From f88b1b5375ae8457d6e815f40608a89c33ae952b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 15 Jul 2022 11:05:05 +0200 Subject: [PATCH] Introduce MBEDTLS_OR_PSA_WANT_xxx helper macros MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Currently just replacing existing uses, but the real point of having these conditions as a single macro is that we'll be able to use them in tests case dependencies, see next commit. Signed-off-by: Manuel Pégourié-Gonnard --- docs/architecture/psa-migration/strategy.md | 6 +-- library/md_internal.h | 15 +++--- library/oid.c | 16 +++--- library/or_psa_helpers.h | 56 +++++++++++++++++++++ 4 files changed, 76 insertions(+), 17 deletions(-) create mode 100644 library/or_psa_helpers.h diff --git a/docs/architecture/psa-migration/strategy.md b/docs/architecture/psa-migration/strategy.md index adf8cfc75..98a681933 100644 --- a/docs/architecture/psa-migration/strategy.md +++ b/docs/architecture/psa-migration/strategy.md @@ -311,7 +311,7 @@ readability or testability. **Strategy for step 3:** -There are currently two (competing) ways for crypto-using code to check if a +There are currently two (complementary) ways for crypto-using code to check if a particular algorithm is supported: using `MBEDTLS_xxx` macros, and using `PSA_WANT_xxx` macros. For example, PSA-based code that want to use SHA-256 will check for `PSA_WANT_ALG_SHA_256`, while legacy-based code that wants to @@ -331,7 +331,7 @@ information tables that are not tied to a particular crypto API, and may be used by functions that are either purely PSA-based, purely legacy-based, or hybrid governed by `MBEDTL_USE_PSA_CRYPTO` should use `MBEDTLS_xxx || PSA_WANT_xxx` - for example, `oid_md_alg` from `oid.c`, used by both X.509 and -RSA. +RSA. A new family of macros `MBEDTLS_OR_PSA_WANT_xxx` is defined for this. To sum up, there are 4 categories: @@ -340,7 +340,7 @@ To sum up, there are 4 categories: - hybrid code governed by `MBEDTLS_USE_PSA_CRYPTO` can use `MBEDTLS_USE_PSA_WANT_xxx` to express dependencies in common parts; - data and crypto-agnostic helpers that can be used by code from at least two - of the above categories should depend on `MBEDTLS_xxx || PSA_WANT_xxx`. + of the above categories should depend on `MBEDTLS_OR_PSA_WANT_xxx`. Migrating away from the legacy API diff --git a/library/md_internal.h b/library/md_internal.h index 12bc2180a..1f216437c 100644 --- a/library/md_internal.h +++ b/library/md_internal.h @@ -24,6 +24,7 @@ #include "common.h" #include "mbedtls/md.h" +#include "or_psa_helpers.h" /** Get the output length of the given hash type * @@ -35,29 +36,29 @@ static inline unsigned char mbedtls_md_internal_get_size( mbedtls_md_type_t md_t { switch( md_type ) { -#if defined(MBEDTLS_MD5_C) || defined(PSA_WANT_ALG_MD5) +#if defined(MBEDTLS_OR_PSA_WANT_ALG_MD5) case MBEDTLS_MD_MD5: return( 16 ); #endif -#if defined(MBEDTLS_RIPEMD160_C) || defined(PSA_WANT_ALG_RIPEMD160) || \ - defined(MBEDTLS_SHA1_C) || defined(PSA_WANT_ALG_SHA_1) +#if defined(MBEDTLS_OR_PSA_WANT_ALG_RIPEMD160) || \ + defined(MBEDTLS_OR_PSA_WANT_ALG_SHA_1) case MBEDTLS_MD_RIPEMD160: case MBEDTLS_MD_SHA1: return( 20 ); #endif -#if defined(MBEDTLS_SHA224_C) || defined(PSA_WANT_ALG_SHA_224) +#if defined(MBEDTLS_OR_PSA_WANT_ALG_SHA_224) case MBEDTLS_MD_SHA224: return( 28 ); #endif -#if defined(MBEDTLS_SHA256_C) || defined(PSA_WANT_ALG_SHA_256) +#if defined(MBEDTLS_OR_PSA_WANT_ALG_SHA_256) case MBEDTLS_MD_SHA256: return( 32 ); #endif -#if defined(MBEDTLS_SHA384_C) || defined(PSA_WANT_ALG_SHA_384) +#if defined(MBEDTLS_OR_PSA_WANT_ALG_SHA_384) case