Replace mbedcrypto dependency with Mbed TLS
Mbedcrypto as a separate project is deprecated, it was merged back to
Mbed TLS. This commit updates the external dependency to use Mbed TLS.
Since the current version of Mbed TLS uses the PSA Crypto API v1.0.0,
the commit also makes the necessary changes to get in sync with this.
Mbed TLS is capable of building three different libraries, but we only
need libmbedcrypto.a out of these. An extra step is added to configure
Mbed TLS to only produce this one, to shorten the build time.
Mbed TLS provides a method to override the necessary options of its
built-in default config, instead of providing a complete customized
config file. This makes the config easier to read, since only those
options are captured where we want to differ from the default. The
current full config file is removed and replaced using this format.
The changes introduced to get compatible with PSA Crypto API v1.0.0:
* The psa_open_key() and psa_close_key() functions were removed from the
API specification, remove all references from the code.
* The key identifier and key handle concepts were merged in the API,
replace all uses of psa_key_handle_t with psa_key_id_t.
* Several internal implementation macros were removed from the API.
Remove these from the code and replace with API macros where
necessary.
* The PSA_ALG_xxx and PSA_KEY_USAGE_xxx macros have new values in the
API, update the code to reflect these changes.
* The PSA_ECC_xxx and PSA_DH_xxx macros were renamed in the API. Update
the code to reflect these changes.
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
Change-Id: I4d721717d9ff33b6bac85cfcb482ea719bec1b31
diff --git a/protocols/service/crypto/protobuf/asymmetric_decrypt.proto b/protocols/service/crypto/protobuf/asymmetric_decrypt.proto
index 0155c30..fecf7ed 100644
--- a/protocols/service/crypto/protobuf/asymmetric_decrypt.proto
+++ b/protocols/service/crypto/protobuf/asymmetric_decrypt.proto
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2020, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved.
* SPDX-License-Identifier: BSD-3-Clause
*/
syntax = "proto3";
@@ -7,7 +7,7 @@
package ts_crypto;
message AsymmetricDecryptIn {
- uint32 handle = 1;
+ uint32 id = 1;
uint32 alg = 2;
bytes ciphertext = 3;
bytes salt = 4;
diff --git a/protocols/service/crypto/protobuf/asymmetric_encrypt.proto b/protocols/service/crypto/protobuf/asymmetric_encrypt.proto
index c85b9da..cb7a049 100644
--- a/protocols/service/crypto/protobuf/asymmetric_encrypt.proto
+++ b/protocols/service/crypto/protobuf/asymmetric_encrypt.proto
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2020, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved.
* SPDX-License-Identifier: BSD-3-Clause
*/
syntax = "proto3";
@@ -7,7 +7,7 @@
package ts_crypto;
message AsymmetricEncryptIn {
- uint32 handle = 1;
+ uint32 id = 1;
uint32 alg = 2;
bytes plaintext = 3;
bytes salt = 4;
diff --git a/protocols/service/crypto/protobuf/close_key.proto b/protocols/service/crypto/protobuf/close_key.proto
deleted file mode 100644
index b9f5ea3..0000000
--- a/protocols/service/crypto/protobuf/close_key.proto
+++ /dev/null
@@ -1,11 +0,0 @@
-/*
- * Copyright (c) 2020, Arm Limited and Contributors. All rights reserved.
- * SPDX-License-Identifier: BSD-3-Clause
- */
-syntax = "proto3";
-
-package ts_crypto;
-
-message CloseKeyIn {
- uint32 handle = 1;
-}
diff --git a/protocols/service/crypto/protobuf/component.cmake b/protocols/service/crypto/protobuf/component.cmake
index 7583f18..377a971 100644
--- a/protocols/service/crypto/protobuf/component.cmake
+++ b/protocols/service/crypto/protobuf/component.cmake
@@ -1,5 +1,5 @@
#-------------------------------------------------------------------------------
-# Copyright (c) 2020, Arm Limited and Contributors. All rights reserved.
+# Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -12,8 +12,6 @@
"${CMAKE_CURRENT_LIST_DIR}/asymmetric_decrypt.proto"
"${CMAKE_CURRENT_LIST_DIR}/asymmetric_encrypt.proto"
"${CMAKE_CURRENT_LIST_DIR}/destroy_key.proto"
- "${CMAKE_CURRENT_LIST_DIR}/open_key.proto"
- "${CMAKE_CURRENT_LIST_DIR}/close_key.proto"
"${CMAKE_CURRENT_LIST_DIR}/export_key.proto"
"${CMAKE_CURRENT_LIST_DIR}/export_public_key.proto"
"${CMAKE_CURRENT_LIST_DIR}/generate_key.proto"
diff --git a/protocols/service/crypto/protobuf/destroy_key.proto b/protocols/service/crypto/protobuf/destroy_key.proto
index 8b718af..f6bd32c 100644
--- a/protocols/service/crypto/protobuf/destroy_key.proto
+++ b/protocols/service/crypto/protobuf/destroy_key.proto
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2020, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved.
