From 5b673a828dc968dd8b348419486821538b0afd15 Mon Sep 17 00:00:00 2001 From: Fredrik Hesse Date: Tue, 28 Sep 2021 21:06:08 +0200 Subject: [PATCH 1/3] Replace references to Mbed Crypto with Mbed TLS through-out documentation and comments. Signed-off-by: Fredrik Hesse --- configs/config-symmetric-only.h | 4 ++-- docs/architecture/mbed-crypto-storage-specification.md | 6 +++--- .../testing/driver-interface-test-strategy.md | 10 +++++----- .../architecture/testing/psa-storage-format-testing.md | 2 +- include/psa/crypto_compat.h | 2 +- include/psa/crypto_extra.h | 6 +++--- include/psa/crypto_se_driver.h | 4 ++-- include/psa/crypto_struct.h | 4 ++-- include/psa/crypto_types.h | 4 ++-- scripts/config.py | 4 ++-- tests/include/spe/crypto_spe.h | 8 ++++---- tests/scripts/psa_collect_statuses.py | 8 ++++---- tests/src/psa_exercise_key.c | 2 +- 13 files changed, 32 insertions(+), 32 deletions(-) diff --git a/configs/config-symmetric-only.h b/configs/config-symmetric-only.h index f05a0d7cb844..3498738a6f81 100644 --- a/configs/config-symmetric-only.h +++ b/configs/config-symmetric-only.h @@ -28,7 +28,7 @@ #define MBEDTLS_HAVE_TIME #define MBEDTLS_HAVE_TIME_DATE -/* Mbed Crypto feature support */ +/* Mbed TLS feature support */ #define MBEDTLS_CIPHER_MODE_CBC #define MBEDTLS_CIPHER_MODE_CFB #define MBEDTLS_CIPHER_MODE_CTR @@ -45,7 +45,7 @@ #define MBEDTLS_USE_PSA_CRYPTO #define MBEDTLS_VERSION_FEATURES -/* Mbed Crypto modules */ +/* Mbed TLS modules */ #define MBEDTLS_AES_C #define MBEDTLS_ARC4_C #define MBEDTLS_ASN1_PARSE_C diff --git a/docs/architecture/mbed-crypto-storage-specification.md b/docs/architecture/mbed-crypto-storage-specification.md index d630e8e68230..4116de01925a 100644 --- a/docs/architecture/mbed-crypto-storage-specification.md +++ b/docs/architecture/mbed-crypto-storage-specification.md @@ -1,9 +1,9 @@ -Mbed Crypto storage specification +Mbed TLS storage specification ================================= -This document specifies how Mbed Crypto uses storage. +This document specifies how Mbed TLS uses storage. -Mbed Crypto may be upgraded on an existing device with the storage preserved. Therefore: +Mbed TLS may be upgraded on an existing device with the storage preserved. Therefore: 1. Any change may break existing installations and may require an upgrade path. 1. This document retains historical information about all past released versions. Do not remove information from this document unless it has always been incorrect or it is about a version that you are sure was never released. diff --git a/docs/architecture/testing/driver-interface-test-strategy.md b/docs/architecture/testing/driver-interface-test-strategy.md index a726c43eb3a0..380fd39c43cf 100644 --- a/docs/architecture/testing/driver-interface-test-strategy.md +++ b/docs/architecture/testing/driver-interface-test-strategy.md @@ -1,6 +1,6 @@ -# Mbed Crypto driver interface test strategy +# Mbed TLS driver interface test strategy -This document describes the test strategy for the driver interfaces in Mbed Crypto. Mbed Crypto has interfaces for secure element drivers, accelerator drivers and entropy drivers. This document is about testing Mbed Crypto itself; testing drivers is out of scope. +This document describes the test strategy for the driver interfaces in Mbed TLS. Mbed TLS has interfaces for secure element drivers, accelerator drivers and entropy drivers. This document is about testing Mbed TLS itself; testing drivers is out of scope. The driver interfaces are standardized through PSA Cryptography functional specifications. @@ -16,9 +16,9 @@ Drivers exposing this interface need to be registered at compile time by declari #### Dynamic secure element driver interface -The dynamic secure element driver interface (SE interface for short) is defined by [`psa/crypto_se_driver.h`](../../../include/psa/crypto_se_driver.h). This is an interface between Mbed Crypto and one or more third-party drivers. +The dynamic secure element driver interface (SE interface for short) is defined by [`psa/crypto_se_driver.h`](../../../include/psa/crypto_se_driver.h). This is an interface between Mbed TLS and one or more third-party drivers. -The SE interface consists of one function provided by Mbed Crypto (`psa_register_se_driver`) and many functions that drivers must implement. To make a driver usable by Mbed Crypto, the initialization code must call `psa_register_se_driver` with a structure that describes the driver. The structure mostly contains function pointers, pointing to the driver's methods. All