Crypto: Enable CC312 runtime library
Enable in cmake. Update mbedtls config to use hardware functions. Add
init function.
Change-Id: I874999056d62c8855c1d934a33d4ab4c5c74c569
Signed-off-by: Raef Coles <raef.coles@arm.com>
diff --git a/platform/ext/common/cc312/crypto_hw.h b/platform/ext/common/cc312/crypto_hw.h
index 163070d..f0675dd 100644
--- a/platform/ext/common/cc312/crypto_hw.h
+++ b/platform/ext/common/cc312/crypto_hw.h
@@ -12,6 +12,13 @@
extern "C" {
#endif /* __cplusplus */
+/* The CC312 uses some the MBEDTLS heap buffer, so it needs increasing in size
+ * to allow attest crypto operations to still function.
+ */
+#ifndef TFM_CRYPTO_ENGINE_BUF_SIZE
+#define TFM_CRYPTO_ENGINE_BUF_SIZE (0x4000) /* 16KB for EC signing in attest */
+#endif
+
/**
* \brief Initialize the CC312 crypto accelerator
*
diff --git a/platform/ext/common/tfm_mbedcrypto_config.h b/platform/ext/common/tfm_mbedcrypto_config.h
index a63e471..13c6f14 100644
--- a/platform/ext/common/tfm_mbedcrypto_config.h
+++ b/platform/ext/common/tfm_mbedcrypto_config.h
@@ -3364,6 +3364,10 @@
*/
//#define MBEDTLS_PLATFORM_GMTIME_R_ALT
+#ifdef CRYPTO_HW_ACCELERATOR
+#include "mbedtls_accelerator_config.h"
+#endif
+
/* \} name SECTION: Customisation configuration options */
/* Target and application specific configurations
diff --git a/secure_fw/services/crypto/CMakeLists.txt b/secure_fw/services/crypto/CMakeLists.txt
index d6d70f9..f7d7135 100644
--- a/secure_fw/services/crypto/CMakeLists.txt
+++ b/secure_fw/services/crypto/CMakeLists.txt
@@ -28,20 +28,29 @@
set (CRYPTO_ENGINE_MBEDTLS ON)
if (CRYPTO_ENGINE_MBEDTLS)
- #Define location of Mbed Crypto source, build, and installation directory.
- get_filename_component(MBEDCRYPTO_SOURCE_DIR "${TFM_ROOT_DIR}/../mbed-crypto" ABSOLUTE)
- set (MBEDCRYPTO_BINARY_DIR "${CMAKE_CURRENT_BINARY_DIR}/mbed-crypto/build")
- set (MBEDCRYPTO_INSTALL_DIR ${MBEDCRYPTO_BINARY_DIR}/../install)
- set (MBEDCRYPTO_TARGET_NAME "mbedcrypto_lib")
+ set (MBEDTLS_CONFIG_FILE "tfm_mbedcrypto_config.h")
+ set (MBEDTLS_CONFIG_PATH "${PLATFORM_DIR}/common")
+ #Define location of Mbed Crypto source, build, and installation directory.
+ get_filename_component(MBEDCRYPTO_SOURCE_DIR "${TFM_ROOT_DIR}/../mbed-crypto" ABSOLUTE)
+ set (MBEDCRYPTO_BINARY_DIR "${CMAKE_CURRENT_BINARY_DIR}/mbed-crypto/build")
+ set (MBEDCRYPTO_INSTALL_DIR ${MBEDCRYPTO_BINARY_DIR}/../install)
+ set (MBEDCRYPTO_TARGET_NAME "mbedcrypto_lib")
endif()
include(CMakeLists.inc)
+if (CRYPTO_HW_ACCELERATOR)
+ if(NOT DEFINED CRYPTO_HW_ACCELERATOR_CMAKE_BUILD)
+ message(FATAL_ERROR "CRYPTO_HW_ACCELERATOR_CMAKE_BUILD not defined.")
