Remove use of `pk_get_type()`

[mpg]

The function mbedtls_pk_get_type() is not public and we should stop using it. The old concept of pk_type_t was ambiguous, so there will be different replacements depending of what it was used for.

1. Key type as in "RSA or ECC?" (hint: the result is used distinguishing "RSA or RSASSA_PSS" vs "ECKEY or ECKEY_DH or ECDSA" which is really an overly complicated way of spelling RSA or ECC) -> use mbedtls_pk_get_key_type() (introduced by PK: add mbedtls_pk_get_key_type() TF-PSA-Crypto#509) plus PSA macros like PSA_KEY_TYPE_IS_RSA() and PSA_KEY_TYPE_IS_ECC().
2. Indication of ownership of the underlying PSA key (hint: checking for equality with PK_OPAQUE) -> store ownership information elsewhere.
3. Algorithm identifier (hint: when it's cast to pk_sigalg_t) -> this one is more tricky and should be reviewed on a case by case basis.
4. Key type with policy information, to distinguish between ECKEY_DH public keys (forbidding ECDSA) and ECKEY public keys (allowing both ECDH and ECDSA).

[gilles-peskine-arm]

See Mbed-TLS/TF-PSA-Crypto#203 and Mbed-TLS/TF-PSA-Crypto#204 for an analysis and partial prototype of the removal of mbedtls_pk_type_t, mbedtls_pk_get_type and mbedtls_pk_can_do.

[davidhorstmann-arm]

use mbedtls_pk_get_key_type() (introduced by Mbed-TLS/TF-PSA-Crypto#509)

I've been using mbedtls_pk_get_type() to implement mbedtls_pk_get_key_type() for public keys (whoops). Is that okay or should I be doing something else? (e.g. parsing the raw public key data or something).

[davidhorstmann-arm]

There doesn't seem to be an equivalent bit of state to pk->pk_info->type for deciding whether it is RSA or ECC, so AFAICT we'll either have to:

• Keep pk->pk_info->type
• Introduce a new 'RSA or ECC` PK struct member
• Re-parse the raw public key data

[gilles-peskine-arm]

I would expect mbedtls_pk_context to acquire a field psa_key_type_t psa_type.

[mpg]

I've been using mbedtls_pk_get_type() to implement mbedtls_pk_get_key_type() for public keys (whoops). Is that okay or should I be doing something else?

Ah, thanks for noticing! Ideally you should be doing something else :)

(Unless it turns out to be a lot more complicated than we thought, in which case we can merge pk_get_key_type() with a "wrong" implementation first, to unlock other PRs that want to use it, then revisit the implementation later. But that would be plan B - plan A is to merge with a "right" implementation from the start.)

I think comparing ec_family to 0 should tell us whether the public key is ECC or not. Or we could add a bit field with a bit for "RSA or ECC". (We'll need a few other bits for information that used to be in the info/type, like "do we own the key in priv_id?" and "is this key restricted to DH?" so I guess we'll have a bit field at some point anyway.)

But probably none of these is very future proof, when we add support for other key types like ML-DSA. So, as Gilles said we can add a psa_key_type_t psa_type. Then pk_get_key_type() would be a trivial getter, but we'd have to slightly expand all functions that can populate a PK context, namely:

• mbedtls_pk_wrap_psa()
• mbedtls_pk_copy_from_psa() and mbedtls_pk_copy_public_from_psa()
• mbedtls_pk_parse_key() and mbedtls_pk_parse_public_key() and any other private parsing function (check pk_private.h).