TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls.git / 70f8157ec5b6d1904f5e88c36c484cc8429a0692 / . / library / psa_crypto_driver_wrappers.c
blob: 1981941390d8d8e73f81b69df570d3dbbd4ce030 [file] [log] [blame]
Dave Rodgmanc18d9322022-12-09 09:44:10 +0000[diff] [blame]1/*
2 * Functions to delegate cryptographic operations to an available
3 * and appropriate accelerator.
4 * Warning: This file is now auto-generated.
5 */
6/* Copyright The Mbed TLS Contributors
7 * SPDX-License-Identifier: Apache-2.0
8 *
9 * Licensed under the Apache License, Version 2.0 (the "License"); you may
10 * not use this file except in compliance with the License.
11 * You may obtain a copy of the License at
12 *
13 * http://www.apache.org/licenses/LICENSE-2.0
14 *
15 * Unless required by applicable law or agreed to in writing, software
16 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
17 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18 * See the License for the specific language governing permissions and
19 * limitations under the License.
20 */
21
22
23/* BEGIN-common headers */
24#include "common.h"
25#include "psa_crypto_aead.h"
26#include "psa_crypto_cipher.h"
27#include "psa_crypto_core.h"
28#include "psa_crypto_driver_wrappers.h"
29#include "psa_crypto_hash.h"
30#include "psa_crypto_mac.h"
31#include "psa_crypto_rsa.h"
32
33#include "mbedtls/platform.h"
34/* END-common headers */
35
36#if defined(MBEDTLS_PSA_CRYPTO_C)
37
38/* BEGIN-driver headers */
39#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS)
40/* Headers for mbedtls_test opaque driver */
41#if defined(PSA_CRYPTO_DRIVER_TEST)
42#include "test/drivers/test_driver.h"
43
44#endif
45/* Headers for mbedtls_test transparent driver */
46#if defined(PSA_CRYPTO_DRIVER_TEST)
47#include "test/drivers/test_driver.h"
48
49#endif
50
51#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS */
52/* END-driver headers */
53
54/* Auto-generated values depending on which drivers are registered.
55 * ID 0 is reserved for unallocated operations.
56 * ID 1 is reserved for the Mbed TLS software driver. */
57/* BEGIN-driver id definition */
58#define PSA_CRYPTO_MBED_TLS_DRIVER_ID (1)
59#define MBEDTLS_TEST_OPAQUE_DRIVER_ID (2)
60#define MBEDTLS_TEST_TRANSPARENT_DRIVER_ID (3)
61
62/* END-driver id */
63
64/* BEGIN-Common Macro definitions */
65
66/* END-Common Macro definitions */
67
68/* Support the 'old' SE interface when asked to */
69#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
70/* PSA_CRYPTO_DRIVER_PRESENT is defined when either a new-style or old-style
71 * SE driver is present, to avoid unused argument errors at compile time. */
72#ifndef PSA_CRYPTO_DRIVER_PRESENT
73#define PSA_CRYPTO_DRIVER_PRESENT
74#endif
75#include "psa_crypto_se.h"
76#endif
77
78psa_status_t psa_driver_wrapper_init( void )
79{
80 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
81
82#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
83 status = psa_init_all_se_drivers( );
84 if( status != PSA_SUCCESS )
85 return( status );
86#endif
87
88#if defined(PSA_CRYPTO_DRIVER_TEST)
89 status = mbedtls_test_transparent_init( );
90 if( status != PSA_SUCCESS )
91 return( status );
92
93 status = mbedtls_test_opaque_init( );
94 if( status != PSA_SUCCESS )
95 return( status );
96#endif
97
98 (void) status;
99 return( PSA_SUCCESS );
100}
101
102void psa_driver_wrapper_free( void )
103{
104#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
105 /* Unregister all secure element drivers, so that we restart from
106 * a pristine state. */
107 psa_unregister_all_se_drivers( );
108#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
109
110#if defined(PSA_CRYPTO_DRIVER_TEST)
111 mbedtls_test_transparent_free( );
112 mbedtls_test_opaque_free( );
113#endif
114}
115
116/* Start delegation functions */
117psa_status_t psa_driver_wrapper_sign_message(
118 const psa_key_attributes_t *attributes,
119 const uint8_t *key_buffer,
120 size_t key_buffer_size,
121 psa_algorithm_t alg,
122 const uint8_t *input,
123 size_t input_length,
124 uint8_t *signature,
125 size_t signature_size,
126 size_t *signature_length )
127{
128 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
129 psa_key_location_t location =
130 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
131
132 switch( location )
133 {
134 case PSA_KEY_LOCATION_LOCAL_STORAGE:
135 /* Key is stored in the slot in export representation, so
136 * cycle through all known transparent accelerators */
137#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
138#if defined(PSA_CRYPTO_DRIVER_TEST)
139 status = mbedtls_test_transparent_signature_sign_message(
140 attributes,
141 key_buffer,
142 key_buffer_size,
143 alg,
144 input,
145 input_length,
146 signature,
147 signature_size,
148 signature_length );
149 /* Declared with fallback == true */
150 if( status != PSA_ERROR_NOT_SUPPORTED )
151 return( status );
152#endif /* PSA_CRYPTO_DRIVER_TEST */
153#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
154 break;
155
156 /* Add cases for opaque driver here */
157#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
158#if defined(PSA_CRYPTO_DRIVER_TEST)
159 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
160 status = mbedtls_test_opaque_signature_sign_message(
161 attributes,
162 key_buffer,
163 key_buffer_size,
164 alg,
165 input,
166 input_length,
167 signature,
168 signature_size,
169 signature_length );
170 if( status != PSA_ERROR_NOT_SUPPORTED )
171 return( status );
172 break;
173#endif /* PSA_CRYPTO_DRIVER_TEST */
174#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
175 default:
176 /* Key is declared with a lifetime not known to us */
177 (void)status;
178 break;
179 }
180
181 return( psa_sign_message_builtin( attributes,
182 key_buffer,
183 key_buffer_size,
184 alg,
185 input,
186 input_length,
187 signature,
188 signature_size,
189 signature_length ) );
190}
191
192psa_status_t psa_driver_wrapper_verify_message(
193 const psa_key_attributes_t *attributes,
194 const uint8_t *key_buffer,
195 size_t key_buffer_size,
196 psa_algorithm_t alg,
197 const uint8_t *input,
198 size_t input_length,
199 const uint8_t *signature,
200 size_t signature_length )
201{
202 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
203 psa_key_location_t location =
204 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
205
206 switch( location )
207 {
208 case PSA_KEY_LOCATION_LOCAL_STORAGE:
209 /* Key is stored in the slot in export representation, so
210 * cycle through all known transparent accelerators */
211#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
212#if defined(PSA_CRYPTO_DRIVER_TEST)
213 status = mbedtls_test_transparent_signature_verify_message(
214 attributes,
215 key_buffer,
216 key_buffer_size,
217 alg,
218 input,
219 input_length,
220 signature,
221 signature_length );
222 /* Declared with fallback == true */
223 if( status != PSA_ERROR_NOT_SUPPORTED )
224 return( status );
225#endif /* PSA_CRYPTO_DRIVER_TEST */
226#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
227 break;
228
229 /* Add cases for opaque driver here */
230#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
231#if defined(PSA_CRYPTO_DRIVER_TEST)
232 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
233 return( mbedtls_test_opaque_signature_verify_message(
234 attributes,
235 key_buffer,
236 key_buffer_size,
237 alg,
238 input,
239 input_length,
240 signature,
241 signature_length ) );
242 if( status != PSA_ERROR_NOT_SUPPORTED )
243 return( status );
244 break;
245#endif /* PSA_CRYPTO_DRIVER_TEST */
246#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
247 default:
248 /* Key is declared with a lifetime not known to us */
249 (void)status;
250 break;
251 }
252
253 return( psa_verify_message_builtin( attributes,
254 key_buffer,
255 key_buffer_size,
256 alg,
257 input,
258 input_length,
259 signature,
260 signature_length ) );
261}
262
263psa_status_t psa_driver_wrapper_sign_hash(
264 const psa_key_attributes_t *attributes,
265 const uint8_t *key_buffer, size_t key_buffer_size,
266 psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
267 uint8_t *signature, size_t signature_size, size_t *signature_length )
268{
269 /* Try dynamically-registered SE interface first */
270#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
271 const psa_drv_se_t *drv;
272 psa_drv_se_context_t *drv_context;
273
274 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
275 {
276 if( drv->asymmetric == NULL ||
277 drv->asymmetric->p_sign == NULL )
278 {
279 /* Key is defined in SE, but we have no way to exercise it */
280 return( PSA_ERROR_NOT_SUPPORTED );
281 }
282 return( drv->asymmetric->p_sign(
283 drv_context, *( (psa_key_slot_number_t *)key_buffer ),
284 alg, hash, hash_length,
285 signature, signature_size, signature_length ) );
286 }
287#endif /* PSA_CRYPTO_SE_C */
288
289 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
290 psa_key_location_t location =
291 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
292
293 switch( location )
294 {
295 case PSA_KEY_LOCATION_LOCAL_STORAGE:
296 /* Key is stored in the slot in export representation, so
297 * cycle through all known transparent accelerators */
298#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
299#if defined(PSA_CRYPTO_DRIVER_TEST)
300 status = mbedtls_test_transparent_signature_sign_hash( attributes,
301 key_buffer,
302 key_buffer_size,
303 alg,
304 hash,
305 hash_length,
306 signature,
307 signature_size,
308 signature_length );
309 /* Declared with fallback == true */
310 if( status != PSA_ERROR_NOT_SUPPORTED )
311 return( status );
312#endif /* PSA_CRYPTO_DRIVER_TEST */
313#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
314 /* Fell through, meaning no accelerator supports this operation */
315 return( psa_sign_hash_builtin( attributes,
316 key_buffer,
317 key_buffer_size,
318 alg,
319 hash,
320 hash_length,
321 signature,
322 signature_size,
323 signature_length ) );
324
325 /* Add cases for opaque driver here */
326#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
327#if defined(PSA_CRYPTO_DRIVER_TEST)
328 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
329 return( mbedtls_test_opaque_signature_sign_hash( attributes,
330 key_buffer,
331 key_buffer_size,
332 alg,
333 hash,
334 hash_length,
335 signature,
336 signature_size,
337 signature_length ) );
338#endif /* PSA_CRYPTO_DRIVER_TEST */
339#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
340 default:
341 /* Key is declared with a lifetime not known to us */
342 (void)status;
343 return( PSA_ERROR_INVALID_ARGUMENT );
344 }
345}
346
347psa_status_t psa_driver_wrapper_verify_hash(
348 const psa_key_attributes_t *attributes,
349 const uint8_t *key_buffer, size_t key_buffer_size,
350 psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
351 const uint8_t *signature, size_t signature_length )
352{
353 /* Try dynamically-registered SE interface first */
354#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
355 const psa_drv_se_t *drv;
356 psa_drv_se_context_t *drv_context;
357
358 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
359 {
360 if( drv->asymmetric == NULL ||
361 drv->asymmetric->p_verify == NULL )
362 {
363 /* Key is defined in SE, but we have no way to exercise it */
364 return( PSA_ERROR_NOT_SUPPORTED );
365 }
366 return( drv->asymmetric->p_verify(
367 drv_context, *( (psa_key_slot_number_t *)key_buffer ),
368 alg, hash, hash_length,
369 signature, signature_length ) );
370 }
371#endif /* PSA_CRYPTO_SE_C */
372
373 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
374 psa_key_location_t location =
375 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
376
377 switch( location )
378 {
379 case PSA_KEY_LOCATION_LOCAL_STORAGE:
380 /* Key is stored in the slot in export representation, so
381 * cycle through all known transparent accelerators */
382#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
383#if defined(PSA_CRYPTO_DRIVER_TEST)
384 status = mbedtls_test_transparent_signature_verify_hash(
385 attributes,
386 key_buffer,
387 key_buffer_size,
388 alg,
389 hash,
390 hash_length,
391 signature,
392 signature_length );
393 /* Declared with fallback == true */
394 if( status != PSA_ERROR_NOT_SUPPORTED )
395 return( status );
396#endif /* PSA_CRYPTO_DRIVER_TEST */
397#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
398
399 return( psa_verify_hash_builtin( attributes,
400 key_buffer,
401 key_buffer_size,
402 alg,
403 hash,
404 hash_length,
405 signature,
406 signature_length ) );
407
408 /* Add cases for opaque driver here */
409#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
410#if defined(PSA_CRYPTO_DRIVER_TEST)
411 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
412 return( mbedtls_test_opaque_signature_verify_hash( attributes,
413 key_buffer,
414 key_buffer_size,
415 alg,
416 hash,
417 hash_length,
418 signature,
419 signature_length ) );
420#endif /* PSA_CRYPTO_DRIVER_TEST */
421#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
422 default:
423 /* Key is declared with a lifetime not known to us */
424 (void)status;
425 return( PSA_ERROR_INVALID_ARGUMENT );
426 }
427}
428
429/** Calculate the key buffer size required to store the key material of a key
430 * associated with an opaque driver from input key data.
