Merge pull request #116 from ARMmbed/psa-doc-fix_doxygen_for_alpha1
Fix doxygen warnings
diff --git a/.gitignore b/.gitignore
index f40064d..2edbc99 100644
--- a/.gitignore
+++ b/.gitignore
@@ -26,3 +26,16 @@
# CMake generates *.dir/ folders for in-tree builds (used by MSVC projects), ignore all of those:
*.dir/
+
+# Exported Mbed Crypto files
+crypto/LICENSE
+crypto/VERSION.txt
+crypto/include
+crypto/library/*.c
+crypto/library/libmbedcrypto*
+crypto/scripts
+crypto/tests/scripts
+crypto/tests/suites
+crypto/tests/test_suite*
+crypto/programs/psa
+mbedcrypto.tar.gz
diff --git a/crypto/.gitignore b/crypto/.gitignore
new file mode 100644
index 0000000..bf39198
--- /dev/null
+++ b/crypto/.gitignore
@@ -0,0 +1,2 @@
+/docs/*.pdf
+/docs/html
diff --git a/crypto/Makefile b/crypto/Makefile
new file mode 100644
index 0000000..2230ed9
--- /dev/null
+++ b/crypto/Makefile
@@ -0,0 +1,20 @@
+.PHONY: all lib programs tests clean test
+
+all: programs tests
+
+lib:
+ $(MAKE) -C library
+
+programs: lib
+ $(MAKE) -C programs
+
+tests: lib
+ $(MAKE) -C tests
+
+clean:
+ $(MAKE) -C library clean
+ $(MAKE) -C programs clean
+ $(MAKE) -C tests clean
+
+test: lib tests
+ $(MAKE) -C tests test
diff --git a/crypto/README.md b/crypto/README.md
new file mode 100644
index 0000000..b05e046
--- /dev/null
+++ b/crypto/README.md
@@ -0,0 +1,66 @@
+# Mbed Crypto library
+
+The Mbed cryptography library is a reference implementation of the cryptography interface of the Arm Platform Security (PSA) architecture. This is a preview release of Mbed Crypto, provided for evaluation purposes only.
+
+Mbed Crypto is distributed under the Apache License, version 2.0. See the [LICENSE](LICENSE) file for the full text of the license.
+
+## PSA cryptography API
+
+Arm's Platform Security Architecture (PSA) is a holistic set of threat models, security analyses, hardware and firmware architecture specifications, and an open source firmware reference implementation. PSA provides a recipe, based on industry best practice, that allows security to be consistently designed in, at both a hardware and firmware level.
+
+The PSA Cryptography API provides access to a set of cryptographic primitives. It has a dual purpose: it can be used in a PSA-compliant platform to build services such as secure boot, secure storage and secure communication; and it can also be used independently of other PSA components on any platform.
+
+The design goals of the PSA Cryptography API include:
+
+* The API distinguishes caller memory from internal memory, which allows the library to be implemented in an isolated space for additional security. Library calls can be implemented as direct function calls if isolation is not desired, and as remote procedure calls if isolation is desired.
+* The structure of internal data is hidden to the application, which allows substituting alternative implementations at build time or run time, for example in order to take advantage of hardware accelerators.
+* All access to keys is done via handles, which allows support for external cryptoprocessors that is transparent to applications.
+* The interface to algorithms is generic, favoring algorithm agility.
+* The interface is designed to be easy to use, and hard to accidentally misuse.
+
+## Mbed Crypto implementation
+
+Mbed Crypto is a reference implementation of the PSA Cryptography API. It is written in portable C.
+
+## Documentation
+
+The Mbed Crypto library is a reference implementation of the PSA Cryptography API. Therefore, the library's API documentation is the PSA Cryptography API specification. The PSA Cryptography API specification consists of the following documents:
+
+* The [PSA Cryptography API overview](docs/PSA_Crypto_API_Overview.pdf).
+* The [PSA Cryptography API detailed function reference](docs/PSA_Crypto_API_Reference.pdf), which you can also browse in [HTML format](docs/html/modules.html).
+
+## Compiling
+
+You need the following tools to build the library with the provided makefiles:
+
+* GNU Make.
+* A C toolchain (compiler, linker, archiver).
+* Python 2 or Python 3 (either will work) to generate the test code.
+* Perl to run the tests.
+
+If you have a C compiler such as GCC or Clang, just run `make` in the toplevel directory to build the library, a set of unit tests and some sample programs.
+
+To select a different compiler, set the `CC` variable to name or path of the compiler and linker (default: `cc`) and set `AR` to a compatible archiver (default: `ar`). For example:
+```
+make CC=arm-linux-gnueabi-gcc AR=arm-linux-gnueabi-ar
+```
+The provided makefiles pass options to the compiler that assume a GCC-like command line syntax. To use a different compiler, you may need to pass different values for `CFLAGS`, `WARNINGS_CFLAGS` and `LDFLAGS`.
