Crypto: Use uniform signatures
This patch amends the Crypto service to use the
Uniform Signatures interfaces supported by TF-M.
Change-Id: Ia1e269075bf94e1d60281da789dd43bb2be3f265
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
diff --git a/interface/include/crypto_psa_wrappers.h b/interface/include/crypto_psa_wrappers.h
deleted file mode 100644
index 61c4772..0000000
--- a/interface/include/crypto_psa_wrappers.h
+++ /dev/null
@@ -1,142 +0,0 @@
-/*
- * Copyright (c) 2018-2019, Arm Limited. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- *
- */
-
-#ifndef __CRYPTO_PSA_WRAPPERS_H__
-#define __CRYPTO_PSA_WRAPPERS_H__
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*!
- * \struct psa_cipher_update_input
- *
- * \brief Input structure for the tfm_crypto_cipher_update_wrapper function
- *
- */
-struct psa_cipher_update_input {
- const uint8_t *input; /*!< Input data to the cipher */
- size_t input_length; /*!< Size of the input data */
-};
-
-/*!
- * \struct psa_cipher_update_output
- *
- * \brief Output structure for the tfm_crypto_cipher_update_wrapper function
- *
- */
-struct psa_cipher_update_output {
- unsigned char *output; /*!< Buffer to hold the output data from the cipher*/
- size_t output_size; /*!< Size of the output buffer */
- size_t *output_length; /*!< Size of the output data from the cipher */
-};
-
-/*!
- * \brief This function is a TF-M compatible wrapper for the
- * \ref tfm_crypto_cipher_update implemented in the Crypto service
- *
- * \param[out] operation Pointer to a cipher operation context in the backend
- * \param[in] input_s Pointer to the structure containing input parameters
- * associated with \ref psa_cipher_update_input
- * \param[out] output_s Pointer to the structure containing output parameters
- * associated with \ref psa_cipher_update_output
- *
- */
-enum tfm_crypto_err_t tfm_crypto_cipher_update_wrapper(
- psa_cipher_operation_t *operation,
- const struct psa_cipher_update_input *input_s,
- const struct psa_cipher_update_output *output_s);
-
-/*!
- * \struct psa_aead_encrypt_input
- *
- * \brief Input structure for the tfm_crypto_aead_encrypt_wrapper function
- *
- */
-struct psa_aead_encrypt_input {
- psa_key_slot_t key; /*!< Key slot */
- psa_algorithm_t alg; /*!< Algorithm type */
- const uint8_t *nonce; /*!< Nonce or IV to be used */
- size_t nonce_length; /*!< Size in bytes of the nonce buffer */
- const uint8_t *additional_data; /*!< Additional data to be authenticated */
- size_t additional_data_length; /*!< Size in bytes of additional_data */
- const uint8_t *plaintext; /*!< Buffer holding data for encryption */
- size_t plaintext_length; /*!< Size in bytes of plaintext */
-};
-
-/*!
- * \struct psa_aead_encrypt_output
- *
- * \brief Output structure for the tfm_crypto_aead_encrypt_wrapper function
- *
- */
-struct psa_aead_encrypt_output {
- uint8_t *ciphertext; /*!< Pointer for the buffer to hold ciphertext */
- size_t ciphertext_size; /*!< Size in bytes of the ciphertext buffer */
- size_t *ciphertext_length; /*!< Actual size in bytes of ciphertext */
-};
-
-/*!
- * \struct psa_aead_decrypt_input
- *
- * \brief Input structure for the tfm_crypto_aead_decrypt_wrapper function
- *
- */
-struct psa_aead_decrypt_input {
- psa_key_slot_t key; /*!< Key slot */
- psa_algorithm_t alg; /*!< Algorithm type */
- const uint8_t *nonce; /*!< Nonce or IV to be used */
- size_t nonce_length; /*!< Size in bytes of the nonce buffer */
- const uint8_t *additional_data; /*!< Original data that was authenticated */
- size_t additional_data_length; /*!< Size in bytes of additional_data */
- const uint8_t *ciphertext; /*!< Buffer holding data for decryption */
- size_t ciphertext_length; /*!< Size in bytes of ciphertext */
-};
-
-/*!
- * \struct psa_aead_decrypt_output
- *
- * \brief Output structure for the tfm_crypto_aead_decrypt_wrapper function
- *
- */
-struct psa_aead_decrypt_output {
- uint8_t *plaintext; /*!< Pointer for the buffer to hold plaintext */
- size_t plaintext_size; /*!< Size in bytes of the plaintext buffer */
- size_t *plaintext_length; /*!< Actual size in bytes of plaintext */
-};
-
-/*!
- * \brief This function is a TF-M compatible wrapper for the
- * \ref tfm_crypto_aead_encrypt implemented in the Crypto service
- *
- * \param[in] input_s Pointer to the structure containing input parameters
- * associated with \ref psa_aead_encrypt_input
- * \param[out] output_s Pointer to the structure containing output parameters
- * associated with \ref psa_aead_encrypt_output
- *
- */
-enum tfm_crypto_err_t tfm_crypto_aead_encrypt_wrapper(
- const struct psa_aead_encrypt_input *input_s,
- const struct psa_aead_encrypt_output *output_s);
-/*!
- * \brief This function is a TF-M compatible wrapper for the
- * \ref tfm_crypto_aead_decrypt implemented in the Crypto service
- *
- * \param[in] input_s Pointer to the structure containing input parameters
- * associated with \ref psa_aead_decrypt_input
- * \param[out] output_s Pointer to the structure containing output parameters
- * associated with \ref psa_aead_decrypt_output
- *
- */
-enum tfm_crypto_err_t tfm_crypto_aead_decrypt_wrapper(
- const struct psa_aead_decrypt_input *input_s,
- const struct psa_aead_decrypt_output *output_s);
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* __CRYPTO_PSA_WRAPPERS_H__ */
diff --git a/interface/include/tfm_crypto_defs.h b/interface/include/tfm_crypto_defs.h
index 4573811..02e9770 100644
--- a/interface/include/tfm_crypto_defs.h
+++ b/interface/include/tfm_crypto_defs.h
@@ -15,11 +15,7 @@
#include <stdint.h>
#include <limits.h>
#include "tfm_api.h"
-
-/* The return value is shared with the TFM service status value. The Crypto
- * return codes shouldn't overlap with predefined TFM status values.
- */
-#define TFM_CRYPTO_ERR_PSA_ERROR_OFFSET (TFM_PARTITION_SPECIFIC_ERROR_MIN)
+#include "psa_crypto.h"
/**
* \brief This value is used to mark an handle as invalid.
