mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-10 20:45:45 +00:00
Merge pull request #3712 from jdurkop/psa-crypto-config-ecdsa-3670
Introduce MBEDTLS_PSA_CRYPTO_CONFIG and use it for ECDSA
This commit is contained in:
commit
2d0b7231f7
|
@ -864,7 +864,7 @@
|
||||||
* may result in a compromise of the long-term signing key. This is avoided by
|
* may result in a compromise of the long-term signing key. This is avoided by
|
||||||
* the deterministic variant.
|
* the deterministic variant.
|
||||||
*
|
*
|
||||||
* Requires: MBEDTLS_HMAC_DRBG_C
|
* Requires: MBEDTLS_HMAC_DRBG_C, MBEDTLS_ECDSA_C
|
||||||
*
|
*
|
||||||
* Comment this macro to disable deterministic ECDSA.
|
* Comment this macro to disable deterministic ECDSA.
|
||||||
*/
|
*/
|
||||||
|
@ -1330,7 +1330,7 @@
|
||||||
*
|
*
|
||||||
* Enable support for the experimental PSA crypto driver interface.
|
* Enable support for the experimental PSA crypto driver interface.
|
||||||
*
|
*
|
||||||
* Requires: MBEDTLS_PSA_CRYPTO_C.
|
* Requires: MBEDTLS_PSA_CRYPTO_C
|
||||||
*
|
*
|
||||||
* \warning This interface is experimental and may change or be removed
|
* \warning This interface is experimental and may change or be removed
|
||||||
* without notice.
|
* without notice.
|
||||||
|
@ -2019,6 +2019,20 @@
|
||||||
*/
|
*/
|
||||||
//#define MBEDTLS_USE_PSA_CRYPTO
|
//#define MBEDTLS_USE_PSA_CRYPTO
|
||||||
|
|
||||||
|
/**
|
||||||
|
* \def MBEDTLS_PSA_CRYPTO_CONFIG
|
||||||
|
*
|
||||||
|
* This setting allows support for cryptographic mechanisms through the PSA
|
||||||
|
* API to be configured separately from support through the mbedtls API.
|
||||||
|
*
|
||||||
|
* Uncomment this to enable use of PSA Crypto configuration settings which
|
||||||
|
* can be found in include/psa/crypto_config.h
|
||||||
|
*
|
||||||
|
* This feature is still experimental and is not ready for production since
|
||||||
|
* it is not completed.
|
||||||
|
*/
|
||||||
|
//#define MBEDTLS_PSA_CRYPTO_CONFIG
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \def MBEDTLS_VERSION_FEATURES
|
* \def MBEDTLS_VERSION_FEATURES
|
||||||
*
|
*
|
||||||
|
@ -3811,6 +3825,8 @@
|
||||||
#include MBEDTLS_USER_CONFIG_FILE
|
#include MBEDTLS_USER_CONFIG_FILE
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#include "mbedtls/config_psa.h"
|
||||||
|
|
||||||
#include "mbedtls/check_config.h"
|
#include "mbedtls/check_config.h"
|
||||||
|
|
||||||
#endif /* MBEDTLS_CONFIG_H */
|
#endif /* MBEDTLS_CONFIG_H */
|
||||||
|
|
82
include/mbedtls/config_psa.h
Normal file
82
include/mbedtls/config_psa.h
Normal file
|
@ -0,0 +1,82 @@
|
||||||
|
/**
|
||||||
|
* \file mbedtls/config_psa.h
|
||||||
|
* \brief PSA crypto configuration options (set of defines)
|
||||||
|
*
|
||||||
|
* This set of compile-time options takes settings defined in
|
||||||
|
* include/mbedtls/config.h and include/psa/crypto_config.h and uses
|
||||||
|
* those definitions to define symbols used in the library code.
|
||||||
|
*
|
||||||
|
* Users and integrators should not edit this file, please edit
|
||||||
|
* include/mbedtls/config.h for MBETLS_XXX settings or
|
||||||
|
* include/psa/crypto_config.h for PSA_WANT_XXX settings.
