aboutsummaryrefslogtreecommitdiff
path: root/secure_fw/partitions/crypto/crypto_asymmetric.c
diff options
context:
space:
mode:
Diffstat (limited to 'secure_fw/partitions/crypto/crypto_asymmetric.c')
-rw-r--r--secure_fw/partitions/crypto/crypto_asymmetric.c286
1 files changed, 127 insertions, 159 deletions
diff --git a/secure_fw/partitions/crypto/crypto_asymmetric.c b/secure_fw/partitions/crypto/crypto_asymmetric.c
index c3a39094e4..471d7deda8 100644
--- a/secure_fw/partitions/crypto/crypto_asymmetric.c
+++ b/secure_fw/partitions/crypto/crypto_asymmetric.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2019-2021, Arm Limited. All rights reserved.
+ * Copyright (c) 2019-2022, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -8,196 +8,164 @@
#include <stddef.h>
#include <stdint.h>
+#include "config_tfm.h"
#include "tfm_mbedcrypto_include.h"
#include "tfm_crypto_api.h"
+#include "tfm_crypto_key.h"
#include "tfm_crypto_defs.h"
-#include "tfm_crypto_private.h"
+
+#include "crypto_library.h"
/*!
- * \defgroup public_psa Public functions, PSA
+ * \addtogroup tfm_crypto_api_shim_layer
*
*/
/*!@{*/
-psa_status_t tfm_crypto_sign_hash(psa_invec in_vec[],
- size_t in_len,
- psa_outvec out_vec[],
- size_t out_len)
+#if CRYPTO_ASYM_SIGN_MODULE_ENABLED
+psa_status_t tfm_crypto_asymmetric_sign_interface(psa_invec in_vec[],
+ psa_outvec out_vec[],
+ struct tfm_crypto_key_id_s *encoded_key)
{
-#ifdef TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED
- return PSA_ERROR_NOT_SUPPORTED;
-#else
- CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 1, 2, out_len, 0, 1);
-
- if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec))) {
- return PSA_ERROR_PROGRAMMER_ERROR;
- }
-
const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
- psa_key_id_t key_id = iov->key_id;
- psa_algorithm_t alg = iov->alg;
- const uint8_t *hash = in_vec[1].base;
- size_t hash_length = in_vec[1].len;
- uint8_t *signature = out_vec[0].base;
- size_t signature_size = out_vec[0].len;
- mbedtls_svc_key_id_t encoded_key;
-
- psa_status_t status = tfm_crypto_check_handle_owner(key_id, NULL);
- if (status != PSA_SUCCESS) {
+ psa_status_t status = PSA_ERROR_NOT_SUPPORTED;
+
+ tfm_crypto_library_key_id_t library_key = tfm_crypto_library_key_id_init(
+ encoded_key->owner, encoded_key->key_id);
+ switch (iov->function_id) {
+ case TFM_CRYPTO_ASYMMETRIC_SIGN_MESSAGE_SID:
+ {
+ const uint8_t *input = in_vec[1].base;
+ size_t input_length = in_vec[1].len;
+ uint8_t *signature = out_vec[0].base;
+ size_t signature_size = out_vec[0].len;
+
+ status = psa_sign_message(library_key, iov->alg, input, input_length,
+ signature, signature_size, &(out_vec[0].len));
+ if (status != PSA_SUCCESS) {
+ out_vec[0].len = 0;
+ }
return status;
}
-
- status = tfm_crypto_encode_id_and_owner(key_id, &encoded_key);
- if (status != PSA_SUCCESS) {
- return status;
+ case TFM_CRYPTO_ASYMMETRIC_VERIFY_MESSAGE_SID:
+ {
+ const uint8_t *input = in_vec[1].base;
+ size_t input_length = in_vec[1].len;
+ const uint8_t *signature = in_vec[2].base;
+ size_t signature_length = in_vec[2].len;
+
+ return psa_verify_message(library_key, iov->alg, input, input_length,
+ signature, signature_length);
}
-
- return psa_sign_hash(encoded_key, alg, hash, hash_length,
- signature, signature_size, &(out_vec[0].len));
-#endif /* TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED */
-}
-
-psa_status_t tfm_crypto_verify_hash(psa_invec in_vec[],
- size_t in_len,
- psa_outvec out_vec[],
- size_t out_len)
-{
