Implement can_do for opaque ECC keypairs Unfortunately the can_do wrapper does not receive the key context as an argument, so it cannot check psa_get_key_information(). Later we might want to change our internal structures to fix this, but for now we'll just restrict opaque PSA keys to be ECDSA keypairs, as this is the only thing we need for now. It also simplifies testing a bit (no need to test each key type).

commit: 920c063bad6ca3bc27cdef40ba3d3ddd647cde74 [log] [tgz]
author: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Wed Oct 31 10:57:29 2018 +0100
committer: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Thu Nov 22 09:59:34 2018 +0100
tree: 96f94ce92e6790f16efa7617b7ae2134fde8f23c
parent: 0184b3c69b8bd1891ff6b2cf711b5ddf63254eef [diff] [blame]
diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index 75a49a1..d01694c 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c

@@ -744,11 +744,20 @@
     return( bits );
 }
 
+static int pk_psa_can_do( mbedtls_pk_type_t type )
+{
+    /* For now opaque PSA keys can only wrap ECC keypairs,
+     * as checked by setup_psa().
+     * Also, ECKEY_DH does not really make sense with the current API. */
+    return( type == MBEDTLS_PK_ECKEY ||
+            type == MBEDTLS_PK_ECDSA );
+}
+
 const mbedtls_pk_info_t mbedtls_pk_opaque_psa_info = {
     MBEDTLS_PK_OPAQUE_PSA,
     "Opaque (PSA)",
     pk_psa_get_bitlen,
-    NULL, /* coming soon: can_do */
+    pk_psa_can_do,
     NULL, /* verify - will be done later */
     NULL, /* coming soon: sign */
 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
commit	920c063bad6ca3bc27cdef40ba3d3ddd647cde74	[log] [tgz]
author	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Wed Oct 31 10:57:29 2018 +0100
committer	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Thu Nov 22 09:59:34 2018 +0100
tree	96f94ce92e6790f16efa7617b7ae2134fde8f23c
parent	0184b3c69b8bd1891ff6b2cf711b5ddf63254eef [diff] [blame]