mirror of
https://git.yoctoproject.org/meta-arm
synced 2026-06-07 15:10:09 +00:00
arm-bsp/trusted-services: corstone1000: align PSA crypto structs with TF-M
The TF-M was upgraded to v2.1.0 for the Corstone-1000. The TS had to be aligned with it, to keep the Secure Enclave Proxy Secure Partition compatible with TF-M. Signed-off-by: Bence Balogh <bence.balogh@arm.com> Signed-off-by: Jon Mason <jon.mason@arm.com>
This commit is contained in:
Bence Balogh
Jon Mason
+300
@@ -0,0 +1,300 @@
|
||||
From 3bb579379bcfe32ae0b81f721b370afcb58e9693 Mon Sep 17 00:00:00 2001
|
||||
From: Bence Balogh <bence.balogh@arm.com>
|
||||
Date: Wed, 10 Jul 2024 11:07:09 +0200
|
||||
Subject: [PATCH] Align PSA Crypto structs with TF-Mv2.1
|
||||
|
||||
The files were updated using the TF-Mv2.1 release (0c4c99b) commit.
|
||||
|
||||
* crypto_sid.h
|
||||
This is derived from TF-M's tfm_crypto_defs.h file. The crypto function
|
||||
ID definitions were reworked. This change had to be done on the TS
|
||||
side too to keep the compatibility.
|
||||
|
||||
* crypto_ipc_backend.h
|
||||
This file is also derived from the tfm_crypto_defs.h file. The
|
||||
tfm_crypto_pack_iovec struct changed in TF-M so the
|
||||
psa_ipc_crypto_pack_iovec struct had to be updated in TS to
|
||||
keep the compatibility.
|
||||
|
||||
* crypto_client_struct.h
|
||||
The psa_client_key_attributes_s struct had to be aligned with the
|
||||
psa_key_attributes_s struct in TF-M. (psa_crypto.c)
|
||||
|
||||
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
|
||||
Upstream-Status: Pending
|
||||
---
|
||||
.../service/common/include/psa/crypto_sid.h | 168 +++++-------------
|
||||
.../backend/psa_ipc/crypto_ipc_backend.h | 9 +-
|
||||
.../crypto/include/psa/crypto_client_struct.h | 4 +-
|
||||
3 files changed, 55 insertions(+), 126 deletions(-)
|
||||
|
||||
diff --git a/components/service/common/include/psa/crypto_sid.h b/components/service/common/include/psa/crypto_sid.h
|
||||
index 5b05f46d7..fe057ce40 100644
|
||||
--- a/components/service/common/include/psa/crypto_sid.h
|
||||
+++ b/components/service/common/include/psa/crypto_sid.h
|
||||
@@ -18,22 +18,24 @@ extern "C" {
|
||||
* nine groups (Random, Key management, Hash, MAC, Cipher, AEAD,
|
||||
* Asym sign, Asym encrypt, Key derivation).
|
||||
*/
|
||||
-enum tfm_crypto_group_id {
|
||||
- TFM_CRYPTO_GROUP_ID_RANDOM = 0x0,
|
||||
- TFM_CRYPTO_GROUP_ID_KEY_MANAGEMENT,
|
||||
- TFM_CRYPTO_GROUP_ID_HASH,
|
||||
- TFM_CRYPTO_GROUP_ID_MAC,
|
||||
- TFM_CRYPTO_GROUP_ID_CIPHER,
|
||||
- TFM_CRYPTO_GROUP_ID_AEAD,
|
||||
- TFM_CRYPTO_GROUP_ID_ASYM_SIGN,
|
||||
- TFM_CRYPTO_GROUP_ID_ASYM_ENCRYPT,
|
||||
- TFM_CRYPTO_GROUP_ID_KEY_DERIVATION,
|
||||
+enum tfm_crypto_group_id_t {
|
||||
+ TFM_CRYPTO_GROUP_ID_RANDOM = UINT8_C(1),
|
||||
+ TFM_CRYPTO_GROUP_ID_KEY_MANAGEMENT = UINT8_C(2),
|
||||
+ TFM_CRYPTO_GROUP_ID_HASH = UINT8_C(3),
|
||||
+ TFM_CRYPTO_GROUP_ID_MAC = UINT8_C(4),
|
||||
+ TFM_CRYPTO_GROUP_ID_CIPHER = UINT8_C(5),
|
||||
+ TFM_CRYPTO_GROUP_ID_AEAD = UINT8_C(6),
|
||||
+ TFM_CRYPTO_GROUP_ID_ASYM_SIGN = UINT8_C(7),
|
||||
+ TFM_CRYPTO_GROUP_ID_ASYM_ENCRYPT = UINT8_C(8),
