TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / next / TF-M / trusted-firmware-m / 82b87ca04b7dd5f52ed45f2c921891f5ee4df8b5 / . / secure_fw / services / crypto / crypto_key.c
blob: e101420dae0a366d537f678cc86a07d4ae0357e7 [file] [log] [blame]
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]1/*
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame]2 * Copyright (c) 2018-2019, Arm Limited. All rights reserved.
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 *
6 */
7
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame^]8#include <stdbool.h>
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]9#include <stddef.h>
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]10
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]11#include "tfm_crypto_api.h"
12#include "crypto_utils.h"
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]13#include "psa_crypto.h"
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]14#include "tfm_crypto_defs.h"
Antonio de Angeliscf85ba22018-10-09 13:29:40 +0100[diff] [blame]15#include "secure_fw/core/secure_utilities.h"
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]16
17/**
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame^]18 * \brief This is the default value of maximum number of simultaneous
19 * key stores supported.
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]20 */
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame^]21#ifndef TFM_CRYPTO_KEY_STORAGE_NUM
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]22#define TFM_CRYPTO_KEY_STORAGE_NUM (4)
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame^]23#endif
24
25/**
26 * \brief This is the default value of the maximum supported key length
27 * in bytes.
28 */
29#ifndef TFM_CRYPTO_MAX_KEY_LENGTH
30#define TFM_CRYPTO_MAX_KEY_LENGTH (32)
31#endif
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]32
33struct tfm_crypto_key_storage_s {
34 uint8_t in_use; /*!< Indicates if the key store is in use */
35 psa_key_type_t type; /*!< Type of the key stored */
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]36 psa_key_policy_t policy; /*!< Policy of the key stored */
37 psa_key_lifetime_t lifetime; /*!< Lifetime of the key stored */
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]38 size_t data_length; /*!< Length of the key stored */
39 uint8_t data[TFM_CRYPTO_MAX_KEY_LENGTH]; /*!< Buffer containining the key */
40};
41
42static struct tfm_crypto_key_storage_s
43 key_storage[TFM_CRYPTO_KEY_STORAGE_NUM] = {{0}};
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame^]44
45/**
46 * \brief Get a pointer to the key store for the provided key slot.
47 *
48 * \param[in] key Key slot
49 *
50 * \return Pointer to key store or NULL if key is not a valid key slot
51 */
52static struct tfm_crypto_key_storage_s *get_key_store(psa_key_slot_t key)
53{
54 if (key == 0 || key > TFM_CRYPTO_KEY_STORAGE_NUM) {
55 return NULL;
56 }
57
58 return &key_storage[key - 1];
59}
60
61/**
62 * \brief Check that the key type is supported and that key_length is a
63 * supported key length for that key type.
64 *
65 * \param[in] type Key type
66 * \param[in] key_length Key data length in bytes
67 *
68 * \return True if the key type is supported and key_length is a supported
69 * key length for that key type, false otherwise
70 */
71static bool key_type_is_supported(psa_key_type_t type, size_t key_length)
72{
73 if (key_length > TFM_CRYPTO_MAX_KEY_LENGTH) {
74 return false;
75 }
76
77 switch (type) {
78 case PSA_KEY_TYPE_RAW_DATA:
79 case PSA_KEY_TYPE_HMAC:
80 case PSA_KEY_TYPE_DERIVE:
81 return true; /* No further restictions on these key types */
82 case PSA_KEY_TYPE_AES:
83 case PSA_KEY_TYPE_CAMELLIA:
84 return (key_length == 16 || key_length == 24 || key_length == 32);
85 case PSA_KEY_TYPE_DES:
86 return (key_length == 8 || key_length == 16 || key_length == 24);
87 case PSA_KEY_TYPE_ARC4:
88 return key_length >= 1;
89 default:
90 return false; /* Other key types are not supported */
91 }
92}
93
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]94/*!
