1 /* 2 * Copyright (c) 2018-2022, Arm Limited. All rights reserved. 3 * 4 * SPDX-License-Identifier: BSD-3-Clause 5 * 6 */ 7 8 #ifndef __TFM_CRYPTO_DEFS_H__ 9 #define __TFM_CRYPTO_DEFS_H__ 10 11 #ifdef __cplusplus 12 extern "C" { 13 #endif 14 15 #include "psa/crypto.h" 16 #ifdef PLATFORM_DEFAULT_CRYPTO_KEYS 17 #include "crypto_keys/tfm_builtin_key_ids.h" 18 #else 19 #include "tfm_builtin_key_ids.h" 20 #endif /* PLATFORM_DEFAULT_CRYPTO_KEYS */ 21 22 /** 23 * \brief The maximum supported length of a nonce through the TF-M 24 * interfaces 25 */ 26 #define TFM_CRYPTO_MAX_NONCE_LENGTH (16u) 27 28 /** 29 * \brief This type is used to overcome a limitation in the number of maximum 30 * IOVECs that can be used especially in psa_aead_encrypt and 31 * psa_aead_decrypt. By using this type we pack the nonce and the actual 32 * nonce_length at part of the same structure 33 */ 34 struct tfm_crypto_aead_pack_input { 35 uint8_t nonce[TFM_CRYPTO_MAX_NONCE_LENGTH]; 36 uint32_t nonce_length; 37 }; 38 39 /** 40 * \brief Structure used to pack non-pointer types in a call to PSA Crypto APIs 41 * 42 */ 43 struct tfm_crypto_pack_iovec { 44 psa_key_id_t key_id; /*!< Key id */ 45 psa_algorithm_t alg; /*!< Algorithm */ 46 uint32_t op_handle; /*!< Client context handle associated to a 47 * multipart operation 48 */ 49 size_t ad_length; /*!< Additional Data length for multipart AEAD */ 50 size_t plaintext_length; /*!< Plaintext length for multipart AEAD */ 51 52 struct tfm_crypto_aead_pack_input aead_in; /*!< Packs AEAD-related inputs */ 53 54 uint16_t function_id; /*!< Used to identify the function in the 55 * API dispatcher to the service backend 56 * See tfm_crypto_func_sid for detail 57 */ 58 uint16_t step; /*!< Key derivation step */ 59 union { 60 size_t capacity; /*!< Key derivation capacity */ 61 uint64_t value; /*!< Key derivation integer for update*/ 62 }; 63 }; 64 65 /** 66 * \brief Type associated to the group of a function encoding. There can be 67 * nine groups (Random, Key management, Hash, MAC, Cipher, AEAD, 68 * Asym sign, Asym encrypt, Key derivation). 