+
+To run the unit tests on the host machine, run `make test` from the toplevel directory. If you are cross-compiling, copy the test executable from the `tests` directory to the target machine.
+
+## Example programs
+
+The `programs/` subdirectory contains some sample programs that use the library. Please note that the goal of these sample programs is to demonstrate specific features of the library and the code may need to be adapted to build a real-world application.
+
+## Upcoming features
+
+Future releases of this library will include:
+
+* A driver programming interface, to use hardware accelerators instead of the default software implementation for chosen algorithms.
+* Support for external keys, stored and manipulated exclusively in a separate cryptoprocessor.
+* A configuration mechanism to compile only the algorithms you need for your application.
+* A wider set of cryptographic algorithms.
+
+## Feedback welcome
+
+Arm welcomes feedback on the design of the API. If you think something could be improved, please open an issue on our Github repository. Alternatively, if you prefer to provide your feedback privately, please email us at [`mbed-crypto@arm.com`](mailto:mbed-crypto@arm.com). All feedback received in email will be treated confidentially.
diff --git a/crypto/library/Makefile b/crypto/library/Makefile
new file mode 100644
index 0000000..9151662
--- /dev/null
+++ b/crypto/library/Makefile
@@ -0,0 +1,76 @@
+CFLAGS ?= -O2 -I../include
+WARNING_CFLAGS ?= \
+ -Werror -Wall -Wextra \
+ -Wno-unused-function \
+ -Wno-overlength-strings \
+ -Wdeclaration-after-statement \
+# Don't delete this line.
+
+OBJS_CRYPTO := \
+ aes.o \
+ aesni.o \
+ arc4.o \
+ asn1parse.o \
+ asn1write.o \
+ base64.o \
+ bignum.o \
+ blowfish.o \
+ camellia.o \
+ ccm.o \
+ cipher.o \
+ cipher_wrap.o \
+ cmac.o \
+ ctr_drbg.o \
+ des.o \
+ ecdsa.o \
+ ecp.o \
+ ecp_curves.o \
+ entropy.o \
+ entropy_poll.o \
+ gcm.o \
+ hmac_drbg.o \
+ md.o \
+ md2.o \
+ md4.o \
+ md5.o \
+ md_wrap.o \
+ oid.o \
+ pem.o \
+ pk.o \
+ pk_wrap.o \
+ pkcs12.o \
+ pkcs5.o \
+ pkparse.o \
+ pkwrite.o \
+ platform.o \
+ platform_util.o \
+ psa_crypto.o \
+ ripemd160.o \
+ rsa_internal.o \
+ rsa.o \
+ sha1.o \
+ sha256.o \
+ sha512.o \
+ xtea.o \
+# Don't delete this line.
+
+.SILENT:
+
+.PHONY: all static clean
+
+all: static
+
+static: libmbedcrypto.a
+
+libmbedcrypto.a: $(OBJS_CRYPTO)
+ echo " AR $@"
+ $(AR) -rc $@ $(OBJS_CRYPTO)
+ echo " RL $@"
+ $(AR) -s $@
+
+.c.o:
+ echo " CC $<"
+ $(CC) $(CFLAGS) $(WARNING_CFLAGS) -c $<
+
+clean:
+ rm -f *.o libmbedcrypto.a
diff --git a/crypto/programs/Makefile b/crypto/programs/Makefile
new file mode 100644
index 0000000..093b43d
--- /dev/null
+++ b/crypto/programs/Makefile
@@ -0,0 +1,51 @@
+CFLAGS ?= -O2 -I../include
+WARNING_CFLAGS ?= \
+ -Werror -Wall -Wextra \
+ -Wno-unused-function \
+ -Wno-overlength-strings \
+ -Wdeclaration-after-statement \
+# Don't delete this line.
+
+LDFLAGS ?= -L../library -lmbedcrypto
+
+DEP := ../library/libmbedcrypto.a
+
+APPS := \
+ psa/crypto_examples \
+ psa/key_ladder_demo \
+ psa/psa_constant_names \
+# Don't delete this line.
+
+EXTRA_GENERATED := \
+ psa/psa_constant_names_generated.c \
+# Don't delete this line.
+
+.SILENT:
+
+.PHONY: all clean list
+
+all: $(APPS)
+
+$(DEP):
+ $(MAKE) -C ../library
+
+psa/crypto_examples: psa/crypto_examples.c $(DEP)
+ echo " CC psa/crypto_examples.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) psa/crypto_examples.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+psa/key_ladder_demo: psa/key_ladder_demo.c $(DEP)
+ echo " CC psa/key_ladder_demo.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) psa/key_ladder_demo.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+psa/psa_constant_names_generated.c: ../scripts/generate_psa_constants.py ../include/psa/crypto.h
+ ../scripts/generate_psa_constants.py
+
+psa/psa_constant_names: psa/psa_constant_names_generated.c psa/psa_constant_names.c $(DEP)
+ echo " CC psa/psa_constant_names.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) psa/psa_constant_names.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+clean:
+ rm -f $(APPS) $(EXTRA_GENERATED)
+
+list:
+ echo $(APPS)
diff --git a/crypto/tests/Makefile b/crypto/tests/Makefile
new file mode 100644
index 0000000..3315a6e
--- /dev/null
+++ b/crypto/tests/Makefile
@@ -0,0 +1,73 @@
+CFLAGS ?= -O2 -I../include
+WARNING_CFLAGS ?= \
+ -Werror -Wall -Wextra \
+ -Wno-unused-function \
+ -Wno-overlength-strings \
+ -Wdeclaration-after-statement \
+# Don't delete this line.
