Crypto: Align to Mbed Crypto 3.0.1
This patch upgrades the Crypto service to be able
to use Mbed Crypto 3.0.1:
- Updates the PSA crypto headers to latest available in mbed-crypto
- Updates the service implementation
- Updates the test suites where needed
- Updates the SST and Attestation interfaces
towards cryptographic functionalities
- Updates documentation to reflect updated
requirements, and changes in the integration guide
This patch migrates the use of psa_asymmetric_sign() and
psa_asymmetric_verify() to the non-deprecated versions of
the API psa_sign_hash() and psa_verify_hash().
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
Change-Id: I7d8275def2336c1b5cfb8847b2842c305cfab116
diff --git a/interface/src/tfm_crypto_ipc_api.c b/interface/src/tfm_crypto_ipc_api.c
index 3bc7597..9e27ade 100644
--- a/interface/src/tfm_crypto_ipc_api.c
+++ b/interface/src/tfm_crypto_ipc_api.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2019, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2020, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -41,35 +41,7 @@
return PSA_SUCCESS;
}
-psa_status_t psa_allocate_key(psa_key_handle_t *handle)
-{
-#ifdef TFM_CRYPTO_KEY_MODULE_DISABLED
- return PSA_ERROR_NOT_SUPPORTED;
-#else
- psa_status_t status;
- const struct tfm_crypto_pack_iovec iov = {
- .sfn_id = TFM_CRYPTO_ALLOCATE_KEY_SID,
- };
- psa_invec in_vec[] = {
- {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
- };
- psa_outvec out_vec[] = {
- {.base = handle, .len = sizeof(psa_key_handle_t)},
- };
-
- PSA_CONNECT(TFM_CRYPTO);
-
- status = API_DISPATCH(tfm_crypto_allocate_key,
- TFM_CRYPTO_ALLOCATE_KEY);
-
- PSA_CLOSE();
-
- return status;
-#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
-}
-
-psa_status_t psa_open_key(psa_key_lifetime_t lifetime,
- psa_key_id_t id,
+psa_status_t psa_open_key(psa_key_id_t id,
psa_key_handle_t *handle)
{
#ifdef TFM_CRYPTO_KEY_MODULE_DISABLED
@@ -78,7 +50,6 @@
psa_status_t status;
const struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_OPEN_KEY_SID,
- .lifetime = lifetime,
};
psa_invec in_vec[] = {
{.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
@@ -99,22 +70,6 @@
#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
}
-psa_status_t psa_create_key(psa_key_lifetime_t lifetime,
- psa_key_id_t id,
- psa_key_handle_t *handle)
-{
-#ifdef TFM_CRYPTO_KEY_MODULE_DISABLED
- return PSA_ERROR_NOT_SUPPORTED;
-#else
- (void)lifetime;
- (void)id;
- (void)handle;
-
- /* TODO: Persistent key APIs are not supported yet */
- return PSA_ERROR_NOT_SUPPORTED;
-#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
-}
-
psa_status_t psa_close_key(psa_key_handle_t handle)
{
#ifdef TFM_CRYPTO_KEY_MODULE_DISABLED
@@ -140,10 +95,10 @@
#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
}
-psa_status_t psa_import_key(psa_key_handle_t handle,
- psa_key_type_t type,
+psa_status_t psa_import_key(const psa_key_attributes_t *attributes,
const uint8_t *data,
- size_t data_length)
+ size_t data_length,
+ psa_key_handle_t *handle)
{
#ifdef TFM_CRYPTO_KEY_MODULE_DISABLED
return PSA_ERROR_NOT_SUPPORTED;
@@ -151,19 +106,20 @@
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_IMPORT_KEY_SID,
- .key_handle = handle,
- .type = type,
};
psa_invec in_vec[] = {
{.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
+ {.base = attributes, .len = sizeof(psa_key_attributes_t)},