@@ -28,7 +24,7 @@
#define TFM_CRYPTO_INVALID_HANDLE (0xFFFFFFFF)
/**
- * \brief Define miscellaneous literal constants that are used in the module
+ * \brief Define miscellaneous literal constants that are used in the service
*
*/
enum {
@@ -37,57 +33,18 @@
};
/**
- * \brief Possible return values from the TFM Crypto service. They must
- * provide corresponding return values for psa_status_t possible
- * values as specified in psa_crypto.h
+ * \brief This type is used to overcome a limitation in the number of maximum
+ * IOVECs that can be used especially in psa_aead_encrypt and
+ * psa_aead_decrypt. To be removed in case the AEAD APIs number of
+ * parameters passed gets restructured
*/
-enum tfm_crypto_err_t {
- TFM_CRYPTO_ERR_PSA_SUCCESS = 0,
- TFM_CRYPTO_ERR_PSA_ERROR_UNKNOWN_ERROR = TFM_CRYPTO_ERR_PSA_ERROR_OFFSET,
- TFM_CRYPTO_ERR_PSA_ERROR_NOT_SUPPORTED,
- TFM_CRYPTO_ERR_PSA_ERROR_NOT_PERMITTED,
- TFM_CRYPTO_ERR_PSA_ERROR_BUFFER_TOO_SMALL,
- TFM_CRYPTO_ERR_PSA_ERROR_OCCUPIED_SLOT,
- TFM_CRYPTO_ERR_PSA_ERROR_EMPTY_SLOT,
- TFM_CRYPTO_ERR_PSA_ERROR_BAD_STATE,
- TFM_CRYPTO_ERR_PSA_ERROR_INVALID_ARGUMENT,
- TFM_CRYPTO_ERR_PSA_ERROR_INSUFFICIENT_MEMORY,
- TFM_CRYPTO_ERR_PSA_ERROR_INSUFFICIENT_STORAGE,
- TFM_CRYPTO_ERR_PSA_ERROR_COMMUNICATION_FAILURE,
- TFM_CRYPTO_ERR_PSA_ERROR_STORAGE_FAILURE,
- TFM_CRYPTO_ERR_PSA_ERROR_HARDWARE_FAILURE,
- TFM_CRYPTO_ERR_PSA_ERROR_TAMPERING_DETECTED,
- TFM_CRYPTO_ERR_PSA_ERROR_INSUFFICIENT_ENTROPY,
- TFM_CRYPTO_ERR_PSA_ERROR_INVALID_SIGNATURE,
- TFM_CRYPTO_ERR_PSA_ERROR_INVALID_PADDING,
-
- /* Add an invalid return code which forces the size of the type as well */
- TFM_CRYPTO_ERR_INVALID = INT_MAX
+#define TFM_CRYPTO_MAX_NONCE_LENGTH (16u)
+struct tfm_crypto_aead_pack_input {
+ psa_key_slot_t key;
+ psa_algorithm_t alg;
+ uint8_t nonce[TFM_CRYPTO_MAX_NONCE_LENGTH];
};
-/**
- * \brief A macro to translate TFM Crypto service return values to the
- * corresponding psa_status_t value. The user of this macro needs
- * to cast the produced value to psa_status_t explicitly if needed
- *
- * \return Values specified by \ref psa_status_t
- */
-#define TFM_CRYPTO_ERR_TO_PSA_STATUS(val) \
- ( (val == TFM_CRYPTO_ERR_PSA_SUCCESS) ? val : \
- ((val >= (enum tfm_crypto_err_t)TFM_CRYPTO_ERR_PSA_ERROR_OFFSET) ? \
- (val - ((enum tfm_crypto_err_t)TFM_CRYPTO_ERR_PSA_ERROR_OFFSET-1)) : \
- TFM_CRYPTO_ERR_INVALID) )
-/**
- * \brief A macro to translate psa_status_t values to the corresponding return
- * values for the TFM Crypto service
- *
- * \return Values specified by \ref tfm_crypto_err_t
- *
- */
-#define PSA_STATUS_TO_TFM_CRYPTO_ERR(val) \
- ( (val == PSA_SUCCESS) ? (enum tfm_crypto_err_t)val : \
- (enum tfm_crypto_err_t)(val + TFM_CRYPTO_ERR_PSA_ERROR_OFFSET-1) )
-
#ifdef __cplusplus
}
#endif
diff --git a/interface/include/tfm_crypto_veneers.h b/interface/include/tfm_crypto_veneers.h
deleted file mode 100644
index 82654ef..0000000
--- a/interface/include/tfm_crypto_veneers.h
+++ /dev/null
@@ -1,476 +0,0 @@
-/*
- * Copyright (c) 2018-2019, Arm Limited. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- *
- */
-
-#ifndef __TFM_CRYPTO_VENEERS_H__
-#define __TFM_CRYPTO_VENEERS_H__
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#include "tfm_crypto_defs.h"
-
-#include "psa_crypto.h"
-
-#include "crypto_psa_wrappers.h"
-
-/**
- * \brief Import the key data in the provided key slot (veneer function)
- *
- * \param[in] key Key slot
- * \param[in] type Key type
- * \param[in] data Key data to import
- * \param[in] data_length Length in bytes of the data field
- *
- * \return Return values as described in \ref tfm_crypto_err_t
- */
-enum tfm_crypto_err_t tfm_crypto_veneer_import_key(psa_key_slot_t key,
- psa_key_type_t type,
- const uint8_t *data,
- size_t data_length);
-/**
- * \brief Destroy the key in the provided key slot (veneer function)
- *
- * \param[in] key Key slot
- *
- * \return Return values as described in \ref tfm_crypto_err_t
- */
-enum tfm_crypto_err_t tfm_crypto_veneer_destroy_key(psa_key_slot_t key);
-
-/**
- * \brief Retrieve key information for the provided key slot (veneer function)
- *
- * \param[in] key Key slot
- * \param[out] type Key type associated to the key slot requested
- * \param[out] bits Length in bits of the key in the requested slot
- *
- * \return Return values as described in \ref tfm_crypto_err_t
- */
-enum tfm_crypto_err_t tfm_crypto_veneer_get_key_information(
- psa_key_slot_t key,
- psa_key_type_t *type,
- size_t *bits);
-/**
- * \brief Export the key contained in the provided key slot (veneer function)
- *
- * \param[in] key Key slot
- * \param[out] data Buffer to hold the exported key
- * \param[in] data_size Length of the buffer pointed to by data
- * \param[out] data_length Length of the exported key
- *
- * \return Return values as described in \ref tfm_crypto_err_t
- */
-enum tfm_crypto_err_t tfm_crypto_veneer_export_key(psa_key_slot_t key,
- uint8_t *data,
- size_t data_size,
- size_t *data_length);
-
-/**
- * \brief Initialise the key policy to a default that forbids any use of the
- * key (veneer function)
- *
- * \param[out] policy Key policy to initialise
- *
- * \return Return values as described in \ref tfm_crypto_err_t
- */
-enum tfm_crypto_err_t tfm_crypto_veneer_key_policy_init(
- psa_key_policy_t *policy);
-
-/**
- * \brief Set the permitted usage and algorithm for the provided key policy
- * (veneer function)
- *
- * \param[out] policy Key policy to modify
- * \param[in] usage Permitted usage
- * \param[in] alg Permitted algorithm
- *
- * \return Return values as described in \ref tfm_crypto_err_t
- */
-enum tfm_crypto_err_t tfm_crypto_veneer_key_policy_set_usage(
- psa_key_policy_t *policy,
- psa_key_usage_t usage,
- psa_algorithm_t alg);
-
-/**
- * \brief Get the permitted usage for the provided key policy (veneer function)
- *
- * \param[in] policy Key policy
- * \param[out] usage Permitted usage for this key policy
- *
- * \return Return values as described in \ref tfm_crypto_err_t
- */
-enum tfm_crypto_err_t tfm_crypto_veneer_key_policy_get_usage(
- const psa_key_policy_t *policy,
- psa_key_usage_t *usage);
-
-/**
