Crypto: Align to Mbed Crypto 3.0.1
This patch upgrades the Crypto service to be able
to use Mbed Crypto 3.0.1:
- Updates the PSA crypto headers to latest available in mbed-crypto
- Updates the service implementation
- Updates the test suites where needed
- Updates the SST and Attestation interfaces
towards cryptographic functionalities
- Updates documentation to reflect updated
requirements, and changes in the integration guide
This patch migrates the use of psa_asymmetric_sign() and
psa_asymmetric_verify() to the non-deprecated versions of
the API psa_sign_hash() and psa_verify_hash().
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
Change-Id: I7d8275def2336c1b5cfb8847b2842c305cfab116
diff --git a/interface/src/tfm_crypto_func_api.c b/interface/src/tfm_crypto_func_api.c
index 87c1a64..c1b1d90 100644
--- a/interface/src/tfm_crypto_func_api.c
+++ b/interface/src/tfm_crypto_func_api.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2019, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2020, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -30,32 +30,11 @@
return PSA_SUCCESS;
}
-psa_status_t psa_allocate_key(psa_key_handle_t *handle)
-{
- psa_status_t status;
- const struct tfm_crypto_pack_iovec iov = {
- .sfn_id = TFM_CRYPTO_ALLOCATE_KEY_SID,
- };
- psa_invec in_vec[] = {
- {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
- };
- psa_outvec out_vec[] = {
- {.base = handle, .len = sizeof(psa_key_handle_t)},
- };
-
- status = API_DISPATCH(tfm_crypto_allocate_key,
- TFM_CRYPTO_ALLOCATE_KEY);
-
- return status;
-}
-
-psa_status_t psa_open_key(psa_key_lifetime_t lifetime,
- psa_key_id_t id,
+psa_status_t psa_open_key(psa_key_id_t id,
psa_key_handle_t *handle)
{
const struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_OPEN_KEY_SID,
- .lifetime = lifetime,
};
psa_invec in_vec[] = {
{.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
@@ -69,18 +48,6 @@
TFM_CRYPTO_OPEN_KEY);
}
-psa_status_t psa_create_key(psa_key_lifetime_t lifetime,
- psa_key_id_t id,
- psa_key_handle_t *handle)
-{
- (void)lifetime;
- (void)id;
- (void)handle;
-
- /* TODO: Persistent key APIs are not supported yet */
- return PSA_ERROR_NOT_SUPPORTED;
-}
-
psa_status_t psa_close_key(psa_key_handle_t handle)
{
const struct tfm_crypto_pack_iovec iov = {
@@ -95,24 +62,26 @@
TFM_CRYPTO_CLOSE_KEY);
}
-psa_status_t psa_import_key(psa_key_handle_t handle,
- psa_key_type_t type,
+psa_status_t psa_import_key(const psa_key_attributes_t *attributes,
const uint8_t *data,
- size_t data_length)
+ size_t data_length,
+ psa_key_handle_t *handle)
{
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_IMPORT_KEY_SID,
- .key_handle = handle,
- .type = type,
};
psa_invec in_vec[] = {
{.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
+ {.base = attributes, .len = sizeof(psa_key_attributes_t)},
{.base = data, .len = data_length}
};
+ psa_outvec out_vec[] = {
+ {.base = handle, .len = sizeof(psa_key_handle_t)}
+ };
- status = API_DISPATCH_NO_OUTVEC(tfm_crypto_import_key,
- TFM_CRYPTO_IMPORT_KEY);
+ status = API_DISPATCH(tfm_crypto_import_key,
+ TFM_CRYPTO_IMPORT_KEY);
return status;
}
@@ -134,29 +103,43 @@
return status;
}
-psa_status_t psa_get_key_information(psa_key_handle_t handle,
- psa_key_type_t *type,
