TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / TF-M / trusted-firmware-m.git / 359167d3a2fe109adb9fae3a086864489fdc1005 / . / secure_fw / partitions / crypto / crypto_key.c
blob: ec9bf0f810fe713b2a67b464524a8ee248d30096 [file] [log] [blame]
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]1/*
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]2 * Copyright (c) 2018-2021, Arm Limited. All rights reserved.
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 *
6 */
7
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]8#include <stddef.h>
Jamie Fox0e54ebc2019-04-09 14:21:04 +0100[diff] [blame]9#include <stdint.h>
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]10
Jamie Fox0e54ebc2019-04-09 14:21:04 +0100[diff] [blame]11#include "tfm_mbedcrypto_include.h"
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame]12
Jamie Fox0e54ebc2019-04-09 14:21:04 +0100[diff] [blame]13#include "tfm_crypto_api.h"
14#include "tfm_crypto_defs.h"
Soby Mathewd8abdfd2020-10-14 10:28:01 +0100[diff] [blame]15#include "tfm_crypto_private.h"
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]16
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]17#ifndef TFM_CRYPTO_KEY_MODULE_DISABLED
David Hub3d7d682021-06-25 14:55:35 +0800[diff] [blame]18#ifdef CRYPTO_KEY_ID_ENCODES_OWNER
Antonio de Angelis60a6fe62019-06-18 15:27:34 +0100[diff] [blame]19#ifndef TFM_CRYPTO_MAX_KEY_HANDLES
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]20#define TFM_CRYPTO_MAX_KEY_HANDLES (32)
Antonio de Angelis60a6fe62019-06-18 15:27:34 +0100[diff] [blame]21#endif
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]22
Antonio de Angelis60a6fe62019-06-18 15:27:34 +0100[diff] [blame]23struct tfm_crypto_handle_owner_s {
24 int32_t owner; /*!< Owner of the allocated handle */
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]25 psa_key_id_t key; /*!< Allocated key */
Antonio de Angelis60a6fe62019-06-18 15:27:34 +0100[diff] [blame]26 uint8_t in_use; /*!< Flag to indicate if this in use */
27};
28
29static struct tfm_crypto_handle_owner_s
30 handle_owner[TFM_CRYPTO_MAX_KEY_HANDLES] = {0};
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]31
32static void set_handle_owner(uint8_t idx, int32_t client_id,
33 psa_key_id_t key_handle)
34{
35 /* Skip checking idx */
36
37 handle_owner[idx].owner = client_id;
38 handle_owner[idx].key = key_handle;
39 handle_owner[idx].in_use = TFM_CRYPTO_IN_USE;
40}
41
42static void clean_handle_owner(uint8_t idx)
43{
44 /* Skip checking idx */
45
46 handle_owner[idx].owner = TFM_INVALID_CLIENT_ID;
Summer Qinaeeef282021-06-30 16:24:43 +0800[diff] [blame]47 handle_owner[idx].key = (psa_key_id_t)0;
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]48 handle_owner[idx].in_use = TFM_CRYPTO_NOT_IN_USE;
49}
50
51static psa_status_t find_empty_handle_owner_slot(uint8_t *idx)
52{
53 uint8_t i;
54
55 for (i = 0; i < TFM_CRYPTO_MAX_KEY_HANDLES; i++) {
56 if (handle_owner[i].in_use == TFM_CRYPTO_NOT_IN_USE) {
57 *idx = i;
58 return PSA_SUCCESS;
59 }
60 }
61
62 return PSA_ERROR_INSUFFICIENT_MEMORY;
63}
64
65/*
66 * Check that the requested handle belongs to the requesting partition
67 *
68 * Argument idx is optional. It points to the buffer to hold the internal
69 * index corresponding to the input handle. Valid only on PSA_SUCCESS.
70 * It is filled only if the input pointer is not NULL.