MBEDTLS_MD_SHA384: return( 48 ); #endif -#if defined(MBEDTLS_SHA512_C) || defined(PSA_WANT_ALG_SHA_512) +#if defined(MBEDTLS_OR_PSA_WANT_ALG_SHA_512) case MBEDTLS_MD_SHA512: return( 64 ); #endif diff --git a/library/oid.c b/library/oid.c index 1ee35173b..aba256bc9 100644 --- a/library/oid.c +++ b/library/oid.c @@ -27,6 +27,8 @@ #include "mbedtls/rsa.h" #include "mbedtls/error.h" +#include "or_psa_helpers.h" + #include #include @@ -596,43 +598,43 @@ typedef struct { static const oid_md_alg_t oid_md_alg[] = { -#if defined(MBEDTLS_MD5_C) || defined(PSA_WANT_ALG_MD5) +#if defined(MBEDTLS_OR_PSA_WANT_ALG_MD5) { OID_DESCRIPTOR( MBEDTLS_OID_DIGEST_ALG_MD5, "id-md5", "MD5" ), MBEDTLS_MD_MD5, }, #endif -#if defined(MBEDTLS_SHA1_C) || defined(PSA_WANT_ALG_SHA_1) +#if defined(MBEDTLS_OR_PSA_WANT_ALG_SHA_1) { OID_DESCRIPTOR( MBEDTLS_OID_DIGEST_ALG_SHA1, "id-sha1", "SHA-1" ), MBEDTLS_MD_SHA1, }, #endif -#if defined(MBEDTLS_SHA224_C) || defined(PSA_WANT_ALG_SHA_224) +#if defined(MBEDTLS_OR_PSA_WANT_ALG_SHA_224) { OID_DESCRIPTOR( MBEDTLS_OID_DIGEST_ALG_SHA224, "id-sha224", "SHA-224" ), MBEDTLS_MD_SHA224, }, #endif -#if defined(MBEDTLS_SHA256_C) || defined(PSA_WANT_ALG_SHA_256) +#if defined(MBEDTLS_OR_PSA_WANT_ALG_SHA_256) { OID_DESCRIPTOR( MBEDTLS_OID_DIGEST_ALG_SHA256, "id-sha256", "SHA-256" ), MBEDTLS_MD_SHA256, }, #endif -#if defined(MBEDTLS_SHA384_C) || defined(PSA_WANT_ALG_SHA_384) +#if defined(MBEDTLS_OR_PSA_WANT_ALG_SHA_384) { OID_DESCRIPTOR( MBEDTLS_OID_DIGEST_ALG_SHA384, "id-sha384", "SHA-384" ), MBEDTLS_MD_SHA384, }, #endif -#if defined(MBEDTLS_SHA512_C) || defined(PSA_WANT_ALG_SHA_512) +#if defined(MBEDTLS_OR_PSA_WANT_ALG_SHA_512) { OID_DESCRIPTOR( MBEDTLS_OID_DIGEST_ALG_SHA512, "id-sha512", "SHA-512" ), MBEDTLS_MD_SHA512, }, #endif -#if defined(MBEDTLS_RIPEMD160_C) || defined(PSA_WANT_ALG_RIPEMD160) +#if defined(MBEDTLS_OR_PSA_WANT_ALG_RIPEMD160) { OID_DESCRIPTOR( MBEDTLS_OID_DIGEST_ALG_RIPEMD160, "id-ripemd160", "RIPEMD-160" ), MBEDTLS_MD_RIPEMD160, diff --git a/library/or_psa_helpers.h b/library/or_psa_helpers.h new file mode 100644 index 000000000..105449f6a --- /dev/null +++ b/library/or_psa_helpers.h @@ -0,0 +1,56 @@ +/** + * Internal macros for parts of the code that depend on an algorithm being + * available either via the legacy API or the PSA Crypto API. + * + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef MBEDTLS_OR_PSA_HELPERS_H +#define MBEDTLS_OR_PSA_HELPERS_H + +#include "common.h" + +/* Hash algorithms */ +#if defined(MBEDTLS_MD5_C) || \ + ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_MD5) ) +#define MBEDTLS_OR_PSA_WANT_ALG_MD5 +#endif +#if defined(MBEDTLS_RIPEMD160_C) || \ + ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_RIPEMD160) ) +#define MBEDTLS_OR_PSA_WANT_ALG_RIPEMD160 +#endif +#if defined(MBEDTLS_SHA1_C) || \ + ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_1) ) +#define MBEDTLS_OR_PSA_WANT_ALG_SHA_1 +#endif +#if defined(MBEDTLS_SHA224_C) || \ + ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_224) ) +#define MBEDTLS_OR_PSA_WANT_ALG_SHA_224 +#endif +#if defined(MBEDTLS_SHA256_C) || \ + ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_256) ) +#define MBEDTLS_OR_PSA_WANT_ALG_SHA_256 +#endif +#if defined(MBEDTLS_SHA384_C) || \ + ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_384) ) +#define MBEDTLS_OR_PSA_WANT_ALG_SHA_384 +#endif +#if defined(MBEDTLS_SHA512_C) || \ + ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_512) ) +#define MBEDTLS_OR_PSA_WANT_ALG_SHA_512 +#endif + +#endif /* MBEDTLS_OR_PSA_HELPERS_H */