Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc / 9347dd4efc156c93b1d9beaeb32e9b719ad6a3d2 / . / meta-arm / meta-arm-bsp / recipes-security / trusted-services / corstone1000 / 0024-TF-Mv1.7-alignment-Align-PSA-Crypto-SIDs.patch
blob: 7e65de869829d1b229b7529a9851aa2a20e25e0d [file] [log] [blame]
Andrew Geissler9347dd42023-03-03 12:38:41 -0600[diff] [blame^]1From ca7d37502f9453125aead14c7ee5181336cbe8f4 Mon Sep 17 00:00:00 2001
2From: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
3Date: Thu, 9 Feb 2023 00:22:40 +0000
4Subject: [PATCH 1/3] TF-Mv1.7 alignment: Align PSA Crypto SIDs
5
6This patch is to change the PSA Crypto SIDs to match the values of the
7PSA Crypto SID definitions in TF-M v1.7 running on the secure enclave
8
9Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
10Upstream-Status: Pending [Not submitted yet]
11---
12 .../service/common/include/psa/crypto_sid.h | 241 ++++++++++++++++++
13 components/service/common/include/psa/sid.h | 78 +-----
14 .../caller/psa_ipc/crypto_caller_sign_hash.h | 4 +-
15 .../psa_ipc/crypto_caller_verify_hash.h | 4 +-
16 4 files changed, 249 insertions(+), 78 deletions(-)
17 create mode 100644 components/service/common/include/psa/crypto_sid.h
18
19diff --git a/components/service/common/include/psa/crypto_sid.h b/components/service/common/include/psa/crypto_sid.h
20new file mode 100644
21index 00000000..5b05f46d
22--- /dev/null
23+++ b/components/service/common/include/psa/crypto_sid.h
24@@ -0,0 +1,241 @@
25+/*
26+ * Copyright (c) 2023, Arm Limited. All rights reserved.
27+ *
28+ * SPDX-License-Identifier: BSD-3-Clause
29+ *
30+ */
31+
32+#ifndef __PSA_CRYPTO_SID_H__
33+#define __PSA_CRYPTO_SID_H__
34+
35+#ifdef __cplusplus
36+extern "C" {
37+#endif
38+#include <stdint.h>
39+
40+/**
41+ * \brief Type associated to the group of a function encoding. There can be
42+ * nine groups (Random, Key management, Hash, MAC, Cipher, AEAD,
43+ * Asym sign, Asym encrypt, Key derivation).
44+ */
45+enum tfm_crypto_group_id {
46+ TFM_CRYPTO_GROUP_ID_RANDOM = 0x0,
47+ TFM_CRYPTO_GROUP_ID_KEY_MANAGEMENT,
48+ TFM_CRYPTO_GROUP_ID_HASH,
49+ TFM_CRYPTO_GROUP_ID_MAC,
50+ TFM_CRYPTO_GROUP_ID_CIPHER,
51+ TFM_CRYPTO_GROUP_ID_AEAD,
52+ TFM_CRYPTO_GROUP_ID_ASYM_SIGN,
53+ TFM_CRYPTO_GROUP_ID_ASYM_ENCRYPT,
54+ TFM_CRYPTO_GROUP_ID_KEY_DERIVATION,
55+};
56+
57+/* X macro describing each of the available PSA Crypto APIs */
58+#define KEY_MANAGEMENT_FUNCS \
59+ X(TFM_CRYPTO_GET_KEY_ATTRIBUTES) \
60+ X(TFM_CRYPTO_RESET_KEY_ATTRIBUTES) \
61+ X(TFM_CRYPTO_OPEN_KEY) \
62+ X(TFM_CRYPTO_CLOSE_KEY) \
63+ X(TFM_CRYPTO_IMPORT_KEY) \
64+ X(TFM_CRYPTO_DESTROY_KEY) \