- * \brief Get the permitted algorithm for the provided key policy
- * (veneer function)
- *
- * \param[in] policy Key policy
- * \param[out] alg Permitted algorithm for this key policy
- *
- * \return Return values as described in \ref tfm_crypto_err_t
- */
-enum tfm_crypto_err_t tfm_crypto_veneer_key_policy_get_algorithm(
- const psa_key_policy_t *policy,
- psa_algorithm_t *alg);
-
-/**
- * \brief Set the key policy for the provided key slot (veneer function)
- *
- * \param[in] key Key slot
- * \param[in] policy Key policy
- *
- * \return Return values as described in \ref tfm_crypto_err_t
- */
-enum tfm_crypto_err_t tfm_crypto_veneer_set_key_policy(
- psa_key_slot_t key,
- const psa_key_policy_t *policy);
-
-/**
- * \brief Get the key policy for the provided key slot (veneer function)
- *
- * \param[in] key Key slot
- * \param[out] policy Key policy
- *
- * \return Return values as described in \ref tfm_crypto_err_t
- */
-enum tfm_crypto_err_t tfm_crypto_veneer_get_key_policy(
- psa_key_slot_t key,
- psa_key_policy_t *policy);
-
-/**
- * \brief Set the lifetime for the provided key slot (veneer function)
- *
- * \param[in] key Key slot
- * \param[in] lifetime Lifetime value
- *
- * \return Return values as described in \ref tfm_crypto_err_t
- */
-enum tfm_crypto_err_t tfm_crypto_veneer_set_key_lifetime(
- psa_key_slot_t key,
- psa_key_lifetime_t lifetime);
-
-/**
- * \brief Get the lifetime for the provided key slot (veneer function)
- *
- * \param[in] key Key slot
- * \param[out] lifetime Lifetime value
- *
- * \return Return values as described in \ref tfm_crypto_err_t
- */
-enum tfm_crypto_err_t tfm_crypto_veneer_get_key_lifetime(
- psa_key_slot_t key,
- psa_key_lifetime_t *lifetime);
-
-/**
- * \brief Set the initialisation vector on the provided cipher operation (veneer
- * function)
- *
- * \param[in] operation Cipher operation context
- * \param[in] iv Buffer that contains the IV
- * \param[in] iv_length Length of the provided IV
- *
- * \return Return values as described in \ref tfm_crypto_err_t
- */
-enum tfm_crypto_err_t tfm_crypto_veneer_cipher_set_iv(
- psa_cipher_operation_t *operation,
- const unsigned char *iv,
- size_t iv_length);
-/**
- * \brief Set the cipher operation using the provided algorithm and key slot,
- * for encryption context (veneer function)
- *
- * \note A successful call to this function initialises a cipher operation
- * context which will be referred using the operation parameter
- *
- * \param[out] operation Cipher operation context
- * \param[in] key Key slot to bind to the cipher context
- * \param[in] alg Algorithm to use for the cipher operation
- *
- * \return Return values as described in \ref tfm_crypto_err_t
- */
-enum tfm_crypto_err_t tfm_crypto_veneer_cipher_encrypt_setup(
- psa_cipher_operation_t *operation,
- psa_key_slot_t key,
- psa_algorithm_t alg);
-/**
- * \brief Set the cipher operation using the provided algorithm and key slot,
- * for decryption context (veneer function)
- *
- * \note A successful call to this function initialises a cipher operation
- * context which will be referred using the operation parameter
- *
- * \param[out] operation Cipher operation context
- * \param[in] key Key slot to bind to the cipher context
- * \param[in] alg Algorithm to use for the cipher operation
- *
- * \return Return values as described in \ref tfm_crypto_err_t
- */
-enum tfm_crypto_err_t tfm_crypto_veneer_cipher_decrypt_setup(
- psa_cipher_operation_t *operation,
- psa_key_slot_t key,
- psa_algorithm_t alg);
-/**
- * \brief Update the cipher context with a chunk of input data to create a
- * chunk of encrypted output data (for encryption contexts), or to
- * decrypt a chunk of encrypted input data to obtain decrypted data
- * (for decryption contexts) (veneer function)
- *
- * \param[in] operation Cipher operation context
- * \param[in] input_s Pointer to the struct containing input parameters
- * \param[out] output_s Pointer to the struct containing output parameters
- *
- * \return Return values as described in \ref tfm_crypto_err_t
- */
-enum tfm_crypto_err_t tfm_crypto_veneer_cipher_update(
- psa_cipher_operation_t *operation,
- struct psa_cipher_update_input *input_s,
- struct psa_cipher_update_output *output_s);
-/**
- * \brief Finalise a cipher context flushing out any remaining block of
- * output data (veneer function)
- *
- * \note A successful call to this function releases the cipher operation
- * context provided as parameter
- *
- * \param[in,out] operation Cipher operation context
- * \param[out] output Buffer containing output data
- * \param[in] output_size Size of the output buffer
- * \param[out] output_length Size of the produced output
- *
- * \return Return values as described in \ref tfm_crypto_err_t
- */
-enum tfm_crypto_err_t tfm_crypto_veneer_cipher_finish(
- psa_cipher_operation_t *operation,
- uint8_t *output,
- size_t output_size,
- size_t *output_length);
-/**
- * \brief Abort a cipher operation, clear the operation context provided
- * (veneer function)
- *
- * \note A successful call to this function releases the cipher operation
- * context provided as parameter
- *
- * \param[in,out] operation Cipher operation context
- *
- * \return Return values as described in \ref tfm_crypto_err_t
- */
-enum tfm_crypto_err_t tfm_crypto_veneer_cipher_abort(
- psa_cipher_operation_t *operation);
-/**
- * \brief Setup a hash operation with the provided algorithm (veneer function)
- *
- * \note A successful call to this function initialises a hash operation
- * context which will be referred using the operation parameter
- *
- * \param[out] operation Hash operation context
- * \param[in] alg Algorithm chosen as hash
- *
- * \return Return values as described in \ref tfm_crypto_err_t
- */
-enum tfm_crypto_err_t tfm_crypto_veneer_hash_setup(
- psa_hash_operation_t *operation,
- psa_algorithm_t alg);
-/**
- * \brief Add a new input chunk to the data for which the final hash value
- * will be computed (veneer function)
- *
- * \param[in,out] operation Hash operation context
- * \param[in] input Buffer containing the input data
- * \param[in] input_length Size of the provided input data
