diff --git a/LICENSE.md b/LICENSE.md index 831caa12b0..2b797a5c8f 100644 --- a/LICENSE.md +++ b/LICENSE.md @@ -5,11 +5,11 @@ Folders containing files under different permissive license than Apache 2.0 are - [cmsis](./cmsis) - MIT, BSD-3-Clause - [components/802.15.4_RF/mcr20a-rf-driver](./components/802.15.4_RF/mcr20a-rf-driver) - BSD-3-Clause -- [components/TARGET_PSA/TARGET_TFM](./components/TARGET_PSA/TARGET_TFM) - BSD-3-Clause -- [components/TARGET_PSA/TARGET_PSA/services/attestation](./components/TARGET_PSA/services/attestation) - BSD-3-Clause - [features/cryptocell/FEATURE_CRYPTOCELL310](./features/cryptocell/FEATURE_CRYPTOCELL310) - ARM Object Code and Header Files License - [features/FEATURE_BOOTLOADER](./features/FEATURE_BOOTLOADER) - PBL - [features/FEATURE_BLE/targets](./features/FEATURE_BLE/targets) - BSD-style, PBL, MIT-style +- [features/FEATURE_PSA/FEATURE_TFM](./features/FEATURE_PSA/FEATURE_TFM) - BSD-3-Clause +- [features/FEATURE_PSA/FEATURE_MBED_PSA_SRV/services/attestation](./features/FEATURE_PSA/FEATURE_MBED_PSA_SRV/services/attestation) - BSD-3-Clause - [features/lorawan](./features/lorawan) - Revised BSD - [features/lwipstack](./features/lwipstack) - BSD-style, MIT-style - [features/nanostack/sal-stack-nanostack](./features/nanostack/sal-stack-nanostack) - BSD-3-Clause diff --git a/TESTS/mbed-crypto/sanity/main.cpp b/TESTS/mbed-crypto/sanity/main.cpp index 98cd169e47..ed50e5eec3 100644 --- a/TESTS/mbed-crypto/sanity/main.cpp +++ b/TESTS/mbed-crypto/sanity/main.cpp @@ -15,12 +15,11 @@ * limitations under the License. */ -#include "psa/crypto.h" - -#if ((!defined(TARGET_PSA)) || (!defined(MBEDTLS_PSA_CRYPTO_C))) +#if ((!defined(FEATURE_PSA)) || (!defined(MBEDTLS_PSA_CRYPTO_C))) #error [NOT_SUPPORTED] Mbed Crypto is OFF - skipping. #else +#include "psa/crypto.h" #include #include "mbed.h" #include "greentea-client/test_env.h" diff --git a/TESTS/mbed_hal/trng/main.cpp b/TESTS/mbed_hal/trng/main.cpp index edd5dff70e..0c9f22ce37 100644 --- a/TESTS/mbed_hal/trng/main.cpp +++ b/TESTS/mbed_hal/trng/main.cpp @@ -69,7 +69,7 @@ using namespace utest::v1; -#if (defined(TARGET_PSA) && defined(COMPONENT_PSA_SRV_IPC) && defined(MBEDTLS_PSA_CRYPTO_C)) +#if (defined(FEATURE_PSA) && defined(COMPONENT_PSA_SRV_IPC) && defined(MBEDTLS_PSA_CRYPTO_C)) #include "entropy.h" #include "entropy_poll.h" #include "crypto.h" @@ -94,7 +94,7 @@ void inject_entropy_for_psa() mbedtls_psa_inject_entropy(seed, MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE); } } -#endif // (defined(TARGET_PSA) && defined(COMPONENT_PSA_SRV_IPC) && defined(MBEDTLS_PSA_CRYPTO_C)) +#endif // (defined(FEATURE_PSA) && defined(COMPONENT_PSA_SRV_IPC) && defined(MBEDTLS_PSA_CRYPTO_C)) static int fill_buffer_trng(uint8_t *buffer, trng_t *trng_obj, size_t trng_len) { @@ -275,7 +275,7 @@ int main() #if defined(MBEDTLS_PLATFORM_C) ret = mbedtls_platform_setup(NULL); #endif /* MBEDTLS_PLATFORM_C */ -#if (defined(TARGET_PSA) && defined(COMPONENT_PSA_SRV_IPC) && defined(MBEDTLS_PSA_CRYPTO_C)) +#if (defined(FEATURE_PSA) && defined(COMPONENT_PSA_SRV_IPC) && defined(MBEDTLS_PSA_CRYPTO_C)) inject_entropy_for_psa(); #endif ret = !Harness::run(specification); diff --git a/TESTS/mbedtls/selftest/main.cpp b/TESTS/mbedtls/selftest/main.cpp index 0398dd0cb0..a354d31167 100644 --- a/TESTS/mbedtls/selftest/main.cpp +++ b/TESTS/mbedtls/selftest/main.cpp @@ -86,7 +86,7 @@ Case cases[] = { #endif /* MBEDTLS_SELF_TEST */ }; -#if (defined(MBEDTLS_ENTROPY_C) && defined(TARGET_PSA) && defined(COMPONENT_PSA_SRV_IPC) && defined(MBEDTLS_PSA_CRYPTO_C)) +#if (defined(MBEDTLS_ENTROPY_C) && defined(FEATURE_PSA) && defined(COMPONENT_PSA_SRV_IPC) && defined(MBEDTLS_PSA_CRYPTO_C)) #include "crypto.h" #if !defined(MAX) #define MAX(a,b) (((a)>(b))?(a):(b)) @@ -109,7 +109,7 @@ void inject_entropy_for_psa() mbedtls_psa_inject_entropy(seed, MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE); } } -#endif // (defined(MBEDTLS_ENTROPY_C) && defined(TARGET_PSA) && defined(COMPONENT_PSA_SRV_IPC) && defined(MBEDTLS_PSA_CRYPTO_C)) +#endif // (defined(MBEDTLS_ENTROPY_C) && defined(FEATURE_PSA) && defined(COMPONENT_PSA_SRV_IPC) && defined(MBEDTLS_PSA_CRYPTO_C)) utest::v1::status_t test_setup(const size_t num_cases) @@ -130,7 +130,7 @@ int main() } #endif -#if (defined(MBEDTLS_ENTROPY_C) && defined(TARGET_PSA) && defined(COMPONENT_PSA_SRV_IPC) && defined(MBEDTLS_PSA_CRYPTO_C)) +#if (defined(MBEDTLS_ENTROPY_C) && defined(FEATURE_PSA) && defined(COMPONENT_PSA_SRV_IPC) && defined(MBEDTLS_PSA_CRYPTO_C)) inject_entropy_for_psa(); #endif diff --git a/cmsis/TARGET_CORTEX_M/mbed_tz_context.c b/cmsis/TARGET_CORTEX_M/mbed_tz_context.c index 17bf625afe..368b0b3ff5 100644 --- a/cmsis/TARGET_CORTEX_M/mbed_tz_context.c +++ b/cmsis/TARGET_CORTEX_M/mbed_tz_context.c @@ -22,7 +22,7 @@ * limitations under the License. */ -#if !TARGET_TFM +#if !FEATURE_TFM #if defined (__ARM_FEATURE_CMSE) && (__ARM_FEATURE_CMSE == 3U) @@ -204,4 +204,4 @@ uint32_t TZ_StoreContext_S (TZ_MemoryId_t id) { } #endif -#endif // !TARGET_TFM +#endif // !FEATURE_TFM diff --git a/components/TARGET_PSA/inc/psa_manifest/sid.h b/components/TARGET_PSA/inc/psa_manifest/sid.h deleted file mode 100644 index 42fe92b669..0000000000 --- a/components/TARGET_PSA/inc/psa_manifest/sid.h +++ /dev/null @@ -1,23 +0,0 @@ -/* Copyright (c) 2017-2018 ARM Limited - * - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef __SID_H__ -#define __SID_H__ - -#include "autogen_sid.h" - -#endif // __SID_H__ diff --git a/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IPC/psa_attest_inject_key.c b/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IPC/psa_attest_inject_key.c deleted file mode 100755 index 239b8d35df..0000000000 --- a/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IPC/psa_attest_inject_key.c +++ /dev/null @@ -1,55 +0,0 @@ -/* -* Copyright (c) 2018-2019 ARM Limited. All rights reserved. -* -* SPDX-License-Identifier: Apache-2.0 -* -* Licensed under the Apache License, Version 2.0 (the License); you may -* not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an AS IS BASIS, WITHOUT -* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ - -#include "psa_attest_inject_key.h" -#include "psa/crypto.h" -#include "psa/client.h" -#include "psa_manifest/sid.h" - -#define MINOR_VER 1 - -psa_status_t -psa_attestation_inject_key(const uint8_t *key_data, - size_t key_data_length, - psa_key_type_t type, - uint8_t *public_key_data, - size_t public_key_data_size, - size_t *public_key_data_length) -{ - psa_handle_t handle = PSA_NULL_HANDLE; - psa_status_t call_error = PSA_SUCCESS; - psa_invec in_vec[2] = { - { &type, sizeof(type) }, - { key_data, key_data_length } - }; - - psa_outvec out_vec[2] = { - { public_key_data, public_key_data_size }, - { public_key_data_length, sizeof(*public_key_data_length) } - }; - - handle = psa_connect(PSA_ATTEST_INJECT_KEY_ID, MINOR_VER); - if (handle <= 0) { - return (PSA_ERROR_COMMUNICATION_FAILURE); - } - - call_error = psa_call(handle, in_vec, 2, out_vec, 2); - - psa_close(handle); - return call_error; -} diff --git a/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IPC/psa_initial_attestation_api.c b/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IPC/psa_initial_attestation_api.c deleted file mode 100755 index ff90cc8530..0000000000 --- a/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IPC/psa_initial_attestation_api.c +++ /dev/null @@ -1,79 +0,0 @@ -/* -* Copyright (c) 2018-2019 ARM Limited. All rights reserved. -* -* SPDX-License-Identifier: Apache-2.0 -* -* Licensed under the Apache License, Version 2.0 (the License); you may -* not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an AS IS BASIS, WITHOUT -* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ - -#include "psa_initial_attestation_api.h" -#include "psa/crypto.h" -#include "psa/client.h" -#include "attestation.h" -#include -#include "psa_manifest/sid.h" - -#define MINOR_VER 1 - -enum psa_attest_err_t -psa_initial_attest_get_token(const uint8_t *challenge_obj, - uint32_t challenge_size, - uint8_t *token, - uint32_t *token_size) { - psa_status_t err_call; - psa_handle_t handle = PSA_NULL_HANDLE; - - psa_invec in_vec[1] = { { challenge_obj, challenge_size } }; - psa_outvec out_vec[1] = { { token, *token_size } }; - - handle = psa_connect(PSA_ATTEST_GET_TOKEN_ID, MINOR_VER); - if (handle <= 0) - { - return (PSA_ATTEST_ERR_GENERAL); - } - - err_call = psa_call(handle, in_vec, 1, out_vec, 1); - psa_close(handle); - - if (err_call < 0) - { - err_call = PSA_ATTEST_ERR_GENERAL; - } - - return ((enum psa_attest_err_t) err_call); -} - -enum psa_attest_err_t -psa_initial_attest_get_token_size(uint32_t challenge_size, - uint32_t *token_size) { - psa_status_t err_call; - psa_handle_t handle = PSA_NULL_HANDLE; - psa_invec in_vec[1] = { { &challenge_size, sizeof(uint32_t) } }; - psa_outvec out_vec[1] = { { token_size, sizeof(uint32_t) } }; - - handle = psa_connect(PSA_ATTEST_GET_TOKEN_SIZE_ID, MINOR_VER); - if (handle <= 0) - { - return (PSA_ATTEST_ERR_GENERAL); - } - - err_call = psa_call(handle, in_vec, 1, out_vec, 1); - psa_close(handle); - - if (err_call < 0) - { - err_call = PSA_ATTEST_ERR_GENERAL; - } - - return ((enum psa_attest_err_t) err_call); -} diff --git a/components/TARGET_PSA/services/attestation/COMPONENT_SPE/psa_attestation_partition.c b/components/TARGET_PSA/services/attestation/COMPONENT_SPE/psa_attestation_partition.c deleted file mode 100755 index 3459a7d768..0000000000 --- a/components/TARGET_PSA/services/attestation/COMPONENT_SPE/psa_attestation_partition.c +++ /dev/null @@ -1,253 +0,0 @@ -/* -* Copyright (c) 2018-2019 ARM Limited. All rights reserved. -* -* SPDX-License-Identifier: Apache-2.0 -* -* Licensed under the Apache License, Version 2.0 (the License); you may -* not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an AS IS BASIS, WITHOUT -* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ - -// ---------------------------------- Includes --------------------------------- -#include "psa/client.h" -#include "psa/service.h" - -#include "mbed_spm_partitions.h" -#include "psa_initial_attestation_api.h" -#include "psa_attest_inject_key.h" -#include "psa_inject_attestation_key_impl.h" -#include "attestation.h" -#include -#include -#include "psa/crypto.h" - -int32_t g_caller_id = 0; - -static void set_caller_id(psa_msg_t *msg) -{ - g_caller_id = msg->client_id; -} - -// ------------------------- Partition's Main Thread --------------------------- - -static void psa_attest_get_token(void) -{ - psa_msg_t msg = { 0 }; - enum psa_attest_err_t status = PSA_ATTEST_ERR_SUCCESS; - - if (PSA_SUCCESS != psa_get(PSA_ATTEST_GET_TOKEN, &msg)) { - return; - } - switch (msg.type) { - case PSA_IPC_CONNECT: - case PSA_IPC_DISCONNECT: { - break; - } - case PSA_IPC_CALL: { - uint8_t *challenge_buff = NULL; - uint8_t *token_buff = NULL; - uint32_t bytes_read = 0; - - challenge_buff = calloc(1, msg.in_size[0]); - if (challenge_buff == NULL) { - status = PSA_ATTEST_ERR_GENERAL; - break; - } - bytes_read = psa_read(msg.handle, 0, - challenge_buff, msg.in_size[0]); - if (bytes_read != msg.in_size[0]) { - free(challenge_buff); - SPM_PANIC("SPM read length mismatch"); - } - - token_buff = calloc(1, msg.out_size[0]); - if (token_buff == NULL) { - status = PSA_ATTEST_ERR_GENERAL; - free(challenge_buff); - break; - } - - psa_invec in_vec[1] = { { challenge_buff, msg.in_size[0] } }; - psa_outvec out_vec[1] = { { token_buff, msg.out_size[0] } }; - - status = attest_init(); - if (status != PSA_ATTEST_ERR_SUCCESS) { - free(challenge_buff); - free(token_buff); - break; - } - - set_caller_id(&msg); - status = initial_attest_get_token(in_vec, 1, out_vec, 1); - if (status == PSA_ATTEST_ERR_SUCCESS) { - psa_write(msg.handle, 0, out_vec[0].base, out_vec[0].len); - } - - free(challenge_buff); - free(token_buff); - break; - } - - default: { - SPM_PANIC("Unexpected message type %d!", (int)(msg.type)); - break; - } - } - - psa_reply(msg.handle, status); -} - -static void psa_attest_get_token_size(void) -{ - psa_msg_t msg = { 0 }; - enum psa_attest_err_t status = PSA_ATTEST_ERR_SUCCESS; - - if (PSA_SUCCESS != psa_get(PSA_ATTEST_GET_TOKEN_SIZE, &msg)) { - return; - } - switch (msg.type) { - case PSA_IPC_CONNECT: - case PSA_IPC_DISCONNECT: { - break; - } - case PSA_IPC_CALL: { - uint32_t challenge_size; - uint32_t token_size; - uint32_t bytes_read = 0; - - bytes_read = psa_read(msg.handle, 0, - &challenge_size, msg.in_size[0]); - if (bytes_read != msg.in_size[0]) { - SPM_PANIC("SPM read length mismatch"); - } - - psa_invec in_vec[1] = { { &challenge_size, msg.in_size[0] } }; - psa_outvec out_vec[1] = { { &token_size, msg.out_size[0] } }; - - status = attest_init(); - if (status != PSA_ATTEST_ERR_SUCCESS) { - break; - } - - set_caller_id(&msg); - status = initial_attest_get_token_size(in_vec, 1, out_vec, 1); - if (status == PSA_ATTEST_ERR_SUCCESS) { - psa_write(msg.handle, 0, out_vec[0].base, out_vec[0].len); - } - - break; - } - - default: { - SPM_PANIC("Unexpected message type %d!", (int)(msg.type)); - break; - } - } - - psa_reply(msg.handle, status); -} - -static void psa_attest_inject_key(void) -{ - psa_msg_t msg = { 0 }; - psa_status_t status = PSA_SUCCESS; - - if (PSA_SUCCESS != psa_get(PSA_ATTEST_INJECT_KEY, &msg)) { - return; - } - switch (msg.type) { - case PSA_IPC_CONNECT: - case PSA_IPC_DISCONNECT: { - break; - } - case PSA_IPC_CALL: { - uint8_t *public_key_data = NULL; - size_t public_key_data_length = 0; - uint8_t *key_data = NULL; - psa_key_type_t type; - uint32_t bytes_read = 0; - - if (msg.in_size[0] != sizeof(psa_key_type_t)) { - status = PSA_ERROR_INVALID_ARGUMENT; - break; - } - - bytes_read = psa_read(msg.handle, 0, &type, msg.in_size[0]); - if (bytes_read != msg.in_size[0]) { - SPM_PANIC("SPM read length mismatch"); - } - - public_key_data = calloc(1, msg.out_size[0]); - if (public_key_data == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - break; - } - if (msg.in_size[1] != 0) { - key_data = calloc(1, msg.in_size[1]); - if (key_data == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - free(public_key_data); - break; - } - - bytes_read = psa_read(msg.handle, 1, - key_data, msg.in_size[1]); - if (bytes_read != msg.in_size[1]) { - free(public_key_data); - free(key_data); - SPM_PANIC("SPM read length mismatch"); - } - } - status = psa_attestation_inject_key_impl(key_data, - msg.in_size[1], - type, - public_key_data, - msg.out_size[0], - &public_key_data_length); - - if (status == PSA_SUCCESS) { - psa_write(msg.handle, 0, public_key_data, public_key_data_length); - } - - psa_write(msg.handle, 1, - &public_key_data_length, sizeof(public_key_data_length)); - free(public_key_data); - if (key_data != NULL) { - free(key_data); - } - break; - - } - - default: { - SPM_PANIC("Unexpected message type %d!", (int)(msg.type)); - break; - } - } - - psa_reply(msg.handle, status); -} - -void attest_main(void *ptr) -{ - while (1) { - uint32_t signals = psa_wait(ATTEST_SRV_WAIT_ANY_SID_MSK, PSA_BLOCK); - if (signals & PSA_ATTEST_GET_TOKEN) { - psa_attest_get_token(); - } - if (signals & PSA_ATTEST_GET_TOKEN_SIZE) { - psa_attest_get_token_size(); - } - if (signals & PSA_ATTEST_INJECT_KEY) { - psa_attest_inject_key(); - } - } -} diff --git a/components/TARGET_PSA/services/attestation/attestation_partition_psa.json b/components/TARGET_PSA/services/attestation/attestation_partition_psa.json deleted file mode 100755 index f021d4996d..0000000000 --- a/components/TARGET_PSA/services/attestation/attestation_partition_psa.json +++ /dev/null @@ -1,47 +0,0 @@ -{ - "name": "ATTEST_SRV", - "type": "APPLICATION-ROT", - "priority": "NORMAL", - "id": "0x00000025", - "entry_point": "attest_main", - "stack_size": "0x2000", - "heap_size": "0x2000", - "services": [ - { - "name": "PSA_ATTEST_GET_TOKEN_ID", - "identifier": "0x00000F10", - "signal": "PSA_ATTEST_GET_TOKEN", - "non_secure_clients": true, - "minor_version": 1, - "minor_policy": "STRICT" - }, - { - "name": "PSA_ATTEST_GET_TOKEN_SIZE_ID", - "identifier": "0x00000F11", - "signal": "PSA_ATTEST_GET_TOKEN_SIZE", - "non_secure_clients": true, - "minor_version": 1, - "minor_policy": "STRICT" - }, - { - "name": "PSA_ATTEST_INJECT_KEY_ID", - "identifier": "0x00000F12", - "signal": "PSA_ATTEST_INJECT_KEY", - "non_secure_clients": true, - "minor_version": 1, - "minor_policy": "STRICT" - } - ], - "extern_sids": [ - "PSA_CRYPTO_INIT_ID", - "PSA_HASH_ID", - "PSA_ASYMMETRIC_ID", - "PSA_KEY_MNG_ID", - "PSA_CRYPTO_FREE_ID", - "PSA_KEY_DERIVATION_ID", - "PSA_PLATFORM_LC_GET" - ], - "source_files": [ - "COMPONENT_SPE/psa_attestation_partition.c" - ] -} diff --git a/components/TARGET_PSA/services/crypto/COMPONENT_PSA_SRV_IPC/crypto_platform_spe.h b/components/TARGET_PSA/services/crypto/COMPONENT_PSA_SRV_IPC/crypto_platform_spe.h deleted file mode 100644 index 6783e292f4..0000000000 --- a/components/TARGET_PSA/services/crypto/COMPONENT_PSA_SRV_IPC/crypto_platform_spe.h +++ /dev/null @@ -1,179 +0,0 @@ -/** - * \file psa/crypto_platform_spe.h - * - * \brief PSA cryptography module: Mbed TLS platfom definitions - */ -/* - * Copyright (C) 2018, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This file is part of mbed TLS (https://tls.mbed.org) - */ - -#ifndef PSA_CRYPTO_SPE_PLATFORM_H -#define PSA_CRYPTO_SPE_PLATFORM_H - -/* Include the Mbed TLS configuration file, the way Mbed TLS does it - * in each of its header files. */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "../mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif - -/** \defgroup PSA Crypto APIs -* @{ -*/ - -/** \brief psa_s_function_t enum defines for all the available functions in PSA Crypto. */ -typedef enum psa_sec_function_s { - PSA_CRYPTO_INVALID, - PSA_GET_KEY_ATTRIBUTES, - PSA_OPEN_KEY, - PSA_CLOSE_KEY, - PSA_IMPORT_KEY, - PSA_DESTROY_KEY, - PSA_EXPORT_KEY, - PSA_EXPORT_PUBLIC_KEY, - PSA_COPY_KEY, - PSA_HASH_COMPUTE, - PSA_HASH_COMPARE, - PSA_HASH_SETUP, - PSA_HASH_UPDATE, - PSA_HASH_FINISH, - PSA_HASH_VERIFY, - PSA_HASH_ABORT, - PSA_HASH_CLONE, - PSA_HASH_CLONE_BEGIN, - PSA_HASH_CLONE_END, - PSA_MAC_COMPUTE, - PSA_MAC_VERIFY, - PSA_MAC_SIGN_SETUP, - PSA_MAC_VERIFY_SETUP, - PSA_MAC_UPDATE, - PSA_MAC_SIGN_FINISH, - PSA_MAC_VERIFY_FINISH, - PSA_MAC_ABORT, - PSA_CIPHER_ENCRYPT, - PSA_CIPHER_DECRYPT, - PSA_CIPHER_ENCRYPT_SETUP, - PSA_CIPHER_DECRYPT_SETUP, - PSA_CIPHER_GENERATE_IV, - PSA_CIPHER_SET_IV, - PSA_CIPHER_UPDATE, - PSA_CIPHER_FINISH, - PSA_CIPHER_ABORT, - PSA_AEAD_ENCRYPT, - PSA_AEAD_DECRYPT, - PSA_AEAD_ENCRYPT_SETUP, - PSA_AEAD_DECRYPT_SETUP, - PSA_AEAD_GENERATE_NONCE, - PSA_AEAD_SET_NONCE, - PSA_AEAD_SET_LENGTHS, - PSA_AEAD_UPDATE_AD, - PSA_AEAD_UPDATE, - PSA_AEAD_FINISH, - PSA_AEAD_VERIFY, - PSA_AEAD_ABORT, - PSA_ASYMMETRIC_SIGN, - PSA_ASYMMETRIC_VERIFY, - PSA_ASYMMETRIC_ENCRYPT, - PSA_ASYMMETRIC_DECRYPT, - PSA_KEY_DERIVATION_SETUP, - PSA_KEY_DERIVATION_GET_CAPACITY, - PSA_KEY_DERIVATION_SET_CAPACITY, - PSA_KEY_DERIVATION_INPUT_BYTES, - PSA_KEY_DERIVATION_INPUT_KEY, - PSA_KEY_DERIVATION_KEY_AGREEMENT, - PSA_KEY_DERIVATION_OUTPUT_BYTES, - PSA_KEY_DERIVATION_OUTPUT_KEY, - PSA_KEY_DERIVATION_ABORT, - PSA_RAW_KEY_AGREEMENT, - PSA_GENERATE_RANDOM, - PSA_GENERATE_KEY, -} psa_sec_function_t; - -/**@}*/ - -/** \defgroup PSA Crypto structures for IPC -* @{ -*/ - -/** psa_crypto_ipc_s struct used for some of the - * PSA Crypto APIs that need psa_key_handle_t and psa_algorithm_t arguments - * and in order to use the existing infrastructure of the SPM-IPC we provide a struct to - * pack them together. - */ -typedef struct psa_crypto_ipc_s { - psa_sec_function_t func; - psa_key_handle_t handle; - psa_algorithm_t alg; -} psa_crypto_ipc_t; - -/** psa_crypto_derivation_ipc_s struct used for some of the - * PSA Crypto APIs that need psa_key_handle_t and psa_algorithm_t arguments - * and in order to use the existing infrastructure of the SPM-IPC we provide a struct to - * pack them together. - */ -typedef struct psa_crypto_derivation_ipc_s { - psa_sec_function_t func; - psa_key_handle_t handle; - psa_algorithm_t alg; - size_t capacity; -} psa_crypto_derivation_ipc_t; - -/** psa_key_mng_ipc_s struct used for some of the - * PSA Crypto APIs that need psa_key_handle_t and psa_algorithm_t arguments - * and in order to use the existing infrastructure of the SPM-IPC we provide a struct to - * pack them together. - */ -typedef struct psa_key_mng_ipc_s { - psa_key_handle_t handle; - psa_sec_function_t func; -} psa_key_mng_ipc_t; - -/** psa_crypto_ipc_aead_s struct used for AEAD integrated - * PSA Crypto APIs that need psa_key_handle_t and psa_algorithm_t and extra arguments - * and in order to use the existing infrastructure of the SPM-IPC we provide a struct to - * pack them together. - */ -// Max length supported for nonce is 16 bytes. -#define PSA_AEAD_MAX_NONCE_SIZE 16 -typedef struct psa_crypto_ipc_aead_s { - psa_sec_function_t func; - psa_key_handle_t handle; - psa_algorithm_t alg; - uint16_t nonce_size; - size_t additional_data_length; - size_t input_length; - uint8_t nonce[PSA_AEAD_MAX_NONCE_SIZE]; -} psa_crypto_ipc_aead_t; - -/** psa_crypto_ipc_asymmetric_s struct used for asymmetric - * PSA Crypto APIs that need psa_key_handle_t and psa_algorithm_t arguments - * and in order to use the existing infrastructure of the SPM-IPC we provide a struct to - * pack them together. - */ -typedef struct psa_crypto_ipc_asymmetric_s { - psa_sec_function_t func; - psa_key_handle_t handle; - psa_algorithm_t alg; - size_t input_length; - size_t salt_length; -} psa_crypto_ipc_asymmetric_t; - -/**@}*/ - -#endif /* PSA_CRYPTO_SPE_PLATFORM_H */ diff --git a/components/TARGET_PSA/services/crypto/COMPONENT_PSA_SRV_IPC/crypto_struct.h b/components/TARGET_PSA/services/crypto/COMPONENT_PSA_SRV_IPC/crypto_struct.h deleted file mode 100644 index 7e39d48880..0000000000 --- a/components/TARGET_PSA/services/crypto/COMPONENT_PSA_SRV_IPC/crypto_struct.h +++ /dev/null @@ -1,6 +0,0 @@ -#ifdef PSA_CRYPTO_SECURE -#include "crypto_struct_spe.h" -#else -#include "crypto_struct_ipc.h" -#endif - diff --git a/components/TARGET_PSA/services/crypto/COMPONENT_PSA_SRV_IPC/crypto_struct_ipc.h b/components/TARGET_PSA/services/crypto/COMPONENT_PSA_SRV_IPC/crypto_struct_ipc.h deleted file mode 100644 index 20bea21c66..0000000000 --- a/components/TARGET_PSA/services/crypto/COMPONENT_PSA_SRV_IPC/crypto_struct_ipc.h +++ /dev/null @@ -1,318 +0,0 @@ -/** - * \file psa/crypto_struct.h - * - * \brief PSA cryptography module: Mbed TLS structured type implementations - * - * \note This file may not be included directly. Applications must - * include psa/crypto.h. - * - * This file contains the definitions of some data structures with - * implementation-specific definitions. - * - * In implementations with isolation between the application and the - * cryptography module, it is expected that the front-end and the back-end - * would have different versions of this file. - * - *

Design notes about multipart operation structures

- * - * Each multipart operation structure contains a `psa_algorithm_t alg` - * field which indicates which specific algorithm the structure is for. - * When the structure is not in use, `alg` is 0. Most of the structure - * consists of a union which is discriminated by `alg`. - * - * Note that when `alg` is 0, the content of other fields is undefined. - * In particular, it is not guaranteed that a freshly-initialized structure - * is all-zero: we initialize structures to something like `{0, 0}`, which - * is only guaranteed to initializes the first member of the union; - * GCC and Clang initialize the whole structure to 0 (at the time of writing), - * but MSVC and CompCert don't. - * - * In Mbed Crypto, multipart operation structures live independently from - * the key. This allows Mbed Crypto to free the key objects when destroying - * a key slot. If a multipart operation needs to remember the key after - * the setup function returns, the operation structure needs to contain a - * copy of the key. - */ -/* - * Copyright (C) 2018, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This file is part of mbed TLS (https://tls.mbed.org) - */ - -#ifndef PSA_CRYPTO_STRUCT_H -#define PSA_CRYPTO_STRUCT_H - -#include "psa/client.h" - -#ifdef __cplusplus -extern "C" { -#endif - -struct psa_hash_operation_s { - psa_handle_t handle; -}; - -#define PSA_HASH_OPERATION_INIT { PSA_NULL_HANDLE } -static inline struct psa_hash_operation_s psa_hash_operation_init( void ) -{ - const struct psa_hash_operation_s v = PSA_HASH_OPERATION_INIT; - return( v ); -} - -struct psa_mac_operation_s -{ - psa_handle_t handle; -}; - -#define PSA_MAC_OPERATION_INIT { PSA_NULL_HANDLE } -static inline struct psa_mac_operation_s psa_mac_operation_init( void ) -{ - const struct psa_mac_operation_s v = PSA_MAC_OPERATION_INIT; - return( v ); -} - -struct psa_cipher_operation_s -{ - psa_handle_t handle; -}; - -#define PSA_CIPHER_OPERATION_INIT { PSA_NULL_HANDLE } -static inline struct psa_cipher_operation_s psa_cipher_operation_init( void ) -{ - const struct psa_cipher_operation_s v = PSA_CIPHER_OPERATION_INIT; - return( v ); -} - -struct psa_aead_operation_s -{ - psa_handle_t handle; -}; - -#define PSA_AEAD_OPERATION_INIT { PSA_NULL_HANDLE } -static inline struct psa_aead_operation_s psa_aead_operation_init( void ) -{ - const struct psa_aead_operation_s v = PSA_AEAD_OPERATION_INIT; - return( v ); -} - -struct psa_key_derivation_s -{ - psa_handle_t handle; -}; - -/* This only zeroes out the first byte in the union, the rest is unspecified. */ -#define PSA_KEY_DERIVATION_OPERATION_INIT { PSA_NULL_HANDLE } -static inline struct psa_key_derivation_s psa_key_derivation_operation_init( void ) -{ - const struct psa_key_derivation_s v = PSA_KEY_DERIVATION_OPERATION_INIT; - return( v ); -} - -struct psa_key_policy_s -{ - psa_key_usage_t usage; - psa_algorithm_t alg; - psa_algorithm_t alg2; -}; -typedef struct psa_key_policy_s psa_key_policy_t; - -#define PSA_KEY_POLICY_INIT {0, 0, 0} -static inline struct psa_key_policy_s psa_key_policy_init( void ) -{ - const struct psa_key_policy_s v = PSA_KEY_POLICY_INIT; - return( v ); -} - -/* The type used internally for key sizes. - * Public interfaces use size_t, but internally we use a smaller type. */ -typedef uint16_t psa_key_bits_t; -/* The maximum value of the type used to represent bit-sizes. - * This is used to mark an invalid key size. */ -#define PSA_KEY_BITS_TOO_LARGE ( (psa_key_bits_t) ( -1 ) ) -/* The maximum size of a key in bits. - * Currently defined as the maximum that can be represented, rounded down - * to a whole number of bytes. - * This is an uncast value so that it can be used in preprocessor - * conditionals. */ -#define PSA_MAX_KEY_BITS 0xfff8 - -/** A mask of flags that can be stored in key attributes. - * - * This type is also used internally to store flags in slots. Internal - * flags are defined in library/psa_crypto_core.h. Internal flags may have - * the same value as external flags if they are properly handled during - * key creation and in psa_get_key_attributes. - */ -typedef uint16_t psa_key_attributes_flag_t; - -#define MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER \ - ( (psa_key_attributes_flag_t) 0x0001 ) - -/* A mask of key attribute flags used externally only. - * Only meant for internal checks inside the library. */ -#define MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY ( \ - MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER | \ - 0 ) - -/* A mask of key attribute flags used both internally and externally. - * Currently there aren't any. */ -#define MBEDTLS_PSA_KA_MASK_DUAL_USE ( \ - 0 ) - -typedef struct -{ - psa_key_type_t type; - psa_key_lifetime_t lifetime; - psa_key_id_t id; - psa_key_policy_t policy; - psa_key_bits_t bits; - psa_key_attributes_flag_t flags; -} psa_core_key_attributes_t; - -#define PSA_CORE_KEY_ATTRIBUTES_INIT {0, 0, PSA_KEY_ID_INIT, PSA_KEY_POLICY_INIT, 0, 0} - -struct psa_key_attributes_s -{ - psa_core_key_attributes_t core; -#if defined(MBEDTLS_PSA_CRYPTO_SE_C) - psa_key_slot_number_t slot_number; -#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ - void *domain_parameters; - size_t domain_parameters_size; -}; - -#if defined(MBEDTLS_PSA_CRYPTO_SE_C) -#define PSA_KEY_ATTRIBUTES_INIT {PSA_CORE_KEY_ATTRIBUTES_INIT, 0, NULL, 0} -#else -#define PSA_KEY_ATTRIBUTES_INIT {PSA_CORE_KEY_ATTRIBUTES_INIT, NULL, 0} -#endif - -static inline struct psa_key_attributes_s psa_key_attributes_init( void ) -{ - const struct psa_key_attributes_s v = PSA_KEY_ATTRIBUTES_INIT; - return( v ); -} - -static inline void psa_set_key_id(psa_key_attributes_t *attributes, - psa_key_id_t id) -{ - attributes->core.id = id; - if( attributes->core.lifetime == PSA_KEY_LIFETIME_VOLATILE ) - attributes->core.lifetime = PSA_KEY_LIFETIME_PERSISTENT; -} - -static inline psa_key_id_t psa_get_key_id( - const psa_key_attributes_t *attributes) -{ - return( attributes->core.id ); -} - -static inline void psa_set_key_lifetime(psa_key_attributes_t *attributes, - psa_key_lifetime_t lifetime) -{ - attributes->core.lifetime = lifetime; - if( lifetime == PSA_KEY_LIFETIME_VOLATILE ) - { -#ifdef MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER - attributes->core.id.key_id = 0; - attributes->core.id.owner = 0; -#else - attributes->core.id = 0; -#endif - } -} - -static inline psa_key_lifetime_t psa_get_key_lifetime( - const psa_key_attributes_t *attributes) -{ - return( attributes->core.lifetime ); -} - -static inline void psa_set_key_usage_flags(psa_key_attributes_t *attributes, - psa_key_usage_t usage_flags) -{ - attributes->core.policy.usage = usage_flags; -} - -static inline psa_key_usage_t psa_get_key_usage_flags( - const psa_key_attributes_t *attributes) -{ - return( attributes->core.policy.usage ); -} - -static inline void psa_set_key_algorithm(psa_key_attributes_t *attributes, - psa_algorithm_t alg) -{ - attributes->core.policy.alg = alg; -} - -static inline psa_algorithm_t psa_get_key_algorithm( - const psa_key_attributes_t *attributes) -{ - return( attributes->core.policy.alg ); -} - -/* This function is declared in crypto_extra.h, which comes after this - * header file, but we need the function here, so repeat the declaration. */ -psa_status_t psa_set_key_domain_parameters(psa_key_attributes_t *attributes, - psa_key_type_t type, - const uint8_t *data, - size_t data_length); - -static inline void psa_set_key_type(psa_key_attributes_t *attributes, - psa_key_type_t type) -{ - if( attributes->domain_parameters == NULL ) - { - /* Common case: quick path */ - attributes->core.type = type; - } - else - { - /* Call the bigger function to free the old domain paramteres. - * Ignore any errors which may arise due to type requiring - * non-default domain parameters, since this function can't - * report errors. */ - (void) psa_set_key_domain_parameters( attributes, type, NULL, 0 ); - } -} - -static inline psa_key_type_t psa_get_key_type( - const psa_key_attributes_t *attributes) -{ - return( attributes->core.type ); -} - -static inline void psa_set_key_bits(psa_key_attributes_t *attributes, - size_t bits) -{ - if( bits > PSA_MAX_KEY_BITS ) - attributes->core.bits = PSA_KEY_BITS_TOO_LARGE; - else - attributes->core.bits = (psa_key_bits_t) bits; -} - -static inline size_t psa_get_key_bits( - const psa_key_attributes_t *attributes) -{ - return( attributes->core.bits ); -} - -#ifdef __cplusplus -} -#endif - -#endif /* PSA_CRYPTO_STRUCT_H */ diff --git a/components/TARGET_PSA/services/crypto/COMPONENT_PSA_SRV_IPC/psa_crypto_spm.c b/components/TARGET_PSA/services/crypto/COMPONENT_PSA_SRV_IPC/psa_crypto_spm.c deleted file mode 100644 index a1d09e2587..0000000000 --- a/components/TARGET_PSA/services/crypto/COMPONENT_PSA_SRV_IPC/psa_crypto_spm.c +++ /dev/null @@ -1,1636 +0,0 @@ -/* - * PSA crypto layer on top of Mbed TLS crypto - */ -/* Copyright (C) 2018, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This file is part of mbed TLS (https://tls.mbed.org) - */ - -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif - -#if defined(MBEDTLS_PSA_CRYPTO_C) - -#include -#include -#include - -#include "psa_manifest/sid.h" -#include "psa/client.h" -#include "psa/crypto.h" -#include "crypto_platform_spe.h" -#include "mbed_assert.h" - -#define MINOR_VER 1 -#define CLIENT_PSA_KEY_ID_SIZE_IN_BYTES 4 - -MBED_STATIC_ASSERT(sizeof(psa_key_id_t) == CLIENT_PSA_KEY_ID_SIZE_IN_BYTES, "Unexpected psa_key_id_t size"); - -/****************************************************************/ -/* INTERNAL HELPER FUNCTIONS */ -/****************************************************************/ -static psa_status_t ipc_connect(uint32_t sid, psa_handle_t *handle) -{ - *handle = psa_connect(sid, MINOR_VER); - if (*handle <= PSA_NULL_HANDLE) { - return (PSA_ERROR_COMMUNICATION_FAILURE); - } - return (PSA_SUCCESS); -} - -static inline void ipc_close(psa_handle_t *handle) -{ - psa_close(*handle); - *handle = PSA_NULL_HANDLE; -} - -static psa_status_t ipc_call(psa_handle_t *handle, psa_invec *in_vec, size_t in_vec_size, - psa_outvec *out_vec, size_t out_vec_size, bool close) -{ - if (*handle <= PSA_NULL_HANDLE) { - return (PSA_ERROR_BAD_STATE); - } - - psa_status_t status = psa_call(*handle, in_vec, in_vec_size, out_vec, out_vec_size); - if (close) { - ipc_close(handle); - } - return (status); -} - -static psa_status_t ipc_oneshot(uint32_t sid, psa_invec *in_vec, size_t in_vec_size, - psa_outvec *out_vec, size_t out_vec_size) -{ - psa_handle_t handle = PSA_NULL_HANDLE; - psa_status_t status = ipc_connect(sid, &handle); - if (status != PSA_SUCCESS) { - return status; - } - status = ipc_call(&handle, in_vec, in_vec_size, out_vec, out_vec_size, true); - return (status); -} - - -/* - * PSA Crypto API (crypto.h) - */ - -psa_status_t psa_crypto_init(void) -{ - psa_status_t status = ipc_oneshot(PSA_CRYPTO_INIT_ID, NULL, 0, NULL, 0); - return (status); -} - -psa_status_t psa_get_key_attributes(psa_key_handle_t handle, - psa_key_attributes_t *attributes) -{ - psa_key_mng_ipc_t psa_key_mng_ipc = { - .func = PSA_GET_KEY_ATTRIBUTES, - .handle = handle - }; - - psa_invec in_vec = { &psa_key_mng_ipc, sizeof(psa_key_mng_ipc) }; - - psa_outvec out_vec = { attributes, sizeof(*attributes) }; - - return ipc_oneshot(PSA_KEY_MNG_ID, &in_vec, 1, &out_vec, 1); -} - -void psa_reset_key_attributes(psa_key_attributes_t *attributes) -{ - /* The reset of key attributes can happen entirely without going to the - * core. In fact, it can't go to the core without causing issues with - * memory ownership. Given that psa_set_key_domain_parameters(), which we - * currently don't allow in the client/server architecture, allocates - * memory that would be freed by psa_reset_key_attributes(), we must do - * this in the NSPE due to lack of memory ownership information in the - * core; the SPE can't currently know if any given allocation is valid to - * free for a given client. */ - - /* Note attributes->domain_parameters are currently ignored, as we don't - * currently support them in client/server architecture. */ - memset(attributes, 0, sizeof(*attributes)); -} - -psa_status_t psa_set_key_domain_parameters(psa_key_attributes_t *attributes, - psa_key_type_t type, - const uint8_t *data, - size_t data_length) -{ - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t psa_get_key_domain_parameters(const psa_key_attributes_t *attributes, - uint8_t *data, - size_t data_size, - size_t *data_length) -{ - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t psa_open_key(psa_key_id_t