TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 1ec69067fa1351427f904362c1221b31538c8b57 / . / library / psa_crypto_driver_wrappers.h
blob: 6ab959769e0cb24efa59e493179267ff338873dd [file] [log] [blame]
Minos Galanakis591416f2023-10-03 22:16:56 +0100[diff] [blame]1/*
2 * Functions to delegate cryptographic operations to an available
3 * and appropriate accelerator.
4 * Warning: This file is now auto-generated.
5 */
6/* Copyright The Mbed TLS Contributors
7 * SPDX-License-Identifier: Apache-2.0
8 *
9 * Licensed under the Apache License, Version 2.0 (the "License"); you may
10 * not use this file except in compliance with the License.
11 * You may obtain a copy of the License at
12 *
13 * http://www.apache.org/licenses/LICENSE-2.0
14 *
15 * Unless required by applicable law or agreed to in writing, software
16 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
17 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18 * See the License for the specific language governing permissions and
19 * limitations under the License.
20 */
21
22
23/* BEGIN-common headers */
24#include "common.h"
25#include "psa_crypto_aead.h"
26#include "psa_crypto_cipher.h"
27#include "psa_crypto_core.h"
28#include "psa_crypto_driver_wrappers_no_static.h"
29#include "psa_crypto_hash.h"
30#include "psa_crypto_mac.h"
31#include "psa_crypto_pake.h"
32#include "psa_crypto_rsa.h"
33
34#include "mbedtls/platform.h"
35#include "mbedtls/constant_time.h"
36/* END-common headers */
37
38#if defined(MBEDTLS_PSA_CRYPTO_C)
39
40/* BEGIN-driver headers */
41/* Headers for mbedtls_test opaque driver */
42#if defined(PSA_CRYPTO_DRIVER_TEST)
43#include "test/drivers/test_driver.h"
44
45#endif
46/* Headers for mbedtls_test transparent driver */
47#if defined(PSA_CRYPTO_DRIVER_TEST)
48#include "test/drivers/test_driver.h"
49
50#endif
51/* Headers for p256 transparent driver */
52#if defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED)
53#include "../3rdparty/p256-m/p256-m_driver_entrypoints.h"
54
55#endif
56
57/* END-driver headers */
58
59/* Auto-generated values depending on which drivers are registered.
60 * ID 0 is reserved for unallocated operations.
61 * ID 1 is reserved for the Mbed TLS software driver. */
62/* BEGIN-driver id definition */
63#define PSA_CRYPTO_MBED_TLS_DRIVER_ID (1)
64#define MBEDTLS_TEST_OPAQUE_DRIVER_ID (2)
65#define MBEDTLS_TEST_TRANSPARENT_DRIVER_ID (3)
66#define P256_TRANSPARENT_DRIVER_ID (4)
67
68/* END-driver id */
69
70/* BEGIN-Common Macro definitions */
71
72/* END-Common Macro definitions */
73
74/* Support the 'old' SE interface when asked to */
75#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
76/* PSA_CRYPTO_DRIVER_PRESENT is defined when either a new-style or old-style
77 * SE driver is present, to avoid unused argument errors at compile time. */
78#ifndef PSA_CRYPTO_DRIVER_PRESENT
79#define PSA_CRYPTO_DRIVER_PRESENT
80#endif
81#include "psa_crypto_se.h"
82#endif
83
84static inline psa_status_t psa_driver_wrapper_init( void )
85{
86 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
87
88#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
89 status = psa_init_all_se_drivers( );
90 if( status != PSA_SUCCESS )
91 return( status );
92#endif
93
94#if defined(PSA_CRYPTO_DRIVER_TEST)
95 status = mbedtls_test_transparent_init( );
96 if( status != PSA_SUCCESS )
97 return( status );
98
99 status = mbedtls_test_opaque_init( );
100 if( status != PSA_SUCCESS )
101 return( status );
102#endif
103
104 (void) status;
105 return( PSA_SUCCESS );
106}
107
108static inline void psa_driver_wrapper_free( void )
109{
110#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
111 /* Unregister all secure element drivers, so that we restart from
112 * a pristine state. */
113 psa_unregister_all_se_drivers( );
114#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
115
116#if defined(PSA_CRYPTO_DRIVER_TEST)
117 mbedtls_test_transparent_free( );
118 mbedtls_test_opaque_free( );
119#endif
120}
121
122/* Start delegation functions */
123static inline psa_status_t psa_driver_wrapper_sign_message(
124 const psa_key_attributes_t *attributes,
125 const uint8_t *key_buffer,
126 size_t key_buffer_size,
127 psa_algorithm_t alg,
128 const uint8_t *input,
129 size_t input_length,
130 uint8_t *signature,
131 size_t signature_size,
132 size_t *signature_length )
133{
134 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
135 psa_key_location_t location =
136 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
137
138 switch( location )
139 {
140 case PSA_KEY_LOCATION_LOCAL_STORAGE:
141 /* Key is stored in the slot in export representation, so
142 * cycle through all known transparent accelerators */
143#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
144#if defined(PSA_CRYPTO_DRIVER_TEST)
145 status = mbedtls_test_transparent_signature_sign_message(
146 attributes,
147 key_buffer,
148 key_buffer_size,
149 alg,
150 input,
151 input_length,
152 signature,
153 signature_size,
154 signature_length );
155 /* Declared with fallback == true */
156 if( status != PSA_ERROR_NOT_SUPPORTED )
157 return( status );
158#endif /* PSA_CRYPTO_DRIVER_TEST */
159#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
160 break;
161
162 /* Add cases for opaque driver here */
163#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
164#if defined(PSA_CRYPTO_DRIVER_TEST)
165 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
166 status = mbedtls_test_opaque_signature_sign_message(
167 attributes,
168 key_buffer,
169 key_buffer_size,
170 alg,
171 input,
172 input_length,
173 signature,
174 signature_size,
175 signature_length );
176 if( status != PSA_ERROR_NOT_SUPPORTED )
177 return( status );
178 break;
179#endif /* PSA_CRYPTO_DRIVER_TEST */
180#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
181 default:
182 /* Key is declared with a lifetime not known to us */
183 (void)status;
184 break;
185 }
186
187 return( psa_sign_message_builtin( attributes,
188 key_buffer,
189 key_buffer_size,
190 alg,
191 input,
192 input_length,
193 signature,
194 signature_size,
195 signature_length ) );
196}
197
198static inline psa_status_t psa_driver_wrapper_verify_message(
199 const psa_key_attributes_t *attributes,
200 const uint8_t *key_buffer,
201 size_t key_buffer_size,
202 psa_algorithm_t alg,
203 const uint8_t *input,
204 size_t input_length,
205 const uint8_t *signature,
206 size_t signature_length )
207{
208 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
209 psa_key_location_t location =
210 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
211
212 switch( location )
213 {
214 case PSA_KEY_LOCATION_LOCAL_STORAGE:
215 /* Key is stored in the slot in export representation, so
216 * cycle through all known transparent accelerators */
217#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
218#if defined(PSA_CRYPTO_DRIVER_TEST)
219 status = mbedtls_test_transparent_signature_verify_message(
220 attributes,
221 key_buffer,
222 key_buffer_size,
223 alg,
224 input,
225 input_length,
226 signature,
227 signature_length );
228 /* Declared with fallback == true */
229 if( status != PSA_ERROR_NOT_SUPPORTED )
230 return( status );
231#endif /* PSA_CRYPTO_DRIVER_TEST */
232#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
233 break;
234
235 /* Add cases for opaque driver here */
236#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
237#if defined(PSA_CRYPTO_DRIVER_TEST)
238 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
239 return( mbedtls_test_opaque_signature_verify_message(
240 attributes,
241 key_buffer,
242 key_buffer_size,
243 alg,
244 input,
245 input_length,
246 signature,
247 signature_length ) );
248 if( status != PSA_ERROR_NOT_SUPPORTED )
249 return( status );
250 break;
251#endif /* PSA_CRYPTO_DRIVER_TEST */
252#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
253 default:
254 /* Key is declared with a lifetime not known to us */
255 (void)status;
256 break;
257 }
258
259 return( psa_verify_message_builtin( attributes,
260 key_buffer,
261 key_buffer_size,
262 alg,
263 input,
264 input_length,
265 signature,
266 signature_length ) );
267}
268
269static inline psa_status_t psa_driver_wrapper_sign_hash(
270 const psa_key_attributes_t *attributes,
271 const uint8_t *key_buffer, size_t key_buffer_size,
272 psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
273 uint8_t *signature, size_t signature_size, size_t *signature_length )
274{
275 /* Try dynamically-registered SE interface first */
276#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
277 const psa_drv_se_t *drv;
278 psa_drv_se_context_t *drv_context;
279
280 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
281 {
282 if( drv->asymmetric == NULL ||
283 drv->asymmetric->p_sign == NULL )
284 {
285 /* Key is defined in SE, but we have no way to exercise it */
286 return( PSA_ERROR_NOT_SUPPORTED );
287 }
288 return( drv->asymmetric->p_sign(
289 drv_context, *( (psa_key_slot_number_t *)key_buffer ),
290 alg, hash, hash_length,
291 signature, signature_size, signature_length ) );
292 }
293#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
294
295 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
296 psa_key_location_t location =
297 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
298
299 switch( location )
300 {
301 case PSA_KEY_LOCATION_LOCAL_STORAGE:
302 /* Key is stored in the slot in export representation, so
303 * cycle through all known transparent accelerators */
304#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
305#if defined(PSA_CRYPTO_DRIVER_TEST)
306 status = mbedtls_test_transparent_signature_sign_hash( attributes,
307 key_buffer,
308 key_buffer_size,
309 alg,
310 hash,
311 hash_length,
312 signature,
313 signature_size,
314 signature_length );
315 /* Declared with fallback == true */
316 if( status != PSA_ERROR_NOT_SUPPORTED )
317 return( status );
318#endif /* PSA_CRYPTO_DRIVER_TEST */
319#if defined (MBEDTLS_PSA_P256M_DRIVER_ENABLED)
320 if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) &&
321 PSA_ALG_IS_ECDSA(alg) &&
322 !PSA_ALG_ECDSA_IS_DETERMINISTIC( alg ) &&
323 PSA_KEY_TYPE_ECC_GET_FAMILY(attributes->core.type) == PSA_ECC_FAMILY_SECP_R1 &&
324 attributes->core.bits == 256 )
325 {
326 status = p256_transparent_sign_hash( attributes,
327 key_buffer,
328 key_buffer_size,
329 alg,
330 hash,
331 hash_length,
332 signature,
333 signature_size,
334 signature_length );
335 if( status != PSA_ERROR_NOT_SUPPORTED )
336 return( status );
337 }
338#endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */
339#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
340 /* Fell through, meaning no accelerator supports this operation */
341 return( psa_sign_hash_builtin( attributes,
342 key_buffer,
343 key_buffer_size,
344 alg,
345 hash,
346 hash_length,
347 signature,
348 signature_size,
349 signature_length ) );
350
351 /* Add cases for opaque driver here */
352#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
353#if defined(PSA_CRYPTO_DRIVER_TEST)
354 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
355 return( mbedtls_test_opaque_signature_sign_hash( attributes,
356 key_buffer,
357 key_buffer_size,
358 alg,
359 hash,
360 hash_length,
361 signature,
362 signature_size,
363 signature_length ) );
364#endif /* PSA_CRYPTO_DRIVER_TEST */
365#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
366 default:
