aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--docs/integration_guide/services/tfm_secure_partition_addition.rst19
-rw-r--r--interface/src/tfm_crypto_ipc_api.c214
-rw-r--r--secure_fw/partitions/crypto/crypto_init.c4
-rw-r--r--secure_fw/partitions/crypto/tfm_crypto.yaml5
-rw-r--r--secure_fw/partitions/crypto/tfm_crypto_secure_api.c391
5 files changed, 38 insertions, 595 deletions
diff --git a/docs/integration_guide/services/tfm_secure_partition_addition.rst b/docs/integration_guide/services/tfm_secure_partition_addition.rst
index 9343aab2d4..27dc7dab09 100644
--- a/docs/integration_guide/services/tfm_secure_partition_addition.rst
+++ b/docs/integration_guide/services/tfm_secure_partition_addition.rst
@@ -200,6 +200,25 @@ Here is the RoT Service ID table used in TF-M.
tfm_ps_test_service 0x0000F 0x0C0-0x0DF
=========================== ====================== ========================
+RoT Service Stateless Handle Distribution
+-----------------------------------------
+A RoT Service may include stateless services. They are distinguished and
+referenced by stateless handles. In manifest, a ``stateless_handle`` attribute
+is set for indexing stateless services. The valid range is [1, 32] in current
+implementation and may extend.
+
+Here is the stateless handle allocation for partitions in TF-M. Partitions not
+listed are not applied to stateless mechanism yet.
+
+.. table:: Stateless Handle table
+ :widths: auto
+
+ =============================== =======================
+ **Partition name** **Stateless Handle**
+ =============================== =======================
+ TFM_SP_CRYPTO 1
+ =============================== =======================
+
mmio_regions
------------
This attribute is a list of MMIO region objects which the Secure Partition
diff --git a/interface/src/tfm_crypto_ipc_api.c b/interface/src/tfm_crypto_ipc_api.c
index 33aff2d2a9..e925c36ea9 100644
--- a/interface/src/tfm_crypto_ipc_api.c
+++ b/interface/src/tfm_crypto_ipc_api.c
@@ -11,22 +11,13 @@
#include "psa_manifest/sid.h"
#include "psa/client.h"
-#define PSA_CONNECT(service) \
- psa_handle_t ipc_handle; \
- ipc_handle = psa_connect(service##_SID, service##_VERSION); \
- if (!PSA_HANDLE_IS_VALID(ipc_handle)) { \
- return PSA_ERROR_GENERIC_ERROR; \
- } \
-
-#define PSA_CLOSE() psa_close(ipc_handle)
-
#define API_DISPATCH(sfn_name, sfn_id) \
- psa_call(ipc_handle, PSA_IPC_CALL, \
+ psa_call(TFM_CRYPTO_HANDLE, PSA_IPC_CALL, \
in_vec, IOVEC_LEN(in_vec), \
out_vec, IOVEC_LEN(out_vec))
#define API_DISPATCH_NO_OUTVEC(sfn_name, sfn_id) \
- psa_call(ipc_handle, PSA_IPC_CALL, \
+ psa_call(TFM_CRYPTO_HANDLE, PSA_IPC_CALL, \
in_vec, IOVEC_LEN(in_vec), \
(psa_outvec *)NULL, 0)
@@ -53,13 +44,9 @@ psa_status_t psa_open_key(psa_key_id_t id,
{.base = key, .len = sizeof(psa_key_id_t)},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_open_key,
TFM_CRYPTO_OPEN_KEY);
- PSA_CLOSE();
-
return status;
}
@@ -74,13 +61,9 @@ psa_status_t psa_close_key(psa_key_id_t key)
{.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH_NO_OUTVEC(tfm_crypto_close_key,
TFM_CRYPTO_CLOSE_KEY);;
- PSA_CLOSE();
-
return status;
}
@@ -102,11 +85,8 @@ psa_status_t psa_import_key(const psa_key_attributes_t *attributes,
{.base = key, .len = sizeof(psa_key_id_t)}
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_import_key,
TFM_CRYPTO_IMPORT_KEY);
- PSA_CLOSE();
return status;
}
@@ -122,11 +102,8 @@ psa_status_t psa_destroy_key(psa_key_id_t key)
{.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH_NO_OUTVEC(tfm_crypto_destroy_key,
TFM_CRYPTO_DESTROY_KEY);
- PSA_CLOSE();
return status;
}
@@ -146,11 +123,8 @@ psa_status_t psa_get_key_attributes(psa_key_id_t key,
{.base = attributes, .len = sizeof(psa_key_attributes_t)},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_get_key_attributes,
TFM_CRYPTO_GET_KEY_ATTRIBUTES);
- PSA_CLOSE();
return status;
}
@@ -167,15 +141,8 @@ void psa_reset_key_attributes(psa_key_attributes_t *attributes)
{.base = attributes, .len = sizeof(psa_key_attributes_t)},
};
- psa_handle_t ipc_handle;
- ipc_handle = psa_connect(TFM_CRYPTO_SID, TFM_CRYPTO_VERSION);
- if (!PSA_HANDLE_IS_VALID(ipc_handle)) {
- return;
- }
-
(void)API_DISPATCH(tfm_crypto_reset_key_attributes,
- TFM_CRYPTO_RESET_KEY_ATTRIBUTES);
- PSA_CLOSE();
+ TFM_CRYPTO_RESET_KEY_ATTRIBUTES);
return;
}
@@ -197,15 +164,11 @@ psa_status_t psa_export_key(psa_key_id_t key,
{.base = data, .len = data_size}
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_export_key,
TFM_CRYPTO_EXPORT_KEY);
*data_length = out_vec[0].len;
- PSA_CLOSE();
-
return status;
}
@@ -227,15 +190,11 @@ psa_status_t psa_export_public_key(psa_key_id_t key,
{.base = data, .len = data_size}
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_export_public_key,
TFM_CRYPTO_EXPORT_PUBLIC_KEY);
*data_length = out_vec[0].len;
- PSA_CLOSE();
-
return status;
}
@@ -250,13 +209,9 @@ psa_status_t psa_purge_key(psa_key_id_t key)
