Change a few conditionals in the psa library to be based on the
MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES instead of the WANT macros. Future
additions of HW acceleration will need to be mindful of these
definitions if any of this code is needed in those instances.
Signed-off-by: David Brown <david.brown@linaro.org>
With the else branch commented out, both lines are unnecessary. We
could check for the invalid configuration in the future, once tests were
made to exclude this combination.
Signed-off-by: David Brown <david.brown@linaro.org>
There is no PSA ALG_ECB, only ALG_ECB_NO_PADDING. Fix one incorrect
declaration, and remove another that is just redundant.
Signed-off-by: David Brown <david.brown@linaro.org>
Only define MBEDTLS_CIPHER_MODE_CBC if one of the CBC modes is requested
and everything isn't covered by an accelerated version. This keeps this
from being defined in cases where everything needed would be
accelerated.
Signed-off-by: David Brown <david.brown@linaro.org>
When converting definitions to use the new PSA defines, one erroneously
was conditionalized on the WANT macro instead of on the BUILTIN macro.
Signed-off-by: David Brown <david.brown@linaro.org>
This reverts commit 4192e9a90c210005f6b558ec51c6a694c902b51d.
Converting conditional compliation for PSA configuration will come
later.
Signed-off-by: David Brown <david.brown@linaro.org>
Try to make these definitions clearer given the complexity of the
mapping between the PSA config options and the MBEDTLS ones.
Signed-off-by: David Brown <david.brown@linaro.org>
If any of the software block ciphers are selected, define an internal
macro to indicate this. This eliminates some redundancy that needs to
check for this.
Signed-off-by: David Brown <david.brown@linaro.org>
Add checks for PSA_WANT_KEY_TYPE_CHACHA20, both with and without
MBEDTLS_PSA_CRYPTO_CONFIG. This only adds support for the ciphers
itself, presumably as a stream cipher (and not yet AEAD).
Signed-off-by: David Brown <david.brown@linaro.org>
Even if there is an accelerated version of a (block) key type, enable
the SW implementation if there are block modes that don't have
acceleration.
Signed-off-by: David Brown <david.brown@linaro.org>
There are a few instances of MBEDTLS_*_C (specifically for DES) in
psa_crypto.c. Change to the PSA_WANT_KEY_TYPE_DES macros to reflect the
new PSA crypto config.
Signed-off-by: David Brown <david.brown@linaro.org>
Add additional ifdef checks in the PSA config to detect when an
algorithm is entirely implemented in hardware. If there is any
combination of cipher and padding type that is not supported by the HW
acceleration, enable the SW acceleration.
Signed-off-by: David Brown <david.brown@linaro.org>
Ensure that the builtin definitions are defined when selected by the
traditional configuration options.
Signed-off-by: David Brown <david.brown@linaro.org>
This file will always be used with the PSA configurations, so use the
MBEDTLS_PSA_BUILTIN... definitions for the symmetric cyphers.
Signed-off-by: David Brown <david.brown@linaro.org>
PSA defines CBC with no padding, and CBC with PKCS7 padding. The bare
"ALG_CBC" is not defined, so remove this definition.
Signed-off-by: David Brown <david.brown@linaro.org>
For the new features conditionalized on MBEDTLS_PSA_ACCEL_..., define a
correlated MBEDTLS_PSA_BUILTIN_... if it is not defined. This prevents
check_names from considering these new defines as typos.
Signed-off-by: David Brown <david.brown@linaro.org>
Add support for supported block modes using the PSA crypto config.
These are mapped to Mbed TLS config options as best as possible.
Signed-off-by: David Brown <david.brown@linaro.org>
Update the psa/crypto_config.h with the newly defined PSA_WANT_
definitions for symmetric ciphers and block modes.
Signed-off-by: David Brown <david.brown@linaro.org>
Use PSA_EXPORT_KEY_OUTPUT_SIZE macro to compute the
size of the buffer to contain the generated key
instead of computing it alongside the key type and
size validation.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Extend import/export/generate key through a PSA
transparent driver without software fallback
testing to RSA keys.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Now that the support for key generation in the transparent
test driver is at the same level as the support in the
Mbed TLS library, remove the restriction on the generate
key test case that was introduced by the work on key
import and export through the PSA driver interface.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Add a test in test_suite_psa_crypto_driver_wrappers that
when accelerators do not support the generation of a key
and there is no software fallback, the key generation
fails with the PSA_ERROR_NOT_SUPPORTED error code.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