- size_t *bits)
+psa_status_t psa_get_key_attributes(psa_key_handle_t handle,
+ psa_key_attributes_t *attributes)
{
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
- .sfn_id = TFM_CRYPTO_GET_KEY_INFORMATION_SID,
+ .sfn_id = TFM_CRYPTO_GET_KEY_ATTRIBUTES_SID,
.key_handle = handle,
};
psa_invec in_vec[] = {
{.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
};
psa_outvec out_vec[] = {
- {.base = type, .len = sizeof(psa_key_type_t)},
- {.base = bits, .len = sizeof(size_t)}
+ {.base = attributes, .len = sizeof(psa_key_attributes_t)},
};
- status = API_DISPATCH(tfm_crypto_get_key_information,
- TFM_CRYPTO_GET_KEY_INFORMATION);
-
+ status = API_DISPATCH(tfm_crypto_get_key_attributes,
+ TFM_CRYPTO_GET_KEY_ATTRIBUTES);
return status;
}
+void psa_reset_key_attributes(psa_key_attributes_t *attributes)
+{
+ struct tfm_crypto_pack_iovec iov = {
+ .sfn_id = TFM_CRYPTO_RESET_KEY_ATTRIBUTES_SID,
+ };
+ psa_invec in_vec[] = {
+ {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
+ };
+ psa_outvec out_vec[] = {
+ {.base = attributes, .len = sizeof(psa_key_attributes_t)},
+ };
+
+ (void)API_DISPATCH(tfm_crypto_reset_key_attributes,
+ TFM_CRYPTO_RESET_KEY_ATTRIBUTES);
+ return;
+}
+
psa_status_t psa_export_key(psa_key_handle_t handle,
uint8_t *data,
size_t data_size,
@@ -179,7 +162,6 @@
*data_length = out_vec[0].len;
-
return status;
}
@@ -210,8 +192,8 @@
}
psa_status_t psa_copy_key(psa_key_handle_t source_handle,
- psa_key_handle_t target_handle,
- const psa_key_policy_t *constraint)
+ const psa_key_attributes_t *attributes,
+ psa_key_handle_t *target_handle)
{
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
@@ -221,94 +203,15 @@
psa_invec in_vec[] = {
{.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
- {.base = &target_handle, .len = sizeof(psa_key_handle_t)},
- {.base = constraint, .len = sizeof(psa_key_policy_t)},
+ {.base = attributes, .len = sizeof(psa_key_attributes_t)},
};
- status = API_DISPATCH_NO_OUTVEC(tfm_crypto_copy_key,
- TFM_CRYPTO_COPY_KEY);
-
- return status;
-}
-
-void psa_key_policy_set_usage(psa_key_policy_t *policy,
- psa_key_usage_t usage,
- psa_algorithm_t alg)
-{
- policy->usage = usage;
- policy->alg = alg;
-}
-
-psa_key_usage_t psa_key_policy_get_usage(const psa_key_policy_t *policy)
-{
- return policy->usage;
-}
-
-psa_algorithm_t psa_key_policy_get_algorithm(const psa_key_policy_t *policy)
-{
- return policy->alg;
-}
-
-psa_status_t psa_set_key_policy(psa_key_handle_t handle,
- const psa_key_policy_t *policy)
-{
- psa_status_t status;
- struct tfm_crypto_pack_iovec iov = {
- .sfn_id = TFM_CRYPTO_SET_KEY_POLICY_SID,
- .key_handle = handle,
- };
-
- psa_invec in_vec[] = {
- {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
- {.base = policy, .len = sizeof(psa_key_policy_t)},
- };
-
- status = API_DISPATCH_NO_OUTVEC(tfm_crypto_set_key_policy,
- TFM_CRYPTO_SET_KEY_POLICY);
-
- return status;
-}
-
-psa_status_t psa_get_key_policy(psa_key_handle_t handle,
- psa_key_policy_t *policy)
-{
- psa_status_t status;
- struct tfm_crypto_pack_iovec iov = {
- .sfn_id = TFM_CRYPTO_GET_KEY_POLICY_SID,
- .key_handle = handle,
- };
-
- psa_invec in_vec[] = {
- {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
- };
psa_outvec out_vec[] = {
