Crypto: Set features with config header file
Signed-off-by: Xinyu Zhang <xinyu.zhang@arm.com>
Change-Id: Id2d70444f774705cadf18d23ec02bc1842697149
diff --git a/secure_fw/partitions/crypto/CMakeLists.txt b/secure_fw/partitions/crypto/CMakeLists.txt
index c158c14..9bd8b7a 100644
--- a/secure_fw/partitions/crypto/CMakeLists.txt
+++ b/secure_fw/partitions/crypto/CMakeLists.txt
@@ -13,20 +13,6 @@
cmake_policy(SET CMP0079 NEW)
add_library(tfm_psa_rot_partition_crypto STATIC)
-add_library(crypto_module_flags INTERFACE)
-
-target_compile_definitions(crypto_module_flags
- INTERFACE
- $<$<BOOL:${CRYPTO_RNG_MODULE_DISABLED}>:TFM_CRYPTO_RNG_MODULE_DISABLED>
- $<$<BOOL:${CRYPTO_KEY_MODULE_DISABLED}>:TFM_CRYPTO_KEY_MODULE_DISABLED>
- $<$<BOOL:${CRYPTO_AEAD_MODULE_DISABLED}>:TFM_CRYPTO_AEAD_MODULE_DISABLED>
- $<$<BOOL:${CRYPTO_MAC_MODULE_DISABLED}>:TFM_CRYPTO_MAC_MODULE_DISABLED>
- $<$<BOOL:${CRYPTO_CIPHER_MODULE_DISABLED}>:TFM_CRYPTO_CIPHER_MODULE_DISABLED>
- $<$<BOOL:${CRYPTO_HASH_MODULE_DISABLED}>:TFM_CRYPTO_HASH_MODULE_DISABLED>
- $<$<BOOL:${CRYPTO_ASYM_SIGN_MODULE_DISABLED}>:TFM_CRYPTO_ASYM_SIGN_MODULE_DISABLED>
- $<$<BOOL:${CRYPTO_ASYM_ENCRYPT_MODULE_DISABLED}>:TFM_CRYPTO_ASYM_ENCRYPT_MODULE_DISABLED>
- $<$<BOOL:${CRYPTO_KEY_DERIVATION_MODULE_DISABLED}>:TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED>
-)
target_sources(tfm_psa_rot_partition_crypto
PRIVATE
@@ -71,42 +57,16 @@
PRIVATE
platform_s
crypto_service_mbedcrypto
+ tfm_config
tfm_sprt
- crypto_module_flags
)
target_compile_definitions(tfm_psa_rot_partition_crypto
PUBLIC
MBEDTLS_PSA_CRYPTO_DRIVERS
MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
$<$<BOOL:CRYPTO_BUILTIN_KEYS>:PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY>
- PRIVATE
- $<$<BOOL:${CRYPTO_ENGINE_BUF_SIZE}>:TFM_CRYPTO_ENGINE_BUF_SIZE=${CRYPTO_ENGINE_BUF_SIZE}>
- $<$<BOOL:${CRYPTO_CONC_OPER_NUM}>:TFM_CRYPTO_CONC_OPER_NUM=${CRYPTO_CONC_OPER_NUM}>
- $<$<BOOL:${CRYPTO_IOVEC_BUFFER_SIZE}>:TFM_CRYPTO_IOVEC_BUFFER_SIZE=${CRYPTO_IOVEC_BUFFER_SIZE}>
- $<$<BOOL:${CRYPTO_SINGLE_PART_FUNCS_DISABLED}>:CRYPTO_SINGLE_PART_FUNCS_DISABLED>
)
-################ Display the configuration being applied #######################
-
-include(utils)
- dump_options("Crypto config"
- "
- CRYPTO_RNG_MODULE_DISABLED;
- CRYPTO_KEY_MODULE_DISABLED;
- CRYPTO_AEAD_MODULE_DISABLED;
- CRYPTO_MAC_MODULE_DISABLED;
- CRYPTO_CIPHER_MODULE_DISABLED;
- CRYPTO_HASH_MODULE_DISABLED;
- CRYPTO_KEY_DERIVATION_MODULE_DISABLED;
- CRYPTO_ASYM_SIGN_MODULE_DISABLED;
- CRYPTO_ASYM_ENCRYPT_MODULE_DISABLED;
- CRYPTO_ENGINE_BUF_SIZE;
- CRYPTO_CONC_OPER_NUM;
- CRYPTO_IOVEC_BUFFER_SIZE;
- CRYPTO_STACK_SIZE;
- "
- )
-
############################ Partition Defs ####################################
target_link_libraries(tfm_partitions
@@ -131,13 +91,18 @@
PSA_CRYPTO_SECURE
# Workaround for https://github.com/ARMmbed/mbedtls/issues/1077
$<$<OR:$<STREQUAL:${TFM_SYSTEM_ARCHITECTURE},armv8-m.base>,$<STREQUAL:${TFM_SYSTEM_ARCHITECTURE},armv6-m>>:MULADDC_CANNOT_USE_R7>
- $<$<BOOL:${CRYPTO_NV_SEED}>:CRYPTO_NV_SEED>
$<$<BOOL:${PLATFORM_DEFAULT_NV_SEED}>:PLATFORM_DEFAULT_NV_SEED>
$<$<BOOL:${PLATFORM_DEFAULT_CRYPTO_KEYS}>:PLATFORM_DEFAULT_CRYPTO_KEYS>
MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
MBEDTLS_PSA_CRYPTO_DRIVERS
$<$<BOOL:CRYPTO_TFM_BUILTIN_KEYS_DRIVER>:PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER>
)
+
+target_link_libraries(crypto_service_mbedcrypto_config
+ INTERFACE
+ tfm_config
+)
+
cmake_policy(SET CMP0079 NEW)
set(CMAKE_POLICY_DEFAULT_CMP0077 NEW)
diff --git a/secure_fw/partitions/crypto/config_crypto.h b/secure_fw/partitions/crypto/config_crypto.h
new file mode 100644
index 0000000..565fade
--- /dev/null
+++ b/secure_fw/partitions/crypto/config_crypto.h
@@ -0,0 +1,125 @@
+/*
+ * Copyright (c) 2022, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#ifndef __CONFIG_PARTITION_CRYPTO_H__
+#define __CONFIG_PARTITION_CRYPTO_H__
+
+#include "config_tfm.h"
+
+/*
+ * Heap size for the crypto backend
+ * CRYPTO_ENGINE_BUF_SIZE needs to be >8KB for EC signing by attest module.
+ */
+#ifndef CRYPTO_ENGINE_BUF_SIZE
+#pragma message ("CRYPTO_ENGINE_BUF_SIZE is defaulted to 0x2080. Please check and set it explicitly.")
+#define CRYPTO_ENGINE_BUF_SIZE 0x2080
+#endif
+
+/* The CC312 needs at least 0x4000 of heap size to work properly */
+#if defined(CRYPTO_HW_ACCELERATOR_CC312) && (CRYPTO_ENGINE_BUF_SIZE < 0x4000)
+#pragma message ("CRYPTO_ENGINE_BUF_SIZE is redefined to 0x4000.")
+#undef CRYPTO_ENGINE_BUF_SIZE
+#define CRYPTO_ENGINE_BUF_SIZE 0x4000
+#endif
+
+/* The max number of concurrent operations that can be active (allocated) at any time in Crypto */
+#ifndef CRYPTO_CONC_OPER_NUM
+#pragma message ("CRYPTO_CONC_OPER_NUM is defaulted to 8. Please check and set it explicitly.")
+#define CRYPTO_CONC_OPER_NUM 8
+#endif
+
+/* Disable PSA Crypto random number generator module */
+#ifndef CRYPTO_RNG_MODULE_DISABLED
+#pragma message ("CRYPTO_RNG_MODULE_DISABLED is defaulted to 0. Please check and set it explicitly.")
+#define CRYPTO_RNG_MODULE_DISABLED 0
+#endif
+
+/* Disable PSA Crypto Key module */
+#ifndef CRYPTO_KEY_MODULE_DISABLED
+#pragma message ("CRYPTO_KEY_MODULE_DISABLED is defaulted to 0. Please check and set it explicitly.")
+#define CRYPTO_KEY_MODULE_DISABLED 0
+#endif
+
+/* Disable PSA Crypto AEAD module */
+#ifndef CRYPTO_AEAD_MODULE_DISABLED
+#pragma message ("CRYPTO_AEAD_MODULE_DISABLED is defaulted to 0. Please check and set it explicitly.")
+#define CRYPTO_AEAD_MODULE_DISABLED 0
+#endif
+
+/* Disable PSA Crypto MAC module */
+#ifndef CRYPTO_MAC_MODULE_DISABLED
+#pragma message ("CRYPTO_MAC_MODULE_DISABLED is defaulted to 0. Please check and set it explicitly.")
+#define CRYPTO_MAC_MODULE_DISABLED 0
+#endif
+
+/* Disable PSA Crypto Hash module */
+#ifndef CRYPTO_HASH_MODULE_DISABLED
+#pragma message ("CRYPTO_HASH_MODULE_DISABLED is defaulted to 0. Please check and set it explicitly.")
+#define CRYPTO_HASH_MODULE_DISABLED 0
+#endif
+
+/* Disable PSA Crypto Cipher module */
+#ifndef CRYPTO_CIPHER_MODULE_DISABLED
+#pragma message ("CRYPTO_CIPHER_MODULE_DISABLED is defaulted to 0. Please check and set it explicitly.")
+#define CRYPTO_CIPHER_MODULE_DISABLED 0
+#endif
+
+/* Disable PSA Crypto asymmetric key signature module */
+#ifndef CRYPTO_ASYM_SIGN_MODULE_DISABLED
+#pragma message ("CRYPTO_ASYM_SIGN_MODULE_DISABLED is defaulted to 0. Please check and set it explicitly.")
