refactor(crypto): avoid using struct mbedtls_pk_rsassa_pss_options

In preparation for supporting mbedtls 3.3, usage of
mbedtls_pk_rsassa_pss_options[1] is made private and is broken on 3.3

However looking closely into the usage in 'verify_signature' function
is no hard reason behind usage of this struct and they could be easily
replaced with independent variables.

This Minor refactor to avoid using the struct mbedtls_pk_rsassa_pss_options
and use independent variable will provide compatibility with both 2.x
and 3.x

[1]: https://github.com/Mbed-TLS/mbedtls/issues/7040

Change-Id: If0107d860d11d13cba7fd5d7941e7142e70c7b11
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>

drivers/auth/cryptocell/712/cryptocell_crypto.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2017-2020, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2017-2023, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -95,11 +95,10 @@ static int verify_signature(void *data_ptr, unsigned int data_len,
 	CCError_t error;
 	CCSbNParams_t pk;
 	CCSbSignature_t signature;
-	int rc, exp;
+	int rc, exp, expected_salt_len;
 	mbedtls_asn1_buf sig_oid, alg_oid, params;
-	mbedtls_md_type_t md_alg;
+	mbedtls_md_type_t md_alg, mgf1_hash_id;
 	mbedtls_pk_type_t pk_alg;
-	mbedtls_pk_rsassa_pss_options pss_opts;
 	size_t len;
 	uint8_t *p, *end;
 	/* Temp buf to store the public key modulo (N) in LE format */
@@ -119,22 +118,22 @@ static int verify_signature(void *data_ptr, unsigned int data_len,
 		return CRYPTO_ERR_SIGNATURE;
 
 	/* The CryptoCell only supports RSASSA-PSS signature */
-	if (pk_alg != MBEDTLS_PK_RSASSA_PSS || md_alg != MBEDTLS_MD_NONE)
+	if ((pk_alg != MBEDTLS_PK_RSASSA_PSS) || (md_alg != MBEDTLS_MD_NONE))
 		return CRYPTO_ERR_SIGNATURE;
 
 	/* Verify the RSASSA-PSS params */
 	/* The trailer field is verified to be 0xBC internally by this API */
 	rc = mbedtls_x509_get_rsassa_pss_params(&params, &md_alg,
-			&pss_opts.mgf1_hash_id,
-			&pss_opts.expected_salt_len);
+			&mgf1_hash_id,
+			&expected_salt_len);
 	if (rc != 0)
 		return CRYPTO_ERR_SIGNATURE;
 
 	/* The CryptoCell only supports SHA256 as hash algorithm */
-	if (md_alg != MBEDTLS_MD_SHA256 || pss_opts.mgf1_hash_id != MBEDTLS_MD_SHA256)
+	if ((md_alg != MBEDTLS_MD_SHA256) || (mgf1_hash_id != MBEDTLS_MD_SHA256))
 		return CRYPTO_ERR_SIGNATURE;
 
-	if (pss_opts.expected_salt_len != RSA_SALT_LEN)
+	if (expected_salt_len != RSA_SALT_LEN)
 		return CRYPTO_ERR_SIGNATURE;
 
 	/* Parse the public key */

drivers/auth/cryptocell/713/cryptocell_crypto.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2017-2023 ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -82,11 +82,11 @@ static int verify_signature(void *data_ptr, unsigned int data_len,
 	CCError_t error;
 	CCBsvNBuff_t NBuff;
 	CCBsvSignature_t signature;
-	int rc, exp;
+	int rc, exp, expected_salt_len;
 	mbedtls_asn1_buf sig_oid, alg_oid, params;
-	mbedtls_md_type_t md_alg;
+	mbedtls_md_type_t md_alg, mgf1_hash_id;
 	mbedtls_pk_type_t pk_alg;
-	mbedtls_pk_rsassa_pss_options pss_opts;
+
 	size_t len;
 	uint8_t *p, *end;
 	CCHashResult_t digest;
@@ -114,17 +114,17 @@ static int verify_signature(void *data_ptr, unsigned int data_len,
 	/* Verify the RSASSA-PSS params */
 	/* The trailer field is verified to be 0xBC internally by this API */
 	rc = mbedtls_x509_get_rsassa_pss_params(&params, &md_alg,
-			&pss_opts.mgf1_hash_id,
-			&pss_opts.expected_salt_len);
+			&mgf1_hash_id,
+			&expected_salt_len);
 	if (rc != 0)
 		return CRYPTO_ERR_SIGNATURE;
 
 	/* The CryptoCell only supports SHA256 as hash algorithm */
 	if (md_alg != MBEDTLS_MD_SHA256 ||
-	    pss_opts.mgf1_hash_id != MBEDTLS_MD_SHA256)
+	    mgf1_hash_id != MBEDTLS_MD_SHA256)
 		return CRYPTO_ERR_SIGNATURE;
 
-	if (pss_opts.expected_salt_len != RSA_SALT_LEN)
+	if (expected_salt_len != RSA_SALT_LEN)
 		return CRYPTO_ERR_SIGNATURE;
 
 	/* Parse the public key */