config: Fix PSA configuration backwards compat

At the moment, the only difference in Mbed TLS configuration options set by MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR and MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY is that MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR defines MBEDTLS_GENPRIME and MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY does not. When working backwards however, when configuring what functionality is available in Mbed TLS's PSA implementation based on Mbed TLS configuration defines (i.e. when MBEDTLS_PSA_CRYPTO_CONFIG is not defined), both MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR and MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY are set regardless of the MBEDTLS_GENPRIME setting. On space-constrained platforms, it is a useful configuration to be able to import/export and work with RSA, but exclude RSA key generation, potentially saving flash space. Change config_psa.h to only set MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR if MBEDTLS_GENPRIME is also set. This restores the configuration behavior present in Mbed TLS v2.24.0 and earlier versions. Without this change, linker errors will occur when attempts to call, which doesn't exist when MBEDTLS_GENPRIME is unset. psa_crypto_rsa.c.obj: in function `rsa_generate_key': psa_crypto_rsa.c:320: undefined reference to `mbedtls_rsa_gen_key' Fixes Mbed-TLS#4512 Signed-off-by: Jaeden Amero <jaeden.amero@arm.com>
Patater · May 14, 2021 · 5d6c048 · 5d6c048
1 parent e0f06c6
commit 5d6c048
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 0 deletions.
diff --git a/ChangeLog.d/psa-without-genprime-fix.txt b/ChangeLog.d/psa-without-genprime-fix.txt
@@ -0,0 +1,4 @@
+Bugfix
+   * Fix how PSA configures RSA support based on what features are set in the
+     Mbed TLS configuration. Specifically, support RSA without key generation when MBEDTLS_GENPRIME is not
+     defined. Fixes #4512.
diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h
@@ -593,8 +593,10 @@ extern "C" {
 #define MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS 1
 #define PSA_WANT_ALG_RSA_PSS 1
 #endif /* MBEDTLS_PKCS1_V21 */
+#if defined(MBEDTLS_GENPRIME)
 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR 1
 #define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR 1
+#endif /* MBEDTLS_GENPRIME */
 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY 1
 #define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1
 #endif /* MBEDTLS_RSA_C */

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
@@ -1306,6 +1306,12 @@ component_build_crypto_baremetal () {
   if_build_succeeded are_empty_libraries library/libmbedx509.* library/libmbedtls.*
 }
 
+component_build_psa_crypto_rsa_no_genprime() {
+    msg "build: default config minus MBEDTLS_GENPRIME"
+    scripts/config.py unset MBEDTLS_GENPRIME
+    make
+}
+
 component_test_depends_curves () {
     msg "test/build: curves.pl (gcc)" # ~ 4 min
     record_status tests/scripts/curves.pl