|
||||||
|
*/
|
||||||
|
/*
|
||||||
|
* Copyright The Mbed TLS Contributors
|
||||||
|
* SPDX-License-Identifier: Apache-2.0
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
* not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#ifndef MBEDTLS_CONFIG_PSA_H
|
||||||
|
#define MBEDTLS_CONFIG_PSA_H
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
|
||||||
|
#include "psa/crypto_config.h"
|
||||||
|
#endif /* defined(MBEDTLS_PSA_CRYPTO_CONFIG) */
|
||||||
|
|
||||||
|
#ifdef __cplusplus
|
||||||
|
extern "C" {
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
|
||||||
|
|
||||||
|
#if defined(PSA_WANT_ALG_ECDSA)
|
||||||
|
#if !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA)
|
||||||
|
#define MBEDTLS_PSA_BUILTIN_ALG_ECDSA 1
|
||||||
|
#define MBEDTLS_ECDSA_C
|
||||||
|
#endif /* !MBEDTLS_PSA_ACCEL_ALG_ECDSA */
|
||||||
|
#endif /* PSA_WANT_ALG_ECDSA */
|
||||||
|
|
||||||
|
#if defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA)
|
||||||
|
#if !defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA)
|
||||||
|
#define MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA 1
|
||||||
|
#define MBEDTLS_ECDSA_DETERMINISTIC
|
||||||
|
#define MBEDTLS_ECDSA_C
|
||||||
|
#define MBEDTLS_HMAC_DRBG_C
|
||||||
|
#define MBEDTLS_MD_C
|
||||||
|
#endif /* MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA */
|
||||||
|
#endif /* PSA_WANT_ALG_DETERMINISTIC_ECDSA */
|
||||||
|
|
||||||
|
#else /* MBEDTLS_PSA_CRYPTO_CONFIG */
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Ensure PSA_WANT_* defines are setup properly if MBEDTLS_PSA_CRYPTO_CONFIG
|
||||||
|
* is not defined
|
||||||
|
*/
|
||||||
|
#if defined(MBEDTLS_ECDSA_C)
|
||||||
|
#define MBEDTLS_PSA_BUILTIN_ALG_ECDSA
|
||||||
|
|
||||||
|
// Only add in DETERMINISTIC support if ECDSA is also enabled
|
||||||
|
#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
|
||||||
|
#define MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA
|
||||||
|
#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
|
||||||
|
|
||||||
|
#endif /* MBEDTLS_ECDSA_C */
|
||||||
|
|
||||||
|
#endif /* MBEDTLS_PSA_CRYPTO_CONFIG */
|
||||||
|
|
||||||
|
#ifdef __cplusplus
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#endif /* MBEDTLS_CONFIG_PSA_H */
|
56
include/psa/crypto_config.h
Normal file
56
include/psa/crypto_config.h
Normal file
|
@ -0,0 +1,56 @@
|
||||||
|
/**
|
||||||
|
* \file psa/crypto_config.h
|
||||||
|
* \brief PSA crypto configuration options (set of defines)
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
#if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
|
||||||
|
/**
|
||||||
|
* When #MBEDTLS_PSA_CRYPTO_CONFIG is enabled in config.h,
|
||||||
|
* this file determines which cryptographic mechanisms are enabled
|
||||||
|
* through the PSA Cryptography API (\c psa_xxx() functions).
|
||||||
|
*
|
||||||
|
* To enable a cryptographic mechanism, uncomment the definition of
|
||||||
|
* the corresponding \c PSA_WANT_xxx preprocessor symbol.
|
||||||
|
* To disable a cryptographic mechanism, comment out the definition of
|
||||||
|
* the corresponding \c PSA_WANT_xxx preprocessor symbol.
|
||||||
|
* The names of cryptographic mechanisms correspond to values
|
||||||
|
* defined in psa/crypto_values.h, with the prefix \c PSA_WANT_ instead
|
||||||
|
* of \c PSA_.
|
||||||
|
*
|
||||||
|
* Note that many cryptographic mechanisms involve two symbols: one for
|
||||||
|
* the key type (\c PSA_WANT_KEY_TYPE_xxx) and one for the algorithm
|
||||||
|
* (\c PSA_WANT_ALG_xxx). Mechanisms with additional parameters may involve
|
||||||
|
* additional symbols.
|
||||||
|
*/
|
||||||
|
#else
|
||||||
|
/**
|
||||||
|
* When \c MBEDTLS_PSA_CRYPTO_CONFIG is disabled in config.h,
|
||||||
|
* this file is not used, and cryptographic mechanisms are supported
|
||||||
|
* through the PSA API if and only if they are supported through the
|
||||||
|
* mbedtls_xxx API.