id, - psa_key_handle_t *handle) -{ - psa_key_mng_ipc_t psa_key_mng_ipc = { - .func = PSA_OPEN_KEY, - .handle = *handle, - }; - - psa_invec in_vec[2] = { - { &psa_key_mng_ipc, sizeof(psa_key_mng_ipc) }, - { &id, sizeof(id) } - }; - - psa_outvec out_vec = { handle, sizeof(*handle) }; - - psa_status_t status = ipc_oneshot(PSA_KEY_MNG_ID, in_vec, 2, &out_vec, 1); - return (status); -} - -psa_status_t psa_close_key(psa_key_handle_t handle) -{ - psa_key_mng_ipc_t psa_key_mng_ipc = { - .func = PSA_CLOSE_KEY, - .handle = handle, - }; - - psa_invec in_vec = { &psa_key_mng_ipc, sizeof(psa_key_mng_ipc) }; - - psa_status_t status = ipc_oneshot(PSA_KEY_MNG_ID, &in_vec, 1, NULL, 0); - return (status); -} - -psa_status_t psa_import_key(const psa_key_attributes_t *attributes, - const uint8_t *data, - size_t data_length, - psa_key_handle_t *handle) -{ - psa_key_mng_ipc_t psa_key_mng_ipc = { - .func = PSA_IMPORT_KEY, - .handle = 0, - }; - - psa_invec in_vec[3] = { - { &psa_key_mng_ipc, sizeof(psa_key_mng_ipc) }, - { attributes, sizeof(*attributes) }, - { data, data_length }, - }; - - psa_outvec out_vec = { handle, sizeof(*handle) }; - - return ipc_oneshot(PSA_KEY_MNG_ID, in_vec, 3, &out_vec, 1); -} - -psa_status_t psa_destroy_key(psa_key_handle_t handle) -{ - psa_key_mng_ipc_t psa_key_mng_ipc = { - .func = PSA_DESTROY_KEY, - .handle = handle, - }; - - psa_invec in_vec = { &psa_key_mng_ipc, sizeof(psa_key_mng_ipc) }; - - psa_status_t status = ipc_oneshot(PSA_KEY_MNG_ID, &in_vec, 1, NULL, 0); - return (status); -} - -static psa_status_t psa_export_key_common(psa_key_handle_t handle, - uint8_t *data, - size_t data_size, - size_t *data_length, - psa_sec_function_t func) -{ - psa_key_mng_ipc_t psa_key_mng_ipc = { - .func = func, - .handle = handle, - }; - - psa_invec in_vec = { &psa_key_mng_ipc, sizeof(psa_key_mng_ipc) }; - - psa_outvec out_vec[2] = { - { data, data_size }, - { data_length, sizeof(*data_length) } - }; - - psa_status_t status = ipc_oneshot(PSA_KEY_MNG_ID, &in_vec, 1, out_vec, 2); - return (status); -} - -psa_status_t psa_export_key(psa_key_handle_t handle, - uint8_t *data, - size_t data_size, - size_t *data_length) -{ - psa_status_t status = psa_export_key_common(handle, data, data_size, - data_length, PSA_EXPORT_KEY); - return (status); -} - -psa_status_t psa_export_public_key(psa_key_handle_t handle, - uint8_t *data, - size_t data_size, - size_t *data_length) -{ - psa_status_t status = psa_export_key_common(handle, data, data_size, - data_length, - PSA_EXPORT_PUBLIC_KEY); - return (status); -} - -psa_status_t psa_copy_key(psa_key_handle_t source_handle, - const psa_key_attributes_t *attributes, - psa_key_handle_t *target_handle) -{ - psa_key_mng_ipc_t psa_key_mng_ipc = { - .func = PSA_COPY_KEY, - .handle = source_handle, - }; - - psa_invec in_vec = { &psa_key_mng_ipc, sizeof(psa_key_mng_ipc) }; - - psa_outvec out_vec = { target_handle, sizeof(*target_handle) }; - - return ipc_oneshot(PSA_KEY_MNG_ID, &in_vec, 1, &out_vec, 1); -} - -psa_status_t psa_hash_compute(psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - uint8_t *hash, - size_t hash_size, - size_t *hash_length) -{ - psa_crypto_ipc_t psa_crypto_ipc = { - .func = PSA_HASH_COMPUTE, - .handle = 0, - .alg = alg, - }; - - psa_invec in_vec[2] = { - { &psa_crypto_ipc, sizeof(psa_crypto_ipc) }, - { input, input_length } - }; - - psa_outvec out_vec[2] = { - { hash, hash_size }, - { hash_length, sizeof(*hash_length) } - }; - - return ipc_oneshot(PSA_HASH_ID, in_vec, 2, out_vec, 2); -} - -psa_status_t psa_hash_compare(psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - const uint8_t *hash, - const size_t hash_length) -{ - psa_crypto_ipc_t psa_crypto_ipc = { - .func = PSA_HASH_COMPARE, - .handle = 0, - .alg = alg, - }; - - psa_invec in_vec[3] = { - { &psa_crypto_ipc, sizeof(psa_crypto_ipc) }, - { input, input_length }, - { hash, hash_length }, - }; - - return ipc_oneshot(PSA_HASH_ID, in_vec, 3, NULL, 0); -} - -psa_status_t psa_hash_setup(psa_hash_operation_t *operation, - psa_algorithm_t alg) -{ - if (operation->handle != PSA_NULL_HANDLE) { - return (PSA_ERROR_BAD_STATE); - } - - psa_crypto_ipc_t psa_crypto_ipc = { - .func = PSA_HASH_SETUP, - .handle = 0, - .alg = alg - }; - - psa_invec in_vec = { &psa_crypto_ipc, sizeof(psa_crypto_ipc) }; - - psa_status_t status = ipc_connect(PSA_HASH_ID, &operation->handle); - if (status != PSA_SUCCESS) { - return (status); - } - status = ipc_call(&operation->handle, &in_vec, 1, NULL, 0, false); - if (status != PSA_SUCCESS) { - ipc_close(&operation->handle); - } - return (status); -} - -psa_status_t psa_hash_update(psa_hash_operation_t *operation, - const uint8_t *input, - size_t input_length) -{ - psa_crypto_ipc_t psa_crypto_ipc = { - .func = PSA_HASH_UPDATE, - .handle = 0, - .alg = 0 - }; - - psa_invec in_vec[2] = { - { &psa_crypto_ipc, sizeof(psa_crypto_ipc) }, - { input, input_length } - }; - - psa_status_t status = ipc_call(&operation->handle, in_vec, 2, NULL, 0, false); - if (status != PSA_SUCCESS) { - ipc_close(&operation->handle); - } - return (status); -} - -psa_status_t psa_hash_finish(psa_hash_operation_t *operation, - uint8_t *hash, - size_t hash_size, - size_t *hash_length) -{ - psa_crypto_ipc_t psa_crypto_ipc = { - .func = PSA_HASH_FINISH, - .handle = 0, - .alg = 0 - }; - - psa_invec in_vec[2] = { - { &psa_crypto_ipc, sizeof(psa_crypto_ipc) }, - { &hash_size, sizeof(hash_size) } - }; - - psa_outvec out_vec[2] = { - { hash, hash_size }, - { hash_length, sizeof(*hash_length) } - }; - - psa_status_t status = ipc_call(&operation->handle, in_vec, 2, out_vec, 2, true); - return (status); -} - -psa_status_t psa_hash_verify(psa_hash_operation_t *operation, - const uint8_t *hash, - size_t hash_length) -{ - psa_crypto_ipc_t psa_crypto_ipc = { - .func = PSA_HASH_VERIFY, - .handle = 0, - .alg = 0 - }; - - psa_invec in_vec[3] = { - { &psa_crypto_ipc, sizeof(psa_crypto_ipc) }, - { &hash_length, sizeof(hash_length) }, - { hash, hash_length } - }; - - psa_status_t status = ipc_call(&operation->handle, in_vec, 3, NULL, 0, true); - return (status); -} - -psa_status_t psa_hash_abort(psa_hash_operation_t *operation) -{ - if (operation->handle <= PSA_NULL_HANDLE) { - return (PSA_SUCCESS); - } - - psa_crypto_ipc_t psa_crypto_ipc = { - .func = PSA_HASH_ABORT, - .handle = 0, - .alg = 0 - }; - - psa_invec in_vec = { &psa_crypto_ipc, sizeof(psa_crypto_ipc) }; - - psa_status_t status = ipc_call(&operation->handle, &in_vec, 1, NULL, 0, true); - return (status); -} - -psa_status_t psa_hash_clone(const psa_hash_operation_t *source_operation, - psa_hash_operation_t *target_operation) -{ - if (source_operation->handle <= PSA_NULL_HANDLE || target_operation->handle != PSA_NULL_HANDLE) { - return (PSA_ERROR_BAD_STATE); - } - - psa_crypto_ipc_t psa_crypto_ipc = { - .func = 0, - .handle = 0, - .alg = 0 - }; - - size_t index = 0; - - psa_invec in_vec[2] = { - { &psa_crypto_ipc, sizeof(psa_crypto_ipc) }, - { &index, sizeof(index) } - }; - - psa_outvec out_vec = { &index, sizeof(index) }; - - psa_status_t status = ipc_connect(PSA_HASH_ID, &target_operation->handle); - if (status != PSA_SUCCESS) { - return (status); - } - - psa_crypto_ipc.func = PSA_HASH_CLONE_BEGIN; - status = ipc_call((psa_handle_t *)&source_operation->handle, in_vec, 1, &out_vec, 1, false); - if (status != PSA_SUCCESS) { - goto exit; - } - - psa_crypto_ipc.func = PSA_HASH_CLONE_END; - status = ipc_call(&target_operation->handle, in_vec, 2, NULL, 0, false); - -exit: - if (status != PSA_SUCCESS) { - ipc_close(&target_operation->handle); - } - return (status); -} - -psa_status_t psa_mac_compute(psa_key_handle_t handle, - psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - uint8_t *mac, - size_t mac_size, - size_t *mac_length) -{ - psa_crypto_ipc_t psa_crypto_ipc = { - .func = PSA_MAC_COMPUTE, - .handle = handle, - .alg = alg, - }; - - psa_invec in_vec[2] = { - { &psa_crypto_ipc, sizeof(psa_crypto_ipc) }, - { input, input_length }, - }; - - psa_outvec out_vec[2] = { - { mac, mac_size }, - { mac_length, sizeof(*mac_length) }, - }; - - psa_status_t status = ipc_oneshot(PSA_MAC_ID, in_vec, 2, out_vec, 2); - return (status); -} - -psa_status_t psa_mac_verify(psa_key_handle_t handle, - psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - const uint8_t *mac, - const size_t mac_length) -{ - psa_crypto_ipc_t psa_crypto_ipc = { - .func = PSA_MAC_VERIFY, - .handle = handle, - .alg = alg, - }; - - psa_invec in_vec[3] = { - { &psa_crypto_ipc, sizeof(psa_crypto_ipc) }, - { input, input_length }, - { mac, mac_length }, - }; - - psa_status_t status = ipc_oneshot(PSA_MAC_ID, in_vec, 2, NULL, 0); - return (status); -} - -static psa_status_t psa_mac_setup(psa_mac_operation_t *operation, - psa_key_handle_t handle, - psa_algorithm_t alg, - psa_sec_function_t func) -{ - if (operation->handle != PSA_NULL_HANDLE) { - return (PSA_ERROR_BAD_STATE); - } - - psa_crypto_ipc_t psa_crypto_ipc = { - .func = func, - .handle = handle, - .alg = alg - }; - - psa_invec in_vec = { &psa_crypto_ipc, sizeof(psa_crypto_ipc) }; - - psa_status_t status = ipc_connect(PSA_MAC_ID, &operation->handle); - if (status != PSA_SUCCESS) { - return (status); - } - status = ipc_call(&operation->handle, &in_vec, 1, NULL, 0, false); - if (status != PSA_SUCCESS) { - ipc_close(&operation->handle); - } - return (status); -} - -psa_status_t psa_mac_sign_setup(psa_mac_operation_t *operation, - psa_key_handle_t handle, - psa_algorithm_t alg) -{ - psa_status_t status = psa_mac_setup(operation, handle, alg, PSA_MAC_SIGN_SETUP); - return (status); -} - -psa_status_t psa_mac_verify_setup(psa_mac_operation_t *operation, - psa_key_handle_t handle, - psa_algorithm_t alg) -{ - psa_status_t status = psa_mac_setup(operation, handle, alg, PSA_MAC_VERIFY_SETUP); - return (status); -} - -psa_status_t psa_mac_update(psa_mac_operation_t *operation, - const uint8_t *input, - size_t input_length) -{ - psa_crypto_ipc_t psa_crypto_ipc = { - .func = PSA_MAC_UPDATE, - .handle = 0, - .alg = 0 - }; - - psa_invec in_vec[2] = { - { &psa_crypto_ipc, sizeof(psa_crypto_ipc) }, - { input, input_length } - }; - - psa_status_t status = ipc_call(&operation->handle, in_vec, 2, NULL, 0, false); - if (status != PSA_SUCCESS) { - ipc_close(&operation->handle); - } - return (status); -} - -psa_status_t psa_mac_sign_finish(psa_mac_operation_t *operation, - uint8_t *mac, - size_t mac_size, - size_t *mac_length) -{ - psa_crypto_ipc_t psa_crypto_ipc = { - .func = PSA_MAC_SIGN_FINISH, - .handle = 0, - .alg = 0 - }; - - psa_invec in_vec[2] = { - { &psa_crypto_ipc, sizeof(psa_crypto_ipc) }, - { &mac_size, sizeof(mac_size) } - }; - - psa_outvec out_vec[2] = { - { mac, mac_size }, - { mac_length, sizeof(*mac_length) } - }; - - psa_status_t status = ipc_call(&operation->handle, in_vec, 2, out_vec, 2, true); - return (status); -} - -psa_status_t psa_mac_verify_finish(psa_mac_operation_t *operation, - const uint8_t *mac, - size_t mac_length) -{ - psa_crypto_ipc_t psa_crypto_ipc = { - .func = PSA_MAC_VERIFY_FINISH, - .handle = 0, - .alg = 0 - }; - - psa_invec in_vec[3] = { - { &psa_crypto_ipc, sizeof(psa_crypto_ipc) }, - { &mac_length, sizeof(mac_length) }, - { mac, mac_length } - }; - - psa_status_t status = ipc_call(&operation->handle, in_vec, 3, NULL, 0, true); - return (status); -} - -psa_status_t psa_mac_abort(psa_mac_operation_t *operation) -{ - if (operation->handle <= PSA_NULL_HANDLE) { - return (PSA_SUCCESS); - } - - psa_crypto_ipc_t psa_crypto_ipc = { - .func = PSA_MAC_ABORT, - .handle = 0, - .alg = 0 - }; - - psa_invec in_vec = { &psa_crypto_ipc, sizeof(psa_crypto_ipc) }; - - psa_status_t status = ipc_call(&operation->handle, &in_vec, 1, NULL, 0, true); - return (status); -} - -psa_status_t psa_cipher_encrypt(psa_key_handle_t handle, - psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - uint8_t *output, - size_t output_size, - size_t *output_length) -{ - psa_crypto_ipc_t psa_crypto_ipc = { - .func = PSA_CIPHER_ENCRYPT, - .handle = handle, - .alg = alg, - }; - - psa_invec in_vec[2] = { - { &psa_crypto_ipc, sizeof(psa_crypto_ipc) }, - { input, input_length }, - }; - - psa_outvec out_vec[2] = { - { output, output_size }, - { output_length, sizeof(*output_length) }, - }; - - psa_status_t status = ipc_oneshot(PSA_SYMMETRIC_ID, in_vec, 2, out_vec, 2); - return (status); -} - -psa_status_t psa_cipher_decrypt(psa_key_handle_t handle, - psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - uint8_t *output, - size_t output_size, - size_t *output_length) -{ - psa_crypto_ipc_t psa_crypto_ipc = { - .func = PSA_CIPHER_DECRYPT, - .handle = handle, - .alg = alg, - }; - - psa_invec in_vec[3] = { - { &psa_crypto_ipc, sizeof(psa_crypto_ipc) }, - { input, input_length }, - }; - - psa_outvec out_vec[2] = { - { output, output_size }, - { output_length, sizeof(*output_length) }, - }; - - psa_status_t status = ipc_oneshot(PSA_SYMMETRIC_ID, in_vec, 2, out_vec, 2); - return (status); -} - -static psa_status_t psa_cipher_setup(psa_cipher_operation_t *operation, - psa_key_handle_t handle, - psa_algorithm_t alg, - psa_sec_function_t func) -{ - if (operation->handle != PSA_NULL_HANDLE) { - return (PSA_ERROR_BAD_STATE); - } - - psa_crypto_ipc_t psa_crypto_ipc = { - .func = func, - .handle = handle, - .alg = alg - }; - - psa_invec in_vec = { &psa_crypto_ipc, sizeof(psa_crypto_ipc) }; - - psa_status_t status = ipc_connect(PSA_SYMMETRIC_ID, &operation->handle); - if (status != PSA_SUCCESS) { - return (status); - } - status = ipc_call(&operation->handle, &in_vec, 1, NULL, 0, false); - if (status != PSA_SUCCESS) { - ipc_close(&operation->handle); - } - return (status); -} - -psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation, - psa_key_handle_t handle, - psa_algorithm_t alg) -{ - psa_status_t status = psa_cipher_setup(operation, handle, alg, PSA_CIPHER_ENCRYPT_SETUP); - return (status); -} - -psa_status_t psa_cipher_decrypt_setup(psa_cipher_operation_t *operation, - psa_key_handle_t handle, - psa_algorithm_t alg) -{ - psa_status_t status = psa_cipher_setup(operation, handle, alg, PSA_CIPHER_DECRYPT_SETUP); - return (status); -} - -psa_status_t psa_cipher_generate_iv(psa_cipher_operation_t *operation, - uint8_t *iv, - size_t iv_size, - size_t *iv_length) -{ - psa_crypto_ipc_t psa_crypto_ipc = { - .func = PSA_CIPHER_GENERATE_IV, - .handle = 0, - .alg = 0 - }; - - psa_invec in_vec = { &psa_crypto_ipc, sizeof(psa_crypto_ipc) }; - - psa_outvec out_vec[2] = { - { iv, iv_size }, - { iv_length, sizeof(*iv_length) } - }; - - psa_status_t status = ipc_call(&operation->handle, &in_vec, 1, out_vec, 2, false); - if (status != PSA_SUCCESS) { - ipc_close(&operation->handle); - } - return (status); -} - -psa_status_t psa_cipher_set_iv(psa_cipher_operation_t *operation, - const uint8_t *iv, - size_t iv_length) -{ - psa_crypto_ipc_t psa_crypto_ipc = { - .func = PSA_CIPHER_SET_IV, - .handle = 0, - .alg = 0 - }; - - psa_invec in_vec[2] = { - { &psa_crypto_ipc, sizeof(psa_crypto_ipc) }, - { iv, iv_length } - }; - - psa_status_t status = ipc_call(&operation->handle, in_vec, 2, NULL, 0, false); - if (status != PSA_SUCCESS) { - ipc_close(&operation->handle); - } - return (status); -} - -psa_status_t psa_cipher_update(psa_cipher_operation_t *operation, - const uint8_t *input, - size_t input_length, - uint8_t *output, - size_t output_size, - size_t *output_length) -{ - psa_crypto_ipc_t psa_crypto_ipc = { - .func = PSA_CIPHER_UPDATE, - .handle = 0, - .alg = 0 - }; - - psa_invec in_vec[2] = { - { &psa_crypto_ipc, sizeof(psa_crypto_ipc) }, - { input, input_length } - }; - - psa_outvec out_vec[2] = { - { output, output_size }, - { output_length, (output_length == NULL ? 0 : sizeof(*output_length)) } - }; - - psa_status_t status = ipc_call(&operation->handle, in_vec, 2, out_vec, 2, false); - if (status != PSA_SUCCESS) { - ipc_close(&operation->handle); - } - return (status); -} - -psa_status_t psa_cipher_finish(psa_cipher_operation_t *operation, - uint8_t *output, - size_t output_size, - size_t *output_length) -{ - psa_crypto_ipc_t psa_crypto_ipc = { - .func = PSA_CIPHER_FINISH, - .handle = 0, - .alg = 0 - }; - - psa_invec in_vec = { &psa_crypto_ipc, sizeof(psa_crypto_ipc) }; - - psa_outvec out_vec[2] = { - { output, output_size }, - { output_length, (output_length == NULL ? 0 : sizeof(*output_length)) } - }; - - psa_status_t status = ipc_call(&operation->handle, &in_vec, 1, out_vec, 2, true); - return (status); -} - -psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation) -{ - if (operation->handle <= PSA_NULL_HANDLE) { - return (PSA_SUCCESS); - } - - psa_crypto_ipc_t psa_crypto_ipc = { - .func = PSA_CIPHER_ABORT, - .handle = 0, - .alg = 0 - }; - - psa_invec in_vec = { &psa_crypto_ipc, sizeof(psa_crypto_ipc) }; - - psa_status_t status = ipc_call(&operation->handle, &in_vec, 1, NULL, 0, true); - return (status); -} - -psa_status_t psa_aead_encrypt(psa_key_handle_t handle, - psa_algorithm_t alg, - const uint8_t *nonce, - size_t nonce_length, - const uint8_t *additional_data, - size_t additional_data_length, - const uint8_t *plaintext, - size_t plaintext_length, - uint8_t *ciphertext, - size_t ciphertext_size, - size_t *ciphertext_length) -{ - if (nonce_length > PSA_AEAD_MAX_NONCE_SIZE) { - return (PSA_ERROR_INVALID_ARGUMENT); - } - - uint8_t *buffer = calloc(1, (additional_data_length + plaintext_length)); - if (buffer == NULL) { - return (PSA_ERROR_INSUFFICIENT_MEMORY); - } - - psa_crypto_ipc_aead_t psa_crypto_ipc = { - .func = PSA_AEAD_ENCRYPT, - .handle = handle, - .alg = alg, - .nonce_size = nonce_length, - .additional_data_length = additional_data_length, - .input_length = plaintext_length, - .nonce = { 0 } - }; - - psa_invec in_vec[2] = { - { &psa_crypto_ipc, sizeof(psa_crypto_ipc) }, - { buffer, (additional_data_length + plaintext_length) } - }; - - psa_outvec out_vec[2] = { - { ciphertext, ciphertext_size }, - { ciphertext_length, sizeof(*ciphertext_length) } - }; - - psa_status_t status; - memcpy(buffer, additional_data, additional_data_length); - memcpy(buffer + additional_data_length, plaintext, plaintext_length); - memcpy(psa_crypto_ipc.nonce, nonce, nonce_length); - - status = ipc_oneshot(PSA_AEAD_ID, in_vec, 2, out_vec, 2); - free(buffer); - return (status); -} - -psa_status_t psa_aead_decrypt(psa_key_handle_t handle, - psa_algorithm_t alg, - const uint8_t *nonce, - size_t nonce_length, - const uint8_t *additional_data, - size_t additional_data_length, - const uint8_t *ciphertext, - size_t ciphertext_length, - uint8_t *plaintext, - size_t plaintext_size, - size_t *plaintext_length) -{ - if (nonce_length > PSA_AEAD_MAX_NONCE_SIZE) { - return (PSA_ERROR_INVALID_ARGUMENT); - } - - uint8_t *buffer = calloc(1, (additional_data_length + ciphertext_length)); - if (buffer == NULL) { - return (PSA_ERROR_INSUFFICIENT_MEMORY); - } - - psa_crypto_ipc_aead_t psa_crypto_ipc = { - .func = PSA_AEAD_DECRYPT, - .handle = handle, - .alg = alg, - .nonce_size = nonce_length, - .additional_data_length = additional_data_length, - .input_length = ciphertext_length, - .nonce = { 0 } - }; - - psa_invec in_vec[2] = { - { &psa_crypto_ipc, sizeof(psa_crypto_ipc) }, - { buffer, (additional_data_length + ciphertext_length) } - }; - - psa_outvec out_vec[2] = { - { plaintext, plaintext_size }, - { plaintext_length, sizeof(*plaintext_length) } - }; - - psa_status_t status; - memcpy(buffer, additional_data, additional_data_length); - memcpy(buffer + additional_data_length, ciphertext, ciphertext_length); - memcpy(psa_crypto_ipc.nonce, nonce, nonce_length); - - status = ipc_oneshot(PSA_AEAD_ID, in_vec, 2, out_vec, 2); - free(buffer); - return (status); -} - -static psa_status_t psa_aead_setup(psa_aead_operation_t *operation, - psa_key_handle_t handle, - psa_algorithm_t alg, - psa_sec_function_t func) -{ - if (operation->handle != PSA_NULL_HANDLE) { - return PSA_ERROR_BAD_STATE; - } - - psa_crypto_ipc_t psa_crypto_ipc = { - .func = func, - .handle = handle, - .alg = alg - }; - - psa_invec in_vec = { &psa_crypto_ipc, sizeof(psa_crypto_ipc) }; - - psa_status_t status = ipc_connect(PSA_AEAD_ID, &operation->handle); - if (status != PSA_SUCCESS) { - return status; - } - status = ipc_call(&operation->handle, &in_vec, 1, NULL, 0, false); - if (status != PSA_SUCCESS) { - ipc_close(&operation->handle); - } - return status; -} - -psa_status_t psa_aead_encrypt_setup(psa_aead_operation_t *operation, - psa_key_handle_t handle, - psa_algorithm_t alg) -{ - return psa_aead_setup(operation, handle, alg, PSA_AEAD_ENCRYPT_SETUP); -} - -psa_status_t psa_aead_decrypt_setup(psa_aead_operation_t *operation, - psa_key_handle_t handle, - psa_algorithm_t alg) -{ - return psa_aead_setup(operation, handle, alg, PSA_AEAD_DECRYPT_SETUP); -} - -psa_status_t psa_aead_generate_nonce(psa_aead_operation_t *operation, - uint8_t *nonce, - size_t nonce_size, - size_t *nonce_length) -{ - if (operation->handle <= PSA_NULL_HANDLE) { - return PSA_ERROR_BAD_STATE; - } - - psa_crypto_ipc_aead_t psa_crypto_ipc = { - .func = PSA_AEAD_GENERATE_NONCE, - .handle = 0, - }; - - psa_invec in_vec[1] = { - { &psa_crypto_ipc, sizeof(psa_crypto_ipc) }, - }; - - psa_outvec out_vec[2] = { - { nonce, nonce_size }, - { nonce_length, sizeof(*nonce_length) }, - }; - - return ipc_call(&operation->handle, in_vec, 1, out_vec, 2, false); -} - -psa_status_t psa_aead_set_nonce(psa_aead_operation_t *operation, - const uint8_t *nonce, - size_t nonce_length) -{ - if (operation->handle <= PSA_NULL_HANDLE) { - return PSA_ERROR_BAD_STATE; - } - - if (nonce_length > PSA_AEAD_MAX_NONCE_SIZE) { - return (PSA_ERROR_INVALID_ARGUMENT); - } - - psa_crypto_ipc_aead_t psa_crypto_ipc = { - .func = PSA_AEAD_SET_NONCE, - .handle = 0, - }; - - psa_invec in_vec[2] = { - { &psa_crypto_ipc, sizeof(psa_crypto_ipc) }, - { nonce, nonce_length } - }; - - return ipc_call(&operation->handle, in_vec, 2, NULL, 0, false); -} - -psa_status_t psa_aead_set_lengths(psa_aead_operation_t *operation, - size_t ad_length, - size_t plaintext_length) -{ - if (operation->handle <= PSA_NULL_HANDLE) { - return PSA_ERROR_BAD_STATE; - } - - psa_crypto_ipc_aead_t psa_crypto_ipc = { - .func = PSA_AEAD_SET_LENGTHS, - .handle = 0, - .alg = 0, - .additional_data_length = ad_length, - .input_length = plaintext_length, - }; - - psa_invec in_vec[1] = { - { &psa_crypto_ipc, sizeof(psa_crypto_ipc) }, - }; - - return ipc_call(&operation->handle, in_vec, 1, NULL, 0, false); -} - -psa_status_t psa_aead_update_ad(psa_aead_operation_t *operation, - const uint8_t *input, - size_t input_length) -{ - if (operation->handle <= PSA_NULL_HANDLE) { - return PSA_ERROR_BAD_STATE; - } - - psa_crypto_ipc_aead_t psa_crypto_ipc = { - .func = PSA_AEAD_UPDATE_AD, - .handle = 0, - .alg = 0, - }; - - psa_invec in_vec[2] = { - { &psa_crypto_ipc, sizeof(psa_crypto_ipc) }, - { input, input_length }, - }; - - return ipc_call(&operation->handle, in_vec, 2, NULL, 0, false); -} - -psa_status_t psa_aead_update(psa_aead_operation_t *operation, - const uint8_t *input, - size_t input_length, - uint8_t *output, - size_t output_size, - size_t *output_length) -{ - if (operation->handle <= PSA_NULL_HANDLE) { - return PSA_ERROR_BAD_STATE; - } - - psa_crypto_ipc_aead_t psa_crypto_ipc = { - .func = PSA_AEAD_UPDATE, - .handle = 0, - .alg = 0, - }; - - psa_invec in_vec[2] = { - { &psa_crypto_ipc, sizeof(psa_crypto_ipc) }, - { input, input_length }, - }; - - psa_outvec out_vec[2] = { - { output, output_size }, - { output_length, sizeof(*output_length) }, - }; - - return ipc_call(&operation->handle, in_vec, 2, out_vec, 2, false); -} - -psa_status_t psa_aead_finish(psa_aead_operation_t *operation, - uint8_t *ciphertext, - size_t ciphertext_size, - size_t *ciphertext_length, - uint8_t *tag, - size_t tag_size, - size_t *tag_length) -{ - if (operation->handle <= PSA_NULL_HANDLE) { - return PSA_ERROR_BAD_STATE; - } - - psa_crypto_ipc_t psa_crypto_ipc = { - .func = PSA_AEAD_FINISH, - .handle = 0, - .alg = 0 - }; - - psa_invec in_vec[1] = { - { &psa_crypto_ipc, sizeof(psa_crypto_ipc) }, - }; - - psa_outvec out_vec[4] = { - { ciphertext, ciphertext_size }, - { ciphertext_length, (ciphertext_length == NULL ? 0 : sizeof(*ciphertext_length)) }, - { tag, tag_size }, - { tag_length, (tag_length == NULL ? 0 : sizeof(*tag_length)) }, - }; - - return ipc_call(&operation->handle, in_vec, 1, out_vec, 4, true); -} - -psa_status_t psa_aead_verify(psa_aead_operation_t *operation, - uint8_t *plaintext, - size_t plaintext_size, - size_t *plaintext_length, - const uint8_t *tag, - size_t tag_length) -{ - if (operation->handle <= PSA_NULL_HANDLE) { - return PSA_ERROR_BAD_STATE; - } - - psa_crypto_ipc_t psa_crypto_ipc = { - .func = PSA_AEAD_VERIFY, - .handle = 0, - .alg = 0 - }; - - psa_invec in_vec[3] = { - { &psa_crypto_ipc, sizeof(psa_crypto_ipc) }, - { tag, tag_length }, - }; - - psa_outvec out_vec[2] = { - { plaintext, plaintext_size }, - { plaintext_length, (plaintext_length == NULL ? 0 : sizeof(*plaintext_length)) }, - }; - - return ipc_call(&operation->handle, in_vec, 3, out_vec, 2, true); -} - -psa_status_t psa_aead_abort(psa_aead_operation_t *operation) -{ - if (operation->handle <= PSA_NULL_HANDLE) { - return PSA_SUCCESS; - } - - psa_crypto_ipc_aead_t psa_crypto_ipc = { - .func = PSA_AEAD_ABORT, - .handle = 0, - .alg = 0 - }; - - psa_invec in_vec = { &psa_crypto_ipc, sizeof(psa_crypto_ipc) }; - - return ipc_call(&operation->handle, &in_vec, 1, NULL, 0, true); -} - -psa_status_t psa_asymmetric_sign(psa_key_handle_t handle, - psa_algorithm_t alg, - const uint8_t *hash, - size_t hash_length, - uint8_t *signature, - size_t signature_size, - size_t *signature_length) -{ - psa_crypto_ipc_asymmetric_t psa_crypto_ipc = { - .func = PSA_ASYMMETRIC_SIGN, - .handle = handle, - .alg = alg, - .input_length = 0, - .salt_length = 0 - }; - - psa_invec in_vec[2] = { - { &psa_crypto_ipc, sizeof(psa_crypto_ipc) }, - { hash, hash_length } - }; - - psa_outvec out_vec[2] = { - { signature, signature_size }, - { signature_length, sizeof(*signature_length) } - }; - - psa_status_t status = ipc_oneshot(PSA_ASYMMETRIC_ID, in_vec, 2, out_vec, 2); - return (status); -} - -psa_status_t psa_asymmetric_verify(psa_key_handle_t handle, - psa_algorithm_t alg, - const uint8_t *hash, - size_t hash_length, - const uint8_t *signature, - size_t signature_size) -{ - psa_crypto_ipc_asymmetric_t psa_crypto_ipc = { - .func = PSA_ASYMMETRIC_VERIFY, - .handle = handle, - .alg = alg, - .input_length = 0, - .salt_length = 0 - }; - - psa_invec in_vec[3] = { - { &psa_crypto_ipc, sizeof(psa_crypto_ipc) }, - { signature, signature_size }, - { hash, hash_length } - }; - - psa_status_t status = ipc_oneshot(PSA_ASYMMETRIC_ID, in_vec, 3, NULL, 0); - return (status); -} - -static psa_status_t psa_asymmetric_operation(psa_sec_function_t func, - psa_key_handle_t handle, - psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - const uint8_t *salt, - size_t salt_length, - uint8_t *output, - size_t output_size, - size_t *output_length) -{ - uint8_t *buffer = calloc(1, (input_length + salt_length)); - if (buffer == NULL) { - return (PSA_ERROR_INSUFFICIENT_MEMORY); - } - - psa_crypto_ipc_asymmetric_t psa_crypto_ipc = { - .func = func, - .handle = handle, - .alg = alg, - .input_length = input_length, - .salt_length = salt_length - }; - - psa_invec in_vec[2] = { - { &psa_crypto_ipc, sizeof(psa_crypto_ipc) }, - { buffer, (input_length + salt_length) } - }; - - psa_outvec out_vec[2] = { - { output, output_size }, - { output_length, sizeof(*output_length) } - }; - - psa_status_t status; - memcpy(buffer, input, input_length); - memcpy(buffer + input_length, salt, salt_length); - - status = ipc_oneshot(PSA_ASYMMETRIC_ID, in_vec, 2, out_vec, 2); - free(buffer); - return (status); -} - -psa_status_t psa_asymmetric_encrypt(psa_key_handle_t handle, - psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - const uint8_t *salt, - size_t salt_length, - uint8_t *output, - size_t output_size, - size_t *output_length) -{ - psa_status_t status = psa_asymmetric_operation(PSA_ASYMMETRIC_ENCRYPT, - handle, - alg, input, input_length, - salt, salt_length, output, - output_size, output_length); - return (status); -} - -psa_status_t psa_asymmetric_decrypt(psa_key_handle_t handle, - psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - const uint8_t *salt, - size_t salt_length, - uint8_t *output, - size_t output_size, - size_t *output_length) -{ - psa_status_t status = psa_asymmetric_operation(PSA_ASYMMETRIC_DECRYPT, - handle, - alg, input, input_length, - salt, salt_length, output, - output_size, output_length); - return (status); -} - -psa_status_t psa_key_derivation_setup( - psa_key_derivation_operation_t *operation, - psa_algorithm_t alg) -{ - if (operation->handle != PSA_NULL_HANDLE) { - return PSA_ERROR_BAD_STATE; - } - - psa_crypto_derivation_ipc_t psa_crypto_ipc = { - .func = PSA_KEY_DERIVATION_SETUP, - .handle = 0, - .alg = alg - }; - - psa_invec in_vec = { &psa_crypto_ipc, sizeof(psa_crypto_ipc) }; - - psa_status_t status = ipc_connect(PSA_KEY_DERIVATION_ID, &operation->handle); - if (status != PSA_SUCCESS) { - return status; - } - - status = ipc_call(&operation->handle, &in_vec, 1, NULL, 0, false); - if (status != PSA_SUCCESS) { - ipc_close(&operation->handle); - } - - return status; -} - -psa_status_t psa_key_derivation_get_capacity( - const psa_key_derivation_operation_t *op, - size_t *capacity) -{ - psa_key_derivation_operation_t *operation = (psa_key_derivation_operation_t *) op; - - if (operation->handle <= PSA_NULL_HANDLE) { - return PSA_ERROR_BAD_STATE; - } - - psa_crypto_derivation_ipc_t psa_crypto_ipc = { - .func = PSA_KEY_DERIVATION_GET_CAPACITY, - .handle = 0, - .alg = 0, - }; - - psa_invec in_vec = { &psa_crypto_ipc, sizeof(psa_crypto_ipc) }; - - psa_outvec out_vec = { capacity, sizeof(*capacity) }; - - return ipc_call(&operation->handle, &in_vec, 1, &out_vec, 1, false); -} - -psa_status_t psa_key_derivation_set_capacity( - psa_key_derivation_operation_t *operation, - size_t capacity) -{ - if (operation->handle <= PSA_NULL_HANDLE) { - return PSA_ERROR_BAD_STATE; - } - - psa_crypto_derivation_ipc_t psa_crypto_ipc = { - .func = PSA_KEY_DERIVATION_SET_CAPACITY, - .handle = 0, - .alg = 0, - }; - - psa_invec in_vec[2] = { - { &psa_crypto_ipc, sizeof(psa_crypto_ipc) }, - { &capacity, sizeof(capacity) }, - }; - - return ipc_call(&operation->handle, in_vec, 2, NULL, 0, false); -} - -psa_status_t psa_key_derivation_input_bytes( - psa_key_derivation_operation_t *operation, - psa_key_derivation_step_t step, - const uint8_t *data, - size_t data_length) -{ - if (operation->handle <= PSA_NULL_HANDLE) { - return PSA_ERROR_BAD_STATE; - } - - psa_crypto_derivation_ipc_t psa_crypto_ipc = { - .func = PSA_KEY_DERIVATION_INPUT_BYTES, - .handle = 0, - .alg = 0, - }; - - psa_invec in_vec[3] = { - { &psa_crypto_ipc, sizeof(psa_crypto_ipc) }, - { &step, sizeof(step) }, - { data, data_length }, - }; - - return ipc_call(&operation->handle, in_vec, 3, NULL, 0, false); -} - -psa_status_t psa_key_derivation_input_key( - psa_key_derivation_operation_t *operation, - psa_key_derivation_step_t step, - psa_key_handle_t handle) -{ - if (operation->handle <= PSA_NULL_HANDLE) { - return PSA_ERROR_BAD_STATE; - } - - psa_crypto_derivation_ipc_t psa_crypto_ipc = { - .func = PSA_KEY_DERIVATION_INPUT_KEY, - .handle = handle, - .alg = 0 - }; - - psa_invec in_vec[2] = { - { &psa_crypto_ipc, sizeof(psa_crypto_ipc) }, - { &step, sizeof(step) }, - }; - - psa_status_t status = ipc_call(&operation->handle, in_vec, 2, NULL, 0, false); - return (status); -} - -psa_status_t psa_key_derivation_key_agreement( - psa_key_derivation_operation_t *operation, - psa_key_derivation_step_t step, - psa_key_handle_t private_key, - const uint8_t *peer_key, - size_t peer_key_length) -{ - if (operation->handle <= PSA_NULL_HANDLE) { - return PSA_ERROR_BAD_STATE; - } - - psa_crypto_derivation_ipc_t psa_crypto_ipc = { - .func = PSA_KEY_DERIVATION_KEY_AGREEMENT, - .handle = private_key, - .alg = 0, - }; - - psa_invec in_vec[3] = { - { &psa_crypto_ipc, sizeof(psa_crypto_ipc) }, - { &step, sizeof(step) }, - { peer_key, peer_key_length }, - }; - - return ipc_call(&operation->handle, in_vec, 3, NULL, 0, false); -} - -psa_status_t psa_key_derivation_output_bytes( - psa_key_derivation_operation_t *operation, - uint8_t *output, - size_t output_length) -{ - if (operation->handle <= PSA_NULL_HANDLE) { - return PSA_ERROR_BAD_STATE; - } - - psa_crypto_derivation_ipc_t psa_crypto_ipc = { - .func = PSA_KEY_DERIVATION_OUTPUT_BYTES, - .handle = 0, - }; - - psa_invec in_vec = { &psa_crypto_ipc, sizeof(psa_crypto_ipc) }; - - psa_outvec out_vec = { output, output_length }; - - return ipc_call(&operation->handle, &in_vec, 1, &out_vec, 1, false); -} - -psa_status_t psa_key_derivation_output_key( - const psa_key_attributes_t *attributes, - psa_key_derivation_operation_t *operation, - psa_key_handle_t *handle) -{ - if (operation->handle <= PSA_NULL_HANDLE) { - return PSA_ERROR_BAD_STATE; - } - - psa_crypto_derivation_ipc_t psa_crypto_ipc = { - .func = PSA_KEY_DERIVATION_OUTPUT_KEY, - }; - - psa_invec in_vec[2] = { - { &psa_crypto_ipc, sizeof(psa_crypto_ipc) }, - { attributes, sizeof(*attributes) }, - }; - - psa_outvec out_vec = { handle, sizeof(*handle) }; - - return ipc_call(&operation->handle, in_vec, 2, &out_vec, 1, false); -} - -psa_status_t psa_key_derivation_abort( - psa_key_derivation_operation_t *operation) -{ - if (operation->handle <= PSA_NULL_HANDLE) { - return PSA_SUCCESS; - } - - psa_crypto_derivation_ipc_t psa_crypto_ipc = { - .func = PSA_KEY_DERIVATION_ABORT, - .handle = 0, - .alg = 0, - }; - - psa_invec in_vec = { &psa_crypto_ipc, sizeof(psa_crypto_ipc) }; - - return ipc_call(&operation->handle, &in_vec, 1, NULL, 0, true); -} - -psa_status_t psa_raw_key_agreement(psa_algorithm_t alg, - psa_key_handle_t private_key, - const uint8_t *peer_key, - size_t peer_key_length, - uint8_t *output, - size_t output_size, - size_t *output_length) -{ - psa_crypto_derivation_ipc_t psa_crypto_ipc = { - .func = PSA_RAW_KEY_AGREEMENT, - .handle = private_key, - .alg = alg, - }; - - psa_invec in_vec[2] = { - { &psa_crypto_ipc, sizeof(psa_crypto_ipc) }, - { peer_key, peer_key_length }, - }; - - psa_outvec out_vec[2] = { - { output, output_size }, - { output_length, sizeof(*output_length) } - }; - - return ipc_oneshot(PSA_KEY_DERIVATION_ID, in_vec, 2, out_vec, 2); -} - -psa_status_t psa_generate_random(uint8_t *output, - size_t output_size) -{ - psa_outvec out_vec = { output, output_size }; - - psa_status_t status = ipc_oneshot(PSA_RNG_ID, NULL, 0, &out_vec, 1); - return (status); -} - -psa_status_t psa_generate_key(const psa_key_attributes_t *attributes, - psa_key_handle_t *handle) -{ - psa_key_mng_ipc_t psa_key_mng_ipc = { - .func = PSA_GENERATE_KEY, - }; - - psa_invec in_vec[2] = { - { &psa_key_mng_ipc, sizeof(psa_key_mng_ipc) }, - { attributes, sizeof(*attributes) }, - }; - - psa_outvec out_vec = { handle, sizeof(*handle) }; - - return ipc_oneshot(PSA_KEY_MNG_ID, in_vec, 2, &out_vec, 1); -} - - -/* - * PSA Crypto API extensions (crypto_extra.h) - */ - -void mbedtls_psa_crypto_free(void) -{ - ipc_oneshot(PSA_CRYPTO_FREE_ID, NULL, 0, NULL, 0); -} - -psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed, - size_t seed_size) -{ - psa_invec in_vec = { seed, seed_size }; - - psa_status_t status = ipc_oneshot(PSA_ENTROPY_ID, &in_vec, 1, NULL, 0); - return (status); -} - -#endif /* MBEDTLS_PSA_CRYPTO_C */ diff --git a/components/TARGET_PSA/services/crypto/COMPONENT_SPE/crypto_spe.h