diff options
-rw-r--r-- | docs/integration_guide/services/tfm_secure_partition_addition.rst | 19 | ||||
-rw-r--r-- | interface/src/tfm_crypto_ipc_api.c | 214 | ||||
-rw-r--r-- | secure_fw/partitions/crypto/crypto_init.c | 4 | ||||
-rw-r--r-- | secure_fw/partitions/crypto/tfm_crypto.yaml | 5 | ||||
-rw-r--r-- | secure_fw/partitions/crypto/tfm_crypto_secure_api.c | 391 |
5 files changed, 38 insertions, 595 deletions
diff --git a/docs/integration_guide/services/tfm_secure_partition_addition.rst b/docs/integration_guide/services/tfm_secure_partition_addition.rst index 9343aab2d4..27dc7dab09 100644 --- a/docs/integration_guide/services/tfm_secure_partition_addition.rst +++ b/docs/integration_guide/services/tfm_secure_partition_addition.rst @@ -200,6 +200,25 @@ Here is the RoT Service ID table used in TF-M. tfm_ps_test_service 0x0000F 0x0C0-0x0DF =========================== ====================== ======================== +RoT Service Stateless Handle Distribution +----------------------------------------- +A RoT Service may include stateless services. They are distinguished and +referenced by stateless handles. In manifest, a ``stateless_handle`` attribute +is set for indexing stateless services. The valid range is [1, 32] in current +implementation and may extend. + +Here is the stateless handle allocation for partitions in TF-M. Partitions not +listed are not applied to stateless mechanism yet. + +.. table:: Stateless Handle table + :widths: auto + + =============================== ======================= + **Partition name** **Stateless Handle** + =============================== ======================= + TFM_SP_CRYPTO 1 + =============================== ======================= + mmio_regions ------------ This attribute is a list of MMIO region objects which the Secure Partition diff --git a/interface/src/tfm_crypto_ipc_api.c b/interface/src/tfm_crypto_ipc_api.c index 33aff2d2a9..e925c36ea9 100644 --- a/interface/src/tfm_crypto_ipc_api.c +++ b/interface/src/tfm_crypto_ipc_api.c @@ -11,22 +11,13 @@ #include "psa_manifest/sid.h" #include "psa/client.h" -#define PSA_CONNECT(service) \ - psa_handle_t ipc_handle; \ - ipc_handle = psa_connect(service##_SID, service##_VERSION); \ - if (!PSA_HANDLE_IS_VALID(ipc_handle)) { \ - return PSA_ERROR_GENERIC_ERROR; \ - } \ - -#define PSA_CLOSE() psa_close(ipc_handle) - #define API_DISPATCH(sfn_name, sfn_id) \ - psa_call(ipc_handle, PSA_IPC_CALL, \ + psa_call(TFM_CRYPTO_HANDLE, PSA_IPC_CALL, \ in_vec, IOVEC_LEN(in_vec), \ out_vec, IOVEC_LEN(out_vec)) #define API_DISPATCH_NO_OUTVEC(sfn_name, sfn_id) \ - psa_call(ipc_handle, PSA_IPC_CALL, \ + psa_call(TFM_CRYPTO_HANDLE, PSA_IPC_CALL, \ in_vec, IOVEC_LEN(in_vec), \ (psa_outvec *)NULL, 0) @@ -53,13 +44,9 @@ psa_status_t psa_open_key(psa_key_id_t id, {.base = key, .len = sizeof(psa_key_id_t)}, }; - PSA_CONNECT(TFM_CRYPTO); - status = API_DISPATCH(tfm_crypto_open_key, TFM_CRYPTO_OPEN_KEY); - PSA_CLOSE(); - return status; } @@ -74,13 +61,9 @@ psa_status_t psa_close_key(psa_key_id_t key) {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)}, }; - PSA_CONNECT(TFM_CRYPTO); - status = API_DISPATCH_NO_OUTVEC(tfm_crypto_close_key, TFM_CRYPTO_CLOSE_KEY);; - PSA_CLOSE(); - return status; } @@ -102,11 +85,8 @@ psa_status_t psa_import_key(const psa_key_attributes_t *attributes, {.base = key, .len = sizeof(psa_key_id_t)} }; - PSA_CONNECT(TFM_CRYPTO); - status = API_DISPATCH(tfm_crypto_import_key, TFM_CRYPTO_IMPORT_KEY); - PSA_CLOSE(); return status; } @@ -122,11 +102,8 @@ psa_status_t psa_destroy_key(psa_key_id_t key) {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)}, }; - PSA_CONNECT(TFM_CRYPTO); - status = API_DISPATCH_NO_OUTVEC(tfm_crypto_destroy_key, TFM_CRYPTO_DESTROY_KEY); - PSA_CLOSE(); return status; } @@ -146,11 +123,8 @@ psa_status_t psa_get_key_attributes(psa_key_id_t key, {.base = attributes, .len = sizeof(psa_key_attributes_t)}, }; - PSA_CONNECT(TFM_CRYPTO); - status = API_DISPATCH(tfm_crypto_get_key_attributes, TFM_CRYPTO_GET_KEY_ATTRIBUTES); - PSA_CLOSE(); return status; } @@ -167,15 +141,8 @@ void psa_reset_key_attributes(psa_key_attributes_t *attributes) {.base = attributes, .len = sizeof(psa_key_attributes_t)}, }; - psa_handle_t ipc_handle; - ipc_handle = psa_connect(TFM_CRYPTO_SID, TFM_CRYPTO_VERSION); - if (!PSA_HANDLE_IS_VALID(ipc_handle)) { - return; - } - (void)API_DISPATCH(tfm_crypto_reset_key_attributes, - TFM_CRYPTO_RESET_KEY_ATTRIBUTES); - PSA_CLOSE(); + TFM_CRYPTO_RESET_KEY_ATTRIBUTES); return; } @@ -197,15 +164,11 @@ psa_status_t psa_export_key(psa_key_id_t key, {.base = data, .len = data_size} }; - PSA_CONNECT(TFM_CRYPTO); - status = API_DISPATCH(tfm_crypto_export_key, TFM_CRYPTO_EXPORT_KEY); *data_length = out_vec[0].len; - PSA_CLOSE(); - return status; } @@ -227,15 +190,11 @@ psa_status_t psa_export_public_key(psa_key_id_t key, {.base = data, .len = data_size} }; - PSA_CONNECT(TFM_CRYPTO); - status = API_DISPATCH(tfm_crypto_export_public_key, TFM_CRYPTO_EXPORT_PUBLIC_KEY); *data_length = out_vec[0].len; - PSA_CLOSE(); - return