TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / TF-M / trusted-firmware-m.git / 5869e4cc07f92b4c2752d8bb104eaf23678cf45d / . / secure_fw / partitions / crypto / crypto_key.c
blob: ff062ac4fb47ba77fb8da2b544e5deb04bca1e18 [file] [log] [blame]
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]1/*
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame]2 * Copyright (c) 2018-2020, Arm Limited. All rights reserved.
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 *
6 */
7
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]8#include <stddef.h>
Jamie Fox0e54ebc2019-04-09 14:21:04 +0100[diff] [blame]9#include <stdint.h>
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]10
Summer Qin4b1d03b2019-07-02 14:56:08 +0800[diff] [blame]11/* FixMe: Use PSA_ERROR_CONNECTION_REFUSED when performing parameter
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame]12 * integrity checks but this will have to be revised
13 * when the full set of error codes mandated by PSA FF
14 * is available.
15 */
Jamie Fox0e54ebc2019-04-09 14:21:04 +0100[diff] [blame]16#include "tfm_mbedcrypto_include.h"
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame]17
Jamie Fox0e54ebc2019-04-09 14:21:04 +0100[diff] [blame]18#include "tfm_crypto_api.h"
19#include "tfm_crypto_defs.h"
Antonio de Angelis60a6fe62019-06-18 15:27:34 +0100[diff] [blame]20#include <stdbool.h>
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]21
Antonio de Angelis60a6fe62019-06-18 15:27:34 +0100[diff] [blame]22#ifndef TFM_CRYPTO_MAX_KEY_HANDLES
23#define TFM_CRYPTO_MAX_KEY_HANDLES (16)
24#endif
25struct tfm_crypto_handle_owner_s {
26 int32_t owner; /*!< Owner of the allocated handle */
27 psa_key_handle_t handle; /*!< Allocated handle */
28 uint8_t in_use; /*!< Flag to indicate if this in use */
29};
30
Kevin Peng96f802e2019-12-26 16:10:25 +0800[diff] [blame]31#ifndef TFM_CRYPTO_KEY_MODULE_DISABLED
Antonio de Angelis60a6fe62019-06-18 15:27:34 +0100[diff] [blame]32static struct tfm_crypto_handle_owner_s
33 handle_owner[TFM_CRYPTO_MAX_KEY_HANDLES] = {0};
Antonio de Angelis7740b382019-07-16 10:59:25 +0100[diff] [blame]34#endif
Jamie Foxdadb4e82019-09-03 17:59:41 +0100[diff] [blame]35
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]36/*!
37 * \defgroup public Public functions
38 *
39 */
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]40/*!@{*/
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]41psa_status_t tfm_crypto_key_attributes_from_client(
Soby Mathewd7b79f22020-05-21 15:06:54 +0100[diff] [blame]42 const struct psa_client_key_attributes_s *client_key_attr,
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]43 int32_t client_id,
44 psa_key_attributes_t *key_attributes)
45{
46 if (client_key_attr == NULL || key_attributes == NULL) {
47 return PSA_ERROR_PROGRAMMER_ERROR;
48 }
49
Soby Mathewd7b79f22020-05-21 15:06:54 +0100[diff] [blame]50 *key_attributes = psa_key_attributes_init();
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]51
52 /* Copy core key attributes from the client core key attributes */
Soby Mathewd7b79f22020-05-21 15:06:54 +0100[diff] [blame]53 key_attributes->core.type = client_key_attr->type;
54 key_attributes->core.lifetime = client_key_attr->lifetime;
55 key_attributes->core.policy.usage = client_key_attr->usage;
56 key_attributes->core.policy.alg = client_key_attr->alg;
57 key_attributes->core.bits = client_key_attr->bits;
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]58
59 /* Use the client key id as the key_id and its partition id as the owner */
Soby Mathewd7b79f22020-05-21 15:06:54 +0100[diff] [blame]60 key_attributes->core.id.key_id = client_key_attr->id;
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]61 key_attributes->core.id.owner = client_id;
