diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 78bf131e06..13210746d0 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -458,6 +458,12 @@ #error "MBEDTLS_PSA_CRYPTO_SPM defined, but not all prerequisites" #endif +#if defined(MBEDTLS_PSA_CRYPTO_SE_C) && \ + ! ( defined(MBEDTLS_PSA_CRYPTO_C) && \ + defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) ) +#error "MBEDTLS_PSA_CRYPTO_SE_C defined, but not all prerequisites" +#endif + #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) && \ ! defined(MBEDTLS_PSA_CRYPTO_C) #error "MBEDTLS_PSA_CRYPTO_STORAGE_C defined, but not all prerequisites" diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 56ad01c404..0e8d7550e1 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1709,6 +1709,19 @@ */ #define MBEDTLS_PSA_CRYPTO_C +/** + * \def MBEDTLS_PSA_CRYPTO_SE_C + * + * Enable secure element support in the Platform Security Architecture + * cryptography API. + * + * Module: library/psa_crypto_se.c + * + * Requires: MBEDTLS_PSA_CRYPTO_C, MBEDTLS_PSA_CRYPTO_STORAGE_C + * + */ +#define MBEDTLS_PSA_CRYPTO_SE_C + /** * \def MBEDTLS_PSA_CRYPTO_STORAGE_C * diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 7e20071298..8789084d17 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -32,7 +32,9 @@ #include "psa_crypto_core.h" #include "psa_crypto_invasive.h" +#if defined(MBEDTLS_PSA_CRYPTO_SE_C) #include "psa_crypto_se.h" +#endif #include "psa_crypto_slot_management.h" /* Include internal declarations that are useful for implementing persistently * stored keys. */ @@ -5212,9 +5214,11 @@ void mbedtls_psa_crypto_free( void ) * In particular, this sets all state indicator to the value * indicating "uninitialized". */ mbedtls_platform_zeroize( &global_data, sizeof( global_data ) ); +#if defined(MBEDTLS_PSA_CRYPTO_SE_C) /* Unregister all secure element drivers, so that we restart from * a pristine state. */ psa_unregister_all_se_drivers( ); +#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ } psa_status_t psa_crypto_init( void ) diff --git a/library/psa_crypto_se.c b/library/psa_crypto_se.c index 32142eb9a2..814c6a003f 100644 --- a/library/psa_crypto_se.c +++ b/library/psa_crypto_se.c @@ -25,7 +25,7 @@ #include MBEDTLS_CONFIG_FILE #endif -#if defined(MBEDTLS_PSA_CRYPTO_C) +#if defined(MBEDTLS_PSA_CRYPTO_SE_C) #include @@ -76,4 +76,4 @@ void psa_unregister_all_se_drivers( void ) memset( driver_table, 0, sizeof( driver_table ) ); } -#endif /* MBEDTLS_PSA_CRYPTO_C */ +#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ diff --git a/library/version_features.c b/library/version_features.c index 4f1da6aeab..57015986c8 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -555,6 +555,9 @@ static const char *features[] = { #if defined(MBEDTLS_PSA_CRYPTO_C) "MBEDTLS_PSA_CRYPTO_C", #endif /* MBEDTLS_PSA_CRYPTO_C */ +#if defined(MBEDTLS_PSA_CRYPTO_SE_C) + "MBEDTLS_PSA_CRYPTO_SE_C", +#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) "MBEDTLS_PSA_CRYPTO_STORAGE_C", #endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */ diff --git a/programs/test/query_config.c b/programs/test/query_config.c index fc25353fa6..ee754d9b05 100644 --- a/programs/test/query_config.c +++ b/programs/test/query_config.c @@ -1509,6 +1509,14 @@ int query_config( const char *config ) } #endif /* MBEDTLS_PSA_CRYPTO_C */ +#if defined(MBEDTLS_PSA_CRYPTO_SE_C) + if( strcmp( "MBEDTLS_PSA_CRYPTO_SE_C", config ) == 0 ) + { + MACRO_EXPANSION_TO_STR( MBEDTLS_PSA_CRYPTO_SE_C ); + return( 0 ); + } +#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ + #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) if( strcmp( "MBEDTLS_PSA_CRYPTO_STORAGE_C", config ) == 0 ) { diff --git a/scripts/config.pl b/scripts/config.pl index b66790514a..05cc52e648 100755 --- a/scripts/config.pl +++ b/scripts/config.pl @@ -107,6 +107,7 @@ MBEDTLS_MEMORY_BACKTRACE MBEDTLS_MEMORY_BUFFER_ALLOC_C MBEDTLS_PLATFORM_TIME_ALT MBEDTLS_PLATFORM_FPRINTF_ALT +MBEDTLS_PSA_CRYPTO_SE_C MBEDTLS_PSA_CRYPTO_STORAGE_C MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C MBEDTLS_PSA_ITS_FILE_C diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index b38c7d4579..c1e1ffe24b 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -709,6 +709,7 @@ component_test_no_platform () { scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C scripts/config.pl unset MBEDTLS_FS_IO + scripts/config.pl unset MBEDTLS_PSA_CRYPTO_SE_C scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C scripts/config.pl unset MBEDTLS_PSA_ITS_FILE_C scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C @@ -894,6 +895,7 @@ component_build_arm_none_eabi_gcc () { scripts/config.pl unset MBEDTLS_TIMING_C scripts/config.pl unset MBEDTLS_FS_IO scripts/config.pl unset MBEDTLS_PSA_ITS_FILE_C + scripts/config.pl unset MBEDTLS_PSA_CRYPTO_SE_C scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED @@ -913,6 +915,7 @@ component_build_arm_none_eabi_gcc_no_udbl_division () { scripts/config.pl unset MBEDTLS_TIMING_C scripts/config.pl unset MBEDTLS_FS_IO scripts/config.pl unset MBEDTLS_PSA_ITS_FILE_C + scripts/config.pl unset MBEDTLS_PSA_CRYPTO_SE_C scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED @@ -935,6 +938,7 @@ component_build_arm_none_eabi_gcc_no_64bit_multiplication () { scripts/config.pl unset MBEDTLS_TIMING_C scripts/config.pl unset MBEDTLS_FS_IO scripts/config.pl unset MBEDTLS_PSA_ITS_FILE_C + scripts/config.pl unset MBEDTLS_PSA_CRYPTO_SE_C scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED @@ -957,6 +961,7 @@ component_build_armcc () { scripts/config.pl unset MBEDTLS_TIMING_C scripts/config.pl unset MBEDTLS_FS_IO scripts/config.pl unset MBEDTLS_PSA_ITS_FILE_C + scripts/config.pl unset MBEDTLS_PSA_CRYPTO_SE_C scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.function b/tests/suites/test_suite_psa_crypto_se_driver_hal.function index 522065a90d..b9d0a1f0a8 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal.function +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.function @@ -10,7 +10,7 @@ /* END_HEADER */ /* BEGIN_DEPENDENCIES - * depends_on:MBEDTLS_PSA_CRYPTO_C + * depends_on:MBEDTLS_PSA_CRYPTO_SE_C * END_DEPENDENCIES */