Crypto: Add frontend support for multipart AEAD APIs
This patch adds support in the TF-M Crypto service
frontend for AEAD multipart APIs.
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
Change-Id: I81b55bc6ae1b0e1c1c015c90577518328a3286fa
diff --git a/interface/include/tfm_crypto_defs.h b/interface/include/tfm_crypto_defs.h
index 47d9724..2b217ff 100644
--- a/interface/include/tfm_crypto_defs.h
+++ b/interface/include/tfm_crypto_defs.h
@@ -44,6 +44,8 @@
* multipart operation
*/
size_t capacity; /*!< Key derivation capacity */
+ size_t ad_length; /*!< Additional Data length for multipart AEAD */
+ size_t plaintext_length; /*!< Plaintext length for multipart AEAD */
struct tfm_crypto_aead_pack_input aead_in; /*!< FixMe: Temporarily used for
* AEAD until the API is
@@ -53,7 +55,9 @@
/**
* \brief Define a progressive numerical value for each SID which can be used
- * when dispatching the requests to the service
+ * when dispatching the requests to the service. Note: This has to
+ * match exactly with the list of APIs defined in tfm_crypto_api.h by
+ * the LIST_TFM_CRYPTO_UNIFORM_SIGNATURE_API X macro.
*/
enum {
TFM_CRYPTO_GET_KEY_ATTRIBUTES_SID = (0u),
diff --git a/interface/src/tfm_crypto_func_api.c b/interface/src/tfm_crypto_func_api.c
index 5d7826b..c4433b3 100644
--- a/interface/src/tfm_crypto_func_api.c
+++ b/interface/src/tfm_crypto_func_api.c
@@ -135,7 +135,7 @@
};
(void)API_DISPATCH(tfm_crypto_reset_key_attributes,
- TFM_CRYPTO_RESET_KEY_ATTRIBUTES);
+ TFM_CRYPTO_RESET_KEY_ATTRIBUTES);
return;
}
@@ -861,6 +861,259 @@
return status;
}
+psa_status_t psa_aead_encrypt_setup(psa_aead_operation_t *operation,
+ psa_key_id_t key,
+ psa_algorithm_t alg)
+{
+ psa_status_t status;
+ struct tfm_crypto_pack_iovec iov = {
+ .sfn_id = TFM_CRYPTO_AEAD_ENCRYPT_SETUP_SID,
+ .key_id = key,
+ .alg = alg,
+ .op_handle = operation->handle,
+ };
+
+ psa_invec in_vec[] = {
+ {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)}
+ };
+ psa_outvec out_vec[] = {
+ {.base = &(operation->handle), .len = sizeof(uint32_t)}
+ };
+
+ status = API_DISPATCH(tfm_crypto_aead_encrypt_setup,
+ TFM_CRYPTO_AEAD_ENCRYPT_SETUP);
+ return status;
+}
+
+psa_status_t psa_aead_decrypt_setup(psa_aead_operation_t *operation,
+ psa_key_id_t key,
+ psa_algorithm_t alg)
+{
+ psa_status_t status;
+ struct tfm_crypto_pack_iovec iov = {
+ .sfn_id = TFM_CRYPTO_AEAD_DECRYPT_SETUP_SID,
+ .key_id = key,
+ .alg = alg,
+ .op_handle = operation->handle,
+ };
+
+ psa_invec in_vec[] = {
+ {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)}
+ };
+ psa_outvec out_vec[] = {
+ {.base = &(operation->handle), .len = sizeof(uint32_t)}
+ };
+
+ status = API_DISPATCH(tfm_crypto_aead_decrypt_setup,
+ TFM_CRYPTO_AEAD_DECRYPT_SETUP);
+ return status;
+}
+
+psa_status_t psa_aead_generate_nonce(psa_aead_operation_t *operation,
+ uint8_t *nonce,
+ size_t nonce_size,
+ size_t *nonce_length)
+{
+ psa_status_t status;
+ struct tfm_crypto_pack_iovec iov = {
+ .sfn_id = TFM_CRYPTO_AEAD_GENERATE_NONCE_SID,
+ .op_handle = operation->handle,
+ };
+
+ psa_invec in_vec[] = {
+ {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
+ };
+ psa_outvec out_vec[] = {
+ {.base = &(operation->handle), .len = sizeof(uint32_t)},
+ {.base = nonce, .len = nonce_size}
+ };
+
+ status = API_DISPATCH(tfm_crypto_aead_generate_nonce,
+ TFM_CRYPTO_AEAD_GENERATE_NONCE);
+
+ *nonce_length = out_vec[1].len;
+ return status;
+}
+
+psa_status_t psa_aead_set_nonce(psa_aead_operation_t *operation,
+ const uint8_t *nonce,
+ size_t nonce_length)
+{
+ psa_status_t status;
+ struct tfm_crypto_pack_iovec iov = {
+ .sfn_id = TFM_CRYPTO_AEAD_SET_NONCE_SID,
+ .op_handle = operation->handle,
+ };
+
+ psa_invec in_vec[] = {
+ {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
+ {.base = nonce, .len = nonce_length}
+ };
+ psa_outvec out_vec[] = {
+ {.base = &(operation->handle), .len = sizeof(uint32_t)}
+ };
+
+ status = API_DISPATCH(tfm_crypto_aead_set_nonce,
+ TFM_CRYPTO_AEAD_SET_NONCE);
+ return status;
+}
+
+psa_status_t psa_aead_set_lengths(psa_aead_operation_t *operation,
+ size_t ad_length,
+ size_t plaintext_length)
+{
+ psa_status_t status;
+ struct tfm_crypto_pack_iovec iov = {
+ .sfn_id = TFM_CRYPTO_AEAD_SET_LENGTHS_SID,
+ .ad_length = ad_length,
+ .plaintext_length = plaintext_length,
+ .op_handle = operation->handle,
+ };
+
+ psa_invec in_vec[] = {
+ {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
+ };
+ psa_outvec out_vec[] = {
+ {.base = &(operation->handle), .len = sizeof(uint32_t)}
+ };
+
+ status = API_DISPATCH(tfm_crypto_aead_set_lengths,
+ TFM_CRYPTO_AEAD_SET_LENGTHS);
+ return status;
+}
+
+psa_status_t psa_aead_update_ad(psa_aead_operation_t *operation,
+ const uint8_t *input,
+ size_t input_length)
+{
+ psa_status_t status;
+ struct tfm_crypto_pack_iovec iov = {
+ .sfn_id = TFM_CRYPTO_AEAD_UPDATE_AD_SID,
+ .op_handle = operation->handle,
+ };
+
+ psa_invec in_vec[] = {
+ {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
+ {.base = input, .len = input_length}
+ };
+ psa_outvec out_vec[] = {
+ {.base = &(operation->handle), .len = sizeof(uint32_t)}
+ };
+
+ status = API_DISPATCH(tfm_crypto_aead_update_ad,
+ TFM_CRYPTO_AEAD_UPDATE_AD);
+ return status;
+}
+
+psa_status_t psa_aead_update(psa_aead_operation_t *operation,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length)
+{
+ psa_status_t status;
+ struct tfm_crypto_pack_iovec iov = {
+ .sfn_id = TFM_CRYPTO_AEAD_UPDATE_SID,
+ .op_handle = operation->handle,
+ };
+
+ psa_invec in_vec[] = {
+ {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
+ {.base = input, .len = input_length}
+ };
+ psa_outvec out_vec[] = {
+ {.base = &(operation->handle), .len = sizeof(uint32_t)},
+ {.base = output, .len = output_size},
+ };
+
+ status = API_DISPATCH(tfm_crypto_aead_update,
+ TFM_CRYPTO_AEAD_UPDATE);
+
+ *output_length = out_vec[1].len;
+ return status;
+}
+
+psa_status_t psa_aead_finish(psa_aead_operation_t *operation,
+ uint8_t *ciphertext,
