Align PSA Crypto with TF-Mv2.1
Update following files using the TF-Mv2.1 release (0c4c99b) commit.
* crypto_sid.h
This is derived from TF-M's tfm_crypto_defs.h file. The crypto function
ID definitions were reworked. This change had to be done on the TS
side too to keep the compatibility.
* crypto_ipc_backend.h
This file is also derived from the tfm_crypto_defs.h file. The
tfm_crypto_pack_iovec struct changed in TF-M so the
psa_ipc_crypto_pack_iovec struct had to be updated in TS to
keep the compatibility.
* crypto_client_struct.h
The psa_client_key_attributes_s struct had to be aligned with the
psa_key_attributes_s struct in TF-M. (psa_crypto.c)
Change-Id: I5d7ea94df0ed519ec9a8ee67e0d2788a6268c5cb
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
diff --git a/components/service/common/include/psa/crypto_sid.h b/components/service/common/include/psa/crypto_sid.h
index 5b05f46..fe057ce 100644
--- a/components/service/common/include/psa/crypto_sid.h
+++ b/components/service/common/include/psa/crypto_sid.h
@@ -18,22 +18,24 @@
* nine groups (Random, Key management, Hash, MAC, Cipher, AEAD,
* Asym sign, Asym encrypt, Key derivation).
*/
-enum tfm_crypto_group_id {
- TFM_CRYPTO_GROUP_ID_RANDOM = 0x0,
- TFM_CRYPTO_GROUP_ID_KEY_MANAGEMENT,
- TFM_CRYPTO_GROUP_ID_HASH,
- TFM_CRYPTO_GROUP_ID_MAC,
- TFM_CRYPTO_GROUP_ID_CIPHER,
- TFM_CRYPTO_GROUP_ID_AEAD,
- TFM_CRYPTO_GROUP_ID_ASYM_SIGN,
- TFM_CRYPTO_GROUP_ID_ASYM_ENCRYPT,
- TFM_CRYPTO_GROUP_ID_KEY_DERIVATION,
+enum tfm_crypto_group_id_t {
+ TFM_CRYPTO_GROUP_ID_RANDOM = UINT8_C(1),
+ TFM_CRYPTO_GROUP_ID_KEY_MANAGEMENT = UINT8_C(2),
+ TFM_CRYPTO_GROUP_ID_HASH = UINT8_C(3),
+ TFM_CRYPTO_GROUP_ID_MAC = UINT8_C(4),
+ TFM_CRYPTO_GROUP_ID_CIPHER = UINT8_C(5),
+ TFM_CRYPTO_GROUP_ID_AEAD = UINT8_C(6),
+ TFM_CRYPTO_GROUP_ID_ASYM_SIGN = UINT8_C(7),
+ TFM_CRYPTO_GROUP_ID_ASYM_ENCRYPT = UINT8_C(8),
+ TFM_CRYPTO_GROUP_ID_KEY_DERIVATION = UINT8_C(9)
};
-/* X macro describing each of the available PSA Crypto APIs */
+/* Set of X macros describing each of the available PSA Crypto APIs */
+#define RANDOM_FUNCS \
+ X(TFM_CRYPTO_GENERATE_RANDOM)
+
#define KEY_MANAGEMENT_FUNCS \
X(TFM_CRYPTO_GET_KEY_ATTRIBUTES) \
- X(TFM_CRYPTO_RESET_KEY_ATTRIBUTES) \
X(TFM_CRYPTO_OPEN_KEY) \
X(TFM_CRYPTO_CLOSE_KEY) \
X(TFM_CRYPTO_IMPORT_KEY) \
@@ -89,13 +91,13 @@
X(TFM_CRYPTO_AEAD_VERIFY) \
X(TFM_CRYPTO_AEAD_ABORT)
-#define ASYMMETRIC_SIGN_FUNCS \
+#define ASYM_SIGN_FUNCS \
X(TFM_CRYPTO_ASYMMETRIC_SIGN_MESSAGE) \
X(TFM_CRYPTO_ASYMMETRIC_VERIFY_MESSAGE) \
X(TFM_CRYPTO_ASYMMETRIC_SIGN_HASH) \
X(TFM_CRYPTO_ASYMMETRIC_VERIFY_HASH)
-#define AYSMMETRIC_ENCRYPT_FUNCS \
+#define ASYM_ENCRYPT_FUNCS \
X(TFM_CRYPTO_ASYMMETRIC_ENCRYPT) \
X(TFM_CRYPTO_ASYMMETRIC_DECRYPT)
@@ -106,133 +108,55 @@
X(TFM_CRYPTO_KEY_DERIVATION_SET_CAPACITY) \
X(TFM_CRYPTO_KEY_DERIVATION_INPUT_BYTES) \
X(TFM_CRYPTO_KEY_DERIVATION_INPUT_KEY) \
+ X(TFM_CRYPTO_KEY_DERIVATION_INPUT_INTEGER) \
X(TFM_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT) \
X(TFM_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES) \
X(TFM_CRYPTO_KEY_DERIVATION_OUTPUT_KEY) \
X(TFM_CRYPTO_KEY_DERIVATION_ABORT)
-#define RANDOM_FUNCS \
- X(TFM_CRYPTO_GENERATE_RANDOM)
+#define BASE__VALUE(x) ((uint16_t)((((uint16_t)(x)) << 8) & 0xFF00))
-/*
- * Define function IDs in each group. The function ID will be encoded into
- * tfm_crypto_func_sid below.
