commit 609f0008f1b638c8a60f8bf787f3bf2dbc51f22a
author Antonio de Angelis <Antonio.deAngelis@arm.com> Tue Jul 06 16:51:28 2021 +0200
committer Antonio de Angelis <Antonio.deAngelis@arm.com> Wed Jul 07 14:48:59 2021 +0200
tree f5ab0547e445e8e3bdadd7427346a0023c2a558d
parent 8f4db96950f948e3193f9575e0ed8f8ece61b3b0

Crypto: Add support for single-shot Cipher APIs

This patch introduces support for Cipher single-shot
APIs. This needs to be aligned with a recent enough
version of mbedTLS that has support for these APIs in
the backend.

Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
Change-Id: I607996b211586a8dcc4e19de8e3251128103623a

secure_fw/partitions/crypto/crypto_cipher.c

diff --git a/secure_fw/partitions/crypto/crypto_cipher.c b/secure_fw/partitions/crypto/crypto_cipher.c
index 6318d0f..aea6c46 100644
--- a/secure_fw/partitions/crypto/crypto_cipher.c
+++ b/secure_fw/partitions/crypto/crypto_cipher.c
@@ -355,8 +355,42 @@
                                        psa_outvec out_vec[],
                                        size_t out_len)
 {
-    /* FixMe: To be implemented */
+#ifdef TFM_CRYPTO_CIPHER_MODULE_DISABLED
     return PSA_ERROR_NOT_SUPPORTED;
+#else
+    psa_status_t status = PSA_SUCCESS;
+
+    CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 1, 2, out_len, 0, 1);
+
+    if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec))) {
+        return PSA_ERROR_PROGRAMMER_ERROR;
+    }
+
+    const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
+    psa_key_id_t key_id = iov->key_id;
+    psa_algorithm_t alg = iov->alg;
+    const uint8_t *input = in_vec[1].base;
+    size_t input_length = in_vec[1].len;
+    uint8_t *output = out_vec[0].base;
+    size_t output_size = out_vec[0].len;
+    mbedtls_svc_key_id_t encoded_key;
+
+    /* Initialise plaintext_length to zero. */
+    out_vec[0].len = 0;
+
+    status = tfm_crypto_check_handle_owner(key_id);
+    if (status != PSA_SUCCESS) {
+        return status;
+    }
+
+    status = tfm_crypto_encode_id_and_owner(key_id, &encoded_key);
+    if (status != PSA_SUCCESS) {
+        return status;
+    }
+
+    return psa_cipher_encrypt(encoded_key, alg, input, input_length,
+                              output, output_size, &out_vec[0].len);
+#endif /* TFM_CRYPTO_CIPHER_MODULE_DISABLED */
 }
 
 psa_status_t tfm_crypto_cipher_decrypt(psa_invec in_vec[],
@@ -364,7 +398,41 @@
                                        psa_outvec out_vec[],
                                        size_t out_len)
 {
-    /* FixMe: To be implemented */
+#ifdef TFM_CRYPTO_CIPHER_MODULE_DISABLED
     return PSA_ERROR_NOT_SUPPORTED;
+#else
+    psa_status_t status = PSA_SUCCESS;
+
+    CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 1, 2, out_len, 0, 1);
+
+    if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec))) {
+        return PSA_ERROR_PROGRAMMER_ERROR;
+    }
+
+    const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
+    psa_key_id_t key_id = iov->key_id;
+    psa_algorithm_t alg = iov->alg;
+    const uint8_t *input = in_vec[1].base;
+    size_t input_length = in_vec[1].len;
+    uint8_t *output = out_vec[0].base;
+    size_t output_size = out_vec[0].len;
+    mbedtls_svc_key_id_t encoded_key;
+
+    /* Initialise plaintext_length to zero. */
+    out_vec[0].len = 0;
+
+    status = tfm_crypto_check_handle_owner(key_id);
+    if (status != PSA_SUCCESS) {
+        return status;
+    }
+
+    status = tfm_crypto_encode_id_and_owner(key_id, &encoded_key);
+    if (status != PSA_SUCCESS) {
+        return status;
+    }
+
+    return psa_cipher_decrypt(encoded_key, alg, input, input_length,
+                              output, output_size, &out_vec[0].len);
+#endif /* TFM_CRYPTO_CIPHER_MODULE_DISABLED */
 }
 /*!@}*/