TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / sandbox / pfalcon / trusted-firmware-m / b065a6b28cc6c692b99e4f7e9387d96f51bf4d07 / . / lib / ext / mbedcrypto / 0006-Add-TF-M-builtin-key-driver.patch
blob: eb1c302b5e5dd45e351c2de80b380f148a20c7c7 [file] [log] [blame]
Raef Colesb97e0982022-02-28 11:29:56 +0000[diff] [blame]1From 5cd10ccea1accf52336d41357135cd1c60728088 Mon Sep 17 00:00:00 2001
2From: Raef Coles <raef.coles@arm.com>
3Date: Tue, 19 Jul 2022 11:12:30 +0100
4Subject: [PATCH 6/6] Add TF-M builtin key driver
5
6Signed-off-by: Raef Coles <raef.coles@arm.com>
7---
8 library/psa_crypto.c | 11 +++-
9 library/psa_crypto_driver_wrappers.c | 95 +++++++++++++++++++++++++++-
10 2 files changed, 104 insertions(+), 2 deletions(-)
11
12diff --git a/library/psa_crypto.c b/library/psa_crypto.c
13index 0e33f409c..8cc5629f9 100644
14--- a/library/psa_crypto.c
15+++ b/library/psa_crypto.c
16@@ -86,6 +86,11 @@
17 #include "mbedtls/sha256.h"
18 #include "mbedtls/sha512.h"
19
20+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
21+#include "tfm_crypto_defs.h"
22+#include "tfm_builtin_key_loader.h"
23+#endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
24+
25 #define ARRAY_LENGTH( array ) ( sizeof( array ) / sizeof( *( array ) ) )
26
27 #if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) || \
28@@ -962,7 +967,11 @@ static psa_status_t psa_get_and_lock_transparent_key_slot_with_policy(
29 if( status != PSA_SUCCESS )
30 return( status );
31
32- if( psa_key_lifetime_is_external( (*p_slot)->attr.lifetime ) )
33+ if( psa_key_lifetime_is_external( (*p_slot)->attr.lifetime )
34+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
35+ && PSA_KEY_LIFETIME_GET_LOCATION((*p_slot)->attr.lifetime) != TFM_BUILTIN_KEY_LOADER_KEY_LOCATION
36+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
37+ )
38 {
39 psa_unlock_key_slot( *p_slot );
40 *p_slot = NULL;
41diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c
42index 2097db0cb..127e83d5a 100644
43--- a/library/psa_crypto_driver_wrappers.c
44+++ b/library/psa_crypto_driver_wrappers.c
45@@ -55,6 +55,18 @@
46 #include "cc3xx.h"
47 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
48
49+/* Include TF-M builtin key driver */
50+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
51+#ifndef PSA_CRYPTO_DRIVER_PRESENT
52+#define PSA_CRYPTO_DRIVER_PRESENT
53+#endif
54+#ifndef PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT
55+#define PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT
56+#endif
57+#include "tfm_crypto_defs.h"
58+#include "tfm_builtin_key_loader.h"
59+#endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
60+
61 /* Repeat above block for each JSON-declared driver during autogeneration */
62 #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS */
63
64@@ -72,6 +84,10 @@
65 #define PSA_CRYPTO_CC3XX_DRIVER_ID (4)
66 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
67
68+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
69+#define PSA_CRYPTO_TFM_BUILTIN_KEY_LOADER_DRIVER_ID (5)
70+#endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
71+
72 /* Support the 'old' SE interface when asked to */
73 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
74 /* PSA_CRYPTO_DRIVER_PRESENT is defined when either a new-style or old-style
75@@ -139,6 +155,9 @@ psa_status_t psa_driver_wrapper_sign_message(
76 switch( location )
77 {
78 case PSA_KEY_LOCATION_LOCAL_STORAGE:
79+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
80+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
81+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
82 /* Key is stored in the slot in export representation, so
83 * cycle through all known transparent accelerators */
84 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
85@@ -230,6 +249,9 @@ psa_status_t psa_driver_wrapper_verify_message(
86 switch( location )
87 {
88 case PSA_KEY_LOCATION_LOCAL_STORAGE:
89+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
90+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
91+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
92 /* Key is stored in the slot in export representation, so
93 * cycle through all known transparent accelerators */
94 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
95@@ -333,6 +355,9 @@ psa_status_t psa_driver_wrapper_sign_hash(
96 switch( location )
97 {
98 case PSA_KEY_LOCATION_LOCAL_STORAGE:
99+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
100+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
101+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
102 /* Key is stored in the slot in export representation, so
103 * cycle through all known transparent accelerators */
104 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
105@@ -434,6 +459,9 @@ psa_status_t psa_driver_wrapper_verify_hash(
106 switch( location )
107 {
108 case PSA_KEY_LOCATION_LOCAL_STORAGE:
109+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
110+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
111+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
112 /* Key is stored in the slot in export representation, so
113 * cycle through all known transparent accelerators */
114 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
115@@ -582,7 +610,11 @@ psa_status_t psa_driver_wrapper_get_key_buffer_size(
116 return( ( *key_buffer_size != 0 ) ?
