TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / TF-M / trusted-firmware-m.git / ca6c1527592b1a52c83f8aa32875cecfcb2c25df / . / secure_fw / partitions / crypto / crypto_init.c
blob: a13348eb8f99c01b570993a79f4d3d813453cb29 [file] [log] [blame]
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]1/*
Kevin Peng6aa48952022-01-28 15:40:46 +0800[diff] [blame]2 * Copyright (c) 2018-2022, Arm Limited. All rights reserved.
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 *
6 */
Antonio de Angelis202425a2022-04-06 11:13:15 +0100[diff] [blame]7#include <stdbool.h>
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]8
Jamie Fox0e54ebc2019-04-09 14:21:04 +0100[diff] [blame]9#include "tfm_mbedcrypto_include.h"
10
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]11#include "tfm_crypto_api.h"
Jamie Fox0e54ebc2019-04-09 14:21:04 +0100[diff] [blame]12#include "tfm_crypto_defs.h"
Summer Qinc737ece2020-08-28 10:47:26 +0800[diff] [blame]13#include "tfm_sp_log.h"
Summer Qinca6c1522022-06-17 14:25:55 +0800[diff] [blame^]14#include "crypto_check_config.h"
Jamie Fox0e54ebc2019-04-09 14:21:04 +0100[diff] [blame]15
16/*
17 * \brief This Mbed TLS include is needed to initialise the memory allocator
Antonio de Angelis202425a2022-04-06 11:13:15 +0100[diff] [blame]18 * of the library used for internal allocations
Jamie Fox0e54ebc2019-04-09 14:21:04 +0100[diff] [blame]19 */
20#include "mbedtls/memory_buffer_alloc.h"
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]21
Sherry Zhange1524982022-06-08 16:57:59 +0800[diff] [blame]22#include "mbedtls/platform.h"
23
Raef Coles618fc152021-06-18 09:26:46 +0100[diff] [blame]24#ifdef CRYPTO_NV_SEED
25#include "tfm_plat_crypto_nv_seed.h"
26#endif /* CRYPTO_NV_SEED */
Summer Qina5448d62020-12-07 14:03:37 +0800[diff] [blame]27
Antonio de Angelis60a6fe62019-06-18 15:27:34 +0100[diff] [blame]28#ifndef TFM_PSA_API
29#include "tfm_secure_api.h"
30#endif
31
Raef Colesd2485af2019-10-30 10:15:33 +0000[diff] [blame]32#ifdef CRYPTO_HW_ACCELERATOR
33#include "crypto_hw.h"
Michel Jaouenf41c6422021-10-07 14:38:08 +0200[diff] [blame]34#endif /* CRYPTO_HW_ACCELERATOR */
Raef Colesd2485af2019-10-30 10:15:33 +0000[diff] [blame]35
Antonio de Angelis202425a2022-04-06 11:13:15 +0100[diff] [blame]36#ifndef MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
37#error "MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER must be selected in Mbed TLS config file"
38#endif
39
40/**
41 * \brief Type describing the properties of each function identifier, i.e. the
42 * group ID and the function type
43 */
44struct tfm_crypto_api_descriptor {
45 uint8_t group_id : 6; /*!< Value from \ref tfm_crypto_group_id */
46 uint8_t function_type: 2; /*!< Value from \ref tfm_crypto_function_type */
47};
48
49/**
50 * \brief This table contains the description of each of the function IDs
51 * defined by \ref tfm_crypto_function_id
52 */
53#define X(_function_id, _group_id, _function_type) \
54 [_function_id] = {.group_id = _group_id, .function_type = _function_type},
55static const struct tfm_crypto_api_descriptor tfm_crypto_api_descriptor[] = {
56 TFM_CRYPTO_SERVICE_API_DESCRIPTION
57};
58#undef X
59
60enum tfm_crypto_function_type get_function_type_from_descriptor(enum tfm_crypto_function_id func)
61{
62 return tfm_crypto_api_descriptor[func].function_type;
63}
64
65enum tfm_crypto_group_id get_group_id_from_descriptor(enum tfm_crypto_function_id func)
66{
67 return tfm_crypto_api_descriptor[func].group_id;
68}
69
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame]70#ifdef TFM_PSA_API
Ken Liub671d682022-05-12 20:39:29 +0800[diff] [blame]71#include <string.h>
Kevin Pengfe730cc2022-04-11 17:48:42 +0800[diff] [blame]72#include "psa/framework_feature.h"
Jamie Foxcc31d402019-01-28 17:13:52 +0000[diff] [blame]73#include "psa/service.h"
Edison Aicc4c6162019-06-21 13:52:49 +0800[diff] [blame]74#include "psa_manifest/tfm_crypto.h"
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame]75
76/**
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame]77 * \brief Aligns a value x up to an alignment a.