- * Each group is defined as a dedicated enum in case the total number of
- * PSA Crypto APIs exceeds 256.
+/**
+ * \brief This type defines numerical progressive values identifying a function API
+ * exposed through the interfaces (S or NS). It's used to dispatch the requests
+ * from S/NS to the corresponding API implementation in the Crypto service backend.
+ *
+ * \note Each function SID is encoded as uint16_t.
+ * +------------+------------+
+ * | Group ID | Func ID |
+ * +------------+------------+
+ * (MSB)15 8 7 0(LSB)
+ *
*/
-#define X(func_id) func_id,
-enum tfm_crypto_key_management_func_id {
- KEY_MANAGEMENT_FUNCS
-};
-enum tfm_crypto_hash_func_id {
- HASH_FUNCS
-};
-enum tfm_crypto_mac_func_id {
- MAC_FUNCS
-};
-enum tfm_crypto_cipher_func_id {
- CIPHER_FUNCS
-};
-enum tfm_crypto_aead_func_id {
- AEAD_FUNCS
-};
-enum tfm_crypto_asym_sign_func_id {
- ASYMMETRIC_SIGN_FUNCS
-};
-enum tfm_crypto_asym_encrypt_func_id {
- AYSMMETRIC_ENCRYPT_FUNCS
-};
-enum tfm_crypto_key_derivation_func_id {
- KEY_DERIVATION_FUNCS
-};
-enum tfm_crypto_random_func_id {
+enum tfm_crypto_func_sid_t {
+#define X(FUNCTION_NAME) FUNCTION_NAME ## _SID,
+ BASE__RANDOM = BASE__VALUE(TFM_CRYPTO_GROUP_ID_RANDOM) - 1,
RANDOM_FUNCS
-};
-#undef X
-
-#define FUNC_ID(func_id) (((func_id) & 0xFF) << 8)
-
-/*
- * Numerical progressive value identifying a function API exposed through
- * the interfaces (S or NS). It's used to dispatch the requests from S/NS
- * to the corresponding API implementation in the Crypto service backend.
- *
- * Each function SID is encoded as uint16_t.
- * | Func ID | Group ID |
- * 15 8 7 0
- * Func ID is defined in each group func_id enum above
- * Group ID is defined in tfm_crypto_group_id.
