1 /*
2  * Copyright (c) 2022-2023, Arm Limited. All rights reserved.
3  *
4  * SPDX-License-Identifier: BSD-3-Clause
5  *
6  */
7 
8 #include <stddef.h>
9 #include <stdint.h>
10 #include <string.h>
11 
12 #include "tfm_sp_log.h"
13 
14 #include "config_tfm.h"
15 #include "psa/crypto.h"
16 #include "psa/error.h"
17 #include "crypto_library.h"
18 
19 /**
20  * \brief This include is required to get the underlying platform function
21  *        to allow the builtin keys support in mbed TLS to map slots to key
22  *        IDs.
23  */
24 #include "tfm_plat_crypto_keys.h"
25 
26 /**
27  * \brief This Mbed TLS include is needed to initialise the memory allocator
28  *        of the library used for internal allocations
29  */
30 #include "mbedtls/memory_buffer_alloc.h"
31 
32 /**
33  * \brief This Mbed TLS include is needed to set the mbedtls_printf to the
34  *        function required by the TF-M framework in order to be able to
35  *        print to terminal through mbedtls_printf
36  */
37 #include "mbedtls/platform.h"
38 
39 /**
40  * \brief This Mbed TLS include is needed to retrieve version information for
41  *        display
42  */
43 #include "mbedtls/version.h"
44 
45 #ifndef MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
46 #error "MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER must be selected in Mbed TLS config file"
47 #endif
48 
49 /**
50  * \brief Static buffer containing the string describing the mbed TLS version. mbed TLS
51  *        guarantees that the string will never be greater than 18 bytes
52  */
53 static char mbedtls_version_full[18];
54 
55 /**
56  * \brief Static buffer to be used by Mbed Crypto for memory allocations
57  *
58  */
59 #include "config_engine_buf.h"
60 static uint8_t mbedtls_mem_buf[CRYPTO_ENGINE_BUF_SIZE] = {0};
61 
62 /*!
63  * \defgroup tfm_crypto_library Set of functions implementing the abstractions of the underlying cryptographic
64  *                              library that implements the PSA Crypto APIs to provide the PSA Crypto core
65  *                              functionality to the TF-M Crypto service. Currently it supports only an
66  *                              mbed TLS based abstraction.
67  */
68 /*!@{*/
tfm_crypto_library_key_id_init(int32_t owner,psa_key_id_t key_id)69 tfm_crypto_library_key_id_t tfm_crypto_library_key_id_init(int32_t owner, psa_key_id_t key_id)
70 {
71     return mbedtls_svc_key_id_make(owner, key_id);
72 }
73 
tfm_crypto_library_get_info(void)74 char *tfm_crypto_library_get_info(void)
75 {
76     memcpy(mbedtls_version_full, MBEDTLS_VERSION_STRING_FULL, sizeof(MBEDTLS_VERSION_STRING_FULL));
77     return mbedtls_version_full;
78 }
79 
tfm_crypto_core_library_init(void)80 psa_status_t tfm_crypto_core_library_init(void)
81 {
82     /* Initialise the Mbed Crypto memory allocator to use static memory
83      * allocation from the provided buffer instead of using the heap
84      */
85     mbedtls_memory_buffer_alloc_init(mbedtls_mem_buf,
86                                      CRYPTO_ENGINE_BUF_SIZE);
87 
88     /* mbedtls_printf is used to print messages including error information. */
89 #if (TFM_PARTITION_LOG_LEVEL >= TFM_PARTITION_LOG_LEVEL_ERROR)
90     mbedtls_platform_set_printf(printf);
91 #endif
92 
93     return PSA_SUCCESS;
94 }
95 
tfm_crypto_library_get_library_key_id_set_owner(int32_t owner,psa_key_attributes_t * attr)96 void tfm_crypto_library_get_library_key_id_set_owner(int32_t owner, psa_key_attributes_t *attr)
97 {
98     attr->MBEDTLS_PRIVATE(id).MBEDTLS_PRIVATE(owner) = owner;
99 }
100 
101 /**
102  * \brief This function is required by mbed TLS to enable support for
103  *        platform builtin keys in the PSA Crypto core layer implemented
104  *        by mbed TLS. This function is not standardized by the API hence
105  *        this layer directly provides the symbol required by the library
106  *
107  * \note It maps builtin key IDs to cryptographic drivers and slots. The
108  *       actual data is deferred to a platform function, as different
109  *       platforms may have different key storage capabilities.
110  */
mbedtls_psa_platform_get_builtin_key(mbedtls_svc_key_id_t key_id,psa_key_lifetime_t * lifetime,psa_drv_slot_number_t * slot_number)111 psa_status_t mbedtls_psa_platform_get_builtin_key(
112     mbedtls_svc_key_id_t key_id,
113     psa_key_lifetime_t *lifetime,
114     psa_drv_slot_number_t *slot_number)
115 {
116     const tfm_plat_builtin_key_descriptor_t *desc_table = NULL;
117     size_t number_of_keys = tfm_plat_builtin_key_get_desc_table_ptr(&desc_table);
118 
119     for (size_t idx = 0; idx < number_of_keys; idx++) {
120         if (desc_table[idx].key_id == MBEDTLS_SVC_KEY_ID_GET_KEY_ID(key_id)) {
121             *lifetime = desc_table[idx].lifetime;
122             *slot_number = desc_table[idx].slot_number;
123             return PSA_SUCCESS;
124         }
125     }
126 
127     return PSA_ERROR_DOES_NOT_EXIST;
128 }
129 /*!@}*/
130