Crypto: Align to PSA Crypto headers 0.1.0a
This patch updates the PSA Crypto API headers to version
0.1.0a. The Crypto service implementation is updated when
needed to make sure the service is buildable and functional.
Change-Id: I63709db0d87f449012d0c8355658f1af1583b3ab
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
diff --git a/secure_fw/ns_callable/tfm_crypto_veneers.c b/secure_fw/ns_callable/tfm_crypto_veneers.c
index a2c0652..07f6979 100644
--- a/secure_fw/ns_callable/tfm_crypto_veneers.c
+++ b/secure_fw/ns_callable/tfm_crypto_veneers.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2019, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -54,32 +54,32 @@
__tfm_secure_gateway_attributes__
-enum tfm_crypto_err_t tfm_crypto_veneer_encrypt_set_iv(
+enum tfm_crypto_err_t tfm_crypto_veneer_cipher_set_iv(
psa_cipher_operation_t *operation,
const unsigned char *iv,
size_t iv_length)
{
- TFM_CORE_SFN_REQUEST(TFM_SP_CRYPTO_ID, tfm_crypto_encrypt_set_iv,
+ TFM_CORE_SFN_REQUEST(TFM_SP_CRYPTO_ID, tfm_crypto_cipher_set_iv,
operation, iv, iv_length, 0);
}
__tfm_secure_gateway_attributes__
-enum tfm_crypto_err_t tfm_crypto_veneer_encrypt_setup(
+enum tfm_crypto_err_t tfm_crypto_veneer_cipher_encrypt_setup(
psa_cipher_operation_t *operation,
psa_key_slot_t key,
psa_algorithm_t alg)
{
- TFM_CORE_SFN_REQUEST(TFM_SP_CRYPTO_ID, tfm_crypto_encrypt_setup,
+ TFM_CORE_SFN_REQUEST(TFM_SP_CRYPTO_ID, tfm_crypto_cipher_encrypt_setup,
operation, key, alg, 0);
}
__tfm_secure_gateway_attributes__
-enum tfm_crypto_err_t tfm_crypto_veneer_decrypt_setup(
+enum tfm_crypto_err_t tfm_crypto_veneer_cipher_decrypt_setup(
psa_cipher_operation_t *operation,
psa_key_slot_t key,
psa_algorithm_t alg)
{
- TFM_CORE_SFN_REQUEST(TFM_SP_CRYPTO_ID, tfm_crypto_decrypt_setup,
+ TFM_CORE_SFN_REQUEST(TFM_SP_CRYPTO_ID, tfm_crypto_cipher_decrypt_setup,
operation, key, alg, 0);
}
@@ -113,11 +113,11 @@
}
__tfm_secure_gateway_attributes__
-enum tfm_crypto_err_t tfm_crypto_veneer_hash_start(
+enum tfm_crypto_err_t tfm_crypto_veneer_hash_setup(
psa_hash_operation_t *operation,
psa_algorithm_t alg)
{
- TFM_CORE_SFN_REQUEST(TFM_SP_CRYPTO_ID, tfm_crypto_hash_start,
+ TFM_CORE_SFN_REQUEST(TFM_SP_CRYPTO_ID, tfm_crypto_hash_setup,
operation, alg, 0, 0);
}
diff --git a/secure_fw/ns_callable/tfm_veneers.c b/secure_fw/ns_callable/tfm_veneers.c
index 76634f1..30ef5f1 100644
--- a/secure_fw/ns_callable/tfm_veneers.c
+++ b/secure_fw/ns_callable/tfm_veneers.c
@@ -32,13 +32,13 @@
psa_status_t tfm_crypto_destroy_key(struct psa_invec *, size_t, struct psa_outvec *, size_t);
psa_status_t tfm_crypto_get_key_information(struct psa_invec *, size_t, struct psa_outvec *, size_t);
psa_status_t tfm_crypto_export_key(struct psa_invec *, size_t, struct psa_outvec *, size_t);
-psa_status_t tfm_crypto_encrypt_set_iv(struct psa_invec *, size_t, struct psa_outvec *, size_t);
-psa_status_t tfm_crypto_encrypt_setup(struct psa_invec *, size_t, struct psa_outvec *, size_t);
-psa_status_t tfm_crypto_decrypt_setup(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+psa_status_t tfm_crypto_cipher_set_iv(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+psa_status_t tfm_crypto_cipher_encrypt_setup(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+psa_status_t tfm_crypto_cipher_decrypt_setup(struct psa_invec *, size_t, struct psa_outvec *, size_t);
psa_status_t tfm_crypto_cipher_update_wrapper(struct psa_invec *, size_t, struct psa_outvec *, size_t);
psa_status_t tfm_crypto_cipher_abort(struct psa_invec *, size_t, struct psa_outvec *, size_t);
psa_status_t tfm_crypto_cipher_finish(struct psa_invec *, size_t, struct psa_outvec *, size_t);
-psa_status_t tfm_crypto_hash_start(struct psa_invec *, size_t, struct psa_outvec *, size_t);
+psa_status_t tfm_crypto_hash_setup(struct psa_invec *, size_t, struct psa_outvec *, size_t);
psa_status_t tfm_crypto_hash_update(struct psa_invec *, size_t, struct psa_outvec *, size_t);
psa_status_t tfm_crypto_hash_finish(struct psa_invec *, size_t, struct psa_outvec *, size_t);
psa_status_t tfm_crypto_hash_verify(struct psa_invec *, size_t, struct psa_outvec *, size_t);
@@ -112,13 +112,13 @@
TFM_VENEER_FUNCTION(TFM_SP_CRYPTO, tfm_crypto_destroy_key)
TFM_VENEER_FUNCTION(TFM_SP_CRYPTO, tfm_crypto_get_key_information)
TFM_VENEER_FUNCTION(TFM_SP_CRYPTO, tfm_crypto_export_key)
-TFM_VENEER_FUNCTION(TFM_SP_CRYPTO, tfm_crypto_encrypt_set_iv)
-TFM_VENEER_FUNCTION(TFM_SP_CRYPTO, tfm_crypto_encrypt_setup)
-TFM_VENEER_FUNCTION(TFM_SP_CRYPTO, tfm_crypto_decrypt_setup)
+TFM_VENEER_FUNCTION(TFM_SP_CRYPTO, tfm_crypto_cipher_set_iv)
+TFM_VENEER_FUNCTION(TFM_SP_CRYPTO, tfm_crypto_cipher_encrypt_setup)
+TFM_VENEER_FUNCTION(TFM_SP_CRYPTO, tfm_crypto_cipher_decrypt_setup)
TFM_VENEER_FUNCTION(TFM_SP_CRYPTO, tfm_crypto_cipher_update_wrapper)
TFM_VENEER_FUNCTION(TFM_SP_CRYPTO, tfm_crypto_cipher_abort)
TFM_VENEER_FUNCTION(TFM_SP_CRYPTO, tfm_crypto_cipher_finish)
-TFM_VENEER_FUNCTION(TFM_SP_CRYPTO, tfm_crypto_hash_start)
+TFM_VENEER_FUNCTION(TFM_SP_CRYPTO, tfm_crypto_hash_setup)
TFM_VENEER_FUNCTION(TFM_SP_CRYPTO, tfm_crypto_hash_update)
TFM_VENEER_FUNCTION(TFM_SP_CRYPTO, tfm_crypto_hash_finish)
TFM_VENEER_FUNCTION(TFM_SP_CRYPTO, tfm_crypto_hash_verify)
diff --git a/secure_fw/services/crypto/crypto_alloc.c b/secure_fw/services/crypto/crypto_alloc.c
index c7ffec3..5ccd33c 100644
--- a/secure_fw/services/crypto/crypto_alloc.c
+++ b/secure_fw/services/crypto/crypto_alloc.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2019, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -25,10 +25,7 @@
#include "psa_crypto.h"
#include "tfm_crypto_api.h"
-/* The file "psa_crypto_struct.h" contains definitions for
- * implementation-specific structs that are declared in "psa_crypto.h".
