diff options
author | David Hu <david.hu@arm.com> | 2021-06-25 14:55:35 +0800 |
---|---|---|
committer | David Hu <david.hu@arm.com> | 2021-06-28 07:47:55 +0200 |
commit | b3d7d683f0acbf382a252370cfdd0958a173b2b8 (patch) | |
tree | ca3a8e60a9c922577fb65f2bbf131504aa5fb9e3 /secure_fw/partitions | |
parent | 95fb876360824456d7685f9c6f3d000c5ce7fab9 (diff) | |
download | trusted-firmware-m-b3d7d683f0acbf382a252370cfdd0958a173b2b8.tar.gz |
Crypto: Add a config CRYPTO_KEY_ID_ENCODES_OWNER
Add a config CRYPTO_KEY_ID_ENCODES_OWNER to control whether client ID is
encoded into PSA Crypto key ID. This config shall be aligned with
underlying crypto library key ID encoding configuration.
Change-Id: I3b6073a7c1b440e7de0f5889e8dc32416003e3b7
Signed-off-by: David Hu <david.hu@arm.com>
Diffstat (limited to 'secure_fw/partitions')
-rw-r--r-- | secure_fw/partitions/crypto/CMakeLists.txt | 2 | ||||
-rw-r--r-- | secure_fw/partitions/crypto/crypto_key.c | 18 |
2 files changed, 11 insertions, 9 deletions
diff --git a/secure_fw/partitions/crypto/CMakeLists.txt b/secure_fw/partitions/crypto/CMakeLists.txt index e690ec2e9f..9b7fe7bf27 100644 --- a/secure_fw/partitions/crypto/CMakeLists.txt +++ b/secure_fw/partitions/crypto/CMakeLists.txt @@ -75,6 +75,7 @@ target_compile_definitions(tfm_psa_rot_partition_crypto $<$<BOOL:${CRYPTO_ENGINE_BUF_SIZE}>:TFM_CRYPTO_ENGINE_BUF_SIZE=${CRYPTO_ENGINE_BUF_SIZE}> $<$<BOOL:${CRYPTO_CONC_OPER_NUM}>:TFM_CRYPTO_CONC_OPER_NUM=${CRYPTO_CONC_OPER_NUM}> $<$<AND:$<BOOL:${TFM_PSA_API}>,$<BOOL:${CRYPTO_IOVEC_BUFFER_SIZE}>>:TFM_CRYPTO_IOVEC_BUFFER_SIZE=${CRYPTO_IOVEC_BUFFER_SIZE}> + $<$<BOOL:${CRYPTO_KEY_ID_ENCODES_OWNER}>:CRYPTO_KEY_ID_ENCODES_OWNER> ) ################ Display the configuration being applied ####################### @@ -92,6 +93,7 @@ message(STATUS "CRYPTO_ASYM_SIGN_MODULE_DISABLED is set to ${CRYPTO_ASYM_SIGN_MO message(STATUS "CRYPTO_ASYM_ENCRYPT_MODULE_DISABLED is set to ${CRYPTO_ASYM_ENCRYPT_MODULE_DISABLED}") message(STATUS "CRYPTO_ENGINE_BUF_SIZE is set to ${CRYPTO_ENGINE_BUF_SIZE}") message(STATUS "CRYPTO_CONC_OPER_NUM is set to ${CRYPTO_CONC_OPER_NUM}") +message(STATUS "CRYPTO_KEY_ID_ENCODES_OWNER is set to ${CRYPTO_KEY_ID_ENCODES_OWNER}") if (${TFM_PSA_API}) message(STATUS "CRYPTO_IOVEC_BUFFER_SIZE is set to ${CRYPTO_IOVEC_BUFFER_SIZE}") endif() diff --git a/secure_fw/partitions/crypto/crypto_key.c b/secure_fw/partitions/crypto/crypto_key.c index e1db197cfe..dd03417bc6 100644 --- a/secure_fw/partitions/crypto/crypto_key.c +++ b/secure_fw/partitions/crypto/crypto_key.c @@ -15,7 +15,7 @@ #include "tfm_crypto_private.h" #ifndef TFM_CRYPTO_KEY_MODULE_DISABLED -#ifdef MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER +#ifdef CRYPTO_KEY_ID_ENCODES_OWNER #ifndef TFM_CRYPTO_MAX_KEY_HANDLES #define TFM_CRYPTO_MAX_KEY_HANDLES (32) #endif @@ -104,7 +104,7 @@ static void encoded_key_id_make(psa_key_id_t key, uint8_t slot_idx, /* Skip