TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / TF-M / trusted-firmware-m / 8b44244b4e2ac581e822ff780f93801a3c28c777 / . / interface / src / tfm_crypto_api.c
blob: 1ee71d81d3919a2fb50c009b8e4c47feb7b50a4b [file] [log] [blame]
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]1/*
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame]2 * Copyright (c) 2018-2019, Arm Limited. All rights reserved.
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 *
6 */
7
8#include "tfm_crypto_veneers.h"
9#include "psa_crypto.h"
10#include "tfm_ns_lock.h"
11#include "crypto_psa_wrappers.h"
12
13psa_status_t psa_crypto_init(void)
14{
15 /* Service init is performed during TFM boot up,
16 * so application level initialisation is empty
17 */
18 return PSA_SUCCESS;
19}
20
21psa_status_t psa_import_key(psa_key_slot_t key,
22 psa_key_type_t type,
23 const uint8_t *data,
24 size_t data_length)
25{
26 enum tfm_crypto_err_t err;
27
28 err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_import_key,
29 (uint32_t)key,
30 (uint32_t)type,
31 (uint32_t)data,
32 (uint32_t)data_length);
33
Antonio de Angeliscf85ba22018-10-09 13:29:40 +0100[diff] [blame]34 return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]35}
36
37psa_status_t psa_destroy_key(psa_key_slot_t key)
38{
39 enum tfm_crypto_err_t err;
40
41 err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_destroy_key,
42 (uint32_t)key,
43 0,
44 0,
45 0);
46
Antonio de Angeliscf85ba22018-10-09 13:29:40 +0100[diff] [blame]47 return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]48}
49
50psa_status_t psa_get_key_information(psa_key_slot_t key,
51 psa_key_type_t *type,
52 size_t *bits)
53{
54 enum tfm_crypto_err_t err;
55
56 err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_get_key_information,
57 (uint32_t)key,
58 (uint32_t)type,
59 (uint32_t)bits,
60 0);
61
Antonio de Angeliscf85ba22018-10-09 13:29:40 +0100[diff] [blame]62 return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]63}
64
65psa_status_t psa_export_key(psa_key_slot_t key,
66 uint8_t *data,
67 size_t data_size,
68 size_t *data_length)
69{
70 enum tfm_crypto_err_t err;
71
72 err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_export_key,
73 (uint32_t)key,
74 (uint32_t)data,
75 (uint32_t)data_size,
76 (uint32_t)data_length);
77
Antonio de Angeliscf85ba22018-10-09 13:29:40 +0100[diff] [blame]78 return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]79}
80
81psa_status_t psa_export_public_key(psa_key_slot_t key,
82 uint8_t *data,
83 size_t data_size,
84 size_t *data_length)
85{
Hugues de Valon8b442442019-02-19 14:30:52 +0000[diff] [blame^]86 (void)key;
87 (void)data;
88 (void)data_size;
89 (void)data_length;
90
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]91 /* TODO: This API is not supported yet */
92 return PSA_ERROR_NOT_SUPPORTED;
93}
94
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]95void psa_key_policy_init(psa_key_policy_t *policy)
96{
97 /* PSA API returns void so just ignore error value returned */
98 (void)tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_key_policy_init,
99 (uint32_t)policy,
100 0,
101 0,
102 0);
103}
104
105void psa_key_policy_set_usage(psa_key_policy_t *policy,
106 psa_key_usage_t usage,
107 psa_algorithm_t alg)
108{
109 /* PSA API returns void so just ignore error value returned */
110 (void)tfm_ns_lock_dispatch(
111 (veneer_fn)tfm_crypto_veneer_key_policy_set_usage,
112 (uint32_t)policy,
113 (uint32_t)usage,
114 (uint32_t)alg,
115 0);
116}
117
118psa_key_usage_t psa_key_policy_get_usage(const psa_key_policy_t *policy)
119{
120 psa_key_usage_t usage;
121
122 /* Initialise to a sensible default to avoid returning an uninitialised
123 * value in case the secure function fails.
124 */
125 usage = 0;
126
127 /* The PSA API does not return an error, so ignore any error from TF-M */
128 (void)tfm_ns_lock_dispatch(
129 (veneer_fn)tfm_crypto_veneer_key_policy_get_usage,
130 (uint32_t)policy,
131 (uint32_t)&usage,
132 0,
133 0);
134
135 return usage;
136}
137
138psa_algorithm_t psa_key_policy_get_algorithm(const psa_key_policy_t *policy)
139{
140 psa_algorithm_t alg;
141
142 /* Initialise to a sensible default to avoid returning an uninitialised
143 * value in case the secure function fails.
144 */
145 alg = 0;
146
147 /* The PSA API does not return an error, so ignore any error from TF-M */
148 (void)tfm_ns_lock_dispatch(
149 (veneer_fn)tfm_crypto_veneer_key_policy_get_algorithm,
150 (uint32_t)policy,
151 (uint32_t)&alg,
152 0,
153 0);
154
155 return alg;
156}
157
158psa_status_t psa_set_key_policy(psa_key_slot_t key,
159 const psa_key_policy_t *policy)
160{
161 enum tfm_crypto_err_t err;
162
163 err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_set_key_policy,
164 (uint32_t)key,
165 (uint32_t)policy,
166 0,
167 0);
168
169 return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
170}
171
172psa_status_t psa_get_key_policy(psa_key_slot_t key,
173 psa_key_policy_t *policy)
174{
175 enum tfm_crypto_err_t err;
176
177 err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_get_key_policy,
178 (uint32_t)key,
179 (uint32_t)policy,
180 0,
181 0);
182
183 return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
184}
185
186psa_status_t psa_set_key_lifetime(psa_key_slot_t key,
187 psa_key_lifetime_t lifetime)
188{
189 enum tfm_crypto_err_t err;
190
191 err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_set_key_lifetime,
192 (uint32_t)key,
193 (uint32_t)lifetime,
194 0,
195 0);
196
197 return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
198}
199
200psa_status_t psa_get_key_lifetime(psa_key_slot_t key,
201 psa_key_lifetime_t *lifetime)
202{
203 enum tfm_crypto_err_t err;
204
205 err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_get_key_lifetime,
206 (uint32_t)key,
207 (uint32_t)lifetime,
208 0,
209 0);
210
211 return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
212}
213
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame]214psa_status_t psa_cipher_set_iv(psa_cipher_operation_t *operation,
215 const unsigned char *iv,
216 size_t iv_length)
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]217{
218 enum tfm_crypto_err_t err;
219
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame]220 err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_cipher_set_iv,
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]221 (uint32_t)operation,
222 (uint32_t)iv,
223 (uint32_t)iv_length,
224 0);
225
Antonio de Angeliscf85ba22018-10-09 13:29:40 +0100[diff] [blame]226 return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]227}
228
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame]229psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation,
230 psa_key_slot_t key,
231 psa_algorithm_t alg)
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]232{
233 enum tfm_crypto_err_t err;
234
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame]235 err = tfm_ns_lock_dispatch(
236 (veneer_fn)tfm_crypto_veneer_cipher_encrypt_setup,
237 (uint32_t)operation,
238 (uint32_t)key,
239 (uint32_t)alg,
240 0);
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]241
Antonio de Angeliscf85ba22018-10-09 13:29:40 +0100[diff] [blame]242 return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]243}
244
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame]245psa_status_t psa_cipher_decrypt_setup(psa_cipher_operation_t *operation,
246 psa_key_slot_t key,
247 psa_algorithm_t alg)
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]248{
249 enum tfm_crypto_err_t err;
250
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame]251 err = tfm_ns_lock_dispatch(
252 (veneer_fn)tfm_crypto_veneer_cipher_decrypt_setup,
253 (uint32_t)operation,
254 (uint32_t)key,
255 (uint32_t)alg,
256 0);
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]257
Antonio de Angeliscf85ba22018-10-09 13:29:40 +0100[diff] [blame]258 return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]259}
260
261psa_status_t psa_cipher_update(psa_cipher_operation_t *operation,
262 const uint8_t *input,
263 size_t input_length,
264 unsigned char *output,
265 size_t output_size,
266 size_t *output_length)
267{
268 enum tfm_crypto_err_t err;
269
270 /* Packing in structures is needed to overcome the 4 parameters
271 * per call limit
272 */
273 struct psa_cipher_update_input input_s = {.input = input,
274 .input_length = input_length};
275 struct psa_cipher_update_output output_s = {.output = output,
276 .output_size = output_size,
277 .output_length =
278 output_length};
279
280 err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_cipher_update,
