aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAntonio de Angelis <antonio.deangelis@arm.com>2019-07-16 10:59:25 +0100
committerAntonio de Angelis <antonio.deangelis@arm.com>2019-08-07 09:08:33 +0100
commit7740b38b6d7392af3a007f40fa6996144c7c74e6 (patch)
tree78393f0d6569e2ef9aa3b5bb32d7fc8c2ff37544
parent0907261b2b41714509d20acca2954fe2f5dde6e6 (diff)
downloadtrusted-firmware-m-7740b38b6d7392af3a007f40fa6996144c7c74e6.tar.gz
Crypto: Add option to disable separate modules
This patch introduces the configuration option in the Crypto service to allow disabling at build time of different submodules, such as Cipher, Hash, Mac, Generator, Aead and Asymmetric. Change-Id: I3ccfde15cfe2cb6fd540815ad4a47fb24a98ada9 Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
-rw-r--r--interface/src/tfm_crypto_api.c184
-rw-r--r--secure_fw/services/crypto/CMakeLists.inc42
-rw-r--r--secure_fw/services/crypto/CMakeLists.txt7
-rw-r--r--secure_fw/services/crypto/crypto_aead.c8
-rw-r--r--secure_fw/services/crypto/crypto_asymmetric.c16
-rw-r--r--secure_fw/services/crypto/crypto_cipher.c28
-rw-r--r--secure_fw/services/crypto/crypto_generator.c32
-rw-r--r--secure_fw/services/crypto/crypto_hash.c24
-rw-r--r--secure_fw/services/crypto/crypto_key.c46
-rw-r--r--secure_fw/services/crypto/crypto_mac.c24
-rw-r--r--secure_fw/services/crypto/tfm_crypto_secure_api.c184
11 files changed, 595 insertions, 0 deletions
diff --git a/interface/src/tfm_crypto_api.c b/interface/src/tfm_crypto_api.c
index e18d61194c..c53641b543 100644
--- a/interface/src/tfm_crypto_api.c
+++ b/interface/src/tfm_crypto_api.c
@@ -58,6 +58,9 @@ psa_status_t psa_crypto_init(void)
psa_status_t psa_allocate_key(psa_key_handle_t *handle)
{
+#if (TFM_CRYPTO_KEY_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
const struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_ALLOCATE_KEY_SID,
@@ -80,38 +83,51 @@ psa_status_t psa_allocate_key(psa_key_handle_t *handle)
#endif
return status;
+#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
}
psa_status_t psa_open_key(psa_key_lifetime_t lifetime,
psa_key_id_t id,
psa_key_handle_t *handle)
{
+#if (TFM_CRYPTO_KEY_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
(void)lifetime;
(void)id;
(void)handle;
/* TODO: Persistent key APIs are not supported yet */
return PSA_ERROR_NOT_SUPPORTED;
+#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
}
psa_status_t psa_create_key(psa_key_lifetime_t lifetime,
psa_key_id_t id,
psa_key_handle_t *handle)
{
+#if (TFM_CRYPTO_KEY_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
(void)lifetime;
(void)id;
(void)handle;
/* TODO: Persistent key APIs are not supported yet */
return PSA_ERROR_NOT_SUPPORTED;
+#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
}
psa_status_t psa_close_key(psa_key_handle_t handle)
{
+#if (TFM_CRYPTO_KEY_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
(void)handle;
/* TODO: Persistent key APIs are not supported yet */
return PSA_ERROR_NOT_SUPPORTED;
+#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
}
psa_status_t psa_import_key(psa_key_handle_t handle,
@@ -119,6 +135,9 @@ psa_status_t psa_import_key(psa_key_handle_t handle,
const uint8_t *data,
size_t data_length)
{
+#if (TFM_CRYPTO_KEY_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_IMPORT_KEY_SID,
@@ -141,10 +160,14 @@ psa_status_t psa_import_key(psa_key_handle_t handle,
#endif
return status;
+#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
}
psa_status_t psa_destroy_key(psa_key_handle_t handle)
{
+#if (TFM_CRYPTO_KEY_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_DESTROY_KEY_SID,
@@ -165,12 +188,16 @@ psa_status_t psa_destroy_key(psa_key_handle_t handle)
#endif
return status;
+#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
}
psa_status_t psa_get_key_information(psa_key_handle_t handle,
psa_key_type_t *type,
size_t *bits)
{
+#if (TFM_CRYPTO_KEY_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_GET_KEY_INFORMATION_SID,
@@ -195,6 +222,7 @@ psa_status_t psa_get_key_information(psa_key_handle_t handle,
#endif
return status;
+#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
}
psa_status_t psa_export_key(psa_key_handle_t handle,
@@ -202,6 +230,9 @@ psa_status_t psa_export_key(psa_key_handle_t handle,
size_t data_size,
size_t *data_length)
{
+#if (TFM_CRYPTO_KEY_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_EXPORT_KEY_SID,
@@ -228,6 +259,7 @@ psa_status_t psa_export_key(psa_key_handle_t handle,
#endif
return status;
+#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
}
psa_status_t psa_export_public_key(psa_key_handle_t handle,
@@ -235,6 +267,9 @@ psa_status_t psa_export_public_key(psa_key_handle_t handle,
size_t data_size,
size_t *data_length)
{
+#if (TFM_CRYPTO_KEY_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_EXPORT_PUBLIC_KEY_SID,
@@ -262,12 +297,16 @@ psa_status_t psa_export_public_key(psa_key_handle_t handle,
#endif
return status;
+#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
}
psa_status_t psa_copy_key(psa_key_handle_t source_handle,
psa_key_handle_t target_handle,
const psa_key_policy_t *constraint)
{
+#if (TFM_CRYPTO_KEY_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_COPY_KEY_SID,
@@ -291,6 +330,7 @@ psa_status_t psa_copy_key(psa_key_handle_t source_handle,
#endif
return status;
+#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
}
void psa_key_policy_set_usage(psa_key_policy_t *policy,
@@ -314,6 +354,9 @@ psa_algorithm_t psa_key_policy_get_algorithm(const psa_key_policy_t *policy)
psa_status_t psa_set_key_policy(psa_key_handle_t handle,
const psa_key_policy_t *policy)
{
+#if (TFM_CRYPTO_KEY_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_SET_KEY_POLICY_SID,
@@ -336,11 +379,15 @@ psa_status_t psa_set_key_policy(psa_key_handle_t handle,
#endif
return status;
+#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
}
psa_status_t psa_get_key_policy(psa_key_handle_t handle,
psa_key_policy_t *policy)
{
+#if (TFM_CRYPTO_KEY_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_GET_KEY_POLICY_SID,
@@ -365,11 +412,15 @@ psa_status_t psa_get_key_policy(psa_key_handle_t handle,
#endif
return status;
+#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
}
psa_status_t psa_get_key_lifetime(psa_key_handle_t handle,
psa_key_lifetime_t *lifetime)
{
+#if (TFM_CRYPTO_KEY_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_GET_KEY_LIFETIME_SID,
@@ -394,6 +445,7 @@ psa_status_t psa_get_key_lifetime(psa_key_handle_t handle,
#endif
return status;
+#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
}
psa_status_t psa_cipher_generate_iv(psa_cipher_operation_t *operation,
@@ -401,6 +453,9 @@ psa_status_t psa_cipher_generate_iv(psa_cipher_operation_t *operation,
size_t iv_size,
size_t *iv_length)
{
+#if (TFM_CRYPTO_CIPHER_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_CIPHER_GENERATE_IV_SID,
@@ -429,12 +484,16 @@ psa_status_t psa_cipher_generate_iv(psa_cipher_operation_t *operation,
#endif
return status;
+#endif /* TFM_CRYPTO_CIPHER_MODULE_DISABLED */
}
psa_status_t psa_cipher_set_iv(psa_cipher_operation_t *operation,
const unsigned char *iv,
size_t iv_length)
{
+#if (TFM_CRYPTO_CIPHER_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_CIPHER_SET_IV_SID,
@@ -460,12 +519,16 @@ psa_status_t psa_cipher_set_iv(psa_cipher_operation_t *operation,
#endif
return status;
+#endif /* TFM_CRYPTO_CIPHER_MODULE_DISABLED */
}
psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation,
psa_key_handle_t handle,
psa_algorithm_t alg)
{
+#if (TFM_CRYPTO_CIPHER_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_CIPHER_ENCRYPT_SETUP_SID,
