Crypto: Upgrade Mbed TLS to 2.25
Set the MBEDCRYPTO_VERSION to 2.25.0.
First three patches in existing v2.24 already applied in v2.25
and hence removed.
Replaced MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER with
MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER in all configuration and
source as updated in v2.25 library.
Update all headers of psa/include as per mbedtls-v2.25 excluding
changes required to hide some implementation.
Update id field in the client_key_attributes structure to
psa_key_id_t.
Update Copyright year to 2021!
Removed patch 006 as not required in MbedTLS v2.25.0.
Update references of handle to key as per MbedTLS api changes.
Increase NUM_HANDLES to 32 to accommodate crypto api tests.
Added corresponding tfm implementation of psa_purge_key().
Signed-off-by: Maulik Patel <maulik.patel@arm.com>
Change-Id: I6a532da96735cf32996250c4a8733a8654c1f44e
diff --git a/interface/src/tfm_crypto_ipc_api.c b/interface/src/tfm_crypto_ipc_api.c
index 166e051..a89dd2b 100644
--- a/interface/src/tfm_crypto_ipc_api.c
+++ b/interface/src/tfm_crypto_ipc_api.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2020, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2021, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -41,7 +41,7 @@
}
psa_status_t psa_open_key(psa_key_id_t id,
- psa_key_handle_t *handle)
+ psa_key_id_t *key)
{
psa_status_t status;
const struct tfm_crypto_pack_iovec iov = {
@@ -52,7 +52,7 @@
{.base = &id, .len = sizeof(psa_key_id_t)},
};
psa_outvec out_vec[] = {
- {.base = handle, .len = sizeof(psa_key_handle_t)},
+ {.base = key, .len = sizeof(psa_key_id_t)},
};
PSA_CONNECT(TFM_CRYPTO);
@@ -65,12 +65,12 @@
return status;
}
-psa_status_t psa_close_key(psa_key_handle_t handle)
+psa_status_t psa_close_key(psa_key_id_t key)
{
psa_status_t status;
const struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_CLOSE_KEY_SID,
- .key_handle = handle,
+ .key_id = key,
};
psa_invec in_vec[] = {
{.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
@@ -89,7 +89,7 @@
psa_status_t psa_import_key(const psa_key_attributes_t *attributes,
const uint8_t *data,
size_t data_length,
- psa_key_handle_t *handle)
+ psa_key_id_t *key)
{
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
@@ -101,7 +101,7 @@
{.base = data, .len = data_length}
};
psa_outvec out_vec[] = {
- {.base = handle, .len = sizeof(psa_key_handle_t)}
+ {.base = key, .len = sizeof(psa_key_id_t)}
};
PSA_CONNECT(TFM_CRYPTO);
@@ -113,12 +113,12 @@
return status;
}
-psa_status_t psa_destroy_key(psa_key_handle_t handle)
+psa_status_t psa_destroy_key(psa_key_id_t key)
{
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_DESTROY_KEY_SID,
- .key_handle = handle,
+ .key_id = key,
};
psa_invec in_vec[] = {
{.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
@@ -133,13 +133,13 @@
return status;
}
-psa_status_t psa_get_key_attributes(psa_key_handle_t handle,
+psa_status_t psa_get_key_attributes(psa_key_id_t key,
psa_key_attributes_t *attributes)
{
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_GET_KEY_ATTRIBUTES_SID,
- .key_handle = handle,
+ .key_id = key,
};
psa_invec in_vec[] = {
{.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
@@ -182,7 +182,7 @@
return;
}
-psa_status_t psa_export_key(psa_key_handle_t handle,
+psa_status_t psa_export_key(psa_key_id_t key,
uint8_t *data,
size_t data_size,
size_t *data_length)
@@ -190,7 +190,7 @@
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_EXPORT_KEY_SID,
- .key_handle = handle,
+ .key_id = key,
};
psa_invec in_vec[] = {
{.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
@@ -211,7 +211,7 @@
return status;
}
-psa_status_t psa_export_public_key(psa_key_handle_t handle,
+psa_status_t psa_export_public_key(psa_key_id_t key,
uint8_t *data,
size_t data_size,
size_t *data_length)
@@ -219,7 +219,7 @@
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_EXPORT_PUBLIC_KEY_SID,
- .key_handle = handle,
+ .key_id = key,
};
psa_invec in_vec[] = {
@@ -241,14 +241,35 @@
return status;
}
-psa_status_t psa_copy_key(psa_key_handle_t source_handle,
+psa_status_t psa_purge_key(psa_key_id_t key)
+{
+ psa_status_t status;
+ struct tfm_crypto_pack_iovec iov = {
