diff options
author | David Hu <david.hu@arm.com> | 2022-07-05 11:36:34 +0800 |
---|---|---|
committer | David Hu <david.hu@arm.com> | 2022-07-06 07:07:23 +0200 |
commit | 1eb1194b0448271ea82263158909a670005b0717 (patch) | |
tree | cf4ec2b725e76e679904202ba61b916f239721cb /secure_fw/partitions | |
parent | 5fd79dc0f83b291dd7da1c8719b51e0c8214abb5 (diff) | |
download | trusted-firmware-m-1eb1194b0448271ea82263158909a670005b0717.tar.gz |
Crypto: Implement each interface as empty if not used
If a Crypto module is disabled, implement its interface as empty to
return PSA_ERROR_NOT_SUPPORTED only, instead of still keeping the whole
switch/case block.
Split asymmetric interface into asymmetric signing and asymmetric
encryption to better optimize their interface.
Also fix the typo of asymmetric algorithm control flag.
Change-Id: Ic55a38e2d2fc0784d6ae1e45db3cbb0cfafc235c
Signed-off-by: David Hu <david.hu@arm.com>
Diffstat (limited to 'secure_fw/partitions')
-rw-r--r-- | secure_fw/partitions/crypto/crypto_aead.c | 16 | ||||
-rw-r--r-- | secure_fw/partitions/crypto/crypto_asymmetric.c | 104 | ||||
-rw-r--r-- | secure_fw/partitions/crypto/crypto_cipher.c | 16 | ||||
-rw-r--r-- | secure_fw/partitions/crypto/crypto_hash.c | 13 | ||||
-rw-r--r-- | secure_fw/partitions/crypto/crypto_init.c | 13 | ||||
-rw-r--r-- | secure_fw/partitions/crypto/crypto_key_derivation.c | 16 | ||||
-rw-r--r-- | secure_fw/partitions/crypto/crypto_key_management.c | 16 | ||||
-rw-r--r-- | secure_fw/partitions/crypto/crypto_mac.c | 16 | ||||
-rw-r--r-- | secure_fw/partitions/crypto/crypto_rng.c | 6 | ||||
-rw-r--r-- | secure_fw/partitions/crypto/tfm_crypto_api.h | 21 |
10 files changed, 168 insertions, 69 deletions
diff --git a/secure_fw/partitions/crypto/crypto_aead.c b/secure_fw/partitions/crypto/crypto_aead.c index 19af9a50ce..06c9c56c89 100644 --- a/secure_fw/partitions/crypto/crypto_aead.c +++ b/secure_fw/partitions/crypto/crypto_aead.c @@ -22,13 +22,11 @@ */ /*!@{*/ +#ifndef TFM_CRYPTO_AEAD_MODULE_DISABLED psa_status_t tfm_crypto_aead_interface(psa_invec in_vec[], psa_outvec out_vec[], mbedtls_svc_key_id_t *encoded_key) { -#ifdef TFM_CRYPTO_AEAD_MODULE_DISABLED - return PSA_ERROR_NOT_SUPPORTED; -#endif const struct tfm_crypto_pack_iovec *iov = in_vec[0].base; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_aead_operation_t *operation = NULL; @@ -219,4 +217,16 @@ release_operation_and_return: (void)tfm_crypto_operation_release(handle_out); return status; } +#else /* !TFM_CRYPTO_AEAD_MODULE_DISABLED */ +psa_status_t tfm_crypto_aead_interface(psa_invec in_vec[], + psa_outvec out_vec[], + mbedtls_svc_key_id_t *encoded_key) +{ + (void)in_vec; + (void)out_vec; + (void)encoded_key; + + return PSA_ERROR_NOT_SUPPORTED; +} +#endif /* !TFM_CRYPTO_AEAD_MODULE_DISABLED */ /*!@}*/ diff --git a/secure_fw/partitions/crypto/crypto_asymmetric.c b/secure_fw/partitions/crypto/crypto_asymmetric.c index a8507b2f63..144684b905 100644 --- a/secure_fw/partitions/crypto/crypto_asymmetric.c +++ b/secure_fw/partitions/crypto/crypto_asymmetric.c @@ -19,25 +19,12 @@ */ /*!