{.base = data, .len = data_length}
};
+ psa_outvec out_vec[] = {
+ {.base = handle, .len = sizeof(psa_key_handle_t)}
+ };
PSA_CONNECT(TFM_CRYPTO);
- status = API_DISPATCH_NO_OUTVEC(tfm_crypto_import_key,
- TFM_CRYPTO_IMPORT_KEY);
-
+ status = API_DISPATCH(tfm_crypto_import_key,
+ TFM_CRYPTO_IMPORT_KEY);
PSA_CLOSE();
return status;
@@ -188,44 +144,69 @@
status = API_DISPATCH_NO_OUTVEC(tfm_crypto_destroy_key,
TFM_CRYPTO_DESTROY_KEY);
-
PSA_CLOSE();
return status;
#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
}
-psa_status_t psa_get_key_information(psa_key_handle_t handle,
- psa_key_type_t *type,
- size_t *bits)
+psa_status_t psa_get_key_attributes(psa_key_handle_t handle,
+ psa_key_attributes_t *attributes)
{
#ifdef TFM_CRYPTO_KEY_MODULE_DISABLED
return PSA_ERROR_NOT_SUPPORTED;
#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
- .sfn_id = TFM_CRYPTO_GET_KEY_INFORMATION_SID,
+ .sfn_id = TFM_CRYPTO_GET_KEY_ATTRIBUTES_SID,
.key_handle = handle,
};
psa_invec in_vec[] = {
{.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
};
psa_outvec out_vec[] = {
- {.base = type, .len = sizeof(psa_key_type_t)},
- {.base = bits, .len = sizeof(size_t)}
+ {.base = attributes, .len = sizeof(psa_key_attributes_t)},
};
PSA_CONNECT(TFM_CRYPTO);
- status = API_DISPATCH(tfm_crypto_get_key_information,
- TFM_CRYPTO_GET_KEY_INFORMATION);
-
+ status = API_DISPATCH(tfm_crypto_get_key_attributes,
+ TFM_CRYPTO_GET_KEY_ATTRIBUTES);
PSA_CLOSE();
return status;
#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
}
+void psa_reset_key_attributes(psa_key_attributes_t *attributes)
+{
+#ifdef TFM_CRYPTO_KEY_MODULE_DISABLED
+ return;
+#else
+ struct tfm_crypto_pack_iovec iov = {
+ .sfn_id = TFM_CRYPTO_RESET_KEY_ATTRIBUTES_SID,
+ };
+ psa_invec in_vec[] = {
+ {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
+ };
+ psa_outvec out_vec[] = {
+ {.base = attributes, .len = sizeof(psa_key_attributes_t)},
+ };
+
+ psa_handle_t ipc_handle;
+ ipc_handle = psa_connect(TFM_CRYPTO_SID, TFM_CRYPTO_VERSION);
+ if (!PSA_HANDLE_IS_VALID(ipc_handle)) {
+ return;
+ }
+
+ (void)API_DISPATCH(tfm_crypto_reset_key_attributes,
+ TFM_CRYPTO_RESET_KEY_ATTRIBUTES);
+ PSA_CLOSE();
+
+ return;
+#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
+}
+
psa_status_t psa_export_key(psa_key_handle_t handle,
uint8_t *data,
size_t data_size,
@@ -294,8 +275,8 @@
}
psa_status_t psa_copy_key(psa_key_handle_t source_handle,
- psa_key_handle_t target_handle,
- const psa_key_policy_t *constraint)
+ const psa_key_attributes_t *attributes,
+ psa_key_handle_t *target_handle)
{
#ifdef TFM_CRYPTO_KEY_MODULE_DISABLED
return PSA_ERROR_NOT_SUPPORTED;
@@ -308,120 +289,18 @@
psa_invec in_vec[] = {
{.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
- {.base = &target_handle, .len = sizeof(psa_key_handle_t)},
- {.base = constraint, .len = sizeof(psa_key_policy_t)},
+ {.base = attributes, .len = sizeof(psa_key_attributes_t)},
+
};
- PSA_CONNECT(TFM_CRYPTO);
-
- status = API_DISPATCH_NO_OUTVEC(tfm_crypto_copy_key,
- TFM_CRYPTO_COPY_KEY);
-
- PSA_CLOSE();
-
- return status;
-#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
-}
-
-void psa_key_policy_set_usage(psa_key_policy_t *policy,
- psa_key_usage_t usage,
- psa_algorithm_t alg)
-{
- policy->usage = usage;
- policy->alg = alg;
-}
-
-psa_key_usage_t psa_key_policy_get_usage(const psa_key_policy_t *policy)