431 *
432 * \param[in] attributes The key attributes
433 * \param[in] data The input key data.
434 * \param[in] data_length The input data length.
435 * \param[out] key_buffer_size Minimum buffer size to contain the key material.
436 *
437 * \retval #PSA_SUCCESS
438 * \retval #PSA_ERROR_INVALID_ARGUMENT
439 * \retval #PSA_ERROR_NOT_SUPPORTED
440 */
441psa_status_t psa_driver_wrapper_get_key_buffer_size_from_key_data(
442 const psa_key_attributes_t *attributes,
443 const uint8_t *data,
444 size_t data_length,
445 size_t *key_buffer_size )
446{
447 psa_key_location_t location =
448 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
449 psa_key_type_t key_type = attributes->core.type;
450
451 *key_buffer_size = 0;
452 switch( location )
453 {
454#if defined(PSA_CRYPTO_DRIVER_TEST)
455 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
456 *key_buffer_size = mbedtls_test_opaque_size_function( key_type,
457 PSA_BYTES_TO_BITS( data_length ) );
458 return( ( *key_buffer_size != 0 ) ?
459 PSA_SUCCESS : PSA_ERROR_NOT_SUPPORTED );
460#endif /* PSA_CRYPTO_DRIVER_TEST */
461
462 default:
463 (void)key_type;
464 (void)data;
465 (void)data_length;
466 return( PSA_ERROR_INVALID_ARGUMENT );
467 }
468}
469
470/** Get the key buffer size required to store the key material of a key
471 * associated with an opaque driver.
472 *
473 * \param[in] attributes The key attributes.
474 * \param[out] key_buffer_size Minimum buffer size to contain the key material
475 *
476 * \retval #PSA_SUCCESS
477 * The minimum size for a buffer to contain the key material has been
478 * returned successfully.
479 * \retval #PSA_ERROR_NOT_SUPPORTED
480 * The type and/or the size in bits of the key or the combination of
481 * the two is not supported.
482 * \retval #PSA_ERROR_INVALID_ARGUMENT
483 * The key is declared with a lifetime not known to us.
484 */
485psa_status_t psa_driver_wrapper_get_key_buffer_size(
486 const psa_key_attributes_t *attributes,
487 size_t *key_buffer_size )
488{
489 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
490 psa_key_type_t key_type = attributes->core.type;
491 size_t key_bits = attributes->core.bits;
492
493 *key_buffer_size = 0;
494 switch( location )
495 {
496#if defined(PSA_CRYPTO_DRIVER_TEST)
497 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
498#if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
499 /* Emulate property 'builtin_key_size' */
500 if( psa_key_id_is_builtin(
501 MBEDTLS_SVC_KEY_ID_GET_KEY_ID(
502 psa_get_key_id( attributes ) ) ) )
503 {
504 *key_buffer_size = sizeof( psa_drv_slot_number_t );
505 return( PSA_SUCCESS );
506 }
507#endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
508 *key_buffer_size = mbedtls_test_opaque_size_function( key_type,
509 key_bits );
510 return( ( *key_buffer_size != 0 ) ?
511 PSA_SUCCESS : PSA_ERROR_NOT_SUPPORTED );
512#endif /* PSA_CRYPTO_DRIVER_TEST */
513
514 default:
515 (void)key_type;
516 (void)key_bits;
517 return( PSA_ERROR_INVALID_ARGUMENT );
518 }
519}
520
521psa_status_t psa_driver_wrapper_generate_key(
522 const psa_key_attributes_t *attributes,
523 uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
524{
525 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
526 psa_key_location_t location =
527 PSA_KEY_LIFETIME_GET_LOCATION(attributes->core.lifetime);
528
529 /* Try dynamically-registered SE interface first */
530#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
531 const psa_drv_se_t *drv;
532 psa_drv_se_context_t *drv_context;
533
534 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
535 {
536 size_t pubkey_length = 0; /* We don't support this feature yet */
537 if( drv->key_management == NULL ||
538 drv->key_management->p_generate == NULL )
539 {
540 /* Key is defined as being in SE, but we have no way to generate it */
541 return( PSA_ERROR_NOT_SUPPORTED );
542 }
543 return( drv->key_management->p_generate(
544 drv_context,
545 *( (psa_key_slot_number_t *)key_buffer ),
546 attributes, NULL, 0, &pubkey_length ) );
547 }
548#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
549
550 switch( location )
551 {
552 case PSA_KEY_LOCATION_LOCAL_STORAGE:
553#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
554 /* Transparent drivers are limited to generating asymmetric keys */
555 if( PSA_KEY_TYPE_IS_ASYMMETRIC( attributes->core.type ) )
556 {
557 /* Cycle through all known transparent accelerators */
558#if defined(PSA_CRYPTO_DRIVER_TEST)
559 status = mbedtls_test_transparent_generate_key(
560 attributes, key_buffer, key_buffer_size,
561 key_buffer_length );
562 /* Declared with fallback == true */
563 if( status != PSA_ERROR_NOT_SUPPORTED )
564 break;
565#endif /* PSA_CRYPTO_DRIVER_TEST */
566 }
567#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
568
569 /* Software fallback */
570 status = psa_generate_key_internal(
571 attributes, key_buffer, key_buffer_size, key_buffer_length );
572 break;
573
574 /* Add cases for opaque driver here */
575#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
576#if defined(PSA_CRYPTO_DRIVER_TEST)
577 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
578 status = mbedtls_test_opaque_generate_key(
579 attributes, key_buffer, key_buffer_size, key_buffer_length );
580 break;
581#endif /* PSA_CRYPTO_DRIVER_TEST */
582#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
583
584 default:
585 /* Key is declared with a lifetime not known to us */
586 status = PSA_ERROR_INVALID_ARGUMENT;
587 break;
588 }
589
590 return( status );
591}
592
593psa_status_t psa_driver_wrapper_import_key(
594 const psa_key_attributes_t *attributes,
595 const uint8_t *data,
596 size_t data_length,
597 uint8_t *key_buffer,
598 size_t key_buffer_size,
599 size_t *key_buffer_length,
600 size_t *bits )
601{
602
603 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
604 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
605 psa_get_key_lifetime( attributes ) );
606
607 /* Try dynamically-registered SE interface first */
608#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
609 const psa_drv_se_t *drv;
610 psa_drv_se_context_t *drv_context;
611
612 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
613 {
614 if( drv->key_management == NULL ||
615 drv->key_management->p_import == NULL )
616 return( PSA_ERROR_NOT_SUPPORTED );
617
618 /* The driver should set the number of key bits, however in
619 * case it doesn't, we initialize bits to an invalid value. */
620 *bits = PSA_MAX_KEY_BITS + 1;
621 status = drv->key_management->p_import(
622 drv_context,
623 *( (psa_key_slot_number_t *)key_buffer ),
624 attributes, data, data_length, bits );
625
626 if( status != PSA_SUCCESS )
627 return( status );
628
629 if( (*bits) > PSA_MAX_KEY_BITS )
630 return( PSA_ERROR_NOT_SUPPORTED );
631
632 return( PSA_SUCCESS );
633 }
634#endif /* PSA_CRYPTO_SE_C */
635
636 switch( location )
637 {
638 case PSA_KEY_LOCATION_LOCAL_STORAGE:
639 /* Key is stored in the slot in export representation, so
640 * cycle through all known transparent accelerators */
641#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
642
643#if (defined(PSA_CRYPTO_DRIVER_TEST) )
644 status = mbedtls_test_transparent_import_key
645 (attributes,
646 data,
647 data_length,
648 key_buffer,
649 key_buffer_size,
650 key_buffer_length,
651 bits
652 );
653
654 if( status != PSA_ERROR_NOT_SUPPORTED )
655 return( status );
656#endif
657
658
659#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
660
661 /* Fell through, meaning no accelerator supports this operation */
662 return( psa_import_key_into_slot( attributes,
663 data, data_length,
664 key_buffer, key_buffer_size,
665 key_buffer_length, bits ) );
666 /* Add cases for opaque driver here */
667#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
668
669#if (defined(PSA_CRYPTO_DRIVER_TEST) )
670 case 0x7fffff:
671 return( mbedtls_test_opaque_import_key
672 (attributes,
673 data,
674 data_length,
675 key_buffer,
676 key_buffer_size,
677 key_buffer_length,
678 bits
679 ));
680#endif
681
682
683#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
684 default:
685 (void)status;
686 return( PSA_ERROR_INVALID_ARGUMENT );
687 }
688
689}
690
691psa_status_t psa_driver_wrapper_export_key(
692 const psa_key_attributes_t *attributes,
693 const uint8_t *key_buffer, size_t key_buffer_size,
694 uint8_t *data, size_t data_size, size_t *data_length )
695
696{
697
698 psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
699 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
700 psa_get_key_lifetime( attributes ) );
701
702 /* Try dynamically-registered SE interface first */
703#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
704 const psa_drv_se_t *drv;
705 psa_drv_se_context_t *drv_context;
706
707 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
708 {
709 if( ( drv->key_management == NULL ) ||
710 ( drv->key_management->p_export == NULL ) )
711 {
712 return( PSA_ERROR_NOT_SUPPORTED );
713 }
714
715 return( drv->key_management->p_export(
716 drv_context,
717 *( (psa_key_slot_number_t *)key_buffer ),
718 data, data_size, data_length ) );
719 }
720#endif /* PSA_CRYPTO_SE_C */
721
722 switch( location )
723 {
724 case PSA_KEY_LOCATION_LOCAL_STORAGE:
725 return( psa_export_key_internal( attributes,
726 key_buffer,
727 key_buffer_size,
728 data,
729 data_size,
730 data_length ) );
731
732 /* Add cases for opaque driver here */
733#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
734
735#if (defined(PSA_CRYPTO_DRIVER_TEST) )
736 case 0x7fffff:
737 return( mbedtls_test_opaque_export_key
738 (attributes,
739 key_buffer,
740 key_buffer_size,
741 data,
742 data_size,
743 data_length
744 ));
745#endif
746
747
748#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
749 default:
750 /* Key is declared with a lifetime not known to us */
751 return( status );
752 }
753
754}
755