@{*/ -psa_status_t tfm_crypto_asymmetric_interface(psa_invec in_vec[], - psa_outvec out_vec[], +#ifndef TFM_CRYPTO_ASYM_SIGN_MODULE_DISABLED +psa_status_t tfm_crypto_asymmetric_sign_interface(psa_invec in_vec[], + psa_outvec out_vec[], mbedtls_svc_key_id_t *encoded_key) { const struct tfm_crypto_pack_iovec *iov = in_vec[0].base; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - -#ifdef TFM_CRYPTO_ASYM_ENCRYPT_MODULE_DISALBED - if (TFM_CRYPTO_IS_GROUP_ID(iov->function_id, - TFM_CRYPTO_GROUP_ID_ASYM_ENCRYPT)) { - return PSA_ERROR_NOT_SUPPORTED; - } -#endif -#ifdef TFM_CRYPTO_ASYM_SIGN_MODULE_DISALBED - if (TFM_CRYPTO_IS_GROUP_ID(iov->function_id, - TFM_CRYPTO_GROUP_ID_ASYM_SIGN)) { - return PSA_ERROR_NOT_SUPPORTED; - } -#endif switch (iov->function_id) { case TFM_CRYPTO_ASYMMETRIC_SIGN_MESSAGE_SID: @@ -47,10 +34,9 @@ psa_status_t tfm_crypto_asymmetric_interface(psa_invec in_vec[], uint8_t *signature = out_vec[0].base; size_t signature_size = out_vec[0].len; - status = psa_sign_message(*encoded_key, iov->alg, input, input_length, - signature, signature_size, &(out_vec[0].len)); + return psa_sign_message(*encoded_key, iov->alg, input, input_length, + signature, signature_size, &(out_vec[0].len)); } - break; case TFM_CRYPTO_ASYMMETRIC_VERIFY_MESSAGE_SID: { const uint8_t *input = in_vec[1].base; @@ -58,10 +44,9 @@ psa_status_t tfm_crypto_asymmetric_interface(psa_invec in_vec[], const uint8_t *signature = in_vec[2].base; size_t signature_length = in_vec[2].len; - status = psa_verify_message(*encoded_key, iov->alg, input, input_length, - signature, signature_length); + return psa_verify_message(*encoded_key, iov->alg, input, input_length, + signature, signature_length); } - break; case TFM_CRYPTO_ASYMMETRIC_SIGN_HASH_SID: { const uint8_t *hash = in_vec[1].base; @@ -69,10 +54,9 @@ psa_status_t tfm_crypto_asymmetric_interface(psa_invec in_vec[], uint8_t *signature = out_vec[0].base; size_t signature_size = out_vec[0].len; - status = psa_sign_hash(*encoded_key, iov->alg, hash, hash_length, - signature, signature_size, &(out_vec[0].len)); + return psa_sign_hash(*encoded_key, iov->alg, hash, hash_length, + signature, signature_size, &(out_vec[0].len)); } - break; case TFM_CRYPTO_ASYMMETRIC_VERIFY_HASH_SID: { const uint8_t *hash = in_vec[1].base; @@ -80,10 +64,36 @@ psa_status_t tfm_crypto_asymmetric_interface(psa_invec in_vec[], const uint8_t *signature = in_vec[2].base; size_t signature_length = in_vec[2].len; - status = psa_verify_hash(*encoded_key, iov->alg, hash, hash_length, - signature, signature_length); + return psa_verify_hash(*encoded_key, iov->alg, hash, hash_length, + signature, signature_length); } - break; + default: + return PSA_ERROR_NOT_SUPPORTED; + } + + return PSA_ERROR_NOT_SUPPORTED; +} +#else /* !TFM_CRYPTO_ASYM_SIGN_MODULE_DISABLED */ +psa_status_t tfm_crypto_asymmetric_sign_interface(psa_invec in_vec[], + psa_outvec out_vec[], + mbedtls_svc_key_id_t *encoded_key) +{ + (void)in_vec; + (void)out_vec; + (void)encoded_key; + + return PSA_ERROR_NOT_SUPPORTED; +} +#endif /* !TFM_CRYPTO_ASYM_SIGN_MODULE_DISABLED */ + +#ifndef TFM_CRYPTO_ASYM_ENCRYPT_MODULE_DISABLED +psa_status_t tfm_crypto_asymmetric_encrypt_interface(psa_invec in_vec[], + psa_outvec out_vec[], + mbedtls_svc_key_id_t *encoded_key) +{ + const struct tfm_crypto_pack_iovec *iov = in_vec[0].base; + + switch (iov->function_id) { case TFM_CRYPTO_ASYMMETRIC_ENCRYPT_SID: { const uint8_t *input = in_vec[1].base; @@ -93,13 +103,12 @@ psa_status_t tfm_crypto_asymmetric_interface(psa_invec in_vec[], uint8_t *output = out_vec[0].base; size_t output_size = out_vec[0].len; - status = psa_asymmetric_encrypt(*encoded_key, iov->alg, - input, input_length, - salt, salt_length, - output, output_size, - &(out_vec[0].len)); + return psa_asymmetric_encrypt(*encoded_key, iov->alg, + input, input_length, + salt, salt_length, + output, output_size, + &(out_vec[0].len)); } - break; case TFM_CRYPTO_ASYMMETRIC_DECRYPT_SID: { const uint8_t *input = in_vec[1].base; @@ -109,17 +118,28 @@ psa_status_t tfm_crypto_asymmetric_interface(psa_invec in_vec[], uint8_t *output = out_vec[0].base; size_t output_size = out_vec[0].len; - status = psa_asymmetric_decrypt(*encoded_key, iov->alg, - input, input_length, - salt, salt_length, - output, output_size, - &(out_vec[0].len)); + return psa_asymmetric_decrypt(*encoded_key, iov->alg, + input, input_length, + salt, salt_length, + output, output_size, + &(out_vec[0].len)); } - break; default: - status = PSA_ERROR_NOT_SUPPORTED; + return PSA_ERROR_NOT_SUPPORTED; } - return status; + return PSA_ERROR_NOT_SUPPORTED; +} +#else /* !TFM_CRYPTO_ASYM_ENCRYPT_MODULE_DISABLED */ +psa_status_t tfm_crypto_asymmetric_encrypt_interface(psa_invec in_vec[], + psa_outvec out_vec[], + mbedtls_svc_key_id_t *encoded_key) +{ + (void)in_vec; + (void)out_vec; + (void)encoded_key; + + return PSA_ERROR_NOT_SUPPORTED; } +#endif /* !TFM_CRYPTO_ASYM_ENCRYPT_MODULE_DISABLED */ /*!@}*/ diff --git a/secure_fw/partitions/crypto/crypto_cipher.c b/secure_fw/partitions/crypto/crypto_cipher.c index 4ac173843d..a493eb0990 100644 --- a/secure_fw/partitions/crypto/crypto_cipher.c +++ b/secure_fw/partitions/crypto/crypto_cipher.c @@ -19,13 +19,11 @@ */ /*!@{*/ +#ifndef TFM_CRYPTO_CIPHER_MODULE_DISABLED psa_status_t tfm_crypto_cipher_interface(psa_invec in_vec[], psa_outvec out_vec[], mbedtls_svc_key_id_t *encoded_key) { -#ifdef TFM_CRYPTO_CIPHER_MODULE_DISABLED - return PSA_ERROR_NOT_SUPPORTED; -#endif const struct tfm_crypto_pack_iovec *iov = in_vec[0].base; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_cipher_operation_t *operation = NULL; @@ -161,4 +159,16 @@ release_operation_and_return: (void)tfm_crypto_operation_release(handle_out); return status; } +#else /* !TFM_CRYPTO_CIPHER_MODULE_DISABLED */ +psa_status_t tfm_crypto_cipher_interface(psa_invec in_vec[], + psa_outvec out_vec[], + mbedtls_svc_key_id_t *encoded_key) +{ + (void)in_vec; + (void)out_vec; + (void)encoded_key; + + return PSA_ERROR_NOT_SUPPORTED; +} +#endif /* !TFM_CRYPTO_CIPHER_MODULE_DISABLED */ /*!@}*/ diff --git a/secure_fw/partitions/crypto/crypto_hash.c b/secure_fw/partitions/crypto/crypto_hash.c index 6c12762b8b..59a76b9d2c 100644 --- a/secure_fw/partitions/crypto/crypto_hash.c +++ b/secure_fw/partitions/crypto/crypto_hash.c @@ -19,12 +19,10 @@ */ /*!@{*/ +#ifndef TFM_CRYPTO_HASH_MODULE_DISABLED psa_status_t tfm_crypto_hash_interface(psa_invec in_vec[], psa_outvec out_vec[]) { -#ifdef TFM_CRYPTO_HASH_MODULE_DISABLED - return PSA_ERROR_NOT_SUPPORTED; -#endif const struct tfm_crypto_pack_iovec *iov = in_vec[0].base; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_hash_operation_t *operation = NULL; @@ -166,4 +164,13 @@ release_operation_and_return: (void)tfm_crypto_operation_release(handle_out); return status; } +#else /* !TFM_CRYPTO_HASH_MODULE_DISABLED */ +psa_status_t tfm_crypto_hash_interface(psa_invec in_vec[], + psa_outvec out_vec[]) +{ + (void)in_vec; + (void)out_vec; + + return PSA_ERROR_NOT_SUPPORTED; +#endif /* !TFM_CRYPTO_HASH_MODULE_DISABLED */ /*!