SST: Crypto service binding
Refactors the SST crypto interface to call into the Crypto service
instead of Mbed TLS. Removes the Mbed TLS build from the SST build
files.
Change-Id: Iff3bdf799c66127c7b71a9f5a8c54e887134a8e8
Signed-off-by: Jamie Fox <jamie.fox@arm.com>
diff --git a/CommonConfig.cmake b/CommonConfig.cmake
index eb07016..8f24174 100644
--- a/CommonConfig.cmake
+++ b/CommonConfig.cmake
@@ -229,7 +229,7 @@
endif()
endif()
-##Set mbedTLS compiler flags and variables for secure storage, audit log and crypto
+##Set Mbed TLS compiler flags and variables for audit log and crypto
set(MBEDTLS_C_FLAGS_SERVICES "-D__ARM_FEATURE_CMSE=3 -D__thumb2__ ${COMMON_COMPILE_FLAGS_STR} -I${CMAKE_CURRENT_LIST_DIR}/platform/ext/common")
#Default TF-M secure storage flags.
diff --git a/secure_fw/services/crypto/crypto_init.c b/secure_fw/services/crypto/crypto_init.c
index 596d2fc..e68090b 100644
--- a/secure_fw/services/crypto/crypto_init.c
+++ b/secure_fw/services/crypto/crypto_init.c
@@ -47,7 +47,7 @@
* in bytes
*/
#ifndef TFM_CRYPTO_IOVEC_BUFFER_SIZE
-#define TFM_CRYPTO_IOVEC_BUFFER_SIZE (1024)
+#define TFM_CRYPTO_IOVEC_BUFFER_SIZE (5120)
#endif
/**
diff --git a/secure_fw/services/secure_storage/CMakeLists.inc b/secure_fw/services/secure_storage/CMakeLists.inc
index eae93be..a2a6cb8 100644
--- a/secure_fw/services/secure_storage/CMakeLists.inc
+++ b/secure_fw/services/secure_storage/CMakeLists.inc
@@ -9,7 +9,6 @@
#This file assumes it will be included from a project specific cmakefile, and
#will not create a library or executable.
#Inputs:
-# MBEDTLS_INSTALL_DIR - directory where mbedtls headers and libraries can be found.
# TFM_ROOT_DIR - root directory of the TF-M repository.
#Outputs:
# Will modify include directories to make the source compile.
@@ -22,10 +21,6 @@
set(SECURE_STORAGE_DIR ${CMAKE_CURRENT_LIST_DIR})
#Check input variables
-if (NOT DEFINED MBEDTLS_INSTALL_DIR)
- message(FATAL_ERROR "Please set MBEDTLS_INSTALL_DIR before including this file.")
-endif()
-
if (NOT DEFINED TFM_ROOT_DIR)
message(FATAL_ERROR "Please set TFM_ROOT_DIR before including this file.")
endif()
@@ -119,7 +114,6 @@
#Setting include directories
embedded_include_directories(PATH ${TFM_ROOT_DIR} ABSOLUTE)
embedded_include_directories(PATH ${TFM_ROOT_DIR}/interface/include ABSOLUTE)
-embedded_include_directories(PATH ${MBEDTLS_INSTALL_DIR}/include ABSOLUTE)
embedded_include_directories(PATH ${TFM_ROOT_DIR}/secure_fw/spm ABSOLUTE)
embedded_include_directories(PATH ${TFM_ROOT_DIR}/secure_fw/core ABSOLUTE)
embedded_include_directories(PATH ${TFM_ROOT_DIR}/platform/ext/common ABSOLUTE)
diff --git a/secure_fw/services/secure_storage/CMakeLists.txt b/secure_fw/services/secure_storage/CMakeLists.txt
index acba11b..16a14da 100644
--- a/secure_fw/services/secure_storage/CMakeLists.txt
+++ b/secure_fw/services/secure_storage/CMakeLists.txt
@@ -21,15 +21,6 @@
###Some project global settings
set (SECURE_STORAGE_DIR "${CMAKE_CURRENT_LIST_DIR}")
get_filename_component(TFM_ROOT_DIR "${SECURE_STORAGE_DIR}/../../.." ABSOLUTE)
-#Define location of mbedtls source, build, and installation directory.
-get_filename_component(MBEDTLS_SOURCE_DIR "${TFM_ROOT_DIR}/../mbedtls" ABSOLUTE)
-set (MBEDTLS_BINARY_DIR "${CMAKE_CURRENT_BINARY_DIR}/mbedtls")
-set (MBEDTLS_INSTALL_DIR ${MBEDTLS_BINARY_DIR}/mbedtls_install)
-set (MBEDTLS_TARGET_NAME "mbedtls_sst_lib")
-
-#Set mbedTLS compiler flags
-set(MBEDTLS_C_FLAGS ${MBEDTLS_C_FLAGS_SERVICES})
-string(APPEND MBEDTLS_C_FLAGS " -DMBEDTLS_CONFIG_FILE=\\\\\\\"tfm_mbedtls_config.h\\\\\\\"")
###Get the definition of what files we need to build
include(CMakeLists.inc)
@@ -38,15 +29,6 @@
message(FATAL_ERROR "Incomplete build configuration: TFM_LVL is undefined. ")
endif()
-#Set preinclude header options for mbedtls
-set(MBEDTLS_PREINCLUDE_PREFIX __tfm_storage__)
-set(MBEDTLS_PREINCLUDE_HEADER ${SECURE_STORAGE_DIR}/crypto/mbedtls_global_symbols.h)
-
-#Build mbedtls as external project.
-#This ensures mbedtls is built with exactly defined settings.
-#mbedtls will be used from its install location
-include(${TFM_ROOT_DIR}/BuildMbedtls.cmake)
-
# Specify what we build (for the secure storage service, build as a static library)
add_library(tfm_storage STATIC ${ALL_SRC_ASM} ${ALL_SRC_C})
@@ -55,9 +37,5 @@
config_setting_shared_linker_flags(tfm_storage)
embedded_set_target_compile_defines(TARGET tfm_storage LANGUAGE C DEFINES __ARM_FEATURE_CMSE=3 __thumb2__ TFM_LVL=${TFM_LVL})
-#Add a dependency on the mbed_tls_lib_install target.
-add_dependencies(tfm_storage ${MBEDTLS_TARGET_NAME}_install)
-#Ask the compiler to merge the mbedtls and the secure storage libraries.
-compiler_merge_library(DEST tfm_storage LIBS "${MBEDTLS_INSTALL_DIR}/lib/${CMAKE_STATIC_LIBRARY_PREFIX_C}mbedcrypto${CMAKE_STATIC_LIBRARY_SUFFIX_C}")
embedded_project_end(tfm_storage)
diff --git a/secure_fw/services/secure_storage/crypto/mbedtls_global_symbols.h b/secure_fw/services/secure_storage/crypto/mbedtls_global_symbols.h
deleted file mode 100644
index 59778ad..0000000
--- a/secure_fw/services/secure_storage/crypto/mbedtls_global_symbols.h
+++ /dev/null
@@ -1,878 +0,0 @@
-/*
- * Copyright (c) 2018-2019, Arm Limited. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- *
- */
-
-#ifndef __MBEDTLS_GLOBAL_SYMBOLS_H__
-#define __MBEDTLS_GLOBAL_SYMBOLS_H__
-
-#ifndef LIB_PREFIX_NAME
-#warning "LIB_PREFIX_NAME is undefined!!!"
-#define LIB_PREFIX_NAME
-#endif
-
-#define _CONCAT(A,B) A##B
-#define CONCAT(A,B) _CONCAT(A,B)
-
-#define mbedtls_aes_crypt_cbc \
- CONCAT(LIB_PREFIX_NAME, mbedtls_aes_crypt_cbc)
-#define mbedtls_aes_crypt_cfb128 \
- CONCAT(LIB_PREFIX_NAME, mbedtls_aes_crypt_cfb128)
-#define mbedtls_aes_crypt_cfb8 \
- CONCAT(LIB_PREFIX_NAME, mbedtls_aes_crypt_cfb8)
-#define mbedtls_aes_crypt_ctr \
- CONCAT(LIB_PREFIX_NAME, mbedtls_aes_crypt_ctr)
-#define mbedtls_aes_crypt_ecb \
- CONCAT(LIB_PREFIX_NAME, mbedtls_aes_crypt_ecb)
-#define mbedtls_aes_decrypt \
- CONCAT(LIB_PREFIX_NAME, mbedtls_aes_decrypt)
-#define mbedtls_aes_encrypt \
- CONCAT(LIB_PREFIX_NAME, mbedtls_aes_encrypt)
-#define mbedtls_aes_free \
- CONCAT(LIB_PREFIX_NAME, mbedtls_aes_free)
-#define mbedtls_aes_init \
- CONCAT(LIB_PREFIX_NAME, mbedtls_aes_init)
-#define mbedtls_aes_self_test \
- CONCAT(LIB_PREFIX_NAME, mbedtls_aes_self_test)
-#define mbedtls_aes_setkey_dec \
- CONCAT(LIB_PREFIX_NAME, mbedtls_aes_setkey_dec)
-#define mbedtls_aes_setkey_enc \
- CONCAT(LIB_PREFIX_NAME, mbedtls_aes_setkey_enc)
-#define mbedtls_arc4_crypt \
- CONCAT(LIB_PREFIX_NAME, mbedtls_arc4_crypt)
-#define mbedtls_arc4_free \
- CONCAT(LIB_PREFIX_NAME, mbedtls_arc4_free)
-#define mbedtls_arc4_init \
- CONCAT(LIB_PREFIX_NAME, mbedtls_arc4_init)
-#define mbedtls_arc4_self_test \
- CONCAT(LIB_PREFIX_NAME, mbedtls_arc4_self_test)
-#define mbedtls_arc4_setup \
- CONCAT(LIB_PREFIX_NAME, mbedtls_arc4_setup)
-#define mbedtls_asn1_find_named_data \
- CONCAT(LIB_PREFIX_NAME, mbedtls_asn1_find_named_data)
-#define mbedtls_asn1_free_named_data \
- CONCAT(LIB_PREFIX_NAME, mbedtls_asn1_free_named_data)
-#define mbedtls_asn1_free_named_data_list \
- CONCAT(LIB_PREFIX_NAME, mbedtls_asn1_free_named_data_list)
-#define mbedtls_asn1_get_alg \
- CONCAT(LIB_PREFIX_NAME, mbedtls_asn1_get_alg)
-#define mbedtls_asn1_get_alg_null \
- CONCAT(LIB_PREFIX_NAME, mbedtls_asn1_get_alg_null)
-#define mbedtls_asn1_get_bitstring \
- CONCAT(LIB_PREFIX_NAME, mbedtls_asn1_get_bitstring)
-#define mbedtls_asn1_get_bitstring_null \
