diff --git a/components/TARGET_PSA/services/crypto/COMPONENT_PSA_SRV_IPC/crypto_platform_spe.h b/components/TARGET_PSA/services/crypto/COMPONENT_PSA_SRV_IPC/crypto_platform_spe.h index 43ce138949..5de8d34dd0 100644 --- a/components/TARGET_PSA/services/crypto/COMPONENT_PSA_SRV_IPC/crypto_platform_spe.h +++ b/components/TARGET_PSA/services/crypto/COMPONENT_PSA_SRV_IPC/crypto_platform_spe.h @@ -42,17 +42,16 @@ typedef enum psa_sec_function_s { PSA_CRYPTO_INVALID, PSA_CRYPTO_INIT, PSA_IMPORT_KEY, + PSA_ALLOCATE_KEY, + PSA_CREATE_KEY, + PSA_OPEN_KEY, + PSA_CLOSE_KEY, PSA_DESTROY_KEY, PSA_GET_KEY_INFORMATION, PSA_EXPORT_KEY, PSA_EXPORT_PUBLIC_KEY, - PSA_KEY_POLICY_INIT, - PSA_KEY_POLICY_SET_USAGE, - PSA_KEY_POLICY_GET_USAGE, - PSA_KEY_POLICY_GET_ALGORITHM, PSA_SET_KEY_POLICY, PSA_GET_KEY_POLICY, - PSA_SET_KEY_LIFETIME, PSA_GET_KEY_LIFETIME, PSA_HASH_SETUP, PSA_HASH_UPDATE, @@ -95,52 +94,50 @@ typedef enum psa_sec_function_s { */ /** psa_crypto_ipc_s struct used for some of the - * PSA Crypto APIs that need psa_key_slot_t and psa_algorithm_t arguments + * PSA Crypto APIs that need psa_key_handle_t and psa_algorithm_t arguments * and in order to use the existing infrastructure of the SPM-IPC we provide a struct to * pack them together. */ - typedef struct psa_crypto_ipc_s { psa_sec_function_t func; - psa_key_slot_t key; + psa_key_handle_t handle; psa_algorithm_t alg; } psa_crypto_ipc_t; /** psa_crypto_derivation_ipc_s struct used for some of the - * PSA Crypto APIs that need psa_key_slot_t and psa_algorithm_t arguments + * PSA Crypto APIs that need psa_key_handle_t and psa_algorithm_t arguments * and in order to use the existing infrastructure of the SPM-IPC we provide a struct to * pack them together. */ typedef struct psa_crypto_derivation_ipc_s { psa_sec_function_t func; - psa_key_slot_t key; + psa_key_handle_t handle; psa_algorithm_t alg; size_t capacity; } psa_crypto_derivation_ipc_t; /** psa_key_mng_ipc_s struct used for some of the - * PSA Crypto APIs that need psa_key_slot_t and psa_algorithm_t arguments + * PSA Crypto APIs that need psa_key_handle_t and psa_algorithm_t arguments * and in order to use the existing infrastructure of the SPM-IPC we provide a struct to * pack them together. */ - typedef struct psa_key_mng_ipc_s { - psa_key_slot_t key; + psa_key_handle_t handle; + psa_key_lifetime_t lifetime; psa_key_type_t type; psa_sec_function_t func; } psa_key_mng_ipc_t; /** psa_crypto_ipc_aead_s struct used for AEAD integrated - * PSA Crypto APIs that need psa_key_slot_t and psa_algorithm_t and extra arguments + * PSA Crypto APIs that need psa_key_handle_t and psa_algorithm_t and extra arguments * and in order to use the existing infrastructure of the SPM-IPC we provide a struct to * pack them together. */ - // Max length supported for nonce is 16 bytes. #define PSA_AEAD_MAX_NONCE_SIZE 16 typedef struct psa_crypto_ipc_aead_s { psa_sec_function_t func; - psa_key_slot_t key; + psa_key_handle_t handle; psa_algorithm_t alg; uint16_t nonce_size; size_t additional_data_length; @@ -149,19 +146,18 @@ typedef struct psa_crypto_ipc_aead_s { } psa_crypto_ipc_aead_t; /** psa_crypto_ipc_asymmetric_s struct used for asymmetric - * PSA Crypto APIs that need psa_key_slot_t and psa_algorithm_t arguments + * PSA Crypto APIs that need psa_key_handle_t and psa_algorithm_t arguments * and in order to use the existing infrastructure of the SPM-IPC we provide a struct to * pack them together. */ typedef struct psa_crypto_ipc_asymmetric_s { psa_sec_function_t func; - psa_key_slot_t key; + psa_key_handle_t handle; psa_algorithm_t alg; size_t input_length; size_t salt_length; } psa_crypto_ipc_asymmetric_t; - /**@}*/ #endif /* PSA_CRYPTO_SPE_PLATFORM_H */ diff --git a/components/TARGET_PSA/services/crypto/COMPONENT_PSA_SRV_IPC/crypto_struct_ipc.h b/components/TARGET_PSA/services/crypto/COMPONENT_PSA_SRV_IPC/crypto_struct_ipc.h index 8b20939da7..d44ef08290 100644 --- a/components/TARGET_PSA/services/crypto/COMPONENT_PSA_SRV_IPC/crypto_struct_ipc.h +++ b/components/TARGET_PSA/services/crypto/COMPONENT_PSA_SRV_IPC/crypto_struct_ipc.h @@ -31,17 +31,34 @@ struct psa_hash_operation_s { psa_handle_t