Hi Roman,
Yes that would be doable. PSA supports vendor algorithms not defined in the spec, just make sure that your custom alg has the vendor flag set to avoid conflicts:
/** Vendor-defined algorithm flag. * * Algorithms defined by this standard will never have the #PSA_ALG_VENDOR_FLAG * bit set. Vendors who define additional algorithms must use an encoding with * the #PSA_ALG_VENDOR_FLAG bit set and should respect the bitwise structure * used by standard encodings whenever practical. */ #define PSA_ALG_VENDOR_FLAG ((psa_algorithm_t) 0x80000000)
Current default crypto_platform.h is empty, I think it would make sense that a platform could point to its own crypto_platform.h replacing the default one. Note that we already have a mechanism in place after a very recent change to the headers (last month) that allows for the same thing you're proposing:
#if defined(MBEDTLS_PSA_CRYPTO_PLATFORM_FILE) #include MBEDTLS_PSA_CRYPTO_PLATFORM_FILE #else #include "crypto_platform.h" #endif
Alternative could be to extend the current empty crypto_platform.h in TF-M with the inclusion of a platform specific include header that gets included only for your platform.
Thanks, Antonio
From: Roman.Mazurak--- via TF-M tf-m@lists.trustedfirmware.org Sent: Wednesday, April 19, 2023 11:08 To: tf-m@lists.trustedfirmware.org Subject: [TF-M] PSA Crypto platform specific extensions
Hello everyone,
I need to extend PSA Crypto API by adding a platform specific encryption algorithm/key attribute. For example a vendor specific algorithm named ABC must be added. So, I need that following macro must be included when psa/crypto.h is included.
#define PSA_ALG_ABC ((psa_algorithm_t) 0x08000123)
TF-M provides PSA Crypto interface through includes located in interface/include/psa/crypto*.h. It means that we need to extend TF-M by allowing platform to provide some platform specific crypto header that will be installed in interface folder and included by psa/crypto.h.
1. Is there any activity related to this problem? 2. I'm considering to create a new crypto_config.h that must be generated during build process and which can optionally provide a macro TFM_PLATFORM_CRYPTO_EXTRA. These macro will be used in psa/crypto.h to conditionally include crypto_platform.h - header provided by platform.
Thanks, Roman.