- CONCAT(LIB_PREFIX_NAME, mbedtls_asn1_get_bitstring_null)
-#define mbedtls_asn1_get_bool \
- CONCAT(LIB_PREFIX_NAME, mbedtls_asn1_get_bool)
-#define mbedtls_asn1_get_int \
- CONCAT(LIB_PREFIX_NAME, mbedtls_asn1_get_int)
-#define mbedtls_asn1_get_len \
- CONCAT(LIB_PREFIX_NAME, mbedtls_asn1_get_len)
-#define mbedtls_asn1_get_mpi \
- CONCAT(LIB_PREFIX_NAME, mbedtls_asn1_get_mpi)
-#define mbedtls_asn1_get_sequence_of \
- CONCAT(LIB_PREFIX_NAME, mbedtls_asn1_get_sequence_of)
-#define mbedtls_asn1_get_tag \
- CONCAT(LIB_PREFIX_NAME, mbedtls_asn1_get_tag)
-#define mbedtls_asn1_store_named_data \
- CONCAT(LIB_PREFIX_NAME, mbedtls_asn1_store_named_data)
-#define mbedtls_asn1_write_algorithm_identifier \
- CONCAT(LIB_PREFIX_NAME, mbedtls_asn1_write_algorithm_identifier)
-#define mbedtls_asn1_write_bitstring \
- CONCAT(LIB_PREFIX_NAME, mbedtls_asn1_write_bitstring)
-#define mbedtls_asn1_write_bool \
- CONCAT(LIB_PREFIX_NAME, mbedtls_asn1_write_bool)
-#define mbedtls_asn1_write_ia5_string \
- CONCAT(LIB_PREFIX_NAME, mbedtls_asn1_write_ia5_string)
-#define mbedtls_asn1_write_int \
- CONCAT(LIB_PREFIX_NAME, mbedtls_asn1_write_int)
-#define mbedtls_asn1_write_len \
- CONCAT(LIB_PREFIX_NAME, mbedtls_asn1_write_len)
-#define mbedtls_asn1_write_mpi \
- CONCAT(LIB_PREFIX_NAME, mbedtls_asn1_write_mpi)
-#define mbedtls_asn1_write_null \
- CONCAT(LIB_PREFIX_NAME, mbedtls_asn1_write_null)
-#define mbedtls_asn1_write_octet_string \
- CONCAT(LIB_PREFIX_NAME, mbedtls_asn1_write_octet_string)
-#define mbedtls_asn1_write_oid \
- CONCAT(LIB_PREFIX_NAME, mbedtls_asn1_write_oid)
-#define mbedtls_asn1_write_printable_string \
- CONCAT(LIB_PREFIX_NAME, mbedtls_asn1_write_printable_string)
-#define mbedtls_asn1_write_raw_buffer \
- CONCAT(LIB_PREFIX_NAME, mbedtls_asn1_write_raw_buffer)
-#define mbedtls_asn1_write_tag \
- CONCAT(LIB_PREFIX_NAME, mbedtls_asn1_write_tag)
-#define mbedtls_base64_decode \
- CONCAT(LIB_PREFIX_NAME, mbedtls_base64_decode)
-#define mbedtls_base64_encode \
- CONCAT(LIB_PREFIX_NAME, mbedtls_base64_encode)
-#define mbedtls_base64_self_test \
- CONCAT(LIB_PREFIX_NAME, mbedtls_base64_self_test)
-#define mbedtls_blowfish_crypt_cbc \
- CONCAT(LIB_PREFIX_NAME, mbedtls_blowfish_crypt_cbc)
-#define mbedtls_blowfish_crypt_cfb64 \
- CONCAT(LIB_PREFIX_NAME, mbedtls_blowfish_crypt_cfb64)
-#define mbedtls_blowfish_crypt_ctr \
- CONCAT(LIB_PREFIX_NAME, mbedtls_blowfish_crypt_ctr)
-#define mbedtls_blowfish_crypt_ecb \
- CONCAT(LIB_PREFIX_NAME, mbedtls_blowfish_crypt_ecb)
-#define mbedtls_blowfish_free \
- CONCAT(LIB_PREFIX_NAME, mbedtls_blowfish_free)
-#define mbedtls_blowfish_init \
- CONCAT(LIB_PREFIX_NAME, mbedtls_blowfish_init)
-#define mbedtls_blowfish_setkey \
- CONCAT(LIB_PREFIX_NAME, mbedtls_blowfish_setkey)
-#define mbedtls_calloc \
- CONCAT(LIB_PREFIX_NAME, mbedtls_calloc)
-#define mbedtls_camellia_crypt_cbc \
- CONCAT(LIB_PREFIX_NAME, mbedtls_camellia_crypt_cbc)
-#define mbedtls_camellia_crypt_cfb128 \
- CONCAT(LIB_PREFIX_NAME, mbedtls_camellia_crypt_cfb128)
-#define mbedtls_camellia_crypt_ctr \
- CONCAT(LIB_PREFIX_NAME, mbedtls_camellia_crypt_ctr)
-#define mbedtls_camellia_crypt_ecb \
- CONCAT(LIB_PREFIX_NAME, mbedtls_camellia_crypt_ecb)
-#define mbedtls_camellia_free \
- CONCAT(LIB_PREFIX_NAME, mbedtls_camellia_free)
-#define mbedtls_camellia_init \
- CONCAT(LIB_PREFIX_NAME, mbedtls_camellia_init)
-#define mbedtls_camellia_self_test \
- CONCAT(LIB_PREFIX_NAME, mbedtls_camellia_self_test)
-#define mbedtls_camellia_setkey_dec \
- CONCAT(LIB_PREFIX_NAME, mbedtls_camellia_setkey_dec)
-#define mbedtls_camellia_setkey_enc \
- CONCAT(LIB_PREFIX_NAME, mbedtls_camellia_setkey_enc)
-#define mbedtls_ccm_auth_decrypt \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ccm_auth_decrypt)
-#define mbedtls_ccm_encrypt_and_tag \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ccm_encrypt_and_tag)
-#define mbedtls_ccm_free \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ccm_free)
-#define mbedtls_ccm_init \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ccm_init)
-#define mbedtls_ccm_self_test \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ccm_self_test)
-#define mbedtls_ccm_setkey \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ccm_setkey)
-#define mbedtls_ccm_star_auth_decrypt \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ccm_star_auth_decrypt)
-#define mbedtls_ccm_star_encrypt_and_tag \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ccm_star_encrypt_and_tag)
-#define mbedtls_cipher_auth_decrypt \
- CONCAT(LIB_PREFIX_NAME, mbedtls_cipher_auth_decrypt)
-#define mbedtls_cipher_auth_encrypt \
- CONCAT(LIB_PREFIX_NAME, mbedtls_cipher_auth_encrypt)
-#define mbedtls_cipher_check_tag \
- CONCAT(LIB_PREFIX_NAME, mbedtls_cipher_check_tag)
-#define mbedtls_cipher_crypt \
- CONCAT(LIB_PREFIX_NAME, mbedtls_cipher_crypt)
-#define mbedtls_cipher_definitions \
- CONCAT(LIB_PREFIX_NAME, mbedtls_cipher_definitions)
-#define mbedtls_cipher_finish \
- CONCAT(LIB_PREFIX_NAME, mbedtls_cipher_finish)
-#define mbedtls_cipher_free \
- CONCAT(LIB_PREFIX_NAME, mbedtls_cipher_free)
-#define mbedtls_cipher_info_from_string \
- CONCAT(LIB_PREFIX_NAME, mbedtls_cipher_info_from_string)
-#define mbedtls_cipher_info_from_type \
- CONCAT(LIB_PREFIX_NAME, mbedtls_cipher_info_from_type)
-#define mbedtls_cipher_info_from_values \
- CONCAT(LIB_PREFIX_NAME, mbedtls_cipher_info_from_values)
-#define mbedtls_cipher_init \
- CONCAT(LIB_PREFIX_NAME, mbedtls_cipher_init)
-#define mbedtls_cipher_list \
- CONCAT(LIB_PREFIX_NAME, mbedtls_cipher_list)
-#define mbedtls_cipher_reset \
- CONCAT(LIB_PREFIX_NAME, mbedtls_cipher_reset)
-#define mbedtls_cipher_set_iv \
- CONCAT(LIB_PREFIX_NAME, mbedtls_cipher_set_iv)
-#define mbedtls_cipher_setkey \
- CONCAT(LIB_PREFIX_NAME, mbedtls_cipher_setkey)
-#define mbedtls_cipher_set_padding_mode \
- CONCAT(LIB_PREFIX_NAME, mbedtls_cipher_set_padding_mode)
-#define mbedtls_cipher_setup \
- CONCAT(LIB_PREFIX_NAME, mbedtls_cipher_setup)
-#define mbedtls_cipher_supported \
- CONCAT(LIB_PREFIX_NAME, mbedtls_cipher_supported)
-#define mbedtls_cipher_update \
- CONCAT(LIB_PREFIX_NAME, mbedtls_cipher_update)
-#define mbedtls_cipher_update_ad \
- CONCAT(LIB_PREFIX_NAME, mbedtls_cipher_update_ad)
-#define mbedtls_cipher_write_tag \
- CONCAT(LIB_PREFIX_NAME, mbedtls_cipher_write_tag)
-#define mbedtls_ctr_drbg_free \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ctr_drbg_free)
-#define mbedtls_ctr_drbg_init \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ctr_drbg_init)
-#define mbedtls_ctr_drbg_random \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ctr_drbg_random)
-#define mbedtls_ctr_drbg_random_with_add \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ctr_drbg_random_with_add)
-#define mbedtls_ctr_drbg_reseed \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ctr_drbg_reseed)
-#define mbedtls_ctr_drbg_seed \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ctr_drbg_seed)
-#define mbedtls_ctr_drbg_seed_entropy_len \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ctr_drbg_seed_entropy_len)
-#define mbedtls_ctr_drbg_self_test \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ctr_drbg_self_test)
-#define mbedtls_ctr_drbg_set_entropy_len \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ctr_drbg_set_entropy_len)
-#define mbedtls_ctr_drbg_set_prediction_resistance \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ctr_drbg_set_prediction_resistance)