@@ -492,12 +555,16 @@ psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation,
#endif
return status;
+#endif /* TFM_CRYPTO_CIPHER_MODULE_DISABLED */
}
psa_status_t psa_cipher_decrypt_setup(psa_cipher_operation_t *operation,
psa_key_handle_t handle,
psa_algorithm_t alg)
{
+#if (TFM_CRYPTO_CIPHER_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_CIPHER_DECRYPT_SETUP_SID,
@@ -524,6 +591,7 @@ psa_status_t psa_cipher_decrypt_setup(psa_cipher_operation_t *operation,
#endif
return status;
+#endif /* TFM_CRYPTO_CIPHER_MODULE_DISABLED */
}
psa_status_t psa_cipher_update(psa_cipher_operation_t *operation,
@@ -533,6 +601,9 @@ psa_status_t psa_cipher_update(psa_cipher_operation_t *operation,
size_t output_size,
size_t *output_length)
{
+#if (TFM_CRYPTO_CIPHER_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_CIPHER_UPDATE_SID,
@@ -562,10 +633,14 @@ psa_status_t psa_cipher_update(psa_cipher_operation_t *operation,
#endif
return status;
+#endif /* TFM_CRYPTO_CIPHER_MODULE_DISABLED */
}
psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation)
{
+#if (TFM_CRYPTO_CIPHER_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_CIPHER_ABORT_SID,
@@ -590,6 +665,7 @@ psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation)
#endif
return status;
+#endif /* TFM_CRYPTO_CIPHER_MODULE_DISABLED */
}
psa_status_t psa_cipher_finish(psa_cipher_operation_t *operation,
@@ -597,6 +673,9 @@ psa_status_t psa_cipher_finish(psa_cipher_operation_t *operation,
size_t output_size,
size_t *output_length)
{
+#if (TFM_CRYPTO_CIPHER_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_CIPHER_FINISH_SID,
@@ -625,11 +704,15 @@ psa_status_t psa_cipher_finish(psa_cipher_operation_t *operation,
#endif
return status;
+#endif /* TFM_CRYPTO_CIPHER_MODULE_DISABLED */
}
psa_status_t psa_hash_setup(psa_hash_operation_t *operation,
psa_algorithm_t alg)
{
+#if (TFM_CRYPTO_HASH_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_HASH_SETUP_SID,
@@ -656,12 +739,16 @@ psa_status_t psa_hash_setup(psa_hash_operation_t *operation,
#endif
return status;
+#endif /* TFM_CRYPTO_HASH_MODULE_DISABLED */
}
psa_status_t psa_hash_update(psa_hash_operation_t *operation,
const uint8_t *input,
size_t input_length)
{
+#if (TFM_CRYPTO_HASH_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_HASH_UPDATE_SID,
@@ -688,6 +775,7 @@ psa_status_t psa_hash_update(psa_hash_operation_t *operation,
#endif
return status;
+#endif /* TFM_CRYPTO_HASH_MODULE_DISABLED */
}
psa_status_t psa_hash_finish(psa_hash_operation_t *operation,
@@ -695,6 +783,9 @@ psa_status_t psa_hash_finish(psa_hash_operation_t *operation,
size_t hash_size,
size_t *hash_length)
{
+#if (TFM_CRYPTO_HASH_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_HASH_FINISH_SID,
@@ -723,12 +814,16 @@ psa_status_t psa_hash_finish(psa_hash_operation_t *operation,
#endif
return status;
+#endif /* TFM_CRYPTO_HASH_MODULE_DISABLED */
}
psa_status_t psa_hash_verify(psa_hash_operation_t *operation,
const uint8_t *hash,
size_t hash_length)
{
+#if (TFM_CRYPTO_HASH_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_HASH_VERIFY_SID,
@@ -754,10 +849,14 @@ psa_status_t psa_hash_verify(psa_hash_operation_t *operation,
#endif
return status;
+#endif /* TFM_CRYPTO_HASH_MODULE_DISABLED */
}
psa_status_t psa_hash_abort(psa_hash_operation_t *operation)
{
+#if (TFM_CRYPTO_HASH_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_HASH_ABORT_SID,
@@ -782,11 +881,15 @@ psa_status_t psa_hash_abort(psa_hash_operation_t *operation)
#endif
return status;
+#endif /* TFM_CRYPTO_HASH_MODULE_DISABLED */
}
psa_status_t psa_hash_clone(const psa_hash_operation_t *source_operation,
psa_hash_operation_t *target_operation)
{
+#if (TFM_CRYPTO_HASH_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_HASH_CLONE_SID,
@@ -811,12 +914,16 @@ psa_status_t psa_hash_clone(const psa_hash_operation_t *source_operation,
#endif
return status;
+#endif /* TFM_CRYPTO_HASH_MODULE_DISABLED */
}
psa_status_t psa_mac_sign_setup(psa_mac_operation_t *operation,
psa_key_handle_t handle,
psa_algorithm_t alg)
{
+#if (TFM_CRYPTO_MAC_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_MAC_SIGN_SETUP_SID,
@@ -843,12 +950,16 @@ psa_status_t psa_mac_sign_setup(psa_mac_operation_t *operation,
#endif
return status;
+#endif /* TFM_CRYPTO_MAC_MODULE_DISABLED */
}
psa_status_t psa_mac_verify_setup(psa_mac_operation_t *operation,
psa_key_handle_t handle,
psa_algorithm_t alg)
{
+#if (TFM_CRYPTO_MAC_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_MAC_VERIFY_SETUP_SID,
@@ -875,12 +986,16 @@ psa_status_t psa_mac_verify_setup(psa_mac_operation_t *operation,
#endif
return status;
+#endif /* TFM_CRYPTO_MAC_MODULE_DISABLED */
}
psa_status_t psa_mac_update(psa_mac_operation_t *operation,
const uint8_t *input,
size_t input_length)
{
+#if (TFM_CRYPTO_MAC_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_MAC_UPDATE_SID,
@@ -906,6 +1021,7 @@ psa_status_t psa_mac_update(psa_mac_operation_t *operation,
#endif
return status;
+#endif /* TFM_CRYPTO_MAC_MODULE_DISABLED */
}
psa_status_t psa_mac_sign_finish(psa_mac_operation_t *operation,
@@ -913,6 +1029,9 @@ psa_status_t psa_mac_sign_finish(psa_mac_operation_t *operation,
size_t mac_size,
size_t *mac_length)
{
+#if (TFM_CRYPTO_MAC_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_MAC_SIGN_FINISH_SID,
@@ -941,12 +1060,16 @@ psa_status_t psa_mac_sign_finish(psa_mac_operation_t *operation,
#endif
return status;
+#endif /* TFM_CRYPTO_MAC_MODULE_DISABLED */
}
psa_status_t psa_mac_verify_finish(psa_mac_operation_t *operation,
const uint8_t *mac,
size_t mac_length)
{
+#if (TFM_CRYPTO_MAC_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_MAC_VERIFY_FINISH_SID,
@@ -973,10 +1096,14 @@ psa_status_t psa_mac_verify_finish(psa_mac_operation_t *operation,
#endif
return status;
+#endif /* TFM_CRYPTO_MAC_MODULE_DISABLED */
}
psa_status_t psa_mac_abort(psa_mac_operation_t *operation)
{
+#if (TFM_CRYPTO_MAC_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_MAC_ABORT_SID,
@@ -1001,6 +1128,7 @@ psa_status_t psa_mac_abort(psa_mac_operation_t *operation)
#endif
return status;
+#endif /* TFM_CRYPTO_MAC_MODULE_DISABLED */
}
psa_status_t psa_aead_encrypt(psa_key_handle_t handle,
@@ -1015,6 +1143,9 @@ psa_status_t psa_aead_encrypt(psa_key_handle_t handle,
size_t ciphertext_size,
size_t *ciphertext_length)
{
+#if (TFM_CRYPTO_AEAD_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_AEAD_ENCRYPT_SID,
@@ -1071,6 +1202,7 @@ psa_status_t psa_aead_encrypt(psa_key_handle_t handle,
#endif
return status;
+#endif /* TFM_CRYPTO_AEAD_MODULE_DISABLED */
}
psa_status_t psa_aead_decrypt(psa_key_handle_t handle,
@@ -1085,6 +1217,9 @@ psa_status_t psa_aead_decrypt(psa_key_handle_t handle,
size_t plaintext_size,
size_t *plaintext_length)
{
+#if (TFM_CRYPTO_AEAD_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_AEAD_DECRYPT_SID,
@@ -1141,6 +1276,7 @@ psa_status_t psa_aead_decrypt(psa_key_handle_t handle,
#endif
return status;
+#endif /* TFM_CRYPTO_AEAD_MODULE_DISABLED */
}
psa_status_t psa_asymmetric_sign(psa_key_handle_t handle,
@@ -1151,6 +1287,9 @@ psa_status_t psa_asymmetric_sign(psa_key_handle_t handle,
size_t signature_size,
size_t *signature_length)
{
+#if (TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_ASYMMETRIC_SIGN_SID,
@@ -1180,6 +1319,7 @@ psa_status_t psa_asymmetric_sign(psa_key_handle_t handle,
#endif
return status;
+#endif /* TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED */
}
psa_status_t psa_asymmetric_verify(psa_key_handle_t handle,
@@ -1189,6 +1329,9 @@ psa_status_t psa_asymmetric_verify(psa_key_handle_t handle,
const uint8_t *signature,
