nrfconnect · nordicjm · Apr 1, 2025 · Feb 19, 2025 · Feb 19, 2025 · Feb 19, 2025
@@ -8,12 +8,6 @@
 
 #include <psa/crypto.h>
 
-/** @brief Execute psa_crypto_init over SSF.
- *
- * See psa_crypto_init for details.
- */
-psa_status_t ssf_psa_crypto_init(void);
-
 /** @brief Execute psa_get_key_attributes over SSF.
  *
  * See psa_get_key_attributes for details.

@@ -11,9 +11,6 @@ CONFIG_PSA_CRYPTO_DRIVER_OBERON=n
 CONFIG_PSA_SSF_CRYPTO_CLIENT=y
 CONFIG_SSF_PSA_CRYPTO_SERVICE_ENABLED=y
 
-# Disable Data Cache
-CONFIG_DCACHE=n
-
 # Mbedtls configuration
 CONFIG_MBEDTLS_ENABLE_HEAP=y
 CONFIG_MBEDTLS_HEAP_SIZE=8192
@@ -11,9 +11,6 @@ CONFIG_PSA_CRYPTO_DRIVER_OBERON=n
 CONFIG_PSA_SSF_CRYPTO_CLIENT=y
 CONFIG_SSF_PSA_CRYPTO_SERVICE_ENABLED=y
 
-# Disable Data Cache
-CONFIG_DCACHE=n
-
 # Mbedtls configuration
 CONFIG_MBEDTLS_ENABLE_HEAP=y
 CONFIG_MBEDTLS_HEAP_SIZE=8192
@@ -11,9 +11,6 @@ CONFIG_PSA_CRYPTO_DRIVER_OBERON=n
 CONFIG_PSA_SSF_CRYPTO_CLIENT=y
 CONFIG_SSF_PSA_CRYPTO_SERVICE_ENABLED=y
 
-# Disable Data Cache
-CONFIG_DCACHE=n
-
 # Mbedtls configuration
 CONFIG_MBEDTLS_ENABLE_HEAP=y
 CONFIG_MBEDTLS_HEAP_SIZE=8192
@@ -11,9 +11,6 @@ CONFIG_PSA_CRYPTO_DRIVER_OBERON=n
 CONFIG_PSA_SSF_CRYPTO_CLIENT=y
 CONFIG_SSF_PSA_CRYPTO_SERVICE_ENABLED=y
 
-# Disable Data Cache
-CONFIG_DCACHE=n
-
 # Mbedtls configuration
 CONFIG_MBEDTLS_ENABLE_HEAP=y
 CONFIG_MBEDTLS_HEAP_SIZE=8192
@@ -11,9 +11,6 @@ CONFIG_PSA_CRYPTO_DRIVER_OBERON=n
 CONFIG_PSA_SSF_CRYPTO_CLIENT=y
 CONFIG_SSF_PSA_CRYPTO_SERVICE_ENABLED=y
 
-# Disable Data Cache
-CONFIG_DCACHE=n
-
 # Mbedtls configuration
 CONFIG_MBEDTLS_ENABLE_HEAP=y
 CONFIG_MBEDTLS_HEAP_SIZE=8192
@@ -11,9 +11,6 @@ CONFIG_PSA_CRYPTO_DRIVER_OBERON=n
 CONFIG_PSA_SSF_CRYPTO_CLIENT=y
 CONFIG_SSF_PSA_CRYPTO_SERVICE_ENABLED=y
 
-# Disable Data Cache
-CONFIG_DCACHE=n
-
 # Mbedtls configuration
 CONFIG_MBEDTLS_ENABLE_HEAP=y
 CONFIG_MBEDTLS_HEAP_SIZE=8192
@@ -11,9 +11,6 @@ CONFIG_PSA_CRYPTO_DRIVER_OBERON=n
 CONFIG_PSA_SSF_CRYPTO_CLIENT=y
 CONFIG_SSF_PSA_CRYPTO_SERVICE_ENABLED=y
 
-# Disable Data Cache
-CONFIG_DCACHE=n
-
 # Mbedtls configuration
 CONFIG_MBEDTLS_ENABLE_HEAP=y
 CONFIG_MBEDTLS_HEAP_SIZE=8192
@@ -11,9 +11,6 @@ CONFIG_PSA_CRYPTO_DRIVER_OBERON=n
 CONFIG_PSA_SSF_CRYPTO_CLIENT=y
 CONFIG_SSF_PSA_CRYPTO_SERVICE_ENABLED=y
 