-#define mbedtls_ctr_drbg_set_reseed_interval \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ctr_drbg_set_reseed_interval)
-#define mbedtls_ctr_drbg_update \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ctr_drbg_update)
-#define mbedtls_des3_crypt_cbc \
- CONCAT(LIB_PREFIX_NAME, mbedtls_des3_crypt_cbc)
-#define mbedtls_des3_crypt_ecb \
- CONCAT(LIB_PREFIX_NAME, mbedtls_des3_crypt_ecb)
-#define mbedtls_des3_free \
- CONCAT(LIB_PREFIX_NAME, mbedtls_des3_free)
-#define mbedtls_des3_init \
- CONCAT(LIB_PREFIX_NAME, mbedtls_des3_init)
-#define mbedtls_des3_set2key_dec \
- CONCAT(LIB_PREFIX_NAME, mbedtls_des3_set2key_dec)
-#define mbedtls_des3_set2key_enc \
- CONCAT(LIB_PREFIX_NAME, mbedtls_des3_set2key_enc)
-#define mbedtls_des3_set3key_dec \
- CONCAT(LIB_PREFIX_NAME, mbedtls_des3_set3key_dec)
-#define mbedtls_des3_set3key_enc \
- CONCAT(LIB_PREFIX_NAME, mbedtls_des3_set3key_enc)
-#define mbedtls_des_crypt_cbc \
- CONCAT(LIB_PREFIX_NAME, mbedtls_des_crypt_cbc)
-#define mbedtls_des_crypt_ecb \
- CONCAT(LIB_PREFIX_NAME, mbedtls_des_crypt_ecb)
-#define mbedtls_des_free \
- CONCAT(LIB_PREFIX_NAME, mbedtls_des_free)
-#define mbedtls_des_init \
- CONCAT(LIB_PREFIX_NAME, mbedtls_des_init)
-#define mbedtls_des_key_check_key_parity \
- CONCAT(LIB_PREFIX_NAME, mbedtls_des_key_check_key_parity)
-#define mbedtls_des_key_check_weak \
- CONCAT(LIB_PREFIX_NAME, mbedtls_des_key_check_weak)
-#define mbedtls_des_key_set_parity \
- CONCAT(LIB_PREFIX_NAME, mbedtls_des_key_set_parity)
-#define mbedtls_des_self_test \
- CONCAT(LIB_PREFIX_NAME, mbedtls_des_self_test)
-#define mbedtls_des_setkey \
- CONCAT(LIB_PREFIX_NAME, mbedtls_des_setkey)
-#define mbedtls_des_setkey_dec \
- CONCAT(LIB_PREFIX_NAME, mbedtls_des_setkey_dec)
-#define mbedtls_des_setkey_enc \
- CONCAT(LIB_PREFIX_NAME, mbedtls_des_setkey_enc)
-#define mbedtls_dhm_calc_secret \
- CONCAT(LIB_PREFIX_NAME, mbedtls_dhm_calc_secret)
-#define mbedtls_dhm_free \
- CONCAT(LIB_PREFIX_NAME, mbedtls_dhm_free)
-#define mbedtls_dhm_init \
- CONCAT(LIB_PREFIX_NAME, mbedtls_dhm_init)
-#define mbedtls_dhm_make_params \
- CONCAT(LIB_PREFIX_NAME, mbedtls_dhm_make_params)
-#define mbedtls_dhm_make_public \
- CONCAT(LIB_PREFIX_NAME, mbedtls_dhm_make_public)
-#define mbedtls_dhm_parse_dhm \
- CONCAT(LIB_PREFIX_NAME, mbedtls_dhm_parse_dhm)
-#define mbedtls_dhm_read_params \
- CONCAT(LIB_PREFIX_NAME, mbedtls_dhm_read_params)
-#define mbedtls_dhm_read_public \
- CONCAT(LIB_PREFIX_NAME, mbedtls_dhm_read_public)
-#define mbedtls_dhm_self_test \
- CONCAT(LIB_PREFIX_NAME, mbedtls_dhm_self_test)
-#define mbedtls_ecdh_calc_secret \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ecdh_calc_secret)
-#define mbedtls_ecdh_compute_shared \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ecdh_compute_shared)
-#define mbedtls_ecdh_free \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ecdh_free)
-#define mbedtls_ecdh_gen_public \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ecdh_gen_public)
-#define mbedtls_ecdh_get_params \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ecdh_get_params)
-#define mbedtls_ecdh_init \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ecdh_init)
-#define mbedtls_ecdh_make_params \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ecdh_make_params)
-#define mbedtls_ecdh_make_public \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ecdh_make_public)
-#define mbedtls_ecdh_read_params \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ecdh_read_params)
-#define mbedtls_ecdh_read_public \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ecdh_read_public)
-#define mbedtls_ecdsa_free \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ecdsa_free)
-#define mbedtls_ecdsa_from_keypair \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ecdsa_from_keypair)
-#define mbedtls_ecdsa_genkey \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ecdsa_genkey)
-#define mbedtls_ecdsa_info \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ecdsa_info)
-#define mbedtls_ecdsa_init \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ecdsa_init)
-#define mbedtls_ecdsa_read_signature \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ecdsa_read_signature)
-#define mbedtls_ecdsa_sign \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ecdsa_sign)
-#define mbedtls_ecdsa_sign_det \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ecdsa_sign_det)
-#define mbedtls_ecdsa_verify \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ecdsa_verify)
-#define mbedtls_ecdsa_write_signature \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ecdsa_write_signature)
-#define mbedtls_ecdsa_write_signature_det \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ecdsa_write_signature_det)
-#define mbedtls_eckeydh_info \
- CONCAT(LIB_PREFIX_NAME, mbedtls_eckeydh_info)
-#define mbedtls_eckey_info \
- CONCAT(LIB_PREFIX_NAME, mbedtls_eckey_info)
-#define mbedtls_ecp_check_privkey \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ecp_check_privkey)
-#define mbedtls_ecp_check_pubkey \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ecp_check_pubkey)
-#define mbedtls_ecp_check_pub_priv \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ecp_check_pub_priv)
-#define mbedtls_ecp_copy \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ecp_copy)
-#define mbedtls_ecp_curve_info_from_grp_id \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ecp_curve_info_from_grp_id)
-#define mbedtls_ecp_curve_info_from_name \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ecp_curve_info_from_name)
-#define mbedtls_ecp_curve_info_from_tls_id \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ecp_curve_info_from_tls_id)
-#define mbedtls_ecp_curve_list \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ecp_curve_list)
-#define mbedtls_ecp_gen_key \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ecp_gen_key)
-#define mbedtls_ecp_gen_keypair \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ecp_gen_keypair)
-#define mbedtls_ecp_gen_keypair_base \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ecp_gen_keypair_base)
-#define mbedtls_ecp_group_copy \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ecp_group_copy)
-#define mbedtls_ecp_group_free \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ecp_group_free)
-#define mbedtls_ecp_group_init \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ecp_group_init)
-#define mbedtls_ecp_group_load \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ecp_group_load)
-#define mbedtls_ecp_grp_id_list \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ecp_grp_id_list)
-#define mbedtls_ecp_is_zero \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ecp_is_zero)
-#define mbedtls_ecp_keypair_free \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ecp_keypair_free)
-#define mbedtls_ecp_keypair_init \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ecp_keypair_init)
-#define mbedtls_ecp_mul \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ecp_mul)
-#define mbedtls_ecp_muladd \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ecp_muladd)
-#define mbedtls_ecp_point_cmp \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ecp_point_cmp)
-#define mbedtls_ecp_point_free \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ecp_point_free)
-#define mbedtls_ecp_point_init \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ecp_point_init)
-#define mbedtls_ecp_point_read_binary \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ecp_point_read_binary)
