TF-M Reference Manual  1.2.0
TrustedFirmware-M
 All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
crypto_key_derivation.c
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2019-2020, Arm Limited. All rights reserved.
3  *
4  * SPDX-License-Identifier: BSD-3-Clause
5  *
6  */
7 
8 #include <stddef.h>
9 #include <stdint.h>
10 
11 #include "tfm_mbedcrypto_include.h"
12 
13 /* Required for mbedtls_calloc in tfm_crypto_huk_derivation_input_bytes */
14 #include "mbedtls/platform.h"
15 
16 #include "tfm_crypto_api.h"
17 #include "tfm_crypto_defs.h"
18 #include "tfm_memory_utils.h"
19 
20 #include "tfm_plat_crypto_keys.h"
21 #include "tfm_crypto_private.h"
22 
23 #ifdef TFM_PARTITION_TEST_PS
24 #include "psa_manifest/pid.h"
25 #endif /* TFM_PARTITION_TEST_PS */
26 
27 #ifndef TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED
28 static psa_status_t tfm_crypto_huk_derivation_setup(
31 {
32  operation->alg = TFM_CRYPTO_ALG_HUK_DERIVATION;
33  return PSA_SUCCESS;
34 }
35 
36 static psa_status_t tfm_crypto_huk_derivation_input_bytes(
39  const uint8_t *data,
40  size_t data_length)
41 {
42  psa_status_t status;
43  int32_t partition_id;
44 
45  if (step != PSA_KEY_DERIVATION_INPUT_LABEL) {
47  }
48 
49  /* Concatenate the caller's partition ID with the supplied label to prevent
50  * two different partitions from deriving the same key.
51  */
52  status = tfm_crypto_get_caller_id(&partition_id);
53  if (status != PSA_SUCCESS) {
54  return status;
55  }
56 
57 #ifdef TFM_PARTITION_TEST_PS
58  /* The PS tests run some operations under the wrong partition ID - this
59  * causes the key derivation to change.
60  */
61  if (partition_id == TFM_SP_PS_TEST) {
62  partition_id = TFM_SP_PS;
63  }
64 #endif /* TFM_PARTITION_TEST_PS */
65 
66  /* Put the label in the tls12_prf ctx to make it available in the output key
67  * step.
68  */
69  operation->ctx.tls12_prf.label = mbedtls_calloc(1, sizeof(partition_id)
70  + data_length);
71  if (operation->ctx.tls12_prf.label == NULL) {
73  }
74  (void)tfm_memcpy(operation->ctx.tls12_prf.label, &partition_id,
75  sizeof(partition_id));
76  (void)tfm_memcpy(operation->ctx.tls12_prf.label + sizeof(partition_id),
77  data, data_length);
78  operation->ctx.tls12_prf.label_length = sizeof(partition_id) + data_length;
79 
80  return PSA_SUCCESS;
81 }
82 
83 static psa_status_t tfm_crypto_huk_derivation_output_key(
84  const psa_key_attributes_t *attributes,
86  psa_key_handle_t *handle)
87 {
88  enum tfm_plat_err_t err;
89  size_t bytes = PSA_BITS_TO_BYTES(psa_get_key_bits(attributes));
90 
91  if (sizeof(operation->ctx.tls12_prf.output_block) < bytes) {
93  }
94 
95  /* Derive key material from the HUK and output it to the operation buffer */
96  err = tfm_plat_get_huk_derived_key(operation->ctx.tls12_prf.label,
97  operation->ctx.tls12_prf.label_length,
98  NULL, 0,
99  operation->ctx.tls12_prf.output_block,
100  bytes);
101  if (err != TFM_PLAT_ERR_SUCCESS) {
103  }
104 
105  return psa_import_key(attributes, operation->ctx.tls12_prf.output_block,
106  bytes, handle);
107 }
108 
109 static psa_status_t tfm_crypto_huk_derivation_abort(
111 {
112  if (operation->ctx.tls12_prf.label != NULL) {
113  (void)tfm_memset(operation->ctx.tls12_prf.label, 0,
114  operation->ctx.tls12_prf.label_length);
115  mbedtls_free(operation->ctx.tls12_prf.label);
116  }
117 
118  (void)tfm_memset(operation, 0, sizeof(*operation));
119 
120  return PSA_SUCCESS;
121 }
122 #endif /* TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED */
123 
131  size_t in_len,
132  psa_outvec out_vec[],
133  size_t out_len)
134 {
135 #ifdef TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED
137 #else
138  psa_status_t status = PSA_SUCCESS;
139  psa_key_derivation_operation_t *operation = NULL;
140 
141  CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 1, 1, out_len, 1, 1);
142 
143  if ((out_vec[0].len != sizeof(uint32_t)) ||
144  (in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec))) {
146  }
147  const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
148  uint32_t handle = iov->op_handle;
149  uint32_t *handle_out = out_vec[0].base;
150  psa_algorithm_t alg = iov->alg;
151 
152  /* Allocate the operation context in the secure world */
154  &handle,
155  (void **)&operation);
