Since the hash algorithm is known, this can be used when calling
"mbedtls_pk_can_do_psa()" to get a more accurate answer.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
The correct return type should have been "psa_algorithm_t" since the
beginning because this is what the function really returns and this is
what the returned value is then used for in the calling functions.
Change also the returned value in the default case from
MBEDTLS_PK_SIGALG_NONE to PSA_ALG_NONE in order to return the same type
as in other cases of the switch case.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Checking that parent PK type is OK is definitely faster than computing
an hash, so invert the checks.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Add a simple helper to convert from PK sigalg to PSA algorithm. This is
handy when calling mbedtls_pk_can_do_psa() knowing the PK sigalg and the
used MD type.
This is being added in a separate file because it's meant to be consumed
by both ssl and x509 modules. It was not added to tf-psa-crypto because
this is only needed on the mbedtls repo and doing so reduce interdependencies
between the repos.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
The check being removed is already done few lines above so there is no
need to repeat it twice.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This replacement is either:
- "server5-rsa-signed.crt": if a generic secp256r1 EC key is enough, i.e.
any EC key is fine as it's not secp192 since this support is being
removed from TF-PSA-Crypto.
- "server11-rsa-signed.crt": if an EC key which does not belong to "suite-b"
is required. For this case "secp256r1" wouldn't be good, so we use
a "secp256k1" key.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Those in SSL modules were redundant because it's already included from
ssl_misc.h.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Besides using an internal crypto header, error.h is arguably the wrong
place: this file's docstring says it's about "Error to string
translation", quite unrelated to the things we use from error_common.h.
This is not surprising given the history, but no longer makes sense
today.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
After some analysis search it was determined that previous test data seem
not to belong to the "framework/data_files" certificate files. Therefore
new test data has been generated from scratch.
The improvement compared to the previous situation is that comments has
been added on top of each test in order to explain how to recreate new test
data.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This is temporary but still required in order to have this commit merged
before the crypto#570, where these curves are really removed.
These lines will be removed in a follow-up PR once crypto#570 is merged.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Support for these curves is being removed from tf-psa-crypto, so we need
to remove all the references also in this repo.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Since crypto#308 has been merged:
- replace MBEDTLS_PK_USE_PSA_RSA_DATA with PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
- remove "no-check-names"
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
