Use libpsa in ts-demo

Modify the demo application to use the prebuilt PSA clients from
libpsa instead of directly building these.

Signed-off-by: Gabor Toth <gabor.toth2@arm.com>
Change-Id: Ib714c7ad901039c56ec6b021ff052b0329c79605
diff --git a/components/app/ts-demo/component.cmake b/components/app/ts-demo/component.cmake
index c4a7392..fe0f5fa 100644
--- a/components/app/ts-demo/component.cmake
+++ b/components/app/ts-demo/component.cmake
@@ -1,5 +1,5 @@
 #-------------------------------------------------------------------------------
-# Copyright (c) 2020, Arm Limited and Contributors. All rights reserved.
+# Copyright (c) 2020-2023, Arm Limited and Contributors. All rights reserved.
 #
 # SPDX-License-Identifier: BSD-3-Clause
 #
@@ -9,6 +9,6 @@
 endif()
 
 target_sources(${TGT} PRIVATE
-	"${CMAKE_CURRENT_LIST_DIR}/ts-demo.cpp"
+	"${CMAKE_CURRENT_LIST_DIR}/ts-demo.c"
 	)
 
diff --git a/components/app/ts-demo/test/ts-demo_tests.cpp b/components/app/ts-demo/test/ts-demo_tests.cpp
index e78f8a2..7fd104f 100644
--- a/components/app/ts-demo/test/ts-demo_tests.cpp
+++ b/components/app/ts-demo/test/ts-demo_tests.cpp
@@ -1,59 +1,62 @@
 /*
- * Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2020-2023, Arm Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
 
-#include <app/ts-demo/ts-demo.h>
-#include <service/crypto/client/cpp/protocol/packed-c/packedc_crypto_client.h>
-#include <protocols/rpc/common/packed-c/encoding.h>
 #include <CppUTest/TestHarness.h>
-#include <service_locator.h>
+#include <app/ts-demo/ts-demo.h>
+#include <protocols/rpc/common/packed-c/encoding.h>
 #include <service/crypto/client/cpp/crypto_client.h>
+#include <service/crypto/client/cpp/protocol/packed-c/packedc_crypto_client.h>
+#include <service/crypto/client/psa/psa_crypto_client.h>
+#include <service_locator.h>
 
+TEST_GROUP(TsDemoTests)
+{
+	void setup()
+	{
+		m_rpc_session = NULL;
+		m_crypto_service_context = NULL;
+		m_crypto_client = NULL;
 
-TEST_GROUP(TsDemoTests) {
+		service_locator_init();
 
-    void setup()
-    {
-        m_rpc_session = NULL;
-        m_crypto_service_context = NULL;
-        m_crypto_client = NULL;
+		m_crypto_service_context = service_locator_query("sn:trustedfirmware.org:crypto:0");
+		CHECK(m_crypto_service_context);
 
-        service_locator_init();
+		m_rpc_session = service_context_open(m_crypto_service_context);
+		CHECK(m_rpc_session);
 
-        m_crypto_service_context = service_locator_query("sn:trustedfirmware.org:crypto:0");
-        CHECK(m_crypto_service_context);
+		(void)psa_crypto_client_init(m_rpc_session);
 
-        m_rpc_session = service_context_open(m_crypto_service_context);
-        CHECK(m_rpc_session);
-
-        m_crypto_client = new packedc_crypto_client(m_rpc_session);
-    }
-
-    void teardown()
-    {
-        delete m_crypto_client;
-        m_crypto_client = NULL;
-
-	if (m_crypto_service_context) {
-	        if (m_rpc_session) {
-                        service_context_close(m_crypto_service_context, m_rpc_session);
-                        m_rpc_session = NULL;
-	        }
-
-                service_context_relinquish(m_crypto_service_context);
-                m_crypto_service_context = NULL;
+		m_crypto_client = new packedc_crypto_client(m_rpc_session);
 	}
-    }
 
