1 /* 2 * SPDX-FileCopyrightText: Copyright The TrustedFirmware-M Contributors 3 * 4 * SPDX-License-Identifier: BSD-3-Clause 5 * 6 */ 7 8 #ifndef __TFM_CRYPTO_DEFS_H__ 9 #define __TFM_CRYPTO_DEFS_H__ 10 11 #ifdef __cplusplus 12 extern "C" { 13 #endif 14 15 #include "psa/crypto.h" 16 #ifdef PLATFORM_DEFAULT_CRYPTO_KEYS 17 #include "crypto_keys/tfm_builtin_key_ids.h" 18 #else 19 #include "tfm_builtin_key_ids.h" 20 #endif /* PLATFORM_DEFAULT_CRYPTO_KEYS */ 21 22 /** 23 * \brief The maximum supported length of a nonce through the TF-M 24 * interfaces 25 */ 26 #define TFM_CRYPTO_MAX_NONCE_LENGTH (16u) 27 28 /** 29 * \brief This type is used to overcome a limitation in the number of maximum 30 * IOVECs that can be used especially in psa_aead_encrypt and 31 * psa_aead_decrypt. By using this type we pack the nonce and the actual 32 * nonce_length at part of the same structure 33 */ 34 struct tfm_crypto_aead_pack_input { 35 uint8_t nonce[TFM_CRYPTO_MAX_NONCE_LENGTH]; 36 uint32_t nonce_length; 37 }; 38 39 /** 40 * \brief Structure used to pack non-pointer types in a call to PSA Crypto APIs 41 * 42 */ 43 struct tfm_crypto_pack_iovec { 44 psa_key_id_t key_id; /*!< Key id */ 45 psa_algorithm_t alg; /*!< Algorithm */ 46 uint32_t op_handle; /*!< Client context handle associated to a 47 * multipart operation 48 */ 49 uint32_t ad_length; /*!< Additional Data length for multipart AEAD */ 50 uint32_t plaintext_length; /*!< Plaintext length for multipart AEAD */ 51 52 struct tfm_crypto_aead_pack_input aead_in; /*!< Packs AEAD-related inputs */ 53 54 uint16_t function_id; /*!< Used to identify the function in the 55 * API dispatcher to the service backend 56 * See tfm_crypto_func_sid for detail 57 */ 58 uint16_t step; /*!< Key derivation step */ 59 union { 60 uint32_t capacity; /*!< Key derivation capacity */ 61 uint64_t value; /*!< Key derivation integer for update*/ 62 }; 63 }; 64 65 /** 66 * \brief Type associated to the group of a function encoding. There can be 67 * nine groups (Random, Key management, Hash, MAC, Cipher, AEAD, 68 * Asym sign, Asym encrypt, Key derivation). 