Merge pull request #15050 from rwalton-arm/TF-Mv1.4.0

Update to TF-M v1.4.0

Author: Patater

platform/FEATURE_EXPERIMENTAL_API/FEATURE_PSA/TARGET_TFM/TARGET_TFM_LATEST/CMakeLists.txt

@@ -18,7 +18,6 @@ if("TFM_V8M" IN_LIST MBED_TARGET_LABELS)
         INTERFACE
             TARGET_TFM_V8M/src/cmsis_nvic_virtual.c
             TARGET_TFM_V8M/src/tfm_mbed_boot.c
-            TARGET_TFM_V8M/src/tfm_ns_interface.c
             TARGET_TFM_V8M/src/tfm_psa_ns_api.c
     )
 endif()

platform/FEATURE_EXPERIMENTAL_API/FEATURE_PSA/TARGET_TFM/TARGET_TFM_LATEST/TARGET_TFM_V8M/src/tfm_psa_ns_api.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2018-2019, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2021, Arm Limited. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  *
@@ -8,6 +8,7 @@
 #include "psa/client.h"
 #include "tfm_ns_interface.h"
 #include "tfm_api.h"
+#include "tfm_psa_call_param.h"
 
 /**** API functions ****/
 
@@ -47,23 +48,17 @@ psa_status_t psa_call(psa_handle_t handle, int32_t type,
                       psa_outvec *out_vec,
                       size_t out_len)
 {
-    /* FixMe: sanity check can be added to offload some NS thread checks from
-     * TFM secure API
-     */
-
-    /* Due to v8M restrictions, TF-M NS API needs to add another layer of
-     * serialization in order for NS to pass arguments to S
-     */
-    const struct tfm_control_parameter_t ctrl_param = {
-        .type = type,
-        .in_len = in_len,
-        .out_len = out_len,
-    };
+    if ((type > INT16_MAX) ||
+        (type < INT16_MIN) ||
+        (in_len > UINT8_MAX) ||
+        (out_len > UINT8_MAX)) {
+        return PSA_ERROR_PROGRAMMER_ERROR;
+    }
 
     return tfm_ns_interface_dispatch(
                                 (veneer_fn)tfm_psa_call_veneer,
                                 (uint32_t)handle,
-                                (uint32_t)&ctrl_param,
+                                PARAM_PACK(type, in_len, out_len),
                                 (uint32_t)in_vec,
                                 (uint32_t)out_vec);
 }

platform/FEATURE_EXPERIMENTAL_API/FEATURE_PSA/TARGET_TFM/TARGET_TFM_LATEST/VERSION.txt

@@ -1 +1 @@
-TF-Mv1.3.0
+TF-Mv1.4.0

platform/FEATURE_EXPERIMENTAL_API/FEATURE_PSA/TARGET_TFM/TARGET_TFM_LATEST/include/psa/client.h

@@ -17,6 +17,10 @@
 extern "C" {
 #endif
 
+#ifndef IOVEC_LEN
+#define IOVEC_LEN(arr) ((uint32_t)(sizeof(arr)/sizeof(arr[0])))
+#endif
+
 /*********************** PSA Client Macros and Types *************************/
 
 /**
@@ -126,6 +130,14 @@ psa_handle_t psa_connect(uint32_t sid, uint32_t version);
 /**
  * \brief Call an RoT Service on an established connection.
  *
+ * \note  FF-M 1.0 proposes 6 parameters for psa_call but the secure gateway ABI
+ *        support at most 4 parameters. TF-M chooses to encode 'in_len',
+ *        'out_len', and 'type' into a 32-bit integer to improve efficiency.
+ *        Compared with struct-based encoding, this method saves extra memory
+ *        check and memory copy operation. The disadvantage is that the 'type'
+ *        range has to be reduced into a 16-bit integer. So with this encoding,
+ *        the valid range for 'type' is 0-32767.
+ *
  * \param[in] handle            A handle to an established connection.
  * \param[in] type              The request type.
  *                              Must be zero( \ref PSA_IPC_CALL) or positive.

platform/FEATURE_EXPERIMENTAL_API/FEATURE_PSA/TARGET_TFM/TARGET_TFM_LATEST/include/psa/crypto.h

@@ -31,12 +31,12 @@ extern "C" {
  * data structure internally. */
 struct psa_client_key_attributes_s
 {
+    uint16_t type;
+    uint16_t bits;
     uint32_t lifetime;
     psa_key_id_t id;
-    uint32_t alg;
     uint32_t usage;
-    size_t bits;
-    uint16_t type;
+    uint32_t alg;
 };
 
 #define PSA_CLIENT_KEY_ATTRIBUTES_INIT {0, 0, 0, 0, 0, 0}

platform/FEATURE_EXPERIMENTAL_API/FEATURE_PSA/TARGET_TFM/TARGET_TFM_LATEST/include/psa/crypto_client_struct.h

@@ -43,197 +43,6 @@ static inline int psa_key_handle_is_null(psa_key_handle_t handle)
     return(handle == 0);
 }
 