62
63 return PSA_SUCCESS;
64}
65
66psa_status_t tfm_crypto_key_attributes_to_client(
67 const psa_key_attributes_t *key_attributes,
Soby Mathewd7b79f22020-05-21 15:06:54 +0100[diff] [blame]68 struct psa_client_key_attributes_s *client_key_attr)
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]69{
70 if (client_key_attr == NULL || key_attributes == NULL) {
71 return PSA_ERROR_PROGRAMMER_ERROR;
72 }
73
Soby Mathewd7b79f22020-05-21 15:06:54 +0100[diff] [blame]74 struct psa_client_key_attributes_s v = PSA_CLIENT_KEY_ATTRIBUTES_INIT;
75 *client_key_attr = v;
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]76
Soby Mathewd7b79f22020-05-21 15:06:54 +0100[diff] [blame]77 /* Copy core key attributes from the client core key attributes */
78 client_key_attr->type = key_attributes->core.type;
79 client_key_attr->lifetime = key_attributes->core.lifetime;
80 client_key_attr->usage = key_attributes->core.policy.usage;
81 client_key_attr->alg = key_attributes->core.policy.alg;
82 client_key_attr->bits = key_attributes->core.bits;
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]83
84 /* Return the key_id as the client key id, do not return the owner */
Soby Mathewd7b79f22020-05-21 15:06:54 +0100[diff] [blame]85 client_key_attr->id = key_attributes->core.id.key_id;
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]86
87 return PSA_SUCCESS;
88}
89
Antonio de Angelis60a6fe62019-06-18 15:27:34 +0100[diff] [blame]90psa_status_t tfm_crypto_check_handle_owner(psa_key_handle_t handle,
91 uint32_t *index)
92{
Kevin Peng96f802e2019-12-26 16:10:25 +0800[diff] [blame]93#ifdef TFM_CRYPTO_KEY_MODULE_DISABLED
Antonio de Angelis7740b382019-07-16 10:59:25 +0100[diff] [blame]94 return PSA_ERROR_NOT_SUPPORTED;
95#else
Antonio de Angelis60a6fe62019-06-18 15:27:34 +0100[diff] [blame]96 int32_t partition_id = 0;
97 uint32_t i = 0;
98 psa_status_t status;
99
100 status = tfm_crypto_get_caller_id(&partition_id);
101 if (status != PSA_SUCCESS) {
102 return status;
103 }
104
105 for (i = 0; i < TFM_CRYPTO_MAX_KEY_HANDLES; i++) {
106 if (handle_owner[i].in_use && handle_owner[i].handle == handle) {
107 if (handle_owner[i].owner == partition_id) {
108 if (index != NULL) {
109 *index = i;
110 }
111 return PSA_SUCCESS;
112 } else {
113 return PSA_ERROR_NOT_PERMITTED;
114 }
115 }
116 }
117
118 return PSA_ERROR_INVALID_HANDLE;
Antonio de Angelis7740b382019-07-16 10:59:25 +0100[diff] [blame]119#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
Antonio de Angelis60a6fe62019-06-18 15:27:34 +0100[diff] [blame]120}
121
Jamie Fox99360e82020-02-20 16:00:09 +0000[diff] [blame]122psa_status_t tfm_crypto_check_key_storage(uint32_t *index)
123{
124#ifdef TFM_CRYPTO_KEY_MODULE_DISABLED
125 return PSA_ERROR_NOT_SUPPORTED;
126#else
127 uint32_t i;
128
129 for (i = 0; i < TFM_CRYPTO_MAX_KEY_HANDLES; i++) {
130 if (handle_owner[i].in_use == TFM_CRYPTO_NOT_IN_USE) {
131 *index = i;
132 return PSA_SUCCESS;
133 }
134 }
135
136 return PSA_ERROR_INSUFFICIENT_MEMORY;
137#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
138}
139
140psa_status_t tfm_crypto_set_key_storage(uint32_t index,
141 psa_key_handle_t key_handle)
142{
143#ifdef TFM_CRYPTO_KEY_MODULE_DISABLED
144 return PSA_ERROR_NOT_SUPPORTED;
145#else
146 psa_status_t status;
147 int32_t partition_id;
148
149 status = tfm_crypto_get_caller_id(&partition_id);
150 if (status != PSA_SUCCESS) {
151 return status;
152 }
153
154 handle_owner[index].owner = partition_id;
155 handle_owner[index].handle = key_handle;
156 handle_owner[index].in_use = TFM_CRYPTO_IN_USE;
157
158 return PSA_SUCCESS;
159#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
160}
161
