commit 045ec4abfc73152a0116684ba9127d0a97cc8d34
author Summer Qin <summer.qin@arm.com> Wed Jul 07 14:28:04 2021 +0800
committer Ken Liu <ken.liu@arm.com> Wed Jul 21 09:24:12 2021 +0200
tree 79a2c07972bde409a149601972627e750a1d0da1
parent 359167d3a2fe109adb9fae3a086864489fdc1005

Crypto: Add support for some cipher and mac functions

Add support for 'psa_cipher_encrypt', 'psa_cipher_decrypt',
'psa_mac_compute' and 'psa_mac_verify' since mbedtls-3.0.0 has
implemented them.

Change-Id: Iec2c5799cd7e44a9f478bd1f36234bdc548a559e
Signed-off-by: Summer Qin <summer.qin@arm.com>

secure_fw/partitions/crypto/crypto_cipher.c

diff --git a/secure_fw/partitions/crypto/crypto_cipher.c b/secure_fw/partitions/crypto/crypto_cipher.c
index 6318d0f..670aa48 100644
--- a/secure_fw/partitions/crypto/crypto_cipher.c
+++ b/secure_fw/partitions/crypto/crypto_cipher.c
@@ -355,8 +355,39 @@
                                        psa_outvec out_vec[],
                                        size_t out_len)
 {
-    /* FixMe: To be implemented */
+#ifdef TFM_CRYPTO_CIPHER_MODULE_DISABLED
     return PSA_ERROR_NOT_SUPPORTED;
+#else
+    psa_status_t status = PSA_SUCCESS;
+
+    CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 1, 2, out_len, 1, 1);
+
+    if (in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) {
+        return PSA_ERROR_PROGRAMMER_ERROR;
+    }
+
+    const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
+    psa_key_id_t key_id = iov->key_id;
+    psa_algorithm_t alg = iov->alg;
+    const uint8_t *input = in_vec[1].base;
+    size_t input_length = in_vec[1].len;
+    uint8_t *output = out_vec[0].base;
+    size_t output_size = out_vec[0].len;
+    mbedtls_svc_key_id_t encoded_key;
+
+    status = tfm_crypto_check_handle_owner(key_id);
+    if (status != PSA_SUCCESS) {
+        return status;
+    }
+
+    status = tfm_crypto_encode_id_and_owner(key_id, &encoded_key);
+    if (status != PSA_SUCCESS) {
+        return status;
+    }
+
+    return psa_cipher_encrypt(encoded_key, alg, input, input_length, output,
+                              output_size, &out_vec[0].len);
+#endif /* TFM_CRYPTO_CIPHER_MODULE_DISABLED */
 }
 
 psa_status_t tfm_crypto_cipher_decrypt(psa_invec in_vec[],
@@ -364,7 +395,37 @@
                                        psa_outvec out_vec[],
                                        size_t out_len)
 {
-    /* FixMe: To be implemented */
+#ifdef TFM_CRYPTO_CIPHER_MODULE_DISABLED
     return PSA_ERROR_NOT_SUPPORTED;
+#else
+    psa_status_t status = PSA_SUCCESS;
+
+    CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 1, 2, out_len, 1, 1);
+
+    if (in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) {
+        return PSA_ERROR_PROGRAMMER_ERROR;
+    }
+    const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
+    psa_key_id_t key_id = iov->key_id;
+    psa_algorithm_t alg = iov->alg;
+    const uint8_t *input = in_vec[1].base;
+    size_t input_length = in_vec[1].len;
+    uint8_t *output = out_vec[0].base;
+    size_t output_size = out_vec[0].len;
+    mbedtls_svc_key_id_t encoded_key;
+
+    status = tfm_crypto_check_handle_owner(key_id);
+    if (status != PSA_SUCCESS) {
+        return status;
+    }
+
+    status = tfm_crypto_encode_id_and_owner(key_id, &encoded_key);
+    if (status != PSA_SUCCESS) {
+        return status;
+    }
+
+    return psa_cipher_decrypt(encoded_key, alg, input, input_length, output,
+                              output_size, &out_vec[0].len);
+#endif /* TFM_CRYPTO_CIPHER_MODULE_DISABLED */
 }
 /*!@}*/