756psa_status_t psa_driver_wrapper_export_public_key(
757 const psa_key_attributes_t *attributes,
758 const uint8_t *key_buffer, size_t key_buffer_size,
759 uint8_t *data, size_t data_size, size_t *data_length )
760
761{
762
763 psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
764 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
765 psa_get_key_lifetime( attributes ) );
766
767 /* Try dynamically-registered SE interface first */
768#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
769 const psa_drv_se_t *drv;
770 psa_drv_se_context_t *drv_context;
771
772 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
773 {
774 if( ( drv->key_management == NULL ) ||
775 ( drv->key_management->p_export_public == NULL ) )
776 {
777 return( PSA_ERROR_NOT_SUPPORTED );
778 }
779
780 return( drv->key_management->p_export_public(
781 drv_context,
782 *( (psa_key_slot_number_t *)key_buffer ),
783 data, data_size, data_length ) );
784 }
785#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
786
787 switch( location )
788 {
789 case PSA_KEY_LOCATION_LOCAL_STORAGE:
790 /* Key is stored in the slot in export representation, so
791 * cycle through all known transparent accelerators */
792#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
793
794#if (defined(PSA_CRYPTO_DRIVER_TEST) )
795 status = mbedtls_test_transparent_export_public_key
796 (attributes,
797 key_buffer,
798 key_buffer_size,
799 data,
800 data_size,
801 data_length
802 );
803
804 if( status != PSA_ERROR_NOT_SUPPORTED )
805 return( status );
806#endif
807
808
809#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
810 /* Fell through, meaning no accelerator supports this operation */
811 return( psa_export_public_key_internal( attributes,
812 key_buffer,
813 key_buffer_size,
814 data,
815 data_size,
816 data_length ) );
817
818 /* Add cases for opaque driver here */
819#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
820
821#if (defined(PSA_CRYPTO_DRIVER_TEST) )
822 case 0x7fffff:
823 return( mbedtls_test_opaque_export_public_key
824 (attributes,
825 key_buffer,
826 key_buffer_size,
827 data,
828 data_size,
829 data_length
830 ));
831#endif
832
833
834#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
835 default:
836 /* Key is declared with a lifetime not known to us */
837 return( status );
838 }
839
840}
841
842psa_status_t psa_driver_wrapper_get_builtin_key(
843 psa_drv_slot_number_t slot_number,
844 psa_key_attributes_t *attributes,
845 uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
846{
847
848 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
849 switch( location )
850 {
851#if defined(PSA_CRYPTO_DRIVER_TEST)
852
853#if (defined(PSA_CRYPTO_DRIVER_TEST) )
854 case 0x7fffff:
855 return( mbedtls_test_opaque_get_builtin_key
856 (slot_number,
857 attributes,
858 key_buffer,
859 key_buffer_size,
860 key_buffer_length
861 ));
862#endif
863
864
865#endif /* PSA_CRYPTO_DRIVER_TEST */
866 default:
867 (void) slot_number;
868 (void) key_buffer;
869 (void) key_buffer_size;
870 (void) key_buffer_length;
871 return( PSA_ERROR_DOES_NOT_EXIST );
872 }
873
874}
875
876psa_status_t psa_driver_wrapper_copy_key(
877 psa_key_attributes_t *attributes,
878 const uint8_t *source_key, size_t source_key_length,
879 uint8_t *target_key_buffer, size_t target_key_buffer_size,
880 size_t *target_key_buffer_length )
881{
882
883 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
884 psa_key_location_t location =
885 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
886
887#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
888 const psa_drv_se_t *drv;
889 psa_drv_se_context_t *drv_context;
890
891 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
892 {
893 /* Copying to a secure element is not implemented yet. */
894 return( PSA_ERROR_NOT_SUPPORTED );
895 }
896#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
897
898 switch( location )
899 {
900#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
901
902#if (defined(PSA_CRYPTO_DRIVER_TEST) )
903 case 0x7fffff:
904 return( mbedtls_test_opaque_copy_key
905 (attributes,
906 source_key,
907 source_key_length,
908 target_key_buffer,
909 target_key_buffer_size,
910 target_key_buffer_length
911 ));
912#endif
913
914
915#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
916 default:
917 (void)source_key;
918 (void)source_key_length;
919 (void)target_key_buffer;
920 (void)target_key_buffer_size;
921 (void)target_key_buffer_length;
922 status = PSA_ERROR_INVALID_ARGUMENT;
923 }
924 return( status );
925
926}
927
928/*
929 * Cipher functions
930 */
931psa_status_t psa_driver_wrapper_cipher_encrypt(
932 const psa_key_attributes_t *attributes,
933 const uint8_t *key_buffer,
934 size_t key_buffer_size,
935 psa_algorithm_t alg,
936 const uint8_t *iv,
937 size_t iv_length,
938 const uint8_t *input,
939 size_t input_length,
940 uint8_t *output,
941 size_t output_size,
942 size_t *output_length )
943{
944 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
945 psa_key_location_t location =
946 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
947
948 switch( location )
949 {
950 case PSA_KEY_LOCATION_LOCAL_STORAGE:
951 /* Key is stored in the slot in export representation, so
952 * cycle through all known transparent accelerators */
953#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
954#if defined(PSA_CRYPTO_DRIVER_TEST)
955 status = mbedtls_test_transparent_cipher_encrypt( attributes,
956 key_buffer,
957 key_buffer_size,
958 alg,
959 iv,
960 iv_length,
961 input,
962 input_length,
963 output,
964 output_size,
965 output_length );
966 /* Declared with fallback == true */
967 if( status != PSA_ERROR_NOT_SUPPORTED )
968 return( status );
969#endif /* PSA_CRYPTO_DRIVER_TEST */
970#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
971
972#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
973 return( mbedtls_psa_cipher_encrypt( attributes,
974 key_buffer,
975 key_buffer_size,
976 alg,
977 iv,
978 iv_length,
979 input,
980 input_length,
981 output,
982 output_size,
983 output_length ) );
984#else
985 return( PSA_ERROR_NOT_SUPPORTED );
986#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
987
988 /* Add cases for opaque driver here */
989#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
990#if defined(PSA_CRYPTO_DRIVER_TEST)
991 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
992 return( mbedtls_test_opaque_cipher_encrypt( attributes,
993 key_buffer,
994 key_buffer_size,
995 alg,
996 iv,
997 iv_length,
998 input,
999 input_length,
1000 output,
1001 output_size,
1002 output_length ) );
1003#endif /* PSA_CRYPTO_DRIVER_TEST */
1004#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1005
1006 default:
1007 /* Key is declared with a lifetime not known to us */
1008 (void)status;
1009 (void)key_buffer;
1010 (void)key_buffer_size;
1011 (void)alg;
1012 (void)iv;
1013 (void)iv_length;
1014 (void)input;
1015 (void)input_length;
1016 (void)output;
1017 (void)output_size;
1018 (void)output_length;
1019 return( PSA_ERROR_INVALID_ARGUMENT );
1020 }
1021}
1022
1023psa_status_t psa_driver_wrapper_cipher_decrypt(
1024 const psa_key_attributes_t *attributes,
1025 const uint8_t *key_buffer,
1026 size_t key_buffer_size,
1027 psa_algorithm_t alg,
1028 const uint8_t *input,
1029 size_t input_length,
1030 uint8_t *output,
1031 size_t output_size,
1032 size_t *output_length )
1033{
1034 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1035 psa_key_location_t location =
1036 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1037
1038 switch( location )
1039 {
1040 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1041 /* Key is stored in the slot in export representation, so
1042 * cycle through all known transparent accelerators */
1043#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1044#if defined(PSA_CRYPTO_DRIVER_TEST)
1045 status = mbedtls_test_transparent_cipher_decrypt( attributes,
1046 key_buffer,
1047 key_buffer_size,
1048 alg,
1049 input,
1050 input_length,
1051 output,
1052 output_size,
1053 output_length );
1054 /* Declared with fallback == true */
1055 if( status != PSA_ERROR_NOT_SUPPORTED )
1056 return( status );
1057#endif /* PSA_CRYPTO_DRIVER_TEST */
1058#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1059
1060#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1061 return( mbedtls_psa_cipher_decrypt( attributes,
1062 key_buffer,
1063 key_buffer_size,
1064 alg,
1065 input,
1066 input_length,
1067 output,
1068 output_size,
1069 output_length ) );
1070#else
1071 return( PSA_ERROR_NOT_SUPPORTED );
1072#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1073
1074 /* Add cases for opaque driver here */
1075#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1076#if defined(PSA_CRYPTO_DRIVER_TEST)
1077 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
1078 return( mbedtls_test_opaque_cipher_decrypt( attributes,
1079 key_buffer,
1080 key_buffer_size,
1081 alg,
1082 input,
1083 input_length,
1084 output,
1085 output_size,
1086 output_length ) );
1087#endif /* PSA_CRYPTO_DRIVER_TEST */
1088#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1089
1090 default:
1091 /* Key is declared with a lifetime not known to us */
1092 (void)status;
1093 (void)key_buffer;
1094 (void)key_buffer_size;
1095 (void)alg;
1096 (void)input;
1097 (void)input_length;
1098 (void)output;
1099 (void)output_size;
1100 (void)output_length;
1101 return( PSA_ERROR_INVALID_ARGUMENT );
1102 }
1103}
1104
1105psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
1106 psa_cipher_operation_t *operation,
1107 const psa_key_attributes_t *attributes,
1108 const uint8_t *key_buffer, size_t key_buffer_size,
1109 psa_algorithm_t alg )
1110{
1111 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1112 psa_key_location_t location =
1113 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1114
1115 switch( location )