-#define mbedtls_ecp_point_read_string \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ecp_point_read_string)
-#define mbedtls_ecp_point_write_binary \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ecp_point_write_binary)
-#define mbedtls_ecp_self_test \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ecp_self_test)
-#define mbedtls_ecp_set_zero \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ecp_set_zero)
-#define mbedtls_ecp_tls_read_group \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ecp_tls_read_group)
-#define mbedtls_ecp_tls_read_point \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ecp_tls_read_point)
-#define mbedtls_ecp_tls_write_group \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ecp_tls_write_group)
-#define mbedtls_ecp_tls_write_point \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ecp_tls_write_point)
-#define mbedtls_entropy_add_source \
- CONCAT(LIB_PREFIX_NAME, mbedtls_entropy_add_source)
-#define mbedtls_entropy_free \
- CONCAT(LIB_PREFIX_NAME, mbedtls_entropy_free)
-#define mbedtls_entropy_func \
- CONCAT(LIB_PREFIX_NAME, mbedtls_entropy_func)
-#define mbedtls_entropy_gather \
- CONCAT(LIB_PREFIX_NAME, mbedtls_entropy_gather)
-#define mbedtls_entropy_init \
- CONCAT(LIB_PREFIX_NAME, mbedtls_entropy_init)
-#define mbedtls_entropy_self_test \
- CONCAT(LIB_PREFIX_NAME, mbedtls_entropy_self_test)
-#define mbedtls_entropy_update_manual \
- CONCAT(LIB_PREFIX_NAME, mbedtls_entropy_update_manual)
-#define mbedtls_free \
- CONCAT(LIB_PREFIX_NAME, mbedtls_free)
-#define mbedtls_gcm_auth_decrypt \
- CONCAT(LIB_PREFIX_NAME, mbedtls_gcm_auth_decrypt)
-#define mbedtls_gcm_crypt_and_tag \
- CONCAT(LIB_PREFIX_NAME, mbedtls_gcm_crypt_and_tag)
-#define mbedtls_gcm_finish \
- CONCAT(LIB_PREFIX_NAME, mbedtls_gcm_finish)
-#define mbedtls_gcm_free \
- CONCAT(LIB_PREFIX_NAME, mbedtls_gcm_free)
-#define mbedtls_gcm_init \
- CONCAT(LIB_PREFIX_NAME, mbedtls_gcm_init)
-#define mbedtls_gcm_self_test \
- CONCAT(LIB_PREFIX_NAME, mbedtls_gcm_self_test)
-#define mbedtls_gcm_setkey \
- CONCAT(LIB_PREFIX_NAME, mbedtls_gcm_setkey)
-#define mbedtls_gcm_starts \
- CONCAT(LIB_PREFIX_NAME, mbedtls_gcm_starts)
-#define mbedtls_gcm_update \
- CONCAT(LIB_PREFIX_NAME, mbedtls_gcm_update)
-#define mbedtls_hmac_drbg_free \
- CONCAT(LIB_PREFIX_NAME, mbedtls_hmac_drbg_free)
-#define mbedtls_hmac_drbg_init \
- CONCAT(LIB_PREFIX_NAME, mbedtls_hmac_drbg_init)
-#define mbedtls_hmac_drbg_random \
- CONCAT(LIB_PREFIX_NAME, mbedtls_hmac_drbg_random)
-#define mbedtls_hmac_drbg_random_with_add \
- CONCAT(LIB_PREFIX_NAME, mbedtls_hmac_drbg_random_with_add)
-#define mbedtls_hmac_drbg_reseed \
- CONCAT(LIB_PREFIX_NAME, mbedtls_hmac_drbg_reseed)
-#define mbedtls_hmac_drbg_seed \
- CONCAT(LIB_PREFIX_NAME, mbedtls_hmac_drbg_seed)
-#define mbedtls_hmac_drbg_seed_buf \
- CONCAT(LIB_PREFIX_NAME, mbedtls_hmac_drbg_seed_buf)
-#define mbedtls_hmac_drbg_self_test \
- CONCAT(LIB_PREFIX_NAME, mbedtls_hmac_drbg_self_test)
-#define mbedtls_hmac_drbg_set_entropy_len \
- CONCAT(LIB_PREFIX_NAME, mbedtls_hmac_drbg_set_entropy_len)
-#define mbedtls_hmac_drbg_set_prediction_resistance \
- CONCAT(LIB_PREFIX_NAME, mbedtls_hmac_drbg_set_prediction_resistance)
-#define mbedtls_hmac_drbg_set_reseed_interval \
- CONCAT(LIB_PREFIX_NAME, mbedtls_hmac_drbg_set_reseed_interval)
-#define mbedtls_hmac_drbg_update \
- CONCAT(LIB_PREFIX_NAME, mbedtls_hmac_drbg_update)
-#define mbedtls_internal_aes_decrypt \
- CONCAT(LIB_PREFIX_NAME, mbedtls_internal_aes_decrypt)
-#define mbedtls_internal_aes_encrypt \
- CONCAT(LIB_PREFIX_NAME, mbedtls_internal_aes_encrypt)
-#define mbedtls_md \
- CONCAT(LIB_PREFIX_NAME, mbedtls_md)
-#define mbedtls_md5 \
- CONCAT(LIB_PREFIX_NAME, mbedtls_md5)
-#define mbedtls_md5_clone \
- CONCAT(LIB_PREFIX_NAME, mbedtls_md5_clone)
-#define mbedtls_md5_finish \
- CONCAT(LIB_PREFIX_NAME, mbedtls_md5_finish)
-#define mbedtls_md5_free \
- CONCAT(LIB_PREFIX_NAME, mbedtls_md5_free)
-#define mbedtls_md5_info \
- CONCAT(LIB_PREFIX_NAME, mbedtls_md5_info)
-#define mbedtls_md5_init \
- CONCAT(LIB_PREFIX_NAME, mbedtls_md5_init)
-#define mbedtls_md5_process \
- CONCAT(LIB_PREFIX_NAME, mbedtls_md5_process)
-#define mbedtls_md5_self_test \
- CONCAT(LIB_PREFIX_NAME, mbedtls_md5_self_test)
-#define mbedtls_md5_starts \
- CONCAT(LIB_PREFIX_NAME, mbedtls_md5_starts)
-#define mbedtls_md5_update \
- CONCAT(LIB_PREFIX_NAME, mbedtls_md5_update)
-#define mbedtls_md_clone \
- CONCAT(LIB_PREFIX_NAME, mbedtls_md_clone)
-#define mbedtls_md_finish \
- CONCAT(LIB_PREFIX_NAME, mbedtls_md_finish)
-#define mbedtls_md_free \
- CONCAT(LIB_PREFIX_NAME, mbedtls_md_free)
-#define mbedtls_md_get_name \
- CONCAT(LIB_PREFIX_NAME, mbedtls_md_get_name)
-#define mbedtls_md_get_size \
- CONCAT(LIB_PREFIX_NAME, mbedtls_md_get_size)
-#define mbedtls_md_get_type \
- CONCAT(LIB_PREFIX_NAME, mbedtls_md_get_type)
-#define mbedtls_md_hmac \
- CONCAT(LIB_PREFIX_NAME, mbedtls_md_hmac)
-#define mbedtls_md_hmac_finish \
- CONCAT(LIB_PREFIX_NAME, mbedtls_md_hmac_finish)
-#define mbedtls_md_hmac_reset \
- CONCAT(LIB_PREFIX_NAME, mbedtls_md_hmac_reset)
-#define mbedtls_md_hmac_starts \
- CONCAT(LIB_PREFIX_NAME, mbedtls_md_hmac_starts)
-#define mbedtls_md_hmac_update \
- CONCAT(LIB_PREFIX_NAME, mbedtls_md_hmac_update)
-#define mbedtls_md_info_from_string \
- CONCAT(LIB_PREFIX_NAME, mbedtls_md_info_from_string)
-#define mbedtls_md_info_from_type \
- CONCAT(LIB_PREFIX_NAME, mbedtls_md_info_from_type)
-#define mbedtls_md_init \
- CONCAT(LIB_PREFIX_NAME, mbedtls_md_init)
-#define mbedtls_md_init_ctx \
- CONCAT(LIB_PREFIX_NAME, mbedtls_md_init_ctx)
-#define mbedtls_md_list \
- CONCAT(LIB_PREFIX_NAME, mbedtls_md_list)
-#define mbedtls_md_process \
- CONCAT(LIB_PREFIX_NAME, mbedtls_md_process)
-#define mbedtls_md_setup \
- CONCAT(LIB_PREFIX_NAME, mbedtls_md_setup)
-#define mbedtls_md_starts \
- CONCAT(LIB_PREFIX_NAME, mbedtls_md_starts)
-#define mbedtls_md_update \
- CONCAT(LIB_PREFIX_NAME, mbedtls_md_update)
-#define mbedtls_memory_buffer_alloc_free \
- CONCAT(LIB_PREFIX_NAME, mbedtls_memory_buffer_alloc_free)
-#define mbedtls_memory_buffer_alloc_init \
- CONCAT(LIB_PREFIX_NAME, mbedtls_memory_buffer_alloc_init)
-#define mbedtls_memory_buffer_alloc_self_test \
- CONCAT(LIB_PREFIX_NAME, mbedtls_memory_buffer_alloc_self_test)
-#define mbedtls_memory_buffer_alloc_verify \
- CONCAT(LIB_PREFIX_NAME, mbedtls_memory_buffer_alloc_verify)
-#define mbedtls_memory_buffer_set_verify \
- CONCAT(LIB_PREFIX_NAME, mbedtls_memory_buffer_set_verify)
-#define mbedtls_mpi_add_abs \
- CONCAT(LIB_PREFIX_NAME, mbedtls_mpi_add_abs)
-#define mbedtls_mpi_add_int \
- CONCAT(LIB_PREFIX_NAME, mbedtls_mpi_add_int)
-#define mbedtls_mpi_add_mpi \
- CONCAT(LIB_PREFIX_NAME, mbedtls_mpi_add_mpi)
-#define mbedtls_mpi_bitlen \
- CONCAT(LIB_PREFIX_NAME, mbedtls_mpi_bitlen)
-#define mbedtls_mpi_cmp_abs \
- CONCAT(LIB_PREFIX_NAME, mbedtls_mpi_cmp_abs)
-#define mbedtls_mpi_cmp_int \
- CONCAT(LIB_PREFIX_NAME, mbedtls_mpi_cmp_int)
-#define mbedtls_mpi_cmp_mpi \
- CONCAT(LIB_PREFIX_NAME, mbedtls_mpi_cmp_mpi)
-#define mbedtls_mpi_copy \
- CONCAT(LIB_PREFIX_NAME, mbedtls_mpi_copy)
-#define mbedtls_mpi_div_int \
- CONCAT(LIB_PREFIX_NAME, mbedtls_mpi_div_int)
-#define mbedtls_mpi_div_mpi \
- CONCAT(LIB_PREFIX_NAME, mbedtls_mpi_div_mpi)
-#define mbedtls_mpi_exp_mod \
- CONCAT(LIB_PREFIX_NAME, mbedtls_mpi_exp_mod)
-#define mbedtls_mpi_fill_random \
- CONCAT(LIB_PREFIX_NAME, mbedtls_mpi_fill_random)
