1 /* 2 * Copyright (c) 2018-2022, Arm Limited. All rights reserved. 3 * 4 * SPDX-License-Identifier: BSD-3-Clause 5 * 6 */ 7 8 #ifndef __TFM_CRYPTO_DEFS_H__ 9 #define __TFM_CRYPTO_DEFS_H__ 10 11 #ifdef __cplusplus 12 extern "C" { 13 #endif 14 15 #include <stdint.h> 16 #include <limits.h> 17 #include "tfm_api.h" 18 #include "psa/crypto.h" 19 #ifdef PLATFORM_DEFAULT_CRYPTO_KEYS 20 #include "crypto_keys/tfm_builtin_key_ids.h" 21 #else 22 #include "tfm_builtin_key_ids.h" 23 #endif /* PLATFORM_DEFAULT_CRYPTO_KEYS */ 24 25 /** 26 * \brief This type is used to overcome a limitation in the number of maximum 27 * IOVECs that can be used especially in psa_aead_encrypt and 28 * psa_aead_decrypt. 29 */ 30 #define TFM_CRYPTO_MAX_NONCE_LENGTH (16u) 31 struct tfm_crypto_aead_pack_input { 32 uint8_t nonce[TFM_CRYPTO_MAX_NONCE_LENGTH]; 33 uint32_t nonce_length; 34 }; 35 36 /** 37 * \brief Structure used to pack non-pointer types in a call 38 * 39 */ 40 struct tfm_crypto_pack_iovec { 41 psa_key_id_t key_id; /*!< Key id */ 42 psa_algorithm_t alg; /*!< Algorithm */ 43 uint32_t op_handle; /*!< Frontend context handle associated to a 44 * multipart operation 45 */ 46 size_t capacity; /*!< Key derivation capacity */ 47 size_t ad_length; /*!< Additional Data length for multipart AEAD */ 48 size_t plaintext_length; /*!< Plaintext length for multipart AEAD */ 49 50 struct tfm_crypto_aead_pack_input aead_in; /*!< Packs AEAD-related inputs */ 51 52 uint16_t function_id; /*!< Used to identify the function in the 53 * API dispatcher to the service backend 54 * See tfm_crypto_func_sid for detail 55 */ 56 uint16_t step; /*!< Key derivation step */ 57 }; 58 59 /** 60 * \brief Type associated to the group of a function encoding. There can be 61 * nine groups (Random, Key management, Hash, MAC, Cipher, AEAD, 62 * Asym sign, Asym encrypt, Key derivation). 63 */ 64 enum tfm_crypto_group_id { 65 TFM_CRYPTO_GROUP_ID_RANDOM = 0x0, 66 TFM_CRYPTO_GROUP_ID_KEY_MANAGEMENT, 67 TFM_CRYPTO_GROUP_ID_HASH, 68 TFM_CRYPTO_GROUP_ID_MAC, 69 TFM_CRYPTO_GROUP_ID_CIPHER, 70 TFM_CRYPTO_GROUP_ID_AEAD, 71 TFM_CRYPTO_GROUP_ID_ASYM_SIGN, 72 TFM_CRYPTO_GROUP_ID_ASYM_ENCRYPT, 73 TFM_CRYPTO_GROUP_ID_KEY_DERIVATION, 74 }; 75 76 /* X macro describing each of the available PSA Crypto APIs */ 77 #define KEY_MANAGEMENT_FUNCS \ 78 X(TFM_CRYPTO_GET_KEY_ATTRIBUTES) \ 79 X(TFM_CRYPTO_RESET_KEY_ATTRIBUTES) \ 80 X(TFM_CRYPTO_OPEN_KEY) \ 81 X(TFM_CRYPTO_CLOSE_KEY) \ 82 X(TFM_CRYPTO_IMPORT_KEY) \ 83 X(TFM_CRYPTO_DESTROY_KEY) \ 84 X(TFM_CRYPTO_EXPORT_KEY) \ 85 X(TFM_CRYPTO_EXPORT_PUBLIC_KEY) \ 86 X(TFM_CRYPTO_PURGE_KEY) \ 87 X(TFM_CRYPTO_COPY_KEY) \ 88 X(TFM_CRYPTO_GENERATE_KEY) 89 90 #define HASH_FUNCS \ 91 X(TFM_CRYPTO_HASH_COMPUTE) \ 92 X(TFM_CRYPTO_HASH_COMPARE) \ 93 