{.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH_NO_OUTVEC(tfm_crypto_purge_key,
TFM_CRYPTO_PURGE_KEY);
- PSA_CLOSE();
-
return status;
}
@@ -280,13 +235,9 @@ psa_status_t psa_copy_key(psa_key_id_t source_key,
{.base = target_key, .len = sizeof(psa_key_id_t)},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_copy_key,
TFM_CRYPTO_COPY_KEY);
- PSA_CLOSE();
-
return status;
}
@@ -309,15 +260,11 @@ psa_status_t psa_cipher_generate_iv(psa_cipher_operation_t *operation,
{.base = iv, .len = iv_size},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_cipher_generate_iv,
TFM_CRYPTO_CIPHER_GENERATE_IV);
*iv_length = out_vec[1].len;
- PSA_CLOSE();
-
return status;
}
@@ -339,13 +286,9 @@ psa_status_t psa_cipher_set_iv(psa_cipher_operation_t *operation,
{.base = &(operation->handle), .len = sizeof(uint32_t)},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_cipher_set_iv,
TFM_CRYPTO_CIPHER_SET_IV);
- PSA_CLOSE();
-
return status;
}
@@ -368,13 +311,9 @@ psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation,
{.base = &(operation->handle), .len = sizeof(uint32_t)},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_cipher_encrypt_setup,
TFM_CRYPTO_CIPHER_ENCRYPT_SETUP);
- PSA_CLOSE();
-
return status;
}
@@ -397,13 +336,9 @@ psa_status_t psa_cipher_decrypt_setup(psa_cipher_operation_t *operation,
{.base = &(operation->handle), .len = sizeof(uint32_t)},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_cipher_decrypt_setup,
TFM_CRYPTO_CIPHER_DECRYPT_SETUP);
- PSA_CLOSE();
-
return status;
}
@@ -429,15 +364,11 @@ psa_status_t psa_cipher_update(psa_cipher_operation_t *operation,
{.base = output, .len = output_size}
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_cipher_update,
TFM_CRYPTO_CIPHER_UPDATE);
*output_length = out_vec[1].len;
- PSA_CLOSE();
-
return status;
}
@@ -456,13 +387,9 @@ psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation)
{.base = &(operation->handle), .len = sizeof(uint32_t)},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_cipher_abort,
TFM_CRYPTO_CIPHER_ABORT);
- PSA_CLOSE();
-
return status;
}
@@ -485,15 +412,11 @@ psa_status_t psa_cipher_finish(psa_cipher_operation_t *operation,
{.base = output, .len = output_size},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_cipher_finish,
TFM_CRYPTO_CIPHER_FINISH);
*output_length = out_vec[1].len;
- PSA_CLOSE();
-
return status;
}
@@ -514,13 +437,9 @@ psa_status_t psa_hash_setup(psa_hash_operation_t *operation,
{.base = &(operation->handle), .len = sizeof(uint32_t)},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_hash_setup,
TFM_CRYPTO_HASH_SETUP);
- PSA_CLOSE();
-
return status;
}
@@ -542,13 +461,9 @@ psa_status_t psa_hash_update(psa_hash_operation_t *operation,
{.base = &(operation->handle), .len = sizeof(uint32_t)},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_hash_update,
TFM_CRYPTO_HASH_UPDATE);
- PSA_CLOSE();
-
return status;
}
@@ -571,15 +486,11 @@ psa_status_t psa_hash_finish(psa_hash_operation_t *operation,
{.base = hash, .len = hash_size},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_hash_finish,
TFM_CRYPTO_HASH_FINISH);
*hash_length = out_vec[1].len;
- PSA_CLOSE();
-
return status;
}
@@ -601,13 +512,9 @@ psa_status_t psa_hash_verify(psa_hash_operation_t *operation,
{.base = &(operation->handle), .len = sizeof(uint32_t)},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_hash_verify,
TFM_CRYPTO_HASH_VERIFY);
- PSA_CLOSE();
-
return status;
}
@@ -626,13 +533,9 @@ psa_status_t psa_hash_abort(psa_hash_operation_t *operation)
{.base = &(operation->handle), .len = sizeof(uint32_t)},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_hash_abort,
TFM_CRYPTO_HASH_ABORT);
- PSA_CLOSE();
-
return status;
}
@@ -656,13 +559,9 @@ psa_status_t psa_hash_clone(const psa_hash_operation_t *source_operation,
return PSA_ERROR_BAD_STATE;
}
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_hash_clone,
TFM_CRYPTO_HASH_CLONE);
- PSA_CLOSE();
-
return status;
}
@@ -688,15 +587,11 @@ psa_status_t psa_hash_compute(psa_algorithm_t alg,
{.base = hash, .len = hash_size}
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_hash_compute,
TFM_CRYPTO_HASH_COMPUTE);
*hash_length = out_vec[0].len;
- PSA_CLOSE();
-
return status;
}
@@ -718,13 +613,9 @@ psa_status_t psa_hash_compare(psa_algorithm_t alg,
{.base = hash, .len = hash_length},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH_NO_OUTVEC(tfm_crypto_hash_compare,
TFM_CRYPTO_HASH_COMPARE);
- PSA_CLOSE();
-
return status;
}
@@ -747,13 +638,9 @@ psa_status_t psa_mac_sign_setup(psa_mac_operation_t *operation,
{.base = &(operation->handle), .len = sizeof(uint32_t)},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_mac_sign_setup,
TFM_CRYPTO_MAC_SIGN_SETUP);
- PSA_CLOSE();
-
return status;
}
@@ -776,13 +663,9 @@ psa_status_t psa_mac_verify_setup(psa_mac_operation_t *operation,
{.base = &(operation->handle), .len = sizeof(uint32_t)},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_mac_verify_setup,
