1 /*
2 * Functions to delegate cryptographic operations to an available
3 * and appropriate accelerator.
4 * Warning: This file is now auto-generated.
5 */
6 /* Copyright The Mbed TLS Contributors
7 * SPDX-License-Identifier: Apache-2.0
8 *
9 * Licensed under the Apache License, Version 2.0 (the "License"); you may
10 * not use this file except in compliance with the License.
11 * You may obtain a copy of the License at
12 *
13 * http://www.apache.org/licenses/LICENSE-2.0
14 *
15 * Unless required by applicable law or agreed to in writing, software
16 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
17 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18 * See the License for the specific language governing permissions and
19 * limitations under the License.
20 */
21
22
23 /* BEGIN-common headers */
24 #include "common.h"
25 #include "psa_crypto_aead.h"
26 #include "psa_crypto_cipher.h"
27 #include "psa_crypto_core.h"
28 #include "psa_crypto_driver_wrappers.h"
29 #include "psa_crypto_hash.h"
30 #include "psa_crypto_mac.h"
31 #include "psa_crypto_pake.h"
32 #include "psa_crypto_rsa.h"
33
34 #include "mbedtls/platform.h"
35 /* END-common headers */
36
37 #if defined(MBEDTLS_PSA_CRYPTO_C)
38
39 /* BEGIN-driver headers */
40 #if defined(MBEDTLS_PSA_CRYPTO_DRIVERS)
41 /* Headers for mbedtls_test opaque driver */
42 #if defined(PSA_CRYPTO_DRIVER_TEST)
43 #include "test/drivers/test_driver.h"
44
45 #endif
46 /* Headers for mbedtls_test transparent driver */
47 #if defined(PSA_CRYPTO_DRIVER_TEST)
48 #include "test/drivers/test_driver.h"
49
50 #endif
51
52 #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS */
53 /* END-driver headers */
54
55 /* Auto-generated values depending on which drivers are registered.
56 * ID 0 is reserved for unallocated operations.
57 * ID 1 is reserved for the Mbed TLS software driver. */
58 /* BEGIN-driver id definition */
59 #define PSA_CRYPTO_MBED_TLS_DRIVER_ID (1)
60 #define MBEDTLS_TEST_OPAQUE_DRIVER_ID (2)
61 #define MBEDTLS_TEST_TRANSPARENT_DRIVER_ID (3)
62
63 /* END-driver id */
64
65 /* BEGIN-Common Macro definitions */
66
67 /* END-Common Macro definitions */
68
69 /* Support the 'old' SE interface when asked to */
70 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
71 /* PSA_CRYPTO_DRIVER_PRESENT is defined when either a new-style or old-style
72 * SE driver is present, to avoid unused argument errors at compile time. */
73 #ifndef PSA_CRYPTO_DRIVER_PRESENT
74 #define PSA_CRYPTO_DRIVER_PRESENT
75 #endif
76 #include "psa_crypto_se.h"
77 #endif
78
psa_driver_wrapper_init(void)79 psa_status_t psa_driver_wrapper_init( void )
80 {
81 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
82
83 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
84 status = psa_init_all_se_drivers( );
85 if( status != PSA_SUCCESS )
86 return( status );
87 #endif
88
89 #if defined(PSA_CRYPTO_DRIVER_TEST)
90 status = mbedtls_test_transparent_init( );
91 if( status != PSA_SUCCESS )
92 return( status );
93
94 status = mbedtls_test_opaque_init( );
95 if( status != PSA_SUCCESS )
96 return( status );
97 #endif
98
99 (void) status;
100 return( PSA_SUCCESS );
101 }
102
psa_driver_wrapper_free(void)103 void psa_driver_wrapper_free( void )
104 {
105 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
106 /* Unregister all secure element drivers, so that we restart from
107 * a pristine state. */
108 psa_unregister_all_se_drivers( );
109 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
110
111 #if defined(PSA_CRYPTO_DRIVER_TEST)
112 mbedtls_test_transparent_free( );
113 mbedtls_test_opaque_free( );
114 #endif
115 }
116
117 /* Start delegation functions */
psa_driver_wrapper_sign_message(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * input,size_t input_length,uint8_t * signature,size_t signature_size,size_t * signature_length)118 psa_status_t psa_driver_wrapper_sign_message(
119 const psa_key_attributes_t *attributes,
120 const uint8_t *key_buffer,
121 size_t key_buffer_size,
122 psa_algorithm_t alg,
123 const uint8_t *input,
124 size_t input_length,
125 uint8_t *signature,
126 size_t signature_size,
127 size_t *signature_length )
128 {
129 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
130 psa_key_location_t location =
131 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
132
133 switch( location )
134 {
135 case PSA_KEY_LOCATION_LOCAL_STORAGE:
136 /* Key is stored in the slot in export representation, so
137 * cycle through all known transparent accelerators */
138 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
139 #if defined(PSA_CRYPTO_DRIVER_TEST)
140 status = mbedtls_test_transparent_signature_sign_message(
141 attributes,
142 key_buffer,
143 key_buffer_size,
144 alg,
145 input,
146 input_length,
147 signature,
148 signature_size,
149 signature_length );
150 /* Declared with fallback == true */
151 if( status != PSA_ERROR_NOT_SUPPORTED )
152 return( status );
153 #endif /* PSA_CRYPTO_DRIVER_TEST */
154 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
155 break;
156
157 /* Add cases for opaque driver here */
158 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
159 #if defined(PSA_CRYPTO_DRIVER_TEST)
160 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
161 status = mbedtls_test_opaque_signature_sign_message(
162 attributes,
163 key_buffer,
164 key_buffer_size,
165 alg,
166 input,
167 input_length,
168 signature,
169 signature_size,
170 signature_length );
171 if( status != PSA_ERROR_NOT_SUPPORTED )
172 return( status );
173 break;
174 #endif /* PSA_CRYPTO_DRIVER_TEST */
175 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
176 default:
177 /* Key is declared with a lifetime not known to us */
178 (void)status;
179 break;
180 }
181
182 return( psa_sign_message_builtin( attributes,
183 key_buffer,
184 key_buffer_size,
185 alg,
186 input,
187 input_length,
188 signature,
189 signature_size,
190 signature_length ) );
191 }
192
psa_driver_wrapper_verify_message(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * input,size_t input_length,const uint8_t * signature,size_t signature_length)193 psa_status_t psa_driver_wrapper_verify_message(
194 const psa_key_attributes_t *attributes,
195 const uint8_t *key_buffer,
196 size_t key_buffer_size,
197 psa_algorithm_t alg,
198 const uint8_t *input,
199 size_t input_length,
200 const uint8_t *signature,
201 size_t signature_length )
202 {
203 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
204 psa_key_location_t location =
205 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
206
207 switch( location )
208 {
209 case PSA_KEY_LOCATION_LOCAL_STORAGE:
210 /* Key is stored in the slot in export representation, so
211 * cycle through all known transparent accelerators */
212 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
213 #if defined(PSA_CRYPTO_DRIVER_TEST)
214 status = mbedtls_test_transparent_signature_verify_message(
215 attributes,
216 key_buffer,
217 key_buffer_size,
218 alg,
219 input,
220 input_length,
221 signature,
222 signature_length );
223 /* Declared with fallback == true */
224 if( status != PSA_ERROR_NOT_SUPPORTED )
225 return( status );
226 #endif /* PSA_CRYPTO_DRIVER_TEST */
227 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
228 break;
229
230 /* Add cases for opaque driver here */
231 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
232 #if defined(PSA_CRYPTO_DRIVER_TEST)
233 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
234 return( mbedtls_test_opaque_signature_verify_message(
235 attributes,
236 key_buffer,
237 key_buffer_size,
238 alg,
239 input,
240 input_length,
241 signature,
242 signature_length ) );
243 if( status != PSA_ERROR_NOT_SUPPORTED )
244 return( status );
245 break;
246 #endif /* PSA_CRYPTO_DRIVER_TEST */
247 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
248 default:
249 /* Key is declared with a lifetime not known to us */
250 (void)status;
251 break;
252 }
253
254 return( psa_verify_message_builtin( attributes,
255 key_buffer,
256 key_buffer_size,
257 alg,
258 input,
259 input_length,
260 signature,
261 signature_length ) );
262 }
263
psa_driver_wrapper_sign_hash(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * hash,size_t hash_length,uint8_t * signature,size_t signature_size,size_t * signature_length)264 psa_status_t psa_driver_wrapper_sign_hash(
265 const psa_key_attributes_t *attributes,
266 const uint8_t *key_buffer, size_t key_buffer_size,
267 psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
268 uint8_t *signature, size_t signature_size, size_t *signature_length )
269 {
270 /* Try dynamically-registered SE interface first */
271 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
272 const psa_drv_se_t *drv;
273 psa_drv_se_context_t *drv_context;
274
275 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
276 {
277 if( drv->asymmetric == NULL ||
278 drv->asymmetric->p_sign == NULL )
279 {
280 /* Key is defined in SE, but we have no way to exercise it */
281 return( PSA_ERROR_NOT_SUPPORTED );
282 }
283 return( drv->asymmetric->p_sign(
284 drv_context, *( (psa_key_slot_number_t *)key_buffer ),
285 alg, hash, hash_length,
286 signature, signature_size, signature_length ) );
287 }
288 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
289
290 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
291 psa_key_location_t location =
292 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
293
294 switch( location )
295 {
296 case PSA_KEY_LOCATION_LOCAL_STORAGE:
297 /* Key is stored in the slot in export representation, so
298 * cycle through all known transparent accelerators */
299 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
300 #if defined(PSA_CRYPTO_DRIVER_TEST)
301 status = mbedtls_test_transparent_signature_sign_hash( attributes,
302 key_buffer,
303 key_buffer_size,
304 alg,
305 hash,
306 hash_length,
307 signature,
308 signature_size,
309 signature_length );
310 /* Declared with fallback == true */
311 if( status != PSA_ERROR_NOT_SUPPORTED )
312 return( status );
313 #endif /* PSA_CRYPTO_DRIVER_TEST */
314 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
315 /* Fell through, meaning no accelerator supports this operation */
316 return( psa_sign_hash_builtin( attributes,
317 key_buffer,
318 key_buffer_size,
319 alg,
320 hash,
321 hash_length,
322 signature,
323 signature_size,
324 signature_length ) );
325
326 /* Add cases for opaque driver here */
327 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
328 #if defined(PSA_CRYPTO_DRIVER_TEST)
329 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
330 return( mbedtls_test_opaque_signature_sign_hash( attributes,
331 key_buffer,
332 key_buffer_size,
333 alg,
334 hash,
335 hash_length,
336 signature,
337 signature_size,
338 signature_length ) );
339 #endif /* PSA_CRYPTO_DRIVER_TEST */
340 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
341 default:
342 /* Key is declared with a lifetime not known to us */
343 (void)status;
344 return( PSA_ERROR_INVALID_ARGUMENT );
345 }
346 }
347
psa_driver_wrapper_verify_hash(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * hash,size_t hash_length,const uint8_t * signature,size_t signature_length)348 psa_status_t psa_driver_wrapper_verify_hash(
349 const psa_key_attributes_t *attributes,
350 const uint8_t *key_buffer, size_t key_buffer_size,
351 psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
352 const uint8_t *signature, size_t signature_length )
353 {
354 /* Try dynamically-registered SE interface first */
355 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
356 const psa_drv_se_t *drv;
357 psa_drv_se_context_t *drv_context;
358
359 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
360 {
361 if( drv->asymmetric == NULL ||
362 drv->asymmetric->p_verify == NULL )
363 {
364 /* Key is defined in SE, but we have no way to exercise it */
365 return( PSA_ERROR_NOT_SUPPORTED );
366 }
367 return( drv->asymmetric->p_verify(
368 drv_context, *( (psa_key_slot_number_t *)key_buffer ),
369 alg, hash, hash_length,
370 signature, signature_length ) );
371 }
372 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
373
374 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
375 psa_key_location_t location =
376 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
377
378 switch( location )
379 {
380 case PSA_KEY_LOCATION_LOCAL_STORAGE:
381 /* Key is stored in the slot in export representation, so
382 * cycle through all known transparent accelerators */
383 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
