Add initial pass on a multi-part test driver
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h
index 67c53db..0ea8073 100644
--- a/include/psa/crypto_struct.h
+++ b/include/psa/crypto_struct.h
@@ -164,6 +164,12 @@
{
unsigned dummy; /* Enable easier initializing of the union. */
mbedtls_cipher_context_t cipher;
+#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS)
+ struct {
+ unsigned int id;
+ void* ctx;
+ } driver;
+#endif
} ctx;
};
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 04ef28b..6acf498 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -4079,6 +4079,23 @@
PSA_KEY_USAGE_ENCRYPT :
PSA_KEY_USAGE_DECRYPT );
+ status = psa_get_key_from_slot( handle, &slot, usage, alg );
+ if( status != PSA_SUCCESS )
+ goto exit;
+
+ /* Try doing this through a driver before using software fallback */
+ if( cipher_operation == MBEDTLS_ENCRYPT )
+ status = psa_driver_wrapper_cipher_encrypt_setup( operation,
+ slot,
+ alg );
+ else
+ status = psa_driver_wrapper_cipher_decrypt_setup( operation,
+ slot,
+ alg );
+
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ goto exit;
+
/* A context must be freshly initialized before it can be set up. */
if( operation->alg != 0 )
{
diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c
index cc51e24..140c3d4 100644
--- a/library/psa_crypto_driver_wrappers.c
+++ b/library/psa_crypto_driver_wrappers.c
@@ -38,6 +38,11 @@
/* Repeat above block for each JSON-declared driver during autogeneration */
+/* Auto-generated values depending on which drivers are registered */
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+#define PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID (1)
+#define PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID (2)
+#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS */
/* Support the 'old' SE interface when asked to */
@@ -370,4 +375,523 @@
#endif /* PSA_CRYPTO_DRIVER_PRESENT */
}
+/*
+ * Cipher functions
+ */
+psa_status_t psa_driver_wrapper_cipher_encrypt(
+ psa_key_slot_t *slot,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length )
+{
+#if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+ psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
+ psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime);
+ psa_key_attributes_t attributes = {
+ .core = slot->attr
+ };
+
+ switch( location )
+ {
+ case PSA_KEY_LOCATION_LOCAL_STORAGE:
+ /* Key is stored in the slot in export representation, so
+ * cycle through all known transparent accelerators */
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+ status = test_transparent_cipher_encrypt( &attributes,
+ slot->data.key.data,
+ slot->data.key.bytes,
+ alg,
+ input,
+ input_length,
+ output,
+ output_size,
+ output_length );
+ /* Declared with fallback == true */
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return status;
+#endif /* PSA_CRYPTO_DRIVER_TEST */
+ /* Fell through, meaning no accelerator supports this operation */
+ return PSA_ERROR_NOT_SUPPORTED;
+ /* Add cases for opaque driver here */
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+ case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
+ return( test_opaque_cipher_encrypt( &attributes,
+ slot->data.key.data,
+ slot->data.key.bytes,
+ alg,
+ input,
+ input_length,
+ output,
+ output_size,
+ output_length ) );
+#endif /* PSA_CRYPTO_DRIVER_TEST */
+ default:
+ /* Key is declared with a lifetime not known to us */
+ return status;
+ }
+#else /* PSA_CRYPTO_DRIVER_PRESENT */
+ (void) slot;
+ (void) alg;
+ (void) input;
+ (void) input_length;
+ (void) output;
+ (void) output_size;
+ (void) output_length;
+
+ return PSA_ERROR_NOT_SUPPORTED;
+#endif /* PSA_CRYPTO_DRIVER_PRESENT */
+}
+
+psa_status_t psa_driver_wrapper_cipher_decrypt(
+ psa_key_slot_t *slot,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length )
+{
+#if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+ psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
+ psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime);
+ psa_key_attributes_t attributes = {
+ .core = slot->attr
+ };
+
+ switch( location )
+ {
+ case PSA_KEY_LOCATION_LOCAL_STORAGE:
+ /* Key is stored in the slot in export representation, so
+ * cycle through all known transparent accelerators */
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+ status = test_transparent_cipher_decrypt( &attributes,
+ slot->data.key.data,
+ slot->data.key.bytes,
+ alg,
+ input,
+ input_length,
+ output,
+ output_size,
+ output_length );
+ /* Declared with fallback == true */
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return status;
+#endif /* PSA_CRYPTO_DRIVER_TEST */
+ /* Fell through, meaning no accelerator supports this operation */
+ return PSA_ERROR_NOT_SUPPORTED;
+ /* Add cases for opaque driver here */
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+ case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
+ return( test_opaque_cipher_decrypt( &attributes,
+ slot->data.key.data,
+ slot->data.key.bytes,
+ alg,
+ input,
+ input_length,
+ output,
+ output_size,
+ output_length ) );
+#endif /* PSA_CRYPTO_DRIVER_TEST */
+ default:
+ /* Key is declared with a lifetime not known to us */
+ return status;
+ }
+#else /* PSA_CRYPTO_DRIVER_PRESENT */
+ (void) slot;
+ (void) alg;
+ (void) input;
+ (void) input_length;
+ (void) output;
+ (void) output_size;
+ (void) output_length;
+
+ return PSA_ERROR_NOT_SUPPORTED;
+#endif /* PSA_CRYPTO_DRIVER_PRESENT */
+}
+
+psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
+ psa_cipher_operation_t *operation,
+ psa_key_slot_t *slot,
+ psa_algorithm_t alg )
+{
+#if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+ psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
+ psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime);
+ psa_key_attributes_t attributes = {
+ .core = slot->attr
+ };
+
+ /* Check for operation already allocated */
+ if( operation->ctx.driver.ctx != NULL )
+ return PSA_ERROR_BAD_STATE;
+
+ switch( location )
+ {
+ case PSA_KEY_LOCATION_LOCAL_STORAGE:
+ /* Key is stored in the slot in export representation, so
+ * cycle through all known transparent accelerators */
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+ operation->ctx.driver.ctx = mbedtls_calloc( 1, sizeof(test_transparent_cipher_operation_t) );
+ if( operation->ctx.driver.ctx == NULL )
+ return PSA_ERROR_INSUFFICIENT_MEMORY;
+
+ status = test_transparent_cipher_encrypt_setup( operation->ctx.driver.ctx,
+ &attributes,
+ slot->data.key.data,
+ slot->data.key.bytes,
+ alg );
+ /* Declared with fallback == true */
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ {
+ if( status == PSA_SUCCESS )
+ operation->ctx.driver.id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
+ else
+ {
+ mbedtls_free( operation->ctx.driver.ctx );
+ operation->ctx.driver.ctx = NULL;
+ }
+
+ return status;
+ }
+ else
+ {
+ mbedtls_free( operation->ctx.driver.ctx );
+ operation->ctx.driver.ctx = NULL;
+ }
+#endif /* PSA_CRYPTO_DRIVER_TEST */
+ /* Fell through, meaning no accelerator supports this operation */
+ return PSA_ERROR_NOT_SUPPORTED;
+ /* Add cases for opaque driver here */
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+ case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
+ operation->ctx.driver.ctx = mbedtls_calloc( 1, sizeof(test_opaque_cipher_operation_t) );
+ if( operation->ctx.driver.ctx == NULL )
+ return PSA_ERROR_INSUFFICIENT_MEMORY;
+
+ status = test_opaque_cipher_encrypt_setup( operation->ctx.driver.ctx,
+ &attributes,
+ slot->data.key.data,
+ slot->data.key.bytes,
+ alg );
+ if( status == PSA_SUCCESS )
+ operation->ctx.driver.id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID;
+ else
+ {
+ mbedtls_free( operation->ctx.driver.ctx );
+ operation->ctx.driver.ctx = NULL;
+ }
+
+ return status;
+#endif /* PSA_CRYPTO_DRIVER_TEST */
+ default:
+ /* Key is declared with a lifetime not known to us */
+ return PSA_ERROR_BAD_STATE;
+ }