+ endif()
+ include(${CRYPTO_HW_ACCELERATOR_CMAKE_BUILD})
+endif()
+
#Create a list of the C defines
list(APPEND TFM_CRYPTO_C_DEFINES_LIST __ARM_FEATURE_CMSE=${ARM_FEATURE_CMSE} __thumb2__ TFM_LVL=${TFM_LVL})
if (CRYPTO_ENGINE_MBEDTLS)
- list(APPEND TFM_CRYPTO_C_DEFINES_LIST TFM_CRYPTO_ENGINE_MBEDTLS MBEDTLS_CONFIG_FILE="platform/ext/common/tfm_mbedcrypto_config.h")
+ list(APPEND TFM_CRYPTO_C_DEFINES_LIST TFM_CRYPTO_ENGINE_MBEDTLS MBEDTLS_CONFIG_FILE="${MBEDTLS_CONFIG_FILE}")
endif()
#Add module configuration parameters in case they are provided during CMake configuration step
@@ -53,35 +62,43 @@
TFM_CRYPTO_GENERATOR_MODULE_DISABLED=${CRYPTO_GENERATOR_MODULE_DISABLED}
TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED=${CRYPTO_ASYMMETRIC_MODULE_DISABLED})
if (DEFINED CRYPTO_ENGINE_BUF_SIZE)
- list(APPEND TFM_CRYPTO_C_DEFINES_LIST TFM_CRYPTO_ENGINE_BUF_SIZE=${CRYPTO_ENGINE_BUF_SIZE})
+ list(APPEND TFM_CRYPTO_C_DEFINES_LIST TFM_CRYPTO_ENGINE_BUF_SIZE=${CRYPTO_ENGINE_BUF_SIZE})
endif()
if (DEFINED CRYPTO_CONC_OPER_NUM)
- list(APPEND TFM_CRYPTO_C_DEFINES_LIST TFM_CRYPTO_CONC_OPER_NUM=${CRYPTO_CONC_OPER_NUM})
+ list(APPEND TFM_CRYPTO_C_DEFINES_LIST TFM_CRYPTO_CONC_OPER_NUM=${CRYPTO_CONC_OPER_NUM})
endif()
if (TFM_PSA_API AND DEFINED CRYPTO_IOVEC_BUFFER_SIZE)
- list(APPEND TFM_CRYPTO_C_DEFINES_LIST TFM_CRYPTO_IOVEC_BUFFER_SIZE=${CRYPTO_IOVEC_BUFFER_SIZE})
+ list(APPEND TFM_CRYPTO_C_DEFINES_LIST TFM_CRYPTO_IOVEC_BUFFER_SIZE=${CRYPTO_IOVEC_BUFFER_SIZE})
endif()
if (CRYPTO_ENGINE_MBEDTLS)
- #Set Mbed Crypto compiler flags
- set(MBEDCRYPTO_C_FLAGS ${MBEDCRYPTO_C_FLAGS_SERVICES})
- string(APPEND MBEDCRYPTO_C_FLAGS " -DMBEDTLS_CONFIG_FILE=\\\\\\\"tfm_mbedcrypto_config.h\\\\\\\""
- " -I${CMAKE_CURRENT_LIST_DIR}")
+ #Set Mbed Crypto compiler flags
+ string(APPEND MBEDCRYPTO_C_FLAGS " ${MBEDCRYPTO_C_FLAGS_SERVICES}")
+ string(APPEND MBEDCRYPTO_C_FLAGS " -DMBEDTLS_CONFIG_FILE=\\\\\\\"${MBEDTLS_CONFIG_FILE}\\\\\\\""
+ " -I${CMAKE_CURRENT_LIST_DIR}")
- #Build Mbed Crypto as external project.
- #This ensures Mbed Crypto is built with exactly defined settings.
- #Mbed Crypto will be used from its install location
- include(${TFM_ROOT_DIR}/BuildMbedCrypto.cmake)
+ #Build Mbed Crypto as external project.
+ #This ensures Mbed Crypto is built with exactly defined settings.