- */
-enum tfm_crypto_func_sid {
-
-#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \
- (TFM_CRYPTO_GROUP_ID_KEY_MANAGEMENT & 0xFF)),
-
+ BASE__KEY_MANAGEMENT = BASE__VALUE(TFM_CRYPTO_GROUP_ID_KEY_MANAGEMENT) - 1,
KEY_MANAGEMENT_FUNCS
-
-#undef X
-#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \
- (TFM_CRYPTO_GROUP_ID_HASH & 0xFF)),
+ BASE__HASH = BASE__VALUE(TFM_CRYPTO_GROUP_ID_HASH) - 1,
HASH_FUNCS
-
-#undef X
-#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \
- (TFM_CRYPTO_GROUP_ID_MAC & 0xFF)),
+ BASE__MAC = BASE__VALUE(TFM_CRYPTO_GROUP_ID_MAC) - 1,
MAC_FUNCS
-
-#undef X
-#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \
- (TFM_CRYPTO_GROUP_ID_CIPHER & 0xFF)),
+ BASE__CIPHER = BASE__VALUE(TFM_CRYPTO_GROUP_ID_CIPHER) - 1,
CIPHER_FUNCS
-
-#undef X
-#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \
- (TFM_CRYPTO_GROUP_ID_AEAD & 0xFF)),
+ BASE__AEAD = BASE__VALUE(TFM_CRYPTO_GROUP_ID_AEAD) - 1,
AEAD_FUNCS
-
-#undef X
-#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \
- (TFM_CRYPTO_GROUP_ID_ASYM_SIGN & 0xFF)),
- ASYMMETRIC_SIGN_FUNCS
-
-#undef X
-#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \
- (TFM_CRYPTO_GROUP_ID_ASYM_ENCRYPT & 0xFF)),
- AYSMMETRIC_ENCRYPT_FUNCS
-
-#undef X
-#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \
- (TFM_CRYPTO_GROUP_ID_KEY_DERIVATION & 0xFF)),
+ BASE__ASYM_SIGN = BASE__VALUE(TFM_CRYPTO_GROUP_ID_ASYM_SIGN) - 1,
+ ASYM_SIGN_FUNCS
+ BASE__ASYM_ENCRYPT = BASE__VALUE(TFM_CRYPTO_GROUP_ID_ASYM_ENCRYPT) - 1,
+ ASYM_ENCRYPT_FUNCS
+ BASE__KEY_DERIVATION = BASE__VALUE(TFM_CRYPTO_GROUP_ID_KEY_DERIVATION) - 1,
KEY_DERIVATION_FUNCS
-
#undef X
-#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \
- (TFM_CRYPTO_GROUP_ID_RANDOM & 0xFF)),
- RANDOM_FUNCS
-
};
-#undef X
/**
- * \brief Define an invalid value for an SID
- *
+ * \brief This macro is used to extract the group_id from an encoded function id
+ * by accessing the upper 8 bits. A \a _function_id is uint16_t type
*/
-#define TFM_CRYPTO_SID_INVALID (~0x0u)
-
-/**
- * \brief This value is used to mark an handle as invalid.
- *
- */
-#define TFM_CRYPTO_INVALID_HANDLE (0x0u)
-
-/**
- * \brief Define miscellaneous literal constants that are used in the service
- *
- */
-enum {
- TFM_CRYPTO_NOT_IN_USE = 0,
- TFM_CRYPTO_IN_USE = 1
-};
+#define TFM_CRYPTO_GET_GROUP_ID(_function_id) \
+ ((enum tfm_crypto_group_id_t)(((uint16_t)(_function_id) >> 8) & 0xFF))
#ifdef __cplusplus
}
diff --git a/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h
index f9bbf84..27fe349 100644
--- a/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h
+++ b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h
@@ -30,10 +30,9 @@
struct psa_ipc_crypto_pack_iovec {
psa_key_id_t key_id; /*!< Key id */
psa_algorithm_t alg; /*!< Algorithm */
- uint32_t op_handle; /*!< Frontend context handle associated to a
+ uint32_t op_handle; /*!< Client context handle associated to a
* multipart operation
*/
- uint32_t capacity; /*!< Key derivation capacity */
uint32_t ad_length; /*!< Additional Data length for multipart AEAD */
uint32_t plaintext_length; /*!< Plaintext length for multipart AEAD */
@@ -44,7 +43,11 @@
* See tfm_crypto_func_sid for detail
*/
uint16_t step; /*!< Key derivation step */
-} __attribute__((__packed__));
+ union {
+ size_t capacity; /*!< Key derivation capacity */
+ uint64_t value; /*!< Key derivation integer for update*/
+ };
+};
#define iov_size sizeof(struct psa_ipc_crypto_pack_iovec)
diff --git a/components/service/crypto/include/psa/crypto_client_struct.h b/components/service/crypto/include/psa/crypto_client_struct.h
index 1f68aba..7e907fa 100644
--- a/components/service/crypto/include/psa/crypto_client_struct.h
+++ b/components/service/crypto/include/psa/crypto_client_struct.h
@@ -34,12 +34,14 @@
uint16_t type;
uint16_t bits;
uint32_t lifetime;
- psa_key_id_t id;
uint32_t usage;
uint32_t alg;
+ uint32_t alg2;
+ uint32_t id;
+ int32_t owner_id;
};
-#define PSA_CLIENT_KEY_ATTRIBUTES_INIT {0, 0, 0, 0, 0, 0}
+#define PSA_CLIENT_KEY_ATTRIBUTES_INIT {0}
#ifdef __cplusplus
}