psa_util: add algorithm's availability checks for MD conversion functions

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2025-02-20 21:39:54 +00:00 · 2024-01-02 14:57:19 +01:00 · 2024-01-02 14:57:19 +01:00 · 3d2e0f5f42
commit 3d2e0f5f42
parent 384fbde49a
2 changed files with 112 additions and 21 deletions
--- a/include/mbedtls/psa_util.h
+++ b/include/mbedtls/psa_util.h
@ -152,21 +152,12 @@ mbedtls_ecp_group_id mbedtls_ecc_group_of_psa(psa_ecc_family_t curve,
 * \brief           This function returns the PSA algorithm identifier
 *                  associated with the given digest type.
 *
- * \param md_type   The type of digest to search for. Must not be NONE.
+ * \param md_type   The type of digest to search for.
 *
- * \warning         If \p md_type is \c MBEDTLS_MD_NONE, this function will
- *                  not return \c PSA_ALG_NONE, but an invalid algorithm.
- *
- * \warning         This function does not check if the algorithm is
- *                  supported, it always returns the corresponding identifier.
- *
- * \return          The PSA algorithm identifier associated with \p md_type,
- *                  regardless of whether it is supported or not.
+ * \return          The PSA algorithm identifier associated with \p md_type;
+ *                  #PSA_ALG_NONE if the algorithm is unuspported or invalid.
 */
-static inline psa_algorithm_t mbedtls_md_psa_alg_from_type(mbedtls_md_type_t md_type)
-{
-    return PSA_ALG_CATEGORY_HASH | (psa_algorithm_t) md_type;
-}
+psa_algorithm_t mbedtls_md_psa_alg_from_type(mbedtls_md_type_t md_type);

 /**
 * \brief           This function returns the given digest type
@ -174,16 +165,10 @@ static inline psa_algorithm_t mbedtls_md_psa_alg_from_type(mbedtls_md_type_t md_
 *
 * \param psa_alg   The PSA algorithm identifier to search for.
 *
- * \warning         This function does not check if the algorithm is
- *                  supported, it always returns the corresponding identifier.
- *
 * \return          The MD type associated with \p psa_alg,
- *                  regardless of whether it is supported or not.
+ *                  #MBEDTLS_MD_NONE if the algorithm is unsupported or invalid.
 */
-static inline mbedtls_md_type_t mbedtls_md_type_from_psa_alg(psa_algorithm_t psa_alg)
-{
-    return (mbedtls_md_type_t) (psa_alg & PSA_ALG_HASH_MASK);
-}
+mbedtls_md_type_t mbedtls_md_type_from_psa_alg(psa_algorithm_t psa_alg);

 /**@}*/

--- a/library/psa_util.c
+++ b/library/psa_util.c
@ -330,4 +330,110 @@ mbedtls_ecp_group_id mbedtls_ecc_group_of_psa(psa_ecc_family_t curve,
 }
 #endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */

+psa_algorithm_t mbedtls_md_psa_alg_from_type(mbedtls_md_type_t md_type)
+{
+    switch (md_type) {
+#if defined(PSA_WANT_ALG_MD5)
+        case MBEDTLS_MD_MD5:
+            return PSA_ALG_MD5;
+#endif
+#if defined(PSA_WANT_ALG_RIPEMD160)
+        case MBEDTLS_MD_RIPEMD160:
+            return PSA_ALG_RIPEMD160;
+#endif
+#if defined(PSA_WANT_ALG_SHA_1)
+        case MBEDTLS_MD_SHA1:
+            return PSA_ALG_SHA_1;
+#endif
+#if defined(PSA_WANT_ALG_SHA_224)
+        case MBEDTLS_MD_SHA224:
+            return PSA_ALG_SHA_224;
+#endif
+#if defined(PSA_WANT_ALG_SHA_256)
+        case MBEDTLS_MD_SHA256:
+            return PSA_ALG_SHA_256;
+#endif
+#if defined(PSA_WANT_ALG_SHA_384)
+        case MBEDTLS_MD_SHA384:
+            return PSA_ALG_SHA_384;
+#endif
+#if defined(PSA_WANT_ALG_SHA_512)
+        case MBEDTLS_MD_SHA512:
+            return PSA_ALG_SHA_512;
+#endif
+#if defined(PSA_WANT_ALG_SHA3_224)
+        case MBEDTLS_MD_SHA3_224:
+            return PSA_ALG_SHA3_224;
+#endif
+#if defined(PSA_WANT_ALG_SHA3_256)
+        case MBEDTLS_MD_SHA3_256:
+            return PSA_ALG_SHA3_256;
+#endif
+#if defined(PSA_WANT_ALG_SHA3_384)
+        case MBEDTLS_MD_SHA3_384:
+            return PSA_ALG_SHA3_384;
+#endif
+#if defined(PSA_WANT_ALG_SHA3_512)
+        case MBEDTLS_MD_SHA3_512:
+            return PSA_ALG_SHA3_512;
+#endif
+        case MBEDTLS_MD_NONE:
+        default:
+            return PSA_ALG_NONE;
+    }
+}
+
+mbedtls_md_type_t mbedtls_md_type_from_psa_alg(psa_algorithm_t psa_alg)
+{
+    switch (psa_alg) {
+#if defined(PSA_WANT_ALG_MD5)
+        case PSA_ALG_MD5:
+            return MBEDTLS_MD_MD5;
+#endif
+#if defined(PSA_WANT_ALG_RIPEMD160)
+        case PSA_ALG_RIPEMD160:
+            return MBEDTLS_MD_RIPEMD160;
+#endif
+#if defined(PSA_WANT_ALG_SHA_1)
+        case PSA_ALG_SHA_1:
+            return MBEDTLS_MD_SHA1;
+#endif
+#if defined(PSA_WANT_ALG_SHA_224)
+        case PSA_ALG_SHA_224:
+            return MBEDTLS_MD_SHA224;
+#endif
+#if defined(PSA_WANT_ALG_SHA_256)
+        case PSA_ALG_SHA_256:
+            return MBEDTLS_MD_SHA256;
+#endif
+#if defined(PSA_WANT_ALG_SHA_384)
+        case PSA_ALG_SHA_384:
+            return MBEDTLS_MD_SHA384;
+#endif
+#if defined(PSA_WANT_ALG_SHA_512)
+        case PSA_ALG_SHA_512:
+            return MBEDTLS_MD_SHA512;
+#endif
+#if defined(PSA_WANT_ALG_SHA3_224)
+        case PSA_ALG_SHA3_224:
+            return MBEDTLS_MD_SHA3_224;
+#endif
+#if defined(PSA_WANT_ALG_SHA3_256)
+        case PSA_ALG_SHA3_256:
+            return MBEDTLS_MD_SHA3_256;
+#endif
+#if defined(PSA_WANT_ALG_SHA3_384)
+        case PSA_ALG_SHA3_384:
+            return MBEDTLS_MD_SHA3_384;
+#endif
+#if defined(PSA_WANT_ALG_SHA3_512)
+        case PSA_ALG_SHA3_512:
+            return MBEDTLS_MD_SHA3_512;
+#endif
+        case PSA_ALG_NONE:
+        default:
+            return MBEDTLS_MD_NONE;
+    }
+}
+
 #endif /* MBEDTLS_PSA_CRYPTO_C */