- {.base = policy, .len = sizeof(psa_key_policy_t)},
+ {.base = target_handle, .len = sizeof(psa_key_handle_t)},
};
- status = API_DISPATCH(tfm_crypto_get_key_policy,
- TFM_CRYPTO_GET_KEY_POLICY);
-
- return status;
-}
-
-psa_status_t psa_get_key_lifetime(psa_key_handle_t handle,
- psa_key_lifetime_t *lifetime)
-{
- psa_status_t status;
- struct tfm_crypto_pack_iovec iov = {
- .sfn_id = TFM_CRYPTO_GET_KEY_LIFETIME_SID,
- .key_handle = handle,
- };
-
- psa_invec in_vec[] = {
- {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
- };
- psa_outvec out_vec[] = {
- {.base = lifetime, .len = sizeof(psa_key_lifetime_t)},
- };
-
- status = API_DISPATCH(tfm_crypto_get_key_lifetime,
- TFM_CRYPTO_GET_KEY_LIFETIME);
+ status = API_DISPATCH(tfm_crypto_copy_key,
+ TFM_CRYPTO_COPY_KEY);
return status;
}
@@ -627,6 +530,10 @@
{.base = target_operation, .len = sizeof(psa_hash_operation_t)},
};
+ if (target_operation && (target_operation->handle != 0)) {
+ return PSA_ERROR_BAD_STATE;
+ }
+
status = API_DISPATCH(tfm_crypto_hash_clone,
TFM_CRYPTO_HASH_CLONE);
@@ -893,9 +800,21 @@
size_t signature_size,
size_t *signature_length)
{
+ return psa_sign_hash(handle, alg, hash, hash_length, signature,
+ signature_size, signature_length);
+}
+
+psa_status_t psa_sign_hash(psa_key_handle_t handle,
+ psa_algorithm_t alg,
+ const uint8_t *hash,
+ size_t hash_length,
+ uint8_t *signature,
+ size_t signature_size,
+ size_t *signature_length)
+{
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
- .sfn_id = TFM_CRYPTO_ASYMMETRIC_SIGN_SID,
+ .sfn_id = TFM_CRYPTO_SIGN_HASH_SID,
.key_handle = handle,
.alg = alg,
};
@@ -908,8 +827,8 @@
{.base = signature, .len = signature_size},
};
- status = API_DISPATCH(tfm_crypto_asymmetric_sign,
- TFM_CRYPTO_ASYMMETRIC_SIGN);
+ status = API_DISPATCH(tfm_crypto_sign_hash,
+ TFM_CRYPTO_SIGN_HASH);
*signature_length = out_vec[0].len;
@@ -923,9 +842,20 @@
const uint8_t *signature,
size_t signature_length)
{
+ return psa_verify_hash(handle, alg, hash, hash_length,
+ signature, signature_length);
+}
+
+psa_status_t psa_verify_hash(psa_key_handle_t handle,
+ psa_algorithm_t alg,
+ const uint8_t *hash,
+ size_t hash_length,
+ const uint8_t *signature,
+ size_t signature_length)
+{
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
- .sfn_id = TFM_CRYPTO_ASYMMETRIC_VERIFY_SID,
+ .sfn_id = TFM_CRYPTO_VERIFY_HASH_SID,
.key_handle = handle,
.alg = alg
};
@@ -936,8 +866,8 @@
{.base = signature, .len = signature_length}
};
- status = API_DISPATCH_NO_OUTVEC(tfm_crypto_asymmetric_verify,
- TFM_CRYPTO_ASYMMETRIC_VERIFY);
+ status = API_DISPATCH_NO_OUTVEC(tfm_crypto_verify_hash,
+ TFM_CRYPTO_VERIFY_HASH);
return status;
}
@@ -1022,13 +952,14 @@
return status;
}
-psa_status_t psa_get_generator_capacity(const psa_crypto_generator_t *generator,
- size_t *capacity)
+psa_status_t psa_key_derivation_get_capacity(
+ const psa_key_derivation_operation_t *operation,
+ size_t *capacity)
{
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
- .sfn_id = TFM_CRYPTO_GET_GENERATOR_CAPACITY_SID,
- .op_handle = generator->handle,
+ .sfn_id = TFM_CRYPTO_KEY_DERIVATION_GET_CAPACITY_SID,
+ .op_handle = operation->handle,
};
psa_invec in_vec[] = {
@@ -1039,20 +970,21 @@
{.base = capacity, .len = sizeof(size_t)},
