TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / TF-M / trusted-firmware-m / c9679cc4d8ef279be6a1a5bb0d6bff2b0f0709a5 / . / interface / include / tfm_crypto_defs.h
blob: b5e65d57a64b26356335be55158426744d6a567c [file] [log] [blame]
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]1/*
Antonio de Angelisc26af632021-10-07 15:04:12 +0100[diff] [blame]2 * Copyright (c) 2018-2022, Arm Limited. All rights reserved.
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 *
6 */
7
8#ifndef __TFM_CRYPTO_DEFS_H__
9#define __TFM_CRYPTO_DEFS_H__
10
11#ifdef __cplusplus
12extern "C" {
13#endif
14
15#include <stdint.h>
16#include <limits.h>
17#include "tfm_api.h"
Jamie Foxcc31d402019-01-28 17:13:52 +0000[diff] [blame]18#include "psa/crypto.h"
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]19
20/**
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame]21 * \brief This type is used to overcome a limitation in the number of maximum
22 * IOVECs that can be used especially in psa_aead_encrypt and
Antonio de Angelis202425a2022-04-06 11:13:15 +0100[diff] [blame]23 * psa_aead_decrypt.
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame]24 */
25#define TFM_CRYPTO_MAX_NONCE_LENGTH (16u)
26struct tfm_crypto_aead_pack_input {
27 uint8_t nonce[TFM_CRYPTO_MAX_NONCE_LENGTH];
28 uint32_t nonce_length;
29};
30
31/**
32 * \brief Structure used to pack non-pointer types in a call
33 *
34 */
35struct tfm_crypto_pack_iovec {
Antonio de Angelis202425a2022-04-06 11:13:15 +0100[diff] [blame]36 psa_key_id_t key_id; /*!< Key id */
37 psa_algorithm_t alg; /*!< Algorithm */
38 uint32_t op_handle; /*!< Frontend context handle associated to a
39 * multipart operation
40 */
41 size_t capacity; /*!< Key derivation capacity */
42 size_t ad_length; /*!< Additional Data length for multipart AEAD */
43 size_t plaintext_length; /*!< Plaintext length for multipart AEAD */
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame]44
Antonio de Angelis202425a2022-04-06 11:13:15 +0100[diff] [blame]45 struct tfm_crypto_aead_pack_input aead_in; /*!< Packs AEAD-related inputs */
David Huc9679cc2022-06-21 13:09:34 +0800[diff] [blame^]46
47 uint16_t function_id; /*!< Used to identify the function in the
48 * API dispatcher to the service backend
49 * See tfm_crypto_func_sid for detail
50 */
51 uint16_t step; /*!< Key derivation step */
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame]52};
53
54/**
David Huc9679cc2022-06-21 13:09:34 +0800[diff] [blame^]55 * \brief Type associated to the group of a function encoding. There can be
56 * nine groups (Random, Key management, Hash, MAC, Cipher, AEAD,
57 * Asym sign, Asym encrypt, Key derivation).
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame]58 */
David Huc9679cc2022-06-21 13:09:34 +0800[diff] [blame^]59enum tfm_crypto_group_id {
60 TFM_CRYPTO_GROUP_ID_RANDOM = 0x0,
61 TFM_CRYPTO_GROUP_ID_KEY_MANAGEMENT,
62 TFM_CRYPTO_GROUP_ID_HASH,
63 TFM_CRYPTO_GROUP_ID_MAC,
64 TFM_CRYPTO_GROUP_ID_CIPHER,
65 TFM_CRYPTO_GROUP_ID_AEAD,
66 TFM_CRYPTO_GROUP_ID_ASYM_SIGN,
67 TFM_CRYPTO_GROUP_ID_ASYM_ENCRYPT,
68 TFM_CRYPTO_GROUP_ID_KEY_DERIVATION,
69};
70
71/* X macro describing each of the available PSA Crypto APIs */
72#define KEY_MANAGEMENT_FUNCS \
73 X(TFM_CRYPTO_GET_KEY_ATTRIBUTES) \
74 X(TFM_CRYPTO_RESET_KEY_ATTRIBUTES) \
75 X(TFM_CRYPTO_OPEN_KEY) \
76 X(TFM_CRYPTO_CLOSE_KEY) \
77 X(TFM_CRYPTO_IMPORT_KEY) \
78 X(TFM_CRYPTO_DESTROY_KEY) \
79 X(TFM_CRYPTO_EXPORT_KEY) \
80 X(TFM_CRYPTO_EXPORT_PUBLIC_KEY) \
81 X(TFM_CRYPTO_PURGE_KEY) \
82 X(TFM_CRYPTO_COPY_KEY) \
83 X(TFM_CRYPTO_GENERATE_KEY)
84
85#define HASH_FUNCS \
86 X(TFM_CRYPTO_HASH_COMPUTE) \
87 X(TFM_CRYPTO_HASH_COMPARE) \
88 X(TFM_CRYPTO_HASH_SETUP) \
89 X(TFM_CRYPTO_HASH_UPDATE) \
90 X(TFM_CRYPTO_HASH_CLONE) \
91 X(TFM_CRYPTO_HASH_FINISH) \
92 X(TFM_CRYPTO_HASH_VERIFY) \
93 X(TFM_CRYPTO_HASH_ABORT)
94
95#define MAC_FUNCS \
96 X(TFM_CRYPTO_MAC_COMPUTE) \
97 X(TFM_CRYPTO_MAC_VERIFY) \
98 X(TFM_CRYPTO_MAC_SIGN_SETUP) \
99 X(TFM_CRYPTO_MAC_VERIFY_SETUP) \
100 X(TFM_CRYPTO_MAC_UPDATE) \
101 X(TFM_CRYPTO_MAC_SIGN_FINISH) \
102 X(TFM_CRYPTO_MAC_VERIFY_FINISH) \
103 X(TFM_CRYPTO_MAC_ABORT)
104
105#define CIPHER_FUNCS \
106 X(TFM_CRYPTO_CIPHER_ENCRYPT) \
107 X(TFM_CRYPTO_CIPHER_DECRYPT) \
108 X(TFM_CRYPTO_CIPHER_ENCRYPT_SETUP) \
109 X(TFM_CRYPTO_CIPHER_DECRYPT_SETUP) \
110 X(TFM_CRYPTO_CIPHER_GENERATE_IV) \
111 X(TFM_CRYPTO_CIPHER_SET_IV) \
112 X(TFM_CRYPTO_CIPHER_UPDATE) \
113 X(TFM_CRYPTO_CIPHER_FINISH) \
114 X(TFM_CRYPTO_CIPHER_ABORT)
115
116#define AEAD_FUNCS \
117 X(TFM_CRYPTO_AEAD_ENCRYPT) \
118 X(TFM_CRYPTO_AEAD_DECRYPT) \
119 X(TFM_CRYPTO_AEAD_ENCRYPT_SETUP) \
120 X(TFM_CRYPTO_AEAD_DECRYPT_SETUP) \
121 X(TFM_CRYPTO_AEAD_GENERATE_NONCE) \
122 X(TFM_CRYPTO_AEAD_SET_NONCE) \
123 X(TFM_CRYPTO_AEAD_SET_LENGTHS) \
124 X(TFM_CRYPTO_AEAD_UPDATE_AD) \
125 X(TFM_CRYPTO_AEAD_UPDATE) \
126 X(TFM_CRYPTO_AEAD_FINISH) \
127 X(TFM_CRYPTO_AEAD_VERIFY) \
128 X(TFM_CRYPTO_AEAD_ABORT)
129
130#define ASYMMETRIC_SIGN_FUNCS \
131 X(TFM_CRYPTO_ASYMMETRIC_SIGN_MESSAGE) \
132 X(TFM_CRYPTO_ASYMMETRIC_VERIFY_MESSAGE) \
133 X(TFM_CRYPTO_ASYMMETRIC_SIGN_HASH) \
134 X(TFM_CRYPTO_ASYMMETRIC_VERIFY_HASH)
135
136#define AYSMMETRIC_ENCRYPT_FUNCS \
137 X(TFM_CRYPTO_ASYMMETRIC_ENCRYPT) \
138 X(TFM_CRYPTO_ASYMMETRIC_DECRYPT)
139
140#define KEY_DERIVATION_FUNCS \
141 X(TFM_CRYPTO_RAW_KEY_AGREEMENT) \
142 X(TFM_CRYPTO_KEY_DERIVATION_SETUP) \
143 X(TFM_CRYPTO_KEY_DERIVATION_GET_CAPACITY) \
144 X(TFM_CRYPTO_KEY_DERIVATION_SET_CAPACITY) \
145 X(TFM_CRYPTO_KEY_DERIVATION_INPUT_BYTES) \
146 X(TFM_CRYPTO_KEY_DERIVATION_INPUT_KEY) \
147 X(TFM_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT) \
148 X(TFM_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES) \
149 X(TFM_CRYPTO_KEY_DERIVATION_OUTPUT_KEY) \
150 X(TFM_CRYPTO_KEY_DERIVATION_ABORT)
151
152#define RANDOM_FUNCS \
153 X(TFM_CRYPTO_GENERATE_RANDOM)
154
155/*
156 * Define function IDs in each group. The function ID will be encoded into
157 * tfm_crypto_func_sid below.
158 * Each group is defined as a dedicated enum in case the total number of
159 * PSA Crypto APIs exceeds 256.
