Updates to PSA crypto library based on review comments
Moved new check_crypto_config.h file from include/psa to library directory and the file is now included from *.c instead of the crypto_config.h file. Fixed guards in PSA crypto library based on review comments for new PSA crypto config features. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
This commit is contained in:
John Durkop
parent
5cc8dfb404
commit
07cc04a8ad
8 changed files with 216 additions and 174 deletions
|
|
@ -40,13 +40,6 @@ extern "C" {
|
|||
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
|
||||
|
||||
#if defined(PSA_WANT_ALG_ECDSA)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_ECDSA 1
|
||||
#define MBEDTLS_ECDSA_C
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ALG_ECDSA */
|
||||
#endif /* PSA_WANT_ALG_ECDSA */
|
||||
|
||||
#if defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA 1
|
||||
|
|
@ -66,38 +59,26 @@ extern "C" {
|
|||
#endif /* !MBEDTLS_PSA_ACCEL_ALG_ECDH */
|
||||
#endif /* PSA_WANT_ALG_ECDH */
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY)
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY 1
|
||||
#define MBEDTLS_ECP_C
|
||||
#define MBEDTLS_BIGNUM_C
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY */
|
||||
#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR)
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR 1
|
||||
#define MBEDTLS_ECP_C
|
||||
#define MBEDTLS_BIGNUM_C
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR */
|
||||
#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR */
|
||||
|
||||
#if defined(PSA_WANT_ALG_HMAC)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ALG_HMAC)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
|
||||
#define MBEDTLS_MD_C
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ALG_HMAC */
|
||||
#endif /* PSA_WANT_ALG_HMAC */
|
||||
#if defined(PSA_WANT_ALG_ECDSA)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_ECDSA 1
|
||||
#define MBEDTLS_ECDSA_C
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ALG_ECDSA */
|
||||
#endif /* PSA_WANT_ALG_ECDSA */
|
||||
|
||||
#if defined(PSA_WANT_ALG_HKDF)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ALG_HKDF)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_HKDF 1
|
||||
#define MBEDTLS_HKDF_C
|
||||
#define MBEDTLS_MD_C
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ALG_HKDF */
|
||||
#endif /* PSA_WANT_ALG_HKDF */
|
||||
|
||||
#if defined(PSA_WANT_ALG_HMAC)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ALG_HMAC)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ALG_HMAC */
|
||||
#endif /* PSA_WANT_ALG_HMAC */
|
||||
|
||||
#if defined(PSA_WANT_ALG_RSA_OAEP)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP 1
|
||||
|
|
@ -105,19 +86,10 @@ extern "C" {
|
|||
#define MBEDTLS_BIGNUM_C
|
||||
#define MBEDTLS_OID_C
|
||||
#define MBEDTLS_PKCS1_V21
|
||||
#define MBEDTLS_MD_C
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP */
|
||||
#endif /* PSA_WANT_ALG_RSA_OAEP */
|
||||
|
||||
#if defined(PSA_WANT_ALG_RSA_PSS)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS 1
|
||||
#define MBEDTLS_RSA_C
|
||||
#define MBEDTLS_BIGNUM_C
|
||||
#define MBEDTLS_OID_C
|
||||
#define MBEDTLS_PKCS1_V21
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_PSS */
|
||||
#endif /* PSA_WANT_ALG_RSA_PSS */
|
||||
|
||||
#if defined(PSA_WANT_ALG_RSA_PKCS1V15_CRYPT)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT 1
|
||||
|
|
@ -135,9 +107,49 @@ extern "C" {
|
|||
#define MBEDTLS_BIGNUM_C
|
||||
#define MBEDTLS_OID_C
|
||||
#define MBEDTLS_PKCS1_V15
|
||||
#define MBEDTLS_MD_C
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN */
|
||||
#endif /* PSA_WANT_ALG_RSA_PKCS1V15_SIGN */
|
||||
|
||||
#if defined(PSA_WANT_ALG_RSA_PSS)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS 1
|
||||
#define MBEDTLS_RSA_C
