Merge pull request #4673 from gilles-peskine-arm/psa_crypto_spm-from_platform_h
Fix and test the MBEDTLS_PSA_CRYPTO_SPM build
This commit is contained in:
commit
3698fa1043
4
ChangeLog.d/spm_build.txt
Normal file
4
ChangeLog.d/spm_build.txt
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
Bugfix
|
||||||
|
* When MBEDTLS_PSA_CRYPTO_SPM is enabled, crypto_spe.h was not included
|
||||||
|
in all the right places. Include it from crypto_platform.h, which is
|
||||||
|
the natural place. Fixes #4649.
|
@ -82,6 +82,18 @@ static inline int mbedtls_key_owner_id_equal( mbedtls_key_owner_id_t id1,
|
|||||||
|
|
||||||
#endif /* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */
|
#endif /* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */
|
||||||
|
|
||||||
|
/*
|
||||||
|
* When MBEDTLS_PSA_CRYPTO_SPM is defined, the code is being built for SPM
|
||||||
|
* (Secure Partition Manager) integration which separates the code into two
|
||||||
|
* parts: NSPE (Non-Secure Processing Environment) and SPE (Secure Processing
|
||||||
|
* Environment). When building for the SPE, an additional header file should be
|
||||||
|
* included.
|
||||||
|
*/
|
||||||
|
#if defined(MBEDTLS_PSA_CRYPTO_SPM)
|
||||||
|
#define PSA_CRYPTO_SECURE 1
|
||||||
|
#include "crypto_spe.h"
|
||||||
|
#endif // MBEDTLS_PSA_CRYPTO_SPM
|
||||||
|
|
||||||
#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
|
#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
|
||||||
/** The type of the context passed to mbedtls_psa_external_get_random().
|
/** The type of the context passed to mbedtls_psa_external_get_random().
|
||||||
*
|
*
|
||||||
|
@ -26,7 +26,6 @@
|
|||||||
#include "check_crypto_config.h"
|
#include "check_crypto_config.h"
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#include "psa_crypto_service_integration.h"
|
|
||||||
#include "psa/crypto.h"
|
#include "psa/crypto.h"
|
||||||
|
|
||||||
#include "psa_crypto_cipher.h"
|
#include "psa_crypto_cipher.h"
|
||||||
|
@ -19,7 +19,6 @@
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
#include "common.h"
|
#include "common.h"
|
||||||
#include "psa_crypto_service_integration.h"
|
|
||||||
#include "psa/crypto.h"
|
#include "psa/crypto.h"
|
||||||
|
|
||||||
#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
|
#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
|
||||||
|
@ -1,39 +0,0 @@
|
|||||||
/*
|
|
||||||
* Copyright The Mbed TLS Contributors
|
|
||||||
* SPDX-License-Identifier: Apache-2.0
|
|
||||||
*
|
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
||||||
* not use this file except in compliance with the License.
|
|
||||||
* You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing, software
|
|
||||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
* See the License for the specific language governing permissions and
|
|
||||||
* limitations under the License.
|
|
||||||
*/
|
|
||||||
|
|
||||||
#ifndef PSA_CRYPTO_SERVICE_INTEGRATION_H
|
|
||||||
#define PSA_CRYPTO_SERVICE_INTEGRATION_H
|
|
||||||
|
|
||||||
/*
|
|
||||||
* When MBEDTLS_PSA_CRYPTO_SPM is defined, the code is being built for SPM
|
|
||||||
* (Secure Partition Manager) integration which separates the code into two
|
|
||||||
* parts: NSPE (Non-Secure Processing Environment) and SPE (Secure Processing
|
|
||||||
* Environment). When building for the SPE, an additional header file should be
|
|
||||||
* included.
|
|
||||||
*/
|
|
||||||
#if defined(MBEDTLS_PSA_CRYPTO_SPM)
|
|
||||||
/*
|
|
||||||
* PSA_CRYPTO_SECURE means that the file which included this file is being
|
|
||||||
* compiled for SPE. The files crypto_structs.h and crypto_types.h have
|
|
||||||
* different implementations for NSPE and SPE and are compiled according to this
|
|
||||||
* flag.
