Crypto: Align to Mbed Crypto 3.0.1
This patch upgrades the Crypto service to be able
to use Mbed Crypto 3.0.1:
- Updates the PSA crypto headers to latest available in mbed-crypto
- Updates the service implementation
- Updates the test suites where needed
- Updates the SST and Attestation interfaces
towards cryptographic functionalities
- Updates documentation to reflect updated
requirements, and changes in the integration guide
This patch migrates the use of psa_asymmetric_sign() and
psa_asymmetric_verify() to the non-deprecated versions of
the API psa_sign_hash() and psa_verify_hash().
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
Change-Id: I7d8275def2336c1b5cfb8847b2842c305cfab116
diff --git a/secure_fw/services/crypto/tfm_crypto_api.h b/secure_fw/services/crypto/tfm_crypto_api.h
index 34400ad..811e04a 100644
--- a/secure_fw/services/crypto/tfm_crypto_api.h
+++ b/secure_fw/services/crypto/tfm_crypto_api.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2019, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2020, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -13,9 +13,7 @@
#endif
#include <stdint.h>
-#include "tfm_api.h"
#include "tfm_crypto_defs.h"
-#include "psa/crypto.h"
#ifdef TFM_PSA_API
#include "psa/service.h"
@@ -40,7 +38,7 @@
TFM_CRYPTO_CIPHER_OPERATION = 1,
TFM_CRYPTO_MAC_OPERATION = 2,
TFM_CRYPTO_HASH_OPERATION = 3,
- TFM_CRYPTO_GENERATOR_OPERATION = 4,
+ TFM_CRYPTO_KEY_DERIVATION_OPERATION = 4,
/* Used to force the enum size */
TFM_CRYPTO_OPERATION_TYPE_MAX = INT_MAX
@@ -83,6 +81,34 @@
*/
psa_status_t tfm_crypto_check_handle_owner(psa_key_handle_t handle,
uint32_t *index);
+
+/**
+ * \brief Checks that there is enough local storage in RAM to keep
+ * another key, and returns the index of the storage to use
+ * and the ID of the partition to associated to the key
+ *
+ * \param[out] partition_id ID of the requesting partition
+ * \param[out] index Index of the local storage to use
+ *
+ * \return Return values as described in \ref psa_status_t
+ */
+psa_status_t tfm_crypto_check_key_storage(int32_t *partition_id,
+ uint32_t *index);
+
+/**
+ * \brief Sets the index of the local storage in use with a key
+ * requested by a partition specified by the input parameter
+ * partition_id, and stores the corresponding key_handle
+ *
+ * \param[in] partition_id ID of the requesting partition
+ * \param[in] index Index of the local storage to use
+ * \param[in] key_handle Corresponding key handle to associate
+ *
+ * \return Return values as described in \ref psa_status_t
+ */
+psa_status_t tfm_crypto_set_key_storage(int32_t partition_id,
+ uint32_t index,
+ psa_key_handle_t key_handle);
/**
* \brief Allocate an operation context in the backend
*
@@ -118,51 +144,70 @@
void **ctx);
#define LIST_TFM_CRYPTO_UNIFORM_SIGNATURE_API \
- X(tfm_crypto_allocate_key) \
+ X(tfm_crypto_get_key_attributes) \
