aboutsummaryrefslogtreecommitdiff
path: root/secure_fw
diff options
context:
space:
mode:
authorSoby Mathew <soby.mathew@arm.com>2020-07-20 21:09:23 +0100
committerSoby Mathew <soby.mathew@arm.com>2020-08-21 04:19:52 +0000
commit07ef6e4edb1acdd422bf7bbe36fc78ec4f7290c2 (patch)
tree3ed40afeb45fd02d22b018c7e457a948be0463ff /secure_fw
parent54507b1645087e92b5a115919ae8fd571ace8bdb (diff)
downloadtrusted-firmware-m-07ef6e4edb1acdd422bf7bbe36fc78ec4f7290c2.tar.gz
Crypto: migrate support to MbedTLS v2.23.0
This patch migrates the mbedcrypto dependancy for TF-M to mbedTLS repo v2.23.0 which is the latest release tag. The PSA crypto headers and the crypto service implementation in TF-M is updated for additional functionality in this version. The userguide and other relevant documentation are updated to reflect the changes to location of repo. Signed-off-by: Soby Mathew <soby.mathew@arm.com> Change-Id: Ia7d3f95dc961c5815eb4416d2afbd90ec5c0c19e
Diffstat (limited to 'secure_fw')
-rw-r--r--secure_fw/partitions/crypto/CMakeLists.txt4
-rw-r--r--secure_fw/partitions/crypto/crypto_hash.c47
-rw-r--r--secure_fw/partitions/crypto/crypto_spe.h4
-rw-r--r--secure_fw/partitions/crypto/tfm_crypto_secure_api.c109
4 files changed, 129 insertions, 35 deletions
diff --git a/secure_fw/partitions/crypto/CMakeLists.txt b/secure_fw/partitions/crypto/CMakeLists.txt
index 980144967b..d076edce9d 100644
--- a/secure_fw/partitions/crypto/CMakeLists.txt
+++ b/secure_fw/partitions/crypto/CMakeLists.txt
@@ -36,8 +36,8 @@ if (CRYPTO_ENGINE_MBEDTLS)
set (MBEDTLS_CONFIG_PATH "${PLATFORM_DIR}/common")
endif()
- #Define location of Mbed Crypto source, build, and installation directory.
- get_filename_component(MBEDCRYPTO_SOURCE_DIR "${TFM_ROOT_DIR}/../mbed-crypto" ABSOLUTE)
+ #Define location of Mbed-Crypto(MbedTLS) source, build, and installation directory.
+ get_filename_component(MBEDCRYPTO_SOURCE_DIR "${TFM_ROOT_DIR}/../mbedtls" ABSOLUTE)
set (MBEDCRYPTO_BINARY_DIR "${CMAKE_CURRENT_BINARY_DIR}/mbed-crypto/build")
set (MBEDCRYPTO_INSTALL_DIR ${MBEDCRYPTO_BINARY_DIR}/../install)
set (MBEDCRYPTO_TARGET_NAME "mbedcrypto_lib")
diff --git a/secure_fw/partitions/crypto/crypto_hash.c b/secure_fw/partitions/crypto/crypto_hash.c
index dcd71dc30c..9d5ae46e62 100644
--- a/secure_fw/partitions/crypto/crypto_hash.c
+++ b/secure_fw/partitions/crypto/crypto_hash.c
@@ -319,21 +319,60 @@ psa_status_t tfm_crypto_hash_clone(psa_invec in_vec[],
#endif /* TFM_CRYPTO_HASH_MODULE_DISABLED */
}
-psa_status_t tfm_crypto_hash_compare(psa_invec in_vec[],
+psa_status_t tfm_crypto_hash_compute(psa_invec in_vec[],
size_t in_len,
psa_outvec out_vec[],
size_t out_len)
{
- /* FixMe: To be implemented */
+#ifdef TFM_CRYPTO_HASH_MODULE_DISABLED
return PSA_ERROR_NOT_SUPPORTED;
+#else
+ if ((in_len != 2) || (out_len != 1)) {
+ return PSA_ERROR_CONNECTION_REFUSED;
+ }
+
+ if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec))) {
+ return PSA_ERROR_CONNECTION_REFUSED;
+ }
+
+ const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
+ psa_algorithm_t alg = iov->alg;
+ const uint8_t *input = in_vec[1].base;
+ size_t input_length = in_vec[1].len;
+ uint8_t *hash = out_vec[0].base;
+ size_t hash_size = out_vec[0].len;
+
+ /* Initialize hash_length to zero */
+ out_vec[0].len = 0;
+ return psa_hash_compute(alg, input, input_length, hash, hash_size,
+ &out_vec[0].len);
+#endif /* TFM_CRYPTO_HASH_MODULE_DISABLED */
}
-psa_status_t tfm_crypto_hash_compute(psa_invec in_vec[],
+psa_status_t tfm_crypto_hash_compare(psa_invec in_vec[],
size_t in_len,
psa_outvec out_vec[],
size_t out_len)
{
- /* FixMe: To be implemented */
+#ifdef TFM_CRYPTO_HASH_MODULE_DISABLED
return PSA_ERROR_NOT_SUPPORTED;
+#else
+ if (in_len != 3) {
+ return PSA_ERROR_CONNECTION_REFUSED;
+ }
+
+ if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec))) {
+ return PSA_ERROR_CONNECTION_REFUSED;
+ }
+
+ const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
+ psa_algorithm_t alg = iov->alg;
