Hi Roman,
Yes that would be doable. PSA supports vendor algorithms not defined in the spec, just make sure that your custom alg has the vendor flag set to avoid conflicts:
/** Vendor-defined algorithm flag.
*
* Algorithms defined by this standard will never have the #PSA_ALG_VENDOR_FLAG
* bit set. Vendors who define additional algorithms must use an encoding with
* the #PSA_ALG_VENDOR_FLAG bit set and should respect the bitwise structure
* used by standard encodings whenever practical.
*/
#define PSA_ALG_VENDOR_FLAG ((psa_algorithm_t) 0x80000000)
Current default crypto_platform.h is empty, I think it would make sense that a platform could point to its own crypto_platform.h replacing the default one. Note that we already have a mechanism in place after a very recent change to the
headers (last month) that allows for the same thing you’re proposing:
#if defined(MBEDTLS_PSA_CRYPTO_PLATFORM_FILE)
#include MBEDTLS_PSA_CRYPTO_PLATFORM_FILE
#else
#include "crypto_platform.h"
#endif
Alternative could be to extend the current empty crypto_platform.h in TF-M with the inclusion of a platform specific include header that gets included only for your platform.
Thanks, Antonio
From: Roman.Mazurak--- via TF-M <tf-m@lists.trustedfirmware.org>
Sent: Wednesday, April 19, 2023 11:08
To: tf-m@lists.trustedfirmware.org
Subject: [TF-M] PSA Crypto platform specific extensions
Hello everyone,
I need to extend PSA Crypto API by adding a platform specific encryption algorithm/key attribute. For example a vendor specific algorithm named ABC must be added. So, I need that following macro must be included when psa/crypto.h is included.
#define PSA_ALG_ABC ((psa_algorithm_t) 0x08000123)
TF-M provides PSA Crypto interface through includes located in interface/include/psa/crypto*.h. It means that we need to extend TF-M by allowing platform to provide some platform specific crypto header that will be installed in interface
folder and included by psa/crypto.h.
Thanks,
Roman.