- *
- * \return Return values as described in \ref tfm_crypto_err_t
- */
-enum tfm_crypto_err_t tfm_crypto_veneer_hash_update(
- psa_hash_operation_t *operation,
- const uint8_t *input,
- size_t input_length);
-/**
- * \brief Finalise a hash context operation producing the final hash value
- * (veneer function)
- *
- * \note A successful call to this function releases the hash operation
- * context provided as parameter
- *
- * \param[in,out] operation Hash operation context
- * \param[out] hash Buffer containing hash data
- * \param[in] hash_size Size of the hash buffer
- * \param[out] hash_length Size of the produced hash
- *
- * \return Return values as described in \ref tfm_crypto_err_t
- */
-enum tfm_crypto_err_t tfm_crypto_veneer_hash_finish(
- psa_hash_operation_t *operation,
- uint8_t *hash,
- size_t hash_size,
- size_t *hash_length);
-/**
- * \brief Finalise a hash context operation, verifying that the final hash
- * value matches the one provided as input (veneer function)
- *
- * \note A successful call to this function releases the hash operation
- * context provided as parameter. The hash operation is released
- * also in case TFM_CRYPTO_ERR_PSA_ERROR_INVALID_SIGNATURE is returned
- *
- * \param[in,out] operation Hash operation context
- * \param[in] hash Buffer containing the provided hash value
- * \param[in] hash_length Size of the provided hash value
- *
- * \return Return values as described in \ref tfm_crypto_err_t
- */
-enum tfm_crypto_err_t tfm_crypto_veneer_hash_verify(
- psa_hash_operation_t *operation,
- const uint8_t *hash,
- size_t hash_length);
-/**
- * \brief Abort a hash operation, clears the operation context provided
- * (veneer function)
- *
- * \note A successful call to this function releases the hash operation
- * context provided as parameter
- *
- * \param[in,out] operation Hash operation context
- *
- * \return Return values as described in \ref tfm_crypto_err_t
- */
-enum tfm_crypto_err_t tfm_crypto_veneer_hash_abort(
- psa_hash_operation_t *operation);
-/**
- * \brief Start a MAC operation with the provided algorithm (for signing)
- * (veneer function)
- *
- * \note A successful call to this function initialises a MAC operation
- * context which will be referred using the operation parameter
- *
- * \param[out] operation MAC operation context
- * \param[in] key Key slot to bind to the MAC context
- * \param[in] alg Algorithm chosen as MAC
- *
- * \return Return values as described in \ref tfm_crypto_err_t
- */
-enum tfm_crypto_err_t tfm_crypto_veneer_mac_sign_setup(
- psa_mac_operation_t *operation,
- psa_key_slot_t key,
- psa_algorithm_t alg);
-/**
- * \brief Start a MAC operation with the provided algorithm (for verifying)
- * (veneer function)
- *
- * \note A successful call to this function initialises a MAC operation
- * context which will be referred using the operation parameter
- *
- * \param[out] operation MAC operation context
- * \param[in] key Key slot to bind to the MAC context
- * \param[in] alg Algorithm chosen as MAC
- *
- * \return Return values as described in \ref tfm_crypto_err_t
- */
-enum tfm_crypto_err_t tfm_crypto_veneer_mac_verify_setup(
- psa_mac_operation_t *operation,
- psa_key_slot_t key,
- psa_algorithm_t alg);
-/**
- * \brief Adds a new input chunk to the data for which the final MAC value
- * will be computed (veneer function)
- *
- * \param[in,out] operation MAC operation context
- * \param[in] input Buffer containing the input data
- * \param[in] input_length Size of the provided input data
- *
- * \return Return values as described in \ref tfm_crypto_err_t
- */
-enum tfm_crypto_err_t tfm_crypto_veneer_mac_update(
- psa_mac_operation_t *operation,
- const uint8_t *input,
- size_t input_length);
-
-/**
- * \brief Finalises a MAC context operation producing the final MAC value
- * (veneer function)
- *
- * \note A successful call to this function releases the MAC operation
- * context provided as parameter
- *
- * \param[in,out] operation MAC operation context
- * \param[out] mac Buffer containing MAC data
- * \param[in] mac_size Size of the MAC buffer
- * \param[out] mac_length Size of the produced MAC
- *
- * \return Return values as described in \ref tfm_crypto_err_t
- */
-enum tfm_crypto_err_t tfm_crypto_veneer_mac_sign_finish(
- psa_mac_operation_t *operation,
- uint8_t *mac,
- size_t mac_size,
- size_t *mac_length);
-/**
- * \brief Finalise a MAC context operation, verifying that the final MAC value
- * matches the one provided as input (veneer function)
- *
- * \note A successful call to this function releases the MAC operation
- * context provided as parameter. The MAC operation is released
- * also in case TFM_CRYPTO_ERR_PSA_ERROR_INVALID_SIGNATURE is returned
- *
- * \param[in,out] operation MAC operation context
- * \param[in] mac Buffer containing the provided MAC value
- * \param[in] mac_length Size of the provided MAC value
- *
- * \return Return values as described in \ref tfm_crypto_err_t
- */
-enum tfm_crypto_err_t tfm_crypto_veneer_mac_verify_finish(
- psa_mac_operation_t *operation,
- const uint8_t *mac,
- size_t mac_length);
-/**
- * \brief Abort a MAC operation, clear the operation context provided
- * (veneer function)
- *
- * \note A successful call to this function releases the MAC operation
- * context provided as parameter
- *
- * \param[in,out] operation MAC operation context
- *
- * \return Return values as described in \ref tfm_crypto_err_t
- */
-enum tfm_crypto_err_t tfm_crypto_veneer_mac_abort(
- psa_mac_operation_t *operation);
-/**
- * \brief Perform an AEAD encryption operation on input data with additional
- * data to be authenticated, producing ciphertext in output with an
- * appended authentication tag (veneer function)
- *
- * \param[in] input_s Pointer to the struct containing input parameters
- * \param[out] output_s Pointer to the struct containing output parameters
- *
- * \return Return values as described in \ref tfm_crypto_err_t
- */
-enum tfm_crypto_err_t tfm_crypto_veneer_aead_encrypt(
- struct psa_aead_encrypt_input *input_s,
- struct psa_aead_encrypt_output *output_s);
-/**