calls to a driver function are triggered by a call to a PSA crypto API function. +The SE interface consists of one function provided by Mbed TLS (`psa_register_se_driver`) and many functions that drivers must implement. To make a driver usable by Mbed TLS, the initialization code must call `psa_register_se_driver` with a structure that describes the driver. The structure mostly contains function pointers, pointing to the driver's methods. All calls to a driver function are triggered by a call to a PSA crypto API function. ### SE driver interface unit tests @@ -57,7 +57,7 @@ For each API function that can lead to a driver call (more precisely, for each d #### SE driver outputs -For each API function that leads to a driver call, call it with parameters that cause a driver to be invoked and check how Mbed Crypto handles the outputs. +For each API function that leads to a driver call, call it with parameters that cause a driver to be invoked and check how Mbed TLS handles the outputs. * Correct outputs. * Incorrect outputs such as an invalid output length. diff --git a/docs/architecture/testing/psa-storage-format-testing.md b/docs/architecture/testing/psa-storage-format-testing.md index 5514dfabef1b..a5c1fd137d3b 100644 --- a/docs/architecture/testing/psa-storage-format-testing.md +++ b/docs/architecture/testing/psa-storage-format-testing.md @@ -47,7 +47,7 @@ The PSA subsystem provides storage on top of the PSA trusted storage interface. * [Storage transaction file](#storage-transaction-resumption). * [Driver state files](#driver-state-files). -For a more detailed description, refer to the [Mbed Crypto storage specification](../mbed-crypto-storage-specification.md). +For a more detailed description, refer to the [Mbed TLS storage specification](../mbed-crypto-storage-specification.md). In addition, Mbed TLS includes an implementation of the PSA trusted storage interface on top of C stdio. This document addresses the test strategy for [PSA ITS over file](#psa-its-over-file) in a separate section below. diff --git a/include/psa/crypto_compat.h b/include/psa/crypto_compat.h index 5cb225bd59b5..24239f5bbf55 100644 --- a/include/psa/crypto_compat.h +++ b/include/psa/crypto_compat.h @@ -5,7 +5,7 @@ * * This header declares alternative names for macro and functions. * New application code should not use these names. - * These names may be removed in a future version of Mbed Crypto. + * These names may be removed in a future version of Mbed TLS. * * \note This file may not be included directly. Applications must * include psa/crypto.h. diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index fa3e383f059f..92f0b6887b4d 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -107,7 +107,7 @@ static inline psa_algorithm_t psa_get_key_enrollment_algorithm( * indicates the slot number that contains it. * \retval #PSA_ERROR_NOT_PERMITTED * The caller is not permitted to query the slot number. - * Mbed Crypto currently does not return this error. + * Mbed TLS currently does not return this error. * \retval #PSA_ERROR_INVALID_ARGUMENT * The key is not located in a secure element. */ @@ -219,7 +219,7 @@ void mbedtls_psa_crypto_free(void); * resource consumption related to the PSA keystore. * * \note The content of this structure is not part of the stable API and ABI - * of Mbed Crypto and may change arbitrarily from version to version. + * of Mbed TLS and may change arbitrarily from version to version. */ typedef struct mbedtls_psa_stats_s { /** Number of slots containing key material for a volatile key. */ @@ -248,7 +248,7 @@ typedef struct mbedtls_psa_stats_s { /** \brief Get statistics about * resource consumption related to the PSA keystore. * - * \note When Mbed Crypto is built as part of a service, with isolation + * \note When Mbed TLS is built as part of a service, with isolation * between the application and the keystore, the service may or * may not expose this function. */ diff --git a/include/psa/crypto_se_driver.h b/include/psa/crypto_se_driver.h index e2acb714ed37..a7c42dc7adf2 100644 --- a/include/psa/crypto_se_driver.h +++ b/include/psa/crypto_se_driver.h @@ -137,7 +137,7 @@ typedef psa_status_t (*psa_drv_se_init_t)(psa_drv_se_context_t *drv_context, psa_key_location_t location); #if defined(__DOXYGEN_ONLY__) || !defined(MBEDTLS_PSA_CRYPTO_SE_C) -/* Mbed Crypto with secure element support enabled defines this type in +/* Mbed TLS with secure element support enabled defines this type in * crypto_types.h because it is also visible to applications