78 */
79#define ALIGN(x, a) (((x) + ((a) - 1)) & ~((a) - 1))
80
81/**
82 * \brief Maximum alignment required by any iovec parameters to the TF-M Crypto
83 * partition.
84 */
85#define TFM_CRYPTO_IOVEC_ALIGNMENT (4u)
86
Kevin Pengfe730cc2022-04-11 17:48:42 +0800[diff] [blame]87#if PSA_FRAMEWORK_HAS_MM_IOVEC == 1
88static int32_t g_client_id;
89
90static void tfm_crypto_set_caller_id(int32_t id)
91{
92 g_client_id = id;
93}
94
95psa_status_t tfm_crypto_get_caller_id(int32_t *id)
96{
97 *id = g_client_id;
98 return PSA_SUCCESS;
99}
100
101static psa_status_t tfm_crypto_init_iovecs(const psa_msg_t *msg,
102 psa_invec in_vec[],
103 size_t in_len,
104 psa_outvec out_vec[],
105 size_t out_len)
106{
107 uint32_t i;
108
109 /* Map from the second element as the first is read when parsing */
110 for (i = 1; i < in_len; i++) {
111 in_vec[i].len = msg->in_size[i];
112 if (in_vec[i].len != 0) {
113 in_vec[i].base = psa_map_invec(msg->handle, i);
114 } else {
115 in_vec[i].base = NULL;
116 }
117 }
118
119 for (i = 0; i < out_len; i++) {
120 out_vec[i].len = msg->out_size[i];
121 if (out_vec[i].len != 0) {
122 out_vec[i].base = psa_map_outvec(msg->handle, i);
123 } else {
124 out_vec[i].base = NULL;
125 }
126 }
127
128 return PSA_SUCCESS;
129}
130#else /* PSA_FRAMEWORK_HAS_MM_IOVEC == 1 */
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame]131/**
132 * \brief Default size of the internal scratch buffer used for IOVec allocations
133 * in bytes
134 */
135#ifndef TFM_CRYPTO_IOVEC_BUFFER_SIZE
Soby Mathew7740b602020-10-07 12:08:28 +0100[diff] [blame]136#error TFM_CRYPTO_IOVEC_BUFFER_SIZE is not defined
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame]137#endif
138
139/**
140 * \brief Internal scratch used for IOVec allocations
141 *
142 */
143static struct tfm_crypto_scratch {
144 __attribute__((__aligned__(TFM_CRYPTO_IOVEC_ALIGNMENT)))
145 uint8_t buf[TFM_CRYPTO_IOVEC_BUFFER_SIZE];
146 uint32_t alloc_index;
Antonio de Angelis60a6fe62019-06-18 15:27:34 +0100[diff] [blame]147 int32_t owner;
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame]148} scratch = {.buf = {0}, .alloc_index = 0};
149
Antonio de Angelis60a6fe62019-06-18 15:27:34 +0100[diff] [blame]150static psa_status_t tfm_crypto_set_scratch_owner(int32_t id)
151{
152 scratch.owner = id;
153 return PSA_SUCCESS;
154}
155
156static psa_status_t tfm_crypto_get_scratch_owner(int32_t *id)
157{
158 *id = scratch.owner;
159 return PSA_SUCCESS;
160}
161
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame]162static psa_status_t tfm_crypto_alloc_scratch(size_t requested_size, void **buf)
163{
164 /* Ensure alloc_index remains aligned to the required iovec alignment */
165 requested_size = ALIGN(requested_size, TFM_CRYPTO_IOVEC_ALIGNMENT);
166
167 if (requested_size > (sizeof(scratch.buf) - scratch.alloc_index)) {
168 return PSA_ERROR_INSUFFICIENT_MEMORY;
169 }
170
171 /* Compute the pointer to the allocated space */
