Crypto: Upgrade Mbed TLS to 2.25
Set the MBEDCRYPTO_VERSION to 2.25.0.
First three patches in existing v2.24 already applied in v2.25
and hence removed.
Replaced MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER with
MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER in all configuration and
source as updated in v2.25 library.
Update all headers of psa/include as per mbedtls-v2.25 excluding
changes required to hide some implementation.
Update id field in the client_key_attributes structure to
psa_key_id_t.
Update Copyright year to 2021!
Removed patch 006 as not required in MbedTLS v2.25.0.
Update references of handle to key as per MbedTLS api changes.
Increase NUM_HANDLES to 32 to accommodate crypto api tests.
Added corresponding tfm implementation of psa_purge_key().
Signed-off-by: Maulik Patel <maulik.patel@arm.com>
Change-Id: I6a532da96735cf32996250c4a8733a8654c1f44e
diff --git a/secure_fw/partitions/crypto/crypto_cipher.c b/secure_fw/partitions/crypto/crypto_cipher.c
index 6e47f61..03849df 100644
--- a/secure_fw/partitions/crypto/crypto_cipher.c
+++ b/secure_fw/partitions/crypto/crypto_cipher.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2020, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2021, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -133,10 +133,11 @@
const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
uint32_t handle = iov->op_handle;
uint32_t *handle_out = out_vec[0].base;
- psa_key_handle_t key_handle = iov->key_handle;
+ psa_key_id_t key_id = iov->key_id;
psa_algorithm_t alg = iov->alg;
+ mbedtls_svc_key_id_t encoded_key;
- status = tfm_crypto_check_handle_owner(key_handle, NULL);
+ status = tfm_crypto_check_handle_owner(key_id, NULL);
if (status != PSA_SUCCESS) {
return status;
}
@@ -148,10 +149,14 @@
if (status != PSA_SUCCESS) {
return status;
}
-
*handle_out = handle;
- status = psa_cipher_encrypt_setup(operation, key_handle, alg);
+ status = tfm_crypto_encode_id_and_owner(key_id, &encoded_key);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
+
+ status = psa_cipher_encrypt_setup(operation, encoded_key, alg);
if (status != PSA_SUCCESS) {
/* Release the operation context, ignore if the operation fails. */
(void)tfm_crypto_operation_release(handle_out);
@@ -182,10 +187,11 @@
const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
uint32_t handle = iov->op_handle;
uint32_t *handle_out = out_vec[0].base;
- psa_key_handle_t key_handle = iov->key_handle;
+ psa_key_id_t key_id = iov->key_id;
psa_algorithm_t alg = iov->alg;
+ mbedtls_svc_key_id_t encoded_key;
- status = tfm_crypto_check_handle_owner(key_handle, NULL);
+ status = tfm_crypto_check_handle_owner(key_id, NULL);
if (status != PSA_SUCCESS) {
return status;
}
@@ -199,8 +205,12 @@
}
*handle_out = handle;
+ status = tfm_crypto_encode_id_and_owner(key_id, &encoded_key);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
- status = psa_cipher_decrypt_setup(operation, key_handle, alg);
+ status = psa_cipher_decrypt_setup(operation, encoded_key, alg);
if (status != PSA_SUCCESS) {
/* Release the operation context, ignore if the operation fails. */
(void)tfm_crypto_operation_release(handle_out);