses PSA independently of the definition of
* #MBEDTLS_USE_PSA_CRYPTO) is enabled and do nothing otherwise.
*
* If the initialization fails, mark the test case as failed and jump to the
@@ -333,16 +333,19 @@
* This is like #PSA_DONE except it does nothing under the same conditions as
* #USE_PSA_INIT.
*/
-#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
+#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) || \
+ defined(MBEDTLS_PSA_CRYPTO_CLIENT)
#define USE_PSA_INIT() PSA_INIT()
#define USE_PSA_DONE() PSA_DONE()
-#else /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */
+#else /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 ||
+ MBEDTLS_PSA_CRYPTO_CLIENT */
/* Define empty macros so that we can use them in the preamble and teardown
* of every test function that uses PSA conditionally based on
* MBEDTLS_USE_PSA_CRYPTO. */
#define USE_PSA_INIT() ((void) 0)
#define USE_PSA_DONE() ((void) 0)
-#endif /* !MBEDTLS_USE_PSA_CRYPTO && !MBEDTLS_SSL_PROTO_TLS1_3 */
+#endif /* !MBEDTLS_USE_PSA_CRYPTO && !MBEDTLS_SSL_PROTO_TLS1_3 &&
+ !MBEDTLS_PSA_CRYPTO_CLIENT */
/** \def MD_PSA_INIT
*
@@ -394,8 +397,8 @@
/** \def MD_OR_USE_PSA_INIT
*
* Call this macro to initialize the PSA subsystem if MD uses a driver,
- * or if #MBEDTLS_USE_PSA_CRYPTO or #MBEDTLS_SSL_PROTO_TLS1_3 is enabled,
- * and do nothing otherwise.
+ * or if #MBEDTLS_USE_PSA_CRYPTO or #MBEDTLS_PSA_CRYPTO_CLIENT or
+ * #MBEDTLS_SSL_PROTO_TLS1_3 is enabled, and do nothing otherwise.
*
* If the initialization fails, mark the test case as failed and jump to the
* \p exit label.
@@ -408,7 +411,8 @@
* #MD_OR_USE_PSA_INIT.
*/
#if defined(MBEDTLS_MD_SOME_PSA) || \
- defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
+ defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) || \
+ defined(MBEDTLS_PSA_CRYPTO_CLIENT)
#define MD_OR_USE_PSA_INIT() PSA_INIT()
#define MD_OR_USE_PSA_DONE() PSA_DONE()
#else
diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data
index 35f02cb..e744ac8 100644
--- a/tests/suites/test_suite_pk.data
+++ b/tests/suites/test_suite_pk.data
@@ -544,7 +544,7 @@
Check pair #2 (EC, bad)
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PEM_PARSE_C
-mbedtls_pk_check_pair:"data_files/ec_256_pub.pem":"data_files/server5.key":MBEDTLS_ERR_ECP_BAD_INPUT_DATA
+mbedtls_pk_check_pair:"data_files/ec_256_pub.pem":"data_files/server5.key":MBEDTLS_ERR_PK_BAD_INPUT_DATA
Check pair #3 (RSA, OK)
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_PEM_PARSE_C