TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 22098d41c6620ce07cf8a0134d37302355e1e5ef / . / library / psa_crypto_driver_wrappers.h
blob: 0ed221b50186c40767315de210d9ea6f4fb9de60 [file] [log] [blame]
Minos Galanakis22098d42025-03-20 09:33:09 +0000[diff] [blame^]1/*
2 * Functions to delegate cryptographic operations to an available
3 * and appropriate accelerator.
4 * Warning: This file is now auto-generated.
5 */
6/* Copyright The Mbed TLS Contributors
7 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
8 */
9
10
11/* BEGIN-common headers */
12#include "common.h"
13#include "psa_crypto_aead.h"
14#include "psa_crypto_cipher.h"
15#include "psa_crypto_core.h"
16#include "psa_crypto_driver_wrappers_no_static.h"
17#include "psa_crypto_hash.h"
18#include "psa_crypto_mac.h"
19#include "psa_crypto_pake.h"
20#include "psa_crypto_rsa.h"
21
22#include "mbedtls/platform.h"
23#include "mbedtls/constant_time.h"
24/* END-common headers */
25
26#if defined(MBEDTLS_PSA_CRYPTO_C)
27
28/* BEGIN-driver headers */
29/* Headers for mbedtls_test opaque driver */
30#if defined(PSA_CRYPTO_DRIVER_TEST)
31#include "test/drivers/test_driver.h"
32
33#endif
34/* Headers for mbedtls_test transparent driver */
35#if defined(PSA_CRYPTO_DRIVER_TEST)
36#include "test/drivers/test_driver.h"
37
38#endif
39/* Headers for p256 transparent driver */
40#if defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED)
41#include "../3rdparty/p256-m/p256-m_driver_entrypoints.h"
42
43#endif
44
45/* END-driver headers */
46
47/* Auto-generated values depending on which drivers are registered.
48 * ID 0 is reserved for unallocated operations.
49 * ID 1 is reserved for the Mbed TLS software driver. */
50/* BEGIN-driver id definition */
51#define PSA_CRYPTO_MBED_TLS_DRIVER_ID (1)
52#define MBEDTLS_TEST_OPAQUE_DRIVER_ID (2)
53#define MBEDTLS_TEST_TRANSPARENT_DRIVER_ID (3)
54#define P256_TRANSPARENT_DRIVER_ID (4)
55
56/* END-driver id */
57
58/* BEGIN-Common Macro definitions */
59
60/* END-Common Macro definitions */
61
62/* Support the 'old' SE interface when asked to */
63#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
64/* PSA_CRYPTO_DRIVER_PRESENT is defined when either a new-style or old-style
65 * SE driver is present, to avoid unused argument errors at compile time. */
66#ifndef PSA_CRYPTO_DRIVER_PRESENT
67#define PSA_CRYPTO_DRIVER_PRESENT
68#endif
69#include "psa_crypto_se.h"
70#endif
71
72static inline psa_status_t psa_driver_wrapper_init( void )
73{
74 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
75
76#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
77 status = psa_init_all_se_drivers( );
78 if( status != PSA_SUCCESS )
79 return( status );
80#endif
81
82#if defined(PSA_CRYPTO_DRIVER_TEST)
83 status = mbedtls_test_transparent_init( );
84 if( status != PSA_SUCCESS )
85 return( status );
86
87 status = mbedtls_test_opaque_init( );
88 if( status != PSA_SUCCESS )
89 return( status );
90#endif
91
92 (void) status;
93 return( PSA_SUCCESS );
94}
95
96static inline void psa_driver_wrapper_free( void )
97{
98#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
99 /* Unregister all secure element drivers, so that we restart from
100 * a pristine state. */
101 psa_unregister_all_se_drivers( );
102#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
103
104#if defined(PSA_CRYPTO_DRIVER_TEST)
105 mbedtls_test_transparent_free( );
106 mbedtls_test_opaque_free( );
107#endif
108}
109
110/* Start delegation functions */
111static inline psa_status_t psa_driver_wrapper_sign_message(
112 const psa_key_attributes_t *attributes,
113 const uint8_t *key_buffer,
114 size_t key_buffer_size,
115 psa_algorithm_t alg,
116 const uint8_t *input,
117 size_t input_length,
118 uint8_t *signature,
119 size_t signature_size,
120 size_t *signature_length )
121{
122 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
123 psa_key_location_t location =
124 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
125
126 switch( location )
127 {
128 case PSA_KEY_LOCATION_LOCAL_STORAGE:
129 /* Key is stored in the slot in export representation, so
130 * cycle through all known transparent accelerators */
131#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
132#if defined(PSA_CRYPTO_DRIVER_TEST)
133 status = mbedtls_test_transparent_signature_sign_message(
134 attributes,
135 key_buffer,
136 key_buffer_size,
137 alg,
138 input,
139 input_length,
140 signature,
141 signature_size,
142 signature_length );
143 /* Declared with fallback == true */
144 if( status != PSA_ERROR_NOT_SUPPORTED )
145 return( status );
146#endif /* PSA_CRYPTO_DRIVER_TEST */
147#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
148 break;
149
150 /* Add cases for opaque driver here */
151#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
152#if defined(PSA_CRYPTO_DRIVER_TEST)
153 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
154 status = mbedtls_test_opaque_signature_sign_message(
155 attributes,
156 key_buffer,
157 key_buffer_size,
158 alg,
159 input,
160 input_length,
161 signature,
162 signature_size,
163 signature_length );
164 if( status != PSA_ERROR_NOT_SUPPORTED )
165 return( status );
166 break;
167#endif /* PSA_CRYPTO_DRIVER_TEST */
168#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
169 default:
170 /* Key is declared with a lifetime not known to us */
171 (void)status;
172 break;
173 }
174
175 return( psa_sign_message_builtin( attributes,
176 key_buffer,
177 key_buffer_size,
178 alg,
179 input,
180 input_length,
181 signature,
182 signature_size,
183 signature_length ) );
184}
185
186static inline psa_status_t psa_driver_wrapper_verify_message(
187 const psa_key_attributes_t *attributes,
188 const uint8_t *key_buffer,
189 size_t key_buffer_size,
190 psa_algorithm_t alg,
191 const uint8_t *input,
192 size_t input_length,
193 const uint8_t *signature,
194 size_t signature_length )
195{
196 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
197 psa_key_location_t location =
198 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
199
200 switch( location )
201 {
202 case PSA_KEY_LOCATION_LOCAL_STORAGE:
203 /* Key is stored in the slot in export representation, so
204 * cycle through all known transparent accelerators */
205#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
206#if defined(PSA_CRYPTO_DRIVER_TEST)
207 status = mbedtls_test_transparent_signature_verify_message(
208 attributes,
209 key_buffer,
210 key_buffer_size,
211 alg,
212 input,
213 input_length,
214 signature,
215 signature_length );
216 /* Declared with fallback == true */
217 if( status != PSA_ERROR_NOT_SUPPORTED )
218 return( status );
219#endif /* PSA_CRYPTO_DRIVER_TEST */
220#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
221 break;
222
223 /* Add cases for opaque driver here */
224#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
225#if defined(PSA_CRYPTO_DRIVER_TEST)
226 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
227 return( mbedtls_test_opaque_signature_verify_message(
228 attributes,
229 key_buffer,
230 key_buffer_size,
231 alg,
232 input,
233 input_length,
234 signature,
235 signature_length ) );
236 if( status != PSA_ERROR_NOT_SUPPORTED )
237 return( status );
238 break;
239#endif /* PSA_CRYPTO_DRIVER_TEST */
240#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
241 default:
242 /* Key is declared with a lifetime not known to us */
243 (void)status;
244 break;
245 }
246
247 return( psa_verify_message_builtin( attributes,
248 key_buffer,
249 key_buffer_size,
250 alg,
251 input,
252 input_length,
253 signature,
254 signature_length ) );
255}
256
257static inline psa_status_t psa_driver_wrapper_sign_hash(
258 const psa_key_attributes_t *attributes,
259 const uint8_t *key_buffer, size_t key_buffer_size,
260 psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
261 uint8_t *signature, size_t signature_size, size_t *signature_length )
262{
263 /* Try dynamically-registered SE interface first */
264#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
265 const psa_drv_se_t *drv;
266 psa_drv_se_context_t *drv_context;
267
268 if( psa_get_se_driver( psa_get_key_lifetime(attributes), &drv, &drv_context ) )
269 {
270 if( drv->asymmetric == NULL ||
271 drv->asymmetric->p_sign == NULL )
272 {
273 /* Key is defined in SE, but we have no way to exercise it */
274 return( PSA_ERROR_NOT_SUPPORTED );
275 }
276 return( drv->asymmetric->p_sign(
277 drv_context, *( (psa_key_slot_number_t *)key_buffer ),
278 alg, hash, hash_length,
279 signature, signature_size, signature_length ) );
280 }
281#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
282
283 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
284 psa_key_location_t location =
285 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
286
287 switch( location )
288 {
289 case PSA_KEY_LOCATION_LOCAL_STORAGE:
290 /* Key is stored in the slot in export representation, so
291 * cycle through all known transparent accelerators */
292#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
293#if defined(PSA_CRYPTO_DRIVER_TEST)
294 status = mbedtls_test_transparent_signature_sign_hash( attributes,
295 key_buffer,
296 key_buffer_size,
297 alg,
298 hash,
299 hash_length,
300 signature,
301 signature_size,
302 signature_length );
303 /* Declared with fallback == true */
304 if( status != PSA_ERROR_NOT_SUPPORTED )
305 return( status );
306#endif /* PSA_CRYPTO_DRIVER_TEST */
307#if defined (MBEDTLS_PSA_P256M_DRIVER_ENABLED)
308 if( PSA_KEY_TYPE_IS_ECC( psa_get_key_type(attributes) ) &&
309 PSA_ALG_IS_RANDOMIZED_ECDSA(alg) &&
310 PSA_KEY_TYPE_ECC_GET_FAMILY(psa_get_key_type(attributes)) == PSA_ECC_FAMILY_SECP_R1 &&
311 psa_get_key_bits(attributes) == 256 )
312 {
313 status = p256_transparent_sign_hash( attributes,
314 key_buffer,
315 key_buffer_size,
316 alg,
317 hash,
318 hash_length,
319 signature,
320 signature_size,
321 signature_length );
322 if( status != PSA_ERROR_NOT_SUPPORTED )
323 return( status );
324 }
325#endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */
326#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
327 /* Fell through, meaning no accelerator supports this operation */
328 return( psa_sign_hash_builtin( attributes,
329 key_buffer,
330 key_buffer_size,
331 alg,
332 hash,
333 hash_length,
334 signature,
335 signature_size,
336 signature_length ) );
337
338 /* Add cases for opaque driver here */
339#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
340#if defined(PSA_CRYPTO_DRIVER_TEST)
341 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
342 return( mbedtls_test_opaque_signature_sign_hash( attributes,
343 key_buffer,
344 key_buffer_size,
345 alg,
346 hash,
347 hash_length,
348 signature,
349 signature_size,
350 signature_length ) );
351#endif /* PSA_CRYPTO_DRIVER_TEST */
352#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
353 default:
354 /* Key is declared with a lifetime not known to us */
355 (void)status;
356 return( PSA_ERROR_INVALID_ARGUMENT );
357 }
358}
359
360static inline psa_status_t psa_driver_wrapper_verify_hash(
361 const psa_key_attributes_t *attributes,
362 const uint8_t *key_buffer, size_t key_buffer_size,
363 psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
364 const uint8_t *signature, size_t signature_length )
