mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2026-03-20 11:11:08 +01:00
library: bulk replace MBEDTLS_RSA_C with PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
Follow the same pattern that was used in the past to remove dependency on MBEDTLS_RSA_C and use PSA_WANT instead. Relying on MBEDTLS_RSA_C is fine only when builtin drivers are compiled since all PSA_WANT are converted to legacy build symbols. However when builtin drivers are not built (ex: in case of TF-M), then part of the code in TLS/X509 won't be compiled because MBEDTLS_RSA_C is not set. OTOH it's not possible to declare that symbol in a configuration file because it's a legacy one and it will be rejected by buildtime checks. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This commit is contained in:
Valerio Setti
@@ -2468,7 +2468,7 @@ static inline int mbedtls_ssl_tls12_sig_alg_is_supported(
|
||||
}
|
||||
|
||||
switch (sig) {
|
||||
#if defined(MBEDTLS_RSA_C)
|
||||
#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC)
|
||||
case MBEDTLS_SSL_SIG_RSA:
|
||||
break;
|
||||
#endif
|
||||
|
||||
@@ -5271,17 +5271,17 @@ static const uint16_t ssl_preset_default_sig_algs[] = {
|
||||
MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256,
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_RSA_C) && defined(PSA_WANT_ALG_SHA_512)
|
||||
#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) && defined(PSA_WANT_ALG_SHA_512)
|
||||
MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512,
|
||||
#endif /* MBEDTLS_RSA_C && PSA_WANT_ALG_SHA_512 */
|
||||
#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC && PSA_WANT_ALG_SHA_512 */
|
||||
|
||||
#if defined(MBEDTLS_RSA_C) && defined(PSA_WANT_ALG_SHA_384)
|
||||
#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) && defined(PSA_WANT_ALG_SHA_384)
|
||||
MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384,
|
||||
#endif /* MBEDTLS_RSA_C && PSA_WANT_ALG_SHA_384 */
|
||||
#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC && PSA_WANT_ALG_SHA_384 */
|
||||
|
||||
#if defined(MBEDTLS_RSA_C) && defined(PSA_WANT_ALG_SHA_256)
|
||||
#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) && defined(PSA_WANT_ALG_SHA_256)
|
||||
MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256,
|
||||
#endif /* MBEDTLS_RSA_C && PSA_WANT_ALG_SHA_256 */
|
||||
#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC && PSA_WANT_ALG_SHA_256 */
|
||||
|
||||
MBEDTLS_TLS_SIG_NONE
|
||||
};
|
||||
@@ -5297,7 +5297,7 @@ static const uint16_t ssl_tls12_preset_default_sig_algs[] = {
|
||||
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
|
||||
MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512,
|
||||
#endif
|
||||
#if defined(MBEDTLS_RSA_C)
|
||||
#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC)
|
||||
MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA512),
|
||||
#endif
|
||||
#endif /* PSA_WANT_ALG_SHA_512 */
|
||||
@@ -5309,7 +5309,7 @@ static const uint16_t ssl_tls12_preset_default_sig_algs[] = {
|
||||
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
|
||||
MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384,
|
||||
#endif
|
||||
#if defined(MBEDTLS_RSA_C)
|
||||
#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC)
|
||||
MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA384),
|
||||
#endif
|
||||
#endif /* PSA_WANT_ALG_SHA_384 */
|
||||
@@ -5321,7 +5321,7 @@ static const uint16_t ssl_tls12_preset_default_sig_algs[] = {
|
||||
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
|
||||
MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256,
|
||||
#endif
|
||||
#if defined(MBEDTLS_RSA_C)
|
||||
#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC)
|
||||
MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA256),
|
||||
#endif
|
||||
#endif /* PSA_WANT_ALG_SHA_256 */
|
||||
@@ -5615,7 +5615,8 @@ void mbedtls_ssl_config_free(mbedtls_ssl_config *conf)
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_PK_C) && \
|
||||
(defined(MBEDTLS_RSA_C) || defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED))
|
||||
(defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED))
|
||||
/*
|
||||
* Convert between MBEDTLS_PK_XXX and SSL_SIG_XXX
|
||||
*/
|
||||
@@ -5623,7 +5624,7 @@ unsigned char mbedtls_ssl_sig_from_pk(mbedtls_pk_context *pk)
|
||||
{
|
||||
psa_key_type_t key_type = mbedtls_pk_get_key_type(pk);
|
||||
|
||||
#if defined(MBEDTLS_RSA_C)
|
||||
#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC)
|
||||
if (PSA_KEY_TYPE_IS_RSA(key_type)) {
|
||||
return MBEDTLS_SSL_SIG_RSA;
|
||||
}
|
||||
@@ -5651,7 +5652,7 @@ unsigned char mbedtls_ssl_sig_from_pk_alg(mbedtls_pk_sigalg_t type)
|
||||
mbedtls_pk_sigalg_t mbedtls_ssl_pk_sig_alg_from_sig(unsigned char sig)
|
||||
{
|
||||
switch (sig) {
|
||||
#if defined(MBEDTLS_RSA_C)
|
||||
#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC)
|
||||
case MBEDTLS_SSL_SIG_RSA:
|
||||
return MBEDTLS_PK_SIGALG_RSA_PKCS1V15;
|
||||
#endif
|
||||
@@ -5664,7 +5665,7 @@ mbedtls_pk_sigalg_t mbedtls_ssl_pk_sig_alg_from_sig(unsigned char sig)
|
||||
}
|
||||
}
|
||||
#endif /* MBEDTLS_PK_C &&
|
||||
( MBEDTLS_RSA_C || MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED ) */
|
||||
( PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC || MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED ) */
|
||||
|
||||
/*
|
||||
* Convert from MBEDTLS_SSL_HASH_XXX to MBEDTLS_MD_XXX
|
||||
|
||||
@@ -1299,7 +1299,7 @@ static int ssl_parse_client_hello(mbedtls_ssl_context *ssl)
|
||||
MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA,
|
||||
MBEDTLS_SSL_HASH_SHA1),
|
||||
#endif
|
||||
#if defined(MBEDTLS_RSA_C)
|
||||
#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC)
|
||||
MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_RSA,
|
||||
MBEDTLS_SSL_HASH_SHA1),
|
||||
#endif
|
||||
@@ -2246,7 +2246,7 @@ static int ssl_write_certificate_request(mbedtls_ssl_context *ssl)
|
||||
*/
|
||||
ct_len = 0;
|
||||
|
||||
#if defined(MBEDTLS_RSA_C)
|
||||
#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC)
|
||||
p[1 + ct_len++] = MBEDTLS_SSL_CERT_TYPE_RSA_SIGN;
|
||||
#endif
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED)
|
||||
|
||||
@@ -210,7 +210,7 @@ static int x509_profile_check_key(const mbedtls_x509_crt_profile *profile,
|
||||
{
|
||||
const mbedtls_pk_type_t pk_alg = mbedtls_pk_get_type(pk);
|
||||
|
||||
#if defined(MBEDTLS_RSA_C)
|
||||
#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC)
|
||||
if (pk_alg == MBEDTLS_PK_RSA || pk_alg == MBEDTLS_PK_RSASSA_PSS) {
|
||||
if (mbedtls_pk_get_bitlen(pk) >= profile->rsa_min_bitlen) {
|
||||
return 0;
|
||||
@@ -218,7 +218,7 @@ static int x509_profile_check_key(const mbedtls_x509_crt_profile *profile,
|
||||
|
||||
return -1;
|
||||
}
|
||||
#endif /* MBEDTLS_RSA_C */
|
||||
#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC */
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
|
||||
if (pk_alg == MBEDTLS_PK_ECDSA ||
|
||||
|
||||
@@ -386,7 +386,7 @@ typedef struct {
|
||||
|
||||
static const oid_sig_alg_t oid_sig_alg[] =
|
||||
{
|
||||
#if defined(MBEDTLS_RSA_C)
|
||||
#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC)
|
||||
#if defined(PSA_WANT_ALG_MD5)
|
||||
{
|
||||
OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_MD5, "md5WithRSAEncryption", "RSA with MD5"),
|
||||
@@ -433,7 +433,7 @@ static const oid_sig_alg_t oid_sig_alg[] =
|
||||
MBEDTLS_MD_SHA1, MBEDTLS_PK_SIGALG_RSA_PKCS1V15,
|
||||
},
|
||||
#endif /* PSA_WANT_ALG_SHA_1 */
|
||||
#endif /* MBEDTLS_RSA_C */
|
||||
#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC */
|
||||
#if defined(PSA_HAVE_ALG_SOME_ECDSA)
|
||||
#if defined(PSA_WANT_ALG_SHA_1)
|
||||
{
|
||||
@@ -466,12 +466,12 @@ static const oid_sig_alg_t oid_sig_alg[] =
|
||||
},
|
||||
#endif /* PSA_WANT_ALG_SHA_512 */
|
||||
#endif /* PSA_HAVE_ALG_SOME_ECDSA */
|
||||
#if defined(MBEDTLS_RSA_C)
|
||||
#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC)
|
||||
{
|
||||
OID_DESCRIPTOR(MBEDTLS_OID_RSASSA_PSS, "RSASSA-PSS", "RSASSA-PSS"),
|
||||
MBEDTLS_MD_NONE, MBEDTLS_PK_SIGALG_RSA_PSS,
|
||||
},
|
||||
#endif /* MBEDTLS_RSA_C */
|
||||
#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC */
|
||||
{
|
||||
NULL_OID_DESCRIPTOR,
|
||||
MBEDTLS_MD_NONE, MBEDTLS_PK_SIGALG_NONE,
|
||||
|
||||
Reference in New Issue
Block a user