TFM_CRYPTO_MAC_VERIFY_SETUP);
- PSA_CLOSE();
-
return status;
}
@@ -804,13 +687,9 @@ psa_status_t psa_mac_update(psa_mac_operation_t *operation,
{.base = &(operation->handle), .len = sizeof(uint32_t)},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_mac_update,
TFM_CRYPTO_MAC_UPDATE);
- PSA_CLOSE();
-
return status;
}
@@ -833,15 +712,11 @@ psa_status_t psa_mac_sign_finish(psa_mac_operation_t *operation,
{.base = mac, .len = mac_size},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_mac_sign_finish,
TFM_CRYPTO_MAC_SIGN_FINISH);
*mac_length = out_vec[1].len;
- PSA_CLOSE();
-
return status;
}
@@ -863,13 +738,9 @@ psa_status_t psa_mac_verify_finish(psa_mac_operation_t *operation,
{.base = &(operation->handle), .len = sizeof(uint32_t)},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_mac_verify_finish,
TFM_CRYPTO_MAC_VERIFY_FINISH);
- PSA_CLOSE();
-
return status;
}
@@ -888,13 +759,9 @@ psa_status_t psa_mac_abort(psa_mac_operation_t *operation)
{.base = &(operation->handle), .len = sizeof(uint32_t)},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_mac_abort,
TFM_CRYPTO_MAC_ABORT);
- PSA_CLOSE();
-
return status;
}
@@ -943,19 +810,15 @@ psa_status_t psa_aead_encrypt(psa_key_id_t key,
}
}
- PSA_CONNECT(TFM_CRYPTO);
-
size_t in_len = IOVEC_LEN(in_vec);
if (additional_data == NULL) {
in_len--;
}
- status = psa_call(ipc_handle, PSA_IPC_CALL, in_vec, in_len,
+ status = psa_call(TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, in_len,
out_vec, IOVEC_LEN(out_vec));
*ciphertext_length = out_vec[0].len;
- PSA_CLOSE();
-
return status;
}
@@ -1004,19 +867,15 @@ psa_status_t psa_aead_decrypt(psa_key_id_t key,
}
}
- PSA_CONNECT(TFM_CRYPTO);
-
size_t in_len = IOVEC_LEN(in_vec);
if (additional_data == NULL) {
in_len--;
}
- status = psa_call(ipc_handle, PSA_IPC_CALL, in_vec, in_len,
+ status = psa_call(TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, in_len,
out_vec, IOVEC_LEN(out_vec));
*plaintext_length = out_vec[0].len;
- PSA_CLOSE();
-
return status;
}
@@ -1054,15 +913,11 @@ psa_status_t psa_sign_hash(psa_key_id_t key,
{.base = signature, .len = signature_size},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_sign_hash,
TFM_CRYPTO_SIGN_HASH);
*signature_length = out_vec[0].len;
- PSA_CLOSE();
-
return status;
}
@@ -1096,13 +951,9 @@ psa_status_t psa_verify_hash(psa_key_id_t key,
{.base = signature, .len = signature_length}
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH_NO_OUTVEC(tfm_crypto_verify_hash,
TFM_CRYPTO_VERIFY_HASH);
- PSA_CLOSE();
-
return status;
}
@@ -1138,19 +989,15 @@ psa_status_t psa_asymmetric_encrypt(psa_key_id_t key,
{.base = output, .len = output_size},
};
- PSA_CONNECT(TFM_CRYPTO);
-
size_t in_len = IOVEC_LEN(in_vec);
if (salt == NULL) {
in_len--;
}
- status = psa_call(ipc_handle, PSA_IPC_CALL, in_vec, in_len,
+ status = psa_call(TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, in_len,
out_vec, IOVEC_LEN(out_vec));
*output_length = out_vec[0].len;
- PSA_CLOSE();
-
return status;
}
@@ -1186,19 +1033,15 @@ psa_status_t psa_asymmetric_decrypt(psa_key_id_t key,
{.base = output, .len = output_size},
};
- PSA_CONNECT(TFM_CRYPTO);
-
size_t in_len = IOVEC_LEN(in_vec);
if (salt == NULL) {
in_len--;
}
- status = psa_call(ipc_handle, PSA_IPC_CALL, in_vec, in_len,
+ status = psa_call(TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, in_len,
out_vec, IOVEC_LEN(out_vec));
*output_length = out_vec[0].len;
- PSA_CLOSE();
-
return status;
}
@@ -1220,13 +1063,9 @@ psa_status_t psa_key_derivation_get_capacity(
{.base = capacity, .len = sizeof(size_t)},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_key_derivation_get_capacity,
TFM_CRYPTO_KEY_DERIVATION_GET_CAPACITY);
- PSA_CLOSE();
-
return status;
}
@@ -1249,13 +1088,9 @@ psa_status_t psa_key_derivation_output_bytes(
{.base = output, .len = output_length},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_key_derivation_output_bytes,
TFM_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES);
- PSA_CLOSE();
-
return status;
}
@@ -1276,13 +1111,9 @@ psa_status_t psa_key_derivation_input_key(
{.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH_NO_OUTVEC(tfm_crypto_key_derivation_input_key,
TFM_CRYPTO_KEY_DERIVATION_INPUT_KEY);
- PSA_CLOSE();
-
return status;
}
@@ -1303,13 +1134,9 @@ psa_status_t psa_key_derivation_abort(
{.base = &(operation->handle), .len = sizeof(uint32_t)},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_key_derivation_abort,
TFM_CRYPTO_KEY_DERIVATION_ABORT);
- PSA_CLOSE();
-
return status;
}
@@ -1333,13 +1160,9 @@ psa_status_t psa_key_derivation_key_agreement(
{.base = peer_key, .len = peer_key_length},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH_NO_OUTVEC(tfm_crypto_key_derivation_key_agreement,
TFM_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT);
- PSA_CLOSE();
-
return status;
}
@@ -1363,13 +1186,9 @@ psa_status_t psa_generate_random(uint8_t *output,
