aboutsummaryrefslogtreecommitdiff
path: root/secure_fw
diff options
context:
space:
mode:
authorSoby Mathew <soby.mathew@arm.com>2020-05-21 15:06:54 +0100
committerSoby Mathew <soby.mathew@arm.com>2020-06-09 03:36:58 +0000
commitd7b79f2c07c8988844050ae7575a21ea90a3d090 (patch)
treef35c3bd4e590deb988cab932d9ecefd6cad1dfff /secure_fw
parent9d96328126f3e27998402fd02dac794edf722358 (diff)
downloadtrusted-firmware-m-d7b79f2c07c8988844050ae7575a21ea90a3d090.tar.gz
crypto: decouple the PSA Crypto interface from TF-M flags
This patch cleanup the PSA Crypto interface headers files and decouples it from TF-M build flag dependencies. The `psa_key_attributes_t` struct definition previously depended on various config options. The struct now only has fields which can be set and read by the client. Hence the client view of the structure is now defined separately in the crypto_client_struct.h header. The platform dependant definitions of the PSA Crypto types are fixed and hence the crypto_platform.h header is removed and the contents are moved to other PSA crypto headers. The previous intermediate solution for hiding the type differences between crypto server and client view via `psa_client_core_key_attributes_t` is now removed. Change-Id: I2644b5a2da3babe561c569ebf5690b3daa576a12 Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Diffstat (limited to 'secure_fw')
-rw-r--r--secure_fw/CMakeLists.txt2
-rw-r--r--secure_fw/partitions/crypto/crypto_key.c60
-rw-r--r--secure_fw/partitions/crypto/crypto_key_derivation.c4
-rw-r--r--secure_fw/partitions/crypto/tfm_crypto_api.h32
4 files changed, 35 insertions, 63 deletions
diff --git a/secure_fw/CMakeLists.txt b/secure_fw/CMakeLists.txt
index bf9b5453d4..8bd5d18ff6 100644
--- a/secure_fw/CMakeLists.txt
+++ b/secure_fw/CMakeLists.txt
@@ -429,7 +429,7 @@ function(set_up_secure_fw_build)
install(FILES ${INTERFACE_INC_DIR}/psa/crypto_extra.h
${INTERFACE_INC_DIR}/psa/crypto_compat.h
${INTERFACE_INC_DIR}/psa/crypto.h
- ${INTERFACE_INC_DIR}/psa/crypto_platform.h
+ ${INTERFACE_INC_DIR}/psa/crypto_client_struct.h
${INTERFACE_INC_DIR}/psa/crypto_sizes.h
${INTERFACE_INC_DIR}/psa/crypto_struct.h
${INTERFACE_INC_DIR}/psa/crypto_types.h
diff --git a/secure_fw/partitions/crypto/crypto_key.c b/secure_fw/partitions/crypto/crypto_key.c
index ef3b309f45..ff062ac4fb 100644
--- a/secure_fw/partitions/crypto/crypto_key.c
+++ b/secure_fw/partitions/crypto/crypto_key.c
@@ -37,10 +37,9 @@ static struct tfm_crypto_handle_owner_s
* \defgroup public Public functions
*
*/
-
/*!@{*/
psa_status_t tfm_crypto_key_attributes_from_client(
- const psa_client_key_attributes_t *client_key_attr,
+ const struct psa_client_key_attributes_s *client_key_attr,
int32_t client_id,
psa_key_attributes_t *key_attributes)
{
@@ -48,19 +47,17 @@ psa_status_t tfm_crypto_key_attributes_from_client(
return PSA_ERROR_PROGRAMMER_ERROR;
}
- /* Domain parameters are not supported, ignore any passed by the client */
- key_attributes->domain_parameters = NULL;
- key_attributes->domain_parameters_size = 0;
+ *key_attributes = psa_key_attributes_init();
/* Copy core key attributes from the client core key attributes */
- key_attributes->core.type = client_key_attr->core.type;
- key_attributes->core.lifetime = client_key_attr->core.lifetime;
- key_attributes->core.policy = client_key_attr->core.policy;
- key_attributes->core.bits = client_key_attr->core.bits;
- key_attributes->core.flags = client_key_attr->core.flags;
+ key_attributes->core.type = client_key_attr->type;
+ key_attributes->core.lifetime = client_key_attr->lifetime;
+ key_attributes->core.policy.usage = client_key_attr->usage;
+ key_attributes->core.policy.alg = client_key_attr->alg;
+ key_attributes->core.bits = client_key_attr->bits;
/* Use the client key id as the key_id and its partition id as the owner */
- key_attributes->core.id.key_id = client_key_attr->core.id;
+ key_attributes->core.id.key_id = client_key_attr->id;
key_attributes->core.id.owner = client_id;
return PSA_SUCCESS;