+ .sfn_id = TFM_CRYPTO_PURGE_KEY_SID,
+ .key_id = key,
+ };
+ psa_invec in_vec[] = {
+ {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
+ };
+
+ PSA_CONNECT(TFM_CRYPTO);
+
+ status = API_DISPATCH_NO_OUTVEC(tfm_crypto_purge_key,
+ TFM_CRYPTO_PURGE_KEY);
+
+ PSA_CLOSE();
+
+ return status;
+}
+
+psa_status_t psa_copy_key(psa_key_id_t source_key,
const psa_key_attributes_t *attributes,
- psa_key_handle_t *target_handle)
+ psa_key_id_t *target_key)
{
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_COPY_KEY_SID,
- .key_handle = source_handle,
+ .key_id = source_key,
};
psa_invec in_vec[] = {
@@ -258,7 +279,7 @@
};
psa_outvec out_vec[] = {
- {.base = target_handle, .len = sizeof(psa_key_handle_t)},
+ {.base = target_key, .len = sizeof(psa_key_id_t)},
};
PSA_CONNECT(TFM_CRYPTO);
@@ -331,13 +352,13 @@
}
psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation,
- psa_key_handle_t handle,
+ psa_key_id_t key,
psa_algorithm_t alg)
{
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_CIPHER_ENCRYPT_SETUP_SID,
- .key_handle = handle,
+ .key_id = key,
.alg = alg,
.op_handle = operation->handle,
};
@@ -360,13 +381,13 @@
}
psa_status_t psa_cipher_decrypt_setup(psa_cipher_operation_t *operation,
- psa_key_handle_t handle,
+ psa_key_id_t key,
psa_algorithm_t alg)
{
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_CIPHER_DECRYPT_SETUP_SID,
- .key_handle = handle,
+ .key_id = key,
.alg = alg,
.op_handle = operation->handle,
};
@@ -710,13 +731,13 @@
}
psa_status_t psa_mac_sign_setup(psa_mac_operation_t *operation,
- psa_key_handle_t handle,
+ psa_key_id_t key,
psa_algorithm_t alg)
{
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_MAC_SIGN_SETUP_SID,
- .key_handle = handle,
+ .key_id = key,
.alg = alg,
.op_handle = operation->handle,
};
@@ -739,13 +760,13 @@
}
psa_status_t psa_mac_verify_setup(psa_mac_operation_t *operation,
- psa_key_handle_t handle,
+ psa_key_id_t key,
psa_algorithm_t alg)
{
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_MAC_VERIFY_SETUP_SID,
- .key_handle = handle,
+ .key_id = key,
.alg = alg,
.op_handle = operation->handle,
};
@@ -879,7 +900,7 @@
return status;
}
-psa_status_t psa_aead_encrypt(psa_key_handle_t handle,
+psa_status_t psa_aead_encrypt(psa_key_id_t key,
psa_algorithm_t alg,
const uint8_t *nonce,
size_t nonce_length,
@@ -894,7 +915,7 @@
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_AEAD_ENCRYPT_SID,
- .key_handle = handle,
+ .key_id = key,
.alg = alg,
.aead_in = {.nonce = {0}, .nonce_length = nonce_length}
};
@@ -940,7 +961,7 @@
return status;
}
-psa_status_t psa_aead_decrypt(psa_key_handle_t handle,
+psa_status_t psa_aead_decrypt(psa_key_id_t key,
psa_algorithm_t alg,
const uint8_t *nonce,
size_t nonce_length,
@@ -955,7 +976,7 @@
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_AEAD_DECRYPT_SID,
- .key_handle = handle,
+ .key_id = key,
.alg = alg,
.aead_in = {.nonce = {0}, .nonce_length = nonce_length}
};
@@ -1001,7 +1022,7 @@
return status;
}
-psa_status_t psa_asymmetric_sign(psa_key_handle_t handle,
+psa_status_t psa_asymmetric_sign(psa_key_id_t key,
psa_algorithm_t alg,
const uint8_t *hash,
size_t hash_length,
@@ -1009,10 +1030,10 @@
size_t signature_size,
size_t *signature_length)
{
- return psa_sign_hash(handle, alg, hash, hash_length, signature, signature_size, signature_length);
+ return psa_sign_hash(key, alg, hash, hash_length, signature, signature_size, signature_length);
}
-psa_status_t psa_sign_hash(psa_key_handle_t handle,
+psa_status_t psa_sign_hash(psa_key_id_t key,
psa_algorithm_t alg,
const uint8_t *hash,
size_t hash_length,
@@ -1023,7 +1044,7 @@
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_SIGN_HASH_SID,
- .key_handle = handle,
+ .key_id = key,
.alg = alg,
};
@@ -1047,17 +1068,17 @@
return status;
}
-psa_status_t psa_asymmetric_verify(psa_key_handle_t handle,
+psa_status_t psa_asymmetric_verify(psa_key_id_t key,
psa_algorithm_t alg,
const uint8_t *hash,
size_t hash_length,
const uint8_t *signature,
size_t signature_length)
{
- return psa_verify_hash(handle, alg, hash, hash_length, signature, signature_length);
+ return psa_verify_hash(key, alg, hash, hash_length, signature, signature_length);
}
