aboutsummaryrefslogtreecommitdiff
path: root/secure_fw/partitions
diff options
context:
space:
mode:
authorDavid Hu <david.hu@arm.com>2022-07-05 11:36:34 +0800
committerDavid Hu <david.hu@arm.com>2022-07-06 07:07:23 +0200
commit1eb1194b0448271ea82263158909a670005b0717 (patch)
treecf4ec2b725e76e679904202ba61b916f239721cb /secure_fw/partitions
parent5fd79dc0f83b291dd7da1c8719b51e0c8214abb5 (diff)
downloadtrusted-firmware-m-1eb1194b0448271ea82263158909a670005b0717.tar.gz
Crypto: Implement each interface as empty if not used
If a Crypto module is disabled, implement its interface as empty to return PSA_ERROR_NOT_SUPPORTED only, instead of still keeping the whole switch/case block. Split asymmetric interface into asymmetric signing and asymmetric encryption to better optimize their interface. Also fix the typo of asymmetric algorithm control flag. Change-Id: Ic55a38e2d2fc0784d6ae1e45db3cbb0cfafc235c Signed-off-by: David Hu <david.hu@arm.com>
Diffstat (limited to 'secure_fw/partitions')
-rw-r--r--secure_fw/partitions/crypto/crypto_aead.c16
-rw-r--r--secure_fw/partitions/crypto/crypto_asymmetric.c104
-rw-r--r--secure_fw/partitions/crypto/crypto_cipher.c16
-rw-r--r--secure_fw/partitions/crypto/crypto_hash.c13
-rw-r--r--secure_fw/partitions/crypto/crypto_init.c13
-rw-r--r--secure_fw/partitions/crypto/crypto_key_derivation.c16
-rw-r--r--secure_fw/partitions/crypto/crypto_key_management.c16
-rw-r--r--secure_fw/partitions/crypto/crypto_mac.c16
-rw-r--r--secure_fw/partitions/crypto/crypto_rng.c6
-rw-r--r--secure_fw/partitions/crypto/tfm_crypto_api.h21
10 files changed, 168 insertions, 69 deletions
diff --git a/secure_fw/partitions/crypto/crypto_aead.c b/secure_fw/partitions/crypto/crypto_aead.c
index 19af9a50ce..06c9c56c89 100644
--- a/secure_fw/partitions/crypto/crypto_aead.c
+++ b/secure_fw/partitions/crypto/crypto_aead.c
@@ -22,13 +22,11 @@
*/
/*!@{*/
+#ifndef TFM_CRYPTO_AEAD_MODULE_DISABLED
psa_status_t tfm_crypto_aead_interface(psa_invec in_vec[],
psa_outvec out_vec[],
mbedtls_svc_key_id_t *encoded_key)
{
-#ifdef TFM_CRYPTO_AEAD_MODULE_DISABLED
- return PSA_ERROR_NOT_SUPPORTED;
-#endif
const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_aead_operation_t *operation = NULL;
@@ -219,4 +217,16 @@ release_operation_and_return:
(void)tfm_crypto_operation_release(handle_out);
return status;
}
+#else /* !TFM_CRYPTO_AEAD_MODULE_DISABLED */
+psa_status_t tfm_crypto_aead_interface(psa_invec in_vec[],
+ psa_outvec out_vec[],
+ mbedtls_svc_key_id_t *encoded_key)
+{
+ (void)in_vec;
+ (void)out_vec;
+ (void)encoded_key;
+
+ return PSA_ERROR_NOT_SUPPORTED;
+}
+#endif /* !TFM_CRYPTO_AEAD_MODULE_DISABLED */
/*!@}*/
diff --git a/secure_fw/partitions/crypto/crypto_asymmetric.c b/secure_fw/partitions/crypto/crypto_asymmetric.c
index a8507b2f63..144684b905 100644
--- a/secure_fw/partitions/crypto/crypto_asymmetric.c
+++ b/secure_fw/partitions/crypto/crypto_asymmetric.c
@@ -19,25 +19,12 @@
*/
/*!@{*/
-psa_status_t tfm_crypto_asymmetric_interface(psa_invec in_vec[],
- psa_outvec out_vec[],
+#ifndef TFM_CRYPTO_ASYM_SIGN_MODULE_DISABLED
+psa_status_t tfm_crypto_asymmetric_sign_interface(psa_invec in_vec[],
+ psa_outvec out_vec[],
mbedtls_svc_key_id_t *encoded_key)
{
const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
- psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-
-#ifdef TFM_CRYPTO_ASYM_ENCRYPT_MODULE_DISALBED
- if (TFM_CRYPTO_IS_GROUP_ID(iov->function_id,
- TFM_CRYPTO_GROUP_ID_ASYM_ENCRYPT)) {
- return PSA_ERROR_NOT_SUPPORTED;
- }
-#endif
-#ifdef TFM_CRYPTO_ASYM_SIGN_MODULE_DISALBED
- if (TFM_CRYPTO_IS_GROUP_ID(iov->function_id,
- TFM_CRYPTO_GROUP_ID_ASYM_SIGN)) {
- return PSA_ERROR_NOT_SUPPORTED;
- }
-#endif
switch (iov->function_id) {
case TFM_CRYPTO_ASYMMETRIC_SIGN_MESSAGE_SID:
@@ -47,10 +34,9 @@ psa_status_t tfm_crypto_asymmetric_interface(psa_invec in_vec[],
uint8_t *signature = out_vec[0].base;
size_t signature_size = out_vec[0].len;
- status = psa_sign_message(*encoded_key, iov->alg, input, input_length,
- signature, signature_size, &(out_vec[0].len));
+ return psa_sign_message(*encoded_key, iov->alg, input, input_length,
+ signature, signature_size, &(out_vec[0].len));
}
- break;
case TFM_CRYPTO_ASYMMETRIC_VERIFY_MESSAGE_SID:
{
const uint8_t *input = in_vec[1].base;
@@ -58,10 +44,9 @@ psa_status_t tfm_crypto_asymmetric_interface(psa_invec in_vec[],
const uint8_t *signature = in_vec[2].base;
size_t signature_length = in_vec[2].len;
- status = psa_verify_message(*encoded_key, iov->alg, input, input_length,
- signature, signature_length);
+ return psa_verify_message(*encoded_key, iov->alg, input, input_length,
+ signature, signature_length);
}
- break;
case TFM_CRYPTO_ASYMMETRIC_SIGN_HASH_SID:
{
const uint8_t *hash = in_vec[1].base;
@@ -69,10 +54,9 @@ psa_status_t tfm_crypto_asymmetric_interface(psa_invec in_vec[],
uint8_t *signature = out_vec[0].base;
size_t signature_size = out_vec[0].len;
- status = psa_sign_hash(*encoded_key, iov->alg, hash, hash_length,
- signature, signature_size, &(out_vec[0].len));
+ return psa_sign_hash(*encoded_key, iov->alg, hash, hash_length,
+ signature, signature_size, &(out_vec[0].len));
}
- break;
case TFM_CRYPTO_ASYMMETRIC_VERIFY_HASH_SID:
{
const uint8_t *hash = in_vec[1].base;
@@ -80,10 +64,36 @@ psa_status_t tfm_crypto_asymmetric_interface(psa_invec in_vec[],
const uint8_t *signature = in_vec[2].base;
size_t signature_length = in_vec[2].len;
- status = psa_verify_hash(*encoded_key, iov->alg, hash, hash_length,
- signature, signature_length);
+ return psa_verify_hash(*encoded_key, iov->alg, hash, hash_length,
+ signature, signature_length);
}
- break;
+ default:
+ return PSA_ERROR_NOT_SUPPORTED;
+ }
+
+ return PSA_ERROR_NOT_SUPPORTED;
+}
+#else /* !TFM_CRYPTO_ASYM_SIGN_MODULE_DISABLED */
+psa_status_t tfm_crypto_asymmetric_sign_interface(psa_invec in_vec[],
+ psa_outvec out_vec[],
+ mbedtls_svc_key_id_t *encoded_key)
+{
+ (void)in_vec;
+ (void)out_vec;
+ (void)encoded_key;
+
+ return PSA_ERROR_NOT_SUPPORTED;
+}
+#endif /* !TFM_CRYPTO_ASYM_SIGN_MODULE_DISABLED */
+
+#ifndef TFM_CRYPTO_ASYM_ENCRYPT_MODULE_DISABLED
+psa_status_t tfm_crypto_asymmetric_encrypt_interface(psa_invec in_vec[],
+ psa_outvec out_vec[],
+ mbedtls_svc_key_id_t *encoded_key)
+{
+ const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
+
+ switch (iov->function_id) {
case TFM_CRYPTO_ASYMMETRIC_ENCRYPT_SID:
{
const uint8_t *input = in_vec[1].base;
@@ -93,13 +103,12 @@ psa_status_t tfm_crypto_asymmetric_interface(psa_invec in_vec[],
uint8_t *output = out_vec[0].base;
size_t output_size = out_vec[0].len;
- status = psa_asymmetric_encrypt(*encoded_key, iov->alg,