X(TFM_CRYPTO_HASH_SETUP) \ 94 X(TFM_CRYPTO_HASH_UPDATE) \ 95 X(TFM_CRYPTO_HASH_CLONE) \ 96 X(TFM_CRYPTO_HASH_FINISH) \ 97 X(TFM_CRYPTO_HASH_VERIFY) \ 98 X(TFM_CRYPTO_HASH_ABORT) 99 100 #define MAC_FUNCS \ 101 X(TFM_CRYPTO_MAC_COMPUTE) \ 102 X(TFM_CRYPTO_MAC_VERIFY) \ 103 X(TFM_CRYPTO_MAC_SIGN_SETUP) \ 104 X(TFM_CRYPTO_MAC_VERIFY_SETUP) \ 105 X(TFM_CRYPTO_MAC_UPDATE) \ 106 X(TFM_CRYPTO_MAC_SIGN_FINISH) \ 107 X(TFM_CRYPTO_MAC_VERIFY_FINISH) \ 108 X(TFM_CRYPTO_MAC_ABORT) 109 110 #define CIPHER_FUNCS \ 111 X(TFM_CRYPTO_CIPHER_ENCRYPT) \ 112 X(TFM_CRYPTO_CIPHER_DECRYPT) \ 113 X(TFM_CRYPTO_CIPHER_ENCRYPT_SETUP) \ 114 X(TFM_CRYPTO_CIPHER_DECRYPT_SETUP) \ 115 X(TFM_CRYPTO_CIPHER_GENERATE_IV) \ 116 X(TFM_CRYPTO_CIPHER_SET_IV) \ 117 X(TFM_CRYPTO_CIPHER_UPDATE) \ 118 X(TFM_CRYPTO_CIPHER_FINISH) \ 119 X(TFM_CRYPTO_CIPHER_ABORT) 120 121 #define AEAD_FUNCS \ 122 X(TFM_CRYPTO_AEAD_ENCRYPT) \ 123 X(TFM_CRYPTO_AEAD_DECRYPT) \ 124 X(TFM_CRYPTO_AEAD_ENCRYPT_SETUP) \ 125 X(TFM_CRYPTO_AEAD_DECRYPT_SETUP) \ 126 X(TFM_CRYPTO_AEAD_GENERATE_NONCE) \ 127 X(TFM_CRYPTO_AEAD_SET_NONCE) \ 128 X(TFM_CRYPTO_AEAD_SET_LENGTHS) \ 129 X(TFM_CRYPTO_AEAD_UPDATE_AD) \ 130 X(TFM_CRYPTO_AEAD_UPDATE) \ 131 X(TFM_CRYPTO_AEAD_FINISH) \ 132 X(TFM_CRYPTO_AEAD_VERIFY) \ 133 X(TFM_CRYPTO_AEAD_ABORT) 134 135 #define ASYMMETRIC_SIGN_FUNCS \ 136 X(TFM_CRYPTO_ASYMMETRIC_SIGN_MESSAGE) \ 137 X(TFM_CRYPTO_ASYMMETRIC_VERIFY_MESSAGE) \ 138 X(TFM_CRYPTO_ASYMMETRIC_SIGN_HASH) \ 139 X(TFM_CRYPTO_ASYMMETRIC_VERIFY_HASH) 140 141 #define AYSMMETRIC_ENCRYPT_FUNCS \ 142 X(TFM_CRYPTO_ASYMMETRIC_ENCRYPT) \ 143 X(TFM_CRYPTO_ASYMMETRIC_DECRYPT) 144 145 #define KEY_DERIVATION_FUNCS \ 146 X(TFM_CRYPTO_RAW_KEY_AGREEMENT) \ 147 X(TFM_CRYPTO_KEY_DERIVATION_SETUP) \ 148 X(TFM_CRYPTO_KEY_DERIVATION_GET_CAPACITY) \ 149 X(TFM_CRYPTO_KEY_DERIVATION_SET_CAPACITY) \ 150 X(TFM_CRYPTO_KEY_DERIVATION_INPUT_BYTES) \ 151 X(TFM_CRYPTO_KEY_DERIVATION_INPUT_KEY) \ 152 X(TFM_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT) \ 153 X(TFM_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES) \ 154 X(TFM_CRYPTO_KEY_DERIVATION_OUTPUT_KEY) \ 155 X(TFM_CRYPTO_KEY_DERIVATION_ABORT) 156 157 #define RANDOM_FUNCS \ 158 X(TFM_CRYPTO_GENERATE_RANDOM) 159 160 /* 161 * Define function IDs in each group. The function ID will be encoded into 162 * tfm_crypto_func_sid below. 163 * Each group is defined as a dedicated enum in case the total number of 164 * PSA Crypto APIs exceeds 256. 