size_t signature_length)
{
+#if (TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_ASYMMETRIC_VERIFY_SID,
@@ -1213,6 +1356,7 @@ psa_status_t psa_asymmetric_verify(psa_key_handle_t handle,
#endif
return status;
+#endif /* TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED */
}
psa_status_t psa_asymmetric_encrypt(psa_key_handle_t handle,
@@ -1225,6 +1369,9 @@ psa_status_t psa_asymmetric_encrypt(psa_key_handle_t handle,
size_t output_size,
size_t *output_length)
{
+#if (TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_ASYMMETRIC_ENCRYPT_SID,
@@ -1270,6 +1417,7 @@ psa_status_t psa_asymmetric_encrypt(psa_key_handle_t handle,
#endif
return status;
+#endif /* TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED */
}
psa_status_t psa_asymmetric_decrypt(psa_key_handle_t handle,
@@ -1282,6 +1430,9 @@ psa_status_t psa_asymmetric_decrypt(psa_key_handle_t handle,
size_t output_size,
size_t *output_length)
{
+#if (TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_ASYMMETRIC_DECRYPT_SID,
@@ -1327,11 +1478,15 @@ psa_status_t psa_asymmetric_decrypt(psa_key_handle_t handle,
#endif
return status;
+#endif /* TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED */
}
psa_status_t psa_get_generator_capacity(const psa_crypto_generator_t *generator,
size_t *capacity)
{
+#if (TFM_CRYPTO_GENERATOR_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_GET_GENERATOR_CAPACITY_SID,
@@ -1357,12 +1512,16 @@ psa_status_t psa_get_generator_capacity(const psa_crypto_generator_t *generator,
#endif
return status;
+#endif /* TFM_CRYPTO_GENERATOR_MODULE_DISABLED */
}
psa_status_t psa_generator_read(psa_crypto_generator_t *generator,
uint8_t *output,
size_t output_length)
{
+#if (TFM_CRYPTO_GENERATOR_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_GENERATOR_READ_SID,
@@ -1388,6 +1547,7 @@ psa_status_t psa_generator_read(psa_crypto_generator_t *generator,
#endif
return status;
+#endif /* TFM_CRYPTO_GENERATOR_MODULE_DISABLED */
}
psa_status_t psa_generator_import_key(psa_key_handle_t handle,
@@ -1395,6 +1555,9 @@ psa_status_t psa_generator_import_key(psa_key_handle_t handle,
size_t bits,
psa_crypto_generator_t *generator)
{
+#if (TFM_CRYPTO_GENERATOR_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_GENERATOR_IMPORT_KEY_SID,
@@ -1419,10 +1582,14 @@ psa_status_t psa_generator_import_key(psa_key_handle_t handle,
#endif
return status;
+#endif /* TFM_CRYPTO_GENERATOR_MODULE_DISABLED */
}
psa_status_t psa_generator_abort(psa_crypto_generator_t *generator)
{
+#if (TFM_CRYPTO_GENERATOR_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_GENERATOR_ABORT_SID,
@@ -1448,6 +1615,7 @@ psa_status_t psa_generator_abort(psa_crypto_generator_t *generator)
#endif
return status;
+#endif /* TFM_CRYPTO_GENERATOR_MODULE_DISABLED */
}
psa_status_t psa_key_derivation(psa_crypto_generator_t *generator,
@@ -1459,6 +1627,9 @@ psa_status_t psa_key_derivation(psa_crypto_generator_t *generator,
size_t label_length,
size_t capacity)
{
+#if (TFM_CRYPTO_GENERATOR_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_KEY_DERIVATION_SID,
@@ -1511,6 +1682,7 @@ psa_status_t psa_key_derivation(psa_crypto_generator_t *generator,
#endif
return status;
+#endif /* TFM_CRYPTO_GENERATOR_MODULE_DISABLED */
}
psa_status_t psa_key_agreement(psa_crypto_generator_t *generator,
@@ -1519,6 +1691,9 @@ psa_status_t psa_key_agreement(psa_crypto_generator_t *generator,
size_t peer_key_length,
psa_algorithm_t alg)
{
+#if (TFM_CRYPTO_GENERATOR_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_KEY_AGREEMENT_SID,
@@ -1548,11 +1723,15 @@ psa_status_t psa_key_agreement(psa_crypto_generator_t *generator,
#endif
return status;
+#endif /* TFM_CRYPTO_GENERATOR_MODULE_DISABLED */
}
psa_status_t psa_generate_random(uint8_t *output,
size_t output_size)
{
+#if (TFM_CRYPTO_GENERATOR_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_GENERATE_RANDOM_SID,
@@ -1582,6 +1761,7 @@ psa_status_t psa_generate_random(uint8_t *output,
#endif
return status;
+#endif /* TFM_CRYPTO_GENERATOR_MODULE_DISABLED */
}
psa_status_t psa_generate_key(psa_key_handle_t handle,
@@ -1590,6 +1770,9 @@ psa_status_t psa_generate_key(psa_key_handle_t handle,
const void *extra,
size_t extra_size)
{
+#if (TFM_CRYPTO_GENERATOR_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_GENERATE_KEY_SID,
@@ -1629,4 +1812,5 @@ psa_status_t psa_generate_key(psa_key_handle_t handle,
#endif
return status;
+#endif /* TFM_CRYPTO_GENERATOR_MODULE_DISABLED */
}
diff --git a/secure_fw/services/crypto/CMakeLists.inc b/secure_fw/services/crypto/CMakeLists.inc
index fafbd30ff0..5f68827e84 100644
--- a/secure_fw/services/crypto/CMakeLists.inc
+++ b/secure_fw/services/crypto/CMakeLists.inc
@@ -76,6 +76,48 @@ if (ENABLE_CRYPTO)
else()
message("- CRYPTO_CONC_OPER_NUM: " ${CRYPTO_CONC_OPER_NUM})
endif()
+ if (NOT DEFINED CRYPTO_KEY_MODULE_DISABLED)
+ message("- KEY module enabled")
+ set(CRYPTO_KEY_MODULE_DISABLED 0)
+ else()
+ message("- CRYPTO_KEY_MODULE_DISABLED: " ${CRYPTO_KEY_MODULE_DISABLED})
+ endif()
+ if (NOT DEFINED CRYPTO_AEAD_MODULE_DISABLED)
+ message("- AEAD module enabled")
+ set(CRYPTO_AEAD_MODULE_DISABLED 0)
+ else()
+ message("- CRYPTO_AEAD_MODULE_DISABLED: " ${CRYPTO_AEAD_MODULE_DISABLED})
+ endif()
+ if (NOT DEFINED CRYPTO_MAC_MODULE_DISABLED)
+ message("- MAC module enabled")
+ set(CRYPTO_MAC_MODULE_DISABLED 0)
+ else()
+ message("- CRYPTO_MAC_MODULE_DISABLED: " ${CRYPTO_MAC_MODULE_DISABLED})
+ endif()
+ if (NOT DEFINED CRYPTO_HASH_MODULE_DISABLED)
+ message("- HASH module enabled")
+ set(CRYPTO_HASH_MODULE_DISABLED 0)
+ else()
+ message("- CRYPTO_HASH_MODULE_DISABLED: " ${CRYPTO_HASH_MODULE_DISABLED})
+ endif()
+ if (NOT DEFINED CRYPTO_CIPHER_MODULE_DISABLED)
+ message("- CIPHER module enabled")
+ set(CRYPTO_CIPHER_MODULE_DISABLED 0)
+ else()
+ message("- CRYPTO_CIPHER_MODULE_DISABLED: " ${CRYPTO_CIPHER_MODULE_DISABLED})
+ endif()
+ if (NOT DEFINED CRYPTO_GENERATOR_MODULE_DISABLED)
+ message("- GENERATOR module enabled")
+ set(CRYPTO_GENERATOR_MODULE_DISABLED 0)
+ else()
+ message("- CRYPTO_GENERATOR_MODULE_DISABLED: " ${CRYPTO_GENERATOR_MODULE_DISABLED})
+ endif()
+ if (NOT DEFINED CRYPTO_ASYMMETRIC_MODULE_DISABLED)
+ message("- ASYMMETRIC module enabled")
+ set(CRYPTO_ASYMMETRIC_MODULE_DISABLED 0)
+ else()
+ message("- CRYPTO_ASYMMETRIC_MODULE_DISABLED: " ${CRYPTO_ASYMMETRIC_MODULE_DISABLED})
+ endif()
if (TFM_PSA_API)
if (NOT DEFINED CRYPTO_IOVEC_BUFFER_SIZE)
message("- CRYPTO_IOVEC_BUFFER_SIZE using default value")
diff --git a/secure_fw/services/crypto/CMakeLists.txt b/secure_fw/services/crypto/CMakeLists.txt
index 0a68f4dcf1..fd1f2c567c 100644
--- a/secure_fw/services/crypto/CMakeLists.txt
+++ b/secure_fw/services/crypto/CMakeLists.txt
@@ -45,6 +45,13 @@ if (CRYPTO_ENGINE_MBEDTLS)
endif()
#Add module configuration parameters in case they are provided during CMake configuration step
+list(APPEND TFM_CRYPTO_C_DEFINES_LIST TFM_CRYPTO_KEY_MODULE_DISABLED=${CRYPTO_KEY_MODULE_DISABLED}
+ TFM_CRYPTO_AEAD_MODULE_DISABLED=${CRYPTO_AEAD_MODULE_DISABLED}
+ TFM_CRYPTO_MAC_MODULE_DISABLED=${CRYPTO_MAC_MODULE_DISABLED}
+ TFM_CRYPTO_CIPHER_MODULE_DISABLED=${CRYPTO_CIPHER_MODULE_DISABLED}
+ TFM_CRYPTO_HASH_MODULE_DISABLED=${CRYPTO_HASH_MODULE_DISABLED}
+ TFM_CRYPTO_GENERATOR_MODULE_DISABLED=${CRYPTO_GENERATOR_MODULE_DISABLED}
+ TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED=${CRYPTO_ASYMMETRIC_MODULE_DISABLED})
if (DEFINED CRYPTO_ENGINE_BUF_SIZE)
list(APPEND TFM_CRYPTO_C_DEFINES_LIST TFM_CRYPTO_ENGINE_BUF_SIZE=${CRYPTO_ENGINE_BUF_SIZE})
endif()
diff --git a/secure_fw/services/crypto/crypto_aead.c b/secure_fw/services/crypto/crypto_aead.c
