TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / next / TF-M / trusted-firmware-m / 4743e6731b0fe8a00ceebfd74da098c7676ac6e0 / . / secure_fw / services / crypto / crypto_key.c
blob: dc55de62f6007a45c8833c98f7af82fc0197ff90 [file] [log] [blame]
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]1/*
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame]2 * Copyright (c) 2018-2019, Arm Limited. All rights reserved.
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 *
6 */
7
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]8#include <stdbool.h>
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]9#include <stddef.h>
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]10
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]11#include "tfm_crypto_api.h"
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]12#include "psa_crypto.h"
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]13#include "tfm_crypto_defs.h"
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]14#include "secure_fw/core/tfm_memory_utils.h"
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]15
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame^]16/* FixMe: Use PSA_CONNECTION_REFUSED when performing parameter
17 * integrity checks but this will have to be revised
18 * when the full set of error codes mandated by PSA FF
19 * is available.
20 */
21
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]22/**
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]23 * \brief This is the default value of maximum number of simultaneous
24 * key stores supported.
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]25 */
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]26#ifndef TFM_CRYPTO_KEY_STORAGE_NUM
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]27#define TFM_CRYPTO_KEY_STORAGE_NUM (4)
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]28#endif
29
30/**
31 * \brief This is the default value of the maximum supported key length
32 * in bytes.
33 */
34#ifndef TFM_CRYPTO_MAX_KEY_LENGTH
Tamas Ban28aeec32019-01-09 16:53:26 +0000[diff] [blame]35#define TFM_CRYPTO_MAX_KEY_LENGTH (64)
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]36#endif
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]37
38struct tfm_crypto_key_storage_s {
39 uint8_t in_use; /*!< Indicates if the key store is in use */
40 psa_key_type_t type; /*!< Type of the key stored */
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]41 psa_key_policy_t policy; /*!< Policy of the key stored */
42 psa_key_lifetime_t lifetime; /*!< Lifetime of the key stored */
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]43 size_t data_length; /*!< Length of the key stored */
44 uint8_t data[TFM_CRYPTO_MAX_KEY_LENGTH]; /*!< Buffer containining the key */
45};
46
47static struct tfm_crypto_key_storage_s
48 key_storage[TFM_CRYPTO_KEY_STORAGE_NUM] = {{0}};
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]49
50/**
51 * \brief Get a pointer to the key store for the provided key slot.
52 *
53 * \param[in] key Key slot
54 *
55 * \return Pointer to key store or NULL if key is not a valid key slot
56 */
57static struct tfm_crypto_key_storage_s *get_key_store(psa_key_slot_t key)
58{
59 if (key == 0 || key > TFM_CRYPTO_KEY_STORAGE_NUM) {
60 return NULL;
61 }
62
63 return &key_storage[key - 1];
64}
65
66/**
67 * \brief Check that the key type is supported and that key_length is a
68 * supported key length for that key type.
69 *
70 * \param[in] type Key type
71 * \param[in] key_length Key data length in bytes
72 *
73 * \return True if the key type is supported and key_length is a supported
74 * key length for that key type, false otherwise
75 */
76static bool key_type_is_supported(psa_key_type_t type, size_t key_length)
77{
78 if (key_length > TFM_CRYPTO_MAX_KEY_LENGTH) {
79 return false;
80 }
81
82 switch (type) {
83 case PSA_KEY_TYPE_RAW_DATA:
84 case PSA_KEY_TYPE_HMAC:
85 case PSA_KEY_TYPE_DERIVE:
86 return true; /* No further restictions on these key types */
87 case PSA_KEY_TYPE_AES:
88 case PSA_KEY_TYPE_CAMELLIA:
89 return (key_length == 16 || key_length == 24 || key_length == 32);
90 case PSA_KEY_TYPE_DES:
91 return (key_length == 8 || key_length == 16 || key_length == 24);
92 case PSA_KEY_TYPE_ARC4:
93 return key_length >= 1;
94 default:
95 return false; /* Other key types are not supported */
96 }
97}
98
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]99/*!