-# Disable Data Cache
-CONFIG_DCACHE=n
-
 # Mbedtls configuration
 CONFIG_MBEDTLS_ENABLE_HEAP=y
 CONFIG_MBEDTLS_HEAP_SIZE=8192
@@ -11,9 +11,6 @@ CONFIG_PSA_CRYPTO_DRIVER_OBERON=n
 CONFIG_PSA_SSF_CRYPTO_CLIENT=y
 CONFIG_SSF_PSA_CRYPTO_SERVICE_ENABLED=y
 
-# Disable Data Cache
-CONFIG_DCACHE=n
-
 # Mbedtls configuration
 CONFIG_MBEDTLS_ENABLE_HEAP=y
 CONFIG_MBEDTLS_HEAP_SIZE=8192
@@ -11,9 +11,6 @@ CONFIG_PSA_CRYPTO_DRIVER_OBERON=n
 CONFIG_PSA_SSF_CRYPTO_CLIENT=y
 CONFIG_SSF_PSA_CRYPTO_SERVICE_ENABLED=y
 
-# Disable Data Cache
-CONFIG_DCACHE=n
-
 # Mbedtls configuration
 CONFIG_MBEDTLS_ENABLE_HEAP=y
 CONFIG_MBEDTLS_HEAP_SIZE=8192
@@ -11,9 +11,6 @@ CONFIG_PSA_CRYPTO_DRIVER_OBERON=n
 CONFIG_PSA_SSF_CRYPTO_CLIENT=y
 CONFIG_SSF_PSA_CRYPTO_SERVICE_ENABLED=y
 
-# Disable Data Cache
-CONFIG_DCACHE=n
-
 # Mbedtls configuration
 CONFIG_MBEDTLS_ENABLE_HEAP=y
 CONFIG_MBEDTLS_HEAP_SIZE=8192
@@ -11,9 +11,6 @@ CONFIG_PSA_CRYPTO_DRIVER_OBERON=n
 CONFIG_PSA_SSF_CRYPTO_CLIENT=y
 CONFIG_SSF_PSA_CRYPTO_SERVICE_ENABLED=y
 
-# Disable Data Cache
-CONFIG_DCACHE=n
-
 # Mbedtls configuration
 CONFIG_MBEDTLS_ENABLE_HEAP=y
 CONFIG_MBEDTLS_HEAP_SIZE=8192
@@ -10,6 +10,3 @@ CONFIG_PSA_CRYPTO_DRIVER_OBERON=n
 # Enable PSA crypto from SSF client
 CONFIG_PSA_SSF_CRYPTO_CLIENT=y
 CONFIG_SSF_PSA_CRYPTO_SERVICE_ENABLED=y
-
-# Disable Data Cache
-CONFIG_DCACHE=n
@@ -10,6 +10,3 @@ CONFIG_PSA_CRYPTO_DRIVER_OBERON=n
 # Enable PSA crypto from SSF client
 CONFIG_PSA_SSF_CRYPTO_CLIENT=y
 CONFIG_SSF_PSA_CRYPTO_SERVICE_ENABLED=y
-
-# Disable Data Cache
-CONFIG_DCACHE=n
@@ -11,9 +11,6 @@ CONFIG_PSA_CRYPTO_DRIVER_OBERON=n
 CONFIG_PSA_SSF_CRYPTO_CLIENT=y
 CONFIG_SSF_PSA_CRYPTO_SERVICE_ENABLED=y
 
-# Disable Data Cache
-CONFIG_DCACHE=n
-
 # Mbedtls configuration
 CONFIG_MBEDTLS_ENABLE_HEAP=y
 CONFIG_MBEDTLS_HEAP_SIZE=8192
@@ -11,9 +11,6 @@ CONFIG_PSA_CRYPTO_DRIVER_OBERON=n
 CONFIG_PSA_SSF_CRYPTO_CLIENT=y
 CONFIG_SSF_PSA_CRYPTO_SERVICE_ENABLED=y
 
-# Disable Data Cache
-CONFIG_DCACHE=n
-
 # Mbedtls configuration
 CONFIG_MBEDTLS_ENABLE_HEAP=y
 CONFIG_MBEDTLS_HEAP_SIZE=8192
@@ -11,9 +11,6 @@ CONFIG_PSA_CRYPTO_DRIVER_OBERON=n
 CONFIG_PSA_SSF_CRYPTO_CLIENT=y
 CONFIG_SSF_PSA_CRYPTO_SERVICE_ENABLED=y
 