- */
-#include "psa_crypto_struct.h"
+#include "tfm_crypto_struct.h"
/**
* \brief This value defines the maximum number of simultaneous operations
@@ -46,9 +43,9 @@
uint32_t in_use; /*!< Indicates if the operation is in use */
enum tfm_crypto_operation_type type; /*!< Type of the operation */
union {
- struct psa_cipher_operation_s cipher; /*!< Cipher operation context */
- struct psa_mac_operation_s mac; /*!< MAC operation context */
- struct psa_hash_operation_s hash; /*!< Hash operation context */
+ struct tfm_cipher_operation_s cipher; /*!< Cipher operation context */
+ struct tfm_mac_operation_s mac; /*!< MAC operation context */
+ struct tfm_hash_operation_s hash; /*!< Hash operation context */
} operation;
};
@@ -62,13 +59,13 @@
switch(operation[index].type) {
case TFM_CRYPTO_CIPHER_OPERATION:
- mem_size = sizeof(struct psa_cipher_operation_s);
+ mem_size = sizeof(struct tfm_cipher_operation_s);
break;
case TFM_CRYPTO_MAC_OPERATION:
- mem_size = sizeof(struct psa_mac_operation_s);
+ mem_size = sizeof(struct tfm_mac_operation_s);
break;
case TFM_CRYPTO_HASH_OPERATION:
- mem_size = sizeof(struct psa_hash_operation_s);
+ mem_size = sizeof(struct tfm_hash_operation_s);
break;
case TFM_CRYPTO_OPERATION_NONE:
default:
@@ -101,7 +98,7 @@
return TFM_CRYPTO_ERR_PSA_SUCCESS;
}
}
-
+ *handle = INVALID_HANDLE;
return TFM_CRYPTO_ERR_PSA_ERROR_NOT_PERMITTED;
}
@@ -124,15 +121,13 @@
enum tfm_crypto_err_t tfm_crypto_operation_lookup(
enum tfm_crypto_operation_type type,
- uint32_t *handle,
+ uint32_t handle,
void **oper)
{
- uint32_t i = *handle;
-
- if ( (i<TFM_CRYPTO_CONC_OPER_NUM) &&
- (operation[i].in_use == TFM_CRYPTO_IN_USE) &&
- (operation[i].type == type) ) {
- *oper = (void *) &(operation[i].operation);
+ if ( (handle<TFM_CRYPTO_CONC_OPER_NUM) &&
+ (operation[handle].in_use == TFM_CRYPTO_IN_USE) &&
+ (operation[handle].type == type) ) {
+ *oper = (void *) &(operation[handle].operation);
return TFM_CRYPTO_ERR_PSA_SUCCESS;
}
diff --git a/secure_fw/services/crypto/crypto_cipher.c b/secure_fw/services/crypto/crypto_cipher.c
index 96980d2..be2ac5d 100644
--- a/secure_fw/services/crypto/crypto_cipher.c
+++ b/secure_fw/services/crypto/crypto_cipher.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2019, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -24,10 +24,7 @@
#include "psa_crypto.h"
-/* The file "psa_crypto_struct.h" contains definitions for
- * implementation-specific structs that are declared in "psa_crypto.h".