69 */ 70 enum tfm_crypto_group_id_t { 71 TFM_CRYPTO_GROUP_ID_RANDOM = UINT8_C(1), 72 TFM_CRYPTO_GROUP_ID_KEY_MANAGEMENT = UINT8_C(2), 73 TFM_CRYPTO_GROUP_ID_HASH = UINT8_C(3), 74 TFM_CRYPTO_GROUP_ID_MAC = UINT8_C(4), 75 TFM_CRYPTO_GROUP_ID_CIPHER = UINT8_C(5), 76 TFM_CRYPTO_GROUP_ID_AEAD = UINT8_C(6), 77 TFM_CRYPTO_GROUP_ID_ASYM_SIGN = UINT8_C(7), 78 TFM_CRYPTO_GROUP_ID_ASYM_ENCRYPT = UINT8_C(8), 79 TFM_CRYPTO_GROUP_ID_KEY_DERIVATION = UINT8_C(9) 80 }; 81 82 /* Set of X macros describing each of the available PSA Crypto APIs */ 83 #define RANDOM_FUNCS \ 84 X(TFM_CRYPTO_GENERATE_RANDOM) 85 86 #define KEY_MANAGEMENT_FUNCS \ 87 X(TFM_CRYPTO_GET_KEY_ATTRIBUTES) \ 88 X(TFM_CRYPTO_OPEN_KEY) \ 89 X(TFM_CRYPTO_CLOSE_KEY) \ 90 X(TFM_CRYPTO_IMPORT_KEY) \ 91 X(TFM_CRYPTO_DESTROY_KEY) \ 92 X(TFM_CRYPTO_EXPORT_KEY) \ 93 X(TFM_CRYPTO_EXPORT_PUBLIC_KEY) \ 94 X(TFM_CRYPTO_PURGE_KEY) \ 95 X(TFM_CRYPTO_COPY_KEY) \ 96 X(TFM_CRYPTO_GENERATE_KEY) 97 98 #define HASH_FUNCS \ 99 X(TFM_CRYPTO_HASH_COMPUTE) \ 100 X(TFM_CRYPTO_HASH_COMPARE) \ 101 X(TFM_CRYPTO_HASH_SETUP) \ 102 X(TFM_CRYPTO_HASH_UPDATE) \ 103 X(TFM_CRYPTO_HASH_CLONE) \ 104 X(TFM_CRYPTO_HASH_FINISH) \ 105 X(TFM_CRYPTO_HASH_VERIFY) \ 106 X(TFM_CRYPTO_HASH_ABORT) \ 107 X(TFM_CRYPTO_CAN_DO_HASH) 108 109 #define MAC_FUNCS \ 110 X(TFM_CRYPTO_MAC_COMPUTE) \ 111 X(TFM_CRYPTO_MAC_VERIFY) \ 112 X(TFM_CRYPTO_MAC_SIGN_SETUP) \ 113 X(TFM_CRYPTO_MAC_VERIFY_SETUP) \ 114 X(TFM_CRYPTO_MAC_UPDATE) \ 115 X(TFM_CRYPTO_MAC_SIGN_FINISH) \ 116 X(TFM_CRYPTO_MAC_VERIFY_FINISH) \ 117 X(TFM_CRYPTO_MAC_ABORT) 118 119 #define CIPHER_FUNCS \ 120 X(TFM_CRYPTO_CIPHER_ENCRYPT) \ 121 X(TFM_CRYPTO_CIPHER_DECRYPT) \ 122 X(TFM_CRYPTO_CIPHER_ENCRYPT_SETUP) \ 123 X(TFM_CRYPTO_CIPHER_DECRYPT_SETUP) \ 124 X(TFM_CRYPTO_CIPHER_GENERATE_IV) \ 125 X(TFM_CRYPTO_CIPHER_SET_IV) \ 126 X(TFM_CRYPTO_CIPHER_UPDATE) \ 127 X(TFM_CRYPTO_CIPHER_FINISH) \ 128 X(TFM_CRYPTO_CIPHER_ABORT) \ 129 X(TFM_CRYPTO_CAN_DO_CIPHER) 130 131 #define AEAD_FUNCS \ 132 X(TFM_CRYPTO_AEAD_ENCRYPT) \ 133 X(TFM_CRYPTO_AEAD_DECRYPT) \ 134 X(TFM_CRYPTO_AEAD_ENCRYPT_SETUP) \ 135 X(TFM_CRYPTO_AEAD_DECRYPT_SETUP) \ 136 X(TFM_CRYPTO_AEAD_GENERATE_NONCE) \ 137 X(TFM_CRYPTO_AEAD_SET_NONCE) \ 138 X(TFM_CRYPTO_AEAD_SET_LENGTHS) \ 139 X(TFM_CRYPTO_AEAD_UPDATE_AD) \ 140 X(TFM_CRYPTO_AEAD_UPDATE) \ 141 X(TFM_CRYPTO_AEAD_FINISH) \ 142 X(TFM_CRYPTO_AEAD_VERIFY) \ 143 X(TFM_CRYPTO_AEAD_ABORT) 144 145 #define ASYM_SIGN_FUNCS \ 146 X(TFM_CRYPTO_ASYMMETRIC_SIGN_MESSAGE) \ 147 X(TFM_CRYPTO_ASYMMETRIC_VERIFY_MESSAGE) \ 148 X(TFM_CRYPTO_ASYMMETRIC_SIGN_HASH) \ 149 X(TFM_CRYPTO_ASYMMETRIC_VERIFY_HASH) 150 151 #define ASYM_ENCRYPT_FUNCS \ 152 X(TFM_CRYPTO_ASYMMETRIC_ENCRYPT) \ 153 X(TFM_CRYPTO_ASYMMETRIC_DECRYPT) 