mbedtls_pk_get_psa_attributes: require MBEDTLS_PSA_CRYPTO_C

Ideally this and other pk functions would work with MBEDTLS_PSA_CRYPTO_CLIENT (i.e. whether PSA API functions are implemented locally or via client-server communication). However, at the moment, some helper functions are missing when MBEDTLS_PSA_CRYPTO_C is disabled, at least mbedtls_ecc_group_to_psa(). For the time being, don't provide mbedtls_pk_get_psa_attributes() when MBEDTLS_PSA_CRYPTO_C is disabled. We can improve later, looking generally at a group of functions to generalize, not mixed with delivering new APIs. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-24 13:40:09 +01:00 · 2024-01-24 13:40:09 +01:00 · 9cd2e9ad1b
commit 9cd2e9ad1b
parent 64996c3be9
2 changed files with 4 additions and 4 deletions
--- a/include/mbedtls/pk.h
+++ b/include/mbedtls/pk.h
@ -484,7 +484,7 @@ int mbedtls_pk_can_do_ext(const mbedtls_pk_context *ctx, psa_algorithm_t alg,
                          psa_key_usage_t usage);
 #endif /* MBEDTLS_USE_PSA_CRYPTO */

-#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
+#if defined(MBEDTLS_PSA_CRYPTO_C)
 /**
 * \brief           Determine valid PSA attributes that can be used to
 *                  import a key into PSA.
@ -596,7 +596,7 @@ int mbedtls_pk_can_do_ext(const mbedtls_pk_context *ctx, psa_algorithm_t alg,
 int mbedtls_pk_get_psa_attributes(const mbedtls_pk_context *pk,
                                  psa_key_usage_t usage,
                                  psa_key_attributes_t *attributes);
-#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
+#endif /* MBEDTLS_PSA_CRYPTO_C */

 /**
 * \brief           Verify signature (including padding if relevant).
--- a/library/pk.c
+++ b/library/pk.c
@ -378,7 +378,7 @@ int mbedtls_pk_can_do_ext(const mbedtls_pk_context *ctx, psa_algorithm_t alg,
 }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */

-#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
+#if defined(MBEDTLS_PSA_CRYPTO_C)
 #if defined(MBEDTLS_RSA_C)
 static psa_algorithm_t psa_algorithm_for_rsa(const mbedtls_rsa_context *rsa,
                                             int want_crypt)
@ -586,7 +586,7 @@ int mbedtls_pk_get_psa_attributes(const mbedtls_pk_context *pk,

    return 0;
 }
-#endif
+#endif /* MBEDTLS_PSA_CRYPTO_C */

 /*
 * Helper for mbedtls_pk_sign and mbedtls_pk_verify