95 * \defgroup public Public functions
96 *
97 */
98
99/*!@{*/
Antonio de Angeliscf85ba22018-10-09 13:29:40 +0100[diff] [blame]100enum tfm_crypto_err_t tfm_crypto_init_key(void)
101{
102 /* Clear the contents of the local key_storage */
103 tfm_memset(key_storage, 0, sizeof(key_storage));
104 return TFM_CRYPTO_ERR_PSA_SUCCESS;
105}
106
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]107enum tfm_crypto_err_t tfm_crypto_get_key(psa_key_slot_t key,
108 psa_key_usage_t usage,
109 psa_algorithm_t alg,
110 uint8_t *data,
111 size_t data_size,
112 size_t *data_length)
113{
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame^]114 struct tfm_crypto_key_storage_s *key_store;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]115 size_t i;
116
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame^]117 key_store = get_key_store(key);
118 if (key_store == NULL) {
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]119 return TFM_CRYPTO_ERR_PSA_ERROR_INVALID_ARGUMENT;
120 }
121
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame^]122 if (key_store->in_use == TFM_CRYPTO_NOT_IN_USE) {
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]123 return TFM_CRYPTO_ERR_PSA_ERROR_EMPTY_SLOT;
124 }
125
126 /* Check that usage is permitted for this key */
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame^]127 if ((usage & key_store->policy.usage) != usage) {
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]128 return TFM_CRYPTO_ERR_PSA_ERROR_NOT_PERMITTED;
129 }
130
131 /* Check that alg is compatible with this key */
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame^]132 if (alg != 0 && alg != key_store->policy.alg) {
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]133 return TFM_CRYPTO_ERR_PSA_ERROR_NOT_PERMITTED;
134 }
135
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame^]136 if (key_store->data_length > data_size) {
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]137 return TFM_CRYPTO_ERR_PSA_ERROR_BUFFER_TOO_SMALL;
138 }
139
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame^]140 for (i = 0; i < key_store->data_length; i++) {
141 data[i] = key_store->data[i];
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]142 }
143
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame^]144 *data_length = key_store->data_length;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]145
146 return TFM_CRYPTO_ERR_PSA_SUCCESS;
147}
148
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]149enum tfm_crypto_err_t tfm_crypto_import_key(psa_key_slot_t key,
150 psa_key_type_t type,
151 const uint8_t *data,
152 size_t data_length)
153{
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]154 enum tfm_crypto_err_t err;
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame^]155 struct tfm_crypto_key_storage_s *key_store;
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]156 size_t i;
157
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]158 err = tfm_crypto_memory_check((uint8_t *)data, data_length,
159 TFM_MEMORY_ACCESS_RO);
160 if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
161 return TFM_CRYPTO_ERR_PSA_ERROR_INVALID_ARGUMENT;
162 }
163
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame^]164 key_store = get_key_store(key);
165 if (key_store == NULL) {
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]166 return TFM_CRYPTO_ERR_PSA_ERROR_INVALID_ARGUMENT;
167 }
168
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame^]169 if (key_store->in_use != TFM_CRYPTO_NOT_IN_USE) {
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]170 return TFM_CRYPTO_ERR_PSA_ERROR_OCCUPIED_SLOT;
171 }
172
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame^]173 if (!key_type_is_supported(type, data_length)) {
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]174 return TFM_CRYPTO_ERR_PSA_ERROR_NOT_SUPPORTED;
175 }
176
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame^]177 key_store->in_use = TFM_CRYPTO_IN_USE;
178 key_store->type = type;
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]179