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame]162psa_status_t tfm_crypto_set_key_domain_parameters(psa_invec in_vec[],
163 size_t in_len,
164 psa_outvec out_vec[],
165 size_t out_len)
Antonio de Angeliscf85ba22018-10-09 13:29:40 +0100[diff] [blame]166{
Kevin Peng96f802e2019-12-26 16:10:25 +0800[diff] [blame]167#ifdef TFM_CRYPTO_KEY_MODULE_DISABLED
Antonio de Angelis7740b382019-07-16 10:59:25 +0100[diff] [blame]168 return PSA_ERROR_NOT_SUPPORTED;
169#else
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame]170 /* FixMe: To be implemented */
171 return PSA_ERROR_NOT_SUPPORTED;
172#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
173}
174
175psa_status_t tfm_crypto_get_key_domain_parameters(psa_invec in_vec[],
176 size_t in_len,
177 psa_outvec out_vec[],
178 size_t out_len)
179{
180#ifdef TFM_CRYPTO_KEY_MODULE_DISABLED
181 return PSA_ERROR_NOT_SUPPORTED;
182#else
183 /* FixMe: To be implemented */
184 return PSA_ERROR_NOT_SUPPORTED;
185#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
186}
187
188psa_status_t tfm_crypto_import_key(psa_invec in_vec[],
189 size_t in_len,
190 psa_outvec out_vec[],
191 size_t out_len)
192{
193#ifdef TFM_CRYPTO_KEY_MODULE_DISABLED
194 return PSA_ERROR_NOT_SUPPORTED;
195#else
196
197 if ((in_len != 3) || (out_len != 1)) {
Summer Qin4b1d03b2019-07-02 14:56:08 +0800[diff] [blame]198 return PSA_ERROR_CONNECTION_REFUSED;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]199 }
200
Jamie Fox0e54ebc2019-04-09 14:21:04 +0100[diff] [blame]201 if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
Soby Mathewd7b79f22020-05-21 15:06:54 +0100[diff] [blame]202 (in_vec[1].len != sizeof(struct psa_client_key_attributes_s)) ||
Jamie Fox0e54ebc2019-04-09 14:21:04 +0100[diff] [blame]203 (out_vec[0].len != sizeof(psa_key_handle_t))) {
Summer Qin4b1d03b2019-07-02 14:56:08 +0800[diff] [blame]204 return PSA_ERROR_CONNECTION_REFUSED;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]205 }
Soby Mathewd7b79f22020-05-21 15:06:54 +0100[diff] [blame]206 const struct psa_client_key_attributes_s *client_key_attr = in_vec[1].base;
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame]207 const uint8_t *data = in_vec[2].base;
208 size_t data_length = in_vec[2].len;
Jamie Fox0e54ebc2019-04-09 14:21:04 +0100[diff] [blame]209 psa_key_handle_t *key_handle = out_vec[0].base;
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame]210 psa_status_t status;
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]211 psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
Antonio de Angelis60a6fe62019-06-18 15:27:34 +0100[diff] [blame]212 uint32_t i = 0;
213 int32_t partition_id = 0;
214 bool empty_found = false;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]215
Antonio de Angelis60a6fe62019-06-18 15:27:34 +0100[diff] [blame]216 for (i = 0; i < TFM_CRYPTO_MAX_KEY_HANDLES; i++) {
217 if (handle_owner[i].in_use == TFM_CRYPTO_NOT_IN_USE) {
218 empty_found = true;
219 break;
220 }
221 }
222
223 if (!empty_found) {
224 return PSA_ERROR_INSUFFICIENT_MEMORY;
225 }
226
227 status = tfm_crypto_get_caller_id(&partition_id);
228 if (status != PSA_SUCCESS) {
229 return status;
230 }
231
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]232 status = tfm_crypto_key_attributes_from_client(client_key_attr,
233 partition_id,
234 &key_attributes);
235 if (status != PSA_SUCCESS) {
236 return status;
237 }
238
239 status = psa_import_key(&key_attributes, data, data_length, key_handle);
Antonio de Angelis60a6fe62019-06-18 15:27:34 +0100[diff] [blame]240
241 if (status == PSA_SUCCESS) {
242 handle_owner[i].owner = partition_id;
243 handle_owner[i].handle = *key_handle;
244 handle_owner[i].in_use = TFM_CRYPTO_IN_USE;
245 }
246
247 return status;
