Remove dependencies on deprecated PSA Crypto API definitions
In preparation for moving to mbedtls-3.0.0 where legacy support is
removed, dependencies on deprecated API functions and defines are
modified to align as closely as possible with PSA Crypto API 1.0.
Signed-off-by: Julian Hall <julian.hall@arm.com>
Change-Id: I9f6fc833336a883382229c430ea71122bd550bd8
diff --git a/components/service/attestation/claims/sources/instance_id/instance_id_claim_source.h b/components/service/attestation/claims/sources/instance_id/instance_id_claim_source.h
index e02ad5e..0cca6b9 100644
--- a/components/service/attestation/claims/sources/instance_id/instance_id_claim_source.h
+++ b/components/service/attestation/claims/sources/instance_id/instance_id_claim_source.h
@@ -14,7 +14,7 @@
/* Instance ID defines */
#define INSTANCE_ID_HASH_ALG PSA_ALG_SHA_256
-#define INSTANCE_ID_HASH_LEN PSA_HASH_SIZE(INSTANCE_ID_HASH_ALG)
+#define INSTANCE_ID_HASH_LEN PSA_HASH_LENGTH(INSTANCE_ID_HASH_ALG)
#ifdef __cplusplus
extern "C" {
diff --git a/components/service/attestation/key_mngr/local/local_attest_key_mngr.c b/components/service/attestation/key_mngr/local/local_attest_key_mngr.c
index d77bf4c..104d04f 100644
--- a/components/service/attestation/key_mngr/local/local_attest_key_mngr.c
+++ b/components/service/attestation/key_mngr/local/local_attest_key_mngr.c
@@ -38,7 +38,7 @@
psa_set_key_usage_flags(attributes, PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH);
psa_set_key_algorithm(attributes, PSA_ALG_ECDSA(PSA_ALG_SHA_256));
- psa_set_key_type(attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1));
+ psa_set_key_type(attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1));
psa_set_key_bits(attributes, IAK_KEY_BITS);
}
@@ -134,8 +134,8 @@
size_t attest_key_mngr_max_iak_export_size(void)
{
- return PSA_KEY_EXPORT_MAX_SIZE(
- PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1)),
+ return PSA_EXPORT_KEY_OUTPUT_SIZE(
+ PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)),
IAK_KEY_BITS);
}
diff --git a/components/service/crypto/backend/mbedcrypto/trng_adapter/linux/linux_trng_adapter.c b/components/service/crypto/backend/mbedcrypto/trng_adapter/linux/linux_trng_adapter.c
index 25aab06..1b2f2b4 100644
--- a/components/service/crypto/backend/mbedcrypto/trng_adapter/linux/linux_trng_adapter.c
+++ b/components/service/crypto/backend/mbedcrypto/trng_adapter/linux/linux_trng_adapter.c
@@ -4,7 +4,6 @@
* SPDX-License-Identifier: BSD-3-Clause
*/
#include <mbedtls/entropy.h>
-#include <mbedtls/entropy_poll.h>
#include <service/crypto/backend/mbedcrypto/trng_adapter/trng_adapter.h>
#include <unistd.h>
#include <sys/syscall.h>
diff --git a/components/service/crypto/test/protocol/check_crypto_packed-c_protocol_alignment.cpp b/components/service/crypto/test/protocol/check_crypto_packed-c_protocol_alignment.cpp
index 692c201..b78e751 100644
--- a/components/service/crypto/test/protocol/check_crypto_packed-c_protocol_alignment.cpp
+++ b/components/service/crypto/test/protocol/check_crypto_packed-c_protocol_alignment.cpp
@@ -27,7 +27,6 @@
CHECK_EQUAL(PSA_KEY_TYPE_AES, TS_CRYPTO_KEY_TYPE_AES);
CHECK_EQUAL(PSA_KEY_TYPE_DES, TS_CRYPTO_KEY_TYPE_DES);
CHECK_EQUAL(PSA_KEY_TYPE_CAMELLIA, TS_CRYPTO_KEY_TYPE_CAMELLIA);
