aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSoby Mathew <soby.mathew@arm.com>2020-07-20 21:09:23 +0100
committerSoby Mathew <soby.mathew@arm.com>2020-08-21 04:19:52 +0000
commit07ef6e4edb1acdd422bf7bbe36fc78ec4f7290c2 (patch)
tree3ed40afeb45fd02d22b018c7e457a948be0463ff
parent54507b1645087e92b5a115919ae8fd571ace8bdb (diff)
downloadtrusted-firmware-m-07ef6e4edb1acdd422bf7bbe36fc78ec4f7290c2.tar.gz
Crypto: migrate support to MbedTLS v2.23.0
This patch migrates the mbedcrypto dependancy for TF-M to mbedTLS repo v2.23.0 which is the latest release tag. The PSA crypto headers and the crypto service implementation in TF-M is updated for additional functionality in this version. The userguide and other relevant documentation are updated to reflect the changes to location of repo. Signed-off-by: Soby Mathew <soby.mathew@arm.com> Change-Id: Ia7d3f95dc961c5815eb4416d2afbd90ec5c0c19e
-rw-r--r--BuildMbedCrypto.cmake5
-rw-r--r--bl2/ext/mcuboot/CMakeLists.txt6
-rw-r--r--docs/getting_started/tfm_build_instruction.rst8
-rw-r--r--docs/getting_started/tfm_sw_requirement.rst15
-rw-r--r--interface/include/psa/crypto.h12
-rw-r--r--interface/include/psa/crypto_compat.h77
-rw-r--r--interface/include/psa/crypto_extra.h4
-rw-r--r--interface/include/psa/crypto_sizes.h52
-rw-r--r--interface/include/psa/crypto_types.h183
-rw-r--r--interface/include/psa/crypto_values.h322
-rw-r--r--interface/src/tfm_crypto_func_api.c81
-rw-r--r--interface/src/tfm_crypto_ipc_api.c99
-rw-r--r--lib/ext/t_cose/README.md2
-rw-r--r--secure_fw/partitions/crypto/CMakeLists.txt4
-rw-r--r--secure_fw/partitions/crypto/crypto_hash.c47
-rw-r--r--secure_fw/partitions/crypto/crypto_spe.h4
-rw-r--r--secure_fw/partitions/crypto/tfm_crypto_secure_api.c109
17 files changed, 678 insertions, 352 deletions
diff --git a/BuildMbedCrypto.cmake b/BuildMbedCrypto.cmake
index 8ae08e38d0..6359af828e 100644
--- a/BuildMbedCrypto.cmake
+++ b/BuildMbedCrypto.cmake
@@ -41,7 +41,7 @@ endif()
#Based on preinclude input variables, decide if preinclude flags need to be appended
if((NOT DEFINED MBEDCRYPTO_PREINCLUDE_PREFIX) OR (NOT DEFINED MBEDCRYPTO_PREINCLUDE_HEADER))
- message(STATUS "Building mbed-crypto without pre-included headers and global symbols prefixing.")
+ message(STATUS "Building mbed-crypto(mbedtls) without pre-included headers and global symbols prefixing.")
else()
compiler_get_preinclude_option_string(${MBEDCRYPTO_PREINCLUDE_HEADER} _PRE_INC_STRING)
set(MBEDCRYPTO_PREINCLUDE_C_FLAGS " -DLIB_PREFIX_NAME=${MBEDCRYPTO_PREINCLUDE_PREFIX} ${_PRE_INC_STRING}")
@@ -81,6 +81,7 @@ externalproject_add(${MBEDCRYPTO_TARGET_NAME}
SOURCE_DIR ${MBEDCRYPTO_SOURCE_DIR}
#Set Mbed Crypto features
CMAKE_ARGS -DENABLE_TESTING=OFF -DENABLE_PROGRAMS=OFF
+ CMAKE_ARGS -DMBEDTLS_FATAL_WARNINGS=OFF
#Enforce our build system's settings.
CMAKE_ARGS -DCMAKE_MODULE_PATH=${CMAKE_MODULE_PATH} -DCMAKE_SYSTEM_NAME=${CMAKE_SYSTEM_NAME}
#Inherit the build setting of this project
@@ -111,7 +112,7 @@ add_custom_target(${MBEDCRYPTO_TARGET_NAME}_install
COMMAND ${CMAKE_COMMAND} --build ${MBEDCRYPTO_BINARY_DIR} -- install
BYPRODUCTS ${MBEDCRYPTO_INSTALL_DIR}/lib/${CMAKE_STATIC_LIBRARY_PREFIX_C}mbedcrypto${CMAKE_STATIC_LIBRARY_SUFFIX_C}
WORKING_DIRECTORY ${MBEDCRYPTO_BINARY_DIR}
- COMMENT "Installing Mbed Crypto to ${MBEDCRYPTO_INSTALL_DIR}"
+ COMMENT "Installing Mbed Crypto(MbedTLS) to ${MBEDCRYPTO_INSTALL_DIR}"
VERBATIM)
#Make install rule depend on Mbed Crypto library build
add_dependencies(${MBEDCRYPTO_TARGET_NAME}_install ${MBEDCRYPTO_TARGET_NAME})
diff --git a/bl2/ext/mcuboot/CMakeLists.txt b/bl2/ext/mcuboot/CMakeLists.txt
index 68d817f5e8..996d87c5d2 100644
--- a/bl2/ext/mcuboot/CMakeLists.txt
+++ b/bl2/ext/mcuboot/CMakeLists.txt
@@ -109,13 +109,13 @@ else()
)
endif()
-#Define location of Mbed Crypto source, build, and installation directory.
+#Define location of Mbed-Crypto(MbedTLS) source, build, and installation directory.
set(MBEDTLS_CONFIG_FILE "config-rsa.h")
set(MBEDTLS_CONFIG_PATH "${TFM_ROOT_DIR}/bl2/ext/mcuboot/include")
-get_filename_component(MBEDCRYPTO_SOURCE_DIR "${TFM_ROOT_DIR}/../mbed-crypto" ABSOLUTE)
+get_filename_component(MBEDCRYPTO_SOURCE_DIR "${TFM_ROOT_DIR}/../mbedtls" ABSOLUTE)
if(NOT EXISTS ${MBEDCRYPTO_SOURCE_DIR})
- message(FATAL_ERROR "Missing mbed-crypto. Please clone the mbed-crypto repo to directory \"${MBEDCRYPTO_SOURCE_DIR}\".")
+ message(FATAL_ERROR "Missing mbed-crypto(mbedtls). Please clone the mbedtls repo to directory \"${MBEDCRYPTO_SOURCE_DIR}\".")
endif()
set (MBEDCRYPTO_BINARY_DIR "${CMAKE_CURRENT_BINARY_DIR}/mbed-crypto/build")
set (MBEDCRYPTO_INSTALL_DIR ${MBEDCRYPTO_BINARY_DIR}/../install)
diff --git a/docs/getting_started/tfm_build_instruction.rst b/docs/getting_started/tfm_build_instruction.rst
index 60edb7562c..34b5b7b943 100644
--- a/docs/getting_started/tfm_build_instruction.rst
+++ b/docs/getting_started/tfm_build_instruction.rst
@@ -28,7 +28,7 @@ Getting the source-code
cd <base folder>
git clone https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git
- git clone https://github.com/ARMmbed/mbed-crypto.git -b mbedcrypto-3.0.1
+ git clone https://github.com/ARMmbed/mbedtls.git -b mbedtls-2.23.0
git clone https://git.trustedfirmware.org/TF-M/tf-m-tests.git
git clone https://github.com/JuulLabs-OSS/mcuboot.git -b v1.6.0
@@ -279,9 +279,9 @@ line arguments:
- ``Relwithdebinfo``
- ``Minsizerel``
* - -DMBEDCRYPTO_DEBUG=<ON|OFF>
- - Enables debug symbols for Mbed Crypto library. If a cryptographic
- accelerator is enabled then this will also enable debug symbols and
- logging for any accelerator libraries.
+ - Enables debug symbols for Mbed Crypto(MbedTLS) library. If a
+ cryptographic accelerator is enabled then this will also enable
+ debug symbols and logging for any accelerator libraries.
* - -DBUILD_DWARF_VERSION=<dwarf version>
- Configures DWARF version.
The possible values are:
diff --git a/docs/getting_started/tfm_sw_requirement.rst b/docs/getting_started/tfm_sw_requirement.rst
index 91869d274e..1edf7d4822 100644
--- a/docs/getting_started/tfm_sw_requirement.rst
+++ b/docs/getting_started/tfm_sw_requirement.rst
@@ -126,21 +126,30 @@ External dependencies
In order to build TF-M the following external projects are required:
- - `Mbed Crypto library <https://github.com/ARMmbed/mbed-crypto>`__ v3.0.1
- is used as crypto library on the secure side
+ - `Mbed-crypto(MbedTLS) library <https://github.com/ARMmbed/mbedtls>`__ v2.23.0
+ is used as crypto library on the secure side.
- `MCUboot <https://github.com/JuulLabs-OSS/mcuboot>`__ v1.6.0 is used as
the default bootloader in TF-M
And the following TF-M projects as well:
+
- `TF-M tests <https://git.trustedfirmware.org/TF-M/tf-m-tests.git>`__
+.. Note::
+
+ The development of Mbed-crypto has moved to MbedTLS project and hence
+ wherever mbed-crypto is referred to in TF-M, it refers to the component
+ within MbedTLS project. More details of the move can be found
+ `here <https://github.com/ARMmbed/mbed-crypto/issues/374>`__.