+ size_t ciphertext_size,
+ size_t *ciphertext_length,
+ uint8_t *tag,
+ size_t tag_size,
+ size_t *tag_length)
+{
+ psa_status_t status;
+ struct tfm_crypto_pack_iovec iov = {
+ .sfn_id = TFM_CRYPTO_AEAD_FINISH_SID,
+ .op_handle = operation->handle,
+ };
+
+ psa_invec in_vec[] = {
+ {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
+ };
+ psa_outvec out_vec[] = {
+ {.base = &(operation->handle), .len = sizeof(uint32_t)},
+ {.base = ciphertext, .len = ciphertext_size},
+ {.base = tag, .len = tag_size},
+ };
+
+ status = API_DISPATCH(tfm_crypto_aead_finish,
+ TFM_CRYPTO_AEAD_FINISH);
+
+ *ciphertext_length = out_vec[1].len;
+ *tag_length = out_vec[2].len;
+ return status;
+}
+
+psa_status_t psa_aead_verify(psa_aead_operation_t *operation,
+ uint8_t *plaintext,
+ size_t plaintext_size,
+ size_t *plaintext_length,
+ const uint8_t *tag,
+ size_t tag_length)
+{
+ psa_status_t status;
+ struct tfm_crypto_pack_iovec iov = {
+ .sfn_id = TFM_CRYPTO_AEAD_VERIFY_SID,
+ .op_handle = operation->handle,
+ };
+
+ psa_invec in_vec[] = {
+ {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
+ {.base = tag, .len = tag_length}
+ };
+ psa_outvec out_vec[] = {
+ {.base = &(operation->handle), .len = sizeof(uint32_t)},
+ {.base = plaintext, .len = plaintext_size},
+ };
+
+ status = API_DISPATCH(tfm_crypto_aead_verify,
+ TFM_CRYPTO_AEAD_VERIFY);
+
+ *plaintext_length = out_vec[1].len;
+ return status;
+}
+
+psa_status_t psa_aead_abort(psa_aead_operation_t *operation)
+{
+ psa_status_t status;
+ struct tfm_crypto_pack_iovec iov = {
+ .sfn_id = TFM_CRYPTO_AEAD_ABORT_SID,
+ .op_handle = operation->handle,
+ };
+
+ psa_invec in_vec[] = {
+ {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
+ };
+ psa_outvec out_vec[] = {
+ {.base = &(operation->handle), .len = sizeof(uint32_t)},
+ };
+
+ status = API_DISPATCH(tfm_crypto_aead_abort,
+ TFM_CRYPTO_AEAD_ABORT);
+ return status;
+}
+
psa_status_t psa_sign_message(psa_key_id_t key,
psa_algorithm_t alg,
const uint8_t *input,
@@ -1223,55 +1476,6 @@
return status;
}
-psa_status_t psa_aead_update_ad(psa_aead_operation_t *operation,
- const uint8_t *input,
- size_t input_length)
-{
- psa_status_t status;
-
- status = PSA_ERROR_NOT_SUPPORTED;
-
- return status;
-}
-
-psa_status_t psa_aead_finish(psa_aead_operation_t *operation,
- uint8_t *ciphertext,
- size_t ciphertext_size,
- size_t *ciphertext_length,
- uint8_t *tag,
- size_t tag_size,
- size_t *tag_length)
-{
- psa_status_t status;
-
- status = PSA_ERROR_NOT_SUPPORTED;
-
- return status;
-}
-
-psa_status_t psa_aead_verify(psa_aead_operation_t *operation,
- uint8_t *plaintext,
- size_t plaintext_size,
- size_t *plaintext_length,
- const uint8_t *tag,
- size_t tag_length)
-{
- psa_status_t status;
-
- status = PSA_ERROR_NOT_SUPPORTED;
-
- return status;
-}
-
-psa_status_t psa_aead_abort(psa_aead_operation_t *operation)
-{
- psa_status_t status;
-
- status = PSA_ERROR_NOT_SUPPORTED;
-
- return status;
-}
-
psa_status_t psa_mac_compute(psa_key_id_t key,
psa_algorithm_t alg,
const uint8_t *input,
@@ -1351,7 +1555,7 @@
{.base = input, .len = input_length},
};
psa_outvec out_vec[] = {
- {.base = output, .len = output_size},
+ {.base = output, .len = output_size}
};
status = API_DISPATCH(tfm_crypto_cipher_encrypt,
@@ -1385,7 +1589,7 @@
{.base = input, .len = input_length},
};
psa_outvec out_vec[] = {
- {.base = output, .len = output_size},
+ {.base = output, .len = output_size}
};
status = API_DISPATCH(tfm_crypto_cipher_decrypt,
@@ -1517,73 +1721,3 @@
TFM_CRYPTO_KEY_DERIVATION_OUTPUT_KEY);
return status;
}
-
-psa_status_t psa_aead_encrypt_setup(psa_aead_operation_t *operation,
- psa_key_id_t key,
- psa_algorithm_t alg)
-{
- psa_status_t status;
-
- status = PSA_ERROR_NOT_SUPPORTED;
-
- return status;
-}
-
-psa_status_t psa_aead_decrypt_setup(psa_aead_operation_t *operation,
- psa_key_id_t key,
- psa_algorithm_t alg)
-{
- psa_status_t status;
-
- status = PSA_ERROR_NOT_SUPPORTED;
-
- return status;
-}
-
-psa_status_t psa_aead_generate_nonce(psa_aead_operation_t *operation,
- uint8_t *nonce,
- size_t nonce_size,
- size_t *nonce_length)
-{
- psa_status_t status;
-
- status = PSA_ERROR_NOT_SUPPORTED;
-
- return status;
-}
-
-psa_status_t psa_aead_set_nonce(psa_aead_operation_t *operation,
- const uint8_t *nonce,
- size_t nonce_length)
-{
- psa_status_t status;
-
- status = PSA_ERROR_NOT_SUPPORTED;
-
- return status;
-}
-
-psa_status_t psa_aead_set_lengths(psa_aead_operation_t *operation,
- size_t ad_length,
- size_t plaintext_length)
-{
- psa_status_t status;
-
- status = PSA_ERROR_NOT_SUPPORTED;
-
- return status;
-}
-
-psa_status_t psa_aead_update(psa_aead_operation_t *operation,
- const uint8_t *input,
- size_t input_length,
- uint8_t *output,
- size_t output_size,
- size_t *output_length)
-{
- psa_status_t status;
-
- status = PSA_ERROR_NOT_SUPPORTED;
-
- return status;
-}
diff --git a/interface/src/tfm_crypto_ipc_api.c b/interface/src/tfm_crypto_ipc_api.c
index a396a27..8404899 100644
--- a/interface/src/tfm_crypto_ipc_api.c
+++ b/interface/src/tfm_crypto_ipc_api.c
@@ -125,7 +125,6 @@
status = API_DISPATCH(tfm_crypto_get_key_attributes,
TFM_CRYPTO_GET_KEY_ATTRIBUTES);
-
return status;
}
@@ -143,7 +142,6 @@
(void)API_DISPATCH(tfm_crypto_reset_key_attributes,
TFM_CRYPTO_RESET_KEY_ATTRIBUTES);
-
return;
}
@@ -211,7 +209,6 @@
status = API_DISPATCH_NO_OUTVEC(tfm_crypto_purge_key,
TFM_CRYPTO_PURGE_KEY);
-
return status;
}
@@ -228,7 +225,6 @@
psa_invec in_vec[] = {
{.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
{.base = attributes, .len = sizeof(psa_key_attributes_t)},
-
};
psa_outvec out_vec[] = {
@@ -879,6 +875,259 @@
return status;
}
+psa_status_t psa_aead_encrypt_setup(psa_aead_operation_t *operation,
+ psa_key_id_t key,
+ psa_algorithm_t alg)
+{
+ psa_status_t status;
+ struct tfm_crypto_pack_iovec iov = {
+ .sfn_id = TFM_CRYPTO_AEAD_ENCRYPT_SETUP_SID,
+ .key_id = key,
+ .alg = alg,
+ .op_handle = operation->handle,
+ };
+
+ psa_invec in_vec[] = {