71 *
72 * Return values as described in \ref psa_status_t
73 */
74static psa_status_t check_handle_owner(psa_key_id_t key, uint8_t *idx)
75{
76 int32_t client_id = 0;
77 uint8_t i = 0;
78 psa_status_t status;
79
80 status = tfm_crypto_get_caller_id(&client_id);
81 if (status != PSA_SUCCESS) {
82 return status;
83 }
84
85 for (i = 0; i < TFM_CRYPTO_MAX_KEY_HANDLES; i++) {
86 if (handle_owner[i].in_use && handle_owner[i].key == key) {
87 if (handle_owner[i].owner == client_id) {
88 if (idx) {
89 *idx = i;
90 }
91 return PSA_SUCCESS;
92 } else {
93 return PSA_ERROR_NOT_PERMITTED;
94 }
95 }
96 }
97
98 return PSA_ERROR_INVALID_HANDLE;
99}
100
101static void encoded_key_id_make(psa_key_id_t key, uint8_t slot_idx,
102 mbedtls_svc_key_id_t *encoded_key)
103{
104 /* Skip checking encoded_key */
105 *encoded_key = mbedtls_svc_key_id_make(handle_owner[slot_idx].owner, key);
106}
David Hub3d7d682021-06-25 14:55:35 +0800[diff] [blame]107#else /* CRYPTO_KEY_ID_ENCODES_OWNER */
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]108#define set_handle_owner(idx, client_id, key_handle) do {} while (0)
109#define clean_handle_owner(idx) do {} while (0)
110
111static inline psa_status_t find_empty_handle_owner_slot(uint8_t *idx)
112{
113 *idx = 0;
114
115 return PSA_SUCCESS;
116}
117
118static inline psa_status_t check_handle_owner(psa_key_id_t key, uint8_t *idx)
119{
120 (void)key;
121
122 if (idx) {
123 *idx = 0;
124 }
125
126 return PSA_SUCCESS;
127}
128
129static inline void encoded_key_id_make(psa_key_id_t key, uint8_t slot_idx,
130 mbedtls_svc_key_id_t *encoded_key)
131{
132 (void)slot_idx;
133
134 /* Skip checking encoded_key */
135 *encoded_key = mbedtls_svc_key_id_make(TFM_INVALID_CLIENT_ID, key);
136}
David Hub3d7d682021-06-25 14:55:35 +0800[diff] [blame]137#endif /* CRYPTO_KEY_ID_ENCODES_OWNER */
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]138#endif /* !TFM_CRYPTO_KEY_MODULE_DISABLED */
Jamie Foxdadb4e82019-09-03 17:59:41 +0100[diff] [blame]139
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]140/*!
141 * \defgroup public Public functions
142 *
143 */
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]144/*!@{*/
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]145psa_status_t tfm_crypto_key_attributes_from_client(
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]146 const struct psa_client_key_attributes_s *client_key_attr,
147 int32_t client_id,
148 psa_key_attributes_t *key_attributes)
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]149{
Summer Qin359167d2021-07-05 18:11:50 +0800[diff] [blame^]150 psa_core_key_attributes_t *core;
151
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]152 if (client_key_attr == NULL || key_attributes == NULL) {
153 return PSA_ERROR_PROGRAMMER_ERROR;
154 }
155
Soby Mathewd7b79f22020-05-21 15:06:54 +0100[diff] [blame]156 *key_attributes = psa_key_attributes_init();
Summer Qin359167d2021-07-05 18:11:50 +0800[diff] [blame^]157 core = &(key_attributes->MBEDTLS_PRIVATE(core));
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]158
159 /* Copy core key attributes from the client core key attributes */
Summer Qin359167d2021-07-05 18:11:50 +0800[diff] [blame^]160 core->MBEDTLS_PRIVATE(type) = client_key_attr->type;
161 core->MBEDTLS_PRIVATE(lifetime) = client_key_attr->lifetime;
162 core->MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(usage) =
163 client_key_attr->usage;
164 core->MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg) =
165 client_key_attr->alg;
166 core->MBEDTLS_PRIVATE(bits) = client_key_attr->bits;
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]167
168 /* Use the client key id as the key_id and its partition id as the owner */
David Hub3d7d682021-06-25 14:55:35 +0800[diff] [blame]169#ifdef CRYPTO_KEY_ID_ENCODES_OWNER
Summer Qin359167d2021-07-05 18:11:50 +0800[diff] [blame^]170 core->MBEDTLS_PRIVATE(id).MBEDTLS_PRIVATE(key_id) = client_key_attr->id;
171 core->MBEDTLS_PRIVATE(id).MBEDTLS_PRIVATE(owner) = client_id;
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]172#else
Summer Qin359167d2021-07-05 18:11:50 +0800[diff] [blame^]173 core->MBEDTLS_PRIVATE(id) = client_key_attr->id;
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]174#endif
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]175
176 return PSA_SUCCESS;
177}
178
179psa_status_t tfm_crypto_key_attributes_to_client(
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]180 const psa_key_attributes_t *key_attributes,
181 struct psa_client_key_attributes_s *client_key_attr)
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]182{
183 if (client_key_attr == NULL || key_attributes == NULL) {
184 return PSA_ERROR_PROGRAMMER_ERROR;
185 }
186
Soby Mathewd7b79f22020-05-21 15:06:54 +0100[diff] [blame]187 struct psa_client_key_attributes_s v = PSA_CLIENT_KEY_ATTRIBUTES_INIT;
188 *client_key_attr = v;
Summer Qin359167d2021-07-05 18:11:50 +0800[diff] [blame^]189 psa_core_key_attributes_t core = key_attributes->MBEDTLS_PRIVATE(core);
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]190
Soby Mathewd7b79f22020-05-21 15:06:54 +0100[diff] [blame]191 /* Copy core key attributes from the client core key attributes */
Summer Qin359167d2021-07-05 18:11:50 +0800[diff] [blame^]192 client_key_attr->type = core.MBEDTLS_PRIVATE(type);
193 client_key_attr->lifetime = core.MBEDTLS_PRIVATE(lifetime);