-    struct rpc_caller_session *m_rpc_session;
-    struct service_context *m_crypto_service_context;
-    crypto_client *m_crypto_client;
+	void teardown()
+	{
+		delete m_crypto_client;
+		m_crypto_client = NULL;
+
+		if (m_crypto_service_context) {
+			if (m_rpc_session) {
+				service_context_close(m_crypto_service_context, m_rpc_session);
+				m_rpc_session = NULL;
+			}
+
+			psa_crypto_client_deinit();
+			service_context_relinquish(m_crypto_service_context);
+			m_crypto_service_context = NULL;
+		}
+	}
+
+	struct rpc_caller_session *m_rpc_session;
+	struct service_context *m_crypto_service_context;
+	crypto_client *m_crypto_client;
 };
 
 TEST(TsDemoTests, runTsDemo)
 {
-    int status = run_ts_demo(m_crypto_client, false);
-    CHECK_EQUAL(0, status);
+	int status = run_ts_demo(false);
+	CHECK_EQUAL(0, status);
 }
diff --git a/components/app/ts-demo/ts-demo.c b/components/app/ts-demo/ts-demo.c
new file mode 100644
index 0000000..43b3adb
--- /dev/null
+++ b/components/app/ts-demo/ts-demo.c
@@ -0,0 +1,325 @@
+/*
+ * Copyright (c) 2020-2023, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include "ts-demo.h"
+
+#include <psa/crypto.h>
+#include <stdbool.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+static const psa_key_id_t SIGNING_KEY_ID = 0x100;
+static const psa_key_id_t ENCRYPTION_KEY_ID = 0x101;
+
+bool m_verbose = true;
+
+void print_intro(void)
+{
+	if (m_verbose) {
+		printf("\nDemonstrates use of trusted services from an application");
+		printf("\n---------------------------------------------------------");
+		printf("\nA client requests a set of crypto operations performed by");
+		printf("\nthe Crypto service.  Key storage for persistent keys is");
+		printf("\nprovided by the Secure Storage service via the ITS client.\n");
+		printf("\n");
+	}
+}
+
+void wait(int seconds)
+{
+	if (m_verbose)
+		sleep(seconds);
+}
+
+void print_status(psa_status_t status)
+{
+	if (m_verbose) {
+		if (status == PSA_SUCCESS)
+			printf("\n\tOperation successful\n");
+		else
+			printf("\n\tOperation failed. op error: %d\n", status);
+	}
+}
+
+void print_byte_array(const uint8_t *array, size_t len)
+{
+	size_t count = 0;
+	size_t column = 0;
+
+	while (count < len) {
+		if (column == 0)
+			printf("\n\t\t");
+		else
+			printf(" ");
+
+		printf("%02X", array[count]);
+
+		++count;
+		column = (column + 1) % 8;
+	}
+
+	printf("\n");
+}
+
+bool generate_signing_key(psa_key_id_t *signing_key_id)
+{
+	psa_status_t status = PSA_ERROR_GENERIC_ERROR;
+	psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+	psa_set_key_id(&attributes, SIGNING_KEY_ID);
+	psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH);
+	psa_set_key_algorithm(&attributes, PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256));
+	psa_set_key_type(&attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1));
+	psa_set_key_bits(&attributes, 256);
+
+	if (m_verbose)
+		printf("Generating ECC signing key");
+
+	status = psa_generate_key(&attributes, signing_key_id);
+	psa_reset_key_attributes(&attributes);
+
+	print_status(status);
+
+	return (status != PSA_SUCCESS);
+}
+
+bool sign_and_verify_message(const char *message, psa_key_id_t signing_key_id)
+{
+	psa_status_t status = PSA_ERROR_GENERIC_ERROR;
+	bool error = false;
+	uint8_t message_buffer[100];
+	size_t message_len = strlen(message) + 1;
+
+	if (message_len > sizeof(message_buffer))
+		message_len = sizeof(message_buffer) - 1;
+
+	memset(message_buffer, 0, sizeof(message_buffer));