+ {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)}
+ };
+ psa_outvec out_vec[] = {
+ {.base = &(operation->handle), .len = sizeof(uint32_t)}
+ };
+
+ status = API_DISPATCH(tfm_crypto_aead_encrypt_setup,
+ TFM_CRYPTO_AEAD_ENCRYPT_SETUP);
+ return status;
+}
+
+psa_status_t psa_aead_decrypt_setup(psa_aead_operation_t *operation,
+ psa_key_id_t key,
+ psa_algorithm_t alg)
+{
+ psa_status_t status;
+ struct tfm_crypto_pack_iovec iov = {
+ .sfn_id = TFM_CRYPTO_AEAD_DECRYPT_SETUP_SID,
+ .key_id = key,
+ .alg = alg,
+ .op_handle = operation->handle,
+ };
+
+ psa_invec in_vec[] = {
+ {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)}
+ };
+ psa_outvec out_vec[] = {
+ {.base = &(operation->handle), .len = sizeof(uint32_t)}
+ };
+
+ status = API_DISPATCH(tfm_crypto_aead_decrypt_setup,
+ TFM_CRYPTO_AEAD_DECRYPT_SETUP);
+ return status;
+}
+
+psa_status_t psa_aead_generate_nonce(psa_aead_operation_t *operation,
+ uint8_t *nonce,
+ size_t nonce_size,
+ size_t *nonce_length)
+{
+ psa_status_t status;
+ struct tfm_crypto_pack_iovec iov = {
+ .sfn_id = TFM_CRYPTO_AEAD_GENERATE_NONCE_SID,
+ .op_handle = operation->handle,
+ };
+
+ psa_invec in_vec[] = {
+ {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
+ };
+ psa_outvec out_vec[] = {
+ {.base = &(operation->handle), .len = sizeof(uint32_t)},
+ {.base = nonce, .len = nonce_size}
+ };
+
+ status = API_DISPATCH(tfm_crypto_aead_generate_nonce,
+ TFM_CRYPTO_AEAD_GENERATE_NONCE);
+
+ *nonce_length = out_vec[1].len;
+ return status;
+}
+
+psa_status_t psa_aead_set_nonce(psa_aead_operation_t *operation,
+ const uint8_t *nonce,
+ size_t nonce_length)
+{
+ psa_status_t status;
+ struct tfm_crypto_pack_iovec iov = {
+ .sfn_id = TFM_CRYPTO_AEAD_SET_NONCE_SID,
+ .op_handle = operation->handle,
+ };
+
+ psa_invec in_vec[] = {
+ {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
+ {.base = nonce, .len = nonce_length}
+ };
+ psa_outvec out_vec[] = {
+ {.base = &(operation->handle), .len = sizeof(uint32_t)}
+ };
+
+ status = API_DISPATCH(tfm_crypto_aead_set_nonce,
+ TFM_CRYPTO_AEAD_SET_NONCE);
+ return status;
+}
+
+psa_status_t psa_aead_set_lengths(psa_aead_operation_t *operation,
+ size_t ad_length,
+ size_t plaintext_length)
+{
+ psa_status_t status;
+ struct tfm_crypto_pack_iovec iov = {
+ .sfn_id = TFM_CRYPTO_AEAD_SET_LENGTHS_SID,
+ .ad_length = ad_length,
+ .plaintext_length = plaintext_length,
+ .op_handle = operation->handle,
+ };
+
+ psa_invec in_vec[] = {
+ {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
+ };
+ psa_outvec out_vec[] = {
+ {.base = &(operation->handle), .len = sizeof(uint32_t)}
+ };
+
+ status = API_DISPATCH(tfm_crypto_aead_set_lengths,
+ TFM_CRYPTO_AEAD_SET_LENGTHS);
+ return status;
+}
+
+psa_status_t psa_aead_update_ad(psa_aead_operation_t *operation,
+ const uint8_t *input,
+ size_t input_length)
+{
+ psa_status_t status;
+ struct tfm_crypto_pack_iovec iov = {
+ .sfn_id = TFM_CRYPTO_AEAD_UPDATE_AD_SID,
+ .op_handle = operation->handle,
+ };
+
+ psa_invec in_vec[] = {
+ {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
+ {.base = input, .len = input_length}
+ };
+ psa_outvec out_vec[] = {
+ {.base = &(operation->handle), .len = sizeof(uint32_t)}
+ };
+
+ status = API_DISPATCH(tfm_crypto_aead_update_ad,
+ TFM_CRYPTO_AEAD_UPDATE_AD);
+ return status;
+}
+
+psa_status_t psa_aead_update(psa_aead_operation_t *operation,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length)
+{
+ psa_status_t status;
+ struct tfm_crypto_pack_iovec iov = {
+ .sfn_id = TFM_CRYPTO_AEAD_UPDATE_SID,
+ .op_handle = operation->handle,
+ };
+
+ psa_invec in_vec[] = {
+ {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
+ {.base = input, .len = input_length}
+ };
+ psa_outvec out_vec[] = {
+ {.base = &(operation->handle), .len = sizeof(uint32_t)},
+ {.base = output, .len = output_size},
+ };
+
+ status = API_DISPATCH(tfm_crypto_aead_update,
+ TFM_CRYPTO_AEAD_UPDATE);
+
+ *output_length = out_vec[1].len;
+ return status;
+}
+
+psa_status_t psa_aead_finish(psa_aead_operation_t *operation,
+ uint8_t *ciphertext,
+ size_t ciphertext_size,
+ size_t *ciphertext_length,
+ uint8_t *tag,
+ size_t tag_size,
+ size_t *tag_length)
+{
+ psa_status_t status;
+ struct tfm_crypto_pack_iovec iov = {
+ .sfn_id = TFM_CRYPTO_AEAD_FINISH_SID,
+ .op_handle = operation->handle,
+ };
+
+ psa_invec in_vec[] = {
+ {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
+ };
+ psa_outvec out_vec[] = {
+ {.base = &(operation->handle), .len = sizeof(uint32_t)},
+ {.base = ciphertext, .len = ciphertext_size},
+ {.base = tag, .len = tag_size},
+ };
+
+ status = API_DISPATCH(tfm_crypto_aead_finish,
+ TFM_CRYPTO_AEAD_FINISH);
+
+ *ciphertext_length = out_vec[1].len;
+ *tag_length = out_vec[2].len;
+ return status;
+}
+
+psa_status_t psa_aead_verify(psa_aead_operation_t *operation,
+ uint8_t *plaintext,
+ size_t plaintext_size,
+ size_t *plaintext_length,
+ const uint8_t *tag,
+ size_t tag_length)
+{
+ psa_status_t status;
+ struct tfm_crypto_pack_iovec iov = {
+ .sfn_id = TFM_CRYPTO_AEAD_VERIFY_SID,
+ .op_handle = operation->handle,
+ };
+
+ psa_invec in_vec[] = {
+ {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
+ {.base = tag, .len = tag_length}
+ };
+ psa_outvec out_vec[] = {
+ {.base = &(operation->handle), .len = sizeof(uint32_t)},
+ {.base = plaintext, .len = plaintext_size},
+ };
+
+ status = API_DISPATCH(tfm_crypto_aead_verify,
+ TFM_CRYPTO_AEAD_VERIFY);
+
+ *plaintext_length = out_vec[1].len;
+ return status;
+}
+
+psa_status_t psa_aead_abort(psa_aead_operation_t *operation)
+{
+ psa_status_t status;
+ struct tfm_crypto_pack_iovec iov = {
+ .sfn_id = TFM_CRYPTO_AEAD_ABORT_SID,
+ .op_handle = operation->handle,
+ };
+
+ psa_invec in_vec[] = {
+ {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
+ };
+ psa_outvec out_vec[] = {
+ {.base = &(operation->handle), .len = sizeof(uint32_t)},
+ };
+
+ status = API_DISPATCH(tfm_crypto_aead_abort,
+ TFM_CRYPTO_AEAD_ABORT);
+ return status;
+}
+
psa_status_t psa_sign_message(psa_key_id_t key,
