BL2: Support LMS via thin PSA crypto core
Add experimental support for PSA_ALG_LMS to PSA as a vendor algorithm.
Add support for using this alg in the thin PSA crypto core.
Change-Id: Ic5ad261fe8db1a8eb773d4cfdccd3cce72b8082a
Signed-off-by: Raef Coles <raef.coles@arm.com>
diff --git a/interface/include/psa/crypto_values.h b/interface/include/psa/crypto_values.h
index 1d678db..8e97bd6 100644
--- a/interface/include/psa/crypto_values.h
+++ b/interface/include/psa/crypto_values.h
@@ -28,6 +28,15 @@
#define PSA_CRYPTO_VALUES_H
#include "mbedtls/private_access.h"
+#ifdef PSA_WANT_ALG_LMS
+/* Note: TF-M supports LMS as a vendor extension and requires some LMS/HMS specific
+ * values to be available to properly override the PSA_ALG_IS_VENDOR_HASH_AND_SIGN
+ * macro. Eventually LMS/HMS will be standardized in Mbed TLS hence dropping the
+ * need to carry vendor extensions in a separate header
+ */
+#include "crypto_values_lms.h"
+#endif
+
/** \defgroup error Error codes
* @{
*/
@@ -1664,7 +1673,9 @@
/* Default definition, to be overridden if the library is extended with
* more hash-and-sign algorithms that we want to keep out of this header
* file. */
+#ifndef PSA_ALG_IS_VENDOR_HASH_AND_SIGN
#define PSA_ALG_IS_VENDOR_HASH_AND_SIGN(alg) 0
+#endif
/** Whether the specified algorithm is a signature algorithm that can be used
* with psa_sign_hash() and psa_verify_hash().
diff --git a/interface/include/psa/crypto_values_lms.h b/interface/include/psa/crypto_values_lms.h
new file mode 100644
index 0000000..a0add59
--- /dev/null
+++ b/interface/include/psa/crypto_values_lms.h
@@ -0,0 +1,39 @@
+/*
+ * SPDX-FileCopyrightText: Copyright The TrustedFirmware-M Contributors
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#ifndef PSA_CRYPTO_VALUES_LMS_H
+#define PSA_CRYPTO_VALUES_LMS_H
+
+#define PSA_ALG_LMS_BASE 0x00100000
+
+#define PSA_ALG_IS_LMS(alg) (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_LMS_BASE)
+
+#define PSA_ALG_LMS(hash) ( \
+ PSA_ALG_VENDOR_FLAG | \
+ PSA_ALG_CATEGORY_SIGN | \
+ PSA_ALG_LMS_BASE | \
+ ((hash) & PSA_ALG_HASH_MASK) \
+ )
+
+#define PSA_ALG_HSS_BASE 0x00200000
+
+#define PSA_ALG_IS_HSS(alg) (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_HSS_BASE)
+
+#define PSA_ALG_HSS(hash) ( \
+ PSA_ALG_VENDOR_FLAG | \
+ PSA_ALG_CATEGORY_SIGN | \
+ PSA_ALG_HSS_BASE | \
+ ((hash) & PSA_ALG_HASH_MASK) \
+ )
+
+/* This overrides the default PSA_ALG_IS_VENDOR_HASH_AND_SIGN in crypto_values.h */
+#define PSA_ALG_IS_VENDOR_HASH_AND_SIGN(alg) ( \
+ (PSA_ALG_IS_LMS(alg)) || \
+ (PSA_ALG_IS_HSS(alg)) \
+ )
+
+#endif /* PSA_CRYPTO_VALUES_LMS_H */