-#ifdef TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED
- return PSA_ERROR_NOT_SUPPORTED;
-#else
- CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 1, 3, out_len, 0, 0);
-
- if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec))) {
- return PSA_ERROR_PROGRAMMER_ERROR;
- }
-
- const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
-
- psa_key_id_t key_id = iov->key_id;
- psa_algorithm_t alg = iov->alg;
- const uint8_t *hash = in_vec[1].base;
- size_t hash_length = in_vec[1].len;
- const uint8_t *signature = in_vec[2].base;
- size_t signature_length = in_vec[2].len;
- mbedtls_svc_key_id_t encoded_key;
- psa_status_t status = tfm_crypto_check_handle_owner(key_id, NULL);
-
- if (status != PSA_SUCCESS) {
+ case TFM_CRYPTO_ASYMMETRIC_SIGN_HASH_SID:
+ {
+ const uint8_t *hash = in_vec[1].base;
+ size_t hash_length = in_vec[1].len;
+ uint8_t *signature = out_vec[0].base;
+ size_t signature_size = out_vec[0].len;
+
+ status = psa_sign_hash(library_key, iov->alg, hash, hash_length,
+ signature, signature_size, &(out_vec[0].len));
+ if (status != PSA_SUCCESS) {
+ out_vec[0].len = 0;
+ }
return status;
}
-
- status = tfm_crypto_encode_id_and_owner(key_id, &encoded_key);
- if (status != PSA_SUCCESS) {
- return status;
+ case TFM_CRYPTO_ASYMMETRIC_VERIFY_HASH_SID:
+ {
+ const uint8_t *hash = in_vec[1].base;
+ size_t hash_length = in_vec[1].len;
+ const uint8_t *signature = in_vec[2].base;
+ size_t signature_length = in_vec[2].len;
+
+ return psa_verify_hash(library_key, iov->alg, hash, hash_length,
+ signature, signature_length);
+ }
+ default:
+ return PSA_ERROR_NOT_SUPPORTED;
}
- return psa_verify_hash(encoded_key, alg, hash, hash_length,
- signature, signature_length);
-#endif /* TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED */
+ return PSA_ERROR_NOT_SUPPORTED;
}
-
-psa_status_t tfm_crypto_asymmetric_encrypt(psa_invec in_vec[],
- size_t in_len,
- psa_outvec out_vec[],
- size_t out_len)
+#else /* CRYPTO_ASYM_SIGN_MODULE_ENABLED */
+psa_status_t tfm_crypto_asymmetric_sign_interface(psa_invec in_vec[],
+ psa_outvec out_vec[],
+ struct tfm_crypto_key_id_s *encoded_key)
{
-#ifdef TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED
- return PSA_ERROR_NOT_SUPPORTED;
-#else
- psa_status_t status;
-
- CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 1, 3, out_len, 0, 1);
+ (void)in_vec;
+ (void)out_vec;
+ (void)encoded_key;
- if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec))) {
- return PSA_ERROR_PROGRAMMER_ERROR;
- }
+ return PSA_ERROR_NOT_SUPPORTED;
+}
+#endif /* CRYPTO_ASYM_SIGN_MODULE_ENABLED */
+#if CRYPTO_ASYM_ENCRYPT_MODULE_ENABLED
+psa_status_t tfm_crypto_asymmetric_encrypt_interface(psa_invec in_vec[],
+ psa_outvec out_vec[],
+ struct tfm_crypto_key_id_s *encoded_key)
+{
const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
- psa_key_id_t key_id = iov->key_id;
- psa_algorithm_t alg = iov->alg;
- const uint8_t *input = in_vec[1].base;
- size_t input_length = in_vec[1].len;
- const uint8_t *salt = in_vec[2].base;
- size_t salt_length = in_vec[2].len;
- uint8_t *output = out_vec[0].base;
- size_t output_size = out_vec[0].len;
- psa_key_type_t type;
- size_t key_bits;
- psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
- mbedtls_svc_key_id_t encoded_key;
-
- status = tfm_crypto_check_handle_owner(key_id, NULL);
- if (status != PSA_SUCCESS) {
+ psa_status_t status = PSA_ERROR_NOT_SUPPORTED;
+
+ tfm_crypto_library_key_id_t library_key = tfm_crypto_library_key_id_init(
+ encoded_key->owner, encoded_key->key_id);