365{
366 /* Try dynamically-registered SE interface first */
367#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
368 const psa_drv_se_t *drv;
369 psa_drv_se_context_t *drv_context;
370
371 if( psa_get_se_driver( psa_get_key_lifetime(attributes), &drv, &drv_context ) )
372 {
373 if( drv->asymmetric == NULL ||
374 drv->asymmetric->p_verify == NULL )
375 {
376 /* Key is defined in SE, but we have no way to exercise it */
377 return( PSA_ERROR_NOT_SUPPORTED );
378 }
379 return( drv->asymmetric->p_verify(
380 drv_context, *( (psa_key_slot_number_t *)key_buffer ),
381 alg, hash, hash_length,
382 signature, signature_length ) );
383 }
384#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
385
386 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
387 psa_key_location_t location =
388 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
389
390 switch( location )
391 {
392 case PSA_KEY_LOCATION_LOCAL_STORAGE:
393 /* Key is stored in the slot in export representation, so
394 * cycle through all known transparent accelerators */
395#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
396#if defined(PSA_CRYPTO_DRIVER_TEST)
397 status = mbedtls_test_transparent_signature_verify_hash(
398 attributes,
399 key_buffer,
400 key_buffer_size,
401 alg,
402 hash,
403 hash_length,
404 signature,
405 signature_length );
406 /* Declared with fallback == true */
407 if( status != PSA_ERROR_NOT_SUPPORTED )
408 return( status );
409#endif /* PSA_CRYPTO_DRIVER_TEST */
410#if defined (MBEDTLS_PSA_P256M_DRIVER_ENABLED)
411 if( PSA_KEY_TYPE_IS_ECC( psa_get_key_type(attributes) ) &&
412 PSA_ALG_IS_ECDSA(alg) &&
413 PSA_KEY_TYPE_ECC_GET_FAMILY(psa_get_key_type(attributes)) == PSA_ECC_FAMILY_SECP_R1 &&
414 psa_get_key_bits(attributes) == 256 )
415 {
416 status = p256_transparent_verify_hash( attributes,
417 key_buffer,
418 key_buffer_size,
419 alg,
420 hash,
421 hash_length,
422 signature,
423 signature_length );
424 if( status != PSA_ERROR_NOT_SUPPORTED )
425 return( status );
426 }
427#endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */
428#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
429
430 return( psa_verify_hash_builtin( attributes,
431 key_buffer,
432 key_buffer_size,
433 alg,
434 hash,
435 hash_length,
436 signature,
437 signature_length ) );
438
439 /* Add cases for opaque driver here */
440#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
441#if defined(PSA_CRYPTO_DRIVER_TEST)
442 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
443 return( mbedtls_test_opaque_signature_verify_hash( attributes,
444 key_buffer,
445 key_buffer_size,
446 alg,
447 hash,
448 hash_length,
449 signature,
450 signature_length ) );
451#endif /* PSA_CRYPTO_DRIVER_TEST */
452#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
453 default:
454 /* Key is declared with a lifetime not known to us */
455 (void)status;
456 return( PSA_ERROR_INVALID_ARGUMENT );
457 }
458}
459
460static inline uint32_t psa_driver_wrapper_sign_hash_get_num_ops(
461 psa_sign_hash_interruptible_operation_t *operation )
462{
463 switch( operation->id )
464 {
465 /* If uninitialised, return 0, as no work can have been done. */
466 case 0:
467 return 0;
468
469 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
470 return(mbedtls_psa_sign_hash_get_num_ops(&operation->ctx.mbedtls_ctx));
471
472#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
473#if defined(PSA_CRYPTO_DRIVER_TEST)
474 /* Add test driver tests here */
475
476#endif /* PSA_CRYPTO_DRIVER_TEST */
477#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
478 }
479
480 /* Can't happen (see discussion in #8271) */
481 return 0;
482}
483
484static inline uint32_t psa_driver_wrapper_verify_hash_get_num_ops(
485 psa_verify_hash_interruptible_operation_t *operation )
486{
487 switch( operation->id )
488 {
489 /* If uninitialised, return 0, as no work can have been done. */
490 case 0:
491 return 0;
492
493 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
494 return (mbedtls_psa_verify_hash_get_num_ops(&operation->ctx.mbedtls_ctx));
495
496#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
497#if defined(PSA_CRYPTO_DRIVER_TEST)
498 /* Add test driver tests here */
499
500#endif /* PSA_CRYPTO_DRIVER_TEST */
501#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
502
503 }
504
505 /* Can't happen (see discussion in #8271) */
506 return 0;
507}
508
509static inline psa_status_t psa_driver_wrapper_sign_hash_start(
510 psa_sign_hash_interruptible_operation_t *operation,
511 const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
512 size_t key_buffer_size, psa_algorithm_t alg,
513 const uint8_t *hash, size_t hash_length )
514{
515 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
516 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
517 psa_get_key_lifetime(attributes) );
518
519 switch( location )
520 {
521 case PSA_KEY_LOCATION_LOCAL_STORAGE:
522 /* Key is stored in the slot in export representation, so
523 * cycle through all known transparent accelerators */
524
525#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
526#if defined(PSA_CRYPTO_DRIVER_TEST)
527
528 /* Add test driver tests here */
529
530 /* Declared with fallback == true */
531
532#endif /* PSA_CRYPTO_DRIVER_TEST */
533#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
534
535 /* Fell through, meaning no accelerator supports this operation */
536 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
537 status = mbedtls_psa_sign_hash_start( &operation->ctx.mbedtls_ctx,
538 attributes,
539 key_buffer, key_buffer_size,
540 alg, hash, hash_length );
541 break;
542
543 /* Add cases for opaque driver here */
544
545 default:
546 /* Key is declared with a lifetime not known to us */
547 status = PSA_ERROR_INVALID_ARGUMENT;
548 break;
549 }
550
551 return( status );
552}
553
554static inline psa_status_t psa_driver_wrapper_sign_hash_complete(
555 psa_sign_hash_interruptible_operation_t *operation,
556 uint8_t *signature, size_t signature_size,
557 size_t *signature_length )
558{
559 switch( operation->id )
560 {
561 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
562 return( mbedtls_psa_sign_hash_complete( &operation->ctx.mbedtls_ctx,
563 signature, signature_size,
564 signature_length ) );
565
566#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
567#if defined(PSA_CRYPTO_DRIVER_TEST)
568 /* Add test driver tests here */
569
570#endif /* PSA_CRYPTO_DRIVER_TEST */
571#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
572 }
573
574 ( void ) signature;
575 ( void ) signature_size;
576 ( void ) signature_length;
577
578 return( PSA_ERROR_INVALID_ARGUMENT );
579}
580
581static inline psa_status_t psa_driver_wrapper_sign_hash_abort(
582 psa_sign_hash_interruptible_operation_t *operation )
583{
584 switch( operation->id )
585 {
586 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
587 return( mbedtls_psa_sign_hash_abort( &operation->ctx.mbedtls_ctx ) );
588
589#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
590#if defined(PSA_CRYPTO_DRIVER_TEST)
591 /* Add test driver tests here */
592
593#endif /* PSA_CRYPTO_DRIVER_TEST */
594#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
595 }
596
597 return( PSA_ERROR_INVALID_ARGUMENT );
598}
599
600static inline psa_status_t psa_driver_wrapper_verify_hash_start(
601 psa_verify_hash_interruptible_operation_t *operation,
602 const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
603 size_t key_buffer_size, psa_algorithm_t alg,
604 const uint8_t *hash, size_t hash_length,
605 const uint8_t *signature, size_t signature_length )
606{
607 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
608 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
609 psa_get_key_lifetime(attributes) );
610
611 switch( location )
612 {
613 case PSA_KEY_LOCATION_LOCAL_STORAGE:
614 /* Key is stored in the slot in export representation, so
615 * cycle through all known transparent accelerators */
616
617#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
618#if defined(PSA_CRYPTO_DRIVER_TEST)
619
620 /* Add test driver tests here */
621
622 /* Declared with fallback == true */
623
624#endif /* PSA_CRYPTO_DRIVER_TEST */
625#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
626
627 /* Fell through, meaning no accelerator supports this operation */
628 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
629 status = mbedtls_psa_verify_hash_start( &operation->ctx.mbedtls_ctx,
630 attributes,
631 key_buffer, key_buffer_size,
632 alg, hash, hash_length,
633 signature, signature_length );
634 break;
635
636 /* Add cases for opaque driver here */
637
638 default:
639 /* Key is declared with a lifetime not known to us */
640 status = PSA_ERROR_INVALID_ARGUMENT;
641 break;
642 }
643
644 return( status );
645}
646
647static inline psa_status_t psa_driver_wrapper_verify_hash_complete(
648 psa_verify_hash_interruptible_operation_t *operation )
649{
650 switch( operation->id )
651 {
652 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
653 return( mbedtls_psa_verify_hash_complete(
654 &operation->ctx.mbedtls_ctx
655 ) );
656
657#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
658#if defined(PSA_CRYPTO_DRIVER_TEST)
659 /* Add test driver tests here */
660
661#endif /* PSA_CRYPTO_DRIVER_TEST */
662#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
663 }
664
665 return( PSA_ERROR_INVALID_ARGUMENT );
666}
667
668static inline psa_status_t psa_driver_wrapper_verify_hash_abort(
669 psa_verify_hash_interruptible_operation_t *operation )
670{
671 switch( operation->id )
672 {
673 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
674 return( mbedtls_psa_verify_hash_abort( &operation->ctx.mbedtls_ctx
675 ) );
676
677#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
678#if defined(PSA_CRYPTO_DRIVER_TEST)
679 /* Add test driver tests here */
680
681#endif /* PSA_CRYPTO_DRIVER_TEST */
682#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
683 }
684
685 return( PSA_ERROR_INVALID_ARGUMENT );
686}
687
688/** Calculate the key buffer size required to store the key material of a key
689 * associated with an opaque driver from input key data.
690 *
691 * \param[in] attributes The key attributes
692 * \param[in] data The input key data.
693 * \param[in] data_length The input data length.
694 * \param[out] key_buffer_size Minimum buffer size to contain the key material.
695 *
696 * \retval #PSA_SUCCESS \emptydescription
697 * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
698 * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
699 */
700static inline psa_status_t psa_driver_wrapper_get_key_buffer_size_from_key_data(
701 const psa_key_attributes_t *attributes,
702 const uint8_t *data,
703 size_t data_length,
704 size_t *key_buffer_size )
705{
706 psa_key_location_t location =
707 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
708 psa_key_type_t key_type = psa_get_key_type(attributes);
709
710 *key_buffer_size = 0;
711 switch( location )
712 {
713#if defined(PSA_CRYPTO_DRIVER_TEST)
714 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
715 *key_buffer_size = mbedtls_test_opaque_size_function( key_type,
716 PSA_BYTES_TO_BITS( data_length ) );
717 return( ( *key_buffer_size != 0 ) ?
