TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / TF-M / trusted-firmware-m.git / 04debbd6e157d8ab9f80525e296303e830838c50 / . / secure_fw / services / crypto / crypto_asymmetric.c
blob: 24bdce0957c09102596cba557787b1f65337a502 [file] [log] [blame]
Antonio de Angelis25e2b2d2019-04-25 14:49:50 +0100[diff] [blame]1/*
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame^]2 * Copyright (c) 2019-2020, Arm Limited. All rights reserved.
Antonio de Angelis25e2b2d2019-04-25 14:49:50 +0100[diff] [blame]3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 *
6 */
7
8#include <stddef.h>
9#include <stdint.h>
10
Summer Qin4b1d03b2019-07-02 14:56:08 +0800[diff] [blame]11/* FixMe: Use PSA_ERROR_CONNECTION_REFUSED when performing parameter
Antonio de Angelis25e2b2d2019-04-25 14:49:50 +0100[diff] [blame]12 * integrity checks but this will have to be revised
13 * when the full set of error codes mandated by PSA FF
14 * is available.
15 */
16#include "tfm_mbedcrypto_include.h"
17
18#include "tfm_crypto_api.h"
19#include "tfm_crypto_defs.h"
20
21/*!
22 * \defgroup public_psa Public functions, PSA
23 *
24 */
25
26/*!@{*/
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame^]27psa_status_t tfm_crypto_sign_hash(psa_invec in_vec[],
28 size_t in_len,
29 psa_outvec out_vec[],
30 size_t out_len)
Antonio de Angelis25e2b2d2019-04-25 14:49:50 +0100[diff] [blame]31{
Kevin Peng96f802e2019-12-26 16:10:25 +0800[diff] [blame]32#ifdef TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED
Antonio de Angelis7740b382019-07-16 10:59:25 +0100[diff] [blame]33 return PSA_ERROR_NOT_SUPPORTED;
34#else
Antonio de Angelis25e2b2d2019-04-25 14:49:50 +0100[diff] [blame]35 if ((in_len != 2) || (out_len != 1)) {
Summer Qin4b1d03b2019-07-02 14:56:08 +0800[diff] [blame]36 return PSA_ERROR_CONNECTION_REFUSED;
Antonio de Angelis25e2b2d2019-04-25 14:49:50 +0100[diff] [blame]37 }
38
39 if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec))) {
Summer Qin4b1d03b2019-07-02 14:56:08 +0800[diff] [blame]40 return PSA_ERROR_CONNECTION_REFUSED;
Antonio de Angelis25e2b2d2019-04-25 14:49:50 +0100[diff] [blame]41 }
42 const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
43
44 psa_key_handle_t handle = iov->key_handle;
45 psa_algorithm_t alg = iov->alg;
46 const uint8_t *hash = in_vec[1].base;
47 size_t hash_length = in_vec[1].len;
48 uint8_t *signature = out_vec[0].base;
49 size_t signature_size = out_vec[0].len;
Antonio de Angelis60a6fe62019-06-18 15:27:34 +0100[diff] [blame]50 psa_status_t status = tfm_crypto_check_handle_owner(handle, NULL);
51
52 if (status != PSA_SUCCESS) {
53 return status;
54 }
Antonio de Angelis25e2b2d2019-04-25 14:49:50 +0100[diff] [blame]55
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame^]56 return psa_sign_hash(handle, alg, hash, hash_length,
57 signature, signature_size, &(out_vec[0].len));
Antonio de Angelis7740b382019-07-16 10:59:25 +0100[diff] [blame]58#endif /* TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED */
Antonio de Angelis25e2b2d2019-04-25 14:49:50 +0100[diff] [blame]59}
60
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame^]61psa_status_t tfm_crypto_verify_hash(psa_invec in_vec[],
62 size_t in_len,
63 psa_outvec out_vec[],
64 size_t out_len)
Antonio de Angelis25e2b2d2019-04-25 14:49:50 +0100[diff] [blame]65{
Kevin Peng96f802e2019-12-26 16:10:25 +0800[diff] [blame]66#ifdef TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED
Antonio de Angelis7740b382019-07-16 10:59:25 +0100[diff] [blame]67 return PSA_ERROR_NOT_SUPPORTED;
68#else
Antonio de Angelis25e2b2d2019-04-25 14:49:50 +0100[diff] [blame]69 if ((in_len != 3) || (out_len != 0)) {
Summer Qin4b1d03b2019-07-02 14:56:08 +0800[diff] [blame]70 return PSA_ERROR_CONNECTION_REFUSED;
Antonio de Angelis25e2b2d2019-04-25 14:49:50 +0100[diff] [blame]71 }
72
73 if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec))) {
Summer Qin4b1d03b2019-07-02 14:56:08 +0800[diff] [blame]74 return PSA_ERROR_CONNECTION_REFUSED;
Antonio de Angelis25e2b2d2019-04-25 14:49:50 +0100[diff] [blame]75 }
76 const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
77
78 psa_key_handle_t handle = iov->key_handle;
79 psa_algorithm_t alg = iov->alg;
80 const uint8_t *hash = in_vec[1].base;
81 size_t hash_length = in_vec[1].len;
82 const uint8_t *signature = in_vec[2].base;
83 size_t signature_length = in_vec[2].len;
Antonio de Angelis60a6fe62019-06-18 15:27:34 +0100[diff] [blame]84 psa_status_t status = tfm_crypto_check_handle_owner(handle, NULL);
85
86 if (status != PSA_SUCCESS) {
87 return status;
88 }
Antonio de Angelis25e2b2d2019-04-25 14:49:50 +0100[diff] [blame]89
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame^]90 return psa_verify_hash(handle, alg, hash, hash_length,
91 signature, signature_length);
Antonio de Angelis7740b382019-07-16 10:59:25 +0100[diff] [blame]92#endif /* TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED */
Antonio de Angelis25e2b2d2019-04-25 14:49:50 +0100[diff] [blame]93}
94
95psa_status_t tfm_crypto_asymmetric_encrypt(psa_invec in_vec[],
96 size_t in_len,
97 psa_outvec out_vec[],
98 size_t out_len)
99{
Kevin Peng96f802e2019-12-26 16:10:25 +0800[diff] [blame]100#ifdef TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED
Antonio de Angelis7740b382019-07-16 10:59:25 +0100[diff] [blame]101 return PSA_ERROR_NOT_SUPPORTED;
102#else
Jamie Fox707caf72019-05-29 15:14:18 +0100[diff] [blame]103 psa_status_t status;
104
Antonio de Angelis25e2b2d2019-04-25 14:49:50 +0100[diff] [blame]105 if (!((in_len == 2) || (in_len == 3)) || (out_len != 1)) {
Summer Qin4b1d03b2019-07-02 14:56:08 +0800[diff] [blame]106 return PSA_ERROR_CONNECTION_REFUSED;
Antonio de Angelis25e2b2d2019-04-25 14:49:50 +0100[diff] [blame]107 }
108
109 if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec))) {
Summer Qin4b1d03b2019-07-02 14:56:08 +0800[diff] [blame]110 return PSA_ERROR_CONNECTION_REFUSED;
Antonio de Angelis25e2b2d2019-04-25 14:49:50 +0100[diff] [blame]111 }
112 const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
113
114 psa_key_handle_t handle = iov->key_handle;
115 psa_algorithm_t alg = iov->alg;
116 const uint8_t *input = in_vec[1].base;
117 size_t input_length = in_vec[1].len;
118 const uint8_t *salt = NULL;
119 size_t salt_length = 0;
120 uint8_t *output = out_vec[0].base;
121 size_t output_size = out_vec[0].len;
Jamie Fox707caf72019-05-29 15:14:18 +0100[diff] [blame]122 psa_key_type_t type;
123 size_t key_bits;
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame^]124 psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
Antonio de Angelis25e2b2d2019-04-25 14:49:50 +0100[diff] [blame]125
126 if (in_len == 3) {
127 salt = in_vec[2].base;
128 salt_length = in_vec[2].len;
129 }
130
