From 45c3cae8a5b9c6282d3ffb3efd980ac92f5a4288 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 2 Jan 2024 13:26:04 +0100 Subject: [PATCH 01/13] md: move PSA conversion functions from md_psa.h to psa_util.h Signed-off-by: Valerio Setti --- include/mbedtls/psa_util.h | 37 +++++++++++++++++++++++++++++++++++++ library/md_psa.h | 37 ------------------------------------- 2 files changed, 37 insertions(+), 37 deletions(-) diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index 5f6a05315a..249b8d421c 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -148,6 +148,43 @@ mbedtls_ecp_group_id mbedtls_ecc_group_of_psa(psa_ecc_family_t curve, int bits_is_sloppy); #endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ +/** + * \brief This function returns the PSA algorithm identifier + * associated with the given digest type. + * + * \param md_type The type of digest to search for. Must not be NONE. + * + * \warning If \p md_type is \c MBEDTLS_MD_NONE, this function will + * not return \c PSA_ALG_NONE, but an invalid algorithm. + * + * \warning This function does not check if the algorithm is + * supported, it always returns the corresponding identifier. + * + * \return The PSA algorithm identifier associated with \p md_type, + * regardless of whether it is supported or not. + */ +static inline psa_algorithm_t mbedtls_md_psa_alg_from_type(mbedtls_md_type_t md_type) +{ + return PSA_ALG_CATEGORY_HASH | (psa_algorithm_t) md_type; +} + +/** + * \brief This function returns the given digest type + * associated with the PSA algorithm identifier. + * + * \param psa_alg The PSA algorithm identifier to search for. + * + * \warning This function does not check if the algorithm is + * supported, it always returns the corresponding identifier. + * + * \return The MD type associated with \p psa_alg, + * regardless of whether it is supported or not. + */ +static inline mbedtls_md_type_t mbedtls_md_type_from_psa_alg(psa_algorithm_t psa_alg) +{ + return (mbedtls_md_type_t) (psa_alg & PSA_ALG_HASH_MASK); +} + /**@}*/ #endif /* MBEDTLS_PSA_CRYPTO_C */ diff --git a/library/md_psa.h b/library/md_psa.h index b201263b1a..028ba2409c 100644 --- a/library/md_psa.h +++ b/library/md_psa.h @@ -15,43 +15,6 @@ #include "mbedtls/md.h" #include "psa/crypto.h" -/** - * \brief This function returns the PSA algorithm identifier - * associated with the given digest type. - * - * \param md_type The type of digest to search for. Must not be NONE. - * - * \warning If \p md_type is \c MBEDTLS_MD_NONE, this function will - * not return \c PSA_ALG_NONE, but an invalid algorithm. - * - * \warning This function does not check if the algorithm is - * supported, it always returns the corresponding identifier. - * - * \return The PSA algorithm identifier associated with \p md_type, - * regardless of whether it is supported or not. - */ -static inline psa_algorithm_t mbedtls_md_psa_alg_from_type(mbedtls_md_type_t md_type) -{ - return PSA_ALG_CATEGORY_HASH | (psa_algorithm_t) md_type; -} - -/** - * \brief This function returns the given digest type - * associated with the PSA algorithm identifier. - * - * \param psa_alg The PSA algorithm identifier to search for. - * - * \warning This function does not check if the algorithm is - * supported, it always returns the corresponding identifier. - * - * \return The MD type associated with \p psa_alg, - * regardless of whether it is supported or not. - */ -static inline mbedtls_md_type_t mbedtls_md_type_from_psa_alg(psa_algorithm_t psa_alg) -{ - return (mbedtls_md_type_t) (psa_alg & PSA_ALG_HASH_MASK); -} - /** Convert PSA status to MD error code. * * \param status PSA status. From 384fbde49a4e9d6b87dac45217557eed06267661 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 2 Jan 2024 13:26:40 +0100 Subject: [PATCH 02/13] library/tests: replace md_psa.h with psa_util.h as include file for MD conversion Signed-off-by: Valerio Setti --- library/pk.c | 2 +- library/pk_wrap.c | 2 +- library/psa_crypto.c | 2 +- library/psa_crypto_ecp.c | 2 +- library/psa_crypto_rsa.c | 2 +- library/ssl_ciphersuites.c | 2 +- library/ssl_cookie.c | 2 +- library/ssl_tls.c | 1 + library/ssl_tls13_client.c | 2 +- library/ssl_tls13_generic.c | 2 +- library/ssl_tls13_keys.c | 2 +- library/ssl_tls13_server.c | 2 +- library/x509_crt.c | 2 +- library/x509write_crt.c | 2 +- library/x509write_csr.c | 2 +- tests/src/test_helpers/ssl_helpers.c | 2 +- tests/suites/test_suite_constant_time_hmac.function | 2 +- tests/suites/test_suite_md.function | 2 +- tests/suites/test_suite_pk.function | 2 +- tests/suites/test_suite_x509write.function | 2 +- 20 files changed, 20 insertions(+), 19 deletions(-) diff --git a/library/pk.c b/library/pk.c index 61ac0dfab0..9261837017 100644 --- a/library/pk.c +++ b/library/pk.c @@ -31,7 +31,7 @@ #if defined(MBEDTLS_USE_PSA_CRYPTO) #include "psa_util_internal.h" -#include "md_psa.h" +#include "mbedtls/psa_util.h" #endif #include diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 9247945230..c232650229 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -13,7 +13,7 @@ #include "pk_wrap.h" #include "pk_internal.h" #include "mbedtls/error.h" -#include "md_psa.h" +#include "mbedtls/psa_util.h" /* Even if RSA not activated, for the sake of RSA-alt */ #include "mbedtls/rsa.h" diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 10d17b6df5..a20dafaf01 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -70,7 +70,7 @@ #include "mbedtls/sha1.h" #include "mbedtls/sha256.h" #include "mbedtls/sha512.h" -#include "md_psa.h" +#include "mbedtls/psa_util.h" #if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) || \ diff --git a/library/psa_crypto_ecp.c b/library/psa_crypto_ecp.c index e4a372d242..41641549c9 100644 --- a/library/psa_crypto_ecp.c +++ b/library/psa_crypto_ecp.c @@ -14,7 +14,7 @@ #include "psa_crypto_core.h" #include "psa_crypto_ecp.h" #include "psa_crypto_random_impl.h" -#include "md_psa.h" +#include "mbedtls/psa_util.h" #include #include diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c index 0679f41eab..7b58ea22a5 100644 --- a/library/psa_crypto_rsa.c +++ b/library/psa_crypto_rsa.c @@ -16,7 +16,7 @@ #include "psa_crypto_random_impl.h" #include "psa_crypto_rsa.h" #include "psa_crypto_hash.h" -#include "md_psa.h" +#include "mbedtls/psa_util.h" #include #include diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index 6224ef205f..23619a26c8 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -17,7 +17,7 @@ #include "mbedtls/ssl.h" #include "ssl_misc.h" #if defined(MBEDTLS_USE_PSA_CRYPTO) -#include "md_psa.h" +#include "mbedtls/psa_util.h" #endif #include diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c index ee81eb420f..2772cac4be 100644 --- a/library/ssl_cookie.c +++ b/library/ssl_cookie.c @@ -24,7 +24,7 @@ #include #if defined(MBEDTLS_USE_PSA_CRYPTO) -#include "md_psa.h" +#include "mbedtls/psa_util.h" /* Define a local translating function to save code size by not using too many * arguments in each translating place. */ static int local_err_translation(psa_status_t status) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index e1fb1283e6..28bf1d8a0c 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -29,6 +29,7 @@ #include #if defined(MBEDTLS_USE_PSA_CRYPTO) +#include "mbedtls/psa_util.h" #include "md_psa.h" #include "psa_util_internal.h" #include "psa/crypto.h" diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index ae1136431e..ffaffe925a 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -19,7 +19,7 @@ #include "ssl_client.h" #include "ssl_tls13_keys.h" #include "ssl_debug_helpers.h" -#include "md_psa.h" +#include "mbedtls/psa_util.h" #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) /* Define a local translating function to save code size by not using too many diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index fe2a2eba78..30b444d597 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -17,7 +17,7 @@ #include "mbedtls/platform.h" #include "mbedtls/constant_time.h" #include "psa/crypto.h" -#include "md_psa.h" +#include "mbedtls/psa_util.h" #include "ssl_misc.h" #include "ssl_tls13_invasive.h" diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 9b775ec954..edb453c3e2 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -22,7 +22,7 @@ #include "ssl_tls13_invasive.h" #include "psa/crypto.h" -#include "md_psa.h" +#include "mbedtls/psa_util.h" /* Define a local translating function to save code size by not using too many * arguments in each translating place. */ diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index fe7a674d66..82b6bfcec1 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -14,7 +14,7 @@ #include "mbedtls/platform.h" #include "mbedtls/constant_time.h" #include "mbedtls/oid.h" -#include "md_psa.h" +#include "mbedtls/psa_util.h" #include "ssl_misc.h" #include "ssl_tls13_keys.h" diff --git a/library/x509_crt.c b/library/x509_crt.c index 4e7672e374..84b92a891a 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -35,7 +35,7 @@ #if defined(MBEDTLS_USE_PSA_CRYPTO) #include "psa/crypto.h" #include "psa_util_internal.h" -#include "md_psa.h" +#include "mbedtls/psa_util.h" #endif /* MBEDTLS_USE_PSA_CRYPTO */ #include "pk_internal.h" diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 44b6b1781e..913b15a709 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -33,7 +33,7 @@ #if defined(MBEDTLS_USE_PSA_CRYPTO) #include "psa/crypto.h" #include "psa_util_internal.h" -#include "md_psa.h" +#include "mbedtls/psa_util.h" #endif /* MBEDTLS_USE_PSA_CRYPTO */ void mbedtls_x509write_crt_init(mbedtls_x509write_cert *ctx) diff --git a/library/x509write_csr.c b/library/x509write_csr.c index 254da69a9f..af75e7f720 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -24,7 +24,7 @@ #if defined(MBEDTLS_USE_PSA_CRYPTO) #include "psa/crypto.h" #include "psa_util_internal.h" -#include "md_psa.h" +#include "mbedtls/psa_util.h" #endif /* MBEDTLS_USE_PSA_CRYPTO */ #include diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index d02d305394..6233580b95 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -9,7 +9,7 @@ */ #include -#include "md_psa.h" +#include "mbedtls/psa_util.h" #if defined(MBEDTLS_SSL_TLS_C) #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) diff --git a/tests/suites/test_suite_constant_time_hmac.function b/tests/suites/test_suite_constant_time_hmac.function index 9d9aa3c778..0e870d80fd 100644 --- a/tests/suites/test_suite_constant_time_hmac.function +++ b/tests/suites/test_suite_constant_time_hmac.function @@ -3,7 +3,7 @@ #include #include #include -#include "md_psa.h" +#include "mbedtls/psa_util.h" #include #include diff --git a/tests/suites/test_suite_md.function b/tests/suites/test_suite_md.function index 866ff588f8..2a885e2371 100644 --- a/tests/suites/test_suite_md.function +++ b/tests/suites/test_suite_md.function @@ -1,6 +1,6 @@ /* BEGIN_HEADER */ #include "mbedtls/md.h" -#include "md_psa.h" +#include "mbedtls/psa_util.h" #include "mbedtls/oid.h" #include "mbedtls/asn1.h" diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 226598c724..f054443178 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -16,7 +16,7 @@ * but the test code generator requires test case data to be valid C code * unconditionally (https://github.com/Mbed-TLS/mbedtls/issues/2023). */ #include "psa/crypto.h" -#include "md_psa.h" +#include "mbedtls/psa_util.h" /* Used for properly sizing the key buffer in pk_genkey_ec() */ #include "psa_util_internal.h" diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index b59fd48f3c..543b441ffe 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -7,7 +7,7 @@ #include "mbedtls/rsa.h" #include "mbedtls/asn1write.h" #include "mbedtls/pk.h" -#include "md_psa.h" +#include "mbedtls/psa_util.h" #if defined(MBEDTLS_RSA_C) int mbedtls_rsa_decrypt_func(void *ctx, size_t *olen, From 3d2e0f5f42b9ac646f63d67e442f4af0f8a3fe4f Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 2 Jan 2024 14:57:19 +0100 Subject: [PATCH 03/13] psa_util: add algorithm's availability checks for MD conversion functions Signed-off-by: Valerio Setti --- include/mbedtls/psa_util.h | 27 +++------- library/psa_util.c | 106 +++++++++++++++++++++++++++++++++++++ 2 files changed, 112 insertions(+), 21 deletions(-) diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index 249b8d421c..e8fb3de61a 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -152,21 +152,12 @@ mbedtls_ecp_group_id mbedtls_ecc_group_of_psa(psa_ecc_family_t curve, * \brief This function returns the PSA algorithm identifier * associated with the given digest type. * - * \param md_type The type of digest to search for. Must not be NONE. + * \param md_type The type of digest to search for. * - * \warning If \p md_type is \c MBEDTLS_MD_NONE, this function will - * not return \c PSA_ALG_NONE, but an invalid algorithm. - * - * \warning This function does not check if the algorithm is - * supported, it always returns the corresponding identifier. - * - * \return The PSA algorithm identifier associated with \p md_type, - * regardless of whether it is supported or not. + * \return The PSA algorithm identifier associated with \p md_type; + * #PSA_ALG_NONE if the algorithm is