psa: Update TF-M for ARM_MUSCA_B1

features/FEATURE_EXPERIMENTAL_API/FEATURE_PSA/TARGET_TFM/VERSION.txt

@@ -1 +1 @@
-1d1faca481c3
+52261ca41663

features/FEATURE_EXPERIMENTAL_API/FEATURE_PSA/TARGET_TFM/include/psa/crypto.h

@@ -12,8 +12,6 @@
 #ifndef PSA_CRYPTO_H
 #define PSA_CRYPTO_H
 
-#include "psa/crypto_platform.h"
-
 #include <stddef.h>
 
 #ifdef __DOXYGEN_ONLY__
@@ -3759,6 +3757,12 @@ psa_status_t psa_generate_key(const psa_key_attributes_t *attributes,
  * macros whose definitions are implementation-specific. */
 #include "psa/crypto_sizes.h"
 
+/* The file "crypto_client_struct.h" contains definitions for structures
+ * whose definitions differ in the client view and the PSA server
+ * implementation in TF-M. */
+#include "psa/crypto_client_struct.h"
+
+
 /* The file "crypto_struct.h" contains definitions for
  * implementation-specific structs that are declared above. */
 #include "psa/crypto_struct.h"

features/FEATURE_EXPERIMENTAL_API/FEATURE_PSA/TARGET_TFM/include/psa/crypto_client_struct.h

@@ -0,0 +1,49 @@
+/*
+ * Copyright (c) 2020, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+/**
+ * \file psa/crypto_client_struct.h
+ *
+ * \brief PSA cryptography client key attribute definitions
+ *
+ * \note This file may not be included directly. Applications must
+ * include psa/crypto.h.
+ *
+ * This file contains the definitions of some data structures with
+ * PSA crypto client specific definitions. This is for implementations
+ * with isolation between the Client applications and the Crypto
+ * Server module, it is expected that the front-end and the back-end
+ * would have different versions of the data structure.
+ */
+#ifndef PSA_CRYPTO_CLIENT_STRUCT_H
+#define PSA_CRYPTO_CLIENT_STRUCT_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* This is the client view of the `key_attributes` structure. Only
+ * fields which need to be set by the PSA crypto client are present.
+ * The PSA crypto service will maintain a different version of the
+ * data structure internally. */
+struct psa_client_key_attributes_s
+{
+ uint32_t type;
+ uint32_t lifetime;
+ uint32_t id;
+ uint32_t alg;
+ uint32_t alg2;
+ uint32_t usage;
+ uint16_t bits;
+};
+
+#define PSA_CLIENT_KEY_ATTRIBUTES_INIT {0, 0, 0, 0, 0, 0}
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* PSA_CRYPTO_CLIENT_STRUCT_H */

features/FEATURE_EXPERIMENTAL_API/FEATURE_PSA/TARGET_TFM/include/psa/crypto_extra.h

@@ -24,6 +24,39 @@
 extern "C" {
 #endif
 
+/** \addtogroup crypto_types
+ * @{
+ */
+
+/** DSA public key.
+ *
+ * The import and export format is the
+ * representation of the public key `y = g^x mod p` as a big-endian byte
+ * string. The length of the byte string is the length of the base prime `p`
+ * in bytes.
+ */
+#define PSA_KEY_TYPE_DSA_PUBLIC_KEY ((psa_key_type_t)0x60020000)
+
+/** DSA key pair (private and public key).
+ *
+ * The import and export format is the
+ * representation of the private key `x` as a big-endian byte string. The
+ * length of the byte string is the private key size in bytes (leading zeroes
+ * are not stripped).
+ *
+ * Determinstic DSA key derivation with psa_generate_derived_key follows
+ * FIPS 186-4 §B.1.2: interpret the byte string as integer
+ * in big-endian order. Discard it if it is not in the range
+ * [0, *N* - 2] where *N* is the boundary of the private key domain
+ * (the prime *p* for Diffie-Hellman, the subprime *q* for DSA,
+ * or the order of the curve's base point for ECC).
+ * Add 1 to the resulting integer and use this as the private key *x*.
+ *
+ */
+#define PSA_KEY_TYPE_DSA_KEY_PAIR ((psa_key_type_t)0x70020000)
+
+/**@}*/
+
 /** \brief Declare the enrollment algorithm for a key.
  *
  * An operation on a key may indifferently use the algorithm set with
@@ -47,7 +80,19 @@ static inline void psa_set_key_enrollment_algorithm(
  psa_key_attributes_t *attributes,
  psa_algorithm_t alg2)
 {
- attributes->core.policy.alg2 = alg2;
+ attributes->alg2 = alg2;
+}
+
+/** Retrieve the enrollment algorithm policy from key attributes.
+ *
+ * \param[in] attributes The key attribute structure to query.
+ *
+ * \return The enrollment algorithm stored in the attribute structure.
+ */
+static inline psa_algorithm_t psa_get_key_enrollment_algorithm(
+ const psa_key_attributes_t *attributes)
+{
+ return attributes->alg2;
 }
 