+
+
Each of the listed dependencies should be placed in a common root directory
with trustedfirmware-m
.. code-block:: bash
.
- ├── mbed-crypto
+ ├── mbedtls
├── mcuboot
├── tf-m-tests
└── trusted-firmware-m
diff --git a/interface/include/psa/crypto.h b/interface/include/psa/crypto.h
index 14591957b8..cea2fae0ac 100644
--- a/interface/include/psa/crypto.h
+++ b/interface/include/psa/crypto.h
@@ -920,7 +920,7 @@ psa_status_t psa_hash_compare(psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
const uint8_t *hash,
- const size_t hash_length);
+ size_t hash_length);
/** The type of the state data structure for multipart hash operations.
*
@@ -1288,7 +1288,7 @@ psa_status_t psa_mac_verify(psa_key_handle_t handle,
const uint8_t *input,
size_t input_length,
const uint8_t *mac,
- const size_t mac_length);
+ size_t mac_length);
/** The type of the state data structure for multipart MAC operations.
*
@@ -3490,10 +3490,10 @@ psa_status_t psa_key_derivation_output_bytes(
* length is determined by the curve, and sets the mandatory bits
* accordingly. That is:
*
- * - #PSA_ECC_CURVE_CURVE25519: draw a 32-byte string
- * and process it as specified in RFC 7748 &sect;5.
- * - #PSA_ECC_CURVE_CURVE448: draw a 56-byte string
- * and process it as specified in RFC 7748 &sect;5.
+ * - Curve25519 (#PSA_ECC_CURVE_MONTGOMERY, 255 bits): draw a 32-byte
+ * string and process it as specified in RFC 7748 &sect;5.
+ * - Curve448 (#PSA_ECC_CURVE_MONTGOMERY, 448 bits): draw a 56-byte
+ * string and process it as specified in RFC 7748 &sect;5.
*
* - For key types for which the key is represented by a single sequence of
* \p bits bits with constraints as to which bit sequences are acceptable,
diff --git a/interface/include/psa/crypto_compat.h b/interface/include/psa/crypto_compat.h
index 518008b8a7..bed2b9658b 100644
--- a/interface/include/psa/crypto_compat.h
+++ b/interface/include/psa/crypto_compat.h
@@ -50,6 +50,8 @@ extern "C" {
typedef MBEDTLS_PSA_DEPRECATED size_t mbedtls_deprecated_size_t;
typedef MBEDTLS_PSA_DEPRECATED psa_status_t mbedtls_deprecated_psa_status_t;
typedef MBEDTLS_PSA_DEPRECATED psa_key_usage_t mbedtls_deprecated_psa_key_usage_t;
+typedef MBEDTLS_PSA_DEPRECATED psa_ecc_curve_t mbedtls_deprecated_psa_ecc_curve_t;
+typedef MBEDTLS_PSA_DEPRECATED psa_dh_group_t mbedtls_deprecated_psa_dh_group_t;
#define MBEDTLS_DEPRECATED_CONSTANT( type, value ) \
( (mbedtls_deprecated_##type) ( value ) )
@@ -104,6 +106,81 @@ MBEDTLS_PSA_DEPRECATED psa_status_t psa_asymmetric_verify( psa_key_handle_t key,
#endif /* MBEDTLS_DEPRECATED_REMOVED */
+/*
+ * Size-specific elliptic curve and Diffie-Hellman group names
+ */
+#define PSA_ECC_CURVE_SECP160K1 \
+ MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_SECP_K1 )
+#define PSA_ECC_CURVE_SECP192K1 \
+ MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_SECP_K1 )
+#define PSA_ECC_CURVE_SECP224K1 \
+ MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_SECP_K1 )
+#define PSA_ECC_CURVE_SECP256K1 \
+ MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_SECP_K1 )
+#define PSA_ECC_CURVE_SECP160R1 \
+ MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_SECP_R1 )
+#define PSA_ECC_CURVE_SECP192R1 \
+ MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_SECP_R1 )
+#define PSA_ECC_CURVE_SECP224R1 \
+ MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_SECP_R1 )
+#define PSA_ECC_CURVE_SECP256R1 \
+ MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_SECP_R1 )
+#define PSA_ECC_CURVE_SECP384R1 \
+ MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_SECP_R1 )
+#define PSA_ECC_CURVE_SECP521R1 \
+ MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_SECP_R1 )
+#define PSA_ECC_CURVE_SECP160R2 \
+ MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_SECP_R2 )
+#define PSA_ECC_CURVE_SECT163K1 \
+ MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_SECT_K1 )
+#define PSA_ECC_CURVE_SECT233K1 \
+ MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_SECT_K1 )
+#define PSA_ECC_CURVE_SECT239K1 \
+ MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_SECT_K1 )
+#define PSA_ECC_CURVE_SECT283K1 \
+ MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_SECT_K1 )
+#define PSA_ECC_CURVE_SECT409K1 \
+ MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_SECT_K1 )
+#define PSA_ECC_CURVE_SECT571K1 \
+ MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_SECT_K1 )
+#define PSA_ECC_CURVE_SECT163R1 \
+ MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_SECT_R1 )
+#define PSA_ECC_CURVE_SECT193R1 \
+ MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_SECT_R1 )
+#define PSA_ECC_CURVE_SECT233R1 \
+ MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_SECT_R1 )
+#define PSA_ECC_CURVE_SECT283R1 \
+ MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_SECT_R1 )
+#define PSA_ECC_CURVE_SECT409R1 \
+ MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_SECT_R1 )
+#define PSA_ECC_CURVE_SECT571R1 \
+ MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_SECT_R1 )
+#define PSA_ECC_CURVE_SECT163R2 \
+ MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_SECT_R2 )
+#define PSA_ECC_CURVE_SECT193R2 \
+ MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_SECT_R2 )
+#define PSA_ECC_CURVE_BRAINPOOL_P256R1 \
+ MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_BRAINPOOL_P_R1 )
+#define PSA_ECC_CURVE_BRAINPOOL_P384R1 \
+ MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_BRAINPOOL_P_R1 )
+#define PSA_ECC_CURVE_BRAINPOOL_P512R1 \
+ MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_BRAINPOOL_P_R1 )
+#define PSA_ECC_CURVE_CURVE25519 \
+ MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_MONTGOMERY )
+#define PSA_ECC_CURVE_CURVE448 \
+ MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_MONTGOMERY )
+
+#define PSA_DH_GROUP_FFDHE2048 \
+ MBEDTLS_DEPRECATED_CONSTANT( psa_dh_group_t, PSA_DH_GROUP_RFC7919 )
+#define PSA_DH_GROUP_FFDHE3072 \
+ MBEDTLS_DEPRECATED_CONSTANT( psa_dh_group_t, PSA_DH_GROUP_RFC7919 )
+#define PSA_DH_GROUP_FFDHE4096 \
+ MBEDTLS_DEPRECATED_CONSTANT( psa_dh_group_t, PSA_DH_GROUP_RFC7919 )
+#define PSA_DH_GROUP_FFDHE6144 \
+ MBEDTLS_DEPRECATED_CONSTANT( psa_dh_group_t, PSA_DH_GROUP_RFC7919 )
+#define PSA_DH_GROUP_FFDHE8192 \
+ MBEDTLS_DEPRECATED_CONSTANT( psa_dh_group_t, PSA_DH_GROUP_RFC7919 )
+
#ifdef __cplusplus
}
#endif
diff --git a/interface/include/psa/crypto_extra.h b/interface/include/psa/crypto_extra.h
index f1ba6904a9..b8a4d7e36c 100644
--- a/interface/include/psa/crypto_extra.h
+++ b/interface/include/psa/crypto_extra.h
@@ -35,7 +35,7 @@ extern "C" {
* string. The length of the byte string is the length of the base prime `p`
* in bytes.
*/
-#define PSA_KEY_TYPE_DSA_PUBLIC_KEY ((psa_key_type_t)0x60020000)
+#define PSA_KEY_TYPE_DSA_PUBLIC_KEY ((psa_key_type_t)0x4002)
/** DSA key pair (private and public key).
*
@@ -53,7 +53,7 @@ extern "C" {
* Add 1 to the resulting integer and use this as the private key *x*.
*
*/
-#define PSA_KEY_TYPE_DSA_KEY_PAIR ((psa_key_type_t)0x70020000)
+#define PSA_KEY_TYPE_DSA_KEY_PAIR ((psa_key_type_t)0x7002)
/**@}*/
diff --git a/interface/include/psa/crypto_sizes.h b/interface/include/psa/crypto_sizes.h
index 4f67501b56..cbdf59716a 100644
--- a/interface/include/psa/crypto_sizes.h
+++ b/interface/include/psa/crypto_sizes.h
@@ -133,51 +133,9 @@
* operations, and does not need to accept all key sizes up to the limit. */
#define PSA_VENDOR_RSA_MAX_KEY_BITS 4096
-/* The maximum size of an ECC key on this implementation, in bits.
- * This is a vendor-specific macro. */
+/* The maximum size of an ECC key on this implementation, in bits */
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 521
-/** Bit size associated with an elliptic curve.
- *
- * \param curve An elliptic curve (value of type #psa_ecc_curve_t).
- *
- * \return The size associated with \p curve, in bits.
