Migrate from old inline to new actual function.

This is mostly: sed -i 's/mbedtls_psa_translate_md/mbedtls_hash_info_psa_from_md/' \ library/*.c tests/suites/*.function This should be good for code size as the old inline function was used from 10 translation units inside the library, so we have 10 copies at least. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-18 13:41:11 +02:00 · 2022-07-18 13:41:11 +02:00 · abac037a7b
commit abac037a7b
parent 4772884133
15 changed files with 41 additions and 31 deletions
--- a/include/mbedtls/psa_util.h
+++ b/include/mbedtls/psa_util.h
@ -124,6 +124,9 @@ static inline psa_key_usage_t mbedtls_psa_translate_cipher_operation(

 /* Translations for hashing. */

+/* Note: this function should not be used from inside the library, use
+ * mbedtls_hash_info_psa_from_md() from the internal hash_info.h instead.
+ * It is kept only for compatibility in case applications were using it. */
 static inline psa_algorithm_t mbedtls_psa_translate_md( mbedtls_md_type_t md_alg )
 {
    switch( md_alg )
--- a/library/pk.c
+++ b/library/pk.c
@ -509,7 +509,7 @@ int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options,
        psa_status_t status = PSA_ERROR_DATA_CORRUPT;
        psa_status_t destruction_status = PSA_ERROR_DATA_CORRUPT;

-        psa_algorithm_t psa_md_alg = mbedtls_psa_translate_md( md_alg );
+        psa_algorithm_t psa_md_alg = mbedtls_hash_info_psa_from_md( md_alg );
        mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
        psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
        psa_algorithm_t psa_sig_alg =
@ -674,7 +674,7 @@ int mbedtls_pk_sign_ext( mbedtls_pk_type_t pk_type,
    }

 #if defined(MBEDTLS_RSA_C)
-    psa_md_alg = mbedtls_psa_translate_md( md_alg );
+    psa_md_alg = mbedtls_hash_info_psa_from_md( md_alg );
    if( psa_md_alg == 0 )
        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );

--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@ -52,6 +52,7 @@
 #include "psa/crypto.h"
 #include "mbedtls/psa_util.h"
 #include "mbedtls/asn1.h"
+#include "hash_info.h"
 #endif

 #if defined(MBEDTLS_PLATFORM_C)
@ -179,7 +180,7 @@ static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
    int key_len;
    unsigned char buf[MBEDTLS_PK_RSA_PUB_DER_MAX_BYTES];
    psa_algorithm_t psa_alg_md =
-        PSA_ALG_RSA_PKCS1V15_SIGN( mbedtls_psa_translate_md( md_alg ) );
+        PSA_ALG_RSA_PKCS1V15_SIGN( mbedtls_hash_info_psa_from_md( md_alg ) );
    size_t rsa_len = mbedtls_rsa_get_len( rsa );

 #if SIZE_MAX > UINT_MAX
@ -328,7 +329,7 @@ static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
    ((void) p_rng);

    psa_algorithm_t psa_md_alg;
-    psa_md_alg = mbedtls_psa_translate_md( md_alg );
+    psa_md_alg = mbedtls_hash_info_psa_from_md( md_alg );
    if( psa_md_alg == 0 )
        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );

@ -1168,7 +1169,7 @@ static int ecdsa_sign_wrap( void *ctx_arg, mbedtls_md_type_t md_alg,
    unsigned char buf[MBEDTLS_PK_ECP_PRV_DER_MAX_BYTES];
    unsigned char *p;
    psa_algorithm_t psa_sig_md =
-        PSA_ALG_ECDSA( mbedtls_psa_translate_md( md_alg ) );
+        PSA_ALG_ECDSA( mbedtls_hash_info_psa_from_md( md_alg ) );
    size_t curve_bits;
    psa_ecc_family_t curve =
        mbedtls_ecc_group_to_psa( ctx->grp.id, &curve_bits );
@ -1542,12 +1543,12 @@ static int pk_opaque_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,