return PSA_SUCCESS;
}
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_generate_random,
TFM_CRYPTO_GENERATE_RANDOM);
- PSA_CLOSE();
-
return status;
}
@@ -1390,11 +1209,8 @@ psa_status_t psa_generate_key(const psa_key_attributes_t *attributes,
{.base = key, .len = sizeof(psa_key_id_t)},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_generate_key,
TFM_CRYPTO_GENERATE_KEY);
- PSA_CLOSE();
return status;
}
@@ -1531,15 +1347,11 @@ psa_status_t psa_raw_key_agreement(psa_algorithm_t alg,
{.base = output, .len = output_size},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_raw_key_agreement,
TFM_CRYPTO_RAW_KEY_AGREEMENT);
*output_length = out_vec[0].len;
- PSA_CLOSE();
-
return status;
}
@@ -1560,11 +1372,8 @@ psa_status_t psa_key_derivation_setup(psa_key_derivation_operation_t *operation,
{.base = &(operation->handle), .len = sizeof(uint32_t)},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_key_derivation_setup,
TFM_CRYPTO_KEY_DERIVATION_SETUP);
- PSA_CLOSE();
return status;
}
@@ -1584,11 +1393,8 @@ psa_status_t psa_key_derivation_set_capacity(
{.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH_NO_OUTVEC(tfm_crypto_key_derivation_set_capacity,
TFM_CRYPTO_KEY_DERIVATION_SET_CAPACITY);
- PSA_CLOSE();
return status;
}
@@ -1611,11 +1417,8 @@ psa_status_t psa_key_derivation_input_bytes(
{.base = data, .len = data_length},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH_NO_OUTVEC(tfm_crypto_key_derivation_input_bytes,
TFM_CRYPTO_KEY_DERIVATION_INPUT_BYTES);
- PSA_CLOSE();
return status;
}
@@ -1640,11 +1443,8 @@ psa_status_t psa_key_derivation_output_key(
{.base = key, .len = sizeof(psa_key_id_t)}
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_key_derivation_output_key,
TFM_CRYPTO_KEY_DERIVATION_OUTPUT_KEY);
- PSA_CLOSE();
return status;
}
diff --git a/secure_fw/partitions/crypto/crypto_init.c b/secure_fw/partitions/crypto/crypto_init.c
index d60e897a9c..bcb336e352 100644
--- a/secure_fw/partitions/crypto/crypto_init.c
+++ b/secure_fw/partitions/crypto/crypto_init.c
@@ -230,10 +230,6 @@ static void tfm_crypto_ipc_handler(void)
/* Process the message type */
switch (msg.type) {
- case PSA_IPC_CONNECT:
- case PSA_IPC_DISCONNECT:
- psa_reply(msg.handle, PSA_SUCCESS);
- break;
case PSA_IPC_CALL:
/* Parse the message */
status = tfm_crypto_parse_msg(&msg, &iov, &sfn_id);
diff --git a/secure_fw/partitions/crypto/tfm_crypto.yaml b/secure_fw/partitions/crypto/tfm_crypto.yaml
index c97bf94543..449668a4e7 100644
--- a/secure_fw/partitions/crypto/tfm_crypto.yaml
+++ b/secure_fw/partitions/crypto/tfm_crypto.yaml
@@ -6,10 +6,11 @@
#-------------------------------------------------------------------------------
{
- "psa_framework_version": 1.0,
+ "psa_framework_version": 1.1,
"name": "TFM_SP_CRYPTO",
"type": "PSA-ROT",
"priority": "NORMAL",
+ "model": "IPC",
"entry_point": "tfm_crypto_init",
"stack_size": "0x2000",
"secure_functions": [
@@ -460,6 +461,8 @@
"name": "TFM_CRYPTO",
"sid": "0x00000080",
"non_secure_clients": true,
+ "connection_based": false,
+ "stateless_handle": 1,
"version": 1,
"version_policy": "STRICT"
},
diff --git a/secure_fw/partitions/crypto/tfm_crypto_secure_api.c b/secure_fw/partitions/crypto/tfm_crypto_secure_api.c
index 34beb288b1..33ce405819 100644
--- a/secure_fw/partitions/crypto/tfm_crypto_secure_api.c
+++ b/secure_fw/partitions/crypto/tfm_crypto_secure_api.c
@@ -16,22 +16,13 @@
#ifdef TFM_PSA_API
#include "psa/client.h"
-#define PSA_CONNECT(service) \
- psa_handle_t ipc_handle; \
- ipc_handle = psa_connect(service##_SID, service##_VERSION); \
- if (!PSA_HANDLE_IS_VALID(ipc_handle)) { \
- return PSA_ERROR_GENERIC_ERROR; \
- } \
-
-#define PSA_CLOSE() psa_close(ipc_handle)
-
#define API_DISPATCH(sfn_name, sfn_id) \
- psa_call(ipc_handle, PSA_IPC_CALL, \
+ psa_call(TFM_CRYPTO_HANDLE, PSA_IPC_CALL, \
in_vec, ARRAY_SIZE(in_vec), \
out_vec, ARRAY_SIZE(out_vec))
#define API_DISPATCH_NO_OUTVEC(sfn_name, sfn_id) \
- psa_call(ipc_handle, PSA_IPC_CALL, \
+ psa_call(TFM_CRYPTO_HANDLE, PSA_IPC_CALL, \
in_vec, ARRAY_SIZE(in_vec), \
(psa_outvec *)NULL, 0)
#else
@@ -72,17 +63,9 @@ psa_status_t psa_open_key(psa_key_id_t id,
{.base = key_id, .len = sizeof(psa_key_id_t)},
};
-#ifdef TFM_PSA_API
- PSA_CONNECT(TFM_CRYPTO);
-#endif
-
status = API_DISPATCH(tfm_crypto_open_key,
TFM_CRYPTO_OPEN_KEY);
-#ifdef TFM_PSA_API
- PSA_CLOSE();
-#endif
-
return status;
#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
}
@@ -101,17 +84,9 @@ psa_status_t psa_close_key(psa_key_id_t key_id)
{.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
};
-#ifdef TFM_PSA_API
- PSA_CONNECT(TFM_CRYPTO);
-#endif
-
status = API_DISPATCH_NO_OUTVEC(tfm_crypto_close_key,
TFM_CRYPTO_CLOSE_KEY);;
-#ifdef TFM_PSA_API
- PSA_CLOSE();
-#endif
-
return status;
#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
}
@@ -137,15 +112,8 @@ psa_status_t psa_import_key(const psa_key_attributes_t *attributes,
