Do not perform adjustments on legacy crypto from PSA, when MBEDTLS_PSA_CRYPTO_CLIENT && !MBEDTLS_PSA_CRYPTO_C

[adeaarm]

Summary

When a pure PSA client configuration is being built, i.e. MBEDTLS_PSA_CRYPTO_CLIENT && !MBEDTLS_PSA_CRYPTO_C are defined in the Mbed TLS config, the header file config_adjust_legacy_from_psa.h will try to adjust the MBEDTLS_* config items based on what the PSA_WANT_* defines are imposing. For a client config this adjustment is not really required because the crypto operations will not be implemented by the instance of Mbed TLS running on client side (if any) but will just be routed throughout the transport towards the service side, i.e. these checks are imposing an additional not required constraint on the client config, and so the should be avoided. Ideally, for a pure client config that only performs PSA Crypto APIs, the only required item in a config should be indeed `#define MBEDTLS_PSA_CRYPTO_CLIENT".

Note: This assumes the adjustment are only impacting crypto related configuration items, if they are impacting TLS/X.509 related config that then those would need to be preserved.

System information

Mbed TLS version (number or commit id): 3.6.0 and development
Operating system and version: not relevant
Configuration (if not default, please attach mbedtls_config.h): MBEDTLS_PSA_CRYPTO_CLIENT && !MBEDTLS_PSA_CRYPTO_C
Compiler and options (if you used a pre-built binary, please indicate how you obtained it): not relevant
Additional environment information: N/A

Expected behavior

Do not require local config of Mbed TLS to match adjustment that would stem from PSA_WANT_* requirements

Actual behavior

a valid local config (client side) of Mbed TLS must be provided to match PSA_WANT_* requirements

Steps to reproduce

Additional information

TF-M use case

[gilles-peskine-arm]

Ideally, for a pure client config that only performs PSA Crypto APIs, the only required item in a config should be indeed `#define MBEDTLS_PSA_CRYPTO_CLIENT".

No, a client needs the PSA_WANT_xxx symbols because those determine the values of size macros.

But when MBEDTLS_PSA_CRYPTO_CLIENT && !MBEDTLS_PSA_CRYPTO_C (client-only PSA) and MBEDTLS_PSA_CRYPTO_CONFIG (not deducing the PSA config from the legacy config) and MBEDTLS_USE_PSA_CRYPTO (relying only on the PSA API in PK/X509/TLS), we should indeed not define legacy crypto symbols.

[adeaarm]

Ideally, for a pure client config that only performs PSA Crypto APIs, the only required item in a config should be indeed `#define MBEDTLS_PSA_CRYPTO_CLIENT".

No, a client needs the PSA_WANT_xxx symbols because those determine the values of size macros.

But when MBEDTLS_PSA_CRYPTO_CLIENT && !MBEDTLS_PSA_CRYPTO_C (client-only PSA) and MBEDTLS_PSA_CRYPTO_CONFIG (not deducing the PSA config from the legacy config) and MBEDTLS_USE_PSA_CRYPTO (relying only on the PSA API in PK/X509/TLS), we should indeed not define legacy crypto symbols.

Yes, just to confirm, I was referring only to "legacy" mbed tls config items here (i.e. what would end up in mbedtls_config.h). I agree that the client will have to still define the correct PSA_WANT_* items to correctly have the header inclusions deduce the correct macro sizes.