TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / TF-M / trusted-firmware-m / 8f4db96950f948e3193f9575e0ed8f8ece61b3b0 / . / secure_fw / partitions / crypto / crypto_cipher.c
blob: 6318d0f808c8cc9142ebe01fe3b117c2f898a1b5 [file] [log] [blame]
/*
* Copyright (c) 2018-2021, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
*/
#include <stddef.h>
#include <stdint.h>
#include "tfm_mbedcrypto_include.h"
#include "tfm_crypto_api.h"
#include "tfm_crypto_defs.h"
#include "tfm_crypto_private.h"
/*!
* \defgroup public_psa Public functions, PSA
*
*/
/*!@{*/
psa_status_t tfm_crypto_cipher_generate_iv(psa_invec in_vec[],
size_t in_len,
psa_outvec out_vec[],
size_t out_len)
{
#ifdef TFM_CRYPTO_CIPHER_MODULE_DISABLED
return PSA_ERROR_NOT_SUPPORTED;
#else
psa_status_t status = PSA_SUCCESS;
psa_cipher_operation_t *operation = NULL;
CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 1, 1, out_len, 1, 2);
if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
(out_vec[0].len != sizeof(uint32_t))) {
return PSA_ERROR_PROGRAMMER_ERROR;
}
const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
uint32_t handle = iov->op_handle;
uint32_t *handle_out = out_vec[0].base;
unsigned char *iv = out_vec[1].base;
size_t iv_size = out_vec[1].len;
/* Init the handle in the operation with the one passed from the iov */
*handle_out = iov->op_handle;
/* Look up the corresponding operation context */
status = tfm_crypto_operation_lookup(TFM_CRYPTO_CIPHER_OPERATION,
handle,
(void **)&operation);
if (status != PSA_SUCCESS) {
return status;
}
*handle_out = handle;
return psa_cipher_generate_iv(operation, iv, iv_size, &out_vec[1].len);
#endif /* TFM_CRYPTO_CIPHER_MODULE_DISABLED */
}
psa_status_t tfm_crypto_cipher_set_iv(psa_invec in_vec[],
size_t in_len,
psa_outvec out_vec[],
size_t out_len)
{
#ifdef TFM_CRYPTO_CIPHER_MODULE_DISABLED
return PSA_ERROR_NOT_SUPPORTED;
#else
psa_status_t status = PSA_SUCCESS;
psa_cipher_operation_t *operation = NULL;
CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 1, 2, out_len, 1, 1);
if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
(out_vec[0].len != sizeof(uint32_t))) {
return PSA_ERROR_PROGRAMMER_ERROR;
}
const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
uint32_t handle = iov->op_handle;
uint32_t *handle_out = out_vec[0].base;
const unsigned char *iv = in_vec[1].base;
size_t iv_length = in_vec[1].len;
/* Init the handle in the operation with the one passed from the iov */
*handle_out = iov->op_handle;
/* Look up the corresponding operation context */
status = tfm_crypto_operation_lookup(TFM_CRYPTO_CIPHER_OPERATION,
handle,
(void **)&operation);
if (status != PSA_SUCCESS) {
return status;
}
return psa_cipher_set_iv(operation, iv, iv_length);
#endif /* TFM_CRYPTO_CIPHER_MODULE_DISABLED */
}
psa_status_t tfm_crypto_cipher_encrypt_setup(psa_invec in_vec[],
size_t in_len,
psa_outvec out_vec[],
size_t out_len)
{
#ifdef TFM_CRYPTO_CIPHER_MODULE_DISABLED
return PSA_ERROR_NOT_SUPPORTED;
#else
psa_status_t status = PSA_SUCCESS;
psa_cipher_operation_t *operation = NULL;
CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 1, 1, out_len, 1, 1);
if ((out_vec[0].len != sizeof(uint32_t)) ||
(in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec))) {
return PSA_ERROR_PROGRAMMER_ERROR;
}
const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
