diff options
| author | Kevin Peng <kevin.peng@arm.com> | 2019-07-29 16:05:42 +0800 |
|---|---|---|
| committer | Ken Liu <ken.liu@arm.com> | 2019-08-16 02:18:15 +0000 |
| commit | 9449a361776b2c08834c05e8f276ffa87301d18b (patch) | |
| tree | 1963924e8bdd2646949b9805e78da05e6c37ed68 | |
| parent | 519ed86207edef10b67621d108321357960da421 (diff) | |
| download | trusted-firmware-m-9449a361776b2c08834c05e8f276ffa87301d18b.tar.gz | |
Interface: Split the source files for different models
This patch splits the interface source files for different
models.
They only contain the implementations for each model
respectively.
Change-Id: I70aef5384754c445787327ec2c61fc57201da86f
Signed-off-by: Kevin Peng <kevin.peng@arm.com>
| -rw-r--r-- | app/CMakeLists.txt | 37 | ||||
| -rw-r--r-- | interface/src/tfm_audit_func_api.c (renamed from interface/src/tfm_audit_api.c) | 0 | ||||
| -rw-r--r-- | interface/src/tfm_crypto_func_api.c | 1230 | ||||
| -rw-r--r-- | interface/src/tfm_crypto_ipc_api.c (renamed from interface/src/tfm_crypto_api.c) | 243 | ||||
| -rw-r--r-- | interface/src/tfm_initial_attestation_func_api.c | 58 | ||||
| -rw-r--r-- | interface/src/tfm_initial_attestation_ipc_api.c (renamed from interface/src/tfm_initial_attestation_api.c) | 29 | ||||
| -rw-r--r-- | interface/src/tfm_platform_func_api.c (renamed from interface/src/tfm_platform_api.c) | 0 | ||||
| -rw-r--r-- | interface/src/tfm_sst_func_api.c | 159 | ||||
| -rw-r--r-- | interface/src/tfm_sst_ipc_api.c (renamed from interface/src/tfm_sst_api.c) | 62 |
9 files changed, 1502 insertions, 316 deletions
diff --git a/app/CMakeLists.txt b/app/CMakeLists.txt index 7d3016c27..eeeccaf88 100644 --- a/app/CMakeLists.txt +++ b/app/CMakeLists.txt @@ -46,23 +46,46 @@ if (NOT DEFINED TFM_PARTITION_PLATFORM) message(FATAL_ERROR "Incomplete build configuration: TFM_PARTITION_PLATFORM is undefined.") endif() +if (NOT DEFINED TFM_PSA_API) + message(FATAL_ERROR "Incomplete build configuration: TFM_PSA_API is undefined.") +endif() + set(NS_APP_SRC "${CMSIS_5_DIR}/CMSIS/RTOS2/RTX/Config/RTX_Config.c" "${CMSIS_5_DIR}/CMSIS/RTOS2/RTX/Source/rtx_lib.c" "${APP_DIR}/main_ns.c" "${APP_DIR}/tfm_integ_test.c" "${APP_DIR}/os_wrapper_cmsis_rtos_v2.c" - "${INTERFACE_DIR}/src/tfm_sst_api.c" - "${INTERFACE_DIR}/src/tfm_crypto_api.c" - "${INTERFACE_DIR}/src/tfm_initial_attestation_api.c" "${INTERFACE_DIR}/src/tfm_ns_interface.c" ) +if (TFM_PSA_API) + list(APPEND NS_APP_SRC + "${INTERFACE_DIR}/src/tfm_sst_ipc_api.c" + "${INTERFACE_DIR}/src/tfm_crypto_ipc_api.c" + "${INTERFACE_DIR}/src/tfm_initial_attestation_ipc_api.c" + ) +else() + list(APPEND NS_APP_SRC + "${INTERFACE_DIR}/src/tfm_sst_func_api.c" + "${INTERFACE_DIR}/src/tfm_crypto_func_api.c" + "${INTERFACE_DIR}/src/tfm_initial_attestation_func_api.c" + ) +endif() + if (TFM_PARTITION_AUDIT_LOG) - list(APPEND NS_APP_SRC "${INTERFACE_DIR}/src/tfm_audit_api.c") + if (TFM_PSA_API) + message(FATAL_ERROR "Audit log has not been supported in IPC model yet.") + else() + list(APPEND NS_APP_SRC "${INTERFACE_DIR}/src/tfm_audit_func_api.c") + endif() endif() if (TFM_PARTITION_PLATFORM) - list(APPEND NS_APP_SRC "${INTERFACE_DIR}/src/tfm_platform_api.c") + if (TFM_PSA_API) + message(FATAL_ERROR "Platform service has not been supported in IPC model yet.") + else() + list(APPEND NS_APP_SRC "${INTERFACE_DIR}/src/tfm_platform_func_api.c") + endif() endif() if (NOT DEFINED TFM_NS_CLIENT_IDENTIFICATION) @@ -78,9 +101,7 @@ if (PSA_API_TEST_NS) list(APPEND NS_APP_SRC "${APP_DIR}/psa_api_test.c") endif() -if (NOT DEFINED TFM_PSA_API) - message(FATAL_ERROR "Incomplete build configuration: TFM_PSA_API is undefined. ") -elseif (TFM_PSA_API) +if (TFM_PSA_API) list(APPEND NS_APP_SRC "${INTERFACE_DIR}/src/tfm_psa_ns_api.c") endif() diff --git a/interface/src/tfm_audit_api.c b/interface/src/tfm_audit_func_api.c index 343963502..343963502 100644 --- a/interface/src/tfm_audit_api.c +++ b/interface/src/tfm_audit_func_api.c diff --git a/interface/src/tfm_crypto_func_api.c b/interface/src/tfm_crypto_func_api.c new file mode 100644 index 000000000..176c192e1 --- /dev/null +++ b/interface/src/tfm_crypto_func_api.c @@ -0,0 +1,1230 @@ +/* + * Copyright (c) 2018-2019, Arm Limited. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + * + */ + +#include "tfm_veneers.h" +#include "tfm_crypto_defs.h" +#include "psa/crypto.h" +#include "tfm_ns_interface.h" + +#define ARRAY_SIZE(arr) (sizeof(arr)/sizeof(arr[0])) + +#define API_DISPATCH(sfn_name, sfn_id) \ + tfm_ns_interface_dispatch((veneer_fn)tfm_##sfn_name##_veneer,\ + (uint32_t)in_vec, ARRAY_SIZE(in_vec), \ + (uint32_t)out_vec, ARRAY_SIZE(out_vec)) + +#define API_DISPATCH_NO_OUTVEC(sfn_name, sfn_id) \ + tfm_ns_interface_dispatch((veneer_fn)tfm_##sfn_name##_veneer,\ + (uint32_t)in_vec, ARRAY_SIZE(in_vec), \ + (uint32_t)NULL, 0) + +psa_status_t psa_crypto_init(void) +{ + /* Service init is performed during TFM boot up, + * so application level initialisation is empty + */ + return PSA_SUCCESS; +} + +psa_status_t psa_allocate_key(psa_key_handle_t *handle) +{ + psa_status_t status; + const struct tfm_crypto_pack_iovec iov = { + .sfn_id = TFM_CRYPTO_ALLOCATE_KEY_SID, + }; + psa_invec in_vec[] = { + {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)}, + }; + psa_outvec out_vec[] = { + {.base = handle, .len = sizeof(psa_key_handle_t)}, + }; + + status = API_DISPATCH(tfm_crypto_allocate_key, + TFM_CRYPTO_ALLOCATE_KEY); + + return status; +} + +psa_status_t psa_open_key(psa_key_lifetime_t lifetime, + psa_key_id_t id, + psa_key_handle_t *handle) +{ + (void)lifetime; + (void)id; + (void)handle; + + /* TODO: Persistent key APIs are not supported yet */ + return PSA_ERROR_NOT_SUPPORTED; +} + +psa_status_t psa_create_key(psa_key_lifetime_t lifetime, + psa_key_id_t id, + psa_key_handle_t *handle) +{ + (void)lifetime; + (void)id; + (void)handle; + + /* TODO: Persistent key APIs are not supported yet */ + return PSA_ERROR_NOT_SUPPORTED; +} + +psa_status_t psa_close_key(psa_key_handle_t handle) +{ + (void)handle; + + /* TODO: Persistent key APIs are not supported yet */ + return PSA_ERROR_NOT_SUPPORTED; +} + +psa_status_t psa_import_key(psa_key_handle_t handle, + psa_key_type_t type, + const uint8_t *data, + size_t data_length) +{ + psa_status_t status; + struct tfm_crypto_pack_iovec iov = { + .sfn_id = TFM_CRYPTO_IMPORT_KEY_SID, + .key_handle = handle, + .type = type, + }; + psa_invec in_vec[] = { + {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)}, + {.base = data, .len = data_length} + }; + + status = API_DISPATCH_NO_OUTVEC(tfm_crypto_import_key, + TFM_CRYPTO_IMPORT_KEY); + + return status; +} + +psa_status_t psa_destroy_key(psa_key_handle_t handle) +{ + psa_status_t status; + struct tfm_crypto_pack_iovec iov = { + .sfn_id = TFM_CRYPTO_DESTROY_KEY_SID, + .key_handle = handle, + }; + psa_invec in_vec[] = { + {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)}, + }; + + status = API_DISPATCH_NO_OUTVEC(tfm_crypto_destroy_key, + TFM_CRYPTO_DESTROY_KEY); + + return status; +} + +psa_status_t psa_get_key_information(psa_key_handle_t handle, + psa_key_type_t *type, + size_t *bits) +{ + psa_status_t status; + struct tfm_crypto_pack_iovec iov = { + .sfn_id = TFM_CRYPTO_GET_KEY_INFORMATION_SID, + .key_handle = handle, + }; + psa_invec in_vec[] = { + {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)}, + }; + psa_outvec out_vec[] = { + {.base = type, .len = sizeof(psa_key_type_t)}, + {.base = bits, .len = sizeof(size_t)} + }; + + status = API_DISPATCH(tfm_crypto_get_key_information, + TFM_CRYPTO_GET_KEY_INFORMATION); + + return status; +} + +psa_status_t psa_export_key(psa_key_handle_t handle, + uint8_t *data, + size_t data_size, + size_t *data_length) +{ + psa_status_t status; + struct tfm_crypto_pack_iovec iov = { + .sfn_id = TFM_CRYPTO_EXPORT_KEY_SID, + .key_handle = handle, + }; + psa_invec in_vec[] = { + {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)}, + }; + psa_outvec out_vec[] = { + {.base = data, .len = data_size} + }; + + status = API_DISPATCH(tfm_crypto_export_key, + TFM_CRYPTO_EXPORT_KEY); + + *data_length = out_vec[0].len; + + + return