14 #include "mbedtls/platform.h"
20 #include "tfm_plat_crypto_keys.h"
23 #ifdef TFM_PARTITION_TEST_PS
27 #ifndef TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED
36 static psa_status_t tfm_crypto_huk_derivation_input_bytes(
57 #ifdef TFM_PARTITION_TEST_PS
69 operation->ctx.tls12_prf.label = mbedtls_calloc(1,
sizeof(partition_id)
71 if (operation->ctx.tls12_prf.label == NULL) {
74 (void)
tfm_memcpy(operation->ctx.tls12_prf.label, &partition_id,
75 sizeof(partition_id));
76 (void)
tfm_memcpy(operation->ctx.tls12_prf.label +
sizeof(partition_id),
78 operation->ctx.tls12_prf.label_length =
sizeof(partition_id) + data_length;
83 static psa_status_t tfm_crypto_huk_derivation_output_key(
88 enum tfm_plat_err_t err;
91 if (
sizeof(operation->ctx.tls12_prf.output_block) < bytes) {
96 err = tfm_plat_get_huk_derived_key(operation->ctx.tls12_prf.label,
97 operation->ctx.tls12_prf.label_length,
99 operation->ctx.tls12_prf.output_block,
101 if (err != TFM_PLAT_ERR_SUCCESS) {
105 return psa_import_key(attributes, operation->ctx.tls12_prf.output_block,
112 if (operation->ctx.tls12_prf.label != NULL) {
113 (void)
tfm_memset(operation->ctx.tls12_prf.label, 0,
114 operation->ctx.tls12_prf.label_length);
115 mbedtls_free(operation->ctx.tls12_prf.label);
118 (void)
tfm_memset(operation, 0,
sizeof(*operation));
135 #ifdef TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED
143 if ((out_vec[0].len !=
sizeof(uint32_t)) ||
149 uint32_t *handle_out = out_vec[0].
base;
155 (
void **)&operation);
160 *handle_out = handle;
163 status = tfm_crypto_huk_derivation_setup(operation, alg);
182 #ifdef TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED
190 (out_vec[0].len !=
sizeof(
size_t))) {
202 (
void **)&operation);
217 #ifdef TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED
236 (
void **)&operation);
250 #ifdef TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED
264 const uint8_t *data = in_vec[1].
base;
265 size_t data_length = in_vec[1].
len;
271 (
void **)&operation);
277 return tfm_crypto_huk_derivation_input_bytes(operation, step, data,
291 #ifdef TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED
304 uint8_t *output = out_vec[0].
base;
305 size_t output_length = out_vec[0].
len;
311 (
void **)&operation);
325 #ifdef TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED
350 (
void **)&operation);
364 #ifdef TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED
383 int32_t partition_id;
389 (
void **)&operation);
412 status = tfm_crypto_huk_derivation_output_key(&key_attributes,
413 operation, key_handle);
431 #ifdef TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED
439 (out_vec[0].len !=
sizeof(uint32_t))) {
445 uint32_t *handle_out = out_vec[0].
base;
454 (
void **)&operation);
460 *handle_out = handle;
463 status = tfm_crypto_huk_derivation_abort(operation);
484 #ifdef TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED
498 const uint8_t *peer_key = in_vec[1].
base;
499 size_t peer_key_length = in_vec[1].
len;
511 (
void **)&operation);
528 #ifdef TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED
537 uint8_t *output = out_vec[0].
base;
538 size_t output_size = out_vec[0].
len;
549 #ifdef TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED
559 uint8_t *output = out_vec[0].
base;
560 size_t output_size = out_vec[0].
len;
563 const uint8_t *peer_key = in_vec[1].
base;
564 size_t peer_key_length = in_vec[1].
len;
567 output, output_size, &out_vec[0].len);
psa_key_handle_t key_handle
psa_status_t tfm_crypto_check_handle_owner(psa_key_handle_t handle, uint32_t *index)
Checks that the requested handle belongs to the requesting partition.
Structure used to pack non-pointer types in a call.