65+ X(TFM_CRYPTO_EXPORT_KEY) \
66+ X(TFM_CRYPTO_EXPORT_PUBLIC_KEY) \
67+ X(TFM_CRYPTO_PURGE_KEY) \
68+ X(TFM_CRYPTO_COPY_KEY) \
69+ X(TFM_CRYPTO_GENERATE_KEY)
70+
71+#define HASH_FUNCS \
72+ X(TFM_CRYPTO_HASH_COMPUTE) \
73+ X(TFM_CRYPTO_HASH_COMPARE) \
74+ X(TFM_CRYPTO_HASH_SETUP) \
75+ X(TFM_CRYPTO_HASH_UPDATE) \
76+ X(TFM_CRYPTO_HASH_CLONE) \
77+ X(TFM_CRYPTO_HASH_FINISH) \
78+ X(TFM_CRYPTO_HASH_VERIFY) \
79+ X(TFM_CRYPTO_HASH_ABORT)
80+
81+#define MAC_FUNCS \
82+ X(TFM_CRYPTO_MAC_COMPUTE) \
83+ X(TFM_CRYPTO_MAC_VERIFY) \
84+ X(TFM_CRYPTO_MAC_SIGN_SETUP) \
85+ X(TFM_CRYPTO_MAC_VERIFY_SETUP) \
86+ X(TFM_CRYPTO_MAC_UPDATE) \
87+ X(TFM_CRYPTO_MAC_SIGN_FINISH) \
88+ X(TFM_CRYPTO_MAC_VERIFY_FINISH) \
89+ X(TFM_CRYPTO_MAC_ABORT)
90+
91+#define CIPHER_FUNCS \
92+ X(TFM_CRYPTO_CIPHER_ENCRYPT) \
93+ X(TFM_CRYPTO_CIPHER_DECRYPT) \
94+ X(TFM_CRYPTO_CIPHER_ENCRYPT_SETUP) \
95+ X(TFM_CRYPTO_CIPHER_DECRYPT_SETUP) \
96+ X(TFM_CRYPTO_CIPHER_GENERATE_IV) \
97+ X(TFM_CRYPTO_CIPHER_SET_IV) \
98+ X(TFM_CRYPTO_CIPHER_UPDATE) \
99+ X(TFM_CRYPTO_CIPHER_FINISH) \
100+ X(TFM_CRYPTO_CIPHER_ABORT)
101+
102+#define AEAD_FUNCS \
103+ X(TFM_CRYPTO_AEAD_ENCRYPT) \
104+ X(TFM_CRYPTO_AEAD_DECRYPT) \
105+ X(TFM_CRYPTO_AEAD_ENCRYPT_SETUP) \
106+ X(TFM_CRYPTO_AEAD_DECRYPT_SETUP) \
107+ X(TFM_CRYPTO_AEAD_GENERATE_NONCE) \
108+ X(TFM_CRYPTO_AEAD_SET_NONCE) \
109+ X(TFM_CRYPTO_AEAD_SET_LENGTHS) \
110+ X(TFM_CRYPTO_AEAD_UPDATE_AD) \
111+ X(TFM_CRYPTO_AEAD_UPDATE) \
112+ X(TFM_CRYPTO_AEAD_FINISH) \
113+ X(TFM_CRYPTO_AEAD_VERIFY) \
114+ X(TFM_CRYPTO_AEAD_ABORT)
115+
116+#define ASYMMETRIC_SIGN_FUNCS \
117+ X(TFM_CRYPTO_ASYMMETRIC_SIGN_MESSAGE) \
118+ X(TFM_CRYPTO_ASYMMETRIC_VERIFY_MESSAGE) \
119+ X(TFM_CRYPTO_ASYMMETRIC_SIGN_HASH) \
120+ X(TFM_CRYPTO_ASYMMETRIC_VERIFY_HASH)
121+
122+#define AYSMMETRIC_ENCRYPT_FUNCS \
123+ X(TFM_CRYPTO_ASYMMETRIC_ENCRYPT) \
124+ X(TFM_CRYPTO_ASYMMETRIC_DECRYPT)
125+
126+#define KEY_DERIVATION_FUNCS \
127+ X(TFM_CRYPTO_RAW_KEY_AGREEMENT) \
128+ X(TFM_CRYPTO_KEY_DERIVATION_SETUP) \
129+ X(TFM_CRYPTO_KEY_DERIVATION_GET_CAPACITY) \
130+ X(TFM_CRYPTO_KEY_DERIVATION_SET_CAPACITY) \
131+ X(TFM_CRYPTO_KEY_DERIVATION_INPUT_BYTES) \
132+ X(TFM_CRYPTO_KEY_DERIVATION_INPUT_KEY) \
133+ X(TFM_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT) \
134+ X(TFM_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES) \
135+ X(TFM_CRYPTO_KEY_DERIVATION_OUTPUT_KEY) \
136+ X(TFM_CRYPTO_KEY_DERIVATION_ABORT)
137+
138+#define RANDOM_FUNCS \
139+ X(TFM_CRYPTO_GENERATE_RANDOM)
140+
141+/*
142+ * Define function IDs in each group. The function ID will be encoded into
143+ * tfm_crypto_func_sid below.