 #ifdef __cplusplus

features/FEATURE_EXPERIMENTAL_API/FEATURE_PSA/TARGET_TFM/include/psa/crypto_struct.h

@@ -104,21 +104,6 @@ static inline struct psa_key_derivation_s psa_key_derivation_operation_init( voi
  return( v );
 }
 
-struct psa_key_policy_s
-{
- psa_key_usage_t usage;
- psa_algorithm_t alg;
- psa_algorithm_t alg2;
-};
-typedef struct psa_key_policy_s psa_key_policy_t;
-
-#define PSA_KEY_POLICY_INIT {0, 0, 0}
-static inline struct psa_key_policy_s psa_key_policy_init( void )
-{
- const struct psa_key_policy_s v = PSA_KEY_POLICY_INIT;
- return( v );
-}
-
 /* The type used internally for key sizes.
  * Public interfaces use size_t, but internally we use a smaller type. */
 typedef uint16_t psa_key_bits_t;
@@ -132,166 +117,93 @@ typedef uint16_t psa_key_bits_t;
  * conditionals. */
 #define PSA_MAX_KEY_BITS 0xfff8
 
-/** A mask of flags that can be stored in key attributes.
- *
- * This type is also used internally to store flags in slots. Internal
- * flags are defined in library/psa_crypto_core.h. Internal flags may have
- * the same value as external flags if they are properly handled during
- * key creation and in psa_get_key_attributes.
- */
-typedef uint16_t psa_key_attributes_flag_t;
-
-#define MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER \
- ( (psa_key_attributes_flag_t) 0x0001 )
-
-/* A mask of key attribute flags used externally only.
- * Only meant for internal checks inside the library. */
-#define MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY ( \
- MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER | \
- 0 )
+#define PSA_KEY_ATTRIBUTES_INIT PSA_CLIENT_KEY_ATTRIBUTES_INIT
 
-/* A mask of key attribute flags used both internally and externally.
- * Currently there aren't any. */
-#define MBEDTLS_PSA_KA_MASK_DUAL_USE ( \
- 0 )
-
-typedef struct
+static inline struct psa_client_key_attributes_s psa_key_attributes_init( void )
 {
- psa_key_type_t type;
- psa_key_lifetime_t lifetime;
- psa_key_id_t id;
- psa_key_policy_t policy;
- psa_key_bits_t bits;
- psa_key_attributes_flag_t flags;
-} psa_core_key_attributes_t;
-
-#define PSA_CORE_KEY_ATTRIBUTES_INIT {0, 0, PSA_KEY_ID_INIT, PSA_KEY_POLICY_INIT, 0, 0}
-
-struct psa_key_attributes_s
-{
- psa_core_key_attributes_t core;
-#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
- psa_key_slot_number_t slot_number;
-#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
- void *domain_parameters;
- size_t domain_parameters_size;
-};
-
-#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
-#define PSA_KEY_ATTRIBUTES_INIT {PSA_CORE_KEY_ATTRIBUTES_INIT, 0, NULL, 0}
-#else
-#define PSA_KEY_ATTRIBUTES_INIT {PSA_CORE_KEY_ATTRIBUTES_INIT, NULL, 0}
-#endif
-
-static inline struct psa_key_attributes_s psa_key_attributes_init( void )
-{
- const struct psa_key_attributes_s v = PSA_KEY_ATTRIBUTES_INIT;
+ const struct psa_client_key_attributes_s v = PSA_KEY_ATTRIBUTES_INIT;
  return( v );
 }
 
 static inline void psa_set_key_id(psa_key_attributes_t *attributes,
  psa_key_id_t id)
 {
- attributes->core.id = id;
- if( attributes->core.lifetime == PSA_KEY_LIFETIME_VOLATILE )
- attributes->core.lifetime = PSA_KEY_LIFETIME_PERSISTENT;
+ attributes->id = id;
+ if( attributes->lifetime == PSA_KEY_LIFETIME_VOLATILE )
+ attributes->lifetime = PSA_KEY_LIFETIME_PERSISTENT;
 }
 
 static inline psa_key_id_t psa_get_key_id(
  const psa_key_attributes_t *attributes)
 {
- return( attributes->core.id );
+ return( attributes->id );
 }
 
 static inline void psa_set_key_lifetime(psa_key_attributes_t *attributes,
  psa_key_lifetime_t lifetime)
 {
- attributes->core.lifetime = lifetime;
+ attributes->lifetime = lifetime;
  if( lifetime == PSA_KEY_LIFETIME_VOLATILE )
  {
-#ifdef MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER
- attributes->core.id.key_id = 0;
- attributes->core.id.owner = 0;
-#else
- attributes->core.id = 0;
-#endif
+ attributes->id = 0;
  }
 }
 