};
- status = API_DISPATCH(tfm_crypto_get_generator_capacity,
- TFM_CRYPTO_GET_GENERATOR_CAPACITY);
+ status = API_DISPATCH(tfm_crypto_key_derivation_get_capacity,
+ TFM_CRYPTO_KEY_DERIVATION_GET_CAPACITY);
return status;
}
-psa_status_t psa_generator_read(psa_crypto_generator_t *generator,
- uint8_t *output,
- size_t output_length)
+psa_status_t psa_key_derivation_output_bytes(
+ psa_key_derivation_operation_t *operation,
+ uint8_t *output,
+ size_t output_length)
{
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
- .sfn_id = TFM_CRYPTO_GENERATOR_READ_SID,
- .op_handle = generator->handle,
+ .sfn_id = TFM_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES_SID,
+ .op_handle = operation->handle,
};
psa_invec in_vec[] = {
@@ -1063,42 +995,41 @@
{.base = output, .len = output_length},
};
- status = API_DISPATCH(tfm_crypto_generator_read,
- TFM_CRYPTO_GENERATOR_READ);
+ status = API_DISPATCH(tfm_crypto_key_derivation_output_bytes,
+ TFM_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES);
return status;
}
-psa_status_t psa_generator_import_key(psa_key_handle_t handle,
- psa_key_type_t type,
- size_t bits,
- psa_crypto_generator_t *generator)
+psa_status_t psa_key_derivation_input_key(
+ psa_key_derivation_operation_t *operation,
+ psa_key_derivation_step_t step,
+ psa_key_handle_t handle)
{
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
- .sfn_id = TFM_CRYPTO_GENERATOR_IMPORT_KEY_SID,
+ .sfn_id = TFM_CRYPTO_KEY_DERIVATION_INPUT_KEY_SID,
.key_handle = handle,
- .type = type,
- .op_handle = generator->handle,
+ .step = step,
+ .op_handle = operation->handle,
};
psa_invec in_vec[] = {
{.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
- {.base = &bits, .len = sizeof(size_t)},
};
- status = API_DISPATCH_NO_OUTVEC(tfm_crypto_generator_import_key,
- TFM_CRYPTO_GENERATOR_IMPORT_KEY);
+ status = API_DISPATCH_NO_OUTVEC(tfm_crypto_key_derivation_input_key,
+ TFM_CRYPTO_KEY_DERIVATION_INPUT_KEY);
return status;
}
-psa_status_t psa_generator_abort(psa_crypto_generator_t *generator)
+psa_status_t psa_key_derivation_abort(psa_key_derivation_operation_t *operation)
{
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
- .sfn_id = TFM_CRYPTO_GENERATOR_ABORT_SID,
- .op_handle = generator->handle,
+ .sfn_id = TFM_CRYPTO_KEY_DERIVATION_ABORT_SID,
+ .op_handle = operation->handle,
};
psa_invec in_vec[] = {
@@ -1106,70 +1037,28 @@
};
psa_outvec out_vec[] = {
- {.base = &(generator->handle), .len = sizeof(uint32_t)},
+ {.base = &(operation->handle), .len = sizeof(uint32_t)},
};
- status = API_DISPATCH(tfm_crypto_generator_abort,
- TFM_CRYPTO_GENERATOR_ABORT);
+ status = API_DISPATCH(tfm_crypto_key_derivation_abort,
+ TFM_CRYPTO_KEY_DERIVATION_ABORT);
return status;
}
-psa_status_t psa_key_derivation(psa_crypto_generator_t *generator,
- psa_key_handle_t handle,
- psa_algorithm_t alg,
- const uint8_t *salt,
- size_t salt_length,
- const uint8_t *label,
- size_t label_length,
- size_t capacity)
+psa_status_t psa_key_derivation_key_agreement(
+ psa_key_derivation_operation_t *operation,
+ psa_key_derivation_step_t step,
+ psa_key_handle_t private_key,
+ const uint8_t *peer_key,
+ size_t peer_key_length)
{
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