718 PSA_SUCCESS : PSA_ERROR_NOT_SUPPORTED );
719#endif /* PSA_CRYPTO_DRIVER_TEST */
720
721 default:
722 (void)key_type;
723 (void)data;
724 (void)data_length;
725 return( PSA_ERROR_INVALID_ARGUMENT );
726 }
727}
728
729static inline psa_status_t psa_driver_wrapper_generate_key(
730 const psa_key_attributes_t *attributes,
731 const psa_custom_key_parameters_t *custom,
732 const uint8_t *custom_data, size_t custom_data_length,
733 uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
734{
735 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
736 psa_key_location_t location =
737 PSA_KEY_LIFETIME_GET_LOCATION(psa_get_key_lifetime(attributes));
738
739#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE)
740 int is_default_production =
741 psa_custom_key_parameters_are_default(custom, custom_data_length);
742 if( location != PSA_KEY_LOCATION_LOCAL_STORAGE && !is_default_production )
743 {
744 /* We don't support passing custom production parameters
745 * to drivers yet. */
746 return PSA_ERROR_NOT_SUPPORTED;
747 }
748#else
749 int is_default_production = 1;
750 (void) is_default_production;
751#endif
752
753 /* Try dynamically-registered SE interface first */
754#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
755 const psa_drv_se_t *drv;
756 psa_drv_se_context_t *drv_context;
757
758 if( psa_get_se_driver( psa_get_key_lifetime(attributes), &drv, &drv_context ) )
759 {
760 size_t pubkey_length = 0; /* We don't support this feature yet */
761 if( drv->key_management == NULL ||
762 drv->key_management->p_generate == NULL )
763 {
764 /* Key is defined as being in SE, but we have no way to generate it */
765 return( PSA_ERROR_NOT_SUPPORTED );
766 }
767 return( drv->key_management->p_generate(
768 drv_context,
769 *( (psa_key_slot_number_t *)key_buffer ),
770 attributes, NULL, 0, &pubkey_length ) );
771 }
772#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
773
774 switch( location )
775 {
776 case PSA_KEY_LOCATION_LOCAL_STORAGE:
777#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
778 /* Transparent drivers are limited to generating asymmetric keys. */
779 /* We don't support passing custom production parameters
780 * to drivers yet. */
781 if( PSA_KEY_TYPE_IS_ASYMMETRIC( psa_get_key_type(attributes) ) &&
782 is_default_production )
783 {
784 /* Cycle through all known transparent accelerators */
785#if defined(PSA_CRYPTO_DRIVER_TEST)
786 status = mbedtls_test_transparent_generate_key(
787 attributes, key_buffer, key_buffer_size,
788 key_buffer_length );
789 /* Declared with fallback == true */
790 if( status != PSA_ERROR_NOT_SUPPORTED )
791 break;
792#endif /* PSA_CRYPTO_DRIVER_TEST */
793#if defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED)
794 if( PSA_KEY_TYPE_IS_ECC( psa_get_key_type(attributes) ) &&
795 psa_get_key_type(attributes) == PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1) &&
796 psa_get_key_bits(attributes) == 256 )
797 {
798 status = p256_transparent_generate_key( attributes,
799 key_buffer,
800 key_buffer_size,
801 key_buffer_length );
802 if( status != PSA_ERROR_NOT_SUPPORTED )
803 break;
804 }
805
806#endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */
807 }
808#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
809
810 /* Software fallback */
811 status = psa_generate_key_internal(
812 attributes, custom, custom_data, custom_data_length,
813 key_buffer, key_buffer_size, key_buffer_length );
814 break;
815
816 /* Add cases for opaque driver here */
817#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
818#if defined(PSA_CRYPTO_DRIVER_TEST)
819 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
820 status = mbedtls_test_opaque_generate_key(
821 attributes, key_buffer, key_buffer_size, key_buffer_length );
822 break;
823#endif /* PSA_CRYPTO_DRIVER_TEST */
824#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
825
826 default:
827 /* Key is declared with a lifetime not known to us */
828 status = PSA_ERROR_INVALID_ARGUMENT;
829 break;
830 }
831
832 return( status );
833}
834
835static inline psa_status_t psa_driver_wrapper_import_key(
836 const psa_key_attributes_t *attributes,
837 const uint8_t *data,
838 size_t data_length,
839 uint8_t *key_buffer,
840 size_t key_buffer_size,
841 size_t *key_buffer_length,
842 size_t *bits )
843{
844
845 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
846 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
847 psa_get_key_lifetime( attributes ) );
848
849 /* Try dynamically-registered SE interface first */
850#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
851 const psa_drv_se_t *drv;
852 psa_drv_se_context_t *drv_context;
853
854 if( psa_get_se_driver( psa_get_key_lifetime(attributes), &drv, &drv_context ) )
855 {
856 if( drv->key_management == NULL ||
857 drv->key_management->p_import == NULL )
858 return( PSA_ERROR_NOT_SUPPORTED );
859
860 /* The driver should set the number of key bits, however in
861 * case it doesn't, we initialize bits to an invalid value. */
862 *bits = PSA_MAX_KEY_BITS + 1;
863 status = drv->key_management->p_import(
864 drv_context,
865 *( (psa_key_slot_number_t *)key_buffer ),
866 attributes, data, data_length, bits );
867
868 if( status != PSA_SUCCESS )
869 return( status );
870
871 if( (*bits) > PSA_MAX_KEY_BITS )
872 return( PSA_ERROR_NOT_SUPPORTED );
873
874 return( PSA_SUCCESS );
875 }
876#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
877
878 switch( location )
879 {
880 case PSA_KEY_LOCATION_LOCAL_STORAGE:
881 /* Key is stored in the slot in export representation, so
882 * cycle through all known transparent accelerators */
883#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
884
885#if (defined(PSA_CRYPTO_DRIVER_TEST) )
886 status = mbedtls_test_transparent_import_key
887 (attributes,
888 data,
889 data_length,
890 key_buffer,
891 key_buffer_size,
892 key_buffer_length,
893 bits
894 );
895
896 if( status != PSA_ERROR_NOT_SUPPORTED )
897 return( status );
898#endif
899
900#if (defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED) )
901 status = p256_transparent_import_key
902 (attributes,
903 data,
904 data_length,
905 key_buffer,
906 key_buffer_size,
907 key_buffer_length,
908 bits
909 );
910
911 if( status != PSA_ERROR_NOT_SUPPORTED )
912 return( status );
913#endif
914
915
916#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
917
918 /* Fell through, meaning no accelerator supports this operation */
919 return( psa_import_key_into_slot( attributes,
920 data, data_length,
921 key_buffer, key_buffer_size,
922 key_buffer_length, bits ) );
923 /* Add cases for opaque driver here */
924#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
925
926#if (defined(PSA_CRYPTO_DRIVER_TEST) )
927 case 0x7fffff:
928 return( mbedtls_test_opaque_import_key
929 (attributes,
930 data,
931 data_length,
932 key_buffer,
933 key_buffer_size,
934 key_buffer_length,
935 bits
936 ));
937#endif
938
939
940#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
941 default:
942 (void)status;
943 return( PSA_ERROR_INVALID_ARGUMENT );
944 }
945
946}
947
948static inline psa_status_t psa_driver_wrapper_export_key(
949 const psa_key_attributes_t *attributes,
950 const uint8_t *key_buffer, size_t key_buffer_size,
951 uint8_t *data, size_t data_size, size_t *data_length )
952
953{
954
955 psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
956 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
957 psa_get_key_lifetime( attributes ) );
958
959 /* Try dynamically-registered SE interface first */
960#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
961 const psa_drv_se_t *drv;
962 psa_drv_se_context_t *drv_context;
963
964 if( psa_get_se_driver( psa_get_key_lifetime(attributes), &drv, &drv_context ) )
965 {
966 if( ( drv->key_management == NULL ) ||
967 ( drv->key_management->p_export == NULL ) )
968 {
969 return( PSA_ERROR_NOT_SUPPORTED );
970 }
971
972 return( drv->key_management->p_export(
973 drv_context,
974 *( (psa_key_slot_number_t *)key_buffer ),
975 data, data_size, data_length ) );
976 }
977#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
978
979 switch( location )
980 {
981 case PSA_KEY_LOCATION_LOCAL_STORAGE:
982 return( psa_export_key_internal( attributes,
983 key_buffer,
984 key_buffer_size,
985 data,
986 data_size,
987 data_length ) );
988
989 /* Add cases for opaque driver here */
990#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
991
992#if (defined(PSA_CRYPTO_DRIVER_TEST) )
993 case 0x7fffff:
994 return( mbedtls_test_opaque_export_key
995 (attributes,
996 key_buffer,
997 key_buffer_size,
998 data,
999 data_size,
1000 data_length
1001 ));
1002#endif
1003
1004
1005#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1006 default:
1007 /* Key is declared with a lifetime not known to us */
1008 return( status );
1009 }
1010
1011}
1012
1013static inline psa_status_t psa_driver_wrapper_copy_key(
1014 psa_key_attributes_t *attributes,
1015 const uint8_t *source_key, size_t source_key_length,
1016 uint8_t *target_key_buffer, size_t target_key_buffer_size,
1017 size_t *target_key_buffer_length )
1018{
1019
1020 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1021 psa_key_location_t location =
1022 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
1023
1024#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
1025 const psa_drv_se_t *drv;
1026 psa_drv_se_context_t *drv_context;
1027
1028 if( psa_get_se_driver( psa_get_key_lifetime(attributes), &drv, &drv_context ) )
1029 {
1030 /* Copying to a secure element is not implemented yet. */
1031 return( PSA_ERROR_NOT_SUPPORTED );
1032 }
1033#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
1034
1035 switch( location )
1036 {
1037#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1038
1039#if (defined(PSA_CRYPTO_DRIVER_TEST) )
1040 case 0x7fffff:
1041 return( mbedtls_test_opaque_copy_key
1042 (attributes,
1043 source_key,
1044 source_key_length,
1045 target_key_buffer,
1046 target_key_buffer_size,
1047 target_key_buffer_length
1048 ));
1049#endif
1050
1051
1052#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1053 default:
1054 (void)source_key;
1055 (void)source_key_length;
1056 (void)target_key_buffer;
1057 (void)target_key_buffer_size;
1058 (void)target_key_buffer_length;
1059 status = PSA_ERROR_INVALID_ARGUMENT;
1060 }
1061 return( status );
1062
1063}
1064
1065/*
1066 * Cipher functions
1067 */
1068static inline psa_status_t psa_driver_wrapper_cipher_encrypt(
1069 const psa_key_attributes_t *attributes,
1070 const uint8_t *key_buffer,
1071 size_t key_buffer_size,
1072 psa_algorithm_t alg,
1073 const uint8_t *iv,
1074 size_t iv_length,
1075 const uint8_t *input,
1076 size_t input_length,
1077 uint8_t *output,
1078 size_t output_size,
1079 size_t *output_length )
1080{
1081 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1082 psa_key_location_t location =
1083 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
1084
1085 switch( location )
1086 {
1087 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1088 /* Key is stored in the slot in export representation, so
1089 * cycle through all known transparent accelerators */
1090#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1091#if defined(PSA_CRYPTO_DRIVER_TEST)
1092 status = mbedtls_test_transparent_cipher_encrypt( attributes,
1093 key_buffer,
1094 key_buffer_size,
1095 alg,
1096 iv,
1097 iv_length,
1098 input,
1099 input_length,
1100 output,
1101 output_size,
1102 output_length );
1103 /* Declared with fallback == true */
1104 if( status != PSA_ERROR_NOT_SUPPORTED )
1105 return( status );
1106#endif /* PSA_CRYPTO_DRIVER_TEST */
1107#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1108
1109#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1110 return( mbedtls_psa_cipher_encrypt( attributes,
1111 key_buffer,
1112 key_buffer_size,
1113 alg,
1114 iv,
1115 iv_length,
1116 input,
1117 input_length,
1118 output,
1119 output_size,
1120 output_length ) );
1121#else