+#define CRYPTO_ASYM_SIGN_MODULE_DISABLED 0
+#endif
+
+/* Disable PSA Crypto asymmetric key encryption module */
+#ifndef CRYPTO_ASYM_ENCRYPT_MODULE_DISABLED
+#pragma message ("CRYPTO_ASYM_ENCRYPT_MODULE_DISABLED is defaulted to 0. Please check and set it explicitly.")
+#define CRYPTO_ASYM_ENCRYPT_MODULE_DISABLED 0
+#endif
+
+/* Disable PSA Crypto key derivation module */
+#ifndef CRYPTO_KEY_DERIVATION_MODULE_DISABLED
+#pragma message ("CRYPTO_KEY_DERIVATION_MODULE_DISABLED is defaulted to 0. Please check and set it explicitly.")
+#define CRYPTO_KEY_DERIVATION_MODULE_DISABLED 0
+#endif
+
+/* Default size of the internal scratch buffer used for PSA FF IOVec allocations */
+#ifndef CRYPTO_IOVEC_BUFFER_SIZE
+#pragma message ("CRYPTO_IOVEC_BUFFER_SIZE is defaulted to 5120. Please check and set it explicitly.")
+#define CRYPTO_IOVEC_BUFFER_SIZE 5120
+#endif
+
+/* Use stored NV seed to provide entropy */
+#ifndef CRYPTO_NV_SEED
+#pragma message ("CRYPTO_NV_SEED is defaulted to 1. Please check and set it explicitly.")
+#define CRYPTO_NV_SEED 1
+#endif
+
+/*
+ * Only enable multi-part operations in Hash, MAC, AEAD and symmetric ciphers,
+ * to optimize memory footprint in resource-constrained devices.
+ */
+#ifndef CRYPTO_SINGLE_PART_FUNCS_DISABLED
+#pragma message ("CRYPTO_SINGLE_PART_FUNCS_DISABLED is defaulted to 0. Please check and set it explicitly.")
+#define CRYPTO_SINGLE_PART_FUNCS_DISABLED 0
+#endif
+
+/* The stack size of the Crypto Secure Partition */
+#ifndef CRYPTO_STACK_SIZE
+#pragma message ("CRYPTO_STACK_SIZE is defaulted to 0x1B00. Please check and set it explicitly.")
+#define CRYPTO_STACK_SIZE 0x1B00
+#endif
+
+/* Check invalid configs. */
+#if CRYPTO_NV_SEED && defined(CRYPTO_HW_ACCELERATOR)
+#error "Invalid config: CRYPTO_NV_SEED AND CRYPTO_HW_ACCELERATOR!"
+#endif
+
+#if (!CRYPTO_NV_SEED) && (!defined(CRYPTO_HW_ACCELERATOR))
+#error "Invalid config: NOT CRYPTO_NV_SEED AND NOT CRYPTO_HW_ACCELERATOR!"
+#endif
+
+#endif /* __CONFIG_PARTITION_CRYPTO_H__ */
diff --git a/secure_fw/partitions/crypto/crypto_aead.c b/secure_fw/partitions/crypto/crypto_aead.c
index 6b6e41b..527c5d8 100644
--- a/secure_fw/partitions/crypto/crypto_aead.c
+++ b/secure_fw/partitions/crypto/crypto_aead.c
@@ -8,6 +8,7 @@
#include <stddef.h>
#include <stdint.h>
+#include "config_crypto.h"
#include "tfm_mbedcrypto_include.h"
#include "tfm_crypto_api.h"
@@ -22,7 +23,7 @@
*/
/*!@{*/
-#ifndef TFM_CRYPTO_AEAD_MODULE_DISABLED
+#if (!CRYPTO_AEAD_MODULE_DISABLED)
psa_status_t tfm_crypto_aead_interface(psa_invec in_vec[],
psa_outvec out_vec[],
mbedtls_svc_key_id_t *encoded_key)
@@ -34,7 +35,7 @@
uint16_t sid = iov->function_id;
if (sid == TFM_CRYPTO_AEAD_ENCRYPT_SID) {
-#ifdef CRYPTO_SINGLE_PART_FUNCS_DISABLED
+#if CRYPTO_SINGLE_PART_FUNCS_DISABLED
return PSA_ERROR_NOT_SUPPORTED;
#else
const struct tfm_crypto_aead_pack_input *aead_pack_input =
@@ -60,7 +61,7 @@
}
if (sid == TFM_CRYPTO_AEAD_DECRYPT_SID) {
-#ifdef CRYPTO_SINGLE_PART_FUNCS_DISABLED
+#if CRYPTO_SINGLE_PART_FUNCS_DISABLED
return PSA_ERROR_NOT_SUPPORTED;
#else
const struct tfm_crypto_aead_pack_input *aead_pack_input =
@@ -241,7 +242,7 @@
(void)tfm_crypto_operation_release(p_handle);
return status;
}