|
|
||||||
*/
|
|
||||||
#define PSA_CRYPTO_SECURE 1
|
|
||||||
#include "crypto_spe.h"
|
|
||||||
#endif // MBEDTLS_PSA_CRYPTO_SPM
|
|
||||||
|
|
||||||
#endif // PSA_CRYPTO_SERVICE_INTEGRATION_H
|
|
@ -22,7 +22,6 @@
|
|||||||
|
|
||||||
#if defined(MBEDTLS_PSA_CRYPTO_C)
|
#if defined(MBEDTLS_PSA_CRYPTO_C)
|
||||||
|
|
||||||
#include "psa_crypto_service_integration.h"
|
|
||||||
#include "psa/crypto.h"
|
#include "psa/crypto.h"
|
||||||
|
|
||||||
#include "psa_crypto_core.h"
|
#include "psa_crypto_core.h"
|
||||||
|
@ -25,7 +25,6 @@
|
|||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
|
|
||||||
#include "psa_crypto_service_integration.h"
|
|
||||||
#include "psa/crypto.h"
|
#include "psa/crypto.h"
|
||||||
#include "psa_crypto_storage.h"
|
#include "psa_crypto_storage.h"
|
||||||
#include "mbedtls/platform_util.h"
|
#include "mbedtls/platform_util.h"
|
||||||
|
132
tests/include/spe/crypto_spe.h
Normal file
132
tests/include/spe/crypto_spe.h
Normal file
@ -0,0 +1,132 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2019-2021, Arm Limited. All rights reserved.
|
||||||
|
*
|
||||||
|
* SPDX-License-Identifier: BSD-3-Clause
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
/**
|
||||||
|
* \file crypto_spe.h
|
||||||
|
*
|
||||||
|
* \brief When Mbed Crypto is built with the MBEDTLS_PSA_CRYPTO_SPM option
|
||||||
|
* enabled, this header is included by all .c files in Mbed Crypto that
|
||||||
|
* use PSA Crypto function names. This avoids duplication of symbols
|
||||||
|
* between TF-M and Mbed Crypto.
|
||||||
|
*
|
||||||
|
* \note This file should be included before including any PSA Crypto headers
|
||||||
|
* from Mbed Crypto.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#ifndef CRYPTO_SPE_H
|
||||||
|
#define CRYPTO_SPE_H
|
||||||
|
|
||||||
|
#define PSA_FUNCTION_NAME(x) mbedcrypto__ ## x
|
||||||
|
|
||||||
|
#define psa_crypto_init \
|
||||||
|
PSA_FUNCTION_NAME(psa_crypto_init)
|
||||||
|
#define psa_key_derivation_get_capacity \
|
||||||
|
PSA_FUNCTION_NAME(psa_key_derivation_get_capacity)
|
||||||
|
#define psa_key_derivation_set_capacity \
|
||||||
|
PSA_FUNCTION_NAME(psa_key_derivation_set_capacity)
|
||||||
|
#define psa_key_derivation_input_bytes \
|
||||||
|
PSA_FUNCTION_NAME(psa_key_derivation_input_bytes)
|
||||||
|
#define psa_key_derivation_output_bytes \
|
||||||
|
PSA_FUNCTION_NAME(psa_key_derivation_output_bytes)
|
||||||
|
#define psa_key_derivation_input_key \
|
||||||
|
PSA_FUNCTION_NAME(psa_key_derivation_input_key)
|
||||||
|
#define psa_key_derivation_output_key \
|
||||||
|
PSA_FUNCTION_NAME(psa_key_derivation_output_key)
|
||||||
|
#define psa_key_derivation_setup \
|
||||||
|
PSA_FUNCTION_NAME(psa_key_derivation_setup)
|
||||||
|
#define psa_key_derivation_abort \
|
||||||
|
PSA_FUNCTION_NAME(psa_key_derivation_abort)
|
||||||
|
#define psa_key_derivation_key_agreement \
|
||||||
|