- * \brief Perform an AEAD decryption operation on input data with additional
- * data to be verified, producing back the original plain text in case
- * the verification of the authentication tag is successful (veneer
- * function)
- *
- * \param[in] input_s Pointer to the struct containing input parameters
- * \param[out] output_s Pointer to the struct containing output parameters
- *
- * \return Return values as described in \ref tfm_crypto_err_t
- */
-enum tfm_crypto_err_t tfm_crypto_veneer_aead_decrypt(
- struct psa_aead_decrypt_input *input_s,
- struct psa_aead_decrypt_output *output_s);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* __TFM_CRYPTO_VENEERS_H__ */
diff --git a/interface/include/tfm_veneers.h b/interface/include/tfm_veneers.h
index 69b0a76..b042fcf 100644
--- a/interface/include/tfm_veneers.h
+++ b/interface/include/tfm_veneers.h
@@ -46,7 +46,7 @@
psa_status_t tfm_tfm_crypto_cipher_set_iv_veneer(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
psa_status_t tfm_tfm_crypto_cipher_encrypt_setup_veneer(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
psa_status_t tfm_tfm_crypto_cipher_decrypt_setup_veneer(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
-psa_status_t tfm_tfm_crypto_cipher_update_wrapper_veneer(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_tfm_crypto_cipher_update_veneer(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
psa_status_t tfm_tfm_crypto_cipher_abort_veneer(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
psa_status_t tfm_tfm_crypto_cipher_finish_veneer(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
psa_status_t tfm_tfm_crypto_hash_setup_veneer(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
@@ -60,8 +60,8 @@
psa_status_t tfm_tfm_crypto_mac_sign_finish_veneer(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
psa_status_t tfm_tfm_crypto_mac_verify_finish_veneer(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
psa_status_t tfm_tfm_crypto_mac_abort_veneer(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
-psa_status_t tfm_tfm_crypto_aead_decrypt_wrapper_veneer(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
-psa_status_t tfm_tfm_crypto_aead_encrypt_wrapper_veneer(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_tfm_crypto_aead_decrypt_veneer(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
+psa_status_t tfm_tfm_crypto_aead_encrypt_veneer(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
/******** TFM_SP_PLATFORM ********/
psa_status_t tfm_platform_sp_system_reset_veneer(psa_invec *in_vec, size_t in_len, psa_outvec *out_vec, size_t out_len);
diff --git a/interface/src/tfm_crypto_api.c b/interface/src/tfm_crypto_api.c
index 1ee71d8..3b70d49 100644
--- a/interface/src/tfm_crypto_api.c
+++ b/interface/src/tfm_crypto_api.c
@@ -5,10 +5,29 @@
*
*/
-#include "tfm_crypto_veneers.h"
+#include "tfm_veneers.h"
+#include "tfm_crypto_defs.h"
#include "psa_crypto.h"
#include "tfm_ns_lock.h"
-#include "crypto_psa_wrappers.h"
+
+#define NS_LOCK_DISPATCH(sfn_name) \
+ tfm_ns_lock_dispatch((veneer_fn)tfm_##sfn_name##_veneer, \
+ (uint32_t)in_vec, sizeof(in_vec)/sizeof(in_vec[0]), \
+ (uint32_t)out_vec, sizeof(out_vec)/sizeof(out_vec[0]))
+
+#define NS_LOCK_DISPATCH_NO_INVEC(sfn_name) \
+ tfm_ns_lock_dispatch((veneer_fn)tfm_##sfn_name##_veneer, \
+ (uint32_t)NULL, 0, \
+ (uint32_t)out_vec, sizeof(out_vec)/sizeof(out_vec[0]))
+
+#define NS_LOCK_DISPATCH_NO_OUTVEC(sfn_name) \
+ tfm_ns_lock_dispatch((veneer_fn)tfm_##sfn_name##_veneer, \
+ (uint32_t)in_vec, sizeof(in_vec)/sizeof(in_vec[0]), \
+ (uint32_t)NULL, 0)
+
+#define API_DISPATCH(sfn_name) NS_LOCK_DISPATCH(sfn_name)
+#define API_DISPATCH_NO_INVEC(sfn_name) NS_LOCK_DISPATCH_NO_INVEC(sfn_name)
+#define API_DISPATCH_NO_OUTVEC(sfn_name) NS_LOCK_DISPATCH_NO_OUTVEC(sfn_name)
psa_status_t psa_crypto_init(void)
{
@@ -23,43 +42,46 @@
const uint8_t *data,
size_t data_length)
{
- enum tfm_crypto_err_t err;
+ psa_status_t status;
+ psa_invec in_vec[] = {
+ {.base = &key, .len = sizeof(psa_key_slot_t)},
+ {.base = &type, .len = sizeof(psa_key_type_t)},
+ {.base = data, .len = data_length}
+ };
- err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_import_key,
- (uint32_t)key,
- (uint32_t)type,
- (uint32_t)data,
- (uint32_t)data_length);
+ status = API_DISPATCH_NO_OUTVEC(tfm_crypto_import_key);
- return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
+ return status;
}
psa_status_t psa_destroy_key(psa_key_slot_t key)
{
- enum tfm_crypto_err_t err;
+ psa_status_t status;
+ psa_invec in_vec[] = {
+ {.base = &key, .len = sizeof(psa_key_slot_t)},
+ };
- err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_destroy_key,
- (uint32_t)key,
- 0,
- 0,
- 0);
+ status = API_DISPATCH_NO_OUTVEC(tfm_crypto_destroy_key);
- return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
+ return status;
}
psa_status_t psa_get_key_information(psa_key_slot_t key,
psa_key_type_t *type,
size_t *bits)
{
- enum tfm_crypto_err_t err;
+ psa_status_t status;
+ psa_invec in_vec[] = {
+ {.base = &key, .len = sizeof(psa_key_slot_t)},
+ };
+ psa_outvec out_vec[] = {
+ {.base = type, .len = sizeof(psa_key_type_t)},
+ {.base = bits, .len = sizeof(size_t)}
+ };
- err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_get_key_information,
- (uint32_t)key,
- (uint32_t)type,
- (uint32_t)bits,
- 0);
+ status = API_DISPATCH(tfm_crypto_get_key_information);
- return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
+ return status;
}
psa_status_t psa_export_key(psa_key_slot_t key,
@@ -67,15 +89,19 @@
size_t data_size,
size_t *data_length)
{
- enum tfm_crypto_err_t err;
+ psa_status_t status;
+ psa_invec in_vec[] = {
+ {.base = &key, .len = sizeof(psa_key_slot_t)},
+ };
+ psa_outvec out_vec[] = {
+ {.base = data, .len = data_size}
+ };
- err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_export_key,
- (uint32_t)key,
- (uint32_t)data,
- (uint32_t)data_size,
- (uint32_t)data_length);
+ status = API_DISPATCH(tfm_crypto_export_key);
- return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
+ *data_length = out_vec[0].len;
+
+ return status;
}
psa_status_t psa_export_public_key(psa_key_slot_t key,
@@ -94,29 +120,35 @@