117 PSA_SUCCESS : PSA_ERROR_NOT_SUPPORTED );
118 #endif /* PSA_CRYPTO_DRIVER_TEST */
119-
120+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
121+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
122+ return tfm_builtin_key_loader_get_key_buffer_size(psa_get_key_id(attributes),
123+ key_buffer_size);
124+#endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
125 default:
126 (void)key_type;
127 (void)key_bits;
128@@ -622,6 +654,9 @@ psa_status_t psa_driver_wrapper_generate_key(
129 switch( location )
130 {
131 case PSA_KEY_LOCATION_LOCAL_STORAGE:
132+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
133+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
134+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
135 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
136 /* Transparent drivers are limited to generating asymmetric keys */
137 if( PSA_KEY_TYPE_IS_ASYMMETRIC( attributes->core.type ) )
138@@ -715,6 +750,9 @@ psa_status_t psa_driver_wrapper_import_key(
139 switch( location )
140 {
141 case PSA_KEY_LOCATION_LOCAL_STORAGE:
142+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
143+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
144+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
145 /* Key is stored in the slot in export representation, so
146 * cycle through all known transparent accelerators */
147 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
148@@ -785,6 +823,9 @@ psa_status_t psa_driver_wrapper_export_key(
149 switch( location )
150 {
151 case PSA_KEY_LOCATION_LOCAL_STORAGE:
152+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
153+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
154+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
155 return( psa_export_key_internal( attributes,
156 key_buffer,
157 key_buffer_size,
158@@ -843,6 +884,9 @@ psa_status_t psa_driver_wrapper_export_public_key(
159 switch( location )
160 {
161 case PSA_KEY_LOCATION_LOCAL_STORAGE:
162+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
163+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
164+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
165 /* Key is stored in the slot in export representation, so
166 * cycle through all known transparent accelerators */
167 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
168@@ -915,6 +959,13 @@ psa_status_t psa_driver_wrapper_get_builtin_key(
169 attributes,
170 key_buffer, key_buffer_size, key_buffer_length ) );
171 #endif /* PSA_CRYPTO_DRIVER_TEST */
172+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
173+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
174+ return( tfm_builtin_key_loader_get_key_buffer(
175+ slot_number,
176+ attributes,
177+ key_buffer, key_buffer_size, key_buffer_length ) );
178+#endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
179 default:
180 (void) slot_number;
181 (void) key_buffer;
182@@ -991,6 +1042,9 @@ psa_status_t psa_driver_wrapper_cipher_encrypt(
183 switch( location )
184 {
185 case PSA_KEY_LOCATION_LOCAL_STORAGE:
186+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
187+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
188+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
189 /* Key is stored in the slot in export representation, so
190 * cycle through all known transparent accelerators */
191 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
192@@ -1097,6 +1151,9 @@ psa_status_t psa_driver_wrapper_cipher_decrypt(
193 switch( location )
194 {
195 case PSA_KEY_LOCATION_LOCAL_STORAGE:
196+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
197+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
198+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
199 /* Key is stored in the slot in export representation, so
200 * cycle through all known transparent accelerators */
201 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
202@@ -1188,6 +1245,9 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
203 switch( location )
204 {
205 case PSA_KEY_LOCATION_LOCAL_STORAGE:
206+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
207+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
208+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
209 /* Key is stored in the slot in export representation, so
210 * cycle through all known transparent accelerators */
211 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
212@@ -1276,6 +1336,9 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
213 switch( location )
214 {
215 case PSA_KEY_LOCATION_LOCAL_STORAGE:
216+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
217+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
218+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
219 /* Key is stored in the slot in export representation, so
220 * cycle through all known transparent accelerators */