|
||||
#define MBEDTLS_BIGNUM_C
|
||||
#define MBEDTLS_OID_C
|
||||
#define MBEDTLS_PKCS1_V21
|
||||
#define MBEDTLS_MD_C
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_PSS */
|
||||
#endif /* PSA_WANT_ALG_RSA_PSS */
|
||||
|
||||
#if defined(PSA_WANT_ALG_TLS12_PRF)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF */
|
||||
#endif /* PSA_WANT_ALG_TLS12_PRF */
|
||||
|
||||
#if defined(PSA_WANT_ALG_TLS12_PSK_TO_MS)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS 1
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS */
|
||||
#endif /* PSA_WANT_ALG_TLS12_PSK_TO_MS */
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR)
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR 1
|
||||
#define MBEDTLS_ECP_C
|
||||
#define MBEDTLS_BIGNUM_C
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR */
|
||||
#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR */
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY)
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY 1
|
||||
#define MBEDTLS_ECP_C
|
||||
#define MBEDTLS_BIGNUM_C
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY */
|
||||
#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR)
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR 1
|
||||
|
|
@ -145,6 +157,9 @@ extern "C" {
|
|||
#define MBEDTLS_BIGNUM_C
|
||||
#define MBEDTLS_OID_C
|
||||
#define MBEDTLS_GENPRIME
|
||||
#define MBEDTLS_PK_PARSE_C
|
||||
#define MBEDTLS_PK_WRITE_C
|
||||
#define MBEDTLS_PK_C
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR */
|
||||
#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR */
|
||||
|
||||
|
|
@ -154,7 +169,9 @@ extern "C" {
|
|||
#define MBEDTLS_RSA_C
|
||||
#define MBEDTLS_BIGNUM_C
|
||||
#define MBEDTLS_OID_C
|
||||
#define MBEDTLS_GENPRIME
|
||||
#define MBEDTLS_PK_PARSE_C
|
||||
#define MBEDTLS_PK_WRITE_C
|
||||
#define MBEDTLS_PK_C
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY */
|
||||
#endif /* PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY */
|
||||
|
||||
|
|
@ -164,6 +181,10 @@ extern "C" {
|
|||
* Ensure PSA_WANT_* defines are setup properly if MBEDTLS_PSA_CRYPTO_CONFIG
|
||||
* is not defined
|
||||
*/
|
||||
#if defined(MBEDTLS_ECDH_C)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_ECDH 1
|
||||
#endif /* MBEDTLS_ECDH_C */
|
||||
|
||||
#if defined(MBEDTLS_ECDSA_C)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_ECDSA 1
|
||||
|
||||
|
|
@ -174,24 +195,22 @@ extern "C" {
|
|||
|
||||
#endif /* MBEDTLS_ECDSA_C */
|
||||
|
||||
#if defined(MBEDTLS_ECDH_C)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_ECDH 1
|
||||
#endif /* MBEDTLS_ECDH_C */
|
||||
|
||||
#if defined(MBEDTLS_ECP_C)
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR 1
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY 1
|
||||
#endif /* MBEDTLS_ECP_C */
|
||||
|
||||
#if defined(MBEDTLS_MD_C)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
|
||||
#endif /* MBEDTLS_MD_C */
|
||||
|
||||
#if defined(MBEDTLS_HKDF_C)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_HKDF 1
|
||||
#endif /* MBEDTLS_HKDF_C */
|
||||
|
||||
#if defined(MBEDTLS_MD_C)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF 1
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS 1
|
||||
#endif /* MBEDTLS_MD_C */
|
||||
|
||||
#if defined(MBEDTLS_RSA_C)
|
||||
#if defined(MBEDTLS_PKCS1_V15)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT 1
|
||||
|
|
|
|||
|
|
@ -42,7 +42,12 @@
|
|||
#include "mbedtls/dhm.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECDH_C) || defined(PSA_WANT_ALG_ECDH)
|
||||
/* Adding guard for MBEDTLS_ECDSA_C to ensure no compile errors due
|
||||
* to guards also being in ssl_srv.c and ssl_cli.c. There is a gap
|
||||
* in functionality that access to ecdh_ctx structure is needed for
|
||||
* MBEDTLS_ECDSA_C which does not seem correct.