|
||||||
|
*/
|
||||||
|
#endif
|
||||||
|
/*
|
||||||
|
* Copyright The Mbed TLS Contributors
|
||||||
|
* SPDX-License-Identifier: Apache-2.0
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
* not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#ifndef PSA_CRYPTO_CONFIG_H
|
||||||
|
#define PSA_CRYPTO_CONFIG_H
|
||||||
|
|
||||||
|
#define PSA_WANT_ALG_ECDSA 1
|
||||||
|
#define PSA_WANT_ALG_DETERMINISTIC_ECDSA 1
|
||||||
|
|
||||||
|
#endif /* PSA_CRYPTO_CONFIG_H */
|
|
@ -2261,7 +2261,7 @@ exit:
|
||||||
/* Message digests */
|
/* Message digests */
|
||||||
/****************************************************************/
|
/****************************************************************/
|
||||||
|
|
||||||
#if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECDSA_DETERMINISTIC)
|
#if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
|
||||||
static const mbedtls_md_info_t *mbedtls_md_info_from_psa( psa_algorithm_t alg )
|
static const mbedtls_md_info_t *mbedtls_md_info_from_psa( psa_algorithm_t alg )
|
||||||
{
|
{
|
||||||
switch( alg )
|
switch( alg )
|
||||||
|
@ -2304,7 +2304,7 @@ static const mbedtls_md_info_t *mbedtls_md_info_from_psa( psa_algorithm_t alg )
|
||||||
return( NULL );
|
return( NULL );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#endif
|
#endif /* defined(MBEDTLS_RSA_C) || defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */
|
||||||
|
|
||||||
psa_status_t psa_hash_abort( psa_hash_operation_t *operation )
|
psa_status_t psa_hash_abort( psa_hash_operation_t *operation )
|
||||||
{
|
{
|
||||||
|
@ -3535,7 +3535,7 @@ static psa_status_t psa_rsa_verify( mbedtls_rsa_context *rsa,
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_RSA_C */
|
#endif /* MBEDTLS_RSA_C */
|
||||||
|
|
||||||
#if defined(MBEDTLS_ECDSA_C)
|
#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
|
||||||
/* `ecp` cannot be const because `ecp->grp` needs to be non-const
|
/* `ecp` cannot be const because `ecp->grp` needs to be non-const
|
||||||
* for mbedtls_ecdsa_sign() and mbedtls_ecdsa_sign_det()
|
* for mbedtls_ecdsa_sign() and mbedtls_ecdsa_sign_det()
|
||||||
* (even though these functions don't modify it). */
|
* (even though these functions don't modify it). */
|
||||||
|
@ -3559,7 +3559,7 @@ static psa_status_t psa_ecdsa_sign( mbedtls_ecp_keypair *ecp,
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
|
#if defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
|
||||||
if( PSA_ALG_DSA_IS_DETERMINISTIC( alg ) )
|
if( PSA_ALG_DSA_IS_DETERMINISTIC( alg ) )
|
||||||
{
|
{
|
||||||
psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg );
|
psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg );
|
||||||
|
@ -3572,7 +3572,7 @@ static psa_status_t psa_ecdsa_sign( mbedtls_ecp_keypair *ecp,
|
||||||
&global_data.ctr_drbg ) );
|
&global_data.ctr_drbg ) );
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
|
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */
|
||||||
{
|
{
|
||||||
(void) alg;
|
(void) alg;
|
||||||
MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign( &ecp->grp, &r, &s, &ecp->d,
|
MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign( &ecp->grp, &r, &s, &ecp->d,
|
||||||
|
@ -3634,7 +3634,7 @@ cleanup:
|
||||||
mbedtls_mpi_free( &s );
|
mbedtls_mpi_free( &s );
|
||||||
return( mbedtls_to_psa_error( ret ) );
|
return( mbedtls_to_psa_error( ret ) );
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_ECDSA_C */
|
