TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / TF-M / trusted-firmware-m.git / ed503e125fd3f6fcb7b7d2f820b7b6b064f61ebe / . / secure_fw / partitions / crypto / crypto_key.c
blob: 6f0aea2700ca34054a9b855c8ef9b4d3a723c7d8 [file] [log] [blame]
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]1/*
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]2 * Copyright (c) 2018-2021, Arm Limited. All rights reserved.
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 *
6 */
7
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]8#include <stddef.h>
Jamie Fox0e54ebc2019-04-09 14:21:04 +0100[diff] [blame]9#include <stdint.h>
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]10
Jamie Fox0e54ebc2019-04-09 14:21:04 +0100[diff] [blame]11#include "tfm_mbedcrypto_include.h"
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame]12
Jamie Fox0e54ebc2019-04-09 14:21:04 +0100[diff] [blame]13#include "tfm_crypto_api.h"
14#include "tfm_crypto_defs.h"
Soby Mathewd8abdfd2020-10-14 10:28:01 +0100[diff] [blame]15#include "tfm_crypto_private.h"
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]16
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]17#ifndef TFM_CRYPTO_KEY_MODULE_DISABLED
David Hub3d7d682021-06-25 14:55:35 +0800[diff] [blame]18#ifdef CRYPTO_KEY_ID_ENCODES_OWNER
Antonio de Angelis60a6fe62019-06-18 15:27:34 +0100[diff] [blame]19#ifndef TFM_CRYPTO_MAX_KEY_HANDLES
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]20#define TFM_CRYPTO_MAX_KEY_HANDLES (32)
Antonio de Angelis60a6fe62019-06-18 15:27:34 +0100[diff] [blame]21#endif
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]22
Antonio de Angelis60a6fe62019-06-18 15:27:34 +0100[diff] [blame]23struct tfm_crypto_handle_owner_s {
24 int32_t owner; /*!< Owner of the allocated handle */
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]25 psa_key_id_t key; /*!< Allocated key */
Antonio de Angelis60a6fe62019-06-18 15:27:34 +0100[diff] [blame]26 uint8_t in_use; /*!< Flag to indicate if this in use */
27};
28
29static struct tfm_crypto_handle_owner_s
30 handle_owner[TFM_CRYPTO_MAX_KEY_HANDLES] = {0};
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]31
32static void set_handle_owner(uint8_t idx, int32_t client_id,
33 psa_key_id_t key_handle)
34{
35 /* Skip checking idx */
36
37 handle_owner[idx].owner = client_id;
38 handle_owner[idx].key = key_handle;
39 handle_owner[idx].in_use = TFM_CRYPTO_IN_USE;
40}
41
42static void clean_handle_owner(uint8_t idx)
43{
44 /* Skip checking idx */
45
46 handle_owner[idx].owner = TFM_INVALID_CLIENT_ID;
Summer Qinaeeef282021-06-30 16:24:43 +0800[diff] [blame]47 handle_owner[idx].key = (psa_key_id_t)0;
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]48 handle_owner[idx].in_use = TFM_CRYPTO_NOT_IN_USE;
49}
50
51static psa_status_t find_empty_handle_owner_slot(uint8_t *idx)
52{
53 uint8_t i;
54
55 for (i = 0; i < TFM_CRYPTO_MAX_KEY_HANDLES; i++) {
56 if (handle_owner[i].in_use == TFM_CRYPTO_NOT_IN_USE) {
57 *idx = i;
58 return PSA_SUCCESS;
59 }
60 }
61
62 return PSA_ERROR_INSUFFICIENT_MEMORY;
63}
64
65/*
66 * Check that the requested handle belongs to the requesting partition
67 *
68 * Argument idx is optional. It points to the buffer to hold the internal
69 * index corresponding to the input handle. Valid only on PSA_SUCCESS.
70 * It is filled only if the input pointer is not NULL.
