Replace mbedcrypto dependency with Mbed TLS
Mbedcrypto as a separate project is deprecated, it was merged back to
Mbed TLS. This commit updates the external dependency to use Mbed TLS.
Since the current version of Mbed TLS uses the PSA Crypto API v1.0.0,
the commit also makes the necessary changes to get in sync with this.
Mbed TLS is capable of building three different libraries, but we only
need libmbedcrypto.a out of these. An extra step is added to configure
Mbed TLS to only produce this one, to shorten the build time.
Mbed TLS provides a method to override the necessary options of its
built-in default config, instead of providing a complete customized
config file. This makes the config easier to read, since only those
options are captured where we want to differ from the default. The
current full config file is removed and replaced using this format.
The changes introduced to get compatible with PSA Crypto API v1.0.0:
* The psa_open_key() and psa_close_key() functions were removed from the
API specification, remove all references from the code.
* The key identifier and key handle concepts were merged in the API,
replace all uses of psa_key_handle_t with psa_key_id_t.
* Several internal implementation macros were removed from the API.
Remove these from the code and replace with API macros where
necessary.
* The PSA_ALG_xxx and PSA_KEY_USAGE_xxx macros have new values in the
API, update the code to reflect these changes.
* The PSA_ECC_xxx and PSA_DH_xxx macros were renamed in the API. Update
the code to reflect these changes.
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
Change-Id: I4d721717d9ff33b6bac85cfcb482ea719bec1b31
diff --git a/components/app/ts-demo/ts-demo.cpp b/components/app/ts-demo/ts-demo.cpp
index 637fd90..58b28ef 100644
--- a/components/app/ts-demo/ts-demo.cpp
+++ b/components/app/ts-demo/ts-demo.cpp
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2020, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -14,8 +14,8 @@
public:
ts_demo(crypto_client *crypto_client, bool is_verbose) :
m_crypto_client(crypto_client),
- m_signing_key_handle(0),
- m_encryption_key_handle(0),
+ m_signing_key_id(0),
+ m_encryption_key_id(0),
m_verbose(is_verbose),
m_all_ok(true) {
@@ -87,12 +87,12 @@
psa_set_key_id(&attributes, SIGNING_KEY_ID);
psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH);
psa_set_key_algorithm(&attributes, PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256));
- psa_set_key_type(&attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1));
+ psa_set_key_type(&attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1));
psa_set_key_bits(&attributes, 256);
if (m_verbose) printf("Generating ECC signing key");
- status = m_crypto_client->generate_key(&attributes, &m_signing_key_handle);
+ status = m_crypto_client->generate_key(&attributes, &m_signing_key_id);
psa_reset_key_attributes(&attributes);
print_status(status);
@@ -116,9 +116,9 @@
uint8_t signature[PSA_SIGNATURE_MAX_SIZE];
size_t signature_length;
- if (m_verbose) printf("Signing message: \"%s\" using key: %d", hash, m_signing_key_handle);
+ if (m_verbose) printf("Signing message: \"%s\" using key: %d", hash, m_signing_key_id);
- status = m_crypto_client->sign_hash(m_signing_key_handle,
+ status = m_crypto_client->sign_hash(m_signing_key_id,
PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256), hash, hash_len,
signature, sizeof(signature), &signature_length);
@@ -134,7 +134,7 @@
/* Verify signature against original message */
if (m_verbose) printf("Verify signature using original message: \"%s\"", hash);
- status = m_crypto_client->verify_hash(m_signing_key_handle,
+ status = m_crypto_client->verify_hash(m_signing_key_id,
PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256), hash, hash_len,
signature, signature_length);
@@ -146,7 +146,7 @@
hash[0] = '!';
if (m_verbose) printf("Verify signature using modified message: \"%s\"", hash);
- status = m_crypto_client->verify_hash(m_signing_key_handle,
+ status = m_crypto_client->verify_hash(m_signing_key_id,
PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256), hash, hash_len,
signature, signature_length);
@@ -173,7 +173,7 @@
if (m_verbose) printf("Generating RSA encryption key");
- status = m_crypto_client->generate_key(&attributes, &m_encryption_key_handle);
+ status = m_crypto_client->generate_key(&attributes, &m_encryption_key_id);
psa_reset_key_attributes(&attributes);
print_status(status);
@@ -187,12 +187,12 @@
size_t message_len = strlen(message) + 1;
/* Encrypt a message */
- if (m_verbose) printf("Encrypting message: \"%s\" using RSA key: %d", message, m_encryption_key_handle);
+ if (m_verbose) printf("Encrypting message: \"%s\" using RSA key: %d", message, m_encryption_key_id);
uint8_t ciphertext[256];
size_t ciphertext_len = 0;
- status = m_crypto_client->asymmetric_encrypt(m_encryption_key_handle, PSA_ALG_RSA_PKCS1V15_CRYPT,
+ status = m_crypto_client->asymmetric_encrypt(m_encryption_key_id, PSA_ALG_RSA_PKCS1V15_CRYPT,
(const uint8_t*)message, message_len, NULL, 0,
ciphertext, sizeof(ciphertext), &ciphertext_len);
print_status(status);
@@ -205,12 +205,12 @@
m_all_ok &= (status == PSA_SUCCESS);
/* Decrypt it */
- if (m_verbose) printf("Decrypting message using RSA key: %d", m_encryption_key_handle);
+ if (m_verbose) printf("Decrypting message using RSA key: %d", m_encryption_key_id);
uint8_t plaintext[256];
size_t plaintext_len = 0;
- status = m_crypto_client->asymmetric_decrypt(m_encryption_key_handle, PSA_ALG_RSA_PKCS1V15_CRYPT,
+ status = m_crypto_client->asymmetric_decrypt(m_encryption_key_id, PSA_ALG_RSA_PKCS1V15_CRYPT,
ciphertext, ciphertext_len, NULL, 0,
plaintext, sizeof(plaintext), &plaintext_len);
print_status(status);
@@ -233,12 +233,12 @@
void export_public_key()
{
psa_status_t status;
- uint8_t key_buf[PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(256)];
+ uint8_t key_buf[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE];
size_t key_len = 0;
- if (m_verbose) printf("Exporting public key: %d", m_signing_key_handle);
+ if (m_verbose) printf("Exporting public key: %d", m_signing_key_id);
- status = m_crypto_client->export_public_key(m_signing_key_handle, key_buf, sizeof(key_buf), &key_len);
+ status = m_crypto_client->export_public_key(m_signing_key_id, key_buf, sizeof(key_buf), &key_len);
print_status(status);
@@ -273,13 +273,13 @@
{
psa_status_t status;
- if (m_verbose) printf("Destroying signing key: %d", m_signing_key_handle);
- status = m_crypto_client->destroy_key(m_signing_key_handle);
+ if (m_verbose) printf("Destroying signing key: %d", m_signing_key_id);
+ status = m_crypto_client->destroy_key(m_signing_key_id);
print_status(status);
m_all_ok &= (status == PSA_SUCCESS);
- if (m_verbose) printf("Destroying encryption key: %d", m_encryption_key_handle);
- status = m_crypto_client->destroy_key(m_encryption_key_handle);
+ if (m_verbose) printf("Destroying encryption key: %d", m_encryption_key_id);
+ status = m_crypto_client->destroy_key(m_encryption_key_id);
print_status(status);
m_all_ok &= (status == PSA_SUCCESS);
}
@@ -290,8 +290,8 @@
static const psa_key_id_t ENCRYPTION_KEY_ID = 0x101;
crypto_client *m_crypto_client;
- psa_key_handle_t m_signing_key_handle;
- psa_key_handle_t m_encryption_key_handle;
+ psa_key_id_t m_signing_key_id;
+ psa_key_id_t m_encryption_key_id;
bool m_verbose;
bool m_all_ok;