-{
- return policy->usage;
-}
-
-psa_algorithm_t psa_key_policy_get_algorithm(const psa_key_policy_t *policy)
-{
- return policy->alg;
-}
-
-psa_status_t psa_set_key_policy(psa_key_handle_t handle,
- const psa_key_policy_t *policy)
-{
-#ifdef TFM_CRYPTO_KEY_MODULE_DISABLED
- return PSA_ERROR_NOT_SUPPORTED;
-#else
- psa_status_t status;
- struct tfm_crypto_pack_iovec iov = {
- .sfn_id = TFM_CRYPTO_SET_KEY_POLICY_SID,
- .key_handle = handle,
- };
-
- psa_invec in_vec[] = {
- {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
- {.base = policy, .len = sizeof(psa_key_policy_t)},
- };
-
- PSA_CONNECT(TFM_CRYPTO);
-
- status = API_DISPATCH_NO_OUTVEC(tfm_crypto_set_key_policy,
- TFM_CRYPTO_SET_KEY_POLICY);
-
- PSA_CLOSE();
-
- return status;
-#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
-}
-
-psa_status_t psa_get_key_policy(psa_key_handle_t handle,
- psa_key_policy_t *policy)
-{
-#ifdef TFM_CRYPTO_KEY_MODULE_DISABLED
- return PSA_ERROR_NOT_SUPPORTED;
-#else
- psa_status_t status;
- struct tfm_crypto_pack_iovec iov = {
- .sfn_id = TFM_CRYPTO_GET_KEY_POLICY_SID,
- .key_handle = handle,
- };
-
- psa_invec in_vec[] = {
- {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
- };
psa_outvec out_vec[] = {
- {.base = policy, .len = sizeof(psa_key_policy_t)},
+ {.base = target_handle, .len = sizeof(psa_key_handle_t)},
};
PSA_CONNECT(TFM_CRYPTO);
- status = API_DISPATCH(tfm_crypto_get_key_policy,
- TFM_CRYPTO_GET_KEY_POLICY);
-
- PSA_CLOSE();
-
- return status;
-#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
-}
-
-psa_status_t psa_get_key_lifetime(psa_key_handle_t handle,
- psa_key_lifetime_t *lifetime)
-{
-#ifdef TFM_CRYPTO_KEY_MODULE_DISABLED
- return PSA_ERROR_NOT_SUPPORTED;
-#else
- psa_status_t status;
- struct tfm_crypto_pack_iovec iov = {
- .sfn_id = TFM_CRYPTO_GET_KEY_LIFETIME_SID,
- .key_handle = handle,
- };
-
- psa_invec in_vec[] = {
- {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
- };
- psa_outvec out_vec[] = {
- {.base = lifetime, .len = sizeof(psa_key_lifetime_t)},
- };
-
- PSA_CONNECT(TFM_CRYPTO);
-
- status = API_DISPATCH(tfm_crypto_get_key_lifetime,
- TFM_CRYPTO_GET_KEY_LIFETIME);
+ status = API_DISPATCH(tfm_crypto_copy_key,
+ TFM_CRYPTO_COPY_KEY);
PSA_CLOSE();
@@ -842,6 +721,10 @@
{.base = target_operation, .len = sizeof(psa_hash_operation_t)},
};
+ if (target_operation && (target_operation->handle != 0)) {
+ return PSA_ERROR_BAD_STATE;
+ }
+
PSA_CONNECT(TFM_CRYPTO);
status = API_DISPATCH(tfm_crypto_hash_clone,
@@ -1185,12 +1068,23 @@
size_t signature_size,
size_t *signature_length)
{
+ return psa_sign_hash(handle, alg, hash, hash_length, signature, signature_size, signature_length);
+}
+
+psa_status_t psa_sign_hash(psa_key_handle_t handle,
+ psa_algorithm_t alg,
+ const uint8_t *hash,
+ size_t hash_length,
+ uint8_t *signature,
+ size_t signature_size,
+ size_t *signature_length)
+{
#ifdef TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED
return PSA_ERROR_NOT_SUPPORTED;
#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
- .sfn_id = TFM_CRYPTO_ASYMMETRIC_SIGN_SID,
+ .sfn_id = TFM_CRYPTO_SIGN_HASH_SID,
.key_handle = handle,
.alg = alg,
};
@@ -1205,8 +1099,8 @@
PSA_CONNECT(TFM_CRYPTO);
- status = API_DISPATCH(tfm_crypto_asymmetric_sign,
- TFM_CRYPTO_ASYMMETRIC_SIGN);
+ status = API_DISPATCH(tfm_crypto_sign_hash,
+ TFM_CRYPTO_SIGN_HASH);
