Crypto: Change to stateless service
Crypto service does not require a client to call to psa_connect()
or psa_close(). Instead the service can use a stateless mechanism.
Related documents are also updated.
Note: Framework version of Crypto partition has been updated to 1.1,
but not all features of FF-M 1.1 are implemented now.
Change-Id: Iad628667e4b63e809c933fb263734403c6274bf9
Signed-off-by: Summer Qin <summer.qin@arm.com>
diff --git a/interface/src/tfm_crypto_ipc_api.c b/interface/src/tfm_crypto_ipc_api.c
index 33aff2d..e925c36 100644
--- a/interface/src/tfm_crypto_ipc_api.c
+++ b/interface/src/tfm_crypto_ipc_api.c
@@ -11,22 +11,13 @@
#include "psa_manifest/sid.h"
#include "psa/client.h"
-#define PSA_CONNECT(service) \
- psa_handle_t ipc_handle; \
- ipc_handle = psa_connect(service##_SID, service##_VERSION); \
- if (!PSA_HANDLE_IS_VALID(ipc_handle)) { \
- return PSA_ERROR_GENERIC_ERROR; \
- } \
-
-#define PSA_CLOSE() psa_close(ipc_handle)
-
#define API_DISPATCH(sfn_name, sfn_id) \
- psa_call(ipc_handle, PSA_IPC_CALL, \
+ psa_call(TFM_CRYPTO_HANDLE, PSA_IPC_CALL, \
in_vec, IOVEC_LEN(in_vec), \
out_vec, IOVEC_LEN(out_vec))
#define API_DISPATCH_NO_OUTVEC(sfn_name, sfn_id) \
- psa_call(ipc_handle, PSA_IPC_CALL, \
+ psa_call(TFM_CRYPTO_HANDLE, PSA_IPC_CALL, \
in_vec, IOVEC_LEN(in_vec), \
(psa_outvec *)NULL, 0)
@@ -53,13 +44,9 @@
{.base = key, .len = sizeof(psa_key_id_t)},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_open_key,
TFM_CRYPTO_OPEN_KEY);
- PSA_CLOSE();
-
return status;
}
@@ -74,13 +61,9 @@
{.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH_NO_OUTVEC(tfm_crypto_close_key,
TFM_CRYPTO_CLOSE_KEY);;
- PSA_CLOSE();
-
return status;
}
@@ -102,11 +85,8 @@
{.base = key, .len = sizeof(psa_key_id_t)}
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_import_key,
TFM_CRYPTO_IMPORT_KEY);
- PSA_CLOSE();
return status;
}
@@ -122,11 +102,8 @@
{.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH_NO_OUTVEC(tfm_crypto_destroy_key,
TFM_CRYPTO_DESTROY_KEY);
- PSA_CLOSE();
return status;
}
@@ -146,11 +123,8 @@
{.base = attributes, .len = sizeof(psa_key_attributes_t)},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_get_key_attributes,
TFM_CRYPTO_GET_KEY_ATTRIBUTES);
- PSA_CLOSE();
return status;
}
@@ -167,15 +141,8 @@
{.base = attributes, .len = sizeof(psa_key_attributes_t)},
};
- psa_handle_t ipc_handle;
- ipc_handle = psa_connect(TFM_CRYPTO_SID, TFM_CRYPTO_VERSION);
- if (!PSA_HANDLE_IS_VALID(ipc_handle)) {
- return;
- }
-
(void)API_DISPATCH(tfm_crypto_reset_key_attributes,
- TFM_CRYPTO_RESET_KEY_ATTRIBUTES);
- PSA_CLOSE();
+ TFM_CRYPTO_RESET_KEY_ATTRIBUTES);
return;
}
@@ -197,15 +164,11 @@
{.base = data, .len = data_size}
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_export_key,
TFM_CRYPTO_EXPORT_KEY);
*data_length = out_vec[0].len;
- PSA_CLOSE();
-
return status;
}
@@ -227,15 +190,11 @@
{.base = data, .len = data_size}
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_export_public_key,
TFM_CRYPTO_EXPORT_PUBLIC_KEY);
*data_length = out_vec[0].len;
- PSA_CLOSE();
-
return status;
}
@@ -250,13 +209,9 @@
{.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH_NO_OUTVEC(tfm_crypto_purge_key,
TFM_CRYPTO_PURGE_KEY);
- PSA_CLOSE();
-
return status;
}
@@ -280,13 +235,9 @@
{.base = target_key, .len = sizeof(psa_key_id_t)},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_copy_key,
TFM_CRYPTO_COPY_KEY);
- PSA_CLOSE();
-
return status;
}
@@ -309,15 +260,11 @@
{.base = iv, .len = iv_size},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_cipher_generate_iv,
TFM_CRYPTO_CIPHER_GENERATE_IV);
*iv_length = out_vec[1].len;
- PSA_CLOSE();
-
return status;
}
@@ -339,13 +286,9 @@
{.base = &(operation->handle), .len = sizeof(uint32_t)},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_cipher_set_iv,
TFM_CRYPTO_CIPHER_SET_IV);
- PSA_CLOSE();
-
return status;
}
@@ -368,13 +311,9 @@
{.base = &(operation->handle), .len = sizeof(uint32_t)},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_cipher_encrypt_setup,
TFM_CRYPTO_CIPHER_ENCRYPT_SETUP);
- PSA_CLOSE();
-
return status;
}
@@ -397,13 +336,9 @@
{.base = &(operation->handle), .len = sizeof(uint32_t)},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_cipher_decrypt_setup,
TFM_CRYPTO_CIPHER_DECRYPT_SETUP);
- PSA_CLOSE();
-
return status;
}
@@ -429,15 +364,11 @@
{.base = output, .len = output_size}
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_cipher_update,
TFM_CRYPTO_CIPHER_UPDATE);
*output_length = out_vec[1].len;
- PSA_CLOSE();
-
return status;
}
@@ -456,13 +387,9 @@
{.base = &(operation->handle), .len = sizeof(uint32_t)},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_cipher_abort,
TFM_CRYPTO_CIPHER_ABORT);
- PSA_CLOSE();
-
return status;
}
@@ -485,15 +412,11 @@
{.base = output, .len = output_size},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_cipher_finish,
TFM_CRYPTO_CIPHER_FINISH);
*output_length = out_vec[1].len;
- PSA_CLOSE();
-
return status;
}
@@ -514,13 +437,9 @@
{.base = &(operation->handle), .len = sizeof(uint32_t)},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_hash_setup,
TFM_CRYPTO_HASH_SETUP);
- PSA_CLOSE();
-
return status;
}
@@ -542,13 +461,9 @@
{.base = &(operation->handle), .len = sizeof(uint32_t)},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_hash_update,
TFM_CRYPTO_HASH_UPDATE);
- PSA_CLOSE();
-
return status;
}
@@ -571,15 +486,11 @@
{.base = hash, .len = hash_size},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_hash_finish,
TFM_CRYPTO_HASH_FINISH);
*hash_length = out_vec[1].len;
- PSA_CLOSE();
-
return status;
}
@@ -601,13 +512,9 @@
{.base = &(operation->handle), .len = sizeof(uint32_t)},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_hash_verify,
TFM_CRYPTO_HASH_VERIFY);
- PSA_CLOSE();
-
return status;
}
@@ -626,13 +533,9 @@
{.base = &(operation->handle), .len = sizeof(uint32_t)},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_hash_abort,
TFM_CRYPTO_HASH_ABORT);
- PSA_CLOSE();
-
return status;
}
@@ -656,13 +559,9 @@
return PSA_ERROR_BAD_STATE;
}
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_hash_clone,
TFM_CRYPTO_HASH_CLONE);
- PSA_CLOSE();
-
return status;
}
@@ -688,15 +587,11 @@
{.base = hash, .len = hash_size}
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_hash_compute,