-#else /* !TFM_CRYPTO_AEAD_MODULE_DISABLED */
+#else /* !CRYPTO_AEAD_MODULE_DISABLED */
psa_status_t tfm_crypto_aead_interface(psa_invec in_vec[],
psa_outvec out_vec[],
mbedtls_svc_key_id_t *encoded_key)
@@ -252,5 +253,5 @@
return PSA_ERROR_NOT_SUPPORTED;
}
-#endif /* !TFM_CRYPTO_AEAD_MODULE_DISABLED */
+#endif /* !CRYPTO_AEAD_MODULE_DISABLED */
/*!@}*/
diff --git a/secure_fw/partitions/crypto/crypto_alloc.c b/secure_fw/partitions/crypto/crypto_alloc.c
index 6d69aa5..f442be4 100644
--- a/secure_fw/partitions/crypto/crypto_alloc.c
+++ b/secure_fw/partitions/crypto/crypto_alloc.c
@@ -9,21 +9,12 @@
#include <stdint.h>
#include <string.h>
+#include "config_crypto.h"
#include "tfm_mbedcrypto_include.h"
#include "tfm_crypto_api.h"
#include "tfm_crypto_defs.h"
-/**
- * \def TFM_CRYPTO_CONC_OPER_NUM
- *
- * \brief This is the default value for the maximum number of concurrent
- * operations that can be active (allocated) at any time, supported
- * by the implementation
- */
-#ifndef TFM_CRYPTO_CONC_OPER_NUM
-#define TFM_CRYPTO_CONC_OPER_NUM (8)
-#endif
struct tfm_crypto_operation_s {
uint32_t in_use; /*!< Indicates if the operation is in use */
@@ -40,7 +31,7 @@
} operation;
};
-static struct tfm_crypto_operation_s operations[TFM_CRYPTO_CONC_OPER_NUM] = {{0}};
+static struct tfm_crypto_operation_s operations[CRYPTO_CONC_OPER_NUM] = {{0}};
/*
* \brief Function used to clear the memory associated to a backend context
@@ -95,7 +86,7 @@
return status;
}
- for (i = 0; i < TFM_CRYPTO_CONC_OPER_NUM; i++) {
+ for (i = 0; i < CRYPTO_CONC_OPER_NUM; i++) {
if (operations[i].in_use == TFM_CRYPTO_NOT_IN_USE) {
operations[i].in_use = TFM_CRYPTO_IN_USE;
operations[i].owner = partition_id;
@@ -119,7 +110,7 @@
*handle = TFM_CRYPTO_INVALID_HANDLE;
if ((h_val == TFM_CRYPTO_INVALID_HANDLE) ||
- (h_val > TFM_CRYPTO_CONC_OPER_NUM)) {
+ (h_val > CRYPTO_CONC_OPER_NUM)) {
return PSA_ERROR_INVALID_ARGUMENT;
}
@@ -150,7 +141,7 @@
psa_status_t status;
if ((handle == TFM_CRYPTO_INVALID_HANDLE) ||
- (handle > TFM_CRYPTO_CONC_OPER_NUM)) {
+ (handle > CRYPTO_CONC_OPER_NUM)) {
return PSA_ERROR_BAD_STATE;
}
diff --git a/secure_fw/partitions/crypto/crypto_asymmetric.c b/secure_fw/partitions/crypto/crypto_asymmetric.c
index 8182dac..3170cc9 100644
--- a/secure_fw/partitions/crypto/crypto_asymmetric.c
+++ b/secure_fw/partitions/crypto/crypto_asymmetric.c
@@ -8,6 +8,7 @@
#include <stddef.h>
#include <stdint.h>
+#include "config_crypto.h"
#include "tfm_mbedcrypto_include.h"
#include "tfm_crypto_api.h"
@@ -19,7 +20,7 @@
*/
/*!@{*/
-#ifndef TFM_CRYPTO_ASYM_SIGN_MODULE_DISABLED
+#if (!CRYPTO_ASYM_SIGN_MODULE_DISABLED)
psa_status_t tfm_crypto_asymmetric_sign_interface(psa_invec in_vec[],
psa_outvec out_vec[],
mbedtls_svc_key_id_t *encoded_key)
@@ -82,7 +83,7 @@
return PSA_ERROR_NOT_SUPPORTED;
}
-#else /* !TFM_CRYPTO_ASYM_SIGN_MODULE_DISABLED */
+#else /* !CRYPTO_ASYM_SIGN_MODULE_DISABLED */
psa_status_t tfm_crypto_asymmetric_sign_interface(psa_invec in_vec[],
psa_outvec out_vec[],
mbedtls_svc_key_id_t *encoded_key)
@@ -93,9 +94,9 @@
return PSA_ERROR_NOT_SUPPORTED;
}
-#endif /* !TFM_CRYPTO_ASYM_SIGN_MODULE_DISABLED */
+#endif /* !CRYPTO_ASYM_SIGN_MODULE_DISABLED */