71 *
72 * Return values as described in \ref psa_status_t
73 */
74static psa_status_t check_handle_owner(psa_key_id_t key, uint8_t *idx)
75{
76 int32_t client_id = 0;
77 uint8_t i = 0;
78 psa_status_t status;
79
80 status = tfm_crypto_get_caller_id(&client_id);
81 if (status != PSA_SUCCESS) {
82 return status;
83 }
84
85 for (i = 0; i < TFM_CRYPTO_MAX_KEY_HANDLES; i++) {
86 if (handle_owner[i].in_use && handle_owner[i].key == key) {
87 if (handle_owner[i].owner == client_id) {
88 if (idx) {
89 *idx = i;
90 }
91 return PSA_SUCCESS;
92 } else {
93 return PSA_ERROR_NOT_PERMITTED;
94 }
95 }
96 }
97
98 return PSA_ERROR_INVALID_HANDLE;
99}
100
101static void encoded_key_id_make(psa_key_id_t key, uint8_t slot_idx,
102 mbedtls_svc_key_id_t *encoded_key)
103{
104 /* Skip checking encoded_key */
105 *encoded_key = mbedtls_svc_key_id_make(handle_owner[slot_idx].owner, key);
106}
David Hub3d7d682021-06-25 14:55:35 +0800[diff] [blame]107#else /* CRYPTO_KEY_ID_ENCODES_OWNER */
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]108#define set_handle_owner(idx, client_id, key_handle) do {} while (0)
109#define clean_handle_owner(idx) do {} while (0)
110
111static inline psa_status_t find_empty_handle_owner_slot(uint8_t *idx)
112{
113 *idx = 0;
114
115 return PSA_SUCCESS;
116}
117
118static inline psa_status_t check_handle_owner(psa_key_id_t key, uint8_t *idx)
119{
120 (void)key;
121
122 if (idx) {
123 *idx = 0;
124 }
125
126 return PSA_SUCCESS;
127}
128
129static inline void encoded_key_id_make(psa_key_id_t key, uint8_t slot_idx,
130 mbedtls_svc_key_id_t *encoded_key)
131{
132 (void)slot_idx;
133
134 /* Skip checking encoded_key */
135 *encoded_key = mbedtls_svc_key_id_make(TFM_INVALID_CLIENT_ID, key);
136}
David Hub3d7d682021-06-25 14:55:35 +0800[diff] [blame]137#endif /* CRYPTO_KEY_ID_ENCODES_OWNER */
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]138#endif /* !TFM_CRYPTO_KEY_MODULE_DISABLED */
Jamie Foxdadb4e82019-09-03 17:59:41 +0100[diff] [blame]139
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]140/*!
141 * \defgroup public Public functions
142 *
143 */
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]144/*!@{*/
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]145psa_status_t tfm_crypto_key_attributes_from_client(
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]146 const struct psa_client_key_attributes_s *client_key_attr,
147 int32_t client_id,
148 psa_key_attributes_t *key_attributes)
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]149{
150 if (client_key_attr == NULL || key_attributes == NULL) {
151 return PSA_ERROR_PROGRAMMER_ERROR;
152 }
153
Soby Mathewd7b79f22020-05-21 15:06:54 +0100[diff] [blame]154 *key_attributes = psa_key_attributes_init();
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]155
156 /* Copy core key attributes from the client core key attributes */
Soby Mathewd7b79f22020-05-21 15:06:54 +0100[diff] [blame]157 key_attributes->core.type = client_key_attr->type;
158 key_attributes->core.lifetime = client_key_attr->lifetime;
159 key_attributes->core.policy.usage = client_key_attr->usage;
160 key_attributes->core.policy.alg = client_key_attr->alg;
161 key_attributes->core.bits = client_key_attr->bits;
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]162
163 /* Use the client key id as the key_id and its partition id as the owner */
David Hub3d7d682021-06-25 14:55:35 +0800[diff] [blame]164#ifdef CRYPTO_KEY_ID_ENCODES_OWNER
Soby Mathewd7b79f22020-05-21 15:06:54 +0100[diff] [blame]165 key_attributes->core.id.key_id = client_key_attr->id;
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]166 key_attributes->core.id.owner = client_id;
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]167#else
168 key_attributes->core.id = client_key_attr->id;
169#endif
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]170
171 return PSA_SUCCESS;
172}
173
174psa_status_t tfm_crypto_key_attributes_to_client(
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]175 const psa_key_attributes_t *key_attributes,
176 struct psa_client_key_attributes_s *client_key_attr)
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]177{
178 if (client_key_attr == NULL || key_attributes == NULL) {
179 return PSA_ERROR_PROGRAMMER_ERROR;
180 }
181
Soby Mathewd7b79f22020-05-21 15:06:54 +0100[diff] [blame]182 struct psa_client_key_attributes_s v = PSA_CLIENT_KEY_ATTRIBUTES_INIT;
183 *client_key_attr = v;
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]184
Soby Mathewd7b79f22020-05-21 15:06:54 +0100[diff] [blame]185 /* Copy core key attributes from the client core key attributes */
186 client_key_attr->type = key_attributes->core.type;
187 client_key_attr->lifetime = key_attributes->core.lifetime;
188 client_key_attr->usage = key_attributes->core.policy.usage;
189 client_key_attr->alg = key_attributes->core.policy.alg;
190 client_key_attr->bits = key_attributes->core.bits;
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]191
192 /* Return the key_id as the client key id, do not return the owner */
David Hub3d7d682021-06-25 14:55:35 +0800[diff] [blame]193#ifdef CRYPTO_KEY_ID_ENCODES_OWNER
Soby Mathewd7b79f22020-05-21 15:06:54 +0100[diff] [blame]194 client_key_attr->id = key_attributes->core.id.key_id;
