Add PSA-crypto partition & IPC code

Author: Oren Cohen

TESTS/psa/prot_internal_storage/COMPONENT_SPE/psa_setup.c

@@ -26,10 +26,11 @@
 #include "handles_manager.h"
 #include "cmsis.h"
 #include "psa_test_its_reset_partition.h"
+#include "psa_psa_f_partition.h"
 #include "psa_its_partition.h"
 
 
-spm_partition_t g_partitions[2] = {
+spm_partition_t g_partitions[3] = {
     {
         .partition_id = TEST_ITS_RESET_ID,
         .thread_id = 0,
@@ -41,6 +42,17 @@ spm_partition_t g_partitions[2] = {
         .extern_sids_count = TEST_ITS_RESET_EXT_ROT_SRV_COUNT,
         .irq_mapper = NULL,
     },
+    {
+        .partition_id = PSA_F_ID,
+        .thread_id = 0,
+        .flags_rot_srv = PSA_F_WAIT_ANY_SID_MSK,
+        .flags_interrupts = 0,
+        .rot_services = NULL,
+        .rot_services_count = PSA_F_ROT_SRV_COUNT,
+        .extern_sids = NULL,
+        .extern_sids_count = PSA_F_EXT_ROT_SRV_COUNT,
+        .irq_mapper = NULL,
+    },
     {
         .partition_id = ITS_ID,
         .thread_id = 0,
@@ -63,6 +75,7 @@ const uint32_t mem_region_count = 0;
 
 // forward declaration of partition initializers
 void test_its_reset_init(spm_partition_t *partition);
+void psa_f_init(spm_partition_t *partition);
 void its_init(spm_partition_t *partition);
 
 uint32_t init_partitions(spm_partition_t **partitions)
@@ -72,9 +85,10 @@ uint32_t init_partitions(spm_partition_t **partitions)
     }
 
     test_its_reset_init(&(g_partitions[0]));
-    its_init(&(g_partitions[1]));
+    psa_f_init(&(g_partitions[1]));
+    its_init(&(g_partitions[2]));
 
     *partitions = g_partitions;
-    return 2;
+    return 3;
 }
 

TESTS/psa/spm_client/COMPONENT_SPE/psa_setup.c

@@ -26,10 +26,11 @@
 #include "handles_manager.h"
 #include "cmsis.h"
 #include "psa_client_tests_part1_partition.h"
+#include "psa_psa_f_partition.h"
 #include "psa_its_partition.h"
 
 
-spm_partition_t g_partitions[2] = {
+spm_partition_t g_partitions[3] = {
     {
         .partition_id = CLIENT_TESTS_PART1_ID,
         .thread_id = 0,
@@ -41,6 +42,17 @@ spm_partition_t g_partitions[2] = {
         .extern_sids_count = CLIENT_TESTS_PART1_EXT_ROT_SRV_COUNT,
         .irq_mapper = NULL,
     },
+    {
+        .partition_id = PSA_F_ID,
+        .thread_id = 0,
+        .flags_rot_srv = PSA_F_WAIT_ANY_SID_MSK,
+        .flags_interrupts = 0,
+        .rot_services = NULL,
+        .rot_services_count = PSA_F_ROT_SRV_COUNT,
+        .extern_sids = NULL,
+        .extern_sids_count = PSA_F_EXT_ROT_SRV_COUNT,
+        .irq_mapper = NULL,
+    },
     {
         .partition_id = ITS_ID,
         .thread_id = 0,
@@ -63,6 +75,7 @@ const uint32_t mem_region_count = 0;
 
 // forward declaration of partition initializers
 void client_tests_part1_init(spm_partition_t *partition);
+void psa_f_init(spm_partition_t *partition);
 void its_init(spm_partition_t *partition);
 
 uint32_t init_partitions(spm_partition_t **partitions)
@@ -72,9 +85,10 @@ uint32_t init_partitions(spm_partition_t **partitions)
     }
 
     client_tests_part1_init(&(g_partitions[0]));
-    its_init(&(g_partitions[1]));
+    psa_f_init(&(g_partitions[1]));
+    its_init(&(g_partitions[2]));
 
     *partitions = g_partitions;
-    return 2;
+    return 3;
 }
 

TESTS/psa/spm_server/COMPONENT_SPE/psa_setup.c

@@ -27,11 +27,12 @@
 #include "cmsis.h"
 #include "psa_server_test_part1_partition.h"
 #include "psa_server_test_part2_partition.h"
+#include "psa_psa_f_partition.h"
 #include "psa_its_partition.h"
 
 extern const uint32_t server_test_part1_external_sids[2];
 
