Merge pull request Mbed-TLS#15 from ronald-cron-arm/comparison-with-mbedcrypto

Add comparison with Mbed TLS crypto library documentation

Author: daverodgman

docs/architecture/psa-crypto-repository.md

@@ -196,3 +196,33 @@ of the commit identifiers are used.
 * git commit -s -m"Update against \<mbedtls-commit-id\>(PR \<mbedtls-pr\>) with \<psa-crypto-commit-id\>"
 * Create a PR against the main branch with the branch that has just been created.
 * Merge the PR which completes the update.
+
+## Comparison with the Mbed TLS cryptography library
+
+The PSA-Crypto library does not support all the cryptographic features
+that the Mbed TLS cryptographic library supports, the main area of discrepancy
+being the handling of the various formats of private and public asymmetric
+keys.
+
+To be more specific, the following Mbed TLS C modules can be potentially
+included in the Mbed TLS cryptography library but not in the PSA-Crypto one:
+. nist_kw.c
+. pem.c
+. pkcs5.c
+. pkcs7.c
+. pkcs12.c
+
+Furthermore, the following Mbed TLS C modules can be potentially included in
+the PSA-Crypto library as the builtin driver implementation relies on them but
+their interface is not public and thus may change without notice:
+. asn1parse.c
+. asn1write.c
+. oid.c
+. pk.c
+. pkparse.c
+. pkwrite.c
+
+Otherwise, the PSA-Crypto library does not have support for alternative
+implementations of cryptography operations as Mbed TLS does through
+MBEDTLS_xxx_ALT like configuration options. Alternative implementations should
+instead be provided as PSA drivers.

scripts/psa_crypto.py

@@ -39,7 +39,9 @@ def copy_of_mbedtls_headers(mbedtls_root_path, psa_crypto_root_path):
     destination_path = os.path.join(builtin_path, "include", "mbedtls")
 
     include_files = filter(lambda file_: not re.match(
-                           "x509.*|mps.*|ssl.*|\.gitignore|debug\.h|net_sockets\.h", file_),
+                           "x509.*|mps.*|ssl.*|base64\.*|nist_kw\.*|pem\.*|padlock\.*|pkcs.*|"\
+                           "\.gitignore|debug\.h|net_sockets\.h"\
+                           "", file_),
                            os.listdir(source_path))
     for file_ in include_files:
         shutil.copy2(os.path.join(source_path, file_), destination_path)
@@ -52,7 +54,8 @@ def copy_of_mbedtls_headers(mbedtls_root_path, psa_crypto_root_path):
 def copy_from_library(mbedtls_root_path, psa_crypto_root_path):
     builtin_path = os.path.join(psa_crypto_root_path, "drivers", "builtin")
     library_files = filter(lambda file_: not re.match(
-                           ".*\.o|x509.*|mps.*|ssl.*|\.gitignore|Makefile|CMakeLists\.txt|"\
+                           ".*\.o|x509.*|mps.*|ssl.*|base64\.*|nist_kw\.*|pem\.*|padlock\.*|pkcs.*|"\
+                           "\.gitignore|Makefile|CMakeLists\.txt|"\
                            "debug\.c|error\.c|net_sockets\.c"\
                            "psa_crypto_core_common\.h", file_),
                            os.listdir(os.path.join(mbedtls_root_path, "library")))