* SPDX-License-Identifier: BSD-3-Clause
*/
syntax = "proto3";
@@ -7,7 +7,7 @@
package ts_crypto;
message DestroyKeyIn {
- uint32 handle = 1;
+ uint32 id = 1;
}
message DestroyKeyOut {}
diff --git a/protocols/service/crypto/protobuf/export_key.proto b/protocols/service/crypto/protobuf/export_key.proto
index 14cc6a9..d6c1105 100644
--- a/protocols/service/crypto/protobuf/export_key.proto
+++ b/protocols/service/crypto/protobuf/export_key.proto
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2020, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved.
* SPDX-License-Identifier: BSD-3-Clause
*/
syntax = "proto3";
@@ -7,7 +7,7 @@
package ts_crypto;
message ExportKeyIn {
- uint32 handle = 1;
+ uint32 id = 1;
}
message ExportKeyOut {
diff --git a/protocols/service/crypto/protobuf/export_public_key.proto b/protocols/service/crypto/protobuf/export_public_key.proto
index e844325..3802496 100644
--- a/protocols/service/crypto/protobuf/export_public_key.proto
+++ b/protocols/service/crypto/protobuf/export_public_key.proto
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2020, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved.
* SPDX-License-Identifier: BSD-3-Clause
*/
syntax = "proto3";
@@ -7,7 +7,7 @@
package ts_crypto;
message ExportPublicKeyIn {
- uint32 handle = 1;
+ uint32 id = 1;
}
message ExportPublicKeyOut {
diff --git a/protocols/service/crypto/protobuf/generate_key.proto b/protocols/service/crypto/protobuf/generate_key.proto
index 48025a6..ba5b897 100644
--- a/protocols/service/crypto/protobuf/generate_key.proto
+++ b/protocols/service/crypto/protobuf/generate_key.proto
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2020, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved.
* SPDX-License-Identifier: BSD-3-Clause
*/
syntax = "proto3";
@@ -13,5 +13,5 @@
}
message GenerateKeyOut {
- uint32 handle = 1;
+ uint32 id = 1;
}
diff --git a/protocols/service/crypto/protobuf/import_key.proto b/protocols/service/crypto/protobuf/import_key.proto
index 727b2bc..767f6df 100644
--- a/protocols/service/crypto/protobuf/import_key.proto
+++ b/protocols/service/crypto/protobuf/import_key.proto
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2020, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved.
* SPDX-License-Identifier: BSD-3-Clause
*/
syntax = "proto3";
@@ -14,5 +14,5 @@
}
message ImportKeyOut {
- uint32 handle = 1;
+ uint32 id = 1;
}
diff --git a/protocols/service/crypto/protobuf/key_attributes.proto b/protocols/service/crypto/protobuf/key_attributes.proto
index bae948b..2415d5c 100644
--- a/protocols/service/crypto/protobuf/key_attributes.proto
+++ b/protocols/service/crypto/protobuf/key_attributes.proto
@@ -8,8 +8,6 @@
/* Key types */
enum KeyType {
- option allow_alias = true;
-
KEY_TYPE_NONE = 0x0000;
KEY_TYPE_RAW_DATA = 0x1001;
KEY_TYPE_HMAC = 0x1100;
@@ -21,79 +19,60 @@
KEY_TYPE_CHACHA20 = 0x2004;
KEY_TYPE_RSA_PUBLIC_KEY = 0x4001;
KEY_TYPE_RSA_KEY_PAIR = 0x7001;
