1From c21add49b5bb920220ab5ef67a394e1ca3d86d6d Mon Sep 17 00:00:00 2001 2From: Raef Coles <raef.coles@arm.com> 3Date: Tue, 19 Jul 2022 11:12:30 +0100 4Subject: [PATCH 4/8] Add TF-M builtin key driver 5 6Signed-off-by: Raef Coles <raef.coles@arm.com> 7Co-authored-by: Antonio de Angelis <antonio.deangelis@arm.com> 8--- 9 library/psa_crypto.c | 11 +++- 10 library/psa_crypto_driver_wrappers.c | 97 +++++++++++++++++++++++++++- 11 2 files changed, 106 insertions(+), 2 deletions(-) 12 13diff --git a/library/psa_crypto.c b/library/psa_crypto.c 14index bc19ed07..df7776f3 100644 15--- a/library/psa_crypto.c 16+++ b/library/psa_crypto.c 17@@ -82,6 +82,11 @@ 18 #include "mbedtls/sha512.h" 19 #include "hash_info.h" 20 21+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) 22+#include "tfm_crypto_defs.h" 23+#include "tfm_builtin_key_loader.h" 24+#endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */ 25+ 26 #define ARRAY_LENGTH(array) (sizeof(array) / sizeof(*(array))) 27 28 #if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) || \ 29@@ -1011,7 +1016,11 @@ static psa_status_t psa_get_and_lock_transparent_key_slot_with_policy( 30 return status; 31 } 32 33- if (psa_key_lifetime_is_external((*p_slot)->attr.lifetime)) { 34+ if (psa_key_lifetime_is_external((*p_slot)->attr.lifetime) 35+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) 36+ && PSA_KEY_LIFETIME_GET_LOCATION((*p_slot)->attr.lifetime) != TFM_BUILTIN_KEY_LOADER_KEY_LOCATION 37+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */ 38+ ) { 39 psa_unlock_key_slot(*p_slot); 40 *p_slot = NULL; 41 return PSA_ERROR_NOT_SUPPORTED; 42diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c 43index ce26b346..38251f11 100644 44--- a/library/psa_crypto_driver_wrappers.c 45+++ b/library/psa_crypto_driver_wrappers.c 46@@ -59,6 +59,18 @@ 47 #include "cc3xx.h" 48 #endif /* PSA_CRYPTO_DRIVER_CC3XX */ 49 50+/* Include TF-M builtin key driver */ 51+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) 52+#ifndef PSA_CRYPTO_DRIVER_PRESENT 53+#define PSA_CRYPTO_DRIVER_PRESENT 54+#endif 55+#ifndef PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT 56+#define PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT 57+#endif 58+#include "tfm_crypto_defs.h" 59+#include "tfm_builtin_key_loader.h" 60+#endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */ 61+ 62 #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS */ 63 /* END-driver headers */ 64 65@@ -72,6 +84,9 @@ 66 #if defined(PSA_CRYPTO_DRIVER_CC3XX) 67 #define PSA_CRYPTO_CC3XX_DRIVER_ID (4) 68 #endif /* PSA_CRYPTO_DRIVER_CC3XX */ 69+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) 70+#define PSA_CRYPTO_TFM_BUILTIN_KEY_LOADER_DRIVER_ID (5) 71+#endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */ 72 73 /* END-driver id */ 74 75@@ -93,6 +108,12 @@ psa_status_t psa_driver_wrapper_init( void ) 76 { 77 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 78 79+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) 80+ status = tfm_builtin_key_loader_init(); 81+ if (status != PSA_SUCCESS) 82+ return ( status ); 83+#endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */ 84+ 85 #if defined(PSA_CRYPTO_DRIVER_CC3XX) 86 status = cc3xx_init(); 87 if (status != PSA_SUCCESS) 88@@ -156,6 +177,9 @@ psa_status_t psa_driver_wrapper_sign_message( 89 switch( location ) 90 { 91 case PSA_KEY_LOCATION_LOCAL_STORAGE: 92+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) 93+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION: 94+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */ 95 /* Key is stored in the slot in export representation, so 96 * cycle through all known transparent accelerators */ 97 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 98@@ -244,6 +268,9 @@ psa_status_t psa_driver_wrapper_verify_message( 99 switch( location ) 100 { 101 case PSA_KEY_LOCATION_LOCAL_STORAGE: 102+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) 103+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION: 104+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */ 105 /* Key is stored in the slot in export representation, so 106 * cycle through all known transparent accelerators */ 107 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 108@@ -343,6 +370,9 @@ psa_status_t psa_driver_wrapper_sign_hash( 109 switch( location ) 110 { 111 case PSA_KEY_LOCATION_LOCAL_STORAGE: 112+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) 113+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION: 114+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */ 115 /* Key is stored in the slot in export representation, so 116 * cycle through all known transparent accelerators */ 117 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 118@@ -439,6 +469,9 @@ psa_status_t psa_driver_wrapper_verify_hash( 119 switch( location ) 120 { 121 case PSA_KEY_LOCATION_LOCAL_STORAGE: 122+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) 123+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION: 124+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */ 125 /* Key is stored in the slot in export representation, so 126 * cycle through all known transparent accelerators */ 127 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 128@@ -828,7 +861,11 @@ psa_status_t psa_driver_wrapper_get_key_buffer_size( 129 return( ( *key_buffer_size != 0 ) ? 