*signature_length = out_vec[0].len;
@@ -1223,12 +1117,22 @@
const uint8_t *signature,
size_t signature_length)
{
+ return psa_verify_hash(handle, alg, hash, hash_length, signature, signature_length);
+}
+
+psa_status_t psa_verify_hash(psa_key_handle_t handle,
+ psa_algorithm_t alg,
+ const uint8_t *hash,
+ size_t hash_length,
+ const uint8_t *signature,
+ size_t signature_length)
+{
#ifdef TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED
return PSA_ERROR_NOT_SUPPORTED;
#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
- .sfn_id = TFM_CRYPTO_ASYMMETRIC_VERIFY_SID,
+ .sfn_id = TFM_CRYPTO_VERIFY_HASH_SID,
.key_handle = handle,
.alg = alg
};
@@ -1241,8 +1145,8 @@
PSA_CONNECT(TFM_CRYPTO);
- status = API_DISPATCH_NO_OUTVEC(tfm_crypto_asymmetric_verify,
- TFM_CRYPTO_ASYMMETRIC_VERIFY);
+ status = API_DISPATCH_NO_OUTVEC(tfm_crypto_verify_hash,
+ TFM_CRYPTO_VERIFY_HASH);
PSA_CLOSE();
@@ -1354,16 +1258,17 @@
#endif /* TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED */
}
-psa_status_t psa_get_generator_capacity(const psa_crypto_generator_t *generator,
- size_t *capacity)
+psa_status_t psa_key_derivation_get_capacity(
+ const psa_key_derivation_operation_t *operation,
+ size_t *capacity)
{
#ifdef TFM_CRYPTO_GENERATOR_MODULE_DISABLED
return PSA_ERROR_NOT_SUPPORTED;
#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
- .sfn_id = TFM_CRYPTO_GET_GENERATOR_CAPACITY_SID,
- .op_handle = generator->handle,
+ .sfn_id = TFM_CRYPTO_KEY_DERIVATION_GET_CAPACITY_SID,
+ .op_handle = operation->handle,
};
psa_invec in_vec[] = {
@@ -1376,8 +1281,8 @@
PSA_CONNECT(TFM_CRYPTO);
- status = API_DISPATCH(tfm_crypto_get_generator_capacity,
- TFM_CRYPTO_GET_GENERATOR_CAPACITY);
+ status = API_DISPATCH(tfm_crypto_key_derivation_get_capacity,
+ TFM_CRYPTO_KEY_DERIVATION_GET_CAPACITY);
PSA_CLOSE();
@@ -1385,17 +1290,18 @@
#endif /* TFM_CRYPTO_GENERATOR_MODULE_DISABLED */
}
-psa_status_t psa_generator_read(psa_crypto_generator_t *generator,
- uint8_t *output,
- size_t output_length)
+psa_status_t psa_key_derivation_output_bytes(
+ psa_key_derivation_operation_t *operation,
+ uint8_t *output,
+ size_t output_length)
{
#ifdef TFM_CRYPTO_GENERATOR_MODULE_DISABLED
return PSA_ERROR_NOT_SUPPORTED;
#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
- .sfn_id = TFM_CRYPTO_GENERATOR_READ_SID,
- .op_handle = generator->handle,
+ .sfn_id = TFM_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES_SID,
+ .op_handle = operation->handle,
};
psa_invec in_vec[] = {
@@ -1408,8 +1314,8 @@
PSA_CONNECT(TFM_CRYPTO);
- status = API_DISPATCH(tfm_crypto_generator_read,
- TFM_CRYPTO_GENERATOR_READ);
+ status = API_DISPATCH(tfm_crypto_key_derivation_output_bytes,
+ TFM_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES);
PSA_CLOSE();
@@ -1417,31 +1323,30 @@
#endif /* TFM_CRYPTO_GENERATOR_MODULE_DISABLED */
}
-psa_status_t psa_generator_import_key(psa_key_handle_t handle,
- psa_key_type_t type,
- size_t bits,
- psa_crypto_generator_t *generator)
+psa_status_t psa_key_derivation_input_key(
+ psa_key_derivation_operation_t *operation,
+ psa_key_derivation_step_t step,
+ psa_key_handle_t handle)
{
#ifdef TFM_CRYPTO_GENERATOR_MODULE_DISABLED
return PSA_ERROR_NOT_SUPPORTED;
#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
- .sfn_id = TFM_CRYPTO_GENERATOR_IMPORT_KEY_SID,
+ .sfn_id = TFM_CRYPTO_KEY_DERIVATION_INPUT_KEY_SID,