- */
-#include "psa_crypto_struct.h"
+#include "tfm_crypto_struct.h"
#include "tfm_crypto_api.h"
#include "crypto_utils.h"
@@ -43,7 +40,7 @@
};
static enum tfm_crypto_err_t tfm_crypto_cipher_setup(
- psa_cipher_operation_t *handle,
+ psa_cipher_operation_t *operation,
psa_key_slot_t key,
psa_algorithm_t alg,
enum tfm_crypto_cipher_mode_t c_mode)
@@ -58,10 +55,10 @@
mbedtls_cipher_type_t type = MBEDTLS_CIPHER_NONE;
mbedtls_cipher_padding_t mbedtls_padding_mode = MBEDTLS_PADDING_NONE;
- struct psa_cipher_operation_s *operation = NULL;
+ struct tfm_cipher_operation_s *ctx = NULL;
/* Validate pointers */
- err = tfm_crypto_memory_check(handle,
+ err = tfm_crypto_memory_check(operation,
sizeof(psa_cipher_operation_t),
TFM_MEMORY_ACCESS_RW);
if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
@@ -101,65 +98,63 @@
}
/* Allocate the operation context in the TFM space */
- err = tfm_crypto_operation_alloc(TFM_CRYPTO_CIPHER_OPERATION, handle);
+ err = tfm_crypto_operation_alloc(TFM_CRYPTO_CIPHER_OPERATION,
+ &(operation->handle));
if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
return err;
}
-
-
/* Look up the corresponding operation context */
err = tfm_crypto_operation_lookup(TFM_CRYPTO_CIPHER_OPERATION,
- handle,
- (void **)&operation);
-
+ operation->handle,
+ (void **)&ctx);
if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
return err;
}
/* Bind the algorithm to the cipher operation */
- operation->alg = alg;
+ ctx->alg = alg;
/* Mbed TLS cipher init */
- mbedtls_cipher_init(&(operation->ctx.cipher));
+ mbedtls_cipher_init(&(ctx->cipher));
info = mbedtls_cipher_info_from_type(type);
- ret = mbedtls_cipher_setup(&(operation->ctx.cipher), info);
+ ret = mbedtls_cipher_setup(&(ctx->cipher), info);
if (ret != 0) {
/* Release the operation context */
- tfm_crypto_operation_release(handle);
+ tfm_crypto_operation_release(&(operation->handle));
return TFM_CRYPTO_ERR_PSA_ERROR_COMMUNICATION_FAILURE;
}
/* FIXME: Check based on the algorithm, if we need to have an IV */
- operation->iv_required = 1;
+ ctx->iv_required = 1;
/* Bind the key to the cipher operation */
- operation->key = key;
- operation->key_set = 1;
+ ctx->key = key;
+ ctx->key_set = 1;
/* Mbed TLS cipher set key */
if (c_mode == TFM_CRYPTO_CIPHER_MODE_ENCRYPT) {
- ret = mbedtls_cipher_setkey(&(operation->ctx.cipher),
+ ret = mbedtls_cipher_setkey(&(ctx->cipher),
&key_data[0],
PSA_BYTES_TO_BITS(key_size),
MBEDTLS_ENCRYPT);
} else if (c_mode == TFM_CRYPTO_CIPHER_MODE_DECRYPT) {
- ret = mbedtls_cipher_setkey(&(operation->ctx.cipher),
+ ret = mbedtls_cipher_setkey(&(ctx->cipher),
&key_data[0],
PSA_BYTES_TO_BITS(key_size),
MBEDTLS_DECRYPT);
} else {
/* Release the operation context */
- tfm_crypto_operation_release(handle);
+ tfm_crypto_operation_release(&(operation->handle));
return TFM_CRYPTO_ERR_PSA_ERROR_INVALID_ARGUMENT;
}
if (ret != 0) {
/* Release the operation context */
- tfm_crypto_operation_release(handle);
+ tfm_crypto_operation_release(&(operation->handle));
return TFM_CRYPTO_ERR_PSA_ERROR_COMMUNICATION_FAILURE;
}
@@ -180,11 +175,11 @@
return TFM_CRYPTO_ERR_PSA_ERROR_INVALID_ARGUMENT;
}
- ret = mbedtls_cipher_set_padding_mode(&(operation->ctx.cipher),
+ ret = mbedtls_cipher_set_padding_mode(&(ctx->cipher),
mbedtls_padding_mode);
if (ret != 0) {
/* Release the operation context */
- tfm_crypto_operation_release(handle);
+ tfm_crypto_operation_release(&(operation->handle));
return TFM_CRYPTO_ERR_PSA_ERROR_COMMUNICATION_FAILURE;
}
}
@@ -198,17 +193,17 @@
*/
/*!@{*/
-enum tfm_crypto_err_t tfm_crypto_encrypt_set_iv(
- psa_cipher_operation_t *handle,
+enum tfm_crypto_err_t tfm_crypto_cipher_set_iv(
+ psa_cipher_operation_t *operation,
const unsigned char *iv,
size_t iv_length)
{
int ret;
enum tfm_crypto_err_t err;
- struct psa_cipher_operation_s *operation = NULL;
+ struct tfm_cipher_operation_s *ctx = NULL;
/* Validate pointers */
- err = tfm_crypto_memory_check(handle,
+ err = tfm_crypto_memory_check(operation,
sizeof(psa_cipher_operation_t),
TFM_MEMORY_ACCESS_RW);
if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
@@ -221,70 +216,69 @@
/* Look up the corresponding operation context */
err = tfm_crypto_operation_lookup(TFM_CRYPTO_CIPHER_OPERATION,
- handle,
- (void **)&operation);
-
+ operation->handle,
+ (void **)&ctx);
if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
return err;
}
- if (operation->iv_required == 0) {
+ if (ctx->iv_required == 0) {
/* Release the operation context */
- tfm_crypto_operation_release(handle);
+ tfm_crypto_operation_release(&(operation->handle));
return TFM_CRYPTO_ERR_PSA_ERROR_NOT_PERMITTED;
}
if (iv_length > PSA_CIPHER_IV_MAX_SIZE) {
/* Release the operation context */
- tfm_crypto_operation_release(handle);
+ tfm_crypto_operation_release(&(operation->handle));
return TFM_CRYPTO_ERR_PSA_ERROR_NOT_SUPPORTED;
}
/* Bind the IV to the cipher operation */
- ret = mbedtls_cipher_set_iv(&(operation->ctx.cipher), iv, iv_length);
+ ret = mbedtls_cipher_set_iv(&(ctx->cipher), iv, iv_length);
if (ret != 0) {
/* Release the operation context */
- tfm_crypto_operation_release(handle);
+ tfm_crypto_operation_release(&(operation->handle));
return TFM_CRYPTO_ERR_PSA_ERROR_COMMUNICATION_FAILURE;