172 *buf = (void *)&scratch.buf[scratch.alloc_index];
173
174 /* Increase the allocated size */
175 scratch.alloc_index += requested_size;
176
177 return PSA_SUCCESS;
178}
179
Kevin Pengfe730cc2022-04-11 17:48:42 +0800[diff] [blame]180static void tfm_crypto_clear_scratch(void)
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame]181{
Antonio de Angelis60a6fe62019-06-18 15:27:34 +0100[diff] [blame]182 scratch.owner = 0;
Ken Liub671d682022-05-12 20:39:29 +0800[diff] [blame]183 (void)memset(scratch.buf, 0, scratch.alloc_index);
Summer Qin0a9e5372020-11-27 16:04:05 +0800[diff] [blame]184 scratch.alloc_index = 0;
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame]185}
186
Kevin Pengfe730cc2022-04-11 17:48:42 +0800[diff] [blame]187static void tfm_crypto_set_caller_id(int32_t id)
188{
189 /* Set the owner of the data in the scratch */
190 (void)tfm_crypto_set_scratch_owner(id);
191}
192
193psa_status_t tfm_crypto_get_caller_id(int32_t *id)
194{
195 return tfm_crypto_get_scratch_owner(id);
196}
197
198static psa_status_t tfm_crypto_init_iovecs(const psa_msg_t *msg,
199 psa_invec in_vec[],
200 size_t in_len,
201 psa_outvec out_vec[],
202 size_t out_len)
203{
204 uint32_t i;
205 void *alloc_buf_ptr = NULL;
206 psa_status_t status;
207
208 /* Alloc/read from the second element as the first is read when parsing */
209 for (i = 1; i < in_len; i++) {
210 /* Allocate necessary space in the internal scratch */
211 status = tfm_crypto_alloc_scratch(msg->in_size[i], &alloc_buf_ptr);
212 if (status != PSA_SUCCESS) {
213 tfm_crypto_clear_scratch();
214 return status;
215 }
216 /* Read from the IPC framework inputs into the scratch */
217 in_vec[i].len =
218 psa_read(msg->handle, i, alloc_buf_ptr, msg->in_size[i]);
219 /* Populate the fields of the input to the secure function */
220 in_vec[i].base = alloc_buf_ptr;
221 }
222
223 for (i = 0; i < out_len; i++) {
224 /* Allocate necessary space for the output in the internal scratch */
225 status = tfm_crypto_alloc_scratch(msg->out_size[i], &alloc_buf_ptr);
226 if (status != PSA_SUCCESS) {
227 tfm_crypto_clear_scratch();
228 return status;
229 }
230 /* Populate the fields of the output to the secure function */
231 out_vec[i].base = alloc_buf_ptr;
232 out_vec[i].len = msg->out_size[i];
233 }
234
235 return PSA_SUCCESS;
236}
237#endif /* PSA_FRAMEWORK_HAS_MM_IOVEC == 1 */
238
Kevin Peng2d4bc2e2022-01-28 16:19:30 +0800[diff] [blame]239static psa_status_t tfm_crypto_call_srv(const psa_msg_t *msg)
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame]240{
241 psa_status_t status = PSA_SUCCESS;
TTornblomfaf74f52020-03-04 17:56:27 +0100[diff] [blame]242 size_t in_len = PSA_MAX_IOVEC, out_len = PSA_MAX_IOVEC, i;
Soby Mathewd8abdfd2020-10-14 10:28:01 +0100[diff] [blame]243 psa_invec in_vec[PSA_MAX_IOVEC] = { {NULL, 0} };
244 psa_outvec out_vec[PSA_MAX_IOVEC] = { {NULL, 0} };
Kevin Peng2d4bc2e2022-01-28 16:19:30 +0800[diff] [blame]245 struct tfm_crypto_pack_iovec iov = {0};
