Skip to content

Commit

Permalink
Merge pull request #7597 from daverodgman/pr4990-2.28
Browse files Browse the repository at this point in the history
Replace references to Mbed Crypto (rebase) - backport 2.28
  • Loading branch information
gilles-peskine-arm authored May 16, 2023
2 parents 9febc98 + 6f665a5 commit 4aff7db
Show file tree
Hide file tree
Showing 13 changed files with 33 additions and 31 deletions.
4 changes: 2 additions & 2 deletions configs/config-symmetric-only.h
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@
#define MBEDTLS_HAVE_TIME
#define MBEDTLS_HAVE_TIME_DATE

/* Mbed Crypto feature support */
/* Mbed TLS feature support */
#define MBEDTLS_CIPHER_MODE_CBC
#define MBEDTLS_CIPHER_MODE_CFB
#define MBEDTLS_CIPHER_MODE_CTR
Expand All @@ -45,7 +45,7 @@
#define MBEDTLS_USE_PSA_CRYPTO
#define MBEDTLS_VERSION_FEATURES

/* Mbed Crypto modules */
/* Mbed TLS modules */
#define MBEDTLS_AES_C
#define MBEDTLS_ARC4_C
#define MBEDTLS_ASN1_PARSE_C
Expand Down
6 changes: 4 additions & 2 deletions docs/architecture/mbed-crypto-storage-specification.md
Original file line number Diff line number Diff line change
@@ -1,7 +1,9 @@
Mbed Crypto storage specification
Mbed TLS storage specification
=================================

This document specifies how Mbed Crypto uses storage.
This document specifies how Mbed TLS uses storage.
Key storage was originally introduced in a product called Mbed Crypto, which was re-distributed via Mbed TLS and has since been merged into Mbed TLS.
This document contains historical information both from before and after this merge.

Mbed Crypto may be upgraded on an existing device with the storage preserved. Therefore:

Expand Down
10 changes: 5 additions & 5 deletions docs/architecture/testing/driver-interface-test-strategy.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# Mbed Crypto driver interface test strategy
# Mbed TLS driver interface test strategy

This document describes the test strategy for the driver interfaces in Mbed Crypto. Mbed Crypto has interfaces for secure element drivers, accelerator drivers and entropy drivers. This document is about testing Mbed Crypto itself; testing drivers is out of scope.
This document describes the test strategy for the driver interfaces in Mbed TLS. Mbed TLS has interfaces for secure element drivers, accelerator drivers and entropy drivers. This document is about testing Mbed TLS itself; testing drivers is out of scope.

The driver interfaces are standardized through PSA Cryptography functional specifications.

Expand All @@ -16,9 +16,9 @@ Drivers exposing this interface need to be registered at compile time by declari

#### Dynamic secure element driver interface

The dynamic secure element driver interface (SE interface for short) is defined by [`psa/crypto_se_driver.h`](../../../include/psa/crypto_se_driver.h). This is an interface between Mbed Crypto and one or more third-party drivers.
The dynamic secure element driver interface (SE interface for short) is defined by [`psa/crypto_se_driver.h`](../../../include/psa/crypto_se_driver.h). This is an interface between Mbed TLS and one or more third-party drivers.

The SE interface consists of one function provided by Mbed Crypto (`psa_register_se_driver`) and many functions that drivers must implement. To make a driver usable by Mbed Crypto, the initialization code must call `psa_register_se_driver` with a structure that describes the driver. The structure mostly contains function pointers, pointing to the driver's methods. All calls to a driver function are triggered by a call to a PSA crypto API function.
The SE interface consists of one function provided by Mbed TLS (`psa_register_se_driver`) and many functions that drivers must implement. To make a driver usable by Mbed TLS, the initialization code must call `psa_register_se_driver` with a structure that describes the driver. The structure mostly contains function pointers, pointing to the driver's methods. All calls to a driver function are triggered by a call to a PSA crypto API function.

### SE driver interface unit tests

Expand Down Expand Up @@ -57,7 +57,7 @@ For each API function that can lead to a driver call (more precisely, for each d

#### SE driver outputs

For each API function that leads to a driver call, call it with parameters that cause a driver to be invoked and check how Mbed Crypto handles the outputs.
For each API function that leads to a driver call, call it with parameters that cause a driver to be invoked and check how Mbed TLS handles the outputs.

* Correct outputs.
* Incorrect outputs such as an invalid output length.
Expand Down
2 changes: 1 addition & 1 deletion docs/architecture/testing/psa-storage-format-testing.md
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ The PSA subsystem provides storage on top of the PSA trusted storage interface.
* [Storage transaction file](#storage-transaction-resumption).
* [Driver state files](#driver-state-files).