TFM_CRYPTO_HASH_COMPUTE);
*hash_length = out_vec[0].len;
- PSA_CLOSE();
-
return status;
}
@@ -718,13 +613,9 @@
{.base = hash, .len = hash_length},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH_NO_OUTVEC(tfm_crypto_hash_compare,
TFM_CRYPTO_HASH_COMPARE);
- PSA_CLOSE();
-
return status;
}
@@ -747,13 +638,9 @@
{.base = &(operation->handle), .len = sizeof(uint32_t)},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_mac_sign_setup,
TFM_CRYPTO_MAC_SIGN_SETUP);
- PSA_CLOSE();
-
return status;
}
@@ -776,13 +663,9 @@
{.base = &(operation->handle), .len = sizeof(uint32_t)},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_mac_verify_setup,
TFM_CRYPTO_MAC_VERIFY_SETUP);
- PSA_CLOSE();
-
return status;
}
@@ -804,13 +687,9 @@
{.base = &(operation->handle), .len = sizeof(uint32_t)},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_mac_update,
TFM_CRYPTO_MAC_UPDATE);
- PSA_CLOSE();
-
return status;
}
@@ -833,15 +712,11 @@
{.base = mac, .len = mac_size},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_mac_sign_finish,
TFM_CRYPTO_MAC_SIGN_FINISH);
*mac_length = out_vec[1].len;
- PSA_CLOSE();
-
return status;
}
@@ -863,13 +738,9 @@
{.base = &(operation->handle), .len = sizeof(uint32_t)},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_mac_verify_finish,
TFM_CRYPTO_MAC_VERIFY_FINISH);
- PSA_CLOSE();
-
return status;
}
@@ -888,13 +759,9 @@
{.base = &(operation->handle), .len = sizeof(uint32_t)},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_mac_abort,
TFM_CRYPTO_MAC_ABORT);
- PSA_CLOSE();
-
return status;
}
@@ -943,19 +810,15 @@
}
}
- PSA_CONNECT(TFM_CRYPTO);
-
size_t in_len = IOVEC_LEN(in_vec);
if (additional_data == NULL) {
in_len--;
}
- status = psa_call(ipc_handle, PSA_IPC_CALL, in_vec, in_len,
+ status = psa_call(TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, in_len,
out_vec, IOVEC_LEN(out_vec));
*ciphertext_length = out_vec[0].len;
- PSA_CLOSE();
-
return status;
}
@@ -1004,19 +867,15 @@
}
}
- PSA_CONNECT(TFM_CRYPTO);
-
size_t in_len = IOVEC_LEN(in_vec);
if (additional_data == NULL) {
in_len--;
}
- status = psa_call(ipc_handle, PSA_IPC_CALL, in_vec, in_len,
+ status = psa_call(TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, in_len,
out_vec, IOVEC_LEN(out_vec));
*plaintext_length = out_vec[0].len;
- PSA_CLOSE();
-
return status;
}
@@ -1054,15 +913,11 @@
{.base = signature, .len = signature_size},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_sign_hash,
TFM_CRYPTO_SIGN_HASH);
*signature_length = out_vec[0].len;
- PSA_CLOSE();
-
return status;
}
@@ -1096,13 +951,9 @@
{.base = signature, .len = signature_length}
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH_NO_OUTVEC(tfm_crypto_verify_hash,
TFM_CRYPTO_VERIFY_HASH);
- PSA_CLOSE();
-
return status;
}
@@ -1138,19 +989,15 @@
{.base = output, .len = output_size},
};
- PSA_CONNECT(TFM_CRYPTO);
-
size_t in_len = IOVEC_LEN(in_vec);
if (salt == NULL) {
in_len--;
}
- status = psa_call(ipc_handle, PSA_IPC_CALL, in_vec, in_len,
+ status = psa_call(TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, in_len,
out_vec, IOVEC_LEN(out_vec));