Antonio de Angelis7740b382019-07-16 10:59:25 +0100[diff] [blame]248#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]249}
250
Jamie Foxdadb4e82019-09-03 17:59:41 +0100[diff] [blame]251psa_status_t tfm_crypto_open_key(psa_invec in_vec[],
252 size_t in_len,
253 psa_outvec out_vec[],
254 size_t out_len)
255{
Kevin Peng96f802e2019-12-26 16:10:25 +0800[diff] [blame]256#ifdef TFM_CRYPTO_KEY_MODULE_DISABLED
Jamie Foxdadb4e82019-09-03 17:59:41 +0100[diff] [blame]257 return PSA_ERROR_NOT_SUPPORTED;
258#else
259 if ((in_len != 2) || (out_len != 1)) {
260 return PSA_ERROR_CONNECTION_REFUSED;
261 }
262
263 if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]264 (in_vec[1].len != sizeof(psa_app_key_id_t)) ||
Jamie Foxdadb4e82019-09-03 17:59:41 +0100[diff] [blame]265 (out_vec[0].len != sizeof(psa_key_handle_t))) {
266 return PSA_ERROR_CONNECTION_REFUSED;
267 }
268
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]269 psa_app_key_id_t client_key_id = *((psa_app_key_id_t *)in_vec[1].base);
270 psa_key_handle_t *key_handle = out_vec[0].base;
271 psa_status_t status;
272 psa_key_id_t id;
273 int32_t partition_id;
274 uint32_t i;
275
276 for (i = 0; i < TFM_CRYPTO_MAX_KEY_HANDLES; i++) {
277 if (handle_owner[i].in_use == TFM_CRYPTO_NOT_IN_USE) {
278 break;
279 }
280 }
281
282 if (i == TFM_CRYPTO_MAX_KEY_HANDLES) {
283 return PSA_ERROR_INSUFFICIENT_MEMORY;
284 }
285
286 status = tfm_crypto_get_caller_id(&partition_id);
287 if (status != PSA_SUCCESS) {
288 return status;
289 }
290
291 /* Use the client key id as the key_id and its partition id as the owner */
292 id = (psa_key_id_t){ .key_id = client_key_id, .owner = partition_id };
293
294 status = psa_open_key(id, key_handle);
295
296 if (status == PSA_SUCCESS) {
297 handle_owner[i].owner = partition_id;
298 handle_owner[i].handle = *key_handle;
299 handle_owner[i].in_use = TFM_CRYPTO_IN_USE;
300 }
301
302 return status;
Jamie Foxdadb4e82019-09-03 17:59:41 +0100[diff] [blame]303#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
304}
305
306psa_status_t tfm_crypto_close_key(psa_invec in_vec[],
307 size_t in_len,
308 psa_outvec out_vec[],
309 size_t out_len)
310{
Kevin Peng96f802e2019-12-26 16:10:25 +0800[diff] [blame]311#ifdef TFM_CRYPTO_KEY_MODULE_DISABLED
Jamie Foxdadb4e82019-09-03 17:59:41 +0100[diff] [blame]312 return PSA_ERROR_NOT_SUPPORTED;
313#else
314 (void)out_vec;
315
316 if ((in_len != 1) || (out_len != 0)) {
317 return PSA_ERROR_CONNECTION_REFUSED;
318 }
319
320 if (in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) {
321 return PSA_ERROR_CONNECTION_REFUSED;
322 }
323 const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
324
325 psa_key_handle_t key = iov->key_handle;
326 uint32_t index;
327 psa_status_t status = tfm_crypto_check_handle_owner(key, &index);
328
329 if (status != PSA_SUCCESS) {
330 return status;
331 }
332
333 status = psa_close_key(key);
334
335 if (status == PSA_SUCCESS) {
336 handle_owner[index].owner = 0;
337 handle_owner[index].handle = 0;
338 handle_owner[index].in_use = TFM_CRYPTO_NOT_IN_USE;
339 }
340
341 return status;
342#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
343}
344
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]345psa_status_t tfm_crypto_destroy_key(psa_invec in_vec[],
346 size_t in_len,
347 psa_outvec out_vec[],
348 size_t out_len)
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]349{
Kevin Peng96f802e2019-12-26 16:10:25 +0800[diff] [blame]350#ifdef TFM_CRYPTO_KEY_MODULE_DISABLED
Antonio de Angelis7740b382019-07-16 10:59:25 +0100[diff] [blame]351 return PSA_ERROR_NOT_SUPPORTED;
352#else
Jamie Fox0e54ebc2019-04-09 14:21:04 +0100[diff] [blame]353 (void)out_vec;
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]354