.key_handle = handle,
- .type = type,
- .op_handle = generator->handle,
+ .step = step,
+ .op_handle = operation->handle,
};
psa_invec in_vec[] = {
{.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
- {.base = &bits, .len = sizeof(size_t)},
};
PSA_CONNECT(TFM_CRYPTO);
- status = API_DISPATCH_NO_OUTVEC(tfm_crypto_generator_import_key,
- TFM_CRYPTO_GENERATOR_IMPORT_KEY);
+ status = API_DISPATCH_NO_OUTVEC(tfm_crypto_key_derivation_input_key,
+ TFM_CRYPTO_KEY_DERIVATION_INPUT_KEY);
PSA_CLOSE();
@@ -1449,15 +1354,16 @@
#endif /* TFM_CRYPTO_GENERATOR_MODULE_DISABLED */
}
-psa_status_t psa_generator_abort(psa_crypto_generator_t *generator)
+psa_status_t psa_key_derivation_abort(
+ psa_key_derivation_operation_t *operation)
{
#ifdef TFM_CRYPTO_GENERATOR_MODULE_DISABLED
return PSA_ERROR_NOT_SUPPORTED;
#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
- .sfn_id = TFM_CRYPTO_GENERATOR_ABORT_SID,
- .op_handle = generator->handle,
+ .sfn_id = TFM_CRYPTO_KEY_DERIVATION_ABORT_SID,
+ .op_handle = operation->handle,
};
psa_invec in_vec[] = {
@@ -1465,13 +1371,13 @@
};
psa_outvec out_vec[] = {
- {.base = &(generator->handle), .len = sizeof(uint32_t)},
+ {.base = &(operation->handle), .len = sizeof(uint32_t)},
};
PSA_CONNECT(TFM_CRYPTO);
- status = API_DISPATCH(tfm_crypto_generator_abort,
- TFM_CRYPTO_GENERATOR_ABORT);
+ status = API_DISPATCH(tfm_crypto_key_derivation_abort,
+ TFM_CRYPTO_KEY_DERIVATION_ABORT);
PSA_CLOSE();
@@ -1479,79 +1385,22 @@
#endif /* TFM_CRYPTO_GENERATOR_MODULE_DISABLED */
}
-psa_status_t psa_key_derivation(psa_crypto_generator_t *generator,
- psa_key_handle_t handle,
- psa_algorithm_t alg,
- const uint8_t *salt,
- size_t salt_length,
- const uint8_t *label,
- size_t label_length,
- size_t capacity)
+psa_status_t psa_key_derivation_key_agreement(
+ psa_key_derivation_operation_t *operation,
+ psa_key_derivation_step_t step,
+ psa_key_handle_t private_key,
+ const uint8_t *peer_key,
+ size_t peer_key_length)
{
#ifdef TFM_CRYPTO_GENERATOR_MODULE_DISABLED
return PSA_ERROR_NOT_SUPPORTED;
#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
- .sfn_id = TFM_CRYPTO_KEY_DERIVATION_SID,
- .key_handle = handle,
- .alg = alg,
- .op_handle = generator->handle,
- .capacity = capacity,
- };
-
- /* Sanitize the optional input */
- if ((salt == NULL) && (salt_length != 0)) {
- return PSA_ERROR_INVALID_ARGUMENT;
- }
-
- if ((label == NULL) && (label_length != 0)) {
- return PSA_ERROR_INVALID_ARGUMENT;
- }
-
- psa_invec in_vec[] = {
- {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
- {.base = salt, .len = salt_length},
- {.base = label, .len = label_length},
- };
-
- psa_outvec out_vec[] = {
- {.base = &(generator->handle), .len = sizeof(uint32_t)},
- };
-
- PSA_CONNECT(TFM_CRYPTO);
-
- size_t in_len = ARRAY_SIZE(in_vec);
- if (label == NULL) {
- in_len--;
- if (salt == NULL) {
- in_len--;
- }
- }
- status = psa_call(ipc_handle, PSA_IPC_CALL, in_vec, in_len,
- out_vec, ARRAY_SIZE(out_vec));
-
- PSA_CLOSE();
-
- return status;
-#endif /* TFM_CRYPTO_GENERATOR_MODULE_DISABLED */
-}
-
-psa_status_t psa_key_agreement(psa_crypto_generator_t *generator,
- psa_key_handle_t private_key,
- const uint8_t *peer_key,
- size_t peer_key_length,
- psa_algorithm_t alg)
-{
-#ifdef TFM_CRYPTO_GENERATOR_MODULE_DISABLED
- return PSA_ERROR_NOT_SUPPORTED;
-#else
- psa_status_t status;