180 for (i=0; i<data_length; i++) {
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame^]181 key_store->data[i] = data[i];
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]182 }
183
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame^]184 key_store->data_length = data_length;
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]185
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]186 return TFM_CRYPTO_ERR_PSA_SUCCESS;
187}
188
189enum tfm_crypto_err_t tfm_crypto_destroy_key(psa_key_slot_t key)
190{
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame^]191 struct tfm_crypto_key_storage_s *key_store;
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]192 uint32_t i;
193
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame^]194 key_store = get_key_store(key);
195 if (key_store == NULL) {
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]196 return TFM_CRYPTO_ERR_PSA_ERROR_INVALID_ARGUMENT;
197 }
198
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame^]199 volatile uint8_t *p_mem = (uint8_t *)key_store;
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]200 uint32_t size_mem = sizeof(struct tfm_crypto_key_storage_s);
201
202 /* memset the key_storage */
203 for (i=0; i<size_mem; i++) {
204 p_mem[i] = 0;
205 }
206
207 /* Set default values */
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame^]208 key_store->in_use = TFM_CRYPTO_NOT_IN_USE;
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]209
210 return TFM_CRYPTO_ERR_PSA_SUCCESS;
211}
212
213enum tfm_crypto_err_t tfm_crypto_get_key_information(psa_key_slot_t key,
214 psa_key_type_t *type,
215 size_t *bits)
216{
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]217 enum tfm_crypto_err_t err;
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame^]218 struct tfm_crypto_key_storage_s *key_store;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]219
220 err = tfm_crypto_memory_check(type, sizeof(psa_key_type_t),
221 TFM_MEMORY_ACCESS_RW);
222 if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
223 return TFM_CRYPTO_ERR_PSA_ERROR_INVALID_ARGUMENT;
224 }
225
226 err = tfm_crypto_memory_check(bits, sizeof(size_t), TFM_MEMORY_ACCESS_RW);
227 if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
228 return TFM_CRYPTO_ERR_PSA_ERROR_INVALID_ARGUMENT;
229 }
230
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame^]231 /* Initialise output parameters contents to zero */
232 *type = (psa_key_type_t) 0;
233 *bits = (size_t)0;
234
235 key_store = get_key_store(key);
236 if (key_store == NULL) {
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]237 return TFM_CRYPTO_ERR_PSA_ERROR_INVALID_ARGUMENT;
238 }
239
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame^]240 if (key_store->in_use == TFM_CRYPTO_NOT_IN_USE) {
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]241 return TFM_CRYPTO_ERR_PSA_ERROR_EMPTY_SLOT;
242 }
243
244 /* Get basic metadata */
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame^]245 *type = key_store->type;
246 *bits = PSA_BYTES_TO_BITS(key_store->data_length);
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]247
248 return TFM_CRYPTO_ERR_PSA_SUCCESS;
249}
250
251enum tfm_crypto_err_t tfm_crypto_export_key(psa_key_slot_t key,
252 uint8_t *data,
253 size_t data_size,
254 size_t *data_length)
255{
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]256 enum tfm_crypto_err_t err;
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]257
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]258 err = tfm_crypto_memory_check(data, data_size, TFM_MEMORY_ACCESS_RW);
259 if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]260 return TFM_CRYPTO_ERR_PSA_ERROR_INVALID_ARGUMENT;
261 }
262
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]263 err = tfm_crypto_memory_check(data_length, sizeof(size_t),
264 TFM_MEMORY_ACCESS_RW);
265 if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
266 return TFM_CRYPTO_ERR_PSA_ERROR_INVALID_ARGUMENT;
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]267 }
268
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]269 return tfm_crypto_get_key(key, PSA_KEY_USAGE_EXPORT, 0, data, data_size,
270 data_length);
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]271}
272
273enum tfm_crypto_err_t tfm_crypto_export_public_key(psa_key_slot_t key,
274 uint8_t *data,
275 size_t data_size,
276 size_t *data_length)
277{
278 /* FIXME: This API is not supported yet */
279 return TFM_CRYPTO_ERR_PSA_ERROR_NOT_SUPPORTED;
280}
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]281
282enum tfm_crypto_err_t tfm_crypto_key_policy_init(psa_key_policy_t *policy)
283{
284 enum tfm_crypto_err_t err;
285
286 err = tfm_crypto_memory_check(policy, sizeof(psa_key_policy_t),
287 TFM_MEMORY_ACCESS_RW);
288 if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
289 return TFM_CRYPTO_ERR_PSA_ERROR_INVALID_ARGUMENT;
290 }
291
292 policy->usage = 0;
293 policy->alg = 0;
294
295 return TFM_CRYPTO_ERR_PSA_SUCCESS;
296}
297
298enum tfm_crypto_err_t tfm_crypto_key_policy_set_usage(psa_key_policy_t *policy,
299 psa_key_usage_t usage,
300 psa_algorithm_t alg)
301{
302 enum tfm_crypto_err_t err;
303
304 err = tfm_crypto_memory_check(policy, sizeof(psa_key_policy_t),
305 TFM_MEMORY_ACCESS_RW);
306 if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
307 return TFM_CRYPTO_ERR_PSA_ERROR_INVALID_ARGUMENT;
308 }
309
310 policy->usage = usage;
311 policy->alg = alg;
312
313 return TFM_CRYPTO_ERR_PSA_SUCCESS;
314}
315
316enum tfm_crypto_err_t tfm_crypto_key_policy_get_usage(
317 const psa_key_policy_t *policy,
318 psa_key_usage_t *usage)
319{
320 enum tfm_crypto_err_t err;
321
322 err = tfm_crypto_memory_check((psa_key_policy_t *)policy,
323 sizeof(psa_key_policy_t),
324 TFM_MEMORY_ACCESS_RO);
325 if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
326 return TFM_CRYPTO_ERR_PSA_ERROR_INVALID_ARGUMENT;
327 }
328
329 err = tfm_crypto_memory_check((psa_key_policy_t *)usage,
330 sizeof(psa_key_usage_t),
331 TFM_MEMORY_ACCESS_RW);
332 if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
333 return TFM_CRYPTO_ERR_PSA_ERROR_INVALID_ARGUMENT;
334 }
335
336 *usage = policy->usage;
337
338 return TFM_CRYPTO_ERR_PSA_SUCCESS;
339}
340
341enum tfm_crypto_err_t tfm_crypto_key_policy_get_algorithm(
342 const psa_key_policy_t *policy,
343 psa_algorithm_t *alg)
344{
345 enum tfm_crypto_err_t err;
346
347 err = tfm_crypto_memory_check((psa_key_policy_t *)policy,
348 sizeof(psa_key_policy_t),
349 TFM_MEMORY_ACCESS_RO);
350 if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
351 return TFM_CRYPTO_ERR_PSA_ERROR_INVALID_ARGUMENT;
352 }
353
354 err = tfm_crypto_memory_check((psa_key_policy_t *)alg,
355 sizeof(psa_algorithm_t),
356 TFM_MEMORY_ACCESS_RW);
357 if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
358 return TFM_CRYPTO_ERR_PSA_ERROR_INVALID_ARGUMENT;
359 }
360
361 *alg = policy->alg;
362
363 return TFM_CRYPTO_ERR_PSA_SUCCESS;
364}
365
366enum tfm_crypto_err_t tfm_crypto_set_key_policy(psa_key_slot_t key,
367 const psa_key_policy_t *policy)
368{
369 enum tfm_crypto_err_t err;
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame^]370 struct tfm_crypto_key_storage_s *key_store;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]371
372 err = tfm_crypto_memory_check((psa_key_policy_t *)policy,
373 sizeof(psa_key_policy_t),
374 TFM_MEMORY_ACCESS_RO);
375 if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
376 return TFM_CRYPTO_ERR_PSA_ERROR_INVALID_ARGUMENT;
377 }
378
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]379 /* Check that the policy is valid */
380 if (policy->usage & ~(PSA_KEY_USAGE_EXPORT
381 | PSA_KEY_USAGE_ENCRYPT
382 | PSA_KEY_USAGE_DECRYPT
383 | PSA_KEY_USAGE_SIGN
384 | PSA_KEY_USAGE_VERIFY
385 | PSA_KEY_USAGE_DERIVE)) {
386 return TFM_CRYPTO_ERR_PSA_ERROR_INVALID_ARGUMENT;
387 }
388
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame^]389 key_store = get_key_store(key);
390 if (key_store == NULL) {
391 return TFM_CRYPTO_ERR_PSA_ERROR_INVALID_ARGUMENT;
392 }
393