handle; }; +#define PSA_HASH_OPERATION_INIT { PSA_NULL_HANDLE } +static inline struct psa_hash_operation_s psa_hash_operation_init(void) +{ + const struct psa_hash_operation_s v = PSA_HASH_OPERATION_INIT; + return(v); +} + struct psa_mac_operation_s { psa_handle_t handle; }; +#define PSA_MAC_OPERATION_INIT { PSA_NULL_HANDLE } +static inline struct psa_mac_operation_s psa_mac_operation_init(void) +{ + const struct psa_mac_operation_s v = PSA_MAC_OPERATION_INIT; + return(v); +} + struct psa_cipher_operation_s { psa_handle_t handle; }; -struct psa_aead_operation_s { - psa_handle_t handle; -}; +#define PSA_CIPHER_OPERATION_INIT { PSA_NULL_HANDLE } +static inline struct psa_cipher_operation_s psa_cipher_operation_init(void) +{ + const struct psa_cipher_operation_s v = PSA_CIPHER_OPERATION_INIT; + return(v); +} struct psa_crypto_generator_s { psa_handle_t handle; @@ -59,5 +76,11 @@ struct psa_key_policy_s { psa_algorithm_t alg; }; +#define PSA_KEY_POLICY_INIT {0, 0} +static inline struct psa_key_policy_s psa_key_policy_init(void) +{ + const struct psa_key_policy_s v = PSA_KEY_POLICY_INIT; + return(v); +} #endif /* PSA_CRYPTO_STRUCT_H */ diff --git a/components/TARGET_PSA/services/crypto/COMPONENT_PSA_SRV_IPC/psa_crypto_spm.c b/components/TARGET_PSA/services/crypto/COMPONENT_PSA_SRV_IPC/psa_crypto_spm.c index d734903874..809ea23484 100644 --- a/components/TARGET_PSA/services/crypto/COMPONENT_PSA_SRV_IPC/psa_crypto_spm.c +++ b/components/TARGET_PSA/services/crypto/COMPONENT_PSA_SRV_IPC/psa_crypto_spm.c @@ -82,7 +82,7 @@ psa_status_t psa_mac_abort(psa_mac_operation_t *operation) } static psa_status_t psa_mac_setup(psa_mac_operation_t *operation, - psa_key_slot_t key, + psa_key_handle_t key_handle, psa_algorithm_t alg, psa_sec_function_t func) { @@ -90,7 +90,7 @@ static psa_status_t psa_mac_setup(psa_mac_operation_t *operation, psa_crypto_ipc_t psa_crypto_ipc = { 0, 0, 0 }; psa_crypto_ipc.func = func; - psa_crypto_ipc.key = key; + psa_crypto_ipc.handle = key_handle; psa_crypto_ipc.alg = alg; psa_invec_t in_vec = { &psa_crypto_ipc, sizeof(psa_crypto_ipc) }; @@ -110,22 +110,22 @@ static psa_status_t psa_mac_setup(psa_mac_operation_t *operation, } psa_status_t psa_mac_sign_setup(psa_mac_operation_t *operation, - psa_key_slot_t key, + psa_key_handle_t key_handle, psa_algorithm_t alg) { psa_status_t status = PSA_SUCCESS; - status = psa_mac_setup(operation, key, alg, PSA_MAC_SIGN_SETUP); + status = psa_mac_setup(operation, key_handle, alg, PSA_MAC_SIGN_SETUP); return status; } psa_status_t psa_mac_verify_setup(psa_mac_operation_t *operation, - psa_key_slot_t key, + psa_key_handle_t key_handle, psa_algorithm_t alg) { psa_status_t status = PSA_SUCCESS; - status = psa_mac_setup(operation, key, alg, PSA_MAC_VERIFY_SETUP); + status = psa_mac_setup(operation, key_handle, alg, PSA_MAC_VERIFY_SETUP); return status; } @@ -352,11 +352,16 @@ psa_status_t psa_hash_verify(psa_hash_operation_t *operation, return ((psa_status_t) err_call); } +psa_status_t psa_hash_clone(const psa_hash_operation_t *source_operation, + psa_hash_operation_t *target_operation) +{ + return (PSA_ERROR_NOT_SUPPORTED); +} /****************************************************************/ /* AEAD */ /****************************************************************/ -psa_status_t psa_aead_encrypt(psa_key_slot_t key, +psa_status_t psa_aead_encrypt(psa_key_handle_t key_handle, psa_algorithm_t alg, const uint8_t *nonce, size_t nonce_length, @@ -375,7 +380,7 @@ psa_status_t psa_aead_encrypt(psa_key_slot_t key, psa_outvec_t out_vec[2]; psa_crypto_ipc.func = PSA_AEAD_ENCRYPT; - psa_crypto_ipc.key = key; + psa_crypto_ipc.handle = key_handle; psa_crypto_ipc.alg = alg; psa_crypto_ipc.additional_data_length = additional_data_length; psa_crypto_ipc.input_length = plaintext_length; @@ -429,7 +434,7 @@ psa_status_t psa_aead_encrypt(psa_key_slot_t key, } -psa_status_t psa_aead_decrypt(psa_key_slot_t key, +psa_status_t psa_aead_decrypt(psa_key_handle_t key_handle, psa_algorithm_t alg, const uint8_t *nonce, size_t nonce_length, @@ -448,7 +453,7 @@ psa_status_t psa_aead_decrypt(psa_key_slot_t key, psa_outvec_t out_vec[2]; psa_crypto_ipc.func = PSA_AEAD_DECRYPT; - psa_crypto_ipc.key = key; + psa_crypto_ipc.handle = key_handle; psa_crypto_ipc.alg = alg; psa_crypto_ipc.additional_data_length = additional_data_length; psa_crypto_ipc.input_length = ciphertext_length; @@ -504,7 +509,7 @@ psa_status_t psa_aead_decrypt(psa_key_slot_t key, /* PSA_ASYMMETRIC */ /****************************************************************/ -psa_status_t psa_asymmetric_sign(psa_key_slot_t key, +psa_status_t psa_asymmetric_sign(psa_key_handle_t key_handle, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, @@ -519,7 +524,7 @@ psa_status_t psa_asymmetric_sign(psa_key_slot_t key, psa_outvec_t out_vec[2]; psa_crypto_ipc.func = PSA_ASYMMETRIC_SIGN; - psa_crypto_ipc.key = key; + psa_crypto_ipc.handle = key_handle; psa_crypto_ipc.alg = alg; in_vec[0] = (psa_invec_t) { @@ -551,7 +556,7 @@ psa_status_t psa_asymmetric_sign(psa_key_slot_t key, return ((psa_status_t)call_error); } -psa_status_t psa_asymmetric_verify(psa_key_slot_t key, +psa_status_t psa_asymmetric_verify(psa_key_handle_t key_handle, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, @@ -564,7 +569,7 @@ psa_status_t psa_asymmetric_verify(psa_key_slot_t key, psa_invec_t in_vec[3]; psa_crypto_ipc.func = PSA_ASYMMETRIC_VERIFY; - psa_crypto_ipc.key = key; + psa_crypto_ipc.handle = key_handle; psa_crypto_ipc.alg = alg; in_vec[0] = (psa_invec_t) { @@ -591,7 +596,7 @@ psa_status_t psa_asymmetric_verify(psa_key_slot_t key, } static psa_status_t psa_asymmetric_operation(psa_sec_function_t func, - psa_key_slot_t key, + psa_key_handle_t key_handle, psa_algorithm_t alg, const uint8_t *input, size_t input_length, @@ -608,7 +613,7 @@ static psa_status_t psa_asymmetric_operation(psa_sec_function_t func, psa_outvec_t out_vec[2]; psa_crypto_ipc.func = func; - psa_crypto_ipc.key = key; + psa_crypto_ipc.handle = key_handle; psa_crypto_ipc.alg = alg; psa_crypto_ipc.input_length = input_length; psa_crypto_ipc.salt_length = salt_length; @@ -651,7 +656,7 @@ static psa_status_t psa_asymmetric_operation(psa_sec_function_t func, return ((psa_status_t)call_error); } -psa_status_t psa_asymmetric_encrypt(psa_key_slot_t key, +psa_status_t psa_asymmetric_encrypt(psa_key_handle_t key_handle, psa_algorithm_t alg, const uint8_t *input, size_t input_length, @@ -661,14 +666,15 @@ psa_status_t psa_asymmetric_encrypt(psa_key_slot_t key, size_t output_size, size_t *output_length) { - psa_status_t status = psa_asymmetric_operation(PSA_ASYMMETRIC_ENCRYPT, key, + psa_status_t status = psa_asymmetric_operation(PSA_ASYMMETRIC_ENCRYPT, + key_handle, alg, input, input_length, salt, salt_length, output, output_size, output_length); return status; } -psa_status_t psa_asymmetric_decrypt(psa_key_slot_t key, +psa_status_t psa_asymmetric_decrypt(psa_key_handle_t key_handle, psa_algorithm_t alg, const uint8_t *input, size_t input_length, @@ -678,7 +684,8 @@ psa_status_t psa_asymmetric_decrypt(psa_key_slot_t key, size_t output_size, size_t *output_length) { - psa_status_t status = psa_asymmetric_operation(PSA_ASYMMETRIC_DECRYPT, key, + psa_status_t status = psa_asymmetric_operation(PSA_ASYMMETRIC_DECRYPT, + key_handle, alg, input, input_length, salt, salt_length, output, output_size, output_length); @@ -689,13 +696,131 @@ psa_status_t psa_asymmetric_decrypt(psa_key_slot_t key, /* PSA_KEY_MANAGMENT */ /****************************************************************/ -psa_status_t psa_get_key_lifetime(psa_key_slot_t key, +psa_status_t psa_allocate_key(psa_key_handle_t *key_handle) +{ + psa_error_t err_call; + psa_key_mng_ipc_t psa_key_mng_ipc = { 0, 0, 0, 0 }; + psa_key_mng_ipc.handle = *key_handle; + psa_key_mng_ipc.func = PSA_ALLOCATE_KEY; + psa_handle_t handle = PSA_NULL_HANDLE; + psa_invec_t in_vec[1] = { + { &psa_key_mng_ipc, sizeof(psa_key_mng_ipc) } + }; + psa_outvec_t out_vec[1] = { + { key_handle, sizeof(*key_handle) } + }; + + handle = psa_connect(PSA_KEY_MNG_ID, MINOR_VER); + if (handle <= 0) { + return (PSA_ERROR_COMMUNICATION_FAILURE); + } + + err_call = psa_call(handle, in_vec, 1, out_vec, 1); + psa_close(handle); + + if (err_call < 0) { + err_call = (psa_error_t) PSA_ERROR_COMMUNICATION_FAILURE; + } + return ((psa_status_t) err_call); +} + +psa_status_t psa_create_key(psa_key_lifetime_t lifetime, + psa_key_id_t id, + psa_key_handle_t *key_handle) +{ + psa_error_t err_call; + psa_key_mng_ipc_t psa_key_mng_ipc = { 0, 0, 0, 0 }; + psa_key_mng_ipc.handle = *key_handle; + psa_key_mng_ipc.lifetime = lifetime; + psa_key_mng_ipc.func = PSA_CREATE_KEY; + psa_handle_t handle = PSA_NULL_HANDLE; + psa_invec_t in_vec[2] = { + { &psa_key_mng_ipc, sizeof(psa_key_mng_ipc) }, + { &id, sizeof(id) } + }; + psa_outvec_t out_vec[1] = { { + key_handle, sizeof(*key_handle) + } + }; + + handle = psa_connect(PSA_KEY_MNG_ID, MINOR_VER); + if (handle <= 0) { + return (PSA_ERROR_COMMUNICATION_FAILURE); + } + + err_call = psa_call(handle, in_vec, 2, out_vec, 1); + psa_close(handle); + + if (err_call < 0) { + err_call = (psa_error_t) PSA_ERROR_COMMUNICATION_FAILURE; + } + return ((psa_status_t) err_call); +} + +psa_status_t psa_open_key(psa_key_lifetime_t lifetime, + psa_key_id_t id, + psa_key_handle_t *key_handle) +{ + psa_error_t err_call; + psa_key_mng_ipc_t psa_key_mng_ipc = { 0, 0, 0, 0 }; + psa_key_mng_ipc.handle = *key_handle; + psa_key_mng_ipc.lifetime = lifetime; + psa_key_mng_ipc.func = PSA_OPEN_KEY; + psa_handle_t handle = PSA_NULL_HANDLE; + psa_invec_t in_vec[2] = { + { &psa_key_mng_ipc, sizeof(psa_key_mng_ipc) }, + { &id, sizeof(id) } + }; + psa_outvec_t out_vec[1] = { { + key_handle, sizeof(*key_handle) + } + }; + + handle = psa_connect(PSA_KEY_MNG_ID, MINOR_VER); + if (handle <= 0) { + return (PSA_ERROR_COMMUNICATION_FAILURE); + } + + err_call = psa_call(handle, in_vec, 2, out_vec, 1); + psa_close(handle); + + if (err_call < 0) { + err_call = (psa_error_t) PSA_ERROR_COMMUNICATION_FAILURE; + } + return ((psa_status_t) err_call); +} + +psa_status_t psa_close_key(psa_key_handle_t key_handle) +{ + psa_error_t err_call; + psa_key_mng_ipc_t psa_key_mng_ipc = { 0, 0, 0, 0 }; + psa_key_mng_ipc.handle = key_handle; + psa_key_mng_ipc.func = PSA_CLOSE_KEY; + psa_handle_t handle = PSA_NULL_HANDLE; + psa_invec_t in_vec[1] = { + { &psa_key_mng_ipc, sizeof(psa_key_mng_ipc) } + }; + + handle = psa_connect(PSA_KEY_MNG_ID, MINOR_VER); + if (handle <= 0) { + return (PSA_ERROR_COMMUNICATION_FAILURE); + } + + err_call = psa_call(handle, in_vec, 1, NULL, 0); + psa_close(handle); + + if (err_call < 0) { + err_call = (psa_error_t) PSA_ERROR_COMMUNICATION_FAILURE; + } + return ((psa_status_t) err_call); +} + +psa_status_t psa_get_key_lifetime(psa_key_handle_t key_handle, psa_key_lifetime_t *lifetime) { psa_error_t err_call; - psa_key_mng_ipc_t psa_key_mng_ipc = { 0, 0, 0 }; - psa_key_mng_ipc.key = key; - psa_key_mng_ipc.type = 0; + psa_key_mng_ipc_t psa_key_mng_ipc = { 0, 0, 0, 0 }; + psa_key_mng_ipc.handle = key_handle; psa_key_mng_ipc.func = PSA_GET_KEY_LIFETIME; psa_handle_t handle = PSA_NULL_HANDLE; psa_invec_t in_vec[1] = { @@ -721,42 +846,6 @@ psa_status_t psa_get_key_lifetime(psa_key_slot_t key, return ((psa_status_t) err_call); } -psa_status_t psa_set_key_lifetime(psa_key_slot_t key, - psa_key_lifetime_t lifetime) -{ - psa_error_t err_call; - psa_key_mng_ipc_t psa_key_mng_ipc = { 0, 0, 0 }; - psa_key_mng_ipc.key = key; - psa_key_mng_ipc.type = 0; - psa_key_mng_ipc.func = PSA_SET_KEY_LIFETIME; - psa_handle_t handle = PSA_NULL_HANDLE; - psa_invec_t in_vec[2] = { - { &psa_key_mng_ipc, sizeof(psa_key_mng_ipc_t) }, - { &lifetime, sizeof(psa_key_lifetime_t) } - }; - - handle = psa_connect(PSA_KEY_MNG_ID, MINOR_VER); - if (handle <= 0) { - return (PSA_ERROR_COMMUNICATION_FAILURE); - } - - err_call = psa_call(handle, in_vec, 2, NULL, 0); - psa_close(handle); - - if (err_call < 0) { - err_call = (psa_error_t) PSA_ERROR_COMMUNICATION_FAILURE; - } - return ((psa_status_t) err_call); -} - -/* the psa_key_policy_init psa_key_policy_get_usage, -psa_key_policy_get_algorithm and psa_key_policy_set_usage -accessor functions are implemented directly in the non-secure partition */ -void psa_key_policy_init(psa_key_policy_t *policy) -{ - memset(policy, 0, sizeof(psa_key_policy_t)); -} - psa_key_usage_t psa_key_policy_get_usage(const psa_key_policy_t *policy) { return (policy->usage); @@ -775,13 +864,12 @@ void