- struct tfm_crypto_pack_iovec iov = {
- .sfn_id = TFM_CRYPTO_KEY_AGREEMENT_SID,
+ .sfn_id = TFM_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT_SID,
.key_handle = private_key,
- .alg = alg,
- .op_handle = generator->handle,
+ .step = step,
+ .op_handle = operation->handle,
};
psa_invec in_vec[] = {
@@ -1559,14 +1408,10 @@
{.base = peer_key, .len = peer_key_length},
};
- psa_outvec out_vec[] = {
- {.base = &(generator->handle), .len = sizeof(uint32_t)},
- };
-
PSA_CONNECT(TFM_CRYPTO);
- status = API_DISPATCH(tfm_crypto_key_agreement,
- TFM_CRYPTO_KEY_AGREEMENT);
+ status = API_DISPATCH_NO_OUTVEC(tfm_crypto_key_derivation_key_agreement,
+ TFM_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT);
PSA_CLOSE();
@@ -1608,11 +1453,8 @@
#endif /* TFM_CRYPTO_GENERATOR_MODULE_DISABLED */
}
-psa_status_t psa_generate_key(psa_key_handle_t handle,
- psa_key_type_t type,
- size_t bits,
- const void *extra,
- size_t extra_size)
+psa_status_t psa_generate_key(const psa_key_attributes_t *attributes,
+ psa_key_handle_t *handle)
{
#ifdef TFM_CRYPTO_GENERATOR_MODULE_DISABLED
return PSA_ERROR_NOT_SUPPORTED;
@@ -1620,32 +1462,415 @@
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_GENERATE_KEY_SID,
- .key_handle = handle,
- .type = type,
};
- /* Sanitize the optional input */
- if ((extra == NULL) && (extra_size != 0)) {
- return PSA_ERROR_INVALID_ARGUMENT;
- }
-
psa_invec in_vec[] = {
{.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
- {.base = &bits, .len = sizeof(size_t)},
- {.base = extra, .len = extra_size},
+ {.base = attributes, .len = sizeof(psa_key_attributes_t)},
+ };
+
+ psa_outvec out_vec[] = {
+ {.base = handle, .len = sizeof(psa_key_handle_t)},
};
PSA_CONNECT(TFM_CRYPTO);
- size_t in_len = ARRAY_SIZE(in_vec);
- if (extra == NULL) {
- in_len--;
- }
+ status = API_DISPATCH(tfm_crypto_generate_key,
+ TFM_CRYPTO_GENERATE_KEY);
+ PSA_CLOSE();
- status = psa_call(ipc_handle, PSA_IPC_CALL, in_vec, in_len, NULL, 0);
+ return status;
+#endif /* TFM_CRYPTO_GENERATOR_MODULE_DISABLED */
+}
+
+psa_status_t psa_set_key_domain_parameters(psa_key_attributes_t *attributes,
+ psa_key_type_t type,
+ const uint8_t *data,
+ size_t data_length)
+{
+ psa_status_t status;
+
+ status = PSA_ERROR_NOT_SUPPORTED;
+
+ return status;
+}
+
+psa_status_t psa_get_key_domain_parameters(
+ const psa_key_attributes_t *attributes,
+ uint8_t *data,
+ size_t data_size,
+ size_t *data_length)
+{
+ psa_status_t status;
+
+ status = PSA_ERROR_NOT_SUPPORTED;
+
+ return status;
+}
+
+psa_status_t psa_hash_compare(psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ const uint8_t *hash,
+ const size_t hash_length)
+{
+ psa_status_t status;
+
+ status = PSA_ERROR_NOT_SUPPORTED;
+
+ return status;
+}
+
+psa_status_t psa_aead_update_ad(psa_aead_operation_t *operation,
+ const uint8_t *input,
+ size_t input_length)
+{
+ psa_status_t status;
+
+ status = PSA_ERROR_NOT_SUPPORTED;
+
+ return status;
+}
+
+psa_status_t psa_aead_finish(psa_aead_operation_t *operation,
+ uint8_t *ciphertext,
+ size_t ciphertext_size,
+ size_t *ciphertext_length,
+ uint8_t *tag,
+ size_t tag_size,
+ size_t *tag_length)
+{
+ psa_status_t status;
+
+ status = PSA_ERROR_NOT_SUPPORTED;
+
+ return status;
+}
+
+psa_status_t psa_aead_verify(psa_aead_operation_t *operation,
+ uint8_t *plaintext,
+ size_t plaintext_size,
+ size_t *plaintext_length,
+ const uint8_t *tag,