- .sfn_id = TFM_CRYPTO_KEY_DERIVATION_SID,
- .key_handle = handle,
- .alg = alg,
- .op_handle = generator->handle,
- .capacity = capacity,
- };
-
- /* Sanitize the optional input */
- if ((salt == NULL) && (salt_length != 0)) {
- return PSA_ERROR_INVALID_ARGUMENT;
- }
-
- if ((label == NULL) && (label_length != 0)) {
- return PSA_ERROR_INVALID_ARGUMENT;
- }
-
- psa_invec in_vec[] = {
- {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
- {.base = salt, .len = salt_length},
- {.base = label, .len = label_length},
- };
-
- psa_outvec out_vec[] = {
- {.base = &(generator->handle), .len = sizeof(uint32_t)},
- };
-
- status = API_DISPATCH(tfm_crypto_key_derivation,
- TFM_CRYPTO_KEY_DERIVATION);
-
- return status;
-}
-
-psa_status_t psa_key_agreement(psa_crypto_generator_t *generator,
- psa_key_handle_t private_key,
- const uint8_t *peer_key,
- size_t peer_key_length,
- psa_algorithm_t alg)
-{
- psa_status_t status;
- struct tfm_crypto_pack_iovec iov = {
- .sfn_id = TFM_CRYPTO_KEY_AGREEMENT_SID,
+ .sfn_id = TFM_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT_SID,
.key_handle = private_key,
- .alg = alg,
- .op_handle = generator->handle,
+ .step = step,
+ .op_handle = operation->handle,
};
psa_invec in_vec[] = {
@@ -1177,12 +1066,8 @@
{.base = peer_key, .len = peer_key_length},
};
- psa_outvec out_vec[] = {
- {.base = &(generator->handle), .len = sizeof(uint32_t)},
- };
-
- status = API_DISPATCH(tfm_crypto_key_agreement,
- TFM_CRYPTO_KEY_AGREEMENT);
+ status = API_DISPATCH_NO_OUTVEC(tfm_crypto_key_derivation_key_agreement,
+ TFM_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT);
return status;
}
@@ -1213,32 +1098,377 @@
return status;
}
-psa_status_t psa_generate_key(psa_key_handle_t handle,
- psa_key_type_t type,
- size_t bits,
- const void *extra,
- size_t extra_size)
+psa_status_t psa_generate_key(const psa_key_attributes_t *attributes,
+ psa_key_handle_t *handle)
{
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_GENERATE_KEY_SID,
- .key_handle = handle,
- .type = type,
};
- /* Sanitize the optional input */
- if ((extra == NULL) && (extra_size != 0)) {
- return PSA_ERROR_INVALID_ARGUMENT;
- }
-
psa_invec in_vec[] = {
{.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
- {.base = &bits, .len = sizeof(size_t)},
- {.base = extra, .len = extra_size},
+ {.base = attributes, .len = sizeof(psa_key_attributes_t)},
};
- status = API_DISPATCH_NO_OUTVEC(tfm_crypto_generate_key,
- TFM_CRYPTO_GENERATE_KEY);
+ psa_outvec out_vec[] = {
+ {.base = handle, .len = sizeof(psa_key_handle_t)},
+ };
+
+ status = API_DISPATCH(tfm_crypto_generate_key,
+ TFM_CRYPTO_GENERATE_KEY);
+
+ return status;
+}
+
+psa_status_t psa_set_key_domain_parameters(psa_key_attributes_t *attributes,
+ psa_key_type_t type,
+ const uint8_t *data,
+ size_t data_length)
+{
+ psa_status_t status;
+
+ status = PSA_ERROR_NOT_SUPPORTED;
+
+ return status;
+}
+
+psa_status_t psa_get_key_domain_parameters(
+ const psa_key_attributes_t *attributes,
+ uint8_t *data,
+ size_t data_size,
+ size_t *data_length)
+{
+ psa_status_t status;
+
+ status = PSA_ERROR_NOT_SUPPORTED;
+
+ return status;
+}
+
+psa_status_t psa_hash_compare(psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ const uint8_t *hash,
+ const size_t hash_length)