+#else /* PSA_CRYPTO_DRIVER_PRESENT */
+ (void)slot;
+ (void)alg;
+ (void)operation;
+
+ return PSA_ERROR_NOT_SUPPORTED;
+#endif /* PSA_CRYPTO_DRIVER_PRESENT */
+}
+
+psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
+ psa_cipher_operation_t *operation,
+ psa_key_slot_t *slot,
+ psa_algorithm_t alg )
+{
+#if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+ psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
+ psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime);
+ psa_key_attributes_t attributes = {
+ .core = slot->attr
+ };
+
+ /* Check for operation already allocated */
+ if( operation->ctx.driver.ctx != NULL )
+ return PSA_ERROR_BAD_STATE;
+
+ switch( location )
+ {
+ case PSA_KEY_LOCATION_LOCAL_STORAGE:
+ /* Key is stored in the slot in export representation, so
+ * cycle through all known transparent accelerators */
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+ operation->ctx.driver.ctx = mbedtls_calloc( 1, sizeof(test_transparent_cipher_operation_t) );
+ if( operation->ctx.driver.ctx == NULL )
+ return PSA_ERROR_INSUFFICIENT_MEMORY;
+
+ status = test_transparent_cipher_decrypt_setup( operation->ctx.driver.ctx,
+ &attributes,
+ slot->data.key.data,
+ slot->data.key.bytes,
+ alg );
+ /* Declared with fallback == true */
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ {
+ if( status == PSA_SUCCESS )
+ operation->ctx.driver.id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
+ else
+ {
+ mbedtls_free( operation->ctx.driver.ctx );
+ operation->ctx.driver.ctx = NULL;
+ }
+
+ return status;
+ }
+ else
+ {
+ mbedtls_free( operation->ctx.driver.ctx );
+ operation->ctx.driver.ctx = NULL;
+ }
+#endif /* PSA_CRYPTO_DRIVER_TEST */
+ /* Fell through, meaning no accelerator supports this operation */
+ return PSA_ERROR_NOT_SUPPORTED;
+ /* Add cases for opaque driver here */
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+ case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
+ operation->ctx.driver.ctx = mbedtls_calloc( 1, sizeof(test_opaque_cipher_operation_t) );
+ if( operation->ctx.driver.ctx == NULL )
+ return PSA_ERROR_INSUFFICIENT_MEMORY;
+
+ status = test_opaque_cipher_decrypt_setup( operation->ctx.driver.ctx,
+ &attributes,
+ slot->data.key.data,
+ slot->data.key.bytes,
+ alg );
+ if( status == PSA_SUCCESS )
+ operation->ctx.driver.id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID;
+ else
+ {
+ mbedtls_free( operation->ctx.driver.ctx );
+ operation->ctx.driver.ctx = NULL;
+ }
+
+ return status;
+#endif /* PSA_CRYPTO_DRIVER_TEST */
+ default:
+ /* Key is declared with a lifetime not known to us */
+ return PSA_ERROR_BAD_STATE;
+ }
+#else /* PSA_CRYPTO_DRIVER_PRESENT */
+ (void)slot;
+ (void)alg;
+ (void)operation;
+
+ return PSA_ERROR_NOT_SUPPORTED;
+#endif /* PSA_CRYPTO_DRIVER_PRESENT */
+}
+
+psa_status_t psa_driver_wrapper_cipher_generate_iv(
+ psa_cipher_operation_t *operation,
+ uint8_t *iv,
+ size_t iv_size,
+ size_t *iv_length )
+{
+#if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+ /* Check for operation already allocated */
+ if( operation->ctx.driver.ctx == NULL )
+ return PSA_ERROR_INVALID_ARGUMENT;
+
+ switch( operation->ctx.driver.id )
+ {
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+ case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+ return( test_transparent_cipher_generate_iv( operation->ctx.driver.ctx,
+ iv,
+ iv_size,
+ iv_length ) );
+#endif /* PSA_CRYPTO_DRIVER_TEST */
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+ case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
+ return( test_opaque_cipher_generate_iv( operation->ctx.driver.ctx,
+ iv,
+ iv_size,
+ iv_length ) );
+#endif /* PSA_CRYPTO_DRIVER_TEST */
+ default:
+ /* Key is attached to a driver not known to us */
+ return PSA_ERROR_BAD_STATE;
+ }
+#else /* PSA_CRYPTO_DRIVER_PRESENT */
+ (void) operation;
+ (void) iv;
+ (void) iv_size;
+ (void) iv_length;
+
+ return PSA_ERROR_NOT_SUPPORTED;
+#endif /* PSA_CRYPTO_DRIVER_PRESENT */
+}
