aboutsummaryrefslogtreecommitdiff
path: root/interface/include
diff options
context:
space:
mode:
authorSoby Mathew <soby.mathew@arm.com>2020-05-21 15:06:54 +0100
committerSoby Mathew <soby.mathew@arm.com>2020-06-09 03:36:58 +0000
commitd7b79f2c07c8988844050ae7575a21ea90a3d090 (patch)
treef35c3bd4e590deb988cab932d9ecefd6cad1dfff /interface/include
parent9d96328126f3e27998402fd02dac794edf722358 (diff)
downloadtrusted-firmware-m-d7b79f2c07c8988844050ae7575a21ea90a3d090.tar.gz
crypto: decouple the PSA Crypto interface from TF-M flags
This patch cleanup the PSA Crypto interface headers files and decouples it from TF-M build flag dependencies. The `psa_key_attributes_t` struct definition previously depended on various config options. The struct now only has fields which can be set and read by the client. Hence the client view of the structure is now defined separately in the crypto_client_struct.h header. The platform dependant definitions of the PSA Crypto types are fixed and hence the crypto_platform.h header is removed and the contents are moved to other PSA crypto headers. The previous intermediate solution for hiding the type differences between crypto server and client view via `psa_client_core_key_attributes_t` is now removed. Change-Id: I2644b5a2da3babe561c569ebf5690b3daa576a12 Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Diffstat (limited to 'interface/include')
-rw-r--r--interface/include/psa/crypto.h8
-rw-r--r--interface/include/psa/crypto_client_struct.h48
-rw-r--r--interface/include/psa/crypto_platform.h51
-rw-r--r--interface/include/psa/crypto_struct.h126
-rw-r--r--interface/include/psa/crypto_types.h6
-rw-r--r--interface/include/psa/crypto_values.h8
6 files changed, 82 insertions, 165 deletions
diff --git a/interface/include/psa/crypto.h b/interface/include/psa/crypto.h
index 91581172c2..14591957b8 100644
--- a/interface/include/psa/crypto.h
+++ b/interface/include/psa/crypto.h
@@ -12,8 +12,6 @@
#ifndef PSA_CRYPTO_H
#define PSA_CRYPTO_H
-#include "psa/crypto_platform.h"
-
#include <stddef.h>
#ifdef __DOXYGEN_ONLY__
@@ -3759,6 +3757,12 @@ psa_status_t psa_generate_key(const psa_key_attributes_t *attributes,
* macros whose definitions are implementation-specific. */
#include "psa/crypto_sizes.h"
+/* The file "crypto_client_struct.h" contains definitions for structures
+ * whose definitions differ in the client view and the PSA server
+ * implementation in TF-M. */
+#include "psa/crypto_client_struct.h"
+
+
/* The file "crypto_struct.h" contains definitions for
* implementation-specific structs that are declared above. */
#include "psa/crypto_struct.h"
diff --git a/interface/include/psa/crypto_client_struct.h b/interface/include/psa/crypto_client_struct.h
new file mode 100644
index 0000000000..732441aaaf
--- /dev/null
+++ b/interface/include/psa/crypto_client_struct.h
@@ -0,0 +1,48 @@
+/*
+ * Copyright (c) 2020, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+/**
+ * \file psa/crypto_client_struct.h
+ *
+ * \brief PSA cryptography client key attribute definitions
+ *
+ * \note This file may not be included directly. Applications must
+ * include psa/crypto.h.
+ *
+ * This file contains the definitions of some data structures with
+ * PSA crypto client specific definitions. This is for implementations
+ * with isolation between the Client applications and the Crypto
+ * Server module, it is expected that the front-end and the back-end
+ * would have different versions of the data structure.
+ */
+#ifndef PSA_CRYPTO_CLIENT_STRUCT_H
+#define PSA_CRYPTO_CLIENT_STRUCT_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* This is the client view of the `key_attributes` structure. Only
+ * fields which need to be set by the PSA crypto client are present.