void psa_key_policy_init(psa_key_policy_t *policy)
{
+ psa_status_t status;
+ psa_outvec out_vec[] = {
+ {.base = policy, .len = sizeof(psa_key_policy_t)},
+ };
+
/* PSA API returns void so just ignore error value returned */
- (void)tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_key_policy_init,
- (uint32_t)policy,
- 0,
- 0,
- 0);
+ status = API_DISPATCH_NO_INVEC(tfm_crypto_key_policy_init);
}
void psa_key_policy_set_usage(psa_key_policy_t *policy,
psa_key_usage_t usage,
psa_algorithm_t alg)
{
+ psa_status_t status;
+ psa_invec in_vec[] = {
+ {.base = &usage, .len = sizeof(psa_key_usage_t)},
+ {.base = &alg, .len = sizeof(psa_algorithm_t)}
+ };
+ psa_outvec out_vec[] = {
+ {.base = policy, .len = sizeof(psa_key_policy_t)},
+ };
+
/* PSA API returns void so just ignore error value returned */
- (void)tfm_ns_lock_dispatch(
- (veneer_fn)tfm_crypto_veneer_key_policy_set_usage,
- (uint32_t)policy,
- (uint32_t)usage,
- (uint32_t)alg,
- 0);
+ status = API_DISPATCH(tfm_crypto_key_policy_set_usage);
}
psa_key_usage_t psa_key_policy_get_usage(const psa_key_policy_t *policy)
{
+ psa_status_t status;
psa_key_usage_t usage;
/* Initialise to a sensible default to avoid returning an uninitialised
@@ -124,19 +156,22 @@
*/
usage = 0;
+ psa_invec in_vec[] = {
+ {.base = policy, .len = sizeof(psa_key_policy_t)},
+ };
+ psa_outvec out_vec[] = {
+ {.base = &usage, .len = sizeof(psa_key_usage_t)},
+ };
+
/* The PSA API does not return an error, so ignore any error from TF-M */
- (void)tfm_ns_lock_dispatch(
- (veneer_fn)tfm_crypto_veneer_key_policy_get_usage,
- (uint32_t)policy,
- (uint32_t)&usage,
- 0,
- 0);
+ status = API_DISPATCH(tfm_crypto_key_policy_get_usage);
return usage;
}
psa_algorithm_t psa_key_policy_get_algorithm(const psa_key_policy_t *policy)
{
+ psa_status_t status;
psa_algorithm_t alg;
/* Initialise to a sensible default to avoid returning an uninitialised
@@ -144,13 +179,15 @@
*/
alg = 0;
+ psa_invec in_vec[] = {
+ {.base = policy, .len = sizeof(psa_key_policy_t)},
+ };
+ psa_outvec out_vec[] = {
+ {.base = &alg, .len = sizeof(psa_algorithm_t)},
+ };
+
/* The PSA API does not return an error, so ignore any error from TF-M */
- (void)tfm_ns_lock_dispatch(
- (veneer_fn)tfm_crypto_veneer_key_policy_get_algorithm,
- (uint32_t)policy,
- (uint32_t)&alg,
- 0,
- 0);
+ status = API_DISPATCH(tfm_crypto_key_policy_get_algorithm);
return alg;
}
@@ -158,104 +195,114 @@
psa_status_t psa_set_key_policy(psa_key_slot_t key,
const psa_key_policy_t *policy)
{
- enum tfm_crypto_err_t err;
+ psa_status_t status;
+ psa_invec in_vec[] = {
+ {.base = &key, .len = sizeof(psa_key_slot_t)},
+ {.base = policy, .len = sizeof(psa_key_policy_t)},
+ };
- err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_set_key_policy,
- (uint32_t)key,
- (uint32_t)policy,
- 0,
- 0);
+ status = API_DISPATCH_NO_OUTVEC(tfm_crypto_set_key_policy);
- return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
+ return status;
}
psa_status_t psa_get_key_policy(psa_key_slot_t key,
psa_key_policy_t *policy)
{
- enum tfm_crypto_err_t err;
+ psa_status_t status;
+ psa_invec in_vec[] = {
+ {.base = &key, .len = sizeof(psa_key_slot_t)},
+ };
+ psa_outvec out_vec[] = {
+ {.base = policy, .len = sizeof(psa_key_policy_t)},
+ };
- err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_get_key_policy,
- (uint32_t)key,
- (uint32_t)policy,
- 0,
- 0);
+ status = API_DISPATCH(tfm_crypto_get_key_policy);
- return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
+ return status;
}
psa_status_t psa_set_key_lifetime(psa_key_slot_t key,
psa_key_lifetime_t lifetime)
{
- enum tfm_crypto_err_t err;
+ psa_status_t status;
+ psa_invec in_vec[] = {
+ {.base = &key, .len = sizeof(psa_key_slot_t)},
+ {.base = &lifetime, .len = sizeof(psa_key_lifetime_t)},
+ };
- err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_set_key_lifetime,
- (uint32_t)key,
- (uint32_t)lifetime,
- 0,
- 0);
+ status = API_DISPATCH_NO_OUTVEC(tfm_crypto_set_key_lifetime);
- return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
+ return status;
}
psa_status_t psa_get_key_lifetime(psa_key_slot_t key,
psa_key_lifetime_t *lifetime)
{
- enum tfm_crypto_err_t err;
+ psa_status_t status;
+ psa_invec in_vec[] = {
+ {.base = &key, .len = sizeof(psa_key_slot_t)},
+ };
+ psa_outvec out_vec[] = {
+ {.base = lifetime, .len = sizeof(psa_key_lifetime_t)},
+ };
- err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_get_key_lifetime,
- (uint32_t)key,
- (uint32_t)lifetime,
- 0,
- 0);
+ status = API_DISPATCH(tfm_crypto_get_key_lifetime);
- return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
+ return status;
}
psa_status_t psa_cipher_set_iv(psa_cipher_operation_t *operation,
const unsigned char *iv,
size_t iv_length)
{
- enum tfm_crypto_err_t err;
+ psa_status_t status;
+ psa_invec in_vec[] = {
+ {.base = iv, .len = iv_length},
+ };
+ psa_outvec out_vec[] = {
+ {.base = operation, .len = sizeof(psa_cipher_operation_t)},
+ };
- err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_cipher_set_iv,
- (uint32_t)operation,
- (uint32_t)iv,
- (uint32_t)iv_length,
- 0);
+ status = API_DISPATCH(tfm_crypto_cipher_set_iv);
- return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
+ return status;
}
psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation,
psa_key_slot_t key,
psa_algorithm_t alg)
{
- enum tfm_crypto_err_t err;
+ psa_status_t status;
+ psa_invec in_vec[] = {
+ {.base = &key, .len = sizeof(psa_key_slot_t)},
+ {.base = &alg, .len = sizeof(psa_algorithm_t)},
+ };
+ psa_outvec out_vec[] = {
+ {.base = operation, .len = sizeof(psa_cipher_operation_t)},
+ };
- err = tfm_ns_lock_dispatch(
- (veneer_fn)tfm_crypto_veneer_cipher_encrypt_setup,
- (uint32_t)operation,
- (uint32_t)key,
- (uint32_t)alg,
- 0);
+ status = API_DISPATCH(tfm_crypto_cipher_encrypt_setup);
- return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
+ return status;
}
psa_status_t psa_cipher_decrypt_setup(psa_cipher_operation_t *operation,
psa_key_slot_t key,
psa_algorithm_t alg)
{
- enum tfm_crypto_err_t err;
+ psa_status_t status;
+ psa_invec in_vec[] = {
+ {.base = &key, .len = sizeof(psa_key_slot_t)},
+ {.base = &alg, .len = sizeof(psa_algorithm_t)},