+ switch (iov->function_id) {
+ case TFM_CRYPTO_ASYMMETRIC_ENCRYPT_SID:
+ {
+ const uint8_t *input = in_vec[1].base;
+ size_t input_length = in_vec[1].len;
+ const uint8_t *salt = in_vec[2].base;
+ size_t salt_length = in_vec[2].len;
+ uint8_t *output = out_vec[0].base;
+ size_t output_size = out_vec[0].len;
+
+ status = psa_asymmetric_encrypt(library_key, iov->alg,
+ input, input_length,
+ salt, salt_length,
+ output, output_size,
+ &(out_vec[0].len));
+ if (status != PSA_SUCCESS) {
+ out_vec[0].len = 0;
+ }
return status;
}
-
- status = tfm_crypto_encode_id_and_owner(key_id, &encoded_key);
- if (status != PSA_SUCCESS) {
+ case TFM_CRYPTO_ASYMMETRIC_DECRYPT_SID:
+ {
+ const uint8_t *input = in_vec[1].base;
+ size_t input_length = in_vec[1].len;
+ const uint8_t *salt = in_vec[2].base;
+ size_t salt_length = in_vec[2].len;
+ uint8_t *output = out_vec[0].base;
+ size_t output_size = out_vec[0].len;
+
+ status = psa_asymmetric_decrypt(library_key, iov->alg,
+ input, input_length,
+ salt, salt_length,
+ output, output_size,
+ &(out_vec[0].len));
+ if (status != PSA_SUCCESS) {
+ out_vec[0].len = 0;
+ }
return status;
}
-
- status = psa_get_key_attributes(encoded_key, &key_attributes);
- if (status != PSA_SUCCESS) {
- return status;
+ default:
+ return PSA_ERROR_NOT_SUPPORTED;
}
- key_bits = psa_get_key_bits(&key_attributes);
- type = psa_get_key_type(&key_attributes);
-
- psa_reset_key_attributes(&key_attributes);
-
- /* Check that the output buffer is large enough */
- if (output_size < PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(type, key_bits, alg)) {
- return PSA_ERROR_BUFFER_TOO_SMALL;
- }
-
- return psa_asymmetric_encrypt(encoded_key, alg, input, input_length,
- salt, salt_length,
- output, output_size, &(out_vec[0].len));
-#endif /* TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED */
+ return PSA_ERROR_NOT_SUPPORTED;
}
-
-psa_status_t tfm_crypto_asymmetric_decrypt(psa_invec in_vec[],
- size_t in_len,
- psa_outvec out_vec[],
- size_t out_len)
+#else /* CRYPTO_ASYM_ENCRYPT_MODULE_ENABLED */
+psa_status_t tfm_crypto_asymmetric_encrypt_interface(psa_invec in_vec[],
+ psa_outvec out_vec[],
+ struct tfm_crypto_key_id_s *encoded_key)
{
-#ifdef TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED
- return PSA_ERROR_NOT_SUPPORTED;
-#else
-
- CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 1, 3, out_len, 0, 1);
-
- if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec))) {
- return PSA_ERROR_PROGRAMMER_ERROR;
- }
- const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
-
- psa_key_id_t key_id = iov->key_id;
- psa_algorithm_t alg = iov->alg;
- const uint8_t *input = in_vec[1].base;
- size_t input_length = in_vec[1].len;
- const uint8_t *salt = in_vec[2].base;
- size_t salt_length = in_vec[2].len;
- uint8_t *output = out_vec[0].base;
- size_t output_size = out_vec[0].len;
- psa_status_t status;
- mbedtls_svc_key_id_t encoded_key;
-
- status = tfm_crypto_check_handle_owner(key_id, NULL);
- if (status != PSA_SUCCESS) {
- return status;
- }
-
- status = tfm_crypto_encode_id_and_owner(key_id, &encoded_key);
- if (status != PSA_SUCCESS) {
- return status;
- }
+ (void)in_vec;
+ (void)out_vec;
+ (void)encoded_key;
- return psa_asymmetric_decrypt(encoded_key, alg, input, input_length,
- salt, salt_length,
- output, output_size, &(out_vec[0].len));
-#endif /* TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED */
+ return PSA_ERROR_NOT_SUPPORTED;
}
+#endif /* CRYPTO_ASYM_ENCRYPT_MODULE_ENABLED */
/*!@}*/