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]355 if ((in_len != 1) || (out_len != 0)) {
Summer Qin4b1d03b2019-07-02 14:56:08 +0800[diff] [blame]356 return PSA_ERROR_CONNECTION_REFUSED;
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]357 }
358
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame]359 if (in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) {
Summer Qin4b1d03b2019-07-02 14:56:08 +0800[diff] [blame]360 return PSA_ERROR_CONNECTION_REFUSED;
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]361 }
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame]362 const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]363
Jamie Fox0e54ebc2019-04-09 14:21:04 +0100[diff] [blame]364 psa_key_handle_t key = iov->key_handle;
Antonio de Angelis60a6fe62019-06-18 15:27:34 +0100[diff] [blame]365 uint32_t index;
366 psa_status_t status = tfm_crypto_check_handle_owner(key, &index);
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]367
Antonio de Angelis60a6fe62019-06-18 15:27:34 +0100[diff] [blame]368 if (status != PSA_SUCCESS) {
369 return status;
370 }
371
372 status = psa_destroy_key(key);
373
374 if (status == PSA_SUCCESS) {
375 handle_owner[index].owner = 0;
376 handle_owner[index].handle = 0;
377 handle_owner[index].in_use = TFM_CRYPTO_NOT_IN_USE;
378 }
379
380 return status;
Antonio de Angelis7740b382019-07-16 10:59:25 +0100[diff] [blame]381#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]382}
383
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame]384psa_status_t tfm_crypto_get_key_attributes(psa_invec in_vec[],
385 size_t in_len,
386 psa_outvec out_vec[],
387 size_t out_len)
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]388{
Kevin Peng96f802e2019-12-26 16:10:25 +0800[diff] [blame]389#ifdef TFM_CRYPTO_KEY_MODULE_DISABLED
Antonio de Angelis7740b382019-07-16 10:59:25 +0100[diff] [blame]390 return PSA_ERROR_NOT_SUPPORTED;
391#else
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame]392 if ((in_len != 1) || (out_len != 1)) {
Summer Qin4b1d03b2019-07-02 14:56:08 +0800[diff] [blame]393 return PSA_ERROR_CONNECTION_REFUSED;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]394 }
395
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame]396 if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
Soby Mathewd7b79f22020-05-21 15:06:54 +0100[diff] [blame]397 (out_vec[0].len != sizeof(struct psa_client_key_attributes_s))) {
Summer Qin4b1d03b2019-07-02 14:56:08 +0800[diff] [blame]398 return PSA_ERROR_CONNECTION_REFUSED;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]399 }
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame]400 const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]401
Jamie Fox0e54ebc2019-04-09 14:21:04 +0100[diff] [blame]402 psa_key_handle_t key = iov->key_handle;
Soby Mathewd7b79f22020-05-21 15:06:54 +0100[diff] [blame]403 struct psa_client_key_attributes_s *client_key_attr = out_vec[0].base;
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]404 psa_status_t status;
405 psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]406
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]407 status = tfm_crypto_check_handle_owner(key, NULL);
408 if (status != PSA_SUCCESS) {
409 return status;
410 }
411
412 status = psa_get_key_attributes(key, &key_attributes);
413
414 if (status == PSA_SUCCESS) {
415 status = tfm_crypto_key_attributes_to_client(&key_attributes,
416 client_key_attr);
417 }
418
419 return status;
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame]420#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
421}
422
423psa_status_t tfm_crypto_reset_key_attributes(psa_invec in_vec[],
424 size_t in_len,
425 psa_outvec out_vec[],
426 size_t out_len)
427{
428#if (TFM_CRYPTO_KEY_MODULE_DISABLED != 0)