- input, input_length,
- salt, salt_length,
- output, output_size,
- &(out_vec[0].len));
+ return psa_asymmetric_encrypt(*encoded_key, iov->alg,
+ input, input_length,
+ salt, salt_length,
+ output, output_size,
+ &(out_vec[0].len));
}
- break;
case TFM_CRYPTO_ASYMMETRIC_DECRYPT_SID:
{
const uint8_t *input = in_vec[1].base;
@@ -109,17 +118,28 @@ psa_status_t tfm_crypto_asymmetric_interface(psa_invec in_vec[],
uint8_t *output = out_vec[0].base;
size_t output_size = out_vec[0].len;
- status = psa_asymmetric_decrypt(*encoded_key, iov->alg,
- input, input_length,
- salt, salt_length,
- output, output_size,
- &(out_vec[0].len));
+ return psa_asymmetric_decrypt(*encoded_key, iov->alg,
+ input, input_length,
+ salt, salt_length,
+ output, output_size,
+ &(out_vec[0].len));
}
- break;
default:
- status = PSA_ERROR_NOT_SUPPORTED;
+ return PSA_ERROR_NOT_SUPPORTED;
}
- return status;
+ return PSA_ERROR_NOT_SUPPORTED;
+}
+#else /* !TFM_CRYPTO_ASYM_ENCRYPT_MODULE_DISABLED */
+psa_status_t tfm_crypto_asymmetric_encrypt_interface(psa_invec in_vec[],
+ psa_outvec out_vec[],
+ mbedtls_svc_key_id_t *encoded_key)
+{
+ (void)in_vec;
+ (void)out_vec;
+ (void)encoded_key;
+
+ return PSA_ERROR_NOT_SUPPORTED;
}
+#endif /* !TFM_CRYPTO_ASYM_ENCRYPT_MODULE_DISABLED */
/*!@}*/
diff --git a/secure_fw/partitions/crypto/crypto_cipher.c b/secure_fw/partitions/crypto/crypto_cipher.c
index 4ac173843d..a493eb0990 100644
--- a/secure_fw/partitions/crypto/crypto_cipher.c
+++ b/secure_fw/partitions/crypto/crypto_cipher.c
@@ -19,13 +19,11 @@
*/
/*!@{*/
+#ifndef TFM_CRYPTO_CIPHER_MODULE_DISABLED
psa_status_t tfm_crypto_cipher_interface(psa_invec in_vec[],
psa_outvec out_vec[],
mbedtls_svc_key_id_t *encoded_key)
{
-#ifdef TFM_CRYPTO_CIPHER_MODULE_DISABLED
- return PSA_ERROR_NOT_SUPPORTED;
-#endif
const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_cipher_operation_t *operation = NULL;
@@ -161,4 +159,16 @@ release_operation_and_return:
(void)tfm_crypto_operation_release(handle_out);
return status;
}
+#else /* !TFM_CRYPTO_CIPHER_MODULE_DISABLED */
+psa_status_t tfm_crypto_cipher_interface(psa_invec in_vec[],
+ psa_outvec out_vec[],
+ mbedtls_svc_key_id_t *encoded_key)
+{
+ (void)in_vec;
+ (void)out_vec;
+ (void)encoded_key;
+
+ return PSA_ERROR_NOT_SUPPORTED;
+}
+#endif /* !TFM_CRYPTO_CIPHER_MODULE_DISABLED */
/*!@}*/
diff --git a/secure_fw/partitions/crypto/crypto_hash.c b/secure_fw/partitions/crypto/crypto_hash.c
index 6c12762b8b..59a76b9d2c 100644
--- a/secure_fw/partitions/crypto/crypto_hash.c
+++ b/secure_fw/partitions/crypto/crypto_hash.c
@@ -19,12 +19,10 @@
*/
/*!@{*/
+#ifndef TFM_CRYPTO_HASH_MODULE_DISABLED
psa_status_t tfm_crypto_hash_interface(psa_invec in_vec[],
psa_outvec out_vec[])
{
-#ifdef TFM_CRYPTO_HASH_MODULE_DISABLED
- return PSA_ERROR_NOT_SUPPORTED;
-#endif
const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_hash_operation_t *operation = NULL;
@@ -166,4 +164,13 @@ release_operation_and_return:
(void)tfm_crypto_operation_release(handle_out);
return status;
}
+#else /* !TFM_CRYPTO_HASH_MODULE_DISABLED */
+psa_status_t tfm_crypto_hash_interface(psa_invec in_vec[],
+ psa_outvec out_vec[])
+{
+ (void)in_vec;
+ (void)out_vec;
+
+ return PSA_ERROR_NOT_SUPPORTED;
+#endif /* !TFM_CRYPTO_HASH_MODULE_DISABLED */
/*!@}*/