status; +} + +psa_status_t psa_export_public_key(psa_key_handle_t handle, + uint8_t *data, + size_t data_size, + size_t *data_length) +{ + psa_status_t status; + struct tfm_crypto_pack_iovec iov = { + .sfn_id = TFM_CRYPTO_EXPORT_PUBLIC_KEY_SID, + .key_handle = handle, + }; + + psa_invec in_vec[] = { + {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)}, + }; + psa_outvec out_vec[] = { + {.base = data, .len = data_size} + }; + + status = API_DISPATCH(tfm_crypto_export_public_key, + TFM_CRYPTO_EXPORT_PUBLIC_KEY); + + *data_length = out_vec[0].len; + + return status; +} + +psa_status_t psa_copy_key(psa_key_handle_t source_handle, + psa_key_handle_t target_handle, + const psa_key_policy_t *constraint) +{ + psa_status_t status; + struct tfm_crypto_pack_iovec iov = { + .sfn_id = TFM_CRYPTO_COPY_KEY_SID, + .key_handle = source_handle, + }; + + psa_invec in_vec[] = { + {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)}, + {.base = &target_handle, .len = sizeof(psa_key_handle_t)}, + {.base = constraint, .len = sizeof(psa_key_policy_t)}, + }; + + status = API_DISPATCH_NO_OUTVEC(tfm_crypto_copy_key, + TFM_CRYPTO_COPY_KEY); + + return status; +} + +void psa_key_policy_set_usage(psa_key_policy_t *policy, + psa_key_usage_t usage, + psa_algorithm_t alg) +{ + policy->usage = usage; + policy->alg = alg; +} + +psa_key_usage_t psa_key_policy_get_usage(const psa_key_policy_t *policy) +{ + return policy->usage; +} + +psa_algorithm_t psa_key_policy_get_algorithm(const psa_key_policy_t *policy) +{ + return policy->alg; +} + +psa_status_t psa_set_key_policy(psa_key_handle_t handle, + const psa_key_policy_t *policy) +{ + psa_status_t status; + struct tfm_crypto_pack_iovec iov = { + .sfn_id = TFM_CRYPTO_SET_KEY_POLICY_SID, + .key_handle = handle, + }; + + psa_invec in_vec[] = { + {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)}, + {.base = policy, .len = sizeof(psa_key_policy_t)}, + }; + + status = API_DISPATCH_NO_OUTVEC(tfm_crypto_set_key_policy, + TFM_CRYPTO_SET_KEY_POLICY); + + return status; +} + +psa_status_t psa_get_key_policy(psa_key_handle_t handle, + psa_key_policy_t *policy) +{ + psa_status_t status; + struct tfm_crypto_pack_iovec iov = { + .sfn_id = TFM_CRYPTO_GET_KEY_POLICY_SID, + .key_handle = handle, + }; + + psa_invec in_vec[] = { + {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)}, + }; + psa_outvec out_vec[] = { + {.base = policy, .len = sizeof(psa_key_policy_t)}, + }; + + status = API_DISPATCH(tfm_crypto_get_key_policy, + TFM_CRYPTO_GET_KEY_POLICY); + + return status; +} + +psa_status_t psa_get_key_lifetime(psa_key_handle_t handle, + psa_key_lifetime_t *lifetime) +{ + psa_status_t status; + struct tfm_crypto_pack_iovec iov = { + .sfn_id = TFM_CRYPTO_GET_KEY_LIFETIME_SID, + .key_handle = handle, + }; + + psa_invec in_vec[] = { + {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)}, + }; + psa_outvec out_vec[] = { + {.base = lifetime, .len = sizeof(psa_key_lifetime_t)}, + }; + + status = API_DISPATCH(tfm_crypto_get_key_lifetime, + TFM_CRYPTO_GET_KEY_LIFETIME); + + return status; +} + +psa_status_t psa_cipher_generate_iv(psa_cipher_operation_t *operation, + unsigned char *iv, + size_t iv_size, + size_t *iv_length) +{ + psa_status_t status; + struct tfm_crypto_pack_iovec iov = { + .sfn_id = TFM_CRYPTO_CIPHER_GENERATE_IV_SID, + .op_handle = operation->handle, + }; + + psa_invec in_vec[] = { + {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)}, + }; + psa_outvec out_vec[] = { + {.base = &(operation->handle), .len = sizeof(uint32_t)}, + {.base = iv, .len = iv_size}, + }; + + status = API_DISPATCH(tfm_crypto_cipher_generate_iv, + TFM_CRYPTO_CIPHER_GENERATE_IV); + + *iv_length = out_vec[1].len; + + return status; +} + +psa_status_t psa_cipher_set_iv(psa_cipher_operation_t *operation, + const unsigned char *iv, + size_t iv_length) +{ + psa_status_t status; + struct tfm_crypto_pack_iovec iov = { + .sfn_id = TFM_CRYPTO_CIPHER_SET_IV_SID, + .op_handle = operation->handle, + }; + + psa_invec in_vec[] = { + {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)}, + {.base = iv, .len = iv_length}, + }; + psa_outvec out_vec[] = { + {.base = &(operation->handle), .len = sizeof(uint32_t)}, + }; + + status = API_DISPATCH(tfm_crypto_cipher_set_iv, + TFM_CRYPTO_CIPHER_SET_IV); + + return status; +} + +psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation, + psa_key_handle_t handle, + psa_algorithm_t alg) +{ + psa_status_t status; + struct tfm_crypto_pack_iovec iov = { + .sfn_id = TFM_CRYPTO_CIPHER_ENCRYPT_SETUP_SID, + .key_handle = handle, + .alg = alg, + .op_handle = operation->handle, + }; + + psa_invec in_vec[] = { + {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)}, + }; + psa_outvec out_vec[] = { + {.base = &(operation->handle), .len = sizeof(uint32_t)}, + }; + + status = API_DISPATCH(tfm_crypto_cipher_encrypt_setup, + TFM_CRYPTO_CIPHER_ENCRYPT_SETUP); + + return status; +} + +psa_status_t psa_cipher_decrypt_setup(psa_cipher_operation_t *operation, + psa_key_handle_t handle, + psa_algorithm_t alg) +{ + psa_status_t status; + struct tfm_crypto_pack_iovec iov = { + .sfn_id = TFM_CRYPTO_CIPHER_DECRYPT_SETUP_SID, + .key_handle = handle, + .alg = alg, + .op_handle = operation->handle, + }; + + psa_invec in_vec[] = { + {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)}, + }; + psa_outvec out_vec[] = { + {.base = &(operation->handle), .len = sizeof(uint32_t)}, + }; + + status = API_DISPATCH(tfm_crypto_cipher_decrypt_setup, + TFM_CRYPTO_CIPHER_DECRYPT_SETUP); + + return status; +} + +psa_status_t psa_cipher_update(psa_cipher_operation_t *operation, + const uint8_t *input, + size_t input_length, + unsigned char *output, + size_t output_size, + size_t *output_length) +{ + psa_status_t status; + struct tfm_crypto_pack_iovec iov = { + .sfn_id = TFM_CRYPTO_CIPHER_UPDATE_SID, + .op_handle = operation->handle, + }; + + psa_invec in_vec[] = { + {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)}, + {.base = input, .len = input_length}, + }; + psa_outvec out_vec[] = { + {.base = &(operation->handle), .len = sizeof(uint32_t)}, + {.base = output, .len = output_size} + }; + + status = API_DISPATCH(tfm_crypto_cipher_update, + TFM_CRYPTO_CIPHER_UPDATE); + + *output_length = out_vec[1].len; + + return status; +} + +psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation) +{ + psa_status_t status; + struct tfm_crypto_pack_iovec iov = { + .sfn_id = TFM_CRYPTO_CIPHER_ABORT_SID, + .op_handle = operation->handle, + }; + + psa_invec in_vec[] = { + {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)}, + }; + psa_outvec out_vec[] = { + {.base = &(operation->handle), .len = sizeof(uint32_t)}, + }; + + status = API_DISPATCH(tfm_crypto_cipher_abort, + TFM_CRYPTO_CIPHER_ABORT); + + return status; +} + +psa_status_t psa_cipher_finish(psa_cipher_operation_t *operation, + uint8_t *output, + size_t output_size, + size_t *output_length) +{ + psa_status_t status; + struct tfm_crypto_pack_iovec iov = { + .sfn_id = TFM_CRYPTO_CIPHER_FINISH_SID, + .op_handle = operation->handle, + }; + + psa_invec in_vec[] = { + {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)}, + }; + psa_outvec out_vec[] = { + {.base = &(operation->handle), .len = sizeof(uint32_t)}, + {.base = output, .len = output_size}, + }; + + status = API_DISPATCH(tfm_crypto_cipher_finish, + TFM_CRYPTO_CIPHER_FINISH); + + *output_length = out_vec[1].len; + + return status; +} + +psa_status_t psa_hash_setup(psa_hash_operation_t *operation, + psa_algorithm_t alg) +{ + psa_status_t status; + struct tfm_crypto_pack_iovec iov = { + .sfn_id = TFM_CRYPTO_HASH_SETUP_SID, + .alg = alg, + .op_handle = operation->handle, + }; + + psa_invec in_vec[] = { + {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)}, + }; + psa_outvec out_vec[] = { + {.base = &(operation->handle), .len = sizeof(uint32_t)}, + }; + + status = API_DISPATCH(tfm_crypto_hash_setup, + TFM_CRYPTO_HASH_SETUP); + + return status; +} + +psa_status_t psa_hash_update(psa_hash_operation_t *operation, + const uint8_t *input, + size_t input_length) +{ + psa_status_t status; + struct tfm_crypto_pack_iovec iov = { + .sfn_id = TFM_CRYPTO_HASH_UPDATE_SID, + .op_handle = operation->handle, + }; + + psa_invec in_vec[] = { + {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)}, + {.base = input, .len = input_length}, + }; + psa_outvec out_vec[] = { + {.base = &(operation->handle), .len = sizeof(uint32_t)}, + }; + + status = API_DISPATCH(tfm_crypto_hash_update, + TFM_CRYPTO_HASH_UPDATE); + + return status; +} + +psa_status_t psa_hash_finish(psa_hash_operation_t *operation, + uint8_t *hash, + size_t hash_size, + size_t *hash_length) +{ + psa_status_t status; + struct tfm_crypto_pack_iovec iov = { + .sfn_id = TFM_CRYPTO_HASH_FINISH_SID, + .op_handle = operation->handle, + }; + + psa_invec in_vec[] = { + {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)}, + }; + psa_outvec out_vec[] = { + {.base = &(operation->handle), .len = sizeof(uint32_t)}, + {.base = hash, .len = hash_size}, + }; + + status = API_DISPATCH(tfm_crypto_hash_finish, + TFM_CRYPTO_HASH_FINISH); + + *hash_length = out_vec[1].len; + + return status; +} + +psa_status_t psa_hash_verify(psa_hash_operation_t *operation, + const uint8_t *hash, + size_t hash_length) +{ + psa_status_t status; + struct tfm_crypto_pack_iovec iov = { + .sfn_id = TFM_CRYPTO_HASH_VERIFY_SID, + .op_handle = operation->handle, + }; + + psa_invec in_vec[] = { + {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)}, + {.base = hash, .len = hash_length}, + }; + psa_outvec out_vec[] = { + {.base = &(operation->handle), .len = sizeof(uint32_t)}, + }; + + status = API_DISPATCH(tfm_crypto_hash_verify, + TFM_CRYPTO_HASH_VERIFY); + + return status; +} + +psa_status_t psa_hash_abort(psa_hash_operation_t *operation) +{ + psa_status_t status; + struct tfm_crypto_pack_iovec iov = { + .sfn_id = TFM_CRYPTO_HASH_ABORT_SID, + .op_handle = operation->handle, + }; + + psa_invec in_vec[] = { + {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)}, + }; + psa_outvec out_vec[] = { + {.base = &(operation->handle), .len = sizeof(uint32_t)}, + }; + + status = API_DISPATCH(tfm_crypto_hash_abort, + TFM_CRYPTO_HASH_ABORT); + + return status; +} + +psa_status_t psa_hash_clone(const psa_hash_operation_t *source_operation, + psa_hash_operation_t *target_operation) +{ + psa_status_t status; + struct tfm_crypto_pack_iovec iov = { + .sfn_id = TFM_CRYPTO_HASH_CLONE_SID, + .op_handle = source_operation->handle, + }; + + psa_invec in_vec[] = { + {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)}, + }; + psa_outvec out_vec[] = { + {.base = target_operation, .len = sizeof(psa_hash_operation_t)}, + }; + + status = API_DISPATCH(tfm_crypto_hash_clone, + TFM_CRYPTO_HASH_CLONE); + + return status; +} + +psa_status_t psa_mac_sign_setup(psa_mac_operation_t *operation, + psa_key_handle_t handle, + psa_algorithm_t alg) +{ + psa_status_t status; + struct tfm_crypto_pack_iovec iov = { + .sfn_id = TFM_CRYPTO_MAC_SIGN_SETUP_SID, + .key_handle = handle, + .alg = alg, + .op_handle = operation->handle, + }; + + psa_invec in_vec[] = { + {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)}, + }; + psa_outvec out_vec[] = { + {.base = &(operation->handle), .len = sizeof(uint32_t)}, + }; + + status = API_DISPATCH(tfm_crypto_mac_sign_setup, + TFM_CRYPTO_MAC_SIGN_SETUP); + + return status; +} + +psa_status_t psa_mac_verify_setup(psa_mac_operation_t *operation, + psa_key_handle_t handle, + psa_algorithm_t alg) +{ + psa_status_t status; + struct tfm_crypto_pack_iovec iov = { + .sfn_id = TFM_CRYPTO_MAC_VERIFY_SETUP_SID, + .key_handle = handle, + .alg = alg, + .op_handle = operation->handle, + }; + + psa_invec in_vec[] = { + {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)}, + }; + psa_outvec out_vec[] = { + {.base = &(operation->handle), .len = sizeof(uint32_t)}, + }; + + status = API_DISPATCH(tfm_crypto_mac_verify_setup, + TFM_CRYPTO_MAC_VERIFY_SETUP); + + return status; +} + +psa_status_t psa_mac_update(psa_mac_operation_t *operation, + const uint8_t *input, + size_t input_length) +{ + psa_status_t status; + struct tfm_crypto_pack_iovec iov = { + .sfn_id = TFM_CRYPTO_MAC_UPDATE_SID, + .op_handle = operation->handle, + }; + + psa_invec in_vec[] = { + {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)}, + {.base = input, .len = input_length}, + }; + psa_outvec out_vec[] = { + {.base = &(operation->handle), .len = sizeof(uint32_t)}, + }; + + status = API_DISPATCH(tfm_crypto_mac_update, + TFM_CRYPTO_MAC_UPDATE); + + return status; +} + +psa_status_t psa_mac_sign_finish(psa_mac_operation_t *operation, + uint8_t *mac, + size_t mac_size, + size_t *mac_length) +{ + psa_status_t status; + struct tfm_crypto_pack_iovec iov = { + .sfn_id = TFM_CRYPTO_MAC_SIGN_FINISH_SID, + .op_handle = operation->handle, + }; + + psa_invec in_vec[] = { + {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)}, + }; + psa_outvec out_vec[] = { + {.base = &(operation->handle), .len = sizeof(uint32_t)}, + {.base = mac, .len = mac_size}, + }; + + status = API_DISPATCH(tfm_crypto_mac_sign_finish, + TFM_CRYPTO_MAC_SIGN_FINISH); + + *mac_length = out_vec[1].len; + + return status; +} + +psa_status_t psa_mac_verify_finish(psa_mac_operation_t *operation, + const uint8_t *mac, + size_t mac_length) +{ + psa_status_t status; + struct tfm_crypto_pack_iovec iov = { + .sfn_id = TFM_CRYPTO_MAC_VERIFY_FINISH_SID, + .op_handle = operation->handle, + }; + + psa_invec in_vec[] = { + {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)}, + {.base = mac, .len = mac_length}, + }; + psa_outvec out_vec[] = { + {.base = &(operation->handle), .len = sizeof(uint32_t)}, + }; + + status = API_DISPATCH(tfm_crypto_mac_verify_finish, + TFM_CRYPTO_MAC_VERIFY_FINISH); + + return status; +} + +psa_status_t psa_mac_abort(psa_mac_operation_t *operation) +{ + psa_status_t status; + struct tfm_crypto_pack_iovec iov = { + .sfn_id = TFM_CRYPTO_MAC_ABORT_SID, + .op_handle = operation->handle, + }; + + psa_invec in_vec[] = { + {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)}, + }; + psa_outvec out_vec[] = { + {.base = &(operation->handle), .len = sizeof(uint32_t)}, + }; + + status = API_DISPATCH(tfm_crypto_mac_abort, + TFM_CRYPTO_MAC_ABORT); + + return status; +} + +psa_status_t psa_aead_encrypt(psa_key_handle_t handle, + psa_algorithm_t alg, + const uint8_t *nonce, + size_t nonce_length, + const uint8_t *additional_data, + size_t additional_data_length, + const uint8_t *plaintext, + size_t plaintext_length, + uint8_t *ciphertext, + size_t ciphertext_size, + size_t *ciphertext_length) +{ + psa_status_t status; + struct tfm_crypto_pack_iovec iov = { + .sfn_id = TFM_CRYPTO_AEAD_ENCRYPT_SID, + .key_handle = handle, + .alg = alg, + .aead_in = {.nonce = {0}, .nonce_length = nonce_length} + }; + + /* Sanitize the optional input */ + if ((additional_data == NULL) && (additional_data_length != 0)) { + return PSA_ERROR_INVALID_ARGUMENT; + } + + size_t idx = 0; + psa_invec in_vec[] = { + {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)}, + {.base = plaintext, .len = plaintext_length}, + {.base = additional_data, .len = additional_data_length}, + }; + psa_outvec out_vec[] = { + {.base = ciphertext, .len = ciphertext_size}, + }; + + if (nonce_length > TFM_CRYPTO_MAX_NONCE_LENGTH) { + return PSA_ERROR_INVALID_ARGUMENT; + } + + if (nonce != NULL) { + for (idx = 0; idx < nonce_length; idx++) { + iov.aead_in.nonce[idx] = nonce[idx]; + } + } + + status = API_DISPATCH(tfm_crypto_aead_encrypt, + TFM_CRYPTO_AEAD_ENCRYPT); + + *ciphertext_length = out_vec[0].len; + + return status; +} + +psa_status_t psa_aead_decrypt(psa_key_handle_t handle, + psa_algorithm_t alg, + const uint8_t *nonce, + size_t nonce_length, + const uint8_t *additional_data, + size_t additional_data_length, + const uint8_t *ciphertext, + size_t ciphertext_length, + uint8_t *plaintext, + size_t plaintext_size, + size_t *plaintext_length) +{ + psa_status_t status; + struct tfm_crypto_pack_iovec iov = { + .sfn_id = TFM_CRYPTO_AEAD_DECRYPT_SID, + .key_handle = handle, + .alg = alg, + .aead_in = {.nonce = {0}, .nonce_length = nonce_length} + }; + + /* Sanitize the optional input */ + if ((additional_data == NULL) && (additional_data_length != 0)) { + return PSA_ERROR_INVALID_ARGUMENT; + } + + size_t