diff --git a/ChangeLog.d/8340.txt b/ChangeLog.d/8340.txt new file mode 100644 index 0000000000..5664bf170c --- /dev/null +++ b/ChangeLog.d/8340.txt @@ -0,0 +1,4 @@ +Features + * Add functions mbedtls_md_psa_alg_from_type() and + mbedtls_md_type_from_psa_alg() to convert between mbedtls_md_type_t and + psa_algorithm_t. diff --git a/docs/psa-transition.md b/docs/psa-transition.md index 617426cfd7..e89128cbdd 100644 --- a/docs/psa-transition.md +++ b/docs/psa-transition.md @@ -443,6 +443,10 @@ The equivalent to `mbedtls_md_type_t` and `MBEDTLS_MD_XXX` constants is the type | `MBEDTLS_MD_SHA3_384` | `PSA_ALG_SHA3_384` | | `MBEDTLS_MD_SHA3_512` | `PSA_ALG_SHA3_512` | +The following helper functions can be used to convert between the 2 types: +- `mbedtls_md_psa_alg_from_type()` converts from legacy `mbedtls_md_type_t` to PSA's `psa_algorithm_t`. +- `mbedtls_md_type_from_psa_alg()` converts from PSA's `psa_algorithm_t` to legacy `mbedtls_md_type_t`. + ### MAC mechanism selection PSA Crypto has a generic API with the same functions for all MAC mechanisms. The mechanism is determined by a combination of an algorithm value of type [`psa_algorithm_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gac2e4d47f1300d73c2f829a6d99252d69) and a key type value of type [`psa_key_type_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga63fce6880ca5933b5d6baa257febf1f6). diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index 1b142562ec..47724c633f 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -139,6 +139,43 @@ mbedtls_ecp_group_id mbedtls_ecc_group_from_psa(psa_ecc_family_t family, size_t bits); #endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ +/** + * \brief This function returns the PSA algorithm identifier + * associated with the given digest type. + * + * \param md_type The type of digest to search for. Must not be NONE. + * + * \warning If \p md_type is \c MBEDTLS_MD_NONE, this function will + * not return \c PSA_ALG_NONE, but an invalid algorithm. + * + * \warning This function does not check if the algorithm is + * supported, it always returns the corresponding identifier. + * + * \return The PSA algorithm identifier associated with \p md_type, + * regardless of whether it is supported or not. + */ +static inline psa_algorithm_t mbedtls_md_psa_alg_from_type(mbedtls_md_type_t md_type) +{ + return PSA_ALG_CATEGORY_HASH | (psa_algorithm_t) md_type; +} + +/** + * \brief This function returns the given digest type + * associated with the PSA algorithm identifier. + * + * \param psa_alg The PSA algorithm identifier to search for. + * + * \warning This function does not check if the algorithm is + * supported, it always returns the corresponding identifier. + * + * \return The MD type associated with \p psa_alg, + * regardless of whether it is supported or not. + */ +static inline mbedtls_md_type_t mbedtls_md_type_from_psa_alg(psa_algorithm_t psa_alg) +{ + return (mbedtls_md_type_t) (psa_alg & PSA_ALG_HASH_MASK); +} + /**@}*/ #endif /* MBEDTLS_PSA_CRYPTO_C */ diff --git a/library/md_psa.h b/library/md_psa.h index b201263b1a..028ba2409c 100644 --- a/library/md_psa.h +++ b/library/md_psa.h @@ -15,43 +15,6 @@ #include "mbedtls/md.h" #include "psa/crypto.h" -/** - * \brief This function returns the PSA algorithm identifier - * associated with the given digest type. - * - * \param md_type The type of digest to search for. Must not be NONE. - * - * \warning If \p md_type is \c MBEDTLS_MD_NONE, this function will - * not return \c PSA_ALG_NONE, but an invalid algorithm. - * - * \warning This function does not check if the algorithm is - * supported, it always returns the corresponding identifier. - * - * \return The PSA algorithm identifier associated with \p md_type, - * regardless of whether it is supported or not. - */ -static inline psa_algorithm_t mbedtls_md_psa_alg_from_type(mbedtls_md_type_t md_type) -{ - return PSA_ALG_CATEGORY_HASH | (psa_algorithm_t) md_type; -} - -/** - * \brief This function returns the given digest type - * associated with the PSA algorithm identifier. - * - * \param psa_alg The PSA algorithm identifier to search for. - * - * \warning This function does not check if the algorithm is - * supported, it always returns the corresponding identifier. - * - * \return The MD type associated with \p psa_alg, - * regardless of whether it is supported or not. - */ -static inline mbedtls_md_type_t mbedtls_md_type_from_psa_alg(psa_algorithm_t psa_alg) -{ - return (mbedtls_md_type_t) (psa_alg & PSA_ALG_HASH_MASK); -} - /** Convert PSA status to MD error code. * * \param status PSA status. diff --git a/library/pk.c b/library/pk.c index 61ac0dfab0..9261837017 100644 --- a/library/pk.c +++ b/library/pk.c @@ -31,7 +31,7 @@ #if defined(MBEDTLS_USE_PSA_CRYPTO) #include "psa_util_internal.h" -#include "md_psa.h" +#include "mbedtls/psa_util.h" #endif #include diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 9247945230..c232650229 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -13,7 +13,7 @@ #include "pk_wrap.h" #include "pk_internal.h" #include "mbedtls/error.h" -#include "md_psa.h" +#include "mbedtls/psa_util.h" /* Even if RSA not activated, for the sake of RSA-alt */ #include "mbedtls/rsa.h" diff --git a/library/psa_crypto.c b/library/psa_crypto.c index b4dffa933b..3be3176e6b 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -70,7 +70,7 @@ #include "mbedtls/sha1.h" #include "mbedtls/sha256.h" #include "mbedtls/sha512.h" -#include "md_psa.h" +#include "mbedtls/psa_util.h" #if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) || \ diff --git a/library/psa_crypto_ecp.c b/library/psa_crypto_ecp.c index 61c941479a..db085418e0 100644 --- a/library/psa_crypto_ecp.c +++ b/library/psa_crypto_ecp.c @@ -14,7 +14,7 @@ #include "psa_crypto_core.h" #include "psa_crypto_ecp.h" #include "psa_crypto_random_impl.h" -#include "md_psa.h" +#include "mbedtls/psa_util.h" #include #include diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c index 0679f41eab..7b58ea22a5 100644 --- a/library/psa_crypto_rsa.c +++ b/library/psa_crypto_rsa.c @@ -16,7 +16,7 @@ #include "psa_crypto_random_impl.h" #include "psa_crypto_rsa.h" #include "psa_crypto_hash.h" -#include "md_psa.h" +#include "mbedtls/psa_util.h" #include #include diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index 6224ef205f..23619a26c8 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -17,7 +17,7 @@ #include "mbedtls/ssl.h" #include "ssl_misc.h" #if defined(MBEDTLS_USE_PSA_CRYPTO) -#include "md_psa.h" +#include "mbedtls/psa_util.h" #endif #include diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c index ee81eb420f..2772cac4be 100644 --- a/library/ssl_cookie.c +++ b/library/ssl_cookie.c @@ -24,7 +24,7 @@ #include #if defined(MBEDTLS_USE_PSA_CRYPTO) -#include "md_psa.h" +#include "mbedtls/psa_util.h" /* Define a local translating function to save code size by not using too many * arguments in each translating place. */ static int local_err_translation(psa_status_t status) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 8c1e37251b..0bc18f1261 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -29,6 +29,7 @@ #include #if defined(MBEDTLS_USE_PSA_CRYPTO) +#include "mbedtls/psa_util.h" #include "md_psa.h" #include "psa_util_internal.h" #include "psa/crypto.h" diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 5c668bdf29..a3d33a34f8 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -19,7 +19,7 @@ #include "ssl_client.h" #include "ssl_tls13_keys.h" #include "ssl_debug_helpers.h" -#include "md_psa.h" +#include "mbedtls/psa_util.h" #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) /* Define a local translating function to save code size by not using too many diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 47fa65c188..04ecd8b43a 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -17,7 +17,7 @@ #include "mbedtls/platform.h" #include "mbedtls/constant_time.h" #include "psa/crypto.h" -#include "md_psa.h" +#include "mbedtls/psa_util.h" #include "ssl_misc.h" #include "ssl_tls13_invasive.h" diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 9b775ec954..edb453c3e2 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -22,7 +22,7 @@ #include "ssl_tls13_invasive.h" #include "psa/crypto.h" -#include "md_psa.h" +#include "mbedtls/psa_util.h" /* Define a local translating function to save code size by not using too many * arguments in each translating place. */ diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 6e2866a112..904bb5b6f4 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -14,7 +14,7 @@ #include "mbedtls/platform.h" #include "mbedtls/constant_time.h" #include "mbedtls/oid.h" -#include "md_psa.h" +#include "mbedtls/psa_util.h" #include "ssl_misc.h" #include "ssl_tls13_keys.h" diff --git a/library/x509_crt.c b/library/x509_crt.c index 4e7672e374..84b92a891a 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -35,7 +35,7 @@ #if defined(MBEDTLS_USE_PSA_CRYPTO) #include "psa/crypto.h" #include "psa_util_internal.h" -#include "md_psa.h" +#include "mbedtls/psa_util.h" #endif /* MBEDTLS_USE_PSA_CRYPTO */ #include "pk_internal.h" diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 44b6b1781e..913b15a709 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -33,7 +33,7 @@ #if defined(MBEDTLS_USE_PSA_CRYPTO) #include "psa/crypto.h" #include "psa_util_internal.h" -#include "md_psa.h" +#include "mbedtls/psa_util.h" #endif /* MBEDTLS_USE_PSA_CRYPTO */ void mbedtls_x509write_crt_init(mbedtls_x509write_cert *ctx) diff --git a/library/x509write_csr.c b/library/x509write_csr.c index 254da69a9f..af75e7f720 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -24,7 +24,7 @@ #if defined(MBEDTLS_USE_PSA_CRYPTO) #include "psa/crypto.h" #include "psa_util_internal.h" -#include "md_psa.h" +#include "mbedtls/psa_util.h" #endif /* MBEDTLS_USE_PSA_CRYPTO */ #include diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index 3d8937da6d..2368a7654f 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -9,7 +9,7 @@ */ #include -#include "md_psa.h" +#include "mbedtls/psa_util.h" #if defined(MBEDTLS_SSL_TLS_C) #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) diff --git a/tests/suites/test_suite_constant_time_hmac.function b/tests/suites/test_suite_constant_time_hmac.function index 9d9aa3c778..0e870d80fd 100644 --- a/tests/suites/test_suite_constant_time_hmac.function +++ b/tests/suites/test_suite_constant_time_hmac.function @@ -3,7 +3,7 @@ #include #include #include -#include "md_psa.h" +#include "mbedtls/psa_util.h" #include #include diff --git a/tests/suites/test_suite_md.function b/tests/suites/test_suite_md.function index 866ff588f8..2a885e2371 100644 --- a/tests/suites/test_suite_md.function +++ b/tests/suites/test_suite_md.function @@ -1,6 +1,6 @@ /* BEGIN_HEADER */ #include "mbedtls/md.h" -#include "md_psa.h" +#include "mbedtls/psa_util.h" #include "mbedtls/oid.h" #include "mbedtls/asn1.h" diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 226598c724..f054443178 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -16,7 +16,7 @@ * but the test code generator requires test case data to be valid C code * unconditionally (https://github.com/Mbed-TLS/mbedtls/issues/2023). */ #include "psa/crypto.h" -#include "md_psa.h" +#include "mbedtls/psa_util.h" /* Used for properly sizing the key buffer in pk_genkey_ec() */ #include "psa_util_internal.h" diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index 503d9764cb..1d8b87ce21 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -7,7 +7,7 @@ #include "mbedtls/rsa.h" #include "mbedtls/asn1write.h" #include "mbedtls/pk.h" -#include "md_psa.h" +#include "mbedtls/psa_util.h" #if defined(MBEDTLS_RSA_C) int mbedtls_rsa_decrypt_func(void *ctx, size_t *olen,