From abac037a7b5a0472eb833ff670b1379d801f7501 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 18 Jul 2022 13:41:11 +0200 Subject: [PATCH] Migrate from old inline to new actual function. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This is mostly: sed -i 's/mbedtls_psa_translate_md/mbedtls_hash_info_psa_from_md/' \ library/*.c tests/suites/*.function This should be good for code size as the old inline function was used from 10 translation units inside the library, so we have 10 copies at least. Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/psa_util.h | 3 +++ library/pk.c | 4 ++-- library/pk_wrap.c | 11 ++++++----- library/ssl_ciphersuites.c | 4 ++-- library/ssl_cookie.c | 2 +- library/ssl_misc.h | 1 + library/ssl_tls.c | 8 ++++---- library/ssl_tls13_generic.c | 4 ++-- library/ssl_tls13_keys.c | 12 ++++++------ library/x509_crt.c | 5 +++-- library/x509write_crt.c | 3 ++- library/x509write_csr.c | 3 ++- tests/suites/test_suite_pk.function | 2 +- tests/suites/test_suite_ssl.function | 4 ++-- tests/suites/test_suite_x509write.function | 6 ++++-- 15 files changed, 41 insertions(+), 31 deletions(-) diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index dcca12ad5..f030bea94 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -124,6 +124,9 @@ static inline psa_key_usage_t mbedtls_psa_translate_cipher_operation( /* Translations for hashing. */ +/* Note: this function should not be used from inside the library, use + * mbedtls_hash_info_psa_from_md() from the internal hash_info.h instead. + * It is kept only for compatibility in case applications were using it. */ static inline psa_algorithm_t mbedtls_psa_translate_md( mbedtls_md_type_t md_alg ) { switch( md_alg ) diff --git a/library/pk.c b/library/pk.c index f2c1ad551..5dd0fa832 100644 --- a/library/pk.c +++ b/library/pk.c @@ -509,7 +509,7 @@ int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options, psa_status_t status = PSA_ERROR_DATA_CORRUPT; psa_status_t destruction_status = PSA_ERROR_DATA_CORRUPT; - psa_algorithm_t psa_md_alg = mbedtls_psa_translate_md( md_alg ); + psa_algorithm_t psa_md_alg = mbedtls_hash_info_psa_from_md( md_alg ); mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_algorithm_t psa_sig_alg = @@ -674,7 +674,7 @@ int mbedtls_pk_sign_ext( mbedtls_pk_type_t pk_type, } #if defined(MBEDTLS_RSA_C) - psa_md_alg = mbedtls_psa_translate_md( md_alg ); + psa_md_alg = mbedtls_hash_info_psa_from_md( md_alg ); if( psa_md_alg == 0 ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); diff --git a/library/pk_wrap.c b/library/pk_wrap.c index e234a8de3..3ea4ad1cb 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -52,6 +52,7 @@ #include "psa/crypto.h" #include "mbedtls/psa_util.h" #include "mbedtls/asn1.h" +#include "hash_info.h" #endif #if defined(MBEDTLS_PLATFORM_C) @@ -179,7 +180,7 @@ static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, int key_len; unsigned char buf[MBEDTLS_PK_RSA_PUB_DER_MAX_BYTES]; psa_algorithm_t psa_alg_md = - PSA_ALG_RSA_PKCS1V15_SIGN( mbedtls_psa_translate_md( md_alg ) ); + PSA_ALG_RSA_PKCS1V15_SIGN( mbedtls_hash_info_psa_from_md( md_alg ) ); size_t rsa_len = mbedtls_rsa_get_len( rsa ); #if SIZE_MAX > UINT_MAX @@ -328,7 +329,7 @@ static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, ((void) p_rng); psa_algorithm_t psa_md_alg; - psa_md_alg = mbedtls_psa_translate_md( md_alg ); + psa_md_alg = mbedtls_hash_info_psa_from_md( md_alg ); if( psa_md_alg == 0 ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); @@ -1168,7 +1169,7 @@ static int ecdsa_sign_wrap( void *ctx_arg, mbedtls_md_type_t md_alg, unsigned char buf[MBEDTLS_PK_ECP_PRV_DER_MAX_BYTES]; unsigned char *p; psa_algorithm_t psa_sig_md = - PSA_ALG_ECDSA( mbedtls_psa_translate_md( md_alg ) ); + PSA_ALG_ECDSA( mbedtls_hash_info_psa_from_md( md_alg ) ); size_t curve_bits; psa_ecc_family_t curve = mbedtls_ecc_group_to_psa( ctx->grp.id, &curve_bits ); @@ -1542,12 +1543,12 @@ static int pk_opaque_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, #if defined(MBEDTLS_ECDSA_C) if( PSA_KEY_TYPE_IS_ECC_KEY_PAIR( type ) ) - alg = PSA_ALG_ECDSA( mbedtls_psa_translate_md( md_alg ) ); + alg = PSA_ALG_ECDSA( mbedtls_hash_info_psa_from_md( md_alg ) ); else #endif /* MBEDTLS_ECDSA_C */ #if defined(MBEDTLS_RSA_C) if( PSA_KEY_TYPE_IS_RSA( type ) ) - alg = PSA_ALG_RSA_PKCS1V15_SIGN( mbedtls_psa_translate_md( md_alg ) ); + alg = PSA_ALG_RSA_PKCS1V15_SIGN( mbedtls_hash_info_psa_from_md( md_alg ) ); else #endif /* MBEDTLS_RSA_C */ return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index 835159e63..6b024bf81 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -1933,10 +1933,10 @@ psa_algorithm_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg( const mbedtls_ssl_ci case MBEDTLS_KEY_EXCHANGE_DHE_RSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: return( PSA_ALG_RSA_PKCS1V15_SIGN( - mbedtls_psa_translate_md( info->mac ) ) ); + mbedtls_hash_info_psa_from_md( info->mac ) ) ); case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: - return( PSA_ALG_ECDSA( mbedtls_psa_translate_md( info->mac ) ) ); + return( PSA_ALG_ECDSA( mbedtls_hash_info_psa_from_md( info->mac ) ) ); case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c index 4b2d2d2bf..f68ae71cc 100644 --- a/library/ssl_cookie.c +++ b/library/ssl_cookie.c @@ -117,7 +117,7 @@ int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx, (void)f_rng; (void)p_rng; - alg = mbedtls_psa_translate_md( COOKIE_MD ); + alg = mbedtls_hash_info_psa_from_md( COOKIE_MD ); if( alg == 0 ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 39a47cac7..4b6e03a22 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -30,6 +30,7 @@ #if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) #include "psa/crypto.h" #include "mbedtls/psa_util.h" +#include "hash_info.h" #endif #if defined(MBEDTLS_MD5_C) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index e60b82fa5..a055a4536 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -7235,10 +7235,10 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform, #endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_USE_PSA_CRYPTO) - mac_alg = mbedtls_psa_translate_md( ciphersuite_info->mac ); + mac_alg = mbedtls_hash_info_psa_from_md( ciphersuite_info->mac ); if( mac_alg == 0 ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "mbedtls_psa_translate_md for %u not found", + MBEDTLS_SSL_DEBUG_MSG( 1, ( "mbedtls_hash_info_psa_from_md for %u not found", (unsigned) ciphersuite_info->mac ) ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); } @@ -7618,7 +7618,7 @@ int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl, { psa_status_t status; psa_hash_operation_t hash_operation = PSA_HASH_OPERATION_INIT; - psa_algorithm_t hash_alg = mbedtls_psa_translate_md( md_alg ); + psa_algorithm_t hash_alg = mbedtls_hash_info_psa_from_md( md_alg ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "Perform PSA-based computation of digest of ServerKeyExchange" ) ); @@ -7759,7 +7759,7 @@ unsigned int mbedtls_ssl_tls12_get_preferred_hash_for_sig_alg( if( ssl->handshake->key_cert && ssl->handshake->key_cert->key ) { psa_algorithm_t psa_hash_alg = - mbedtls_psa_translate_md( hash_alg_received ); + mbedtls_hash_info_psa_from_md( hash_alg_received ); if( sig_alg_received == MBEDTLS_SSL_SIG_ECDSA && ! mbedtls_pk_can_do_ext( ssl->handshake->key_cert->key, diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 265d6d309..93604e748 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -219,7 +219,7 @@ static int ssl_tls13_parse_certificate_verify( mbedtls_ssl_context *ssl, goto error; } - hash_alg = mbedtls_psa_translate_md( md_alg ); + hash_alg = mbedtls_hash_info_psa_from_md( md_alg ); if( hash_alg == 0 ) { goto error; @@ -1043,7 +1043,7 @@ static int ssl_tls13_write_certificate_verify_body( mbedtls_ssl_context *ssl, p += 2; /* Hash verify buffer with indicated hash function */ - psa_algorithm = mbedtls_psa_translate_md( md_alg ); + psa_algorithm = mbedtls_hash_info_psa_from_md( md_alg ); status = psa_hash_compute( psa_algorithm, verify_buffer, verify_buffer_len, diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 51743bb39..a56fbeeaf 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -622,7 +622,7 @@ int mbedtls_ssl_tls13_key_schedule_stage_application( mbedtls_ssl_context *ssl ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ssl_handshake_params *handshake = ssl->handshake; - psa_algorithm_t const hash_alg = mbedtls_psa_translate_md( + psa_algorithm_t const hash_alg = mbedtls_hash_info_psa_from_md( handshake->ciphersuite_info->mac ); /* @@ -734,7 +734,7 @@ int mbedtls_ssl_tls13_calculate_verify_data( mbedtls_ssl_context* ssl, mbedtls_md_type_t const md_type = ssl->handshake->ciphersuite_info->mac; - psa_algorithm_t hash_alg = mbedtls_psa_translate_md( + psa_algorithm_t hash_alg = mbedtls_hash_info_psa_from_md( ssl->handshake->ciphersuite_info->mac ); size_t const hash_len = PSA_HASH_LENGTH( hash_alg ); @@ -1059,7 +1059,7 @@ int mbedtls_ssl_tls13_key_schedule_stage_early( mbedtls_ssl_context *ssl ) return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } - hash_alg = mbedtls_psa_translate_md( handshake->ciphersuite_info->mac ); + hash_alg = mbedtls_hash_info_psa_from_md( handshake->ciphersuite_info->mac ); ret = mbedtls_ssl_tls13_evolve_secret( hash_alg, NULL, NULL, 0, handshake->tls13_master_secrets.early ); @@ -1134,7 +1134,7 @@ int mbedtls_ssl_tls13_generate_handshake_keys( mbedtls_ssl_context *ssl, md_type = ciphersuite_info->mac; - hash_alg = mbedtls_psa_translate_md( ciphersuite_info->mac ); + hash_alg = mbedtls_hash_info_psa_from_md( ciphersuite_info->mac ); hash_len = PSA_HASH_LENGTH( hash_alg ); ret = mbedtls_ssl_get_handshake_transcript( ssl, md_type, @@ -1228,7 +1228,7 @@ int mbedtls_ssl_tls13_key_schedule_stage_handshake( mbedtls_ssl_context *ssl ) psa_status_t status = PSA_ERROR_GENERIC_ERROR; #endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED && MBEDTLS_ECDH_C */ mbedtls_ssl_handshake_params *handshake = ssl->handshake; - psa_algorithm_t const hash_alg = mbedtls_psa_translate_md( + psa_algorithm_t const hash_alg = mbedtls_hash_info_psa_from_md( handshake->ciphersuite_info->mac ); #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) @@ -1340,7 +1340,7 @@ int mbedtls_ssl_tls13_generate_application_keys( md_type = handshake->ciphersuite_info->mac; - hash_alg = mbedtls_psa_translate_md( handshake->ciphersuite_info->mac ); + hash_alg = mbedtls_hash_info_psa_from_md( handshake->ciphersuite_info->mac ); hash_len = PSA_HASH_LENGTH( hash_alg ); /* Compute current handshake transcript. It's the caller's responsibility diff --git a/library/x509_crt.c b/library/x509_crt.c index b38dff085..5677a5c57 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -47,6 +47,7 @@ #if defined(MBEDTLS_USE_PSA_CRYPTO) #include "psa/crypto.h" #include "mbedtls/psa_util.h" +#include "hash_info.h" #endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_PLATFORM_C) @@ -2379,7 +2380,7 @@ static int x509_crt_verifycrl( mbedtls_x509_crt *crt, mbedtls_x509_crt *ca, flags |= MBEDTLS_X509_BADCRL_BAD_PK; #if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_algorithm = mbedtls_psa_translate_md( crl_list->sig_md ); + psa_algorithm = mbedtls_hash_info_psa_from_md( crl_list->sig_md ); if( psa_hash_compute( psa_algorithm, crl_list->tbs.p, crl_list->tbs.len, @@ -2460,7 +2461,7 @@ static int x509_crt_check_signature( const mbedtls_x509_crt *child, return( -1 ); #else unsigned char hash[PSA_HASH_MAX_SIZE]; - psa_algorithm_t hash_alg = mbedtls_psa_translate_md( child->sig_md ); + psa_algorithm_t hash_alg = mbedtls_hash_info_psa_from_md( child->sig_md ); psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; status = psa_hash_compute( hash_alg, diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 2992dba06..c565b60d1 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -43,6 +43,7 @@ #if defined(MBEDTLS_USE_PSA_CRYPTO) #include "psa/crypto.h" #include "mbedtls/psa_util.h" +#include "hash_info.h" #endif /* MBEDTLS_USE_PSA_CRYPTO */ void mbedtls_x509write_crt_init( mbedtls_x509write_cert *ctx ) @@ -500,7 +501,7 @@ int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, /* Compute hash of CRT. */ #if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_algorithm = mbedtls_psa_translate_md( ctx->md_alg ); + psa_algorithm = mbedtls_hash_info_psa_from_md( ctx->md_alg ); status = psa_hash_compute( psa_algorithm, c, diff --git a/library/x509write_csr.c b/library/x509write_csr.c index 1cee318f9..b7a507ede 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -35,6 +35,7 @@ #if defined(MBEDTLS_USE_PSA_CRYPTO) #include "psa/crypto.h" #include "mbedtls/psa_util.h" +#include "hash_info.h" #endif /* MBEDTLS_USE_PSA_CRYPTO */ #include @@ -150,7 +151,7 @@ static int x509write_csr_der_internal( mbedtls_x509write_csr *ctx, mbedtls_pk_type_t pk_alg; #if defined(MBEDTLS_USE_PSA_CRYPTO) size_t hash_len; - psa_algorithm_t hash_alg = mbedtls_psa_translate_md( ctx->md_alg ); + psa_algorithm_t hash_alg = mbedtls_hash_info_psa_from_md( ctx->md_alg ); #endif /* MBEDTLS_USE_PSA_CRYPTO */ /* Write the CSR backwards starting from the end of buf */ diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index ca471f103..27b6972b1 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -1321,7 +1321,7 @@ void pk_psa_wrap_sign_ext( int pk_type, int parameter, int key_pk_type, int md_a unsigned char pkey[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE]; unsigned char *pkey_start; unsigned char hash[PSA_HASH_MAX_SIZE]; - psa_algorithm_t psa_md_alg = mbedtls_psa_translate_md( md_alg ); + psa_algorithm_t psa_md_alg = mbedtls_hash_info_psa_from_md( md_alg ); psa_algorithm_t psa_alg; size_t hash_len = PSA_HASH_LENGTH( psa_md_alg ); void const *options = NULL; diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 9a031b65c..47d8f2e33 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -1458,7 +1458,7 @@ static int build_transforms( mbedtls_ssl_transform *t_in, memset( md1, 0x6, maclen ); #if defined(MBEDTLS_USE_PSA_CRYPTO) - alg = mbedtls_psa_translate_md( mbedtls_md_get_type( md_info ) ); + alg = mbedtls_hash_info_psa_from_md( mbedtls_md_get_type( md_info ) ); CHK( alg != 0 ); @@ -5277,7 +5277,7 @@ void ssl_cf_hmac( int hash ) USE_PSA_INIT( ); #if defined(MBEDTLS_USE_PSA_CRYPTO) - alg = PSA_ALG_HMAC( mbedtls_psa_translate_md( hash ) ); + alg = PSA_ALG_HMAC( mbedtls_hash_info_psa_from_md( hash ) ); out_len = PSA_HASH_LENGTH( alg ); block_size = PSA_HASH_BLOCK_LENGTH( alg ); diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index 8f5c947a3..7a4747742 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -6,6 +6,8 @@ #include "mbedtls/oid.h" #include "mbedtls/rsa.h" +#include "hash_info.h" + #if defined(MBEDTLS_RSA_C) int mbedtls_rsa_decrypt_func( void *ctx, size_t *olen, const unsigned char *input, unsigned char *output, @@ -181,7 +183,7 @@ void x509_csr_check_opaque( char *key_file, int md_type, int key_usage, PSA_INIT( ); memset( &rnd_info, 0x2a, sizeof( mbedtls_test_rnd_pseudo_info ) ); - md_alg_psa = mbedtls_psa_translate_md( (mbedtls_md_type_t) md_type ); + md_alg_psa = mbedtls_hash_info_psa_from_md( (mbedtls_md_type_t) md_type ); TEST_ASSERT( md_alg_psa != MBEDTLS_MD_NONE ); mbedtls_pk_init( &key ); @@ -294,7 +296,7 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd, { psa_algorithm_t alg_psa, md_alg_psa; - md_alg_psa = mbedtls_psa_translate_md( (mbedtls_md_type_t) md_type ); + md_alg_psa = mbedtls_hash_info_psa_from_md( (mbedtls_md_type_t) md_type ); TEST_ASSERT( md_alg_psa != MBEDTLS_MD_NONE ); if( mbedtls_pk_get_type( &issuer_key ) == MBEDTLS_PK_ECKEY )