made some static functions externally visible
moved accel definitions from other header files to accel header file
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index cdc6f5b..f59a68d 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -128,7 +128,7 @@
if( global_data.initialized == 0 ) \
return( PSA_ERROR_BAD_STATE );
-static psa_status_t mbedtls_to_psa_error( int ret )
+psa_status_t mbedtls_to_psa_error( int ret )
{
/* If there's both a high-level code and low-level code, dispatch on
* the high-level code. */
@@ -407,7 +407,7 @@
}
}
-static mbedtls_ecp_group_id mbedtls_ecc_group_of_psa( psa_ecc_curve_t curve )
+mbedtls_ecp_group_id mbedtls_ecc_group_of_psa( psa_ecc_curve_t curve )
{
switch( curve )
{
@@ -594,7 +594,7 @@
/* Import a public key given as the uncompressed representation defined by SEC1
* 2.3.3 as the content of an ECPoint. */
-static psa_status_t psa_import_ec_public_key( psa_ecc_curve_t curve,
+psa_status_t psa_import_ec_public_key( psa_ecc_curve_t curve,
const uint8_t *data,
size_t data_length,
mbedtls_ecp_keypair **p_ecp )
@@ -953,6 +953,14 @@
/** Wipe key data from a slot. Preserve metadata such as the policy. */
static psa_status_t psa_remove_key_data_from_memory( psa_key_slot_t *slot )
{
+ #if defined (MBEDTLS_PSA_CRYPTO_ACCEL_DRV_C)
+ if (PSA_KEY_LIFETIME_IS_VENDOR_DEFINED(slot->attr.lifetime))
+ {
+ psa_remove_key_data_from_memory_vendor(slot);
+ }
+ else
+#endif /* MBEDTLS_PSA_CRYPTO_ACCEL_DRV_C */
+
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
if( psa_key_slot_is_external( slot ) )
{
@@ -1638,7 +1646,7 @@
* \return If this function fails, the key slot is an invalid state.
* You must call psa_fail_key_creation() to wipe and free the slot.
*/
-static psa_status_t psa_finish_key_creation(
+psa_status_t psa_finish_key_creation(
psa_key_slot_t *slot,
psa_se_drv_table_entry_t *driver )
{
@@ -1859,6 +1867,14 @@
}
else
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
+#if defined (MBEDTLS_PSA_CRYPTO_ACCEL_DRV_C)
+ if (PSA_KEY_LIFETIME_IS_VENDOR_DEFINED(slot->attr.lifetime))
+ {
+ status = psa_import_key_into_slot_vendor( slot, data, data_length);
+ goto exit;
+ }
+ else
+#endif /* MBEDTLS_PSA_CRYPTO_ACCEL_DRV_C */
{
status = psa_import_key_into_slot( slot, data, data_length );
if( status != PSA_SUCCESS )
@@ -2433,7 +2449,7 @@
/* MAC */
/****************************************************************/
-static const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa(
+const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa(
psa_algorithm_t alg,
psa_key_type_t key_type,
size_t key_bits,
@@ -3743,6 +3759,14 @@
goto exit;
key_bits = psa_get_key_slot_bits( slot );
+#if defined (MBEDTLS_PSA_CRYPTO_ACCEL_DRV_C)
+ if (PSA_KEY_LIFETIME_IS_VENDOR_DEFINED(slot->attr.lifetime))
+ {
+ status = psa_cipher_setup_vendor(operation, handle, alg, cipher_operation);
+ goto exit;
+ }
+#endif /* MBEDTLS_PSA_CRYPTO_ACCEL_DRV_C */
+
cipher_info = mbedtls_cipher_info_from_psa( alg, slot->attr.type, key_bits, NULL );
if( cipher_info == NULL )
{
@@ -3754,14 +3778,6 @@
if( ret != 0 )
goto exit;
-#if defined (MBEDTLS_PSA_CRYPTO_ACCEL_DRV_C)
- if (PSA_KEY_LIFETIME_IS_VENDOR_DEFINED(slot->attr.lifetime))
- {
- status = psa_cipher_setup_vendor(operation, handle, alg);
- if( status != PSA_SUCCESS )
- goto exit;
- }
-#endif /* MBEDTLS_PSA_CRYPTO_ACCEL_DRV_C */
#if defined(MBEDTLS_DES_C)
if( slot->attr.type == PSA_KEY_TYPE_DES && key_bits == 128 )
{
@@ -4016,8 +4032,9 @@
* always have been initialized to a valid value). */
if( ! PSA_ALG_IS_CIPHER( operation->alg ) )
return( PSA_ERROR_BAD_STATE );
-
+#if defined (MBEDTLS_PSA_CRYPTO_ACCEL_DRV_C)
psa_cipher_abort_vendor(operation);
+#endif //MBEDTLS_PSA_CRYPTO_ACCEL_DRV_C
mbedtls_cipher_free( &operation->ctx.cipher );
operation->alg = 0;
@@ -5403,7 +5420,7 @@
#endif /* MBEDTLS_PSA_INJECT_ENTROPY */
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME)
-static psa_status_t psa_read_rsa_exponent( const uint8_t *domain_parameters,
+psa_status_t psa_read_rsa_exponent( const uint8_t *domain_parameters,
size_t domain_parameters_size,
int *exponent )
{
@@ -5570,12 +5587,12 @@
attributes->domain_parameters, attributes->domain_parameters_size);
}
else
+#endif /* MBEDTLS_PSA_CRYPTO_ACCEL_DRV_C */
{
status = psa_generate_key_internal(
slot, attributes->core.bits,
attributes->domain_parameters, attributes->domain_parameters_size );
}
-#endif /* MBEDTLS_PSA_CRYPTO_ACCEL_DRV_C */
exit:
if( status == PSA_SUCCESS )
status = psa_finish_key_creation( slot, driver );
diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h
index 266b0cc..4601440 100644
--- a/library/psa_crypto_core.h
+++ b/library/psa_crypto_core.h
@@ -23,9 +23,9 @@
#define PSA_CRYPTO_CORE_H
#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
+ #include "mbedtls/config.h"
#else
-#include MBEDTLS_CONFIG_FILE
+ #include MBEDTLS_CONFIG_FILE
#endif
#include "psa/crypto.h"
@@ -45,32 +45,31 @@
/* Raw-data key (key_type_is_raw_bytes() in psa_crypto.c) */
struct raw_data
{
- uint8_t *data;
- size_t bytes;
+ uint8_t * data;
+ size_t bytes;
} raw;
#if defined(MBEDTLS_RSA_C)
/* RSA public key or key pair */
- mbedtls_rsa_context *rsa;
-#endif /* MBEDTLS_RSA_C */
+ mbedtls_rsa_context * rsa;
+#endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_ECP_C)
/* EC public key or key pair */
- mbedtls_ecp_keypair *ecp;
-#endif /* MBEDTLS_ECP_C */
+ mbedtls_ecp_keypair * ecp;
+#endif /* MBEDTLS_ECP_C */
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
/* Any key type in a secure element */
struct se
{
psa_key_slot_number_t slot_number;
} se;
-#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
- void * vendor_context;
+#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
} data;
} psa_key_slot_t;
/* A mask of key attribute flags used only internally.
* Currently there aren't any. */
-#define PSA_KA_MASK_INTERNAL_ONLY ( \
- 0 )
+#define PSA_KA_MASK_INTERNAL_ONLY ( \
+ 0)
/** Test whether a key slot is occupied.
*
@@ -111,7 +110,7 @@
uint16_t value )
{
slot->attr.flags = ( ( ~mask & slot->attr.flags ) |
- ( mask & value ) );
+ (mask & value));
}
/** Turn on flags in psa_key_slot_t::attr::core::flags.
@@ -173,80 +172,7 @@
* already fully wiped.
* \retval PSA_ERROR_CORRUPTION_DETECTED
*/
-psa_status_t psa_wipe_key_slot( psa_key_slot_t *slot );
-
-/**
- * \brief Sign a hash or short message with a vendor defined private key.
- * This function has to be defined by the vendor if MBEDTLS_PSA_CRYPTO_ACCEL_DRV_C
- *is defined.
- *
- * Note that to perform a hash-and-sign signature algorithm, you must
- * first calculate the hash by calling psa_hash_setup(), psa_hash_update()
- * and psa_hash_finish(). Then pass the resulting hash as the \p hash
- * parameter to this function. You can use #PSA_ALG_SIGN_GET_HASH(\p alg)
- * to determine the hash algorithm to use.
- *
- * \param slot Key slot to use for the operation.
- * It must be an asymmetric key pair.
- * \param alg A signature algorithm that is compatible with
- * the type of \p handle.
- * \param[in] hash The hash or message to sign.
- * \param hash_length Size of the \p hash buffer in bytes.
- * \param[out] signature Buffer where the signature is to be written.
- * \param signature_size Size of the \p signature buffer in bytes.
- * \param[out] signature_length On success, the number of bytes
- * that make up the returned signature value.
- *
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_BUFFER_TOO_SMALL
- * The size of the \p signature buffer is too small. You can
- * determine a sufficient buffer size by calling
- * #PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg)
- * where \c key_type and \c key_bits are the type and bit-size
- * respectively of \p handle.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- * \retval Implementation dependent
- */
-psa_status_t psa_asymmetric_sign_vendor(psa_key_slot_t * slot,
- psa_algorithm_t alg,
- const uint8_t * hash,
- size_t hash_length,
- uint8_t * signature,
- size_t signature_size,
- size_t * signature_length);
-
-/**
- * \brief Verify the signature a hash or short message using a vendor defined public key.
- * This function has to be defined by the vendor if MBEDTLS_PSA_CRYPTO_ACCEL_DRV_C
- * is defined.
- *
- * Note that to perform a hash-and-sign signature algorithm, you must
- * first calculate the hash by calling psa_hash_setup(), psa_hash_update()
- * and psa_hash_finish(). Then pass the resulting hash as the \p hash
- * parameter to this function. You can use #PSA_ALG_SIGN_GET_HASH(\p alg)
- * to determine the hash algorithm to use.
- *
- * \param handle Key slot to use for the operation.
- * It must be a public key or an asymmetric key pair.
- * \param alg A signature algorithm that is compatible with
- * the type of \p handle.
- * \param[in] hash The hash or message whose signature is to be
- * verified.
- * \param hash_length Size of the \p hash buffer in bytes.
- * \param[in] signature Buffer containing the signature to verify.
- * \param signature_length Size of the \p signature buffer in bytes.
- *
- * \retval #PSA_SUCCESS
- * The signature is valid.
- * \retval #PSA_ERROR_INVALID_SIGNATURE
- * \retval Implementation dependent
- */
-psa_status_t psa_asymmetric_verify_vendor(psa_key_slot_t * slot,
- psa_algorithm_t alg,
- const uint8_t * hash,
- size_t hash_length,
- const uint8_t * signature,
- size_t signature_length);
+psa_status_t psa_wipe_key_slot(psa_key_slot_t * slot);
/** Import key data into a slot.
*