+
+LDFLAGS ?= -L../library -lmbedcrypto
+
+DEP := ../library/libmbedcrypto.a
+
+# Python executable
+PYTHON ?= python
+
+APPS := \
+ test_suite_psa_crypto \
+# Don't delete this line.
+
+# Look up for associated function files
+func.test_suite_psa_crypto := test_suite_psa_crypto
+
+.SILENT:
+
+.PHONY: all test clean
+
+all: $(APPS)
+
+$(DEP):
+ $(MAKE) -C ../library
+
+C_FILES := $(addsuffix .c,$(APPS))
+
+.SECONDEXPANSION:
+$(C_FILES): %.c: suites/$$(func.$$*).function suites/%.data scripts/generate_test_code.py suites/helpers.function suites/main_test.function suites/host_test.function
+ echo " Gen $@"
+ $(PYTHON) scripts/generate_test_code.py -f suites/$(func.$*).function \
+ -d suites/$*.data \
+ -t suites/main_test.function \
+ -p suites/host_test.function \
+ -s suites \
+ --help-file suites/helpers.function \
+ -o .
+
+
+$(APPS): %: %.c $(DEP)
+ echo " CC $<"
+ $(CC) $(CFLAGS) $(WARNING_CFLAGS) $< $(LDFLAGS) -o $@
+
+clean:
+ rm -rf $(APPS) *.c *.data TESTS
+ rm -rf data_files/ctr_drbg_seed data_files/hmac_drbg_seed data_files/mpi_write
+
+test: $(APPS)
+ ./test_suite_psa_crypto
+
+# Create separate targets for generating embedded tests.
+EMBEDDED_TESTS := $(addprefix embedded_,$(APPS))
+
+# Generate test code for target.
+
+.SECONDEXPANSION:
+$(EMBEDDED_TESTS): embedded_%: suites/$$(func.$$*).function suites/%.data scripts/generate_test_code.py suites/helpers.function suites/main_test.function suites/target_test.function
+ echo " Gen ./TESTS/mbedcrypto/$*/$*.c"
+ $(PYTHON) scripts/generate_test_code.py -f suites/$(func.$*).function \
+ -d suites/$*.data \
+ -t suites/main_test.function \
+ -p suites/target_test.function \
+ -s suites \
+ --help-file suites/helpers.function \
+ -o ./TESTS/mbedcrypto/$*
+
+gen-embedded-test: $(EMBEDDED_TESTS)
diff --git a/programs/.gitignore b/programs/.gitignore
index d58253d..453ae0d 100644
--- a/programs/.gitignore
+++ b/programs/.gitignore
@@ -29,6 +29,7 @@
pkey/rsa_sign_pss
pkey/rsa_verify
pkey/rsa_verify_pss
+psa/crypto_examples
psa/psa_constant_names
psa/psa_constant_names_generated.c
psa/key_ladder_demo
diff --git a/programs/CMakeLists.txt b/programs/CMakeLists.txt
index 4cdae78..661b120 100644
--- a/programs/CMakeLists.txt
+++ b/programs/CMakeLists.txt
@@ -1,6 +1,7 @@
add_subdirectory(aes)
add_subdirectory(hash)
add_subdirectory(pkey)
+add_subdirectory(psa)
add_subdirectory(random)
add_subdirectory(ssl)
add_subdirectory(test)
diff --git a/programs/Makefile b/programs/Makefile
index 9e1a527..b153407 100644
--- a/programs/Makefile
+++ b/programs/Makefile
@@ -60,6 +60,7 @@
pkey/rsa_decrypt$(EXEXT) pkey/rsa_encrypt$(EXEXT) \
pkey/rsa_sign$(EXEXT) pkey/rsa_verify$(EXEXT) \
pkey/rsa_sign_pss$(EXEXT) pkey/rsa_verify_pss$(EXEXT) \
+ psa/crypto_examples$(EXEXT) \
psa/key_ladder_demo$(EXEXT) psa/psa_constant_names$(EXEXT) \
ssl/dtls_client$(EXEXT) ssl/dtls_server$(EXEXT) \
ssl/ssl_client1$(EXEXT) ssl/ssl_client2$(EXEXT) \
@@ -308,6 +309,10 @@