Antonio de Angelis202425a2022-04-06 11:13:15 +0100[diff] [blame]160 */
David Huc9679cc2022-06-21 13:09:34 +0800[diff] [blame^]161#define X(func_id) func_id,
162enum tfm_crypto_key_management_func_id {
163 KEY_MANAGEMENT_FUNCS
164};
165enum tfm_crypto_hash_func_id {
166 HASH_FUNCS
167};
168enum tfm_crypto_mac_func_id {
169 MAC_FUNCS
170};
171enum tfm_crypto_cipher_func_id {
172 CIPHER_FUNCS
173};
174enum tfm_crypto_aead_func_id {
175 AEAD_FUNCS
176};
177enum tfm_crypto_asym_sign_func_id {
178 ASYMMETRIC_SIGN_FUNCS
179};
180enum tfm_crypto_asym_encrypt_func_id {
181 AYSMMETRIC_ENCRYPT_FUNCS
182};
183enum tfm_crypto_key_derivation_func_id {
184 KEY_DERIVATION_FUNCS
185};
186enum tfm_crypto_random_func_id {
187 RANDOM_FUNCS
188};
189#undef X
190
191#define FUNC_ID(func_id) (((func_id) & 0xFF) << 8)
192
193/*
194 * Numerical progressive value identifying a function API exposed through
195 * the interfaces (S or NS). It's used to dispatch the requests from S/NS
196 * to the corresponding API implementation in the Crypto service backend.
197 *
198 * Each function SID is encoded as uint16_t.
199 * | Func ID | Group ID |
200 * 15 8 7 0
201 * Func ID is defined in each group func_id enum above
202 * Group ID is defined in tfm_crypto_group_id.
203 */
204enum tfm_crypto_func_sid {
205
206#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \
207 (TFM_CRYPTO_GROUP_ID_KEY_MANAGEMENT & 0xFF)),
208
209 KEY_MANAGEMENT_FUNCS
210
211#undef X
212#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \
213 (TFM_CRYPTO_GROUP_ID_HASH & 0xFF)),
214 HASH_FUNCS
215
216#undef X
217#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \
218 (TFM_CRYPTO_GROUP_ID_MAC & 0xFF)),
219 MAC_FUNCS
220
221#undef X
222#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \
223 (TFM_CRYPTO_GROUP_ID_CIPHER & 0xFF)),
224 CIPHER_FUNCS
225
226#undef X
227#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \
228 (TFM_CRYPTO_GROUP_ID_AEAD & 0xFF)),
229 AEAD_FUNCS
230
231#undef X
232#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \
233 (TFM_CRYPTO_GROUP_ID_ASYM_SIGN & 0xFF)),
234 ASYMMETRIC_SIGN_FUNCS
235
236#undef X
237#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \
238 (TFM_CRYPTO_GROUP_ID_ASYM_ENCRYPT & 0xFF)),
239 AYSMMETRIC_ENCRYPT_FUNCS
240
241#undef X
242#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \
243 (TFM_CRYPTO_GROUP_ID_KEY_DERIVATION & 0xFF)),
244 KEY_DERIVATION_FUNCS
245
246#undef X
247#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \
248 (TFM_CRYPTO_GROUP_ID_RANDOM & 0xFF)),
249 RANDOM_FUNCS
250
Antonio de Angelis25e2b2d2019-04-25 14:49:50 +0100[diff] [blame]251};
Antonio de Angelis202425a2022-04-06 11:13:15 +0100[diff] [blame]252#undef X
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame]253
254/**
Edison Ai080b2e22019-04-17 16:27:21 +0800[diff] [blame]255 * \brief Define an invalid value for an SID
Antonio de Angelis25e2b2d2019-04-25 14:49:50 +0100[diff] [blame]256 *
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame]257 */
Edison Ai080b2e22019-04-17 16:27:21 +0800[diff] [blame]258#define TFM_CRYPTO_SID_INVALID (~0x0u)
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame]259
260/**
Louis Mayencourt7a36f782018-09-24 14:00:57 +0100[diff] [blame]261 * \brief This value is used to mark an handle as invalid.
262 *
263 */
Jamie Fox707caf72019-05-29 15:14:18 +0100[diff] [blame]264#define TFM_CRYPTO_INVALID_HANDLE (0x0u)
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]265
266/**
Jamie Foxdadb4e82019-09-03 17:59:41 +0100[diff] [blame]267 * \brief The persistent key identifier that refers to the hardware unique key.
268 *
269 */
270#define TFM_CRYPTO_KEY_ID_HUK (0xFFFF815Bu)
271
272/**
273 * \brief The algorithm identifier that refers to key derivation from the
274 * hardware unique key.
275 *
276 */
277#define TFM_CRYPTO_ALG_HUK_DERIVATION ((psa_algorithm_t)0xB0000F00)
278
279/**
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]280 * \brief Define miscellaneous literal constants that are used in the service
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame]281 *
282 */
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]283enum {
284 TFM_CRYPTO_NOT_IN_USE = 0,
285 TFM_CRYPTO_IN_USE = 1
286};
287
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]288#ifdef __cplusplus
289}
290#endif
291
292#endif /* __TFM_CRYPTO_DEFS_H__ */