Fix crypto discovery in standalone block-storage
The standalone block-storage service uses an RPMB block store as backend
which in turn uses the crypto service for key derivation operations.
Since commit abec4644 ("Enable owner labelling of keys in Mbed TLS") the
PSA Crypto implementation in MbedTLS cannot be called directly even in
the standalone service implementations, but the usual crypto service
discovery and a crypto client is needed instead. This was missing since
the commit mentioned above was merged after the standalone block-store
service was updated to use the RPMB block store, fix it now.
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
Change-Id: Ifc41ef3a12f13d4cd547578b9dfa1300d377caa1
diff --git a/components/service/locator/standalone/services/block-storage/block_storage_service_context.cpp b/components/service/locator/standalone/services/block-storage/block_storage_service_context.cpp
index 56f91db..14754d7 100644
--- a/components/service/locator/standalone/services/block-storage/block_storage_service_context.cpp
+++ b/components/service/locator/standalone/services/block-storage/block_storage_service_context.cpp
@@ -6,14 +6,19 @@
#include <assert.h>
#include <cstring>
+#include "psa/crypto.h"
#include "service/block_storage/provider/serializer/packed-c/packedc_block_storage_serializer.h"
#include "service/block_storage/factory/rpmb/block_store_factory.h"
+#include "service/crypto/client/psa/psa_crypto_client.h"
+#include "service/locator/interface/service_locator.h"
#include "block_storage_service_context.h"
block_storage_service_context::block_storage_service_context(const char *sn) :
standalone_service_context(sn),
m_block_storage_provider(),
- m_block_store(NULL)
+ m_block_store(NULL),
+ m_crypto_service_context(NULL),
+ m_crypto_session(NULL)
{
}
@@ -25,6 +30,9 @@
void block_storage_service_context::do_init()
{
+ /* The crypto service is used for key derivation in RPMB frontend */
+ open_crypto_session();
+
/* Create backend block store */
m_block_store = rpmb_block_store_factory_create();
assert(m_block_store);
@@ -45,4 +53,30 @@
{
block_storage_provider_deinit(&m_block_storage_provider);
rpmb_block_store_factory_destroy(m_block_store);
+ close_crypto_session();
+}
+
+void block_storage_service_context::open_crypto_session()
+{
+ m_crypto_service_context = service_locator_query("sn:trustedfirmware.org:crypto:0");
+ if (m_crypto_service_context) {
+ m_crypto_session = service_context_open(m_crypto_service_context);
+ if (m_crypto_session) {
+ psa_crypto_client_init(m_crypto_session);
+ psa_crypto_init();
+ }
+ }
+}
+
+void block_storage_service_context::close_crypto_session()
+{
+ psa_crypto_client_deinit();
+
+ if (m_crypto_service_context && m_crypto_session) {
+ service_context_close(m_crypto_service_context, m_crypto_session);
+ m_crypto_session = NULL;
+
+ service_context_relinquish(m_crypto_service_context);
+ m_crypto_service_context = NULL;
+ }
}
diff --git a/components/service/locator/standalone/services/block-storage/block_storage_service_context.h b/components/service/locator/standalone/services/block-storage/block_storage_service_context.h
index c47aede..ddb56eb 100644
--- a/components/service/locator/standalone/services/block-storage/block_storage_service_context.h
+++ b/components/service/locator/standalone/services/block-storage/block_storage_service_context.h
@@ -23,8 +23,13 @@
void do_init();
void do_deinit();
+ void open_crypto_session();
+ void close_crypto_session();
+
struct block_storage_provider m_block_storage_provider;
struct block_store *m_block_store;
+ struct service_context *m_crypto_service_context;
+ struct rpc_caller_session *m_crypto_session;
};
#endif /* STANDALONE_BLOCK_STORAGE_SERVICE_CONTEXT_H */