194 client_key_attr->usage = core.MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(usage);
195 client_key_attr->alg = core.MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg);
196 client_key_attr->bits = core.MBEDTLS_PRIVATE(bits);
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]197
198 /* Return the key_id as the client key id, do not return the owner */
David Hub3d7d682021-06-25 14:55:35 +0800[diff] [blame]199#ifdef CRYPTO_KEY_ID_ENCODES_OWNER
Summer Qin359167d2021-07-05 18:11:50 +0800[diff] [blame^]200 client_key_attr->id = core.MBEDTLS_PRIVATE(id).MBEDTLS_PRIVATE(key_id);
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]201#else
Summer Qin359167d2021-07-05 18:11:50 +0800[diff] [blame^]202 client_key_attr->id = core.MBEDTLS_PRIVATE(id);
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]203#endif
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]204
205 return PSA_SUCCESS;
206}
207
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]208psa_status_t tfm_crypto_check_handle_owner(psa_key_id_t key)
Antonio de Angelis60a6fe62019-06-18 15:27:34 +0100[diff] [blame]209{
Kevin Peng96f802e2019-12-26 16:10:25 +0800[diff] [blame]210#ifdef TFM_CRYPTO_KEY_MODULE_DISABLED
Antonio de Angelis7740b382019-07-16 10:59:25 +0100[diff] [blame]211 return PSA_ERROR_NOT_SUPPORTED;
212#else
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]213 return check_handle_owner(key, NULL);
Antonio de Angelis7740b382019-07-16 10:59:25 +0100[diff] [blame]214#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
Antonio de Angelis60a6fe62019-06-18 15:27:34 +0100[diff] [blame]215}
216
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]217psa_status_t tfm_crypto_encode_id_and_owner(psa_key_id_t key_id,
218 mbedtls_svc_key_id_t *enc_key_ptr)
219{
220 int32_t partition_id = 0;
221 psa_status_t status = tfm_crypto_get_caller_id(&partition_id);
222
223 if (status != PSA_SUCCESS) {
224 return status;
225 }
226
227 /* If Null Pointer, return PSA_ERROR_PROGRAMMER_ERROR */
228 if (enc_key_ptr == NULL) {
229 return PSA_ERROR_PROGRAMMER_ERROR;
230 }
231
232 /* Use the client key id as the key_id and its partition id as the owner */
233 *enc_key_ptr = mbedtls_svc_key_id_make(partition_id, key_id);
234
235 return PSA_SUCCESS;
236}
237
Jamie Fox99360e82020-02-20 16:00:09 +0000[diff] [blame]238psa_status_t tfm_crypto_check_key_storage(uint32_t *index)
239{
240#ifdef TFM_CRYPTO_KEY_MODULE_DISABLED
241 return PSA_ERROR_NOT_SUPPORTED;
242#else
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]243 return find_empty_handle_owner_slot((uint8_t *)index);
Jamie Fox99360e82020-02-20 16:00:09 +0000[diff] [blame]244#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
245}
246
247psa_status_t tfm_crypto_set_key_storage(uint32_t index,
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]248 psa_key_id_t key_handle)
Jamie Fox99360e82020-02-20 16:00:09 +0000[diff] [blame]249{
250#ifdef TFM_CRYPTO_KEY_MODULE_DISABLED
251 return PSA_ERROR_NOT_SUPPORTED;
252#else
253 psa_status_t status;
254 int32_t partition_id;
255
256 status = tfm_crypto_get_caller_id(&partition_id);
257 if (status != PSA_SUCCESS) {
258 return status;
259 }
260
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]261 set_handle_owner(index, partition_id, key_handle);
Jamie Fox99360e82020-02-20 16:00:09 +0000[diff] [blame]262
263 return PSA_SUCCESS;
264#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
265}
266
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame]267psa_status_t tfm_crypto_set_key_domain_parameters(psa_invec in_vec[],
268 size_t in_len,
269 psa_outvec out_vec[],
270 size_t out_len)
Antonio de Angeliscf85ba22018-10-09 13:29:40 +0100[diff] [blame]271{
Kevin Peng96f802e2019-12-26 16:10:25 +0800[diff] [blame]272#ifdef TFM_CRYPTO_KEY_MODULE_DISABLED
Antonio de Angelis7740b382019-07-16 10:59:25 +0100[diff] [blame]273 return PSA_ERROR_NOT_SUPPORTED;
274#else
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame]275 /* FixMe: To be implemented */
276 return PSA_ERROR_NOT_SUPPORTED;
277#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
278}
279
280psa_status_t tfm_crypto_get_key_domain_parameters(psa_invec in_vec[],
281 size_t in_len,
282 psa_outvec out_vec[],
283 size_t out_len)
284{
285#ifdef TFM_CRYPTO_KEY_MODULE_DISABLED
286 return PSA_ERROR_NOT_SUPPORTED;
287#else
288 /* FixMe: To be implemented */
289 return PSA_ERROR_NOT_SUPPORTED;
290#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
291}
292
293psa_status_t tfm_crypto_import_key(psa_invec in_vec[],
294 size_t in_len,
295 psa_outvec out_vec[],
296 size_t out_len)
297{
298#ifdef TFM_CRYPTO_KEY_MODULE_DISABLED
299 return PSA_ERROR_NOT_SUPPORTED;
300#else
301
Soby Mathewd8abdfd2020-10-14 10:28:01 +0100[diff] [blame]302 CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 2, 3, out_len, 1, 1);
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]303
Jamie Fox0e54ebc2019-04-09 14:21:04 +0100[diff] [blame]304 if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
Soby Mathewd7b79f22020-05-21 15:06:54 +0100[diff] [blame]305 (in_vec[1].len != sizeof(struct psa_client_key_attributes_s)) ||
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]306 (out_vec[0].len != sizeof(psa_key_id_t))) {
Soby Mathewc6e89362020-10-19 16:55:16 +0100[diff] [blame]307 return PSA_ERROR_PROGRAMMER_ERROR;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]308 }