- CHECK_EQUAL(PSA_KEY_TYPE_ARC4, TS_CRYPTO_KEY_TYPE_ARC4);
CHECK_EQUAL(PSA_KEY_TYPE_CHACHA20, TS_CRYPTO_KEY_TYPE_CHACHA20);
CHECK_EQUAL(PSA_KEY_TYPE_RSA_PUBLIC_KEY, TS_CRYPTO_KEY_TYPE_RSA_PUBLIC_KEY);
CHECK_EQUAL(PSA_KEY_TYPE_RSA_KEY_PAIR, TS_CRYPTO_KEY_TYPE_RSA_KEY_PAIR);
@@ -61,8 +60,6 @@
/*
* Crypto algorithms
*/
- CHECK_EQUAL(PSA_ALG_MD2, TS_CRYPTO_ALG_MD2);
- CHECK_EQUAL(PSA_ALG_MD4, TS_CRYPTO_ALG_MD4);
CHECK_EQUAL(PSA_ALG_MD5, TS_CRYPTO_ALG_MD5);
CHECK_EQUAL(PSA_ALG_RIPEMD160, TS_CRYPTO_ALG_RIPEMD160);
CHECK_EQUAL(PSA_ALG_SHA_1, TS_CRYPTO_ALG_SHA_1);
@@ -114,4 +111,4 @@
CHECK_EQUAL(PSA_KEY_USAGE_SIGN_HASH, TS_CRYPTO_KEY_USAGE_SIGN_HASH);
CHECK_EQUAL(PSA_KEY_USAGE_VERIFY_HASH, TS_CRYPTO_KEY_USAGE_VERIFY_HASH);
CHECK_EQUAL(PSA_KEY_USAGE_DERIVE, TS_CRYPTO_KEY_USAGE_DERIVE);
-}
\ No newline at end of file
+}
diff --git a/components/service/crypto/test/protocol/check_crypto_protobuf_protocol_alignment.cpp b/components/service/crypto/test/protocol/check_crypto_protobuf_protocol_alignment.cpp
index ca23546..f223498 100644
--- a/components/service/crypto/test/protocol/check_crypto_protobuf_protocol_alignment.cpp
+++ b/components/service/crypto/test/protocol/check_crypto_protobuf_protocol_alignment.cpp
@@ -27,7 +27,6 @@
CHECK_EQUAL(PSA_KEY_TYPE_AES, ts_crypto_KeyType_KEY_TYPE_AES);
CHECK_EQUAL(PSA_KEY_TYPE_DES, ts_crypto_KeyType_KEY_TYPE_DES);
CHECK_EQUAL(PSA_KEY_TYPE_CAMELLIA, ts_crypto_KeyType_KEY_TYPE_CAMELLIA);
- CHECK_EQUAL(PSA_KEY_TYPE_ARC4, ts_crypto_KeyType_KEY_TYPE_ARC4);
CHECK_EQUAL(PSA_KEY_TYPE_CHACHA20, ts_crypto_KeyType_KEY_TYPE_CHACHA20);
CHECK_EQUAL(PSA_KEY_TYPE_RSA_PUBLIC_KEY, ts_crypto_KeyType_KEY_TYPE_RSA_PUBLIC_KEY);
CHECK_EQUAL(PSA_KEY_TYPE_RSA_KEY_PAIR, ts_crypto_KeyType_KEY_TYPE_RSA_KEY_PAIR);
@@ -61,8 +60,6 @@
/*
* Crypto algorithms
*/
- CHECK_EQUAL(PSA_ALG_MD2, ts_crypto_Alg_ALG_MD2);
- CHECK_EQUAL(PSA_ALG_MD4, ts_crypto_Alg_ALG_MD4);
CHECK_EQUAL(PSA_ALG_MD5, ts_crypto_Alg_ALG_MD5);
CHECK_EQUAL(PSA_ALG_RIPEMD160, ts_crypto_Alg_ALG_RIPEMD160);
CHECK_EQUAL(PSA_ALG_SHA_1, ts_crypto_Alg_ALG_SHA_1);
diff --git a/components/service/crypto/test/service/crypto_service_scenarios.cpp b/components/service/crypto/test/service/crypto_service_scenarios.cpp
index 276a860..8b3124a 100644
--- a/components/service/crypto/test/service/crypto_service_scenarios.cpp
+++ b/components/service/crypto/test/service/crypto_service_scenarios.cpp
@@ -227,7 +227,7 @@
psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH);
psa_set_key_algorithm(&attributes, PSA_ALG_ECDSA(PSA_ALG_SHA_256));
- psa_set_key_type(&attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP256R1));
+ psa_set_key_type(&attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1));
psa_set_key_bits(&attributes, 256);
/* Generate a key */
diff --git a/deployments/psa-api-test/crypto/crypto-api-test.cmake b/deployments/psa-api-test/crypto/crypto-api-test.cmake
index 4063175..47e42c7 100644
--- a/deployments/psa-api-test/crypto/crypto-api-test.cmake
+++ b/deployments/psa-api-test/crypto/crypto-api-test.cmake
@@ -12,6 +12,14 @@
set(TS_ARCH_TEST_SUITE CRYPTO CACHE STRING "Arch test suite")
#-------------------------------------------------------------------------------
+# Extend the arch test build configuration to include tests missing from the
+# default configuration.