100 * \defgroup public Public functions
101 *
102 */
103
104/*!@{*/
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]105psa_status_t tfm_crypto_init_key(void)
Antonio de Angeliscf85ba22018-10-09 13:29:40 +0100[diff] [blame]106{
107 /* Clear the contents of the local key_storage */
Hugues de Valon8b442442019-02-19 14:30:52 +0000[diff] [blame]108 (void)tfm_memset(key_storage, 0, sizeof(key_storage));
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]109 return PSA_SUCCESS;
Antonio de Angeliscf85ba22018-10-09 13:29:40 +0100[diff] [blame]110}
111
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]112psa_status_t tfm_crypto_get_key(psa_key_slot_t key,
113 psa_key_usage_t usage,
114 psa_algorithm_t alg,
115 uint8_t *data,
116 size_t data_size,
117 size_t *data_length)
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]118{
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]119 struct tfm_crypto_key_storage_s *key_store;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]120 size_t i;
121
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]122 key_store = get_key_store(key);
123 if (key_store == NULL) {
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]124 return PSA_ERROR_INVALID_ARGUMENT;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]125 }
126
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]127 if (key_store->in_use == TFM_CRYPTO_NOT_IN_USE) {
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]128 return PSA_ERROR_EMPTY_SLOT;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]129 }
130
131 /* Check that usage is permitted for this key */
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]132 if ((usage & key_store->policy.usage) != usage) {
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]133 return PSA_ERROR_NOT_PERMITTED;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]134 }
135
136 /* Check that alg is compatible with this key */
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]137 if (alg != 0 && alg != key_store->policy.alg) {
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]138 return PSA_ERROR_NOT_PERMITTED;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]139 }
140
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]141 if (key_store->data_length > data_size) {
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]142 return PSA_ERROR_BUFFER_TOO_SMALL;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]143 }
144
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]145 for (i = 0; i < key_store->data_length; i++) {
146 data[i] = key_store->data[i];
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]147 }
148
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]149 *data_length = key_store->data_length;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]150
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]151 return PSA_SUCCESS;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]152}
153
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]154psa_status_t tfm_crypto_import_key(psa_invec in_vec[],
155 size_t in_len,
156 psa_outvec out_vec[],
157 size_t out_len)
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]158{
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]159 struct tfm_crypto_key_storage_s *key_store = NULL;
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]160 size_t i;
161
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame^]162 if ((in_len != 2) || (out_len != 0)) {
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]163 return PSA_CONNECTION_REFUSED;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]164 }
165
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame^]166 if (in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) {
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]167 return PSA_CONNECTION_REFUSED;
168 }
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame^]169 const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]170
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame^]171 psa_key_slot_t key = iov->key;
172 psa_key_type_t type = iov->type;
173 const uint8_t *data = in_vec[1].base;
174 size_t data_length = in_vec[1].len;
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]175
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]176 key_store = get_key_store(key);
177 if (key_store == NULL) {
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]178 return PSA_ERROR_INVALID_ARGUMENT;
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]179 }
180
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]181 if (key_store->in_use != TFM_CRYPTO_NOT_IN_USE) {
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]182 return PSA_ERROR_OCCUPIED_SLOT;
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]183 }
184
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]185 if (!key_type_is_supported(type, data_length)) {
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]186 return PSA_ERROR_NOT_SUPPORTED;
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]187 }
188
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]189 key_store->in_use = TFM_CRYPTO_IN_USE;
190 key_store->type = type;
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]191
192 for (i=0; i<data_length; i++) {
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]193 key_store->data[i] = data[i];
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]194 }
195
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]196 key_store->data_length = data_length;
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]197
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]198 return PSA_SUCCESS;
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]199}
200
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]201psa_status_t tfm_crypto_destroy_key(psa_invec in_vec[],
202 size_t in_len,
203 psa_outvec out_vec[],
204 size_t out_len)
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]205{
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]206 struct tfm_crypto_key_storage_s *key_store = NULL;
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]207 uint32_t i;
208
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]209 if ((in_len != 1) || (out_len != 0)) {
210 return PSA_CONNECTION_REFUSED;
211 }
212
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame^]213 if (in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) {
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]214 return PSA_CONNECTION_REFUSED;
215 }