uint32_t handle = iov->op_handle;
uint32_t *handle_out = out_vec[0].base;
psa_key_id_t key_id = iov->key_id;
psa_algorithm_t alg = iov->alg;
mbedtls_svc_key_id_t encoded_key;
status = tfm_crypto_check_handle_owner(key_id);
if (status != PSA_SUCCESS) {
return status;
}
/* Allocate the operation context in the secure world */
status = tfm_crypto_operation_alloc(TFM_CRYPTO_CIPHER_OPERATION,
&handle,
(void **)&operation);
if (status != PSA_SUCCESS) {
return status;
}
*handle_out = handle;
status = tfm_crypto_encode_id_and_owner(key_id, &encoded_key);
if (status != PSA_SUCCESS) {
goto exit;
}
status = psa_cipher_encrypt_setup(operation, encoded_key, alg);
if (status != PSA_SUCCESS) {
goto exit;
}
return status;
exit:
/* Release the operation context, ignore if the operation fails. */
(void)tfm_crypto_operation_release(handle_out);
return status;
#endif /* TFM_CRYPTO_CIPHER_MODULE_DISABLED */
}
psa_status_t tfm_crypto_cipher_decrypt_setup(psa_invec in_vec[],
size_t in_len,
psa_outvec out_vec[],
size_t out_len)
{
#ifdef TFM_CRYPTO_CIPHER_MODULE_DISABLED
return PSA_ERROR_NOT_SUPPORTED;
#else
psa_status_t status = PSA_SUCCESS;
psa_cipher_operation_t *operation = NULL;
CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 1, 1, out_len, 1, 1);
if ((out_vec[0].len != sizeof(uint32_t)) ||
(in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec))) {
return PSA_ERROR_PROGRAMMER_ERROR;
}
const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
uint32_t handle = iov->op_handle;
uint32_t *handle_out = out_vec[0].base;
psa_key_id_t key_id = iov->key_id;
psa_algorithm_t alg = iov->alg;
mbedtls_svc_key_id_t encoded_key;
status = tfm_crypto_check_handle_owner(key_id);
if (status != PSA_SUCCESS) {
return status;
}
/* Allocate the operation context in the secure world */
status = tfm_crypto_operation_alloc(TFM_CRYPTO_CIPHER_OPERATION,
&handle,
(void **)&operation);
if (status != PSA_SUCCESS) {
return status;
}
*handle_out = handle;
status = tfm_crypto_encode_id_and_owner(key_id, &encoded_key);
if (status != PSA_SUCCESS) {
goto exit;
}
status = psa_cipher_decrypt_setup(operation, encoded_key, alg);
if (status != PSA_SUCCESS) {
goto exit;
}
return status;
exit:
/* Release the operation context, ignore if the operation fails. */
(void)tfm_crypto_operation_release(handle_out);
return status;
#endif /* TFM_CRYPTO_CIPHER_MODULE_DISABLED */
}
psa_status_t tfm_crypto_cipher_update(psa_invec in_vec[],
size_t in_len,
psa_outvec out_vec[],
size_t out_len)
{
#ifdef TFM_CRYPTO_CIPHER_MODULE_DISABLED
return PSA_ERROR_NOT_SUPPORTED;
#else
psa_status_t status = PSA_SUCCESS;
psa_cipher_operation_t *operation = NULL;
CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 1, 2, out_len, 1, 2);
if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
(out_vec[0].len != sizeof(uint32_t))) {
return PSA_ERROR_PROGRAMMER_ERROR;
}
const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
uint32_t handle = iov->op_handle;
uint32_t *handle_out = out_vec[0].base;
const uint8_t *input = in_vec[1].base;
size_t input_length = in_vec[1].len;
unsigned char *output = out_vec[1].base;
size_t output_size = out_vec[1].len;
/* Init the handle in the operation with the one passed from the iov */
*handle_out = iov->op_handle;
/* Initialise the output_length to zero */
out_vec[1].len = 0;
