TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / TF-M / trusted-firmware-m / adf9f085986c4f98033ec5f67aebc6b277077c0c / . / interface / src / tfm_crypto_api.c
blob: 9d28d5bebeb36ba8cc53b19131be00ce959e1b3b [file] [log] [blame]
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]1/*
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame]2 * Copyright (c) 2018-2019, Arm Limited. All rights reserved.
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 *
6 */
7
8#include "tfm_crypto_veneers.h"
9#include "psa_crypto.h"
10#include "tfm_ns_lock.h"
11#include "crypto_psa_wrappers.h"
12
13psa_status_t psa_crypto_init(void)
14{
15 /* Service init is performed during TFM boot up,
16 * so application level initialisation is empty
17 */
18 return PSA_SUCCESS;
19}
20
21psa_status_t psa_import_key(psa_key_slot_t key,
22 psa_key_type_t type,
23 const uint8_t *data,
24 size_t data_length)
25{
26 enum tfm_crypto_err_t err;
27
28 err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_import_key,
29 (uint32_t)key,
30 (uint32_t)type,
31 (uint32_t)data,
32 (uint32_t)data_length);
33
Antonio de Angeliscf85ba22018-10-09 13:29:40 +0100[diff] [blame]34 return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]35}
36
37psa_status_t psa_destroy_key(psa_key_slot_t key)
38{
39 enum tfm_crypto_err_t err;
40
41 err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_destroy_key,
42 (uint32_t)key,
43 0,
44 0,
45 0);
46
Antonio de Angeliscf85ba22018-10-09 13:29:40 +0100[diff] [blame]47 return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]48}
49
50psa_status_t psa_get_key_information(psa_key_slot_t key,
51 psa_key_type_t *type,
52 size_t *bits)
53{
54 enum tfm_crypto_err_t err;
55
56 err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_get_key_information,
57 (uint32_t)key,
58 (uint32_t)type,
59 (uint32_t)bits,
60 0);
61
Antonio de Angeliscf85ba22018-10-09 13:29:40 +0100[diff] [blame]62 return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]63}
64
65psa_status_t psa_export_key(psa_key_slot_t key,
66 uint8_t *data,
67 size_t data_size,
68 size_t *data_length)
69{
70 enum tfm_crypto_err_t err;
71
72 err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_export_key,
73 (uint32_t)key,
74 (uint32_t)data,
75 (uint32_t)data_size,
76 (uint32_t)data_length);
77
Antonio de Angeliscf85ba22018-10-09 13:29:40 +0100[diff] [blame]78 return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]79}
80
81psa_status_t psa_export_public_key(psa_key_slot_t key,
82 uint8_t *data,
83 size_t data_size,
84 size_t *data_length)
85{
86 /* TODO: This API is not supported yet */
87 return PSA_ERROR_NOT_SUPPORTED;
88}
89
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]90void psa_key_policy_init(psa_key_policy_t *policy)
91{
92 /* PSA API returns void so just ignore error value returned */
93 (void)tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_key_policy_init,
94 (uint32_t)policy,
95 0,
96 0,
97 0);
98}
99
100void psa_key_policy_set_usage(psa_key_policy_t *policy,
101 psa_key_usage_t usage,
102 psa_algorithm_t alg)
103{
104 /* PSA API returns void so just ignore error value returned */
105 (void)tfm_ns_lock_dispatch(
106 (veneer_fn)tfm_crypto_veneer_key_policy_set_usage,
107 (uint32_t)policy,
108 (uint32_t)usage,
109 (uint32_t)alg,
110 0);
111}
112
113psa_key_usage_t psa_key_policy_get_usage(const psa_key_policy_t *policy)
114{
115 psa_key_usage_t usage;
116
117 /* Initialise to a sensible default to avoid returning an uninitialised
118 * value in case the secure function fails.
119 */
120 usage = 0;
121
122 /* The PSA API does not return an error, so ignore any error from TF-M */
123 (void)tfm_ns_lock_dispatch(
124 (veneer_fn)tfm_crypto_veneer_key_policy_get_usage,
125 (uint32_t)policy,
126 (uint32_t)&usage,
127 0,
128 0);
129
130 return usage;
131}
132
133psa_algorithm_t psa_key_policy_get_algorithm(const psa_key_policy_t *policy)
134{
135 psa_algorithm_t alg;
136
137 /* Initialise to a sensible default to avoid returning an uninitialised
138 * value in case the secure function fails.
139 */
140 alg = 0;
141
142 /* The PSA API does not return an error, so ignore any error from TF-M */
143 (void)tfm_ns_lock_dispatch(
144 (veneer_fn)tfm_crypto_veneer_key_policy_get_algorithm,
145 (uint32_t)policy,
146 (uint32_t)&alg,
147 0,
148 0);
149
150 return alg;
151}
152
153psa_status_t psa_set_key_policy(psa_key_slot_t key,
154 const psa_key_policy_t *policy)
155{
156 enum tfm_crypto_err_t err;
157
158 err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_set_key_policy,
159 (uint32_t)key,
160 (uint32_t)policy,
161 0,
162 0);
163
164 return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
165}
166
167psa_status_t psa_get_key_policy(psa_key_slot_t key,
168 psa_key_policy_t *policy)
169{
170 enum tfm_crypto_err_t err;
171
172 err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_get_key_policy,
173 (uint32_t)key,
174 (uint32_t)policy,
175 0,
176 0);
177
178 return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
179}
180
181psa_status_t psa_set_key_lifetime(psa_key_slot_t key,
182 psa_key_lifetime_t lifetime)
183{
184 enum tfm_crypto_err_t err;
185
186 err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_set_key_lifetime,
187 (uint32_t)key,
188 (uint32_t)lifetime,
189 0,
190 0);
191
192 return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
193}
194
195psa_status_t psa_get_key_lifetime(psa_key_slot_t key,
196 psa_key_lifetime_t *lifetime)
197{
198 enum tfm_crypto_err_t err;
199
200 err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_get_key_lifetime,
201 (uint32_t)key,
202 (uint32_t)lifetime,
203 0,
204 0);
205
206 return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
207}
208
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame]209psa_status_t psa_cipher_set_iv(psa_cipher_operation_t *operation,
210 const unsigned char *iv,
211 size_t iv_length)
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]212{
213 enum tfm_crypto_err_t err;
214
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame]215 err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_cipher_set_iv,
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]216 (uint32_t)operation,
217 (uint32_t)iv,
218 (uint32_t)iv_length,
219 0);
220
Antonio de Angeliscf85ba22018-10-09 13:29:40 +0100[diff] [blame]221 return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]222}
223
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame]224psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation,
225 psa_key_slot_t key,
226 psa_algorithm_t alg)
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]227{
228 enum tfm_crypto_err_t err;
229
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame]230 err = tfm_ns_lock_dispatch(
231 (veneer_fn)tfm_crypto_veneer_cipher_encrypt_setup,
232 (uint32_t)operation,
233 (uint32_t)key,
234 (uint32_t)alg,
235 0);
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]236
Antonio de Angeliscf85ba22018-10-09 13:29:40 +0100[diff] [blame]237 return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]238}
239
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame]240psa_status_t psa_cipher_decrypt_setup(psa_cipher_operation_t *operation,
241 psa_key_slot_t key,
242 psa_algorithm_t alg)
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]243{
244 enum tfm_crypto_err_t err;
245
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame]246 err = tfm_ns_lock_dispatch(
247 (veneer_fn)tfm_crypto_veneer_cipher_decrypt_setup,
248 (uint32_t)operation,
249 (uint32_t)key,
250 (uint32_t)alg,
251 0);
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]252
Antonio de Angeliscf85ba22018-10-09 13:29:40 +0100[diff] [blame]253 return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]254}
255
256psa_status_t psa_cipher_update(psa_cipher_operation_t *operation,
257 const uint8_t *input,
258 size_t input_length,
259 unsigned char *output,
260 size_t output_size,
261 size_t *output_length)
262{
263 enum tfm_crypto_err_t err;
264
265 /* Packing in structures is needed to overcome the 4 parameters
266 * per call limit
267 */
268 struct psa_cipher_update_input input_s = {.input = input,
269 .input_length = input_length};
270 struct psa_cipher_update_output output_s = {.output = output,
271 .output_size = output_size,
272 .output_length =
273 output_length};
274
275 err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_cipher_update,
276 (uint32_t)operation,
277 (uint32_t)&input_s,
278 (uint32_t)&output_s,
279 0);
280
Antonio de Angeliscf85ba22018-10-09 13:29:40 +0100[diff] [blame]281 return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]282}
283
284psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation)
285{
286 enum tfm_crypto_err_t err;
287
288 err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_cipher_abort,
289 (uint32_t)operation,
290 0,
291 0,
292 0);
293
Antonio de Angeliscf85ba22018-10-09 13:29:40 +0100[diff] [blame]294 return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]295}
296
297psa_status_t psa_cipher_finish(psa_cipher_operation_t *operation,
298 uint8_t *output,
299 size_t output_size,
300 size_t *output_length)
301{
302 enum tfm_crypto_err_t err;
303
304 err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_cipher_finish,
305 (uint32_t)operation,
306 (uint32_t)output,
307 (uint32_t)output_size,
308 (uint32_t)output_length);
309
Antonio de Angeliscf85ba22018-10-09 13:29:40 +0100[diff] [blame]310 return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]311}
Antonio de Angelisa6f72162018-09-05 11:00:37 +0100[diff] [blame]312
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame]313psa_status_t psa_hash_setup(psa_hash_operation_t *operation,
Antonio de Angelisa6f72162018-09-05 11:00:37 +0100[diff] [blame]314 psa_algorithm_t alg)
315{
316 enum tfm_crypto_err_t err;
317
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame]318 err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_hash_setup,
Antonio de Angelisa6f72162018-09-05 11:00:37 +0100[diff] [blame]319 (uint32_t)operation,
320 (uint32_t)alg,
321 0,
322 0);
323
Antonio de Angeliscf85ba22018-10-09 13:29:40 +0100[diff] [blame]324 return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
Antonio de Angelisa6f72162018-09-05 11:00:37 +0100[diff] [blame]325}
326
327psa_status_t psa_hash_update(psa_hash_operation_t *operation,
328 const uint8_t *input,
329 size_t input_length)
330{
331 enum tfm_crypto_err_t err;
332
333 err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_hash_update,
334 (uint32_t)operation,
335 (uint32_t)input,
336 (uint32_t)input_length,
337 0);
338
Antonio de Angeliscf85ba22018-10-09 13:29:40 +0100[diff] [blame]339 return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
Antonio de Angelisa6f72162018-09-05 11:00:37 +0100[diff] [blame]340}
341
342psa_status_t psa_hash_finish(psa_hash_operation_t *operation,
343 uint8_t *hash,
344 size_t hash_size,
345 size_t *hash_length)
346{
347 enum tfm_crypto_err_t err;
348
349 err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_hash_finish,
350 (uint32_t)operation,
351 (uint32_t)hash,
352 (uint32_t)hash_size,
353 (uint32_t)hash_length);
354
Antonio de Angeliscf85ba22018-10-09 13:29:40 +0100[diff] [blame]355 return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
Antonio de Angelisa6f72162018-09-05 11:00:37 +0100[diff] [blame]356}
357
358psa_status_t psa_hash_verify(psa_hash_operation_t *operation,
359 const uint8_t *hash,
360 size_t hash_length)
361{
362 enum tfm_crypto_err_t err;
363
364 err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_hash_verify,
365 (uint32_t)operation,
366 (uint32_t)hash,
367 (uint32_t)hash_length,
368 0);
369
Antonio de Angeliscf85ba22018-10-09 13:29:40 +0100[diff] [blame]370 return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
Antonio de Angelisa6f72162018-09-05 11:00:37 +0100[diff] [blame]371}
372
373psa_status_t psa_hash_abort(psa_hash_operation_t *operation)
374{
375 enum tfm_crypto_err_t err;
376
377 err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_hash_abort,
378 (uint32_t)operation,
379 0,
380 0,
381 0);
382
Antonio de Angeliscf85ba22018-10-09 13:29:40 +0100[diff] [blame]383 return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
Antonio de Angelisa6f72162018-09-05 11:00:37 +0100[diff] [blame]384}
Louis Mayencourt7a36f782018-09-24 14:00:57 +0100[diff] [blame]385
386psa_status_t psa_mac_sign_setup(psa_mac_operation_t *operation,
387 psa_key_slot_t key,
388 psa_algorithm_t alg)
389{
390 enum tfm_crypto_err_t err;
391
392 err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_mac_sign_setup,
393 (uint32_t)operation,
394 (uint32_t)key,
395 (uint32_t)alg,
396 0);
397
398 return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