1116 {
1117 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1118 /* Key is stored in the slot in export representation, so
1119 * cycle through all known transparent accelerators */
1120#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1121#if defined(PSA_CRYPTO_DRIVER_TEST)
1122 status = mbedtls_test_transparent_cipher_encrypt_setup(
1123 &operation->ctx.transparent_test_driver_ctx,
1124 attributes,
1125 key_buffer,
1126 key_buffer_size,
1127 alg );
1128 /* Declared with fallback == true */
1129 if( status == PSA_SUCCESS )
1130 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
1131
1132 if( status != PSA_ERROR_NOT_SUPPORTED )
1133 return( status );
1134#endif /* PSA_CRYPTO_DRIVER_TEST */
1135#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1136#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1137 /* Fell through, meaning no accelerator supports this operation */
1138 status = mbedtls_psa_cipher_encrypt_setup( &operation->ctx.mbedtls_ctx,
1139 attributes,
1140 key_buffer,
1141 key_buffer_size,
1142 alg );
1143 if( status == PSA_SUCCESS )
1144 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1145
1146 if( status != PSA_ERROR_NOT_SUPPORTED )
1147 return( status );
1148#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1149 return( PSA_ERROR_NOT_SUPPORTED );
1150
1151 /* Add cases for opaque driver here */
1152#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1153#if defined(PSA_CRYPTO_DRIVER_TEST)
1154 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
1155 status = mbedtls_test_opaque_cipher_encrypt_setup(
1156 &operation->ctx.opaque_test_driver_ctx,
1157 attributes,
1158 key_buffer, key_buffer_size,
1159 alg );
1160
1161 if( status == PSA_SUCCESS )
1162 operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID;
1163
1164 return( status );
1165#endif /* PSA_CRYPTO_DRIVER_TEST */
1166#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1167 default:
1168 /* Key is declared with a lifetime not known to us */
1169 (void)status;
1170 (void)operation;
1171 (void)key_buffer;
1172 (void)key_buffer_size;
1173 (void)alg;
1174 return( PSA_ERROR_INVALID_ARGUMENT );
1175 }
1176}
1177
1178psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
1179 psa_cipher_operation_t *operation,
1180 const psa_key_attributes_t *attributes,
1181 const uint8_t *key_buffer, size_t key_buffer_size,
1182 psa_algorithm_t alg )
1183{
1184 psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
1185 psa_key_location_t location =
1186 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1187
1188 switch( location )
1189 {
1190 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1191 /* Key is stored in the slot in export representation, so
1192 * cycle through all known transparent accelerators */
1193#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1194#if defined(PSA_CRYPTO_DRIVER_TEST)
1195 status = mbedtls_test_transparent_cipher_decrypt_setup(
1196 &operation->ctx.transparent_test_driver_ctx,
1197 attributes,
1198 key_buffer,
1199 key_buffer_size,
1200 alg );
1201 /* Declared with fallback == true */
1202 if( status == PSA_SUCCESS )
1203 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
1204
1205 if( status != PSA_ERROR_NOT_SUPPORTED )
1206 return( status );
1207#endif /* PSA_CRYPTO_DRIVER_TEST */
1208#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1209#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1210 /* Fell through, meaning no accelerator supports this operation */
1211 status = mbedtls_psa_cipher_decrypt_setup( &operation->ctx.mbedtls_ctx,
1212 attributes,
1213 key_buffer,
1214 key_buffer_size,
1215 alg );
1216 if( status == PSA_SUCCESS )
1217 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1218
1219 return( status );
1220#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1221 return( PSA_ERROR_NOT_SUPPORTED );
1222
1223 /* Add cases for opaque driver here */
1224#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1225#if defined(PSA_CRYPTO_DRIVER_TEST)
1226 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
1227 status = mbedtls_test_opaque_cipher_decrypt_setup(
1228 &operation->ctx.opaque_test_driver_ctx,
1229 attributes,
1230 key_buffer, key_buffer_size,
1231 alg );
1232
1233 if( status == PSA_SUCCESS )
1234 operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID;
1235
1236 return( status );
1237#endif /* PSA_CRYPTO_DRIVER_TEST */
1238#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1239 default:
1240 /* Key is declared with a lifetime not known to us */
1241 (void)status;
1242 (void)operation;
1243 (void)key_buffer;
1244 (void)key_buffer_size;
1245 (void)alg;
1246 return( PSA_ERROR_INVALID_ARGUMENT );
1247 }
1248}
1249
1250psa_status_t psa_driver_wrapper_cipher_set_iv(
1251 psa_cipher_operation_t *operation,
1252 const uint8_t *iv,
1253 size_t iv_length )
1254{
1255 switch( operation->id )
1256 {
1257#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1258 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1259 return( mbedtls_psa_cipher_set_iv( &operation->ctx.mbedtls_ctx,
1260 iv,
1261 iv_length ) );
1262#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1263
1264#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1265#if defined(PSA_CRYPTO_DRIVER_TEST)
1266 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1267 return( mbedtls_test_transparent_cipher_set_iv(
1268 &operation->ctx.transparent_test_driver_ctx,
1269 iv, iv_length ) );
1270
1271 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
1272 return( mbedtls_test_opaque_cipher_set_iv(
1273 &operation->ctx.opaque_test_driver_ctx,
1274 iv, iv_length ) );
1275#endif /* PSA_CRYPTO_DRIVER_TEST */
1276#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1277 }
1278
1279 (void)iv;
1280 (void)iv_length;
1281
1282 return( PSA_ERROR_INVALID_ARGUMENT );
1283}
1284
1285psa_status_t psa_driver_wrapper_cipher_update(
1286 psa_cipher_operation_t *operation,
1287 const uint8_t *input,
1288 size_t input_length,
1289 uint8_t *output,
1290 size_t output_size,
1291 size_t *output_length )
1292{
1293 switch( operation->id )
1294 {
1295#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1296 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1297 return( mbedtls_psa_cipher_update( &operation->ctx.mbedtls_ctx,
1298 input,
1299 input_length,
1300 output,
1301 output_size,
1302 output_length ) );
1303#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1304
1305#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1306#if defined(PSA_CRYPTO_DRIVER_TEST)
1307 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1308 return( mbedtls_test_transparent_cipher_update(
1309 &operation->ctx.transparent_test_driver_ctx,
1310 input, input_length,
1311 output, output_size, output_length ) );
1312
1313 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
1314 return( mbedtls_test_opaque_cipher_update(
1315 &operation->ctx.opaque_test_driver_ctx,
1316 input, input_length,
1317 output, output_size, output_length ) );
1318#endif /* PSA_CRYPTO_DRIVER_TEST */
1319#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1320 }
1321
1322 (void)input;
1323 (void)input_length;
1324 (void)output;
1325 (void)output_size;
1326 (void)output_length;
1327
1328 return( PSA_ERROR_INVALID_ARGUMENT );
1329}
1330
1331psa_status_t psa_driver_wrapper_cipher_finish(
1332 psa_cipher_operation_t *operation,
1333 uint8_t *output,
1334 size_t output_size,
1335 size_t *output_length )
1336{
1337 switch( operation->id )
1338 {
1339#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1340 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1341 return( mbedtls_psa_cipher_finish( &operation->ctx.mbedtls_ctx,
1342 output,
1343 output_size,
1344 output_length ) );
1345#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1346
1347#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1348#if defined(PSA_CRYPTO_DRIVER_TEST)
1349 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1350 return( mbedtls_test_transparent_cipher_finish(
1351 &operation->ctx.transparent_test_driver_ctx,
1352 output, output_size, output_length ) );
1353
1354 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
1355 return( mbedtls_test_opaque_cipher_finish(
1356 &operation->ctx.opaque_test_driver_ctx,
1357 output, output_size, output_length ) );
1358#endif /* PSA_CRYPTO_DRIVER_TEST */
1359#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1360 }
1361
1362 (void)output;
1363 (void)output_size;
1364 (void)output_length;
1365
1366 return( PSA_ERROR_INVALID_ARGUMENT );
1367}
1368
1369psa_status_t psa_driver_wrapper_cipher_abort(
1370 psa_cipher_operation_t *operation )
1371{
1372 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1373
1374 switch( operation->id )
1375 {
1376#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1377 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1378 return( mbedtls_psa_cipher_abort( &operation->ctx.mbedtls_ctx ) );
1379#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1380
1381#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1382#if defined(PSA_CRYPTO_DRIVER_TEST)
1383 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1384 status = mbedtls_test_transparent_cipher_abort(
1385 &operation->ctx.transparent_test_driver_ctx );
1386 mbedtls_platform_zeroize(
1387 &operation->ctx.transparent_test_driver_ctx,
1388 sizeof( operation->ctx.transparent_test_driver_ctx ) );
1389 return( status );
1390
1391 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
1392 status = mbedtls_test_opaque_cipher_abort(
1393 &operation->ctx.opaque_test_driver_ctx );
1394 mbedtls_platform_zeroize(
1395 &operation->ctx.opaque_test_driver_ctx,
1396 sizeof( operation->ctx.opaque_test_driver_ctx ) );
1397 return( status );
1398#endif /* PSA_CRYPTO_DRIVER_TEST */
1399#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1400 }
1401
1402 (void)status;