@@ -68,25 +65,24 @@ psa_status_t tfm_crypto_key_attributes_from_client(
psa_status_t tfm_crypto_key_attributes_to_client(
const psa_key_attributes_t *key_attributes,
- psa_client_key_attributes_t *client_key_attr)
+ struct psa_client_key_attributes_s *client_key_attr)
{
if (client_key_attr == NULL || key_attributes == NULL) {
return PSA_ERROR_PROGRAMMER_ERROR;
}
- /* Domain parameters are not supported, avoid passing any to the client */
- client_key_attr->domain_parameters = NULL;
- client_key_attr->domain_parameters_size = 0;
+ struct psa_client_key_attributes_s v = PSA_CLIENT_KEY_ATTRIBUTES_INIT;
+ *client_key_attr = v;
- /* Copy core key attributes to the client core key attributes */
- client_key_attr->core.type = key_attributes->core.type;
- client_key_attr->core.lifetime = key_attributes->core.lifetime;
- client_key_attr->core.policy = key_attributes->core.policy;
- client_key_attr->core.bits = key_attributes->core.bits;
- client_key_attr->core.flags = key_attributes->core.flags;
+ /* Copy core key attributes from the client core key attributes */
+ client_key_attr->type = key_attributes->core.type;
+ client_key_attr->lifetime = key_attributes->core.lifetime;
+ client_key_attr->usage = key_attributes->core.policy.usage;
+ client_key_attr->alg = key_attributes->core.policy.alg;
+ client_key_attr->bits = key_attributes->core.bits;
/* Return the key_id as the client key id, do not return the owner */
- client_key_attr->core.id = key_attributes->core.id.key_id;
+ client_key_attr->id = key_attributes->core.id.key_id;
return PSA_SUCCESS;
}
@@ -203,11 +199,11 @@ psa_status_t tfm_crypto_import_key(psa_invec in_vec[],
}
if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
- (in_vec[1].len != sizeof(psa_client_key_attributes_t)) ||
+ (in_vec[1].len != sizeof(struct psa_client_key_attributes_s)) ||
(out_vec[0].len != sizeof(psa_key_handle_t))) {
return PSA_ERROR_CONNECTION_REFUSED;
}
- const psa_client_key_attributes_t *client_key_attr = in_vec[1].base;
+ const struct psa_client_key_attributes_s *client_key_attr = in_vec[1].base;
const uint8_t *data = in_vec[2].base;
size_t data_length = in_vec[2].len;
psa_key_handle_t *key_handle = out_vec[0].base;
@@ -398,13 +394,13 @@ psa_status_t tfm_crypto_get_key_attributes(psa_invec in_vec[],
}
if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
- (out_vec[0].len != sizeof(psa_client_key_attributes_t))) {
+ (out_vec[0].len != sizeof(struct psa_client_key_attributes_s))) {
return PSA_ERROR_CONNECTION_REFUSED;
}
const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
psa_key_handle_t key = iov->key_handle;
- psa_client_key_attributes_t *client_key_attr = out_vec[0].base;
+ struct psa_client_key_attributes_s *client_key_attr = out_vec[0].base;
psa_status_t status;
psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -437,11 +433,11 @@ psa_status_t tfm_crypto_reset_key_attributes(psa_invec in_vec[],
}
if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
- (out_vec[0].len != sizeof(psa_client_key_attributes_t))) {
+ (out_vec[0].len != sizeof(struct psa_client_key_attributes_s))) {
return PSA_ERROR_CONNECTION_REFUSED;
}
- psa_client_key_attributes_t *client_key_attr = out_vec[0].base;
+ struct psa_client_key_attributes_s *client_key_attr = out_vec[0].base;
psa_status_t status;
psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
int32_t partition_id;
@@ -530,14 +526,14 @@ psa_status_t tfm_crypto_copy_key(psa_invec in_vec[],
if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
(out_vec[0].len != sizeof(psa_key_handle_t)) ||
- (in_vec[1].len != sizeof(psa_client_key_attributes_t))) {
+ (in_vec[1].len != sizeof(struct psa_client_key_attributes_s))) {
return PSA_ERROR_CONNECTION_REFUSED;
}
const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
psa_key_handle_t source_handle = iov->key_handle;
psa_key_handle_t *target_handle = out_vec[0].base;
- const psa_client_key_attributes_t *client_key_attr = in_vec[1].base;
+ const struct psa_client_key_attributes_s *client_key_attr = in_vec[1].base;