@}*/ diff --git a/secure_fw/partitions/crypto/crypto_init.c b/secure_fw/partitions/crypto/crypto_init.c index ab02882a8d..6a271173f3 100644 --- a/secure_fw/partitions/crypto/crypto_init.c +++ b/secure_fw/partitions/crypto/crypto_init.c @@ -455,12 +455,15 @@ psa_status_t tfm_crypto_api_dispatcher(psa_invec in_vec[], out_vec, &encoded_key); } else if (TFM_CRYPTO_IS_GROUP_ID( - iov->function_id, TFM_CRYPTO_GROUP_ID_ASYM_SIGN) || - TFM_CRYPTO_IS_GROUP_ID( + iov->function_id, TFM_CRYPTO_GROUP_ID_ASYM_SIGN)) { + status = tfm_crypto_asymmetric_sign_interface(in_vec, + out_vec, + &encoded_key); + } else if (TFM_CRYPTO_IS_GROUP_ID( iov->function_id, TFM_CRYPTO_GROUP_ID_ASYM_ENCRYPT)) { - status = tfm_crypto_asymmetric_interface(in_vec, - out_vec, - &encoded_key); + status = tfm_crypto_asymmetric_encrypt_interface(in_vec, + out_vec, + &encoded_key); } else if (TFM_CRYPTO_IS_GROUP_ID( iov->function_id, TFM_CRYPTO_GROUP_ID_KEY_DERIVATION)) { status = tfm_crypto_key_derivation_interface(in_vec, diff --git a/secure_fw/partitions/crypto/crypto_key_derivation.c b/secure_fw/partitions/crypto/crypto_key_derivation.c index 4404af0cf4..eeeaf7869e 100644 --- a/secure_fw/partitions/crypto/crypto_key_derivation.c +++ b/secure_fw/partitions/crypto/crypto_key_derivation.c @@ -144,13 +144,11 @@ static psa_status_t tfm_crypto_huk_derivation_abort( */ /*!@{*/ +#ifndef TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED psa_status_t tfm_crypto_key_derivation_interface(psa_invec in_vec[], psa_outvec out_vec[], mbedtls_svc_key_id_t *encoded_key) { -#ifdef TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED - return PSA_ERROR_NOT_SUPPORTED; -#endif const struct tfm_crypto_pack_iovec *iov = in_vec[0].base; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_derivation_operation_t *operation = NULL; @@ -304,4 +302,16 @@ release_operation_and_return: (void)tfm_crypto_operation_release(handle_out); return status; } +#else /* !TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED */ +psa_status_t tfm_crypto_key_derivation_interface(psa_invec in_vec[], + psa_outvec out_vec[], + mbedtls_svc_key_id_t *encoded_key) +{ + (void)in_vec; + (void)out_vec; + (void)encoded_key; + + return PSA_ERROR_NOT_SUPPORTED; +} +#endif /* !TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED */ /*!@}*/ diff --git a/secure_fw/partitions/crypto/crypto_key_management.c b/secure_fw/partitions/crypto/crypto_key_management.c index 0054a1a20b..7e14a97750 100644 --- a/secure_fw/partitions/crypto/crypto_key_management.c +++ b/secure_fw/partitions/crypto/crypto_key_management.c @@ -22,13 +22,11 @@ */ /*!@{*/ +#ifndef TFM_CRYPTO_KEY_MODULE_DISABLED psa_status_t tfm_crypto_key_management_interface(psa_invec in_vec[], psa_outvec out_vec[], mbedtls_svc_key_id_t *encoded_key) { -#ifdef TFM_CRYPTO_KEY_MODULE_DISABLED - return PSA_ERROR_NOT_SUPPORTED; -#endif const struct tfm_crypto_pack_iovec *iov = in_vec[0].base; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; int32_t partition_id = MBEDTLS_SVC_KEY_ID_GET_OWNER_ID(*encoded_key); @@ -178,4 +176,16 @@ psa_status_t tfm_crypto_key_management_interface(psa_invec in_vec[], return status; } +#else /* !TFM_CRYPTO_KEY_MODULE_DISABLED */ +psa_status_t tfm_crypto_key_management_interface(psa_invec in_vec[], + psa_outvec out_vec[], + mbedtls_svc_key_id_t *encoded_key) +{ + (void)in_vec; + (void)out_vec; + (void)encoded_key; + + return PSA_ERROR_NOT_SUPPORTED; +} +#endif /* !TFM_CRYPTO_KEY_MODULE_DISABLED */ /*!