/* * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ #ifndef PACKEDC_CRYPTO_CALLER_CIPHER_H #define PACKEDC_CRYPTO_CALLER_CIPHER_H #include #include #include #include #include #include #include #include #ifdef __cplusplus extern "C" { #endif static inline psa_status_t common_cipher_setup(struct service_client *context, uint32_t *op_handle, psa_key_id_t key, psa_algorithm_t alg, uint32_t opcode) { psa_status_t psa_status = PSA_ERROR_GENERIC_ERROR; struct ts_crypto_cipher_setup_in req_msg; size_t req_len = sizeof(struct ts_crypto_cipher_setup_in); req_msg.key_id = key; req_msg.alg = alg; rpc_call_handle call_handle; uint8_t *req_buf; call_handle = rpc_caller_session_begin(context->session, &req_buf, req_len, 0); if (call_handle) { uint8_t *resp_buf; size_t resp_len; service_status_t service_status; memcpy(req_buf, &req_msg, req_len); context->rpc_status = rpc_caller_session_invoke(call_handle, opcode, &resp_buf, &resp_len, &service_status); if (context->rpc_status == RPC_SUCCESS) { psa_status = service_status; if (psa_status == PSA_SUCCESS) { if (resp_len >= sizeof(struct ts_crypto_cipher_setup_out)) { struct ts_crypto_cipher_setup_out resp_msg; memcpy(&resp_msg, resp_buf, sizeof(struct ts_crypto_cipher_setup_out)); *op_handle = resp_msg.op_handle; } else { /* Failed to decode response message */ psa_status = PSA_ERROR_GENERIC_ERROR; } } } rpc_caller_session_end(call_handle); } return psa_status; } static inline psa_status_t crypto_caller_cipher_encrypt_setup(struct service_client *context, uint32_t *op_handle, psa_key_id_t key, psa_algorithm_t alg) { return common_cipher_setup(context, op_handle, key, alg, TS_CRYPTO_OPCODE_CIPHER_ENCRYPT_SETUP); } static inline psa_status_t crypto_caller_cipher_decrypt_setup(struct service_client *context, uint32_t *op_handle, psa_key_id_t key, psa_algorithm_t alg) { return common_cipher_setup(context, op_handle, key, alg, TS_CRYPTO_OPCODE_CIPHER_DECRYPT_SETUP); } static inline psa_status_t crypto_caller_cipher_generate_iv(struct service_client *context, uint32_t op_handle, uint8_t *iv, size_t iv_size, size_t *iv_length) { psa_status_t psa_status = PSA_ERROR_GENERIC_ERROR; struct ts_crypto_cipher_generate_iv_in req_msg; size_t req_fixed_len = sizeof(struct ts_crypto_cipher_generate_iv_in); size_t req_len = req_fixed_len; *iv_length = 0; req_msg.op_handle = op_handle; rpc_call_handle call_handle; uint8_t *req_buf; call_handle = rpc_caller_session_begin(context->session, &req_buf, req_len, tlv_required_space(iv_size)); if (call_handle) { uint8_t *resp_buf; size_t resp_len; service_status_t service_status; memcpy(req_buf, &req_msg, req_fixed_len); context->rpc_status = rpc_caller_session_invoke(call_handle, TS_CRYPTO_OPCODE_CIPHER_GENERATE_IV, &resp_buf, &resp_len, &service_status); if (context->rpc_status == RPC_SUCCESS) { psa_status = service_status; if (psa_status == PSA_SUCCESS) { struct tlv_const_iterator resp_iter; struct tlv_record decoded_record; tlv_const_iterator_begin(&resp_iter, resp_buf, resp_len); if (tlv_find_decode(&resp_iter, TS_CRYPTO_CIPHER_GENERATE_IV_OUT_TAG_IV, &decoded_record)) { if (decoded_record.length <= iv_size) { memcpy(iv, decoded_record.value, decoded_record.length); *iv_length = decoded_record.length; } else { /* Provided buffer is too small */ psa_status = PSA_ERROR_BUFFER_TOO_SMALL; } } else { /* Mandatory response parameter missing */ psa_status = PSA_ERROR_GENERIC_ERROR; } } } rpc_caller_session_end(call_handle); } return psa_status; } static inline psa_status_t crypto_caller_cipher_set_iv(struct service_client *context, uint32_t op_handle, const uint8_t *iv, size_t iv_length) { psa_status_t psa_status = PSA_ERROR_GENERIC_ERROR; struct ts_crypto_cipher_set_iv_in req_msg; size_t req_fixed_len = sizeof(struct ts_crypto_cipher_set_iv_in); size_t req_len = req_fixed_len; req_msg.op_handle = op_handle; /* Mandatory input data parameter */ struct tlv_record data_record; data_record.tag = TS_CRYPTO_CIPHER_SET_IV_IN_TAG_IV; data_record.length = iv_length; data_record.value = iv; req_len += tlv_required_space(data_record.length); rpc_call_handle call_handle; uint8_t *req_buf; call_handle = rpc_caller_session_begin(context->session, &req_buf, req_len, 0); if (call_handle) { uint8_t *resp_buf; size_t resp_len; service_status_t service_status; struct tlv_iterator req_iter; memcpy(req_buf, &req_msg, req_fixed_len); tlv_iterator_begin(&req_iter, &req_buf[req_fixed_len], req_len - req_fixed_len); tlv_encode(&req_iter, &data_record); context->rpc_status = rpc_caller_session_invoke(call_handle, TS_CRYPTO_OPCODE_CIPHER_SET_IV, &resp_buf, &resp_len, &service_status); if (context->rpc_status == RPC_SUCCESS) psa_status = service_status; rpc_caller_session_end(call_handle); } return psa_status; } static inline psa_status_t crypto_caller_cipher_update(struct service_client *context, uint32_t