Antonio de Angelis60a6fe62019-06-18 15:27:34 +0100[diff] [blame]131 status = tfm_crypto_check_handle_owner(handle, NULL);
132 if (status != PSA_SUCCESS) {
133 return status;
134 }
135
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame^]136 status = psa_get_key_attributes(handle, &key_attributes);
Jamie Fox707caf72019-05-29 15:14:18 +0100[diff] [blame]137 if (status != PSA_SUCCESS) {
138 return status;
139 }
140
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame^]141 key_bits = psa_get_key_bits(&key_attributes);
142 type = psa_get_key_type(&key_attributes);
143
144 psa_reset_key_attributes(&key_attributes);
145
Jamie Fox707caf72019-05-29 15:14:18 +0100[diff] [blame]146 /* Check that the output buffer is large enough */
147 if (output_size < PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(type, key_bits, alg)) {
148 return PSA_ERROR_BUFFER_TOO_SMALL;
149 }
150
Antonio de Angelis25e2b2d2019-04-25 14:49:50 +0100[diff] [blame]151 return psa_asymmetric_encrypt(handle, alg, input, input_length,
152 salt, salt_length,
153 output, output_size, &(out_vec[0].len));
Antonio de Angelis7740b382019-07-16 10:59:25 +0100[diff] [blame]154#endif /* TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED */
Antonio de Angelis25e2b2d2019-04-25 14:49:50 +0100[diff] [blame]155}
156
157psa_status_t tfm_crypto_asymmetric_decrypt(psa_invec in_vec[],
158 size_t in_len,
159 psa_outvec out_vec[],
160 size_t out_len)
161{
Kevin Peng96f802e2019-12-26 16:10:25 +0800[diff] [blame]162#ifdef TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED
Antonio de Angelis7740b382019-07-16 10:59:25 +0100[diff] [blame]163 return PSA_ERROR_NOT_SUPPORTED;
164#else
Antonio de Angelis25e2b2d2019-04-25 14:49:50 +0100[diff] [blame]165 if (!((in_len == 2) || (in_len == 3)) || (out_len != 1)) {
Summer Qin4b1d03b2019-07-02 14:56:08 +0800[diff] [blame]166 return PSA_ERROR_CONNECTION_REFUSED;
Antonio de Angelis25e2b2d2019-04-25 14:49:50 +0100[diff] [blame]167 }
168
169 if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec))) {
Summer Qin4b1d03b2019-07-02 14:56:08 +0800[diff] [blame]170 return PSA_ERROR_CONNECTION_REFUSED;
Antonio de Angelis25e2b2d2019-04-25 14:49:50 +0100[diff] [blame]171 }
172 const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
173
174 psa_key_handle_t handle = iov->key_handle;
175 psa_algorithm_t alg = iov->alg;
176 const uint8_t *input = in_vec[1].base;
177 size_t input_length = in_vec[1].len;
178 const uint8_t *salt = NULL;
179 size_t salt_length = 0;
180 uint8_t *output = out_vec[0].base;
181 size_t output_size = out_vec[0].len;
Antonio de Angelis60a6fe62019-06-18 15:27:34 +0100[diff] [blame]182 psa_status_t status;
Antonio de Angelis25e2b2d2019-04-25 14:49:50 +0100[diff] [blame]183
184 if (in_len == 3) {
185 salt = in_vec[2].base;
186 salt_length = in_vec[2].len;
187 }
188
Antonio de Angelis60a6fe62019-06-18 15:27:34 +0100[diff] [blame]189 status = tfm_crypto_check_handle_owner(handle, NULL);
190 if (status != PSA_SUCCESS) {
191 return status;
192 }
193
Antonio de Angelis25e2b2d2019-04-25 14:49:50 +0100[diff] [blame]194 return psa_asymmetric_decrypt(handle, alg, input, input_length,
195 salt, salt_length,
196 output, output_size, &(out_vec[0].len));
Antonio de Angelis7740b382019-07-16 10:59:25 +0100[diff] [blame]197#endif /* TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED */
Antonio de Angelis25e2b2d2019-04-25 14:49:50 +0100[diff] [blame]198}
199/*!@}*/