+
+psa_status_t psa_driver_wrapper_cipher_set_iv(
+ psa_cipher_operation_t *operation,
+ const uint8_t *iv,
+ size_t iv_length )
+{
+#if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+ /* Check for operation already allocated */
+ if( operation->ctx.driver.ctx == NULL )
+ return PSA_ERROR_INVALID_ARGUMENT;
+
+ switch( operation->ctx.driver.id )
+ {
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+ case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+ return( test_transparent_cipher_set_iv( operation->ctx.driver.ctx,
+ iv,
+ iv_length ) );
+#endif /* PSA_CRYPTO_DRIVER_TEST */
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+ case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
+ return( test_opaque_cipher_set_iv( operation->ctx.driver.ctx,
+ iv,
+ iv_length ) );
+#endif /* PSA_CRYPTO_DRIVER_TEST */
+ default:
+ /* Key is attached to a driver not known to us */
+ return PSA_ERROR_BAD_STATE;
+ }
+#else /* PSA_CRYPTO_DRIVER_PRESENT */
+ (void) operation;
+ (void) iv;
+ (void) iv_length;
+
+ return PSA_ERROR_NOT_SUPPORTED;
+#endif /* PSA_CRYPTO_DRIVER_PRESENT */
+}
+
+psa_status_t psa_driver_wrapper_cipher_update(
+ psa_cipher_operation_t *operation,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length )
+{
+#if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+ /* Check for operation already allocated */
+ if( operation->ctx.driver.ctx == NULL )
+ return PSA_ERROR_INVALID_ARGUMENT;
+
+ switch( operation->ctx.driver.id )
+ {
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+ case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+ return( test_transparent_cipher_update( operation->ctx.driver.ctx,
+ input,
+ input_length,
+ output,
+ output_size,
+ output_length ) );
+#endif /* PSA_CRYPTO_DRIVER_TEST */
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+ case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
+ return( test_opaque_cipher_update( operation->ctx.driver.ctx,
+ input,
+ input_length,
+ output,
+ output_size,
+ output_length ) );
+#endif /* PSA_CRYPTO_DRIVER_TEST */
+ default:
+ /* Key is attached to a driver not known to us */
+ return PSA_ERROR_BAD_STATE;
+ }
+#else /* PSA_CRYPTO_DRIVER_PRESENT */
+ (void) operation;
+ (void) input;
+ (void) input_length;
+ (void) output;
+ (void) output_length;
+ (void) output_size;
+
+ return PSA_ERROR_NOT_SUPPORTED;
+#endif /* PSA_CRYPTO_DRIVER_PRESENT */
+}
+
+psa_status_t psa_driver_wrapper_cipher_finish(
+ psa_cipher_operation_t *operation,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length )
+{
+#if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+ /* Check for operation already allocated */
+ if( operation->ctx.driver.ctx == NULL )
+ return PSA_ERROR_INVALID_ARGUMENT;
+
+ switch( operation->ctx.driver.id )
+ {
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+ case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+ return( test_transparent_cipher_finish( operation->ctx.driver.ctx,
+ output,
+ output_size,
+ output_length ) );
+#endif /* PSA_CRYPTO_DRIVER_TEST */
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+ case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
+ return( test_opaque_cipher_finish( operation->ctx.driver.ctx,
+ output,
+ output_size,
+ output_length ) );
+#endif /* PSA_CRYPTO_DRIVER_TEST */
+ default:
+ /* Key is attached to a driver not known to us */
+ return PSA_ERROR_BAD_STATE;
+ }
+#else /* PSA_CRYPTO_DRIVER_PRESENT */
+ (void) operation;
+ (void) output;
+ (void) output_size;
+ (void) output_length;
+
+ return PSA_ERROR_NOT_SUPPORTED;
+#endif /* PSA_CRYPTO_DRIVER_PRESENT */
+}
+
+psa_status_t psa_driver_wrapper_cipher_abort(
+ psa_cipher_operation_t *operation )
+{
+#if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+ psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
+ /* Check for operation already allocated */
+ if( operation->ctx.driver.ctx == NULL )
+ return PSA_ERROR_INVALID_ARGUMENT;
+
+ switch( operation->ctx.driver.id )