|
||||
+ TFM_CRYPTO_GROUP_ID_KEY_DERIVATION = UINT8_C(9)
|
||||
};
|
||||
|
||||
-/* X macro describing each of the available PSA Crypto APIs */
|
||||
+/* Set of X macros describing each of the available PSA Crypto APIs */
|
||||
+#define RANDOM_FUNCS \
|
||||
+ X(TFM_CRYPTO_GENERATE_RANDOM)
|
||||
+
|
||||
#define KEY_MANAGEMENT_FUNCS \
|
||||
X(TFM_CRYPTO_GET_KEY_ATTRIBUTES) \
|
||||
- X(TFM_CRYPTO_RESET_KEY_ATTRIBUTES) \
|
||||
X(TFM_CRYPTO_OPEN_KEY) \
|
||||
X(TFM_CRYPTO_CLOSE_KEY) \
|
||||
X(TFM_CRYPTO_IMPORT_KEY) \
|
||||
@@ -89,13 +91,13 @@ enum tfm_crypto_group_id {
|
||||
X(TFM_CRYPTO_AEAD_VERIFY) \
|
||||
X(TFM_CRYPTO_AEAD_ABORT)
|
||||
|
||||
-#define ASYMMETRIC_SIGN_FUNCS \
|
||||
+#define ASYM_SIGN_FUNCS \
|
||||
X(TFM_CRYPTO_ASYMMETRIC_SIGN_MESSAGE) \
|
||||
X(TFM_CRYPTO_ASYMMETRIC_VERIFY_MESSAGE) \
|
||||
X(TFM_CRYPTO_ASYMMETRIC_SIGN_HASH) \
|
||||
X(TFM_CRYPTO_ASYMMETRIC_VERIFY_HASH)
|
||||
|
||||
-#define AYSMMETRIC_ENCRYPT_FUNCS \
|
||||
+#define ASYM_ENCRYPT_FUNCS \
|
||||
X(TFM_CRYPTO_ASYMMETRIC_ENCRYPT) \
|
||||
X(TFM_CRYPTO_ASYMMETRIC_DECRYPT)
|
||||
|
||||
@@ -106,133 +108,55 @@ enum tfm_crypto_group_id {
|
||||
X(TFM_CRYPTO_KEY_DERIVATION_SET_CAPACITY) \
|
||||
X(TFM_CRYPTO_KEY_DERIVATION_INPUT_BYTES) \
|
||||
X(TFM_CRYPTO_KEY_DERIVATION_INPUT_KEY) \
|
||||
+ X(TFM_CRYPTO_KEY_DERIVATION_INPUT_INTEGER) \
|
||||
X(TFM_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT) \
|
||||
X(TFM_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES) \
|
||||
X(TFM_CRYPTO_KEY_DERIVATION_OUTPUT_KEY) \
|
||||
X(TFM_CRYPTO_KEY_DERIVATION_ABORT)
|
||||
|
||||
-#define RANDOM_FUNCS \
|
||||
- X(TFM_CRYPTO_GENERATE_RANDOM)
|
||||
-
|
||||
-/*
|
||||
- * Define function IDs in each group. The function ID will be encoded into
|
||||
- * tfm_crypto_func_sid below.
|
||||
- * Each group is defined as a dedicated enum in case the total number of
|
||||
- * PSA Crypto APIs exceeds 256.
|
||||
- */
|
||||
-#define X(func_id) func_id,
|
||||
-enum tfm_crypto_key_management_func_id {
|
||||
- KEY_MANAGEMENT_FUNCS
|
||||
-};
|
||||
-enum tfm_crypto_hash_func_id {
|
||||
- HASH_FUNCS
|
||||
-};
|
||||
-enum tfm_crypto_mac_func_id {
|
||||
- MAC_FUNCS
|
||||
-};
|
||||
-enum tfm_crypto_cipher_func_id {
|
||||
- CIPHER_FUNCS
|
||||
-};
|
||||
-enum tfm_crypto_aead_func_id {
|
||||
- AEAD_FUNCS
|
||||
-};
|
||||
-enum tfm_crypto_asym_sign_func_id {
|
||||
- ASYMMETRIC_SIGN_FUNCS
|
||||
-};
|
||||
-enum tfm_crypto_asym_encrypt_func_id {
|
||||
- AYSMMETRIC_ENCRYPT_FUNCS
|
||||
-};
|
||||
-enum tfm_crypto_key_derivation_func_id {
|
||||
- KEY_DERIVATION_FUNCS
|
||||
-};
|
||||
-enum tfm_crypto_random_func_id {
|
||||
- RANDOM_FUNCS
|
||||
-};
|
||||
-#undef X
|
||||
-
|
||||
-#define FUNC_ID(func_id) (((func_id) & 0xFF) << 8)
|
||||
+#define BASE__VALUE(x) ((uint16_t)((((uint16_t)(x)) << 8) & 0xFF00))
|
||||
|
||||
-/*
|
||||
- * Numerical progressive value identifying a function API exposed through
|
||||
- * the interfaces (S or NS). It's used to dispatch the requests from S/NS
|
||||
- * to the corresponding API implementation in the Crypto service backend.