154 155 #define KEY_DERIVATION_FUNCS \ 156 X(TFM_CRYPTO_RAW_KEY_AGREEMENT) \ 157 X(TFM_CRYPTO_KEY_DERIVATION_SETUP) \ 158 X(TFM_CRYPTO_KEY_DERIVATION_GET_CAPACITY) \ 159 X(TFM_CRYPTO_KEY_DERIVATION_SET_CAPACITY) \ 160 X(TFM_CRYPTO_KEY_DERIVATION_INPUT_BYTES) \ 161 X(TFM_CRYPTO_KEY_DERIVATION_INPUT_KEY) \ 162 X(TFM_CRYPTO_KEY_DERIVATION_INPUT_INTEGER) \ 163 X(TFM_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT) \ 164 X(TFM_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES) \ 165 X(TFM_CRYPTO_KEY_DERIVATION_OUTPUT_KEY) \ 166 X(TFM_CRYPTO_KEY_DERIVATION_ABORT) 167 168 #define BASE__VALUE(x) ((uint16_t)((((uint16_t)(x)) << 8) & 0xFF00)) 169 170 /** 171 * \brief This type defines numerical progressive values identifying a function API 172 * exposed through the interfaces (S or NS). It's used to dispatch the requests 173 * from S/NS to the corresponding API implementation in the Crypto service backend. 174 * 175 * \note Each function SID is encoded as uint16_t. 176 * +------------+------------+ 177 * | Group ID | Func ID | 178 * +------------+------------+ 179 * (MSB)15 8 7 0(LSB) 180 * 181 */ 182 enum tfm_crypto_func_sid_t { 183 #define X(FUNCTION_NAME) FUNCTION_NAME ## _SID, 184 BASE__RANDOM = BASE__VALUE(TFM_CRYPTO_GROUP_ID_RANDOM) - 1, 185 RANDOM_FUNCS 186 BASE__KEY_MANAGEMENT = BASE__VALUE(TFM_CRYPTO_GROUP_ID_KEY_MANAGEMENT) - 1, 187 KEY_MANAGEMENT_FUNCS 188 BASE__HASH = BASE__VALUE(TFM_CRYPTO_GROUP_ID_HASH) - 1, 189 HASH_FUNCS 190 BASE__MAC = BASE__VALUE(TFM_CRYPTO_GROUP_ID_MAC) - 1, 191 MAC_FUNCS 192 BASE__CIPHER = BASE__VALUE(TFM_CRYPTO_GROUP_ID_CIPHER) - 1, 193 CIPHER_FUNCS 194 BASE__AEAD = BASE__VALUE(TFM_CRYPTO_GROUP_ID_AEAD) - 1, 195 AEAD_FUNCS 196 BASE__ASYM_SIGN = BASE__VALUE(TFM_CRYPTO_GROUP_ID_ASYM_SIGN) - 1, 197 ASYM_SIGN_FUNCS 198 BASE__ASYM_ENCRYPT = BASE__VALUE(TFM_CRYPTO_GROUP_ID_ASYM_ENCRYPT) - 1, 199 ASYM_ENCRYPT_FUNCS 200 BASE__KEY_DERIVATION = BASE__VALUE(TFM_CRYPTO_GROUP_ID_KEY_DERIVATION) - 1, 201 KEY_DERIVATION_FUNCS 202 #undef X 203 }; 204 205 /** 206 * \brief This macro is used to extract the group_id from an encoded function id 207 * by accessing the upper 8 bits. A \a _function_id is uint16_t type 208 */ 209 #define TFM_CRYPTO_GET_GROUP_ID(_function_id) \ 210 ((enum tfm_crypto_group_id_t)(((uint16_t)(_function_id) >> 8) & 0xFF)) 211 212 #ifdef __cplusplus 213 } 214 #endif 215 216 #endif /* __TFM_CRYPTO_DEFS_H__ */ 217