TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / next / TF-M / trusted-firmware-m / ab85ccdb622522ccf3beac622f76cc807ec0d69c / . / secure_fw / services / crypto / crypto_key.c
blob: 2bef9ca0a65d98ec97a32ec160cf908a703498b1 [file] [log] [blame]
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]1/*
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame]2 * Copyright (c) 2018-2019, Arm Limited. All rights reserved.
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 *
6 */
7
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]8#include <stdbool.h>
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]9#include <stddef.h>
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]10
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]11#include "tfm_crypto_api.h"
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]12#include "psa_crypto.h"
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]13#include "tfm_crypto_defs.h"
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]14#include "secure_fw/core/tfm_memory_utils.h"
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]15
16/**
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]17 * \brief This is the default value of maximum number of simultaneous
18 * key stores supported.
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]19 */
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]20#ifndef TFM_CRYPTO_KEY_STORAGE_NUM
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]21#define TFM_CRYPTO_KEY_STORAGE_NUM (4)
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]22#endif
23
24/**
25 * \brief This is the default value of the maximum supported key length
26 * in bytes.
27 */
28#ifndef TFM_CRYPTO_MAX_KEY_LENGTH
Tamas Ban28aeec32019-01-09 16:53:26 +0000[diff] [blame]29#define TFM_CRYPTO_MAX_KEY_LENGTH (64)
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]30#endif
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]31
32struct tfm_crypto_key_storage_s {
33 uint8_t in_use; /*!< Indicates if the key store is in use */
34 psa_key_type_t type; /*!< Type of the key stored */
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]35 psa_key_policy_t policy; /*!< Policy of the key stored */
36 psa_key_lifetime_t lifetime; /*!< Lifetime of the key stored */
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]37 size_t data_length; /*!< Length of the key stored */
38 uint8_t data[TFM_CRYPTO_MAX_KEY_LENGTH]; /*!< Buffer containining the key */
39};
40
41static struct tfm_crypto_key_storage_s
42 key_storage[TFM_CRYPTO_KEY_STORAGE_NUM] = {{0}};
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]43
44/**
45 * \brief Get a pointer to the key store for the provided key slot.
46 *
47 * \param[in] key Key slot
48 *
49 * \return Pointer to key store or NULL if key is not a valid key slot
50 */
51static struct tfm_crypto_key_storage_s *get_key_store(psa_key_slot_t key)
52{
53 if (key == 0 || key > TFM_CRYPTO_KEY_STORAGE_NUM) {
54 return NULL;
55 }
56
57 return &key_storage[key - 1];
58}
59
60/**
61 * \brief Check that the key type is supported and that key_length is a
62 * supported key length for that key type.
63 *
64 * \param[in] type Key type
65 * \param[in] key_length Key data length in bytes
66 *
67 * \return True if the key type is supported and key_length is a supported
68 * key length for that key type, false otherwise
69 */
70static bool key_type_is_supported(psa_key_type_t type, size_t key_length)
71{
72 if (key_length > TFM_CRYPTO_MAX_KEY_LENGTH) {
73 return false;
74 }
75
76 switch (type) {
77 case PSA_KEY_TYPE_RAW_DATA:
78 case PSA_KEY_TYPE_HMAC:
79 case PSA_KEY_TYPE_DERIVE:
80 return true; /* No further restictions on these key types */
81 case PSA_KEY_TYPE_AES:
82 case PSA_KEY_TYPE_CAMELLIA:
83 return (key_length == 16 || key_length == 24 || key_length == 32);
84 case PSA_KEY_TYPE_DES:
85 return (key_length == 8 || key_length == 16 || key_length == 24);
86 case PSA_KEY_TYPE_ARC4:
87 return key_length >= 1;
88 default:
89 return false; /* Other key types are not supported */
90 }
91}
92
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]93/*!