echo " CC x509/req_app.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) x509/req_app.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+psa/crypto_examples$(EXEXT): psa/crypto_examples.c $(DEP)
+ echo " CC psa/crypto_examples.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) psa/crypto_examples.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
clean:
ifndef WINDOWS
rm -f $(APPS) $(EXTRA_GENERATED)
diff --git a/programs/psa/CMakeLists.txt b/programs/psa/CMakeLists.txt
new file mode 100644
index 0000000..a0fe803
--- /dev/null
+++ b/programs/psa/CMakeLists.txt
@@ -0,0 +1,7 @@
+add_executable(crypto_examples crypto_examples.c)
+target_link_libraries(crypto_examples mbedtls)
+
+install(TARGETS crypto_examples
+ DESTINATION "bin"
+ PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
+
diff --git a/programs/psa/crypto_examples.c b/programs/psa/crypto_examples.c
new file mode 100644
index 0000000..e8b64f1
--- /dev/null
+++ b/programs/psa/crypto_examples.c
@@ -0,0 +1,331 @@
+#include "psa/crypto.h"
+#include <string.h>
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#define mbedtls_printf printf
+#endif
+
+#define ASSERT( predicate ) \
+ do \
+ { \
+ if( ! ( predicate ) ) \
+ { \
+ mbedtls_printf( "\tassertion failed at %s:%d - '%s'\r\n", \
+ __FILE__, __LINE__, #predicate); \
+ goto exit; \
+ } \
+ } while ( 0 )
+
+#define ASSERT_STATUS( actual, expected ) \
+ do \
+ { \
+ if( ( actual ) != ( expected ) ) \
+ { \
+ mbedtls_printf( "\tassertion failed at %s:%d - " \
+ "actual:%d expected:%d\r\n", __FILE__, __LINE__, \
+ (psa_status_t) actual, (psa_status_t) expected ); \
+ goto exit; \
+ } \
+ } while ( 0 )
+
+#if !defined(MBEDTLS_PSA_CRYPTO_C) || !defined(MBEDTLS_AES_C) || \
+ !defined(MBEDTLS_CIPHER_MODE_CBC) || !defined(MBEDTLS_CIPHER_MODE_CTR) || \
+ !defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
+int main( void )
+{
+ mbedtls_printf( "MBEDTLS_PSA_CRYPTO_C and/or MBEDTLS_AES_C and/or "
+ "MBEDTLS_CIPHER_MODE_CBC and/or MBEDTLS_CIPHER_MODE_CTR "
+ "and/or MBEDTLS_CIPHER_MODE_WITH_PADDING "
+ "not defined.\r\n" );
+ return( 0 );
+}
+#else
+
+/* Use key slot 1 for our cipher key. Key slot 0 is reserved as unused. */
+static const psa_key_slot_t key_slot_cipher = 1;
+
+static psa_status_t set_key_policy( psa_key_slot_t key_slot,
+ psa_key_usage_t key_usage,
+ psa_algorithm_t alg )
+{
+ psa_status_t status;
+ psa_key_policy_t policy;
+
+ psa_key_policy_init( &policy );
+ psa_key_policy_set_usage( &policy, key_usage, alg );
+ status = psa_set_key_policy( key_slot, &policy );
+ ASSERT_STATUS( status, PSA_SUCCESS );
+exit:
+ return( status );
+}
+
+static psa_status_t cipher_operation( psa_cipher_operation_t *operation,
+ const uint8_t * input,
+ size_t input_size,
+ size_t part_size,
+ uint8_t * output,
+ size_t output_size,
+ size_t *output_len )
+{
+ psa_status_t status;
+ size_t bytes_to_write = 0, bytes_written = 0, len = 0;
+
+ *output_len = 0;
+ while( bytes_written != input_size )
+ {
+ bytes_to_write = ( input_size - bytes_written > part_size ?