1122 return( PSA_ERROR_NOT_SUPPORTED );
1123#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1124
1125 /* Add cases for opaque driver here */
1126#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1127#if defined(PSA_CRYPTO_DRIVER_TEST)
1128 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
1129 return( mbedtls_test_opaque_cipher_encrypt( attributes,
1130 key_buffer,
1131 key_buffer_size,
1132 alg,
1133 iv,
1134 iv_length,
1135 input,
1136 input_length,
1137 output,
1138 output_size,
1139 output_length ) );
1140#endif /* PSA_CRYPTO_DRIVER_TEST */
1141#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1142
1143 default:
1144 /* Key is declared with a lifetime not known to us */
1145 (void)status;
1146 (void)key_buffer;
1147 (void)key_buffer_size;
1148 (void)alg;
1149 (void)iv;
1150 (void)iv_length;
1151 (void)input;
1152 (void)input_length;
1153 (void)output;
1154 (void)output_size;
1155 (void)output_length;
1156 return( PSA_ERROR_INVALID_ARGUMENT );
1157 }
1158}
1159
1160static inline psa_status_t psa_driver_wrapper_cipher_decrypt(
1161 const psa_key_attributes_t *attributes,
1162 const uint8_t *key_buffer,
1163 size_t key_buffer_size,
1164 psa_algorithm_t alg,
1165 const uint8_t *input,
1166 size_t input_length,
1167 uint8_t *output,
1168 size_t output_size,
1169 size_t *output_length )
1170{
1171 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1172 psa_key_location_t location =
1173 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
1174
1175 switch( location )
1176 {
1177 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1178 /* Key is stored in the slot in export representation, so
1179 * cycle through all known transparent accelerators */
1180#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1181#if defined(PSA_CRYPTO_DRIVER_TEST)
1182 status = mbedtls_test_transparent_cipher_decrypt( attributes,
1183 key_buffer,
1184 key_buffer_size,
1185 alg,
1186 input,
1187 input_length,
1188 output,
1189 output_size,
1190 output_length );
1191 /* Declared with fallback == true */
1192 if( status != PSA_ERROR_NOT_SUPPORTED )
1193 return( status );
1194#endif /* PSA_CRYPTO_DRIVER_TEST */
1195#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1196
1197#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1198 return( mbedtls_psa_cipher_decrypt( attributes,
1199 key_buffer,
1200 key_buffer_size,
1201 alg,
1202 input,
1203 input_length,
1204 output,
1205 output_size,
1206 output_length ) );
1207#else
1208 return( PSA_ERROR_NOT_SUPPORTED );
1209#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1210
1211 /* Add cases for opaque driver here */
1212#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1213#if defined(PSA_CRYPTO_DRIVER_TEST)
1214 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
1215 return( mbedtls_test_opaque_cipher_decrypt( attributes,
1216 key_buffer,
1217 key_buffer_size,
1218 alg,
1219 input,
1220 input_length,
1221 output,
1222 output_size,
1223 output_length ) );
1224#endif /* PSA_CRYPTO_DRIVER_TEST */
1225#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1226
1227 default:
1228 /* Key is declared with a lifetime not known to us */
1229 (void)status;
1230 (void)key_buffer;
1231 (void)key_buffer_size;
1232 (void)alg;
1233 (void)input;
1234 (void)input_length;
1235 (void)output;
1236 (void)output_size;
1237 (void)output_length;
1238 return( PSA_ERROR_INVALID_ARGUMENT );
1239 }
1240}
1241
1242static inline psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
1243 psa_cipher_operation_t *operation,
1244 const psa_key_attributes_t *attributes,
1245 const uint8_t *key_buffer, size_t key_buffer_size,
1246 psa_algorithm_t alg )
1247{
1248 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1249 psa_key_location_t location =
1250 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
1251
1252 switch( location )
1253 {
1254 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1255 /* Key is stored in the slot in export representation, so
1256 * cycle through all known transparent accelerators */
1257#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1258#if defined(PSA_CRYPTO_DRIVER_TEST)
1259 status = mbedtls_test_transparent_cipher_encrypt_setup(
1260 &operation->ctx.transparent_test_driver_ctx,
1261 attributes,
1262 key_buffer,
1263 key_buffer_size,
1264 alg );
1265 /* Declared with fallback == true */
1266 if( status == PSA_SUCCESS )
1267 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
1268
1269 if( status != PSA_ERROR_NOT_SUPPORTED )
1270 return( status );
1271#endif /* PSA_CRYPTO_DRIVER_TEST */
1272#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1273#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1274 /* Fell through, meaning no accelerator supports this operation */
1275 status = mbedtls_psa_cipher_encrypt_setup( &operation->ctx.mbedtls_ctx,
1276 attributes,
1277 key_buffer,
1278 key_buffer_size,
1279 alg );
1280 if( status == PSA_SUCCESS )
1281 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1282
1283 if( status != PSA_ERROR_NOT_SUPPORTED )
1284 return( status );
1285#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1286 return( PSA_ERROR_NOT_SUPPORTED );
1287
1288 /* Add cases for opaque driver here */
1289#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1290#if defined(PSA_CRYPTO_DRIVER_TEST)
1291 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
1292 status = mbedtls_test_opaque_cipher_encrypt_setup(
1293 &operation->ctx.opaque_test_driver_ctx,
1294 attributes,
1295 key_buffer, key_buffer_size,
1296 alg );
1297
1298 if( status == PSA_SUCCESS )
1299 operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID;
1300
1301 return( status );
1302#endif /* PSA_CRYPTO_DRIVER_TEST */
1303#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1304 default:
1305 /* Key is declared with a lifetime not known to us */
1306 (void)status;
1307 (void)operation;
1308 (void)key_buffer;
1309 (void)key_buffer_size;
1310 (void)alg;
1311 return( PSA_ERROR_INVALID_ARGUMENT );
1312 }
1313}
1314
1315static inline psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
1316 psa_cipher_operation_t *operation,
1317 const psa_key_attributes_t *attributes,
1318 const uint8_t *key_buffer, size_t key_buffer_size,
1319 psa_algorithm_t alg )
1320{
1321 psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
1322 psa_key_location_t location =
1323 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
1324
1325 switch( location )
1326 {
1327 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1328 /* Key is stored in the slot in export representation, so
1329 * cycle through all known transparent accelerators */
1330#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1331#if defined(PSA_CRYPTO_DRIVER_TEST)
1332 status = mbedtls_test_transparent_cipher_decrypt_setup(
1333 &operation->ctx.transparent_test_driver_ctx,
1334 attributes,
1335 key_buffer,
1336 key_buffer_size,
1337 alg );
1338 /* Declared with fallback == true */
1339 if( status == PSA_SUCCESS )
1340 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
1341
1342 if( status != PSA_ERROR_NOT_SUPPORTED )
1343 return( status );
1344#endif /* PSA_CRYPTO_DRIVER_TEST */
1345#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1346#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1347 /* Fell through, meaning no accelerator supports this operation */
1348 status = mbedtls_psa_cipher_decrypt_setup( &operation->ctx.mbedtls_ctx,
1349 attributes,
1350 key_buffer,
1351 key_buffer_size,
1352 alg );
1353 if( status == PSA_SUCCESS )
1354 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1355
1356 return( status );
1357#else /* MBEDTLS_PSA_BUILTIN_CIPHER */
1358 return( PSA_ERROR_NOT_SUPPORTED );
1359#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1360
1361 /* Add cases for opaque driver here */
1362#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1363#if defined(PSA_CRYPTO_DRIVER_TEST)
1364 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
1365 status = mbedtls_test_opaque_cipher_decrypt_setup(
1366 &operation->ctx.opaque_test_driver_ctx,
1367 attributes,
1368 key_buffer, key_buffer_size,
1369 alg );
1370
1371 if( status == PSA_SUCCESS )
1372 operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID;
1373
1374 return( status );
1375#endif /* PSA_CRYPTO_DRIVER_TEST */
1376#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1377 default:
1378 /* Key is declared with a lifetime not known to us */
1379 (void)status;
1380 (void)operation;
1381 (void)key_buffer;
1382 (void)key_buffer_size;
1383 (void)alg;
1384 return( PSA_ERROR_INVALID_ARGUMENT );
1385 }
1386}
1387
1388static inline psa_status_t psa_driver_wrapper_cipher_set_iv(
1389 psa_cipher_operation_t *operation,
1390 const uint8_t *iv,
1391 size_t iv_length )
1392{
1393 switch( operation->id )
1394 {
1395#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1396 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1397 return( mbedtls_psa_cipher_set_iv( &operation->ctx.mbedtls_ctx,
1398 iv,
1399 iv_length ) );
1400#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1401
1402#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1403#if defined(PSA_CRYPTO_DRIVER_TEST)
1404 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1405 return( mbedtls_test_transparent_cipher_set_iv(
1406 &operation->ctx.transparent_test_driver_ctx,
1407 iv, iv_length ) );
1408
1409 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
1410 return( mbedtls_test_opaque_cipher_set_iv(
1411 &operation->ctx.opaque_test_driver_ctx,
1412 iv, iv_length ) );
1413#endif /* PSA_CRYPTO_DRIVER_TEST */
1414#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1415 }
1416
1417 (void)iv;
1418 (void)iv_length;
1419
1420 return( PSA_ERROR_INVALID_ARGUMENT );
1421}
1422
1423static inline psa_status_t psa_driver_wrapper_cipher_update(
1424 psa_cipher_operation_t *operation,
1425 const uint8_t *input,
1426 size_t input_length,
1427 uint8_t *output,
1428 size_t output_size,
1429 size_t *output_length )
1430{
1431 switch( operation->id )
1432 {
1433#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1434 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1435 return( mbedtls_psa_cipher_update( &operation->ctx.mbedtls_ctx,
1436 input,
1437 input_length,
1438 output,
1439 output_size,
1440 output_length ) );
1441#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1442
1443#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1444#if defined(PSA_CRYPTO_DRIVER_TEST)
1445 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1446 return( mbedtls_test_transparent_cipher_update(
1447 &operation->ctx.transparent_test_driver_ctx,
1448 input, input_length,
1449 output, output_size, output_length ) );
1450
1451 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
1452 return( mbedtls_test_opaque_cipher_update(
1453 &operation->ctx.opaque_test_driver_ctx,
1454 input, input_length,
1455 output, output_size, output_length ) );
1456#endif /* PSA_CRYPTO_DRIVER_TEST */
1457#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1458 }
1459
1460 (void)input;
1461 (void)input_length;
1462 (void)output;
1463 (void)output_size;
1464 (void)output_length;
1465
1466 return( PSA_ERROR_INVALID_ARGUMENT );
1467}
1468
1469static inline psa_status_t psa_driver_wrapper_cipher_finish(
1470 psa_cipher_operation_t *operation,
1471 uint8_t *output,
1472 size_t output_size,
1473 size_t *output_length )
1474{
1475 switch( operation->id )
1476 {
1477#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1478 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1479 return( mbedtls_psa_cipher_finish( &operation->ctx.mbedtls_ctx,
1480 output,
1481 output_size,
1482 output_length ) );
1483#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1484
1485#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1486#if defined(PSA_CRYPTO_DRIVER_TEST)
1487 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1488 return( mbedtls_test_transparent_cipher_finish(
1489 &operation->ctx.transparent_test_driver_ctx,