+ {
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+ case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+ status = test_transparent_cipher_abort( operation->ctx.driver.ctx );
+
+ mbedtls_free( operation->ctx.driver.ctx );
+ operation->ctx.driver.ctx = NULL;
+ operation->ctx.driver.id = 0;
+
+ return status;
+#endif /* PSA_CRYPTO_DRIVER_TEST */
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+ case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
+ status = test_opaque_cipher_abort( operation->ctx.driver.ctx );
+ mbedtls_free( operation->ctx.driver.ctx );
+ operation->ctx.driver.ctx = NULL;
+
+ return status;
+#endif /* PSA_CRYPTO_DRIVER_TEST */
+ default:
+ /* Operation is attached to a driver not known to us */
+ return PSA_ERROR_BAD_STATE;
+ }
+#else /* PSA_CRYPTO_DRIVER_PRESENT */
+ (void)operation;
+
+ return PSA_ERROR_NOT_SUPPORTED;
+#endif /* PSA_CRYPTO_DRIVER_PRESENT */
+}
+
/* End of automatically generated file. */
diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h
index 4299379..a209604 100644
--- a/library/psa_crypto_driver_wrappers.h
+++ b/library/psa_crypto_driver_wrappers.h
@@ -25,6 +25,9 @@
#include "psa/crypto.h"
#include "psa/crypto_driver_common.h"
+/*
+ * Signature functions
+ */
psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot,
psa_algorithm_t alg,
const uint8_t *hash,
@@ -43,6 +46,65 @@
psa_status_t psa_driver_wrapper_generate_key( const psa_key_attributes_t *attributes,
psa_key_slot_t *slot );
+/*
+ * Cipher functions
+ */
+psa_status_t psa_driver_wrapper_cipher_encrypt(
+ psa_key_slot_t *slot,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length );
+
+psa_status_t psa_driver_wrapper_cipher_decrypt(
+ psa_key_slot_t *slot,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length );
+
+psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
+ psa_cipher_operation_t *operation,
+ psa_key_slot_t *slot,
+ psa_algorithm_t alg );
+
+psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
+ psa_cipher_operation_t *operation,
+ psa_key_slot_t *slot,
+ psa_algorithm_t alg );
+
+psa_status_t psa_driver_wrapper_cipher_generate_iv(
+ psa_cipher_operation_t *operation,
+ uint8_t *iv,
+ size_t iv_size,
+ size_t *iv_length );
+
+psa_status_t psa_driver_wrapper_cipher_set_iv(
+ psa_cipher_operation_t *operation,
+ const uint8_t *iv,
+ size_t iv_length );
+
+psa_status_t psa_driver_wrapper_cipher_update(
+ psa_cipher_operation_t *operation,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length );
+
+psa_status_t psa_driver_wrapper_cipher_finish(
+ psa_cipher_operation_t *operation,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length );
+
+psa_status_t psa_driver_wrapper_cipher_abort(
+ psa_cipher_operation_t *operation );
+
#endif /* PSA_CRYPTO_DRIVER_WRAPPERS_H */
/* End of automatically generated file. */
diff --git a/tests/include/test/drivers/cipher.h b/tests/include/test/drivers/cipher.h
new file mode 100644
index 0000000..c58a926
--- /dev/null
+++ b/tests/include/test/drivers/cipher.h
@@ -0,0 +1,168 @@
+/*
+ * Test driver for cipher functions
+ */
+/* Copyright (C) 2020, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#ifndef PSA_CRYPTO_TEST_DRIVERS_CIPHER_H
+#define PSA_CRYPTO_TEST_DRIVERS_CIPHER_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+#include <psa/crypto_driver_common.h>
+
+#include "mbedtls/cipher.h"
+typedef struct {
+ psa_algorithm_t alg;
+ unsigned int key_set : 1;
+ unsigned int iv_required : 1;
+ unsigned int iv_set : 1;
+ uint8_t iv_size;
+ uint8_t block_size;
+ mbedtls_cipher_context_t cipher;
+} test_transparent_cipher_operation_t;
+
+typedef struct{
+ unsigned int initialised : 1;
+ test_transparent_cipher_operation_t ctx;
+} test_opaque_cipher_operation_t;
+
+extern void *test_driver_cipher_forced_output;
+extern size_t test_driver_cipher_forced_output_length;
+
+extern psa_status_t test_transparent_cipher_status;
+extern unsigned long test_transparent_cipher_hit;
+