+ part_size :
+ input_size - bytes_written );
+
+ status = psa_cipher_update( operation, input + bytes_written,
+ bytes_to_write, output + *output_len,
+ output_size - *output_len, &len );
+ ASSERT_STATUS( status, PSA_SUCCESS );
+
+ bytes_written += bytes_to_write;
+ *output_len += len;
+ }
+
+ status = psa_cipher_finish( operation, output + *output_len,
+ output_size - *output_len, &len );
+ ASSERT_STATUS( status, PSA_SUCCESS );
+ *output_len += len;
+
+exit:
+ return( status );
+}
+
+static psa_status_t cipher_encrypt( psa_key_slot_t key_slot,
+ psa_algorithm_t alg,
+ uint8_t * iv,
+ size_t iv_size,
+ const uint8_t * input,
+ size_t input_size,
+ size_t part_size,
+ uint8_t * output,
+ size_t output_size,
+ size_t *output_len )
+{
+ psa_status_t status;
+ psa_cipher_operation_t operation;
+ size_t iv_len = 0;
+
+ memset( &operation, 0, sizeof( operation ) );
+ status = psa_cipher_encrypt_setup( &operation, key_slot, alg );
+ ASSERT_STATUS( status, PSA_SUCCESS );
+
+ status = psa_cipher_generate_iv( &operation, iv, iv_size, &iv_len );
+ ASSERT_STATUS( status, PSA_SUCCESS );
+
+ status = cipher_operation( &operation, input, input_size, part_size,
+ output, output_size, output_len );
+ ASSERT_STATUS( status, PSA_SUCCESS );
+
+exit:
+ psa_cipher_abort( &operation );
+ return( status );
+}
+
+static psa_status_t cipher_decrypt( psa_key_slot_t key_slot,
+ psa_algorithm_t alg,
+ const uint8_t * iv,
+ size_t iv_size,
+ const uint8_t * input,
+ size_t input_size,
+ size_t part_size,
+ uint8_t * output,
+ size_t output_size,
+ size_t *output_len )
+{
+ psa_status_t status;
+ psa_cipher_operation_t operation;
+
+ memset( &operation, 0, sizeof( operation ) );
+ status = psa_cipher_decrypt_setup( &operation, key_slot, alg );
+ ASSERT_STATUS( status, PSA_SUCCESS );
+
+ status = psa_cipher_set_iv( &operation, iv, iv_size );
+ ASSERT_STATUS( status, PSA_SUCCESS );
+
+ status = cipher_operation( &operation, input, input_size, part_size,
+ output, output_size, output_len );
+ ASSERT_STATUS( status, PSA_SUCCESS );
+
+exit:
+ psa_cipher_abort( &operation );
+ return( status );
+}
+
+static psa_status_t
+cipher_example_encrypt_decrypt_aes_cbc_nopad_1_block( void )
+{
+ enum {
+ block_size = PSA_BLOCK_CIPHER_BLOCK_SIZE( PSA_KEY_TYPE_AES ),
+ key_bits = 256,
+ part_size = block_size,
+ };
+ const psa_algorithm_t alg = PSA_ALG_CBC_BASE |
+ PSA_ALG_BLOCK_CIPHER_PAD_NONE;
+
+ psa_status_t status;
+ size_t output_len = 0;
+ uint8_t iv[block_size];
+ uint8_t input[block_size];
+ uint8_t encrypt[block_size];
+ uint8_t decrypt[block_size];
+
+ status = psa_generate_random( input, sizeof( input ) );
+ ASSERT_STATUS( status, PSA_SUCCESS );
+
+ status = set_key_policy( key_slot_cipher,
+ PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT,
+ alg );
+ ASSERT_STATUS( status, PSA_SUCCESS );
+
+ status = psa_generate_key( key_slot_cipher, PSA_KEY_TYPE_AES, key_bits,
+ NULL, 0 );
+ ASSERT_STATUS( status, PSA_SUCCESS );
+
+ status = cipher_encrypt( key_slot_cipher, alg, iv, sizeof( iv ),
+ input, sizeof( input ), part_size,
+ encrypt, sizeof( encrypt ), &output_len );
+ ASSERT_STATUS( status, PSA_SUCCESS );
+
+ status = cipher_decrypt( key_slot_cipher, alg, iv, sizeof( iv ),
+ encrypt, output_len, part_size,
+ decrypt, sizeof( decrypt ), &output_len );
+ ASSERT_STATUS( status, PSA_SUCCESS );
+
+ status = memcmp( input, decrypt, sizeof( input ) );
+ ASSERT_STATUS( status, PSA_SUCCESS );
+
+exit:
+ psa_destroy_key( key_slot_cipher );
+ return( status );
+}
+
+static psa_status_t cipher_example_encrypt_decrypt_aes_cbc_pkcs7_multi( void )
+{
+ enum {
+ block_size = PSA_BLOCK_CIPHER_BLOCK_SIZE( PSA_KEY_TYPE_AES ),
+ key_bits = 256,
+ input_size = 100,
+ part_size = 10,
+ };
+
+ const psa_algorithm_t alg = PSA_ALG_CBC_BASE |
+ PSA_ALG_BLOCK_CIPHER_PAD_PKCS7;
+
+ psa_status_t status;
+ size_t output_len = 0;
+ uint8_t iv[block_size], input[input_size],
+ encrypt[input_size + block_size], decrypt[input_size + block_size];
+
+ status = psa_generate_random( input, sizeof( input ) );
+ ASSERT_STATUS( status, PSA_SUCCESS );
+
+ status = set_key_policy( key_slot_cipher,
+ PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT,
+ alg );
+ ASSERT_STATUS( status, PSA_SUCCESS );
+
+ status = psa_generate_key( key_slot_cipher, PSA_KEY_TYPE_AES, key_bits,