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]195#else
196 client_key_attr->id = key_attributes->core.id;
197#endif
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]198
199 return PSA_SUCCESS;
200}
201
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]202psa_status_t tfm_crypto_check_handle_owner(psa_key_id_t key)
Antonio de Angelis60a6fe62019-06-18 15:27:34 +0100[diff] [blame]203{
Kevin Peng96f802e2019-12-26 16:10:25 +0800[diff] [blame]204#ifdef TFM_CRYPTO_KEY_MODULE_DISABLED
Antonio de Angelis7740b382019-07-16 10:59:25 +0100[diff] [blame]205 return PSA_ERROR_NOT_SUPPORTED;
206#else
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]207 return check_handle_owner(key, NULL);
Antonio de Angelis7740b382019-07-16 10:59:25 +0100[diff] [blame]208#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
Antonio de Angelis60a6fe62019-06-18 15:27:34 +0100[diff] [blame]209}
210
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]211psa_status_t tfm_crypto_encode_id_and_owner(psa_key_id_t key_id,
212 mbedtls_svc_key_id_t *enc_key_ptr)
213{
214 int32_t partition_id = 0;
215 psa_status_t status = tfm_crypto_get_caller_id(&partition_id);
216
217 if (status != PSA_SUCCESS) {
218 return status;
219 }
220
221 /* If Null Pointer, return PSA_ERROR_PROGRAMMER_ERROR */
222 if (enc_key_ptr == NULL) {
223 return PSA_ERROR_PROGRAMMER_ERROR;
224 }
225
226 /* Use the client key id as the key_id and its partition id as the owner */
227 *enc_key_ptr = mbedtls_svc_key_id_make(partition_id, key_id);
228
229 return PSA_SUCCESS;
230}
231
Jamie Fox99360e82020-02-20 16:00:09 +0000[diff] [blame]232psa_status_t tfm_crypto_check_key_storage(uint32_t *index)
233{
234#ifdef TFM_CRYPTO_KEY_MODULE_DISABLED
235 return PSA_ERROR_NOT_SUPPORTED;
236#else
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]237 return find_empty_handle_owner_slot((uint8_t *)index);
Jamie Fox99360e82020-02-20 16:00:09 +0000[diff] [blame]238#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
239}
240
241psa_status_t tfm_crypto_set_key_storage(uint32_t index,
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]242 psa_key_id_t key_handle)
Jamie Fox99360e82020-02-20 16:00:09 +0000[diff] [blame]243{
244#ifdef TFM_CRYPTO_KEY_MODULE_DISABLED
245 return PSA_ERROR_NOT_SUPPORTED;
246#else
247 psa_status_t status;
248 int32_t partition_id;
249
250 status = tfm_crypto_get_caller_id(&partition_id);
251 if (status != PSA_SUCCESS) {
252 return status;
253 }
254
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]255 set_handle_owner(index, partition_id, key_handle);
Jamie Fox99360e82020-02-20 16:00:09 +0000[diff] [blame]256
257 return PSA_SUCCESS;
258#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
259}
260
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame]261psa_status_t tfm_crypto_set_key_domain_parameters(psa_invec in_vec[],
262 size_t in_len,
263 psa_outvec out_vec[],
264 size_t out_len)
Antonio de Angeliscf85ba22018-10-09 13:29:40 +0100[diff] [blame]265{
Kevin Peng96f802e2019-12-26 16:10:25 +0800[diff] [blame]266#ifdef TFM_CRYPTO_KEY_MODULE_DISABLED
Antonio de Angelis7740b382019-07-16 10:59:25 +0100[diff] [blame]267 return PSA_ERROR_NOT_SUPPORTED;
268#else
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame]269 /* FixMe: To be implemented */
270 return PSA_ERROR_NOT_SUPPORTED;
271#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
272}
273
274psa_status_t tfm_crypto_get_key_domain_parameters(psa_invec in_vec[],
275 size_t in_len,
276 psa_outvec out_vec[],
277 size_t out_len)
278{
279#ifdef TFM_CRYPTO_KEY_MODULE_DISABLED
280 return PSA_ERROR_NOT_SUPPORTED;
281#else
282 /* FixMe: To be implemented */
283 return PSA_ERROR_NOT_SUPPORTED;
284#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
285}
286
287psa_status_t tfm_crypto_import_key(psa_invec in_vec[],
288 size_t in_len,
289 psa_outvec out_vec[],
290 size_t out_len)
291{
292#ifdef TFM_CRYPTO_KEY_MODULE_DISABLED
293 return PSA_ERROR_NOT_SUPPORTED;
294#else
295
Soby Mathewd8abdfd2020-10-14 10:28:01 +0100[diff] [blame]296 CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 2, 3, out_len, 1, 1);
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]297
Jamie Fox0e54ebc2019-04-09 14:21:04 +0100[diff] [blame]298 if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
Soby Mathewd7b79f22020-05-21 15:06:54 +0100[diff] [blame]299 (in_vec[1].len != sizeof(struct psa_client_key_attributes_s)) ||
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]300 (out_vec[0].len != sizeof(psa_key_id_t))) {
Soby Mathewc6e89362020-10-19 16:55:16 +0100[diff] [blame]301 return PSA_ERROR_PROGRAMMER_ERROR;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]302 }
Soby Mathewd7b79f22020-05-21 15:06:54 +0100[diff] [blame]303 const struct psa_client_key_attributes_s *client_key_attr = in_vec[1].base;
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame]304 const uint8_t *data = in_vec[2].base;
305 size_t data_length = in_vec[2].len;
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]306 psa_key_id_t *psa_key = out_vec[0].base;
307
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame]308 psa_status_t status;
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]309 psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]310 uint8_t i = 0;
