diff options
author | Soby Mathew <soby.mathew@arm.com> | 2020-07-20 21:09:23 +0100 |
---|---|---|
committer | Soby Mathew <soby.mathew@arm.com> | 2020-08-21 04:19:52 +0000 |
commit | 07ef6e4edb1acdd422bf7bbe36fc78ec4f7290c2 (patch) | |
tree | 3ed40afeb45fd02d22b018c7e457a948be0463ff /secure_fw | |
parent | 54507b1645087e92b5a115919ae8fd571ace8bdb (diff) | |
download | trusted-firmware-m-07ef6e4edb1acdd422bf7bbe36fc78ec4f7290c2.tar.gz |
Crypto: migrate support to MbedTLS v2.23.0
This patch migrates the mbedcrypto dependancy for TF-M to
mbedTLS repo v2.23.0 which is the latest release tag. The
PSA crypto headers and the crypto service implementation in
TF-M is updated for additional functionality in this version.
The userguide and other relevant documentation are updated to
reflect the changes to location of repo.
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Change-Id: Ia7d3f95dc961c5815eb4416d2afbd90ec5c0c19e
Diffstat (limited to 'secure_fw')
-rw-r--r-- | secure_fw/partitions/crypto/CMakeLists.txt | 4 | ||||
-rw-r--r-- | secure_fw/partitions/crypto/crypto_hash.c | 47 | ||||
-rw-r--r-- | secure_fw/partitions/crypto/crypto_spe.h | 4 | ||||
-rw-r--r-- | secure_fw/partitions/crypto/tfm_crypto_secure_api.c | 109 |
4 files changed, 129 insertions, 35 deletions
diff --git a/secure_fw/partitions/crypto/CMakeLists.txt b/secure_fw/partitions/crypto/CMakeLists.txt index 980144967b..d076edce9d 100644 --- a/secure_fw/partitions/crypto/CMakeLists.txt +++ b/secure_fw/partitions/crypto/CMakeLists.txt @@ -36,8 +36,8 @@ if (CRYPTO_ENGINE_MBEDTLS) set (MBEDTLS_CONFIG_PATH "${PLATFORM_DIR}/common") endif() - #Define location of Mbed Crypto source, build, and installation directory. - get_filename_component(MBEDCRYPTO_SOURCE_DIR "${TFM_ROOT_DIR}/../mbed-crypto" ABSOLUTE) + #Define location of Mbed-Crypto(MbedTLS) source, build, and installation directory. + get_filename_component(MBEDCRYPTO_SOURCE_DIR "${TFM_ROOT_DIR}/../mbedtls" ABSOLUTE) set (MBEDCRYPTO_BINARY_DIR "${CMAKE_CURRENT_BINARY_DIR}/mbed-crypto/build") set (MBEDCRYPTO_INSTALL_DIR ${MBEDCRYPTO_BINARY_DIR}/../install) set (MBEDCRYPTO_TARGET_NAME "mbedcrypto_lib") diff --git a/secure_fw/partitions/crypto/crypto_hash.c b/secure_fw/partitions/crypto/crypto_hash.c index dcd71dc30c..9d5ae46e62 100644 --- a/secure_fw/partitions/crypto/crypto_hash.c +++ b/secure_fw/partitions/crypto/crypto_hash.c @@ -319,21 +319,60 @@ psa_status_t tfm_crypto_hash_clone(psa_invec in_vec[], #endif /* TFM_CRYPTO_HASH_MODULE_DISABLED */ } -psa_status_t tfm_crypto_hash_compare(psa_invec in_vec[], +psa_status_t tfm_crypto_hash_compute(psa_invec in_vec[], size_t in_len, psa_outvec out_vec[], size_t out_len) { - /* FixMe: To be implemented */ +#ifdef TFM_CRYPTO_HASH_MODULE_DISABLED return PSA_ERROR_NOT_SUPPORTED; +#else + if ((in_len != 2) || (out_len != 1)) { + return PSA_ERROR_CONNECTION_REFUSED; + } + + if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec))) { + return PSA_ERROR_CONNECTION_REFUSED; + } + + const struct tfm_crypto_pack_iovec *iov = in_vec[0].base; + psa_algorithm_t alg = iov->alg; + const uint8_t *input = in_vec[1].base; + size_t input_length = in_vec[1].len; + uint8_t *hash = out_vec[0].base; + size_t hash_size = out_vec[0].len; + + /* Initialize hash_length to zero */ + out_vec[0].len = 0; + return psa_hash_compute(alg, input, input_length, hash, hash_size, + &out_vec[0].len); +#endif /* TFM_CRYPTO_HASH_MODULE_DISABLED */ } -psa_status_t tfm_crypto_hash_compute(psa_invec in_vec[], +psa_status_t tfm_crypto_hash_compare(psa_invec in_vec[], size_t in_len, psa_outvec out_vec[], size_t out_len) { - /* FixMe: To be implemented */ +#ifdef TFM_CRYPTO_HASH_MODULE_DISABLED return PSA_ERROR_NOT_SUPPORTED; +#else + if (in_len != 3) { + return PSA_ERROR_CONNECTION_REFUSED; + } + + if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec))) { + return PSA_ERROR_CONNECTION_REFUSED; + } + + const struct tfm_crypto_pack_iovec *iov = in_vec[0].base; + psa_algorithm_t alg = iov->alg; + const uint8_t *input = in_vec[1].base; + size_t input_length = in_vec[1].len; + const uint8_t *hash = in_vec[2].base; + size_t hash_length = in_vec[2].len; + + return psa_hash_compare(alg, input, input_length, hash, hash_length); +#endif /* TFM_CRYPTO_HASH_MODULE_DISABLED */ } /*!