PSA_FUNCTION_NAME(psa_key_derivation_key_agreement)
|
||||||
|
#define psa_raw_key_agreement \
|
||||||
|
PSA_FUNCTION_NAME(psa_raw_key_agreement)
|
||||||
|
#define psa_generate_random \
|
||||||
|
PSA_FUNCTION_NAME(psa_generate_random)
|
||||||
|
#define psa_aead_encrypt \
|
||||||
|
PSA_FUNCTION_NAME(psa_aead_encrypt)
|
||||||
|
#define psa_aead_decrypt \
|
||||||
|
PSA_FUNCTION_NAME(psa_aead_decrypt)
|
||||||
|
#define psa_open_key \
|
||||||
|
PSA_FUNCTION_NAME(psa_open_key)
|
||||||
|
#define psa_close_key \
|
||||||
|
PSA_FUNCTION_NAME(psa_close_key)
|
||||||
|
#define psa_import_key \
|
||||||
|
PSA_FUNCTION_NAME(psa_import_key)
|
||||||
|
#define psa_destroy_key \
|
||||||
|
PSA_FUNCTION_NAME(psa_destroy_key)
|
||||||
|
#define psa_get_key_attributes \
|
||||||
|
PSA_FUNCTION_NAME(psa_get_key_attributes)
|
||||||
|
#define psa_reset_key_attributes \
|
||||||
|
PSA_FUNCTION_NAME(psa_reset_key_attributes)
|
||||||
|
#define psa_export_key \
|
||||||
|
PSA_FUNCTION_NAME(psa_export_key)
|
||||||
|
#define psa_export_public_key \
|
||||||
|
PSA_FUNCTION_NAME(psa_export_public_key)
|
||||||
|
#define psa_purge_key \
|
||||||
|
PSA_FUNCTION_NAME(psa_purge_key)
|
||||||
|
#define psa_copy_key \
|
||||||
|
PSA_FUNCTION_NAME(psa_copy_key)
|
||||||
|
#define psa_cipher_operation_init \
|
||||||
|
PSA_FUNCTION_NAME(psa_cipher_operation_init)
|
||||||
|
#define psa_cipher_generate_iv \
|
||||||
|
PSA_FUNCTION_NAME(psa_cipher_generate_iv)
|
||||||
|
#define psa_cipher_set_iv \
|
||||||
|
PSA_FUNCTION_NAME(psa_cipher_set_iv)
|
||||||
|
#define psa_cipher_encrypt_setup \
|
||||||
|
PSA_FUNCTION_NAME(psa_cipher_encrypt_setup)
|
||||||
|
#define psa_cipher_decrypt_setup \
|
||||||
|
PSA_FUNCTION_NAME(psa_cipher_decrypt_setup)
|
||||||
|
#define psa_cipher_update \
|
||||||
|
PSA_FUNCTION_NAME(psa_cipher_update)
|
||||||
|
#define psa_cipher_finish \
|
||||||
|
PSA_FUNCTION_NAME(psa_cipher_finish)
|
||||||
|
#define psa_cipher_abort \
|
||||||
|
PSA_FUNCTION_NAME(psa_cipher_abort)
|
||||||
|
#define psa_hash_operation_init \
|
||||||
|
PSA_FUNCTION_NAME(psa_hash_operation_init)
|
||||||
|
#define psa_hash_setup \
|
||||||
|
PSA_FUNCTION_NAME(psa_hash_setup)
|
||||||
|
#define psa_hash_update \
|
||||||
|
PSA_FUNCTION_NAME(psa_hash_update)
|
||||||
|
#define psa_hash_finish \
|
||||||
|
PSA_FUNCTION_NAME(psa_hash_finish)
|
||||||
|
#define psa_hash_verify \
|
||||||
|
PSA_FUNCTION_NAME(psa_hash_verify)
|
||||||
|
#define psa_hash_abort \
|
||||||
|
PSA_FUNCTION_NAME(psa_hash_abort)
|
||||||
|
#define psa_hash_clone \
|
||||||
|
PSA_FUNCTION_NAME(psa_hash_clone)
|
||||||
|
#define psa_hash_compute \
|
||||||
|
PSA_FUNCTION_NAME(psa_hash_compute)
|
||||||
|
#define psa_hash_compare \
|
||||||
|
PSA_FUNCTION_NAME(psa_hash_compare)
|
||||||
|
#define psa_mac_operation_init \
|
||||||
|
PSA_FUNCTION_NAME(psa_mac_operation_init)
|
||||||
|
#define psa_mac_sign_setup \
|
||||||
|
PSA_FUNCTION_NAME(psa_mac_sign_setup)
