TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / e3c05853d6a9a6895d5ce690fbf8a485bc91ab97 / . / library / psa_crypto_driver_wrappers.h
blob: c05e43c30fb790dc387ce9e9714c460f95ac15a0 [file] [log] [blame]
Minos Galanakis591416f2023-10-03 22:16:56 +0100[diff] [blame]1/*
2 * Functions to delegate cryptographic operations to an available
3 * and appropriate accelerator.
4 * Warning: This file is now auto-generated.
5 */
6/* Copyright The Mbed TLS Contributors
Dave Rodgmane3c05852023-11-03 12:21:36 +0000[diff] [blame^]7 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
Minos Galanakis591416f2023-10-03 22:16:56 +0100[diff] [blame]8 */
9
10
11/* BEGIN-common headers */
12#include "common.h"
13#include "psa_crypto_aead.h"
14#include "psa_crypto_cipher.h"
15#include "psa_crypto_core.h"
16#include "psa_crypto_driver_wrappers_no_static.h"
17#include "psa_crypto_hash.h"
18#include "psa_crypto_mac.h"
19#include "psa_crypto_pake.h"
20#include "psa_crypto_rsa.h"
21
22#include "mbedtls/platform.h"
23#include "mbedtls/constant_time.h"
24/* END-common headers */
25
26#if defined(MBEDTLS_PSA_CRYPTO_C)
27
28/* BEGIN-driver headers */
29/* Headers for mbedtls_test opaque driver */
30#if defined(PSA_CRYPTO_DRIVER_TEST)
31#include "test/drivers/test_driver.h"
32
33#endif
34/* Headers for mbedtls_test transparent driver */
35#if defined(PSA_CRYPTO_DRIVER_TEST)
36#include "test/drivers/test_driver.h"
37
38#endif
39/* Headers for p256 transparent driver */
40#if defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED)
41#include "../3rdparty/p256-m/p256-m_driver_entrypoints.h"
42
43#endif
44
45/* END-driver headers */
46
47/* Auto-generated values depending on which drivers are registered.
48 * ID 0 is reserved for unallocated operations.
49 * ID 1 is reserved for the Mbed TLS software driver. */
50/* BEGIN-driver id definition */
51#define PSA_CRYPTO_MBED_TLS_DRIVER_ID (1)
52#define MBEDTLS_TEST_OPAQUE_DRIVER_ID (2)
53#define MBEDTLS_TEST_TRANSPARENT_DRIVER_ID (3)
54#define P256_TRANSPARENT_DRIVER_ID (4)
55
56/* END-driver id */
57
58/* BEGIN-Common Macro definitions */
59
60/* END-Common Macro definitions */
61
62/* Support the 'old' SE interface when asked to */
63#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
64/* PSA_CRYPTO_DRIVER_PRESENT is defined when either a new-style or old-style
65 * SE driver is present, to avoid unused argument errors at compile time. */
66#ifndef PSA_CRYPTO_DRIVER_PRESENT
67#define PSA_CRYPTO_DRIVER_PRESENT
68#endif
69#include "psa_crypto_se.h"
70#endif
71
72static inline psa_status_t psa_driver_wrapper_init( void )
73{
74 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
75
76#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
77 status = psa_init_all_se_drivers( );
78 if( status != PSA_SUCCESS )
79 return( status );
80#endif
81
82#if defined(PSA_CRYPTO_DRIVER_TEST)
83 status = mbedtls_test_transparent_init( );
84 if( status != PSA_SUCCESS )
85 return( status );
86
87 status = mbedtls_test_opaque_init( );
88 if( status != PSA_SUCCESS )
89 return( status );
90#endif
91
92 (void) status;
93 return( PSA_SUCCESS );
94}
95
96static inline void psa_driver_wrapper_free( void )
97{
98#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
99 /* Unregister all secure element drivers, so that we restart from
100 * a pristine state. */
101 psa_unregister_all_se_drivers( );
102#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
103
104#if defined(PSA_CRYPTO_DRIVER_TEST)
105 mbedtls_test_transparent_free( );
106 mbedtls_test_opaque_free( );
107#endif
108}
109
110/* Start delegation functions */
111static inline psa_status_t psa_driver_wrapper_sign_message(
112 const psa_key_attributes_t *attributes,
113 const uint8_t *key_buffer,
114 size_t key_buffer_size,
115 psa_algorithm_t alg,
116 const uint8_t *input,
117 size_t input_length,
118 uint8_t *signature,
119 size_t signature_size,
120 size_t *signature_length )
121{
122 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
123 psa_key_location_t location =
124 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
125
126 switch( location )
127 {
128 case PSA_KEY_LOCATION_LOCAL_STORAGE:
129 /* Key is stored in the slot in export representation, so
130 * cycle through all known transparent accelerators */
131#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
132#if defined(PSA_CRYPTO_DRIVER_TEST)
133 status = mbedtls_test_transparent_signature_sign_message(
134 attributes,
135 key_buffer,
136 key_buffer_size,
137 alg,
138 input,
139 input_length,
140 signature,
141 signature_size,
142 signature_length );
143 /* Declared with fallback == true */
144 if( status != PSA_ERROR_NOT_SUPPORTED )
145 return( status );
146#endif /* PSA_CRYPTO_DRIVER_TEST */
147#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
148 break;
149
150 /* Add cases for opaque driver here */
151#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
152#if defined(PSA_CRYPTO_DRIVER_TEST)
153 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
154 status = mbedtls_test_opaque_signature_sign_message(
155 attributes,
156 key_buffer,
157 key_buffer_size,
158 alg,
159 input,
160 input_length,
161 signature,
162 signature_size,
163 signature_length );
164 if( status != PSA_ERROR_NOT_SUPPORTED )
165 return( status );
166 break;
167#endif /* PSA_CRYPTO_DRIVER_TEST */
168#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
169 default:
170 /* Key is declared with a lifetime not known to us */
171 (void)status;
172 break;
173 }
174
175 return( psa_sign_message_builtin( attributes,
176 key_buffer,
177 key_buffer_size,
178 alg,
179 input,
180 input_length,
181 signature,
182 signature_size,
183 signature_length ) );
184}
185
186static inline psa_status_t psa_driver_wrapper_verify_message(
187 const psa_key_attributes_t *attributes,
188 const uint8_t *key_buffer,
189 size_t key_buffer_size,
190 psa_algorithm_t alg,
191 const uint8_t *input,
192 size_t input_length,
193 const uint8_t *signature,
194 size_t signature_length )
195{
196 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
197 psa_key_location_t location =
198 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
199
200 switch( location )
201 {
202 case PSA_KEY_LOCATION_LOCAL_STORAGE:
203 /* Key is stored in the slot in export representation, so
204 * cycle through all known transparent accelerators */
205#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
206#if defined(PSA_CRYPTO_DRIVER_TEST)
207 status = mbedtls_test_transparent_signature_verify_message(
208 attributes,
209 key_buffer,
210 key_buffer_size,
211 alg,
212 input,
213 input_length,
214 signature,
215 signature_length );
216 /* Declared with fallback == true */
217 if( status != PSA_ERROR_NOT_SUPPORTED )
218 return( status );
219#endif /* PSA_CRYPTO_DRIVER_TEST */
220#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
221 break;
222
223 /* Add cases for opaque driver here */
224#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
225#if defined(PSA_CRYPTO_DRIVER_TEST)
226 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
227 return( mbedtls_test_opaque_signature_verify_message(
228 attributes,
229 key_buffer,
230 key_buffer_size,
231 alg,
232 input,
233 input_length,
234 signature,
235 signature_length ) );
236 if( status != PSA_ERROR_NOT_SUPPORTED )
237 return( status );
238 break;
239#endif /* PSA_CRYPTO_DRIVER_TEST */
240#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
241 default:
242 /* Key is declared with a lifetime not known to us */
243 (void)status;
244 break;
245 }
246
247 return( psa_verify_message_builtin( attributes,
248 key_buffer,
249 key_buffer_size,
250 alg,
251 input,
252 input_length,
253 signature,
254 signature_length ) );
255}
256
257static inline psa_status_t psa_driver_wrapper_sign_hash(
258 const psa_key_attributes_t *attributes,
259 const uint8_t *key_buffer, size_t key_buffer_size,
260 psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
261 uint8_t *signature, size_t signature_size, size_t *signature_length )
262{
263 /* Try dynamically-registered SE interface first */
264#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
265 const psa_drv_se_t *drv;
266 psa_drv_se_context_t *drv_context;
267
268 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
269 {
270 if( drv->asymmetric == NULL ||
271 drv->asymmetric->p_sign == NULL )
272 {
273 /* Key is defined in SE, but we have no way to exercise it */
274 return( PSA_ERROR_NOT_SUPPORTED );
275 }
276 return( drv->asymmetric->p_sign(
277 drv_context, *( (psa_key_slot_number_t *)key_buffer ),
278 alg, hash, hash_length,
279 signature, signature_size, signature_length ) );
280 }
281#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
282
283 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
284 psa_key_location_t location =
285 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
286
287 switch( location )
288 {
289 case PSA_KEY_LOCATION_LOCAL_STORAGE:
290 /* Key is stored in the slot in export representation, so
291 * cycle through all known transparent accelerators */
292#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
293#if defined(PSA_CRYPTO_DRIVER_TEST)
294 status = mbedtls_test_transparent_signature_sign_hash( attributes,
295 key_buffer,
296 key_buffer_size,
297 alg,
298 hash,
299 hash_length,
300 signature,
301 signature_size,
302 signature_length );
303 /* Declared with fallback == true */
304 if( status != PSA_ERROR_NOT_SUPPORTED )
305 return( status );
306#endif /* PSA_CRYPTO_DRIVER_TEST */
307#if defined (MBEDTLS_PSA_P256M_DRIVER_ENABLED)
308 if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) &&
309 PSA_ALG_IS_ECDSA(alg) &&
310 !PSA_ALG_ECDSA_IS_DETERMINISTIC( alg ) &&
311 PSA_KEY_TYPE_ECC_GET_FAMILY(attributes->core.type) == PSA_ECC_FAMILY_SECP_R1 &&
312 attributes->core.bits == 256 )
313 {
314 status = p256_transparent_sign_hash( attributes,
315 key_buffer,
316 key_buffer_size,
317 alg,
318 hash,
319 hash_length,
320 signature,
321 signature_size,
322 signature_length );
323 if( status != PSA_ERROR_NOT_SUPPORTED )
324 return( status );
325 }
326#endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */
327#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
328 /* Fell through, meaning no accelerator supports this operation */
329 return( psa_sign_hash_builtin( attributes,
330 key_buffer,
331 key_buffer_size,
332 alg,
333 hash,
334 hash_length,
335 signature,
336 signature_size,
337 signature_length ) );
338
339 /* Add cases for opaque driver here */
340#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
341#if defined(PSA_CRYPTO_DRIVER_TEST)
342 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
343 return( mbedtls_test_opaque_signature_sign_hash( attributes,
344 key_buffer,
345 key_buffer_size,
346 alg,
347 hash,
348 hash_length,
349 signature,
350 signature_size,
351 signature_length ) );
352#endif /* PSA_CRYPTO_DRIVER_TEST */
353#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
354 default:
355 /* Key is declared with a lifetime not known to us */
356 (void)status;
357 return( PSA_ERROR_INVALID_ARGUMENT );
358 }
359}
360
361static inline psa_status_t psa_driver_wrapper_verify_hash(
362 const psa_key_attributes_t *attributes,
363 const uint8_t *key_buffer, size_t key_buffer_size,
364 psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
365 const uint8_t *signature, size_t signature_length )
366{
367 /* Try dynamically-registered SE interface first */
368#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
369 const psa_drv_se_t *drv;
370 psa_drv_se_context_t *drv_context;
371
372 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
373 {
374 if( drv->asymmetric == NULL ||
375 drv->asymmetric->p_verify == NULL )
376 {
377 /* Key is defined in SE, but we have no way to exercise it */
378 return( PSA_ERROR_NOT_SUPPORTED );
379 }
380 return( drv->asymmetric->p_verify(
381 drv_context, *( (psa_key_slot_number_t *)key_buffer ),
382 alg, hash, hash_length,
383 signature, signature_length ) );
384 }
385#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
386
387 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
388 psa_key_location_t location =
389 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
390
391 switch( location )
392 {
393 case PSA_KEY_LOCATION_LOCAL_STORAGE:
394 /* Key is stored in the slot in export representation, so
395 * cycle through all known transparent accelerators */
396#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
397#if defined(PSA_CRYPTO_DRIVER_TEST)
398 status = mbedtls_test_transparent_signature_verify_hash(
399 attributes,
400 key_buffer,
401 key_buffer_size,
402 alg,
403 hash,
404 hash_length,
405 signature,
406 signature_length );
407 /* Declared with fallback == true */
408 if( status != PSA_ERROR_NOT_SUPPORTED )
409 return( status );
410#endif /* PSA_CRYPTO_DRIVER_TEST */
411#if defined (MBEDTLS_PSA_P256M_DRIVER_ENABLED)
412 if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) &&
413 PSA_ALG_IS_ECDSA(alg) &&
414 !PSA_ALG_ECDSA_IS_DETERMINISTIC( alg ) &&
415 PSA_KEY_TYPE_ECC_GET_FAMILY(attributes->core.type) == PSA_ECC_FAMILY_SECP_R1 &&
416 attributes->core.bits == 256 )
417 {
418 status = p256_transparent_verify_hash( attributes,
419 key_buffer,
420 key_buffer_size,
421 alg,
422 hash,
423 hash_length,
424 signature,
425 signature_length );
426 if( status != PSA_ERROR_NOT_SUPPORTED )
427 return( status );
428 }
429#endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */
430#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
431
432 return( psa_verify_hash_builtin( attributes,
433 key_buffer,
434 key_buffer_size,
435 alg,
436 hash,
437 hash_length,
438 signature,
439 signature_length ) );
440
441 /* Add cases for opaque driver here */
442#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
443#if defined(PSA_CRYPTO_DRIVER_TEST)
444 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
445 return( mbedtls_test_opaque_signature_verify_hash( attributes,
446 key_buffer,
447 key_buffer_size,
448 alg,
449 hash,
450 hash_length,
451 signature,
452 signature_length ) );
453#endif /* PSA_CRYPTO_DRIVER_TEST */
454#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
455 default:
456 /* Key is declared with a lifetime not known to us */
457 (void)status;
458 return( PSA_ERROR_INVALID_ARGUMENT );
459 }
460}
461
462static inline uint32_t psa_driver_wrapper_sign_hash_get_num_ops(
463 psa_sign_hash_interruptible_operation_t *operation )
464{
465 switch( operation->id )
466 {
467 /* If uninitialised, return 0, as no work can have been done. */
468 case 0:
469 return 0;
470
471 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
472 return(mbedtls_psa_sign_hash_get_num_ops(&operation->ctx.mbedtls_ctx));
473
474#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
475#if defined(PSA_CRYPTO_DRIVER_TEST)
476 /* Add test driver tests here */
477
478#endif /* PSA_CRYPTO_DRIVER_TEST */
479#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
480 }
481
482 /* Can't happen (see discussion in #8271) */
483 return 0;
484}
485
486static inline uint32_t psa_driver_wrapper_verify_hash_get_num_ops(
487 psa_verify_hash_interruptible_operation_t *operation )
488{
489 switch( operation->id )
490 {
491 /* If uninitialised, return 0, as no work can have been done. */
492 case 0:
493 return 0;
494
495 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
496 return (mbedtls_psa_verify_hash_get_num_ops(&operation->ctx.mbedtls_ctx));
497
498#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
499#if defined(PSA_CRYPTO_DRIVER_TEST)
500 /* Add test driver tests here */
501
502#endif /* PSA_CRYPTO_DRIVER_TEST */
503#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
504
505 }
506
507 /* Can't happen (see discussion in #8271) */
508 return 0;
509}
510
511static inline psa_status_t psa_driver_wrapper_sign_hash_start(
512 psa_sign_hash_interruptible_operation_t *operation,
513 const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
514 size_t key_buffer_size, psa_algorithm_t alg,
515 const uint8_t *hash, size_t hash_length )
516{
517 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
518 attributes->core.lifetime );
519
520 switch( location )
521 {
522 case PSA_KEY_LOCATION_LOCAL_STORAGE:
523 /* Key is stored in the slot in export representation, so
524 * cycle through all known transparent accelerators */
525
526#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
527#if defined(PSA_CRYPTO_DRIVER_TEST)
528
529 /* Add test driver tests here */
530
531 /* Declared with fallback == true */
532
533#endif /* PSA_CRYPTO_DRIVER_TEST */
534#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
535
536 /* Fell through, meaning no accelerator supports this operation */
537 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
538 return( mbedtls_psa_sign_hash_start( &operation->ctx.mbedtls_ctx,
539 attributes,
540 key_buffer, key_buffer_size,
541 alg, hash, hash_length ) );
542 break;
543
544 /* Add cases for opaque driver here */
545
546 default:
547 /* Key is declared with a lifetime not known to us */
548 return( PSA_ERROR_INVALID_ARGUMENT );
549 }
550}
551
552static inline psa_status_t psa_driver_wrapper_sign_hash_complete(
553 psa_sign_hash_interruptible_operation_t *operation,
554 uint8_t *signature, size_t signature_size,
555 size_t *signature_length )
556{
557 switch( operation->id )
558 {
559 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
560 return( mbedtls_psa_sign_hash_complete( &operation->ctx.mbedtls_ctx,
561 signature, signature_size,
562 signature_length ) );
563
564#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
565#if defined(PSA_CRYPTO_DRIVER_TEST)
566 /* Add test driver tests here */
567
568#endif /* PSA_CRYPTO_DRIVER_TEST */
569#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
570 }
571
572 ( void ) signature;
573 ( void ) signature_size;
574 ( void ) signature_length;
575
576 return( PSA_ERROR_INVALID_ARGUMENT );
577}
578
579static inline psa_status_t psa_driver_wrapper_sign_hash_abort(
580 psa_sign_hash_interruptible_operation_t *operation )
581{
582 switch( operation->id )
583 {
584 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
585 return( mbedtls_psa_sign_hash_abort( &operation->ctx.mbedtls_ctx ) );
586
587#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
588#if defined(PSA_CRYPTO_DRIVER_TEST)
589 /* Add test driver tests here */
590
591#endif /* PSA_CRYPTO_DRIVER_TEST */
592#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
593 }
594
595 return( PSA_ERROR_INVALID_ARGUMENT );
596}
597
598static inline psa_status_t psa_driver_wrapper_verify_hash_start(
599 psa_verify_hash_interruptible_operation_t *operation,
600 const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
601 size_t key_buffer_size, psa_algorithm_t alg,
602 const uint8_t *hash, size_t hash_length,
603 const uint8_t *signature, size_t signature_length )
604{
605 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
606 attributes->core.lifetime );
607
608 switch( location )
609 {
610 case PSA_KEY_LOCATION_LOCAL_STORAGE:
611 /* Key is stored in the slot in export representation, so
612 * cycle through all known transparent accelerators */
613
614#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
615#if defined(PSA_CRYPTO_DRIVER_TEST)
616
617 /* Add test driver tests here */
618
619 /* Declared with fallback == true */
620
621#endif /* PSA_CRYPTO_DRIVER_TEST */
622#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
623
624 /* Fell through, meaning no accelerator supports this operation */
625 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
626 return( mbedtls_psa_verify_hash_start( &operation->ctx.mbedtls_ctx,
627 attributes,
628 key_buffer, key_buffer_size,
629 alg, hash, hash_length,
630 signature, signature_length
631 ) );
632 break;
633
634 /* Add cases for opaque driver here */
635
636 default:
637 /* Key is declared with a lifetime not known to us */
638 return( PSA_ERROR_INVALID_ARGUMENT );
639 }
640}
641
642static inline psa_status_t psa_driver_wrapper_verify_hash_complete(
643 psa_verify_hash_interruptible_operation_t *operation )
644{
645 switch( operation->id )
646 {
647 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
648 return( mbedtls_psa_verify_hash_complete(
649 &operation->ctx.mbedtls_ctx
650 ) );
651
652#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
653#if defined(PSA_CRYPTO_DRIVER_TEST)
654 /* Add test driver tests here */
655
656#endif /* PSA_CRYPTO_DRIVER_TEST */
657#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
658 }
659
660 return( PSA_ERROR_INVALID_ARGUMENT );
661}
662
663static inline psa_status_t psa_driver_wrapper_verify_hash_abort(
664 psa_verify_hash_interruptible_operation_t *operation )
665{
666 switch( operation->id )
667 {
668 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
669 return( mbedtls_psa_verify_hash_abort( &operation->ctx.mbedtls_ctx
670 ) );
671
672#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
673#if defined(PSA_CRYPTO_DRIVER_TEST)
674 /* Add test driver tests here */
675
676#endif /* PSA_CRYPTO_DRIVER_TEST */
677#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
678 }
679
680 return( PSA_ERROR_INVALID_ARGUMENT );
681}
682
683/** Calculate the key buffer size required to store the key material of a key
684 * associated with an opaque driver from input key data.
685 *
686 * \param[in] attributes The key attributes
687 * \param[in] data The input key data.
688 * \param[in] data_length The input data length.
689 * \param[out] key_buffer_size Minimum buffer size to contain the key material.
690 *
691 * \retval #PSA_SUCCESS \emptydescription
692 * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
693 * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
694 */
695static inline psa_status_t psa_driver_wrapper_get_key_buffer_size_from_key_data(
696 const psa_key_attributes_t *attributes,
697 const uint8_t *data,
698 size_t data_length,
699 size_t *key_buffer_size )
700{
701 psa_key_location_t location =
702 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
703 psa_key_type_t key_type = attributes->core.type;
704
705 *key_buffer_size = 0;
706 switch( location )
707 {
708#if defined(PSA_CRYPTO_DRIVER_TEST)
709 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
710 *key_buffer_size = mbedtls_test_opaque_size_function( key_type,
711 PSA_BYTES_TO_BITS( data_length ) );
712 return( ( *key_buffer_size != 0 ) ?
713 PSA_SUCCESS : PSA_ERROR_NOT_SUPPORTED );
714#endif /* PSA_CRYPTO_DRIVER_TEST */
715
716 default:
717 (void)key_type;
718 (void)data;
719 (void)data_length;
720 return( PSA_ERROR_INVALID_ARGUMENT );
721 }
722}
723
724static inline psa_status_t psa_driver_wrapper_generate_key(
725 const psa_key_attributes_t *attributes,
726 uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
727{
728 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
729 psa_key_location_t location =
730 PSA_KEY_LIFETIME_GET_LOCATION(attributes->core.lifetime);
731
732 /* Try dynamically-registered SE interface first */
733#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
734 const psa_drv_se_t *drv;
735 psa_drv_se_context_t *drv_context;
736
737 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
738 {
739 size_t pubkey_length = 0; /* We don't support this feature yet */
740 if( drv->key_management == NULL ||
741 drv->key_management->p_generate == NULL )
742 {
743 /* Key is defined as being in SE, but we have no way to generate it */
744 return( PSA_ERROR_NOT_SUPPORTED );
745 }
746 return( drv->key_management->p_generate(
747 drv_context,
748 *( (psa_key_slot_number_t *)key_buffer ),
749 attributes, NULL, 0, &pubkey_length ) );
750 }
751#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
752
753 switch( location )
754 {
755 case PSA_KEY_LOCATION_LOCAL_STORAGE:
756#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
757 /* Transparent drivers are limited to generating asymmetric keys */
758 if( PSA_KEY_TYPE_IS_ASYMMETRIC( attributes->core.type ) )
759 {
760 /* Cycle through all known transparent accelerators */
761#if defined(PSA_CRYPTO_DRIVER_TEST)
762 status = mbedtls_test_transparent_generate_key(
763 attributes, key_buffer, key_buffer_size,
764 key_buffer_length );
765 /* Declared with fallback == true */
766 if( status != PSA_ERROR_NOT_SUPPORTED )
767 break;
768#endif /* PSA_CRYPTO_DRIVER_TEST */
769#if defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED)
770 if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) &&
771 attributes->core.type == PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1) &&
772 attributes->core.bits == 256 )
773 {
774 status = p256_transparent_generate_key( attributes,
775 key_buffer,
776 key_buffer_size,
777 key_buffer_length );
778 if( status != PSA_ERROR_NOT_SUPPORTED )
779 break;
780 }
781
782#endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */
783 }
784#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
785
786 /* Software fallback */
787 status = psa_generate_key_internal(
788 attributes, key_buffer, key_buffer_size, key_buffer_length );
789 break;
790
791 /* Add cases for opaque driver here */
792#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
793#if defined(PSA_CRYPTO_DRIVER_TEST)
794 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
795 status = mbedtls_test_opaque_generate_key(
796 attributes, key_buffer, key_buffer_size, key_buffer_length );
797 break;
798#endif /* PSA_CRYPTO_DRIVER_TEST */
799#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
800
801 default:
802 /* Key is declared with a lifetime not known to us */
803 status = PSA_ERROR_INVALID_ARGUMENT;
804 break;
805 }
806
807 return( status );
808}
809
810static inline psa_status_t psa_driver_wrapper_import_key(
811 const psa_key_attributes_t *attributes,
812 const uint8_t *data,
813 size_t data_length,
814 uint8_t *key_buffer,
815 size_t key_buffer_size,
816 size_t *key_buffer_length,
817 size_t *bits )
818{
819
820 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
821 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
822 psa_get_key_lifetime( attributes ) );
823
824 /* Try dynamically-registered SE interface first */
825#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
826 const psa_drv_se_t *drv;
827 psa_drv_se_context_t *drv_context;
828
829 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
830 {
831 if( drv->key_management == NULL ||
832 drv->key_management->p_import == NULL )
833 return( PSA_ERROR_NOT_SUPPORTED );
834
835 /* The driver should set the number of key bits, however in
836 * case it doesn't, we initialize bits to an invalid value. */
837 *bits = PSA_MAX_KEY_BITS + 1;
838 status = drv->key_management->p_import(
839 drv_context,
840 *( (psa_key_slot_number_t *)key_buffer ),
841 attributes, data, data_length, bits );
842
843 if( status != PSA_SUCCESS )
844 return( status );
845
846 if( (*bits) > PSA_MAX_KEY_BITS )
847 return( PSA_ERROR_NOT_SUPPORTED );
848
849 return( PSA_SUCCESS );
850 }
851#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
852
853 switch( location )
854 {
855 case PSA_KEY_LOCATION_LOCAL_STORAGE:
856 /* Key is stored in the slot in export representation, so
857 * cycle through all known transparent accelerators */
858#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
859
860#if (defined(PSA_CRYPTO_DRIVER_TEST) )
861 status = mbedtls_test_transparent_import_key
862 (attributes,
863 data,
864 data_length,
865 key_buffer,
866 key_buffer_size,
867 key_buffer_length,
868 bits
869 );
870
871 if( status != PSA_ERROR_NOT_SUPPORTED )
872 return( status );
873#endif
874
875#if (defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED) )
876 status = p256_transparent_import_key
877 (attributes,
878 data,
879 data_length,
880 key_buffer,
881 key_buffer_size,
882 key_buffer_length,
883 bits
884 );
885
886 if( status != PSA_ERROR_NOT_SUPPORTED )
887 return( status );
888#endif
889
890
891#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
892
893 /* Fell through, meaning no accelerator supports this operation */
894 return( psa_import_key_into_slot( attributes,
895 data, data_length,
896 key_buffer, key_buffer_size,
897 key_buffer_length, bits ) );
898 /* Add cases for opaque driver here */
899#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
900
901#if (defined(PSA_CRYPTO_DRIVER_TEST) )
902 case 0x7fffff:
903 return( mbedtls_test_opaque_import_key
904 (attributes,
905 data,
906 data_length,
907 key_buffer,
908 key_buffer_size,
909 key_buffer_length,
910 bits
911 ));
912#endif
913
914
915#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
916 default:
917 (void)status;
918 return( PSA_ERROR_INVALID_ARGUMENT );
919 }
920
921}
922
923static inline psa_status_t psa_driver_wrapper_export_key(
924 const psa_key_attributes_t *attributes,
925 const uint8_t *key_buffer, size_t key_buffer_size,
926 uint8_t *data, size_t data_size, size_t *data_length )
927
928{
929
930 psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
931 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
932 psa_get_key_lifetime( attributes ) );
933
934 /* Try dynamically-registered SE interface first */
935#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
936 const psa_drv_se_t *drv;
937 psa_drv_se_context_t *drv_context;
938
939 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
940 {
941 if( ( drv->key_management == NULL ) ||
942 ( drv->key_management->p_export == NULL ) )
943 {
944 return( PSA_ERROR_NOT_SUPPORTED );
945 }
946
947 return( drv->key_management->p_export(
948 drv_context,
949 *( (psa_key_slot_number_t *)key_buffer ),
950 data, data_size, data_length ) );
951 }
952#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
953
954 switch( location )
955 {
956 case PSA_KEY_LOCATION_LOCAL_STORAGE:
957 return( psa_export_key_internal( attributes,
958 key_buffer,
959 key_buffer_size,
960 data,
961 data_size,
962 data_length ) );
963
964 /* Add cases for opaque driver here */
965#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
966
967#if (defined(PSA_CRYPTO_DRIVER_TEST) )
968 case 0x7fffff:
969 return( mbedtls_test_opaque_export_key
970 (attributes,
971 key_buffer,
972 key_buffer_size,
973 data,
974 data_size,
975 data_length
976 ));
977#endif
978
979
980#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
981 default:
982 /* Key is declared with a lifetime not known to us */
983 return( status );
984 }
985
986}
987
988static inline psa_status_t psa_driver_wrapper_copy_key(
989 psa_key_attributes_t *attributes,
990 const uint8_t *source_key, size_t source_key_length,
991 uint8_t *target_key_buffer, size_t target_key_buffer_size,
992 size_t *target_key_buffer_length )
993{
994
995 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
996 psa_key_location_t location =
997 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
998
999#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
1000 const psa_drv_se_t *drv;
1001 psa_drv_se_context_t *drv_context;
1002
1003 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
1004 {
1005 /* Copying to a secure element is not implemented yet. */
1006 return( PSA_ERROR_NOT_SUPPORTED );
1007 }
1008#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
1009
1010 switch( location )
1011 {
1012#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1013
1014#if (defined(PSA_CRYPTO_DRIVER_TEST) )
1015 case 0x7fffff:
1016 return( mbedtls_test_opaque_copy_key
1017 (attributes,
1018 source_key,
1019 source_key_length,
1020 target_key_buffer,
1021 target_key_buffer_size,
1022 target_key_buffer_length
1023 ));
1024#endif
1025
1026
1027#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1028 default:
1029 (void)source_key;
1030 (void)source_key_length;
1031 (void)target_key_buffer;
1032 (void)target_key_buffer_size;
1033 (void)target_key_buffer_length;
1034 status = PSA_ERROR_INVALID_ARGUMENT;
1035 }
1036 return( status );
1037
1038}
1039
1040/*
1041 * Cipher functions
1042 */
1043static inline psa_status_t psa_driver_wrapper_cipher_encrypt(
1044 const psa_key_attributes_t *attributes,
1045 const uint8_t *key_buffer,
1046 size_t key_buffer_size,
1047 psa_algorithm_t alg,
1048 const uint8_t *iv,
1049 size_t iv_length,
1050 const uint8_t *input,
1051 size_t input_length,
1052 uint8_t *output,
1053 size_t output_size,
1054 size_t *output_length )
1055{
1056 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1057 psa_key_location_t location =
1058 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1059
1060 switch( location )
1061 {
1062 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1063 /* Key is stored in the slot in export representation, so
1064 * cycle through all known transparent accelerators */
1065#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1066#if defined(PSA_CRYPTO_DRIVER_TEST)
1067 status = mbedtls_test_transparent_cipher_encrypt( attributes,
1068 key_buffer,
1069 key_buffer_size,
1070 alg,
1071 iv,
1072 iv_length,
1073 input,
1074 input_length,
1075 output,
1076 output_size,
1077 output_length );
1078 /* Declared with fallback == true */
1079 if( status != PSA_ERROR_NOT_SUPPORTED )
1080 return( status );
1081#endif /* PSA_CRYPTO_DRIVER_TEST */
1082#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1083
1084#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1085 return( mbedtls_psa_cipher_encrypt( attributes,
1086 key_buffer,
1087 key_buffer_size,
1088 alg,
1089 iv,
1090 iv_length,
1091 input,
1092 input_length,
1093 output,
1094 output_size,
1095 output_length ) );
1096#else
1097 return( PSA_ERROR_NOT_SUPPORTED );
1098#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1099
1100 /* Add cases for opaque driver here */
1101#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1102#if defined(PSA_CRYPTO_DRIVER_TEST)
1103 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
1104 return( mbedtls_test_opaque_cipher_encrypt( attributes,
1105 key_buffer,
1106 key_buffer_size,
1107 alg,
1108 iv,
1109 iv_length,
1110 input,
1111 input_length,
1112 output,
1113 output_size,
1114 output_length ) );
1115#endif /* PSA_CRYPTO_DRIVER_TEST */
1116#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1117
1118 default:
1119 /* Key is declared with a lifetime not known to us */
1120 (void)status;
1121 (void)key_buffer;