+{
+ psa_status_t status;
+
+ status = PSA_ERROR_NOT_SUPPORTED;
+
+ return status;
+}
+
+psa_status_t psa_aead_update_ad(psa_aead_operation_t *operation,
+ const uint8_t *input,
+ size_t input_length)
+{
+ psa_status_t status;
+
+ status = PSA_ERROR_NOT_SUPPORTED;
+
+ return status;
+}
+
+psa_status_t psa_aead_finish(psa_aead_operation_t *operation,
+ uint8_t *ciphertext,
+ size_t ciphertext_size,
+ size_t *ciphertext_length,
+ uint8_t *tag,
+ size_t tag_size,
+ size_t *tag_length)
+{
+ psa_status_t status;
+
+ status = PSA_ERROR_NOT_SUPPORTED;
+
+ return status;
+}
+
+psa_status_t psa_aead_verify(psa_aead_operation_t *operation,
+ uint8_t *plaintext,
+ size_t plaintext_size,
+ size_t *plaintext_length,
+ const uint8_t *tag,
+ size_t tag_length)
+{
+ psa_status_t status;
+
+ status = PSA_ERROR_NOT_SUPPORTED;
+
+ return status;
+}
+
+psa_status_t psa_aead_abort(psa_aead_operation_t *operation)
+{
+ psa_status_t status;
+
+ status = PSA_ERROR_NOT_SUPPORTED;
+
+ return status;
+}
+
+psa_status_t psa_mac_compute(psa_key_handle_t handle,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *mac,
+ size_t mac_size,
+ size_t *mac_length)
+{
+ psa_status_t status;
+
+ status = PSA_ERROR_NOT_SUPPORTED;
+
+ return status;
+}
+
+psa_status_t psa_mac_verify(psa_key_handle_t handle,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ const uint8_t *mac,
+ const size_t mac_length)
+{
+ psa_status_t status;
+
+ status = PSA_ERROR_NOT_SUPPORTED;
+
+ return status;
+}
+
+psa_status_t psa_cipher_encrypt(psa_key_handle_t handle,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length)
+{
+ psa_status_t status;
+
+ status = PSA_ERROR_NOT_SUPPORTED;
+
+ return status;
+}
+
+psa_status_t psa_cipher_decrypt(psa_key_handle_t handle,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length)
+{
+ psa_status_t status;
+
+ status = PSA_ERROR_NOT_SUPPORTED;
+
+ return status;
+}
+
+psa_status_t psa_raw_key_agreement(psa_algorithm_t alg,
+ psa_key_handle_t private_key,
+ const uint8_t *peer_key,
+ size_t peer_key_length,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length)
+{
+ psa_status_t status;
+ struct tfm_crypto_pack_iovec iov = {
+ .sfn_id = TFM_CRYPTO_RAW_KEY_AGREEMENT_SID,
+ .alg = alg,
+ .key_handle = private_key
+ };
+
+ psa_invec in_vec[] = {
+ {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
+ {.base = peer_key, .len = peer_key_length},
+ };
+
+ psa_outvec out_vec[] = {
+ {.base = output, .len = output_size},
+ };
+
+ status = API_DISPATCH(tfm_crypto_raw_key_agreement,
+ TFM_CRYPTO_RAW_KEY_AGREEMENT);
+
+ *output_length = out_vec[0].len;
+
+ return status;
+}
+
+psa_status_t psa_key_derivation_setup(psa_key_derivation_operation_t *operation,
+ psa_algorithm_t alg)
+{
+ psa_status_t status;
+ struct tfm_crypto_pack_iovec iov = {
+ .sfn_id = TFM_CRYPTO_KEY_DERIVATION_SETUP_SID,
+ .alg = alg,
+ .op_handle = operation->handle,
+ };
+
+ psa_invec in_vec[] = {
+ {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
+ };
+ psa_outvec out_vec[] = {
+ {.base = &(operation->handle), .len = sizeof(uint32_t)},
+ };
+
+ status = API_DISPATCH(tfm_crypto_key_derivation_setup,
+ TFM_CRYPTO_KEY_DERIVATION_SETUP);
+ return status;
+}
+
+psa_status_t psa_key_derivation_set_capacity(