-#define mbedtls_mpi_free \
- CONCAT(LIB_PREFIX_NAME, mbedtls_mpi_free)
-#define mbedtls_mpi_gcd \
- CONCAT(LIB_PREFIX_NAME, mbedtls_mpi_gcd)
-#define mbedtls_mpi_gen_prime \
- CONCAT(LIB_PREFIX_NAME, mbedtls_mpi_gen_prime)
-#define mbedtls_mpi_get_bit \
- CONCAT(LIB_PREFIX_NAME, mbedtls_mpi_get_bit)
-#define mbedtls_mpi_grow \
- CONCAT(LIB_PREFIX_NAME, mbedtls_mpi_grow)
-#define mbedtls_mpi_init \
- CONCAT(LIB_PREFIX_NAME, mbedtls_mpi_init)
-#define mbedtls_mpi_inv_mod \
- CONCAT(LIB_PREFIX_NAME, mbedtls_mpi_inv_mod)
-#define mbedtls_mpi_is_prime \
- CONCAT(LIB_PREFIX_NAME, mbedtls_mpi_is_prime)
-#define mbedtls_mpi_lsb \
- CONCAT(LIB_PREFIX_NAME, mbedtls_mpi_lsb)
-#define mbedtls_mpi_lset \
- CONCAT(LIB_PREFIX_NAME, mbedtls_mpi_lset)
-#define mbedtls_mpi_mod_int \
- CONCAT(LIB_PREFIX_NAME, mbedtls_mpi_mod_int)
-#define mbedtls_mpi_mod_mpi \
- CONCAT(LIB_PREFIX_NAME, mbedtls_mpi_mod_mpi)
-#define mbedtls_mpi_mul_int \
- CONCAT(LIB_PREFIX_NAME, mbedtls_mpi_mul_int)
-#define mbedtls_mpi_mul_mpi \
- CONCAT(LIB_PREFIX_NAME, mbedtls_mpi_mul_mpi)
-#define mbedtls_mpi_read_binary \
- CONCAT(LIB_PREFIX_NAME, mbedtls_mpi_read_binary)
-#define mbedtls_mpi_read_string \
- CONCAT(LIB_PREFIX_NAME, mbedtls_mpi_read_string)
-#define mbedtls_mpi_safe_cond_assign \
- CONCAT(LIB_PREFIX_NAME, mbedtls_mpi_safe_cond_assign)
-#define mbedtls_mpi_safe_cond_swap \
- CONCAT(LIB_PREFIX_NAME, mbedtls_mpi_safe_cond_swap)
-#define mbedtls_mpi_self_test \
- CONCAT(LIB_PREFIX_NAME, mbedtls_mpi_self_test)
-#define mbedtls_mpi_set_bit \
- CONCAT(LIB_PREFIX_NAME, mbedtls_mpi_set_bit)
-#define mbedtls_mpi_shift_l \
- CONCAT(LIB_PREFIX_NAME, mbedtls_mpi_shift_l)
-#define mbedtls_mpi_shift_r \
- CONCAT(LIB_PREFIX_NAME, mbedtls_mpi_shift_r)
-#define mbedtls_mpi_shrink \
- CONCAT(LIB_PREFIX_NAME, mbedtls_mpi_shrink)
-#define mbedtls_mpi_size \
- CONCAT(LIB_PREFIX_NAME, mbedtls_mpi_size)
-#define mbedtls_mpi_sub_abs \
- CONCAT(LIB_PREFIX_NAME, mbedtls_mpi_sub_abs)
-#define mbedtls_mpi_sub_int \
- CONCAT(LIB_PREFIX_NAME, mbedtls_mpi_sub_int)
-#define mbedtls_mpi_sub_mpi \
- CONCAT(LIB_PREFIX_NAME, mbedtls_mpi_sub_mpi)
-#define mbedtls_mpi_swap \
- CONCAT(LIB_PREFIX_NAME, mbedtls_mpi_swap)
-#define mbedtls_mpi_write_binary \
- CONCAT(LIB_PREFIX_NAME, mbedtls_mpi_write_binary)
-#define mbedtls_mpi_write_string \
- CONCAT(LIB_PREFIX_NAME, mbedtls_mpi_write_string)
-#define mbedtls_oid_get_attr_short_name \
- CONCAT(LIB_PREFIX_NAME, mbedtls_oid_get_attr_short_name)
-#define mbedtls_oid_get_cipher_alg \
- CONCAT(LIB_PREFIX_NAME, mbedtls_oid_get_cipher_alg)
-#define mbedtls_oid_get_ec_grp \
- CONCAT(LIB_PREFIX_NAME, mbedtls_oid_get_ec_grp)
-#define mbedtls_oid_get_extended_key_usage \
- CONCAT(LIB_PREFIX_NAME, mbedtls_oid_get_extended_key_usage)
-#define mbedtls_oid_get_md_alg \
- CONCAT(LIB_PREFIX_NAME, mbedtls_oid_get_md_alg)
-#define mbedtls_oid_get_numeric_string \
- CONCAT(LIB_PREFIX_NAME, mbedtls_oid_get_numeric_string)
-#define mbedtls_oid_get_oid_by_ec_grp \
- CONCAT(LIB_PREFIX_NAME, mbedtls_oid_get_oid_by_ec_grp)
-#define mbedtls_oid_get_oid_by_md \
- CONCAT(LIB_PREFIX_NAME, mbedtls_oid_get_oid_by_md)
-#define mbedtls_oid_get_oid_by_pk_alg \
- CONCAT(LIB_PREFIX_NAME, mbedtls_oid_get_oid_by_pk_alg)
-#define mbedtls_oid_get_oid_by_sig_alg \
- CONCAT(LIB_PREFIX_NAME, mbedtls_oid_get_oid_by_sig_alg)
-#define mbedtls_oid_get_pk_alg \
- CONCAT(LIB_PREFIX_NAME, mbedtls_oid_get_pk_alg)
-#define mbedtls_oid_get_pkcs12_pbe_alg \
- CONCAT(LIB_PREFIX_NAME, mbedtls_oid_get_pkcs12_pbe_alg)
-#define mbedtls_oid_get_sig_alg \
- CONCAT(LIB_PREFIX_NAME, mbedtls_oid_get_sig_alg)
-#define mbedtls_oid_get_sig_alg_desc \
- CONCAT(LIB_PREFIX_NAME, mbedtls_oid_get_sig_alg_desc)
-#define mbedtls_oid_get_x509_ext_type \
- CONCAT(LIB_PREFIX_NAME, mbedtls_oid_get_x509_ext_type)
-#define mbedtls_pem_free \
- CONCAT(LIB_PREFIX_NAME, mbedtls_pem_free)
-#define mbedtls_pem_init \
- CONCAT(LIB_PREFIX_NAME, mbedtls_pem_init)
-#define mbedtls_pem_read_buffer \
- CONCAT(LIB_PREFIX_NAME, mbedtls_pem_read_buffer)
-#define mbedtls_pem_write_buffer \
- CONCAT(LIB_PREFIX_NAME, mbedtls_pem_write_buffer)
-#define mbedtls_pk_can_do \
- CONCAT(LIB_PREFIX_NAME, mbedtls_pk_can_do)
-#define mbedtls_pk_check_pair \
- CONCAT(LIB_PREFIX_NAME, mbedtls_pk_check_pair)
-#define mbedtls_pkcs12_derivation \
- CONCAT(LIB_PREFIX_NAME, mbedtls_pkcs12_derivation)
-#define mbedtls_pkcs12_pbe \
- CONCAT(LIB_PREFIX_NAME, mbedtls_pkcs12_pbe)
-#define mbedtls_pkcs12_pbe_sha1_rc4_128 \
- CONCAT(LIB_PREFIX_NAME, mbedtls_pkcs12_pbe_sha1_rc4_128)
-#define mbedtls_pkcs5_pbes2 \
- CONCAT(LIB_PREFIX_NAME, mbedtls_pkcs5_pbes2)
-#define mbedtls_pkcs5_pbkdf2_hmac \
- CONCAT(LIB_PREFIX_NAME, mbedtls_pkcs5_pbkdf2_hmac)
-#define mbedtls_pkcs5_self_test \
- CONCAT(LIB_PREFIX_NAME, mbedtls_pkcs5_self_test)
-#define mbedtls_pk_debug \
- CONCAT(LIB_PREFIX_NAME, mbedtls_pk_debug)
-#define mbedtls_pk_decrypt \
- CONCAT(LIB_PREFIX_NAME, mbedtls_pk_decrypt)
-#define mbedtls_pk_encrypt \
- CONCAT(LIB_PREFIX_NAME, mbedtls_pk_encrypt)
-#define mbedtls_pk_free \
- CONCAT(LIB_PREFIX_NAME, mbedtls_pk_free)
-#define mbedtls_pk_get_bitlen \
- CONCAT(LIB_PREFIX_NAME, mbedtls_pk_get_bitlen)
-#define mbedtls_pk_get_name \
- CONCAT(LIB_PREFIX_NAME, mbedtls_pk_get_name)
-#define mbedtls_pk_get_type \
- CONCAT(LIB_PREFIX_NAME, mbedtls_pk_get_type)
-#define mbedtls_pk_info_from_type \
- CONCAT(LIB_PREFIX_NAME, mbedtls_pk_info_from_type)
-#define mbedtls_pk_init \
- CONCAT(LIB_PREFIX_NAME, mbedtls_pk_init)
-#define mbedtls_pk_parse_key \
- CONCAT(LIB_PREFIX_NAME, mbedtls_pk_parse_key)
-#define mbedtls_pk_parse_public_key \
- CONCAT(LIB_PREFIX_NAME, mbedtls_pk_parse_public_key)
-#define mbedtls_pk_parse_subpubkey \
- CONCAT(LIB_PREFIX_NAME, mbedtls_pk_parse_subpubkey)
-#define mbedtls_pk_setup \
- CONCAT(LIB_PREFIX_NAME, mbedtls_pk_setup)
-#define mbedtls_pk_setup_rsa_alt \
- CONCAT(LIB_PREFIX_NAME, mbedtls_pk_setup_rsa_alt)
-#define mbedtls_pk_sign \
- CONCAT(LIB_PREFIX_NAME, mbedtls_pk_sign)
-#define mbedtls_pk_verify \
- CONCAT(LIB_PREFIX_NAME, mbedtls_pk_verify)
-#define mbedtls_pk_verify_ext \
- CONCAT(LIB_PREFIX_NAME, mbedtls_pk_verify_ext)
-#define mbedtls_pk_write_key_der \
- CONCAT(LIB_PREFIX_NAME, mbedtls_pk_write_key_der)
-#define mbedtls_pk_write_key_pem \
- CONCAT(LIB_PREFIX_NAME, mbedtls_pk_write_key_pem)
-#define mbedtls_pk_write_pubkey \
- CONCAT(LIB_PREFIX_NAME, mbedtls_pk_write_pubkey)
-#define mbedtls_pk_write_pubkey_der \
- CONCAT(LIB_PREFIX_NAME, mbedtls_pk_write_pubkey_der)
-#define mbedtls_pk_write_pubkey_pem \
- CONCAT(LIB_PREFIX_NAME, mbedtls_pk_write_pubkey_pem)
-#define mbedtls_platform_set_calloc_free \
- CONCAT(LIB_PREFIX_NAME, mbedtls_platform_set_calloc_free)
-#define mbedtls_platform_setup \
- CONCAT(LIB_PREFIX_NAME, mbedtls_platform_setup)
-#define mbedtls_platform_teardown \
- CONCAT(LIB_PREFIX_NAME, mbedtls_platform_teardown)
-#define mbedtls_ripemd160 \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ripemd160)
-#define mbedtls_ripemd160_clone \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ripemd160_clone)
-#define mbedtls_ripemd160_finish \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ripemd160_finish)
-#define mbedtls_ripemd160_free \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ripemd160_free)
-#define mbedtls_ripemd160_info \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ripemd160_info)
-#define mbedtls_ripemd160_init \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ripemd160_init)