+psa_status_t test_transparent_cipher_encrypt(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key, size_t key_length,
+ psa_algorithm_t alg,
+ const uint8_t *input, size_t input_length,
+ uint8_t *output, size_t output_size, size_t *output_length);
+
+psa_status_t test_transparent_cipher_decrypt(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key, size_t key_length,
+ psa_algorithm_t alg,
+ const uint8_t *input, size_t input_length,
+ uint8_t *output, size_t output_size, size_t *output_length);
+
+psa_status_t test_transparent_cipher_encrypt_setup(
+ test_transparent_cipher_operation_t *operation,
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key, size_t key_length,
+ psa_algorithm_t alg);
+
+psa_status_t test_transparent_cipher_decrypt_setup(
+ test_transparent_cipher_operation_t *operation,
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key, size_t key_length,
+ psa_algorithm_t alg);
+
+psa_status_t test_transparent_cipher_abort(
+ test_transparent_cipher_operation_t *operation);
+
+psa_status_t test_transparent_cipher_generate_iv(
+ test_transparent_cipher_operation_t *operation,
+ uint8_t *iv,
+ size_t iv_size,
+ size_t *iv_length);
+
+psa_status_t test_transparent_cipher_set_iv(
+ test_transparent_cipher_operation_t *operation,
+ const uint8_t *iv,
+ size_t iv_length);
+
+psa_status_t test_transparent_cipher_update(
+ test_transparent_cipher_operation_t *operation,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length);
+
+psa_status_t test_transparent_cipher_finish(
+ test_transparent_cipher_operation_t *operation,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length);
+
+/*
+ * opaque versions
+ */
+psa_status_t test_opaque_cipher_encrypt(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key, size_t key_length,
+ psa_algorithm_t alg,
+ const uint8_t *input, size_t input_length,
+ uint8_t *output, size_t output_size, size_t *output_length);
+
+psa_status_t test_opaque_cipher_decrypt(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key, size_t key_length,
+ psa_algorithm_t alg,
+ const uint8_t *input, size_t input_length,
+ uint8_t *output, size_t output_size, size_t *output_length);
+
+psa_status_t test_opaque_cipher_encrypt_setup(
+ test_opaque_cipher_operation_t *operation,
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key, size_t key_length,
+ psa_algorithm_t alg);
+
+psa_status_t test_opaque_cipher_decrypt_setup(
+ test_opaque_cipher_operation_t *operation,
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key, size_t key_length,
+ psa_algorithm_t alg);
+
+psa_status_t test_opaque_cipher_abort(
+ test_opaque_cipher_operation_t *operation);
+
+psa_status_t test_opaque_cipher_generate_iv(
+ test_opaque_cipher_operation_t *operation,
+ uint8_t *iv,
+ size_t iv_size,
+ size_t *iv_length);
+
+psa_status_t test_opaque_cipher_set_iv(
+ test_opaque_cipher_operation_t *operation,
+ const uint8_t *iv,
+ size_t iv_length);
+
+psa_status_t test_opaque_cipher_update(
+ test_opaque_cipher_operation_t *operation,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length);
+
+psa_status_t test_opaque_cipher_finish(
+ test_opaque_cipher_operation_t *operation,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length);
+
+#endif /* PSA_CRYPTO_DRIVER_TEST */
+#endif /* PSA_CRYPTO_TEST_DRIVERS_CIPHER_H */
diff --git a/tests/include/test/drivers/test_driver.h b/tests/include/test/drivers/test_driver.h
index 75135e0..7ee8e5e 100644
--- a/tests/include/test/drivers/test_driver.h
+++ b/tests/include/test/drivers/test_driver.h
@@ -24,5 +24,6 @@
#include "test/drivers/signature.h"
#include "test/drivers/keygen.h"
+#include "test/drivers/cipher.h"
#endif /* PSA_CRYPTO_TEST_DRIVER_H */
diff --git a/tests/src/drivers/cipher.c b/tests/src/drivers/cipher.c
new file mode 100644
index 0000000..0f059a0
--- /dev/null
+++ b/tests/src/drivers/cipher.c
@@ -0,0 +1,348 @@
+/*
+ * Test driver for cipher functions.
+ * Currently only supports multi-part operations using AES-CTR.