diff --git a/secure_fw/partitions/crypto/crypto_init.c b/secure_fw/partitions/crypto/crypto_init.c
index ab02882a8d..6a271173f3 100644
--- a/secure_fw/partitions/crypto/crypto_init.c
+++ b/secure_fw/partitions/crypto/crypto_init.c
@@ -455,12 +455,15 @@ psa_status_t tfm_crypto_api_dispatcher(psa_invec in_vec[],
out_vec,
&encoded_key);
} else if (TFM_CRYPTO_IS_GROUP_ID(
- iov->function_id, TFM_CRYPTO_GROUP_ID_ASYM_SIGN) ||
- TFM_CRYPTO_IS_GROUP_ID(
+ iov->function_id, TFM_CRYPTO_GROUP_ID_ASYM_SIGN)) {
+ status = tfm_crypto_asymmetric_sign_interface(in_vec,
+ out_vec,
+ &encoded_key);
+ } else if (TFM_CRYPTO_IS_GROUP_ID(
iov->function_id, TFM_CRYPTO_GROUP_ID_ASYM_ENCRYPT)) {
- status = tfm_crypto_asymmetric_interface(in_vec,
- out_vec,
- &encoded_key);
+ status = tfm_crypto_asymmetric_encrypt_interface(in_vec,
+ out_vec,
+ &encoded_key);
} else if (TFM_CRYPTO_IS_GROUP_ID(
iov->function_id, TFM_CRYPTO_GROUP_ID_KEY_DERIVATION)) {
status = tfm_crypto_key_derivation_interface(in_vec,
diff --git a/secure_fw/partitions/crypto/crypto_key_derivation.c b/secure_fw/partitions/crypto/crypto_key_derivation.c
index 4404af0cf4..eeeaf7869e 100644
--- a/secure_fw/partitions/crypto/crypto_key_derivation.c
+++ b/secure_fw/partitions/crypto/crypto_key_derivation.c
@@ -144,13 +144,11 @@ static psa_status_t tfm_crypto_huk_derivation_abort(
*/
/*!@{*/
+#ifndef TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED
psa_status_t tfm_crypto_key_derivation_interface(psa_invec in_vec[],
psa_outvec out_vec[],
mbedtls_svc_key_id_t *encoded_key)
{
-#ifdef TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED
- return PSA_ERROR_NOT_SUPPORTED;
-#endif
const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_derivation_operation_t *operation = NULL;
@@ -304,4 +302,16 @@ release_operation_and_return:
(void)tfm_crypto_operation_release(handle_out);
return status;
}
+#else /* !TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED */
+psa_status_t tfm_crypto_key_derivation_interface(psa_invec in_vec[],
+ psa_outvec out_vec[],
+ mbedtls_svc_key_id_t *encoded_key)
+{
+ (void)in_vec;
+ (void)out_vec;
+ (void)encoded_key;
+
+ return PSA_ERROR_NOT_SUPPORTED;
+}
+#endif /* !TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED */
/*!@}*/
diff --git a/secure_fw/partitions/crypto/crypto_key_management.c b/secure_fw/partitions/crypto/crypto_key_management.c
index 0054a1a20b..7e14a97750 100644
--- a/secure_fw/partitions/crypto/crypto_key_management.c
+++ b/secure_fw/partitions/crypto/crypto_key_management.c
@@ -22,13 +22,11 @@
*/
/*!@{*/
+#ifndef TFM_CRYPTO_KEY_MODULE_DISABLED
psa_status_t tfm_crypto_key_management_interface(psa_invec in_vec[],
psa_outvec out_vec[],
mbedtls_svc_key_id_t *encoded_key)
{
-#ifdef TFM_CRYPTO_KEY_MODULE_DISABLED
- return PSA_ERROR_NOT_SUPPORTED;
-#endif
const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
int32_t partition_id = MBEDTLS_SVC_KEY_ID_GET_OWNER_ID(*encoded_key);
@@ -178,4 +176,16 @@ psa_status_t tfm_crypto_key_management_interface(psa_invec in_vec[],
return status;
}
+#else /* !TFM_CRYPTO_KEY_MODULE_DISABLED */
+psa_status_t tfm_crypto_key_management_interface(psa_invec in_vec[],
+ psa_outvec out_vec[],
+ mbedtls_svc_key_id_t *encoded_key)
+{
+ (void)in_vec;
+ (void)out_vec;
+ (void)encoded_key;
+