-#define mbedtls_ripemd160_process \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ripemd160_process)
-#define mbedtls_ripemd160_self_test \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ripemd160_self_test)
-#define mbedtls_ripemd160_starts \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ripemd160_starts)
-#define mbedtls_ripemd160_update \
- CONCAT(LIB_PREFIX_NAME, mbedtls_ripemd160_update)
-#define mbedtls_rsa_alt_info \
- CONCAT(LIB_PREFIX_NAME, mbedtls_rsa_alt_info)
-#define mbedtls_rsa_check_privkey \
- CONCAT(LIB_PREFIX_NAME, mbedtls_rsa_check_privkey)
-#define mbedtls_rsa_check_pubkey \
- CONCAT(LIB_PREFIX_NAME, mbedtls_rsa_check_pubkey)
-#define mbedtls_rsa_check_pub_priv \
- CONCAT(LIB_PREFIX_NAME, mbedtls_rsa_check_pub_priv)
-#define mbedtls_rsa_copy \
- CONCAT(LIB_PREFIX_NAME, mbedtls_rsa_copy)
-#define mbedtls_rsa_free \
- CONCAT(LIB_PREFIX_NAME, mbedtls_rsa_free)
-#define mbedtls_rsa_gen_key \
- CONCAT(LIB_PREFIX_NAME, mbedtls_rsa_gen_key)
-#define mbedtls_rsa_info \
- CONCAT(LIB_PREFIX_NAME, mbedtls_rsa_info)
-#define mbedtls_rsa_init \
- CONCAT(LIB_PREFIX_NAME, mbedtls_rsa_init)
-#define mbedtls_rsa_pkcs1_decrypt \
- CONCAT(LIB_PREFIX_NAME, mbedtls_rsa_pkcs1_decrypt)
-#define mbedtls_rsa_pkcs1_encrypt \
- CONCAT(LIB_PREFIX_NAME, mbedtls_rsa_pkcs1_encrypt)
-#define mbedtls_rsa_pkcs1_sign \
- CONCAT(LIB_PREFIX_NAME, mbedtls_rsa_pkcs1_sign)
-#define mbedtls_rsa_pkcs1_verify \
- CONCAT(LIB_PREFIX_NAME, mbedtls_rsa_pkcs1_verify)
-#define mbedtls_rsa_private \
- CONCAT(LIB_PREFIX_NAME, mbedtls_rsa_private)
-#define mbedtls_rsa_public \
- CONCAT(LIB_PREFIX_NAME, mbedtls_rsa_public)
-#define mbedtls_rsa_rsaes_oaep_decrypt \
- CONCAT(LIB_PREFIX_NAME, mbedtls_rsa_rsaes_oaep_decrypt)
-#define mbedtls_rsa_rsaes_oaep_encrypt \
- CONCAT(LIB_PREFIX_NAME, mbedtls_rsa_rsaes_oaep_encrypt)
-#define mbedtls_rsa_rsaes_pkcs1_v15_decrypt \
- CONCAT(LIB_PREFIX_NAME, mbedtls_rsa_rsaes_pkcs1_v15_decrypt)
-#define mbedtls_rsa_rsaes_pkcs1_v15_encrypt \
- CONCAT(LIB_PREFIX_NAME, mbedtls_rsa_rsaes_pkcs1_v15_encrypt)
-#define mbedtls_rsa_rsassa_pkcs1_v15_sign \
- CONCAT(LIB_PREFIX_NAME, mbedtls_rsa_rsassa_pkcs1_v15_sign)
-#define mbedtls_rsa_rsassa_pkcs1_v15_verify \
- CONCAT(LIB_PREFIX_NAME, mbedtls_rsa_rsassa_pkcs1_v15_verify)
-#define mbedtls_rsa_rsassa_pss_sign \
- CONCAT(LIB_PREFIX_NAME, mbedtls_rsa_rsassa_pss_sign)
-#define mbedtls_rsa_rsassa_pss_verify \
- CONCAT(LIB_PREFIX_NAME, mbedtls_rsa_rsassa_pss_verify)
-#define mbedtls_rsa_rsassa_pss_verify_ext \
- CONCAT(LIB_PREFIX_NAME, mbedtls_rsa_rsassa_pss_verify_ext)
-#define mbedtls_rsa_self_test \
- CONCAT(LIB_PREFIX_NAME, mbedtls_rsa_self_test)
-#define mbedtls_rsa_set_padding \
- CONCAT(LIB_PREFIX_NAME, mbedtls_rsa_set_padding)
-#define mbedtls_sha1 \
- CONCAT(LIB_PREFIX_NAME, mbedtls_sha1)
-#define mbedtls_sha1_clone \
- CONCAT(LIB_PREFIX_NAME, mbedtls_sha1_clone)
-#define mbedtls_sha1_finish \
- CONCAT(LIB_PREFIX_NAME, mbedtls_sha1_finish)
-#define mbedtls_sha1_free \
- CONCAT(LIB_PREFIX_NAME, mbedtls_sha1_free)
-#define mbedtls_sha1_info \
- CONCAT(LIB_PREFIX_NAME, mbedtls_sha1_info)
-#define mbedtls_sha1_init \
- CONCAT(LIB_PREFIX_NAME, mbedtls_sha1_init)
-#define mbedtls_sha1_process \
- CONCAT(LIB_PREFIX_NAME, mbedtls_sha1_process)
-#define mbedtls_sha1_self_test \
- CONCAT(LIB_PREFIX_NAME, mbedtls_sha1_self_test)
-#define mbedtls_sha1_starts \
- CONCAT(LIB_PREFIX_NAME, mbedtls_sha1_starts)
-#define mbedtls_sha1_update \
- CONCAT(LIB_PREFIX_NAME, mbedtls_sha1_update)
-#define mbedtls_sha224_info \
- CONCAT(LIB_PREFIX_NAME, mbedtls_sha224_info)
-#define mbedtls_sha256 \
- CONCAT(LIB_PREFIX_NAME, mbedtls_sha256)
-#define mbedtls_sha256_clone \
- CONCAT(LIB_PREFIX_NAME, mbedtls_sha256_clone)
-#define mbedtls_sha256_finish \
- CONCAT(LIB_PREFIX_NAME, mbedtls_sha256_finish)
-#define mbedtls_sha256_free \
- CONCAT(LIB_PREFIX_NAME, mbedtls_sha256_free)
-#define mbedtls_sha256_info \
- CONCAT(LIB_PREFIX_NAME, mbedtls_sha256_info)
-#define mbedtls_sha256_init \
- CONCAT(LIB_PREFIX_NAME, mbedtls_sha256_init)
-#define mbedtls_sha256_process \
- CONCAT(LIB_PREFIX_NAME, mbedtls_sha256_process)
-#define mbedtls_sha256_self_test \
- CONCAT(LIB_PREFIX_NAME, mbedtls_sha256_self_test)
-#define mbedtls_sha256_starts \
- CONCAT(LIB_PREFIX_NAME, mbedtls_sha256_starts)
-#define mbedtls_sha256_update \
- CONCAT(LIB_PREFIX_NAME, mbedtls_sha256_update)
-#define mbedtls_sha384_info \
- CONCAT(LIB_PREFIX_NAME, mbedtls_sha384_info)
-#define mbedtls_sha512 \
- CONCAT(LIB_PREFIX_NAME, mbedtls_sha512)
-#define mbedtls_sha512_clone \
- CONCAT(LIB_PREFIX_NAME, mbedtls_sha512_clone)
-#define mbedtls_sha512_finish \
- CONCAT(LIB_PREFIX_NAME, mbedtls_sha512_finish)
-#define mbedtls_sha512_free \
- CONCAT(LIB_PREFIX_NAME, mbedtls_sha512_free)
-#define mbedtls_sha512_info \
- CONCAT(LIB_PREFIX_NAME, mbedtls_sha512_info)
-#define mbedtls_sha512_init \
- CONCAT(LIB_PREFIX_NAME, mbedtls_sha512_init)
-#define mbedtls_sha512_process \
- CONCAT(LIB_PREFIX_NAME, mbedtls_sha512_process)
-#define mbedtls_sha512_self_test \
- CONCAT(LIB_PREFIX_NAME, mbedtls_sha512_self_test)
-#define mbedtls_sha512_starts \
- CONCAT(LIB_PREFIX_NAME, mbedtls_sha512_starts)
-#define mbedtls_sha512_update \
- CONCAT(LIB_PREFIX_NAME, mbedtls_sha512_update)
-#define mbedtls_strerror \
- CONCAT(LIB_PREFIX_NAME, mbedtls_strerror)
-#define mbedtls_version_check_feature \
- CONCAT(LIB_PREFIX_NAME, mbedtls_version_check_feature)
-#define mbedtls_version_get_number \
- CONCAT(LIB_PREFIX_NAME, mbedtls_version_get_number)
-#define mbedtls_version_get_string \
- CONCAT(LIB_PREFIX_NAME, mbedtls_version_get_string)
-#define mbedtls_version_get_string_full \
- CONCAT(LIB_PREFIX_NAME, mbedtls_version_get_string_full)
-#define mbedtls_xtea_crypt_cbc \
- CONCAT(LIB_PREFIX_NAME, mbedtls_xtea_crypt_cbc)
-#define mbedtls_xtea_crypt_ecb \
- CONCAT(LIB_PREFIX_NAME, mbedtls_xtea_crypt_ecb)
-#define mbedtls_xtea_free \
- CONCAT(LIB_PREFIX_NAME, mbedtls_xtea_free)
-#define mbedtls_xtea_init \
- CONCAT(LIB_PREFIX_NAME, mbedtls_xtea_init)
-#define mbedtls_xtea_self_test \
- CONCAT(LIB_PREFIX_NAME, mbedtls_xtea_self_test)
-#define mbedtls_xtea_setup \
- CONCAT(LIB_PREFIX_NAME, mbedtls_xtea_setup)
-
-#endif /* __MBEDTLS_GLOBAL_SYMBOLS_H__ */
diff --git a/secure_fw/services/secure_storage/crypto/sst_crypto_interface.c b/secure_fw/services/secure_storage/crypto/sst_crypto_interface.c
index 231a82e..44c8125 100644
--- a/secure_fw/services/secure_storage/crypto/sst_crypto_interface.c
+++ b/secure_fw/services/secure_storage/crypto/sst_crypto_interface.c
@@ -6,51 +6,32 @@
*/
#include "sst_crypto_interface.h"
+
+#include <stdbool.h>
+
+#include "platform/include/tfm_plat_crypto_keys.h"
+#include "psa_crypto.h"
#include "secure_fw/services/secure_storage/sst_utils.h"
-/* Pre include Mbed TLS headers */
-#define LIB_PREFIX_NAME __tfm_storage__
-#include "mbedtls_global_symbols.h"
-
-/* Include the Mbed TLS configuration file, the way Mbed TLS does it
- * in each of its header files.
- */
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "platform/ext/common/tfm_mbedtls_config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include "mbedtls/gcm.h"
-#include "mbedtls/memory_buffer_alloc.h"
-#include "platform/include/tfm_plat_crypto_keys.h"
-
-/* FIXME: most of this implementation will be replaced by crypto service API
- * calls
+/* FIXME: HUK management should be part of Crypto service, with keys hidden from
+ * SST.