Soby Mathewd7b79f22020-05-21 15:06:54 +0100[diff] [blame]309 const struct psa_client_key_attributes_s *client_key_attr = in_vec[1].base;
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame]310 const uint8_t *data = in_vec[2].base;
311 size_t data_length = in_vec[2].len;
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]312 psa_key_id_t *psa_key = out_vec[0].base;
313
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame]314 psa_status_t status;
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]315 psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]316 uint8_t i = 0;
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]317 mbedtls_svc_key_id_t encoded_key;
Antonio de Angelis60a6fe62019-06-18 15:27:34 +0100[diff] [blame]318 int32_t partition_id = 0;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]319
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]320 status = find_empty_handle_owner_slot(&i);
321 if (status != PSA_SUCCESS) {
322 return status;
Antonio de Angelis60a6fe62019-06-18 15:27:34 +0100[diff] [blame]323 }
324
325 status = tfm_crypto_get_caller_id(&partition_id);
326 if (status != PSA_SUCCESS) {
327 return status;
328 }
329
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]330 status = tfm_crypto_key_attributes_from_client(client_key_attr,
331 partition_id,
332 &key_attributes);
333 if (status != PSA_SUCCESS) {
334 return status;
335 }
336
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]337 status = psa_import_key(&key_attributes, data, data_length, &encoded_key);
338 /* Update the imported key id */
David Hub3d7d682021-06-25 14:55:35 +0800[diff] [blame]339#ifdef CRYPTO_KEY_ID_ENCODES_OWNER
Summer Qin359167d2021-07-05 18:11:50 +0800[diff] [blame^]340 *psa_key = encoded_key.MBEDTLS_PRIVATE(key_id);
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]341#else
342 *psa_key = (psa_key_id_t)encoded_key;
343#endif
Antonio de Angelis60a6fe62019-06-18 15:27:34 +0100[diff] [blame]344
345 if (status == PSA_SUCCESS) {
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]346 set_handle_owner(i, partition_id, *psa_key);
Antonio de Angelis60a6fe62019-06-18 15:27:34 +0100[diff] [blame]347 }
348
349 return status;
Antonio de Angelis7740b382019-07-16 10:59:25 +0100[diff] [blame]350#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]351}
352
Jamie Foxdadb4e82019-09-03 17:59:41 +0100[diff] [blame]353psa_status_t tfm_crypto_open_key(psa_invec in_vec[],
354 size_t in_len,
355 psa_outvec out_vec[],
356 size_t out_len)
357{
Kevin Peng96f802e2019-12-26 16:10:25 +0800[diff] [blame]358#ifdef TFM_CRYPTO_KEY_MODULE_DISABLED
Jamie Foxdadb4e82019-09-03 17:59:41 +0100[diff] [blame]359 return PSA_ERROR_NOT_SUPPORTED;
360#else
Soby Mathewd8abdfd2020-10-14 10:28:01 +0100[diff] [blame]361
362 CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 2, 2, out_len, 1, 1);
Jamie Foxdadb4e82019-09-03 17:59:41 +0100[diff] [blame]363
364 if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]365 (in_vec[1].len != sizeof(psa_key_id_t)) ||
366 (out_vec[0].len != sizeof(psa_key_id_t))) {
Soby Mathewc6e89362020-10-19 16:55:16 +0100[diff] [blame]367 return PSA_ERROR_PROGRAMMER_ERROR;
Jamie Foxdadb4e82019-09-03 17:59:41 +0100[diff] [blame]368 }
369
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]370 psa_key_id_t client_key_id = *((psa_key_id_t *)in_vec[1].base);
371 psa_key_id_t *key = out_vec[0].base;
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]372 psa_status_t status;
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]373 mbedtls_svc_key_id_t encoded_key;
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]374 int32_t partition_id;
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]375 uint8_t i;
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]376
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]377 status = find_empty_handle_owner_slot(&i);
378 if (status != PSA_SUCCESS) {
379 return status;
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]380 }
381
382 status = tfm_crypto_get_caller_id(&partition_id);
383 if (status != PSA_SUCCESS) {
384 return status;
385 }
386
387 /* Use the client key id as the key_id and its partition id as the owner */
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]388 encoded_key = mbedtls_svc_key_id_make(partition_id, client_key_id);
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]389
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]390 status = psa_open_key(encoded_key, &encoded_key);
David Hub3d7d682021-06-25 14:55:35 +0800[diff] [blame]391#ifdef CRYPTO_KEY_ID_ENCODES_OWNER
Summer Qin359167d2021-07-05 18:11:50 +0800[diff] [blame^]392 *key = encoded_key.MBEDTLS_PRIVATE(key_id);
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]393#else
394 *key = (psa_key_id_t)encoded_key;
395#endif
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]396
397 if (status == PSA_SUCCESS) {
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]398 set_handle_owner(i, partition_id, *key);
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]399 }
400
401 return status;
Jamie Foxdadb4e82019-09-03 17:59:41 +0100[diff] [blame]402#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
403}
404
405psa_status_t tfm_crypto_close_key(psa_invec in_vec[],
406 size_t in_len,
407 psa_outvec out_vec[],
408 size_t out_len)
409{
Kevin Peng96f802e2019-12-26 16:10:25 +0800[diff] [blame]410#ifdef TFM_CRYPTO_KEY_MODULE_DISABLED
Jamie Foxdadb4e82019-09-03 17:59:41 +0100[diff] [blame]411 return PSA_ERROR_NOT_SUPPORTED;