}
- operation->iv_set = 1;
- operation->iv_size = iv_length;
+ ctx->iv_set = 1;
+ ctx->iv_size = iv_length;
/* Reset the context after IV is set */
- ret = mbedtls_cipher_reset(&(operation->ctx.cipher));
+ ret = mbedtls_cipher_reset(&(ctx->cipher));
if (ret != 0) {
/* Release the operation context */
- tfm_crypto_operation_release(handle);
+ tfm_crypto_operation_release(&(operation->handle));
return TFM_CRYPTO_ERR_PSA_ERROR_COMMUNICATION_FAILURE;
}
return TFM_CRYPTO_ERR_PSA_SUCCESS;
}
-enum tfm_crypto_err_t tfm_crypto_encrypt_setup(
- psa_cipher_operation_t *handle,
+enum tfm_crypto_err_t tfm_crypto_cipher_encrypt_setup(
+ psa_cipher_operation_t *operation,
psa_key_slot_t key,
psa_algorithm_t alg)
{
- return tfm_crypto_cipher_setup(handle,
+ return tfm_crypto_cipher_setup(operation,
key,
alg,
TFM_CRYPTO_CIPHER_MODE_ENCRYPT);
}
-enum tfm_crypto_err_t tfm_crypto_decrypt_setup(
- psa_cipher_operation_t *handle,
+enum tfm_crypto_err_t tfm_crypto_cipher_decrypt_setup(
+ psa_cipher_operation_t *operation,
psa_key_slot_t key,
psa_algorithm_t alg)
{
- return tfm_crypto_cipher_setup(handle,
+ return tfm_crypto_cipher_setup(operation,
key,
alg,
TFM_CRYPTO_CIPHER_MODE_DECRYPT);
}
enum tfm_crypto_err_t tfm_crypto_cipher_update(
- psa_cipher_operation_t *handle,
+ psa_cipher_operation_t *operation,
const uint8_t *input,
size_t input_length,
unsigned char *output,
@@ -294,10 +288,10 @@
int ret;
enum tfm_crypto_err_t err;
size_t olen;
- struct psa_cipher_operation_s *operation = NULL;
+ struct tfm_cipher_operation_s *ctx = NULL;
/* Validate pointers */
- err = tfm_crypto_memory_check(handle,
+ err = tfm_crypto_memory_check(operation,
sizeof(psa_cipher_operation_t),
TFM_MEMORY_ACCESS_RW);
if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
@@ -324,24 +318,23 @@
/* Look up the corresponding operation context */
err = tfm_crypto_operation_lookup(TFM_CRYPTO_CIPHER_OPERATION,
- handle,
- (void **)&operation);
-
+ operation->handle,
+ (void **)&ctx);
if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
return err;
}
/* If the IV is required and it's not been set yet */
- if ((operation->iv_required == 1) && (operation->iv_set == 0)) {
+ if ((ctx->iv_required == 1) && (ctx->iv_set == 0)) {
- if (operation->ctx.cipher.operation != MBEDTLS_DECRYPT) {
+ if (ctx->cipher.operation != MBEDTLS_DECRYPT) {
/* Release the operation context */
- tfm_crypto_operation_release(handle);
+ tfm_crypto_operation_release(&(operation->handle));
return TFM_CRYPTO_ERR_PSA_ERROR_BAD_STATE;
}
/* This call is used to set the IV on the object */
- err = tfm_crypto_encrypt_set_iv(handle, input, input_length);
+ err = tfm_crypto_cipher_set_iv(operation, input, input_length);
*output_length = 0;
@@ -349,20 +342,19 @@
}
/* If the key is not set, setup phase has not been completed */
- if (operation->key_set == 0) {
+ if (ctx->key_set == 0) {
/* Release the operation context */
- tfm_crypto_operation_release(handle);
+ tfm_crypto_operation_release(&(operation->handle));
return TFM_CRYPTO_ERR_PSA_ERROR_BAD_STATE;
}
*output_length = 0;
- ret = mbedtls_cipher_update(&(operation->ctx.cipher), input, input_length,
+ ret = mbedtls_cipher_update(&(ctx->cipher), input, input_length,
output, &olen);
-
if ((ret != 0) || (olen == 0)) {
/* Release the operation context */
- tfm_crypto_operation_release(handle);
+ tfm_crypto_operation_release(&(operation->handle));
return TFM_CRYPTO_ERR_PSA_ERROR_COMMUNICATION_FAILURE;
}
@@ -373,7 +365,7 @@
}
enum tfm_crypto_err_t tfm_crypto_cipher_finish(
- psa_cipher_operation_t *handle,
+ psa_cipher_operation_t *operation,
uint8_t *output,
size_t output_size,
size_t *output_length)
@@ -381,10 +373,10 @@
int ret;
enum tfm_crypto_err_t err;
size_t olen;
- struct psa_cipher_operation_s *operation = NULL;
+ struct tfm_cipher_operation_s *ctx = NULL;
/* Validate pointers */
- err = tfm_crypto_memory_check(handle,
+ err = tfm_crypto_memory_check(operation,
sizeof(psa_cipher_operation_t),
TFM_MEMORY_ACCESS_RW);
if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
@@ -407,27 +399,26 @@
/* Look up the corresponding operation context */
err = tfm_crypto_operation_lookup(TFM_CRYPTO_CIPHER_OPERATION,
- handle,
- (void **)&operation);
-
+ operation->handle,
+ (void **)&ctx);
if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
return err;
}
- ret = mbedtls_cipher_finish(&(operation->ctx.cipher), output, &olen);
+ ret = mbedtls_cipher_finish(&(ctx->cipher), output, &olen);
if (ret != 0) {
/* Release the operation context */
- tfm_crypto_operation_release(handle);
+ tfm_crypto_operation_release(&(operation->handle));
return TFM_CRYPTO_ERR_PSA_ERROR_COMMUNICATION_FAILURE;
}
*output_length = olen;
/* Clear the Mbed TLS context */
- mbedtls_cipher_free(&(operation->ctx.cipher));
+ mbedtls_cipher_free(&(ctx->cipher));
/* Release the operation context */
- err = tfm_crypto_operation_release(handle);
+ err = tfm_crypto_operation_release(&(operation->handle));
if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
return err;
}
@@ -435,13 +426,13 @@
return TFM_CRYPTO_ERR_PSA_SUCCESS;
}
-enum tfm_crypto_err_t tfm_crypto_cipher_abort(psa_cipher_operation_t *handle)
+enum tfm_crypto_err_t tfm_crypto_cipher_abort(psa_cipher_operation_t *operation)