psa_algorithm_t alg,
const uint8_t *input,
@@ -1152,8 +1401,7 @@
return status;
}
-psa_status_t psa_key_derivation_abort(
- psa_key_derivation_operation_t *operation)
+psa_status_t psa_key_derivation_abort(psa_key_derivation_operation_t *operation)
{
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
@@ -1250,55 +1498,6 @@
return status;
}
-psa_status_t psa_aead_update_ad(psa_aead_operation_t *operation,
- const uint8_t *input,
- size_t input_length)
-{
- psa_status_t status;
-
- status = PSA_ERROR_NOT_SUPPORTED;
-
- return status;
-}
-
-psa_status_t psa_aead_finish(psa_aead_operation_t *operation,
- uint8_t *ciphertext,
- size_t ciphertext_size,
- size_t *ciphertext_length,
- uint8_t *tag,
- size_t tag_size,
- size_t *tag_length)
-{
- psa_status_t status;
-
- status = PSA_ERROR_NOT_SUPPORTED;
-
- return status;
-}
-
-psa_status_t psa_aead_verify(psa_aead_operation_t *operation,
- uint8_t *plaintext,
- size_t plaintext_size,
- size_t *plaintext_length,
- const uint8_t *tag,
- size_t tag_length)
-{
- psa_status_t status;
-
- status = PSA_ERROR_NOT_SUPPORTED;
-
- return status;
-}
-
-psa_status_t psa_aead_abort(psa_aead_operation_t *operation)
-{
- psa_status_t status;
-
- status = PSA_ERROR_NOT_SUPPORTED;
-
- return status;
-}
-
psa_status_t psa_mac_compute(psa_key_id_t key,
psa_algorithm_t alg,
const uint8_t *input,
@@ -1474,7 +1673,6 @@
status = API_DISPATCH(tfm_crypto_key_derivation_setup,
TFM_CRYPTO_KEY_DERIVATION_SETUP);
-
return status;
}
@@ -1495,7 +1693,6 @@
status = API_DISPATCH_NO_OUTVEC(tfm_crypto_key_derivation_set_capacity,
TFM_CRYPTO_KEY_DERIVATION_SET_CAPACITY);
-
return status;
}
@@ -1519,7 +1716,6 @@
status = API_DISPATCH_NO_OUTVEC(tfm_crypto_key_derivation_input_bytes,
TFM_CRYPTO_KEY_DERIVATION_INPUT_BYTES);
-
return status;
}
@@ -1545,76 +1741,5 @@
status = API_DISPATCH(tfm_crypto_key_derivation_output_key,
TFM_CRYPTO_KEY_DERIVATION_OUTPUT_KEY);
-
- return status;
-}
-
-psa_status_t psa_aead_encrypt_setup(psa_aead_operation_t *operation,
- psa_key_id_t key,
- psa_algorithm_t alg)
-{
- psa_status_t status;
-
- status = PSA_ERROR_NOT_SUPPORTED;
-
- return status;
-}
-
-psa_status_t psa_aead_decrypt_setup(psa_aead_operation_t *operation,
- psa_key_id_t key,
- psa_algorithm_t alg)
-{
- psa_status_t status;
-
- status = PSA_ERROR_NOT_SUPPORTED;
-
- return status;
-}
-
-psa_status_t psa_aead_generate_nonce(psa_aead_operation_t *operation,
- uint8_t *nonce,
- size_t nonce_size,
- size_t *nonce_length)
-{
- psa_status_t status;
-
- status = PSA_ERROR_NOT_SUPPORTED;
-
- return status;
-}
-
-psa_status_t psa_aead_set_nonce(psa_aead_operation_t *operation,
- const uint8_t *nonce,
- size_t nonce_length)
-{
- psa_status_t status;
-
- status = PSA_ERROR_NOT_SUPPORTED;
-
- return status;
-}
-
-psa_status_t psa_aead_set_lengths(psa_aead_operation_t *operation,
- size_t ad_length,
- size_t plaintext_length)
-{
- psa_status_t status;
-
- status = PSA_ERROR_NOT_SUPPORTED;
-
- return status;
-}
-
-psa_status_t psa_aead_update(psa_aead_operation_t *operation,
- const uint8_t *input,
- size_t input_length,
- uint8_t *output,
- size_t output_size,
- size_t *output_length)
-{
- psa_status_t status;
-
- status = PSA_ERROR_NOT_SUPPORTED;
-
return status;
}
diff --git a/secure_fw/partitions/crypto/crypto_aead.c b/secure_fw/partitions/crypto/crypto_aead.c
index 012ffcf..8c558d2 100644
--- a/secure_fw/partitions/crypto/crypto_aead.c
+++ b/secure_fw/partitions/crypto/crypto_aead.c
@@ -115,8 +115,54 @@
psa_outvec out_vec[],
size_t out_len)
{
- /* FixMe: To be implemented */
+#ifdef TFM_CRYPTO_AEAD_MODULE_DISABLED
return PSA_ERROR_NOT_SUPPORTED;
+#else
+ psa_status_t status = PSA_SUCCESS;
+ psa_aead_operation_t *operation = NULL;
+
+ CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 1, 1, out_len, 1, 1);
+
+ if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec))) {
+ return PSA_ERROR_PROGRAMMER_ERROR;
+ }
+ const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
+ uint32_t handle = iov->op_handle;
+ uint32_t *handle_out = out_vec[0].base;
+ psa_key_id_t key_id = iov->key_id;
+ psa_algorithm_t alg = iov->alg;
+ mbedtls_svc_key_id_t encoded_key;
+
+ /* Init the handle in the operation with the one passed from the iov */
+ *handle_out = iov->op_handle;
+
+ /* Allocate the operation context in the secure world */
+ status = tfm_crypto_operation_alloc(TFM_CRYPTO_AEAD_OPERATION,
+ &handle,
+ (void **)&operation);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
+
+ *handle_out = handle;
+
+ status = tfm_crypto_encode_id_and_owner(key_id, &encoded_key);
+ if (status != PSA_SUCCESS) {
+ goto exit;
+ }
+
+ status = psa_aead_encrypt_setup(operation, encoded_key, alg);
+ if (status != PSA_SUCCESS) {
+ goto exit;
+ }
+
+ return status;
+
+exit:
+ /* Release the operation context, ignore if the operation fails. */
+ (void)tfm_crypto_operation_release(handle_out);
+ return status;
+#endif /* TFM_CRYPTO_AEAD_MODULE_DISABLED */
}
psa_status_t tfm_crypto_aead_decrypt_setup(psa_invec in_vec[],
@@ -124,8 +170,54 @@
psa_outvec out_vec[],
size_t out_len)
{
- /* FixMe: To be implemented */
+#ifdef TFM_CRYPTO_AEAD_MODULE_DISABLED
return PSA_ERROR_NOT_SUPPORTED;
+#else
+ psa_status_t status = PSA_SUCCESS;
+ psa_aead_operation_t *operation = NULL;
+
+ CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 1, 1, out_len, 1, 1);
+
+ if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec))) {
+ return PSA_ERROR_PROGRAMMER_ERROR;
+ }
+ const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
+ uint32_t handle = iov->op_handle;
+ uint32_t *handle_out = out_vec[0].base;
+ psa_key_id_t key_id = iov->key_id;
+ psa_algorithm_t alg = iov->alg;
+ mbedtls_svc_key_id_t encoded_key;
+
+ /* Init the handle in the operation with the one passed from the iov */
+ *handle_out = iov->op_handle;
+
+ /* Allocate the operation context in the secure world */
+ status = tfm_crypto_operation_alloc(TFM_CRYPTO_AEAD_OPERATION,
+ &handle,