+ };
+ psa_outvec out_vec[] = {
+ {.base = operation, .len = sizeof(psa_cipher_operation_t)},
+ };
- err = tfm_ns_lock_dispatch(
- (veneer_fn)tfm_crypto_veneer_cipher_decrypt_setup,
- (uint32_t)operation,
- (uint32_t)key,
- (uint32_t)alg,
- 0);
+ status = API_DISPATCH(tfm_crypto_cipher_decrypt_setup);
- return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
+ return status;
}
psa_status_t psa_cipher_update(psa_cipher_operation_t *operation,
@@ -265,38 +312,32 @@
size_t output_size,
size_t *output_length)
{
- enum tfm_crypto_err_t err;
+ psa_status_t status;
+ psa_invec in_vec[] = {
+ {.base = input, .len = input_length},
+ };
+ psa_outvec out_vec[] = {
+ {.base = operation, .len = sizeof(psa_cipher_operation_t)},
+ {.base = output, .len = output_size}
+ };
- /* Packing in structures is needed to overcome the 4 parameters
- * per call limit
- */
- struct psa_cipher_update_input input_s = {.input = input,
- .input_length = input_length};
- struct psa_cipher_update_output output_s = {.output = output,
- .output_size = output_size,
- .output_length =
- output_length};
+ status = API_DISPATCH(tfm_crypto_cipher_update);
- err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_cipher_update,
- (uint32_t)operation,
- (uint32_t)&input_s,
- (uint32_t)&output_s,
- 0);
+ *output_length = out_vec[1].len;
- return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
+ return status;
}
psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation)
{
- enum tfm_crypto_err_t err;
+ psa_status_t status;
+ psa_outvec out_vec[] = {
+ {.base = operation, .len = sizeof(psa_cipher_operation_t)},
+ };
- err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_cipher_abort,
- (uint32_t)operation,
- 0,
- 0,
- 0);
+ status = API_DISPATCH_NO_INVEC(tfm_crypto_cipher_abort);
- return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
+ return status;
}
psa_status_t psa_cipher_finish(psa_cipher_operation_t *operation,
@@ -304,44 +345,50 @@
size_t output_size,
size_t *output_length)
{
- enum tfm_crypto_err_t err;
+ psa_status_t status;
+ psa_outvec out_vec[] = {
+ {.base = operation, .len = sizeof(psa_cipher_operation_t)},
+ {.base = output, .len = output_size},
+ };
- err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_cipher_finish,
- (uint32_t)operation,
- (uint32_t)output,
- (uint32_t)output_size,
- (uint32_t)output_length);
+ status = API_DISPATCH_NO_INVEC(tfm_crypto_cipher_finish);
- return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
+ *output_length = out_vec[1].len;
+
+ return status;
}
psa_status_t psa_hash_setup(psa_hash_operation_t *operation,
psa_algorithm_t alg)
{
- enum tfm_crypto_err_t err;
+ psa_status_t status;
+ psa_invec in_vec[] = {
+ {.base = &alg, .len = sizeof(psa_algorithm_t)},
+ };
+ psa_outvec out_vec[] = {
+ {.base = operation, .len = sizeof(psa_hash_operation_t)},
+ };
- err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_hash_setup,
- (uint32_t)operation,
- (uint32_t)alg,
- 0,
- 0);
+ status = API_DISPATCH(tfm_crypto_hash_setup);
- return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
+ return status;
}
psa_status_t psa_hash_update(psa_hash_operation_t *operation,
const uint8_t *input,
size_t input_length)
{
- enum tfm_crypto_err_t err;
+ psa_status_t status;
+ psa_invec in_vec[] = {
+ {.base = input, .len = input_length},
+ };
+ psa_outvec out_vec[] = {
+ {.base = operation, .len = sizeof(psa_hash_operation_t)},
+ };
- err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_hash_update,
- (uint32_t)operation,
- (uint32_t)input,
- (uint32_t)input_length,
- 0);
+ status = API_DISPATCH(tfm_crypto_hash_update);
- return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
+ return status;
}
psa_status_t psa_hash_finish(psa_hash_operation_t *operation,
@@ -349,88 +396,99 @@
size_t hash_size,
size_t *hash_length)
{
- enum tfm_crypto_err_t err;
+ psa_status_t status;
+ psa_outvec out_vec[] = {
+ {.base = operation, .len = sizeof(psa_hash_operation_t)},
+ {.base = hash, .len = hash_size},
+ };
- err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_hash_finish,
- (uint32_t)operation,
- (uint32_t)hash,
- (uint32_t)hash_size,
- (uint32_t)hash_length);
+ status = API_DISPATCH_NO_INVEC(tfm_crypto_hash_finish);
- return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
+ *hash_length = out_vec[1].len;
+
+ return status;
}
psa_status_t psa_hash_verify(psa_hash_operation_t *operation,
const uint8_t *hash,
size_t hash_length)
{
- enum tfm_crypto_err_t err;
+ psa_status_t status;
+ psa_invec in_vec[] = {
+ {.base = hash, .len = hash_length},
+ };
+ psa_outvec out_vec[] = {
+ {.base = operation, .len = sizeof(psa_hash_operation_t)},
+ };
- err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_hash_verify,
- (uint32_t)operation,
- (uint32_t)hash,
- (uint32_t)hash_length,
- 0);
+ status = API_DISPATCH(tfm_crypto_hash_verify);
- return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
+ return status;
}
psa_status_t psa_hash_abort(psa_hash_operation_t *operation)
{
- enum tfm_crypto_err_t err;
+ psa_status_t status;
+ psa_outvec out_vec[] = {
+ {.base = operation, .len = sizeof(psa_hash_operation_t)},
+ };
- err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_hash_abort,
- (uint32_t)operation,
- 0,
- 0,
- 0);
+ status = API_DISPATCH_NO_INVEC(tfm_crypto_hash_abort);
- return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
+ return status;
}
psa_status_t psa_mac_sign_setup(psa_mac_operation_t *operation,
psa_key_slot_t key,
psa_algorithm_t alg)
{
- enum tfm_crypto_err_t err;
+ psa_status_t status;
+ psa_invec in_vec[] = {
+ {.base = &key, .len = sizeof(psa_key_slot_t)},
+ {.base = &alg, .len = sizeof(psa_algorithm_t)}
+ };
+ psa_outvec out_vec[] = {
+ {.base = operation, .len = sizeof(psa_mac_operation_t)},
+ };
- err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_mac_sign_setup,
- (uint32_t)operation,
- (uint32_t)key,
- (uint32_t)alg,
- 0);
+ status = API_DISPATCH(tfm_crypto_mac_sign_setup);
- return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
+ return status;
}
psa_status_t psa_mac_verify_setup(psa_mac_operation_t *operation,
psa_key_slot_t key,