+ size_t tag_length)
+{
+ psa_status_t status;
+
+ status = PSA_ERROR_NOT_SUPPORTED;
+
+ return status;
+}
+
+psa_status_t psa_aead_abort(psa_aead_operation_t *operation)
+{
+ psa_status_t status;
+
+ status = PSA_ERROR_NOT_SUPPORTED;
+
+ return status;
+}
+
+psa_status_t psa_mac_compute(psa_key_handle_t handle,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *mac,
+ size_t mac_size,
+ size_t *mac_length)
+{
+ psa_status_t status;
+
+ status = PSA_ERROR_NOT_SUPPORTED;
+
+ return status;
+}
+
+psa_status_t psa_mac_verify(psa_key_handle_t handle,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ const uint8_t *mac,
+ const size_t mac_length)
+{
+ psa_status_t status;
+
+ status = PSA_ERROR_NOT_SUPPORTED;
+
+ return status;
+}
+
+psa_status_t psa_cipher_encrypt(psa_key_handle_t handle,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length)
+{
+ psa_status_t status;
+
+ status = PSA_ERROR_NOT_SUPPORTED;
+
+ return status;
+}
+
+psa_status_t psa_cipher_decrypt(psa_key_handle_t handle,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length)
+{
+ psa_status_t status;
+
+ status = PSA_ERROR_NOT_SUPPORTED;
+
+ return status;
+}
+
+psa_status_t psa_raw_key_agreement(psa_algorithm_t alg,
+ psa_key_handle_t private_key,
+ const uint8_t *peer_key,
+ size_t peer_key_length,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length)
+{
+#ifdef TFM_CRYPTO_GENERATOR_MODULE_DISABLED
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
+ psa_status_t status;
+ struct tfm_crypto_pack_iovec iov = {
+ .sfn_id = TFM_CRYPTO_RAW_KEY_AGREEMENT_SID,
+ .alg = alg,
+ .key_handle = private_key
+ };
+
+ psa_invec in_vec[] = {
+ {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
+ {.base = peer_key, .len = peer_key_length},
+ };
+
+ psa_outvec out_vec[] = {
+ {.base = output, .len = output_size},
+ };
+
+ PSA_CONNECT(TFM_CRYPTO);
+
+ status = API_DISPATCH(tfm_crypto_raw_key_agreement,
+ TFM_CRYPTO_RAW_KEY_AGREEMENT);
+
+ *output_length = out_vec[0].len;
PSA_CLOSE();
return status;
#endif /* TFM_CRYPTO_GENERATOR_MODULE_DISABLED */
}
+
+psa_status_t psa_key_derivation_setup(psa_key_derivation_operation_t *operation,
+ psa_algorithm_t alg)
+{
+#ifdef TFM_CRYPTO_GENERATOR_MODULE_DISABLED
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
+ psa_status_t status;
+ struct tfm_crypto_pack_iovec iov = {
+ .sfn_id = TFM_CRYPTO_KEY_DERIVATION_SETUP_SID,
+ .alg = alg,
+ .op_handle = operation->handle,
+ };
+
+ psa_invec in_vec[] = {
+ {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
+ };
+ psa_outvec out_vec[] = {
+ {.base = &(operation->handle), .len = sizeof(uint32_t)},
+ };
+
+ PSA_CONNECT(TFM_CRYPTO);
+
+ status = API_DISPATCH(tfm_crypto_key_derivation_setup,
+ TFM_CRYPTO_KEY_DERIVATION_SETUP);
+ PSA_CLOSE();
+
+ return status;
+#endif /* TFM_CRYPTO_GENERATOR_MODULE_DISABLED */
+}
+
+psa_status_t psa_key_derivation_set_capacity(
+ psa_key_derivation_operation_t *operation,
+ size_t capacity)
+{
+#ifdef TFM_CRYPTO_GENERATOR_MODULE_DISABLED
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
+ psa_status_t status;
+ struct tfm_crypto_pack_iovec iov = {
+ .sfn_id = TFM_CRYPTO_KEY_DERIVATION_SET_CAPACITY_SID,
+ .capacity = capacity,
+ .op_handle = operation->handle,
+ };
+
+ psa_invec in_vec[] = {
+ {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
+ };
+
+ PSA_CONNECT(TFM_CRYPTO);
+