+ (void **)&operation);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
+
+ *handle_out = handle;
+
+ status = tfm_crypto_encode_id_and_owner(key_id, &encoded_key);
+ if (status != PSA_SUCCESS) {
+ goto exit;
+ }
+
+ status = psa_aead_decrypt_setup(operation, encoded_key, alg);
+ if (status != PSA_SUCCESS) {
+ goto exit;
+ }
+
+ return status;
+
+exit:
+ /* Release the operation context, ignore if the operation fails. */
+ (void)tfm_crypto_operation_release(handle_out);
+ return status;
+#endif /* TFM_CRYPTO_AEAD_MODULE_DISABLED */
}
psa_status_t tfm_crypto_aead_abort(psa_invec in_vec[],
@@ -133,8 +225,44 @@
psa_outvec out_vec[],
size_t out_len)
{
- /* FixMe: To be implemented */
+#ifdef TFM_CRYPTO_AEAD_MODULE_DISABLED
return PSA_ERROR_NOT_SUPPORTED;
+#else
+ psa_status_t status = PSA_SUCCESS;
+ psa_aead_operation_t *operation = NULL;
+
+ CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 1, 1, out_len, 1, 1);
+
+ if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
+ (out_vec[0].len != sizeof(uint32_t))) {
+ return PSA_ERROR_PROGRAMMER_ERROR;
+ }
+ const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
+ uint32_t handle = iov->op_handle;
+ uint32_t *handle_out = out_vec[0].base;
+
+ /* Init the handle in the operation with the one passed from the iov */
+ *handle_out = iov->op_handle;
+
+ /* Look up the corresponding operation context */
+ status = tfm_crypto_operation_lookup(TFM_CRYPTO_AEAD_OPERATION,
+ handle,
+ (void **)&operation);
+ if (status != PSA_SUCCESS) {
+ /* Operation does not exist, so abort has no effect */
+ return PSA_SUCCESS;
+ }
+
+ status = psa_aead_abort(operation);
+
+ if (status != PSA_SUCCESS) {
+ /* Release the operation context, ignore if the operation fails. */
+ (void)tfm_crypto_operation_release(handle_out);
+ return status;
+ }
+
+ return tfm_crypto_operation_release(handle_out);
+#endif /* TFM_CRYPTO_AEAD_MODULE_DISABLED */
}
psa_status_t tfm_crypto_aead_finish(psa_invec in_vec[],
@@ -142,8 +270,51 @@
psa_outvec out_vec[],
size_t out_len)
{
- /* FixMe: To be implemented */
+#ifdef TFM_CRYPTO_AEAD_MODULE_DISABLED
return PSA_ERROR_NOT_SUPPORTED;
+#else
+ psa_status_t status = PSA_SUCCESS;
+ psa_aead_operation_t *operation = NULL;
+
+ CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 1, 1, out_len, 3, 3);
+
+ if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
+ (out_vec[0].len != sizeof(uint32_t))) {
+ return PSA_ERROR_PROGRAMMER_ERROR;
+ }
+ const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
+ uint32_t handle = iov->op_handle;
+ uint32_t *handle_out = out_vec[0].base;
+ uint8_t *ciphertext = out_vec[1].base;
+ size_t ciphertext_size = out_vec[1].len;
+ uint8_t *tag = out_vec[2].base;
+ size_t tag_size = out_vec[2].len;
+
+ /* Init the handle in the operation with the one passed from the iov */
+ *handle_out = iov->op_handle;
+
+ /* Initialise tag and ciphertext lengths to zero */
+ out_vec[1].len = 0;
+ out_vec[2].len = 0;
+
+ /* Look up the corresponding operation context */
+ status = tfm_crypto_operation_lookup(TFM_CRYPTO_AEAD_OPERATION,
+ handle,
+ (void **)&operation);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
+
+ status = psa_aead_finish(operation,
+ ciphertext, ciphertext_size, &out_vec[1].len,
+ tag, tag_size, &out_vec[2].len);
+ if (status == PSA_SUCCESS) {
+ /* Release the operation context, ignore if the operation fails. */
+ (void)tfm_crypto_operation_release(handle_out);
+ }
+
+ return status;
+#endif /* TFM_CRYPTO_AEAD_MODULE_DISABLED */
}
psa_status_t tfm_crypto_aead_generate_nonce(psa_invec in_vec[],
@@ -151,8 +322,48 @@
psa_outvec out_vec[],
size_t out_len)
{
- /* FixMe: To be implemented */
+#ifdef TFM_CRYPTO_AEAD_MODULE_DISABLED
return PSA_ERROR_NOT_SUPPORTED;
+#else
+ psa_status_t status = PSA_SUCCESS;
+ psa_aead_operation_t *operation = NULL;
+
+ CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 1, 1, out_len, 2, 2);
+
+ if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
+ (out_vec[0].len != sizeof(uint32_t))) {
+ return PSA_ERROR_PROGRAMMER_ERROR;
+ }
+ const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
+ uint32_t handle = iov->op_handle;
+ uint32_t *handle_out = out_vec[0].base;
+ uint8_t *nonce = out_vec[1].base;
+ size_t nonce_size = out_vec[1].len;
+
+ /* Init the handle in the operation with the one passed from the iov */
+ *handle_out = iov->op_handle;
+
+ /* Initialise nonce length to zero */
+ out_vec[1].len = 0;
+
+ /* Look up the corresponding operation context */
+ status = tfm_crypto_operation_lookup(TFM_CRYPTO_AEAD_OPERATION,
+ handle,
+ (void **)&operation);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
+
+ status = psa_aead_generate_nonce(operation,
+ nonce, nonce_size, &out_vec[1].len);
+
+ if (status != PSA_SUCCESS) {
+ /* Release the operation context, ignore if the operation fails. */
+ (void)tfm_crypto_operation_release(handle_out);
+ }
+
+ return status;
+#endif /* TFM_CRYPTO_AEAD_MODULE_DISABLED */
}
psa_status_t tfm_crypto_aead_set_nonce(psa_invec in_vec[],
@@ -160,8 +371,44 @@
psa_outvec out_vec[],
size_t out_len)
{
- /* FixMe: To be implemented */
+#ifdef TFM_CRYPTO_AEAD_MODULE_DISABLED
return PSA_ERROR_NOT_SUPPORTED;
+#else
+ psa_status_t status = PSA_SUCCESS;
+ psa_aead_operation_t *operation = NULL;
+
+ CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 2, 2, out_len, 1, 1);
+
+ if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
+ (out_vec[0].len != sizeof(uint32_t))) {
+ return PSA_ERROR_PROGRAMMER_ERROR;
+ }
+ const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
+ uint32_t handle = iov->op_handle;
+ uint32_t *handle_out = out_vec[0].base;
+ const uint8_t *nonce = in_vec[1].base;
+ size_t nonce_size = in_vec[1].len;
+
+ /* Init the handle in the operation with the one passed from the iov */
+ *handle_out = iov->op_handle;
+
+ /* Look up the corresponding operation context */
+ status = tfm_crypto_operation_lookup(TFM_CRYPTO_AEAD_OPERATION,
+ handle,