367 /* Key is declared with a lifetime not known to us */
368 (void)status;
369 return( PSA_ERROR_INVALID_ARGUMENT );
370 }
371}
372
373static inline psa_status_t psa_driver_wrapper_verify_hash(
374 const psa_key_attributes_t *attributes,
375 const uint8_t *key_buffer, size_t key_buffer_size,
376 psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
377 const uint8_t *signature, size_t signature_length )
378{
379 /* Try dynamically-registered SE interface first */
380#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
381 const psa_drv_se_t *drv;
382 psa_drv_se_context_t *drv_context;
383
384 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
385 {
386 if( drv->asymmetric == NULL ||
387 drv->asymmetric->p_verify == NULL )
388 {
389 /* Key is defined in SE, but we have no way to exercise it */
390 return( PSA_ERROR_NOT_SUPPORTED );
391 }
392 return( drv->asymmetric->p_verify(
393 drv_context, *( (psa_key_slot_number_t *)key_buffer ),
394 alg, hash, hash_length,
395 signature, signature_length ) );
396 }
397#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
398
399 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
400 psa_key_location_t location =
401 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
402
403 switch( location )
404 {
405 case PSA_KEY_LOCATION_LOCAL_STORAGE:
406 /* Key is stored in the slot in export representation, so
407 * cycle through all known transparent accelerators */
408#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
409#if defined(PSA_CRYPTO_DRIVER_TEST)
410 status = mbedtls_test_transparent_signature_verify_hash(
411 attributes,
412 key_buffer,
413 key_buffer_size,
414 alg,
415 hash,
416 hash_length,
417 signature,
418 signature_length );
419 /* Declared with fallback == true */
420 if( status != PSA_ERROR_NOT_SUPPORTED )
421 return( status );
422#endif /* PSA_CRYPTO_DRIVER_TEST */
423#if defined (MBEDTLS_PSA_P256M_DRIVER_ENABLED)
424 if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) &&
425 PSA_ALG_IS_ECDSA(alg) &&
426 !PSA_ALG_ECDSA_IS_DETERMINISTIC( alg ) &&
427 PSA_KEY_TYPE_ECC_GET_FAMILY(attributes->core.type) == PSA_ECC_FAMILY_SECP_R1 &&
428 attributes->core.bits == 256 )
429 {
430 status = p256_transparent_verify_hash( attributes,
431 key_buffer,
432 key_buffer_size,
433 alg,
434 hash,
435 hash_length,
436 signature,
437 signature_length );
438 if( status != PSA_ERROR_NOT_SUPPORTED )
439 return( status );
440 }
441#endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */
442#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
443
444 return( psa_verify_hash_builtin( attributes,
445 key_buffer,
446 key_buffer_size,
447 alg,
448 hash,
449 hash_length,
450 signature,
451 signature_length ) );
452
453 /* Add cases for opaque driver here */
454#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
455#if defined(PSA_CRYPTO_DRIVER_TEST)
456 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
457 return( mbedtls_test_opaque_signature_verify_hash( attributes,
458 key_buffer,
459 key_buffer_size,
460 alg,
461 hash,
462 hash_length,
463 signature,
464 signature_length ) );
465#endif /* PSA_CRYPTO_DRIVER_TEST */
466#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
467 default:
468 /* Key is declared with a lifetime not known to us */
469 (void)status;
470 return( PSA_ERROR_INVALID_ARGUMENT );
471 }
472}
473
474static inline uint32_t psa_driver_wrapper_sign_hash_get_num_ops(
475 psa_sign_hash_interruptible_operation_t *operation )
476{
477 switch( operation->id )
478 {
479 /* If uninitialised, return 0, as no work can have been done. */
480 case 0:
481 return 0;
482
483 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
484 return(mbedtls_psa_sign_hash_get_num_ops(&operation->ctx.mbedtls_ctx));
485
486#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
487#if defined(PSA_CRYPTO_DRIVER_TEST)
488 /* Add test driver tests here */
489
490#endif /* PSA_CRYPTO_DRIVER_TEST */
491#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
492 }
493
494 /* Can't happen (see discussion in #8271) */
495 return 0;
496}
497
498static inline uint32_t psa_driver_wrapper_verify_hash_get_num_ops(
499 psa_verify_hash_interruptible_operation_t *operation )
500{
501 switch( operation->id )
502 {
503 /* If uninitialised, return 0, as no work can have been done. */
504 case 0:
505 return 0;
506
507 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
508 return (mbedtls_psa_verify_hash_get_num_ops(&operation->ctx.mbedtls_ctx));
509
510#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
511#if defined(PSA_CRYPTO_DRIVER_TEST)
512 /* Add test driver tests here */
513
514#endif /* PSA_CRYPTO_DRIVER_TEST */
515#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
516
517 }
518
519 /* Can't happen (see discussion in #8271) */
520 return 0;
521}
522
523static inline psa_status_t psa_driver_wrapper_sign_hash_start(
524 psa_sign_hash_interruptible_operation_t *operation,
525 const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
526 size_t key_buffer_size, psa_algorithm_t alg,
527 const uint8_t *hash, size_t hash_length )
528{
529 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
530 attributes->core.lifetime );
531
532 switch( location )
533 {
534 case PSA_KEY_LOCATION_LOCAL_STORAGE:
535 /* Key is stored in the slot in export representation, so
536 * cycle through all known transparent accelerators */
537
538#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
539#if defined(PSA_CRYPTO_DRIVER_TEST)
540
541 /* Add test driver tests here */
542
543 /* Declared with fallback == true */
544
545#endif /* PSA_CRYPTO_DRIVER_TEST */
546#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
547
548 /* Fell through, meaning no accelerator supports this operation */
549 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
550 return( mbedtls_psa_sign_hash_start( &operation->ctx.mbedtls_ctx,
551 attributes,
552 key_buffer, key_buffer_size,
553 alg, hash, hash_length ) );
554 break;
555
556 /* Add cases for opaque driver here */
557
558 default:
559 /* Key is declared with a lifetime not known to us */
560 return( PSA_ERROR_INVALID_ARGUMENT );
561 }
562}
563
564static inline psa_status_t psa_driver_wrapper_sign_hash_complete(
565 psa_sign_hash_interruptible_operation_t *operation,
566 uint8_t *signature, size_t signature_size,
567 size_t *signature_length )
568{
569 switch( operation->id )
570 {
571 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
572 return( mbedtls_psa_sign_hash_complete( &operation->ctx.mbedtls_ctx,
573 signature, signature_size,
574 signature_length ) );
575
576#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
577#if defined(PSA_CRYPTO_DRIVER_TEST)
578 /* Add test driver tests here */
579
580#endif /* PSA_CRYPTO_DRIVER_TEST */
581#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
582 }
583
584 ( void ) signature;
585 ( void ) signature_size;
586 ( void ) signature_length;
587
588 return( PSA_ERROR_INVALID_ARGUMENT );
589}
590
591static inline psa_status_t psa_driver_wrapper_sign_hash_abort(
592 psa_sign_hash_interruptible_operation_t *operation )
593{
594 switch( operation->id )
595 {
596 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
597 return( mbedtls_psa_sign_hash_abort( &operation->ctx.mbedtls_ctx ) );
598
599#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
600#if defined(PSA_CRYPTO_DRIVER_TEST)
601 /* Add test driver tests here */
602
603#endif /* PSA_CRYPTO_DRIVER_TEST */
604#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
605 }
606
607 return( PSA_ERROR_INVALID_ARGUMENT );
608}
609
610static inline psa_status_t psa_driver_wrapper_verify_hash_start(
611 psa_verify_hash_interruptible_operation_t *operation,
612 const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
613 size_t key_buffer_size, psa_algorithm_t alg,
614 const uint8_t *hash, size_t hash_length,
615 const uint8_t *signature, size_t signature_length )
616{
617 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
618 attributes->core.lifetime );
619
620 switch( location )
621 {
622 case PSA_KEY_LOCATION_LOCAL_STORAGE:
623 /* Key is stored in the slot in export representation, so
624 * cycle through all known transparent accelerators */
625
626#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
627#if defined(PSA_CRYPTO_DRIVER_TEST)
628
629 /* Add test driver tests here */
630
631 /* Declared with fallback == true */
632
633#endif /* PSA_CRYPTO_DRIVER_TEST */
634#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
635
636 /* Fell through, meaning no accelerator supports this operation */
637 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
638 return( mbedtls_psa_verify_hash_start( &operation->ctx.mbedtls_ctx,
639 attributes,
640 key_buffer, key_buffer_size,
641 alg, hash, hash_length,
642 signature, signature_length
643 ) );
644 break;
645
646 /* Add cases for opaque driver here */
647
648 default:
649 /* Key is declared with a lifetime not known to us */
650 return( PSA_ERROR_INVALID_ARGUMENT );
651 }
652}
653
654static inline psa_status_t psa_driver_wrapper_verify_hash_complete(
655 psa_verify_hash_interruptible_operation_t *operation )
656{
657 switch( operation->id )
658 {
659 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
660 return( mbedtls_psa_verify_hash_complete(
661 &operation->ctx.mbedtls_ctx
662 ) );
663
664#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
665#if defined(PSA_CRYPTO_DRIVER_TEST)
666 /* Add test driver tests here */
667
668#endif /* PSA_CRYPTO_DRIVER_TEST */
669#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
670 }
671
672 return( PSA_ERROR_INVALID_ARGUMENT );
673}
674
675static inline psa_status_t psa_driver_wrapper_verify_hash_abort(
676 psa_verify_hash_interruptible_operation_t *operation )
677{
678 switch( operation->id )
679 {
680 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
681 return( mbedtls_psa_verify_hash_abort( &operation->ctx.mbedtls_ctx
682 ) );
683
684#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
685#if defined(PSA_CRYPTO_DRIVER_TEST)
686 /* Add test driver tests here */
687
688#endif /* PSA_CRYPTO_DRIVER_TEST */
689#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
690 }
691
692 return( PSA_ERROR_INVALID_ARGUMENT );
693}
694
695/** Calculate the key buffer size required to store the key material of a key
696 * associated with an opaque driver from input key data.
697 *
698 * \param[in] attributes The key attributes
699 * \param[in] data The input key data.
700 * \param[in] data_length The input data length.
701 * \param[out] key_buffer_size Minimum buffer size to contain the key material.
702 *
703 * \retval #PSA_SUCCESS \emptydescription
704 * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
705 * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
706 */
707static inline psa_status_t psa_driver_wrapper_get_key_buffer_size_from_key_data(
708 const psa_key_attributes_t *attributes,
709 const uint8_t *data,
710 size_t data_length,
711 size_t *key_buffer_size )
712{
713 psa_key_location_t location =
714 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
715 psa_key_type_t key_type = attributes->core.type;
716
717 *key_buffer_size = 0;
718 switch( location )
719 {
720#if defined(PSA_CRYPTO_DRIVER_TEST)
721 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
722 *key_buffer_size = mbedtls_test_opaque_size_function( key_type,
723 PSA_BYTES_TO_BITS( data_length ) );
724 return( ( *key_buffer_size != 0 ) ?