94 * \defgroup public Public functions
95 *
96 */
97
98/*!@{*/
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]99psa_status_t tfm_crypto_init_key(void)
Antonio de Angeliscf85ba22018-10-09 13:29:40 +0100[diff] [blame]100{
101 /* Clear the contents of the local key_storage */
Hugues de Valon8b442442019-02-19 14:30:52 +0000[diff] [blame]102 (void)tfm_memset(key_storage, 0, sizeof(key_storage));
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]103 return PSA_SUCCESS;
Antonio de Angeliscf85ba22018-10-09 13:29:40 +0100[diff] [blame]104}
105
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]106psa_status_t tfm_crypto_get_key(psa_key_slot_t key,
107 psa_key_usage_t usage,
108 psa_algorithm_t alg,
109 uint8_t *data,
110 size_t data_size,
111 size_t *data_length)
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]112{
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]113 struct tfm_crypto_key_storage_s *key_store;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]114 size_t i;
115
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]116 key_store = get_key_store(key);
117 if (key_store == NULL) {
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]118 return PSA_ERROR_INVALID_ARGUMENT;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]119 }
120
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]121 if (key_store->in_use == TFM_CRYPTO_NOT_IN_USE) {
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]122 return PSA_ERROR_EMPTY_SLOT;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]123 }
124
125 /* Check that usage is permitted for this key */
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]126 if ((usage & key_store->policy.usage) != usage) {
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]127 return PSA_ERROR_NOT_PERMITTED;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]128 }
129
130 /* Check that alg is compatible with this key */
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]131 if (alg != 0 && alg != key_store->policy.alg) {
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]132 return PSA_ERROR_NOT_PERMITTED;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]133 }
134
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]135 if (key_store->data_length > data_size) {
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]136 return PSA_ERROR_BUFFER_TOO_SMALL;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]137 }
138
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]139 for (i = 0; i < key_store->data_length; i++) {
140 data[i] = key_store->data[i];
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]141 }
142
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]143 *data_length = key_store->data_length;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]144
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]145 return PSA_SUCCESS;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]146}
147
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]148psa_status_t tfm_crypto_import_key(psa_invec in_vec[],
149 size_t in_len,
150 psa_outvec out_vec[],
151 size_t out_len)
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]152{
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]153 struct tfm_crypto_key_storage_s *key_store = NULL;
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]154 size_t i;
155
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]156 if ((in_len != 3) || (out_len != 0)) {
157 return PSA_CONNECTION_REFUSED;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]158 }
159
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]160 if ((in_vec[0].len != sizeof(psa_key_slot_t)) ||
161 (in_vec[1].len != sizeof(psa_key_type_t))) {
162 return PSA_CONNECTION_REFUSED;
163 }
164
165 psa_key_slot_t key = *((psa_key_slot_t *)in_vec[0].base);
166 psa_key_type_t type = *((psa_key_type_t *)in_vec[1].base);
167 const uint8_t *data = in_vec[2].base;
168 size_t data_length = in_vec[2].len;
169
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]170 key_store = get_key_store(key);
171 if (key_store == NULL) {
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]172 return PSA_ERROR_INVALID_ARGUMENT;
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]173 }
174
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]175 if (key_store->in_use != TFM_CRYPTO_NOT_IN_USE) {
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]176 return PSA_ERROR_OCCUPIED_SLOT;
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]177 }
178
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]179 if (!key_type_is_supported(type, data_length)) {
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]180 return PSA_ERROR_NOT_SUPPORTED;
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]181 }
182
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]183 key_store->in_use = TFM_CRYPTO_IN_USE;
184 key_store->type = type;
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]185
186 for (i=0; i<data_length; i++) {
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]187 key_store->data[i] = data[i];
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]188 }
189
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]190 key_store->data_length = data_length;
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]191
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]192 return PSA_SUCCESS;
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]193}
194
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]195psa_status_t tfm_crypto_destroy_key(psa_invec in_vec[],
196 size_t in_len,
197 psa_outvec out_vec[],
198 size_t out_len)
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]199{
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]200 struct tfm_crypto_key_storage_s *key_store = NULL;
