diff options
author | David Hu <david.hu@arm.com> | 2021-05-12 10:55:53 +0800 |
---|---|---|
committer | David Hu <david.hu@arm.com> | 2021-05-21 05:07:05 +0200 |
commit | 0c250bcb1506d99eded650ea8f21c1f32a0723e9 (patch) | |
tree | 51f464ad6ffaa5766ca5c249f86d1c4f4599130a /secure_fw | |
parent | 9d93424a12b8cc2ba56518f76edadeaabc29e143 (diff) | |
download | trusted-firmware-m-0c250bcb1506d99eded650ea8f21c1f32a0723e9.tar.gz |
Crypto: Refine asymmetric cryptographic control flags
Add CRYPTO_ASYM_SIGN_MODULE_DISABLED flag to control Crypto asymmetric
signature operations.
Add CRYPTO_ASYM_ENCRYPT_MODULE_DISABLED flag to control Crypto
asymmetric encryption operations.
The two new flags replace the existing CRYPTO_ASYMMETRIC_MODULE_DISABLED
flag. Those flags help control Crypto asymmetirc key based operations
independently and align with the PSA Crypto API spec.
Change-Id: I4ff1561187abc9b463ed72b97dea0a8231b8da0e
Signed-off-by: David Hu <david.hu@arm.com>
Diffstat (limited to 'secure_fw')
-rw-r--r-- | secure_fw/partitions/crypto/CMakeLists.txt | 6 | ||||
-rw-r--r-- | secure_fw/partitions/crypto/crypto_asymmetric.c | 16 | ||||
-rw-r--r-- | secure_fw/partitions/crypto/tfm_crypto_secure_api.c | 16 |
3 files changed, 20 insertions, 18 deletions
diff --git a/secure_fw/partitions/crypto/CMakeLists.txt b/secure_fw/partitions/crypto/CMakeLists.txt index 94f56a7441..39f6cb9054 100644 --- a/secure_fw/partitions/crypto/CMakeLists.txt +++ b/secure_fw/partitions/crypto/CMakeLists.txt @@ -67,7 +67,8 @@ target_compile_definitions(tfm_psa_rot_partition_crypto $<$<BOOL:${CRYPTO_CIPHER_MODULE_DISABLED}>:TFM_CRYPTO_CIPHER_MODULE_DISABLED> $<$<BOOL:${CRYPTO_HASH_MODULE_DISABLED}>:TFM_CRYPTO_HASH_MODULE_DISABLED> $<$<BOOL:${CRYPTO_GENERATOR_MODULE_DISABLED}>:TFM_CRYPTO_GENERATOR_MODULE_DISABLED> - $<$<BOOL:${CRYPTO_ASYMMETRIC_MODULE_DISABLED}>:TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED> + $<$<BOOL:${CRYPTO_ASYM_SIGN_MODULE_DISABLED}>:TFM_CRYPTO_ASYM_SIGN_MODULE_DISABLED> + $<$<BOOL:${CRYPTO_ASYM_ENCRYPT_MODULE_DISABLED}>:TFM_CRYPTO_ASYM_ENCRYPT_MODULE_DISABLED> $<$<BOOL:${CRYPTO_KEY_DERIVATION_MODULE_DISABLED}>:TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED> PRIVATE $<$<BOOL:${CRYPTO_ENGINE_BUF_SIZE}>:TFM_CRYPTO_ENGINE_BUF_SIZE=${CRYPTO_ENGINE_BUF_SIZE}> @@ -85,7 +86,8 @@ message(STATUS "CRYPTO_MAC_MODULE_DISABLED is set to ${CRYPTO_MAC_MODULE_DISABLE message(STATUS "CRYPTO_CIPHER_MODULE_DISABLED is set to ${CRYPTO_CIPHER_MODULE_DISABLED}") message(STATUS "CRYPTO_HASH_MODULE_DISABLED is set to ${CRYPTO_HASH_MODULE_DISABLED}") message(STATUS "CRYPTO_GENERATOR_MODULE_DISABLED is set to ${CRYPTO_GENERATOR_MODULE_DISABLED}") -message(STATUS "CRYPTO_ASYMMETRIC_MODULE_DISABLED is set to ${CRYPTO_ASYMMETRIC_MODULE_DISABLED}") +message(STATUS "CRYPTO_ASYM_SIGN_MODULE_DISABLED is set to ${CRYPTO_ASYM_SIGN_MODULE_DISABLED}") +message(STATUS "CRYPTO_ASYM_ENCRYPT_MODULE_DISABLED is set to ${CRYPTO_ASYM_ENCRYPT_MODULE_DISABLED}") message(STATUS "CRYPTO_ENGINE_BUF_SIZE is set to ${CRYPTO_ENGINE_BUF_SIZE}") message(STATUS "CRYPTO_CONC_OPER_NUM is set to ${CRYPTO_CONC_OPER_NUM}") if (${TFM_PSA_API}) diff --git a/secure_fw/partitions/crypto/crypto_asymmetric.c b/secure_fw/partitions/crypto/crypto_asymmetric.c index c3a39094e4..8bf922d144 100644 --- a/secure_fw/partitions/crypto/crypto_asymmetric.c +++ b/secure_fw/partitions/crypto/crypto_asymmetric.c @@ -25,7 +25,7 @@ psa_status_t tfm_crypto_sign_hash(psa_invec in_vec[], psa_outvec out_vec[], size_t out_len) { -#ifdef TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED +#ifdef TFM_CRYPTO_ASYM_SIGN_MODULE_DISABLED return PSA_ERROR_NOT_SUPPORTED; #else CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 1, 2, out_len, 0, 1); @@ -55,7 +55,7 @@ psa_status_t tfm_crypto_sign_hash(psa_invec in_vec[], return psa_sign_hash(encoded_key, alg, hash, hash_length, signature, signature_size, &(out_vec[0].len)); -#endif /* TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED */ +#endif /* TFM_CRYPTO_ASYM_SIGN_MODULE_DISABLED */ } psa_status_t tfm_crypto_verify_hash(psa_invec in_vec[], @@ -63,7 +63,7 @@ psa_status_t tfm_crypto_verify_hash(psa_invec in_vec[], psa_outvec out_vec[], size_t out_len) { -#ifdef TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED +#ifdef TFM_CRYPTO_ASYM_SIGN_MODULE_DISABLED return PSA_ERROR_NOT_SUPPORTED; #else CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 1, 3, out_len, 0, 0); @@ -94,7 +94,7 @@ psa_status_t tfm_crypto_verify_hash(psa_invec in_vec[], return psa_verify_hash(encoded_key, alg, hash, hash_length, signature, signature_length); -#endif /* TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED */ +#endif /* TFM_CRYPTO_ASYM_SIGN_MODULE_DISABLED */ } psa_status_t tfm_crypto_asymmetric_encrypt(psa_invec in_vec[], @@ -102,7 +102,7 @@ psa_status_t tfm_crypto_asymmetric_encrypt(psa_invec in_vec[], psa_outvec out_vec[], size_t out_len) { -#ifdef TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED +#ifdef TFM_CRYPTO_ASYM_ENCRYPT_MODULE_DISABLED return PSA_ERROR_NOT_SUPPORTED; #else psa_status_t status; @@ -155,7 +155,7 @@ psa_status_t tfm_crypto_asymmetric_encrypt(psa_invec in_vec[], return psa_asymmetric_encrypt(encoded_key, alg, input, input_length, salt, salt_length, output, output_size, &(out_vec[0].len)); -#endif /* TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED */ +#endif /* TFM_CRYPTO_ASYM_ENCRYPT_MODULE_DISABLED */ } psa_status_t tfm_crypto_asymmetric_decrypt(psa_invec in_vec[], @@ -163,7 +163,7 @@ psa_status_t tfm_crypto_asymmetric_decrypt(psa_invec in_vec[], psa_outvec out_vec[], size_t out_len) { -#ifdef TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED +#ifdef TFM_CRYPTO_ASYM_ENCRYPT_MODULE_DISABLED return PSA_ERROR_NOT_SUPPORTED; #else @@ -198,6 +198,6 @@ psa_status_t tfm_crypto_asymmetric_decrypt(psa_invec in_vec[], return psa_asymmetric_decrypt(encoded_key, alg, input, input_length, salt, salt_length, output, output_size, &(out_vec[0].len)); -#endif /* TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED */ +#endif /* TFM_CRYPTO_ASYM_ENCRYPT_MODULE_DISABLED */ } /*!