Gitiles
Code Review Sign In
git01.mediatek.com / filogic / atf / a2872f97ec3904b8954999be7c88930716089b8a^! / . / drivers / auth / cryptocell / 712 / cryptocell_crypto.c
commita2872f97ec3904b8954999be7c88930716089b8a[log] [tgz]
authorGovindraj Raja <govindraj.raja@arm.com>Fri Feb 03 11:08:00 2023 +0000
committerGovindraj Raja <govindraj.raja@arm.com>Tue Feb 21 11:09:47 2023 +0000
treee5412a3f57d1488231a99ae2a030023c3c118ff7
parent9c7dfb05a55d2284ed84bfbf28f909378abf4da4 [diff] [blame]
refactor(crypto): avoid using struct mbedtls_pk_rsassa_pss_options

In preparation for supporting mbedtls 3.3, usage of
mbedtls_pk_rsassa_pss_options[1] is made private and is broken on 3.3

However looking closely into the usage in 'verify_signature' function
is no hard reason behind usage of this struct and they could be easily
replaced with independent variables.

This Minor refactor to avoid using the struct mbedtls_pk_rsassa_pss_options
and use independent variable will provide compatibility with both 2.x
and 3.x

[1]: https://github.com/Mbed-TLS/mbedtls/issues/7040

Change-Id: If0107d860d11d13cba7fd5d7941e7142e70c7b11
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>

diff --git a/drivers/auth/cryptocell/712/cryptocell_crypto.c b/drivers/auth/cryptocell/712/cryptocell_crypto.c
index c7ee36f..142f364 100644
--- a/drivers/auth/cryptocell/712/cryptocell_crypto.c
+++ b/drivers/auth/cryptocell/712/cryptocell_crypto.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2017-2020, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2017-2023, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -95,11 +95,10 @@
 	CCError_t error;
 	CCSbNParams_t pk;
 	CCSbSignature_t signature;
-	int rc, exp;
+	int rc, exp, expected_salt_len;
 	mbedtls_asn1_buf sig_oid, alg_oid, params;
-	mbedtls_md_type_t md_alg;
+	mbedtls_md_type_t md_alg, mgf1_hash_id;
 	mbedtls_pk_type_t pk_alg;
-	mbedtls_pk_rsassa_pss_options pss_opts;
 	size_t len;
 	uint8_t *p, *end;
 	/* Temp buf to store the public key modulo (N) in LE format */
@@ -119,22 +118,22 @@
 		return CRYPTO_ERR_SIGNATURE;
 
 	/* The CryptoCell only supports RSASSA-PSS signature */
-	if (pk_alg != MBEDTLS_PK_RSASSA_PSS || md_alg != MBEDTLS_MD_NONE)
+	if ((pk_alg != MBEDTLS_PK_RSASSA_PSS) || (md_alg != MBEDTLS_MD_NONE))
 		return CRYPTO_ERR_SIGNATURE;
 
 	/* Verify the RSASSA-PSS params */
 	/* The trailer field is verified to be 0xBC internally by this API */
 	rc = mbedtls_x509_get_rsassa_pss_params(&params, &md_alg,
-			&pss_opts.mgf1_hash_id,
-			&pss_opts.expected_salt_len);
+			&mgf1_hash_id,
+			&expected_salt_len);
 	if (rc != 0)
 		return CRYPTO_ERR_SIGNATURE;
 
 	/* The CryptoCell only supports SHA256 as hash algorithm */
-	if (md_alg != MBEDTLS_MD_SHA256 || pss_opts.mgf1_hash_id != MBEDTLS_MD_SHA256)
+	if ((md_alg != MBEDTLS_MD_SHA256) || (mgf1_hash_id != MBEDTLS_MD_SHA256))
 		return CRYPTO_ERR_SIGNATURE;
 
-	if (pss_opts.expected_salt_len != RSA_SALT_LEN)
+	if (expected_salt_len != RSA_SALT_LEN)
 		return CRYPTO_ERR_SIGNATURE;
 
 	/* Parse the public key */