+ */
+/* Copyright (C) 2020, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST)
+#include "psa/crypto.h"
+#include "mbedtls/cipher.h"
+
+#include "drivers/cipher.h"
+
+#include "test/random.h"
+
+#include <string.h>
+
+/* If non-null, on success, copy this to the output. */
+void *test_driver_cipher_forced_output = NULL;
+size_t test_driver_cipher_forced_output_length = 0;
+
+psa_status_t test_transparent_cipher_status = PSA_ERROR_NOT_SUPPORTED;
+unsigned long test_transparent_cipher_hit = 0;
+
+psa_status_t test_transparent_cipher_encrypt(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key, size_t key_length,
+ psa_algorithm_t alg,
+ const uint8_t *input, size_t input_length,
+ uint8_t *output, size_t output_size, size_t *output_length)
+{
+ (void) attributes;
+ (void) key;
+ (void) key_length;
+ (void) alg;
+ (void) input;
+ (void) input_length;
+ test_transparent_cipher_hit++;
+
+ if( test_transparent_cipher_status != PSA_SUCCESS )
+ return test_transparent_cipher_status;
+ if( output_size < test_driver_cipher_forced_output_length )
+ return PSA_ERROR_BUFFER_TOO_SMALL;
+
+ memcpy(output, test_driver_cipher_forced_output, test_driver_cipher_forced_output_length);
+ *output_length = test_driver_cipher_forced_output_length;
+
+ return test_transparent_cipher_status;
+}
+
+psa_status_t test_transparent_cipher_decrypt(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key, size_t key_length,
+ psa_algorithm_t alg,
+ const uint8_t *input, size_t input_length,
+ uint8_t *output, size_t output_size, size_t *output_length)
+{
+ (void) attributes;
+ (void) key;
+ (void) key_length;
+ (void) alg;
+ (void) input;
+ (void) input_length;
+ test_transparent_cipher_hit++;
+
+ if( test_transparent_cipher_status != PSA_SUCCESS )
+ return test_transparent_cipher_status;
+ if( output_size < test_driver_cipher_forced_output_length )
+ return PSA_ERROR_BUFFER_TOO_SMALL;
+
+ memcpy(output, test_driver_cipher_forced_output, test_driver_cipher_forced_output_length);
+ *output_length = test_driver_cipher_forced_output_length;
+
+ return test_transparent_cipher_status;
+}
+
+psa_status_t test_transparent_cipher_encrypt_setup(
+ test_transparent_cipher_operation_t *operation,
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key, size_t key_length,
+ psa_algorithm_t alg)
+{
+ (void) attributes;
+ (void) key;
+ (void) key_length;
+ (void) alg;
+
+ /* write our struct, this will trigger memory corruption failures
+ * in test when we go outside of bounds. */
+ memset(operation, 0, sizeof(test_transparent_cipher_operation_t));
+
+ test_transparent_cipher_hit++;
+ return test_transparent_cipher_status;
+}
+
+psa_status_t test_transparent_cipher_decrypt_setup(
+ test_transparent_cipher_operation_t *operation,
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key, size_t key_length,
+ psa_algorithm_t alg)
+{
+ (void) attributes;
+ (void) key;
+ (void) key_length;
+ (void) alg;
+
+ /* write our struct, this will trigger memory corruption failures
+ * in test when we go outside of bounds. */
+ memset(operation, 0, sizeof(test_transparent_cipher_operation_t));
+
+ test_transparent_cipher_hit++;
+ return test_transparent_cipher_status;
+}
+
+psa_status_t test_transparent_cipher_abort(
+ test_transparent_cipher_operation_t *operation)
+{
+ /* write our struct, this will trigger memory corruption failures
+ * in test when we go outside of bounds. */
+ memset(operation, 0, sizeof(test_transparent_cipher_operation_t));
+
+ test_transparent_cipher_hit++;
+ return test_transparent_cipher_status;
+}
+
+psa_status_t test_transparent_cipher_generate_iv(
+ test_transparent_cipher_operation_t *operation,
+ uint8_t *iv,
+ size_t iv_size,
+ size_t *iv_length)
+{
+ (void) operation;
+ (void) iv;
+ (void) iv_size;
+ (void) iv_length;
+
+ test_transparent_cipher_hit++;
+ return test_transparent_cipher_status;
+}
+
+psa_status_t test_transparent_cipher_set_iv(
+ test_transparent_cipher_operation_t *operation,
+ const uint8_t *iv,
+ size_t iv_length)
+{
+ (void) operation;
+ (void) iv;
+ (void) iv_length;
+
+ test_transparent_cipher_hit++;
+ return test_transparent_cipher_status;
+}
+