unuspported or invalid. */ -static inline psa_algorithm_t mbedtls_md_psa_alg_from_type(mbedtls_md_type_t md_type) -{ - return PSA_ALG_CATEGORY_HASH | (psa_algorithm_t) md_type; -} +psa_algorithm_t mbedtls_md_psa_alg_from_type(mbedtls_md_type_t md_type); /** * \brief This function returns the given digest type @@ -174,16 +165,10 @@ static inline psa_algorithm_t mbedtls_md_psa_alg_from_type(mbedtls_md_type_t md_ * * \param psa_alg The PSA algorithm identifier to search for. * - * \warning This function does not check if the algorithm is - * supported, it always returns the corresponding identifier. - * * \return The MD type associated with \p psa_alg, - * regardless of whether it is supported or not. + * #MBEDTLS_MD_NONE if the algorithm is unsupported or invalid. */ -static inline mbedtls_md_type_t mbedtls_md_type_from_psa_alg(psa_algorithm_t psa_alg) -{ - return (mbedtls_md_type_t) (psa_alg & PSA_ALG_HASH_MASK); -} +mbedtls_md_type_t mbedtls_md_type_from_psa_alg(psa_algorithm_t psa_alg); /**@}*/ diff --git a/library/psa_util.c b/library/psa_util.c index 9b06de273f..bb054a33fb 100644 --- a/library/psa_util.c +++ b/library/psa_util.c @@ -330,4 +330,110 @@ mbedtls_ecp_group_id mbedtls_ecc_group_of_psa(psa_ecc_family_t curve, } #endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ +psa_algorithm_t mbedtls_md_psa_alg_from_type(mbedtls_md_type_t md_type) +{ + switch (md_type) { +#if defined(PSA_WANT_ALG_MD5) + case MBEDTLS_MD_MD5: + return PSA_ALG_MD5; +#endif +#if defined(PSA_WANT_ALG_RIPEMD160) + case MBEDTLS_MD_RIPEMD160: + return PSA_ALG_RIPEMD160; +#endif +#if defined(PSA_WANT_ALG_SHA_1) + case MBEDTLS_MD_SHA1: + return PSA_ALG_SHA_1; +#endif +#if defined(PSA_WANT_ALG_SHA_224) + case MBEDTLS_MD_SHA224: + return PSA_ALG_SHA_224; +#endif +#if defined(PSA_WANT_ALG_SHA_256) + case MBEDTLS_MD_SHA256: + return PSA_ALG_SHA_256; +#endif +#if defined(PSA_WANT_ALG_SHA_384) + case MBEDTLS_MD_SHA384: + return PSA_ALG_SHA_384; +#endif +#if defined(PSA_WANT_ALG_SHA_512) + case MBEDTLS_MD_SHA512: + return PSA_ALG_SHA_512; +#endif +#if defined(PSA_WANT_ALG_SHA3_224) + case MBEDTLS_MD_SHA3_224: + return PSA_ALG_SHA3_224; +#endif +#if defined(PSA_WANT_ALG_SHA3_256) + case MBEDTLS_MD_SHA3_256: + return PSA_ALG_SHA3_256; +#endif +#if defined(PSA_WANT_ALG_SHA3_384) + case MBEDTLS_MD_SHA3_384: + return PSA_ALG_SHA3_384; +#endif +#if defined(PSA_WANT_ALG_SHA3_512) + case MBEDTLS_MD_SHA3_512: + return PSA_ALG_SHA3_512; +#endif + case MBEDTLS_MD_NONE: + default: + return PSA_ALG_NONE; + } +} + +mbedtls_md_type_t mbedtls_md_type_from_psa_alg(psa_algorithm_t psa_alg) +{ + switch (psa_alg) { +#if defined(PSA_WANT_ALG_MD5) + case PSA_ALG_MD5: + return MBEDTLS_MD_MD5; +#endif +#if defined(PSA_WANT_ALG_RIPEMD160) + case PSA_ALG_RIPEMD160: + return MBEDTLS_MD_RIPEMD160; +#endif +#if defined(PSA_WANT_ALG_SHA_1) + case PSA_ALG_SHA_1: + return MBEDTLS_MD_SHA1; +#endif +#if defined(PSA_WANT_ALG_SHA_224) + case PSA_ALG_SHA_224: + return MBEDTLS_MD_SHA224; +#endif +#if defined(PSA_WANT_ALG_SHA_256) + case PSA_ALG_SHA_256: + return MBEDTLS_MD_SHA256; +#endif +#if defined(PSA_WANT_ALG_SHA_384) + case PSA_ALG_SHA_384: + return MBEDTLS_MD_SHA384; +#endif +#if defined(PSA_WANT_ALG_SHA_512) + case PSA_ALG_SHA_512: + return MBEDTLS_MD_SHA512; +#endif +#if defined(PSA_WANT_ALG_SHA3_224) + case PSA_ALG_SHA3_224: + return MBEDTLS_MD_SHA3_224; +#endif +#if defined(PSA_WANT_ALG_SHA3_256) + case PSA_ALG_SHA3_256: + return MBEDTLS_MD_SHA3_256; +#endif +#if defined(PSA_WANT_ALG_SHA3_384) + case PSA_ALG_SHA3_384: + return MBEDTLS_MD_SHA3_384; +#endif +#if defined(PSA_WANT_ALG_SHA3_512) + case PSA_ALG_SHA3_512: + return MBEDTLS_MD_SHA3_512; +#endif + case PSA_ALG_NONE: + default: + return MBEDTLS_MD_NONE; + } +} + #endif /* MBEDTLS_PSA_CRYPTO_C */ From 2c1070b39700be8a6fcda5f2266e8bbe5ac42e1c Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 2 Jan 2024 14:58:22 +0100 Subject: [PATCH 04/13] test_suite_md: improve md_to_from_psa() test function and related data Signed-off-by: Valerio Setti --- tests/suites/test_suite_md.data | 48 +++++++++++++++++++++++++++-- tests/suites/test_suite_md.function | 24 +++------------ 2 files changed, 51 insertions(+), 21 deletions(-) diff --git a/tests/suites/test_suite_md.data b/tests/suites/test_suite_md.data index fb9b5effa0..b831500d6f 100644 --- a/tests/suites/test_suite_md.data +++ b/tests/suites/test_suite_md.data @@ -2,8 +2,52 @@ MD list mbedtls_md_list: -MD <-> PSA conversion -md_to_from_psa: +MD <-> PSA conversion - MD5 +depends_on:PSA_WANT_ALG_MD5 +md_to_from_psa:MBEDTLS_MD_MD5:PSA_ALG_MD5 + +MD <-> PSA conversion - RIPEMD160 +depends_on:PSA_WANT_ALG_RIPEMD160 +md_to_from_psa:MBEDTLS_MD_RIPEMD160:PSA_ALG_RIPEMD160 + +MD <-> PSA conversion - SHA1 +depends_on:PSA_WANT_ALG_SHA_1 +md_to_from_psa:MBEDTLS_MD_SHA1:PSA_ALG_SHA_1 + +MD <-> PSA conversion - SHA224 +depends_on:PSA_WANT_ALG_SHA_224 +md_to_from_psa:MBEDTLS_MD_SHA224:PSA_ALG_SHA_224 + +MD <-> PSA conversion - SHA256 +depends_on:PSA_WANT_ALG_SHA_256 +md_to_from_psa:MBEDTLS_MD_SHA256:PSA_ALG_SHA_256 + +MD <-> PSA conversion - SHA384 +depends_on:PSA_WANT_ALG_SHA_384 +md_to_from_psa:MBEDTLS_MD_SHA384:PSA_ALG_SHA_384 + +MD <-> PSA conversion - SHA512 +depends_on:PSA_WANT_ALG_SHA_512 +md_to_from_psa:MBEDTLS_MD_SHA512:PSA_ALG_SHA_512 + +MD <-> PSA conversion - SHA3_224 +depends_on:PSA_WANT_ALG_SHA3_224 +md_to_from_psa:MBEDTLS_MD_SHA3_224:PSA_ALG_SHA3_224 + +MD <-> PSA conversion - SHA3_256 +depends_on:PSA_WANT_ALG_SHA3_256 +md_to_from_psa:MBEDTLS_MD_SHA3_256:PSA_ALG_SHA3_256 + +MD <-> PSA conversion - SHA3_384 +depends_on:PSA_WANT_ALG_SHA3_384 +md_to_from_psa:MBEDTLS_MD_SHA3_384:PSA_ALG_SHA3_384 + +MD <-> PSA conversion - SHA3_512 +depends_on:PSA_WANT_ALG_SHA3_512 +md_to_from_psa:MBEDTLS_MD_SHA3_512:PSA_ALG_SHA3_512 + +MD <-> PSA conversion - NONE +md_to_from_psa:MBEDTLS_MD_NONE:PSA_ALG_NONE MD NULL/uninitialised arguments md_null_args: diff --git a/tests/suites/test_suite_md.function b/tests/suites/test_suite_md.function index 2a885e2371..0a8e4216ee 100644 --- a/tests/suites/test_suite_md.function +++ b/tests/suites/test_suite_md.function @@ -4,10 +4,6 @@ #include "mbedtls/oid.h" #include "mbedtls/asn1.h" - -#define MD_PSA(md, psa) \ - TEST_EQUAL(mbedtls_md_psa_alg_from_type(md), psa); \ - TEST_EQUAL(mbedtls_md_type_from_psa_alg(psa), md); /* END_HEADER */ /* BEGIN_DEPENDENCIES @@ -63,23 +59,13 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C */ -void md_to_from_psa() +void md_to_from_psa(int md_alg_arg, int psa_alg_arg) { - /* We use a simplified implementation that relies on numerical values - * being aligned, so make sure they remain so. */ - MD_PSA(MBEDTLS_MD_MD5, PSA_ALG_MD5); - MD_PSA(MBEDTLS_MD_RIPEMD160, PSA_ALG_RIPEMD160); - MD_PSA(MBEDTLS_MD_SHA1, PSA_ALG_SHA_1); - MD_PSA(MBEDTLS_MD_SHA224, PSA_ALG_SHA_224); - MD_PSA(MBEDTLS_MD_SHA256, PSA_ALG_SHA_256); - MD_PSA(MBEDTLS_MD_SHA384, PSA_ALG_SHA_384); - MD_PSA(MBEDTLS_MD_SHA512, PSA_ALG_SHA_512); - MD_PSA(MBEDTLS_MD_SHA3_224, PSA_ALG_SHA3_224); - MD_PSA(MBEDTLS_MD_SHA3_256, PSA_ALG_SHA3_256); - MD_PSA(MBEDTLS_MD_SHA3_384, PSA_ALG_SHA3_384); - MD_PSA(MBEDTLS_MD_SHA3_512, PSA_ALG_SHA3_512); + mbedtls_md_type_t md_alg = md_alg_arg; + psa_algorithm_t psa_alg = psa_alg_arg; - /* Don't test for NONE<->NONE as this is not guaranteed */ + TEST_EQUAL(mbedtls_md_psa_alg_from_type(md_alg), psa_alg); \ + TEST_EQUAL(mbedtls_md_type_from_psa_alg(psa_alg), md_alg); } /* END_CASE */ From a835d6da087ff55e9ec103074bba805490862140 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 2 Jan 2024 15:02:19 +0100 Subject: [PATCH 05/13] changelog: document MD's conversion functions Signed-off-by: Valerio Setti --- ChangeLog.d/8664.txt | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 ChangeLog.d/8664.txt diff --git a/ChangeLog.d/8664.txt b/ChangeLog.d/8664.txt new file mode 100644 index 0000000000..03e297c18b --- /dev/null +++ b/ChangeLog.d/8664.txt @@ -0,0 +1,4 @@ +Features + * mbedtls_md_psa_alg_from_type() and mbedtls_md_type_from_psa_alg() helper + functions were added to convert from mbedtls_md_type_t to psa_algorithm_t + and viceversa. From a87cd17b35325092ebb7933ccad61303de89b12a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 2 Jan 2024 15:12:37 +0100 Subject: [PATCH 06/13] psa-transition: update with MD translation functions Signed-off-by: Valerio Setti --- docs/psa-transition.