Add EDDSA support as a conditional build.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
2025-02-21 19:00:44 +01:00
parent d54bc1b0f3
commit b91ece8ec3
8 changed files with 36 additions and 17 deletions
--- a/src/fido/cbor_get_assertion.c
+++ b/src/fido/cbor_get_assertion.c
@@ -548,14 +548,14 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) {
    memcpy(pa, clientDataHash.data, clientDataHash.len);
    uint8_t hash[64] = {0}, sig[MBEDTLS_ECDSA_MAX_LEN] = {0};
    const mbedtls_md_info_t *md = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256);
-    mbedtls_ecdsa_context ekey;
-    mbedtls_ecdsa_init(&ekey);
+    mbedtls_ecp_keypair ekey;
+    mbedtls_ecp_keypair_init(&ekey);
    size_t olen = 0;
    if (selcred) {
        ret = fido_load_key((int)selcred->curve, selcred->id.data, &ekey);
        if (ret != 0) {
            if (derive_key(rp_id_hash, false, selcred->id.data, MBEDTLS_ECP_DP_SECP256R1, &ekey) != 0) {
-                mbedtls_ecdsa_free(&ekey);
+                mbedtls_ecp_keypair_free(&ekey);
                CBOR_ERROR(CTAP1_ERR_OTHER);
            }
        }
@@ -565,17 +565,20 @@ int cbor_get_assertion(const uint8_t *data, size_t len, bool next) {
        else if (ekey.grp.id == MBEDTLS_ECP_DP_SECP521R1) {
            md = mbedtls_md_info_from_type(MBEDTLS_MD_SHA512);
        }
+#ifdef MBEDTLS_EDDSA_C
        else if (ekey.grp.id == MBEDTLS_ECP_DP_ED25519) {
            md = NULL;
        }
-        
+#endif
        if (md != NULL) {
            ret = mbedtls_md(md, aut_data, aut_data_len + clientDataHash.len, hash);
            ret = mbedtls_ecdsa_write_signature(&ekey, mbedtls_md_get_type(md), hash, mbedtls_md_get_size(md), sig, sizeof(sig), &olen, random_gen, NULL);
        }
+#ifdef MBEDTLS_EDDSA_C
        else {
            ret = mbedtls_eddsa_write_signature(&ekey, aut_data, aut_data_len + clientDataHash.len, sig, sizeof(sig), &olen, MBEDTLS_EDDSA_PURE, NULL, 0, random_gen, NULL);
        }
+#endif
    }
    else {
        // Bogus signature