b/components/TARGET_PSA/services/crypto/COMPONENT_SPE/crypto_spe.h deleted file mode 100644 index 6b6bf19370..0000000000 --- a/components/TARGET_PSA/services/crypto/COMPONENT_SPE/crypto_spe.h +++ /dev/null @@ -1,96 +0,0 @@ -/** - * \file psa/crypto_spe.h - * \brief Platform Security Architecture cryptography module - */ - -#ifndef PSA_CRYPTO_SPE_H -#define PSA_CRYPTO_SPE_H - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -#define psa_crypto_init psa_sec_crypto_init -#define psa_get_key_attributes psa_sec_get_key_attributes -#define psa_reset_key_attributes psa_sec_reset_key_attributes -#define psa_open_key psa_sec_open_key -#define psa_close_key psa_sec_close_key -#define psa_import_key psa_sec_import_key -#define psa_destroy_key psa_sec_destroy_key -#define psa_export_key psa_sec_export_key -#define psa_export_public_key psa_sec_export_public_key -#define psa_copy_key psa_sec_copy_key -#define psa_hash_compute psa_sec_hash_compute -#define psa_hash_compare psa_sec_hash_compare -#define psa_hash_setup psa_sec_hash_setup -#define psa_hash_update psa_sec_hash_update -#define psa_hash_finish psa_sec_hash_finish -#define psa_hash_verify psa_sec_hash_verify -#define psa_hash_abort psa_sec_hash_abort -#define psa_hash_clone psa_sec_hash_clone -#define psa_mac_compute psa_sec_mac_compute -#define psa_mac_verify psa_sec_mac_verify -#define psa_mac_sign_setup psa_sec_mac_sign_setup -#define psa_mac_verify_setup psa_sec_mac_verify_setup -#define psa_mac_update psa_sec_mac_update -#define psa_mac_sign_finish psa_sec_mac_sign_finish -#define psa_mac_verify_finish psa_sec_mac_verify_finish -#define psa_mac_abort psa_sec_mac_abort -#define psa_cipher_encrypt psa_sec_cipher_encrypt -#define psa_cipher_decrypt psa_sec_cipher_decrypt -#define psa_cipher_encrypt_setup psa_sec_cipher_encrypt_setup -#define psa_cipher_decrypt_setup psa_sec_cipher_decrypt_setup -#define psa_cipher_generate_iv psa_sec_cipher_generate_iv -#define psa_cipher_set_iv psa_sec_cipher_set_iv -#define psa_cipher_update psa_sec_cipher_update -#define psa_cipher_finish psa_sec_cipher_finish -#define psa_cipher_abort psa_sec_cipher_abort -#define psa_aead_encrypt psa_sec_aead_encrypt -#define psa_aead_decrypt psa_sec_aead_decrypt -#define psa_aead_encrypt_setup psa_sec_aead_encrypt_setup -#define psa_aead_decrypt_setup psa_sec_aead_decrypt_setup -#define psa_aead_generate_nonce psa_sec_aead_generate_nonce -#define psa_aead_set_nonce psa_sec_aead_set_nonce -#define psa_aead_set_lengths psa_sec_aead_set_lengths -#define psa_aead_update_ad psa_sec_aead_update_ad -#define psa_aead_update psa_sec_aead_update -#define psa_aead_finish psa_sec_aead_finish -#define psa_aead_verify psa_sec_aead_verify -#define psa_aead_abort psa_sec_aead_abort -#define psa_asymmetric_sign psa_sec_asymmetric_sign -#define psa_asymmetric_verify psa_sec_asymmetric_verify -#define psa_asymmetric_encrypt psa_sec_asymmetric_encrypt -#define psa_asymmetric_decrypt psa_sec_asymmetric_decrypt -#define psa_key_derivation_setup psa_sec_key_derivation_setup -#define psa_key_derivation_get_capacity psa_sec_key_derivation_get_capacity -#define psa_key_derivation_set_capacity psa_sec_key_derivation_set_capacity -#define psa_key_derivation_input_bytes psa_sec_key_derivation_input_bytes -#define psa_key_derivation_input_key psa_sec_key_derivation_input_key -#define psa_key_derivation_key_agreement psa_sec_key_derivation_key_agreement -#define psa_key_derivation_output_bytes psa_sec_key_derivation_output_bytes -#define psa_key_derivation_output_key psa_sec_key_derivation_output_key -#define psa_key_derivation_abort psa_sec_key_derivation_abort -#define psa_raw_key_agreement psa_sec_raw_key_agreement -#define psa_generate_random psa_sec_generate_random -#define psa_generate_key psa_sec_generate_key - -#define mbedtls_psa_crypto_free mbedtls_psa_sec_crypto_free -#define mbedtls_psa_inject_entropy mbedtls_psa_sec_inject_entropy -#define psa_set_key_domain_parameters psa_sec_set_key_domain_parameters -#define psa_get_key_domain_parameters psa_sec_get_key_domain_parameters - -#define MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER 1 - -#include "crypto.h" - -#ifdef __cplusplus -} -#endif - -/* The file "crypto_extra.h" contains vendor-specific definitions. This - * can include vendor-defined algorithms, extra functions, etc. */ -#include "crypto_extra.h" - -#endif /* PSA_CRYPTO_SPE_H */ diff --git a/components/TARGET_PSA/services/crypto/COMPONENT_SPE/psa_crypto_access_control.c b/components/TARGET_PSA/services/crypto/COMPONENT_SPE/psa_crypto_access_control.c deleted file mode 100644 index 9a6baa5d20..0000000000 --- a/components/TARGET_PSA/services/crypto/COMPONENT_SPE/psa_crypto_access_control.c +++ /dev/null @@ -1,85 +0,0 @@ -/* - * Copyright (c) 2019, Arm Limited and affiliates - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include - -#include "psa/client.h" -#include "psa/service.h" -#include "psa_crypto_access_control.h" -#include "psa_crypto_core.h" -#include "psa_crypto_slot_management.h" - -typedef struct psa_crypto_access_control_s { - psa_key_handle_t key_handle; - int32_t partition_id; -} psa_crypto_access_control_t; - -static psa_crypto_access_control_t crypto_access_control_arr[PSA_KEY_SLOT_COUNT]; - -static inline void psa_crypto_access_control_reset() -{ - memset(crypto_access_control_arr, 0, sizeof(crypto_access_control_arr)); -} - -void psa_crypto_access_control_init(void) -{ - psa_crypto_access_control_reset(); -} - -void psa_crypto_access_control_destroy(void) -{ - psa_crypto_access_control_reset(); -} - -void psa_crypto_access_control_register_handle(psa_key_handle_t key_handle, int32_t partition_id) -{ - for (size_t i = 0; i < PSA_KEY_SLOT_COUNT; i++) { - if (crypto_access_control_arr[i].key_handle == 0 && - crypto_access_control_arr[i].partition_id == 0) { - crypto_access_control_arr[i].key_handle = key_handle; - crypto_access_control_arr[i].partition_id = partition_id; - return; - } - } - - SPM_PANIC("psa_crypto_access_control_register_handle failed"); -} - -void psa_crypto_access_control_unregister_handle(psa_key_handle_t key_handle) -{ - for (size_t i = 0; i < PSA_KEY_SLOT_COUNT; i++) { - if (crypto_access_control_arr[i].key_handle == key_handle) { - crypto_access_control_arr[i].key_handle = 0; - crypto_access_control_arr[i].partition_id = 0; - return; - } - } - - SPM_PANIC("psa_crypto_access_control_unregister_handle failed"); -} - -uint8_t psa_crypto_access_control_is_handle_permitted(psa_key_handle_t key_handle, int32_t partition_id) -{ - for (size_t i = 0; i < PSA_KEY_SLOT_COUNT; i++) { - if (crypto_access_control_arr[i].key_handle == key_handle && - crypto_access_control_arr[i].partition_id == partition_id) { - return 1; - } - } - - return 0; -} diff --git a/components/TARGET_PSA/services/crypto/COMPONENT_SPE/psa_crypto_access_control.h b/components/TARGET_PSA/services/crypto/COMPONENT_SPE/psa_crypto_access_control.h deleted file mode 100644 index c588e1423c..0000000000 --- a/components/TARGET_PSA/services/crypto/COMPONENT_SPE/psa_crypto_access_control.h +++ /dev/null @@ -1,40 +0,0 @@ -/* - * Copyright (c) 2019, Arm Limited and affiliates - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef PSA_CRYPTO_ACCESS_CONTROL_H -#define PSA_CRYPTO_ACCESS_CONTROL_H - -#include - -#include "crypto_platform.h" - -/* initialize the module, resets all tracked information */ -void psa_crypto_access_control_init(void); - -/* deinitialize the module, resets all tracked information */ -void psa_crypto_access_control_destroy(void); - -/* tracks and associates the key_handle with partition_id */ -void psa_crypto_access_control_register_handle(psa_key_handle_t key_handle, int32_t partition_id); - -/* removes tracking of the key_handle */ -void psa_crypto_access_control_unregister_handle(psa_key_handle_t key_handle); - -/* checks if the key_handle is associated with the partition_id, returns 0 is false otherwise 1 */ -uint8_t psa_crypto_access_control_is_handle_permitted(psa_key_handle_t key_handle, int32_t partition_id); - -#endif /* PSA_CRYPTO_ACCESS_CONTROL_H */ diff --git a/components/TARGET_PSA/services/crypto/COMPONENT_SPE/psa_crypto_partition.c b/components/TARGET_PSA/services/crypto/COMPONENT_SPE/psa_crypto_partition.c deleted file mode 100644 index 08893ce757..0000000000 --- a/components/TARGET_PSA/services/crypto/COMPONENT_SPE/psa_crypto_partition.c +++ /dev/null @@ -1,2467 +0,0 @@ -// ---------------------------------- Includes --------------------------------- -#include -#include -#include "psa/client.h" -#include "psa/service.h" - - -#define PSA_CRYPTO_SECURE 1 -#include "crypto_spe.h" -#include "crypto_platform_spe.h" -#include "mbed_spm_partitions.h" -#include "mbedtls/entropy.h" -#include "psa_crypto_access_control.h" - -#if defined(MBEDTLS_PLATFORM_C) -#include "mbedtls/platform.h" -#else -#define mbedtls_calloc calloc -#define mbedtls_free free -#endif - -#include "mbed_assert.h" - -// ---------------------------------- Macros ----------------------------------- -#if !defined(MIN) -#define MIN( a, b ) ( ( ( a ) < ( b ) ) ? ( a ) : ( b ) ) -#endif - -// -------------------------------- Structures --------------------------------- -typedef struct psa_spm_hash_clone_s { - int32_t partition_id; - void *source_operation; - uint8_t ref_count; -} psa_spm_hash_clone_t; - -// ---------------------------------- Globals ---------------------------------- -static int psa_spm_init_count = 0; - -/* maximal memory allocation for reading large hash or mac input buffers. -the data will be read in chunks of size */ -#if !defined (MAX_DATA_CHUNK_SIZE_IN_BYTES) -#define MAX_DATA_CHUNK_SIZE_IN_BYTES 400 -#endif - -#ifndef MAX_CONCURRENT_HASH_CLONES -#define MAX_CONCURRENT_HASH_CLONES 2 -#endif -static psa_spm_hash_clone_t psa_spm_hash_clones[MAX_CONCURRENT_HASH_CLONES]; - -#define CLIENT_PSA_KEY_ID_SIZE_IN_BYTES 4 -MBED_STATIC_ASSERT(sizeof(psa_key_id_t) != CLIENT_PSA_KEY_ID_SIZE_IN_BYTES, "Unexpected psa_key_id_t size"); - -// ------------------------- Internal Helper Functions ------------------------- -static inline psa_status_t reserve_hash_clone(int32_t partition_id, void *source_operation, size_t *index) -{ - /* check if the the clone request source operation is already part of another active clone operation, - * for the same source, if so then reuse it and increment its ref_count by 1. A scenario as such may happen - * in case there was a context switch between calls of PSA_HASH_CLONE_BEGIN and PSA_HASH_CLONE_END (on the - * client side) leading to PSA_HASH_CLONE_BEGIN being executed more than one time without a call to - * PSA_HASH_CLONE_END */ - for (*index = 0; *index < MAX_CONCURRENT_HASH_CLONES; (*index)++) { - if (psa_spm_hash_clones[*index].partition_id == partition_id && - psa_spm_hash_clones[*index].source_operation == source_operation) { - psa_spm_hash_clones[*index].ref_count++; - return PSA_SUCCESS; - } - } - - /* find an available empty entry in the array */ - for (*index = 0; *index < MAX_CONCURRENT_HASH_CLONES; (*index)++) { - if (psa_spm_hash_clones[*index].partition_id == 0 && - psa_spm_hash_clones[*index].source_operation == NULL) { - psa_spm_hash_clones[*index].partition_id = partition_id; - psa_spm_hash_clones[*index].source_operation = source_operation; - psa_spm_hash_clones[*index].ref_count++; - return PSA_SUCCESS; - } - } - - return PSA_ERROR_BAD_STATE; -} - -static inline void release_hash_clone(psa_spm_hash_clone_t *hash_clone) -{ - hash_clone->ref_count--; - if (hash_clone->ref_count == 0) { - hash_clone->partition_id = 0; - hash_clone->source_operation = NULL; - } -} - -static void clear_hash_clone(void *source_operation) -{ - for (size_t i = 0; i < MAX_CONCURRENT_HASH_CLONES; i++) { - if (psa_spm_hash_clones[i].source_operation == source_operation) { - psa_spm_hash_clones[i].partition_id = 0; - psa_spm_hash_clones[i].source_operation = NULL; - psa_spm_hash_clones[i].ref_count = 0; - break; - } - } -} - -static inline psa_status_t get_hash_clone(size_t index, int32_t partition_id, - psa_spm_hash_clone_t **hash_clone) -{ - if (index >= MAX_CONCURRENT_HASH_CLONES || - psa_spm_hash_clones[index].partition_id != partition_id || - psa_spm_hash_clones[index].source_operation == NULL) { - return PSA_ERROR_BAD_STATE; - } - - *hash_clone = &psa_spm_hash_clones[index]; - return PSA_SUCCESS; -} - -static void free_message_context(psa_msg_t *msg) -{ - mbedtls_free(msg->rhandle); - psa_set_rhandle(msg->handle, NULL); -} - -static void read_attributes(psa_handle_t handle, - psa_key_owner_id_t owner, - psa_key_attributes_t *attributes) -{ - uint32_t bytes_read; - psa_client_key_attributes_t client; - - bytes_read = psa_read(handle, 1, &client, sizeof(client)); - if (bytes_read != sizeof(client)) { - SPM_PANIC("SPM read length mismatch"); - } - /* We currently don't support domain parameters */ - attributes->domain_parameters = NULL; - attributes->domain_parameters_size = 0; - psa_core_attributes_to_server(&client.core, owner, &attributes->core); -} - -// -------------------- Unimplemented PSA Crypto functions -------------------- -psa_status_t psa_cipher_encrypt(psa_key_handle_t handle, - psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - uint8_t *output, - size_t output_size, - size_t *output_length) -{ - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t psa_cipher_decrypt(psa_key_handle_t handle, - psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - uint8_t *output, - size_t output_size, - size_t *output_length) -{ - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t psa_hash_compute(psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - uint8_t *hash, - size_t hash_size, - size_t *hash_length) -{ - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t psa_hash_compare(psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - const uint8_t *hash, - const size_t hash_length) -{ - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t psa_mac_compute(psa_key_handle_t handle, - psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - uint8_t *mac, - size_t mac_size, - size_t *mac_length) -{ - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t psa_mac_verify(psa_key_handle_t handle, - psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - const uint8_t *mac, - const size_t mac_length) -{ - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t psa_aead_encrypt_setup(psa_aead_operation_t *operation, - psa_key_handle_t handle, - psa_algorithm_t alg) -{ - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t psa_aead_decrypt_setup(psa_aead_operation_t *operation, - psa_key_handle_t handle, - psa_algorithm_t alg) -{ - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t psa_aead_generate_nonce(psa_aead_operation_t *operation, - uint8_t *nonce, - size_t nonce_size, - size_t *nonce_length) -{ - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t psa_aead_set_nonce(psa_aead_operation_t *operation, - const uint8_t *nonce, - size_t nonce_length) -{ - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t psa_aead_set_lengths(psa_aead_operation_t *operation, - size_t ad_length, - size_t plaintext_length) -{ - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t psa_aead_update_ad(psa_aead_operation_t *operation, - const uint8_t *input, - size_t input_length) -{ - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t psa_aead_update(psa_aead_operation_t *operation, - const uint8_t *input, - size_t input_length, - uint8_t *output, - size_t output_size, - size_t *output_length) -{ - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t psa_aead_finish(psa_aead_operation_t *operation, - uint8_t *ciphertext, - size_t ciphertext_size, - size_t *ciphertext_length, - uint8_t *tag, - size_t tag_size, - size_t *tag_length) -{ - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t psa_aead_verify(psa_aead_operation_t *operation, - uint8_t *plaintext, - size_t plaintext_size, - size_t *plaintext_length, - const uint8_t *tag, - size_t tag_length) -{ - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t psa_aead_abort(psa_aead_operation_t *operation) -{ - return PSA_ERROR_NOT_SUPPORTED; -} - - -// ------------------------- Partition's Main Thread --------------------------- -static void psa_crypto_init_operation(void) -{ - psa_msg_t msg = { 0 }; - psa_status_t status = PSA_SUCCESS; - - if (PSA_SUCCESS != psa_get(PSA_CRYPTO_INIT, &msg)) { - return; - } - switch (msg.type) { - case PSA_IPC_CONNECT: - case PSA_IPC_DISCONNECT: { - break; - } - - case PSA_IPC_CALL: { - status = psa_crypto_init(); - if (status == PSA_SUCCESS) { - ++psa_spm_init_count; - if (psa_spm_init_count == 1) { - memset(psa_spm_hash_clones, 0, sizeof(psa_spm_hash_clones)); - psa_crypto_access_control_init(); - } - } - - break; - } - - default: { - SPM_PANIC("Unexpected message type %d!", (int)(msg.type)); - break; - } - } - - psa_reply(msg.handle, status); -} - -static void psa_crypto_free_operation(void) -{ - psa_msg_t msg = { 0 }; - psa_status_t status = PSA_SUCCESS; - - if (PSA_SUCCESS != psa_get(PSA_CRYPTO_FREE, &msg)) { - return; - } - switch (msg.type) { - case PSA_IPC_CONNECT: - case PSA_IPC_DISCONNECT: { - break; - } - - case PSA_IPC_CALL: { - /** perform crypto_free iff the number of init-s - * is equal to the number of free-s - */ - if (psa_spm_init_count > 0) { - --psa_spm_init_count; - } - - if (psa_spm_init_count == 0) { - memset(psa_spm_hash_clones, 0, sizeof(psa_spm_hash_clones)); - psa_crypto_access_control_destroy(); - mbedtls_psa_crypto_free(); - } - - break; - } - - default: { - SPM_PANIC("Unexpected message type %d!", (int)(msg.type)); - break; - } - } - - psa_reply(msg.handle, status); -} - -static void psa_mac_operation(void) -{ - psa_msg_t msg = { 0 }; - psa_status_t status = PSA_SUCCESS; - - if (PSA_SUCCESS != psa_get(PSA_MAC, &msg)) { - return; - } - switch (msg.type) { - case PSA_IPC_CONNECT: { - psa_mac_operation_t *psa_operation = mbedtls_calloc(1, sizeof(psa_mac_operation_t)); - if (psa_operation == NULL) { - status = PSA_CONNECTION_REFUSED; - break; - } - - psa_set_rhandle(msg.handle, psa_operation); - break; - } - - case PSA_IPC_CALL: { - uint32_t bytes_read; - psa_crypto_ipc_t psa_crypto = { 0 }; - - if (msg.in_size[0] != sizeof(psa_crypto_ipc_t)) { - status = PSA_ERROR_COMMUNICATION_FAILURE; - break; - } - - bytes_read = psa_read(msg.handle, 0, &psa_crypto, msg.in_size[0]); - if (bytes_read != msg.in_size[0]) { - SPM_PANIC("SPM read length mismatch"); - } - - switch (psa_crypto.func) { - case PSA_MAC_COMPUTE: { - uint8_t *input = NULL; - size_t input_length = msg.in_size[1]; - uint8_t *mac = NULL; - size_t mac_size = msg.out_size[0]; - size_t mac_length; - - if (!psa_crypto_access_control_is_handle_permitted(psa_crypto.handle, msg.client_id)) { - status = PSA_ERROR_INVALID_HANDLE; - break; - } - - /* Read in input. */ - if (input_length > 0) { - input = mbedtls_calloc(1, input_length); - if (input == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - break; - } - } - bytes_read = psa_read(msg.handle, 1, input, input_length); - if (bytes_read != input_length) { - SPM_PANIC("SPM read length mismatch"); - } - - /* Allocate the mac output buffer. */ - if (mac_size > 0) { - mac = mbedtls_calloc(1, mac_size); - if (mac == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - free(input); - break; - } - } - - status = psa_mac_compute(psa_crypto.handle, - psa_crypto.alg, - input, input_length, - mac, mac_size, &mac_length); - if (status == PSA_SUCCESS) { - /* Write out the mac. */ - psa_write(msg.handle, 0, mac, mac_length); - psa_write(msg.handle, 1, - &mac_length, sizeof(mac_length)); - } - - free(mac); - free(input); - break; - } - - case PSA_MAC_VERIFY: { - uint8_t *input = NULL; - size_t input_length = msg.in_size[1]; - uint8_t *mac = NULL; - size_t mac_length = msg.in_size[2]; - - if (!psa_crypto_access_control_is_handle_permitted(psa_crypto.handle, msg.client_id)) { - status = PSA_ERROR_INVALID_HANDLE; - break; - } - - /* Read in input. */ - if (input_length > 0) { - input = mbedtls_calloc(1, input_length); - if (input == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - break; - } - } - bytes_read = psa_read(msg.handle, 1, input, input_length); - if (bytes_read != input_length) { - SPM_PANIC("SPM read length mismatch"); - } - - /* Read in mac. */ - if (mac_length > 0) { - mac = mbedtls_calloc(1, mac_length); - if (mac == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - free(input); - break; - } - } - bytes_read = psa_read(msg.handle, 2, mac, mac_length); - if (bytes_read != mac_length) { - SPM_PANIC("SPM read length mismatch"); - } - - status = psa_mac_verify(psa_crypto.handle, - psa_crypto.alg, - input, input_length, - mac, mac_length); - free(mac); - free(input); - break; - } - - case PSA_MAC_SIGN_SETUP: { - if (psa_crypto_access_control_is_handle_permitted(psa_crypto.handle, msg.client_id)) { - status = psa_mac_sign_setup(msg.rhandle, psa_crypto.handle, psa_crypto.alg); - } else { - status = PSA_ERROR_INVALID_HANDLE; - } - - if (status != PSA_SUCCESS) { - free_message_context(&msg); - } - break; - } - - case PSA_MAC_VERIFY_SETUP: { - if (psa_crypto_access_control_is_handle_permitted(psa_crypto.handle, msg.client_id)) { - status = psa_mac_verify_setup(msg.rhandle, psa_crypto.handle, psa_crypto.alg); - } else { - status = PSA_ERROR_INVALID_HANDLE; - } - - if (status != PSA_SUCCESS) { - free_message_context(&msg); - } - break; - } - - case PSA_MAC_UPDATE: { - uint8_t *input_buffer = NULL; - size_t data_remaining = msg.in_size[1]; - size_t allocation_size = MIN(data_remaining, MAX_DATA_CHUNK_SIZE_IN_BYTES); - size_t size_to_read = 0; - - if (allocation_size > 0) { - input_buffer = mbedtls_calloc(1, allocation_size); - if (input_buffer == NULL) { - psa_mac_abort(msg.rhandle); - status = PSA_ERROR_INSUFFICIENT_MEMORY; - } else { - while (data_remaining > 0) { - size_to_read = MIN(data_remaining, MAX_DATA_CHUNK_SIZE_IN_BYTES); - - bytes_read = psa_read(msg.handle, 1, input_buffer, size_to_read); - if (bytes_read != size_to_read) { - SPM_PANIC("SPM read length mismatch"); - } - - status = psa_mac_update(msg.rhandle, input_buffer, bytes_read); - // stop on error - if (status != PSA_SUCCESS) { - break; - } - data_remaining = data_remaining - bytes_read; - } - - mbedtls_free(input_buffer); - } - } else { - status = psa_mac_update(msg.rhandle, input_buffer, allocation_size); - } - - if (status != PSA_SUCCESS) { - free_message_context(&msg); - } - break; - } - - case PSA_MAC_SIGN_FINISH: { - uint8_t *mac = NULL; - size_t mac_size = 0, mac_length = 0; - - bytes_read = psa_read(msg.handle, 1, &mac_size, msg.in_size[1]); - if (bytes_read != msg.in_size[1]) { - SPM_PANIC("SPM read length mismatch"); - } - - if (mac_size > 0) { - mac = mbedtls_calloc(1, mac_size); - if (mac == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - } - } - - if (status == PSA_SUCCESS) { - status = psa_mac_sign_finish(msg.rhandle, mac, mac_size, &mac_length); - if (status == PSA_SUCCESS) { - psa_write(msg.handle, 0, mac, mac_length); - psa_write(msg.handle, 1, &mac_length, sizeof(mac_length)); - } - mbedtls_free(mac); - } else { - psa_mac_abort(msg.rhandle); - } - - free_message_context(&msg); - break; - } - - case PSA_MAC_VERIFY_FINISH: { - uint8_t *mac = NULL; - size_t mac_length = 0; - - bytes_read = psa_read(msg.handle, 1, &mac_length, msg.in_size[1]); - if (bytes_read != msg.in_size[1] || mac_length != msg.in_size[2]) { - SPM_PANIC("SPM read length mismatch"); - } - - if (mac_length > 0) { - mac = mbedtls_calloc(1, mac_length); - if (mac == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - } else { - bytes_read = psa_read(msg.handle, 2, mac, mac_length); - if (bytes_read != mac_length) { - SPM_PANIC("SPM read length mismatch"); - } - } - } - - if (status == PSA_SUCCESS) { - status = psa_mac_verify_finish(msg.rhandle, mac, mac_length); - mbedtls_free(mac); - } else { - psa_mac_abort(msg.rhandle); - } - - free_message_context(&msg); - break; - } - - case PSA_MAC_ABORT: { - status = psa_mac_abort(msg.rhandle); - free_message_context(&msg); - break; - } - - default: { - status = PSA_ERROR_NOT_SUPPORTED; - break; - } - - break; - } - - break; - } - - case PSA_IPC_DISCONNECT: { - if (msg.rhandle != NULL) { - psa_mac_abort(msg.rhandle); - free_message_context(&msg); - } - - break; - } - - default: { - SPM_PANIC("Unexpected message type %d!", (int)(msg.type)); - break; - } - } - - psa_reply(msg.handle, status); -} - -static void psa_hash_operation(void) -{ - psa_msg_t msg = { 0 }; - psa_status_t status = PSA_SUCCESS; - - if (PSA_SUCCESS != psa_get(PSA_HASH, &msg)) { - return; - } - switch (msg.type) { - case PSA_IPC_CONNECT: { - psa_hash_operation_t *psa_operation = mbedtls_calloc(1, sizeof(psa_hash_operation_t)); - if (psa_operation == NULL) { - status = PSA_CONNECTION_REFUSED; - break; - } - - psa_set_rhandle(msg.handle, psa_operation); - break; - } - - case PSA_IPC_CALL: { - uint32_t bytes_read = 0; - psa_crypto_ipc_t psa_crypto = {0}; - - if (msg.in_size[0] != sizeof(psa_crypto_ipc_t)) { - status = PSA_ERROR_COMMUNICATION_FAILURE; - break; - } - - bytes_read = psa_read(msg.handle, 0, &psa_crypto, msg.in_size[0]); - if (bytes_read != msg.in_size[0]) { - SPM_PANIC("SPM read length mismatch"); - } - - switch (psa_crypto.func) { - case PSA_HASH_COMPUTE: { - uint8_t *input = NULL; - size_t input_length = msg.in_size[1]; - uint8_t *hash = NULL; - size_t hash_size = msg.out_size[0]; - size_t hash_length; - - /* Read in input. */ - if (input_length > 0) { - input = mbedtls_calloc(1, input_length); - if (input == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - break; - } - } - bytes_read = psa_read(msg.handle, 1, input, input_length); - if (bytes_read != input_length) { - SPM_PANIC("SPM read length mismatch"); - } - - /* Allocate the hash output buffer. */ - if (hash_size > 0) { - hash = mbedtls_calloc(1, hash_size); - if (hash == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - free(input); - break; - } - } - - status = psa_hash_compute(psa_crypto.alg, - input, input_length, - hash, hash_size, &hash_length); - if (status == PSA_SUCCESS) { - /* Write out the hash. */ - psa_write(msg.handle, 0, hash, hash_length); - psa_write(msg.handle, 1, - &hash_length, sizeof(hash_length)); - } - - free(hash); - free(input); - break; - } - - case PSA_HASH_COMPARE: { - uint8_t *input = NULL; - size_t input_length = msg.in_size[1]; - uint8_t *hash = NULL; - size_t hash_length = msg.in_size[2]; - - /* Read in input. */ - if (input_length > 0) { - input = mbedtls_calloc(1, input_length); - if (input == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - break; - } - } - bytes_read = psa_read(msg.handle, 1, input, input_length); - if (bytes_read != input_length) { - SPM_PANIC("SPM read length mismatch"); - } - - /* Read in hash. */ - if (hash_length > 0) { - hash = mbedtls_calloc(1, hash_length); - if (hash == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - free(input); - break; - } - } - bytes_read = psa_read(msg.handle, 2, hash, hash_length); - if (bytes_read != hash_length) { - SPM_PANIC("SPM read length mismatch"); - } - - status = psa_hash_compare(psa_crypto.alg, - input, input_length, - hash, hash_length); - free(hash); - free(input); - break; - } - - case PSA_HASH_SETUP: { - status = psa_hash_setup(msg.rhandle, - psa_crypto.alg); - if (status != PSA_SUCCESS) { - free_message_context(&msg); - } - break; - } - - case PSA_HASH_UPDATE: { - uint8_t *input_buffer = NULL; - size_t data_remaining = msg.in_size[1]; - size_t size_to_read = 0; - size_t allocation_size = MIN(data_remaining, MAX_DATA_CHUNK_SIZE_IN_BYTES); - - if (allocation_size > 0) { - input_buffer = mbedtls_calloc(1, allocation_size); - if (input_buffer == NULL) { - psa_hash_abort(msg.rhandle); - status = PSA_ERROR_INSUFFICIENT_MEMORY; - } else { - while (data_remaining > 0) { - size_to_read = MIN(data_remaining, MAX_DATA_CHUNK_SIZE_IN_BYTES); - - bytes_read = psa_read(msg.handle, 1, input_buffer, size_to_read); - if (bytes_read != size_to_read) { - SPM_PANIC("SPM read length mismatch"); - } - - status = psa_hash_update(msg.rhandle, input_buffer, bytes_read); - // stop on error - if (status != PSA_SUCCESS) { - break; - } - data_remaining = data_remaining - bytes_read; - } - - mbedtls_free(input_buffer); - } - } else { - status = psa_hash_update(msg.rhandle, input_buffer, allocation_size); - } - - if (status != PSA_SUCCESS) { - clear_hash_clone(msg.rhandle); - free_message_context(&msg); - } - break; - } - - case PSA_HASH_FINISH: { - uint8_t *hash = NULL; - size_t hash_size = 0, hash_length = 0; - - bytes_read = psa_read(msg.handle, 1, &hash_size, msg.in_size[1]); - if (bytes_read != msg.in_size[1]) { - SPM_PANIC("SPM read length mismatch"); - } - - if (hash_size > 0) { - hash = mbedtls_calloc(1, hash_size); - if (hash == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - } - } - - if (status == PSA_SUCCESS) { - status = psa_hash_finish(msg.rhandle, hash, hash_size, &hash_length); - if (status == PSA_SUCCESS) { - psa_write(msg.handle, 0, hash, hash_length); - psa_write(msg.handle, 1, &hash_length, sizeof(hash_length)); - } - mbedtls_free(hash); - } else { - psa_hash_abort(msg.rhandle); - } - - clear_hash_clone(msg.rhandle); - free_message_context(&msg); - break; - } - - case PSA_HASH_VERIFY: { - uint8_t *hash = NULL; - size_t hash_length = 0; - - bytes_read = psa_read(msg.handle, 1, &hash_length, msg.in_size[1]); - if (bytes_read != msg.in_size[1] || hash_length != msg.in_size[2]) { - SPM_PANIC("SPM read length mismatch"); - } - - if (hash_length > 0) { - hash = mbedtls_calloc(1, hash_length); - if (hash == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - } else { - bytes_read = psa_read(msg.handle, 2, hash, hash_length); - if (bytes_read != hash_length) { - SPM_PANIC("SPM read length mismatch"); - } - } - } - - if (status == PSA_SUCCESS) { - status = psa_hash_verify(msg.rhandle, hash, hash_length); - mbedtls_free(hash); - } else { - psa_hash_abort(msg.rhandle); - } - - clear_hash_clone(msg.rhandle); - free_message_context(&msg); - break; - } - - case PSA_HASH_ABORT: { - status = psa_hash_abort(msg.rhandle); - clear_hash_clone(msg.rhandle); - free_message_context(&msg); - break; - } - - case PSA_HASH_CLONE_BEGIN: { - size_t index = 0; - status = reserve_hash_clone(msg.client_id, msg.rhandle, &index); - if (status == PSA_SUCCESS) { - psa_write(msg.handle, 0, &index, sizeof(index)); - } - break; - } - - case PSA_HASH_CLONE_END: { - psa_spm_hash_clone_t *hash_clone = NULL; - size_t index; - - bytes_read = psa_read(msg.handle, 1, &index, msg.in_size[1]); - if (bytes_read != msg.in_size[1]) { - SPM_PANIC("SPM read length mismatch"); - } - - status = get_hash_clone(index, msg.client_id, &hash_clone); - if (status == PSA_SUCCESS) { - status = psa_hash_clone(hash_clone->source_operation, msg.rhandle); - release_hash_clone(hash_clone); - } - if (status != PSA_SUCCESS) { - free_message_context(&msg); - } - break; - } - - default: { - status = PSA_ERROR_NOT_SUPPORTED; - break; - } - } - - break; - } - - case PSA_IPC_DISCONNECT: { - if (msg.rhandle != NULL) { - psa_hash_abort(msg.rhandle); - clear_hash_clone(msg.rhandle); - free_message_context(&msg); - } - - break; - } - - default: { - SPM_PANIC("Unexpected message type %d!", (int)(msg.type)); - break; - } - } - - psa_reply(msg.handle, status); -} - -static void psa_asymmetric_operation(void) -{ - psa_msg_t msg = { 0 }; - psa_status_t status = PSA_SUCCESS; - - if (PSA_SUCCESS != psa_get(PSA_ASYMMETRIC, &msg)) { - return; - } - switch (msg.type) { - case PSA_IPC_CONNECT: - case PSA_IPC_DISCONNECT: { - break; - } - - case PSA_IPC_CALL: { - if (msg.in_size[0] != sizeof(psa_crypto_ipc_asymmetric_t)) { - status = PSA_ERROR_COMMUNICATION_FAILURE; - break; - } - - uint32_t bytes_read = 0; - psa_crypto_ipc_asymmetric_t psa_crypto = {0}; - - bytes_read = psa_read(msg.handle, 0, &psa_crypto, msg.in_size[0]); - if (bytes_read != msg.in_size[0]) { - SPM_PANIC("SPM read length mismatch"); - } - - if (!psa_crypto_access_control_is_handle_permitted(psa_crypto.handle, - msg.client_id)) { - status = PSA_ERROR_INVALID_HANDLE; - break; - } - - switch (psa_crypto.func) { - case PSA_ASYMMETRIC_SIGN: { - uint8_t *signature = NULL; - uint8_t *hash = NULL; - size_t signature_length = 0, - signature_size = msg.out_size[0], - hash_size = msg.in_size[1]; - - if (signature_size > 0) { - signature = mbedtls_calloc(1, signature_size); - if (signature == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - } - } - if (status == PSA_SUCCESS && hash_size > 0) { - hash = mbedtls_calloc(1, hash_size); - if (hash == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - } else { - bytes_read = psa_read(msg.handle, 1, hash, hash_size); - if (bytes_read != hash_size) { - SPM_PANIC("SPM read length mismatch"); - } - } - } - - if (status == PSA_SUCCESS) { - status = psa_asymmetric_sign(psa_crypto.handle, psa_crypto.alg, - hash, hash_size, - signature, signature_size, &signature_length); - - if (status == PSA_SUCCESS) { - psa_write(msg.handle, 0, signature, signature_length); - } - psa_write(msg.handle, 1, &signature_length, sizeof(signature_length)); - } - - mbedtls_free(hash); - mbedtls_free(signature); - break; - } - - case PSA_ASYMMETRIC_VERIFY: { - uint8_t *signature = NULL; - uint8_t *hash = NULL; - size_t signature_size = msg.in_size[1], - hash_size = msg.in_size[2]; - - if (signature_size > 0) { - signature = mbedtls_calloc(1, signature_size); - if (signature == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - } else { - bytes_read = psa_read(msg.handle, 1, signature, signature_size); - if (bytes_read != signature_size) { - SPM_PANIC("SPM read length mismatch"); - } - } - } - if (status == PSA_SUCCESS && hash_size > 0) { - hash = mbedtls_calloc(1, hash_size); - if (hash == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - } else { - bytes_read = psa_read(msg.handle, 2, hash, hash_size); - if (bytes_read != hash_size) { - SPM_PANIC("SPM read length mismatch"); - } - } - } - - if (status == PSA_SUCCESS) { - status = psa_asymmetric_verify(psa_crypto.handle, psa_crypto.alg, - hash, hash_size, - signature, signature_size); - } - - mbedtls_free(signature); - mbedtls_free(hash); - break; - } - - case PSA_ASYMMETRIC_ENCRYPT: - case PSA_ASYMMETRIC_DECRYPT: { - uint8_t *input = NULL, *salt = NULL, *output = NULL, *buffer = NULL; - size_t output_length = 0, - buffer_size = msg.in_size[1], - output_size = msg.out_size[0]; - - if (buffer_size > 0) { - buffer = mbedtls_calloc(1, buffer_size); - if (buffer == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - } else { - bytes_read = psa_read(msg.handle, 1, buffer, buffer_size); - if (bytes_read != buffer_size) { - SPM_PANIC("SPM read length mismatch"); - } - - input = buffer; - salt = buffer + psa_crypto.input_length; - } - } - if (status == PSA_SUCCESS && output_size > 0) { - output = mbedtls_calloc(1, output_size); - if (output == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - } - } - - if (status == PSA_SUCCESS) { - if (psa_crypto.func == PSA_ASYMMETRIC_ENCRYPT) { - status = psa_asymmetric_encrypt(psa_crypto.handle, psa_crypto.alg, - input, psa_crypto.input_length, - salt, psa_crypto.salt_length, - output, output_size, &output_length); - } else { - status = psa_asymmetric_decrypt(psa_crypto.handle, psa_crypto.alg, - input, psa_crypto.input_length, - salt, psa_crypto.salt_length, - output, output_size, &output_length); - } - - if (status == PSA_SUCCESS) { - psa_write(msg.handle, 0, output, output_length); - } - psa_write(msg.handle, 