+ * The PSA crypto service will maintain a different version of the
+ * data structure internally. */
+struct psa_client_key_attributes_s
+{
+ uint32_t type;
+ uint32_t lifetime;
+ uint32_t id;
+ uint32_t alg;
+ uint32_t usage;
+ uint16_t bits;
+};
+
+#define PSA_CLIENT_KEY_ATTRIBUTES_INIT {0, 0, 0, 0, 0, 0}
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* PSA_CRYPTO_CLIENT_STRUCT_H */
diff --git a/interface/include/psa/crypto_platform.h b/interface/include/psa/crypto_platform.h
deleted file mode 100644
index c3120e485b..0000000000
--- a/interface/include/psa/crypto_platform.h
+++ /dev/null
@@ -1,51 +0,0 @@
-/*
- * Copyright (c) 2018-2020, Arm Limited. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- *
- */
-/**
- * \file psa/crypto_platform.h
- *
- * \brief PSA cryptography module: Mbed TLS platform definitions
- *
- * \note This file may not be included directly. Applications must
- * include psa/crypto.h.
- *
- * This file contains platform-dependent type definitions.
- *
- * In implementations with isolation between the application and the
- * cryptography module, implementers should take care to ensure that
- * the definitions that are exposed to applications match what the
- * module implements.
- */
-
-#ifndef PSA_CRYPTO_PLATFORM_H
-#define PSA_CRYPTO_PLATFORM_H
-
-/* PSA requires several types which C99 provides in stdint.h. */
-#include <stdint.h>
-
-/* Integral type representing a key handle. */
-typedef uint16_t psa_key_handle_t;
-
-/* This implementation distinguishes *application key identifiers*, which
- * are the key identifiers specified by the application, from
- * *key file identifiers*, which are the key identifiers that the library
- * sees internally. The two types can be different if there is a remote
- * call layer between the application and the library which supports
- * multiple client applications that do not have access to each others'
- * keys. The point of having different types is that the key file
- * identifier may encode not only the key identifier specified by the
- * application, but also the the identity of the application.
- *
- * Note that this is an internal concept of the library and the remote
- * call layer. The application itself never sees anything other than
- * #psa_app_key_id_t with its standard definition.
- */
-
-/* The application key identifier is always what the application sees as
- * #psa_key_id_t. */
-typedef uint32_t psa_app_key_id_t;
-
-#endif /* PSA_CRYPTO_PLATFORM_H */
diff --git a/interface/include/psa/crypto_struct.h b/interface/include/psa/crypto_struct.h
index 403a734000..ac08987ca0 100644
--- a/interface/include/psa/crypto_struct.h
+++ b/interface/include/psa/crypto_struct.h
@@ -104,21 +104,6 @@ static inline struct psa_key_derivation_s psa_key_derivation_operation_init( voi
return( v );
}
-struct psa_key_policy_s
-{
- psa_key_usage_t usage;
- psa_algorithm_t alg;
- psa_algorithm_t alg2;
-};
-typedef struct psa_key_policy_s psa_key_policy_t;
-
-#define PSA_KEY_POLICY_INIT {0, 0, 0}
-static inline struct psa_key_policy_s psa_key_policy_init( void )
-{
- const struct psa_key_policy_s v = PSA_KEY_POLICY_INIT;
- return( v );
-}
-
/* The type used internally for key sizes.
* Public interfaces use size_t, but internally we use a smaller type. */
typedef uint16_t psa_key_bits_t;
@@ -132,166 +117,93 @@ typedef uint16_t psa_key_bits_t;
* conditionals. */
#define PSA_MAX_KEY_BITS 0xfff8
-/** A mask of flags that can be stored in key attributes.
- *
- * This type is also used internally to store flags in slots. Internal
- * flags are defined in library/psa_crypto_core.h. Internal flags may have
- * the same value as external flags if they are properly handled during
- * key creation and in psa_get_key_attributes.
- */
-typedef uint16_t psa_key_attributes_flag_t;
-
-#define MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER \
- ( (psa_key_attributes_flag_t) 0x0001 )
-
-/* A mask of key attribute flags used externally only.