384 #if defined(PSA_CRYPTO_DRIVER_TEST)
385 status = mbedtls_test_transparent_signature_verify_hash(
386 attributes,
387 key_buffer,
388 key_buffer_size,
389 alg,
390 hash,
391 hash_length,
392 signature,
393 signature_length );
394 /* Declared with fallback == true */
395 if( status != PSA_ERROR_NOT_SUPPORTED )
396 return( status );
397 #endif /* PSA_CRYPTO_DRIVER_TEST */
398 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
399
400 return( psa_verify_hash_builtin( attributes,
401 key_buffer,
402 key_buffer_size,
403 alg,
404 hash,
405 hash_length,
406 signature,
407 signature_length ) );
408
409 /* Add cases for opaque driver here */
410 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
411 #if defined(PSA_CRYPTO_DRIVER_TEST)
412 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
413 return( mbedtls_test_opaque_signature_verify_hash( attributes,
414 key_buffer,
415 key_buffer_size,
416 alg,
417 hash,
418 hash_length,
419 signature,
420 signature_length ) );
421 #endif /* PSA_CRYPTO_DRIVER_TEST */
422 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
423 default:
424 /* Key is declared with a lifetime not known to us */
425 (void)status;
426 return( PSA_ERROR_INVALID_ARGUMENT );
427 }
428 }
429
psa_driver_wrapper_sign_hash_get_num_ops(psa_sign_hash_interruptible_operation_t * operation)430 uint32_t psa_driver_wrapper_sign_hash_get_num_ops(
431 psa_sign_hash_interruptible_operation_t *operation )
432 {
433 switch( operation->id )
434 {
435 /* If uninitialised, return 0, as no work can have been done. */
436 case 0:
437 return 0;
438
439 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
440 return(mbedtls_psa_sign_hash_get_num_ops(&operation->ctx.mbedtls_ctx));
441
442 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
443 #if defined(PSA_CRYPTO_DRIVER_TEST)
444 /* Add test driver tests here */
445
446 #endif /* PSA_CRYPTO_DRIVER_TEST */
447 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
448 }
449
450 return (uint32_t)PSA_ERROR_INVALID_ARGUMENT;
451 }
452
psa_driver_wrapper_verify_hash_get_num_ops(psa_verify_hash_interruptible_operation_t * operation)453 uint32_t psa_driver_wrapper_verify_hash_get_num_ops(
454 psa_verify_hash_interruptible_operation_t *operation )
455 {
456 switch( operation->id )
457 {
458 /* If uninitialised, return 0, as no work can have been done. */
459 case 0:
460 return 0;
461
462 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
463 return (mbedtls_psa_verify_hash_get_num_ops(&operation->ctx.mbedtls_ctx));
464
465 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
466 #if defined(PSA_CRYPTO_DRIVER_TEST)
467 /* Add test driver tests here */
468
469 #endif /* PSA_CRYPTO_DRIVER_TEST */
470 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
471
472 }
473
474 return (uint32_t)PSA_ERROR_INVALID_ARGUMENT;
475 }
476
psa_driver_wrapper_sign_hash_start(psa_sign_hash_interruptible_operation_t * operation,const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * hash,size_t hash_length)477 psa_status_t psa_driver_wrapper_sign_hash_start(
478 psa_sign_hash_interruptible_operation_t *operation,
479 const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
480 size_t key_buffer_size, psa_algorithm_t alg,
481 const uint8_t *hash, size_t hash_length )
482 {
483 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
484 psa_key_location_t location =
485 PSA_KEY_LIFETIME_GET_LOCATION(
486 attributes->core.lifetime );
487
488 switch( location )
489 {
490 case PSA_KEY_LOCATION_LOCAL_STORAGE:
491 /* Key is stored in the slot in export representation, so
492 * cycle through all known transparent accelerators */
493
494 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
495 #if defined(PSA_CRYPTO_DRIVER_TEST)
496
497 /* Add test driver tests here */
498
499 /* Declared with fallback == true */
500
501 #endif /* PSA_CRYPTO_DRIVER_TEST */
502 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
503
504 /* Fell through, meaning no accelerator supports this operation */
505 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
506 return( mbedtls_psa_sign_hash_start( &operation->ctx.mbedtls_ctx,
507 attributes,
508 key_buffer, key_buffer_size,
509 alg, hash, hash_length ) );
510 break;
511
512 /* Add cases for opaque driver here */
513
514 default:
515 /* Key is declared with a lifetime not known to us */
516 ( void ) status;
517 return( PSA_ERROR_INVALID_ARGUMENT );
518 }
519 }
520
psa_driver_wrapper_sign_hash_complete(psa_sign_hash_interruptible_operation_t * operation,uint8_t * signature,size_t signature_size,size_t * signature_length)521 psa_status_t psa_driver_wrapper_sign_hash_complete(
522 psa_sign_hash_interruptible_operation_t *operation,
523 uint8_t *signature, size_t signature_size,
524 size_t *signature_length )
525 {
526 switch( operation->id )
527 {
528 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
529 return( mbedtls_psa_sign_hash_complete( &operation->ctx.mbedtls_ctx,
530 signature, signature_size,
531 signature_length ) );
532
533 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
534 #if defined(PSA_CRYPTO_DRIVER_TEST)
535 /* Add test driver tests here */
536
537 #endif /* PSA_CRYPTO_DRIVER_TEST */
538 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
539 }
540
541 ( void ) signature;
542 ( void ) signature_size;
543 ( void ) signature_length;
544
545 return( PSA_ERROR_INVALID_ARGUMENT );
546 }
547
psa_driver_wrapper_sign_hash_abort(psa_sign_hash_interruptible_operation_t * operation)548 psa_status_t psa_driver_wrapper_sign_hash_abort(
549 psa_sign_hash_interruptible_operation_t *operation )
550 {
551 switch( operation->id )
552 {
553 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
554 return( mbedtls_psa_sign_hash_abort( &operation->ctx.mbedtls_ctx ) );
555
556 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
557 #if defined(PSA_CRYPTO_DRIVER_TEST)
558 /* Add test driver tests here */
559
560 #endif /* PSA_CRYPTO_DRIVER_TEST */
561 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
562 }
563
564 return( PSA_ERROR_INVALID_ARGUMENT );
565 }
566
psa_driver_wrapper_verify_hash_start(psa_verify_hash_interruptible_operation_t * operation,const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * hash,size_t hash_length,const uint8_t * signature,size_t signature_length)567 psa_status_t psa_driver_wrapper_verify_hash_start(
568 psa_verify_hash_interruptible_operation_t *operation,
569 const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
570 size_t key_buffer_size, psa_algorithm_t alg,
571 const uint8_t *hash, size_t hash_length,
572 const uint8_t *signature, size_t signature_length )
573 {
574
575 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
576 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
577 attributes->core.lifetime );
578
579 switch( location )
580 {
581 case PSA_KEY_LOCATION_LOCAL_STORAGE:
582 /* Key is stored in the slot in export representation, so
583 * cycle through all known transparent accelerators */
584
585 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
586 #if defined(PSA_CRYPTO_DRIVER_TEST)
587
588 /* Add test driver tests here */
589
590 /* Declared with fallback == true */
591
592 #endif /* PSA_CRYPTO_DRIVER_TEST */
593 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
594
595 /* Fell through, meaning no accelerator supports this operation */
596 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
597 return( mbedtls_psa_verify_hash_start( &operation->ctx.mbedtls_ctx,
598 attributes,
599 key_buffer, key_buffer_size,
600 alg, hash, hash_length,
601 signature, signature_length
602 ) );
603 break;
604
605 /* Add cases for opaque driver here */
606
607 default:
608 /* Key is declared with a lifetime not known to us */
609 ( void ) status;
610 return( PSA_ERROR_INVALID_ARGUMENT );
611 }
612 }
613
psa_driver_wrapper_verify_hash_complete(psa_verify_hash_interruptible_operation_t * operation)614 psa_status_t psa_driver_wrapper_verify_hash_complete(
615 psa_verify_hash_interruptible_operation_t *operation )
616 {
617 switch( operation->id )
618 {
619 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
620 return( mbedtls_psa_verify_hash_complete(
621 &operation->ctx.mbedtls_ctx
622 ) );
623
624 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
625 #if defined(PSA_CRYPTO_DRIVER_TEST)
626 /* Add test driver tests here */
627
628 #endif /* PSA_CRYPTO_DRIVER_TEST */
629 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
630 }
631
632 return( PSA_ERROR_INVALID_ARGUMENT );
633 }
634
psa_driver_wrapper_verify_hash_abort(psa_verify_hash_interruptible_operation_t * operation)635 psa_status_t psa_driver_wrapper_verify_hash_abort(
636 psa_verify_hash_interruptible_operation_t *operation )
637 {
638 switch( operation->id )
639 {
640 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
641 return( mbedtls_psa_verify_hash_abort( &operation->ctx.mbedtls_ctx
642 ) );
643
644 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
645 #if defined(PSA_CRYPTO_DRIVER_TEST)
646 /* Add test driver tests here */
647
648 #endif /* PSA_CRYPTO_DRIVER_TEST */
649 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
650 }
651
652 return( PSA_ERROR_INVALID_ARGUMENT );
653 }
654
655 /** Calculate the key buffer size required to store the key material of a key
656 * associated with an opaque driver from input key data.
657 *
658 * \param[in] attributes The key attributes
659 * \param[in] data The input key data.
660 * \param[in] data_length The input data length.
661 * \param[out] key_buffer_size Minimum buffer size to contain the key material.
662 *
663 * \retval #PSA_SUCCESS \emptydescription
664 * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
665 * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
666 */
psa_driver_wrapper_get_key_buffer_size_from_key_data(const psa_key_attributes_t * attributes,const uint8_t * data,size_t data_length,size_t * key_buffer_size)667 psa_status_t psa_driver_wrapper_get_key_buffer_size_from_key_data(
668 const psa_key_attributes_t *attributes,
669 const uint8_t *data,
670 size_t data_length,
671 size_t *key_buffer_size )
672 {
673 psa_key_location_t location =
674 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
675 psa_key_type_t key_type = attributes->core.type;
676
677 *key_buffer_size = 0;
678 switch( location )
679 {
680 #if defined(PSA_CRYPTO_DRIVER_TEST)
681 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
682 *key_buffer_size = mbedtls_test_opaque_size_function( key_type,
683 PSA_BYTES_TO_BITS( data_length ) );
684 return( ( *key_buffer_size != 0 ) ?
685 PSA_SUCCESS : PSA_ERROR_NOT_SUPPORTED );
686 #endif /* PSA_CRYPTO_DRIVER_TEST */
687
688 default:
689 (void)key_type;
690 (void)data;
691 (void)data_length;
692 return( PSA_ERROR_INVALID_ARGUMENT );
693 }
694 }
695
696 /** Get the key buffer size required to store the key material of a key
697 * associated with an opaque driver.
698 *
699 * \param[in] attributes The key attributes.
700 * \param[out] key_buffer_size Minimum buffer size to contain the key material
701 *
702 * \retval #PSA_SUCCESS
703 * The minimum size for a buffer to contain the key material has been
704 * returned successfully.
705 * \retval #PSA_ERROR_NOT_SUPPORTED
706 * The type and/or the size in bits of the key or the combination of
707 * the two is not supported.
708 * \retval #PSA_ERROR_INVALID_ARGUMENT
709 * The key is declared with a lifetime not known to us.
710 */
psa_driver_wrapper_get_key_buffer_size(const psa_key_attributes_t * attributes,size_t * key_buffer_size)711 psa_status_t psa_driver_wrapper_get_key_buffer_size(
712 const psa_key_attributes_t *attributes,
713 size_t *key_buffer_size )
714 {
715 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
716 psa_key_type_t key_type = attributes->core.type;
717 size_t key_bits = attributes->core.bits;
718
719 *key_buffer_size = 0;
720 switch( location )
721 {
722 #if defined(PSA_CRYPTO_DRIVER_TEST)
723 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
724 #if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
725 /* Emulate property 'builtin_key_size' */
726 if( psa_key_id_is_builtin(
727 MBEDTLS_SVC_KEY_ID_GET_KEY_ID(
728 psa_get_key_id( attributes ) ) ) )
729 {
730 *key_buffer_size = sizeof( psa_drv_slot_number_t );
731 return( PSA_SUCCESS );
732 }
733 #endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
734 *key_buffer_size = mbedtls_test_opaque_size_function( key_type,
735 key_bits );
736 return( ( *key_buffer_size != 0 ) ?