 #if defined(MBEDTLS_ECDSA_C)
    if( PSA_KEY_TYPE_IS_ECC_KEY_PAIR( type ) )
-        alg = PSA_ALG_ECDSA( mbedtls_psa_translate_md( md_alg ) );
+        alg = PSA_ALG_ECDSA( mbedtls_hash_info_psa_from_md( md_alg ) );
    else
 #endif /* MBEDTLS_ECDSA_C */
 #if defined(MBEDTLS_RSA_C)
    if( PSA_KEY_TYPE_IS_RSA( type ) )
-        alg = PSA_ALG_RSA_PKCS1V15_SIGN( mbedtls_psa_translate_md( md_alg ) );
+        alg = PSA_ALG_RSA_PKCS1V15_SIGN( mbedtls_hash_info_psa_from_md( md_alg ) );
    else
 #endif /* MBEDTLS_RSA_C */
        return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
--- a/library/ssl_ciphersuites.c
+++ b/library/ssl_ciphersuites.c
@ -1933,10 +1933,10 @@ psa_algorithm_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg( const mbedtls_ssl_ci
        case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
        case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
            return( PSA_ALG_RSA_PKCS1V15_SIGN(
-                        mbedtls_psa_translate_md( info->mac ) ) );
+                        mbedtls_hash_info_psa_from_md( info->mac ) ) );

        case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
-            return( PSA_ALG_ECDSA( mbedtls_psa_translate_md( info->mac ) ) );
+            return( PSA_ALG_ECDSA( mbedtls_hash_info_psa_from_md( info->mac ) ) );

        case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
        case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
--- a/library/ssl_cookie.c
+++ b/library/ssl_cookie.c
@ -117,7 +117,7 @@ int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx,
    (void)f_rng;
    (void)p_rng;

-    alg = mbedtls_psa_translate_md( COOKIE_MD );
+    alg = mbedtls_hash_info_psa_from_md( COOKIE_MD );
    if( alg == 0 )
        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );

--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@ -30,6 +30,7 @@
 #if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
 #include "psa/crypto.h"
 #include "mbedtls/psa_util.h"
+#include "hash_info.h"
 #endif

 #if defined(MBEDTLS_MD5_C)
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -7235,10 +7235,10 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
 #endif /* MBEDTLS_USE_PSA_CRYPTO */

 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    mac_alg = mbedtls_psa_translate_md( ciphersuite_info->mac );
+    mac_alg = mbedtls_hash_info_psa_from_md( ciphersuite_info->mac );
    if( mac_alg == 0 )
    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "mbedtls_psa_translate_md for %u not found",
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "mbedtls_hash_info_psa_from_md for %u not found",
                            (unsigned) ciphersuite_info->mac ) );
        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
    }
@ -7618,7 +7618,7 @@ int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl,
 {
    psa_status_t status;
    psa_hash_operation_t hash_operation = PSA_HASH_OPERATION_INIT;
-    psa_algorithm_t hash_alg = mbedtls_psa_translate_md( md_alg );
+    psa_algorithm_t hash_alg = mbedtls_hash_info_psa_from_md( md_alg );

    MBEDTLS_SSL_DEBUG_MSG( 3, ( "Perform PSA-based computation of digest of ServerKeyExchange" ) );

@ -7759,7 +7759,7 @@ unsigned int mbedtls_ssl_tls12_get_preferred_hash_for_sig_alg(
            if( ssl->handshake->key_cert && ssl->handshake->key_cert->key )
            {
                psa_algorithm_t psa_hash_alg =
-                                mbedtls_psa_translate_md( hash_alg_received );
+                                mbedtls_hash_info_psa_from_md( hash_alg_received );

                if( sig_alg_received == MBEDTLS_SSL_SIG_ECDSA &&
                    ! mbedtls_pk_can_do_ext( ssl->handshake->key_cert->key,
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@ -219,7 +219,7 @@ static int ssl_tls13_parse_certificate_verify( mbedtls_ssl_context *ssl,
        goto error;
    }

-    hash_alg = mbedtls_psa_translate_md( md_alg );
+    hash_alg = mbedtls_hash_info_psa_from_md( md_alg );
    if( hash_alg == 0 )
    {
        goto error;
@ -1043,7 +1043,7 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl,
    p += 2;

    /* Hash verify buffer with indicated hash function */
-    psa_algorithm = mbedtls_psa_translate_md( md_alg );
+    psa_algorithm = mbedtls_hash_info_psa_from_md( md_alg );
    status = psa_hash_compute( psa_algorithm,
                               verify_buffer,
                               verify_buffer_len,
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@ -622,7 +622,7 @@ int mbedtls_ssl_tls13_key_schedule_stage_application( mbedtls_ssl_context *ssl )
 {
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
    mbedtls_ssl_handshake_params *handshake = ssl->handshake;
-    psa_algorithm_t const hash_alg = mbedtls_psa_translate_md(
+    psa_algorithm_t const hash_alg = mbedtls_hash_info_psa_from_md(
                                        handshake->ciphersuite_info->mac );