412#else
413 (void)out_vec;
414
Soby Mathewd8abdfd2020-10-14 10:28:01 +0100[diff] [blame]415 CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 1, 1, out_len, 0, 0);
Jamie Foxdadb4e82019-09-03 17:59:41 +0100[diff] [blame]416
417 if (in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) {
Soby Mathewc6e89362020-10-19 16:55:16 +0100[diff] [blame]418 return PSA_ERROR_PROGRAMMER_ERROR;
Jamie Foxdadb4e82019-09-03 17:59:41 +0100[diff] [blame]419 }
420 const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
421
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]422 psa_key_id_t key = iov->key_id;
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]423 uint8_t index;
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]424 mbedtls_svc_key_id_t encoded_key;
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]425 psa_status_t status;
Jamie Foxdadb4e82019-09-03 17:59:41 +0100[diff] [blame]426
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]427 status = check_handle_owner(key, &index);
Jamie Foxdadb4e82019-09-03 17:59:41 +0100[diff] [blame]428 if (status != PSA_SUCCESS) {
429 return status;
430 }
431
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]432 encoded_key_id_make(key, index, &encoded_key);
Jamie Foxdadb4e82019-09-03 17:59:41 +0100[diff] [blame]433
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]434 status = psa_close_key(encoded_key);
Jamie Foxdadb4e82019-09-03 17:59:41 +0100[diff] [blame]435 if (status == PSA_SUCCESS) {
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]436 clean_handle_owner(index);
Jamie Foxdadb4e82019-09-03 17:59:41 +0100[diff] [blame]437 }
438
439 return status;
440#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
441}
442
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]443psa_status_t tfm_crypto_destroy_key(psa_invec in_vec[],
444 size_t in_len,
445 psa_outvec out_vec[],
446 size_t out_len)
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]447{
Kevin Peng96f802e2019-12-26 16:10:25 +0800[diff] [blame]448#ifdef TFM_CRYPTO_KEY_MODULE_DISABLED
Antonio de Angelis7740b382019-07-16 10:59:25 +0100[diff] [blame]449 return PSA_ERROR_NOT_SUPPORTED;
450#else
Jamie Fox0e54ebc2019-04-09 14:21:04 +0100[diff] [blame]451 (void)out_vec;
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]452
Soby Mathewd8abdfd2020-10-14 10:28:01 +0100[diff] [blame]453 CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 1, 1, out_len, 0, 0);
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]454
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame]455 if (in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) {
Soby Mathewc6e89362020-10-19 16:55:16 +0100[diff] [blame]456 return PSA_ERROR_PROGRAMMER_ERROR;
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]457 }
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame]458 const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]459 psa_key_id_t key = iov->key_id;
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]460 uint8_t index;
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]461 mbedtls_svc_key_id_t encoded_key;
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]462 psa_status_t status;
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]463
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]464 status = check_handle_owner(key, &index);
Antonio de Angelis60a6fe62019-06-18 15:27:34 +0100[diff] [blame]465 if (status != PSA_SUCCESS) {
466 return status;
467 }
468
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]469 encoded_key_id_make(key, index, &encoded_key);
Antonio de Angelis60a6fe62019-06-18 15:27:34 +0100[diff] [blame]470
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]471 status = psa_destroy_key(encoded_key);
Antonio de Angelis60a6fe62019-06-18 15:27:34 +0100[diff] [blame]472 if (status == PSA_SUCCESS) {
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]473 clean_handle_owner(index);
Antonio de Angelis60a6fe62019-06-18 15:27:34 +0100[diff] [blame]474 }
475
476 return status;
Antonio de Angelis7740b382019-07-16 10:59:25 +0100[diff] [blame]477#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]478}
479
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame]480psa_status_t tfm_crypto_get_key_attributes(psa_invec in_vec[],
481 size_t in_len,
482 psa_outvec out_vec[],
483 size_t out_len)
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]484{
Kevin Peng96f802e2019-12-26 16:10:25 +0800[diff] [blame]485#ifdef TFM_CRYPTO_KEY_MODULE_DISABLED
Antonio de Angelis7740b382019-07-16 10:59:25 +0100[diff] [blame]486 return PSA_ERROR_NOT_SUPPORTED;
487#else
Soby Mathewd8abdfd2020-10-14 10:28:01 +0100[diff] [blame]488
489 CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 1, 1, out_len, 1, 1);
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]490
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame]491 if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
Soby Mathewd7b79f22020-05-21 15:06:54 +0100[diff] [blame]492 (out_vec[0].len != sizeof(struct psa_client_key_attributes_s))) {
Soby Mathewc6e89362020-10-19 16:55:16 +0100[diff] [blame]493 return PSA_ERROR_PROGRAMMER_ERROR;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]494 }
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame]495 const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]496