@}*/ diff --git a/secure_fw/partitions/crypto/crypto_spe.h b/secure_fw/partitions/crypto/crypto_spe.h index a383d0b4d0..2ceaefdc66 100644 --- a/secure_fw/partitions/crypto/crypto_spe.h +++ b/secure_fw/partitions/crypto/crypto_spe.h @@ -98,6 +98,10 @@ PSA_FUNCTION_NAME(psa_hash_abort) #define psa_hash_clone \ PSA_FUNCTION_NAME(psa_hash_clone) +#define psa_hash_compute \ + PSA_FUNCTION_NAME(psa_hash_compute) +#define psa_hash_compare \ + PSA_FUNCTION_NAME(psa_hash_compare) #define psa_mac_operation_init \ PSA_FUNCTION_NAME(psa_mac_operation_init) #define psa_mac_sign_setup \ diff --git a/secure_fw/partitions/crypto/tfm_crypto_secure_api.c b/secure_fw/partitions/crypto/tfm_crypto_secure_api.c index dd48c40ff7..ab0d9479df 100644 --- a/secure_fw/partitions/crypto/tfm_crypto_secure_api.c +++ b/secure_fw/partitions/crypto/tfm_crypto_secure_api.c @@ -853,6 +853,86 @@ psa_status_t psa_hash_clone(const psa_hash_operation_t *source_operation, } __attribute__((section("SFN"))) +psa_status_t psa_hash_compute(psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + uint8_t *hash, + size_t hash_size, + size_t *hash_length) +{ +#if (TFM_CRYPTO_HASH_MODULE_DISABLED != 0) + return PSA_ERROR_NOT_SUPPORTED; +#else + psa_status_t status; + struct tfm_crypto_pack_iovec iov = { + .sfn_id = TFM_CRYPTO_HASH_COMPUTE_SID, + .alg = alg, + }; + + psa_invec in_vec[] = { + {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)}, + {.base = input, .len = input_length}, + }; + + psa_outvec out_vec[] = { + {.base = hash, .len = hash_size} + }; + +#ifdef TFM_PSA_API + PSA_CONNECT(TFM_CRYPTO); +#endif + + status = API_DISPATCH(tfm_crypto_hash_compute, + TFM_CRYPTO_HASH_COMPUTE); + + *hash_length = out_vec[0].len; + +#ifdef TFM_PSA_API + PSA_CLOSE(); +#endif + + return status; +#endif /* TFM_CRYPTO_HASH_MODULE_DISABLED */ +} + +__attribute__((section("SFN"))) +psa_status_t psa_hash_compare(psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + const uint8_t *hash, + size_t hash_length) +{ +#if (TFM_CRYPTO_HASH_MODULE_DISABLED != 0) + return PSA_ERROR_NOT_SUPPORTED; +#else + psa_status_t status; + struct tfm_crypto_pack_iovec iov = { + .sfn_id = TFM_CRYPTO_HASH_COMPARE_SID, + .alg = alg, + }; + + psa_invec in_vec[] = { + {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)}, + {.base = input, .len = input_length}, + {.base = hash, .len = hash_length}, + }; + +#ifdef TFM_PSA_API + PSA_CONNECT(TFM_CRYPTO); +#endif + + status = API_DISPATCH_NO_OUTVEC(tfm_crypto_hash_compare, + TFM_CRYPTO_HASH_COMPARE); + +#ifdef TFM_PSA_API + PSA_CLOSE(); +#endif + + return status; +#endif /* TFM_CRYPTO_HASH_MODULE_DISABLED */ +} + +__attribute__((section("SFN"))) psa_status_t psa_mac_sign_setup(psa_mac_operation_t *operation, psa_key_handle_t handle, psa_algorithm_t alg) @@ -1737,20 +1817,6 @@ psa_status_t psa_get_key_domain_parameters( } __attribute__((section("SFN"))) -psa_status_t psa_hash_compare(psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - const uint8_t *hash, - const size_t hash_length) -{ - psa_status_t status; - - status = PSA_ERROR_NOT_SUPPORTED; - - return status; -} - -__attribute__((section("SFN"))) psa_status_t psa_aead_update_ad(psa_aead_operation_t *operation, const uint8_t *input, size_t input_length) @@ -2053,21 +2119,6 @@ psa_status_t psa_key_derivation_output_key( } __attribute__((section("SFN"))) -psa_status_t psa_hash_compute(psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - uint8_t *hash, - size_t hash_size, - size_t *hash_length) -{ - psa_status_t status; - - status = PSA_ERROR_NOT_SUPPORTED; - - return status; -} - -__attribute__((section("SFN"))) psa_status_t psa_aead_encrypt_setup(psa_aead_operation_t *operation, psa_key_handle_t handle, psa_algorithm_t alg) |