-#ifndef TFM_CRYPTO_ASYM_ENCRYPT_MODULE_DISABLED
+#if (!CRYPTO_ASYM_ENCRYPT_MODULE_DISABLED)
psa_status_t tfm_crypto_asymmetric_encrypt_interface(psa_invec in_vec[],
psa_outvec out_vec[],
mbedtls_svc_key_id_t *encoded_key)
@@ -148,7 +149,7 @@
return PSA_ERROR_NOT_SUPPORTED;
}
-#else /* !TFM_CRYPTO_ASYM_ENCRYPT_MODULE_DISABLED */
+#else /* !CRYPTO_ASYM_ENCRYPT_MODULE_DISABLED */
psa_status_t tfm_crypto_asymmetric_encrypt_interface(psa_invec in_vec[],
psa_outvec out_vec[],
mbedtls_svc_key_id_t *encoded_key)
@@ -159,5 +160,5 @@
return PSA_ERROR_NOT_SUPPORTED;
}
-#endif /* !TFM_CRYPTO_ASYM_ENCRYPT_MODULE_DISABLED */
+#endif /* !CRYPTO_ASYM_ENCRYPT_MODULE_DISABLED */
/*!@}*/
diff --git a/secure_fw/partitions/crypto/crypto_check_config.h b/secure_fw/partitions/crypto/crypto_check_config.h
index a763be6..1e3e719 100644
--- a/secure_fw/partitions/crypto/crypto_check_config.h
+++ b/secure_fw/partitions/crypto/crypto_check_config.h
@@ -7,25 +7,27 @@
#ifndef __CRYPTO_CHECK_CONFIG_H__
#define __CRYPTO_CHECK_CONFIG_H__
-#if !defined(TFM_CRYPTO_RNG_MODULE_DISABLED) && \
+#include "config_crypto.h"
+
+#if (!CRYPTO_RNG_MODULE_DISABLED) && \
(!defined(MBEDTLS_CTR_DRBG_C) && \
!defined(MBEDTLS_HMAC_DRBG_C) && \
!defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG))
#error "TFM_CRYPTO_RNG_MODULE enables, but not all prerequisites (missing RNG)!"
#endif
-#if !defined(TFM_CRYPTO_AEAD_MODULE_DISABLED) && \
+#if (!CRYPTO_AEAD_MODULE_DISABLED) && \
(!defined(PSA_WANT_ALG_CCM) && !defined(PSA_WANT_ALG_GCM) && \
!defined(PSA_WANT_ALG_CHACHA20_POLY1305))
#error "TFM_CRYPTO_AEAD_MODULE enables, but not all prerequisites (missing AEAD algorithms)!"
#endif
-#if !defined(TFM_CRYPTO_MAC_MODULE_DISABLED) && \
+#if (!CRYPTO_MAC_MODULE_DISABLED) && \
(!defined(PSA_WANT_ALG_CMAC) && !defined(PSA_WANT_ALG_HMAC))
#error "TFM_CRYPTO_MAC_MODULE enables, but not all prerequisites (missing MAC algorithms)!"
#endif
-#if !defined(TFM_CRYPTO_CIPHER_MODULE_DISABLED) && \
+#if (!CRYPTO_CIPHER_MODULE_DISABLED) && \
(!defined(PSA_WANT_KEY_TYPE_AES) && \
!defined(PSA_WANT_KEY_TYPE_CHACHA20) && \
!defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
@@ -35,7 +37,7 @@
#error "TFM_CRYPTO_CIPHER_MODULE enables, but not all prerequisites (missing CIPHER algorithms)!"
#endif
-#if !defined(TFM_CRYPTO_HASH_MODULE_DISABLED) && \
+#if (!CRYPTO_HASH_MODULE_DISABLED) && \
(!defined(PSA_WANT_ALG_RIPEMD160) && \
!defined(PSA_WANT_ALG_SHA_224) && \
!defined(PSA_WANT_ALG_SHA_256) && \
@@ -44,7 +46,7 @@
#error "TFM_CRYPTO_HASH_MODULE enables, but not all prerequisites (missing HASH algorithms)!"
#endif
-#if !defined(TFM_CRYPTO_ASYM_SIGN_MODULE_DISABLED) && \
+#if (!CRYPTO_ASYM_SIGN_MODULE_DISABLED) && \
(!defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN) && \
!defined(PSA_WANT_ALG_RSA_PSS) && \
!defined(PSA_WANT_ALG_ECDSA) && \
@@ -53,18 +55,18 @@
(missing asymmetric sign algorithms)!"
#endif
-#if !defined(TFM_CRYPTO_ASYM_ENCRYPT_MODULE_DISABLED) && \
+#if (!CRYPTO_ASYM_ENCRYPT_MODULE_DISABLED) && \
(!defined(PSA_WANT_ALG_RSA_PKCS1V15_CRYPT) && \
!defined(PSA_WANT_ALG_RSA_OAEP))
#error "TFM_CRYPTO_ASYM_ENCRYPT_MODULE enables, but not all prerequisites \
(missing asymmetric encryption algorithms)!"
