Crypto: Refactor the API dispatcher interface to reduce code size
This patch restructures the way the underlying APIs that
implements the PSA Crypto APIs are interfaced to the TF-M
Crypto service through a thin shim layer. The size of this
layer is reduced by nearly 45% on the default configuration.
Also, it removes the check for parameter number and size on
each function call as that is a redundant check as per the
overall threat model of the interaction between the crypto
service and the partition manager.
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
Change-Id: I07165bad00346cd12cf63620532f55da0c5d1262
diff --git a/secure_fw/partitions/crypto/crypto_key_derivation.c b/secure_fw/partitions/crypto/crypto_key_derivation.c
index 993477d..50e12b7 100644
--- a/secure_fw/partitions/crypto/crypto_key_derivation.c
+++ b/secure_fw/partitions/crypto/crypto_key_derivation.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2019-2021, Arm Limited. All rights reserved.
+ * Copyright (c) 2019-2022, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -8,6 +8,7 @@
#include <stddef.h>
#include <stdint.h>
#include <string.h>
+#include "tfm_sp_log.h"
#include "tfm_mbedcrypto_include.h"
@@ -18,7 +19,10 @@
#include "tfm_crypto_defs.h"
#include "tfm_plat_crypto_keys.h"
-#include "tfm_crypto_private.h"
+
+#ifndef MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
+#error "MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER must be selected in Mbed TLS config file"
+#endif
#ifdef TFM_PARTITION_TEST_PS
#include "psa_manifest/pid.h"
@@ -98,6 +102,11 @@
}
/* Derive key material from the HUK and output it to the operation buffer */
+ /* The function below accesses an abstracted functionality at platform level
+ * to get a key derived from the HUK. The specific algorithm is abstracted
+ * away to the platform implementation (i.e. it can be HMAC-based KDF or
+ * CMAC based KDF, the latter for example when CC-312 is present)
+ */
err = tfm_plat_get_huk_derived_key(tls12_prf->MBEDTLS_PRIVATE(label),
tls12_prf->MBEDTLS_PRIVATE(label_length),
NULL, 0,
@@ -106,6 +115,7 @@
if (err != TFM_PLAT_ERR_SUCCESS) {
return PSA_ERROR_HARDWARE_FAILURE;
}
+ LOG_DBGFMT("\033[0;32mcomplete.\033[0m\r\n");
return psa_import_key(attributes, tls12_prf->MBEDTLS_PRIVATE(output_block),
bytes, key_id);
@@ -130,430 +140,169 @@
#endif /* TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED */
/*!
- * \defgroup public_psa Public functions, PSA
+ * \addtogroup tfm_crypto_api_shim_layer
*
*/
/*!@{*/
-psa_status_t tfm_crypto_key_derivation_setup(psa_invec in_vec[],
- size_t in_len,
- psa_outvec out_vec[],
- size_t out_len)
+psa_status_t tfm_crypto_key_derivation_interface(psa_invec in_vec[],
+ psa_outvec out_vec[],
+ mbedtls_svc_key_id_t *encoded_key)
{
#ifdef TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED
return PSA_ERROR_NOT_SUPPORTED;
-#else
- psa_status_t status = PSA_SUCCESS;
- psa_key_derivation_operation_t *operation = NULL;
-
- CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 1, 1, out_len, 1, 1);
-
- if ((out_vec[0].len != sizeof(uint32_t)) ||
- (in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec))) {
- return PSA_ERROR_PROGRAMMER_ERROR;
- }
+#endif
const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_derivation_operation_t *operation = NULL;
uint32_t handle = iov->op_handle;
- uint32_t *handle_out = out_vec[0].base;
- psa_algorithm_t alg = iov->alg;
+ uint32_t *handle_out = NULL;
+ enum tfm_crypto_function_type function_type =
+ TFM_CRYPTO_GET_FUNCTION_TYPE(iov->function_id);
- /* Allocate the operation context in the secure world */
- status = tfm_crypto_operation_alloc(TFM_CRYPTO_KEY_DERIVATION_OPERATION,
- &handle,
+ if (function_type != TFM_CRYPTO_FUNCTION_TYPE_NON_MULTIPART) {
+ handle_out = (out_vec && out_vec[0].base != NULL) ?
