Crypto: Active vendor Key Support with secure element
For Secure Element, vendor key can discriminates the key being
stored in secure element from the other key.
Change-Id: I94fda07dba0e3261502a64340a63097d6553664c
Signed-off-by: Benjamin Baratte <benjamin.baratte@st.com>
diff --git a/lib/ext/mbedcrypto/0001-BUILD-Update-IAR-support-in-CMakeLists.txt.patch b/lib/ext/mbedcrypto/0001-BUILD-Update-IAR-support-in-CMakeLists.txt.patch
index 8346bf5..eb57096 100644
--- a/lib/ext/mbedcrypto/0001-BUILD-Update-IAR-support-in-CMakeLists.txt.patch
+++ b/lib/ext/mbedcrypto/0001-BUILD-Update-IAR-support-in-CMakeLists.txt.patch
@@ -1,7 +1,7 @@
From edd00ceca7f04206467d950bd20da8494e45ce8c Mon Sep 17 00:00:00 2001
From: TTornblom <thomas.tornblom@iar.com>
Date: Thu, 16 Apr 2020 13:53:38 +0200
-Subject: [PATCH 1/6] BUILD: Update IAR support in CMakeLists.txt
+Subject: [PATCH 1/7] BUILD: Update IAR support in CMakeLists.txt
Applied the same change as in mbed-crypto for using this as a sub
project with the IAR toolchain.
diff --git a/lib/ext/mbedcrypto/0002-Enable-crypto-code-sharing-between-independent-binar.patch b/lib/ext/mbedcrypto/0002-Enable-crypto-code-sharing-between-independent-binar.patch
index 2fed3e0..4017916 100644
--- a/lib/ext/mbedcrypto/0002-Enable-crypto-code-sharing-between-independent-binar.patch
+++ b/lib/ext/mbedcrypto/0002-Enable-crypto-code-sharing-between-independent-binar.patch
@@ -1,7 +1,7 @@
From e4585e5285703a2769a810e90660434285e91925 Mon Sep 17 00:00:00 2001
From: Tamas Ban <tamas.ban@arm.com>
Date: Tue, 27 Oct 2020 08:55:37 +0000
-Subject: [PATCH 2/6] Enable crypto code sharing between independent binaries
+Subject: [PATCH 2/7] Enable crypto code sharing between independent binaries
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
---
diff --git a/lib/ext/mbedcrypto/0003-Driver-wrapper-entry-points-for-CC3XX.patch b/lib/ext/mbedcrypto/0003-Driver-wrapper-entry-points-for-CC3XX.patch
index db124cb..0541e36 100644
--- a/lib/ext/mbedcrypto/0003-Driver-wrapper-entry-points-for-CC3XX.patch
+++ b/lib/ext/mbedcrypto/0003-Driver-wrapper-entry-points-for-CC3XX.patch
@@ -1,7 +1,7 @@
From 89b0a57e9c29fde64572c62dbd4c3d75adde30a1 Mon Sep 17 00:00:00 2001
From: Antonio de Angelis <Antonio.deAngelis@arm.com>
Date: Fri, 15 Jul 2022 12:41:34 +0100
-Subject: [PATCH 3/6] Driver wrapper entry points for CC3XX
+Subject: [PATCH 3/7] Driver wrapper entry points for CC3XX
Manually hardcode PSA driver entry points for the CC3XX driver
into psa_crypto_driver_wrappers.c (and provide missing entry point
diff --git a/lib/ext/mbedcrypto/0004-Add-TF-M-builtin-key-driver.patch b/lib/ext/mbedcrypto/0004-Add-TF-M-builtin-key-driver.patch
index bee322f..2ab8aca 100644
--- a/lib/ext/mbedcrypto/0004-Add-TF-M-builtin-key-driver.patch
+++ b/lib/ext/mbedcrypto/0004-Add-TF-M-builtin-key-driver.patch
@@ -1,7 +1,7 @@
From 6f49a579de65abbae877ba067ee1a76671ae8e83 Mon Sep 17 00:00:00 2001
From: Raef Coles <raef.coles@arm.com>
Date: Tue, 19 Jul 2022 11:12:30 +0100
-Subject: [PATCH 4/6] Add TF-M builtin key driver