1, &output_length, sizeof(output_length)); - } - - mbedtls_free(output); - mbedtls_free(buffer); - break; - } - - default: { - status = PSA_ERROR_NOT_SUPPORTED; - break; - } - } - - break; - } - - default: { - SPM_PANIC("Unexpected message type %d!", (int)(msg.type)); - break; - } - } - - psa_reply(msg.handle, status); -} - -static void psa_aead_operation() -{ - psa_msg_t msg = { 0 }; - psa_status_t status = PSA_SUCCESS; - - if (PSA_SUCCESS != psa_get(PSA_AEAD, &msg)) { - return; - } - switch (msg.type) { - case PSA_IPC_CONNECT: { - psa_aead_operation_t *psa_operation = - mbedtls_calloc(1, sizeof(*psa_operation)); - if (psa_operation == NULL) { - status = PSA_CONNECTION_REFUSED; - break; - } - - psa_set_rhandle(msg.handle, psa_operation); - break; - } - - case PSA_IPC_CALL: { - if (msg.in_size[0] != sizeof(psa_crypto_ipc_aead_t)) { - status = PSA_ERROR_COMMUNICATION_FAILURE; - break; - } - - uint32_t bytes_read = 0; - psa_crypto_ipc_aead_t psa_crypto = {0}; - - bytes_read = psa_read(msg.handle, 0, &psa_crypto, msg.in_size[0]); - if (bytes_read != msg.in_size[0]) { - SPM_PANIC("SPM read length mismatch"); - } - - switch (psa_crypto.func) { - case PSA_AEAD_ENCRYPT: - case PSA_AEAD_DECRYPT: { - uint8_t *input = NULL, *additional_data = NULL, *output = NULL, *buffer = NULL; - size_t output_length = 0, - buffer_size = msg.in_size[1], - output_size = msg.out_size[0]; - - if (!psa_crypto_access_control_is_handle_permitted(psa_crypto.handle, - msg.client_id)) { - status = PSA_ERROR_INVALID_HANDLE; - break; - } - - if (buffer_size > 0) { - buffer = mbedtls_calloc(1, buffer_size); - if (buffer == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - } else { - bytes_read = psa_read(msg.handle, 1, buffer, buffer_size); - if (bytes_read != buffer_size) { - SPM_PANIC("SPM read length mismatch"); - } - - additional_data = buffer; - input = buffer + psa_crypto.additional_data_length; - } - } - if (status == PSA_SUCCESS && output_size > 0) { - output = mbedtls_calloc(1, output_size); - if (output == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - } - } - - if (status == PSA_SUCCESS) { - if (psa_crypto.func == PSA_AEAD_ENCRYPT) { - status = psa_aead_encrypt(psa_crypto.handle, psa_crypto.alg, - psa_crypto.nonce, (size_t)psa_crypto.nonce_size, - additional_data, psa_crypto.additional_data_length, - input, psa_crypto.input_length, - output, output_size, &output_length); - } else { - status = psa_aead_decrypt(psa_crypto.handle, psa_crypto.alg, - psa_crypto.nonce, (size_t)psa_crypto.nonce_size, - additional_data, psa_crypto.additional_data_length, - input, psa_crypto.input_length, - output, output_size, &output_length); - } - - if (status == PSA_SUCCESS) { - psa_write(msg.handle, 0, output, output_length); - psa_write(msg.handle, 1, &output_length, sizeof(output_length)); - } - } - - mbedtls_free(buffer); - mbedtls_free(output); - break; - } - - case PSA_AEAD_ENCRYPT_SETUP: { - if (!psa_crypto_access_control_is_handle_permitted(psa_crypto.handle, - msg.client_id)) { - status = PSA_ERROR_INVALID_HANDLE; - break; - } - - status = psa_aead_encrypt_setup(msg.rhandle, - psa_crypto.handle, - psa_crypto.alg); - break; - } - - case PSA_AEAD_DECRYPT_SETUP: { - if (!psa_crypto_access_control_is_handle_permitted(psa_crypto.handle, - msg.client_id)) { - status = PSA_ERROR_INVALID_HANDLE; - break; - } - status = psa_aead_decrypt_setup(msg.rhandle, - psa_crypto.handle, - psa_crypto.alg); - - status = PSA_ERROR_NOT_SUPPORTED; - break; - } - - case PSA_AEAD_GENERATE_NONCE: { - uint8_t *nonce; - size_t nonce_size = msg.out_size[0]; - size_t nonce_length; - - /* Allocate the nonce buffer. */ - if (nonce_size > 0) { - nonce = mbedtls_calloc(1, nonce_size); - if (nonce == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - break; - } - } - - status = psa_aead_generate_nonce( - msg.rhandle, - nonce, nonce_size, &nonce_length); - if (status == PSA_SUCCESS) { - /* Write out the nonce. */ - psa_write(msg.handle, 0, nonce, nonce_length); - psa_write(msg.handle, 1, &nonce_length, sizeof(nonce_length)); - } - free(nonce); - break; - } - - case PSA_AEAD_SET_NONCE: { - uint8_t *nonce = NULL; - size_t nonce_length = msg.in_size[1]; - - /* Read in the nonce. */ - if (nonce_length > 0) { - nonce = mbedtls_calloc(1, nonce_length); - if (nonce == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - break; - } - } - bytes_read = psa_read(msg.handle, 1, nonce, nonce_length); - if (bytes_read != nonce_length) { - SPM_PANIC("SPM read length mismatch"); - } - - status = psa_aead_set_nonce( - msg.rhandle, nonce, nonce_length); - free(nonce); - break; - } - - case PSA_AEAD_SET_LENGTHS: { - status = psa_aead_set_lengths( - msg.rhandle, - psa_crypto.additional_data_length, - psa_crypto.input_length); - break; - } - - case PSA_AEAD_UPDATE_AD: { - uint8_t *input = NULL; - size_t input_length = msg.in_size[1]; - - /* Read in input. */ - if (input_length > 0) { - input = mbedtls_calloc(1, input_length); - if (input == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - break; - } - } - bytes_read = psa_read(msg.handle, 1, input, input_length); - if (bytes_read != input_length) { - SPM_PANIC("SPM read length mismatch"); - } - - status = psa_aead_update_ad( - msg.rhandle, input, input_length); - - free(input); - break; - } - - case PSA_AEAD_UPDATE: { - uint8_t *input; - size_t input_length = msg.in_size[1]; - uint8_t *output; - size_t output_size = msg.out_size[0]; - size_t output_length; - - /* Read in input. */ - if (input_length > 0) { - input = mbedtls_calloc(1, input_length); - if (input == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - break; - } - } - bytes_read = psa_read(msg.handle, 1, input, input_length); - if (bytes_read != input_length) { - SPM_PANIC("SPM read length mismatch"); - } - - /* Allocate the output buffer. */ - if (output_size > 0) { - output = mbedtls_calloc(1, output_size); - if (output == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - free(input); - break; - } - } - - status = psa_aead_update( - msg.rhandle, input, input_length, - output, output_size, &output_length); - if (status == PSA_SUCCESS) { - /* Write out the output. */ - psa_write(msg.handle, 0, output, output_length); - psa_write(msg.handle, 1, &output_length, sizeof(output_length)); - } - free(output); - free(input); - break; - } - - case PSA_AEAD_FINISH: { - uint8_t *ciphertext = NULL; - size_t ciphertext_size = msg.out_size[0]; - size_t ciphertext_length; - uint8_t *tag = NULL; - size_t tag_size = msg.out_size[2]; - size_t tag_length; - - /* Allocate ciphertext. */ - if (ciphertext_size > 0) { - ciphertext = mbedtls_calloc(1, ciphertext_size); - if (ciphertext == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - break; - } - } - - /* Allocate tag. */ - if (tag_size > 0) { - tag = mbedtls_calloc(1, tag_size); - if (tag == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - free(ciphertext); - break; - } - } - - status = psa_aead_finish(msg.rhandle, - ciphertext, - ciphertext_size, - &ciphertext_length, - tag, - tag_size, - &tag_length); - if (status == PSA_SUCCESS) { - /* Write out ciphertext. */ - if (ciphertext_size > 0) { - psa_write(msg.handle, 0, ciphertext, - ciphertext_length); - psa_write(msg.handle, 1, &ciphertext_length, - sizeof(ciphertext_length)); - } - - /* Write out tag. */ - if (tag_size > 0) { - psa_write(msg.handle, 2, tag, tag_length); - psa_write(msg.handle, 3, &tag_length, - sizeof(tag_length)); - } - } - free(tag); - free(ciphertext); - break; - } - - case PSA_AEAD_VERIFY: { - uint8_t *plaintext = NULL; - size_t plaintext_size = msg.out_size[0]; - size_t plaintext_length; - uint8_t *tag = NULL; - size_t tag_length = msg.in_size[1]; - - /* Allocate plaintext. */ - if (plaintext_size > 0) { - plaintext = mbedtls_calloc(1, plaintext_size); - if (plaintext == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - break; - } - } - - /* Read in tag. */ - if (tag_length > 0) { - tag = mbedtls_calloc(1, tag_length); - if (tag == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - free(plaintext); - break; - } - } - bytes_read = psa_read(msg.handle, 1, tag, tag_length); - if (bytes_read != tag_length) { - SPM_PANIC("SPM read length mismatch"); - } - - status = psa_aead_verify(msg.rhandle, - plaintext, - plaintext_size, - &plaintext_length, - tag, - tag_length); - if (status == PSA_SUCCESS) { - /* Write out the plaintext. */ - psa_write(msg.handle, 0, plaintext, plaintext_length); - psa_write(msg.handle, 1, &plaintext_length, - sizeof(plaintext_length)); - } - - free(tag); - free(plaintext); - break; - } - - case PSA_AEAD_ABORT: { - status = psa_aead_abort(msg.rhandle); - free_message_context(&msg); - break; - } - - default: { - status = PSA_ERROR_NOT_SUPPORTED; - break; - } - } - - break; - } - - case PSA_IPC_DISCONNECT: { - if (msg.rhandle != NULL) { - psa_aead_abort(msg.rhandle); - free_message_context(&msg); - } - break; - } - - default: { - SPM_PANIC("Unexpected message type %d!", (int)(msg.type)); - break; - } - } - - psa_reply(msg.handle, status); -} - -static void psa_symmetric_operation(void) -{ - psa_status_t status = PSA_SUCCESS; - psa_msg_t msg = { 0 }; - - if (PSA_SUCCESS != psa_get(PSA_SYMMETRIC, &msg)) { - return; - } - switch (msg.type) { - case PSA_IPC_CONNECT: { - psa_cipher_operation_t *psa_operation = - mbedtls_calloc(1, sizeof(psa_cipher_operation_t)); - if (psa_operation == NULL) { - status = PSA_CONNECTION_REFUSED; - break; - } - - psa_set_rhandle(msg.handle, psa_operation); - break; - } - - case PSA_IPC_CALL: { - uint32_t bytes_read; - psa_crypto_ipc_t psa_crypto_ipc = { 0 }; - - if (msg.in_size[0] != sizeof(psa_crypto_ipc_t)) { - status = PSA_ERROR_COMMUNICATION_FAILURE; - break; - } - - bytes_read = psa_read(msg.handle, 0, &psa_crypto_ipc, - msg.in_size[0]); - if (bytes_read != msg.in_size[0]) { - SPM_PANIC("SPM read length mismatch"); - } - - switch (psa_crypto_ipc.func) { - case PSA_CIPHER_ENCRYPT: - case PSA_CIPHER_DECRYPT: { - uint8_t *input = NULL; - size_t input_length = msg.in_size[1]; - uint8_t *output = NULL; - size_t output_size = msg.out_size[0]; - size_t output_length; - - if (!psa_crypto_access_control_is_handle_permitted(psa_crypto_ipc.handle, msg.client_id)) { - status = PSA_ERROR_INVALID_HANDLE; - } - - /* Read in input. */ - if (input_length > 0) { - input = mbedtls_calloc(1, input_length); - if (input == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - break; - } - } - bytes_read = psa_read(msg.handle, 1, input, input_length); - if (bytes_read != input_length) { - SPM_PANIC("SPM read length mismatch"); - } - - /* Allocate the output buffer. */ - if (output_size > 0) { - output = mbedtls_calloc(1, output_size); - if (output == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - free(input); - break; - } - } - - /* Perform encrypt or decrypt. */ - switch (psa_crypto_ipc.func) { - case PSA_CIPHER_ENCRYPT: - status = psa_cipher_encrypt( - psa_crypto_ipc.handle, - psa_crypto_ipc.alg, - input, input_length, - output, output_size, &output_length); - break; - case PSA_CIPHER_DECRYPT: - status = psa_cipher_decrypt( - psa_crypto_ipc.handle, - psa_crypto_ipc.alg, - input, input_length, - output, output_size, &output_length); - break; - default: - SPM_PANIC("Unexpected func"); - } - - if (status == PSA_SUCCESS) { - /* Write out the output. */ - psa_write(msg.handle, 0, output, output_length); - psa_write(msg.handle, 1, &output_length, sizeof(output_length)); - } - free(input); - free(output); - break; - } - - case PSA_CIPHER_ENCRYPT_SETUP: { - if (psa_crypto_access_control_is_handle_permitted(psa_crypto_ipc.handle, msg.client_id)) { - status = psa_cipher_encrypt_setup(msg.rhandle, psa_crypto_ipc.handle, psa_crypto_ipc.alg); - } else { - status = PSA_ERROR_INVALID_HANDLE; - } - - if (status != PSA_SUCCESS) { - free_message_context(&msg); - } - break; - } - - case PSA_CIPHER_DECRYPT_SETUP: { - if (psa_crypto_access_control_is_handle_permitted(psa_crypto_ipc.handle, msg.client_id)) { - status = psa_cipher_decrypt_setup(msg.rhandle, psa_crypto_ipc.handle, psa_crypto_ipc.alg); - } else { - status = PSA_ERROR_INVALID_HANDLE; - } - - if (status != PSA_SUCCESS) { - free_message_context(&msg); - } - break; - } - - case PSA_CIPHER_GENERATE_IV: { - size_t iv_length = 0; - size_t iv_size = msg.out_size[0]; - unsigned char iv[PSA_AEAD_MAX_NONCE_SIZE] = { 0 }; - - status = psa_cipher_generate_iv(msg.rhandle, iv, - iv_size, &iv_length); - if (status == PSA_SUCCESS) { - psa_write(msg.handle, 0, iv, iv_length); - psa_write(msg.handle, 1, &iv_length, - sizeof(iv_length)); - } else { - free_message_context(&msg); - } - break; - } - - case PSA_CIPHER_SET_IV: { - size_t iv_length = msg.in_size[1]; - unsigned char iv[PSA_AEAD_MAX_NONCE_SIZE] = { 0 }; - - bytes_read = psa_read(msg.handle, 1, iv, iv_length); - if (bytes_read != iv_length) { - SPM_PANIC("SPM read length mismatch"); - } - status = psa_cipher_set_iv(msg.rhandle, iv, iv_length); - if (status != PSA_SUCCESS) { - free_message_context(&msg); - } - break; - } - - case PSA_CIPHER_UPDATE: { - size_t input_length = msg.in_size[1], - output_size = msg.out_size[0], - output_length = 0; - uint8_t *input = NULL; - unsigned char *output = NULL; - - if (input_length > 0) { - input = mbedtls_calloc(1, input_length); - if (input == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - } else { - bytes_read = psa_read(msg.handle, 1, input, input_length); - if (bytes_read != input_length) { - SPM_PANIC("SPM read length mismatch"); - } - } - } - if (status == PSA_SUCCESS && output_size > 0) { - output = mbedtls_calloc(1, output_size); - if (output == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - } - } - - if (status == PSA_SUCCESS) { - status = psa_cipher_update(msg.rhandle, input, input_length, output, output_size, - &output_length); - if (status == PSA_SUCCESS) { - psa_write(msg.handle, 0, output, output_length); - psa_write(msg.handle, 1, &output_length, sizeof(output_length)); - } - } else { - psa_cipher_abort(msg.rhandle); - } - - mbedtls_free(input); - mbedtls_free(output); - if (status != PSA_SUCCESS) { - free_message_context(&msg); - } - break; - } - - case PSA_CIPHER_FINISH: { - uint8_t *output = NULL; - size_t output_size = msg.out_size[0], - output_length = 0; - - if (output_size > 0) { - output = mbedtls_calloc(1, output_size); - if (output == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - } - } - - if (status == PSA_SUCCESS) { - status = psa_cipher_finish(msg.rhandle, output, output_size, &output_length); - if (status == PSA_SUCCESS) { - psa_write(msg.handle, 0, output, output_length); - psa_write(msg.handle, 1, &output_length, sizeof(output_length)); - } - mbedtls_free(output); - } else { - psa_cipher_abort(msg.rhandle); - } - - free_message_context(&msg); - break; - } - - case PSA_CIPHER_ABORT: { - status = psa_cipher_abort(msg.rhandle); - free_message_context(&msg); - break; - } - - default: { - status = PSA_ERROR_NOT_SUPPORTED; - break; - } - } - - break; - } - - case PSA_IPC_DISCONNECT: { - if (msg.rhandle != NULL) { - psa_cipher_abort(msg.rhandle); - free_message_context(&msg); - } - - break; - } - - default: { - SPM_PANIC("Unexpected message type %d!", (int)(msg.type)); - break; - } - } - - psa_reply(msg.handle, status); -} - - -static void psa_key_management_operation(void) -{ - psa_msg_t msg = { 0 }; - psa_status_t status = PSA_SUCCESS; - int32_t partition_id = 0; - - if (PSA_SUCCESS != psa_get(PSA_KEY_MNG, &msg)) { - return; - } - switch (msg.type) { - case PSA_IPC_CONNECT: - case PSA_IPC_DISCONNECT: { - break; - } - - case PSA_IPC_CALL: { - if (msg.in_size[0] != sizeof(psa_key_mng_ipc_t)) { - status = PSA_ERROR_COMMUNICATION_FAILURE; - break; - } - - uint32_t bytes_read = 0; - psa_key_mng_ipc_t psa_key_mng = {0}; - - bytes_read = psa_read(msg.handle, 0, - &psa_key_mng, msg.in_size[0]); - - if (bytes_read != msg.in_size[0]) { - SPM_PANIC("SPM read length mismatch"); - } - - partition_id = msg.client_id; - - switch (psa_key_mng.func) { - case PSA_GET_KEY_ATTRIBUTES: { - psa_key_attributes_t attributes; - psa_client_key_attributes_t client; - - if (!psa_crypto_access_control_is_handle_permitted(psa_key_mng.handle, - partition_id)) { - status = PSA_ERROR_INVALID_HANDLE; - break; - } - - status = psa_get_key_attributes(psa_key_mng.handle, &attributes); - if (status == PSA_SUCCESS) { - /* We currently don't support domain parameters */ - attributes.domain_parameters = NULL; - attributes.domain_parameters_size = 0; - - psa_core_attributes_to_client(&attributes.core, &client.core); - psa_write(msg.handle, 0, &client, sizeof(client)); - } - - break; - } - - case PSA_OPEN_KEY: { - psa_key_id_t id; - id.owner = msg.client_id; - - bytes_read = psa_read(msg.handle, 1, &(id.key_id), msg.in_size[1]); - if (bytes_read != msg.in_size[1]) { - SPM_PANIC("SPM read length mismatch"); - } - - if (msg.in_size[1] != CLIENT_PSA_KEY_ID_SIZE_IN_BYTES) { - SPM_PANIC("Unexpected psa_key_id_t size received from client"); - } - - status = psa_open_key(id, &psa_key_mng.handle); - if (status == PSA_SUCCESS) { - psa_crypto_access_control_register_handle(psa_key_mng.handle, partition_id); - psa_write(msg.handle, 0, &psa_key_mng.handle, sizeof(psa_key_mng.handle)); - } - break; - } - - case PSA_CLOSE_KEY: { - if (!psa_crypto_access_control_is_handle_permitted(psa_key_mng.handle, - partition_id)) { - status = PSA_ERROR_INVALID_HANDLE; - break; - } - - status = psa_close_key(psa_key_mng.handle); - if (status == PSA_SUCCESS) { - psa_crypto_access_control_unregister_handle(psa_key_mng.handle); - } - - break; - } - - case PSA_IMPORT_KEY: { - size_t attributes_length = msg.in_size[1]; - psa_key_attributes_t attributes; - size_t data_length = msg.in_size[2]; - uint8_t *data = NULL; - psa_key_handle_t handle; - - /* Read in attributes. */ - read_attributes(msg.handle, msg.client_id, &attributes); - - /* Read in data. */ - if (data_length > 0) { - data = mbedtls_calloc(1, data_length); - if (data == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - break; - } - } - bytes_read = psa_read(msg.handle, 2, data, data_length); - if (bytes_read != data_length) { - SPM_PANIC("SPM read length mismatch"); - } - - /* Import the data as a key. */ - status = psa_import_key(&attributes, data, data_length, &handle); - - if (status == PSA_SUCCESS) { - /* Write out the allocated handle. */ - psa_crypto_access_control_register_handle(handle, partition_id); - psa_write(msg.handle, 0, &handle, sizeof(handle)); - } - mbedtls_free(data); - break; - } - - case PSA_DESTROY_KEY: { - if (!psa_crypto_access_control_is_handle_permitted(psa_key_mng.handle, - partition_id)) { - status = PSA_ERROR_INVALID_HANDLE; - break; - } - - status = psa_destroy_key(psa_key_mng.handle); - if (status == PSA_SUCCESS) { - psa_crypto_access_control_unregister_handle(psa_key_mng.handle); - } - - break; - } - - case PSA_EXPORT_KEY: { - uint8_t *data = NULL; - size_t data_size = msg.out_size[0]; - size_t data_length; - - if (!psa_crypto_access_control_is_handle_permitted(psa_key_mng.handle, partition_id)) { - status = PSA_ERROR_INVALID_HANDLE; - break; - } - - if (data_size > 0) { - data = mbedtls_calloc(1, data_size); - if (data == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - break; - } - } - - status = psa_export_key(psa_key_mng.handle, data, data_size, &data_length); - if (status == PSA_SUCCESS) { - psa_write(msg.handle, 0, data, data_length); - } - psa_write(msg.handle, 1, &data_length, sizeof(data_length)); - - mbedtls_free(data); - break; - } - - case PSA_EXPORT_PUBLIC_KEY: { - size_t data_size = msg.out_size[0]; - size_t data_length; - uint8_t *data = NULL; - - if (!psa_crypto_access_control_is_handle_permitted(psa_key_mng.handle, partition_id)) { - status = PSA_ERROR_INVALID_HANDLE; - break; - } - - if (data_size > 0) { - data = mbedtls_calloc(1, data_size); - if (data == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - break; - } - } - - status = psa_export_public_key(psa_key_mng.handle, data, data_size, &data_length); - if (status == PSA_SUCCESS) { - psa_write(msg.handle, 0, data, data_length); - } - psa_write(msg.handle, 1, &data_length, sizeof(data_length)); - - mbedtls_free(data); - break; - } - - case PSA_COPY_KEY: { - psa_key_handle_t target_handle; - psa_key_attributes_t attributes; - - if (!psa_crypto_access_control_is_handle_permitted(psa_key_mng.handle, partition_id)) { - status = PSA_ERROR_INVALID_HANDLE; - break; - } - - /* Read in attributes. */ - read_attributes(msg.handle, msg.client_id, &attributes); - - status = psa_copy_key(psa_key_mng.handle, &attributes, &target_handle); - if (status == PSA_SUCCESS) { - psa_crypto_access_control_register_handle(target_handle, partition_id); - psa_write(msg.handle, 0, &target_handle, sizeof(target_handle)); - } - break; - } - - case PSA_GENERATE_KEY: { - psa_key_attributes_t attributes; - psa_key_handle_t handle; - - /* Read in attributes. */ - read_attributes(msg.handle, msg.client_id, &attributes); - - status = psa_generate_key(&attributes, &handle); - if (status == PSA_SUCCESS) { - /* Write out the allocated handle. */ - psa_crypto_access_control_register_handle(handle, partition_id); - psa_write(msg.handle, 0, &handle, sizeof(handle)); - } - break; - } - - default: { - status = PSA_ERROR_NOT_SUPPORTED; - break; - } - } - - break; - } - - default: { - SPM_PANIC("Unexpected message type %d!", (int)(msg.type)); - break; - } - } - - psa_reply(msg.handle, status); -} - -static void psa_entropy_operation(void) -{ - psa_msg_t msg = { 0 }; - psa_status_t status = PSA_SUCCESS; - - if (PSA_SUCCESS != psa_get(PSA_ENTROPY_INJECT, &msg)) { - return; - } - switch (msg.type) { - case PSA_IPC_CONNECT: - case PSA_IPC_DISCONNECT: { - status = PSA_SUCCESS; - break; - } - - case PSA_IPC_CALL: { -#if defined(MBEDTLS_PSA_INJECT_ENTROPY) - unsigned char *seed = NULL; - uint32_t bytes_read; - size_t seed_size = msg.in_size[0]; - if (MBEDTLS_ENTROPY_MAX_SEED_SIZE < seed_size) { - status = PSA_ERROR_INVALID_ARGUMENT; - break; - } - - if (seed_size > 0) { - seed = mbedtls_calloc(1, seed_size); - if (seed == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - break; - } - } - - bytes_read = psa_read(msg.handle, 0, seed, seed_size); - if (bytes_read != seed_size) { - SPM_PANIC("SPM read length mismatch"); - } - - status = mbedtls_psa_inject_entropy(seed, seed_size); - mbedtls_free(seed); -#else - status = PSA_ERROR_NOT_SUPPORTED; -#endif /* MBEDTLS_PSA_INJECT_ENTROPY */ - break; - } - - default: { - SPM_PANIC("Unexpected message type %d!", (int)(msg.type)); - break; - } - } - - psa_reply(msg.handle, status); -} - - -static void psa_rng_operation(void) -{ - psa_msg_t msg = { 0 }; - psa_status_t status = PSA_SUCCESS; - - if (PSA_SUCCESS != psa_get(PSA_RNG, &msg)) { - return; - } - switch (msg.type) { - case PSA_IPC_CONNECT: - case PSA_IPC_DISCONNECT: { - break; - } - - case PSA_IPC_CALL: { - size_t random_size = msg.out_size[0]; - unsigned char *random = NULL; - - if (random_size > 0) { - random = mbedtls_calloc(1, random_size); - if (random == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - break; - } - } - - status = psa_generate_random(random, random_size); - if (status == PSA_SUCCESS) { - psa_write(msg.handle, 0, random, random_size); - } - - mbedtls_free(random); - break; - } - - default: { - SPM_PANIC("Unexpected message type %d!", (int)(msg.type)); - break; - } - } - - psa_reply(msg.handle, status); -} - - -void psa_crypto_key_derivation_operations(void) -{ - psa_status_t status = PSA_SUCCESS; - psa_msg_t msg = { 0 }; - - if (PSA_SUCCESS != psa_get(PSA_KEY_DERIVATION, &msg)) { - return; - } - switch (msg.type) { - case PSA_IPC_CONNECT: { - psa_key_derivation_operation_t *psa_operation = - mbedtls_calloc(1, sizeof(*psa_operation)); - if (psa_operation == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - break; - } - - psa_set_rhandle(msg.handle, psa_operation); - break; - } - - case PSA_IPC_CALL: { - uint32_t bytes_read; - psa_crypto_derivation_ipc_t psa_crypto_ipc = { 0 }; - if (msg.in_size[0] != sizeof(psa_crypto_derivation_ipc_t)) { - status = PSA_ERROR_COMMUNICATION_FAILURE; - break; - } - - bytes_read = psa_read(msg.handle, 0, &psa_crypto_ipc, - msg.in_size[0]); - if (bytes_read != msg.in_size[0]) { - SPM_PANIC("SPM read length mismatch"); - } - - switch (psa_crypto_ipc.func) { - case PSA_KEY_DERIVATION_SETUP: { - status = psa_key_derivation_setup(msg.rhandle, - psa_crypto_ipc.alg); - if (status != PSA_SUCCESS) { - free_message_context(&msg); - } - break; - } - - case PSA_KEY_DERIVATION_GET_CAPACITY: { - size_t capacity = 0; - - status = psa_key_derivation_get_capacity(msg.rhandle, - &capacity); - if (status == PSA_SUCCESS) { - psa_write(msg.handle, 0, &capacity, sizeof(capacity)); - } - break; - } - - case PSA_KEY_DERIVATION_SET_CAPACITY: { - size_t capacity = 0; - - /* Read capacity */ - bytes_read = psa_read(msg.handle, 1, &capacity, - msg.in_size[1]); - if (bytes_read != sizeof(capacity)) { - SPM_PANIC("SPM read length mismatch"); - } - - status = psa_key_derivation_set_capacity(msg.rhandle, - capacity); - break; - } - - case PSA_KEY_DERIVATION_INPUT_BYTES: { - psa_key_derivation_step_t step; - uint8_t *data; - size_t data_length = msg.in_size[2]; - - /* Read step. */ - bytes_read = psa_read(msg.handle, 1, &step, - msg.in_size[1]); - if (bytes_read != sizeof(step)) { - SPM_PANIC("SPM read length mismatch"); - } - - /* Read data. */ - data = mbedtls_calloc(1, data_length); - if (data == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - break; - } - bytes_read = psa_read(msg.handle, 2, data, data_length); - if (bytes_read != data_length) { - SPM_PANIC("SPM read length mismatch"); - } - - status = psa_key_derivation_input_bytes(msg.rhandle, step, - data, data_length); - - free(data); - break; - } - - case PSA_KEY_DERIVATION_INPUT_KEY: { - psa_key_derivation_step_t step; - - if (!psa_crypto_access_control_is_handle_permitted(psa_crypto_ipc.handle, msg.client_id)) { - status = PSA_ERROR_INVALID_HANDLE; - break; - } - - /* Read step. */ - bytes_read = psa_read(msg.handle, 1, &step, - msg.in_size[1]); - if (bytes_read != sizeof(step)) { - SPM_PANIC("SPM read length mismatch"); - } - - status = psa_key_derivation_input_key( - msg.rhandle, step, psa_crypto_ipc.handle); - break; - } - - case PSA_KEY_DERIVATION_KEY_AGREEMENT: { - psa_key_derivation_step_t step; - uint8_t *peer_key; - size_t peer_key_length = msg.in_size[2]; - - if (!psa_crypto_access_control_is_handle_permitted(psa_crypto_ipc.handle, msg.client_id)) { - status = PSA_ERROR_INVALID_HANDLE; - break; - } - - /* Read step. */ - bytes_read = psa_read(msg.handle, 1, &step, - msg.in_size[1]); - if (bytes_read != sizeof(step)) { - SPM_PANIC("SPM read length mismatch"); - } - - /* Read peer_key. */ - peer_key = mbedtls_calloc(1, peer_key_length); - if (peer_key == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - break; - } - bytes_read = psa_read(msg.handle, 2, - peer_key, peer_key_length); - if (bytes_read != peer_key_length) { - SPM_PANIC("SPM read length mismatch"); - } - - status = psa_key_derivation_key_agreement( - msg.rhandle, step, psa_crypto_ipc.handle, - peer_key, peer_key_length); - - free(peer_key); - break; - } - - case PSA_KEY_DERIVATION_OUTPUT_BYTES: { - uint8_t *output = NULL; - size_t output_length = msg.out_size[0]; - - /* Allocate the output buffer. */ - if (output_length > 0) { - output = mbedtls_calloc(1, output_length); - if (output == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - break; - } - } - - status = psa_key_derivation_output_bytes( - msg.rhandle, output, output_length); - if (status == PSA_SUCCESS) { - /* Write the output. */ - psa_write(msg.handle, 0, output, output_length); - } - free(output); - break; - } - - case PSA_KEY_DERIVATION_OUTPUT_KEY: { - psa_key_attributes_t attributes; - psa_key_handle_t handle; - - /* Read in attributes. */ - read_attributes(msg.handle, msg.client_id, &attributes); - - status = psa_key_derivation_output_key( - &attributes, msg.rhandle, &handle); - if (status == PSA_SUCCESS) { - /* Write out the allocated handle. */ - psa_crypto_access_control_register_handle(handle, msg.client_id); - psa_write(msg.handle, 0, &handle, sizeof(handle)); - } - break; - } - - case PSA_KEY_DERIVATION_ABORT: { - status = psa_key_derivation_abort(msg.rhandle); - free_message_context(&msg); - break; - } - - case PSA_RAW_KEY_AGREEMENT: { - uint8_t *peer_key; - size_t peer_key_length = msg.in_size[1]; - uint8_t *output; - size_t output_size = msg.out_size[0]; - size_t output_length; - - if (!psa_crypto_access_control_is_handle_permitted(psa_crypto_ipc.handle, msg.client_id)) { - status = PSA_ERROR_INVALID_HANDLE; - break; - } - - /* Read peer_key. */ - peer_key = mbedtls_calloc(1, peer_key_length); - if (peer_key == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - break; - } - bytes_read = psa_read(msg.handle, 1, - peer_key, peer_key_length); - if (bytes_read != peer_key_length) { - SPM_PANIC("SPM read length mismatch"); - } - - /* Allocate the output buffer. */ - if (output_size > 0) { - output = mbedtls_calloc(1, output_size); - if (output == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - free(peer_key); - break; - } - } - - status = psa_raw_key_agreement(psa_crypto_ipc.alg, - psa_crypto_ipc.handle, - peer_key, - peer_key_length, - output, - output_size, - &output_length); - if (status == PSA_SUCCESS) { - /* Write the output. */ - psa_write(msg.handle, 0, output, output_length); - psa_write(msg.handle, 1, - &output_length, sizeof(output_length)); - } - - free(output); - free(peer_key); - break; - } - - default: { - status = PSA_ERROR_NOT_SUPPORTED; - break; - } - } - - break; - } - case PSA_IPC_DISCONNECT: { - if (msg.rhandle != NULL) { - psa_key_derivation_abort(msg.rhandle); - free_message_context(&msg); - } - - break; - } - - default: { - SPM_PANIC("Unexpected message type %d!", (int)(msg.type)); - break; - } - } - - psa_reply(msg.handle, status); -} - - -void crypto_main(void *ptr) -{ - while (1) { - psa_signal_t signals = 0; - signals = psa_wait(CRYPTO_SRV_WAIT_ANY_SID_MSK, PSA_BLOCK); - if (signals & PSA_CRYPTO_INIT) { - psa_crypto_init_operation(); - } - if (signals & PSA_MAC) { - psa_mac_operation(); - } - if (signals & PSA_HASH) { - psa_hash_operation(); - } - if (signals & PSA_SYMMETRIC) { - psa_symmetric_operation(); - } - if (signals & PSA_ASYMMETRIC) { - psa_asymmetric_operation(); - } - if (signals & PSA_AEAD) { - psa_aead_operation(); - } - if (signals & PSA_KEY_MNG) { - psa_key_management_operation(); - } - if (signals & PSA_RNG) { - psa_rng_operation(); - } - if (signals & PSA_CRYPTO_FREE) { - psa_crypto_free_operation(); - } - if (signals & PSA_KEY_DERIVATION) { - psa_crypto_key_derivation_operations(); - } - if (signals & PSA_ENTROPY_INJECT) { - psa_entropy_operation(); - } - } -} diff --git a/components/TARGET_PSA/services/crypto/crypto_partition_psa.json b/components/TARGET_PSA/services/crypto/crypto_partition_psa.json deleted file mode 100755 index a9330c5371..0000000000 --- a/components/TARGET_PSA/services/crypto/crypto_partition_psa.json +++ /dev/null @@ -1,108 +0,0 @@ -{ - "name": "CRYPTO_SRV", - "type": "APPLICATION-ROT", - "priority": "NORMAL", - "id": "0x00000023", - "entry_point": "crypto_main", - "stack_size": "0x4000", - "heap_size": "0x400", - "services": [ - { - "name": "PSA_CRYPTO_INIT_ID", - "identifier": "0x00000F00", - "signal": "PSA_CRYPTO_INIT", - "non_secure_clients": true, - "minor_version": 1, - "minor_policy": "STRICT" - }, - { - "name": "PSA_MAC_ID", - "identifier": "0x00000F01", - "signal": "PSA_MAC", - "non_secure_clients": true, - "minor_version": 1, - "minor_policy": "STRICT" - }, - { - "name": "PSA_HASH_ID", - "identifier": "0x00000F02", - "signal": "PSA_HASH", - "non_secure_clients": true, - "minor_version": 1, - "minor_policy": "STRICT" - }, - { - "name": "PSA_ASYMMETRIC_ID", - "identifier": "0x00000F03", - "signal": "PSA_ASYMMETRIC", - "non_secure_clients": true, - "minor_version": 1, - "minor_policy": "STRICT" - }, - { - "name": "PSA_SYMMETRIC_ID", - "identifier": "0x00000F04", - "signal": "PSA_SYMMETRIC", - "non_secure_clients": true, - "minor_version": 1, - "minor_policy": "STRICT" - }, - { - "name": "PSA_AEAD_ID", - "identifier": "0x00000F05", - "signal": "PSA_AEAD", - "non_secure_clients": true, - "minor_version": 1, - "minor_policy": "STRICT" - }, - { - "name": "PSA_KEY_MNG_ID", - "identifier": "0x00000F06", - "signal": "PSA_KEY_MNG", - "non_secure_clients": true, - "minor_version": 1, - "minor_policy": "STRICT" - }, - { - "name": "PSA_RNG_ID", - "identifier": "0x00000F07", - "signal": "PSA_RNG", - "non_secure_clients": true, - "minor_version": 1, - "minor_policy": "STRICT" - }, - { - "name": "PSA_CRYPTO_FREE_ID", - "identifier": "0x00000F08", - "signal": "PSA_CRYPTO_FREE", - "non_secure_clients": true, - "minor_version": 1, - "minor_policy": "STRICT" - }, - { - "name": "PSA_KEY_DERIVATION_ID", - "identifier": "0x00000F09", - "signal": "PSA_KEY_DERIVATION", - "non_secure_clients": true, - "minor_version": 1, - "minor_policy": "STRICT" - }, - { - "name": "PSA_ENTROPY_ID", - "identifier": "0x00000F0A", - "signal": "PSA_ENTROPY_INJECT", - "non_secure_clients": true, - "minor_version": 1, - "minor_policy": "STRICT" - } - ], - "extern_sids": [ - "PSA_ITS_GET", - "PSA_ITS_SET", - "PSA_ITS_INFO", - "PSA_ITS_REMOVE" - ], - "source_files": [ - "COMPONENT_SPE/psa_crypto_partition.c" - ] -} diff --git a/components/TARGET_PSA/services/platform/COMPONENT_PSA_SRV_IPC/platform_ipc.c b/components/TARGET_PSA/services/platform/COMPONENT_PSA_SRV_IPC/platform_ipc.c deleted file mode 100644 index 61634817d8..0000000000 --- a/components/TARGET_PSA/services/platform/COMPONENT_PSA_SRV_IPC/platform_ipc.c +++ /dev/null @@ -1,68 +0,0 @@ -/* Copyright (c) 2019 ARM Limited - * - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "psa_manifest/sid.h" -#include "psa/lifecycle.h" -#include "psa/client.h" -#include "mbed_toolchain.h" -#include "mbed_error.h" - -uint32_t psa_security_lifecycle_state(void) -{ - psa_handle_t conn = psa_connect(PSA_PLATFORM_LC_GET, 1); - if (conn <= PSA_NULL_HANDLE) { - return PSA_LIFECYCLE_UNKNOWN; - } - - uint32_t lc_state = 0; - psa_outvec resp[1] = { {&lc_state, sizeof(lc_state)} }; - - psa_status_t status = psa_call(conn, NULL, 0, resp, 1); - if (status == PSA_DROP_CONNECTION) { - lc_state = PSA_LIFECYCLE_UNKNOWN; - } - - psa_close(conn); - - return lc_state; -} - -psa_status_t mbed_psa_reboot_and_request_new_security_state(uint32_t new_state) -{ - psa_handle_t conn = psa_connect(PSA_PLATFORM_LC_SET, 1); - if (conn <= PSA_NULL_HANDLE) { - return (psa_status_t) conn; - } - - psa_invec msg[1] = { - { &new_state, sizeof(new_state) } - }; - - psa_status_t status = psa_call(conn, msg, 1, NULL, 0); - - psa_close(conn); - return status; -} - -void mbed_psa_system_reset(void) -{ - psa_handle_t conn = psa_connect(PSA_PLATFORM_SYSTEM_RESET, 1); - if (conn > PSA_NULL_HANDLE) { - psa_call(conn, NULL, 0, NULL, 0); - } - error("reset failed - cannot connect to service handle=%ld", conn); -} diff --git a/components/TARGET_PSA/services/platform/COMPONENT_SPE/platform_partition.c b/components/TARGET_PSA/services/platform/COMPONENT_SPE/platform_partition.c deleted file mode 100644 index db47444a34..0000000000 --- a/components/TARGET_PSA/services/platform/COMPONENT_SPE/platform_partition.c +++ /dev/null @@ -1,106 +0,0 @@ -/* Copyright (c) 2019 ARM Limited - * - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "mbed_spm_partitions.h" -#include "platform_srv_impl.h" -#include "psa/internal_trusted_storage.h" -#include "psa/service.h" - -typedef psa_status_t (*SignalHandler)(psa_msg_t *); - -static psa_status_t lifecycle_get(psa_msg_t *msg) -{ - uint32_t lc_state; - - if (msg->out_size[0] != sizeof(lc_state)) { - return PSA_DROP_CONNECTION; - } - - psa_status_t status = psa_platfrom_lifecycle_get_impl(&lc_state); - if (status == PSA_SUCCESS) { - psa_write(msg->handle, 0, &lc_state, sizeof(lc_state)); - } - - return status; -} - -static psa_status_t lifecycle_change_request(psa_msg_t *msg) -{ - uint32_t lc_state; - - if (msg->in_size[0] != sizeof(lc_state)) { - return PSA_DROP_CONNECTION; - } - if (psa_read(msg->handle, 0, &lc_state, sizeof(lc_state)) != sizeof(lc_state)) { - return PSA_DROP_CONNECTION; - } - return psa_platfrom_lifecycle_change_request_impl(lc_state); - -} - -static MBED_NORETURN psa_status_t system_reset_request(psa_msg_t *msg) -{ - (void)msg; - mbed_psa_system_reset_impl(); -} - -static void message_handler(psa_msg_t *msg, SignalHandler handler) -{ - psa_status_t status = PSA_SUCCESS; - switch (msg->type) { - case PSA_IPC_CONNECT: //fallthrough - case PSA_IPC_DISCONNECT: { - break; - } - case PSA_IPC_CALL: { - status = handler(msg); - break; - } - default: { - SPM_PANIC("Unexpected message type %lu!", msg->type); - break; - } - } - psa_reply(msg->handle, status); -} - -void platform_partition_entry(void *ptr) -{ - psa_signal_t signals = 0; - psa_msg_t msg = {0}; - while (1) { - signals = psa_wait(PLATFORM_WAIT_ANY_SID_MSK, PSA_BLOCK); - if ((signals & PSA_PLATFORM_LC_GET_MSK) != 0) { - if (PSA_SUCCESS != psa_get(PSA_PLATFORM_LC_GET_MSK, &msg)) { - continue; - } - message_handler(&msg, lifecycle_get); - } - if ((signals & PSA_PLATFORM_LC_SET_MSK) != 0) { - if (PSA_SUCCESS != psa_get(PSA_PLATFORM_LC_SET_MSK, &msg)) { - continue; - } - message_handler(&msg, lifecycle_change_request); - } - if ((signals & PSA_PLATFORM_SYSTEM_RESET_MSK) != 0) { - if (PSA_SUCCESS != psa_get(PSA_PLATFORM_SYSTEM_RESET_MSK, &msg)) { - continue; - } - message_handler(&msg, system_reset_request); - } - } -} diff --git a/components/TARGET_PSA/services/platform/platform_psa.json b/components/TARGET_PSA/services/platform/platform_psa.json deleted file mode 100644 index b519504cc5..0000000000 --- a/components/TARGET_PSA/services/platform/platform_psa.json +++ /dev/null @@ -1,40 +0,0 @@ -{ - "name": "PLATFORM", - "type": "APPLICATION-ROT", - "priority": "NORMAL", - "id": "0x00000008", - "entry_point": "platform_partition_entry", - "stack_size": "0x400", - "heap_size": "0x400", - "services": [{ - "name": "PSA_PLATFORM_LC_GET", - "identifier": "0x00011000", - "signal": "PSA_PLATFORM_LC_GET_MSK", - "non_secure_clients": true, - "minor_version": 1, - "minor_policy": "RELAXED" - }, - { - "name": "PSA_PLATFORM_LC_SET", - "identifier": "0x00011001", - "signal": "PSA_PLATFORM_LC_SET_MSK", - "non_secure_clients": true, - "minor_version": 1, - "minor_policy": "RELAXED" - }, - { - "name": "PSA_PLATFORM_SYSTEM_RESET", - "identifier": "0x00011002", - "signal": "PSA_PLATFORM_SYSTEM_RESET_MSK", - "non_secure_clients": true, - "minor_version": 1, - "minor_policy": "RELAXED" - } - ], - "extern_sids": [ - "PSA_ITS_RESET" - ], - "source_files": [ - "COMPONENT_SPE/platform_partition.c" - ] - } diff --git a/components/TARGET_PSA/services/storage/its/COMPONENT_PSA_SRV_IMPL/TARGET_TFM/its_tfm_impl.cpp b/components/TARGET_PSA/services/storage/its/COMPONENT_PSA_SRV_IMPL/TARGET_TFM/its_tfm_impl.cpp deleted file mode 100644 index 46cd1a7502..0000000000 --- a/components/TARGET_PSA/services/storage/its/COMPONENT_PSA_SRV_IMPL/TARGET_TFM/its_tfm_impl.cpp +++ /dev/null @@ -1,157 +0,0 @@ -/* Copyright (c) 2018 ARM Limited - * - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include -#include "KVStore.h" -#include "TDBStore.h" -#include "psa/internal_trusted_storage.h" -#include "pits_impl.h" -#include "mbed_error.h" -#include "mbed_toolchain.h" -#include "FlashIAP.h" -#include "FlashIAPBlockDevice.h" - -using namespace mbed; - -static KVStore *internal_store = NULL; -static bool is_tfm_kv_initialized = false; - -static inline uint32_t align_up(uint64_t val, uint64_t size) -{ - return (((val - 1) / size) + 1) * size; -} - -static inline uint32_t align_down(uint64_t val, uint64_t size) -{ - return (((val) / size)) * size; -} - -static BlockDevice *_get_blockdevice(bd_addr_t start_address, bd_size_t size) -{ - int ret = MBED_SUCCESS; - bd_addr_t flash_end_address; - bd_addr_t flash_start_address; - bd_addr_t aligned_start_address; - bd_addr_t aligned_end_address; - bd_addr_t end_address; - FlashIAP flash; - - ret = flash.init(); - if (ret != 0) { - return NULL; - } - - //Get flash parameters before starting - flash_start_address = flash.get_flash_start(); - flash_end_address = flash_start_address + flash.get_flash_size();; - - aligned_start_address = align_down(start_address, flash.get_sector_size(start_address)); - if (start_address != aligned_start_address) { - flash.deinit(); - return NULL; - } - - end_address = start_address + size; - if (end_address > flash_end_address) { - flash.deinit(); - return NULL; - } - - aligned_end_address = align_up(end_address, flash.get_sector_size(end_address - 1)); - if (end_address != aligned_end_address) { - flash.deinit(); - return NULL; - } - - static FlashIAPBlockDevice bd(start_address, size); - flash.deinit(); - return &bd; -} - -static int _calculate_blocksize_match_tdbstore(BlockDevice *bd) -{ - bd_size_t size = bd->size(); - bd_size_t erase_size = bd->get_erase_size(); - bd_size_t number_of_sector = size / erase_size; - - if (number_of_sector < 2) { - return -1; - } - - return 0; -} - -static int tfm_kv_init(void) -{ - int ret = MBED_SUCCESS; - bd_size_t internal_size = MBED_CONF_STORAGE_TDB_INTERNAL_INTERNAL_SIZE; - bd_addr_t internal_start_address = MBED_CONF_STORAGE_TDB_INTERNAL_INTERNAL_BASE_ADDRESS; - - //Get internal memory FLASHIAP block device. - BlockDevice *internal_bd = _get_blockdevice(internal_start_address, internal_size); - if (internal_bd == NULL) { - return -1; // TODO: Error code - } - - ret = internal_bd->init(); - if (ret != 0) { - return ret; - } - - //Check that internal flash has 2 or more sectors - if (_calculate_blocksize_match_tdbstore(internal_bd) != 0) { - return -1; // TODO: Error code - } - - //Deinitialize internal block device and TDB will reinitialize and take control on it. - ret = internal_bd->deinit(); - if (ret != 0) { - return ret; - } - - //Create a TDBStore in the internal FLASHIAP block device. - static TDBStore tdb_internal(internal_bd); - internal_store = &tdb_internal; - - ret = internal_store->init(); - - return ret; -} - -/* - * \brief Get default KVStore instance for internal flesh storage - * - * \return valid pointer to KVStore - */ - -KVStore *get_its_kvstore_instance(void) -{ - return internal_store; -} -extern "C" int kv_init_storage_config() -{ - int ret = MBED_SUCCESS; - - if (!is_tfm_kv_initialized) { - ret = tfm_kv_init(); - } - - is_tfm_kv_initialized = (ret == MBED_SUCCESS) ? true : false; - return ret; -} - - diff --git a/components/TARGET_PSA/services/storage/its/COMPONENT_PSA_SRV_IPC/psa_prot_internal_storage.c b/components/TARGET_PSA/services/storage/its/COMPONENT_PSA_SRV_IPC/psa_prot_internal_storage.c deleted file mode 100644 index fb999af51f..0000000000 --- a/components/TARGET_PSA/services/storage/its/COMPONENT_PSA_SRV_IPC/psa_prot_internal_storage.c +++ /dev/null @@ -1,137 +0,0 @@ -/* Copyright (c) 2018 ARM Limited - * - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "psa/client.h" -#include "psa/storage_common.h" -#include "psa/internal_trusted_storage.h" -#include "psa_manifest/sid.h" - -psa_status_t psa_its_set(psa_storage_uid_t uid, size_t data_length, const void *p_data, psa_storage_create_flags_t create_flags) -{ - if (!p_data && data_length) { - return PSA_ERROR_INVALID_ARGUMENT; - } - - psa_invec msg[3] = { - { &uid, sizeof(uid) }, - { p_data, data_length }, - { &create_flags, sizeof(create_flags) } - }; - - psa_handle_t conn = psa_connect(PSA_ITS_SET, 1); - if (conn <= PSA_NULL_HANDLE) { - return PSA_ERROR_STORAGE_FAILURE; - } - - psa_status_t status = psa_call(conn, msg, 3, NULL, 0); - if (status == PSA_DROP_CONNECTION) { - status = PSA_ERROR_STORAGE_FAILURE; - } - - psa_close(conn); - return status; -} - -psa_status_t psa_its_get(psa_storage_uid_t uid, size_t data_offset, size_t data_length, void *p_data, size_t *p_data_length) -{ - size_t actual_size = 0; - - if ((!p_data && data_length) || !p_data_length) { - return PSA_ERROR_INVALID_ARGUMENT; - } - - psa_invec msg[2] = { - { &uid, sizeof(uid) }, - { &data_offset, sizeof(data_offset) } - }; - - psa_outvec resp[2] = { - { p_data, data_length }, - { &actual_size, sizeof(actual_size) } - }; - - psa_handle_t conn = psa_connect(PSA_ITS_GET, 1); - if (conn <= PSA_NULL_HANDLE) { - return PSA_ERROR_STORAGE_FAILURE; - } - - psa_status_t status = psa_call(conn, msg, 2, resp, 2); - - *p_data_length = actual_size; - - psa_close(conn); - return status; -} - -psa_status_t psa_its_get_info(psa_storage_uid_t uid, struct psa_storage_info_t *p_info) -{ - if (!p_info) { - return PSA_ERROR_INVALID_ARGUMENT; - } - - struct psa_storage_info_t info = { 0, PSA_STORAGE_FLAG_NONE }; - psa_invec msg = { &uid, sizeof(uid) }; - psa_outvec resp = { &info, sizeof(info) }; - psa_handle_t conn = psa_connect(PSA_ITS_INFO, 1); - if (conn <= PSA_NULL_HANDLE) { - return PSA_ERROR_STORAGE_FAILURE; - } - - psa_status_t status = psa_call(conn, &msg, 1, &resp, 1); - - *p_info = info; - - if (status == PSA_DROP_CONNECTION) { - status = PSA_ERROR_STORAGE_FAILURE; - } - - psa_close(conn); - return status; -} - -psa_status_t psa_its_remove(psa_storage_uid_t uid) -{ - psa_invec msg = { &uid, sizeof(uid) }; - psa_handle_t conn = psa_connect(PSA_ITS_REMOVE, 1); - if (conn <= PSA_NULL_HANDLE) { - return PSA_ERROR_STORAGE_FAILURE; - } - - psa_status_t status = psa_call(conn, &msg, 1, NULL, 0); - if (status == PSA_DROP_CONNECTION) { - status = PSA_ERROR_STORAGE_FAILURE; - } - - psa_close(conn); - return status; -} - -psa_status_t psa_its_reset() -{ - psa_handle_t conn = psa_connect(PSA_ITS_RESET, 1); - if (conn <= PSA_NULL_HANDLE) { - return PSA_ERROR_STORAGE_FAILURE; - } - - psa_status_t status = psa_call(conn, NULL, 0, NULL, 0); - if (status == PSA_DROP_CONNECTION) { - status = PSA_ERROR_STORAGE_FAILURE; - } - - psa_close(conn); - return status; -} diff --git a/components/TARGET_PSA/services/storage/its/COMPONENT_SPE/its_partition.c b/components/TARGET_PSA/services/storage/its/COMPONENT_SPE/its_partition.c deleted file mode 100644 index 7743d52ad6..0000000000 --- a/components/TARGET_PSA/services/storage/its/COMPONENT_SPE/its_partition.c +++ /dev/null @@ -1,225 +0,0 @@ -/* Copyright (c) 2018 ARM Limited - * - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include -#include -#include "psa/client.h" -#include "psa/service.h" -#include "mbed_spm_partitions.h" -#include "psa/internal_trusted_storage.h" -#include "pits_impl.h" -#include "mbed_error.h" - -#if defined(TARGET_MBED_SPM) -#include "kv_config.h" -#else -int kv_init_storage_config(); -#endif - -#ifdef __cplusplus -extern "C" -{ -#endif - -typedef psa_status_t (*SignalHandler)(psa_msg_t *); - -static psa_status_t storage_set(psa_msg_t *msg) -{ - psa_storage_uid_t key = 0; - void *data = NULL; - uint32_t alloc_size = msg->in_size[1]; - psa_storage_create_flags_t flags = 0; - - if ((msg->in_size[0] != sizeof(key)) || (msg->in_size[2] != sizeof(flags))) { - return PSA_DROP_CONNECTION; - } - - if (psa_read(msg->handle, 0, &key, sizeof(key)) != sizeof(key)) { - return PSA_DROP_CONNECTION; - } - - if (psa_read(msg->handle, 2, &flags, sizeof(flags)) != sizeof(flags)) { - return PSA_DROP_CONNECTION; - } - - data = malloc(alloc_size); - if (data == NULL) { - return PSA_ERROR_STORAGE_FAILURE; - } - - if (psa_read(msg->handle, 1, data, msg->in_size[1]) != msg->in_size[1]) { - free(data); - return PSA_ERROR_STORAGE_FAILURE; - } - - psa_status_t status = psa_its_set_impl(msg->client_id, key, alloc_size, data, flags); - memset(data, 0, alloc_size); - free(data); - return status; -} - -static psa_status_t storage_get(psa_msg_t *msg) -{ - psa_storage_uid_t key = 0; - uint32_t offset = 0; - size_t actual_size; - - if ((msg->in_size[0] != sizeof(key)) || - (msg->in_size[1] != sizeof(offset)) || - (msg->out_size[1] != sizeof(actual_size))) { - return PSA_DROP_CONNECTION; - } - - if (psa_read(msg->handle, 0, &key, sizeof(key)) != sizeof(key)) { - return PSA_DROP_CONNECTION; - } - - if (psa_read(msg->handle, 1, &offset, sizeof(offset)) != sizeof(offset)) { - return PSA_DROP_CONNECTION; - } - - uint8_t *data = (uint8_t *)malloc(msg->out_size[0]); - if (data == NULL) { - return PSA_ERROR_STORAGE_FAILURE; - } - - psa_status_t status = psa_its_get_impl(msg->client_id, key, offset, msg->out_size[0], data, &actual_size); - if (status == PSA_SUCCESS) { - psa_write(msg->handle, 0, data, actual_size); - psa_write(msg->handle, 1, &actual_size, sizeof(actual_size)); - } - - memset(data, 0, msg->out_size[0]); - free(data); - return status; -} - -static psa_status_t storage_info(psa_msg_t *msg) -{ - struct psa_storage_info_t info = { 0 }; - psa_storage_uid_t key = 0; - - if ((msg->in_size[0] != sizeof(key)) || (msg->out_size[0] != sizeof(info))) { - return PSA_DROP_CONNECTION; - } - - if (psa_read(msg->handle, 0, &key, sizeof(key)) != sizeof(key)) { - return PSA_DROP_CONNECTION; - } - - psa_status_t status = psa_its_get_info_impl(msg->client_id, key, &info); - if (status == PSA_SUCCESS) { - psa_write(msg->handle, 0, &info, msg->out_size[0]); - } - - return status; -} - -static psa_status_t storage_remove(psa_msg_t *msg) -{ - psa_storage_uid_t key = 0; - - if (msg->in_size[0] != sizeof(key)) { - return PSA_DROP_CONNECTION; - } - - if (psa_read(msg->handle, 0, &key, sizeof(key)) != sizeof(key)) { - return PSA_DROP_CONNECTION; - } - - return psa_its_remove_impl(msg->client_id, key); -} -static psa_status_t storage_reset(psa_msg_t *msg) -{ - (void)msg; - return psa_its_reset_impl(); -} - - - -static void message_handler(psa_msg_t *msg, SignalHandler handler) -{ - psa_status_t status = PSA_SUCCESS; - switch (msg->type) { - case PSA_IPC_CONNECT: //fallthrough - case PSA_IPC_DISCONNECT: { - break; - } - case PSA_IPC_CALL: { - status = handler(msg); - break; - } - default: { - SPM_PANIC("Unexpected message type %lu!", msg->type); - break; - } - } - psa_reply(msg->handle, status); -} - -void its_entry(void *ptr) -{ - psa_signal_t signals = 0; - psa_msg_t msg = {0}; - - while (1) { - signals = psa_wait(ITS_WAIT_ANY_SID_MSK, PSA_BLOCK); - // KVStore initiation: - // - Must be done after the psa_wait() call since only now we know OS initialization is done - // - Repeating calls has no effect - int kv_status = kv_init_storage_config(); - if (kv_status != MBED_SUCCESS) { - SPM_PANIC("KVStore initiation failed with status %d!", kv_status); - } - - if ((signals & PSA_ITS_SET_MSK) != 0) { - if (PSA_SUCCESS != psa_get(PSA_ITS_SET_MSK, &msg)) { - continue; - } - message_handler(&msg, storage_set); - } - if ((signals & PSA_ITS_GET_MSK) != 0) { - if (PSA_SUCCESS != psa_get(PSA_ITS_GET_MSK, &msg)) { - continue; - } - message_handler(&msg, storage_get); - } - if ((signals & PSA_ITS_INFO_MSK) != 0) { - if (PSA_SUCCESS != psa_get(PSA_ITS_INFO_MSK, &msg)) { - continue; - } - message_handler(&msg, storage_info); - } - if ((signals & PSA_ITS_REMOVE_MSK) != 0) { - if (PSA_SUCCESS != psa_get(PSA_ITS_REMOVE_MSK, &msg)) { - continue; - } - message_handler(&msg, storage_remove); - } - if ((signals & PSA_ITS_RESET_MSK) != 0) { - if (PSA_SUCCESS != psa_get(PSA_ITS_RESET_MSK, &msg)) { - continue; - } - message_handler(&msg, storage_reset); - } - - } -} - -#ifdef __cplusplus -} -#endif diff --git a/components/TARGET_PSA/services/storage/its/pits_psa.json b/components/TARGET_PSA/services/storage/its/pits_psa.json deleted file mode 100644 index 2296e0dccd..0000000000 --- a/components/TARGET_PSA/services/storage/its/pits_psa.json +++ /dev/null @@ -1,53 +0,0 @@ -{ - "name": "ITS", - "type": "APPLICATION-ROT", - "priority": "NORMAL", - "id": "0x0000000A", - "entry_point": "its_entry", - "stack_size": "0x800", - "heap_size": "0x400", - "services": [{ - "name": "PSA_ITS_GET", - "identifier": "0x00011A00", - "signal": "PSA_ITS_GET_MSK", - "non_secure_clients": true, - "minor_version": 1, - "minor_policy": "RELAXED" - }, - { - "name": "PSA_ITS_SET", - "identifier": "0x00011A01", - "signal": "PSA_ITS_SET_MSK", - "non_secure_clients": true, - "minor_version": 1, - "minor_policy": "RELAXED" - }, - { - "name": "PSA_ITS_INFO", - "identifier": "0x00011A02", - "signal": "PSA_ITS_INFO_MSK", - "non_secure_clients": true, - "minor_version": 1, - "minor_policy": "RELAXED" - }, - { - "name": "PSA_ITS_REMOVE", - "identifier": "0x00011A03", - "signal": "PSA_ITS_REMOVE_MSK", - "non_secure_clients": true, - "minor_version": 1, - "minor_policy": "RELAXED" - }, - { - "name": "PSA_ITS_RESET", - "identifier": "0x00011A04", - "signal": "PSA_ITS_RESET_MSK", - "non_secure_clients": false, - "minor_version": 1, - "minor_policy": "RELAXED" - } - ], - "source_files": [ - "COMPONENT_SPE/its_partition.c" - ] - } diff --git a/components/TARGET_PSA/TARGET_MBED_SPM/COMPONENT_SPE/psa_setup.c b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TARGET_MBED_SPM/COMPONENT_SPE/psa_setup.c similarity index 100% rename from components/TARGET_PSA/TARGET_MBED_SPM/COMPONENT_SPE/psa_setup.c rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TARGET_MBED_SPM/COMPONENT_SPE/psa_setup.c diff --git a/components/TARGET_PSA/TARGET_TFM/COMPONENT_SPE/inc/tfm_partition_defs.inc b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TARGET_TFM/COMPONENT_SPE/inc/tfm_partition_defs.inc similarity index 100% rename from components/TARGET_PSA/TARGET_TFM/COMPONENT_SPE/inc/tfm_partition_defs.inc rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TARGET_TFM/COMPONENT_SPE/inc/tfm_partition_defs.inc diff --git a/components/TARGET_PSA/TARGET_TFM/COMPONENT_SPE/inc/tfm_partition_list.inc b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TARGET_TFM/COMPONENT_SPE/inc/tfm_partition_list.inc similarity index 100% rename from components/TARGET_PSA/TARGET_TFM/COMPONENT_SPE/inc/tfm_partition_list.inc rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TARGET_TFM/COMPONENT_SPE/inc/tfm_partition_list.inc diff --git a/components/TARGET_PSA/TARGET_TFM/COMPONENT_SPE/inc/tfm_service_list.inc b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TARGET_TFM/COMPONENT_SPE/inc/tfm_service_list.inc similarity index 100% rename from components/TARGET_PSA/TARGET_TFM/COMPONENT_SPE/inc/tfm_service_list.inc rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TARGET_TFM/COMPONENT_SPE/inc/tfm_service_list.inc diff --git a/components/TARGET_PSA/TARGET_TFM/COMPONENT_SPE/inc/tfm_spm_signal_defs.h b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TARGET_TFM/COMPONENT_SPE/inc/tfm_spm_signal_defs.h similarity index 100% rename from components/TARGET_PSA/TARGET_TFM/COMPONENT_SPE/inc/tfm_spm_signal_defs.h rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TARGET_TFM/COMPONENT_SPE/inc/tfm_spm_signal_defs.h diff --git a/components/TARGET_PSA/TESTS/compliance_attestation/psa_attestation_testlist.md b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_attestation/psa_attestation_testlist.md similarity index 100% rename from components/TARGET_PSA/TESTS/compliance_attestation/psa_attestation_testlist.md rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_attestation/psa_attestation_testlist.md diff --git a/components/TARGET_PSA/TESTS/compliance_attestation/test_a001/main.c b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_attestation/test_a001/main.c similarity index 100% rename from components/TARGET_PSA/TESTS/compliance_attestation/test_a001/main.c rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_attestation/test_a001/main.c diff --git a/components/TARGET_PSA/TESTS/compliance_attestation/test_a001/test_a001.c b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_attestation/test_a001/test_a001.c similarity index 100% rename from components/TARGET_PSA/TESTS/compliance_attestation/test_a001/test_a001.c rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_attestation/test_a001/test_a001.c diff --git a/components/TARGET_PSA/TESTS/compliance_attestation/test_a001/test_a001.h b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_attestation/test_a001/test_a001.h similarity index 100% rename from components/TARGET_PSA/TESTS/compliance_attestation/test_a001/test_a001.h rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_attestation/test_a001/test_a001.h diff --git a/components/TARGET_PSA/TESTS/compliance_attestation/test_a001/test_data.h b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_attestation/test_a001/test_data.h similarity index 100% rename from components/TARGET_PSA/TESTS/compliance_attestation/test_a001/test_data.h rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_attestation/test_a001/test_data.h diff --git a/components/TARGET_PSA/TESTS/compliance_attestation/test_a001/test_entry.c b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_attestation/test_a001/test_entry.c similarity index 100% rename from components/TARGET_PSA/TESTS/compliance_attestation/test_a001/test_entry.c rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_attestation/test_a001/test_entry.c diff --git a/components/TARGET_PSA/TESTS/compliance_its/psa_its_testlist.md b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/psa_its_testlist.md similarity index 100% rename from components/TARGET_PSA/TESTS/compliance_its/psa_its_testlist.md rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/psa_its_testlist.md diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s001/main.c b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s001/main.c similarity index 100% rename from components/TARGET_PSA/TESTS/compliance_its/test_s001/main.c rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s001/main.c diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s001/test_entry.c b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s001/test_entry.c similarity index 100% rename from components/TARGET_PSA/TESTS/compliance_its/test_s001/test_entry.c rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s001/test_entry.c diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s001/test_its_data.h b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s001/test_its_data.h similarity index 100% rename from components/TARGET_PSA/TESTS/compliance_its/test_s001/test_its_data.h rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s001/test_its_data.h diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s001/test_ps_data.h b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s001/test_ps_data.h similarity index 100% rename from components/TARGET_PSA/TESTS/compliance_its/test_s001/test_ps_data.h rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s001/test_ps_data.h diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s001/test_s001.c b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s001/test_s001.c similarity index 100% rename from components/TARGET_PSA/TESTS/compliance_its/test_s001/test_s001.c rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s001/test_s001.c diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s001/test_s001.h b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s001/test_s001.h similarity index 100% rename from components/TARGET_PSA/TESTS/compliance_its/test_s001/test_s001.h rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s001/test_s001.h diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s002/main.c b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s002/main.c similarity index 100% rename from components/TARGET_PSA/TESTS/compliance_its/test_s002/main.c rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s002/main.c diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s002/test_entry.c b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s002/test_entry.c similarity index 100% rename from components/TARGET_PSA/TESTS/compliance_its/test_s002/test_entry.c rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s002/test_entry.c diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s002/test_its_data.h b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s002/test_its_data.h similarity index 100% rename from components/TARGET_PSA/TESTS/compliance_its/test_s002/test_its_data.h rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s002/test_its_data.h diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s002/test_ps_data.h b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s002/test_ps_data.h similarity index 100% rename from components/TARGET_PSA/TESTS/compliance_its/test_s002/test_ps_data.h rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s002/test_ps_data.h diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s002/test_s002.c b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s002/test_s002.c similarity index 100% rename from components/TARGET_PSA/TESTS/compliance_its/test_s002/test_s002.c rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s002/test_s002.c diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s002/test_s002.h b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s002/test_s002.h similarity index 100% rename from components/TARGET_PSA/TESTS/compliance_its/test_s002/test_s002.h rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s002/test_s002.h diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s003/main.c b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s003/main.c similarity index 100% rename from components/TARGET_PSA/TESTS/compliance_its/test_s003/main.c rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s003/main.c diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s003/test_entry.c b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s003/test_entry.c similarity index 100% rename from components/TARGET_PSA/TESTS/compliance_its/test_s003/test_entry.c rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s003/test_entry.c diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s003/test_its_data.h b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s003/test_its_data.h similarity index 100% rename from components/TARGET_PSA/TESTS/compliance_its/test_s003/test_its_data.h rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s003/test_its_data.h diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s003/test_ps_data.h b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s003/test_ps_data.h similarity index 100% rename from components/TARGET_PSA/TESTS/compliance_its/test_s003/test_ps_data.h rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s003/test_ps_data.h diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s003/test_s003.c b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s003/test_s003.c similarity index 100% rename from components/TARGET_PSA/TESTS/compliance_its/test_s003/test_s003.c rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s003/test_s003.c diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s003/test_s003.h b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s003/test_s003.h similarity index 100% rename from components/TARGET_PSA/TESTS/compliance_its/test_s003/test_s003.h rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s003/test_s003.h diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s004/main.c b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s004/main.c similarity index 100% rename from components/TARGET_PSA/TESTS/compliance_its/test_s004/main.c rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s004/main.c diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s004/test_entry.c b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s004/test_entry.c similarity index 100% rename from components/TARGET_PSA/TESTS/compliance_its/test_s004/test_entry.c rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s004/test_entry.c diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s004/test_its_data.h b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s004/test_its_data.h similarity index 100% rename from components/TARGET_PSA/TESTS/compliance_its/test_s004/test_its_data.h rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s004/test_its_data.h diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s004/test_ps_data.h b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s004/test_ps_data.h similarity index 100% rename from components/TARGET_PSA/TESTS/compliance_its/test_s004/test_ps_data.h rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s004/test_ps_data.h diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s004/test_s004.c b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s004/test_s004.c similarity index 100% rename from components/TARGET_PSA/TESTS/compliance_its/test_s004/test_s004.c rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s004/test_s004.c diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s004/test_s004.h b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s004/test_s004.h similarity index 100% rename from components/TARGET_PSA/TESTS/compliance_its/test_s004/test_s004.h rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s004/test_s004.h diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s005/main.c b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s005/main.c similarity index 100% rename from components/TARGET_PSA/TESTS/compliance_its/test_s005/main.c rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s005/main.c diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s005/test_entry.c b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s005/test_entry.c similarity index 100% rename from components/TARGET_PSA/TESTS/compliance_its/test_s005/test_entry.c rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s005/test_entry.c diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s005/test_its_data.h b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s005/test_its_data.h similarity index 100% rename from components/TARGET_PSA/TESTS/compliance_its/test_s005/test_its_data.h rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s005/test_its_data.h diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s005/test_ps_data.h b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s005/test_ps_data.h similarity index 100% rename from components/TARGET_PSA/TESTS/compliance_its/test_s005/test_ps_data.h rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s005/test_ps_data.h diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s005/test_s005.c b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s005/test_s005.c similarity index 100% rename from components/TARGET_PSA/TESTS/compliance_its/test_s005/test_s005.c rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s005/test_s005.c diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s005/test_s005.h b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s005/test_s005.h similarity index 100% rename from components/TARGET_PSA/TESTS/compliance_its/test_s005/test_s005.h rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s005/test_s005.h diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s006/main.c b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s006/main.c similarity index 100% rename from components/TARGET_PSA/TESTS/compliance_its/test_s006/main.c rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s006/main.c diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s006/test_entry.c b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s006/test_entry.c similarity index 100% rename from components/TARGET_PSA/TESTS/compliance_its/test_s006/test_entry.c rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s006/test_entry.c diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s006/test_its_data.h b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s006/test_its_data.h similarity index 100% rename from components/TARGET_PSA/TESTS/compliance_its/test_s006/test_its_data.h rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s006/test_its_data.h diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s006/test_ps_data.h b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s006/test_ps_data.h similarity index 100% rename from components/TARGET_PSA/TESTS/compliance_its/test_s006/test_ps_data.h rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s006/test_ps_data.h diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s006/test_s006.c b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s006/test_s006.c similarity index 100% rename from components/TARGET_PSA/TESTS/compliance_its/test_s006/test_s006.c rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s006/test_s006.c diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s006/test_s006.h b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s006/test_s006.h similarity index 100% rename from components/TARGET_PSA/TESTS/compliance_its/test_s006/test_s006.h rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s006/test_s006.h diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s007/main.c b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s007/main.c similarity index 100% rename from components/TARGET_PSA/TESTS/compliance_its/test_s007/main.c rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s007/main.c diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s007/test_entry.c b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s007/test_entry.c similarity index 100% rename from components/TARGET_PSA/TESTS/compliance_its/test_s007/test_entry.c rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s007/test_entry.c diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s007/test_its_data.h b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s007/test_its_data.h similarity index 100% rename from components/TARGET_PSA/TESTS/compliance_its/test_s007/test_its_data.h rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s007/test_its_data.h diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s007/test_ps_data.h b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s007/test_ps_data.h similarity index 100% rename from components/TARGET_PSA/TESTS/compliance_its/test_s007/test_ps_data.h rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s007/test_ps_data.h diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s007/test_s007.c b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s007/test_s007.c similarity index 100% rename from components/TARGET_PSA/TESTS/compliance_its/test_s007/test_s007.c rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s007/test_s007.c diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s007/test_s007.h b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s007/test_s007.h similarity index 100% rename from components/TARGET_PSA/TESTS/compliance_its/test_s007/test_s007.h rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s007/test_s007.h diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s008/main.c b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s008/main.c similarity index 100% rename from components/TARGET_PSA/TESTS/compliance_its/test_s008/main.c rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s008/main.c diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s008/test_entry.c b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s008/test_entry.c