156  if (status != PSA_SUCCESS) {
157  return status;
158  }
159 
160  *handle_out = handle;
161 
162  if (alg == TFM_CRYPTO_ALG_HUK_DERIVATION) {
163  status = tfm_crypto_huk_derivation_setup(operation, alg);
164  } else {
165  status = psa_key_derivation_setup(operation, alg);
166  }
167  if (status != PSA_SUCCESS) {
168  /* Release the operation context, ignore if the operation fails. */
169  (void)tfm_crypto_operation_release(handle_out);
170  return status;
171  }
172 
173  return status;
174 #endif /* TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED */
175 }
176 
178  size_t in_len,
179  psa_outvec out_vec[],
180  size_t out_len)
181 {
182 #ifdef TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED
184 #else
185  psa_status_t status;
186 
187  CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 1, 1, out_len, 1, 1);
188 
189  if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
190  (out_vec[0].len != sizeof(size_t))) {
192  }
193  const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
194 
195  uint32_t handle = iov->op_handle;
196  size_t *capacity = out_vec[0].base;
197  psa_key_derivation_operation_t *operation = NULL;
198 
199  /* Look up the corresponding operation context */
201  handle,
202  (void **)&operation);
203  if (status != PSA_SUCCESS) {
204  *capacity = 0;
205  return status;
206  }
207 
208  return psa_key_derivation_get_capacity(operation, capacity);
209 #endif /* TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED */
210 }
211 
213  size_t in_len,
214  psa_outvec out_vec[],
215  size_t out_len)
216 {
217 #ifdef TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED
219 #else
220  psa_status_t status;
221 
222  CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 1, 1, out_len, 0, 0);
223 
224  if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec))) {
226  }
227  const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
228 
229  uint32_t handle = iov->op_handle;
230  size_t capacity = iov->capacity;
231  psa_key_derivation_operation_t *operation = NULL;
232 
233  /* Look up the corresponding operation context */
235  handle,
236  (void **)&operation);
237  if (status != PSA_SUCCESS) {
238  return status;
239  }
240 
241  return psa_key_derivation_set_capacity(operation, capacity);
242 #endif /* TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED */
243 }
244 
246  size_t in_len,
247  psa_outvec out_vec[],
248  size_t out_len)
249 {
250 #ifdef TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED
252 #else
253  psa_status_t status;
254 
255  CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 1, 2, out_len, 0, 0);
256 
257  if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec))) {
259  }
260  const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
261 
262  uint32_t handle = iov->op_handle;
263  psa_key_derivation_step_t step = iov->step;
264  const uint8_t *data = in_vec[1].base;
265  size_t data_length = in_vec[1].len;
266  psa_key_derivation_operation_t *operation = NULL;
267 
268  /* Look up the corresponding operation context */
270  handle,
271  (void **)&operation);
272  if (status != PSA_SUCCESS) {
273  return status;
274  }
275 
276  if (operation->alg == TFM_CRYPTO_ALG_HUK_DERIVATION) {
277  return tfm_crypto_huk_derivation_input_bytes(operation, step, data,
278  data_length);
279  } else {
280  return psa_key_derivation_input_bytes(operation, step, data,
281  data_length);
282  }
283 #endif /* TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED */
284 }
285 
287  size_t in_len,
288  psa_outvec out_vec[],
289  size_t out_len)
290 {
291 #ifdef TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED
293 #else
294  psa_status_t status;
295 
296  CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 1, 1, out_len, 0, 1);
297 
298  if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec))) {
300  }
301  const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
302 
303  uint32_t handle = iov->op_handle;
304  uint8_t *output = out_vec[0].base;
305  size_t output_length = out_vec[0].len;
306  psa_key_derivation_operation_t *operation = NULL;
307 
308  /* Look up the corresponding operation context */
310  handle,
311  (void **)&operation);
312  if (status != PSA_SUCCESS) {
313  return status;
314  }