psa_key_policy_set_usage(psa_key_policy_t *policy, policy->alg = alg; } -psa_status_t psa_set_key_policy(psa_key_slot_t key, +psa_status_t psa_set_key_policy(psa_key_handle_t key_handle, const psa_key_policy_t *policy) { psa_error_t err_call; - psa_key_mng_ipc_t psa_key_mng_ipc = { 0, 0, 0 }; - psa_key_mng_ipc.key = key; - psa_key_mng_ipc.type = 0; + psa_key_mng_ipc_t psa_key_mng_ipc = { 0, 0, 0, 0 }; + psa_key_mng_ipc.handle = key_handle; psa_key_mng_ipc.func = PSA_SET_KEY_POLICY; psa_handle_t handle = PSA_NULL_HANDLE; psa_invec_t in_vec[2] = { @@ -803,13 +891,12 @@ psa_status_t psa_set_key_policy(psa_key_slot_t key, return ((psa_status_t) err_call); } -psa_status_t psa_get_key_policy(psa_key_slot_t key, +psa_status_t psa_get_key_policy(psa_key_handle_t key_handle, psa_key_policy_t *policy) { psa_error_t err_call; - psa_key_mng_ipc_t psa_key_mng_ipc = { 0, 0, 0 }; - psa_key_mng_ipc.key = key; - psa_key_mng_ipc.type = 0; + psa_key_mng_ipc_t psa_key_mng_ipc = { 0, 0, 0, 0 }; + psa_key_mng_ipc.handle = key_handle; psa_key_mng_ipc.func = PSA_GET_KEY_POLICY; psa_handle_t handle = PSA_NULL_HANDLE; psa_invec_t in_vec[1] = { { @@ -837,14 +924,14 @@ psa_status_t psa_get_key_policy(psa_key_slot_t key, return ((psa_status_t) err_call); } -psa_status_t psa_import_key(psa_key_slot_t key, +psa_status_t psa_import_key(psa_key_handle_t key_handle, psa_key_type_t type, const uint8_t *data, size_t data_length) { psa_error_t err_call; - psa_key_mng_ipc_t psa_key_mng_ipc = { 0, 0, 0 }; - psa_key_mng_ipc.key = key; + psa_key_mng_ipc_t psa_key_mng_ipc = { 0, 0, 0, 0 }; + psa_key_mng_ipc.handle = key_handle; psa_key_mng_ipc.type = type; psa_key_mng_ipc.func = PSA_IMPORT_KEY; psa_handle_t handle = PSA_NULL_HANDLE; @@ -867,12 +954,11 @@ psa_status_t psa_import_key(psa_key_slot_t key, return ((psa_status_t) err_call); } -psa_status_t psa_destroy_key(psa_key_slot_t key) +psa_status_t psa_destroy_key(psa_key_handle_t key_handle) { psa_error_t err_call; - psa_key_mng_ipc_t psa_key_mng_ipc = { 0, 0, 0 }; - psa_key_mng_ipc.key = key; - psa_key_mng_ipc.type = 0; + psa_key_mng_ipc_t psa_key_mng_ipc = { 0, 0, 0, 0 }; + psa_key_mng_ipc.handle = key_handle; psa_key_mng_ipc.func = PSA_DESTROY_KEY; psa_handle_t handle = PSA_NULL_HANDLE; psa_invec_t in_vec[1] = { @@ -893,14 +979,13 @@ psa_status_t psa_destroy_key(psa_key_slot_t key) return ((psa_status_t) err_call); } -psa_status_t psa_get_key_information(psa_key_slot_t key, +psa_status_t psa_get_key_information(psa_key_handle_t key_handle, psa_key_type_t *type, size_t *bits) { psa_error_t err_call; - psa_key_mng_ipc_t psa_key_mng_ipc = { 0, 0, 0 }; - psa_key_mng_ipc.key = key; - psa_key_mng_ipc.type = 0; + psa_key_mng_ipc_t psa_key_mng_ipc = { 0, 0, 0, 0 }; + psa_key_mng_ipc.handle = key_handle; psa_key_mng_ipc.func = PSA_GET_KEY_INFORMATION; psa_handle_t handle = PSA_NULL_HANDLE; psa_invec_t in_vec[1] = { { @@ -932,16 +1017,15 @@ psa_status_t psa_get_key_information(psa_key_slot_t key, return ((psa_status_t) err_call); } -static psa_status_t psa_export_key_common(psa_key_slot_t key, +static psa_status_t psa_export_key_common(psa_key_handle_t key_handle, uint8_t *data, size_t data_size, size_t *data_length, psa_sec_function_t func) { psa_error_t err_call; - psa_key_mng_ipc_t psa_key_mng_ipc = { 0, 0, 0 }; - psa_key_mng_ipc.key = key; - psa_key_mng_ipc.type = 0; + psa_key_mng_ipc_t psa_key_mng_ipc = { 0, 0, 0, 0 }; + psa_key_mng_ipc.handle = key_handle; psa_key_mng_ipc.func = func; psa_handle_t handle = PSA_NULL_HANDLE; @@ -964,36 +1048,36 @@ static psa_status_t psa_export_key_common(psa_key_slot_t key, return ((psa_status_t) err_call); } -psa_status_t psa_export_key(psa_key_slot_t key, +psa_status_t psa_export_key(psa_key_handle_t key_handle, uint8_t *data, size_t data_size, size_t *data_length) { - psa_status_t status = psa_export_key_common(key, data, data_size, + psa_status_t status = psa_export_key_common(key_handle, data, data_size, data_length, PSA_EXPORT_KEY); return status; } -psa_status_t psa_export_public_key(psa_key_slot_t key, +psa_status_t psa_export_public_key(psa_key_handle_t key_handle, uint8_t *data, size_t data_size, size_t *data_length) { - psa_status_t status = psa_export_key_common(key, data, data_size, + psa_status_t status = psa_export_key_common(key_handle, data, data_size, data_length, PSA_EXPORT_PUBLIC_KEY); return status; } -psa_status_t psa_generate_key(psa_key_slot_t key, +psa_status_t psa_generate_key(psa_key_handle_t key_handle, psa_key_type_t type, size_t bits, const void *parameters, size_t parameters_size) { psa_error_t err_call; - psa_key_mng_ipc_t psa_key_mng_ipc = { 0, 0, 0 }; - psa_key_mng_ipc.key = key; + psa_key_mng_ipc_t psa_key_mng_ipc = { 0, 0, 0, 0 }; + psa_key_mng_ipc.handle = key_handle; psa_key_mng_ipc.type = type; psa_key_mng_ipc.func = PSA_GENERATE_KEY; psa_handle_t handle = PSA_NULL_HANDLE; @@ -1124,14 +1208,14 @@ psa_status_t psa_generator_read(psa_crypto_generator_t *generator, return ((psa_status_t) err_call); } -psa_status_t psa_generator_import_key(psa_key_slot_t key, +psa_status_t psa_generator_import_key(psa_key_handle_t key_handle, psa_key_type_t type, size_t bits, psa_crypto_generator_t *generator) { psa_error_t err_call; psa_crypto_derivation_ipc_t psa_crypto_ipc = { 0, 0, 0, 0 }; - psa_crypto_ipc.key = key; + psa_crypto_ipc.handle = key_handle; psa_crypto_ipc.func = PSA_GENERATOR_IMPORT_KEY; psa_invec_t in_vec[3] = { { &psa_crypto_ipc, sizeof(psa_crypto_ipc) }, { &type, sizeof(type) }, @@ -1151,7 +1235,7 @@ psa_status_t psa_generator_import_key(psa_key_slot_t key, } psa_status_t psa_key_derivation(psa_crypto_generator_t *generator, - psa_key_slot_t key, + psa_key_handle_t key_handle, psa_algorithm_t alg, const uint8_t *salt, size_t salt_length, @@ -1161,7 +1245,7 @@ psa_status_t psa_key_derivation(psa_crypto_generator_t *generator, { psa_error_t err_call; psa_crypto_derivation_ipc_t psa_crypto_ipc = { 0, 0, 0, 0 }; - psa_crypto_ipc.key = key; + psa_crypto_ipc.handle = key_handle; psa_crypto_ipc.alg = alg; psa_crypto_ipc.func = PSA_KEY_DERIVATION; psa_crypto_ipc.capacity = capacity; @@ -1186,14 +1270,14 @@ psa_status_t psa_key_derivation(psa_crypto_generator_t *generator, } psa_status_t psa_key_agreement(psa_crypto_generator_t *generator, - psa_key_slot_t private_key, + psa_key_handle_t private_key_handle, const uint8_t *peer_key, size_t peer_key_length, psa_algorithm_t alg) { psa_error_t err_call; psa_crypto_derivation_ipc_t psa_crypto_ipc = { 0, 0, 0, 0 }; - psa_crypto_ipc.key = private_key; + psa_crypto_ipc.handle = private_key_handle; psa_crypto_ipc.alg = alg; psa_crypto_ipc.func = PSA_KEY_AGREEMENT; @@ -1238,7 +1322,7 @@ psa_status_t psa_generator_abort(psa_crypto_generator_t *generator) /****************************************************************/ psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation, - psa_key_slot_t key, + psa_key_handle_t key_handle, psa_algorithm_t alg) { psa_error_t err; @@ -1246,7 +1330,7 @@ psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation, psa_invec_t in_vec; psa_crypto_ipc.func = PSA_CIPHER_ENCRYPT_SETUP; - psa_crypto_ipc.key = key; + psa_crypto_ipc.handle = key_handle; psa_crypto_ipc.alg = alg; in_vec.base = &psa_crypto_ipc; @@ -1265,7 +1349,7 @@ psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation, } psa_status_t psa_cipher_decrypt_setup(psa_cipher_operation_t *operation, - psa_key_slot_t key, + psa_key_handle_t key_handle, psa_algorithm_t alg) { psa_error_t err; @@ -1273,7 +1357,7 @@ psa_status_t psa_cipher_decrypt_setup(psa_cipher_operation_t *operation, psa_invec_t in_vec; psa_crypto_ipc.func = PSA_CIPHER_DECRYPT_SETUP; - psa_crypto_ipc.key = key; + psa_crypto_ipc.handle = key_handle; psa_crypto_ipc.alg = alg; in_vec = (psa_invec_t) { diff --git a/components/TARGET_PSA/services/crypto/COMPONENT_SPE/crypto_spe.h b/components/TARGET_PSA/services/crypto/COMPONENT_SPE/crypto_spe.h index 50dcf193fb..9ae16c6b7e 100644 --- a/components/TARGET_PSA/services/crypto/COMPONENT_SPE/crypto_spe.h +++ b/components/TARGET_PSA/services/crypto/COMPONENT_SPE/crypto_spe.h @@ -25,7 +25,6 @@ extern "C" { #define psa_set_key_policy psa_sec_set_key_policy #define psa_get_key_policy psa_sec_get_key_policy #define psa_get_key_lifetime psa_sec_get_key_lifetime -#define psa_set_key_lifetime psa_sec_set_key_lifetime #define