- * Only meant for internal checks inside the library. */
-#define MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY ( \
- MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER | \
- 0 )
+#define PSA_KEY_ATTRIBUTES_INIT PSA_CLIENT_KEY_ATTRIBUTES_INIT
-/* A mask of key attribute flags used both internally and externally.
- * Currently there aren't any. */
-#define MBEDTLS_PSA_KA_MASK_DUAL_USE ( \
- 0 )
-
-typedef struct
+static inline struct psa_client_key_attributes_s psa_key_attributes_init( void )
{
- psa_key_type_t type;
- psa_key_lifetime_t lifetime;
- psa_key_id_t id;
- psa_key_policy_t policy;
- psa_key_bits_t bits;
- psa_key_attributes_flag_t flags;
-} psa_core_key_attributes_t;
-
-#define PSA_CORE_KEY_ATTRIBUTES_INIT {0, 0, PSA_KEY_ID_INIT, PSA_KEY_POLICY_INIT, 0, 0}
-
-struct psa_key_attributes_s
-{
- psa_core_key_attributes_t core;
-#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
- psa_key_slot_number_t slot_number;
-#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
- void *domain_parameters;
- size_t domain_parameters_size;
-};
-
-#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
-#define PSA_KEY_ATTRIBUTES_INIT {PSA_CORE_KEY_ATTRIBUTES_INIT, 0, NULL, 0}
-#else
-#define PSA_KEY_ATTRIBUTES_INIT {PSA_CORE_KEY_ATTRIBUTES_INIT, NULL, 0}
-#endif
-
-static inline struct psa_key_attributes_s psa_key_attributes_init( void )
-{
- const struct psa_key_attributes_s v = PSA_KEY_ATTRIBUTES_INIT;
+ const struct psa_client_key_attributes_s v = PSA_KEY_ATTRIBUTES_INIT;
return( v );
}
static inline void psa_set_key_id(psa_key_attributes_t *attributes,
psa_key_id_t id)
{
- attributes->core.id = id;
- if( attributes->core.lifetime == PSA_KEY_LIFETIME_VOLATILE )
- attributes->core.lifetime = PSA_KEY_LIFETIME_PERSISTENT;
+ attributes->id = id;
+ if( attributes->lifetime == PSA_KEY_LIFETIME_VOLATILE )
+ attributes->lifetime = PSA_KEY_LIFETIME_PERSISTENT;
}
static inline psa_key_id_t psa_get_key_id(
const psa_key_attributes_t *attributes)
{
- return( attributes->core.id );
+ return( attributes->id );
}
static inline void psa_set_key_lifetime(psa_key_attributes_t *attributes,
psa_key_lifetime_t lifetime)
{
- attributes->core.lifetime = lifetime;
+ attributes->lifetime = lifetime;
if( lifetime == PSA_KEY_LIFETIME_VOLATILE )
{
-#ifdef MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER
- attributes->core.id.key_id = 0;
- attributes->core.id.owner = 0;
-#else
- attributes->core.id = 0;
-#endif
+ attributes->id = 0;
}
}
static inline psa_key_lifetime_t psa_get_key_lifetime(
const psa_key_attributes_t *attributes)
{
- return( attributes->core.lifetime );
+ return( attributes->lifetime );
}
static inline void psa_set_key_usage_flags(psa_key_attributes_t *attributes,
psa_key_usage_t usage_flags)
{
- attributes->core.policy.usage = usage_flags;
+ attributes->usage = usage_flags;
}
static inline psa_key_usage_t psa_get_key_usage_flags(
const psa_key_attributes_t *attributes)
{
- return( attributes->core.policy.usage );
+ return( attributes->usage );
}
static inline void psa_set_key_algorithm(psa_key_attributes_t *attributes,
psa_algorithm_t alg)
{
- attributes->core.policy.alg = alg;
+ attributes->alg = alg;
}
static inline psa_algorithm_t psa_get_key_algorithm(
const psa_key_attributes_t *attributes)
{
- return( attributes->core.policy.alg );
+ return( attributes->alg );
}
-/* This function is declared in crypto_extra.h, which comes after this
- * header file, but we need the function here, so repeat the declaration. */
-psa_status_t psa_set_key_domain_parameters(psa_key_attributes_t *attributes,
- psa_key_type_t type,
- const uint8_t *data,
- size_t data_length);
-
static inline void psa_set_key_type(psa_key_attributes_t *attributes,
psa_key_type_t type)
{
- if( attributes->domain_parameters == NULL )
- {
- /* Common case: quick path */
- attributes->core.type = type;
- }
- else
- {
- /* Call the bigger function to free the old domain paramteres.