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame]246
247 /* Check the number of in_vec filled */
Jamie Fox9a234e22019-04-30 11:12:05 +0100[diff] [blame]248 while ((in_len > 0) && (msg->in_size[in_len - 1] == 0)) {
249 in_len--;
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame]250 }
251
Kevin Pengfe730cc2022-04-11 17:48:42 +0800[diff] [blame]252 /* Check the number of out_vec filled */
253 while ((out_len > 0) && (msg->out_size[out_len - 1] == 0)) {
254 out_len--;
255 }
256
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame]257 /* There will always be a tfm_crypto_pack_iovec in the first iovec */
258 if (in_len < 1) {
Jamie Fox0e54ebc2019-04-09 14:21:04 +0100[diff] [blame]259 return PSA_ERROR_GENERIC_ERROR;
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame]260 }
Kevin Peng2d4bc2e2022-01-28 16:19:30 +0800[diff] [blame]261
262 if (psa_read(msg->handle, 0, &iov, sizeof(iov)) != sizeof(iov)) {
263 return PSA_ERROR_GENERIC_ERROR;
264 }
265
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame]266 /* Initialise the first iovec with the IOV read when parsing */
Kevin Peng2d4bc2e2022-01-28 16:19:30 +0800[diff] [blame]267 in_vec[0].base = &iov;
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame]268 in_vec[0].len = sizeof(struct tfm_crypto_pack_iovec);
269
Kevin Pengfe730cc2022-04-11 17:48:42 +0800[diff] [blame]270 status = tfm_crypto_init_iovecs(msg, in_vec, in_len, out_vec, out_len);
271 if (status != PSA_SUCCESS) {
272 return status;
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame]273 }
274
Kevin Pengfe730cc2022-04-11 17:48:42 +0800[diff] [blame]275 tfm_crypto_set_caller_id(msg->client_id);
Antonio de Angelis60a6fe62019-06-18 15:27:34 +0100[diff] [blame]276
Antonio de Angelis202425a2022-04-06 11:13:15 +0100[diff] [blame]277 /* Call the dispatcher to the functions that implement the PSA Crypto API */
278 status = tfm_crypto_api_dispatcher(in_vec, in_len, out_vec, out_len);
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame]279
Kevin Pengfe730cc2022-04-11 17:48:42 +0800[diff] [blame]280#if PSA_FRAMEWORK_HAS_MM_IOVEC == 1
281 for (i = 0; i < out_len; i++) {
282 if (out_vec[i].base != NULL) {
283 psa_unmap_outvec(msg->handle, i, out_vec[i].len);
284 }
285 }
286#else
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame]287 /* Write into the IPC framework outputs from the scratch */
288 for (i = 0; i < out_len; i++) {
289 psa_write(msg->handle, i, out_vec[i].base, out_vec[i].len);
290 }
291
292 /* Clear the allocated internal scratch before returning */
Summer Qin0a9e5372020-11-27 16:04:05 +0800[diff] [blame]293 tfm_crypto_clear_scratch();
Kevin Pengfe730cc2022-04-11 17:48:42 +0800[diff] [blame]294#endif
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame]295
296 return status;
297}
Kevin Pengfe730cc2022-04-11 17:48:42 +0800[diff] [blame]298#else /* TFM_PSA_API */
299psa_status_t tfm_crypto_get_caller_id(int32_t *id)
