Add PSA crypto module
New module psa_crypto.c (MBEDTLS_PSA_CRYPTO_C):
Platform Security Architecture compatibility layer on top of
libmedcrypto.
Implement psa_crypto_init function which sets up a RNG.
Add a mbedtls_psa_crypto_free function which deinitializes the
library.
Define a first batch of error codes.
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index 9e6bb8a..41c3f24 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -486,6 +486,12 @@
#error "MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO and MBEDTLS_PLATFORM_STD_NV_SEED_WRITE cannot be defined simultaneously"
#endif
+#if defined(MBEDTLS_PSA_CRYPTO_C) && \
+ !( defined(MBEDTLS_CTR_DRBG_C) && \
+ defined(MBEDTLS_ENTROPY_C) )
+#error "MBEDTLS_PSA_CRYPTO_C defined, but not all prerequisites"
+#endif
+
#if defined(MBEDTLS_RSA_C) && ( !defined(MBEDTLS_BIGNUM_C) || \
!defined(MBEDTLS_OID_C) )
#error "MBEDTLS_RSA_C defined, but not all prerequisites"
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 052aed0..dc112a9 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -2013,7 +2013,7 @@
* Requires: MBEDTLS_AES_C or MBEDTLS_DES_C
*
*/
-//#define MBEDTLS_CMAC_C
+#define MBEDTLS_CMAC_C
/**
* \def MBEDTLS_CTR_DRBG_C
@@ -2556,6 +2556,18 @@
#define MBEDTLS_POLY1305_C
/**
+* \def MBEDTLS_PSA_CRYPTO_C
+ *
+ * Enable the Platform Security Architecture cryptography API.
+ *
+ * Module: library/psa_crypto.c
+ *
+ * Requires: MBEDTLS_CTR_DRBG_C, MBEDTLS_ENTROPY_C
+ *
+ */
+#define MBEDTLS_PSA_CRYPTO_C
+
+/**
* \def MBEDTLS_RIPEMD160_C
*
* Enable the RIPEMD-160 hash algorithm.
diff --git a/include/psa/crypto.h b/include/psa/crypto.h
new file mode 100644
index 0000000..fc299af
--- /dev/null
+++ b/include/psa/crypto.h
@@ -0,0 +1,90 @@
+/**
+ * \file psa/crypto.h
+ * \brief Platform Security Architecture cryptography module
+ */
+
+#ifndef PSA_CRYPTO_H
+#define PSA_CRYPTO_H
+
+#include "crypto_platform.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/** \defgroup basic Basic definitions
+ * @{
+ */
+
+/**
+ * \brief Function return status.
+ *
+ * Zero indicates success, anything else indicates an error.
+ */
+typedef enum {
+ /** The action was completed successfully. */
+ PSA_SUCCESS = 0,
+ /** The requested operation or a parameter is not supported
+ by this implementation. */
+ PSA_ERROR_NOT_SUPPORTED,
+ /** The requested action is denied by a policy. */
+ PSA_ERROR_NOT_PERMITTED,
+ /** An output buffer is too small. */
+ PSA_ERROR_BUFFER_TOO_SMALL,
+ /** A slot is occupied, but must be empty to carry out the
+ requested action. */
+ PSA_ERROR_OCCUPIED_SLOT,
+ /** A slot is empty, but must be occupied to carry out the
+ requested action. */
+ PSA_ERROR_EMPTY_SLOT,
+ /** The requested action cannot be performed in the current state. */
+ PSA_ERROR_BAD_STATE,
+ /** The parameters passed to the function are invalid. */
+ PSA_ERROR_INVALID_ARGUMENT,
+ /** There is not enough runtime memory. */
+ PSA_ERROR_INSUFFICIENT_MEMORY,
+ /** There is not enough persistent storage. */
+ PSA_ERROR_INSUFFICIENT_STORAGE,
+ /** There was a communication failure inside the implementation. */
+ PSA_ERROR_COMMUNICATION_FAILURE,
+ /** A hardware failure was detected. */
+ PSA_ERROR_HARDWARE_FAILURE,
+ /** A tampering attempt was detected. */
+ PSA_ERROR_TAMPERING_DETECTED,
+ /** There is not enough entropy to generate random data needed
+ for the requested action. */
+ PSA_ERROR_INSUFFICIENT_ENTROPY,
+ /** The signature or MAC is incorrect. */
+ PSA_ERROR_INVALID_SIGNATURE,
+ /** An error occurred that does not correspond to any defined
+ failure cause. */
+ PSA_ERROR_UNKNOWN_ERROR,
+} psa_status_t;
+
+/**
+ * \brief Library initialization.
+ *
+ * Applications must call this function before calling any other
+ * function in this module.
+ *
+ * Applications may call this function more than once. Once a call
+ * succeeds, subsequent calls are guaranteed to succeed.
+ *
+ * \return * \c PSA_SUCCESS: success.
+ * * \c PSA_ERROR_INSUFFICIENT_MEMORY
+ * * \c PSA_ERROR_COMMUNICATION_FAILURE
+ * * \c PSA_ERROR_HARDWARE_FAILURE
+ * * \c PSA_ERROR_TAMPERING_DETECTED
+ * * \c PSA_ERROR_INSUFFICIENT_ENTROPY
+ */
+psa_status_t psa_crypto_init(void);
+
+/**@}*/
+
+#ifdef __cplusplus
+}
+#endif
+
+#include "crypto_extra.h"
+
+#endif /* PSA_CRYPTO_H */
diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h
new file mode 100644
index 0000000..b9e12bb
--- /dev/null
+++ b/include/psa/crypto_extra.h
@@ -0,0 +1,46 @@
+/**
+ * \file psa/crypto_extra.h
+ *
+ * \brief PSA cryptography module: Mbed TLS vendor extensions
+ */
+/*
+ * Copyright (C) 2018, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#ifndef PSA_CRYPTO_EXTRA_H
+#define PSA_CRYPTO_EXTRA_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * \brief Library deinitialization.
+ *
+ * This function clears all data associated with the PSA layer,
+ * including the whole key store.
+ *
+ * This is an Mbed TLS extension.
+ */
+void mbedtls_psa_crypto_free( void );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* PSA_CRYPTO_EXTRA_H */
diff --git a/include/psa/crypto_platform.h b/include/psa/crypto_platform.h
new file mode 100644
index 0000000..eafc0b3
--- /dev/null
+++ b/include/psa/crypto_platform.h
@@ -0,0 +1,39 @@
+/**
+ * \file psa/crypto_platform.h
+ *
+ * \brief PSA cryptography module: Mbed TLS platfom definitions
+ */
+/*
+ * Copyright (C) 2018, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#ifndef PSA_CRYPTO_PLATFORM_H
+#define PSA_CRYPTO_PLATFORM_H
+
+/* Include the Mbed TLS configuration file, the way Mbed TLS does it
+ * in each of its header files. */
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "../mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+/* PSA requires several types which C99 provides in stdint.h. */
+#include <stdint.h>
+
+#endif /* PSA_CRYPTO_PLATFORM_H */