|
||||
*/
|
||||
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C)
|
||||
#include "mbedtls/ecdh.h"
|
||||
#endif
|
||||
|
||||
|
|
|
|||
|
|
@ -437,7 +437,12 @@ struct mbedtls_ssl_handshake_params
|
|||
#if defined(MBEDTLS_DHM_C)
|
||||
mbedtls_dhm_context dhm_ctx; /*!< DHM key exchange */
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECDH_C) || defined(PSA_WANT_ALG_ECDH)
|
||||
/* Adding guard for MBEDTLS_ECDSA_C to ensure no compile errors due
|
||||
* to guards also being in ssl_srv.c and ssl_cli.c. There is a gap
|
||||
* in functionality that access to ecdh_ctx structure is needed for
|
||||
* MBEDTLS_ECDSA_C which does not seem correct.
|
||||
*/
|
||||
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C)
|
||||
mbedtls_ecdh_context ecdh_ctx; /*!< ECDH key exchange */
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
|
|
@ -447,7 +452,7 @@ struct mbedtls_ssl_handshake_params
|
|||
unsigned char ecdh_psa_peerkey[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH];
|
||||
size_t ecdh_psa_peerkey_len;
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
#endif /* MBEDTLS_ECDH_C || PSA_WANT_ALG_ECDH */
|
||||
#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
mbedtls_ecjpake_context ecjpake_ctx; /*!< EC J-PAKE key exchange */
|
||||
|
|
|
|||
|
|
@ -1,67 +0,0 @@
|
|||
/**
|
||||
* \file check_crypto_config.h
|
||||
*
|
||||
* \brief Consistency checks for PSA configuration options
|
||||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
/*
|
||||
* It is recommended to include this file from your crypto_config.h
|
||||
* in order to catch dependency issues early.
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_CHECK_CRYPTO_CONFIG_H
|
||||
#define MBEDTLS_CHECK_CRYPTO_CONFIG_H
|
||||
|
||||
#if defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA) && \
|
||||
!( defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) || \
|
||||
defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) )
|
||||
#error "PSA_WANT_ALG_DETERMINISTIC_ECDSA defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(PSA_WANT_ALG_ECDSA) && \
|
||||
!( defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) || \
|
||||
defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) )
|
||||
#error "PSA_WANT_ALG_ECDSA defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(PSA_WANT_ALG_RSA_PKCS1V15_CRYPT) && \
|
||||
!( defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) || \
|
||||
defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) )
|
||||
#error "PSA_WANT_ALG_RSA_PKCS1V15_CRYPT defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN) && \
|
||||
!( defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) || \
|
||||
defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) )
|
||||
#error "PSA_WANT_ALG_RSA_PKCS1V15_SIGN defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(PSA_WANT_ALG_RSA_OAEP) && \
|
||||
!( defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) || \
|
||||
defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) )
|
||||
#error "PSA_WANT_ALG_RSA_OAEP defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(PSA_WANT_ALG_RSA_PSS) && \
|
||||
!( defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) || \
|
||||
defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) )
|
||||
#error "PSA_WANT_ALG_RSA_PSS defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#endif /* MBEDTLS_CHECK_CRYPTO_CONFIG_H */
|
||||
|
|
@ -50,20 +50,20 @@
|
|||
#ifndef PSA_CRYPTO_CONFIG_H
|
||||
#define PSA_CRYPTO_CONFIG_H
|
||||
|
||||
#define PSA_WANT_ALG_ECDSA 1
|
||||
#define PSA_WANT_ALG_DETERMINISTIC_ECDSA 1
|
||||
#define PSA_WANT_ALG_ECDH 1
|
||||
#define PSA_WANT_ALG_HMAC 1
|
||||
#define PSA_WANT_ALG_ECDSA 1
|
||||
#define PSA_WANT_ALG_HKDF 1
|
||||
#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR 1
|
||||
#define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1
|
||||
#define PSA_WANT_ALG_HMAC 1
|
||||
#define PSA_WANT_ALG_RSA_OAEP 1
|
||||
#define PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1
|
||||
#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1
|
||||
#define PSA_WANT_ALG_RSA_OAEP 1
|
||||
#define PSA_WANT_ALG_RSA_PSS 1
|
||||
#define PSA_WANT_ALG_TLS12_PRF 1
|
||||
#define PSA_WANT_ALG_TLS12_PSK_TO_MS 1
|
||||
#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR 1
|
||||
#define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1
|
||||
#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR 1
|
||||
#define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1
|
||||
|
||||
#include "psa/check_crypto_config.h"
|
||||
|
||||
#endif /* PSA_CRYPTO_CONFIG_H */
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue