TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / TF-M / trusted-firmware-m.git / 202425a49119ef21f99d1e78c2cd33edd1819474 / . / secure_fw / partitions / crypto / tfm_crypto_api.h
blob: ef26901003d21c685893fd0c0d310d09735dcc07 [file] [log] [blame]
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]1/*
Antonio de Angelisc26af632021-10-07 15:04:12 +0100[diff] [blame]2 * Copyright (c) 2018-2022, Arm Limited. All rights reserved.
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 *
6 */
7
8#ifndef __TFM_CRYPTO_API_H__
9#define __TFM_CRYPTO_API_H__
10
11#ifdef __cplusplus
12extern "C" {
13#endif
14
15#include <stdint.h>
16#include "tfm_crypto_defs.h"
Soby Mathewd7b79f22020-05-21 15:06:54 +0100[diff] [blame]17#include "psa/crypto_client_struct.h"
18
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]19/**
20 * \brief List of possible operation types supported by the TFM based
21 * implementation. This type is needed by the operation allocation,
22 * lookup and release functions.
23 *
24 */
25enum tfm_crypto_operation_type {
26 TFM_CRYPTO_OPERATION_NONE = 0,
27 TFM_CRYPTO_CIPHER_OPERATION = 1,
28 TFM_CRYPTO_MAC_OPERATION = 2,
29 TFM_CRYPTO_HASH_OPERATION = 3,
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame]30 TFM_CRYPTO_KEY_DERIVATION_OPERATION = 4,
Antonio de Angelisc26af632021-10-07 15:04:12 +0100[diff] [blame]31 TFM_CRYPTO_AEAD_OPERATION = 5,
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]32
33 /* Used to force the enum size */
34 TFM_CRYPTO_OPERATION_TYPE_MAX = INT_MAX
35};
36
37/**
Antonio de Angelis202425a2022-04-06 11:13:15 +0100[diff] [blame^]38 * \brief Type associated to a function for the TF-M Crypto service
39 * API. It describes if an API is multipart related or not, i.e. and
40 * which multipart operation it requires (i.e. setup or lookup)
41 */
42enum tfm_crypto_function_type {
43 TFM_CRYPTO_FUNCTION_TYPE_NON_MULTIPART = 0x0,
44 TFM_CRYPTO_FUNCTION_TYPE_SETUP,
45 TFM_CRYPTO_FUNCTION_TYPE_LOOKUP
46};
47
48/**
49 * \brief Type associated to the group of a function encoding. There can be
50 * nine groups (Random, Key management, Hash, MAC, Cipher, AEAD,
51 * Asym sign, Asym encrypt, Key derivation).
52 */
53enum tfm_crypto_group_id {
54 TFM_CRYPTO_GROUP_ID_RANDOM = 0x0,
55 TFM_CRYPTO_GROUP_ID_KEY_MANAGEMENT,
56 TFM_CRYPTO_GROUP_ID_HASH,
57 TFM_CRYPTO_GROUP_ID_MAC,
58 TFM_CRYPTO_GROUP_ID_CIPHER,
59 TFM_CRYPTO_GROUP_ID_AEAD,
60 TFM_CRYPTO_GROUP_ID_ASYM_SIGN,
61 TFM_CRYPTO_GROUP_ID_ASYM_ENCRYPT,
62 TFM_CRYPTO_GROUP_ID_KEY_DERIVATION,
63};
64
65/**
66 * \brief Accessor to the API descriptor table that returns function_type of the API
67 *
68 * \param[in] func Function ID for the API to retrieve the associated group
69 *
70 * \return Return values as described in \ref enum tfm_crypto_function_type
71 */
72enum tfm_crypto_function_type
73 get_function_type_from_descriptor(enum tfm_crypto_function_id func);
74
75/**
76 * \brief Accessor to the API descriptor table that returns function_type of the API
77 *
78 * \param[in] id Pointer to hold the ID of the caller
79 *
80 * \return Return values as described in \ref enum tfm_crypto_group_id
81 */
82enum tfm_crypto_group_id
83 get_group_id_from_descriptor(enum tfm_crypto_function_id func);
84
85/**
86 * \brief Macro to determine the group_id corresponding to a function_id by
87 * accessing the tfm_crypto_api_descriptor table
88 */
89#define TFM_CRYPTO_IS_GROUP_ID(_function_id, _group_id) \
90 (get_group_id_from_descriptor((_function_id)) == (_group_id))
91
92/**
93 * \brief Macro to get the function_type associated to a function_id by
94 * accessing the tfm_crypto_api_descriptor table
95 */
96#define TFM_CRYPTO_GET_FUNCTION_TYPE(_function_id) \
97 (get_function_type_from_descriptor((_function_id)))
98
99/**
Antonio de Angeliscf85ba22018-10-09 13:29:40 +0100[diff] [blame]100 * \brief Initialise the service
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]101 *
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]102 * \return Return values as described in \ref psa_status_t
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]103 */
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]104psa_status_t tfm_crypto_init(void);
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]105
106/**
Antonio de Angeliscf85ba22018-10-09 13:29:40 +0100[diff] [blame]107 * \brief Initialise the Alloc module
108 *
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]109 * \return Return values as described in \ref psa_status_t
Antonio de Angeliscf85ba22018-10-09 13:29:40 +0100[diff] [blame]110 */
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]111psa_status_t tfm_crypto_init_alloc(void);
Antonio de Angeliscf85ba22018-10-09 13:29:40 +0100[diff] [blame]112
113/**
Antonio de Angelis60a6fe62019-06-18 15:27:34 +0100[diff] [blame]114 * \brief Returns the ID of the caller
115 *
116 * \param[out] id Pointer to hold the ID of the caller
117 *
118 * \return Return values as described in \ref psa_status_t
119 */
120psa_status_t tfm_crypto_get_caller_id(int32_t *id);
121
122/**
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]123 * \brief Gets key attributes from client key attributes.