index 383b0eb61d..80fc205abe 100644
--- a/secure_fw/services/crypto/crypto_aead.c
+++ b/secure_fw/services/crypto/crypto_aead.c
@@ -29,6 +29,9 @@ psa_status_t tfm_crypto_aead_encrypt(psa_invec in_vec[],
psa_outvec out_vec[],
size_t out_len)
{
+#if (TFM_CRYPTO_AEAD_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status = PSA_SUCCESS;
if ( !((in_len == 2) || (in_len == 3)) || (out_len != 1)) {
@@ -70,6 +73,7 @@ psa_status_t tfm_crypto_aead_encrypt(psa_invec in_vec[],
}
return status;
+#endif /* TFM_CRYPTO_AEAD_MODULE_DISABLED */
}
psa_status_t tfm_crypto_aead_decrypt(psa_invec in_vec[],
@@ -77,6 +81,9 @@ psa_status_t tfm_crypto_aead_decrypt(psa_invec in_vec[],
psa_outvec out_vec[],
size_t out_len)
{
+#if (TFM_CRYPTO_AEAD_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status = PSA_SUCCESS;
if ( !((in_len == 2) || (in_len == 3)) || (out_len > 1)) {
@@ -118,5 +125,6 @@ psa_status_t tfm_crypto_aead_decrypt(psa_invec in_vec[],
}
return status;
+#endif /* TFM_CRYPTO_AEAD_MODULE_DISABLED */
}
/*!@}*/
diff --git a/secure_fw/services/crypto/crypto_asymmetric.c b/secure_fw/services/crypto/crypto_asymmetric.c
index a2d48c9c5a..78932eae3b 100644
--- a/secure_fw/services/crypto/crypto_asymmetric.c
+++ b/secure_fw/services/crypto/crypto_asymmetric.c
@@ -29,6 +29,9 @@ psa_status_t tfm_crypto_asymmetric_sign(psa_invec in_vec[],
psa_outvec out_vec[],
size_t out_len)
{
+#if (TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
if ((in_len != 2) || (out_len != 1)) {
return PSA_ERROR_CONNECTION_REFUSED;
}
@@ -52,6 +55,7 @@ psa_status_t tfm_crypto_asymmetric_sign(psa_invec in_vec[],
return psa_asymmetric_sign(handle, alg, hash, hash_length,
signature, signature_size, &(out_vec[0].len));
+#endif /* TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED */
}
psa_status_t tfm_crypto_asymmetric_verify(psa_invec in_vec[],
@@ -59,6 +63,9 @@ psa_status_t tfm_crypto_asymmetric_verify(psa_invec in_vec[],
psa_outvec out_vec[],
size_t out_len)
{
+#if (TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
if ((in_len != 3) || (out_len != 0)) {
return PSA_ERROR_CONNECTION_REFUSED;
}
@@ -82,6 +89,7 @@ psa_status_t tfm_crypto_asymmetric_verify(psa_invec in_vec[],
return psa_asymmetric_verify(handle, alg, hash, hash_length,
signature, signature_length);
+#endif /* TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED */
}
psa_status_t tfm_crypto_asymmetric_encrypt(psa_invec in_vec[],
@@ -89,6 +97,9 @@ psa_status_t tfm_crypto_asymmetric_encrypt(psa_invec in_vec[],
psa_outvec out_vec[],
size_t out_len)
{
+#if (TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
if (!((in_len == 2) || (in_len == 3)) || (out_len != 1)) {
@@ -134,6 +145,7 @@ psa_status_t tfm_crypto_asymmetric_encrypt(psa_invec in_vec[],
return psa_asymmetric_encrypt(handle, alg, input, input_length,
salt, salt_length,
output, output_size, &(out_vec[0].len));
+#endif /* TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED */
}
psa_status_t tfm_crypto_asymmetric_decrypt(psa_invec in_vec[],
@@ -141,6 +153,9 @@ psa_status_t tfm_crypto_asymmetric_decrypt(psa_invec in_vec[],
psa_outvec out_vec[],
size_t out_len)
{
+#if (TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
if (!((in_len == 2) || (in_len == 3)) || (out_len != 1)) {
return PSA_ERROR_CONNECTION_REFUSED;
}
@@ -173,5 +188,6 @@ psa_status_t tfm_crypto_asymmetric_decrypt(psa_invec in_vec[],
return psa_asymmetric_decrypt(handle, alg, input, input_length,
salt, salt_length,
output, output_size, &(out_vec[0].len));
+#endif /* TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED */
}
/*!@}*/
diff --git a/secure_fw/services/crypto/crypto_cipher.c b/secure_fw/services/crypto/crypto_cipher.c
index 466cbfef42..eb0c3a52d8 100644
--- a/secure_fw/services/crypto/crypto_cipher.c
+++ b/secure_fw/services/crypto/crypto_cipher.c
@@ -29,6 +29,9 @@ psa_status_t tfm_crypto_cipher_generate_iv(psa_invec in_vec[],
psa_outvec out_vec[],
size_t out_len)
{
+#if (TFM_CRYPTO_CIPHER_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status = PSA_SUCCESS;
psa_cipher_operation_t *operation = NULL;
@@ -68,6 +71,7 @@ psa_status_t tfm_crypto_cipher_generate_iv(psa_invec in_vec[],
}
return status;
+#endif /* TFM_CRYPTO_CIPHER_MODULE_DISABLED */
}
psa_status_t tfm_crypto_cipher_set_iv(psa_invec in_vec[],
@@ -75,6 +79,9 @@ psa_status_t tfm_crypto_cipher_set_iv(psa_invec in_vec[],
psa_outvec out_vec[],
size_t out_len)
{
+#if (TFM_CRYPTO_CIPHER_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status = PSA_SUCCESS;
psa_cipher_operation_t *operation = NULL;
@@ -111,6 +118,7 @@ psa_status_t tfm_crypto_cipher_set_iv(psa_invec in_vec[],
}
return status;
+#endif /* TFM_CRYPTO_CIPHER_MODULE_DISABLED */
}
psa_status_t tfm_crypto_cipher_encrypt_setup(psa_invec in_vec[],
@@ -118,6 +126,9 @@ psa_status_t tfm_crypto_cipher_encrypt_setup(psa_invec in_vec[],
psa_outvec out_vec[],
size_t out_len)
{
+#if (TFM_CRYPTO_CIPHER_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status = PSA_SUCCESS;
psa_cipher_operation_t *operation = NULL;
@@ -158,6 +169,7 @@ psa_status_t tfm_crypto_cipher_encrypt_setup(psa_invec in_vec[],
}
return status;
+#endif /* TFM_CRYPTO_CIPHER_MODULE_DISABLED */
}
psa_status_t tfm_crypto_cipher_decrypt_setup(psa_invec in_vec[],
@@ -165,6 +177,9 @@ psa_status_t tfm_crypto_cipher_decrypt_setup(psa_invec in_vec[],
psa_outvec out_vec[],
size_t out_len)
{
+#if (TFM_CRYPTO_CIPHER_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status = PSA_SUCCESS;
psa_cipher_operation_t *operation = NULL;
@@ -205,6 +220,7 @@ psa_status_t tfm_crypto_cipher_decrypt_setup(psa_invec in_vec[],
}
return status;
+#endif /* TFM_CRYPTO_CIPHER_MODULE_DISABLED */
}
psa_status_t tfm_crypto_cipher_update(psa_invec in_vec[],
@@ -212,6 +228,9 @@ psa_status_t tfm_crypto_cipher_update(psa_invec in_vec[],
psa_outvec out_vec[],
size_t out_len)
{
+#if (TFM_CRYPTO_CIPHER_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status = PSA_SUCCESS;
psa_cipher_operation_t *operation = NULL;
@@ -254,6 +273,7 @@ psa_status_t tfm_crypto_cipher_update(psa_invec in_vec[],
}
return status;
+#endif /* TFM_CRYPTO_CIPHER_MODULE_DISABLED */
}
psa_status_t tfm_crypto_cipher_finish(psa_invec in_vec[],
@@ -261,6 +281,9 @@ psa_status_t tfm_crypto_cipher_finish(psa_invec in_vec[],
psa_outvec out_vec[],
size_t out_len)
{
+#if (TFM_CRYPTO_CIPHER_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status = PSA_SUCCESS;
psa_cipher_operation_t *operation = NULL;
@@ -302,6 +325,7 @@ psa_status_t tfm_crypto_cipher_finish(psa_invec in_vec[],
status = tfm_crypto_operation_release(handle_out);
return status;
+#endif /* TFM_CRYPTO_CIPHER_MODULE_DISABLED */
}
psa_status_t tfm_crypto_cipher_abort(psa_invec in_vec[],
@@ -309,6 +333,9 @@ psa_status_t tfm_crypto_cipher_abort(psa_invec in_vec[],
psa_outvec out_vec[],
size_t out_len)
{
+#if (TFM_CRYPTO_CIPHER_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status = PSA_SUCCESS;
psa_cipher_operation_t *operation = NULL;
@@ -347,5 +374,6 @@ psa_status_t tfm_crypto_cipher_abort(psa_invec in_vec[],
status = tfm_crypto_operation_release(handle_out);
return status;
+#endif /* TFM_CRYPTO_CIPHER_MODULE_DISABLED */
}
/*!@}*/
diff --git a/secure_fw/services/crypto/crypto_generator.c b/secure_fw/services/crypto/crypto_generator.c
index b2102e1803..4291bde146 100644
--- a/secure_fw/services/crypto/crypto_generator.c
+++ b/secure_fw/services/crypto/crypto_generator.c
@@ -29,6 +29,9 @@ psa_status_t tfm_crypto_get_generator_capacity(psa_invec in_vec[],
psa_outvec out_vec[],
size_t out_len)
{
+#if (TFM_CRYPTO_GENERATOR_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