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-
-/*
- * Mechanism for declaring deprecated values
- */
-#if defined(MBEDTLS_DEPRECATED_WARNING) && !defined(MBEDTLS_PSA_DEPRECATED)
-#define MBEDTLS_PSA_DEPRECATED __attribute__((deprecated))
-#else
-#define MBEDTLS_PSA_DEPRECATED
-#endif
-
-typedef MBEDTLS_PSA_DEPRECATED size_t mbedtls_deprecated_size_t;
-typedef MBEDTLS_PSA_DEPRECATED psa_status_t mbedtls_deprecated_psa_status_t;
-typedef MBEDTLS_PSA_DEPRECATED psa_key_usage_t mbedtls_deprecated_psa_key_usage_t;
-typedef MBEDTLS_PSA_DEPRECATED psa_ecc_family_t mbedtls_deprecated_psa_ecc_family_t;
-typedef MBEDTLS_PSA_DEPRECATED psa_dh_family_t mbedtls_deprecated_psa_dh_family_t;
-typedef MBEDTLS_PSA_DEPRECATED psa_ecc_family_t psa_ecc_curve_t;
-typedef MBEDTLS_PSA_DEPRECATED psa_dh_family_t psa_dh_group_t;
-typedef MBEDTLS_PSA_DEPRECATED psa_algorithm_t mbedtls_deprecated_psa_algorithm_t;
-
-#define PSA_KEY_TYPE_GET_CURVE PSA_KEY_TYPE_ECC_GET_FAMILY
-#define PSA_KEY_TYPE_GET_GROUP PSA_KEY_TYPE_DH_GET_FAMILY
-
-#define MBEDTLS_DEPRECATED_CONSTANT( type, value )      \
-    ( (mbedtls_deprecated_##type) ( value ) )
-
-/*
- * Deprecated PSA Crypto error code definitions (PSA Crypto API  <= 1.0 beta2)
- */
-#define PSA_ERROR_UNKNOWN_ERROR \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_status_t, PSA_ERROR_GENERIC_ERROR )
-#define PSA_ERROR_OCCUPIED_SLOT \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_status_t, PSA_ERROR_ALREADY_EXISTS )
-#define PSA_ERROR_EMPTY_SLOT \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_status_t, PSA_ERROR_DOES_NOT_EXIST )
-#define PSA_ERROR_INSUFFICIENT_CAPACITY \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_status_t, PSA_ERROR_INSUFFICIENT_DATA )
-#define PSA_ERROR_TAMPERING_DETECTED \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_status_t, PSA_ERROR_CORRUPTION_DETECTED )
-
-/*
- * Deprecated PSA Crypto numerical encodings (PSA Crypto API  <= 1.0 beta3)
- */
-#define PSA_KEY_USAGE_SIGN \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_key_usage_t, PSA_KEY_USAGE_SIGN_HASH )
-#define PSA_KEY_USAGE_VERIFY \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_key_usage_t, PSA_KEY_USAGE_VERIFY_HASH )
-
-/*
- * Deprecated PSA Crypto size calculation macros (PSA Crypto API  <= 1.0 beta3)
- */
-#define PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE \
-    MBEDTLS_DEPRECATED_CONSTANT( size_t, PSA_SIGNATURE_MAX_SIZE )
-#define PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE( key_type, key_bits, alg ) \
-    MBEDTLS_DEPRECATED_CONSTANT( size_t, PSA_SIGN_OUTPUT_SIZE( key_type, key_bits, alg ) )
-
-/*
- * Deprecated PSA Crypto function names (PSA Crypto API  <= 1.0 beta3)
- */
-MBEDTLS_PSA_DEPRECATED psa_status_t psa_asymmetric_sign( psa_key_handle_t key,
-                            psa_algorithm_t alg,
-                            const uint8_t *hash,
-                            size_t hash_length,
-                            uint8_t *signature,
-                            size_t signature_size,
-                            size_t *signature_length );
-
-MBEDTLS_PSA_DEPRECATED psa_status_t psa_asymmetric_verify( psa_key_handle_t key,
-                              psa_algorithm_t alg,
-                              const uint8_t *hash,
-                              size_t hash_length,
-                              const uint8_t *signature,
-                              size_t signature_length );
-
-
-/*
- * Size-specific elliptic curve families.
- */
-#define PSA_ECC_CURVE_SECP160K1 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_K1 )
-#define PSA_ECC_CURVE_SECP192K1 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_K1 )
-#define PSA_ECC_CURVE_SECP224K1 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_K1 )
-#define PSA_ECC_CURVE_SECP256K1 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_K1 )
-#define PSA_ECC_CURVE_SECP160R1 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_R1 )
-#define PSA_ECC_CURVE_SECP192R1 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_R1 )
-#define PSA_ECC_CURVE_SECP224R1 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_R1 )
-#define PSA_ECC_CURVE_SECP256R1 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_R1 )
-#define PSA_ECC_CURVE_SECP384R1 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_R1 )
-#define PSA_ECC_CURVE_SECP521R1 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_R1 )
-#define PSA_ECC_CURVE_SECP160R2 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_R2 )
