Detailed architecture of symbol definitions and header inclusion

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2020-09-21 20:08:51 +02:00
parent a0a210fc1b
commit 95434380e1

View file

@ -5,7 +5,7 @@ This document is a proposed interface for deciding at build time which cryptogra
This is currently a proposal for Mbed TLS. It is not currently on track for standardization in PSA.
Time-stamp: "2020/09/07 08:27:32 GMT"
Time-stamp: "2020/09/21 18:07:09 GMT"
## Introduction
@ -109,7 +109,30 @@ These symbols are not part of the public interface of Mbed TLS towards applicati
#### Definition of internal inclusion symbols
The header file `mbedtls/config.h` needs to define all the `MBEDTLS_xxx_C` configuration symbols, including the ones deduced from the PSA crypto configuration. It does this by including the new header file **`mbedtls/config_psa.h`**, which defines the `MBEDTLS_PSA_BUILTIN_xxx` symbols and deduces the corresponding `MBEDTLS_xxx_C` (and other) symbols.
When `MBEDTLS_PSA_CRYPTO_CONFIG` is set, the header file `mbedtls/config.h` needs to define all the `MBEDTLS_xxx_C` configuration symbols, including the ones deduced from the PSA crypto configuration. It does this by including the new header file **`mbedtls/config_psa.h`**, which defines the `MBEDTLS_PSA_BUILTIN_xxx` symbols and deduces the corresponding `MBEDTLS_xxx_C` (and other) symbols.
When `MBEDTLS_PSA_CRYPTO_CONFIG` is not set, the configuration of Mbed TLS works as before, and the inclusion of non-PSA code only depends on `MBEDTLS_xxx` symbols defined (or not) in `mbedtls/config.h`. In this case, `mbedtls/config_psa.h` is only needed to build the PSA parts of the library, including `psa/crypto_struct.h`. Therefore, * `psa/crypto_struct.h` needs to include `mbedtls/config_psa.h`.
`mbedtls/config_psa.h` includes two header files:
* `psa/crypto_config.h` is the user-editable file that defines application requirements. It is only included when `MBEDTLS_PSA_CRYPTO_CONFIG` is set.
* `mbedtls/crypto_drivers.h` is a header file generated by the transpilation of the driver descriptions. It defines `MBEDTLS_PSA_ACCEL_xxx` symbols according to the availability of transparent drivers without fallback.
The following table summarized where symbols are defined depending on the configuration mode.
* (U) indicates a symbol that is defined by the user (application).
* (D) indicates a symbol that is deduced from other symbols by code that ships with Mbed TLS.
* (G) indicates a symbol that is generated from driver descriptions.
------------------------------------------------------------------------------------------------
Symbols With `MBEDTLS_PSA_CRYPTO_CONFIG` Without `MBEDTLS_PSA_CRYPTO_CONFIG`
------------------------- -------------------------------- -----------------------------------
`MBEDTLS_xxx_C` `mbedtls/config.h` (U) or `mbedtls/config.h` (U)
`mbedtls/config_psa.h` (D)
`PSA_WANT_xxx` `psa/crypto_config.h` (U) N/A
`MBEDTLS_PSA_BUILTIN_xxx` `mbedtls/config_psa.h` (D) `mbedtls/config_psa.h` (D)
`MBEDTLS_PSA_ACCEL_xxx` `mbedtls/crypto_drivers` (G) N/A
------------------------------------------------------------------------------------------------
#### Visibility of internal symbols