Allow alternative backends for crypto provider The crypto service provider is refactored to make it easy to add alternative backends. There is still only a single backend that uses the mbedcrypto library from MbedTLS. However, all dependencies from the crypto provider on mbedcrypto have been removed, allowing the crypto provider to be used with alternative implementations of the PSA Crypto API. Signed-off-by: Julian Hall <julian.hall@arm.com> Change-Id: Ic5d1d9d47d149b634d147712749fdee48f260d85

commit: 9061e6cdb9315ce52e7308d074e3c57585ab96c4 [log] [tgz]
author: Julian Hall <julian.hall@arm.com> Tue Jun 29 14:24:20 2021 +0100
committer: Gyorgy Szing <Gyorgy.Szing@arm.com> Wed Oct 06 00:48:05 2021 +0200
tree: f883317bb7078b042950ce52a5ee318c269b30d5
parent: 527ddd57a21465b26ad0e3c1e8dd81e627f62e3e [diff]
diff --git a/deployments/component-test/arm-linux/CMakeLists.txt b/deployments/component-test/arm-linux/CMakeLists.txt
index a3609d8..b145719 100644
--- a/deployments/component-test/arm-linux/CMakeLists.txt
+++ b/deployments/component-test/arm-linux/CMakeLists.txt

@@ -36,7 +36,7 @@
 	TARGET "component-test"
 	BASE_DIR ${TS_ROOT}
     COMPONENTS
-        "components/service/crypto/provider/mbedcrypto/trng_adapter/linux"
+        "components/service/crypto/backend/mbedcrypto/trng_adapter/linux"
 )
 
 #-------------------------------------------------------------------------------

diff --git a/deployments/component-test/component-test.cmake b/deployments/component-test/component-test.cmake
index 974e4e2..9b6dcf8 100644
--- a/deployments/component-test/component-test.cmake
+++ b/deployments/component-test/component-test.cmake

@@ -65,10 +65,11 @@
 		"components/service/crypto/client/cpp/packed-c"
 		"components/service/crypto/client/test"
 		"components/service/crypto/client/test/standalone"
-		"components/service/crypto/provider/mbedcrypto"
+		"components/service/crypto/provider"
 		"components/service/crypto/provider/serializer/protobuf"
 		"components/service/crypto/provider/serializer/packed-c"
-		"components/service/crypto/provider/mbedcrypto/test"
+		"components/service/crypto/provider/test"
+		"components/service/crypto/backend/mbedcrypto"
 		"components/service/crypto/test/unit"
 		"components/service/crypto/test/service"
 		"components/service/crypto/test/service/protobuf"

diff --git a/deployments/component-test/linux-pc/CMakeLists.txt b/deployments/component-test/linux-pc/CMakeLists.txt
index 2f0e19a..c2514a8 100644
--- a/deployments/component-test/linux-pc/CMakeLists.txt
+++ b/deployments/component-test/linux-pc/CMakeLists.txt

@@ -71,7 +71,7 @@
 	TARGET "component-test"
 	BASE_DIR ${TS_ROOT}
     COMPONENTS
-        "components/service/crypto/provider/mbedcrypto/trng_adapter/linux"
+        "components/service/crypto/backend/mbedcrypto/trng_adapter/linux"
 )
 
 #-------------------------------------------------------------------------------

diff --git a/deployments/crypto/opteesp/CMakeLists.txt b/deployments/crypto/opteesp/CMakeLists.txt
index 8a857b8..ee2c3dc 100644
--- a/deployments/crypto/opteesp/CMakeLists.txt
+++ b/deployments/crypto/opteesp/CMakeLists.txt

@@ -45,10 +45,11 @@
 		"components/service/common/include"
 		"components/service/common/serializer/protobuf"
 		"components/service/common/provider"
-		"components/service/crypto/provider/mbedcrypto"
-		"components/service/crypto/provider/mbedcrypto/trng_adapter/platform"
+		"components/service/crypto/provider"
 		"components/service/crypto/provider/serializer/protobuf"
 		"components/service/crypto/provider/serializer/packed-c"
+		"components/service/crypto/backend/mbedcrypto"
+		"components/service/crypto/backend/mbedcrypto/trng_adapter/platform"
 		"components/service/secure_storage/include"
 		"components/service/secure_storage/frontend/psa/its"
 		"components/service/secure_storage/backend/secure_storage_client"

diff --git a/deployments/crypto/opteesp/crypto_sp.c b/deployments/crypto/opteesp/crypto_sp.c
index f3679d1..bca971b 100644
--- a/deployments/crypto/opteesp/crypto_sp.c
+++ b/deployments/crypto/opteesp/crypto_sp.c

