Crypto: Implement PSA key policy APIs
Extends the Crypto service key module to add support for
the PSA Crypto key policy and lifetime APIs. Adds new test
cases for the key policy interface and modifies existing
tests to use key policies.
Change-Id: Ic820fcc395d591dbb5f8fe09446049ff460dfe02
Signed-off-by: Jamie Fox <jamie.fox@arm.com>
diff --git a/secure_fw/services/crypto/crypto_cipher.c b/secure_fw/services/crypto/crypto_cipher.c
index ca78e8a..84b5b78 100644
--- a/secure_fw/services/crypto/crypto_cipher.c
+++ b/secure_fw/services/crypto/crypto_cipher.c
@@ -31,6 +31,7 @@
enum tfm_crypto_err_t err;
struct tfm_cipher_operation_s *ctx = NULL;
struct cipher_engine_info engine_info;
+ psa_key_usage_t usage;
/* Validate pointers */
err = tfm_crypto_memory_check(operation,
@@ -91,11 +92,17 @@
return PSA_STATUS_TO_TFM_CRYPTO_ERR(status);
}
+ /* Set the key usage based on the cipher mode */
+ usage = (c_mode == ENGINE_CIPHER_MODE_DECRYPT) ? PSA_KEY_USAGE_DECRYPT
+ : PSA_KEY_USAGE_ENCRYPT;
+
/* Access the crypto service key module to retrieve key data */
- err = tfm_crypto_export_key(key,
- &key_data[0],
- TFM_CRYPTO_MAX_KEY_LENGTH,
- &key_size);
+ err = tfm_crypto_get_key(key,
+ usage,
+ alg,
+ key_data,
+ TFM_CRYPTO_MAX_KEY_LENGTH,
+ &key_size);
if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
/* Release the operation context */
tfm_crypto_operation_release(&(operation->handle));