+	memcpy(message_buffer, message, message_len);
+
+	/* Sign message */
+	uint8_t signature[PSA_SIGNATURE_MAX_SIZE];
+	size_t signature_length;
+
+	if (m_verbose)
+		printf("Signing message: \"%s\" using key: %d", message_buffer, signing_key_id);
+
+	status = psa_sign_hash(signing_key_id, PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256),
+			       message_buffer, message_len, signature, sizeof(signature),
+			       &signature_length);
+
+	print_status(status);
+
+	if (m_verbose && (status == PSA_SUCCESS)) {
+		printf("\tSignature bytes: ");
+		print_byte_array(signature, signature_length);
+	}
+
+	error |= (status != PSA_SUCCESS);
+
+	/* Verify signature against original message */
+	if (m_verbose)
+		printf("Verify signature using original message: \"%s\"", message_buffer);
+
+	status = psa_verify_hash(signing_key_id, PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256),
+				 message_buffer, message_len, signature, signature_length);
+
+	print_status(status);
+
+	error |= (status != PSA_SUCCESS);
+
+	/* Verify signature against modified message */
+	message_buffer[0] = '!';
+	if (m_verbose)
+		printf("Verify signature using modified message: \"%s\"", message_buffer);
+
+	status = psa_verify_hash(signing_key_id, PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256),
+				 message_buffer, message_len, signature, signature_length);
+
+	if (status == PSA_ERROR_INVALID_SIGNATURE) {
+		if (m_verbose)
+			printf("\n\tSuccessfully detected modified message\n");
+	} else {
+		print_status(status);
+	}
+
+	error |= (status == PSA_SUCCESS);
+
+	return error;
+}
+
+bool generate_asymmetric_encryption_key(psa_key_id_t *encryption_key_id)
+{
+	psa_status_t status = PSA_ERROR_GENERIC_ERROR;
+	psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+	psa_set_key_id(&attributes, ENCRYPTION_KEY_ID);
+	psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT);
+	psa_set_key_algorithm(&attributes, PSA_ALG_RSA_PKCS1V15_CRYPT);
+	psa_set_key_type(&attributes, PSA_KEY_TYPE_RSA_KEY_PAIR);
+	psa_set_key_bits(&attributes, 1024);
+
+	if (m_verbose)
+		printf("Generating RSA encryption key");
+
+	status = psa_generate_key(&attributes, encryption_key_id);
+	psa_reset_key_attributes(&attributes);
+
+	print_status(status);
+
+	return (status != PSA_SUCCESS);
+}
+
+bool encrypt_add_decrypt_message(const char *message, psa_key_id_t encryption_key_id)
+{
+	bool error = false;
+	psa_status_t status = PSA_ERROR_GENERIC_ERROR;
+	size_t message_len = strlen(message) + 1;
+
+	/* Encrypt a message */
+	if (m_verbose)
+		printf("Encrypt message: \"%s\" using RSA key: %d", message, encryption_key_id);
+
+	uint8_t ciphertext[256];
+	size_t ciphertext_len = 0;
+
+	status = psa_asymmetric_encrypt(encryption_key_id, PSA_ALG_RSA_PKCS1V15_CRYPT,
+					(const uint8_t *)message, message_len, NULL, 0, ciphertext,
+					sizeof(ciphertext), &ciphertext_len);
+	print_status(status);
+
+	if (m_verbose && (status == PSA_SUCCESS)) {
+		printf("\tEncrypted message: ");
+		print_byte_array(ciphertext, ciphertext_len);
+	}
+
+	error |= (status != PSA_SUCCESS);
+
+	/* Decrypt it */
+	if (m_verbose)
+		printf("Decrypting message using RSA key: %d", encryption_key_id);
+
+	uint8_t plaintext[256];
+	size_t plaintext_len = 0;
+
+	status = psa_asymmetric_decrypt(encryption_key_id, PSA_ALG_RSA_PKCS1V15_CRYPT, ciphertext,
+					ciphertext_len, NULL, 0, plaintext, sizeof(plaintext),
+					&plaintext_len);
+	print_status(status);
+
+	if (m_verbose && (status == PSA_SUCCESS)) {
