Crypto: Add support for persistent keys
Adds support for the PSA Crypto persistent key APIs to the crypto
service by enabling and calling the Mbed Crypto implementations. Mbed
Crypto in turn calls ITS for persistent storage.
Change-Id: I0db6b1ced6030cae41322ae06214114cc9c84cb4
Signed-off-by: Jamie Fox <jamie.fox@arm.com>
diff --git a/secure_fw/services/crypto/tfm_crypto_api.h b/secure_fw/services/crypto/tfm_crypto_api.h
index 74b0624..98e615a 100644
--- a/secure_fw/services/crypto/tfm_crypto_api.h
+++ b/secure_fw/services/crypto/tfm_crypto_api.h
@@ -45,6 +45,32 @@
};
/**
+ * \brief Core key attributes struct as seen by the client, with
+ * psa_app_key_id_t as the key ID type.
+ */
+typedef struct {
+ psa_key_type_t type;
+ psa_key_lifetime_t lifetime;
+ psa_app_key_id_t id; /* Client key ID */
+ psa_key_policy_t policy;
+ psa_key_bits_t bits;
+ psa_key_attributes_flag_t flags;
+} psa_client_core_key_attributes_t;
+
+/**
+ * \brief This struct represents the psa_key_attributes_t struct exposed to the
+ * client. The Mbed Crypto library needs a different abstraction for
+ * psa_key_attributes_t, so this intermediate struct is defined.
+ *
+ * TODO: Cleanup crypto implementation details from client-side PSA abstraction.
+ */
+typedef struct {
+ psa_client_core_key_attributes_t core; /* Client core key attributes */
+ void *domain_parameters;
+ size_t domain_parameters_size;
+} psa_client_key_attributes_t;
+
+/**
* \brief Initialise the service
*
* \return Return values as described in \ref psa_status_t
@@ -68,6 +94,32 @@
psa_status_t tfm_crypto_get_caller_id(int32_t *id);
/**
+ * \brief Gets key attributes from client key attributes.
+ *
+ * \param[in] client_key_attr Client key attributes
+ * \param[in] client_id Partition ID of the calling client
+ * \param[out] key_attributes Key attributes
+ *
+ * \return Return values as described in \ref psa_status_t
+ */
+psa_status_t tfm_crypto_key_attributes_from_client(
+ const psa_client_key_attributes_t *client_key_attr,
+ int32_t client_id,
+ psa_key_attributes_t *key_attributes);
+
+/**
+ * \brief Converts key attributes to client key attributes.
+ *
+ * \param[in] key_attributes Key attributes
+ * \param[out] client_key_attr Client key attributes
+ *
+ * \return Return values as described in \ref psa_status_t
+ */
+psa_status_t tfm_crypto_key_attributes_to_client(
+ const psa_key_attributes_t *key_attributes,
+ psa_client_key_attributes_t *client_key_attr);
+
+/**
* \brief Checks that the requested handle belongs to the requesting
* partition
*