- * This may be 0 if the implementation does not support
- * the specified curve.
- */
-#define PSA_ECC_CURVE_BITS(curve) \
- ((curve) == PSA_ECC_CURVE_SECT163K1 ? 163 : \
- (curve) == PSA_ECC_CURVE_SECT163R1 ? 163 : \
- (curve) == PSA_ECC_CURVE_SECT163R2 ? 163 : \
- (curve) == PSA_ECC_CURVE_SECT193R1 ? 193 : \
- (curve) == PSA_ECC_CURVE_SECT193R2 ? 193 : \
- (curve) == PSA_ECC_CURVE_SECT233K1 ? 233 : \
- (curve) == PSA_ECC_CURVE_SECT233R1 ? 233 : \
- (curve) == PSA_ECC_CURVE_SECT239K1 ? 239 : \
- (curve) == PSA_ECC_CURVE_SECT283K1 ? 283 : \
- (curve) == PSA_ECC_CURVE_SECT283R1 ? 283 : \
- (curve) == PSA_ECC_CURVE_SECT409K1 ? 409 : \
- (curve) == PSA_ECC_CURVE_SECT409R1 ? 409 : \
- (curve) == PSA_ECC_CURVE_SECT571K1 ? 571 : \
- (curve) == PSA_ECC_CURVE_SECT571R1 ? 571 : \
- (curve) == PSA_ECC_CURVE_SECP160K1 ? 160 : \
- (curve) == PSA_ECC_CURVE_SECP160R1 ? 160 : \
- (curve) == PSA_ECC_CURVE_SECP160R2 ? 160 : \
- (curve) == PSA_ECC_CURVE_SECP192K1 ? 192 : \
- (curve) == PSA_ECC_CURVE_SECP192R1 ? 192 : \
- (curve) == PSA_ECC_CURVE_SECP224K1 ? 224 : \
- (curve) == PSA_ECC_CURVE_SECP224R1 ? 224 : \
- (curve) == PSA_ECC_CURVE_SECP256K1 ? 256 : \
- (curve) == PSA_ECC_CURVE_SECP256R1 ? 256 : \
- (curve) == PSA_ECC_CURVE_SECP384R1 ? 384 : \
- (curve) == PSA_ECC_CURVE_SECP521R1 ? 521 : \
- (curve) == PSA_ECC_CURVE_BRAINPOOL_P256R1 ? 256 : \
- (curve) == PSA_ECC_CURVE_BRAINPOOL_P384R1 ? 384 : \
- (curve) == PSA_ECC_CURVE_BRAINPOOL_P512R1 ? 512 : \
- (curve) == PSA_ECC_CURVE_CURVE25519 ? 255 : \
- (curve) == PSA_ECC_CURVE_CURVE448 ? 448 : \
- 0)
-
/** \def PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN
*
* This macro returns the maximum length of the PSK supported
@@ -419,7 +377,7 @@
* \param key_type An asymmetric key type (this may indifferently be a
* key pair type or a public key type).
* \param key_bits The size of the key in bits.
- * \param alg The signature algorithm.
+ * \param alg The asymmetric encryption algorithm.
*
* \return If the parameters are valid and supported, return
* a buffer size in bytes that guarantees that
@@ -438,9 +396,9 @@
/** Sufficient output buffer size for psa_asymmetric_decrypt().
*
- * This macro returns a sufficient buffer size for a ciphertext produced using
+ * This macro returns a sufficient buffer size for a plaintext produced using
* a key of the specified type and size, with the specified algorithm.
- * Note that the actual size of the ciphertext may be smaller, depending
+ * Note that the actual size of the plaintext may be smaller, depending
* on the algorithm.
*
* \warning This function may call its arguments multiple times or
@@ -450,7 +408,7 @@
* \param key_type An asymmetric key type (this may indifferently be a
* key pair type or a public key type).
* \param key_bits The size of the key in bits.
- * \param alg The signature algorithm.
+ * \param alg The asymmetric encryption algorithm.
*
* \return If the parameters are valid and supported, return
* a buffer size in bytes that guarantees that
diff --git a/interface/include/psa/crypto_types.h b/interface/include/psa/crypto_types.h
index 6ac95a8d9f..c477a6c93b 100644
--- a/interface/include/psa/crypto_types.h
+++ b/interface/include/psa/crypto_types.h
@@ -55,85 +55,29 @@ typedef uint16_t psa_key_handle_t;
/** \brief Encoding of a key type.
*/
-typedef uint32_t psa_key_type_t;
+typedef uint16_t psa_key_type_t;
-/** The type of PSA elliptic curve identifiers.
+/** The type of PSA elliptic curve family identifiers.
*
* The curve identifier is required to create an ECC key using the
* PSA_KEY_TYPE_ECC_KEY_PAIR() or PSA_KEY_TYPE_ECC_PUBLIC_KEY()
* macros.
*
- * The encoding of curve identifiers is taken from the
- * TLS Supported Groups Registry (formerly known as the
- * TLS EC Named Curve Registry)
- * https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8
- *
- * This specification defines identifiers for some of the curves in the IANA
- * registry. Implementations that support other curves that are in the IANA
- * registry should use the IANA value and a implementation-specific identifier.
- * Implemenations that support non-IANA curves should use one of the following
- * approaches for allocating a key type:
- *
- * 1. Select a ::psa_ecc_curve_t value in the range #PSA_ECC_CURVE_VENDOR_MIN to
- * #PSA_ECC_CURVE_VENDOR_MAX, which is a subset of the IANA private use
- * range.
- * 2. Use a ::psa_key_type_t value that is vendor-defined.
- *
- * The first option is recommended.
+ * Values defined by this standard will never be in the range 0x80-0xff.
+ * Vendors who define additional families must use an encoding in this range.
*/
-typedef uint16_t psa_ecc_curve_t;
+typedef uint8_t psa_ecc_curve_t;
-/** The type of PSA Diffie-Hellman group identifiers.
+/** The type of PSA Diffie-Hellman group family identifiers.
*
* The group identifier is required to create an Diffie-Hellman key using the
* PSA_KEY_TYPE_DH_KEY_PAIR() or PSA_KEY_TYPE_DH_PUBLIC_KEY()
* macros.
*
- * The encoding of group identifiers is taken from the
- * TLS Supported Groups Registry (formerly known as the
- * TLS EC Named Curve Registry)
- * https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8
- *
- * This specification defines identifiers for some of the groups in the IANA
- * registry. Implementations that support other groups that are in the IANA
- * registry should use the IANA value and a implementation-specific identifier.
- * Implemenations that support non-IANA groups should use one of the following
- * approaches for allocating a key type:
- *
- * 1. Select a ::psa_dh_group_t value in the range #PSA_DH_GROUP_VENDOR_MIN to
- * #PSA_DH_GROUP_VENDOR_MAX, which is a subset of the IANA private use
- * range.
- * 2. Select a ::psa_dh_group_t value from the named groups allocated for
- * GREASE in the IETF draft specification. The GREASE specification and
- * values are listed below.
- * 3. Use a ::psa_key_type_t value that is vendor-defined.
- *
- * Option 1 or 2 are recommended.
- *
- * The current draft of the GREASE specification is
- * https://datatracker.ietf.org/doc/draft-ietf-tls-grease
- *
- * The following GREASE values are allocated for named groups:
- * \code
- * 0x0A0A
- * 0x1A1A
- * 0x2A2A
- * 0x3A3A
- * 0x4A4A
- * 0x5A5A
- * 0x6A6A
- * 0x7A7A
- * 0x8A8A
- * 0x9A9A
- * 0xAAAA
- * 0xBABA
- * 0xCACA
- * 0xDADA
- * 0xEAEA
- * 0xFAFA
- * \endcode
+ * Values defined by this standard will never be in the range 0x80-0xff.
+ * Vendors who define additional families must use an encoding in this range.
*/
-typedef uint16_t psa_dh_group_t;
+typedef uint8_t psa_dh_group_t;
/** \brief Encoding of a cryptographic algorithm.
*
@@ -156,18 +100,117 @@ typedef uint32_t psa_algorithm_t;
* The lifetime of a key indicates where it is stored and what system actions
* may create and destroy it.
*
- * Keys with the lifetime #PSA_KEY_LIFETIME_VOLATILE are automatically
- * destroyed when the application terminates or on a power reset.
+ * Lifetime values have the following structure:
+ * - Bits 0-7 (#PSA_KEY_LIFETIME_GET_PERSISTENCE(\c lifetime)):
+ * persistence level. This value indicates what device management
+ * actions can cause it to be destroyed. In particular, it indicates
+ * whether the key is _volatile_ or _persistent_.
+ * See ::psa_key_persistence_t for more information.
+ * - Bits 8-31 (#PSA_KEY_LIFETIME_GET_LOCATION(\c lifetime)):
+ * location indicator. This value indicates where the key is stored
+ * and where operations on the key are performed.
+ * See ::psa_key_location_t for more information.
+ *
+ * Volatile keys are automatically destroyed when the application instance
+ * terminates or on a power reset of the device. Persistent keys are
+ * preserved until the application explicitly destroys them or until an
+ * implementation-specific device management event occurs (for example,
+ * a factory reset).
*
- * Keys with a lifetime other than #PSA_KEY_LIFETIME_VOLATILE are said
- * to be _persistent_.
- * Persistent keys are preserved if the application or the system restarts.
* Persistent keys have a key identifier of type #psa_key_id_t.