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA */
|
||||||
|
|
||||||
psa_status_t psa_sign_hash( psa_key_handle_t handle,
|
psa_status_t psa_sign_hash( psa_key_handle_t handle,
|
||||||
psa_algorithm_t alg,
|
psa_algorithm_t alg,
|
||||||
|
@ -3703,9 +3703,9 @@ psa_status_t psa_sign_hash( psa_key_handle_t handle,
|
||||||
#if defined(MBEDTLS_ECP_C)
|
#if defined(MBEDTLS_ECP_C)
|
||||||
if( PSA_KEY_TYPE_IS_ECC( slot->attr.type ) )
|
if( PSA_KEY_TYPE_IS_ECC( slot->attr.type ) )
|
||||||
{
|
{
|
||||||
#if defined(MBEDTLS_ECDSA_C)
|
#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA)
|
||||||
if(
|
if(
|
||||||
#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
|
#if defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
|
||||||
PSA_ALG_IS_ECDSA( alg )
|
PSA_ALG_IS_ECDSA( alg )
|
||||||
#else
|
#else
|
||||||
PSA_ALG_IS_RANDOMIZED_ECDSA( alg )
|
PSA_ALG_IS_RANDOMIZED_ECDSA( alg )
|
||||||
|
@ -3728,7 +3728,7 @@ psa_status_t psa_sign_hash( psa_key_handle_t handle,
|
||||||
mbedtls_free( ecp );
|
mbedtls_free( ecp );
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
#endif /* defined(MBEDTLS_ECDSA_C) */
|
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) */
|
||||||
{
|
{
|
||||||
status = PSA_ERROR_INVALID_ARGUMENT;
|
status = PSA_ERROR_INVALID_ARGUMENT;
|
||||||
}
|
}
|
||||||
|
@ -3804,7 +3804,7 @@ psa_status_t psa_verify_hash( psa_key_handle_t handle,
|
||||||
#if defined(MBEDTLS_ECP_C)
|
#if defined(MBEDTLS_ECP_C)
|
||||||
if( PSA_KEY_TYPE_IS_ECC( slot->attr.type ) )
|
if( PSA_KEY_TYPE_IS_ECC( slot->attr.type ) )
|
||||||
{
|
{
|
||||||
#if defined(MBEDTLS_ECDSA_C)
|
#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
|
||||||
if( PSA_ALG_IS_ECDSA( alg ) )
|
if( PSA_ALG_IS_ECDSA( alg ) )
|
||||||
{
|
{
|
||||||
mbedtls_ecp_keypair *ecp = NULL;
|
mbedtls_ecp_keypair *ecp = NULL;
|
||||||
|
@ -3822,7 +3822,7 @@ psa_status_t psa_verify_hash( psa_key_handle_t handle,
|
||||||
return( status );
|
return( status );
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
#endif /* defined(MBEDTLS_ECDSA_C) */
|
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */
|
||||||
{
|
{
|
||||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||||
}
|
}
|
||||||
|
|
|
@ -617,7 +617,7 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
|
||||||
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
||||||
default:
|
default:
|
||||||
/* Key is declared with a lifetime not known to us */
|
/* Key is declared with a lifetime not known to us */
|
||||||
return( PSA_ERROR_BAD_STATE );
|
return( PSA_ERROR_NOT_SUPPORTED );
|
||||||
}
|
}
|
||||||
#else /* PSA_CRYPTO_DRIVER_PRESENT */
|
#else /* PSA_CRYPTO_DRIVER_PRESENT */
|
||||||
(void)slot;
|
(void)slot;
|
||||||
|
@ -698,7 +698,7 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
|
||||||
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
||||||
default:
|
default:
|
||||||
/* Key is declared with a lifetime not known to us */
|
/* Key is declared with a lifetime not known to us */
|
||||||
return( PSA_ERROR_BAD_STATE );
|
return( PSA_ERROR_NOT_SUPPORTED );
|
||||||
}
|
}
|
||||||
#else /* PSA_CRYPTO_DRIVER_PRESENT */
|
#else /* PSA_CRYPTO_DRIVER_PRESENT */
|
||||||
(void)slot;
|
(void)slot;
|
||||||
|
|
|
@ -576,6 +576,9 @@ static const char * const features[] = {
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
"MBEDTLS_USE_PSA_CRYPTO",
|
"MBEDTLS_USE_PSA_CRYPTO",
|
||||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||||