+ status = API_DISPATCH_NO_OUTVEC(tfm_crypto_key_derivation_set_capacity,
+ TFM_CRYPTO_KEY_DERIVATION_SET_CAPACITY);
+ PSA_CLOSE();
+
+ return status;
+#endif /* TFM_CRYPTO_GENERATOR_MODULE_DISABLED */
+}
+
+psa_status_t psa_key_derivation_input_bytes(
+ psa_key_derivation_operation_t *operation,
+ psa_key_derivation_step_t step,
+ const uint8_t *data,
+ size_t data_length)
+{
+#ifdef TFM_CRYPTO_GENERATOR_MODULE_DISABLED
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
+ psa_status_t status;
+ struct tfm_crypto_pack_iovec iov = {
+ .sfn_id = TFM_CRYPTO_KEY_DERIVATION_INPUT_BYTES_SID,
+ .step = step,
+ .op_handle = operation->handle,
+ };
+
+ psa_invec in_vec[] = {
+ {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
+ {.base = data, .len = data_length},
+ };
+
+ PSA_CONNECT(TFM_CRYPTO);
+
+ status = API_DISPATCH_NO_OUTVEC(tfm_crypto_key_derivation_input_bytes,
+ TFM_CRYPTO_KEY_DERIVATION_INPUT_BYTES);
+ PSA_CLOSE();
+
+ return status;
+#endif /* TFM_CRYPTO_GENERATOR_MODULE_DISABLED */
+}
+
+psa_status_t psa_key_derivation_output_key(
+ const psa_key_attributes_t *attributes,
+ psa_key_derivation_operation_t *operation,
+ psa_key_handle_t *handle)
+{
+#ifdef TFM_CRYPTO_GENERATOR_MODULE_DISABLED
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
+ psa_status_t status;
+ struct tfm_crypto_pack_iovec iov = {
+ .sfn_id = TFM_CRYPTO_KEY_DERIVATION_OUTPUT_KEY_SID,
+ .op_handle = operation->handle,
+ };
+
+ psa_invec in_vec[] = {
+ {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
+ {.base = attributes, .len = sizeof(psa_key_attributes_t)},
+ };
+
+ psa_outvec out_vec[] = {
+ {.base = handle, .len = sizeof(psa_key_handle_t)}
+ };
+
+ PSA_CONNECT(TFM_CRYPTO);
+
+ status = API_DISPATCH(tfm_crypto_key_derivation_output_key,
+ TFM_CRYPTO_KEY_DERIVATION_OUTPUT_KEY);
+ PSA_CLOSE();
+
+ return status;
+#endif /* TFM_CRYPTO_GENERATOR_MODULE_DISABLED */
+}
+
+psa_status_t psa_hash_compute(psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *hash,
+ size_t hash_size,
+ size_t *hash_length)
+{
+ psa_status_t status;
+
+ status = PSA_ERROR_NOT_SUPPORTED;
+
+ return status;
+}
+
+psa_status_t psa_aead_encrypt_setup(psa_aead_operation_t *operation,
+ psa_key_handle_t handle,
+ psa_algorithm_t alg)
+{
+ psa_status_t status;
+
+ status = PSA_ERROR_NOT_SUPPORTED;
+
+ return status;
+}
+
+psa_status_t psa_aead_decrypt_setup(psa_aead_operation_t *operation,
+ psa_key_handle_t handle,
+ psa_algorithm_t alg)
+{
+ psa_status_t status;
+
+ status = PSA_ERROR_NOT_SUPPORTED;
+
+ return status;
+}
+
+psa_status_t psa_aead_generate_nonce(psa_aead_operation_t *operation,
+ uint8_t *nonce,
+ size_t nonce_size,
+ size_t *nonce_length)
+{
+ psa_status_t status;
+
+ status = PSA_ERROR_NOT_SUPPORTED;
+
+ return status;
+}
+
+psa_status_t psa_aead_set_nonce(psa_aead_operation_t *operation,
+ const uint8_t *nonce,
+ size_t nonce_length)
+{
+ psa_status_t status;
+
+ status = PSA_ERROR_NOT_SUPPORTED;
+
+ return status;
+}
+
+psa_status_t psa_aead_set_lengths(psa_aead_operation_t *operation,
+ size_t ad_length,
+ size_t plaintext_length)
+{
+ psa_status_t status;
+
+ status = PSA_ERROR_NOT_SUPPORTED;
+
+ return status;
+}
+
+psa_status_t psa_aead_update(psa_aead_operation_t *operation,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length)
+{
+ psa_status_t status;
+
+ status = PSA_ERROR_NOT_SUPPORTED;
+
+ return status;
+}