aboutsummaryrefslogtreecommitdiff
path: root/secure_fw
diff options
context:
space:
mode:
authorDavid Hu <david.hu@arm.com>2021-05-12 10:55:53 +0800
committerDavid Hu <david.hu@arm.com>2021-05-21 05:07:05 +0200
commit0c250bcb1506d99eded650ea8f21c1f32a0723e9 (patch)
tree51f464ad6ffaa5766ca5c249f86d1c4f4599130a /secure_fw
parent9d93424a12b8cc2ba56518f76edadeaabc29e143 (diff)
downloadtrusted-firmware-m-0c250bcb1506d99eded650ea8f21c1f32a0723e9.tar.gz
Crypto: Refine asymmetric cryptographic control flags
Add CRYPTO_ASYM_SIGN_MODULE_DISABLED flag to control Crypto asymmetric signature operations. Add CRYPTO_ASYM_ENCRYPT_MODULE_DISABLED flag to control Crypto asymmetric encryption operations. The two new flags replace the existing CRYPTO_ASYMMETRIC_MODULE_DISABLED flag. Those flags help control Crypto asymmetirc key based operations independently and align with the PSA Crypto API spec. Change-Id: I4ff1561187abc9b463ed72b97dea0a8231b8da0e Signed-off-by: David Hu <david.hu@arm.com>
Diffstat (limited to 'secure_fw')
-rw-r--r--secure_fw/partitions/crypto/CMakeLists.txt6
-rw-r--r--secure_fw/partitions/crypto/crypto_asymmetric.c16
-rw-r--r--secure_fw/partitions/crypto/tfm_crypto_secure_api.c16
3 files changed, 20 insertions, 18 deletions
diff --git a/secure_fw/partitions/crypto/CMakeLists.txt b/secure_fw/partitions/crypto/CMakeLists.txt
index 94f56a7441..39f6cb9054 100644
--- a/secure_fw/partitions/crypto/CMakeLists.txt
+++ b/secure_fw/partitions/crypto/CMakeLists.txt
@@ -67,7 +67,8 @@ target_compile_definitions(tfm_psa_rot_partition_crypto
$<$<BOOL:${CRYPTO_CIPHER_MODULE_DISABLED}>:TFM_CRYPTO_CIPHER_MODULE_DISABLED>
$<$<BOOL:${CRYPTO_HASH_MODULE_DISABLED}>:TFM_CRYPTO_HASH_MODULE_DISABLED>
$<$<BOOL:${CRYPTO_GENERATOR_MODULE_DISABLED}>:TFM_CRYPTO_GENERATOR_MODULE_DISABLED>
- $<$<BOOL:${CRYPTO_ASYMMETRIC_MODULE_DISABLED}>:TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED>
+ $<$<BOOL:${CRYPTO_ASYM_SIGN_MODULE_DISABLED}>:TFM_CRYPTO_ASYM_SIGN_MODULE_DISABLED>
+ $<$<BOOL:${CRYPTO_ASYM_ENCRYPT_MODULE_DISABLED}>:TFM_CRYPTO_ASYM_ENCRYPT_MODULE_DISABLED>
$<$<BOOL:${CRYPTO_KEY_DERIVATION_MODULE_DISABLED}>:TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED>
PRIVATE
$<$<BOOL:${CRYPTO_ENGINE_BUF_SIZE}>:TFM_CRYPTO_ENGINE_BUF_SIZE=${CRYPTO_ENGINE_BUF_SIZE}>
@@ -85,7 +86,8 @@ message(STATUS "CRYPTO_MAC_MODULE_DISABLED is set to ${CRYPTO_MAC_MODULE_DISABLE
message(STATUS "CRYPTO_CIPHER_MODULE_DISABLED is set to ${CRYPTO_CIPHER_MODULE_DISABLED}")
message(STATUS "CRYPTO_HASH_MODULE_DISABLED is set to ${CRYPTO_HASH_MODULE_DISABLED}")
message(STATUS "CRYPTO_GENERATOR_MODULE_DISABLED is set to ${CRYPTO_GENERATOR_MODULE_DISABLED}")
-message(STATUS "CRYPTO_ASYMMETRIC_MODULE_DISABLED is set to ${CRYPTO_ASYMMETRIC_MODULE_DISABLED}")
+message(STATUS "CRYPTO_ASYM_SIGN_MODULE_DISABLED is set to ${CRYPTO_ASYM_SIGN_MODULE_DISABLED}")