For a more detailed description, refer to the [Mbed Crypto storage specification](../mbed-crypto-storage-specification.md).
For a more detailed description, refer to the [Mbed TLS storage specification](../mbed-crypto-storage-specification.md).

In addition, Mbed TLS includes an implementation of the PSA trusted storage interface on top of C stdio. This document addresses the test strategy for [PSA ITS over file](#psa-its-over-file) in a separate section below.

Expand Down
2 changes: 1 addition & 1 deletion include/psa/crypto_compat.h
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
*
* This header declares alternative names for macro and functions.
* New application code should not use these names.
* These names may be removed in a future version of Mbed Crypto.
* These names may be removed in a future version of Mbed TLS.
*
* \note This file may not be included directly. Applications must
* include psa/crypto.h.
Expand Down
6 changes: 3 additions & 3 deletions include/psa/crypto_extra.h
Original file line number Diff line number Diff line change
Expand Up @@ -107,7 +107,7 @@ static inline psa_algorithm_t psa_get_key_enrollment_algorithm(
* indicates the slot number that contains it.
* \retval #PSA_ERROR_NOT_PERMITTED
* The caller is not permitted to query the slot number.
* Mbed Crypto currently does not return this error.
* Mbed TLS currently does not return this error.
* \retval #PSA_ERROR_INVALID_ARGUMENT
* The key is not located in a secure element.
*/
Expand Down Expand Up @@ -219,7 +219,7 @@ void mbedtls_psa_crypto_free(void);
* resource consumption related to the PSA keystore.
*
* \note The content of this structure is not part of the stable API and ABI
* of Mbed Crypto and may change arbitrarily from version to version.
* of Mbed TLS and may change arbitrarily from version to version.
*/
typedef struct mbedtls_psa_stats_s {
/** Number of slots containing key material for a volatile key. */
Expand Down Expand Up @@ -248,7 +248,7 @@ typedef struct mbedtls_psa_stats_s {
/** \brief Get statistics about
* resource consumption related to the PSA keystore.
*
* \note When Mbed Crypto is built as part of a service, with isolation
* \note When Mbed TLS is built as part of a service, with isolation
* between the application and the keystore, the service may or
* may not expose this function.
*/
Expand Down
4 changes: 2 additions & 2 deletions include/psa/crypto_se_driver.h
Original file line number Diff line number Diff line change
Expand Up @@ -137,7 +137,7 @@ typedef psa_status_t (*psa_drv_se_init_t)(psa_drv_se_context_t *drv_context,
psa_key_location_t location);

#if defined(__DOXYGEN_ONLY__) || !defined(MBEDTLS_PSA_CRYPTO_SE_C)
/* Mbed Crypto with secure element support enabled defines this type in
/* Mbed TLS with secure element support enabled defines this type in
* crypto_types.h because it is also visible to applications through an
* implementation-specific extension.
* For the PSA Cryptography specification, this type is only visible
Expand Down Expand Up @@ -836,7 +836,7 @@ typedef enum {
* and #PSA_ERROR_DOES_NOT_EXIST if the driver can determine that there
* is no key with the specified slot number.
*
* This is an Mbed Crypto extension.
* This is an Mbed TLS extension.
*/
PSA_KEY_CREATION_REGISTER,
#endif
Expand Down
4 changes: 2 additions & 2 deletions include/psa/crypto_struct.h
Original file line number Diff line number Diff line change
Expand Up @@ -35,8 +35,8 @@
* GCC and Clang initialize the whole structure to 0 (at the time of writing),
* but MSVC and CompCert don't.
*
* In Mbed Crypto, multipart operation structures live independently from
* the key. This allows Mbed Crypto to free the key objects when destroying
* In Mbed TLS, multipart operation structures live independently from
* the key. This allows Mbed TLS to free the key objects when destroying
* a key slot. If a multipart operation needs to remember the key after
* the setup function returns, the operation structure needs to contain a
* copy of the key.
Expand Down
4 changes: 2 additions & 2 deletions include/psa/crypto_types.h
Original file line number Diff line number Diff line change
Expand Up @@ -295,7 +295,7 @@ typedef uint32_t psa_key_id_t;
typedef psa_key_id_t mbedtls_svc_key_id_t;

#else /* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */
/* Implementation-specific: The Mbed Cryptography library can be built as
/* Implementation-specific: The Mbed TLS library can be built as
* part of a multi-client service that exposes the PSA Cryptography API in each
* client and encodes the client identity in the key identifier argument of
* functions such as psa_open_key().
Expand Down Expand Up @@ -437,7 +437,7 @@ typedef struct psa_key_attributes_s psa_key_attributes_t;

