From 46119565607fed4149b804588629a80b39e91d8e Mon Sep 17 00:00:00 2001 From: Moran Peker Date: Tue, 20 Nov 2018 18:30:34 +0200 Subject: [PATCH] Add new MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C configuration option - update configuration requires - update check_config.h to include MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C - update con and config.h --- configs/config-psa-crypto.h | 17 ++++++++++++++++- include/mbedtls/check_config.h | 14 ++++++++++++-- include/mbedtls/config.h | 17 ++++++++++++++++- library/version_features.c | 3 +++ scripts/config.pl | 1 + 5 files changed, 48 insertions(+), 4 deletions(-) diff --git a/configs/config-psa-crypto.h b/configs/config-psa-crypto.h index 27e9ef1d6..f3a8b722f 100644 --- a/configs/config-psa-crypto.h +++ b/configs/config-psa-crypto.h @@ -1529,7 +1529,9 @@ * * Module: library/psa_crypto_storage.c * - * Requires: MBEDTLS_PSA_CRYPTO_C, MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C + * Requires: MBEDTLS_PSA_CRYPTO_C and one of either + * MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C or MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C + * (but not both) * */ #define MBEDTLS_PSA_CRYPTO_STORAGE_C @@ -1547,6 +1549,19 @@ */ #define MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C +/** + * \def MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C + * + * Enable persistent key storage over PSA ITS for the + * Platform Security Architecture cryptography API. + * + * Module: library/psa_crypto_storage_its.c + * + * Requires: MBEDTLS_PSA_CRYPTO_C, MBEDTLS_PSA_HAS_ITS_IO + * + */ +//#define MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C + /** * \def MBEDTLS_RIPEMD160_C * diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index f78e61bf1..21bede707 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -506,9 +506,14 @@ #error "MBEDTLS_PSA_CRYPTO_SPM defined, but not all prerequisites" #endif +#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C) && defined(MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C) +#error "Only one of MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C or MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C can be defined" +#endif + #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) && \ - !( defined(MBEDTLS_PSA_CRYPTO_C) && \ - defined(MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C) ) + !( defined(MBEDTLS_PSA_CRYPTO_C) && \ + ( defined(MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C) || \ + defined(MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C) ) ) #error "MBEDTLS_PSA_CRYPTO_STORAGE_C defined, but not all prerequisites" #endif @@ -518,6 +523,11 @@ #error "MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C defined, but not all prerequisites" #endif +#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C) && \ + ! defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) +#error "MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C defined, but not all prerequisites" +#endif + #if defined(MBEDTLS_RSA_C) && ( !defined(MBEDTLS_BIGNUM_C) || \ !defined(MBEDTLS_OID_C) ) #error "MBEDTLS_RSA_C defined, but not all prerequisites" diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 2190ac519..b2a9a2e10 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -2623,7 +2623,9 @@ * * Module: library/psa_crypto_storage.c * - * Requires: MBEDTLS_PSA_CRYPTO_C, MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C + * Requires: MBEDTLS_PSA_CRYPTO_C and one of either + * MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C or MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C + * (but not both) * */ #define MBEDTLS_PSA_CRYPTO_STORAGE_C @@ -2641,6 +2643,19 @@ */ #define MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C +/** + * \def MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C + * + * Enable persistent key storage over PSA ITS for the + * Platform Security Architecture cryptography API. + * + * Module: library/psa_crypto_storage_its.c + * + * Requires: MBEDTLS_PSA_CRYPTO_C, MBEDTLS_PSA_HAS_ITS_IO + * + */ +//#define MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C + /** * \def MBEDTLS_RIPEMD160_C * diff --git a/library/version_features.c b/library/version_features.c index 7ef899717..00652f1e4 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -693,6 +693,9 @@ static const char *features[] = { #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C) "MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C", #endif /* MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C */ +#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C) + "MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C", +#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C */ #if defined(MBEDTLS_RIPEMD160_C) "MBEDTLS_RIPEMD160_C", #endif /* MBEDTLS_RIPEMD160_C */ diff --git a/scripts/config.pl b/scripts/config.pl index 69c6d5fce..81bb8950d 100755 --- a/scripts/config.pl +++ b/scripts/config.pl @@ -118,6 +118,7 @@ MBEDTLS_PLATFORM_TIME_ALT MBEDTLS_PLATFORM_FPRINTF_ALT MBEDTLS_PSA_CRYPTO_STORAGE_C MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C +MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C ); # Things that should be enabled in "full" even if they match @excluded