+ const uint8_t *input = in_vec[1].base;
+ size_t input_length = in_vec[1].len;
+ const uint8_t *hash = in_vec[2].base;
+ size_t hash_length = in_vec[2].len;
+
+ return psa_hash_compare(alg, input, input_length, hash, hash_length);
+#endif /* TFM_CRYPTO_HASH_MODULE_DISABLED */
}
/*!@}*/
diff --git a/secure_fw/partitions/crypto/crypto_spe.h b/secure_fw/partitions/crypto/crypto_spe.h
index a383d0b4d0..2ceaefdc66 100644
--- a/secure_fw/partitions/crypto/crypto_spe.h
+++ b/secure_fw/partitions/crypto/crypto_spe.h
@@ -98,6 +98,10 @@
PSA_FUNCTION_NAME(psa_hash_abort)
#define psa_hash_clone \
PSA_FUNCTION_NAME(psa_hash_clone)
+#define psa_hash_compute \
+ PSA_FUNCTION_NAME(psa_hash_compute)
+#define psa_hash_compare \
+ PSA_FUNCTION_NAME(psa_hash_compare)
#define psa_mac_operation_init \
PSA_FUNCTION_NAME(psa_mac_operation_init)
#define psa_mac_sign_setup \
diff --git a/secure_fw/partitions/crypto/tfm_crypto_secure_api.c b/secure_fw/partitions/crypto/tfm_crypto_secure_api.c
index dd48c40ff7..ab0d9479df 100644
--- a/secure_fw/partitions/crypto/tfm_crypto_secure_api.c
+++ b/secure_fw/partitions/crypto/tfm_crypto_secure_api.c
@@ -853,6 +853,86 @@ psa_status_t psa_hash_clone(const psa_hash_operation_t *source_operation,
}
__attribute__((section("SFN")))
+psa_status_t psa_hash_compute(psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *hash,
+ size_t hash_size,
+ size_t *hash_length)
+{
+#if (TFM_CRYPTO_HASH_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
+ psa_status_t status;
+ struct tfm_crypto_pack_iovec iov = {
+ .sfn_id = TFM_CRYPTO_HASH_COMPUTE_SID,
+ .alg = alg,
+ };
+
+ psa_invec in_vec[] = {
+ {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
+ {.base = input, .len = input_length},
+ };
+
+ psa_outvec out_vec[] = {
+ {.base = hash, .len = hash_size}
+ };
+
+#ifdef TFM_PSA_API
+ PSA_CONNECT(TFM_CRYPTO);
+#endif
+
+ status = API_DISPATCH(tfm_crypto_hash_compute,
+ TFM_CRYPTO_HASH_COMPUTE);
+
+ *hash_length = out_vec[0].len;
+
+#ifdef TFM_PSA_API
+ PSA_CLOSE();
+#endif
+
+ return status;
+#endif /* TFM_CRYPTO_HASH_MODULE_DISABLED */
+}
+
+__attribute__((section("SFN")))
+psa_status_t psa_hash_compare(psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ const uint8_t *hash,
+ size_t hash_length)
+{
+#if (TFM_CRYPTO_HASH_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
+ psa_status_t status;
+ struct tfm_crypto_pack_iovec iov = {
+ .sfn_id = TFM_CRYPTO_HASH_COMPARE_SID,
+ .alg = alg,
+ };
+
+ psa_invec in_vec[] = {
+ {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
+ {.base = input, .len = input_length},
+ {.base = hash, .len = hash_length},
+ };
+
+#ifdef TFM_PSA_API
+ PSA_CONNECT(TFM_CRYPTO);
+#endif
+
+ status = API_DISPATCH_NO_OUTVEC(tfm_crypto_hash_compare,
+ TFM_CRYPTO_HASH_COMPARE);
+
+#ifdef TFM_PSA_API
+ PSA_CLOSE();
+#endif
+
+ return status;
+#endif /* TFM_CRYPTO_HASH_MODULE_DISABLED */
+}
+
+__attribute__((section("SFN")))
psa_status_t psa_mac_sign_setup(psa_mac_operation_t *operation,
psa_key_handle_t handle,
psa_algorithm_t alg)
@@ -1737,20 +1817,6 @@ psa_status_t psa_get_key_domain_parameters(
}
__attribute__((section("SFN")))
-psa_status_t psa_hash_compare(psa_algorithm_t alg,
- const uint8_t *input,
- size_t input_length,
- const uint8_t *hash,
- const size_t hash_length)
-{
- psa_status_t status;
-
- status = PSA_ERROR_NOT_SUPPORTED;
-
- return status;
-}
-
-__attribute__((section("SFN")))
psa_status_t psa_aead_update_ad(psa_aead_operation_t *operation,
const uint8_t *input,
size_t input_length)
@@ -2053,21 +2119,6 @@ psa_status_t psa_key_derivation_output_key(
}
__attribute__((section("SFN")))
-psa_status_t psa_hash_compute(psa_algorithm_t alg,
- const uint8_t *input,
- size_t input_length,
- uint8_t *hash,
- size_t hash_size,
- size_t *hash_length)
-{
- psa_status_t status;
-
- status = PSA_ERROR_NOT_SUPPORTED;
-
- return status;
-}
-
-__attribute__((section("SFN")))
psa_status_t psa_aead_encrypt_setup(psa_aead_operation_t *operation,
psa_key_handle_t handle,
psa_algorithm_t alg)