-spm_partition_t g_partitions[3] = {
+spm_partition_t g_partitions[4] = {
     {
         .partition_id = SERVER_TEST_PART1_ID,
         .thread_id = 0,
@@ -54,6 +55,17 @@ spm_partition_t g_partitions[3] = {
         .extern_sids_count = SERVER_TEST_PART2_EXT_ROT_SRV_COUNT,
         .irq_mapper = NULL,
     },
+    {
+        .partition_id = PSA_F_ID,
+        .thread_id = 0,
+        .flags_rot_srv = PSA_F_WAIT_ANY_SID_MSK,
+        .flags_interrupts = 0,
+        .rot_services = NULL,
+        .rot_services_count = PSA_F_ROT_SRV_COUNT,
+        .extern_sids = NULL,
+        .extern_sids_count = PSA_F_EXT_ROT_SRV_COUNT,
+        .irq_mapper = NULL,
+    },
     {
         .partition_id = ITS_ID,
         .thread_id = 0,
@@ -77,6 +89,7 @@ const uint32_t mem_region_count = 0;
 // forward declaration of partition initializers
 void server_test_part1_init(spm_partition_t *partition);
 void server_test_part2_init(spm_partition_t *partition);
+void psa_f_init(spm_partition_t *partition);
 void its_init(spm_partition_t *partition);
 
 uint32_t init_partitions(spm_partition_t **partitions)
@@ -87,9 +100,10 @@ uint32_t init_partitions(spm_partition_t **partitions)
 
     server_test_part1_init(&(g_partitions[0]));
     server_test_part2_init(&(g_partitions[1]));
-    its_init(&(g_partitions[2]));
+    psa_f_init(&(g_partitions[2]));
+    its_init(&(g_partitions[3]));
 
     *partitions = g_partitions;
-    return 3;
+    return 4;
 }
 

TESTS/psa/spm_smoke/COMPONENT_SPE/psa_setup.c

@@ -26,10 +26,11 @@
 #include "handles_manager.h"
 #include "cmsis.h"
 #include "psa_smoke_test_part1_partition.h"
+#include "psa_psa_f_partition.h"
 #include "psa_its_partition.h"
 
 
-spm_partition_t g_partitions[2] = {
+spm_partition_t g_partitions[3] = {
     {
         .partition_id = SMOKE_TEST_PART1_ID,
         .thread_id = 0,
@@ -41,6 +42,17 @@ spm_partition_t g_partitions[2] = {
         .extern_sids_count = SMOKE_TEST_PART1_EXT_ROT_SRV_COUNT,
         .irq_mapper = NULL,
     },
+    {
+        .partition_id = PSA_F_ID,
+        .thread_id = 0,
+        .flags_rot_srv = PSA_F_WAIT_ANY_SID_MSK,
+        .flags_interrupts = 0,
+        .rot_services = NULL,
+        .rot_services_count = PSA_F_ROT_SRV_COUNT,
+        .extern_sids = NULL,
+        .extern_sids_count = PSA_F_EXT_ROT_SRV_COUNT,
+        .irq_mapper = NULL,
+    },
     {
         .partition_id = ITS_ID,
         .thread_id = 0,
@@ -63,6 +75,7 @@ const uint32_t mem_region_count = 0;
 
 // forward declaration of partition initializers
 void smoke_test_part1_init(spm_partition_t *partition);
+void psa_f_init(spm_partition_t *partition);
 void its_init(spm_partition_t *partition);
 
 uint32_t init_partitions(spm_partition_t **partitions)
@@ -72,9 +85,10 @@ uint32_t init_partitions(spm_partition_t **partitions)
     }
 
     smoke_test_part1_init(&(g_partitions[0]));
-    its_init(&(g_partitions[1]));
+    psa_f_init(&(g_partitions[1]));
+    its_init(&(g_partitions[2]));
 
     *partitions = g_partitions;
-    return 2;
+    return 3;
 }
 

components/TARGET_PSA/services/crypto/COMPONENT_PSA_SRV_IPC/crypto_platform_spe.h