+ * This identifier remains valid throughout the lifetime of the key,
+ * even if the application instance that created the key terminates.
* The application can call psa_open_key() to open a persistent key that
* it created previously.
+ *
+ * This specification defines two basic lifetime values:
+ * - Keys with the lifetime #PSA_KEY_LIFETIME_VOLATILE are volatile.
+ * All implementations should support this lifetime.
+ * - Keys with the lifetime #PSA_KEY_LIFETIME_PERSISTENT are persistent.
+ * All implementations that have access to persistent storage with
+ * appropriate security guarantees should support this lifetime.
*/
typedef uint32_t psa_key_lifetime_t;
+/** Encoding of key persistence levels.
+ *
+ * What distinguishes different persistence levels is what device management
+ * events may cause keys to be destroyed. _Volatile_ keys are destroyed
+ * by a power reset. Persistent keys may be destroyed by events such as
+ * a transfer of ownership or a factory reset. What management events
+ * actually affect persistent keys at different levels is outside the
+ * scope of the PSA Cryptography specification.
+ *
+ * This specification defines the following values of persistence levels:
+ * - \c 0 = #PSA_KEY_PERSISTENCE_VOLATILE: volatile key.
+ * A volatile key is automatically destroyed by the implementation when
+ * the application instance terminates. In particular, a volatile key
+ * is automatically destroyed on a power reset of the device.
+ * - \c 1 = #PSA_KEY_PERSISTENCE_DEFAULT:
+ * persistent key with a default lifetime.
+ * Implementations should support this value if they support persistent
+ * keys at all.
+ * Applications should use this value if they have no specific needs that
+ * are only met by implementation-specific features.
+ * - \c 2-127: persistent key with a PSA-specified lifetime.
+ * The PSA Cryptography specification does not define the meaning of these
+ * values, but other PSA specifications may do so.
+ * - \c 128-254: persistent key with a vendor-specified lifetime.
+ * No PSA specification will define the meaning of these values, so
+ * implementations may choose the meaning freely.
+ * As a guideline, higher persistence levels should cause a key to survive
+ * more management events than lower levels.
+ * - \c 255 = #PSA_KEY_PERSISTENCE_READ_ONLY:
+ * read-only or write-once key.
+ * A key with this persistence level cannot be destroyed.
+ * Implementations that support such keys may either allow their creation
+ * through the PSA Cryptography API, preferably only to applications with
+ * the appropriate privilege, or only expose keys created through
+ * implementation-specific means such as a factory ROM engraving process.
+ * Note that keys that are read-only due to policy restrictions
+ * rather than due to physical limitations should not have this
+ * persistence levels.
+ *
+ * \note Key persistence levels are 8-bit values. Key management
+ * interfaces operate on lifetimes (type ::psa_key_lifetime_t) which
+ * encode the persistence as the lower 8 bits of a 32-bit value.
+ */
+typedef uint8_t psa_key_persistence_t;
+
+/** Encoding of key location indicators.
+ *
+ * If an implementation of this API can make calls to external
+ * cryptoprocessors such as secure elements, the location of a key
+ * indicates which secure element performs the operations on the key.
+ * If an implementation offers multiple physical locations for persistent
+ * storage, the location indicator reflects at which physical location
+ * the key is stored.
+ *
+ * This specification defines the following values of location indicators:
+ * - \c 0: primary local storage.
+ * All implementations should support this value.
+ * The primary local storage is typically the same storage area that
+ * contains the key metadata.
+ * - \c 1: primary secure element.
+ * Implementations should support this value if there is a secure element
+ * attached to the operating environment.
+ * As a guideline, secure elements may provide higher resistance against
+ * side channel and physical attacks than the primary local storage, but may
+ * have restrictions on supported key types, sizes, policies and operations
+ * and may have different performance characteristics.
+ * - \c 2-0x7fffff: other locations defined by a PSA specification.
+ * The PSA Cryptography API does not currently assign any meaning to these
+ * locations, but future versions of this specification or other PSA
+ * specifications may do so.
+ * - \c 0x800000-0xffffff: vendor-defined locations.
+ * No PSA specification will assign a meaning to locations in this range.
+ *
+ * \note Key location indicators are 24-bit values. Key management
+ * interfaces operate on lifetimes (type ::psa_key_lifetime_t) which
+ * encode the location as the upper 24 bits of a 32-bit value.
+ */
+typedef uint32_t psa_key_location_t;
+
/** Encoding of identifiers of persistent keys.
*
* - Applications may freely choose key identifiers in the range
diff --git a/interface/include/psa/crypto_values.h b/interface/include/psa/crypto_values.h
index e21ef273e9..8a70616aee 100644
--- a/interface/include/psa/crypto_values.h
+++ b/interface/include/psa/crypto_values.h
@@ -272,7 +272,7 @@
*
* Zero is not the encoding of any key type.
*/
-#define PSA_KEY_TYPE_NONE ((psa_key_type_t)0x00000000)
+#define PSA_KEY_TYPE_NONE ((psa_key_type_t)0x0000)
/** Vendor-defined key type flag.
*
@@ -281,15 +281,15 @@
* must use an encoding with the #PSA_KEY_TYPE_VENDOR_FLAG bit set and should
* respect the bitwise structure used by standard encodings whenever practical.
*/
-#define PSA_KEY_TYPE_VENDOR_FLAG ((psa_key_type_t)0x80000000)
+#define PSA_KEY_TYPE_VENDOR_FLAG ((psa_key_type_t)0x8000)
-#define PSA_KEY_TYPE_CATEGORY_MASK ((psa_key_type_t)0x70000000)
-#define PSA_KEY_TYPE_CATEGORY_SYMMETRIC ((psa_key_type_t)0x40000000)
-#define PSA_KEY_TYPE_CATEGORY_RAW ((psa_key_type_t)0x50000000)
-#define PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY ((psa_key_type_t)0x60000000)
-#define PSA_KEY_TYPE_CATEGORY_KEY_PAIR ((psa_key_type_t)0x70000000)
+#define PSA_KEY_TYPE_CATEGORY_MASK ((psa_key_type_t)0x7000)
+#define PSA_KEY_TYPE_CATEGORY_RAW ((psa_key_type_t)0x1000)
+#define PSA_KEY_TYPE_CATEGORY_SYMMETRIC ((psa_key_type_t)0x2000)
+#define PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY ((psa_key_type_t)0x4000)
+#define PSA_KEY_TYPE_CATEGORY_KEY_PAIR ((psa_key_type_t)0x7000)
-#define PSA_KEY_TYPE_CATEGORY_FLAG_PAIR ((psa_key_type_t)0x10000000)
+#define PSA_KEY_TYPE_CATEGORY_FLAG_PAIR ((psa_key_type_t)0x3000)
/** Whether a key type is vendor-defined.
*
@@ -303,8 +303,8 @@
* This encompasses both symmetric keys and non-key data.
*/
#define PSA_KEY_TYPE_IS_UNSTRUCTURED(type) \
- (((type) & PSA_KEY_TYPE_CATEGORY_MASK & ~(psa_key_type_t)0x10000000) == \
- PSA_KEY_TYPE_CATEGORY_SYMMETRIC)
+ (((type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_RAW || \
+ ((type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_SYMMETRIC)
/** Whether a key type is asymmetric: either a key pair or a public key. */
#define PSA_KEY_TYPE_IS_ASYMMETRIC(type) \
@@ -347,7 +347,7 @@
*
* A "key" of this type cannot be used for any cryptographic operation.
* Applications may use this type to store arbitrary data in the keystore. */
-#define PSA_KEY_TYPE_RAW_DATA ((psa_key_type_t)0x50000001)
+#define PSA_KEY_TYPE_RAW_DATA ((psa_key_type_t)0x1001)
/** HMAC key.
*
@@ -357,21 +357,21 @@
* HMAC keys should generally have the same size as the underlying hash.
* This size can be calculated with #PSA_HASH_SIZE(\c alg) where
* \c alg is the HMAC algorithm or the underlying hash algorithm. */
-#define PSA_KEY_TYPE_HMAC ((psa_key_type_t)0x51000000)
+#define PSA_KEY_TYPE_HMAC ((psa_key_type_t)0x1100)
/** A secret for key derivation.
*
* The key policy determines which key derivation algorithm the key
* can be used for.
*/
-#define PSA_KEY_TYPE_DERIVE ((psa_key_type_t)0x52000000)
+#define PSA_KEY_TYPE_DERIVE ((psa_key_type_t)0x1200)
/** Key for a cipher, AEAD or MAC algorithm based on the AES block cipher.
*
* The size of the key can be 16 bytes (AES-128), 24 bytes (AES-192) or
* 32 bytes (AES-256).
*/
-#define PSA_KEY_TYPE_AES ((psa_key_type_t)0x40000001)
+#define PSA_KEY_TYPE_AES ((psa_key_type_t)0x2400)
/** Key for a cipher or MAC algorithm based on DES or 3DES (Triple-DES).
*
@@ -382,17 +382,17 @@
* deprecated and should only be used to decrypt legacy data. 3-key 3DES
* is weak and deprecated and should only be used in legacy protocols.
*/
-#define PSA_KEY_TYPE_DES ((psa_key_type_t)0x40000002)
+#define PSA_KEY_TYPE_DES ((psa_key_type_t)0x2301)
/** Key for a cipher, AEAD or MAC algorithm based on the
* Camellia block cipher. */
-#define PSA_KEY_TYPE_CAMELLIA ((psa_key_type_t)0x40000003)
+#define PSA_KEY_TYPE_CAMELLIA ((psa_key_type_t)0x2403)
/** Key for the RC4 stream cipher.