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]497 psa_key_id_t key = iov->key_id;
Soby Mathewd7b79f22020-05-21 15:06:54 +0100[diff] [blame]498 struct psa_client_key_attributes_s *client_key_attr = out_vec[0].base;
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]499 psa_status_t status;
500 psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]501 mbedtls_svc_key_id_t encoded_key;
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]502 uint8_t index;
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]503
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]504 status = check_handle_owner(key, &index);
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]505 if (status != PSA_SUCCESS) {
506 return status;
507 }
508
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]509 encoded_key_id_make(key, index, &encoded_key);
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]510
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]511 status = psa_get_key_attributes(encoded_key, &key_attributes);
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]512 if (status == PSA_SUCCESS) {
513 status = tfm_crypto_key_attributes_to_client(&key_attributes,
514 client_key_attr);
515 }
516
517 return status;
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame]518#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
519}
520
521psa_status_t tfm_crypto_reset_key_attributes(psa_invec in_vec[],
522 size_t in_len,
523 psa_outvec out_vec[],
524 size_t out_len)
525{
526#if (TFM_CRYPTO_KEY_MODULE_DISABLED != 0)
527 return PSA_ERROR_NOT_SUPPORTED;
528#else
Soby Mathewd8abdfd2020-10-14 10:28:01 +0100[diff] [blame]529
530 CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 1, 1, out_len, 1, 1);
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame]531
532 if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
Soby Mathewd7b79f22020-05-21 15:06:54 +0100[diff] [blame]533 (out_vec[0].len != sizeof(struct psa_client_key_attributes_s))) {
Soby Mathewc6e89362020-10-19 16:55:16 +0100[diff] [blame]534 return PSA_ERROR_PROGRAMMER_ERROR;
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame]535 }
536
Soby Mathewd7b79f22020-05-21 15:06:54 +0100[diff] [blame]537 struct psa_client_key_attributes_s *client_key_attr = out_vec[0].base;
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]538 psa_status_t status;
539 psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
540 int32_t partition_id;
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame]541
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]542 status = tfm_crypto_get_caller_id(&partition_id);
543 if (status != PSA_SUCCESS) {
544 return status;
545 }
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame]546
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]547 status = tfm_crypto_key_attributes_from_client(client_key_attr,
548 partition_id,
549 &key_attributes);
550 if (status != PSA_SUCCESS) {
551 return status;
552 }
553
554 psa_reset_key_attributes(&key_attributes);
555
556 return tfm_crypto_key_attributes_to_client(&key_attributes,
557 client_key_attr);
Antonio de Angelis7740b382019-07-16 10:59:25 +0100[diff] [blame]558#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]559}
560
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]561psa_status_t tfm_crypto_export_key(psa_invec in_vec[],
562 size_t in_len,
563 psa_outvec out_vec[],
564 size_t out_len)
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]565{
Kevin Peng96f802e2019-12-26 16:10:25 +0800[diff] [blame]566#ifdef TFM_CRYPTO_KEY_MODULE_DISABLED
Antonio de Angelis7740b382019-07-16 10:59:25 +0100[diff] [blame]567 return PSA_ERROR_NOT_SUPPORTED;
568#else
Soby Mathewd8abdfd2020-10-14 10:28:01 +0100[diff] [blame]569
570 CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 1, 1, out_len, 0, 1);
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]571
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame]572 if (in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) {
Soby Mathewc6e89362020-10-19 16:55:16 +0100[diff] [blame]573 return PSA_ERROR_PROGRAMMER_ERROR;
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]574 }
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame]575 const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]576
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]577 psa_key_id_t key = iov->key_id;
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]578 uint8_t *data = out_vec[0].base;
579 size_t data_size = out_vec[0].len;
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]580 mbedtls_svc_key_id_t encoded_key;
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]581 psa_status_t status;
582 uint8_t index;
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]583
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]584 status = check_handle_owner(key, &index);
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]585 if (status != PSA_SUCCESS) {
586 return status;
587 }
588
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]589 encoded_key_id_make(key, index, &encoded_key);
590
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]591 return psa_export_key(encoded_key, data, data_size,
592 &(out_vec[0].len));
Antonio de Angelis7740b382019-07-16 10:59:25 +0100[diff] [blame]593#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]594}
595
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]596psa_status_t tfm_crypto_export_public_key(psa_invec in_vec[],