 static inline psa_key_lifetime_t psa_get_key_lifetime(
  const psa_key_attributes_t *attributes)
 {
- return( attributes->core.lifetime );
+ return( attributes->lifetime );
 }
 
 static inline void psa_set_key_usage_flags(psa_key_attributes_t *attributes,
  psa_key_usage_t usage_flags)
 {
- attributes->core.policy.usage = usage_flags;
+ attributes->usage = usage_flags;
 }
 
 static inline psa_key_usage_t psa_get_key_usage_flags(
  const psa_key_attributes_t *attributes)
 {
- return( attributes->core.policy.usage );
+ return( attributes->usage );
 }
 
 static inline void psa_set_key_algorithm(psa_key_attributes_t *attributes,
  psa_algorithm_t alg)
 {
- attributes->core.policy.alg = alg;
+ attributes->alg = alg;
 }
 
 static inline psa_algorithm_t psa_get_key_algorithm(
  const psa_key_attributes_t *attributes)
 {
- return( attributes->core.policy.alg );
+ return( attributes->alg );
 }
 
-/* This function is declared in crypto_extra.h, which comes after this
- * header file, but we need the function here, so repeat the declaration. */
-psa_status_t psa_set_key_domain_parameters(psa_key_attributes_t *attributes,
- psa_key_type_t type,
- const uint8_t *data,
- size_t data_length);
-
 static inline void psa_set_key_type(psa_key_attributes_t *attributes,
  psa_key_type_t type)
 {
- if( attributes->domain_parameters == NULL )
- {
- /* Common case: quick path */
- attributes->core.type = type;
- }
- else
- {
- /* Call the bigger function to free the old domain paramteres.
- * Ignore any errors which may arise due to type requiring
- * non-default domain parameters, since this function can't
- * report errors. */
- (void) psa_set_key_domain_parameters( attributes, type, NULL, 0 );
- }
+ attributes->type = type;
 }
 
 static inline psa_key_type_t psa_get_key_type(
  const psa_key_attributes_t *attributes)
 {
- return( attributes->core.type );
+ return( attributes->type );
 }
 
 static inline void psa_set_key_bits(psa_key_attributes_t *attributes,
  size_t bits)
 {
  if( bits > PSA_MAX_KEY_BITS )
- attributes->core.bits = PSA_KEY_BITS_TOO_LARGE;
+ attributes->bits = PSA_KEY_BITS_TOO_LARGE;
  else
- attributes->core.bits = (psa_key_bits_t) bits;
+ attributes->bits = bits;
 }
 
 static inline size_t psa_get_key_bits(
  const psa_key_attributes_t *attributes)
 {
- return( attributes->core.bits );
+ return( attributes->bits );
 }
 
 #ifdef __cplusplus

features/FEATURE_EXPERIMENTAL_API/FEATURE_PSA/TARGET_TFM/include/psa/crypto_types.h

@@ -49,6 +49,10 @@ typedef int32_t psa_status_t;
  * @{
  */
 
+/* Integral type representing a key handle. */
+typedef uint16_t psa_key_handle_t;
+
+
 /** \brief Encoding of a key type.
  */
 typedef uint32_t psa_key_type_t;
@@ -297,7 +301,7 @@ typedef uint32_t psa_key_usage_t;
  *
  * Once a key has been created, it is impossible to change its attributes.
  */
-typedef struct psa_key_attributes_s psa_key_attributes_t;
+typedef struct psa_client_key_attributes_s psa_key_attributes_t;
 
 /**@}*/
 

features/FEATURE_EXPERIMENTAL_API/FEATURE_PSA/TARGET_TFM/include/psa/crypto_values.h

@@ -1556,16 +1556,16 @@
 
 /** The minimum value for a key identifier chosen by the application.
  */
-#define PSA_KEY_ID_USER_MIN ((psa_app_key_id_t)0x00000001)
+#define PSA_KEY_ID_USER_MIN ((psa_key_id_t)0x00000001)
 /** The maximum value for a key identifier chosen by the application.
  */
-#define PSA_KEY_ID_USER_MAX ((psa_app_key_id_t)0x3fffffff)
+#define PSA_KEY_ID_USER_MAX ((psa_key_id_t)0x3fffffff)
 /** The minimum value for a key identifier chosen by the implementation.
  */
-#define PSA_KEY_ID_VENDOR_MIN ((psa_app_key_id_t)0x40000000)
+#define PSA_KEY_ID_VENDOR_MIN ((psa_key_id_t)0x40000000)
 /** The maximum value for a key identifier chosen by the implementation.
  */
-#define PSA_KEY_ID_VENDOR_MAX ((psa_app_key_id_t)0x7fffffff)
+#define PSA_KEY_ID_VENDOR_MAX ((psa_key_id_t)0x7fffffff)
 
 /**@}*/