@@ -0,0 +1,174 @@
+/**
+ * \file psa/crypto_platform_spe.h
+ *
+ * \brief PSA cryptography module: Mbed TLS platfom definitions
+ */
+/*
+ *  Copyright (C) 2018, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#ifndef PSA_CRYPTO_SPE_PLATFORM_H
+#define PSA_CRYPTO_SPE_PLATFORM_H
+
+/* Include the Mbed TLS configuration file, the way Mbed TLS does it
+ * in each of its header files. */
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "../mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+/** \defgroup PSA Crypto APIs
+* @{
+*/
+
+/** \brief psa_s_function_t enum defines for all the available functions in PSA Crypto. */
+typedef enum psa_sec_function_s
+{
+    PSA_CRYPTO_INVALID,
+    PSA_CRYPTO_INIT,
+    PSA_IMPORT_KEY,
+    PSA_DESTROY_KEY,
+    PSA_GET_KEY_INFORMATION,
+    PSA_EXPORT_KEY,
+    PSA_EXPORT_PUBLIC_KEY,
+    PSA_KEY_POLICY_INIT,
+    PSA_KEY_POLICY_SET_USAGE,
+    PSA_KEY_POLICY_GET_USAGE,
+    PSA_KEY_POLICY_GET_ALGORITHM,
+    PSA_SET_KEY_POLICY,
+    PSA_GET_KEY_POLICY,
+    PSA_SET_KEY_LIFETIME,
+    PSA_GET_KEY_LIFETIME,
+    PSA_HASH_SETUP,
+    PSA_HASH_UPDATE,
+    PSA_HASH_FINISH,
+    PSA_HASH_VERIFY,
+    PSA_HASH_ABORT,
+    PSA_MAC_SIGN_SETUP,
+    PSA_MAC_VERIFY_SETUP,
+    PSA_MAC_UPDATE,
+    PSA_MAC_SIGN_FINISH,
+    PSA_MAC_VERIFY_FINISH,
+    PSA_MAC_ABORT,
+    PSA_CIPHER_ENCRYPT_SETUP,
+    PSA_CIPHER_DECRYPT_SETUP,
+    PSA_CIPHER_GENERATE_IV,
+    PSA_CIPHER_SET_IV,
+    PSA_CIPHER_UPDATE,
+    PSA_CIPHER_FINISH,
+    PSA_CIPHER_ABORT,
+    PSA_AEAD_ENCRYPT,
+    PSA_AEAD_DECRYPT,
+    PSA_ASYMMETRIC_SIGN,
+    PSA_ASYMMETRIC_VERIFY,
+    PSA_ASYMMETRIC_ENCRYPT,
+    PSA_ASYMMETRIC_DECRYPT,
+    PSA_GENERATE_RANDOM,
+    PSA_GENERATE_KEY,
+    PSA_GET_GENERATOR_CAPACITY,
+    PSA_GENERATOR_READ,
+    PSA_GENERATOR_IMPORT_KEY,
+    PSA_GENERATOR_ABORT,
+    PSA_KEY_DERIVATION
+}psa_sec_function_t;
+
+/**@}*/
+
+/** \defgroup PSA Crypto structures for IPC
+* @{
+*/
+
+/** psa_crypto_ipc_s struct used for some of the
+ * PSA Crypto APIs that need psa_key_slot_t and psa_algorithm_t arguments
+ * and in order to use the existing infrastructure of the SPM-IPC we provide a struct to
+ * pack them together.
+ */
+
+typedef struct psa_crypto_ipc_s
+{
+    psa_sec_function_t func;
+    psa_key_slot_t key;
+    psa_algorithm_t alg;
+} psa_crypto_ipc_t;
+
+/** psa_crypto_derivation_ipc_s struct used for some of the
+ * PSA Crypto APIs that need psa_key_slot_t and psa_algorithm_t arguments
+ * and in order to use the existing infrastructure of the SPM-IPC we provide a struct to
+ * pack them together.
+ */
+typedef struct psa_crypto_derivation_ipc_s
+{
+    psa_sec_function_t func;
+    psa_key_slot_t key;
+    psa_algorithm_t alg;
+    size_t capacity;
+} psa_crypto_derivation_ipc_t;
+
+/** psa_key_mng_ipc_s struct used for some of the
+ * PSA Crypto APIs that need psa_key_slot_t and psa_algorithm_t arguments
+ * and in order to use the existing infrastructure of the SPM-IPC we provide a struct to
+ * pack them together.
+ */
+
+typedef struct psa_key_mng_ipc_s
+{
+    psa_key_slot_t key;
+    psa_key_type_t type;
+    psa_sec_function_t func;
+} psa_key_mng_ipc_t;
+
+/** psa_crypto_ipc_aead_s struct used for AEAD integrated
+ * PSA Crypto APIs that need psa_key_slot_t and psa_algorithm_t  and extra arguments
+ * and in order to use the existing infrastructure of the SPM-IPC we provide a struct to
+ * pack them together.
+ */
+
+// Max length supported for nonce is 16 bytes.
+#define PSA_MAX_NONCE_SIZE 16
+typedef struct psa_crypto_ipc_aead_s
+{
+    psa_sec_function_t func;
+    psa_key_slot_t key;
+    psa_algorithm_t alg;
+    uint16_t nonce_size;
+    size_t additional_data_length;
+    size_t input_length;
+    uint8_t nonce[PSA_MAX_NONCE_SIZE];
+} psa_crypto_ipc_aead_t;
+
+/** psa_crypto_ipc_asymmetric_s struct used for asymmetric
+ * PSA Crypto APIs that need psa_key_slot_t and psa_algorithm_t arguments
+ * and in order to use the existing infrastructure of the SPM-IPC we provide a struct to
+ * pack them together.
+ */
+// Max supported HASH size is 64 bytes - for SHA-512.
+#define PSA_HASH_MAX_SIZE 64
+typedef struct psa_crypto_ipc_asymmetric_s
+{
+    psa_sec_function_t func;
+    psa_key_slot_t key;
+    psa_algorithm_t alg;
+    size_t input_length;
+    size_t salt_length;
+} psa_crypto_ipc_asymmetric_t;
+
+
+/**@}*/
+
+#endif /* PSA_CRYPTO_SPE_PLATFORM_H */

components/TARGET_PSA/services/crypto/COMPONENT_PSA_SRV_IPC/crypto_struct.h

@@ -0,0 +1,6 @@
+#ifdef PSA_CRYPTO_SECURE
+#include "crypto_struct_spe.h"
+#else
+#include "crypto_struct_ipc.h"
+#endif
+