From 484ee33c359b6a8fe8b53009355842b0efd3c023 Mon Sep 17 00:00:00 2001 From: Jaeden Amero Date: Thu, 25 Oct 2018 17:38:05 +0100 Subject: [PATCH] psa: Add PSA Crypto configuration Add an option that can enable the exposure of PSA Crypto APIs from libmbedcrypto. --- include/mbedtls/check_config.h | 6 ++++++ include/mbedtls/config.h | 19 +++++++++++++++++++ library/version_features.c | 3 +++ scripts/config.pl | 2 ++ 4 files changed, 30 insertions(+) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 425e3ea58..a41277f8d 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -496,6 +496,12 @@ #error "MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO and MBEDTLS_PLATFORM_STD_NV_SEED_WRITE cannot be defined simultaneously" #endif +#if defined(MBEDTLS_PSA_CRYPTO_C) && \ + !( defined(MBEDTLS_CTR_DRBG_C) && \ + defined(MBEDTLS_ENTROPY_C) ) +#error "MBEDTLS_PSA_CRYPTO_C defined, but not all prerequisites" +#endif + #if defined(MBEDTLS_RSA_C) && ( !defined(MBEDTLS_BIGNUM_C) || \ !defined(MBEDTLS_OID_C) ) #error "MBEDTLS_RSA_C defined, but not all prerequisites" diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 16ed503ca..0242bd8ca 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -2590,6 +2590,25 @@ */ #define MBEDTLS_POLY1305_C +/** + * \def MBEDTLS_PSA_CRYPTO_C + * + * Enable the Platform Security Architecture cryptography API. + * + * \note This option only has an effect when the build option + * USE_CRYPTO_SUBMODULE is also in use. + * + * \warning This feature is experimental and available on an opt-in basis only. + * PSA APIs are subject to change at any time. The implementation comes with + * less assurance and support than the rest of Mbed TLS. + * + * Module: crypto/library/psa_crypto.c + * + * Requires: MBEDTLS_CTR_DRBG_C, MBEDTLS_ENTROPY_C + * + */ +//#define MBEDTLS_PSA_CRYPTO_C + /** * \def MBEDTLS_RIPEMD160_C * diff --git a/library/version_features.c b/library/version_features.c index f1798a7ff..53cf0a52c 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -681,6 +681,9 @@ static const char *features[] = { #if defined(MBEDTLS_POLY1305_C) "MBEDTLS_POLY1305_C", #endif /* MBEDTLS_POLY1305_C */ +#if defined(MBEDTLS_PSA_CRYPTO_C) + "MBEDTLS_PSA_CRYPTO_C", +#endif /* MBEDTLS_PSA_CRYPTO_C */ #if defined(MBEDTLS_RIPEMD160_C) "MBEDTLS_RIPEMD160_C", #endif /* MBEDTLS_RIPEMD160_C */ diff --git a/scripts/config.pl b/scripts/config.pl index 3d2884cc9..085fc2c46 100755 --- a/scripts/config.pl +++ b/scripts/config.pl @@ -28,6 +28,7 @@ # MBEDTLS_ECP_DP_M511_ENABLED # MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES # MBEDTLS_NO_PLATFORM_ENTROPY +# MBEDTLS_PSA_CRYPTO_C # MBEDTLS_REMOVE_ARC4_CIPHERSUITES # MBEDTLS_SSL_HW_RECORD_ACCEL # MBEDTLS_RSA_NO_CRT @@ -87,6 +88,7 @@ MBEDTLS_ECP_DP_M383_ENABLED MBEDTLS_ECP_DP_M511_ENABLED MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES MBEDTLS_NO_PLATFORM_ENTROPY +MBEDTLS_PSA_CRYPTO_C MBEDTLS_RSA_NO_CRT MBEDTLS_REMOVE_ARC4_CIPHERSUITES MBEDTLS_SSL_HW_RECORD_ACCEL