psa_status_t status;
psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
uint32_t i = 0;
@@ -592,12 +588,12 @@ psa_status_t tfm_crypto_generate_key(psa_invec in_vec[],
}
if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
- (in_vec[1].len != sizeof(psa_client_key_attributes_t)) ||
+ (in_vec[1].len != sizeof(struct psa_client_key_attributes_s)) ||
(out_vec[0].len != sizeof(psa_key_handle_t))) {
return PSA_ERROR_CONNECTION_REFUSED;
}
psa_key_handle_t *key_handle = out_vec[0].base;
- const psa_client_key_attributes_t *client_key_attr = in_vec[1].base;
+ const struct psa_client_key_attributes_s *client_key_attr = in_vec[1].base;
psa_status_t status;
psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
uint32_t i = 0;
diff --git a/secure_fw/partitions/crypto/crypto_key_derivation.c b/secure_fw/partitions/crypto/crypto_key_derivation.c
index 4bc0b012db..a789ec4fa5 100644
--- a/secure_fw/partitions/crypto/crypto_key_derivation.c
+++ b/secure_fw/partitions/crypto/crypto_key_derivation.c
@@ -381,14 +381,14 @@ psa_status_t tfm_crypto_key_derivation_output_key(psa_invec in_vec[],
}
if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
- (in_vec[1].len != sizeof(psa_client_key_attributes_t)) ||
+ (in_vec[1].len != sizeof(struct psa_client_key_attributes_s)) ||
(out_vec[0].len != sizeof(psa_key_handle_t))) {
return PSA_ERROR_CONNECTION_REFUSED;
}
const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
uint32_t handle = iov->op_handle;
- const psa_client_key_attributes_t *client_key_attr = in_vec[1].base;
+ const struct psa_client_key_attributes_s *client_key_attr = in_vec[1].base;
psa_key_derivation_operation_t *operation = NULL;
psa_key_handle_t *key_handle = out_vec[0].base;
psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
diff --git a/secure_fw/partitions/crypto/tfm_crypto_api.h b/secure_fw/partitions/crypto/tfm_crypto_api.h
index 98e615a407..fa6f136be0 100644
--- a/secure_fw/partitions/crypto/tfm_crypto_api.h
+++ b/secure_fw/partitions/crypto/tfm_crypto_api.h
@@ -24,6 +24,8 @@ extern "C" {
typedef psa_status_t (*tfm_crypto_us_t)(psa_invec[],size_t,psa_outvec[],size_t);
#endif
+#include "psa/crypto_client_struct.h"
+
#define UNIFORM_SIGNATURE_API(api_name) \
psa_status_t api_name(psa_invec[], size_t, psa_outvec[], size_t)
@@ -45,32 +47,6 @@ enum tfm_crypto_operation_type {
};
/**
- * \brief Core key attributes struct as seen by the client, with
- * psa_app_key_id_t as the key ID type.
- */
-typedef struct {
- psa_key_type_t type;
- psa_key_lifetime_t lifetime;
- psa_app_key_id_t id; /* Client key ID */
- psa_key_policy_t policy;
- psa_key_bits_t bits;
- psa_key_attributes_flag_t flags;
-} psa_client_core_key_attributes_t;
-
-/**
- * \brief This struct represents the psa_key_attributes_t struct exposed to the
- * client. The Mbed Crypto library needs a different abstraction for
- * psa_key_attributes_t, so this intermediate struct is defined.
- *
- * TODO: Cleanup crypto implementation details from client-side PSA abstraction.
- */
-typedef struct {
- psa_client_core_key_attributes_t core; /* Client core key attributes */
- void *domain_parameters;
- size_t domain_parameters_size;
-} psa_client_key_attributes_t;
-
-/**
* \brief Initialise the service
*
* \return Return values as described in \ref psa_status_t
@@ -103,7 +79,7 @@ psa_status_t tfm_crypto_get_caller_id(int32_t *id);
* \return Return values as described in \ref psa_status_t
*/
psa_status_t tfm_crypto_key_attributes_from_client(
- const psa_client_key_attributes_t *client_key_attr,
+ const struct psa_client_key_attributes_s *client_key_attr,
int32_t client_id,
psa_key_attributes_t *key_attributes);
@@ -117,7 +93,7 @@ psa_status_t tfm_crypto_key_attributes_from_client(
*/
psa_status_t tfm_crypto_key_attributes_to_client(
const psa_key_attributes_t *key_attributes,
- psa_client_key_attributes_t *client_key_attr);
+ struct psa_client_key_attributes_s *client_key_attr);
/**
* \brief Checks that the requested handle belongs to the requesting