through an * implementation-specific extension. * For the PSA Cryptography specification, this type is only visible @@ -836,7 +836,7 @@ typedef enum { * and #PSA_ERROR_DOES_NOT_EXIST if the driver can determine that there * is no key with the specified slot number. * - * This is an Mbed Crypto extension. + * This is an Mbed TLS extension. */ PSA_KEY_CREATION_REGISTER, #endif diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index 743c6adeec84..18cbcf464479 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -35,8 +35,8 @@ * GCC and Clang initialize the whole structure to 0 (at the time of writing), * but MSVC and CompCert don't. * - * In Mbed Crypto, multipart operation structures live independently from - * the key. This allows Mbed Crypto to free the key objects when destroying + * In Mbed TLS, multipart operation structures live independently from + * the key. This allows Mbed TLS to free the key objects when destroying * a key slot. If a multipart operation needs to remember the key after * the setup function returns, the operation structure needs to contain a * copy of the key. diff --git a/include/psa/crypto_types.h b/include/psa/crypto_types.h index 54662a54ac7c..d47d3ebf00c7 100644 --- a/include/psa/crypto_types.h +++ b/include/psa/crypto_types.h @@ -295,7 +295,7 @@ typedef uint32_t psa_key_id_t; typedef psa_key_id_t mbedtls_svc_key_id_t; #else /* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */ -/* Implementation-specific: The Mbed Cryptography library can be built as +/* Implementation-specific: The Mbed TLS library can be built as * part of a multi-client service that exposes the PSA Cryptography API in each * client and encodes the client identity in the key identifier argument of * functions such as psa_open_key(). @@ -437,7 +437,7 @@ typedef struct psa_key_attributes_s psa_key_attributes_t; #ifndef __DOXYGEN_ONLY__ #if defined(MBEDTLS_PSA_CRYPTO_SE_C) -/* Mbed Crypto defines this type in crypto_types.h because it is also +/* Mbed TLS defines this type in crypto_types.h because it is also * visible to applications through an implementation-specific extension. * For the PSA Cryptography specification, this type is only visible * via crypto_se_driver.h. */ diff --git a/scripts/config.py b/scripts/config.py index c106a97c0662..ea66cd626939 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -2,7 +2,7 @@ """Mbed TLS configuration file manipulation library and tool -Basic usage, to read the Mbed TLS or Mbed Crypto configuration: +Basic usage, to read the Mbed TLS configuration: config = ConfigFile() if 'MBEDTLS_RSA_C' in config: print('RSA is enabled') """ @@ -468,7 +468,7 @@ def write(self, filename=None): def main(): """Command line config.h manipulation tool.""" parser = argparse.ArgumentParser(description=""" - Mbed TLS and Mbed Crypto configuration file manipulation tool. + Mbed TLS and Mbed TLS configuration file manipulation tool. """) parser.add_argument('--file', '-f', help="""File to read (and modify if requested). diff --git a/tests/include/spe/crypto_spe.h b/tests/include/spe/crypto_spe.h index a79ce173853c..de842642d4ab 100644 --- a/tests/include/spe/crypto_spe.h +++ b/tests/include/spe/crypto_spe.h @@ -19,13 +19,13 @@ /** * \file crypto_spe.h * - * \brief When Mbed Crypto is built with the MBEDTLS_PSA_CRYPTO_SPM option - * enabled, this header is included by all .c files in Mbed Crypto that + * \brief When Mbed TLS is built with the MBEDTLS_PSA_CRYPTO_SPM option + * enabled, this header is included by all .c files in Mbed TLS that * use PSA Crypto function names. This avoids duplication of symbols - * between TF-M and Mbed Crypto. + * between TF-M and Mbed TLS. * * \note This file should be included before including any PSA Crypto headers - * from Mbed Crypto. + * from Mbed TLS. */ #ifndef CRYPTO_SPE_H diff --git a/tests/scripts/psa_collect_statuses.py b/tests/scripts/psa_collect_statuses.py index b086793c40e4..f685bab8e09e 100755 --- a/tests/scripts/psa_collect_statuses.py +++ b/tests/scripts/psa_collect_statuses.py @@ -1,13 +1,13 @@ #!