TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / TS / trusted-services / 3c52ce6203c82f53d1f636a5345a949317e73348^! / . / components / service / crypto / client / cpp / crypto_client.h
commit3c52ce6203c82f53d1f636a5345a949317e73348[log] [tgz]
authorBalint Dobszay <balint.dobszay@arm.com>Mon May 10 16:27:18 2021 +0200
committerGyörgy Szing <gyorgy.szing@arm.com>Fri Jul 02 14:04:06 2021 +0200
tree448cfb2aac9b538893f0c5690a100ba2a7a3c437
parent76e8a3c354be73126599fee628cb34befedbe8b8 [diff] [blame]
Replace mbedcrypto dependency with Mbed TLS

Mbedcrypto as a separate project is deprecated, it was merged back to
Mbed TLS. This commit updates the external dependency to use Mbed TLS.
Since the current version of Mbed TLS uses the PSA Crypto API v1.0.0,
the commit also makes the necessary changes to get in sync with this.

Mbed TLS is capable of building three different libraries, but we only
need libmbedcrypto.a out of these. An extra step is added to configure
Mbed TLS to only produce this one, to shorten the build time.

Mbed TLS provides a method to override the necessary options of its
built-in default config, instead of providing a complete customized
config file. This makes the config easier to read, since only those
options are captured where we want to differ from the default. The
current full config file is removed and replaced using this format.

The changes introduced to get compatible with PSA Crypto API v1.0.0:

* The psa_open_key() and psa_close_key() functions were removed from the
  API specification, remove all references from the code.

* The key identifier and key handle concepts were merged in the API,
  replace all uses of psa_key_handle_t with psa_key_id_t.

* Several internal implementation macros were removed from the API.
  Remove these from the code and replace with API macros where
  necessary.

* The PSA_ALG_xxx and PSA_KEY_USAGE_xxx macros have new values in the
  API, update the code to reflect these changes.

* The PSA_ECC_xxx and PSA_DH_xxx macros were renamed in the API. Update
  the code to reflect these changes.

Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
Change-Id: I4d721717d9ff33b6bac85cfcb482ea719bec1b31

diff --git a/components/service/crypto/client/cpp/crypto_client.h b/components/service/crypto/client/cpp/crypto_client.h
index 5f6f0e1..4884344 100644
--- a/components/service/crypto/client/cpp/crypto_client.h
+++ b/components/service/crypto/client/cpp/crypto_client.h

@@ -24,34 +24,32 @@
     int err_rpc_status() const;
 
     /* Key lifecycle methods */
-    virtual psa_status_t generate_key(const psa_key_attributes_t *attributes, psa_key_handle_t *handle) = 0;
-    virtual psa_status_t destroy_key(psa_key_handle_t handle) = 0;
-    virtual psa_status_t open_key(psa_key_id_t id, psa_key_handle_t *handle) = 0;
-    virtual psa_status_t close_key(psa_key_handle_t handle) = 0;
+    virtual psa_status_t generate_key(const psa_key_attributes_t *attributes, psa_key_id_t *id) = 0;
+    virtual psa_status_t destroy_key(psa_key_id_t id) = 0;
     virtual psa_status_t import_key(const psa_key_attributes_t *attributes,
-                            const uint8_t *data, size_t data_length, psa_key_handle_t *handle) = 0;
+                            const uint8_t *data, size_t data_length, psa_key_id_t *id) = 0;
 
     /* Key export methods */
-    virtual psa_status_t export_key(psa_key_handle_t handle,
+    virtual psa_status_t export_key(psa_key_id_t id,
                             uint8_t *data, size_t data_size,
                             size_t *data_length) = 0;
-    virtual psa_status_t export_public_key(psa_key_handle_t handle,
+    virtual psa_status_t export_public_key(psa_key_id_t id,
                             uint8_t *data, size_t data_size, size_t *data_length) = 0;
 
     /* Sign/verify methods */
-    virtual psa_status_t sign_hash(psa_key_handle_t handle, psa_algorithm_t alg,
+    virtual psa_status_t sign_hash(psa_key_id_t id, psa_algorithm_t alg,
                             const uint8_t *hash, size_t hash_length,
                             uint8_t *signature, size_t signature_size, size_t *signature_length) = 0;
-    virtual psa_status_t verify_hash(psa_key_handle_t handle, psa_algorithm_t alg,
+    virtual psa_status_t verify_hash(psa_key_id_t id, psa_algorithm_t alg,
                             const uint8_t *hash, size_t hash_length,
                             const uint8_t *signature, size_t signature_length) = 0;
 
     /* Asymmetric encrypt/decrypt */
-    virtual psa_status_t asymmetric_encrypt(psa_key_handle_t handle, psa_algorithm_t alg,
+    virtual psa_status_t asymmetric_encrypt(psa_key_id_t id, psa_algorithm_t alg,
                             const uint8_t *input, size_t input_length,
                             const uint8_t *salt, size_t salt_length,
                             uint8_t *output, size_t output_size, size_t *output_length) = 0;
-    virtual psa_status_t asymmetric_decrypt(psa_key_handle_t handle, psa_algorithm_t alg,
+    virtual psa_status_t asymmetric_decrypt(psa_key_id_t id, psa_algorithm_t alg,
                             const uint8_t *input, size_t input_length,
                             const uint8_t *salt, size_t salt_length,
                             uint8_t *output, size_t output_size, size_t *output_length) = 0;