    /*
@ -734,7 +734,7 @@ int mbedtls_ssl_tls13_calculate_verify_data( mbedtls_ssl_context* ssl,

    mbedtls_md_type_t const md_type = ssl->handshake->ciphersuite_info->mac;

-    psa_algorithm_t hash_alg = mbedtls_psa_translate_md(
+    psa_algorithm_t hash_alg = mbedtls_hash_info_psa_from_md(
                                    ssl->handshake->ciphersuite_info->mac );
    size_t const hash_len = PSA_HASH_LENGTH( hash_alg );

@ -1059,7 +1059,7 @@ int mbedtls_ssl_tls13_key_schedule_stage_early( mbedtls_ssl_context *ssl )
        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
    }

-    hash_alg = mbedtls_psa_translate_md( handshake->ciphersuite_info->mac );
+    hash_alg = mbedtls_hash_info_psa_from_md( handshake->ciphersuite_info->mac );

    ret = mbedtls_ssl_tls13_evolve_secret( hash_alg, NULL, NULL, 0,
                                           handshake->tls13_master_secrets.early );
@ -1134,7 +1134,7 @@ int mbedtls_ssl_tls13_generate_handshake_keys( mbedtls_ssl_context *ssl,

    md_type = ciphersuite_info->mac;

-    hash_alg = mbedtls_psa_translate_md( ciphersuite_info->mac );
+    hash_alg = mbedtls_hash_info_psa_from_md( ciphersuite_info->mac );
    hash_len = PSA_HASH_LENGTH( hash_alg );

    ret = mbedtls_ssl_get_handshake_transcript( ssl, md_type,
@ -1228,7 +1228,7 @@ int mbedtls_ssl_tls13_key_schedule_stage_handshake( mbedtls_ssl_context *ssl )
    psa_status_t status = PSA_ERROR_GENERIC_ERROR;
 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED && MBEDTLS_ECDH_C */
    mbedtls_ssl_handshake_params *handshake = ssl->handshake;
-    psa_algorithm_t const hash_alg = mbedtls_psa_translate_md(
+    psa_algorithm_t const hash_alg = mbedtls_hash_info_psa_from_md(
                                        handshake->ciphersuite_info->mac );

 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED)
@ -1340,7 +1340,7 @@ int mbedtls_ssl_tls13_generate_application_keys(

    md_type = handshake->ciphersuite_info->mac;

-    hash_alg = mbedtls_psa_translate_md( handshake->ciphersuite_info->mac );
+    hash_alg = mbedtls_hash_info_psa_from_md( handshake->ciphersuite_info->mac );
    hash_len = PSA_HASH_LENGTH( hash_alg );

    /* Compute current handshake transcript. It's the caller's responsibility
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@ -47,6 +47,7 @@
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
 #include "psa/crypto.h"
 #include "mbedtls/psa_util.h"
+#include "hash_info.h"
 #endif /* MBEDTLS_USE_PSA_CRYPTO */

 #if defined(MBEDTLS_PLATFORM_C)
@ -2379,7 +2380,7 @@ static int x509_crt_verifycrl( mbedtls_x509_crt *crt, mbedtls_x509_crt *ca,
            flags |= MBEDTLS_X509_BADCRL_BAD_PK;

 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-        psa_algorithm = mbedtls_psa_translate_md( crl_list->sig_md );
+        psa_algorithm = mbedtls_hash_info_psa_from_md( crl_list->sig_md );
        if( psa_hash_compute( psa_algorithm,
                              crl_list->tbs.p,
                              crl_list->tbs.len,
@ -2460,7 +2461,7 @@ static int x509_crt_check_signature( const mbedtls_x509_crt *child,
        return( -1 );
 #else
    unsigned char hash[PSA_HASH_MAX_SIZE];
-    psa_algorithm_t hash_alg = mbedtls_psa_translate_md( child->sig_md );
+    psa_algorithm_t hash_alg = mbedtls_hash_info_psa_from_md( child->sig_md );
    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;

    status = psa_hash_compute( hash_alg,
--- a/library/x509write_crt.c
+++ b/library/x509write_crt.c
@ -43,6 +43,7 @@
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
 #include "psa/crypto.h"
 #include "mbedtls/psa_util.h"
+#include "hash_info.h"
 #endif /* MBEDTLS_USE_PSA_CRYPTO */

 void mbedtls_x509write_crt_init( mbedtls_x509write_cert *ctx )
@ -500,7 +501,7 @@ int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx,