+ out_vec[0].base : &handle;
+ *handle_out = handle;
+ status = tfm_crypto_operation_handling(
+ TFM_CRYPTO_KEY_DERIVATION_OPERATION,
+ function_type,
+ handle_out,
(void **)&operation);
- if (status != PSA_SUCCESS) {
- return status;
+ if (status != PSA_SUCCESS) {
+ return (iov->function_id == TFM_CRYPTO_KEY_DERIVATION_ABORT_SID) ?
+ PSA_SUCCESS : status;
+ }
}
- *handle_out = handle;
+ switch (iov->function_id) {
+ case TFM_CRYPTO_KEY_DERIVATION_SETUP_SID:
+ {
+ if (iov->alg == TFM_CRYPTO_ALG_HUK_DERIVATION) {
+ status = tfm_crypto_huk_derivation_setup(operation, iov->alg);
+ } else {
+ status = psa_key_derivation_setup(operation, iov->alg);
+ }
- if (alg == TFM_CRYPTO_ALG_HUK_DERIVATION) {
- status = tfm_crypto_huk_derivation_setup(operation, alg);
- } else {
- status = psa_key_derivation_setup(operation, alg);
+ if (status != PSA_SUCCESS) {
+ goto release_operation_and_return;
+ }
}
- if (status != PSA_SUCCESS) {
- /* Release the operation context, ignore if the operation fails. */
- (void)tfm_crypto_operation_release(handle_out);
- return status;
+ break;
+ case TFM_CRYPTO_KEY_DERIVATION_GET_CAPACITY_SID:
+ {
+ size_t *capacity = out_vec[0].base;
+
+ status = psa_key_derivation_get_capacity(operation, capacity);
+ }
+ break;
+ case TFM_CRYPTO_KEY_DERIVATION_SET_CAPACITY_SID:
+ {
+ status = psa_key_derivation_set_capacity(operation, iov->capacity);
+ }
+ break;
+ case TFM_CRYPTO_KEY_DERIVATION_INPUT_BYTES_SID:
+ {
+ const uint8_t *data = in_vec[1].base;
+ size_t data_length = in_vec[1].len;
+
+ if (operation->MBEDTLS_PRIVATE(alg) == TFM_CRYPTO_ALG_HUK_DERIVATION) {
+ status = tfm_crypto_huk_derivation_input_bytes(operation,
+ iov->step, data,
+ data_length);
+ } else {
+ status = psa_key_derivation_input_bytes(operation, iov->step, data,
+ data_length);
+ }
+ }
+ break;
+ case TFM_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES_SID:
+ {
+ uint8_t *output = out_vec[0].base;
+ size_t output_length = out_vec[0].len;
+
+ status = psa_key_derivation_output_bytes(operation,
+ output, output_length);
+ }
+ break;
+ case TFM_CRYPTO_KEY_DERIVATION_INPUT_KEY_SID:
+ {
+ status = psa_key_derivation_input_key(operation,
+ iov->step, *encoded_key);
+ }
+ break;
+ case TFM_CRYPTO_KEY_DERIVATION_OUTPUT_KEY_SID:
+ {
+ const struct psa_client_key_attributes_s *client_key_attr =
+ in_vec[1].base;
+ psa_key_id_t *key_handle = out_vec[0].base;
+ psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
+ int32_t partition_id = MBEDTLS_SVC_KEY_ID_GET_OWNER_ID(*encoded_key);
+
+ status = tfm_crypto_key_attributes_from_client(client_key_attr,
+ partition_id,
+ &key_attributes);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
+
+ if (operation->MBEDTLS_PRIVATE(alg) == TFM_CRYPTO_ALG_HUK_DERIVATION) {
+ status = tfm_crypto_huk_derivation_output_key(&key_attributes,
+ operation, encoded_key);
+ } else {
+ status = psa_key_derivation_output_key(&key_attributes, operation,
+ encoded_key);
+ }
+
+ *key_handle = encoded_key->MBEDTLS_PRIVATE(key_id);
+ }
+ break;
+ case TFM_CRYPTO_KEY_DERIVATION_ABORT_SID:
+ {
+ if (operation->MBEDTLS_PRIVATE(alg) == TFM_CRYPTO_ALG_HUK_DERIVATION) {
+ status = tfm_crypto_huk_derivation_abort(operation);
+ } else {
+ status = psa_key_derivation_abort(operation);
+ }
+
+ if (status != PSA_SUCCESS) {
+ goto release_operation_and_return;
+ } else {
+ status = tfm_crypto_operation_release(handle_out);
+ }
+ }
+ break;
+ case TFM_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT_SID:
+ {
+ const uint8_t *peer_key = in_vec[1].base;
+ size_t peer_key_length = in_vec[1].len;
+
+ status = psa_key_derivation_key_agreement(operation, iov->step,
+ *encoded_key,
+ peer_key,
+ peer_key_length);
+ }
+ break;
+ case TFM_CRYPTO_RAW_KEY_AGREEMENT_SID:
+ {
+ uint8_t *output = out_vec[0].base;
+ size_t output_size = out_vec[0].len;
+ const uint8_t *peer_key = in_vec[1].base;
+ size_t peer_key_length = in_vec[1].len;
+
+ status = psa_raw_key_agreement(iov->alg, *encoded_key,