similarity index 100% rename from components/TARGET_PSA/TESTS/compliance_its/test_s008/test_entry.c rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s008/test_entry.c diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s008/test_its_data.h b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s008/test_its_data.h similarity index 100% rename from components/TARGET_PSA/TESTS/compliance_its/test_s008/test_its_data.h rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s008/test_its_data.h diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s008/test_ps_data.h b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s008/test_ps_data.h similarity index 100% rename from components/TARGET_PSA/TESTS/compliance_its/test_s008/test_ps_data.h rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s008/test_ps_data.h diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s008/test_s008.c b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s008/test_s008.c similarity index 100% rename from components/TARGET_PSA/TESTS/compliance_its/test_s008/test_s008.c rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s008/test_s008.c diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s008/test_s008.h b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s008/test_s008.h similarity index 100% rename from components/TARGET_PSA/TESTS/compliance_its/test_s008/test_s008.h rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s008/test_s008.h diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s009/main.c b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s009/main.c similarity index 100% rename from components/TARGET_PSA/TESTS/compliance_its/test_s009/main.c rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s009/main.c diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s009/test_entry.c b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s009/test_entry.c similarity index 100% rename from components/TARGET_PSA/TESTS/compliance_its/test_s009/test_entry.c rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s009/test_entry.c diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s009/test_its_data.h b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s009/test_its_data.h similarity index 100% rename from components/TARGET_PSA/TESTS/compliance_its/test_s009/test_its_data.h rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s009/test_its_data.h diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s009/test_ps_data.h b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s009/test_ps_data.h similarity index 100% rename from components/TARGET_PSA/TESTS/compliance_its/test_s009/test_ps_data.h rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s009/test_ps_data.h diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s009/test_s009.c b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s009/test_s009.c similarity index 100% rename from components/TARGET_PSA/TESTS/compliance_its/test_s009/test_s009.c rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s009/test_s009.c diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s009/test_s009.h b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s009/test_s009.h similarity index 100% rename from components/TARGET_PSA/TESTS/compliance_its/test_s009/test_s009.h rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s009/test_s009.h diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s010/main.c b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s010/main.c similarity index 100% rename from components/TARGET_PSA/TESTS/compliance_its/test_s010/main.c rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s010/main.c diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s010/test_entry.c b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s010/test_entry.c similarity index 100% rename from components/TARGET_PSA/TESTS/compliance_its/test_s010/test_entry.c rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s010/test_entry.c diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s010/test_its_data.h b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s010/test_its_data.h similarity index 100% rename from components/TARGET_PSA/TESTS/compliance_its/test_s010/test_its_data.h rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s010/test_its_data.h diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s010/test_ps_data.h b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s010/test_ps_data.h similarity index 100% rename from components/TARGET_PSA/TESTS/compliance_its/test_s010/test_ps_data.h rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s010/test_ps_data.h diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s010/test_s010.c b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s010/test_s010.c similarity index 100% rename from components/TARGET_PSA/TESTS/compliance_its/test_s010/test_s010.c rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s010/test_s010.c diff --git a/components/TARGET_PSA/TESTS/compliance_its/test_s010/test_s010.h b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s010/test_s010.h similarity index 100% rename from components/TARGET_PSA/TESTS/compliance_its/test_s010/test_s010.h rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/TESTS/compliance_its/test_s010/test_s010.h diff --git a/components/TARGET_PSA/inc/psa/client.h b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/inc/psa/client.h similarity index 98% rename from components/TARGET_PSA/inc/psa/client.h rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/inc/psa/client.h index 5f234cba32..9917b10236 100644 --- a/components/TARGET_PSA/inc/psa/client.h +++ b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/inc/psa/client.h @@ -15,7 +15,7 @@ * limitations under the License. */ -#if defined(TARGET_TFM) +#if defined(FEATURE_TFM) #include "interface/include/psa_client.h" #elif defined(TARGET_MBED_SPM) #include "TARGET_MBED_SPM/psa_defs.h" diff --git a/components/TARGET_PSA/inc/psa/error.h b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/inc/psa/error.h similarity index 100% rename from components/TARGET_PSA/inc/psa/error.h rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/inc/psa/error.h diff --git a/components/TARGET_PSA/inc/psa/internal_trusted_storage.h b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/inc/psa/internal_trusted_storage.h similarity index 100% rename from components/TARGET_PSA/inc/psa/internal_trusted_storage.h rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/inc/psa/internal_trusted_storage.h diff --git a/components/TARGET_PSA/inc/psa/lifecycle.h b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/inc/psa/lifecycle.h similarity index 100% rename from components/TARGET_PSA/inc/psa/lifecycle.h rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/inc/psa/lifecycle.h diff --git a/components/TARGET_PSA/inc/psa/protected_storage.h b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/inc/psa/protected_storage.h similarity index 100% rename from components/TARGET_PSA/inc/psa/protected_storage.h rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/inc/psa/protected_storage.h diff --git a/components/TARGET_PSA/inc/psa/service.h b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/inc/psa/service.h similarity index 97% rename from components/TARGET_PSA/inc/psa/service.h rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/inc/psa/service.h index b146831408..9ab931db9c 100644 --- a/components/TARGET_PSA/inc/psa/service.h +++ b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/inc/psa/service.h @@ -15,7 +15,7 @@ * limitations under the License. */ -#if defined(TARGET_TFM) +#if defined(FEATURE_TFM) #include "interface/include/psa_service.h" #include "secure_fw/core/ipc/include/tfm_utils.h" diff --git a/components/TARGET_PSA/inc/psa/storage_common.h b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/inc/psa/storage_common.h similarity index 100% rename from components/TARGET_PSA/inc/psa/storage_common.h rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/inc/psa/storage_common.h diff --git a/components/TARGET_PSA/services/COMPONENT_PSA_SRV_IMPL/mbed_lib.json b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/mbed_lib.json similarity index 100% rename from components/TARGET_PSA/services/COMPONENT_PSA_SRV_IMPL/mbed_lib.json rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/mbed_lib.json diff --git a/components/TARGET_PSA/services/attestation/LICENSE b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/LICENSE similarity index 100% rename from components/TARGET_PSA/services/attestation/LICENSE rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/LICENSE diff --git a/components/TARGET_PSA/services/attestation/LICENSE-BSD-3-Clause b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/LICENSE-BSD-3-Clause similarity index 100% rename from components/TARGET_PSA/services/attestation/LICENSE-BSD-3-Clause rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/LICENSE-BSD-3-Clause diff --git a/components/TARGET_PSA/services/attestation/attestation.h b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/attestation.h similarity index 100% rename from components/TARGET_PSA/services/attestation/attestation.h rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/attestation.h diff --git a/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_EMUL/psa_attest_inject_key.c b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/emulation/psa_attest_inject_key.c similarity index 100% rename from components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_EMUL/psa_attest_inject_key.c rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/emulation/psa_attest_inject_key.c diff --git a/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_EMUL/psa_initial_attestation_api.c b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/emulation/psa_initial_attestation_api.c similarity index 100% rename from components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_EMUL/psa_initial_attestation_api.c rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/emulation/psa_initial_attestation_api.c diff --git a/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/attest_boot_status_loader.c b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/implementation/attest_boot_status_loader.c similarity index 100% rename from components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/attest_boot_status_loader.c rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/implementation/attest_boot_status_loader.c diff --git a/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/attest_crypto.c b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/implementation/attest_crypto.c similarity index 100% rename from components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/attest_crypto.c rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/implementation/attest_crypto.c diff --git a/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/attest_crypto_keys.c b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/implementation/attest_crypto_keys.c similarity index 100% rename from components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/attest_crypto_keys.c rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/implementation/attest_crypto_keys.c diff --git a/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/attest_iat_claims_loader.c b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/implementation/attest_iat_claims_loader.c similarity index 100% rename from components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/attest_iat_claims_loader.c rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/implementation/attest_iat_claims_loader.c diff --git a/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/attestation_bootloader_data.c b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/implementation/attestation_bootloader_data.c similarity index 100% rename from components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/attestation_bootloader_data.c rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/implementation/attestation_bootloader_data.c diff --git a/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/attestation_bootloader_data.h b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/implementation/attestation_bootloader_data.h similarity index 100% rename from components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/attestation_bootloader_data.h rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/implementation/attestation_bootloader_data.h diff --git a/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/psa_attestation_stubs.c b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/implementation/psa_attestation_stubs.c similarity index 100% rename from components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/psa_attestation_stubs.c rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/implementation/psa_attestation_stubs.c diff --git a/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/psa_inject_attestation_key_impl.c b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/implementation/psa_inject_attestation_key_impl.c similarity index 100% rename from components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/psa_inject_attestation_key_impl.c rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/implementation/psa_inject_attestation_key_impl.c diff --git a/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/psa_inject_attestation_key_impl.h b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/implementation/psa_inject_attestation_key_impl.h similarity index 100% rename from components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/psa_inject_attestation_key_impl.h rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/implementation/psa_inject_attestation_key_impl.h diff --git a/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/tfm_impl/attest_eat_defines.h b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/implementation/tfm_impl/attest_eat_defines.h similarity index 100% rename from components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/tfm_impl/attest_eat_defines.h rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/implementation/tfm_impl/attest_eat_defines.h diff --git a/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/tfm_impl/attest_token.c b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/implementation/tfm_impl/attest_token.c similarity index 100% rename from components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/tfm_impl/attest_token.c rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/implementation/tfm_impl/attest_token.c diff --git a/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/tfm_impl/attest_token.h b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/implementation/tfm_impl/attest_token.h similarity index 100% rename from components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/tfm_impl/attest_token.h rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/implementation/tfm_impl/attest_token.h diff --git a/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/tfm_impl/attestation_core.c b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/implementation/tfm_impl/attestation_core.c similarity index 100% rename from components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/tfm_impl/attestation_core.c rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/implementation/tfm_impl/attestation_core.c diff --git a/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/tfm_impl/t_cose/CMakeLists.txt b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/implementation/tfm_impl/t_cose/CMakeLists.txt similarity index 100% rename from components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/tfm_impl/t_cose/CMakeLists.txt rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/implementation/tfm_impl/t_cose/CMakeLists.txt diff --git a/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/tfm_impl/t_cose/README.md b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/implementation/tfm_impl/t_cose/README.md similarity index 100% rename from components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/tfm_impl/t_cose/README.md rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/implementation/tfm_impl/t_cose/README.md diff --git a/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/tfm_impl/t_cose/inc/t_cose_common.h b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/implementation/tfm_impl/t_cose/inc/t_cose_common.h similarity index 100% rename from components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/tfm_impl/t_cose/inc/t_cose_common.h rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/implementation/tfm_impl/t_cose/inc/t_cose_common.h diff --git a/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/tfm_impl/t_cose/inc/t_cose_sign1_sign.h b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/implementation/tfm_impl/t_cose/inc/t_cose_sign1_sign.h similarity index 100% rename from components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/tfm_impl/t_cose/inc/t_cose_sign1_sign.h rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/implementation/tfm_impl/t_cose/inc/t_cose_sign1_sign.h diff --git a/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/tfm_impl/t_cose/src/t_cose_crypto.h b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/implementation/tfm_impl/t_cose/src/t_cose_crypto.h similarity index 100% rename from components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/tfm_impl/t_cose/src/t_cose_crypto.h rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/implementation/tfm_impl/t_cose/src/t_cose_crypto.h diff --git a/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/tfm_impl/t_cose/src/t_cose_defines.h b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/implementation/tfm_impl/t_cose/src/t_cose_defines.h similarity index 100% rename from components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/tfm_impl/t_cose/src/t_cose_defines.h rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/implementation/tfm_impl/t_cose/src/t_cose_defines.h diff --git a/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/tfm_impl/t_cose/src/t_cose_sign1_sign.c b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/implementation/tfm_impl/t_cose/src/t_cose_sign1_sign.c similarity index 100% rename from components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/tfm_impl/t_cose/src/t_cose_sign1_sign.c rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/implementation/tfm_impl/t_cose/src/t_cose_sign1_sign.c diff --git a/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/tfm_impl/t_cose/src/t_cose_util.c b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/implementation/tfm_impl/t_cose/src/t_cose_util.c similarity index 100% rename from components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/tfm_impl/t_cose/src/t_cose_util.c rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/implementation/tfm_impl/t_cose/src/t_cose_util.c diff --git a/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/tfm_impl/t_cose/src/t_cose_util.h b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/implementation/tfm_impl/t_cose/src/t_cose_util.h similarity index 100% rename from components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/tfm_impl/t_cose/src/t_cose_util.h rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/implementation/tfm_impl/t_cose/src/t_cose_util.h diff --git a/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/tfm_impl/tfm_attest_hal.h b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/implementation/tfm_impl/tfm_attest_hal.h similarity index 100% rename from components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/tfm_impl/tfm_attest_hal.h rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/implementation/tfm_impl/tfm_attest_hal.h diff --git a/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/tfm_impl/tfm_boot_status.h b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/implementation/tfm_impl/tfm_boot_status.h similarity index 100% rename from components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/tfm_impl/tfm_boot_status.h rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/implementation/tfm_impl/tfm_boot_status.h diff --git a/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/tfm_impl/tfm_plat_boot_seed.h b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/implementation/tfm_impl/tfm_plat_boot_seed.h similarity index 100% rename from components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/tfm_impl/tfm_plat_boot_seed.h rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/implementation/tfm_impl/tfm_plat_boot_seed.h diff --git a/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/tfm_impl/tfm_plat_crypto_keys.h b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/implementation/tfm_impl/tfm_plat_crypto_keys.h similarity index 100% rename from components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/tfm_impl/tfm_plat_crypto_keys.h rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/implementation/tfm_impl/tfm_plat_crypto_keys.h diff --git a/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/tfm_impl/tfm_plat_defs.h b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/implementation/tfm_impl/tfm_plat_defs.h similarity index 100% rename from components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/tfm_impl/tfm_plat_defs.h rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/implementation/tfm_impl/tfm_plat_defs.h diff --git a/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/tfm_impl/tfm_plat_device_id.h b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/implementation/tfm_impl/tfm_plat_device_id.h similarity index 100% rename from components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/tfm_impl/tfm_plat_device_id.h rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/implementation/tfm_impl/tfm_plat_device_id.h diff --git a/components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/tfm_memory_utils.h b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/implementation/tfm_memory_utils.h similarity index 100% rename from components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/tfm_memory_utils.h rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/implementation/tfm_memory_utils.h diff --git a/components/TARGET_PSA/services/attestation/psa_attest_inject_key.h b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/psa_attest_inject_key.h similarity index 100% rename from components/TARGET_PSA/services/attestation/psa_attest_inject_key.h rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/psa_attest_inject_key.h diff --git a/components/TARGET_PSA/services/attestation/psa_initial_attestation_api.h b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/psa_initial_attestation_api.h similarity index 100% rename from components/TARGET_PSA/services/attestation/psa_initial_attestation_api.h rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/psa_initial_attestation_api.h diff --git a/components/TARGET_PSA/services/attestation/qcbor/.mbedignore b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/qcbor/.mbedignore similarity index 100% rename from components/TARGET_PSA/services/attestation/qcbor/.mbedignore rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/qcbor/.mbedignore diff --git a/components/TARGET_PSA/services/attestation/qcbor/CMakeLists.txt b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/qcbor/CMakeLists.txt similarity index 100% rename from components/TARGET_PSA/services/attestation/qcbor/CMakeLists.txt rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/qcbor/CMakeLists.txt diff --git a/components/TARGET_PSA/services/attestation/qcbor/README.md b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/qcbor/README.md similarity index 100% rename from components/TARGET_PSA/services/attestation/qcbor/README.md rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/qcbor/README.md diff --git a/components/TARGET_PSA/services/attestation/qcbor/inc/UsefulBuf.h b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/qcbor/inc/UsefulBuf.h similarity index 100% rename from components/TARGET_PSA/services/attestation/qcbor/inc/UsefulBuf.h rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/qcbor/inc/UsefulBuf.h diff --git a/components/TARGET_PSA/services/attestation/qcbor/inc/qcbor.h b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/qcbor/inc/qcbor.h similarity index 100% rename from components/TARGET_PSA/services/attestation/qcbor/inc/qcbor.h rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/qcbor/inc/qcbor.h diff --git a/components/TARGET_PSA/services/attestation/qcbor/inc/useful_buf.h b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/qcbor/inc/useful_buf.h similarity index 100% rename from components/TARGET_PSA/services/attestation/qcbor/inc/useful_buf.h rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/qcbor/inc/useful_buf.h diff --git a/components/TARGET_PSA/services/attestation/qcbor/src/UsefulBuf.c b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/qcbor/src/UsefulBuf.c similarity index 100% rename from components/TARGET_PSA/services/attestation/qcbor/src/UsefulBuf.c rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/qcbor/src/UsefulBuf.c diff --git a/components/TARGET_PSA/services/attestation/qcbor/src/ieee754.c b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/qcbor/src/ieee754.c similarity index 100% rename from components/TARGET_PSA/services/attestation/qcbor/src/ieee754.c rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/qcbor/src/ieee754.c diff --git a/components/TARGET_PSA/services/attestation/qcbor/src/ieee754.h b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/qcbor/src/ieee754.h similarity index 100% rename from components/TARGET_PSA/services/attestation/qcbor/src/ieee754.h rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/qcbor/src/ieee754.h diff --git a/components/TARGET_PSA/services/attestation/qcbor/src/qcbor_decode.c b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/qcbor/src/qcbor_decode.c similarity index 100% rename from components/TARGET_PSA/services/attestation/qcbor/src/qcbor_decode.c rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/qcbor/src/qcbor_decode.c diff --git a/components/TARGET_PSA/services/attestation/qcbor/src/qcbor_encode.c b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/qcbor/src/qcbor_encode.c similarity index 100% rename from components/TARGET_PSA/services/attestation/qcbor/src/qcbor_encode.c rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/qcbor/src/qcbor_encode.c diff --git a/components/TARGET_PSA/services/attestation/qcbor/test/UsefulBuf_Tests.c b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/qcbor/test/UsefulBuf_Tests.c similarity index 100% rename from components/TARGET_PSA/services/attestation/qcbor/test/UsefulBuf_Tests.c rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/qcbor/test/UsefulBuf_Tests.c diff --git a/components/TARGET_PSA/services/attestation/qcbor/test/UsefulBuf_Tests.h b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/qcbor/test/UsefulBuf_Tests.h similarity index 100% rename from components/TARGET_PSA/services/attestation/qcbor/test/UsefulBuf_Tests.h rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/qcbor/test/UsefulBuf_Tests.h diff --git a/components/TARGET_PSA/services/attestation/qcbor/test/float_tests.c b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/qcbor/test/float_tests.c similarity index 100% rename from components/TARGET_PSA/services/attestation/qcbor/test/float_tests.c rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/qcbor/test/float_tests.c diff --git a/components/TARGET_PSA/services/attestation/qcbor/test/float_tests.h b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/qcbor/test/float_tests.h similarity index 100% rename from components/TARGET_PSA/services/attestation/qcbor/test/float_tests.h rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/qcbor/test/float_tests.h diff --git a/components/TARGET_PSA/services/attestation/qcbor/test/half_to_double_from_rfc7049.c b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/qcbor/test/half_to_double_from_rfc7049.c similarity index 100% rename from components/TARGET_PSA/services/attestation/qcbor/test/half_to_double_from_rfc7049.c rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/qcbor/test/half_to_double_from_rfc7049.c diff --git a/components/TARGET_PSA/services/attestation/qcbor/test/half_to_double_from_rfc7049.h b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/qcbor/test/half_to_double_from_rfc7049.h similarity index 100% rename from components/TARGET_PSA/services/attestation/qcbor/test/half_to_double_from_rfc7049.h rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/qcbor/test/half_to_double_from_rfc7049.h diff --git a/components/TARGET_PSA/services/attestation/qcbor/test/qcbor_decode_tests.c b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/qcbor/test/qcbor_decode_tests.c similarity index 100% rename from components/TARGET_PSA/services/attestation/qcbor/test/qcbor_decode_tests.c rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/qcbor/test/qcbor_decode_tests.c diff --git a/components/TARGET_PSA/services/attestation/qcbor/test/qcbor_decode_tests.h b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/qcbor/test/qcbor_decode_tests.h similarity index 100% rename from components/TARGET_PSA/services/attestation/qcbor/test/qcbor_decode_tests.h rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/qcbor/test/qcbor_decode_tests.h diff --git a/components/TARGET_PSA/services/attestation/qcbor/test/qcbor_encode_tests.c b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/qcbor/test/qcbor_encode_tests.c similarity index 100% rename from components/TARGET_PSA/services/attestation/qcbor/test/qcbor_encode_tests.c rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/qcbor/test/qcbor_encode_tests.c diff --git a/components/TARGET_PSA/services/attestation/qcbor/test/qcbor_encode_tests.h b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/qcbor/test/qcbor_encode_tests.h similarity index 100% rename from components/TARGET_PSA/services/attestation/qcbor/test/qcbor_encode_tests.h rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/qcbor/test/qcbor_encode_tests.h diff --git a/components/TARGET_PSA/services/attestation/qcbor/test/run_tests.c b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/qcbor/test/run_tests.c similarity index 100% rename from components/TARGET_PSA/services/attestation/qcbor/test/run_tests.c rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/qcbor/test/run_tests.c diff --git a/components/TARGET_PSA/services/attestation/qcbor/test/run_tests.h b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/qcbor/test/run_tests.h similarity index 100% rename from components/TARGET_PSA/services/attestation/qcbor/test/run_tests.h rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/qcbor/test/run_tests.h diff --git a/components/TARGET_PSA/services/attestation/tfm_client.h b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/tfm_client.h similarity index 100% rename from components/TARGET_PSA/services/attestation/tfm_client.h rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/attestation/tfm_client.h diff --git a/components/TARGET_PSA/services/inc/autogen_sid.h b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/inc/autogen_sid.h similarity index 100% rename from components/TARGET_PSA/services/inc/autogen_sid.h rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/inc/autogen_sid.h diff --git a/components/TARGET_PSA/services/inc/mbed_spm_partitions.h b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/inc/mbed_spm_partitions.h similarity index 100% rename from components/TARGET_PSA/services/inc/mbed_spm_partitions.h rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/inc/mbed_spm_partitions.h diff --git a/components/TARGET_PSA/services/platform/COMPONENT_PSA_SRV_EMUL/platform_emul.c b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/platform/platform_emul.c similarity index 100% rename from components/TARGET_PSA/services/platform/COMPONENT_PSA_SRV_EMUL/platform_emul.c rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/platform/platform_emul.c diff --git a/components/TARGET_PSA/services/platform/COMPONENT_PSA_SRV_IMPL/platform_srv_impl.c b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/platform/platform_srv_impl.c similarity index 100% rename from components/TARGET_PSA/services/platform/COMPONENT_PSA_SRV_IMPL/platform_srv_impl.c rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/platform/platform_srv_impl.c diff --git a/components/TARGET_PSA/services/platform/COMPONENT_PSA_SRV_IMPL/platform_srv_impl.h b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/platform/platform_srv_impl.h similarity index 100% rename from components/TARGET_PSA/services/platform/COMPONENT_PSA_SRV_IMPL/platform_srv_impl.h rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/platform/platform_srv_impl.h diff --git a/components/TARGET_PSA/services/storage/common/psa_storage_common_impl.cpp b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/storage/common/psa_storage_common_impl.cpp similarity index 100% rename from components/TARGET_PSA/services/storage/common/psa_storage_common_impl.cpp rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/storage/common/psa_storage_common_impl.cpp diff --git a/components/TARGET_PSA/services/storage/common/psa_storage_common_impl.h b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/storage/common/psa_storage_common_impl.h similarity index 100% rename from components/TARGET_PSA/services/storage/common/psa_storage_common_impl.h rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/storage/common/psa_storage_common_impl.h diff --git a/components/TARGET_PSA/services/storage/its/COMPONENT_PSA_SRV_IMPL/pits_impl.cpp b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/storage/its/pits_impl.cpp similarity index 98% rename from components/TARGET_PSA/services/storage/its/COMPONENT_PSA_SRV_IMPL/pits_impl.cpp rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/storage/its/pits_impl.cpp index 6f0835da8f..768fb58767 100644 --- a/components/TARGET_PSA/services/storage/its/COMPONENT_PSA_SRV_IMPL/pits_impl.cpp +++ b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/storage/its/pits_impl.cpp @@ -26,7 +26,7 @@ using namespace mbed; -#if defined(TARGET_TFM) +#if defined(FEATURE_TFM) KVStore *get_its_kvstore_instance(void); #else #include "KVMap.h" @@ -58,7 +58,7 @@ MBED_WEAK psa_status_t its_version_migrate(KVStore *kvstore, static void its_init(void) { -#if defined(TARGET_TFM) +#if defined(FEATURE_TFM) kvstore = get_its_kvstore_instance(); #else KVMap &kv_map = KVMap::get_instance(); @@ -127,7 +127,7 @@ psa_status_t psa_its_remove_impl(int32_t pid, psa_storage_uid_t uid) psa_status_t psa_its_reset_impl() { // Do not call its_init here to avoid version check before reset -#if defined(TARGET_TFM) +#if defined(FEATURE_TFM) kvstore = get_its_kvstore_instance(); #else KVMap &kv_map = KVMap::get_instance(); diff --git a/components/TARGET_PSA/services/storage/its/COMPONENT_PSA_SRV_IMPL/pits_impl.h b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/storage/its/pits_impl.h