300{
301 int32_t res;
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame]302
Kevin Pengfe730cc2022-04-11 17:48:42 +0800[diff] [blame]303 res = tfm_core_get_caller_client_id(id);
304 if (res != TFM_SUCCESS) {
305 return PSA_ERROR_NOT_PERMITTED;
306 } else {
307 return PSA_SUCCESS;
308 }
309}
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame]310#endif /* TFM_PSA_API */
311
Jamie Fox0e54ebc2019-04-09 14:21:04 +0100[diff] [blame]312/**
313 * \brief Default value for the size of the static buffer used by Mbed
314 * Crypto for its dynamic allocations
315 */
316#ifndef TFM_CRYPTO_ENGINE_BUF_SIZE
Soby Mathew7740b602020-10-07 12:08:28 +0100[diff] [blame]317#error TFM_CRYPTO_ENGINE_BUF_SIZE is not defined
Jamie Fox0e54ebc2019-04-09 14:21:04 +0100[diff] [blame]318#endif
319
320/**
321 * \brief Static buffer to be used by Mbed Crypto for memory allocations
322 *
323 */
324static uint8_t mbedtls_mem_buf[TFM_CRYPTO_ENGINE_BUF_SIZE] = {0};
325
326static psa_status_t tfm_crypto_engine_init(void)
327{
Raef Coles618fc152021-06-18 09:26:46 +0100[diff] [blame]328#ifdef CRYPTO_NV_SEED
Antonio de Angelis202425a2022-04-06 11:13:15 +0100[diff] [blame]329 LOG_INFFMT("[INF][Crypto] ");
Raef Coles618fc152021-06-18 09:26:46 +0100[diff] [blame]330#ifdef TFM_PSA_API
Antonio de Angelis202425a2022-04-06 11:13:15 +0100[diff] [blame]331 LOG_INFFMT("Provisioning entropy seed... ");
Raef Coles618fc152021-06-18 09:26:46 +0100[diff] [blame]332 if (tfm_plat_crypto_provision_entropy_seed() != TFM_CRYPTO_NV_SEED_SUCCESS) {
Summer Qina5448d62020-12-07 14:03:37 +0800[diff] [blame]333 return PSA_ERROR_GENERIC_ERROR;
334 }
Antonio de Angelis202425a2022-04-06 11:13:15 +0100[diff] [blame]335 LOG_INFFMT("\033[0;32mcomplete.\033[0m\r\n");
Raef Coles618fc152021-06-18 09:26:46 +0100[diff] [blame]336#else
Raef Coles618fc152021-06-18 09:26:46 +0100[diff] [blame]337 LOG_INFFMT("TF-M in library mode uses a dummy NV seed. ");
338 LOG_INFFMT("This is not suitable for production! ");
Antonio de Angelis202425a2022-04-06 11:13:15 +0100[diff] [blame]339 LOG_INFFMT("This device is \033[1;31mNOT SECURE\033[0m\r\n");
Raef Coles618fc152021-06-18 09:26:46 +0100[diff] [blame]340#endif /* TFM_PSA_API */
341#endif /* CRYPTO_NV_SEED */
Summer Qina5448d62020-12-07 14:03:37 +0800[diff] [blame]342
Antonio de Angelis202425a2022-04-06 11:13:15 +0100[diff] [blame]343 /* Initialise the Mbed Crypto memory allocator to use static memory
344 * allocation from the provided buffer instead of using the heap
Jamie Fox0e54ebc2019-04-09 14:21:04 +0100[diff] [blame]345 */
346 mbedtls_memory_buffer_alloc_init(mbedtls_mem_buf,
347 TFM_CRYPTO_ENGINE_BUF_SIZE);
348
Sherry Zhange1524982022-06-08 16:57:59 +0800[diff] [blame]349 /* mbedtls_printf is used to print messages including error information. */
350#if (TFM_PARTITION_LOG_LEVEL >= TFM_PARTITION_LOG_LEVEL_ERROR)
351 mbedtls_platform_set_printf(tfm_sp_log_printf);
352#endif
353