*output_length = out_vec[0].len;
- PSA_CLOSE();
-
return status;
}
@@ -1186,19 +1033,15 @@
{.base = output, .len = output_size},
};
- PSA_CONNECT(TFM_CRYPTO);
-
size_t in_len = IOVEC_LEN(in_vec);
if (salt == NULL) {
in_len--;
}
- status = psa_call(ipc_handle, PSA_IPC_CALL, in_vec, in_len,
+ status = psa_call(TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, in_len,
out_vec, IOVEC_LEN(out_vec));
*output_length = out_vec[0].len;
- PSA_CLOSE();
-
return status;
}
@@ -1220,13 +1063,9 @@
{.base = capacity, .len = sizeof(size_t)},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_key_derivation_get_capacity,
TFM_CRYPTO_KEY_DERIVATION_GET_CAPACITY);
- PSA_CLOSE();
-
return status;
}
@@ -1249,13 +1088,9 @@
{.base = output, .len = output_length},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_key_derivation_output_bytes,
TFM_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES);
- PSA_CLOSE();
-
return status;
}
@@ -1276,13 +1111,9 @@
{.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH_NO_OUTVEC(tfm_crypto_key_derivation_input_key,
TFM_CRYPTO_KEY_DERIVATION_INPUT_KEY);
- PSA_CLOSE();
-
return status;
}
@@ -1303,13 +1134,9 @@
{.base = &(operation->handle), .len = sizeof(uint32_t)},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_key_derivation_abort,
TFM_CRYPTO_KEY_DERIVATION_ABORT);
- PSA_CLOSE();
-
return status;
}
@@ -1333,13 +1160,9 @@
{.base = peer_key, .len = peer_key_length},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH_NO_OUTVEC(tfm_crypto_key_derivation_key_agreement,
TFM_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT);
- PSA_CLOSE();
-
return status;
}
@@ -1363,13 +1186,9 @@
return PSA_SUCCESS;
}
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_generate_random,
TFM_CRYPTO_GENERATE_RANDOM);
- PSA_CLOSE();
-
return status;
}
@@ -1390,11 +1209,8 @@
{.base = key, .len = sizeof(psa_key_id_t)},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_generate_key,
TFM_CRYPTO_GENERATE_KEY);
- PSA_CLOSE();
return status;
}
@@ -1531,15 +1347,11 @@
{.base = output, .len = output_size},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_raw_key_agreement,
TFM_CRYPTO_RAW_KEY_AGREEMENT);
*output_length = out_vec[0].len;
- PSA_CLOSE();
-
return status;
}
@@ -1560,11 +1372,8 @@
{.base = &(operation->handle), .len = sizeof(uint32_t)},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_key_derivation_setup,
TFM_CRYPTO_KEY_DERIVATION_SETUP);
- PSA_CLOSE();
return status;
}
@@ -1584,11 +1393,8 @@
{.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH_NO_OUTVEC(tfm_crypto_key_derivation_set_capacity,
TFM_CRYPTO_KEY_DERIVATION_SET_CAPACITY);
- PSA_CLOSE();
return status;
}
@@ -1611,11 +1417,8 @@
{.base = data, .len = data_length},
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH_NO_OUTVEC(tfm_crypto_key_derivation_input_bytes,
TFM_CRYPTO_KEY_DERIVATION_INPUT_BYTES);
- PSA_CLOSE();
return status;
}
@@ -1640,11 +1443,8 @@
{.base = key, .len = sizeof(psa_key_id_t)}
};
- PSA_CONNECT(TFM_CRYPTO);
-
status = API_DISPATCH(tfm_crypto_key_derivation_output_key,
TFM_CRYPTO_KEY_DERIVATION_OUTPUT_KEY);
- PSA_CLOSE();
return status;
}