diff options
Diffstat (limited to 'meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0024-TF-Mv1.7-alignment-Align-PSA-Crypto-SIDs.patch')
-rw-r--r-- | meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0024-TF-Mv1.7-alignment-Align-PSA-Crypto-SIDs.patch | 413 |
1 files changed, 413 insertions, 0 deletions
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0024-TF-Mv1.7-alignment-Align-PSA-Crypto-SIDs.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0024-TF-Mv1.7-alignment-Align-PSA-Crypto-SIDs.patch new file mode 100644 index 0000000000..7e65de8698 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0024-TF-Mv1.7-alignment-Align-PSA-Crypto-SIDs.patch @@ -0,0 +1,413 @@ +From ca7d37502f9453125aead14c7ee5181336cbe8f4 Mon Sep 17 00:00:00 2001 +From: Mohamed Omar Asaker <mohamed.omarasaker@arm.com> +Date: Thu, 9 Feb 2023 00:22:40 +0000 +Subject: [PATCH 1/3] TF-Mv1.7 alignment: Align PSA Crypto SIDs + +This patch is to change the PSA Crypto SIDs to match the values of the +PSA Crypto SID definitions in TF-M v1.7 running on the secure enclave + +Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com> +Upstream-Status: Pending [Not submitted yet] +--- + .../service/common/include/psa/crypto_sid.h | 241 ++++++++++++++++++ + components/service/common/include/psa/sid.h | 78 +----- + .../caller/psa_ipc/crypto_caller_sign_hash.h | 4 +- + .../psa_ipc/crypto_caller_verify_hash.h | 4 +- + 4 files changed, 249 insertions(+), 78 deletions(-) + create mode 100644 components/service/common/include/psa/crypto_sid.h + +diff --git a/components/service/common/include/psa/crypto_sid.h b/components/service/common/include/psa/crypto_sid.h +new file mode 100644 +index 00000000..5b05f46d +--- /dev/null ++++ b/components/service/common/include/psa/crypto_sid.h +@@ -0,0 +1,241 @@ ++/* ++ * Copyright (c) 2023, Arm Limited. All rights reserved. ++ * ++ * SPDX-License-Identifier: BSD-3-Clause ++ * ++ */ ++ ++#ifndef __PSA_CRYPTO_SID_H__ ++#define __PSA_CRYPTO_SID_H__ ++ ++#ifdef __cplusplus ++extern "C" { ++#endif ++#include <stdint.h> ++ ++/** ++ * \brief Type associated to the group of a function encoding. There can be ++ * nine groups (Random, Key management, Hash, MAC, Cipher, AEAD, ++ * Asym sign, Asym encrypt, Key derivation). ++ */ ++enum tfm_crypto_group_id { ++ TFM_CRYPTO_GROUP_ID_RANDOM = 0x0, ++ TFM_CRYPTO_GROUP_ID_KEY_MANAGEMENT, ++ TFM_CRYPTO_GROUP_ID_HASH, ++ TFM_CRYPTO_GROUP_ID_MAC, ++ TFM_CRYPTO_GROUP_ID_CIPHER, ++ TFM_CRYPTO_GROUP_ID_AEAD, ++ TFM_CRYPTO_GROUP_ID_ASYM_SIGN, ++ TFM_CRYPTO_GROUP_ID_ASYM_ENCRYPT, ++ TFM_CRYPTO_GROUP_ID_KEY_DERIVATION, ++}; ++ ++/* X macro describing each of the available PSA Crypto APIs */ ++#define KEY_MANAGEMENT_FUNCS \ ++ X(TFM_CRYPTO_GET_KEY_ATTRIBUTES) \ ++ X(TFM_CRYPTO_RESET_KEY_ATTRIBUTES) \ ++ X(TFM_CRYPTO_OPEN_KEY) \ ++ X(TFM_CRYPTO_CLOSE_KEY) \ ++ X(TFM_CRYPTO_IMPORT_KEY) \ ++ X(TFM_CRYPTO_DESTROY_KEY) \ ++ X(TFM_CRYPTO_EXPORT_KEY) \ ++ X(TFM_CRYPTO_EXPORT_PUBLIC_KEY) \ ++ X(TFM_CRYPTO_PURGE_KEY) \ ++ X(TFM_CRYPTO_COPY_KEY) \ ++ X(TFM_CRYPTO_GENERATE_KEY) ++ ++#define HASH_FUNCS \ ++ X(TFM_CRYPTO_HASH_COMPUTE) \ ++ X(TFM_CRYPTO_HASH_COMPARE) \ ++ X(TFM_CRYPTO_HASH_SETUP) \ ++ X(TFM_CRYPTO_HASH_UPDATE) \ ++ X(TFM_CRYPTO_HASH_CLONE) \ ++ X(TFM_CRYPTO_HASH_FINISH) \ ++ X(TFM_CRYPTO_HASH_VERIFY) \ ++ X(TFM_CRYPTO_HASH_ABORT) ++ ++#define MAC_FUNCS \ ++ X(TFM_CRYPTO_MAC_COMPUTE) \ ++ X(TFM_CRYPTO_MAC_VERIFY) \ ++ X(TFM_CRYPTO_MAC_SIGN_SETUP) \ ++ X(TFM_CRYPTO_MAC_VERIFY_SETUP) \ ++ X(TFM_CRYPTO_MAC_UPDATE) \ ++ X(TFM_CRYPTO_MAC_SIGN_FINISH) \ ++ X(TFM_CRYPTO_MAC_VERIFY_FINISH) \ ++ X(TFM_CRYPTO_MAC_ABORT) ++ ++#define CIPHER_FUNCS \ ++ X(TFM_CRYPTO_CIPHER_ENCRYPT) \ ++ X(TFM_CRYPTO_CIPHER_DECRYPT) \ ++ X(TFM_CRYPTO_CIPHER_ENCRYPT_SETUP) \ ++ X(TFM_CRYPTO_CIPHER_DECRYPT_SETUP) \ ++ X(TFM_CRYPTO_CIPHER_GENERATE_IV) \ ++ X(TFM_CRYPTO_CIPHER_SET_IV) \ ++ X(TFM_CRYPTO_CIPHER_UPDATE) \ ++ X(TFM_CRYPTO_CIPHER_FINISH) \ ++ X(TFM_CRYPTO_CIPHER_ABORT) ++ ++#define AEAD_FUNCS \ ++ X(TFM_CRYPTO_AEAD_ENCRYPT) \ ++ X(TFM_CRYPTO_AEAD_DECRYPT) \ ++ X(TFM_CRYPTO_AEAD_ENCRYPT_SETUP) \ ++ X(TFM_CRYPTO_AEAD_DECRYPT_SETUP) \ ++ X(TFM_CRYPTO_AEAD_GENERATE_NONCE) \ ++ X(TFM_CRYPTO_AEAD_SET_NONCE) \ ++ X(TFM_CRYPTO_AEAD_SET_LENGTHS) \ ++ X(TFM_CRYPTO_AEAD_UPDATE_AD) \ ++ X(TFM_CRYPTO_AEAD_UPDATE) \ ++ X(TFM_CRYPTO_AEAD_FINISH) \ ++ X(TFM_CRYPTO_AEAD_VERIFY) \ ++ X(TFM_CRYPTO_AEAD_ABORT) ++ ++#define ASYMMETRIC_SIGN_FUNCS \ ++ X(TFM_CRYPTO_ASYMMETRIC_SIGN_MESSAGE) \ ++ X(TFM_CRYPTO_ASYMMETRIC_VERIFY_MESSAGE) \ ++ X(TFM_CRYPTO_ASYMMETRIC_SIGN_HASH) \ ++ X(TFM_CRYPTO_ASYMMETRIC_VERIFY_HASH) ++ ++#define AYSMMETRIC_ENCRYPT_FUNCS \ ++ X(TFM_CRYPTO_ASYMMETRIC_ENCRYPT) \ ++ X(TFM_CRYPTO_ASYMMETRIC_DECRYPT) ++ ++#define KEY_DERIVATION_FUNCS \ ++ X(TFM_CRYPTO_RAW_KEY_AGREEMENT) \ ++ X(TFM_CRYPTO_KEY_DERIVATION_SETUP) \ ++ X(TFM_CRYPTO_KEY_DERIVATION_GET_CAPACITY) \ ++ X(TFM_CRYPTO_KEY_DERIVATION_SET_CAPACITY) \ ++ X(TFM_CRYPTO_KEY_DERIVATION_INPUT_BYTES) \ ++ X(TFM_CRYPTO_KEY_DERIVATION_INPUT_KEY) \ ++ X(TFM_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT) \ ++ X(TFM_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES) \ ++ X(TFM_CRYPTO_KEY_DERIVATION_OUTPUT_KEY) \ ++ X(TFM_CRYPTO_KEY_DERIVATION_ABORT) ++ ++#define RANDOM_FUNCS \ ++ X(TFM_CRYPTO_GENERATE_RANDOM) ++ ++/* ++ * Define function IDs in each group. The function ID will be encoded into ++ * tfm_crypto_func_sid below. ++ * Each group is defined as a dedicated