+ return PSA_ERROR_NOT_SUPPORTED;
+}
+#endif /* !TFM_CRYPTO_KEY_MODULE_DISABLED */
/*!@}*/
diff --git a/secure_fw/partitions/crypto/crypto_mac.c b/secure_fw/partitions/crypto/crypto_mac.c
index 803d0e0162..01bd6f7cd1 100644
--- a/secure_fw/partitions/crypto/crypto_mac.c
+++ b/secure_fw/partitions/crypto/crypto_mac.c
@@ -19,13 +19,11 @@
*/
/*!@{*/
+#ifndef TFM_CRYPTO_MAC_MODULE_DISABLED
psa_status_t tfm_crypto_mac_interface(psa_invec in_vec[],
psa_outvec out_vec[],
mbedtls_svc_key_id_t *encoded_key)
{
-#ifdef TFM_CRYPTO_MAC_MODULE_DISABLED
- return PSA_ERROR_NOT_SUPPORTED;
-#endif
const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_mac_operation_t *operation = NULL;
@@ -149,4 +147,16 @@ release_operation_and_return:
(void)tfm_crypto_operation_release(handle_out);
return status;
}
+#else /* !TFM_CRYPTO_MAC_MODULE_DISABLED */
+psa_status_t tfm_crypto_mac_interface(psa_invec in_vec[],
+ psa_outvec out_vec[],
+ mbedtls_svc_key_id_t *encoded_key)
+{
+ (void)in_vec;
+ (void)out_vec;
+ (void)encoded_key;
+
+ return PSA_ERROR_NOT_SUPPORTED;
+}
+#endif /* !TFM_CRYPTO_MAC_MODULE_DISABLED */
/*!@}*/
diff --git a/secure_fw/partitions/crypto/crypto_rng.c b/secure_fw/partitions/crypto/crypto_rng.c
index 1dccddf003..d444b94b8a 100644
--- a/secure_fw/partitions/crypto/crypto_rng.c
+++ b/secure_fw/partitions/crypto/crypto_rng.c
@@ -24,11 +24,15 @@ psa_status_t tfm_crypto_random_interface(psa_invec in_vec[],
psa_outvec out_vec[])
{
#ifdef TFM_CRYPTO_RNG_MODULE_DISABLED
+ (void)in_vec;
+ (void)out_vec;
+
return PSA_ERROR_NOT_SUPPORTED;
-#endif
+#else
uint8_t *output = out_vec[0].base;
size_t output_size = out_vec[0].len;
return psa_generate_random(output, output_size);
+#endif
}
/*!@}*/
diff --git a/secure_fw/partitions/crypto/tfm_crypto_api.h b/secure_fw/partitions/crypto/tfm_crypto_api.h
index ef26901003..ca8b862bdf 100644
--- a/secure_fw/partitions/crypto/tfm_crypto_api.h
+++ b/secure_fw/partitions/crypto/tfm_crypto_api.h
@@ -260,8 +260,22 @@ psa_status_t tfm_crypto_cipher_interface(psa_invec in_vec[],
psa_status_t tfm_crypto_aead_interface(psa_invec in_vec[],
psa_outvec out_vec[],
mbedtls_svc_key_id_t *encoded_key);
+
+/**
+ * \brief This function acts as interface for the Asymmetric signing module
+ *
+ * \param[in] in_vec Array of invec parameters
+ * \param[out] out_vec Array of outvec parameters
+ * \param[in] encoded_key Key encoded with partition_id and key_id
+ *
+ * \return Return values as described in \ref psa_status_t
+ */
+psa_status_t tfm_crypto_asymmetric_sign_interface(psa_invec in_vec[],
+ psa_outvec out_vec[],
+ mbedtls_svc_key_id_t *encoded_key);
+
/**
- * \brief This function acts as interface for the Asymmetric module
+ * \brief This function acts as interface for the Asymmetric encryption module
*
* \param[in] in_vec Array of invec parameters
* \param[out] out_vec Array of outvec parameters
@@ -269,9 +283,10 @@ psa_status_t tfm_crypto_aead_interface(psa_invec in_vec[],
*
* \return Return values as described in \ref psa_status_t
*/
-psa_status_t tfm_crypto_asymmetric_interface(psa_invec in_vec[],
- psa_outvec out_vec[],
+psa_status_t tfm_crypto_asymmetric_encrypt_interface(psa_invec in_vec[],
+ psa_outvec out_vec[],
mbedtls_svc_key_id_t *encoded_key);
+
/**
* \brief This function acts as interface for the Key derivation module
*