1490 output, output_size, output_length ) );
1491
1492 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
1493 return( mbedtls_test_opaque_cipher_finish(
1494 &operation->ctx.opaque_test_driver_ctx,
1495 output, output_size, output_length ) );
1496#endif /* PSA_CRYPTO_DRIVER_TEST */
1497#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1498 }
1499
1500 (void)output;
1501 (void)output_size;
1502 (void)output_length;
1503
1504 return( PSA_ERROR_INVALID_ARGUMENT );
1505}
1506
1507static inline psa_status_t psa_driver_wrapper_cipher_abort(
1508 psa_cipher_operation_t *operation )
1509{
1510 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1511
1512 switch( operation->id )
1513 {
1514#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1515 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1516 return( mbedtls_psa_cipher_abort( &operation->ctx.mbedtls_ctx ) );
1517#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1518
1519#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1520#if defined(PSA_CRYPTO_DRIVER_TEST)
1521 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1522 status = mbedtls_test_transparent_cipher_abort(
1523 &operation->ctx.transparent_test_driver_ctx );
1524 mbedtls_platform_zeroize(
1525 &operation->ctx.transparent_test_driver_ctx,
1526 sizeof( operation->ctx.transparent_test_driver_ctx ) );
1527 return( status );
1528
1529 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
1530 status = mbedtls_test_opaque_cipher_abort(
1531 &operation->ctx.opaque_test_driver_ctx );
1532 mbedtls_platform_zeroize(
1533 &operation->ctx.opaque_test_driver_ctx,
1534 sizeof( operation->ctx.opaque_test_driver_ctx ) );
1535 return( status );
1536#endif /* PSA_CRYPTO_DRIVER_TEST */
1537#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1538 }
1539
1540 (void)status;
1541 return( PSA_ERROR_INVALID_ARGUMENT );
1542}
1543
1544/*
1545 * Hashing functions
1546 */
1547static inline psa_status_t psa_driver_wrapper_hash_compute(
1548 psa_algorithm_t alg,
1549 const uint8_t *input,
1550 size_t input_length,
1551 uint8_t *hash,
1552 size_t hash_size,
1553 size_t *hash_length)
1554{
1555 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1556
1557 /* Try accelerators first */
1558#if defined(PSA_CRYPTO_DRIVER_TEST)
1559 status = mbedtls_test_transparent_hash_compute(
1560 alg, input, input_length, hash, hash_size, hash_length );
1561 if( status != PSA_ERROR_NOT_SUPPORTED )
1562 return( status );
1563#endif
1564
1565 /* If software fallback is compiled in, try fallback */
1566#if defined(MBEDTLS_PSA_BUILTIN_HASH)
1567 status = mbedtls_psa_hash_compute( alg, input, input_length,
1568 hash, hash_size, hash_length );
1569 if( status != PSA_ERROR_NOT_SUPPORTED )
1570 return( status );
1571#endif
1572 (void) status;
1573 (void) alg;
1574 (void) input;
1575 (void) input_length;
1576 (void) hash;
1577 (void) hash_size;
1578 (void) hash_length;
1579
1580 return( PSA_ERROR_NOT_SUPPORTED );
1581}
1582
1583static inline psa_status_t psa_driver_wrapper_hash_setup(
1584 psa_hash_operation_t *operation,
1585 psa_algorithm_t alg )
1586{
1587 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1588
1589 /* Try setup on accelerators first */
1590#if defined(PSA_CRYPTO_DRIVER_TEST)
1591 status = mbedtls_test_transparent_hash_setup(
1592 &operation->ctx.test_driver_ctx, alg );
1593 if( status == PSA_SUCCESS )
1594 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
1595
1596 if( status != PSA_ERROR_NOT_SUPPORTED )
1597 return( status );
1598#endif
1599
1600 /* If software fallback is compiled in, try fallback */
1601#if defined(MBEDTLS_PSA_BUILTIN_HASH)
1602 status = mbedtls_psa_hash_setup( &operation->ctx.mbedtls_ctx, alg );
1603 if( status == PSA_SUCCESS )
1604 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1605
1606 if( status != PSA_ERROR_NOT_SUPPORTED )
1607 return( status );
1608#endif
1609 /* Nothing left to try if we fall through here */
1610 (void) status;
1611 (void) operation;
1612 (void) alg;
1613 return( PSA_ERROR_NOT_SUPPORTED );
1614}
1615
1616static inline psa_status_t psa_driver_wrapper_hash_clone(
1617 const psa_hash_operation_t *source_operation,
1618 psa_hash_operation_t *target_operation )
1619{
1620 switch( source_operation->id )
1621 {
1622#if defined(MBEDTLS_PSA_BUILTIN_HASH)
1623 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1624 target_operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1625 return( mbedtls_psa_hash_clone( &source_operation->ctx.mbedtls_ctx,
1626 &target_operation->ctx.mbedtls_ctx ) );
1627#endif
1628#if defined(PSA_CRYPTO_DRIVER_TEST)
1629 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1630 target_operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
1631 return( mbedtls_test_transparent_hash_clone(
1632 &source_operation->ctx.test_driver_ctx,
1633 &target_operation->ctx.test_driver_ctx ) );
1634#endif
1635 default:
1636 (void) target_operation;
1637 return( PSA_ERROR_BAD_STATE );
1638 }
1639}
1640
1641static inline psa_status_t psa_driver_wrapper_hash_update(
1642 psa_hash_operation_t *operation,
1643 const uint8_t *input,
1644 size_t input_length )
1645{
1646 switch( operation->id )
1647 {
1648#if defined(MBEDTLS_PSA_BUILTIN_HASH)
1649 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1650 return( mbedtls_psa_hash_update( &operation->ctx.mbedtls_ctx,
1651 input, input_length ) );
1652#endif
1653#if defined(PSA_CRYPTO_DRIVER_TEST)
1654 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1655 return( mbedtls_test_transparent_hash_update(
1656 &operation->ctx.test_driver_ctx,
1657 input, input_length ) );
1658#endif
1659 default:
1660 (void) input;
1661 (void) input_length;
1662 return( PSA_ERROR_BAD_STATE );
1663 }
1664}
1665
1666static inline psa_status_t psa_driver_wrapper_hash_finish(
1667 psa_hash_operation_t *operation,
1668 uint8_t *hash,
1669 size_t hash_size,
1670 size_t *hash_length )
1671{
1672 switch( operation->id )
1673 {
1674#if defined(MBEDTLS_PSA_BUILTIN_HASH)
1675 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1676 return( mbedtls_psa_hash_finish( &operation->ctx.mbedtls_ctx,
1677 hash, hash_size, hash_length ) );
1678#endif
1679#if defined(PSA_CRYPTO_DRIVER_TEST)
1680 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1681 return( mbedtls_test_transparent_hash_finish(
1682 &operation->ctx.test_driver_ctx,
1683 hash, hash_size, hash_length ) );
1684#endif
1685 default:
1686 (void) hash;
1687 (void) hash_size;
1688 (void) hash_length;
1689 return( PSA_ERROR_BAD_STATE );
1690 }
1691}
1692
1693static inline psa_status_t psa_driver_wrapper_hash_abort(
1694 psa_hash_operation_t *operation )
1695{
1696 switch( operation->id )
1697 {
1698#if defined(MBEDTLS_PSA_BUILTIN_HASH)
1699 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1700 return( mbedtls_psa_hash_abort( &operation->ctx.mbedtls_ctx ) );
1701#endif
1702#if defined(PSA_CRYPTO_DRIVER_TEST)
1703 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1704 return( mbedtls_test_transparent_hash_abort(
1705 &operation->ctx.test_driver_ctx ) );
1706#endif
1707 default:
1708 return( PSA_ERROR_BAD_STATE );
1709 }
1710}
1711
1712static inline psa_status_t psa_driver_wrapper_aead_encrypt(
1713 const psa_key_attributes_t *attributes,
1714 const uint8_t *key_buffer, size_t key_buffer_size,
1715 psa_algorithm_t alg,
1716 const uint8_t *nonce, size_t nonce_length,
1717 const uint8_t *additional_data, size_t additional_data_length,
1718 const uint8_t *plaintext, size_t plaintext_length,
1719 uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length )
1720{
1721 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1722 psa_key_location_t location =
1723 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
1724
1725 switch( location )
1726 {
1727 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1728 /* Key is stored in the slot in export representation, so
1729 * cycle through all known transparent accelerators */
1730
1731#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1732#if defined(PSA_CRYPTO_DRIVER_TEST)
1733 status = mbedtls_test_transparent_aead_encrypt(
1734 attributes, key_buffer, key_buffer_size,
1735 alg,
1736 nonce, nonce_length,
1737 additional_data, additional_data_length,
1738 plaintext, plaintext_length,
1739 ciphertext, ciphertext_size, ciphertext_length );
1740 /* Declared with fallback == true */
1741 if( status != PSA_ERROR_NOT_SUPPORTED )
1742 return( status );
1743#endif /* PSA_CRYPTO_DRIVER_TEST */
1744#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1745
1746 /* Fell through, meaning no accelerator supports this operation */
1747 return( mbedtls_psa_aead_encrypt(
1748 attributes, key_buffer, key_buffer_size,
1749 alg,
1750 nonce, nonce_length,
1751 additional_data, additional_data_length,
1752 plaintext, plaintext_length,
1753 ciphertext, ciphertext_size, ciphertext_length ) );
1754
1755 /* Add cases for opaque driver here */
1756
1757 default:
1758 /* Key is declared with a lifetime not known to us */
1759 (void)status;
1760 return( PSA_ERROR_INVALID_ARGUMENT );
1761 }
1762}
1763
1764static inline psa_status_t psa_driver_wrapper_aead_decrypt(
1765 const psa_key_attributes_t *attributes,
1766 const uint8_t *key_buffer, size_t key_buffer_size,
1767 psa_algorithm_t alg,
1768 const uint8_t *nonce, size_t nonce_length,
1769 const uint8_t *additional_data, size_t additional_data_length,
1770 const uint8_t *ciphertext, size_t ciphertext_length,
1771 uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length )
1772{
1773 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1774 psa_key_location_t location =
1775 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
1776
1777 switch( location )
1778 {
1779 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1780 /* Key is stored in the slot in export representation, so
1781 * cycle through all known transparent accelerators */
1782
1783#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1784#if defined(PSA_CRYPTO_DRIVER_TEST)
1785 status = mbedtls_test_transparent_aead_decrypt(
1786 attributes, key_buffer, key_buffer_size,
1787 alg,
1788 nonce, nonce_length,
1789 additional_data, additional_data_length,
1790 ciphertext, ciphertext_length,
1791 plaintext, plaintext_size, plaintext_length );
1792 /* Declared with fallback == true */
1793 if( status != PSA_ERROR_NOT_SUPPORTED )
1794 return( status );
1795#endif /* PSA_CRYPTO_DRIVER_TEST */
1796#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1797
1798 /* Fell through, meaning no accelerator supports this operation */
1799 return( mbedtls_psa_aead_decrypt(
1800 attributes, key_buffer, key_buffer_size,
1801 alg,
1802 nonce, nonce_length,
1803 additional_data, additional_data_length,
1804 ciphertext, ciphertext_length,
1805 plaintext, plaintext_size, plaintext_length ) );
1806
1807 /* Add cases for opaque driver here */
1808
1809 default:
1810 /* Key is declared with a lifetime not known to us */
1811 (void)status;
1812 return( PSA_ERROR_INVALID_ARGUMENT );
1813 }
1814}
1815
1816static inline psa_status_t psa_driver_wrapper_aead_encrypt_setup(
1817 psa_aead_operation_t *operation,
1818 const psa_key_attributes_t *attributes,
1819 const uint8_t *key_buffer, size_t key_buffer_size,
1820 psa_algorithm_t alg )
1821{
1822 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1823 psa_key_location_t location =
1824 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
1825
1826 switch( location )
1827 {
1828 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1829 /* Key is stored in the slot in export representation, so
1830 * cycle through all known transparent accelerators */
1831
1832#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1833#if defined(PSA_CRYPTO_DRIVER_TEST)
1834 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
1835 status = mbedtls_test_transparent_aead_encrypt_setup(
1836 &operation->ctx.transparent_test_driver_ctx,
1837 attributes, key_buffer, key_buffer_size,
1838 alg );
1839
1840 /* Declared with fallback == true */