+ peer_key, peer_key_length,
+ output, output_size, &out_vec[0].len);
+ }
+ break;
+ default:
+ status = PSA_ERROR_NOT_SUPPORTED;
}
return status;
-#endif /* TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED */
-}
-
-psa_status_t tfm_crypto_key_derivation_get_capacity(psa_invec in_vec[],
- size_t in_len,
- psa_outvec out_vec[],
- size_t out_len)
-{
-#ifdef TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED
- return PSA_ERROR_NOT_SUPPORTED;
-#else
- psa_status_t status;
-
- CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 1, 1, out_len, 1, 1);
-
- if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
- (out_vec[0].len != sizeof(size_t))) {
- return PSA_ERROR_PROGRAMMER_ERROR;
- }
- const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
-
- uint32_t handle = iov->op_handle;
- size_t *capacity = out_vec[0].base;
- psa_key_derivation_operation_t *operation = NULL;
-
- /* Look up the corresponding operation context */
- status = tfm_crypto_operation_lookup(TFM_CRYPTO_KEY_DERIVATION_OPERATION,
- handle,
- (void **)&operation);
- if (status != PSA_SUCCESS) {
- *capacity = 0;
- return status;
- }
-
- return psa_key_derivation_get_capacity(operation, capacity);
-#endif /* TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED */
-}
-
-psa_status_t tfm_crypto_key_derivation_set_capacity(psa_invec in_vec[],
- size_t in_len,
- psa_outvec out_vec[],
- size_t out_len)
-{
-#ifdef TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED
- return PSA_ERROR_NOT_SUPPORTED;
-#else
- psa_status_t status;
-
- CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 1, 1, out_len, 0, 0);
-
- if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec))) {
- return PSA_ERROR_PROGRAMMER_ERROR;
- }
- const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
-
- uint32_t handle = iov->op_handle;
- size_t capacity = iov->capacity;
- psa_key_derivation_operation_t *operation = NULL;
-
- /* Look up the corresponding operation context */
- status = tfm_crypto_operation_lookup(TFM_CRYPTO_KEY_DERIVATION_OPERATION,
- handle,
- (void **)&operation);
- if (status != PSA_SUCCESS) {
- return status;
- }
-
- return psa_key_derivation_set_capacity(operation, capacity);
-#endif /* TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED */
-}
-
-psa_status_t tfm_crypto_key_derivation_input_bytes(psa_invec in_vec[],
- size_t in_len,
- psa_outvec out_vec[],
- size_t out_len)
-{
-#ifdef TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED
- return PSA_ERROR_NOT_SUPPORTED;
-#else
- psa_status_t status;
-
- CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 1, 2, out_len, 0, 0);
-
- if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec))) {
- return PSA_ERROR_PROGRAMMER_ERROR;
- }
- const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
-
- uint32_t handle = iov->op_handle;
- psa_key_derivation_step_t step = iov->step;
- const uint8_t *data = in_vec[1].base;
- size_t data_length = in_vec[1].len;
- psa_key_derivation_operation_t *operation = NULL;
-
- /* Look up the corresponding operation context */
- status = tfm_crypto_operation_lookup(TFM_CRYPTO_KEY_DERIVATION_OPERATION,
- handle,
- (void **)&operation);
- if (status != PSA_SUCCESS) {
- return status;
- }
-
- if (operation->MBEDTLS_PRIVATE(alg) == TFM_CRYPTO_ALG_HUK_DERIVATION) {
- return tfm_crypto_huk_derivation_input_bytes(operation, step, data,
- data_length);
- } else {
- return psa_key_derivation_input_bytes(operation, step, data,
- data_length);
- }
-#endif /* TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED */
-}
-
-psa_status_t tfm_crypto_key_derivation_output_bytes(psa_invec in_vec[],
- size_t in_len,
- psa_outvec out_vec[],
- size_t out_len)
-{
-#ifdef TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED
- return PSA_ERROR_NOT_SUPPORTED;
-#else
- psa_status_t status;
-
- CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 1, 1, out_len, 0, 1);
-
- if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec))) {