@@ -6,9 +6,10 @@
 
 #include <rpc/ffarpc/endpoint/ffarpc_call_ep.h>
 #include <service/secure_storage/factory/storage_factory.h>
-#include <service/crypto/provider/mbedcrypto/crypto_provider.h>
+#include <service/crypto/provider/crypto_provider.h>
 #include <service/crypto/provider/serializer/protobuf/pb_crypto_provider_serializer.h>
 #include <service/crypto/provider/serializer/packed-c/packedc_crypto_provider_serializer.h>
+#include <service/crypto/backend/mbedcrypto/mbedcrypto_backend.h>
 #include <protocols/rpc/common/packed-c/status.h>
 #include <config/ramstore/config_ramstore.h>
 #include <config/loader/sp/sp_config_loader.h>
@@ -26,7 +27,7 @@
 
 void __noreturn sp_main(struct ffa_init_info *init_info)
 {
-	struct mbed_crypto_provider crypto_provider;
+	struct crypto_provider crypto_provider;
 	struct ffa_call_ep ffarpc_call_ep;
 	struct rpc_interface *crypto_iface;
 	struct sp_msg req_msg = { 0 };
@@ -44,13 +45,18 @@
 	if (!storage_backend) goto fatal_error;
 
 	/* Initialize the crypto service */
-	crypto_iface = mbed_crypto_provider_init(&crypto_provider, storage_backend, 0);
+	crypto_iface = NULL;
 
-	mbed_crypto_provider_register_serializer(&crypto_provider,
+    if (mbedcrypto_backend_init(storage_backend, 0) == PSA_SUCCESS) {
+
+        crypto_iface = crypto_provider_init(&crypto_provider);
+
+		crypto_provider_register_serializer(&crypto_provider,
                     TS_RPC_ENCODING_PROTOBUF, pb_crypto_provider_serializer_instance());
 
-	mbed_crypto_provider_register_serializer(&crypto_provider,
+		crypto_provider_register_serializer(&crypto_provider,
                     TS_RPC_ENCODING_PACKED_C, packedc_crypto_provider_serializer_instance());
+	}
 
 	ffa_call_ep_init(&ffarpc_call_ep, crypto_iface);
 

diff --git a/deployments/env-test/env_test.cmake b/deployments/env-test/env_test.cmake
index ee46eba..a983b60 100644
--- a/deployments/env-test/env_test.cmake
+++ b/deployments/env-test/env_test.cmake

@@ -29,9 +29,9 @@
 	"components/service/test_runner/provider/serializer/packed-c"
 	"components/service/test_runner/provider/backend/null"
 	"components/service/test_runner/provider/backend/simple_c"
-	"components/service/crypto/provider/mbedcrypto"
-	"components/service/crypto/provider/mbedcrypto/trng_adapter/platform"
-	"components/service/crypto/provider/mbedcrypto/trng_adapter/test"
+	"components/service/crypto/backend/mbedcrypto"
+	"components/service/crypto/backend/mbedcrypto/trng_adapter/platform"
+	"components/service/crypto/backend/mbedcrypto/trng_adapter/test"
 	"components/service/secure_storage/include"
 	"components/service/secure_storage/frontend/psa/its"
 	"components/service/secure_storage/backend/secure_storage_client"

diff --git a/deployments/env-test/opteesp/env_test_tests.c b/deployments/env-test/opteesp/env_test_tests.c
index beb9cbf..11c1f42 100644
--- a/deployments/env-test/opteesp/env_test_tests.c
+++ b/deployments/env-test/opteesp/env_test_tests.c

@@ -5,7 +5,7 @@
 
 #include <service/test_runner/provider/backend/simple_c/simple_c_test_runner.h>
 #include <config/test/sp/sp_config_tests.h>
-#include <service/crypto/provider/mbedcrypto/trng_adapter/test/trng_env_tests.h>
+#include <service/crypto/backend/mbedcrypto/trng_adapter/test/trng_env_tests.h>
 
 void env_test_register_tests(struct test_runner_provider *context)
 {
@@ -13,4 +13,4 @@
 
 	sp_config_tests_register();
 	trng_env_tests_register();
-}
\ No newline at end of file
+}

diff --git a/deployments/libts/linux-pc/CMakeLists.txt b/deployments/libts/linux-pc/CMakeLists.txt
index 779e2d6..3f0bbcf 100644
--- a/deployments/libts/linux-pc/CMakeLists.txt
+++ b/deployments/libts/linux-pc/CMakeLists.txt