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]394 /* Changing the policy of an occupied slot is not permitted as
395 * this is a requirement of the PSA Crypto API
396 */
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame^]397 if (key_store->in_use != TFM_CRYPTO_NOT_IN_USE) {
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]398 return TFM_CRYPTO_ERR_PSA_ERROR_OCCUPIED_SLOT;
399 }
400
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame^]401 key_store->policy = *policy;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]402
403 return TFM_CRYPTO_ERR_PSA_SUCCESS;
404}
405
406enum tfm_crypto_err_t tfm_crypto_get_key_policy(psa_key_slot_t key,
407 psa_key_policy_t *policy)
408{
409 enum tfm_crypto_err_t err;
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame^]410 struct tfm_crypto_key_storage_s *key_store;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]411
412 err = tfm_crypto_memory_check(policy, sizeof(psa_key_policy_t),
413 TFM_MEMORY_ACCESS_RW);
414 if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
415 return TFM_CRYPTO_ERR_PSA_ERROR_INVALID_ARGUMENT;
416 }
417
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame^]418 key_store = get_key_store(key);
419 if (key_store == NULL) {
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]420 return TFM_CRYPTO_ERR_PSA_ERROR_INVALID_ARGUMENT;
421 }
422
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame^]423 *policy = key_store->policy;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]424
425 return TFM_CRYPTO_ERR_PSA_SUCCESS;
426}
427
428enum tfm_crypto_err_t tfm_crypto_set_key_lifetime(psa_key_slot_t key,
429 psa_key_lifetime_t lifetime)
430{
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame^]431 struct tfm_crypto_key_storage_s *key_store;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]432
433 /* Check that the lifetime is valid */
434 if (lifetime != PSA_KEY_LIFETIME_VOLATILE
435 && lifetime != PSA_KEY_LIFETIME_PERSISTENT
436 && lifetime != PSA_KEY_LIFETIME_WRITE_ONCE) {
437 return TFM_CRYPTO_ERR_PSA_ERROR_INVALID_ARGUMENT;
438 }
439
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame^]440 key_store = get_key_store(key);
441 if (key_store == NULL) {
442 return TFM_CRYPTO_ERR_PSA_ERROR_INVALID_ARGUMENT;
443 }
444
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]445 /* TF-M Crypto service does not support changing the lifetime of an occupied
446 * slot.
447 */
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame^]448 if (key_store->in_use != TFM_CRYPTO_NOT_IN_USE) {
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]449 return TFM_CRYPTO_ERR_PSA_ERROR_OCCUPIED_SLOT;
450 }
451
452 /* Only volatile keys are currently supported */
453 if (lifetime != PSA_KEY_LIFETIME_VOLATILE) {
454 return TFM_CRYPTO_ERR_PSA_ERROR_NOT_SUPPORTED;
455 }
456
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame^]457 key_store->lifetime = lifetime;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]458
459 return TFM_CRYPTO_ERR_PSA_SUCCESS;
460}
461
462enum tfm_crypto_err_t tfm_crypto_get_key_lifetime(psa_key_slot_t key,
463 psa_key_lifetime_t *lifetime)
464{
465 enum tfm_crypto_err_t err;
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame^]466 struct tfm_crypto_key_storage_s *key_store;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]467
468 err = tfm_crypto_memory_check(lifetime, sizeof(psa_key_lifetime_t),
469 TFM_MEMORY_ACCESS_RW);
470 if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
471 return TFM_CRYPTO_ERR_PSA_ERROR_INVALID_ARGUMENT;
472 }
473
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame^]474 key_store = get_key_store(key);
475 if (key_store == NULL) {
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]476 return TFM_CRYPTO_ERR_PSA_ERROR_INVALID_ARGUMENT;
477 }
478
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame^]479 *lifetime = key_store->lifetime;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]480
481 return TFM_CRYPTO_ERR_PSA_SUCCESS;
482}
483
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]484/*!@}*/