{
enum tfm_crypto_err_t err;
- struct psa_cipher_operation_s *operation = NULL;
+ struct tfm_cipher_operation_s *ctx = NULL;
/* Validate pointers */
- err = tfm_crypto_memory_check(handle,
+ err = tfm_crypto_memory_check(operation,
sizeof(psa_cipher_operation_t),
TFM_MEMORY_ACCESS_RW);
if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
@@ -450,18 +441,17 @@
/* Look up the corresponding operation context */
err = tfm_crypto_operation_lookup(TFM_CRYPTO_CIPHER_OPERATION,
- handle,
- (void **)&operation);
-
+ operation->handle,
+ (void **)&ctx);
if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
return err;
}
/* Clear the Mbed TLS context */
- mbedtls_cipher_free(&(operation->ctx.cipher));
+ mbedtls_cipher_free(&(ctx->cipher));
/* Release the operation context */
- err = tfm_crypto_operation_release(handle);
+ err = tfm_crypto_operation_release(&(operation->handle));
if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
return err;
}
diff --git a/secure_fw/services/crypto/crypto_hash.c b/secure_fw/services/crypto/crypto_hash.c
index 6983b8f..8356d55 100644
--- a/secure_fw/services/crypto/crypto_hash.c
+++ b/secure_fw/services/crypto/crypto_hash.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2019, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -23,9 +23,7 @@
#include "psa_crypto.h"
-/* The file "psa_crypto_struct.h" contains definitions for
- * implementation-specific structs that are declared in "psa_crypto.h". */
-#include "psa_crypto_struct.h"
+#include "tfm_crypto_struct.h"
#include "tfm_crypto_api.h"
#include "crypto_utils.h"
@@ -36,7 +34,7 @@
*/
/*!@{*/
-enum tfm_crypto_err_t tfm_crypto_hash_start(psa_hash_operation_t *handle,
+enum tfm_crypto_err_t tfm_crypto_hash_setup(psa_hash_operation_t *operation,
psa_algorithm_t alg)
{
int ret;
@@ -44,10 +42,10 @@
const mbedtls_md_info_t *info = NULL;
mbedtls_md_type_t type = MBEDTLS_MD_NONE;
- struct psa_hash_operation_s *operation = NULL;
+ struct tfm_hash_operation_s *ctx = NULL;
/* Validate pointers */
- err = tfm_crypto_memory_check(handle,
+ err = tfm_crypto_memory_check(operation,
sizeof(psa_hash_operation_t),
TFM_MEMORY_ACCESS_RW);
if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
@@ -118,57 +116,57 @@
return TFM_CRYPTO_ERR_PSA_ERROR_NOT_SUPPORTED;
}
- /* Allocate the operation context in the TFM space */
- err = tfm_crypto_operation_alloc(TFM_CRYPTO_HASH_OPERATION, handle);
+ /* Allocate the operation context in the Secure world */
+ err = tfm_crypto_operation_alloc(TFM_CRYPTO_HASH_OPERATION,
+ &(operation->handle));
if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
return err;
}
/* Look up the corresponding operation context */
err = tfm_crypto_operation_lookup(TFM_CRYPTO_HASH_OPERATION,
- handle,
- (void **)&operation);
-
+ operation->handle,
+ (void **)&ctx);
if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
/* Release the operation context */
- tfm_crypto_operation_release(handle);
+ tfm_crypto_operation_release(&(operation->handle));
return err;
}
- /* Bind the algorithm to the hash operation */
- operation->alg = alg;
+ /* Bind the algorithm to the hash context */
+ ctx->alg = alg;
/* Mbed TLS message digest init */
- mbedtls_md_init(&operation->ctx.md);
+ mbedtls_md_init(&ctx->md);
info = mbedtls_md_info_from_type(type);
- ret = mbedtls_md_setup(&(operation->ctx.md), info, 0); /* 0: not HMAC */
+ ret = mbedtls_md_setup(&(ctx->md), info, 0); /* 0: not HMAC */
if (ret != 0) {
/* Release the operation context */
- tfm_crypto_operation_release(handle);
+ tfm_crypto_operation_release(&(operation->handle));
return TFM_CRYPTO_ERR_PSA_ERROR_COMMUNICATION_FAILURE;
}
/* Start the message digest context */
- ret = mbedtls_md_starts(&(operation->ctx.md));
+ ret = mbedtls_md_starts(&(ctx->md));
if (ret != 0) {
/* Release the operation context */
- tfm_crypto_operation_release(handle);
+ tfm_crypto_operation_release(&(operation->handle));
return TFM_CRYPTO_ERR_PSA_ERROR_COMMUNICATION_FAILURE;
}
return TFM_CRYPTO_ERR_PSA_SUCCESS;
}
-enum tfm_crypto_err_t tfm_crypto_hash_update(psa_hash_operation_t *handle,
+enum tfm_crypto_err_t tfm_crypto_hash_update(psa_hash_operation_t *operation,
const uint8_t *input,
size_t input_length)
{
int ret;
enum tfm_crypto_err_t err;
- struct psa_hash_operation_s *operation = NULL;
+ struct tfm_hash_operation_s *ctx = NULL;
/* Validate pointers */
- err = tfm_crypto_memory_check(handle,
+ err = tfm_crypto_memory_check(operation,
sizeof(psa_hash_operation_t),
TFM_MEMORY_ACCESS_RW);
if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
@@ -183,43 +181,42 @@
/* Look up the corresponding operation context */
err = tfm_crypto_operation_lookup(TFM_CRYPTO_HASH_OPERATION,
- handle,
- (void **)&operation);
-
+ operation->handle,
+ (void **)&ctx);
if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
return err;
}
/* Process the input chunk */
- ret = mbedtls_md_update(&(operation->ctx.md), input, input_length);
+ ret = mbedtls_md_update(&(ctx->md), input, input_length);
if (ret != 0) {
/* Release the operation context */
- tfm_crypto_operation_release(handle);
+ tfm_crypto_operation_release(&(operation->handle));