1122 (void)key_buffer_size;
1123 (void)alg;
1124 (void)iv;
1125 (void)iv_length;
1126 (void)input;
1127 (void)input_length;
1128 (void)output;
1129 (void)output_size;
1130 (void)output_length;
1131 return( PSA_ERROR_INVALID_ARGUMENT );
1132 }
1133}
1134
1135static inline psa_status_t psa_driver_wrapper_cipher_decrypt(
1136 const psa_key_attributes_t *attributes,
1137 const uint8_t *key_buffer,
1138 size_t key_buffer_size,
1139 psa_algorithm_t alg,
1140 const uint8_t *input,
1141 size_t input_length,
1142 uint8_t *output,
1143 size_t output_size,
1144 size_t *output_length )
1145{
1146 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1147 psa_key_location_t location =
1148 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1149
1150 switch( location )
1151 {
1152 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1153 /* Key is stored in the slot in export representation, so
1154 * cycle through all known transparent accelerators */
1155#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1156#if defined(PSA_CRYPTO_DRIVER_TEST)
1157 status = mbedtls_test_transparent_cipher_decrypt( attributes,
1158 key_buffer,
1159 key_buffer_size,
1160 alg,
1161 input,
1162 input_length,
1163 output,
1164 output_size,
1165 output_length );
1166 /* Declared with fallback == true */
1167 if( status != PSA_ERROR_NOT_SUPPORTED )
1168 return( status );
1169#endif /* PSA_CRYPTO_DRIVER_TEST */
1170#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1171
1172#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1173 return( mbedtls_psa_cipher_decrypt( attributes,
1174 key_buffer,
1175 key_buffer_size,
1176 alg,
1177 input,
1178 input_length,
1179 output,
1180 output_size,
1181 output_length ) );
1182#else
1183 return( PSA_ERROR_NOT_SUPPORTED );
1184#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1185
1186 /* Add cases for opaque driver here */
1187#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1188#if defined(PSA_CRYPTO_DRIVER_TEST)
1189 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
1190 return( mbedtls_test_opaque_cipher_decrypt( attributes,
1191 key_buffer,
1192 key_buffer_size,
1193 alg,
1194 input,
1195 input_length,
1196 output,
1197 output_size,
1198 output_length ) );
1199#endif /* PSA_CRYPTO_DRIVER_TEST */
1200#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1201
1202 default:
1203 /* Key is declared with a lifetime not known to us */
1204 (void)status;
1205 (void)key_buffer;
1206 (void)key_buffer_size;
1207 (void)alg;
1208 (void)input;
1209 (void)input_length;
1210 (void)output;
1211 (void)output_size;
1212 (void)output_length;
1213 return( PSA_ERROR_INVALID_ARGUMENT );
1214 }
1215}
1216
1217static inline psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
1218 psa_cipher_operation_t *operation,
1219 const psa_key_attributes_t *attributes,
1220 const uint8_t *key_buffer, size_t key_buffer_size,
1221 psa_algorithm_t alg )
1222{
1223 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1224 psa_key_location_t location =
1225 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1226
1227 switch( location )
1228 {
1229 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1230 /* Key is stored in the slot in export representation, so
1231 * cycle through all known transparent accelerators */
1232#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1233#if defined(PSA_CRYPTO_DRIVER_TEST)
1234 status = mbedtls_test_transparent_cipher_encrypt_setup(
1235 &operation->ctx.transparent_test_driver_ctx,
1236 attributes,
1237 key_buffer,
1238 key_buffer_size,
1239 alg );
1240 /* Declared with fallback == true */
1241 if( status == PSA_SUCCESS )
1242 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
1243
1244 if( status != PSA_ERROR_NOT_SUPPORTED )
1245 return( status );
1246#endif /* PSA_CRYPTO_DRIVER_TEST */
1247#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1248#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1249 /* Fell through, meaning no accelerator supports this operation */
1250 status = mbedtls_psa_cipher_encrypt_setup( &operation->ctx.mbedtls_ctx,
1251 attributes,
1252 key_buffer,
1253 key_buffer_size,
1254 alg );
1255 if( status == PSA_SUCCESS )
1256 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1257
1258 if( status != PSA_ERROR_NOT_SUPPORTED )
1259 return( status );
1260#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1261 return( PSA_ERROR_NOT_SUPPORTED );
1262
1263 /* Add cases for opaque driver here */
1264#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1265#if defined(PSA_CRYPTO_DRIVER_TEST)
1266 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
1267 status = mbedtls_test_opaque_cipher_encrypt_setup(
1268 &operation->ctx.opaque_test_driver_ctx,
1269 attributes,
1270 key_buffer, key_buffer_size,
1271 alg );
1272
1273 if( status == PSA_SUCCESS )
1274 operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID;
1275
1276 return( status );
1277#endif /* PSA_CRYPTO_DRIVER_TEST */
1278#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1279 default:
1280 /* Key is declared with a lifetime not known to us */
1281 (void)status;
1282 (void)operation;
1283 (void)key_buffer;
1284 (void)key_buffer_size;
1285 (void)alg;
1286 return( PSA_ERROR_INVALID_ARGUMENT );
1287 }
1288}
1289
1290static inline psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
1291 psa_cipher_operation_t *operation,
1292 const psa_key_attributes_t *attributes,
1293 const uint8_t *key_buffer, size_t key_buffer_size,
1294 psa_algorithm_t alg )
1295{
1296 psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
1297 psa_key_location_t location =
1298 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1299
1300 switch( location )
1301 {
1302 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1303 /* Key is stored in the slot in export representation, so
1304 * cycle through all known transparent accelerators */
1305#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1306#if defined(PSA_CRYPTO_DRIVER_TEST)
1307 status = mbedtls_test_transparent_cipher_decrypt_setup(
1308 &operation->ctx.transparent_test_driver_ctx,
1309 attributes,
1310 key_buffer,
1311 key_buffer_size,
1312 alg );
1313 /* Declared with fallback == true */
1314 if( status == PSA_SUCCESS )
1315 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
1316
1317 if( status != PSA_ERROR_NOT_SUPPORTED )
1318 return( status );
1319#endif /* PSA_CRYPTO_DRIVER_TEST */
1320#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1321#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1322 /* Fell through, meaning no accelerator supports this operation */
1323 status = mbedtls_psa_cipher_decrypt_setup( &operation->ctx.mbedtls_ctx,
1324 attributes,
1325 key_buffer,
1326 key_buffer_size,
1327 alg );
1328 if( status == PSA_SUCCESS )
1329 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1330
1331 return( status );
1332#else /* MBEDTLS_PSA_BUILTIN_CIPHER */
1333 return( PSA_ERROR_NOT_SUPPORTED );
1334#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1335
1336 /* Add cases for opaque driver here */
1337#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1338#if defined(PSA_CRYPTO_DRIVER_TEST)
1339 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
1340 status = mbedtls_test_opaque_cipher_decrypt_setup(
1341 &operation->ctx.opaque_test_driver_ctx,
1342 attributes,
1343 key_buffer, key_buffer_size,
1344 alg );
1345
1346 if( status == PSA_SUCCESS )
1347 operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID;
1348
1349 return( status );
1350#endif /* PSA_CRYPTO_DRIVER_TEST */
1351#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1352 default:
1353 /* Key is declared with a lifetime not known to us */
1354 (void)status;
1355 (void)operation;
1356 (void)key_buffer;
1357 (void)key_buffer_size;
1358 (void)alg;
1359 return( PSA_ERROR_INVALID_ARGUMENT );
1360 }
1361}
1362
1363static inline psa_status_t psa_driver_wrapper_cipher_set_iv(
1364 psa_cipher_operation_t *operation,
1365 const uint8_t *iv,
1366 size_t iv_length )
1367{
1368 switch( operation->id )
1369 {
1370#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1371 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1372 return( mbedtls_psa_cipher_set_iv( &operation->ctx.mbedtls_ctx,
1373 iv,
1374 iv_length ) );
1375#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1376
1377#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1378#if defined(PSA_CRYPTO_DRIVER_TEST)
1379 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1380 return( mbedtls_test_transparent_cipher_set_iv(
1381 &operation->ctx.transparent_test_driver_ctx,
1382 iv, iv_length ) );
1383
1384 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
1385 return( mbedtls_test_opaque_cipher_set_iv(
1386 &operation->ctx.opaque_test_driver_ctx,
1387 iv, iv_length ) );
1388#endif /* PSA_CRYPTO_DRIVER_TEST */
1389#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1390 }
1391
1392 (void)iv;
1393 (void)iv_length;
1394
1395 return( PSA_ERROR_INVALID_ARGUMENT );
1396}
1397
1398static inline psa_status_t psa_driver_wrapper_cipher_update(
1399 psa_cipher_operation_t *operation,
1400 const uint8_t *input,
1401 size_t input_length,
1402 uint8_t *output,
1403 size_t output_size,
1404 size_t *output_length )
1405{
1406 switch( operation->id )
1407 {
1408#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1409 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1410 return( mbedtls_psa_cipher_update( &operation->ctx.mbedtls_ctx,
1411 input,
1412 input_length,
1413 output,
1414 output_size,
1415 output_length ) );
1416#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1417
1418#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1419#if defined(PSA_CRYPTO_DRIVER_TEST)
1420 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1421 return( mbedtls_test_transparent_cipher_update(
1422 &operation->ctx.transparent_test_driver_ctx,
1423 input, input_length,
1424 output, output_size, output_length ) );
1425
1426 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
1427 return( mbedtls_test_opaque_cipher_update(
1428 &operation->ctx.opaque_test_driver_ctx,
1429 input, input_length,
1430 output, output_size, output_length ) );
1431#endif /* PSA_CRYPTO_DRIVER_TEST */
1432#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1433 }
1434
1435 (void)input;
1436 (void)input_length;
1437 (void)output;
1438 (void)output_size;
1439 (void)output_length;
1440
1441 return( PSA_ERROR_INVALID_ARGUMENT );
1442}
1443
1444static inline psa_status_t psa_driver_wrapper_cipher_finish(
1445 psa_cipher_operation_t *operation,
1446 uint8_t *output,
1447 size_t output_size,
1448 size_t *output_length )
1449{
1450 switch( operation->id )
1451 {
1452#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1453 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1454 return( mbedtls_psa_cipher_finish( &operation->ctx.mbedtls_ctx,
1455 output,
1456 output_size,
1457 output_length ) );
1458#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1459
1460#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1461#if defined(PSA_CRYPTO_DRIVER_TEST)
1462 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1463 return( mbedtls_test_transparent_cipher_finish(
1464 &operation->ctx.transparent_test_driver_ctx,
1465 output, output_size, output_length ) );
1466
1467 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
1468 return( mbedtls_test_opaque_cipher_finish(
1469 &operation->ctx.opaque_test_driver_ctx,
1470 output, output_size, output_length ) );
1471#endif /* PSA_CRYPTO_DRIVER_TEST */
1472#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1473 }
1474
1475 (void)output;
1476 (void)output_size;
1477 (void)output_length;
1478
1479 return( PSA_ERROR_INVALID_ARGUMENT );
1480}
1481
1482static inline psa_status_t psa_driver_wrapper_cipher_abort(
1483 psa_cipher_operation_t *operation )