+message(STATUS "CRYPTO_ASYM_ENCRYPT_MODULE_DISABLED is set to ${CRYPTO_ASYM_ENCRYPT_MODULE_DISABLED}")
message(STATUS "CRYPTO_ENGINE_BUF_SIZE is set to ${CRYPTO_ENGINE_BUF_SIZE}")
message(STATUS "CRYPTO_CONC_OPER_NUM is set to ${CRYPTO_CONC_OPER_NUM}")
if (${TFM_PSA_API})
diff --git a/secure_fw/partitions/crypto/crypto_asymmetric.c b/secure_fw/partitions/crypto/crypto_asymmetric.c
index c3a39094e4..8bf922d144 100644
--- a/secure_fw/partitions/crypto/crypto_asymmetric.c
+++ b/secure_fw/partitions/crypto/crypto_asymmetric.c
@@ -25,7 +25,7 @@ psa_status_t tfm_crypto_sign_hash(psa_invec in_vec[],
psa_outvec out_vec[],
size_t out_len)
{
-#ifdef TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED
+#ifdef TFM_CRYPTO_ASYM_SIGN_MODULE_DISABLED
return PSA_ERROR_NOT_SUPPORTED;
#else
CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 1, 2, out_len, 0, 1);
@@ -55,7 +55,7 @@ psa_status_t tfm_crypto_sign_hash(psa_invec in_vec[],
return psa_sign_hash(encoded_key, alg, hash, hash_length,
signature, signature_size, &(out_vec[0].len));
-#endif /* TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED */
+#endif /* TFM_CRYPTO_ASYM_SIGN_MODULE_DISABLED */
}
psa_status_t tfm_crypto_verify_hash(psa_invec in_vec[],
@@ -63,7 +63,7 @@ psa_status_t tfm_crypto_verify_hash(psa_invec in_vec[],
psa_outvec out_vec[],
size_t out_len)
{
-#ifdef TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED
+#ifdef TFM_CRYPTO_ASYM_SIGN_MODULE_DISABLED
return PSA_ERROR_NOT_SUPPORTED;
#else
CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 1, 3, out_len, 0, 0);
@@ -94,7 +94,7 @@ psa_status_t tfm_crypto_verify_hash(psa_invec in_vec[],
return psa_verify_hash(encoded_key, alg, hash, hash_length,
signature, signature_length);
-#endif /* TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED */
+#endif /* TFM_CRYPTO_ASYM_SIGN_MODULE_DISABLED */
}
psa_status_t tfm_crypto_asymmetric_encrypt(psa_invec in_vec[],
@@ -102,7 +102,7 @@ psa_status_t tfm_crypto_asymmetric_encrypt(psa_invec in_vec[],
psa_outvec out_vec[],
size_t out_len)
{
-#ifdef TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED
+#ifdef TFM_CRYPTO_ASYM_ENCRYPT_MODULE_DISABLED
return PSA_ERROR_NOT_SUPPORTED;
#else
psa_status_t status;
@@ -155,7 +155,7 @@ psa_status_t tfm_crypto_asymmetric_encrypt(psa_invec in_vec[],
return psa_asymmetric_encrypt(encoded_key, alg, input, input_length,
salt, salt_length,
output, output_size, &(out_vec[0].len));
-#endif /* TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED */
+#endif /* TFM_CRYPTO_ASYM_ENCRYPT_MODULE_DISABLED */
}
psa_status_t tfm_crypto_asymmetric_decrypt(psa_invec in_vec[],
@@ -163,7 +163,7 @@ psa_status_t tfm_crypto_asymmetric_decrypt(psa_invec in_vec[],
psa_outvec out_vec[],
size_t out_len)
{
-#ifdef TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED
+#ifdef TFM_CRYPTO_ASYM_ENCRYPT_MODULE_DISABLED
return PSA_ERROR_NOT_SUPPORTED;
#else