+ X(tfm_crypto_reset_key_attributes) \
X(tfm_crypto_open_key) \
X(tfm_crypto_close_key) \
X(tfm_crypto_import_key) \
X(tfm_crypto_destroy_key) \
- X(tfm_crypto_get_key_information) \
X(tfm_crypto_export_key) \
X(tfm_crypto_export_public_key) \
X(tfm_crypto_copy_key) \
- X(tfm_crypto_set_key_policy) \
- X(tfm_crypto_get_key_policy) \
- X(tfm_crypto_get_key_lifetime) \
- X(tfm_crypto_cipher_generate_iv) \
- X(tfm_crypto_cipher_set_iv) \
- X(tfm_crypto_cipher_encrypt_setup) \
- X(tfm_crypto_cipher_decrypt_setup) \
- X(tfm_crypto_cipher_update) \
- X(tfm_crypto_cipher_abort) \
- X(tfm_crypto_cipher_finish) \
+ X(tfm_crypto_hash_compute) \
+ X(tfm_crypto_hash_compare) \
X(tfm_crypto_hash_setup) \
X(tfm_crypto_hash_update) \
X(tfm_crypto_hash_finish) \
X(tfm_crypto_hash_verify) \
X(tfm_crypto_hash_abort) \
X(tfm_crypto_hash_clone) \
+ X(tfm_crypto_mac_compute) \
+ X(tfm_crypto_mac_verify) \
X(tfm_crypto_mac_sign_setup) \
X(tfm_crypto_mac_verify_setup) \
X(tfm_crypto_mac_update) \
X(tfm_crypto_mac_sign_finish) \
X(tfm_crypto_mac_verify_finish) \
X(tfm_crypto_mac_abort) \
+ X(tfm_crypto_cipher_encrypt) \
+ X(tfm_crypto_cipher_decrypt) \
+ X(tfm_crypto_cipher_encrypt_setup) \
+ X(tfm_crypto_cipher_decrypt_setup) \
+ X(tfm_crypto_cipher_generate_iv) \
+ X(tfm_crypto_cipher_set_iv) \
+ X(tfm_crypto_cipher_update) \
+ X(tfm_crypto_cipher_finish) \
+ X(tfm_crypto_cipher_abort) \
X(tfm_crypto_aead_encrypt) \
X(tfm_crypto_aead_decrypt) \
- X(tfm_crypto_asymmetric_sign) \
- X(tfm_crypto_asymmetric_verify) \
+ X(tfm_crypto_aead_encrypt_setup) \
+ X(tfm_crypto_aead_decrypt_setup) \
+ X(tfm_crypto_aead_generate_nonce) \
+ X(tfm_crypto_aead_set_nonce) \
+ X(tfm_crypto_aead_set_lengths) \
+ X(tfm_crypto_aead_update_ad) \
+ X(tfm_crypto_aead_update) \
+ X(tfm_crypto_aead_finish) \
+ X(tfm_crypto_aead_verify) \
+ X(tfm_crypto_aead_abort) \
+ X(tfm_crypto_sign_hash) \
+ X(tfm_crypto_verify_hash) \
X(tfm_crypto_asymmetric_encrypt) \
X(tfm_crypto_asymmetric_decrypt) \
- X(tfm_crypto_get_generator_capacity) \
- X(tfm_crypto_generator_read) \
- X(tfm_crypto_generator_import_key) \
- X(tfm_crypto_generator_abort) \
- X(tfm_crypto_key_derivation) \
- X(tfm_crypto_key_agreement) \
+ X(tfm_crypto_key_derivation_setup) \
+ X(tfm_crypto_key_derivation_get_capacity) \
+ X(tfm_crypto_key_derivation_set_capacity) \
+ X(tfm_crypto_key_derivation_input_bytes) \
+ X(tfm_crypto_key_derivation_input_key) \
+ X(tfm_crypto_key_derivation_key_agreement)\
+ X(tfm_crypto_key_derivation_output_bytes) \
+ X(tfm_crypto_key_derivation_output_key) \
+ X(tfm_crypto_key_derivation_abort) \
+ X(tfm_crypto_raw_key_agreement) \
X(tfm_crypto_generate_random) \
X(tfm_crypto_generate_key) \
+ X(tfm_crypto_set_key_domain_parameters) \
+ X(tfm_crypto_get_key_domain_parameters) \
#define X(api_name) UNIFORM_SIGNATURE_API(api_name);
LIST_TFM_CRYPTO_UNIFORM_SIGNATURE_API