130 PSA_SUCCESS : PSA_ERROR_NOT_SUPPORTED ); 131 #endif /* PSA_CRYPTO_DRIVER_TEST */ 132- 133+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) 134+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION: 135+ return tfm_builtin_key_loader_get_key_buffer_size(psa_get_key_id(attributes), 136+ key_buffer_size); 137+#endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */ 138 default: 139 (void)key_type; 140 (void)key_bits; 141@@ -868,6 +905,9 @@ psa_status_t psa_driver_wrapper_generate_key( 142 switch( location ) 143 { 144 case PSA_KEY_LOCATION_LOCAL_STORAGE: 145+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) 146+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION: 147+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */ 148 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 149 /* Transparent drivers are limited to generating asymmetric keys */ 150 if( PSA_KEY_TYPE_IS_ASYMMETRIC( attributes->core.type ) ) 151@@ -960,6 +1000,9 @@ psa_status_t psa_driver_wrapper_import_key( 152 switch( location ) 153 { 154 case PSA_KEY_LOCATION_LOCAL_STORAGE: 155+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) 156+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION: 157+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */ 158 /* Key is stored in the slot in export representation, so 159 * cycle through all known transparent accelerators */ 160 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 161@@ -1046,6 +1089,9 @@ psa_status_t psa_driver_wrapper_export_key( 162 switch( location ) 163 { 164 case PSA_KEY_LOCATION_LOCAL_STORAGE: 165+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) 166+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION: 167+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */ 168 return( psa_export_key_internal( attributes, 169 key_buffer, 170 key_buffer_size, 171@@ -1111,6 +1157,9 @@ psa_status_t psa_driver_wrapper_export_public_key( 172 switch( location ) 173 { 174 case PSA_KEY_LOCATION_LOCAL_STORAGE: 175+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) 176+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION: 177+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */ 178 /* Key is stored in the slot in export representation, so 179 * cycle through all known transparent accelerators */ 180 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 181@@ -1196,6 +1245,13 @@ psa_status_t psa_driver_wrapper_get_builtin_key( 182 183 184 #endif /* PSA_CRYPTO_DRIVER_TEST */ 185+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) 186+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION: 187+ return( tfm_builtin_key_loader_get_builtin_key( 188+ slot_number, 189+ attributes, 190+ key_buffer, key_buffer_size, key_buffer_length ) ); 191+#endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */ 192 default: 193 (void) slot_number; 194 (void) key_buffer; 195@@ -1281,6 +1337,9 @@ psa_status_t psa_driver_wrapper_cipher_encrypt( 196 switch( location ) 197 { 198 case PSA_KEY_LOCATION_LOCAL_STORAGE: 199+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) 200+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION: 201+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */ 202 /* Key is stored in the slot in export representation, so 203 * cycle through all known transparent accelerators */ 204 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 205@@ -1385,6 +1444,9 @@ psa_status_t psa_driver_wrapper_cipher_decrypt( 206 switch( location ) 207 { 208 case PSA_KEY_LOCATION_LOCAL_STORAGE: 209+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) 210+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION: 211+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */ 212 /* Key is stored in the slot in export representation, so 213 * cycle through all known transparent accelerators */ 214 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 215@@ -1474,6 +1536,9 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup( 216 switch( location ) 217 { 218 case PSA_KEY_LOCATION_LOCAL_STORAGE: 219+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) 220+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION: 221+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */ 222 /* Key is stored in the slot in export representation, so 223 * cycle through all known transparent accelerators */ 224 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 