Crypto: Add config check for mbedtls
Add dependency configuration checks between tfm crypto service
switch and mbedcrypto switch.
Change-Id: I86c516fcf486f68ef7571516437a057c1f7085aa
Signed-off-by: Summer Qin <summer.qin@arm.com>
diff --git a/lib/ext/mbedcrypto/0001-BUILD-Update-IAR-support-in-CMakeLists.txt.patch b/lib/ext/mbedcrypto/0001-BUILD-Update-IAR-support-in-CMakeLists.txt.patch
index e5bd70f..9eece4c 100644
--- a/lib/ext/mbedcrypto/0001-BUILD-Update-IAR-support-in-CMakeLists.txt.patch
+++ b/lib/ext/mbedcrypto/0001-BUILD-Update-IAR-support-in-CMakeLists.txt.patch
@@ -1,7 +1,7 @@
-From 4497e653fb8ed68efd0c4a9cdac82e93490f4e4e Mon Sep 17 00:00:00 2001
+From 8d1aed1f571f9c1a1d63d7eaea1fd2f4fbf946f0 Mon Sep 17 00:00:00 2001
From: TTornblom <thomas.tornblom@iar.com>
Date: Thu, 16 Apr 2020 13:53:38 +0200
-Subject: [PATCH 1/3] BUILD: Update IAR support in CMakeLists.txt
+Subject: [PATCH 1/7] BUILD: Update IAR support in CMakeLists.txt
Applied the same change as in mbed-crypto for using this as a sub
project with the IAR toolchain.
diff --git a/lib/ext/mbedcrypto/0002-Enable-crypto-code-sharing-between-independent-binar.patch b/lib/ext/mbedcrypto/0002-Enable-crypto-code-sharing-between-independent-binar.patch
index d789d59..bb577ba 100644
--- a/lib/ext/mbedcrypto/0002-Enable-crypto-code-sharing-between-independent-binar.patch
+++ b/lib/ext/mbedcrypto/0002-Enable-crypto-code-sharing-between-independent-binar.patch
@@ -1,7 +1,7 @@
-From 5de1387b7c433dc0a81960ba1243b63fb8310ad4 Mon Sep 17 00:00:00 2001
+From 4dcc55721de024febe47b5b04bc9455a9a7de560 Mon Sep 17 00:00:00 2001
From: Tamas Ban <tamas.ban@arm.com>
Date: Tue, 27 Oct 2020 08:55:37 +0000
-Subject: [PATCH 2/3] Enable crypto code sharing between independent binaries
+Subject: [PATCH 2/7] Enable crypto code sharing between independent binaries
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
---
diff --git a/lib/ext/mbedcrypto/0003-Disable-export-MbedTLSTargets.patch b/lib/ext/mbedcrypto/0003-Disable-export-MbedTLSTargets.patch
index e7e70d7..7f3cabd 100644
--- a/lib/ext/mbedcrypto/0003-Disable-export-MbedTLSTargets.patch
+++ b/lib/ext/mbedcrypto/0003-Disable-export-MbedTLSTargets.patch
@@ -1,7 +1,7 @@
-From 0eac701c20e719599e5f30e260b7b0420d92af49 Mon Sep 17 00:00:00 2001
+From b3ae4414b56e72acd2baf346e1af7dd05a7c933a Mon Sep 17 00:00:00 2001
From: Summer Qin <summer.qin@arm.com>
Date: Wed, 5 Jan 2022 15:00:49 +0800
-Subject: [PATCH 3/3] Disable export MbedTLSTargets
+Subject: [PATCH 3/7] Disable export MbedTLSTargets
Disable install MbedTLSConfig.cmake, MbedTLSConfigVersion.cmake and
MbedTLSTargets.cmake. And Disable export MbedTLSTargets since this
diff --git a/lib/ext/mbedcrypto/0004-CC3XX-Hardcode-entry-points-for-the-CC3XX-driver.patch b/lib/ext/mbedcrypto/0004-CC3XX-Hardcode-entry-points-for-the-CC3XX-driver.patch
index ff8eeb6..210a0fc 100644
--- a/lib/ext/mbedcrypto/0004-CC3XX-Hardcode-entry-points-for-the-CC3XX-driver.patch
+++ b/lib/ext/mbedcrypto/0004-CC3XX-Hardcode-entry-points-for-the-CC3XX-driver.patch
@@ -1,7 +1,7 @@
-From bff99675493709b07508b88fbc311d34fbb5d3cc Mon Sep 17 00:00:00 2001