-# Disable Data Cache
-CONFIG_DCACHE=n
-
 # Mbedtls configuration
 CONFIG_MBEDTLS_ENABLE_HEAP=y
 CONFIG_MBEDTLS_HEAP_SIZE=8192
@@ -8,7 +8,7 @@
 
 psa_status_t psa_crypto_init(void)
 {
-	return ssf_psa_crypto_init();
+	return PSA_SUCCESS;
 }
 
 psa_status_t psa_get_key_attributes(mbedtls_svc_key_id_t key, psa_key_attributes_t *attributes)
@@ -400,6 +400,18 @@ psa_status_t psa_key_derivation_output_key(const psa_key_attributes_t *attribute
 	return ssf_psa_key_derivation_output_key(attributes, &operation->handle, key);
 }
 
+psa_status_t psa_key_derivation_verify_bytes(psa_key_derivation_operation_t *operation,
+					     const uint8_t *expected, size_t expected_length)
+{
+	return PSA_ERROR_NOT_SUPPORTED;
+}
+
+psa_status_t psa_key_derivation_verify_key(psa_key_derivation_operation_t *operation,
+					   mbedtls_svc_key_id_t expected)
+{
+	return PSA_ERROR_NOT_SUPPORTED;
+}
+
 psa_status_t psa_key_derivation_abort(psa_key_derivation_operation_t *operation)
 {
 	return ssf_psa_key_derivation_abort(&operation->handle);
@@ -430,6 +442,13 @@ psa_status_t psa_sign_hash_start(psa_sign_hash_interruptible_operation_t *operat
 	return PSA_ERROR_NOT_SUPPORTED;
 }
 
+psa_status_t psa_sign_hash_complete(psa_sign_hash_interruptible_operation_t *operation,
+				    uint8_t *signature, size_t signature_size,
+				    size_t *signature_length)
+{
+	return PSA_ERROR_NOT_SUPPORTED;
+}
+
 psa_status_t psa_sign_hash_abort(psa_sign_hash_interruptible_operation_t *operation)
 {
 	return PSA_ERROR_NOT_SUPPORTED;
@@ -443,6 +462,11 @@ psa_status_t psa_verify_hash_start(psa_verify_hash_interruptible_operation_t *op
 	return PSA_ERROR_NOT_SUPPORTED;
 }
 
+psa_status_t psa_verify_hash_complete(psa_verify_hash_interruptible_operation_t *operation)
+{
+	return PSA_ERROR_NOT_SUPPORTED;
+}
+
 psa_status_t psa_verify_hash_abort(psa_verify_hash_interruptible_operation_t *operation)
 {
 	return PSA_ERROR_NOT_SUPPORTED;

@@ -11,3 +11,30 @@ service_version = 2
 service_buffer_size = 128
 service_name_str = PSA Crypto
 rsource "../Kconfig.template.service"
+
+if SSF_PSA_CRYPTO_SERVICE_ENABLED
+
+config SSF_PSA_CRYPTO_SERVICE_OUT_BOUNCE_BUFFERS
+	bool "Make sure that all output buffers can be written cache-safe from the crypto engine"
+	default y
+	depends on DCACHE
+	help
+		When this option is enabled, the PSA Crypto service will allocate bounce buffers for
+		all PSA [inout] and [out] structures that are not aligned to the DCache DataUnit size.
+		When this option is disabled, the PSA Crypto service will never use bounce buffers,
+		and the application must ensure that the structures are cache-safe.
+		The structures are cache-safe if there are no writes locally to any of the DataUnits
+		that contain the structure getting written from the remote.
+
+if SSF_PSA_CRYPTO_SERVICE_OUT_BOUNCE_BUFFERS
+
+config SSF_PSA_CRYPTO_SERVICE_OUT_HEAP_SIZE
+	int "Size of the heap used to buffer output from PSA function calls"
+	default 4096
+	help
+	  Size of the heap buffer used for out buffer.
+	  Reducing the size may trigger PSA_ERROR_INSUFFICIENT_MEMORY in PSA calls.
+
+endif # SSF_PSA_CRYPTO_SERVICE_OUT_BOUNCE_BUFFERS
+
+endif # SSF_PSA_CRYPTO_SERVICE_ENABLED