1841 if( status != PSA_ERROR_NOT_SUPPORTED )
1842 return( status );
1843#endif /* PSA_CRYPTO_DRIVER_TEST */
1844#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1845
1846 /* Fell through, meaning no accelerator supports this operation */
1847 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1848 status = mbedtls_psa_aead_encrypt_setup(
1849 &operation->ctx.mbedtls_ctx, attributes,
1850 key_buffer, key_buffer_size,
1851 alg );
1852
1853 return( status );
1854
1855 /* Add cases for opaque driver here */
1856
1857 default:
1858 /* Key is declared with a lifetime not known to us */
1859 (void)status;
1860 return( PSA_ERROR_INVALID_ARGUMENT );
1861 }
1862}
1863
1864static inline psa_status_t psa_driver_wrapper_aead_decrypt_setup(
1865 psa_aead_operation_t *operation,
1866 const psa_key_attributes_t *attributes,
1867 const uint8_t *key_buffer, size_t key_buffer_size,
1868 psa_algorithm_t alg )
1869{
1870 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1871 psa_key_location_t location =
1872 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
1873
1874 switch( location )
1875 {
1876 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1877 /* Key is stored in the slot in export representation, so
1878 * cycle through all known transparent accelerators */
1879
1880#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1881#if defined(PSA_CRYPTO_DRIVER_TEST)
1882 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
1883 status = mbedtls_test_transparent_aead_decrypt_setup(
1884 &operation->ctx.transparent_test_driver_ctx,
1885 attributes,
1886 key_buffer, key_buffer_size,
1887 alg );
1888
1889 /* Declared with fallback == true */
1890 if( status != PSA_ERROR_NOT_SUPPORTED )
1891 return( status );
1892#endif /* PSA_CRYPTO_DRIVER_TEST */
1893#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1894
1895 /* Fell through, meaning no accelerator supports this operation */
1896 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1897 status = mbedtls_psa_aead_decrypt_setup(
1898 &operation->ctx.mbedtls_ctx,
1899 attributes,
1900 key_buffer, key_buffer_size,
1901 alg );
1902
1903 return( status );
1904
1905 /* Add cases for opaque driver here */
1906
1907 default:
1908 /* Key is declared with a lifetime not known to us */
1909 (void)status;
1910 return( PSA_ERROR_INVALID_ARGUMENT );
1911 }
1912}
1913
1914static inline psa_status_t psa_driver_wrapper_aead_set_nonce(
1915 psa_aead_operation_t *operation,
1916 const uint8_t *nonce,
1917 size_t nonce_length )
1918{
1919 switch( operation->id )
1920 {
1921#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
1922 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1923 return( mbedtls_psa_aead_set_nonce( &operation->ctx.mbedtls_ctx,
1924 nonce,
1925 nonce_length ) );
1926
1927#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
1928
1929#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1930#if defined(PSA_CRYPTO_DRIVER_TEST)
1931 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1932 return( mbedtls_test_transparent_aead_set_nonce(
1933 &operation->ctx.transparent_test_driver_ctx,
1934 nonce, nonce_length ) );
1935
1936 /* Add cases for opaque driver here */
1937
1938#endif /* PSA_CRYPTO_DRIVER_TEST */
1939#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1940 }
1941
1942 (void)nonce;
1943 (void)nonce_length;
1944
1945 return( PSA_ERROR_INVALID_ARGUMENT );
1946}
1947
1948static inline psa_status_t psa_driver_wrapper_aead_set_lengths(
1949 psa_aead_operation_t *operation,
1950 size_t ad_length,
1951 size_t plaintext_length )
1952{
1953 switch( operation->id )
1954 {
1955#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
1956 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1957 return( mbedtls_psa_aead_set_lengths( &operation->ctx.mbedtls_ctx,
1958 ad_length,
1959 plaintext_length ) );
1960
1961#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
1962
1963#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1964#if defined(PSA_CRYPTO_DRIVER_TEST)
1965 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1966 return( mbedtls_test_transparent_aead_set_lengths(
1967 &operation->ctx.transparent_test_driver_ctx,
1968 ad_length, plaintext_length ) );
1969
1970 /* Add cases for opaque driver here */
1971
1972#endif /* PSA_CRYPTO_DRIVER_TEST */
1973#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1974 }
1975
1976 (void)ad_length;
1977 (void)plaintext_length;
1978
1979 return( PSA_ERROR_INVALID_ARGUMENT );
1980}
1981
1982static inline psa_status_t psa_driver_wrapper_aead_update_ad(
1983 psa_aead_operation_t *operation,
1984 const uint8_t *input,
1985 size_t input_length )
1986{
1987 switch( operation->id )
1988 {
1989#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
1990 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1991 return( mbedtls_psa_aead_update_ad( &operation->ctx.mbedtls_ctx,
1992 input,
1993 input_length ) );
1994
1995#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
1996
1997#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1998#if defined(PSA_CRYPTO_DRIVER_TEST)
1999 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2000 return( mbedtls_test_transparent_aead_update_ad(
2001 &operation->ctx.transparent_test_driver_ctx,
2002 input, input_length ) );
2003
2004 /* Add cases for opaque driver here */
2005
2006#endif /* PSA_CRYPTO_DRIVER_TEST */
2007#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2008 }
2009
2010 (void)input;
2011 (void)input_length;
2012
2013 return( PSA_ERROR_INVALID_ARGUMENT );
2014}
2015
2016static inline psa_status_t psa_driver_wrapper_aead_update(
2017 psa_aead_operation_t *operation,
2018 const uint8_t *input,
2019 size_t input_length,
2020 uint8_t *output,
2021 size_t output_size,
2022 size_t *output_length )
2023{
2024 switch( operation->id )
2025 {
2026#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
2027 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2028 return( mbedtls_psa_aead_update( &operation->ctx.mbedtls_ctx,
2029 input, input_length,
2030 output, output_size,
2031 output_length ) );
2032
2033#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
2034
2035#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2036#if defined(PSA_CRYPTO_DRIVER_TEST)
2037 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2038 return( mbedtls_test_transparent_aead_update(
2039 &operation->ctx.transparent_test_driver_ctx,
2040 input, input_length, output, output_size,
2041 output_length ) );
2042
2043 /* Add cases for opaque driver here */
2044
2045#endif /* PSA_CRYPTO_DRIVER_TEST */
2046#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2047 }
2048
2049 (void)input;
2050 (void)input_length;
2051 (void)output;
2052 (void)output_size;
2053 (void)output_length;
2054
2055 return( PSA_ERROR_INVALID_ARGUMENT );
2056}
2057
2058static inline psa_status_t psa_driver_wrapper_aead_finish(
2059 psa_aead_operation_t *operation,
2060 uint8_t *ciphertext,
2061 size_t ciphertext_size,
2062 size_t *ciphertext_length,
2063 uint8_t *tag,
2064 size_t tag_size,
2065 size_t *tag_length )
2066{
2067 switch( operation->id )
2068 {
2069#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
2070 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2071 return( mbedtls_psa_aead_finish( &operation->ctx.mbedtls_ctx,
2072 ciphertext,
2073 ciphertext_size,
2074 ciphertext_length, tag,
2075 tag_size, tag_length ) );
2076
2077#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
2078
2079#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2080#if defined(PSA_CRYPTO_DRIVER_TEST)
2081 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2082 return( mbedtls_test_transparent_aead_finish(
2083 &operation->ctx.transparent_test_driver_ctx,
2084 ciphertext, ciphertext_size,
2085 ciphertext_length, tag, tag_size, tag_length ) );
2086
2087 /* Add cases for opaque driver here */
2088
2089#endif /* PSA_CRYPTO_DRIVER_TEST */
2090#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2091 }
2092
2093 (void)ciphertext;
2094 (void)ciphertext_size;
2095 (void)ciphertext_length;
2096 (void)tag;
2097 (void)tag_size;
2098 (void)tag_length;
2099
2100 return( PSA_ERROR_INVALID_ARGUMENT );
2101}
2102
2103static inline psa_status_t psa_driver_wrapper_aead_verify(
2104 psa_aead_operation_t *operation,
2105 uint8_t *plaintext,
2106 size_t plaintext_size,
2107 size_t *plaintext_length,
2108 const uint8_t *tag,
2109 size_t tag_length )
2110{
2111 switch( operation->id )
2112 {
2113#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
2114 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2115 {
2116 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2117 uint8_t check_tag[PSA_AEAD_TAG_MAX_SIZE];
2118 size_t check_tag_length;
2119
2120 status = mbedtls_psa_aead_finish( &operation->ctx.mbedtls_ctx,
2121 plaintext,
2122 plaintext_size,
2123 plaintext_length,
2124 check_tag,
2125 sizeof( check_tag ),
2126 &check_tag_length );
2127
2128 if( status == PSA_SUCCESS )
2129 {
2130 if( tag_length != check_tag_length ||
2131 mbedtls_ct_memcmp( tag, check_tag, tag_length )
2132 != 0 )
2133 status = PSA_ERROR_INVALID_SIGNATURE;
2134 }
2135
2136 mbedtls_platform_zeroize( check_tag, sizeof( check_tag ) );
2137
2138 return( status );
2139 }
2140
2141#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
2142
2143#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2144#if defined(PSA_CRYPTO_DRIVER_TEST)
2145 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2146 return( mbedtls_test_transparent_aead_verify(
2147 &operation->ctx.transparent_test_driver_ctx,
2148 plaintext, plaintext_size,
2149 plaintext_length, tag, tag_length ) );
2150
2151 /* Add cases for opaque driver here */
2152
2153#endif /* PSA_CRYPTO_DRIVER_TEST */
2154#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2155 }
2156
2157 (void)plaintext;
2158 (void)plaintext_size;
2159 (void)plaintext_length;
2160 (void)tag;
2161 (void)tag_length;
2162
2163 return( PSA_ERROR_INVALID_ARGUMENT );
2164}
2165
2166static inline psa_status_t psa_driver_wrapper_aead_abort(
2167 psa_aead_operation_t *operation )
2168{
2169 switch( operation->id )
2170 {
2171#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
2172 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2173 return( mbedtls_psa_aead_abort( &operation->ctx.mbedtls_ctx ) );
2174
2175#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
2176
2177#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2178#if defined(PSA_CRYPTO_DRIVER_TEST)
2179 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2180 return( mbedtls_test_transparent_aead_abort(
2181 &operation->ctx.transparent_test_driver_ctx ) );
2182
2183 /* Add cases for opaque driver here */
2184
2185#endif /* PSA_CRYPTO_DRIVER_TEST */
2186#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2187 }
2188
2189 return( PSA_ERROR_INVALID_ARGUMENT );
2190}
2191
2192/*
2193 * MAC functions
2194 */
2195static inline psa_status_t psa_driver_wrapper_mac_compute(
2196 const psa_key_attributes_t *attributes,
2197 const uint8_t *key_buffer,
2198 size_t key_buffer_size,
2199 psa_algorithm_t alg,
2200 const uint8_t *input,
2201 size_t input_length,
2202 uint8_t *mac,
2203 size_t mac_size,
2204 size_t *mac_length )
2205{
2206 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2207 psa_key_location_t location =
2208 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
2209
2210 switch( location )
2211 {
2212 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2213 /* Key is stored in the slot in export representation, so
2214 * cycle through all known transparent accelerators */
2215#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2216#if defined(PSA_CRYPTO_DRIVER_TEST)
2217 status = mbedtls_test_transparent_mac_compute(
2218 attributes, key_buffer, key_buffer_size, alg,
2219 input, input_length,
2220 mac, mac_size, mac_length );
2221 /* Declared with fallback == true */
2222 if( status != PSA_ERROR_NOT_SUPPORTED )
2223 return( status );