*/
-#define SST_MBEDTLS_MEM_BUF_LEN 512
+/* The PSA key type used by this implementation */
+#define SST_KEY_TYPE PSA_KEY_TYPE_AES
+/* The PSA key usage required by this implementation */
+#define SST_KEY_USAGE (PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT)
+/* The PSA algorithm used by this implementation */
+#define SST_CRYPTO_ALG \
+ PSA_ALG_AEAD_WITH_TAG_LENGTH(PSA_ALG_GCM, SST_TAG_LEN_BYTES)
-static mbedtls_gcm_context sst_crypto_gcm_ctx = { { 0 } };
+static psa_key_handle_t sst_key_handle;
static uint8_t sst_crypto_iv_buf[SST_IV_LEN_BYTES];
-/* Static buffer to be used by mbedtls for memory allocation */
-static uint8_t mbedtls_mem_buf[SST_MBEDTLS_MEM_BUF_LEN];
-
psa_ps_status_t sst_crypto_init(void)
{
- mbedtls_gcm_free(&sst_crypto_gcm_ctx);
-
- /* Initialise the mbedtls static memory allocator so that mbedtls allocates
- * memory from the provided static buffer instead of from the heap.
- */
- mbedtls_memory_buffer_alloc_init(mbedtls_mem_buf, SST_MBEDTLS_MEM_BUF_LEN);
-
- mbedtls_gcm_init(&sst_crypto_gcm_ctx);
-
- /* Currently returns SUCCESS as the mbedtls functions called
- * are void. When integrated with crypto engine or service
- * a return value may be required.
+ /* Currently, no initialisation is required. This may change if key
+ * handling is changed.
*/
return PSA_PS_SUCCESS;
}
@@ -77,11 +58,36 @@
psa_ps_status_t sst_crypto_setkey(uint32_t key_len, const uint8_t *key)
{
- int32_t err;
+ psa_status_t status;
+ psa_key_policy_t key_policy = PSA_KEY_POLICY_INIT;
+ static bool key_is_allocated = false;
- err = mbedtls_gcm_setkey(&sst_crypto_gcm_ctx, MBEDTLS_CIPHER_ID_AES,
- key, key_len*8);
- if (err != 0) {
+ /* Destroy the previous key if it exists */
+ if (key_is_allocated) {
+ status = psa_destroy_key(sst_key_handle);
+ if (status != PSA_SUCCESS) {
+ return PSA_PS_ERROR_OPERATION_FAILED;
+ }
+ key_is_allocated = false;
+ }
+
+ /* Allocate a transient key handle for SST */
+ status = psa_allocate_key(&sst_key_handle);
+ if (status != PSA_SUCCESS) {
+ return PSA_PS_ERROR_OPERATION_FAILED;
+ }
+
+ key_is_allocated = true;
+
+ /* Set the key policy */
+ psa_key_policy_set_usage(&key_policy, SST_KEY_USAGE, SST_CRYPTO_ALG);
+ status = psa_set_key_policy(sst_key_handle, &key_policy);
+ if (status != PSA_SUCCESS) {
+ return PSA_PS_ERROR_OPERATION_FAILED;
+ }
+
+ status = psa_import_key(sst_key_handle, SST_KEY_TYPE, key, key_len);
+ if (status != PSA_SUCCESS) {
return PSA_PS_ERROR_OPERATION_FAILED;
}
@@ -137,38 +143,52 @@
psa_ps_status_t sst_crypto_encrypt_and_tag(union sst_crypto_t *crypto,
const uint8_t *add,
- uint32_t add_len,
+ size_t add_len,
const uint8_t *in,
- uint32_t len,
- uint8_t *out)
+ size_t in_len,
+ uint8_t *out,
+ size_t out_size,
+ size_t *out_len)
{
- int32_t err;
+ psa_status_t status;
- err = mbedtls_gcm_crypt_and_tag(&sst_crypto_gcm_ctx, MBEDTLS_GCM_ENCRYPT,
- len, crypto->ref.iv, SST_IV_LEN_BYTES, add,
- add_len, in, out, SST_TAG_LEN_BYTES,
- crypto->ref.tag);
- if (err != 0) {
+ status = psa_aead_encrypt(sst_key_handle, SST_CRYPTO_ALG,
+ crypto->ref.iv, SST_IV_LEN_BYTES,
+ add, add_len,
+ in, in_len,
+ out, out_size, out_len);
+ if (status != PSA_SUCCESS) {
return PSA_PS_ERROR_OPERATION_FAILED;
}
+ /* Copy the tag out of the output buffer */
+ *out_len -= SST_TAG_LEN_BYTES;
+ sst_utils_memcpy(crypto->ref.tag, (out + *out_len), SST_TAG_LEN_BYTES);
+
return PSA_PS_SUCCESS;
}
psa_ps_status_t sst_crypto_auth_and_decrypt(const union sst_crypto_t *crypto,
const uint8_t *add,
- uint32_t add_len,
- const uint8_t *in,
- uint32_t len,
- uint8_t *out)
+ size_t add_len,
+ uint8_t *in,
+ size_t in_len,
+ uint8_t *out,
+ size_t out_size,
+ size_t *out_len)
{
- int32_t err;
+ psa_status_t status;
- err = mbedtls_gcm_auth_decrypt(&sst_crypto_gcm_ctx, len, crypto->ref.iv,
- SST_IV_LEN_BYTES, add, add_len,
- crypto->ref.tag, SST_TAG_LEN_BYTES,
- in, out);
- if (err != 0) {
+ /* Copy the tag into the input buffer */
+ sst_utils_memcpy((in + in_len), crypto->ref.tag, SST_TAG_LEN_BYTES);
+ in_len += SST_TAG_LEN_BYTES;
+
+ status = psa_aead_decrypt(sst_key_handle, SST_CRYPTO_ALG,
+ crypto->ref.iv, SST_IV_LEN_BYTES,
+ add, add_len,
+ in, in_len,
+ out, out_size, out_len);
+ if (status != PSA_SUCCESS) {
return PSA_PS_ERROR_AUTH_FAILED;
}
@@ -179,18 +199,36 @@
const uint8_t *add,
uint32_t add_len)
{
- psa_ps_status_t ret;
+ psa_status_t status;
+ size_t out_len;
- ret = sst_crypto_encrypt_and_tag(crypto, add, add_len, 0, 0, 0);
- return ret;
+ status = psa_aead_encrypt(sst_key_handle, SST_CRYPTO_ALG,
+ crypto->ref.iv, SST_IV_LEN_BYTES,
+ add, add_len,
+ 0, 0,
+ crypto->ref.tag, SST_TAG_LEN_BYTES, &out_len);
+ if (status != PSA_SUCCESS || out_len != SST_TAG_LEN_BYTES) {
+ return PSA_PS_ERROR_OPERATION_FAILED;
+ }
+
+ return PSA_PS_SUCCESS;
}
psa_ps_status_t sst_crypto_authenticate(const union sst_crypto_t *crypto,
const uint8_t *add,
uint32_t add_len)
{
- uint32_t ret;
+ psa_status_t status;
+ size_t out_len;
- ret = sst_crypto_auth_and_decrypt(crypto, add, add_len, 0, 0, 0);
- return ret;
+ status = psa_aead_decrypt(sst_key_handle, SST_CRYPTO_ALG,
+ crypto->ref.iv, SST_IV_LEN_BYTES,
+ add, add_len,
+ crypto->ref.tag, SST_TAG_LEN_BYTES,
+ 0, 0, &out_len);
+ if (status != PSA_SUCCESS || out_len != 0) {
+ return PSA_PS_ERROR_AUTH_FAILED;
+ }
+
+ return PSA_PS_SUCCESS;
}
diff --git a/secure_fw/services/secure_storage/crypto/sst_crypto_interface.h b/secure_fw/services/secure_storage/crypto/sst_crypto_interface.h
index ae0aa15..546aab2 100644
--- a/secure_fw/services/secure_storage/crypto/sst_crypto_interface.h
+++ b/secure_fw/services/secure_storage/crypto/sst_crypto_interface.h
@@ -8,19 +8,19 @@
#ifndef __SST_CRYPTO_INTERFACE_H__
#define __SST_CRYPTO_INTERFACE_H__
+#include <stddef.h>
+#include <stdint.h>
+
+#include "psa_protected_storage.h"
+
#ifdef __cplusplus
extern "C" {
#endif
-#include <stdint.h>
-#include "psa_protected_storage.h"
-
-#define SST_KEY_LEN_BITS 128
+#define SST_KEY_LEN_BYTES 16
#define SST_TAG_LEN_BYTES 16
#define SST_IV_LEN_BYTES 12
-#define SST_KEY_LEN_BYTES 16
-
/* Union containing crypto policy implementations. The ref member provides the
* reference implementation. Further members can be added to the union to
* provide alternative implementations.
@@ -40,19 +40,19 @@
psa_ps_status_t sst_crypto_init(void);
/**
- * \brief Gets a key for specific client id
+ * \brief Gets a key for specific client id.
*
- * \param[in] key_len Key len
- * \param[out] key Cryptographic key
+ * \param[in] key_len Key length
+ * \param[out] key Output buffer for the key
*
* \return Returns values as described in \ref psa_ps_status_t
*/
psa_ps_status_t sst_crypto_getkey(uint32_t key_len, uint8_t *key);
/**
- * \brief Sets key for crypto operations
+ * \brief Sets the key to use for crypto operations.
*
- * \param[in] key_len Key len
+ * \param[in] key_len Key length
* \param[in] key Cryptographic key
*
* \return Returns values as described in \ref psa_ps_status_t
@@ -60,49 +60,57 @@
psa_ps_status_t sst_crypto_setkey(uint32_t key_len, const uint8_t *key);
/**
- * \brief Encrypts and tag the given plain text data.
+ * \brief Encrypts and tags the given plaintext data.
*
- * \param[in,out] crypto Pointer to the crypto union
- * \param[in] add Starting address of the associated data
- * \param[in] add_len Length of the associated data
- * \param[in] in Pointer to the input data
- * \param[in] len Input and output buffer lengths
- * \param[out] out Buffer pointer to store the encrypted data
+ * \param[in,out] crypto Pointer to the crypto union
+ * \param[in] add Pointer to the associated data
+ * \param[in] add_len Length of the associated data
+ * \param[in] in Pointer to the input data
+ * \param[in] in_len Length of the input data
+ * \param[out] out Pointer to the output buffer for encrypted data
+ * \param[in] out_size Size of the output buffer
+ * \param[out] out_len On success, the length of the output data
*
* \return Returns values as described in \ref psa_ps_status_t
*/
psa_ps_status_t sst_crypto_encrypt_and_tag(union sst_crypto_t *crypto,
const uint8_t *add,
- uint32_t add_len,
+ size_t add_len,
const uint8_t *in,
- uint32_t len,
- uint8_t *out);
+ size_t in_len,
+ uint8_t *out,
+ size_t out_size,
+ size_t *out_len);
/**
- * \brief Decrypts and checks the given encrypted data.