+Subject: [PATCH 4/7] Add TF-M builtin key driver
Signed-off-by: Raef Coles <raef.coles@arm.com>
Co-authored-by: Antonio de Angelis <antonio.deangelis@arm.com>
diff --git a/lib/ext/mbedcrypto/0005-CC3XX-Manually-enforce-no-software-builtin-fallback-.patch b/lib/ext/mbedcrypto/0005-CC3XX-Manually-enforce-no-software-builtin-fallback-.patch
index 335a31d..b1b45cd 100644
--- a/lib/ext/mbedcrypto/0005-CC3XX-Manually-enforce-no-software-builtin-fallback-.patch
+++ b/lib/ext/mbedcrypto/0005-CC3XX-Manually-enforce-no-software-builtin-fallback-.patch
@@ -1,7 +1,7 @@
From 9e1fcca0e8ba9e58135c91af9c8c640b1d0b32c5 Mon Sep 17 00:00:00 2001
From: Antonio de Angelis <Antonio.deAngelis@arm.com>
Date: Tue, 2 Aug 2022 13:05:05 +0200
-Subject: [PATCH 5/6] CC3XX: Manually enforce no-software builtin fallback when
+Subject: [PATCH 5/7] CC3XX: Manually enforce no-software builtin fallback when
CC3XX is available
This wil be enforced by the autogen framework eventually, but for the time
diff --git a/lib/ext/mbedcrypto/0006-Initialise-driver-wrappers-as-first-step-in-psa_cryp.patch b/lib/ext/mbedcrypto/0006-Initialise-driver-wrappers-as-first-step-in-psa_cryp.patch
index d17a9a3..1c752a1 100644
--- a/lib/ext/mbedcrypto/0006-Initialise-driver-wrappers-as-first-step-in-psa_cryp.patch
+++ b/lib/ext/mbedcrypto/0006-Initialise-driver-wrappers-as-first-step-in-psa_cryp.patch
@@ -1,7 +1,7 @@
From fbfff539fdbff01a9366df674e2e090a88774c4f Mon Sep 17 00:00:00 2001
From: Antonio de Angelis <Antonio.deAngelis@arm.com>
Date: Tue, 23 Aug 2022 13:06:07 +0100
-Subject: [PATCH 6/6] Initialise driver wrappers as first step in
+Subject: [PATCH 6/7] Initialise driver wrappers as first step in
psa_crypto_init()
This patch amends the order of initialisations performed in psa_crypto_init()
diff --git a/lib/ext/mbedcrypto/0007-Allow-SE-key-to-use-key-vendor-id-within-PSA-crypto.patch b/lib/ext/mbedcrypto/0007-Allow-SE-key-to-use-key-vendor-id-within-PSA-crypto.patch
new file mode 100644
index 0000000..31fd5c3
--- /dev/null
+++ b/lib/ext/mbedcrypto/0007-Allow-SE-key-to-use-key-vendor-id-within-PSA-crypto.patch
@@ -0,0 +1,30 @@
+From d8aa69e0cd1cd9443213439f590d3c57928d51e7 Mon Sep 17 00:00:00 2001
+From: Benjamin Baratte <benjamin.baratte@st.com>
+Date: Thu, 9 Feb 2023 10:35:01 +0100
+Subject: [PATCH 7/7] Allow SE key to use key vendor id within PSA crypto
+
+Signed-off-by: Benjamin Baratte <benjamin.baratte@st.com>
+---
+ library/psa_crypto.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/library/psa_crypto.c b/library/psa_crypto.c
+index d8a39334..eaaf1215 100644
+--- a/library/psa_crypto.c
++++ b/library/psa_crypto.c
+@@ -1511,7 +1511,11 @@ static psa_status_t psa_validate_key_attributes(
+ }
+ else
+ {
+- if( !psa_is_valid_key_id( psa_get_key_id( attributes ), 0 ) )
++#ifdef MBEDTLS_PSA_CRYPTO_SE_C
++ if( !psa_is_valid_key_id( psa_get_key_id( attributes ), 1 ) )
++#else
++ if( !psa_is_valid_key_id( psa_get_key_id( attributes ), 0 ) )
++#endif
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
+
+--
+2.25.1
+