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame^]216 const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]217
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame^]218 psa_key_slot_t key = iov->key;
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]219
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]220 key_store = get_key_store(key);
221 if (key_store == NULL) {
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]222 return PSA_ERROR_INVALID_ARGUMENT;
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]223 }
224
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]225 volatile uint8_t *p_mem = (uint8_t *)key_store;
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]226 uint32_t size_mem = sizeof(struct tfm_crypto_key_storage_s);
227
228 /* memset the key_storage */
229 for (i=0; i<size_mem; i++) {
230 p_mem[i] = 0;
231 }
232
233 /* Set default values */
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]234 key_store->in_use = TFM_CRYPTO_NOT_IN_USE;
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]235
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]236 return PSA_SUCCESS;
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]237}
238
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]239psa_status_t tfm_crypto_get_key_information(psa_invec in_vec[],
240 size_t in_len,
241 psa_outvec out_vec[],
242 size_t out_len)
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]243{
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]244 struct tfm_crypto_key_storage_s *key_store = NULL;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]245
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]246 if ((in_len != 1) || (out_len != 2)) {
247 return PSA_CONNECTION_REFUSED;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]248 }
249
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame^]250 if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]251 (out_vec[0].len != sizeof(psa_key_type_t)) ||
252 (out_vec[1].len != sizeof(size_t))) {
253 return PSA_CONNECTION_REFUSED;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]254 }
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame^]255 const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]256
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame^]257 psa_key_slot_t key = iov->key;
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]258 psa_key_type_t *type = out_vec[0].base;
259 size_t *bits = out_vec[1].base;
260
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]261 /* Initialise output parameters contents to zero */
262 *type = (psa_key_type_t) 0;
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]263 *bits = (size_t) 0;
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]264
265 key_store = get_key_store(key);
266 if (key_store == NULL) {
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]267 return PSA_ERROR_INVALID_ARGUMENT;
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]268 }
269
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]270 if (key_store->in_use == TFM_CRYPTO_NOT_IN_USE) {
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]271 return PSA_ERROR_EMPTY_SLOT;
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]272 }
273
274 /* Get basic metadata */
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]275 *type = key_store->type;
276 *bits = PSA_BYTES_TO_BITS(key_store->data_length);
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]277
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]278 return PSA_SUCCESS;
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]279}
280
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]281psa_status_t tfm_crypto_export_key(psa_invec in_vec[],
282 size_t in_len,
283 psa_outvec out_vec[],
284 size_t out_len)
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]285{
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]286 if ((in_len != 1) || (out_len != 1)) {
287 return PSA_CONNECTION_REFUSED;
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]288 }
289
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame^]290 if (in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) {
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]291 return PSA_CONNECTION_REFUSED;
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]292 }
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame^]293 const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]294
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame^]295 psa_key_slot_t key = iov->key;
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]296 uint8_t *data = out_vec[0].base;
297 size_t data_size = out_vec[0].len;
298
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]299 return tfm_crypto_get_key(key, PSA_KEY_USAGE_EXPORT, 0, data, data_size,
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]300 &(out_vec[0].len));
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]301}
302
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]303psa_status_t tfm_crypto_export_public_key(psa_invec in_vec[],
304 size_t in_len,
305 psa_outvec out_vec[],
306 size_t out_len)
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]307{
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]308 (void)in_vec;
309 (void)in_len;
310 (void)out_vec;
311 (void)out_len;
Hugues de Valon8b442442019-02-19 14:30:52 +0000[diff] [blame]312
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]313 /* FIXME: This API is not supported yet */
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]314 return PSA_ERROR_NOT_SUPPORTED;
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]315}
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]316
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]317psa_status_t tfm_crypto_key_policy_init(psa_invec in_vec[],
318 size_t in_len,
319 psa_outvec out_vec[],
320 size_t out_len)
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]321{
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame^]322 if ((in_len != 1) || (out_len != 1)) {
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]323 return PSA_CONNECTION_REFUSED;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]324 }
325
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame^]326 if ((out_vec[0].len != sizeof(psa_key_policy_t)) ||
327 (in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec))) {
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]328 return PSA_CONNECTION_REFUSED;
329 }
330
331 psa_key_policy_t *policy = out_vec[0].base;
332