281 (uint32_t)operation,
282 (uint32_t)&input_s,
283 (uint32_t)&output_s,
284 0);
285
Antonio de Angeliscf85ba22018-10-09 13:29:40 +0100[diff] [blame]286 return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]287}
288
289psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation)
290{
291 enum tfm_crypto_err_t err;
292
293 err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_cipher_abort,
294 (uint32_t)operation,
295 0,
296 0,
297 0);
298
Antonio de Angeliscf85ba22018-10-09 13:29:40 +0100[diff] [blame]299 return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]300}
301
302psa_status_t psa_cipher_finish(psa_cipher_operation_t *operation,
303 uint8_t *output,
304 size_t output_size,
305 size_t *output_length)
306{
307 enum tfm_crypto_err_t err;
308
309 err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_cipher_finish,
310 (uint32_t)operation,
311 (uint32_t)output,
312 (uint32_t)output_size,
313 (uint32_t)output_length);
314
Antonio de Angeliscf85ba22018-10-09 13:29:40 +0100[diff] [blame]315 return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]316}
Antonio de Angelisa6f72162018-09-05 11:00:37 +0100[diff] [blame]317
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame]318psa_status_t psa_hash_setup(psa_hash_operation_t *operation,
Antonio de Angelisa6f72162018-09-05 11:00:37 +0100[diff] [blame]319 psa_algorithm_t alg)
320{
321 enum tfm_crypto_err_t err;
322
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame]323 err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_hash_setup,
Antonio de Angelisa6f72162018-09-05 11:00:37 +0100[diff] [blame]324 (uint32_t)operation,
325 (uint32_t)alg,
326 0,
327 0);
328
Antonio de Angeliscf85ba22018-10-09 13:29:40 +0100[diff] [blame]329 return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
Antonio de Angelisa6f72162018-09-05 11:00:37 +0100[diff] [blame]330}
331
332psa_status_t psa_hash_update(psa_hash_operation_t *operation,
333 const uint8_t *input,
334 size_t input_length)
335{
336 enum tfm_crypto_err_t err;
337
338 err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_hash_update,
339 (uint32_t)operation,
340 (uint32_t)input,
341 (uint32_t)input_length,
342 0);
343
Antonio de Angeliscf85ba22018-10-09 13:29:40 +0100[diff] [blame]344 return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
Antonio de Angelisa6f72162018-09-05 11:00:37 +0100[diff] [blame]345}
346
347psa_status_t psa_hash_finish(psa_hash_operation_t *operation,
348 uint8_t *hash,
349 size_t hash_size,
350 size_t *hash_length)
351{
352 enum tfm_crypto_err_t err;
353
354 err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_hash_finish,
355 (uint32_t)operation,
356 (uint32_t)hash,
357 (uint32_t)hash_size,
358 (uint32_t)hash_length);
359
Antonio de Angeliscf85ba22018-10-09 13:29:40 +0100[diff] [blame]360 return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
Antonio de Angelisa6f72162018-09-05 11:00:37 +0100[diff] [blame]361}
362
363psa_status_t psa_hash_verify(psa_hash_operation_t *operation,
364 const uint8_t *hash,
365 size_t hash_length)
366{
367 enum tfm_crypto_err_t err;
368
369 err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_hash_verify,
370 (uint32_t)operation,
371 (uint32_t)hash,
372 (uint32_t)hash_length,
373 0);
374
Antonio de Angeliscf85ba22018-10-09 13:29:40 +0100[diff] [blame]375 return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
Antonio de Angelisa6f72162018-09-05 11:00:37 +0100[diff] [blame]376}
377
378psa_status_t psa_hash_abort(psa_hash_operation_t *operation)
379{
380 enum tfm_crypto_err_t err;
381
382 err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_hash_abort,
383 (uint32_t)operation,
384 0,
385 0,
386 0);
387
Antonio de Angeliscf85ba22018-10-09 13:29:40 +0100[diff] [blame]388 return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
Antonio de Angelisa6f72162018-09-05 11:00:37 +0100[diff] [blame]389}
Louis Mayencourt7a36f782018-09-24 14:00:57 +0100[diff] [blame]390
391psa_status_t psa_mac_sign_setup(psa_mac_operation_t *operation,
392 psa_key_slot_t key,
393 psa_algorithm_t alg)
394{
395 enum tfm_crypto_err_t err;
396
397 err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_mac_sign_setup,
398 (uint32_t)operation,
399 (uint32_t)key,
400 (uint32_t)alg,
401 0);
402