similarity index 100% rename from components/TARGET_PSA/services/storage/its/COMPONENT_PSA_SRV_IMPL/pits_impl.h rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/storage/its/pits_impl.h diff --git a/components/TARGET_PSA/services/storage/its/COMPONENT_PSA_SRV_EMUL/psa_prot_internal_storage.cpp b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/storage/its/psa_prot_internal_storage.cpp similarity index 100% rename from components/TARGET_PSA/services/storage/its/COMPONENT_PSA_SRV_EMUL/psa_prot_internal_storage.cpp rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/storage/its/psa_prot_internal_storage.cpp diff --git a/components/TARGET_PSA/services/storage/its/psa_prot_internal_storage.h b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/storage/its/psa_prot_internal_storage.h similarity index 100% rename from components/TARGET_PSA/services/storage/its/psa_prot_internal_storage.h rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/storage/its/psa_prot_internal_storage.h diff --git a/components/TARGET_PSA/services/storage/ps/COMPONENT_NSPE/protected_storage.cpp b/features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/storage/ps/protected_storage.cpp similarity index 100% rename from components/TARGET_PSA/services/storage/ps/COMPONENT_NSPE/protected_storage.cpp rename to features/FEATURE_PSA/TARGET_MBED_PSA_SRV/services/storage/ps/protected_storage.cpp diff --git a/features/frameworks/TARGET_PSA/val_framework.h b/features/FEATURE_PSA/TARGET_TFM/TARGET_TFM_TWINCPU/.gitkeep similarity index 100% rename from features/frameworks/TARGET_PSA/val_framework.h rename to features/FEATURE_PSA/TARGET_TFM/TARGET_TFM_TWINCPU/.gitkeep diff --git a/features/FEATURE_PSA/TARGET_TFM/TARGET_TFM_V8M/.gitkeep b/features/FEATURE_PSA/TARGET_TFM/TARGET_TFM_V8M/.gitkeep new file mode 100644 index 0000000000..e69de29bb2 diff --git a/components/TARGET_PSA/mbed_lib.json b/features/FEATURE_PSA/mbed_lib.json similarity index 100% rename from components/TARGET_PSA/mbed_lib.json rename to features/FEATURE_PSA/mbed_lib.json diff --git a/features/FEATURE_PSA/supporting_psa_in_mbed-os.md b/features/FEATURE_PSA/supporting_psa_in_mbed-os.md new file mode 100644 index 0000000000..fcf18d7712 --- /dev/null +++ b/features/FEATURE_PSA/supporting_psa_in_mbed-os.md @@ -0,0 +1,209 @@ +# Supporting PSA in Mbed OS + +This document is still a work in progress. It describes the process of adding new PSA targets to Mbed OS. It also outlines the new directory structure created to support PSA on single v7-M, dual v7-M and single v8-M. + +## TODO +* Adding dual v7-M targets +* Adding v8-M targets +* Building TF-M +* Running PSA compliance tests + +## Adding new PSA targets +To help with the creation of new PSA targets, couple of generic PSA targets have been added to `targets/targets.json`. +* `PSA_Target` (Root level PSA target) +* `PSA_V7_M_NSPE` (Single v7-M NSPE generic target) +* `PSA_V7_M_SPE` (Single v7-M SPE generic target) +* `PSA_DUAL_V7_M_NSPE` (Dual v7-M NSPE generic target) +* `PSA_DUAL_V7_M_SPE` (Dual v7-M SPE generic target) +* `PSA_V8_M_NSPE` (v8-M NSPE generic target) +* `PSA_V8_M_SPE` (v8-M SPE generic target) + +The new PSA targets **MUST** `inherit` from one of these targets depending on the architecture: + +Example: +```json + "K64F": { + "inherits": ["PSA_V7_M_NSPE", "Target"], + } +``` + +In addition, the new PSA target **MUST** `inherit` from `Target` which defines default target config options. The only exception is, if the new PSA target is inheriting from another generic target which inherits from `Target`. + +Example: +```json + "FAMILY_STM32": { + "inherits": ["Target"], + "public": false, + } + "NUCLEO_F429ZI": { + "inherits": ["PSA_V7_M_NSPE", "FAMILY_STM32"], + } +``` + +### Adding single v7-M targets +The PSA on single v7-M is supported with the help of Mbed OS PSA services. The following is taken from `targets/targets.json` and shows a PSA enabled target, `K64F`. + +```json + "K64F": { + "inherits": ["PSA_V7_M_NSPE"], + "supported_form_factors": ["ARDUINO"], + "components_add": ["SD", "FLASHIAP"], + "core": "Cortex-M4F", + "supported_toolchains": ["ARM", "GCC_ARM", "IAR"], + "extra_labels_add": [ + "Freescale", + "MCUXpresso_MCUS", + "KSDK2_MCUS", + "FRDM", + "KPSDK_MCUS", + "KPSDK_CODE", + "MCU_K64F", + "Freescale_EMAC" + ], + "is_disk_virtual": true, + "macros": ["CPU_MK64FN1M0VMD12", "FSL_RTOS_MBED", "MBED_SPLIT_HEAP"], + "detect_code": ["0240"], + "device_has_add": [ + "USTICKER", + "LPTICKER", + "RTC", + "CRC", + "ANALOGIN", + "ANALOGOUT", + "EMAC", + "I2C", + "I2CSLAVE", + "INTERRUPTIN", + "PORTIN", + "PORTINOUT", + "PORTOUT", + "PWMOUT", + "RESET_REASON", + "SERIAL", + "SERIAL_FC", + "SERIAL_ASYNCH", + "SLEEP", + "SPI", + "SPI_ASYNCH", + "SPISLAVE", + "STDIO_MESSAGES", + "TRNG", + "FLASH", + "USBDEVICE", + "WATCHDOG" + ], + "release_versions": ["2", "5"], + "device_name": "MK64FN1M0xxx12", + "bootloader_supported": true, + "overrides": { + "network-default-interface-type": "ETHERNET" + } + } +``` + +Please pay attention to config options `extra_labels_add` and `device_has_add`. If needed then a PSA target definition **MUST** use [extra_labels/device_has]`_add` or [extra_labels/device_has]`_remove` (not `extra_labels` or `device_has`) to add/remove either extra_labels or target capabilities. Also, use `[feature_]`add/remove to add/remove a feature. +Check [extra_labels](https://os.mbed.com/docs/mbed-os/v5.14/reference/adding-and-configuring-targets.html), [device_has](https://os.mbed.com/docs/mbed-os/v5.14/reference/adding-and-configuring-targets.html) and [features](https://os.mbed.com/docs/mbed-os/v5.14/reference/adding-and-configuring-targets.html) for more information. + +### Adding dual v7-M targets + +### Adding v8-M targets + +## Enabling PSA at application level +Having an entropy source is crucial for Mbed TLS and Mbed Crypto. The [document](https://os.mbed.com/docs/mbed-os/v5.14/porting/entropy-sources.html) talks about entropy and how to add an entropy source. Sometimes a target might not have a True Random Number Generator (TRNG), in that case the target will be configured as a non-PSA target in `targets/targets.json`. In that scenario, if an application wants to use that target as a PAS target then it is the responsibility of application to provide an entropy source and mark that target as PSA target at application level. The config option [target_overrides](https://os.mbed.com/docs/mbed-os/v5.14/reference/configuration.html) can be used to enable PSA for a target. + +example mbed_app.json: +```json +"target_overrides": { + "K64F": { + "inherits": ["PSA_V7_M_NSPE"] + } +} +``` + + +## New directory structure + +```console +features/FEATURE_PSA/ +├── TARGET_TFM +│   ├── TARGET_TFM_V8M +│   └── TARGET_TFM_TWINCPU +└── TARGET_MBED_PSA_SRV + ├── services + │   ├── storage + │   │   ├── ps + │   │   ├── its + │   │   └── common + │   ├── platform + │   └── attestation + │   ├── qcbor + │   │   ├── test + │   │   ├── src + │   │   └── inc + │   ├── implementation + │   │   └── tfm_impl + │   │   └── t_cose + │   │   ├── src + │   │   └── inc + │   └── emulation + ├── inc + │   └── psa + └── TESTS + ├── compliance_its + │   ├── test_s010 + │   ├── test_s009 + │   ├── test_s008 + │   ├── test_s007 + │   ├── test_s006 + │   ├── test_s005 + │   ├── test_s004 + │   ├── test_s003 + │   ├── test_s002 + │   └── test_s001 + ├── compliance_crypto + │   ├── test_c043 + │   ├── test_c042 + │   ├── test_c041 + │   ├── test_c040 + │   ├── test_c039 + │   ├── test_c038 + │   ├── test_c037 + │   ├── test_c036 + │   ├── test_c035 + │   ├── test_c034 + │   ├── test_c033 + │   ├── test_c032 + │   ├── test_c031 + │   ├── test_c030 + │   ├── test_c029 + │   ├── test_c028 + │   ├── test_c027 + │   ├── test_c026 + │   ├── test_c025 + │   ├── test_c024 + │   ├── test_c023 + │   ├── test_c022 + │   ├── test_c021 + │   ├── test_c020 + │   ├── test_c019 + │   ├── test_c018 + │   ├── test_c017 + │   ├── test_c016 + │   ├── test_c015 + │   ├── test_c014 + │   ├── test_c013 + │   ├── test_c012 + │   ├── test_c011 + │   ├── test_c010 + │   ├── test_c009 + │   ├── test_c008 + │   ├── test_c007 + │   ├── test_c006 + │   ├── test_c005 + │   ├── test_c004 + │   ├── test_c003 + │   ├── test_c002 + │   └── test_c001 + └── compliance_attestation + └── test_a001 +``` \ No newline at end of file diff --git a/features/frameworks/TARGET_PSA/mbed_lib.json b/features/frameworks/TARGET_MBED_PSA_SRV/mbed_lib.json similarity index 100% rename from features/frameworks/TARGET_PSA/mbed_lib.json rename to features/frameworks/TARGET_MBED_PSA_SRV/mbed_lib.json diff --git a/features/frameworks/TARGET_PSA/pal/pal_attestation_intf.c b/features/frameworks/TARGET_MBED_PSA_SRV/pal/pal_attestation_intf.c similarity index 100% rename from features/frameworks/TARGET_PSA/pal/pal_attestation_intf.c rename to features/frameworks/TARGET_MBED_PSA_SRV/pal/pal_attestation_intf.c diff --git a/features/frameworks/TARGET_PSA/pal/pal_attestation_intf.h b/features/frameworks/TARGET_MBED_PSA_SRV/pal/pal_attestation_intf.h similarity index 100% rename from features/frameworks/TARGET_PSA/pal/pal_attestation_intf.h rename to features/frameworks/TARGET_MBED_PSA_SRV/pal/pal_attestation_intf.h diff --git a/features/frameworks/TARGET_PSA/pal/pal_client_api_empty_intf.c b/features/frameworks/TARGET_MBED_PSA_SRV/pal/pal_client_api_empty_intf.c similarity index 100% rename from features/frameworks/TARGET_PSA/pal/pal_client_api_empty_intf.c rename to features/frameworks/TARGET_MBED_PSA_SRV/pal/pal_client_api_empty_intf.c diff --git a/features/frameworks/TARGET_PSA/pal/pal_client_api_intf.c b/features/frameworks/TARGET_MBED_PSA_SRV/pal/pal_client_api_intf.c similarity index 100% rename from features/frameworks/TARGET_PSA/pal/pal_client_api_intf.c rename to features/frameworks/TARGET_MBED_PSA_SRV/pal/pal_client_api_intf.c diff --git a/features/frameworks/TARGET_PSA/pal/pal_client_api_intf.h b/features/frameworks/TARGET_MBED_PSA_SRV/pal/pal_client_api_intf.h similarity index 82% rename from features/frameworks/TARGET_PSA/pal/pal_client_api_intf.h rename to features/frameworks/TARGET_MBED_PSA_SRV/pal/pal_client_api_intf.h index 862f2a118c..288a4ae018 100644 --- a/features/frameworks/TARGET_PSA/pal/pal_client_api_intf.h +++ b/features/frameworks/TARGET_MBED_PSA_SRV/pal/pal_client_api_intf.h @@ -18,17 +18,6 @@ #ifndef _PAL_CLIENT_API_H_ #define _PAL_CLIENT_API_H_ -#if PSA_IPC_IMPLEMENTED -/* psa/client.h: Contains the Client API elements. Accessible to all applications */ -#include "psa/client.h" - -/* psa_manifest/sid.h: Macro definitions derived from manifest files that map from RoT Service - * names to Service IDs (SIDs). - * Partition manifest parse build tool must provide the implementation of this file. -*/ -#include "psa_manifest/sid.h" - -#else #include "pal_common.h" #define PSA_VERSION_NONE (0) @@ -59,7 +48,6 @@ psa_status_t psa_call(psa_handle_t handle, psa_outvec *out_vec, size_t out_len); void psa_close(psa_handle_t handle); -#endif /* PSA_IPC_IMPLEMENTED */ uint32_t pal_ipc_framework_version(void); uint32_t pal_ipc_version(uint32_t sid); diff --git a/features/frameworks/TARGET_PSA/pal/pal_common.h b/features/frameworks/TARGET_MBED_PSA_SRV/pal/pal_common.h similarity index 100% rename from features/frameworks/TARGET_PSA/pal/pal_common.h rename to features/frameworks/TARGET_MBED_PSA_SRV/pal/pal_common.h diff --git a/features/frameworks/TARGET_PSA/pal/pal_internal_trusted_storage_intf.c b/features/frameworks/TARGET_MBED_PSA_SRV/pal/pal_internal_trusted_storage_intf.c similarity index 100% rename from features/frameworks/TARGET_PSA/pal/pal_internal_trusted_storage_intf.c rename to features/frameworks/TARGET_MBED_PSA_SRV/pal/pal_internal_trusted_storage_intf.c diff --git a/features/frameworks/TARGET_PSA/pal/pal_internal_trusted_storage_intf.h b/features/frameworks/TARGET_MBED_PSA_SRV/pal/pal_internal_trusted_storage_intf.h similarity index 100% rename from features/frameworks/TARGET_PSA/pal/pal_internal_trusted_storage_intf.h rename to features/frameworks/TARGET_MBED_PSA_SRV/pal/pal_internal_trusted_storage_intf.h diff --git a/features/frameworks/TARGET_PSA/pal/pal_mbed_os_intf.cpp b/features/frameworks/TARGET_MBED_PSA_SRV/pal/pal_mbed_os_intf.cpp similarity index 99% rename from features/frameworks/TARGET_PSA/pal/pal_mbed_os_intf.cpp rename to features/frameworks/TARGET_MBED_PSA_SRV/pal/pal_mbed_os_intf.cpp index ab1803ddc1..2e3db5e6c2 100644 --- a/features/frameworks/TARGET_PSA/pal/pal_mbed_os_intf.cpp +++ b/features/frameworks/TARGET_MBED_PSA_SRV/pal/pal_mbed_os_intf.cpp @@ -1,4 +1,3 @@ -#include "mbed.h" #include "rtos.h" #include "mbed_assert.h" #include "val_interfaces.h" diff --git a/features/frameworks/TARGET_PSA/pal/pal_mbed_os_intf.h b/features/frameworks/TARGET_MBED_PSA_SRV/pal/pal_mbed_os_intf.h similarity index 100% rename from features/frameworks/TARGET_PSA/pal/pal_mbed_os_intf.h rename to features/frameworks/TARGET_MBED_PSA_SRV/pal/pal_mbed_os_intf.h diff --git a/features/frameworks/TARGET_PSA/pal/pal_protected_storage_intf.c b/features/frameworks/TARGET_MBED_PSA_SRV/pal/pal_protected_storage_intf.c similarity index 100% rename from features/frameworks/TARGET_PSA/pal/pal_protected_storage_intf.c rename to features/frameworks/TARGET_MBED_PSA_SRV/pal/pal_protected_storage_intf.c diff --git a/features/frameworks/TARGET_PSA/pal/pal_protected_storage_intf.h b/features/frameworks/TARGET_MBED_PSA_SRV/pal/pal_protected_storage_intf.h similarity index 100% rename from features/frameworks/TARGET_PSA/pal/pal_protected_storage_intf.h rename to features/frameworks/TARGET_MBED_PSA_SRV/pal/pal_protected_storage_intf.h diff --git a/features/frameworks/TARGET_PSA/pal_attestation_eat.c b/features/frameworks/TARGET_MBED_PSA_SRV/pal_attestation_eat.c similarity index 100% rename from features/frameworks/TARGET_PSA/pal_attestation_eat.c rename to features/frameworks/TARGET_MBED_PSA_SRV/pal_attestation_eat.c diff --git a/features/frameworks/TARGET_PSA/pal_attestation_eat.h b/features/frameworks/TARGET_MBED_PSA_SRV/pal_attestation_eat.h similarity index 100% rename from features/frameworks/TARGET_PSA/pal_attestation_eat.h rename to features/frameworks/TARGET_MBED_PSA_SRV/pal_attestation_eat.h diff --git a/features/frameworks/TARGET_PSA/pal_interfaces_ns.h b/features/frameworks/TARGET_MBED_PSA_SRV/pal_interfaces_ns.h similarity index 100% rename from features/frameworks/TARGET_PSA/pal_interfaces_ns.h rename to features/frameworks/TARGET_MBED_PSA_SRV/pal_interfaces_ns.h diff --git a/features/frameworks/TARGET_PSA/val.h b/features/frameworks/TARGET_MBED_PSA_SRV/val.h similarity index 100% rename from features/frameworks/TARGET_PSA/val.h rename to features/frameworks/TARGET_MBED_PSA_SRV/val.h diff --git a/features/frameworks/TARGET_PSA/val_attestation.c b/features/frameworks/TARGET_MBED_PSA_SRV/val_attestation.c similarity index 100% rename from features/frameworks/TARGET_PSA/val_attestation.c rename to features/frameworks/TARGET_MBED_PSA_SRV/val_attestation.c diff --git a/features/frameworks/TARGET_PSA/val_attestation.h b/features/frameworks/TARGET_MBED_PSA_SRV/val_attestation.h similarity index 100% rename from features/frameworks/TARGET_PSA/val_attestation.h rename to features/frameworks/TARGET_MBED_PSA_SRV/val_attestation.h diff --git a/features/frameworks/TARGET_PSA/val_client_defs.h b/features/frameworks/TARGET_MBED_PSA_SRV/val_client_defs.h similarity index 100% rename from features/frameworks/TARGET_PSA/val_client_defs.h rename to features/frameworks/TARGET_MBED_PSA_SRV/val_client_defs.h diff --git a/features/frameworks/TARGET_PSA/val_entry.h b/features/frameworks/TARGET_MBED_PSA_SRV/val_entry.h similarity index 100% rename from features/frameworks/TARGET_PSA/val_entry.h rename to features/frameworks/TARGET_MBED_PSA_SRV/val_entry.h diff --git a/features/frameworks/TARGET_MBED_PSA_SRV/val_framework.h b/features/frameworks/TARGET_MBED_PSA_SRV/val_framework.h new file mode 100644 index 0000000000..e69de29bb2 diff --git a/features/frameworks/TARGET_PSA/val_greentea.cpp b/features/frameworks/TARGET_MBED_PSA_SRV/val_greentea.cpp similarity index 100% rename from features/frameworks/TARGET_PSA/val_greentea.cpp rename to features/frameworks/TARGET_MBED_PSA_SRV/val_greentea.cpp diff --git a/features/frameworks/TARGET_PSA/val_greentea.h b/features/frameworks/TARGET_MBED_PSA_SRV/val_greentea.h similarity index 100% rename from features/frameworks/TARGET_PSA/val_greentea.h rename to features/frameworks/TARGET_MBED_PSA_SRV/val_greentea.h diff --git a/features/frameworks/TARGET_PSA/val_interfaces.c b/features/frameworks/TARGET_MBED_PSA_SRV/val_interfaces.c similarity index 100% rename from features/frameworks/TARGET_PSA/val_interfaces.c rename to features/frameworks/TARGET_MBED_PSA_SRV/val_interfaces.c diff --git a/features/frameworks/TARGET_PSA/val_interfaces.h b/features/frameworks/TARGET_MBED_PSA_SRV/val_interfaces.h similarity index 100% rename from features/frameworks/TARGET_PSA/val_interfaces.h rename to features/frameworks/TARGET_MBED_PSA_SRV/val_interfaces.h diff --git a/features/frameworks/TARGET_PSA/val_internal_trusted_storage.c b/features/frameworks/TARGET_MBED_PSA_SRV/val_internal_trusted_storage.c similarity index 100% rename from features/frameworks/TARGET_PSA/val_internal_trusted_storage.c rename to features/frameworks/TARGET_MBED_PSA_SRV/val_internal_trusted_storage.c diff --git a/features/frameworks/TARGET_PSA/val_internal_trusted_storage.h b/features/frameworks/TARGET_MBED_PSA_SRV/val_internal_trusted_storage.h similarity index 100% rename from features/frameworks/TARGET_PSA/val_internal_trusted_storage.h rename to features/frameworks/TARGET_MBED_PSA_SRV/val_internal_trusted_storage.h diff --git a/features/frameworks/TARGET_PSA/val_protected_storage.c b/features/frameworks/TARGET_MBED_PSA_SRV/val_protected_storage.c similarity index 100% rename from features/frameworks/TARGET_PSA/val_protected_storage.c rename to features/frameworks/TARGET_MBED_PSA_SRV/val_protected_storage.c diff --git a/features/frameworks/TARGET_PSA/val_protected_storage.h b/features/frameworks/TARGET_MBED_PSA_SRV/val_protected_storage.h similarity index 100% rename from features/frameworks/TARGET_PSA/val_protected_storage.h rename to features/frameworks/TARGET_MBED_PSA_SRV/val_protected_storage.h diff --git a/features/frameworks/TARGET_PSA/val_target.h b/features/frameworks/TARGET_MBED_PSA_SRV/val_target.h similarity index 100% rename from features/frameworks/TARGET_PSA/val_target.h rename to features/frameworks/TARGET_MBED_PSA_SRV/val_target.h diff --git a/features/mbedtls/mbed-crypto/platform/COMPONENT_PSA_SRV_IMPL/psa_crypto_se.c b/features/mbedtls/mbed-crypto/platform/COMPONENT_PSA_SRV_IMPL/psa_crypto_se.c deleted file mode 100644 index b7fa0c5c5e..0000000000 --- a/features/mbedtls/mbed-crypto/platform/COMPONENT_PSA_SRV_IMPL/psa_crypto_se.c +++ /dev/null @@ -1,388 +0,0 @@ -/* - * PSA crypto support for secure element drivers - */ -/* Copyright (C) 2019, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This file is part of Mbed TLS (https://tls.mbed.org) - */ - -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif - -#if defined(MBEDTLS_PSA_CRYPTO_SE_C) - -#include -#include -#include - -#include "psa/crypto_se_driver.h" - -#include "psa_crypto_se.h" - -#if defined(MBEDTLS_PSA_ITS_FILE_C) -#include "psa_crypto_its.h" -#else /* Native ITS implementation */ -#include "psa/error.h" -#include "psa/internal_trusted_storage.h" -#endif - -#include "mbedtls/platform.h" -#if !defined(MBEDTLS_PLATFORM_C) -#define mbedtls_calloc calloc -#define mbedtls_free free -#endif - - - -/****************************************************************/ -/* Driver lookup */ -/****************************************************************/ - -/* This structure is identical to psa_drv_se_context_t declared in - * `crypto_se_driver.h`, except that some parts are writable here - * (non-const, or pointer to non-const). */ -typedef struct -{ - void *persistent_data; - size_t persistent_data_size; - uintptr_t transient_data; -} psa_drv_se_internal_context_t; - -typedef struct psa_se_drv_table_entry_s -{ - psa_key_lifetime_t lifetime; - const psa_drv_se_t *methods; - union - { - psa_drv_se_internal_context_t internal; - psa_drv_se_context_t context; - }; -} psa_se_drv_table_entry_t; - -static psa_se_drv_table_entry_t driver_table[PSA_MAX_SE_DRIVERS]; - -psa_se_drv_table_entry_t *psa_get_se_driver_entry( - psa_key_lifetime_t lifetime ) -{ - size_t i; - /* In the driver table, lifetime=0 means an entry that isn't used. - * No driver has a lifetime of 0 because it's a reserved value - * (which designates volatile keys). Make sure we never return - * a driver entry for lifetime 0. */ - if( lifetime == 0 ) - return( NULL ); - for( i = 0; i < PSA_MAX_SE_DRIVERS; i++ ) - { - if( driver_table[i].lifetime == lifetime ) - return( &driver_table[i] ); - } - return( NULL ); -} - -const psa_drv_se_t *psa_get_se_driver_methods( - const psa_se_drv_table_entry_t *driver ) -{ - return( driver->methods ); -} - -psa_drv_se_context_t *psa_get_se_driver_context( - psa_se_drv_table_entry_t *driver ) -{ - return( &driver->context ); -} - -int psa_get_se_driver( psa_key_lifetime_t lifetime, - const psa_drv_se_t **p_methods, - psa_drv_se_context_t **p_drv_context) -{ - psa_se_drv_table_entry_t *driver = psa_get_se_driver_entry( lifetime ); - if( p_methods != NULL ) - *p_methods = ( driver ? driver->methods : NULL ); - if( p_drv_context != NULL ) - *p_drv_context = ( driver ? &driver->context : NULL ); - return( driver != NULL ); -} - - - -/****************************************************************/ -/* Persistent data management */ -/****************************************************************/ - -static psa_status_t psa_get_se_driver_its_file_uid( - const psa_se_drv_table_entry_t *driver, - psa_storage_uid_t *uid ) -{ - if( driver->lifetime > PSA_MAX_SE_LIFETIME ) - return( PSA_ERROR_NOT_SUPPORTED ); - -#if SIZE_MAX > UINT32_MAX - /* ITS file sizes are limited to 32 bits. */ - if( driver->internal.persistent_data_size > UINT32_MAX ) - return( PSA_ERROR_NOT_SUPPORTED ); -#endif - - /* See the documentation of PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE. */ - *uid = PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE + driver->lifetime; - return( PSA_SUCCESS ); -} - -psa_status_t psa_load_se_persistent_data( - const psa_se_drv_table_entry_t *driver ) -{ - psa_status_t status; - psa_storage_uid_t uid; - size_t length; - - status = psa_get_se_driver_its_file_uid( driver, &uid ); - if( status != PSA_SUCCESS ) - return( status ); - - /* Read the amount of persistent data that the driver requests. - * If the data in storage is larger, it is truncated. If the data - * in storage is smaller, silently keep what is already at the end - * of the output buffer. */ - /* psa_get_se_driver_its_file_uid ensures that the size_t - * persistent_data_size is in range, but compilers don't know that, - * so cast to reassure them. */ - return( psa_its_get( uid, 0, - (uint32_t) driver->internal.persistent_data_size, - driver->internal.persistent_data, - &length ) ); -} - -psa_status_t psa_save_se_persistent_data( - const psa_se_drv_table_entry_t *driver ) -{ - psa_status_t status; - psa_storage_uid_t uid; - - status = psa_get_se_driver_its_file_uid( driver, &uid ); - if( status != PSA_SUCCESS ) - return( status ); - - /* psa_get_se_driver_its_file_uid ensures that the size_t - * persistent_data_size is in range, but compilers don't know that, - * so cast to reassure them. */ - return( psa_its_set( uid, - (uint32_t) driver->internal.persistent_data_size, - driver->internal.persistent_data, - 0 ) ); -} - -psa_status_t psa_destroy_se_persistent_data( psa_key_lifetime_t lifetime ) -{ - psa_storage_uid_t uid; - if( lifetime > PSA_MAX_SE_LIFETIME ) - return( PSA_ERROR_NOT_SUPPORTED ); - uid = PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE + lifetime; - return( psa_its_remove( uid ) ); -} - -psa_status_t psa_find_se_slot_for_key( - const psa_key_attributes_t *attributes, - psa_key_creation_method_t method, - psa_se_drv_table_entry_t *driver, - psa_key_slot_number_t *slot_number ) -{ - psa_status_t status; - - /* If the lifetime is wrong, it's a bug in the library. */ - if( driver->lifetime != psa_get_key_lifetime( attributes ) ) - return( PSA_ERROR_CORRUPTION_DETECTED ); - - /* If the driver doesn't support key creation in any way, give up now. */ - if( driver->methods->key_management == NULL ) - return( PSA_ERROR_NOT_SUPPORTED ); - - if( psa_get_key_slot_number( attributes, slot_number ) == PSA_SUCCESS ) - { - /* The application wants to use a specific slot. Allow it if - * the driver supports it. On a system with isolation, - * the crypto service must check that the application is - * permitted to request this slot. */ - psa_drv_se_validate_slot_number_t p_validate_slot_number = - driver->methods->key_management->p_validate_slot_number; - if( p_validate_slot_number == NULL ) - return( PSA_ERROR_NOT_SUPPORTED ); - status = p_validate_slot_number( &driver->context, - driver->internal.persistent_data, - attributes, method, - *slot_number ); - } - else if( method == PSA_KEY_CREATION_REGISTER ) - { - /* The application didn't specify a slot number. This doesn't - * make sense when registering a slot. */ - return( PSA_ERROR_INVALID_ARGUMENT ); - } - else - { - /* The application didn't tell us which slot to use. Let the driver - * choose. This is the normal case. */ - psa_drv_se_allocate_key_t p_allocate = - driver->methods->key_management->p_allocate; - if( p_allocate == NULL ) - return( PSA_ERROR_NOT_SUPPORTED ); - status = p_allocate( &driver->context, - driver->internal.persistent_data, - attributes, method, - slot_number ); - } - return( status ); -} - -psa_status_t psa_destroy_se_key( psa_se_drv_table_entry_t *driver, - psa_key_slot_number_t slot_number ) -{ - psa_status_t status; - psa_status_t storage_status; - /* Normally a missing method would mean that the action is not - * supported. But psa_destroy_key() is not supposed to return - * PSA_ERROR_NOT_SUPPORTED: if you can create a key, you should - * be able to destroy it. The only use case for a driver that - * does not have a way to destroy keys at all is if the keys are - * locked in a read-only state: we can use the keys but not - * destroy them. Hence, if the driver doesn't support destroying - * keys, it's really a lack of permission. */ - if( driver->methods->key_management == NULL || - driver->methods->key_management->p_destroy == NULL ) - return( PSA_ERROR_NOT_PERMITTED ); - status = driver->methods->key_management->p_destroy( - &driver->context, - driver->internal.persistent_data, - slot_number ); - storage_status = psa_save_se_persistent_data( driver ); - return( status == PSA_SUCCESS ? storage_status : status ); -} - -psa_status_t psa_init_all_se_drivers( void ) -{ - size_t i; - for( i = 0; i < PSA_MAX_SE_DRIVERS; i++ ) - { - psa_se_drv_table_entry_t *driver = &driver_table[i]; - if( driver->lifetime == 0 ) - continue; /* skipping unused entry */ - const psa_drv_se_t *methods = psa_get_se_driver_methods( driver ); - if( methods->p_init != NULL ) - { - psa_status_t status = methods->p_init( - &driver->context, - driver->internal.persistent_data, - driver->lifetime ); - if( status != PSA_SUCCESS ) - return( status ); - status = psa_save_se_persistent_data( driver ); - if( status != PSA_SUCCESS ) - return( status ); - } - } - return( PSA_SUCCESS ); -} - - - -/****************************************************************/ -/* Driver registration */ -/****************************************************************/ - -psa_status_t psa_register_se_driver( - psa_key_lifetime_t lifetime, - const psa_drv_se_t *methods) -{ - size_t i; - psa_status_t status; - - if( methods->hal_version != PSA_DRV_SE_HAL_VERSION ) - return( PSA_ERROR_NOT_SUPPORTED ); - /* Driver table entries are 0-initialized. 0 is not a valid driver - * lifetime because it means a volatile key. */ -#if defined(static_assert) - static_assert( PSA_KEY_LIFETIME_VOLATILE == 0, - "Secure element support requires 0 to mean a volatile key" ); -#endif - if( lifetime == PSA_KEY_LIFETIME_VOLATILE || - lifetime == PSA_KEY_LIFETIME_PERSISTENT ) - { - return( PSA_ERROR_INVALID_ARGUMENT ); - } - if( lifetime > PSA_MAX_SE_LIFETIME ) - return( PSA_ERROR_NOT_SUPPORTED ); - - for( i = 0; i < PSA_MAX_SE_DRIVERS; i++ ) - { - if( driver_table[i].lifetime == 0 ) - break; - /* Check that lifetime isn't already in use up to the first free - * entry. Since entries are created in order and never deleted, - * there can't be a used entry after the first free entry. */ - if( driver_table[i].lifetime == lifetime ) - return( PSA_ERROR_ALREADY_EXISTS ); - } - if( i == PSA_MAX_SE_DRIVERS ) - return( PSA_ERROR_INSUFFICIENT_MEMORY ); - - driver_table[i].lifetime = lifetime; - driver_table[i].methods = methods; - driver_table[i].internal.persistent_data_size = - methods->persistent_data_size; - - if( methods->persistent_data_size != 0 ) - { - driver_table[i].internal.persistent_data = - mbedtls_calloc( 1, methods->persistent_data_size ); - if( driver_table[i].internal.persistent_data == NULL ) - { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto error; - } - /* Load the driver's persistent data. On first use, the persistent - * data does not exist in storage, and is initialized to - * all-bits-zero by the calloc call just above. */ - status = psa_load_se_persistent_data( &driver_table[i] ); - if( status != PSA_SUCCESS && status != PSA_ERROR_DOES_NOT_EXIST ) - goto error; - } - - return( PSA_SUCCESS ); - -error: - memset( &driver_table[i], 0, sizeof( driver_table[i] ) ); - return( status ); -} - -void psa_unregister_all_se_drivers( void ) -{ - size_t i; - for( i = 0; i < PSA_MAX_SE_DRIVERS; i++ ) - { - if( driver_table[i].internal.persistent_data != NULL ) - mbedtls_free( driver_table[i].internal.persistent_data ); - } - memset( driver_table, 0, sizeof( driver_table ) ); -} - - - -/****************************************************************/ -/* The end */ -/****************************************************************/ - -#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ diff --git a/features/mbedtls/mbed-crypto/platform/COMPONENT_SPE/crypto_struct_spe.h b/features/mbedtls/mbed-crypto/platform/COMPONENT_SPE/crypto_struct_spe.h deleted file mode 100644 index fa0466e6ca..0000000000 --- a/features/mbedtls/mbed-crypto/platform/COMPONENT_SPE/crypto_struct_spe.h +++ /dev/null @@ -1,519 +0,0 @@ -/** - * \file psa/crypto_struct.h - * - * \brief PSA cryptography module: Mbed TLS structured type implementations - * - * \note This file may not be included directly. Applications must - * include psa/crypto.h. - * - * This file contains the definitions of some data structures with - * implementation-specific definitions. - * - * In implementations with isolation between the application and the - * cryptography module, it is expected that the front-end and the back-end - * would have different versions of this file. - * - *

Design notes about multipart operation structures