597 size_t in_len,
598 psa_outvec out_vec[],
599 size_t out_len)
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]600{
Kevin Peng96f802e2019-12-26 16:10:25 +0800[diff] [blame]601#ifdef TFM_CRYPTO_KEY_MODULE_DISABLED
Antonio de Angelis7740b382019-07-16 10:59:25 +0100[diff] [blame]602 return PSA_ERROR_NOT_SUPPORTED;
603#else
Soby Mathewd8abdfd2020-10-14 10:28:01 +0100[diff] [blame]604
605 CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 1, 1, out_len, 0, 1);
Hugues de Valon8b442442019-02-19 14:30:52 +0000[diff] [blame]606
Antonio de Angelis25e2b2d2019-04-25 14:49:50 +0100[diff] [blame]607 if (in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) {
Soby Mathewc6e89362020-10-19 16:55:16 +0100[diff] [blame]608 return PSA_ERROR_PROGRAMMER_ERROR;
Antonio de Angelis25e2b2d2019-04-25 14:49:50 +0100[diff] [blame]609 }
610 const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]611 psa_key_id_t key = iov->key_id;
Antonio de Angelis25e2b2d2019-04-25 14:49:50 +0100[diff] [blame]612 uint8_t *data = out_vec[0].base;
613 size_t data_size = out_vec[0].len;
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]614 mbedtls_svc_key_id_t encoded_key;
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]615 psa_status_t status;
616 uint8_t index;
Antonio de Angelis25e2b2d2019-04-25 14:49:50 +0100[diff] [blame]617
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]618 status = check_handle_owner(key, &index);
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]619 if (status != PSA_SUCCESS) {
620 return status;
621 }
622
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]623 encoded_key_id_make(key, index, &encoded_key);
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]624
625 return psa_export_public_key(encoded_key, data, data_size,
626 &(out_vec[0].len));
627#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
628}
629
630psa_status_t tfm_crypto_purge_key(psa_invec in_vec[],
631 size_t in_len,
632 psa_outvec out_vec[],
633 size_t out_len)
634{
635#ifdef TFM_CRYPTO_KEY_MODULE_DISABLED
636 return PSA_ERROR_NOT_SUPPORTED;
637#else
638 (void)out_vec;
639
640 CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 1, 1, out_len, 0, 0);
641
642 if (in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) {
643 return PSA_ERROR_PROGRAMMER_ERROR;
644 }
645 const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
646 psa_key_id_t key = iov->key_id;
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]647 mbedtls_svc_key_id_t encoded_key;
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]648 psa_status_t status;
649 uint8_t index;
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]650
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]651 status = check_handle_owner(key, &index);
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]652 if (status != PSA_SUCCESS) {
653 return status;
654 }
655
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]656 encoded_key_id_make(key, index, &encoded_key);
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]657
658 status = psa_purge_key(encoded_key);
659 if (status == PSA_SUCCESS) {
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]660 clean_handle_owner(index);
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]661 }
662
663 return status;
Antonio de Angelis7740b382019-07-16 10:59:25 +0100[diff] [blame]664#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
Antonio de Angelis25e2b2d2019-04-25 14:49:50 +0100[diff] [blame]665}
666
667psa_status_t tfm_crypto_copy_key(psa_invec in_vec[],
668 size_t in_len,
669 psa_outvec out_vec[],
670 size_t out_len)
671{
Kevin Peng96f802e2019-12-26 16:10:25 +0800[diff] [blame]672#ifdef TFM_CRYPTO_KEY_MODULE_DISABLED
Antonio de Angelis7740b382019-07-16 10:59:25 +0100[diff] [blame]673 return PSA_ERROR_NOT_SUPPORTED;
674#else
Antonio de Angelis25e2b2d2019-04-25 14:49:50 +0100[diff] [blame]675
Soby Mathewd8abdfd2020-10-14 10:28:01 +0100[diff] [blame]676 CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 2, 2, out_len, 1, 1);
Antonio de Angelis25e2b2d2019-04-25 14:49:50 +0100[diff] [blame]677
678 if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]679 (out_vec[0].len != sizeof(psa_key_id_t)) ||
Soby Mathewd7b79f22020-05-21 15:06:54 +0100[diff] [blame]680 (in_vec[1].len != sizeof(struct psa_client_key_attributes_s))) {
Soby Mathewc6e89362020-10-19 16:55:16 +0100[diff] [blame]681 return PSA_ERROR_PROGRAMMER_ERROR;
Antonio de Angelis25e2b2d2019-04-25 14:49:50 +0100[diff] [blame]682 }
683 const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
684
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]685 psa_key_id_t source_key_id = iov->key_id;
686 psa_key_id_t *target_key_id = out_vec[0].base;
Soby Mathewd7b79f22020-05-21 15:06:54 +0100[diff] [blame]687 const struct psa_client_key_attributes_s *client_key_attr = in_vec[1].base;
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame]688 psa_status_t status;
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]689 psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]690 uint8_t i = 0;
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame]691 int32_t partition_id = 0;
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]692 mbedtls_svc_key_id_t target_key;
693 mbedtls_svc_key_id_t encoded_key;
Antonio de Angelis25e2b2d2019-04-25 14:49:50 +0100[diff] [blame]694