1403 return( PSA_ERROR_INVALID_ARGUMENT );
1404}
1405
1406/*
1407 * Hashing functions
1408 */
1409psa_status_t psa_driver_wrapper_hash_compute(
1410 psa_algorithm_t alg,
1411 const uint8_t *input,
1412 size_t input_length,
1413 uint8_t *hash,
1414 size_t hash_size,
1415 size_t *hash_length)
1416{
1417 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1418
1419 /* Try accelerators first */
1420#if defined(PSA_CRYPTO_DRIVER_TEST)
1421 status = mbedtls_test_transparent_hash_compute(
1422 alg, input, input_length, hash, hash_size, hash_length );
1423 if( status != PSA_ERROR_NOT_SUPPORTED )
1424 return( status );
1425#endif
1426
1427 /* If software fallback is compiled in, try fallback */
1428#if defined(MBEDTLS_PSA_BUILTIN_HASH)
1429 status = mbedtls_psa_hash_compute( alg, input, input_length,
1430 hash, hash_size, hash_length );
1431 if( status != PSA_ERROR_NOT_SUPPORTED )
1432 return( status );
1433#endif
1434 (void) status;
1435 (void) alg;
1436 (void) input;
1437 (void) input_length;
1438 (void) hash;
1439 (void) hash_size;
1440 (void) hash_length;
1441
1442 return( PSA_ERROR_NOT_SUPPORTED );
1443}
1444
1445psa_status_t psa_driver_wrapper_hash_setup(
1446 psa_hash_operation_t *operation,
1447 psa_algorithm_t alg )
1448{
1449 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1450
1451 /* Try setup on accelerators first */
1452#if defined(PSA_CRYPTO_DRIVER_TEST)
1453 status = mbedtls_test_transparent_hash_setup(
1454 &operation->ctx.test_driver_ctx, alg );
1455 if( status == PSA_SUCCESS )
1456 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
1457
1458 if( status != PSA_ERROR_NOT_SUPPORTED )
1459 return( status );
1460#endif
1461
1462 /* If software fallback is compiled in, try fallback */
1463#if defined(MBEDTLS_PSA_BUILTIN_HASH)
1464 status = mbedtls_psa_hash_setup( &operation->ctx.mbedtls_ctx, alg );
1465 if( status == PSA_SUCCESS )
1466 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1467
1468 if( status != PSA_ERROR_NOT_SUPPORTED )
1469 return( status );
1470#endif
1471 /* Nothing left to try if we fall through here */
1472 (void) status;
1473 (void) operation;
1474 (void) alg;
1475 return( PSA_ERROR_NOT_SUPPORTED );
1476}
1477
1478psa_status_t psa_driver_wrapper_hash_clone(
1479 const psa_hash_operation_t *source_operation,
1480 psa_hash_operation_t *target_operation )
1481{
1482 switch( source_operation->id )
1483 {
1484#if defined(MBEDTLS_PSA_BUILTIN_HASH)
1485 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1486 target_operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1487 return( mbedtls_psa_hash_clone( &source_operation->ctx.mbedtls_ctx,
1488 &target_operation->ctx.mbedtls_ctx ) );
1489#endif
1490#if defined(PSA_CRYPTO_DRIVER_TEST)
1491 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1492 target_operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
1493 return( mbedtls_test_transparent_hash_clone(
1494 &source_operation->ctx.test_driver_ctx,
1495 &target_operation->ctx.test_driver_ctx ) );
1496#endif
1497 default:
1498 (void) target_operation;
1499 return( PSA_ERROR_BAD_STATE );
1500 }
1501}
1502
1503psa_status_t psa_driver_wrapper_hash_update(
1504 psa_hash_operation_t *operation,
1505 const uint8_t *input,
1506 size_t input_length )
1507{
1508 switch( operation->id )
1509 {
1510#if defined(MBEDTLS_PSA_BUILTIN_HASH)
1511 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1512 return( mbedtls_psa_hash_update( &operation->ctx.mbedtls_ctx,
1513 input, input_length ) );
1514#endif
1515#if defined(PSA_CRYPTO_DRIVER_TEST)
1516 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1517 return( mbedtls_test_transparent_hash_update(
1518 &operation->ctx.test_driver_ctx,
1519 input, input_length ) );
1520#endif
1521 default:
1522 (void) input;
1523 (void) input_length;
1524 return( PSA_ERROR_BAD_STATE );
1525 }
1526}
1527
1528psa_status_t psa_driver_wrapper_hash_finish(
1529 psa_hash_operation_t *operation,
1530 uint8_t *hash,
1531 size_t hash_size,
1532 size_t *hash_length )
1533{
1534 switch( operation->id )
1535 {
1536#if defined(MBEDTLS_PSA_BUILTIN_HASH)
1537 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1538 return( mbedtls_psa_hash_finish( &operation->ctx.mbedtls_ctx,
1539 hash, hash_size, hash_length ) );
1540#endif
1541#if defined(PSA_CRYPTO_DRIVER_TEST)
1542 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1543 return( mbedtls_test_transparent_hash_finish(
1544 &operation->ctx.test_driver_ctx,
1545 hash, hash_size, hash_length ) );
1546#endif
1547 default:
1548 (void) hash;
1549 (void) hash_size;
1550 (void) hash_length;
1551 return( PSA_ERROR_BAD_STATE );
1552 }
1553}
1554
1555psa_status_t psa_driver_wrapper_hash_abort(
1556 psa_hash_operation_t *operation )
1557{
1558 switch( operation->id )
1559 {
1560#if defined(MBEDTLS_PSA_BUILTIN_HASH)
1561 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1562 return( mbedtls_psa_hash_abort( &operation->ctx.mbedtls_ctx ) );
1563#endif
1564#if defined(PSA_CRYPTO_DRIVER_TEST)
1565 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1566 return( mbedtls_test_transparent_hash_abort(
1567 &operation->ctx.test_driver_ctx ) );
1568#endif
1569 default:
1570 return( PSA_ERROR_BAD_STATE );
1571 }
1572}
1573
1574psa_status_t psa_driver_wrapper_aead_encrypt(
1575 const psa_key_attributes_t *attributes,
1576 const uint8_t *key_buffer, size_t key_buffer_size,
1577 psa_algorithm_t alg,
1578 const uint8_t *nonce, size_t nonce_length,
1579 const uint8_t *additional_data, size_t additional_data_length,
1580 const uint8_t *plaintext, size_t plaintext_length,
1581 uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length )
1582{
1583 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1584 psa_key_location_t location =
1585 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1586
1587 switch( location )
1588 {
1589 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1590 /* Key is stored in the slot in export representation, so
1591 * cycle through all known transparent accelerators */
1592
1593#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1594#if defined(PSA_CRYPTO_DRIVER_TEST)
1595 status = mbedtls_test_transparent_aead_encrypt(
1596 attributes, key_buffer, key_buffer_size,
1597 alg,
1598 nonce, nonce_length,
1599 additional_data, additional_data_length,
1600 plaintext, plaintext_length,
1601 ciphertext, ciphertext_size, ciphertext_length );
1602 /* Declared with fallback == true */
1603 if( status != PSA_ERROR_NOT_SUPPORTED )
1604 return( status );
1605#endif /* PSA_CRYPTO_DRIVER_TEST */
1606#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1607
1608 /* Fell through, meaning no accelerator supports this operation */
1609 return( mbedtls_psa_aead_encrypt(
1610 attributes, key_buffer, key_buffer_size,
1611 alg,
1612 nonce, nonce_length,
1613 additional_data, additional_data_length,
1614 plaintext, plaintext_length,
1615 ciphertext, ciphertext_size, ciphertext_length ) );
1616
1617 /* Add cases for opaque driver here */
1618
1619 default:
1620 /* Key is declared with a lifetime not known to us */
1621 (void)status;
1622 return( PSA_ERROR_INVALID_ARGUMENT );
1623 }
1624}
1625
1626psa_status_t psa_driver_wrapper_aead_decrypt(
1627 const psa_key_attributes_t *attributes,
1628 const uint8_t *key_buffer, size_t key_buffer_size,
1629 psa_algorithm_t alg,
1630 const uint8_t *nonce, size_t nonce_length,
1631 const uint8_t *additional_data, size_t additional_data_length,
1632 const uint8_t *ciphertext, size_t ciphertext_length,
1633 uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length )
1634{
1635 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1636 psa_key_location_t location =
1637 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1638
1639 switch( location )
1640 {
1641 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1642 /* Key is stored in the slot in export representation, so
1643 * cycle through all known transparent accelerators */
1644
1645#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1646#if defined(PSA_CRYPTO_DRIVER_TEST)
1647 status = mbedtls_test_transparent_aead_decrypt(
1648 attributes, key_buffer, key_buffer_size,
1649 alg,
1650 nonce, nonce_length,
1651 additional_data, additional_data_length,
1652 ciphertext, ciphertext_length,
1653 plaintext, plaintext_size, plaintext_length );
1654 /* Declared with fallback == true */
1655 if( status != PSA_ERROR_NOT_SUPPORTED )
1656 return( status );
1657#endif /* PSA_CRYPTO_DRIVER_TEST */
1658#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1659
1660 /* Fell through, meaning no accelerator supports this operation */
1661 return( mbedtls_psa_aead_decrypt(
1662 attributes, key_buffer, key_buffer_size,
1663 alg,
1664 nonce, nonce_length,
1665 additional_data, additional_data_length,
1666 ciphertext, ciphertext_length,
1667 plaintext, plaintext_size, plaintext_length ) );
1668
1669 /* Add cases for opaque driver here */
1670
1671 default:
1672 /* Key is declared with a lifetime not known to us */
1673 (void)status;
1674 return( PSA_ERROR_INVALID_ARGUMENT );
1675 }
1676}
1677
1678psa_status_t psa_driver_wrapper_aead_encrypt_setup(
1679 psa_aead_operation_t *operation,
1680 const psa_key_attributes_t *attributes,
1681 const uint8_t *key_buffer, size_t key_buffer_size,
1682 psa_algorithm_t alg )
1683{
1684 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1685 psa_key_location_t location =
1686 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1687
1688 switch( location )
1689 {
1690 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1691 /* Key is stored in the slot in export representation, so
1692 * cycle through all known transparent accelerators */
1693
1694#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1695#if defined(PSA_CRYPTO_DRIVER_TEST)
1696 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
1697 status = mbedtls_test_transparent_aead_encrypt_setup(