if ((in_len != 1) || (out_len != 1)) {
return PSA_ERROR_CONNECTION_REFUSED;
@@ -54,6 +57,7 @@ psa_status_t tfm_crypto_get_generator_capacity(psa_invec in_vec[],
}
return psa_get_generator_capacity(generator, capacity);
+#endif /* TFM_CRYPTO_GENERATOR_MODULE_DISABLED */
}
psa_status_t tfm_crypto_generator_read(psa_invec in_vec[],
@@ -61,6 +65,9 @@ psa_status_t tfm_crypto_generator_read(psa_invec in_vec[],
psa_outvec out_vec[],
size_t out_len)
{
+#if (TFM_CRYPTO_GENERATOR_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
if ((in_len != 1) || (out_len != 1)) {
return PSA_ERROR_CONNECTION_REFUSED;
@@ -85,6 +92,7 @@ psa_status_t tfm_crypto_generator_read(psa_invec in_vec[],
}
return psa_generator_read(generator, output, output_length);
+#endif /* TFM_CRYPTO_GENERATOR_MODULE_DISABLED */
}
psa_status_t tfm_crypto_generator_import_key(psa_invec in_vec[],
@@ -92,6 +100,9 @@ psa_status_t tfm_crypto_generator_import_key(psa_invec in_vec[],
psa_outvec out_vec[],
size_t out_len)
{
+#if (TFM_CRYPTO_GENERATOR_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
if ((in_len != 2) || (out_len != 0)) {
return PSA_ERROR_CONNECTION_REFUSED;
@@ -123,6 +134,7 @@ psa_status_t tfm_crypto_generator_import_key(psa_invec in_vec[],
}
return psa_generator_import_key(key_handle, type, bits, generator);
+#endif /* TFM_CRYPTO_GENERATOR_MODULE_DISABLED */
}
psa_status_t tfm_crypto_generator_abort(psa_invec in_vec[],
@@ -130,6 +142,9 @@ psa_status_t tfm_crypto_generator_abort(psa_invec in_vec[],
psa_outvec out_vec[],
size_t out_len)
{
+#if (TFM_CRYPTO_GENERATOR_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
if ((in_len != 1) || (out_len != 1)) {
return PSA_ERROR_CONNECTION_REFUSED;
@@ -169,6 +184,7 @@ psa_status_t tfm_crypto_generator_abort(psa_invec in_vec[],
status = tfm_crypto_operation_release(handle_out);
return status;
+#endif /* TFM_CRYPTO_GENERATOR_MODULE_DISABLED */
}
psa_status_t tfm_crypto_key_derivation(psa_invec in_vec[],
@@ -176,6 +192,9 @@ psa_status_t tfm_crypto_key_derivation(psa_invec in_vec[],
psa_outvec out_vec[],
size_t out_len)
{
+#if (TFM_CRYPTO_GENERATOR_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
if (!((in_len == 1) || (in_len == 2) || (in_len == 3)) || (out_len != 1)) {
return PSA_ERROR_CONNECTION_REFUSED;
@@ -231,6 +250,7 @@ psa_status_t tfm_crypto_key_derivation(psa_invec in_vec[],
}
return status;
+#endif /* TFM_CRYPTO_GENERATOR_MODULE_DISABLED */
}
psa_status_t tfm_crypto_key_agreement(psa_invec in_vec[],
@@ -238,6 +258,9 @@ psa_status_t tfm_crypto_key_agreement(psa_invec in_vec[],
psa_outvec out_vec[],
size_t out_len)
{
+#if (TFM_CRYPTO_GENERATOR_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
if ((in_len != 2) || (out_len != 1)) {
return PSA_ERROR_CONNECTION_REFUSED;
@@ -280,6 +303,7 @@ psa_status_t tfm_crypto_key_agreement(psa_invec in_vec[],
}
return status;
+#endif /* TFM_CRYPTO_GENERATOR_MODULE_DISABLED */
}
psa_status_t tfm_crypto_generate_random(psa_invec in_vec[],
@@ -287,6 +311,9 @@ psa_status_t tfm_crypto_generate_random(psa_invec in_vec[],
psa_outvec out_vec[],
size_t out_len)
{
+#if (TFM_CRYPTO_GENERATOR_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
if ((in_len != 1) || (out_len != 1)) {
return PSA_ERROR_CONNECTION_REFUSED;
}
@@ -298,6 +325,7 @@ psa_status_t tfm_crypto_generate_random(psa_invec in_vec[],
size_t output_size = out_vec[0].len;
return psa_generate_random(output, output_size);
+#endif /* TFM_CRYPTO_GENERATOR_MODULE_DISABLED */
}
psa_status_t tfm_crypto_generate_key(psa_invec in_vec[],
@@ -305,6 +333,9 @@ psa_status_t tfm_crypto_generate_key(psa_invec in_vec[],
psa_outvec out_vec[],
size_t out_len)
{
+#if (TFM_CRYPTO_GENERATOR_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
if (!((in_len == 2) || (in_len == 3)) || (out_len != 0)) {
return PSA_ERROR_CONNECTION_REFUSED;
}
@@ -332,5 +363,6 @@ psa_status_t tfm_crypto_generate_key(psa_invec in_vec[],
}
return psa_generate_key(key_handle, type, bits, extra, extra_size);
+#endif /* TFM_CRYPTO_GENERATOR_MODULE_DISABLED */
}
/*!@}*/
diff --git a/secure_fw/services/crypto/crypto_hash.c b/secure_fw/services/crypto/crypto_hash.c
index 25577ee2c2..42e8a2b0b6 100644
--- a/secure_fw/services/crypto/crypto_hash.c
+++ b/secure_fw/services/crypto/crypto_hash.c
@@ -29,6 +29,9 @@ psa_status_t tfm_crypto_hash_setup(psa_invec in_vec[],
psa_outvec out_vec[],
size_t out_len)
{
+#if (TFM_CRYPTO_HASH_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status = PSA_SUCCESS;
psa_hash_operation_t *operation = NULL;
@@ -66,6 +69,7 @@ psa_status_t tfm_crypto_hash_setup(psa_invec in_vec[],
}
return PSA_SUCCESS;
+#endif /* TFM_CRYPTO_HASH_MODULE_DISABLED */
}
psa_status_t tfm_crypto_hash_update(psa_invec in_vec[],
@@ -73,6 +77,9 @@ psa_status_t tfm_crypto_hash_update(psa_invec in_vec[],
psa_outvec out_vec[],
size_t out_len)
{
+#if (TFM_CRYPTO_HASH_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status = PSA_SUCCESS;
psa_hash_operation_t *operation = NULL;
@@ -109,6 +116,7 @@ psa_status_t tfm_crypto_hash_update(psa_invec in_vec[],
}
return PSA_SUCCESS;
+#endif /* TFM_CRYPTO_HASH_MODULE_DISABLED */
}
psa_status_t tfm_crypto_hash_finish(psa_invec in_vec[],
@@ -116,6 +124,9 @@ psa_status_t tfm_crypto_hash_finish(psa_invec in_vec[],
psa_outvec out_vec[],
size_t out_len)
{
+#if (TFM_CRYPTO_HASH_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status = PSA_SUCCESS;
psa_hash_operation_t *operation = NULL;
@@ -157,6 +168,7 @@ psa_status_t tfm_crypto_hash_finish(psa_invec in_vec[],
status = tfm_crypto_operation_release(handle_out);
return status;
+#endif /* TFM_CRYPTO_HASH_MODULE_DISABLED */
}
psa_status_t tfm_crypto_hash_verify(psa_invec in_vec[],
@@ -164,6 +176,9 @@ psa_status_t tfm_crypto_hash_verify(psa_invec in_vec[],
psa_outvec out_vec[],
size_t out_len)
{
+#if (TFM_CRYPTO_HASH_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status = PSA_SUCCESS;
psa_hash_operation_t *operation = NULL;
@@ -202,6 +217,7 @@ psa_status_t tfm_crypto_hash_verify(psa_invec in_vec[],
status = tfm_crypto_operation_release(handle_out);
return status;
+#endif /* TFM_CRYPTO_HASH_MODULE_DISABLED */
}
psa_status_t tfm_crypto_hash_abort(psa_invec in_vec[],
@@ -209,6 +225,9 @@ psa_status_t tfm_crypto_hash_abort(psa_invec in_vec[],
psa_outvec out_vec[],
size_t out_len)
{
+#if (TFM_CRYPTO_HASH_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status = PSA_SUCCESS;
psa_hash_operation_t *operation = NULL;
@@ -246,6 +265,7 @@ psa_status_t tfm_crypto_hash_abort(psa_invec in_vec[],
status = tfm_crypto_operation_release(handle_out);
return status;
+#endif /* TFM_CRYPTO_HASH_MODULE_DISABLED */
}
psa_status_t tfm_crypto_hash_clone(psa_invec in_vec[],
@@ -253,6 +273,9 @@ psa_status_t tfm_crypto_hash_clone(psa_invec in_vec[],
psa_outvec out_vec[],
size_t out_len)
{
+#if (TFM_CRYPTO_HASH_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status = PSA_SUCCESS;
psa_hash_operation_t *source_operation = NULL;
psa_hash_operation_t *target_operation = NULL;
@@ -293,5 +316,6 @@ psa_status_t tfm_crypto_hash_clone(psa_invec in_vec[],
}
return status;
+#endif /* TFM_CRYPTO_HASH_MODULE_DISABLED */
}
/*!@}*/
diff --git a/secure_fw/services/crypto/crypto_key.c b/secure_fw/services/crypto/crypto_key.c
index 66718e1934..19f11c477d 100644
--- a/secure_fw/services/crypto/crypto_key.c
+++ b/secure_fw/services/crypto/crypto_key.c
@@ -28,8 +28,10 @@ struct tfm_crypto_handle_owner_s {
uint8_t in_use; /*!< Flag to indicate if this in use */
};
+#if (TFM_CRYPTO_KEY_MODULE_DISABLED == 0)
static struct tfm_crypto_handle_owner_s
handle_owner[TFM_CRYPTO_MAX_KEY_HANDLES] = {0};
+#endif
/*!