1484{
1485 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1486
1487 switch( operation->id )
1488 {
1489#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1490 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1491 return( mbedtls_psa_cipher_abort( &operation->ctx.mbedtls_ctx ) );
1492#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1493
1494#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1495#if defined(PSA_CRYPTO_DRIVER_TEST)
1496 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1497 status = mbedtls_test_transparent_cipher_abort(
1498 &operation->ctx.transparent_test_driver_ctx );
1499 mbedtls_platform_zeroize(
1500 &operation->ctx.transparent_test_driver_ctx,
1501 sizeof( operation->ctx.transparent_test_driver_ctx ) );
1502 return( status );
1503
1504 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
1505 status = mbedtls_test_opaque_cipher_abort(
1506 &operation->ctx.opaque_test_driver_ctx );
1507 mbedtls_platform_zeroize(
1508 &operation->ctx.opaque_test_driver_ctx,
1509 sizeof( operation->ctx.opaque_test_driver_ctx ) );
1510 return( status );
1511#endif /* PSA_CRYPTO_DRIVER_TEST */
1512#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1513 }
1514
1515 (void)status;
1516 return( PSA_ERROR_INVALID_ARGUMENT );
1517}
1518
1519/*
1520 * Hashing functions
1521 */
1522static inline psa_status_t psa_driver_wrapper_hash_compute(
1523 psa_algorithm_t alg,
1524 const uint8_t *input,
1525 size_t input_length,
1526 uint8_t *hash,
1527 size_t hash_size,
1528 size_t *hash_length)
1529{
1530 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1531
1532 /* Try accelerators first */
1533#if defined(PSA_CRYPTO_DRIVER_TEST)
1534 status = mbedtls_test_transparent_hash_compute(
1535 alg, input, input_length, hash, hash_size, hash_length );
1536 if( status != PSA_ERROR_NOT_SUPPORTED )
1537 return( status );
1538#endif
1539
1540 /* If software fallback is compiled in, try fallback */
1541#if defined(MBEDTLS_PSA_BUILTIN_HASH)
1542 status = mbedtls_psa_hash_compute( alg, input, input_length,
1543 hash, hash_size, hash_length );
1544 if( status != PSA_ERROR_NOT_SUPPORTED )
1545 return( status );
1546#endif
1547 (void) status;
1548 (void) alg;
1549 (void) input;
1550 (void) input_length;
1551 (void) hash;
1552 (void) hash_size;
1553 (void) hash_length;
1554
1555 return( PSA_ERROR_NOT_SUPPORTED );
1556}
1557
1558static inline psa_status_t psa_driver_wrapper_hash_setup(
1559 psa_hash_operation_t *operation,
1560 psa_algorithm_t alg )
1561{
1562 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1563
1564 /* Try setup on accelerators first */
1565#if defined(PSA_CRYPTO_DRIVER_TEST)
1566 status = mbedtls_test_transparent_hash_setup(
1567 &operation->ctx.test_driver_ctx, alg );
1568 if( status == PSA_SUCCESS )
1569 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
1570
1571 if( status != PSA_ERROR_NOT_SUPPORTED )
1572 return( status );
1573#endif
1574
1575 /* If software fallback is compiled in, try fallback */
1576#if defined(MBEDTLS_PSA_BUILTIN_HASH)
1577 status = mbedtls_psa_hash_setup( &operation->ctx.mbedtls_ctx, alg );
1578 if( status == PSA_SUCCESS )
1579 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1580
1581 if( status != PSA_ERROR_NOT_SUPPORTED )
1582 return( status );
1583#endif
1584 /* Nothing left to try if we fall through here */
1585 (void) status;
1586 (void) operation;
1587 (void) alg;
1588 return( PSA_ERROR_NOT_SUPPORTED );
1589}
1590
1591static inline psa_status_t psa_driver_wrapper_hash_clone(
1592 const psa_hash_operation_t *source_operation,
1593 psa_hash_operation_t *target_operation )
1594{
1595 switch( source_operation->id )
1596 {
1597#if defined(MBEDTLS_PSA_BUILTIN_HASH)
1598 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1599 target_operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1600 return( mbedtls_psa_hash_clone( &source_operation->ctx.mbedtls_ctx,
1601 &target_operation->ctx.mbedtls_ctx ) );
1602#endif
1603#if defined(PSA_CRYPTO_DRIVER_TEST)
1604 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1605 target_operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
1606 return( mbedtls_test_transparent_hash_clone(
1607 &source_operation->ctx.test_driver_ctx,
1608 &target_operation->ctx.test_driver_ctx ) );
1609#endif
1610 default:
1611 (void) target_operation;
1612 return( PSA_ERROR_BAD_STATE );
1613 }
1614}
1615
1616static inline psa_status_t psa_driver_wrapper_hash_update(
1617 psa_hash_operation_t *operation,
1618 const uint8_t *input,
1619 size_t input_length )
1620{
1621 switch( operation->id )
1622 {
1623#if defined(MBEDTLS_PSA_BUILTIN_HASH)
1624 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1625 return( mbedtls_psa_hash_update( &operation->ctx.mbedtls_ctx,
1626 input, input_length ) );
1627#endif
1628#if defined(PSA_CRYPTO_DRIVER_TEST)
1629 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1630 return( mbedtls_test_transparent_hash_update(
1631 &operation->ctx.test_driver_ctx,
1632 input, input_length ) );
1633#endif
1634 default:
1635 (void) input;
1636 (void) input_length;
1637 return( PSA_ERROR_BAD_STATE );
1638 }
1639}
1640
1641static inline psa_status_t psa_driver_wrapper_hash_finish(
1642 psa_hash_operation_t *operation,
1643 uint8_t *hash,
1644 size_t hash_size,
1645 size_t *hash_length )
1646{
1647 switch( operation->id )
1648 {
1649#if defined(MBEDTLS_PSA_BUILTIN_HASH)
1650 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1651 return( mbedtls_psa_hash_finish( &operation->ctx.mbedtls_ctx,
1652 hash, hash_size, hash_length ) );
1653#endif
1654#if defined(PSA_CRYPTO_DRIVER_TEST)
1655 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1656 return( mbedtls_test_transparent_hash_finish(
1657 &operation->ctx.test_driver_ctx,
1658 hash, hash_size, hash_length ) );
1659#endif
1660 default:
1661 (void) hash;
1662 (void) hash_size;
1663 (void) hash_length;
1664 return( PSA_ERROR_BAD_STATE );
1665 }
1666}
1667
1668static inline psa_status_t psa_driver_wrapper_hash_abort(
1669 psa_hash_operation_t *operation )
1670{
1671 switch( operation->id )
1672 {
1673#if defined(MBEDTLS_PSA_BUILTIN_HASH)
1674 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1675 return( mbedtls_psa_hash_abort( &operation->ctx.mbedtls_ctx ) );
1676#endif
1677#if defined(PSA_CRYPTO_DRIVER_TEST)
1678 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1679 return( mbedtls_test_transparent_hash_abort(
1680 &operation->ctx.test_driver_ctx ) );
1681#endif
1682 default:
1683 return( PSA_ERROR_BAD_STATE );
1684 }
1685}
1686
1687static inline psa_status_t psa_driver_wrapper_aead_encrypt(
1688 const psa_key_attributes_t *attributes,
1689 const uint8_t *key_buffer, size_t key_buffer_size,
1690 psa_algorithm_t alg,
1691 const uint8_t *nonce, size_t nonce_length,
1692 const uint8_t *additional_data, size_t additional_data_length,
1693 const uint8_t *plaintext, size_t plaintext_length,
1694 uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length )
1695{
1696 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1697 psa_key_location_t location =
1698 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1699
1700 switch( location )
1701 {
1702 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1703 /* Key is stored in the slot in export representation, so
1704 * cycle through all known transparent accelerators */
1705
1706#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1707#if defined(PSA_CRYPTO_DRIVER_TEST)
1708 status = mbedtls_test_transparent_aead_encrypt(
1709 attributes, key_buffer, key_buffer_size,
1710 alg,
1711 nonce, nonce_length,
1712 additional_data, additional_data_length,
1713 plaintext, plaintext_length,
1714 ciphertext, ciphertext_size, ciphertext_length );
1715 /* Declared with fallback == true */
1716 if( status != PSA_ERROR_NOT_SUPPORTED )
1717 return( status );
1718#endif /* PSA_CRYPTO_DRIVER_TEST */
1719#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1720
1721 /* Fell through, meaning no accelerator supports this operation */
1722 return( mbedtls_psa_aead_encrypt(
1723 attributes, key_buffer, key_buffer_size,
1724 alg,
1725 nonce, nonce_length,
1726 additional_data, additional_data_length,
1727 plaintext, plaintext_length,
1728 ciphertext, ciphertext_size, ciphertext_length ) );
1729
1730 /* Add cases for opaque driver here */
1731
1732 default:
1733 /* Key is declared with a lifetime not known to us */
1734 (void)status;
1735 return( PSA_ERROR_INVALID_ARGUMENT );
1736 }
1737}
1738
1739static inline psa_status_t psa_driver_wrapper_aead_decrypt(
1740 const psa_key_attributes_t *attributes,
1741 const uint8_t *key_buffer, size_t key_buffer_size,
1742 psa_algorithm_t alg,
1743 const uint8_t *nonce, size_t nonce_length,
1744 const uint8_t *additional_data, size_t additional_data_length,
1745 const uint8_t *ciphertext, size_t ciphertext_length,
1746 uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length )
1747{
1748 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1749 psa_key_location_t location =
1750 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1751
1752 switch( location )
1753 {
1754 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1755 /* Key is stored in the slot in export representation, so
1756 * cycle through all known transparent accelerators */
1757
1758#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1759#if defined(PSA_CRYPTO_DRIVER_TEST)
1760 status = mbedtls_test_transparent_aead_decrypt(
1761 attributes, key_buffer, key_buffer_size,
1762 alg,
1763 nonce, nonce_length,
1764 additional_data, additional_data_length,
1765 ciphertext, ciphertext_length,
1766 plaintext, plaintext_size, plaintext_length );
1767 /* Declared with fallback == true */
1768 if( status != PSA_ERROR_NOT_SUPPORTED )
1769 return( status );
1770#endif /* PSA_CRYPTO_DRIVER_TEST */
1771#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1772
1773 /* Fell through, meaning no accelerator supports this operation */
1774 return( mbedtls_psa_aead_decrypt(
1775 attributes, key_buffer, key_buffer_size,
1776 alg,
1777 nonce, nonce_length,
1778 additional_data, additional_data_length,
1779 ciphertext, ciphertext_length,
1780 plaintext, plaintext_size, plaintext_length ) );
1781
1782 /* Add cases for opaque driver here */
1783
1784 default:
1785 /* Key is declared with a lifetime not known to us */
1786 (void)status;
1787 return( PSA_ERROR_INVALID_ARGUMENT );
1788 }
1789}
1790
1791static inline psa_status_t psa_driver_wrapper_aead_encrypt_setup(
1792 psa_aead_operation_t *operation,
1793 const psa_key_attributes_t *attributes,
1794 const uint8_t *key_buffer, size_t key_buffer_size,
1795 psa_algorithm_t alg )
1796{
1797 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1798 psa_key_location_t location =
1799 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1800
1801 switch( location )
1802 {
1803 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1804 /* Key is stored in the slot in export representation, so
1805 * cycle through all known transparent accelerators */
1806
1807#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1808#if defined(PSA_CRYPTO_DRIVER_TEST)
1809 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
1810 status = mbedtls_test_transparent_aead_encrypt_setup(
1811 &operation->ctx.transparent_test_driver_ctx,
1812 attributes, key_buffer, key_buffer_size,
1813 alg );
1814
1815 /* Declared with fallback == true */
1816 if( status != PSA_ERROR_NOT_SUPPORTED )
1817 return( status );
1818#endif /* PSA_CRYPTO_DRIVER_TEST */
1819#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1820
1821 /* Fell through, meaning no accelerator supports this operation */
1822 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1823 status = mbedtls_psa_aead_encrypt_setup(
1824 &operation->ctx.mbedtls_ctx, attributes,
1825 key_buffer, key_buffer_size,
