Remove use of pk_can_do()

library/mbedtls_utils.h

@@ -0,0 +1,23 @@
+#include "mbedtls/pk.h"
+#include "psa/crypto.h"
+
+#ifndef MBEDTLS_UTILS_H
+#define MBEDTLS_UTILS_H
+
+/* Return the PSA algorithm associated to the given combination of "sigalg" and "hash_alg". */
+static inline int mbedtls_psa_alg_from_pk_sigalg(mbedtls_pk_sigalg_t sigalg,
+                                                 psa_algorithm_t hash_alg)
+{
+    switch (sigalg) {
+        case MBEDTLS_PK_SIGALG_RSA_PKCS1V15:
+            return PSA_ALG_RSA_PKCS1V15_SIGN(hash_alg);
+        case MBEDTLS_PK_SIGALG_RSA_PSS:
+            return PSA_ALG_RSA_PSS(hash_alg);
+        case MBEDTLS_PK_SIGALG_ECDSA:
+            return MBEDTLS_PK_ALG_ECDSA(hash_alg);
+        default:
+            return MBEDTLS_PK_SIGALG_NONE;
+    }
+}
+
+#endif /* MBEDTLS_UTILS_H */

library/ssl_tls.c

@@ -5607,11 +5607,13 @@ void mbedtls_ssl_config_free(mbedtls_ssl_config *conf)
 unsigned char mbedtls_ssl_sig_from_pk(mbedtls_pk_context *pk)
 {
 #if defined(MBEDTLS_RSA_C)
+    /* TODO: replace with mbedtls_pk_get_type() */
     if (mbedtls_pk_can_do(pk, MBEDTLS_PK_RSA)) {
         return MBEDTLS_SSL_SIG_RSA;
     }
 #endif
 #if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED)
+    /* TODO: replace with mbedtls_pk_get_type() */
     if (mbedtls_pk_can_do(pk, MBEDTLS_PK_ECDSA)) {
         return MBEDTLS_SSL_SIG_ECDSA;
     }

library/ssl_tls12_client.c

@@ -16,6 +16,7 @@
 #include "debug_internal.h"
 #include "mbedtls/error.h"
 #include "mbedtls/constant_time.h"
+#include "mbedtls_utils.h"
 
 #include "psa_util_internal.h"
 #include "psa/crypto.h"
@@ -1884,6 +1885,7 @@ static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl)
         unsigned char hash[MBEDTLS_MD_MAX_SIZE];
 
         mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE;
+        psa_algorithm_t psa_hash_alg;
         mbedtls_pk_sigalg_t pk_alg = MBEDTLS_PK_SIGALG_NONE;
         unsigned char *params = ssl->in_msg + mbedtls_ssl_hs_hdr_len(ssl);
         size_t params_len = (size_t) (p - params);
@@ -1922,7 +1924,10 @@ static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl)
         }
         p += 2;
 
-        if (!mbedtls_pk_can_do(peer_pk, (mbedtls_pk_type_t) pk_alg)) {
+        psa_hash_alg = mbedtls_md_psa_alg_from_type(md_alg);
+        if (!mbedtls_pk_can_do_psa(peer_pk,
+                                   mbedtls_psa_alg_from_pk_sigalg(pk_alg, psa_hash_alg),
+                                   PSA_KEY_USAGE_VERIFY_HASH)) {
             MBEDTLS_SSL_DEBUG_MSG(1,
                                   ("bad server key exchange message"));
             mbedtls_ssl_send_alert_message(
@@ -1978,14 +1983,6 @@ static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl)
         /*
          * Verify signature
          */
-        if (!mbedtls_pk_can_do(peer_pk, (mbedtls_pk_type_t) pk_alg)) {
-            MBEDTLS_SSL_DEBUG_MSG(1, ("bad server key exchange message"));
-            mbedtls_ssl_send_alert_message(
-                ssl,
-                MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
-            return MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH;
-        }
 
 #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
         if (ssl->handshake->ecrs_enabled) {

library/ssl_tls12_server.c

@@ -17,6 +17,7 @@
 #include "mbedtls/platform_util.h"
 #include "constant_time_internal.h"
 #include "mbedtls/constant_time.h"
+#include "mbedtls_utils.h"
 