+ psa_key_derivation_operation_t *operation,
+ size_t capacity)
+{
+ psa_status_t status;
+ struct tfm_crypto_pack_iovec iov = {
+ .sfn_id = TFM_CRYPTO_KEY_DERIVATION_SET_CAPACITY_SID,
+ .capacity = capacity,
+ .op_handle = operation->handle,
+ };
+
+ psa_invec in_vec[] = {
+ {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
+ };
+
+ status = API_DISPATCH_NO_OUTVEC(tfm_crypto_key_derivation_set_capacity,
+ TFM_CRYPTO_KEY_DERIVATION_SET_CAPACITY);
+ return status;
+}
+
+psa_status_t psa_key_derivation_input_bytes(
+ psa_key_derivation_operation_t *operation,
+ psa_key_derivation_step_t step,
+ const uint8_t *data,
+ size_t data_length)
+{
+ psa_status_t status;
+ struct tfm_crypto_pack_iovec iov = {
+ .sfn_id = TFM_CRYPTO_KEY_DERIVATION_INPUT_BYTES_SID,
+ .step = step,
+ .op_handle = operation->handle,
+ };
+
+ psa_invec in_vec[] = {
+ {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
+ {.base = data, .len = data_length},
+ };
+
+ status = API_DISPATCH_NO_OUTVEC(tfm_crypto_key_derivation_input_bytes,
+ TFM_CRYPTO_KEY_DERIVATION_INPUT_BYTES);
+ return status;
+}
+
+psa_status_t psa_key_derivation_output_key(
+ const psa_key_attributes_t *attributes,
+ psa_key_derivation_operation_t *operation,
+ psa_key_handle_t *handle)
+{
+ psa_status_t status;
+ struct tfm_crypto_pack_iovec iov = {
+ .sfn_id = TFM_CRYPTO_KEY_DERIVATION_OUTPUT_KEY_SID,
+ .op_handle = operation->handle,
+ };
+
+ psa_invec in_vec[] = {
+ {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)},
+ {.base = attributes, .len = sizeof(psa_key_attributes_t)},
+ };
+
+ psa_outvec out_vec[] = {
+ {.base = handle, .len = sizeof(psa_key_handle_t)}
+ };
+
+ status = API_DISPATCH(tfm_crypto_key_derivation_output_key,
+ TFM_CRYPTO_KEY_DERIVATION_OUTPUT_KEY);
+ return status;
+}
+
+psa_status_t psa_hash_compute(psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *hash,
+ size_t hash_size,
+ size_t *hash_length)
+{
+ psa_status_t status;
+
+ status = PSA_ERROR_NOT_SUPPORTED;
+
+ return status;
+}
+
+psa_status_t psa_aead_encrypt_setup(psa_aead_operation_t *operation,
+ psa_key_handle_t handle,
+ psa_algorithm_t alg)
+{
+ psa_status_t status;
+
+ status = PSA_ERROR_NOT_SUPPORTED;
+
+ return status;
+}
+
+psa_status_t psa_aead_decrypt_setup(psa_aead_operation_t *operation,
+ psa_key_handle_t handle,
+ psa_algorithm_t alg)
+{
+ psa_status_t status;
+
+ status = PSA_ERROR_NOT_SUPPORTED;
+
+ return status;
+}
+
+psa_status_t psa_aead_generate_nonce(psa_aead_operation_t *operation,
+ uint8_t *nonce,
+ size_t nonce_size,
+ size_t *nonce_length)
+{
+ psa_status_t status;
+
+ status = PSA_ERROR_NOT_SUPPORTED;
+
+ return status;
+}
+
+psa_status_t psa_aead_set_nonce(psa_aead_operation_t *operation,
+ const uint8_t *nonce,
+ size_t nonce_length)
+{
+ psa_status_t status;
+
+ status = PSA_ERROR_NOT_SUPPORTED;
+
+ return status;
+}
+
+psa_status_t psa_aead_set_lengths(psa_aead_operation_t *operation,
+ size_t ad_length,
+ size_t plaintext_length)
+{
+ psa_status_t status;
+
+ status = PSA_ERROR_NOT_SUPPORTED;
+
+ return status;
+}
+
+psa_status_t psa_aead_update(psa_aead_operation_t *operation,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length)
+{
+ psa_status_t status;
+
+ status = PSA_ERROR_NOT_SUPPORTED;
return status;
}