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]311 mbedtls_svc_key_id_t encoded_key;
Antonio de Angelis60a6fe62019-06-18 15:27:34 +0100[diff] [blame]312 int32_t partition_id = 0;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]313
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]314 status = find_empty_handle_owner_slot(&i);
315 if (status != PSA_SUCCESS) {
316 return status;
Antonio de Angelis60a6fe62019-06-18 15:27:34 +0100[diff] [blame]317 }
318
319 status = tfm_crypto_get_caller_id(&partition_id);
320 if (status != PSA_SUCCESS) {
321 return status;
322 }
323
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]324 status = tfm_crypto_key_attributes_from_client(client_key_attr,
325 partition_id,
326 &key_attributes);
327 if (status != PSA_SUCCESS) {
328 return status;
329 }
330
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]331 status = psa_import_key(&key_attributes, data, data_length, &encoded_key);
332 /* Update the imported key id */
David Hub3d7d682021-06-25 14:55:35 +0800[diff] [blame]333#ifdef CRYPTO_KEY_ID_ENCODES_OWNER
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]334 *psa_key = encoded_key.key_id;
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]335#else
336 *psa_key = (psa_key_id_t)encoded_key;
337#endif
Antonio de Angelis60a6fe62019-06-18 15:27:34 +0100[diff] [blame]338
339 if (status == PSA_SUCCESS) {
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]340 set_handle_owner(i, partition_id, *psa_key);
Antonio de Angelis60a6fe62019-06-18 15:27:34 +0100[diff] [blame]341 }
342
343 return status;
Antonio de Angelis7740b382019-07-16 10:59:25 +0100[diff] [blame]344#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]345}
346
Jamie Foxdadb4e82019-09-03 17:59:41 +0100[diff] [blame]347psa_status_t tfm_crypto_open_key(psa_invec in_vec[],
348 size_t in_len,
349 psa_outvec out_vec[],
350 size_t out_len)
351{
Kevin Peng96f802e2019-12-26 16:10:25 +0800[diff] [blame]352#ifdef TFM_CRYPTO_KEY_MODULE_DISABLED
Jamie Foxdadb4e82019-09-03 17:59:41 +0100[diff] [blame]353 return PSA_ERROR_NOT_SUPPORTED;
354#else
Soby Mathewd8abdfd2020-10-14 10:28:01 +0100[diff] [blame]355
356 CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 2, 2, out_len, 1, 1);
Jamie Foxdadb4e82019-09-03 17:59:41 +0100[diff] [blame]357
358 if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]359 (in_vec[1].len != sizeof(psa_key_id_t)) ||
360 (out_vec[0].len != sizeof(psa_key_id_t))) {
Soby Mathewc6e89362020-10-19 16:55:16 +0100[diff] [blame]361 return PSA_ERROR_PROGRAMMER_ERROR;
Jamie Foxdadb4e82019-09-03 17:59:41 +0100[diff] [blame]362 }
363
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]364 psa_key_id_t client_key_id = *((psa_key_id_t *)in_vec[1].base);
365 psa_key_id_t *key = out_vec[0].base;
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]366 psa_status_t status;
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]367 mbedtls_svc_key_id_t encoded_key;
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]368 int32_t partition_id;
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]369 uint8_t i;
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]370
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]371 status = find_empty_handle_owner_slot(&i);
372 if (status != PSA_SUCCESS) {
373 return status;
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]374 }
375
376 status = tfm_crypto_get_caller_id(&partition_id);
377 if (status != PSA_SUCCESS) {
378 return status;
379 }
380
381 /* Use the client key id as the key_id and its partition id as the owner */
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]382 encoded_key = mbedtls_svc_key_id_make(partition_id, client_key_id);
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]383
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]384 status = psa_open_key(encoded_key, &encoded_key);
David Hub3d7d682021-06-25 14:55:35 +0800[diff] [blame]385#ifdef CRYPTO_KEY_ID_ENCODES_OWNER
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]386 *key = encoded_key.key_id;
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]387#else
388 *key = (psa_key_id_t)encoded_key;
389#endif
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]390
391 if (status == PSA_SUCCESS) {
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]392 set_handle_owner(i, partition_id, *key);
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]393 }
394
395 return status;
Jamie Foxdadb4e82019-09-03 17:59:41 +0100[diff] [blame]396#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
397}
398
399psa_status_t tfm_crypto_close_key(psa_invec in_vec[],
400 size_t in_len,
401 psa_outvec out_vec[],
402 size_t out_len)
403{
Kevin Peng96f802e2019-12-26 16:10:25 +0800[diff] [blame]404#ifdef TFM_CRYPTO_KEY_MODULE_DISABLED
Jamie Foxdadb4e82019-09-03 17:59:41 +0100[diff] [blame]405 return PSA_ERROR_NOT_SUPPORTED;
406#else
407 (void)out_vec;
408
Soby Mathewd8abdfd2020-10-14 10:28:01 +0100[diff] [blame]409 CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 1, 1, out_len, 0, 0);
Jamie Foxdadb4e82019-09-03 17:59:41 +0100[diff] [blame]410
411 if (in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) {
Soby Mathewc6e89362020-10-19 16:55:16 +0100[diff] [blame]412 return PSA_ERROR_PROGRAMMER_ERROR;
Jamie Foxdadb4e82019-09-03 17:59:41 +0100[diff] [blame]413 }