- * - * Each multipart operation structure contains a `psa_algorithm_t alg` - * field which indicates which specific algorithm the structure is for. - * When the structure is not in use, `alg` is 0. Most of the structure - * consists of a union which is discriminated by `alg`. - * - * Note that when `alg` is 0, the content of other fields is undefined. - * In particular, it is not guaranteed that a freshly-initialized structure - * is all-zero: we initialize structures to something like `{0, 0}`, which - * is only guaranteed to initializes the first member of the union; - * GCC and Clang initialize the whole structure to 0 (at the time of writing), - * but MSVC and CompCert don't. - * - * In Mbed Crypto, multipart operation structures live independently from - * the key. This allows Mbed Crypto to free the key objects when destroying - * a key slot. If a multipart operation needs to remember the key after - * the setup function returns, the operation structure needs to contain a - * copy of the key. - */ -/* - * Copyright (C) 2018, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This file is part of mbed TLS (https://tls.mbed.org) - */ - -#ifndef PSA_CRYPTO_STRUCT_H -#define PSA_CRYPTO_STRUCT_H - -#ifdef __cplusplus -extern "C" { -#endif - -/* Include the Mbed TLS configuration file, the way Mbed TLS does it - * in each of its header files. */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif - -#include "mbedtls/cipher.h" -#include "mbedtls/cmac.h" -#include "mbedtls/gcm.h" -#include "mbedtls/md.h" -#include "mbedtls/md2.h" -#include "mbedtls/md4.h" -#include "mbedtls/md5.h" -#include "mbedtls/ripemd160.h" -#include "mbedtls/sha1.h" -#include "mbedtls/sha256.h" -#include "mbedtls/sha512.h" - -struct psa_hash_operation_s -{ - psa_algorithm_t alg; - union - { - unsigned dummy; /* Make the union non-empty even with no supported algorithms. */ -#if defined(MBEDTLS_MD2_C) - mbedtls_md2_context md2; -#endif -#if defined(MBEDTLS_MD4_C) - mbedtls_md4_context md4; -#endif -#if defined(MBEDTLS_MD5_C) - mbedtls_md5_context md5; -#endif -#if defined(MBEDTLS_RIPEMD160_C) - mbedtls_ripemd160_context ripemd160; -#endif -#if defined(MBEDTLS_SHA1_C) - mbedtls_sha1_context sha1; -#endif -#if defined(MBEDTLS_SHA256_C) - mbedtls_sha256_context sha256; -#endif -#if defined(MBEDTLS_SHA512_C) - mbedtls_sha512_context sha512; -#endif - } ctx; -}; - -#define PSA_HASH_OPERATION_INIT {0, {0}} -static inline struct psa_hash_operation_s psa_hash_operation_init( void ) -{ - const struct psa_hash_operation_s v = PSA_HASH_OPERATION_INIT; - return( v ); -} - -#if defined(MBEDTLS_MD_C) -typedef struct -{ - /** The hash context. */ - struct psa_hash_operation_s hash_ctx; - /** The HMAC part of the context. */ - uint8_t opad[PSA_HMAC_MAX_HASH_BLOCK_SIZE]; -} psa_hmac_internal_data; -#endif /* MBEDTLS_MD_C */ - -struct psa_mac_operation_s -{ - psa_algorithm_t alg; - unsigned int key_set : 1; - unsigned int iv_required : 1; - unsigned int iv_set : 1; - unsigned int has_input : 1; - unsigned int is_sign : 1; - uint8_t mac_size; - union - { - unsigned dummy; /* Make the union non-empty even with no supported algorithms. */ -#if defined(MBEDTLS_MD_C) - psa_hmac_internal_data hmac; -#endif -#if defined(MBEDTLS_CMAC_C) - mbedtls_cipher_context_t cmac; -#endif - } ctx; -}; - -#define PSA_MAC_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, {0}} -static inline struct psa_mac_operation_s psa_mac_operation_init( void ) -{ - const struct psa_mac_operation_s v = PSA_MAC_OPERATION_INIT; - return( v ); -} - -struct psa_cipher_operation_s -{ - psa_algorithm_t alg; - unsigned int key_set : 1; - unsigned int iv_required : 1; - unsigned int iv_set : 1; - uint8_t iv_size; - uint8_t block_size; - union - { - unsigned dummy; /* Enable easier initializing of the union. */ - mbedtls_cipher_context_t cipher; - } ctx; -}; - -#define PSA_CIPHER_OPERATION_INIT {0, 0, 0, 0, 0, 0, {0}} -static inline struct psa_cipher_operation_s psa_cipher_operation_init( void ) -{ - const struct psa_cipher_operation_s v = PSA_CIPHER_OPERATION_INIT; - return( v ); -} - -struct psa_aead_operation_s -{ - psa_algorithm_t alg; - unsigned int key_set : 1; - unsigned int iv_set : 1; - uint8_t iv_size; - uint8_t block_size; - union - { - unsigned dummy; /* Enable easier initializing of the union. */ - mbedtls_cipher_context_t cipher; - } ctx; -}; - -#define PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, 0, {0}} -static inline struct psa_aead_operation_s psa_aead_operation_init( void ) -{ - const struct psa_aead_operation_s v = PSA_AEAD_OPERATION_INIT; - return( v ); -} - -#if defined(MBEDTLS_MD_C) -typedef struct -{ - uint8_t *info; - size_t info_length; - psa_hmac_internal_data hmac; - uint8_t prk[PSA_HASH_MAX_SIZE]; - uint8_t output_block[PSA_HASH_MAX_SIZE]; -#if PSA_HASH_MAX_SIZE > 0xff -#error "PSA_HASH_MAX_SIZE does not fit in uint8_t" -#endif - uint8_t offset_in_block; - uint8_t block_number; - unsigned int state : 2; - unsigned int info_set : 1; -} psa_hkdf_key_derivation_t; -#endif /* MBEDTLS_MD_C */ - -#if defined(MBEDTLS_MD_C) -typedef enum -{ - TLS12_PRF_STATE_INIT, /* no input provided */ - TLS12_PRF_STATE_SEED_SET, /* seed has been set */ - TLS12_PRF_STATE_KEY_SET, /* key has been set */ - TLS12_PRF_STATE_LABEL_SET, /* label has been set */ - TLS12_PRF_STATE_OUTPUT /* output has been started */ -} psa_tls12_prf_key_derivation_state_t; - -typedef struct psa_tls12_prf_key_derivation_s -{ -#if PSA_HASH_MAX_SIZE > 0xff -#error "PSA_HASH_MAX_SIZE does not fit in uint8_t" -#endif - - /* Indicates how many bytes in the current HMAC block have - * not yet been read by the user. */ - uint8_t left_in_block; - - /* The 1-based number of the block. */ - uint8_t block_number; - - psa_tls12_prf_key_derivation_state_t state; - - uint8_t *seed; - size_t seed_length; - uint8_t *label; - size_t label_length; - psa_hmac_internal_data hmac; - uint8_t Ai[PSA_HASH_MAX_SIZE]; - - /* `HMAC_hash( prk, A(i) + seed )` in the notation of RFC 5246, Sect. 5. */ - uint8_t output_block[PSA_HASH_MAX_SIZE]; -} psa_tls12_prf_key_derivation_t; -#endif /* MBEDTLS_MD_C */ - -struct psa_key_derivation_s -{ - psa_algorithm_t alg; - unsigned int can_output_key : 1; - size_t capacity; - union - { - /* Make the union non-empty even with no supported algorithms. */ - uint8_t dummy; -#if defined(MBEDTLS_MD_C) - psa_hkdf_key_derivation_t hkdf; - psa_tls12_prf_key_derivation_t tls12_prf; -#endif - } ctx; -}; - -/* This only zeroes out the first byte in the union, the rest is unspecified. */ -#define PSA_KEY_DERIVATION_OPERATION_INIT {0, 0, 0, {0}} -static inline struct psa_key_derivation_s psa_key_derivation_operation_init( void ) -{ - const struct psa_key_derivation_s v = PSA_KEY_DERIVATION_OPERATION_INIT; - return( v ); -} - -struct psa_key_policy_s -{ - psa_key_usage_t usage; - psa_algorithm_t alg; - psa_algorithm_t alg2; -}; -typedef struct psa_key_policy_s psa_key_policy_t; - -#define PSA_KEY_POLICY_INIT {0, 0, 0} -static inline struct psa_key_policy_s psa_key_policy_init( void ) -{ - const struct psa_key_policy_s v = PSA_KEY_POLICY_INIT; - return( v ); -} - -/* The type used internally for key sizes. - * Public interfaces use size_t, but internally we use a smaller type. */ -typedef uint16_t psa_key_bits_t; -/* The maximum value of the type used to represent bit-sizes. - * This is used to mark an invalid key size. */ -#define PSA_KEY_BITS_TOO_LARGE ( (psa_key_bits_t) ( -1 ) ) -/* The maximum size of a key in bits. - * Currently defined as the maximum that can be represented, rounded down - * to a whole number of bytes. - * This is an uncast value so that it can be used in preprocessor - * conditionals. */ -#define PSA_MAX_KEY_BITS 0xfff8 - -/** A mask of flags that can be stored in key attributes. - * - * This type is also used internally to store flags in slots. Internal - * flags are defined in library/psa_crypto_core.h. Internal flags may have - * the same value as external flags if they are properly handled during - * key creation and in psa_get_key_attributes. - */ -typedef uint16_t psa_key_attributes_flag_t; - -#define MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER \ - ( (psa_key_attributes_flag_t) 0x0001 ) - -/* A mask of key attribute flags used externally only. - * Only meant for internal checks inside the library. */ -#define MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY ( \ - MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER | \ - 0 ) - -/* A mask of key attribute flags used both internally and externally. - * Currently there aren't any. */ -#define MBEDTLS_PSA_KA_MASK_DUAL_USE ( \ - 0 ) - -typedef struct -{ - psa_key_type_t type; - psa_key_lifetime_t lifetime; - psa_key_id_t id; - psa_key_policy_t policy; - psa_key_bits_t bits; - psa_key_attributes_flag_t flags; -} psa_core_key_attributes_t; - -/* The server must be able to interpret the attributes as specified by the - * client. The server works with the psa_key_id_t encoding the key owner, but - * the client works with the psa_key_id_t not containing the key owner (pure - * psa_app_key_id_t. */ -typedef struct -{ - psa_key_type_t type; - psa_key_lifetime_t lifetime; - psa_app_key_id_t id; - psa_key_policy_t policy; - psa_key_bits_t bits; - uint16_t flags; -} psa_client_core_key_attributes_t; - -#define PSA_CORE_KEY_ATTRIBUTES_INIT {0, 0, PSA_KEY_ID_INIT, PSA_KEY_POLICY_INIT, 0, 0} - -struct psa_key_attributes_s -{ - psa_core_key_attributes_t core; -#if defined(MBEDTLS_PSA_CRYPTO_SE_C) - psa_key_slot_number_t slot_number; -#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ - void *domain_parameters; - size_t domain_parameters_size; -}; - -#if defined(MBEDTLS_PSA_CRYPTO_SE_C) -#define PSA_KEY_ATTRIBUTES_INIT {PSA_CORE_KEY_ATTRIBUTES_INIT, 0, NULL, 0} -#else -#define PSA_KEY_ATTRIBUTES_INIT {PSA_CORE_KEY_ATTRIBUTES_INIT, NULL, 0} -#endif -typedef struct psa_client_key_attributes_s -{ - psa_client_core_key_attributes_t core; - void *domain_parameters; - size_t domain_parameters_size; -} psa_client_key_attributes_t; - -static inline struct psa_key_attributes_s psa_key_attributes_init( void ) -{ - const struct psa_key_attributes_s v = PSA_KEY_ATTRIBUTES_INIT; - return( v ); -} - -static void psa_core_attributes_to_client( - const psa_core_key_attributes_t *server, - psa_client_core_key_attributes_t *client) -{ - client->type = server->type; - client->lifetime = server->lifetime; - client->id = server->id.key_id; - client->policy = server->policy; - client->bits = server->bits; - client->flags = server->flags; -} - -static void psa_core_attributes_to_server( - const psa_client_core_key_attributes_t *client, - psa_key_owner_id_t owner, - psa_core_key_attributes_t *server) -{ - server->type = client->type; - server->lifetime = client->lifetime; - server->id.key_id = client->id; - server->id.owner = owner; - server->policy = client->policy; - server->bits = client->bits; - server->flags = client->flags; -} - -static inline void psa_set_key_id(psa_key_attributes_t *attributes, - psa_key_id_t id) -{ - attributes->core.id = id; - if( attributes->core.lifetime == PSA_KEY_LIFETIME_VOLATILE ) - attributes->core.lifetime = PSA_KEY_LIFETIME_PERSISTENT; -} - -static inline psa_key_id_t psa_get_key_id( - const psa_key_attributes_t *attributes) -{ - return( attributes->core.id ); -} - -static inline void psa_set_key_lifetime(psa_key_attributes_t *attributes, - psa_key_lifetime_t lifetime) -{ - attributes->core.lifetime = lifetime; - if( lifetime == PSA_KEY_LIFETIME_VOLATILE ) - { -#ifdef MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER - attributes->core.id.key_id = 0; - attributes->core.id.owner = 0; -#else - attributes->core.id = 0; -#endif - } -} - -static inline psa_key_lifetime_t psa_get_key_lifetime( - const psa_key_attributes_t *attributes) -{ - return( attributes->core.lifetime ); -} - -static inline void psa_set_key_usage_flags(psa_key_attributes_t *attributes, - psa_key_usage_t usage_flags) -{ - attributes->core.policy.usage = usage_flags; -} - -static inline psa_key_usage_t psa_get_key_usage_flags( - const psa_key_attributes_t *attributes) -{ - return( attributes->core.policy.usage ); -} - -static inline void psa_set_key_algorithm(psa_key_attributes_t *attributes, - psa_algorithm_t alg) -{ - attributes->core.policy.alg = alg; -} - -static inline psa_algorithm_t psa_get_key_algorithm( - const psa_key_attributes_t *attributes) -{ - return( attributes->core.policy.alg ); -} - -/* This function is declared in crypto_extra.h, which comes after this - * header file, but we need the function here, so repeat the declaration. */ -psa_status_t psa_set_key_domain_parameters(psa_key_attributes_t *attributes, - psa_key_type_t type, - const uint8_t *data, - size_t data_length); - -static inline void psa_set_key_type(psa_key_attributes_t *attributes, - psa_key_type_t type) -{ - if( attributes->domain_parameters == NULL ) - { - /* Common case: quick path */ - attributes->core.type = type; - } - else - { - /* Call the bigger function to free the old domain paramteres. - * Ignore any errors which may arise due to type requiring - * non-default domain parameters, since this function can't - * report errors. */ - (void) psa_set_key_domain_parameters( attributes, type, NULL, 0 ); - } -} - -static inline psa_key_type_t psa_get_key_type( - const psa_key_attributes_t *attributes) -{ - return( attributes->core.type ); -} - -static inline void psa_set_key_bits(psa_key_attributes_t *attributes, - size_t bits) -{ - if( bits > PSA_MAX_KEY_BITS ) - attributes->core.bits = PSA_KEY_BITS_TOO_LARGE; - else - attributes->core.bits = (psa_key_bits_t) bits; -} - -static inline size_t psa_get_key_bits( - const psa_key_attributes_t *attributes) -{ - return( attributes->core.bits ); -} - -#ifdef __cplusplus -} -#endif - -#endif /* PSA_CRYPTO_STRUCT_H */ diff --git a/features/mbedtls/mbed-crypto/platform/COMPONENT_PSA_SRV_IMPL/COMPONENT_NSPE/crypto_struct.h b/features/mbedtls/mbed-crypto/platform/TARGET_MBED_PSA_SRV/crypto_struct.h similarity index 100% rename from features/mbedtls/mbed-crypto/platform/COMPONENT_PSA_SRV_IMPL/COMPONENT_NSPE/crypto_struct.h rename to features/mbedtls/mbed-crypto/platform/TARGET_MBED_PSA_SRV/crypto_struct.h diff --git a/features/mbedtls/mbed-crypto/platform/COMPONENT_PSA_SRV_IMPL/psa_crypto.c b/features/mbedtls/mbed-crypto/platform/TARGET_MBED_PSA_SRV/psa_crypto.c similarity index 100% rename from features/mbedtls/mbed-crypto/platform/COMPONENT_PSA_SRV_IMPL/psa_crypto.c rename to features/mbedtls/mbed-crypto/platform/TARGET_MBED_PSA_SRV/psa_crypto.c diff --git a/features/mbedtls/mbed-crypto/platform/COMPONENT_PSA_SRV_IMPL/psa_crypto_core.h b/features/mbedtls/mbed-crypto/platform/TARGET_MBED_PSA_SRV/psa_crypto_core.h similarity index 100% rename from features/mbedtls/mbed-crypto/platform/COMPONENT_PSA_SRV_IMPL/psa_crypto_core.h rename to features/mbedtls/mbed-crypto/platform/TARGET_MBED_PSA_SRV/psa_crypto_core.h diff --git a/features/mbedtls/mbed-crypto/platform/COMPONENT_PSA_SRV_IMPL/psa_crypto_invasive.h b/features/mbedtls/mbed-crypto/platform/TARGET_MBED_PSA_SRV/psa_crypto_invasive.h similarity index 100% rename from features/mbedtls/mbed-crypto/platform/COMPONENT_PSA_SRV_IMPL/psa_crypto_invasive.h rename to features/mbedtls/mbed-crypto/platform/TARGET_MBED_PSA_SRV/psa_crypto_invasive.h diff --git a/features/mbedtls/mbed-crypto/platform/COMPONENT_PSA_SRV_IMPL/psa_crypto_its.h b/features/mbedtls/mbed-crypto/platform/TARGET_MBED_PSA_SRV/psa_crypto_its.h similarity index 100% rename from features/mbedtls/mbed-crypto/platform/COMPONENT_PSA_SRV_IMPL/psa_crypto_its.h rename to features/mbedtls/mbed-crypto/platform/TARGET_MBED_PSA_SRV/psa_crypto_its.h diff --git a/features/mbedtls/mbed-crypto/platform/COMPONENT_PSA_SRV_IMPL/psa_crypto_se.h b/features/mbedtls/mbed-crypto/platform/TARGET_MBED_PSA_SRV/psa_crypto_se.h similarity index 100% rename from features/mbedtls/mbed-crypto/platform/COMPONENT_PSA_SRV_IMPL/psa_crypto_se.h rename to features/mbedtls/mbed-crypto/platform/TARGET_MBED_PSA_SRV/psa_crypto_se.h diff --git a/features/mbedtls/mbed-crypto/platform/COMPONENT_PSA_SRV_IMPL/psa_crypto_service_integration.h b/features/mbedtls/mbed-crypto/platform/TARGET_MBED_PSA_SRV/psa_crypto_service_integration.h similarity index 100% rename from features/mbedtls/mbed-crypto/platform/COMPONENT_PSA_SRV_IMPL/psa_crypto_service_integration.h rename to features/mbedtls/mbed-crypto/platform/TARGET_MBED_PSA_SRV/psa_crypto_service_integration.h diff --git a/features/mbedtls/mbed-crypto/platform/COMPONENT_PSA_SRV_IMPL/psa_crypto_slot_management.c b/features/mbedtls/mbed-crypto/platform/TARGET_MBED_PSA_SRV/psa_crypto_slot_management.c similarity index 100% rename from features/mbedtls/mbed-crypto/platform/COMPONENT_PSA_SRV_IMPL/psa_crypto_slot_management.c rename to features/mbedtls/mbed-crypto/platform/TARGET_MBED_PSA_SRV/psa_crypto_slot_management.c diff --git a/features/mbedtls/mbed-crypto/platform/COMPONENT_PSA_SRV_IMPL/psa_crypto_slot_management.h b/features/mbedtls/mbed-crypto/platform/TARGET_MBED_PSA_SRV/psa_crypto_slot_management.h similarity index 100% rename from features/mbedtls/mbed-crypto/platform/COMPONENT_PSA_SRV_IMPL/psa_crypto_slot_management.h rename to features/mbedtls/mbed-crypto/platform/TARGET_MBED_PSA_SRV/psa_crypto_slot_management.h diff --git a/features/mbedtls/mbed-crypto/platform/COMPONENT_PSA_SRV_IMPL/psa_crypto_storage.c b/features/mbedtls/mbed-crypto/platform/TARGET_MBED_PSA_SRV/psa_crypto_storage.c similarity index 100% rename from features/mbedtls/mbed-crypto/platform/COMPONENT_PSA_SRV_IMPL/psa_crypto_storage.c rename to features/mbedtls/mbed-crypto/platform/TARGET_MBED_PSA_SRV/psa_crypto_storage.c diff --git a/features/mbedtls/mbed-crypto/platform/COMPONENT_PSA_SRV_IMPL/psa_crypto_storage.h b/features/mbedtls/mbed-crypto/platform/TARGET_MBED_PSA_SRV/psa_crypto_storage.h similarity index 100% rename from features/mbedtls/mbed-crypto/platform/COMPONENT_PSA_SRV_IMPL/psa_crypto_storage.h rename to features/mbedtls/mbed-crypto/platform/TARGET_MBED_PSA_SRV/psa_crypto_storage.h diff --git a/features/mbedtls/mbed-crypto/platform/COMPONENT_PSA_SRV_IMPL/psa_its_file.c b/features/mbedtls/mbed-crypto/platform/TARGET_MBED_PSA_SRV/psa_its_file.c similarity index 100% rename from features/mbedtls/mbed-crypto/platform/COMPONENT_PSA_SRV_IMPL/psa_its_file.c rename to features/mbedtls/mbed-crypto/platform/TARGET_MBED_PSA_SRV/psa_its_file.c diff --git a/features/mbedtls/platform/TARGET_PSA/COMPONENT_PSA_SRV_IMPL/inc/default_random_seed.h b/features/mbedtls/platform/TARGET_MBED_PSA_SRV/inc/default_random_seed.h similarity index 100% rename from features/mbedtls/platform/TARGET_PSA/COMPONENT_PSA_SRV_IMPL/inc/default_random_seed.h rename to features/mbedtls/platform/TARGET_MBED_PSA_SRV/inc/default_random_seed.h diff --git a/features/mbedtls/platform/TARGET_PSA/COMPONENT_PSA_SRV_IMPL/src/default_random_seed.cpp b/features/mbedtls/platform/TARGET_MBED_PSA_SRV/src/default_random_seed.cpp similarity index 96% rename from features/mbedtls/platform/TARGET_PSA/COMPONENT_PSA_SRV_IMPL/src/default_random_seed.cpp rename to features/mbedtls/platform/TARGET_MBED_PSA_SRV/src/default_random_seed.cpp index 4f50749a3e..06f2fbef94 100644 --- a/features/mbedtls/platform/TARGET_PSA/COMPONENT_PSA_SRV_IMPL/src/default_random_seed.cpp +++ b/features/mbedtls/platform/TARGET_MBED_PSA_SRV/src/default_random_seed.cpp @@ -1,4 +1,3 @@ -#include "mbed.h" #include "crypto.h" #include "default_random_seed.h" #include "psa/internal_trusted_storage.h" diff --git a/features/mbedtls/platform/TARGET_PSA/COMPONENT_NSPE/src/psa_hrng.c b/features/mbedtls/platform/TARGET_MBED_PSA_SRV/src/psa_hrng.c similarity index 100% rename from features/mbedtls/platform/TARGET_PSA/COMPONENT_NSPE/src/psa_hrng.c rename to features/mbedtls/platform/TARGET_MBED_PSA_SRV/src/psa_hrng.c diff --git a/features/mbedtls/platform/inc/platform_mbed.h b/features/mbedtls/platform/inc/platform_mbed.h index f03a410be2..c424a053ba 100644 --- a/features/mbedtls/platform/inc/platform_mbed.h +++ b/features/mbedtls/platform/inc/platform_mbed.h @@ -21,7 +21,7 @@ #ifndef __PLATFORM_MBED__H__ #define __PLATFORM_MBED__H__ -#if (defined(TARGET_PSA) && defined(MBEDTLS_ENTROPY_NV_SEED)) +#if (defined(FEATURE_PSA) && defined(MBEDTLS_ENTROPY_NV_SEED)) #include "default_random_seed.h" @@ -37,7 +37,7 @@ * MBEDTLS_ENTROPY_NV_SEED is enabled. */ #define MBEDTLS_PSA_INJECT_ENTROPY -#endif // (defined(TARGET_PSA) && defined(MBEDTLS_ENTROPY_NV_SEED)) +#endif // (defined(FEATURE_PSA) && defined(MBEDTLS_ENTROPY_NV_SEED)) #if DEVICE_TRNG #define MBEDTLS_ENTROPY_HARDWARE_ALT @@ -47,7 +47,7 @@ #include "mbedtls_device.h" #endif -#if defined(TARGET_PSA) +#if defined(FEATURE_PSA) /* The following configurations are a needed for Mbed Crypto submodule. * They are related to the persistent key storage feature. */ diff --git a/platform/source/mbed_retarget.cpp b/platform/source/mbed_retarget.cpp index 32e88e0917..3b41597695 100644 --- a/platform/source/mbed_retarget.cpp +++ b/platform/source/mbed_retarget.cpp @@ -1098,7 +1098,7 @@ extern "C" long PREFIX(_flen)(FILEHANDLE fh) } // Do not compile this code for TFM secure target -#if !defined(COMPONENT_SPE) || !defined(TARGET_TFM) +#if !defined(TARGET_TFM) #if !defined(__MICROLIB) #if defined (__ARMCC_VERSION) && (__ARMCC_VERSION >= 6010050) @@ -1163,7 +1163,7 @@ extern "C" __value_in_regs struct __initial_stackheap __user_setup_stackheap(uin return _mbed_user_setup_stackheap(R0, R1, R2, R3); } -#endif // !defined(COMPONENT_SPE) || !defined(TARGET_TFM) +#endif // !defined(FEATURE_PSA) #endif diff --git a/rtos/source/TARGET_CORTEX/mbed_rtos_rtx.c b/rtos/source/TARGET_CORTEX/mbed_rtos_rtx.c index 5792a7bdc1..460a843734 100644 --- a/rtos/source/TARGET_CORTEX/mbed_rtos_rtx.c +++ b/rtos/source/TARGET_CORTEX/mbed_rtos_rtx.c @@ -28,11 +28,11 @@ #include "spm_init.h" #include "spm_api.h" #endif -#if defined(TARGET_TFM) && defined(COMPONENT_NSPE) -#include "TARGET_TFM/interface/include/tfm_ns_lock.h" +#if defined(FEATURE_TFM) && defined(FEATURE_NSPE) +#include "FEATURE_TFM/interface/include/tfm_ns_lock.h" #endif -#if defined(COMPONENT_NSPE) && defined(COMPONENT_SPM_MAILBOX) +#if defined(FEATURE_NSPE) && defined(FEATURE_SPM_MAILBOX) MBED_ALIGN(8) char psa_spm_dispatcher_th_stack[0x100]; mbed_rtos_storage_thread_t psa_spm_dispatcher_th_tcb; @@ -45,7 +45,7 @@ const osThreadAttr_t psa_spm_dispatcher_th_attr = { .cb_size = sizeof(psa_spm_dispatcher_th_tcb) }; -#endif // defined(COMPONENT_NSPE) && defined(COMPONENT_SPM_MAILBOX) +#endif // defined(FEATURE_NSPE) && defined(FEATURE_SPM_MAILBOX) osThreadAttr_t _main_thread_attr; @@ -83,9 +83,9 @@ MBED_NORETURN void mbed_rtos_start() _main_thread_attr.tz_module = 1U; #endif -#if defined(COMPONENT_SPM_MAILBOX) +#if defined(FEATURE_SPM_MAILBOX) spm_ipc_mailbox_init(); -#endif // defined(COMPONENT_SPM_MAILBOX) +#endif // defined(FEATURE_SPM_MAILBOX) #if defined(TARGET_MBED_SPM) @@ -95,17 +95,17 @@ MBED_NORETURN void mbed_rtos_start() spm_hal_start_nspe(); #endif // defined(COMPONENT_SPE) -#if defined(COMPONENT_NSPE) && defined(COMPONENT_SPM_MAILBOX) +#if defined(FEATURE_NSPE) && defined(FEATURE_SPM_MAILBOX) osThreadId_t spm_result = osThreadNew((osThreadFunc_t)psa_spm_mailbox_dispatcher, NULL, &psa_spm_dispatcher_th_attr); if ((void *)spm_result == NULL) { MBED_ERROR1(MBED_MAKE_ERROR(MBED_MODULE_PLATFORM, MBED_ERROR_CODE_INITIALIZATION_FAILED), "Dispatcher thread not created", &psa_spm_dispatcher_th_attr); } -#endif // defined(COMPONENT_NSPE) && defined(COMPONENT_SPM_MAILBOX) +#endif // defined(FEATURE_NSPE) && defined(FEATURE_SPM_MAILBOX) #endif // defined(TARGET_MBED_SPM) -#if defined(TARGET_TFM) && defined(COMPONENT_NSPE) +#if defined(FEATURE_TFM) && defined(FEATURE_NSPE) tfm_ns_lock_init(); -#endif // defined(TARGET_TFM) && defined(COMPONENT_NSPE) +#endif // defined(FEATURE_TFM) && defined(FEATURE_NSPE) singleton_mutex_id = osMutexNew(&singleton_mutex_attr); osThreadId_t result = osThreadNew((osThreadFunc_t)mbed_start, NULL, &_main_thread_attr); diff --git a/targets/TARGET_Cypress/TARGET_PSOC6_FUTURE/mbed_rtx.h b/targets/TARGET_Cypress/TARGET_PSOC6_FUTURE/mbed_rtx.h index 0513b0b92e..062c27d15e 100644 --- a/targets/TARGET_Cypress/TARGET_PSOC6_FUTURE/mbed_rtx.h +++ b/targets/TARGET_Cypress/TARGET_PSOC6_FUTURE/mbed_rtx.h @@ -21,7 +21,7 @@ #if defined(TARGET_MCU_PSOC6_M0) -#ifdef TARGET_PSA +#ifdef FEATURE_PSA #ifndef INITIAL_SP #define INITIAL_SP (PSA_SECURE_RAM_START + PSA_SECURE_RAM_SIZE) #endif // INITIAL_SP @@ -30,10 +30,10 @@ #define INITIAL_SP (0x08000000 + 0x00010000) // Ram origin + length #endif // INITIAL_SP -#endif // TARGET_PSA +#endif // FEATURE_PSA #elif defined(TARGET_MCU_PSOC6_M4) -#ifdef TARGET_PSA +#ifdef FEATURE_PSA #ifndef INITIAL_SP #define INITIAL_SP (PSA_NON_SECURE_RAM_START + PSA_NON_SECURE_RAM_SIZE) #endif // INITIAL_SP @@ -41,7 +41,7 @@ #ifndef INITIAL_SP #define INITIAL_SP (0x08010000 + 0x00037800) // Ram origin + length #endif // INITIAL_SP -#endif // TARGET_PSA +#endif // FEATURE_PSA #else diff --git a/targets/targets.json b/targets/targets.json index 49106403a0..f3c66dfd61 100644 --- a/targets/targets.json +++ b/targets/targets.json @@ -5,11 +5,7 @@ "default_toolchain": "ARM", "supported_toolchains": null, "extra_labels": [], - "components": [ - "PSA_SRV_IMPL", - "PSA_SRV_EMUL", - "NSPE" - ], + "components": [], "is_disk_virtual": false, "macros": [], "device_has": [], @@ -84,115 +80,63 @@ } }, "PSA_Target": { + "features": [ + "PSA" + ], "public": false, - "config": { - "secure-rom-start": { - "help": "Starting address of Secure ROM", - "value": null, - "macro_name": "PSA_SECURE_ROM_START", - "conflicts": [ - "target.mbed_rom_start" - ] - }, - "secure-rom-size": { - "help": "Size in bytes of Secure ROM", - "value": null, - "macro_name": "PSA_SECURE_ROM_SIZE", - "conflicts": [ - "target.mbed_rom_size" - ] - }, - "non-secure-rom-start": { - "help": "Starting address of Non-secure ROM", - "value": null, - "macro_name": "PSA_NON_SECURE_ROM_START", - "conflicts": [ - "target.mbed_rom_start" - ] - }, - "non-secure-rom-size": { - "help": "Size in bytes of Non-secure ROM", - "value": null, - "macro_name": "PSA_NON_SECURE_ROM_SIZE", - "conflicts": [ - "target.mbed_rom_size" - ] - }, - "secure-ram-start": { - "help": "Starting address of Secure RAM", - "value": null, - "macro_name": "PSA_SECURE_RAM_START", - "conflicts": [ - "target.mbed_ram_start" - ] - }, - "secure-ram-size": { - "help": "Size in bytes of Secure RAM", - "value": null, - "macro_name": "PSA_SECURE_RAM_SIZE", - "conflicts": [ - "target.mbed_ram_size" - ] - }, - "non-secure-ram-start": { - "help": "Starting address of Non-secure RAM", - "value": null, - "macro_name": "PSA_NON_SECURE_RAM_START", - "conflicts": [ - "target.mbed_ram_start" - ] - }, - "non-secure-ram-size": { - "help": "Size in bytes of Non-secure RAM", - "value": null, - "macro_name": "PSA_NON_SECURE_RAM_SIZE", - "conflicts": [ - "target.mbed_ram_size" - ] - }, - "shared-ram-start": { - "help": "Starting address of Shared RAM between Secure and Non-secure worlds", - "value": null, - "macro_name": "PSA_SHARED_RAM_START" - }, - "shared-ram-size": { - "help": "Size in bytes of Shared RAM between Secure and Non-secure worlds", - "value": null, - "macro_name": "PSA_SHARED_RAM_SIZE" - }, - "public-ram-start": { - "help": "Starting address of Public RAM for variables accessible from Non-secure worlds", - "value": null, - "macro_name": "PSA_PUBLIC_RAM_START" - }, - "public-ram-size": { - "help": "Size in bytes of Public RAM variables accessible from Non-secure worlds", - "value": null, - "macro_name": "PSA_PUBLIC_RAM_SIZE" - } - } + "config": {} }, - "NSPE_Target": { + "PSA_V7_M_NSPE": { "inherits": [ "PSA_Target" ], - "components": [ - "PSA_SRV_IPC", - "NSPE" + "extra_labels": [ + "MBED_PSA_SRV" ], - "device_has_add": [ + "device_has": [ "TRNG" ], "public": false }, - "SPE_Target": { + "PSA_V7_M_SPE": { + "inherits": ["PSA_Target"], + "public": false + }, + "PSA_DUAL_V7_M_NSPE": { "inherits": [ "PSA_Target" ], - "components": [ - "PSA_SRV_IMPL", - "PSA_SRV_IPC", - "SPE" + "extra_labels": [ + "TFM", + "TARGET_TFM_TWINCPU" + ], + "device_has": [ + "TRNG" + ], + "public": false + }, + "PSA_DUAL_V7_M_SPE": { + "inherits": [ + "PSA_Target" + ], + "public": false + }, + "PSA_V8_M_NSPE": { + "inherits": [ + "PSA_Target" + ], + "extra_labels": [ + "TFM", + "TARGET_TFM_V8M" + ], + "device_has": [ + "TRNG" + ], + "public": false + }, + "PSA_V8_M_SPE": { + "inherits": [ + "PSA_Target" ], "public": false }, @@ -2160,7 +2104,7 @@ "GCC_ARM", "IAR" ], - "extra_labels": [ + "extra_labels_add": [ "Freescale", "MCUXpresso_MCUS", "KSDK2_MCUS", @@ -2168,8 +2112,7 @@ "KPSDK_MCUS", "KPSDK_CODE", "MCU_K64F", - "Freescale_EMAC", - "PSA" + "Freescale_EMAC" ], "is_disk_virtual": true, "macros": [ @@ -2179,12 +2122,13 @@ "MBED_TICKLESS" ], "inherits": [ + "PSA_V7_M_NSPE", "Target" ], "detect_code": [ "0240" ], - "device_has": [ + "device_has_add": [ "USTICKER", "LPTICKER", "RTC", @@ -2577,13 +2521,12 @@ "GCC_ARM", "IAR" ], - "extra_labels": [ + "extra_labels_add": [ "Freescale", "MCUXpresso_MCUS", "KSDK2_MCUS", "FRDM", - "Freescale_EMAC", - "PSA" + "Freescale_EMAC" ], "is_disk_virtual": true, "macros": [ @@ -2593,12 +2536,13 @@ "MBED_TICKLESS" ], "inherits": [ + "PSA_V7_M_NSPE", "Target" ], "detect_code": [ "0311" ], - "device_has": [ + "device_has_add": [ "USTICKER", "LPTICKER", "RTC", @@ -2726,7 +2670,7 @@ "Target" ], "public": false, - "extra_labels": [ + "extra_labels_add": [ "STM" ], "supported_toolchains": [ @@ -2769,7 +2713,7 @@ "deep-sleep-latency": 4, "init-us-ticker-at-boot": true }, - "device_has": [ + "device_has_add": [ "USTICKER", "LPTICKER", "RTC", @@ -3051,7 +2995,7 @@ }, "LPC55S69_NS": { "inherits": [ - "NSPE_Target", + "PSA_V8_M_NSPE", "LPC55S69" ], "core": "Cortex-M33FE-NS", @@ -3073,7 +3017,6 @@ ], "extra_labels_add": [ "M33_NS", - "PSA", "TFM" ], "device_has_add": [ @@ -3115,7 +3058,7 @@ }, "LPC55S69_S": { "inherits": [ - "SPE_Target", + "PSA_V8_M_SPE", "LPC55S69" ], "core": "Cortex-M33FE", @@ -3134,7 +3077,6 @@ ], "extra_labels_add": [ "M33_S", - "PSA", "TFM" ], "device_has_add": [ @@ -4140,6 +4082,7 @@ }, "NUCLEO_F429ZI": { "inherits": [ + "PSA_V7_M_NSPE", "FAMILY_STM32" ], "supported_form_factors": [ @@ -4168,7 +4111,7 @@ "STM32F429ZI", "STM32F429xx", "STM32F429xI", - "PSA" + "STM_EMAC" ], "components_add": [ "FLASHIAP" @@ -6926,7 +6869,7 @@ "WIFI", "SERIAL" ], - "features": [ + "features_add": [ "BLE" ], "device_has_remove": [], @@ -6946,6 +6889,7 @@ }, "UBLOX_EVK_ODIN_W2": { "inherits": [ + "PSA_V7_M_NSPE", "MODULE_UBLOX_ODIN_W2" ], "supported_form_factors": [ @@ -6955,9 +6899,6 @@ "5" ], "device_has_remove": [], - "extra_labels_add": [ - "PSA" - ], "components_add": [ "SD", "FLASHIAP" @@ -8473,7 +8414,7 @@ }, "ARM_MUSCA_A1_NS": { "inherits": [ - "NSPE_Target", + "PSA_V8_M_NSPE", "ARM_MUSCA_A1" ], "core": "Cortex-M33-NS", @@ -8498,7 +8439,6 @@ ], "extra_labels_add": [ "MUSCA_A1_NS", - "PSA", "TFM" ], "post_binary_hook": { @@ -8514,7 +8454,7 @@ }, "ARM_MUSCA_A1_S": { "inherits": [ - "SPE_Target", + "PSA_V8_M_SPE", "ARM_MUSCA_A1" ], "core": "Cortex-M33", @@ -8538,7 +8478,6 @@ ], "extra_labels_add": [ "MUSCA_A1_S", - "PSA", "TFM" ], "deliver_to_target": "ARM_MUSCA_A1_NS", @@ -12354,6 +12293,7 @@ }, "FVP_MPS2": { "inherits": [ + "PSA_V7_M_NSPE", "ARM_FM" ], "public": false, @@ -13592,7 +13532,7 @@ "Target" ], "public": false, - "extra_labels": [ + "extra_labels_add": [ "GigaDevice" ], "supported_toolchains": [ @@ -13600,7 +13540,7 @@ "IAR", "GCC_ARM" ], - "device_has": [ + "device_has_add": [ "USTICKER", "ANALOGIN", "INTERRUPTIN", @@ -13696,6 +13636,7 @@ }, "GD32_F450ZI": { "inherits": [ + "PSA_V7_M_NSPE", "GD32_Target" ], "supported_form_factors": [ @@ -13708,8 +13649,7 @@ "extra_labels_add": [ "GD32F4XX", "GD32F450ZI", - "GD_EMAC", - "PSA" + "GD_EMAC" ], "device_has_add": [ "RTC", diff --git a/tools/config/__init__.py b/tools/config/__init__.py index 771ea07142..119cd82fee 100755 --- a/tools/config/__init__.py +++ b/tools/config/__init__.py @@ -69,7 +69,7 @@ BOOTLOADER_OVERRIDES = ROM_OVERRIDES | RAM_OVERRIDES | DELIVERY_OVERRIDES ALLOWED_FEATURES = [ - "BOOTLOADER", "BLE", "LWIP", "STORAGE", "NANOSTACK", "CRYPTOCELL310", + "BOOTLOADER", "BLE", "LWIP", "STORAGE", "NANOSTACK", "CRYPTOCELL310", "PSA", ] # List of all possible ram memories that can be available for a target diff --git a/tools/targets/__init__.py b/tools/targets/__init__.py index 840126cb0b..eb6ebac7d9 100644 --- a/tools/targets/__init__.py +++ b/tools/targets/__init__.py @@ -26,6 +26,7 @@ from collections import namedtuple from copy import copy from future.utils import raise_from from tools.resources import FileType +from tools.settings import ROOT from tools.targets.LPC import patch from tools.paths import TOOLS_BOOTLOADERS from tools.utils import json_file_to_dict, NotSupportedException @@ -661,7 +662,6 @@ class RTL8195ACode(object): from tools.targets.REALTEK_RTL8195AM import rtl8195a_elf2bin rtl8195a_elf2bin(t_self, elf, binf) - class PSOC6Code(object): @staticmethod def complete(t_self, resources, elf, binf): @@ -694,85 +694,38 @@ class PSOC6Code(object): from tools.targets.PSOC6 import sign_image as psoc6_sign_image psoc6_sign_image(t_self, binf) -class ArmMuscaA1Code(object): - """Musca-A1 Hooks""" - @staticmethod - def binary_hook(t_self, resources, elf, binf): - from tools.targets.ARM_MUSCA_A1 import musca_tfm_bin - configured_secure_image_filename = t_self.target.secure_image_filename - secure_bin = find_secure_image( - t_self.notify, - resources, - binf, - configured_secure_image_filename, - FileType.BIN - ) - musca_tfm_bin(t_self, binf, secure_bin) +def find_secure_image(notify, resources, ns_image_path, + configured_s_image_filename, image_type): + """ Find secure image. """ + if configured_s_image_filename is None: + return None + assert ns_image_path and configured_s_image_filename, \ + 'ns_image_path and configured_s_image_path are mandatory' + assert image_type in [FileType.BIN, FileType.HEX], \ + 'image_type must be of type BIN or HEX' -class LPC55S69Code(object): - """LPC55S69 Hooks""" - @staticmethod - def binary_hook(t_self, resources, elf, binf): - from tools.targets.LPC55S69 import lpc55s69_complete - configured_secure_image_filename = t_self.target.secure_image_filename - secure_bin = find_secure_image( - t_self.notify, - resources, - binf, - configured_secure_image_filename, - FileType.BIN - ) - lpc55s69_complete(t_self, binf, secure_bin) + image_files = resources.get_file_paths(image_type) + assert image_files, 'No image files found for this target' -class M2351Code(object): - """M2351 Hooks""" - @staticmethod - def merge_secure(t_self, resources, ns_elf, ns_hex): - t_self.notify.info("Merging non-secure image with secure image") - configured_secure_image_filename = t_self.target.secure_image_filename - t_self.notify.info("Non-secure elf image %s" % ns_elf) - t_self.notify.info("Non-secure hex image %s" % ns_hex) - t_self.notify.info("Finding secure image %s" % configured_secure_image_filename) - s_hex = find_secure_image( - t_self.notify, - resources, - ns_hex, - configured_secure_image_filename, - FileType.HEX - ) - t_self.notify.info("Found secure image %s" % s_hex) + secure_image = next( + (f for f in image_files if + os.path.basename(f) == configured_s_image_filename), None) + secure_image = next( + (f for f in image_files if + os.path.splitext(os.path.basename(f))[0] == + os.path.splitext(os.path.basename(ns_image_path))[0]), + secure_image + ) - _, ext = os.path.splitext(s_hex) - if ext != ".hex": - t_self.notify.debug("Secure image %s must be in Intel HEX format" % s_hex) - return - if not os.path.isfile(s_hex): - t_self.notify.debug("Secure image %s must be regular file" % s_hex) - return + if secure_image: + notify.debug("Secure image file found: %s." % secure_image) + else: + notify.debug("Secure image file %s not found. Aborting." + % configured_s_image_filename) + raise Exception("Required secure image not found.") - ns_main, ext = os.path.splitext(ns_hex) - if ext != ".hex": - t_self.notify.debug("Non-secure image %s must be in Intel HEX format" % s_hex) - return - if not os.path.isfile(ns_hex): - t_self.notify.debug("Non-secure image %s must be regular file" % s_hex) - return - - # Keep original non-secure before merge with secure - ns_nosecure_hex = ns_main + "_no-secure-merge" + ext - t_self.notify.info("Keep no-secure-merge image %s" % ns_nosecure_hex) - shutil.copy2(ns_hex, ns_nosecure_hex) - - # Merge secure and non-secure and save to non-secure (override it) - from intelhex import IntelHex - s_ih = IntelHex() - s_ih.loadhex(s_hex) - ns_ih = IntelHex() - ns_ih.loadhex(ns_hex) - ns_ih.start_addr = None - s_ih.merge(ns_ih) - s_ih.tofile(ns_hex, 'hex') + return secure_image # End Target specific section ############################################################################### diff --git a/tools/test/targets/target_test.py b/tools/test/targets/target_test.py index 341186aa93..092536090c 100644 --- a/tools/test/targets/target_test.py +++ b/tools/test/targets/target_test.py @@ -23,8 +23,10 @@ from os.path import join, abspath, dirname from contextlib import contextmanager import pytest -from tools.targets import TARGETS, TARGET_MAP, Target, update_target_data +from tools.targets import TARGETS, TARGET_MAP, Target, update_target_data, find_secure_image from tools.arm_pack_manager import Cache +from tools.notifier.mock import MockNotifier +from tools.resources import Resources, FileType def test_device_name(): @@ -156,3 +158,38 @@ def test_modify_existing_target(): # The existing target should not be modified by custom targets assert TARGET_MAP["Test_Target"].default_toolchain != 'GCC_ARM' assert TARGET_MAP["Test_Target"].bootloader_supported != True + +def test_find_secure_image(): + mock_notifier = MockNotifier() + mock_resources = Resources(mock_notifier) + ns_image_path = os.path.join('BUILD', 'TARGET_NS', 'app.bin') + ns_test_path = os.path.join('BUILD', 'TARGET_NS', 'test.bin') + config_s_image_name = 'target_config.bin' + default_bin = os.path.join('prebuilt', config_s_image_name) + test_bin = os.path.join('prebuilt', 'test.bin') + + with pytest.raises(Exception, match='ns_image_path and configured_s_image_path are mandatory'): + find_secure_image(mock_notifier, mock_resources, None, None, FileType.BIN) + find_secure_image(mock_notifier, mock_resources, ns_image_path, None, FileType.BIN) + find_secure_image(mock_notifier, mock_resources, None, config_s_image_name, FileType.BIN) + + with pytest.raises(Exception, match='image_type must be of type BIN or HEX'): + find_secure_image(mock_notifier, mock_resources, ns_image_path, config_s_image_name, None) + find_secure_image(mock_notifier, mock_resources, ns_image_path, config_s_image_name, FileType.C_SRC) + + with pytest.raises(Exception, match='No image files found for this target'): + find_secure_image(mock_notifier, mock_resources, ns_image_path, config_s_image_name, FileType.BIN) + + dummy_bin = os.path.join('path', 'to', 'dummy.bin') + mock_resources.add_file_ref(FileType.BIN, dummy_bin, dummy_bin) + + with pytest.raises(Exception, match='Required secure image not found'): + find_secure_image(mock_notifier, mock_resources, ns_image_path, config_s_image_name, FileType.BIN) + + mock_resources.add_file_ref(FileType.BIN, default_bin, default_bin) + mock_resources.add_file_ref(FileType.BIN, test_bin, test_bin) + secure_image = find_secure_image(mock_notifier, mock_resources, ns_image_path, config_s_image_name, FileType.BIN) + assert secure_image == default_bin + + secure_image = find_secure_image(mock_notifier, mock_resources, ns_test_path, config_s_image_name, FileType.BIN) + assert secure_image == test_bin