*
* Note that RC4 is weak and deprecated and should only be used in
* legacy protocols. */
-#define PSA_KEY_TYPE_ARC4 ((psa_key_type_t)0x40000004)
+#define PSA_KEY_TYPE_ARC4 ((psa_key_type_t)0x2002)
/** Key for the ChaCha20 stream cipher or the Chacha20-Poly1305 AEAD algorithm.
*
@@ -401,19 +401,19 @@
* Implementations must support 12-byte nonces, may support 8-byte nonces,
* and should reject other sizes.
*/
-#define PSA_KEY_TYPE_CHACHA20 ((psa_key_type_t)0x40000005)
+#define PSA_KEY_TYPE_CHACHA20 ((psa_key_type_t)0x2004)
/** RSA public key. */
-#define PSA_KEY_TYPE_RSA_PUBLIC_KEY ((psa_key_type_t)0x60010000)
+#define PSA_KEY_TYPE_RSA_PUBLIC_KEY ((psa_key_type_t)0x4001)
/** RSA key pair (private and public key). */
-#define PSA_KEY_TYPE_RSA_KEY_PAIR ((psa_key_type_t)0x70010000)
+#define PSA_KEY_TYPE_RSA_KEY_PAIR ((psa_key_type_t)0x7001)
/** Whether a key type is an RSA key (pair or public-only). */
#define PSA_KEY_TYPE_IS_RSA(type) \
(PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) == PSA_KEY_TYPE_RSA_PUBLIC_KEY)
-#define PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE ((psa_key_type_t)0x60030000)
-#define PSA_KEY_TYPE_ECC_KEY_PAIR_BASE ((psa_key_type_t)0x70030000)
-#define PSA_KEY_TYPE_ECC_CURVE_MASK ((psa_key_type_t)0x0000ffff)
+#define PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE ((psa_key_type_t)0x4100)
+#define PSA_KEY_TYPE_ECC_KEY_PAIR_BASE ((psa_key_type_t)0x7100)
+#define PSA_KEY_TYPE_ECC_CURVE_MASK ((psa_key_type_t)0x00ff)
/** Elliptic curve key pair.
*
* \param curve A value of type ::psa_ecc_curve_t that identifies the
@@ -448,70 +448,82 @@
((type) & PSA_KEY_TYPE_ECC_CURVE_MASK) : \
0))
-/* The encoding of curve identifiers is currently aligned with the
- * TLS Supported Groups Registry (formerly known as the
- * TLS EC Named Curve Registry)
- * https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8
- * The values are defined by RFC 8422 and RFC 7027. */
-#define PSA_ECC_CURVE_SECT163K1 ((psa_ecc_curve_t) 0x0001)
-#define PSA_ECC_CURVE_SECT163R1 ((psa_ecc_curve_t) 0x0002)
-#define PSA_ECC_CURVE_SECT163R2 ((psa_ecc_curve_t) 0x0003)
-#define PSA_ECC_CURVE_SECT193R1 ((psa_ecc_curve_t) 0x0004)
-#define PSA_ECC_CURVE_SECT193R2 ((psa_ecc_curve_t) 0x0005)
-#define PSA_ECC_CURVE_SECT233K1 ((psa_ecc_curve_t) 0x0006)
-#define PSA_ECC_CURVE_SECT233R1 ((psa_ecc_curve_t) 0x0007)
-#define PSA_ECC_CURVE_SECT239K1 ((psa_ecc_curve_t) 0x0008)
-#define PSA_ECC_CURVE_SECT283K1 ((psa_ecc_curve_t) 0x0009)
-#define PSA_ECC_CURVE_SECT283R1 ((psa_ecc_curve_t) 0x000a)
-#define PSA_ECC_CURVE_SECT409K1 ((psa_ecc_curve_t) 0x000b)
-#define PSA_ECC_CURVE_SECT409R1 ((psa_ecc_curve_t) 0x000c)
-#define PSA_ECC_CURVE_SECT571K1 ((psa_ecc_curve_t) 0x000d)
-#define PSA_ECC_CURVE_SECT571R1 ((psa_ecc_curve_t) 0x000e)
-#define PSA_ECC_CURVE_SECP160K1 ((psa_ecc_curve_t) 0x000f)
-#define PSA_ECC_CURVE_SECP160R1 ((psa_ecc_curve_t) 0x0010)
-#define PSA_ECC_CURVE_SECP160R2 ((psa_ecc_curve_t) 0x0011)
-#define PSA_ECC_CURVE_SECP192K1 ((psa_ecc_curve_t) 0x0012)
-#define PSA_ECC_CURVE_SECP192R1 ((psa_ecc_curve_t) 0x0013)
-#define PSA_ECC_CURVE_SECP224K1 ((psa_ecc_curve_t) 0x0014)
-#define PSA_ECC_CURVE_SECP224R1 ((psa_ecc_curve_t) 0x0015)
-#define PSA_ECC_CURVE_SECP256K1 ((psa_ecc_curve_t) 0x0016)
-#define PSA_ECC_CURVE_SECP256R1 ((psa_ecc_curve_t) 0x0017)
-#define PSA_ECC_CURVE_SECP384R1 ((psa_ecc_curve_t) 0x0018)
-#define PSA_ECC_CURVE_SECP521R1 ((psa_ecc_curve_t) 0x0019)
-#define PSA_ECC_CURVE_BRAINPOOL_P256R1 ((psa_ecc_curve_t) 0x001a)
-#define PSA_ECC_CURVE_BRAINPOOL_P384R1 ((psa_ecc_curve_t) 0x001b)
-#define PSA_ECC_CURVE_BRAINPOOL_P512R1 ((psa_ecc_curve_t) 0x001c)
-/** Curve25519.
- *
- * This is the curve defined in Bernstein et al.,
- * _Curve25519: new Diffie-Hellman speed records_, LNCS 3958, 2006.
- * The algorithm #PSA_ALG_ECDH performs X25519 when used with this curve.
- */
-#define PSA_ECC_CURVE_CURVE25519 ((psa_ecc_curve_t) 0x001d)
-/** Curve448
- *
- * This is the curve defined in Hamburg,
- * _Ed448-Goldilocks, a new elliptic curve_, NIST ECC Workshop, 2015.
- * The algorithm #PSA_ALG_ECDH performs X448 when used with this curve.
- */
-#define PSA_ECC_CURVE_CURVE448 ((psa_ecc_curve_t) 0x001e)
-
-/** Minimum value for a vendor-defined ECC curve identifier
- *
- * The range for vendor-defined curve identifiers is a subset of the IANA
- * registry private use range, `0xfe00` - `0xfeff`.
- */
-#define PSA_ECC_CURVE_VENDOR_MIN ((psa_ecc_curve_t) 0xfe00)
-/** Maximum value for a vendor-defined ECC curve identifier
- *
- * The range for vendor-defined curve identifiers is a subset of the IANA
- * registry private use range, `0xfe00` - `0xfeff`.
- */
-#define PSA_ECC_CURVE_VENDOR_MAX ((psa_ecc_curve_t) 0xfe7f)
-
-#define PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE ((psa_key_type_t)0x60040000)
-#define PSA_KEY_TYPE_DH_KEY_PAIR_BASE ((psa_key_type_t)0x70040000)
-#define PSA_KEY_TYPE_DH_GROUP_MASK ((psa_key_type_t)0x0000ffff)
+/** SEC Koblitz curves over prime fields.
+ *
+ * This family comprises the following curves:
+ * secp192k1, secp224k1, secp256k1.
+ * They are defined in _Standards for Efficient Cryptography_,
+ * _SEC 2: Recommended Elliptic Curve Domain Parameters_.
+ * https://www.secg.org/sec2-v2.pdf
+ */
+#define PSA_ECC_CURVE_SECP_K1 ((psa_ecc_curve_t) 0x17)
+
+/** SEC random curves over prime fields.
+ *
+ * This family comprises the following curves:
+ * secp192k1, secp224r1, secp256r1, secp384r1, secp521r1.
+ * They are defined in _Standards for Efficient Cryptography_,
+ * _SEC 2: Recommended Elliptic Curve Domain Parameters_.
+ * https://www.secg.org/sec2-v2.pdf
+ */
+#define PSA_ECC_CURVE_SECP_R1 ((psa_ecc_curve_t) 0x12)
+/* SECP160R2 (SEC2 v1, obsolete) */
+#define PSA_ECC_CURVE_SECP_R2 ((psa_ecc_curve_t) 0x1b)
+
+/** SEC Koblitz curves over binary fields.
+ *
+ * This family comprises the following curves:
+ * sect163k1, sect233k1, sect239k1, sect283k1, sect409k1, sect571k1.
+ * They are defined in _Standards for Efficient Cryptography_,
+ * _SEC 2: Recommended Elliptic Curve Domain Parameters_.
+ * https://www.secg.org/sec2-v2.pdf
+ */
+#define PSA_ECC_CURVE_SECT_K1 ((psa_ecc_curve_t) 0x27)
+
+/** SEC random curves over binary fields.
+ *
+ * This family comprises the following curves:
+ * sect163r1, sect233r1, sect283r1, sect409r1, sect571r1.
