1 /*
2 * Functions to delegate cryptographic operations to an available
3 * and appropriate accelerator.
4 * Warning: This file is now auto-generated.
5 */
6 /* Copyright The Mbed TLS Contributors
7 * SPDX-License-Identifier: Apache-2.0
8 *
9 * Licensed under the Apache License, Version 2.0 (the "License"); you may
10 * not use this file except in compliance with the License.
11 * You may obtain a copy of the License at
12 *
13 * http://www.apache.org/licenses/LICENSE-2.0
14 *
15 * Unless required by applicable law or agreed to in writing, software
16 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
17 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18 * See the License for the specific language governing permissions and
19 * limitations under the License.
20 */
21
22
23 /* BEGIN-common headers */
24 #include "common.h"
25 #include "psa_crypto_aead.h"
26 #include "psa_crypto_cipher.h"
27 #include "psa_crypto_core.h"
28 #include "psa_crypto_driver_wrappers.h"
29 #include "psa_crypto_hash.h"
30 #include "psa_crypto_mac.h"
31 #include "psa_crypto_rsa.h"
32
33 #include "mbedtls/platform.h"
34 /* END-common headers */
35
36 #if defined(MBEDTLS_PSA_CRYPTO_C)
37
38 /* BEGIN-driver headers */
39 #if defined(MBEDTLS_PSA_CRYPTO_DRIVERS)
40 /* Headers for mbedtls_test opaque driver */
41 #if defined(PSA_CRYPTO_DRIVER_TEST)
42 #include "test/drivers/test_driver.h"
43
44 #endif
45 /* Headers for mbedtls_test transparent driver */
46 #if defined(PSA_CRYPTO_DRIVER_TEST)
47 #include "test/drivers/test_driver.h"
48
49 #endif
50
51 #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS */
52 /* END-driver headers */
53
54 /* Auto-generated values depending on which drivers are registered.
55 * ID 0 is reserved for unallocated operations.
56 * ID 1 is reserved for the Mbed TLS software driver. */
57 /* BEGIN-driver id definition */
58 #define PSA_CRYPTO_MBED_TLS_DRIVER_ID (1)
59 #define MBEDTLS_TEST_OPAQUE_DRIVER_ID (2)
60 #define MBEDTLS_TEST_TRANSPARENT_DRIVER_ID (3)
61
62 /* END-driver id */
63
64 /* BEGIN-Common Macro definitions */
65
66 /* END-Common Macro definitions */
67
68 /* Support the 'old' SE interface when asked to */
69 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
70 /* PSA_CRYPTO_DRIVER_PRESENT is defined when either a new-style or old-style
71 * SE driver is present, to avoid unused argument errors at compile time. */
72 #ifndef PSA_CRYPTO_DRIVER_PRESENT
73 #define PSA_CRYPTO_DRIVER_PRESENT
74 #endif
75 #include "psa_crypto_se.h"
76 #endif
77
psa_driver_wrapper_init(void)78 psa_status_t psa_driver_wrapper_init( void )
79 {
80 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
81
82 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
83 status = psa_init_all_se_drivers( );
84 if( status != PSA_SUCCESS )
85 return( status );
86 #endif
87
88 #if defined(PSA_CRYPTO_DRIVER_TEST)
89 status = mbedtls_test_transparent_init( );
90 if( status != PSA_SUCCESS )
91 return( status );
92
93 status = mbedtls_test_opaque_init( );
94 if( status != PSA_SUCCESS )
95 return( status );
96 #endif
97
98 (void) status;
99 return( PSA_SUCCESS );
100 }
101
psa_driver_wrapper_free(void)102 void psa_driver_wrapper_free( void )
103 {
104 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
105 /* Unregister all secure element drivers, so that we restart from
106 * a pristine state. */
107 psa_unregister_all_se_drivers( );
108 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
109
110 #if defined(PSA_CRYPTO_DRIVER_TEST)
111 mbedtls_test_transparent_free( );
112 mbedtls_test_opaque_free( );
113 #endif
114 }
115
116 /* Start delegation functions */
psa_driver_wrapper_sign_message(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * input,size_t input_length,uint8_t * signature,size_t signature_size,size_t * signature_length)117 psa_status_t psa_driver_wrapper_sign_message(
118 const psa_key_attributes_t *attributes,
119 const uint8_t *key_buffer,
120 size_t key_buffer_size,
121 psa_algorithm_t alg,
122 const uint8_t *input,
123 size_t input_length,
124 uint8_t *signature,
125 size_t signature_size,
126 size_t *signature_length )
127 {
128 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
129 psa_key_location_t location =
130 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
131
132 switch( location )
133 {
134 case PSA_KEY_LOCATION_LOCAL_STORAGE:
135 /* Key is stored in the slot in export representation, so
136 * cycle through all known transparent accelerators */
137 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
138 #if defined(PSA_CRYPTO_DRIVER_TEST)
139 status = mbedtls_test_transparent_signature_sign_message(
140 attributes,
141 key_buffer,
142 key_buffer_size,
143 alg,
144 input,
145 input_length,
146 signature,
147 signature_size,
148 signature_length );
149 /* Declared with fallback == true */
150 if( status != PSA_ERROR_NOT_SUPPORTED )
151 return( status );
152 #endif /* PSA_CRYPTO_DRIVER_TEST */
153 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
154 break;
155
156 /* Add cases for opaque driver here */
157 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
158 #if defined(PSA_CRYPTO_DRIVER_TEST)
159 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
160 status = mbedtls_test_opaque_signature_sign_message(
161 attributes,
162 key_buffer,
163 key_buffer_size,
164 alg,
165 input,
166 input_length,
167 signature,
168 signature_size,
169 signature_length );
170 if( status != PSA_ERROR_NOT_SUPPORTED )
171 return( status );
172 break;
173 #endif /* PSA_CRYPTO_DRIVER_TEST */
174 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
175 default:
176 /* Key is declared with a lifetime not known to us */
177 (void)status;
178 break;
179 }
180
181 return( psa_sign_message_builtin( attributes,
182 key_buffer,
183 key_buffer_size,
184 alg,
185 input,
186 input_length,
187 signature,
188 signature_size,
189 signature_length ) );
190 }
191
psa_driver_wrapper_verify_message(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * input,size_t input_length,const uint8_t * signature,size_t signature_length)192 psa_status_t psa_driver_wrapper_verify_message(
193 const psa_key_attributes_t *attributes,
194 const uint8_t *key_buffer,
195 size_t key_buffer_size,
196 psa_algorithm_t alg,
197 const uint8_t *input,
198 size_t input_length,
199 const uint8_t *signature,
200 size_t signature_length )
201 {
202 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
203 psa_key_location_t location =
204 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
205
206 switch( location )
207 {
208 case PSA_KEY_LOCATION_LOCAL_STORAGE:
209 /* Key is stored in the slot in export representation, so
210 * cycle through all known transparent accelerators */
211 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
212 #if defined(PSA_CRYPTO_DRIVER_TEST)
213 status = mbedtls_test_transparent_signature_verify_message(
214 attributes,
215 key_buffer,
216 key_buffer_size,
217 alg,
218 input,
219 input_length,
220 signature,
221 signature_length );
222 /* Declared with fallback == true */
223 if( status != PSA_ERROR_NOT_SUPPORTED )
224 return( status );
225 #endif /* PSA_CRYPTO_DRIVER_TEST */
226 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
227 break;
228
229 /* Add cases for opaque driver here */
230 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
231 #if defined(PSA_CRYPTO_DRIVER_TEST)
232 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
233 return( mbedtls_test_opaque_signature_verify_message(
234 attributes,
235 key_buffer,
236 key_buffer_size,
237 alg,
238 input,
239 input_length,
240 signature,
241 signature_length ) );
242 if( status != PSA_ERROR_NOT_SUPPORTED )
243 return( status );
244 break;
245 #endif /* PSA_CRYPTO_DRIVER_TEST */
246 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
247 default:
248 /* Key is declared with a lifetime not known to us */
249 (void)status;
250 break;
251 }
252
253 return( psa_verify_message_builtin( attributes,
254 key_buffer,
255 key_buffer_size,
256 alg,
257 input,
258 input_length,
259 signature,
260 signature_length ) );
261 }
262
psa_driver_wrapper_sign_hash(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * hash,size_t hash_length,uint8_t * signature,size_t signature_size,size_t * signature_length)263 psa_status_t psa_driver_wrapper_sign_hash(
264 const psa_key_attributes_t *attributes,
265 const uint8_t *key_buffer, size_t key_buffer_size,
266 psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
267 uint8_t *signature, size_t signature_size, size_t *signature_length )
268 {
269 /* Try dynamically-registered SE interface first */
270 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
271 const psa_drv_se_t *drv;
272 psa_drv_se_context_t *drv_context;
273
274 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
275 {
276 if( drv->asymmetric == NULL ||
277 drv->asymmetric->p_sign == NULL )
278 {
279 /* Key is defined in SE, but we have no way to exercise it */
280 return( PSA_ERROR_NOT_SUPPORTED );
281 }
282 return( drv->asymmetric->p_sign(
283 drv_context, *( (psa_key_slot_number_t *)key_buffer ),
284 alg, hash, hash_length,
285 signature, signature_size, signature_length ) );
286 }
287 #endif /* PSA_CRYPTO_SE_C */
288
289 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
290 psa_key_location_t location =
291 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
292
293 switch( location )
294 {
295 case PSA_KEY_LOCATION_LOCAL_STORAGE:
296 /* Key is stored in the slot in export representation, so
297 * cycle through all known transparent accelerators */
298 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
299 #if defined(PSA_CRYPTO_DRIVER_TEST)
300 status = mbedtls_test_transparent_signature_sign_hash( attributes,
301 key_buffer,
302 key_buffer_size,
303 alg,
304 hash,
305 hash_length,
306 signature,
307 signature_size,
308 signature_length );
309 /* Declared with fallback == true */
310 if( status != PSA_ERROR_NOT_SUPPORTED )
311 return( status );
312 #endif /* PSA_CRYPTO_DRIVER_TEST */
313 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
314 /* Fell through, meaning no accelerator supports this operation */
315 return( psa_sign_hash_builtin( attributes,
316 key_buffer,
317 key_buffer_size,
318 alg,
319 hash,
320 hash_length,
321 signature,
322 signature_size,
323 signature_length ) );
324
325 /* Add cases for opaque driver here */
326 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
327 #if defined(PSA_CRYPTO_DRIVER_TEST)
328 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
329 return( mbedtls_test_opaque_signature_sign_hash( attributes,
330 key_buffer,
331 key_buffer_size,
332 alg,
333 hash,
334 hash_length,
335 signature,
336 signature_size,
337 signature_length ) );
338 #endif /* PSA_CRYPTO_DRIVER_TEST */
339 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
340 default:
341 /* Key is declared with a lifetime not known to us */
342 (void)status;
343 return( PSA_ERROR_INVALID_ARGUMENT );
344 }
345 }
346
psa_driver_wrapper_verify_hash(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * hash,size_t hash_length,const uint8_t * signature,size_t signature_length)347 psa_status_t psa_driver_wrapper_verify_hash(
348 const psa_key_attributes_t *attributes,
349 const uint8_t *key_buffer, size_t key_buffer_size,
350 psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
351 const uint8_t *signature, size_t signature_length )
352 {
353 /* Try dynamically-registered SE interface first */
354 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
355 const psa_drv_se_t *drv;
356 psa_drv_se_context_t *drv_context;
357
358 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
359 {
360 if( drv->asymmetric == NULL ||
361 drv->asymmetric->p_verify == NULL )
362 {
363 /* Key is defined in SE, but we have no way to exercise it */
364 return( PSA_ERROR_NOT_SUPPORTED );
365 }
366 return( drv->asymmetric->p_verify(
367 drv_context, *( (psa_key_slot_number_t *)key_buffer ),
368 alg, hash, hash_length,
369 signature, signature_length ) );
370 }
371 #endif /* PSA_CRYPTO_SE_C */
372
373 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
374 psa_key_location_t location =
375 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
376
377 switch( location )
378 {
379 case PSA_KEY_LOCATION_LOCAL_STORAGE:
380 /* Key is stored in the slot in export representation, so
381 * cycle through all known transparent accelerators */
382 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
383 #if defined(PSA_CRYPTO_DRIVER_TEST)
384 status = mbedtls_test_transparent_signature_verify_hash(
385 attributes,
386 key_buffer,
387 key_buffer_size,
388 alg,
389 hash,
390 hash_length,
391 signature,
392 signature_length );
393 /* Declared with fallback == true */
394 if( status != PSA_ERROR_NOT_SUPPORTED )
395 return( status );
396 #endif /* PSA_CRYPTO_DRIVER_TEST */
397 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
398
399 return( psa_verify_hash_builtin( attributes,
400 key_buffer,
401 key_buffer_size,
402 alg,
403 hash,
404 hash_length,
405 signature,
406 signature_length ) );
407
408 /* Add cases for opaque driver here */
409 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
410 #if defined(PSA_CRYPTO_DRIVER_TEST)
411 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
412 return( mbedtls_test_opaque_signature_verify_hash( attributes,
413 key_buffer,
414 key_buffer_size,
415 alg,
416 hash,
417 hash_length,
418 signature,
419 signature_length ) );
420 #endif /* PSA_CRYPTO_DRIVER_TEST */
421 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
422 default:
423 /* Key is declared with a lifetime not known to us */
424 (void)status;
425 return( PSA_ERROR_INVALID_ARGUMENT );
426 }
427 }
428
429 /** Calculate the key buffer size required to store the key material of a key
430 * associated with an opaque driver from input key data.
431 *
432 * \param[in] attributes The key attributes
433 * \param[in] data The input key data.
434 * \param[in] data_length The input data length.
435 * \param[out] key_buffer_size Minimum buffer size to contain the key material.
436 *
437 * \retval #PSA_SUCCESS
438 * \retval #PSA_ERROR_INVALID_ARGUMENT
439 * \retval #PSA_ERROR_NOT_SUPPORTED
440 */
psa_driver_wrapper_get_key_buffer_size_from_key_data(const psa_key_attributes_t * attributes,const uint8_t * data,size_t data_length,size_t * key_buffer_size)441 psa_status_t psa_driver_wrapper_get_key_buffer_size_from_key_data(
442 const psa_key_attributes_t *attributes,
443 const uint8_t *data,
444 size_t data_length,
445 size_t *key_buffer_size )
446 {
447 psa_key_location_t location =
448 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
449 psa_key_type_t key_type = attributes->core.type;
450
451 *key_buffer_size = 0;
452 switch( location )
453 {
454 #if defined(PSA_CRYPTO_DRIVER_TEST)
455 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
456 *key_buffer_size = mbedtls_test_opaque_size_function( key_type,
457 PSA_BYTES_TO_BITS( data_length ) );
458 return( ( *key_buffer_size != 0 ) ?
459 PSA_SUCCESS : PSA_ERROR_NOT_SUPPORTED );
460 #endif /* PSA_CRYPTO_DRIVER_TEST */
461
462 default:
463 (void)key_type;
464 (void)data;
465 (void)data_length;
466 return( PSA_ERROR_INVALID_ARGUMENT );
467 }
468 }
469
470 /** Get the key buffer size required to store the key material of a key
471 * associated with an opaque driver.
472 *
473 * \param[in] attributes The key attributes.
474 * \param[out] key_buffer_size Minimum buffer size to contain the key material
475 *
476 * \retval #PSA_SUCCESS
477 * The minimum size for a buffer to contain the key material has been
478 * returned successfully.
479 * \retval #PSA_ERROR_NOT_SUPPORTED
480 * The type and/or the size in bits of the key or the combination of
481 * the two is not supported.
482 * \retval #PSA_ERROR_INVALID_ARGUMENT
483 * The key is declared with a lifetime not known to us.
484 */
psa_driver_wrapper_get_key_buffer_size(const psa_key_attributes_t * attributes,size_t * key_buffer_size)485 psa_status_t psa_driver_wrapper_get_key_buffer_size(
486 const psa_key_attributes_t *attributes,
487 size_t *key_buffer_size )
488 {
489 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
490 psa_key_type_t key_type = attributes->core.type;
491 size_t key_bits = attributes->core.bits;
492
493 *key_buffer_size = 0;
494 switch( location )
495 {
496 #if defined(PSA_CRYPTO_DRIVER_TEST)
497 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
498 #if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
499 /* Emulate property 'builtin_key_size' */
500 if( psa_key_id_is_builtin(
501 MBEDTLS_SVC_KEY_ID_GET_KEY_ID(
502 psa_get_key_id( attributes ) ) ) )
503 {
504 *key_buffer_size = sizeof( psa_drv_slot_number_t );
505 return( PSA_SUCCESS );
506 }
507 #endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
508 *key_buffer_size = mbedtls_test_opaque_size_function( key_type,
509 key_bits );
510 return( ( *key_buffer_size != 0 ) ?
511 PSA_SUCCESS : PSA_ERROR_NOT_SUPPORTED );
512 #endif /* PSA_CRYPTO_DRIVER_TEST */
513
514 default:
515 (void)key_type;
516 (void)key_bits;
517 return( PSA_ERROR_INVALID_ARGUMENT );
518 }
519 }
520
psa_driver_wrapper_generate_key(const psa_key_attributes_t * attributes,uint8_t * key_buffer,size_t key_buffer_size,size_t * key_buffer_length)521 psa_status_t psa_driver_wrapper_generate_key(
522 const psa_key_attributes_t *attributes,
523 uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
524 {
525 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
526 psa_key_location_t location =
527 PSA_KEY_LIFETIME_GET_LOCATION(attributes->core.lifetime);
528
529 /* Try dynamically-registered SE interface first */
530 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
531 const psa_drv_se_t *drv;
532 psa_drv_se_context_t *drv_context;
533
534 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
535 {
536 size_t pubkey_length = 0; /* We don't support this feature yet */
537 if( drv->key_management == NULL ||
538 drv->key_management->p_generate == NULL )
539 {
540 /* Key is defined as being in SE, but we have no way to generate it */
541 return( PSA_ERROR_NOT_SUPPORTED );
542 }
543 return( drv->key_management->p_generate(
544 drv_context,
545 *( (psa_key_slot_number_t *)key_buffer ),
546 attributes, NULL, 0, &pubkey_length ) );
547 }
548 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
549
550 switch( location )
551 {
552 case PSA_KEY_LOCATION_LOCAL_STORAGE:
553 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
554 /* Transparent drivers are limited to generating asymmetric keys */
555 if( PSA_KEY_TYPE_IS_ASYMMETRIC( attributes->core.type ) )
556 {
557 /* Cycle through all known transparent accelerators */
558 #if defined(PSA_CRYPTO_DRIVER_TEST)
559 status = mbedtls_test_transparent_generate_key(
560 attributes, key_buffer, key_buffer_size,
561 key_buffer_length );
562 /* Declared with fallback == true */
563 if( status != PSA_ERROR_NOT_SUPPORTED )
564 break;
565 #endif /* PSA_CRYPTO_DRIVER_TEST */
566 }
567 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
568
569 /* Software fallback */
570 status = psa_generate_key_internal(
571 attributes, key_buffer, key_buffer_size, key_buffer_length );
572 break;
573
574 /* Add cases for opaque driver here */
575 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
576 #if defined(PSA_CRYPTO_DRIVER_TEST)
577 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
578 status = mbedtls_test_opaque_generate_key(
579 attributes, key_buffer, key_buffer_size, key_buffer_length );
580 break;
581 #endif /* PSA_CRYPTO_DRIVER_TEST */
582 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
583
584 default:
585 /* Key is declared with a lifetime not known to us */
586 status = PSA_ERROR_INVALID_ARGUMENT;
587 break;
588 }
589
590 return( status );
591 }
592
psa_driver_wrapper_import_key(const psa_key_attributes_t * attributes,const uint8_t * data,size_t data_length,uint8_t * key_buffer,size_t key_buffer_size,size_t * key_buffer_length,size_t * bits)593 psa_status_t psa_driver_wrapper_import_key(
594 const psa_key_attributes_t *attributes,
595 const uint8_t *data,
596 size_t data_length,
597 uint8_t *key_buffer,
598 size_t key_buffer_size,
599 size_t *key_buffer_length,
600 size_t *bits )
601 {
602
603 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
604 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
605 psa_get_key_lifetime( attributes ) );
606
607 /* Try dynamically-registered SE interface first */
608 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
609 const psa_drv_se_t *drv;
610 psa_drv_se_context_t *drv_context;
611
612 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
613 {
614 if( drv->key_management == NULL ||
615 drv->key_management->p_import == NULL )
616 return( PSA_ERROR_NOT_SUPPORTED );
617
618 /* The driver should set the number of key bits, however in
619 * case it doesn't, we initialize bits to an invalid value. */
620 *bits = PSA_MAX_KEY_BITS + 1;
621 status = drv->key_management->p_import(
622 drv_context,
623 *( (psa_key_slot_number_t *)key_buffer ),
624 attributes, data, data_length, bits );
625
626 if( status != PSA_SUCCESS )
627 return( status );
628
629 if( (*bits) > PSA_MAX_KEY_BITS )
630 return( PSA_ERROR_NOT_SUPPORTED );
631
632 return( PSA_SUCCESS );
633 }
634 #endif /* PSA_CRYPTO_SE_C */
635
636 switch( location )
637 {
638 case PSA_KEY_LOCATION_LOCAL_STORAGE:
639 /* Key is stored in the slot in export representation, so
640 * cycle through all known transparent accelerators */
641 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
642
643 #if (defined(PSA_CRYPTO_DRIVER_TEST) )
644 status = mbedtls_test_transparent_import_key
645 (attributes,
646 data,
647 data_length,
648 key_buffer,
649 key_buffer_size,
650 key_buffer_length,
651 bits
652 );
653
654 if( status != PSA_ERROR_NOT_SUPPORTED )
655 return( status );
656 #endif
657
658
659 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
660
661 /* Fell through, meaning no accelerator supports this operation */
662 return( psa_import_key_into_slot( attributes,
663 data, data_length,
664 key_buffer, key_buffer_size,
665 key_buffer_length, bits ) );
666 /* Add cases for opaque driver here */
667 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
668
669 #if (defined(PSA_CRYPTO_DRIVER_TEST) )
670 case 0x7fffff:
671 return( mbedtls_test_opaque_import_key
672 (attributes,
673 data,
674 data_length,
675 key_buffer,
676 key_buffer_size,
677 key_buffer_length,
678 bits
679 ));
680 #endif
681
682
683 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
684 default:
685 (void)status;
686 return( PSA_ERROR_INVALID_ARGUMENT );
687 }
688
689 }
690
psa_driver_wrapper_export_key(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,uint8_t * data,size_t data_size,size_t * data_length)691 psa_status_t psa_driver_wrapper_export_key(
692 const psa_key_attributes_t *attributes,
693 const uint8_t *key_buffer, size_t key_buffer_size,
694 uint8_t *data, size_t data_size, size_t *data_length )
695
696 {
697
698 psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
699 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
700 psa_get_key_lifetime( attributes ) );
701
702 /* Try dynamically-registered SE interface first */
703 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
704 const psa_drv_se_t *drv;
705 psa_drv_se_context_t *drv_context;
706
707 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
708 {
709 if( ( drv->key_management == NULL ) ||
710 ( drv->key_management->p_export == NULL ) )
711 {
712 return( PSA_ERROR_NOT_SUPPORTED );
713 }
714
715 return( drv->key_management->p_export(
716 drv_context,
717 *( (psa_key_slot_number_t *)key_buffer ),
718 data, data_size, data_length ) );
719 }
720 #endif /* PSA_CRYPTO_SE_C */
721
722 switch( location )
723 {
724 case PSA_KEY_LOCATION_LOCAL_STORAGE:
725 return( psa_export_key_internal( attributes,
726 key_buffer,
727 key_buffer_size,
728 data,
729 data_size,
730 data_length ) );
731
732 /* Add cases for opaque driver here */
733 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
734
735 #if (defined(PSA_CRYPTO_DRIVER_TEST) )
736 case 0x7fffff:
737 return( mbedtls_test_opaque_export_key
738 (attributes,
739 key_buffer,
740 key_buffer_size,
741 data,
742 data_size,
743 data_length
744 ));
745 #endif
746
747
748 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
749 default:
750 /* Key is declared with a lifetime not known to us */
751 return( status );
752 }
753
754 }
755
psa_driver_wrapper_export_public_key(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,uint8_t * data,size_t data_size,size_t * data_length)756 psa_status_t psa_driver_wrapper_export_public_key(
757 const psa_key_attributes_t *attributes,
758 const uint8_t *key_buffer, size_t key_buffer_size,
759 uint8_t *data, size_t data_size, size_t *data_length )
760
761 {
762
763 psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
764 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
765 psa_get_key_lifetime( attributes ) );
766
767 /* Try dynamically-registered SE interface first */
768 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
769 const psa_drv_se_t *drv;
770 psa_drv_se_context_t *drv_context;
771
772 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
773 {
774 if( ( drv->key_management == NULL ) ||
775 ( drv->key_management->p_export_public == NULL ) )
776 {
777 return( PSA_ERROR_NOT_SUPPORTED );
778 }
779
780 return( drv->key_management->p_export_public(
781 drv_context,
782 *( (psa_key_slot_number_t *)key_buffer ),
783 data, data_size, data_length ) );
784 }
785 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
786
787 switch( location )
788 {
789 case PSA_KEY_LOCATION_LOCAL_STORAGE:
790 /* Key is stored in the slot in export representation, so
791 * cycle through all known transparent accelerators */
792 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
793
794 #if (defined(PSA_CRYPTO_DRIVER_TEST) )
795 status = mbedtls_test_transparent_export_public_key
796 (attributes,
797 key_buffer,
798 key_buffer_size,
799 data,
800 data_size,
801 data_length
802 );
803
804 if( status != PSA_ERROR_NOT_SUPPORTED )
805 return( status );
806 #endif
807
808
809 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
810 /* Fell through, meaning no accelerator supports this operation */
811 return( psa_export_public_key_internal( attributes,
812 key_buffer,
813 key_buffer_size,
814 data,
815 data_size,
816 data_length ) );
817
818 /* Add cases for opaque driver here */
819 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
820
821 #if (defined(PSA_CRYPTO_DRIVER_TEST) )
822 case 0x7fffff:
823 return( mbedtls_test_opaque_export_public_key
824 (attributes,
825 key_buffer,
826 key_buffer_size,
827 data,
828 data_size,
829 data_length
830 ));
831 #endif
832
833
834 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
835 default:
836 /* Key is declared with a lifetime not known to us */
837 return( status );
838 }
839
840 }
841
psa_driver_wrapper_get_builtin_key(psa_drv_slot_number_t slot_number,psa_key_attributes_t * attributes,uint8_t * key_buffer,size_t key_buffer_size,size_t * key_buffer_length)842 psa_status_t psa_driver_wrapper_get_builtin_key(
843 psa_drv_slot_number_t slot_number,
844 psa_key_attributes_t *attributes,
845 uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
846 {
847
848 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
849 switch( location )
850 {
851 #if defined(PSA_CRYPTO_DRIVER_TEST)
852
853 #if (defined(PSA_CRYPTO_DRIVER_TEST) )
854 case 0x7fffff:
855 return( mbedtls_test_opaque_get_builtin_key
856 (slot_number,
857 attributes,
858 key_buffer,
859 key_buffer_size,
860 key_buffer_length
861 ));
862 #endif
863
864
865 #endif /* PSA_CRYPTO_DRIVER_TEST */
866 default:
867 (void) slot_number;
868 (void) key_buffer;
869 (void) key_buffer_size;
870 (void) key_buffer_length;
871 return( PSA_ERROR_DOES_NOT_EXIST );
872 }
873
874 }
875
psa_driver_wrapper_copy_key(psa_key_attributes_t * attributes,const uint8_t * source_key,size_t source_key_length,uint8_t * target_key_buffer,size_t target_key_buffer_size,size_t * target_key_buffer_length)876 psa_status_t psa_driver_wrapper_copy_key(
877 psa_key_attributes_t *attributes,
878 const uint8_t *source_key, size_t source_key_length,
879 uint8_t *target_key_buffer, size_t target_key_buffer_size,
880 size_t *target_key_buffer_length )
881 {
882
883 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
884 psa_key_location_t location =
885 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
886
887 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
888 const psa_drv_se_t *drv;
889 psa_drv_se_context_t *drv_context;
890
891 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
892 {
893 /* Copying to a secure element is not implemented yet. */
894 return( PSA_ERROR_NOT_SUPPORTED );
895 }
896 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
897
898 switch( location )
899 {
900 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
901
902 #if (defined(PSA_CRYPTO_DRIVER_TEST) )
903 case 0x7fffff:
904 return( mbedtls_test_opaque_copy_key
905 (attributes,
906 source_key,
907 source_key_length,
908 target_key_buffer,
909 target_key_buffer_size,
910 target_key_buffer_length
911 ));
912 #endif
913
914
915 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
916 default:
917 (void)source_key;
918 (void)source_key_length;
919 (void)target_key_buffer;
920 (void)target_key_buffer_size;
921 (void)target_key_buffer_length;
922 status = PSA_ERROR_INVALID_ARGUMENT;
923 }
924 return( status );
925
926 }
927
928 /*
929 * Cipher functions
930 */
psa_driver_wrapper_cipher_encrypt(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * iv,size_t iv_length,const uint8_t * input,size_t input_length,uint8_t * output,size_t output_size,size_t * output_length)931 psa_status_t psa_driver_wrapper_cipher_encrypt(
932 const psa_key_attributes_t *attributes,
933 const uint8_t *key_buffer,
934 size_t key_buffer_size,
935 psa_algorithm_t alg,
936 const uint8_t *iv,
937 size_t iv_length,
938 const uint8_t *input,
939 size_t input_length,
940 uint8_t *output,
941 size_t output_size,
942 size_t *output_length )
943 {
944 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
945 psa_key_location_t location =
946 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
947
948 switch( location )
949 {
950 case PSA_KEY_LOCATION_LOCAL_STORAGE:
951 /* Key is stored in the slot in export representation, so
952 * cycle through all known transparent accelerators */
953 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
954 #if defined(PSA_CRYPTO_DRIVER_TEST)
955 status = mbedtls_test_transparent_cipher_encrypt( attributes,
956 key_buffer,
957 key_buffer_size,
958 alg,
959 iv,
960 iv_length,
961 input,
962 input_length,
963 output,
964 output_size,
965 output_length );
966 /* Declared with fallback == true */
967 if( status != PSA_ERROR_NOT_SUPPORTED )
968 return( status );
969 #endif /* PSA_CRYPTO_DRIVER_TEST */
970 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
971
972 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
973 return( mbedtls_psa_cipher_encrypt( attributes,
974 key_buffer,
975 key_buffer_size,
976 alg,
977 iv,
978 iv_length,
979 input,
980 input_length,
981 output,
982 output_size,
983 output_length ) );
984 #else
985 return( PSA_ERROR_NOT_SUPPORTED );
986 #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
987
988 /* Add cases for opaque driver here */
989 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
990 #if defined(PSA_CRYPTO_DRIVER_TEST)
991 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
992 return( mbedtls_test_opaque_cipher_encrypt( attributes,
993 key_buffer,
994 key_buffer_size,
995 alg,
996 iv,
997 iv_length,
998 input,
999 input_length,
1000 output,
1001 output_size,
1002 output_length ) );
1003 #endif /* PSA_CRYPTO_DRIVER_TEST */
1004 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1005
1006 default:
1007 /* Key is declared with a lifetime not known to us */
1008 (void)status;
1009 (void)key_buffer;
1010 (void)key_buffer_size;
1011 (void)alg;
1012 (void)iv;
1013 (void)iv_length;
1014 (void)input;
1015 (void)input_length;
1016 (void)output;
1017 (void)output_size;
1018 (void)output_length;
1019 return( PSA_ERROR_INVALID_ARGUMENT );
1020 }
1021 }
1022
psa_driver_wrapper_cipher_decrypt(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * input,size_t input_length,uint8_t * output,size_t output_size,size_t * output_length)1023 psa_status_t psa_driver_wrapper_cipher_decrypt(
1024 const psa_key_attributes_t *attributes,
1025 const uint8_t *key_buffer,
1026 size_t key_buffer_size,
1027 psa_algorithm_t alg,
1028 const uint8_t *input,
1029 size_t input_length,
1030 uint8_t *output,
1031 size_t output_size,
1032 size_t *output_length )
1033 {
1034 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1035 psa_key_location_t location =
1036 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1037
1038 switch( location )
1039 {
1040 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1041 /* Key is stored in the slot in export representation, so
1042 * cycle through all known transparent accelerators */
1043 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1044 #if defined(PSA_CRYPTO_DRIVER_TEST)
1045 status = mbedtls_test_transparent_cipher_decrypt( attributes,
1046 key_buffer,
1047 key_buffer_size,
1048 alg,
1049 input,
1050 input_length,
1051 output,
1052 output_size,
1053 output_length );
1054 /* Declared with fallback == true */
1055 if( status != PSA_ERROR_NOT_SUPPORTED )
1056 return( status );
1057 #endif /* PSA_CRYPTO_DRIVER_TEST */
1058 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1059
1060 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1061 return( mbedtls_psa_cipher_decrypt( attributes,
1062 key_buffer,
1063 key_buffer_size,
1064 alg,
1065 input,
1066 input_length,
1067 output,
1068 output_size,
1069 output_length ) );
1070 #else
1071 return( PSA_ERROR_NOT_SUPPORTED );
1072 #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1073
1074 /* Add cases for opaque driver here */
1075 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1076 #if defined(PSA_CRYPTO_DRIVER_TEST)
1077 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
1078 return( mbedtls_test_opaque_cipher_decrypt( attributes,
1079 key_buffer,
1080 key_buffer_size,
1081 alg,
1082 input,
1083 input_length,
1084 output,
1085 output_size,
1086 output_length ) );
1087 #endif /* PSA_CRYPTO_DRIVER_TEST */
1088 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1089
1090 default:
1091 /* Key is declared with a lifetime not known to us */
1092 (void)status;
1093 (void)key_buffer;
1094 (void)key_buffer_size;
1095 (void)alg;
1096 (void)input;
1097 (void)input_length;
1098 (void)output;
1099 (void)output_size;
1100 (void)output_length;
1101 return( PSA_ERROR_INVALID_ARGUMENT );
1102 }
1103 }
1104
psa_driver_wrapper_cipher_encrypt_setup(psa_cipher_operation_t * operation,const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg)1105 psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
1106 psa_cipher_operation_t *operation,
1107 const psa_key_attributes_t *attributes,
1108 const uint8_t *key_buffer, size_t key_buffer_size,
1109 psa_algorithm_t alg )
1110 {
1111 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1112 psa_key_location_t location =
1113 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1114
1115 switch( location )
1116 {
1117 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1118 /* Key is stored in the slot in export representation, so
1119 * cycle through all known transparent accelerators */
1120 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1121 #if defined(PSA_CRYPTO_DRIVER_TEST)
1122 status = mbedtls_test_transparent_cipher_encrypt_setup(
1123 &operation->ctx.transparent_test_driver_ctx,
1124 attributes,
1125 key_buffer,
1126 key_buffer_size,
1127 alg );
1128 /* Declared with fallback == true */
1129 if( status == PSA_SUCCESS )
1130 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
1131
1132 if( status != PSA_ERROR_NOT_SUPPORTED )
1133 return( status );
1134 #endif /* PSA_CRYPTO_DRIVER_TEST */
1135 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1136 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1137 /* Fell through, meaning no accelerator supports this operation */
1138 status = mbedtls_psa_cipher_encrypt_setup( &operation->ctx.mbedtls_ctx,
1139 attributes,
1140 key_buffer,
1141 key_buffer_size,
1142 alg );
1143 if( status == PSA_SUCCESS )
1144 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1145
1146 if( status != PSA_ERROR_NOT_SUPPORTED )
1147 return( status );
1148 #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1149 return( PSA_ERROR_NOT_SUPPORTED );
1150
1151 /* Add cases for opaque driver here */
1152 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1153 #if defined(PSA_CRYPTO_DRIVER_TEST)
1154 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
1155 status = mbedtls_test_opaque_cipher_encrypt_setup(
1156 &operation->ctx.opaque_test_driver_ctx,
1157 attributes,
1158 key_buffer, key_buffer_size,
1159 alg );
1160
1161 if( status == PSA_SUCCESS )
1162 operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID;
1163
1164 return( status );
1165 #endif /* PSA_CRYPTO_DRIVER_TEST */
1166 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1167 default:
1168 /* Key is declared with a lifetime not known to us */
1169 (void)status;
1170 (void)operation;
1171 (void)key_buffer;
1172 (void)key_buffer_size;
1173 (void)alg;
1174 return( PSA_ERROR_INVALID_ARGUMENT );
1175 }
1176 }
1177
psa_driver_wrapper_cipher_decrypt_setup(psa_cipher_operation_t * operation,const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg)1178 psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
1179 psa_cipher_operation_t *operation,
1180 const psa_key_attributes_t *attributes,
1181 const uint8_t *key_buffer, size_t key_buffer_size,
1182 psa_algorithm_t alg )
1183 {
1184 psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
1185 psa_key_location_t location =
1186 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1187
1188 switch( location )
1189 {
1190 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1191 /* Key is stored in the slot in export representation, so
1192 * cycle through all known transparent accelerators */
1193 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1194 #if defined(PSA_CRYPTO_DRIVER_TEST)
1195 status = mbedtls_test_transparent_cipher_decrypt_setup(
1196 &operation->ctx.transparent_test_driver_ctx,
1197 attributes,
1198 key_buffer,
1199 key_buffer_size,
1200 alg );
1201 /* Declared with fallback == true */
1202 if( status == PSA_SUCCESS )
1203 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
1204
1205 if( status != PSA_ERROR_NOT_SUPPORTED )
1206 return( status );
1207 #endif /* PSA_CRYPTO_DRIVER_TEST */
1208 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1209 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1210 /* Fell through, meaning no accelerator supports this operation */
1211 status = mbedtls_psa_cipher_decrypt_setup( &operation->ctx.mbedtls_ctx,
1212 attributes,
1213 key_buffer,
1214 key_buffer_size,
1215 alg );
1216 if( status == PSA_SUCCESS )
1217 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1218
1219 return( status );
1220 #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1221 return( PSA_ERROR_NOT_SUPPORTED );
1222
1223 /* Add cases for opaque driver here */
1224 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1225 #if defined(PSA_CRYPTO_DRIVER_TEST)
1226 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
1227 status = mbedtls_test_opaque_cipher_decrypt_setup(
1228 &operation->ctx.opaque_test_driver_ctx,
1229 attributes,
1230 key_buffer, key_buffer_size,
1231 alg );
1232
1233 if( status == PSA_SUCCESS )
1234 operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID;
1235
1236 return( status );
1237 #endif /* PSA_CRYPTO_DRIVER_TEST */
1238 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1239 default:
1240 /* Key is declared with a lifetime not known to us */
1241 (void)status;
1242 (void)operation;
1243 (void)key_buffer;
1244 (void)key_buffer_size;
1245 (void)alg;
1246 return( PSA_ERROR_INVALID_ARGUMENT );
1247 }
1248 }
1249
psa_driver_wrapper_cipher_set_iv(psa_cipher_operation_t * operation,const uint8_t * iv,size_t iv_length)1250 psa_status_t psa_driver_wrapper_cipher_set_iv(
1251 psa_cipher_operation_t *operation,
1252 const uint8_t *iv,
1253 size_t iv_length )
1254 {
1255 switch( operation->id )
1256 {
1257 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1258 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1259 return( mbedtls_psa_cipher_set_iv( &operation->ctx.mbedtls_ctx,
1260 iv,
1261 iv_length ) );
1262 #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1263
1264 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1265 #if defined(PSA_CRYPTO_DRIVER_TEST)
1266 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1267 return( mbedtls_test_transparent_cipher_set_iv(
1268 &operation->ctx.transparent_test_driver_ctx,
1269 iv, iv_length ) );
1270
1271 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
1272 return( mbedtls_test_opaque_cipher_set_iv(
1273 &operation->ctx.opaque_test_driver_ctx,
1274 iv, iv_length ) );
1275 #endif /* PSA_CRYPTO_DRIVER_TEST */
1276 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1277 }
1278
1279 (void)iv;
1280 (void)iv_length;
1281
1282 return( PSA_ERROR_INVALID_ARGUMENT );
1283 }
1284
psa_driver_wrapper_cipher_update(psa_cipher_operation_t * operation,const uint8_t * input,size_t input_length,uint8_t * output,size_t output_size,size_t * output_length)1285 psa_status_t psa_driver_wrapper_cipher_update(
1286 psa_cipher_operation_t *operation,
1287 const uint8_t *input,
1288 size_t input_length,
1289 uint8_t *output,
1290 size_t output_size,
1291 size_t *output_length )
1292 {
1293 switch( operation->id )
1294 {
1295 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1296 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1297 return( mbedtls_psa_cipher_update( &operation->ctx.mbedtls_ctx,
1298 input,
1299 input_length,
1300 output,
1301 output_size,
1302 output_length ) );
1303 #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1304
1305 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1306 #if defined(PSA_CRYPTO_DRIVER_TEST)
1307 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1308 return( mbedtls_test_transparent_cipher_update(
1309 &operation->ctx.transparent_test_driver_ctx,
1310 input, input_length,
1311 output, output_size, output_length ) );
1312
1313 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
1314 return( mbedtls_test_opaque_cipher_update(
1315 &operation->ctx.opaque_test_driver_ctx,
1316 input, input_length,
1317 output, output_size, output_length ) );
1318 #endif /* PSA_CRYPTO_DRIVER_TEST */
1319 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1320 }
1321
1322 (void)input;
1323 (void)input_length;
1324 (void)output;
1325 (void)output_size;
1326 (void)output_length;
1327
1328 return( PSA_ERROR_INVALID_ARGUMENT );
1329 }
1330
psa_driver_wrapper_cipher_finish(psa_cipher_operation_t * operation,uint8_t * output,size_t output_size,size_t * output_length)1331 psa_status_t psa_driver_wrapper_cipher_finish(
1332 psa_cipher_operation_t *operation,
1333 uint8_t *output,
1334 size_t output_size,
1335 size_t *output_length )
1336 {
1337 switch( operation->id )
1338 {
1339 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1340 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1341 return( mbedtls_psa_cipher_finish( &operation->ctx.mbedtls_ctx,
1342 output,
1343 output_size,
1344 output_length ) );
1345 #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1346
1347 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1348 #if defined(PSA_CRYPTO_DRIVER_TEST)
1349 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1350 return( mbedtls_test_transparent_cipher_finish(
1351 &operation->ctx.transparent_test_driver_ctx,
1352 output, output_size, output_length ) );
1353
1354 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
1355 return( mbedtls_test_opaque_cipher_finish(
1356 &operation->ctx.opaque_test_driver_ctx,
1357 output, output_size, output_length ) );
1358 #endif /* PSA_CRYPTO_DRIVER_TEST */
1359 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1360 }
1361
1362 (void)output;
1363 (void)output_size;
1364 (void)output_length;
1365
1366 return( PSA_ERROR_INVALID_ARGUMENT );
1367 }
1368
psa_driver_wrapper_cipher_abort(psa_cipher_operation_t * operation)1369 psa_status_t psa_driver_wrapper_cipher_abort(
1370 psa_cipher_operation_t *operation )
1371 {
1372 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1373
1374 switch( operation->id )
1375 {
1376 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1377 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1378 return( mbedtls_psa_cipher_abort( &operation->ctx.mbedtls_ctx ) );
1379 #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1380
1381 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1382 #if defined(PSA_CRYPTO_DRIVER_TEST)
1383 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1384 status = mbedtls_test_transparent_cipher_abort(
1385 &operation->ctx.transparent_test_driver_ctx );
1386 mbedtls_platform_zeroize(
1387 &operation->ctx.transparent_test_driver_ctx,
1388 sizeof( operation->ctx.transparent_test_driver_ctx ) );
1389 return( status );
1390
1391 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
1392 status = mbedtls_test_opaque_cipher_abort(
1393 &operation->ctx.opaque_test_driver_ctx );
1394 mbedtls_platform_zeroize(
1395 &operation->ctx.opaque_test_driver_ctx,
1396 sizeof( operation->ctx.opaque_test_driver_ctx ) );
1397 return( status );
1398 #endif /* PSA_CRYPTO_DRIVER_TEST */
1399 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1400 }
1401
1402 (void)status;
1403 return( PSA_ERROR_INVALID_ARGUMENT );
1404 }
1405
1406 /*
1407 * Hashing functions
1408 */
psa_driver_wrapper_hash_compute(psa_algorithm_t alg,const uint8_t * input,size_t input_length,uint8_t * hash,size_t hash_size,size_t * hash_length)1409 psa_status_t psa_driver_wrapper_hash_compute(
1410 psa_algorithm_t alg,
1411 const uint8_t *input,
1412 size_t input_length,
1413 uint8_t *hash,
1414 size_t hash_size,
1415 size_t *hash_length)
1416 {
1417 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1418
1419 /* Try accelerators first */
1420 #if defined(PSA_CRYPTO_DRIVER_TEST)
1421 status = mbedtls_test_transparent_hash_compute(
1422 alg, input, input_length, hash, hash_size, hash_length );
1423 if( status != PSA_ERROR_NOT_SUPPORTED )
1424 return( status );
1425 #endif
1426
1427 /* If software fallback is compiled in, try fallback */
1428 #if defined(MBEDTLS_PSA_BUILTIN_HASH)
1429 status = mbedtls_psa_hash_compute( alg, input, input_length,
1430 hash, hash_size, hash_length );
1431 if( status != PSA_ERROR_NOT_SUPPORTED )
1432 return( status );
1433 #endif
1434 (void) status;
1435 (void) alg;
1436 (void) input;
1437 (void) input_length;
1438 (void) hash;
1439 (void) hash_size;
1440 (void) hash_length;
1441
1442 return( PSA_ERROR_NOT_SUPPORTED );
1443 }
1444
psa_driver_wrapper_hash_setup(psa_hash_operation_t * operation,psa_algorithm_t alg)1445 psa_status_t psa_driver_wrapper_hash_setup(
1446 psa_hash_operation_t *operation,
1447 psa_algorithm_t alg )
1448 {
1449 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1450
1451 /* Try setup on accelerators first */
1452 #if defined(PSA_CRYPTO_DRIVER_TEST)
1453 status = mbedtls_test_transparent_hash_setup(
1454 &operation->ctx.test_driver_ctx, alg );
1455 if( status == PSA_SUCCESS )
1456 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
1457
1458 if( status != PSA_ERROR_NOT_SUPPORTED )
1459 return( status );
1460 #endif
1461
1462 /* If software fallback is compiled in, try fallback */
1463 #if defined(MBEDTLS_PSA_BUILTIN_HASH)
1464 status = mbedtls_psa_hash_setup( &operation->ctx.mbedtls_ctx, alg );
1465 if( status == PSA_SUCCESS )
1466 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1467
1468 if( status != PSA_ERROR_NOT_SUPPORTED )
1469 return( status );
1470 #endif
1471 /* Nothing left to try if we fall through here */
1472 (void) status;
1473 (void) operation;
1474 (void) alg;
1475 return( PSA_ERROR_NOT_SUPPORTED );
1476 }
1477
psa_driver_wrapper_hash_clone(const psa_hash_operation_t * source_operation,psa_hash_operation_t * target_operation)1478 psa_status_t psa_driver_wrapper_hash_clone(
1479 const psa_hash_operation_t *source_operation,
1480 psa_hash_operation_t *target_operation )
1481 {
1482 switch( source_operation->id )
1483 {
1484 #if defined(MBEDTLS_PSA_BUILTIN_HASH)
1485 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1486 target_operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1487 return( mbedtls_psa_hash_clone( &source_operation->ctx.mbedtls_ctx,
1488 &target_operation->ctx.mbedtls_ctx ) );
1489 #endif
1490 #if defined(PSA_CRYPTO_DRIVER_TEST)
1491 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1492 target_operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
1493 return( mbedtls_test_transparent_hash_clone(
1494 &source_operation->ctx.test_driver_ctx,
1495 &target_operation->ctx.test_driver_ctx ) );
1496 #endif
1497 default:
1498 (void) target_operation;
1499 return( PSA_ERROR_BAD_STATE );
1500 }
1501 }
1502
psa_driver_wrapper_hash_update(psa_hash_operation_t * operation,const uint8_t * input,size_t input_length)1503 psa_status_t psa_driver_wrapper_hash_update(
1504 psa_hash_operation_t *operation,
1505 const uint8_t *input,
1506 size_t input_length )
1507 {
1508 switch( operation->id )
1509 {
1510 #if defined(MBEDTLS_PSA_BUILTIN_HASH)
1511 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1512 return( mbedtls_psa_hash_update( &operation->ctx.mbedtls_ctx,
1513 input, input_length ) );
1514 #endif
1515 #if defined(PSA_CRYPTO_DRIVER_TEST)
1516 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1517 return( mbedtls_test_transparent_hash_update(
1518 &operation->ctx.test_driver_ctx,
1519 input, input_length ) );
1520 #endif
1521 default:
1522 (void) input;
1523 (void) input_length;
1524 return( PSA_ERROR_BAD_STATE );
1525 }
1526 }
1527
psa_driver_wrapper_hash_finish(psa_hash_operation_t * operation,uint8_t * hash,size_t hash_size,size_t * hash_length)1528 psa_status_t psa_driver_wrapper_hash_finish(
1529 psa_hash_operation_t *operation,
1530 uint8_t *hash,
1531 size_t hash_size,
1532 size_t *hash_length )
1533 {
1534 switch( operation->id )
1535 {
1536 #if defined(MBEDTLS_PSA_BUILTIN_HASH)
1537 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1538 return( mbedtls_psa_hash_finish( &operation->ctx.mbedtls_ctx,
1539 hash, hash_size, hash_length ) );
1540 #endif
1541 #if defined(PSA_CRYPTO_DRIVER_TEST)
1542 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1543 return( mbedtls_test_transparent_hash_finish(
1544 &operation->ctx.test_driver_ctx,
1545 hash, hash_size, hash_length ) );
1546 #endif
1547 default:
1548 (void) hash;
1549 (void) hash_size;
1550 (void) hash_length;
1551 return( PSA_ERROR_BAD_STATE );
1552 }
1553 }
1554
psa_driver_wrapper_hash_abort(psa_hash_operation_t * operation)1555 psa_status_t psa_driver_wrapper_hash_abort(
1556 psa_hash_operation_t *operation )
1557 {
1558 switch( operation->id )
1559 {
1560 #if defined(MBEDTLS_PSA_BUILTIN_HASH)
1561 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1562 return( mbedtls_psa_hash_abort( &operation->ctx.mbedtls_ctx ) );
1563 #endif
1564 #if defined(PSA_CRYPTO_DRIVER_TEST)
1565 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1566 return( mbedtls_test_transparent_hash_abort(
1567 &operation->ctx.test_driver_ctx ) );
1568 #endif
1569 default:
1570 return( PSA_ERROR_BAD_STATE );
1571 }
1572 }
1573
psa_driver_wrapper_aead_encrypt(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * nonce,size_t nonce_length,const uint8_t * additional_data,size_t additional_data_length,const uint8_t * plaintext,size_t plaintext_length,uint8_t * ciphertext,size_t ciphertext_size,size_t * ciphertext_length)1574 psa_status_t psa_driver_wrapper_aead_encrypt(
1575 const psa_key_attributes_t *attributes,
1576 const uint8_t *key_buffer, size_t key_buffer_size,
1577 psa_algorithm_t alg,
1578 const uint8_t *nonce, size_t nonce_length,
1579 const uint8_t *additional_data, size_t additional_data_length,
1580 const uint8_t *plaintext, size_t plaintext_length,
1581 uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length )
1582 {
1583 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1584 psa_key_location_t location =
1585 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1586
1587 switch( location )
1588 {
1589 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1590 /* Key is stored in the slot in export representation, so
1591 * cycle through all known transparent accelerators */
1592
1593 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1594 #if defined(PSA_CRYPTO_DRIVER_TEST)
1595 status = mbedtls_test_transparent_aead_encrypt(
1596 attributes, key_buffer, key_buffer_size,
1597 alg,
1598 nonce, nonce_length,
1599 additional_data, additional_data_length,
1600 plaintext, plaintext_length,
1601 ciphertext, ciphertext_size, ciphertext_length );
1602 /* Declared with fallback == true */
1603 if( status != PSA_ERROR_NOT_SUPPORTED )
1604 return( status );
1605 #endif /* PSA_CRYPTO_DRIVER_TEST */
1606 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1607
1608 /* Fell through, meaning no accelerator supports this operation */
1609 return( mbedtls_psa_aead_encrypt(
1610 attributes, key_buffer, key_buffer_size,
1611 alg,
1612 nonce, nonce_length,
1613 additional_data, additional_data_length,
1614 plaintext, plaintext_length,
1615 ciphertext, ciphertext_size, ciphertext_length ) );
1616
1617 /* Add cases for opaque driver here */
1618
1619 default:
1620 /* Key is declared with a lifetime not known to us */
1621 (void)status;
1622 return( PSA_ERROR_INVALID_ARGUMENT );
1623 }
1624 }
1625
psa_driver_wrapper_aead_decrypt(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * nonce,size_t nonce_length,const uint8_t * additional_data,size_t additional_data_length,const uint8_t * ciphertext,size_t ciphertext_length,uint8_t * plaintext,size_t plaintext_size,size_t * plaintext_length)1626 psa_status_t psa_driver_wrapper_aead_decrypt(
1627 const psa_key_attributes_t *attributes,
1628 const uint8_t *key_buffer, size_t key_buffer_size,
1629 psa_algorithm_t alg,
1630 const uint8_t *nonce, size_t nonce_length,
1631 const uint8_t *additional_data, size_t additional_data_length,
1632 const uint8_t *ciphertext, size_t ciphertext_length,
1633 uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length )
1634 {
1635 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1636 psa_key_location_t location =
1637 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1638
1639 switch( location )
1640 {
1641 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1642 /* Key is stored in the slot in export representation, so
1643 * cycle through all known transparent accelerators */
1644
1645 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1646 #if defined(PSA_CRYPTO_DRIVER_TEST)
1647 status = mbedtls_test_transparent_aead_decrypt(
1648 attributes, key_buffer, key_buffer_size,
1649 alg,
1650 nonce, nonce_length,
1651 additional_data, additional_data_length,
1652 ciphertext, ciphertext_length,
1653 plaintext, plaintext_size, plaintext_length );
1654 /* Declared with fallback == true */
1655 if( status != PSA_ERROR_NOT_SUPPORTED )
1656 return( status );
1657 #endif /* PSA_CRYPTO_DRIVER_TEST */
1658 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1659
1660 /* Fell through, meaning no accelerator supports this operation */
1661 return( mbedtls_psa_aead_decrypt(
1662 attributes, key_buffer, key_buffer_size,
1663 alg,
1664 nonce, nonce_length,
1665 additional_data, additional_data_length,
1666 ciphertext, ciphertext_length,
1667 plaintext, plaintext_size, plaintext_length ) );
1668
1669 /* Add cases for opaque driver here */
1670
1671 default:
1672 /* Key is declared with a lifetime not known to us */
1673 (void)status;
1674 return( PSA_ERROR_INVALID_ARGUMENT );
1675 }
1676 }
1677
psa_driver_wrapper_aead_encrypt_setup(psa_aead_operation_t * operation,const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg)1678 psa_status_t psa_driver_wrapper_aead_encrypt_setup(
1679 psa_aead_operation_t *operation,
1680 const psa_key_attributes_t *attributes,
1681 const uint8_t *key_buffer, size_t key_buffer_size,
1682 psa_algorithm_t alg )
1683 {
1684 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1685 psa_key_location_t location =
1686 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1687
1688 switch( location )
1689 {
1690 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1691 /* Key is stored in the slot in export representation, so
1692 * cycle through all known transparent accelerators */
1693
1694 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1695 #if defined(PSA_CRYPTO_DRIVER_TEST)
1696 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
1697 status = mbedtls_test_transparent_aead_encrypt_setup(
1698 &operation->ctx.transparent_test_driver_ctx,
1699 attributes, key_buffer, key_buffer_size,
1700 alg );
1701
1702 /* Declared with fallback == true */
1703 if( status != PSA_ERROR_NOT_SUPPORTED )
1704 return( status );
1705 #endif /* PSA_CRYPTO_DRIVER_TEST */
1706 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1707
1708 /* Fell through, meaning no accelerator supports this operation */
1709 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1710 status = mbedtls_psa_aead_encrypt_setup(
1711 &operation->ctx.mbedtls_ctx, attributes,
1712 key_buffer, key_buffer_size,
1713 alg );
1714
1715 return( status );
1716
1717 /* Add cases for opaque driver here */
1718
1719 default:
1720 /* Key is declared with a lifetime not known to us */
1721 (void)status;
1722 return( PSA_ERROR_INVALID_ARGUMENT );
1723 }
1724 }
1725
psa_driver_wrapper_aead_decrypt_setup(psa_aead_operation_t * operation,const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg)1726 psa_status_t psa_driver_wrapper_aead_decrypt_setup(
1727 psa_aead_operation_t *operation,
1728 const psa_key_attributes_t *attributes,
1729 const uint8_t *key_buffer, size_t key_buffer_size,
1730 psa_algorithm_t alg )
1731 {
1732 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1733 psa_key_location_t location =
1734 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1735
1736 switch( location )
1737 {
1738 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1739 /* Key is stored in the slot in export representation, so
1740 * cycle through all known transparent accelerators */
1741
1742 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1743 #if defined(PSA_CRYPTO_DRIVER_TEST)
1744 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
1745 status = mbedtls_test_transparent_aead_decrypt_setup(
1746 &operation->ctx.transparent_test_driver_ctx,
1747 attributes,
1748 key_buffer, key_buffer_size,
1749 alg );
1750
1751 /* Declared with fallback == true */
1752 if( status != PSA_ERROR_NOT_SUPPORTED )
1753 return( status );
1754 #endif /* PSA_CRYPTO_DRIVER_TEST */
1755 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1756
1757 /* Fell through, meaning no accelerator supports this operation */
1758 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1759 status = mbedtls_psa_aead_decrypt_setup(
1760 &operation->ctx.mbedtls_ctx,
1761 attributes,
1762 key_buffer, key_buffer_size,
1763 alg );
1764
1765 return( status );
1766
1767 /* Add cases for opaque driver here */
1768
1769 default:
1770 /* Key is declared with a lifetime not known to us */
1771 (void)status;
1772 return( PSA_ERROR_INVALID_ARGUMENT );
1773 }
1774 }
1775
psa_driver_wrapper_aead_set_nonce(psa_aead_operation_t * operation,const uint8_t * nonce,size_t nonce_length)1776 psa_status_t psa_driver_wrapper_aead_set_nonce(
1777 psa_aead_operation_t *operation,
1778 const uint8_t *nonce,
1779 size_t nonce_length )
1780 {
1781 switch( operation->id )
1782 {
1783 #if defined(MBEDTLS_PSA_BUILTIN_AEAD)
1784 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1785 return( mbedtls_psa_aead_set_nonce( &operation->ctx.mbedtls_ctx,
1786 nonce,
1787 nonce_length ) );
1788
1789 #endif /* MBEDTLS_PSA_BUILTIN_AEAD */
1790
1791 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1792 #if defined(PSA_CRYPTO_DRIVER_TEST)
1793 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1794 return( mbedtls_test_transparent_aead_set_nonce(
1795 &operation->ctx.transparent_test_driver_ctx,
1796 nonce, nonce_length ) );
1797
1798 /* Add cases for opaque driver here */
1799
1800 #endif /* PSA_CRYPTO_DRIVER_TEST */
1801 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1802 }
1803
1804 (void)nonce;
1805 (void)nonce_length;
1806
1807 return( PSA_ERROR_INVALID_ARGUMENT );
1808 }
1809
psa_driver_wrapper_aead_set_lengths(psa_aead_operation_t * operation,size_t ad_length,size_t plaintext_length)1810 psa_status_t psa_driver_wrapper_aead_set_lengths(
1811 psa_aead_operation_t *operation,
1812 size_t ad_length,
1813 size_t plaintext_length )
1814 {
1815 switch( operation->id )
1816 {
1817 #if defined(MBEDTLS_PSA_BUILTIN_AEAD)
1818 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1819 return( mbedtls_psa_aead_set_lengths( &operation->ctx.mbedtls_ctx,
1820 ad_length,
1821 plaintext_length ) );
1822
1823 #endif /* MBEDTLS_PSA_BUILTIN_AEAD */
1824
1825 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1826 #if defined(PSA_CRYPTO_DRIVER_TEST)
1827 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1828 return( mbedtls_test_transparent_aead_set_lengths(
1829 &operation->ctx.transparent_test_driver_ctx,
1830 ad_length, plaintext_length ) );
1831
1832 /* Add cases for opaque driver here */
1833
1834 #endif /* PSA_CRYPTO_DRIVER_TEST */
1835 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1836 }
1837
1838 (void)ad_length;
1839 (void)plaintext_length;
1840
1841 return( PSA_ERROR_INVALID_ARGUMENT );
1842 }
1843
psa_driver_wrapper_aead_update_ad(psa_aead_operation_t * operation,const uint8_t * input,size_t input_length)1844 psa_status_t psa_driver_wrapper_aead_update_ad(
1845 psa_aead_operation_t *operation,
1846 const uint8_t *input,
1847 size_t input_length )
1848 {
1849 switch( operation->id )
1850 {
1851 #if defined(MBEDTLS_PSA_BUILTIN_AEAD)
1852 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1853 return( mbedtls_psa_aead_update_ad( &operation->ctx.mbedtls_ctx,
1854 input,
1855 input_length ) );
1856
1857 #endif /* MBEDTLS_PSA_BUILTIN_AEAD */
1858
1859 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1860 #if defined(PSA_CRYPTO_DRIVER_TEST)
1861 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1862 return( mbedtls_test_transparent_aead_update_ad(
1863 &operation->ctx.transparent_test_driver_ctx,
1864 input, input_length ) );
1865
1866 /* Add cases for opaque driver here */
1867
1868 #endif /* PSA_CRYPTO_DRIVER_TEST */
1869 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1870 }
1871
1872 (void)input;
1873 (void)input_length;
1874
1875 return( PSA_ERROR_INVALID_ARGUMENT );
1876 }
1877
psa_driver_wrapper_aead_update(psa_aead_operation_t * operation,const uint8_t * input,size_t input_length,uint8_t * output,size_t output_size,size_t * output_length)1878 psa_status_t psa_driver_wrapper_aead_update(
1879 psa_aead_operation_t *operation,
1880 const uint8_t *input,
1881 size_t input_length,
1882 uint8_t *output,
1883 size_t output_size,
1884 size_t *output_length )
1885 {
1886 switch( operation->id )
1887 {
1888 #if defined(MBEDTLS_PSA_BUILTIN_AEAD)
1889 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1890 return( mbedtls_psa_aead_update( &operation->ctx.mbedtls_ctx,
1891 input, input_length,
1892 output, output_size,
1893 output_length ) );
1894
1895 #endif /* MBEDTLS_PSA_BUILTIN_AEAD */
1896
1897 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1898 #if defined(PSA_CRYPTO_DRIVER_TEST)
1899 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1900 return( mbedtls_test_transparent_aead_update(
1901 &operation->ctx.transparent_test_driver_ctx,
1902 input, input_length, output, output_size,
1903 output_length ) );
1904
1905 /* Add cases for opaque driver here */
1906
1907 #endif /* PSA_CRYPTO_DRIVER_TEST */
1908 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1909 }
1910
1911 (void)input;
1912 (void)input_length;
1913 (void)output;
1914 (void)output_size;
1915 (void)output_length;
1916
1917 return( PSA_ERROR_INVALID_ARGUMENT );
1918 }
1919
psa_driver_wrapper_aead_finish(psa_aead_operation_t * operation,uint8_t * ciphertext,size_t ciphertext_size,size_t * ciphertext_length,uint8_t * tag,size_t tag_size,size_t * tag_length)1920 psa_status_t psa_driver_wrapper_aead_finish(
1921 psa_aead_operation_t *operation,
1922 uint8_t *ciphertext,
1923 size_t ciphertext_size,
1924 size_t *ciphertext_length,
1925 uint8_t *tag,
1926 size_t tag_size,
1927 size_t *tag_length )
1928 {
1929 switch( operation->id )
1930 {
1931 #if defined(MBEDTLS_PSA_BUILTIN_AEAD)
1932 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1933 return( mbedtls_psa_aead_finish( &operation->ctx.mbedtls_ctx,
1934 ciphertext,
1935 ciphertext_size,
1936 ciphertext_length, tag,
1937 tag_size, tag_length ) );
1938
1939 #endif /* MBEDTLS_PSA_BUILTIN_AEAD */
1940
1941 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1942 #if defined(PSA_CRYPTO_DRIVER_TEST)
1943 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1944 return( mbedtls_test_transparent_aead_finish(
1945 &operation->ctx.transparent_test_driver_ctx,
1946 ciphertext, ciphertext_size,
1947 ciphertext_length, tag, tag_size, tag_length ) );
1948
1949 /* Add cases for opaque driver here */
1950
1951 #endif /* PSA_CRYPTO_DRIVER_TEST */
1952 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1953 }
1954
1955 (void)ciphertext;
1956 (void)ciphertext_size;
1957 (void)ciphertext_length;
1958 (void)tag;
1959 (void)tag_size;
1960 (void)tag_length;
1961
1962 return( PSA_ERROR_INVALID_ARGUMENT );
1963 }
1964
psa_driver_wrapper_aead_verify(psa_aead_operation_t * operation,uint8_t * plaintext,size_t plaintext_size,size_t * plaintext_length,const uint8_t * tag,size_t tag_length)1965 psa_status_t psa_driver_wrapper_aead_verify(
1966 psa_aead_operation_t *operation,
1967 uint8_t *plaintext,
1968 size_t plaintext_size,
1969 size_t *plaintext_length,
1970 const uint8_t *tag,
1971 size_t tag_length )
1972 {
1973 switch( operation->id )
1974 {
1975 #if defined(MBEDTLS_PSA_BUILTIN_AEAD)
1976 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1977 {
1978 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1979 uint8_t check_tag[PSA_AEAD_TAG_MAX_SIZE];
1980 size_t check_tag_length;
1981
1982 status = mbedtls_psa_aead_finish( &operation->ctx.mbedtls_ctx,
1983 plaintext,
1984 plaintext_size,
1985 plaintext_length,
1986 check_tag,
1987 sizeof( check_tag ),
1988 &check_tag_length );
1989
1990 if( status == PSA_SUCCESS )
1991 {
1992 if( tag_length != check_tag_length ||
1993 mbedtls_psa_safer_memcmp( tag, check_tag, tag_length )
1994 != 0 )
1995 status = PSA_ERROR_INVALID_SIGNATURE;
1996 }
1997
1998 mbedtls_platform_zeroize( check_tag, sizeof( check_tag ) );
1999
2000 return( status );
2001 }
2002
2003 #endif /* MBEDTLS_PSA_BUILTIN_AEAD */
2004
2005 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2006 #if defined(PSA_CRYPTO_DRIVER_TEST)
2007 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2008 return( mbedtls_test_transparent_aead_verify(
2009 &operation->ctx.transparent_test_driver_ctx,
2010 plaintext, plaintext_size,
2011 plaintext_length, tag, tag_length ) );
2012
2013 /* Add cases for opaque driver here */
2014
2015 #endif /* PSA_CRYPTO_DRIVER_TEST */
2016 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2017 }
2018
2019 (void)plaintext;
2020 (void)plaintext_size;
2021 (void)plaintext_length;
2022 (void)tag;
2023 (void)tag_length;
2024
2025 return( PSA_ERROR_INVALID_ARGUMENT );
2026 }
2027
psa_driver_wrapper_aead_abort(psa_aead_operation_t * operation)2028 psa_status_t psa_driver_wrapper_aead_abort(
2029 psa_aead_operation_t *operation )
2030 {
2031 switch( operation->id )
2032 {
2033 #if defined(MBEDTLS_PSA_BUILTIN_AEAD)
2034 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2035 return( mbedtls_psa_aead_abort( &operation->ctx.mbedtls_ctx ) );
2036
2037 #endif /* MBEDTLS_PSA_BUILTIN_AEAD */
2038
2039 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2040 #if defined(PSA_CRYPTO_DRIVER_TEST)
2041 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2042 return( mbedtls_test_transparent_aead_abort(
2043 &operation->ctx.transparent_test_driver_ctx ) );
2044
2045 /* Add cases for opaque driver here */
2046
2047 #endif /* PSA_CRYPTO_DRIVER_TEST */
2048 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2049 }
2050
2051 return( PSA_ERROR_INVALID_ARGUMENT );
2052 }
2053
2054 /*
2055 * MAC functions
2056 */
psa_driver_wrapper_mac_compute(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * input,size_t input_length,uint8_t * mac,size_t mac_size,size_t * mac_length)2057 psa_status_t psa_driver_wrapper_mac_compute(
2058 const psa_key_attributes_t *attributes,
2059 const uint8_t *key_buffer,
2060 size_t key_buffer_size,
2061 psa_algorithm_t alg,
2062 const uint8_t *input,
2063 size_t input_length,
2064 uint8_t *mac,
2065 size_t mac_size,
2066 size_t *mac_length )
2067 {
2068 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2069 psa_key_location_t location =
2070 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
2071
2072 switch( location )
2073 {
2074 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2075 /* Key is stored in the slot in export representation, so
2076 * cycle through all known transparent accelerators */
2077 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2078 #if defined(PSA_CRYPTO_DRIVER_TEST)
2079 status = mbedtls_test_transparent_mac_compute(
2080 attributes, key_buffer, key_buffer_size, alg,
2081 input, input_length,
2082 mac, mac_size, mac_length );
2083 /* Declared with fallback == true */
2084 if( status != PSA_ERROR_NOT_SUPPORTED )
2085 return( status );
2086 #endif /* PSA_CRYPTO_DRIVER_TEST */
2087 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2088 #if defined(MBEDTLS_PSA_BUILTIN_MAC)
2089 /* Fell through, meaning no accelerator supports this operation */
2090 status = mbedtls_psa_mac_compute(
2091 attributes, key_buffer, key_buffer_size, alg,
2092 input, input_length,
2093 mac, mac_size, mac_length );
2094 if( status != PSA_ERROR_NOT_SUPPORTED )
2095 return( status );
2096 #endif /* MBEDTLS_PSA_BUILTIN_MAC */
2097 return( PSA_ERROR_NOT_SUPPORTED );
2098
2099 /* Add cases for opaque driver here */
2100 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2101 #if defined(PSA_CRYPTO_DRIVER_TEST)
2102 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2103 status = mbedtls_test_opaque_mac_compute(
2104 attributes, key_buffer, key_buffer_size, alg,
2105 input, input_length,
2106 mac, mac_size, mac_length );
2107 return( status );
2108 #endif /* PSA_CRYPTO_DRIVER_TEST */
2109 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2110 default:
2111 /* Key is declared with a lifetime not known to us */
2112 (void) key_buffer;
2113 (void) key_buffer_size;
2114 (void) alg;
2115 (void) input;
2116 (void) input_length;
2117 (void) mac;
2118 (void) mac_size;
2119 (void) mac_length;
2120 (void) status;
2121 return( PSA_ERROR_INVALID_ARGUMENT );
2122 }
2123 }
2124
psa_driver_wrapper_mac_sign_setup(psa_mac_operation_t * operation,const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg)2125 psa_status_t psa_driver_wrapper_mac_sign_setup(
2126 psa_mac_operation_t *operation,
2127 const psa_key_attributes_t *attributes,
2128 const uint8_t *key_buffer,
2129 size_t key_buffer_size,
2130 psa_algorithm_t alg )
2131 {
2132 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2133 psa_key_location_t location =
2134 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
2135
2136 switch( location )
2137 {
2138 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2139 /* Key is stored in the slot in export representation, so
2140 * cycle through all known transparent accelerators */
2141 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2142 #if defined(PSA_CRYPTO_DRIVER_TEST)
2143 status = mbedtls_test_transparent_mac_sign_setup(
2144 &operation->ctx.transparent_test_driver_ctx,
2145 attributes,
2146 key_buffer, key_buffer_size,
2147 alg );
2148 /* Declared with fallback == true */
2149 if( status == PSA_SUCCESS )
2150 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
2151
2152 if( status != PSA_ERROR_NOT_SUPPORTED )
2153 return( status );
2154 #endif /* PSA_CRYPTO_DRIVER_TEST */
2155 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2156 #if defined(MBEDTLS_PSA_BUILTIN_MAC)
2157 /* Fell through, meaning no accelerator supports this operation */
2158 status = mbedtls_psa_mac_sign_setup( &operation->ctx.mbedtls_ctx,
2159 attributes,
2160 key_buffer, key_buffer_size,
2161 alg );
2162 if( status == PSA_SUCCESS )
2163 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
2164
2165 if( status != PSA_ERROR_NOT_SUPPORTED )
2166 return( status );
2167 #endif /* MBEDTLS_PSA_BUILTIN_MAC */
2168 return( PSA_ERROR_NOT_SUPPORTED );
2169
2170 /* Add cases for opaque driver here */
2171 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2172 #if defined(PSA_CRYPTO_DRIVER_TEST)
2173 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2174 status = mbedtls_test_opaque_mac_sign_setup(
2175 &operation->ctx.opaque_test_driver_ctx,
2176 attributes,
2177 key_buffer, key_buffer_size,
2178 alg );
2179
2180 if( status == PSA_SUCCESS )
2181 operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID;
2182
2183 return( status );
2184 #endif /* PSA_CRYPTO_DRIVER_TEST */
2185 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2186 default:
2187 /* Key is declared with a lifetime not known to us */
2188 (void) status;
2189 (void) operation;
2190 (void) key_buffer;
2191 (void) key_buffer_size;
2192 (void) alg;
2193 return( PSA_ERROR_INVALID_ARGUMENT );
2194 }
2195 }
2196
psa_driver_wrapper_mac_verify_setup(psa_mac_operation_t * operation,const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg)2197 psa_status_t psa_driver_wrapper_mac_verify_setup(
2198 psa_mac_operation_t *operation,
2199 const psa_key_attributes_t *attributes,
2200 const uint8_t *key_buffer,
2201 size_t key_buffer_size,
2202 psa_algorithm_t alg )
2203 {
2204 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2205 psa_key_location_t location =
2206 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
2207
2208 switch( location )
2209 {
2210 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2211 /* Key is stored in the slot in export representation, so
2212 * cycle through all known transparent accelerators */
2213 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2214 #if defined(PSA_CRYPTO_DRIVER_TEST)
2215 status = mbedtls_test_transparent_mac_verify_setup(
2216 &operation->ctx.transparent_test_driver_ctx,
2217 attributes,
2218 key_buffer, key_buffer_size,
2219 alg );
2220 /* Declared with fallback == true */
2221 if( status == PSA_SUCCESS )
2222 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
2223
2224 if( status != PSA_ERROR_NOT_SUPPORTED )
2225 return( status );
2226 #endif /* PSA_CRYPTO_DRIVER_TEST */
2227 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2228 #if defined(MBEDTLS_PSA_BUILTIN_MAC)
2229 /* Fell through, meaning no accelerator supports this operation */
2230 status = mbedtls_psa_mac_verify_setup( &operation->ctx.mbedtls_ctx,
2231 attributes,
2232 key_buffer, key_buffer_size,
2233 alg );
2234 if( status == PSA_SUCCESS )
2235 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
2236
2237 if( status != PSA_ERROR_NOT_SUPPORTED )
2238 return( status );
2239 #endif /* MBEDTLS_PSA_BUILTIN_MAC */
2240 return( PSA_ERROR_NOT_SUPPORTED );
2241
2242 /* Add cases for opaque driver here */
2243 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2244 #if defined(PSA_CRYPTO_DRIVER_TEST)
2245 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2246 status = mbedtls_test_opaque_mac_verify_setup(
2247 &operation->ctx.opaque_test_driver_ctx,
2248 attributes,
2249 key_buffer, key_buffer_size,
2250 alg );
2251
2252 if( status == PSA_SUCCESS )
2253 operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID;
2254
2255 return( status );
2256 #endif /* PSA_CRYPTO_DRIVER_TEST */
2257 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2258 default:
2259 /* Key is declared with a lifetime not known to us */
2260 (void) status;
2261 (void) operation;
2262 (void) key_buffer;
2263 (void) key_buffer_size;
2264 (void) alg;
2265 return( PSA_ERROR_INVALID_ARGUMENT );
2266 }
2267 }
2268
psa_driver_wrapper_mac_update(psa_mac_operation_t * operation,const uint8_t * input,size_t input_length)2269 psa_status_t psa_driver_wrapper_mac_update(
2270 psa_mac_operation_t *operation,
2271 const uint8_t *input,
2272 size_t input_length )
2273 {
2274 switch( operation->id )
2275 {
2276 #if defined(MBEDTLS_PSA_BUILTIN_MAC)
2277 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2278 return( mbedtls_psa_mac_update( &operation->ctx.mbedtls_ctx,
2279 input, input_length ) );
2280 #endif /* MBEDTLS_PSA_BUILTIN_MAC */
2281
2282 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2283 #if defined(PSA_CRYPTO_DRIVER_TEST)
2284 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2285 return( mbedtls_test_transparent_mac_update(
2286 &operation->ctx.transparent_test_driver_ctx,
2287 input, input_length ) );
2288
2289 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
2290 return( mbedtls_test_opaque_mac_update(
2291 &operation->ctx.opaque_test_driver_ctx,
2292 input, input_length ) );
2293 #endif /* PSA_CRYPTO_DRIVER_TEST */
2294 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2295 default:
2296 (void) input;
2297 (void) input_length;
2298 return( PSA_ERROR_INVALID_ARGUMENT );
2299 }
2300 }
2301
psa_driver_wrapper_mac_sign_finish(psa_mac_operation_t * operation,uint8_t * mac,size_t mac_size,size_t * mac_length)2302 psa_status_t psa_driver_wrapper_mac_sign_finish(
2303 psa_mac_operation_t *operation,
2304 uint8_t *mac,
2305 size_t mac_size,
2306 size_t *mac_length )
2307 {
2308 switch( operation->id )
2309 {
2310 #if defined(MBEDTLS_PSA_BUILTIN_MAC)
2311 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2312 return( mbedtls_psa_mac_sign_finish( &operation->ctx.mbedtls_ctx,
2313 mac, mac_size, mac_length ) );
2314 #endif /* MBEDTLS_PSA_BUILTIN_MAC */
2315
2316 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2317 #if defined(PSA_CRYPTO_DRIVER_TEST)
2318 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2319 return( mbedtls_test_transparent_mac_sign_finish(
2320 &operation->ctx.transparent_test_driver_ctx,
2321 mac, mac_size, mac_length ) );
2322
2323 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
2324 return( mbedtls_test_opaque_mac_sign_finish(
2325 &operation->ctx.opaque_test_driver_ctx,
2326 mac, mac_size, mac_length ) );
2327 #endif /* PSA_CRYPTO_DRIVER_TEST */
2328 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2329 default:
2330 (void) mac;
2331 (void) mac_size;
2332 (void) mac_length;
2333 return( PSA_ERROR_INVALID_ARGUMENT );
2334 }
2335 }
2336
psa_driver_wrapper_mac_verify_finish(psa_mac_operation_t * operation,const uint8_t * mac,size_t mac_length)2337 psa_status_t psa_driver_wrapper_mac_verify_finish(
2338 psa_mac_operation_t *operation,
2339 const uint8_t *mac,
2340 size_t mac_length )
2341 {
2342 switch( operation->id )
2343 {
2344 #if defined(MBEDTLS_PSA_BUILTIN_MAC)
2345 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2346 return( mbedtls_psa_mac_verify_finish( &operation->ctx.mbedtls_ctx,
2347 mac, mac_length ) );
2348 #endif /* MBEDTLS_PSA_BUILTIN_MAC */
2349
2350 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2351 #if defined(PSA_CRYPTO_DRIVER_TEST)
2352 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2353 return( mbedtls_test_transparent_mac_verify_finish(
2354 &operation->ctx.transparent_test_driver_ctx,
2355 mac, mac_length ) );
2356
2357 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
2358 return( mbedtls_test_opaque_mac_verify_finish(
2359 &operation->ctx.opaque_test_driver_ctx,
2360 mac, mac_length ) );
2361 #endif /* PSA_CRYPTO_DRIVER_TEST */
2362 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2363 default:
2364 (void) mac;
2365 (void) mac_length;
2366 return( PSA_ERROR_INVALID_ARGUMENT );
2367 }
2368 }
2369
psa_driver_wrapper_mac_abort(psa_mac_operation_t * operation)2370 psa_status_t psa_driver_wrapper_mac_abort(
2371 psa_mac_operation_t *operation )
2372 {
2373 switch( operation->id )
2374 {
2375 #if defined(MBEDTLS_PSA_BUILTIN_MAC)
2376 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2377 return( mbedtls_psa_mac_abort( &operation->ctx.mbedtls_ctx ) );
2378 #endif /* MBEDTLS_PSA_BUILTIN_MAC */
2379
2380 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2381 #if defined(PSA_CRYPTO_DRIVER_TEST)
2382 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2383 return( mbedtls_test_transparent_mac_abort(
2384 &operation->ctx.transparent_test_driver_ctx ) );
2385 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
2386 return( mbedtls_test_opaque_mac_abort(
2387 &operation->ctx.opaque_test_driver_ctx ) );
2388 #endif /* PSA_CRYPTO_DRIVER_TEST */
2389 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2390 default:
2391 return( PSA_ERROR_INVALID_ARGUMENT );
2392 }
2393 }
2394
2395 /*
2396 * Asymmetric cryptography
2397 */
psa_driver_wrapper_asymmetric_encrypt(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * input,size_t input_length,const uint8_t * salt,size_t salt_length,uint8_t * output,size_t output_size,size_t * output_length)2398 psa_status_t psa_driver_wrapper_asymmetric_encrypt(
2399 const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
2400 size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input,
2401 size_t input_length, const uint8_t *salt, size_t salt_length,
2402 uint8_t *output, size_t output_size, size_t *output_length )
2403 {
2404 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2405 psa_key_location_t location =
2406 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
2407
2408 switch( location )
2409 {
2410 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2411 /* Key is stored in the slot in export representation, so
2412 * cycle through all known transparent accelerators */
2413 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2414 #if defined(PSA_CRYPTO_DRIVER_TEST)
2415 status = mbedtls_test_transparent_asymmetric_encrypt( attributes,
2416 key_buffer, key_buffer_size, alg, input, input_length,
2417 salt, salt_length, output, output_size,
2418 output_length );
2419 /* Declared with fallback == true */
2420 if( status != PSA_ERROR_NOT_SUPPORTED )
2421 return( status );
2422 #endif /* PSA_CRYPTO_DRIVER_TEST */
2423 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2424 return( mbedtls_psa_asymmetric_encrypt( attributes,
2425 key_buffer, key_buffer_size, alg, input, input_length,
2426 salt, salt_length, output, output_size, output_length )
2427 );
2428 /* Add cases for opaque driver here */
2429 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2430 #if defined(PSA_CRYPTO_DRIVER_TEST)
2431 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2432 return( mbedtls_test_opaque_asymmetric_encrypt( attributes,
2433 key_buffer, key_buffer_size, alg, input, input_length,
2434 salt, salt_length, output, output_size, output_length )
2435 );
2436 #endif /* PSA_CRYPTO_DRIVER_TEST */
2437 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2438
2439 default:
2440 /* Key is declared with a lifetime not known to us */
2441 (void)status;
2442 (void)key_buffer;
2443 (void)key_buffer_size;
2444 (void)alg;
2445 (void)input;
2446 (void)input_length;
2447 (void)salt;
2448 (void)salt_length;
2449 (void)output;
2450 (void)output_size;
2451 (void)output_length;
2452 return( PSA_ERROR_INVALID_ARGUMENT );
2453 }
2454 }
2455
psa_driver_wrapper_asymmetric_decrypt(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * input,size_t input_length,const uint8_t * salt,size_t salt_length,uint8_t * output,size_t output_size,size_t * output_length)2456 psa_status_t psa_driver_wrapper_asymmetric_decrypt(
2457 const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
2458 size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input,
2459 size_t input_length, const uint8_t *salt, size_t salt_length,
2460 uint8_t *output, size_t output_size, size_t *output_length )
2461 {
2462 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2463 psa_key_location_t location =
2464 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
2465
2466 switch( location )
2467 {
2468 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2469 /* Key is stored in the slot in export representation, so
2470 * cycle through all known transparent accelerators */
2471 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2472 #if defined(PSA_CRYPTO_DRIVER_TEST)
2473 status = mbedtls_test_transparent_asymmetric_decrypt( attributes,
2474 key_buffer, key_buffer_size, alg, input, input_length,
2475 salt, salt_length, output, output_size,
2476 output_length );
2477 /* Declared with fallback == true */
2478 if( status != PSA_ERROR_NOT_SUPPORTED )
2479 return( status );
2480 #endif /* PSA_CRYPTO_DRIVER_TEST */
2481 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2482 return( mbedtls_psa_asymmetric_decrypt( attributes,
2483 key_buffer, key_buffer_size, alg,input, input_length,
2484 salt, salt_length, output, output_size,
2485 output_length ) );
2486 /* Add cases for opaque driver here */
2487 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2488 #if defined(PSA_CRYPTO_DRIVER_TEST)
2489 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2490 return( mbedtls_test_opaque_asymmetric_decrypt( attributes,
2491 key_buffer, key_buffer_size, alg, input, input_length,
2492 salt, salt_length, output, output_size,
2493 output_length ) );
2494 #endif /* PSA_CRYPTO_DRIVER_TEST */
2495 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2496
2497 default:
2498 /* Key is declared with a lifetime not known to us */
2499 (void)status;
2500 (void)key_buffer;
2501 (void)key_buffer_size;
2502 (void)alg;
2503 (void)input;
2504 (void)input_length;
2505 (void)salt;
2506 (void)salt_length;
2507 (void)output;
2508 (void)output_size;
2509 (void)output_length;
2510 return( PSA_ERROR_INVALID_ARGUMENT );
2511 }
2512 }
2513
psa_driver_wrapper_key_agreement(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * peer_key,size_t peer_key_length,uint8_t * shared_secret,size_t shared_secret_size,size_t * shared_secret_length)2514 psa_status_t psa_driver_wrapper_key_agreement(
2515 const psa_key_attributes_t *attributes,
2516 const uint8_t *key_buffer,
2517 size_t key_buffer_size,
2518 psa_algorithm_t alg,
2519 const uint8_t *peer_key,
2520 size_t peer_key_length,
2521 uint8_t *shared_secret,
2522 size_t shared_secret_size,
2523 size_t *shared_secret_length
2524 )
2525 {
2526 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2527 psa_key_location_t location =
2528 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
2529
2530 switch( location )
2531 {
2532 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2533 /* Key is stored in the slot in export representation, so
2534 * cycle through all known transparent accelerators */
2535 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2536 #if defined(PSA_CRYPTO_DRIVER_TEST)
2537 status =
2538 mbedtls_test_transparent_key_agreement( attributes,
2539 key_buffer, key_buffer_size, alg, peer_key,
2540 peer_key_length, shared_secret, shared_secret_size,
2541 shared_secret_length );
2542 if( status != PSA_ERROR_NOT_SUPPORTED )
2543 return( status );
2544 #endif /* PSA_CRYPTO_DRIVER_TEST */
2545 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2546
2547 /* Software Fallback */
2548 status = psa_key_agreement_raw_builtin( attributes,
2549 key_buffer,
2550 key_buffer_size,
2551 alg,
2552 peer_key,
2553 peer_key_length,
2554 shared_secret,
2555 shared_secret_size,
2556 shared_secret_length );
2557 return( status );
2558 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2559 #if defined(PSA_CRYPTO_DRIVER_TEST)
2560 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2561 return( mbedtls_test_opaque_key_agreement( attributes,
2562 key_buffer, key_buffer_size, alg, peer_key,
2563 peer_key_length, shared_secret, shared_secret_size,
2564 shared_secret_length ) );
2565 #endif /* PSA_CRYPTO_DRIVER_TEST */
2566 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2567
2568 default:
2569 (void) attributes;
2570 (void) key_buffer;
2571 (void) key_buffer_size;
2572 (void) peer_key;
2573 (void) peer_key_length;
2574 (void) shared_secret;
2575 (void) shared_secret_size;
2576 (void) shared_secret_length;
2577 return( PSA_ERROR_NOT_SUPPORTED );
2578
2579 }
2580 }
2581
2582 #endif /* MBEDTLS_PSA_CRYPTO_C */
2583