{.base = key_id, .len = sizeof(psa_key_id_t)}
};
-#ifdef TFM_PSA_API
- PSA_CONNECT(TFM_CRYPTO);
-#endif
-
status = API_DISPATCH(tfm_crypto_import_key,
TFM_CRYPTO_IMPORT_KEY);
-#ifdef TFM_PSA_API
- PSA_CLOSE();
-#endif
return status;
#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
@@ -165,15 +133,8 @@ psa_status_t psa_destroy_key(psa_key_id_t key_id)
{.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
};
-#ifdef TFM_PSA_API
- PSA_CONNECT(TFM_CRYPTO);
-#endif
-
status = API_DISPATCH_NO_OUTVEC(tfm_crypto_destroy_key,
TFM_CRYPTO_DESTROY_KEY);
-#ifdef TFM_PSA_API
- PSA_CLOSE();
-#endif
return status;
#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
@@ -197,15 +158,8 @@ psa_status_t psa_get_key_attributes(psa_key_id_t key_id,
{.base = attributes, .len = sizeof(psa_key_attributes_t)},
};
-#ifdef TFM_PSA_API
- PSA_CONNECT(TFM_CRYPTO);
-#endif
-
status = API_DISPATCH(tfm_crypto_get_key_attributes,
TFM_CRYPTO_GET_KEY_ATTRIBUTES);
-#ifdef TFM_PSA_API
- PSA_CLOSE();
-#endif
return status;
#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
@@ -226,19 +180,8 @@ void psa_reset_key_attributes(psa_key_attributes_t *attributes)
{.base = attributes, .len = sizeof(psa_key_attributes_t)},
};
-#ifdef TFM_PSA_API
- psa_handle_t ipc_handle;
- ipc_handle = psa_connect(TFM_CRYPTO_SID, TFM_CRYPTO_VERSION);
- if (!PSA_HANDLE_IS_VALID(ipc_handle)) {
- return;
- }
-#endif
-
(void)API_DISPATCH(tfm_crypto_reset_key_attributes,
- TFM_CRYPTO_RESET_KEY_ATTRIBUTES);
-#ifdef TFM_PSA_API
- PSA_CLOSE();
-#endif
+ TFM_CRYPTO_RESET_KEY_ATTRIBUTES);
return;
#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
@@ -264,19 +207,11 @@ psa_status_t psa_export_key(psa_key_id_t key_id,
{.base = data, .len = data_size}
};
-#ifdef TFM_PSA_API
- PSA_CONNECT(TFM_CRYPTO);
-#endif
-
status = API_DISPATCH(tfm_crypto_export_key,
TFM_CRYPTO_EXPORT_KEY);
*data_length = out_vec[0].len;
-#ifdef TFM_PSA_API
- PSA_CLOSE();
-#endif
-
return status;
#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
}
@@ -302,19 +237,11 @@ psa_status_t psa_export_public_key(psa_key_id_t key_id,
{.base = data, .len = data_size}
};
-#ifdef TFM_PSA_API
- PSA_CONNECT(TFM_CRYPTO);
-#endif
-
status = API_DISPATCH(tfm_crypto_export_public_key,
TFM_CRYPTO_EXPORT_PUBLIC_KEY);
*data_length = out_vec[0].len;
-#ifdef TFM_PSA_API
- PSA_CLOSE();
-#endif
-
return status;
#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
}
@@ -333,15 +260,8 @@ psa_status_t psa_purge_key(psa_key_id_t key_id)
{.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
};
-#ifdef TFM_PSA_API
- PSA_CONNECT(TFM_CRYPTO);
-#endif
-
status = API_DISPATCH_NO_OUTVEC(tfm_crypto_purge_key,
TFM_CRYPTO_PURGE_KEY);
-#ifdef TFM_PSA_API
- PSA_CLOSE();
-#endif
return status;
#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
@@ -369,15 +289,8 @@ psa_status_t psa_copy_key(psa_key_id_t source_key_id,
{.base = target_key_id, .len = sizeof(psa_key_id_t)},
};
-#ifdef TFM_PSA_API
- PSA_CONNECT(TFM_CRYPTO);
-#endif
-
status = API_DISPATCH(tfm_crypto_copy_key,
TFM_CRYPTO_COPY_KEY);
-#ifdef TFM_PSA_API
- PSA_CLOSE();
-#endif
return status;
#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
@@ -405,19 +318,11 @@ psa_status_t psa_cipher_generate_iv(psa_cipher_operation_t *operation,
{.base = iv, .len = iv_size},
};
-#ifdef TFM_PSA_API
- PSA_CONNECT(TFM_CRYPTO);
-#endif
-
status = API_DISPATCH(tfm_crypto_cipher_generate_iv,
TFM_CRYPTO_CIPHER_GENERATE_IV);
*iv_length = out_vec[1].len;
-#ifdef TFM_PSA_API
- PSA_CLOSE();
-#endif
-
return status;
#endif /* TFM_CRYPTO_CIPHER_MODULE_DISABLED */
}
@@ -443,15 +348,8 @@ psa_status_t psa_cipher_set_iv(psa_cipher_operation_t *operation,
{.base = &(operation->handle), .len = sizeof(uint32_t)},
};
-#ifdef TFM_PSA_API
- PSA_CONNECT(TFM_CRYPTO);
-#endif
-
status = API_DISPATCH(tfm_crypto_cipher_set_iv,
TFM_CRYPTO_CIPHER_SET_IV);
-#ifdef TFM_PSA_API
- PSA_CLOSE();
-#endif
return status;
#endif /* TFM_CRYPTO_CIPHER_MODULE_DISABLED */
@@ -479,15 +377,8 @@ psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation,
{.base = &(operation->handle), .len = sizeof(uint32_t)},
};
-#ifdef TFM_PSA_API
- PSA_CONNECT(TFM_CRYPTO);
-#endif
-
status = API_DISPATCH(tfm_crypto_cipher_encrypt_setup,
TFM_CRYPTO_CIPHER_ENCRYPT_SETUP);
-#ifdef TFM_PSA_API
- PSA_CLOSE();
-#endif
return status;
#endif /* TFM_CRYPTO_CIPHER_MODULE_DISABLED */
@@ -515,15 +406,9 @@ psa_status_t psa_cipher_decrypt_setup(psa_cipher_operation_t *operation,
{.base = &(operation->handle), .len = sizeof(uint32_t)},
};
-#ifdef TFM_PSA_API
- PSA_CONNECT(TFM_CRYPTO);
-#endif
status = API_DISPATCH(tfm_crypto_cipher_decrypt_setup,
TFM_CRYPTO_CIPHER_DECRYPT_SETUP);
-#ifdef TFM_PSA_API
- PSA_CLOSE();
-#endif
return status;
#endif /* TFM_CRYPTO_CIPHER_MODULE_DISABLED */
@@ -554,19 +439,11 @@ psa_status_t psa_cipher_update(psa_cipher_operation_t *operation,
{.base = output, .len = output_size}
};
-#ifdef TFM_PSA_API
- PSA_CONNECT(TFM_CRYPTO);
-#endif
-
