Simplify implementation of MD<->PSA translation

Also, add tests and comments due from previous commits. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2025-03-29 04:20:12 +00:00 · 2023-06-06 12:34:45 +02:00 · 2023-06-06 12:34:45 +02:00 · 1f6d2e352d
commit 1f6d2e352d
parent 47bb380f6d
4 changed files with 39 additions and 36 deletions
--- a/include/mbedtls/md.h
+++ b/include/mbedtls/md.h
@ -143,7 +143,9 @@ extern "C" {
 *            stronger message digests instead.
 *
 */
-/* XXX: comment + test */
+/* Note: these are aligned with the definitions of PSA_ALG_ macros for hashes,
+ * in order to enable an efficient implementation of conversion functions.
+ * This is tested by md_to_from_psa() in test_suite_md. */
 typedef enum {
    MBEDTLS_MD_NONE=0,    /**< None. */
    MBEDTLS_MD_MD5=0x03,       /**< The MD5 message digest. */
--- a/library/md.c
+++ b/library/md.c
@ -773,46 +773,15 @@ mbedtls_md_type_t mbedtls_md_get_type(const mbedtls_md_info_t *md_info)
 #if defined(MBEDTLS_PSA_CRYPTO_C)
 psa_algorithm_t mbedtls_md_psa_alg_from_type(mbedtls_md_type_t md_type)
 {
-    switch (md_type) {
-        case MBEDTLS_MD_MD5:
-            return PSA_ALG_MD5;
-        case MBEDTLS_MD_RIPEMD160:
-            return PSA_ALG_RIPEMD160;
-        case MBEDTLS_MD_SHA1:
-            return PSA_ALG_SHA_1;
-        case MBEDTLS_MD_SHA224:
-            return PSA_ALG_SHA_224;
-        case MBEDTLS_MD_SHA256:
-            return PSA_ALG_SHA_256;
-        case MBEDTLS_MD_SHA384:
-            return PSA_ALG_SHA_384;
-        case MBEDTLS_MD_SHA512:
-            return PSA_ALG_SHA_512;
-        default:
-            return PSA_ALG_NONE;
+    if (md_type == MBEDTLS_MD_NONE) {
+        return PSA_ALG_NONE;
    }
+    return PSA_ALG_CATEGORY_HASH | (psa_algorithm_t) md_type;
 }

 mbedtls_md_type_t mbedtls_md_type_from_psa_alg(psa_algorithm_t psa_alg)
 {
-    switch (psa_alg) {
-        case PSA_ALG_MD5:
-            return MBEDTLS_MD_MD5;
-        case PSA_ALG_RIPEMD160:
-            return MBEDTLS_MD_RIPEMD160;
-        case PSA_ALG_SHA_1:
-            return MBEDTLS_MD_SHA1;
-        case PSA_ALG_SHA_224:
-            return MBEDTLS_MD_SHA224;
-        case PSA_ALG_SHA_256:
-            return MBEDTLS_MD_SHA256;
-        case PSA_ALG_SHA_384:
-            return MBEDTLS_MD_SHA384;
-        case PSA_ALG_SHA_512:
-            return MBEDTLS_MD_SHA512;
-        default:
-            return MBEDTLS_MD_NONE;
-    }
+    return (mbedtls_md_type_t) (psa_alg & PSA_ALG_HASH_MASK);
 }

 int mbedtls_md_error_from_psa(psa_status_t status)
--- a/library/md_psa.h
+++ b/library/md_psa.h
@ -33,6 +33,9 @@
 *
 * \param md_type   The type of digest to search for.
 *
+ * \warning         This function does not check if the algorithm is
+ *                  supported, it always returns the corresponding identifier.
+ *
 * \return          The PSA algorithm identifier associated with \p md_type,
 *                  regardless of whether it is supported or not.
 */
@ -44,6 +47,9 @@ psa_algorithm_t mbedtls_md_psa_alg_from_type(mbedtls_md_type_t md_type);
 *
 * \param psa_alg   The PSA algorithm identifier to search for.
 *
+ * \warning         This function does not check if the algorithm is
+ *                  supported, it always returns the corresponding identifier.
+ *
 * \return          The MD type associated with \p psa_alg,
 *                  regardless of whether it is supported or not.
 */
--- a/tests/suites/test_suite_md.function
+++ b/tests/suites/test_suite_md.function
@ -1,5 +1,10 @@
 /* BEGIN_HEADER */
 #include "mbedtls/md.h"
+#include "md_psa.h"
+
+#define MD_PSA(md, psa) \
+    TEST_EQUAL(mbedtls_md_psa_alg_from_type(md), psa);  \
+    TEST_EQUAL(mbedtls_md_type_from_psa_alg(psa), md);
 /* END_HEADER */

 /* BEGIN_DEPENDENCIES
@ -36,6 +41,27 @@ exit:
 }
 /* END_CASE */

+/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C */
+void md_to_from_psa()
+{
+    /* We use a simplified implementation that relies on numerical values
+     * being aligned, so make sure they remain so. */
+    MD_PSA(MBEDTLS_MD_MD5, PSA_ALG_MD5);
+    MD_PSA(MBEDTLS_MD_RIPEMD160, PSA_ALG_RIPEMD160);
+    MD_PSA(MBEDTLS_MD_SHA1, PSA_ALG_SHA_1);
+    MD_PSA(MBEDTLS_MD_SHA224, PSA_ALG_SHA_224);
+    MD_PSA(MBEDTLS_MD_SHA256, PSA_ALG_SHA_256);
+    MD_PSA(MBEDTLS_MD_SHA384, PSA_ALG_SHA_384);
+    MD_PSA(MBEDTLS_MD_SHA512, PSA_ALG_SHA_512);
+    MD_PSA(MBEDTLS_MD_SHA3_224, PSA_ALG_SHA3_224);
+    MD_PSA(MBEDTLS_MD_SHA3_256, PSA_ALG_SHA3_256);
+    MD_PSA(MBEDTLS_MD_SHA3_384, PSA_ALG_SHA3_384);
+    MD_PSA(MBEDTLS_MD_SHA3_512, PSA_ALG_SHA3_512);
+
+    MD_PSA(MBEDTLS_MD_NONE, PSA_ALG_NONE);
+}
+/* END_CASE */
+
 /* BEGIN_CASE */
 void md_null_args()
 {