|
||||||
|
#define psa_mac_verify_setup \
|
||||||
|
PSA_FUNCTION_NAME(psa_mac_verify_setup)
|
||||||
|
#define psa_mac_update \
|
||||||
|
PSA_FUNCTION_NAME(psa_mac_update)
|
||||||
|
#define psa_mac_sign_finish \
|
||||||
|
PSA_FUNCTION_NAME(psa_mac_sign_finish)
|
||||||
|
#define psa_mac_verify_finish \
|
||||||
|
PSA_FUNCTION_NAME(psa_mac_verify_finish)
|
||||||
|
#define psa_mac_abort \
|
||||||
|
PSA_FUNCTION_NAME(psa_mac_abort)
|
||||||
|
#define psa_sign_hash \
|
||||||
|
PSA_FUNCTION_NAME(psa_sign_hash)
|
||||||
|
#define psa_verify_hash \
|
||||||
|
PSA_FUNCTION_NAME(psa_verify_hash)
|
||||||
|
#define psa_asymmetric_encrypt \
|
||||||
|
PSA_FUNCTION_NAME(psa_asymmetric_encrypt)
|
||||||
|
#define psa_asymmetric_decrypt \
|
||||||
|
PSA_FUNCTION_NAME(psa_asymmetric_decrypt)
|
||||||
|
#define psa_generate_key \
|
||||||
|
PSA_FUNCTION_NAME(psa_generate_key)
|
||||||
|
|
||||||
|
#endif /* CRYPTO_SPE_H */
|
@ -820,6 +820,32 @@ component_test_psa_crypto_key_id_encodes_owner () {
|
|||||||
make test
|
make test
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# check_renamed_symbols HEADER LIB
|
||||||
|
# Check that if HEADER contains '#define MACRO ...' then MACRO is not a symbol
|
||||||
|
# name is LIB.
|
||||||
|
check_renamed_symbols () {
|
||||||
|
! nm "$2" | sed 's/.* //' |
|
||||||
|
grep -x -F "$(sed -n 's/^ *# *define *\([A-Z_a-z][0-9A-Z_a-z]*\)..*/\1/p' "$1")"
|
||||||
|
}
|
||||||
|
|
||||||
|
component_build_psa_crypto_spm () {
|
||||||
|
msg "build: full config - USE_PSA_CRYPTO + PSA_CRYPTO_KEY_ID_ENCODES_OWNER + PSA_CRYPTO_SPM, make, gcc"
|
||||||
|
scripts/config.py full
|
||||||
|
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
||||||
|
scripts/config.py unset MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
|
||||||
|
scripts/config.py set MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
|
||||||
|
scripts/config.py set MBEDTLS_PSA_CRYPTO_SPM
|
||||||
|
# We can only compile, not link, since our test and sample programs
|
||||||
|
# aren't equipped for the modified names used when MBEDTLS_PSA_CRYPTO_SPM
|
||||||
|
# is active.
|
||||||
|
make CC=gcc CFLAGS='-Werror -Wall -Wextra -I../tests/include/spe' lib
|
||||||
|
|
||||||
|
# Check that if a symbol is renamed by crypto_spe.h, the non-renamed
|
||||||
|
# version is not present.
|
||||||
|
echo "Checking for renamed symbols in the library"
|
||||||
|
if_build_succeeded check_renamed_symbols tests/include/spe/crypto_spe.h library/libmbedcrypto.a
|
||||||
|
}
|
||||||
|
|
||||||
component_test_psa_crypto_client () {
|
component_test_psa_crypto_client () {
|
||||||
msg "build: default config - PSA_CRYPTO_C + PSA_CRYPTO_CLIENT, make"
|
msg "build: default config - PSA_CRYPTO_C + PSA_CRYPTO_CLIENT, make"
|
||||||
scripts/config.py unset MBEDTLS_PSA_CRYPTO_C
|
scripts/config.py unset MBEDTLS_PSA_CRYPTO_C
|
||||||
|
Loading…
Reference in New Issue
Block a user