1826 alg );
1827
1828 return( status );
1829
1830 /* Add cases for opaque driver here */
1831
1832 default:
1833 /* Key is declared with a lifetime not known to us */
1834 (void)status;
1835 return( PSA_ERROR_INVALID_ARGUMENT );
1836 }
1837}
1838
1839static inline psa_status_t psa_driver_wrapper_aead_decrypt_setup(
1840 psa_aead_operation_t *operation,
1841 const psa_key_attributes_t *attributes,
1842 const uint8_t *key_buffer, size_t key_buffer_size,
1843 psa_algorithm_t alg )
1844{
1845 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1846 psa_key_location_t location =
1847 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1848
1849 switch( location )
1850 {
1851 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1852 /* Key is stored in the slot in export representation, so
1853 * cycle through all known transparent accelerators */
1854
1855#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1856#if defined(PSA_CRYPTO_DRIVER_TEST)
1857 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
1858 status = mbedtls_test_transparent_aead_decrypt_setup(
1859 &operation->ctx.transparent_test_driver_ctx,
1860 attributes,
1861 key_buffer, key_buffer_size,
1862 alg );
1863
1864 /* Declared with fallback == true */
1865 if( status != PSA_ERROR_NOT_SUPPORTED )
1866 return( status );
1867#endif /* PSA_CRYPTO_DRIVER_TEST */
1868#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1869
1870 /* Fell through, meaning no accelerator supports this operation */
1871 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1872 status = mbedtls_psa_aead_decrypt_setup(
1873 &operation->ctx.mbedtls_ctx,
1874 attributes,
1875 key_buffer, key_buffer_size,
1876 alg );
1877
1878 return( status );
1879
1880 /* Add cases for opaque driver here */
1881
1882 default:
1883 /* Key is declared with a lifetime not known to us */
1884 (void)status;
1885 return( PSA_ERROR_INVALID_ARGUMENT );
1886 }
1887}
1888
1889static inline psa_status_t psa_driver_wrapper_aead_set_nonce(
1890 psa_aead_operation_t *operation,
1891 const uint8_t *nonce,
1892 size_t nonce_length )
1893{
1894 switch( operation->id )
1895 {
1896#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
1897 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1898 return( mbedtls_psa_aead_set_nonce( &operation->ctx.mbedtls_ctx,
1899 nonce,
1900 nonce_length ) );
1901
1902#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
1903
1904#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1905#if defined(PSA_CRYPTO_DRIVER_TEST)
1906 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1907 return( mbedtls_test_transparent_aead_set_nonce(
1908 &operation->ctx.transparent_test_driver_ctx,
1909 nonce, nonce_length ) );
1910
1911 /* Add cases for opaque driver here */
1912
1913#endif /* PSA_CRYPTO_DRIVER_TEST */
1914#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1915 }
1916
1917 (void)nonce;
1918 (void)nonce_length;
1919
1920 return( PSA_ERROR_INVALID_ARGUMENT );
1921}
1922
1923static inline psa_status_t psa_driver_wrapper_aead_set_lengths(
1924 psa_aead_operation_t *operation,
1925 size_t ad_length,
1926 size_t plaintext_length )
1927{
1928 switch( operation->id )
1929 {
1930#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
1931 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1932 return( mbedtls_psa_aead_set_lengths( &operation->ctx.mbedtls_ctx,
1933 ad_length,
1934 plaintext_length ) );
1935
1936#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
1937
1938#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1939#if defined(PSA_CRYPTO_DRIVER_TEST)
1940 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1941 return( mbedtls_test_transparent_aead_set_lengths(
1942 &operation->ctx.transparent_test_driver_ctx,
1943 ad_length, plaintext_length ) );
1944
1945 /* Add cases for opaque driver here */
1946
1947#endif /* PSA_CRYPTO_DRIVER_TEST */
1948#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1949 }
1950
1951 (void)ad_length;
1952 (void)plaintext_length;
1953
1954 return( PSA_ERROR_INVALID_ARGUMENT );
1955}
1956
1957static inline psa_status_t psa_driver_wrapper_aead_update_ad(
1958 psa_aead_operation_t *operation,
1959 const uint8_t *input,
1960 size_t input_length )
1961{
1962 switch( operation->id )
1963 {
1964#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
1965 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1966 return( mbedtls_psa_aead_update_ad( &operation->ctx.mbedtls_ctx,
1967 input,
1968 input_length ) );
1969
1970#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
1971
1972#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1973#if defined(PSA_CRYPTO_DRIVER_TEST)
1974 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1975 return( mbedtls_test_transparent_aead_update_ad(
1976 &operation->ctx.transparent_test_driver_ctx,
1977 input, input_length ) );
1978
1979 /* Add cases for opaque driver here */
1980
1981#endif /* PSA_CRYPTO_DRIVER_TEST */
1982#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1983 }
1984
1985 (void)input;
1986 (void)input_length;
1987
1988 return( PSA_ERROR_INVALID_ARGUMENT );
1989}
1990
1991static inline psa_status_t psa_driver_wrapper_aead_update(
1992 psa_aead_operation_t *operation,
1993 const uint8_t *input,
1994 size_t input_length,
1995 uint8_t *output,
1996 size_t output_size,
1997 size_t *output_length )
1998{
1999 switch( operation->id )
2000 {
2001#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
2002 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2003 return( mbedtls_psa_aead_update( &operation->ctx.mbedtls_ctx,
2004 input, input_length,
2005 output, output_size,
2006 output_length ) );
2007
2008#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
2009
2010#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2011#if defined(PSA_CRYPTO_DRIVER_TEST)
2012 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2013 return( mbedtls_test_transparent_aead_update(
2014 &operation->ctx.transparent_test_driver_ctx,
2015 input, input_length, output, output_size,
2016 output_length ) );
2017
2018 /* Add cases for opaque driver here */
2019
2020#endif /* PSA_CRYPTO_DRIVER_TEST */
2021#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2022 }
2023
2024 (void)input;
2025 (void)input_length;
2026 (void)output;
2027 (void)output_size;
2028 (void)output_length;
2029
2030 return( PSA_ERROR_INVALID_ARGUMENT );
2031}
2032
2033static inline psa_status_t psa_driver_wrapper_aead_finish(
2034 psa_aead_operation_t *operation,
2035 uint8_t *ciphertext,
2036 size_t ciphertext_size,
2037 size_t *ciphertext_length,
2038 uint8_t *tag,
2039 size_t tag_size,
2040 size_t *tag_length )
2041{
2042 switch( operation->id )
2043 {
2044#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
2045 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2046 return( mbedtls_psa_aead_finish( &operation->ctx.mbedtls_ctx,
2047 ciphertext,
2048 ciphertext_size,
2049 ciphertext_length, tag,
2050 tag_size, tag_length ) );
2051
2052#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
2053
2054#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2055#if defined(PSA_CRYPTO_DRIVER_TEST)
2056 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2057 return( mbedtls_test_transparent_aead_finish(
2058 &operation->ctx.transparent_test_driver_ctx,
2059 ciphertext, ciphertext_size,
2060 ciphertext_length, tag, tag_size, tag_length ) );
2061
2062 /* Add cases for opaque driver here */
2063
2064#endif /* PSA_CRYPTO_DRIVER_TEST */
2065#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2066 }
2067
2068 (void)ciphertext;
2069 (void)ciphertext_size;
2070 (void)ciphertext_length;
2071 (void)tag;
2072 (void)tag_size;
2073 (void)tag_length;
2074
2075 return( PSA_ERROR_INVALID_ARGUMENT );
2076}
2077
2078static inline psa_status_t psa_driver_wrapper_aead_verify(
2079 psa_aead_operation_t *operation,
2080 uint8_t *plaintext,
2081 size_t plaintext_size,
2082 size_t *plaintext_length,
2083 const uint8_t *tag,
2084 size_t tag_length )
2085{
2086 switch( operation->id )
2087 {
2088#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
2089 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2090 {
2091 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2092 uint8_t check_tag[PSA_AEAD_TAG_MAX_SIZE];
2093 size_t check_tag_length;
2094
2095 status = mbedtls_psa_aead_finish( &operation->ctx.mbedtls_ctx,
2096 plaintext,
2097 plaintext_size,
2098 plaintext_length,
2099 check_tag,
2100 sizeof( check_tag ),
2101 &check_tag_length );
2102
2103 if( status == PSA_SUCCESS )
2104 {
2105 if( tag_length != check_tag_length ||
2106 mbedtls_ct_memcmp( tag, check_tag, tag_length )
2107 != 0 )
2108 status = PSA_ERROR_INVALID_SIGNATURE;
2109 }
2110
2111 mbedtls_platform_zeroize( check_tag, sizeof( check_tag ) );
2112
2113 return( status );
2114 }
2115
2116#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
2117
2118#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2119#if defined(PSA_CRYPTO_DRIVER_TEST)
2120 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2121 return( mbedtls_test_transparent_aead_verify(
2122 &operation->ctx.transparent_test_driver_ctx,
2123 plaintext, plaintext_size,
2124 plaintext_length, tag, tag_length ) );
2125
2126 /* Add cases for opaque driver here */
2127
2128#endif /* PSA_CRYPTO_DRIVER_TEST */
2129#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2130 }
2131
2132 (void)plaintext;
2133 (void)plaintext_size;
2134 (void)plaintext_length;
2135 (void)tag;
2136 (void)tag_length;
2137
2138 return( PSA_ERROR_INVALID_ARGUMENT );
2139}
2140
2141static inline psa_status_t psa_driver_wrapper_aead_abort(
2142 psa_aead_operation_t *operation )
2143{
2144 switch( operation->id )
2145 {
2146#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
2147 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2148 return( mbedtls_psa_aead_abort( &operation->ctx.mbedtls_ctx ) );
2149
2150#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
2151
2152#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2153#if defined(PSA_CRYPTO_DRIVER_TEST)
2154 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2155 return( mbedtls_test_transparent_aead_abort(
2156 &operation->ctx.transparent_test_driver_ctx ) );
2157
2158 /* Add cases for opaque driver here */
2159
2160#endif /* PSA_CRYPTO_DRIVER_TEST */
2161#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2162 }
2163
2164 return( PSA_ERROR_INVALID_ARGUMENT );
2165}
2166
2167/*
2168 * MAC functions
2169 */
2170static inline psa_status_t psa_driver_wrapper_mac_compute(
2171 const psa_key_attributes_t *attributes,
2172 const uint8_t *key_buffer,
2173 size_t key_buffer_size,
2174 psa_algorithm_t alg,
2175 const uint8_t *input,
2176 size_t input_length,
2177 uint8_t *mac,
2178 size_t mac_size,
2179 size_t *mac_length )
2180{
2181 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2182 psa_key_location_t location =
2183 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
2184
2185 switch( location )
2186 {
2187 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2188 /* Key is stored in the slot in export representation, so
2189 * cycle through all known transparent accelerators */
2190#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2191#if defined(PSA_CRYPTO_DRIVER_TEST)
2192 status = mbedtls_test_transparent_mac_compute(
2193 attributes, key_buffer, key_buffer_size, alg,
2194 input, input_length,
2195 mac, mac_size, mac_length );
2196 /* Declared with fallback == true */
2197 if( status != PSA_ERROR_NOT_SUPPORTED )
2198 return( status );
2199#endif /* PSA_CRYPTO_DRIVER_TEST */
2200#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2201#if defined(MBEDTLS_PSA_BUILTIN_MAC)
2202 /* Fell through, meaning no accelerator supports this operation */
2203 status = mbedtls_psa_mac_compute(
2204 attributes, key_buffer, key_buffer_size, alg,
2205 input, input_length,
2206 mac, mac_size, mac_length );
2207 if( status != PSA_ERROR_NOT_SUPPORTED )
2208 return( status );
2209#endif /* MBEDTLS_PSA_BUILTIN_MAC */
2210 return( PSA_ERROR_NOT_SUPPORTED );
2211
2212 /* Add cases for opaque driver here */
2213#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2214#if defined(PSA_CRYPTO_DRIVER_TEST)
2215 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2216 status = mbedtls_test_opaque_mac_compute(
2217 attributes, key_buffer, key_buffer_size, alg,
2218 input, input_length,
2219 mac, mac_size, mac_length );
2220 return( status );
2221#endif /* PSA_CRYPTO_DRIVER_TEST */
2222#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2223 default:
2224 /* Key is declared with a lifetime not known to us */
2225 (void) key_buffer;
2226 (void) key_buffer_size;
2227 (void) alg;
2228 (void) input;
2229 (void) input_length;
2230 (void) mac;
2231 (void) mac_size;
2232 (void) mac_length;
2233 (void) status;
2234 return( PSA_ERROR_INVALID_ARGUMENT );
2235 }
2236}
2237
2238static inline psa_status_t psa_driver_wrapper_mac_sign_setup(
2239 psa_mac_operation_t *operation,
2240 const psa_key_attributes_t *attributes,
2241 const uint8_t *key_buffer,
2242 size_t key_buffer_size,
2243 psa_algorithm_t alg )
2244{
2245 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2246 psa_key_location_t location =
2247 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
2248
2249 switch( location )
2250 {
2251 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2252 /* Key is stored in the slot in export representation, so
2253 * cycle through all known transparent accelerators */
2254#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2255#if defined(PSA_CRYPTO_DRIVER_TEST)
2256 status = mbedtls_test_transparent_mac_sign_setup(
2257 &operation->ctx.transparent_test_driver_ctx,
2258 attributes,
2259 key_buffer, key_buffer_size,
2260 alg );
2261 /* Declared with fallback == true */
2262 if( status == PSA_SUCCESS )
2263 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
2264
2265 if( status != PSA_ERROR_NOT_SUPPORTED )
2266 return( status );
2267#endif /* PSA_CRYPTO_DRIVER_TEST */
2268#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2269#if defined(MBEDTLS_PSA_BUILTIN_MAC)
2270 /* Fell through, meaning no accelerator supports this operation */
2271 status = mbedtls_psa_mac_sign_setup( &operation->ctx.mbedtls_ctx,
2272 attributes,
2273 key_buffer, key_buffer_size,
2274 alg );
2275 if( status == PSA_SUCCESS )
2276 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
2277
2278 if( status != PSA_ERROR_NOT_SUPPORTED )
2279 return( status );
2280#endif /* MBEDTLS_PSA_BUILTIN_MAC */
2281 return( PSA_ERROR_NOT_SUPPORTED );
2282
2283 /* Add cases for opaque driver here */
2284#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2285#if defined(PSA_CRYPTO_DRIVER_TEST)
2286 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2287 status = mbedtls_test_opaque_mac_sign_setup(
2288 &operation->ctx.opaque_test_driver_ctx,
2289 attributes,
2290 key_buffer, key_buffer_size,
2291 alg );
2292
2293 if( status == PSA_SUCCESS )
2294 operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID;
2295
2296 return( status );
2297#endif /* PSA_CRYPTO_DRIVER_TEST */
2298#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2299 default:
2300 /* Key is declared with a lifetime not known to us */
2301 (void) status;
2302 (void) operation;
2303 (void) key_buffer;
2304 (void) key_buffer_size;
2305 (void) alg;
2306 return( PSA_ERROR_INVALID_ARGUMENT );
2307 }
2308}
2309
2310static inline psa_status_t psa_driver_wrapper_mac_verify_setup(
2311 psa_mac_operation_t *operation,
2312 const psa_key_attributes_t *attributes,
2313 const uint8_t *key_buffer,
2314 size_t key_buffer_size,
2315 psa_algorithm_t alg )
2316{
2317 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2318 psa_key_location_t location =
2319 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
2320
2321 switch( location )
2322 {
2323 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2324 /* Key is stored in the slot in export representation, so
2325 * cycle through all known transparent accelerators */
2326#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2327#if defined(PSA_CRYPTO_DRIVER_TEST)
2328 status = mbedtls_test_transparent_mac_verify_setup(
2329 &operation->ctx.transparent_test_driver_ctx,
2330 attributes,
2331 key_buffer, key_buffer_size,
2332 alg );
2333 /* Declared with fallback == true */
2334 if( status == PSA_SUCCESS )
2335 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
2336
2337 if( status != PSA_ERROR_NOT_SUPPORTED )
2338 return( status );
2339#endif /* PSA_CRYPTO_DRIVER_TEST */
2340#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2341#if defined(MBEDTLS_PSA_BUILTIN_MAC)
2342 /* Fell through, meaning no accelerator supports this operation */
2343 status = mbedtls_psa_mac_verify_setup( &operation->ctx.mbedtls_ctx,
2344 attributes,
2345 key_buffer, key_buffer_size,
2346 alg );
2347 if( status == PSA_SUCCESS )
2348 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
2349
2350 if( status != PSA_ERROR_NOT_SUPPORTED )
2351 return( status );
2352#endif /* MBEDTLS_PSA_BUILTIN_MAC */
2353 return( PSA_ERROR_NOT_SUPPORTED );
2354
2355 /* Add cases for opaque driver here */
2356#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2357#if defined(PSA_CRYPTO_DRIVER_TEST)
2358 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2359 status = mbedtls_test_opaque_mac_verify_setup(
2360 &operation->ctx.opaque_test_driver_ctx,
2361 attributes,
2362 key_buffer, key_buffer_size,
2363 alg );
2364
2365 if( status == PSA_SUCCESS )
2366 operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID;
2367
2368 return( status );
2369#endif /* PSA_CRYPTO_DRIVER_TEST */
2370#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2371 default:
2372 /* Key is declared with a lifetime not known to us */
2373 (void) status;
2374 (void) operation;
2375 (void) key_buffer;
2376 (void) key_buffer_size;
2377 (void) alg;
2378 return( PSA_ERROR_INVALID_ARGUMENT );
2379 }
2380}
2381
2382static inline psa_status_t psa_driver_wrapper_mac_update(
2383 psa_mac_operation_t *operation,
2384 const uint8_t *input,
2385 size_t input_length )
2386{
2387 switch( operation->id )
2388 {
2389#if defined(MBEDTLS_PSA_BUILTIN_MAC)
2390 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2391 return( mbedtls_psa_mac_update( &operation->ctx.mbedtls_ctx,
2392 input, input_length ) );
2393#endif /* MBEDTLS_PSA_BUILTIN_MAC */
2394
2395#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2396#if defined(PSA_CRYPTO_DRIVER_TEST)
2397 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2398 return( mbedtls_test_transparent_mac_update(
2399 &operation->ctx.transparent_test_driver_ctx,
2400 input, input_length ) );
2401
2402 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
2403 return( mbedtls_test_opaque_mac_update(
2404 &operation->ctx.opaque_test_driver_ctx,
2405 input, input_length ) );
2406#endif /* PSA_CRYPTO_DRIVER_TEST */
2407#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2408 default:
2409 (void) input;
2410 (void) input_length;
2411 return( PSA_ERROR_INVALID_ARGUMENT );
2412 }
2413}
2414
2415static inline psa_status_t psa_driver_wrapper_mac_sign_finish(
2416 psa_mac_operation_t *operation,
2417 uint8_t *mac,
2418 size_t mac_size,
2419 size_t *mac_length )
2420{
2421 switch( operation->id )
2422 {
2423#if defined(MBEDTLS_PSA_BUILTIN_MAC)
2424 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2425 return( mbedtls_psa_mac_sign_finish( &operation->ctx.mbedtls_ctx,
2426 mac, mac_size, mac_length ) );
2427#endif /* MBEDTLS_PSA_BUILTIN_MAC */
2428
2429#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2430#if defined(PSA_CRYPTO_DRIVER_TEST)
2431 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2432 return( mbedtls_test_transparent_mac_sign_finish(
2433 &operation->ctx.transparent_test_driver_ctx,
2434 mac, mac_size, mac_length ) );
2435
2436 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
2437 return( mbedtls_test_opaque_mac_sign_finish(
2438 &operation->ctx.opaque_test_driver_ctx,
2439 mac, mac_size, mac_length ) );
2440#endif /* PSA_CRYPTO_DRIVER_TEST */
2441#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2442 default:
2443 (void) mac;
2444 (void) mac_size;
2445 (void) mac_length;
2446 return( PSA_ERROR_INVALID_ARGUMENT );
2447 }
2448}
2449
2450static inline psa_status_t psa_driver_wrapper_mac_verify_finish(
2451 psa_mac_operation_t *operation,
2452 const uint8_t *mac,
2453 size_t mac_length )
2454{
2455 switch( operation->id )
2456 {
2457#if defined(MBEDTLS_PSA_BUILTIN_MAC)
2458 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2459 return( mbedtls_psa_mac_verify_finish( &operation->ctx.mbedtls_ctx,
2460 mac, mac_length ) );
2461#endif /* MBEDTLS_PSA_BUILTIN_MAC */
2462
2463#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2464#if defined(PSA_CRYPTO_DRIVER_TEST)
2465 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2466 return( mbedtls_test_transparent_mac_verify_finish(
2467 &operation->ctx.transparent_test_driver_ctx,
2468 mac, mac_length ) );
2469
2470 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
2471 return( mbedtls_test_opaque_mac_verify_finish(
2472 &operation->ctx.opaque_test_driver_ctx,
2473 mac, mac_length ) );
2474#endif /* PSA_CRYPTO_DRIVER_TEST */
2475#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2476 default:
2477 (void) mac;
2478 (void) mac_length;
2479 return( PSA_ERROR_INVALID_ARGUMENT );
2480 }
2481}
2482
2483static inline psa_status_t psa_driver_wrapper_mac_abort(
2484 psa_mac_operation_t *operation )
2485{
2486 switch( operation->id )
2487 {
2488#if defined(MBEDTLS_PSA_BUILTIN_MAC)
2489 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2490 return( mbedtls_psa_mac_abort( &operation->ctx.mbedtls_ctx ) );
2491#endif /* MBEDTLS_PSA_BUILTIN_MAC */
2492
2493#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2494#if defined(PSA_CRYPTO_DRIVER_TEST)
2495 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2496 return( mbedtls_test_transparent_mac_abort(
2497 &operation->ctx.transparent_test_driver_ctx ) );
2498 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
2499 return( mbedtls_test_opaque_mac_abort(
2500 &operation->ctx.opaque_test_driver_ctx ) );
2501#endif /* PSA_CRYPTO_DRIVER_TEST */
2502#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2503 default:
2504 return( PSA_ERROR_INVALID_ARGUMENT );
2505 }
2506}
2507
2508/*
2509 * Asymmetric cryptography
2510 */
2511static inline psa_status_t psa_driver_wrapper_asymmetric_encrypt(
2512 const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
2513 size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input,
2514 size_t input_length, const uint8_t *salt, size_t salt_length,
2515 uint8_t *output, size_t output_size, size_t *output_length )
2516{
2517 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2518 psa_key_location_t location =
2519 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
2520
2521 switch( location )
2522 {
2523 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2524 /* Key is stored in the slot in export representation, so
2525 * cycle through all known transparent accelerators */
2526#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2527#if defined(PSA_CRYPTO_DRIVER_TEST)
2528 status = mbedtls_test_transparent_asymmetric_encrypt( attributes,
2529 key_buffer, key_buffer_size, alg, input, input_length,
2530 salt, salt_length, output, output_size,
2531 output_length );
2532 /* Declared with fallback == true */
2533 if( status != PSA_ERROR_NOT_SUPPORTED )
2534 return( status );
2535#endif /* PSA_CRYPTO_DRIVER_TEST */
2536#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2537 return( mbedtls_psa_asymmetric_encrypt( attributes,
2538 key_buffer, key_buffer_size, alg, input, input_length,
2539 salt, salt_length, output, output_size, output_length )
2540 );
2541 /* Add cases for opaque driver here */
2542#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2543#if defined(PSA_CRYPTO_DRIVER_TEST)
2544 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2545 return( mbedtls_test_opaque_asymmetric_encrypt( attributes,
2546 key_buffer, key_buffer_size, alg, input, input_length,
2547 salt, salt_length, output, output_size, output_length )
2548 );
2549#endif /* PSA_CRYPTO_DRIVER_TEST */
2550#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2551
2552 default:
2553 /* Key is declared with a lifetime not known to us */
2554 (void)status;
2555 (void)key_buffer;
2556 (void)key_buffer_size;
2557 (void)alg;
2558 (void)input;
2559 (void)input_length;
2560 (void)salt;
2561 (void)salt_length;
2562 (void)output;
2563 (void)output_size;
2564 (void)output_length;
2565 return( PSA_ERROR_INVALID_ARGUMENT );
2566 }
2567}
2568
2569static inline psa_status_t psa_driver_wrapper_asymmetric_decrypt(
2570 const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
2571 size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input,
2572 size_t input_length, const uint8_t *salt, size_t salt_length,
2573 uint8_t *output, size_t output_size, size_t *output_length )
2574{
2575 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2576 psa_key_location_t location =
2577 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
2578
2579 switch( location )
2580 {
2581 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2582 /* Key is stored in the slot in export representation, so
2583 * cycle through all known transparent accelerators */
2584#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2585#if defined(PSA_CRYPTO_DRIVER_TEST)
2586 status = mbedtls_test_transparent_asymmetric_decrypt( attributes,
2587 key_buffer, key_buffer_size, alg, input, input_length,
2588 salt, salt_length, output, output_size,
2589 output_length );
2590 /* Declared with fallback == true */
2591 if( status != PSA_ERROR_NOT_SUPPORTED )
2592 return( status );
2593#endif /* PSA_CRYPTO_DRIVER_TEST */
2594#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2595 return( mbedtls_psa_asymmetric_decrypt( attributes,
2596 key_buffer, key_buffer_size, alg,input, input_length,
2597 salt, salt_length, output, output_size,
2598 output_length ) );
2599 /* Add cases for opaque driver here */
2600#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2601#if defined(PSA_CRYPTO_DRIVER_TEST)
2602 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2603 return( mbedtls_test_opaque_asymmetric_decrypt( attributes,
2604 key_buffer, key_buffer_size, alg, input, input_length,
2605 salt, salt_length, output, output_size,
2606 output_length ) );
2607#endif /* PSA_CRYPTO_DRIVER_TEST */
2608#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2609
2610 default:
2611 /* Key is declared with a lifetime not known to us */
2612 (void)status;
2613 (void)key_buffer;
2614 (void)key_buffer_size;
2615 (void)alg;
2616 (void)input;
2617 (void)input_length;
2618 (void)salt;
2619 (void)salt_length;
2620 (void)output;
2621 (void)output_size;
2622 (void)output_length;
2623 return( PSA_ERROR_INVALID_ARGUMENT );
2624 }
2625}
2626
2627static inline psa_status_t psa_driver_wrapper_key_agreement(
2628 const psa_key_attributes_t *attributes,
2629 const uint8_t *key_buffer,
2630 size_t key_buffer_size,
2631 psa_algorithm_t alg,
2632 const uint8_t *peer_key,
2633 size_t peer_key_length,
2634 uint8_t *shared_secret,
2635 size_t shared_secret_size,
2636 size_t *shared_secret_length
2637 )
2638{
2639 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2640 psa_key_location_t location =
2641 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
2642
2643 switch( location )
2644 {
2645 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2646 /* Key is stored in the slot in export representation, so
2647 * cycle through all known transparent accelerators */
2648#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2649#if defined(PSA_CRYPTO_DRIVER_TEST)
2650 status =
2651 mbedtls_test_transparent_key_agreement( attributes,
2652 key_buffer, key_buffer_size, alg, peer_key,
2653 peer_key_length, shared_secret, shared_secret_size,
2654 shared_secret_length );
2655 if( status != PSA_ERROR_NOT_SUPPORTED )
2656 return( status );
2657#endif /* PSA_CRYPTO_DRIVER_TEST */
2658#if defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED)
2659 if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) &&
2660 PSA_ALG_IS_ECDH(alg) &&
2661 PSA_KEY_TYPE_ECC_GET_FAMILY(attributes->core.type) == PSA_ECC_FAMILY_SECP_R1 &&
2662 attributes->core.bits == 256 )
2663 {
2664 status = p256_transparent_key_agreement( attributes,
2665 key_buffer,
2666 key_buffer_size,
2667 alg,
2668 peer_key,
2669 peer_key_length,
2670 shared_secret,
2671 shared_secret_size,
2672 shared_secret_length );
2673 if( status != PSA_ERROR_NOT_SUPPORTED)
2674 return( status );
2675 }
2676#endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */
2677#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2678
2679 /* Software Fallback */
2680 status = psa_key_agreement_raw_builtin( attributes,
2681 key_buffer,
2682 key_buffer_size,
2683 alg,
2684 peer_key,
2685 peer_key_length,
2686 shared_secret,
2687 shared_secret_size,
2688 shared_secret_length );
2689 return( status );
2690#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2691#if defined(PSA_CRYPTO_DRIVER_TEST)
2692 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2693 return( mbedtls_test_opaque_key_agreement( attributes,
2694 key_buffer, key_buffer_size, alg, peer_key,
2695 peer_key_length, shared_secret, shared_secret_size,
2696 shared_secret_length ) );
2697#endif /* PSA_CRYPTO_DRIVER_TEST */
2698#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2699
2700 default:
2701 (void) attributes;
2702 (void) key_buffer;
2703 (void) key_buffer_size;
2704 (void) peer_key;
2705 (void) peer_key_length;
2706 (void) shared_secret;
2707 (void) shared_secret_size;
2708 (void) shared_secret_length;
2709 return( PSA_ERROR_NOT_SUPPORTED );
2710
2711 }
2712}
2713
2714static inline psa_status_t psa_driver_wrapper_pake_setup(
2715 psa_pake_operation_t *operation,
2716 const psa_crypto_driver_pake_inputs_t *inputs )
2717{
2718 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2719
2720 psa_key_location_t location =
2721 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime( &inputs->attributes ) );
2722
2723 switch( location )
2724 {
2725 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2726 /* Key is stored in the slot in export representation, so
2727 * cycle through all known transparent accelerators */
2728 status = PSA_ERROR_NOT_SUPPORTED;
2729#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2730#if defined(PSA_CRYPTO_DRIVER_TEST)
2731 status = mbedtls_test_transparent_pake_setup(
2732 &operation->data.ctx.transparent_test_driver_ctx,
2733 inputs );
2734 if( status == PSA_SUCCESS )
2735 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
2736 /* Declared with fallback == true */
2737 if( status != PSA_ERROR_NOT_SUPPORTED )
2738 return( status );
2739#endif /* PSA_CRYPTO_DRIVER_TEST */
2740#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2741#if defined(MBEDTLS_PSA_BUILTIN_PAKE)
2742 status = mbedtls_psa_pake_setup( &operation->data.ctx.mbedtls_ctx,
2743 inputs );
2744 if( status == PSA_SUCCESS )
2745 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
2746#endif
2747 return status;
2748 /* Add cases for opaque driver here */
2749 default:
2750 /* Key is declared with a lifetime not known to us */
2751 (void)operation;
2752 return( PSA_ERROR_INVALID_ARGUMENT );
2753 }
2754}
2755
2756static inline psa_status_t psa_driver_wrapper_pake_output(
2757 psa_pake_operation_t *operation,
2758 psa_crypto_driver_pake_step_t step,
2759 uint8_t *output,
2760 size_t output_size,
2761 size_t *output_length )
2762{
2763 switch( operation->id )
2764 {
2765#if defined(MBEDTLS_PSA_BUILTIN_PAKE)
2766 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2767 return( mbedtls_psa_pake_output( &operation->data.ctx.mbedtls_ctx, step,
2768 output, output_size, output_length ) );
2769#endif /* MBEDTLS_PSA_BUILTIN_PAKE */
2770
2771#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2772#if defined(PSA_CRYPTO_DRIVER_TEST)
2773 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2774 return( mbedtls_test_transparent_pake_output(
2775 &operation->data.ctx.transparent_test_driver_ctx,
2776 step, output, output_size, output_length ) );
2777#endif /* PSA_CRYPTO_DRIVER_TEST */
2778#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2779 default:
2780 (void) step;
2781 (void) output;
2782 (void) output_size;
2783 (void) output_length;
2784 return( PSA_ERROR_INVALID_ARGUMENT );
2785 }
2786}
2787
2788static inline psa_status_t psa_driver_wrapper_pake_input(
2789 psa_pake_operation_t *operation,
2790 psa_crypto_driver_pake_step_t step,
2791 const uint8_t *input,
2792 size_t input_length )
2793{
2794 switch( operation->id )
2795 {
2796#if defined(MBEDTLS_PSA_BUILTIN_PAKE)
2797 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2798 return( mbedtls_psa_pake_input( &operation->data.ctx.mbedtls_ctx,
2799 step, input,
2800 input_length ) );
2801#endif /* MBEDTLS_PSA_BUILTIN_PAKE */
2802
2803#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2804#if defined(PSA_CRYPTO_DRIVER_TEST)
2805 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2806 return( mbedtls_test_transparent_pake_input(
2807 &operation->data.ctx.transparent_test_driver_ctx,
2808 step,
2809 input, input_length ) );
2810#endif /* PSA_CRYPTO_DRIVER_TEST */
2811#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2812 default:
2813 (void) step;
2814 (void) input;
2815 (void) input_length;
2816 return( PSA_ERROR_INVALID_ARGUMENT );
2817 }
2818}
2819
2820static inline psa_status_t psa_driver_wrapper_pake_get_implicit_key(
2821 psa_pake_operation_t *operation,
2822 uint8_t *output, size_t output_size,
2823 size_t *output_length )
2824{
2825 switch( operation->id )
2826 {
2827#if defined(MBEDTLS_PSA_BUILTIN_PAKE)
2828 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2829 return( mbedtls_psa_pake_get_implicit_key( &operation->data.ctx.mbedtls_ctx,
2830 output, output_size, output_length ) );
2831#endif /* MBEDTLS_PSA_BUILTIN_PAKE */
2832
2833#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2834#if defined(PSA_CRYPTO_DRIVER_TEST)
2835 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2836 return( mbedtls_test_transparent_pake_get_implicit_key(
2837 &operation->data.ctx.transparent_test_driver_ctx,
2838 output, output_size, output_length ) );
2839#endif /* PSA_CRYPTO_DRIVER_TEST */
2840#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2841 default:
2842 (void) output;
2843 (void) output_size;
2844 (void) output_length;
2845 return( PSA_ERROR_INVALID_ARGUMENT );
2846 }
2847}
2848
2849static inline psa_status_t psa_driver_wrapper_pake_abort(
2850 psa_pake_operation_t * operation )
2851{
2852 switch( operation->id )
2853 {
2854#if defined(MBEDTLS_PSA_BUILTIN_PAKE)
2855 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2856 return( mbedtls_psa_pake_abort( &operation->data.ctx.mbedtls_ctx ) );
2857#endif /* MBEDTLS_PSA_BUILTIN_PAKE */
2858
2859#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2860#if defined(PSA_CRYPTO_DRIVER_TEST)
2861 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2862 return( mbedtls_test_transparent_pake_abort(
2863 &operation->data.ctx.transparent_test_driver_ctx ) );
2864#endif /* PSA_CRYPTO_DRIVER_TEST */
2865#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2866 default:
2867 return( PSA_ERROR_INVALID_ARGUMENT );
2868 }
2869}
2870
2871#endif /* MBEDTLS_PSA_CRYPTO_C */