165 */ 166 #define X(func_id) func_id, 167 enum tfm_crypto_key_management_func_id { 168 KEY_MANAGEMENT_FUNCS 169 }; 170 enum tfm_crypto_hash_func_id { 171 HASH_FUNCS 172 }; 173 enum tfm_crypto_mac_func_id { 174 MAC_FUNCS 175 }; 176 enum tfm_crypto_cipher_func_id { 177 CIPHER_FUNCS 178 }; 179 enum tfm_crypto_aead_func_id { 180 AEAD_FUNCS 181 }; 182 enum tfm_crypto_asym_sign_func_id { 183 ASYMMETRIC_SIGN_FUNCS 184 }; 185 enum tfm_crypto_asym_encrypt_func_id { 186 AYSMMETRIC_ENCRYPT_FUNCS 187 }; 188 enum tfm_crypto_key_derivation_func_id { 189 KEY_DERIVATION_FUNCS 190 }; 191 enum tfm_crypto_random_func_id { 192 RANDOM_FUNCS 193 }; 194 #undef X 195 196 #define FUNC_ID(func_id) (((func_id) & 0xFF) << 8) 197 198 /* 199 * Numerical progressive value identifying a function API exposed through 200 * the interfaces (S or NS). It's used to dispatch the requests from S/NS 201 * to the corresponding API implementation in the Crypto service backend. 202 * 203 * Each function SID is encoded as uint16_t. 204 * | Func ID | Group ID | 205 * 15 8 7 0 206 * Func ID is defined in each group func_id enum above 207 * Group ID is defined in tfm_crypto_group_id. 208 */ 209 enum tfm_crypto_func_sid { 210 211 #define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \ 212 (TFM_CRYPTO_GROUP_ID_KEY_MANAGEMENT & 0xFF)), 213 214 KEY_MANAGEMENT_FUNCS 215 216 #undef X 217 #define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \ 218 (TFM_CRYPTO_GROUP_ID_HASH & 0xFF)), 219 HASH_FUNCS 220 221 #undef X 222 #define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \ 223 (TFM_CRYPTO_GROUP_ID_MAC & 0xFF)), 224 MAC_FUNCS 225 226 #undef X 227 #define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \ 228 (TFM_CRYPTO_GROUP_ID_CIPHER & 0xFF)), 229 CIPHER_FUNCS 230 231 #undef X 232 #define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \ 233 (TFM_CRYPTO_GROUP_ID_AEAD & 0xFF)), 234 AEAD_FUNCS 235 236 #undef X 237 #define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \ 238 (TFM_CRYPTO_GROUP_ID_ASYM_SIGN & 0xFF)), 239 ASYMMETRIC_SIGN_FUNCS 240 241 #undef X 242 #define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \ 243 (TFM_CRYPTO_GROUP_ID_ASYM_ENCRYPT & 0xFF)), 244 AYSMMETRIC_ENCRYPT_FUNCS 245 246 #undef X 247 #define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \ 248 (TFM_CRYPTO_GROUP_ID_KEY_DERIVATION & 0xFF)), 249 KEY_DERIVATION_FUNCS 250 251 #undef X 252 #define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \ 253 (TFM_CRYPTO_GROUP_ID_RANDOM & 0xFF)), 254 RANDOM_FUNCS 255 256 }; 257 #undef X 258 259 /** 260 * \brief Define an invalid value for an SID 261 * 262 */ 263 #define TFM_CRYPTO_SID_INVALID (~0x0u) 264 265 /** 266 * \brief This value is used to mark an handle as invalid. 267 * 268 */ 269 #define TFM_CRYPTO_INVALID_HANDLE (0x0u) 270 271 /** 272 * \brief Define miscellaneous literal constants that are used in the service 273 * 274 */ 275 enum { 276 TFM_CRYPTO_NOT_IN_USE = 0, 277 TFM_CRYPTO_IN_USE = 1 278 }; 279 280 #ifdef __cplusplus 281 } 282 #endif 283 284 #endif /* __TFM_CRYPTO_DEFS_H__ */ 285