/usr/bin/env python3 """Describe the test coverage of PSA functions in terms of return statuses. -1. Build Mbed Crypto with -DRECORD_PSA_STATUS_COVERAGE_LOG +1. Build Mbed TLS with -DRECORD_PSA_STATUS_COVERAGE_LOG 2. Run psa_collect_statuses.py The output is a series of line of the form "psa_foo PSA_ERROR_XXX". Each function/status combination appears only once. -This script must be run from the top of an Mbed Crypto source tree. +This script must be run from the top of an Mbed TLS source tree. The build command is "make -DRECORD_PSA_STATUS_COVERAGE_LOG", which is only supported with make (as opposed to CMake or other build methods). """ @@ -46,7 +46,7 @@ def __init__(self): def collect_log(self, log_file_name): """Read logs from RECORD_PSA_STATUS_COVERAGE_LOG. - Read logs produced by running Mbed Crypto test suites built with + Read logs produced by running Mbed TLS test suites built with -DRECORD_PSA_STATUS_COVERAGE_LOG. """ with open(log_file_name) as log: @@ -82,7 +82,7 @@ def report(self): def collect_status_logs(options): """Build and run unit tests and report observed function return statuses. - Build Mbed Crypto with -DRECORD_PSA_STATUS_COVERAGE_LOG, run the + Build Mbed TLS with -DRECORD_PSA_STATUS_COVERAGE_LOG, run the test suites and display information about observed return statuses. """ rebuilt = False diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c index 0843e24473e6..6b734866d6b4 100644 --- a/tests/src/psa_exercise_key.c +++ b/tests/src/psa_exercise_key.c @@ -72,7 +72,7 @@ static int check_key_attributes_sanity(mbedtls_svc_key_id_t key) psa_key_slot_number_t slot_number = 0xec94d4a5058a1a21; psa_status_t status = psa_get_key_slot_number(&attributes, &slot_number); if (lifetime_is_dynamic_secure_element(lifetime)) { - /* Mbed Crypto currently always exposes the slot number to + /* Mbed TLS currently always exposes the slot number to * applications. This is not mandated by the PSA specification * and may change in future versions. */ TEST_EQUAL(status, 0); From 02501f6ba11828d03469baefc119581fae38cbdc Mon Sep 17 00:00:00 2001 From: Fredrik Hesse Date: Mon, 4 Oct 2021 22:13:51 +0200 Subject: [PATCH 2/3] Replace references to Mbed Crypto with Mbed TLS through-out documentation and comments. Signed-off-by: Fredrik Hesse --- docs/architecture/mbed-crypto-storage-specification.md | 2 ++ scripts/config.py | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/architecture/mbed-crypto-storage-specification.md b/docs/architecture/mbed-crypto-storage-specification.md index 4116de01925a..11729981496e 100644 --- a/docs/architecture/mbed-crypto-storage-specification.md +++ b/docs/architecture/mbed-crypto-storage-specification.md @@ -2,6 +2,8 @@ Mbed TLS storage specification ================================= This document specifies how Mbed TLS uses storage. +Key storage was originally introduced in a product called Mbed Crypto, which was re-distributed via Mbed TLS and has since been merged into Mbed TLS. +This document contains historical information both from before and after this merge. Mbed TLS may be upgraded on an existing device with the storage preserved. Therefore: diff --git a/scripts/config.py b/scripts/config.py index ea66cd626939..9bf82c9afde9 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -468,7 +468,7 @@ def write(self, filename=None): def main(): """Command line config.h manipulation tool.""" parser = argparse.ArgumentParser(description=""" - Mbed TLS and Mbed TLS configuration file manipulation tool. + Mbed TLS configuration file manipulation tool. """) parser.add_argument('--file', '-f', help="""File to read (and modify if requested). From 6f665a56d0553c3f631878a0caa03ae42ebda052 Mon Sep 17 00:00:00 2001 From: Fredrik Hesse Date: Sat, 23 Oct 2021 09:55:04 +0200 Subject: [PATCH 3/3] Minor adjustments after review. Signed-off-by: Fredrik Hesse --- docs/architecture/mbed-crypto-storage-specification.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/architecture/mbed-crypto-storage-specification.md b/docs/architecture/mbed-crypto-storage-specification.md index 11729981496e..2b99f775e43d 100644 --- a/docs/architecture/mbed-crypto-storage-specification.md +++ b/docs/architecture/mbed-crypto-storage-specification.md @@ -5,7 +5,7 @@ This document specifies how Mbed TLS uses storage. Key storage was originally introduced in a product called Mbed Crypto, which was re-distributed via Mbed TLS and has since been merged into Mbed TLS. This document contains historical information both from before and after this merge. -Mbed TLS may be upgraded on an existing device with the storage preserved. Therefore: +Mbed Crypto may be upgraded on an existing device with the storage preserved. Therefore: 1. Any change may break existing installations and may require an upgrade path. 1. This document retains historical information about all past released versions. Do not remove information from this document unless it has always been incorrect or it is about a version that you are sure was never released.