enum in case the total number of ++ * PSA Crypto APIs exceeds 256. ++ */ ++#define X(func_id) func_id, ++enum tfm_crypto_key_management_func_id { ++ KEY_MANAGEMENT_FUNCS ++}; ++enum tfm_crypto_hash_func_id { ++ HASH_FUNCS ++}; ++enum tfm_crypto_mac_func_id { ++ MAC_FUNCS ++}; ++enum tfm_crypto_cipher_func_id { ++ CIPHER_FUNCS ++}; ++enum tfm_crypto_aead_func_id { ++ AEAD_FUNCS ++}; ++enum tfm_crypto_asym_sign_func_id { ++ ASYMMETRIC_SIGN_FUNCS ++}; ++enum tfm_crypto_asym_encrypt_func_id { ++ AYSMMETRIC_ENCRYPT_FUNCS ++}; ++enum tfm_crypto_key_derivation_func_id { ++ KEY_DERIVATION_FUNCS ++}; ++enum tfm_crypto_random_func_id { ++ RANDOM_FUNCS ++}; ++#undef X ++ ++#define FUNC_ID(func_id) (((func_id) & 0xFF) << 8) ++ ++/* ++ * Numerical progressive value identifying a function API exposed through ++ * the interfaces (S or NS). It's used to dispatch the requests from S/NS ++ * to the corresponding API implementation in the Crypto service backend. ++ * ++ * Each function SID is encoded as uint16_t. ++ * | Func ID | Group ID | ++ * 15 8 7 0 ++ * Func ID is defined in each group func_id enum above ++ * Group ID is defined in tfm_crypto_group_id. ++ */ ++enum tfm_crypto_func_sid { ++ ++#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \ ++ (TFM_CRYPTO_GROUP_ID_KEY_MANAGEMENT & 0xFF)), ++ ++ KEY_MANAGEMENT_FUNCS ++ ++#undef X ++#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \ ++ (TFM_CRYPTO_GROUP_ID_HASH & 0xFF)), ++ HASH_FUNCS ++ ++#undef X ++#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \ ++ (TFM_CRYPTO_GROUP_ID_MAC & 0xFF)), ++ MAC_FUNCS ++ ++#undef X ++#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \ ++ (TFM_CRYPTO_GROUP_ID_CIPHER & 0xFF)), ++ CIPHER_FUNCS ++ ++#undef X ++#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \ ++ (TFM_CRYPTO_GROUP_ID_AEAD & 0xFF)), ++ AEAD_FUNCS ++ ++#undef X ++#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \ ++ (TFM_CRYPTO_GROUP_ID_ASYM_SIGN & 0xFF)), ++ ASYMMETRIC_SIGN_FUNCS ++ ++#undef X ++#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \ ++ (TFM_CRYPTO_GROUP_ID_ASYM_ENCRYPT & 0xFF)), ++ AYSMMETRIC_ENCRYPT_FUNCS ++ ++#undef X ++#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \ ++ (TFM_CRYPTO_GROUP_ID_KEY_DERIVATION & 0xFF)), ++ KEY_DERIVATION_FUNCS ++ ++#undef X ++#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \ ++ (TFM_CRYPTO_GROUP_ID_RANDOM & 0xFF)), ++ RANDOM_FUNCS ++ ++}; ++#undef X ++ ++/** ++ * \brief Define an invalid value for an SID ++ * ++ */ ++#define TFM_CRYPTO_SID_INVALID (~0x0u) ++ ++/** ++ * \brief This value is used to mark an handle as invalid. ++ * ++ */ ++#define TFM_CRYPTO_INVALID_HANDLE (0x0u) ++ ++/** ++ * \brief Define miscellaneous literal constants that