From c690523d2b443694766117d1294653b0e88cad2c Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Tue, 5 Feb 2019 05:23:41 -0500 Subject: [PATCH] Merge PSA config and check-config changes Introduce MBEDTLS_PSA_HAS_ITS_IO, MBEDTLS_PSA_CRYPTO_SPM, MBEDTLS_PSA_CRYPTO_STORAGE_C, MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C, MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C. Disable crypto storage by default. --- include/mbedtls/check_config.h | 26 ++++++++++++++ include/mbedtls/config.h | 64 ++++++++++++++++++++++++++++++++++ 2 files changed, 90 insertions(+) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 6cf117d4d..3d47899c7 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -512,6 +512,32 @@ #error "MBEDTLS_PSA_CRYPTO_C defined, but not all prerequisites" #endif +#if defined(MBEDTLS_PSA_CRYPTO_SPM) && !defined(MBEDTLS_PSA_CRYPTO_C) +#error "MBEDTLS_PSA_CRYPTO_SPM defined, but not all prerequisites" +#endif + +#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C) && defined(MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C) +#error "Only one of MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C or MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C can be defined" +#endif + +#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) && \ + !( defined(MBEDTLS_PSA_CRYPTO_C) && \ + ( defined(MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C) || \ + defined(MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C) ) ) +#error "MBEDTLS_PSA_CRYPTO_STORAGE_C defined, but not all prerequisites" +#endif + +#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C) && \ + !( defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) && \ + defined(MBEDTLS_FS_IO) ) +#error "MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C defined, but not all prerequisites" +#endif + +#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C) && \ + ! defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) +#error "MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C defined, but not all prerequisites" +#endif + #if defined(MBEDTLS_RSA_C) && ( !defined(MBEDTLS_BIGNUM_C) || \ !defined(MBEDTLS_OID_C) ) #error "MBEDTLS_RSA_C defined, but not all prerequisites" diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index fab010793..e6abf24d5 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1202,6 +1202,30 @@ */ #define MBEDTLS_PKCS1_V21 +/** + * \def MBEDTLS_PSA_CRYPTO_SPM + * + * When MBEDTLS_PSA_CRYPTO_SPM is defined, the code is built for SPM (Secure + * Partition Manager) integration which separates the code into two parts: a + * NSPE (Non-Secure Process Environment) and an SPE (Secure Process + * Environment). + * + * Module: library/psa_crypto.c + * Requires: MBEDTLS_PSA_CRYPTO_C + * + */ +//#define MBEDTLS_PSA_CRYPTO_SPM + +/** + * \def MBEDTLS_PSA_HAS_ITS_IO + * + * Enable the non-volatile secure storage usage. + * + * This is crucial on systems that do not have a HW TRNG support. + * + */ +//#define MBEDTLS_PSA_HAS_ITS_IO + /** * \def MBEDTLS_RSA_NO_CRT * @@ -2670,6 +2694,46 @@ */ //#define MBEDTLS_PSA_CRYPTO_C +/** + * \def MBEDTLS_PSA_CRYPTO_STORAGE_C + * + * Enable the Platform Security Architecture persistent key storage. + * + * Module: library/psa_crypto_storage.c + * + * Requires: MBEDTLS_PSA_CRYPTO_C and one of either + * MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C or MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C + * (but not both) + * + */ +//#define MBEDTLS_PSA_CRYPTO_STORAGE_C + +/** + * \def MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C + * + * Enable persistent key storage over files for the + * Platform Security Architecture cryptography API. + * + * Module: library/psa_crypto_storage_file.c + * + * Requires: MBEDTLS_PSA_CRYPTO_C, MBEDTLS_FS_IO + * + */ +//#define MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C + +/** + * \def MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C + * + * Enable persistent key storage over PSA ITS for the + * Platform Security Architecture cryptography API. + * + * Module: library/psa_crypto_storage_its.c + * + * Requires: MBEDTLS_PSA_CRYPTO_C, MBEDTLS_PSA_HAS_ITS_IO + * + */ +//#define MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C + /** * \def MBEDTLS_RIPEMD160_C *