#ifndef __DOXYGEN_ONLY__
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
/* Mbed Crypto defines this type in crypto_types.h because it is also
/* Mbed TLS defines this type in crypto_types.h because it is also
* visible to applications through an implementation-specific extension.
* For the PSA Cryptography specification, this type is only visible
* via crypto_se_driver.h. */
Expand Down
4 changes: 2 additions & 2 deletions scripts/config.py
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

"""Mbed TLS configuration file manipulation library and tool
Basic usage, to read the Mbed TLS or Mbed Crypto configuration:
Basic usage, to read the Mbed TLS configuration:
config = ConfigFile()
if 'MBEDTLS_RSA_C' in config: print('RSA is enabled')
"""
Expand Down Expand Up @@ -468,7 +468,7 @@ def write(self, filename=None):
def main():
"""Command line config.h manipulation tool."""
parser = argparse.ArgumentParser(description="""
Mbed TLS and Mbed Crypto configuration file manipulation tool.
Mbed TLS configuration file manipulation tool.
""")
parser.add_argument('--file', '-f',
help="""File to read (and modify if requested).
Expand Down
8 changes: 4 additions & 4 deletions tests/include/spe/crypto_spe.h
Original file line number Diff line number Diff line change
Expand Up @@ -19,13 +19,13 @@
/**
* \file crypto_spe.h
*
* \brief When Mbed Crypto is built with the MBEDTLS_PSA_CRYPTO_SPM option
* enabled, this header is included by all .c files in Mbed Crypto that
* \brief When Mbed TLS is built with the MBEDTLS_PSA_CRYPTO_SPM option
* enabled, this header is included by all .c files in Mbed TLS that
* use PSA Crypto function names. This avoids duplication of symbols
* between TF-M and Mbed Crypto.
* between TF-M and Mbed TLS.
*
* \note This file should be included before including any PSA Crypto headers
* from Mbed Crypto.
* from Mbed TLS.
*/

#ifndef CRYPTO_SPE_H
Expand Down
8 changes: 4 additions & 4 deletions tests/scripts/psa_collect_statuses.py
Original file line number Diff line number Diff line change
@@ -1,13 +1,13 @@
#!/usr/bin/env python3
"""Describe the test coverage of PSA functions in terms of return statuses.
1. Build Mbed Crypto with -DRECORD_PSA_STATUS_COVERAGE_LOG
1. Build Mbed TLS with -DRECORD_PSA_STATUS_COVERAGE_LOG
2. Run psa_collect_statuses.py
The output is a series of line of the form "psa_foo PSA_ERROR_XXX". Each
function/status combination appears only once.
This script must be run from the top of an Mbed Crypto source tree.
This script must be run from the top of an Mbed TLS source tree.
The build command is "make -DRECORD_PSA_STATUS_COVERAGE_LOG", which is
only supported with make (as opposed to CMake or other build methods).
"""
Expand Down Expand Up @@ -46,7 +46,7 @@ def __init__(self):
def collect_log(self, log_file_name):
"""Read logs from RECORD_PSA_STATUS_COVERAGE_LOG.
Read logs produced by running Mbed Crypto test suites built with
Read logs produced by running Mbed TLS test suites built with
-DRECORD_PSA_STATUS_COVERAGE_LOG.
"""
with open(log_file_name) as log:
Expand Down Expand Up @@ -82,7 +82,7 @@ def report(self):
def collect_status_logs(options):
"""Build and run unit tests and report observed function return statuses.
Build Mbed Crypto with -DRECORD_PSA_STATUS_COVERAGE_LOG, run the
Build Mbed TLS with -DRECORD_PSA_STATUS_COVERAGE_LOG, run the
test suites and display information about observed return statuses.
"""
rebuilt = False
Expand Down
2 changes: 1 addition & 1 deletion tests/src/psa_exercise_key.c
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,7 @@ static int check_key_attributes_sanity(mbedtls_svc_key_id_t key)
psa_key_slot_number_t slot_number = 0xec94d4a5058a1a21;
psa_status_t status = psa_get_key_slot_number(&attributes, &slot_number);
if (lifetime_is_dynamic_secure_element(lifetime)) {
/* Mbed Crypto currently always exposes the slot number to
/* Mbed TLS currently always exposes the slot number to
* applications. This is not mandated by the PSA specification
* and may change in future versions. */
TEST_EQUAL(status, 0);
Expand Down

0 comments on commit 4aff7db

Please sign in to comment.