429 return PSA_ERROR_NOT_SUPPORTED;
430#else
431 if ((in_len != 1) || (out_len != 1)) {
432 return PSA_ERROR_CONNECTION_REFUSED;
433 }
434
435 if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
Soby Mathewd7b79f22020-05-21 15:06:54 +0100[diff] [blame]436 (out_vec[0].len != sizeof(struct psa_client_key_attributes_s))) {
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame]437 return PSA_ERROR_CONNECTION_REFUSED;
438 }
439
Soby Mathewd7b79f22020-05-21 15:06:54 +0100[diff] [blame]440 struct psa_client_key_attributes_s *client_key_attr = out_vec[0].base;
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]441 psa_status_t status;
442 psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
443 int32_t partition_id;
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame]444
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]445 status = tfm_crypto_get_caller_id(&partition_id);
446 if (status != PSA_SUCCESS) {
447 return status;
448 }
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame]449
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]450 status = tfm_crypto_key_attributes_from_client(client_key_attr,
451 partition_id,
452 &key_attributes);
453 if (status != PSA_SUCCESS) {
454 return status;
455 }
456
457 psa_reset_key_attributes(&key_attributes);
458
459 return tfm_crypto_key_attributes_to_client(&key_attributes,
460 client_key_attr);
Antonio de Angelis7740b382019-07-16 10:59:25 +0100[diff] [blame]461#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]462}
463
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]464psa_status_t tfm_crypto_export_key(psa_invec in_vec[],
465 size_t in_len,
466 psa_outvec out_vec[],
467 size_t out_len)
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]468{
Kevin Peng96f802e2019-12-26 16:10:25 +0800[diff] [blame]469#ifdef TFM_CRYPTO_KEY_MODULE_DISABLED
Antonio de Angelis7740b382019-07-16 10:59:25 +0100[diff] [blame]470 return PSA_ERROR_NOT_SUPPORTED;
471#else
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]472 if ((in_len != 1) || (out_len != 1)) {
Summer Qin4b1d03b2019-07-02 14:56:08 +0800[diff] [blame]473 return PSA_ERROR_CONNECTION_REFUSED;
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]474 }
475
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame]476 if (in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) {
Summer Qin4b1d03b2019-07-02 14:56:08 +0800[diff] [blame]477 return PSA_ERROR_CONNECTION_REFUSED;
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]478 }
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame]479 const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]480
Jamie Fox0e54ebc2019-04-09 14:21:04 +0100[diff] [blame]481 psa_key_handle_t key = iov->key_handle;
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]482 uint8_t *data = out_vec[0].base;
483 size_t data_size = out_vec[0].len;
484
Antonio de Angelis25e2b2d2019-04-25 14:49:50 +0100[diff] [blame]485 return psa_export_key(key, data, data_size, &(out_vec[0].len));
Antonio de Angelis7740b382019-07-16 10:59:25 +0100[diff] [blame]486#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]487}
488
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]489psa_status_t tfm_crypto_export_public_key(psa_invec in_vec[],
490 size_t in_len,
491 psa_outvec out_vec[],
492 size_t out_len)
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]493{
Kevin Peng96f802e2019-12-26 16:10:25 +0800[diff] [blame]494#ifdef TFM_CRYPTO_KEY_MODULE_DISABLED
Antonio de Angelis7740b382019-07-16 10:59:25 +0100[diff] [blame]495 return PSA_ERROR_NOT_SUPPORTED;
496#else
Antonio de Angelis25e2b2d2019-04-25 14:49:50 +0100[diff] [blame]497 if ((in_len != 1) || (out_len != 1)) {