399}
400
401psa_status_t psa_mac_verify_setup(psa_mac_operation_t *operation,
402 psa_key_slot_t key,
403 psa_algorithm_t alg)
404{
405 enum tfm_crypto_err_t err;
406
407 err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_mac_verify_setup,
408 (uint32_t)operation,
409 (uint32_t)key,
410 (uint32_t)alg,
411 0);
412
413 return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
414}
415
416psa_status_t psa_mac_update(psa_mac_operation_t *operation,
417 const uint8_t *input,
418 size_t input_length)
419{
420 enum tfm_crypto_err_t err;
421
422 err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_mac_update,
423 (uint32_t)operation,
424 (uint32_t)input,
425 (uint32_t)input_length,
426 0);
427
428 return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
429}
430
431psa_status_t psa_mac_sign_finish(psa_mac_operation_t *operation,
432 uint8_t *mac,
433 size_t mac_size,
434 size_t *mac_length)
435{
436 enum tfm_crypto_err_t err;
437
438 err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_mac_sign_finish,
439 (uint32_t)operation,
440 (uint32_t)mac,
441 (uint32_t)mac_size,
442 (uint32_t)mac_length);
443
444 return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
445}
446
447psa_status_t psa_mac_verify_finish(psa_mac_operation_t *operation,
448 const uint8_t *mac,
449 size_t mac_length)
450{
451 enum tfm_crypto_err_t err;
452
453 err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_mac_verify_finish,
454 (uint32_t)operation,
455 (uint32_t)mac,
456 (uint32_t)mac_length,
457 0);
458
459 return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
460}
461
462psa_status_t psa_mac_abort(psa_mac_operation_t *operation)
463{
464 enum tfm_crypto_err_t err;
465
466 err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_mac_abort,
467 (uint32_t)operation,
468 0,
469 0,
470 0);
471
472 return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
473}
Antonio de Angelis3a480992018-11-07 11:53:28 +0000[diff] [blame]474
475psa_status_t psa_aead_encrypt(psa_key_slot_t key,
476 psa_algorithm_t alg,
477 const uint8_t *nonce,
478 size_t nonce_length,
479 const uint8_t *additional_data,
480 size_t additional_data_length,
481 const uint8_t *plaintext,
482 size_t plaintext_length,
483 uint8_t *ciphertext,
484 size_t ciphertext_size,
485 size_t *ciphertext_length)
486{
487 enum tfm_crypto_err_t err;
488
489 /* Packing in structures is needed to overcome the 4 parameters
490 * per call limit
491 */
492 struct psa_aead_encrypt_input input_s = {.key = key,
493 .alg = alg,
494 .nonce = nonce,
495 .nonce_length = nonce_length,
496 .additional_data = additional_data,
497 .additional_data_length =
498 additional_data_length,
499 .plaintext = plaintext,
500 .plaintext_length =
501 plaintext_length};
502 struct psa_aead_encrypt_output output_s = {.ciphertext = ciphertext,
503 .ciphertext_size =
504 ciphertext_size,
505 .ciphertext_length =
506 ciphertext_length};
507
508 err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_aead_encrypt,
509 (uint32_t)&input_s,
510 (uint32_t)&output_s,
511 0,
512 0);
513
514 return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
515}
516
517psa_status_t psa_aead_decrypt(psa_key_slot_t key,
518 psa_algorithm_t alg,
519 const uint8_t *nonce,
520 size_t nonce_length,
521 const uint8_t *additional_data,
522 size_t additional_data_length,
523 const uint8_t *ciphertext,
524 size_t ciphertext_length,
525 uint8_t *plaintext,
526 size_t plaintext_size,
527 size_t *plaintext_length)
528{
529 enum tfm_crypto_err_t err;
530
531 /* Packing in structures is needed to overcome the 4 parameters
532 * per call limit
533 */
534 struct psa_aead_decrypt_input input_s = {.key = key,
535 .alg = alg,
536 .nonce = nonce,
537 .nonce_length = nonce_length,
538 .additional_data = additional_data,
539 .additional_data_length =
540 additional_data_length,
541 .ciphertext = ciphertext,
542 .ciphertext_length =
543 ciphertext_length};
544 struct psa_aead_decrypt_output output_s = {.plaintext = plaintext,
545 .plaintext_size = plaintext_size,
546 .plaintext_length =
547 plaintext_length};
548
549 err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_aead_decrypt,
550 (uint32_t)&input_s,
551 (uint32_t)&output_s,
552 0,
553 0);
554
555 return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
556}