1698 &operation->ctx.transparent_test_driver_ctx,
1699 attributes, key_buffer, key_buffer_size,
1700 alg );
1701
1702 /* Declared with fallback == true */
1703 if( status != PSA_ERROR_NOT_SUPPORTED )
1704 return( status );
1705#endif /* PSA_CRYPTO_DRIVER_TEST */
1706#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1707
1708 /* Fell through, meaning no accelerator supports this operation */
1709 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1710 status = mbedtls_psa_aead_encrypt_setup(
1711 &operation->ctx.mbedtls_ctx, attributes,
1712 key_buffer, key_buffer_size,
1713 alg );
1714
1715 return( status );
1716
1717 /* Add cases for opaque driver here */
1718
1719 default:
1720 /* Key is declared with a lifetime not known to us */
1721 (void)status;
1722 return( PSA_ERROR_INVALID_ARGUMENT );
1723 }
1724}
1725
1726psa_status_t psa_driver_wrapper_aead_decrypt_setup(
1727 psa_aead_operation_t *operation,
1728 const psa_key_attributes_t *attributes,
1729 const uint8_t *key_buffer, size_t key_buffer_size,
1730 psa_algorithm_t alg )
1731{
1732 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1733 psa_key_location_t location =
1734 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1735
1736 switch( location )
1737 {
1738 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1739 /* Key is stored in the slot in export representation, so
1740 * cycle through all known transparent accelerators */
1741
1742#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1743#if defined(PSA_CRYPTO_DRIVER_TEST)
1744 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
1745 status = mbedtls_test_transparent_aead_decrypt_setup(
1746 &operation->ctx.transparent_test_driver_ctx,
1747 attributes,
1748 key_buffer, key_buffer_size,
1749 alg );
1750
1751 /* Declared with fallback == true */
1752 if( status != PSA_ERROR_NOT_SUPPORTED )
1753 return( status );
1754#endif /* PSA_CRYPTO_DRIVER_TEST */
1755#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1756
1757 /* Fell through, meaning no accelerator supports this operation */
1758 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1759 status = mbedtls_psa_aead_decrypt_setup(
1760 &operation->ctx.mbedtls_ctx,
1761 attributes,
1762 key_buffer, key_buffer_size,
1763 alg );
1764
1765 return( status );
1766
1767 /* Add cases for opaque driver here */
1768
1769 default:
1770 /* Key is declared with a lifetime not known to us */
1771 (void)status;
1772 return( PSA_ERROR_INVALID_ARGUMENT );
1773 }
1774}
1775
1776psa_status_t psa_driver_wrapper_aead_set_nonce(
1777 psa_aead_operation_t *operation,
1778 const uint8_t *nonce,
1779 size_t nonce_length )
1780{
1781 switch( operation->id )
1782 {
1783#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
1784 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1785 return( mbedtls_psa_aead_set_nonce( &operation->ctx.mbedtls_ctx,
1786 nonce,
1787 nonce_length ) );
1788
1789#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
1790
1791#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1792#if defined(PSA_CRYPTO_DRIVER_TEST)
1793 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1794 return( mbedtls_test_transparent_aead_set_nonce(
1795 &operation->ctx.transparent_test_driver_ctx,
1796 nonce, nonce_length ) );
1797
1798 /* Add cases for opaque driver here */
1799
1800#endif /* PSA_CRYPTO_DRIVER_TEST */
1801#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1802 }
1803
1804 (void)nonce;
1805 (void)nonce_length;
1806
1807 return( PSA_ERROR_INVALID_ARGUMENT );
1808}
1809
1810psa_status_t psa_driver_wrapper_aead_set_lengths(
1811 psa_aead_operation_t *operation,
1812 size_t ad_length,
1813 size_t plaintext_length )
1814{
1815 switch( operation->id )
1816 {
1817#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
1818 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1819 return( mbedtls_psa_aead_set_lengths( &operation->ctx.mbedtls_ctx,
1820 ad_length,
1821 plaintext_length ) );
1822
1823#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
1824
1825#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1826#if defined(PSA_CRYPTO_DRIVER_TEST)
1827 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1828 return( mbedtls_test_transparent_aead_set_lengths(
1829 &operation->ctx.transparent_test_driver_ctx,
1830 ad_length, plaintext_length ) );
1831
1832 /* Add cases for opaque driver here */
1833
1834#endif /* PSA_CRYPTO_DRIVER_TEST */
1835#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1836 }
1837
1838 (void)ad_length;
1839 (void)plaintext_length;
1840
1841 return( PSA_ERROR_INVALID_ARGUMENT );
1842}
1843
1844psa_status_t psa_driver_wrapper_aead_update_ad(
1845 psa_aead_operation_t *operation,
1846 const uint8_t *input,
1847 size_t input_length )
1848{
1849 switch( operation->id )
1850 {
1851#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
1852 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1853 return( mbedtls_psa_aead_update_ad( &operation->ctx.mbedtls_ctx,
1854 input,
1855 input_length ) );
1856
1857#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
1858
1859#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1860#if defined(PSA_CRYPTO_DRIVER_TEST)
1861 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1862 return( mbedtls_test_transparent_aead_update_ad(
1863 &operation->ctx.transparent_test_driver_ctx,
1864 input, input_length ) );
1865
1866 /* Add cases for opaque driver here */
1867
1868#endif /* PSA_CRYPTO_DRIVER_TEST */
1869#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1870 }
1871
1872 (void)input;
1873 (void)input_length;
1874
1875 return( PSA_ERROR_INVALID_ARGUMENT );
1876}
1877
1878psa_status_t psa_driver_wrapper_aead_update(
1879 psa_aead_operation_t *operation,
1880 const uint8_t *input,
1881 size_t input_length,
1882 uint8_t *output,
1883 size_t output_size,
1884 size_t *output_length )
1885{
1886 switch( operation->id )
1887 {
1888#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
1889 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1890 return( mbedtls_psa_aead_update( &operation->ctx.mbedtls_ctx,
1891 input, input_length,
1892 output, output_size,
1893 output_length ) );
1894
1895#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
1896
1897#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1898#if defined(PSA_CRYPTO_DRIVER_TEST)
1899 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1900 return( mbedtls_test_transparent_aead_update(
1901 &operation->ctx.transparent_test_driver_ctx,
1902 input, input_length, output, output_size,
1903 output_length ) );
1904
1905 /* Add cases for opaque driver here */
1906
1907#endif /* PSA_CRYPTO_DRIVER_TEST */
1908#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1909 }
1910
1911 (void)input;
1912 (void)input_length;
1913 (void)output;
1914 (void)output_size;
1915 (void)output_length;
1916
1917 return( PSA_ERROR_INVALID_ARGUMENT );
1918}
1919
1920psa_status_t psa_driver_wrapper_aead_finish(
1921 psa_aead_operation_t *operation,
1922 uint8_t *ciphertext,
1923 size_t ciphertext_size,
1924 size_t *ciphertext_length,
1925 uint8_t *tag,
1926 size_t tag_size,
1927 size_t *tag_length )
1928{
1929 switch( operation->id )
1930 {
1931#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
1932 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1933 return( mbedtls_psa_aead_finish( &operation->ctx.mbedtls_ctx,
1934 ciphertext,
1935 ciphertext_size,
1936 ciphertext_length, tag,
1937 tag_size, tag_length ) );
1938
1939#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
1940
1941#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1942#if defined(PSA_CRYPTO_DRIVER_TEST)
1943 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1944 return( mbedtls_test_transparent_aead_finish(
1945 &operation->ctx.transparent_test_driver_ctx,
1946 ciphertext, ciphertext_size,
1947 ciphertext_length, tag, tag_size, tag_length ) );
1948
1949 /* Add cases for opaque driver here */
1950
1951#endif /* PSA_CRYPTO_DRIVER_TEST */
1952#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1953 }
1954
1955 (void)ciphertext;
1956 (void)ciphertext_size;
1957 (void)ciphertext_length;
1958 (void)tag;
1959 (void)tag_size;
1960 (void)tag_length;
1961
1962 return( PSA_ERROR_INVALID_ARGUMENT );
1963}
1964
1965psa_status_t psa_driver_wrapper_aead_verify(
1966 psa_aead_operation_t *operation,
1967 uint8_t *plaintext,
1968 size_t plaintext_size,
1969 size_t *plaintext_length,
1970 const uint8_t *tag,
1971 size_t tag_length )
1972{
1973 switch( operation->id )
1974 {
1975#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
1976 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1977 {
1978 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1979 uint8_t check_tag[PSA_AEAD_TAG_MAX_SIZE];
1980 size_t check_tag_length;
1981
1982 status = mbedtls_psa_aead_finish( &operation->ctx.mbedtls_ctx,
1983 plaintext,
1984 plaintext_size,
1985 plaintext_length,
1986 check_tag,
1987 sizeof( check_tag ),
1988 &check_tag_length );
1989
1990 if( status == PSA_SUCCESS )
1991 {
1992 if( tag_length != check_tag_length ||
1993 mbedtls_psa_safer_memcmp( tag, check_tag, tag_length )
1994 != 0 )
1995 status = PSA_ERROR_INVALID_SIGNATURE;
1996 }
1997
1998 mbedtls_platform_zeroize( check_tag, sizeof( check_tag ) );
1999
2000 return( status );
2001 }
2002
2003#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
2004
2005#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2006#if defined(PSA_CRYPTO_DRIVER_TEST)
2007 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2008 return( mbedtls_test_transparent_aead_verify(
2009 &operation->ctx.transparent_test_driver_ctx,
2010 plaintext, plaintext_size,
2011 plaintext_length, tag, tag_length ) );
2012
2013 /* Add cases for opaque driver here */
2014
2015#endif /* PSA_CRYPTO_DRIVER_TEST */
2016#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2017 }
