From 67a9351bc5813346f047a3fbc8384afa0a2c19b2 Mon Sep 17 00:00:00 2001 From: Jaeden Amero Date: Wed, 11 Jul 2018 16:07:40 +0100 Subject: [PATCH] psa: config: Add MBEDTLS_PSA_CRYPTO_SPM We failed check-names.sh due to using a define which wasn't described or defined anywhere. Even though we won't realistically enable MBEDTLS_PSA_CRYPTO_SPM via the configuration system (and will do it from PSA Crypto SPM tooling instead), add a description of the configuration to config.h as good practice. Exclude MBEDTLS_PSA_CRYPTO_SPM from the "full" configuration as well. --- configs/config-psa-crypto.h | 14 ++++++++++++++ include/mbedtls/check_config.h | 4 ++++ include/mbedtls/config.h | 14 ++++++++++++++ library/version_features.c | 3 +++ scripts/config.pl | 1 + 5 files changed, 36 insertions(+) diff --git a/configs/config-psa-crypto.h b/configs/config-psa-crypto.h index 184e1ab645..870e335d11 100644 --- a/configs/config-psa-crypto.h +++ b/configs/config-psa-crypto.h @@ -696,6 +696,20 @@ */ #define MBEDTLS_PKCS1_V21 +/** + * \def MBEDTLS_PSA_CRYPTO_SPM + * + * When MBEDTLS_PSA_CRYPTO_SPM is defined, the code is built for SPM (Secure + * Partition Manager) integration which separates the code into two parts: a + * NSPE (Non-Secure Process Environment) and an SPE (Secure Process + * Environment). + * + * Module: library/psa_crypto.c + * Requires: MBEDTLS_PSA_CRYPTO_C + * + */ +//#define MBEDTLS_PSA_CRYPTO_SPM + /** * \def MBEDTLS_RSA_NO_CRT * diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 41c3f24585..620aff9991 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -492,6 +492,10 @@ #error "MBEDTLS_PSA_CRYPTO_C defined, but not all prerequisites" #endif +#if defined(MBEDTLS_PSA_CRYPTO_SPM) && !defined(MBEDTLS_PSA_CRYPTO_C) +#error "MBEDTLS_PSA_CRYPTO_SPM defined, but not all prerequisites" +#endif + #if defined(MBEDTLS_RSA_C) && ( !defined(MBEDTLS_BIGNUM_C) || \ !defined(MBEDTLS_OID_C) ) #error "MBEDTLS_RSA_C defined, but not all prerequisites" diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index d3df9eeda1..385381f7cc 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1126,6 +1126,20 @@ */ #define MBEDTLS_PKCS1_V21 +/** + * \def MBEDTLS_PSA_CRYPTO_SPM + * + * When MBEDTLS_PSA_CRYPTO_SPM is defined, the code is built for SPM (Secure + * Partition Manager) integration which separates the code into two parts: a + * NSPE (Non-Secure Process Environment) and an SPE (Secure Process + * Environment). + * + * Module: library/psa_crypto.c + * Requires: MBEDTLS_PSA_CRYPTO_C + * + */ +//#define MBEDTLS_PSA_CRYPTO_SPM + /** * \def MBEDTLS_RSA_NO_CRT * diff --git a/library/version_features.c b/library/version_features.c index b77bf26587..9917ec03e1 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -414,6 +414,9 @@ static const char *features[] = { #if defined(MBEDTLS_PKCS1_V21) "MBEDTLS_PKCS1_V21", #endif /* MBEDTLS_PKCS1_V21 */ +#if defined(MBEDTLS_PSA_CRYPTO_SPM) + "MBEDTLS_PSA_CRYPTO_SPM", +#endif /* MBEDTLS_PSA_CRYPTO_SPM */ #if defined(MBEDTLS_RSA_NO_CRT) "MBEDTLS_RSA_NO_CRT", #endif /* MBEDTLS_RSA_NO_CRT */ diff --git a/scripts/config.pl b/scripts/config.pl index 3d2884cc9d..2e4ac3bb68 100755 --- a/scripts/config.pl +++ b/scripts/config.pl @@ -96,6 +96,7 @@ MBEDTLS_ZLIB_SUPPORT MBEDTLS_PKCS11_C MBEDTLS_NO_UDBL_DIVISION MBEDTLS_NO_64BIT_MULTIPLICATION +MBEDTLS_PSA_CRYPTO_SPM _ALT\s*$ );