+ (void **)&operation);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
+
+ status = psa_aead_set_nonce(operation, nonce, nonce_size);
+
+ if (status != PSA_SUCCESS) {
+ /* Release the operation context, ignore if the operation fails. */
+ (void)tfm_crypto_operation_release(handle_out);
+ }
+
+ return status;
+#endif /* TFM_CRYPTO_AEAD_MODULE_DISABLED */
}
psa_status_t tfm_crypto_aead_set_lengths(psa_invec in_vec[],
@@ -169,8 +416,45 @@
psa_outvec out_vec[],
size_t out_len)
{
- /* FixMe: To be implemented */
+#ifdef TFM_CRYPTO_AEAD_MODULE_DISABLED
return PSA_ERROR_NOT_SUPPORTED;
+#else
+ psa_status_t status = PSA_SUCCESS;
+ psa_aead_operation_t *operation = NULL;
+
+ CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 1, 1, out_len, 1, 1);
+
+ if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
+ (out_vec[0].len != sizeof(uint32_t))) {
+ return PSA_ERROR_PROGRAMMER_ERROR;
+ }
+ const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
+ uint32_t handle = iov->op_handle;
+ uint32_t *handle_out = out_vec[0].base;
+ size_t ad_length = iov->ad_length;
+ size_t plaintext_length = iov->plaintext_length;
+
+ /* Init the handle in the operation with the one passed from the iov */
+ *handle_out = iov->op_handle;
+
+ /* Look up the corresponding operation context */
+ status = tfm_crypto_operation_lookup(TFM_CRYPTO_AEAD_OPERATION,
+ handle,
+ (void **)&operation);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
+ status = psa_aead_set_lengths(operation,
+ ad_length,
+ plaintext_length);
+
+ if (status != PSA_SUCCESS) {
+ /* Release the operation context, ignore if the operation fails. */
+ (void)tfm_crypto_operation_release(handle_out);
+ }
+
+ return status;
+#endif /* TFM_CRYPTO_AEAD_MODULE_DISABLED */
}
psa_status_t tfm_crypto_aead_update(psa_invec in_vec[],
@@ -178,8 +462,48 @@
psa_outvec out_vec[],
size_t out_len)
{
- /* FixMe: To be implemented */
+#ifdef TFM_CRYPTO_AEAD_MODULE_DISABLED
return PSA_ERROR_NOT_SUPPORTED;
+#else
+ psa_status_t status = PSA_SUCCESS;
+ psa_aead_operation_t *operation = NULL;
+
+ CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 2, 2, out_len, 2, 2);
+
+ if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
+ (out_vec[0].len != sizeof(uint32_t))) {
+ return PSA_ERROR_PROGRAMMER_ERROR;
+ }
+ const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
+ uint32_t handle = iov->op_handle;
+ uint32_t *handle_out = out_vec[0].base;
+ const uint8_t *input = in_vec[1].base;
+ size_t input_length = in_vec[1].len;
+ uint8_t *output = out_vec[1].base;
+ size_t output_size = out_vec[1].len;
+
+ /* Init the handle in the operation with the one passed from the iov */
+ *handle_out = iov->op_handle;
+
+ /* Look up the corresponding operation context */
+ status = tfm_crypto_operation_lookup(TFM_CRYPTO_AEAD_OPERATION,
+ handle,
+ (void **)&operation);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
+
+ status = psa_aead_update(operation,
+ input, input_length,
+ output, output_size, &out_vec[1].len);
+
+ if (status != PSA_SUCCESS) {
+ /* Release the operation context, ignore if the operation fails. */
+ (void)tfm_crypto_operation_release(handle_out);
+ }
+
+ return status;
+#endif /* TFM_CRYPTO_AEAD_MODULE_DISABLED */
}
psa_status_t tfm_crypto_aead_update_ad(psa_invec in_vec[],
@@ -187,8 +511,44 @@
psa_outvec out_vec[],
size_t out_len)
{
- /* FixMe: To be implemented */
+#ifdef TFM_CRYPTO_AEAD_MODULE_DISABLED
return PSA_ERROR_NOT_SUPPORTED;
+#else
+ psa_status_t status = PSA_SUCCESS;
+ psa_aead_operation_t *operation = NULL;
+
+ CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 2, 2, out_len, 1, 1);
+
+ if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
+ (out_vec[0].len != sizeof(uint32_t))) {
+ return PSA_ERROR_PROGRAMMER_ERROR;
+ }
+ const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
+ uint32_t handle = iov->op_handle;
+ uint32_t *handle_out = out_vec[0].base;
+ const uint8_t *input = in_vec[1].base;
+ size_t input_length = in_vec[1].len;
+
+ /* Init the handle in the operation with the one passed from the iov */
+ *handle_out = iov->op_handle;
+
+ /* Look up the corresponding operation context */
+ status = tfm_crypto_operation_lookup(TFM_CRYPTO_AEAD_OPERATION,
+ handle,
+ (void **)&operation);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
+
+ status = psa_aead_update_ad(operation, input, input_length);
+
+ if (status != PSA_SUCCESS) {
+ /* Release the operation context, ignore if the operation fails. */
+ (void)tfm_crypto_operation_release(handle_out);
+ }
+
+ return status;
+#endif /* TFM_CRYPTO_AEAD_MODULE_DISABLED */
}
psa_status_t tfm_crypto_aead_verify(psa_invec in_vec[],
@@ -196,7 +556,47 @@
psa_outvec out_vec[],
size_t out_len)
{
- /* FixMe: To be implemented */
+#ifdef TFM_CRYPTO_AEAD_MODULE_DISABLED
return PSA_ERROR_NOT_SUPPORTED;
+#else
+ psa_status_t status = PSA_SUCCESS;
+ psa_aead_operation_t *operation = NULL;
+
+ CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 2, 2, out_len, 2, 2);
+
+ if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
+ (out_vec[0].len != sizeof(uint32_t))) {
+ return PSA_ERROR_PROGRAMMER_ERROR;
+ }
+ const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
+ uint32_t handle = iov->op_handle;
+ uint32_t *handle_out = out_vec[0].base;
+ const uint8_t *tag = in_vec[1].base;
+ size_t tag_length = in_vec[1].len;
+ uint8_t *plaintext = out_vec[1].base;
+ size_t plaintext_size = out_vec[1].len;
+
+ /* Init the handle in the operation with the one passed from the iov */
+ *handle_out = iov->op_handle;
+
+ /* Look up the corresponding operation context */
+ status = tfm_crypto_operation_lookup(TFM_CRYPTO_AEAD_OPERATION,
+ handle,
+ (void **)&operation);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
+
+ status = psa_aead_verify(operation,
+ plaintext, plaintext_size, &out_vec[1].len,
+ tag, tag_length);
+
+ if (status == PSA_SUCCESS) {
+ /* Release the operation context, ignore if the operation fails. */
+ (void)tfm_crypto_operation_release(handle_out);
+ }
+
