Crypto: Move library init in the library interface module
Move the initialisation steps for the mbed TLS library in the
dedicated library module to be able to abstract those steps and
decouple the TF-M Crypto service from underlying details of the
cryptographic library that provides the PSA Crypto core layer.
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
Change-Id: I6bb4df6f794f4a1ee896b42e260842d297d7b238
diff --git a/secure_fw/partitions/crypto/crypto_init.c b/secure_fw/partitions/crypto/crypto_init.c
index df82037..84bdcf9 100644
--- a/secure_fw/partitions/crypto/crypto_init.c
+++ b/secure_fw/partitions/crypto/crypto_init.c
@@ -18,14 +18,6 @@
#include "crypto_library.h"
-/*
- * \brief This Mbed TLS include is needed to initialise the memory allocator
- * of the library used for internal allocations
- */
-#include "mbedtls/memory_buffer_alloc.h"
-
-#include "mbedtls/platform.h"
-
#if CRYPTO_NV_SEED
#include "tfm_plat_crypto_nv_seed.h"
#endif /* CRYPTO_NV_SEED */
@@ -254,15 +246,11 @@
return status;
}
-/**
- * \brief Static buffer to be used by Mbed Crypto for memory allocations
- *
- */
-static uint8_t mbedtls_mem_buf[CRYPTO_ENGINE_BUF_SIZE] = {0};
-
static psa_status_t tfm_crypto_engine_init(void)
{
+ psa_status_t status = PSA_ERROR_GENERIC_ERROR;
char *library_info = NULL;
+
#if CRYPTO_NV_SEED
LOG_INFFMT("[INF][Crypto] ");
LOG_INFFMT("Provisioning entropy seed... ");
@@ -272,19 +260,16 @@
LOG_INFFMT("\033[0;32mcomplete.\033[0m\r\n");
#endif /* CRYPTO_NV_SEED */
- library_info = tfm_crypto_library_get_info();
- LOG_DBGFMT("[DBG][Crypto] PSA Crypto backend library identifier: \033[0;32m%s\033[0m\r\n", library_info);
-
- /* Initialise the Mbed Crypto memory allocator to use static memory
- * allocation from the provided buffer instead of using the heap
+ /* Initialise the underlying Cryptographic library that provides the
+ * PSA Crypto core layer
*/
- mbedtls_memory_buffer_alloc_init(mbedtls_mem_buf,
- CRYPTO_ENGINE_BUF_SIZE);
-
- /* mbedtls_printf is used to print messages including error information. */
-#if (TFM_PARTITION_LOG_LEVEL >= TFM_PARTITION_LOG_LEVEL_ERROR)
- mbedtls_platform_set_printf(printf);
-#endif
+ library_info = tfm_crypto_library_get_info();
+ LOG_DBGFMT("[DBG][Crypto] Initialising \033[0;32m%s\033[0m as PSA Crypto backend library... ", library_info);
+ status = tfm_crypto_core_library_init();
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
+ LOG_DBGFMT("\033[0;32mcomplete.\033[0m\r\n");
/* Initialise the crypto accelerator if one is enabled. If the driver API is
* the one defined by the PSA Unified Driver interface, the initialisation is
@@ -299,9 +284,10 @@
LOG_INFFMT("\033[0;32mcomplete.\033[0m\r\n");
#endif /* CRYPTO_HW_ACCELERATOR */
- /* Perform the initialisation of the PSA subsystem in the Mbed Crypto
- * library. If a driver is built using the PSA Driver interface, the function
- * below will perform also the same operations as crypto_hw_accelerator_init()
+ /* Perform the initialisation of the PSA subsystem available through the chosen
+ * Cryptographic library. If a driver is built using the PSA Driver interface,
+ * the function below will perform also the same operations done by the HAL init
+ * crypto_hw_accelerator_init()
*/
return psa_crypto_init();
}
diff --git a/secure_fw/partitions/crypto/crypto_library.c b/secure_fw/partitions/crypto/crypto_library.c
index ae1823b..4db66d7 100644
--- a/secure_fw/partitions/crypto/crypto_library.c
+++ b/secure_fw/partitions/crypto/crypto_library.c
@@ -9,19 +9,45 @@
#include <stdint.h>
#include <string.h>
-#include "config_crypto.h"
+#include "tfm_sp_log.h"
+#include "config_crypto.h"
+#include "psa/crypto.h"
#include "crypto_library.h"
+/*
+ * \brief This Mbed TLS include is needed to initialise the memory allocator
+ * of the library used for internal allocations
+ */
+#include "mbedtls/memory_buffer_alloc.h"
+/*
+ * \brief This Mbed TLS include is needed to set the mbedtls_printf to the
+ * function required by the TF-M framework in order to be able to
+ * print to terminal through mbedtls_printf
+ */
+#include "mbedtls/platform.h"
+/*
+ * \brief This Mbed TLS include is needed to retrieve version information for
+ * display
+ */
#include "mbedtls/build_info.h"
#ifndef MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
#error "MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER must be selected in Mbed TLS config file"
#endif
-/* Mbed TLS is guaranteed not to have a version string longer than 18 bytes */
+/**
+ * \brief Static buffer containing the string describing the mbed TLS version. mbed TLS
+ * guarantees that the string will never be greater than 18 bytes
+ */
static char mbedtls_version_full[18];
+/**
+ * \brief Static buffer to be used by Mbed Crypto for memory allocations
+ *
+ */
+static uint8_t mbedtls_mem_buf[CRYPTO_ENGINE_BUF_SIZE] = {0};
+
/*!
* \defgroup tfm_crypto_library Set of functions implementing the abstractions of the underlying cryptographic
* library that implements the PSA Crypto APIs to provide the PSA Crypto core
@@ -39,4 +65,20 @@
memcpy(mbedtls_version_full, MBEDTLS_VERSION_STRING_FULL, sizeof(MBEDTLS_VERSION_STRING_FULL));
return mbedtls_version_full;
}
+
+psa_status_t tfm_crypto_core_library_init(void)
+{
+ /* Initialise the Mbed Crypto memory allocator to use static memory
+ * allocation from the provided buffer instead of using the heap
+ */
+ mbedtls_memory_buffer_alloc_init(mbedtls_mem_buf,
+ CRYPTO_ENGINE_BUF_SIZE);
+
+ /* mbedtls_printf is used to print messages including error information. */
+#if (TFM_PARTITION_LOG_LEVEL >= TFM_PARTITION_LOG_LEVEL_ERROR)
+ mbedtls_platform_set_printf(printf);
+#endif
+
+ return PSA_SUCCESS;
+}
/*!@}*/
diff --git a/secure_fw/partitions/crypto/crypto_library.h b/secure_fw/partitions/crypto/crypto_library.h
index 17e04df..d983844 100644
--- a/secure_fw/partitions/crypto/crypto_library.h
+++ b/secure_fw/partitions/crypto/crypto_library.h
@@ -60,4 +60,14 @@
{
return tfm_crypto_library_key_id_init(0, 0);
}
+
+/*!
+ * \brief This function is used to perform the necessary steps to initialise the underlying
+ * library that provides the implementation of the PSA Crypto core to the TF-M Crypto
+ * service
+ *
+ * \return PSA_SUCCESS on successful initialisation
+ */
+psa_status_t tfm_crypto_core_library_init(void);
+
#endif /* CRYPTO_LIBRARY_H */