144+ * Each group is defined as a dedicated enum in case the total number of
145+ * PSA Crypto APIs exceeds 256.
146+ */
147+#define X(func_id) func_id,
148+enum tfm_crypto_key_management_func_id {
149+ KEY_MANAGEMENT_FUNCS
150+};
151+enum tfm_crypto_hash_func_id {
152+ HASH_FUNCS
153+};
154+enum tfm_crypto_mac_func_id {
155+ MAC_FUNCS
156+};
157+enum tfm_crypto_cipher_func_id {
158+ CIPHER_FUNCS
159+};
160+enum tfm_crypto_aead_func_id {
161+ AEAD_FUNCS
162+};
163+enum tfm_crypto_asym_sign_func_id {
164+ ASYMMETRIC_SIGN_FUNCS
165+};
166+enum tfm_crypto_asym_encrypt_func_id {
167+ AYSMMETRIC_ENCRYPT_FUNCS
168+};
169+enum tfm_crypto_key_derivation_func_id {
170+ KEY_DERIVATION_FUNCS
171+};
172+enum tfm_crypto_random_func_id {
173+ RANDOM_FUNCS
174+};
175+#undef X
176+
177+#define FUNC_ID(func_id) (((func_id) & 0xFF) << 8)
178+
179+/*
180+ * Numerical progressive value identifying a function API exposed through
181+ * the interfaces (S or NS). It's used to dispatch the requests from S/NS
182+ * to the corresponding API implementation in the Crypto service backend.
183+ *
184+ * Each function SID is encoded as uint16_t.
185+ * | Func ID | Group ID |
186+ * 15 8 7 0
187+ * Func ID is defined in each group func_id enum above
188+ * Group ID is defined in tfm_crypto_group_id.
189+ */
190+enum tfm_crypto_func_sid {
191+
192+#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \
193+ (TFM_CRYPTO_GROUP_ID_KEY_MANAGEMENT & 0xFF)),
194+
195+ KEY_MANAGEMENT_FUNCS
196+
197+#undef X
198+#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \
199+ (TFM_CRYPTO_GROUP_ID_HASH & 0xFF)),
200+ HASH_FUNCS
201+
202+#undef X
203+#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \
204+ (TFM_CRYPTO_GROUP_ID_MAC & 0xFF)),
205+ MAC_FUNCS
206+
207+#undef X
208+#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \
209+ (TFM_CRYPTO_GROUP_ID_CIPHER & 0xFF)),
210+ CIPHER_FUNCS
211+
212+#undef X
213+#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \
214+ (TFM_CRYPTO_GROUP_ID_AEAD & 0xFF)),
215+ AEAD_FUNCS
216+
217+#undef X
218+#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \
219+ (TFM_CRYPTO_GROUP_ID_ASYM_SIGN & 0xFF)),
220+ ASYMMETRIC_SIGN_FUNCS
221+
222+#undef X
223+#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \
224+ (TFM_CRYPTO_GROUP_ID_ASYM_ENCRYPT & 0xFF)),
225+ AYSMMETRIC_ENCRYPT_FUNCS
226+
227+#undef X
228+#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \
229+ (TFM_CRYPTO_GROUP_ID_KEY_DERIVATION & 0xFF)),
230+ KEY_DERIVATION_FUNCS
231+
232+#undef X
233+#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \
234+ (TFM_CRYPTO_GROUP_ID_RANDOM & 0xFF)),
235+ RANDOM_FUNCS
236+
237+};
238+#undef X
239+
240+/**
241+ * \brief Define an invalid value for an SID
242+ *
243+ */
244+#define TFM_CRYPTO_SID_INVALID (~0x0u)
245+
246+/**
247+ * \brief This value is used to mark an handle as invalid.