+ NULL, 0 );
+ ASSERT_STATUS( status, PSA_SUCCESS );
+
+ status = cipher_encrypt( key_slot_cipher, alg, iv, sizeof( iv ),
+ input, sizeof( input ), part_size,
+ encrypt, sizeof( encrypt ), &output_len );
+ ASSERT_STATUS( status, PSA_SUCCESS );
+
+ status = cipher_decrypt( key_slot_cipher, alg, iv, sizeof( iv ),
+ encrypt, output_len, part_size,
+ decrypt, sizeof( decrypt ), &output_len );
+ ASSERT_STATUS( status, PSA_SUCCESS );
+
+ status = memcmp( input, decrypt, sizeof( input ) );
+ ASSERT_STATUS( status, PSA_SUCCESS );
+
+exit:
+ psa_destroy_key( key_slot_cipher );
+ return( status );
+}
+
+static psa_status_t cipher_example_encrypt_decrypt_aes_ctr_multi( void )
+{
+ enum {
+ block_size = PSA_BLOCK_CIPHER_BLOCK_SIZE( PSA_KEY_TYPE_AES ),
+ key_bits = 256,
+ input_size = 100,
+ part_size = 10,
+ };
+ const psa_algorithm_t alg = PSA_ALG_CTR;
+
+ psa_status_t status;
+ size_t output_len = 0;
+ uint8_t iv[block_size], input[input_size], encrypt[input_size],
+ decrypt[input_size];
+
+ status = psa_generate_random( input, sizeof( input ) );
+ ASSERT_STATUS( status, PSA_SUCCESS );
+
+ status = set_key_policy( key_slot_cipher,
+ PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT,
+ alg );
+ ASSERT_STATUS( status, PSA_SUCCESS );
+
+ status = psa_generate_key( key_slot_cipher, PSA_KEY_TYPE_AES, key_bits,
+ NULL, 0 );
+ ASSERT_STATUS( status, PSA_SUCCESS );
+
+ status = cipher_encrypt( key_slot_cipher, alg, iv, sizeof( iv ),
+ input, sizeof( input ), part_size,
+ encrypt, sizeof( encrypt ), &output_len );
+ ASSERT_STATUS( status, PSA_SUCCESS );
+
+ status = cipher_decrypt( key_slot_cipher, alg, iv, sizeof( iv ),
+ encrypt, output_len, part_size,
+ decrypt, sizeof( decrypt ), &output_len );
+ ASSERT_STATUS( status, PSA_SUCCESS );
+
+ status = memcmp( input, decrypt, sizeof( input ) );
+ ASSERT_STATUS( status, PSA_SUCCESS );
+
+exit:
+ psa_destroy_key( key_slot_cipher );
+ return( status );
+}
+
+static void cipher_examples( void )
+{
+ psa_status_t status;
+
+ mbedtls_printf( "cipher encrypt/decrypt AES CBC no padding:\r\n" );
+ status = cipher_example_encrypt_decrypt_aes_cbc_nopad_1_block( );
+ if( status == PSA_SUCCESS )
+ mbedtls_printf( "\tsuccess!\r\n" );
+
+ mbedtls_printf( "cipher encrypt/decrypt AES CBC PKCS7 multipart:\r\n" );
+ status = cipher_example_encrypt_decrypt_aes_cbc_pkcs7_multi( );
+ if( status == PSA_SUCCESS )
+ mbedtls_printf( "\tsuccess!\r\n" );
+
+ mbedtls_printf( "cipher encrypt/decrypt AES CTR multipart:\r\n" );
+ status = cipher_example_encrypt_decrypt_aes_ctr_multi( );
+ if( status == PSA_SUCCESS )
+ mbedtls_printf( "\tsuccess!\r\n" );
+}
+
+int main( void )
+{
+ ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
+ cipher_examples( );
+exit:
+ mbedtls_psa_crypto_free( );
+ return( 0 );
+}
+#endif /* MBEDTLS_PSA_CRYPTO_C && MBEDTLS_AES_C && MBEDTLS_CIPHER_MODE_CBC &&
+ MBEDTLS_CIPHER_MODE_CTR && MBEDTLS_CIPHER_MODE_WITH_PADDING */
diff --git a/scripts/mbed_crypto.make b/scripts/mbed_crypto.make
new file mode 100644
index 0000000..f06bdfb
--- /dev/null
+++ b/scripts/mbed_crypto.make
@@ -0,0 +1,227 @@
+###########################################################################
+#
+# Copyright (c) 2018, ARM Limited, All Rights Reserved
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+###########################################################################
+
+#
+# Use this file to export an Mbed Crypto release tarball as follows, from the
+# top level of the mbedtls repo:
+#
+# 1) make -f scripts/mbed_crypto.make
+#
+
+.PHONY: all clean FORCE
+
+all: mbedcrypto.tar.gz
+
+#
+# Crypto-necessary library files
+#
+LIB_FILES := \
+ aes.c \
+ aesni.c \
+ arc4.c \
+ asn1parse.c \
+ asn1write.c \
+ base64.c \
+ bignum.c \
+ blowfish.c \
+ camellia.c \
+ ccm.c \
+ cipher.c \
+ cipher_wrap.c \
+ cmac.c \
+ ctr_drbg.c \
+ des.c \
+ ecdsa.c \
+ ecp.c \
+ ecp_curves.c \
+ entropy.c \
+ entropy_poll.c \
+ gcm.c \
+ hmac_drbg.c \
+ md.c \
+ md2.c \
+ md4.c \
+ md5.c \
+ md_wrap.c \
+ oid.c \
+ pem.c \
+ pk.c \
+ pk_wrap.c \
+ pkcs12.c \
+ pkcs5.c \
+ pkparse.c \
+ pkwrite.c \
+ platform.c \
+ platform_util.c \
+ psa_crypto.c \
+ ripemd160.c \
+ rsa_internal.c \
+ rsa.c \
+ sha1.c \
+ sha256.c \
+ sha512.c \
+ xtea.c \
+# Don't delete this line.