225@@ -1557,6 +1622,9 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup( 226 switch( location ) 227 { 228 case PSA_KEY_LOCATION_LOCAL_STORAGE: 229+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) 230+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION: 231+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */ 232 /* Key is stored in the slot in export representation, so 233 * cycle through all known transparent accelerators */ 234 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 235@@ -2041,6 +2109,9 @@ psa_status_t psa_driver_wrapper_aead_encrypt( 236 switch( location ) 237 { 238 case PSA_KEY_LOCATION_LOCAL_STORAGE: 239+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) 240+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION: 241+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */ 242 /* Key is stored in the slot in export representation, so 243 * cycle through all known transparent accelerators */ 244 245@@ -2104,6 +2175,9 @@ psa_status_t psa_driver_wrapper_aead_decrypt( 246 switch( location ) 247 { 248 case PSA_KEY_LOCATION_LOCAL_STORAGE: 249+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) 250+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION: 251+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */ 252 /* Key is stored in the slot in export representation, so 253 * cycle through all known transparent accelerators */ 254 255@@ -2164,6 +2238,9 @@ psa_status_t psa_driver_wrapper_aead_encrypt_setup( 256 switch( location ) 257 { 258 case PSA_KEY_LOCATION_LOCAL_STORAGE: 259+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) 260+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION: 261+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */ 262 /* Key is stored in the slot in export representation, so 263 * cycle through all known transparent accelerators */ 264 265@@ -2221,6 +2298,9 @@ psa_status_t psa_driver_wrapper_aead_decrypt_setup( 266 switch( location ) 267 { 268 case PSA_KEY_LOCATION_LOCAL_STORAGE: 269+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) 270+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION: 271+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */ 272 /* Key is stored in the slot in export representation, so 273 * cycle through all known transparent accelerators */ 274 275@@ -2618,6 +2698,9 @@ psa_status_t psa_driver_wrapper_mac_compute( 276 switch( location ) 277 { 278 case PSA_KEY_LOCATION_LOCAL_STORAGE: 279+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) 280+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION: 281+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */ 282 /* Key is stored in the slot in export representation, so 283 * cycle through all known transparent accelerators */ 284 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 285@@ -2688,6 +2771,9 @@ psa_status_t psa_driver_wrapper_mac_sign_setup( 286 switch( location ) 287 { 288 case PSA_KEY_LOCATION_LOCAL_STORAGE: 289+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) 290+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION: 291+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */ 292 /* Key is stored in the slot in export representation, so 293 * cycle through all known transparent accelerators */ 294 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 295@@ -2769,6 +2855,9 @@ psa_status_t psa_driver_wrapper_mac_verify_setup( 296 switch( location ) 297 { 298 case PSA_KEY_LOCATION_LOCAL_STORAGE: 299+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) 300+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION: 301+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */ 302 /* Key is stored in the slot in export representation, so 303 * cycle through all known transparent accelerators */ 304 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 305@@ -2997,6 +3086,9 @@ psa_status_t psa_driver_wrapper_asymmetric_encrypt( 306 switch( location ) 307 { 308 case PSA_KEY_LOCATION_LOCAL_STORAGE: 309+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) 310+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION: 311+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */ 312 /* Key is stored in the slot in export representation, so 313 * cycle through all known transparent accelerators */ 314 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 315@@ -3069,6 +3161,9 @@ psa_status_t psa_driver_wrapper_asymmetric_decrypt( 316 switch( location ) 317 { 318 case PSA_KEY_LOCATION_LOCAL_STORAGE: 319+#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) 320+ case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION: 321+#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */ 322 /* Key is stored in the slot in export representation, so 323 * cycle through all known transparent accelerators */ 324 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 325-- 3262.25.1 327 328
