diff options
Diffstat (limited to 'meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0024-TF-Mv1.7-alignment-Align-PSA-Crypto-SIDs.patch')
-rw-r--r-- | meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0024-TF-Mv1.7-alignment-Align-PSA-Crypto-SIDs.patch | 413 |
1 files changed, 0 insertions, 413 deletions
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0024-TF-Mv1.7-alignment-Align-PSA-Crypto-SIDs.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0024-TF-Mv1.7-alignment-Align-PSA-Crypto-SIDs.patch deleted file mode 100644 index 7e65de8698..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0024-TF-Mv1.7-alignment-Align-PSA-Crypto-SIDs.patch +++ /dev/null @@ -1,413 +0,0 @@ -From ca7d37502f9453125aead14c7ee5181336cbe8f4 Mon Sep 17 00:00:00 2001 -From: Mohamed Omar Asaker <mohamed.omarasaker@arm.com> -Date: Thu, 9 Feb 2023 00:22:40 +0000 -Subject: [PATCH 1/3] TF-Mv1.7 alignment: Align PSA Crypto SIDs - -This patch is to change the PSA Crypto SIDs to match the values of the -PSA Crypto SID definitions in TF-M v1.7 running on the secure enclave - -Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com> -Upstream-Status: Pending [Not submitted yet] ---- - .../service/common/include/psa/crypto_sid.h | 241 ++++++++++++++++++ - components/service/common/include/psa/sid.h | 78 +----- - .../caller/psa_ipc/crypto_caller_sign_hash.h | 4 +- - .../psa_ipc/crypto_caller_verify_hash.h | 4 +- - 4 files changed, 249 insertions(+), 78 deletions(-) - create mode 100644 components/service/common/include/psa/crypto_sid.h - -diff --git a/components/service/common/include/psa/crypto_sid.h b/components/service/common/include/psa/crypto_sid.h -new file mode 100644 -index 00000000..5b05f46d ---- /dev/null -+++ b/components/service/common/include/psa/crypto_sid.h -@@ -0,0 +1,241 @@ -+/* -+ * Copyright (c) 2023, Arm Limited. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ * -+ */ -+ -+#ifndef __PSA_CRYPTO_SID_H__ -+#define __PSA_CRYPTO_SID_H__ -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+#include <stdint.h> -+ -+/** -+ * \brief Type associated to the group of a function encoding. There can be -+ * nine groups (Random, Key management, Hash, MAC, Cipher, AEAD, -+ * Asym sign, Asym encrypt, Key derivation). -+ */ -+enum tfm_crypto_group_id { -+ TFM_CRYPTO_GROUP_ID_RANDOM = 0x0, -+ TFM_CRYPTO_GROUP_ID_KEY_MANAGEMENT, -+ TFM_CRYPTO_GROUP_ID_HASH, -+ TFM_CRYPTO_GROUP_ID_MAC, -+ TFM_CRYPTO_GROUP_ID_CIPHER, -+ TFM_CRYPTO_GROUP_ID_AEAD, -+ TFM_CRYPTO_GROUP_ID_ASYM_SIGN, -+ TFM_CRYPTO_GROUP_ID_ASYM_ENCRYPT, -+ TFM_CRYPTO_GROUP_ID_KEY_DERIVATION, -+}; -+ -+/* X macro describing each of the available PSA Crypto APIs */ -+#define KEY_MANAGEMENT_FUNCS \ -+ X(TFM_CRYPTO_GET_KEY_ATTRIBUTES) \ -+ X(TFM_CRYPTO_RESET_KEY_ATTRIBUTES) \ -+ X(TFM_CRYPTO_OPEN_KEY) \ -+ X(TFM_CRYPTO_CLOSE_KEY) \ -+ X(TFM_CRYPTO_IMPORT_KEY) \ -+ X(TFM_CRYPTO_DESTROY_KEY) \ -+ X(TFM_CRYPTO_EXPORT_KEY) \ -+ X(TFM_CRYPTO_EXPORT_PUBLIC_KEY) \ -+ X(TFM_CRYPTO_PURGE_KEY) \ -+ X(TFM_CRYPTO_COPY_KEY) \ -+ X(TFM_CRYPTO_GENERATE_KEY) -+ -+#define HASH_FUNCS \ -+ X(TFM_CRYPTO_HASH_COMPUTE) \ -+ X(TFM_CRYPTO_HASH_COMPARE) \ -+ X(TFM_CRYPTO_HASH_SETUP) \ -+ X(TFM_CRYPTO_HASH_UPDATE) \ -+ X(TFM_CRYPTO_HASH_CLONE) \ -+ X(TFM_CRYPTO_HASH_FINISH) \ -+ X(TFM_CRYPTO_HASH_VERIFY) \ -+ X(TFM_CRYPTO_HASH_ABORT) -+ -+#define MAC_FUNCS \ -+ X(TFM_CRYPTO_MAC_COMPUTE) \ -+ X(TFM_CRYPTO_MAC_VERIFY) \ -+ X(TFM_CRYPTO_MAC_SIGN_SETUP) \ -+ X(TFM_CRYPTO_MAC_VERIFY_SETUP) \ -+ X(TFM_CRYPTO_MAC_UPDATE) \ -+ X(TFM_CRYPTO_MAC_SIGN_FINISH) \ -+ X(TFM_CRYPTO_MAC_VERIFY_FINISH) \ -+ X(TFM_CRYPTO_MAC_ABORT) -+ -+#define CIPHER_FUNCS \ -+ X(TFM_CRYPTO_CIPHER_ENCRYPT) \ -+ X(TFM_CRYPTO_CIPHER_DECRYPT) \ -+ X(TFM_CRYPTO_CIPHER_ENCRYPT_SETUP) \ -+ X(TFM_CRYPTO_CIPHER_DECRYPT_SETUP) \ -+ X(TFM_CRYPTO_CIPHER_GENERATE_IV) \ -+ X(TFM_CRYPTO_CIPHER_SET_IV) \ -+ X(TFM_CRYPTO_CIPHER_UPDATE) \ -+ X(TFM_CRYPTO_CIPHER_FINISH) \ -+ X(TFM_CRYPTO_CIPHER_ABORT) -+ -+#define AEAD_FUNCS \ -+ X(TFM_CRYPTO_AEAD_ENCRYPT) \ -+ X(TFM_CRYPTO_AEAD_DECRYPT) \ -+ X(TFM_CRYPTO_AEAD_ENCRYPT_SETUP) \ -+ X(TFM_CRYPTO_AEAD_DECRYPT_SETUP) \ -+ X(TFM_CRYPTO_AEAD_GENERATE_NONCE) \ -+ X(TFM_CRYPTO_AEAD_SET_NONCE) \ -+ X(TFM_CRYPTO_AEAD_SET_LENGTHS) \ -+ X(TFM_CRYPTO_AEAD_UPDATE_AD) \ -+ X(TFM_CRYPTO_AEAD_UPDATE) \ -+ X(TFM_CRYPTO_AEAD_FINISH) \ -+ X(TFM_CRYPTO_AEAD_VERIFY) \ -+ X(TFM_CRYPTO_AEAD_ABORT) -+ -+#define ASYMMETRIC_SIGN_FUNCS \ -+ X(TFM_CRYPTO_ASYMMETRIC_SIGN_MESSAGE) \ -+ X(TFM_CRYPTO_ASYMMETRIC_VERIFY_MESSAGE) \ -+ X(TFM_CRYPTO_ASYMMETRIC_SIGN_HASH) \ -+ X(TFM_CRYPTO_ASYMMETRIC_VERIFY_HASH) -+ -+#define AYSMMETRIC_ENCRYPT_FUNCS \ -+ X(TFM_CRYPTO_ASYMMETRIC_ENCRYPT) \ -+ X(TFM_CRYPTO_ASYMMETRIC_DECRYPT) -+ -+#define KEY_DERIVATION_FUNCS \ -+ X(TFM_CRYPTO_RAW_KEY_AGREEMENT) \ -+ X(TFM_CRYPTO_KEY_DERIVATION_SETUP) \ -+ X(TFM_CRYPTO_KEY_DERIVATION_GET_CAPACITY) \ -+ X(TFM_CRYPTO_KEY_DERIVATION_SET_CAPACITY) \ -+ X(TFM_CRYPTO_KEY_DERIVATION_INPUT_BYTES) \ -+ X(TFM_CRYPTO_KEY_DERIVATION_INPUT_KEY) \ -+ X(TFM_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT) \ -+ X(TFM_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES) \ -+ X(TFM_CRYPTO_KEY_DERIVATION_OUTPUT_KEY) \ -+ X(TFM_CRYPTO_KEY_DERIVATION_ABORT) -+ -+#define RANDOM_FUNCS \ -+ X(TFM_CRYPTO_GENERATE_RANDOM) -+ -+/* -+ * Define function IDs in each group. The