#define psa_key_derivation_get_capacity
#define psa_key_derivation_set_capacity
psa_status_t tfm_crypto_key_derivation_input_bytes(psa_invec in_vec[], size_t in_len, psa_outvec out_vec[], size_t out_len)
__STATIC_INLINE void * tfm_memset(void *ptr, int value, size_t num)
psa_status_t tfm_crypto_operation_alloc(enum tfm_crypto_operation_type type, uint32_t *handle, void **ctx)
Allocate an operation context in the backend.
psa_status_t tfm_crypto_key_derivation_set_capacity(psa_invec in_vec[], size_t in_len, psa_outvec out_vec[], size_t out_len)
#define psa_generate_random
uint16_t psa_key_derivation_step_t
Encoding of the step of a key derivation.
psa_status_t tfm_crypto_key_attributes_from_client(const struct psa_client_key_attributes_s *client_key_attr, int32_t client_id, psa_key_attributes_t *key_attributes)
Gets key attributes from client key attributes.
psa_status_t tfm_crypto_generate_random(psa_invec in_vec[], size_t in_len, psa_outvec out_vec[], size_t out_len)
psa_status_t tfm_crypto_key_derivation_key_agreement(psa_invec in_vec[], size_t in_len, psa_outvec out_vec[], size_t out_len)
#define PSA_KEY_DERIVATION_INPUT_LABEL
psa_status_t tfm_crypto_key_derivation_get_capacity(psa_invec in_vec[], size_t in_len, psa_outvec out_vec[], size_t out_len)
#define PSA_KEY_ATTRIBUTES_INIT
#define PSA_ERROR_INSUFFICIENT_MEMORY
psa_status_t tfm_crypto_get_caller_id(int32_t *id)
Returns the ID of the caller.
psa_status_t tfm_crypto_operation_release(uint32_t *handle)
Release an operation context in the backend.
psa_status_t tfm_crypto_key_derivation_abort(psa_invec in_vec[], size_t in_len, psa_outvec out_vec[], size_t out_len)
#define psa_key_derivation_output_key
#define psa_key_derivation_output_bytes
#define PSA_ERROR_INVALID_ARGUMENT
#define psa_key_derivation_input_key
#define psa_key_derivation_input_bytes
uint32_t psa_algorithm_t
Encoding of a cryptographic algorithm.
#define psa_raw_key_agreement
#define psa_key_derivation_setup
psa_status_t tfm_crypto_key_derivation_output_key(psa_invec in_vec[], size_t in_len, psa_outvec out_vec[], size_t out_len)
#define CRYPTO_IN_OUT_LEN_VALIDATE(in_len, in_min, in_max, out_len, out_min, out_max)
psa_status_t tfm_crypto_set_key_storage(uint32_t index, psa_key_handle_t key_handle)
Sets the index of the local storage in use with a key requested by the calling partition, and stores the corresponding key_handle.
#define PSA_ERROR_PROGRAMMER_ERROR
#define PSA_ERROR_HARDWARE_FAILURE
#define PSA_ERROR_NOT_SUPPORTED
psa_status_t tfm_crypto_key_derivation_input_key(psa_invec in_vec[], size_t in_len, psa_outvec out_vec[], size_t out_len)
#define psa_key_derivation_abort
psa_status_t tfm_crypto_check_key_storage(uint32_t *index)
Checks that there is enough local storage in RAM to keep another key, and returns the index of the st...
__STATIC_INLINE void * tfm_memcpy(void *dest, const void *src, size_t num)
#define TFM_CRYPTO_ALG_HUK_DERIVATION
The algorithm identifier that refers to key derivation from the hardware unique key.
#define psa_key_derivation_key_agreement
psa_status_t tfm_crypto_key_derivation_setup(psa_invec in_vec[], size_t in_len, psa_outvec out_vec[], size_t out_len)
psa_status_t tfm_crypto_key_derivation_output_bytes(psa_invec in_vec[], size_t in_len, psa_outvec out_vec[], size_t out_len)
psa_status_t tfm_crypto_operation_lookup(enum tfm_crypto_operation_type type, uint32_t handle, void **ctx)
Look up an operation context in the backend for the corresponding frontend operation.
int32_t psa_status_t
Function return status.
#define PSA_BITS_TO_BYTES(bits)
psa_status_t tfm_crypto_raw_key_agreement(psa_invec in_vec[], size_t in_len, psa_outvec out_vec[], size_t out_len)