Skip to content

Commit

Permalink
config: Fix PSA configuration backwards compat
Browse files Browse the repository at this point in the history
At the moment, the only difference in Mbed TLS configuration options set
by MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR and
MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY is that
MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR defines MBEDTLS_GENPRIME and
MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY does not.

When working backwards however, when configuring what functionality is
available in Mbed TLS's PSA implementation based on Mbed TLS
configuration defines (i.e. when MBEDTLS_PSA_CRYPTO_CONFIG is not
defined), both MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR and
MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY are set regardless of the
MBEDTLS_GENPRIME setting.

On space-constrained platforms, it is a useful configuration to be able
to import/export and work with RSA, but exclude RSA key generation,
potentially saving flash space.

Change config_psa.h to only set
MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR if MBEDTLS_GENPRIME is also
set. This restores the configuration behavior present in Mbed TLS
v2.24.0 and earlier versions.

Without this change, linker errors will occur when attempts to call,
which doesn't exist when MBEDTLS_GENPRIME is unset.
    psa_crypto_rsa.c.obj: in function `rsa_generate_key':
    psa_crypto_rsa.c:320: undefined reference to `mbedtls_rsa_gen_key'

Fixes Mbed-TLS#4512

Signed-off-by: Jaeden Amero <jaeden.amero@arm.com>
  • Loading branch information
Patater committed May 14, 2021
1 parent e0f06c6 commit 0b6d6ae
Show file tree
Hide file tree
Showing 3 changed files with 12 additions and 0 deletions.
4 changes: 4 additions & 0 deletions ChangeLog.d/psa-without-genprime-fix.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
Bugfix
* Fix how PSA configures RSA support based on what features are set in the
Mbed TLS configuration. Specifically, support RSA without key generation
when MBEDTLS_GENPRIME is not defined. Fixes #4512.
2 changes: 2 additions & 0 deletions include/mbedtls/config_psa.h
Original file line number Diff line number Diff line change
Expand Up @@ -593,8 +593,10 @@ extern "C" {
#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS 1
#define PSA_WANT_ALG_RSA_PSS 1
#endif /* MBEDTLS_PKCS1_V21 */
#if defined(MBEDTLS_GENPRIME)
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR 1
#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR 1
#endif /* MBEDTLS_GENPRIME */
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY 1
#define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1
#endif /* MBEDTLS_RSA_C */
Expand Down
6 changes: 6 additions & 0 deletions tests/scripts/all.sh
Original file line number Diff line number Diff line change
Expand Up @@ -1306,6 +1306,12 @@ component_build_crypto_baremetal () {
if_build_succeeded are_empty_libraries library/libmbedx509.* library/libmbedtls.*
}

component_build_psa_crypto_rsa_no_genprime() {
msg "build: default config minus MBEDTLS_GENPRIME"
scripts/config.py unset MBEDTLS_GENPRIME
make
}

component_test_depends_curves () {
msg "test/build: curves.pl (gcc)" # ~ 4 min
record_status tests/scripts/curves.pl
Expand Down

0 comments on commit 0b6d6ae

Please sign in to comment.