are used in the service ++ * ++ */ ++enum { ++ TFM_CRYPTO_NOT_IN_USE = 0, ++ TFM_CRYPTO_IN_USE = 1 ++}; ++ ++#ifdef __cplusplus ++} ++#endif ++ ++#endif /* __PSA_CRYPTO_SID_H__ */ +diff --git a/components/service/common/include/psa/sid.h b/components/service/common/include/psa/sid.h +index 8103a9af..50ad070e 100644 +--- a/components/service/common/include/psa/sid.h ++++ b/components/service/common/include/psa/sid.h +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2019-2021, Arm Limited. All rights reserved. ++ * Copyright (c) 2019-2023, Arm Limited. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + * +@@ -12,6 +12,9 @@ + extern "C" { + #endif + ++/******** PSA Crypto SIDs ********/ ++#include "crypto_sid.h" ++ + /******** TFM_SP_PS ********/ + #define TFM_PROTECTED_STORAGE_SERVICE_SID (0x00000060U) + #define TFM_PROTECTED_STORAGE_SERVICE_VERSION (1U) +@@ -43,79 +46,6 @@ extern "C" { + #define TFM_PLATFORM_SERVICE_HANDLE (0x40000105U) + + +-/** +- * \brief Define a progressive numerical value for each SID which can be used +- * when dispatching the requests to the service +- */ +-enum { +- TFM_CRYPTO_GET_KEY_ATTRIBUTES_SID = (0u), +- TFM_CRYPTO_RESET_KEY_ATTRIBUTES_SID, +- TFM_CRYPTO_OPEN_KEY_SID, +- TFM_CRYPTO_CLOSE_KEY_SID, +- TFM_CRYPTO_IMPORT_KEY_SID, +- TFM_CRYPTO_DESTROY_KEY_SID, +- TFM_CRYPTO_EXPORT_KEY_SID, +- TFM_CRYPTO_EXPORT_PUBLIC_KEY_SID, +- TFM_CRYPTO_PURGE_KEY_SID, +- TFM_CRYPTO_COPY_KEY_SID, +- TFM_CRYPTO_HASH_COMPUTE_SID, +- TFM_CRYPTO_HASH_COMPARE_SID, +- TFM_CRYPTO_HASH_SETUP_SID, +- TFM_CRYPTO_HASH_UPDATE_SID, +- TFM_CRYPTO_HASH_FINISH_SID, +- TFM_CRYPTO_HASH_VERIFY_SID, +- TFM_CRYPTO_HASH_ABORT_SID, +- TFM_CRYPTO_HASH_CLONE_SID, +- TFM_CRYPTO_MAC_COMPUTE_SID, +- TFM_CRYPTO_MAC_VERIFY_SID, +- TFM_CRYPTO_MAC_SIGN_SETUP_SID, +- TFM_CRYPTO_MAC_VERIFY_SETUP_SID, +- TFM_CRYPTO_MAC_UPDATE_SID, +- TFM_CRYPTO_MAC_SIGN_FINISH_SID, +- TFM_CRYPTO_MAC_VERIFY_FINISH_SID, +- TFM_CRYPTO_MAC_ABORT_SID, +- TFM_CRYPTO_CIPHER_ENCRYPT_SID, +- TFM_CRYPTO_CIPHER_DECRYPT_SID, +- TFM_CRYPTO_CIPHER_ENCRYPT_SETUP_SID, +- TFM_CRYPTO_CIPHER_DECRYPT_SETUP_SID, +- TFM_CRYPTO_CIPHER_GENERATE_IV_SID, +- TFM_CRYPTO_CIPHER_SET_IV_SID, +- TFM_CRYPTO_CIPHER_UPDATE_SID, +- TFM_CRYPTO_CIPHER_FINISH_SID, +- TFM_CRYPTO_CIPHER_ABORT_SID, +- TFM_CRYPTO_AEAD_ENCRYPT_SID, +- TFM_CRYPTO_AEAD_DECRYPT_SID, +- TFM_CRYPTO_AEAD_ENCRYPT_SETUP_SID, +- TFM_CRYPTO_AEAD_DECRYPT_SETUP_SID, +- TFM_CRYPTO_AEAD_GENERATE_NONCE_SID, +- TFM_CRYPTO_AEAD_SET_NONCE_SID, +- TFM_CRYPTO_AEAD_SET_LENGTHS_SID, +- TFM_CRYPTO_AEAD_UPDATE_AD_SID, +- TFM_CRYPTO_AEAD_UPDATE_SID, +- TFM_CRYPTO_AEAD_FINISH_SID, +- TFM_CRYPTO_AEAD_VERIFY_SID, +- TFM_CRYPTO_AEAD_ABORT_SID, +- TFM_CRYPTO_SIGN_MESSAGE_SID, +- TFM_CRYPTO_