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/psa-transition.md b/docs/psa-transition.md index 067ffafbd3..48beb80a34 100644 --- a/docs/psa-transition.md +++ b/docs/psa-transition.md @@ -443,6 +443,10 @@ The equivalent to `mbedtls_md_type_t` and `MBEDTLS_MD_XXX` constants is the type | `MBEDTLS_MD_SHA3_384` | `PSA_ALG_SHA3_384` | | `MBEDTLS_MD_SHA3_512` | `PSA_ALG_SHA3_512` | +The following helper functions can be used to convert between the 2 types: +- `mbedtls_md_psa_alg_from_type()` converts from legacy `mbedtls_md_type_t` to PSA's `psa_algorithm_t`. +- `mbedtls_md_type_from_psa_alg()` converts from PSA's `psa_algorithm_t` to legacy `mbedtls_md_type_t`. + ### MAC mechanism selection PSA Crypto has a generic API with the same functions for all MAC mechanisms. The mechanism is determined by a combination of an algorithm value of type [`psa_algorithm_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1gac2e4d47f1300d73c2f829a6d99252d69) and a key type value of type [`psa_key_type_t`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__crypto__types/#group__crypto__types_1ga63fce6880ca5933b5d6baa257febf1f6). From 2a185c30af0ea800335b179e0af59cbccd88ae0c Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 4 Jan 2024 13:31:36 +0100 Subject: [PATCH 07/13] changelog: rename changelog file to reflect the number of the related issue Signed-off-by: Valerio Setti --- ChangeLog.d/{8664.txt => 8340.txt} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename ChangeLog.d/{8664.txt => 8340.txt} (100%) diff --git a/ChangeLog.d/8664.txt b/ChangeLog.d/8340.txt similarity index 100% rename from ChangeLog.d/8664.txt rename to ChangeLog.d/8340.txt From 04cccef256e2f66ead467e46e38c483e5765b2a2 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 4 Jan 2024 13:33:12 +0100 Subject: [PATCH 08/13] changelog: improve wording Signed-off-by: Valerio Setti --- ChangeLog.d/8340.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ChangeLog.d/8340.txt b/ChangeLog.d/8340.txt index 03e297c18b..78e84f7daf 100644 --- a/ChangeLog.d/8340.txt +++ b/ChangeLog.d/8340.txt @@ -1,4 +1,4 @@ Features - * mbedtls_md_psa_alg_from_type() and mbedtls_md_type_from_psa_alg() helper - functions were added to convert from mbedtls_md_type_t to psa_algorithm_t - and viceversa. + * Add functions mbedtls_md_psa_alg_from_type() and + mbedtls_md_type_from_psa_alg() to convert between mbedtls_md_type_t and + psa_algorithm_t and vice versa. From 3742f7c4b46d85369e8691efbf0f291a6f0d9830 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 5 Jan 2024 10:37:58 +0100 Subject: [PATCH 09/13] changelog: improve wording Signed-off-by: Valerio Setti --- ChangeLog.d/8340.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog.d/8340.txt b/ChangeLog.d/8340.txt index 78e84f7daf..5664bf170c 100644 --- a/ChangeLog.d/8340.txt +++ b/ChangeLog.d/8340.txt @@ -1,4 +1,4 @@ Features * Add functions mbedtls_md_psa_alg_from_type() and mbedtls_md_type_from_psa_alg() to convert between mbedtls_md_type_t and - psa_algorithm_t and vice versa. + psa_algorithm_t. From 98f5db9fca7fa9dc3a30c3264b720e41589d713d Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 5 Jan 2024 18:17:38 +0100 Subject: [PATCH 10/13] psa_util: fix typo in comment Signed-off-by: Valerio Setti --- include/mbedtls/psa_util.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index e8fb3de61a..7fcc9d2b0f 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -155,7 +155,7 @@ mbedtls_ecp_group_id mbedtls_ecc_group_of_psa(psa_ecc_family_t curve, * \param md_type The type of digest to search for. * * \return The PSA algorithm identifier associated with \p md_type; - * #PSA_ALG_NONE if the algorithm is unuspported or invalid. + * #PSA_ALG_NONE if the algorithm is unsupported or invalid. */ psa_algorithm_t mbedtls_md_psa_alg_from_type(mbedtls_md_type_t md_type); From cd38f2720678fffd28669aa1625695106060695f Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 9 Jan 2024 08:41:03 +0100 Subject: [PATCH 11/13] Revert "psa_util: fix typo in comment" This reverts commit 98f5db9fca7fa9dc3a30c3264b720e41589d713d. Signed-off-by: Valerio Setti --- include/mbedtls/psa_util.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index 7fcc9d2b0f..e8fb3de61a 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -155,7 +155,7 @@ mbedtls_ecp_group_id mbedtls_ecc_group_of_psa(psa_ecc_family_t curve, * \param md_type The type of digest to search for. * * \return The PSA algorithm identifier associated with \p md_type; - * #PSA_ALG_NONE if the algorithm is unsupported or invalid. + * #PSA_ALG_NONE if the algorithm is unuspported or invalid. */ psa_algorithm_t mbedtls_md_psa_alg_from_type(mbedtls_md_type_t md_type); From 9b2d738ccde53c4643a9905f548509e2a8457d86 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 9 Jan 2024 08:41:21 +0100 Subject: [PATCH 12/13] Revert "test_suite_md: improve md_to_from_psa() test function and related data" This reverts commit 2c1070b39700be8a6fcda5f2266e8bbe5ac42e1c. Signed-off-by: Valerio Setti --- tests/suites/test_suite_md.data | 48 ++--------------------------- tests/suites/test_suite_md.function | 24 ++++++++++++--- 2 files changed, 21 insertions(+), 51 deletions(-) diff --git a/tests/suites/test_suite_md.data b/tests/suites/test_suite_md.data index b831500d6f..fb9b5effa0 100644 --- a/tests/suites/test_suite_md.data +++ b/tests/suites/test_suite_md.data @@ -2,52 +2,8 @@ MD list mbedtls_md_list: -MD <-> PSA conversion - MD5 -depends_on:PSA_WANT_ALG_MD5 -md_to_from_psa:MBEDTLS_MD_MD5:PSA_ALG_MD5 - -MD <-> PSA conversion - RIPEMD160 -depends_on:PSA_WANT_ALG_RIPEMD160 -md_to_from_psa:MBEDTLS_MD_RIPEMD160:PSA_ALG_RIPEMD160 - -MD <-> PSA conversion - SHA1 -depends_on:PSA_WANT_ALG_SHA_1 -md_to_from_psa:MBEDTLS_MD_SHA1:PSA_ALG_SHA_1 - -MD <-> PSA conversion - SHA224 -depends_on:PSA_WANT_ALG_SHA_224 -md_to_from_psa:MBEDTLS_MD_SHA224:PSA_ALG_SHA_224 - -MD <-> PSA conversion - SHA256 -depends_on:PSA_WANT_ALG_SHA_256 -md_to_from_psa:MBEDTLS_MD_SHA256:PSA_ALG_SHA_256 - -MD <-> PSA conversion - SHA384 -depends_on:PSA_WANT_ALG_SHA_384 -md_to_from_psa:MBEDTLS_MD_SHA384:PSA_ALG_SHA_384 - -MD <-> PSA conversion - SHA512 -depends_on:PSA_WANT_ALG_SHA_512 -md_to_from_psa:MBEDTLS_MD_SHA512:PSA_ALG_SHA_512 - -MD <-> PSA conversion - SHA3_224 -depends_on:PSA_WANT_ALG_SHA3_224 -md_to_from_psa:MBEDTLS_MD_SHA3_224:PSA_ALG_SHA3_224 - -MD <-> PSA conversion - SHA3_256 -depends_on:PSA_WANT_ALG_SHA3_256 -md_to_from_psa:MBEDTLS_MD_SHA3_256:PSA_ALG_SHA3_256 - -MD <-> PSA conversion - SHA3_384 -depends_on:PSA_WANT_ALG_SHA3_384 -md_to_from_psa:MBEDTLS_MD_SHA3_384:PSA_ALG_SHA3_384 - -MD <-> PSA conversion - SHA3_512 -depends_on:PSA_WANT_ALG_SHA3_512 -md_to_from_psa:MBEDTLS_MD_SHA3_512:PSA_ALG_SHA3_512 - -MD <-> PSA conversion - NONE -md_to_from_psa:MBEDTLS_MD_NONE:PSA_ALG_NONE +MD <-> PSA conversion +md_to_from_psa: MD NULL/uninitialised arguments md_null_args: diff --git a/tests/suites/test_suite_md.function b/tests/suites/test_suite_md.function index 0a8e4216ee..2a885e2371 100644 --- a/tests/suites/test_suite_md.function +++ b/tests/suites/test_suite_md.function @@ -4,6 +4,10 @@ #include "mbedtls/oid.h" #include "mbedtls/asn1.h" + +#define MD_PSA(md, psa) \ + TEST_EQUAL(mbedtls_md_psa_alg_from_type(md), psa); \ + TEST_EQUAL(mbedtls_md_type_from_psa_alg(psa), md); /* END_HEADER */ /* BEGIN_DEPENDENCIES @@ -59,13 +63,23 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C */ -void md_to_from_psa(int md_alg_arg, int psa_alg_arg) +void md_to_from_psa() { - mbedtls_md_type_t md_alg = md_alg_arg; - psa_algorithm_t psa_alg = psa_alg_arg; + /* We use a simplified implementation that relies on numerical values + * being aligned, so make sure they remain so. */ + MD_PSA(MBEDTLS_MD_MD5, PSA_ALG_MD5); + MD_PSA(MBEDTLS_MD_RIPEMD160, PSA_ALG_RIPEMD160); + MD_PSA(MBEDTLS_MD_SHA1, PSA_ALG_SHA_1); + MD_PSA(MBEDTLS_MD_SHA224, PSA_ALG_SHA_224); + MD_PSA(MBEDTLS_MD_SHA256, PSA_ALG_SHA_256); + MD_PSA(MBEDTLS_MD_SHA384, PSA_ALG_SHA_384); + MD_PSA(MBEDTLS_MD_SHA512, PSA_ALG_SHA_512); + MD_PSA(MBEDTLS_MD_SHA3_224, PSA_ALG_SHA3_224); + MD_PSA(MBEDTLS_MD_SHA3_256, PSA_ALG_SHA3_256); + MD_PSA(MBEDTLS_MD_SHA3_384, PSA_ALG_SHA3_384); + MD_PSA(MBEDTLS_MD_SHA3_512, PSA_ALG_SHA3_512); - TEST_EQUAL(mbedtls_md_psa_alg_from_type(md_alg), psa_alg); \ - TEST_EQUAL(mbedtls_md_type_from_psa_alg(psa_alg), md_alg); + /* Don't test for NONE<->NONE as this is not guaranteed */ } /* END_CASE */ From dd2afcd881df115474eb12f9aa877b35530ec799 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 9 Jan 2024 08:41:29 +0100 Subject: [PATCH 13/13] Revert "psa_util: add algorithm's availability checks for MD conversion functions" This reverts commit 3d2e0f5f42b9ac646f63d67e442f4af0f8a3fe4f. Signed-off-by: Valerio Setti --- include/mbedtls/psa_util.h | 27 +++++++--- library/psa_util.c | 106 ------------------------------------- 2 files changed, 21 insertions(+), 112 deletions(-) diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index e8fb3de61a..249b8d421c 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -152,12 +152,21 @@ mbedtls_ecp_group_id mbedtls_ecc_group_of_psa(psa_ecc_family_t curve, * \brief This function returns the PSA algorithm identifier * associated with the given