1 /*
2  * Copyright (c) 2018-2022, Arm Limited. All rights reserved.
3  *
4  * SPDX-License-Identifier: BSD-3-Clause
5  *
6  */
7 
8 #ifndef __TFM_CRYPTO_API_H__
9 #define __TFM_CRYPTO_API_H__
10 
11 #ifdef __cplusplus
12 extern "C" {
13 #endif
14 
15 #include <stdint.h>
16 #include "tfm_crypto_defs.h"
17 #include "psa/crypto_client_struct.h"
18 
19 /**
20  * \brief List of possible operation types supported by the TFM based
21  *        implementation. This type is needed by the operation allocation,
22  *        lookup and release functions.
23  *
24  */
25 enum tfm_crypto_operation_type {
26     TFM_CRYPTO_OPERATION_NONE = 0,
27     TFM_CRYPTO_CIPHER_OPERATION = 1,
28     TFM_CRYPTO_MAC_OPERATION = 2,
29     TFM_CRYPTO_HASH_OPERATION = 3,
30     TFM_CRYPTO_KEY_DERIVATION_OPERATION = 4,
31     TFM_CRYPTO_AEAD_OPERATION = 5,
32 
33     /* Used to force the enum size */
34     TFM_CRYPTO_OPERATION_TYPE_MAX = INT_MAX
35 };
36 
37 /*
38  * Macro to determine the group_id corresponding to a function_id by
39  * accessing the tfm_crypto_func_sid table
40  */
41 #define TFM_CRYPTO_GET_GROUP_ID(_function_id)    \
42                         ((enum tfm_crypto_group_id)((_function_id) & 0xFF))
43 
44 /**
45  * \brief Initialise the service
46  *
47  * \return Return values as described in \ref psa_status_t
48  */
49 psa_status_t tfm_crypto_init(void);
50 
51 /**
52  * \brief Initialise the Alloc module
53  *
54  * \return Return values as described in \ref psa_status_t
55  */
56 psa_status_t tfm_crypto_init_alloc(void);
57 
58 /**
59  * \brief Returns the ID of the caller
60  *
61  * \param[out] id Pointer to hold the ID of the caller
62  *
63  * \return Return values as described in \ref psa_status_t
64  */
65 psa_status_t tfm_crypto_get_caller_id(int32_t *id);
66 
67 /**
68  * \brief Gets key attributes from client key attributes.
69  *
70  * \param[in]  client_key_attr  Client key attributes
71  * \param[in]  client_id        Partition ID of the calling client
72  * \param[out] key_attributes   Key attributes
73  *
74  * \return Return values as described in \ref psa_status_t
75  */
76 psa_status_t tfm_crypto_key_attributes_from_client(
77                     const struct psa_client_key_attributes_s *client_key_attr,
78                     int32_t client_id,
79                     psa_key_attributes_t *key_attributes);
80 
81 /**
82  * \brief Converts key attributes to client key attributes.
83  *
84  * \param[in]  key_attributes   Key attributes
85  * \param[out] client_key_attr  Client key attributes
86  *
87  * \return Return values as described in \ref psa_status_t
88  */
89 psa_status_t tfm_crypto_key_attributes_to_client(
90                         const psa_key_attributes_t *key_attributes,
91                         struct psa_client_key_attributes_s *client_key_attr);
92 
93 /**
94  * \brief Allocate an operation context in the backend
95  *
96  * \param[in]  type   Type of the operation context to allocate
97  * \param[out] handle Pointer to hold the allocated handle
98  * \param[out  ctx    Double pointer to the corresponding context
99  *
100  * \return Return values as described in \ref psa_status_t
101  */
102 psa_status_t tfm_crypto_operation_alloc(enum tfm_crypto_operation_type type,
103                                         uint32_t *handle,
104                                         void **ctx);
105 /**
106  * \brief Release an operation context in the backend
107  *
108  * \param[in/out] handle Pointer to the handle of the context to release
109  *
110  * \return Return values as described in \ref psa_status_t
111  */
112 psa_status_t tfm_crypto_operation_release(uint32_t *handle);
113 /**
114  * \brief Look up an operation context in the backend for the corresponding
115  *        frontend operation
116  *
117  * \param[in]  type   Type of the operation context to look up
118  * \param[in]  handle Handle of the context to lookup
119  * \param[out] ctx    Double pointer to the corresponding context
120  *
121  * \return Return values as described in \ref psa_status_t
122  */
123 psa_status_t tfm_crypto_operation_lookup(enum tfm_crypto_operation_type type,
124                                          uint32_t handle,
125                                          void **ctx);
126 
127 /**
128  * \brief This function acts as interface from the framework dispatching
129  *        calls to the set of functions that implement the PSA Crypto APIs.
130  *        It is based on the Uniform Signatures prototype.
