Phase 2 support for MBEDTLS_PSA_CRYPTO_CONFIG

This phase adds in support for the following features being added to the list of features that can be configured in the include/psa/crypto_config.h header file using the PSA_WANT_ALG_xxx macros: ECDH, HMAC, HKDF, and RSA. These changes include changes to the PSA crypto library to use the appropriate new guards that will allow the feature to be compiled in or out either using new PSA_WANT_ALG_xxx or the previous MBEDTLS_xxx macros. For HKDF and HMAC, most of the PSA library code did not have a specific matching MBEDTLS_xxx macro for that feature, but was instead using the generic dependent MBEDTLS_MD_C macro. The ECDH and RSA features more closely aligned with a direct replacement with a similar macro. The new tests for RSA, HMAC, and HKDF would normally unset additional dependent macros, but when attempting to implement that level of testing it required removal of too many core features like MD_C, PK_C, ECP_C and other low level features. This may point to additional phases of work to complete the transition of these features to the new model. Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-10-29 21:37:36 -07:00 · 2020-10-29 21:37:36 -07:00 · d032195278
commit d032195278
parent a455e71588
4 changed files with 187 additions and 67 deletions
--- a/include/mbedtls/config_psa.h
+++ b/include/mbedtls/config_psa.h
@ -54,9 +54,42 @@ extern "C" {
 #define MBEDTLS_ECDSA_C
 #define MBEDTLS_HMAC_DRBG_C
 #define MBEDTLS_MD_C
-#endif /* MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA */
+#endif /* !MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA */
 #endif /* PSA_WANT_ALG_DETERMINISTIC_ECDSA */

+#if defined(PSA_WANT_ALG_ECDH)
+#if !defined(MBEDTLS_PSA_ACCEL_ALG_ECDH)
+#define MBEDTLS_PSA_BUILTIN_ALG_ECDH                    1
+#define MBEDTLS_ECDH_C
+#define MBEDTLS_ECP_C
+#define MBEDTLS_BIGNUM_C
+#endif /* !defined(MBEDTLS_PSA_ACCEL_ALG_ECDH) */
+#endif /* defined(PSA_WANT_ALG_ECDH) */
+
+#if defined(PSA_WANT_ALG_HMAC)
+#if !defined(MBEDTLS_PSA_ACCEL_ALG_HMAC)
+#define MBEDTLS_PSA_BUILTIN_ALG_HMAC                    1
+#define MBEDTLS_MD_C
+#endif /* !defined(MBEDTLS_PSA_ACCEL_ALG_HMAC) */
+#endif /* defined(PSA_WANT_ALG_HMAC) */
+
+#if defined(PSA_WANT_ALG_HKDF)
+#if !defined(MBEDTLS_PSA_ACCEL_ALG_HKDF)
+#define MBEDTLS_PSA_BUILTIN_ALG_HKDF                    1
+#define MBEDTLS_HKDF_C
+#define MBEDTLS_MD_C
+#endif /* !defined(MBEDTLS_PSA_ACCEL_ALG_HKDF) */
+#endif /* defined(PSA_WANT_ALG_HKDF) */
+
+#if defined(PSA_WANT_ALG_RSA)
+#if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA)
+#define MBEDTLS_PSA_BUILTIN_ALG_RSA
+#define MBEDTLS_RSA_C
+#define MBEDTLS_BIGNUM_C
+#define MBEDTLS_OID_C
+#endif /* !defined(MBEDTLS_PSA_ACCEL_ALG_RSA) */
+#endif /* defined(PSA_WANT_ALG_RSA) */
+
 #else /* MBEDTLS_PSA_CRYPTO_CONFIG */

 /*
@ -64,15 +97,31 @@ extern "C" {
 * is not defined
 */
 #if defined(MBEDTLS_ECDSA_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_ECDSA
+#define MBEDTLS_PSA_BUILTIN_ALG_ECDSA                   1

 // Only add in DETERMINISTIC support if ECDSA is also enabled
 #if defined(MBEDTLS_ECDSA_DETERMINISTIC)
-#define MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA
+#define MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA     1
 #endif /* MBEDTLS_ECDSA_DETERMINISTIC */

 #endif /* MBEDTLS_ECDSA_C */

+#if defined(MBEDTLS_ECDH_C)
+#define MBEDTLS_PSA_BUILTIN_ALG_ECDH                    1
+#endif /* MBEDTLS_ECDH_C */
+
+#if defined(MBEDTLS_MD_C)
+#define MBEDTLS_PSA_BUILTIN_ALG_HMAC                    1
+#endif /* MBEDTLS_MD_C */
+
+#if defined(MBEDTLS_HKDF_C)
+#define MBEDTLS_PSA_BUILTIN_ALG_HKDF                    1
+#endif /* MBEDTLS_HKDF_C */
+
+#ifdef MBEDTLS_RSA_C
+#define MBEDTLS_PSA_BUILTIN_ALG_RSA                     1
+#endif /* MBEDTLS_RSA_C */
+
 #endif /* MBEDTLS_PSA_CRYPTO_CONFIG */

 #ifdef __cplusplus