mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2026-03-20 19:21:09 +01:00
library: bulk replace MBEDTLS_RSA_C with PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
Follow the same pattern that was used in the past to remove dependency on MBEDTLS_RSA_C and use PSA_WANT instead. Relying on MBEDTLS_RSA_C is fine only when builtin drivers are compiled since all PSA_WANT are converted to legacy build symbols. However when builtin drivers are not built (ex: in case of TF-M), then part of the code in TLS/X509 won't be compiled because MBEDTLS_RSA_C is not set. OTOH it's not possible to declare that symbol in a configuration file because it's a legacy one and it will be rejected by buildtime checks. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This commit is contained in:
Valerio Setti
@@ -2468,7 +2468,7 @@ static inline int mbedtls_ssl_tls12_sig_alg_is_supported(
|
|||||||
}
|
}
|
||||||
|
|
||||||
switch (sig) {
|
switch (sig) {
|
||||||
#if defined(MBEDTLS_RSA_C)
|
#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC)
|
||||||
case MBEDTLS_SSL_SIG_RSA:
|
case MBEDTLS_SSL_SIG_RSA:
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
@@ -5271,17 +5271,17 @@ static const uint16_t ssl_preset_default_sig_algs[] = {
|
|||||||
MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256,
|
MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256,
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_RSA_C) && defined(PSA_WANT_ALG_SHA_512)
|
#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) && defined(PSA_WANT_ALG_SHA_512)
|
||||||
MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512,
|
MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512,
|
||||||
#endif /* MBEDTLS_RSA_C && PSA_WANT_ALG_SHA_512 */
|
#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC && PSA_WANT_ALG_SHA_512 */
|
||||||
|
|
||||||
#if defined(MBEDTLS_RSA_C) && defined(PSA_WANT_ALG_SHA_384)
|
#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) && defined(PSA_WANT_ALG_SHA_384)
|
||||||
MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384,
|
MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384,
|
||||||
#endif /* MBEDTLS_RSA_C && PSA_WANT_ALG_SHA_384 */
|
#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC && PSA_WANT_ALG_SHA_384 */
|
||||||
|
|
||||||
#if defined(MBEDTLS_RSA_C) && defined(PSA_WANT_ALG_SHA_256)
|
#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) && defined(PSA_WANT_ALG_SHA_256)
|
||||||
MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256,
|
MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256,
|
||||||
#endif /* MBEDTLS_RSA_C && PSA_WANT_ALG_SHA_256 */
|
#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC && PSA_WANT_ALG_SHA_256 */
|
||||||
|
|
||||||
MBEDTLS_TLS_SIG_NONE
|
MBEDTLS_TLS_SIG_NONE
|
||||||
};
|
};
|
||||||
@@ -5297,7 +5297,7 @@ static const uint16_t ssl_tls12_preset_default_sig_algs[] = {
|
|||||||
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
|
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
|
||||||
MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512,
|
MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512,
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_RSA_C)
|
#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC)
|
||||||
MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA512),
|
MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA512),
|
||||||
#endif
|
#endif
|
||||||
#endif /* PSA_WANT_ALG_SHA_512 */
|
#endif /* PSA_WANT_ALG_SHA_512 */
|
||||||
@@ -5309,7 +5309,7 @@ static const uint16_t ssl_tls12_preset_default_sig_algs[] = {
|
|||||||
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
|
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
|
||||||
MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384,
|
MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384,
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_RSA_C)
|
#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC)
|
||||||
MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA384),
|
MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA384),
|
||||||
#endif
|
#endif
|
||||||
#endif /* PSA_WANT_ALG_SHA_384 */
|
#endif /* PSA_WANT_ALG_SHA_384 */
|
||||||
@@ -5321,7 +5321,7 @@ static const uint16_t ssl_tls12_preset_default_sig_algs[] = {
|
|||||||
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
|
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
|
||||||
MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256,
|
MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256,
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_RSA_C)
|
#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC)
|
||||||
MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA256),
|
MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA256),
|
||||||
#endif
|
#endif
|
||||||
#endif /* PSA_WANT_ALG_SHA_256 */
|
#endif /* PSA_WANT_ALG_SHA_256 */
|
||||||
@@ -5615,7 +5615,8 @@ void mbedtls_ssl_config_free(mbedtls_ssl_config *conf)
|
|||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_PK_C) && \
|
#if defined(MBEDTLS_PK_C) && \
|
||||||
(defined(MBEDTLS_RSA_C) || defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED))
|
(defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) || \
|
||||||
|
defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED))
|
||||||
/*
|
/*
|
||||||
* Convert between MBEDTLS_PK_XXX and SSL_SIG_XXX
|
* Convert between MBEDTLS_PK_XXX and SSL_SIG_XXX
|
||||||
*/
|
*/
|
||||||
@@ -5623,7 +5624,7 @@ unsigned char mbedtls_ssl_sig_from_pk(mbedtls_pk_context *pk)
|
|||||||
{
|
{
|
||||||
psa_key_type_t key_type = mbedtls_pk_get_key_type(pk);
|
psa_key_type_t key_type = mbedtls_pk_get_key_type(pk);
|
||||||
|
|
||||||
#if defined(MBEDTLS_RSA_C)
|
#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC)
|
||||||
if (PSA_KEY_TYPE_IS_RSA(key_type)) {
|
if (PSA_KEY_TYPE_IS_RSA(key_type)) {
|
||||||
return MBEDTLS_SSL_SIG_RSA;
|
return MBEDTLS_SSL_SIG_RSA;
|
||||||
}
|
}
|
||||||
@@ -5651,7 +5652,7 @@ unsigned char mbedtls_ssl_sig_from_pk_alg(mbedtls_pk_sigalg_t type)
|
|||||||
mbedtls_pk_sigalg_t mbedtls_ssl_pk_sig_alg_from_sig(unsigned char sig)
|
mbedtls_pk_sigalg_t mbedtls_ssl_pk_sig_alg_from_sig(unsigned char sig)
|
||||||
{
|
{
|
||||||
switch (sig) {
|
switch (sig) {
|
||||||
#if defined(MBEDTLS_RSA_C)
|
#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC)
|
||||||
case MBEDTLS_SSL_SIG_RSA:
|
case MBEDTLS_SSL_SIG_RSA:
|
||||||
return MBEDTLS_PK_SIGALG_RSA_PKCS1V15;
|
return MBEDTLS_PK_SIGALG_RSA_PKCS1V15;
|
||||||
#endif
|
#endif
|
||||||
@@ -5664,7 +5665,7 @@ mbedtls_pk_sigalg_t mbedtls_ssl_pk_sig_alg_from_sig(unsigned char sig)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_PK_C &&
|
#endif /* MBEDTLS_PK_C &&
|
||||||
( MBEDTLS_RSA_C || MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED ) */
|
( PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC || MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED ) */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Convert from MBEDTLS_SSL_HASH_XXX to MBEDTLS_MD_XXX
|
* Convert from MBEDTLS_SSL_HASH_XXX to MBEDTLS_MD_XXX
|
||||||
|
|||||||
@@ -1299,7 +1299,7 @@ static int ssl_parse_client_hello(mbedtls_ssl_context *ssl)
|
|||||||
MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA,
|
MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA,
|
||||||
MBEDTLS_SSL_HASH_SHA1),
|
MBEDTLS_SSL_HASH_SHA1),
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_RSA_C)
|
#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC)
|
||||||
MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_RSA,
|
MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_RSA,
|
||||||
MBEDTLS_SSL_HASH_SHA1),
|
MBEDTLS_SSL_HASH_SHA1),
|
||||||
#endif
|
#endif
|
||||||
@@ -2246,7 +2246,7 @@ static int ssl_write_certificate_request(mbedtls_ssl_context *ssl)
|
|||||||
*/
|
*/
|
||||||
ct_len = 0;
|
ct_len = 0;
|
||||||
|
|
||||||
#if defined(MBEDTLS_RSA_C)
|
#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC)
|
||||||
p[1 + ct_len++] = MBEDTLS_SSL_CERT_TYPE_RSA_SIGN;
|
p[1 + ct_len++] = MBEDTLS_SSL_CERT_TYPE_RSA_SIGN;
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED)
|
#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED)
|
||||||
|
|||||||
@@ -210,7 +210,7 @@ static int x509_profile_check_key(const mbedtls_x509_crt_profile *profile,
|
|||||||
{
|
{
|
||||||
const mbedtls_pk_type_t pk_alg = mbedtls_pk_get_type(pk);
|
const mbedtls_pk_type_t pk_alg = mbedtls_pk_get_type(pk);
|
||||||
|
|
||||||
#if defined(MBEDTLS_RSA_C)
|
#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC)
|
||||||
if (pk_alg == MBEDTLS_PK_RSA || pk_alg == MBEDTLS_PK_RSASSA_PSS) {
|
if (pk_alg == MBEDTLS_PK_RSA || pk_alg == MBEDTLS_PK_RSASSA_PSS) {
|
||||||
if (mbedtls_pk_get_bitlen(pk) >= profile->rsa_min_bitlen) {
|
if (mbedtls_pk_get_bitlen(pk) >= profile->rsa_min_bitlen) {
|
||||||
return 0;
|
return 0;
|
||||||
@@ -218,7 +218,7 @@ static int x509_profile_check_key(const mbedtls_x509_crt_profile *profile,
|
|||||||
|
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_RSA_C */
|
#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC */
|
||||||
|
|
||||||
#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
|
#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
|
||||||
if (pk_alg == MBEDTLS_PK_ECDSA ||
|
if (pk_alg == MBEDTLS_PK_ECDSA ||
|
||||||
|
|||||||
@@ -386,7 +386,7 @@ typedef struct {
|
|||||||
|
|
||||||
static const oid_sig_alg_t oid_sig_alg[] =
|
static const oid_sig_alg_t oid_sig_alg[] =
|
||||||
{
|
{
|
||||||
#if defined(MBEDTLS_RSA_C)
|
#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC)
|
||||||
#if defined(PSA_WANT_ALG_MD5)
|
#if defined(PSA_WANT_ALG_MD5)
|
||||||
{
|
{
|
||||||
OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_MD5, "md5WithRSAEncryption", "RSA with MD5"),
|
OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_MD5, "md5WithRSAEncryption", "RSA with MD5"),
|
||||||
@@ -433,7 +433,7 @@ static const oid_sig_alg_t oid_sig_alg[] =
|
|||||||
MBEDTLS_MD_SHA1, MBEDTLS_PK_SIGALG_RSA_PKCS1V15,
|
MBEDTLS_MD_SHA1, MBEDTLS_PK_SIGALG_RSA_PKCS1V15,
|
||||||
},
|
},
|
||||||
#endif /* PSA_WANT_ALG_SHA_1 */
|
#endif /* PSA_WANT_ALG_SHA_1 */
|
||||||
#endif /* MBEDTLS_RSA_C */
|
#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC */
|
||||||
#if defined(PSA_HAVE_ALG_SOME_ECDSA)
|
#if defined(PSA_HAVE_ALG_SOME_ECDSA)
|
||||||
#if defined(PSA_WANT_ALG_SHA_1)
|
#if defined(PSA_WANT_ALG_SHA_1)
|
||||||
{
|
{
|
||||||
@@ -466,12 +466,12 @@ static const oid_sig_alg_t oid_sig_alg[] =
|
|||||||
},
|
},
|
||||||
#endif /* PSA_WANT_ALG_SHA_512 */
|
#endif /* PSA_WANT_ALG_SHA_512 */
|
||||||
#endif /* PSA_HAVE_ALG_SOME_ECDSA */
|
#endif /* PSA_HAVE_ALG_SOME_ECDSA */
|
||||||
#if defined(MBEDTLS_RSA_C)
|
#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC)
|
||||||
{
|
{
|
||||||
OID_DESCRIPTOR(MBEDTLS_OID_RSASSA_PSS, "RSASSA-PSS", "RSASSA-PSS"),
|
OID_DESCRIPTOR(MBEDTLS_OID_RSASSA_PSS, "RSASSA-PSS", "RSASSA-PSS"),
|
||||||
MBEDTLS_MD_NONE, MBEDTLS_PK_SIGALG_RSA_PSS,
|
MBEDTLS_MD_NONE, MBEDTLS_PK_SIGALG_RSA_PSS,
|
||||||
},
|
},
|
||||||
#endif /* MBEDTLS_RSA_C */
|
#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC */
|
||||||
{
|
{
|
||||||
NULL_OID_DESCRIPTOR,
|
NULL_OID_DESCRIPTOR,
|
||||||
MBEDTLS_MD_NONE, MBEDTLS_PK_SIGALG_NONE,
|
MBEDTLS_MD_NONE, MBEDTLS_PK_SIGALG_NONE,
|
||||||
|
|||||||
Reference in New Issue
Block a user