414 const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
415
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]416 psa_key_id_t key = iov->key_id;
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]417 uint8_t index;
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]418 mbedtls_svc_key_id_t encoded_key;
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]419 psa_status_t status;
Jamie Foxdadb4e82019-09-03 17:59:41 +0100[diff] [blame]420
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]421 status = check_handle_owner(key, &index);
Jamie Foxdadb4e82019-09-03 17:59:41 +0100[diff] [blame]422 if (status != PSA_SUCCESS) {
423 return status;
424 }
425
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]426 encoded_key_id_make(key, index, &encoded_key);
Jamie Foxdadb4e82019-09-03 17:59:41 +0100[diff] [blame]427
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]428 status = psa_close_key(encoded_key);
Jamie Foxdadb4e82019-09-03 17:59:41 +0100[diff] [blame]429 if (status == PSA_SUCCESS) {
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]430 clean_handle_owner(index);
Jamie Foxdadb4e82019-09-03 17:59:41 +0100[diff] [blame]431 }
432
433 return status;
434#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
435}
436
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]437psa_status_t tfm_crypto_destroy_key(psa_invec in_vec[],
438 size_t in_len,
439 psa_outvec out_vec[],
440 size_t out_len)
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]441{
Kevin Peng96f802e2019-12-26 16:10:25 +0800[diff] [blame]442#ifdef TFM_CRYPTO_KEY_MODULE_DISABLED
Antonio de Angelis7740b382019-07-16 10:59:25 +0100[diff] [blame]443 return PSA_ERROR_NOT_SUPPORTED;
444#else
Jamie Fox0e54ebc2019-04-09 14:21:04 +0100[diff] [blame]445 (void)out_vec;
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]446
Soby Mathewd8abdfd2020-10-14 10:28:01 +0100[diff] [blame]447 CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 1, 1, out_len, 0, 0);
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]448
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame]449 if (in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) {
Soby Mathewc6e89362020-10-19 16:55:16 +0100[diff] [blame]450 return PSA_ERROR_PROGRAMMER_ERROR;
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]451 }
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame]452 const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]453 psa_key_id_t key = iov->key_id;
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]454 uint8_t index;
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]455 mbedtls_svc_key_id_t encoded_key;
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]456 psa_status_t status;
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]457
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]458 status = check_handle_owner(key, &index);
Antonio de Angelis60a6fe62019-06-18 15:27:34 +0100[diff] [blame]459 if (status != PSA_SUCCESS) {
460 return status;
461 }
462
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]463 encoded_key_id_make(key, index, &encoded_key);
Antonio de Angelis60a6fe62019-06-18 15:27:34 +0100[diff] [blame]464
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]465 status = psa_destroy_key(encoded_key);
Antonio de Angelis60a6fe62019-06-18 15:27:34 +0100[diff] [blame]466 if (status == PSA_SUCCESS) {
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]467 clean_handle_owner(index);
Antonio de Angelis60a6fe62019-06-18 15:27:34 +0100[diff] [blame]468 }
469
470 return status;
Antonio de Angelis7740b382019-07-16 10:59:25 +0100[diff] [blame]471#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]472}
473
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame]474psa_status_t tfm_crypto_get_key_attributes(psa_invec in_vec[],
475 size_t in_len,
476 psa_outvec out_vec[],
477 size_t out_len)
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]478{
Kevin Peng96f802e2019-12-26 16:10:25 +0800[diff] [blame]479#ifdef TFM_CRYPTO_KEY_MODULE_DISABLED
Antonio de Angelis7740b382019-07-16 10:59:25 +0100[diff] [blame]480 return PSA_ERROR_NOT_SUPPORTED;
481#else
Soby Mathewd8abdfd2020-10-14 10:28:01 +0100[diff] [blame]482
483 CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 1, 1, out_len, 1, 1);
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]484
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame]485 if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
Soby Mathewd7b79f22020-05-21 15:06:54 +0100[diff] [blame]486 (out_vec[0].len != sizeof(struct psa_client_key_attributes_s))) {
Soby Mathewc6e89362020-10-19 16:55:16 +0100[diff] [blame]487 return PSA_ERROR_PROGRAMMER_ERROR;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]488 }
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame]489 const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]490
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]491 psa_key_id_t key = iov->key_id;
Soby Mathewd7b79f22020-05-21 15:06:54 +0100[diff] [blame]492 struct psa_client_key_attributes_s *client_key_attr = out_vec[0].base;
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]493 psa_status_t status;
494 psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]495 mbedtls_svc_key_id_t encoded_key;