Summer Qin4b1d03b2019-07-02 14:56:08 +0800[diff] [blame]498 return PSA_ERROR_CONNECTION_REFUSED;
Antonio de Angelis25e2b2d2019-04-25 14:49:50 +0100[diff] [blame]499 }
Hugues de Valon8b442442019-02-19 14:30:52 +0000[diff] [blame]500
Antonio de Angelis25e2b2d2019-04-25 14:49:50 +0100[diff] [blame]501 if (in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) {
Summer Qin4b1d03b2019-07-02 14:56:08 +0800[diff] [blame]502 return PSA_ERROR_CONNECTION_REFUSED;
Antonio de Angelis25e2b2d2019-04-25 14:49:50 +0100[diff] [blame]503 }
504 const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
505
506 psa_key_handle_t key = iov->key_handle;
507 uint8_t *data = out_vec[0].base;
508 size_t data_size = out_vec[0].len;
509
510 return psa_export_public_key(key, data, data_size, &(out_vec[0].len));
Antonio de Angelis7740b382019-07-16 10:59:25 +0100[diff] [blame]511#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
Antonio de Angelis25e2b2d2019-04-25 14:49:50 +0100[diff] [blame]512}
513
514psa_status_t tfm_crypto_copy_key(psa_invec in_vec[],
515 size_t in_len,
516 psa_outvec out_vec[],
517 size_t out_len)
518{
Kevin Peng96f802e2019-12-26 16:10:25 +0800[diff] [blame]519#ifdef TFM_CRYPTO_KEY_MODULE_DISABLED
Antonio de Angelis7740b382019-07-16 10:59:25 +0100[diff] [blame]520 return PSA_ERROR_NOT_SUPPORTED;
521#else
Antonio de Angelis25e2b2d2019-04-25 14:49:50 +0100[diff] [blame]522
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame]523 if ((in_len != 2) || (out_len != 1)) {
Summer Qin4b1d03b2019-07-02 14:56:08 +0800[diff] [blame]524 return PSA_ERROR_CONNECTION_REFUSED;
Antonio de Angelis25e2b2d2019-04-25 14:49:50 +0100[diff] [blame]525 }
526
527 if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame]528 (out_vec[0].len != sizeof(psa_key_handle_t)) ||
Soby Mathewd7b79f22020-05-21 15:06:54 +0100[diff] [blame]529 (in_vec[1].len != sizeof(struct psa_client_key_attributes_s))) {
Summer Qin4b1d03b2019-07-02 14:56:08 +0800[diff] [blame]530 return PSA_ERROR_CONNECTION_REFUSED;
Antonio de Angelis25e2b2d2019-04-25 14:49:50 +0100[diff] [blame]531 }
532 const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
533
534 psa_key_handle_t source_handle = iov->key_handle;
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame]535 psa_key_handle_t *target_handle = out_vec[0].base;
Soby Mathewd7b79f22020-05-21 15:06:54 +0100[diff] [blame]536 const struct psa_client_key_attributes_s *client_key_attr = in_vec[1].base;
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame]537 psa_status_t status;
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]538 psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame]539 uint32_t i = 0;
540 int32_t partition_id = 0;
541 bool empty_found = false;
Antonio de Angelis25e2b2d2019-04-25 14:49:50 +0100[diff] [blame]542
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame]543 for (i = 0; i < TFM_CRYPTO_MAX_KEY_HANDLES; i++) {
544 if (handle_owner[i].in_use == TFM_CRYPTO_NOT_IN_USE) {
545 empty_found = true;
546 break;
547 }
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]548 }
549
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame]550 if (!empty_found) {
551 return PSA_ERROR_INSUFFICIENT_MEMORY;
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]552 }
553
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame]554 status = tfm_crypto_get_caller_id(&partition_id);
555 if (status != PSA_SUCCESS) {
Antonio de Angelis60a6fe62019-06-18 15:27:34 +0100[diff] [blame]556 return status;
557 }
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame]558
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]559 status = tfm_crypto_key_attributes_from_client(client_key_attr,
560 partition_id,
561 &key_attributes);
562 if (status != PSA_SUCCESS) {