69 */ 70 enum tfm_crypto_group_id_t { 71 TFM_CRYPTO_GROUP_ID_RANDOM = UINT8_C(1), 72 TFM_CRYPTO_GROUP_ID_KEY_MANAGEMENT = UINT8_C(2), 73 TFM_CRYPTO_GROUP_ID_HASH = UINT8_C(3), 74 TFM_CRYPTO_GROUP_ID_MAC = UINT8_C(4), 75 TFM_CRYPTO_GROUP_ID_CIPHER = UINT8_C(5), 76 TFM_CRYPTO_GROUP_ID_AEAD = UINT8_C(6), 77 TFM_CRYPTO_GROUP_ID_ASYM_SIGN = UINT8_C(7), 78 TFM_CRYPTO_GROUP_ID_ASYM_ENCRYPT = UINT8_C(8), 79 TFM_CRYPTO_GROUP_ID_KEY_DERIVATION = UINT8_C(9) 80 }; 81 82 /* Set of X macros describing each of the available PSA Crypto APIs */ 83 #define RANDOM_FUNCS \ 84 X(TFM_CRYPTO_GENERATE_RANDOM) 85 86 #define KEY_MANAGEMENT_FUNCS \ 87 X(TFM_CRYPTO_GET_KEY_ATTRIBUTES) \ 88 X(TFM_CRYPTO_OPEN_KEY) \ 89 X(TFM_CRYPTO_CLOSE_KEY) \ 90 X(TFM_CRYPTO_IMPORT_KEY) \ 91 X(TFM_CRYPTO_DESTROY_KEY) \ 92 X(TFM_CRYPTO_EXPORT_KEY) \ 93 X(TFM_CRYPTO_EXPORT_PUBLIC_KEY) \ 94 X(TFM_CRYPTO_PURGE_KEY) \ 95 X(TFM_CRYPTO_COPY_KEY) \ 96 X(TFM_CRYPTO_GENERATE_KEY) 97 98 #define HASH_FUNCS \ 99 X(TFM_CRYPTO_HASH_COMPUTE) \ 100 X(TFM_CRYPTO_HASH_COMPARE) \ 101 X(TFM_CRYPTO_HASH_SETUP) \ 102 X(TFM_CRYPTO_HASH_UPDATE) \ 103 X(TFM_CRYPTO_HASH_CLONE) \ 104 X(TFM_CRYPTO_HASH_FINISH) \ 105 X(TFM_CRYPTO_HASH_VERIFY) \ 106 X(TFM_CRYPTO_HASH_ABORT) 107 108 #define MAC_FUNCS \ 109 X(TFM_CRYPTO_MAC_COMPUTE) \ 110 X(TFM_CRYPTO_MAC_VERIFY) \ 111 X(TFM_CRYPTO_MAC_SIGN_SETUP) \ 112 X(TFM_CRYPTO_MAC_VERIFY_SETUP) \ 113 X(TFM_CRYPTO_MAC_UPDATE) \ 114 X(TFM_CRYPTO_MAC_SIGN_FINISH) \ 115 X(TFM_CRYPTO_MAC_VERIFY_FINISH) \ 116 X(TFM_CRYPTO_MAC_ABORT) 117 118 #define CIPHER_FUNCS \ 119 X(TFM_CRYPTO_CIPHER_ENCRYPT) \ 120 X(TFM_CRYPTO_CIPHER_DECRYPT) \ 121 X(TFM_CRYPTO_CIPHER_ENCRYPT_SETUP) \ 122 X(TFM_CRYPTO_CIPHER_DECRYPT_SETUP) \ 123 X(TFM_CRYPTO_CIPHER_GENERATE_IV) \ 124 X(TFM_CRYPTO_CIPHER_SET_IV) \ 125 X(TFM_CRYPTO_CIPHER_UPDATE) \ 126 X(TFM_CRYPTO_CIPHER_FINISH) \ 127 X(TFM_CRYPTO_CIPHER_ABORT) 128 129 #define AEAD_FUNCS \ 130 X(TFM_CRYPTO_AEAD_ENCRYPT) \ 131 X(TFM_CRYPTO_AEAD_DECRYPT) \ 132 X(TFM_CRYPTO_AEAD_ENCRYPT_SETUP) \ 133 X(TFM_CRYPTO_AEAD_DECRYPT_SETUP) \ 134 X(TFM_CRYPTO_AEAD_GENERATE_NONCE) \ 135 X(TFM_CRYPTO_AEAD_SET_NONCE) \ 136 X(TFM_CRYPTO_AEAD_SET_LENGTHS) \ 137 X(TFM_CRYPTO_AEAD_UPDATE_AD) \ 138 X(TFM_CRYPTO_AEAD_UPDATE) \ 139 X(TFM_CRYPTO_AEAD_FINISH) \ 140 X(TFM_CRYPTO_AEAD_VERIFY) \ 141 X(TFM_CRYPTO_AEAD_ABORT) 142 143 #define ASYM_SIGN_FUNCS \ 144 X(TFM_CRYPTO_ASYMMETRIC_SIGN_MESSAGE) \ 145 X(TFM_CRYPTO_ASYMMETRIC_VERIFY_MESSAGE) \ 146 X(TFM_CRYPTO_ASYMMETRIC_SIGN_HASH) \ 147 X(TFM_CRYPTO_ASYMMETRIC_VERIFY_HASH) 148 149 #define ASYM_ENCRYPT_FUNCS \ 150 X(TFM_CRYPTO_ASYMMETRIC_ENCRYPT) \ 151 X(TFM_CRYPTO_ASYMMETRIC_DECRYPT) 152 153 #define KEY_DERIVATION_FUNCS \ 154 X(TFM_CRYPTO_RAW_KEY_AGREEMENT) \ 155 X(TFM_CRYPTO_KEY_DERIVATION_SETUP) \ 156 X(TFM_CRYPTO_KEY_DERIVATION_GET_CAPACITY) \ 157 X(TFM_CRYPTO_KEY_DERIVATION_SET_CAPACITY) \ 158 X(TFM_CRYPTO_KEY_DERIVATION_INPUT_BYTES) \ 159 X(TFM_CRYPTO_KEY_DERIVATION_INPUT_KEY) \ 160 X(TFM_CRYPTO_KEY_DERIVATION_INPUT_INTEGER) \ 161 X(TFM_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT) \ 162 X(TFM_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES) \ 163 X(TFM_CRYPTO_KEY_DERIVATION_OUTPUT_KEY) \ 164 X(TFM_CRYPTO_KEY_DERIVATION_ABORT) 165 166 #define BASE__VALUE(x) ((uint16_t)((((uint16_t)(x)) << 8) & 0xFF00)) 167 168 /** 169 * \brief This type defines numerical progressive values identifying a function API 170 * exposed through the interfaces (S or NS). It's used to dispatch the requests 171 * from S/NS to the corresponding API implementation in the Crypto service backend. 172 * 173 * \note Each function SID is encoded as uint16_t. 174 * +------------+------------+ 175 * | Group ID | Func ID | 176 * +------------+------------+ 177 * (MSB)15 8 7 0(LSB) 178 * 179 */ 180 enum tfm_crypto_func_sid_t { 181 #define X(FUNCTION_NAME) FUNCTION_NAME ## _SID, 182 BASE__RANDOM = BASE__VALUE(TFM_CRYPTO_GROUP_ID_RANDOM) - 1, 183 RANDOM_FUNCS 184 BASE__KEY_MANAGEMENT = BASE__VALUE(TFM_CRYPTO_GROUP_ID_KEY_MANAGEMENT) - 1, 185 KEY_MANAGEMENT_FUNCS 186 BASE__HASH = BASE__VALUE(TFM_CRYPTO_GROUP_ID_HASH) - 1, 187 HASH_FUNCS 188 BASE__MAC = BASE__VALUE(TFM_CRYPTO_GROUP_ID_MAC) - 1, 189 MAC_FUNCS 190 BASE__CIPHER = BASE__VALUE(TFM_CRYPTO_GROUP_ID_CIPHER) - 1, 191 CIPHER_FUNCS 192 BASE__AEAD = BASE__VALUE(TFM_CRYPTO_GROUP_ID_AEAD) - 1, 193 AEAD_FUNCS 194 BASE__ASYM_SIGN = BASE__VALUE(TFM_CRYPTO_GROUP_ID_ASYM_SIGN) - 1, 195 ASYM_SIGN_FUNCS 196 BASE__ASYM_ENCRYPT = BASE__VALUE(TFM_CRYPTO_GROUP_ID_ASYM_ENCRYPT) - 1, 197 ASYM_ENCRYPT_FUNCS 198 BASE__KEY_DERIVATION = BASE__VALUE(TFM_CRYPTO_GROUP_ID_KEY_DERIVATION) - 1, 199 KEY_DERIVATION_FUNCS 200 #undef X 201 }; 202 203 /** 204 * \brief This macro is used to extract the group_id from an encoded function id 205 * by accessing the upper 8 bits. A \a _function_id is uint16_t type 206 */ 207 #define TFM_CRYPTO_GET_GROUP_ID(_function_id) \ 208 ((enum tfm_crypto_group_id_t)(((uint16_t)(_function_id) >> 8) & 0xFF)) 209 210 #ifdef __cplusplus 211 } 212 #endif 213 214 #endif /* __TFM_CRYPTO_DEFS_H__ */ 215
