1 /*
2  * SPDX-FileCopyrightText: Copyright The TrustedFirmware-M Contributors
3  *
4  * SPDX-License-Identifier: BSD-3-Clause
5  *
6  */
7 
8 #include <stddef.h>
9 #include <stdint.h>
10 #include <string.h>
11 
12 #include "tfm_log.h"
13 
14 #include "config_tfm.h"
15 #include "psa/crypto.h"
16 #include "psa/error.h"
17 #include "crypto_library.h"
18 
19 /**
20  * \brief This include is required to get the underlying platform function
21  *        to allow the builtin keys support in mbed TLS to map slots to key
22  *        IDs.
23  */
24 #include "tfm_plat_crypto_keys.h"
25 
26 /**
27  * \brief This Mbed TLS include is needed to initialise the memory allocator
28  *        of the library used for internal allocations
29  */
30 #include "mbedtls/memory_buffer_alloc.h"
31 
32 /**
33  * \brief This Mbed TLS include is needed to set the mbedtls_printf to the
34  *        function required by the TF-M framework in order to be able to
35  *        print to terminal through mbedtls_printf
36  */
37 #include "mbedtls/platform.h"
38 
39 /**
40  * \brief This Mbed TLS include is needed to retrieve version information for
41  *        display
42  */
43 #include "mbedtls/version.h"
44 
45 #ifndef MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
46 #error "MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER must be selected in Mbed TLS config file"
47 #endif
48 
49 /**
50  * \brief Static buffer containing the string describing the mbed TLS version. mbed TLS
51  *        guarantees that the string will never be greater than 18 bytes
52  */
53 static char mbedtls_version_full[18];
54 
55 /**
56  * \brief Static buffer to be used by Mbed Crypto for memory allocations
57  *
58  */
59 #include "config_engine_buf.h"
60 static uint8_t mbedtls_mem_buf[CRYPTO_ENGINE_BUF_SIZE] = {0};
61 
62 /* Make sure the library won't print anything through mbedtls_printf */
null_printf(const char * fmt,...)63 static int null_printf(const char *fmt, ...)
64 {
65     (void)fmt;
66     return 0;
67 }
68 
69 /*!
70  * \defgroup tfm_crypto_library Set of functions implementing the abstractions of the underlying cryptographic
71  *                              library that implements the PSA Crypto APIs to provide the PSA Crypto core
72  *                              functionality to the TF-M Crypto service. Currently it supports only an
73  *                              mbed TLS based abstraction.
74  */
75 /*!@{*/
tfm_crypto_library_key_id_init(int32_t owner,psa_key_id_t key_id)76 tfm_crypto_library_key_id_t tfm_crypto_library_key_id_init(int32_t owner, psa_key_id_t key_id)
77 {
78     return mbedtls_svc_key_id_make(owner, key_id);
79 }
80 
tfm_crypto_library_get_info(void)81 char *tfm_crypto_library_get_info(void)
82 {
83     memcpy(mbedtls_version_full, MBEDTLS_VERSION_STRING_FULL, sizeof(MBEDTLS_VERSION_STRING_FULL));
84     return mbedtls_version_full;
85 }
86 
tfm_crypto_core_library_init(void)87 psa_status_t tfm_crypto_core_library_init(void)
88 {
89     /* Initialise the Mbed Crypto memory allocator to use static memory
90      * allocation from the provided buffer instead of using the heap
91      */
92     mbedtls_memory_buffer_alloc_init(mbedtls_mem_buf,
93                                      CRYPTO_ENGINE_BUF_SIZE);
94 
95     mbedtls_platform_set_printf(null_printf);
96 
97     VERBOSE("[Crypto] Internal heap size is %d bytes\n", sizeof(mbedtls_mem_buf));
98 
99     return PSA_SUCCESS;
100 }
101 
tfm_crypto_library_get_library_key_id_set_owner(int32_t owner,psa_key_attributes_t * attr)102 void tfm_crypto_library_get_library_key_id_set_owner(int32_t owner, psa_key_attributes_t *attr)
103 {
104     attr->MBEDTLS_PRIVATE(id).MBEDTLS_PRIVATE(owner) = owner;
105 }
106 
107 /**
108  * \brief This function is required by mbed TLS to enable support for
109  *        platform builtin keys in the PSA Crypto core layer implemented
110  *        by mbed TLS. This function is not standardized by the API hence
111  *        this layer directly provides the symbol required by the library
112  *
113  * \note It maps builtin key IDs to cryptographic drivers and slots. The
114  *       actual data is deferred to a platform function, as different
115  *       platforms may have different key storage capabilities.
116  */
mbedtls_psa_platform_get_builtin_key(mbedtls_svc_key_id_t key_id,psa_key_lifetime_t * lifetime,psa_drv_slot_number_t * slot_number)117 psa_status_t mbedtls_psa_platform_get_builtin_key(
118     mbedtls_svc_key_id_t key_id,
119     psa_key_lifetime_t *lifetime,
120     psa_drv_slot_number_t *slot_number)
121 {
122     const tfm_plat_builtin_key_descriptor_t *desc_table = NULL;
123     size_t number_of_keys = tfm_plat_builtin_key_get_desc_table_ptr(&desc_table);
124 
125     for (size_t idx = 0; idx < number_of_keys; idx++) {
126         if (desc_table[idx].key_id == MBEDTLS_SVC_KEY_ID_GET_KEY_ID(key_id)) {
127             *lifetime = desc_table[idx].lifetime;
128             *slot_number = desc_table[idx].slot_number;
129             return PSA_SUCCESS;
130         }
131     }
132 
133     return PSA_ERROR_DOES_NOT_EXIST;
134 }
135 /*!@}*/
136