status = API_DISPATCH(tfm_crypto_cipher_update,
TFM_CRYPTO_CIPHER_UPDATE);
*output_length = out_vec[1].len;
-#ifdef TFM_PSA_API
- PSA_CLOSE();
-#endif
-
return status;
#endif /* TFM_CRYPTO_CIPHER_MODULE_DISABLED */
}
@@ -589,15 +466,8 @@ psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation)
{.base = &(operation->handle), .len = sizeof(uint32_t)},
};
-#ifdef TFM_PSA_API
- PSA_CONNECT(TFM_CRYPTO);
-#endif
-
status = API_DISPATCH(tfm_crypto_cipher_abort,
TFM_CRYPTO_CIPHER_ABORT);
-#ifdef TFM_PSA_API
- PSA_CLOSE();
-#endif
return status;
#endif /* TFM_CRYPTO_CIPHER_MODULE_DISABLED */
@@ -625,19 +495,11 @@ psa_status_t psa_cipher_finish(psa_cipher_operation_t *operation,
{.base = output, .len = output_size},
};
-#ifdef TFM_PSA_API
- PSA_CONNECT(TFM_CRYPTO);
-#endif
-
status = API_DISPATCH(tfm_crypto_cipher_finish,
TFM_CRYPTO_CIPHER_FINISH);
*output_length = out_vec[1].len;
-#ifdef TFM_PSA_API
- PSA_CLOSE();
-#endif
-
return status;
#endif /* TFM_CRYPTO_CIPHER_MODULE_DISABLED */
}
@@ -662,17 +524,9 @@ psa_status_t psa_hash_setup(psa_hash_operation_t *operation,
{.base = &(operation->handle), .len = sizeof(uint32_t)},
};
-#ifdef TFM_PSA_API
- PSA_CONNECT(TFM_CRYPTO);
-#endif
-
status = API_DISPATCH(tfm_crypto_hash_setup,
TFM_CRYPTO_HASH_SETUP);
-#ifdef TFM_PSA_API
- PSA_CLOSE();
-#endif
-
return status;
#endif /* TFM_CRYPTO_HASH_MODULE_DISABLED */
}
@@ -698,17 +552,9 @@ psa_status_t psa_hash_update(psa_hash_operation_t *operation,
{.base = &(operation->handle), .len = sizeof(uint32_t)},
};
-#ifdef TFM_PSA_API
- PSA_CONNECT(TFM_CRYPTO);
-#endif
-
status = API_DISPATCH(tfm_crypto_hash_update,
TFM_CRYPTO_HASH_UPDATE);
-#ifdef TFM_PSA_API
- PSA_CLOSE();
-#endif
-
return status;
#endif /* TFM_CRYPTO_HASH_MODULE_DISABLED */
}
@@ -735,19 +581,11 @@ psa_status_t psa_hash_finish(psa_hash_operation_t *operation,
{.base = hash, .len = hash_size},
};
-#ifdef TFM_PSA_API
- PSA_CONNECT(TFM_CRYPTO);
-#endif
-
status = API_DISPATCH(tfm_crypto_hash_finish,
TFM_CRYPTO_HASH_FINISH);
*hash_length = out_vec[1].len;
-#ifdef TFM_PSA_API
- PSA_CLOSE();
-#endif
-
return status;
#endif /* TFM_CRYPTO_HASH_MODULE_DISABLED */
}
@@ -773,15 +611,8 @@ psa_status_t psa_hash_verify(psa_hash_operation_t *operation,
{.base = &(operation->handle), .len = sizeof(uint32_t)},
};
-#ifdef TFM_PSA_API
- PSA_CONNECT(TFM_CRYPTO);
-#endif
-
status = API_DISPATCH(tfm_crypto_hash_verify,
TFM_CRYPTO_HASH_VERIFY);
-#ifdef TFM_PSA_API
- PSA_CLOSE();
-#endif
return status;
#endif /* TFM_CRYPTO_HASH_MODULE_DISABLED */
@@ -805,15 +636,8 @@ psa_status_t psa_hash_abort(psa_hash_operation_t *operation)
{.base = &(operation->handle), .len = sizeof(uint32_t)},
};
-#ifdef TFM_PSA_API
- PSA_CONNECT(TFM_CRYPTO);
-#endif
-
status = API_DISPATCH(tfm_crypto_hash_abort,
TFM_CRYPTO_HASH_ABORT);
-#ifdef TFM_PSA_API
- PSA_CLOSE();
-#endif
return status;
#endif /* TFM_CRYPTO_HASH_MODULE_DISABLED */
@@ -842,15 +666,8 @@ psa_status_t psa_hash_clone(const psa_hash_operation_t *source_operation,
return PSA_ERROR_BAD_STATE;
}
-#ifdef TFM_PSA_API
- PSA_CONNECT(TFM_CRYPTO);
-#endif
-
status = API_DISPATCH(tfm_crypto_hash_clone,
TFM_CRYPTO_HASH_CLONE);
-#ifdef TFM_PSA_API
- PSA_CLOSE();
-#endif
return status;
#endif /* TFM_CRYPTO_HASH_MODULE_DISABLED */
@@ -881,19 +698,11 @@ psa_status_t psa_hash_compute(psa_algorithm_t alg,
{.base = hash, .len = hash_size}
};
-#ifdef TFM_PSA_API
- PSA_CONNECT(TFM_CRYPTO);
-#endif
-
status = API_DISPATCH(tfm_crypto_hash_compute,
TFM_CRYPTO_HASH_COMPUTE);
*hash_length = out_vec[0].len;
-#ifdef TFM_PSA_API
- PSA_CLOSE();
-#endif
-
return status;
#endif /* TFM_CRYPTO_HASH_MODULE_DISABLED */
}
@@ -919,16 +728,8 @@ psa_status_t psa_hash_compare(psa_algorithm_t alg,
{.base = hash, .len = hash_length},
};
-#ifdef TFM_PSA_API
- PSA_CONNECT(TFM_CRYPTO);
-#endif
-
status = API_DISPATCH_NO_OUTVEC(tfm_crypto_hash_compare,
- TFM_CRYPTO_HASH_COMPARE);
-
-#ifdef TFM_PSA_API
- PSA_CLOSE();
-#endif
+ TFM_CRYPTO_HASH_COMPARE);
return status;
#endif /* TFM_CRYPTO_HASH_MODULE_DISABLED */
@@ -956,15 +757,8 @@ psa_status_t psa_mac_sign_setup(psa_mac_operation_t *operation,
{.base = &(operation->handle), .len = sizeof(uint32_t)},
};
-#ifdef TFM_PSA_API
- PSA_CONNECT(TFM_CRYPTO);
-#endif
-
status = API_DISPATCH(tfm_crypto_mac_sign_setup,
TFM_CRYPTO_MAC_SIGN_SETUP);
-#ifdef TFM_PSA_API
- PSA_CLOSE();
-#endif
return status;
#endif /* TFM_CRYPTO_MAC_MODULE_DISABLED */
@@ -992,15 +786,8 @@ psa_status_t psa_mac_verify_setup(psa_mac_operation_t *operation,
{.base = &(operation->handle), .len = sizeof(uint32_t)},
};
-#ifdef TFM_PSA_API
- PSA_CONNECT(TFM_CRYPTO);
-#endif
-
status = API_DISPATCH(tfm_crypto_mac_verify_setup,
TFM_CRYPTO_MAC_VERIFY_SETUP);
-#ifdef TFM_PSA_API
- PSA_CLOSE();
-#endif
return status;
#endif /* TFM_CRYPTO_MAC_MODULE_DISABLED */
@@ -1027,15 +814,8 @@ psa_status_t psa_mac_update(psa_mac_operation_t *operation,
{.base = &(operation->handle), .len = sizeof(uint32_t)},
};
-#ifdef TFM_PSA_API