    /* Compute hash of CRT. */
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    psa_algorithm = mbedtls_psa_translate_md( ctx->md_alg );
+    psa_algorithm = mbedtls_hash_info_psa_from_md( ctx->md_alg );

    status = psa_hash_compute( psa_algorithm,
                               c,
--- a/library/x509write_csr.c
+++ b/library/x509write_csr.c
@ -35,6 +35,7 @@
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
 #include "psa/crypto.h"
 #include "mbedtls/psa_util.h"
+#include "hash_info.h"
 #endif /* MBEDTLS_USE_PSA_CRYPTO */

 #include <string.h>
@ -150,7 +151,7 @@ static int x509write_csr_der_internal( mbedtls_x509write_csr *ctx,
    mbedtls_pk_type_t pk_alg;
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
    size_t hash_len;
-    psa_algorithm_t hash_alg = mbedtls_psa_translate_md( ctx->md_alg );
+    psa_algorithm_t hash_alg = mbedtls_hash_info_psa_from_md( ctx->md_alg );
 #endif /* MBEDTLS_USE_PSA_CRYPTO */

    /* Write the CSR backwards starting from the end of buf */
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@ -1321,7 +1321,7 @@ void pk_psa_wrap_sign_ext( int pk_type, int parameter, int key_pk_type, int md_a
    unsigned char pkey[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE];
    unsigned char *pkey_start;
    unsigned char hash[PSA_HASH_MAX_SIZE];
-    psa_algorithm_t psa_md_alg = mbedtls_psa_translate_md( md_alg );
+    psa_algorithm_t psa_md_alg = mbedtls_hash_info_psa_from_md( md_alg );
    psa_algorithm_t psa_alg;
    size_t hash_len = PSA_HASH_LENGTH( psa_md_alg );
    void const *options = NULL;
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@ -1458,7 +1458,7 @@ static int build_transforms( mbedtls_ssl_transform *t_in,
        memset( md1, 0x6, maclen );

 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-        alg = mbedtls_psa_translate_md( mbedtls_md_get_type( md_info ) );
+        alg = mbedtls_hash_info_psa_from_md( mbedtls_md_get_type( md_info ) );

        CHK( alg != 0 );

@ -5277,7 +5277,7 @@ void ssl_cf_hmac( int hash )
    USE_PSA_INIT( );

 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    alg = PSA_ALG_HMAC( mbedtls_psa_translate_md( hash ) );
+    alg = PSA_ALG_HMAC( mbedtls_hash_info_psa_from_md( hash ) );

    out_len = PSA_HASH_LENGTH( alg );
    block_size = PSA_HASH_BLOCK_LENGTH( alg );
--- a/tests/suites/test_suite_x509write.function
+++ b/tests/suites/test_suite_x509write.function
@ -6,6 +6,8 @@
 #include "mbedtls/oid.h"
 #include "mbedtls/rsa.h"

+#include "hash_info.h"
+
 #if defined(MBEDTLS_RSA_C)
 int mbedtls_rsa_decrypt_func( void *ctx, size_t *olen,
                       const unsigned char *input, unsigned char *output,
@ -181,7 +183,7 @@ void x509_csr_check_opaque( char *key_file, int md_type, int key_usage,
    PSA_INIT( );
    memset( &rnd_info, 0x2a, sizeof( mbedtls_test_rnd_pseudo_info ) );

-    md_alg_psa = mbedtls_psa_translate_md( (mbedtls_md_type_t) md_type );
+    md_alg_psa = mbedtls_hash_info_psa_from_md( (mbedtls_md_type_t) md_type );
    TEST_ASSERT( md_alg_psa != MBEDTLS_MD_NONE );

    mbedtls_pk_init( &key );
@ -294,7 +296,7 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd,
    {
        psa_algorithm_t alg_psa, md_alg_psa;

-        md_alg_psa = mbedtls_psa_translate_md( (mbedtls_md_type_t) md_type );
+        md_alg_psa = mbedtls_hash_info_psa_from_md( (mbedtls_md_type_t) md_type );
        TEST_ASSERT( md_alg_psa != MBEDTLS_MD_NONE );

        if( mbedtls_pk_get_type( &issuer_key ) == MBEDTLS_PK_ECKEY )