+		if ((plaintext_len == message_len) &&
+		    (memcmp(message, plaintext, plaintext_len) == 0)) {
+			printf("\tDecrypted message: \"%s\"\n", plaintext);
+		} else {
+			printf("\tDecrypted message is different from original!: ");
+			print_byte_array(plaintext, plaintext_len);
+		}
+	}
+
+	error |= (status != PSA_SUCCESS);
+
+	return error;
+}
+
+bool export_public_key(psa_key_id_t signing_key_id)
+{
+	psa_status_t status = PSA_ERROR_GENERIC_ERROR;
+	uint8_t key_buf[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE];
+	size_t key_len = 0;
+
+	if (m_verbose)
+		printf("Exporting public key: %d", signing_key_id);
+
+	status = psa_export_public_key(signing_key_id, key_buf, sizeof(key_buf), &key_len);
+
+	print_status(status);
+
+	if (m_verbose && (status == PSA_SUCCESS)) {
+		printf("\tPublic key bytes: ");
+		print_byte_array(key_buf, key_len);
+	}
+
+	return (status != PSA_SUCCESS);
+}
+
+bool generate_random_number(size_t length)
+{
+	psa_status_t status = PSA_ERROR_GENERIC_ERROR;
+	uint8_t *buffer = (uint8_t *)malloc(length);
+
+	if (m_verbose)
+		printf("Generating random bytes length: %lu", length);
+
+	status = psa_generate_random(buffer, length);
+
+	print_status(status);
+
+	if (m_verbose && (status == PSA_SUCCESS)) {
+		printf("\tRandom bytes: ");
+		print_byte_array(buffer, length);
+	}
+
+	return (status != PSA_SUCCESS);
+}
+
+bool destroy_keys(psa_key_id_t signing_key_id, psa_key_id_t encryption_key_id)
+{
+	bool error = false;
+	psa_status_t status = PSA_ERROR_GENERIC_ERROR;
+
+	if (m_verbose)
+		printf("Destroying signing key: %d", signing_key_id);
+
+	status = psa_destroy_key(signing_key_id);
+	print_status(status);
+	error |= (status != PSA_SUCCESS);
+
+	if (m_verbose)
+		printf("Destroying encryption key: %d", encryption_key_id);
+
+	status = psa_destroy_key(encryption_key_id);
+	print_status(status);
+	error |= (status != PSA_SUCCESS);
+
+	return error;
+}
+
+bool run_ts_demo(bool is_verbose)
+{
+	psa_key_id_t signing_key_id = 0;
+	psa_key_id_t encryption_key_id = 0;
+	bool error = false;
+
+	m_verbose = is_verbose;
+	print_intro();
+	wait(1);
+	psa_crypto_init();
+	wait(1);
+	error |= generate_random_number(1);
+	wait(1);
+	error |= generate_random_number(7);
+	wait(1);
+	error |= generate_random_number(128);
+	wait(1);
+	error |= generate_signing_key(&signing_key_id);
+	wait(2);
+	error |= sign_and_verify_message("The quick brown fox", signing_key_id);
+	wait(3);
+	error |= sign_and_verify_message("jumps over the lazy dog", signing_key_id);
+	wait(3);
+	error |= generate_asymmetric_encryption_key(&encryption_key_id);
+	wait(2);
+	error |= encrypt_add_decrypt_message("Top secret", encryption_key_id);
+	wait(3);
+	error |= export_public_key(signing_key_id);
+	wait(2);
+	error |= destroy_keys(signing_key_id, encryption_key_id);
+	wait(2);
+
+	return error;
+}
diff --git a/components/app/ts-demo/ts-demo.cpp b/components/app/ts-demo/ts-demo.cpp
deleted file mode 100644
index 589f3b6..0000000
--- a/components/app/ts-demo/ts-demo.cpp
+++ /dev/null
@@ -1,329 +0,0 @@
-/*
- * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-
-#include <cstdio>
-#include <cstring>
-#include <unistd.h>
-#include <service/crypto/client/cpp/crypto_client.h>
-#include "ts-demo.h"
-
-class ts_demo {
-public:
-    ts_demo(crypto_client *crypto_client, bool is_verbose) :
-        m_crypto_client(crypto_client),
-        m_signing_key_id(0),
-        m_encryption_key_id(0),
-        m_verbose(is_verbose),
-        m_all_ok(true) {