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]201 uint32_t i;
202
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]203 if ((in_len != 1) || (out_len != 0)) {
204 return PSA_CONNECTION_REFUSED;
205 }
206
207 if (in_vec[0].len != sizeof(psa_key_slot_t)) {
208 return PSA_CONNECTION_REFUSED;
209 }
210
211 psa_key_slot_t key = *((psa_key_slot_t *)in_vec[0].base);
212
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]213 key_store = get_key_store(key);
214 if (key_store == NULL) {
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]215 return PSA_ERROR_INVALID_ARGUMENT;
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]216 }
217
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]218 volatile uint8_t *p_mem = (uint8_t *)key_store;
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]219 uint32_t size_mem = sizeof(struct tfm_crypto_key_storage_s);
220
221 /* memset the key_storage */
222 for (i=0; i<size_mem; i++) {
223 p_mem[i] = 0;
224 }
225
226 /* Set default values */
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]227 key_store->in_use = TFM_CRYPTO_NOT_IN_USE;
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]228
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]229 return PSA_SUCCESS;
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]230}
231
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]232psa_status_t tfm_crypto_get_key_information(psa_invec in_vec[],
233 size_t in_len,
234 psa_outvec out_vec[],
235 size_t out_len)
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]236{
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]237 struct tfm_crypto_key_storage_s *key_store = NULL;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]238
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]239 if ((in_len != 1) || (out_len != 2)) {
240 return PSA_CONNECTION_REFUSED;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]241 }
242
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]243 if ((in_vec[0].len != sizeof(psa_key_slot_t)) ||
244 (out_vec[0].len != sizeof(psa_key_type_t)) ||
245 (out_vec[1].len != sizeof(size_t))) {
246 return PSA_CONNECTION_REFUSED;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]247 }
248
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]249 psa_key_slot_t key = *((psa_key_slot_t *)in_vec[0].base);
250 psa_key_type_t *type = out_vec[0].base;
251 size_t *bits = out_vec[1].base;
252
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]253 /* Initialise output parameters contents to zero */
254 *type = (psa_key_type_t) 0;
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]255 *bits = (size_t) 0;
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]256
257 key_store = get_key_store(key);
258 if (key_store == NULL) {
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]259 return PSA_ERROR_INVALID_ARGUMENT;
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]260 }
261
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]262 if (key_store->in_use == TFM_CRYPTO_NOT_IN_USE) {
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]263 return PSA_ERROR_EMPTY_SLOT;
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]264 }
265
266 /* Get basic metadata */
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]267 *type = key_store->type;
268 *bits = PSA_BYTES_TO_BITS(key_store->data_length);
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]269
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]270 return PSA_SUCCESS;
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]271}
272
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]273psa_status_t tfm_crypto_export_key(psa_invec in_vec[],
274 size_t in_len,
275 psa_outvec out_vec[],
276 size_t out_len)
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]277{
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]278 if ((in_len != 1) || (out_len != 1)) {
279 return PSA_CONNECTION_REFUSED;
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]280 }
281
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]282 if (in_vec[0].len != sizeof(psa_key_slot_t)) {
283 return PSA_CONNECTION_REFUSED;
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]284 }
285
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]286 psa_key_slot_t key = *((psa_key_slot_t *)in_vec[0].base);
287 uint8_t *data = out_vec[0].base;
288 size_t data_size = out_vec[0].len;
289
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]290 return tfm_crypto_get_key(key, PSA_KEY_USAGE_EXPORT, 0, data, data_size,
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]291 &(out_vec[0].len));
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]292}
293
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]294psa_status_t tfm_crypto_export_public_key(psa_invec in_vec[],
295 size_t in_len,
296 psa_outvec out_vec[],
297 size_t out_len)
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]298{
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]299 (void)in_vec;
300 (void)in_len;
301 (void)out_vec;
302 (void)out_len;
Hugues de Valon8b442442019-02-19 14:30:52 +0000[diff] [blame]303
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]304 /* FIXME: This API is not supported yet */
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]305 return PSA_ERROR_NOT_SUPPORTED;
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]306}
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]307
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]308psa_status_t tfm_crypto_key_policy_init(psa_invec in_vec[],
309 size_t in_len,
310 psa_outvec out_vec[],
311 size_t out_len)
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]312{
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]313 if ((in_len != 0) || (out_len != 1)) {
314 return PSA_CONNECTION_REFUSED;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]315 }
316
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]317 if (out_vec[0].len != sizeof(psa_key_policy_t)) {
318 return PSA_CONNECTION_REFUSED;
319 }
320
321 psa_key_policy_t *policy = out_vec[0].base;
322
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]323 policy->usage = 0;
324 policy->alg = 0;
325
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]326 return PSA_SUCCESS;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]327}
328
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]329psa_status_t tfm_crypto_key_policy_set_usage(psa_invec in_vec[],
330 size_t in_len,
331 psa_outvec out_vec[],
332 size_t out_len)
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]333{
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]334 if ((in_len != 2) || (out_len != 1)) {
335 return PSA_CONNECTION_REFUSED;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]336 }
337
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]338 if ((out_vec[0].len != sizeof(psa_key_policy_t)) ||
339 (in_vec[0].len != sizeof(psa_key_usage_t)) ||
340 (in_vec[1].len != sizeof(psa_algorithm_t))) {
341 return PSA_CONNECTION_REFUSED;
342 }
343
344 psa_key_policy_t *policy = out_vec[0].base;
345 psa_key_usage_t usage = *((psa_key_usage_t *)in_vec[0].base);
346 psa_algorithm_t alg = *((psa_algorithm_t *)in_vec[1].base);
347
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]348 policy->usage = usage;
349 policy->alg = alg;
350
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]351 return PSA_SUCCESS;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]352}
353
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]354psa_status_t tfm_crypto_key_policy_get_usage(psa_invec in_vec[],
355 size_t in_len,
356 psa_outvec out_vec[],
357 size_t out_len)
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]358{
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]359 if ((in_len != 1) || (out_len != 1)) {
360 return PSA_CONNECTION_REFUSED;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]361 }
362
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]363 if ((in_vec[0].len != sizeof(psa_key_policy_t)) ||
364 (out_vec[0].len != sizeof(psa_key_usage_t))) {
365 return PSA_CONNECTION_REFUSED;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]366 }
367
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]368 const psa_key_policy_t *policy = in_vec[0].base;
369 psa_key_usage_t *usage = out_vec[0].base;
370
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]371 *usage = policy->usage;
372
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]373 return PSA_SUCCESS;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]374}
375
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]376psa_status_t tfm_crypto_key_policy_get_algorithm(psa_invec in_vec[],
377 size_t in_len,
378 psa_outvec out_vec[],
379 size_t out_len)
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]380{
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]381 if ((in_len != 1) || (out_len != 1)) {
382 return PSA_CONNECTION_REFUSED;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]383 }
384
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]385 if ((in_vec[0].len != sizeof(psa_key_policy_t)) ||
386 (out_vec[0].len != sizeof(psa_algorithm_t))) {
387 return PSA_CONNECTION_REFUSED;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]388 }
389
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]390 const psa_key_policy_t *policy = in_vec[0].base;
391 psa_algorithm_t *alg = out_vec[0].base;
392
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]393 *alg = policy->alg;
394
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]395 return PSA_SUCCESS;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]396}
397
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]398psa_status_t tfm_crypto_set_key_policy(psa_invec in_vec[],
399 size_t in_len,
400 psa_outvec out_vec[],
401 size_t out_len)
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]402{
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]403 struct tfm_crypto_key_storage_s *key_store = NULL;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]404
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]405 if ((in_len != 2) || (out_len != 0)) {
406 return PSA_CONNECTION_REFUSED;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]407 }
408
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]409 if ((in_vec[0].len != sizeof(psa_key_slot_t)) ||
410 (in_vec[1].len != sizeof(psa_key_policy_t))) {
411 return PSA_CONNECTION_REFUSED;
412 }
413
414 psa_key_slot_t key = *((psa_key_slot_t *)in_vec[0].base);
415 const psa_key_policy_t *policy = in_vec[1].base;
416
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]417 /* Check that the policy is valid */
418 if (policy->usage & ~(PSA_KEY_USAGE_EXPORT
419 | PSA_KEY_USAGE_ENCRYPT
420 | PSA_KEY_USAGE_DECRYPT
421 | PSA_KEY_USAGE_SIGN
422 | PSA_KEY_USAGE_VERIFY
423 | PSA_KEY_USAGE_DERIVE)) {
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]424 return PSA_ERROR_INVALID_ARGUMENT;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]425 }
426
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]427 key_store = get_key_store(key);
428 if (key_store == NULL) {
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]429 return PSA_ERROR_INVALID_ARGUMENT;
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]430 }
431
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]432 /* Changing the policy of an occupied slot is not permitted as
433 * this is a requirement of the PSA Crypto API
434 */
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]435 if (key_store->in_use != TFM_CRYPTO_NOT_IN_USE) {