- * Ignore any errors which may arise due to type requiring
- * non-default domain parameters, since this function can't
- * report errors. */
- (void) psa_set_key_domain_parameters( attributes, type, NULL, 0 );
- }
+ attributes->type = type;
}
static inline psa_key_type_t psa_get_key_type(
const psa_key_attributes_t *attributes)
{
- return( attributes->core.type );
+ return( attributes->type );
}
static inline void psa_set_key_bits(psa_key_attributes_t *attributes,
size_t bits)
{
if( bits > PSA_MAX_KEY_BITS )
- attributes->core.bits = PSA_KEY_BITS_TOO_LARGE;
+ attributes->bits = PSA_KEY_BITS_TOO_LARGE;
else
- attributes->core.bits = (psa_key_bits_t) bits;
+ attributes->bits = bits;
}
static inline size_t psa_get_key_bits(
const psa_key_attributes_t *attributes)
{
- return( attributes->core.bits );
+ return( attributes->bits );
}
#ifdef __cplusplus
diff --git a/interface/include/psa/crypto_types.h b/interface/include/psa/crypto_types.h
index 690999f79c..6ac95a8d9f 100644
--- a/interface/include/psa/crypto_types.h
+++ b/interface/include/psa/crypto_types.h
@@ -49,6 +49,10 @@ typedef int32_t psa_status_t;
* @{
*/
+/* Integral type representing a key handle. */
+typedef uint16_t psa_key_handle_t;
+
+
/** \brief Encoding of a key type.
*/
typedef uint32_t psa_key_type_t;
@@ -297,7 +301,7 @@ typedef uint32_t psa_key_usage_t;
*
* Once a key has been created, it is impossible to change its attributes.
*/
-typedef struct psa_key_attributes_s psa_key_attributes_t;
+typedef struct psa_client_key_attributes_s psa_key_attributes_t;
/**@}*/
diff --git a/interface/include/psa/crypto_values.h b/interface/include/psa/crypto_values.h
index 7fde07385f..e21ef273e9 100644
--- a/interface/include/psa/crypto_values.h
+++ b/interface/include/psa/crypto_values.h
@@ -1556,16 +1556,16 @@
/** The minimum value for a key identifier chosen by the application.
*/
-#define PSA_KEY_ID_USER_MIN ((psa_app_key_id_t)0x00000001)
+#define PSA_KEY_ID_USER_MIN ((psa_key_id_t)0x00000001)
/** The maximum value for a key identifier chosen by the application.
*/
-#define PSA_KEY_ID_USER_MAX ((psa_app_key_id_t)0x3fffffff)
+#define PSA_KEY_ID_USER_MAX ((psa_key_id_t)0x3fffffff)
/** The minimum value for a key identifier chosen by the implementation.
*/
-#define PSA_KEY_ID_VENDOR_MIN ((psa_app_key_id_t)0x40000000)
+#define PSA_KEY_ID_VENDOR_MIN ((psa_key_id_t)0x40000000)
/** The maximum value for a key identifier chosen by the implementation.
*/
-#define PSA_KEY_ID_VENDOR_MAX ((psa_app_key_id_t)0x7fffffff)
+#define PSA_KEY_ID_VENDOR_MAX ((psa_key_id_t)0x7fffffff)
/**@}*/