Gate secure element support by a separate config option
Secure element support has its own source file, and in addition requires many hooks in other files. This is a nontrivial amount of code, so make it optional (but default on).
This commit is contained in:
Gilles Peskine
Родитель
c93a43bed6
Коммит
a8ade16ffd
|
|
@ -458,6 +458,12 @@
|
||||||
#error "MBEDTLS_PSA_CRYPTO_SPM defined, but not all prerequisites"
|
#error "MBEDTLS_PSA_CRYPTO_SPM defined, but not all prerequisites"
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_PSA_CRYPTO_SE_C) && \
|
||||||
|
! ( defined(MBEDTLS_PSA_CRYPTO_C) && \
|
||||||
|
defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) )
|
||||||
|
#error "MBEDTLS_PSA_CRYPTO_SE_C defined, but not all prerequisites"
|
||||||
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) && \
|
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) && \
|
||||||
! defined(MBEDTLS_PSA_CRYPTO_C)
|
! defined(MBEDTLS_PSA_CRYPTO_C)
|
||||||
#error "MBEDTLS_PSA_CRYPTO_STORAGE_C defined, but not all prerequisites"
|
#error "MBEDTLS_PSA_CRYPTO_STORAGE_C defined, but not all prerequisites"
|
||||||
|
|
|
||||||
|
|
@ -1709,6 +1709,19 @@
|
||||||
*/
|
*/
|
||||||
#define MBEDTLS_PSA_CRYPTO_C
|
#define MBEDTLS_PSA_CRYPTO_C
|
||||||
|
|
||||||
|
/**
|
||||||
|
* \def MBEDTLS_PSA_CRYPTO_SE_C
|
||||||
|
*
|
||||||
|
* Enable secure element support in the Platform Security Architecture
|
||||||
|
* cryptography API.
|
||||||
|
*
|
||||||
|
* Module: library/psa_crypto_se.c
|
||||||
|
*
|
||||||
|
* Requires: MBEDTLS_PSA_CRYPTO_C, MBEDTLS_PSA_CRYPTO_STORAGE_C
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
#define MBEDTLS_PSA_CRYPTO_SE_C
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \def MBEDTLS_PSA_CRYPTO_STORAGE_C
|
* \def MBEDTLS_PSA_CRYPTO_STORAGE_C
|
||||||
*
|
*
|
||||||
|
|
|
||||||
|
|
@ -32,7 +32,9 @@
|
||||||
|
|
||||||
#include "psa_crypto_core.h"
|
#include "psa_crypto_core.h"
|
||||||
#include "psa_crypto_invasive.h"
|
#include "psa_crypto_invasive.h"
|
||||||
|
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
|
||||||
#include "psa_crypto_se.h"
|
#include "psa_crypto_se.h"
|
||||||
|
#endif
|
||||||
#include "psa_crypto_slot_management.h"
|
#include "psa_crypto_slot_management.h"
|
||||||
/* Include internal declarations that are useful for implementing persistently
|
/* Include internal declarations that are useful for implementing persistently
|
||||||
* stored keys. */
|
* stored keys. */
|
||||||
|
|
@ -5212,9 +5214,11 @@ void mbedtls_psa_crypto_free( void )
|
||||||
* In particular, this sets all state indicator to the value
|
* In particular, this sets all state indicator to the value
|
||||||
* indicating "uninitialized". */
|
* indicating "uninitialized". */
|
||||||
mbedtls_platform_zeroize( &global_data, sizeof( global_data ) );
|
mbedtls_platform_zeroize( &global_data, sizeof( global_data ) );
|
||||||
|
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
|
||||||
/* Unregister all secure element drivers, so that we restart from
|
/* Unregister all secure element drivers, so that we restart from
|
||||||
* a pristine state. */
|
* a pristine state. */
|
||||||
psa_unregister_all_se_drivers( );
|
psa_unregister_all_se_drivers( );
|
||||||
|
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
|
||||||
}
|
}
|
||||||
|
|
||||||
psa_status_t psa_crypto_init( void )
|
psa_status_t psa_crypto_init( void )
|
||||||
|
|
|
||||||
|
|
@ -25,7 +25,7 @@
|
||||||
#include MBEDTLS_CONFIG_FILE
|
#include MBEDTLS_CONFIG_FILE
