Rm dependency on MD in psa_crypto_rsa.c

The previous commit made the PKCS#1v1.5 part of rsa.c independent from
md.c, but there was still a dependency in the corresponding part in PSA.
This commit removes it.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>

include/mbedtls/config_psa.h

@@ -179,7 +179,6 @@ extern "C" {
 #define MBEDTLS_BIGNUM_C
 #define MBEDTLS_OID_C
 #define MBEDTLS_PKCS1_V15
-#define MBEDTLS_MD_C
 #endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN */
 #endif /* PSA_WANT_ALG_RSA_PKCS1V15_SIGN */
 

library/psa_crypto_hash.c

@@ -29,8 +29,7 @@
 #include <mbedtls/error.h>
 #include <string.h>
 
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
-    defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || \
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || \
     defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) || \
     defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
 const mbedtls_md_info_t *mbedtls_md_info_from_psa( psa_algorithm_t alg )
@@ -69,8 +68,7 @@ const mbedtls_md_info_t *mbedtls_md_info_from_psa( psa_algorithm_t alg )
             return( NULL );
     }
 }
-#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) ||
-        * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) ||
+#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) ||
         * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) ||
         * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */
 

library/psa_crypto_rsa.c

@@ -41,6 +41,7 @@
 #include <mbedtls/error.h>
 #include <mbedtls/pk.h>
 #include "pk_wrap.h"
+#include "md_internal.h"
 
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \
     defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || \
@@ -319,6 +320,30 @@ psa_status_t mbedtls_psa_rsa_generate_key(
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
     defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
 
+/* Convert a hash algorithm from PSA to MD identifier */
+static inline mbedtls_md_type_t get_md_alg_from_psa( psa_algorithm_t psa_alg )
+{
+    switch( psa_alg )
+    {
+        case PSA_ALG_MD5:
+            return( MBEDTLS_MD_MD5 );
+        case PSA_ALG_RIPEMD160:
+            return( MBEDTLS_MD_RIPEMD160 );
+        case PSA_ALG_SHA_1:
+            return( MBEDTLS_MD_SHA1 );
+        case PSA_ALG_SHA_224:
+            return( MBEDTLS_MD_SHA224 );
+        case PSA_ALG_SHA_256:
+            return( MBEDTLS_MD_SHA256 );
+        case PSA_ALG_SHA_384:
+            return( MBEDTLS_MD_SHA384 );
+        case PSA_ALG_SHA_512:
+            return( MBEDTLS_MD_SHA512 );
+        default:
+            return( MBEDTLS_MD_NONE );
+    }
+}
+
 /* Decode the hash algorithm from alg and store the mbedtls encoding in
  * md_alg. Verify that the hash length is acceptable. */
 static psa_status_t psa_rsa_decode_md_type( psa_algorithm_t alg,
@@ -326,8 +351,7 @@ static psa_status_t psa_rsa_decode_md_type( psa_algorithm_t alg,
                                             mbedtls_md_type_t *md_alg )
 {
     psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg );
-    const mbedtls_md_info_t *md_info = mbedtls_md_info_from_psa( hash_alg );
-    *md_alg = mbedtls_md_get_type( md_info );
+    *md_alg = get_md_alg_from_psa( hash_alg );
 
     /* The Mbed TLS RSA module uses an unsigned int for hash length
      * parameters. Validate that it fits so that we don't risk an
@@ -340,9 +364,9 @@ static psa_status_t psa_rsa_decode_md_type( psa_algorithm_t alg,
     /* For signatures using a hash, the hash length must be correct. */
     if( alg != PSA_ALG_RSA_PKCS1V15_SIGN_RAW )
     {
-        if( md_info == NULL )
+        if( *md_alg == MBEDTLS_MD_NONE )
             return( PSA_ERROR_NOT_SUPPORTED );
-        if( mbedtls_md_get_size( md_info ) != hash_length )
+        if( mbedtls_md_internal_get_size( *md_alg ) != hash_length )
             return( PSA_ERROR_INVALID_ARGUMENT );
     }