/* Look up the corresponding operation context */
status = tfm_crypto_operation_lookup(TFM_CRYPTO_CIPHER_OPERATION,
handle,
(void **)&operation);
if (status != PSA_SUCCESS) {
return status;
}
return psa_cipher_update(operation, input, input_length,
output, output_size, &out_vec[1].len);
#endif /* TFM_CRYPTO_CIPHER_MODULE_DISABLED */
}
psa_status_t tfm_crypto_cipher_finish(psa_invec in_vec[],
size_t in_len,
psa_outvec out_vec[],
size_t out_len)
{
#ifdef TFM_CRYPTO_CIPHER_MODULE_DISABLED
return PSA_ERROR_NOT_SUPPORTED;
#else
psa_status_t status = PSA_SUCCESS;
psa_cipher_operation_t *operation = NULL;
CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 1, 1, out_len, 1, 2);
if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
(out_vec[0].len != sizeof(uint32_t))) {
return PSA_ERROR_PROGRAMMER_ERROR;
}
const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
uint32_t handle = iov->op_handle;
uint32_t *handle_out = out_vec[0].base;
unsigned char *output = out_vec[1].base;
size_t output_size = out_vec[1].len;
/* Init the handle in the operation with the one passed from the iov */
*handle_out = iov->op_handle;
/* Initialise the output_length to zero */
out_vec[1].len = 0;
/* Look up the corresponding operation context */
status = tfm_crypto_operation_lookup(TFM_CRYPTO_CIPHER_OPERATION,
handle,
(void **)&operation);
if (status != PSA_SUCCESS) {
return status;
}
status = psa_cipher_finish(operation, output, output_size, &out_vec[1].len);
if (status == PSA_SUCCESS) {
/* Release the operation context, ignore if the operation fails. */
(void)tfm_crypto_operation_release(handle_out);
}
return status;
#endif /* TFM_CRYPTO_CIPHER_MODULE_DISABLED */
}
psa_status_t tfm_crypto_cipher_abort(psa_invec in_vec[],
size_t in_len,
psa_outvec out_vec[],
size_t out_len)
{
#ifdef TFM_CRYPTO_CIPHER_MODULE_DISABLED
return PSA_ERROR_NOT_SUPPORTED;
#else
psa_status_t status = PSA_SUCCESS;
psa_cipher_operation_t *operation = NULL;
CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 1, 1, out_len, 1, 1);
if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
(out_vec[0].len != sizeof(uint32_t))) {
return PSA_ERROR_PROGRAMMER_ERROR;
}
const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
uint32_t handle = iov->op_handle;
uint32_t *handle_out = out_vec[0].base;
/* Init the handle in the operation with the one passed from the iov */
*handle_out = iov->op_handle;
/* Look up the corresponding operation context */
status = tfm_crypto_operation_lookup(TFM_CRYPTO_CIPHER_OPERATION,
handle,
(void **)&operation);
if (status != PSA_SUCCESS) {
/* Operation does not exist, so abort has no effect */
return PSA_SUCCESS;
}
status = psa_cipher_abort(operation);
if (status != PSA_SUCCESS) {
/* Release the operation context, ignore if the operation fails. */
(void)tfm_crypto_operation_release(handle_out);
return status;
}
return tfm_crypto_operation_release(handle_out);
#endif /* TFM_CRYPTO_CIPHER_MODULE_DISABLED */
}
psa_status_t tfm_crypto_cipher_encrypt(psa_invec in_vec[],
size_t in_len,
psa_outvec out_vec[],
size_t out_len)
{
/* FixMe: To be implemented */
return PSA_ERROR_NOT_SUPPORTED;
}
psa_status_t tfm_crypto_cipher_decrypt(psa_invec in_vec[],
size_t in_len,
psa_outvec out_vec[],
size_t out_len)
{
/* FixMe: To be implemented */
return PSA_ERROR_NOT_SUPPORTED;
}
/*!@}*/