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_PSA_CRYPTO_C)
|
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
|
||||||
|
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
|
|
||||||
|
|
@ -76,4 +76,4 @@ void psa_unregister_all_se_drivers( void )
|
||||||
memset( driver_table, 0, sizeof( driver_table ) );
|
memset( driver_table, 0, sizeof( driver_table ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
#endif /* MBEDTLS_PSA_CRYPTO_C */
|
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
|
||||||
|
|
|
||||||
|
|
@ -555,6 +555,9 @@ static const char *features[] = {
|
||||||
#if defined(MBEDTLS_PSA_CRYPTO_C)
|
#if defined(MBEDTLS_PSA_CRYPTO_C)
|
||||||
"MBEDTLS_PSA_CRYPTO_C",
|
"MBEDTLS_PSA_CRYPTO_C",
|
||||||
#endif /* MBEDTLS_PSA_CRYPTO_C */
|
#endif /* MBEDTLS_PSA_CRYPTO_C */
|
||||||
|
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
|
||||||
|
"MBEDTLS_PSA_CRYPTO_SE_C",
|
||||||
|
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
|
||||||
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
|
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
|
||||||
"MBEDTLS_PSA_CRYPTO_STORAGE_C",
|
"MBEDTLS_PSA_CRYPTO_STORAGE_C",
|
||||||
#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
|
#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
|
||||||
|
|
|
||||||
|
|
@ -1509,6 +1509,14 @@ int query_config( const char *config )
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_PSA_CRYPTO_C */
|
#endif /* MBEDTLS_PSA_CRYPTO_C */
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
|
||||||
|
if( strcmp( "MBEDTLS_PSA_CRYPTO_SE_C", config ) == 0 )
|
||||||
|
{
|
||||||
|
MACRO_EXPANSION_TO_STR( MBEDTLS_PSA_CRYPTO_SE_C );
|
||||||
|
return( 0 );
|
||||||
|
}
|
||||||
|
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
|
||||||
|
|
||||||
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
|
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
|
||||||
if( strcmp( "MBEDTLS_PSA_CRYPTO_STORAGE_C", config ) == 0 )
|
if( strcmp( "MBEDTLS_PSA_CRYPTO_STORAGE_C", config ) == 0 )
|
||||||
{
|
{
|
||||||
|
|
|
||||||
|
|
@ -107,6 +107,7 @@ MBEDTLS_MEMORY_BACKTRACE
|
||||||
MBEDTLS_MEMORY_BUFFER_ALLOC_C
|
MBEDTLS_MEMORY_BUFFER_ALLOC_C
|
||||||
MBEDTLS_PLATFORM_TIME_ALT
|
MBEDTLS_PLATFORM_TIME_ALT
|
||||||
MBEDTLS_PLATFORM_FPRINTF_ALT
|
MBEDTLS_PLATFORM_FPRINTF_ALT
|
||||||
|
MBEDTLS_PSA_CRYPTO_SE_C
|
||||||
MBEDTLS_PSA_CRYPTO_STORAGE_C
|
MBEDTLS_PSA_CRYPTO_STORAGE_C
|
||||||
MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C
|
MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C
|
||||||
MBEDTLS_PSA_ITS_FILE_C
|
MBEDTLS_PSA_ITS_FILE_C
|
||||||
|
|
|
||||||
|
|
@ -709,6 +709,7 @@ component_test_no_platform () {
|
||||||
scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
|
scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
|
||||||
scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
|
scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
|
||||||
scripts/config.pl unset MBEDTLS_FS_IO
|
scripts/config.pl unset MBEDTLS_FS_IO
|
||||||
|
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_SE_C
|
||||||
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C
|
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C
|
||||||
scripts/config.pl unset MBEDTLS_PSA_ITS_FILE_C
|
scripts/config.pl unset MBEDTLS_PSA_ITS_FILE_C
|
||||||
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C
|
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C
|
||||||
|
|
@ -894,6 +895,7 @@ component_build_arm_none_eabi_gcc () {