737 PSA_SUCCESS : PSA_ERROR_NOT_SUPPORTED );
738 #endif /* PSA_CRYPTO_DRIVER_TEST */
739
740 default:
741 (void)key_type;
742 (void)key_bits;
743 return( PSA_ERROR_INVALID_ARGUMENT );
744 }
745 }
746
psa_driver_wrapper_generate_key(const psa_key_attributes_t * attributes,uint8_t * key_buffer,size_t key_buffer_size,size_t * key_buffer_length)747 psa_status_t psa_driver_wrapper_generate_key(
748 const psa_key_attributes_t *attributes,
749 uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
750 {
751 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
752 psa_key_location_t location =
753 PSA_KEY_LIFETIME_GET_LOCATION(attributes->core.lifetime);
754
755 /* Try dynamically-registered SE interface first */
756 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
757 const psa_drv_se_t *drv;
758 psa_drv_se_context_t *drv_context;
759
760 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
761 {
762 size_t pubkey_length = 0; /* We don't support this feature yet */
763 if( drv->key_management == NULL ||
764 drv->key_management->p_generate == NULL )
765 {
766 /* Key is defined as being in SE, but we have no way to generate it */
767 return( PSA_ERROR_NOT_SUPPORTED );
768 }
769 return( drv->key_management->p_generate(
770 drv_context,
771 *( (psa_key_slot_number_t *)key_buffer ),
772 attributes, NULL, 0, &pubkey_length ) );
773 }
774 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
775
776 switch( location )
777 {
778 case PSA_KEY_LOCATION_LOCAL_STORAGE:
779 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
780 /* Transparent drivers are limited to generating asymmetric keys */
781 if( PSA_KEY_TYPE_IS_ASYMMETRIC( attributes->core.type ) )
782 {
783 /* Cycle through all known transparent accelerators */
784 #if defined(PSA_CRYPTO_DRIVER_TEST)
785 status = mbedtls_test_transparent_generate_key(
786 attributes, key_buffer, key_buffer_size,
787 key_buffer_length );
788 /* Declared with fallback == true */
789 if( status != PSA_ERROR_NOT_SUPPORTED )
790 break;
791 #endif /* PSA_CRYPTO_DRIVER_TEST */
792 }
793 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
794
795 /* Software fallback */
796 status = psa_generate_key_internal(
797 attributes, key_buffer, key_buffer_size, key_buffer_length );
798 break;
799
800 /* Add cases for opaque driver here */
801 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
802 #if defined(PSA_CRYPTO_DRIVER_TEST)
803 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
804 status = mbedtls_test_opaque_generate_key(
805 attributes, key_buffer, key_buffer_size, key_buffer_length );
806 break;
807 #endif /* PSA_CRYPTO_DRIVER_TEST */
808 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
809
810 default:
811 /* Key is declared with a lifetime not known to us */
812 status = PSA_ERROR_INVALID_ARGUMENT;
813 break;
814 }
815
816 return( status );
817 }
818
psa_driver_wrapper_import_key(const psa_key_attributes_t * attributes,const uint8_t * data,size_t data_length,uint8_t * key_buffer,size_t key_buffer_size,size_t * key_buffer_length,size_t * bits)819 psa_status_t psa_driver_wrapper_import_key(
820 const psa_key_attributes_t *attributes,
821 const uint8_t *data,
822 size_t data_length,
823 uint8_t *key_buffer,
824 size_t key_buffer_size,
825 size_t *key_buffer_length,
826 size_t *bits )
827 {
828
829 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
830 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
831 psa_get_key_lifetime( attributes ) );
832
833 /* Try dynamically-registered SE interface first */
834 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
835 const psa_drv_se_t *drv;
836 psa_drv_se_context_t *drv_context;
837
838 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
839 {
840 if( drv->key_management == NULL ||
841 drv->key_management->p_import == NULL )
842 return( PSA_ERROR_NOT_SUPPORTED );
843
844 /* The driver should set the number of key bits, however in
845 * case it doesn't, we initialize bits to an invalid value. */
846 *bits = PSA_MAX_KEY_BITS + 1;
847 status = drv->key_management->p_import(
848 drv_context,
849 *( (psa_key_slot_number_t *)key_buffer ),
850 attributes, data, data_length, bits );
851
852 if( status != PSA_SUCCESS )
853 return( status );
854
855 if( (*bits) > PSA_MAX_KEY_BITS )
856 return( PSA_ERROR_NOT_SUPPORTED );
857
858 return( PSA_SUCCESS );
859 }
860 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
861
862 switch( location )
863 {
864 case PSA_KEY_LOCATION_LOCAL_STORAGE:
865 /* Key is stored in the slot in export representation, so
866 * cycle through all known transparent accelerators */
867 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
868
869 #if (defined(PSA_CRYPTO_DRIVER_TEST) )
870 status = mbedtls_test_transparent_import_key
871 (attributes,
872 data,
873 data_length,
874 key_buffer,
875 key_buffer_size,
876 key_buffer_length,
877 bits
878 );
879
880 if( status != PSA_ERROR_NOT_SUPPORTED )
881 return( status );
882 #endif
883
884
885 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
886
887 /* Fell through, meaning no accelerator supports this operation */
888 return( psa_import_key_into_slot( attributes,
889 data, data_length,
890 key_buffer, key_buffer_size,
891 key_buffer_length, bits ) );
892 /* Add cases for opaque driver here */
893 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
894
895 #if (defined(PSA_CRYPTO_DRIVER_TEST) )
896 case 0x7fffff:
897 return( mbedtls_test_opaque_import_key
898 (attributes,
899 data,
900 data_length,
901 key_buffer,
902 key_buffer_size,
903 key_buffer_length,
904 bits
905 ));
906 #endif
907
908
909 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
910 default:
911 (void)status;
912 return( PSA_ERROR_INVALID_ARGUMENT );
913 }
914
915 }
916
psa_driver_wrapper_export_key(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,uint8_t * data,size_t data_size,size_t * data_length)917 psa_status_t psa_driver_wrapper_export_key(
918 const psa_key_attributes_t *attributes,
919 const uint8_t *key_buffer, size_t key_buffer_size,
920 uint8_t *data, size_t data_size, size_t *data_length )
921
922 {
923
924 psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
925 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
926 psa_get_key_lifetime( attributes ) );
927
928 /* Try dynamically-registered SE interface first */
929 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
930 const psa_drv_se_t *drv;
931 psa_drv_se_context_t *drv_context;
932
933 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
934 {
935 if( ( drv->key_management == NULL ) ||
936 ( drv->key_management->p_export == NULL ) )
937 {
938 return( PSA_ERROR_NOT_SUPPORTED );
939 }
940
941 return( drv->key_management->p_export(
942 drv_context,
943 *( (psa_key_slot_number_t *)key_buffer ),
944 data, data_size, data_length ) );
945 }
946 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
947
948 switch( location )
949 {
950 case PSA_KEY_LOCATION_LOCAL_STORAGE:
951 return( psa_export_key_internal( attributes,
952 key_buffer,
953 key_buffer_size,
954 data,
955 data_size,
956 data_length ) );
957
958 /* Add cases for opaque driver here */
959 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
960
961 #if (defined(PSA_CRYPTO_DRIVER_TEST) )
962 case 0x7fffff:
963 return( mbedtls_test_opaque_export_key
964 (attributes,
965 key_buffer,
966 key_buffer_size,
967 data,
968 data_size,
969 data_length
970 ));
971 #endif
972
973
974 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
975 default:
976 /* Key is declared with a lifetime not known to us */
977 return( status );
978 }
979
980 }
981
psa_driver_wrapper_export_public_key(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,uint8_t * data,size_t data_size,size_t * data_length)982 psa_status_t psa_driver_wrapper_export_public_key(
983 const psa_key_attributes_t *attributes,
984 const uint8_t *key_buffer, size_t key_buffer_size,
985 uint8_t *data, size_t data_size, size_t *data_length )
986
987 {
988
989 psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
990 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
991 psa_get_key_lifetime( attributes ) );
992
993 /* Try dynamically-registered SE interface first */
994 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
995 const psa_drv_se_t *drv;
996 psa_drv_se_context_t *drv_context;
997
998 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
999 {
1000 if( ( drv->key_management == NULL ) ||
1001 ( drv->key_management->p_export_public == NULL ) )
1002 {
1003 return( PSA_ERROR_NOT_SUPPORTED );
1004 }
1005
1006 return( drv->key_management->p_export_public(
1007 drv_context,
1008 *( (psa_key_slot_number_t *)key_buffer ),
1009 data, data_size, data_length ) );
1010 }
1011 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
1012
1013 switch( location )
1014 {
1015 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1016 /* Key is stored in the slot in export representation, so
1017 * cycle through all known transparent accelerators */
1018 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1019
1020 #if (defined(PSA_CRYPTO_DRIVER_TEST) )
1021 status = mbedtls_test_transparent_export_public_key
1022 (attributes,
1023 key_buffer,
1024 key_buffer_size,
1025 data,
1026 data_size,
1027 data_length
1028 );
1029
1030 if( status != PSA_ERROR_NOT_SUPPORTED )
1031 return( status );
1032 #endif
1033
1034
1035 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1036 /* Fell through, meaning no accelerator supports this operation */
1037 return( psa_export_public_key_internal( attributes,
1038 key_buffer,
1039 key_buffer_size,
1040 data,
1041 data_size,
1042 data_length ) );
1043
1044 /* Add cases for opaque driver here */
1045 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1046
1047 #if (defined(PSA_CRYPTO_DRIVER_TEST) )
1048 case 0x7fffff:
1049 return( mbedtls_test_opaque_export_public_key
1050 (attributes,
1051 key_buffer,
1052 key_buffer_size,
1053 data,
1054 data_size,
1055 data_length
1056 ));
1057 #endif
1058
1059
1060 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1061 default:
1062 /* Key is declared with a lifetime not known to us */
1063 return( status );
1064 }
1065
1066 }
1067
psa_driver_wrapper_get_builtin_key(psa_drv_slot_number_t slot_number,psa_key_attributes_t * attributes,uint8_t * key_buffer,size_t key_buffer_size,size_t * key_buffer_length)1068 psa_status_t psa_driver_wrapper_get_builtin_key(
1069 psa_drv_slot_number_t slot_number,
1070 psa_key_attributes_t *attributes,
1071 uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
1072 {
1073
1074 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1075 switch( location )
1076 {
1077 #if defined(PSA_CRYPTO_DRIVER_TEST)
1078
1079 #if (defined(PSA_CRYPTO_DRIVER_TEST) )
1080 case 0x7fffff:
1081 return( mbedtls_test_opaque_get_builtin_key
1082 (slot_number,
1083 attributes,
1084 key_buffer,
1085 key_buffer_size,
1086 key_buffer_length
1087 ));
1088 #endif
1089
1090
1091 #endif /* PSA_CRYPTO_DRIVER_TEST */
1092 default:
1093 (void) slot_number;
1094 (void) key_buffer;
1095 (void) key_buffer_size;
1096 (void) key_buffer_length;
1097 return( PSA_ERROR_DOES_NOT_EXIST );
1098 }
1099
1100 }
1101
psa_driver_wrapper_copy_key(psa_key_attributes_t * attributes,const uint8_t * source_key,size_t source_key_length,uint8_t * target_key_buffer,size_t target_key_buffer_size,size_t * target_key_buffer_length)1102 psa_status_t psa_driver_wrapper_copy_key(
1103 psa_key_attributes_t *attributes,
1104 const uint8_t *source_key, size_t source_key_length,
1105 uint8_t *target_key_buffer, size_t target_key_buffer_size,
1106 size_t *target_key_buffer_length )
1107 {
1108
1109 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1110 psa_key_location_t location =
1111 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1112
1113 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
1114 const psa_drv_se_t *drv;
1115 psa_drv_se_context_t *drv_context;
1116
1117 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
1118 {
1119 /* Copying to a secure element is not implemented yet. */
1120 return( PSA_ERROR_NOT_SUPPORTED );
1121 }
1122 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
1123
1124 switch( location )
1125 {
1126 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1127
1128 #if (defined(PSA_CRYPTO_DRIVER_TEST) )
1129 case 0x7fffff:
1130 return( mbedtls_test_opaque_copy_key
1131 (attributes,
1132 source_key,
1133 source_key_length,
1134 target_key_buffer,
1135 target_key_buffer_size,
1136 target_key_buffer_length
1137 ));
1138 #endif
1139
1140
1141 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1142 default:
1143 (void)source_key;
1144 (void)source_key_length;
1145 (void)target_key_buffer;
1146 (void)target_key_buffer_size;
1147 (void)target_key_buffer_length;
1148 status = PSA_ERROR_INVALID_ARGUMENT;
1149 }
1150 return( status );
1151
1152 }
1153
1154 /*
1155 * Cipher functions
1156 */
psa_driver_wrapper_cipher_encrypt(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * iv,size_t iv_length,const uint8_t * input,size_t input_length,uint8_t * output,size_t output_size,size_t * output_length)1157 psa_status_t psa_driver_wrapper_cipher_encrypt(
1158 const psa_key_attributes_t *attributes,
1159 const uint8_t *key_buffer,
1160 size_t key_buffer_size,
1161 psa_algorithm_t alg,
1162 const uint8_t *iv,
1163 size_t iv_length,
1164 const uint8_t *input,
1165 size_t input_length,
1166 uint8_t *output,
1167 size_t output_size,
1168 size_t *output_length )
1169 {
1170 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1171 psa_key_location_t location =
1172 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1173
1174 switch( location )
1175 {
1176 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1177 /* Key is stored in the slot in export representation, so
1178 * cycle through all known transparent accelerators */
1179 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1180 #if defined(PSA_CRYPTO_DRIVER_TEST)
1181 status = mbedtls_test_transparent_cipher_encrypt( attributes,
1182 key_buffer,
1183 key_buffer_size,
1184 alg,
1185 iv,
1186 iv_length,
1187 input,
1188 input_length,
1189 output,
1190 output_size,
1191 output_length );
1192 /* Declared with fallback == true */
1193 if( status != PSA_ERROR_NOT_SUPPORTED )
1194 return( status );
1195 #endif /* PSA_CRYPTO_DRIVER_TEST */
1196 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1197
1198 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1199 return( mbedtls_psa_cipher_encrypt( attributes,
1200 key_buffer,
1201 key_buffer_size,
1202 alg,
1203 iv,
1204 iv_length,
1205 input,
1206 input_length,
1207 output,
1208 output_size,
1209 output_length ) );
1210 #else
1211 return( PSA_ERROR_NOT_SUPPORTED );
1212 #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1213
1214 /* Add cases for opaque driver here */
1215 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1216 #if defined(PSA_CRYPTO_DRIVER_TEST)
1217 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
1218 return( mbedtls_test_opaque_cipher_encrypt( attributes,
1219 key_buffer,
1220 key_buffer_size,
1221 alg,
1222 iv,
1223 iv_length,
1224 input,
1225 input_length,
1226 output,
1227 output_size,
1228 output_length ) );
1229 #endif /* PSA_CRYPTO_DRIVER_TEST */
1230 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1231
1232 default:
1233 /* Key is declared with a lifetime not known to us */
1234 (void)status;
1235 (void)key_buffer;
1236 (void)key_buffer_size;
1237 (void)alg;
1238 (void)iv;
1239 (void)iv_length;
1240 (void)input;
1241 (void)input_length;
1242 (void)output;
1243 (void)output_size;
1244 (void)output_length;
1245 return( PSA_ERROR_INVALID_ARGUMENT );
1246 }
1247 }
1248
psa_driver_wrapper_cipher_decrypt(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * input,size_t input_length,uint8_t * output,size_t output_size,size_t * output_length)1249 psa_status_t psa_driver_wrapper_cipher_decrypt(
1250 const psa_key_attributes_t *attributes,
1251 const uint8_t *key_buffer,
1252 size_t key_buffer_size,
1253 psa_algorithm_t alg,
1254 const uint8_t *input,
1255 size_t input_length,
1256 uint8_t *output,
1257 size_t output_size,
1258 size_t *output_length )
1259 {
1260 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1261 psa_key_location_t location =
1262 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1263
1264 switch( location )
1265 {
1266 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1267 /* Key is stored in the slot in export representation, so
1268 * cycle through all known transparent accelerators */
1269 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1270 #if defined(PSA_CRYPTO_DRIVER_TEST)
1271 status = mbedtls_test_transparent_cipher_decrypt( attributes,
1272 key_buffer,
1273 key_buffer_size,
1274 alg,
1275 input,
1276 input_length,
1277 output,
1278 output_size,
1279 output_length );
1280 /* Declared with fallback == true */
1281 if( status != PSA_ERROR_NOT_SUPPORTED )
1282 return( status );
1283 #endif /* PSA_CRYPTO_DRIVER_TEST */
1284 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1285
1286 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1287 return( mbedtls_psa_cipher_decrypt( attributes,
1288 key_buffer,
1289 key_buffer_size,
1290 alg,
1291 input,
1292 input_length,
1293 output,
1294 output_size,
1295 output_length ) );
1296 #else
1297 return( PSA_ERROR_NOT_SUPPORTED );
1298 #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1299
1300 /* Add cases for opaque driver here */
1301 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1302 #if defined(PSA_CRYPTO_DRIVER_TEST)
1303 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
1304 return( mbedtls_test_opaque_cipher_decrypt( attributes,
1305 key_buffer,
1306 key_buffer_size,
1307 alg,
1308 input,
1309 input_length,
1310 output,
1311 output_size,
1312 output_length ) );
1313 #endif /* PSA_CRYPTO_DRIVER_TEST */
1314 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1315
1316 default:
1317 /* Key is declared with a lifetime not known to us */
1318 (void)status;
1319 (void)key_buffer;
1320 (void)key_buffer_size;
1321 (void)alg;
1322 (void)input;
1323 (void)input_length;
1324 (void)output;
1325 (void)output_size;
1326 (void)output_length;
1327 return( PSA_ERROR_INVALID_ARGUMENT );
1328 }
1329 }
1330
psa_driver_wrapper_cipher_encrypt_setup(psa_cipher_operation_t * operation,const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg)1331 psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
1332 psa_cipher_operation_t *operation,
1333 const psa_key_attributes_t *attributes,
1334 const uint8_t *key_buffer, size_t key_buffer_size,
1335 psa_algorithm_t alg )
1336 {
1337 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1338 psa_key_location_t location =
1339 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1340
1341 switch( location )
1342 {
1343 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1344 /* Key is stored in the slot in export representation, so
1345 * cycle through all known transparent accelerators */
1346 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1347 #if defined(PSA_CRYPTO_DRIVER_TEST)
1348 status = mbedtls_test_transparent_cipher_encrypt_setup(
1349 &operation->ctx.transparent_test_driver_ctx,
1350 attributes,
1351 key_buffer,
1352 key_buffer_size,
1353 alg );
1354 /* Declared with fallback == true */
1355 if( status == PSA_SUCCESS )
1356 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
1357
1358 if( status != PSA_ERROR_NOT_SUPPORTED )
1359 return( status );
1360 #endif /* PSA_CRYPTO_DRIVER_TEST */
1361 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1362 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1363 /* Fell through, meaning no accelerator supports this operation */
1364 status = mbedtls_psa_cipher_encrypt_setup( &operation->ctx.mbedtls_ctx,
1365 attributes,
1366 key_buffer,
1367 key_buffer_size,
1368 alg );
1369 if( status == PSA_SUCCESS )
1370 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1371
1372 if( status != PSA_ERROR_NOT_SUPPORTED )
1373 return( status );
1374 #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1375 return( PSA_ERROR_NOT_SUPPORTED );
1376
1377 /* Add cases for opaque driver here */
1378 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1379 #if defined(PSA_CRYPTO_DRIVER_TEST)
1380 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
1381 status = mbedtls_test_opaque_cipher_encrypt_setup(
1382 &operation->ctx.opaque_test_driver_ctx,
1383 attributes,
1384 key_buffer, key_buffer_size,
1385 alg );
1386
1387 if( status == PSA_SUCCESS )
1388 operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID;
1389
1390 return( status );
1391 #endif /* PSA_CRYPTO_DRIVER_TEST */
1392 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1393 default:
1394 /* Key is declared with a lifetime not known to us */
1395 (void)status;
1396 (void)operation;
1397 (void)key_buffer;
1398 (void)key_buffer_size;
1399 (void)alg;
1400 return( PSA_ERROR_INVALID_ARGUMENT );
1401 }
1402 }
1403
psa_driver_wrapper_cipher_decrypt_setup(psa_cipher_operation_t * operation,const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg)1404 psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
1405 psa_cipher_operation_t *operation,
1406 const psa_key_attributes_t *attributes,
1407 const uint8_t *key_buffer, size_t key_buffer_size,
1408 psa_algorithm_t alg )
1409 {
1410 psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
1411 psa_key_location_t location =
1412 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1413
1414 switch( location )
1415 {
1416 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1417 /* Key is stored in the slot in export representation, so
1418 * cycle through all known transparent accelerators */
1419 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1420 #if defined(PSA_CRYPTO_DRIVER_TEST)
1421 status = mbedtls_test_transparent_cipher_decrypt_setup(
1422 &operation->ctx.transparent_test_driver_ctx,
1423 attributes,
1424 key_buffer,
1425 key_buffer_size,
1426 alg );
1427 /* Declared with fallback == true */
1428 if( status == PSA_SUCCESS )
1429 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
1430
1431 if( status != PSA_ERROR_NOT_SUPPORTED )
1432 return( status );
1433 #endif /* PSA_CRYPTO_DRIVER_TEST */
1434 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1435 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1436 /* Fell through, meaning no accelerator supports this operation */
1437 status = mbedtls_psa_cipher_decrypt_setup( &operation->ctx.mbedtls_ctx,
1438 attributes,
1439 key_buffer,
1440 key_buffer_size,
1441 alg );
1442 if( status == PSA_SUCCESS )
1443 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1444
1445 return( status );
1446 #else /* MBEDTLS_PSA_BUILTIN_CIPHER */
1447 return( PSA_ERROR_NOT_SUPPORTED );
1448 #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1449
1450 /* Add cases for opaque driver here */
1451 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1452 #if defined(PSA_CRYPTO_DRIVER_TEST)
1453 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
1454 status = mbedtls_test_opaque_cipher_decrypt_setup(
1455 &operation->ctx.opaque_test_driver_ctx,
1456 attributes,
1457 key_buffer, key_buffer_size,
1458 alg );
1459
1460 if( status == PSA_SUCCESS )
1461 operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID;
1462
1463 return( status );
1464 #endif /* PSA_CRYPTO_DRIVER_TEST */
1465 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1466 default:
1467 /* Key is declared with a lifetime not known to us */
1468 (void)status;
1469 (void)operation;
1470 (void)key_buffer;
1471 (void)key_buffer_size;
1472 (void)alg;
1473 return( PSA_ERROR_INVALID_ARGUMENT );
1474 }
1475 }
1476
psa_driver_wrapper_cipher_set_iv(psa_cipher_operation_t * operation,const uint8_t * iv,size_t iv_length)1477 psa_status_t psa_driver_wrapper_cipher_set_iv(
1478 psa_cipher_operation_t *operation,
1479 const uint8_t *iv,
1480 size_t iv_length )
1481 {
1482 switch( operation->id )
1483 {
1484 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1485 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1486 return( mbedtls_psa_cipher_set_iv( &operation->ctx.mbedtls_ctx,
1487 iv,
1488 iv_length ) );
1489 #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1490
1491 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1492 #if defined(PSA_CRYPTO_DRIVER_TEST)
1493 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1494 return( mbedtls_test_transparent_cipher_set_iv(
1495 &operation->ctx.transparent_test_driver_ctx,
1496 iv, iv_length ) );
1497
1498 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
1499 return( mbedtls_test_opaque_cipher_set_iv(
1500 &operation->ctx.opaque_test_driver_ctx,
1501 iv, iv_length ) );
1502 #endif /* PSA_CRYPTO_DRIVER_TEST */
1503 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1504 }
1505
1506 (void)iv;
1507 (void)iv_length;
1508
1509 return( PSA_ERROR_INVALID_ARGUMENT );
1510 }
1511
psa_driver_wrapper_cipher_update(psa_cipher_operation_t * operation,const uint8_t * input,size_t input_length,uint8_t * output,size_t output_size,size_t * output_length)1512 psa_status_t psa_driver_wrapper_cipher_update(
1513 psa_cipher_operation_t *operation,
1514 const uint8_t *input,
1515 size_t input_length,
1516 uint8_t *output,
1517 size_t output_size,
1518 size_t *output_length )
1519 {
1520 switch( operation->id )
1521 {
1522 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1523 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1524 return( mbedtls_psa_cipher_update( &operation->ctx.mbedtls_ctx,
1525 input,
1526 input_length,
1527 output,
1528 output_size,
1529 output_length ) );
1530 #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1531
1532 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1533 #if defined(PSA_CRYPTO_DRIVER_TEST)
1534 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1535 return( mbedtls_test_transparent_cipher_update(
1536 &operation->ctx.transparent_test_driver_ctx,
1537 input, input_length,
1538 output, output_size, output_length ) );
1539
1540 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
1541 return( mbedtls_test_opaque_cipher_update(
1542 &operation->ctx.opaque_test_driver_ctx,
1543 input, input_length,
1544 output, output_size, output_length ) );
1545 #endif /* PSA_CRYPTO_DRIVER_TEST */
1546 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1547 }
1548
1549 (void)input;
1550 (void)input_length;
1551 (void)output;
1552 (void)output_size;
1553 (void)output_length;
1554
1555 return( PSA_ERROR_INVALID_ARGUMENT );
1556 }
1557
psa_driver_wrapper_cipher_finish(psa_cipher_operation_t * operation,uint8_t * output,size_t output_size,size_t * output_length)1558 psa_status_t psa_driver_wrapper_cipher_finish(
1559 psa_cipher_operation_t *operation,
1560 uint8_t *output,
1561 size_t output_size,
1562 size_t *output_length )
1563 {
1564 switch( operation->id )
1565 {
1566 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1567 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1568 return( mbedtls_psa_cipher_finish( &operation->ctx.mbedtls_ctx,
1569 output,
1570 output_size,
1571 output_length ) );
1572 #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1573
1574 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1575 #if defined(PSA_CRYPTO_DRIVER_TEST)
1576 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1577 return( mbedtls_test_transparent_cipher_finish(
1578 &operation->ctx.transparent_test_driver_ctx,
1579 output, output_size, output_length ) );
1580
1581 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
1582 return( mbedtls_test_opaque_cipher_finish(
1583 &operation->ctx.opaque_test_driver_ctx,
1584 output, output_size, output_length ) );
1585 #endif /* PSA_CRYPTO_DRIVER_TEST */
1586 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1587 }
1588
1589 (void)output;
1590 (void)output_size;
1591 (void)output_length;
1592
1593 return( PSA_ERROR_INVALID_ARGUMENT );
1594 }
1595
psa_driver_wrapper_cipher_abort(psa_cipher_operation_t * operation)1596 psa_status_t psa_driver_wrapper_cipher_abort(
1597 psa_cipher_operation_t *operation )
1598 {
1599 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1600
1601 switch( operation->id )
1602 {
1603 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1604 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1605 return( mbedtls_psa_cipher_abort( &operation->ctx.mbedtls_ctx ) );
1606 #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1607
1608 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1609 #if defined(PSA_CRYPTO_DRIVER_TEST)
1610 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1611 status = mbedtls_test_transparent_cipher_abort(
1612 &operation->ctx.transparent_test_driver_ctx );
1613 mbedtls_platform_zeroize(
1614 &operation->ctx.transparent_test_driver_ctx,
1615 sizeof( operation->ctx.transparent_test_driver_ctx ) );
1616 return( status );
1617
1618 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
1619 status = mbedtls_test_opaque_cipher_abort(
1620 &operation->ctx.opaque_test_driver_ctx );
1621 mbedtls_platform_zeroize(
1622 &operation->ctx.opaque_test_driver_ctx,
1623 sizeof( operation->ctx.opaque_test_driver_ctx ) );
1624 return( status );
1625 #endif /* PSA_CRYPTO_DRIVER_TEST */
1626 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1627 }
1628
1629 (void)status;
1630 return( PSA_ERROR_INVALID_ARGUMENT );
1631 }
1632
1633 /*
1634 * Hashing functions
1635 */
psa_driver_wrapper_hash_compute(psa_algorithm_t alg,const uint8_t * input,size_t input_length,uint8_t * hash,size_t hash_size,size_t * hash_length)1636 psa_status_t psa_driver_wrapper_hash_compute(
1637 psa_algorithm_t alg,
1638 const uint8_t *input,
1639 size_t input_length,
1640 uint8_t *hash,
1641 size_t hash_size,
1642 size_t *hash_length)
1643 {
1644 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1645
1646 /* Try accelerators first */
1647 #if defined(PSA_CRYPTO_DRIVER_TEST)
1648 status = mbedtls_test_transparent_hash_compute(
1649 alg, input, input_length, hash, hash_size, hash_length );
1650 if( status != PSA_ERROR_NOT_SUPPORTED )
1651 return( status );
1652 #endif
1653
1654 /* If software fallback is compiled in, try fallback */
1655 #if defined(MBEDTLS_PSA_BUILTIN_HASH)
1656 status = mbedtls_psa_hash_compute( alg, input, input_length,
1657 hash, hash_size, hash_length );
1658 if( status != PSA_ERROR_NOT_SUPPORTED )
1659 return( status );
1660 #endif
1661 (void) status;
1662 (void) alg;
1663 (void) input;
1664 (void) input_length;
1665 (void) hash;
1666 (void) hash_size;
1667 (void) hash_length;
1668
1669 return( PSA_ERROR_NOT_SUPPORTED );
1670 }
1671
psa_driver_wrapper_hash_setup(psa_hash_operation_t * operation,psa_algorithm_t alg)1672 psa_status_t psa_driver_wrapper_hash_setup(
1673 psa_hash_operation_t *operation,
1674 psa_algorithm_t alg )
1675 {
1676 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1677
1678 /* Try setup on accelerators first */
1679 #if defined(PSA_CRYPTO_DRIVER_TEST)
1680 status = mbedtls_test_transparent_hash_setup(
1681 &operation->ctx.test_driver_ctx, alg );
1682 if( status == PSA_SUCCESS )
1683 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
1684
1685 if( status != PSA_ERROR_NOT_SUPPORTED )
1686 return( status );
1687 #endif
1688
1689 /* If software fallback is compiled in, try fallback */
1690 #if defined(MBEDTLS_PSA_BUILTIN_HASH)
1691 status = mbedtls_psa_hash_setup( &operation->ctx.mbedtls_ctx, alg );
1692 if( status == PSA_SUCCESS )
1693 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1694
1695 if( status != PSA_ERROR_NOT_SUPPORTED )
1696 return( status );
1697 #endif
1698 /* Nothing left to try if we fall through here */
1699 (void) status;
1700 (void) operation;
1701 (void) alg;
1702 return( PSA_ERROR_NOT_SUPPORTED );
1703 }
1704
psa_driver_wrapper_hash_clone(const psa_hash_operation_t * source_operation,psa_hash_operation_t * target_operation)1705 psa_status_t psa_driver_wrapper_hash_clone(
1706 const psa_hash_operation_t *source_operation,
1707 psa_hash_operation_t *target_operation )
1708 {
1709 switch( source_operation->id )
1710 {
1711 #if defined(MBEDTLS_PSA_BUILTIN_HASH)
1712 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1713 target_operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1714 return( mbedtls_psa_hash_clone( &source_operation->ctx.mbedtls_ctx,
1715 &target_operation->ctx.mbedtls_ctx ) );
1716 #endif
1717 #if defined(PSA_CRYPTO_DRIVER_TEST)
1718 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1719 target_operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
1720 return( mbedtls_test_transparent_hash_clone(
1721 &source_operation->ctx.test_driver_ctx,
1722 &target_operation->ctx.test_driver_ctx ) );
1723 #endif
1724 default:
1725 (void) target_operation;
1726 return( PSA_ERROR_BAD_STATE );
1727 }
1728 }
1729
psa_driver_wrapper_hash_update(psa_hash_operation_t * operation,const uint8_t * input,size_t input_length)1730 psa_status_t psa_driver_wrapper_hash_update(
1731 psa_hash_operation_t *operation,
1732 const uint8_t *input,
1733 size_t input_length )
1734 {
1735 switch( operation->id )
1736 {
1737 #if defined(MBEDTLS_PSA_BUILTIN_HASH)
1738 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1739 return( mbedtls_psa_hash_update( &operation->ctx.mbedtls_ctx,
1740 input, input_length ) );
1741 #endif
1742 #if defined(PSA_CRYPTO_DRIVER_TEST)
1743 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1744 return( mbedtls_test_transparent_hash_update(
1745 &operation->ctx.test_driver_ctx,
1746 input, input_length ) );
1747 #endif
1748 default:
1749 (void) input;
1750 (void) input_length;
1751 return( PSA_ERROR_BAD_STATE );
1752 }
1753 }
1754
psa_driver_wrapper_hash_finish(psa_hash_operation_t * operation,uint8_t * hash,size_t hash_size,size_t * hash_length)1755 psa_status_t psa_driver_wrapper_hash_finish(
1756 psa_hash_operation_t *operation,
1757 uint8_t *hash,
1758 size_t hash_size,
1759 size_t *hash_length )
1760 {
1761 switch( operation->id )
1762 {
1763 #if defined(MBEDTLS_PSA_BUILTIN_HASH)
1764 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1765 return( mbedtls_psa_hash_finish( &operation->ctx.mbedtls_ctx,
1766 hash, hash_size, hash_length ) );
1767 #endif
1768 #if defined(PSA_CRYPTO_DRIVER_TEST)
1769 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1770 return( mbedtls_test_transparent_hash_finish(
1771 &operation->ctx.test_driver_ctx,
1772 hash, hash_size, hash_length ) );
1773 #endif
1774 default:
1775 (void) hash;
1776 (void) hash_size;
1777 (void) hash_length;
1778 return( PSA_ERROR_BAD_STATE );
1779 }
1780 }
1781
psa_driver_wrapper_hash_abort(psa_hash_operation_t * operation)1782 psa_status_t psa_driver_wrapper_hash_abort(
1783 psa_hash_operation_t *operation )
1784 {
1785 switch( operation->id )
1786 {
1787 #if defined(MBEDTLS_PSA_BUILTIN_HASH)
1788 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1789 return( mbedtls_psa_hash_abort( &operation->ctx.mbedtls_ctx ) );
1790 #endif
1791 #if defined(PSA_CRYPTO_DRIVER_TEST)
1792 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1793 return( mbedtls_test_transparent_hash_abort(
1794 &operation->ctx.test_driver_ctx ) );
1795 #endif
1796 default:
1797 return( PSA_ERROR_BAD_STATE );
1798 }
1799 }
1800
psa_driver_wrapper_aead_encrypt(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * nonce,size_t nonce_length,const uint8_t * additional_data,size_t additional_data_length,const uint8_t * plaintext,size_t plaintext_length,uint8_t * ciphertext,size_t ciphertext_size,size_t * ciphertext_length)1801 psa_status_t psa_driver_wrapper_aead_encrypt(
1802 const psa_key_attributes_t *attributes,
1803 const uint8_t *key_buffer, size_t key_buffer_size,
1804 psa_algorithm_t alg,
1805 const uint8_t *nonce, size_t nonce_length,
1806 const uint8_t *additional_data, size_t additional_data_length,
1807 const uint8_t *plaintext, size_t plaintext_length,
1808 uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length )
1809 {
1810 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1811 psa_key_location_t location =
1812 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1813
1814 switch( location )
1815 {
1816 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1817 /* Key is stored in the slot in export representation, so
1818 * cycle through all known transparent accelerators */
1819
1820 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1821 #if defined(PSA_CRYPTO_DRIVER_TEST)
1822 status = mbedtls_test_transparent_aead_encrypt(
1823 attributes, key_buffer, key_buffer_size,
1824 alg,
1825 nonce, nonce_length,
1826 additional_data, additional_data_length,
1827 plaintext, plaintext_length,
1828 ciphertext, ciphertext_size, ciphertext_length );
1829 /* Declared with fallback == true */
1830 if( status != PSA_ERROR_NOT_SUPPORTED )
1831 return( status );
1832 #endif /* PSA_CRYPTO_DRIVER_TEST */
1833 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1834
1835 /* Fell through, meaning no accelerator supports this operation */
1836 return( mbedtls_psa_aead_encrypt(
1837 attributes, key_buffer, key_buffer_size,
1838 alg,
1839 nonce, nonce_length,
1840 additional_data, additional_data_length,
1841 plaintext, plaintext_length,
1842 ciphertext, ciphertext_size, ciphertext_length ) );
1843
1844 /* Add cases for opaque driver here */
1845
1846 default:
1847 /* Key is declared with a lifetime not known to us */
1848 (void)status;
1849 return( PSA_ERROR_INVALID_ARGUMENT );
1850 }
1851 }
1852
psa_driver_wrapper_aead_decrypt(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * nonce,size_t nonce_length,const uint8_t * additional_data,size_t additional_data_length,const uint8_t * ciphertext,size_t ciphertext_length,uint8_t * plaintext,size_t plaintext_size,size_t * plaintext_length)1853 psa_status_t psa_driver_wrapper_aead_decrypt(
1854 const psa_key_attributes_t *attributes,
1855 const uint8_t *key_buffer, size_t key_buffer_size,
1856 psa_algorithm_t alg,
1857 const uint8_t *nonce, size_t nonce_length,
1858 const uint8_t *additional_data, size_t additional_data_length,
1859 const uint8_t *ciphertext, size_t ciphertext_length,
1860 uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length )
1861 {
1862 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1863 psa_key_location_t location =
1864 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1865
1866 switch( location )
1867 {
1868 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1869 /* Key is stored in the slot in export representation, so
1870 * cycle through all known transparent accelerators */
1871
1872 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1873 #if defined(PSA_CRYPTO_DRIVER_TEST)
1874 status = mbedtls_test_transparent_aead_decrypt(
1875 attributes, key_buffer, key_buffer_size,
1876 alg,
1877 nonce, nonce_length,
1878 additional_data, additional_data_length,
1879 ciphertext, ciphertext_length,
1880 plaintext, plaintext_size, plaintext_length );
1881 /* Declared with fallback == true */
1882 if( status != PSA_ERROR_NOT_SUPPORTED )
1883 return( status );
1884 #endif /* PSA_CRYPTO_DRIVER_TEST */
1885 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1886
1887 /* Fell through, meaning no accelerator supports this operation */
1888 return( mbedtls_psa_aead_decrypt(
1889 attributes, key_buffer, key_buffer_size,
1890 alg,
1891 nonce, nonce_length,
1892 additional_data, additional_data_length,
1893 ciphertext, ciphertext_length,
1894 plaintext, plaintext_size, plaintext_length ) );
1895
1896 /* Add cases for opaque driver here */
1897
1898 default:
1899 /* Key is declared with a lifetime not known to us */
1900 (void)status;
1901 return( PSA_ERROR_INVALID_ARGUMENT );
1902 }
1903 }
1904
psa_driver_wrapper_aead_encrypt_setup(psa_aead_operation_t * operation,const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg)1905 psa_status_t psa_driver_wrapper_aead_encrypt_setup(
1906 psa_aead_operation_t *operation,
1907 const psa_key_attributes_t *attributes,
1908 const uint8_t *key_buffer, size_t key_buffer_size,
1909 psa_algorithm_t alg )
1910 {
1911 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1912 psa_key_location_t location =
1913 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1914
1915 switch( location )
1916 {
1917 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1918 /* Key is stored in the slot in export representation, so
1919 * cycle through all known transparent accelerators */
1920
1921 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1922 #if defined(PSA_CRYPTO_DRIVER_TEST)
1923 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
1924 status = mbedtls_test_transparent_aead_encrypt_setup(
1925 &operation->ctx.transparent_test_driver_ctx,
1926 attributes, key_buffer, key_buffer_size,
1927 alg );
1928
1929 /* Declared with fallback == true */
1930 if( status != PSA_ERROR_NOT_SUPPORTED )
1931 return( status );
1932 #endif /* PSA_CRYPTO_DRIVER_TEST */
1933 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1934
1935 /* Fell through, meaning no accelerator supports this operation */
1936 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1937 status = mbedtls_psa_aead_encrypt_setup(
1938 &operation->ctx.mbedtls_ctx, attributes,
1939 key_buffer, key_buffer_size,
1940 alg );
1941
1942 return( status );
1943
1944 /* Add cases for opaque driver here */
1945
1946 default:
1947 /* Key is declared with a lifetime not known to us */
1948 (void)status;
1949 return( PSA_ERROR_INVALID_ARGUMENT );
1950 }
1951 }
1952
psa_driver_wrapper_aead_decrypt_setup(psa_aead_operation_t * operation,const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg)1953 psa_status_t psa_driver_wrapper_aead_decrypt_setup(
1954 psa_aead_operation_t *operation,
1955 const psa_key_attributes_t *attributes,
1956 const uint8_t *key_buffer, size_t key_buffer_size,
1957 psa_algorithm_t alg )
1958 {
1959 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1960 psa_key_location_t location =
1961 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1962
1963 switch( location )
1964 {
1965 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1966 /* Key is stored in the slot in export representation, so
1967 * cycle through all known transparent accelerators */
1968
1969 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1970 #if defined(PSA_CRYPTO_DRIVER_TEST)
1971 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
1972 status = mbedtls_test_transparent_aead_decrypt_setup(
1973 &operation->ctx.transparent_test_driver_ctx,
1974 attributes,
1975 key_buffer, key_buffer_size,
1976 alg );
1977
1978 /* Declared with fallback == true */
1979 if( status != PSA_ERROR_NOT_SUPPORTED )
1980 return( status );
1981 #endif /* PSA_CRYPTO_DRIVER_TEST */
1982 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1983
1984 /* Fell through, meaning no accelerator supports this operation */
1985 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1986 status = mbedtls_psa_aead_decrypt_setup(
1987 &operation->ctx.mbedtls_ctx,
1988 attributes,
1989 key_buffer, key_buffer_size,
1990 alg );
1991
1992 return( status );
1993
1994 /* Add cases for opaque driver here */
1995
1996 default:
1997 /* Key is declared with a lifetime not known to us */
1998 (void)status;
1999 return( PSA_ERROR_INVALID_ARGUMENT );
2000 }
2001 }
2002
psa_driver_wrapper_aead_set_nonce(psa_aead_operation_t * operation,const uint8_t * nonce,size_t nonce_length)2003 psa_status_t psa_driver_wrapper_aead_set_nonce(
2004 psa_aead_operation_t *operation,
2005 const uint8_t *nonce,
2006 size_t nonce_length )
2007 {
2008 switch( operation->id )
2009 {
2010 #if defined(MBEDTLS_PSA_BUILTIN_AEAD)
2011 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2012 return( mbedtls_psa_aead_set_nonce( &operation->ctx.mbedtls_ctx,
2013 nonce,
2014 nonce_length ) );
2015
2016 #endif /* MBEDTLS_PSA_BUILTIN_AEAD */
2017
2018 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2019 #if defined(PSA_CRYPTO_DRIVER_TEST)
2020 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2021 return( mbedtls_test_transparent_aead_set_nonce(
2022 &operation->ctx.transparent_test_driver_ctx,
2023 nonce, nonce_length ) );
2024
2025 /* Add cases for opaque driver here */
2026
2027 #endif /* PSA_CRYPTO_DRIVER_TEST */
2028 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2029 }
2030
2031 (void)nonce;
2032 (void)nonce_length;
2033
2034 return( PSA_ERROR_INVALID_ARGUMENT );
2035 }
2036
psa_driver_wrapper_aead_set_lengths(psa_aead_operation_t * operation,size_t ad_length,size_t plaintext_length)2037 psa_status_t psa_driver_wrapper_aead_set_lengths(
2038 psa_aead_operation_t *operation,
2039 size_t ad_length,
2040 size_t plaintext_length )
2041 {
2042 switch( operation->id )
2043 {
2044 #if defined(MBEDTLS_PSA_BUILTIN_AEAD)
2045 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2046 return( mbedtls_psa_aead_set_lengths( &operation->ctx.mbedtls_ctx,
2047 ad_length,
2048 plaintext_length ) );
2049
2050 #endif /* MBEDTLS_PSA_BUILTIN_AEAD */
2051
2052 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2053 #if defined(PSA_CRYPTO_DRIVER_TEST)
2054 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2055 return( mbedtls_test_transparent_aead_set_lengths(
2056 &operation->ctx.transparent_test_driver_ctx,
2057 ad_length, plaintext_length ) );
2058
2059 /* Add cases for opaque driver here */
2060
2061 #endif /* PSA_CRYPTO_DRIVER_TEST */
2062 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2063 }
2064
2065 (void)ad_length;
2066 (void)plaintext_length;
2067
2068 return( PSA_ERROR_INVALID_ARGUMENT );
2069 }
2070
psa_driver_wrapper_aead_update_ad(psa_aead_operation_t * operation,const uint8_t * input,size_t input_length)2071 psa_status_t psa_driver_wrapper_aead_update_ad(
2072 psa_aead_operation_t *operation,
2073 const uint8_t *input,
2074 size_t input_length )
2075 {
2076 switch( operation->id )
2077 {
2078 #if defined(MBEDTLS_PSA_BUILTIN_AEAD)
2079 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2080 return( mbedtls_psa_aead_update_ad( &operation->ctx.mbedtls_ctx,
2081 input,
2082 input_length ) );
2083
2084 #endif /* MBEDTLS_PSA_BUILTIN_AEAD */
2085
2086 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2087 #if defined(PSA_CRYPTO_DRIVER_TEST)
2088 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2089 return( mbedtls_test_transparent_aead_update_ad(
2090 &operation->ctx.transparent_test_driver_ctx,
2091 input, input_length ) );
2092
2093 /* Add cases for opaque driver here */
2094
2095 #endif /* PSA_CRYPTO_DRIVER_TEST */
2096 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2097 }
2098
2099 (void)input;
2100 (void)input_length;
2101
2102 return( PSA_ERROR_INVALID_ARGUMENT );
2103 }
2104
psa_driver_wrapper_aead_update(psa_aead_operation_t * operation,const uint8_t * input,size_t input_length,uint8_t * output,size_t output_size,size_t * output_length)2105 psa_status_t psa_driver_wrapper_aead_update(
2106 psa_aead_operation_t *operation,
2107 const uint8_t *input,
2108 size_t input_length,
2109 uint8_t *output,
2110 size_t output_size,
2111 size_t *output_length )
2112 {
2113 switch( operation->id )
2114 {
2115 #if defined(MBEDTLS_PSA_BUILTIN_AEAD)
2116 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2117 return( mbedtls_psa_aead_update( &operation->ctx.mbedtls_ctx,
2118 input, input_length,
2119 output, output_size,
2120 output_length ) );
2121
2122 #endif /* MBEDTLS_PSA_BUILTIN_AEAD */
2123
2124 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2125 #if defined(PSA_CRYPTO_DRIVER_TEST)
2126 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2127 return( mbedtls_test_transparent_aead_update(
2128 &operation->ctx.transparent_test_driver_ctx,
2129 input, input_length, output, output_size,
2130 output_length ) );
2131
2132 /* Add cases for opaque driver here */
2133
2134 #endif /* PSA_CRYPTO_DRIVER_TEST */
2135 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2136 }
2137
2138 (void)input;
2139 (void)input_length;
2140 (void)output;
2141 (void)output_size;
2142 (void)output_length;
2143
2144 return( PSA_ERROR_INVALID_ARGUMENT );
2145 }
2146
psa_driver_wrapper_aead_finish(psa_aead_operation_t * operation,uint8_t * ciphertext,size_t ciphertext_size,size_t * ciphertext_length,uint8_t * tag,size_t tag_size,size_t * tag_length)2147 psa_status_t psa_driver_wrapper_aead_finish(
2148 psa_aead_operation_t *operation,
2149 uint8_t *ciphertext,
2150 size_t ciphertext_size,
2151 size_t *ciphertext_length,
2152 uint8_t *tag,
2153 size_t tag_size,
2154 size_t *tag_length )
2155 {
2156 switch( operation->id )
2157 {
2158 #if defined(MBEDTLS_PSA_BUILTIN_AEAD)
2159 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2160 return( mbedtls_psa_aead_finish( &operation->ctx.mbedtls_ctx,
2161 ciphertext,
2162 ciphertext_size,
2163 ciphertext_length, tag,
2164 tag_size, tag_length ) );
2165
2166 #endif /* MBEDTLS_PSA_BUILTIN_AEAD */
2167
2168 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2169 #if defined(PSA_CRYPTO_DRIVER_TEST)
2170 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2171 return( mbedtls_test_transparent_aead_finish(
2172 &operation->ctx.transparent_test_driver_ctx,
2173 ciphertext, ciphertext_size,
2174 ciphertext_length, tag, tag_size, tag_length ) );
2175
2176 /* Add cases for opaque driver here */
2177
2178 #endif /* PSA_CRYPTO_DRIVER_TEST */
2179 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2180 }
2181
2182 (void)ciphertext;
2183 (void)ciphertext_size;
2184 (void)ciphertext_length;
2185 (void)tag;
2186 (void)tag_size;
2187 (void)tag_length;
2188
2189 return( PSA_ERROR_INVALID_ARGUMENT );
2190 }
2191
psa_driver_wrapper_aead_verify(psa_aead_operation_t * operation,uint8_t * plaintext,size_t plaintext_size,size_t * plaintext_length,const uint8_t * tag,size_t tag_length)2192 psa_status_t psa_driver_wrapper_aead_verify(
2193 psa_aead_operation_t *operation,
2194 uint8_t *plaintext,
2195 size_t plaintext_size,
2196 size_t *plaintext_length,
2197 const uint8_t *tag,
2198 size_t tag_length )
2199 {
2200 switch( operation->id )
2201 {
2202 #if defined(MBEDTLS_PSA_BUILTIN_AEAD)
2203 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2204 {
2205 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2206 uint8_t check_tag[PSA_AEAD_TAG_MAX_SIZE];
2207 size_t check_tag_length;
2208
2209 status = mbedtls_psa_aead_finish( &operation->ctx.mbedtls_ctx,
2210 plaintext,
2211 plaintext_size,
2212 plaintext_length,
2213 check_tag,
2214 sizeof( check_tag ),
2215 &check_tag_length );
2216
2217 if( status == PSA_SUCCESS )
2218 {
2219 if( tag_length != check_tag_length ||
2220 mbedtls_psa_safer_memcmp( tag, check_tag, tag_length )
2221 != 0 )
2222 status = PSA_ERROR_INVALID_SIGNATURE;
2223 }
2224
2225 mbedtls_platform_zeroize( check_tag, sizeof( check_tag ) );
2226
2227 return( status );
2228 }
2229
2230 #endif /* MBEDTLS_PSA_BUILTIN_AEAD */
2231
2232 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2233 #if defined(PSA_CRYPTO_DRIVER_TEST)
2234 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2235 return( mbedtls_test_transparent_aead_verify(
2236 &operation->ctx.transparent_test_driver_ctx,
2237 plaintext, plaintext_size,
2238 plaintext_length, tag, tag_length ) );
2239
2240 /* Add cases for opaque driver here */
2241
2242 #endif /* PSA_CRYPTO_DRIVER_TEST */
2243 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2244 }
2245
2246 (void)plaintext;
2247 (void)plaintext_size;
2248 (void)plaintext_length;
2249 (void)tag;
2250 (void)tag_length;
2251
2252 return( PSA_ERROR_INVALID_ARGUMENT );
2253 }
2254
psa_driver_wrapper_aead_abort(psa_aead_operation_t * operation)2255 psa_status_t psa_driver_wrapper_aead_abort(
2256 psa_aead_operation_t *operation )
2257 {
2258 switch( operation->id )
2259 {
2260 #if defined(MBEDTLS_PSA_BUILTIN_AEAD)
2261 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2262 return( mbedtls_psa_aead_abort( &operation->ctx.mbedtls_ctx ) );
2263
2264 #endif /* MBEDTLS_PSA_BUILTIN_AEAD */
2265
2266 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2267 #if defined(PSA_CRYPTO_DRIVER_TEST)
2268 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2269 return( mbedtls_test_transparent_aead_abort(
2270 &operation->ctx.transparent_test_driver_ctx ) );
2271
2272 /* Add cases for opaque driver here */
2273
2274 #endif /* PSA_CRYPTO_DRIVER_TEST */
2275 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2276 }
2277
2278 return( PSA_ERROR_INVALID_ARGUMENT );
2279 }
2280
2281 /*
2282 * MAC functions
2283 */
psa_driver_wrapper_mac_compute(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * input,size_t input_length,uint8_t * mac,size_t mac_size,size_t * mac_length)2284 psa_status_t psa_driver_wrapper_mac_compute(
2285 const psa_key_attributes_t *attributes,
2286 const uint8_t *key_buffer,
2287 size_t key_buffer_size,
2288 psa_algorithm_t alg,
2289 const uint8_t *input,
2290 size_t input_length,
2291 uint8_t *mac,
2292 size_t mac_size,
2293 size_t *mac_length )
2294 {
2295 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2296 psa_key_location_t location =
2297 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
2298
2299 switch( location )
2300 {
2301 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2302 /* Key is stored in the slot in export representation, so
2303 * cycle through all known transparent accelerators */
2304 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2305 #if defined(PSA_CRYPTO_DRIVER_TEST)
2306 status = mbedtls_test_transparent_mac_compute(
2307 attributes, key_buffer, key_buffer_size, alg,
2308 input, input_length,
2309 mac, mac_size, mac_length );
2310 /* Declared with fallback == true */
2311 if( status != PSA_ERROR_NOT_SUPPORTED )
2312 return( status );
2313 #endif /* PSA_CRYPTO_DRIVER_TEST */
2314 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2315 #if defined(MBEDTLS_PSA_BUILTIN_MAC)
2316 /* Fell through, meaning no accelerator supports this operation */
2317 status = mbedtls_psa_mac_compute(
2318 attributes, key_buffer, key_buffer_size, alg,
2319 input, input_length,
2320 mac, mac_size, mac_length );
2321 if( status != PSA_ERROR_NOT_SUPPORTED )
2322 return( status );
2323 #endif /* MBEDTLS_PSA_BUILTIN_MAC */
2324 return( PSA_ERROR_NOT_SUPPORTED );
2325
2326 /* Add cases for opaque driver here */
2327 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2328 #if defined(PSA_CRYPTO_DRIVER_TEST)
2329 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2330 status = mbedtls_test_opaque_mac_compute(
2331 attributes, key_buffer, key_buffer_size, alg,
2332 input, input_length,
2333 mac, mac_size, mac_length );
2334 return( status );
2335 #endif /* PSA_CRYPTO_DRIVER_TEST */
2336 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2337 default:
2338 /* Key is declared with a lifetime not known to us */
2339 (void) key_buffer;
2340 (void) key_buffer_size;
2341 (void) alg;
2342 (void) input;
2343 (void) input_length;
2344 (void) mac;
2345 (void) mac_size;
2346 (void) mac_length;
2347 (void) status;
2348 return( PSA_ERROR_INVALID_ARGUMENT );
2349 }
2350 }
2351
psa_driver_wrapper_mac_sign_setup(psa_mac_operation_t * operation,const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg)2352 psa_status_t psa_driver_wrapper_mac_sign_setup(
2353 psa_mac_operation_t *operation,
2354 const psa_key_attributes_t *attributes,
2355 const uint8_t *key_buffer,
2356 size_t key_buffer_size,
2357 psa_algorithm_t alg )
2358 {
2359 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2360 psa_key_location_t location =
2361 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
2362
2363 switch( location )
2364 {
2365 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2366 /* Key is stored in the slot in export representation, so
2367 * cycle through all known transparent accelerators */
2368 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2369 #if defined(PSA_CRYPTO_DRIVER_TEST)
2370 status = mbedtls_test_transparent_mac_sign_setup(
2371 &operation->ctx.transparent_test_driver_ctx,
2372 attributes,
2373 key_buffer, key_buffer_size,
2374 alg );
2375 /* Declared with fallback == true */
2376 if( status == PSA_SUCCESS )
2377 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
2378
2379 if( status != PSA_ERROR_NOT_SUPPORTED )
2380 return( status );
2381 #endif /* PSA_CRYPTO_DRIVER_TEST */
2382 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2383 #if defined(MBEDTLS_PSA_BUILTIN_MAC)
2384 /* Fell through, meaning no accelerator supports this operation */
2385 status = mbedtls_psa_mac_sign_setup( &operation->ctx.mbedtls_ctx,
2386 attributes,
2387 key_buffer, key_buffer_size,
2388 alg );
2389 if( status == PSA_SUCCESS )
2390 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
2391
2392 if( status != PSA_ERROR_NOT_SUPPORTED )
2393 return( status );
2394 #endif /* MBEDTLS_PSA_BUILTIN_MAC */
2395 return( PSA_ERROR_NOT_SUPPORTED );
2396
2397 /* Add cases for opaque driver here */
2398 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2399 #if defined(PSA_CRYPTO_DRIVER_TEST)
2400 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2401 status = mbedtls_test_opaque_mac_sign_setup(
2402 &operation->ctx.opaque_test_driver_ctx,
2403 attributes,
2404 key_buffer, key_buffer_size,
2405 alg );
2406
2407 if( status == PSA_SUCCESS )
2408 operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID;
2409
2410 return( status );
2411 #endif /* PSA_CRYPTO_DRIVER_TEST */
2412 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2413 default:
2414 /* Key is declared with a lifetime not known to us */
2415 (void) status;
2416 (void) operation;
2417 (void) key_buffer;
2418 (void) key_buffer_size;
2419 (void) alg;
2420 return( PSA_ERROR_INVALID_ARGUMENT );
2421 }
2422 }
2423
psa_driver_wrapper_mac_verify_setup(psa_mac_operation_t * operation,const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg)2424 psa_status_t psa_driver_wrapper_mac_verify_setup(
2425 psa_mac_operation_t *operation,
2426 const psa_key_attributes_t *attributes,
2427 const uint8_t *key_buffer,
2428 size_t key_buffer_size,
2429 psa_algorithm_t alg )
2430 {
2431 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2432 psa_key_location_t location =
2433 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
2434
2435 switch( location )
2436 {
2437 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2438 /* Key is stored in the slot in export representation, so
2439 * cycle through all known transparent accelerators */
2440 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2441 #if defined(PSA_CRYPTO_DRIVER_TEST)
2442 status = mbedtls_test_transparent_mac_verify_setup(
2443 &operation->ctx.transparent_test_driver_ctx,
2444 attributes,
2445 key_buffer, key_buffer_size,
2446 alg );
2447 /* Declared with fallback == true */
2448 if( status == PSA_SUCCESS )
2449 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
2450
2451 if( status != PSA_ERROR_NOT_SUPPORTED )
2452 return( status );
2453 #endif /* PSA_CRYPTO_DRIVER_TEST */
2454 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2455 #if defined(MBEDTLS_PSA_BUILTIN_MAC)
2456 /* Fell through, meaning no accelerator supports this operation */
2457 status = mbedtls_psa_mac_verify_setup( &operation->ctx.mbedtls_ctx,
2458 attributes,
2459 key_buffer, key_buffer_size,
2460 alg );
2461 if( status == PSA_SUCCESS )
2462 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
2463
2464 if( status != PSA_ERROR_NOT_SUPPORTED )
2465 return( status );
2466 #endif /* MBEDTLS_PSA_BUILTIN_MAC */
2467 return( PSA_ERROR_NOT_SUPPORTED );
2468
2469 /* Add cases for opaque driver here */
2470 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2471 #if defined(PSA_CRYPTO_DRIVER_TEST)
2472 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2473 status = mbedtls_test_opaque_mac_verify_setup(
2474 &operation->ctx.opaque_test_driver_ctx,
2475 attributes,
2476 key_buffer, key_buffer_size,
2477 alg );
2478
2479 if( status == PSA_SUCCESS )
2480 operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID;
2481
2482 return( status );
2483 #endif /* PSA_CRYPTO_DRIVER_TEST */
2484 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2485 default:
2486 /* Key is declared with a lifetime not known to us */
2487 (void) status;
2488 (void) operation;
2489 (void) key_buffer;
2490 (void) key_buffer_size;
2491 (void) alg;
2492 return( PSA_ERROR_INVALID_ARGUMENT );
2493 }
2494 }
2495
psa_driver_wrapper_mac_update(psa_mac_operation_t * operation,const uint8_t * input,size_t input_length)2496 psa_status_t psa_driver_wrapper_mac_update(
2497 psa_mac_operation_t *operation,
2498 const uint8_t *input,
2499 size_t input_length )
2500 {
2501 switch( operation->id )
2502 {
2503 #if defined(MBEDTLS_PSA_BUILTIN_MAC)
2504 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2505 return( mbedtls_psa_mac_update( &operation->ctx.mbedtls_ctx,
2506 input, input_length ) );
2507 #endif /* MBEDTLS_PSA_BUILTIN_MAC */
2508
2509 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2510 #if defined(PSA_CRYPTO_DRIVER_TEST)
2511 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2512 return( mbedtls_test_transparent_mac_update(
2513 &operation->ctx.transparent_test_driver_ctx,
2514 input, input_length ) );
2515
2516 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
2517 return( mbedtls_test_opaque_mac_update(
2518 &operation->ctx.opaque_test_driver_ctx,
2519 input, input_length ) );
2520 #endif /* PSA_CRYPTO_DRIVER_TEST */
2521 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2522 default:
2523 (void) input;
2524 (void) input_length;
2525 return( PSA_ERROR_INVALID_ARGUMENT );
2526 }
2527 }
2528
psa_driver_wrapper_mac_sign_finish(psa_mac_operation_t * operation,uint8_t * mac,size_t mac_size,size_t * mac_length)2529 psa_status_t psa_driver_wrapper_mac_sign_finish(
2530 psa_mac_operation_t *operation,
2531 uint8_t *mac,
2532 size_t mac_size,
2533 size_t *mac_length )
2534 {
2535 switch( operation->id )
2536 {
2537 #if defined(MBEDTLS_PSA_BUILTIN_MAC)
2538 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2539 return( mbedtls_psa_mac_sign_finish( &operation->ctx.mbedtls_ctx,
2540 mac, mac_size, mac_length ) );
2541 #endif /* MBEDTLS_PSA_BUILTIN_MAC */
2542
2543 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2544 #if defined(PSA_CRYPTO_DRIVER_TEST)
2545 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2546 return( mbedtls_test_transparent_mac_sign_finish(
2547 &operation->ctx.transparent_test_driver_ctx,
2548 mac, mac_size, mac_length ) );
2549
2550 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
2551 return( mbedtls_test_opaque_mac_sign_finish(
2552 &operation->ctx.opaque_test_driver_ctx,
2553 mac, mac_size, mac_length ) );
2554 #endif /* PSA_CRYPTO_DRIVER_TEST */
2555 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2556 default:
2557 (void) mac;
2558 (void) mac_size;
2559 (void) mac_length;
2560 return( PSA_ERROR_INVALID_ARGUMENT );
2561 }
2562 }
2563
psa_driver_wrapper_mac_verify_finish(psa_mac_operation_t * operation,const uint8_t * mac,size_t mac_length)2564 psa_status_t psa_driver_wrapper_mac_verify_finish(
2565 psa_mac_operation_t *operation,
2566 const uint8_t *mac,
2567 size_t mac_length )
2568 {
2569 switch( operation->id )
2570 {
2571 #if defined(MBEDTLS_PSA_BUILTIN_MAC)
2572 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2573 return( mbedtls_psa_mac_verify_finish( &operation->ctx.mbedtls_ctx,
2574 mac, mac_length ) );
2575 #endif /* MBEDTLS_PSA_BUILTIN_MAC */
2576
2577 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2578 #if defined(PSA_CRYPTO_DRIVER_TEST)
2579 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2580 return( mbedtls_test_transparent_mac_verify_finish(
2581 &operation->ctx.transparent_test_driver_ctx,
2582 mac, mac_length ) );
2583
2584 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
2585 return( mbedtls_test_opaque_mac_verify_finish(
2586 &operation->ctx.opaque_test_driver_ctx,
2587 mac, mac_length ) );
2588 #endif /* PSA_CRYPTO_DRIVER_TEST */
2589 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2590 default:
2591 (void) mac;
2592 (void) mac_length;
2593 return( PSA_ERROR_INVALID_ARGUMENT );
2594 }
2595 }
2596
psa_driver_wrapper_mac_abort(psa_mac_operation_t * operation)2597 psa_status_t psa_driver_wrapper_mac_abort(
2598 psa_mac_operation_t *operation )
2599 {
2600 switch( operation->id )
2601 {
2602 #if defined(MBEDTLS_PSA_BUILTIN_MAC)
2603 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2604 return( mbedtls_psa_mac_abort( &operation->ctx.mbedtls_ctx ) );
2605 #endif /* MBEDTLS_PSA_BUILTIN_MAC */
2606
2607 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2608 #if defined(PSA_CRYPTO_DRIVER_TEST)
2609 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2610 return( mbedtls_test_transparent_mac_abort(
2611 &operation->ctx.transparent_test_driver_ctx ) );
2612 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
2613 return( mbedtls_test_opaque_mac_abort(
2614 &operation->ctx.opaque_test_driver_ctx ) );
2615 #endif /* PSA_CRYPTO_DRIVER_TEST */
2616 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2617 default:
2618 return( PSA_ERROR_INVALID_ARGUMENT );
2619 }
2620 }
2621
2622 /*
2623 * Asymmetric cryptography
2624 */
psa_driver_wrapper_asymmetric_encrypt(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * input,size_t input_length,const uint8_t * salt,size_t salt_length,uint8_t * output,size_t output_size,size_t * output_length)2625 psa_status_t psa_driver_wrapper_asymmetric_encrypt(
2626 const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
2627 size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input,
2628 size_t input_length, const uint8_t *salt, size_t salt_length,
2629 uint8_t *output, size_t output_size, size_t *output_length )
2630 {
2631 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2632 psa_key_location_t location =
2633 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
2634
2635 switch( location )
2636 {
2637 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2638 /* Key is stored in the slot in export representation, so
2639 * cycle through all known transparent accelerators */
2640 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2641 #if defined(PSA_CRYPTO_DRIVER_TEST)
2642 status = mbedtls_test_transparent_asymmetric_encrypt( attributes,
2643 key_buffer, key_buffer_size, alg, input, input_length,
2644 salt, salt_length, output, output_size,
2645 output_length );
2646 /* Declared with fallback == true */
2647 if( status != PSA_ERROR_NOT_SUPPORTED )
2648 return( status );
2649 #endif /* PSA_CRYPTO_DRIVER_TEST */
2650 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2651 return( mbedtls_psa_asymmetric_encrypt( attributes,
2652 key_buffer, key_buffer_size, alg, input, input_length,
2653 salt, salt_length, output, output_size, output_length )
2654 );
2655 /* Add cases for opaque driver here */
2656 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2657 #if defined(PSA_CRYPTO_DRIVER_TEST)
2658 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2659 return( mbedtls_test_opaque_asymmetric_encrypt( attributes,
2660 key_buffer, key_buffer_size, alg, input, input_length,
2661 salt, salt_length, output, output_size, output_length )
2662 );
2663 #endif /* PSA_CRYPTO_DRIVER_TEST */
2664 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2665
2666 default:
2667 /* Key is declared with a lifetime not known to us */
2668 (void)status;
2669 (void)key_buffer;
2670 (void)key_buffer_size;
2671 (void)alg;
2672 (void)input;
2673 (void)input_length;
2674 (void)salt;
2675 (void)salt_length;
2676 (void)output;
2677 (void)output_size;
2678 (void)output_length;
2679 return( PSA_ERROR_INVALID_ARGUMENT );
2680 }
2681 }
2682
psa_driver_wrapper_asymmetric_decrypt(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * input,size_t input_length,const uint8_t * salt,size_t salt_length,uint8_t * output,size_t output_size,size_t * output_length)2683 psa_status_t psa_driver_wrapper_asymmetric_decrypt(
2684 const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
2685 size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input,
2686 size_t input_length, const uint8_t *salt, size_t salt_length,
2687 uint8_t *output, size_t output_size, size_t *output_length )
2688 {
2689 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2690 psa_key_location_t location =
2691 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
2692
2693 switch( location )
2694 {
2695 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2696 /* Key is stored in the slot in export representation, so
2697 * cycle through all known transparent accelerators */
2698 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2699 #if defined(PSA_CRYPTO_DRIVER_TEST)
2700 status = mbedtls_test_transparent_asymmetric_decrypt( attributes,
2701 key_buffer, key_buffer_size, alg, input, input_length,
2702 salt, salt_length, output, output_size,
2703 output_length );
2704 /* Declared with fallback == true */
2705 if( status != PSA_ERROR_NOT_SUPPORTED )
2706 return( status );
2707 #endif /* PSA_CRYPTO_DRIVER_TEST */
2708 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2709 return( mbedtls_psa_asymmetric_decrypt( attributes,
2710 key_buffer, key_buffer_size, alg,input, input_length,
2711 salt, salt_length, output, output_size,
2712 output_length ) );
2713 /* Add cases for opaque driver here */
2714 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2715 #if defined(PSA_CRYPTO_DRIVER_TEST)
2716 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2717 return( mbedtls_test_opaque_asymmetric_decrypt( attributes,
2718 key_buffer, key_buffer_size, alg, input, input_length,
2719 salt, salt_length, output, output_size,
2720 output_length ) );
2721 #endif /* PSA_CRYPTO_DRIVER_TEST */
2722 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2723
2724 default:
2725 /* Key is declared with a lifetime not known to us */
2726 (void)status;
2727 (void)key_buffer;
2728 (void)key_buffer_size;
2729 (void)alg;
2730 (void)input;
2731 (void)input_length;
2732 (void)salt;
2733 (void)salt_length;
2734 (void)output;
2735 (void)output_size;
2736 (void)output_length;
2737 return( PSA_ERROR_INVALID_ARGUMENT );
2738 }
2739 }
2740
psa_driver_wrapper_key_agreement(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * peer_key,size_t peer_key_length,uint8_t * shared_secret,size_t shared_secret_size,size_t * shared_secret_length)2741 psa_status_t psa_driver_wrapper_key_agreement(
2742 const psa_key_attributes_t *attributes,
2743 const uint8_t *key_buffer,
2744 size_t key_buffer_size,
2745 psa_algorithm_t alg,
2746 const uint8_t *peer_key,
2747 size_t peer_key_length,
2748 uint8_t *shared_secret,
2749 size_t shared_secret_size,
2750 size_t *shared_secret_length
2751 )
2752 {
2753 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2754 psa_key_location_t location =
2755 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
2756
2757 switch( location )
2758 {
2759 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2760 /* Key is stored in the slot in export representation, so
2761 * cycle through all known transparent accelerators */
2762 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2763 #if defined(PSA_CRYPTO_DRIVER_TEST)
2764 status =
2765 mbedtls_test_transparent_key_agreement( attributes,
2766 key_buffer, key_buffer_size, alg, peer_key,
2767 peer_key_length, shared_secret, shared_secret_size,
2768 shared_secret_length );
2769 if( status != PSA_ERROR_NOT_SUPPORTED )
2770 return( status );
2771 #endif /* PSA_CRYPTO_DRIVER_TEST */
2772 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2773
2774 /* Software Fallback */
2775 status = psa_key_agreement_raw_builtin( attributes,
2776 key_buffer,
2777 key_buffer_size,
2778 alg,
2779 peer_key,
2780 peer_key_length,
2781 shared_secret,
2782 shared_secret_size,
2783 shared_secret_length );
2784 return( status );
2785 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2786 #if defined(PSA_CRYPTO_DRIVER_TEST)
2787 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2788 return( mbedtls_test_opaque_key_agreement( attributes,
2789 key_buffer, key_buffer_size, alg, peer_key,
2790 peer_key_length, shared_secret, shared_secret_size,
2791 shared_secret_length ) );
2792 #endif /* PSA_CRYPTO_DRIVER_TEST */
2793 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2794
2795 default:
2796 (void) attributes;
2797 (void) key_buffer;
2798 (void) key_buffer_size;
2799 (void) peer_key;
2800 (void) peer_key_length;
2801 (void) shared_secret;
2802 (void) shared_secret_size;
2803 (void) shared_secret_length;
2804 return( PSA_ERROR_NOT_SUPPORTED );
2805
2806 }
2807 }
2808
psa_driver_wrapper_pake_setup(psa_pake_operation_t * operation,const psa_crypto_driver_pake_inputs_t * inputs)2809 psa_status_t psa_driver_wrapper_pake_setup(
2810 psa_pake_operation_t *operation,
2811 const psa_crypto_driver_pake_inputs_t *inputs )
2812 {
2813 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2814
2815 psa_key_location_t location =
2816 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime( &inputs->attributes ) );
2817
2818 switch( location )
2819 {
2820 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2821 /* Key is stored in the slot in export representation, so
2822 * cycle through all known transparent accelerators */
2823 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2824 #if defined(PSA_CRYPTO_DRIVER_TEST)
2825 status = mbedtls_test_transparent_pake_setup(
2826 &operation->data.ctx.transparent_test_driver_ctx,
2827 inputs );
2828 if( status == PSA_SUCCESS )
2829 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
2830 /* Declared with fallback == true */
2831 if( status != PSA_ERROR_NOT_SUPPORTED )
2832 return( status );
2833 #endif /* PSA_CRYPTO_DRIVER_TEST */
2834 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2835 #if defined(MBEDTLS_PSA_BUILTIN_PAKE)
2836 status = mbedtls_psa_pake_setup( &operation->data.ctx.mbedtls_ctx,
2837 inputs );
2838 if( status == PSA_SUCCESS )
2839 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
2840 return status;
2841 #endif
2842 /* Add cases for opaque driver here */
2843 default:
2844 /* Key is declared with a lifetime not known to us */
2845 (void)operation;
2846 (void)inputs;
2847 (void)status;
2848 return( PSA_ERROR_INVALID_ARGUMENT );
2849 }
2850 }
psa_driver_wrapper_pake_output(psa_pake_operation_t * operation,psa_crypto_driver_pake_step_t step,uint8_t * output,size_t output_size,size_t * output_length)2851 psa_status_t psa_driver_wrapper_pake_output(
2852 psa_pake_operation_t *operation,
2853 psa_crypto_driver_pake_step_t step,
2854 uint8_t *output,
2855 size_t output_size,
2856 size_t *output_length )
2857 {
2858 switch( operation->id )
2859 {
2860 #if defined(MBEDTLS_PSA_BUILTIN_PAKE)
2861 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2862 return( mbedtls_psa_pake_output( &operation->data.ctx.mbedtls_ctx, step,
2863 output, output_size, output_length ) );
2864 #endif /* MBEDTLS_PSA_BUILTIN_PAKE */
2865
2866 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2867 #if defined(PSA_CRYPTO_DRIVER_TEST)
2868 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2869 return( mbedtls_test_transparent_pake_output(
2870 &operation->data.ctx.transparent_test_driver_ctx,
2871 step, output, output_size, output_length ) );
2872 #endif /* PSA_CRYPTO_DRIVER_TEST */
2873 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2874 default:
2875 (void) step;
2876 (void) output;
2877 (void) output_size;
2878 (void) output_length;
2879 return( PSA_ERROR_INVALID_ARGUMENT );
2880 }
2881 }
2882
psa_driver_wrapper_pake_input(psa_pake_operation_t * operation,psa_crypto_driver_pake_step_t step,const uint8_t * input,size_t input_length)2883 psa_status_t psa_driver_wrapper_pake_input(
2884 psa_pake_operation_t *operation,
2885 psa_crypto_driver_pake_step_t step,
2886 const uint8_t *input,
2887 size_t input_length )
2888 {
2889 switch( operation->id )
2890 {
2891 #if defined(MBEDTLS_PSA_BUILTIN_PAKE)
2892 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2893 return( mbedtls_psa_pake_input( &operation->data.ctx.mbedtls_ctx,
2894 step, input,
2895 input_length ) );
2896 #endif /* MBEDTLS_PSA_BUILTIN_PAKE */
2897
2898 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2899 #if defined(PSA_CRYPTO_DRIVER_TEST)
2900 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2901 return( mbedtls_test_transparent_pake_input(
2902 &operation->data.ctx.transparent_test_driver_ctx,
2903 step,
2904 input, input_length ) );
2905 #endif /* PSA_CRYPTO_DRIVER_TEST */
2906 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2907 default:
2908 (void) step;
2909 (void) input;
2910 (void) input_length;
2911 return( PSA_ERROR_INVALID_ARGUMENT );
2912 }
2913 }
2914
psa_driver_wrapper_pake_get_implicit_key(psa_pake_operation_t * operation,uint8_t * output,size_t output_size,size_t * output_length)2915 psa_status_t psa_driver_wrapper_pake_get_implicit_key(
2916 psa_pake_operation_t *operation,
2917 uint8_t *output, size_t output_size,
2918 size_t *output_length )
2919 {
2920 switch( operation->id )
2921 {
2922 #if defined(MBEDTLS_PSA_BUILTIN_PAKE)
2923 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2924 return( mbedtls_psa_pake_get_implicit_key( &operation->data.ctx.mbedtls_ctx,
2925 output, output_size, output_length ) );
2926 #endif /* MBEDTLS_PSA_BUILTIN_PAKE */
2927
2928 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2929 #if defined(PSA_CRYPTO_DRIVER_TEST)
2930 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2931 return( mbedtls_test_transparent_pake_get_implicit_key(
2932 &operation->data.ctx.transparent_test_driver_ctx,
2933 output, output_size, output_length ) );
2934 #endif /* PSA_CRYPTO_DRIVER_TEST */
2935 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2936 default:
2937 (void) output;
2938 (void) output_size;
2939 (void) output_length;
2940 return( PSA_ERROR_INVALID_ARGUMENT );
2941 }
2942 }
2943
psa_driver_wrapper_pake_abort(psa_pake_operation_t * operation)2944 psa_status_t psa_driver_wrapper_pake_abort(
2945 psa_pake_operation_t * operation )
2946 {
2947 switch( operation->id )
2948 {
2949 #if defined(MBEDTLS_PSA_BUILTIN_PAKE)
2950 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2951 return( mbedtls_psa_pake_abort( &operation->data.ctx.mbedtls_ctx ) );
2952 #endif /* MBEDTLS_PSA_BUILTIN_PAKE */
2953
2954 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2955 #if defined(PSA_CRYPTO_DRIVER_TEST)
2956 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2957 return( mbedtls_test_transparent_pake_abort(
2958 &operation->data.ctx.transparent_test_driver_ctx ) );
2959 #endif /* PSA_CRYPTO_DRIVER_TEST */
2960 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2961 default:
2962 return( PSA_ERROR_INVALID_ARGUMENT );
2963 }
2964 }
2965
2966 #endif /* MBEDTLS_PSA_CRYPTO_C */
2967