From 7c7f4eea769568c3681ff4e11078535c3591d141 Mon Sep 17 00:00:00 2001 From: Georgios Vasilakis Date: Fri, 17 Jan 2025 10:52:42 +0100 Subject: [PATCH] nrf_security: Add PSA compatibility layer for SSF There are two functions which are defined in the psa_crypto_core.h and are implemented in psa_crypto.c which are used by the TLS library. These functions are: psa_can_do_hash psa_can_do_cipher These functions just check if the drivers are initialized before the relevant PSA crypto functions can be used. In the case of SSF there is no initialization needed because the PSA initialization happens inside the secure domain firmware before the application boots. These functions are added in a separate file since they only exist to maintain compatibility with the PSA core from Oberon/mbedTLS and they have don't need to forward any call to the secure domain. Signed-off-by: Georgios Vasilakis --- .../src/ssf_secdom/CMakeLists.txt | 1 + .../ssf_secdom/ssf_psa_core_compatibility.c | 36 +++++++++++++++++++ 2 files changed, 37 insertions(+) create mode 100644 subsys/nrf_security/src/ssf_secdom/ssf_psa_core_compatibility.c diff --git a/subsys/nrf_security/src/ssf_secdom/CMakeLists.txt b/subsys/nrf_security/src/ssf_secdom/CMakeLists.txt index d26957d88b2b..d13ee5b0c99c 100644 --- a/subsys/nrf_security/src/ssf_secdom/CMakeLists.txt +++ b/subsys/nrf_security/src/ssf_secdom/CMakeLists.txt @@ -7,4 +7,5 @@ target_sources(${mbedcrypto_target} PRIVATE ${CMAKE_CURRENT_LIST_DIR}/ssf_crypto.c + ${CMAKE_CURRENT_LIST_DIR}/ssf_psa_core_compatibility.c ) diff --git a/subsys/nrf_security/src/ssf_secdom/ssf_psa_core_compatibility.c b/subsys/nrf_security/src/ssf_secdom/ssf_psa_core_compatibility.c new file mode 100644 index 000000000000..d4274187d548 --- /dev/null +++ b/subsys/nrf_security/src/ssf_secdom/ssf_psa_core_compatibility.c @@ -0,0 +1,36 @@ +/* + * Copyright (c) 2025 Nordic Semiconductor ASA + * + * SPDX-License-Identifier: LicenseRef-Nordic-5-Clause + */ + +/* This define exists in the psa_crypto.c file, I kept the same + * name here so that it can be searched the same way. + * In the psa_core.c this define is the concatenation of + * PSA_CRYPTO_SUBSYSTEM_DRIVER_WRAPPERS_INITIALIZED (=0x1)| + * PSA_CRYPTO_SUBSYSTEM_KEY_SLOTS_INITIALIZED (=0x2)| + * PSA_CRYPTO_SUBSYSTEM_TRANSACTION_INITIALIZED (=0x4) + * Just for conformity I kept the same value here. + */ +#define PSA_CRYPTO_SUBSYSTEM_ALL_INITIALISED (0x7) + +/* This function is defined in psa_crypto_core.h */ +int psa_can_do_hash(psa_algorithm_t hash_alg) +{ + (void) hash_alg; + /* No initialization is needed when SSF is used, so just return the + * expected value here. + */ + return PSA_CRYPTO_SUBSYSTEM_ALL_INITIALISED; +} + +/* This function is defined in psa_crypto_core.h */ +int psa_can_do_cipher(psa_key_type_t key_type, psa_algorithm_t cipher_alg) +{ + (void) key_type; + (void) cipher_alg; + /* No initialization is needed when SSF is used, so just return the + * expected value here. + */ + return PSA_CRYPTO_SUBSYSTEM_ALL_INITIALISED; +} \ No newline at end of file