+
+#
+# Crypto-necessary include files
+#
+INC_FILES := \
+ mbedcrypto/aes.h \
+ mbedcrypto/aesni.h \
+ mbedcrypto/arc4.h \
+ mbedcrypto/asn1.h \
+ mbedcrypto/asn1write.h \
+ mbedcrypto/base64.h \
+ mbedcrypto/bignum.h \
+ mbedcrypto/blowfish.h \
+ mbedcrypto/bn_mul.h \
+ mbedcrypto/camellia.h \
+ mbedcrypto/ccm.h \
+ mbedcrypto/certs.h \
+ mbedcrypto/check_config.h \
+ mbedcrypto/cipher.h \
+ mbedcrypto/cipher_internal.h \
+ mbedcrypto/cmac.h \
+ mbedcrypto/config.h \
+ mbedcrypto/ctr_drbg.h \
+ mbedcrypto/des.h \
+ mbedcrypto/ecdsa.h \
+ mbedcrypto/ecp.h \
+ mbedcrypto/ecp_internal.h \
+ mbedcrypto/entropy.h \
+ mbedcrypto/entropy_poll.h \
+ mbedcrypto/error.h \
+ mbedcrypto/gcm.h \
+ mbedcrypto/hmac_drbg.h \
+ mbedcrypto/md.h \
+ mbedcrypto/md2.h \
+ mbedcrypto/md4.h \
+ mbedcrypto/md5.h \
+ mbedcrypto/md_internal.h \
+ mbedcrypto/oid.h \
+ mbedcrypto/pem.h \
+ mbedcrypto/pk.h \
+ mbedcrypto/pk_internal.h \
+ mbedcrypto/pkcs11.h \
+ mbedcrypto/pkcs12.h \
+ mbedcrypto/pkcs5.h \
+ mbedcrypto/platform.h \
+ mbedcrypto/platform_util.h \
+ mbedcrypto/ripemd160.h \
+ mbedcrypto/rsa.h \
+ mbedcrypto/rsa_internal.h \
+ mbedcrypto/sha1.h \
+ mbedcrypto/sha256.h \
+ mbedcrypto/sha512.h \
+ mbedcrypto/threading.h \
+ mbedcrypto/xtea.h \
+ psa/crypto.h \
+ psa/crypto_extra.h \
+ psa/crypto_platform.h \
+ psa/crypto_sizes.h \
+ psa/crypto_struct.h \
+# Don't delete this line.
+
+TEST_FILES := \
+ tests/scripts/generate_test_code.py \
+ tests/scripts/mbedtls_test.py \
+ tests/scripts/test_generate_test_code.py \
+ tests/scripts/run-test-suites.pl \
+ tests/suites/helpers.function \
+ tests/suites/host_test.function \
+ tests/suites/main_test.function \
+ tests/suites/target_test.function \
+ tests/suites/test_suite_psa_crypto.data \
+ tests/suites/test_suite_psa_crypto.function \
+# Don't delete this line.
+
+OTHER_FILES := \
+ LICENSE \
+ VERSION.txt \
+ programs/psa/crypto_examples.c \
+ programs/psa/key_ladder_demo.c \
+ programs/psa/key_ladder_demo.sh \
+ programs/psa/psa_constant_names.c \
+ scripts/config.pl \
+ scripts/generate_psa_constants.py \
+# Don't delete this line.