|
||||||
scripts/config.pl unset MBEDTLS_TIMING_C
|
scripts/config.pl unset MBEDTLS_TIMING_C
|
||||||
scripts/config.pl unset MBEDTLS_FS_IO
|
scripts/config.pl unset MBEDTLS_FS_IO
|
||||||
scripts/config.pl unset MBEDTLS_PSA_ITS_FILE_C
|
scripts/config.pl unset MBEDTLS_PSA_ITS_FILE_C
|
||||||
|
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_SE_C
|
||||||
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C
|
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C
|
||||||
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C
|
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C
|
||||||
scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
|
scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
|
||||||
|
|
@ -913,6 +915,7 @@ component_build_arm_none_eabi_gcc_no_udbl_division () {
|
||||||
scripts/config.pl unset MBEDTLS_TIMING_C
|
scripts/config.pl unset MBEDTLS_TIMING_C
|
||||||
scripts/config.pl unset MBEDTLS_FS_IO
|
scripts/config.pl unset MBEDTLS_FS_IO
|
||||||
scripts/config.pl unset MBEDTLS_PSA_ITS_FILE_C
|
scripts/config.pl unset MBEDTLS_PSA_ITS_FILE_C
|
||||||
|
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_SE_C
|
||||||
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C
|
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C
|
||||||
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C
|
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C
|
||||||
scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
|
scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
|
||||||
|
|
@ -935,6 +938,7 @@ component_build_arm_none_eabi_gcc_no_64bit_multiplication () {
|
||||||
scripts/config.pl unset MBEDTLS_TIMING_C
|
scripts/config.pl unset MBEDTLS_TIMING_C
|
||||||
scripts/config.pl unset MBEDTLS_FS_IO
|
scripts/config.pl unset MBEDTLS_FS_IO
|
||||||
scripts/config.pl unset MBEDTLS_PSA_ITS_FILE_C
|
scripts/config.pl unset MBEDTLS_PSA_ITS_FILE_C
|
||||||
|
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_SE_C
|
||||||
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C
|
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C
|
||||||
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C
|
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C
|
||||||
scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
|
scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
|
||||||
|
|
@ -957,6 +961,7 @@ component_build_armcc () {
|
||||||
scripts/config.pl unset MBEDTLS_TIMING_C
|
scripts/config.pl unset MBEDTLS_TIMING_C
|
||||||
scripts/config.pl unset MBEDTLS_FS_IO
|
scripts/config.pl unset MBEDTLS_FS_IO
|
||||||
scripts/config.pl unset MBEDTLS_PSA_ITS_FILE_C
|
scripts/config.pl unset MBEDTLS_PSA_ITS_FILE_C
|
||||||
|
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_SE_C
|
||||||
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C
|
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C
|
||||||
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C
|
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C
|
||||||
scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
|
scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
|
||||||
|
|
|
||||||
|
|
@ -10,7 +10,7 @@
|
||||||
/* END_HEADER */
|
/* END_HEADER */
|
||||||
|
|
||||||
/* BEGIN_DEPENDENCIES
|
/* BEGIN_DEPENDENCIES
|
||||||
* depends_on:MBEDTLS_PSA_CRYPTO_C
|
* depends_on:MBEDTLS_PSA_CRYPTO_SE_C
|
||||||
* END_DEPENDENCIES
|
* END_DEPENDENCIES
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
|
|
||||||
Загрузка…
Ссылка в новой задаче