Hello everyone,
I need to extend PSA Crypto API by adding a platform specific encryption algorithm/key attribute. For example a vendor specific algorithm named ABC must be added. So, I need that following macro must be included when psa/crypto.h is included.
#define PSA_ALG_ABC ((psa_algorithm_t) 0x08000123)
TF-M provides PSA Crypto interface through includes located in interface/include/psa/crypto*.h. It means that we need to extend TF-M by allowing platform to provide some platform specific crypto header that will be installed in interface folder and included by psa/crypto.h.
1. Is there any activity related to this problem? 2. I'm considering to create a new crypto_config.h that must be generated during build process and which can optionally provide a macro TFM_PLATFORM_CRYPTO_EXTRA. These macro will be used in psa/crypto.h to conditionally include crypto_platform.h - header provided by platform.
Thanks, Roman.
Hi Roman,
Yes that would be doable. PSA supports vendor algorithms not defined in the spec, just make sure that your custom alg has the vendor flag set to avoid conflicts:
/** Vendor-defined algorithm flag. * * Algorithms defined by this standard will never have the #PSA_ALG_VENDOR_FLAG * bit set. Vendors who define additional algorithms must use an encoding with * the #PSA_ALG_VENDOR_FLAG bit set and should respect the bitwise structure * used by standard encodings whenever practical. */ #define PSA_ALG_VENDOR_FLAG ((psa_algorithm_t) 0x80000000)
Current default crypto_platform.h is empty, I think it would make sense that a platform could point to its own crypto_platform.h replacing the default one. Note that we already have a mechanism in place after a very recent change to the headers (last month) that allows for the same thing you're proposing:
#if defined(MBEDTLS_PSA_CRYPTO_PLATFORM_FILE) #include MBEDTLS_PSA_CRYPTO_PLATFORM_FILE #else #include "crypto_platform.h" #endif
Alternative could be to extend the current empty crypto_platform.h in TF-M with the inclusion of a platform specific include header that gets included only for your platform.
Thanks, Antonio
From: Roman.Mazurak--- via TF-M tf-m@lists.trustedfirmware.org Sent: Wednesday, April 19, 2023 11:08 To: tf-m@lists.trustedfirmware.org Subject: [TF-M] PSA Crypto platform specific extensions
Hello everyone,
I need to extend PSA Crypto API by adding a platform specific encryption algorithm/key attribute. For example a vendor specific algorithm named ABC must be added. So, I need that following macro must be included when psa/crypto.h is included.
#define PSA_ALG_ABC ((psa_algorithm_t) 0x08000123)
TF-M provides PSA Crypto interface through includes located in interface/include/psa/crypto*.h. It means that we need to extend TF-M by allowing platform to provide some platform specific crypto header that will be installed in interface folder and included by psa/crypto.h.
1. Is there any activity related to this problem? 2. I'm considering to create a new crypto_config.h that must be generated during build process and which can optionally provide a macro TFM_PLATFORM_CRYPTO_EXTRA. These macro will be used in psa/crypto.h to conditionally include crypto_platform.h - header provided by platform.
Thanks, Roman.
tf-m@lists.trustedfirmware.org
-
Antonio De Angelis -
Roman.Mazurak@infineon.com