op_handle, const uint8_t *input, size_t input_length, uint8_t *output, size_t output_size, size_t *output_length) { psa_status_t psa_status = PSA_ERROR_GENERIC_ERROR; struct ts_crypto_cipher_update_in req_msg; size_t req_fixed_len = sizeof(struct ts_crypto_cipher_update_in); size_t req_len = req_fixed_len; *output_length = 0; req_msg.op_handle = op_handle; /* Mandatory input data parameter */ struct tlv_record data_record; data_record.tag = TS_CRYPTO_CIPHER_UPDATE_IN_TAG_DATA; data_record.length = input_length; data_record.value = input; req_len += tlv_required_space(data_record.length); rpc_call_handle call_handle; uint8_t *req_buf; call_handle = rpc_caller_session_begin(context->session, &req_buf, req_len, 0); if (call_handle) { uint8_t *resp_buf; size_t resp_len; service_status_t service_status; struct tlv_iterator req_iter; memcpy(req_buf, &req_msg, req_fixed_len); tlv_iterator_begin(&req_iter, &req_buf[req_fixed_len], req_len - req_fixed_len); tlv_encode(&req_iter, &data_record); context->rpc_status = rpc_caller_session_invoke(call_handle, TS_CRYPTO_OPCODE_CIPHER_UPDATE, &resp_buf, &resp_len, &service_status); if (context->rpc_status == RPC_SUCCESS) { psa_status = service_status; if (psa_status == PSA_SUCCESS) { struct tlv_const_iterator resp_iter; struct tlv_record decoded_record; tlv_const_iterator_begin(&resp_iter, resp_buf, resp_len); if (tlv_find_decode(&resp_iter, TS_CRYPTO_CIPHER_UPDATE_OUT_TAG_DATA, &decoded_record)) { if (decoded_record.length <= output_size) { memcpy(output, decoded_record.value, decoded_record.length); *output_length = decoded_record.length; } else { /* Provided buffer is too small */ psa_status = PSA_ERROR_BUFFER_TOO_SMALL; } } else { /* Mandatory response parameter missing */ psa_status = PSA_ERROR_GENERIC_ERROR; } } } rpc_caller_session_end(call_handle); } return psa_status; } static inline psa_status_t crypto_caller_cipher_finish(struct service_client *context, uint32_t op_handle, uint8_t *output, size_t output_size, size_t *output_length) { psa_status_t psa_status = PSA_ERROR_GENERIC_ERROR; struct ts_crypto_cipher_finish_in req_msg; size_t req_fixed_len = sizeof(struct ts_crypto_cipher_finish_in); size_t req_len = req_fixed_len; *output_length = 0; req_msg.op_handle = op_handle; rpc_call_handle call_handle; uint8_t *req_buf; call_handle = rpc_caller_session_begin(context->session, &req_buf, req_len, 0); if (call_handle) { uint8_t *resp_buf; size_t resp_len; service_status_t service_status; memcpy(req_buf, &req_msg, req_fixed_len); context->rpc_status = rpc_caller_session_invoke(call_handle, TS_CRYPTO_OPCODE_CIPHER_FINISH, &resp_buf, &resp_len, &service_status); if (context->rpc_status == RPC_SUCCESS) { psa_status = service_status; if (psa_status == PSA_SUCCESS) { struct tlv_const_iterator resp_iter; struct tlv_record decoded_record; tlv_const_iterator_begin(&resp_iter, resp_buf, resp_len); if (tlv_find_decode(&resp_iter, TS_CRYPTO_CIPHER_FINISH_OUT_TAG_DATA, &decoded_record)) { if (decoded_record.length <= output_size) { memcpy(output, decoded_record.value, decoded_record.length); *output_length = decoded_record.length; } else { /* Provided buffer is too small */ psa_status = PSA_ERROR_BUFFER_TOO_SMALL; } } else { /* Mandatory response parameter missing */ psa_status = PSA_ERROR_GENERIC_ERROR; } } } rpc_caller_session_end(call_handle); } return psa_status; } static inline psa_status_t crypto_caller_cipher_abort(struct service_client *context, uint32_t op_handle) { psa_status_t psa_status = PSA_ERROR_GENERIC_ERROR; struct ts_crypto_cipher_abort_in req_msg; size_t req_fixed_len = sizeof(struct ts_crypto_cipher_abort_in); size_t req_len = req_fixed_len; req_msg.op_handle = op_handle; rpc_call_handle call_handle; uint8_t *req_buf; call_handle = rpc_caller_session_begin(context->session, &req_buf, req_len, 0); if (call_handle) { uint8_t *resp_buf; size_t resp_len; service_status_t service_status; memcpy(req_buf, &req_msg, req_fixed_len); context->rpc_status = rpc_caller_session_invoke(call_handle, TS_CRYPTO_OPCODE_CIPHER_ABORT, &resp_buf, &resp_len, &service_status); if (context->rpc_status == RPC_SUCCESS) psa_status = service_status; rpc_caller_session_end(call_handle); } return psa_status; } static inline size_t crypto_caller_cipher_max_update_size(const struct service_client *context) { /* Returns the maximum number of bytes that may be * carried as a parameter of the cipher_update operation * using the packed-c encoding. */ size_t payload_space = context->service_info.max_payload; size_t overhead = sizeof(struct ts_crypto_cipher_update_in) + TLV_HDR_LEN; /* Allow for output to be a whole number of blocks */ overhead += PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE; return (payload_space > overhead) ? payload_space - overhead : 0; } #ifdef __cplusplus } #endif #endif /* PACKEDC_CRYPTO_CALLER_CIPHER_H */