725 PSA_SUCCESS : PSA_ERROR_NOT_SUPPORTED );
726#endif /* PSA_CRYPTO_DRIVER_TEST */
727
728 default:
729 (void)key_type;
730 (void)data;
731 (void)data_length;
732 return( PSA_ERROR_INVALID_ARGUMENT );
733 }
734}
735
736static inline psa_status_t psa_driver_wrapper_generate_key(
737 const psa_key_attributes_t *attributes,
738 uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
739{
740 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
741 psa_key_location_t location =
742 PSA_KEY_LIFETIME_GET_LOCATION(attributes->core.lifetime);
743
744 /* Try dynamically-registered SE interface first */
745#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
746 const psa_drv_se_t *drv;
747 psa_drv_se_context_t *drv_context;
748
749 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
750 {
751 size_t pubkey_length = 0; /* We don't support this feature yet */
752 if( drv->key_management == NULL ||
753 drv->key_management->p_generate == NULL )
754 {
755 /* Key is defined as being in SE, but we have no way to generate it */
756 return( PSA_ERROR_NOT_SUPPORTED );
757 }
758 return( drv->key_management->p_generate(
759 drv_context,
760 *( (psa_key_slot_number_t *)key_buffer ),
761 attributes, NULL, 0, &pubkey_length ) );
762 }
763#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
764
765 switch( location )
766 {
767 case PSA_KEY_LOCATION_LOCAL_STORAGE:
768#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
769 /* Transparent drivers are limited to generating asymmetric keys */
770 if( PSA_KEY_TYPE_IS_ASYMMETRIC( attributes->core.type ) )
771 {
772 /* Cycle through all known transparent accelerators */
773#if defined(PSA_CRYPTO_DRIVER_TEST)
774 status = mbedtls_test_transparent_generate_key(
775 attributes, key_buffer, key_buffer_size,
776 key_buffer_length );
777 /* Declared with fallback == true */
778 if( status != PSA_ERROR_NOT_SUPPORTED )
779 break;
780#endif /* PSA_CRYPTO_DRIVER_TEST */
781#if defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED)
782 if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) &&
783 attributes->core.type == PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1) &&
784 attributes->core.bits == 256 )
785 {
786 status = p256_transparent_generate_key( attributes,
787 key_buffer,
788 key_buffer_size,
789 key_buffer_length );
790 if( status != PSA_ERROR_NOT_SUPPORTED )
791 break;
792 }
793
794#endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */
795 }
796#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
797
798 /* Software fallback */
799 status = psa_generate_key_internal(
800 attributes, key_buffer, key_buffer_size, key_buffer_length );
801 break;
802
803 /* Add cases for opaque driver here */
804#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
805#if defined(PSA_CRYPTO_DRIVER_TEST)
806 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
807 status = mbedtls_test_opaque_generate_key(
808 attributes, key_buffer, key_buffer_size, key_buffer_length );
809 break;
810#endif /* PSA_CRYPTO_DRIVER_TEST */
811#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
812
813 default:
814 /* Key is declared with a lifetime not known to us */
815 status = PSA_ERROR_INVALID_ARGUMENT;
816 break;
817 }
818
819 return( status );
820}
821
822static inline psa_status_t psa_driver_wrapper_import_key(
823 const psa_key_attributes_t *attributes,
824 const uint8_t *data,
825 size_t data_length,
826 uint8_t *key_buffer,
827 size_t key_buffer_size,
828 size_t *key_buffer_length,
829 size_t *bits )
830{
831
832 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
833 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
834 psa_get_key_lifetime( attributes ) );
835
836 /* Try dynamically-registered SE interface first */
837#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
838 const psa_drv_se_t *drv;
839 psa_drv_se_context_t *drv_context;
840
841 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
842 {
843 if( drv->key_management == NULL ||
844 drv->key_management->p_import == NULL )
845 return( PSA_ERROR_NOT_SUPPORTED );
846
847 /* The driver should set the number of key bits, however in
848 * case it doesn't, we initialize bits to an invalid value. */
849 *bits = PSA_MAX_KEY_BITS + 1;
850 status = drv->key_management->p_import(
851 drv_context,
852 *( (psa_key_slot_number_t *)key_buffer ),
853 attributes, data, data_length, bits );
854
855 if( status != PSA_SUCCESS )
856 return( status );
857
858 if( (*bits) > PSA_MAX_KEY_BITS )
859 return( PSA_ERROR_NOT_SUPPORTED );
860
861 return( PSA_SUCCESS );
862 }
863#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
864
865 switch( location )
866 {
867 case PSA_KEY_LOCATION_LOCAL_STORAGE:
868 /* Key is stored in the slot in export representation, so
869 * cycle through all known transparent accelerators */
870#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
871
872#if (defined(PSA_CRYPTO_DRIVER_TEST) )
873 status = mbedtls_test_transparent_import_key
874 (attributes,
875 data,
876 data_length,
877 key_buffer,
878 key_buffer_size,
879 key_buffer_length,
880 bits
881 );
882
883 if( status != PSA_ERROR_NOT_SUPPORTED )
884 return( status );
885#endif
886
887#if (defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED) )
888 status = p256_transparent_import_key
889 (attributes,
890 data,
891 data_length,
892 key_buffer,
893 key_buffer_size,
894 key_buffer_length,
895 bits
896 );
897
898 if( status != PSA_ERROR_NOT_SUPPORTED )
899 return( status );
900#endif
901
902
903#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
904
905 /* Fell through, meaning no accelerator supports this operation */
906 return( psa_import_key_into_slot( attributes,
907 data, data_length,
908 key_buffer, key_buffer_size,
909 key_buffer_length, bits ) );
910 /* Add cases for opaque driver here */
911#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
912
913#if (defined(PSA_CRYPTO_DRIVER_TEST) )
914 case 0x7fffff:
915 return( mbedtls_test_opaque_import_key
916 (attributes,
917 data,
918 data_length,
919 key_buffer,
920 key_buffer_size,
921 key_buffer_length,
922 bits
923 ));
924#endif
925
926
927#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
928 default:
929 (void)status;
930 return( PSA_ERROR_INVALID_ARGUMENT );
931 }
932
933}
934
935static inline psa_status_t psa_driver_wrapper_export_key(
936 const psa_key_attributes_t *attributes,
937 const uint8_t *key_buffer, size_t key_buffer_size,
938 uint8_t *data, size_t data_size, size_t *data_length )
939
940{
941
942 psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
943 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
944 psa_get_key_lifetime( attributes ) );
945
946 /* Try dynamically-registered SE interface first */
947#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
948 const psa_drv_se_t *drv;
949 psa_drv_se_context_t *drv_context;
950
951 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
952 {
953 if( ( drv->key_management == NULL ) ||
954 ( drv->key_management->p_export == NULL ) )
955 {
956 return( PSA_ERROR_NOT_SUPPORTED );
957 }
958
959 return( drv->key_management->p_export(
960 drv_context,
961 *( (psa_key_slot_number_t *)key_buffer ),
962 data, data_size, data_length ) );
963 }
964#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
965
966 switch( location )
967 {
968 case PSA_KEY_LOCATION_LOCAL_STORAGE:
969 return( psa_export_key_internal( attributes,
970 key_buffer,
971 key_buffer_size,
972 data,
973 data_size,
974 data_length ) );
975
976 /* Add cases for opaque driver here */
977#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
978
979#if (defined(PSA_CRYPTO_DRIVER_TEST) )
980 case 0x7fffff:
981 return( mbedtls_test_opaque_export_key
982 (attributes,
983 key_buffer,
984 key_buffer_size,
985 data,
986 data_size,
987 data_length
988 ));
989#endif
990
991
992#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
993 default:
994 /* Key is declared with a lifetime not known to us */
995 return( status );
996 }
997
998}
999
1000static inline psa_status_t psa_driver_wrapper_copy_key(
1001 psa_key_attributes_t *attributes,
1002 const uint8_t *source_key, size_t source_key_length,
1003 uint8_t *target_key_buffer, size_t target_key_buffer_size,
1004 size_t *target_key_buffer_length )
1005{
1006
1007 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1008 psa_key_location_t location =
1009 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1010
1011#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
1012 const psa_drv_se_t *drv;
1013 psa_drv_se_context_t *drv_context;
1014
1015 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
1016 {
1017 /* Copying to a secure element is not implemented yet. */
1018 return( PSA_ERROR_NOT_SUPPORTED );
1019 }
1020#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
1021
1022 switch( location )
1023 {
1024#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1025
1026#if (defined(PSA_CRYPTO_DRIVER_TEST) )
1027 case 0x7fffff:
1028 return( mbedtls_test_opaque_copy_key
1029 (attributes,
1030 source_key,
1031 source_key_length,
1032 target_key_buffer,
1033 target_key_buffer_size,
1034 target_key_buffer_length
1035 ));
1036#endif
1037
1038
1039#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1040 default:
1041 (void)source_key;
1042 (void)source_key_length;
1043 (void)target_key_buffer;
1044 (void)target_key_buffer_size;
1045 (void)target_key_buffer_length;
1046 status = PSA_ERROR_INVALID_ARGUMENT;
1047 }
1048 return( status );
1049
1050}
1051
1052/*
1053 * Cipher functions
1054 */
1055static inline psa_status_t psa_driver_wrapper_cipher_encrypt(
1056 const psa_key_attributes_t *attributes,
1057 const uint8_t *key_buffer,
1058 size_t key_buffer_size,
1059 psa_algorithm_t alg,
1060 const uint8_t *iv,
1061 size_t iv_length,
1062 const uint8_t *input,
1063 size_t input_length,
1064 uint8_t *output,
1065 size_t output_size,
1066 size_t *output_length )
1067{
1068 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1069 psa_key_location_t location =
1070 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1071
1072 switch( location )
1073 {
1074 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1075 /* Key is stored in the slot in export representation, so
1076 * cycle through all known transparent accelerators */
1077#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1078#if defined(PSA_CRYPTO_DRIVER_TEST)
1079 status = mbedtls_test_transparent_cipher_encrypt( attributes,
1080 key_buffer,
1081 key_buffer_size,
1082 alg,
1083 iv,
1084 iv_length,
1085 input,
1086 input_length,
1087 output,
1088 output_size,
1089 output_length );
1090 /* Declared with fallback == true */
1091 if( status != PSA_ERROR_NOT_SUPPORTED )
1092 return( status );
1093#endif /* PSA_CRYPTO_DRIVER_TEST */
1094#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1095
1096#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1097 return( mbedtls_psa_cipher_encrypt( attributes,
1098 key_buffer,
1099 key_buffer_size,
1100 alg,
1101 iv,
1102 iv_length,
1103 input,
1104 input_length,
1105 output,
1106 output_size,
1107 output_length ) );
1108#else
1109 return( PSA_ERROR_NOT_SUPPORTED );
1110#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1111
1112 /* Add cases for opaque driver here */
1113#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1114#if defined(PSA_CRYPTO_DRIVER_TEST)
1115 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
1116 return( mbedtls_test_opaque_cipher_encrypt( attributes,
1117 key_buffer,
1118 key_buffer_size,
1119 alg,
1120 iv,
1121 iv_length,
1122 input,
1123 input_length,
1124 output,
1125 output_size,
1126 output_length ) );
1127#endif /* PSA_CRYPTO_DRIVER_TEST */
1128#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1129
1130 default:
1131 /* Key is declared with a lifetime not known to us */
1132 (void)status;
1133 (void)key_buffer;