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]496 uint8_t index;
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]497
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]498 status = check_handle_owner(key, &index);
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]499 if (status != PSA_SUCCESS) {
500 return status;
501 }
502
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]503 encoded_key_id_make(key, index, &encoded_key);
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]504
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]505 status = psa_get_key_attributes(encoded_key, &key_attributes);
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]506 if (status == PSA_SUCCESS) {
507 status = tfm_crypto_key_attributes_to_client(&key_attributes,
508 client_key_attr);
509 }
510
511 return status;
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame]512#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
513}
514
515psa_status_t tfm_crypto_reset_key_attributes(psa_invec in_vec[],
516 size_t in_len,
517 psa_outvec out_vec[],
518 size_t out_len)
519{
520#if (TFM_CRYPTO_KEY_MODULE_DISABLED != 0)
521 return PSA_ERROR_NOT_SUPPORTED;
522#else
Soby Mathewd8abdfd2020-10-14 10:28:01 +0100[diff] [blame]523
524 CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 1, 1, out_len, 1, 1);
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame]525
526 if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
Soby Mathewd7b79f22020-05-21 15:06:54 +0100[diff] [blame]527 (out_vec[0].len != sizeof(struct psa_client_key_attributes_s))) {
Soby Mathewc6e89362020-10-19 16:55:16 +0100[diff] [blame]528 return PSA_ERROR_PROGRAMMER_ERROR;
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame]529 }
530
Soby Mathewd7b79f22020-05-21 15:06:54 +0100[diff] [blame]531 struct psa_client_key_attributes_s *client_key_attr = out_vec[0].base;
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]532 psa_status_t status;
533 psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
534 int32_t partition_id;
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame]535
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]536 status = tfm_crypto_get_caller_id(&partition_id);
537 if (status != PSA_SUCCESS) {
538 return status;
539 }
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame]540
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]541 status = tfm_crypto_key_attributes_from_client(client_key_attr,
542 partition_id,
543 &key_attributes);
544 if (status != PSA_SUCCESS) {
545 return status;
546 }
547
548 psa_reset_key_attributes(&key_attributes);
549
550 return tfm_crypto_key_attributes_to_client(&key_attributes,
551 client_key_attr);
Antonio de Angelis7740b382019-07-16 10:59:25 +0100[diff] [blame]552#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]553}
554
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]555psa_status_t tfm_crypto_export_key(psa_invec in_vec[],
556 size_t in_len,
557 psa_outvec out_vec[],
558 size_t out_len)
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]559{
Kevin Peng96f802e2019-12-26 16:10:25 +0800[diff] [blame]560#ifdef TFM_CRYPTO_KEY_MODULE_DISABLED
Antonio de Angelis7740b382019-07-16 10:59:25 +0100[diff] [blame]561 return PSA_ERROR_NOT_SUPPORTED;
562#else
Soby Mathewd8abdfd2020-10-14 10:28:01 +0100[diff] [blame]563
564 CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 1, 1, out_len, 0, 1);
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]565
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame]566 if (in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) {
Soby Mathewc6e89362020-10-19 16:55:16 +0100[diff] [blame]567 return PSA_ERROR_PROGRAMMER_ERROR;
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]568 }
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame]569 const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]570
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]571 psa_key_id_t key = iov->key_id;
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]572 uint8_t *data = out_vec[0].base;
573 size_t data_size = out_vec[0].len;
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]574 mbedtls_svc_key_id_t encoded_key;
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]575 psa_status_t status;
576 uint8_t index;
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]577
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]578 status = check_handle_owner(key, &index);
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]579 if (status != PSA_SUCCESS) {
580 return status;
581 }
582
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]583 encoded_key_id_make(key, index, &encoded_key);
584
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]585 return psa_export_key(encoded_key, data, data_size,
586 &(out_vec[0].len));
Antonio de Angelis7740b382019-07-16 10:59:25 +0100[diff] [blame]587#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]588}
589
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]590psa_status_t tfm_crypto_export_public_key(psa_invec in_vec[],
591 size_t in_len,
592 psa_outvec out_vec[],
593 size_t out_len)
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]594{
Kevin Peng96f802e2019-12-26 16:10:25 +0800[diff] [blame]595#ifdef TFM_CRYPTO_KEY_MODULE_DISABLED