* \defgroup public Public functions
*
@@ -39,6 +41,9 @@ static struct tfm_crypto_handle_owner_s
psa_status_t tfm_crypto_check_handle_owner(psa_key_handle_t handle,
uint32_t *index)
{
+#if (TFM_CRYPTO_KEY_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
int32_t partition_id = 0;
uint32_t i = 0;
psa_status_t status;
@@ -62,6 +67,7 @@ psa_status_t tfm_crypto_check_handle_owner(psa_key_handle_t handle,
}
return PSA_ERROR_INVALID_HANDLE;
+#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
}
psa_status_t tfm_crypto_allocate_key(psa_invec in_vec[],
@@ -69,6 +75,9 @@ psa_status_t tfm_crypto_allocate_key(psa_invec in_vec[],
psa_outvec out_vec[],
size_t out_len)
{
+#if (TFM_CRYPTO_KEY_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
if ((in_len != 1) || (out_len != 1)) {
return PSA_ERROR_CONNECTION_REFUSED;
}
@@ -109,6 +118,7 @@ psa_status_t tfm_crypto_allocate_key(psa_invec in_vec[],
}
return status;
+#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
}
psa_status_t tfm_crypto_import_key(psa_invec in_vec[],
@@ -116,6 +126,9 @@ psa_status_t tfm_crypto_import_key(psa_invec in_vec[],
psa_outvec out_vec[],
size_t out_len)
{
+#if (TFM_CRYPTO_KEY_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
(void)out_vec;
if ((in_len != 2) || (out_len != 0)) {
@@ -138,6 +151,7 @@ psa_status_t tfm_crypto_import_key(psa_invec in_vec[],
}
return psa_import_key(key, type, data, data_length);
+#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
}
psa_status_t tfm_crypto_destroy_key(psa_invec in_vec[],
@@ -145,6 +159,9 @@ psa_status_t tfm_crypto_destroy_key(psa_invec in_vec[],
psa_outvec out_vec[],
size_t out_len)
{
+#if (TFM_CRYPTO_KEY_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
(void)out_vec;
if ((in_len != 1) || (out_len != 0)) {
@@ -173,6 +190,7 @@ psa_status_t tfm_crypto_destroy_key(psa_invec in_vec[],
}
return status;
+#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
}
psa_status_t tfm_crypto_get_key_information(psa_invec in_vec[],
@@ -180,6 +198,9 @@ psa_status_t tfm_crypto_get_key_information(psa_invec in_vec[],
psa_outvec out_vec[],
size_t out_len)
{
+#if (TFM_CRYPTO_KEY_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
if ((in_len != 1) || (out_len != 2)) {
return PSA_ERROR_CONNECTION_REFUSED;
}
@@ -196,6 +217,7 @@ psa_status_t tfm_crypto_get_key_information(psa_invec in_vec[],
size_t *bits = out_vec[1].base;
return psa_get_key_information(key, type, bits);
+#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
}
psa_status_t tfm_crypto_export_key(psa_invec in_vec[],
@@ -203,6 +225,9 @@ psa_status_t tfm_crypto_export_key(psa_invec in_vec[],
psa_outvec out_vec[],
size_t out_len)
{
+#if (TFM_CRYPTO_KEY_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
if ((in_len != 1) || (out_len != 1)) {
return PSA_ERROR_CONNECTION_REFUSED;
}
@@ -217,6 +242,7 @@ psa_status_t tfm_crypto_export_key(psa_invec in_vec[],
size_t data_size = out_vec[0].len;
return psa_export_key(key, data, data_size, &(out_vec[0].len));
+#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
}
psa_status_t tfm_crypto_export_public_key(psa_invec in_vec[],
@@ -224,6 +250,9 @@ psa_status_t tfm_crypto_export_public_key(psa_invec in_vec[],
psa_outvec out_vec[],
size_t out_len)
{
+#if (TFM_CRYPTO_KEY_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
if ((in_len != 1) || (out_len != 1)) {
return PSA_ERROR_CONNECTION_REFUSED;
}
@@ -238,6 +267,7 @@ psa_status_t tfm_crypto_export_public_key(psa_invec in_vec[],
size_t data_size = out_vec[0].len;
return psa_export_public_key(key, data, data_size, &(out_vec[0].len));
+#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
}
psa_status_t tfm_crypto_copy_key(psa_invec in_vec[],
@@ -245,6 +275,9 @@ psa_status_t tfm_crypto_copy_key(psa_invec in_vec[],
psa_outvec out_vec[],
size_t out_len)
{
+#if (TFM_CRYPTO_KEY_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
(void)out_vec;
if ((in_len != 3) || (out_len != 0)) {
@@ -263,6 +296,7 @@ psa_status_t tfm_crypto_copy_key(psa_invec in_vec[],
const psa_key_policy_t *policy = in_vec[2].base;
return psa_copy_key(source_handle, target_handle, policy);
+#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
}
psa_status_t tfm_crypto_set_key_policy(psa_invec in_vec[],
@@ -270,6 +304,9 @@ psa_status_t tfm_crypto_set_key_policy(psa_invec in_vec[],
psa_outvec out_vec[],
size_t out_len)
{
+#if (TFM_CRYPTO_KEY_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
(void)out_vec;
if ((in_len != 2) || (out_len != 0)) {
@@ -291,6 +328,7 @@ psa_status_t tfm_crypto_set_key_policy(psa_invec in_vec[],
} else {
return status;
}
+#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
}
psa_status_t tfm_crypto_get_key_policy(psa_invec in_vec[],
@@ -298,6 +336,9 @@ psa_status_t tfm_crypto_get_key_policy(psa_invec in_vec[],
psa_outvec out_vec[],
size_t out_len)
{
+#if (TFM_CRYPTO_KEY_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
if ((in_len != 1) || (out_len != 1)) {
return PSA_ERROR_CONNECTION_REFUSED;
}
@@ -312,6 +353,7 @@ psa_status_t tfm_crypto_get_key_policy(psa_invec in_vec[],
psa_key_policy_t *policy = out_vec[0].base;
return psa_get_key_policy(key, policy);
+#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
}
psa_status_t tfm_crypto_get_key_lifetime(psa_invec in_vec[],
@@ -319,6 +361,9 @@ psa_status_t tfm_crypto_get_key_lifetime(psa_invec in_vec[],
psa_outvec out_vec[],
size_t out_len)
{
+#if (TFM_CRYPTO_KEY_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
if ((in_len != 1) || (out_len != 1)) {
return PSA_ERROR_CONNECTION_REFUSED;
}
@@ -333,5 +378,6 @@ psa_status_t tfm_crypto_get_key_lifetime(psa_invec in_vec[],
psa_key_lifetime_t *lifetime = out_vec[0].base;
return psa_get_key_lifetime(key, lifetime);
+#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
}
/*!@}*/
diff --git a/secure_fw/services/crypto/crypto_mac.c b/secure_fw/services/crypto/crypto_mac.c
index 16e996f761..8ad387699f 100644
--- a/secure_fw/services/crypto/crypto_mac.c
+++ b/secure_fw/services/crypto/crypto_mac.c
@@ -29,6 +29,9 @@ psa_status_t tfm_crypto_mac_sign_setup(psa_invec in_vec[],
psa_outvec out_vec[],
size_t out_len)
{
+#if (TFM_CRYPTO_MAC_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status = PSA_SUCCESS;
psa_mac_operation_t *operation = NULL;
@@ -72,6 +75,7 @@ psa_status_t tfm_crypto_mac_sign_setup(psa_invec in_vec[],
}
return PSA_SUCCESS;
+#endif /* TFM_CRYPTO_MAC_MODULE_DISABLED */
}
psa_status_t tfm_crypto_mac_verify_setup(psa_invec in_vec[],
@@ -79,6 +83,9 @@ psa_status_t tfm_crypto_mac_verify_setup(psa_invec in_vec[],
psa_outvec out_vec[],
size_t out_len)
{
+#if (TFM_CRYPTO_MAC_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status = PSA_SUCCESS;
psa_mac_operation_t *operation = NULL;
@@ -122,6 +129,7 @@ psa_status_t tfm_crypto_mac_verify_setup(psa_invec in_vec[],
}
return PSA_SUCCESS;
+#endif /* TFM_CRYPTO_MAC_MODULE_DISABLED */
}
psa_status_t tfm_crypto_mac_update(psa_invec in_vec[],
@@ -129,6 +137,9 @@ psa_status_t tfm_crypto_mac_update(psa_invec in_vec[],
psa_outvec out_vec[],
size_t out_len)
{
+#if (TFM_CRYPTO_MAC_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status = PSA_SUCCESS;
psa_mac_operation_t *operation = NULL;
@@ -165,6 +176,7 @@ psa_status_t tfm_crypto_mac_update(psa_invec in_vec[],
}
return PSA_SUCCESS;
+#endif /* TFM_CRYPTO_MAC_MODULE_DISABLED */
}
psa_status_t tfm_crypto_mac_sign_finish(psa_invec in_vec[],
@@ -172,6 +184,9 @@ psa_status_t tfm_crypto_mac_sign_finish(psa_invec in_vec[],
psa_outvec out_vec[],
size_t out_len)
{
+#if (TFM_CRYPTO_MAC_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status = PSA_SUCCESS;
psa_mac_operation_t *operation = NULL;
@@ -213,6 +228,7 @@ psa_status_t tfm_crypto_mac_sign_finish(psa_invec in_vec[],
status = tfm_crypto_operation_release(handle_out);
return status;
+#endif /* TFM_CRYPTO_MAC_MODULE_DISABLED */
}
psa_status_t tfm_crypto_mac_verify_finish(psa_invec in_vec[],
@@ -220,6 +236,9 @@ psa_status_t tfm_crypto_mac_verify_finish(psa_invec in_vec[],
psa_outvec out_vec[],
size_t out_len)
{
+#if (TFM_CRYPTO_MAC_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status = PSA_SUCCESS;
psa_mac_operation_t *operation = NULL;
@@ -258,6 +277,7 @@ psa_status_t tfm_crypto_mac_verify_finish(psa_invec in_vec[],
status = tfm_crypto_operation_release(handle_out);
return status;
+#endif /* TFM_CRYPTO_MAC_MODULE_DISABLED */
}
psa_status_t tfm_crypto_mac_abort(psa_invec in_vec[],
@@ -265,6 +285,9 @@ psa_status_t tfm_crypto_mac_abort(psa_invec in_vec[],
psa_outvec out_vec[],
size_t out_len)
{
+#if (TFM_CRYPTO_MAC_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status = PSA_SUCCESS;
psa_mac_operation_t *operation = NULL;
@@ -303,5 +326,6 @@ psa_status_t tfm_crypto_mac_abort(psa_invec in_vec[],
status = tfm_crypto_operation_release(handle_out);
return status;
+#endif /* TFM_CRYPTO_MAC_MODULE_DISABLED */
}
/*!@}*/
diff --git a/secure_fw/services/crypto/tfm_crypto_secure_api.c b/secure_fw/services/crypto/tfm_crypto_secure_api.c
index 2edd0e39fa..68997b506e 100644
--- a/secure_fw/services/crypto/tfm_crypto_secure_api.c
+++ b/secure_fw/services/crypto/tfm_crypto_secure_api.c
@@ -59,6 +59,9 @@ psa_status_t psa_crypto_init(void)
__attribute__((section("SFN")))
psa_status_t psa_allocate_key(psa_key_handle_t *handle)
{
