PR #3959 has proven that by adding a prefix
(LIBTESTDRIVER1/libtestdriver1_ in this commit) to
all MBEDTLS/PSA_* and mbedtls/psa_* symbols of a copy
of the Mbed TLS library, we can build a library that
can be linked with the Mbed TLS library.
This commit leverages this to build a PSA test driver
library based on the Mbed TLS library code.
The cryptographic features supported by the test
library are defined by:
. a minimal configuration (in the sense of config.h),
see config_test_driver.h
. PSA_WANT_* and PSA_ACCEL_* defined macros.
The PSA_WANT_* macros have to be the same as the ones
used to build the Mbed TLS library the test driver
library is supposed to be linked to as the PSA_WANT_*
macros are used in the definition of structures and
macros that are shared by the PSA crypto core,
Mbed TLS drivers and the driver test library.
The PSA_ACCEL_* macros are intended to define the
cryptographic features that have to be removed
from the Mbed TLS library and thus supported by the
test library in test scenarios. The PSA_ACCEL_* macros
to build the test library are thus mirrored from the
ones to build the Mbed TLS library by extended the
crypto_config.h: see
crypto_config_test_driver_entension.h.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Modeled after the include chain of the primitive operation contexts.
Also moved the HMAC context structure to the builtin composites file,
since that is where it conceptually belongs. This is a preparatory
step for implementing driver dispatch of MAC multipart operations.
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
This is a preparatory step in order to be able to organize the include
chain from crypto_struct in such a way that the MAC operation structure
for the PSA 'software' driver can make use of the hash operation structure.
Conceptually:
* Primitives:
* Hash
* Cipher
* Composites:
* AEAD (can use cipher)
* MAC (can use cipher and/or hash)
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
The sample program aescrypt2 shows bad practice: hand-rolled CBC
implementation, CBC+HMAC for AEAD, hand-rolled iterated SHA-2 for key
stretching, no algorithm agility. The new sample program pbcrypt does
the same thing, but better. So remove aescrypt2.
Fix#1906
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
MSVC doesn't like multiple compilation units with the same name.
(conflict between cipher.c in the library and in the test driver folder)
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
This header file will contain declarations of functions that are not
part of the public ABI/API, and must not be called from other modules,
but can be called from unit tests.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Add psa_crypto_cipher.[ch] files to contain the
Mbed TLS implementation of PSA driver cipher driver
entry points.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Drivers (both built-in and external) need to declare their context
structures in a way such that they are accessible by the
to-be-autogenerated crypto_driver_contexts.h file. That file lives in
include/psa, which means all builtin driver context structure
declarations also need to live in include/psa.
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
Apparently there's a goal to make the PSA Crypto core free from
dynamic memory allocations. Therefore, all driver context structures
need to be known at compile time in order for the core to know their
final size.
This change defines & implements for hashing operations how the context
structures get defined.
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
When using pthread mutexes (MBEDTLS_THREADING_C and
MBEDTLS_THREADING_PTHREAD enabled), and when test hooks are
enabled (MBEDTLS_TEST_HOOKS), set up wrappers around the
mbedtls_mutex_xxx abstraction. In this commit, the wrapper functions
don't do anything yet.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Move the declaration of the functions needed to use the test
implementation of mbedtls_psa_external_get_random() to a new header
file. Before, they were declared in
tests/include/test/psa_crypto_helpers.h, but this header file can't be
included in sample programs because it also includes headers from the
library directory which is not on the include path for sample
programs.
This fixes the build of the sample programs when
MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG and MBEDTLS_USE_PSA_CRYPTO are
enabled.
Move the implementation of the functions to a separate .c file as
well. This isn't strictly necessary, but makes the structure of the
source code easier to understand.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Create a new source file for code that is shared between ssl_client2.c
and ssl_server2.c. This commit only creates the file; subsequent
commits will populate it.
Add it to the official build systems (make, cmake, VS).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Make it clear that this is an abstraction of the random generator
abstraction, and not an abstraction of the PSA random generator.
mbedtls_psa_get_random and MBEDTLS_PSA_RANDOM_STATE are public-facing
definitions and will be moved in a subsequent commit.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The driver interfaces described in crypto_accel_driver.h and
crypto_entropy_driver.h are no longer being worked on. We do not
intend to finish the design of these interfaces or to implement them
in Mbed TLS. They have been superseded by the unified driver
interface (docs/proposed/psa-driver-interface.md), which is being
actively worked on both to finalize the specification and to implement
it in Mbed TLS.
The partially implemented dynamic secure element interface is staying
for now.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Moved new check_crypto_config.h file from include/psa to library
directory and the file is now included from *.c instead of the
crypto_config.h file. Fixed guards in PSA crypto library based
on review comments for new PSA crypto config features.
Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
Moved from doing the dependency checks for MBEDTLS_PSA_BUILTIN to
checking the PSA_WANT macros for the dependency checks. This required
moving the file into the include/psa directory and having the file be
included by crypto_config.h instead of config_psa.h.
Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
Updated macros in config_psa.h that used ECC_xxx to use KEY_TYPE_ECC_xxx
per comments from review. Implemented a check_config_psa.h to help with
dependency checking of features enabled in config_psa.h. Added
check_config_psa.h to visual studio project.
Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