315 
316  return psa_key_derivation_output_bytes(operation, output, output_length);
317 #endif /* TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED */
318 }
319 
321  size_t in_len,
322  psa_outvec out_vec[],
323  size_t out_len)
324 {
325 #ifdef TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED
327 #else
328  psa_status_t status;
329 
330  CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 1, 1, out_len, 0, 0);
331 
332  if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec))) {
334  }
335  const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
336 
337  uint32_t handle = iov->op_handle;
339  psa_key_derivation_step_t step = iov->step;
340  psa_key_derivation_operation_t *operation = NULL;
341 
342  status = tfm_crypto_check_handle_owner(key_handle, NULL);
343  if (status != PSA_SUCCESS) {
344  return status;
345  }
346 
347  /* Look up the corresponding operation context */
349  handle,
350  (void **)&operation);
351  if (status != PSA_SUCCESS) {
352  return status;
353  }
354 
355  return psa_key_derivation_input_key(operation, step, key_handle);
356 #endif /* TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED */
357 }
358 
360  size_t in_len,
361  psa_outvec out_vec[],
362  size_t out_len)
363 {
364 #ifdef TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED
366 #else
367  psa_status_t status;
368 
369  CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 2, 2, out_len, 1, 1);
370 
371  if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
372  (in_vec[1].len != sizeof(struct psa_client_key_attributes_s)) ||
373  (out_vec[0].len != sizeof(psa_key_handle_t))) {
375  }
376  const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
377 
378  uint32_t handle = iov->op_handle;
379  const struct psa_client_key_attributes_s *client_key_attr = in_vec[1].base;
380  psa_key_derivation_operation_t *operation = NULL;
381  psa_key_handle_t *key_handle = out_vec[0].base;
383  int32_t partition_id;
384  uint32_t index;
385 
386  /* Look up the corresponding operation context */
388  handle,
389  (void **)&operation);
390  if (status != PSA_SUCCESS) {
391  return status;
392  }
393 
394  status = tfm_crypto_check_key_storage(&index);
395  if (status != PSA_SUCCESS) {
396  return status;
397  }
398 
399  status = tfm_crypto_get_caller_id(&partition_id);
400  if (status != PSA_SUCCESS) {
401  return status;
402  }
403 
404  status = tfm_crypto_key_attributes_from_client(client_key_attr,
405  partition_id,
406  &key_attributes);
407  if (status != PSA_SUCCESS) {
408  return status;
409  }
410 
411  if (operation->alg == TFM_CRYPTO_ALG_HUK_DERIVATION) {
412  status = tfm_crypto_huk_derivation_output_key(&key_attributes,
413  operation, key_handle);
414  } else {
415  status = psa_key_derivation_output_key(&key_attributes, operation,
416  key_handle);
417  }
418  if (status == PSA_SUCCESS) {
419  status = tfm_crypto_set_key_storage(index, *key_handle);
420  }
421 
422  return status;
423 #endif /* TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED */
424 }
425 
427  size_t in_len,
428  psa_outvec out_vec[],
429  size_t out_len)
430 {
431 #ifdef TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED
433 #else
434  psa_status_t status;
435 
436  CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 1, 1, out_len, 1, 1);
437 
438  if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) ||
439  (out_vec[0].len != sizeof(uint32_t))) {
441  }
442  const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
443 
444  uint32_t handle = iov->op_handle;
445  uint32_t *handle_out = out_vec[0].base;
446  psa_key_derivation_operation_t *operation = NULL;
447 
448  /* Init the handle in the operation with the one passed from the iov */
449  *handle_out = iov->op_handle;
450 
451  /* Look up the corresponding operation context */
453  handle,
454  (void **)&operation);
455  if (status != PSA_SUCCESS) {
456  /* Operation does not exist, so abort has no effect */
457  return PSA_SUCCESS;
458  }
459 
460  *handle_out = handle;
461 
462  if (operation->alg == TFM_CRYPTO_ALG_HUK_DERIVATION) {
463  status = tfm_crypto_huk_derivation_abort(operation);
464  } else {
465  status = psa_key_derivation_abort(operation);
466  }
467  if (status != PSA_SUCCESS) {
