crypto: decouple the PSA Crypto interface from TF-M flags
This patch cleanup the PSA Crypto interface headers files and
decouples it from TF-M build flag dependencies. The
`psa_key_attributes_t` struct definition previously depended
on various config options. The struct now only has fields
which can be set and read by the client. Hence the client
view of the structure is now defined separately in the
crypto_client_struct.h header.
The platform dependant definitions of the PSA Crypto types
are fixed and hence the crypto_platform.h header is removed
and the contents are moved to other PSA crypto headers.
The previous intermediate solution for hiding the type
differences between crypto server and client view via
`psa_client_core_key_attributes_t` is now removed.
Change-Id: I2644b5a2da3babe561c569ebf5690b3daa576a12
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
diff --git a/secure_fw/partitions/crypto/crypto_key.c b/secure_fw/partitions/crypto/crypto_key.c
index ef3b309..ff062ac 100644
--- a/secure_fw/partitions/crypto/crypto_key.c
+++ b/secure_fw/partitions/crypto/crypto_key.c
@@ -37,10 +37,9 @@
* \defgroup public Public functions
*
*/
-
/*!@{*/
psa_status_t tfm_crypto_key_attributes_from_client(
- const psa_client_key_attributes_t *client_key_attr,
+ const struct psa_client_key_attributes_s *client_key_attr,
int32_t client_id,
psa_key_attributes_t *key_attributes)
{
@@ -48,19 +47,17 @@
return PSA_ERROR_PROGRAMMER_ERROR;
}
- /* Domain parameters are not supported, ignore any passed by the client */
- key_attributes->domain_parameters = NULL;
- key_attributes->domain_parameters_size = 0;
+ *key_attributes = psa_key_attributes_init();
/* Copy core key attributes from the client core key attributes */
- key_attributes->core.type = client_key_attr->core.type;
- key_attributes->core.lifetime = client_key_attr->core.lifetime;
- key_attributes->core.policy = client_key_attr->core.policy;
- key_attributes->core.bits = client_key_attr->core.bits;
- key_attributes->core.flags = client_key_attr->core.flags;
+ key_attributes->core.type = client_key_attr->type;
+ key_attributes->core.lifetime = client_key_attr->lifetime;
+ key_attributes->core.policy.usage = client_key_attr->usage;
+ key_attributes->core.policy.alg = client_key_attr->alg;
+ key_attributes->core.bits = client_key_attr->bits;
/* Use the client key id as the key_id and its partition id as the owner */
- key_attributes->core.id.key_id = client_key_attr->core.id;
+ key_attributes->core.id.key_id = client_key_attr->id;
key_attributes->core.id.owner = client_id;
return PSA_SUCCESS;
@@ -68,25 +65,24 @@
psa_status_t tfm_crypto_key_attributes_to_client(
const psa_key_attributes_t *key_attributes,
- psa_client_key_attributes_t *client_key_attr)
+ struct psa_client_key_attributes_s *client_key_attr)
{
if (client_key_attr == NULL || key_attributes == NULL) {
return PSA_ERROR_PROGRAMMER_ERROR;
}
- /* Domain parameters are not supported, avoid passing any to the client */
- client_key_attr->domain_parameters = NULL;
- client_key_attr->domain_parameters_size = 0;
+ struct psa_client_key_attributes_s v = PSA_CLIENT_KEY_ATTRIBUTES_INIT;
+ *client_key_attr = v;
- /* Copy core key attributes to the client core key attributes */
- client_key_attr->core.type = key_attributes->core.type;
- client_key_attr->core.lifetime = key_attributes->core.lifetime;
- client_key_attr->core.policy = key_attributes->core.policy;
- client_key_attr->core.bits = key_attributes->core.bits;
- client_key_attr->core.flags = key_attributes->core.flags;
+ /* Copy core key attributes from the client core key attributes */
+ client_key_attr->type = key_attributes->core.type;
+ client_key_attr->lifetime = key_attributes->core.lifetime;
+ client_key_attr->usage = key_attributes->core.policy.usage;
+ client_key_attr->alg = key_attributes->core.policy.alg;
+ client_key_attr->bits = key_attributes->core.bits;
/* Return the key_id as the client key id, do not return the owner */
- client_key_attr->core.id = key_attributes->core.id.key_id;
+ client_key_attr->id = key_attributes->core.id.key_id;
return PSA_SUCCESS;
}
@@ -203,11 +199,11 @@
}
if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
- (in_vec[1].len != sizeof(psa_client_key_attributes_t)) ||
+ (in_vec[1].len != sizeof(struct psa_client_key_attributes_s)) ||
(out_vec[0].len != sizeof(psa_key_handle_t))) {
return PSA_ERROR_CONNECTION_REFUSED;
}
- const psa_client_key_attributes_t *client_key_attr = in_vec[1].base;
+ const struct psa_client_key_attributes_s *client_key_attr = in_vec[1].base;
const uint8_t *data = in_vec[2].base;
size_t data_length = in_vec[2].len;
psa_key_handle_t *key_handle = out_vec[0].base;
@@ -398,13 +394,13 @@
}
if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
- (out_vec[0].len != sizeof(psa_client_key_attributes_t))) {
+ (out_vec[0].len != sizeof(struct psa_client_key_attributes_s))) {
return PSA_ERROR_CONNECTION_REFUSED;
}
const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
psa_key_handle_t key = iov->key_handle;
- psa_client_key_attributes_t *client_key_attr = out_vec[0].base;
+ struct psa_client_key_attributes_s *client_key_attr = out_vec[0].base;
psa_status_t status;
psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -437,11 +433,11 @@
}
if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
- (out_vec[0].len != sizeof(psa_client_key_attributes_t))) {
+ (out_vec[0].len != sizeof(struct psa_client_key_attributes_s))) {
return PSA_ERROR_CONNECTION_REFUSED;
}
- psa_client_key_attributes_t *client_key_attr = out_vec[0].base;
+ struct psa_client_key_attributes_s *client_key_attr = out_vec[0].base;
psa_status_t status;
psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
int32_t partition_id;
@@ -530,14 +526,14 @@
if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
(out_vec[0].len != sizeof(psa_key_handle_t)) ||
- (in_vec[1].len != sizeof(psa_client_key_attributes_t))) {
+ (in_vec[1].len != sizeof(struct psa_client_key_attributes_s))) {
return PSA_ERROR_CONNECTION_REFUSED;
}
const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
psa_key_handle_t source_handle = iov->key_handle;
psa_key_handle_t *target_handle = out_vec[0].base;
- const psa_client_key_attributes_t *client_key_attr = in_vec[1].base;
+ const struct psa_client_key_attributes_s *client_key_attr = in_vec[1].base;
psa_status_t status;
psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
uint32_t i = 0;
@@ -592,12 +588,12 @@
}
if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
- (in_vec[1].len != sizeof(psa_client_key_attributes_t)) ||
+ (in_vec[1].len != sizeof(struct psa_client_key_attributes_s)) ||
(out_vec[0].len != sizeof(psa_key_handle_t))) {
return PSA_ERROR_CONNECTION_REFUSED;
}
psa_key_handle_t *key_handle = out_vec[0].base;
- const psa_client_key_attributes_t *client_key_attr = in_vec[1].base;
+ const struct psa_client_key_attributes_s *client_key_attr = in_vec[1].base;
psa_status_t status;
psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
uint32_t i = 0;