nrf_security: Add PSA compatibility layer for SSF

There are two functions which are defined in the psa_crypto_core.h and are implemented in psa_crypto.c which are used by the TLS library. These functions are: psa_can_do_hash psa_can_do_cipher These functions just check if the drivers are initialized before the relevant PSA crypto functions can be used. In the case of SSF there is no initialization needed because the PSA initialization happens inside the secure domain firmware before the application boots. These functions are added in a separate file since they only exist to maintain compatibility with the PSA core from Oberon/mbedTLS and they have don't need to forward any call to the secure domain. Signed-off-by: Georgios Vasilakis <[email protected]>
nrfconnect · Jan 17, 2025 · c464501 · c464501
1 parent 07aab1f
commit c464501
Show file tree

Hide file tree

Showing 2 changed files with 37 additions and 0 deletions.
diff --git a/subsys/nrf_security/src/ssf_secdom/CMakeLists.txt b/subsys/nrf_security/src/ssf_secdom/CMakeLists.txt
@@ -7,4 +7,5 @@
 target_sources(${mbedcrypto_target}
   PRIVATE
     ${CMAKE_CURRENT_LIST_DIR}/ssf_crypto.c
+    ${CMAKE_CURRENT_LIST_DIR}/ssf_psa_core_compatibility.c
 )
diff --git a/subsys/nrf_security/src/ssf_secdom/ssf_psa_core_compatibility.c b/subsys/nrf_security/src/ssf_secdom/ssf_psa_core_compatibility.c
@@ -0,0 +1,36 @@
+/*
+ * Copyright (c) 2025 Nordic Semiconductor ASA
+ *
+ * SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
+ */
+
+/* This define exists in the psa_crypto.c file, I kept the same
+ * name here so that it can be searched the same way.
+ * In the psa_core.c this define is the concatenation of
+ * PSA_CRYPTO_SUBSYSTEM_DRIVER_WRAPPERS_INITIALIZED (=0x1)|
+ * PSA_CRYPTO_SUBSYSTEM_KEY_SLOTS_INITIALIZED       (=0x2)|
+ * PSA_CRYPTO_SUBSYSTEM_TRANSACTION_INITIALIZED     (=0x4)
+ * Just for conformity I kept the same value here.
+ */
+#define PSA_CRYPTO_SUBSYSTEM_ALL_INITIALISED (0x7)
+
+/* This function is defined in psa_crypto_core.h */
+int psa_can_do_hash(psa_algorithm_t hash_alg)
+{
+       (void) hash_alg;
+       /* No initialization is needed when SSF is used, so just return the
+       	* expected value here.
+	*/
+       return PSA_CRYPTO_SUBSYSTEM_ALL_INITIALISED;
+}
+
+/* This function is defined in psa_crypto_core.h */
+int psa_can_do_cipher(psa_key_type_t key_type, psa_algorithm_t cipher_alg)
+{
+       (void) key_type;
+       (void) cipher_alg;
+       /* No initialization is needed when SSF is used, so just return the
+       	* expected value here.
+	*/
+       return PSA_CRYPTO_SUBSYSTEM_ALL_INITIALISED;
+}