@}*/ diff --git a/secure_fw/partitions/crypto/tfm_crypto_secure_api.c b/secure_fw/partitions/crypto/tfm_crypto_secure_api.c index 5bd40da31f..56df0394f1 100644 --- a/secure_fw/partitions/crypto/tfm_crypto_secure_api.c +++ b/secure_fw/partitions/crypto/tfm_crypto_secure_api.c @@ -1316,7 +1316,7 @@ psa_status_t psa_sign_hash(psa_key_id_t key_id, size_t signature_size, size_t *signature_length) { -#ifdef TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED +#ifdef TFM_CRYPTO_ASYM_SIGN_MODULE_DISABLED return PSA_ERROR_NOT_SUPPORTED; #else psa_status_t status; @@ -1347,7 +1347,7 @@ psa_status_t psa_sign_hash(psa_key_id_t key_id, #endif return status; -#endif /* TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED */ +#endif /* TFM_CRYPTO_ASYM_SIGN_MODULE_DISABLED */ } psa_status_t psa_asymmetric_verify(psa_key_id_t key_id, @@ -1368,7 +1368,7 @@ psa_status_t psa_verify_hash(psa_key_id_t key_id, const uint8_t *signature, size_t signature_length) { -#ifdef TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED +#ifdef TFM_CRYPTO_ASYM_SIGN_MODULE_DISABLED return PSA_ERROR_NOT_SUPPORTED; #else psa_status_t status; @@ -1395,7 +1395,7 @@ psa_status_t psa_verify_hash(psa_key_id_t key_id, #endif return status; -#endif /* TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED */ +#endif /* TFM_CRYPTO_ASYM_SIGN_MODULE_DISABLED */ } psa_status_t psa_asymmetric_encrypt(psa_key_id_t key_id, @@ -1408,7 +1408,7 @@ psa_status_t psa_asymmetric_encrypt(psa_key_id_t key_id, size_t output_size, size_t *output_length) { -#ifdef TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED +#ifdef TFM_CRYPTO_ASYM_ENCRYPT_MODULE_DISABLED return PSA_ERROR_NOT_SUPPORTED; #else psa_status_t status; @@ -1456,7 +1456,7 @@ psa_status_t psa_asymmetric_encrypt(psa_key_id_t key_id, #endif return status; -#endif /* TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED */ +#endif /* TFM_CRYPTO_ASYM_ENCRYPT_MODULE_DISABLED */ } psa_status_t psa_asymmetric_decrypt(psa_key_id_t key_id, @@ -1469,7 +1469,7 @@ psa_status_t psa_asymmetric_decrypt(psa_key_id_t key_id, size_t output_size, size_t *output_length) { -#ifdef TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED +#ifdef TFM_CRYPTO_ASYM_ENCRYPT_MODULE_DISABLED return PSA_ERROR_NOT_SUPPORTED; #else psa_status_t status; @@ -1517,7 +1517,7 @@ psa_status_t psa_asymmetric_decrypt(psa_key_id_t key_id, #endif return status; -#endif /* TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED */ +#endif /* TFM_CRYPTO_ASYM_ENCRYPT_MODULE_DISABLED */ } psa_status_t psa_key_derivation_get_capacity( |