return TFM_CRYPTO_ERR_PSA_ERROR_COMMUNICATION_FAILURE;
}
return TFM_CRYPTO_ERR_PSA_SUCCESS;
}
-enum tfm_crypto_err_t tfm_crypto_hash_finish(psa_hash_operation_t *handle,
+enum tfm_crypto_err_t tfm_crypto_hash_finish(psa_hash_operation_t *operation,
uint8_t *hash,
size_t hash_size,
size_t *hash_length)
{
int ret;
enum tfm_crypto_err_t err;
- struct psa_hash_operation_s *operation = NULL;
+ struct tfm_hash_operation_s *ctx = NULL;
/* Validate pointers */
- err = tfm_crypto_memory_check(handle,
+ err = tfm_crypto_memory_check(operation,
sizeof(psa_hash_operation_t),
TFM_MEMORY_ACCESS_RW);
if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
return TFM_CRYPTO_ERR_PSA_ERROR_INVALID_ARGUMENT;
}
- err = tfm_crypto_memory_check((void *)hash,
+ err = tfm_crypto_memory_check(hash,
hash_size,
- TFM_MEMORY_ACCESS_RO);
+ TFM_MEMORY_ACCESS_RW);
if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
return TFM_CRYPTO_ERR_PSA_ERROR_INVALID_ARGUMENT;
}
@@ -232,35 +229,34 @@
/* Look up the corresponding operation context */
err = tfm_crypto_operation_lookup(TFM_CRYPTO_HASH_OPERATION,
- handle,
- (void **)&operation);
-
+ operation->handle,
+ (void **)&ctx);
if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
return err;
}
- if (hash_size < PSA_HASH_SIZE(operation->alg)) {
+ if (hash_size < PSA_HASH_SIZE(ctx->alg)) {
/* Release the operation context */
- tfm_crypto_operation_release(handle);
+ tfm_crypto_operation_release(&(operation->handle));
return TFM_CRYPTO_ERR_PSA_ERROR_BUFFER_TOO_SMALL;
}
/* Finalise the hash value */
- ret = mbedtls_md_finish(&(operation->ctx.md), hash);
+ ret = mbedtls_md_finish(&(ctx->md), hash);
if (ret != 0) {
/* Release the operation context */
- tfm_crypto_operation_release(handle);
+ tfm_crypto_operation_release(&(operation->handle));
return TFM_CRYPTO_ERR_PSA_ERROR_COMMUNICATION_FAILURE;
}
/* Set the length of the hash that has been produced */
- *hash_length = PSA_HASH_SIZE(operation->alg);
+ *hash_length = PSA_HASH_SIZE(ctx->alg);
/* Clear the Mbed TLS message digest context */
- mbedtls_md_free(&(operation->ctx.md));
+ mbedtls_md_free(&(ctx->md));
/* Release the operation context */
- err = tfm_crypto_operation_release(handle);
+ err = tfm_crypto_operation_release(&(operation->handle));
if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
return err;
}
@@ -268,7 +264,7 @@
return TFM_CRYPTO_ERR_PSA_SUCCESS;
}
-enum tfm_crypto_err_t tfm_crypto_hash_verify(psa_hash_operation_t *handle,
+enum tfm_crypto_err_t tfm_crypto_hash_verify(psa_hash_operation_t *operation,
const uint8_t *hash,
size_t hash_length)
{
@@ -278,7 +274,7 @@
uint32_t idx, comp_mismatch = 0;
/* Validate pointers */
- err = tfm_crypto_memory_check(handle,
+ err = tfm_crypto_memory_check(operation,
sizeof(psa_hash_operation_t),
TFM_MEMORY_ACCESS_RW);
if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
@@ -286,7 +282,7 @@
}
/* Finalise the hash operation */
- err = tfm_crypto_hash_finish(handle,
+ err = tfm_crypto_hash_finish(operation,
digest,
PSA_HASH_MAX_SIZE,
&digest_length);
@@ -309,25 +305,32 @@
return TFM_CRYPTO_ERR_PSA_SUCCESS;
}
-enum tfm_crypto_err_t tfm_crypto_hash_abort(psa_hash_operation_t *handle)
+enum tfm_crypto_err_t tfm_crypto_hash_abort(psa_hash_operation_t *operation)
{
enum tfm_crypto_err_t err;
- struct psa_hash_operation_s *operation = NULL;
+ struct tfm_hash_operation_s *ctx = NULL;
+
+ /* Validate pointers */
+ err = tfm_crypto_memory_check(operation,
+ sizeof(psa_hash_operation_t),
+ TFM_MEMORY_ACCESS_RW);
+ if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
+ return TFM_CRYPTO_ERR_PSA_ERROR_INVALID_ARGUMENT;
+ }
/* Look up the corresponding operation context */
err = tfm_crypto_operation_lookup(TFM_CRYPTO_HASH_OPERATION,
- handle,
- (void **)&operation);
-
+ operation->handle,
+ (void **)&ctx);
if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
return err;
}
/* Clear the Mbed TLS message digest context */
- mbedtls_md_free(&(operation->ctx.md));
+ mbedtls_md_free(&(ctx->md));
/* Release the operation context */
- err = tfm_crypto_operation_release(handle);
+ err = tfm_crypto_operation_release(&(operation->handle));
if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
return err;
}
diff --git a/secure_fw/services/crypto/crypto_key.c b/secure_fw/services/crypto/crypto_key.c
index 18ca931..a6769d4 100644
--- a/secure_fw/services/crypto/crypto_key.c
+++ b/secure_fw/services/crypto/crypto_key.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2019, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -24,10 +24,7 @@
#include "psa_crypto.h"
-/* The file "psa_crypto_struct.h" contains definitions for
- * implementation-specific structs that are declared in "psa_crypto.h".
- */
-#include "psa_crypto_struct.h"
+#include "tfm_crypto_struct.h"
/**
* \brief This value defines the maximum number of simultaneous key stores
diff --git a/secure_fw/services/crypto/manifest.yaml b/secure_fw/services/crypto/manifest.yaml
index d7cc68d..10b53f3 100644
--- a/secure_fw/services/crypto/manifest.yaml
+++ b/secure_fw/services/crypto/manifest.yaml
@@ -1,5 +1,5 @@
#-------------------------------------------------------------------------------
-# Copyright (c) 2018, Arm Limited. All rights reserved.