Antonio de Angelis7740b382019-07-16 10:59:25 +0100[diff] [blame]596 return PSA_ERROR_NOT_SUPPORTED;
597#else
Soby Mathewd8abdfd2020-10-14 10:28:01 +0100[diff] [blame]598
599 CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 1, 1, out_len, 0, 1);
Hugues de Valon8b442442019-02-19 14:30:52 +0000[diff] [blame]600
Antonio de Angelis25e2b2d2019-04-25 14:49:50 +0100[diff] [blame]601 if (in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) {
Soby Mathewc6e89362020-10-19 16:55:16 +0100[diff] [blame]602 return PSA_ERROR_PROGRAMMER_ERROR;
Antonio de Angelis25e2b2d2019-04-25 14:49:50 +0100[diff] [blame]603 }
604 const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]605 psa_key_id_t key = iov->key_id;
Antonio de Angelis25e2b2d2019-04-25 14:49:50 +0100[diff] [blame]606 uint8_t *data = out_vec[0].base;
607 size_t data_size = out_vec[0].len;
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]608 mbedtls_svc_key_id_t encoded_key;
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]609 psa_status_t status;
610 uint8_t index;
Antonio de Angelis25e2b2d2019-04-25 14:49:50 +0100[diff] [blame]611
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]612 status = check_handle_owner(key, &index);
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]613 if (status != PSA_SUCCESS) {
614 return status;
615 }
616
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]617 encoded_key_id_make(key, index, &encoded_key);
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]618
619 return psa_export_public_key(encoded_key, data, data_size,
620 &(out_vec[0].len));
621#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
622}
623
624psa_status_t tfm_crypto_purge_key(psa_invec in_vec[],
625 size_t in_len,
626 psa_outvec out_vec[],
627 size_t out_len)
628{
629#ifdef TFM_CRYPTO_KEY_MODULE_DISABLED
630 return PSA_ERROR_NOT_SUPPORTED;
631#else
632 (void)out_vec;
633
634 CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 1, 1, out_len, 0, 0);
635
636 if (in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) {
637 return PSA_ERROR_PROGRAMMER_ERROR;
638 }
639 const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
640 psa_key_id_t key = iov->key_id;
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]641 mbedtls_svc_key_id_t encoded_key;
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]642 psa_status_t status;
643 uint8_t index;
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]644
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]645 status = check_handle_owner(key, &index);
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]646 if (status != PSA_SUCCESS) {
647 return status;
648 }
649
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]650 encoded_key_id_make(key, index, &encoded_key);
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]651
652 status = psa_purge_key(encoded_key);
653 if (status == PSA_SUCCESS) {
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]654 clean_handle_owner(index);
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]655 }
656
657 return status;
Antonio de Angelis7740b382019-07-16 10:59:25 +0100[diff] [blame]658#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
Antonio de Angelis25e2b2d2019-04-25 14:49:50 +0100[diff] [blame]659}
660
661psa_status_t tfm_crypto_copy_key(psa_invec in_vec[],
662 size_t in_len,
663 psa_outvec out_vec[],
664 size_t out_len)
665{
Kevin Peng96f802e2019-12-26 16:10:25 +0800[diff] [blame]666#ifdef TFM_CRYPTO_KEY_MODULE_DISABLED
Antonio de Angelis7740b382019-07-16 10:59:25 +0100[diff] [blame]667 return PSA_ERROR_NOT_SUPPORTED;
668#else
Antonio de Angelis25e2b2d2019-04-25 14:49:50 +0100[diff] [blame]669
Soby Mathewd8abdfd2020-10-14 10:28:01 +0100[diff] [blame]670 CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 2, 2, out_len, 1, 1);
Antonio de Angelis25e2b2d2019-04-25 14:49:50 +0100[diff] [blame]671
672 if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]673 (out_vec[0].len != sizeof(psa_key_id_t)) ||
Soby Mathewd7b79f22020-05-21 15:06:54 +0100[diff] [blame]674 (in_vec[1].len != sizeof(struct psa_client_key_attributes_s))) {
Soby Mathewc6e89362020-10-19 16:55:16 +0100[diff] [blame]675 return PSA_ERROR_PROGRAMMER_ERROR;
Antonio de Angelis25e2b2d2019-04-25 14:49:50 +0100[diff] [blame]676 }
677 const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
678
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]679 psa_key_id_t source_key_id = iov->key_id;
680 psa_key_id_t *target_key_id = out_vec[0].base;
Soby Mathewd7b79f22020-05-21 15:06:54 +0100[diff] [blame]681 const struct psa_client_key_attributes_s *client_key_attr = in_vec[1].base;
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame]682 psa_status_t status;
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]683 psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]684 uint8_t i = 0;
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame]685 int32_t partition_id = 0;
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]686 mbedtls_svc_key_id_t target_key;
687 mbedtls_svc_key_id_t encoded_key;
Antonio de Angelis25e2b2d2019-04-25 14:49:50 +0100[diff] [blame]688
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]689 status = find_empty_handle_owner_slot(&i);
690 if (status != PSA_SUCCESS) {
