library: common: add helper to get PSA algorithm from PK sigalg

Add a simple helper to convert from PK sigalg to PSA algorithm. This is handy when calling mbedtls_pk_can_do_psa() knowing the PK sigalg and the used MD type. This is being added in a separate file because it's meant to be consumed by both ssl and x509 modules. It was not added to tf-psa-crypto because this is only needed on the mbedtls repo and doing so reduce interdependencies between the repos. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2026-03-20 11:11:08 +01:00 · 2025-11-12 12:55:52 +01:00
parent 024c3aeb9e
commit 92926ff4dc
1 changed files with 23 additions and 0 deletions
--- a/library/mbedtls_utils.h
+++ b/library/mbedtls_utils.h
@@ -0,0 +1,23 @@
+#include "mbedtls/pk.h"
+#include "psa/crypto.h"
+
+#ifndef MBEDTLS_UTILS_H
+#define MBEDTLS_UTILS_H
+
+/* Return the PSA algorithm associated to the given combination of "sigalg" and "hash_alg". */
+static inline int mbedtls_psa_alg_from_pk_sigalg(mbedtls_pk_sigalg_t sigalg,
+                                                 psa_algorithm_t hash_alg)
+{
+    switch (sigalg) {
+        case MBEDTLS_PK_SIGALG_RSA_PKCS1V15:
+            return PSA_ALG_RSA_PKCS1V15_SIGN(hash_alg);
+        case MBEDTLS_PK_SIGALG_RSA_PSS:
+            return PSA_ALG_RSA_PSS(hash_alg);
+        case MBEDTLS_PK_SIGALG_ECDSA:
+            return MBEDTLS_PK_ALG_ECDSA(hash_alg);
+        default:
+            return MBEDTLS_PK_SIGALG_NONE;
+    }
+}
+
+#endif /* MBEDTLS_UTILS_H */