1 /*
2 * Functions to delegate cryptographic operations to an available
3 * and appropriate accelerator.
4 * Warning: This file will be auto-generated in the future.
5 */
6 /* Copyright The Mbed TLS Contributors
7 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
8 */
9
10 #include "psa_crypto_aead.h"
11 #include "psa_crypto_cipher.h"
12 #include "psa_crypto_core.h"
13 #include "psa_crypto_driver_wrappers.h"
14 #include "psa_crypto_hash.h"
15 #include "psa_crypto_mac.h"
16
17 #include "mbedtls/platform.h"
18
19 #if defined(MBEDTLS_PSA_CRYPTO_C)
20
21 #if defined(MBEDTLS_PSA_CRYPTO_DRIVERS)
22
23 /* Include test driver definition when running tests */
24 #if defined(PSA_CRYPTO_DRIVER_TEST)
25 #ifndef PSA_CRYPTO_DRIVER_PRESENT
26 #define PSA_CRYPTO_DRIVER_PRESENT
27 #endif
28 #ifndef PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT
29 #define PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT
30 #endif
31 #include "test/drivers/test_driver.h"
32 #endif /* PSA_CRYPTO_DRIVER_TEST */
33
34 /* Repeat above block for each JSON-declared driver during autogeneration */
35 #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS */
36
37 /* Auto-generated values depending on which drivers are registered.
38 * ID 0 is reserved for unallocated operations.
39 * ID 1 is reserved for the Mbed TLS software driver. */
40 #define PSA_CRYPTO_MBED_TLS_DRIVER_ID (1)
41
42 #if defined(PSA_CRYPTO_DRIVER_TEST)
43 #define PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID (2)
44 #define PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID (3)
45 #endif /* PSA_CRYPTO_DRIVER_TEST */
46
47 /* Support the 'old' SE interface when asked to */
48 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
49 /* PSA_CRYPTO_DRIVER_PRESENT is defined when either a new-style or old-style
50 * SE driver is present, to avoid unused argument errors at compile time. */
51 #ifndef PSA_CRYPTO_DRIVER_PRESENT
52 #define PSA_CRYPTO_DRIVER_PRESENT
53 #endif
54 #include "psa_crypto_se.h"
55 #endif
56
psa_driver_wrapper_init(void)57 psa_status_t psa_driver_wrapper_init(void)
58 {
59 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
60
61 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
62 status = psa_init_all_se_drivers();
63 if (status != PSA_SUCCESS) {
64 return status;
65 }
66 #endif
67
68 #if defined(PSA_CRYPTO_DRIVER_TEST)
69 status = mbedtls_test_transparent_init();
70 if (status != PSA_SUCCESS) {
71 return status;
72 }
73
74 status = mbedtls_test_opaque_init();
75 if (status != PSA_SUCCESS) {
76 return status;
77 }
78 #endif
79
80 (void) status;
81 return PSA_SUCCESS;
82 }
83
psa_driver_wrapper_free(void)84 void psa_driver_wrapper_free(void)
85 {
86 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
87 /* Unregister all secure element drivers, so that we restart from
88 * a pristine state. */
89 psa_unregister_all_se_drivers();
90 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
91
92 #if defined(PSA_CRYPTO_DRIVER_TEST)
93 mbedtls_test_transparent_free();
94 mbedtls_test_opaque_free();
95 #endif
96 }
97
98 /* Start delegation functions */
psa_driver_wrapper_sign_message(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * input,size_t input_length,uint8_t * signature,size_t signature_size,size_t * signature_length)99 psa_status_t psa_driver_wrapper_sign_message(
100 const psa_key_attributes_t *attributes,
101 const uint8_t *key_buffer,
102 size_t key_buffer_size,
103 psa_algorithm_t alg,
104 const uint8_t *input,
105 size_t input_length,
106 uint8_t *signature,
107 size_t signature_size,
108 size_t *signature_length)
109 {
110 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
111 psa_key_location_t location =
112 PSA_KEY_LIFETIME_GET_LOCATION(attributes->core.lifetime);
113
114 switch (location) {
115 case PSA_KEY_LOCATION_LOCAL_STORAGE:
116 /* Key is stored in the slot in export representation, so
117 * cycle through all known transparent accelerators */
118 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
119 #if defined(PSA_CRYPTO_DRIVER_TEST)
120 status = mbedtls_test_transparent_signature_sign_message(
121 attributes,
122 key_buffer,
123 key_buffer_size,
124 alg,
125 input,
126 input_length,
127 signature,
128 signature_size,
129 signature_length);
130 /* Declared with fallback == true */
131 if (status != PSA_ERROR_NOT_SUPPORTED) {
132 return status;
133 }
134 #endif /* PSA_CRYPTO_DRIVER_TEST */
135 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
136 break;
137
138 /* Add cases for opaque driver here */
139 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
140 #if defined(PSA_CRYPTO_DRIVER_TEST)
141 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
142 status = mbedtls_test_opaque_signature_sign_message(
143 attributes,
144 key_buffer,
145 key_buffer_size,
146 alg,
147 input,
148 input_length,
149 signature,
150 signature_size,
151 signature_length);
152 if (status != PSA_ERROR_NOT_SUPPORTED) {
153 return status;
154 }
155 break;
156 #endif /* PSA_CRYPTO_DRIVER_TEST */
157 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
158 default:
159 /* Key is declared with a lifetime not known to us */
160 (void) status;
161 break;
162 }
163
164 return psa_sign_message_builtin(attributes,
165 key_buffer,
166 key_buffer_size,
167 alg,
168 input,
169 input_length,
170 signature,
171 signature_size,
172 signature_length);
173 }
174
psa_driver_wrapper_verify_message(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * input,size_t input_length,const uint8_t * signature,size_t signature_length)175 psa_status_t psa_driver_wrapper_verify_message(
176 const psa_key_attributes_t *attributes,
177 const uint8_t *key_buffer,
178 size_t key_buffer_size,
179 psa_algorithm_t alg,
180 const uint8_t *input,
181 size_t input_length,
182 const uint8_t *signature,
183 size_t signature_length)
184 {
185 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
186 psa_key_location_t location =
187 PSA_KEY_LIFETIME_GET_LOCATION(attributes->core.lifetime);
188
189 switch (location) {
190 case PSA_KEY_LOCATION_LOCAL_STORAGE:
191 /* Key is stored in the slot in export representation, so
192 * cycle through all known transparent accelerators */
193 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
194 #if defined(PSA_CRYPTO_DRIVER_TEST)
195 status = mbedtls_test_transparent_signature_verify_message(
196 attributes,
197 key_buffer,
198 key_buffer_size,
199 alg,
200 input,
201 input_length,
202 signature,
203 signature_length);
204 /* Declared with fallback == true */
205 if (status != PSA_ERROR_NOT_SUPPORTED) {
206 return status;
207 }
208 #endif /* PSA_CRYPTO_DRIVER_TEST */
209 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
210 break;
211
212 /* Add cases for opaque driver here */
213 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
214 #if defined(PSA_CRYPTO_DRIVER_TEST)
215 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
216 return mbedtls_test_opaque_signature_verify_message(
217 attributes,
218 key_buffer,
219 key_buffer_size,
220 alg,
221 input,
222 input_length,
223 signature,
224 signature_length);
225 if (status != PSA_ERROR_NOT_SUPPORTED) {
226 return status;
227 }
228 break;
229 #endif /* PSA_CRYPTO_DRIVER_TEST */
230 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
231 default:
232 /* Key is declared with a lifetime not known to us */
233 (void) status;
234 break;
235 }
236
237 return psa_verify_message_builtin(attributes,
238 key_buffer,