idx = 0; + psa_invec in_vec[] = { + {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)}, + {.base = ciphertext, .len = ciphertext_length}, + {.base = additional_data, .len = additional_data_length}, + }; + psa_outvec out_vec[] = { + {.base = plaintext, .len = plaintext_size}, + }; + + if (nonce_length > TFM_CRYPTO_MAX_NONCE_LENGTH) { + return PSA_ERROR_INVALID_ARGUMENT; + } + + if (nonce != NULL) { + for (idx = 0; idx < nonce_length; idx++) { + iov.aead_in.nonce[idx] = nonce[idx]; + } + } + + status = API_DISPATCH(tfm_crypto_aead_decrypt, + TFM_CRYPTO_AEAD_DECRYPT); + + *plaintext_length = out_vec[0].len; + + return status; +} + +psa_status_t psa_asymmetric_sign(psa_key_handle_t handle, + psa_algorithm_t alg, + const uint8_t *hash, + size_t hash_length, + uint8_t *signature, + size_t signature_size, + size_t *signature_length) +{ + psa_status_t status; + struct tfm_crypto_pack_iovec iov = { + .sfn_id = TFM_CRYPTO_ASYMMETRIC_SIGN_SID, + .key_handle = handle, + .alg = alg, + }; + + psa_invec in_vec[] = { + {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)}, + {.base = hash, .len = hash_length}, + }; + psa_outvec out_vec[] = { + {.base = signature, .len = signature_size}, + }; + + status = API_DISPATCH(tfm_crypto_asymmetric_sign, + TFM_CRYPTO_ASYMMETRIC_SIGN); + + *signature_length = out_vec[0].len; + + return status; +} + +psa_status_t psa_asymmetric_verify(psa_key_handle_t handle, + psa_algorithm_t alg, + const uint8_t *hash, + size_t hash_length, + const uint8_t *signature, + size_t signature_length) +{ + psa_status_t status; + struct tfm_crypto_pack_iovec iov = { + .sfn_id = TFM_CRYPTO_ASYMMETRIC_VERIFY_SID, + .key_handle = handle, + .alg = alg + }; + + psa_invec in_vec[] = { + {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)}, + {.base = hash, .len = hash_length}, + {.base = signature, .len = signature_length} + }; + + status = API_DISPATCH_NO_OUTVEC(tfm_crypto_asymmetric_verify, + TFM_CRYPTO_ASYMMETRIC_VERIFY); + + return status; +} + +psa_status_t psa_asymmetric_encrypt(psa_key_handle_t handle, + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + const uint8_t *salt, + size_t salt_length, + uint8_t *output, + size_t output_size, + size_t *output_length) +{ + psa_status_t status; + struct tfm_crypto_pack_iovec iov = { + .sfn_id = TFM_CRYPTO_ASYMMETRIC_ENCRYPT_SID, + .key_handle = handle, + .alg = alg + }; + + /* Sanitize the optional input */ + if ((salt == NULL) && (salt_length != 0)) { + return PSA_ERROR_INVALID_ARGUMENT; + } + + psa_invec in_vec[] = { + {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)}, + {.base = input, .len = input_length}, + {.base = salt, .len = salt_length} + }; + + psa_outvec out_vec[] = { + {.base = output, .len = output_size}, + }; + + status = API_DISPATCH(tfm_crypto_asymmetric_encrypt, + TFM_CRYPTO_ASYMMETRIC_ENCRYPT); + + *output_length = out_vec[0].len; + + return status; +} + +psa_status_t psa_asymmetric_decrypt(psa_key_handle_t handle, + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + const uint8_t *salt, + size_t salt_length, + uint8_t *output, + size_t output_size, + size_t *output_length) +{ + psa_status_t status; + struct tfm_crypto_pack_iovec iov = { + .sfn_id = TFM_CRYPTO_ASYMMETRIC_DECRYPT_SID, + .key_handle = handle, + .alg = alg + }; + + /* Sanitize the optional input */ + if ((salt == NULL) && (salt_length != 0)) { + return PSA_ERROR_INVALID_ARGUMENT; + } + + psa_invec in_vec[] = { + {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)}, + {.base = input, .len = input_length}, + {.base = salt, .len = salt_length} + }; + + psa_outvec out_vec[] = { + {.base = output, .len = output_size}, + }; + + status = API_DISPATCH(tfm_crypto_asymmetric_decrypt, + TFM_CRYPTO_ASYMMETRIC_DECRYPT); + + *output_length = out_vec[0].len; + + return status; +} + +psa_status_t psa_get_generator_capacity(const psa_crypto_generator_t *generator, + size_t *capacity) +{ + psa_status_t status; + struct tfm_crypto_pack_iovec iov = { + .sfn_id = TFM_CRYPTO_GET_GENERATOR_CAPACITY_SID, + .op_handle = generator->handle, + }; + + psa_invec in_vec[] = { + {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)}, + }; + + psa_outvec out_vec[] = { + {.base = capacity, .len = sizeof(size_t)}, + }; + + status = API_DISPATCH(tfm_crypto_get_generator_capacity, + TFM_CRYPTO_GET_GENERATOR_CAPACITY); + + return status; +} + +psa_status_t psa_generator_read(psa_crypto_generator_t *generator, + uint8_t *output, + size_t output_length) +{ + psa_status_t status; + struct tfm_crypto_pack_iovec iov = { + .sfn_id = TFM_CRYPTO_GENERATOR_READ_SID, + .op_handle = generator->handle, + }; + + psa_invec in_vec[] = { + {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)}, + }; + + psa_outvec out_vec[] = { + {.base = output, .len = output_length}, + }; + + status = API_DISPATCH(tfm_crypto_generator_read, + TFM_CRYPTO_GENERATOR_READ); + + return status; +} + +psa_status_t psa_generator_import_key(psa_key_handle_t handle, + psa_key_type_t type, + size_t bits, + psa_crypto_generator_t *generator) +{ + psa_status_t status; + struct tfm_crypto_pack_iovec iov = { + .sfn_id = TFM_CRYPTO_GENERATOR_IMPORT_KEY_SID, + .key_handle = handle, + .type = type, + .op_handle = generator->handle, + }; + + psa_invec in_vec[] = { + {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)}, + {.base = &bits, .len = sizeof(size_t)}, + }; + + status = API_DISPATCH_NO_OUTVEC(tfm_crypto_generator_import_key, + TFM_CRYPTO_GENERATOR_IMPORT_KEY); + + return status; +} + +psa_status_t psa_generator_abort(psa_crypto_generator_t *generator) +{ + psa_status_t status; + struct tfm_crypto_pack_iovec iov = { + .sfn_id = TFM_CRYPTO_GENERATOR_ABORT_SID, + .op_handle = generator->handle, + }; + + psa_invec in_vec[] = { + {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)}, + }; + + psa_outvec out_vec[] = { + {.base = &(generator->handle), .len = sizeof(uint32_t)}, + }; + + status = API_DISPATCH(tfm_crypto_generator_abort, + TFM_CRYPTO_GENERATOR_ABORT); + + return status; +} + +psa_status_t psa_key_derivation(psa_crypto_generator_t *generator, + psa_key_handle_t handle, + psa_algorithm_t alg, + const uint8_t *salt, + size_t salt_length, + const uint8_t *label, + size_t label_length, + size_t capacity) +{ + psa_status_t status; + struct tfm_crypto_pack_iovec iov = { + .sfn_id = TFM_CRYPTO_KEY_DERIVATION_SID, + .key_handle = handle, + .alg = alg, + .op_handle = generator->handle, + .capacity = capacity, + }; + + /* Sanitize the optional input */ + if ((salt == NULL) && (salt_length != 0)) { + return PSA_ERROR_INVALID_ARGUMENT; + } + + if ((label == NULL) && (label_length != 0)) { + return PSA_ERROR_INVALID_ARGUMENT; + } + + psa_invec in_vec[] = { + {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)}, + {.base = salt, .len = salt_length}, + {.base = label, .len = label_length}, + }; + + psa_outvec out_vec[] = { + {.base = &(generator->handle), .len = sizeof(uint32_t)}, + }; + + status = API_DISPATCH(tfm_crypto_key_derivation, + TFM_CRYPTO_KEY_DERIVATION); + + return status; +} + +psa_status_t psa_key_agreement(psa_crypto_generator_t *generator, + psa_key_handle_t private_key, + const uint8_t *peer_key, + size_t peer_key_length, + psa_algorithm_t alg) +{ + psa_status_t status; + struct tfm_crypto_pack_iovec iov = { + .sfn_id = TFM_CRYPTO_KEY_AGREEMENT_SID, + .key_handle = private_key, + .alg = alg, + .op_handle = generator->handle, + }; + + psa_invec in_vec[] = { + {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)}, + {.base = peer_key, .len = peer_key_length}, + }; + + psa_outvec out_vec[] = { + {.base = &(generator->handle), .len = sizeof(uint32_t)}, + }; + + status = API_DISPATCH(tfm_crypto_key_agreement, + TFM_CRYPTO_KEY_AGREEMENT); + + return status; +} + +psa_status_t psa_generate_random(uint8_t *output, + size_t output_size) +{ + psa_status_t status; + struct tfm_crypto_pack_iovec iov = { + .sfn_id = TFM_CRYPTO_GENERATE_RANDOM_SID, + }; + + psa_invec in_vec[] = { + {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)}, + }; + + psa_outvec out_vec[] = { + {.base = output, .len = output_size}, + }; + + if (output_size == 