- return PSA_ERROR_PROGRAMMER_ERROR;
- }
- const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
-
- uint32_t handle = iov->op_handle;
- uint8_t *output = out_vec[0].base;
- size_t output_length = out_vec[0].len;
- psa_key_derivation_operation_t *operation = NULL;
-
- /* Look up the corresponding operation context */
- status = tfm_crypto_operation_lookup(TFM_CRYPTO_KEY_DERIVATION_OPERATION,
- handle,
- (void **)&operation);
- if (status != PSA_SUCCESS) {
- return status;
- }
-
- return psa_key_derivation_output_bytes(operation, output, output_length);
-#endif /* TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED */
-}
-
-psa_status_t tfm_crypto_key_derivation_input_key(psa_invec in_vec[],
- size_t in_len,
- psa_outvec out_vec[],
- size_t out_len)
-{
-#ifdef TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED
- return PSA_ERROR_NOT_SUPPORTED;
-#else
- psa_status_t status;
-
- CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 1, 1, out_len, 0, 0);
-
- if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec))) {
- return PSA_ERROR_PROGRAMMER_ERROR;
- }
- const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
- uint32_t handle = iov->op_handle;
- psa_key_id_t key_id = iov->key_id;
- psa_key_derivation_step_t step = iov->step;
- psa_key_derivation_operation_t *operation = NULL;
- mbedtls_svc_key_id_t encoded_key;
-
- /* Look up the corresponding operation context */
- status = tfm_crypto_operation_lookup(TFM_CRYPTO_KEY_DERIVATION_OPERATION,
- handle,
- (void **)&operation);
- if (status != PSA_SUCCESS) {
- return status;
- }
-
- status = tfm_crypto_encode_id_and_owner(key_id, &encoded_key);
- if (status != PSA_SUCCESS) {
- return status;
- }
-
- return psa_key_derivation_input_key(operation, step, encoded_key);
-#endif /* TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED */
-}
-
-psa_status_t tfm_crypto_key_derivation_output_key(psa_invec in_vec[],
- size_t in_len,
- psa_outvec out_vec[],
- size_t out_len)
-{
-#ifdef TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED
- return PSA_ERROR_NOT_SUPPORTED;
-#else
- psa_status_t status;
-
- CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 2, 2, out_len, 1, 1);
-
- if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
- (in_vec[1].len != sizeof(struct psa_client_key_attributes_s)) ||
- (out_vec[0].len != sizeof(psa_key_id_t))) {
- return PSA_ERROR_PROGRAMMER_ERROR;
- }
- const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
-
- uint32_t handle = iov->op_handle;
- const struct psa_client_key_attributes_s *client_key_attr = in_vec[1].base;
- psa_key_derivation_operation_t *operation = NULL;
- psa_key_id_t *key_handle = out_vec[0].base;
- psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
- int32_t partition_id;
- mbedtls_svc_key_id_t encoded_key;
-
- /* Look up the corresponding operation context */
- status = tfm_crypto_operation_lookup(TFM_CRYPTO_KEY_DERIVATION_OPERATION,
- handle,
- (void **)&operation);
- if (status != PSA_SUCCESS) {
- return status;
- }
-
- status = tfm_crypto_get_caller_id(&partition_id);
- if (status != PSA_SUCCESS) {
- return status;
- }
-
- status = tfm_crypto_key_attributes_from_client(client_key_attr,
- partition_id,
- &key_attributes);
- if (status != PSA_SUCCESS) {
- return status;
- }
-
- if (operation->MBEDTLS_PRIVATE(alg) == TFM_CRYPTO_ALG_HUK_DERIVATION) {
- status = tfm_crypto_huk_derivation_output_key(&key_attributes,
- operation, &encoded_key);
- } else {
- status = psa_key_derivation_output_key(&key_attributes, operation,
- &encoded_key);
- }
-
- *key_handle = encoded_key.MBEDTLS_PRIVATE(key_id);
-
+release_operation_and_return:
+ /* Release the operation context, ignore if the operation fails. */
+ (void)tfm_crypto_operation_release(handle_out);
return status;
-#endif /* TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED */
-}
-
-psa_status_t tfm_crypto_key_derivation_abort(psa_invec in_vec[],
- size_t in_len,
- psa_outvec out_vec[],