-
-    }
-
-    ~ts_demo() {
-
-    }
-
-    bool is_all_ok() const {
-        return m_all_ok;
-    }
-
-    void print_intro() {
-
-        if (m_verbose) {
-            printf("\nDemonstrates use of trusted services from an application");
-            printf("\n---------------------------------------------------------");
-            printf("\nA client requests a set of crypto operations performed by");
-            printf("\nthe Crypto service.  Key storage for persistent keys is");
-            printf("\nprovided by the Secure Storage service via the ITS client.\n");
-            printf("\n");
-        }
-    }
-
-    void wait(int seconds) {
-
-        if (m_verbose) sleep(seconds);
-    }
-
-    void print_status(psa_status_t status) {
-
-            if (m_verbose) {
-
-            if (status == PSA_SUCCESS) {
-                printf("\n\tOperation successful\n");
-            }
-            else {
-                printf("\n\tOperation failed. op error: %d RPC call status %d\n",
-                    status, m_crypto_client->err_rpc_status());
-            }
-        }
-    }
-
-    void print_byte_array(const uint8_t *array, size_t len)
-    {
-        size_t count = 0;
-        size_t column = 0;
-
-        while (count < len) {
-
-            if (column == 0) printf("\n\t\t");
-            else printf(" ");
-
-            printf("%02X", array[count]);
-
-            ++count;
-            column = (column +1) % 8;
-        }
-
-        printf("\n");
-    }
-
-    void generate_signing_key()
-    {
-        psa_status_t status;
-        psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
-
-        psa_set_key_id(&attributes, SIGNING_KEY_ID);
-        psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH);
-        psa_set_key_algorithm(&attributes, PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256));
-        psa_set_key_type(&attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1));
-        psa_set_key_bits(&attributes, 256);
-
-        if (m_verbose) printf("Generating ECC signing key");
-
-        status = m_crypto_client->generate_key(&attributes, &m_signing_key_id);
-        psa_reset_key_attributes(&attributes);
-
-        print_status(status);
-
-        m_all_ok &= (status == PSA_SUCCESS);
-    }
-
-    void sign_and_verify_message(const char *message)
-    {
-
-        psa_status_t status;
-        uint8_t hash[100];
-        size_t hash_len = strlen(message) + 1;
-
-        if (hash_len > sizeof(hash)) hash_len = sizeof(hash) - 1;
-
-        memset(hash, 0, sizeof(hash));
-        memcpy(hash, message, hash_len);
-
-	    /* Sign message */
-        uint8_t signature[PSA_SIGNATURE_MAX_SIZE];
-        size_t signature_length;
-
-        if (m_verbose) printf("Signing message: \"%s\" using key: %d", hash, m_signing_key_id);
-
-        status = m_crypto_client->sign_hash(m_signing_key_id,
-            PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256), hash, hash_len,
-            signature, sizeof(signature), &signature_length);
-
-        print_status(status);
-
-        if (m_verbose && (status == PSA_SUCCESS)) {
-            printf("\tSignature bytes: ");
-            print_byte_array(signature, signature_length);
-        }
-
-        m_all_ok &= (status == PSA_SUCCESS);
-
-        /* Verify signature against original message */
-        if (m_verbose) printf("Verify signature using original message: \"%s\"", hash);
-
-        status = m_crypto_client->verify_hash(m_signing_key_id,
