Introduce MBEDTLS_OR_PSA_WANT_xxx helper macros

Currently just replacing existing uses, but the real point of having these conditions as a single macro is that we'll be able to use them in tests case dependencies, see next commit. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-15 11:05:05 +02:00 · 2022-07-15 11:05:05 +02:00 · f88b1b5375
commit f88b1b5375
parent 3637c516a4
4 changed files with 76 additions and 17 deletions
--- a/docs/architecture/psa-migration/strategy.md
+++ b/docs/architecture/psa-migration/strategy.md
@ -311,7 +311,7 @@ readability or testability.
 **Strategy for step 3:**
-There are currently two (competing) ways for crypto-using code to check if a
+There are currently two (complementary) ways for crypto-using code to check if a
 particular algorithm is supported: using `MBEDTLS_xxx` macros, and using
 `PSA_WANT_xxx` macros. For example, PSA-based code that want to use SHA-256
 will check for `PSA_WANT_ALG_SHA_256`, while legacy-based code that wants to
@ -331,7 +331,7 @@ information tables that are not tied to a particular crypto API, and may be
 used by functions that are either purely PSA-based, purely legacy-based, or
 hybrid governed by `MBEDTL_USE_PSA_CRYPTO` should use `MBEDTLS_xxx ||
 PSA_WANT_xxx` - for example, `oid_md_alg` from `oid.c`, used by both X.509 and
-RSA.
+RSA. A new family of macros `MBEDTLS_OR_PSA_WANT_xxx` is defined for this.
 To sum up, there are 4 categories:
@ -340,7 +340,7 @@ To sum up, there are 4 categories:
 - hybrid code governed by `MBEDTLS_USE_PSA_CRYPTO` can use
  `MBEDTLS_USE_PSA_WANT_xxx` to express dependencies in common parts;
 - data and crypto-agnostic helpers that can be used by code from at least two
-  of the above categories should depend on `MBEDTLS_xxx || PSA_WANT_xxx`.
+  of the above categories should depend on `MBEDTLS_OR_PSA_WANT_xxx`.
 Migrating away from the legacy API
--- a/library/md_internal.h
+++ b/library/md_internal.h
@ -24,6 +24,7 @@
 #include "common.h"
 #include "mbedtls/md.h"
 #include "or_psa_helpers.h"
 /** Get the output length of the given hash type
 *
@ -35,29 +36,29 @@ static inline unsigned char mbedtls_md_internal_get_size( mbedtls_md_type_t md_t
 {
    switch( md_type )
    {
-#if defined(MBEDTLS_MD5_C) || defined(PSA_WANT_ALG_MD5)
+#if defined(MBEDTLS_OR_PSA_WANT_ALG_MD5)
        case MBEDTLS_MD_MD5:
            return( 16 );
 #endif
-#if defined(MBEDTLS_RIPEMD160_C) || defined(PSA_WANT_ALG_RIPEMD160) || \
+#if defined(MBEDTLS_OR_PSA_WANT_ALG_RIPEMD160) || \
-    defined(MBEDTLS_SHA1_C) || defined(PSA_WANT_ALG_SHA_1)
+    defined(MBEDTLS_OR_PSA_WANT_ALG_SHA_1)
        case MBEDTLS_MD_RIPEMD160:
        case MBEDTLS_MD_SHA1:
            return( 20 );
 #endif
-#if defined(MBEDTLS_SHA224_C) || defined(PSA_WANT_ALG_SHA_224)
+#if defined(MBEDTLS_OR_PSA_WANT_ALG_SHA_224)
        case MBEDTLS_MD_SHA224:
            return( 28 );
 #endif
-#if defined(MBEDTLS_SHA256_C) || defined(PSA_WANT_ALG_SHA_256)
+#if defined(MBEDTLS_OR_PSA_WANT_ALG_SHA_256)
        case MBEDTLS_MD_SHA256:
            return( 32 );
 #endif
-#if defined(MBEDTLS_SHA384_C) || defined(PSA_WANT_ALG_SHA_384)
+#if defined(MBEDTLS_OR_PSA_WANT_ALG_SHA_384)
        case MBEDTLS_MD_SHA384:
            return( 48 );
 #endif
-#if defined(MBEDTLS_SHA512_C) || defined(PSA_WANT_ALG_SHA_512)
+#if defined(MBEDTLS_OR_PSA_WANT_ALG_SHA_512)
        case MBEDTLS_MD_SHA512:
            return( 64 );
 #endif
--- a/library/oid.c
+++ b/library/oid.c
@ -27,6 +27,8 @@
 #include "mbedtls/rsa.h"
 #include "mbedtls/error.h"