2224#endif /* PSA_CRYPTO_DRIVER_TEST */
2225#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2226#if defined(MBEDTLS_PSA_BUILTIN_MAC)
2227 /* Fell through, meaning no accelerator supports this operation */
2228 status = mbedtls_psa_mac_compute(
2229 attributes, key_buffer, key_buffer_size, alg,
2230 input, input_length,
2231 mac, mac_size, mac_length );
2232 if( status != PSA_ERROR_NOT_SUPPORTED )
2233 return( status );
2234#endif /* MBEDTLS_PSA_BUILTIN_MAC */
2235 return( PSA_ERROR_NOT_SUPPORTED );
2236
2237 /* Add cases for opaque driver here */
2238#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2239#if defined(PSA_CRYPTO_DRIVER_TEST)
2240 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2241 status = mbedtls_test_opaque_mac_compute(
2242 attributes, key_buffer, key_buffer_size, alg,
2243 input, input_length,
2244 mac, mac_size, mac_length );
2245 return( status );
2246#endif /* PSA_CRYPTO_DRIVER_TEST */
2247#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2248 default:
2249 /* Key is declared with a lifetime not known to us */
2250 (void) key_buffer;
2251 (void) key_buffer_size;
2252 (void) alg;
2253 (void) input;
2254 (void) input_length;
2255 (void) mac;
2256 (void) mac_size;
2257 (void) mac_length;
2258 (void) status;
2259 return( PSA_ERROR_INVALID_ARGUMENT );
2260 }
2261}
2262
2263static inline psa_status_t psa_driver_wrapper_mac_sign_setup(
2264 psa_mac_operation_t *operation,
2265 const psa_key_attributes_t *attributes,
2266 const uint8_t *key_buffer,
2267 size_t key_buffer_size,
2268 psa_algorithm_t alg )
2269{
2270 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2271 psa_key_location_t location =
2272 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
2273
2274 switch( location )
2275 {
2276 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2277 /* Key is stored in the slot in export representation, so
2278 * cycle through all known transparent accelerators */
2279#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2280#if defined(PSA_CRYPTO_DRIVER_TEST)
2281 status = mbedtls_test_transparent_mac_sign_setup(
2282 &operation->ctx.transparent_test_driver_ctx,
2283 attributes,
2284 key_buffer, key_buffer_size,
2285 alg );
2286 /* Declared with fallback == true */
2287 if( status == PSA_SUCCESS )
2288 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
2289
2290 if( status != PSA_ERROR_NOT_SUPPORTED )
2291 return( status );
2292#endif /* PSA_CRYPTO_DRIVER_TEST */
2293#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2294#if defined(MBEDTLS_PSA_BUILTIN_MAC)
2295 /* Fell through, meaning no accelerator supports this operation */
2296 status = mbedtls_psa_mac_sign_setup( &operation->ctx.mbedtls_ctx,
2297 attributes,
2298 key_buffer, key_buffer_size,
2299 alg );
2300 if( status == PSA_SUCCESS )
2301 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
2302
2303 if( status != PSA_ERROR_NOT_SUPPORTED )
2304 return( status );
2305#endif /* MBEDTLS_PSA_BUILTIN_MAC */
2306 return( PSA_ERROR_NOT_SUPPORTED );
2307
2308 /* Add cases for opaque driver here */
2309#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2310#if defined(PSA_CRYPTO_DRIVER_TEST)
2311 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2312 status = mbedtls_test_opaque_mac_sign_setup(
2313 &operation->ctx.opaque_test_driver_ctx,
2314 attributes,
2315 key_buffer, key_buffer_size,
2316 alg );
2317
2318 if( status == PSA_SUCCESS )
2319 operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID;
2320
2321 return( status );
2322#endif /* PSA_CRYPTO_DRIVER_TEST */
2323#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2324 default:
2325 /* Key is declared with a lifetime not known to us */
2326 (void) status;
2327 (void) operation;
2328 (void) key_buffer;
2329 (void) key_buffer_size;
2330 (void) alg;
2331 return( PSA_ERROR_INVALID_ARGUMENT );
2332 }
2333}
2334
2335static inline psa_status_t psa_driver_wrapper_mac_verify_setup(
2336 psa_mac_operation_t *operation,
2337 const psa_key_attributes_t *attributes,
2338 const uint8_t *key_buffer,
2339 size_t key_buffer_size,
2340 psa_algorithm_t alg )
2341{
2342 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2343 psa_key_location_t location =
2344 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
2345
2346 switch( location )
2347 {
2348 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2349 /* Key is stored in the slot in export representation, so
2350 * cycle through all known transparent accelerators */
2351#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2352#if defined(PSA_CRYPTO_DRIVER_TEST)
2353 status = mbedtls_test_transparent_mac_verify_setup(
2354 &operation->ctx.transparent_test_driver_ctx,
2355 attributes,
2356 key_buffer, key_buffer_size,
2357 alg );
2358 /* Declared with fallback == true */
2359 if( status == PSA_SUCCESS )
2360 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
2361
2362 if( status != PSA_ERROR_NOT_SUPPORTED )
2363 return( status );
2364#endif /* PSA_CRYPTO_DRIVER_TEST */
2365#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2366#if defined(MBEDTLS_PSA_BUILTIN_MAC)
2367 /* Fell through, meaning no accelerator supports this operation */
2368 status = mbedtls_psa_mac_verify_setup( &operation->ctx.mbedtls_ctx,
2369 attributes,
2370 key_buffer, key_buffer_size,
2371 alg );
2372 if( status == PSA_SUCCESS )
2373 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
2374
2375 if( status != PSA_ERROR_NOT_SUPPORTED )
2376 return( status );
2377#endif /* MBEDTLS_PSA_BUILTIN_MAC */
2378 return( PSA_ERROR_NOT_SUPPORTED );
2379
2380 /* Add cases for opaque driver here */
2381#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2382#if defined(PSA_CRYPTO_DRIVER_TEST)
2383 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2384 status = mbedtls_test_opaque_mac_verify_setup(
2385 &operation->ctx.opaque_test_driver_ctx,
2386 attributes,
2387 key_buffer, key_buffer_size,
2388 alg );
2389
2390 if( status == PSA_SUCCESS )
2391 operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID;
2392
2393 return( status );
2394#endif /* PSA_CRYPTO_DRIVER_TEST */
2395#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2396 default:
2397 /* Key is declared with a lifetime not known to us */
2398 (void) status;
2399 (void) operation;
2400 (void) key_buffer;
2401 (void) key_buffer_size;
2402 (void) alg;
2403 return( PSA_ERROR_INVALID_ARGUMENT );
2404 }
2405}
2406
2407static inline psa_status_t psa_driver_wrapper_mac_update(
2408 psa_mac_operation_t *operation,
2409 const uint8_t *input,
2410 size_t input_length )
2411{
2412 switch( operation->id )
2413 {
2414#if defined(MBEDTLS_PSA_BUILTIN_MAC)
2415 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2416 return( mbedtls_psa_mac_update( &operation->ctx.mbedtls_ctx,
2417 input, input_length ) );
2418#endif /* MBEDTLS_PSA_BUILTIN_MAC */
2419
2420#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2421#if defined(PSA_CRYPTO_DRIVER_TEST)
2422 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2423 return( mbedtls_test_transparent_mac_update(
2424 &operation->ctx.transparent_test_driver_ctx,
2425 input, input_length ) );
2426
2427 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
2428 return( mbedtls_test_opaque_mac_update(
2429 &operation->ctx.opaque_test_driver_ctx,
2430 input, input_length ) );
2431#endif /* PSA_CRYPTO_DRIVER_TEST */
2432#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2433 default:
2434 (void) input;
2435 (void) input_length;
2436 return( PSA_ERROR_INVALID_ARGUMENT );
2437 }
2438}
2439
2440static inline psa_status_t psa_driver_wrapper_mac_sign_finish(
2441 psa_mac_operation_t *operation,
2442 uint8_t *mac,
2443 size_t mac_size,
2444 size_t *mac_length )
2445{
2446 switch( operation->id )
2447 {
2448#if defined(MBEDTLS_PSA_BUILTIN_MAC)
2449 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2450 return( mbedtls_psa_mac_sign_finish( &operation->ctx.mbedtls_ctx,
2451 mac, mac_size, mac_length ) );
2452#endif /* MBEDTLS_PSA_BUILTIN_MAC */
2453
2454#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2455#if defined(PSA_CRYPTO_DRIVER_TEST)
2456 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2457 return( mbedtls_test_transparent_mac_sign_finish(
2458 &operation->ctx.transparent_test_driver_ctx,
2459 mac, mac_size, mac_length ) );
2460
2461 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
2462 return( mbedtls_test_opaque_mac_sign_finish(
2463 &operation->ctx.opaque_test_driver_ctx,
2464 mac, mac_size, mac_length ) );
2465#endif /* PSA_CRYPTO_DRIVER_TEST */
2466#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2467 default:
2468 (void) mac;
2469 (void) mac_size;
2470 (void) mac_length;
2471 return( PSA_ERROR_INVALID_ARGUMENT );
2472 }
2473}
2474
2475static inline psa_status_t psa_driver_wrapper_mac_verify_finish(
2476 psa_mac_operation_t *operation,
2477 const uint8_t *mac,
2478 size_t mac_length )
2479{
2480 switch( operation->id )
2481 {
2482#if defined(MBEDTLS_PSA_BUILTIN_MAC)
2483 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2484 return( mbedtls_psa_mac_verify_finish( &operation->ctx.mbedtls_ctx,
2485 mac, mac_length ) );
2486#endif /* MBEDTLS_PSA_BUILTIN_MAC */
2487
2488#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2489#if defined(PSA_CRYPTO_DRIVER_TEST)
2490 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2491 return( mbedtls_test_transparent_mac_verify_finish(
2492 &operation->ctx.transparent_test_driver_ctx,
2493 mac, mac_length ) );
2494
2495 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
2496 return( mbedtls_test_opaque_mac_verify_finish(
2497 &operation->ctx.opaque_test_driver_ctx,
2498 mac, mac_length ) );
2499#endif /* PSA_CRYPTO_DRIVER_TEST */
2500#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2501 default:
2502 (void) mac;
2503 (void) mac_length;
2504 return( PSA_ERROR_INVALID_ARGUMENT );
2505 }
2506}
2507
2508static inline psa_status_t psa_driver_wrapper_mac_abort(
2509 psa_mac_operation_t *operation )
2510{
2511 switch( operation->id )
2512 {
2513#if defined(MBEDTLS_PSA_BUILTIN_MAC)
2514 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2515 return( mbedtls_psa_mac_abort( &operation->ctx.mbedtls_ctx ) );
2516#endif /* MBEDTLS_PSA_BUILTIN_MAC */
2517
2518#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2519#if defined(PSA_CRYPTO_DRIVER_TEST)
2520 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2521 return( mbedtls_test_transparent_mac_abort(
2522 &operation->ctx.transparent_test_driver_ctx ) );
2523 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
2524 return( mbedtls_test_opaque_mac_abort(
2525 &operation->ctx.opaque_test_driver_ctx ) );
2526#endif /* PSA_CRYPTO_DRIVER_TEST */
2527#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2528 default:
2529 return( PSA_ERROR_INVALID_ARGUMENT );
2530 }
2531}
2532
2533/*
2534 * Asymmetric cryptography
2535 */
2536static inline psa_status_t psa_driver_wrapper_asymmetric_encrypt(
2537 const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
2538 size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input,
2539 size_t input_length, const uint8_t *salt, size_t salt_length,
2540 uint8_t *output, size_t output_size, size_t *output_length )
2541{
2542 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2543 psa_key_location_t location =
2544 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
2545
2546 switch( location )
2547 {
2548 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2549 /* Key is stored in the slot in export representation, so
2550 * cycle through all known transparent accelerators */
2551#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2552#if defined(PSA_CRYPTO_DRIVER_TEST)
2553 status = mbedtls_test_transparent_asymmetric_encrypt( attributes,
2554 key_buffer, key_buffer_size, alg, input, input_length,
2555 salt, salt_length, output, output_size,
2556 output_length );
2557 /* Declared with fallback == true */
2558 if( status != PSA_ERROR_NOT_SUPPORTED )
2559 return( status );