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]333 policy->usage = 0;
334 policy->alg = 0;
335
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]336 return PSA_SUCCESS;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]337}
338
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]339psa_status_t tfm_crypto_key_policy_set_usage(psa_invec in_vec[],
340 size_t in_len,
341 psa_outvec out_vec[],
342 size_t out_len)
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]343{
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame^]344 if ((in_len != 1) || (out_len != 1)) {
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]345 return PSA_CONNECTION_REFUSED;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]346 }
347
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]348 if ((out_vec[0].len != sizeof(psa_key_policy_t)) ||
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame^]349 (in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec))) {
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]350 return PSA_CONNECTION_REFUSED;
351 }
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame^]352 const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]353
354 psa_key_policy_t *policy = out_vec[0].base;
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame^]355 psa_key_usage_t usage = iov->usage;
356 psa_algorithm_t alg = iov->alg;
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]357
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]358 policy->usage = usage;
359 policy->alg = alg;
360
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]361 return PSA_SUCCESS;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]362}
363
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]364psa_status_t tfm_crypto_key_policy_get_usage(psa_invec in_vec[],
365 size_t in_len,
366 psa_outvec out_vec[],
367 size_t out_len)
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]368{
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame^]369 if ((in_len != 2) || (out_len != 1)) {
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]370 return PSA_CONNECTION_REFUSED;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]371 }
372
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame^]373 if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
374 (in_vec[1].len != sizeof(psa_key_policy_t)) ||
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]375 (out_vec[0].len != sizeof(psa_key_usage_t))) {
376 return PSA_CONNECTION_REFUSED;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]377 }
378
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame^]379 const psa_key_policy_t *policy = in_vec[1].base;
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]380 psa_key_usage_t *usage = out_vec[0].base;
381
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]382 *usage = policy->usage;
383
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]384 return PSA_SUCCESS;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]385}
386
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]387psa_status_t tfm_crypto_key_policy_get_algorithm(psa_invec in_vec[],
388 size_t in_len,
389 psa_outvec out_vec[],
390 size_t out_len)
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]391{
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame^]392 if ((in_len != 2) || (out_len != 1)) {
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]393 return PSA_CONNECTION_REFUSED;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]394 }
395
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame^]396 if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
397 (in_vec[1].len != sizeof(psa_key_policy_t)) ||
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]398 (out_vec[0].len != sizeof(psa_algorithm_t))) {
399 return PSA_CONNECTION_REFUSED;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]400 }
401
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame^]402 const psa_key_policy_t *policy = in_vec[1].base;
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]403 psa_algorithm_t *alg = out_vec[0].base;
404
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]405 *alg = policy->alg;
406
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]407 return PSA_SUCCESS;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]408}
409
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]410psa_status_t tfm_crypto_set_key_policy(psa_invec in_vec[],
411 size_t in_len,
412 psa_outvec out_vec[],
413 size_t out_len)
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]414{
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]415 struct tfm_crypto_key_storage_s *key_store = NULL;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]416
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]417 if ((in_len != 2) || (out_len != 0)) {
418 return PSA_CONNECTION_REFUSED;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]419 }
420
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame^]421 if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]422 (in_vec[1].len != sizeof(psa_key_policy_t))) {
423 return PSA_CONNECTION_REFUSED;
424 }
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame^]425 const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]426
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame^]427 psa_key_slot_t key = iov->key;
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]428 const psa_key_policy_t *policy = in_vec[1].base;
429
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]430 /* Check that the policy is valid */
431 if (policy->usage & ~(PSA_KEY_USAGE_EXPORT
432 | PSA_KEY_USAGE_ENCRYPT
433 | PSA_KEY_USAGE_DECRYPT
434 | PSA_KEY_USAGE_SIGN
435 | PSA_KEY_USAGE_VERIFY
436 | PSA_KEY_USAGE_DERIVE)) {
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]437 return PSA_ERROR_INVALID_ARGUMENT;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]438 }
439
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]440 key_store = get_key_store(key);
441 if (key_store == NULL) {
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]442 return PSA_ERROR_INVALID_ARGUMENT;
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]443 }
444
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]445 /* Changing the policy of an occupied slot is not permitted as
446 * this is a requirement of the PSA Crypto API
447 */
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]448 if (key_store->in_use != TFM_CRYPTO_NOT_IN_USE) {
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]449 return PSA_ERROR_OCCUPIED_SLOT;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]450 }