|
||||
+/**
|
||||
+ * \brief This type defines numerical progressive values identifying a function API
|
||||
+ * exposed through the interfaces (S or NS). It's used to dispatch the requests
|
||||
+ * from S/NS to the corresponding API implementation in the Crypto service backend.
|
||||
+ *
|
||||
+ * \note Each function SID is encoded as uint16_t.
|
||||
+ * +------------+------------+
|
||||
+ * | Group ID | Func ID |
|
||||
+ * +------------+------------+
|
||||
+ * (MSB)15 8 7 0(LSB)
|
||||
*
|
||||
- * Each function SID is encoded as uint16_t.
|
||||
- * | Func ID | Group ID |
|
||||
- * 15 8 7 0
|
||||
- * Func ID is defined in each group func_id enum above
|
||||
- * Group ID is defined in tfm_crypto_group_id.
|
||||
*/
|
||||
-enum tfm_crypto_func_sid {
|
||||
-
|
||||
-#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \
|
||||
- (TFM_CRYPTO_GROUP_ID_KEY_MANAGEMENT & 0xFF)),
|
||||
-
|
||||
+enum tfm_crypto_func_sid_t {
|
||||
+#define X(FUNCTION_NAME) FUNCTION_NAME ## _SID,
|
||||
+ BASE__RANDOM = BASE__VALUE(TFM_CRYPTO_GROUP_ID_RANDOM) - 1,
|
||||
+ RANDOM_FUNCS
|
||||
+ BASE__KEY_MANAGEMENT = BASE__VALUE(TFM_CRYPTO_GROUP_ID_KEY_MANAGEMENT) - 1,
|
||||
KEY_MANAGEMENT_FUNCS
|
||||
-
|
||||
-#undef X
|
||||
-#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \
|
||||
- (TFM_CRYPTO_GROUP_ID_HASH & 0xFF)),
|
||||
+ BASE__HASH = BASE__VALUE(TFM_CRYPTO_GROUP_ID_HASH) - 1,
|
||||
HASH_FUNCS
|
||||
-
|
||||
-#undef X
|
||||
-#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \
|
||||
- (TFM_CRYPTO_GROUP_ID_MAC & 0xFF)),
|
||||
+ BASE__MAC = BASE__VALUE(TFM_CRYPTO_GROUP_ID_MAC) - 1,
|
||||
MAC_FUNCS
|
||||
-
|
||||
-#undef X
|
||||
-#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \
|
||||
- (TFM_CRYPTO_GROUP_ID_CIPHER & 0xFF)),
|
||||
+ BASE__CIPHER = BASE__VALUE(TFM_CRYPTO_GROUP_ID_CIPHER) - 1,
|
||||
CIPHER_FUNCS
|
||||
-
|
||||
-#undef X
|
||||
-#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \
|
||||
- (TFM_CRYPTO_GROUP_ID_AEAD & 0xFF)),
|
||||
+ BASE__AEAD = BASE__VALUE(TFM_CRYPTO_GROUP_ID_AEAD) - 1,
|
||||
AEAD_FUNCS
|
||||
-
|
||||
-#undef X
|
||||
-#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \
|
||||
- (TFM_CRYPTO_GROUP_ID_ASYM_SIGN & 0xFF)),
|
||||
- ASYMMETRIC_SIGN_FUNCS
|
||||
-
|
||||
-#undef X
|
||||
-#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \
|
||||
- (TFM_CRYPTO_GROUP_ID_ASYM_ENCRYPT & 0xFF)),
|
||||
- AYSMMETRIC_ENCRYPT_FUNCS
|
||||
-
|
||||
-#undef X
|
||||
-#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \
|
||||
- (TFM_CRYPTO_GROUP_ID_KEY_DERIVATION & 0xFF)),
|
||||
+ BASE__ASYM_SIGN = BASE__VALUE(TFM_CRYPTO_GROUP_ID_ASYM_SIGN) - 1,
|
||||
+ ASYM_SIGN_FUNCS
|
||||
+ BASE__ASYM_ENCRYPT = BASE__VALUE(TFM_CRYPTO_GROUP_ID_ASYM_ENCRYPT) - 1,
|
||||
+ ASYM_ENCRYPT_FUNCS
|
||||
+ BASE__KEY_DERIVATION = BASE__VALUE(TFM_CRYPTO_GROUP_ID_KEY_DERIVATION) - 1,
|
||||
KEY_DERIVATION_FUNCS
|
||||
-
|
||||
#undef X
|
||||
-#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \
|
||||
- (TFM_CRYPTO_GROUP_ID_RANDOM & 0xFF)),
|
||||
- RANDOM_FUNCS
|
||||
-
|
||||
};
|
||||
-#undef X
|
||||
|
||||
/**
|
||||
- * \brief Define an invalid value for an SID
|
||||
- *
|
||||
+ * \brief This macro is used to extract the group_id from an encoded function id
|
||||
+ * by accessing the upper 8 bits. A \a _function_id is uint16_t type
|
||||
*/
|
||||
-#define TFM_CRYPTO_SID_INVALID (~0x0u)
|
||||
-
|
||||
-/**
|
||||
- * \brief This value is used to mark an handle as invalid.
