commit dadb4e86a3659a80e0f339dd46027316caf72176
author Jamie Fox <jamie.fox@arm.com> Tue Sep 03 17:59:41 2019 +0100
committer Jamie Fox <jamie.fox@arm.com> Tue Nov 05 14:49:13 2019 +0000
tree 623ac3a20e63b88bc34f9935c0126f89ec6ec603
parent 104f7507d76ec84c912994264e8eaab50b0e967c

Crypto: Add support for key APIs for HUK

Adds support for the psa_open_key and psa_close_key APIs only when the
key identifier corresponds to the HUK. Also makes it possible to derive
another key from the HUK by calling the PSA key derivation functions
with the HUK key handle as the input key.

Change-Id: I6992daaca76b87412b334a852383b2221a5181a9
Signed-off-by: Jamie Fox <jamie.fox@arm.com>

interface/include/tfm_crypto_defs.h

diff --git a/interface/include/tfm_crypto_defs.h b/interface/include/tfm_crypto_defs.h
index 91af175..5a380c6 100644
--- a/interface/include/tfm_crypto_defs.h
+++ b/interface/include/tfm_crypto_defs.h
@@ -59,6 +59,8 @@
  */
 enum {
     TFM_CRYPTO_ALLOCATE_KEY_SID = (0u),
+    TFM_CRYPTO_OPEN_KEY_SID,
+    TFM_CRYPTO_CLOSE_KEY_SID,
     TFM_CRYPTO_IMPORT_KEY_SID,
     TFM_CRYPTO_DESTROY_KEY_SID,
     TFM_CRYPTO_GET_KEY_INFORMATION_SID,
@@ -117,6 +119,19 @@
 #define TFM_CRYPTO_INVALID_HANDLE (0x0u)
 
 /**
+ * \brief The persistent key identifier that refers to the hardware unique key.
+ *
+ */
+#define TFM_CRYPTO_KEY_ID_HUK (0xFFFF815Bu)
+
+/**
+ * \brief The algorithm identifier that refers to key derivation from the
+ *        hardware unique key.
+ *
+ */
+#define TFM_CRYPTO_ALG_HUK_DERIVATION ((psa_algorithm_t)0xB0000F00)
+
+/**
  * \brief Define miscellaneous literal constants that are used in the service
  *
  */

interface/include/tfm_veneers.h

diff --git a/interface/include/tfm_veneers.h b/interface/include/tfm_veneers.h
index 23b4f8d..5b0e2bf 100644
--- a/interface/include/tfm_veneers.h
+++ b/interface/include/tfm_veneers.h
@@ -40,6 +40,8 @@
 
 /******** TFM_SP_CRYPTO ********/
 psa_status_t tfm_tfm_crypto_allocate_key_veneer(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_tfm_crypto_open_key_veneer(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_tfm_crypto_close_key_veneer(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
 psa_status_t tfm_tfm_crypto_import_key_veneer(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
 psa_status_t tfm_tfm_crypto_destroy_key_veneer(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
 psa_status_t tfm_tfm_crypto_get_key_information_veneer(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);