468  /* Release the operation context, ignore if the operation fails. */
469  (void)tfm_crypto_operation_release(handle_out);
470  return status;
471  }
472 
473  status = tfm_crypto_operation_release(handle_out);
474 
475  return status;
476 #endif /* TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED */
477 }
478 
480  size_t in_len,
481  psa_outvec out_vec[],
482  size_t out_len)
483 {
484 #ifdef TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED
486 #else
487  psa_status_t status;
488 
489  CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 1, 2, out_len, 0, 0);
490 
491  if ((in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec))) {
493  }
494  const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
495 
496  uint32_t handle = iov->op_handle;
497  psa_key_handle_t private_key = iov->key_handle;
498  const uint8_t *peer_key = in_vec[1].base;
499  size_t peer_key_length = in_vec[1].len;
500  psa_key_derivation_operation_t *operation = NULL;
501  psa_key_derivation_step_t step = iov->step;
502 
503  status = tfm_crypto_check_handle_owner(private_key, NULL);
504  if (status != PSA_SUCCESS) {
505  return status;
506  }
507 
508  /* Look up the corresponding operation context */
510  handle,
511  (void **)&operation);
512  if (status != PSA_SUCCESS) {
513  return status;
514  }
515 
516  return psa_key_derivation_key_agreement(operation, step,
517  private_key,
518  peer_key,
519  peer_key_length);
520 #endif /* TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED */
521 }
522 
524  size_t in_len,
525  psa_outvec out_vec[],
526  size_t out_len)
527 {
528 #ifdef TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED
530 #else
531 
532  CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 1, 1, out_len, 0, 1);
533 
534  if (in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) {
536  }
537  uint8_t *output = out_vec[0].base;
538  size_t output_size = out_vec[0].len;
539 
540  return psa_generate_random(output, output_size);
541 #endif /* TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED */
542 }
543 
545  size_t in_len,
546  psa_outvec out_vec[],
547  size_t out_len)
548 {
549 #ifdef TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED
551 #else
552 
553  CRYPTO_IN_OUT_LEN_VALIDATE(in_len, 1, 2, out_len, 0, 1);
554 
555  if (in_vec[0].len != sizeof(struct tfm_crypto_pack_iovec)) {
557  }
558  const struct tfm_crypto_pack_iovec *iov = in_vec[0].base;
559  uint8_t *output = out_vec[0].base;
560  size_t output_size = out_vec[0].len;
561  psa_algorithm_t alg = iov->alg;
562  psa_key_handle_t private_key = iov->key_handle;
563  const uint8_t *peer_key = in_vec[1].base;
564  size_t peer_key_length = in_vec[1].len;
565 
566  return psa_raw_key_agreement(alg, private_key, peer_key, peer_key_length,
567  output, output_size, &out_vec[0].len);
568 #endif /* TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED */
569 }
psa_key_handle_t key_handle
psa_status_t tfm_crypto_check_handle_owner(psa_key_handle_t handle, uint32_t *index)
Checks that the requested handle belongs to the requesting partition.
Definition: crypto_key.c:86
Structure used to pack non-pointer types in a call.
void * base
Definition: client.h:75
#define psa_key_derivation_get_capacity
Definition: crypto_spe.h:27
#define psa_key_derivation_set_capacity
Definition: crypto_spe.h:29
psa_status_t tfm_crypto_key_derivation_input_bytes(psa_invec in_vec[], size_t in_len, psa_outvec out_vec[], size_t out_len)
__STATIC_INLINE void * tfm_memset(void *ptr, int value, size_t num)
#define PSA_SUCCESS
Definition: crypto_values.h:35
psa_status_t tfm_crypto_operation_alloc(enum tfm_crypto_operation_type type, uint32_t *handle, void **ctx)
Allocate an operation context in the backend.
Definition: crypto_alloc.c:94
psa_status_t tfm_crypto_key_derivation_set_capacity(psa_invec in_vec[], size_t in_len, psa_outvec out_vec[], size_t out_len)
#define psa_generate_random
Definition: crypto_spe.h:47
size_t len
Definition: client.h:68
uint16_t psa_key_derivation_step_t
Encoding of the step of a key derivation.
Definition: crypto_types.h:356
psa_status_t tfm_crypto_key_attributes_from_client(const struct psa_client_key_attributes_s *client_key_attr, int32_t client_id, psa_key_attributes_t *key_attributes)
Gets key attributes from client key attributes.