 #include "or_psa_helpers.h"
 #include <stdio.h>
 #include <string.h>
@ -596,43 +598,43 @@ typedef struct {
 static const oid_md_alg_t oid_md_alg[] =
 {
-#if defined(MBEDTLS_MD5_C) || defined(PSA_WANT_ALG_MD5)
+#if defined(MBEDTLS_OR_PSA_WANT_ALG_MD5)
    {
        OID_DESCRIPTOR( MBEDTLS_OID_DIGEST_ALG_MD5,       "id-md5",       "MD5" ),
        MBEDTLS_MD_MD5,
    },
 #endif
-#if defined(MBEDTLS_SHA1_C) || defined(PSA_WANT_ALG_SHA_1)
+#if defined(MBEDTLS_OR_PSA_WANT_ALG_SHA_1)
    {
        OID_DESCRIPTOR( MBEDTLS_OID_DIGEST_ALG_SHA1,      "id-sha1",      "SHA-1" ),
        MBEDTLS_MD_SHA1,
    },
 #endif
-#if defined(MBEDTLS_SHA224_C) || defined(PSA_WANT_ALG_SHA_224)
+#if defined(MBEDTLS_OR_PSA_WANT_ALG_SHA_224)
    {
        OID_DESCRIPTOR( MBEDTLS_OID_DIGEST_ALG_SHA224,    "id-sha224",    "SHA-224" ),
        MBEDTLS_MD_SHA224,
    },
 #endif
-#if defined(MBEDTLS_SHA256_C) || defined(PSA_WANT_ALG_SHA_256)
+#if defined(MBEDTLS_OR_PSA_WANT_ALG_SHA_256)
    {
        OID_DESCRIPTOR( MBEDTLS_OID_DIGEST_ALG_SHA256,    "id-sha256",    "SHA-256" ),
        MBEDTLS_MD_SHA256,
    },
 #endif
-#if defined(MBEDTLS_SHA384_C) || defined(PSA_WANT_ALG_SHA_384)
+#if defined(MBEDTLS_OR_PSA_WANT_ALG_SHA_384)
    {
        OID_DESCRIPTOR( MBEDTLS_OID_DIGEST_ALG_SHA384,    "id-sha384",    "SHA-384" ),
        MBEDTLS_MD_SHA384,
    },
 #endif
-#if defined(MBEDTLS_SHA512_C) || defined(PSA_WANT_ALG_SHA_512)
+#if defined(MBEDTLS_OR_PSA_WANT_ALG_SHA_512)
    {
        OID_DESCRIPTOR( MBEDTLS_OID_DIGEST_ALG_SHA512,    "id-sha512",    "SHA-512" ),
        MBEDTLS_MD_SHA512,
    },
 #endif
-#if defined(MBEDTLS_RIPEMD160_C) || defined(PSA_WANT_ALG_RIPEMD160)
+#if defined(MBEDTLS_OR_PSA_WANT_ALG_RIPEMD160)
    {
     OID_DESCRIPTOR( MBEDTLS_OID_DIGEST_ALG_RIPEMD160, "id-ripemd160", "RIPEMD-160" ),
        MBEDTLS_MD_RIPEMD160,
--- a/library/or_psa_helpers.h
+++ b/library/or_psa_helpers.h
@ -0,0 +1,56 @@
 /**
 *  Internal macros for parts of the code that depend on an algorithm being
 *  available either via the legacy API or the PSA Crypto API.
 *
 *  Copyright The Mbed TLS Contributors
 *  SPDX-License-Identifier: Apache-2.0
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
 *  You may obtain a copy of the License at
 *
 *  http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 */
 #ifndef MBEDTLS_OR_PSA_HELPERS_H
 #define MBEDTLS_OR_PSA_HELPERS_H
 #include "common.h"
 /* Hash algorithms */
 #if defined(MBEDTLS_MD5_C) || \
    ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_MD5) )
 #define MBEDTLS_OR_PSA_WANT_ALG_MD5
 #endif
 #if defined(MBEDTLS_RIPEMD160_C) || \
    ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_RIPEMD160) )
 #define MBEDTLS_OR_PSA_WANT_ALG_RIPEMD160
 #endif
 #if defined(MBEDTLS_SHA1_C) || \
    ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_1) )
 #define MBEDTLS_OR_PSA_WANT_ALG_SHA_1
 #endif
 #if defined(MBEDTLS_SHA224_C) || \
    ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_224) )
 #define MBEDTLS_OR_PSA_WANT_ALG_SHA_224
 #endif
 #if defined(MBEDTLS_SHA256_C) || \
    ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_256) )
 #define MBEDTLS_OR_PSA_WANT_ALG_SHA_256
 #endif
 #if defined(MBEDTLS_SHA384_C) || \
    ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_384) )
 #define MBEDTLS_OR_PSA_WANT_ALG_SHA_384
 #endif
 #if defined(MBEDTLS_SHA512_C) || \
    ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_512) )
 #define MBEDTLS_OR_PSA_WANT_ALG_SHA_512
 #endif
 #endif /* MBEDTLS_OR_PSA_HELPERS_H */