+
+# Prepend destination directory
+LIB_FILES := $(addprefix crypto/library/,$(LIB_FILES))
+INC_FILES := $(addprefix crypto/include/,$(INC_FILES))
+TEST_FILES := $(addprefix crypto/,$(TEST_FILES))
+OTHER_FILES := $(addprefix crypto/,$(OTHER_FILES))
+
+define rename_mbedcrypto
+ @sed -i -e 's/Mbed TLS/Mbed Crypto/g' $(1)
+ @sed -i -e 's/mbed TLS/Mbed Crypto/g' $(1)
+ @sed -i -e 's/MBEDTLS_/MBEDCRYPTO_/g' $(1)
+ @sed -i -e 's/mbedtls/mbedcrypto/g' $(1)
+ @sed -i -e 's/MbedTls/MbedCrypto/g' $(1)
+ @sed -i -e 's/include\/mbedtls/include\/mbedcrypto/g' $(1)
+endef
+
+crypto/include/mbedcrypto/config.h: configs/config-psa-crypto.h
+ @echo $@
+ @mkdir -p $(dir $@)
+ @cp $< $@
+ @#Rename the file in the comments
+ @sed -i -e 's/config-psa-crypto.h/config.h/g' $@
+ $(call rename_mbedcrypto,$@)
+
+crypto/tests/data_files/%: tests/data_files/%
+ @echo $@
+ @mkdir -p $(dir $@)
+ @cp $< $@
+ @#Don't rename things inside data files
+
+crypto/include/mbedcrypto/%.h: include/mbedtls/%.h
+ @echo $@
+ @mkdir -p $(dir $@)
+ @cp $< $@
+ $(call rename_mbedcrypto,$@)
+
+crypto/LICENSE: apache-2.0.txt
+ @echo $@
+ @mkdir -p $(dir $@)
+ @cp $< $@
+ @#Don't rename anything in the license
+
+crypto/%: %
+ @echo $@
+ @mkdir -p $(dir $@)
+ @cp $< $@
+ $(call rename_mbedcrypto,$@)
+
+crypto/VERSION.txt: FORCE
+ @git describe --tags --abbrev=12 --dirty > $@
+
+mbedcrypto.tar.gz: $(LIB_FILES) $(INC_FILES) $(TEST_FILES) $(OTHER_FILES)
+ @echo $@
+ @tar czf mbedcrypto.tar.gz crypto
+
+clean:
+ @echo clean
+ @rm -rf mbedcrypto.tar.gz \
+ $(LIB_FILES) $(INC_FILES) $(TEST_FILES) $(OTHER_FILES)
+
+FORCE:
+
+# vi: ft=make
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 1faa5d5..9962046 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -456,6 +456,14 @@
cleanup
tests/scripts/doxygen.sh
+msg "test: Mbed Crypto exporter " # ~ 30s
+cleanup
+make -f scripts/mbed_crypto.make
+cd crypto
+make test
+make clean
+cd ..
+make -f scripts/mbed_crypto.make clean
################################################################
diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index cdce15d..894317e 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -302,7 +302,7 @@
PSA hash setup: bad (unknown hash algorithm)
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
-hash_setup:0x80000000 | PSA_ALG_SHA_256:PSA_ERROR_NOT_SUPPORTED
+hash_setup:PSA_ALG_CATEGORY_HASH:PSA_ERROR_NOT_SUPPORTED
PSA hash setup: bad (not a hash algorithm)
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
@@ -1099,8 +1099,8 @@
PSA generate random: 260 bytes
generate_random:260
-PSA generate key: bad type (0xffffffff)
-generate_key:0xffffffff:128:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_NOT_SUPPORTED
+PSA generate key: bad type (PSA_KEY_TYPE_CATEGORY_MASK)
+generate_key:PSA_KEY_TYPE_CATEGORY_MASK:128:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_NOT_SUPPORTED
PSA generate key: bad type (RSA public key)
generate_key:PSA_KEY_TYPE_RSA_PUBLIC_KEY:512:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_NOT_SUPPORTED
@@ -1115,7 +1115,7 @@
generate_key:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS
PSA generate key: AES, 128 bits, CTR
-depends_on:MBEDTLS_AES_C
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
generate_key:PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:PSA_SUCCESS
PSA generate key: AES, 128 bits, GCM
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 51144f9..2e0804b 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -57,7 +57,7 @@
return( MBEDTLS_ERR_ASN1_INVALID_DATA );
if( bits <= 8 && x >= 1 << ( bits - 1 ) )
return( MBEDTLS_ERR_ASN1_INVALID_DATA );
- if( *p < start || *p - start < (ssize_t) len )
+ if( *p < start || *p - start < (ptrdiff_t) len )
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
*p -= len;
( *p )[len-1] = x;
@@ -530,7 +530,7 @@
TEST_ASSERT( data != NULL );
TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( data->len ) );
- export_size = (ssize_t) data->len + export_size_delta;
+ export_size = (ptrdiff_t) data->len + export_size_delta;
exported = mbedtls_calloc( 1, export_size );
TEST_ASSERT( exported != NULL );
if( ! canonical_input )
@@ -631,7 +631,7 @@
TEST_ASSERT( data != NULL );
TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( data->len ) );
- export_size = (ssize_t) data->len;
+ export_size = (ptrdiff_t) data->len;
exported = mbedtls_calloc( 1, export_size );
TEST_ASSERT( exported != NULL );