+ * \brief Decrypts and authenticates the given encrypted data.
*
- * \param[in] crypto Pointer to the crypto union
- * \param[in] add Starting address of the associated data
- * \param[in] add_len Length of the associated data
- * \param[in] in Pointer to the input data
- * \param[in] len Input and output buffer lengths
- * \param[out] out Buffer pointer to store the encrypted data
+ * \param[in] crypto Pointer to the crypto union
+ * \param[in] add Pointer to the associated data
+ * \param[in] add_len Length of the associated data
+ * \param[in] in Pointer to the input data
+ * \param[in] in_len Length of the input data
+ * \param[out] out Pointer to the output buffer for decrypted data
+ * \param[in] out_size Size of the output buffer
+ * \param[out] out_len On success, the length of the output data
*
* \return Returns values as described in \ref psa_ps_status_t
*/
psa_ps_status_t sst_crypto_auth_and_decrypt(const union sst_crypto_t *crypto,
const uint8_t *add,
- uint32_t add_len,
- const uint8_t *in,
- uint32_t len,
- uint8_t *out);
+ size_t add_len,
+ uint8_t *in,
+ size_t in_len,
+ uint8_t *out,
+ size_t out_size,
+ size_t *out_len);
/**
- * \brief Generates authentication MAC value for give data
+ * \brief Generates authentication tag for given data.
*
* \param[in,out] crypto Pointer to the crypto union
- * \param[in] add Starting address of the data to authenticate
- * \param[in] add_len Length of data to authenticate
+ * \param[in] add Pointer to the data to authenticate
+ * \param[in] add_len Length of the data to authenticate
*
* \return Returns values as described in \ref psa_ps_status_t
*/
@@ -111,11 +119,11 @@
uint32_t add_len);
/**
- * \brief Authenticate give data against the tag
+ * \brief Authenticate given data against the tag.
*
* \param[in] crypto Pointer to the crypto union
- * \param[in] add Starting address of the data to authenticate
- * \param[in] add_len Length of data to authenticate
+ * \param[in] add Pointer to the data to authenticate
+ * \param[in] add_len Length of the data to authenticate
*
* \return Returns values as described in \ref psa_ps_status_t
*/
@@ -124,14 +132,14 @@
uint32_t add_len);
/**
- * \brief Provides current IV value to crypto layer
+ * \brief Provides current IV value to crypto layer.
*
* \param[in] crypto Pointer to the crypto union
*/
void sst_crypto_set_iv(const union sst_crypto_t *crypto);
/**
- * \brief Gets a new IV value into the buffer
+ * \brief Gets a new IV value into the crypto union.
*
* \param[out] crypto Pointer to the crypto union
*/
diff --git a/secure_fw/services/secure_storage/sst_encrypted_object.c b/secure_fw/services/secure_storage/sst_encrypted_object.c
index 4d98ed8..8738970 100644
--- a/secure_fw/services/secure_storage/sst_encrypted_object.c
+++ b/secure_fw/services/secure_storage/sst_encrypted_object.c
@@ -27,7 +27,12 @@
#define SST_MAX_ENCRYPTED_OBJ_SIZE GET_ALIGNED_FLASH_BYTES( \
SST_ENCRYPT_SIZE(SST_MAX_OBJECT_DATA_SIZE))
-static uint8_t sst_crypto_buf[SST_MAX_ENCRYPTED_OBJ_SIZE];
+/* FIXME: add the tag length to the crypto buffer size to account for the tag
+ * being appended to the ciphertext by the crypto layer.
+ */
+#define SST_CRYPTO_BUF_LEN (SST_MAX_ENCRYPTED_OBJ_SIZE + SST_TAG_LEN_BYTES)
+
+static uint8_t sst_crypto_buf[SST_CRYPTO_BUF_LEN];
/**
* \brief Gets the encryption key and sets it as the key to be used for
@@ -76,12 +81,15 @@
{
psa_ps_status_t err;
uint8_t *p_obj_data = (uint8_t *)&obj->header.info;
+ size_t out_len;
err = sst_object_set_encryption_key();
if (err != PSA_PS_SUCCESS) {
return err;
}
+ sst_utils_memcpy(sst_crypto_buf, p_obj_data, cur_size);
+
/* Use File ID as a part of the associated data to authenticate
* the object in the FS. The tag will be stored in the object table and
* not as a part of the object's data stored in the FS.
@@ -90,19 +98,15 @@
err = sst_crypto_auth_and_decrypt(&obj->header.crypto,
(const uint8_t *)&fid,
sizeof(fid),
- p_obj_data,
+ sst_crypto_buf,
cur_size,
- sst_crypto_buf);
- if (err != PSA_PS_SUCCESS) {
+ p_obj_data,
+ sizeof(*obj) - sizeof(obj->header.crypto),
+ &out_len);
+ if (err != PSA_PS_SUCCESS || out_len != cur_size) {
return err;
}
- sst_utils_memcpy(p_obj_data, sst_crypto_buf, cur_size);
-
- /* Clear the plaintext buffer from previous data */
- sst_utils_memset(sst_crypto_buf, SST_CRYPTO_CLEAR_BUF_VALUE,
- sizeof(sst_crypto_buf));
-
return PSA_PS_SUCCESS;
}
@@ -123,6 +127,7 @@
{
psa_ps_status_t err;
uint8_t *p_obj_data = (uint8_t *)&obj->header.info;
+ size_t out_len;
err = sst_object_set_encryption_key();
if (err != PSA_PS_SUCCESS) {
@@ -143,8 +148,10 @@
sizeof(fid),
p_obj_data,
cur_size,
- sst_crypto_buf);
- if (err != PSA_PS_SUCCESS) {
+ sst_crypto_buf,
+ sizeof(sst_crypto_buf),
+ &out_len);
+ if (err != PSA_PS_SUCCESS || out_len != cur_size) {
return err;
}
diff --git a/secure_fw/services/secure_storage/tfm_sst_req_mngr.c b/secure_fw/services/secure_storage/tfm_sst_req_mngr.c
index 8c7e577..b9d2a3e 100644
--- a/secure_fw/services/secure_storage/tfm_sst_req_mngr.c
+++ b/secure_fw/services/secure_storage/tfm_sst_req_mngr.c
@@ -7,6 +7,8 @@
#include "tfm_sst_req_mngr.h"
+#include <stdbool.h>
+
#include "secure_fw/core/tfm_secure_api.h"
#include "tfm_api.h"
#include "tfm_protected_storage.h"
@@ -17,6 +19,32 @@
#include "flash_layout.h"
#endif
+/*
+ * \brief Indicates whether SST has been initialised.
+ */
+static bool sst_is_init = false;
+
+/*
+ * \brief Initialises SST, if not already initialised.
+ *
+ * \note In library mode, initialisation is delayed until the first secure
+ * function call, as calls to the Crypto service are required for
+ * initialisation.
+ *
+ * \return PSA_SUCCESS if SST is initialised, PSA_CONNECTION_REFUSED otherwise.
+ */
+static psa_status_t sst_check_init(void)
+{
+ if (!sst_is_init) {
+ if (tfm_sst_init() != PSA_PS_SUCCESS) {
+ return PSA_CONNECTION_REFUSED;
+ }
+ sst_is_init = true;
+ }
+
+ return PSA_SUCCESS;
+}
+
psa_status_t tfm_sst_set_req(struct psa_invec *in_vec, size_t in_len,
struct psa_outvec *out_vec, size_t out_len)
{
@@ -28,6 +56,10 @@
psa_ps_create_flags_t create_flags;
psa_ps_status_t *err;
+ if (sst_check_init() != PSA_SUCCESS) {
+ return PSA_CONNECTION_REFUSED;
+ }
+
if ((in_len != 3) || (out_len != 1)) {
/* The number of arguments are incorrect */
return PSA_CONNECTION_REFUSED;
@@ -79,6 +111,10 @@
enum tfm_status_e status;
psa_ps_status_t *err;
+ if (sst_check_init() != PSA_SUCCESS) {
+ return PSA_CONNECTION_REFUSED;
+ }
+
if ((in_len != 2) || (out_len != 2)) {
/* The number of arguments are incorrect */
return PSA_CONNECTION_REFUSED;
@@ -129,6 +165,10 @@
enum tfm_status_e status;
psa_ps_status_t *err;
+ if (sst_check_init() != PSA_SUCCESS) {
+ return PSA_CONNECTION_REFUSED;
+ }
+
if ((in_len != 1) || (out_len != 2)) {
/* The number of arguments are incorrect */
return PSA_CONNECTION_REFUSED;
@@ -174,6 +214,10 @@
enum tfm_status_e status;
psa_ps_status_t *err;
+ if (sst_check_init() != PSA_SUCCESS) {
+ return PSA_CONNECTION_REFUSED;
+ }
+
if ((in_len != 1) || (out_len != 1)) {
/* The number of arguments are incorrect */
return PSA_CONNECTION_REFUSED;
@@ -209,6 +253,10 @@
{
uint32_t *support_flags;
+ if (sst_check_init() != PSA_SUCCESS) {
+ return PSA_CONNECTION_REFUSED;
+ }
+
if ((in_len != 0) || (out_len != 1)) {
/* The number of arguments are incorrect */
return PSA_CONNECTION_REFUSED;
@@ -424,17 +472,14 @@
psa_ps_status_t tfm_sst_req_mngr_init(void)
{
- psa_ps_status_t err;
#ifdef TFM_PSA_API
psa_signal_t signals = 0;
-#endif
- err = tfm_sst_init();
- if (err != PSA_PS_SUCCESS) {
- return err;
+ if (tfm_sst_init() != PSA_PS_SUCCESS) {
+ tfm_abort();
}
+ sst_is_init = true;
-#ifdef TFM_PSA_API
while (1) {
signals = psa_wait(PSA_WAIT_ANY, PSA_BLOCK);
if (signals & TFM_SST_SET_SIG) {
@@ -452,5 +497,9 @@
}
}
#endif
- return err;
+ /* In library mode, initialisation is delayed until the first secure
+ * function call, as calls to the Crypto service are required for
+ * initialisation.
+ */
+ return PSA_PS_SUCCESS;
}