diff options
Diffstat (limited to 'platform')
-rw-r--r-- | platform/ext/common/template/crypto_dummy_nv_seed.c | 29 | ||||
-rw-r--r-- | platform/ext/common/template/crypto_nv_seed.c | 39 | ||||
-rw-r--r-- | platform/ext/target/mps2/an521/CMakeLists.txt | 13 | ||||
-rw-r--r-- | platform/ext/target/mps2/an521/config.cmake | 5 | ||||
-rw-r--r-- | platform/ext/target/mps2/an521/mbedtls_an521_conf.h | 30 | ||||
-rw-r--r-- | platform/include/tfm_plat_crypto_dummy_nv_seed.h | 21 | ||||
-rw-r--r-- | platform/include/tfm_plat_crypto_nv_seed.h | 41 |
7 files changed, 178 insertions, 0 deletions
diff --git a/platform/ext/common/template/crypto_dummy_nv_seed.c b/platform/ext/common/template/crypto_dummy_nv_seed.c new file mode 100644 index 0000000000..cb21fc79bb --- /dev/null +++ b/platform/ext/common/template/crypto_dummy_nv_seed.c @@ -0,0 +1,29 @@ +/* + * Copyright (c) 2021, Arm Limited. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + * + */ + +#include "mbedtls/entropy.h" +#include "tfm_plat_crypto_dummy_nv_seed.h" + +/* NOTE: The seed value here is only an example, please do not use it in + * production. Platform vendor should implement their own seed value. + */ +const unsigned char seed_value[MBEDTLS_ENTROPY_BLOCK_SIZE] = { + 0x12, 0x13, 0x23, 0x34, 0x0a, 0x05, 0x89, 0x78, + 0xa3, 0x66, 0x8c, 0x0d, 0x97, 0x55, 0x53, 0xca, + 0xb5, 0x76, 0x18, 0x62, 0x29, 0xc6, 0xb6, 0x79, + 0x75, 0xc8, 0x5a, 0x8d, 0x9e, 0x11, 0x8f, 0x85, + 0xde, 0xc4, 0x5f, 0x66, 0x21, 0x52, 0xf9, 0x39, + 0xd9, 0x77, 0x93, 0x28, 0xb0, 0x5e, 0x02, 0xfa, + 0x58, 0xb4, 0x16, 0xc8, 0x0f, 0x38, 0x91, 0xbb, + 0x28, 0x17, 0xcd, 0x8a, 0xc9, 0x53, 0x72, 0x66, +}; + +int tfm_plat_crypto_create_entropy_seed(void) +{ + return tfm_plat_crypto_nv_seed_write(seed_value, + MBEDTLS_ENTROPY_BLOCK_SIZE); +} diff --git a/platform/ext/common/template/crypto_nv_seed.c b/platform/ext/common/template/crypto_nv_seed.c new file mode 100644 index 0000000000..97535da064 --- /dev/null +++ b/platform/ext/common/template/crypto_nv_seed.c @@ -0,0 +1,39 @@ +/* + * Copyright (c) 2021, Arm Limited. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + * + */ + +#include <stddef.h> +#include "tfm_plat_crypto_nv_seed.h" +#include "psa/internal_trusted_storage.h" + +int tfm_plat_crypto_nv_seed_read(unsigned char *buf, size_t buf_len) +{ + psa_storage_uid_t uid = NV_SEED_FILE_ID; + psa_status_t status; + size_t data_length = 0; + + status = psa_its_get(uid, 0, buf_len, buf, &data_length); + + if (status == PSA_SUCCESS && data_length == buf_len) { + return TFM_CRYPTO_NV_SEED_SUCCESS; + } else { + return TFM_CRYPTO_NV_SEED_FAILED; + } +} + +int tfm_plat_crypto_nv_seed_write(unsigned char *buf, size_t buf_len) +{ + psa_storage_uid_t uid = NV_SEED_FILE_ID; + psa_status_t status; + + status = psa_its_set(uid, buf_len, buf, 0); + + if (status == PSA_SUCCESS) { + return TFM_CRYPTO_NV_SEED_SUCCESS; + } else { + return TFM_CRYPTO_NV_SEED_FAILED; + } +} diff --git a/platform/ext/target/mps2/an521/CMakeLists.txt b/platform/ext/target/mps2/an521/CMakeLists.txt index d1ca90d9be..e4f798cf62 100644 --- a/platform/ext/target/mps2/an521/CMakeLists.txt +++ b/platform/ext/target/mps2/an521/CMakeLists.txt @@ -167,3 +167,16 @@ if(BL2) native_drivers ) endif() + +#========================= Crypto =============================================# + +target_sources(tfm_psa_rot_partition_crypto + PRIVATE + $<$<BOOL:${TFM_PSA_API}>:${CMAKE_SOURCE_DIR}/platform/ext/common/template/crypto_nv_seed.c> + $<$<AND:$<BOOL:${TFM_PSA_API}>,$<BOOL:${PLATFORM_DUMMY_NV_SEED}>>:${CMAKE_SOURCE_DIR}/platform/ext/common/template/crypto_dummy_nv_seed.c> +) + +target_compile_definitions(tfm_psa_rot_partition_crypto + PRIVATE + $<$<AND:$<BOOL:${TFM_PSA_API}>,$<BOOL:${PLATFORM_DUMMY_NV_SEED}>>:PLATFORM_DUMMY_NV_SEED> +) diff --git a/platform/ext/target/mps2/an521/config.cmake b/platform/ext/target/mps2/an521/config.cmake index 945a30edda..1d3b682c6a 100644 --- a/platform/ext/target/mps2/an521/config.cmake +++ b/platform/ext/target/mps2/an521/config.cmake @@ -6,3 +6,8 @@ #------------------------------------------------------------------------------- set(TFM_EXTRA_GENERATED_FILE_LIST_PATH ${CMAKE_CURRENT_SOURCE_DIR}/platform/ext/target/mps2/an521/generated_file_list.yaml CACHE PATH "Path to extra generated file list. Appended to stardard TFM generated file list." FORCE) + +if(TFM_PSA_API) + set(TFM_MBEDCRYPTO_PLATFORM_EXTRA_CONFIG_PATH ${CMAKE_CURRENT_LIST_DIR}/mbedtls_an521_conf.h CACHE FILEPATH "Config to append to standard Mbed Crypto config, used by platforms to configure feature support") + set(PLATFORM_DUMMY_NV_SEED TRUE CACHE BOOL "Use dummy NV seed implementation. Should not be used in production.") +endif() diff --git a/platform/ext/target/mps2/an521/mbedtls_an521_conf.h b/platform/ext/target/mps2/an521/mbedtls_an521_conf.h new file mode 100644 index 0000000000..6094cb05f0 --- /dev/null +++ b/platform/ext/target/mps2/an521/mbedtls_an521_conf.h @@ -0,0 +1,30 @@ +/* + * Copyright (c) 2021, Arm Limited. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + * + */ +#ifndef __MBEDTLS_AN521_CONF_H__ +#define __MBEDTLS_AN521_CONF_H__ + +#ifdef __cplusplus +extern "C" { +#endif /* __cplusplus */ + +#undef MBEDTLS_TEST_NULL_ENTROPY +#undef MBEDTLS_PLATFORM_NO_STD_FUNCTIONS +#undef MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES + +#define MBEDTLS_ENTROPY_NV_SEED +#ifndef MBEDTLS_PLATFORM_NV_SEED_READ_MACRO +#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO tfm_plat_crypto_nv_seed_read +#endif +#ifndef MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO +#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO tfm_plat_crypto_nv_seed_write +#endif + +#ifdef __cplusplus +} +#endif /* __cplusplus */ + +#endif /* __MBEDTLS_AN521_CONF_H__ */ diff --git a/platform/include/tfm_plat_crypto_dummy_nv_seed.h b/platform/include/tfm_plat_crypto_dummy_nv_seed.h new file mode 100644 index 0000000000..08bec766ba --- /dev/null +++ b/platform/include/tfm_plat_crypto_dummy_nv_seed.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2021, Arm Limited. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + * + */ +#ifndef __TFM_PLAT_CRYPTO_DUMMY_NV_SEED_H__ +#define __TFM_PLAT_CRYPTO_DUMMY_NV_SEED_H__ + +#include "tfm_plat_crypto_nv_seed.h" + +/** + * \brief Create a dummy entropy seed when platform doesn't provision the seed. + * Do NOT call this function in production. + * + * \return Return TFM_CRYPTO_NV_SEED_SUCCESS on success, + * or TFM_CRYPTO_NV_SEED_FAILED on failure. + */ +int tfm_plat_crypto_create_entropy_seed(void); + +#endif /* __TFM_PLAT_CRYPTO_DUMMY_NV_SEED_H__ */ diff --git a/platform/include/tfm_plat_crypto_nv_seed.h b/platform/include/tfm_plat_crypto_nv_seed.h new file mode 100644 index 0000000000..39b9e377c3 --- /dev/null +++ b/platform/include/tfm_plat_crypto_nv_seed.h @@ -0,0 +1,41 @@ +/* + * Copyright (c) 2021, Arm Limited. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + * + */ +#ifndef __TFM_PLAT_CRYPTO_NV_SEED_H__ +#define __TFM_PLAT_CRYPTO_NV_SEED_H__ + +#include <stddef.h> + +#ifndef NV_SEED_FILE_ID +#define NV_SEED_FILE_ID 9 +#endif + +#define TFM_CRYPTO_NV_SEED_SUCCESS 0 +#define TFM_CRYPTO_NV_SEED_FAILED -1 + +/** + * \brief Read Seed from NV storage. + * + * \param[out] buf Buffer to store the seed + * \param[in] buf_len Buffer length to read + * + * \return Return TFM_CRYPTO_NV_SEED_SUCCESS on success, + * or TFM_CRYPTO_NV_SEED_FAILED on failure. + */ +int tfm_plat_crypto_nv_seed_read(unsigned char *buf, size_t buf_len); + +/** + * \brief Write Seed to NV storage. + * + * \param[in] buf Buffer storing the seed + * \param[in] buf_len Buffer length to write + * + * \return Return TFM_CRYPTO_NV_SEED_SUCCESS on success, + * or TFM_CRYPTO_NV_SEED_FAILED on failure. + */ +int tfm_plat_crypto_nv_seed_write(unsigned char *buf, size_t buf_len); + +#endif /* __TFM_PLAT_CRYPTO_NV_SEED_H__ */ |