+#if (TFM_CRYPTO_KEY_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
const struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_ALLOCATE_KEY_SID,
@@ -81,6 +84,7 @@ psa_status_t psa_allocate_key(psa_key_handle_t *handle)
#endif
return status;
+#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
}
__attribute__((section("SFN")))
@@ -88,12 +92,16 @@ psa_status_t psa_open_key(psa_key_lifetime_t lifetime,
psa_key_id_t id,
psa_key_handle_t *handle)
{
+#if (TFM_CRYPTO_KEY_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
(void)lifetime;
(void)id;
(void)handle;
/* TODO: Persistent key APIs are not supported yet */
return PSA_ERROR_NOT_SUPPORTED;
+#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
}
__attribute__((section("SFN")))
@@ -101,21 +109,29 @@ psa_status_t psa_create_key(psa_key_lifetime_t lifetime,
psa_key_id_t id,
psa_key_handle_t *handle)
{
+#if (TFM_CRYPTO_KEY_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
(void)lifetime;
(void)id;
(void)handle;
/* TODO: Persistent key APIs are not supported yet */
return PSA_ERROR_NOT_SUPPORTED;
+#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
}
__attribute__((section("SFN")))
psa_status_t psa_close_key(psa_key_handle_t handle)
{
+#if (TFM_CRYPTO_KEY_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
(void)handle;
/* TODO: Persistent key APIs are not supported yet */
return PSA_ERROR_NOT_SUPPORTED;
+#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
}
__attribute__((section("SFN")))
@@ -124,6 +140,9 @@ psa_status_t psa_import_key(psa_key_handle_t handle,
const uint8_t *data,
size_t data_length)
{
+#if (TFM_CRYPTO_KEY_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_IMPORT_KEY_SID,
@@ -146,11 +165,15 @@ psa_status_t psa_import_key(psa_key_handle_t handle,
#endif
return status;
+#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
}
__attribute__((section("SFN")))
psa_status_t psa_destroy_key(psa_key_handle_t handle)
{
+#if (TFM_CRYPTO_KEY_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_DESTROY_KEY_SID,
@@ -171,6 +194,7 @@ psa_status_t psa_destroy_key(psa_key_handle_t handle)
#endif
return status;
+#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
}
__attribute__((section("SFN")))
@@ -178,6 +202,9 @@ psa_status_t psa_get_key_information(psa_key_handle_t handle,
psa_key_type_t *type,
size_t *bits)
{
+#if (TFM_CRYPTO_KEY_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_GET_KEY_INFORMATION_SID,
@@ -202,6 +229,7 @@ psa_status_t psa_get_key_information(psa_key_handle_t handle,
#endif
return status;
+#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
}
__attribute__((section("SFN")))
@@ -210,6 +238,9 @@ psa_status_t psa_export_key(psa_key_handle_t handle,
size_t data_size,
size_t *data_length)
{
+#if (TFM_CRYPTO_KEY_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_EXPORT_KEY_SID,
@@ -236,6 +267,7 @@ psa_status_t psa_export_key(psa_key_handle_t handle,
#endif
return status;
+#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
}
__attribute__((section("SFN")))
@@ -244,6 +276,9 @@ psa_status_t psa_export_public_key(psa_key_handle_t handle,
size_t data_size,
size_t *data_length)
{
+#if (TFM_CRYPTO_KEY_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_EXPORT_PUBLIC_KEY_SID,
@@ -271,6 +306,7 @@ psa_status_t psa_export_public_key(psa_key_handle_t handle,
#endif
return status;
+#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
}
__attribute__((section("SFN")))
@@ -278,6 +314,9 @@ psa_status_t psa_copy_key(psa_key_handle_t source_handle,
psa_key_handle_t target_handle,
const psa_key_policy_t *constraint)
{
+#if (TFM_CRYPTO_KEY_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_COPY_KEY_SID,
@@ -301,6 +340,7 @@ psa_status_t psa_copy_key(psa_key_handle_t source_handle,
#endif
return status;
+#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
}
__attribute__((section("SFN")))
@@ -328,6 +368,9 @@ __attribute__((section("SFN")))
psa_status_t psa_set_key_policy(psa_key_handle_t handle,
const psa_key_policy_t *policy)
{
+#if (TFM_CRYPTO_KEY_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_SET_KEY_POLICY_SID,
@@ -350,12 +393,16 @@ psa_status_t psa_set_key_policy(psa_key_handle_t handle,
#endif
return status;
+#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
}
__attribute__((section("SFN")))
psa_status_t psa_get_key_policy(psa_key_handle_t handle,
psa_key_policy_t *policy)
{
+#if (TFM_CRYPTO_KEY_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_GET_KEY_POLICY_SID,
@@ -380,12 +427,16 @@ psa_status_t psa_get_key_policy(psa_key_handle_t handle,
#endif
return status;
+#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
}
__attribute__((section("SFN")))
psa_status_t psa_get_key_lifetime(psa_key_handle_t handle,
psa_key_lifetime_t *lifetime)
{
+#if (TFM_CRYPTO_KEY_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_GET_KEY_LIFETIME_SID,
@@ -410,6 +461,7 @@ psa_status_t psa_get_key_lifetime(psa_key_handle_t handle,
#endif
return status;
+#endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */
}
__attribute__((section("SFN")))
@@ -418,6 +470,9 @@ psa_status_t psa_cipher_generate_iv(psa_cipher_operation_t *operation,
size_t iv_size,
size_t *iv_length)
{
+#if (TFM_CRYPTO_CIPHER_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_CIPHER_GENERATE_IV_SID,
@@ -446,6 +501,7 @@ psa_status_t psa_cipher_generate_iv(psa_cipher_operation_t *operation,
#endif
return status;
+#endif /* TFM_CRYPTO_CIPHER_MODULE_DISABLED */
}
__attribute__((section("SFN")))
@@ -453,6 +509,9 @@ psa_status_t psa_cipher_set_iv(psa_cipher_operation_t *operation,
const unsigned char *iv,
size_t iv_length)
{
+#if (TFM_CRYPTO_CIPHER_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_CIPHER_SET_IV_SID,
@@ -478,6 +537,7 @@ psa_status_t psa_cipher_set_iv(psa_cipher_operation_t *operation,
#endif
return status;
+#endif /* TFM_CRYPTO_CIPHER_MODULE_DISABLED */
}
__attribute__((section("SFN")))
@@ -485,6 +545,9 @@ psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation,
psa_key_handle_t handle,
psa_algorithm_t alg)
{
+#if (TFM_CRYPTO_CIPHER_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_CIPHER_ENCRYPT_SETUP_SID,
@@ -511,6 +574,7 @@ psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation,
#endif
return status;
+#endif /* TFM_CRYPTO_CIPHER_MODULE_DISABLED */
}
__attribute__((section("SFN")))
@@ -518,6 +582,9 @@ psa_status_t psa_cipher_decrypt_setup(psa_cipher_operation_t *operation,
psa_key_handle_t handle,
psa_algorithm_t alg)
{
+#if (TFM_CRYPTO_CIPHER_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_CIPHER_DECRYPT_SETUP_SID,
@@ -544,6 +611,7 @@ psa_status_t psa_cipher_decrypt_setup(psa_cipher_operation_t *operation,
#endif
return status;
+#endif /* TFM_CRYPTO_CIPHER_MODULE_DISABLED */
}
__attribute__((section("SFN")))
@@ -554,6 +622,9 @@ psa_status_t psa_cipher_update(psa_cipher_operation_t *operation,
size_t output_size,
size_t *output_length)
{
+#if (TFM_CRYPTO_CIPHER_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_CIPHER_UPDATE_SID,
@@ -583,11 +654,15 @@ psa_status_t psa_cipher_update(psa_cipher_operation_t *operation,
#endif
return status;
+#endif /* TFM_CRYPTO_CIPHER_MODULE_DISABLED */
}
__attribute__((section("SFN")))
psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation)
{
+#if (TFM_CRYPTO_CIPHER_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_CIPHER_ABORT_SID,
@@ -612,6 +687,7 @@ psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation)
#endif
return status;
+#endif /* TFM_CRYPTO_CIPHER_MODULE_DISABLED */
}
__attribute__((section("SFN")))
@@ -620,6 +696,9 @@ psa_status_t psa_cipher_finish(psa_cipher_operation_t *operation,
size_t output_size,
size_t *output_length)
{
+#if (TFM_CRYPTO_CIPHER_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_CIPHER_FINISH_SID,
@@ -648,12 +727,16 @@ psa_status_t psa_cipher_finish(psa_cipher_operation_t *operation,
#endif
return status;
+#endif /* TFM_CRYPTO_CIPHER_MODULE_DISABLED */
}
__attribute__((section("SFN")))
psa_status_t psa_hash_setup(psa_hash_operation_t *operation,
psa_algorithm_t alg)
{
+#if (TFM_CRYPTO_HASH_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_HASH_SETUP_SID,
@@ -680,6 +763,7 @@ psa_status_t psa_hash_setup(psa_hash_operation_t *operation,
#endif
return status;
+#endif /* TFM_CRYPTO_HASH_MODULE_DISABLED */
}
__attribute__((section("SFN")))
@@ -687,6 +771,9 @@ psa_status_t psa_hash_update(psa_hash_operation_t *operation,
const uint8_t *input,
size_t input_length)
{
+#if (TFM_CRYPTO_HASH_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_HASH_UPDATE_SID,
@@ -713,6 +800,7 @@ psa_status_t psa_hash_update(psa_hash_operation_t *operation,
#endif
return status;
+#endif /* TFM_CRYPTO_HASH_MODULE_DISABLED */
}
__attribute__((section("SFN")))
@@ -721,6 +809,9 @@ psa_status_t psa_hash_finish(psa_hash_operation_t *operation,
size_t hash_size,
size_t *hash_length)
{
+#if (TFM_CRYPTO_HASH_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_HASH_FINISH_SID,
@@ -749,6 +840,7 @@ psa_status_t psa_hash_finish(psa_hash_operation_t *operation,
#endif
return status;
+#endif /* TFM_CRYPTO_HASH_MODULE_DISABLED */
}
__attribute__((section("SFN")))
@@ -756,6 +848,9 @@ psa_status_t psa_hash_verify(psa_hash_operation_t *operation,
const uint8_t *hash,
size_t hash_length)
{