|
||||
- *
|
||||
- */
|
||||
-#define TFM_CRYPTO_INVALID_HANDLE (0x0u)
|
||||
-
|
||||
-/**
|
||||
- * \brief Define miscellaneous literal constants that are used in the service
|
||||
- *
|
||||
- */
|
||||
-enum {
|
||||
- TFM_CRYPTO_NOT_IN_USE = 0,
|
||||
- TFM_CRYPTO_IN_USE = 1
|
||||
-};
|
||||
+#define TFM_CRYPTO_GET_GROUP_ID(_function_id) \
|
||||
+ ((enum tfm_crypto_group_id_t)(((uint16_t)(_function_id) >> 8) & 0xFF))
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
diff --git a/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h
|
||||
index 27ac59837..d7e733b89 100644
|
||||
--- a/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h
|
||||
+++ b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h
|
||||
@@ -30,10 +30,9 @@ struct psa_ipc_crypto_aead_pack_input {
|
||||
struct psa_ipc_crypto_pack_iovec {
|
||||
psa_key_id_t key_id; /*!< Key id */
|
||||
psa_algorithm_t alg; /*!< Algorithm */
|
||||
- uint32_t op_handle; /*!< Frontend context handle associated to a
|
||||
+ uint32_t op_handle; /*!< Client context handle associated to a
|
||||
* multipart operation
|
||||
*/
|
||||
- uint32_t capacity; /*!< Key derivation capacity */
|
||||
uint32_t ad_length; /*!< Additional Data length for multipart AEAD */
|
||||
uint32_t plaintext_length; /*!< Plaintext length for multipart AEAD */
|
||||
|
||||
@@ -44,7 +43,11 @@ struct psa_ipc_crypto_pack_iovec {
|
||||
* See tfm_crypto_func_sid for detail
|
||||
*/
|
||||
uint16_t step; /*!< Key derivation step */
|
||||
-}__packed;
|
||||
+ union {
|
||||
+ size_t capacity; /*!< Key derivation capacity */
|
||||
+ uint64_t value; /*!< Key derivation integer for update*/
|
||||
+ };
|
||||
+};
|
||||
|
||||
#define iov_size sizeof(struct psa_ipc_crypto_pack_iovec)
|
||||
|
||||
diff --git a/components/service/crypto/include/psa/crypto_client_struct.h b/components/service/crypto/include/psa/crypto_client_struct.h
|
||||
index 1f68aba21..ebc400811 100644
|
||||
--- a/components/service/crypto/include/psa/crypto_client_struct.h
|
||||
+++ b/components/service/crypto/include/psa/crypto_client_struct.h
|
||||
@@ -34,9 +34,11 @@ struct psa_client_key_attributes_s
|
||||
uint16_t type;
|
||||
uint16_t bits;
|
||||
uint32_t lifetime;
|
||||
- psa_key_id_t id;
|
||||
uint32_t usage;
|
||||
uint32_t alg;
|
||||
+ uint32_t alg2;
|
||||
+ uint32_t id;
|
||||
+ int32_t owner_id;
|
||||
};
|
||||
|
||||
#define PSA_CLIENT_KEY_ATTRIBUTES_INIT {0, 0, 0, 0, 0, 0}
|
||||
--
|
||||
2.25.1
|
||||
|
||||
@@ -20,6 +20,7 @@ SRC_URI:append:corstone1000 = " \
|
||||
file://0016-Isolate-common-uefi-variable-authentication-steps.patch \
|
||||
file://0017-Implement-Private-Authenticated-Variable-verificatio.patch \
|
||||
file://0018-Change-RSS_COMMS-cmake-variables-to-cahce-vars.patch \
|
||||
file://0019-Align-PSA-Crypto-structs-with-TF-Mv2.1.patch \
|
||||
"
|
||||
|
||||
# The patches above introduce errors with GCC 14.1, silence them for now
|
||||
|
||||
Reference in New Issue
Block a user