+From fc5fd24aa2e287ed57ecf8dd9b85d871d369d871 Mon Sep 17 00:00:00 2001
From: Salome Thirot <salome.thirot@arm.com>
Date: Wed, 7 Jul 2021 10:24:43 +0100
-Subject: [PATCH 2/2] CC3XX: Hardcode entry points for the CC3XX driver
+Subject: [PATCH 4/7] CC3XX: Hardcode entry points for the CC3XX driver
Signed-off-by: Salome Thirot <salome.thirot@arm.com>
Signed-off-by: Abbas Bracken Ziad <abbas.brackenziad@arm.com>
@@ -16,7 +16,7 @@
5 files changed, 644 insertions(+), 4 deletions(-)
diff --git a/include/psa/crypto_driver_contexts_composites.h b/include/psa/crypto_driver_contexts_composites.h
-index 3f1c8af4b..2fdf9561f 100644
+index 3f1c8af4..2fdf9561 100644
--- a/include/psa/crypto_driver_contexts_composites.h
+++ b/include/psa/crypto_driver_contexts_composites.h
@@ -41,6 +41,9 @@
@@ -50,7 +50,7 @@
#endif /* PSA_CRYPTO_DRIVER_CONTEXTS_COMPOSITES_H */
diff --git a/include/psa/crypto_driver_contexts_primitives.h b/include/psa/crypto_driver_contexts_primitives.h
-index 2bb01ed43..2bc0bda70 100644
+index 2bb01ed4..2bc0bda7 100644
--- a/include/psa/crypto_driver_contexts_primitives.h
+++ b/include/psa/crypto_driver_contexts_primitives.h
@@ -40,6 +40,9 @@
@@ -84,7 +84,7 @@
#endif /* PSA_CRYPTO_DRIVER_CONTEXTS_PRIMITIVES_H */
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
-index 829ed452b..48377ffe4 100644
+index 829ed452..48377ffe 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3073,6 +3073,25 @@ psa_status_t psa_asymmetric_encrypt( mbedtls_svc_key_id_t key,
@@ -175,7 +175,7 @@
if( status != PSA_SUCCESS )
{
diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c
-index 8d8647862..eed2ce402 100644
+index 8d864786..eed2ce40 100644
--- a/library/psa_crypto_driver_wrappers.c
+++ b/library/psa_crypto_driver_wrappers.c
@@ -44,6 +44,16 @@
@@ -999,7 +999,7 @@
+}
#endif /* MBEDTLS_PSA_CRYPTO_C */
diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h
-index e09e4ed70..9ebdb366e 100644
+index e09e4ed7..9ebdb366 100644
--- a/library/psa_crypto_driver_wrappers.h
+++ b/library/psa_crypto_driver_wrappers.h
@@ -329,6 +329,35 @@ psa_status_t psa_driver_wrapper_mac_verify_finish(
@@ -1039,5 +1039,5 @@
/* End of automatically generated file. */
--
-2.25.1
+2.17.1
diff --git a/lib/ext/mbedcrypto/0005-Add-MBEDTLS_PSA_CRYPTO_CONFIG_FILE.patch b/lib/ext/mbedcrypto/0005-Add-MBEDTLS_PSA_CRYPTO_CONFIG_FILE.patch
index 25fbe06..98617d0 100644
--- a/lib/ext/mbedcrypto/0005-Add-MBEDTLS_PSA_CRYPTO_CONFIG_FILE.patch
+++ b/lib/ext/mbedcrypto/0005-Add-MBEDTLS_PSA_CRYPTO_CONFIG_FILE.patch
@@ -1,7 +1,7 @@
-From 282d65493d95ce8d3ddc63924c89fc9b44656018 Mon Sep 17 00:00:00 2001
+From 072755e80839bbeb47d60ce29e67516471793016 Mon Sep 17 00:00:00 2001
From: Summer Qin <summer.qin@arm.com>
Date: Wed, 18 May 2022 18:13:12 +0800
-Subject: [PATCH] Add MBEDTLS_PSA_CRYPTO_CONFIG_FILE
+Subject: [PATCH 5/7] Add MBEDTLS_PSA_CRYPTO_CONFIG_FILE
Signed-off-by: Summer Qin <summer.qin@arm.com>
---
diff --git a/lib/ext/mbedcrypto/0005-Fix-key_id-and-owner_id-accessor-macros.patch b/lib/ext/mbedcrypto/0006-Fix-key_id-and-owner_id-accessor-macros.patch
similarity index 87%
rename from lib/ext/mbedcrypto/0005-Fix-key_id-and-owner_id-accessor-macros.patch