digest type. * - * \param md_type The type of digest to search for. + * \param md_type The type of digest to search for. Must not be NONE. * - * \return The PSA algorithm identifier associated with \p md_type; - * #PSA_ALG_NONE if the algorithm is unuspported or invalid. + * \warning If \p md_type is \c MBEDTLS_MD_NONE, this function will + * not return \c PSA_ALG_NONE, but an invalid algorithm. + * + * \warning This function does not check if the algorithm is + * supported, it always returns the corresponding identifier. + * + * \return The PSA algorithm identifier associated with \p md_type, + * regardless of whether it is supported or not. */ -psa_algorithm_t mbedtls_md_psa_alg_from_type(mbedtls_md_type_t md_type); +static inline psa_algorithm_t mbedtls_md_psa_alg_from_type(mbedtls_md_type_t md_type) +{ + return PSA_ALG_CATEGORY_HASH | (psa_algorithm_t) md_type; +} /** * \brief This function returns the given digest type @@ -165,10 +174,16 @@ psa_algorithm_t mbedtls_md_psa_alg_from_type(mbedtls_md_type_t md_type); * * \param psa_alg The PSA algorithm identifier to search for. * + * \warning This function does not check if the algorithm is + * supported, it always returns the corresponding identifier. + * * \return The MD type associated with \p psa_alg, - * #MBEDTLS_MD_NONE if the algorithm is unsupported or invalid. + * regardless of whether it is supported or not. */ -mbedtls_md_type_t mbedtls_md_type_from_psa_alg(psa_algorithm_t psa_alg); +static inline mbedtls_md_type_t mbedtls_md_type_from_psa_alg(psa_algorithm_t psa_alg) +{ + return (mbedtls_md_type_t) (psa_alg & PSA_ALG_HASH_MASK); +} /**@}*/ diff --git a/library/psa_util.c b/library/psa_util.c index bb054a33fb..9b06de273f 100644 --- a/library/psa_util.c +++ b/library/psa_util.c @@ -330,110 +330,4 @@ mbedtls_ecp_group_id mbedtls_ecc_group_of_psa(psa_ecc_family_t curve, } #endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ -psa_algorithm_t mbedtls_md_psa_alg_from_type(mbedtls_md_type_t md_type) -{ - switch (md_type) { -#if defined(PSA_WANT_ALG_MD5) - case MBEDTLS_MD_MD5: - return PSA_ALG_MD5; -#endif -#if defined(PSA_WANT_ALG_RIPEMD160) - case MBEDTLS_MD_RIPEMD160: - return PSA_ALG_RIPEMD160; -#endif -#if defined(PSA_WANT_ALG_SHA_1) - case MBEDTLS_MD_SHA1: - return PSA_ALG_SHA_1; -#endif -#if defined(PSA_WANT_ALG_SHA_224) - case MBEDTLS_MD_SHA224: - return PSA_ALG_SHA_224; -#endif -#if defined(PSA_WANT_ALG_SHA_256) - case MBEDTLS_MD_SHA256: - return PSA_ALG_SHA_256; -#endif -#if defined(PSA_WANT_ALG_SHA_384) - case MBEDTLS_MD_SHA384: - return PSA_ALG_SHA_384; -#endif -#if defined(PSA_WANT_ALG_SHA_512) - case MBEDTLS_MD_SHA512: - return PSA_ALG_SHA_512; -#endif -#if defined(PSA_WANT_ALG_SHA3_224) - case MBEDTLS_MD_SHA3_224: - return PSA_ALG_SHA3_224; -#endif -#if defined(PSA_WANT_ALG_SHA3_256) - case MBEDTLS_MD_SHA3_256: - return PSA_ALG_SHA3_256; -#endif -#if defined(PSA_WANT_ALG_SHA3_384) - case MBEDTLS_MD_SHA3_384: - return PSA_ALG_SHA3_384; -#endif -#if defined(PSA_WANT_ALG_SHA3_512) - case MBEDTLS_MD_SHA3_512: - return PSA_ALG_SHA3_512; -#endif - case MBEDTLS_MD_NONE: - default: - return PSA_ALG_NONE; - } -} - -mbedtls_md_type_t mbedtls_md_type_from_psa_alg(psa_algorithm_t psa_alg) -{ - switch (psa_alg) { -#if defined(PSA_WANT_ALG_MD5) - case PSA_ALG_MD5: - return MBEDTLS_MD_MD5; -#endif -#if defined(PSA_WANT_ALG_RIPEMD160) - case PSA_ALG_RIPEMD160: - return MBEDTLS_MD_RIPEMD160; -#endif -#if defined(PSA_WANT_ALG_SHA_1) - case PSA_ALG_SHA_1: - return MBEDTLS_MD_SHA1; -#endif -#if defined(PSA_WANT_ALG_SHA_224) - case PSA_ALG_SHA_224: - return MBEDTLS_MD_SHA224; -#endif -#if defined(PSA_WANT_ALG_SHA_256) - case PSA_ALG_SHA_256: - return MBEDTLS_MD_SHA256; -#endif -#if defined(PSA_WANT_ALG_SHA_384) - case PSA_ALG_SHA_384: - return MBEDTLS_MD_SHA384; -#endif -#if defined(PSA_WANT_ALG_SHA_512) - case PSA_ALG_SHA_512: - return MBEDTLS_MD_SHA512; -#endif -#if defined(PSA_WANT_ALG_SHA3_224) - case PSA_ALG_SHA3_224: - return MBEDTLS_MD_SHA3_224; -#endif -#if defined(PSA_WANT_ALG_SHA3_256) - case PSA_ALG_SHA3_256: - return MBEDTLS_MD_SHA3_256; -#endif -#if defined(PSA_WANT_ALG_SHA3_384) - case PSA_ALG_SHA3_384: - return MBEDTLS_MD_SHA3_384; -#endif -#if defined(PSA_WANT_ALG_SHA3_512) - case PSA_ALG_SHA3_512: - return MBEDTLS_MD_SHA3_512; -#endif - case PSA_ALG_NONE: - default: - return MBEDTLS_MD_NONE; - } -} - #endif /* MBEDTLS_PSA_CRYPTO_C */