+ * They are defined in _Standards for Efficient Cryptography_,
+ * _SEC 2: Recommended Elliptic Curve Domain Parameters_.
+ * https://www.secg.org/sec2-v2.pdf
+ */
+#define PSA_ECC_CURVE_SECT_R1 ((psa_ecc_curve_t) 0x22)
+
+/** SEC additional random curves over binary fields.
+ *
+ * This family comprises the following curve:
+ * sect163r2.
+ * It is defined in _Standards for Efficient Cryptography_,
+ * _SEC 2: Recommended Elliptic Curve Domain Parameters_.
+ * https://www.secg.org/sec2-v2.pdf
+ */
+#define PSA_ECC_CURVE_SECT_R2 ((psa_ecc_curve_t) 0x2b)
+
+/** Brainpool P random curves.
+ *
+ * This family comprises the following curves:
+ * brainpoolP160r1, brainpoolP192r1, brainpoolP224r1, brainpoolP256r1,
+ * brainpoolP320r1, brainpoolP384r1, brainpoolP512r1.
+ * It is defined in RFC 5639.
+ */
+#define PSA_ECC_CURVE_BRAINPOOL_P_R1 ((psa_ecc_curve_t) 0x30)
+
+/** Curve25519 and Curve448.
+ *
+ * This family comprises the following Montgomery curves:
+ * - 255-bit: Bernstein et al.,
+ * _Curve25519: new Diffie-Hellman speed records_, LNCS 3958, 2006.
+ * The algorithm #PSA_ALG_ECDH performs X25519 when used with this curve.
+ * - 448-bit: Hamburg,
+ * _Ed448-Goldilocks, a new elliptic curve_, NIST ECC Workshop, 2015.
+ * The algorithm #PSA_ALG_ECDH performs X448 when used with this curve.
+ */
+#define PSA_ECC_CURVE_MONTGOMERY ((psa_ecc_curve_t) 0x41)
+
+#define PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE ((psa_key_type_t)0x4200)
+#define PSA_KEY_TYPE_DH_KEY_PAIR_BASE ((psa_key_type_t)0x7200)
+#define PSA_KEY_TYPE_DH_GROUP_MASK ((psa_key_type_t)0x00ff)
/** Diffie-Hellman key pair.
*
* \param group A value of type ::psa_dh_group_t that identifies the
@@ -546,30 +558,16 @@
((type) & PSA_KEY_TYPE_DH_GROUP_MASK) : \
0))
-/* The encoding of group identifiers is currently aligned with the
- * TLS Supported Groups Registry (formerly known as the
- * TLS EC Named Curve Registry)
- * https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8
- * The values are defined by RFC 7919. */
-#define PSA_DH_GROUP_FFDHE2048 ((psa_dh_group_t) 0x0100)
-#define PSA_DH_GROUP_FFDHE3072 ((psa_dh_group_t) 0x0101)
-#define PSA_DH_GROUP_FFDHE4096 ((psa_dh_group_t) 0x0102)
-#define PSA_DH_GROUP_FFDHE6144 ((psa_dh_group_t) 0x0103)
-#define PSA_DH_GROUP_FFDHE8192 ((psa_dh_group_t) 0x0104)
-
-/** Minimum value for a vendor-defined Diffie Hellman group identifier
- *
- * The range for vendor-defined group identifiers is a subset of the IANA
- * registry private use range, `0x01fc` - `0x01ff`.
- */
-#define PSA_DH_GROUP_VENDOR_MIN ((psa_dh_group_t) 0x01fc)
-/** Maximum value for a vendor-defined Diffie Hellman group identifier
+/** Diffie-Hellman groups defined in RFC 7919 Appendix A.
*
- * The range for vendor-defined group identifiers is a subset of the IANA
- * registry private use range, `0x01fc` - `0x01ff`.
+ * This family includes groups with the following key sizes (in bits):
+ * 2048, 3072, 4096, 6144, 8192. A given implementation may support
+ * all of these sizes or only a subset.
*/
-#define PSA_DH_GROUP_VENDOR_MAX ((psa_dh_group_t) 0x01fd)
+#define PSA_DH_GROUP_RFC7919 ((psa_dh_group_t) 0x03)
+#define PSA_GET_KEY_TYPE_BLOCK_SIZE_EXPONENT(type) \
+ (((type) >> 8) & 7)
/** The block size of a block cipher.
*
* \param type A cipher key type (value of type #psa_key_type_t).
@@ -589,13 +587,9 @@
* \warning This macro may evaluate its argument multiple times.
*/
#define PSA_BLOCK_CIPHER_BLOCK_SIZE(type) \
- ( \
- (type) == PSA_KEY_TYPE_AES ? 16 : \
- (type) == PSA_KEY_TYPE_DES ? 8 : \
- (type) == PSA_KEY_TYPE_CAMELLIA ? 16 : \
- (type) == PSA_KEY_TYPE_ARC4 ? 1 : \
- (type) == PSA_KEY_TYPE_CHACHA20 ? 1 : \
- 0)
+ (((type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_SYMMETRIC ? \
+ 1u << PSA_GET_KEY_TYPE_BLOCK_SIZE_EXPONENT(type) : \
+ 0u)
/** Vendor-defined algorithm flag.
*
@@ -668,22 +662,24 @@
#define PSA_ALG_IS_AEAD(alg) \
(((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_AEAD)
-/** Whether the specified algorithm is a public-key signature algorithm.
+/** Whether the specified algorithm is an asymmetric signature algorithm,
+ * also known as public-key signature algorithm.
*
* \param alg An algorithm identifier (value of type #psa_algorithm_t).
*
- * \return 1 if \p alg is a public-key signature algorithm, 0 otherwise.
+ * \return 1 if \p alg is an asymmetric signature algorithm, 0 otherwise.
* This macro may return either 0 or 1 if \p alg is not a supported
* algorithm identifier.
*/
#define PSA_ALG_IS_SIGN(alg) \
(((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_SIGN)
-/** Whether the specified algorithm is a public-key encryption algorithm.
+/** Whether the specified algorithm is an asymmetric encryption algorithm,
+ * also known as public-key encryption algorithm.
*
* \param alg An algorithm identifier (value of type #psa_algorithm_t).
*
- * \return 1 if \p alg is a public-key encryption algorithm, 0 otherwise.
+ * \return 1 if \p alg is an asymmetric encryption algorithm, 0 otherwise.
* This macro may return either 0 or 1 if \p alg is not a supported
* algorithm identifier.
*/
@@ -1201,9 +1197,9 @@
/** Whether the specified algorithm is a hash-and-sign algorithm.
*
- * Hash-and-sign algorithms are public-key signature algorithms structured
- * in two parts: first the calculation of a hash in a way that does not
- * depend on the key, then the calculation of a signature from the
+ * Hash-and-sign algorithms are asymmetric (public-key) signature algorithms
+ * structured in two parts: first the calculation of a hash in a way that
+ * does not depend on the key, then the calculation of a signature from the
* hash value and the key.
*
* \param alg An algorithm identifier (value of type #psa_algorithm_t).
@@ -1255,7 +1251,7 @@
* #PSA_ALG_IS_HASH(\p hash_alg) is true) to use
* for MGF1.
*
- * \return The corresponding RSA OAEP signature algorithm.
+ * \return The corresponding RSA OAEP encryption algorithm.
* \return Unspecified if \p hash_alg is not a supported
* hash algorithm.
*/
@@ -1535,12 +1531,20 @@
* @{
*/
-/** A volatile key only exists as long as the handle to it is not closed.
+/** The default lifetime for volatile keys.
+ *
+ * A volatile key only exists as long as the handle to it is not closed.
* The key material is guaranteed to be erased on a power reset.
+ *
+ * A key with this lifetime is typically stored in the RAM area of the
+ * PSA Crypto subsystem. However this is an implementation choice.
+ * If an implementation stores data about the key in a non-volatile memory,
+ * it must release all the resources associated with the key and erase the
+ * key material if the calling application terminates.
*/
#define PSA_KEY_LIFETIME_VOLATILE ((psa_key_lifetime_t)0x00000000)
-/** The default storage area for persistent keys.
+/** The default lifetime for persistent keys.
*
* A persistent key remains in storage until it is explicitly destroyed or
* until the corresponding storage area is wiped. This specification does
@@ -1551,9 +1555,77 @@
* This lifetime value is the default storage area for the calling
* application. Implementations may offer other storage areas designated
* by other lifetime values as implementation-specific extensions.
+ * See ::psa_key_lifetime_t for more information.
*/
#define PSA_KEY_LIFETIME_PERSISTENT ((psa_key_lifetime_t)0x00000001)
+/** The persistence level of volatile keys.
+ *
+ * See ::psa_key_persistence_t for more information.
+ */
+#define PSA_KEY_PERSISTENCE_VOLATILE ((psa_key_persistence_t)0x00)
+
+/** The default persistence level for persistent keys.
+ *
+ * See ::psa_key_persistence_t for more information.
+ */
+#define PSA_KEY_PERSISTENCE_DEFAULT ((psa_key_persistence_t)0x01)
+
+/** A persistence level indicating that a key is never destroyed.
+ *
+ * See ::psa_key_persistence_t for more information.
+ */
+#define PSA_KEY_PERSISTENCE_READ_ONLY ((psa_key_persistence_t)0xff)
+
+#define PSA_KEY_LIFETIME_GET_PERSISTENCE(lifetime) \
+ ((psa_key_persistence_t)((lifetime) & 0x000000ff))
+
+#define PSA_KEY_LIFETIME_GET_LOCATION(lifetime) \
+ ((psa_key_location_t)((lifetime) >> 8))
+
+/** Whether a key lifetime indicates that the key is volatile.