131  *
132  * \param[in]  in_vec   Array of invec parameters
133  * \param[in]  in_len   Length of the valid entries in in_vec
134  * \param[out] out_vec  Array of outvec parameters
135  * \param[in]  out_len  Length of the valid entries in out_vec
136  *
137  * \return Return values as described in \ref psa_status_t
138  */
139 psa_status_t tfm_crypto_api_dispatcher(psa_invec in_vec[],
140                                        size_t in_len,
141                                        psa_outvec out_vec[],
142                                        size_t out_len);
143 /**
144  * \brief This function acts as interface for the Key management module
145  *
146  * \param[in]  in_vec   Array of invec parameters
147  * \param[out] out_vec  Array of outvec parameters
148  * \param[in]  encoded_key Key encoded with partition_id and key_id
149  *
150  * \return Return values as described in \ref psa_status_t
151  */
152 psa_status_t tfm_crypto_key_management_interface(psa_invec in_vec[],
153                                             psa_outvec out_vec[],
154                                             mbedtls_svc_key_id_t *encoded_key);
155 /**
156  * \brief This function acts as interface for the MAC module
157  *
158  * \param[in]  in_vec   Array of invec parameters
159  * \param[out] out_vec  Array of outvec parameters
160  * \param[in]  encoded_key Key encoded with partition_id and key_id
161  *
162  * \return Return values as described in \ref psa_status_t
163  */
164 psa_status_t tfm_crypto_mac_interface(psa_invec in_vec[],
165                                       psa_outvec out_vec[],
166                                       mbedtls_svc_key_id_t *encoded_key);
167 /**
168  * \brief This function acts as interface for the Cipher module
169  *
170  * \param[in]  in_vec   Array of invec parameters
171  * \param[out] out_vec  Array of outvec parameters
172  * \param[in]  encoded_key Key encoded with partition_id and key_id
173  *
174  * \return Return values as described in \ref psa_status_t
175  */
176 psa_status_t tfm_crypto_cipher_interface(psa_invec in_vec[],
177                                          psa_outvec out_vec[],
178                                          mbedtls_svc_key_id_t *encoded_key);
179 /**
180  * \brief This function acts as interface for the AEAD module
181  *
182  * \param[in]  in_vec   Array of invec parameters
183  * \param[out] out_vec  Array of outvec parameters
184  * \param[in]  encoded_key Key encoded with partition_id and key_id
185  *
186  * \return Return values as described in \ref psa_status_t
187  */
188 psa_status_t tfm_crypto_aead_interface(psa_invec in_vec[],
189                                        psa_outvec out_vec[],
190                                        mbedtls_svc_key_id_t *encoded_key);
191 
192 /**
193  * \brief This function acts as interface for the Asymmetric signing module
194  *
195  * \param[in]  in_vec   Array of invec parameters
196  * \param[out] out_vec  Array of outvec parameters
197  * \param[in]  encoded_key Key encoded with partition_id and key_id
198  *
199  * \return Return values as described in \ref psa_status_t
200  */
201 psa_status_t tfm_crypto_asymmetric_sign_interface(psa_invec in_vec[],
202                                                   psa_outvec out_vec[],
203                                              mbedtls_svc_key_id_t *encoded_key);
204 
205 /**
206  * \brief This function acts as interface for the Asymmetric encryption module
207  *
208  * \param[in]  in_vec   Array of invec parameters
209  * \param[out] out_vec  Array of outvec parameters
210  * \param[in]  encoded_key Key encoded with partition_id and key_id
211  *
212  * \return Return values as described in \ref psa_status_t
213  */
214 psa_status_t tfm_crypto_asymmetric_encrypt_interface(psa_invec in_vec[],
215                                                      psa_outvec out_vec[],
216                                              mbedtls_svc_key_id_t *encoded_key);
217 
218 /**
219  * \brief This function acts as interface for the Key derivation module
220  *
221  * \param[in]  in_vec   Array of invec parameters
222  * \param[out] out_vec  Array of outvec parameters
223  * \param[in]  encoded_key Key encoded with partition_id and key_id
224  *
225  * \return Return values as described in \ref psa_status_t
226  */
227 psa_status_t tfm_crypto_key_derivation_interface(psa_invec in_vec[],
228                                             psa_outvec out_vec[],
229                                             mbedtls_svc_key_id_t *encoded_key);
230 /**
231  * \brief This function acts as interface for the Random module
232  *
233  * \param[in]  in_vec   Array of invec parameters
234  * \param[out] out_vec  Array of outvec parameters
235  *
236  * \return Return values as described in \ref psa_status_t
237  */
238 psa_status_t tfm_crypto_random_interface(psa_invec in_vec[],
239                                          psa_outvec out_vec[]);
240 /**
241  * \brief This function acts as interface for the Hash module
242  *
243  * \param[in]  in_vec   Array of invec parameters
244  * \param[out] out_vec  Array of outvec parameters
245  *
246  * \return Return values as described in \ref psa_status_t
247  */
248 psa_status_t tfm_crypto_hash_interface(psa_invec in_vec[],
249                                        psa_outvec out_vec[]);
250 
251 #ifdef __cplusplus
252 }
253 #endif
254 
255 #endif /* __TFM_CRYPTO_API_H__ */
256