691 return status;
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]692 }
693
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame]694 status = tfm_crypto_get_caller_id(&partition_id);
695 if (status != PSA_SUCCESS) {
Antonio de Angelis60a6fe62019-06-18 15:27:34 +0100[diff] [blame]696 return status;
697 }
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame]698
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]699 status = tfm_crypto_key_attributes_from_client(client_key_attr,
700 partition_id,
701 &key_attributes);
702 if (status != PSA_SUCCESS) {
703 return status;
704 }
705
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]706 status = check_handle_owner(source_key_id, NULL);
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]707 if (status != PSA_SUCCESS) {
708 return status;
709 }
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame]710
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]711 encoded_key_id_make(source_key_id, i, &encoded_key);
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]712
713 status = psa_copy_key(encoded_key, &key_attributes, &target_key);
David Hub3d7d682021-06-25 14:55:35 +0800[diff] [blame]714#ifdef CRYPTO_KEY_ID_ENCODES_OWNER
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]715 *target_key_id = target_key.key_id;
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]716#else
717 *target_key_id = (psa_key_id_t)target_key;
718#endif
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame]719 if (status == PSA_SUCCESS) {
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]720 set_handle_owner(i, partition_id, *target_key_id);
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame]721 }
722
723 return status;
Antonio de Angelis7740b382019-07-16 10:59:25 +0100[diff] [blame]724#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]725}
726
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame]727psa_status_t tfm_crypto_generate_key(psa_invec in_vec[],
728 size_t in_len,
729 psa_outvec out_vec[],
730 size_t out_len)
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]731{
Kevin Peng96f802e2019-12-26 16:10:25 +0800[diff] [blame]732#ifdef TFM_CRYPTO_KEY_MODULE_DISABLED
Antonio de Angelis7740b382019-07-16 10:59:25 +0100[diff] [blame]733 return PSA_ERROR_NOT_SUPPORTED;
734#else
Soby Mathewd8abdfd2020-10-14 10:28:01 +0100[diff] [blame]735
736 CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 2, 2, out_len, 1, 1);
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]737
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame]738 if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
Soby Mathewd7b79f22020-05-21 15:06:54 +0100[diff] [blame]739 (in_vec[1].len != sizeof(struct psa_client_key_attributes_s)) ||
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]740 (out_vec[0].len != sizeof(psa_key_id_t))) {
Soby Mathewc6e89362020-10-19 16:55:16 +0100[diff] [blame]741 return PSA_ERROR_PROGRAMMER_ERROR;
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]742 }
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]743 psa_key_id_t *key_handle = out_vec[0].base;
Soby Mathewd7b79f22020-05-21 15:06:54 +0100[diff] [blame]744 const struct psa_client_key_attributes_s *client_key_attr = in_vec[1].base;
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame]745 psa_status_t status;
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]746 psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]747 uint8_t i = 0;
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame]748 int32_t partition_id = 0;
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]749 mbedtls_svc_key_id_t encoded_key;
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]750
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]751 status = find_empty_handle_owner_slot(&i);
752 if (status != PSA_SUCCESS) {
753 return status;
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]754 }
755
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame]756 status = tfm_crypto_get_caller_id(&partition_id);
757 if (status != PSA_SUCCESS) {
758 return status;
759 }
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]760
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]761 status = tfm_crypto_key_attributes_from_client(client_key_attr,
762 partition_id,
763 &key_attributes);
764 if (status != PSA_SUCCESS) {
765 return status;
766 }
767
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]768 status = psa_generate_key(&key_attributes, &encoded_key);
David Hub3d7d682021-06-25 14:55:35 +0800[diff] [blame]769#ifdef CRYPTO_KEY_ID_ENCODES_OWNER
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]770 *key_handle = encoded_key.key_id;
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]771#else
772 *key_handle = (psa_key_id_t)encoded_key;
773#endif
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame]774
775 if (status == PSA_SUCCESS) {
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]776 set_handle_owner(i, partition_id, *key_handle);
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame]777 }
778
779 return status;
Antonio de Angelis7740b382019-07-16 10:59:25 +0100[diff] [blame]780#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]781}
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]782/*!@}*/