1 /* 2 * Copyright (c) 2017-2021, Arm Limited. All rights reserved. 3 * Copyright (c) 2024 Cypress Semiconductor Corporation (an Infineon company) 4 * or an affiliate of Cypress Semiconductor Corporation. All rights reserved. 5 * 6 * SPDX-License-Identifier: BSD-3-Clause 7 * 8 */ 9 10 #ifndef __PS_CRYPTO_INTERFACE_H__ 11 #define __PS_CRYPTO_INTERFACE_H__ 12 13 #include <stddef.h> 14 #include <stdint.h> 15 16 #include "psa/protected_storage.h" 17 18 #ifdef __cplusplus 19 extern "C" { 20 #endif 21 22 #define PS_TAG_LEN_BYTES 16 23 #define PS_IV_LEN_BYTES 12 24 25 /* Union containing crypto policy implementations. The ref member provides the 26 * reference implementation. Further members can be added to the union to 27 * provide alternative implementations. 28 */ 29 union ps_crypto_t { 30 struct { 31 uint8_t tag[PS_TAG_LEN_BYTES]; /*!< MAC value of AEAD object */ 32 psa_storage_uid_t uid; /*!< UID for key label */ 33 int32_t client_id; /*!< Owner client ID for key label */ 34 uint8_t iv[PS_IV_LEN_BYTES]; /*!< IV value of AEAD object */ 35 #if PS_AES_KEY_USAGE_LIMIT != 0 36 uint32_t key_gen_nr; /*!< Key generation number */ 37 #endif /* PS_AES_KEY_USAGE_LIMIT != 0 */ 38 } ref; 39 }; 40 41 /** 42 * \brief Initializes the crypto engine. 43 * 44 * \return Returns values as described in \ref psa_status_t 45 */ 46 psa_status_t ps_crypto_init(void); 47 48 /** 49 * \brief Convert lengths to block count 50 * 51 * \param[in] in_len Length of the input data 52 * 53 * \return Returns number of blocks encrypted/decrypted 54 */ 55 uint32_t ps_crypto_to_blocks(size_t in_len); 56 57 /** 58 * \brief Encrypts and tags the given plaintext data. 59 * 60 * \param[in,out] crypto Pointer to the crypto union 61 * \param[in] add Pointer to the associated data 62 * \param[in] add_len Length of the associated data 63 * \param[in] in Pointer to the input data 64 * \param[in] in_len Length of the input data 65 * \param[out] out Pointer to the output buffer for encrypted data 66 * \param[in] out_size Size of the output buffer 67 * \param[out] out_len On success, the length of the output data 68 * 69 * \return Returns values as described in \ref psa_status_t 70 */ 71 psa_status_t ps_crypto_encrypt_and_tag(union ps_crypto_t *crypto, 72 const uint8_t *add, 73 size_t add_len, 74 const uint8_t *in, 75 size_t in_len, 76 uint8_t *out, 77 size_t out_size, 78 size_t *out_len); 79 80 /** 81 * \brief Decrypts and authenticates the given encrypted data. 82 * 83 * \param[in] crypto Pointer to the crypto union 84 * \param[in] add Pointer to the associated data 85 * \param[in] add_len Length of the associated data 86 * \param[in] in Pointer to the input data 87 * \param[in] in_len Length of the input data 88 * \param[out] out Pointer to the output buffer for decrypted data 89 * \param[in] out_size Size of the output buffer 90 * \param[out] out_len On success, the length of the output data 91 * 92 * \return Returns values as described in \ref psa_status_t 93 */ 94 psa_status_t ps_crypto_auth_and_decrypt(const union ps_crypto_t *crypto, 95 const uint8_t *add, 96 size_t add_len, 97 uint8_t *in, 98 size_t in_len, 99 uint8_t *out, 100 size_t out_size, 101 size_t *out_len); 102 103 /** 104 * \brief Generates authentication tag for given data. 105 * 106 * \param[in,out] crypto Pointer to the crypto union 107 * \param[in] add Pointer to the data to authenticate 108 * \param[in] add_len Length of the data to authenticate 109 * 110 * \return Returns values as described in \ref psa_status_t 111 */ 112 psa_status_t ps_crypto_generate_auth_tag(union ps_crypto_t *crypto, 113 const uint8_t *add, 114 uint32_t add_len); 115 116 /** 117 * \brief Authenticate given data against the tag. 118 * 119 * \param[in] crypto Pointer to the crypto union 120 * \param[in] add Pointer to the data to authenticate 121 * \param[in] add_len Length of the data to authenticate 122 * 123 * \return Returns values as described in \ref psa_status_t 124 */ 125 psa_status_t ps_crypto_authenticate(const union ps_crypto_t *crypto, 126 const uint8_t *add, 127 uint32_t add_len); 128 129 /** 130 * \brief Provides current IV value to crypto layer. 131 * 132 * \param[in] crypto Pointer to the crypto union 133 */ 134 void ps_crypto_set_iv(const union ps_crypto_t *crypto); 135 136 /** 137 * \brief Gets a new IV value into the crypto union. 138 * 139 * \param[out] crypto Pointer to the crypto union 140 * 141 * \return Returns values as described in \ref psa_status_t 142 */ 143 psa_status_t ps_crypto_get_iv(union ps_crypto_t *crypto); 144 145 #ifdef PS_SUPPORT_FORMAT_TRANSITION 146 /** 147 * \brief Authenticate old format data against the tag. 148 * 149 * This function will attempt to authenticate using the old 150 * non-volatile format. The intent is that it can be used 151 * to transition between formats. 152 * 153 * \param[in] crypto Pointer to the crypto union 154 * \param[in] add Pointer to the data to authenticate 155 * \param[in] add_len Length of the data to authenticate 156 * 157 * \return Returns values as described in \ref psa_status_t 158 */ 159 psa_status_t ps_crypto_authenticate_transition(const union ps_crypto_t *crypto, 160 const uint8_t *add, 161 uint32_t add_len); 162 #endif /* PS_SUPPORT_FORMAT_TRANSITION */ 163 164 #ifdef __cplusplus 165 } 166 #endif 167 168 #endif /* __PS_CRYPTO_INTERFACE_H__ */ 169