+ return status;
+#endif /* TFM_CRYPTO_AEAD_MODULE_DISABLED */
}
/*!@}*/
diff --git a/secure_fw/partitions/crypto/crypto_alloc.c b/secure_fw/partitions/crypto/crypto_alloc.c
index be68be0..7159bf2 100644
--- a/secure_fw/partitions/crypto/crypto_alloc.c
+++ b/secure_fw/partitions/crypto/crypto_alloc.c
@@ -36,6 +36,7 @@
psa_mac_operation_t mac; /*!< MAC operation context */
psa_hash_operation_t hash; /*!< Hash operation context */
psa_key_derivation_operation_t key_deriv; /*!< Key derivation operation context */
+ psa_aead_operation_t aead; /*!< AEAD operation context */
} operation;
};
@@ -68,6 +69,9 @@
case TFM_CRYPTO_KEY_DERIVATION_OPERATION:
mem_size = sizeof(psa_key_derivation_operation_t);
break;
+ case TFM_CRYPTO_AEAD_OPERATION:
+ mem_size = sizeof(psa_aead_operation_t);
+ break;
case TFM_CRYPTO_OPERATION_NONE:
default:
mem_size = 0;
diff --git a/secure_fw/partitions/crypto/tfm_crypto_api.h b/secure_fw/partitions/crypto/tfm_crypto_api.h
index 79bf703..a7c3104 100644
--- a/secure_fw/partitions/crypto/tfm_crypto_api.h
+++ b/secure_fw/partitions/crypto/tfm_crypto_api.h
@@ -41,6 +41,7 @@
TFM_CRYPTO_MAC_OPERATION = 2,
TFM_CRYPTO_HASH_OPERATION = 3,
TFM_CRYPTO_KEY_DERIVATION_OPERATION = 4,
+ TFM_CRYPTO_AEAD_OPERATION = 5,
/* Used to force the enum size */
TFM_CRYPTO_OPERATION_TYPE_MAX = INT_MAX
diff --git a/secure_fw/partitions/crypto/tfm_crypto_secure_api.c b/secure_fw/partitions/crypto/tfm_crypto_secure_api.c
index b0e27ff..097874d 100644
--- a/secure_fw/partitions/crypto/tfm_crypto_secure_api.c
+++ b/secure_fw/partitions/crypto/tfm_crypto_secure_api.c
@@ -1038,6 +1038,299 @@
#endif /* TFM_CRYPTO_AEAD_MODULE_DISABLED */
}
+psa_status_t psa_aead_encrypt_setup(psa_aead_operation_t *operation,
+ psa_key_id_t key,
+ psa_algorithm_t alg)
+{
+#ifdef TFM_CRYPTO_AEAD_MODULE_DISABLED
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
+ psa_status_t status;
+ struct tfm_crypto_pack_iovec iov = {
+ .sfn_id = TFM_CRYPTO_AEAD_ENCRYPT_SETUP_SID,
+ .key_id = key,
+ .alg = alg,
+ .op_handle = operation->handle,
+ };
+
+ psa_invec in_vec[] = {
+ {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)}
+ };
+ psa_outvec out_vec[] = {
+ {.base = &(operation->handle), .len = sizeof(uint32_t)}
+ };
+
+ status = API_DISPATCH(tfm_crypto_aead_encrypt_setup,
+ TFM_CRYPTO_AEAD_ENCRYPT_SETUP);
+ return status;
+#endif /* TFM_CRYPTO_AEAD_MODULE_DISABLED */
+}
+
+psa_status_t psa_aead_decrypt_setup(psa_aead_operation_t *operation,
+ psa_key_id_t key,
+ psa_algorithm_t alg)
+{
+#ifdef TFM_CRYPTO_AEAD_MODULE_DISABLED
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
+ psa_status_t status;
+ struct tfm_crypto_pack_iovec iov = {
+ .sfn_id = TFM_CRYPTO_AEAD_DECRYPT_SETUP_SID,
+ .key_id = key,
+ .alg = alg,
+ .op_handle = operation->handle,
+ };
+
+ psa_invec in_vec[] = {
+ {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)}
+ };
+ psa_outvec out_vec[] = {
+ {.base = &(operation->handle), .len = sizeof(uint32_t)}
+ };
+
+ status = API_DISPATCH(tfm_crypto_aead_decrypt_setup,
+ TFM_CRYPTO_AEAD_DECRYPT_SETUP);
+ return status;
+#endif /* TFM_CRYPTO_AEAD_MODULE_DISABLED */
+}
+
+psa_status_t psa_aead_generate_nonce(psa_aead_operation_t *operation,
+ uint8_t *nonce,
+ size_t nonce_size,
+ size_t *nonce_length)
+{
+#ifdef TFM_CRYPTO_AEAD_MODULE_DISABLED
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
+ psa_status_t status;
+ struct tfm_crypto_pack_iovec iov = {
+ .sfn_id = TFM_CRYPTO_AEAD_GENERATE_NONCE_SID,
+ .op_handle = operation->handle,
+ };
+
+ psa_invec in_vec[] = {
+ {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
+ };
+ psa_outvec out_vec[] = {
+ {.base = &(operation->handle), .len = sizeof(uint32_t)},
+ {.base = nonce, .len = nonce_size}
+ };
+
+ status = API_DISPATCH(tfm_crypto_aead_generate_nonce,
+ TFM_CRYPTO_AEAD_GENERATE_NONCE);
+
+ *nonce_length = out_vec[1].len;
+ return status;
+#endif /* TFM_CRYPTO_AEAD_MODULE_DISABLED */
+}
+
+psa_status_t psa_aead_set_nonce(psa_aead_operation_t *operation,
+ const uint8_t *nonce,
+ size_t nonce_length)
+{
+#ifdef TFM_CRYPTO_AEAD_MODULE_DISABLED
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
+ psa_status_t status;
+ struct tfm_crypto_pack_iovec iov = {
+ .sfn_id = TFM_CRYPTO_AEAD_SET_NONCE_SID,
+ .op_handle = operation->handle,
+ };
+
+ psa_invec in_vec[] = {
+ {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
+ {.base = nonce, .len = nonce_length}
+ };
+ psa_outvec out_vec[] = {
+ {.base = &(operation->handle), .len = sizeof(uint32_t)}
+ };
+
+ status = API_DISPATCH(tfm_crypto_aead_set_nonce,
+ TFM_CRYPTO_AEAD_SET_NONCE);
+ return status;
+#endif /* TFM_CRYPTO_AEAD_MODULE_DISABLED */
+}
+
+psa_status_t psa_aead_set_lengths(psa_aead_operation_t *operation,
+ size_t ad_length,
+ size_t plaintext_length)
+{
+#ifdef TFM_CRYPTO_AEAD_MODULE_DISABLED
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
+ psa_status_t status;
+ struct tfm_crypto_pack_iovec iov = {
+ .sfn_id = TFM_CRYPTO_AEAD_SET_LENGTHS_SID,
+ .ad_length = ad_length,
+ .plaintext_length = plaintext_length,
+ .op_handle = operation->handle,
+ };
+
+ psa_invec in_vec[] = {
+ {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
+ };
+ psa_outvec out_vec[] = {
+ {.base = &(operation->handle), .len = sizeof(uint32_t)}
+ };
+
+ status = API_DISPATCH(tfm_crypto_aead_set_lengths,
+ TFM_CRYPTO_AEAD_SET_LENGTHS);
+ return status;
+#endif /* TFM_CRYPTO_AEAD_MODULE_DISABLED */
+}
+
+psa_status_t psa_aead_update_ad(psa_aead_operation_t *operation,
+ const uint8_t *input,
+ size_t input_length)
+{
+#ifdef TFM_CRYPTO_AEAD_MODULE_DISABLED
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
+ psa_status_t status;
+ struct tfm_crypto_pack_iovec iov = {
+ .sfn_id = TFM_CRYPTO_AEAD_UPDATE_AD_SID,
+ .op_handle = operation->handle,
+ };
+
+ psa_invec in_vec[] = {
+ {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
+ {.base = input, .len = input_length}
+ };
+ psa_outvec out_vec[] = {
+ {.base = &(operation->handle), .len = sizeof(uint32_t)}