- PSA_CONNECT(TFM_CRYPTO);
-#endif
-
status = API_DISPATCH(tfm_crypto_mac_update,
TFM_CRYPTO_MAC_UPDATE);
-#ifdef TFM_PSA_API
- PSA_CLOSE();
-#endif
return status;
#endif /* TFM_CRYPTO_MAC_MODULE_DISABLED */
@@ -1063,19 +843,11 @@ psa_status_t psa_mac_sign_finish(psa_mac_operation_t *operation,
{.base = mac, .len = mac_size},
};
-#ifdef TFM_PSA_API
- PSA_CONNECT(TFM_CRYPTO);
-#endif
-
status = API_DISPATCH(tfm_crypto_mac_sign_finish,
TFM_CRYPTO_MAC_SIGN_FINISH);
*mac_length = out_vec[1].len;
-#ifdef TFM_PSA_API
- PSA_CLOSE();
-#endif
-
return status;
#endif /* TFM_CRYPTO_MAC_MODULE_DISABLED */
}
@@ -1101,17 +873,9 @@ psa_status_t psa_mac_verify_finish(psa_mac_operation_t *operation,
{.base = &(operation->handle), .len = sizeof(uint32_t)},
};
-#ifdef TFM_PSA_API
- PSA_CONNECT(TFM_CRYPTO);
-#endif
-
status = API_DISPATCH(tfm_crypto_mac_verify_finish,
TFM_CRYPTO_MAC_VERIFY_FINISH);
-#ifdef TFM_PSA_API
- PSA_CLOSE();
-#endif
-
return status;
#endif /* TFM_CRYPTO_MAC_MODULE_DISABLED */
}
@@ -1134,15 +898,8 @@ psa_status_t psa_mac_abort(psa_mac_operation_t *operation)
{.base = &(operation->handle), .len = sizeof(uint32_t)},
};
-#ifdef TFM_PSA_API
- PSA_CONNECT(TFM_CRYPTO);
-#endif
-
status = API_DISPATCH(tfm_crypto_mac_abort,
TFM_CRYPTO_MAC_ABORT);
-#ifdef TFM_PSA_API
- PSA_CLOSE();
-#endif
return status;
#endif /* TFM_CRYPTO_MAC_MODULE_DISABLED */
@@ -1197,15 +954,11 @@ psa_status_t psa_aead_encrypt(psa_key_id_t key_id,
}
#ifdef TFM_PSA_API
- PSA_CONNECT(TFM_CRYPTO);
-#endif
-
-#ifdef TFM_PSA_API
size_t in_len = ARRAY_SIZE(in_vec);
if (additional_data == NULL) {
in_len--;
}
- status = psa_call(ipc_handle, PSA_IPC_CALL, in_vec, in_len,
+ status = psa_call(TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, in_len,
out_vec, ARRAY_SIZE(out_vec));
#else
status = API_DISPATCH(tfm_crypto_aead_encrypt,
@@ -1214,10 +967,6 @@ psa_status_t psa_aead_encrypt(psa_key_id_t key_id,
*ciphertext_length = out_vec[0].len;
-#ifdef TFM_PSA_API
- PSA_CLOSE();
-#endif
-
return status;
#endif /* TFM_CRYPTO_AEAD_MODULE_DISABLED */
}
@@ -1271,15 +1020,11 @@ psa_status_t psa_aead_decrypt(psa_key_id_t key_id,
}
#ifdef TFM_PSA_API
- PSA_CONNECT(TFM_CRYPTO);
-#endif
-
-#ifdef TFM_PSA_API
size_t in_len = ARRAY_SIZE(in_vec);
if (additional_data == NULL) {
in_len--;
}
- status = psa_call(ipc_handle, PSA_IPC_CALL, in_vec, in_len,
+ status = psa_call(TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, in_len,
out_vec, ARRAY_SIZE(out_vec));
#else
status = API_DISPATCH(tfm_crypto_aead_decrypt,
@@ -1288,10 +1033,6 @@ psa_status_t psa_aead_decrypt(psa_key_id_t key_id,
*plaintext_length = out_vec[0].len;
-#ifdef TFM_PSA_API
- PSA_CLOSE();
-#endif
-
return status;
#endif /* TFM_CRYPTO_AEAD_MODULE_DISABLED */
}
@@ -1334,18 +1075,11 @@ psa_status_t psa_sign_hash(psa_key_id_t key_id,
{.base = signature, .len = signature_size},
};
-#ifdef TFM_PSA_API
- PSA_CONNECT(TFM_CRYPTO);
-#endif
status = API_DISPATCH(tfm_crypto_sign_hash,
TFM_CRYPTO_SIGN_HASH);
*signature_length = out_vec[0].len;
-#ifdef TFM_PSA_API
- PSA_CLOSE();
-#endif
-
return status;
#endif /* TFM_CRYPTO_ASYM_SIGN_MODULE_DISABLED */
}
@@ -1384,15 +1118,8 @@ psa_status_t psa_verify_hash(psa_key_id_t key_id,
{.base = signature, .len = signature_length}
};
-#ifdef TFM_PSA_API
- PSA_CONNECT(TFM_CRYPTO);
-#endif
-
status = API_DISPATCH_NO_OUTVEC(tfm_crypto_verify_hash,
TFM_CRYPTO_VERIFY_HASH);
-#ifdef TFM_PSA_API
- PSA_CLOSE();
-#endif
return status;
#endif /* TFM_CRYPTO_ASYM_SIGN_MODULE_DISABLED */
@@ -1434,15 +1161,11 @@ psa_status_t psa_asymmetric_encrypt(psa_key_id_t key_id,
};
#ifdef TFM_PSA_API
- PSA_CONNECT(TFM_CRYPTO);
-#endif
-
-#ifdef TFM_PSA_API
size_t in_len = ARRAY_SIZE(in_vec);
if (salt == NULL) {
in_len--;
}
- status = psa_call(ipc_handle, PSA_IPC_CALL, in_vec, in_len,
+ status = psa_call(TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, in_len,
out_vec, ARRAY_SIZE(out_vec));
#else
status = API_DISPATCH(tfm_crypto_asymmetric_encrypt,
@@ -1451,10 +1174,6 @@ psa_status_t psa_asymmetric_encrypt(psa_key_id_t key_id,
*output_length = out_vec[0].len;
-#ifdef TFM_PSA_API
- PSA_CLOSE();
-#endif
-
return status;
#endif /* TFM_CRYPTO_ASYM_ENCRYPT_MODULE_DISABLED */
}
@@ -1495,15 +1214,11 @@ psa_status_t psa_asymmetric_decrypt(psa_key_id_t key_id,
};
#ifdef TFM_PSA_API
- PSA_CONNECT(TFM_CRYPTO);
-#endif
-
-#ifdef TFM_PSA_API
size_t in_len = ARRAY_SIZE(in_vec);
if (salt == NULL) {
in_len--;
}
- status = psa_call(ipc_handle, PSA_IPC_CALL, in_vec, in_len,
+ status = psa_call(TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, in_len,
out_vec, ARRAY_SIZE(out_vec));
#else
status = API_DISPATCH(tfm_crypto_asymmetric_decrypt,
@@ -1512,10 +1227,6 @@ psa_status_t psa_asymmetric_decrypt(psa_key_id_t key_id,
*output_length = out_vec[0].len;
-#ifdef TFM_PSA_API
- PSA_CLOSE();
-#endif
-
return status;
#endif /* TFM_CRYPTO_ASYM_ENCRYPT_MODULE_DISABLED */
}
@@ -1541,15 +1252,8 @@ psa_status_t psa_key_derivation_get_capacity(
