Gitiles
Code Review Sign In
git01.mediatek.com / filogic / atf / f179aa983baad18715cdabe4416838eec5b2b307^! / . / drivers / auth / mbedtls / mbedtls_psa_crypto.c
commitf179aa983baad18715cdabe4416838eec5b2b307[log] [tgz]
authorManish V Badarkhe <Manish.Badarkhe@arm.com>Wed Sep 06 11:01:37 2023 +0100
committerManish V Badarkhe <Manish.Badarkhe@arm.com>Thu Oct 05 09:34:35 2023 +0100
tree92ce46515179ff89d8619ec1bd98179aea4750b7
parent8fbea62fe2fccc6dc3e8f8bc6ec45785e7b10e8b [diff] [blame]
feat(mbedtls-psa): initialise mbedtls psa crypto

Initialised Mbedtls PSA cryto during Crypto init using
function call 'psa_crypto_init'.

MbedTLS currently requires a Random Number Generator (RNG) once
PSA Crypto support is enabled. However, TF-A itself doesn't engage
in cryptographic operations that demand randomness. Consequently,
we simulate the presence of an external TRNG (through the configuration
option 'MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) while, in reality, we offer
a dummy implementation of mbedtls_psa_external_get_random() that always
returns an error.

Change-Id: Ife6d03909c0e6081438d2b2519ef500e5dcdb88f
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

diff --git a/drivers/auth/mbedtls/mbedtls_psa_crypto.c b/drivers/auth/mbedtls/mbedtls_psa_crypto.c
index eaeca79..64778e8 100644
--- a/drivers/auth/mbedtls/mbedtls_psa_crypto.c
+++ b/drivers/auth/mbedtls/mbedtls_psa_crypto.c

@@ -16,11 +16,14 @@
 #include <mbedtls/platform.h>
 #include <mbedtls/version.h>
 #include <mbedtls/x509.h>
+#include <psa/crypto.h>
+#include <psa/crypto_platform.h>
+#include <psa/crypto_types.h>
+#include <psa/crypto_values.h>
 
 #include <common/debug.h>
 #include <drivers/auth/crypto_mod.h>
 #include <drivers/auth/mbedtls/mbedtls_common.h>
-
 #include <plat/common/platform.h>
 
 #define LIB_NAME		"mbed TLS PSA"
@@ -55,6 +58,21 @@
  *     digest OCTET STRING
  * }
  */
+
+/*
+ * We pretend using an external RNG (through MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
+ * mbedTLS config option) so we need to provide an implementation of
+ * mbedtls_psa_external_get_random(). Provide a fake one, since we do not
+ * actually have any external RNG and TF-A itself doesn't engage in
+ * cryptographic operations that demands randomness.
+ */
+psa_status_t mbedtls_psa_external_get_random(
+			mbedtls_psa_external_random_context_t *context,
+			uint8_t *output, size_t output_size,
+			size_t *output_length)
+{
+	return PSA_ERROR_INSUFFICIENT_ENTROPY;
+}
 
 /*
  * Initialize the library and export the descriptor
@@ -63,6 +81,16 @@
 {
 	/* Initialize mbed TLS */
 	mbedtls_init();
+
+	/* Initialise PSA mbedTLS */
+	psa_status_t status = psa_crypto_init();
+
+	if (status != PSA_SUCCESS) {
+		ERROR("Failed to initialize %s crypto (%d).\n", LIB_NAME, status);
+		panic();
+	}
+
+	INFO("PSA crypto initialized successfully!\n");
 }
 
 #if CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_ONLY || \