TF-M Reference Manual  1.2.0
TrustedFirmware-M
 All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
crypto_mac.c
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2019-2020, Arm Limited. All rights reserved.
3  *
4  * SPDX-License-Identifier: BSD-3-Clause
5  *
6  */
7 
8 #include <stddef.h>
9 #include <stdint.h>
10 
11 #include "tfm_mbedcrypto_include.h"
12 
13 #include "tfm_crypto_api.h"
14 #include "tfm_crypto_defs.h"
15 #include "tfm_crypto_private.h"
16 
24  size_t in_len,
25  psa_outvec out_vec[],
26  size_t out_len)
27 {
28 #ifdef TFM_CRYPTO_MAC_MODULE_DISABLED
30 #else
31  psa_status_t status = PSA_SUCCESS;
32  psa_mac_operation_t *operation = NULL;
33 
34  CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 1, 1, out_len, 1, 1);
35 
36  if ((out_vec[0].len != sizeof(uint32_t)) ||
37  (in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec))) {
39  }
40  const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
41  uint32_t handle = iov->op_handle;
42  uint32_t *handle_out = out_vec[0].base;
44  psa_algorithm_t alg = iov->alg;
45 
46  status = tfm_crypto_check_handle_owner(key_handle, NULL);
47  if (status != PSA_SUCCESS) {
48  return status;
49  }
50 
51  /* Init the handle in the operation with the one passed from the iov */
52  *handle_out = iov->op_handle;
53 
54  /* Allocate the operation context in the secure world */
56  &handle,
57  (void **)&operation);
58  if (status != PSA_SUCCESS) {
59  return status;
60  }
61 
62  *handle_out = handle;
63 
64  status = psa_mac_sign_setup(operation, key_handle, alg);
65  if (status != PSA_SUCCESS) {
66  /* Release the operation context, ignore if the operation fails. */
67  (void)tfm_crypto_operation_release(handle_out);
68  return status;
69  }
70 
71  return PSA_SUCCESS;
72 #endif /* TFM_CRYPTO_MAC_MODULE_DISABLED */
73 }
74 
76  size_t in_len,
77  psa_outvec out_vec[],
78  size_t out_len)
79 {
80 #ifdef TFM_CRYPTO_MAC_MODULE_DISABLED
82 #else
83  psa_status_t status = PSA_SUCCESS;
84  psa_mac_operation_t *operation = NULL;
85 
86  CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 1, 1, out_len, 1, 1);
87 
88  if ((out_vec[0].len != sizeof(uint32_t)) ||
89  (in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec))) {
91  }
92  const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
93  uint32_t handle = iov->op_handle;
94  uint32_t *handle_out = out_vec[0].base;
96  psa_algorithm_t alg = iov->alg;
97 
98  status = tfm_crypto_check_handle_owner(key_handle, NULL);
99  if (status != PSA_SUCCESS) {
100  return status;
101  }
102 
103  /* Init the handle in the operation with the one passed from the iov */
104  *handle_out = iov->op_handle;
105 
106  /* Allocate the operation context in the secure world */
108  &handle,
109  (void **)&operation);
110  if (status != PSA_SUCCESS) {
111  return status;
112  }
113 
114  *handle_out = handle;
115 
116  status = psa_mac_verify_setup(operation, key_handle, alg);
117  if (status != PSA_SUCCESS) {
118  /* Release the operation context, ignore if the operation fails. */
119  (void)tfm_crypto_operation_release(handle_out);
120  return status;
121  }
122 
123  return PSA_SUCCESS;
124 #endif /* TFM_CRYPTO_MAC_MODULE_DISABLED */
125 }
126 
128  size_t in_len,
129  psa_outvec out_vec[],
130  size_t out_len)
131 {
132 #ifdef TFM_CRYPTO_MAC_MODULE_DISABLED
134 #else
135  psa_status_t status = PSA_SUCCESS;
136  psa_mac_operation_t *operation = NULL;
137 
138  CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 1, 2, out_len, 1, 1);
139 
140  if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
141  (out_vec[0].len != sizeof(uint32_t))) {
143  }
144  const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
145  uint32_t handle = iov->op_handle;
146  uint32_t *handle_out = out_vec[0].base;
147  const uint8_t *input = in_vec[1].base;
148  size_t input_length = in_vec[1].len;
149 
150  /* Init the handle in the operation with the one passed from the iov */
151  *handle_out = iov->op_handle;
152 
153  /* Look up the corresponding operation context */
155  handle,
156  (void **)&operation);
157  if (status != PSA_SUCCESS) {
158  return status;
159  }
160 
161  status = psa_mac_update(operation, input, input_length);
162  if (status != PSA_SUCCESS) {
163  /* Release the operation context, ignore if the operation fails. */
164  (void)tfm_crypto_operation_release(handle_out);
165  return status;
166  }
167 
168  return PSA_SUCCESS;
169 #endif /* TFM_CRYPTO_MAC_MODULE_DISABLED */