-            PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256), hash, hash_len,
-            signature, signature_length);
-
-        print_status(status);
-
-        m_all_ok &= (status == PSA_SUCCESS);
-
-        /* Verify signature against modified message */
-        hash[0] = '!';
-        if (m_verbose) printf("Verify signature using modified message: \"%s\"", hash);
-
-        status = m_crypto_client->verify_hash(m_signing_key_id,
-            PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256), hash, hash_len,
-            signature, signature_length);
-
-        if (status == PSA_ERROR_INVALID_SIGNATURE) {
-            if (m_verbose) printf("\n\tSuccessfully detected modified message\n");
-        }
-        else {
-            print_status(status);
-        }
-
-        m_all_ok &= (status != PSA_SUCCESS);
-    }
-
-    void generate_asymmetric_encryption_key()
-    {
-        psa_status_t status;
-        psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
-
-        psa_set_key_id(&attributes, ENCRYPTION_KEY_ID);
-        psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT);
-        psa_set_key_algorithm(&attributes, PSA_ALG_RSA_PKCS1V15_CRYPT);
-        psa_set_key_type(&attributes, PSA_KEY_TYPE_RSA_KEY_PAIR);
-        psa_set_key_bits(&attributes, 1024);
-
-        if (m_verbose) printf("Generating RSA encryption key");
-
-        status = m_crypto_client->generate_key(&attributes, &m_encryption_key_id);
-        psa_reset_key_attributes(&attributes);
-
-        print_status(status);
-
-        m_all_ok &= (status == PSA_SUCCESS);
-    }
-
-    void encrypt_add_decrypt_message(const char *message)
-    {
-        psa_status_t status;
-        size_t message_len = strlen(message) + 1;
-
-        /* Encrypt a message */
-        if (m_verbose) printf("Encrypting message: \"%s\" using RSA key: %d", message, m_encryption_key_id);
-
-        uint8_t ciphertext[256];
-        size_t ciphertext_len = 0;
-
-        status = m_crypto_client->asymmetric_encrypt(m_encryption_key_id, PSA_ALG_RSA_PKCS1V15_CRYPT,
-                                (const uint8_t*)message, message_len, NULL, 0,
-                                ciphertext, sizeof(ciphertext), &ciphertext_len);
-        print_status(status);
-
-        if (m_verbose && (status == PSA_SUCCESS)) {
-            printf("\tEncrypted message: ");
-            print_byte_array(ciphertext, ciphertext_len);
-        }
-
-        m_all_ok &= (status == PSA_SUCCESS);
-
-        /* Decrypt it */
-        if (m_verbose) printf("Decrypting message using RSA key: %d", m_encryption_key_id);
-
-        uint8_t plaintext[256];
-        size_t plaintext_len = 0;
-
-        status = m_crypto_client->asymmetric_decrypt(m_encryption_key_id, PSA_ALG_RSA_PKCS1V15_CRYPT,
-                                ciphertext, ciphertext_len, NULL, 0,
-                                plaintext, sizeof(plaintext), &plaintext_len);
-        print_status(status);
-
-        if (m_verbose && (status == PSA_SUCCESS)) {
-
-            if ((plaintext_len == message_len) &&
-                (memcmp(message, plaintext, plaintext_len) == 0)) {
-                if (m_verbose) printf("\tDecrypted message: \"%s\"\n", plaintext);
-            }
-            else {
-                printf("\tDecrypted message is different from original!: ");
-                print_byte_array(plaintext, plaintext_len);
-            }
-        }
-
-        m_all_ok &= (status == PSA_SUCCESS);
