TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / TF-M / trusted-firmware-m / 3a48099152f80e7e9e75610b2de06190ab1ff932 / . / interface / src / tfm_crypto_api.c
blob: 80699344ef50b24efab7d1debcda7190b2f1c809 [file] [log] [blame]
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]1/*
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame]2 * Copyright (c) 2018-2019, Arm Limited. All rights reserved.
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 *
6 */
7
8#include "tfm_crypto_veneers.h"
9#include "psa_crypto.h"
10#include "tfm_ns_lock.h"
11#include "crypto_psa_wrappers.h"
12
13psa_status_t psa_crypto_init(void)
14{
15 /* Service init is performed during TFM boot up,
16 * so application level initialisation is empty
17 */
18 return PSA_SUCCESS;
19}
20
21psa_status_t psa_import_key(psa_key_slot_t key,
22 psa_key_type_t type,
23 const uint8_t *data,
24 size_t data_length)
25{
26 enum tfm_crypto_err_t err;
27
28 err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_import_key,
29 (uint32_t)key,
30 (uint32_t)type,
31 (uint32_t)data,
32 (uint32_t)data_length);
33
Antonio de Angeliscf85ba22018-10-09 13:29:40 +0100[diff] [blame]34 return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]35}
36
37psa_status_t psa_destroy_key(psa_key_slot_t key)
38{
39 enum tfm_crypto_err_t err;
40
41 err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_destroy_key,
42 (uint32_t)key,
43 0,
44 0,
45 0);
46
Antonio de Angeliscf85ba22018-10-09 13:29:40 +0100[diff] [blame]47 return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]48}
49
50psa_status_t psa_get_key_information(psa_key_slot_t key,
51 psa_key_type_t *type,
52 size_t *bits)
53{
54 enum tfm_crypto_err_t err;
55
56 err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_get_key_information,
57 (uint32_t)key,
58 (uint32_t)type,
59 (uint32_t)bits,
60 0);
61
Antonio de Angeliscf85ba22018-10-09 13:29:40 +0100[diff] [blame]62 return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]63}
64
65psa_status_t psa_export_key(psa_key_slot_t key,
66 uint8_t *data,
67 size_t data_size,
68 size_t *data_length)
69{
70 enum tfm_crypto_err_t err;
71
72 err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_export_key,
73 (uint32_t)key,
74 (uint32_t)data,
75 (uint32_t)data_size,
76 (uint32_t)data_length);
77
Antonio de Angeliscf85ba22018-10-09 13:29:40 +0100[diff] [blame]78 return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]79}
80
81psa_status_t psa_export_public_key(psa_key_slot_t key,
82 uint8_t *data,
83 size_t data_size,
84 size_t *data_length)
85{
86 /* TODO: This API is not supported yet */
87 return PSA_ERROR_NOT_SUPPORTED;
88}
89
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame]90psa_status_t psa_cipher_set_iv(psa_cipher_operation_t *operation,
91 const unsigned char *iv,
92 size_t iv_length)
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]93{
94 enum tfm_crypto_err_t err;
95
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame]96 err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_cipher_set_iv,
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]97 (uint32_t)operation,
98 (uint32_t)iv,
99 (uint32_t)iv_length,
100 0);
101
Antonio de Angeliscf85ba22018-10-09 13:29:40 +0100[diff] [blame]102 return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]103}
104
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame]105psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation,
106 psa_key_slot_t key,
107 psa_algorithm_t alg)
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]108{
109 enum tfm_crypto_err_t err;
110
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame]111 err = tfm_ns_lock_dispatch(
112 (veneer_fn)tfm_crypto_veneer_cipher_encrypt_setup,
113 (uint32_t)operation,
114 (uint32_t)key,
115 (uint32_t)alg,
116 0);
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]117
Antonio de Angeliscf85ba22018-10-09 13:29:40 +0100[diff] [blame]118 return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]119}
120
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame]121psa_status_t psa_cipher_decrypt_setup(psa_cipher_operation_t *operation,
122 psa_key_slot_t key,
123 psa_algorithm_t alg)
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]124{
125 enum tfm_crypto_err_t err;
126
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame]127 err = tfm_ns_lock_dispatch(
128 (veneer_fn)tfm_crypto_veneer_cipher_decrypt_setup,
129 (uint32_t)operation,
130 (uint32_t)key,
131 (uint32_t)alg,
132 0);
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]133
Antonio de Angeliscf85ba22018-10-09 13:29:40 +0100[diff] [blame]134 return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]135}
136
137psa_status_t psa_cipher_update(psa_cipher_operation_t *operation,
138 const uint8_t *input,
139 size_t input_length,
140 unsigned char *output,
141 size_t output_size,
142 size_t *output_length)
143{
144 enum tfm_crypto_err_t err;
145
146 /* Packing in structures is needed to overcome the 4 parameters
147 * per call limit
148 */
149 struct psa_cipher_update_input input_s = {.input = input,
150 .input_length = input_length};
151 struct psa_cipher_update_output output_s = {.output = output,
152 .output_size = output_size,
153 .output_length =
154 output_length};
155
156 err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_cipher_update,
157 (uint32_t)operation,
158 (uint32_t)&input_s,
159 (uint32_t)&output_s,
160 0);
161
Antonio de Angeliscf85ba22018-10-09 13:29:40 +0100[diff] [blame]162 return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]163}
164
165psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation)
166{
167 enum tfm_crypto_err_t err;
168
169 err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_cipher_abort,
170 (uint32_t)operation,
171 0,
172 0,
173 0);
174
Antonio de Angeliscf85ba22018-10-09 13:29:40 +0100[diff] [blame]175 return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]176}
177
178psa_status_t psa_cipher_finish(psa_cipher_operation_t *operation,
179 uint8_t *output,
180 size_t output_size,
181 size_t *output_length)
182{
183 enum tfm_crypto_err_t err;
184
185 err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_cipher_finish,
186 (uint32_t)operation,
187 (uint32_t)output,
188 (uint32_t)output_size,
189 (uint32_t)output_length);
190
Antonio de Angeliscf85ba22018-10-09 13:29:40 +0100[diff] [blame]191 return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]192}
Antonio de Angelisa6f72162018-09-05 11:00:37 +0100[diff] [blame]193
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame]194psa_status_t psa_hash_setup(psa_hash_operation_t *operation,
Antonio de Angelisa6f72162018-09-05 11:00:37 +0100[diff] [blame]195 psa_algorithm_t alg)
196{
197 enum tfm_crypto_err_t err;
198
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame]199 err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_hash_setup,
Antonio de Angelisa6f72162018-09-05 11:00:37 +0100[diff] [blame]200 (uint32_t)operation,
201 (uint32_t)alg,
202 0,
203 0);
204
Antonio de Angeliscf85ba22018-10-09 13:29:40 +0100[diff] [blame]205 return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
Antonio de Angelisa6f72162018-09-05 11:00:37 +0100[diff] [blame]206}
207
208psa_status_t psa_hash_update(psa_hash_operation_t *operation,
209 const uint8_t *input,
210 size_t input_length)
211{
212 enum tfm_crypto_err_t err;
213
214 err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_hash_update,
215 (uint32_t)operation,
216 (uint32_t)input,
217 (uint32_t)input_length,
218 0);
219
Antonio de Angeliscf85ba22018-10-09 13:29:40 +0100[diff] [blame]220 return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
Antonio de Angelisa6f72162018-09-05 11:00:37 +0100[diff] [blame]221}
222
223psa_status_t psa_hash_finish(psa_hash_operation_t *operation,
224 uint8_t *hash,
225 size_t hash_size,
226 size_t *hash_length)
227{
228 enum tfm_crypto_err_t err;
229
230 err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_hash_finish,
231 (uint32_t)operation,
232 (uint32_t)hash,
233 (uint32_t)hash_size,
234 (uint32_t)hash_length);
235
Antonio de Angeliscf85ba22018-10-09 13:29:40 +0100[diff] [blame]236 return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
Antonio de Angelisa6f72162018-09-05 11:00:37 +0100[diff] [blame]237}
238
239psa_status_t psa_hash_verify(psa_hash_operation_t *operation,
240 const uint8_t *hash,
241 size_t hash_length)
242{
243 enum tfm_crypto_err_t err;
244
245 err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_hash_verify,
246 (uint32_t)operation,
247 (uint32_t)hash,
248 (uint32_t)hash_length,
249 0);
250
Antonio de Angeliscf85ba22018-10-09 13:29:40 +0100[diff] [blame]251 return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
Antonio de Angelisa6f72162018-09-05 11:00:37 +0100[diff] [blame]252}
253
254psa_status_t psa_hash_abort(psa_hash_operation_t *operation)
255{
256 enum tfm_crypto_err_t err;
257
258 err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_hash_abort,
259 (uint32_t)operation,
260 0,
261 0,
262 0);
263
Antonio de Angeliscf85ba22018-10-09 13:29:40 +0100[diff] [blame]264 return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
Antonio de Angelisa6f72162018-09-05 11:00:37 +0100[diff] [blame]265}
Louis Mayencourt7a36f782018-09-24 14:00:57 +0100[diff] [blame]266
267psa_status_t psa_mac_sign_setup(psa_mac_operation_t *operation,
268 psa_key_slot_t key,
269 psa_algorithm_t alg)
270{
271 enum tfm_crypto_err_t err;
272
273 err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_mac_sign_setup,
274 (uint32_t)operation,
275 (uint32_t)key,
276 (uint32_t)alg,
277 0);
278
279 return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
280}
281
282psa_status_t psa_mac_verify_setup(psa_mac_operation_t *operation,
283 psa_key_slot_t key,
284 psa_algorithm_t alg)
285{
286 enum tfm_crypto_err_t err;
287
288 err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_mac_verify_setup,
289 (uint32_t)operation,
290 (uint32_t)key,
291 (uint32_t)alg,
292 0);
293
294 return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
295}
296
297psa_status_t psa_mac_update(psa_mac_operation_t *operation,
298 const uint8_t *input,
299 size_t input_length)
300{
301 enum tfm_crypto_err_t err;
302
303 err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_mac_update,
304 (uint32_t)operation,
305 (uint32_t)input,
306 (uint32_t)input_length,
307 0);
308
309 return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
310}
311
312psa_status_t psa_mac_sign_finish(psa_mac_operation_t *operation,
313 uint8_t *mac,
314 size_t mac_size,
315 size_t *mac_length)
316{
317 enum tfm_crypto_err_t err;
318
319 err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_mac_sign_finish,
320 (uint32_t)operation,
321 (uint32_t)mac,
322 (uint32_t)mac_size,
323 (uint32_t)mac_length);
324
325 return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
326}
327
328psa_status_t psa_mac_verify_finish(psa_mac_operation_t *operation,
329 const uint8_t *mac,
330 size_t mac_length)
331{
332 enum tfm_crypto_err_t err;
333
334 err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_mac_verify_finish,
335 (uint32_t)operation,
336 (uint32_t)mac,
337 (uint32_t)mac_length,
338 0);
339
340 return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
341}
342
343psa_status_t psa_mac_abort(psa_mac_operation_t *operation)
344{
345 enum tfm_crypto_err_t err;
346
347 err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_mac_abort,
348 (uint32_t)operation,
349 0,
350 0,
351 0);
352
353 return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
354}
Antonio de Angelis3a480992018-11-07 11:53:28 +0000[diff] [blame^]355
356psa_status_t psa_aead_encrypt(psa_key_slot_t key,
357 psa_algorithm_t alg,
358 const uint8_t *nonce,
359 size_t nonce_length,
360 const uint8_t *additional_data,
361 size_t additional_data_length,
362 const uint8_t *plaintext,
363 size_t plaintext_length,
364 uint8_t *ciphertext,
365 size_t ciphertext_size,
366 size_t *ciphertext_length)
367{
368 enum tfm_crypto_err_t err;
369
370 /* Packing in structures is needed to overcome the 4 parameters
371 * per call limit
372 */
373 struct psa_aead_encrypt_input input_s = {.key = key,
374 .alg = alg,
375 .nonce = nonce,
376 .nonce_length = nonce_length,
377 .additional_data = additional_data,
378 .additional_data_length =
379 additional_data_length,
380 .plaintext = plaintext,
381 .plaintext_length =
382 plaintext_length};
383 struct psa_aead_encrypt_output output_s = {.ciphertext = ciphertext,
384 .ciphertext_size =
385 ciphertext_size,
386 .ciphertext_length =
387 ciphertext_length};
388
389 err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_aead_encrypt,
390 (uint32_t)&input_s,
391 (uint32_t)&output_s,
392 0,
393 0);
394
395 return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
396}
397
398psa_status_t psa_aead_decrypt(psa_key_slot_t key,
399 psa_algorithm_t alg,
400 const uint8_t *nonce,
401 size_t nonce_length,
402 const uint8_t *additional_data,
403 size_t additional_data_length,
404 const uint8_t *ciphertext,
405 size_t ciphertext_length,
406 uint8_t *plaintext,
407 size_t plaintext_size,
408 size_t *plaintext_length)
409{
410 enum tfm_crypto_err_t err;
411
412 /* Packing in structures is needed to overcome the 4 parameters
413 * per call limit
414 */
415 struct psa_aead_decrypt_input input_s = {.key = key,
416 .alg = alg,
417 .nonce = nonce,
418 .nonce_length = nonce_length,
419 .additional_data = additional_data,
420 .additional_data_length =
421 additional_data_length,
422 .ciphertext = ciphertext,
423 .ciphertext_length =
424 ciphertext_length};
425 struct psa_aead_decrypt_output output_s = {.plaintext = plaintext,
426 .plaintext_size = plaintext_size,
427 .plaintext_length =
428 plaintext_length};
429
430 err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_aead_decrypt,
431 (uint32_t)&input_s,
432 (uint32_t)&output_s,
433 0,
434 0);
435
436 return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
437}