checking encoded_key */ *encoded_key = mbedtls_svc_key_id_make(handle_owner[slot_idx].owner, key); } -#else /* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */ +#else /* CRYPTO_KEY_ID_ENCODES_OWNER */ #define set_handle_owner(idx, client_id, key_handle) do {} while (0) #define clean_handle_owner(idx) do {} while (0) @@ -134,7 +134,7 @@ static inline void encoded_key_id_make(psa_key_id_t key, uint8_t slot_idx, /* Skip checking encoded_key */ *encoded_key = mbedtls_svc_key_id_make(TFM_INVALID_CLIENT_ID, key); } -#endif /* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */ +#endif /* CRYPTO_KEY_ID_ENCODES_OWNER */ #endif /* !TFM_CRYPTO_KEY_MODULE_DISABLED */ /*! @@ -161,7 +161,7 @@ psa_status_t tfm_crypto_key_attributes_from_client( key_attributes->core.bits = client_key_attr->bits; /* Use the client key id as the key_id and its partition id as the owner */ -#ifdef MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER +#ifdef CRYPTO_KEY_ID_ENCODES_OWNER key_attributes->core.id.key_id = client_key_attr->id; key_attributes->core.id.owner = client_id; #else @@ -190,7 +190,7 @@ psa_status_t tfm_crypto_key_attributes_to_client( client_key_attr->bits = key_attributes->core.bits; /* Return the key_id as the client key id, do not return the owner */ -#ifdef MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER +#ifdef CRYPTO_KEY_ID_ENCODES_OWNER client_key_attr->id = key_attributes->core.id.key_id; #else client_key_attr->id = key_attributes->core.id; @@ -330,7 +330,7 @@ psa_status_t tfm_crypto_import_key(psa_invec in_vec[], status = psa_import_key(&key_attributes, data, data_length, &encoded_key); /* Update the imported key id */ -#ifdef MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER +#ifdef CRYPTO_KEY_ID_ENCODES_OWNER *psa_key = encoded_key.key_id; #else *psa_key = (psa_key_id_t)encoded_key; @@ -382,7 +382,7 @@ psa_status_t tfm_crypto_open_key(psa_invec in_vec[], encoded_key = mbedtls_svc_key_id_make(partition_id, client_key_id); status = psa_open_key(encoded_key, &encoded_key); -#ifdef MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER +#ifdef CRYPTO_KEY_ID_ENCODES_OWNER *key = encoded_key.key_id; #else *key = (psa_key_id_t)encoded_key; @@ -711,7 +711,7 @@ psa_status_t tfm_crypto_copy_key(psa_invec in_vec[], encoded_key_id_make(source_key_id, i, &encoded_key); status = psa_copy_key(encoded_key, &key_attributes, &target_key); -#ifdef MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER +#ifdef CRYPTO_KEY_ID_ENCODES_OWNER *target_key_id = target_key.key_id; #else *target_key_id = (psa_key_id_t)target_key; @@ -766,7 +766,7 @@ psa_status_t tfm_crypto_generate_key(psa_invec in_vec[], } status = psa_generate_key(&key_attributes, &encoded_key); -#ifdef MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER +#ifdef CRYPTO_KEY_ID_ENCODES_OWNER *key_handle = encoded_key.key_id; #else *key_handle = (psa_key_id_t)encoded_key; |