+ #Mbed Crypto will be used from its install location
+ include(${TFM_ROOT_DIR}/BuildMbedCrypto.cmake)
endif()
#Specify what we build (for the crypto service, build as a static library)
add_library(tfm_crypto STATIC ${ALL_SRC_ASM} ${ALL_SRC_C})
embedded_set_target_compile_defines(TARGET tfm_crypto LANGUAGE C DEFINES ${TFM_CRYPTO_C_DEFINES_LIST})
if (CRYPTO_ENGINE_MBEDTLS)
- #Add a dependency on the Mbed Crypto install target.
- add_dependencies(tfm_crypto ${MBEDCRYPTO_TARGET_NAME}_install)
- #Ask the compiler to merge the Mbed Crypto and crypto service libraries.
- compiler_merge_library(DEST tfm_crypto LIBS "${MBEDCRYPTO_INSTALL_DIR}/lib/${CMAKE_STATIC_LIBRARY_PREFIX_C}mbedcrypto${CMAKE_STATIC_LIBRARY_SUFFIX_C}")
+ #Add a dependency on the Mbed Crypto install target.
+ add_dependencies(tfm_crypto ${MBEDCRYPTO_TARGET_NAME}_install)
+ #Ask the compiler to merge the Mbed Crypto and crypto service libraries.
+ compiler_merge_library(DEST tfm_crypto LIBS "${MBEDCRYPTO_INSTALL_DIR}/lib/${CMAKE_STATIC_LIBRARY_PREFIX_C}mbedcrypto${CMAKE_STATIC_LIBRARY_SUFFIX_C}")
+
+ #Link crypto accelerator libraries if applicable
+ if (CRYPTO_HW_ACCELERATOR)
+ if(NOT DEFINED CRYPTO_HW_ACCELERATOR_CMAKE_LINK)
+ message(FATAL_ERROR "CRYPTO_HW_ACCELERATOR_CMAKE_LINK not defined.")
+ endif()
+ include(${CRYPTO_HW_ACCELERATOR_CMAKE_LINK})
+ endif()
endif()
#Set common compiler and linker flags
diff --git a/secure_fw/services/crypto/crypto_init.c b/secure_fw/services/crypto/crypto_init.c
index bdb99e4..b3acd55 100644
--- a/secure_fw/services/crypto/crypto_init.c
+++ b/secure_fw/services/crypto/crypto_init.c
@@ -20,6 +20,10 @@
#include "tfm_secure_api.h"
#endif
+#ifdef CRYPTO_HW_ACCELERATOR
+#include "crypto_hw.h"
+#endif /* CRYPTO_HW_ACCLERATOR */
+
#ifdef TFM_PSA_API
#include "psa/service.h"
#include "psa_manifest/tfm_crypto.h"
@@ -282,6 +286,13 @@
mbedtls_memory_buffer_alloc_init(mbedtls_mem_buf,
TFM_CRYPTO_ENGINE_BUF_SIZE);
+ /* Initialise the crypto accelerator if one is enabled */
+#ifdef CRYPTO_HW_ACCELERATOR
+ if (crypto_hw_accelerator_init() != 0) {
+ return PSA_ERROR_HARDWARE_FAILURE;
+ }
+#endif /* CRYPTO_HW_ACCELERATOR */
+
/* Previous function does not return any value, so just call the
* initialisation function of the Mbed Crypto layer
*/
diff --git a/test/suites/crypto/crypto_tests_common.c b/test/suites/crypto/crypto_tests_common.c
index 5ee65ce..7c5a265 100644
--- a/test/suites/crypto/crypto_tests_common.c
+++ b/test/suites/crypto/crypto_tests_common.c
@@ -130,6 +130,17 @@
ret->val = TEST_PASSED;
+ /* FIXME: Special override for the CC312 accelerator. Implemented because
+ * there is not yet a generic way to override tests.
+ */
+#ifdef CRYPTO_HW_ACCELERATOR_CC312
+ if (alg == PSA_ALG_CFB) {
+ TEST_LOG("%s %s", "The CC312 does not support CFB mode.",
+ "The test execution was SKIPPED.\r\n");
+ return;
+ }
+#endif /* CRYPTO_HW_ACCELERATOR_CC312 */
+
/* Allocate a transient key */
status = psa_allocate_key(&key_handle);
if (status != PSA_SUCCESS) {