239 key_buffer_size,
240 alg,
241 input,
242 input_length,
243 signature,
244 signature_length);
245 }
246
psa_driver_wrapper_sign_hash(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * hash,size_t hash_length,uint8_t * signature,size_t signature_size,size_t * signature_length)247 psa_status_t psa_driver_wrapper_sign_hash(
248 const psa_key_attributes_t *attributes,
249 const uint8_t *key_buffer, size_t key_buffer_size,
250 psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
251 uint8_t *signature, size_t signature_size, size_t *signature_length)
252 {
253 /* Try dynamically-registered SE interface first */
254 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
255 const psa_drv_se_t *drv;
256 psa_drv_se_context_t *drv_context;
257
258 if (psa_get_se_driver(attributes->core.lifetime, &drv, &drv_context)) {
259 if (drv->asymmetric == NULL ||
260 drv->asymmetric->p_sign == NULL) {
261 /* Key is defined in SE, but we have no way to exercise it */
262 return PSA_ERROR_NOT_SUPPORTED;
263 }
264 return drv->asymmetric->p_sign(
265 drv_context, *((psa_key_slot_number_t *) key_buffer),
266 alg, hash, hash_length,
267 signature, signature_size, signature_length);
268 }
269 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
270
271 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
272 psa_key_location_t location =
273 PSA_KEY_LIFETIME_GET_LOCATION(attributes->core.lifetime);
274
275 switch (location) {
276 case PSA_KEY_LOCATION_LOCAL_STORAGE:
277 /* Key is stored in the slot in export representation, so
278 * cycle through all known transparent accelerators */
279 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
280 #if defined(PSA_CRYPTO_DRIVER_TEST)
281 status = mbedtls_test_transparent_signature_sign_hash(attributes,
282 key_buffer,
283 key_buffer_size,
284 alg,
285 hash,
286 hash_length,
287 signature,
288 signature_size,
289 signature_length);
290 /* Declared with fallback == true */
291 if (status != PSA_ERROR_NOT_SUPPORTED) {
292 return status;
293 }
294 #endif /* PSA_CRYPTO_DRIVER_TEST */
295 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
296 /* Fell through, meaning no accelerator supports this operation */
297 return psa_sign_hash_builtin(attributes,
298 key_buffer,
299 key_buffer_size,
300 alg,
301 hash,
302 hash_length,
303 signature,
304 signature_size,
305 signature_length);
306
307 /* Add cases for opaque driver here */
308 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
309 #if defined(PSA_CRYPTO_DRIVER_TEST)
310 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
311 return mbedtls_test_opaque_signature_sign_hash(attributes,
312 key_buffer,
313 key_buffer_size,
314 alg,
315 hash,
316 hash_length,
317 signature,
318 signature_size,
319 signature_length);
320 #endif /* PSA_CRYPTO_DRIVER_TEST */
321 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
322 default:
323 /* Key is declared with a lifetime not known to us */
324 (void) status;
325 return PSA_ERROR_INVALID_ARGUMENT;
326 }
327 }
328
psa_driver_wrapper_verify_hash(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * hash,size_t hash_length,const uint8_t * signature,size_t signature_length)329 psa_status_t psa_driver_wrapper_verify_hash(
330 const psa_key_attributes_t *attributes,
331 const uint8_t *key_buffer, size_t key_buffer_size,
332 psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
333 const uint8_t *signature, size_t signature_length)
334 {
335 /* Try dynamically-registered SE interface first */
336 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
337 const psa_drv_se_t *drv;
338 psa_drv_se_context_t *drv_context;
339
340 if (psa_get_se_driver(attributes->core.lifetime, &drv, &drv_context)) {
341 if (drv->asymmetric == NULL ||
342 drv->asymmetric->p_verify == NULL) {
343 /* Key is defined in SE, but we have no way to exercise it */
344 return PSA_ERROR_NOT_SUPPORTED;
345 }
346 return drv->asymmetric->p_verify(
347 drv_context, *((psa_key_slot_number_t *) key_buffer),
348 alg, hash, hash_length,
349 signature, signature_length);
350 }
351 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
352
353 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
354 psa_key_location_t location =
355 PSA_KEY_LIFETIME_GET_LOCATION(attributes->core.lifetime);
356
357 switch (location) {
358 case PSA_KEY_LOCATION_LOCAL_STORAGE:
359 /* Key is stored in the slot in export representation, so
360 * cycle through all known transparent accelerators */
361 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
362 #if defined(PSA_CRYPTO_DRIVER_TEST)
363 status = mbedtls_test_transparent_signature_verify_hash(
364 attributes,
365 key_buffer,
366 key_buffer_size,
367 alg,
368 hash,
369 hash_length,
370 signature,
371 signature_length);
372 /* Declared with fallback == true */
373 if (status != PSA_ERROR_NOT_SUPPORTED) {
374 return status;
375 }
376 #endif /* PSA_CRYPTO_DRIVER_TEST */
377 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
378
379 return psa_verify_hash_builtin(attributes,
380 key_buffer,
381 key_buffer_size,
382 alg,
383 hash,
384 hash_length,
385 signature,
386 signature_length);
387
388 /* Add cases for opaque driver here */
389 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
390 #if defined(PSA_CRYPTO_DRIVER_TEST)
391 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
392 return mbedtls_test_opaque_signature_verify_hash(attributes,
393 key_buffer,
394 key_buffer_size,
395 alg,
396 hash,
397 hash_length,
398 signature,
399 signature_length);
400 #endif /* PSA_CRYPTO_DRIVER_TEST */
401 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
402 default:
403 /* Key is declared with a lifetime not known to us */
404 (void) status;
405 return PSA_ERROR_INVALID_ARGUMENT;
406 }
407 }
408
409 /** Get the key buffer size required to store the key material of a key
410 * associated with an opaque driver without storage.
411 *
412 * \param[in] attributes The key attributes.
413 * \param[out] key_buffer_size Minimum buffer size to contain the key material
414 *
415 * \retval #PSA_SUCCESS
416 * The minimum size for a buffer to contain the key material has been
417 * returned successfully.
418 * \retval #PSA_ERROR_INVALID_ARGUMENT
419 * The size in bits of the key is not valid.
420 * \retval #PSA_ERROR_NOT_SUPPORTED
421 * The type and/or the size in bits of the key or the combination of
422 * the two is not supported.
423 */
psa_driver_wrapper_get_key_buffer_size(const psa_key_attributes_t * attributes,size_t * key_buffer_size)424 psa_status_t psa_driver_wrapper_get_key_buffer_size(
425 const psa_key_attributes_t *attributes,
426 size_t *key_buffer_size)
427 {
428 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(attributes->core.lifetime);
429 psa_key_type_t key_type = attributes->core.type;
430 size_t key_bits = attributes->core.bits;
431
432 *key_buffer_size = 0;
433 switch (location) {
434 #if defined(PSA_CRYPTO_DRIVER_TEST)
435 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
436 #if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
437 /* Emulate property 'builtin_key_size' */
438 if (psa_key_id_is_builtin(
439 MBEDTLS_SVC_KEY_ID_GET_KEY_ID(
440 psa_get_key_id(attributes)))) {
441 *key_buffer_size = sizeof(psa_drv_slot_number_t);
442 return PSA_SUCCESS;
443 }
444 #endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
445 *key_buffer_size = mbedtls_test_size_function(key_type, key_bits);
446 return (*key_buffer_size != 0) ?
447 PSA_SUCCESS : PSA_ERROR_NOT_SUPPORTED;
448 #endif /* PSA_CRYPTO_DRIVER_TEST */
449
450 default:
451 (void) key_type;
452 (void) key_bits;
453 return PSA_ERROR_NOT_SUPPORTED;
454 }
455 }
456
psa_driver_wrapper_generate_key(const psa_key_attributes_t * attributes,uint8_t * key_buffer,size_t key_buffer_size,size_t * key_buffer_length)457 psa_status_t psa_driver_wrapper_generate_key(
458 const psa_key_attributes_t *attributes,
459 uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length)
460 {
461 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
462 psa_key_location_t location =
463 PSA_KEY_LIFETIME_GET_LOCATION(attributes->core.lifetime);
464
465 /* Try dynamically-registered SE interface first */
466 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
467 const psa_drv_se_t *drv;
468 psa_drv_se_context_t *drv_context;
469
470 if (psa_get_se_driver(attributes->core.lifetime, &drv, &drv_context)) {
471 size_t pubkey_length = 0; /* We don't support this feature yet */
472 if (drv->key_management == NULL ||
473 drv->key_management->p_generate == NULL) {
474 /* Key is defined as being in SE, but we have no way to generate it */
475 return PSA_ERROR_NOT_SUPPORTED;
476 }
477 return drv->key_management->p_generate(
478 drv_context,
479 *((psa_key_slot_number_t *) key_buffer),
480 attributes, NULL, 0, &pubkey_length);
481 }
482 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
483
484 switch (location) {
485 case PSA_KEY_LOCATION_LOCAL_STORAGE:
486 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
487 /* Transparent drivers are limited to generating asymmetric keys */
488 if (PSA_KEY_TYPE_IS_ASYMMETRIC(attributes->core.type)) {
489 /* Cycle through all known transparent accelerators */
490 #if defined(PSA_CRYPTO_DRIVER_TEST)
491 status = mbedtls_test_transparent_generate_key(
492 attributes, key_buffer, key_buffer_size,
493 key_buffer_length);
494 /* Declared with fallback == true */
495 if (status != PSA_ERROR_NOT_SUPPORTED) {
496 break;
497 }
498 #endif /* PSA_CRYPTO_DRIVER_TEST */
499 }
500 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
501
502 /* Software fallback */
503 status = psa_generate_key_internal(
504 attributes, key_buffer, key_buffer_size, key_buffer_length);
505 break;
506
507 /* Add cases for opaque driver here */
508 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
509 #if defined(PSA_CRYPTO_DRIVER_TEST)
510 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
511 status = mbedtls_test_opaque_generate_key(
512 attributes, key_buffer, key_buffer_size, key_buffer_length);
513 break;
514 #endif /* PSA_CRYPTO_DRIVER_TEST */
515 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
516
517 default:
518 /* Key is declared with a lifetime not known to us */
519 status = PSA_ERROR_INVALID_ARGUMENT;
520 break;
521 }
522
523 return status;
524 }
525
psa_driver_wrapper_import_key(const psa_key_attributes_t * attributes,const uint8_t * data,size_t data_length,uint8_t * key_buffer,size_t key_buffer_size,size_t * key_buffer_length,size_t * bits)526 psa_status_t psa_driver_wrapper_import_key(
527 const psa_key_attributes_t *attributes,
528 const uint8_t *data,
529 size_t data_length,
530 uint8_t *key_buffer,
531 size_t key_buffer_size,
532 size_t *key_buffer_length,
533 size_t *bits)
534 {
535 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
536 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
537 psa_get_key_lifetime(attributes));
538
539 /* Try dynamically-registered SE interface first */
540 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
541 const psa_drv_se_t *drv;
542 psa_drv_se_context_t *drv_context;
543
544 if (psa_get_se_driver(attributes->core.lifetime, &drv, &drv_context)) {
545 if (drv->key_management == NULL ||
546 drv->key_management->p_import == NULL) {
547 return PSA_ERROR_NOT_SUPPORTED;
548 }
549
550 /* The driver should set the number of key bits, however in
551 * case it doesn't, we initialize bits to an invalid value. */
552 *bits = PSA_MAX_KEY_BITS + 1;
553 status = drv->key_management->p_import(
554 drv_context,
555 *((psa_key_slot_number_t *) key_buffer),
556 attributes, data, data_length, bits);
557
558 if (status != PSA_SUCCESS) {
559 return status;
560 }
561
562 if ((*bits) > PSA_MAX_KEY_BITS) {
563 return PSA_ERROR_NOT_SUPPORTED;
564 }
565
566 return PSA_SUCCESS;
567 }
568 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
569
570 switch (location) {
571 case PSA_KEY_LOCATION_LOCAL_STORAGE:
572 /* Key is stored in the slot in export representation, so
573 * cycle through all known transparent accelerators */
574 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
575 #if defined(PSA_CRYPTO_DRIVER_TEST)
576 status = mbedtls_test_transparent_import_key(
577 attributes,
578 data, data_length,
579 key_buffer, key_buffer_size,
580 key_buffer_length, bits);
581 /* Declared with fallback == true */
582 if (status != PSA_ERROR_NOT_SUPPORTED) {
583 return status;
584 }
585 #endif /* PSA_CRYPTO_DRIVER_TEST */
586 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
587 /* Fell through, meaning no accelerator supports this operation */
588 return psa_import_key_into_slot(attributes,
589 data, data_length,
590 key_buffer, key_buffer_size,
591 key_buffer_length, bits);
592
593 default:
594 /* Importing a key with external storage in not yet supported.
595 * Return in error indicating that the lifetime is not valid. */
596 (void) status;
597 return PSA_ERROR_INVALID_ARGUMENT;
598 }
599
600 }
601
psa_driver_wrapper_export_key(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,uint8_t * data,size_t data_size,size_t * data_length)602 psa_status_t psa_driver_wrapper_export_key(
603 const psa_key_attributes_t *attributes,
604 const uint8_t *key_buffer, size_t key_buffer_size,
605 uint8_t *data, size_t data_size, size_t *data_length)
606
607 {
608 psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
609 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
610 psa_get_key_lifetime(attributes));
611
612 /* Try dynamically-registered SE interface first */
613 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
614 const psa_drv_se_t *drv;
615 psa_drv_se_context_t *drv_context;
616
617 if (psa_get_se_driver(attributes->core.lifetime, &drv, &drv_context)) {
618 if ((drv->key_management == NULL) ||
619 (drv->key_management->p_export == NULL)) {
620 return PSA_ERROR_NOT_SUPPORTED;
621 }
622
623 return drv->key_management->p_export(
624 drv_context,
625 *((psa_key_slot_number_t *) key_buffer),
626 data, data_size, data_length);
627 }
628 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
629
630 switch (location) {
631 case PSA_KEY_LOCATION_LOCAL_STORAGE:
632 return psa_export_key_internal(attributes,
633 key_buffer,
634 key_buffer_size,
635 data,
636 data_size,
637 data_length);
638
639 /* Add cases for opaque driver here */
640 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
641 #if defined(PSA_CRYPTO_DRIVER_TEST)
642 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
643 return mbedtls_test_opaque_export_key(attributes,
644 key_buffer,
645 key_buffer_size,
646 data,
647 data_size,
648 data_length);
649 #endif /* PSA_CRYPTO_DRIVER_TEST */
650 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
651 default:
652 /* Key is declared with a lifetime not known to us */
653 return status;
654 }
655 }
656
psa_driver_wrapper_export_public_key(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,uint8_t * data,size_t data_size,size_t * data_length)657 psa_status_t psa_driver_wrapper_export_public_key(
658 const psa_key_attributes_t *attributes,
659 const uint8_t *key_buffer, size_t key_buffer_size,
660 uint8_t *data, size_t data_size, size_t *data_length)
661
662 {
663 psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
664 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
665 psa_get_key_lifetime(attributes));
666
667 /* Try dynamically-registered SE interface first */
668 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
669 const psa_drv_se_t *drv;
670 psa_drv_se_context_t *drv_context;
671
672 if (psa_get_se_driver(attributes->core.lifetime, &drv, &drv_context)) {
673 if ((drv->key_management == NULL) ||
674 (drv->key_management->p_export_public == NULL)) {
675 return PSA_ERROR_NOT_SUPPORTED;
676 }
677
678 return drv->key_management->p_export_public(
679 drv_context,
680 *((psa_key_slot_number_t *) key_buffer),
681 data, data_size, data_length);
682 }
683 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
684
685 switch (location) {
686 case PSA_KEY_LOCATION_LOCAL_STORAGE:
687 /* Key is stored in the slot in export representation, so
688 * cycle through all known transparent accelerators */
689 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
690 #if defined(PSA_CRYPTO_DRIVER_TEST)
691 status = mbedtls_test_transparent_export_public_key(
692 attributes,
693 key_buffer,
694 key_buffer_size,
695 data,
696 data_size,
697 data_length);
698 /* Declared with fallback == true */
699 if (status != PSA_ERROR_NOT_SUPPORTED) {
700 return status;
701 }
702 #endif /* PSA_CRYPTO_DRIVER_TEST */
703 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
704 /* Fell through, meaning no accelerator supports this operation */
705 return psa_export_public_key_internal(attributes,
706 key_buffer,
707 key_buffer_size,
708 data,
709 data_size,
710 data_length);
711
712 /* Add cases for opaque driver here */
713 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
714 #if defined(PSA_CRYPTO_DRIVER_TEST)
715 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
716 return mbedtls_test_opaque_export_public_key(attributes,
717 key_buffer,
718 key_buffer_size,
719 data,
720 data_size,
721 data_length);
722 #endif /* PSA_CRYPTO_DRIVER_TEST */
723 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
724 default:
725 /* Key is declared with a lifetime not known to us */
726 return status;
727 }
728 }
729
psa_driver_wrapper_get_builtin_key(psa_drv_slot_number_t slot_number,psa_key_attributes_t * attributes,uint8_t * key_buffer,size_t key_buffer_size,size_t * key_buffer_length)730 psa_status_t psa_driver_wrapper_get_builtin_key(
731 psa_drv_slot_number_t slot_number,
732 psa_key_attributes_t *attributes,
733 uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length)
734 {
735 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(attributes->core.lifetime);
736 switch (location) {
737 #if defined(PSA_CRYPTO_DRIVER_TEST)
738 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
739 return mbedtls_test_opaque_get_builtin_key(
740 slot_number,
741 attributes,
742 key_buffer, key_buffer_size, key_buffer_length);
743 #endif /* PSA_CRYPTO_DRIVER_TEST */
744 default:
745 (void) slot_number;
746 (void) key_buffer;
747 (void) key_buffer_size;
748 (void) key_buffer_length;
749 return PSA_ERROR_DOES_NOT_EXIST;
750 }
751 }
752
753 /*
754 * Cipher functions
755 */
psa_driver_wrapper_cipher_encrypt(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * iv,size_t iv_length,const uint8_t * input,size_t input_length,uint8_t * output,size_t output_size,size_t * output_length)756 psa_status_t psa_driver_wrapper_cipher_encrypt(
757 const psa_key_attributes_t *attributes,
758 const uint8_t *key_buffer,
759 size_t key_buffer_size,
760 psa_algorithm_t alg,
761 const uint8_t *iv,
762 size_t iv_length,
763 const uint8_t *input,
764 size_t input_length,
765 uint8_t *output,
766 size_t output_size,
767 size_t *output_length)
768 {
769 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
770 psa_key_location_t location =
771 PSA_KEY_LIFETIME_GET_LOCATION(attributes->core.lifetime);
772
773 switch (location) {
774 case PSA_KEY_LOCATION_LOCAL_STORAGE:
775 /* Key is stored in the slot in export representation, so
776 * cycle through all known transparent accelerators */
777 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
778 #if defined(PSA_CRYPTO_DRIVER_TEST)
779 status = mbedtls_test_transparent_cipher_encrypt(attributes,
780 key_buffer,
781 key_buffer_size,
782 alg,
783 iv,
784 iv_length,
785 input,
786 input_length,
787 output,
788 output_size,
789 output_length);
790 /* Declared with fallback == true */
791 if (status != PSA_ERROR_NOT_SUPPORTED) {
792 return status;
793 }
794 #endif /* PSA_CRYPTO_DRIVER_TEST */
795 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
796
797 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
798 return mbedtls_psa_cipher_encrypt(attributes,
799 key_buffer,
800 key_buffer_size,
801 alg,
802 iv,
803 iv_length,
804 input,
805 input_length,
806 output,
807 output_size,
808 output_length);
809 #else
810 return PSA_ERROR_NOT_SUPPORTED;
811 #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
812
813 /* Add cases for opaque driver here */
814 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
815 #if defined(PSA_CRYPTO_DRIVER_TEST)
816 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
817 return mbedtls_test_opaque_cipher_encrypt(attributes,
818 key_buffer,
819 key_buffer_size,
820 alg,
821 iv,
822 iv_length,
823 input,
824 input_length,
825 output,
826 output_size,
827 output_length);
828 #endif /* PSA_CRYPTO_DRIVER_TEST */
829 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
830
831 default:
832 /* Key is declared with a lifetime not known to us */
833 (void) status;
834 (void) key_buffer;
835 (void) key_buffer_size;
836 (void) alg;
837 (void) iv;
838 (void) iv_length;
839 (void) input;
840 (void) input_length;
841 (void) output;
842 (void) output_size;
843 (void) output_length;
844 return PSA_ERROR_INVALID_ARGUMENT;
845 }
846 }
847
psa_driver_wrapper_cipher_decrypt(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * input,size_t input_length,uint8_t * output,size_t output_size,size_t * output_length)848 psa_status_t psa_driver_wrapper_cipher_decrypt(
849 const psa_key_attributes_t *attributes,
850 const uint8_t *key_buffer,
851 size_t key_buffer_size,
852 psa_algorithm_t alg,
853 const uint8_t *input,
854 size_t input_length,
855 uint8_t *output,
856 size_t output_size,
857 size_t *output_length)
858 {
859 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
860 psa_key_location_t location =
861 PSA_KEY_LIFETIME_GET_LOCATION(attributes->core.lifetime);
862
863 switch (location) {
864 case PSA_KEY_LOCATION_LOCAL_STORAGE:
865 /* Key is stored in the slot in export representation, so
866 * cycle through all known transparent accelerators */
867 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
868 #if defined(PSA_CRYPTO_DRIVER_TEST)
869 status = mbedtls_test_transparent_cipher_decrypt(attributes,
870 key_buffer,
871 key_buffer_size,
872 alg,
873 input,
874 input_length,
875 output,
876 output_size,
877 output_length);
878 /* Declared with fallback == true */
879 if (status != PSA_ERROR_NOT_SUPPORTED) {
880 return status;
881 }
882 #endif /* PSA_CRYPTO_DRIVER_TEST */
883 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
884
885 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
886 return mbedtls_psa_cipher_decrypt(attributes,
887 key_buffer,
888 key_buffer_size,
889 alg,
890 input,
891 input_length,
892 output,
893 output_size,
894 output_length);
895 #else
896 return PSA_ERROR_NOT_SUPPORTED;
897 #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
898
899 /* Add cases for opaque driver here */
900 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
901 #if defined(PSA_CRYPTO_DRIVER_TEST)
902 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
903 return mbedtls_test_opaque_cipher_decrypt(attributes,
904 key_buffer,
905 key_buffer_size,
906 alg,
907 input,
908 input_length,
909 output,
910 output_size,
911 output_length);
912 #endif /* PSA_CRYPTO_DRIVER_TEST */
913 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
914
915 default:
916 /* Key is declared with a lifetime not known to us */
917 (void) status;
918 (void) key_buffer;
919 (void) key_buffer_size;
920 (void) alg;
921 (void) input;
922 (void) input_length;
923 (void) output;
924 (void) output_size;
925 (void) output_length;
926 return PSA_ERROR_INVALID_ARGUMENT;
927 }
928 }
929
psa_driver_wrapper_cipher_encrypt_setup(psa_cipher_operation_t * operation,const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg)930 psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
931 psa_cipher_operation_t *operation,
932 const psa_key_attributes_t *attributes,
933 const uint8_t *key_buffer, size_t key_buffer_size,
934 psa_algorithm_t alg)
935 {
936 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
937 psa_key_location_t location =
938 PSA_KEY_LIFETIME_GET_LOCATION(attributes->core.lifetime);
939
940 switch (location) {
941 case PSA_KEY_LOCATION_LOCAL_STORAGE:
942 /* Key is stored in the slot in export representation, so
943 * cycle through all known transparent accelerators */
944 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
945 #if defined(PSA_CRYPTO_DRIVER_TEST)
946 status = mbedtls_test_transparent_cipher_encrypt_setup(
947 &operation->ctx.transparent_test_driver_ctx,
948 attributes,
949 key_buffer,
950 key_buffer_size,
951 alg);
952 /* Declared with fallback == true */
953 if (status == PSA_SUCCESS) {
954 operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
955 }
956
957 if (status != PSA_ERROR_NOT_SUPPORTED) {
958 return status;
959 }
960 #endif /* PSA_CRYPTO_DRIVER_TEST */
961 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
962 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
963 /* Fell through, meaning no accelerator supports this operation */
964 status = mbedtls_psa_cipher_encrypt_setup(&operation->ctx.mbedtls_ctx,
965 attributes,
966 key_buffer,
967 key_buffer_size,
968 alg);
969 if (status == PSA_SUCCESS) {
970 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
971 }
972
973 if (status != PSA_ERROR_NOT_SUPPORTED) {
974 return status;
975 }
976 #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
977 return PSA_ERROR_NOT_SUPPORTED;
978
979 /* Add cases for opaque driver here */
980 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
981 #if defined(PSA_CRYPTO_DRIVER_TEST)
982 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
983 status = mbedtls_test_opaque_cipher_encrypt_setup(
984 &operation->ctx.opaque_test_driver_ctx,
985 attributes,
986 key_buffer, key_buffer_size,
987 alg);
988
989 if (status == PSA_SUCCESS) {
990 operation->id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID;
991 }
992
993 return status;
994 #endif /* PSA_CRYPTO_DRIVER_TEST */
995 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
996 default:
997 /* Key is declared with a lifetime not known to us */
998 (void) status;
999 (void) operation;
1000 (void) key_buffer;
1001 (void) key_buffer_size;
1002 (void) alg;
1003 return PSA_ERROR_INVALID_ARGUMENT;
1004 }
1005 }
1006
psa_driver_wrapper_cipher_decrypt_setup(psa_cipher_operation_t * operation,const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg)1007 psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
1008 psa_cipher_operation_t *operation,
1009 const psa_key_attributes_t *attributes,
1010 const uint8_t *key_buffer, size_t key_buffer_size,
1011 psa_algorithm_t alg)
1012 {
1013 psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
1014 psa_key_location_t location =
1015 PSA_KEY_LIFETIME_GET_LOCATION(attributes->core.lifetime);
1016
1017 switch (location) {
1018 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1019 /* Key is stored in the slot in export representation, so
1020 * cycle through all known transparent accelerators */
1021 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1022 #if defined(PSA_CRYPTO_DRIVER_TEST)
1023 status = mbedtls_test_transparent_cipher_decrypt_setup(
1024 &operation->ctx.transparent_test_driver_ctx,
1025 attributes,
1026 key_buffer,
1027 key_buffer_size,
1028 alg);
1029 /* Declared with fallback == true */
1030 if (status == PSA_SUCCESS) {
1031 operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
1032 }
1033
1034 if (status != PSA_ERROR_NOT_SUPPORTED) {
1035 return status;
1036 }
1037 #endif /* PSA_CRYPTO_DRIVER_TEST */
1038 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1039 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1040 /* Fell through, meaning no accelerator supports this operation */
1041 status = mbedtls_psa_cipher_decrypt_setup(&operation->ctx.mbedtls_ctx,
1042 attributes,
1043 key_buffer,
1044 key_buffer_size,
1045 alg);
1046 if (status == PSA_SUCCESS) {
1047 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1048 }
1049
1050 return status;
1051 #else /* MBEDTLS_PSA_BUILTIN_CIPHER */
1052 return PSA_ERROR_NOT_SUPPORTED;
1053 #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1054
1055 /* Add cases for opaque driver here */
1056 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1057 #if defined(PSA_CRYPTO_DRIVER_TEST)
1058 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
1059 status = mbedtls_test_opaque_cipher_decrypt_setup(
1060 &operation->ctx.opaque_test_driver_ctx,
1061 attributes,
1062 key_buffer, key_buffer_size,
1063 alg);
1064
1065 if (status == PSA_SUCCESS) {
1066 operation->id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID;
1067 }
1068
1069 return status;
1070 #endif /* PSA_CRYPTO_DRIVER_TEST */
1071 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1072 default:
1073 /* Key is declared with a lifetime not known to us */
1074 (void) status;
1075 (void) operation;
1076 (void) key_buffer;
1077 (void) key_buffer_size;
1078 (void) alg;
1079 return PSA_ERROR_INVALID_ARGUMENT;
1080 }
1081 }
1082
psa_driver_wrapper_cipher_set_iv(psa_cipher_operation_t * operation,const uint8_t * iv,size_t iv_length)1083 psa_status_t psa_driver_wrapper_cipher_set_iv(
1084 psa_cipher_operation_t *operation,
1085 const uint8_t *iv,
1086 size_t iv_length)
1087 {
1088 switch (operation->id) {
1089 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1090 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1091 return mbedtls_psa_cipher_set_iv(&operation->ctx.mbedtls_ctx,
1092 iv,
1093 iv_length);
1094 #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1095
1096 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1097 #if defined(PSA_CRYPTO_DRIVER_TEST)
1098 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
1099 return mbedtls_test_transparent_cipher_set_iv(
1100 &operation->ctx.transparent_test_driver_ctx,
1101 iv, iv_length);
1102
1103 case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
1104 return mbedtls_test_opaque_cipher_set_iv(
1105 &operation->ctx.opaque_test_driver_ctx,
1106 iv, iv_length);
1107 #endif /* PSA_CRYPTO_DRIVER_TEST */
1108 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1109 }
1110
1111 (void) iv;
1112 (void) iv_length;
1113
1114 return PSA_ERROR_INVALID_ARGUMENT;
1115 }
1116
psa_driver_wrapper_cipher_update(psa_cipher_operation_t * operation,const uint8_t * input,size_t input_length,uint8_t * output,size_t output_size,size_t * output_length)1117 psa_status_t psa_driver_wrapper_cipher_update(
1118 psa_cipher_operation_t *operation,
1119 const uint8_t *input,
1120 size_t input_length,
1121 uint8_t *output,
1122 size_t output_size,
1123 size_t *output_length)
1124 {
1125 switch (operation->id) {
1126 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1127 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1128 return mbedtls_psa_cipher_update(&operation->ctx.mbedtls_ctx,
1129 input,
1130 input_length,
1131 output,
1132 output_size,
1133 output_length);
1134 #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1135
1136 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1137 #if defined(PSA_CRYPTO_DRIVER_TEST)
1138 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
1139 return mbedtls_test_transparent_cipher_update(
1140 &operation->ctx.transparent_test_driver_ctx,
1141 input, input_length,
1142 output, output_size, output_length);
1143
1144 case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
1145 return mbedtls_test_opaque_cipher_update(
1146 &operation->ctx.opaque_test_driver_ctx,
1147 input, input_length,
1148 output, output_size, output_length);
1149 #endif /* PSA_CRYPTO_DRIVER_TEST */
1150 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1151 }
1152
1153 (void) input;
1154 (void) input_length;
1155 (void) output;
1156 (void) output_size;
1157 (void) output_length;
1158
1159 return PSA_ERROR_INVALID_ARGUMENT;
1160 }
1161
psa_driver_wrapper_cipher_finish(psa_cipher_operation_t * operation,uint8_t * output,size_t output_size,size_t * output_length)1162 psa_status_t psa_driver_wrapper_cipher_finish(
1163 psa_cipher_operation_t *operation,
1164 uint8_t *output,
1165 size_t output_size,
1166 size_t *output_length)
1167 {
1168 switch (operation->id) {
1169 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1170 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1171 return mbedtls_psa_cipher_finish(&operation->ctx.mbedtls_ctx,
1172 output,
1173 output_size,
1174 output_length);
1175 #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1176
1177 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1178 #if defined(PSA_CRYPTO_DRIVER_TEST)
1179 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
1180 return mbedtls_test_transparent_cipher_finish(
1181 &operation->ctx.transparent_test_driver_ctx,
1182 output, output_size, output_length);
1183
1184 case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
1185 return mbedtls_test_opaque_cipher_finish(
1186 &operation->ctx.opaque_test_driver_ctx,
1187 output, output_size, output_length);
1188 #endif /* PSA_CRYPTO_DRIVER_TEST */
1189 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1190 }
1191
1192 (void) output;
1193 (void) output_size;
1194 (void) output_length;
1195
1196 return PSA_ERROR_INVALID_ARGUMENT;
1197 }
1198
psa_driver_wrapper_cipher_abort(psa_cipher_operation_t * operation)1199 psa_status_t psa_driver_wrapper_cipher_abort(
1200 psa_cipher_operation_t *operation)
1201 {
1202 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1203
1204 switch (operation->id) {
1205 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1206 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1207 return mbedtls_psa_cipher_abort(&operation->ctx.mbedtls_ctx);
1208 #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1209
1210 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1211 #if defined(PSA_CRYPTO_DRIVER_TEST)
1212 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
1213 status = mbedtls_test_transparent_cipher_abort(
1214 &operation->ctx.transparent_test_driver_ctx);
1215 mbedtls_platform_zeroize(
1216 &operation->ctx.transparent_test_driver_ctx,
1217 sizeof(operation->ctx.transparent_test_driver_ctx));
1218 return status;
1219
1220 case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
1221 status = mbedtls_test_opaque_cipher_abort(
1222 &operation->ctx.opaque_test_driver_ctx);
1223 mbedtls_platform_zeroize(
1224 &operation->ctx.opaque_test_driver_ctx,
1225 sizeof(operation->ctx.opaque_test_driver_ctx));
1226 return status;
1227 #endif /* PSA_CRYPTO_DRIVER_TEST */
1228 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1229 }
1230
1231 (void) status;
1232 return PSA_ERROR_INVALID_ARGUMENT;
1233 }
1234
1235 /*
1236 * Hashing functions
1237 */
psa_driver_wrapper_hash_compute(psa_algorithm_t alg,const uint8_t * input,size_t input_length,uint8_t * hash,size_t hash_size,size_t * hash_length)1238 psa_status_t psa_driver_wrapper_hash_compute(
1239 psa_algorithm_t alg,
1240 const uint8_t *input,
1241 size_t input_length,
1242 uint8_t *hash,
1243 size_t hash_size,
1244 size_t *hash_length)
1245 {
1246 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1247
1248 /* Try accelerators first */
1249 #if defined(PSA_CRYPTO_DRIVER_TEST)
1250 status = mbedtls_test_transparent_hash_compute(
1251 alg, input, input_length, hash, hash_size, hash_length);
1252 if (status != PSA_ERROR_NOT_SUPPORTED) {
1253 return status;
1254 }
1255 #endif
1256
1257 /* If software fallback is compiled in, try fallback */
1258 #if defined(MBEDTLS_PSA_BUILTIN_HASH)
1259 status = mbedtls_psa_hash_compute(alg, input, input_length,
1260 hash, hash_size, hash_length);
1261 if (status != PSA_ERROR_NOT_SUPPORTED) {
1262 return status;
1263 }
1264 #endif
1265 (void) status;
1266 (void) alg;
1267 (void) input;
1268 (void) input_length;
1269 (void) hash;
1270 (void) hash_size;
1271 (void) hash_length;
1272
1273 return PSA_ERROR_NOT_SUPPORTED;
1274 }
1275
psa_driver_wrapper_hash_setup(psa_hash_operation_t * operation,psa_algorithm_t alg)1276 psa_status_t psa_driver_wrapper_hash_setup(
1277 psa_hash_operation_t *operation,
1278 psa_algorithm_t alg)
1279 {
1280 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1281
1282 /* Try setup on accelerators first */
1283 #if defined(PSA_CRYPTO_DRIVER_TEST)
1284 status = mbedtls_test_transparent_hash_setup(
1285 &operation->ctx.test_driver_ctx, alg);
1286 if (status == PSA_SUCCESS) {
1287 operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
1288 }
1289
1290 if (status != PSA_ERROR_NOT_SUPPORTED) {
1291 return status;
1292 }
1293 #endif
1294
1295 /* If software fallback is compiled in, try fallback */
1296 #if defined(MBEDTLS_PSA_BUILTIN_HASH)
1297 status = mbedtls_psa_hash_setup(&operation->ctx.mbedtls_ctx, alg);
1298 if (status == PSA_SUCCESS) {
1299 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1300 }
1301
1302 if (status != PSA_ERROR_NOT_SUPPORTED) {
1303 return status;
1304 }
1305 #endif
1306 /* Nothing left to try if we fall through here */
1307 (void) status;
1308 (void) operation;
1309 (void) alg;
1310 return PSA_ERROR_NOT_SUPPORTED;
1311 }
1312
psa_driver_wrapper_hash_clone(const psa_hash_operation_t * source_operation,psa_hash_operation_t * target_operation)1313 psa_status_t psa_driver_wrapper_hash_clone(
1314 const psa_hash_operation_t *source_operation,
1315 psa_hash_operation_t *target_operation)
1316 {
1317 switch (source_operation->id) {
1318 #if defined(MBEDTLS_PSA_BUILTIN_HASH)
1319 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1320 target_operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1321 return mbedtls_psa_hash_clone(&source_operation->ctx.mbedtls_ctx,
1322 &target_operation->ctx.mbedtls_ctx);
1323 #endif
1324 #if defined(PSA_CRYPTO_DRIVER_TEST)
1325 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
1326 target_operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
1327 return mbedtls_test_transparent_hash_clone(
1328 &source_operation->ctx.test_driver_ctx,
1329 &target_operation->ctx.test_driver_ctx);
1330 #endif
1331 default:
1332 (void) target_operation;
1333 return PSA_ERROR_BAD_STATE;
1334 }
1335 }
1336
psa_driver_wrapper_hash_update(psa_hash_operation_t * operation,const uint8_t * input,size_t input_length)1337 psa_status_t psa_driver_wrapper_hash_update(
1338 psa_hash_operation_t *operation,
1339 const uint8_t *input,
1340 size_t input_length)
1341 {
1342 switch (operation->id) {
1343 #if defined(MBEDTLS_PSA_BUILTIN_HASH)
1344 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1345 return mbedtls_psa_hash_update(&operation->ctx.mbedtls_ctx,
1346 input, input_length);
1347 #endif
1348 #if defined(PSA_CRYPTO_DRIVER_TEST)
1349 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
1350 return mbedtls_test_transparent_hash_update(
1351 &operation->ctx.test_driver_ctx,
1352 input, input_length);
1353 #endif
1354 default:
1355 (void) input;
1356 (void) input_length;
1357 return PSA_ERROR_BAD_STATE;
1358 }
1359 }
1360
psa_driver_wrapper_hash_finish(psa_hash_operation_t * operation,uint8_t * hash,size_t hash_size,size_t * hash_length)1361 psa_status_t psa_driver_wrapper_hash_finish(
1362 psa_hash_operation_t *operation,
1363 uint8_t *hash,
1364 size_t hash_size,
1365 size_t *hash_length)
1366 {
1367 switch (operation->id) {
1368 #if defined(MBEDTLS_PSA_BUILTIN_HASH)
1369 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1370 return mbedtls_psa_hash_finish(&operation->ctx.mbedtls_ctx,
1371 hash, hash_size, hash_length);
1372 #endif
1373 #if defined(PSA_CRYPTO_DRIVER_TEST)
1374 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
1375 return mbedtls_test_transparent_hash_finish(
1376 &operation->ctx.test_driver_ctx,
1377 hash, hash_size, hash_length);
1378 #endif
1379 default:
1380 (void) hash;
1381 (void) hash_size;
1382 (void) hash_length;
1383 return PSA_ERROR_BAD_STATE;
1384 }
1385 }
1386
psa_driver_wrapper_hash_abort(psa_hash_operation_t * operation)1387 psa_status_t psa_driver_wrapper_hash_abort(
1388 psa_hash_operation_t *operation)
1389 {
1390 switch (operation->id) {
1391 #if defined(MBEDTLS_PSA_BUILTIN_HASH)
1392 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1393 return mbedtls_psa_hash_abort(&operation->ctx.mbedtls_ctx);
1394 #endif
1395 #if defined(PSA_CRYPTO_DRIVER_TEST)
1396 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
1397 return mbedtls_test_transparent_hash_abort(
1398 &operation->ctx.test_driver_ctx);
1399 #endif
1400 default:
1401 return PSA_ERROR_BAD_STATE;
1402 }
1403 }
1404
psa_driver_wrapper_aead_encrypt(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * nonce,size_t nonce_length,const uint8_t * additional_data,size_t additional_data_length,const uint8_t * plaintext,size_t plaintext_length,uint8_t * ciphertext,size_t ciphertext_size,size_t * ciphertext_length)1405 psa_status_t psa_driver_wrapper_aead_encrypt(
1406 const psa_key_attributes_t *attributes,
1407 const uint8_t *key_buffer, size_t key_buffer_size,
1408 psa_algorithm_t alg,
1409 const uint8_t *nonce, size_t nonce_length,
1410 const uint8_t *additional_data, size_t additional_data_length,
1411 const uint8_t *plaintext, size_t plaintext_length,
1412 uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length)
1413 {
1414 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1415 psa_key_location_t location =
1416 PSA_KEY_LIFETIME_GET_LOCATION(attributes->core.lifetime);
1417
1418 switch (location) {
1419 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1420 /* Key is stored in the slot in export representation, so
1421 * cycle through all known transparent accelerators */
1422
1423 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1424 #if defined(PSA_CRYPTO_DRIVER_TEST)
1425 status = mbedtls_test_transparent_aead_encrypt(
1426 attributes, key_buffer, key_buffer_size,
1427 alg,
1428 nonce, nonce_length,
1429 additional_data, additional_data_length,
1430 plaintext, plaintext_length,
1431 ciphertext, ciphertext_size, ciphertext_length);
1432 /* Declared with fallback == true */
1433 if (status != PSA_ERROR_NOT_SUPPORTED) {
1434 return status;
1435 }
1436 #endif /* PSA_CRYPTO_DRIVER_TEST */
1437 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1438
1439 /* Fell through, meaning no accelerator supports this operation */
1440 return mbedtls_psa_aead_encrypt(
1441 attributes, key_buffer, key_buffer_size,
1442 alg,
1443 nonce, nonce_length,
1444 additional_data, additional_data_length,
1445 plaintext, plaintext_length,
1446 ciphertext, ciphertext_size, ciphertext_length);
1447
1448 /* Add cases for opaque driver here */
1449
1450 default:
1451 /* Key is declared with a lifetime not known to us */
1452 (void) status;
1453 return PSA_ERROR_INVALID_ARGUMENT;
1454 }
1455 }
1456
psa_driver_wrapper_aead_decrypt(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * nonce,size_t nonce_length,const uint8_t * additional_data,size_t additional_data_length,const uint8_t * ciphertext,size_t ciphertext_length,uint8_t * plaintext,size_t plaintext_size,size_t * plaintext_length)1457 psa_status_t psa_driver_wrapper_aead_decrypt(
1458 const psa_key_attributes_t *attributes,
1459 const uint8_t *key_buffer, size_t key_buffer_size,
1460 psa_algorithm_t alg,
1461 const uint8_t *nonce, size_t nonce_length,
1462 const uint8_t *additional_data, size_t additional_data_length,
1463 const uint8_t *ciphertext, size_t ciphertext_length,
1464 uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length)
1465 {
1466 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1467 psa_key_location_t location =
1468 PSA_KEY_LIFETIME_GET_LOCATION(attributes->core.lifetime);
1469
1470 switch (location) {
1471 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1472 /* Key is stored in the slot in export representation, so
1473 * cycle through all known transparent accelerators */
1474
1475 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1476 #if defined(PSA_CRYPTO_DRIVER_TEST)
1477 status = mbedtls_test_transparent_aead_decrypt(
1478 attributes, key_buffer, key_buffer_size,
1479 alg,
1480 nonce, nonce_length,
1481 additional_data, additional_data_length,
1482 ciphertext, ciphertext_length,
1483 plaintext, plaintext_size, plaintext_length);
1484 /* Declared with fallback == true */
1485 if (status != PSA_ERROR_NOT_SUPPORTED) {
1486 return status;
1487 }
1488 #endif /* PSA_CRYPTO_DRIVER_TEST */
1489 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1490
1491 /* Fell through, meaning no accelerator supports this operation */
1492 return mbedtls_psa_aead_decrypt(
1493 attributes, key_buffer, key_buffer_size,
1494 alg,
1495 nonce, nonce_length,
1496 additional_data, additional_data_length,
1497 ciphertext, ciphertext_length,
1498 plaintext, plaintext_size, plaintext_length);
1499
1500 /* Add cases for opaque driver here */
1501
1502 default:
1503 /* Key is declared with a lifetime not known to us */
1504 (void) status;
1505 return PSA_ERROR_INVALID_ARGUMENT;
1506 }
1507 }
1508
1509
1510 /*
1511 * MAC functions
1512 */
psa_driver_wrapper_mac_compute(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * input,size_t input_length,uint8_t * mac,size_t mac_size,size_t * mac_length)1513 psa_status_t psa_driver_wrapper_mac_compute(
1514 const psa_key_attributes_t *attributes,
1515 const uint8_t *key_buffer,
1516 size_t key_buffer_size,
1517 psa_algorithm_t alg,
1518 const uint8_t *input,
1519 size_t input_length,
1520 uint8_t *mac,
1521 size_t mac_size,
1522 size_t *mac_length)
1523 {
1524 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1525 psa_key_location_t location =
1526 PSA_KEY_LIFETIME_GET_LOCATION(attributes->core.lifetime);
1527
1528 switch (location) {
1529 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1530 /* Key is stored in the slot in export representation, so
1531 * cycle through all known transparent accelerators */
1532 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1533 #if defined(PSA_CRYPTO_DRIVER_TEST)
1534 status = mbedtls_test_transparent_mac_compute(
1535 attributes, key_buffer, key_buffer_size, alg,
1536 input, input_length,
1537 mac, mac_size, mac_length);
1538 /* Declared with fallback == true */
1539 if (status != PSA_ERROR_NOT_SUPPORTED) {
1540 return status;
1541 }
1542 #endif /* PSA_CRYPTO_DRIVER_TEST */
1543 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1544 #if defined(MBEDTLS_PSA_BUILTIN_MAC)
1545 /* Fell through, meaning no accelerator supports this operation */
1546 status = mbedtls_psa_mac_compute(
1547 attributes, key_buffer, key_buffer_size, alg,
1548 input, input_length,
1549 mac, mac_size, mac_length);
1550 if (status != PSA_ERROR_NOT_SUPPORTED) {
1551 return status;
1552 }
1553 #endif /* MBEDTLS_PSA_BUILTIN_MAC */
1554 return PSA_ERROR_NOT_SUPPORTED;
1555
1556 /* Add cases for opaque driver here */
1557 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1558 #if defined(PSA_CRYPTO_DRIVER_TEST)
1559 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
1560 status = mbedtls_test_opaque_mac_compute(
1561 attributes, key_buffer, key_buffer_size, alg,
1562 input, input_length,
1563 mac, mac_size, mac_length);
1564 return status;
1565 #endif /* PSA_CRYPTO_DRIVER_TEST */
1566 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1567 default:
1568 /* Key is declared with a lifetime not known to us */
1569 (void) key_buffer;
1570 (void) key_buffer_size;
1571 (void) alg;
1572 (void) input;
1573 (void) input_length;
1574 (void) mac;
1575 (void) mac_size;
1576 (void) mac_length;
1577 (void) status;
1578 return PSA_ERROR_INVALID_ARGUMENT;
1579 }
1580 }
1581
psa_driver_wrapper_mac_sign_setup(psa_mac_operation_t * operation,const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg)1582 psa_status_t psa_driver_wrapper_mac_sign_setup(
1583 psa_mac_operation_t *operation,
1584 const psa_key_attributes_t *attributes,
1585 const uint8_t *key_buffer,
1586 size_t key_buffer_size,
1587 psa_algorithm_t alg)
1588 {
1589 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1590 psa_key_location_t location =
1591 PSA_KEY_LIFETIME_GET_LOCATION(attributes->core.lifetime);
1592
1593 switch (location) {
1594 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1595 /* Key is stored in the slot in export representation, so
1596 * cycle through all known transparent accelerators */
1597 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1598 #if defined(PSA_CRYPTO_DRIVER_TEST)
1599 status = mbedtls_test_transparent_mac_sign_setup(
1600 &operation->ctx.transparent_test_driver_ctx,
1601 attributes,
1602 key_buffer, key_buffer_size,
1603 alg);
1604 /* Declared with fallback == true */
1605 if (status == PSA_SUCCESS) {
1606 operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
1607 }
1608
1609 if (status != PSA_ERROR_NOT_SUPPORTED) {
1610 return status;
1611 }
1612 #endif /* PSA_CRYPTO_DRIVER_TEST */
1613 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1614 #if defined(MBEDTLS_PSA_BUILTIN_MAC)
1615 /* Fell through, meaning no accelerator supports this operation */
1616 status = mbedtls_psa_mac_sign_setup(&operation->ctx.mbedtls_ctx,
1617 attributes,
1618 key_buffer, key_buffer_size,
1619 alg);
1620 if (status == PSA_SUCCESS) {
1621 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1622 }
1623
1624 if (status != PSA_ERROR_NOT_SUPPORTED) {
1625 return status;
1626 }
1627 #endif /* MBEDTLS_PSA_BUILTIN_MAC */
1628 return PSA_ERROR_NOT_SUPPORTED;
1629
1630 /* Add cases for opaque driver here */
1631 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1632 #if defined(PSA_CRYPTO_DRIVER_TEST)
1633 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
1634 status = mbedtls_test_opaque_mac_sign_setup(
1635 &operation->ctx.opaque_test_driver_ctx,
1636 attributes,
1637 key_buffer, key_buffer_size,
1638 alg);
1639
1640 if (status == PSA_SUCCESS) {
1641 operation->id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID;
1642 }
1643
1644 return status;
1645 #endif /* PSA_CRYPTO_DRIVER_TEST */
1646 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1647 default:
1648 /* Key is declared with a lifetime not known to us */
1649 (void) status;
1650 (void) operation;
1651 (void) key_buffer;
1652 (void) key_buffer_size;
1653 (void) alg;
1654 return PSA_ERROR_INVALID_ARGUMENT;
1655 }
1656 }
1657
psa_driver_wrapper_mac_verify_setup(psa_mac_operation_t * operation,const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg)1658 psa_status_t psa_driver_wrapper_mac_verify_setup(
1659 psa_mac_operation_t *operation,
1660 const psa_key_attributes_t *attributes,
1661 const uint8_t *key_buffer,
1662 size_t key_buffer_size,
1663 psa_algorithm_t alg)
1664 {
1665 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1666 psa_key_location_t location =
1667 PSA_KEY_LIFETIME_GET_LOCATION(attributes->core.lifetime);
1668
1669 switch (location) {
1670 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1671 /* Key is stored in the slot in export representation, so
1672 * cycle through all known transparent accelerators */
1673 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1674 #if defined(PSA_CRYPTO_DRIVER_TEST)
1675 status = mbedtls_test_transparent_mac_verify_setup(
1676 &operation->ctx.transparent_test_driver_ctx,
1677 attributes,
1678 key_buffer, key_buffer_size,
1679 alg);
1680 /* Declared with fallback == true */
1681 if (status == PSA_SUCCESS) {
1682 operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
1683 }
1684
1685 if (status != PSA_ERROR_NOT_SUPPORTED) {
1686 return status;
1687 }
1688 #endif /* PSA_CRYPTO_DRIVER_TEST */
1689 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1690 #if defined(MBEDTLS_PSA_BUILTIN_MAC)
1691 /* Fell through, meaning no accelerator supports this operation */
1692 status = mbedtls_psa_mac_verify_setup(&operation->ctx.mbedtls_ctx,
1693 attributes,
1694 key_buffer, key_buffer_size,
1695 alg);
1696 if (status == PSA_SUCCESS) {
1697 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1698 }
1699
1700 if (status != PSA_ERROR_NOT_SUPPORTED) {
1701 return status;
1702 }
1703 #endif /* MBEDTLS_PSA_BUILTIN_MAC */
1704 return PSA_ERROR_NOT_SUPPORTED;
1705
1706 /* Add cases for opaque driver here */
1707 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1708 #if defined(PSA_CRYPTO_DRIVER_TEST)
1709 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
1710 status = mbedtls_test_opaque_mac_verify_setup(
1711 &operation->ctx.opaque_test_driver_ctx,
1712 attributes,
1713 key_buffer, key_buffer_size,
1714 alg);
1715
1716 if (status == PSA_SUCCESS) {
1717 operation->id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID;
1718 }
1719
1720 return status;
1721 #endif /* PSA_CRYPTO_DRIVER_TEST */
1722 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1723 default:
1724 /* Key is declared with a lifetime not known to us */
1725 (void) status;
1726 (void) operation;
1727 (void) key_buffer;
1728 (void) key_buffer_size;
1729 (void) alg;
1730 return PSA_ERROR_INVALID_ARGUMENT;
1731 }
1732 }
1733
psa_driver_wrapper_mac_update(psa_mac_operation_t * operation,const uint8_t * input,size_t input_length)1734 psa_status_t psa_driver_wrapper_mac_update(
1735 psa_mac_operation_t *operation,
1736 const uint8_t *input,
1737 size_t input_length)
1738 {
1739 switch (operation->id) {
1740 #if defined(MBEDTLS_PSA_BUILTIN_MAC)
1741 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1742 return mbedtls_psa_mac_update(&operation->ctx.mbedtls_ctx,
1743 input, input_length);
1744 #endif /* MBEDTLS_PSA_BUILTIN_MAC */
1745
1746 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1747 #if defined(PSA_CRYPTO_DRIVER_TEST)
1748 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
1749 return mbedtls_test_transparent_mac_update(
1750 &operation->ctx.transparent_test_driver_ctx,
1751 input, input_length);
1752
1753 case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
1754 return mbedtls_test_opaque_mac_update(
1755 &operation->ctx.opaque_test_driver_ctx,
1756 input, input_length);
1757 #endif /* PSA_CRYPTO_DRIVER_TEST */
1758 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1759 default:
1760 (void) input;
1761 (void) input_length;
1762 return PSA_ERROR_INVALID_ARGUMENT;
1763 }
1764 }
1765
psa_driver_wrapper_mac_sign_finish(psa_mac_operation_t * operation,uint8_t * mac,size_t mac_size,size_t * mac_length)1766 psa_status_t psa_driver_wrapper_mac_sign_finish(
1767 psa_mac_operation_t *operation,
1768 uint8_t *mac,
1769 size_t mac_size,
1770 size_t *mac_length)
1771 {
1772 switch (operation->id) {
1773 #if defined(MBEDTLS_PSA_BUILTIN_MAC)
1774 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1775 return mbedtls_psa_mac_sign_finish(&operation->ctx.mbedtls_ctx,
1776 mac, mac_size, mac_length);
1777 #endif /* MBEDTLS_PSA_BUILTIN_MAC */
1778
1779 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1780 #if defined(PSA_CRYPTO_DRIVER_TEST)
1781 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
1782 return mbedtls_test_transparent_mac_sign_finish(
1783 &operation->ctx.transparent_test_driver_ctx,
1784 mac, mac_size, mac_length);
1785
1786 case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
1787 return mbedtls_test_opaque_mac_sign_finish(
1788 &operation->ctx.opaque_test_driver_ctx,
1789 mac, mac_size, mac_length);
1790 #endif /* PSA_CRYPTO_DRIVER_TEST */
1791 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1792 default:
1793 (void) mac;
1794 (void) mac_size;
1795 (void) mac_length;
1796 return PSA_ERROR_INVALID_ARGUMENT;
1797 }
1798 }
1799
psa_driver_wrapper_mac_verify_finish(psa_mac_operation_t * operation,const uint8_t * mac,size_t mac_length)1800 psa_status_t psa_driver_wrapper_mac_verify_finish(
1801 psa_mac_operation_t *operation,
1802 const uint8_t *mac,
1803 size_t mac_length)
1804 {
1805 switch (operation->id) {
1806 #if defined(MBEDTLS_PSA_BUILTIN_MAC)
1807 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1808 return mbedtls_psa_mac_verify_finish(&operation->ctx.mbedtls_ctx,
1809 mac, mac_length);
1810 #endif /* MBEDTLS_PSA_BUILTIN_MAC */
1811
1812 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1813 #if defined(PSA_CRYPTO_DRIVER_TEST)
1814 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
1815 return mbedtls_test_transparent_mac_verify_finish(
1816 &operation->ctx.transparent_test_driver_ctx,
1817 mac, mac_length);
1818
1819 case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
1820 return mbedtls_test_opaque_mac_verify_finish(
1821 &operation->ctx.opaque_test_driver_ctx,
1822 mac, mac_length);
1823 #endif /* PSA_CRYPTO_DRIVER_TEST */
1824 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1825 default:
1826 (void) mac;
1827 (void) mac_length;
1828 return PSA_ERROR_INVALID_ARGUMENT;
1829 }
1830 }
1831
psa_driver_wrapper_mac_abort(psa_mac_operation_t * operation)1832 psa_status_t psa_driver_wrapper_mac_abort(
1833 psa_mac_operation_t *operation)
1834 {
1835 switch (operation->id) {
1836 #if defined(MBEDTLS_PSA_BUILTIN_MAC)
1837 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1838 return mbedtls_psa_mac_abort(&operation->ctx.mbedtls_ctx);
1839 #endif /* MBEDTLS_PSA_BUILTIN_MAC */
1840
1841 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1842 #if defined(PSA_CRYPTO_DRIVER_TEST)
1843 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
1844 return mbedtls_test_transparent_mac_abort(
1845 &operation->ctx.transparent_test_driver_ctx);
1846 case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
1847 return mbedtls_test_opaque_mac_abort(
1848 &operation->ctx.opaque_test_driver_ctx);
1849 #endif /* PSA_CRYPTO_DRIVER_TEST */
1850 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1851 default:
1852 return PSA_ERROR_INVALID_ARGUMENT;
1853 }
1854 }
1855
1856 #endif /* MBEDTLS_PSA_CRYPTO_C */
1857