Release v2.0.2

renesas · Nov 20, 2020 · c213e2c · c213e2c
1 parent baaf334
commit c213e2c
Show file tree

Hide file tree

Showing 8 changed files with 27 additions and 6 deletions.
diff --git a/ra/fsp/inc/fsp_version.h b/ra/fsp/inc/fsp_version.h
@@ -44,16 +44,16 @@
 #define FSP_VERSION_MINOR (0U)
 
 /** FSP pack patch version. */
-#define FSP_VERSION_PATCH (1U)
+#define FSP_VERSION_PATCH (2U)
 
 /** FSP pack version build number (currently unused). */
 #define FSP_VERSION_BUILD           (0U)
 
 /** Public FSP version name. */
-#define FSP_VERSION_STRING          ("2.0.1")
+#define FSP_VERSION_STRING          ("2.0.2")
 
 /** Unique FSP version ID. */
-#define FSP_VERSION_BUILD_STRING    ("Built with Renesas Advanced Flexible Software Package version 2.0.1")
+#define FSP_VERSION_BUILD_STRING    ("Built with Renesas Advanced Flexible Software Package version 2.0.2")
 
 /**********************************************************************************************************************
  * Typedef definitions

diff --git a/ra/fsp/lib/r_ble/cm4_ac6/all/libr_ble.a b/ra/fsp/lib/r_ble/cm4_ac6/all/libr_ble.a
diff --git a/ra/fsp/lib/r_ble/cm4_ac6/all_freertos/libr_ble.a b/ra/fsp/lib/r_ble/cm4_ac6/all_freertos/libr_ble.a
diff --git a/ra/fsp/lib/r_ble/cm4_gcc/all/libr_ble.a b/ra/fsp/lib/r_ble/cm4_gcc/all/libr_ble.a
diff --git a/ra/fsp/lib/r_ble/cm4_gcc/all_freertos/libr_ble.a b/ra/fsp/lib/r_ble/cm4_gcc/all_freertos/libr_ble.a
diff --git a/ra/fsp/lib/r_ble/cm4_iar/all/libr_ble.a b/ra/fsp/lib/r_ble/cm4_iar/all/libr_ble.a
diff --git a/ra/fsp/lib/r_ble/cm4_iar/all_freertos/libr_ble.a b/ra/fsp/lib/r_ble/cm4_iar/all_freertos/libr_ble.a
diff --git a/ra/fsp/src/rm_tfm_port/ra/crypto_keys.c b/ra/fsp/src/rm_tfm_port/ra/crypto_keys.c
@@ -21,12 +21,27 @@
 #include <stddef.h>
 #include "psa/crypto_types.h"
 #include "crypto_spe.h"
+#include "tfm_plat_defs.h"
 
 #define SHA256_LEN_BYTES    32
 
 extern const psa_ecc_curve_t initial_attestation_curve_type;
 extern const uint8_t         initial_attestation_private_key[];
 extern const uint32_t        initial_attestation_private_key_size;
+const uint8_t                tfm_key_derivation_prefix[] = "TFM_DERIVATION_PREFIX";
+
+/* HUK to be used for key derivation. */
+TFM_LINK_SET_RO_IN_PARTITION_SECTION("TFM_SP_CRYPTO")
+const uint8_t tfm_huk_key[] =
+{
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+    0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+    0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
+};
+
+TFM_LINK_SET_RO_IN_PARTITION_SECTION("TFM_SP_CRYPTO")
+const uint32_t tfm_huk_key_size = sizeof(tfm_huk_key);
 
 /**
  * \brief Copy the key to the destination buffer
@@ -63,24 +78,30 @@ enum tfm_plat_err_t tfm_plat_get_huk_derived_key (const uint8_t * label,
     uint8_t              hash[SHA256_LEN_BYTES] = {0};
     size_t               hash_len               = 0;
 
+    /* Maximum derived-key size supported is 256 bits. */
     if (key_size > SHA256_LEN_BYTES)
     {
         return TFM_PLAT_ERR_SYSTEM_ERR;
     }
 
-    bsp_unique_id_t const * p_unique_id = R_BSP_UniqueIdGet();
-
     if (PSA_SUCCESS != psa_hash_setup(&operation, alg))
     {
         return TFM_PLAT_ERR_SYSTEM_ERR;
     }
 
+    /* This prefix is used here in case the HUK has to be used for some other key derivation other than TFM labels.
+     * In that case a new prefix can be added without breaking existing code. */
+    if (PSA_SUCCESS != psa_hash_update(&operation, tfm_key_derivation_prefix, sizeof(tfm_key_derivation_prefix)))
+    {
+        return TFM_PLAT_ERR_SYSTEM_ERR;
+    }
+
     if (PSA_SUCCESS != psa_hash_update(&operation, label, label_size))
     {
         return TFM_PLAT_ERR_SYSTEM_ERR;
     }
 
-    if (PSA_SUCCESS != psa_hash_update(&operation, (const uint8_t *) p_unique_id, sizeof(bsp_unique_id_t)))
+    if (PSA_SUCCESS != psa_hash_update(&operation, (const uint8_t *) tfm_huk_key, tfm_huk_key_size))
     {
         return TFM_PLAT_ERR_SYSTEM_ERR;
     }