- size_t out_len)
-{
-#ifdef TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED
- return PSA_ERROR_NOT_SUPPORTED;
-#else
- psa_status_t status;
-
- CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 1, 1, out_len, 1, 1);
-
- if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
- (out_vec[0].len != sizeof(uint32_t))) {
- return PSA_ERROR_PROGRAMMER_ERROR;
- }
- const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
-
- uint32_t handle = iov->op_handle;
- uint32_t *handle_out = out_vec[0].base;
- psa_key_derivation_operation_t *operation = NULL;
-
- /* Init the handle in the operation with the one passed from the iov */
- *handle_out = iov->op_handle;
-
- /* Look up the corresponding operation context */
- status = tfm_crypto_operation_lookup(TFM_CRYPTO_KEY_DERIVATION_OPERATION,
- handle,
- (void **)&operation);
- if (status != PSA_SUCCESS) {
- /* Operation does not exist, so abort has no effect */
- return PSA_SUCCESS;
- }
-
- *handle_out = handle;
-
- if (operation->MBEDTLS_PRIVATE(alg) == TFM_CRYPTO_ALG_HUK_DERIVATION) {
- status = tfm_crypto_huk_derivation_abort(operation);
- } else {
- status = psa_key_derivation_abort(operation);
- }
- if (status != PSA_SUCCESS) {
- /* Release the operation context, ignore if the operation fails. */
- (void)tfm_crypto_operation_release(handle_out);
- return status;
- }
-
- status = tfm_crypto_operation_release(handle_out);
-
- return status;
-#endif /* TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED */
-}
-
-psa_status_t tfm_crypto_key_derivation_key_agreement(psa_invec in_vec[],
- size_t in_len,
- psa_outvec out_vec[],
- size_t out_len)
-{
-#ifdef TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED
- return PSA_ERROR_NOT_SUPPORTED;
-#else
- psa_status_t status;
-
- CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 1, 2, out_len, 0, 0);
-
- if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec))) {
- return PSA_ERROR_PROGRAMMER_ERROR;
- }
- const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
-
- uint32_t handle = iov->op_handle;
- psa_key_id_t private_key = iov->key_id;
- const uint8_t *peer_key = in_vec[1].base;
- size_t peer_key_length = in_vec[1].len;
- psa_key_derivation_operation_t *operation = NULL;
- psa_key_derivation_step_t step = iov->step;
- mbedtls_svc_key_id_t encoded_key;
-
- /* Look up the corresponding operation context */
- status = tfm_crypto_operation_lookup(TFM_CRYPTO_KEY_DERIVATION_OPERATION,
- handle,
- (void **)&operation);
- if (status != PSA_SUCCESS) {
- return status;
- }
-
- status = tfm_crypto_encode_id_and_owner(private_key, &encoded_key);
- if (status != PSA_SUCCESS) {
- return status;
- }
-
- return psa_key_derivation_key_agreement(operation, step,
- encoded_key,
- peer_key,
- peer_key_length);
-#endif /* TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED */
-}
-
-psa_status_t tfm_crypto_raw_key_agreement(psa_invec in_vec[],
- size_t in_len,
- psa_outvec out_vec[],
- size_t out_len)
-{
-#ifdef TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED
- return PSA_ERROR_NOT_SUPPORTED;
-#else
-
- CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 1, 2, out_len, 0, 1);
-
- if (in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) {
- return PSA_ERROR_PROGRAMMER_ERROR;
- }
- const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
- uint8_t *output = out_vec[0].base;
- size_t output_size = out_vec[0].len;
- psa_algorithm_t alg = iov->alg;
- psa_key_id_t private_key = iov->key_id;
- const uint8_t *peer_key = in_vec[1].base;
- size_t peer_key_length = in_vec[1].len;
- mbedtls_svc_key_id_t encoded_key;
- psa_status_t status;
-
- status = tfm_crypto_encode_id_and_owner(private_key, &encoded_key);
- if (status != PSA_SUCCESS) {
- return status;
- }
-
- return psa_raw_key_agreement(alg, encoded_key, peer_key, peer_key_length,
- output, output_size, &out_vec[0].len);
-#endif /* TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED */
}
/*!@}*/