function ID will be encoded into -+ * tfm_crypto_func_sid below. -+ * Each group is defined as a dedicated enum in case the total number of -+ * PSA Crypto APIs exceeds 256. -+ */ -+#define X(func_id) func_id, -+enum tfm_crypto_key_management_func_id { -+ KEY_MANAGEMENT_FUNCS -+}; -+enum tfm_crypto_hash_func_id { -+ HASH_FUNCS -+}; -+enum tfm_crypto_mac_func_id { -+ MAC_FUNCS -+}; -+enum tfm_crypto_cipher_func_id { -+ CIPHER_FUNCS -+}; -+enum tfm_crypto_aead_func_id { -+ AEAD_FUNCS -+}; -+enum tfm_crypto_asym_sign_func_id { -+ ASYMMETRIC_SIGN_FUNCS -+}; -+enum tfm_crypto_asym_encrypt_func_id { -+ AYSMMETRIC_ENCRYPT_FUNCS -+}; -+enum tfm_crypto_key_derivation_func_id { -+ KEY_DERIVATION_FUNCS -+}; -+enum tfm_crypto_random_func_id { -+ RANDOM_FUNCS -+}; -+#undef X -+ -+#define FUNC_ID(func_id) (((func_id) & 0xFF) << 8) -+ -+/* -+ * Numerical progressive value identifying a function API exposed through -+ * the interfaces (S or NS). It's used to dispatch the requests from S/NS -+ * to the corresponding API implementation in the Crypto service backend. -+ * -+ * Each function SID is encoded as uint16_t. -+ * | Func ID | Group ID | -+ * 15 8 7 0 -+ * Func ID is defined in each group func_id enum above -+ * Group ID is defined in tfm_crypto_group_id. -+ */ -+enum tfm_crypto_func_sid { -+ -+#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \ -+ (TFM_CRYPTO_GROUP_ID_KEY_MANAGEMENT & 0xFF)), -+ -+ KEY_MANAGEMENT_FUNCS -+ -+#undef X -+#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \ -+ (TFM_CRYPTO_GROUP_ID_HASH & 0xFF)), -+ HASH_FUNCS -+ -+#undef X -+#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \ -+ (TFM_CRYPTO_GROUP_ID_MAC & 0xFF)), -+ MAC_FUNCS -+ -+#undef X -+#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \ -+ (TFM_CRYPTO_GROUP_ID_CIPHER & 0xFF)), -+ CIPHER_FUNCS -+ -+#undef X -+#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \ -+ (TFM_CRYPTO_GROUP_ID_AEAD & 0xFF)), -+ AEAD_FUNCS -+ -+#undef X -+#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \ -+ (TFM_CRYPTO_GROUP_ID_ASYM_SIGN & 0xFF)), -+ ASYMMETRIC_SIGN_FUNCS -+ -+#undef X -+#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \ -+ (TFM_CRYPTO_GROUP_ID_ASYM_ENCRYPT & 0xFF)), -+ AYSMMETRIC_ENCRYPT_FUNCS -+ -+#undef X -+#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \ -+ (TFM_CRYPTO_GROUP_ID_KEY_DERIVATION & 0xFF)), -+ KEY_DERIVATION_FUNCS -+ -+#undef X -+#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \ -+ (TFM_CRYPTO_GROUP_ID_RANDOM & 0xFF)), -+ RANDOM_FUNCS -+ -+}; -+#undef X -+ -+/** -+ * \brief Define an invalid value for an SID -+ * -+ */ -+#define TFM_CRYPTO_SID_INVALID (~0x0u) -+ -+/** -+ * \brief This