 #include <string.h>
 
@@ -3426,7 +3427,9 @@ static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl)
     /*
      * Check the certificate's key type matches the signature alg
      */
-    if (!mbedtls_pk_can_do(peer_pk, (mbedtls_pk_type_t) pk_alg)) {
+    if (!mbedtls_pk_can_do_psa(peer_pk,
+                               mbedtls_psa_alg_from_pk_sigalg(pk_alg, PSA_ALG_ANY_HASH),
+                               PSA_KEY_USAGE_VERIFY_HASH)) {
         MBEDTLS_SSL_DEBUG_MSG(1, ("sig_alg doesn't match cert key"));
         return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
     }

library/ssl_tls13_generic.c

@@ -18,6 +18,7 @@
 #include "mbedtls/constant_time.h"
 #include "psa/crypto.h"
 #include "mbedtls/psa_util.h"
+#include "mbedtls_utils.h"
 
 #include "ssl_tls13_invasive.h"
 #include "ssl_tls13_keys.h"
@@ -277,7 +278,9 @@ static int ssl_tls13_parse_certificate_verify(mbedtls_ssl_context *ssl,
     /*
      * Check the certificate's key type matches the signature alg
      */
-    if (!mbedtls_pk_can_do(&ssl->session_negotiate->peer_cert->pk, (mbedtls_pk_type_t) sig_alg)) {
+    if (!mbedtls_pk_can_do_psa(&ssl->session_negotiate->peer_cert->pk,
+                               mbedtls_psa_alg_from_pk_sigalg(sig_alg, hash_alg),
+                               PSA_KEY_USAGE_VERIFY_HASH)) {
         MBEDTLS_SSL_DEBUG_MSG(1, ("signature algorithm doesn't match cert key"));
         goto error;
     }

library/x509_crt.c

@@ -38,6 +38,7 @@
 #include "psa_util_internal.h"
 #include "mbedtls/psa_util.h"
 #include "pk_internal.h"
+#include "mbedtls_utils.h"
 
 #include "mbedtls/platform.h"
 
@@ -2110,6 +2111,13 @@ static int x509_crt_check_signature(const mbedtls_x509_crt *child,
     psa_algorithm_t hash_alg = mbedtls_md_psa_alg_from_type(child->sig_md);
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
+    /* Skip expensive computation on obvious mismatch */
+    if (!mbedtls_pk_can_do_psa(&parent->pk,
+                               mbedtls_psa_alg_from_pk_sigalg(child->sig_pk, hash_alg),
+                                                              PSA_KEY_USAGE_VERIFY_HASH)) {
+        return -1;
+    }
+
     status = psa_hash_compute(hash_alg,
                               child->tbs.p,
                               child->tbs.len,
@@ -2120,11 +2128,6 @@ static int x509_crt_check_signature(const mbedtls_x509_crt *child,
         return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
     }
 
-    /* Skip expensive computation on obvious mismatch */
-    if (!mbedtls_pk_can_do(&parent->pk, (mbedtls_pk_type_t) child->sig_pk)) {
-        return -1;
-    }
-
 #if defined(MBEDTLS_ECP_RESTARTABLE)
     if (rs_ctx != NULL && child->sig_pk == MBEDTLS_PK_SIGALG_ECDSA) {
         return mbedtls_pk_verify_restartable(&parent->pk,

library/x509write_crt.c

@@ -408,6 +408,7 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx,
 
     /* There's no direct way of extracting a signature algorithm
      * (represented as an element of mbedtls_pk_type_t) from a PK instance. */
+    /* TODO: replace with mbedtls_pk_get_type() */
     if (mbedtls_pk_can_do(ctx->issuer_key, MBEDTLS_PK_RSA)) {
         pk_alg = MBEDTLS_PK_SIGALG_RSA_PKCS1V15;
     } else if (mbedtls_pk_can_do(ctx->issuer_key, MBEDTLS_PK_ECDSA)) {

library/x509write_csr.c

@@ -218,6 +218,7 @@ static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx,
         return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
     }
 
+    /* TODO: replace with mbedtls_pk_get_type() */
     if (mbedtls_pk_can_do(ctx->key, MBEDTLS_PK_RSA)) {
         pk_alg = MBEDTLS_PK_SIGALG_RSA_PKCS1V15;
     } else if (mbedtls_pk_can_do(ctx->key, MBEDTLS_PK_ECDSA)) {