221 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
222@@ -1755,6 +1818,9 @@ psa_status_t psa_driver_wrapper_aead_encrypt(
223 switch( location )
224 {
225 case PSA_KEY_LOCATION_LOCAL_STORAGE:
226+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
227+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
228+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
229 /* Key is stored in the slot in export representation, so
230 * cycle through all known transparent accelerators */
231
232@@ -1822,6 +1888,9 @@ psa_status_t psa_driver_wrapper_aead_decrypt(
233 switch( location )
234 {
235 case PSA_KEY_LOCATION_LOCAL_STORAGE:
236+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
237+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
238+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
239 /* Key is stored in the slot in export representation, so
240 * cycle through all known transparent accelerators */
241
242@@ -1915,6 +1984,9 @@ psa_status_t psa_driver_wrapper_aead_encrypt_setup(
243 switch( location )
244 {
245 case PSA_KEY_LOCATION_LOCAL_STORAGE:
246+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
247+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
248+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
249 /* Key is stored in the slot in export representation, so
250 * cycle through all known transparent accelerators */
251
252@@ -1974,6 +2046,9 @@ psa_status_t psa_driver_wrapper_aead_decrypt_setup(
253 switch( location )
254 {
255 case PSA_KEY_LOCATION_LOCAL_STORAGE:
256+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
257+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
258+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
259 /* Key is stored in the slot in export representation, so
260 * cycle through all known transparent accelerators */
261
262@@ -2366,6 +2441,9 @@ psa_status_t psa_driver_wrapper_mac_compute(
263 switch( location )
264 {
265 case PSA_KEY_LOCATION_LOCAL_STORAGE:
266+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
267+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
268+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
269 /* Key is stored in the slot in export representation, so
270 * cycle through all known transparent accelerators */
271 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
272@@ -2439,6 +2517,9 @@ psa_status_t psa_driver_wrapper_mac_sign_setup(
273 switch( location )
274 {
275 case PSA_KEY_LOCATION_LOCAL_STORAGE:
276+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
277+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
278+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
279 /* Key is stored in the slot in export representation, so
280 * cycle through all known transparent accelerators */
281 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
282@@ -2523,6 +2604,9 @@ psa_status_t psa_driver_wrapper_mac_verify_setup(
283 switch( location )
284 {
285 case PSA_KEY_LOCATION_LOCAL_STORAGE:
286+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
287+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
288+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
289 /* Key is stored in the slot in export representation, so
290 * cycle through all known transparent accelerators */
291 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
292@@ -2748,6 +2832,9 @@ psa_status_t psa_driver_wrapper_key_agreement(
293 switch( location )
294 {
295 case PSA_KEY_LOCATION_LOCAL_STORAGE:
296+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
297+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
298+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
299 /* Key is stored in the slot in export representation, so
300 * cycle through all known transparent accelerators */
301 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
302@@ -2797,6 +2884,9 @@ psa_status_t psa_driver_wrapper_asymmetric_encrypt(
303 switch( location )
304 {
305 case PSA_KEY_LOCATION_LOCAL_STORAGE:
306+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
307+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
308+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
309 /* Key is stored in the slot in export representation, so
310 * cycle through all known transparent accelerators */
311 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
312@@ -2869,6 +2959,9 @@ psa_status_t psa_driver_wrapper_asymmetric_decrypt(
313 switch( location )
314 {
315 case PSA_KEY_LOCATION_LOCAL_STORAGE:
316+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
317+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
318+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
319 /* Key is stored in the slot in export representation, so
320 * cycle through all known transparent accelerators */
321 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
322--
3232.34.1
324