Abstraction Layers

"Not all systems are made equal. Some are more equal than others."

We try to make the mbed TLS core as generic as possible to allow easy integration on a wide number of platforms. In order to do so, mbed TLS has a number of abstraction layers that make life easier!

"Standard" function abstraction

These are "standard" functions from libc that are always needed, but that should behave different or have different implementations on some platforms.

Examples: calloc() / free(), printf() and fprintf()

These standard functions are abstracted in the Platform layer as of version 1.3.5. The layer core is enabled by default in config.h with MBEDTLS_PLATFORM_C and allows runtime customization of the relevant function.

Support for abstracting different functions is enabled with the MBEDTLS_PLATFORM_XXX defines in config.h.

For instance, after enabling MBEDTLS_PLATFORM_PRINTF_ALT, you can set an alternative for printf() by calling mbedtls_platform_set_printf().

"Additional" function abstraction

These are "additional" functions from external libraries / OS that are needed only in some circumstances (e.g. threading library support)

Examples: threading

These abstractions are implemented in their own module and enabled / disabled with a single define (e.g. MBEDTLS_THREADING_C in config.h). They might need additional configuration options. The threading library for instance, requires you to indicate which threading library you are using (pthread or an alternative).

Implementation abstraction

These are abstractions for functions we already provide an implementation for, but some users might want to use their own versions instead (e.g. optimized for their platform).

Examples: AES, MD5, Timing, etc.

To enable an implementation abstraction you'll have to enable the relevant macro (MBEDTLS_XXX_ALT) in config.h, and provide a custom header (named xxx_alt.h) and of course an implementation.

Starting with the 2.0 branch, you can also opt to provide your own version of the "core" function of one module only, rather than the whole module.

Examples: AES setkey, AES block encrypt/decrypt, SHA process, etc.

To enable an implementation abstraction you'll have to enable the relevant macro (MBEDTLS_XXX_ALT) in config.h, and provide your own implementation of the relevant function, with the same prototype as the default implementation.

Did this help?