PKCS5: always use MD
As a consequence, MD_C is now enabled in component accel_hash_use_psa.
Fix guards in X.509 info function to avoid this causing a failure now.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
diff --git a/library/pkcs5.c b/library/pkcs5.c
index f471b63..a755f23 100644
--- a/library/pkcs5.c
+++ b/library/pkcs5.c
@@ -47,12 +47,6 @@
#include "hash_info.h"
#include "mbedtls/psa_util.h"
-#if !defined(MBEDTLS_MD_C)
-#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \
- psa_to_md_errors, \
- psa_generic_status_to_mbedtls)
-#endif
-
#if defined(MBEDTLS_ASN1_PARSE_C)
static int pkcs5_parse_pbkdf2_params(const mbedtls_asn1_buf *params,
mbedtls_asn1_buf *salt, int *iterations,
@@ -221,7 +215,6 @@
}
#endif /* MBEDTLS_ASN1_PARSE_C */
-#if defined(MBEDTLS_MD_C)
static int pkcs5_pbkdf2_hmac(mbedtls_md_context_t *ctx,
const unsigned char *password,
size_t plen, const unsigned char *salt, size_t slen,
@@ -322,7 +315,6 @@
key_length, output);
}
#endif
-#endif /* MBEDTLS_MD_C */
int mbedtls_pkcs5_pbkdf2_hmac_ext(mbedtls_md_type_t md_alg,
const unsigned char *password,
@@ -330,7 +322,6 @@
unsigned int iteration_count,
uint32_t key_length, unsigned char *output)
{
-#if defined(MBEDTLS_MD_C)
mbedtls_md_context_t md_ctx;
const mbedtls_md_info_t *md_info = NULL;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@@ -350,116 +341,6 @@
exit:
mbedtls_md_free(&md_ctx);
return ret;
-#else
- unsigned int i;
- unsigned char md1[PSA_HASH_MAX_SIZE];
- unsigned char work[PSA_HASH_MAX_SIZE];
- const unsigned char md_size = mbedtls_hash_info_get_size(md_alg);
- psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
-
- psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
- psa_status_t status_destruction = PSA_ERROR_CORRUPTION_DETECTED;
- size_t use_len, out_len;
- unsigned char *out_p = output;
- unsigned char counter[4];
- mbedtls_svc_key_id_t psa_hmac_key = MBEDTLS_SVC_KEY_ID_INIT;
- psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- const psa_algorithm_t alg = PSA_ALG_HMAC(mbedtls_hash_info_psa_from_md(md_alg));
- const size_t out_size = PSA_MAC_LENGTH(PSA_KEY_TYPE_HMAC, 0, alg);
-
- memset(counter, 0, sizeof(counter));
- counter[3] = 1;
-
- psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_MESSAGE);
- psa_set_key_algorithm(&attributes, alg);
- psa_set_key_type(&attributes, PSA_KEY_TYPE_HMAC);
-
- if (key_length == 0) {
- return 0;
- }
- if ((status = psa_import_key(&attributes,
- password, plen,
- &psa_hmac_key)) != PSA_SUCCESS) {
- return MBEDTLS_ERR_PKCS5_BAD_INPUT_DATA;
- }
-
-#if UINT_MAX > 0xFFFFFFFF
- if (iteration_count > 0xFFFFFFFF) {
- return MBEDTLS_ERR_PKCS5_BAD_INPUT_DATA;
- }
-#endif
-
- while (key_length) {
- status = psa_mac_sign_setup(&operation, psa_hmac_key,
- PSA_ALG_HMAC(alg));
- if (status != PSA_SUCCESS) {
- goto cleanup;
- }
- // U1 ends up in work
- if ((status = psa_mac_update(&operation, salt, slen)) != PSA_SUCCESS) {
- goto cleanup;
- }
-
- if ((status = psa_mac_update(&operation, counter, sizeof(counter))) != PSA_SUCCESS) {
- goto cleanup;
- }
-
- if ((status = psa_mac_sign_finish(&operation, work, out_size, &out_len))
- != PSA_SUCCESS) {
- goto cleanup;
- }
-
- memcpy(md1, work, out_len);
-
- for (i = 1; i < iteration_count; i++) {
- // U2 ends up in md1
- //
- status = psa_mac_sign_setup(&operation, psa_hmac_key,
- PSA_ALG_HMAC(alg));
- if (status != PSA_SUCCESS) {
- goto cleanup;
- }
- if ((status = psa_mac_update(&operation, md1, md_size)) != PSA_SUCCESS) {
- goto cleanup;
- }
- if ((status =
- psa_mac_sign_finish(&operation, md1, out_size, &out_len)) != PSA_SUCCESS) {
- goto cleanup;
- }
-
- // U1 xor U2
- //
- mbedtls_xor(work, work, md1, md_size);
- }
-
- use_len = (key_length < md_size) ? key_length : md_size;
- memcpy(out_p, work, use_len);
-
- key_length -= (uint32_t) use_len;
- out_p += use_len;
-
- for (i = 4; i > 0; i--) {
- if (++counter[i - 1] != 0) {
- break;
- }
- }
- }
-
-cleanup:
- /* Zeroise buffers to clear sensitive data from memory. */
- mbedtls_platform_zeroize(work, PSA_HASH_MAX_SIZE);
- mbedtls_platform_zeroize(md1, PSA_HASH_MAX_SIZE);
- status_destruction = psa_destroy_key(psa_hmac_key);
- if (status == PSA_SUCCESS && status_destruction != PSA_SUCCESS) {
- status = status_destruction;
- }
- status_destruction = psa_mac_abort(&operation);
- if (status == PSA_SUCCESS && status_destruction != PSA_SUCCESS) {
- status = status_destruction;
- }
-
- return PSA_TO_MBEDTLS_ERR(status);
-#endif /* !MBEDTLS_MD_C */
}
#if defined(MBEDTLS_SELF_TEST)
diff --git a/library/x509.c b/library/x509.c
index fc13b92..f20b3cf 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -135,31 +135,31 @@
static inline const char *md_type_to_string(mbedtls_md_type_t md_alg)
{
switch (md_alg) {
-#if defined(MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA)
+#if defined(MBEDTLS_MD_CAN_MD5)
case MBEDTLS_MD_MD5:
return "MD5";
#endif
-#if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA)
+#if defined(MBEDTLS_MD_CAN_SHA1)
case MBEDTLS_MD_SHA1:
return "SHA1";
#endif
-#if defined(MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA)
+#if defined(MBEDTLS_MD_CAN_SHA224)
case MBEDTLS_MD_SHA224:
return "SHA224";
#endif
-#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA)
+#if defined(MBEDTLS_MD_CAN_SHA256)
case MBEDTLS_MD_SHA256:
return "SHA256";
#endif
-#if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA)
+#if defined(MBEDTLS_MD_CAN_SHA384)
case MBEDTLS_MD_SHA384:
return "SHA384";
#endif
-#if defined(MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA)
+#if defined(MBEDTLS_MD_CAN_SHA512)
case MBEDTLS_MD_SHA512:
return "SHA512";
#endif
-#if defined(MBEDTLS_HAS_ALG_RIPEMD160_VIA_MD_OR_PSA)
+#if defined(MBEDTLS_MD_CAN_RIPEMD160)
case MBEDTLS_MD_RIPEMD160:
return "RIPEMD160";
#endif