+ };
+
+ status = API_DISPATCH(tfm_crypto_aead_update_ad,
+ TFM_CRYPTO_AEAD_UPDATE_AD);
+ return status;
+#endif /* TFM_CRYPTO_AEAD_MODULE_DISABLED */
+}
+
+psa_status_t psa_aead_update(psa_aead_operation_t *operation,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length)
+{
+#ifdef TFM_CRYPTO_AEAD_MODULE_DISABLED
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
+ psa_status_t status;
+ struct tfm_crypto_pack_iovec iov = {
+ .sfn_id = TFM_CRYPTO_AEAD_UPDATE_SID,
+ .op_handle = operation->handle,
+ };
+
+ psa_invec in_vec[] = {
+ {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
+ {.base = input, .len = input_length}
+ };
+ psa_outvec out_vec[] = {
+ {.base = &(operation->handle), .len = sizeof(uint32_t)},
+ {.base = output, .len = output_size},
+ };
+
+ status = API_DISPATCH(tfm_crypto_aead_update,
+ TFM_CRYPTO_AEAD_UPDATE);
+
+ *output_length = out_vec[1].len;
+ return status;
+#endif /* TFM_CRYPTO_AEAD_MODULE_DISABLED */
+}
+
+psa_status_t psa_aead_finish(psa_aead_operation_t *operation,
+ uint8_t *ciphertext,
+ size_t ciphertext_size,
+ size_t *ciphertext_length,
+ uint8_t *tag,
+ size_t tag_size,
+ size_t *tag_length)
+{
+#ifdef TFM_CRYPTO_AEAD_MODULE_DISABLED
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
+ psa_status_t status;
+ struct tfm_crypto_pack_iovec iov = {
+ .sfn_id = TFM_CRYPTO_AEAD_FINISH_SID,
+ .op_handle = operation->handle,
+ };
+
+ psa_invec in_vec[] = {
+ {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
+ };
+ psa_outvec out_vec[] = {
+ {.base = &(operation->handle), .len = sizeof(uint32_t)},
+ {.base = ciphertext, .len = ciphertext_size},
+ {.base = tag, .len = tag_size}
+ };
+
+ status = API_DISPATCH(tfm_crypto_aead_finish,
+ TFM_CRYPTO_AEAD_FINISH);
+
+ *ciphertext_length = out_vec[1].len;
+ *tag_length = out_vec[2].len;
+ return status;
+#endif /* TFM_CRYPTO_AEAD_MODULE_DISABLED */
+}
+
+psa_status_t psa_aead_verify(psa_aead_operation_t *operation,
+ uint8_t *plaintext,
+ size_t plaintext_size,
+ size_t *plaintext_length,
+ const uint8_t *tag,
+ size_t tag_length)
+{
+#ifdef TFM_CRYPTO_AEAD_MODULE_DISABLED
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
+ psa_status_t status;
+ struct tfm_crypto_pack_iovec iov = {
+ .sfn_id = TFM_CRYPTO_AEAD_VERIFY_SID,
+ .op_handle = operation->handle,
+ };
+
+ psa_invec in_vec[] = {
+ {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
+ {.base = tag, .len = tag_length}
+ };
+ psa_outvec out_vec[] = {
+ {.base = &(operation->handle), .len = sizeof(uint32_t)},
+ {.base = plaintext, .len = plaintext_size}
+ };
+
+ status = API_DISPATCH(tfm_crypto_aead_verify,
+ TFM_CRYPTO_AEAD_VERIFY);
+
+ *plaintext_length = out_vec[1].len;
+ return status;
+#endif /* TFM_CRYPTO_AEAD_MODULE_DISABLED */
+}
+
+psa_status_t psa_aead_abort(psa_aead_operation_t *operation)
+{
+#ifdef TFM_CRYPTO_AEAD_MODULE_DISABLED
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
+ psa_status_t status;
+ struct tfm_crypto_pack_iovec iov = {
+ .sfn_id = TFM_CRYPTO_AEAD_ABORT_SID,
+ .op_handle = operation->handle,
+ };
+
+ psa_invec in_vec[] = {
+ {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
+ };
+ psa_outvec out_vec[] = {
+ {.base = &(operation->handle), .len = sizeof(uint32_t)},
+ };
+
+ status = API_DISPATCH(tfm_crypto_aead_abort,
+ TFM_CRYPTO_AEAD_ABORT);
+ return status;
+#endif /* TFM_CRYPTO_AEAD_MODULE_DISABLED */
+}
+
psa_status_t psa_sign_message(psa_key_id_t key_id,
psa_algorithm_t alg,
const uint8_t *input,
@@ -1474,55 +1767,6 @@
#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
}
-psa_status_t psa_aead_update_ad(psa_aead_operation_t *operation,
- const uint8_t *input,
- size_t input_length)
-{
- psa_status_t status;
-
- status = PSA_ERROR_NOT_SUPPORTED;
-
- return status;
-}
-
-psa_status_t psa_aead_finish(psa_aead_operation_t *operation,
- uint8_t *ciphertext,
- size_t ciphertext_size,
- size_t *ciphertext_length,
- uint8_t *tag,
- size_t tag_size,
- size_t *tag_length)
-{
- psa_status_t status;
-
- status = PSA_ERROR_NOT_SUPPORTED;
-
- return status;
-}
-
-psa_status_t psa_aead_verify(psa_aead_operation_t *operation,
- uint8_t *plaintext,
- size_t plaintext_size,
- size_t *plaintext_length,
- const uint8_t *tag,
- size_t tag_length)
-{
- psa_status_t status;
-
- status = PSA_ERROR_NOT_SUPPORTED;
-
- return status;
-}
-
-psa_status_t psa_aead_abort(psa_aead_operation_t *operation)
-{
- psa_status_t status;
-
- status = PSA_ERROR_NOT_SUPPORTED;
-
- return status;
-}
-
psa_status_t psa_mac_compute(psa_key_id_t key_id,
psa_algorithm_t alg,
const uint8_t *input,
@@ -1800,73 +2044,3 @@
return status;
#endif /* TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED */
}
-
-psa_status_t psa_aead_encrypt_setup(psa_aead_operation_t *operation,
- psa_key_id_t key_id,
- psa_algorithm_t alg)
-{
- psa_status_t status;
-
- status = PSA_ERROR_NOT_SUPPORTED;
-
- return status;
-}
-
-psa_status_t psa_aead_decrypt_setup(psa_aead_operation_t *operation,
- psa_key_id_t key_id,
- psa_algorithm_t alg)
-{
- psa_status_t status;
-
- status = PSA_ERROR_NOT_SUPPORTED;
-
- return status;
-}
-
-psa_status_t psa_aead_generate_nonce(psa_aead_operation_t *operation,
- uint8_t *nonce,
- size_t nonce_size,
- size_t *nonce_length)
-{
- psa_status_t status;
-
- status = PSA_ERROR_NOT_SUPPORTED;
-
- return status;
-}
-
-psa_status_t psa_aead_set_nonce(psa_aead_operation_t *operation,
- const uint8_t *nonce,
- size_t nonce_length)
-{
- psa_status_t status;
-
- status = PSA_ERROR_NOT_SUPPORTED;
-
- return status;
-}
-
-psa_status_t psa_aead_set_lengths(psa_aead_operation_t *operation,
- size_t ad_length,
- size_t plaintext_length)
-{
- psa_status_t status;
-
- status = PSA_ERROR_NOT_SUPPORTED;
-
- return status;
-}
-
-psa_status_t psa_aead_update(psa_aead_operation_t *operation,
- const uint8_t *input,
- size_t input_length,
- uint8_t *output,
- size_t output_size,
- size_t *output_length)
-{
- psa_status_t status;
-
- status = PSA_ERROR_NOT_SUPPORTED;
-
- return status;
-}