@@ -53,10 +53,11 @@
 		"components/service/attestation/key_mngr"
 		"components/service/attestation/provider"
 		"components/service/attestation/provider/serializer/packed-c"
-		"components/service/crypto/provider/mbedcrypto"
-		"components/service/crypto/provider/mbedcrypto/trng_adapter/linux"
+		"components/service/crypto/provider"
 		"components/service/crypto/provider/serializer/protobuf"
 		"components/service/crypto/provider/serializer/packed-c"
+		"components/service/crypto/backend/mbedcrypto"
+		"components/service/crypto/backend/mbedcrypto/trng_adapter/linux"
 		"components/service/secure_storage/include"
 		"components/service/secure_storage/frontend/psa/its"
 		"components/service/secure_storage/frontend/secure_storage_provider"

diff --git a/deployments/se-proxy/opteesp/CMakeLists.txt b/deployments/se-proxy/opteesp/CMakeLists.txt
index b071b7a..4ab8906 100644
--- a/deployments/se-proxy/opteesp/CMakeLists.txt
+++ b/deployments/se-proxy/opteesp/CMakeLists.txt

@@ -57,7 +57,7 @@
 		"components/service/common/include"
 		"components/service/common/serializer/protobuf"
 		"components/service/common/provider"
-		"components/service/crypto/provider/mbedcrypto"
+		"components/service/crypto/provider"
 		"components/service/crypto/provider/serializer/protobuf"
 		"components/service/crypto/provider/serializer/packed-c"
 		"components/service/secure_storage/include"
@@ -80,7 +80,8 @@
 		"components/service/secure_storage/backend/secure_flash_store"
 		"components/service/secure_storage/backend/secure_flash_store/flash_fs"
 		"components/service/secure_storage/backend/secure_flash_store/flash"
-		"components/service/crypto/provider/mbedcrypto/trng_adapter/platform"
+		"components/service/crypto/backend/mbedcrypto"
+		"components/service/crypto/backend/mbedcrypto/trng_adapter/platform"
 )
 
 target_sources(se-proxy PRIVATE

diff --git a/deployments/se-proxy/opteesp/service_proxy_factory.c b/deployments/se-proxy/opteesp/service_proxy_factory.c
index 4af5a48..303ff0f 100644
--- a/deployments/se-proxy/opteesp/service_proxy_factory.c
+++ b/deployments/se-proxy/opteesp/service_proxy_factory.c

@@ -8,7 +8,7 @@
 #include <rpc/common/endpoint/rpc_interface.h>
 #include <service/attestation/provider/attest_provider.h>
 #include <service/attestation/provider/serializer/packed-c/packedc_attest_provider_serializer.h>
-#include <service/crypto/provider/mbedcrypto/crypto_provider.h>
+#include <service/crypto/provider/crypto_provider.h>
 #include <service/crypto/provider/serializer/protobuf/pb_crypto_provider_serializer.h>
 #include <service/crypto/provider/serializer/packed-c/packedc_crypto_provider_serializer.h>
 #include <components/service/secure_storage/frontend/secure_storage_provider/secure_storage_provider.h>
@@ -20,6 +20,7 @@
 #include <service/attestation/claims/sources/null_lifecycle/null_lifecycle_claim_source.h>
 #include <service/attestation/claims/sources/instance_id/instance_id_claim_source.h>
 #include <service/secure_storage/backend/secure_flash_store/secure_flash_store.h>
+#include <service/crypto/backend/mbedcrypto/mbedcrypto_backend.h>
 
 
 /* A shared storage backend - should be removed when proxy backends are added */
@@ -70,18 +71,21 @@
 
 struct rpc_interface *crypto_proxy_create(void)
 {
-	struct rpc_interface *crypto_iface;
+	struct rpc_interface *crypto_iface = NULL;
 
 	/* Static objects for proxy instance */
-	static struct mbed_crypto_provider crypto_provider;
+	static struct crypto_provider crypto_provider;
 
-	crypto_iface = mbed_crypto_provider_init(&crypto_provider, shared_storage_backend, 0);
+	if (mbedcrypto_backend_init(shared_storage_backend, 0) == PSA_SUCCESS) {
 
-	mbed_crypto_provider_register_serializer(&crypto_provider,
+		crypto_iface = crypto_provider_init(&crypto_provider);
+
+		crypto_provider_register_serializer(&crypto_provider,
 					TS_RPC_ENCODING_PROTOBUF, pb_crypto_provider_serializer_instance());
 
-	mbed_crypto_provider_register_serializer(&crypto_provider,
+		crypto_provider_register_serializer(&crypto_provider,
 					TS_RPC_ENCODING_PACKED_C, packedc_crypto_provider_serializer_instance());
+	}
 
 	return crypto_iface;
 }
commit	9061e6cdb9315ce52e7308d074e3c57585ab96c4	[log] [tgz]
author	Julian Hall <julian.hall@arm.com>	Tue Jun 29 14:24:20 2021 +0100
committer	Gyorgy Szing <Gyorgy.Szing@arm.com>	Wed Oct 06 00:48:05 2021 +0200
tree	f883317bb7078b042950ce52a5ee318c269b30d5
parent	527ddd57a21465b26ad0e3c1e8dd81e627f62e3e [diff]