+ *
+ * A volatile key is automatically destroyed by the implementation when
+ * the application instance terminates. In particular, a volatile key
+ * is automatically destroyed on a power reset of the device.
+ *
+ * A key that is not volatile is persistent. Persistent keys are
+ * preserved until the application explicitly destroys them or until an
+ * implementation-specific device management event occurs (for example,
+ * a factory reset).
+ *
+ * \param lifetime The lifetime value to query (value of type
+ * ::psa_key_lifetime_t).
+ *
+ * \return \c 1 if the key is volatile, otherwise \c 0.
+ */
+#define PSA_KEY_LIFETIME_IS_VOLATILE(lifetime) \
+ (PSA_KEY_LIFETIME_GET_PERSISTENCE(lifetime) == \
+ PSA_KEY_LIFETIME_PERSISTENCE_VOLATILE)
+
+/** Construct a lifetime from a persistence level and a location.
+ *
+ * \param persistence The persistence level
+ * (value of type ::psa_key_persistence_t).
+ * \param location The location indicator
+ * (value of type ::psa_key_location_t).
+ *
+ * \return The constructed lifetime value.
+ */
+#define PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(persistence, location) \
+ ((location) << 8 | (persistence))
+
+/** The local storage area for persistent keys.
+ *
+ * This storage area is available on all systems that can store persistent
+ * keys without delegating the storage to a third-party cryptoprocessor.
+ *
+ * See ::psa_key_location_t for more information.
+ */
+#define PSA_KEY_LOCATION_LOCAL_STORAGE ((psa_key_location_t)0x000000)
+
+#define PSA_KEY_LOCATION_VENDOR_FLAG ((psa_key_location_t)0x800000)
+
/** The minimum value for a key identifier chosen by the application.
*/
#define PSA_KEY_ID_USER_MIN ((psa_key_id_t)0x00000001)
diff --git a/interface/src/tfm_crypto_func_api.c b/interface/src/tfm_crypto_func_api.c
index c1b1d9060d..6ddbb6bc96 100644
--- a/interface/src/tfm_crypto_func_api.c
+++ b/interface/src/tfm_crypto_func_api.c
@@ -540,6 +540,60 @@ psa_status_t psa_hash_clone(const psa_hash_operation_t *source_operation,
return status;
}
+psa_status_t psa_hash_compute(psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *hash,
+ size_t hash_size,
+ size_t *hash_length)
+{
+ psa_status_t status;
+ struct tfm_crypto_pack_iovec iov = {
+ .sfn_id = TFM_CRYPTO_HASH_COMPUTE_SID,
+ .alg = alg,
+ };
+
+ psa_invec in_vec[] = {
+ {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
+ {.base = input, .len = input_length},
+ };
+
+ psa_outvec out_vec[] = {
+ {.base = hash, .len = hash_size}
+ };
+
+ status = API_DISPATCH(tfm_crypto_hash_compute,
+ TFM_CRYPTO_HASH_COMPUTE);
+
+ *hash_length = out_vec[0].len;
+
+ return status;
+}
+
+psa_status_t psa_hash_compare(psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ const uint8_t *hash,
+ size_t hash_length)
+{
+ psa_status_t status;
+ struct tfm_crypto_pack_iovec iov = {
+ .sfn_id = TFM_CRYPTO_HASH_COMPARE_SID,
+ .alg = alg,
+ };
+
+ psa_invec in_vec[] = {
+ {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
+ {.base = input, .len = input_length},
+ {.base = hash, .len = hash_length},
+ };
+
+ status = API_DISPATCH_NO_OUTVEC(tfm_crypto_hash_compare,
+ TFM_CRYPTO_HASH_COMPARE);
+
+ return status;
+}
+
psa_status_t psa_mac_sign_setup(psa_mac_operation_t *operation,
psa_key_handle_t handle,
psa_algorithm_t alg)
@@ -1146,19 +1200,6 @@ psa_status_t psa_get_key_domain_parameters(
return status;
}
-psa_status_t psa_hash_compare(psa_algorithm_t alg,
- const uint8_t *input,
- size_t input_length,
- const uint8_t *hash,
- const size_t hash_length)
-{
- psa_status_t status;
-
- status = PSA_ERROR_NOT_SUPPORTED;
-
- return status;
-}
-
psa_status_t psa_aead_update_ad(psa_aead_operation_t *operation,
const uint8_t *input,
size_t input_length)
@@ -1389,20 +1430,6 @@ psa_status_t psa_key_derivation_output_key(
return status;
}
-psa_status_t psa_hash_compute(psa_algorithm_t alg,
- const uint8_t *input,
- size_t input_length,
- uint8_t *hash,
- size_t hash_size,
- size_t *hash_length)
-{
- psa_status_t status;
-
- status = PSA_ERROR_NOT_SUPPORTED;
-
- return status;
-}
-
psa_status_t psa_aead_encrypt_setup(psa_aead_operation_t *operation,
psa_key_handle_t handle,
psa_algorithm_t alg)
diff --git a/interface/src/tfm_crypto_ipc_api.c b/interface/src/tfm_crypto_ipc_api.c
index 70b3a0dfe5..1e4df7c02d 100644
--- a/interface/src/tfm_crypto_ipc_api.c
+++ b/interface/src/tfm_crypto_ipc_api.c
@@ -735,6 +735,78 @@ psa_status_t psa_hash_clone(const psa_hash_operation_t *source_operation,
#endif /* TFM_CRYPTO_HASH_MODULE_DISABLED */
}
+psa_status_t psa_hash_compute(psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *hash,
+ size_t hash_size,
+ size_t *hash_length)
+{
+#ifdef TFM_CRYPTO_HASH_MODULE_DISABLED
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
+ psa_status_t status;
+ struct tfm_crypto_pack_iovec iov = {
+ .sfn_id = TFM_CRYPTO_HASH_COMPUTE_SID,
+ .alg = alg,
+ };
+
+ psa_invec in_vec[] = {
+ {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
+ {.base = input, .len = input_length},
+ };
+
+ psa_outvec out_vec[] = {
+ {.base = hash, .len = hash_size}
+ };
+
+ PSA_CONNECT(TFM_CRYPTO);
+
+ status = API_DISPATCH(tfm_crypto_hash_compute,
+ TFM_CRYPTO_HASH_COMPUTE);
+
+ *hash_length = out_vec[0].len;
+
+ PSA_CLOSE();
+
+ return status;
+#endif /* TFM_CRYPTO_HASH_MODULE_DISABLED */
+}
+
+psa_status_t psa_hash_compare(psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ const uint8_t *hash,
+ size_t hash_length)
+{
+#ifdef TFM_CRYPTO_HASH_MODULE_DISABLED
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
+ psa_status_t status;
+ struct tfm_crypto_pack_iovec iov = {
+ .sfn_id = TFM_CRYPTO_HASH_COMPARE_SID,
+ .alg = alg,
+ };
+
+ psa_invec in_vec[] = {
+ {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
+ {.base = input, .len = input_length},
+ {.base = hash, .len = hash_length},
+ };
+
+ PSA_CONNECT(TFM_CRYPTO);
+
+ status = API_DISPATCH_NO_OUTVEC(tfm_crypto_hash_compare,
+ TFM_CRYPTO_HASH_COMPARE);
+
+ PSA_CLOSE();
+
+ return status;
+#endif /* TFM_CRYPTO_HASH_MODULE_DISABLED */
+}
+
+
+
psa_status_t psa_mac_sign_setup(psa_mac_operation_t *operation,
psa_key_handle_t handle,
psa_algorithm_t alg)
@@ -1507,19 +1579,6 @@ psa_status_t psa_get_key_domain_parameters(
return status;
}
-psa_status_t psa_hash_compare(psa_algorithm_t alg,
- const uint8_t *input,
- size_t input_length,
- const uint8_t *hash,
- const size_t hash_length)
-{
- psa_status_t status;
-
- status = PSA_ERROR_NOT_SUPPORTED;
-
- return status;
-}
-
psa_status_t psa_aead_update_ad(psa_aead_operation_t *operation,
const uint8_t *input,
size_t input_length)
@@ -1790,20 +1849,6 @@ psa_status_t psa_key_derivation_output_key(
#endif /* TFM_CRYPTO_GENERATOR_MODULE_DISABLED */
}
-psa_status_t psa_hash_compute(psa_algorithm_t alg,
- const uint8_t *input,
- size_t input_length,
- uint8_t *hash,
- size_t hash_size,
- size_t *hash_length)
-{
- psa_status_t status;
-
- status = PSA_ERROR_NOT_SUPPORTED;
-
- return status;
-}
-
psa_status_t psa_aead_encrypt_setup(psa_aead_operation_t *operation,
psa_key_handle_t handle,
psa_algorithm_t alg)
diff --git a/lib/ext/t_cose/README.md b/lib/ext/t_cose/README.md
index fb23d665d6..d8acbf26ed 100644
--- a/lib/ext/t_cose/README.md
+++ b/lib/ext/t_cose/README.md
@@ -33,7 +33,7 @@ have to run in small fixed memory.