@@ -198,6 +198,6 @@ psa_status_t tfm_crypto_asymmetric_decrypt(psa_invec in_vec[],
return psa_asymmetric_decrypt(encoded_key, alg, input, input_length,
salt, salt_length,
output, output_size, &(out_vec[0].len));
-#endif /* TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED */
+#endif /* TFM_CRYPTO_ASYM_ENCRYPT_MODULE_DISABLED */
}
/*!@}*/
diff --git a/secure_fw/partitions/crypto/tfm_crypto_secure_api.c b/secure_fw/partitions/crypto/tfm_crypto_secure_api.c
index 5bd40da31f..56df0394f1 100644
--- a/secure_fw/partitions/crypto/tfm_crypto_secure_api.c
+++ b/secure_fw/partitions/crypto/tfm_crypto_secure_api.c
@@ -1316,7 +1316,7 @@ psa_status_t psa_sign_hash(psa_key_id_t key_id,
size_t signature_size,
size_t *signature_length)
{
-#ifdef TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED
+#ifdef TFM_CRYPTO_ASYM_SIGN_MODULE_DISABLED
return PSA_ERROR_NOT_SUPPORTED;
#else
psa_status_t status;
@@ -1347,7 +1347,7 @@ psa_status_t psa_sign_hash(psa_key_id_t key_id,
#endif
return status;
-#endif /* TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED */
+#endif /* TFM_CRYPTO_ASYM_SIGN_MODULE_DISABLED */
}
psa_status_t psa_asymmetric_verify(psa_key_id_t key_id,
@@ -1368,7 +1368,7 @@ psa_status_t psa_verify_hash(psa_key_id_t key_id,
const uint8_t *signature,
size_t signature_length)
{
-#ifdef TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED
+#ifdef TFM_CRYPTO_ASYM_SIGN_MODULE_DISABLED
return PSA_ERROR_NOT_SUPPORTED;
#else
psa_status_t status;
@@ -1395,7 +1395,7 @@ psa_status_t psa_verify_hash(psa_key_id_t key_id,
#endif
return status;
-#endif /* TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED */
+#endif /* TFM_CRYPTO_ASYM_SIGN_MODULE_DISABLED */
}
psa_status_t psa_asymmetric_encrypt(psa_key_id_t key_id,
@@ -1408,7 +1408,7 @@ psa_status_t psa_asymmetric_encrypt(psa_key_id_t key_id,
size_t output_size,
size_t *output_length)
{
-#ifdef TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED
+#ifdef TFM_CRYPTO_ASYM_ENCRYPT_MODULE_DISABLED
return PSA_ERROR_NOT_SUPPORTED;
#else
psa_status_t status;
@@ -1456,7 +1456,7 @@ psa_status_t psa_asymmetric_encrypt(psa_key_id_t key_id,
#endif
return status;
-#endif /* TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED */
+#endif /* TFM_CRYPTO_ASYM_ENCRYPT_MODULE_DISABLED */
}
psa_status_t psa_asymmetric_decrypt(psa_key_id_t key_id,
@@ -1469,7 +1469,7 @@ psa_status_t psa_asymmetric_decrypt(psa_key_id_t key_id,
size_t output_size,
size_t *output_length)
{
-#ifdef TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED
+#ifdef TFM_CRYPTO_ASYM_ENCRYPT_MODULE_DISABLED
return PSA_ERROR_NOT_SUPPORTED;
#else
psa_status_t status;
@@ -1517,7 +1517,7 @@ psa_status_t psa_asymmetric_decrypt(psa_key_id_t key_id,
#endif
return status;
-#endif /* TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED */
+#endif /* TFM_CRYPTO_ASYM_ENCRYPT_MODULE_DISABLED */
}
psa_status_t psa_key_derivation_get_capacity(