Raef Colesd2485af2019-10-30 10:15:33 +0000[diff] [blame]354 /* Initialise the crypto accelerator if one is enabled */
355#ifdef CRYPTO_HW_ACCELERATOR
Antonio de Angelis202425a2022-04-06 11:13:15 +0100[diff] [blame]356 LOG_INFFMT("[INF][Crypto] Initialising HW accelerator... ");
Raef Colesd2485af2019-10-30 10:15:33 +0000[diff] [blame]357 if (crypto_hw_accelerator_init() != 0) {
358 return PSA_ERROR_HARDWARE_FAILURE;
359 }
Antonio de Angelis202425a2022-04-06 11:13:15 +0100[diff] [blame]360 LOG_INFFMT("\033[0;32mcomplete.\033[0m\r\n");
Raef Colesd2485af2019-10-30 10:15:33 +0000[diff] [blame]361#endif /* CRYPTO_HW_ACCELERATOR */
362
Jamie Fox0e54ebc2019-04-09 14:21:04 +0100[diff] [blame]363 /* Previous function does not return any value, so just call the
364 * initialisation function of the Mbed Crypto layer
365 */
366 return psa_crypto_init();
367}
368
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]369static psa_status_t tfm_crypto_module_init(void)
Antonio de Angeliscf85ba22018-10-09 13:29:40 +0100[diff] [blame]370{
Antonio de Angeliscf85ba22018-10-09 13:29:40 +0100[diff] [blame]371 /* Init the Alloc module */
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]372 return tfm_crypto_init_alloc();
Antonio de Angeliscf85ba22018-10-09 13:29:40 +0100[diff] [blame]373}
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]374
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]375psa_status_t tfm_crypto_init(void)
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]376{
Antonio de Angeliscf85ba22018-10-09 13:29:40 +0100[diff] [blame]377 psa_status_t status;
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]378
Antonio de Angeliscf85ba22018-10-09 13:29:40 +0100[diff] [blame]379 /* Initialise other modules of the service */
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]380 status = tfm_crypto_module_init();
381 if (status != PSA_SUCCESS) {
382 return status;
Antonio de Angeliscf85ba22018-10-09 13:29:40 +0100[diff] [blame]383 }
384
Jamie Fox0e54ebc2019-04-09 14:21:04 +0100[diff] [blame]385 /* Initialise the engine layer */
Kevin Peng2d4bc2e2022-01-28 16:19:30 +0800[diff] [blame]386 return tfm_crypto_engine_init();
387}
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]388
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame]389#ifdef TFM_PSA_API
Kevin Peng2d4bc2e2022-01-28 16:19:30 +0800[diff] [blame]390psa_status_t tfm_crypto_sfn(const psa_msg_t *msg)
391{
392 /* Process the message type */
393 switch (msg->type) {
394 case PSA_IPC_CALL:
395 return tfm_crypto_call_srv(msg);
396 default:
397 return PSA_ERROR_NOT_SUPPORTED;
398 }
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame]399
Kevin Peng2d4bc2e2022-01-28 16:19:30 +0800[diff] [blame]400 return PSA_ERROR_GENERIC_ERROR;
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]401}
Kevin Peng2d4bc2e2022-01-28 16:19:30 +0800[diff] [blame]402#endif
Antonio de Angelis202425a2022-04-06 11:13:15 +0100[diff] [blame]403