+#if (TFM_CRYPTO_HASH_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_HASH_VERIFY_SID,
@@ -781,11 +876,15 @@ psa_status_t psa_hash_verify(psa_hash_operation_t *operation,
#endif
return status;
+#endif /* TFM_CRYPTO_HASH_MODULE_DISABLED */
}
__attribute__((section("SFN")))
psa_status_t psa_hash_abort(psa_hash_operation_t *operation)
{
+#if (TFM_CRYPTO_HASH_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_HASH_ABORT_SID,
@@ -810,12 +909,16 @@ psa_status_t psa_hash_abort(psa_hash_operation_t *operation)
#endif
return status;
+#endif /* TFM_CRYPTO_HASH_MODULE_DISABLED */
}
__attribute__((section("SFN")))
psa_status_t psa_hash_clone(const psa_hash_operation_t *source_operation,
psa_hash_operation_t *target_operation)
{
+#if (TFM_CRYPTO_HASH_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_HASH_CLONE_SID,
@@ -840,6 +943,7 @@ psa_status_t psa_hash_clone(const psa_hash_operation_t *source_operation,
#endif
return status;
+#endif /* TFM_CRYPTO_HASH_MODULE_DISABLED */
}
__attribute__((section("SFN")))
@@ -847,6 +951,9 @@ psa_status_t psa_mac_sign_setup(psa_mac_operation_t *operation,
psa_key_handle_t handle,
psa_algorithm_t alg)
{
+#if (TFM_CRYPTO_MAC_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_MAC_SIGN_SETUP_SID,
@@ -873,6 +980,7 @@ psa_status_t psa_mac_sign_setup(psa_mac_operation_t *operation,
#endif
return status;
+#endif /* TFM_CRYPTO_MAC_MODULE_DISABLED */
}
__attribute__((section("SFN")))
@@ -880,6 +988,9 @@ psa_status_t psa_mac_verify_setup(psa_mac_operation_t *operation,
psa_key_handle_t handle,
psa_algorithm_t alg)
{
+#if (TFM_CRYPTO_MAC_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_MAC_VERIFY_SETUP_SID,
@@ -906,6 +1017,7 @@ psa_status_t psa_mac_verify_setup(psa_mac_operation_t *operation,
#endif
return status;
+#endif /* TFM_CRYPTO_MAC_MODULE_DISABLED */
}
__attribute__((section("SFN")))
@@ -913,6 +1025,9 @@ psa_status_t psa_mac_update(psa_mac_operation_t *operation,
const uint8_t *input,
size_t input_length)
{
+#if (TFM_CRYPTO_MAC_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_MAC_UPDATE_SID,
@@ -938,6 +1053,7 @@ psa_status_t psa_mac_update(psa_mac_operation_t *operation,
#endif
return status;
+#endif /* TFM_CRYPTO_MAC_MODULE_DISABLED */
}
__attribute__((section("SFN")))
@@ -946,6 +1062,9 @@ psa_status_t psa_mac_sign_finish(psa_mac_operation_t *operation,
size_t mac_size,
size_t *mac_length)
{
+#if (TFM_CRYPTO_MAC_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_MAC_SIGN_FINISH_SID,
@@ -974,6 +1093,7 @@ psa_status_t psa_mac_sign_finish(psa_mac_operation_t *operation,
#endif
return status;
+#endif /* TFM_CRYPTO_MAC_MODULE_DISABLED */
}
__attribute__((section("SFN")))
@@ -981,6 +1101,9 @@ psa_status_t psa_mac_verify_finish(psa_mac_operation_t *operation,
const uint8_t *mac,
size_t mac_length)
{
+#if (TFM_CRYPTO_MAC_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_MAC_VERIFY_FINISH_SID,
@@ -1007,11 +1130,15 @@ psa_status_t psa_mac_verify_finish(psa_mac_operation_t *operation,
#endif
return status;
+#endif /* TFM_CRYPTO_MAC_MODULE_DISABLED */
}
__attribute__((section("SFN")))
psa_status_t psa_mac_abort(psa_mac_operation_t *operation)
{
+#if (TFM_CRYPTO_MAC_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_MAC_ABORT_SID,
@@ -1036,6 +1163,7 @@ psa_status_t psa_mac_abort(psa_mac_operation_t *operation)
#endif
return status;
+#endif /* TFM_CRYPTO_MAC_MODULE_DISABLED */
}
__attribute__((section("SFN")))
@@ -1051,6 +1179,9 @@ psa_status_t psa_aead_encrypt(psa_key_handle_t handle,
size_t ciphertext_size,
size_t *ciphertext_length)
{
+#if (TFM_CRYPTO_AEAD_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_AEAD_ENCRYPT_SID,
@@ -1107,6 +1238,7 @@ psa_status_t psa_aead_encrypt(psa_key_handle_t handle,
#endif
return status;
+#endif /* TFM_CRYPTO_AEAD_MODULE_DISABLED */
}
__attribute__((section("SFN")))
@@ -1122,6 +1254,9 @@ psa_status_t psa_aead_decrypt(psa_key_handle_t handle,
size_t plaintext_size,
size_t *plaintext_length)
{
+#if (TFM_CRYPTO_AEAD_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_AEAD_DECRYPT_SID,
@@ -1178,6 +1313,7 @@ psa_status_t psa_aead_decrypt(psa_key_handle_t handle,
#endif
return status;
+#endif /* TFM_CRYPTO_AEAD_MODULE_DISABLED */
}
__attribute__((section("SFN")))
@@ -1189,6 +1325,9 @@ psa_status_t psa_asymmetric_sign(psa_key_handle_t handle,
size_t signature_size,
size_t *signature_length)
{
+#if (TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_ASYMMETRIC_SIGN_SID,
@@ -1218,6 +1357,7 @@ psa_status_t psa_asymmetric_sign(psa_key_handle_t handle,
#endif
return status;
+#endif /* TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED */
}
__attribute__((section("SFN")))
@@ -1228,6 +1368,9 @@ psa_status_t psa_asymmetric_verify(psa_key_handle_t handle,
const uint8_t *signature,
size_t signature_length)
{
+#if (TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_ASYMMETRIC_VERIFY_SID,
@@ -1252,6 +1395,7 @@ psa_status_t psa_asymmetric_verify(psa_key_handle_t handle,
#endif
return status;
+#endif /* TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED */
}
__attribute__((section("SFN")))
@@ -1265,6 +1409,9 @@ psa_status_t psa_asymmetric_encrypt(psa_key_handle_t handle,
size_t output_size,
size_t *output_length)
{
+#if (TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_ASYMMETRIC_ENCRYPT_SID,
@@ -1310,6 +1457,7 @@ psa_status_t psa_asymmetric_encrypt(psa_key_handle_t handle,
#endif
return status;
+#endif /* TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED */
}
__attribute__((section("SFN")))
@@ -1323,6 +1471,9 @@ psa_status_t psa_asymmetric_decrypt(psa_key_handle_t handle,
size_t output_size,
size_t *output_length)
{
+#if (TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_ASYMMETRIC_DECRYPT_SID,
@@ -1368,12 +1519,16 @@ psa_status_t psa_asymmetric_decrypt(psa_key_handle_t handle,
#endif
return status;
+#endif /* TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED */
}
__attribute__((section("SFN")))
psa_status_t psa_get_generator_capacity(const psa_crypto_generator_t *generator,
size_t *capacity)
{
+#if (TFM_CRYPTO_GENERATOR_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_GET_GENERATOR_CAPACITY_SID,
@@ -1399,6 +1554,7 @@ psa_status_t psa_get_generator_capacity(const psa_crypto_generator_t *generator,
#endif
return status;
+#endif /* TFM_CRYPTO_GENERATOR_MODULE_DISABLED */
}
__attribute__((section("SFN")))
@@ -1406,6 +1562,9 @@ psa_status_t psa_generator_read(psa_crypto_generator_t *generator,
uint8_t *output,
size_t output_length)
{
+#if (TFM_CRYPTO_GENERATOR_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_GENERATOR_READ_SID,
@@ -1431,6 +1590,7 @@ psa_status_t psa_generator_read(psa_crypto_generator_t *generator,
#endif
return status;
+#endif /* TFM_CRYPTO_GENERATOR_MODULE_DISABLED */
}
__attribute__((section("SFN")))
@@ -1439,6 +1599,9 @@ psa_status_t psa_generator_import_key(psa_key_handle_t handle,
size_t bits,
psa_crypto_generator_t *generator)
{
+#if (TFM_CRYPTO_GENERATOR_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_GENERATOR_IMPORT_KEY_SID,
@@ -1463,11 +1626,15 @@ psa_status_t psa_generator_import_key(psa_key_handle_t handle,
#endif
return status;
+#endif /* TFM_CRYPTO_GENERATOR_MODULE_DISABLED */
}
__attribute__((section("SFN")))
psa_status_t psa_generator_abort(psa_crypto_generator_t *generator)
{
+#if (TFM_CRYPTO_GENERATOR_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_GENERATOR_ABORT_SID,
@@ -1493,6 +1660,7 @@ psa_status_t psa_generator_abort(psa_crypto_generator_t *generator)
#endif
return status;
+#endif /* TFM_CRYPTO_GENERATOR_MODULE_DISABLED */
}
__attribute__((section("SFN")))
@@ -1505,6 +1673,9 @@ psa_status_t psa_key_derivation(psa_crypto_generator_t *generator,
size_t label_length,
size_t capacity)
{
+#if (TFM_CRYPTO_GENERATOR_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_KEY_DERIVATION_SID,
@@ -1557,6 +1728,7 @@ psa_status_t psa_key_derivation(psa_crypto_generator_t *generator,
#endif
return status;
+#endif /* TFM_CRYPTO_GENERATOR_MODULE_DISABLED */
}
__attribute__((section("SFN")))
@@ -1566,6 +1738,9 @@ psa_status_t psa_key_agreement(psa_crypto_generator_t *generator,
size_t peer_key_length,
psa_algorithm_t alg)
{
+#if (TFM_CRYPTO_GENERATOR_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_KEY_AGREEMENT_SID,
@@ -1595,12 +1770,16 @@ psa_status_t psa_key_agreement(psa_crypto_generator_t *generator,
#endif
return status;
+#endif /* TFM_CRYPTO_GENERATOR_MODULE_DISABLED */
}
__attribute__((section("SFN")))
psa_status_t psa_generate_random(uint8_t *output,
size_t output_size)
{
+#if (TFM_CRYPTO_GENERATOR_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_GENERATE_RANDOM_SID,
@@ -1630,6 +1809,7 @@ psa_status_t psa_generate_random(uint8_t *output,
#endif
return status;
+#endif /* TFM_CRYPTO_GENERATOR_MODULE_DISABLED */
}
__attribute__((section("SFN")))
@@ -1639,6 +1819,9 @@ psa_status_t psa_generate_key(psa_key_handle_t handle,
const void *extra,
size_t extra_size)
{
+#if (TFM_CRYPTO_GENERATOR_MODULE_DISABLED != 0)
+ return PSA_ERROR_NOT_SUPPORTED;
+#else
psa_status_t status;
struct tfm_crypto_pack_iovec iov = {
.sfn_id = TFM_CRYPTO_GENERATE_KEY_SID,
@@ -1678,4 +1861,5 @@ psa_status_t psa_generate_key(psa_key_handle_t handle,
#endif
return status;
+#endif /* TFM_CRYPTO_GENERATOR_MODULE_DISABLED */
}