403 return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
404}
405
406psa_status_t psa_mac_verify_setup(psa_mac_operation_t *operation,
407 psa_key_slot_t key,
408 psa_algorithm_t alg)
409{
410 enum tfm_crypto_err_t err;
411
412 err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_mac_verify_setup,
413 (uint32_t)operation,
414 (uint32_t)key,
415 (uint32_t)alg,
416 0);
417
418 return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
419}
420
421psa_status_t psa_mac_update(psa_mac_operation_t *operation,
422 const uint8_t *input,
423 size_t input_length)
424{
425 enum tfm_crypto_err_t err;
426
427 err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_mac_update,
428 (uint32_t)operation,
429 (uint32_t)input,
430 (uint32_t)input_length,
431 0);
432
433 return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
434}
435
436psa_status_t psa_mac_sign_finish(psa_mac_operation_t *operation,
437 uint8_t *mac,
438 size_t mac_size,
439 size_t *mac_length)
440{
441 enum tfm_crypto_err_t err;
442
443 err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_mac_sign_finish,
444 (uint32_t)operation,
445 (uint32_t)mac,
446 (uint32_t)mac_size,
447 (uint32_t)mac_length);
448
449 return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
450}
451
452psa_status_t psa_mac_verify_finish(psa_mac_operation_t *operation,
453 const uint8_t *mac,
454 size_t mac_length)
455{
456 enum tfm_crypto_err_t err;
457
458 err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_mac_verify_finish,
459 (uint32_t)operation,
460 (uint32_t)mac,
461 (uint32_t)mac_length,
462 0);
463
464 return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
465}
466
467psa_status_t psa_mac_abort(psa_mac_operation_t *operation)
468{
469 enum tfm_crypto_err_t err;
470
471 err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_mac_abort,
472 (uint32_t)operation,
473 0,
474 0,
475 0);
476
477 return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
478}
Antonio de Angelis3a480992018-11-07 11:53:28 +0000[diff] [blame]479
480psa_status_t psa_aead_encrypt(psa_key_slot_t key,
481 psa_algorithm_t alg,
482 const uint8_t *nonce,
483 size_t nonce_length,
484 const uint8_t *additional_data,
485 size_t additional_data_length,
486 const uint8_t *plaintext,
487 size_t plaintext_length,
488 uint8_t *ciphertext,
489 size_t ciphertext_size,
490 size_t *ciphertext_length)
491{
492 enum tfm_crypto_err_t err;
493
494 /* Packing in structures is needed to overcome the 4 parameters
495 * per call limit
496 */
497 struct psa_aead_encrypt_input input_s = {.key = key,
498 .alg = alg,
499 .nonce = nonce,
500 .nonce_length = nonce_length,
501 .additional_data = additional_data,
502 .additional_data_length =
503 additional_data_length,
504 .plaintext = plaintext,
505 .plaintext_length =
506 plaintext_length};
507 struct psa_aead_encrypt_output output_s = {.ciphertext = ciphertext,
508 .ciphertext_size =
509 ciphertext_size,
510 .ciphertext_length =
511 ciphertext_length};
512
513 err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_aead_encrypt,
514 (uint32_t)&input_s,
515 (uint32_t)&output_s,
516 0,
517 0);
518
519 return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
520}
521
522psa_status_t psa_aead_decrypt(psa_key_slot_t key,
523 psa_algorithm_t alg,
524 const uint8_t *nonce,
525 size_t nonce_length,
526 const uint8_t *additional_data,
527 size_t additional_data_length,
528 const uint8_t *ciphertext,
529 size_t ciphertext_length,
530 uint8_t *plaintext,
531 size_t plaintext_size,
532 size_t *plaintext_length)
533{
534 enum tfm_crypto_err_t err;
535
536 /* Packing in structures is needed to overcome the 4 parameters
537 * per call limit
538 */
539 struct psa_aead_decrypt_input input_s = {.key = key,
540 .alg = alg,
541 .nonce = nonce,
542 .nonce_length = nonce_length,
543 .additional_data = additional_data,
544 .additional_data_length =
545 additional_data_length,
546 .ciphertext = ciphertext,
547 .ciphertext_length =
548 ciphertext_length};
549 struct psa_aead_decrypt_output output_s = {.plaintext = plaintext,
550 .plaintext_size = plaintext_size,
551 .plaintext_length =
552 plaintext_length};
553
554 err = tfm_ns_lock_dispatch((veneer_fn)tfm_crypto_veneer_aead_decrypt,
555 (uint32_t)&input_s,
556 (uint32_t)&output_s,
557 0,
558 0);
559
560 return TFM_CRYPTO_ERR_TO_PSA_STATUS(err);
561}