248+ *
249+ */
250+#define TFM_CRYPTO_INVALID_HANDLE (0x0u)
251+
252+/**
253+ * \brief Define miscellaneous literal constants that are used in the service
254+ *
255+ */
256+enum {
257+ TFM_CRYPTO_NOT_IN_USE = 0,
258+ TFM_CRYPTO_IN_USE = 1
259+};
260+
261+#ifdef __cplusplus
262+}
263+#endif
264+
265+#endif /* __PSA_CRYPTO_SID_H__ */
266diff --git a/components/service/common/include/psa/sid.h b/components/service/common/include/psa/sid.h
267index 8103a9af..50ad070e 100644
268--- a/components/service/common/include/psa/sid.h
269+++ b/components/service/common/include/psa/sid.h
270@@ -1,5 +1,5 @@
271 /*
272- * Copyright (c) 2019-2021, Arm Limited. All rights reserved.
273+ * Copyright (c) 2019-2023, Arm Limited. All rights reserved.
274 *
275 * SPDX-License-Identifier: BSD-3-Clause
276 *
277@@ -12,6 +12,9 @@
278 extern "C" {
279 #endif
280
281+/******** PSA Crypto SIDs ********/
282+#include "crypto_sid.h"
283+
284 /******** TFM_SP_PS ********/
285 #define TFM_PROTECTED_STORAGE_SERVICE_SID (0x00000060U)
286 #define TFM_PROTECTED_STORAGE_SERVICE_VERSION (1U)
287@@ -43,79 +46,6 @@ extern "C" {
288 #define TFM_PLATFORM_SERVICE_HANDLE (0x40000105U)
289
290
291-/**
292- * \brief Define a progressive numerical value for each SID which can be used
293- * when dispatching the requests to the service
294- */
295-enum {
296- TFM_CRYPTO_GET_KEY_ATTRIBUTES_SID = (0u),
297- TFM_CRYPTO_RESET_KEY_ATTRIBUTES_SID,
298- TFM_CRYPTO_OPEN_KEY_SID,
299- TFM_CRYPTO_CLOSE_KEY_SID,
300- TFM_CRYPTO_IMPORT_KEY_SID,
301- TFM_CRYPTO_DESTROY_KEY_SID,
302- TFM_CRYPTO_EXPORT_KEY_SID,
303- TFM_CRYPTO_EXPORT_PUBLIC_KEY_SID,
304- TFM_CRYPTO_PURGE_KEY_SID,
305- TFM_CRYPTO_COPY_KEY_SID,
306- TFM_CRYPTO_HASH_COMPUTE_SID,
307- TFM_CRYPTO_HASH_COMPARE_SID,
308- TFM_CRYPTO_HASH_SETUP_SID,
309- TFM_CRYPTO_HASH_UPDATE_SID,
310- TFM_CRYPTO_HASH_FINISH_SID,
311- TFM_CRYPTO_HASH_VERIFY_SID,
312- TFM_CRYPTO_HASH_ABORT_SID,
313- TFM_CRYPTO_HASH_CLONE_SID,
314- TFM_CRYPTO_MAC_COMPUTE_SID,
315- TFM_CRYPTO_MAC_VERIFY_SID,
316- TFM_CRYPTO_MAC_SIGN_SETUP_SID,
317- TFM_CRYPTO_MAC_VERIFY_SETUP_SID,
318- TFM_CRYPTO_MAC_UPDATE_SID,
319- TFM_CRYPTO_MAC_SIGN_FINISH_SID,
320- TFM_CRYPTO_MAC_VERIFY_FINISH_SID,
321- TFM_CRYPTO_MAC_ABORT_SID,
322- TFM_CRYPTO_CIPHER_ENCRYPT_SID,
323- TFM_CRYPTO_CIPHER_DECRYPT_SID,
324- TFM_CRYPTO_CIPHER_ENCRYPT_SETUP_SID,
325- TFM_CRYPTO_CIPHER_DECRYPT_SETUP_SID,
326- TFM_CRYPTO_CIPHER_GENERATE_IV_SID,
327- TFM_CRYPTO_CIPHER_SET_IV_SID,
328- TFM_CRYPTO_CIPHER_UPDATE_SID,
329- TFM_CRYPTO_CIPHER_FINISH_SID,
330- TFM_CRYPTO_CIPHER_ABORT_SID,
331- TFM_CRYPTO_AEAD_ENCRYPT_SID,
332- TFM_CRYPTO_AEAD_DECRYPT_SID,
333- TFM_CRYPTO_AEAD_ENCRYPT_SETUP_SID,
334- TFM_CRYPTO_AEAD_DECRYPT_SETUP_SID,
335- TFM_CRYPTO_AEAD_GENERATE_NONCE_SID,
336- TFM_CRYPTO_AEAD_SET_NONCE_SID,
337- TFM_CRYPTO_AEAD_SET_LENGTHS_SID,
338- TFM_CRYPTO_AEAD_UPDATE_AD_SID,
339- TFM_CRYPTO_AEAD_UPDATE_SID,
340- TFM_CRYPTO_AEAD_FINISH_SID,
341- TFM_CRYPTO_AEAD_VERIFY_SID,