status; } @@ -250,13 +209,9 @@ psa_status_t psa_purge_key(psa_key_id_t key) {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)}, }; - PSA_CONNECT(TFM_CRYPTO); - status = API_DISPATCH_NO_OUTVEC(tfm_crypto_purge_key, TFM_CRYPTO_PURGE_KEY); - PSA_CLOSE(); - return status; } @@ -280,13 +235,9 @@ psa_status_t psa_copy_key(psa_key_id_t source_key, {.base = target_key, .len = sizeof(psa_key_id_t)}, }; - PSA_CONNECT(TFM_CRYPTO); - status = API_DISPATCH(tfm_crypto_copy_key, TFM_CRYPTO_COPY_KEY); - PSA_CLOSE(); - return status; } @@ -309,15 +260,11 @@ psa_status_t psa_cipher_generate_iv(psa_cipher_operation_t *operation, {.base = iv, .len = iv_size}, }; - PSA_CONNECT(TFM_CRYPTO); - status = API_DISPATCH(tfm_crypto_cipher_generate_iv, TFM_CRYPTO_CIPHER_GENERATE_IV); *iv_length = out_vec[1].len; - PSA_CLOSE(); - return status; } @@ -339,13 +286,9 @@ psa_status_t psa_cipher_set_iv(psa_cipher_operation_t *operation, {.base = &(operation->handle), .len = sizeof(uint32_t)}, }; - PSA_CONNECT(TFM_CRYPTO); - status = API_DISPATCH(tfm_crypto_cipher_set_iv, TFM_CRYPTO_CIPHER_SET_IV); - PSA_CLOSE(); - return status; } @@ -368,13 +311,9 @@ psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation, {.base = &(operation->handle), .len = sizeof(uint32_t)}, }; - PSA_CONNECT(TFM_CRYPTO); - status = API_DISPATCH(tfm_crypto_cipher_encrypt_setup, TFM_CRYPTO_CIPHER_ENCRYPT_SETUP); - PSA_CLOSE(); - return status; } @@ -397,13 +336,9 @@ psa_status_t psa_cipher_decrypt_setup(psa_cipher_operation_t *operation, {.base = &(operation->handle), .len = sizeof(uint32_t)}, }; - PSA_CONNECT(TFM_CRYPTO); - status = API_DISPATCH(tfm_crypto_cipher_decrypt_setup, TFM_CRYPTO_CIPHER_DECRYPT_SETUP); - PSA_CLOSE(); - return status; } @@ -429,15 +364,11 @@ psa_status_t psa_cipher_update(psa_cipher_operation_t *operation, {.base = output, .len = output_size} }; - PSA_CONNECT(TFM_CRYPTO); - status = API_DISPATCH(tfm_crypto_cipher_update, TFM_CRYPTO_CIPHER_UPDATE); *output_length = out_vec[1].len; - PSA_CLOSE(); - return status; } @@ -456,13 +387,9 @@ psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation) {.base = &(operation->handle), .len = sizeof(uint32_t)}, }; - PSA_CONNECT(TFM_CRYPTO); - status = API_DISPATCH(tfm_crypto_cipher_abort, TFM_CRYPTO_CIPHER_ABORT); - PSA_CLOSE(); - return status; } @@ -485,15 +412,11 @@ psa_status_t psa_cipher_finish(psa_cipher_operation_t *operation, {.base = output, .len = output_size}, }; - PSA_CONNECT(TFM_CRYPTO); - status = API_DISPATCH(tfm_crypto_cipher_finish, TFM_CRYPTO_CIPHER_FINISH); *output_length = out_vec[1].len; - PSA_CLOSE(); - return status; } @@ -514,13 +437,9 @@ psa_status_t psa_hash_setup(psa_hash_operation_t *operation, {.base = &(operation->handle), .len = sizeof(uint32_t)}, }; - PSA_CONNECT(TFM_CRYPTO); - status = API_DISPATCH(tfm_crypto_hash_setup, TFM_CRYPTO_HASH_SETUP); - PSA_CLOSE(); - return status; } @@ -542,13 +461,9 @@ psa_status_t psa_hash_update(psa_hash_operation_t *operation, {.base = &(operation->handle), .len = sizeof(uint32_t)}, }; - PSA_CONNECT(TFM_CRYPTO); - status = API_DISPATCH(tfm_crypto_hash_update, TFM_CRYPTO_HASH_UPDATE); - PSA_CLOSE(); - return status; } @@ -571,15 +486,11 @@ psa_status_t psa_hash_finish(psa_hash_operation_t *operation, {.base = hash, .len = hash_size}, }; - PSA_CONNECT(TFM_CRYPTO); - status = API_DISPATCH(tfm_crypto_hash_finish, TFM_CRYPTO_HASH_FINISH); *hash_length = out_vec[1].len; - PSA_CLOSE(); - return status; } @@ -601,13 +512,9 @@ psa_status_t psa_hash_verify(psa_hash_operation_t *operation, {.base = &(operation->handle), .len = sizeof(uint32_t)}, }; - PSA_CONNECT(TFM_CRYPTO); - status = API_DISPATCH(tfm_crypto_hash_verify, TFM_CRYPTO_HASH_VERIFY); - PSA_CLOSE(); - return status; } @@ -626,13 +533,9 @@ psa_status_t psa_hash_abort(psa_hash_operation_t *operation) {.base = &(operation->handle), .len = sizeof(uint32_t)}, }; - PSA_CONNECT(TFM_CRYPTO); - status = API_DISPATCH(tfm_crypto_hash_abort, TFM_CRYPTO_HASH_ABORT); - PSA_CLOSE(); - return status; } @@ -656,13 +559,9 @@ psa_status_t psa_hash_clone(const psa_hash_operation_t *source_operation, return PSA_ERROR_BAD_STATE; } - PSA_CONNECT(TFM_CRYPTO); - status = API_DISPATCH(tfm_crypto_hash_clone, TFM_CRYPTO_HASH_CLONE); - PSA_CLOSE(); - return status; } @@ -688,15 +587,11 @@ psa_status_t psa_hash_compute(psa_algorithm_t alg, {.base = hash, .len = hash_size} }; - PSA_CONNECT(TFM_CRYPTO); - status = API_DISPATCH(tfm_crypto_hash_compute, TFM_CRYPTO_HASH_COMPUTE); *hash_length = out_vec[0].len; - PSA_CLOSE(); - return status; } @@ -718,13 +613,9 @@ psa_status_t psa_hash_compare(psa_algorithm_t alg, {.base = hash, .len = hash_length}, }; - PSA_CONNECT(TFM_CRYPTO); - status = API_DISPATCH_NO_OUTVEC(tfm_crypto_hash_compare, TFM_CRYPTO_HASH_COMPARE); - PSA_CLOSE(); - return status; } @@ -747,13 +638,9 @@ psa_status_t psa_mac_sign_setup(psa_mac_operation_t *operation, {.base = &(operation->handle), .len = sizeof(uint32_t)}, }; - PSA_CONNECT(TFM_CRYPTO); - status = API_DISPATCH(tfm_crypto_mac_sign_setup, TFM_CRYPTO_MAC_SIGN_SETUP); - PSA_CLOSE(); - return status; } @@ -776,13 +663,9 @@ psa_status_t psa_mac_verify_setup(psa_mac_operation_t *operation, {.base = &(operation->handle), .len = sizeof(uint32_t)}, }; - PSA_CONNECT(TFM_CRYPTO); - status = API_DISPATCH(tfm_crypto_mac_verify_setup, TFM_CRYPTO_MAC_VERIFY_SETUP); - PSA_CLOSE(); - return status; } @@ -804,13 +687,9 @@ psa_status_t psa_mac_update(psa_mac_operation_t *operation, {.base = &(operation->handle), .len = sizeof(uint32_t)}, }; - PSA_CONNECT(TFM_CRYPTO); - status = API_DISPATCH(tfm_crypto_mac_update, TFM_CRYPTO_MAC_UPDATE); - PSA_CLOSE(); - return status; } @@ -833,15 +712,11 @@ psa_status_t psa_mac_sign_finish(psa_mac_operation_t *operation, {.base = mac, .len = mac_size}, }; - PSA_CONNECT(TFM_CRYPTO); - status = API_DISPATCH(tfm_crypto_mac_sign_finish, TFM_CRYPTO_MAC_SIGN_FINISH); *mac_length = out_vec[1].len; - PSA_CLOSE(); - return status; } @@ -863,13 +738,9 @@ psa_status_t psa_mac_verify_finish(psa_mac_operation_t *operation, {.base = &(operation->handle), .len = sizeof(uint32_t)}, }; - PSA_CONNECT(TFM_CRYPTO); - status = API_DISPATCH(tfm_crypto_mac_verify_finish, TFM_CRYPTO_MAC_VERIFY_FINISH); - PSA_CLOSE(); - return status; } @@ -888,13 +759,9 @@ psa_status_t psa_mac_abort(psa_mac_operation_t *operation) {.base = &(operation->handle), .len = sizeof(uint32_t)}, }; - PSA_CONNECT(TFM_CRYPTO); - status = API_DISPATCH(tfm_crypto_mac_abort, TFM_CRYPTO_MAC_ABORT); - PSA_CLOSE(); - return status; } @@ -943,19 +810,15 @@ psa_status_t psa_aead_encrypt(psa_key_id_t key, } } - PSA_CONNECT(TFM_CRYPTO); - size_t in_len = IOVEC_LEN(in_vec); if (additional_data == NULL) { in_len--; } - status = psa_call(ipc_handle, PSA_IPC_CALL, in_vec, in_len, + status = psa_call(TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, in_len, out_vec, IOVEC_LEN(out_vec)); *ciphertext_length = out_vec[0].len; - PSA_CLOSE(); - return status; } @@ -1004,19 +867,15 @@ psa_status_t psa_aead_decrypt(psa_key_id_t key, } } - PSA_CONNECT(TFM_CRYPTO); - size_t in_len = IOVEC_LEN(in_vec); if (additional_data == NULL) { in_len--; } - status = psa_call(ipc_handle, PSA_IPC_CALL, in_vec, in_len, + status = psa_call(TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, in_len, out_vec, IOVEC_LEN(out_vec)); *plaintext_length = out_vec[0].len; - PSA_CLOSE(); - return status; } @@ -1054,15 +913,11 @@ psa_status_t psa_sign_hash(psa_key_id_t key, {.base = signature, .len = signature_size}, }; - PSA_CONNECT(TFM_CRYPTO); - status = API_DISPATCH(tfm_crypto_sign_hash, TFM_CRYPTO_SIGN_HASH); *signature_length = out_vec[0].len; - PSA_CLOSE(); - return status; } @@ -1096,13 +951,9 @@ psa_status_t psa_verify_hash(psa_key_id_t key, {.base = signature, .len = signature_length} }; - PSA_CONNECT(TFM_CRYPTO); - status = API_DISPATCH_NO_OUTVEC(tfm_crypto_verify_hash, TFM_CRYPTO_VERIFY_HASH); - PSA_CLOSE(); - return status; } @@ -1138,19 +989,15 @@ psa_status_t psa_asymmetric_encrypt(psa_key_id_t key, {.base = output, .len = output_size}, }; - PSA_CONNECT(TFM_CRYPTO); - size_t in_len = IOVEC_LEN(in_vec); if (salt == NULL) { in_len--; } - status = psa_call(ipc_handle, PSA_IPC_CALL, in_vec, in_len, + status = psa_call(TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, in_len, out_vec, IOVEC_LEN(out_vec)); *output_length = out_vec[0].len; - PSA_CLOSE(); - return status; } @@ -1186,19 +1033,15 @@ psa_status_t psa_asymmetric_decrypt(psa_key_id_t key, {.base = output, .len = output_size}, }; - PSA_CONNECT(TFM_CRYPTO); - size_t in_len = IOVEC_LEN(in_vec); if (salt == NULL) { in_len--; } - status = psa_call(ipc_handle, PSA_IPC_CALL, in_vec, in_len, + status = psa_call(TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, in_len, out_vec, IOVEC_LEN(out_vec)); *output_length = out_vec[0].len; - PSA_CLOSE(); - return status; } @@ -1220,13 +1063,9 @@ psa_status_t psa_key_derivation_get_capacity( {.base = capacity, .len = sizeof(size_t)}, }; - PSA_CONNECT(TFM_CRYPTO); - status = API_DISPATCH(tfm_crypto_key_derivation_get_capacity, TFM_CRYPTO_KEY_DERIVATION_GET_CAPACITY); - PSA_CLOSE(); - return status; } @@ -1249,13 +1088,9 @@ psa_status_t psa_key_derivation_output_bytes( {.base = output, .len = output_length}, }; - PSA_CONNECT(TFM_CRYPTO); - status = API_DISPATCH(tfm_crypto_key_derivation_output_bytes, TFM_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES); - PSA_CLOSE(); - return status; } @@ -1276,13 +1111,9 @@ psa_status_t psa_key_derivation_input_key( {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)}, }; - PSA_CONNECT(TFM_CRYPTO); - status = API_DISPATCH_NO_OUTVEC(tfm_crypto_key_derivation_input_key, TFM_CRYPTO_KEY_DERIVATION_INPUT_KEY); - PSA_CLOSE(); - return status; } @@ -1303,13 +1134,9 @@ psa_status_t psa_key_derivation_abort( {.base = &(operation->handle), .len = sizeof(uint32_t)}, }; - PSA_CONNECT(TFM_CRYPTO); - status = API_DISPATCH(tfm_crypto_key_derivation_abort, TFM_CRYPTO_KEY_DERIVATION_ABORT); - PSA_CLOSE(); - return status; } @@ -1333,13 +1160,9 @@ psa_status_t psa_key_derivation_key_agreement( {.base = peer_key, .len = peer_key_length}, }; - PSA_CONNECT(TFM_CRYPTO); - status = API_DISPATCH_NO_OUTVEC(tfm_crypto_key_derivation_key_agreement, TFM_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT); - PSA_CLOSE(); - return status; } @@ -1363,13 +1186,9 @@ psa_status_t psa_generate_random(uint8_t *output, return PSA_SUCCESS; } - PSA_CONNECT(TFM_CRYPTO); - status = API_DISPATCH(tfm_crypto_generate_random, TFM_CRYPTO_GENERATE_RANDOM); - PSA_CLOSE(); - return status; } @@ -1390,11 +1209,8 @@ psa_status_t psa_generate_key(const psa_key_attributes_t *attributes, {.base = key, .len = sizeof(psa_key_id_t)}, }; - PSA_CONNECT(TFM_CRYPTO); - status = API_DISPATCH(tfm_crypto_generate_key, TFM_CRYPTO_GENERATE_KEY); - PSA_CLOSE(); return status; } @@ -1531,15 +1347,11 @@ psa_status_t psa_raw_key_agreement(psa_algorithm_t alg, {.base = output, .len = output_size}, }; - PSA_CONNECT(TFM_CRYPTO); - status = API_DISPATCH(tfm_crypto_raw_key_agreement, TFM_CRYPTO_RAW_KEY_AGREEMENT); *output_length = out_vec[0].len; - PSA_CLOSE(); - return status; } @@ -1560,11 +1372,8 @@ psa_status_t psa_key_derivation_setup(psa_key_derivation_operation_t *operation, {.base = &(operation->handle), .len = sizeof(uint32_t)}, }; - PSA_CONNECT(TFM_CRYPTO); - status = API_DISPATCH(tfm_crypto_key_derivation_setup, TFM_CRYPTO_KEY_DERIVATION_SETUP); - PSA_CLOSE(); return status; } @@ -1584,11 +1393,8 @@ psa_status_t psa_key_derivation_set_capacity( {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)}, }; - PSA_CONNECT(TFM_CRYPTO); - status = API_DISPATCH_NO_OUTVEC(tfm_crypto_key_derivation_set_capacity, TFM_CRYPTO_KEY_DERIVATION_SET_CAPACITY); - PSA_CLOSE(); return status; } @@ -1611,11 +1417,8 @@ psa_status_t psa_key_derivation_input_bytes( {.base = data, .len = data_length}, }; - PSA_CONNECT(TFM_CRYPTO); - status = API_DISPATCH_NO_OUTVEC(tfm_crypto_key_derivation_input_bytes, TFM_CRYPTO_KEY_DERIVATION_INPUT_BYTES); - PSA_CLOSE(); return status; } @@ -1640,11 +1443,8 @@ psa_status_t psa_key_derivation_output_key( {.base = key, .len = sizeof(psa_key_id_t)} }; - PSA_CONNECT(TFM_CRYPTO); - status = API_DISPATCH(tfm_crypto_key_derivation_output_key, TFM_CRYPTO_KEY_DERIVATION_OUTPUT_KEY); - PSA_CLOSE(); return status; } diff --git a/secure_fw/partitions/crypto/crypto_init.c b/secure_fw/partitions/crypto/crypto_init.c index d60e897a9c..bcb336e352 100644 --- a/secure_fw/partitions/crypto/crypto_init.c +++ b/secure_fw/partitions/crypto/crypto_init.c @@ -230,10 +230,6 @@ static void tfm_crypto_ipc_handler(void) /* Process the message type */ switch (msg.type) { - case PSA_IPC_CONNECT: - case PSA_IPC_DISCONNECT: - psa_reply(msg.handle, PSA_SUCCESS); - break; case PSA_IPC_CALL: /* Parse the message */ status = tfm_crypto_parse_msg(&msg, &iov, &sfn_id); diff --git a/secure_fw/partitions/crypto/tfm_crypto.yaml b/secure_fw/partitions/crypto/tfm_crypto.yaml index c97bf94543..449668a4e7 100644 --- a/secure_fw/partitions/crypto/tfm_crypto.yaml +++ b/secure_fw/partitions/crypto/tfm_crypto.yaml @@ -6,10 +6,11 @@ #------------------------------------------------------------------------------- { - "psa_framework_version": 1.0, + "psa_framework_version": 1.1, "name": "TFM_SP_CRYPTO", "type": "PSA-ROT", "priority": "NORMAL", + "model": "IPC", "entry_point": "tfm_crypto_init", "stack_size": "0x2000", "secure_functions": [ @@ -460,6 +461,8 @@ "name": "TFM_CRYPTO", "sid": "0x00000080", "non_secure_clients": true, + "connection_based": false, + "stateless_handle": 1, "version": 1, "version_policy": "STRICT" }, diff --git a/secure_fw/partitions/crypto/tfm_crypto_secure_api.c b/secure_fw/partitions/crypto/tfm_crypto_secure_api.c index 34beb288b1..33ce405819 100644 --- a/secure_fw/partitions/crypto/tfm_crypto_secure_api.c +++ b/secure_fw/partitions/crypto/tfm_crypto_secure_api.c @@ -16,22 +16,13 @@ #ifdef TFM_PSA_API #include "psa/client.h" -#define PSA_CONNECT(service) \ - psa_handle_t ipc_handle; \ - ipc_handle = psa_connect(service##_SID, service##_VERSION); \ - if (!PSA_HANDLE_IS_VALID(ipc_handle)) { \ - return PSA_ERROR_GENERIC_ERROR; \ - } \ - -#define PSA_CLOSE() psa_close(ipc_handle) - #define API_DISPATCH(sfn_name, sfn_id) \ - psa_call(ipc_handle, PSA_IPC_CALL, \ + psa_call(TFM_CRYPTO_HANDLE, PSA_IPC_CALL, \ in_vec, ARRAY_SIZE(in_vec), \ out_vec, ARRAY_SIZE(out_vec)) #define API_DISPATCH_NO_OUTVEC(sfn_name, sfn_id) \ - psa_call(ipc_handle, PSA_IPC_CALL, \ + psa_call(TFM_CRYPTO_HANDLE, PSA_IPC_CALL, \ in_vec, ARRAY_SIZE(in_vec), \ (psa_outvec *)NULL, 0) #else @@ -72,17 +63,9 @@ psa_status_t psa_open_key(psa_key_id_t id, {.base = key_id, .len = sizeof(psa_key_id_t)}, }; -#ifdef TFM_PSA_API - PSA_CONNECT(TFM_CRYPTO); -#endif - status = API_DISPATCH(tfm_crypto_open_key, TFM_CRYPTO_OPEN_KEY); -#ifdef TFM_PSA_API - PSA_CLOSE(); -#endif - return status; #endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */ } @@ -101,17 +84,9 @@ psa_status_t psa_close_key(psa_key_id_t key_id) {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)}, }; -#ifdef TFM_PSA_API - PSA_CONNECT(TFM_CRYPTO); -#endif - status = API_DISPATCH_NO_OUTVEC(tfm_crypto_close_key, TFM_CRYPTO_CLOSE_KEY);; -#ifdef TFM_PSA_API - PSA_CLOSE(); -#endif - return status; #endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */ } @@ -137,15 +112,8 @@ psa_status_t psa_import_key(const psa_key_attributes_t *attributes, {.base = key_id, .len = sizeof(psa_key_id_t)} }; -#ifdef TFM_PSA_API - PSA_CONNECT(TFM_CRYPTO); -#endif - status = API_DISPATCH(tfm_crypto_import_key, TFM_CRYPTO_IMPORT_KEY); -#ifdef TFM_PSA_API - PSA_CLOSE(); -#endif return status; #endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */ @@ -165,15 +133,8 @@ psa_status_t psa_destroy_key(psa_key_id_t key_id) {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)}, }; -#ifdef TFM_PSA_API - PSA_CONNECT(TFM_CRYPTO); -#endif - status = API_DISPATCH_NO_OUTVEC(tfm_crypto_destroy_key, TFM_CRYPTO_DESTROY_KEY); -#ifdef TFM_PSA_API - PSA_CLOSE(); -#endif return status; #endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */ @@ -197,15 +158,8 @@ psa_status_t psa_get_key_attributes(psa_key_id_t key_id, {.base = attributes, .len = sizeof(psa_key_attributes_t)}, }; -#ifdef TFM_PSA_API - PSA_CONNECT(TFM_CRYPTO); -#endif - status = API_DISPATCH(tfm_crypto_get_key_attributes, TFM_CRYPTO_GET_KEY_ATTRIBUTES); -#ifdef TFM_PSA_API - PSA_CLOSE(); -#endif return status; #endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */ @@ -226,19 +180,8 @@ void psa_reset_key_attributes(psa_key_attributes_t *attributes) {.base = attributes, .len = sizeof(psa_key_attributes_t)}, }; -#ifdef TFM_PSA_API - psa_handle_t ipc_handle; - ipc_handle = psa_connect(TFM_CRYPTO_SID, TFM_CRYPTO_VERSION); - if (!PSA_HANDLE_IS_VALID(ipc_handle)) { - return; - } -#endif - (void)API_DISPATCH(tfm_crypto_reset_key_attributes, - TFM_CRYPTO_RESET_KEY_ATTRIBUTES); -#ifdef TFM_PSA_API - PSA_CLOSE(); -#endif + TFM_CRYPTO_RESET_KEY_ATTRIBUTES); return; #endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */ @@ -264,19 +207,11 @@ psa_status_t psa_export_key(psa_key_id_t key_id, {.base = data, .len = data_size} }; -#ifdef TFM_PSA_API - PSA_CONNECT(TFM_CRYPTO); -#endif - status = API_DISPATCH(tfm_crypto_export_key, TFM_CRYPTO_EXPORT_KEY); *data_length = out_vec[0].len; -#ifdef TFM_PSA_API - PSA_CLOSE(); -#endif - return status; #endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */ } @@ -302,19 +237,11 @@ psa_status_t psa_export_public_key(psa_key_id_t key_id, {.base = data, .len = data_size} }; -#ifdef TFM_PSA_API - PSA_CONNECT(TFM_CRYPTO); -#endif - status = API_DISPATCH(tfm_crypto_export_public_key, TFM_CRYPTO_EXPORT_PUBLIC_KEY); *data_length = out_vec[0].len; -#ifdef TFM_PSA_API - PSA_CLOSE(); -#endif - return status; #endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */ } @@ -333,15 +260,8 @@ psa_status_t psa_purge_key(psa_key_id_t key_id) {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)}, }; -#ifdef TFM_PSA_API - PSA_CONNECT(TFM_CRYPTO); -#endif - status = API_DISPATCH_NO_OUTVEC(tfm_crypto_purge_key, TFM_CRYPTO_PURGE_KEY); -#ifdef TFM_PSA_API - PSA_CLOSE(); -#endif return status; #endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */ @@ -369,15 +289,8 @@ psa_status_t psa_copy_key(psa_key_id_t source_key_id, {.base = target_key_id, .len = sizeof(psa_key_id_t)}, }; -#ifdef TFM_PSA_API - PSA_CONNECT(TFM_CRYPTO); -#endif - status = API_DISPATCH(tfm_crypto_copy_key, TFM_CRYPTO_COPY_KEY); -#ifdef TFM_PSA_API - PSA_CLOSE(); -#endif return status; #endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */ @@ -405,19 +318,11 @@ psa_status_t psa_cipher_generate_iv(psa_cipher_operation_t *operation, {.base = iv, .len = iv_size}, }; -#ifdef TFM_PSA_API - PSA_CONNECT(TFM_CRYPTO); -#endif - status = API_DISPATCH(tfm_crypto_cipher_generate_iv, TFM_CRYPTO_CIPHER_GENERATE_IV); *iv_length = out_vec[1].len; -#ifdef TFM_PSA_API - PSA_CLOSE(); -#endif - return status; #endif /* TFM_CRYPTO_CIPHER_MODULE_DISABLED */ } @@ -443,15 +348,8 @@ psa_status_t psa_cipher_set_iv(psa_cipher_operation_t *operation, {.base = &(operation->handle), .len = sizeof(uint32_t)}, }; -#ifdef TFM_PSA_API - PSA_CONNECT(TFM_CRYPTO); -#endif - status = API_DISPATCH(tfm_crypto_cipher_set_iv, TFM_CRYPTO_CIPHER_SET_IV); -#ifdef TFM_PSA_API - PSA_CLOSE(); -#endif return status; #endif /* TFM_CRYPTO_CIPHER_MODULE_DISABLED */ @@ -479,15 +377,8 @@ psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation, {.base = &(operation->handle), .len = sizeof(uint32_t)}, }; -#ifdef TFM_PSA_API - PSA_CONNECT(TFM_CRYPTO); -#endif - status = API_DISPATCH(tfm_crypto_cipher_encrypt_setup, TFM_CRYPTO_CIPHER_ENCRYPT_SETUP); -#ifdef TFM_PSA_API - PSA_CLOSE(); -#endif return status; #endif /* TFM_CRYPTO_CIPHER_MODULE_DISABLED */ @@ -515,15 +406,9 @@ psa_status_t psa_cipher_decrypt_setup(psa_cipher_operation_t *operation, {.base = &(operation->handle), .len = sizeof(uint32_t)}, }; -#ifdef TFM_PSA_API - PSA_CONNECT(TFM_CRYPTO); -#endif status = API_DISPATCH(tfm_crypto_cipher_decrypt_setup, TFM_CRYPTO_CIPHER_DECRYPT_SETUP); -#ifdef TFM_PSA_API - PSA_CLOSE(); -#endif return status; #endif /* TFM_CRYPTO_CIPHER_MODULE_DISABLED */ @@ -554,19 +439,11 @@ psa_status_t psa_cipher_update(psa_cipher_operation_t *operation, {.base = output, .len = output_size} }; -#ifdef TFM_PSA_API - PSA_CONNECT(TFM_CRYPTO); -#endif - status = API_DISPATCH(tfm_crypto_cipher_update, TFM_CRYPTO_CIPHER_UPDATE); *output_length = out_vec[1].len; -#ifdef TFM_PSA_API - PSA_CLOSE(); -#endif - return status; #endif /* TFM_CRYPTO_CIPHER_MODULE_DISABLED */ } @@ -589,15 +466,8 @@ psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation) {.base = &(operation->handle), .len = sizeof(uint32_t)}, }; -#ifdef TFM_PSA_API - PSA_CONNECT(TFM_CRYPTO); -#endif - status = API_DISPATCH(tfm_crypto_cipher_abort, TFM_CRYPTO_CIPHER_ABORT); -#ifdef TFM_PSA_API - PSA_CLOSE(); -#endif return status; #endif /* TFM_CRYPTO_CIPHER_MODULE_DISABLED */ @@ -625,19 +495,11 @@ psa_status_t psa_cipher_finish(psa_cipher_operation_t *operation, {.base = output, .len = output_size}, }; -#ifdef TFM_PSA_API - PSA_CONNECT(TFM_CRYPTO); -#endif - status = API_DISPATCH(tfm_crypto_cipher_finish, TFM_CRYPTO_CIPHER_FINISH); *output_length = out_vec[1].len; -#ifdef TFM_PSA_API - PSA_CLOSE(); -#endif - return status; #endif /* TFM_CRYPTO_CIPHER_MODULE_DISABLED */ } @@ -662,17 +524,9 @@ psa_status_t psa_hash_setup(psa_hash_operation_t *operation, {.base = &(operation->handle), .len = sizeof(uint32_t)}, }; -#ifdef TFM_PSA_API - PSA_CONNECT(TFM_CRYPTO); -#endif - status = API_DISPATCH(tfm_crypto_hash_setup, TFM_CRYPTO_HASH_SETUP); -#ifdef TFM_PSA_API - PSA_CLOSE(); -#endif - return status; #endif /* TFM_CRYPTO_HASH_MODULE_DISABLED */ } @@ -698,17 +552,9 @@ psa_status_t psa_hash_update(psa_hash_operation_t *operation, {.base = &(operation->handle), .len = sizeof(uint32_t)}, }; -#ifdef TFM_PSA_API - PSA_CONNECT(TFM_CRYPTO); -#endif - status = API_DISPATCH(tfm_crypto_hash_update, TFM_CRYPTO_HASH_UPDATE); -#ifdef TFM_PSA_API - PSA_CLOSE(); -#endif - return status; #endif /* TFM_CRYPTO_HASH_MODULE_DISABLED */ } @@ -735,19 +581,11 @@ psa_status_t psa_hash_finish(psa_hash_operation_t *operation, {.base = hash, .len = hash_size}, }; -#ifdef TFM_PSA_API - PSA_CONNECT(TFM_CRYPTO); -#endif - status = API_DISPATCH(tfm_crypto_hash_finish, TFM_CRYPTO_HASH_FINISH); *hash_length = out_vec[1].len; -#ifdef TFM_PSA_API - PSA_CLOSE(); -#endif - return status; #endif /* TFM_CRYPTO_HASH_MODULE_DISABLED */ } @@ -773,15 +611,8 @@ psa_status_t psa_hash_verify(psa_hash_operation_t *operation, {.base = &(operation->handle), .len = sizeof(uint32_t)}, }; -#ifdef TFM_PSA_API - PSA_CONNECT(TFM_CRYPTO); -#endif - status = API_DISPATCH(tfm_crypto_hash_verify, TFM_CRYPTO_HASH_VERIFY); -#ifdef TFM_PSA_API - PSA_CLOSE(); -#endif return status; #endif /* TFM_CRYPTO_HASH_MODULE_DISABLED */ @@ -805,15 +636,8 @@ psa_status_t psa_hash_abort(psa_hash_operation_t *operation) {.base = &(operation->handle), .len = sizeof(uint32_t)}, }; -#ifdef TFM_PSA_API - PSA_CONNECT(TFM_CRYPTO); -#endif - status = API_DISPATCH(tfm_crypto_hash_abort, TFM_CRYPTO_HASH_ABORT); -#ifdef TFM_PSA_API - PSA_CLOSE(); -#endif return status; #endif /* TFM_CRYPTO_HASH_MODULE_DISABLED */ @@ -842,15 +666,8 @@ psa_status_t psa_hash_clone(const psa_hash_operation_t *source_operation, return PSA_ERROR_BAD_STATE; } -#ifdef TFM_PSA_API - PSA_CONNECT(TFM_CRYPTO); -#endif - status = API_DISPATCH(tfm_crypto_hash_clone, TFM_CRYPTO_HASH_CLONE); -#ifdef TFM_PSA_API - PSA_CLOSE(); -#endif return status; #endif /* TFM_CRYPTO_HASH_MODULE_DISABLED */ @@ -881,19 +698,11 @@ psa_status_t psa_hash_compute(psa_algorithm_t alg, {.base = hash, .len = hash_size} }; -#ifdef TFM_PSA_API - PSA_CONNECT(TFM_CRYPTO); -#endif - status = API_DISPATCH(tfm_crypto_hash_compute, TFM_CRYPTO_HASH_COMPUTE); *hash_length = out_vec[0].len; -#ifdef TFM_PSA_API - PSA_CLOSE(); -#endif - return status; #endif /* TFM_CRYPTO_HASH_MODULE_DISABLED */ } @@ -919,16 +728,8 @@ psa_status_t psa_hash_compare(psa_algorithm_t alg, {.base = hash, .len = hash_length}, }; -#ifdef TFM_PSA_API - PSA_CONNECT(TFM_CRYPTO); -#endif - status = API_DISPATCH_NO_OUTVEC(tfm_crypto_hash_compare, - TFM_CRYPTO_HASH_COMPARE); - -#ifdef TFM_PSA_API - PSA_CLOSE(); -#endif + TFM_CRYPTO_HASH_COMPARE); return status; #endif /* TFM_CRYPTO_HASH_MODULE_DISABLED */ @@ -956,15 +757,8 @@ psa_status_t psa_mac_sign_setup(psa_mac_operation_t *operation, {.base = &(operation->handle), .len = sizeof(uint32_t)}, }; -#ifdef TFM_PSA_API - PSA_CONNECT(TFM_CRYPTO); -#endif - status = API_DISPATCH(tfm_crypto_mac_sign_setup, TFM_CRYPTO_MAC_SIGN_SETUP); -#ifdef TFM_PSA_API - PSA_CLOSE(); -#endif return status; #endif /* TFM_CRYPTO_MAC_MODULE_DISABLED */ @@ -992,15 +786,8 @@ psa_status_t psa_mac_verify_setup(psa_mac_operation_t *operation, {.base = &(operation->handle), .len = sizeof(uint32_t)}, }; -#ifdef TFM_PSA_API - PSA_CONNECT(TFM_CRYPTO); -#endif - status = API_DISPATCH(tfm_crypto_mac_verify_setup, TFM_CRYPTO_MAC_VERIFY_SETUP); -#ifdef TFM_PSA_API - PSA_CLOSE(); -#endif return status; #endif /* TFM_CRYPTO_MAC_MODULE_DISABLED */ @@ -1027,15 +814,8 @@ psa_status_t psa_mac_update(psa_mac_operation_t *operation, {.base = &(operation->handle), .len = sizeof(uint32_t)}, }; -#ifdef TFM_PSA_API - PSA_CONNECT(TFM_CRYPTO); -#endif - status = API_DISPATCH(tfm_crypto_mac_update, TFM_CRYPTO_MAC_UPDATE); -#ifdef TFM_PSA_API - PSA_CLOSE(); -#endif return status; #endif /* TFM_CRYPTO_MAC_MODULE_DISABLED */ @@ -1063,19 +843,11 @@ psa_status_t psa_mac_sign_finish(psa_mac_operation_t *operation, {.base = mac, .len = mac_size}, }; -#ifdef TFM_PSA_API - PSA_CONNECT(TFM_CRYPTO); -#endif - status = API_DISPATCH(tfm_crypto_mac_sign_finish, TFM_CRYPTO_MAC_SIGN_FINISH); *mac_length = out_vec[1].len; -#ifdef TFM_PSA_API - PSA_CLOSE(); -#endif - return status; #endif /* TFM_CRYPTO_MAC_MODULE_DISABLED */ } @@ -1101,17 +873,9 @@ psa_status_t psa_mac_verify_finish(psa_mac_operation_t *operation, {.base = &(operation->handle), .len = sizeof(uint32_t)}, }; -#ifdef TFM_PSA_API - PSA_CONNECT(TFM_CRYPTO); -#endif - status = API_DISPATCH(tfm_crypto_mac_verify_finish, TFM_CRYPTO_MAC_VERIFY_FINISH); -#ifdef TFM_PSA_API - PSA_CLOSE(); -#endif - return status; #endif /* TFM_CRYPTO_MAC_MODULE_DISABLED */ } @@ -1134,15 +898,8 @@ psa_status_t psa_mac_abort(psa_mac_operation_t *operation) {.base = &(operation->handle), .len = sizeof(uint32_t)}, }; -#ifdef TFM_PSA_API - PSA_CONNECT(TFM_CRYPTO); -#endif - status = API_DISPATCH(tfm_crypto_mac_abort, TFM_CRYPTO_MAC_ABORT); -#ifdef TFM_PSA_API - PSA_CLOSE(); -#endif return status; #endif /* TFM_CRYPTO_MAC_MODULE_DISABLED */ @@ -1197,15 +954,11 @@ psa_status_t psa_aead_encrypt(psa_key_id_t key_id, } #ifdef TFM_PSA_API - PSA_CONNECT(TFM_CRYPTO); -#endif - -#ifdef TFM_PSA_API size_t in_len = ARRAY_SIZE(in_vec); if (additional_data == NULL) { in_len--; } - status = psa_call(ipc_handle, PSA_IPC_CALL, in_vec, in_len, + status = psa_call(TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, in_len, out_vec, ARRAY_SIZE(out_vec)); #else status = API_DISPATCH(tfm_crypto_aead_encrypt, @@ -1214,10 +967,6 @@ psa_status_t psa_aead_encrypt(psa_key_id_t key_id, *ciphertext_length = out_vec[0].len; -#ifdef TFM_PSA_API - PSA_CLOSE(); -#endif - return status; #endif /* TFM_CRYPTO_AEAD_MODULE_DISABLED */ } @@ -1271,15 +1020,11 @@ psa_status_t psa_aead_decrypt(psa_key_id_t key_id, } #ifdef TFM_PSA_API - PSA_CONNECT(TFM_CRYPTO); -#endif - -#ifdef TFM_PSA_API size_t in_len = ARRAY_SIZE(in_vec); if (additional_data == NULL) { in_len--; } - status = psa_call(ipc_handle, PSA_IPC_CALL, in_vec, in_len, + status = psa_call(TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, in_len, out_vec, ARRAY_SIZE(out_vec)); #else status = API_DISPATCH(tfm_crypto_aead_decrypt, @@ -1288,10 +1033,6 @@ psa_status_t psa_aead_decrypt(psa_key_id_t key_id, *plaintext_length = out_vec[0].len; -#ifdef TFM_PSA_API - PSA_CLOSE(); -#endif - return status; #endif /* TFM_CRYPTO_AEAD_MODULE_DISABLED */ } @@ -1334,18 +1075,11 @@ psa_status_t psa_sign_hash(psa_key_id_t key_id, {.base = signature, .len = signature_size}, }; -#ifdef TFM_PSA_API - PSA_CONNECT(TFM_CRYPTO); -#endif status = API_DISPATCH(tfm_crypto_sign_hash, TFM_CRYPTO_SIGN_HASH); *signature_length = out_vec[0].len; -#ifdef TFM_PSA_API - PSA_CLOSE(); -#endif - return status; #endif /* TFM_CRYPTO_ASYM_SIGN_MODULE_DISABLED */ } @@ -1384,15 +1118,8 @@ psa_status_t psa_verify_hash(psa_key_id_t key_id, {.base = signature, .len = signature_length} }; -#ifdef TFM_PSA_API - PSA_CONNECT(TFM_CRYPTO); -#endif - status = API_DISPATCH_NO_OUTVEC(tfm_crypto_verify_hash, TFM_CRYPTO_VERIFY_HASH); -#ifdef TFM_PSA_API - PSA_CLOSE(); -#endif return status; #endif /* TFM_CRYPTO_ASYM_SIGN_MODULE_DISABLED */ @@ -1434,15 +1161,11 @@ psa_status_t psa_asymmetric_encrypt(psa_key_id_t key_id, }; #ifdef TFM_PSA_API - PSA_CONNECT(TFM_CRYPTO); -#endif - -#ifdef TFM_PSA_API size_t in_len = ARRAY_SIZE(in_vec); if (salt == NULL) { in_len--; } - status = psa_call(ipc_handle, PSA_IPC_CALL, in_vec, in_len, + status = psa_call(TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, in_len, out_vec, ARRAY_SIZE(out_vec)); #else status = API_DISPATCH(tfm_crypto_asymmetric_encrypt, @@ -1451,10 +1174,6 @@ psa_status_t psa_asymmetric_encrypt(psa_key_id_t key_id, *output_length = out_vec[0].len; -#ifdef TFM_PSA_API - PSA_CLOSE(); -#endif - return status; #endif /* TFM_CRYPTO_ASYM_ENCRYPT_MODULE_DISABLED */ } @@ -1495,15 +1214,11 @@ psa_status_t psa_asymmetric_decrypt(psa_key_id_t key_id, }; #ifdef TFM_PSA_API - PSA_CONNECT(TFM_CRYPTO); -#endif - -#ifdef TFM_PSA_API size_t in_len = ARRAY_SIZE(in_vec); if (salt == NULL) { in_len--; } - status = psa_call(ipc_handle, PSA_IPC_CALL, in_vec, in_len, + status = psa_call(TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, in_len, out_vec, ARRAY_SIZE(out_vec)); #else status = API_DISPATCH(tfm_crypto_asymmetric_decrypt, @@ -1512,10 +1227,6 @@ psa_status_t psa_asymmetric_decrypt(psa_key_id_t key_id, *output_length = out_vec[0].len; -#ifdef TFM_PSA_API - PSA_CLOSE(); -#endif - return status; #endif /* TFM_CRYPTO_ASYM_ENCRYPT_MODULE_DISABLED */ } @@ -1541,15 +1252,8 @@ psa_status_t psa_key_derivation_get_capacity( {.base = capacity, .len = sizeof(size_t)}, }; -#ifdef TFM_PSA_API - PSA_CONNECT(TFM_CRYPTO); -#endif - status = API_DISPATCH(tfm_crypto_key_derivation_get_capacity, TFM_CRYPTO_KEY_DERIVATION_GET_CAPACITY); -#ifdef TFM_PSA_API - PSA_CLOSE(); -#endif return status; #endif /* TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED */ @@ -1577,15 +1281,8 @@ psa_status_t psa_key_derivation_output_bytes( {.base = output, .len = output_length}, }; -#ifdef TFM_PSA_API - PSA_CONNECT(TFM_CRYPTO); -#endif - status = API_DISPATCH(tfm_crypto_key_derivation_output_bytes, TFM_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES); -#ifdef TFM_PSA_API - PSA_CLOSE(); -#endif return status; #endif /* TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED */ @@ -1611,15 +1308,8 @@ psa_status_t psa_key_derivation_input_key( {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)}, }; -#ifdef TFM_PSA_API - PSA_CONNECT(TFM_CRYPTO); -#endif - status = API_DISPATCH_NO_OUTVEC(tfm_crypto_key_derivation_input_key, TFM_CRYPTO_KEY_DERIVATION_INPUT_KEY); -#ifdef TFM_PSA_API - PSA_CLOSE(); -#endif return status; #endif /* TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED */ @@ -1644,15 +1334,8 @@ psa_status_t psa_key_derivation_abort(psa_key_derivation_operation_t *operation) {.base = &(operation->handle), .len = sizeof(uint32_t)}, }; -#ifdef TFM_PSA_API - PSA_CONNECT(TFM_CRYPTO); -#endif - status = API_DISPATCH(tfm_crypto_key_derivation_abort, TFM_CRYPTO_KEY_DERIVATION_ABORT); -#ifdef TFM_PSA_API - PSA_CLOSE(); -#endif return status; #endif /* TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED */ @@ -1685,17 +1368,9 @@ psa_status_t psa_key_derivation_key_agreement( {.base = &(operation->handle), .len = sizeof(uint32_t)}, }; -#ifdef TFM_PSA_API - PSA_CONNECT(TFM_CRYPTO); -#endif - status = API_DISPATCH(tfm_crypto_key_derivation_key_agreement, TFM_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT); -#ifdef TFM_PSA_API - PSA_CLOSE(); -#endif - return status; #endif /* TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED */ } @@ -1723,17 +1398,9 @@ psa_status_t psa_generate_random(uint8_t *output, return PSA_SUCCESS; } -#ifdef TFM_PSA_API - PSA_CONNECT(TFM_CRYPTO); -#endif - status = API_DISPATCH(tfm_crypto_generate_random, TFM_CRYPTO_GENERATE_RANDOM); -#ifdef TFM_PSA_API - PSA_CLOSE(); -#endif - return status; #endif /* TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED */ } @@ -1758,15 +1425,8 @@ psa_status_t psa_generate_key(const psa_key_attributes_t *attributes, {.base = key_id, .len = sizeof(psa_key_id_t)}, }; -#ifdef TFM_PSA_API - PSA_CONNECT(TFM_CRYPTO); -#endif - status = API_DISPATCH(tfm_crypto_generate_key, TFM_CRYPTO_GENERATE_KEY); -#ifdef TFM_PSA_API - PSA_CLOSE(); -#endif return status; #endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */ @@ -1907,18 +1567,11 @@ psa_status_t psa_raw_key_agreement(psa_algorithm_t alg, {.base = output, .len = output_size}, }; -#ifdef TFM_PSA_API - PSA_CONNECT(TFM_CRYPTO); -#endif status = API_DISPATCH(tfm_crypto_raw_key_agreement, TFM_CRYPTO_RAW_KEY_AGREEMENT); *output_length = out_vec[0].len; -#ifdef TFM_PSA_API - PSA_CLOSE(); -#endif - return status; #endif /* TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED */ } @@ -1943,15 +1596,8 @@ psa_status_t psa_key_derivation_setup(psa_key_derivation_operation_t *operation, {.base = &(operation->handle), .len = sizeof(uint32_t)}, }; -#ifdef TFM_PSA_API - PSA_CONNECT(TFM_CRYPTO); -#endif - status = API_DISPATCH(tfm_crypto_key_derivation_setup, TFM_CRYPTO_KEY_DERIVATION_SETUP); -#ifdef TFM_PSA_API - PSA_CLOSE(); -#endif return status; #endif /* TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED */ @@ -1975,15 +1621,8 @@ psa_status_t psa_key_derivation_set_capacity( {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)}, }; -#ifdef TFM_PSA_API - PSA_CONNECT(TFM_CRYPTO); -#endif - status = API_DISPATCH_NO_OUTVEC(tfm_crypto_key_derivation_set_capacity, TFM_CRYPTO_KEY_DERIVATION_SET_CAPACITY); -#ifdef TFM_PSA_API - PSA_CLOSE(); -#endif return status; #endif /* TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED */ @@ -2010,15 +1649,8 @@ psa_status_t psa_key_derivation_input_bytes( {.base = data, .len = data_length}, }; -#ifdef TFM_PSA_API - PSA_CONNECT(TFM_CRYPTO); -#endif - status = API_DISPATCH_NO_OUTVEC(tfm_crypto_key_derivation_input_bytes, TFM_CRYPTO_KEY_DERIVATION_INPUT_BYTES); -#ifdef TFM_PSA_API - PSA_CLOSE(); -#endif return status; #endif /* TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED */ @@ -2047,15 +1679,8 @@ psa_status_t psa_key_derivation_output_key( {.base = key_id, .len = sizeof(psa_key_id_t)} }; -#ifdef TFM_PSA_API - PSA_CONNECT(TFM_CRYPTO); -#endif - status = API_DISPATCH(tfm_crypto_key_derivation_output_key, TFM_CRYPTO_KEY_DERIVATION_OUTPUT_KEY); -#ifdef TFM_PSA_API - PSA_CLOSE(); -#endif return status; #endif /* TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED */ |