1 /*
2 * Functions to delegate cryptographic operations to an available
3 * and appropriate accelerator.
4 * Warning: This file will be auto-generated in the future.
5 */
6 /* Copyright The Mbed TLS Contributors
7 * SPDX-License-Identifier: Apache-2.0
8 *
9 * Licensed under the Apache License, Version 2.0 (the "License"); you may
10 * not use this file except in compliance with the License.
11 * You may obtain a copy of the License at
12 *
13 * http://www.apache.org/licenses/LICENSE-2.0
14 *
15 * Unless required by applicable law or agreed to in writing, software
16 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
17 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18 * See the License for the specific language governing permissions and
19 * limitations under the License.
20 */
21
22 #include "common.h"
23 #include "psa_crypto_aead.h"
24 #include "psa_crypto_cipher.h"
25 #include "psa_crypto_core.h"
26 #include "psa_crypto_driver_wrappers.h"
27 #include "psa_crypto_hash.h"
28 #include "psa_crypto_mac.h"
29
30 #include "mbedtls/platform.h"
31
32 #if defined(MBEDTLS_PSA_CRYPTO_C)
33
34 #if defined(MBEDTLS_PSA_CRYPTO_DRIVERS)
35
36 /* Include test driver definition when running tests */
37 #if defined(PSA_CRYPTO_DRIVER_TEST)
38 #ifndef PSA_CRYPTO_DRIVER_PRESENT
39 #define PSA_CRYPTO_DRIVER_PRESENT
40 #endif
41 #ifndef PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT
42 #define PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT
43 #endif
44 #include "test/drivers/test_driver.h"
45 #endif /* PSA_CRYPTO_DRIVER_TEST */
46
47 /* Repeat above block for each JSON-declared driver during autogeneration */
48 #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS */
49
50 /* Auto-generated values depending on which drivers are registered.
51 * ID 0 is reserved for unallocated operations.
52 * ID 1 is reserved for the Mbed TLS software driver. */
53 #define PSA_CRYPTO_MBED_TLS_DRIVER_ID (1)
54
55 #if defined(PSA_CRYPTO_DRIVER_TEST)
56 #define PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID (2)
57 #define PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID (3)
58 #endif /* PSA_CRYPTO_DRIVER_TEST */
59
60 /* Support the 'old' SE interface when asked to */
61 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
62 /* PSA_CRYPTO_DRIVER_PRESENT is defined when either a new-style or old-style
63 * SE driver is present, to avoid unused argument errors at compile time. */
64 #ifndef PSA_CRYPTO_DRIVER_PRESENT
65 #define PSA_CRYPTO_DRIVER_PRESENT
66 #endif
67 #include "psa_crypto_se.h"
68 #endif
69
psa_driver_wrapper_init(void)70 psa_status_t psa_driver_wrapper_init( void )
71 {
72 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
73
74 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
75 status = psa_init_all_se_drivers( );
76 if( status != PSA_SUCCESS )
77 return( status );
78 #endif
79
80 #if defined(PSA_CRYPTO_DRIVER_TEST)
81 status = mbedtls_test_transparent_init( );
82 if( status != PSA_SUCCESS )
83 return( status );
84
85 status = mbedtls_test_opaque_init( );
86 if( status != PSA_SUCCESS )
87 return( status );
88 #endif
89
90 (void) status;
91 return( PSA_SUCCESS );
92 }
93
psa_driver_wrapper_free(void)94 void psa_driver_wrapper_free( void )
95 {
96 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
97 /* Unregister all secure element drivers, so that we restart from
98 * a pristine state. */
99 psa_unregister_all_se_drivers( );
100 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
101
102 #if defined(PSA_CRYPTO_DRIVER_TEST)
103 mbedtls_test_transparent_free( );
104 mbedtls_test_opaque_free( );
105 #endif
106 }
107
108 /* Start delegation functions */
psa_driver_wrapper_sign_message(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * input,size_t input_length,uint8_t * signature,size_t signature_size,size_t * signature_length)109 psa_status_t psa_driver_wrapper_sign_message(
110 const psa_key_attributes_t *attributes,
111 const uint8_t *key_buffer,
112 size_t key_buffer_size,
113 psa_algorithm_t alg,
114 const uint8_t *input,
115 size_t input_length,
116 uint8_t *signature,
117 size_t signature_size,
118 size_t *signature_length )
119 {
120 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
121 psa_key_location_t location =
122 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
123
124 switch( location )
125 {
126 case PSA_KEY_LOCATION_LOCAL_STORAGE:
127 /* Key is stored in the slot in export representation, so
128 * cycle through all known transparent accelerators */
129 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
130 #if defined(PSA_CRYPTO_DRIVER_TEST)
131 status = mbedtls_test_transparent_signature_sign_message(
132 attributes,
133 key_buffer,
134 key_buffer_size,
135 alg,
136 input,
137 input_length,
138 signature,
139 signature_size,
140 signature_length );
141 /* Declared with fallback == true */
142 if( status != PSA_ERROR_NOT_SUPPORTED )
143 return( status );
144 #endif /* PSA_CRYPTO_DRIVER_TEST */
145 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
146 break;
147
148 /* Add cases for opaque driver here */
149 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
150 #if defined(PSA_CRYPTO_DRIVER_TEST)
151 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
152 status = mbedtls_test_opaque_signature_sign_message(
153 attributes,
154 key_buffer,
155 key_buffer_size,
156 alg,
157 input,
158 input_length,
159 signature,
160 signature_size,
161 signature_length );
162 if( status != PSA_ERROR_NOT_SUPPORTED )
163 return( status );
164 break;
165 #endif /* PSA_CRYPTO_DRIVER_TEST */
166 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
167 default:
168 /* Key is declared with a lifetime not known to us */
169 (void)status;
170 break;
171 }
172
173 return( psa_sign_message_builtin( attributes,
174 key_buffer,
175 key_buffer_size,
176 alg,
177 input,
178 input_length,
179 signature,
180 signature_size,
181 signature_length ) );
182 }
183
psa_driver_wrapper_verify_message(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * input,size_t input_length,const uint8_t * signature,size_t signature_length)184 psa_status_t psa_driver_wrapper_verify_message(
185 const psa_key_attributes_t *attributes,
186 const uint8_t *key_buffer,
187 size_t key_buffer_size,
188 psa_algorithm_t alg,
189 const uint8_t *input,
190 size_t input_length,
191 const uint8_t *signature,
192 size_t signature_length )
193 {
194 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
195 psa_key_location_t location =
196 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
197
198 switch( location )
199 {
200 case PSA_KEY_LOCATION_LOCAL_STORAGE:
201 /* Key is stored in the slot in export representation, so
202 * cycle through all known transparent accelerators */
203 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
204 #if defined(PSA_CRYPTO_DRIVER_TEST)
205 status = mbedtls_test_transparent_signature_verify_message(
206 attributes,
207 key_buffer,
208 key_buffer_size,
209 alg,
210 input,
211 input_length,
212 signature,
213 signature_length );
214 /* Declared with fallback == true */
215 if( status != PSA_ERROR_NOT_SUPPORTED )
216 return( status );
217 #endif /* PSA_CRYPTO_DRIVER_TEST */
218 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
219 break;
220
221 /* Add cases for opaque driver here */
222 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
223 #if defined(PSA_CRYPTO_DRIVER_TEST)
224 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
225 return( mbedtls_test_opaque_signature_verify_message(
226 attributes,
227 key_buffer,
228 key_buffer_size,
229 alg,
230 input,
231 input_length,
232 signature,
233 signature_length ) );
234 if( status != PSA_ERROR_NOT_SUPPORTED )
235 return( status );
236 break;
237 #endif /* PSA_CRYPTO_DRIVER_TEST */
238 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
239 default:
240 /* Key is declared with a lifetime not known to us */
241 (void)status;
242 break;
243 }
244
245 return( psa_verify_message_builtin( attributes,
246 key_buffer,
247 key_buffer_size,
248 alg,
249 input,
250 input_length,
251 signature,
252 signature_length ) );
253 }
254
psa_driver_wrapper_sign_hash(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * hash,size_t hash_length,uint8_t * signature,size_t signature_size,size_t * signature_length)255 psa_status_t psa_driver_wrapper_sign_hash(
256 const psa_key_attributes_t *attributes,
257 const uint8_t *key_buffer, size_t key_buffer_size,
258 psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
259 uint8_t *signature, size_t signature_size, size_t *signature_length )
260 {
261 /* Try dynamically-registered SE interface first */
262 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
263 const psa_drv_se_t *drv;
264 psa_drv_se_context_t *drv_context;
265
266 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
267 {
268 if( drv->asymmetric == NULL ||
269 drv->asymmetric->p_sign == NULL )
270 {
271 /* Key is defined in SE, but we have no way to exercise it */
272 return( PSA_ERROR_NOT_SUPPORTED );
273 }
274 return( drv->asymmetric->p_sign(
275 drv_context, *( (psa_key_slot_number_t *)key_buffer ),
276 alg, hash, hash_length,
277 signature, signature_size, signature_length ) );
278 }
279 #endif /* PSA_CRYPTO_SE_C */
280
281 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
282 psa_key_location_t location =
283 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
284
285 switch( location )
286 {
287 case PSA_KEY_LOCATION_LOCAL_STORAGE:
288 /* Key is stored in the slot in export representation, so
289 * cycle through all known transparent accelerators */
290 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
291 #if defined(PSA_CRYPTO_DRIVER_TEST)
292 status = mbedtls_test_transparent_signature_sign_hash( attributes,
293 key_buffer,
294 key_buffer_size,
295 alg,
296 hash,
297 hash_length,
298 signature,
299 signature_size,
300 signature_length );
301 /* Declared with fallback == true */
302 if( status != PSA_ERROR_NOT_SUPPORTED )
303 return( status );
304 #endif /* PSA_CRYPTO_DRIVER_TEST */
305 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
306 /* Fell through, meaning no accelerator supports this operation */
307 return( psa_sign_hash_builtin( attributes,
308 key_buffer,
309 key_buffer_size,
310 alg,
311 hash,
312 hash_length,
313 signature,
314 signature_size,
315 signature_length ) );
316
317 /* Add cases for opaque driver here */
318 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
319 #if defined(PSA_CRYPTO_DRIVER_TEST)
320 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
321 return( mbedtls_test_opaque_signature_sign_hash( attributes,
322 key_buffer,
323 key_buffer_size,
324 alg,
325 hash,
326 hash_length,
327 signature,
328 signature_size,
329 signature_length ) );
330 #endif /* PSA_CRYPTO_DRIVER_TEST */
331 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
332 default:
333 /* Key is declared with a lifetime not known to us */
334 (void)status;
335 return( PSA_ERROR_INVALID_ARGUMENT );
336 }
337 }
338
psa_driver_wrapper_verify_hash(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * hash,size_t hash_length,const uint8_t * signature,size_t signature_length)339 psa_status_t psa_driver_wrapper_verify_hash(
340 const psa_key_attributes_t *attributes,
341 const uint8_t *key_buffer, size_t key_buffer_size,
342 psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
343 const uint8_t *signature, size_t signature_length )
344 {
345 /* Try dynamically-registered SE interface first */
346 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
347 const psa_drv_se_t *drv;
348 psa_drv_se_context_t *drv_context;
349
350 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
351 {
352 if( drv->asymmetric == NULL ||
353 drv->asymmetric->p_verify == NULL )
354 {
355 /* Key is defined in SE, but we have no way to exercise it */
356 return( PSA_ERROR_NOT_SUPPORTED );
357 }
358 return( drv->asymmetric->p_verify(
359 drv_context, *( (psa_key_slot_number_t *)key_buffer ),
360 alg, hash, hash_length,
361 signature, signature_length ) );
362 }
363 #endif /* PSA_CRYPTO_SE_C */
364
365 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
366 psa_key_location_t location =
367 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
368
369 switch( location )
370 {
371 case PSA_KEY_LOCATION_LOCAL_STORAGE:
372 /* Key is stored in the slot in export representation, so
373 * cycle through all known transparent accelerators */
374 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
375 #if defined(PSA_CRYPTO_DRIVER_TEST)
376 status = mbedtls_test_transparent_signature_verify_hash(
377 attributes,
378 key_buffer,
379 key_buffer_size,
380 alg,
381 hash,
382 hash_length,
383 signature,
384 signature_length );
385 /* Declared with fallback == true */
386 if( status != PSA_ERROR_NOT_SUPPORTED )
387 return( status );
388 #endif /* PSA_CRYPTO_DRIVER_TEST */
389 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
390
391 return( psa_verify_hash_builtin( attributes,
392 key_buffer,
393 key_buffer_size,
394 alg,
395 hash,
396 hash_length,
397 signature,
398 signature_length ) );
399
400 /* Add cases for opaque driver here */
401 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
402 #if defined(PSA_CRYPTO_DRIVER_TEST)
403 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
404 return( mbedtls_test_opaque_signature_verify_hash( attributes,
405 key_buffer,
406 key_buffer_size,
407 alg,
408 hash,
409 hash_length,
410 signature,
411 signature_length ) );
412 #endif /* PSA_CRYPTO_DRIVER_TEST */
413 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
414 default:
415 /* Key is declared with a lifetime not known to us */
416 (void)status;
417 return( PSA_ERROR_INVALID_ARGUMENT );
418 }
419 }
420
421 /** Calculate the key buffer size required to store the key material of a key
422 * associated with an opaque driver from input key data.
423 *
424 * \param[in] attributes The key attributes
425 * \param[in] data The input key data.
426 * \param[in] data_length The input data length.
427 * \param[out] key_buffer_size Minimum buffer size to contain the key material.
428 *
429 * \retval #PSA_SUCCESS
430 * \retval #PSA_ERROR_INVALID_ARGUMENT
431 * \retval #PSA_ERROR_NOT_SUPPORTED
432 */
psa_driver_wrapper_get_key_buffer_size_from_key_data(const psa_key_attributes_t * attributes,const uint8_t * data,size_t data_length,size_t * key_buffer_size)433 psa_status_t psa_driver_wrapper_get_key_buffer_size_from_key_data(
434 const psa_key_attributes_t *attributes,
435 const uint8_t *data,
436 size_t data_length,
437 size_t *key_buffer_size )
438 {
439 psa_key_location_t location =
440 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
441 psa_key_type_t key_type = attributes->core.type;
442
443 *key_buffer_size = 0;
444 switch( location )
445 {
446 #if defined(PSA_CRYPTO_DRIVER_TEST)
447 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
448 *key_buffer_size = mbedtls_test_opaque_size_function( key_type,
449 PSA_BYTES_TO_BITS( data_length ) );
450 return( ( *key_buffer_size != 0 ) ?
451 PSA_SUCCESS : PSA_ERROR_NOT_SUPPORTED );
452 #endif /* PSA_CRYPTO_DRIVER_TEST */
453
454 default:
455 (void)key_type;
456 (void)data;
457 (void)data_length;
458 return( PSA_ERROR_INVALID_ARGUMENT );
459 }
460 }
461
462 /** Get the key buffer size required to store the key material of a key
463 * associated with an opaque driver.
464 *
465 * \param[in] attributes The key attributes.
466 * \param[out] key_buffer_size Minimum buffer size to contain the key material
467 *
468 * \retval #PSA_SUCCESS
469 * The minimum size for a buffer to contain the key material has been
470 * returned successfully.
471 * \retval #PSA_ERROR_NOT_SUPPORTED
472 * The type and/or the size in bits of the key or the combination of
473 * the two is not supported.
474 * \retval #PSA_ERROR_INVALID_ARGUMENT
475 * The key is declared with a lifetime not known to us.
476 */
psa_driver_wrapper_get_key_buffer_size(const psa_key_attributes_t * attributes,size_t * key_buffer_size)477 psa_status_t psa_driver_wrapper_get_key_buffer_size(
478 const psa_key_attributes_t *attributes,
479 size_t *key_buffer_size )
480 {
481 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
482 psa_key_type_t key_type = attributes->core.type;
483 size_t key_bits = attributes->core.bits;
484
485 *key_buffer_size = 0;
486 switch( location )
487 {
488 #if defined(PSA_CRYPTO_DRIVER_TEST)
489 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
490 #if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
491 /* Emulate property 'builtin_key_size' */
492 if( psa_key_id_is_builtin(
493 MBEDTLS_SVC_KEY_ID_GET_KEY_ID(
494 psa_get_key_id( attributes ) ) ) )
495 {
496 *key_buffer_size = sizeof( psa_drv_slot_number_t );
497 return( PSA_SUCCESS );
498 }
499 #endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
500 *key_buffer_size = mbedtls_test_opaque_size_function( key_type,
501 key_bits );
502 return( ( *key_buffer_size != 0 ) ?
503 PSA_SUCCESS : PSA_ERROR_NOT_SUPPORTED );
504 #endif /* PSA_CRYPTO_DRIVER_TEST */
505
506 default:
507 (void)key_type;
508 (void)key_bits;
509 return( PSA_ERROR_INVALID_ARGUMENT );
510 }
511 }
512
psa_driver_wrapper_generate_key(const psa_key_attributes_t * attributes,uint8_t * key_buffer,size_t key_buffer_size,size_t * key_buffer_length)513 psa_status_t psa_driver_wrapper_generate_key(
514 const psa_key_attributes_t *attributes,
515 uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
516 {
517 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
518 psa_key_location_t location =
519 PSA_KEY_LIFETIME_GET_LOCATION(attributes->core.lifetime);
520
521 /* Try dynamically-registered SE interface first */
522 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
523 const psa_drv_se_t *drv;
524 psa_drv_se_context_t *drv_context;
525
526 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
527 {
528 size_t pubkey_length = 0; /* We don't support this feature yet */
529 if( drv->key_management == NULL ||
530 drv->key_management->p_generate == NULL )
531 {
532 /* Key is defined as being in SE, but we have no way to generate it */
533 return( PSA_ERROR_NOT_SUPPORTED );
534 }
535 return( drv->key_management->p_generate(
536 drv_context,
537 *( (psa_key_slot_number_t *)key_buffer ),
538 attributes, NULL, 0, &pubkey_length ) );
539 }
540 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
541
542 switch( location )
543 {
544 case PSA_KEY_LOCATION_LOCAL_STORAGE:
545 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
546 /* Transparent drivers are limited to generating asymmetric keys */
547 if( PSA_KEY_TYPE_IS_ASYMMETRIC( attributes->core.type ) )
548 {
549 /* Cycle through all known transparent accelerators */
550 #if defined(PSA_CRYPTO_DRIVER_TEST)
551 status = mbedtls_test_transparent_generate_key(
552 attributes, key_buffer, key_buffer_size,
553 key_buffer_length );
554 /* Declared with fallback == true */
555 if( status != PSA_ERROR_NOT_SUPPORTED )
556 break;
557 #endif /* PSA_CRYPTO_DRIVER_TEST */
558 }
559 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
560
561 /* Software fallback */
562 status = psa_generate_key_internal(
563 attributes, key_buffer, key_buffer_size, key_buffer_length );
564 break;
565
566 /* Add cases for opaque driver here */
567 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
568 #if defined(PSA_CRYPTO_DRIVER_TEST)
569 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
570 status = mbedtls_test_opaque_generate_key(
571 attributes, key_buffer, key_buffer_size, key_buffer_length );
572 break;
573 #endif /* PSA_CRYPTO_DRIVER_TEST */
574 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
575
576 default:
577 /* Key is declared with a lifetime not known to us */
578 status = PSA_ERROR_INVALID_ARGUMENT;
579 break;
580 }
581
582 return( status );
583 }
584
psa_driver_wrapper_import_key(const psa_key_attributes_t * attributes,const uint8_t * data,size_t data_length,uint8_t * key_buffer,size_t key_buffer_size,size_t * key_buffer_length,size_t * bits)585 psa_status_t psa_driver_wrapper_import_key(
586 const psa_key_attributes_t *attributes,
587 const uint8_t *data,
588 size_t data_length,
589 uint8_t *key_buffer,
590 size_t key_buffer_size,
591 size_t *key_buffer_length,
592 size_t *bits )
593 {
594 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
595 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
596 psa_get_key_lifetime( attributes ) );
597
598 /* Try dynamically-registered SE interface first */
599 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
600 const psa_drv_se_t *drv;
601 psa_drv_se_context_t *drv_context;
602
603 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
604 {
605 if( drv->key_management == NULL ||
606 drv->key_management->p_import == NULL )
607 return( PSA_ERROR_NOT_SUPPORTED );
608
609 /* The driver should set the number of key bits, however in
610 * case it doesn't, we initialize bits to an invalid value. */
611 *bits = PSA_MAX_KEY_BITS + 1;
612 status = drv->key_management->p_import(
613 drv_context,
614 *( (psa_key_slot_number_t *)key_buffer ),
615 attributes, data, data_length, bits );
616
617 if( status != PSA_SUCCESS )
618 return( status );
619
620 if( (*bits) > PSA_MAX_KEY_BITS )
621 return( PSA_ERROR_NOT_SUPPORTED );
622
623 return( PSA_SUCCESS );
624 }
625 #endif /* PSA_CRYPTO_SE_C */
626
627 switch( location )
628 {
629 case PSA_KEY_LOCATION_LOCAL_STORAGE:
630 /* Key is stored in the slot in export representation, so
631 * cycle through all known transparent accelerators */
632 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
633 #if defined(PSA_CRYPTO_DRIVER_TEST)
634 status = mbedtls_test_transparent_import_key(
635 attributes,
636 data, data_length,
637 key_buffer, key_buffer_size,
638 key_buffer_length, bits );
639 /* Declared with fallback == true */
640 if( status != PSA_ERROR_NOT_SUPPORTED )
641 return( status );
642 #endif /* PSA_CRYPTO_DRIVER_TEST */
643 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
644 /* Fell through, meaning no accelerator supports this operation */
645 return( psa_import_key_into_slot( attributes,
646 data, data_length,
647 key_buffer, key_buffer_size,
648 key_buffer_length, bits ) );
649 /* Add cases for opaque driver here */
650 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
651 #if defined(PSA_CRYPTO_DRIVER_TEST)
652 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
653 return( mbedtls_test_opaque_import_key(
654 attributes,
655 data, data_length,
656 key_buffer, key_buffer_size,
657 key_buffer_length, bits ) );
658 #endif /* PSA_CRYPTO_DRIVER_TEST */
659 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
660 default:
661 (void)status;
662 return( PSA_ERROR_INVALID_ARGUMENT );
663 }
664
665 }
666
psa_driver_wrapper_export_key(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,uint8_t * data,size_t data_size,size_t * data_length)667 psa_status_t psa_driver_wrapper_export_key(
668 const psa_key_attributes_t *attributes,
669 const uint8_t *key_buffer, size_t key_buffer_size,
670 uint8_t *data, size_t data_size, size_t *data_length )
671
672 {
673 psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
674 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
675 psa_get_key_lifetime( attributes ) );
676
677 /* Try dynamically-registered SE interface first */
678 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
679 const psa_drv_se_t *drv;
680 psa_drv_se_context_t *drv_context;
681
682 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
683 {
684 if( ( drv->key_management == NULL ) ||
685 ( drv->key_management->p_export == NULL ) )
686 {
687 return( PSA_ERROR_NOT_SUPPORTED );
688 }
689
690 return( drv->key_management->p_export(
691 drv_context,
692 *( (psa_key_slot_number_t *)key_buffer ),
693 data, data_size, data_length ) );
694 }
695 #endif /* PSA_CRYPTO_SE_C */
696
697 switch( location )
698 {
699 case PSA_KEY_LOCATION_LOCAL_STORAGE:
700 return( psa_export_key_internal( attributes,
701 key_buffer,
702 key_buffer_size,
703 data,
704 data_size,
705 data_length ) );
706
707 /* Add cases for opaque driver here */
708 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
709 #if defined(PSA_CRYPTO_DRIVER_TEST)
710 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
711 return( mbedtls_test_opaque_export_key( attributes,
712 key_buffer,
713 key_buffer_size,
714 data,
715 data_size,
716 data_length ) );
717 #endif /* PSA_CRYPTO_DRIVER_TEST */
718 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
719 default:
720 /* Key is declared with a lifetime not known to us */
721 return( status );
722 }
723 }
724
psa_driver_wrapper_export_public_key(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,uint8_t * data,size_t data_size,size_t * data_length)725 psa_status_t psa_driver_wrapper_export_public_key(
726 const psa_key_attributes_t *attributes,
727 const uint8_t *key_buffer, size_t key_buffer_size,
728 uint8_t *data, size_t data_size, size_t *data_length )
729
730 {
731 psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
732 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
733 psa_get_key_lifetime( attributes ) );
734
735 /* Try dynamically-registered SE interface first */
736 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
737 const psa_drv_se_t *drv;
738 psa_drv_se_context_t *drv_context;
739
740 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
741 {
742 if( ( drv->key_management == NULL ) ||
743 ( drv->key_management->p_export_public == NULL ) )
744 {
745 return( PSA_ERROR_NOT_SUPPORTED );
746 }
747
748 return( drv->key_management->p_export_public(
749 drv_context,
750 *( (psa_key_slot_number_t *)key_buffer ),
751 data, data_size, data_length ) );
752 }
753 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
754
755 switch( location )
756 {
757 case PSA_KEY_LOCATION_LOCAL_STORAGE:
758 /* Key is stored in the slot in export representation, so
759 * cycle through all known transparent accelerators */
760 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
761 #if defined(PSA_CRYPTO_DRIVER_TEST)
762 status = mbedtls_test_transparent_export_public_key(
763 attributes,
764 key_buffer,
765 key_buffer_size,
766 data,
767 data_size,
768 data_length );
769 /* Declared with fallback == true */
770 if( status != PSA_ERROR_NOT_SUPPORTED )
771 return( status );
772 #endif /* PSA_CRYPTO_DRIVER_TEST */
773 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
774 /* Fell through, meaning no accelerator supports this operation */
775 return( psa_export_public_key_internal( attributes,
776 key_buffer,
777 key_buffer_size,
778 data,
779 data_size,
780 data_length ) );
781
782 /* Add cases for opaque driver here */
783 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
784 #if defined(PSA_CRYPTO_DRIVER_TEST)
785 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
786 return( mbedtls_test_opaque_export_public_key( attributes,
787 key_buffer,
788 key_buffer_size,
789 data,
790 data_size,
791 data_length ) );
792 #endif /* PSA_CRYPTO_DRIVER_TEST */
793 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
794 default:
795 /* Key is declared with a lifetime not known to us */
796 return( status );
797 }
798 }
799
psa_driver_wrapper_get_builtin_key(psa_drv_slot_number_t slot_number,psa_key_attributes_t * attributes,uint8_t * key_buffer,size_t key_buffer_size,size_t * key_buffer_length)800 psa_status_t psa_driver_wrapper_get_builtin_key(
801 psa_drv_slot_number_t slot_number,
802 psa_key_attributes_t *attributes,
803 uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
804 {
805 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
806 switch( location )
807 {
808 #if defined(PSA_CRYPTO_DRIVER_TEST)
809 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
810 return( mbedtls_test_opaque_get_builtin_key(
811 slot_number,
812 attributes,
813 key_buffer, key_buffer_size, key_buffer_length ) );
814 #endif /* PSA_CRYPTO_DRIVER_TEST */
815 default:
816 (void) slot_number;
817 (void) key_buffer;
818 (void) key_buffer_size;
819 (void) key_buffer_length;
820 return( PSA_ERROR_DOES_NOT_EXIST );
821 }
822 }
823
psa_driver_wrapper_copy_key(psa_key_attributes_t * attributes,const uint8_t * source_key,size_t source_key_length,uint8_t * target_key_buffer,size_t target_key_buffer_size,size_t * target_key_buffer_length)824 psa_status_t psa_driver_wrapper_copy_key(
825 psa_key_attributes_t *attributes,
826 const uint8_t *source_key, size_t source_key_length,
827 uint8_t *target_key_buffer, size_t target_key_buffer_size,
828 size_t *target_key_buffer_length )
829 {
830 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
831 psa_key_location_t location =
832 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
833
834 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
835 const psa_drv_se_t *drv;
836 psa_drv_se_context_t *drv_context;
837
838 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
839 {
840 /* Copying to a secure element is not implemented yet. */
841 return( PSA_ERROR_NOT_SUPPORTED );
842 }
843 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
844
845 switch( location )
846 {
847 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
848 #if defined(PSA_CRYPTO_DRIVER_TEST)
849 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
850 return( mbedtls_test_opaque_copy_key( attributes, source_key,
851 source_key_length,
852 target_key_buffer,
853 target_key_buffer_size,
854 target_key_buffer_length) );
855 #endif /* PSA_CRYPTO_DRIVER_TEST */
856 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
857 default:
858 (void)source_key;
859 (void)source_key_length;
860 (void)target_key_buffer;
861 (void)target_key_buffer_size;
862 (void)target_key_buffer_length;
863 status = PSA_ERROR_INVALID_ARGUMENT;
864 }
865 return( status );
866 }
867
868 /*
869 * Cipher functions
870 */
psa_driver_wrapper_cipher_encrypt(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * iv,size_t iv_length,const uint8_t * input,size_t input_length,uint8_t * output,size_t output_size,size_t * output_length)871 psa_status_t psa_driver_wrapper_cipher_encrypt(
872 const psa_key_attributes_t *attributes,
873 const uint8_t *key_buffer,
874 size_t key_buffer_size,
875 psa_algorithm_t alg,
876 const uint8_t *iv,
877 size_t iv_length,
878 const uint8_t *input,
879 size_t input_length,
880 uint8_t *output,
881 size_t output_size,
882 size_t *output_length )
883 {
884 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
885 psa_key_location_t location =
886 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
887
888 switch( location )
889 {
890 case PSA_KEY_LOCATION_LOCAL_STORAGE:
891 /* Key is stored in the slot in export representation, so
892 * cycle through all known transparent accelerators */
893 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
894 #if defined(PSA_CRYPTO_DRIVER_TEST)
895 status = mbedtls_test_transparent_cipher_encrypt( attributes,
896 key_buffer,
897 key_buffer_size,
898 alg,
899 iv,
900 iv_length,
901 input,
902 input_length,
903 output,
904 output_size,
905 output_length );
906 /* Declared with fallback == true */
907 if( status != PSA_ERROR_NOT_SUPPORTED )
908 return( status );
909 #endif /* PSA_CRYPTO_DRIVER_TEST */
910 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
911
912 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
913 return( mbedtls_psa_cipher_encrypt( attributes,
914 key_buffer,
915 key_buffer_size,
916 alg,
917 iv,
918 iv_length,
919 input,
920 input_length,
921 output,
922 output_size,
923 output_length ) );
924 #else
925 return( PSA_ERROR_NOT_SUPPORTED );
926 #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
927
928 /* Add cases for opaque driver here */
929 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
930 #if defined(PSA_CRYPTO_DRIVER_TEST)
931 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
932 return( mbedtls_test_opaque_cipher_encrypt( attributes,
933 key_buffer,
934 key_buffer_size,
935 alg,
936 iv,
937 iv_length,
938 input,
939 input_length,
940 output,
941 output_size,
942 output_length ) );
943 #endif /* PSA_CRYPTO_DRIVER_TEST */
944 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
945
946 default:
947 /* Key is declared with a lifetime not known to us */
948 (void)status;
949 (void)key_buffer;
950 (void)key_buffer_size;
951 (void)alg;
952 (void)iv;
953 (void)iv_length;
954 (void)input;
955 (void)input_length;
956 (void)output;
957 (void)output_size;
958 (void)output_length;
959 return( PSA_ERROR_INVALID_ARGUMENT );
960 }
961 }
962
psa_driver_wrapper_cipher_decrypt(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * input,size_t input_length,uint8_t * output,size_t output_size,size_t * output_length)963 psa_status_t psa_driver_wrapper_cipher_decrypt(
964 const psa_key_attributes_t *attributes,
965 const uint8_t *key_buffer,
966 size_t key_buffer_size,
967 psa_algorithm_t alg,
968 const uint8_t *input,
969 size_t input_length,
970 uint8_t *output,
971 size_t output_size,
972 size_t *output_length )
973 {
974 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
975 psa_key_location_t location =
976 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
977
978 switch( location )
979 {
980 case PSA_KEY_LOCATION_LOCAL_STORAGE:
981 /* Key is stored in the slot in export representation, so
982 * cycle through all known transparent accelerators */
983 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
984 #if defined(PSA_CRYPTO_DRIVER_TEST)
985 status = mbedtls_test_transparent_cipher_decrypt( attributes,
986 key_buffer,
987 key_buffer_size,
988 alg,
989 input,
990 input_length,
991 output,
992 output_size,
993 output_length );
994 /* Declared with fallback == true */
995 if( status != PSA_ERROR_NOT_SUPPORTED )
996 return( status );
997 #endif /* PSA_CRYPTO_DRIVER_TEST */
998 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
999
1000 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1001 return( mbedtls_psa_cipher_decrypt( attributes,
1002 key_buffer,
1003 key_buffer_size,
1004 alg,
1005 input,
1006 input_length,
1007 output,
1008 output_size,
1009 output_length ) );
1010 #else
1011 return( PSA_ERROR_NOT_SUPPORTED );
1012 #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1013
1014 /* Add cases for opaque driver here */
1015 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1016 #if defined(PSA_CRYPTO_DRIVER_TEST)
1017 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
1018 return( mbedtls_test_opaque_cipher_decrypt( attributes,
1019 key_buffer,
1020 key_buffer_size,
1021 alg,
1022 input,
1023 input_length,
1024 output,
1025 output_size,
1026 output_length ) );
1027 #endif /* PSA_CRYPTO_DRIVER_TEST */
1028 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1029
1030 default:
1031 /* Key is declared with a lifetime not known to us */
1032 (void)status;
1033 (void)key_buffer;
1034 (void)key_buffer_size;
1035 (void)alg;
1036 (void)input;
1037 (void)input_length;
1038 (void)output;
1039 (void)output_size;
1040 (void)output_length;
1041 return( PSA_ERROR_INVALID_ARGUMENT );
1042 }
1043 }
1044
psa_driver_wrapper_cipher_encrypt_setup(psa_cipher_operation_t * operation,const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg)1045 psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
1046 psa_cipher_operation_t *operation,
1047 const psa_key_attributes_t *attributes,
1048 const uint8_t *key_buffer, size_t key_buffer_size,
1049 psa_algorithm_t alg )
1050 {
1051 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1052 psa_key_location_t location =
1053 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1054
1055 switch( location )
1056 {
1057 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1058 /* Key is stored in the slot in export representation, so
1059 * cycle through all known transparent accelerators */
1060 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1061 #if defined(PSA_CRYPTO_DRIVER_TEST)
1062 status = mbedtls_test_transparent_cipher_encrypt_setup(
1063 &operation->ctx.transparent_test_driver_ctx,
1064 attributes,
1065 key_buffer,
1066 key_buffer_size,
1067 alg );
1068 /* Declared with fallback == true */
1069 if( status == PSA_SUCCESS )
1070 operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
1071
1072 if( status != PSA_ERROR_NOT_SUPPORTED )
1073 return( status );
1074 #endif /* PSA_CRYPTO_DRIVER_TEST */
1075 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1076 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1077 /* Fell through, meaning no accelerator supports this operation */
1078 status = mbedtls_psa_cipher_encrypt_setup( &operation->ctx.mbedtls_ctx,
1079 attributes,
1080 key_buffer,
1081 key_buffer_size,
1082 alg );
1083 if( status == PSA_SUCCESS )
1084 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1085
1086 if( status != PSA_ERROR_NOT_SUPPORTED )
1087 return( status );
1088 #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1089 return( PSA_ERROR_NOT_SUPPORTED );
1090
1091 /* Add cases for opaque driver here */
1092 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1093 #if defined(PSA_CRYPTO_DRIVER_TEST)
1094 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
1095 status = mbedtls_test_opaque_cipher_encrypt_setup(
1096 &operation->ctx.opaque_test_driver_ctx,
1097 attributes,
1098 key_buffer, key_buffer_size,
1099 alg );
1100
1101 if( status == PSA_SUCCESS )
1102 operation->id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID;
1103
1104 return( status );
1105 #endif /* PSA_CRYPTO_DRIVER_TEST */
1106 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1107 default:
1108 /* Key is declared with a lifetime not known to us */
1109 (void)status;
1110 (void)operation;
1111 (void)key_buffer;
1112 (void)key_buffer_size;
1113 (void)alg;
1114 return( PSA_ERROR_INVALID_ARGUMENT );
1115 }
1116 }
1117
psa_driver_wrapper_cipher_decrypt_setup(psa_cipher_operation_t * operation,const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg)1118 psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
1119 psa_cipher_operation_t *operation,
1120 const psa_key_attributes_t *attributes,
1121 const uint8_t *key_buffer, size_t key_buffer_size,
1122 psa_algorithm_t alg )
1123 {
1124 psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
1125 psa_key_location_t location =
1126 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1127
1128 switch( location )
1129 {
1130 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1131 /* Key is stored in the slot in export representation, so
1132 * cycle through all known transparent accelerators */
1133 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1134 #if defined(PSA_CRYPTO_DRIVER_TEST)
1135 status = mbedtls_test_transparent_cipher_decrypt_setup(
1136 &operation->ctx.transparent_test_driver_ctx,
1137 attributes,
1138 key_buffer,
1139 key_buffer_size,
1140 alg );
1141 /* Declared with fallback == true */
1142 if( status == PSA_SUCCESS )
1143 operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
1144
1145 if( status != PSA_ERROR_NOT_SUPPORTED )
1146 return( status );
1147 #endif /* PSA_CRYPTO_DRIVER_TEST */
1148 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1149 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1150 /* Fell through, meaning no accelerator supports this operation */
1151 status = mbedtls_psa_cipher_decrypt_setup( &operation->ctx.mbedtls_ctx,
1152 attributes,
1153 key_buffer,
1154 key_buffer_size,
1155 alg );
1156 if( status == PSA_SUCCESS )
1157 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1158
1159 return( status );
1160 #else /* MBEDTLS_PSA_BUILTIN_CIPHER */
1161 return( PSA_ERROR_NOT_SUPPORTED );
1162 #endif
1163 /* Add cases for opaque driver here */
1164 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1165 #if defined(PSA_CRYPTO_DRIVER_TEST)
1166 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
1167 status = mbedtls_test_opaque_cipher_decrypt_setup(
1168 &operation->ctx.opaque_test_driver_ctx,
1169 attributes,
1170 key_buffer, key_buffer_size,
1171 alg );
1172
1173 if( status == PSA_SUCCESS )
1174 operation->id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID;
1175
1176 return( status );
1177 #endif /* PSA_CRYPTO_DRIVER_TEST */
1178 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1179 default:
1180 /* Key is declared with a lifetime not known to us */
1181 (void)status;
1182 (void)operation;
1183 (void)key_buffer;
1184 (void)key_buffer_size;
1185 (void)alg;
1186 return( PSA_ERROR_INVALID_ARGUMENT );
1187 }
1188 }
1189
psa_driver_wrapper_cipher_set_iv(psa_cipher_operation_t * operation,const uint8_t * iv,size_t iv_length)1190 psa_status_t psa_driver_wrapper_cipher_set_iv(
1191 psa_cipher_operation_t *operation,
1192 const uint8_t *iv,
1193 size_t iv_length )
1194 {
1195 switch( operation->id )
1196 {
1197 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1198 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1199 return( mbedtls_psa_cipher_set_iv( &operation->ctx.mbedtls_ctx,
1200 iv,
1201 iv_length ) );
1202 #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1203
1204 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1205 #if defined(PSA_CRYPTO_DRIVER_TEST)
1206 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
1207 return( mbedtls_test_transparent_cipher_set_iv(
1208 &operation->ctx.transparent_test_driver_ctx,
1209 iv, iv_length ) );
1210
1211 case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
1212 return( mbedtls_test_opaque_cipher_set_iv(
1213 &operation->ctx.opaque_test_driver_ctx,
1214 iv, iv_length ) );
1215 #endif /* PSA_CRYPTO_DRIVER_TEST */
1216 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1217 }
1218
1219 (void)iv;
1220 (void)iv_length;
1221
1222 return( PSA_ERROR_INVALID_ARGUMENT );
1223 }
1224
psa_driver_wrapper_cipher_update(psa_cipher_operation_t * operation,const uint8_t * input,size_t input_length,uint8_t * output,size_t output_size,size_t * output_length)1225 psa_status_t psa_driver_wrapper_cipher_update(
1226 psa_cipher_operation_t *operation,
1227 const uint8_t *input,
1228 size_t input_length,
1229 uint8_t *output,
1230 size_t output_size,
1231 size_t *output_length )
1232 {
1233 switch( operation->id )
1234 {
1235 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1236 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1237 return( mbedtls_psa_cipher_update( &operation->ctx.mbedtls_ctx,
1238 input,
1239 input_length,
1240 output,
1241 output_size,
1242 output_length ) );
1243 #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1244
1245 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1246 #if defined(PSA_CRYPTO_DRIVER_TEST)
1247 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
1248 return( mbedtls_test_transparent_cipher_update(
1249 &operation->ctx.transparent_test_driver_ctx,
1250 input, input_length,
1251 output, output_size, output_length ) );
1252
1253 case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
1254 return( mbedtls_test_opaque_cipher_update(
1255 &operation->ctx.opaque_test_driver_ctx,
1256 input, input_length,
1257 output, output_size, output_length ) );
1258 #endif /* PSA_CRYPTO_DRIVER_TEST */
1259 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1260 }
1261
1262 (void)input;
1263 (void)input_length;
1264 (void)output;
1265 (void)output_size;
1266 (void)output_length;
1267
1268 return( PSA_ERROR_INVALID_ARGUMENT );
1269 }
1270
psa_driver_wrapper_cipher_finish(psa_cipher_operation_t * operation,uint8_t * output,size_t output_size,size_t * output_length)1271 psa_status_t psa_driver_wrapper_cipher_finish(
1272 psa_cipher_operation_t *operation,
1273 uint8_t *output,
1274 size_t output_size,
1275 size_t *output_length )
1276 {
1277 switch( operation->id )
1278 {
1279 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1280 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1281 return( mbedtls_psa_cipher_finish( &operation->ctx.mbedtls_ctx,
1282 output,
1283 output_size,
1284 output_length ) );
1285 #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1286
1287 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1288 #if defined(PSA_CRYPTO_DRIVER_TEST)
1289 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
1290 return( mbedtls_test_transparent_cipher_finish(
1291 &operation->ctx.transparent_test_driver_ctx,
1292 output, output_size, output_length ) );
1293
1294 case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
1295 return( mbedtls_test_opaque_cipher_finish(
1296 &operation->ctx.opaque_test_driver_ctx,
1297 output, output_size, output_length ) );
1298 #endif /* PSA_CRYPTO_DRIVER_TEST */
1299 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1300 }
1301
1302 (void)output;
1303 (void)output_size;
1304 (void)output_length;
1305
1306 return( PSA_ERROR_INVALID_ARGUMENT );
1307 }
1308
psa_driver_wrapper_cipher_abort(psa_cipher_operation_t * operation)1309 psa_status_t psa_driver_wrapper_cipher_abort(
1310 psa_cipher_operation_t *operation )
1311 {
1312 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1313
1314 switch( operation->id )
1315 {
1316 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1317 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1318 return( mbedtls_psa_cipher_abort( &operation->ctx.mbedtls_ctx ) );
1319 #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1320
1321 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1322 #if defined(PSA_CRYPTO_DRIVER_TEST)
1323 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
1324 status = mbedtls_test_transparent_cipher_abort(
1325 &operation->ctx.transparent_test_driver_ctx );
1326 mbedtls_platform_zeroize(
1327 &operation->ctx.transparent_test_driver_ctx,
1328 sizeof( operation->ctx.transparent_test_driver_ctx ) );
1329 return( status );
1330
1331 case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
1332 status = mbedtls_test_opaque_cipher_abort(
1333 &operation->ctx.opaque_test_driver_ctx );
1334 mbedtls_platform_zeroize(
1335 &operation->ctx.opaque_test_driver_ctx,
1336 sizeof( operation->ctx.opaque_test_driver_ctx ) );
1337 return( status );
1338 #endif /* PSA_CRYPTO_DRIVER_TEST */
1339 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1340 }
1341
1342 (void)status;
1343 return( PSA_ERROR_INVALID_ARGUMENT );
1344 }
1345
1346 /*
1347 * Hashing functions
1348 */
psa_driver_wrapper_hash_compute(psa_algorithm_t alg,const uint8_t * input,size_t input_length,uint8_t * hash,size_t hash_size,size_t * hash_length)1349 psa_status_t psa_driver_wrapper_hash_compute(
1350 psa_algorithm_t alg,
1351 const uint8_t *input,
1352 size_t input_length,
1353 uint8_t *hash,
1354 size_t hash_size,
1355 size_t *hash_length)
1356 {
1357 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1358
1359 /* Try accelerators first */
1360 #if defined(PSA_CRYPTO_DRIVER_TEST)
1361 status = mbedtls_test_transparent_hash_compute(
1362 alg, input, input_length, hash, hash_size, hash_length );
1363 if( status != PSA_ERROR_NOT_SUPPORTED )
1364 return( status );
1365 #endif
1366
1367 /* If software fallback is compiled in, try fallback */
1368 #if defined(MBEDTLS_PSA_BUILTIN_HASH)
1369 status = mbedtls_psa_hash_compute( alg, input, input_length,
1370 hash, hash_size, hash_length );
1371 if( status != PSA_ERROR_NOT_SUPPORTED )
1372 return( status );
1373 #endif
1374 (void) status;
1375 (void) alg;
1376 (void) input;
1377 (void) input_length;
1378 (void) hash;
1379 (void) hash_size;
1380 (void) hash_length;
1381
1382 return( PSA_ERROR_NOT_SUPPORTED );
1383 }
1384
psa_driver_wrapper_hash_setup(psa_hash_operation_t * operation,psa_algorithm_t alg)1385 psa_status_t psa_driver_wrapper_hash_setup(
1386 psa_hash_operation_t *operation,
1387 psa_algorithm_t alg )
1388 {
1389 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1390
1391 /* Try setup on accelerators first */
1392 #if defined(PSA_CRYPTO_DRIVER_TEST)
1393 status = mbedtls_test_transparent_hash_setup(
1394 &operation->ctx.test_driver_ctx, alg );
1395 if( status == PSA_SUCCESS )
1396 operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
1397
1398 if( status != PSA_ERROR_NOT_SUPPORTED )
1399 return( status );
1400 #endif
1401
1402 /* If software fallback is compiled in, try fallback */
1403 #if defined(MBEDTLS_PSA_BUILTIN_HASH)
1404 status = mbedtls_psa_hash_setup( &operation->ctx.mbedtls_ctx, alg );
1405 if( status == PSA_SUCCESS )
1406 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1407
1408 if( status != PSA_ERROR_NOT_SUPPORTED )
1409 return( status );
1410 #endif
1411 /* Nothing left to try if we fall through here */
1412 (void) status;
1413 (void) operation;
1414 (void) alg;
1415 return( PSA_ERROR_NOT_SUPPORTED );
1416 }
1417
psa_driver_wrapper_hash_clone(const psa_hash_operation_t * source_operation,psa_hash_operation_t * target_operation)1418 psa_status_t psa_driver_wrapper_hash_clone(
1419 const psa_hash_operation_t *source_operation,
1420 psa_hash_operation_t *target_operation )
1421 {
1422 switch( source_operation->id )
1423 {
1424 #if defined(MBEDTLS_PSA_BUILTIN_HASH)
1425 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1426 target_operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1427 return( mbedtls_psa_hash_clone( &source_operation->ctx.mbedtls_ctx,
1428 &target_operation->ctx.mbedtls_ctx ) );
1429 #endif
1430 #if defined(PSA_CRYPTO_DRIVER_TEST)
1431 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
1432 target_operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
1433 return( mbedtls_test_transparent_hash_clone(
1434 &source_operation->ctx.test_driver_ctx,
1435 &target_operation->ctx.test_driver_ctx ) );
1436 #endif
1437 default:
1438 (void) target_operation;
1439 return( PSA_ERROR_BAD_STATE );
1440 }
1441 }
1442
psa_driver_wrapper_hash_update(psa_hash_operation_t * operation,const uint8_t * input,size_t input_length)1443 psa_status_t psa_driver_wrapper_hash_update(
1444 psa_hash_operation_t *operation,
1445 const uint8_t *input,
1446 size_t input_length )
1447 {
1448 switch( operation->id )
1449 {
1450 #if defined(MBEDTLS_PSA_BUILTIN_HASH)
1451 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1452 return( mbedtls_psa_hash_update( &operation->ctx.mbedtls_ctx,
1453 input, input_length ) );
1454 #endif
1455 #if defined(PSA_CRYPTO_DRIVER_TEST)
1456 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
1457 return( mbedtls_test_transparent_hash_update(
1458 &operation->ctx.test_driver_ctx,
1459 input, input_length ) );
1460 #endif
1461 default:
1462 (void) input;
1463 (void) input_length;
1464 return( PSA_ERROR_BAD_STATE );
1465 }
1466 }
1467
psa_driver_wrapper_hash_finish(psa_hash_operation_t * operation,uint8_t * hash,size_t hash_size,size_t * hash_length)1468 psa_status_t psa_driver_wrapper_hash_finish(
1469 psa_hash_operation_t *operation,
1470 uint8_t *hash,
1471 size_t hash_size,
1472 size_t *hash_length )
1473 {
1474 switch( operation->id )
1475 {
1476 #if defined(MBEDTLS_PSA_BUILTIN_HASH)
1477 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1478 return( mbedtls_psa_hash_finish( &operation->ctx.mbedtls_ctx,
1479 hash, hash_size, hash_length ) );
1480 #endif
1481 #if defined(PSA_CRYPTO_DRIVER_TEST)
1482 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
1483 return( mbedtls_test_transparent_hash_finish(
1484 &operation->ctx.test_driver_ctx,
1485 hash, hash_size, hash_length ) );
1486 #endif
1487 default:
1488 (void) hash;
1489 (void) hash_size;
1490 (void) hash_length;
1491 return( PSA_ERROR_BAD_STATE );
1492 }
1493 }
1494
psa_driver_wrapper_hash_abort(psa_hash_operation_t * operation)1495 psa_status_t psa_driver_wrapper_hash_abort(
1496 psa_hash_operation_t *operation )
1497 {
1498 switch( operation->id )
1499 {
1500 #if defined(MBEDTLS_PSA_BUILTIN_HASH)
1501 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1502 return( mbedtls_psa_hash_abort( &operation->ctx.mbedtls_ctx ) );
1503 #endif
1504 #if defined(PSA_CRYPTO_DRIVER_TEST)
1505 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
1506 return( mbedtls_test_transparent_hash_abort(
1507 &operation->ctx.test_driver_ctx ) );
1508 #endif
1509 default:
1510 return( PSA_ERROR_BAD_STATE );
1511 }
1512 }
1513
psa_driver_wrapper_aead_encrypt(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * nonce,size_t nonce_length,const uint8_t * additional_data,size_t additional_data_length,const uint8_t * plaintext,size_t plaintext_length,uint8_t * ciphertext,size_t ciphertext_size,size_t * ciphertext_length)1514 psa_status_t psa_driver_wrapper_aead_encrypt(
1515 const psa_key_attributes_t *attributes,
1516 const uint8_t *key_buffer, size_t key_buffer_size,
1517 psa_algorithm_t alg,
1518 const uint8_t *nonce, size_t nonce_length,
1519 const uint8_t *additional_data, size_t additional_data_length,
1520 const uint8_t *plaintext, size_t plaintext_length,
1521 uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length )
1522 {
1523 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1524 psa_key_location_t location =
1525 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1526
1527 switch( location )
1528 {
1529 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1530 /* Key is stored in the slot in export representation, so
1531 * cycle through all known transparent accelerators */
1532
1533 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1534 #if defined(PSA_CRYPTO_DRIVER_TEST)
1535 status = mbedtls_test_transparent_aead_encrypt(
1536 attributes, key_buffer, key_buffer_size,
1537 alg,
1538 nonce, nonce_length,
1539 additional_data, additional_data_length,
1540 plaintext, plaintext_length,
1541 ciphertext, ciphertext_size, ciphertext_length );
1542 /* Declared with fallback == true */
1543 if( status != PSA_ERROR_NOT_SUPPORTED )
1544 return( status );
1545 #endif /* PSA_CRYPTO_DRIVER_TEST */
1546 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1547
1548 /* Fell through, meaning no accelerator supports this operation */
1549 return( mbedtls_psa_aead_encrypt(
1550 attributes, key_buffer, key_buffer_size,
1551 alg,
1552 nonce, nonce_length,
1553 additional_data, additional_data_length,
1554 plaintext, plaintext_length,
1555 ciphertext, ciphertext_size, ciphertext_length ) );
1556
1557 /* Add cases for opaque driver here */
1558
1559 default:
1560 /* Key is declared with a lifetime not known to us */
1561 (void)status;
1562 return( PSA_ERROR_INVALID_ARGUMENT );
1563 }
1564 }
1565
psa_driver_wrapper_aead_decrypt(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * nonce,size_t nonce_length,const uint8_t * additional_data,size_t additional_data_length,const uint8_t * ciphertext,size_t ciphertext_length,uint8_t * plaintext,size_t plaintext_size,size_t * plaintext_length)1566 psa_status_t psa_driver_wrapper_aead_decrypt(
1567 const psa_key_attributes_t *attributes,
1568 const uint8_t *key_buffer, size_t key_buffer_size,
1569 psa_algorithm_t alg,
1570 const uint8_t *nonce, size_t nonce_length,
1571 const uint8_t *additional_data, size_t additional_data_length,
1572 const uint8_t *ciphertext, size_t ciphertext_length,
1573 uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length )
1574 {
1575 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1576 psa_key_location_t location =
1577 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1578
1579 switch( location )
1580 {
1581 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1582 /* Key is stored in the slot in export representation, so
1583 * cycle through all known transparent accelerators */
1584
1585 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1586 #if defined(PSA_CRYPTO_DRIVER_TEST)
1587 status = mbedtls_test_transparent_aead_decrypt(
1588 attributes, key_buffer, key_buffer_size,
1589 alg,
1590 nonce, nonce_length,
1591 additional_data, additional_data_length,
1592 ciphertext, ciphertext_length,
1593 plaintext, plaintext_size, plaintext_length );
1594 /* Declared with fallback == true */
1595 if( status != PSA_ERROR_NOT_SUPPORTED )
1596 return( status );
1597 #endif /* PSA_CRYPTO_DRIVER_TEST */
1598 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1599
1600 /* Fell through, meaning no accelerator supports this operation */
1601 return( mbedtls_psa_aead_decrypt(
1602 attributes, key_buffer, key_buffer_size,
1603 alg,
1604 nonce, nonce_length,
1605 additional_data, additional_data_length,
1606 ciphertext, ciphertext_length,
1607 plaintext, plaintext_size, plaintext_length ) );
1608
1609 /* Add cases for opaque driver here */
1610
1611 default:
1612 /* Key is declared with a lifetime not known to us */
1613 (void)status;
1614 return( PSA_ERROR_INVALID_ARGUMENT );
1615 }
1616 }
1617
psa_driver_wrapper_aead_encrypt_setup(psa_aead_operation_t * operation,const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg)1618 psa_status_t psa_driver_wrapper_aead_encrypt_setup(
1619 psa_aead_operation_t *operation,
1620 const psa_key_attributes_t *attributes,
1621 const uint8_t *key_buffer, size_t key_buffer_size,
1622 psa_algorithm_t alg )
1623 {
1624 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1625 psa_key_location_t location =
1626 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1627
1628 switch( location )
1629 {
1630 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1631 /* Key is stored in the slot in export representation, so
1632 * cycle through all known transparent accelerators */
1633
1634 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1635 #if defined(PSA_CRYPTO_DRIVER_TEST)
1636 operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
1637 status = mbedtls_test_transparent_aead_encrypt_setup(
1638 &operation->ctx.transparent_test_driver_ctx,
1639 attributes, key_buffer, key_buffer_size,
1640 alg );
1641
1642 /* Declared with fallback == true */
1643 if( status != PSA_ERROR_NOT_SUPPORTED )
1644 return( status );
1645 #endif /* PSA_CRYPTO_DRIVER_TEST */
1646 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1647
1648 /* Fell through, meaning no accelerator supports this operation */
1649 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1650 status = mbedtls_psa_aead_encrypt_setup(
1651 &operation->ctx.mbedtls_ctx, attributes,
1652 key_buffer, key_buffer_size,
1653 alg );
1654
1655 return( status );
1656
1657 /* Add cases for opaque driver here */
1658
1659 default:
1660 /* Key is declared with a lifetime not known to us */
1661 (void)status;
1662 return( PSA_ERROR_INVALID_ARGUMENT );
1663 }
1664 }
1665
psa_driver_wrapper_aead_decrypt_setup(psa_aead_operation_t * operation,const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg)1666 psa_status_t psa_driver_wrapper_aead_decrypt_setup(
1667 psa_aead_operation_t *operation,
1668 const psa_key_attributes_t *attributes,
1669 const uint8_t *key_buffer, size_t key_buffer_size,
1670 psa_algorithm_t alg )
1671 {
1672 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1673 psa_key_location_t location =
1674 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1675
1676 switch( location )
1677 {
1678 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1679 /* Key is stored in the slot in export representation, so
1680 * cycle through all known transparent accelerators */
1681
1682 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1683 #if defined(PSA_CRYPTO_DRIVER_TEST)
1684 operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
1685 status = mbedtls_test_transparent_aead_decrypt_setup(
1686 &operation->ctx.transparent_test_driver_ctx,
1687 attributes,
1688 key_buffer, key_buffer_size,
1689 alg );
1690
1691 /* Declared with fallback == true */
1692 if( status != PSA_ERROR_NOT_SUPPORTED )
1693 return( status );
1694 #endif /* PSA_CRYPTO_DRIVER_TEST */
1695 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1696
1697 /* Fell through, meaning no accelerator supports this operation */
1698 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1699 status = mbedtls_psa_aead_decrypt_setup(
1700 &operation->ctx.mbedtls_ctx,
1701 attributes,
1702 key_buffer, key_buffer_size,
1703 alg );
1704
1705 return( status );
1706
1707 /* Add cases for opaque driver here */
1708
1709 default:
1710 /* Key is declared with a lifetime not known to us */
1711 (void)status;
1712 return( PSA_ERROR_INVALID_ARGUMENT );
1713 }
1714 }
1715
psa_driver_wrapper_aead_set_nonce(psa_aead_operation_t * operation,const uint8_t * nonce,size_t nonce_length)1716 psa_status_t psa_driver_wrapper_aead_set_nonce(
1717 psa_aead_operation_t *operation,
1718 const uint8_t *nonce,
1719 size_t nonce_length )
1720 {
1721 switch( operation->id )
1722 {
1723 #if defined(MBEDTLS_PSA_BUILTIN_AEAD)
1724 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1725 return( mbedtls_psa_aead_set_nonce( &operation->ctx.mbedtls_ctx,
1726 nonce,
1727 nonce_length ) );
1728
1729 #endif /* MBEDTLS_PSA_BUILTIN_AEAD */
1730
1731 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1732 #if defined(PSA_CRYPTO_DRIVER_TEST)
1733 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
1734 return( mbedtls_test_transparent_aead_set_nonce(
1735 &operation->ctx.transparent_test_driver_ctx,
1736 nonce, nonce_length ) );
1737
1738 /* Add cases for opaque driver here */
1739
1740 #endif /* PSA_CRYPTO_DRIVER_TEST */
1741 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1742 }
1743
1744 (void)nonce;
1745 (void)nonce_length;
1746
1747 return( PSA_ERROR_INVALID_ARGUMENT );
1748 }
1749
psa_driver_wrapper_aead_set_lengths(psa_aead_operation_t * operation,size_t ad_length,size_t plaintext_length)1750 psa_status_t psa_driver_wrapper_aead_set_lengths(
1751 psa_aead_operation_t *operation,
1752 size_t ad_length,
1753 size_t plaintext_length )
1754 {
1755 switch( operation->id )
1756 {
1757 #if defined(MBEDTLS_PSA_BUILTIN_AEAD)
1758 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1759 return( mbedtls_psa_aead_set_lengths( &operation->ctx.mbedtls_ctx,
1760 ad_length,
1761 plaintext_length ) );
1762
1763 #endif /* MBEDTLS_PSA_BUILTIN_AEAD */
1764
1765 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1766 #if defined(PSA_CRYPTO_DRIVER_TEST)
1767 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
1768 return( mbedtls_test_transparent_aead_set_lengths(
1769 &operation->ctx.transparent_test_driver_ctx,
1770 ad_length, plaintext_length ) );
1771
1772 /* Add cases for opaque driver here */
1773
1774 #endif /* PSA_CRYPTO_DRIVER_TEST */
1775 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1776 }
1777
1778 (void)ad_length;
1779 (void)plaintext_length;
1780
1781 return( PSA_ERROR_INVALID_ARGUMENT );
1782 }
1783
psa_driver_wrapper_aead_update_ad(psa_aead_operation_t * operation,const uint8_t * input,size_t input_length)1784 psa_status_t psa_driver_wrapper_aead_update_ad(
1785 psa_aead_operation_t *operation,
1786 const uint8_t *input,
1787 size_t input_length )
1788 {
1789 switch( operation->id )
1790 {
1791 #if defined(MBEDTLS_PSA_BUILTIN_AEAD)
1792 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1793 return( mbedtls_psa_aead_update_ad( &operation->ctx.mbedtls_ctx,
1794 input,
1795 input_length ) );
1796
1797 #endif /* MBEDTLS_PSA_BUILTIN_AEAD */
1798
1799 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1800 #if defined(PSA_CRYPTO_DRIVER_TEST)
1801 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
1802 return( mbedtls_test_transparent_aead_update_ad(
1803 &operation->ctx.transparent_test_driver_ctx,
1804 input, input_length ) );
1805
1806 /* Add cases for opaque driver here */
1807
1808 #endif /* PSA_CRYPTO_DRIVER_TEST */
1809 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1810 }
1811
1812 (void)input;
1813 (void)input_length;
1814
1815 return( PSA_ERROR_INVALID_ARGUMENT );
1816 }
1817
psa_driver_wrapper_aead_update(psa_aead_operation_t * operation,const uint8_t * input,size_t input_length,uint8_t * output,size_t output_size,size_t * output_length)1818 psa_status_t psa_driver_wrapper_aead_update(
1819 psa_aead_operation_t *operation,
1820 const uint8_t *input,
1821 size_t input_length,
1822 uint8_t *output,
1823 size_t output_size,
1824 size_t *output_length )
1825 {
1826 switch( operation->id )
1827 {
1828 #if defined(MBEDTLS_PSA_BUILTIN_AEAD)
1829 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1830 return( mbedtls_psa_aead_update( &operation->ctx.mbedtls_ctx,
1831 input, input_length,
1832 output, output_size,
1833 output_length ) );
1834
1835 #endif /* MBEDTLS_PSA_BUILTIN_AEAD */
1836
1837 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1838 #if defined(PSA_CRYPTO_DRIVER_TEST)
1839 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
1840 return( mbedtls_test_transparent_aead_update(
1841 &operation->ctx.transparent_test_driver_ctx,
1842 input, input_length, output, output_size,
1843 output_length ) );
1844
1845 /* Add cases for opaque driver here */
1846
1847 #endif /* PSA_CRYPTO_DRIVER_TEST */
1848 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1849 }
1850
1851 (void)input;
1852 (void)input_length;
1853 (void)output;
1854 (void)output_size;
1855 (void)output_length;
1856
1857 return( PSA_ERROR_INVALID_ARGUMENT );
1858 }
1859
psa_driver_wrapper_aead_finish(psa_aead_operation_t * operation,uint8_t * ciphertext,size_t ciphertext_size,size_t * ciphertext_length,uint8_t * tag,size_t tag_size,size_t * tag_length)1860 psa_status_t psa_driver_wrapper_aead_finish(
1861 psa_aead_operation_t *operation,
1862 uint8_t *ciphertext,
1863 size_t ciphertext_size,
1864 size_t *ciphertext_length,
1865 uint8_t *tag,
1866 size_t tag_size,
1867 size_t *tag_length )
1868 {
1869 switch( operation->id )
1870 {
1871 #if defined(MBEDTLS_PSA_BUILTIN_AEAD)
1872 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1873 return( mbedtls_psa_aead_finish( &operation->ctx.mbedtls_ctx,
1874 ciphertext,
1875 ciphertext_size,
1876 ciphertext_length, tag,
1877 tag_size, tag_length ) );
1878
1879 #endif /* MBEDTLS_PSA_BUILTIN_AEAD */
1880
1881 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1882 #if defined(PSA_CRYPTO_DRIVER_TEST)
1883 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
1884 return( mbedtls_test_transparent_aead_finish(
1885 &operation->ctx.transparent_test_driver_ctx,
1886 ciphertext, ciphertext_size,
1887 ciphertext_length, tag, tag_size, tag_length ) );
1888
1889 /* Add cases for opaque driver here */
1890
1891 #endif /* PSA_CRYPTO_DRIVER_TEST */
1892 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1893 }
1894
1895 (void)ciphertext;
1896 (void)ciphertext_size;
1897 (void)ciphertext_length;
1898 (void)tag;
1899 (void)tag_size;
1900 (void)tag_length;
1901
1902 return( PSA_ERROR_INVALID_ARGUMENT );
1903 }
1904
psa_driver_wrapper_aead_verify(psa_aead_operation_t * operation,uint8_t * plaintext,size_t plaintext_size,size_t * plaintext_length,const uint8_t * tag,size_t tag_length)1905 psa_status_t psa_driver_wrapper_aead_verify(
1906 psa_aead_operation_t *operation,
1907 uint8_t *plaintext,
1908 size_t plaintext_size,
1909 size_t *plaintext_length,
1910 const uint8_t *tag,
1911 size_t tag_length )
1912 {
1913 switch( operation->id )
1914 {
1915 #if defined(MBEDTLS_PSA_BUILTIN_AEAD)
1916 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1917 {
1918 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1919 uint8_t check_tag[PSA_AEAD_TAG_MAX_SIZE];
1920 size_t check_tag_length;
1921
1922 status = mbedtls_psa_aead_finish( &operation->ctx.mbedtls_ctx,
1923 plaintext,
1924 plaintext_size,
1925 plaintext_length,
1926 check_tag,
1927 sizeof( check_tag ),
1928 &check_tag_length );
1929
1930 if( status == PSA_SUCCESS )
1931 {
1932 if( tag_length != check_tag_length ||
1933 mbedtls_psa_safer_memcmp( tag, check_tag, tag_length )
1934 != 0 )
1935 status = PSA_ERROR_INVALID_SIGNATURE;
1936 }
1937
1938 mbedtls_platform_zeroize( check_tag, sizeof( check_tag ) );
1939
1940 return( status );
1941 }
1942
1943 #endif /* MBEDTLS_PSA_BUILTIN_AEAD */
1944
1945 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1946 #if defined(PSA_CRYPTO_DRIVER_TEST)
1947 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
1948 return( mbedtls_test_transparent_aead_verify(
1949 &operation->ctx.transparent_test_driver_ctx,
1950 plaintext, plaintext_size,
1951 plaintext_length, tag, tag_length ) );
1952
1953 /* Add cases for opaque driver here */
1954
1955 #endif /* PSA_CRYPTO_DRIVER_TEST */
1956 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1957 }
1958
1959 (void)plaintext;
1960 (void)plaintext_size;
1961 (void)plaintext_length;
1962 (void)tag;
1963 (void)tag_length;
1964
1965 return( PSA_ERROR_INVALID_ARGUMENT );
1966 }
1967
psa_driver_wrapper_aead_abort(psa_aead_operation_t * operation)1968 psa_status_t psa_driver_wrapper_aead_abort(
1969 psa_aead_operation_t *operation )
1970 {
1971 switch( operation->id )
1972 {
1973 #if defined(MBEDTLS_PSA_BUILTIN_AEAD)
1974 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1975 return( mbedtls_psa_aead_abort( &operation->ctx.mbedtls_ctx ) );
1976
1977 #endif /* MBEDTLS_PSA_BUILTIN_AEAD */
1978
1979 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1980 #if defined(PSA_CRYPTO_DRIVER_TEST)
1981 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
1982 return( mbedtls_test_transparent_aead_abort(
1983 &operation->ctx.transparent_test_driver_ctx ) );
1984
1985 /* Add cases for opaque driver here */
1986
1987 #endif /* PSA_CRYPTO_DRIVER_TEST */
1988 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1989 }
1990
1991 return( PSA_ERROR_INVALID_ARGUMENT );
1992 }
1993
1994 /*
1995 * MAC functions
1996 */
psa_driver_wrapper_mac_compute(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * input,size_t input_length,uint8_t * mac,size_t mac_size,size_t * mac_length)1997 psa_status_t psa_driver_wrapper_mac_compute(
1998 const psa_key_attributes_t *attributes,
1999 const uint8_t *key_buffer,
2000 size_t key_buffer_size,
2001 psa_algorithm_t alg,
2002 const uint8_t *input,
2003 size_t input_length,
2004 uint8_t *mac,
2005 size_t mac_size,
2006 size_t *mac_length )
2007 {
2008 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2009 psa_key_location_t location =
2010 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
2011
2012 switch( location )
2013 {
2014 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2015 /* Key is stored in the slot in export representation, so
2016 * cycle through all known transparent accelerators */
2017 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2018 #if defined(PSA_CRYPTO_DRIVER_TEST)
2019 status = mbedtls_test_transparent_mac_compute(
2020 attributes, key_buffer, key_buffer_size, alg,
2021 input, input_length,
2022 mac, mac_size, mac_length );
2023 /* Declared with fallback == true */
2024 if( status != PSA_ERROR_NOT_SUPPORTED )
2025 return( status );
2026 #endif /* PSA_CRYPTO_DRIVER_TEST */
2027 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2028 #if defined(MBEDTLS_PSA_BUILTIN_MAC)
2029 /* Fell through, meaning no accelerator supports this operation */
2030 status = mbedtls_psa_mac_compute(
2031 attributes, key_buffer, key_buffer_size, alg,
2032 input, input_length,
2033 mac, mac_size, mac_length );
2034 if( status != PSA_ERROR_NOT_SUPPORTED )
2035 return( status );
2036 #endif /* MBEDTLS_PSA_BUILTIN_MAC */
2037 return( PSA_ERROR_NOT_SUPPORTED );
2038
2039 /* Add cases for opaque driver here */
2040 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2041 #if defined(PSA_CRYPTO_DRIVER_TEST)
2042 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2043 status = mbedtls_test_opaque_mac_compute(
2044 attributes, key_buffer, key_buffer_size, alg,
2045 input, input_length,
2046 mac, mac_size, mac_length );
2047 return( status );
2048 #endif /* PSA_CRYPTO_DRIVER_TEST */
2049 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2050 default:
2051 /* Key is declared with a lifetime not known to us */
2052 (void) key_buffer;
2053 (void) key_buffer_size;
2054 (void) alg;
2055 (void) input;
2056 (void) input_length;
2057 (void) mac;
2058 (void) mac_size;
2059 (void) mac_length;
2060 (void) status;
2061 return( PSA_ERROR_INVALID_ARGUMENT );
2062 }
2063 }
2064
psa_driver_wrapper_mac_sign_setup(psa_mac_operation_t * operation,const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg)2065 psa_status_t psa_driver_wrapper_mac_sign_setup(
2066 psa_mac_operation_t *operation,
2067 const psa_key_attributes_t *attributes,
2068 const uint8_t *key_buffer,
2069 size_t key_buffer_size,
2070 psa_algorithm_t alg )
2071 {
2072 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2073 psa_key_location_t location =
2074 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
2075
2076 switch( location )
2077 {
2078 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2079 /* Key is stored in the slot in export representation, so
2080 * cycle through all known transparent accelerators */
2081 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2082 #if defined(PSA_CRYPTO_DRIVER_TEST)
2083 status = mbedtls_test_transparent_mac_sign_setup(
2084 &operation->ctx.transparent_test_driver_ctx,
2085 attributes,
2086 key_buffer, key_buffer_size,
2087 alg );
2088 /* Declared with fallback == true */
2089 if( status == PSA_SUCCESS )
2090 operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
2091
2092 if( status != PSA_ERROR_NOT_SUPPORTED )
2093 return( status );
2094 #endif /* PSA_CRYPTO_DRIVER_TEST */
2095 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2096 #if defined(MBEDTLS_PSA_BUILTIN_MAC)
2097 /* Fell through, meaning no accelerator supports this operation */
2098 status = mbedtls_psa_mac_sign_setup( &operation->ctx.mbedtls_ctx,
2099 attributes,
2100 key_buffer, key_buffer_size,
2101 alg );
2102 if( status == PSA_SUCCESS )
2103 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
2104
2105 if( status != PSA_ERROR_NOT_SUPPORTED )
2106 return( status );
2107 #endif /* MBEDTLS_PSA_BUILTIN_MAC */
2108 return( PSA_ERROR_NOT_SUPPORTED );
2109
2110 /* Add cases for opaque driver here */
2111 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2112 #if defined(PSA_CRYPTO_DRIVER_TEST)
2113 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2114 status = mbedtls_test_opaque_mac_sign_setup(
2115 &operation->ctx.opaque_test_driver_ctx,
2116 attributes,
2117 key_buffer, key_buffer_size,
2118 alg );
2119
2120 if( status == PSA_SUCCESS )
2121 operation->id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID;
2122
2123 return( status );
2124 #endif /* PSA_CRYPTO_DRIVER_TEST */
2125 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2126 default:
2127 /* Key is declared with a lifetime not known to us */
2128 (void) status;
2129 (void) operation;
2130 (void) key_buffer;
2131 (void) key_buffer_size;
2132 (void) alg;
2133 return( PSA_ERROR_INVALID_ARGUMENT );
2134 }
2135 }
2136
psa_driver_wrapper_mac_verify_setup(psa_mac_operation_t * operation,const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg)2137 psa_status_t psa_driver_wrapper_mac_verify_setup(
2138 psa_mac_operation_t *operation,
2139 const psa_key_attributes_t *attributes,
2140 const uint8_t *key_buffer,
2141 size_t key_buffer_size,
2142 psa_algorithm_t alg )
2143 {
2144 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2145 psa_key_location_t location =
2146 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
2147
2148 switch( location )
2149 {
2150 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2151 /* Key is stored in the slot in export representation, so
2152 * cycle through all known transparent accelerators */
2153 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2154 #if defined(PSA_CRYPTO_DRIVER_TEST)
2155 status = mbedtls_test_transparent_mac_verify_setup(
2156 &operation->ctx.transparent_test_driver_ctx,
2157 attributes,
2158 key_buffer, key_buffer_size,
2159 alg );
2160 /* Declared with fallback == true */
2161 if( status == PSA_SUCCESS )
2162 operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
2163
2164 if( status != PSA_ERROR_NOT_SUPPORTED )
2165 return( status );
2166 #endif /* PSA_CRYPTO_DRIVER_TEST */
2167 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2168 #if defined(MBEDTLS_PSA_BUILTIN_MAC)
2169 /* Fell through, meaning no accelerator supports this operation */
2170 status = mbedtls_psa_mac_verify_setup( &operation->ctx.mbedtls_ctx,
2171 attributes,
2172 key_buffer, key_buffer_size,
2173 alg );
2174 if( status == PSA_SUCCESS )
2175 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
2176
2177 if( status != PSA_ERROR_NOT_SUPPORTED )
2178 return( status );
2179 #endif /* MBEDTLS_PSA_BUILTIN_MAC */
2180 return( PSA_ERROR_NOT_SUPPORTED );
2181
2182 /* Add cases for opaque driver here */
2183 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2184 #if defined(PSA_CRYPTO_DRIVER_TEST)
2185 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2186 status = mbedtls_test_opaque_mac_verify_setup(
2187 &operation->ctx.opaque_test_driver_ctx,
2188 attributes,
2189 key_buffer, key_buffer_size,
2190 alg );
2191
2192 if( status == PSA_SUCCESS )
2193 operation->id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID;
2194
2195 return( status );
2196 #endif /* PSA_CRYPTO_DRIVER_TEST */
2197 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2198 default:
2199 /* Key is declared with a lifetime not known to us */
2200 (void) status;
2201 (void) operation;
2202 (void) key_buffer;
2203 (void) key_buffer_size;
2204 (void) alg;
2205 return( PSA_ERROR_INVALID_ARGUMENT );
2206 }
2207 }
2208
psa_driver_wrapper_mac_update(psa_mac_operation_t * operation,const uint8_t * input,size_t input_length)2209 psa_status_t psa_driver_wrapper_mac_update(
2210 psa_mac_operation_t *operation,
2211 const uint8_t *input,
2212 size_t input_length )
2213 {
2214 switch( operation->id )
2215 {
2216 #if defined(MBEDTLS_PSA_BUILTIN_MAC)
2217 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2218 return( mbedtls_psa_mac_update( &operation->ctx.mbedtls_ctx,
2219 input, input_length ) );
2220 #endif /* MBEDTLS_PSA_BUILTIN_MAC */
2221
2222 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2223 #if defined(PSA_CRYPTO_DRIVER_TEST)
2224 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
2225 return( mbedtls_test_transparent_mac_update(
2226 &operation->ctx.transparent_test_driver_ctx,
2227 input, input_length ) );
2228
2229 case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
2230 return( mbedtls_test_opaque_mac_update(
2231 &operation->ctx.opaque_test_driver_ctx,
2232 input, input_length ) );
2233 #endif /* PSA_CRYPTO_DRIVER_TEST */
2234 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2235 default:
2236 (void) input;
2237 (void) input_length;
2238 return( PSA_ERROR_INVALID_ARGUMENT );
2239 }
2240 }
2241
psa_driver_wrapper_mac_sign_finish(psa_mac_operation_t * operation,uint8_t * mac,size_t mac_size,size_t * mac_length)2242 psa_status_t psa_driver_wrapper_mac_sign_finish(
2243 psa_mac_operation_t *operation,
2244 uint8_t *mac,
2245 size_t mac_size,
2246 size_t *mac_length )
2247 {
2248 switch( operation->id )
2249 {
2250 #if defined(MBEDTLS_PSA_BUILTIN_MAC)
2251 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2252 return( mbedtls_psa_mac_sign_finish( &operation->ctx.mbedtls_ctx,
2253 mac, mac_size, mac_length ) );
2254 #endif /* MBEDTLS_PSA_BUILTIN_MAC */
2255
2256 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2257 #if defined(PSA_CRYPTO_DRIVER_TEST)
2258 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
2259 return( mbedtls_test_transparent_mac_sign_finish(
2260 &operation->ctx.transparent_test_driver_ctx,
2261 mac, mac_size, mac_length ) );
2262
2263 case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
2264 return( mbedtls_test_opaque_mac_sign_finish(
2265 &operation->ctx.opaque_test_driver_ctx,
2266 mac, mac_size, mac_length ) );
2267 #endif /* PSA_CRYPTO_DRIVER_TEST */
2268 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2269 default:
2270 (void) mac;
2271 (void) mac_size;
2272 (void) mac_length;
2273 return( PSA_ERROR_INVALID_ARGUMENT );
2274 }
2275 }
2276
psa_driver_wrapper_mac_verify_finish(psa_mac_operation_t * operation,const uint8_t * mac,size_t mac_length)2277 psa_status_t psa_driver_wrapper_mac_verify_finish(
2278 psa_mac_operation_t *operation,
2279 const uint8_t *mac,
2280 size_t mac_length )
2281 {
2282 switch( operation->id )
2283 {
2284 #if defined(MBEDTLS_PSA_BUILTIN_MAC)
2285 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2286 return( mbedtls_psa_mac_verify_finish( &operation->ctx.mbedtls_ctx,
2287 mac, mac_length ) );
2288 #endif /* MBEDTLS_PSA_BUILTIN_MAC */
2289
2290 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2291 #if defined(PSA_CRYPTO_DRIVER_TEST)
2292 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
2293 return( mbedtls_test_transparent_mac_verify_finish(
2294 &operation->ctx.transparent_test_driver_ctx,
2295 mac, mac_length ) );
2296
2297 case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
2298 return( mbedtls_test_opaque_mac_verify_finish(
2299 &operation->ctx.opaque_test_driver_ctx,
2300 mac, mac_length ) );
2301 #endif /* PSA_CRYPTO_DRIVER_TEST */
2302 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2303 default:
2304 (void) mac;
2305 (void) mac_length;
2306 return( PSA_ERROR_INVALID_ARGUMENT );
2307 }
2308 }
2309
psa_driver_wrapper_mac_abort(psa_mac_operation_t * operation)2310 psa_status_t psa_driver_wrapper_mac_abort(
2311 psa_mac_operation_t *operation )
2312 {
2313 switch( operation->id )
2314 {
2315 #if defined(MBEDTLS_PSA_BUILTIN_MAC)
2316 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2317 return( mbedtls_psa_mac_abort( &operation->ctx.mbedtls_ctx ) );
2318 #endif /* MBEDTLS_PSA_BUILTIN_MAC */
2319
2320 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2321 #if defined(PSA_CRYPTO_DRIVER_TEST)
2322 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
2323 return( mbedtls_test_transparent_mac_abort(
2324 &operation->ctx.transparent_test_driver_ctx ) );
2325 case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
2326 return( mbedtls_test_opaque_mac_abort(
2327 &operation->ctx.opaque_test_driver_ctx ) );
2328 #endif /* PSA_CRYPTO_DRIVER_TEST */
2329 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2330 default:
2331 return( PSA_ERROR_INVALID_ARGUMENT );
2332 }
2333 }
2334
2335 #endif /* MBEDTLS_PSA_CRYPTO_C */
2336