2018
2019 (void)plaintext;
2020 (void)plaintext_size;
2021 (void)plaintext_length;
2022 (void)tag;
2023 (void)tag_length;
2024
2025 return( PSA_ERROR_INVALID_ARGUMENT );
2026}
2027
2028psa_status_t psa_driver_wrapper_aead_abort(
2029 psa_aead_operation_t *operation )
2030{
2031 switch( operation->id )
2032 {
2033#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
2034 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2035 return( mbedtls_psa_aead_abort( &operation->ctx.mbedtls_ctx ) );
2036
2037#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
2038
2039#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2040#if defined(PSA_CRYPTO_DRIVER_TEST)
2041 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2042 return( mbedtls_test_transparent_aead_abort(
2043 &operation->ctx.transparent_test_driver_ctx ) );
2044
2045 /* Add cases for opaque driver here */
2046
2047#endif /* PSA_CRYPTO_DRIVER_TEST */
2048#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2049 }
2050
2051 return( PSA_ERROR_INVALID_ARGUMENT );
2052}
2053
2054/*
2055 * MAC functions
2056 */
2057psa_status_t psa_driver_wrapper_mac_compute(
2058 const psa_key_attributes_t *attributes,
2059 const uint8_t *key_buffer,
2060 size_t key_buffer_size,
2061 psa_algorithm_t alg,
2062 const uint8_t *input,
2063 size_t input_length,
2064 uint8_t *mac,
2065 size_t mac_size,
2066 size_t *mac_length )
2067{
2068 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2069 psa_key_location_t location =
2070 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
2071
2072 switch( location )
2073 {
2074 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2075 /* Key is stored in the slot in export representation, so
2076 * cycle through all known transparent accelerators */
2077#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2078#if defined(PSA_CRYPTO_DRIVER_TEST)
2079 status = mbedtls_test_transparent_mac_compute(
2080 attributes, key_buffer, key_buffer_size, alg,
2081 input, input_length,
2082 mac, mac_size, mac_length );
2083 /* Declared with fallback == true */
2084 if( status != PSA_ERROR_NOT_SUPPORTED )
2085 return( status );
2086#endif /* PSA_CRYPTO_DRIVER_TEST */
2087#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2088#if defined(MBEDTLS_PSA_BUILTIN_MAC)
2089 /* Fell through, meaning no accelerator supports this operation */
2090 status = mbedtls_psa_mac_compute(
2091 attributes, key_buffer, key_buffer_size, alg,
2092 input, input_length,
2093 mac, mac_size, mac_length );
2094 if( status != PSA_ERROR_NOT_SUPPORTED )
2095 return( status );
2096#endif /* MBEDTLS_PSA_BUILTIN_MAC */
2097 return( PSA_ERROR_NOT_SUPPORTED );
2098
2099 /* Add cases for opaque driver here */
2100#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2101#if defined(PSA_CRYPTO_DRIVER_TEST)
2102 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2103 status = mbedtls_test_opaque_mac_compute(
2104 attributes, key_buffer, key_buffer_size, alg,
2105 input, input_length,
2106 mac, mac_size, mac_length );
2107 return( status );
2108#endif /* PSA_CRYPTO_DRIVER_TEST */
2109#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2110 default:
2111 /* Key is declared with a lifetime not known to us */
2112 (void) key_buffer;
2113 (void) key_buffer_size;
2114 (void) alg;
2115 (void) input;
2116 (void) input_length;
2117 (void) mac;
2118 (void) mac_size;
2119 (void) mac_length;
2120 (void) status;
2121 return( PSA_ERROR_INVALID_ARGUMENT );
2122 }
2123}
2124
2125psa_status_t psa_driver_wrapper_mac_sign_setup(
2126 psa_mac_operation_t *operation,
2127 const psa_key_attributes_t *attributes,
2128 const uint8_t *key_buffer,
2129 size_t key_buffer_size,
2130 psa_algorithm_t alg )
2131{
2132 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2133 psa_key_location_t location =
2134 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
2135
2136 switch( location )
2137 {
2138 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2139 /* Key is stored in the slot in export representation, so
2140 * cycle through all known transparent accelerators */
2141#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2142#if defined(PSA_CRYPTO_DRIVER_TEST)
2143 status = mbedtls_test_transparent_mac_sign_setup(
2144 &operation->ctx.transparent_test_driver_ctx,
2145 attributes,
2146 key_buffer, key_buffer_size,
2147 alg );
2148 /* Declared with fallback == true */
2149 if( status == PSA_SUCCESS )
2150 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
2151
2152 if( status != PSA_ERROR_NOT_SUPPORTED )
2153 return( status );
2154#endif /* PSA_CRYPTO_DRIVER_TEST */
2155#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2156#if defined(MBEDTLS_PSA_BUILTIN_MAC)
2157 /* Fell through, meaning no accelerator supports this operation */
2158 status = mbedtls_psa_mac_sign_setup( &operation->ctx.mbedtls_ctx,
2159 attributes,
2160 key_buffer, key_buffer_size,
2161 alg );
2162 if( status == PSA_SUCCESS )
2163 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
2164
2165 if( status != PSA_ERROR_NOT_SUPPORTED )
2166 return( status );
2167#endif /* MBEDTLS_PSA_BUILTIN_MAC */
2168 return( PSA_ERROR_NOT_SUPPORTED );
2169
2170 /* Add cases for opaque driver here */
2171#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2172#if defined(PSA_CRYPTO_DRIVER_TEST)
2173 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2174 status = mbedtls_test_opaque_mac_sign_setup(
2175 &operation->ctx.opaque_test_driver_ctx,
2176 attributes,
2177 key_buffer, key_buffer_size,
2178 alg );
2179
2180 if( status == PSA_SUCCESS )
2181 operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID;
2182
2183 return( status );
2184#endif /* PSA_CRYPTO_DRIVER_TEST */
2185#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2186 default:
2187 /* Key is declared with a lifetime not known to us */
2188 (void) status;
2189 (void) operation;
2190 (void) key_buffer;
2191 (void) key_buffer_size;
2192 (void) alg;
2193 return( PSA_ERROR_INVALID_ARGUMENT );
2194 }
2195}
2196
2197psa_status_t psa_driver_wrapper_mac_verify_setup(
2198 psa_mac_operation_t *operation,
2199 const psa_key_attributes_t *attributes,
2200 const uint8_t *key_buffer,
2201 size_t key_buffer_size,
2202 psa_algorithm_t alg )
2203{
2204 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2205 psa_key_location_t location =
2206 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
2207
2208 switch( location )
2209 {
2210 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2211 /* Key is stored in the slot in export representation, so
2212 * cycle through all known transparent accelerators */
2213#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2214#if defined(PSA_CRYPTO_DRIVER_TEST)
2215 status = mbedtls_test_transparent_mac_verify_setup(
2216 &operation->ctx.transparent_test_driver_ctx,
2217 attributes,
2218 key_buffer, key_buffer_size,
2219 alg );
2220 /* Declared with fallback == true */
2221 if( status == PSA_SUCCESS )
2222 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
2223
2224 if( status != PSA_ERROR_NOT_SUPPORTED )
2225 return( status );
2226#endif /* PSA_CRYPTO_DRIVER_TEST */
2227#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2228#if defined(MBEDTLS_PSA_BUILTIN_MAC)
2229 /* Fell through, meaning no accelerator supports this operation */
2230 status = mbedtls_psa_mac_verify_setup( &operation->ctx.mbedtls_ctx,
2231 attributes,
2232 key_buffer, key_buffer_size,
2233 alg );
2234 if( status == PSA_SUCCESS )
2235 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
2236
2237 if( status != PSA_ERROR_NOT_SUPPORTED )
2238 return( status );
2239#endif /* MBEDTLS_PSA_BUILTIN_MAC */
2240 return( PSA_ERROR_NOT_SUPPORTED );
2241
2242 /* Add cases for opaque driver here */
2243#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2244#if defined(PSA_CRYPTO_DRIVER_TEST)
2245 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2246 status = mbedtls_test_opaque_mac_verify_setup(
2247 &operation->ctx.opaque_test_driver_ctx,
2248 attributes,
2249 key_buffer, key_buffer_size,
2250 alg );
2251
2252 if( status == PSA_SUCCESS )
2253 operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID;
2254
2255 return( status );
2256#endif /* PSA_CRYPTO_DRIVER_TEST */
2257#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2258 default:
2259 /* Key is declared with a lifetime not known to us */
2260 (void) status;
2261 (void) operation;
2262 (void) key_buffer;
2263 (void) key_buffer_size;
2264 (void) alg;
2265 return( PSA_ERROR_INVALID_ARGUMENT );
2266 }
2267}
2268
2269psa_status_t psa_driver_wrapper_mac_update(
2270 psa_mac_operation_t *operation,
2271 const uint8_t *input,
2272 size_t input_length )
2273{
2274 switch( operation->id )
2275 {
2276#if defined(MBEDTLS_PSA_BUILTIN_MAC)
2277 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2278 return( mbedtls_psa_mac_update( &operation->ctx.mbedtls_ctx,
2279 input, input_length ) );
2280#endif /* MBEDTLS_PSA_BUILTIN_MAC */
2281
2282#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2283#if defined(PSA_CRYPTO_DRIVER_TEST)
2284 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2285 return( mbedtls_test_transparent_mac_update(
2286 &operation->ctx.transparent_test_driver_ctx,
2287 input, input_length ) );
2288
2289 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
2290 return( mbedtls_test_opaque_mac_update(
2291 &operation->ctx.opaque_test_driver_ctx,
2292 input, input_length ) );
2293#endif /* PSA_CRYPTO_DRIVER_TEST */
2294#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2295 default:
2296 (void) input;
2297 (void) input_length;
2298 return( PSA_ERROR_INVALID_ARGUMENT );
2299 }
2300}
2301
2302psa_status_t psa_driver_wrapper_mac_sign_finish(
2303 psa_mac_operation_t *operation,
2304 uint8_t *mac,
2305 size_t mac_size,
2306 size_t *mac_length )
2307{
2308 switch( operation->id )
2309 {
2310#if defined(MBEDTLS_PSA_BUILTIN_MAC)