value is used to mark an handle as invalid. -+ * -+ */ -+#define TFM_CRYPTO_INVALID_HANDLE (0x0u) -+ -+/** -+ * \brief Define miscellaneous literal constants that are used in the service -+ * -+ */ -+enum { -+ TFM_CRYPTO_NOT_IN_USE = 0, -+ TFM_CRYPTO_IN_USE = 1 -+}; -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* __PSA_CRYPTO_SID_H__ */ -diff --git a/components/service/common/include/psa/sid.h b/components/service/common/include/psa/sid.h -index 8103a9af..50ad070e 100644 ---- a/components/service/common/include/psa/sid.h -+++ b/components/service/common/include/psa/sid.h -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2019-2021, Arm Limited. All rights reserved. -+ * Copyright (c) 2019-2023, Arm Limited. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - * -@@ -12,6 +12,9 @@ - extern "C" { - #endif - -+/******** PSA Crypto SIDs ********/ -+#include "crypto_sid.h" -+ - /******** TFM_SP_PS ********/ - #define TFM_PROTECTED_STORAGE_SERVICE_SID (0x00000060U) - #define TFM_PROTECTED_STORAGE_SERVICE_VERSION (1U) -@@ -43,79 +46,6 @@ extern "C" { - #define TFM_PLATFORM_SERVICE_HANDLE (0x40000105U) - - --/** -- * \brief Define a progressive numerical value for each SID which can be used -- * when dispatching the requests to the service -- */ --enum { -- TFM_CRYPTO_GET_KEY_ATTRIBUTES_SID = (0u), -- TFM_CRYPTO_RESET_KEY_ATTRIBUTES_SID, -- TFM_CRYPTO_OPEN_KEY_SID, -- TFM_CRYPTO_CLOSE_KEY_SID, -- TFM_CRYPTO_IMPORT_KEY_SID, -- TFM_CRYPTO_DESTROY_KEY_SID, -- TFM_CRYPTO_EXPORT_KEY_SID, -- TFM_CRYPTO_EXPORT_PUBLIC_KEY_SID, -- TFM_CRYPTO_PURGE_KEY_SID, -- TFM_CRYPTO_COPY_KEY_SID, -- TFM_CRYPTO_HASH_COMPUTE_SID, -- TFM_CRYPTO_HASH_COMPARE_SID, -- TFM_CRYPTO_HASH_SETUP_SID, -- TFM_CRYPTO_HASH_UPDATE_SID, -- TFM_CRYPTO_HASH_FINISH_SID, -- TFM_CRYPTO_HASH_VERIFY_SID, -- TFM_CRYPTO_HASH_ABORT_SID, -- TFM_CRYPTO_HASH_CLONE_SID, -- TFM_CRYPTO_MAC_COMPUTE_SID, -- TFM_CRYPTO_MAC_VERIFY_SID, -- TFM_CRYPTO_MAC_SIGN_SETUP_SID, -- TFM_CRYPTO_MAC_VERIFY_SETUP_SID, -- TFM_CRYPTO_MAC_UPDATE_SID, -- TFM_CRYPTO_MAC_SIGN_FINISH_SID, -- TFM_CRYPTO_MAC_VERIFY_FINISH_SID, -- TFM_CRYPTO_MAC_ABORT_SID, -- TFM_CRYPTO_CIPHER_ENCRYPT_SID, -- TFM_CRYPTO_CIPHER_DECRYPT_SID, -- TFM_CRYPTO_CIPHER_ENCRYPT_SETUP_SID, -- TFM_CRYPTO_CIPHER_DECRYPT_SETUP_SID, -- TFM_CRYPTO_CIPHER_GENERATE_IV_SID, -- TFM_CRYPTO_CIPHER_SET_IV_SID, -- TFM_CRYPTO_CIPHER_UPDATE_SID, -- TFM_CRYPTO_CIPHER_FINISH_SID, -- TFM_CRYPTO_CIPHER_ABORT_SID, -- TFM_CRYPTO_AEAD_ENCRYPT_SID, -- TFM_CRYPTO_AEAD_DECRYPT_SID, -- TFM_CRYPTO_AEAD_ENCRYPT_SETUP_SID, -- TFM_CRYPTO_AEAD_DECRYPT_SETUP_SID, -- TFM_CRYPTO_AEAD_GENERATE_NONCE_SID, -- TFM_CRYPTO_AEAD_SET_NONCE_SID, -- TFM_CRYPTO_AEAD_SET_LENGTHS_SID, -- TFM_CRYPTO_AEAD_UPDATE_AD_SID, -- TFM_CRYPTO_AEAD_UPDATE_SID, -- TFM_CRYPTO_AEAD_FINISH_SID, -- TFM_CRYPTO_AEAD_VERIFY_SID, -- TFM_CRYPTO_AEAD_ABORT_SID, -- TFM_CRYPTO_SIGN_MESSAGE_SID, -- TFM_CRYPTO_VERIFY_MESSAGE_SID, -- TFM_CRYPTO_SIGN_HASH_SID, -- TFM_CRYPTO_VERIFY_HASH_SID, -- TFM_CRYPTO_ASYMMETRIC_ENCRYPT_SID, -- TFM_CRYPTO_ASYMMETRIC_DECRYPT_SID, -- TFM_CRYPTO_KEY_DERIVATION_SETUP_SID, -- TFM_CRYPTO_KEY_DERIVATION_GET_CAPACITY_SID, -- TFM_CRYPTO_KEY_DERIVATION_SET_CAPACITY_SID, -- TFM_CRYPTO_KEY_DERIVATION_INPUT_BYTES_SID, -- TFM_CRYPTO_KEY_DERIVATION_INPUT_KEY_SID, -- TFM_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT_SID, -- TFM_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES_SID, -- TFM_CRYPTO_KEY_DERIVATION_OUTPUT_KEY_SID, -- TFM_CRYPTO_KEY_DERIVATION_ABORT_SID, -- TFM_CRYPTO_RAW_KEY_AGREEMENT_SID, -- TFM_CRYPTO_GENERATE_RANDOM_SID, -- TFM_CRYPTO_GENERATE_KEY_SID, -- TFM_CRYPTO_SID_MAX, --}; -- - /******** TFM_SP_PLATFORM ********/ - #define TFM_SP_PLATFORM_SYSTEM_RESET_SID (0x00000040U) - #define TFM_SP_PLATFORM_SYSTEM_RESET_VERSION (1U) -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h -index e4a2b167..9276748d 100644 ---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h -@@ -37,7 +37,7 @@ static inline psa_status_t crypto_caller_sign_hash(struct service_client *contex - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_SIGN_HASH_SID, -+ .sfn_id = TFM_CRYPTO_ASYMMETRIC_SIGN_HASH_SID, - .key_id = id, - .alg = alg, - }; -@@ -70,7 +70,7 @@ static inline psa_status_t crypto_caller_sign_message(struct service_client *con - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_SIGN_MESSAGE_SID, -+ .sfn_id = TFM_CRYPTO_ASYMMETRIC_SIGN_MESSAGE_SID, - .key_id = id, - .alg = alg, - }; -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h -index cc9279ee..bcd8e0e4 100644 ---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h -@@ -63,7 +63,7 @@ static inline psa_status_t crypto_caller_verify_hash(struct service_client *cont - { - - return crypto_caller_common(context,id,alg,hash,hash_length, -- signature,signature_length, TFM_CRYPTO_VERIFY_HASH_SID); -+ signature,signature_length, TFM_CRYPTO_ASYMMETRIC_VERIFY_HASH_SID); - } - - static inline psa_status_t crypto_caller_verify_message(struct service_client *context, -@@ -76,7 +76,7 @@ static inline psa_status_t crypto_caller_verify_message(struct service_client *c - { - - return crypto_caller_common(context,id,alg,hash,hash_length, -- signature,signature_length, TFM_CRYPTO_VERIFY_MESSAGE_SID); -+ signature,signature_length, TFM_CRYPTO_ASYMMETRIC_VERIFY_MESSAGE_SID); - } - - #ifdef __cplusplus --- -2.25.1 - |