2560#endif /* PSA_CRYPTO_DRIVER_TEST */
2561#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2562 return( mbedtls_psa_asymmetric_encrypt( attributes,
2563 key_buffer, key_buffer_size, alg, input, input_length,
2564 salt, salt_length, output, output_size, output_length )
2565 );
2566 /* Add cases for opaque driver here */
2567#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2568#if defined(PSA_CRYPTO_DRIVER_TEST)
2569 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2570 return( mbedtls_test_opaque_asymmetric_encrypt( attributes,
2571 key_buffer, key_buffer_size, alg, input, input_length,
2572 salt, salt_length, output, output_size, output_length )
2573 );
2574#endif /* PSA_CRYPTO_DRIVER_TEST */
2575#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2576
2577 default:
2578 /* Key is declared with a lifetime not known to us */
2579 (void)status;
2580 (void)key_buffer;
2581 (void)key_buffer_size;
2582 (void)alg;
2583 (void)input;
2584 (void)input_length;
2585 (void)salt;
2586 (void)salt_length;
2587 (void)output;
2588 (void)output_size;
2589 (void)output_length;
2590 return( PSA_ERROR_INVALID_ARGUMENT );
2591 }
2592}
2593
2594static inline psa_status_t psa_driver_wrapper_asymmetric_decrypt(
2595 const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
2596 size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input,
2597 size_t input_length, const uint8_t *salt, size_t salt_length,
2598 uint8_t *output, size_t output_size, size_t *output_length )
2599{
2600 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2601 psa_key_location_t location =
2602 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
2603
2604 switch( location )
2605 {
2606 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2607 /* Key is stored in the slot in export representation, so
2608 * cycle through all known transparent accelerators */
2609#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2610#if defined(PSA_CRYPTO_DRIVER_TEST)
2611 status = mbedtls_test_transparent_asymmetric_decrypt( attributes,
2612 key_buffer, key_buffer_size, alg, input, input_length,
2613 salt, salt_length, output, output_size,
2614 output_length );
2615 /* Declared with fallback == true */
2616 if( status != PSA_ERROR_NOT_SUPPORTED )
2617 return( status );
2618#endif /* PSA_CRYPTO_DRIVER_TEST */
2619#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2620 return( mbedtls_psa_asymmetric_decrypt( attributes,
2621 key_buffer, key_buffer_size, alg,input, input_length,
2622 salt, salt_length, output, output_size,
2623 output_length ) );
2624 /* Add cases for opaque driver here */
2625#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2626#if defined(PSA_CRYPTO_DRIVER_TEST)
2627 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2628 return( mbedtls_test_opaque_asymmetric_decrypt( attributes,
2629 key_buffer, key_buffer_size, alg, input, input_length,
2630 salt, salt_length, output, output_size,
2631 output_length ) );
2632#endif /* PSA_CRYPTO_DRIVER_TEST */
2633#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2634
2635 default:
2636 /* Key is declared with a lifetime not known to us */
2637 (void)status;
2638 (void)key_buffer;
2639 (void)key_buffer_size;
2640 (void)alg;
2641 (void)input;
2642 (void)input_length;
2643 (void)salt;
2644 (void)salt_length;
2645 (void)output;
2646 (void)output_size;
2647 (void)output_length;
2648 return( PSA_ERROR_INVALID_ARGUMENT );
2649 }
2650}
2651
2652static inline psa_status_t psa_driver_wrapper_key_agreement(
2653 const psa_key_attributes_t *attributes,
2654 const uint8_t *key_buffer,
2655 size_t key_buffer_size,
2656 psa_algorithm_t alg,
2657 const uint8_t *peer_key,
2658 size_t peer_key_length,
2659 uint8_t *shared_secret,
2660 size_t shared_secret_size,
2661 size_t *shared_secret_length
2662 )
2663{
2664 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2665 psa_key_location_t location =
2666 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
2667
2668 switch( location )
2669 {
2670 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2671 /* Key is stored in the slot in export representation, so
2672 * cycle through all known transparent accelerators */
2673#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2674#if defined(PSA_CRYPTO_DRIVER_TEST)
2675 status =
2676 mbedtls_test_transparent_key_agreement( attributes,
2677 key_buffer, key_buffer_size, alg, peer_key,
2678 peer_key_length, shared_secret, shared_secret_size,
2679 shared_secret_length );
2680 if( status != PSA_ERROR_NOT_SUPPORTED )
2681 return( status );
2682#endif /* PSA_CRYPTO_DRIVER_TEST */
2683#if defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED)
2684 if( PSA_KEY_TYPE_IS_ECC( psa_get_key_type(attributes) ) &&
2685 PSA_ALG_IS_ECDH(alg) &&
2686 PSA_KEY_TYPE_ECC_GET_FAMILY(psa_get_key_type(attributes)) == PSA_ECC_FAMILY_SECP_R1 &&
2687 psa_get_key_bits(attributes) == 256 )
2688 {
2689 status = p256_transparent_key_agreement( attributes,
2690 key_buffer,
2691 key_buffer_size,
2692 alg,
2693 peer_key,
2694 peer_key_length,
2695 shared_secret,
2696 shared_secret_size,
2697 shared_secret_length );
2698 if( status != PSA_ERROR_NOT_SUPPORTED)
2699 return( status );
2700 }
2701#endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */
2702#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2703
2704 /* Software Fallback */
2705 status = psa_key_agreement_raw_builtin( attributes,
2706 key_buffer,
2707 key_buffer_size,
2708 alg,
2709 peer_key,
2710 peer_key_length,
2711 shared_secret,
2712 shared_secret_size,
2713 shared_secret_length );
2714 return( status );
2715#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2716#if defined(PSA_CRYPTO_DRIVER_TEST)
2717 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2718 return( mbedtls_test_opaque_key_agreement( attributes,
2719 key_buffer, key_buffer_size, alg, peer_key,
2720 peer_key_length, shared_secret, shared_secret_size,
2721 shared_secret_length ) );
2722#endif /* PSA_CRYPTO_DRIVER_TEST */
2723#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2724
2725 default:
2726 (void) attributes;
2727 (void) key_buffer;
2728 (void) key_buffer_size;
2729 (void) peer_key;
2730 (void) peer_key_length;
2731 (void) shared_secret;
2732 (void) shared_secret_size;
2733 (void) shared_secret_length;
2734 return( PSA_ERROR_NOT_SUPPORTED );
2735
2736 }
2737}
2738
2739static inline psa_status_t psa_driver_wrapper_pake_setup(
2740 psa_pake_operation_t *operation,
2741 const psa_crypto_driver_pake_inputs_t *inputs )
2742{
2743 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2744
2745 psa_key_location_t location =
2746 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime( &inputs->attributes ) );
2747
2748 switch( location )
2749 {
2750 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2751 /* Key is stored in the slot in export representation, so
2752 * cycle through all known transparent accelerators */
2753 status = PSA_ERROR_NOT_SUPPORTED;
2754#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2755#if defined(PSA_CRYPTO_DRIVER_TEST)
2756 status = mbedtls_test_transparent_pake_setup(
2757 &operation->data.ctx.transparent_test_driver_ctx,
2758 inputs );
2759 if( status == PSA_SUCCESS )
2760 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
2761 /* Declared with fallback == true */
2762 if( status != PSA_ERROR_NOT_SUPPORTED )
2763 return( status );
2764#endif /* PSA_CRYPTO_DRIVER_TEST */
2765#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2766#if defined(MBEDTLS_PSA_BUILTIN_PAKE)
2767 status = mbedtls_psa_pake_setup( &operation->data.ctx.mbedtls_ctx,
2768 inputs );
2769 if( status == PSA_SUCCESS )
2770 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
2771#endif
2772 return status;
2773 /* Add cases for opaque driver here */
2774 default:
2775 /* Key is declared with a lifetime not known to us */
2776 (void)operation;
2777 return( PSA_ERROR_INVALID_ARGUMENT );
2778 }
2779}
2780
2781static inline psa_status_t psa_driver_wrapper_pake_output(
2782 psa_pake_operation_t *operation,
2783 psa_crypto_driver_pake_step_t step,
2784 uint8_t *output,
2785 size_t output_size,
2786 size_t *output_length )
2787{
2788 switch( operation->id )
2789 {
2790#if defined(MBEDTLS_PSA_BUILTIN_PAKE)
2791 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2792 return( mbedtls_psa_pake_output( &operation->data.ctx.mbedtls_ctx, step,
2793 output, output_size, output_length ) );
2794#endif /* MBEDTLS_PSA_BUILTIN_PAKE */
2795
2796#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2797#if defined(PSA_CRYPTO_DRIVER_TEST)
2798 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2799 return( mbedtls_test_transparent_pake_output(
2800 &operation->data.ctx.transparent_test_driver_ctx,
2801 step, output, output_size, output_length ) );
2802#endif /* PSA_CRYPTO_DRIVER_TEST */
2803#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2804 default:
2805 (void) step;
2806 (void) output;
2807 (void) output_size;
2808 (void) output_length;
2809 return( PSA_ERROR_INVALID_ARGUMENT );
2810 }
2811}
2812
2813static inline psa_status_t psa_driver_wrapper_pake_input(
2814 psa_pake_operation_t *operation,
2815 psa_crypto_driver_pake_step_t step,
2816 const uint8_t *input,
2817 size_t input_length )
2818{
2819 switch( operation->id )
2820 {
2821#if defined(MBEDTLS_PSA_BUILTIN_PAKE)
2822 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2823 return( mbedtls_psa_pake_input( &operation->data.ctx.mbedtls_ctx,
2824 step, input,
2825 input_length ) );
2826#endif /* MBEDTLS_PSA_BUILTIN_PAKE */
2827
2828#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2829#if defined(PSA_CRYPTO_DRIVER_TEST)
2830 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2831 return( mbedtls_test_transparent_pake_input(
2832 &operation->data.ctx.transparent_test_driver_ctx,
2833 step,
2834 input, input_length ) );
2835#endif /* PSA_CRYPTO_DRIVER_TEST */
2836#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2837 default:
2838 (void) step;
2839 (void) input;
2840 (void) input_length;
2841 return( PSA_ERROR_INVALID_ARGUMENT );
2842 }
2843}
2844
2845static inline psa_status_t psa_driver_wrapper_pake_get_implicit_key(
2846 psa_pake_operation_t *operation,
2847 uint8_t *output, size_t output_size,
2848 size_t *output_length )
2849{
2850 switch( operation->id )
2851 {
2852#if defined(MBEDTLS_PSA_BUILTIN_PAKE)
2853 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2854 return( mbedtls_psa_pake_get_implicit_key( &operation->data.ctx.mbedtls_ctx,
2855 output, output_size, output_length ) );
2856#endif /* MBEDTLS_PSA_BUILTIN_PAKE */
2857
2858#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2859#if defined(PSA_CRYPTO_DRIVER_TEST)
2860 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2861 return( mbedtls_test_transparent_pake_get_implicit_key(
2862 &operation->data.ctx.transparent_test_driver_ctx,
2863 output, output_size, output_length ) );
2864#endif /* PSA_CRYPTO_DRIVER_TEST */
2865#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2866 default:
2867 (void) output;
2868 (void) output_size;
2869 (void) output_length;
2870 return( PSA_ERROR_INVALID_ARGUMENT );
2871 }
2872}
2873
2874static inline psa_status_t psa_driver_wrapper_pake_abort(
2875 psa_pake_operation_t * operation )
2876{
2877 switch( operation->id )
2878 {
2879#if defined(MBEDTLS_PSA_BUILTIN_PAKE)
2880 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2881 return( mbedtls_psa_pake_abort( &operation->data.ctx.mbedtls_ctx ) );
2882#endif /* MBEDTLS_PSA_BUILTIN_PAKE */
2883
2884#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2885#if defined(PSA_CRYPTO_DRIVER_TEST)
2886 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2887 return( mbedtls_test_transparent_pake_abort(
2888 &operation->data.ctx.transparent_test_driver_ctx ) );
2889#endif /* PSA_CRYPTO_DRIVER_TEST */
2890#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2891 default:
2892 return( PSA_ERROR_INVALID_ARGUMENT );
2893 }
2894}
2895
2896#endif /* MBEDTLS_PSA_CRYPTO_C */