psa_hash_setup psa_sec_hash_setup #define psa_hash_update psa_sec_hash_update #define psa_hash_finish psa_sec_hash_finish @@ -60,6 +59,11 @@ extern "C" { #define psa_key_agreement psa_sec_key_agreement #define psa_generator_abort psa_sec_generator_abort #define mbedtls_psa_inject_entropy mbedtls_psa_sec_inject_entropy +#define psa_allocate_key psa_sec_allocate_key +#define psa_open_key psa_sec_open_key +#define psa_create_key psa_sec_create_key +#define psa_close_key psa_sec_close_key +#define psa_hash_clone psa_sec_hash_clone #include "crypto.h" diff --git a/components/TARGET_PSA/services/crypto/COMPONENT_SPE/psa_crypto_partition.c b/components/TARGET_PSA/services/crypto/COMPONENT_SPE/psa_crypto_partition.c index 36ac8803f0..e34c28e472 100644 --- a/components/TARGET_PSA/services/crypto/COMPONENT_SPE/psa_crypto_partition.c +++ b/components/TARGET_PSA/services/crypto/COMPONENT_SPE/psa_crypto_partition.c @@ -121,14 +121,14 @@ static void psa_mac_operation(void) switch (psa_crypto.func) { case PSA_MAC_SIGN_SETUP: { status = psa_mac_sign_setup(msg.rhandle, - psa_crypto.key, + psa_crypto.handle, psa_crypto.alg); break; } case PSA_MAC_VERIFY_SETUP: { status = psa_mac_verify_setup(msg.rhandle, - psa_crypto.key, + psa_crypto.handle, psa_crypto.alg); break; } @@ -436,7 +436,7 @@ static void psa_asymmetric_operation(void) SPM_PANIC("SPM read length mismatch"); } - status = psa_asymmetric_sign(psa_crypto.key, + status = psa_asymmetric_sign(psa_crypto.handle, psa_crypto.alg, hash, msg.in_size[1], @@ -481,7 +481,7 @@ static void psa_asymmetric_operation(void) SPM_PANIC("SPM read length mismatch"); } - status = psa_asymmetric_verify(psa_crypto.key, + status = psa_asymmetric_verify(psa_crypto.handle, psa_crypto.alg, hash, msg.in_size[2], @@ -521,7 +521,7 @@ static void psa_asymmetric_operation(void) } if (psa_crypto.func == PSA_ASYMMETRIC_ENCRYPT) - status = psa_asymmetric_encrypt(psa_crypto.key, + status = psa_asymmetric_encrypt(psa_crypto.handle, psa_crypto.alg, input, psa_crypto.input_length, @@ -531,7 +531,7 @@ static void psa_asymmetric_operation(void) msg.out_size[0], &output_length); else - status = psa_asymmetric_decrypt(psa_crypto.key, + status = psa_asymmetric_decrypt(psa_crypto.handle, psa_crypto.alg, input, psa_crypto.input_length, @@ -628,7 +628,7 @@ static void psa_aead_operation() } if (psa_crypto.func == PSA_AEAD_ENCRYPT) - status = psa_aead_encrypt(psa_crypto.key, + status = psa_aead_encrypt(psa_crypto.handle, psa_crypto.alg, psa_crypto.nonce, (size_t)psa_crypto.nonce_size, @@ -640,7 +640,7 @@ static void psa_aead_operation() msg.out_size[0], &output_length); else - status = psa_aead_decrypt(psa_crypto.key, + status = psa_aead_decrypt(psa_crypto.handle, psa_crypto.alg, psa_crypto.nonce, (size_t)psa_crypto.nonce_size, @@ -717,14 +717,14 @@ static void psa_symmetric_operation(void) switch (psa_crypto_ipc.func) { case PSA_CIPHER_ENCRYPT_SETUP: { status = psa_cipher_encrypt_setup(msg.rhandle, - psa_crypto_ipc.key, + psa_crypto_ipc.handle, psa_crypto_ipc.alg); break; } case PSA_CIPHER_DECRYPT_SETUP: { status = psa_cipher_decrypt_setup(msg.rhandle, - psa_crypto_ipc.key, + psa_crypto_ipc.handle, psa_crypto_ipc.alg); break; } @@ -884,7 +884,7 @@ static void psa_key_management_operation(void) size_t lifetime_length = msg.out_size[0]; psa_key_lifetime_t lifetime; - status = psa_get_key_lifetime(psa_key_mng.key, + status = psa_get_key_lifetime(psa_key_mng.handle, &lifetime); if (status == PSA_SUCCESS) { psa_write(msg.handle, 0, @@ -894,20 +894,6 @@ static void psa_key_management_operation(void) break; } - case PSA_SET_KEY_LIFETIME: { - size_t lifetime_length = msg.in_size[1]; - psa_key_lifetime_t lifetime; - - bytes_read = psa_read(msg.handle, 1, - &lifetime, lifetime_length); - if (bytes_read != lifetime_length) { - SPM_PANIC("SPM read length mismatch"); - } - - status = psa_set_key_lifetime(psa_key_mng.key, lifetime); - break; - } - case PSA_SET_KEY_POLICY: { size_t policy_length = msg.in_size[1]; psa_key_policy_t policy; @@ -918,7 +904,7 @@ static void psa_key_management_operation(void) SPM_PANIC("SPM read length mismatch"); } - status = psa_set_key_policy(psa_key_mng.key, &policy); + status = psa_set_key_policy(psa_key_mng.handle, &policy); break; } @@ -926,7 +912,7 @@ static void psa_key_management_operation(void) size_t policy_size = msg.out_size[0]; psa_key_policy_t policy; - status = psa_get_key_policy(psa_key_mng.key, &policy); + status = psa_get_key_policy(psa_key_mng.handle, &policy); if (status == PSA_SUCCESS) { psa_write(msg.handle, 0, &policy, policy_size); } @@ -947,7 +933,7 @@ static void psa_key_management_operation(void) SPM_PANIC("SPM read length mismatch"); } - status = psa_import_key(psa_key_mng.key, + status = psa_import_key(psa_key_mng.handle, psa_key_mng.type, key, key_length); mbedtls_free(key); @@ -955,14 +941,14 @@ static void psa_key_management_operation(void) } case PSA_DESTROY_KEY: { - status = psa_destroy_key(psa_key_mng.key); + status = psa_destroy_key(psa_key_mng.handle); break; } case PSA_GET_KEY_INFORMATION: { psa_key_type_t type; size_t bits; - status = psa_get_key_information(psa_key_mng.key, + status = psa_get_key_information(psa_key_mng.handle, &type, &bits); if (status == PSA_SUCCESS) { if (msg.out_size[0] >= sizeof(psa_key_type_t)) @@ -985,7 +971,7 @@ static void psa_key_management_operation(void) break; } - status = psa_export_key(psa_key_mng.key, key, + status = psa_export_key(psa_key_mng.handle, key, key_length, &data_length); if (status == PSA_SUCCESS) { psa_write(msg.handle, 0, key, data_length); @@ -1006,7 +992,7 @@ static void psa_key_management_operation(void) break; } - status = psa_export_public_key(psa_key_mng.key, key, + status = psa_export_public_key(psa_key_mng.handle, key, key_length, &data_length); if (status == PSA_SUCCESS) { psa_write(msg.handle, 0, key, data_length); @@ -1043,7 +1029,7 @@ static void psa_key_management_operation(void) } } - status = psa_generate_key(psa_key_mng.key, + status = psa_generate_key(psa_key_mng.handle, psa_key_mng.type, bits, parameter, parameter_size); @@ -1051,6 +1037,54 @@ static void psa_key_management_operation(void) break; } + case PSA_ALLOCATE_KEY: { + status = psa_allocate_key(&psa_key_mng.handle); + if (status == PSA_SUCCESS) { + psa_write(msg.handle, 0, &psa_key_mng.handle, sizeof(psa_key_mng.handle)); + } + break; + } + + case PSA_CREATE_KEY: { + psa_key_id_t id = 0; + size_t max_bits = 0; + + bytes_read = psa_read(msg.handle, 1, &id, msg.in_size[1]); + if (bytes_read != msg.in_size[1]) { + SPM_PANIC("SPM read length mismatch"); + } + bytes_read = psa_read(msg.handle, 2, &max_bits, msg.in_size[2]); + if (bytes_read != msg.in_size[2]) { + SPM_PANIC("SPM read length mismatch"); + } + + status = psa_create_key(psa_key_mng.lifetime, id, &psa_key_mng.handle); + if (status == PSA_SUCCESS) { + psa_write(msg.handle, 0, &psa_key_mng.handle, sizeof(psa_key_mng.handle)); + } + break; + } + + case PSA_OPEN_KEY: { + psa_key_id_t id = 0; + + bytes_read = psa_read(msg.handle, 1, &id, msg.in_size[1]); + if (bytes_read != msg.in_size[1]) { + SPM_PANIC("SPM read length mismatch"); + } + + status = psa_open_key(psa_key_mng.lifetime, id, &psa_key_mng.handle); + if (status == PSA_SUCCESS) { + psa_write(msg.handle, 0, &psa_key_mng.handle, sizeof(psa_key_mng.handle)); + } + break; + } + + case PSA_CLOSE_KEY: { + status = psa_close_key(psa_key_mng.handle); + break; + } + default: { status = PSA_ERROR_NOT_SUPPORTED; break; @@ -1242,7 +1276,7 @@ void psa_crypto_generator_operations(void) SPM_PANIC("SPM read length mismatch"); } - status = psa_generator_import_key(psa_crypto_ipc.key, type, + status = psa_generator_import_key(psa_crypto_ipc.handle, type, bits, msg.rhandle); break; } @@ -1278,7 +1312,7 @@ void psa_crypto_generator_operations(void) SPM_PANIC("SPM read length mismatch"); } - status = psa_key_derivation(msg.rhandle, psa_crypto_ipc.key, + status = psa_key_derivation(msg.rhandle, psa_crypto_ipc.handle, psa_crypto_ipc.alg, salt, msg.in_size[1],//salt length @@ -1303,7 +1337,7 @@ void psa_crypto_generator_operations(void) SPM_PANIC("SPM read length mismatch"); } - status = psa_key_agreement(msg.rhandle, psa_crypto_ipc.key, + status = psa_key_agreement(msg.rhandle, psa_crypto_ipc.handle, private_key, msg.in_size[1],//private_key length psa_crypto_ipc.alg);