As of December 2019, the code is in reasonable working order and the public interface is
fairly stable. There is a crypto adaptaion layer for [OpenSSL](https://www.openssl.org)
-and for [Arm MBed Crypto](https://github.com/ARMmbed/mbed-crypto).
+and for [Arm MBed Crypto](https://github.com/ARMmbed/mbedTLS).
### The to-do list:
* Add some more tests, particular test vectors from C_COSE or such
diff --git a/secure_fw/partitions/crypto/CMakeLists.txt b/secure_fw/partitions/crypto/CMakeLists.txt
index 980144967b..d076edce9d 100644
--- a/secure_fw/partitions/crypto/CMakeLists.txt
+++ b/secure_fw/partitions/crypto/CMakeLists.txt
@@ -36,8 +36,8 @@ if (CRYPTO_ENGINE_MBEDTLS)
set (MBEDTLS_CONFIG_PATH "${PLATFORM_DIR}/common")
endif()
- #Define location of Mbed Crypto source, build, and installation directory.
- get_filename_component(MBEDCRYPTO_SOURCE_DIR "${TFM_ROOT_DIR}/../mbed-crypto" ABSOLUTE)
+ #Define location of Mbed-Crypto(MbedTLS) source, build, and installation directory.
+ get_filename_component(MBEDCRYPTO_SOURCE_DIR "${TFM_ROOT_DIR}/../mbedtls" ABSOLUTE)
set (MBEDCRYPTO_BINARY_DIR "${CMAKE_CURRENT_BINARY_DIR}/mbed-crypto/build")
set (MBEDCRYPTO_INSTALL_DIR ${MBEDCRYPTO_BINARY_DIR}/../install)
set (MBEDCRYPTO_TARGET_NAME "mbedcrypto_lib")
diff --git a/secure_fw/partitions/crypto/crypto_hash.c b/secure_fw/partitions/crypto/crypto_hash.c
index dcd71dc30c..9d5ae46e62 100644
--- a/secure_fw/partitions/crypto/crypto_hash.c
+++ b/secure_fw/partitions/crypto/crypto_hash.c
@@ -319,21 +319,60 @@ psa_status_t tfm_crypto_hash_clone(psa_invec in_vec[],
#endif /* TFM_CRYPTO_HASH_MODULE_DISABLED */
}
-psa_status_t tfm_crypto_hash_compare(psa_invec in_vec[],
+psa_status_t tfm_crypto_hash_compute(psa_invec in_vec[],
size_t in_len,
psa_outvec out_vec[],
size_t out_len)
{
- /* FixMe: To be implemented */
+#ifdef TFM_CRYPTO_HASH_MODULE_DISABLED
return PSA_ERROR_NOT_SUPPORTED;
+#else
+ if ((in_len != 2) || (out_len != 1)) {
+ return PSA_ERROR_CONNECTION_REFUSED;
+ }
+
+ if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec))) {
+ return PSA_ERROR_CONNECTION_REFUSED;
+ }
+
+ const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
+ psa_algorithm_t alg = iov->alg;
+ const uint8_t *input = in_vec[1].base;
+ size_t input_length = in_vec[1].len;
+ uint8_t *hash = out_vec[0].base;
+ size_t hash_size = out_vec[0].len;
+
+ /* Initialize hash_length to zero */
+ out_vec[0].len = 0;
+ return psa_hash_compute(alg, input, input_length, hash, hash_size,
+ &out_vec[0].len);
+#endif /* TFM_CRYPTO_HASH_MODULE_DISABLED */
}
-psa_status_t tfm_crypto_hash_compute(psa_invec in_vec[],
+psa_status_t tfm_crypto_hash_compare(psa_invec in_vec[],
size_t in_len,
psa_outvec out_vec[],
size_t out_len)
{
- /* FixMe: To be implemented */
+#ifdef TFM_CRYPTO_HASH_MODULE_DISABLED
return PSA_ERROR_NOT_SUPPORTED;
+#else
+ if (in_len != 3) {
+ return PSA_ERROR_CONNECTION_REFUSED;
+ }
+
+ if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec))) {
+ return PSA_ERROR_CONNECTION_REFUSED;
+ }
+
+ const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
+ psa_algorithm_t alg = iov->alg;
+ const uint8_t *input = in_vec[1].base;
+ size_t input_length = in_vec[1].len;
+ const uint8_t *hash = in_vec[2].base;
+ size_t hash_length = in_vec[2].len;
+
+ return psa_hash_compare(alg, input, input_length, hash, hash_length);
+#endif /* TFM_CRYPTO_HASH_MODULE_DISABLED */
}
/*!@}*/
diff --git a/secure_fw/partitions/crypto/crypto_spe.h b/secure_fw/partitions/crypto/crypto_spe.h
index a383d0b4d0..2ceaefdc66 100644
--- a/secure_fw/partitions/crypto/crypto_spe.h
+++ b/secure_fw/partitions/crypto/crypto_spe.h
@@ -98,6 +98,10 @@
PSA_FUNCTION_NAME(psa_hash_abort)
#define psa_hash_clone \
PSA_FUNCTION_NAME(psa_hash_clone)
+#define psa_hash_compute \
+ PSA_FUNCTION_NAME(psa_hash_compute)
+#define psa_hash_compare \
+ PSA_FUNCTION_NAME(psa_hash_compare)
#define psa_mac_operation_init \
PSA_FUNCTION_NAME(psa_mac_operation_init)
#define psa_mac_sign_setup \
diff --git a/secure_fw/partitions/crypto/tfm_crypto_secure_api.c b/secure_fw/partitions/crypto/tfm_crypto_secure_api.c
index dd48c40ff7..ab0d9479df 100644
--- a/secure_fw/partitions/crypto/tfm_crypto_secure_api.c
+++ b/secure_fw/partitions/crypto/tfm_crypto_secure_api.c
@@ -853,6 +853,86 @@ psa_status_t psa_hash_clone(const psa_hash_operation_t *source_operation,
}
__attribute__((section("SFN")))
+psa_status_t psa_hash_compute(psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *hash,
+ size_t hash_size,
+ size_t *hash_length)
+{
+#if (TFM_CRYPTO_HASH_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
+ psa_status_t status;
+ struct tfm_crypto_pack_iovec iov = {
+ .sfn_id = TFM_CRYPTO_HASH_COMPUTE_SID,
+ .alg = alg,
+ };
+
+ psa_invec in_vec[] = {
+ {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
+ {.base = input, .len = input_length},
+ };
+
+ psa_outvec out_vec[] = {
+ {.base = hash, .len = hash_size}
+ };
+
+#ifdef TFM_PSA_API
+ PSA_CONNECT(TFM_CRYPTO);
+#endif
+
+ status = API_DISPATCH(tfm_crypto_hash_compute,
+ TFM_CRYPTO_HASH_COMPUTE);
+
+ *hash_length = out_vec[0].len;
+
+#ifdef TFM_PSA_API
+ PSA_CLOSE();
+#endif
+
+ return status;
+#endif /* TFM_CRYPTO_HASH_MODULE_DISABLED */
+}
+
+__attribute__((section("SFN")))
+psa_status_t psa_hash_compare(psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ const uint8_t *hash,
+ size_t hash_length)
+{
+#if (TFM_CRYPTO_HASH_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
+ psa_status_t status;
+ struct tfm_crypto_pack_iovec iov = {
+ .sfn_id = TFM_CRYPTO_HASH_COMPARE_SID,
+ .alg = alg,
+ };
+
+ psa_invec in_vec[] = {
+ {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
+ {.base = input, .len = input_length},
+ {.base = hash, .len = hash_length},
+ };
+
+#ifdef TFM_PSA_API
+ PSA_CONNECT(TFM_CRYPTO);
+#endif
+
+ status = API_DISPATCH_NO_OUTVEC(tfm_crypto_hash_compare,
+ TFM_CRYPTO_HASH_COMPARE);
+
+#ifdef TFM_PSA_API
+ PSA_CLOSE();
+#endif
+
+ return status;
+#endif /* TFM_CRYPTO_HASH_MODULE_DISABLED */
+}
+
+__attribute__((section("SFN")))
psa_status_t psa_mac_sign_setup(psa_mac_operation_t *operation,
psa_key_handle_t handle,
psa_algorithm_t alg)
@@ -1737,20 +1817,6 @@ psa_status_t psa_get_key_domain_parameters(
}
__attribute__((section("SFN")))
-psa_status_t psa_hash_compare(psa_algorithm_t alg,
- const uint8_t *input,
- size_t input_length,
- const uint8_t *hash,
- const size_t hash_length)
-{
- psa_status_t status;
-
- status = PSA_ERROR_NOT_SUPPORTED;
-
- return status;
-}
-
-__attribute__((section("SFN")))
psa_status_t psa_aead_update_ad(psa_aead_operation_t *operation,
const uint8_t *input,
size_t input_length)
@@ -2053,21 +2119,6 @@ psa_status_t psa_key_derivation_output_key(
}
__attribute__((section("SFN")))
-psa_status_t psa_hash_compute(psa_algorithm_t alg,
- const uint8_t *input,
- size_t input_length,
- uint8_t *hash,
- size_t hash_size,
- size_t *hash_length)
-{
- psa_status_t status;
-
- status = PSA_ERROR_NOT_SUPPORTED;
-
- return status;
-}
-
-__attribute__((section("SFN")))
psa_status_t psa_aead_encrypt_setup(psa_aead_operation_t *operation,
psa_key_handle_t handle,
psa_algorithm_t alg)