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]436 return PSA_ERROR_OCCUPIED_SLOT;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]437 }
438
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]439 key_store->policy = *policy;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]440
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]441 return PSA_SUCCESS;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]442}
443
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]444psa_status_t tfm_crypto_get_key_policy(psa_invec in_vec[],
445 size_t in_len,
446 psa_outvec out_vec[],
447 size_t out_len)
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]448{
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]449 struct tfm_crypto_key_storage_s *key_store = NULL;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]450
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]451 if ((in_len != 1) || (out_len != 1)) {
452 return PSA_CONNECTION_REFUSED;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]453 }
454
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]455 if ((in_vec[0].len != sizeof(psa_key_slot_t)) ||
456 (out_vec[0].len != sizeof(psa_key_policy_t))) {
457 return PSA_CONNECTION_REFUSED;
458 }
459
460 psa_key_slot_t key = *((psa_key_slot_t *)in_vec[0].base);
461 psa_key_policy_t *policy = out_vec[0].base;
462
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]463 key_store = get_key_store(key);
464 if (key_store == NULL) {
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]465 return PSA_ERROR_INVALID_ARGUMENT;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]466 }
467
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]468 *policy = key_store->policy;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]469
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]470 return PSA_SUCCESS;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]471}
472
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]473psa_status_t tfm_crypto_set_key_lifetime(psa_invec in_vec[],
474 size_t in_len,
475 psa_outvec out_vec[],
476 size_t out_len)
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]477{
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]478 struct tfm_crypto_key_storage_s *key_store = NULL;
479
480 if ((in_len != 2) || (out_len != 0)) {
481 return PSA_CONNECTION_REFUSED;
482 }
483
484 if ((in_vec[0].len != sizeof(psa_key_slot_t)) ||
485 (in_vec[1].len != sizeof(psa_key_lifetime_t))) {
486 return PSA_CONNECTION_REFUSED;
487 }
488
489 psa_key_slot_t key = *((psa_key_slot_t *)in_vec[0].base);
490 psa_key_lifetime_t lifetime = *((psa_key_lifetime_t *)in_vec[1].base);
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]491
492 /* Check that the lifetime is valid */
493 if (lifetime != PSA_KEY_LIFETIME_VOLATILE
494 && lifetime != PSA_KEY_LIFETIME_PERSISTENT
495 && lifetime != PSA_KEY_LIFETIME_WRITE_ONCE) {
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]496 return PSA_ERROR_INVALID_ARGUMENT;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]497 }
498
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]499 key_store = get_key_store(key);
500 if (key_store == NULL) {
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]501 return PSA_ERROR_INVALID_ARGUMENT;
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]502 }
503
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]504 /* TF-M Crypto service does not support changing the lifetime of an occupied
505 * slot.
506 */
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]507 if (key_store->in_use != TFM_CRYPTO_NOT_IN_USE) {
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]508 return PSA_ERROR_OCCUPIED_SLOT;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]509 }
510
511 /* Only volatile keys are currently supported */
512 if (lifetime != PSA_KEY_LIFETIME_VOLATILE) {
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]513 return PSA_ERROR_NOT_SUPPORTED;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]514 }
515
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]516 key_store->lifetime = lifetime;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]517
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]518 return PSA_SUCCESS;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]519}
520
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]521psa_status_t tfm_crypto_get_key_lifetime(psa_invec in_vec[],
522 size_t in_len,
523 psa_outvec out_vec[],
524 size_t out_len)
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]525{
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]526 struct tfm_crypto_key_storage_s *key_store = NULL;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]527
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]528 if ((in_len != 1) || (out_len != 1)) {
529 return PSA_CONNECTION_REFUSED;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]530 }
531
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]532 if ((in_vec[0].len != sizeof(psa_key_slot_t)) ||
533 (out_vec[0].len != sizeof(psa_key_lifetime_t))) {
534 return PSA_CONNECTION_REFUSED;
535 }
536
537 psa_key_slot_t key = *((psa_key_slot_t *)in_vec[0].base);
538 psa_key_lifetime_t *lifetime = out_vec[0].base;
539
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]540 key_store = get_key_store(key);
541 if (key_store == NULL) {
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]542 return PSA_ERROR_INVALID_ARGUMENT;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]543 }
544
Jamie Fox82b87ca2018-12-11 16:41:11 +0000[diff] [blame]545 *lifetime = key_store->lifetime;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]546
Antonio de Angelisab85ccd2019-03-25 15:14:29 +0000[diff] [blame^]547 return PSA_SUCCESS;
Jamie Foxefd82732018-11-26 10:34:32 +0000[diff] [blame]548}
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]549/*!@}*/