+psa_status_t test_transparent_cipher_update(
+ test_transparent_cipher_operation_t *operation,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length)
+{
+ (void) operation;
+ (void) input;
+ (void) input_length;
+ test_transparent_cipher_hit++;
+
+ if( test_transparent_cipher_status != PSA_SUCCESS )
+ return test_transparent_cipher_status;
+ if( output_size < test_driver_cipher_forced_output_length )
+ return PSA_ERROR_BUFFER_TOO_SMALL;
+
+ memcpy(output, test_driver_cipher_forced_output, test_driver_cipher_forced_output_length);
+ *output_length = test_driver_cipher_forced_output_length;
+
+ return test_transparent_cipher_status;
+}
+
+psa_status_t test_transparent_cipher_finish(
+ test_transparent_cipher_operation_t *operation,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length)
+{
+ (void) operation;
+ test_transparent_cipher_hit++;
+
+ if( test_transparent_cipher_status != PSA_SUCCESS )
+ return test_transparent_cipher_status;
+ if( output_size < test_driver_cipher_forced_output_length )
+ return PSA_ERROR_BUFFER_TOO_SMALL;
+
+ memcpy(output, test_driver_cipher_forced_output, test_driver_cipher_forced_output_length);
+ *output_length = test_driver_cipher_forced_output_length;
+
+ return test_transparent_cipher_status;
+}
+
+/*
+ * opaque versions, to do
+ */
+psa_status_t test_opaque_cipher_encrypt(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key, size_t key_length,
+ psa_algorithm_t alg,
+ const uint8_t *input, size_t input_length,
+ uint8_t *output, size_t output_size, size_t *output_length)
+{
+ (void) attributes;
+ (void) key;
+ (void) key_length;
+ (void) alg;
+ (void) input;
+ (void) input_length;
+ (void) output;
+ (void) output_size;
+ (void) output_length;
+ return PSA_ERROR_NOT_SUPPORTED;
+}
+
+psa_status_t test_opaque_cipher_decrypt(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key, size_t key_length,
+ psa_algorithm_t alg,
+ const uint8_t *input, size_t input_length,
+ uint8_t *output, size_t output_size, size_t *output_length)
+{
+ (void) attributes;
+ (void) key;
+ (void) key_length;
+ (void) alg;
+ (void) input;
+ (void) input_length;
+ (void) output;
+ (void) output_size;
+ (void) output_length;
+ return PSA_ERROR_NOT_SUPPORTED;
+}
+
+psa_status_t test_opaque_cipher_encrypt_setup(
+ test_opaque_cipher_operation_t *operation,
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key, size_t key_length,
+ psa_algorithm_t alg)
+{
+ (void) operation;
+ (void) attributes;
+ (void) key;
+ (void) key_length;
+ (void) alg;
+ return PSA_ERROR_NOT_SUPPORTED;
+}
+
+psa_status_t test_opaque_cipher_decrypt_setup(
+ test_opaque_cipher_operation_t *operation,
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key, size_t key_length,
+ psa_algorithm_t alg)
+{
+ (void) operation;
+ (void) attributes;
+ (void) key;
+ (void) key_length;
+ (void) alg;
+ return PSA_ERROR_NOT_SUPPORTED;
+}
+
+psa_status_t test_opaque_cipher_abort(
+ test_opaque_cipher_operation_t *operation)
+{
+ (void) operation;
+ return PSA_ERROR_NOT_SUPPORTED;
+}
+
+psa_status_t test_opaque_cipher_generate_iv(
+ test_opaque_cipher_operation_t *operation,
+ uint8_t *iv,
+ size_t iv_size,
+ size_t *iv_length)
+{
+ (void) operation;
+ (void) iv;
+ (void) iv_size;
+ (void) iv_length;
+ return PSA_ERROR_NOT_SUPPORTED;
+}
+
+psa_status_t test_opaque_cipher_set_iv(
+ test_opaque_cipher_operation_t *operation,
+ const uint8_t *iv,
+ size_t iv_length)
+{
+ (void) operation;
+ (void) iv;
+ (void) iv_length;
+ return PSA_ERROR_NOT_SUPPORTED;
+}
+
+psa_status_t test_opaque_cipher_update(
+ test_opaque_cipher_operation_t *operation,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length)
+{
+ (void) operation;
+ (void) input;
+ (void) input_length;
+ (void) output;
+ (void) output_size;
+ (void) output_length;
+ return PSA_ERROR_NOT_SUPPORTED;
+}
+
+psa_status_t test_opaque_cipher_finish(
+ test_opaque_cipher_operation_t *operation,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length)
+{
+ (void) operation;
+ (void) output;
+ (void) output_size;
+ (void) output_length;
+ return PSA_ERROR_NOT_SUPPORTED;
+}
+#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */