Build: Fix wrong flag Name CRYPTO_HW_ACCLERATOR in crypto back end.
Issue on flag name usage has been introduced with OTP used for
crypto back end. CRYPTO_HW_ACCLERATOR is replaced by
CRYPTO_HW_ACCELERATOR to avoid further issue.
Change-Id: I83bd2ce65c3a87e08d2e85321805ca4db53d0d96
Signed-off-by: Michel Jaouen <michel.jaouen@st.com>
diff --git a/platform/ext/common/template/crypto_keys.c b/platform/ext/common/template/crypto_keys.c
index b4cf6a7..04b6009 100644
--- a/platform/ext/common/template/crypto_keys.c
+++ b/platform/ext/common/template/crypto_keys.c
@@ -29,7 +29,7 @@
uint8_t *key,
size_t key_size)
{
-#ifdef CRYPTO_HW_ACCLERATOR
+#ifdef CRYPTO_HW_ACCELERATOR
return crypto_hw_accelerator_huk_derive_key(label, label_size, context,
context_size, key, key_size);
#else
@@ -66,7 +66,7 @@
memset(huk_buf, 0, sizeof(huk_buf));
return err;
-#endif /* CRYPTO_HW_ACCLERATOR */
+#endif /* CRYPTO_HW_ACCELERATOR */
}
#ifdef SYMMETRIC_INITIAL_ATTESTATION
diff --git a/platform/ext/target/stm/b_u585i_iot02a/accelerator/CMakeLists.txt b/platform/ext/target/stm/b_u585i_iot02a/accelerator/CMakeLists.txt
index be417f9..908ca2b 100644
--- a/platform/ext/target/stm/b_u585i_iot02a/accelerator/CMakeLists.txt
+++ b/platform/ext/target/stm/b_u585i_iot02a/accelerator/CMakeLists.txt
@@ -56,6 +56,7 @@
${PLATFORM_DIR}/ext/target/stm/common/hal/accelerator/sha1_alt.c
${PLATFORM_DIR}/ext/target/stm/common/hal/accelerator/sha256_alt.c
${PLATFORM_DIR}/ext/target/stm/common/hal/accelerator/stm.c
+ ${PLATFORM_DIR}/ext/target/stm/common/hal/accelerator/huk.c
)
target_include_directories(crypto_service_crypto_hw
@@ -66,6 +67,7 @@
${PLATFORM_DIR}/ext/target/stm/common/stm32u5xx/hal/Inc/
${PLATFORM_DIR}/ext/target/stm/common/stm32u5xx/Device/Include/
${PLATFORM_DIR}/ext/cmsis
+ ${PLATFORM_DIR}/include
)
target_include_directories(crypto_service_mbedcrypto
PUBLIC
diff --git a/platform/ext/target/stm/common/hal/accelerator/huk.c b/platform/ext/target/stm/common/hal/accelerator/huk.c
new file mode 100644
index 0000000..8a47be3
--- /dev/null
+++ b/platform/ext/target/stm/common/hal/accelerator/huk.c
@@ -0,0 +1,58 @@
+/*
+ * Copyright (c) 2019-2020, Arm Limited. All rights reserved.