451
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]452 key_store->policy = *policy;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]453
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]454 return PSA_SUCCESS;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]455}
456
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]457psa_status_t tfm_crypto_get_key_policy(psa_invec in_vec[],
458 size_t in_len,
459 psa_outvec out_vec[],
460 size_t out_len)
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]461{
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]462 struct tfm_crypto_key_storage_s *key_store = NULL;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]463
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]464 if ((in_len != 1) || (out_len != 1)) {
465 return PSA_CONNECTION_REFUSED;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]466 }
467
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame^]468 if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]469 (out_vec[0].len != sizeof(psa_key_policy_t))) {
470 return PSA_CONNECTION_REFUSED;
471 }
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame^]472 const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]473
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame^]474 psa_key_slot_t key = iov->key;
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]475 psa_key_policy_t *policy = out_vec[0].base;
476
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]477 key_store = get_key_store(key);
478 if (key_store == NULL) {
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]479 return PSA_ERROR_INVALID_ARGUMENT;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]480 }
481
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]482 *policy = key_store->policy;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]483
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]484 return PSA_SUCCESS;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]485}
486
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]487psa_status_t tfm_crypto_set_key_lifetime(psa_invec in_vec[],
488 size_t in_len,
489 psa_outvec out_vec[],
490 size_t out_len)
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]491{
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]492 struct tfm_crypto_key_storage_s *key_store = NULL;
493
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame^]494 if ((in_len != 1) || (out_len != 0)) {
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]495 return PSA_CONNECTION_REFUSED;
496 }
497
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame^]498 if (in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) {
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]499 return PSA_CONNECTION_REFUSED;
500 }
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame^]501 const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]502
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame^]503 psa_key_slot_t key = iov->key;
504 psa_key_lifetime_t lifetime = iov->lifetime;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]505
506 /* Check that the lifetime is valid */
507 if (lifetime != PSA_KEY_LIFETIME_VOLATILE
508 && lifetime != PSA_KEY_LIFETIME_PERSISTENT
509 && lifetime != PSA_KEY_LIFETIME_WRITE_ONCE) {
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]510 return PSA_ERROR_INVALID_ARGUMENT;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]511 }
512
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]513 key_store = get_key_store(key);
514 if (key_store == NULL) {
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]515 return PSA_ERROR_INVALID_ARGUMENT;
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]516 }
517
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]518 /* TF-M Crypto service does not support changing the lifetime of an occupied
519 * slot.
520 */
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]521 if (key_store->in_use != TFM_CRYPTO_NOT_IN_USE) {
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]522 return PSA_ERROR_OCCUPIED_SLOT;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]523 }
524
525 /* Only volatile keys are currently supported */
526 if (lifetime != PSA_KEY_LIFETIME_VOLATILE) {
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]527 return PSA_ERROR_NOT_SUPPORTED;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]528 }
529
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]530 key_store->lifetime = lifetime;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]531
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]532 return PSA_SUCCESS;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]533}
534
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]535psa_status_t tfm_crypto_get_key_lifetime(psa_invec in_vec[],
536 size_t in_len,
537 psa_outvec out_vec[],
538 size_t out_len)
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]539{
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]540 struct tfm_crypto_key_storage_s *key_store = NULL;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]541
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]542 if ((in_len != 1) || (out_len != 1)) {
543 return PSA_CONNECTION_REFUSED;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]544 }
545
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame^]546 if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]547 (out_vec[0].len != sizeof(psa_key_lifetime_t))) {
548 return PSA_CONNECTION_REFUSED;
549 }
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame^]550 const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]551
Antonio de Angelis4743e672019-04-11 11:38:48 +0100[diff] [blame^]552 psa_key_slot_t key = iov->key;
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]553 psa_key_lifetime_t *lifetime = out_vec[0].base;
554
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]555 key_store = get_key_store(key);
556 if (key_store == NULL) {
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]557 return PSA_ERROR_INVALID_ARGUMENT;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]558 }
559
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]560 *lifetime = key_store->lifetime;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]561
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame]562 return PSA_SUCCESS;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]563}
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]564/*!@}*/