rename to lib/ext/mbedcrypto/0006-Fix-key_id-and-owner_id-accessor-macros.patch
index 1d59f2b..cefc971 100644
--- a/lib/ext/mbedcrypto/0005-Fix-key_id-and-owner_id-accessor-macros.patch
+++ b/lib/ext/mbedcrypto/0006-Fix-key_id-and-owner_id-accessor-macros.patch
@@ -1,7 +1,7 @@
-From e76fe5287bdd23eb67ec45cb0c629a178733b0cc Mon Sep 17 00:00:00 2001
+From 5234b70e4604e0af6bd148feb37e775c1614cb06 Mon Sep 17 00:00:00 2001
From: Antonio de Angelis <Antonio.deAngelis@arm.com>
Date: Thu, 5 May 2022 14:11:32 +0100
-Subject: [PATCH 1/1] Fix key_id and owner_id accessor macros
+Subject: [PATCH 6/7] Fix key_id and owner_id accessor macros
The accessor macros for key_id and owner_id in the mbedtls_svc_key_id_t
need to have the MBEDTLS_PRIVATE() specifier as these fields are private
@@ -12,7 +12,7 @@
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h
-index 5a903f86a..2d39625de 100644
+index 5a903f86..2d39625d 100644
--- a/include/psa/crypto_values.h
+++ b/include/psa/crypto_values.h
@@ -2242,8 +2242,8 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key )
@@ -27,5 +27,5 @@
/** Utility to initialize a key identifier at runtime.
*
--
-2.25.1
+2.17.1
diff --git a/lib/ext/mbedcrypto/0007-Add-MBEDTLS_CHACHA20_C-and-MBEDTLS_POLY1305_C.patch b/lib/ext/mbedcrypto/0007-Add-MBEDTLS_CHACHA20_C-and-MBEDTLS_POLY1305_C.patch
new file mode 100644
index 0000000..a15ae4f
--- /dev/null
+++ b/lib/ext/mbedcrypto/0007-Add-MBEDTLS_CHACHA20_C-and-MBEDTLS_POLY1305_C.patch
@@ -0,0 +1,29 @@
+From 19c808fa4ffd3bd6631f68c7c21056ed4d93dcba Mon Sep 17 00:00:00 2001
+From: Summer Qin <summer.qin@arm.com>
+Date: Thu, 30 Jun 2022 14:14:11 +0800
+Subject: [PATCH 7/7] Add MBEDTLS_CHACHA20_C and MBEDTLS_POLY1305_C
+
+MBEDTLS_CHACHA20_C and MBEDTLS_POLY1305_C are needed when
+PSA_WANT_ALG_CHACHA20_POLY1305 is defined.
+
+Signed-off-by: Summer Qin <summer.qin@arm.com>
+---
+ include/mbedtls/config_psa.h | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h
+index 13e64dd7..88ff70ba 100644
+--- a/include/mbedtls/config_psa.h
++++ b/include/mbedtls/config_psa.h
+@@ -437,6 +437,8 @@ extern "C" {
+ #if !defined(MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305)
+ #if defined(PSA_WANT_KEY_TYPE_CHACHA20)
+ #define MBEDTLS_CHACHAPOLY_C
++#define MBEDTLS_CHACHA20_C
++#define MBEDTLS_POLY1305_C
+ #define MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 1
+ #endif /* PSA_WANT_KEY_TYPE_CHACHA20 */
+ #endif /* !MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305 */
+--
+2.17.1
+
diff --git a/secure_fw/partitions/crypto/crypto_check_config.h b/secure_fw/partitions/crypto/crypto_check_config.h
new file mode 100644
index 0000000..a763be6
--- /dev/null
+++ b/secure_fw/partitions/crypto/crypto_check_config.h
@@ -0,0 +1,71 @@
+/*
+ * Copyright (c) 2022, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+#ifndef __CRYPTO_CHECK_CONFIG_H__
+#define __CRYPTO_CHECK_CONFIG_H__
+
+#if !defined(TFM_CRYPTO_RNG_MODULE_DISABLED) && \
+ (!defined(MBEDTLS_CTR_DRBG_C) && \
+ !defined(MBEDTLS_HMAC_DRBG_C) && \
+ !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG))
+#error "TFM_CRYPTO_RNG_MODULE enables, but not all prerequisites (missing RNG)!"