563 return status;
564 }
565
566 status = psa_copy_key(source_handle, &key_attributes, target_handle);
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame]567
568 if (status == PSA_SUCCESS) {
569 handle_owner[i].owner = partition_id;
570 handle_owner[i].handle = *target_handle;
571 handle_owner[i].in_use = TFM_CRYPTO_IN_USE;
572 }
573
574 return status;
Antonio de Angelis7740b382019-07-16 10:59:25 +0100[diff] [blame]575#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]576}
577
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame]578psa_status_t tfm_crypto_generate_key(psa_invec in_vec[],
579 size_t in_len,
580 psa_outvec out_vec[],
581 size_t out_len)
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]582{
Kevin Peng96f802e2019-12-26 16:10:25 +0800[diff] [blame]583#ifdef TFM_CRYPTO_KEY_MODULE_DISABLED
Antonio de Angelis7740b382019-07-16 10:59:25 +0100[diff] [blame]584 return PSA_ERROR_NOT_SUPPORTED;
585#else
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame]586 if ((in_len != 2) || (out_len != 1)) {
Summer Qin4b1d03b2019-07-02 14:56:08 +0800[diff] [blame]587 return PSA_ERROR_CONNECTION_REFUSED;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]588 }
589
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame]590 if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
Soby Mathewd7b79f22020-05-21 15:06:54 +0100[diff] [blame]591 (in_vec[1].len != sizeof(struct psa_client_key_attributes_s)) ||
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame]592 (out_vec[0].len != sizeof(psa_key_handle_t))) {
Summer Qin4b1d03b2019-07-02 14:56:08 +0800[diff] [blame]593 return PSA_ERROR_CONNECTION_REFUSED;
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]594 }
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame]595 psa_key_handle_t *key_handle = out_vec[0].base;
Soby Mathewd7b79f22020-05-21 15:06:54 +0100[diff] [blame]596 const struct psa_client_key_attributes_s *client_key_attr = in_vec[1].base;
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame]597 psa_status_t status;
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]598 psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame]599 uint32_t i = 0;
600 int32_t partition_id = 0;
601 bool empty_found = false;
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]602
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame]603 for (i = 0; i < TFM_CRYPTO_MAX_KEY_HANDLES; i++) {
604 if (handle_owner[i].in_use == TFM_CRYPTO_NOT_IN_USE) {
605 empty_found = true;
606 break;
607 }
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]608 }
609
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame]610 if (!empty_found) {
611 return PSA_ERROR_INSUFFICIENT_MEMORY;
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]612 }
613
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame]614 status = tfm_crypto_get_caller_id(&partition_id);
615 if (status != PSA_SUCCESS) {
616 return status;
617 }
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]618
Jamie Fox98ab4412020-01-17 17:12:30 +0000[diff] [blame]619 status = tfm_crypto_key_attributes_from_client(client_key_attr,
620 partition_id,
621 &key_attributes);
622 if (status != PSA_SUCCESS) {
623 return status;
624 }
625
626 status = psa_generate_key(&key_attributes, key_handle);
Antonio de Angelis04debbd2019-10-14 12:12:52 +0100[diff] [blame]627
628 if (status == PSA_SUCCESS) {
629 handle_owner[i].owner = partition_id;
630 handle_owner[i].handle = *key_handle;
631 handle_owner[i].in_use = TFM_CRYPTO_IN_USE;
632 }
633
634 return status;
Antonio de Angelis7740b382019-07-16 10:59:25 +0100[diff] [blame]635#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]636}
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]637/*!@}*/