-psa_status_t psa_verify_hash(psa_key_handle_t handle,
+psa_status_t psa_verify_hash(psa_key_id_t key,
psa_algorithm_t alg,
const uint8_t *hash,
size_t hash_length,
@@ -1067,7 +1088,7 @@
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_VERIFY_HASH_SID,
- .key_handle = handle,
+ .key_id = key,
.alg = alg
};
@@ -1087,7 +1108,7 @@
return status;
}
-psa_status_t psa_asymmetric_encrypt(psa_key_handle_t handle,
+psa_status_t psa_asymmetric_encrypt(psa_key_id_t key,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
@@ -1100,7 +1121,7 @@
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_ASYMMETRIC_ENCRYPT_SID,
- .key_handle = handle,
+ .key_id = key,
.alg = alg
};
@@ -1135,7 +1156,7 @@
return status;
}
-psa_status_t psa_asymmetric_decrypt(psa_key_handle_t handle,
+psa_status_t psa_asymmetric_decrypt(psa_key_id_t key,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
@@ -1148,7 +1169,7 @@
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_ASYMMETRIC_DECRYPT_SID,
- .key_handle = handle,
+ .key_id = key,
.alg = alg
};
@@ -1243,12 +1264,12 @@
psa_status_t psa_key_derivation_input_key(
psa_key_derivation_operation_t *operation,
psa_key_derivation_step_t step,
- psa_key_handle_t handle)
+ psa_key_id_t key)
{
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_KEY_DERIVATION_INPUT_KEY_SID,
- .key_handle = handle,
+ .key_id = key,
.step = step,
.op_handle = operation->handle,
};
@@ -1297,14 +1318,14 @@
psa_status_t psa_key_derivation_key_agreement(
psa_key_derivation_operation_t *operation,
psa_key_derivation_step_t step,
- psa_key_handle_t private_key,
+ psa_key_id_t private_key,
const uint8_t *peer_key,
size_t peer_key_length)
{
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT_SID,
- .key_handle = private_key,
+ .key_id = private_key,
.step = step,
.op_handle = operation->handle,
};
@@ -1355,7 +1376,7 @@
}
psa_status_t psa_generate_key(const psa_key_attributes_t *attributes,
- psa_key_handle_t *handle)
+ psa_key_id_t *key)
{
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
@@ -1368,7 +1389,7 @@
};
psa_outvec out_vec[] = {
- {.base = handle, .len = sizeof(psa_key_handle_t)},
+ {.base = key, .len = sizeof(psa_key_id_t)},
};
PSA_CONNECT(TFM_CRYPTO);
@@ -1454,7 +1475,7 @@
return status;
}
-psa_status_t psa_mac_compute(psa_key_handle_t handle,
+psa_status_t psa_mac_compute(psa_key_id_t key,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
@@ -1469,7 +1490,7 @@
return status;
}
-psa_status_t psa_mac_verify(psa_key_handle_t handle,
+psa_status_t psa_mac_verify(psa_key_id_t key,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
@@ -1483,7 +1504,7 @@
return status;
}
-psa_status_t psa_cipher_encrypt(psa_key_handle_t handle,
+psa_status_t psa_cipher_encrypt(psa_key_id_t key,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
@@ -1498,7 +1519,7 @@
return status;
}
-psa_status_t psa_cipher_decrypt(psa_key_handle_t handle,
+psa_status_t psa_cipher_decrypt(psa_key_id_t key,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
@@ -1514,7 +1535,7 @@
}
psa_status_t psa_raw_key_agreement(psa_algorithm_t alg,
- psa_key_handle_t private_key,
+ psa_key_id_t private_key,
const uint8_t *peer_key,
size_t peer_key_length,
uint8_t *output,
@@ -1525,7 +1546,7 @@
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_RAW_KEY_AGREEMENT_SID,
.alg = alg,
- .key_handle = private_key
+ .key_id = private_key
};
psa_invec in_vec[] = {
@@ -1629,7 +1650,7 @@
psa_status_t psa_key_derivation_output_key(
const psa_key_attributes_t *attributes,
psa_key_derivation_operation_t *operation,
- psa_key_handle_t *handle)
+ psa_key_id_t *key)
{
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
@@ -1643,7 +1664,7 @@
};
psa_outvec out_vec[] = {
- {.base = handle, .len = sizeof(psa_key_handle_t)}
+ {.base = key, .len = sizeof(psa_key_id_t)}
};
PSA_CONNECT(TFM_CRYPTO);
@@ -1656,7 +1677,7 @@
}
psa_status_t psa_aead_encrypt_setup(psa_aead_operation_t *operation,
- psa_key_handle_t handle,
+ psa_key_id_t key,
psa_algorithm_t alg)
{
psa_status_t status;
@@ -1667,7 +1688,7 @@
}
psa_status_t psa_aead_decrypt_setup(psa_aead_operation_t *operation,
- psa_key_handle_t handle,
+ psa_key_id_t key,
psa_algorithm_t alg)
{
psa_status_t status;