-    }
-
-    void export_public_key()
-    {
-        psa_status_t status;
-        uint8_t key_buf[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE];
-        size_t key_len = 0;
-
-        if (m_verbose) printf("Exporting public key: %d", m_signing_key_id);
-
-        status = m_crypto_client->export_public_key(m_signing_key_id, key_buf, sizeof(key_buf), &key_len);
-
-        print_status(status);
-
-        if (m_verbose && (status == PSA_SUCCESS)) {
-            printf("\tPublic key bytes: ");
-            print_byte_array(key_buf, key_len);
-        }
-
-        m_all_ok &= (status == PSA_SUCCESS);
-    }
-
-    void generate_random_number(size_t length)
-    {
-        psa_status_t status;
-        uint8_t buffer[length];
-
-        if (m_verbose) printf("Generating random bytes length: %ld", length);
-
-        status = m_crypto_client->generate_random(buffer, length);
-
-        print_status(status);
-
-        if (m_verbose && (status == PSA_SUCCESS)) {
-            printf("\tRandom bytes: ");
-            print_byte_array(buffer, length);
-        }
-
-        m_all_ok &= (status == PSA_SUCCESS);
-    }
-
-    void destroy_keys()
-    {
-        psa_status_t status;
-
-        if (m_verbose) printf("Destroying signing key: %d", m_signing_key_id);
-        status = m_crypto_client->destroy_key(m_signing_key_id);
-        print_status(status);
-        m_all_ok &= (status == PSA_SUCCESS);
-
-        if (m_verbose) printf("Destroying encryption key: %d", m_encryption_key_id);
-        status = m_crypto_client->destroy_key(m_encryption_key_id);
-        print_status(status);
-        m_all_ok &= (status == PSA_SUCCESS);
-    }
-
-private:
-
-    static const psa_key_id_t SIGNING_KEY_ID = 0x100;
-    static const psa_key_id_t ENCRYPTION_KEY_ID = 0x101;
-
-    crypto_client *m_crypto_client;
-    psa_key_id_t m_signing_key_id;
-    psa_key_id_t m_encryption_key_id;
-
-    bool m_verbose;
-    bool m_all_ok;
-};
-
-
-int run_ts_demo(crypto_client *crypto_client, bool is_verbose) {
-
-    ts_demo demo(crypto_client, is_verbose);
-
-    demo.print_intro();
-    demo.wait(1);
-    demo.generate_random_number(1);
-    demo.wait(1);
-    demo.generate_random_number(7);
-    demo.wait(1);
-    demo.generate_random_number(128);
-    demo.wait(1);
-    demo.generate_signing_key();
-    demo.wait(2);
-    demo.sign_and_verify_message("The quick brown fox");
-    demo.wait(3);
-    demo.sign_and_verify_message("jumps over the lazy dog");
-    demo.wait(3);
-    demo.generate_asymmetric_encryption_key();
-    demo.wait(2);
-    demo.encrypt_add_decrypt_message("Top secret");
-    demo.wait(3);
-    demo.export_public_key();
-    demo.wait(2);
-    demo.destroy_keys();
-    demo.wait(2);
-
-    return demo.is_all_ok() ? 0 : -1;
-}
diff --git a/components/app/ts-demo/ts-demo.h b/components/app/ts-demo/ts-demo.h
index 96de474..34fbbbf 100644
--- a/components/app/ts-demo/ts-demo.h
+++ b/components/app/ts-demo/ts-demo.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2020, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2020-2023, Arm Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -7,8 +7,16 @@
 #ifndef TS_DEMO_H
 #define TS_DEMO_H
 
-#include <service/crypto/client/cpp/crypto_client.h>
+#include <stdbool.h>
 
-int run_ts_demo(crypto_client *crypto_client, bool is_verbose);
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+bool run_ts_demo(bool is_verbose);
+
+#ifdef __cplusplus
+}
+#endif
 
 #endif /* TS_DEMO_H */