404psa_status_t tfm_crypto_api_dispatcher(psa_invec in_vec[],
405 size_t in_len,
406 psa_outvec out_vec[],
407 size_t out_len)
408{
409 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
410 const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
411 int32_t caller_id = 0;
412 mbedtls_svc_key_id_t encoded_key = MBEDTLS_SVC_KEY_ID_INIT;
413 bool is_key_required = false;
414
415 if (in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) {
416 return PSA_ERROR_PROGRAMMER_ERROR;
417 }
418
419 is_key_required = !(TFM_CRYPTO_IS_GROUP_ID(
420 iov->function_id, TFM_CRYPTO_GROUP_ID_HASH) ||
421 (iov->function_id == TFM_CRYPTO_GENERATE_RANDOM_SID));
422
423 if (is_key_required) {
424 status = tfm_crypto_get_caller_id(&caller_id);
425 if (status != PSA_SUCCESS) {
426 return status;
427 }
428 /* The caller_id being set in the owner field is the partition ID
429 * of the calling partition
430 */
431 encoded_key = mbedtls_svc_key_id_make(caller_id, iov->key_id);
432 }
433
434 /* Dispatch to each sub-module based on the Group ID */
435 if (TFM_CRYPTO_IS_GROUP_ID(
436 iov->function_id, TFM_CRYPTO_GROUP_ID_KEY_MANAGEMENT)) {
437 status = tfm_crypto_key_management_interface(in_vec,
438 out_vec,
439 &encoded_key);
440 } else if (TFM_CRYPTO_IS_GROUP_ID(
441 iov->function_id, TFM_CRYPTO_GROUP_ID_HASH)) {
442 status = tfm_crypto_hash_interface(in_vec, out_vec);
443 } else if (TFM_CRYPTO_IS_GROUP_ID(
444 iov->function_id, TFM_CRYPTO_GROUP_ID_MAC)) {
445 status = tfm_crypto_mac_interface(in_vec,
446 out_vec,
447 &encoded_key);
448 } else if (TFM_CRYPTO_IS_GROUP_ID(
449 iov->function_id, TFM_CRYPTO_GROUP_ID_CIPHER)) {
450 status = tfm_crypto_cipher_interface(in_vec,
451 out_vec,
452 &encoded_key);
453 } else if (TFM_CRYPTO_IS_GROUP_ID(
454 iov->function_id, TFM_CRYPTO_GROUP_ID_AEAD)) {
455 status = tfm_crypto_aead_interface(in_vec,
456 out_vec,
457 &encoded_key);
458 } else if (TFM_CRYPTO_IS_GROUP_ID(
David Hu1eb11942022-07-05 11:36:34 +0800[diff] [blame]459 iov->function_id, TFM_CRYPTO_GROUP_ID_ASYM_SIGN)) {
460 status = tfm_crypto_asymmetric_sign_interface(in_vec,
461 out_vec,
462 &encoded_key);
463 } else if (TFM_CRYPTO_IS_GROUP_ID(
Antonio de Angelis202425a2022-04-06 11:13:15 +0100[diff] [blame]464 iov->function_id, TFM_CRYPTO_GROUP_ID_ASYM_ENCRYPT)) {
David Hu1eb11942022-07-05 11:36:34 +0800[diff] [blame]465 status = tfm_crypto_asymmetric_encrypt_interface(in_vec,
466 out_vec,
467 &encoded_key);
Antonio de Angelis202425a2022-04-06 11:13:15 +0100[diff] [blame]468 } else if (TFM_CRYPTO_IS_GROUP_ID(
469 iov->function_id, TFM_CRYPTO_GROUP_ID_KEY_DERIVATION)) {
470 status = tfm_crypto_key_derivation_interface(in_vec,
471 out_vec,
472 &encoded_key);
473 } else if (iov->function_id == TFM_CRYPTO_GENERATE_RANDOM_SID) {
474 status = tfm_crypto_random_interface(in_vec, out_vec);
475 } else {
476 LOG_ERRFMT("[ERR][Crypto] Unsupported request!\r\n");
477 status = PSA_ERROR_NOT_SUPPORTED;
478 }
479
480 return status;
481}