2311 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2312 return( mbedtls_psa_mac_sign_finish( &operation->ctx.mbedtls_ctx,
2313 mac, mac_size, mac_length ) );
2314#endif /* MBEDTLS_PSA_BUILTIN_MAC */
2315
2316#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2317#if defined(PSA_CRYPTO_DRIVER_TEST)
2318 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2319 return( mbedtls_test_transparent_mac_sign_finish(
2320 &operation->ctx.transparent_test_driver_ctx,
2321 mac, mac_size, mac_length ) );
2322
2323 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
2324 return( mbedtls_test_opaque_mac_sign_finish(
2325 &operation->ctx.opaque_test_driver_ctx,
2326 mac, mac_size, mac_length ) );
2327#endif /* PSA_CRYPTO_DRIVER_TEST */
2328#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2329 default:
2330 (void) mac;
2331 (void) mac_size;
2332 (void) mac_length;
2333 return( PSA_ERROR_INVALID_ARGUMENT );
2334 }
2335}
2336
2337psa_status_t psa_driver_wrapper_mac_verify_finish(
2338 psa_mac_operation_t *operation,
2339 const uint8_t *mac,
2340 size_t mac_length )
2341{
2342 switch( operation->id )
2343 {
2344#if defined(MBEDTLS_PSA_BUILTIN_MAC)
2345 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2346 return( mbedtls_psa_mac_verify_finish( &operation->ctx.mbedtls_ctx,
2347 mac, mac_length ) );
2348#endif /* MBEDTLS_PSA_BUILTIN_MAC */
2349
2350#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2351#if defined(PSA_CRYPTO_DRIVER_TEST)
2352 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2353 return( mbedtls_test_transparent_mac_verify_finish(
2354 &operation->ctx.transparent_test_driver_ctx,
2355 mac, mac_length ) );
2356
2357 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
2358 return( mbedtls_test_opaque_mac_verify_finish(
2359 &operation->ctx.opaque_test_driver_ctx,
2360 mac, mac_length ) );
2361#endif /* PSA_CRYPTO_DRIVER_TEST */
2362#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2363 default:
2364 (void) mac;
2365 (void) mac_length;
2366 return( PSA_ERROR_INVALID_ARGUMENT );
2367 }
2368}
2369
2370psa_status_t psa_driver_wrapper_mac_abort(
2371 psa_mac_operation_t *operation )
2372{
2373 switch( operation->id )
2374 {
2375#if defined(MBEDTLS_PSA_BUILTIN_MAC)
2376 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2377 return( mbedtls_psa_mac_abort( &operation->ctx.mbedtls_ctx ) );
2378#endif /* MBEDTLS_PSA_BUILTIN_MAC */
2379
2380#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2381#if defined(PSA_CRYPTO_DRIVER_TEST)
2382 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2383 return( mbedtls_test_transparent_mac_abort(
2384 &operation->ctx.transparent_test_driver_ctx ) );
2385 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
2386 return( mbedtls_test_opaque_mac_abort(
2387 &operation->ctx.opaque_test_driver_ctx ) );
2388#endif /* PSA_CRYPTO_DRIVER_TEST */
2389#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2390 default:
2391 return( PSA_ERROR_INVALID_ARGUMENT );
2392 }
2393}
2394
2395/*
2396 * Asymmetric cryptography
2397 */
2398psa_status_t psa_driver_wrapper_asymmetric_encrypt(
2399 const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
2400 size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input,
2401 size_t input_length, const uint8_t *salt, size_t salt_length,
2402 uint8_t *output, size_t output_size, size_t *output_length )
2403{
2404 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2405 psa_key_location_t location =
2406 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
2407
2408 switch( location )
2409 {
2410 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2411 /* Key is stored in the slot in export representation, so
2412 * cycle through all known transparent accelerators */
2413#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2414#if defined(PSA_CRYPTO_DRIVER_TEST)
2415 status = mbedtls_test_transparent_asymmetric_encrypt( attributes,
2416 key_buffer, key_buffer_size, alg, input, input_length,
2417 salt, salt_length, output, output_size,
2418 output_length );
2419 /* Declared with fallback == true */
2420 if( status != PSA_ERROR_NOT_SUPPORTED )
2421 return( status );
2422#endif /* PSA_CRYPTO_DRIVER_TEST */
2423#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2424 return( mbedtls_psa_asymmetric_encrypt( attributes,
2425 key_buffer, key_buffer_size, alg, input, input_length,
2426 salt, salt_length, output, output_size, output_length )
2427 );
2428 /* Add cases for opaque driver here */
2429#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2430#if defined(PSA_CRYPTO_DRIVER_TEST)
2431 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2432 return( mbedtls_test_opaque_asymmetric_encrypt( attributes,
2433 key_buffer, key_buffer_size, alg, input, input_length,
2434 salt, salt_length, output, output_size, output_length )
2435 );
2436#endif /* PSA_CRYPTO_DRIVER_TEST */
2437#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2438
2439 default:
2440 /* Key is declared with a lifetime not known to us */
2441 (void)status;
2442 (void)key_buffer;
2443 (void)key_buffer_size;
2444 (void)alg;
2445 (void)input;
2446 (void)input_length;
2447 (void)salt;
2448 (void)salt_length;
2449 (void)output;
2450 (void)output_size;
2451 (void)output_length;
2452 return( PSA_ERROR_INVALID_ARGUMENT );
2453 }
2454}
2455
2456psa_status_t psa_driver_wrapper_asymmetric_decrypt(
2457 const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
2458 size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input,
2459 size_t input_length, const uint8_t *salt, size_t salt_length,
2460 uint8_t *output, size_t output_size, size_t *output_length )
2461{
2462 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2463 psa_key_location_t location =
2464 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
2465
2466 switch( location )
2467 {
2468 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2469 /* Key is stored in the slot in export representation, so
2470 * cycle through all known transparent accelerators */
2471#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2472#if defined(PSA_CRYPTO_DRIVER_TEST)
2473 status = mbedtls_test_transparent_asymmetric_decrypt( attributes,
2474 key_buffer, key_buffer_size, alg, input, input_length,
2475 salt, salt_length, output, output_size,
2476 output_length );
2477 /* Declared with fallback == true */
2478 if( status != PSA_ERROR_NOT_SUPPORTED )
2479 return( status );
2480#endif /* PSA_CRYPTO_DRIVER_TEST */
2481#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2482 return( mbedtls_psa_asymmetric_decrypt( attributes,
2483 key_buffer, key_buffer_size, alg,input, input_length,
2484 salt, salt_length, output, output_size,
2485 output_length ) );
2486 /* Add cases for opaque driver here */
2487#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2488#if defined(PSA_CRYPTO_DRIVER_TEST)
2489 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2490 return( mbedtls_test_opaque_asymmetric_decrypt( attributes,
2491 key_buffer, key_buffer_size, alg, input, input_length,
2492 salt, salt_length, output, output_size,
2493 output_length ) );
2494#endif /* PSA_CRYPTO_DRIVER_TEST */
2495#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2496
2497 default:
2498 /* Key is declared with a lifetime not known to us */
2499 (void)status;
2500 (void)key_buffer;
2501 (void)key_buffer_size;
2502 (void)alg;
2503 (void)input;
2504 (void)input_length;
2505 (void)salt;
2506 (void)salt_length;
2507 (void)output;
2508 (void)output_size;
2509 (void)output_length;
2510 return( PSA_ERROR_INVALID_ARGUMENT );
2511 }
2512}
2513
2514psa_status_t psa_driver_wrapper_key_agreement(
2515 const psa_key_attributes_t *attributes,
2516 const uint8_t *key_buffer,
2517 size_t key_buffer_size,
2518 psa_algorithm_t alg,
2519 const uint8_t *peer_key,
2520 size_t peer_key_length,
2521 uint8_t *shared_secret,
2522 size_t shared_secret_size,
2523 size_t *shared_secret_length
2524 )
2525 {
2526 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2527 psa_key_location_t location =
2528 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
2529
2530 switch( location )
2531 {
2532 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2533 /* Key is stored in the slot in export representation, so
2534 * cycle through all known transparent accelerators */
2535#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2536#if defined(PSA_CRYPTO_DRIVER_TEST)
2537 status =
2538 mbedtls_test_transparent_key_agreement( attributes,
2539 key_buffer, key_buffer_size, alg, peer_key,
2540 peer_key_length, shared_secret, shared_secret_size,
2541 shared_secret_length );
2542 if( status != PSA_ERROR_NOT_SUPPORTED )
2543 return( status );
2544#endif /* PSA_CRYPTO_DRIVER_TEST */
2545#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2546
2547 /* Software Fallback */
2548 status = psa_key_agreement_raw_builtin( attributes,
2549 key_buffer,
2550 key_buffer_size,
2551 alg,
2552 peer_key,
2553 peer_key_length,
2554 shared_secret,
2555 shared_secret_size,
2556 shared_secret_length );
2557 return( status );
2558#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2559#if defined(PSA_CRYPTO_DRIVER_TEST)
2560 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2561 return( mbedtls_test_opaque_key_agreement( attributes,
2562 key_buffer, key_buffer_size, alg, peer_key,
2563 peer_key_length, shared_secret, shared_secret_size,
2564 shared_secret_length ) );
2565#endif /* PSA_CRYPTO_DRIVER_TEST */
2566#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2567
2568 default:
2569 (void) attributes;
2570 (void) key_buffer;
2571 (void) key_buffer_size;
2572 (void) peer_key;
2573 (void) peer_key_length;
2574 (void) shared_secret;
2575 (void) shared_secret_size;
2576 (void) shared_secret_length;
2577 return( PSA_ERROR_NOT_SUPPORTED );
2578
2579 }
2580 }
2581
2582#endif /* MBEDTLS_PSA_CRYPTO_C */