170 }
171 
173  size_t in_len,
174  psa_outvec out_vec[],
175  size_t out_len)
176 {
177 #ifdef TFM_CRYPTO_MAC_MODULE_DISABLED
179 #else
180  psa_status_t status = PSA_SUCCESS;
181  psa_mac_operation_t *operation = NULL;
182 
183  CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 1, 1, out_len, 1, 2);
184 
185  if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
186  (out_vec[0].len != sizeof(uint32_t))) {
188  }
189  const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
190  uint32_t handle = iov->op_handle;
191  uint32_t *handle_out = out_vec[0].base;
192  uint8_t *mac = out_vec[1].base;
193  size_t mac_size = out_vec[1].len;
194 
195  /* Init the handle in the operation with the one passed from the iov */
196  *handle_out = iov->op_handle;
197 
198  /* Initialise mac_length to zero */
199  out_vec[1].len = 0;
200 
201  /* Look up the corresponding operation context */
203  handle,
204  (void **)&operation);
205  if (status != PSA_SUCCESS) {
206  return status;
207  }
208 
209  status = psa_mac_sign_finish(operation, mac, mac_size, &out_vec[1].len);
210  if (status != PSA_SUCCESS) {
211  /* Release the operation context, ignore if the operation fails. */
212  (void)tfm_crypto_operation_release(handle_out);
213  return status;
214  }
215 
216  status = tfm_crypto_operation_release(handle_out);
217 
218  return status;
219 #endif /* TFM_CRYPTO_MAC_MODULE_DISABLED */
220 }
221 
223  size_t in_len,
224  psa_outvec out_vec[],
225  size_t out_len)
226 {
227 #ifdef TFM_CRYPTO_MAC_MODULE_DISABLED
229 #else
230  psa_status_t status = PSA_SUCCESS;
231  psa_mac_operation_t *operation = NULL;
232 
233  CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 1, 2, out_len, 1, 1);
234 
235  if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
236  (out_vec[0].len != sizeof(uint32_t))) {
238  }
239  const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
240  uint32_t handle = iov->op_handle;
241  uint32_t *handle_out = out_vec[0].base;
242  const uint8_t *mac = in_vec[1].base;
243  size_t mac_length = in_vec[1].len;
244 
245  /* Init the handle in the operation with the one passed from the iov */
246  *handle_out = iov->op_handle;
247 
248  /* Look up the corresponding operation context */
250  handle,
251  (void **)&operation);
252  if (status != PSA_SUCCESS) {
253  return status;
254  }
255 
256  status = psa_mac_verify_finish(operation, mac, mac_length);
257  if (status != PSA_SUCCESS) {
258  /* Release the operation context, ignore if the operation fails. */
259  (void)tfm_crypto_operation_release(handle_out);
260  return status;
261  }
262 
263  status = tfm_crypto_operation_release(handle_out);
264 
265  return status;
266 #endif /* TFM_CRYPTO_MAC_MODULE_DISABLED */
267 }
268 
270  size_t in_len,
271  psa_outvec out_vec[],
272  size_t out_len)
273 {
274 #ifdef TFM_CRYPTO_MAC_MODULE_DISABLED
276 #else
277  psa_status_t status = PSA_SUCCESS;
278  psa_mac_operation_t *operation = NULL;
279 
280  CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 1, 1, out_len, 1, 1);
281 
282  if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
283  (out_vec[0].len != sizeof(uint32_t))) {
285  }
286  const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
287  uint32_t handle = iov->op_handle;
288  uint32_t *handle_out = out_vec[0].base;
289 
290  /* Init the handle in the operation with the one passed from the iov */
291  *handle_out = iov->op_handle;
292 
293  /* Look up the corresponding operation context */
295  handle,
296  (void **)&operation);
297  if (status != PSA_SUCCESS) {
298  /* Operation does not exist, so abort has no effect */
299  return PSA_SUCCESS;
300  }
301 
302  status = psa_mac_abort(operation);
303 
304  if (status != PSA_SUCCESS) {
305  /* Release the operation context, ignore if the operation fails. */
306  (void)tfm_crypto_operation_release(handle_out);
307  return status;
308  }
309 
310  status = tfm_crypto_operation_release(handle_out);
311 
312  return status;
313 #endif /* TFM_CRYPTO_MAC_MODULE_DISABLED */
314 }
315 
317  size_t in_len,
318  psa_outvec out_vec[],
319  size_t out_len)
320 {
321  /* FixMe: To be implemented */
323 }
324 
326  size_t in_len,
327  psa_outvec out_vec[],
328  size_t out_len)
329 {
330  /* FixMe: To be implemented */
332 }
psa_key_handle_t key_handle
psa_status_t tfm_crypto_check_handle_owner(psa_key_handle_t handle, uint32_t *index)
Checks that the requested handle belongs to the requesting partition.