Definition: crypto_key.c:37
psa_status_t tfm_crypto_generate_random(psa_invec in_vec[], size_t in_len, psa_outvec out_vec[], size_t out_len)
psa_algorithm_t alg
psa_status_t tfm_crypto_key_derivation_key_agreement(psa_invec in_vec[], size_t in_len, psa_outvec out_vec[], size_t out_len)
#define PSA_KEY_DERIVATION_INPUT_LABEL
psa_status_t tfm_crypto_key_derivation_get_capacity(psa_invec in_vec[], size_t in_len, psa_outvec out_vec[], size_t out_len)
#define PSA_KEY_ATTRIBUTES_INIT
Definition: crypto.h:113
#define PSA_ERROR_INSUFFICIENT_MEMORY
psa_status_t tfm_crypto_get_caller_id(int32_t *id)
Returns the ID of the caller.
Definition: crypto_init.c:314
#define psa_import_key
Definition: crypto_spe.h:57
psa_status_t tfm_crypto_operation_release(uint32_t *handle)
Release an operation context in the backend.
Definition: crypto_alloc.c:132
psa_status_t tfm_crypto_key_derivation_abort(psa_invec in_vec[], size_t in_len, psa_outvec out_vec[], size_t out_len)
#define TFM_SP_PS
Definition: pid.h:17
#define psa_key_derivation_output_key
Definition: crypto_spe.h:37
#define psa_key_derivation_output_bytes
Definition: crypto_spe.h:33
#define PSA_ERROR_INVALID_ARGUMENT
#define psa_key_derivation_input_key
Definition: crypto_spe.h:35
#define psa_key_derivation_input_bytes
Definition: crypto_spe.h:31
uint32_t psa_algorithm_t
Encoding of a cryptographic algorithm.
Definition: crypto_types.h:90
#define psa_raw_key_agreement
Definition: crypto_spe.h:45
#define TFM_SP_PS_TEST
Definition: pid.h:29
#define psa_key_derivation_setup
Definition: crypto_spe.h:39
psa_status_t tfm_crypto_key_derivation_output_key(psa_invec in_vec[], size_t in_len, psa_outvec out_vec[], size_t out_len)
#define CRYPTO_IN_OUT_LEN_VALIDATE(in_len, in_min, in_max, out_len, out_min, out_max)
psa_status_t tfm_crypto_set_key_storage(uint32_t index, psa_key_handle_t key_handle)
Sets the index of the local storage in use with a key requested by the calling partition, and stores the corresponding key_handle.
Definition: crypto_key.c:136
#define PSA_ERROR_PROGRAMMER_ERROR
Definition: error.h:32
_unsigned_integral_type_ psa_key_handle_t
Key handle.
Definition: crypto.h:35
#define PSA_ERROR_HARDWARE_FAILURE
#define PSA_ERROR_NOT_SUPPORTED
Definition: crypto_values.h:52
psa_status_t tfm_crypto_key_derivation_input_key(psa_invec in_vec[], size_t in_len, psa_outvec out_vec[], size_t out_len)
#define psa_key_derivation_abort
Definition: crypto_spe.h:41
size_t len
Definition: client.h:76
psa_status_t tfm_crypto_check_key_storage(uint32_t *index)
Checks that there is enough local storage in RAM to keep another key, and returns the index of the st...
Definition: crypto_key.c:118
__STATIC_INLINE void * tfm_memcpy(void *dest, const void *src, size_t num)
#define TFM_CRYPTO_ALG_HUK_DERIVATION
The algorithm identifier that refers to key derivation from the hardware unique key.
#define psa_key_derivation_key_agreement
Definition: crypto_spe.h:43
psa_status_t tfm_crypto_key_derivation_setup(psa_invec in_vec[], size_t in_len, psa_outvec out_vec[], size_t out_len)
psa_status_t tfm_crypto_key_derivation_output_bytes(psa_invec in_vec[], size_t in_len, psa_outvec out_vec[], size_t out_len)
const void * base
Definition: client.h:67
psa_status_t tfm_crypto_operation_lookup(enum tfm_crypto_operation_type type, uint32_t handle, void **ctx)
Look up an operation context in the backend for the corresponding frontend operation.
Definition: crypto_alloc.c:159
int32_t psa_status_t
Function return status.
Definition: crypto_types.h:43
#define PSA_BITS_TO_BYTES(bits)
Definition: crypto_sizes.h:33
psa_status_t tfm_crypto_raw_key_agreement(psa_invec in_vec[], size_t in_len, psa_outvec out_vec[], size_t out_len)