From 5299b2d68e40bb244f25da087a6cbc1588b3819c Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 12 Nov 2025 12:51:52 +0100 Subject: [PATCH 1/6] library: ssl: remove duplicate check in ssl_parse_server_key_exchange() The check being removed is already done few lines above so there is no need to repeat it twice. Signed-off-by: Valerio Setti --- library/ssl_tls12_client.c | 8 -------- 1 file changed, 8 deletions(-) diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 35ae891c1d5..4d6bc304e83 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -1978,14 +1978,6 @@ static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl) /* * Verify signature */ - if (!mbedtls_pk_can_do(peer_pk, (mbedtls_pk_type_t) pk_alg)) { - MBEDTLS_SSL_DEBUG_MSG(1, ("bad server key exchange message")); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE); - return MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH; - } #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) if (ssl->handshake->ecrs_enabled) { From 2aa9630e1ad75d68935ba662b14ace79557d7547 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 12 Nov 2025 12:55:52 +0100 Subject: [PATCH 2/6] library: common: add helper to get PSA algorithm from PK sigalg Add a simple helper to convert from PK sigalg to PSA algorithm. This is handy when calling mbedtls_pk_can_do_psa() knowing the PK sigalg and the used MD type. This is being added in a separate file because it's meant to be consumed by both ssl and x509 modules. It was not added to tf-psa-crypto because this is only needed on the mbedtls repo and doing so reduce interdependencies between the repos. Signed-off-by: Valerio Setti --- library/mbedtls_utils.h | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 library/mbedtls_utils.h diff --git a/library/mbedtls_utils.h b/library/mbedtls_utils.h new file mode 100644 index 00000000000..948b3910612 --- /dev/null +++ b/library/mbedtls_utils.h @@ -0,0 +1,23 @@ +#include "mbedtls/pk.h" +#include "psa/crypto.h" + +#ifndef MBEDTLS_UTILS_H +#define MBEDTLS_UTILS_H + +/* Return the PSA algorithm associated to the given combination of "sigalg" and "hash_alg". */ +static inline int mbedtls_psa_alg_from_pk_sigalg(mbedtls_pk_sigalg_t sigalg, + psa_algorithm_t hash_alg) +{ + switch (sigalg) { + case MBEDTLS_PK_SIGALG_RSA_PKCS1V15: + return PSA_ALG_RSA_PKCS1V15_SIGN(hash_alg); + case MBEDTLS_PK_SIGALG_RSA_PSS: + return PSA_ALG_RSA_PSS(hash_alg); + case MBEDTLS_PK_SIGALG_ECDSA: + return MBEDTLS_PK_ALG_ECDSA(hash_alg); + default: + return MBEDTLS_PK_SIGALG_NONE; + } +} + +#endif /* MBEDTLS_UTILS_H */ From 6ba873623dd4c07d3c3a448f8f66f16d2590245a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 12 Nov 2025 12:55:04 +0100 Subject: [PATCH 3/6] library: ssl: replace mbedtls_pk_can_do() with mbedtls_pk_can_do_psa() Signed-off-by: Valerio Setti --- library/ssl_tls12_client.c | 7 ++++++- library/ssl_tls12_server.c | 5 ++++- library/ssl_tls13_generic.c | 5 ++++- 3 files changed, 14 insertions(+), 3 deletions(-) diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 4d6bc304e83..59f865cdb7b 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -16,6 +16,7 @@ #include "debug_internal.h" #include "mbedtls/error.h" #include "mbedtls/constant_time.h" +#include "mbedtls_utils.h" #include "psa_util_internal.h" #include "psa/crypto.h" @@ -1884,6 +1885,7 @@ static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl) unsigned char hash[MBEDTLS_MD_MAX_SIZE]; mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE; + psa_algorithm_t psa_hash_alg; mbedtls_pk_sigalg_t pk_alg = MBEDTLS_PK_SIGALG_NONE; unsigned char *params = ssl->in_msg + mbedtls_ssl_hs_hdr_len(ssl); size_t params_len = (size_t) (p - params); @@ -1922,7 +1924,10 @@ static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl) } p += 2; - if (!mbedtls_pk_can_do(peer_pk, (mbedtls_pk_type_t) pk_alg)) { + psa_hash_alg = mbedtls_md_psa_alg_from_type(md_alg); + if (!mbedtls_pk_can_do_psa(peer_pk, + mbedtls_psa_alg_from_pk_sigalg(pk_alg, psa_hash_alg), + PSA_KEY_USAGE_VERIFY_HASH)) { MBEDTLS_SSL_DEBUG_MSG(1, ("bad server key exchange message")); mbedtls_ssl_send_alert_message( diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 0856dcfdd24..4fb657f1ce2 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -17,6 +17,7 @@ #include "mbedtls/platform_util.h" #include "constant_time_internal.h" #include "mbedtls/constant_time.h" +#include "mbedtls_utils.h" #include @@ -3426,7 +3427,9 @@ static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl) /* * Check the certificate's key type matches the signature alg */ - if (!mbedtls_pk_can_do(peer_pk, (mbedtls_pk_type_t) pk_alg)) { + if (!mbedtls_pk_can_do_psa(peer_pk, + mbedtls_psa_alg_from_pk_sigalg(pk_alg, PSA_ALG_ANY_HASH), + PSA_KEY_USAGE_VERIFY_HASH)) { MBEDTLS_SSL_DEBUG_MSG(1, ("sig_alg doesn't match cert key")); return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; } diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index f8aca908c48..bdf63773195 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -18,6 +18,7 @@ #include "mbedtls/constant_time.h" #include "psa/crypto.h" #include "mbedtls/psa_util.h" +#include "mbedtls_utils.h" #include "ssl_tls13_invasive.h" #include "ssl_tls13_keys.h" @@ -277,7 +278,9 @@ static int ssl_tls13_parse_certificate_verify(mbedtls_ssl_context *ssl, /* * Check the certificate's key type matches the signature alg */ - if (!mbedtls_pk_can_do(&ssl->session_negotiate->peer_cert->pk, (mbedtls_pk_type_t) sig_alg)) { + if (!mbedtls_pk_can_do_psa(&ssl->session_negotiate->peer_cert->pk, + mbedtls_psa_alg_from_pk_sigalg(sig_alg, hash_alg), + PSA_KEY_USAGE_VERIFY_HASH)) { MBEDTLS_SSL_DEBUG_MSG(1, ("signature algorithm doesn't match cert key")); goto error; } From e403ff3eda873214c1cd8b86c8d4b4f2ff78db38 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 12 Nov 2025 13:05:03 +0100 Subject: [PATCH 4/6] library: x509: change order of checks in x509_crt_check_signature() Checking that parent PK type is OK is definitely faster than computing an hash, so invert the checks. Signed-off-by: Valerio Setti --- library/x509_crt.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index e6b9252859b..1dc602bf825 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2110,6 +2110,11 @@ static int x509_crt_check_signature(const mbedtls_x509_crt *child, psa_algorithm_t hash_alg = mbedtls_md_psa_alg_from_type(child->sig_md); psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + /* Skip expensive computation on obvious mismatch */ + if (!mbedtls_pk_can_do(&parent->pk, (mbedtls_pk_type_t) child->sig_pk)) { + return -1; + } + status = psa_hash_compute(hash_alg, child->tbs.p, child->tbs.len, @@ -2120,11 +2125,6 @@ static int x509_crt_check_signature(const mbedtls_x509_crt *child, return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; } - /* Skip expensive computation on obvious mismatch */ - if (!mbedtls_pk_can_do(&parent->pk, (mbedtls_pk_type_t) child->sig_pk)) { - return -1; - } - #if defined(MBEDTLS_ECP_RESTARTABLE) if (rs_ctx != NULL && child->sig_pk == MBEDTLS_PK_SIGALG_ECDSA) { return mbedtls_pk_verify_restartable(&parent->pk, From 3ddf7fb2aff6e6343e3fff360bbc92d3bbce0e9f Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 12 Nov 2025 14:44:59 +0100 Subject: [PATCH 5/6] library: x509: replace mbedtls_pk_can_do() with mbedtls_pk_can_do_psa() Signed-off-by: Valerio Setti --- library/x509_crt.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 1dc602bf825..cefb25497d5 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -38,6 +38,7 @@ #include "psa_util_internal.h" #include "mbedtls/psa_util.h" #include "pk_internal.h" +#include "mbedtls_utils.h" #include "mbedtls/platform.h" @@ -2111,7 +2112,9 @@ static int x509_crt_check_signature(const mbedtls_x509_crt *child, psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; /* Skip expensive computation on obvious mismatch */ - if (!mbedtls_pk_can_do(&parent->pk, (mbedtls_pk_type_t) child->sig_pk)) { + if (!mbedtls_pk_can_do_psa(&parent->pk, + mbedtls_psa_alg_from_pk_sigalg(child->sig_pk, hash_alg), + PSA_KEY_USAGE_VERIFY_HASH)) { return -1; } From 562619fc6d63ad9fa6465b0c47d176a645cb53d3 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 12 Nov 2025 14:37:50 +0100 Subject: [PATCH 6/6] [TEMPORARY] library: future changes for mbedtls_pk_get_type This is a temporary placeholder commit that will be implemented once the referenced function will be implemented in tf-psa-crypto Signed-off-by: Valerio Setti --- library/ssl_tls.c | 2 ++ library/x509write_crt.c | 1 + library/x509write_csr.c | 1 + 3 files changed, 4 insertions(+) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 550f79de295..6a8e7873c40 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -5607,11 +5607,13 @@ void mbedtls_ssl_config_free(mbedtls_ssl_config *conf) unsigned char mbedtls_ssl_sig_from_pk(mbedtls_pk_context *pk) { #if defined(MBEDTLS_RSA_C) + /* TODO: replace with mbedtls_pk_get_type() */ if (mbedtls_pk_can_do(pk, MBEDTLS_PK_RSA)) { return MBEDTLS_SSL_SIG_RSA; } #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) + /* TODO: replace with mbedtls_pk_get_type() */ if (mbedtls_pk_can_do(pk, MBEDTLS_PK_ECDSA)) { return MBEDTLS_SSL_SIG_ECDSA; } diff --git a/library/x509write_crt.c b/library/x509write_crt.c index e4cdd5064b1..c6c26aab7da 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -408,6 +408,7 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, /* There's no direct way of extracting a signature algorithm * (represented as an element of mbedtls_pk_type_t) from a PK instance. */ + /* TODO: replace with mbedtls_pk_get_type() */ if (mbedtls_pk_can_do(ctx->issuer_key, MBEDTLS_PK_RSA)) { pk_alg = MBEDTLS_PK_SIGALG_RSA_PKCS1V15; } else if (mbedtls_pk_can_do(ctx->issuer_key, MBEDTLS_PK_ECDSA)) { diff --git a/library/x509write_csr.c b/library/x509write_csr.c index 0fac7751062..6e9a78c7ab7 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -218,6 +218,7 @@ static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx, return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; } + /* TODO: replace with mbedtls_pk_get_type() */ if (mbedtls_pk_can_do(ctx->key, MBEDTLS_PK_RSA)) { pk_alg = MBEDTLS_PK_SIGALG_RSA_PKCS1V15; } else if (mbedtls_pk_can_do(ctx->key, MBEDTLS_PK_ECDSA)) {