#endif
-#if !defined(TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED) && \
+#if (!CRYPTO_KEY_DERIVATION_MODULE_DISABLED) && \
(!defined(PSA_WANT_ALG_HKDF) && \
!defined(PSA_WANT_ALG_TLS12_PRF) && \
!defined(PSA_WANT_ALG_TLS12_PSK_TO_MS))
-#error "TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED enables, but not all prerequisites \
+#error "CRYPTO_KEY_DERIVATION_MODULE_DISABLED enables, but not all prerequisites \
(missing key derivation algorithms)!"
#endif
diff --git a/secure_fw/partitions/crypto/crypto_cipher.c b/secure_fw/partitions/crypto/crypto_cipher.c
index 0a7ed2a..e0ce0d7 100644
--- a/secure_fw/partitions/crypto/crypto_cipher.c
+++ b/secure_fw/partitions/crypto/crypto_cipher.c
@@ -8,6 +8,7 @@
#include <stddef.h>
#include <stdint.h>
+#include "config_crypto.h"
#include "tfm_mbedcrypto_include.h"
#include "tfm_crypto_api.h"
@@ -19,7 +20,7 @@
*/
/*!@{*/
-#ifndef TFM_CRYPTO_CIPHER_MODULE_DISABLED
+#if (!CRYPTO_CIPHER_MODULE_DISABLED)
psa_status_t tfm_crypto_cipher_interface(psa_invec in_vec[],
psa_outvec out_vec[],
mbedtls_svc_key_id_t *encoded_key)
@@ -31,7 +32,7 @@
uint16_t sid = iov->function_id;
if (sid == TFM_CRYPTO_CIPHER_ENCRYPT_SID) {
-#ifdef CRYPTO_SINGLE_PART_FUNCS_DISABLED
+#if CRYPTO_SINGLE_PART_FUNCS_DISABLED
return PSA_ERROR_NOT_SUPPORTED;
#else
const uint8_t *input = in_vec[1].base;
@@ -49,7 +50,7 @@
}
if (sid == TFM_CRYPTO_CIPHER_DECRYPT_SID) {
-#ifdef CRYPTO_SINGLE_PART_FUNCS_DISABLED
+#if CRYPTO_SINGLE_PART_FUNCS_DISABLED
return PSA_ERROR_NOT_SUPPORTED;
#else
const uint8_t *input = in_vec[1].base;
@@ -185,7 +186,7 @@
(void)tfm_crypto_operation_release(p_handle);
return status;
}
-#else /* !TFM_CRYPTO_CIPHER_MODULE_DISABLED */
+#else /* !CRYPTO_CIPHER_MODULE_DISABLED */
psa_status_t tfm_crypto_cipher_interface(psa_invec in_vec[],
psa_outvec out_vec[],
mbedtls_svc_key_id_t *encoded_key)
@@ -196,5 +197,5 @@
return PSA_ERROR_NOT_SUPPORTED;
}
-#endif /* !TFM_CRYPTO_CIPHER_MODULE_DISABLED */
+#endif /* !CRYPTO_CIPHER_MODULE_DISABLED */
/*!@}*/
diff --git a/secure_fw/partitions/crypto/crypto_hash.c b/secure_fw/partitions/crypto/crypto_hash.c
index 53a7d5a..ebe0fe5 100644
--- a/secure_fw/partitions/crypto/crypto_hash.c
+++ b/secure_fw/partitions/crypto/crypto_hash.c
@@ -8,6 +8,7 @@
#include <stddef.h>
#include <stdint.h>
+#include "config_crypto.h"
#include "tfm_mbedcrypto_include.h"
#include "tfm_crypto_api.h"
@@ -19,7 +20,7 @@
*/
/*!@{*/
-#ifndef TFM_CRYPTO_HASH_MODULE_DISABLED
+#if (!CRYPTO_HASH_MODULE_DISABLED)
psa_status_t tfm_crypto_hash_interface(psa_invec in_vec[],
psa_outvec out_vec[])
{
@@ -30,7 +31,7 @@
uint16_t sid = iov->function_id;
if (sid == TFM_CRYPTO_HASH_COMPUTE_SID) {
-#ifdef CRYPTO_SINGLE_PART_FUNCS_DISABLED
+#if CRYPTO_SINGLE_PART_FUNCS_DISABLED
return PSA_ERROR_NOT_SUPPORTED;
#else
const uint8_t *input = in_vec[1].base;
@@ -48,7 +49,7 @@
}
if (sid == TFM_CRYPTO_HASH_COMPARE_SID) {
-#ifdef CRYPTO_SINGLE_PART_FUNCS_DISABLED
+#if CRYPTO_SINGLE_PART_FUNCS_DISABLED
return PSA_ERROR_NOT_SUPPORTED;
#else
const uint8_t *input = in_vec[1].base;
@@ -175,7 +176,7 @@
(void)tfm_crypto_operation_release(p_handle);
return status;
}
-#else /* !TFM_CRYPTO_HASH_MODULE_DISABLED */
+#else /* !CRYPTO_HASH_MODULE_DISABLED */
psa_status_t tfm_crypto_hash_interface(psa_invec in_vec[],
psa_outvec out_vec[])
{
@@ -184,5 +185,5 @@
return PSA_ERROR_NOT_SUPPORTED;
}
-#endif /* !TFM_CRYPTO_HASH_MODULE_DISABLED */
+#endif /* !CRYPTO_HASH_MODULE_DISABLED */
/*!@}*/
diff --git a/secure_fw/partitions/crypto/crypto_init.c b/secure_fw/partitions/crypto/crypto_init.c
index d1a3ef5..71f5216 100644
--- a/secure_fw/partitions/crypto/crypto_init.c
+++ b/secure_fw/partitions/crypto/crypto_init.c
@@ -6,6 +6,7 @@
*/
#include <stdbool.h>
+#include "config_crypto.h"
#include "tfm_mbedcrypto_include.h"
#include "tfm_crypto_api.h"
@@ -22,7 +23,7 @@
#include "mbedtls/platform.h"
-#ifdef CRYPTO_NV_SEED
+#if CRYPTO_NV_SEED
#include "tfm_plat_crypto_nv_seed.h"
#endif /* CRYPTO_NV_SEED */
@@ -100,7 +101,7 @@
*/
static struct tfm_crypto_scratch {
__attribute__((__aligned__(TFM_CRYPTO_IOVEC_ALIGNMENT)))
- uint8_t buf[TFM_CRYPTO_IOVEC_BUFFER_SIZE];
+ uint8_t buf[CRYPTO_IOVEC_BUFFER_SIZE];
uint32_t alloc_index;
int32_t owner;
} scratch = {.buf = {0}, .alloc_index = 0};
@@ -258,11 +259,11 @@
* \brief Static buffer to be used by Mbed Crypto for memory allocations
*
*/
-static uint8_t mbedtls_mem_buf[TFM_CRYPTO_ENGINE_BUF_SIZE] = {0};
+static uint8_t mbedtls_mem_buf[CRYPTO_ENGINE_BUF_SIZE] = {0};
static psa_status_t tfm_crypto_engine_init(void)
{
-#ifdef CRYPTO_NV_SEED
+#if CRYPTO_NV_SEED
LOG_INFFMT("[INF][Crypto] ");
LOG_INFFMT("Provisioning entropy seed... ");
if (tfm_plat_crypto_provision_entropy_seed() != TFM_CRYPTO_NV_SEED_SUCCESS) {
@@ -275,7 +276,7 @@
* allocation from the provided buffer instead of using the heap
*/
mbedtls_memory_buffer_alloc_init(mbedtls_mem_buf,
- TFM_CRYPTO_ENGINE_BUF_SIZE);
+ CRYPTO_ENGINE_BUF_SIZE);
/* mbedtls_printf is used to print messages including error information. */
#if (TFM_PARTITION_LOG_LEVEL >= TFM_PARTITION_LOG_LEVEL_ERROR)
diff --git a/secure_fw/partitions/crypto/crypto_key_derivation.c b/secure_fw/partitions/crypto/crypto_key_derivation.c
index 384ea6e..e0bc27a 100644
--- a/secure_fw/partitions/crypto/crypto_key_derivation.c
+++ b/secure_fw/partitions/crypto/crypto_key_derivation.c
@@ -8,6 +8,7 @@
#include <stddef.h>
#include <stdint.h>
#include <string.h>
+#include "config_crypto.h"
#include "tfm_sp_log.h"
#include "tfm_mbedcrypto_include.h"
@@ -25,7 +26,7 @@
*/
/*!@{*/
-#ifndef TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED
+#if (!CRYPTO_KEY_DERIVATION_MODULE_DISABLED)
psa_status_t tfm_crypto_key_derivation_interface(psa_invec in_vec[],
psa_outvec out_vec[],
mbedtls_svc_key_id_t *encoded_key)
@@ -166,7 +167,7 @@
(void)tfm_crypto_operation_release(p_handle);
return status;
}
-#else /* !TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED */
+#else /* !CRYPTO_KEY_DERIVATION_MODULE_DISABLED */
psa_status_t tfm_crypto_key_derivation_interface(psa_invec in_vec[],
psa_outvec out_vec[],
mbedtls_svc_key_id_t *encoded_key)
@@ -177,5 +178,5 @@
return PSA_ERROR_NOT_SUPPORTED;
}
-#endif /* !TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED */
+#endif /* !CRYPTO_KEY_DERIVATION_MODULE_DISABLED */
/*!@}*/