{.base = capacity, .len = sizeof(size_t)},
};
-#ifdef TFM_PSA_API
- PSA_CONNECT(TFM_CRYPTO);
-#endif
-
status = API_DISPATCH(tfm_crypto_key_derivation_get_capacity,
TFM_CRYPTO_KEY_DERIVATION_GET_CAPACITY);
-#ifdef TFM_PSA_API
- PSA_CLOSE();
-#endif
return status;
#endif /* TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED */
@@ -1577,15 +1281,8 @@ psa_status_t psa_key_derivation_output_bytes(
{.base = output, .len = output_length},
};
-#ifdef TFM_PSA_API
- PSA_CONNECT(TFM_CRYPTO);
-#endif
-
status = API_DISPATCH(tfm_crypto_key_derivation_output_bytes,
TFM_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES);
-#ifdef TFM_PSA_API
- PSA_CLOSE();
-#endif
return status;
#endif /* TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED */
@@ -1611,15 +1308,8 @@ psa_status_t psa_key_derivation_input_key(
{.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
};
-#ifdef TFM_PSA_API
- PSA_CONNECT(TFM_CRYPTO);
-#endif
-
status = API_DISPATCH_NO_OUTVEC(tfm_crypto_key_derivation_input_key,
TFM_CRYPTO_KEY_DERIVATION_INPUT_KEY);
-#ifdef TFM_PSA_API
- PSA_CLOSE();
-#endif
return status;
#endif /* TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED */
@@ -1644,15 +1334,8 @@ psa_status_t psa_key_derivation_abort(psa_key_derivation_operation_t *operation)
{.base = &(operation->handle), .len = sizeof(uint32_t)},
};
-#ifdef TFM_PSA_API
- PSA_CONNECT(TFM_CRYPTO);
-#endif
-
status = API_DISPATCH(tfm_crypto_key_derivation_abort,
TFM_CRYPTO_KEY_DERIVATION_ABORT);
-#ifdef TFM_PSA_API
- PSA_CLOSE();
-#endif
return status;
#endif /* TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED */
@@ -1685,17 +1368,9 @@ psa_status_t psa_key_derivation_key_agreement(
{.base = &(operation->handle), .len = sizeof(uint32_t)},
};
-#ifdef TFM_PSA_API
- PSA_CONNECT(TFM_CRYPTO);
-#endif
-
status = API_DISPATCH(tfm_crypto_key_derivation_key_agreement,
TFM_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT);
-#ifdef TFM_PSA_API
- PSA_CLOSE();
-#endif
-
return status;
#endif /* TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED */
}
@@ -1723,17 +1398,9 @@ psa_status_t psa_generate_random(uint8_t *output,
return PSA_SUCCESS;
}
-#ifdef TFM_PSA_API
- PSA_CONNECT(TFM_CRYPTO);
-#endif
-
status = API_DISPATCH(tfm_crypto_generate_random,
TFM_CRYPTO_GENERATE_RANDOM);
-#ifdef TFM_PSA_API
- PSA_CLOSE();
-#endif
-
return status;
#endif /* TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED */
}
@@ -1758,15 +1425,8 @@ psa_status_t psa_generate_key(const psa_key_attributes_t *attributes,
{.base = key_id, .len = sizeof(psa_key_id_t)},
};
-#ifdef TFM_PSA_API
- PSA_CONNECT(TFM_CRYPTO);
-#endif
-
status = API_DISPATCH(tfm_crypto_generate_key,
TFM_CRYPTO_GENERATE_KEY);
-#ifdef TFM_PSA_API
- PSA_CLOSE();
-#endif
return status;
#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
@@ -1907,18 +1567,11 @@ psa_status_t psa_raw_key_agreement(psa_algorithm_t alg,
{.base = output, .len = output_size},
};
-#ifdef TFM_PSA_API
- PSA_CONNECT(TFM_CRYPTO);
-#endif
status = API_DISPATCH(tfm_crypto_raw_key_agreement,
TFM_CRYPTO_RAW_KEY_AGREEMENT);
*output_length = out_vec[0].len;
-#ifdef TFM_PSA_API
- PSA_CLOSE();
-#endif
-
return status;
#endif /* TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED */
}
@@ -1943,15 +1596,8 @@ psa_status_t psa_key_derivation_setup(psa_key_derivation_operation_t *operation,
{.base = &(operation->handle), .len = sizeof(uint32_t)},
};
-#ifdef TFM_PSA_API
- PSA_CONNECT(TFM_CRYPTO);
-#endif
-
status = API_DISPATCH(tfm_crypto_key_derivation_setup,
TFM_CRYPTO_KEY_DERIVATION_SETUP);
-#ifdef TFM_PSA_API
- PSA_CLOSE();
-#endif
return status;
#endif /* TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED */
@@ -1975,15 +1621,8 @@ psa_status_t psa_key_derivation_set_capacity(
{.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
};
-#ifdef TFM_PSA_API
- PSA_CONNECT(TFM_CRYPTO);
-#endif
-
status = API_DISPATCH_NO_OUTVEC(tfm_crypto_key_derivation_set_capacity,
TFM_CRYPTO_KEY_DERIVATION_SET_CAPACITY);
-#ifdef TFM_PSA_API
- PSA_CLOSE();
-#endif
return status;
#endif /* TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED */
@@ -2010,15 +1649,8 @@ psa_status_t psa_key_derivation_input_bytes(
{.base = data, .len = data_length},
};
-#ifdef TFM_PSA_API
- PSA_CONNECT(TFM_CRYPTO);
-#endif
-
status = API_DISPATCH_NO_OUTVEC(tfm_crypto_key_derivation_input_bytes,
TFM_CRYPTO_KEY_DERIVATION_INPUT_BYTES);
-#ifdef TFM_PSA_API
- PSA_CLOSE();
-#endif
return status;
#endif /* TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED */
@@ -2047,15 +1679,8 @@ psa_status_t psa_key_derivation_output_key(
{.base = key_id, .len = sizeof(psa_key_id_t)}
};
-#ifdef TFM_PSA_API
- PSA_CONNECT(TFM_CRYPTO);
-#endif
-
status = API_DISPATCH(tfm_crypto_key_derivation_output_key,
TFM_CRYPTO_KEY_DERIVATION_OUTPUT_KEY);
-#ifdef TFM_PSA_API
- PSA_CLOSE();
-#endif
return status;
#endif /* TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED */