Currently, Mbed TLS can be built with make, and we rely on this in many
`all.sh` components. Mbed TLS knows how to build TF-PSA-Crypto, but this
changes from time to time, and it's hard to do the necessary changes in both
repositories at the same time.
Create a file that Mbed TLS can consume to find out some information needed
to build TF-PSA-Crypto, such as the locations of various files.
Create this file in Mbed TLS. Once we have finished moving code to it, the
file will move to TF-PSA-Crypto.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
We put that in 3.6.0 because we wanted to minimize changes in a minor
release, and in particular we wanted users to be able to build the library
if they were checking out a release tag without checking out submodules
recursively. That was possible because 3.6.x release tags contain the
generated files.
Since 4.0.0, it's completely impossible to build Mbed TLS without the
`tf-psa-crypto` submodule. So there's no point in trying to allow a build
without the `framework` submodule.
In the libtestdriver1 build, where we copy part of the framework, copy the
framework makefile as well, which is what we use to check for the presence
of the framework (even though the framework makefile doesn't do anything
useful after all).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Since the hash algorithm is known, this can be used when calling
"mbedtls_pk_can_do_psa()" to get a more accurate answer.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
The correct return type should have been "psa_algorithm_t" since the
beginning because this is what the function really returns and this is
what the returned value is then used for in the calling functions.
Change also the returned value in the default case from
MBEDTLS_PK_SIGALG_NONE to PSA_ALG_NONE in order to return the same type
as in other cases of the switch case.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Checking that parent PK type is OK is definitely faster than computing
an hash, so invert the checks.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Add a simple helper to convert from PK sigalg to PSA algorithm. This is
handy when calling mbedtls_pk_can_do_psa() knowing the PK sigalg and the
used MD type.
This is being added in a separate file because it's meant to be consumed
by both ssl and x509 modules. It was not added to tf-psa-crypto because
this is only needed on the mbedtls repo and doing so reduce interdependencies
between the repos.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
The check being removed is already done few lines above so there is no
need to repeat it twice.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Those in SSL modules were redundant because it's already included from
ssl_misc.h.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Support for these curves is being removed from tf-psa-crypto, so we need
to remove all the references also in this repo.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Since crypto#308 has been merged:
- replace MBEDTLS_PK_USE_PSA_RSA_DATA with PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
- remove "no-check-names"
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