@}*/ diff --git a/secure_fw/partitions/crypto/crypto_mac.c b/secure_fw/partitions/crypto/crypto_mac.c index 803d0e0162..01bd6f7cd1 100644 --- a/secure_fw/partitions/crypto/crypto_mac.c +++ b/secure_fw/partitions/crypto/crypto_mac.c @@ -19,13 +19,11 @@ */ /*!@{*/ +#ifndef TFM_CRYPTO_MAC_MODULE_DISABLED psa_status_t tfm_crypto_mac_interface(psa_invec in_vec[], psa_outvec out_vec[], mbedtls_svc_key_id_t *encoded_key) { -#ifdef TFM_CRYPTO_MAC_MODULE_DISABLED - return PSA_ERROR_NOT_SUPPORTED; -#endif const struct tfm_crypto_pack_iovec *iov = in_vec[0].base; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_mac_operation_t *operation = NULL; @@ -149,4 +147,16 @@ release_operation_and_return: (void)tfm_crypto_operation_release(handle_out); return status; } +#else /* !TFM_CRYPTO_MAC_MODULE_DISABLED */ +psa_status_t tfm_crypto_mac_interface(psa_invec in_vec[], + psa_outvec out_vec[], + mbedtls_svc_key_id_t *encoded_key) +{ + (void)in_vec; + (void)out_vec; + (void)encoded_key; + + return PSA_ERROR_NOT_SUPPORTED; +} +#endif /* !TFM_CRYPTO_MAC_MODULE_DISABLED */ /*!@}*/ diff --git a/secure_fw/partitions/crypto/crypto_rng.c b/secure_fw/partitions/crypto/crypto_rng.c index 1dccddf003..d444b94b8a 100644 --- a/secure_fw/partitions/crypto/crypto_rng.c +++ b/secure_fw/partitions/crypto/crypto_rng.c @@ -24,11 +24,15 @@ psa_status_t tfm_crypto_random_interface(psa_invec in_vec[], psa_outvec out_vec[]) { #ifdef TFM_CRYPTO_RNG_MODULE_DISABLED + (void)in_vec; + (void)out_vec; + return PSA_ERROR_NOT_SUPPORTED; -#endif +#else uint8_t *output = out_vec[0].base; size_t output_size = out_vec[0].len; return psa_generate_random(output, output_size); +#endif } /*!@}*/ diff --git a/secure_fw/partitions/crypto/tfm_crypto_api.h b/secure_fw/partitions/crypto/tfm_crypto_api.h index ef26901003..ca8b862bdf 100644 --- a/secure_fw/partitions/crypto/tfm_crypto_api.h +++ b/secure_fw/partitions/crypto/tfm_crypto_api.h @@ -260,8 +260,22 @@ psa_status_t tfm_crypto_cipher_interface(psa_invec in_vec[], psa_status_t tfm_crypto_aead_interface(psa_invec in_vec[], psa_outvec out_vec[], mbedtls_svc_key_id_t *encoded_key); + +/** + * \brief This function acts as interface for the Asymmetric signing module + * + * \param[in] in_vec Array of invec parameters + * \param[out] out_vec Array of outvec parameters + * \param[in] encoded_key Key encoded with partition_id and key_id + * + * \return Return values as described in \ref psa_status_t + */ +psa_status_t tfm_crypto_asymmetric_sign_interface(psa_invec in_vec[], + psa_outvec out_vec[], + mbedtls_svc_key_id_t *encoded_key); + /** - * \brief This function acts as interface for the Asymmetric module + * \brief This function acts as interface for the Asymmetric encryption module * * \param[in] in_vec Array of invec parameters * \param[out] out_vec Array of outvec parameters @@ -269,9 +283,10 @@ psa_status_t tfm_crypto_aead_interface(psa_invec in_vec[], * * \return Return values as described in \ref psa_status_t */ -psa_status_t tfm_crypto_asymmetric_interface(psa_invec in_vec[], - psa_outvec out_vec[], +psa_status_t tfm_crypto_asymmetric_encrypt_interface(psa_invec in_vec[], + psa_outvec out_vec[], mbedtls_svc_key_id_t *encoded_key); + /** * \brief This function acts as interface for the Key derivation module * |