From 3f4778995ea20e155f19214635a5cb68611ff78c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Tue, 5 Jul 2022 11:30:31 +0200
Subject: [PATCH] Rm dependency on MD in psa_crypto_rsa.c
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The previous commit made the PKCS#1v1.5 part of rsa.c independent from
md.c, but there was still a dependency in the corresponding part in PSA.
This commit removes it.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
---
 include/mbedtls/config_psa.h |  1 -
 library/psa_crypto_hash.c    |  6 ++----
 library/psa_crypto_rsa.c     | 32 ++++++++++++++++++++++++++++----
 3 files changed, 30 insertions(+), 9 deletions(-)

diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h
index 2a6672e17a..4cae68b954 100644
--- a/include/mbedtls/config_psa.h
+++ b/include/mbedtls/config_psa.h
@@ -179,7 +179,6 @@ extern "C" {
 #define MBEDTLS_BIGNUM_C
 #define MBEDTLS_OID_C
 #define MBEDTLS_PKCS1_V15
-#define MBEDTLS_MD_C
 #endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN */
 #endif /* PSA_WANT_ALG_RSA_PKCS1V15_SIGN */
 
diff --git a/library/psa_crypto_hash.c b/library/psa_crypto_hash.c
index 536c6c1188..28e0b87abe 100644
--- a/library/psa_crypto_hash.c
+++ b/library/psa_crypto_hash.c
@@ -29,8 +29,7 @@
 #include <mbedtls/error.h>
 #include <string.h>
 
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
-    defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || \
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || \
     defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) || \
     defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
 const mbedtls_md_info_t *mbedtls_md_info_from_psa( psa_algorithm_t alg )
@@ -69,8 +68,7 @@ const mbedtls_md_info_t *mbedtls_md_info_from_psa( psa_algorithm_t alg )
             return( NULL );
     }
 }
-#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) ||
-        * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) ||
+#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) ||
         * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) ||
         * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */
 
diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c
index 68f4bf16dc..f4d3f9c923 100644
--- a/library/psa_crypto_rsa.c
+++ b/library/psa_crypto_rsa.c
@@ -41,6 +41,7 @@
 #include <mbedtls/error.h>
 #include <mbedtls/pk.h>
 #include "pk_wrap.h"
+#include "md_internal.h"
 
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \
     defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || \
@@ -319,6 +320,30 @@ psa_status_t mbedtls_psa_rsa_generate_key(
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
     defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
 
+/* Convert a hash algorithm from PSA to MD identifier */
+static inline mbedtls_md_type_t get_md_alg_from_psa( psa_algorithm_t psa_alg )
+{
+    switch( psa_alg )
+    {
+        case PSA_ALG_MD5:
+            return( MBEDTLS_MD_MD5 );
+        case PSA_ALG_RIPEMD160:
+            return( MBEDTLS_MD_RIPEMD160 );
+        case PSA_ALG_SHA_1:
+            return( MBEDTLS_MD_SHA1 );
+        case PSA_ALG_SHA_224:
+            return( MBEDTLS_MD_SHA224 );
+        case PSA_ALG_SHA_256:
+            return( MBEDTLS_MD_SHA256 );
+        case PSA_ALG_SHA_384:
+            return( MBEDTLS_MD_SHA384 );
+        case PSA_ALG_SHA_512:
+            return( MBEDTLS_MD_SHA512 );
+        default:
+            return( MBEDTLS_MD_NONE );
+    }
+}
+
 /* Decode the hash algorithm from alg and store the mbedtls encoding in
  * md_alg. Verify that the hash length is acceptable. */
 static psa_status_t psa_rsa_decode_md_type( psa_algorithm_t alg,
@@ -326,8 +351,7 @@ static psa_status_t psa_rsa_decode_md_type( psa_algorithm_t alg,
                                             mbedtls_md_type_t *md_alg )
 {
     psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg );
-    const mbedtls_md_info_t *md_info = mbedtls_md_info_from_psa( hash_alg );
-    *md_alg = mbedtls_md_get_type( md_info );
+    *md_alg = get_md_alg_from_psa( hash_alg );
 
     /* The Mbed TLS RSA module uses an unsigned int for hash length
      * parameters. Validate that it fits so that we don't risk an
@@ -340,9 +364,9 @@ static psa_status_t psa_rsa_decode_md_type( psa_algorithm_t alg,
     /* For signatures using a hash, the hash length must be correct. */
     if( alg != PSA_ALG_RSA_PKCS1V15_SIGN_RAW )
     {
-        if( md_info == NULL )
+        if( *md_alg == MBEDTLS_MD_NONE )
             return( PSA_ERROR_NOT_SUPPORTED );
-        if( mbedtls_md_get_size( md_info ) != hash_length )
+        if( mbedtls_md_internal_get_size( *md_alg ) != hash_length )
             return( PSA_ERROR_INVALID_ARGUMENT );
     }