Crypto: Add support for AEAD operations
This patch introduces support for the AEAD (authenticated
encryption with associated data) operations in the context
of the Crypto service. It also adds two functional test
cases to the NS suite to showcase AEAD in GCM and CCM mode
using AES-128.
Change-Id: I42ca3b27c68cb95dcddaf525d5a7ff53f92e911c
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
diff --git a/interface/include/crypto_psa_wrappers.h b/interface/include/crypto_psa_wrappers.h
index c337962..c34f828 100644
--- a/interface/include/crypto_psa_wrappers.h
+++ b/interface/include/crypto_psa_wrappers.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2019, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -50,6 +50,90 @@
struct psa_cipher_update_input *input_s,
struct psa_cipher_update_output *output_s);
+/*!
+ * \struct psa_aead_encrypt_input
+ *
+ * \brief Input structure for the tfm_crypto_aead_encrypt_wrapper function
+ *
+ */
+struct psa_aead_encrypt_input {
+ psa_key_slot_t key; /*!< Key slot */
+ psa_algorithm_t alg; /*!< Algorithm type */
+ const uint8_t *nonce; /*!< Nonce or IV to be used */
+ size_t nonce_length; /*!< Size in bytes of the nonce buffer */
+ const uint8_t *additional_data; /*!< Additional data to be authenticated */
+ size_t additional_data_length; /*!< Size in bytes of additional_data */
+ const uint8_t *plaintext; /*!< Buffer holding data for encryption */
+ size_t plaintext_length; /*!< Size in bytes of plaintext */
+};
+
+/*!
+ * \struct psa_aead_encrypt_output
+ *
+ * \brief Output structure for the tfm_crypto_aead_encrypt_wrapper function
+ *
+ */
+struct psa_aead_encrypt_output {
+ uint8_t *ciphertext; /*!< Pointer for the buffer to hold ciphertext */
+ size_t ciphertext_size; /*!< Size in bytes of the ciphertext buffer */
+ size_t *ciphertext_length; /*!< Actual size in bytes of ciphertext */
+};
+
+/*!
+ * \struct psa_aead_decrypt_input
+ *
+ * \brief Input structure for the tfm_crypto_aead_decrypt_wrapper function
+ *
+ */
+struct psa_aead_decrypt_input {
+ psa_key_slot_t key; /*!< Key slot */
+ psa_algorithm_t alg; /*!< Algorithm type */
+ const uint8_t *nonce; /*!< Nonce or IV to be used */
+ size_t nonce_length; /*!< Size in bytes of the nonce buffer */
+ const uint8_t *additional_data; /*!< Original data that was authenticated */
+ size_t additional_data_length; /*!< Size in bytes of additional_data */
+ const uint8_t *ciphertext; /*!< Buffer holding data for decryption */
+ size_t ciphertext_length; /*!< Size in bytes of ciphertext */
+};
+
+/*!
+ * \struct psa_aead_decrypt_output
+ *
+ * \brief Output structure for the tfm_crypto_aead_decrypt_wrapper function
+ *
+ */
+struct psa_aead_decrypt_output {
+ uint8_t *plaintext; /*!< Pointer for the buffer to hold plaintext */
+ size_t plaintext_size; /*!< Size in bytes of the plaintext buffer */
+ size_t *plaintext_length; /*!< Actual size in bytes of plaintext */
+};
+
+/*!
+ * \brief This function is a TF-M compatible wrapper for the
+ * \ref tfm_crypto_aead_encrypt implemented in the Crypto service
+ *
+ * \param[in] input_s Pointer to the structure containing input parameters
+ * associated with \ref psa_aead_encrypt_input
+ * \param[out] output_s Pointer to the structure containing output parameters
+ * associated with \ref psa_aead_encrypt_output
+ *
+ */
+enum tfm_crypto_err_t tfm_crypto_aead_encrypt_wrapper(
+ struct psa_aead_encrypt_input *input_s,
+ struct psa_aead_encrypt_output *output_s);
+/*!
+ * \brief This function is a TF-M compatible wrapper for the
+ * \ref tfm_crypto_aead_decrypt implemented in the Crypto service
+ *
+ * \param[in] input_s Pointer to the structure containing input parameters
+ * associated with \ref psa_aead_decrypt_input
+ * \param[out] output_s Pointer to the structure containing output parameters
+ * associated with \ref psa_aead_decrypt_output
+ *
+ */
+enum tfm_crypto_err_t tfm_crypto_aead_decrypt_wrapper(
+ struct psa_aead_decrypt_input *input_s,
+ struct psa_aead_decrypt_output *output_s);
#ifdef __cplusplus
}
#endif