+#endif
+
+#if !defined(TFM_CRYPTO_AEAD_MODULE_DISABLED) && \
+ (!defined(PSA_WANT_ALG_CCM) && !defined(PSA_WANT_ALG_GCM) && \
+ !defined(PSA_WANT_ALG_CHACHA20_POLY1305))
+#error "TFM_CRYPTO_AEAD_MODULE enables, but not all prerequisites (missing AEAD algorithms)!"
+#endif
+
+#if !defined(TFM_CRYPTO_MAC_MODULE_DISABLED) && \
+ (!defined(PSA_WANT_ALG_CMAC) && !defined(PSA_WANT_ALG_HMAC))
+#error "TFM_CRYPTO_MAC_MODULE enables, but not all prerequisites (missing MAC algorithms)!"
+#endif
+
+#if !defined(TFM_CRYPTO_CIPHER_MODULE_DISABLED) && \
+ (!defined(PSA_WANT_KEY_TYPE_AES) && \
+ !defined(PSA_WANT_KEY_TYPE_CHACHA20) && \
+ !defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
+ !defined(PSA_WANT_ALG_CBC_PKCS7) && \
+ !defined(PSA_WANT_ALG_CCM) && \
+ !defined(PSA_WANT_ALG_GCM))
+#error "TFM_CRYPTO_CIPHER_MODULE enables, but not all prerequisites (missing CIPHER algorithms)!"
+#endif
+
+#if !defined(TFM_CRYPTO_HASH_MODULE_DISABLED) && \
+ (!defined(PSA_WANT_ALG_RIPEMD160) && \
+ !defined(PSA_WANT_ALG_SHA_224) && \
+ !defined(PSA_WANT_ALG_SHA_256) && \
+ !defined(PSA_WANT_ALG_SHA_384) && \
+ !defined(PSA_WANT_ALG_SHA_512))
+#error "TFM_CRYPTO_HASH_MODULE enables, but not all prerequisites (missing HASH algorithms)!"
+#endif
+
+#if !defined(TFM_CRYPTO_ASYM_SIGN_MODULE_DISABLED) && \
+ (!defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN) && \
+ !defined(PSA_WANT_ALG_RSA_PSS) && \
+ !defined(PSA_WANT_ALG_ECDSA) && \
+ !defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA))
+#error "TFM_CRYPTO_ASYM_SIGN_MODULE enables, but not all prerequisites \
+(missing asymmetric sign algorithms)!"
+#endif
+
+#if !defined(TFM_CRYPTO_ASYM_ENCRYPT_MODULE_DISABLED) && \
+ (!defined(PSA_WANT_ALG_RSA_PKCS1V15_CRYPT) && \
+ !defined(PSA_WANT_ALG_RSA_OAEP))
+#error "TFM_CRYPTO_ASYM_ENCRYPT_MODULE enables, but not all prerequisites \
+(missing asymmetric encryption algorithms)!"
+#endif
+
+#if !defined(TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED) && \
+ (!defined(PSA_WANT_ALG_HKDF) && \
+ !defined(PSA_WANT_ALG_TLS12_PRF) && \
+ !defined(PSA_WANT_ALG_TLS12_PSK_TO_MS))
+#error "TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED enables, but not all prerequisites \
+(missing key derivation algorithms)!"
+#endif
+
+#endif /* __CRYPTO_CHECK_CONFIG_H__ */
diff --git a/secure_fw/partitions/crypto/crypto_init.c b/secure_fw/partitions/crypto/crypto_init.c
index 6a27117..a13348e 100644
--- a/secure_fw/partitions/crypto/crypto_init.c
+++ b/secure_fw/partitions/crypto/crypto_init.c
@@ -11,6 +11,7 @@
#include "tfm_crypto_api.h"
#include "tfm_crypto_defs.h"
#include "tfm_sp_log.h"
+#include "crypto_check_config.h"
/*
* \brief This Mbed TLS include is needed to initialise the memory allocator