TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / TF-M / trusted-firmware-m / 98ab441e096f57d5ec866424fa86ceee567ae167^! / . / secure_fw / services / crypto / crypto_key_derivation.c
commit98ab441e096f57d5ec866424fa86ceee567ae167[log] [tgz]
authorJamie Fox <jamie.fox@arm.com>Fri Jan 17 17:12:30 2020 +0000
committerJamie Fox <jamie.fox@arm.com>Mon Apr 20 13:43:16 2020 +0100
tree591d713279bf328d050ca33ace18e46961357559
parent1e089705899ff68c617cc0c01e5ce8618b8ba6b7 [diff] [blame]
Crypto: Add support for persistent keys

Adds support for the PSA Crypto persistent key APIs to the crypto
service by enabling and calling the Mbed Crypto implementations. Mbed
Crypto in turn calls ITS for persistent storage.

Change-Id: I0db6b1ced6030cae41322ae06214114cc9c84cb4
Signed-off-by: Jamie Fox <jamie.fox@arm.com>

diff --git a/secure_fw/services/crypto/crypto_key_derivation.c b/secure_fw/services/crypto/crypto_key_derivation.c
index 4f42ee0..6778ce9 100644
--- a/secure_fw/services/crypto/crypto_key_derivation.c
+++ b/secure_fw/services/crypto/crypto_key_derivation.c

@@ -381,16 +381,18 @@
     }
 
     if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
-        (in_vec[1].len != sizeof(psa_key_attributes_t)) ||
+        (in_vec[1].len != sizeof(psa_client_key_attributes_t)) ||
         (out_vec[0].len != sizeof(psa_key_handle_t))) {
         return PSA_ERROR_CONNECTION_REFUSED;
     }
     const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
 
     uint32_t handle = iov->op_handle;
-    const psa_key_attributes_t *key_attributes = in_vec[1].base;
+    const psa_client_key_attributes_t *client_key_attr = in_vec[1].base;
     psa_key_derivation_operation_t *operation = NULL;
     psa_key_handle_t *key_handle = out_vec[0].base;
+    psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
+    int32_t partition_id;
     uint32_t index;
 
     /* Look up the corresponding operation context */
@@ -406,11 +408,23 @@
         return status;
     }
 
+    status = tfm_crypto_get_caller_id(&partition_id);
+    if (status != PSA_SUCCESS) {
+        return status;
+    }
+
+    status = tfm_crypto_key_attributes_from_client(client_key_attr,
+                                                   partition_id,
+                                                   &key_attributes);
+    if (status != PSA_SUCCESS) {
+        return status;
+    }
+
     if (operation->alg == TFM_CRYPTO_ALG_HUK_DERIVATION) {
-        status = tfm_crypto_huk_derivation_output_key(key_attributes, operation,
-                                                      key_handle);
+        status = tfm_crypto_huk_derivation_output_key(&key_attributes,
+                                                      operation, key_handle);
     } else {
-        status = psa_key_derivation_output_key(key_attributes, operation,
+        status = psa_key_derivation_output_key(&key_attributes, operation,
                                                key_handle);
     }
     if (status == PSA_SUCCESS) {