Definition: crypto_key.c:86
Structure used to pack non-pointer types in a call.
#define psa_mac_update
Definition: crypto_spe.h:111
void * base
Definition: client.h:75
psa_status_t tfm_crypto_mac_verify(psa_invec in_vec[], size_t in_len, psa_outvec out_vec[], size_t out_len)
Definition: crypto_mac.c:325
#define psa_mac_sign_finish
Definition: crypto_spe.h:113
psa_status_t tfm_crypto_mac_sign_finish(psa_invec in_vec[], size_t in_len, psa_outvec out_vec[], size_t out_len)
Definition: crypto_mac.c:172
#define PSA_SUCCESS
Definition: crypto_values.h:35
psa_status_t tfm_crypto_operation_alloc(enum tfm_crypto_operation_type type, uint32_t *handle, void **ctx)
Allocate an operation context in the backend.
Definition: crypto_alloc.c:94
size_t len
Definition: client.h:68
#define psa_mac_sign_setup
Definition: crypto_spe.h:107
psa_algorithm_t alg
#define psa_mac_verify_setup
Definition: crypto_spe.h:109
psa_status_t tfm_crypto_mac_verify_setup(psa_invec in_vec[], size_t in_len, psa_outvec out_vec[], size_t out_len)
Definition: crypto_mac.c:75
psa_status_t tfm_crypto_mac_update(psa_invec in_vec[], size_t in_len, psa_outvec out_vec[], size_t out_len)
Definition: crypto_mac.c:127
psa_status_t tfm_crypto_operation_release(uint32_t *handle)
Release an operation context in the backend.
Definition: crypto_alloc.c:132
psa_status_t tfm_crypto_mac_verify_finish(psa_invec in_vec[], size_t in_len, psa_outvec out_vec[], size_t out_len)
Definition: crypto_mac.c:222
psa_status_t tfm_crypto_mac_abort(psa_invec in_vec[], size_t in_len, psa_outvec out_vec[], size_t out_len)
Definition: crypto_mac.c:269
uint32_t psa_algorithm_t
Encoding of a cryptographic algorithm.
Definition: crypto_types.h:90
psa_status_t tfm_crypto_mac_compute(psa_invec in_vec[], size_t in_len, psa_outvec out_vec[], size_t out_len)
Definition: crypto_mac.c:316
#define CRYPTO_IN_OUT_LEN_VALIDATE(in_len, in_min, in_max, out_len, out_min, out_max)
#define PSA_ERROR_PROGRAMMER_ERROR
Definition: error.h:32
_unsigned_integral_type_ psa_key_handle_t
Key handle.
Definition: crypto.h:35
#define PSA_ERROR_NOT_SUPPORTED
Definition: crypto_values.h:52
size_t len
Definition: client.h:76
#define psa_mac_verify_finish
Definition: crypto_spe.h:115
const void * base
Definition: client.h:67
psa_status_t tfm_crypto_operation_lookup(enum tfm_crypto_operation_type type, uint32_t handle, void **ctx)
Look up an operation context in the backend for the corresponding frontend operation.
Definition: crypto_alloc.c:159
int32_t psa_status_t
Function return status.
Definition: crypto_types.h:43
psa_status_t tfm_crypto_mac_sign_setup(psa_invec in_vec[], size_t in_len, psa_outvec out_vec[], size_t out_len)
Definition: crypto_mac.c:23
#define psa_mac_abort
Definition: crypto_spe.h:117