+# Copyright (c) 2018-2019, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -50,25 +50,25 @@
"minor_policy": "strict"
},
{
- "sfid": "TFM_CRYPTO_ENCRYPT_SET_IV_SFID",
- "signal": "TFM_CRYPTO_ENCRYPT_SET_IV",
- "tfm_symbol": "tfm_crypto_encrypt_set_iv",
+ "sfid": "TFM_CRYPTO_CIPHER_SET_IV_SFID",
+ "signal": "TFM_CRYPTO_CIPHER_SET_IV",
+ "tfm_symbol": "tfm_crypto_cipher_set_iv",
"non_secure_clients": true,
"minor_version": 1,
"minor_policy": "strict"
},
{
- "sfid": "TFM_CRYPTO_ENCRYPT_SETUP_SFID",
- "signal": "TFM_CRYPTO_ENCRYPT_SETUP",
- "tfm_symbol": "tfm_crypto_encrypt_setup",
+ "sfid": "TFM_CRYPTO_CIPHER_ENCRYPT_SETUP_SFID",
+ "signal": "TFM_CRYPTO_CIPHER_ENCRYPT_SETUP",
+ "tfm_symbol": "tfm_crypto_cipher_encrypt_setup",
"non_secure_clients": true,
"minor_version": 1,
"minor_policy": "strict"
},
{
- "sfid": "TFM_CRYPTO_DECRYPT_SETUP_SFID",
- "signal": "TFM_CRYPTO_DECRYPT_SETUP",
- "tfm_symbol": "tfm_crypto_decrypt_setup",
+ "sfid": "TFM_CRYPTO_CIPHER_DECRYPT_SETUP_SFID",
+ "signal": "TFM_CRYPTO_CIPHER_DECRYPT_SETUP",
+ "tfm_symbol": "tfm_crypto_cipher_decrypt_setup",
"non_secure_clients": true,
"minor_version": 1,
"minor_policy": "strict"
@@ -98,9 +98,9 @@
"minor_policy": "strict"
},
{
- "sfid": "TFM_CRYPTO_HASH_START_SFID",
- "signal": "TFM_CRYPTO_HASH_START",
- "tfm_symbol": "tfm_crypto_hash_start",
+ "sfid": "TFM_CRYPTO_HASH_SETUP_SFID",
+ "signal": "TFM_CRYPTO_HASH_SETUP",
+ "tfm_symbol": "tfm_crypto_hash_setup",
"non_secure_clients": true,
"minor_version": 1,
"minor_policy": "strict"
diff --git a/secure_fw/services/crypto/psa_crypto_struct.h b/secure_fw/services/crypto/psa_crypto_struct.h
deleted file mode 100644
index 651d434..0000000
--- a/secure_fw/services/crypto/psa_crypto_struct.h
+++ /dev/null
@@ -1,113 +0,0 @@
-/*
- * Copyright (c) 2018, Arm Limited. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- *
- */
-
-/**
- * \file psa_crypto_struct.h
- *
- * \brief PSA cryptography module: Mbed TLS structured type implementations
- */
-
-#ifndef __PSA_CRYPTO_STRUCT_H__
-#define __PSA_CRYPTO_STRUCT_H__
-
-/* Include the Mbed TLS configuration file, the way Mbed TLS does it
- * in each of its header files.
- */
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "platform/ext/common/tfm_mbedtls_config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include "mbedtls/cipher.h"
-#include "mbedtls/cmac.h"
-#include "mbedtls/gcm.h"
-#include "mbedtls/md.h"
-#include "mbedtls/md2.h"
-#include "mbedtls/md4.h"
-#include "mbedtls/md5.h"
-#include "mbedtls/ripemd160.h"
-#include "mbedtls/sha1.h"
-#include "mbedtls/sha256.h"
-#include "mbedtls/sha512.h"
-
-#if defined(MBEDTLS_SHA512_C)
-#define PSA_HASH_MAX_SIZE 64
-#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128
-#else
-#define PSA_HASH_MAX_SIZE 32
-#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64
-#endif
-
-struct psa_hash_operation_s
-{
- psa_algorithm_t alg;
- union
- {
- uint32_t dummy; /* Make the union non-empty in any case */
-#if defined(MBEDTLS_MD_C)
- mbedtls_md_context_t md;
-#endif
- } ctx;
-};
-
-
-typedef struct
-{
- /* The hash context. */
- struct psa_hash_operation_s hash_ctx;
- /* The HMAC part of the context. */
- uint8_t opad[PSA_HMAC_MAX_HASH_BLOCK_SIZE];
-} psa_hmac_internal_data;
-
-
-struct psa_mac_operation_s
-{
- psa_algorithm_t alg;
- uint8_t key_set;
- uint8_t iv_required;
- uint8_t iv_set;
- uint8_t has_input;
- uint8_t key_usage_sign;
- uint8_t key_usage_verify;
- uint8_t mac_size;
- union
- {
- uint32_t dummy; /* Make the union non-empty in any case */
-#if defined(MBEDTLS_MD_C)
- psa_hmac_internal_data hmac;
-#endif
-#if defined(MBEDTLS_CMAC_C)
- mbedtls_cipher_context_t cmac;
-#endif
- } ctx;
-};
-
-#define PSA_CIPHER_IV_MAX_SIZE 16
-
-struct psa_cipher_operation_s
-{
- psa_algorithm_t alg;
- uint8_t key_set;
- uint8_t iv_required;
- uint8_t iv_set;
- uint8_t iv_size;
- uint8_t block_size;
- psa_key_slot_t key;
- union
- {
- mbedtls_cipher_context_t cipher;
- } ctx;
-};
-
-struct psa_key_policy_s
-{
- psa_key_usage_t usage;
- psa_algorithm_t alg;
-};
-
-#endif /* __PSA_CRYPTO_STRUCT_H__ */
diff --git a/secure_fw/services/crypto/tfm_crypto_api.h b/secure_fw/services/crypto/tfm_crypto_api.h
index 9b575a5..d596ed9 100644
--- a/secure_fw/services/crypto/tfm_crypto_api.h
+++ b/secure_fw/services/crypto/tfm_crypto_api.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2019, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -72,7 +72,7 @@
*/
enum tfm_crypto_err_t tfm_crypto_operation_lookup(
enum tfm_crypto_operation_type type,