1134 (void)key_buffer_size;
1135 (void)alg;
1136 (void)iv;
1137 (void)iv_length;
1138 (void)input;
1139 (void)input_length;
1140 (void)output;
1141 (void)output_size;
1142 (void)output_length;
1143 return( PSA_ERROR_INVALID_ARGUMENT );
1144 }
1145}
1146
1147static inline psa_status_t psa_driver_wrapper_cipher_decrypt(
1148 const psa_key_attributes_t *attributes,
1149 const uint8_t *key_buffer,
1150 size_t key_buffer_size,
1151 psa_algorithm_t alg,
1152 const uint8_t *input,
1153 size_t input_length,
1154 uint8_t *output,
1155 size_t output_size,
1156 size_t *output_length )
1157{
1158 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1159 psa_key_location_t location =
1160 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1161
1162 switch( location )
1163 {
1164 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1165 /* Key is stored in the slot in export representation, so
1166 * cycle through all known transparent accelerators */
1167#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1168#if defined(PSA_CRYPTO_DRIVER_TEST)
1169 status = mbedtls_test_transparent_cipher_decrypt( attributes,
1170 key_buffer,
1171 key_buffer_size,
1172 alg,
1173 input,
1174 input_length,
1175 output,
1176 output_size,
1177 output_length );
1178 /* Declared with fallback == true */
1179 if( status != PSA_ERROR_NOT_SUPPORTED )
1180 return( status );
1181#endif /* PSA_CRYPTO_DRIVER_TEST */
1182#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1183
1184#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1185 return( mbedtls_psa_cipher_decrypt( attributes,
1186 key_buffer,
1187 key_buffer_size,
1188 alg,
1189 input,
1190 input_length,
1191 output,
1192 output_size,
1193 output_length ) );
1194#else
1195 return( PSA_ERROR_NOT_SUPPORTED );
1196#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1197
1198 /* Add cases for opaque driver here */
1199#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1200#if defined(PSA_CRYPTO_DRIVER_TEST)
1201 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
1202 return( mbedtls_test_opaque_cipher_decrypt( attributes,
1203 key_buffer,
1204 key_buffer_size,
1205 alg,
1206 input,
1207 input_length,
1208 output,
1209 output_size,
1210 output_length ) );
1211#endif /* PSA_CRYPTO_DRIVER_TEST */
1212#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1213
1214 default:
1215 /* Key is declared with a lifetime not known to us */
1216 (void)status;
1217 (void)key_buffer;
1218 (void)key_buffer_size;
1219 (void)alg;
1220 (void)input;
1221 (void)input_length;
1222 (void)output;
1223 (void)output_size;
1224 (void)output_length;
1225 return( PSA_ERROR_INVALID_ARGUMENT );
1226 }
1227}
1228
1229static inline psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
1230 psa_cipher_operation_t *operation,
1231 const psa_key_attributes_t *attributes,
1232 const uint8_t *key_buffer, size_t key_buffer_size,
1233 psa_algorithm_t alg )
1234{
1235 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1236 psa_key_location_t location =
1237 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1238
1239 switch( location )
1240 {
1241 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1242 /* Key is stored in the slot in export representation, so
1243 * cycle through all known transparent accelerators */
1244#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1245#if defined(PSA_CRYPTO_DRIVER_TEST)
1246 status = mbedtls_test_transparent_cipher_encrypt_setup(
1247 &operation->ctx.transparent_test_driver_ctx,
1248 attributes,
1249 key_buffer,
1250 key_buffer_size,
1251 alg );
1252 /* Declared with fallback == true */
1253 if( status == PSA_SUCCESS )
1254 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
1255
1256 if( status != PSA_ERROR_NOT_SUPPORTED )
1257 return( status );
1258#endif /* PSA_CRYPTO_DRIVER_TEST */
1259#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1260#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1261 /* Fell through, meaning no accelerator supports this operation */
1262 status = mbedtls_psa_cipher_encrypt_setup( &operation->ctx.mbedtls_ctx,
1263 attributes,
1264 key_buffer,
1265 key_buffer_size,
1266 alg );
1267 if( status == PSA_SUCCESS )
1268 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1269
1270 if( status != PSA_ERROR_NOT_SUPPORTED )
1271 return( status );
1272#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1273 return( PSA_ERROR_NOT_SUPPORTED );
1274
1275 /* Add cases for opaque driver here */
1276#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1277#if defined(PSA_CRYPTO_DRIVER_TEST)
1278 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
1279 status = mbedtls_test_opaque_cipher_encrypt_setup(
1280 &operation->ctx.opaque_test_driver_ctx,
1281 attributes,
1282 key_buffer, key_buffer_size,
1283 alg );
1284
1285 if( status == PSA_SUCCESS )
1286 operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID;
1287
1288 return( status );
1289#endif /* PSA_CRYPTO_DRIVER_TEST */
1290#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1291 default:
1292 /* Key is declared with a lifetime not known to us */
1293 (void)status;
1294 (void)operation;
1295 (void)key_buffer;
1296 (void)key_buffer_size;
1297 (void)alg;
1298 return( PSA_ERROR_INVALID_ARGUMENT );
1299 }
1300}
1301
1302static inline psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
1303 psa_cipher_operation_t *operation,
1304 const psa_key_attributes_t *attributes,
1305 const uint8_t *key_buffer, size_t key_buffer_size,
1306 psa_algorithm_t alg )
1307{
1308 psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
1309 psa_key_location_t location =
1310 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1311
1312 switch( location )
1313 {
1314 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1315 /* Key is stored in the slot in export representation, so
1316 * cycle through all known transparent accelerators */
1317#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1318#if defined(PSA_CRYPTO_DRIVER_TEST)
1319 status = mbedtls_test_transparent_cipher_decrypt_setup(
1320 &operation->ctx.transparent_test_driver_ctx,
1321 attributes,
1322 key_buffer,
1323 key_buffer_size,
1324 alg );
1325 /* Declared with fallback == true */
1326 if( status == PSA_SUCCESS )
1327 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
1328
1329 if( status != PSA_ERROR_NOT_SUPPORTED )
1330 return( status );
1331#endif /* PSA_CRYPTO_DRIVER_TEST */
1332#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1333#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1334 /* Fell through, meaning no accelerator supports this operation */
1335 status = mbedtls_psa_cipher_decrypt_setup( &operation->ctx.mbedtls_ctx,
1336 attributes,
1337 key_buffer,
1338 key_buffer_size,
1339 alg );
1340 if( status == PSA_SUCCESS )
1341 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1342
1343 return( status );
1344#else /* MBEDTLS_PSA_BUILTIN_CIPHER */
1345 return( PSA_ERROR_NOT_SUPPORTED );
1346#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1347
1348 /* Add cases for opaque driver here */
1349#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1350#if defined(PSA_CRYPTO_DRIVER_TEST)
1351 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
1352 status = mbedtls_test_opaque_cipher_decrypt_setup(
1353 &operation->ctx.opaque_test_driver_ctx,
1354 attributes,
1355 key_buffer, key_buffer_size,
1356 alg );
1357
1358 if( status == PSA_SUCCESS )
1359 operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID;
1360
1361 return( status );
1362#endif /* PSA_CRYPTO_DRIVER_TEST */
1363#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1364 default:
1365 /* Key is declared with a lifetime not known to us */
1366 (void)status;
1367 (void)operation;
1368 (void)key_buffer;
1369 (void)key_buffer_size;
1370 (void)alg;
1371 return( PSA_ERROR_INVALID_ARGUMENT );
1372 }
1373}
1374
1375static inline psa_status_t psa_driver_wrapper_cipher_set_iv(
1376 psa_cipher_operation_t *operation,
1377 const uint8_t *iv,
1378 size_t iv_length )
1379{
1380 switch( operation->id )
1381 {
1382#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1383 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1384 return( mbedtls_psa_cipher_set_iv( &operation->ctx.mbedtls_ctx,
1385 iv,
1386 iv_length ) );
1387#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1388
1389#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1390#if defined(PSA_CRYPTO_DRIVER_TEST)
1391 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1392 return( mbedtls_test_transparent_cipher_set_iv(
1393 &operation->ctx.transparent_test_driver_ctx,
1394 iv, iv_length ) );
1395
1396 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
1397 return( mbedtls_test_opaque_cipher_set_iv(
1398 &operation->ctx.opaque_test_driver_ctx,
1399 iv, iv_length ) );
1400#endif /* PSA_CRYPTO_DRIVER_TEST */
1401#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1402 }
1403
1404 (void)iv;
1405 (void)iv_length;
1406
1407 return( PSA_ERROR_INVALID_ARGUMENT );
1408}
1409
1410static inline psa_status_t psa_driver_wrapper_cipher_update(
1411 psa_cipher_operation_t *operation,
1412 const uint8_t *input,
1413 size_t input_length,
1414 uint8_t *output,
1415 size_t output_size,
1416 size_t *output_length )
1417{
1418 switch( operation->id )
1419 {
1420#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1421 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1422 return( mbedtls_psa_cipher_update( &operation->ctx.mbedtls_ctx,
1423 input,
1424 input_length,
1425 output,
1426 output_size,
1427 output_length ) );
1428#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1429
1430#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1431#if defined(PSA_CRYPTO_DRIVER_TEST)
1432 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1433 return( mbedtls_test_transparent_cipher_update(
1434 &operation->ctx.transparent_test_driver_ctx,
1435 input, input_length,
1436 output, output_size, output_length ) );
1437
1438 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
1439 return( mbedtls_test_opaque_cipher_update(
1440 &operation->ctx.opaque_test_driver_ctx,
1441 input, input_length,
1442 output, output_size, output_length ) );
1443#endif /* PSA_CRYPTO_DRIVER_TEST */
1444#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1445 }
1446
1447 (void)input;
1448 (void)input_length;
1449 (void)output;
1450 (void)output_size;
1451 (void)output_length;
1452
1453 return( PSA_ERROR_INVALID_ARGUMENT );
1454}
1455
1456static inline psa_status_t psa_driver_wrapper_cipher_finish(
1457 psa_cipher_operation_t *operation,
1458 uint8_t *output,
1459 size_t output_size,
1460 size_t *output_length )
1461{
1462 switch( operation->id )
1463 {
1464#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1465 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1466 return( mbedtls_psa_cipher_finish( &operation->ctx.mbedtls_ctx,
1467 output,
1468 output_size,
1469 output_length ) );
1470#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1471
1472#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1473#if defined(PSA_CRYPTO_DRIVER_TEST)
1474 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1475 return( mbedtls_test_transparent_cipher_finish(
1476 &operation->ctx.transparent_test_driver_ctx,
1477 output, output_size, output_length ) );
1478
1479 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
1480 return( mbedtls_test_opaque_cipher_finish(
1481 &operation->ctx.opaque_test_driver_ctx,
1482 output, output_size, output_length ) );
1483#endif /* PSA_CRYPTO_DRIVER_TEST */
1484#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1485 }
1486
1487 (void)output;
1488 (void)output_size;
1489 (void)output_length;
1490
1491 return( PSA_ERROR_INVALID_ARGUMENT );
1492}
1493
1494static inline psa_status_t psa_driver_wrapper_cipher_abort(
1495 psa_cipher_operation_t *operation )
1496{
1497 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1498
1499 switch( operation->id )
1500 {
1501#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1502 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1503 return( mbedtls_psa_cipher_abort( &operation->ctx.mbedtls_ctx ) );
1504#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1505
1506#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1507#if defined(PSA_CRYPTO_DRIVER_TEST)
1508 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1509 status = mbedtls_test_transparent_cipher_abort(
1510 &operation->ctx.transparent_test_driver_ctx );
1511 mbedtls_platform_zeroize(
1512 &operation->ctx.transparent_test_driver_ctx,
1513 sizeof( operation->ctx.transparent_test_driver_ctx ) );
1514 return( status );
1515
1516 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
1517 status = mbedtls_test_opaque_cipher_abort(
1518 &operation->ctx.opaque_test_driver_ctx );
1519 mbedtls_platform_zeroize(
1520 &operation->ctx.opaque_test_driver_ctx,
1521 sizeof( operation->ctx.opaque_test_driver_ctx ) );
1522 return( status );
1523#endif /* PSA_CRYPTO_DRIVER_TEST */
1524#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1525 }
1526
1527 (void)status;
1528 return( PSA_ERROR_INVALID_ARGUMENT );
1529}
1530
1531/*
1532 * Hashing functions
1533 */
1534static inline psa_status_t psa_driver_wrapper_hash_compute(
1535 psa_algorithm_t alg,
1536 const uint8_t *input,
1537 size_t input_length,
1538 uint8_t *hash,
1539 size_t hash_size,
1540 size_t *hash_length)
1541{
1542 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1543
1544 /* Try accelerators first */
1545#if defined(PSA_CRYPTO_DRIVER_TEST)
1546 status = mbedtls_test_transparent_hash_compute(
1547 alg, input, input_length, hash, hash_size, hash_length );
1548 if( status != PSA_ERROR_NOT_SUPPORTED )
1549 return( status );
1550#endif
1551
1552 /* If software fallback is compiled in, try fallback */
1553#if defined(MBEDTLS_PSA_BUILTIN_HASH)
1554 status = mbedtls_psa_hash_compute( alg, input, input_length,
1555 hash, hash_size, hash_length );
1556 if( status != PSA_ERROR_NOT_SUPPORTED )
1557 return( status );
1558#endif
1559 (void) status;
1560 (void) alg;
1561 (void) input;
1562 (void) input_length;
1563 (void) hash;
1564 (void) hash_size;
1565 (void) hash_length;
1566
1567 return( PSA_ERROR_NOT_SUPPORTED );
1568}
1569
1570static inline psa_status_t psa_driver_wrapper_hash_setup(
1571 psa_hash_operation_t *operation,
1572 psa_algorithm_t alg )
1573{
1574 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1575
1576 /* Try setup on accelerators first */
1577#if defined(PSA_CRYPTO_DRIVER_TEST)
1578 status = mbedtls_test_transparent_hash_setup(
1579 &operation->ctx.test_driver_ctx, alg );
1580 if( status == PSA_SUCCESS )
1581 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
1582
1583 if( status != PSA_ERROR_NOT_SUPPORTED )
1584 return( status );
1585#endif
1586
1587 /* If software fallback is compiled in, try fallback */
1588#if defined(MBEDTLS_PSA_BUILTIN_HASH)
1589 status = mbedtls_psa_hash_setup( &operation->ctx.mbedtls_ctx, alg );
1590 if( status == PSA_SUCCESS )
1591 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1592
1593 if( status != PSA_ERROR_NOT_SUPPORTED )
1594 return( status );
1595#endif
1596 /* Nothing left to try if we fall through here */
1597 (void) status;
1598 (void) operation;
1599 (void) alg;
1600 return( PSA_ERROR_NOT_SUPPORTED );
1601}
1602
1603static inline psa_status_t psa_driver_wrapper_hash_clone(
1604 const psa_hash_operation_t *source_operation,
1605 psa_hash_operation_t *target_operation )
1606{
1607 switch( source_operation->id )
1608 {
1609#if defined(MBEDTLS_PSA_BUILTIN_HASH)
1610 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1611 target_operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1612 return( mbedtls_psa_hash_clone( &source_operation->ctx.mbedtls_ctx,
1613 &target_operation->ctx.mbedtls_ctx ) );
1614#endif
1615#if defined(PSA_CRYPTO_DRIVER_TEST)
1616 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1617 target_operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
1618 return( mbedtls_test_transparent_hash_clone(
1619 &source_operation->ctx.test_driver_ctx,
1620 &target_operation->ctx.test_driver_ctx ) );
1621#endif
1622 default:
1623 (void) target_operation;
1624 return( PSA_ERROR_BAD_STATE );
1625 }
1626}
1627
1628static inline psa_status_t psa_driver_wrapper_hash_update(
1629 psa_hash_operation_t *operation,
1630 const uint8_t *input,
1631 size_t input_length )
1632{
1633 switch( operation->id )
1634 {
1635#if defined(MBEDTLS_PSA_BUILTIN_HASH)
1636 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1637 return( mbedtls_psa_hash_update( &operation->ctx.mbedtls_ctx,
1638 input, input_length ) );
1639#endif
1640#if defined(PSA_CRYPTO_DRIVER_TEST)
1641 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1642 return( mbedtls_test_transparent_hash_update(
1643 &operation->ctx.test_driver_ctx,
1644 input, input_length ) );
1645#endif
1646 default:
1647 (void) input;
1648 (void) input_length;
1649 return( PSA_ERROR_BAD_STATE );
1650 }
1651}
1652
1653static inline psa_status_t psa_driver_wrapper_hash_finish(
1654 psa_hash_operation_t *operation,
1655 uint8_t *hash,
1656 size_t hash_size,
1657 size_t *hash_length )
1658{
1659 switch( operation->id )
1660 {
1661#if defined(MBEDTLS_PSA_BUILTIN_HASH)
1662 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1663 return( mbedtls_psa_hash_finish( &operation->ctx.mbedtls_ctx,
1664 hash, hash_size, hash_length ) );
1665#endif
1666#if defined(PSA_CRYPTO_DRIVER_TEST)
1667 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1668 return( mbedtls_test_transparent_hash_finish(
1669 &operation->ctx.test_driver_ctx,
1670 hash, hash_size, hash_length ) );
1671#endif
1672 default:
1673 (void) hash;
1674 (void) hash_size;
1675 (void) hash_length;
1676 return( PSA_ERROR_BAD_STATE );
1677 }
1678}
1679
1680static inline psa_status_t psa_driver_wrapper_hash_abort(
1681 psa_hash_operation_t *operation )
1682{
1683 switch( operation->id )
1684 {
1685#if defined(MBEDTLS_PSA_BUILTIN_HASH)
1686 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1687 return( mbedtls_psa_hash_abort( &operation->ctx.mbedtls_ctx ) );
1688#endif
1689#if defined(PSA_CRYPTO_DRIVER_TEST)
1690 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1691 return( mbedtls_test_transparent_hash_abort(
1692 &operation->ctx.test_driver_ctx ) );
1693#endif
1694 default:
1695 return( PSA_ERROR_BAD_STATE );
1696 }
1697}
1698
1699static inline psa_status_t psa_driver_wrapper_aead_encrypt(
1700 const psa_key_attributes_t *attributes,
1701 const uint8_t *key_buffer, size_t key_buffer_size,
1702 psa_algorithm_t alg,
1703 const uint8_t *nonce, size_t nonce_length,
1704 const uint8_t *additional_data, size_t additional_data_length,
1705 const uint8_t *plaintext, size_t plaintext_length,
1706 uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length )
1707{
1708 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1709 psa_key_location_t location =
1710 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1711
1712 switch( location )
1713 {
1714 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1715 /* Key is stored in the slot in export representation, so
1716 * cycle through all known transparent accelerators */
1717
1718#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1719#if defined(PSA_CRYPTO_DRIVER_TEST)
1720 status = mbedtls_test_transparent_aead_encrypt(
1721 attributes, key_buffer, key_buffer_size,
1722 alg,
1723 nonce, nonce_length,
1724 additional_data, additional_data_length,
1725 plaintext, plaintext_length,
1726 ciphertext, ciphertext_size, ciphertext_length );
1727 /* Declared with fallback == true */
1728 if( status != PSA_ERROR_NOT_SUPPORTED )
1729 return( status );
1730#endif /* PSA_CRYPTO_DRIVER_TEST */
1731#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1732
1733 /* Fell through, meaning no accelerator supports this operation */
1734 return( mbedtls_psa_aead_encrypt(
1735 attributes, key_buffer, key_buffer_size,
1736 alg,
1737 nonce, nonce_length,
1738 additional_data, additional_data_length,
1739 plaintext, plaintext_length,
1740 ciphertext, ciphertext_size, ciphertext_length ) );
1741
1742 /* Add cases for opaque driver here */
1743
1744 default:
1745 /* Key is declared with a lifetime not known to us */
1746 (void)status;
1747 return( PSA_ERROR_INVALID_ARGUMENT );
1748 }
1749}
1750
1751static inline psa_status_t psa_driver_wrapper_aead_decrypt(
1752 const psa_key_attributes_t *attributes,
1753 const uint8_t *key_buffer, size_t key_buffer_size,
1754 psa_algorithm_t alg,
1755 const uint8_t *nonce, size_t nonce_length,
1756 const uint8_t *additional_data, size_t additional_data_length,
1757 const uint8_t *ciphertext, size_t ciphertext_length,
1758 uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length )
1759{
1760 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1761 psa_key_location_t location =
1762 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1763
1764 switch( location )
1765 {
1766 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1767 /* Key is stored in the slot in export representation, so
1768 * cycle through all known transparent accelerators */
1769
1770#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1771#if defined(PSA_CRYPTO_DRIVER_TEST)
1772 status = mbedtls_test_transparent_aead_decrypt(
1773 attributes, key_buffer, key_buffer_size,
1774 alg,
1775 nonce, nonce_length,
1776 additional_data, additional_data_length,
1777 ciphertext, ciphertext_length,
1778 plaintext, plaintext_size, plaintext_length );
1779 /* Declared with fallback == true */
1780 if( status != PSA_ERROR_NOT_SUPPORTED )
1781 return( status );
1782#endif /* PSA_CRYPTO_DRIVER_TEST */
1783#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1784
1785 /* Fell through, meaning no accelerator supports this operation */
1786 return( mbedtls_psa_aead_decrypt(
1787 attributes, key_buffer, key_buffer_size,
1788 alg,
1789 nonce, nonce_length,
1790 additional_data, additional_data_length,
1791 ciphertext, ciphertext_length,
1792 plaintext, plaintext_size, plaintext_length ) );
1793
1794 /* Add cases for opaque driver here */
1795
1796 default:
1797 /* Key is declared with a lifetime not known to us */
1798 (void)status;
1799 return( PSA_ERROR_INVALID_ARGUMENT );
1800 }
1801}
1802
1803static inline psa_status_t psa_driver_wrapper_aead_encrypt_setup(
1804 psa_aead_operation_t *operation,
1805 const psa_key_attributes_t *attributes,
1806 const uint8_t *key_buffer, size_t key_buffer_size,
1807 psa_algorithm_t alg )
1808{
1809 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1810 psa_key_location_t location =
1811 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1812
1813 switch( location )
1814 {
1815 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1816 /* Key is stored in the slot in export representation, so
1817 * cycle through all known transparent accelerators */
1818
1819#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1820#if defined(PSA_CRYPTO_DRIVER_TEST)
1821 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
1822 status = mbedtls_test_transparent_aead_encrypt_setup(
1823 &operation->ctx.transparent_test_driver_ctx,
1824 attributes, key_buffer, key_buffer_size,
1825 alg );
1826
1827 /* Declared with fallback == true */
1828 if( status != PSA_ERROR_NOT_SUPPORTED )
1829 return( status );
1830#endif /* PSA_CRYPTO_DRIVER_TEST */
1831#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1832
1833 /* Fell through, meaning no accelerator supports this operation */
1834 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1835 status = mbedtls_psa_aead_encrypt_setup(
1836 &operation->ctx.mbedtls_ctx, attributes,
1837 key_buffer, key_buffer_size,
1838 alg );
1839
1840 return( status );
1841
1842 /* Add cases for opaque driver here */
1843
1844 default:
1845 /* Key is declared with a lifetime not known to us */
1846 (void)status;
1847 return( PSA_ERROR_INVALID_ARGUMENT );
1848 }
1849}
1850
1851static inline psa_status_t psa_driver_wrapper_aead_decrypt_setup(
1852 psa_aead_operation_t *operation,
1853 const psa_key_attributes_t *attributes,
1854 const uint8_t *key_buffer, size_t key_buffer_size,
1855 psa_algorithm_t alg )
1856{
1857 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1858 psa_key_location_t location =
1859 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1860
1861 switch( location )
1862 {
1863 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1864 /* Key is stored in the slot in export representation, so
1865 * cycle through all known transparent accelerators */
1866
1867#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1868#if defined(PSA_CRYPTO_DRIVER_TEST)
1869 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
1870 status = mbedtls_test_transparent_aead_decrypt_setup(
1871 &operation->ctx.transparent_test_driver_ctx,
1872 attributes,
1873 key_buffer, key_buffer_size,
1874 alg );
1875
1876 /* Declared with fallback == true */
1877 if( status != PSA_ERROR_NOT_SUPPORTED )
1878 return( status );
1879#endif /* PSA_CRYPTO_DRIVER_TEST */
1880#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1881
1882 /* Fell through, meaning no accelerator supports this operation */
1883 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1884 status = mbedtls_psa_aead_decrypt_setup(
1885 &operation->ctx.mbedtls_ctx,
1886 attributes,
1887 key_buffer, key_buffer_size,
1888 alg );
1889
1890 return( status );
1891
1892 /* Add cases for opaque driver here */
1893
1894 default:
1895 /* Key is declared with a lifetime not known to us */
1896 (void)status;
1897 return( PSA_ERROR_INVALID_ARGUMENT );
1898 }
1899}
1900
1901static inline psa_status_t psa_driver_wrapper_aead_set_nonce(
1902 psa_aead_operation_t *operation,
1903 const uint8_t *nonce,
1904 size_t nonce_length )
1905{
1906 switch( operation->id )
1907 {
1908#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
1909 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1910 return( mbedtls_psa_aead_set_nonce( &operation->ctx.mbedtls_ctx,
1911 nonce,
1912 nonce_length ) );
1913
1914#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
1915
1916#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1917#if defined(PSA_CRYPTO_DRIVER_TEST)
1918 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1919 return( mbedtls_test_transparent_aead_set_nonce(
1920 &operation->ctx.transparent_test_driver_ctx,
1921 nonce, nonce_length ) );
1922
1923 /* Add cases for opaque driver here */
1924
1925#endif /* PSA_CRYPTO_DRIVER_TEST */
1926#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1927 }
1928
1929 (void)nonce;
1930 (void)nonce_length;
1931
1932 return( PSA_ERROR_INVALID_ARGUMENT );
1933}
1934
1935static inline psa_status_t psa_driver_wrapper_aead_set_lengths(
1936 psa_aead_operation_t *operation,
1937 size_t ad_length,
1938 size_t plaintext_length )
1939{
1940 switch( operation->id )
1941 {
1942#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
1943 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1944 return( mbedtls_psa_aead_set_lengths( &operation->ctx.mbedtls_ctx,
1945 ad_length,
1946 plaintext_length ) );
1947
1948#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
1949
1950#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1951#if defined(PSA_CRYPTO_DRIVER_TEST)
1952 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1953 return( mbedtls_test_transparent_aead_set_lengths(
1954 &operation->ctx.transparent_test_driver_ctx,
1955 ad_length, plaintext_length ) );
1956
1957 /* Add cases for opaque driver here */
1958
1959#endif /* PSA_CRYPTO_DRIVER_TEST */
1960#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1961 }
1962
1963 (void)ad_length;
1964 (void)plaintext_length;
1965
1966 return( PSA_ERROR_INVALID_ARGUMENT );
1967}
1968
1969static inline psa_status_t psa_driver_wrapper_aead_update_ad(
1970 psa_aead_operation_t *operation,
1971 const uint8_t *input,
1972 size_t input_length )
1973{
1974 switch( operation->id )
1975 {
1976#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
1977 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1978 return( mbedtls_psa_aead_update_ad( &operation->ctx.mbedtls_ctx,
1979 input,
1980 input_length ) );
1981
1982#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
1983
1984#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1985#if defined(PSA_CRYPTO_DRIVER_TEST)
1986 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1987 return( mbedtls_test_transparent_aead_update_ad(
1988 &operation->ctx.transparent_test_driver_ctx,
1989 input, input_length ) );
1990
1991 /* Add cases for opaque driver here */
1992
1993#endif /* PSA_CRYPTO_DRIVER_TEST */
1994#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1995 }
1996
1997 (void)input;
1998 (void)input_length;
1999
2000 return( PSA_ERROR_INVALID_ARGUMENT );
2001}
2002
2003static inline psa_status_t psa_driver_wrapper_aead_update(
2004 psa_aead_operation_t *operation,
2005 const uint8_t *input,
2006 size_t input_length,
2007 uint8_t *output,
2008 size_t output_size,
2009 size_t *output_length )
2010{
2011 switch( operation->id )
2012 {
2013#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
2014 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2015 return( mbedtls_psa_aead_update( &operation->ctx.mbedtls_ctx,
2016 input, input_length,
2017 output, output_size,
2018 output_length ) );
2019
2020#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
2021
2022#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2023#if defined(PSA_CRYPTO_DRIVER_TEST)
2024 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2025 return( mbedtls_test_transparent_aead_update(
2026 &operation->ctx.transparent_test_driver_ctx,
2027 input, input_length, output, output_size,
2028 output_length ) );
2029
2030 /* Add cases for opaque driver here */
2031
2032#endif /* PSA_CRYPTO_DRIVER_TEST */
2033#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2034 }
2035
2036 (void)input;
2037 (void)input_length;
2038 (void)output;
2039 (void)output_size;
2040 (void)output_length;
2041
2042 return( PSA_ERROR_INVALID_ARGUMENT );
2043}
2044
2045static inline psa_status_t psa_driver_wrapper_aead_finish(
2046 psa_aead_operation_t *operation,
2047 uint8_t *ciphertext,
2048 size_t ciphertext_size,
2049 size_t *ciphertext_length,
2050 uint8_t *tag,
2051 size_t tag_size,
2052 size_t *tag_length )
2053{
2054 switch( operation->id )
2055 {
2056#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
2057 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2058 return( mbedtls_psa_aead_finish( &operation->ctx.mbedtls_ctx,
2059 ciphertext,
2060 ciphertext_size,
2061 ciphertext_length, tag,
2062 tag_size, tag_length ) );
2063
2064#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
2065
2066#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2067#if defined(PSA_CRYPTO_DRIVER_TEST)
2068 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2069 return( mbedtls_test_transparent_aead_finish(
2070 &operation->ctx.transparent_test_driver_ctx,
2071 ciphertext, ciphertext_size,
2072 ciphertext_length, tag, tag_size, tag_length ) );
2073
2074 /* Add cases for opaque driver here */
2075
2076#endif /* PSA_CRYPTO_DRIVER_TEST */
2077#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2078 }
2079
2080 (void)ciphertext;
2081 (void)ciphertext_size;
2082 (void)ciphertext_length;
2083 (void)tag;
2084 (void)tag_size;
2085 (void)tag_length;
2086
2087 return( PSA_ERROR_INVALID_ARGUMENT );
2088}
2089
2090static inline psa_status_t psa_driver_wrapper_aead_verify(
2091 psa_aead_operation_t *operation,
2092 uint8_t *plaintext,
2093 size_t plaintext_size,
2094 size_t *plaintext_length,
2095 const uint8_t *tag,
2096 size_t tag_length )
2097{
2098 switch( operation->id )
2099 {
2100#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
2101 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2102 {
2103 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2104 uint8_t check_tag[PSA_AEAD_TAG_MAX_SIZE];
2105 size_t check_tag_length;
2106
2107 status = mbedtls_psa_aead_finish( &operation->ctx.mbedtls_ctx,
2108 plaintext,
2109 plaintext_size,
2110 plaintext_length,
2111 check_tag,
2112 sizeof( check_tag ),
2113 &check_tag_length );
2114
2115 if( status == PSA_SUCCESS )
2116 {
2117 if( tag_length != check_tag_length ||
2118 mbedtls_ct_memcmp( tag, check_tag, tag_length )
2119 != 0 )
2120 status = PSA_ERROR_INVALID_SIGNATURE;
2121 }
2122
2123 mbedtls_platform_zeroize( check_tag, sizeof( check_tag ) );
2124
2125 return( status );
2126 }
2127
2128#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
2129
2130#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2131#if defined(PSA_CRYPTO_DRIVER_TEST)
2132 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2133 return( mbedtls_test_transparent_aead_verify(
2134 &operation->ctx.transparent_test_driver_ctx,
2135 plaintext, plaintext_size,
2136 plaintext_length, tag, tag_length ) );
2137
2138 /* Add cases for opaque driver here */
2139
2140#endif /* PSA_CRYPTO_DRIVER_TEST */
2141#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2142 }
2143
2144 (void)plaintext;
2145 (void)plaintext_size;
2146 (void)plaintext_length;
2147 (void)tag;
2148 (void)tag_length;
2149
2150 return( PSA_ERROR_INVALID_ARGUMENT );
2151}
2152
2153static inline psa_status_t psa_driver_wrapper_aead_abort(
2154 psa_aead_operation_t *operation )
2155{
2156 switch( operation->id )
2157 {
2158#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
2159 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2160 return( mbedtls_psa_aead_abort( &operation->ctx.mbedtls_ctx ) );
2161
2162#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
2163
2164#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2165#if defined(PSA_CRYPTO_DRIVER_TEST)
2166 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2167 return( mbedtls_test_transparent_aead_abort(
2168 &operation->ctx.transparent_test_driver_ctx ) );
2169
2170 /* Add cases for opaque driver here */
2171
2172#endif /* PSA_CRYPTO_DRIVER_TEST */
2173#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2174 }
2175
2176 return( PSA_ERROR_INVALID_ARGUMENT );
2177}
2178
2179/*
2180 * MAC functions
2181 */
2182static inline psa_status_t psa_driver_wrapper_mac_compute(
2183 const psa_key_attributes_t *attributes,
2184 const uint8_t *key_buffer,
2185 size_t key_buffer_size,
2186 psa_algorithm_t alg,
2187 const uint8_t *input,
2188 size_t input_length,
2189 uint8_t *mac,
2190 size_t mac_size,
2191 size_t *mac_length )
2192{
2193 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2194 psa_key_location_t location =
2195 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
2196
2197 switch( location )
2198 {
2199 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2200 /* Key is stored in the slot in export representation, so
2201 * cycle through all known transparent accelerators */
2202#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2203#if defined(PSA_CRYPTO_DRIVER_TEST)
2204 status = mbedtls_test_transparent_mac_compute(
2205 attributes, key_buffer, key_buffer_size, alg,
2206 input, input_length,
2207 mac, mac_size, mac_length );
2208 /* Declared with fallback == true */
2209 if( status != PSA_ERROR_NOT_SUPPORTED )
2210 return( status );
2211#endif /* PSA_CRYPTO_DRIVER_TEST */
2212#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2213#if defined(MBEDTLS_PSA_BUILTIN_MAC)
2214 /* Fell through, meaning no accelerator supports this operation */
2215 status = mbedtls_psa_mac_compute(
2216 attributes, key_buffer, key_buffer_size, alg,
2217 input, input_length,
2218 mac, mac_size, mac_length );
2219 if( status != PSA_ERROR_NOT_SUPPORTED )
2220 return( status );
2221#endif /* MBEDTLS_PSA_BUILTIN_MAC */
2222 return( PSA_ERROR_NOT_SUPPORTED );
2223
2224 /* Add cases for opaque driver here */
2225#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2226#if defined(PSA_CRYPTO_DRIVER_TEST)
2227 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2228 status = mbedtls_test_opaque_mac_compute(
2229 attributes, key_buffer, key_buffer_size, alg,
2230 input, input_length,
2231 mac, mac_size, mac_length );
2232 return( status );
2233#endif /* PSA_CRYPTO_DRIVER_TEST */
2234#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2235 default:
2236 /* Key is declared with a lifetime not known to us */
2237 (void) key_buffer;
2238 (void) key_buffer_size;
2239 (void) alg;
2240 (void) input;
2241 (void) input_length;
2242 (void) mac;
2243 (void) mac_size;
2244 (void) mac_length;
2245 (void) status;
2246 return( PSA_ERROR_INVALID_ARGUMENT );
2247 }
2248}
2249
2250static inline psa_status_t psa_driver_wrapper_mac_sign_setup(
2251 psa_mac_operation_t *operation,
2252 const psa_key_attributes_t *attributes,
2253 const uint8_t *key_buffer,
2254 size_t key_buffer_size,
2255 psa_algorithm_t alg )
2256{
2257 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2258 psa_key_location_t location =
2259 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
2260
2261 switch( location )
2262 {
2263 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2264 /* Key is stored in the slot in export representation, so
2265 * cycle through all known transparent accelerators */
2266#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2267#if defined(PSA_CRYPTO_DRIVER_TEST)
2268 status = mbedtls_test_transparent_mac_sign_setup(
2269 &operation->ctx.transparent_test_driver_ctx,
2270 attributes,
2271 key_buffer, key_buffer_size,
2272 alg );
2273 /* Declared with fallback == true */
2274 if( status == PSA_SUCCESS )
2275 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
2276
2277 if( status != PSA_ERROR_NOT_SUPPORTED )
2278 return( status );
2279#endif /* PSA_CRYPTO_DRIVER_TEST */
2280#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2281#if defined(MBEDTLS_PSA_BUILTIN_MAC)
2282 /* Fell through, meaning no accelerator supports this operation */
2283 status = mbedtls_psa_mac_sign_setup( &operation->ctx.mbedtls_ctx,
2284 attributes,
2285 key_buffer, key_buffer_size,
2286 alg );
2287 if( status == PSA_SUCCESS )
2288 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
2289
2290 if( status != PSA_ERROR_NOT_SUPPORTED )
2291 return( status );
2292#endif /* MBEDTLS_PSA_BUILTIN_MAC */
2293 return( PSA_ERROR_NOT_SUPPORTED );
2294
2295 /* Add cases for opaque driver here */
2296#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2297#if defined(PSA_CRYPTO_DRIVER_TEST)
2298 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2299 status = mbedtls_test_opaque_mac_sign_setup(
2300 &operation->ctx.opaque_test_driver_ctx,
2301 attributes,
2302 key_buffer, key_buffer_size,
2303 alg );
2304
2305 if( status == PSA_SUCCESS )
2306 operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID;
2307
2308 return( status );
2309#endif /* PSA_CRYPTO_DRIVER_TEST */
2310#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2311 default:
2312 /* Key is declared with a lifetime not known to us */
2313 (void) status;
2314 (void) operation;
2315 (void) key_buffer;
2316 (void) key_buffer_size;
2317 (void) alg;
2318 return( PSA_ERROR_INVALID_ARGUMENT );
2319 }
2320}
2321
2322static inline psa_status_t psa_driver_wrapper_mac_verify_setup(
2323 psa_mac_operation_t *operation,
2324 const psa_key_attributes_t *attributes,
2325 const uint8_t *key_buffer,
2326 size_t key_buffer_size,
2327 psa_algorithm_t alg )
2328{
2329 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2330 psa_key_location_t location =
2331 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
2332
2333 switch( location )
2334 {
2335 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2336 /* Key is stored in the slot in export representation, so
2337 * cycle through all known transparent accelerators */
2338#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2339#if defined(PSA_CRYPTO_DRIVER_TEST)
2340 status = mbedtls_test_transparent_mac_verify_setup(
2341 &operation->ctx.transparent_test_driver_ctx,
2342 attributes,
2343 key_buffer, key_buffer_size,
2344 alg );
2345 /* Declared with fallback == true */
2346 if( status == PSA_SUCCESS )
2347 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
2348
2349 if( status != PSA_ERROR_NOT_SUPPORTED )
2350 return( status );
2351#endif /* PSA_CRYPTO_DRIVER_TEST */
2352#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2353#if defined(MBEDTLS_PSA_BUILTIN_MAC)
2354 /* Fell through, meaning no accelerator supports this operation */
2355 status = mbedtls_psa_mac_verify_setup( &operation->ctx.mbedtls_ctx,
2356 attributes,
2357 key_buffer, key_buffer_size,
2358 alg );
2359 if( status == PSA_SUCCESS )
2360 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
2361
2362 if( status != PSA_ERROR_NOT_SUPPORTED )
2363 return( status );
2364#endif /* MBEDTLS_PSA_BUILTIN_MAC */
2365 return( PSA_ERROR_NOT_SUPPORTED );
2366
2367 /* Add cases for opaque driver here */
2368#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2369#if defined(PSA_CRYPTO_DRIVER_TEST)
2370 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2371 status = mbedtls_test_opaque_mac_verify_setup(
2372 &operation->ctx.opaque_test_driver_ctx,
2373 attributes,
2374 key_buffer, key_buffer_size,
2375 alg );
2376
2377 if( status == PSA_SUCCESS )
2378 operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID;
2379
2380 return( status );
2381#endif /* PSA_CRYPTO_DRIVER_TEST */
2382#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2383 default:
2384 /* Key is declared with a lifetime not known to us */
2385 (void) status;
2386 (void) operation;
2387 (void) key_buffer;
2388 (void) key_buffer_size;
2389 (void) alg;
2390 return( PSA_ERROR_INVALID_ARGUMENT );
2391 }
2392}
2393
2394static inline psa_status_t psa_driver_wrapper_mac_update(
2395 psa_mac_operation_t *operation,
2396 const uint8_t *input,
2397 size_t input_length )
2398{
2399 switch( operation->id )
2400 {
2401#if defined(MBEDTLS_PSA_BUILTIN_MAC)
2402 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2403 return( mbedtls_psa_mac_update( &operation->ctx.mbedtls_ctx,
2404 input, input_length ) );
2405#endif /* MBEDTLS_PSA_BUILTIN_MAC */
2406
2407#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2408#if defined(PSA_CRYPTO_DRIVER_TEST)
2409 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2410 return( mbedtls_test_transparent_mac_update(
2411 &operation->ctx.transparent_test_driver_ctx,
2412 input, input_length ) );
2413
2414 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
2415 return( mbedtls_test_opaque_mac_update(
2416 &operation->ctx.opaque_test_driver_ctx,
2417 input, input_length ) );
2418#endif /* PSA_CRYPTO_DRIVER_TEST */
2419#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2420 default:
2421 (void) input;
2422 (void) input_length;
2423 return( PSA_ERROR_INVALID_ARGUMENT );
2424 }
2425}
2426
2427static inline psa_status_t psa_driver_wrapper_mac_sign_finish(
2428 psa_mac_operation_t *operation,
2429 uint8_t *mac,
2430 size_t mac_size,
2431 size_t *mac_length )
2432{
2433 switch( operation->id )
2434 {
2435#if defined(MBEDTLS_PSA_BUILTIN_MAC)
2436 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2437 return( mbedtls_psa_mac_sign_finish( &operation->ctx.mbedtls_ctx,
2438 mac, mac_size, mac_length ) );
2439#endif /* MBEDTLS_PSA_BUILTIN_MAC */
2440
2441#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2442#if defined(PSA_CRYPTO_DRIVER_TEST)
2443 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2444 return( mbedtls_test_transparent_mac_sign_finish(
2445 &operation->ctx.transparent_test_driver_ctx,
2446 mac, mac_size, mac_length ) );
2447
2448 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
2449 return( mbedtls_test_opaque_mac_sign_finish(
2450 &operation->ctx.opaque_test_driver_ctx,
2451 mac, mac_size, mac_length ) );
2452#endif /* PSA_CRYPTO_DRIVER_TEST */
2453#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2454 default:
2455 (void) mac;
2456 (void) mac_size;
2457 (void) mac_length;
2458 return( PSA_ERROR_INVALID_ARGUMENT );
2459 }
2460}
2461
2462static inline psa_status_t psa_driver_wrapper_mac_verify_finish(
2463 psa_mac_operation_t *operation,
2464 const uint8_t *mac,
2465 size_t mac_length )
2466{
2467 switch( operation->id )
2468 {
2469#if defined(MBEDTLS_PSA_BUILTIN_MAC)
2470 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2471 return( mbedtls_psa_mac_verify_finish( &operation->ctx.mbedtls_ctx,
2472 mac, mac_length ) );
2473#endif /* MBEDTLS_PSA_BUILTIN_MAC */
2474
2475#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2476#if defined(PSA_CRYPTO_DRIVER_TEST)
2477 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2478 return( mbedtls_test_transparent_mac_verify_finish(
2479 &operation->ctx.transparent_test_driver_ctx,
2480 mac, mac_length ) );
2481
2482 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
2483 return( mbedtls_test_opaque_mac_verify_finish(
2484 &operation->ctx.opaque_test_driver_ctx,
2485 mac, mac_length ) );
2486#endif /* PSA_CRYPTO_DRIVER_TEST */
2487#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2488 default:
2489 (void) mac;
2490 (void) mac_length;
2491 return( PSA_ERROR_INVALID_ARGUMENT );
2492 }
2493}
2494
2495static inline psa_status_t psa_driver_wrapper_mac_abort(
2496 psa_mac_operation_t *operation )
2497{
2498 switch( operation->id )
2499 {
2500#if defined(MBEDTLS_PSA_BUILTIN_MAC)
2501 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2502 return( mbedtls_psa_mac_abort( &operation->ctx.mbedtls_ctx ) );
2503#endif /* MBEDTLS_PSA_BUILTIN_MAC */
2504
2505#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2506#if defined(PSA_CRYPTO_DRIVER_TEST)
2507 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2508 return( mbedtls_test_transparent_mac_abort(
2509 &operation->ctx.transparent_test_driver_ctx ) );
2510 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
2511 return( mbedtls_test_opaque_mac_abort(
2512 &operation->ctx.opaque_test_driver_ctx ) );
2513#endif /* PSA_CRYPTO_DRIVER_TEST */
2514#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2515 default:
2516 return( PSA_ERROR_INVALID_ARGUMENT );
2517 }
2518}
2519
2520/*
2521 * Asymmetric cryptography
2522 */
2523static inline psa_status_t psa_driver_wrapper_asymmetric_encrypt(
2524 const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
2525 size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input,
2526 size_t input_length, const uint8_t *salt, size_t salt_length,
2527 uint8_t *output, size_t output_size, size_t *output_length )
2528{
2529 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2530 psa_key_location_t location =
2531 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
2532
2533 switch( location )
2534 {
2535 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2536 /* Key is stored in the slot in export representation, so
2537 * cycle through all known transparent accelerators */
2538#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2539#if defined(PSA_CRYPTO_DRIVER_TEST)
2540 status = mbedtls_test_transparent_asymmetric_encrypt( attributes,
2541 key_buffer, key_buffer_size, alg, input, input_length,
2542 salt, salt_length, output, output_size,
2543 output_length );
2544 /* Declared with fallback == true */
2545 if( status != PSA_ERROR_NOT_SUPPORTED )
2546 return( status );
2547#endif /* PSA_CRYPTO_DRIVER_TEST */
2548#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2549 return( mbedtls_psa_asymmetric_encrypt( attributes,
2550 key_buffer, key_buffer_size, alg, input, input_length,
2551 salt, salt_length, output, output_size, output_length )
2552 );
2553 /* Add cases for opaque driver here */
2554#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2555#if defined(PSA_CRYPTO_DRIVER_TEST)
2556 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2557 return( mbedtls_test_opaque_asymmetric_encrypt( attributes,
2558 key_buffer, key_buffer_size, alg, input, input_length,
2559 salt, salt_length, output, output_size, output_length )
2560 );
2561#endif /* PSA_CRYPTO_DRIVER_TEST */
2562#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2563
2564 default:
2565 /* Key is declared with a lifetime not known to us */
2566 (void)status;
2567 (void)key_buffer;
2568 (void)key_buffer_size;
2569 (void)alg;
2570 (void)input;
2571 (void)input_length;
2572 (void)salt;
2573 (void)salt_length;
2574 (void)output;
2575 (void)output_size;
2576 (void)output_length;
2577 return( PSA_ERROR_INVALID_ARGUMENT );
2578 }
2579}
2580
2581static inline psa_status_t psa_driver_wrapper_asymmetric_decrypt(
2582 const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
2583 size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input,
2584 size_t input_length, const uint8_t *salt, size_t salt_length,
2585 uint8_t *output, size_t output_size, size_t *output_length )
2586{
2587 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2588 psa_key_location_t location =
2589 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
2590
2591 switch( location )
2592 {
2593 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2594 /* Key is stored in the slot in export representation, so
2595 * cycle through all known transparent accelerators */
2596#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2597#if defined(PSA_CRYPTO_DRIVER_TEST)
2598 status = mbedtls_test_transparent_asymmetric_decrypt( attributes,
2599 key_buffer, key_buffer_size, alg, input, input_length,
2600 salt, salt_length, output, output_size,
2601 output_length );
2602 /* Declared with fallback == true */
2603 if( status != PSA_ERROR_NOT_SUPPORTED )
2604 return( status );
2605#endif /* PSA_CRYPTO_DRIVER_TEST */
2606#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2607 return( mbedtls_psa_asymmetric_decrypt( attributes,
2608 key_buffer, key_buffer_size, alg,input, input_length,
2609 salt, salt_length, output, output_size,
2610 output_length ) );
2611 /* Add cases for opaque driver here */
2612#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2613#if defined(PSA_CRYPTO_DRIVER_TEST)
2614 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2615 return( mbedtls_test_opaque_asymmetric_decrypt( attributes,
2616 key_buffer, key_buffer_size, alg, input, input_length,
2617 salt, salt_length, output, output_size,
2618 output_length ) );
2619#endif /* PSA_CRYPTO_DRIVER_TEST */
2620#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2621
2622 default:
2623 /* Key is declared with a lifetime not known to us */
2624 (void)status;
2625 (void)key_buffer;
2626 (void)key_buffer_size;
2627 (void)alg;
2628 (void)input;
2629 (void)input_length;
2630 (void)salt;
2631 (void)salt_length;
2632 (void)output;
2633 (void)output_size;
2634 (void)output_length;
2635 return( PSA_ERROR_INVALID_ARGUMENT );
2636 }
2637}
2638
2639static inline psa_status_t psa_driver_wrapper_key_agreement(
2640 const psa_key_attributes_t *attributes,
2641 const uint8_t *key_buffer,
2642 size_t key_buffer_size,
2643 psa_algorithm_t alg,
2644 const uint8_t *peer_key,
2645 size_t peer_key_length,
2646 uint8_t *shared_secret,
2647 size_t shared_secret_size,
2648 size_t *shared_secret_length
2649 )
2650{
2651 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2652 psa_key_location_t location =
2653 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
2654
2655 switch( location )
2656 {
2657 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2658 /* Key is stored in the slot in export representation, so
2659 * cycle through all known transparent accelerators */
2660#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2661#if defined(PSA_CRYPTO_DRIVER_TEST)
2662 status =
2663 mbedtls_test_transparent_key_agreement( attributes,
2664 key_buffer, key_buffer_size, alg, peer_key,
2665 peer_key_length, shared_secret, shared_secret_size,
2666 shared_secret_length );
2667 if( status != PSA_ERROR_NOT_SUPPORTED )
2668 return( status );
2669#endif /* PSA_CRYPTO_DRIVER_TEST */
2670#if defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED)
2671 if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) &&
2672 PSA_ALG_IS_ECDH(alg) &&
2673 PSA_KEY_TYPE_ECC_GET_FAMILY(attributes->core.type) == PSA_ECC_FAMILY_SECP_R1 &&
2674 attributes->core.bits == 256 )
2675 {
2676 status = p256_transparent_key_agreement( attributes,
2677 key_buffer,
2678 key_buffer_size,
2679 alg,
2680 peer_key,
2681 peer_key_length,
2682 shared_secret,
2683 shared_secret_size,
2684 shared_secret_length );
2685 if( status != PSA_ERROR_NOT_SUPPORTED)
2686 return( status );
2687 }
2688#endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */
2689#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2690
2691 /* Software Fallback */
2692 status = psa_key_agreement_raw_builtin( attributes,
2693 key_buffer,
2694 key_buffer_size,
2695 alg,
2696 peer_key,
2697 peer_key_length,
2698 shared_secret,
2699 shared_secret_size,
2700 shared_secret_length );
2701 return( status );
2702#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2703#if defined(PSA_CRYPTO_DRIVER_TEST)
2704 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2705 return( mbedtls_test_opaque_key_agreement( attributes,
2706 key_buffer, key_buffer_size, alg, peer_key,
2707 peer_key_length, shared_secret, shared_secret_size,
2708 shared_secret_length ) );
2709#endif /* PSA_CRYPTO_DRIVER_TEST */
2710#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2711
2712 default:
2713 (void) attributes;
2714 (void) key_buffer;
2715 (void) key_buffer_size;
2716 (void) peer_key;
2717 (void) peer_key_length;
2718 (void) shared_secret;
2719 (void) shared_secret_size;
2720 (void) shared_secret_length;
2721 return( PSA_ERROR_NOT_SUPPORTED );
2722
2723 }
2724}
2725
2726static inline psa_status_t psa_driver_wrapper_pake_setup(
2727 psa_pake_operation_t *operation,
2728 const psa_crypto_driver_pake_inputs_t *inputs )
2729{
2730 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2731
2732 psa_key_location_t location =
2733 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime( &inputs->attributes ) );
2734
2735 switch( location )
2736 {
2737 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2738 /* Key is stored in the slot in export representation, so
2739 * cycle through all known transparent accelerators */
2740 status = PSA_ERROR_NOT_SUPPORTED;
2741#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2742#if defined(PSA_CRYPTO_DRIVER_TEST)
2743 status = mbedtls_test_transparent_pake_setup(
2744 &operation->data.ctx.transparent_test_driver_ctx,
2745 inputs );
2746 if( status == PSA_SUCCESS )
2747 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
2748 /* Declared with fallback == true */
2749 if( status != PSA_ERROR_NOT_SUPPORTED )
2750 return( status );
2751#endif /* PSA_CRYPTO_DRIVER_TEST */
2752#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2753#if defined(MBEDTLS_PSA_BUILTIN_PAKE)
2754 status = mbedtls_psa_pake_setup( &operation->data.ctx.mbedtls_ctx,
2755 inputs );
2756 if( status == PSA_SUCCESS )
2757 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
2758#endif
2759 return status;
2760 /* Add cases for opaque driver here */
2761 default:
2762 /* Key is declared with a lifetime not known to us */
2763 (void)operation;
2764 return( PSA_ERROR_INVALID_ARGUMENT );
2765 }
2766}
2767
2768static inline psa_status_t psa_driver_wrapper_pake_output(
2769 psa_pake_operation_t *operation,
2770 psa_crypto_driver_pake_step_t step,
2771 uint8_t *output,
2772 size_t output_size,
2773 size_t *output_length )
2774{
2775 switch( operation->id )
2776 {
2777#if defined(MBEDTLS_PSA_BUILTIN_PAKE)
2778 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2779 return( mbedtls_psa_pake_output( &operation->data.ctx.mbedtls_ctx, step,
2780 output, output_size, output_length ) );
2781#endif /* MBEDTLS_PSA_BUILTIN_PAKE */
2782
2783#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2784#if defined(PSA_CRYPTO_DRIVER_TEST)
2785 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2786 return( mbedtls_test_transparent_pake_output(
2787 &operation->data.ctx.transparent_test_driver_ctx,
2788 step, output, output_size, output_length ) );
2789#endif /* PSA_CRYPTO_DRIVER_TEST */
2790#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2791 default:
2792 (void) step;
2793 (void) output;
2794 (void) output_size;
2795 (void) output_length;
2796 return( PSA_ERROR_INVALID_ARGUMENT );
2797 }
2798}
2799
2800static inline psa_status_t psa_driver_wrapper_pake_input(
2801 psa_pake_operation_t *operation,
2802 psa_crypto_driver_pake_step_t step,
2803 const uint8_t *input,
2804 size_t input_length )
2805{
2806 switch( operation->id )
2807 {
2808#if defined(MBEDTLS_PSA_BUILTIN_PAKE)
2809 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2810 return( mbedtls_psa_pake_input( &operation->data.ctx.mbedtls_ctx,
2811 step, input,
2812 input_length ) );
2813#endif /* MBEDTLS_PSA_BUILTIN_PAKE */
2814
2815#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2816#if defined(PSA_CRYPTO_DRIVER_TEST)
2817 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2818 return( mbedtls_test_transparent_pake_input(
2819 &operation->data.ctx.transparent_test_driver_ctx,
2820 step,
2821 input, input_length ) );
2822#endif /* PSA_CRYPTO_DRIVER_TEST */
2823#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2824 default:
2825 (void) step;
2826 (void) input;
2827 (void) input_length;
2828 return( PSA_ERROR_INVALID_ARGUMENT );
2829 }
2830}
2831
2832static inline psa_status_t psa_driver_wrapper_pake_get_implicit_key(
2833 psa_pake_operation_t *operation,
2834 uint8_t *output, size_t output_size,
2835 size_t *output_length )
2836{
2837 switch( operation->id )
2838 {
2839#if defined(MBEDTLS_PSA_BUILTIN_PAKE)
2840 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2841 return( mbedtls_psa_pake_get_implicit_key( &operation->data.ctx.mbedtls_ctx,
2842 output, output_size, output_length ) );
2843#endif /* MBEDTLS_PSA_BUILTIN_PAKE */
2844
2845#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2846#if defined(PSA_CRYPTO_DRIVER_TEST)
2847 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2848 return( mbedtls_test_transparent_pake_get_implicit_key(
2849 &operation->data.ctx.transparent_test_driver_ctx,
2850 output, output_size, output_length ) );
2851#endif /* PSA_CRYPTO_DRIVER_TEST */
2852#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2853 default:
2854 (void) output;
2855 (void) output_size;
2856 (void) output_length;
2857 return( PSA_ERROR_INVALID_ARGUMENT );
2858 }
2859}
2860
2861static inline psa_status_t psa_driver_wrapper_pake_abort(
2862 psa_pake_operation_t * operation )
2863{
2864 switch( operation->id )
2865 {
2866#if defined(MBEDTLS_PSA_BUILTIN_PAKE)
2867 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2868 return( mbedtls_psa_pake_abort( &operation->data.ctx.mbedtls_ctx ) );
2869#endif /* MBEDTLS_PSA_BUILTIN_PAKE */
2870
2871#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2872#if defined(PSA_CRYPTO_DRIVER_TEST)
2873 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2874 return( mbedtls_test_transparent_pake_abort(
2875 &operation->data.ctx.transparent_test_driver_ctx ) );
2876#endif /* PSA_CRYPTO_DRIVER_TEST */
2877#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2878 default:
2879 return( PSA_ERROR_INVALID_ARGUMENT );
2880 }
2881}
2882
2883#endif /* MBEDTLS_PSA_CRYPTO_C */