124 *
125 * \param[in] client_key_attr Client key attributes
126 * \param[in] client_id Partition ID of the calling client
127 * \param[out] key_attributes Key attributes
128 *
129 * \return Return values as described in \ref psa_status_t
130 */
131psa_status_t tfm_crypto_key_attributes_from_client(
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]132 const struct psa_client_key_attributes_s *client_key_attr,
133 int32_t client_id,
134 psa_key_attributes_t *key_attributes);
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]135
136/**
137 * \brief Converts key attributes to client key attributes.
138 *
139 * \param[in] key_attributes Key attributes
140 * \param[out] client_key_attr Client key attributes
141 *
142 * \return Return values as described in \ref psa_status_t
143 */
144psa_status_t tfm_crypto_key_attributes_to_client(
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]145 const psa_key_attributes_t *key_attributes,
146 struct psa_client_key_attributes_s *client_key_attr);
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]147
148/**
Antonio de Angelis819c2f32019-02-06 14:32:02 +0000[diff] [blame]149 * \brief Allocate an operation context in the backend
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]150 *
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame]151 * \param[in] type Type of the operation context to allocate
Antonio de Angelis60a6fe62019-06-18 15:27:34 +0100[diff] [blame]152 * \param[out] handle Pointer to hold the allocated handle
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame]153 * \param[out ctx Double pointer to the corresponding context
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]154 *
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]155 * \return Return values as described in \ref psa_status_t
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]156 */
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]157psa_status_t tfm_crypto_operation_alloc(enum tfm_crypto_operation_type type,
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame]158 uint32_t *handle,
Antonio de Angelis819c2f32019-02-06 14:32:02 +0000[diff] [blame]159 void **ctx);
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]160/**
Antonio de Angelis819c2f32019-02-06 14:32:02 +0000[diff] [blame]161 * \brief Release an operation context in the backend
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]162 *
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame]163 * \param[in] handle Pointer to the handle of the context to release
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]164 *
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]165 * \return Return values as described in \ref psa_status_t
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]166 */
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame]167psa_status_t tfm_crypto_operation_release(uint32_t *handle);
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]168/**
Antonio de Angelis819c2f32019-02-06 14:32:02 +0000[diff] [blame]169 * \brief Look up an operation context in the backend for the corresponding
170 * frontend operation
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]171 *
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame]172 * \param[in] type Type of the operation context to look up
173 * \param[in] handle Handle of the context to lookup
174 * \param[out] ctx Double pointer to the corresponding context
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]175 *
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]176 * \return Return values as described in \ref psa_status_t
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]177 */
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]178psa_status_t tfm_crypto_operation_lookup(enum tfm_crypto_operation_type type,
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame]179 uint32_t handle,
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]180 void **ctx);
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]181/**
Antonio de Angelis202425a2022-04-06 11:13:15 +0100[diff] [blame^]182 * \brief This function handles the operations to allocate or retrieve a
183 * multipart context. It receives a operation and function type as
184 * inputs and then returns the looked or allocated context using
185 * the provided handle. If a context is allocated in a setup call
186 * the returned handle is then updated with the allocated value
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]187 *
Antonio de Angelis202425a2022-04-06 11:13:15 +0100[diff] [blame^]188 * \param[in] type Type of the operation context to look up
189 * \param[in] function_type Type of the function
190 * \param[in, out] handle Pointer to the handle
191 * \param[out] ctx Double pointer to the context
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]192 *
193 * \return Return values as described in \ref psa_status_t
194 */
Antonio de Angelis202425a2022-04-06 11:13:15 +0100[diff] [blame^]195psa_status_t tfm_crypto_operation_handling(enum tfm_crypto_operation_type type,
196 enum tfm_crypto_function_type function_type,
197 uint32_t *handle,
198 void **ctx);
199/**
200 * \brief This function acts as interface from the framework dispatching
201 * calls to the set of functions that implement the PSA Crypto APIs.