-#define PSA_ECC_CURVE_SECT163K1 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_K1 )
-#define PSA_ECC_CURVE_SECT233K1 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_K1 )
-#define PSA_ECC_CURVE_SECT239K1 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_K1 )
-#define PSA_ECC_CURVE_SECT283K1 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_K1 )
-#define PSA_ECC_CURVE_SECT409K1 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_K1 )
-#define PSA_ECC_CURVE_SECT571K1 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_K1 )
-#define PSA_ECC_CURVE_SECT163R1 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_R1 )
-#define PSA_ECC_CURVE_SECT193R1 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_R1 )
-#define PSA_ECC_CURVE_SECT233R1 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_R1 )
-#define PSA_ECC_CURVE_SECT283R1 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_R1 )
-#define PSA_ECC_CURVE_SECT409R1 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_R1 )
-#define PSA_ECC_CURVE_SECT571R1 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_R1 )
-#define PSA_ECC_CURVE_SECT163R2 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_R2 )
-#define PSA_ECC_CURVE_SECT193R2 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_R2 )
-#define PSA_ECC_CURVE_BRAINPOOL_P256R1 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_BRAINPOOL_P_R1 )
-#define PSA_ECC_CURVE_BRAINPOOL_P384R1 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_BRAINPOOL_P_R1 )
-#define PSA_ECC_CURVE_BRAINPOOL_P512R1 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_BRAINPOOL_P_R1 )
-#define PSA_ECC_CURVE_CURVE25519 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_MONTGOMERY )
-#define PSA_ECC_CURVE_CURVE448 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_MONTGOMERY )
-
-/*
- * Curves that changed name due to PSA specification.
- */
-#define PSA_ECC_CURVE_SECP_K1 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_K1 )
-#define PSA_ECC_CURVE_SECP_R1 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_R1 )
-#define PSA_ECC_CURVE_SECP_R2 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_R2 )
-#define PSA_ECC_CURVE_SECT_K1 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_K1 )
-#define PSA_ECC_CURVE_SECT_R1 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_R1 )
-#define PSA_ECC_CURVE_SECT_R2 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_R2 )
-#define PSA_ECC_CURVE_BRAINPOOL_P_R1 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_BRAINPOOL_P_R1 )
-#define PSA_ECC_CURVE_MONTGOMERY \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_MONTGOMERY )
-
-/*
- * Finite-field Diffie-Hellman families.
- */
-#define PSA_DH_GROUP_FFDHE2048 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_dh_family_t, PSA_DH_FAMILY_RFC7919 )
-#define PSA_DH_GROUP_FFDHE3072 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_dh_family_t, PSA_DH_FAMILY_RFC7919 )
-#define PSA_DH_GROUP_FFDHE4096 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_dh_family_t, PSA_DH_FAMILY_RFC7919 )
-#define PSA_DH_GROUP_FFDHE6144 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_dh_family_t, PSA_DH_FAMILY_RFC7919 )
-#define PSA_DH_GROUP_FFDHE8192 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_dh_family_t, PSA_DH_FAMILY_RFC7919 )
-
-/*
- * Diffie-Hellman families that changed name due to PSA specification.
- */
-#define PSA_DH_GROUP_RFC7919 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_dh_family_t, PSA_DH_FAMILY_RFC7919 )
-#define PSA_DH_GROUP_CUSTOM \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_dh_family_t, PSA_DH_FAMILY_CUSTOM )
-
-/*
- * Deprecated PSA Crypto stream cipher algorithms (PSA Crypto API  <= 1.0 beta3)
- */
-#define PSA_ALG_ARC4 \
-    MBEDTLS_DEPRECATED_CONSTANT(psa_algorithm_t, PSA_ALG_STREAM_CIPHER)
-#define PSA_ALG_CHACHA20 \
-    MBEDTLS_DEPRECATED_CONSTANT(psa_algorithm_t, PSA_ALG_STREAM_CIPHER)
-
-#endif /* MBEDTLS_DEPRECATED_REMOVED */
-
 /** Open a handle to an existing persistent key.
  *
  * Open a handle to a persistent key. A key is persistent if it was created
@@ -287,6 +96,8 @@ MBEDTLS_PSA_DEPRECATED psa_status_t psa_asymmetric_verify( psa_key_handle_t key,
  * \retval #PSA_ERROR_COMMUNICATION_FAILURE
  * \retval #PSA_ERROR_CORRUPTION_DETECTED
  * \retval #PSA_ERROR_STORAGE_FAILURE
+ * \retval #PSA_ERROR_DATA_INVALID
+ * \retval #PSA_ERROR_DATA_CORRUPT
  * \retval #PSA_ERROR_BAD_STATE
  *         The library has not been previously initialized by psa_crypto_init().
  *         It is implementation-dependent whether a failure to initialize