mirror of
https://github.com/godotengine/godot.git
synced 2025-01-06 17:37:18 +08:00
40fa684c18
Keep module compatibility with mbedtls 2.x (old LTS branch). A patch has been added to allow compiling after removing all the `psa_*` files from the library folder (will look into upstreaming it). Note: mbedTLS 3.6 finally enabled TLSv1.3 by default, but it requires some module changes, and to enable PSA crypto (new "standard" API specification), so it might be best done in a separate commit/PR.
101 lines
3.5 KiB
C++
101 lines
3.5 KiB
C++
/**
|
|
* \file psa_util_internal.h
|
|
*
|
|
* \brief Internal utility functions for use of PSA Crypto.
|
|
*/
|
|
/*
|
|
* Copyright The Mbed TLS Contributors
|
|
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
|
*/
|
|
|
|
#ifndef MBEDTLS_PSA_UTIL_INTERNAL_H
|
|
#define MBEDTLS_PSA_UTIL_INTERNAL_H
|
|
|
|
/* Include the public header so that users only need one include. */
|
|
#include "mbedtls/psa_util.h"
|
|
|
|
#include "psa/crypto.h"
|
|
|
|
#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
|
|
|
|
/*************************************************************************
|
|
* FFDH
|
|
************************************************************************/
|
|
|
|
#define MBEDTLS_PSA_MAX_FFDH_PUBKEY_LENGTH \
|
|
PSA_KEY_EXPORT_FFDH_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS)
|
|
|
|
/*************************************************************************
|
|
* ECC
|
|
************************************************************************/
|
|
|
|
#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH \
|
|
PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)
|
|
|
|
#define MBEDTLS_PSA_MAX_EC_KEY_PAIR_LENGTH \
|
|
PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)
|
|
|
|
/*************************************************************************
|
|
* Error translation
|
|
************************************************************************/
|
|
|
|
typedef struct {
|
|
/* Error codes used by PSA crypto are in -255..-128, fitting in 16 bits. */
|
|
int16_t psa_status;
|
|
/* Error codes used by Mbed TLS are in one of the ranges
|
|
* -127..-1 (low-level) or -32767..-4096 (high-level with a low-level
|
|
* code optionally added), fitting in 16 bits. */
|
|
int16_t mbedtls_error;
|
|
} mbedtls_error_pair_t;
|
|
|
|
#if defined(MBEDTLS_MD_LIGHT)
|
|
extern const mbedtls_error_pair_t psa_to_md_errors[4];
|
|
#endif
|
|
|
|
#if defined(MBEDTLS_BLOCK_CIPHER_SOME_PSA)
|
|
extern const mbedtls_error_pair_t psa_to_cipher_errors[4];
|
|
#endif
|
|
|
|
#if defined(MBEDTLS_LMS_C)
|
|
extern const mbedtls_error_pair_t psa_to_lms_errors[3];
|
|
#endif
|
|
|
|
#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
|
extern const mbedtls_error_pair_t psa_to_ssl_errors[7];
|
|
#endif
|
|
|
|
#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) || \
|
|
defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC)
|
|
extern const mbedtls_error_pair_t psa_to_pk_rsa_errors[8];
|
|
#endif
|
|
|
|
#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
|
|
defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
|
|
extern const mbedtls_error_pair_t psa_to_pk_ecdsa_errors[7];
|
|
#endif
|
|
|
|
/* Generic fallback function for error translation,
|
|
* when the received state was not module-specific. */
|
|
int psa_generic_status_to_mbedtls(psa_status_t status);
|
|
|
|
/* This function iterates over provided local error translations,
|
|
* and if no match was found - calls the fallback error translation function. */
|
|
int psa_status_to_mbedtls(psa_status_t status,
|
|
const mbedtls_error_pair_t *local_translations,
|
|
size_t local_errors_num,
|
|
int (*fallback_f)(psa_status_t));
|
|
|
|
/* The second out of three-stage error handling functions of the pk module,
|
|
* acts as a fallback after RSA / ECDSA error translation, and if no match
|
|
* is found, it itself calls psa_generic_status_to_mbedtls. */
|
|
int psa_pk_status_to_mbedtls(psa_status_t status);
|
|
|
|
/* Utility macro to shorten the defines of error translator in modules. */
|
|
#define PSA_TO_MBEDTLS_ERR_LIST(status, error_list, fallback_f) \
|
|
psa_status_to_mbedtls(status, error_list, \
|
|
sizeof(error_list)/sizeof(error_list[0]), \
|
|
fallback_f)
|
|
|
|
#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
|
|
#endif /* MBEDTLS_PSA_UTIL_INTERNAL_H */
|