+ * Copyright (c) 2021 STMicroelectronics. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+#include <stddef.h>
+#include <string.h>
+#include "crypto_hw.h"
+#include "psa/crypto_types.h"
+#include "tfm_plat_crypto_keys.h"
+#include "tfm_plat_otp.h"
+#include "mbedtls/hkdf.h"
+
+
+int crypto_hw_accelerator_huk_derive_key(const uint8_t *label,
+ size_t label_size,
+ const uint8_t *context,
+ size_t context_size,
+ uint8_t *key,
+ size_t key_size)
+{
+ uint8_t huk_buf[32];
+ int err = -1;
+ int mbedtls_err;
+
+ if (key == NULL) {
+ return -1;
+ }
+
+ if (label == NULL && label_size != 0) {
+ return -1;
+ }
+
+ if (context == NULL && context_size != 0) {
+ return -1;
+ }
+
+ err = tfm_plat_otp_read(PLAT_OTP_ID_HUK, sizeof(huk_buf), huk_buf);
+ if (err != TFM_PLAT_ERR_SUCCESS) {
+ goto out;
+ }
+
+ mbedtls_err = mbedtls_hkdf(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256),
+ label, label_size, huk_buf, sizeof(huk_buf),
+ context, context_size, key, key_size);
+ if (mbedtls_err) {
+ err = -1;
+ goto out;
+ }
+
+out:
+ memset(huk_buf, 0, sizeof(huk_buf));
+
+ return err;
+}
+
diff --git a/platform/ext/target/stm/common/stm32u5xx/CMakeLists.txt b/platform/ext/target/stm/common/stm32u5xx/CMakeLists.txt
index 6899d54..553d2f2 100644
--- a/platform/ext/target/stm/common/stm32u5xx/CMakeLists.txt
+++ b/platform/ext/target/stm/common/stm32u5xx/CMakeLists.txt
@@ -62,6 +62,7 @@
${CMAKE_CURRENT_SOURCE_DIR}/hal/Inc
${CMAKE_CURRENT_SOURCE_DIR}/secure
${MBEDCRYPTO_PATH}/library
+ ${CMAKE_SOURCE_DIR}/include
)
target_sources(platform_s
diff --git a/platform/ext/target/stm/nucleo_l552ze_q/accelerator/CMakeLists.txt b/platform/ext/target/stm/nucleo_l552ze_q/accelerator/CMakeLists.txt
index 5f2cd45..6ac4059 100644
--- a/platform/ext/target/stm/nucleo_l552ze_q/accelerator/CMakeLists.txt
+++ b/platform/ext/target/stm/nucleo_l552ze_q/accelerator/CMakeLists.txt
@@ -56,6 +56,7 @@
${PLATFORM_DIR}/ext/target/stm/common/hal/accelerator/sha1_alt.c
${PLATFORM_DIR}/ext/target/stm/common/hal/accelerator/sha256_alt.c
${PLATFORM_DIR}/ext/target/stm/common/hal/accelerator/stm.c
+ ${PLATFORM_DIR}/ext/target/stm/common/hal/accelerator/huk.c
)
target_include_directories(crypto_service_crypto_hw
@@ -75,6 +76,7 @@
${PLATFORM_DIR}/ext/target/stm/common/stm32l5xx/hal/Inc/
${PLATFORM_DIR}/ext/target/stm/common/stm32l5xx/Device/Include/
${PLATFORM_DIR}/ext/cmsis
+ ${PLATFORM_DIR}/include
)
target_compile_definitions(crypto_service_crypto_hw
diff --git a/platform/ext/target/stm/stm32l562e_dk/accelerator/CMakeLists.txt b/platform/ext/target/stm/stm32l562e_dk/accelerator/CMakeLists.txt
index 0ea04e2..7cdef5f 100644
--- a/platform/ext/target/stm/stm32l562e_dk/accelerator/CMakeLists.txt
+++ b/platform/ext/target/stm/stm32l562e_dk/accelerator/CMakeLists.txt
@@ -66,6 +66,7 @@
${PLATFORM_DIR}/ext/target/stm/common/hal/accelerator/sha1_alt.c
${PLATFORM_DIR}/ext/target/stm/common/hal/accelerator/sha256_alt.c
${PLATFORM_DIR}/ext/target/stm/common/hal/accelerator/stm.c
+ ${PLATFORM_DIR}/ext/target/stm/common/hal/accelerator/huk.c
)
target_include_directories(crypto_service_crypto_hw
@@ -76,6 +77,7 @@
${PLATFORM_DIR}/ext/target/stm/common/stm32l5xx/hal/Inc/
${PLATFORM_DIR}/ext/target/stm/common/stm32l5xx/Device/Include/
${PLATFORM_DIR}/ext/cmsis
+ ${PLATFORM_DIR}/include
)
target_include_directories(crypto_service_mbedcrypto
diff --git a/secure_fw/partitions/crypto/crypto_init.c b/secure_fw/partitions/crypto/crypto_init.c
index 0694ae6..28c787c 100644
--- a/secure_fw/partitions/crypto/crypto_init.c
+++ b/secure_fw/partitions/crypto/crypto_init.c
@@ -27,7 +27,7 @@
#ifdef CRYPTO_HW_ACCELERATOR
#include "crypto_hw.h"
-#endif /* CRYPTO_HW_ACCLERATOR */
+#endif /* CRYPTO_HW_ACCELERATOR */
#ifdef TFM_PSA_API
#include "psa/service.h"