+#-------------------------------------------------------------------------------
+#set(TS_ARCH_TEST_EXTERNAL_DEFS
+# -DCRYPTO_1_0
+# CACHE STRING "Arch test external defines")
+
+#-------------------------------------------------------------------------------
# The arch test build system puts its build output under a test suite specific
# subdirectory. The subdirectory name is different from the test suite name
# so an additional define is needed to obtain the built library.
diff --git a/external/psa_arch_tests/add_inherit_toolchain.patch b/external/psa_arch_tests/add_inherit_toolchain.patch
index 2ff7709..58b2f75 100644
--- a/external/psa_arch_tests/add_inherit_toolchain.patch
+++ b/external/psa_arch_tests/add_inherit_toolchain.patch
@@ -29,7 +29,7 @@
endif()
diff --git a/api-tests/tools/cmake/compiler/INHERIT.cmake b/api-tests/tools/cmake/compiler/INHERIT.cmake
new file mode 100644
-index 0000000..014d667
+index 0000000..b2570c8
--- /dev/null
+++ b/api-tests/tools/cmake/compiler/INHERIT.cmake
@@ -0,0 +1,19 @@
@@ -50,8 +50,8 @@
+# * limitations under the License.
+#**/
+
-+
-+add_definitions(-DHOST_GCC_MISSING_CRYPTO_1_0=1)
++# Add any external definitions from the parent build
++add_definitions(${ARCH_TEST_EXTERNAL_DEFS})
diff --git a/api-tests/tools/scripts/target_cfg/CMakeLists.txt b/api-tests/tools/scripts/target_cfg/CMakeLists.txt
index 3210c5f..259eb9c 100644
--- a/api-tests/tools/scripts/target_cfg/CMakeLists.txt
diff --git a/external/psa_arch_tests/psa_arch_tests.cmake b/external/psa_arch_tests/psa_arch_tests.cmake
index 97e49af..6edf38d 100644
--- a/external/psa_arch_tests/psa_arch_tests.cmake
+++ b/external/psa_arch_tests/psa_arch_tests.cmake
@@ -53,6 +53,7 @@
-DCMAKE_TOOLCHAIN_FILE=${TS_EXTERNAL_LIB_TOOLCHAIN_FILE}
-DPSA_INCLUDE_PATHS=${PSA_ARCH_TESTS_EXTERNAL_INCLUDE_PATHS}
-DSUITE=${TS_ARCH_TEST_SUITE}
+ -DARCH_TEST_EXTERNAL_DEFS=${TS_ARCH_TEST_EXTERNAL_DEFS}
-DCMAKE_VERBOSE_MAKEFILE=OFF
-DTARGET=tgt_dev_apis_linux
-GUnix\ Makefiles
diff --git a/external/t_cose/0002-add-tls3_0_0-compatibility.patch b/external/t_cose/0002-add-tls3_0_0-compatibility.patch
new file mode 100644
index 0000000..20a7d13
--- /dev/null
+++ b/external/t_cose/0002-add-tls3_0_0-compatibility.patch
@@ -0,0 +1,31 @@
+diff --git a/crypto_adapters/t_cose_psa_crypto.c b/crypto_adapters/t_cose_psa_crypto.c
+index 49c5b60..3aa7b58 100644
+--- a/crypto_adapters/t_cose_psa_crypto.c
++++ b/crypto_adapters/t_cose_psa_crypto.c
+@@ -99,7 +99,7 @@ static enum t_cose_err_t psa_status_to_t_cose_error_signing(psa_status_t err)
+ err == PSA_ERROR_INVALID_SIGNATURE ? T_COSE_ERR_SIG_VERIFY :
+ err == PSA_ERROR_NOT_SUPPORTED ? T_COSE_ERR_UNSUPPORTED_SIGNING_ALG:
+ err == PSA_ERROR_INSUFFICIENT_MEMORY ? T_COSE_ERR_INSUFFICIENT_MEMORY :
+- err == PSA_ERROR_TAMPERING_DETECTED ? T_COSE_ERR_TAMPERING_DETECTED :
++ err == PSA_ERROR_CORRUPTION_DETECTED ? T_COSE_ERR_TAMPERING_DETECTED :
+ T_COSE_ERR_SIG_FAIL;
+ }
+
+@@ -152,7 +152,7 @@ t_cose_crypto_pub_key_verify(int32_t cose_algorithm_id,
+ * Crypto ceases providing backwards compatibility then this code
+ * has to be changed to use psa_verify_hash().