202 * It is based on the Uniform Signatures prototype.
203 *
204 * \param[in] in_vec Array of invec parameters
205 * \param[in] in_len Length of the valid entries in in_vec
206 * \param[out] out_vec Array of outvec parameters
207 * \param[in] out_len Length of the valid entries in out_vec
208 *
209 * \return Return values as described in \ref psa_status_t
210 */
211psa_status_t tfm_crypto_api_dispatcher(psa_invec in_vec[],
212 size_t in_len,
213 psa_outvec out_vec[],
214 size_t out_len);
215/**
216 * \brief This function acts as interface for the Key management module
217 *
218 * \param[in] in_vec Array of invec parameters
219 * \param[out] out_vec Array of outvec parameters
220 * \param[in] encoded_key Key encoded with partition_id and key_id
221 *
222 * \return Return values as described in \ref psa_status_t
223 */
224psa_status_t tfm_crypto_key_management_interface(psa_invec in_vec[],
225 psa_outvec out_vec[],
226 mbedtls_svc_key_id_t *encoded_key);
227/**
228 * \brief This function acts as interface for the MAC module
229 *
230 * \param[in] in_vec Array of invec parameters
231 * \param[out] out_vec Array of outvec parameters
232 * \param[in] encoded_key Key encoded with partition_id and key_id
233 *
234 * \return Return values as described in \ref psa_status_t
235 */
236psa_status_t tfm_crypto_mac_interface(psa_invec in_vec[],
237 psa_outvec out_vec[],
238 mbedtls_svc_key_id_t *encoded_key);
239/**
240 * \brief This function acts as interface for the Cipher module
241 *
242 * \param[in] in_vec Array of invec parameters
243 * \param[out] out_vec Array of outvec parameters
244 * \param[in] encoded_key Key encoded with partition_id and key_id
245 *
246 * \return Return values as described in \ref psa_status_t
247 */
248psa_status_t tfm_crypto_cipher_interface(psa_invec in_vec[],
249 psa_outvec out_vec[],
250 mbedtls_svc_key_id_t *encoded_key);
251/**
252 * \brief This function acts as interface for the AEAD module
253 *
254 * \param[in] in_vec Array of invec parameters
255 * \param[out] out_vec Array of outvec parameters
256 * \param[in] encoded_key Key encoded with partition_id and key_id
257 *
258 * \return Return values as described in \ref psa_status_t
259 */
260psa_status_t tfm_crypto_aead_interface(psa_invec in_vec[],
261 psa_outvec out_vec[],
262 mbedtls_svc_key_id_t *encoded_key);
263/**
264 * \brief This function acts as interface for the Asymmetric module
265 *
266 * \param[in] in_vec Array of invec parameters
267 * \param[out] out_vec Array of outvec parameters
268 * \param[in] encoded_key Key encoded with partition_id and key_id
269 *
270 * \return Return values as described in \ref psa_status_t
271 */
272psa_status_t tfm_crypto_asymmetric_interface(psa_invec in_vec[],
273 psa_outvec out_vec[],
274 mbedtls_svc_key_id_t *encoded_key);
275/**
276 * \brief This function acts as interface for the Key derivation module
277 *
278 * \param[in] in_vec Array of invec parameters
279 * \param[out] out_vec Array of outvec parameters
280 * \param[in] encoded_key Key encoded with partition_id and key_id
281 *
282 * \return Return values as described in \ref psa_status_t
283 */
284psa_status_t tfm_crypto_key_derivation_interface(psa_invec in_vec[],
285 psa_outvec out_vec[],
286 mbedtls_svc_key_id_t *encoded_key);
287/**
288 * \brief This function acts as interface for the Random module
289 *
290 * \param[in] in_vec Array of invec parameters
291 * \param[out] out_vec Array of outvec parameters
292 *
293 * \return Return values as described in \ref psa_status_t
294 */
295psa_status_t tfm_crypto_random_interface(psa_invec in_vec[],
296 psa_outvec out_vec[]);
297/**
298 * \brief This function acts as interface for the Hash module
299 *
300 * \param[in] in_vec Array of invec parameters
301 * \param[out] out_vec Array of outvec parameters
302 *
303 * \return Return values as described in \ref psa_status_t
304 */
305psa_status_t tfm_crypto_hash_interface(psa_invec in_vec[],
306 psa_outvec out_vec[]);
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]307
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]308#ifdef __cplusplus
309}
310#endif
311
312#endif /* __TFM_CRYPTO_API_H__ */