0) { + return PSA_SUCCESS; + } + + status = API_DISPATCH(tfm_crypto_generate_random, + TFM_CRYPTO_GENERATE_RANDOM); + + return status; +} + +psa_status_t psa_generate_key(psa_key_handle_t handle, + psa_key_type_t type, + size_t bits, + const void *extra, + size_t extra_size) +{ + psa_status_t status; + struct tfm_crypto_pack_iovec iov = { + .sfn_id = TFM_CRYPTO_GENERATE_KEY_SID, + .key_handle = handle, + .type = type, + }; + + /* Sanitize the optional input */ + if ((extra == NULL) && (extra_size != 0)) { + return PSA_ERROR_INVALID_ARGUMENT; + } + + psa_invec in_vec[] = { + {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)}, + {.base = &bits, .len = sizeof(size_t)}, + {.base = extra, .len = extra_size}, + }; + + status = API_DISPATCH_NO_OUTVEC(tfm_crypto_generate_key, + TFM_CRYPTO_GENERATE_KEY); + + return status; +} diff --git a/interface/src/tfm_crypto_api.c b/interface/src/tfm_crypto_ipc_api.c index c53641b54..cf6152c20 100644 --- a/interface/src/tfm_crypto_api.c +++ b/interface/src/tfm_crypto_ipc_api.c @@ -9,15 +9,11 @@ #include "tfm_crypto_defs.h" #include "psa/crypto.h" #include "tfm_ns_interface.h" -#ifdef TFM_PSA_API #include "psa_manifest/sid.h" -#endif +#include "psa/client.h" #define ARRAY_SIZE(arr) (sizeof(arr)/sizeof(arr[0])) -#ifdef TFM_PSA_API -#include "psa/client.h" - #define PSA_CONNECT(service) \ psa_handle_t ipc_handle; \ ipc_handle = psa_connect(service##_SID, service##_VERSION); \ @@ -36,17 +32,6 @@ psa_call(ipc_handle, PSA_IPC_CALL, \ in_vec, ARRAY_SIZE(in_vec), \ (psa_outvec *)NULL, 0) -#else -#define API_DISPATCH(sfn_name, sfn_id) \ - tfm_ns_interface_dispatch((veneer_fn)tfm_##sfn_name##_veneer,\ - (uint32_t)in_vec, ARRAY_SIZE(in_vec), \ - (uint32_t)out_vec, ARRAY_SIZE(out_vec)) - -#define API_DISPATCH_NO_OUTVEC(sfn_name, sfn_id) \ - tfm_ns_interface_dispatch((veneer_fn)tfm_##sfn_name##_veneer,\ - (uint32_t)in_vec, ARRAY_SIZE(in_vec), \ - (uint32_t)NULL, 0) -#endif psa_status_t psa_crypto_init(void) { @@ -72,15 +57,12 @@ psa_status_t psa_allocate_key(psa_key_handle_t *handle) {.base = handle, .len = sizeof(psa_key_handle_t)}, }; -#ifdef TFM_PSA_API PSA_CONNECT(TFM_CRYPTO); -#endif status = API_DISPATCH(tfm_crypto_allocate_key, TFM_CRYPTO_ALLOCATE_KEY); -#ifdef TFM_PSA_API + PSA_CLOSE(); -#endif return status; #endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */ @@ -149,15 +131,12 @@ psa_status_t psa_import_key(psa_key_handle_t handle, {.base = data, .len = data_length} }; -#ifdef TFM_PSA_API PSA_CONNECT(TFM_CRYPTO); -#endif status = API_DISPATCH_NO_OUTVEC(tfm_crypto_import_key, TFM_CRYPTO_IMPORT_KEY); -#ifdef TFM_PSA_API + PSA_CLOSE(); -#endif return status; #endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */ @@ -177,15 +156,12 @@ psa_status_t psa_destroy_key(psa_key_handle_t handle) {.base = &iov, .len = sizeof(struct tfm_crypto_pack_iovec)}, }; -#ifdef TFM_PSA_API PSA_CONNECT(TFM_CRYPTO); -#endif status = API_DISPATCH_NO_OUTVEC(tfm_crypto_destroy_key, TFM_CRYPTO_DESTROY_KEY); -#ifdef TFM_PSA_API + PSA_CLOSE(); -#endif return status; #endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */ @@ -211,15 +187,12 @@ psa_status_t psa_get_key_information(psa_key_handle_t handle, {.base = bits, .len = sizeof(size_t)} }; -#ifdef TFM_PSA_API PSA_CONNECT(TFM_CRYPTO); -#endif status = API_DISPATCH(tfm_crypto_get_key_information, TFM_CRYPTO_GET_KEY_INFORMATION); -#ifdef TFM_PSA_API + PSA_CLOSE(); -#endif return status; #endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */ @@ -245,18 +218,14 @@ psa_status_t psa_export_key(psa_key_handle_t handle, {.base = data, .len = data_size} }; -#ifdef TFM_PSA_API PSA_CONNECT(TFM_CRYPTO); -#endif status = API_DISPATCH(tfm_crypto_export_key, TFM_CRYPTO_EXPORT_KEY); *data_length = out_vec[0].len; -#ifdef TFM_PSA_API PSA_CLOSE(); -#endif return status; #endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */ @@ -283,18 +252,14 @@ psa_status_t psa_export_public_key(psa_key_handle_t handle, {.base = data, .len = data_size} }; -#ifdef TFM_PSA_API PSA_CONNECT(TFM_CRYPTO); -#endif status = API_DISPATCH(tfm_crypto_export_public_key, TFM_CRYPTO_EXPORT_PUBLIC_KEY); *data_length = out_vec[0].len; -#ifdef TFM_PSA_API PSA_CLOSE(); -#endif return status; #endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */ @@ -319,15 +284,12 @@ psa_status_t psa_copy_key(psa_key_handle_t source_handle, {.base = constraint, .len = sizeof(psa_key_policy_t)}, }; -#ifdef TFM_PSA_API PSA_CONNECT(TFM_CRYPTO); -#endif status = API_DISPATCH_NO_OUTVEC(tfm_crypto_copy_key, TFM_CRYPTO_COPY_KEY); -#ifdef TFM_PSA_API + PSA_CLOSE(); -#endif return status; #endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */ @@ -368,15 +330,12 @@ psa_status_t psa_set_key_policy(psa_key_handle_t handle, {.base = policy, .len = sizeof(psa_key_policy_t)}, }; -#ifdef TFM_PSA_API PSA_CONNECT(TFM_CRYPTO); -#endif status = API_DISPATCH_NO_OUTVEC(tfm_crypto_set_key_policy, TFM_CRYPTO_SET_KEY_POLICY); -#ifdef TFM_PSA_API + PSA_CLOSE(); -#endif return status; #endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */ @@ -401,15 +360,12 @@ psa_status_t psa_get_key_policy(psa_key_handle_t handle, {.base = policy, .len = sizeof(psa_key_policy_t)}, }; -#ifdef TFM_PSA_API PSA_CONNECT(TFM_CRYPTO); -#endif status = API_DISPATCH(tfm_crypto_get_key_policy, TFM_CRYPTO_GET_KEY_POLICY); -#ifdef TFM_PSA_API + PSA_CLOSE(); -#endif return status; #endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */ @@ -434,15 +390,12 @@ psa_status_t psa_get_key_lifetime(psa_key_handle_t handle, {.base = lifetime, .len = sizeof(psa_key_lifetime_t)}, }; -#ifdef TFM_PSA_API PSA_CONNECT(TFM_CRYPTO); -#endif status = API_DISPATCH(tfm_crypto_get_key_lifetime, TFM_CRYPTO_GET_KEY_LIFETIME); -#ifdef TFM_PSA_API + PSA_CLOSE(); -#endif return status; #endif /* TFM_CRYPTO_KEY_MODULE_DISABLED */ @@ -470,18 +423,14 @@ psa_status_t psa_cipher_generate_iv(psa_cipher_operation_t *operation, {.base = iv, .len = iv_size}, }; -#ifdef TFM_PSA_API PSA_CONNECT(TFM_CRYPTO); -#endif status = API_DISPATCH(tfm_crypto_cipher_generate_iv, TFM_CRYPTO_CIPHER_GENERATE_IV); *iv_length = out_vec[1].len; -#ifdef TFM_PSA_API PSA_CLOSE(); -#endif return status; #endif /* TFM_CRYPTO_CIPHER_MODULE_DISABLED */ @@ -508,15 +457,12 @@ psa_status_t psa_cipher_set_iv(psa_cipher_operation_t *operation, {.base = &(operation->handle), .len = sizeof(uint32_t)}, }; -#ifdef TFM_PSA_API PSA_CONNECT(TFM_CRYPTO); -#endif status = API_DISPATCH(tfm_crypto_cipher_set_iv, TFM_CRYPTO_CIPHER_SET_IV); -#ifdef TFM_PSA_API + PSA_CLOSE(); -#endif return status; #endif /* TFM_CRYPTO_CIPHER_MODULE_DISABLED */ @@ -544,15 +490,12 @@ psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation, {.base = &(operation->handle), .len = sizeof(uint32_t)}, }; -#ifdef TFM_PSA_API PSA_CONNECT(TFM_CRYPTO); -#endif status = API_DISPATCH(tfm_crypto_cipher_encrypt_setup, TFM_CRYPTO_CIPHER_ENCRYPT_SETUP); -#ifdef TFM_PSA_API + PSA_CLOSE(); -#endif return status; #endif /* TFM_CRYPTO_CIPHER_MODULE_DISABLED */ @@ -580,15 +523,12 @@ psa_status_t psa_cipher_decrypt_setup(psa_cipher_operation_t *operation, {.base = &(operation->handle), .len = sizeof(uint32_t)}, }; -#ifdef TFM_PSA_API PSA_CONNECT(TFM_CRYPTO); -#endif status = API_DISPATCH(tfm_crypto_cipher_decrypt_setup, TFM_CRYPTO_CIPHER_DECRYPT_SETUP); -#ifdef TFM_PSA_API + PSA_CLOSE(); -#endif return status; #endif /* TFM_CRYPTO_CIPHER_MODULE_DISABLED */ @@ -619,18 +559,14 @@ psa_status_t psa_cipher_update(psa_cipher_operation_t *operation, {.base = output, .len = output_size} }; -#ifdef TFM_PSA_API PSA_CONNECT(TFM_CRYPTO); -#endif status = API_DISPATCH(tfm_crypto_cipher_update, TFM_CRYPTO_CIPHER_UPDATE); *output_length = out_vec[1].len; -#ifdef TFM_PSA_API PSA_CLOSE(); -#endif return status; #endif /* TFM_CRYPTO_CIPHER_MODULE_DISABLED */ @@ -654,15 +590,12 @@ psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation) {.base = &(operation->handle), .len = sizeof(uint32_t)}, }; -#ifdef TFM_PSA_API PSA_CONNECT(TFM_CRYPTO); -#endif status = API_DISPATCH(tfm_crypto_cipher_abort, TFM_CRYPTO_CIPHER_ABORT); -#ifdef TFM_PSA_API + PSA_CLOSE(); -#endif return status; #endif /* TFM_CRYPTO_CIPHER_MODULE_DISABLED */ @@ -690,18 +623,14 @@ psa_status_t psa_cipher_finish(psa_cipher_operation_t *operation, {.base = output, .len = output_size}, }; -#ifdef TFM_PSA_API PSA_CONNECT(TFM_CRYPTO); -#endif status = API_DISPATCH(tfm_crypto_cipher_finish, TFM_CRYPTO_CIPHER_FINISH); *output_length = out_vec[1].len; -#ifdef TFM_PSA_API PSA_CLOSE(); -#endif return status; #endif /* TFM_CRYPTO_CIPHER_MODULE_DISABLED */ @@ -727,16 +656,12 @@ psa_status_t psa_hash_setup(psa_hash_operation_t *operation, {.base = &(operation->handle), .len = sizeof(uint32_t)}, }; -#ifdef TFM_PSA_API PSA_CONNECT(TFM_CRYPTO); -#endif status = API_DISPATCH(tfm_crypto_hash_setup, TFM_CRYPTO_HASH_SETUP); -#ifdef TFM_PSA_API PSA_CLOSE(); -#endif return status; #endif /* TFM_CRYPTO_HASH_MODULE_DISABLED */ @@ -763,16 +688,12 @@ psa_status_t psa_hash_update(psa_hash_operation_t *operation, {.base = &(operation->handle), .len = sizeof(uint32_t)}, }; -#ifdef TFM_PSA_API PSA_CONNECT(TFM_CRYPTO); -#endif status = API_DISPATCH(tfm_crypto_hash_update, TFM_CRYPTO_HASH_UPDATE); -#ifdef TFM_PSA_API PSA_CLOSE(); -#endif return status; #endif /* TFM_CRYPTO_HASH_MODULE_DISABLED */ @@ -800,18 +721,14 @@ psa_status_t psa_hash_finish(psa_hash_operation_t *operation, {.base = hash, .len = hash_size}, }; -#ifdef TFM_PSA_API PSA_CONNECT(TFM_CRYPTO); -#endif status = API_DISPATCH(tfm_crypto_hash_finish, TFM_CRYPTO_HASH_FINISH); *hash_length = out_vec[1].len; -#ifdef TFM_PSA_API PSA_CLOSE(); -#endif return status; #endif /* TFM_CRYPTO_HASH_MODULE_DISABLED */ @@ -838,15 +755,12 @@ psa_status_t psa_hash_verify(psa_hash_operation_t *operation, {.base = &(operation->handle), .len = sizeof(uint32_t)}, }; -#ifdef TFM_PSA_API PSA_CONNECT(TFM_CRYPTO); -#endif status = API_DISPATCH(tfm_crypto_hash_verify, TFM_CRYPTO_HASH_VERIFY); -#ifdef TFM_PSA_API + PSA_CLOSE(); -#endif return status; #endif /* TFM_CRYPTO_HASH_MODULE_DISABLED */ @@ -870,15 +784,12 @@ psa_status_t psa_hash_abort(psa_hash_operation_t *operation) {.base = &(operation->handle), .len = sizeof(uint32_t)}, }; -#ifdef TFM_PSA_API PSA_CONNECT(TFM_CRYPTO); -#endif status = API_DISPATCH(tfm_crypto_hash_abort, TFM_CRYPTO_HASH_ABORT); -#ifdef TFM_PSA_API + PSA_CLOSE(); -#endif return status; #endif /* TFM_CRYPTO_HASH_MODULE_DISABLED */ @@ -903,15 +814,12 @@ psa_status_t psa_hash_clone(const psa_hash_operation_t *source_operation, {.base = target_operation, .len = sizeof(psa_hash_operation_t)}, }; -#ifdef TFM_PSA_API PSA_CONNECT(TFM_CRYPTO); -#endif status = API_DISPATCH(tfm_crypto_hash_clone, TFM_CRYPTO_HASH_CLONE); -#ifdef TFM_PSA_API + PSA_CLOSE(); -#endif return status; #endif /* TFM_CRYPTO_HASH_MODULE_DISABLED */ @@ -939,15 +847,12 @@ psa_status_t psa_mac_sign_setup(psa_mac_operation_t *operation, {.base = &(operation->handle), .len = sizeof(uint32_t)}, }; -#ifdef TFM_PSA_API PSA_CONNECT(TFM_CRYPTO); -#endif status = API_DISPATCH(tfm_crypto_mac_sign_setup, TFM_CRYPTO_MAC_SIGN_SETUP); -#ifdef TFM_PSA_API + PSA_CLOSE(); -#endif return status; #endif /* TFM_CRYPTO_MAC_MODULE_DISABLED */ @@ -975,15 +880,12 @@ psa_status_t psa_mac_verify_setup(psa_mac_operation_t *operation, {.base = &(operation->handle), .len = sizeof(uint32_t)}, }; -#ifdef TFM_PSA_API PSA_CONNECT(TFM_CRYPTO); -#endif status = API_DISPATCH(tfm_crypto_mac_verify_setup, TFM_CRYPTO_MAC_VERIFY_SETUP); -#ifdef TFM_PSA_API + PSA_CLOSE(); -#endif return status; #endif /* TFM_CRYPTO_MAC_MODULE_DISABLED */ @@ -1010,15 +912,12 @@ psa_status_t psa_mac_update(psa_mac_operation_t *operation, {.base = &(operation->handle), .len = sizeof(uint32_t)}, }; -#ifdef TFM_PSA_API PSA_CONNECT(TFM_CRYPTO); -#endif status = API_DISPATCH(tfm_crypto_mac_update, TFM_CRYPTO_MAC_UPDATE); -#ifdef TFM_PSA_API + PSA_CLOSE(); -#endif return status; #endif /* TFM_CRYPTO_MAC_MODULE_DISABLED */ @@ -1046,18 +945,14 @@ psa_status_t psa_mac_sign_finish(psa_mac_operation_t *operation, {.base = mac, .len = mac_size}, }; -#ifdef TFM_PSA_API PSA_CONNECT(TFM_CRYPTO); -#endif status = API_DISPATCH(tfm_crypto_mac_sign_finish, TFM_CRYPTO_MAC_SIGN_FINISH); *mac_length = out_vec[1].len; -#ifdef TFM_PSA_API PSA_CLOSE(); -#endif return status; #endif /* TFM_CRYPTO_MAC_MODULE_DISABLED */ @@ -1084,16 +979,12 @@ psa_status_t psa_mac_verify_finish(psa_mac_operation_t *operation, {.base = &(operation->handle), .len = sizeof(uint32_t)}, }; -#ifdef TFM_PSA_API PSA_CONNECT(TFM_CRYPTO); -#endif status = API_DISPATCH(tfm_crypto_mac_verify_finish, TFM_CRYPTO_MAC_VERIFY_FINISH); -#ifdef TFM_PSA_API PSA_CLOSE(); -#endif return status; #endif /* TFM_CRYPTO_MAC_MODULE_DISABLED */ @@ -1117,15 +1008,12 @@ psa_status_t psa_mac_abort(psa_mac_operation_t *operation) {.base = &(operation->handle), .len = sizeof(uint32_t)}, }; -#ifdef TFM_PSA_API PSA_CONNECT(TFM_CRYPTO); -#endif status = API_DISPATCH(tfm_crypto_mac_abort, TFM_CRYPTO_MAC_ABORT); -#ifdef TFM_PSA_API + PSA_CLOSE(); -#endif return status; #endif /* TFM_CRYPTO_MAC_MODULE_DISABLED */ @@ -1179,27 +1067,18 @@ psa_status_t psa_aead_encrypt(psa_key_handle_t handle, } } -#ifdef TFM_PSA_API PSA_CONNECT(TFM_CRYPTO); -#endif -#ifdef TFM_PSA_API size_t in_len = ARRAY_SIZE(in_vec); if (additional_data == NULL) { in_len--; } status = psa_call(ipc_handle, PSA_IPC_CALL, in_vec, in_len, out_vec, ARRAY_SIZE(out_vec)); -#else - status = API_DISPATCH(tfm_crypto_aead_encrypt, - TFM_CRYPTO_AEAD_ENCRYPT); -#endif *ciphertext_length = out_vec[0].len; -#ifdef TFM_PSA_API PSA_CLOSE(); -#endif return status; #endif /* TFM_CRYPTO_AEAD_MODULE_DISABLED */ @@ -1253,27 +1132,18 @@ psa_status_t psa_aead_decrypt(psa_key_handle_t handle, } } -#ifdef TFM_PSA_API PSA_CONNECT(TFM_CRYPTO); -#endif -#ifdef TFM_PSA_API size_t in_len = ARRAY_SIZE(in_vec); if (additional_data == NULL) { in_len--; } status = psa_call(ipc_handle, PSA_IPC_CALL, in_vec, in_len, out_vec, ARRAY_SIZE(out_vec)); -#else - status = API_DISPATCH(tfm_crypto_aead_decrypt, - TFM_CRYPTO_AEAD_DECRYPT); -#endif *plaintext_length = out_vec[0].len; -#ifdef TFM_PSA_API PSA_CLOSE(); -#endif return status; #endif /* TFM_CRYPTO_AEAD_MODULE_DISABLED */ @@ -1305,18 +1175,14 @@ psa_status_t psa_asymmetric_sign(psa_key_handle_t handle, {.base = signature, .len = signature_size}, }; -#ifdef TFM_PSA_API PSA_CONNECT(TFM_CRYPTO); -#endif status = API_DISPATCH(tfm_crypto_asymmetric_sign, TFM_CRYPTO_ASYMMETRIC_SIGN); *signature_length = out_vec[0].len; -#ifdef TFM_PSA_API PSA_CLOSE(); -#endif return status; #endif /* TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED */ @@ -1345,15 +1211,12 @@ psa_status_t psa_asymmetric_verify(psa_key_handle_t handle, {.base = signature, .len = signature_length} }; -#ifdef TFM_PSA_API PSA_CONNECT(TFM_CRYPTO); -#endif status = API_DISPATCH_NO_OUTVEC(tfm_crypto_asymmetric_verify, TFM_CRYPTO_ASYMMETRIC_VERIFY); -#ifdef TFM_PSA_API + PSA_CLOSE(); -#endif return status; #endif /* TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED */ @@ -1394,27 +1257,18 @@ psa_status_t psa_asymmetric_encrypt(psa_key_handle_t handle, {.base = output, .len = output_size}, }; -#ifdef TFM_PSA_API PSA_CONNECT(TFM_CRYPTO); -#endif -#ifdef TFM_PSA_API size_t in_len = ARRAY_SIZE(in_vec); if (salt == NULL) { in_len--; } status = psa_call(ipc_handle, PSA_IPC_CALL, in_vec, in_len, out_vec, ARRAY_SIZE(out_vec)); -#else - status = API_DISPATCH(tfm_crypto_asymmetric_encrypt, - TFM_CRYPTO_ASYMMETRIC_ENCRYPT); -#endif *output_length = out_vec[0].len; -#ifdef TFM_PSA_API PSA_CLOSE(); -#endif return status; #endif /* TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED */ @@ -1455,27 +1309,18 @@ psa_status_t psa_asymmetric_decrypt(psa_key_handle_t handle, {.base = output, .len = output_size}, }; -#ifdef TFM_PSA_API PSA_CONNECT(TFM_CRYPTO); -#endif -#ifdef TFM_PSA_API size_t in_len = ARRAY_SIZE(in_vec); if (salt == NULL) { in_len--; } status = psa_call(ipc_handle, PSA_IPC_CALL, in_vec, in_len, out_vec, ARRAY_SIZE(out_vec)); -#else - status = API_DISPATCH(tfm_crypto_asymmetric_decrypt, - TFM_CRYPTO_ASYMMETRIC_DECRYPT); -#endif *output_length = out_vec[0].len; -#ifdef TFM_PSA_API PSA_CLOSE(); -#endif return status; #endif /* TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED */ @@ -1501,15 +1346,12 @@ psa_status_t psa_get_generator_capacity(const psa_crypto_generator_t *generator, {.base = capacity, .len = sizeof(size_t)}, }; -#ifdef TFM_PSA_API PSA_CONNECT(TFM_CRYPTO); -#endif status = API_DISPATCH(tfm_crypto_get_generator_capacity, TFM_CRYPTO_GET_GENERATOR_CAPACITY); -#ifdef TFM_PSA_API + PSA_CLOSE(); -#endif return status; #endif /* TFM_CRYPTO_GENERATOR_MODULE_DISABLED */ @@ -1536,15 +1378,12 @@ psa_status_t psa_generator_read(psa_crypto_generator_t *generator, {.base = output, .len = output_length}, }; -#ifdef TFM_PSA_API PSA_CONNECT(TFM_CRYPTO); -#endif status = API_DISPATCH(tfm_crypto_generator_read, TFM_CRYPTO_GENERATOR_READ); -#ifdef TFM_PSA_API + PSA_CLOSE(); -#endif return status; #endif /* TFM_CRYPTO_GENERATOR_MODULE_DISABLED */ @@ -1571,15 +1410,12 @@ psa_status_t psa_generator_import_key(psa_key_handle_t handle, {.base = &bits, .len = sizeof(size_t)}, }; -#ifdef TFM_PSA_API PSA_CONNECT(TFM_CRYPTO); -#endif status = API_DISPATCH_NO_OUTVEC(tfm_crypto_generator_import_key, TFM_CRYPTO_GENERATOR_IMPORT_KEY); -#ifdef TFM_PSA_API + PSA_CLOSE(); -#endif return status; #endif /* TFM_CRYPTO_GENERATOR_MODULE_DISABLED */ @@ -1604,15 +1440,12 @@ psa_status_t psa_generator_abort(psa_crypto_generator_t *generator) {.base = &(generator->handle), .len = sizeof(uint32_t)}, }; -#ifdef TFM_PSA_API PSA_CONNECT(TFM_CRYPTO); -#endif status = API_DISPATCH(tfm_crypto_generator_abort, TFM_CRYPTO_GENERATOR_ABORT); -#ifdef TFM_PSA_API + PSA_CLOSE(); -#endif return status; #endif /* TFM_CRYPTO_GENERATOR_MODULE_DISABLED */ @@ -1658,11 +1491,8 @@ psa_status_t psa_key_derivation(psa_crypto_generator_t *generator, {.base = &(generator->handle), .len = sizeof(uint32_t)}, }; -#ifdef TFM_PSA_API PSA_CONNECT(TFM_CRYPTO); -#endif -#ifdef TFM_PSA_API size_t in_len = ARRAY_SIZE(in_vec); if (label == NULL) { in_len--; @@ -1672,14 +1502,8 @@ psa_status_t psa_key_derivation(psa_crypto_generator_t *generator, } status = psa_call(ipc_handle, PSA_IPC_CALL, in_vec, in_len, out_vec, ARRAY_SIZE(out_vec)); -#else - status = API_DISPATCH(tfm_crypto_key_derivation, - TFM_CRYPTO_KEY_DERIVATION); -#endif -#ifdef TFM_PSA_API PSA_CLOSE(); -#endif return status; #endif /* TFM_CRYPTO_GENERATOR_MODULE_DISABLED */ @@ -1711,16 +1535,12 @@ psa_status_t psa_key_agreement(psa_crypto_generator_t *generator, {.base = &(generator->handle), .len = sizeof(uint32_t)}, }; -#ifdef TFM_PSA_API PSA_CONNECT(TFM_CRYPTO); -#endif status = API_DISPATCH(tfm_crypto_key_agreement, TFM_CRYPTO_KEY_AGREEMENT); -#ifdef TFM_PSA_API PSA_CLOSE(); -#endif return status; #endif /* TFM_CRYPTO_GENERATOR_MODULE_DISABLED */ @@ -1749,16 +1569,12 @@ psa_status_t psa_generate_random(uint8_t *output, return PSA_SUCCESS; } -#ifdef TFM_PSA_API PSA_CONNECT(TFM_CRYPTO); -#endif status = API_DISPATCH(tfm_crypto_generate_random, TFM_CRYPTO_GENERATE_RANDOM); -#ifdef TFM_PSA_API PSA_CLOSE(); -#endif return status; #endif /* TFM_CRYPTO_GENERATOR_MODULE_DISABLED */ @@ -1791,25 +1607,16 @@ psa_status_t psa_generate_key(psa_key_handle_t handle, {.base = extra, .len = extra_size}, }; -#ifdef TFM_PSA_API PSA_CONNECT(TFM_CRYPTO); -#endif -#ifdef TFM_PSA_API size_t in_len = ARRAY_SIZE(in_vec); if (extra == NULL) { in_len--; } status = psa_call(ipc_handle, PSA_IPC_CALL, in_vec, in_len, NULL, 0); -#else - status = API_DISPATCH_NO_OUTVEC(tfm_crypto_generate_key, - TFM_CRYPTO_GENERATE_KEY); -#endif -#ifdef TFM_PSA_API PSA_CLOSE(); -#endif return status; #endif /* TFM_CRYPTO_GENERATOR_MODULE_DISABLED */ diff --git a/interface/src/tfm_initial_attestation_func_api.c b/interface/src/tfm_initial_attestation_func_api.c new file mode 100644 index 000000000..c391f6117 --- /dev/null +++ b/interface/src/tfm_initial_attestation_func_api.c @@ -0,0 +1,58 @@ +/* + * Copyright (c) 2018-2019, Arm Limited. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + * + */ + +#include "psa/initial_attestation.h" +#include "tfm_veneers.h" +#include "tfm_ns_interface.h" +#include "psa/client.h" + +#define IOVEC_LEN(x) (sizeof(x)/sizeof(x[0])) + +enum psa_attest_err_t +psa_initial_attest_get_token(const uint8_t *challenge_obj, + uint32_t challenge_size, + uint8_t *token, + uint32_t *token_size) +{ + + int32_t res; + + psa_invec in_vec[] = { + {challenge_obj, challenge_size} + }; + psa_outvec out_vec[] = { + {token, *token_size} + }; + + res = tfm_ns_interface_dispatch( + (veneer_fn)tfm_initial_attest_get_token_veneer, + (uint32_t)in_vec, IOVEC_LEN(in_vec), + (uint32_t)out_vec, IOVEC_LEN(out_vec)); + + if (res == (int32_t)PSA_ATTEST_ERR_SUCCESS) { + *token_size = out_vec[0].len; + } + + return (enum psa_attest_err_t)res; +} + +enum psa_attest_err_t +psa_initial_attest_get_token_size(uint32_t challenge_size, + uint32_t *token_size) +{ + psa_invec in_vec[] = { + {&challenge_size, sizeof(challenge_size)} + }; + psa_outvec out_vec[] = { + {token_size, sizeof(uint32_t)} + }; + + return (enum psa_attest_err_t)tfm_ns_interface_dispatch( + (veneer_fn)tfm_initial_attest_get_token_size_veneer, + (uint32_t)in_vec, IOVEC_LEN(in_vec), + (uint32_t)out_vec, IOVEC_LEN(out_vec)); +} diff --git a/interface/src/tfm_initial_attestation_api.c b/interface/src/tfm_initial_attestation_ipc_api.c index 1bcce057f..10b3a5931 100644 --- a/interface/src/tfm_initial_attestation_api.c +++ b/interface/src/tfm_initial_attestation_ipc_api.c @@ -9,9 +9,7 @@ #include "tfm_veneers.h" #include "tfm_ns_interface.h" #include "psa/client.h" -#ifdef TFM_PSA_API #include "psa_manifest/sid.h" -#endif #define IOVEC_LEN(x) (sizeof(x)/sizeof(x[0])) @@ -21,12 +19,9 @@ psa_initial_attest_get_token(const uint8_t *challenge_obj, uint8_t *token, uint32_t *token_size) { -#ifdef TFM_PSA_API psa_handle_t handle = PSA_NULL_HANDLE; psa_status_t status; -#else - int32_t res; -#endif + psa_invec in_vec[] = { {challenge_obj, challenge_size} }; @@ -34,7 +29,6 @@ psa_initial_attest_get_token(const uint8_t *challenge_obj, {token, *token_size} }; -#ifdef TFM_PSA_API handle = psa_connect(TFM_ATTEST_GET_TOKEN_SID, TFM_ATTEST_GET_TOKEN_VERSION); if (handle <= 0) { @@ -55,28 +49,14 @@ psa_initial_attest_get_token(const uint8_t *challenge_obj, } return (enum psa_attest_err_t)status; -#else - res = tfm_ns_interface_dispatch( - (veneer_fn)tfm_initial_attest_get_token_veneer, - (uint32_t)in_vec, IOVEC_LEN(in_vec), - (uint32_t)out_vec, IOVEC_LEN(out_vec)); - - if (res == (int32_t)PSA_ATTEST_ERR_SUCCESS) { - *token_size = out_vec[0].len; - } - - return (enum psa_attest_err_t)res; -#endif } enum psa_attest_err_t psa_initial_attest_get_token_size(uint32_t challenge_size, uint32_t *token_size) { -#ifdef TFM_PSA_API psa_handle_t handle = PSA_NULL_HANDLE; psa_status_t status; -#endif psa_invec in_vec[] = { {&challenge_size, sizeof(challenge_size)} }; @@ -84,7 +64,6 @@ psa_initial_attest_get_token_size(uint32_t challenge_size, {token_size, sizeof(uint32_t)} }; -#ifdef TFM_PSA_API handle = psa_connect(TFM_ATTEST_GET_TOKEN_SIZE_SID, TFM_ATTEST_GET_TOKEN_SIZE_VERSION); if (handle <= 0) { @@ -101,10 +80,4 @@ psa_initial_attest_get_token_size(uint32_t challenge_size, } return (enum psa_attest_err_t)status; -#else - return (enum psa_attest_err_t)tfm_ns_interface_dispatch( - (veneer_fn)tfm_initial_attest_get_token_size_veneer, - (uint32_t)in_vec, IOVEC_LEN(in_vec), - (uint32_t)out_vec, IOVEC_LEN(out_vec)); -#endif } diff --git a/interface/src/tfm_platform_api.c b/interface/src/tfm_platform_func_api.c index 3ef0c86c8..3ef0c86c8 100644 --- a/interface/src/tfm_platform_api.c +++ b/interface/src/tfm_platform_func_api.c diff --git a/interface/src/tfm_sst_func_api.c b/interface/src/tfm_sst_func_api.c new file mode 100644 index 000000000..6d94d6794 --- /dev/null +++ b/interface/src/tfm_sst_func_api.c @@ -0,0 +1,159 @@ +/* + * Copyright (c) 2017-2019, Arm Limited. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + * + */ + +#include "psa/protected_storage.h" + +#include "tfm_ns_interface.h" +#include "tfm_veneers.h" + +#define IOVEC_LEN(x) (uint32_t)(sizeof(x)/sizeof(x[0])) + +psa_ps_status_t psa_ps_set(psa_ps_uid_t uid, + uint32_t data_length, + const void *p_data, + psa_ps_create_flags_t create_flags) +{ + psa_status_t status; + psa_ps_status_t err; + psa_invec in_vec[] = { + { .base = &uid, .len = sizeof(uid) }, + { .base = p_data, .len = data_length }, + { .base = &create_flags, .len = sizeof(create_flags) } + }; + + psa_outvec out_vec[] = { + { .base = &err , .len = sizeof(err) } + }; + + status = tfm_ns_interface_dispatch( + (veneer_fn)tfm_tfm_sst_set_req_veneer, + (uint32_t)in_vec, IOVEC_LEN(in_vec), + (uint32_t)out_vec, IOVEC_LEN(out_vec)); + if (status != PSA_SUCCESS) { + return PSA_PS_ERROR_OPERATION_FAILED; + } + + return err; +} + +psa_ps_status_t psa_ps_get(psa_ps_uid_t uid, + uint32_t data_offset, + uint32_t data_length, + void *p_data) +{ + psa_status_t status; + psa_ps_status_t err; + psa_invec in_vec[] = { + { .base = &uid, .len = sizeof(uid) }, + { .base = &data_offset, .len = sizeof(data_offset) } + }; + + psa_outvec out_vec[] = { + { .base = &err, .len = sizeof(err) }, + { .base = p_data, .len = data_length } + }; + + status = tfm_ns_interface_dispatch( + (veneer_fn)tfm_tfm_sst_get_req_veneer, + (uint32_t)in_vec, IOVEC_LEN(in_vec), + (uint32_t)out_vec, IOVEC_LEN(out_vec)); + + if (status != PSA_SUCCESS) { + return PSA_PS_ERROR_OPERATION_FAILED; + } + + return err; +} + +psa_ps_status_t psa_ps_get_info(psa_ps_uid_t uid, struct psa_ps_info_t *p_info) +{ + psa_status_t status; + psa_ps_status_t err; + psa_invec in_vec[] = { + { .base = &uid, .len = sizeof(uid) } + }; + + psa_outvec out_vec[] = { + { .base = &err, .len = sizeof(err) }, + { .base = p_info, .len = sizeof(*p_info) } + }; + + status = tfm_ns_interface_dispatch( + (veneer_fn)tfm_tfm_sst_get_info_req_veneer, + (uint32_t)in_vec, IOVEC_LEN(in_vec), + (uint32_t)out_vec, IOVEC_LEN(out_vec)); + + if (status != PSA_SUCCESS) { + return PSA_PS_ERROR_OPERATION_FAILED; + } + + return err; +} + +psa_ps_status_t psa_ps_remove(psa_ps_uid_t uid) +{ + psa_status_t status; + psa_ps_status_t err; + psa_invec in_vec[] = { + { .base = &uid, .len = sizeof(uid) } + }; + + psa_outvec out_vec[] = { + { .base = &err, .len = sizeof(err) } + }; + + status = tfm_ns_interface_dispatch( + (veneer_fn)tfm_tfm_sst_remove_req_veneer, + (uint32_t)in_vec, IOVEC_LEN(in_vec), + (uint32_t)out_vec, IOVEC_LEN(out_vec)); + + if (status != PSA_SUCCESS) { + return PSA_PS_ERROR_OPERATION_FAILED; + } + + return err; +} + +psa_ps_status_t psa_ps_create(psa_ps_uid_t uid, uint32_t size, + psa_ps_create_flags_t create_flags) +{ + (void)uid; + (void)size; + (void)create_flags; + + return PSA_PS_ERROR_NOT_SUPPORTED; +} + +psa_ps_status_t psa_ps_set_extended(psa_ps_uid_t uid, uint32_t data_offset, + uint32_t data_length, const void *p_data) +{ + (void)uid; + (void)data_offset; + (void)data_length; + (void)p_data; + + return PSA_PS_ERROR_NOT_SUPPORTED; +} + +uint32_t psa_ps_get_support(void) +{ + /* Initialise support_flags to a sensible default, to avoid returning an + * uninitialised value in case the secure function fails. + */ + uint32_t support_flags = 0; + + psa_outvec out_vec[] = { + { .base = &support_flags, .len = sizeof(support_flags) } + }; + + (void)tfm_ns_interface_dispatch( + (veneer_fn)tfm_tfm_sst_get_support_req_veneer, + (uint32_t)NULL, 0, + (uint32_t)out_vec, IOVEC_LEN(out_vec)); + + return support_flags; +} diff --git a/interface/src/tfm_sst_api.c b/interface/src/tfm_sst_ipc_api.c index c3a1504dc..9ef95ff49 100644 --- a/interface/src/tfm_sst_api.c +++ b/interface/src/tfm_sst_ipc_api.c @@ -9,9 +9,7 @@ #include "tfm_ns_interface.h" #include "tfm_veneers.h" -#ifdef TFM_PSA_API #include "psa_manifest/sid.h" -#endif #define IOVEC_LEN(x) (uint32_t)(sizeof(x)/sizeof(x[0])) @@ -22,9 +20,7 @@ psa_ps_status_t psa_ps_set(psa_ps_uid_t uid, { psa_status_t status; psa_ps_status_t err; -#ifdef TFM_PSA_API psa_handle_t handle; -#endif psa_invec in_vec[] = { { .base = &uid, .len = sizeof(uid) }, @@ -36,7 +32,6 @@ psa_ps_status_t psa_ps_set(psa_ps_uid_t uid, { .base = &err , .len = sizeof(err) } }; -#ifdef TFM_PSA_API handle = psa_connect(TFM_SST_SET_SID, TFM_SST_SET_VERSION); if (!PSA_HANDLE_IS_VALID(handle)) { return PSA_PS_ERROR_OPERATION_FAILED; @@ -50,15 +45,6 @@ psa_ps_status_t psa_ps_set(psa_ps_uid_t uid, if (status != PSA_SUCCESS) { return PSA_PS_ERROR_OPERATION_FAILED; } -#else - status = tfm_ns_interface_dispatch( - (veneer_fn)tfm_tfm_sst_set_req_veneer, - (uint32_t)in_vec, IOVEC_LEN(in_vec), - (uint32_t)out_vec, IOVEC_LEN(out_vec)); - if (status != PSA_SUCCESS) { - return PSA_PS_ERROR_OPERATION_FAILED; - } -#endif return err; } @@ -70,9 +56,7 @@ psa_ps_status_t psa_ps_get(psa_ps_uid_t uid, { psa_status_t status; psa_ps_status_t err; -#ifdef TFM_PSA_API psa_handle_t handle; -#endif psa_invec in_vec[] = { { .base = &uid, .len = sizeof(uid) }, @@ -84,7 +68,6 @@ psa_ps_status_t psa_ps_get(psa_ps_uid_t uid, { .base = p_data, .len = data_length } }; -#ifdef TFM_PSA_API handle = psa_connect(TFM_SST_GET_SID, TFM_SST_GET_VERSION); if (!PSA_HANDLE_IS_VALID(handle)) { return PSA_PS_ERROR_OPERATION_FAILED; @@ -98,16 +81,6 @@ psa_ps_status_t psa_ps_get(psa_ps_uid_t uid, if (status != PSA_SUCCESS) { return PSA_PS_ERROR_OPERATION_FAILED; } -#else - status = tfm_ns_interface_dispatch( - (veneer_fn)tfm_tfm_sst_get_req_veneer, - (uint32_t)in_vec, IOVEC_LEN(in_vec), - (uint32_t)out_vec, IOVEC_LEN(out_vec)); - - if (status != PSA_SUCCESS) { - return PSA_PS_ERROR_OPERATION_FAILED; - } -#endif return err; } @@ -116,9 +89,7 @@ psa_ps_status_t psa_ps_get_info(psa_ps_uid_t uid, struct psa_ps_info_t *p_info) { psa_status_t status; psa_ps_status_t err; -#ifdef TFM_PSA_API psa_handle_t handle; -#endif psa_invec in_vec[] = { { .base = &uid, .len = sizeof(uid) } @@ -129,7 +100,6 @@ psa_ps_status_t psa_ps_get_info(psa_ps_uid_t uid, struct psa_ps_info_t *p_info) { .base = p_info, .len = sizeof(*p_info) } }; -#ifdef TFM_PSA_API handle = psa_connect(TFM_SST_GET_INFO_SID, TFM_SST_GET_INFO_VERSION); if (!PSA_HANDLE_IS_VALID(handle)) { return PSA_PS_ERROR_OPERATION_FAILED; @@ -143,16 +113,6 @@ psa_ps_status_t psa_ps_get_info(psa_ps_uid_t uid, struct psa_ps_info_t *p_info) if (status != PSA_SUCCESS) { return PSA_PS_ERROR_OPERATION_FAILED; } -#else - status = tfm_ns_interface_dispatch( - (veneer_fn)tfm_tfm_sst_get_info_req_veneer, - (uint32_t)in_vec, IOVEC_LEN(in_vec), - (uint32_t)out_vec, IOVEC_LEN(out_vec)); - - if (status != PSA_SUCCESS) { - return PSA_PS_ERROR_OPERATION_FAILED; - } -#endif return err; } @@ -161,9 +121,7 @@ psa_ps_status_t psa_ps_remove(psa_ps_uid_t uid) { psa_status_t status; psa_ps_status_t err; -#ifdef TFM_PSA_API psa_handle_t handle; -#endif psa_invec in_vec[] = { { .base = &uid, .len = sizeof(uid) } @@ -173,7 +131,6 @@ psa_ps_status_t psa_ps_remove(psa_ps_uid_t uid) { .base = &err, .len = sizeof(err) } }; -#ifdef TFM_PSA_API handle = psa_connect(TFM_SST_REMOVE_SID, TFM_SST_REMOVE_VERSION); if (!PSA_HANDLE_IS_VALID(handle)) { return PSA_PS_ERROR_OPERATION_FAILED; @@ -187,16 +144,6 @@ psa_ps_status_t psa_ps_remove(psa_ps_uid_t uid) if (status != PSA_SUCCESS) { return PSA_PS_ERROR_OPERATION_FAILED; } -#else - status = tfm_ns_interface_dispatch( - (veneer_fn)tfm_tfm_sst_remove_req_veneer, - (uint32_t)in_vec, IOVEC_LEN(in_vec), - (uint32_t)out_vec, IOVEC_LEN(out_vec)); - - if (status != PSA_SUCCESS) { - return PSA_PS_ERROR_OPERATION_FAILED; - } -#endif return err; } @@ -228,9 +175,7 @@ uint32_t psa_ps_get_support(void) * uninitialised value in case the secure function fails. */ uint32_t support_flags = 0; -#ifdef TFM_PSA_API psa_handle_t handle; -#endif psa_outvec out_vec[] = { { .base = &support_flags, .len = sizeof(support_flags) } @@ -239,7 +184,6 @@ uint32_t psa_ps_get_support(void) /* The PSA API does not return an error, so any error from TF-M is * ignored. */ -#ifdef TFM_PSA_API handle = psa_connect(TFM_SST_GET_SUPPORT_SID, TFM_SST_GET_SUPPORT_VERSION); if (!PSA_HANDLE_IS_VALID(handle)) { return support_flags; @@ -248,12 +192,6 @@ uint32_t psa_ps_get_support(void) (void)psa_call(handle, PSA_IPC_CALL, NULL, 0, out_vec, IOVEC_LEN(out_vec)); psa_close(handle); -#else - (void)tfm_ns_interface_dispatch( - (veneer_fn)tfm_tfm_sst_get_support_req_veneer, - (uint32_t)NULL, 0, - (uint32_t)out_vec, IOVEC_LEN(out_vec)); -#endif return support_flags; } |