+ */
+- psa_result = psa_asymmetric_verify(verification_key_psa,
++ psa_result = psa_verify_hash(verification_key_psa,
+ psa_alg_id,
+ hash_to_verify.ptr,
+ hash_to_verify.len,
+@@ -212,7 +212,7 @@ t_cose_crypto_pub_key_sign(int32_t cose_algorithm_id,
+ * providing backwards compatibility then this code has to be
+ * changed to use psa_sign_hash().
+ */
+- psa_result = psa_asymmetric_sign(signing_key_psa,
++ psa_result = psa_sign_hash(signing_key_psa,
+ psa_alg_id,
+ hash_to_sign.ptr,
+ hash_to_sign.len,
diff --git a/external/t_cose/t_cose.cmake b/external/t_cose/t_cose.cmake
index 0af40bd..660824b 100644
--- a/external/t_cose/t_cose.cmake
+++ b/external/t_cose/t_cose.cmake
@@ -37,6 +37,7 @@
PATCH_COMMAND git stash
COMMAND git am ${CMAKE_CURRENT_LIST_DIR}/0001-add-install-definition.patch
+ COMMAND git apply ${CMAKE_CURRENT_LIST_DIR}/0002-add-tls3_0_0-compatibility.patch
COMMAND git reset HEAD~1
)
diff --git a/protocols/service/crypto/packed-c/key_attributes.h b/protocols/service/crypto/packed-c/key_attributes.h
index 473813b..dd1944d 100644
--- a/protocols/service/crypto/packed-c/key_attributes.h
+++ b/protocols/service/crypto/packed-c/key_attributes.h
@@ -16,7 +16,6 @@
#define TS_CRYPTO_KEY_TYPE_AES (0x2400)
#define TS_CRYPTO_KEY_TYPE_DES (0x2301)
#define TS_CRYPTO_KEY_TYPE_CAMELLIA (0x2403)
-#define TS_CRYPTO_KEY_TYPE_ARC4 (0x2002)
#define TS_CRYPTO_KEY_TYPE_CHACHA20 (0x2004)
#define TS_CRYPTO_KEY_TYPE_RSA_PUBLIC_KEY (0x4001)
#define TS_CRYPTO_KEY_TYPE_RSA_KEY_PAIR (0x7001)
@@ -38,8 +37,6 @@
/* Crypto algorithms */
#define TS_CRYPTO_ALG_NONE (0x00000000)
-#define TS_CRYPTO_ALG_MD2 (0x02000001)
-#define TS_CRYPTO_ALG_MD4 (0x02000002)
#define TS_CRYPTO_ALG_MD5 (0x02000003)
#define TS_CRYPTO_ALG_RIPEMD160 (0x02000004)
#define TS_CRYPTO_ALG_SHA_1 (0x02000005)
@@ -100,4 +97,4 @@
struct ts_crypto_key_policy policy;
};
-#endif /* TS_CRYPTO_KEY_ATTRIBUTES_H */
\ No newline at end of file
+#endif /* TS_CRYPTO_KEY_ATTRIBUTES_H */
diff --git a/protocols/service/crypto/protobuf/key_attributes.proto b/protocols/service/crypto/protobuf/key_attributes.proto
index 2415d5c..bdf2a67 100644
--- a/protocols/service/crypto/protobuf/key_attributes.proto
+++ b/protocols/service/crypto/protobuf/key_attributes.proto
@@ -15,7 +15,6 @@
KEY_TYPE_AES = 0x2400;
KEY_TYPE_DES = 0x2301;
KEY_TYPE_CAMELLIA = 0x2403;
- KEY_TYPE_ARC4 = 0x2002;
KEY_TYPE_CHACHA20 = 0x2004;
KEY_TYPE_RSA_PUBLIC_KEY = 0x4001;
KEY_TYPE_RSA_KEY_PAIR = 0x7001;
@@ -43,8 +42,6 @@
/* Crypto algorithms */
enum Alg {
ALG_NONE = 0x00000000;
- ALG_MD2 = 0x02000001;
- ALG_MD4 = 0x02000002;
ALG_MD5 = 0x02000003;
ALG_RIPEMD160 = 0x02000004;
ALG_SHA_1 = 0x02000005;
@@ -106,4 +103,4 @@
uint32 lifetime = 3;
uint32 id = 4;
KeyPolicy policy = 5;
-}
\ No newline at end of file
+}