Keep MBEDTLS_PK_WRITE_C as guard only for "debug_print_pk" but let
"mbedtls_debug_print_crt" to work also when MBEDTLS_PK_WRITE_C is disabled.
In this case the only public key won't be printed, but the rest of the
certificate will be.
This commit also updates test coverage by duplicating test cases: now there
will be one case for when MBEDTLS_PK_WRITE_C is enabled and another one
for !MBEDTLS_PK_WRITE_C.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
In tf-psa-crypto "mbedtls_pk_write_pubkey_psa()" is only available when
MBEDTLS_PK_WRITE_C is defined. Therefore we need to add this guard also
in mbedtls to "debug_print_pk" (and indirectly to
"mbedtls_debug_print_crt") and the corresponding tests using it.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Move single line printing to a separate function named
mbedtls_debug_print_buf_one_line(). This accepts one extra parameter
'add_text' to tell if the final text chars are to be printed at the end
of the line or not.
Add also mbedtls_debug_print_buf_ext() as a generalized version of
mbedtls_debug_print_buf() by adding the extra 'add_text' param.
debug_print_pk() will now use mbedtls_debug_print_buf_ext() in order not
to print chars while dumping the buffer.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Remove usage of mbedtls_pk_debug stuff and related functions
(mbedtls_debug_print_psa_rsa(), mbedtls_debug_print_psa_ec(),
mbedtls_debug_print_integer() and debug_count_valid_bits()) and use
mbedtls_pk_write_pubkey_psa() to get the public key from the PK context.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
"Move crypto-specific code from library/Makefile to a new file" accidentally
copied two lines instead of moving them. Remove the copy that's now in
`crypto-library.make`, since the variables are defined earlier in
`crypto-common.make`. The variables aren't actually used in
`crypto-common.make`, but they could be (arguably should be used to
define `TF_PSA_CRYPTO_LIBRARY_PRIVATE_INCLUDE`).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The new file is in Mbed TLS for now. Once we have finished moving code to
it, it will move to TF-PSA-Crypto.
What got moved:
* List of object files from crypto
* List of generated .c files in crypto
* Rules to build generated .c files in crypto
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Use separate variables for the crypto part of lists of generated C files,
generated objects, sample programs and test data files.
No behavior change.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Define variables that are meant to be possibly overridden on the make
command line (or in a parent makefile) at the top. In particular, define
them before including the crypto and framework makefiles, so these makefiles
can use the default values if there's no parent setting.
Also move some internal variables earlier or later, so that a subsequent
refactoring step can have things in the right order in the mbedtls
per-directory makefile:
1. Define variables consumed by the per-directory crypto makefile.
2. Include the per-directory crypto makefile.
3. Use variables defined by the per-directory crypto makefile.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Define these intermediate variables in the crypto helper file.
No behavior change except possibly an inconsequential reordering of compiler
options.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Currently, Mbed TLS can be built with make, and we rely on this in many
`all.sh` components. Mbed TLS knows how to build TF-PSA-Crypto, but this
changes from time to time, and it's hard to do the necessary changes in both
repositories at the same time.
Create a file that Mbed TLS can consume to find out some information needed
to build TF-PSA-Crypto, such as the locations of various files.
Create this file in Mbed TLS. Once we have finished moving code to it, the
file will move to TF-PSA-Crypto.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
We put that in 3.6.0 because we wanted to minimize changes in a minor
release, and in particular we wanted users to be able to build the library
if they were checking out a release tag without checking out submodules
recursively. That was possible because 3.6.x release tags contain the
generated files.
Since 4.0.0, it's completely impossible to build Mbed TLS without the
`tf-psa-crypto` submodule. So there's no point in trying to allow a build
without the `framework` submodule.
In the libtestdriver1 build, where we copy part of the framework, copy the
framework makefile as well, which is what we use to check for the presence
of the framework (even though the framework makefile doesn't do anything
useful after all).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Since the hash algorithm is known, this can be used when calling
"mbedtls_pk_can_do_psa()" to get a more accurate answer.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
The correct return type should have been "psa_algorithm_t" since the
beginning because this is what the function really returns and this is
what the returned value is then used for in the calling functions.
Change also the returned value in the default case from
MBEDTLS_PK_SIGALG_NONE to PSA_ALG_NONE in order to return the same type
as in other cases of the switch case.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Checking that parent PK type is OK is definitely faster than computing
an hash, so invert the checks.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Add a simple helper to convert from PK sigalg to PSA algorithm. This is
handy when calling mbedtls_pk_can_do_psa() knowing the PK sigalg and the
used MD type.
This is being added in a separate file because it's meant to be consumed
by both ssl and x509 modules. It was not added to tf-psa-crypto because
this is only needed on the mbedtls repo and doing so reduce interdependencies
between the repos.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
The check being removed is already done few lines above so there is no
need to repeat it twice.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Those in SSL modules were redundant because it's already included from
ssl_misc.h.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Support for these curves is being removed from tf-psa-crypto, so we need
to remove all the references also in this repo.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Since crypto#308 has been merged:
- replace MBEDTLS_PK_USE_PSA_RSA_DATA with PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
- remove "no-check-names"
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