- KEY_TYPE_ECC_PUBLIC_KEY_BASE = 0x4100;
- KEY_TYPE_ECC_KEY_PAIR_BASE = 0x7100;
- KEY_TYPE_ECC_CURVE_MASK = 0x00ff;
- KEY_TYPE_DH_PUBLIC_KEY_BASE = 0x4200;
- KEY_TYPE_DH_KEY_PAIR_BASE = 0x7200;
- KEY_TYPE_DH_GROUP_MASK = 0x00ff;
}
/* ECC curves for use with ECC Key types */
enum EccCurve {
- ECC_CURVE_NONE = 0x00;
- ECC_CURVE_SECP_K1 = 0x17;
- ECC_CURVE_SECP_R1 = 0x12;
- ECC_CURVE_SECP_R2 = 0x1b;
- ECC_CURVE_SECT_K1 = 0x27;
- ECC_CURVE_SECT_R1 = 0x22;
- ECC_CURVE_SECT_R2 = 0x2b;
- ECC_CURVE_BRAINPOOL_P_R1 = 0x30;
- ECC_CURVE_MONTGOMERY = 0x41;
+ ECC_FAMILY_NONE = 0x00;
+ ECC_FAMILY_SECP_K1 = 0x17;
+ ECC_FAMILY_SECP_R1 = 0x12;
+ ECC_FAMILY_SECP_R2 = 0x1b;
+ ECC_FAMILY_SECT_K1 = 0x27;
+ ECC_FAMILY_SECT_R1 = 0x22;
+ ECC_FAMILY_SECT_R2 = 0x2b;
+ ECC_FAMILY_BRAINPOOL_P_R1 = 0x30;
+ ECC_FAMILY_MONTGOMERY = 0x41;
}
/* Diffie-Hellman groups for use with DH key types */
enum DhGroup {
- DH_GROUP_NONE = 0x00;
- DH_GROUP_RFC7919 = 0x03;
+ DH_FAMILY_NONE = 0x00;
+ DH_FAMILY_RFC7919 = 0x03;
}
/* Crypto algorithms */
enum Alg {
ALG_NONE = 0x00000000;
- ALG_HASH_MASK = 0x000000ff;
- ALG_MD2 = 0x01000001;
- ALG_MD4 = 0x01000002;
- ALG_MD5 = 0x01000003;
- ALG_RIPEMD160 = 0x01000004;
- ALG_SHA_1 = 0x01000005;
- ALG_SHA_224 = 0x01000008;
- ALG_SHA_256 = 0x01000009;
- ALG_SHA_384 = 0x0100000a;
- ALG_SHA_512 = 0x0100000b;
- ALG_SHA_512_224 = 0x0100000c;
- ALG_SHA_512_256 = 0x0100000d;
- ALG_SHA3_224 = 0x01000010;
- ALG_SHA3_256 = 0x01000011;
- ALG_SHA3_384 = 0x01000012;
- ALG_SHA3_512 = 0x01000013;
- ALG_CBC_MAC = 0x02c00001;
- ALG_CMAC = 0x02c00002;
- ALG_ARC4 = 0x04800001;
- ALG_CHACHA20 = 0x04800005;
- ALG_CTR = 0x04c00001;
- ALG_CFB = 0x04c00002;
- ALG_OFB = 0x04c00003;
- ALG_XTS = 0x044000ff;
- ALG_CBC_NO_PADDING = 0x04600100;
- ALG_CBC_PKCS7 = 0x04600101;
- ALG_AEAD_FROM_BLOCK_FLAG = 0x00400000;
- ALG_CCM = 0x06401001;
- ALG_GCM = 0x06401002;
- ALG_CHACHA20_POLY1305 = 0x06001005;
- ALG_RSA_PKCS1V15_SIGN_BASE = 0x10020000;
- ALG_RSA_PSS_BASE = 0x10030000;
- ALG_ECDSA_BASE = 0x10060000;
- ALG_DETERMINISTIC_ECDSA_BASE = 0x10070000;
- ALG_RSA_PKCS1V15_CRYPT = 0x12020000;
- ALG_RSA_OAEP_BASE = 0x12030000;
- ALG_HKDF_BASE = 0x20000100;
- ALG_TLS12_PRF_BASE = 0x20000200;
- ALG_TLS12_PSK_TO_MS_BASE = 0x20000300;
- ALG_KEY_DERIVATION_MASK = 0x0803ffff;
- ALG_KEY_AGREEMENT_MASK = 0x10fc0000;
- ALG_FFDH = 0x30100000;
- ALG_ECDH = 0x30200000;
+ ALG_MD2 = 0x02000001;
+ ALG_MD4 = 0x02000002;
+ ALG_MD5 = 0x02000003;
+ ALG_RIPEMD160 = 0x02000004;
+ ALG_SHA_1 = 0x02000005;
+ ALG_SHA_224 = 0x02000008;
+ ALG_SHA_256 = 0x02000009;
+ ALG_SHA_384 = 0x0200000a;
+ ALG_SHA_512 = 0x0200000b;
+ ALG_SHA_512_224 = 0x0200000c;
+ ALG_SHA_512_256 = 0x0200000d;
+ ALG_SHA3_224 = 0x02000010;
+ ALG_SHA3_256 = 0x02000011;
+ ALG_SHA3_384 = 0x02000012;
+ ALG_SHA3_512 = 0x02000013;
+ ALG_CBC_MAC = 0x03c00100;
+ ALG_CMAC = 0x03c00200;
+ ALG_STREAM_CIPHER = 0x04800100;
+ ALG_CTR = 0x04c01000;
+ ALG_CFB = 0x04c01100;
+ ALG_OFB = 0x04c01200;