diff --git a/secure_fw/partitions/crypto/crypto_key_management.c b/secure_fw/partitions/crypto/crypto_key_management.c
index d093d95..5356208 100644
--- a/secure_fw/partitions/crypto/crypto_key_management.c
+++ b/secure_fw/partitions/crypto/crypto_key_management.c
@@ -8,6 +8,7 @@
#include <stddef.h>
#include <stdint.h>
+#include "config_crypto.h"
#include "tfm_mbedcrypto_include.h"
#include "tfm_crypto_api.h"
#include "tfm_crypto_defs.h"
@@ -22,7 +23,7 @@
*/
/*!@{*/
-#ifndef TFM_CRYPTO_KEY_MODULE_DISABLED
+#if (!CRYPTO_KEY_MODULE_DISABLED)
psa_status_t tfm_crypto_key_management_interface(psa_invec in_vec[],
psa_outvec out_vec[],
mbedtls_svc_key_id_t *encoded_key)
@@ -182,7 +183,7 @@
return status;
}
-#else /* !TFM_CRYPTO_KEY_MODULE_DISABLED */
+#else /* !CRYPTO_KEY_MODULE_DISABLED */
psa_status_t tfm_crypto_key_management_interface(psa_invec in_vec[],
psa_outvec out_vec[],
mbedtls_svc_key_id_t *encoded_key)
@@ -193,5 +194,5 @@
return PSA_ERROR_NOT_SUPPORTED;
}
-#endif /* !TFM_CRYPTO_KEY_MODULE_DISABLED */
+#endif /* !CRYPTO_KEY_MODULE_DISABLED */
/*!@}*/
diff --git a/secure_fw/partitions/crypto/crypto_mac.c b/secure_fw/partitions/crypto/crypto_mac.c
index 32bede7..db2607f 100644
--- a/secure_fw/partitions/crypto/crypto_mac.c
+++ b/secure_fw/partitions/crypto/crypto_mac.c
@@ -8,6 +8,7 @@
#include <stddef.h>
#include <stdint.h>
+#include "config_crypto.h"
#include "tfm_mbedcrypto_include.h"
#include "tfm_crypto_api.h"
@@ -19,7 +20,7 @@
*/
/*!@{*/
-#ifndef TFM_CRYPTO_MAC_MODULE_DISABLED
+#if (!CRYPTO_MAC_MODULE_DISABLED)
psa_status_t tfm_crypto_mac_interface(psa_invec in_vec[],
psa_outvec out_vec[],
mbedtls_svc_key_id_t *encoded_key)
@@ -31,7 +32,7 @@
uint16_t sid = iov->function_id;
if (sid == TFM_CRYPTO_MAC_COMPUTE_SID) {
-#ifdef CRYPTO_SINGLE_PART_FUNCS_DISABLED
+#if CRYPTO_SINGLE_PART_FUNCS_DISABLED
return PSA_ERROR_NOT_SUPPORTED;
#else
const uint8_t *input = in_vec[1].base;
@@ -49,7 +50,7 @@
}
if (sid == TFM_CRYPTO_MAC_VERIFY_SID) {
-#ifdef CRYPTO_SINGLE_PART_FUNCS_DISABLED
+#if CRYPTO_SINGLE_PART_FUNCS_DISABLED
return PSA_ERROR_NOT_SUPPORTED;
#else
const uint8_t *input = in_vec[1].base;
@@ -167,7 +168,7 @@
(void)tfm_crypto_operation_release(p_handle);
return status;
}
-#else /* !TFM_CRYPTO_MAC_MODULE_DISABLED */
+#else /* !CRYPTO_MAC_MODULE_DISABLED */
psa_status_t tfm_crypto_mac_interface(psa_invec in_vec[],
psa_outvec out_vec[],
mbedtls_svc_key_id_t *encoded_key)
@@ -178,5 +179,5 @@
return PSA_ERROR_NOT_SUPPORTED;
}
-#endif /* !TFM_CRYPTO_MAC_MODULE_DISABLED */
+#endif /* !CRYPTO_MAC_MODULE_DISABLED */
/*!@}*/
diff --git a/secure_fw/partitions/crypto/crypto_rng.c b/secure_fw/partitions/crypto/crypto_rng.c
index d444b94..33b21bc 100644
--- a/secure_fw/partitions/crypto/crypto_rng.c
+++ b/secure_fw/partitions/crypto/crypto_rng.c
@@ -9,6 +9,7 @@
#include <stddef.h>
#include <stdint.h>
+#include "config_crypto.h"
#include "tfm_mbedcrypto_include.h"
#include "tfm_crypto_api.h"
@@ -23,7 +24,7 @@
psa_status_t tfm_crypto_random_interface(psa_invec in_vec[],
psa_outvec out_vec[])
{
-#ifdef TFM_CRYPTO_RNG_MODULE_DISABLED
+#if CRYPTO_RNG_MODULE_DISABLED
(void)in_vec;
(void)out_vec;