|
#if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
|
||||||
|
"MBEDTLS_PSA_CRYPTO_CONFIG",
|
||||||
|
#endif /* MBEDTLS_PSA_CRYPTO_CONFIG */
|
||||||
#if defined(MBEDTLS_VERSION_FEATURES)
|
#if defined(MBEDTLS_VERSION_FEATURES)
|
||||||
"MBEDTLS_VERSION_FEATURES",
|
"MBEDTLS_VERSION_FEATURES",
|
||||||
#endif /* MBEDTLS_VERSION_FEATURES */
|
#endif /* MBEDTLS_VERSION_FEATURES */
|
||||||
|
|
|
@ -1592,6 +1592,14 @@ int query_config( const char *config )
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
|
||||||
|
if( strcmp( "MBEDTLS_PSA_CRYPTO_CONFIG", config ) == 0 )
|
||||||
|
{
|
||||||
|
MACRO_EXPANSION_TO_STR( MBEDTLS_PSA_CRYPTO_CONFIG );
|
||||||
|
return( 0 );
|
||||||
|
}
|
||||||
|
#endif /* MBEDTLS_PSA_CRYPTO_CONFIG */
|
||||||
|
|
||||||
#if defined(MBEDTLS_VERSION_FEATURES)
|
#if defined(MBEDTLS_VERSION_FEATURES)
|
||||||
if( strcmp( "MBEDTLS_VERSION_FEATURES", config ) == 0 )
|
if( strcmp( "MBEDTLS_VERSION_FEATURES", config ) == 0 )
|
||||||
{
|
{
|
||||||
|
|
|
@ -184,6 +184,7 @@ EXCLUDE_FROM_FULL = frozenset([
|
||||||
'MBEDTLS_NO_UDBL_DIVISION', # influences anything that uses bignum
|
'MBEDTLS_NO_UDBL_DIVISION', # influences anything that uses bignum
|
||||||
'MBEDTLS_PKCS11_C', # build dependency (libpkcs11-helper)
|
'MBEDTLS_PKCS11_C', # build dependency (libpkcs11-helper)
|
||||||
'MBEDTLS_PLATFORM_NO_STD_FUNCTIONS', # removes a feature
|
'MBEDTLS_PLATFORM_NO_STD_FUNCTIONS', # removes a feature
|
||||||
|
'MBEDTLS_PSA_CRYPTO_CONFIG', # toggles old/new style PSA config
|
||||||
'MBEDTLS_PSA_CRYPTO_SPM', # platform dependency (PSA SPM)
|
'MBEDTLS_PSA_CRYPTO_SPM', # platform dependency (PSA SPM)
|
||||||
'MBEDTLS_PSA_INJECT_ENTROPY', # build dependency (hook functions)
|
'MBEDTLS_PSA_INJECT_ENTROPY', # build dependency (hook functions)
|
||||||
'MBEDTLS_REMOVE_3DES_CIPHERSUITES', # removes a feature
|
'MBEDTLS_REMOVE_3DES_CIPHERSUITES', # removes a feature
|
||||||
|
|
|
@ -1290,6 +1290,51 @@ component_test_no_use_psa_crypto_full_cmake_asan() {
|
||||||
if_build_succeeded env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
|
if_build_succeeded env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
|
||||||
}
|
}
|
||||||
|
|
||||||
|
component_test_psa_crypto_config_basic() {
|
||||||
|
# full plus MBEDTLS_PSA_CRYPTO_CONFIG
|
||||||
|
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG"
|
||||||
|
scripts/config.py full
|
||||||
|
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
|
||||||
|
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
|
||||||
|
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
||||||
|
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
|
||||||
|
make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
|
||||||
|
|
||||||
|
msg "test: full + MBEDTLS_PSA_CRYPTO_CONFIG"
|
||||||
|
make test
|
||||||
|
}
|
||||||
|
|
||||||
|
component_test_psa_crypto_config_no_driver() {
|
||||||
|
# full plus MBEDTLS_PSA_CRYPTO_CONFIG
|
||||||
|
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG minus MBEDTLS_PSA_CRYPTO_DRIVERS"
|
||||||
|
scripts/config.py full
|
||||||
|
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
|
||||||
|
scripts/config.py unset MBEDTLS_PSA_CRYPTO_DRIVERS
|
||||||
|
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
||||||
|
make CC=gcc CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS"
|
||||||
|
|
||||||
|
msg "test: full + MBEDTLS_PSA_CRYPTO_CONFIG minus MBEDTLS_PSA_CRYPTO_DRIVERS"
|
||||||
|
make test
|
||||||
|
}
|
||||||
|
|
||||||
|
# This should be renamed to test and updated once the accelerator ECDSA code is in place and ready to test.
|
||||||
|
component_build_psa_want_ecdsa_disabled_software() {
|
||||||
|
# full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_ECDSA
|
||||||
|
# without MBEDTLS_ECDSA_C
|
||||||
|
# PSA_WANT_ALG_ECDSA and PSA_WANT_ALG_DETERMINISTIC_ECDSA are already
|
||||||
|
# set in include/psa/crypto_config.h
|
||||||
|
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_ECDSA without MBEDTLS_ECDSA_C"
|
||||||
|
scripts/config.py full
|
||||||
|
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
|
||||||
|
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
|
||||||
|
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
||||||
|
scripts/config.py unset MBEDTLS_ECDSA_C
|
||||||
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
|
||||||
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
||||||
|
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
|
||||||
|
make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_ECDSA -DMBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
|
||||||
|
}
|
||||||
|
|
||||||
component_test_check_params_functionality () {
|
component_test_check_params_functionality () {
|
||||||
msg "build+test: MBEDTLS_CHECK_PARAMS functionality"
|
msg "build+test: MBEDTLS_CHECK_PARAMS functionality"
|
||||||
scripts/config.py full # includes CHECK_PARAMS
|
scripts/config.py full # includes CHECK_PARAMS
|
||||||
|
|
|
@ -30,4 +30,10 @@ sed -n -e 's/.*#define \([a-zA-Z0-9_]*\).*/\1/p' $HEADERS \
|
||||||
| egrep -v '^(asm|inline|EMIT|_CRT_SECURE_NO_DEPRECATE)$|^MULADDC_' \
|
| egrep -v '^(asm|inline|EMIT|_CRT_SECURE_NO_DEPRECATE)$|^MULADDC_' \
|
||||||
| sort -u > macros
|
| sort -u > macros
|
||||||
|
|
||||||
|
# For include/mbedtls/config_psa.h need to ignore the MBEDTLS_xxx define
|
||||||
|
# in that file since they may not be defined in include/psa/crypto_config.h
|
||||||
|
# This line renames the potentially missing defines to ones that should
|
||||||
|
# be present.
|
||||||
|
sed -ne 's/^MBEDTLS_PSA_BUILTIN_/MBEDTLS_PSA_ACCEL_/p' <macros >>macros
|
||||||
|
|
||||||
wc -l macros
|
wc -l macros
|
||||||
|
|
|
@ -262,6 +262,8 @@ cleanup:
|
||||||
(void) alg;
|
(void) alg;
|
||||||
(void) hash;
|
(void) hash;
|
||||||
(void) hash_length;
|
(void) hash_length;
|
||||||
|
(void) signature;
|
||||||
|
(void) signature_length;
|
||||||
#endif /* defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \
|
#endif /* defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \
|
||||||
defined(MBEDTLS_SHA256_C) */
|
defined(MBEDTLS_SHA256_C) */
|
||||||
|
|
||||||
|
|
|
@ -162,6 +162,7 @@
|
||||||
<ClInclude Include="..\..\include\mbedtls\cmac.h" />
|
<ClInclude Include="..\..\include\mbedtls\cmac.h" />
|
||||||
<ClInclude Include="..\..\include\mbedtls\compat-1.3.h" />
|
<ClInclude Include="..\..\include\mbedtls\compat-1.3.h" />
|
||||||
<ClInclude Include="..\..\include\mbedtls\config.h" />
|
<ClInclude Include="..\..\include\mbedtls\config.h" />
|
||||||
|
<ClInclude Include="..\..\include\mbedtls\config_psa.h" />
|
||||||
<ClInclude Include="..\..\include\mbedtls\ctr_drbg.h" />
|
<ClInclude Include="..\..\include\mbedtls\ctr_drbg.h" />
|
||||||
<ClInclude Include="..\..\include\mbedtls\debug.h" />
|
<ClInclude Include="..\..\include\mbedtls\debug.h" />
|
||||||
<ClInclude Include="..\..\include\mbedtls\des.h" />
|
<ClInclude Include="..\..\include\mbedtls\des.h" />
|
||||||
|
@ -223,6 +224,7 @@
|
||||||
<ClInclude Include="..\..\include\psa\crypto.h" />
|
<ClInclude Include="..\..\include\psa\crypto.h" />
|
||||||
<ClInclude Include="..\..\include\psa\crypto_accel_driver.h" />
|
<ClInclude Include="..\..\include\psa\crypto_accel_driver.h" />
|
||||||
<ClInclude Include="..\..\include\psa\crypto_compat.h" />
|
<ClInclude Include="..\..\include\psa\crypto_compat.h" />
|
||||||
|
<ClInclude Include="..\..\include\psa\crypto_config.h" />
|
||||||
<ClInclude Include="..\..\include\psa\crypto_driver_common.h" />
|
<ClInclude Include="..\..\include\psa\crypto_driver_common.h" />
|
||||||
<ClInclude Include="..\..\include\psa\crypto_entropy_driver.h" />
|
<ClInclude Include="..\..\include\psa\crypto_entropy_driver.h" />
|
||||||
<ClInclude Include="..\..\include\psa\crypto_extra.h" />
|
<ClInclude Include="..\..\include\psa\crypto_extra.h" />
|
||||||
|
|
Loading…
Reference in a new issue