Crypto: Add option to disable separate modules
This patch introduces the configuration option in
the Crypto service to allow disabling at build time
of different submodules, such as Cipher, Hash, Mac,
Generator, Aead and Asymmetric.
Change-Id: I3ccfde15cfe2cb6fd540815ad4a47fb24a98ada9
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
diff --git a/secure_fw/services/crypto/crypto_key.c b/secure_fw/services/crypto/crypto_key.c
index 66718e1..19f11c4 100644
--- a/secure_fw/services/crypto/crypto_key.c
+++ b/secure_fw/services/crypto/crypto_key.c
@@ -28,8 +28,10 @@
uint8_t in_use; /*!< Flag to indicate if this in use */
};
+#if (TFM_CRYPTO_KEY_MODULE_DISABLED == 0)
static struct tfm_crypto_handle_owner_s
handle_owner[TFM_CRYPTO_MAX_KEY_HANDLES] = {0};
+#endif
/*!
* \defgroup public Public functions
*
@@ -39,6 +41,9 @@
psa_status_t tfm_crypto_check_handle_owner(psa_key_handle_t handle,
uint32_t *index)
{
+#if (TFM_CRYPTO_KEY_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
int32_t partition_id = 0;
uint32_t i = 0;
psa_status_t status;
@@ -62,6 +67,7 @@
}
return PSA_ERROR_INVALID_HANDLE;
+#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
}
psa_status_t tfm_crypto_allocate_key(psa_invec in_vec[],
@@ -69,6 +75,9 @@
psa_outvec out_vec[],
size_t out_len)
{
+#if (TFM_CRYPTO_KEY_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
if ((in_len != 1) || (out_len != 1)) {
return PSA_ERROR_CONNECTION_REFUSED;
}
@@ -109,6 +118,7 @@
}
return status;
+#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
}
psa_status_t tfm_crypto_import_key(psa_invec in_vec[],
@@ -116,6 +126,9 @@
psa_outvec out_vec[],
size_t out_len)
{
+#if (TFM_CRYPTO_KEY_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
(void)out_vec;
if ((in_len != 2) || (out_len != 0)) {
@@ -138,6 +151,7 @@
}
return psa_import_key(key, type, data, data_length);
+#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
}
psa_status_t tfm_crypto_destroy_key(psa_invec in_vec[],
@@ -145,6 +159,9 @@
psa_outvec out_vec[],
size_t out_len)
{
+#if (TFM_CRYPTO_KEY_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
(void)out_vec;
if ((in_len != 1) || (out_len != 0)) {
@@ -173,6 +190,7 @@
}
return status;
+#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
}
psa_status_t tfm_crypto_get_key_information(psa_invec in_vec[],
@@ -180,6 +198,9 @@
psa_outvec out_vec[],
size_t out_len)
{
+#if (TFM_CRYPTO_KEY_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
if ((in_len != 1) || (out_len != 2)) {
return PSA_ERROR_CONNECTION_REFUSED;
}
@@ -196,6 +217,7 @@
size_t *bits = out_vec[1].base;
return psa_get_key_information(key, type, bits);
+#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
}
psa_status_t tfm_crypto_export_key(psa_invec in_vec[],
@@ -203,6 +225,9 @@
psa_outvec out_vec[],
size_t out_len)
{
+#if (TFM_CRYPTO_KEY_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
if ((in_len != 1) || (out_len != 1)) {
return PSA_ERROR_CONNECTION_REFUSED;
}
@@ -217,6 +242,7 @@
size_t data_size = out_vec[0].len;
return psa_export_key(key, data, data_size, &(out_vec[0].len));
+#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
}
psa_status_t tfm_crypto_export_public_key(psa_invec in_vec[],
@@ -224,6 +250,9 @@
psa_outvec out_vec[],
size_t out_len)
{
+#if (TFM_CRYPTO_KEY_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
if ((in_len != 1) || (out_len != 1)) {
return PSA_ERROR_CONNECTION_REFUSED;
}
@@ -238,6 +267,7 @@
size_t data_size = out_vec[0].len;
return psa_export_public_key(key, data, data_size, &(out_vec[0].len));
+#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
}
psa_status_t tfm_crypto_copy_key(psa_invec in_vec[],
@@ -245,6 +275,9 @@
psa_outvec out_vec[],
size_t out_len)
{
+#if (TFM_CRYPTO_KEY_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
(void)out_vec;
if ((in_len != 3) || (out_len != 0)) {
@@ -263,6 +296,7 @@
const psa_key_policy_t *policy = in_vec[2].base;
return psa_copy_key(source_handle, target_handle, policy);
+#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
}
psa_status_t tfm_crypto_set_key_policy(psa_invec in_vec[],
@@ -270,6 +304,9 @@
psa_outvec out_vec[],
size_t out_len)
{
+#if (TFM_CRYPTO_KEY_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
(void)out_vec;
if ((in_len != 2) || (out_len != 0)) {
@@ -291,6 +328,7 @@
} else {
return status;
}
+#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
}
psa_status_t tfm_crypto_get_key_policy(psa_invec in_vec[],
@@ -298,6 +336,9 @@
psa_outvec out_vec[],
size_t out_len)
{
+#if (TFM_CRYPTO_KEY_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
if ((in_len != 1) || (out_len != 1)) {
return PSA_ERROR_CONNECTION_REFUSED;
}
@@ -312,6 +353,7 @@
psa_key_policy_t *policy = out_vec[0].base;
return psa_get_key_policy(key, policy);
+#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
}
psa_status_t tfm_crypto_get_key_lifetime(psa_invec in_vec[],
@@ -319,6 +361,9 @@
psa_outvec out_vec[],
size_t out_len)
{
+#if (TFM_CRYPTO_KEY_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
if ((in_len != 1) || (out_len != 1)) {
return PSA_ERROR_CONNECTION_REFUSED;
}
@@ -333,5 +378,6 @@
psa_key_lifetime_t *lifetime = out_vec[0].base;
return psa_get_key_lifetime(key, lifetime);
+#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
}
/*!@}*/