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]695 status = find_empty_handle_owner_slot(&i);
696 if (status != PSA_SUCCESS) {
697 return status;
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]698 }
699
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame]700 status = tfm_crypto_get_caller_id(&partition_id);
701 if (status != PSA_SUCCESS) {
Antonio de Angelis60a6fe62019-06-18 15:27:34 +0100[diff] [blame]702 return status;
703 }
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame]704
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]705 status = tfm_crypto_key_attributes_from_client(client_key_attr,
706 partition_id,
707 &key_attributes);
708 if (status != PSA_SUCCESS) {
709 return status;
710 }
711
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]712 status = check_handle_owner(source_key_id, NULL);
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]713 if (status != PSA_SUCCESS) {
714 return status;
715 }
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame]716
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]717 encoded_key_id_make(source_key_id, i, &encoded_key);
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]718
719 status = psa_copy_key(encoded_key, &key_attributes, &target_key);
David Hub3d7d682021-06-25 14:55:35 +0800[diff] [blame]720#ifdef CRYPTO_KEY_ID_ENCODES_OWNER
Summer Qin359167d2021-07-05 18:11:50 +0800[diff] [blame^]721 *target_key_id = target_key.MBEDTLS_PRIVATE(key_id);
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]722#else
723 *target_key_id = (psa_key_id_t)target_key;
724#endif
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame]725 if (status == PSA_SUCCESS) {
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]726 set_handle_owner(i, partition_id, *target_key_id);
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame]727 }
728
729 return status;
Antonio de Angelis7740b382019-07-16 10:59:25 +0100[diff] [blame]730#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]731}
732
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame]733psa_status_t tfm_crypto_generate_key(psa_invec in_vec[],
734 size_t in_len,
735 psa_outvec out_vec[],
736 size_t out_len)
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]737{
Kevin Peng96f802e2019-12-26 16:10:25 +0800[diff] [blame]738#ifdef TFM_CRYPTO_KEY_MODULE_DISABLED
Antonio de Angelis7740b382019-07-16 10:59:25 +0100[diff] [blame]739 return PSA_ERROR_NOT_SUPPORTED;
740#else
Soby Mathewd8abdfd2020-10-14 10:28:01 +0100[diff] [blame]741
742 CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 2, 2, out_len, 1, 1);
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]743
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame]744 if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
Soby Mathewd7b79f22020-05-21 15:06:54 +0100[diff] [blame]745 (in_vec[1].len != sizeof(struct psa_client_key_attributes_s)) ||
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]746 (out_vec[0].len != sizeof(psa_key_id_t))) {
Soby Mathewc6e89362020-10-19 16:55:16 +0100[diff] [blame]747 return PSA_ERROR_PROGRAMMER_ERROR;
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]748 }
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]749 psa_key_id_t *key_handle = out_vec[0].base;
Soby Mathewd7b79f22020-05-21 15:06:54 +0100[diff] [blame]750 const struct psa_client_key_attributes_s *client_key_attr = in_vec[1].base;
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame]751 psa_status_t status;
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]752 psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]753 uint8_t i = 0;
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame]754 int32_t partition_id = 0;
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]755 mbedtls_svc_key_id_t encoded_key;
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]756
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]757 status = find_empty_handle_owner_slot(&i);
758 if (status != PSA_SUCCESS) {
759 return status;
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]760 }
761
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame]762 status = tfm_crypto_get_caller_id(&partition_id);
763 if (status != PSA_SUCCESS) {
764 return status;
765 }
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]766
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]767 status = tfm_crypto_key_attributes_from_client(client_key_attr,
768 partition_id,
769 &key_attributes);
770 if (status != PSA_SUCCESS) {
771 return status;
772 }
773
Maulik Patel28659c42021-01-06 14:09:22 +0000[diff] [blame]774 status = psa_generate_key(&key_attributes, &encoded_key);
David Hub3d7d682021-06-25 14:55:35 +0800[diff] [blame]775#ifdef CRYPTO_KEY_ID_ENCODES_OWNER
Summer Qin359167d2021-07-05 18:11:50 +0800[diff] [blame^]776 *key_handle = encoded_key.MBEDTLS_PRIVATE(key_id);
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]777#else
778 *key_handle = (psa_key_id_t)encoded_key;
779#endif
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame]780
781 if (status == PSA_SUCCESS) {
David Hu105b4872021-05-19 16:43:19 +0800[diff] [blame]782 set_handle_owner(i, partition_id, *key_handle);
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame]783 }
784
785 return status;
Antonio de Angelis7740b382019-07-16 10:59:25 +0100[diff] [blame]786#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]787}
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]788/*!@}*/