VERIFY_MESSAGE_SID, +- TFM_CRYPTO_SIGN_HASH_SID, +- TFM_CRYPTO_VERIFY_HASH_SID, +- TFM_CRYPTO_ASYMMETRIC_ENCRYPT_SID, +- TFM_CRYPTO_ASYMMETRIC_DECRYPT_SID, +- TFM_CRYPTO_KEY_DERIVATION_SETUP_SID, +- TFM_CRYPTO_KEY_DERIVATION_GET_CAPACITY_SID, +- TFM_CRYPTO_KEY_DERIVATION_SET_CAPACITY_SID, +- TFM_CRYPTO_KEY_DERIVATION_INPUT_BYTES_SID, +- TFM_CRYPTO_KEY_DERIVATION_INPUT_KEY_SID, +- TFM_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT_SID, +- TFM_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES_SID, +- TFM_CRYPTO_KEY_DERIVATION_OUTPUT_KEY_SID, +- TFM_CRYPTO_KEY_DERIVATION_ABORT_SID, +- TFM_CRYPTO_RAW_KEY_AGREEMENT_SID, +- TFM_CRYPTO_GENERATE_RANDOM_SID, +- TFM_CRYPTO_GENERATE_KEY_SID, +- TFM_CRYPTO_SID_MAX, +-}; +- + /******** TFM_SP_PLATFORM ********/ + #define TFM_SP_PLATFORM_SYSTEM_RESET_SID (0x00000040U) + #define TFM_SP_PLATFORM_SYSTEM_RESET_VERSION (1U) +diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h +index e4a2b167..9276748d 100644 +--- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h ++++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h +@@ -37,7 +37,7 @@ static inline psa_status_t crypto_caller_sign_hash(struct service_client *contex + struct rpc_caller *caller = ipc->caller; + psa_status_t status; + struct psa_ipc_crypto_pack_iovec iov = { +- .sfn_id = TFM_CRYPTO_SIGN_HASH_SID, ++ .sfn_id = TFM_CRYPTO_ASYMMETRIC_SIGN_HASH_SID, + .key_id = id, + .alg = alg, + }; +@@ -70,7 +70,7 @@ static inline psa_status_t crypto_caller_sign_message(struct service_client *con + struct rpc_caller *caller = ipc->caller; + psa_status_t status; + struct psa_ipc_crypto_pack_iovec iov = { +- .sfn_id = TFM_CRYPTO_SIGN_MESSAGE_SID, ++ .sfn_id = TFM_CRYPTO_ASYMMETRIC_SIGN_MESSAGE_SID, + .key_id = id, + .alg = alg, + }; +diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h +index cc9279ee..bcd8e0e4 100644 +--- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h ++++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h +@@ -63,7 +63,7 @@ static inline psa_status_t crypto_caller_verify_hash(struct service_client *cont + { + + return crypto_caller_common(context,id,alg,hash,hash_length, +- signature,signature_length, TFM_CRYPTO_VERIFY_HASH_SID); ++ signature,signature_length, TFM_CRYPTO_ASYMMETRIC_VERIFY_HASH_SID); + } + + static inline psa_status_t crypto_caller_verify_message(struct service_client *context, +@@ -76,7 +76,7 @@ static inline psa_status_t crypto_caller_verify_message(struct service_client *c + { + + return crypto_caller_common(context,id,alg,hash,hash_length, +- signature,signature_length, TFM_CRYPTO_VERIFY_MESSAGE_SID); ++ signature,signature_length, TFM_CRYPTO_ASYMMETRIC_VERIFY_MESSAGE_SID); + } + + #ifdef __cplusplus +-- +2.25.1 + |