+ ALG_XTS = 0x0440ff00;
+ ALG_CBC_NO_PADDING = 0x04404000;
+ ALG_CBC_PKCS7 = 0x04404100;
+ ALG_CCM = 0x05500100;
+ ALG_GCM = 0x05500200;
+ ALG_CHACHA20_POLY1305 = 0x05100500;
+ ALG_RSA_PKCS1V15_CRYPT = 0x07000200;
+ ALG_FFDH = 0x09010000;
+ ALG_ECDH = 0x09020000;
}
/* Key lifetime */
@@ -109,9 +88,9 @@
KEY_USAGE_COPY = 0x00000002;
KEY_USAGE_ENCRYPT = 0x00000100;
KEY_USAGE_DECRYPT = 0x00000200;
- KEY_USAGE_SIGN_HASH = 0x00000400;
- KEY_USAGE_VERIFY_HASH = 0x00000800;
- KEY_USAGE_DERIVE = 0x00001000;
+ KEY_USAGE_SIGN_HASH = 0x00001000;
+ KEY_USAGE_VERIFY_HASH = 0x00002000;
+ KEY_USAGE_DERIVE = 0x00004000;
}
/* Key policy to define what key can be used for */
diff --git a/protocols/service/crypto/protobuf/opcodes.proto b/protocols/service/crypto/protobuf/opcodes.proto
index b16127e..094d3a0 100644
--- a/protocols/service/crypto/protobuf/opcodes.proto
+++ b/protocols/service/crypto/protobuf/opcodes.proto
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2020, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved.
* SPDX-License-Identifier: BSD-3-Clause
*/
syntax = "proto3";
@@ -10,8 +10,6 @@
NOP = 0x0000;
GENERATE_KEY = 0x0101;
DESTROY_KEY = 0x0102;
- OPEN_KEY = 0x0103;
- CLOSE_KEY = 0x0104;
EXPORT_KEY = 0x0105;
EXPORT_PUBLIC_KEY = 0x0106;
IMPORT_KEY = 0x0107;
diff --git a/protocols/service/crypto/protobuf/open_key.proto b/protocols/service/crypto/protobuf/open_key.proto
deleted file mode 100644
index 90fb2ad..0000000
--- a/protocols/service/crypto/protobuf/open_key.proto
+++ /dev/null
@@ -1,15 +0,0 @@
-/*
- * Copyright (c) 2020, Arm Limited and Contributors. All rights reserved.
- * SPDX-License-Identifier: BSD-3-Clause
- */
-syntax = "proto3";
-
-package ts_crypto;
-
-message OpenKeyIn {
- uint32 id = 1;
-}
-
-message OpenKeyOut {
- uint32 handle = 1;
-}
diff --git a/protocols/service/crypto/protobuf/sign_hash.proto b/protocols/service/crypto/protobuf/sign_hash.proto
index a409008..4b8bce0 100644
--- a/protocols/service/crypto/protobuf/sign_hash.proto
+++ b/protocols/service/crypto/protobuf/sign_hash.proto
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2020, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved.
* SPDX-License-Identifier: BSD-3-Clause
*/
syntax = "proto3";
@@ -7,7 +7,7 @@
package ts_crypto;
message SignHashIn {
- uint32 handle = 1;
+ uint32 id = 1;
uint32 alg = 2;
bytes hash = 3;
}
diff --git a/protocols/service/crypto/protobuf/verify_hash.proto b/protocols/service/crypto/protobuf/verify_hash.proto
index 9253d94..c31561f 100644
--- a/protocols/service/crypto/protobuf/verify_hash.proto
+++ b/protocols/service/crypto/protobuf/verify_hash.proto
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2020, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved.
* SPDX-License-Identifier: BSD-3-Clause
*/
syntax = "proto3";
@@ -7,7 +7,7 @@
package ts_crypto;
message VerifyHashIn {
- uint32 handle = 1;
+ uint32 id = 1;
uint32 alg = 2;
bytes hash = 3;
bytes signature = 4;