psa_algorithm_t alg)
{
- enum tfm_crypto_err_t err;
+ psa_status_t status;
+ psa_invec in_vec[] = {
+ {.base = &key, .len = sizeof(psa_key_slot_t)},
+ {.base = &alg, .len = sizeof(psa_algorithm_t)}
+ };
+ psa_outvec out_vec[] = {
+ {.base = operation, .len = sizeof(psa_mac_operation_t)},
+ };
- err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_mac_verify_setup,
- (uint32_t)operation,
- (uint32_t)key,
- (uint32_t)alg,
- 0);
+ status = API_DISPATCH(tfm_crypto_mac_verify_setup);
- return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
+ return status;
}
psa_status_t psa_mac_update(psa_mac_operation_t *operation,
const uint8_t *input,
size_t input_length)
{
- enum tfm_crypto_err_t err;
+ psa_status_t status;
+ psa_invec in_vec[] = {
+ {.base = input, .len = input_length},
+ };
+ psa_outvec out_vec[] = {
+ {.base = operation, .len = sizeof(psa_mac_operation_t)},
+ };
- err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_mac_update,
- (uint32_t)operation,
- (uint32_t)input,
- (uint32_t)input_length,
- 0);
+ status = API_DISPATCH(tfm_crypto_mac_update);
- return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
+ return status;
}
psa_status_t psa_mac_sign_finish(psa_mac_operation_t *operation,
@@ -438,43 +496,46 @@
size_t mac_size,
size_t *mac_length)
{
- enum tfm_crypto_err_t err;
+ psa_status_t status;
+ psa_outvec out_vec[] = {
+ {.base = operation, .len = sizeof(psa_mac_operation_t)},
+ {.base = mac, .len = mac_size},
+ };
- err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_mac_sign_finish,
- (uint32_t)operation,
- (uint32_t)mac,
- (uint32_t)mac_size,
- (uint32_t)mac_length);
+ status = API_DISPATCH_NO_INVEC(tfm_crypto_mac_sign_finish);
- return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
+ *mac_length = out_vec[1].len;
+
+ return status;
}
psa_status_t psa_mac_verify_finish(psa_mac_operation_t *operation,
const uint8_t *mac,
size_t mac_length)
{
- enum tfm_crypto_err_t err;
+ psa_status_t status;
+ psa_invec in_vec[] = {
+ {.base = mac, .len = mac_length},
+ };
+ psa_outvec out_vec[] = {
+ {.base = operation, .len = sizeof(psa_mac_operation_t)},
+ };
- err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_mac_verify_finish,
- (uint32_t)operation,
- (uint32_t)mac,
- (uint32_t)mac_length,
- 0);
+ status = API_DISPATCH(tfm_crypto_mac_verify_finish);
- return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
+ return status;
}
psa_status_t psa_mac_abort(psa_mac_operation_t *operation)
{
- enum tfm_crypto_err_t err;
+ psa_status_t status;
+ psa_outvec out_vec[] = {
+ {.base = operation, .len = sizeof(psa_mac_operation_t)},
+ };
- err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_mac_abort,
- (uint32_t)operation,
- 0,
- 0,
- 0);
+ status = API_DISPATCH_NO_INVEC(tfm_crypto_mac_abort);
- return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
+ return status;
}
psa_status_t psa_aead_encrypt(psa_key_slot_t key,
@@ -489,34 +550,38 @@
size_t ciphertext_size,
size_t *ciphertext_length)
{
- enum tfm_crypto_err_t err;
+ psa_status_t status;
+ struct tfm_crypto_aead_pack_input input_s = {
+ .key = key,
+ .alg = alg,
+ .nonce = {0},
+ };
+ size_t idx = 0;
+ psa_invec in_vec[] = {
+ {.base = &input_s, .len = nonce_length + sizeof(psa_key_slot_t)
+ + sizeof(psa_algorithm_t)},
+ {.base = additional_data, .len = additional_data_length},
+ {.base = plaintext, .len = plaintext_length},
+ };
+ psa_outvec out_vec[] = {
+ {.base = ciphertext, .len = ciphertext_size},
+ };
- /* Packing in structures is needed to overcome the 4 parameters
- * per call limit
- */
- struct psa_aead_encrypt_input input_s = {.key = key,
- .alg = alg,
- .nonce = nonce,
- .nonce_length = nonce_length,
- .additional_data = additional_data,
- .additional_data_length =
- additional_data_length,
- .plaintext = plaintext,
- .plaintext_length =
- plaintext_length};
- struct psa_aead_encrypt_output output_s = {.ciphertext = ciphertext,
- .ciphertext_size =
- ciphertext_size,
- .ciphertext_length =
- ciphertext_length};
+ if (nonce_length > TFM_CRYPTO_MAX_NONCE_LENGTH) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
- err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_aead_encrypt,
- (uint32_t)&input_s,
- (uint32_t)&output_s,
- 0,
- 0);
+ if (nonce != NULL) {
+ for (idx = 0; idx < nonce_length; idx++) {
+ input_s.nonce[idx] = nonce[idx];
+ }
+ }
- return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
+ status = API_DISPATCH(tfm_crypto_aead_encrypt);
+
+ *ciphertext_length = out_vec[0].len;
+
+ return status;
}
psa_status_t psa_aead_decrypt(psa_key_slot_t key,
@@ -531,31 +596,36 @@
size_t plaintext_size,
size_t *plaintext_length)
{
- enum tfm_crypto_err_t err;
+ psa_status_t status;
+ struct tfm_crypto_aead_pack_input input_s = {
+ .key = key,
+ .alg = alg,
+ .nonce = {0},
+ };
+ size_t idx = 0;
+ psa_invec in_vec[] = {
+ {.base = &input_s, .len = nonce_length + sizeof(psa_key_slot_t)
+ + sizeof(psa_algorithm_t)},
+ {.base = additional_data, .len = additional_data_length},
+ {.base = ciphertext, .len = ciphertext_length},
+ };
+ psa_outvec out_vec[] = {
+ {.base = plaintext, .len = plaintext_size},
+ };
- /* Packing in structures is needed to overcome the 4 parameters
- * per call limit
- */
- struct psa_aead_decrypt_input input_s = {.key = key,
- .alg = alg,
- .nonce = nonce,
- .nonce_length = nonce_length,
- .additional_data = additional_data,
- .additional_data_length =
- additional_data_length,
- .ciphertext = ciphertext,
- .ciphertext_length =
- ciphertext_length};
- struct psa_aead_decrypt_output output_s = {.plaintext = plaintext,
- .plaintext_size = plaintext_size,
- .plaintext_length =
- plaintext_length};
+ if (nonce_length > TFM_CRYPTO_MAX_NONCE_LENGTH) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
- err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_aead_decrypt,
- (uint32_t)&input_s,
- (uint32_t)&output_s,
- 0,
- 0);
+ if (nonce != NULL) {
+ for (idx = 0; idx < nonce_length; idx++) {
+ input_s.nonce[idx] = nonce[idx];
+ }
+ }
- return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
+ status = API_DISPATCH(tfm_crypto_aead_decrypt);
+
+ *plaintext_length = out_vec[0].len;
+
+ return status;
}