342- TFM_CRYPTO_AEAD_ABORT_SID,
343- TFM_CRYPTO_SIGN_MESSAGE_SID,
344- TFM_CRYPTO_VERIFY_MESSAGE_SID,
345- TFM_CRYPTO_SIGN_HASH_SID,
346- TFM_CRYPTO_VERIFY_HASH_SID,
347- TFM_CRYPTO_ASYMMETRIC_ENCRYPT_SID,
348- TFM_CRYPTO_ASYMMETRIC_DECRYPT_SID,
349- TFM_CRYPTO_KEY_DERIVATION_SETUP_SID,
350- TFM_CRYPTO_KEY_DERIVATION_GET_CAPACITY_SID,
351- TFM_CRYPTO_KEY_DERIVATION_SET_CAPACITY_SID,
352- TFM_CRYPTO_KEY_DERIVATION_INPUT_BYTES_SID,
353- TFM_CRYPTO_KEY_DERIVATION_INPUT_KEY_SID,
354- TFM_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT_SID,
355- TFM_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES_SID,
356- TFM_CRYPTO_KEY_DERIVATION_OUTPUT_KEY_SID,
357- TFM_CRYPTO_KEY_DERIVATION_ABORT_SID,
358- TFM_CRYPTO_RAW_KEY_AGREEMENT_SID,
359- TFM_CRYPTO_GENERATE_RANDOM_SID,
360- TFM_CRYPTO_GENERATE_KEY_SID,
361- TFM_CRYPTO_SID_MAX,
362-};
363-
364 /******** TFM_SP_PLATFORM ********/
365 #define TFM_SP_PLATFORM_SYSTEM_RESET_SID (0x00000040U)
366 #define TFM_SP_PLATFORM_SYSTEM_RESET_VERSION (1U)
367diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h
368index e4a2b167..9276748d 100644
369--- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h
370+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h
371@@ -37,7 +37,7 @@ static inline psa_status_t crypto_caller_sign_hash(struct service_client *contex
372 struct rpc_caller *caller = ipc->caller;
373 psa_status_t status;
374 struct psa_ipc_crypto_pack_iovec iov = {
375- .sfn_id = TFM_CRYPTO_SIGN_HASH_SID,
376+ .sfn_id = TFM_CRYPTO_ASYMMETRIC_SIGN_HASH_SID,
377 .key_id = id,
378 .alg = alg,
379 };
380@@ -70,7 +70,7 @@ static inline psa_status_t crypto_caller_sign_message(struct service_client *con
381 struct rpc_caller *caller = ipc->caller;
382 psa_status_t status;
383 struct psa_ipc_crypto_pack_iovec iov = {
384- .sfn_id = TFM_CRYPTO_SIGN_MESSAGE_SID,
385+ .sfn_id = TFM_CRYPTO_ASYMMETRIC_SIGN_MESSAGE_SID,
386 .key_id = id,
387 .alg = alg,
388 };
389diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h
390index cc9279ee..bcd8e0e4 100644
391--- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h
392+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h
393@@ -63,7 +63,7 @@ static inline psa_status_t crypto_caller_verify_hash(struct service_client *cont
394 {
395
396 return crypto_caller_common(context,id,alg,hash,hash_length,
397- signature,signature_length, TFM_CRYPTO_VERIFY_HASH_SID);
398+ signature,signature_length, TFM_CRYPTO_ASYMMETRIC_VERIFY_HASH_SID);
399 }
400
401 static inline psa_status_t crypto_caller_verify_message(struct service_client *context,
402@@ -76,7 +76,7 @@ static inline psa_status_t crypto_caller_verify_message(struct service_client *c
403 {
404
405 return crypto_caller_common(context,id,alg,hash,hash_length,
406- signature,signature_length, TFM_CRYPTO_VERIFY_MESSAGE_SID);
407+ signature,signature_length, TFM_CRYPTO_ASYMMETRIC_VERIFY_MESSAGE_SID);
408 }
409
410 #ifdef __cplusplus
411--
4122.25.1
413