1 /*
2 * Copyright (c) 2021-2022, Arm Limited. All rights reserved.
3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 *
6 */
7
8 #include <stddef.h>
9 #include <stdint.h>
10
11 #include "config_crypto.h"
12 #include "tfm_mbedcrypto_include.h"
13 #include "tfm_crypto_api.h"
14 #include "tfm_crypto_defs.h"
15
16 #ifndef MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
17 #error "MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER must be selected in Mbed TLS config file"
18 #endif
19
20 /*!
21 * \addtogroup tfm_crypto_api_shim_layer
22 *
23 */
24
25 /*!@{*/
26 #if CRYPTO_KEY_MODULE_ENABLED
tfm_crypto_key_management_interface(psa_invec in_vec[],psa_outvec out_vec[],mbedtls_svc_key_id_t * encoded_key)27 psa_status_t tfm_crypto_key_management_interface(psa_invec in_vec[],
28 psa_outvec out_vec[],
29 mbedtls_svc_key_id_t *encoded_key)
30 {
31 const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
32 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
33 int32_t partition_id = MBEDTLS_SVC_KEY_ID_GET_OWNER_ID(*encoded_key);
34
35 switch (iov->function_id) {
36 case TFM_CRYPTO_IMPORT_KEY_SID:
37 {
38 const struct psa_client_key_attributes_s *client_key_attr =
39 in_vec[1].base;
40 const uint8_t *data = in_vec[2].base;
41 size_t data_length = in_vec[2].len;
42 psa_key_id_t *key_id = out_vec[0].base;
43 psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
44
45 status = tfm_crypto_key_attributes_from_client(client_key_attr,
46 partition_id,
47 &key_attributes);
48 if (status != PSA_SUCCESS) {
49 return status;
50 }
51
52 status = psa_import_key(&key_attributes,
53 data, data_length, encoded_key);
54 /* Update the imported key id */
55 *key_id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID(*encoded_key);
56 }
57 break;
58 case TFM_CRYPTO_OPEN_KEY_SID:
59 {
60 psa_key_id_t *key_id = out_vec[0].base;
61
62 status = psa_open_key(*encoded_key, encoded_key);
63 *key_id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID(*encoded_key);
64 }
65 break;
66 case TFM_CRYPTO_CLOSE_KEY_SID:
67 {
68 status = psa_close_key(*encoded_key);
69 }
70 break;
71 case TFM_CRYPTO_DESTROY_KEY_SID:
72 {
73 status = psa_destroy_key(*encoded_key);
74 }
75 break;
76 case TFM_CRYPTO_GET_KEY_ATTRIBUTES_SID:
77 {
78 psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
79 struct psa_client_key_attributes_s *client_key_attr = out_vec[0].base;
80
81 status = psa_get_key_attributes(*encoded_key, &key_attributes);
82 if (status == PSA_SUCCESS) {
83 status = tfm_crypto_key_attributes_to_client(&key_attributes,
84 client_key_attr);
85 }
86 }
87 break;
88 case TFM_CRYPTO_RESET_KEY_ATTRIBUTES_SID:
89 {
90 psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
91 struct psa_client_key_attributes_s *client_key_attr = out_vec[0].base;
92
93 status = tfm_crypto_key_attributes_from_client(client_key_attr,
94 partition_id,
95 &key_attributes);
96 if (status != PSA_SUCCESS) {
97 return status;
98 }
99
100 psa_reset_key_attributes(&key_attributes);
101
102 status = tfm_crypto_key_attributes_to_client(&key_attributes,
103 client_key_attr);
104 }
105 break;
106 case TFM_CRYPTO_EXPORT_KEY_SID:
107 {
108 uint8_t *data = out_vec[0].base;
109 size_t data_size = out_vec[0].len;
110
111 status = psa_export_key(*encoded_key, data, data_size,
112 &(out_vec[0].len));
113 if (status != PSA_SUCCESS) {
114 out_vec[0].len = 0;
115 }
116 }
117 break;
118 case TFM_CRYPTO_EXPORT_PUBLIC_KEY_SID:
119 {
120 uint8_t *data = out_vec[0].base;
121 size_t data_size = out_vec[0].len;
122
123 status = psa_export_public_key(*encoded_key, data, data_size,
124 &(out_vec[0].len));
125 if (status != PSA_SUCCESS) {
126 out_vec[0].len = 0;
127 }
128 }
129 break;
130 case TFM_CRYPTO_PURGE_KEY_SID:
131 {
132 status = psa_purge_key(*encoded_key);
133 }
134 break;
135 case TFM_CRYPTO_COPY_KEY_SID:
136 {
137 psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
138 const struct psa_client_key_attributes_s *client_key_attr =
139 in_vec[1].base;
140 psa_key_id_t *target_key_id = out_vec[0].base;
141 mbedtls_svc_key_id_t target_key = MBEDTLS_SVC_KEY_ID_INIT;
142
143 status = tfm_crypto_key_attributes_from_client(client_key_attr,
144 partition_id,
145 &key_attributes);
146 if (status != PSA_SUCCESS) {
147 return status;
148 }
149
150 status = psa_copy_key(*encoded_key, &key_attributes, &target_key);
151 if (status != PSA_SUCCESS) {
152 return status;
153 }
154
155 *target_key_id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID(target_key);
156 }
157 break;
158 case TFM_CRYPTO_GENERATE_KEY_SID:
159 {
160 psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
161 const struct psa_client_key_attributes_s *client_key_attr =
162 in_vec[1].base;
163 psa_key_id_t *key_handle = out_vec[0].base;
164
165 status = tfm_crypto_key_attributes_from_client(client_key_attr,
166 partition_id,
167 &key_attributes);
168 if (status != PSA_SUCCESS) {
169 return status;
170 }
171
172 status = psa_generate_key(&key_attributes, encoded_key);
173 if (status != PSA_SUCCESS) {
174 return status;
175 }
176
177 *key_handle = MBEDTLS_SVC_KEY_ID_GET_KEY_ID(*encoded_key);
178 }
179 break;
180 default:
181 return PSA_ERROR_NOT_SUPPORTED;
182 }
183
184 return status;
185 }
186 #else /* CRYPTO_KEY_MODULE_ENABLED */
tfm_crypto_key_management_interface(psa_invec in_vec[],psa_outvec out_vec[],mbedtls_svc_key_id_t * encoded_key)187 psa_status_t tfm_crypto_key_management_interface(psa_invec in_vec[],
188 psa_outvec out_vec[],
189 mbedtls_svc_key_id_t *encoded_key)
190 {
191 (void)in_vec;
192 (void)out_vec;
193 (void)encoded_key;
194
195 return PSA_ERROR_NOT_SUPPORTED;
196 }
197 #endif /* CRYPTO_KEY_MODULE_ENABLED */
198 /*!@}*/
199