- uint32_t *handle,
+ uint32_t handle,
void **oper);
/**
* \brief Import the key data in the provided key slot
@@ -148,7 +148,7 @@
*
* \return Returns values as described in \ref tfm_crypto_err_t
*/
-enum tfm_crypto_err_t tfm_crypto_encrypt_set_iv(
+enum tfm_crypto_err_t tfm_crypto_cipher_set_iv(
psa_cipher_operation_t *operation,
const unsigned char *iv,
size_t iv_length);
@@ -162,7 +162,7 @@
*
* \return Returns values as described in \ref tfm_crypto_err_t
*/
-enum tfm_crypto_err_t tfm_crypto_encrypt_setup(
+enum tfm_crypto_err_t tfm_crypto_cipher_encrypt_setup(
psa_cipher_operation_t *operation,
psa_key_slot_t key,
psa_algorithm_t alg);
@@ -176,7 +176,7 @@
*
* \return Returns values as described in \ref tfm_crypto_err_t
*/
-enum tfm_crypto_err_t tfm_crypto_decrypt_setup(
+enum tfm_crypto_err_t tfm_crypto_cipher_decrypt_setup(
psa_cipher_operation_t *operation,
psa_key_slot_t key,
psa_algorithm_t alg);
@@ -235,7 +235,7 @@
*
* \return Returns values as described in \ref tfm_crypto_err_t
*/
-enum tfm_crypto_err_t tfm_crypto_hash_start(psa_hash_operation_t *operation,
+enum tfm_crypto_err_t tfm_crypto_hash_setup(psa_hash_operation_t *operation,
psa_algorithm_t alg);
/**
* \brief Adds a new input chunk to the data for which the final hash value
diff --git a/secure_fw/services/crypto/tfm_crypto_struct.h b/secure_fw/services/crypto/tfm_crypto_struct.h
new file mode 100644
index 0000000..dbd5bc3
--- /dev/null
+++ b/secure_fw/services/crypto/tfm_crypto_struct.h
@@ -0,0 +1,77 @@
+/*
+ * Copyright (c) 2019, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+/**
+ * \file tfm_crypto_struct.h
+ *
+ * \brief Similarly to what psa_crypto_struct.h defines for
+ * the frontend, this header provides Crypto service
+ * specific definitions for operation contexts.
+ * Current implementation is directly based on Mbed TLS.
+ */
+
+#ifndef __TFM_CRYPTO_STRUCT_H__
+#define __TFM_CRYPTO_STRUCT_H__
+
+/* Include the Mbed TLS configuration file, the way Mbed TLS does it
+ * in each of its header files.
+ */
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "platform/ext/common/tfm_mbedtls_config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include "mbedtls/cipher.h"
+#include "mbedtls/cmac.h"
+#include "mbedtls/md.h"
+
+struct tfm_hash_operation_s
+{
+ psa_algorithm_t alg;
+ mbedtls_md_context_t md;
+};
+
+struct tfm_hmac_internal_data_s
+{
+ /* The hash context. */
+ struct psa_hash_operation_s hash_ctx;
+ /* The HMAC part of the context. */
+ uint8_t opad[PSA_HMAC_MAX_HASH_BLOCK_SIZE];
+};
+
+struct tfm_mac_operation_s
+{
+ psa_algorithm_t alg;
+ uint8_t key_set;
+ uint8_t iv_required;
+ uint8_t iv_set;
+ uint8_t has_input;
+ uint8_t key_usage_sign;
+ uint8_t key_usage_verify;
+ uint8_t mac_size;
+ union
+ {
+ struct tfm_hmac_internal_data_s hmac;
+ mbedtls_cipher_context_t cmac;
+ } ctx;
+};
+
+#define PSA_CIPHER_IV_MAX_SIZE 16
+
+struct tfm_cipher_operation_s
+{
+ psa_algorithm_t alg;
+ uint8_t key_set;
+ uint8_t iv_required;
+ uint8_t iv_set;
+ uint8_t iv_size;
+ uint8_t block_size;
+ psa_key_slot_t key;
+ mbedtls_cipher_context_t cipher;
+};
+#endif /* __TFM_CRYPTO_STRUCT_H__ */
diff --git a/secure_fw/services/tfm_sfid_list.inc b/secure_fw/services/tfm_sfid_list.inc
index 4a9073a..80ebb98 100644
--- a/secure_fw/services/tfm_sfid_list.inc
+++ b/secure_fw/services/tfm_sfid_list.inc
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2019, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -31,13 +31,13 @@
{tfm_crypto_destroy_key, TFM_CRYPTO_DESTROY_KEY_SFID},
{tfm_crypto_get_key_information, TFM_CRYPTO_GET_KEY_INFORMATION_SFID},
{tfm_crypto_export_key, TFM_CRYPTO_EXPORT_KEY_SFID},
- {tfm_crypto_encrypt_set_iv, TFM_CRYPTO_ENCRYPT_SET_IV_SFID},
- {tfm_crypto_encrypt_setup, TFM_CRYPTO_ENCRYPT_SETUP_SFID},
- {tfm_crypto_decrypt_setup, TFM_CRYPTO_DECRYPT_SETUP_SFID},
+ {tfm_crypto_cipher_set_iv, TFM_CRYPTO_CIPHER_SET_IV_SFID},
+ {tfm_crypto_cipher_encrypt_setup, TFM_CRYPTO_CIPHER_ENCRYPT_SETUP_SFID},
+ {tfm_crypto_cipher_decrypt_setup, TFM_CRYPTO_CIPHER_DECRYPT_SETUP_SFID},
{tfm_crypto_cipher_update_wrapper, TFM_CRYPTO_CIPHER_UPDATE_SFID},
{tfm_crypto_cipher_abort, TFM_CRYPTO_CIPHER_ABORT_SFID},
{tfm_crypto_cipher_finish, TFM_CRYPTO_CIPHER_FINISH_SFID},
- {tfm_crypto_hash_start, TFM_CRYPTO_HASH_START_SFID},
+ {tfm_crypto_hash_setup, TFM_CRYPTO_HASH_SETUP_SFID},
{tfm_crypto_hash_update, TFM_CRYPTO_HASH_UPDATE_SFID},
{tfm_crypto_hash_finish, TFM_CRYPTO_HASH_FINISH_SFID},
{tfm_crypto_hash_verify, TFM_CRYPTO_HASH_VERIFY_SFID},