TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 2a1664cb49bc5527ae2fdc75358c437f07f77908 / . / library / psa_crypto_driver_wrappers.c
blob: 0f6cfe91196e6a03ce0dc544b160dc2c02acf998 [file] [log] [blame]
Steven Cooremancd84cb42020-07-16 20:28:36 +0200[diff] [blame]1/*
2 * Functions to delegate cryptographic operations to an available
3 * and appropriate accelerator.
4 * Warning: auto-generated file.
5 */
6/* Copyright (C) 2020, ARM Limited, All Rights Reserved
7 * SPDX-License-Identifier: Apache-2.0
8 *
9 * Licensed under the Apache License, Version 2.0 (the "License"); you may
10 * not use this file except in compliance with the License.
11 * You may obtain a copy of the License at
12 *
13 * http://www.apache.org/licenses/LICENSE-2.0
14 *
15 * Unless required by applicable law or agreed to in writing, software
16 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
17 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18 * See the License for the specific language governing permissions and
19 * limitations under the License.
20 *
21 * This file is part of mbed TLS (https://tls.mbed.org)
22 */
23
24#include "psa_crypto_core.h"
25#include "psa_crypto_driver_wrappers.h"
Steven Cooreman2a1664c2020-07-20 15:33:08 +0200[diff] [blame^]26#include "mbedtls/platform.h"
27
28#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS)
Steven Cooremancd84cb42020-07-16 20:28:36 +0200[diff] [blame]29
30/* Include test driver definition when running tests */
31#if defined(MBEDTLS_TEST_HOOKS)
32#undef MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT
33#define MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT
Steven Cooreman7a250572020-07-17 16:43:05 +0200[diff] [blame]34#undef MBEDTLS_PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT
35#define MBEDTLS_PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT
Steven Cooremancd84cb42020-07-16 20:28:36 +0200[diff] [blame]36#include "drivers/test_driver.h"
Steven Cooreman2a1664c2020-07-20 15:33:08 +0200[diff] [blame^]37#endif /* MBEDTLS_TEST_HOOKS */
Steven Cooremancd84cb42020-07-16 20:28:36 +0200[diff] [blame]38
Steven Cooreman2a1664c2020-07-20 15:33:08 +0200[diff] [blame^]39/* Include driver definition file for each registered driver here */
40#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS */
41
42/* Support the 'old' SE interface when asked to */
Steven Cooreman7a250572020-07-17 16:43:05 +0200[diff] [blame]43#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
44#undef MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT
45#define MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT
46#include "psa_crypto_se.h"
47#endif
48
Steven Cooremancd84cb42020-07-16 20:28:36 +0200[diff] [blame]49/* Start delegation functions */
50psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot,
51 psa_algorithm_t alg,
52 const uint8_t *hash,
53 size_t hash_length,
54 uint8_t *signature,
55 size_t signature_size,
56 size_t *signature_length )
57{
58#if defined(MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT)
Steven Cooreman7a250572020-07-17 16:43:05 +0200[diff] [blame]59 /* Try dynamically-registered SE interface first */
60#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
61 const psa_drv_se_t *drv;
62 psa_drv_se_context_t *drv_context;
63
64 if( psa_get_se_driver( slot->attr.lifetime, &drv, &drv_context ) )
65 {
66 if( drv->asymmetric == NULL ||
67 drv->asymmetric->p_sign == NULL )
68 {
69 /* Key is defined in SE, but we have no way to exercise it */
70 return PSA_ERROR_INVALID_ARGUMENT;
71 }
72 return( drv->asymmetric->p_sign( drv_context,
73 slot->data.se.slot_number,
74 alg,
75 hash, hash_length,
76 signature, signature_size,
77 signature_length ) );
78 }
79#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
80
81 /* Then try accelerator API */
82#if defined(MBEDTLS_PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
Steven Cooremancd84cb42020-07-16 20:28:36 +0200[diff] [blame]83 psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
84 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime);
85 psa_key_attributes_t attributes = {
86 .core = slot->attr
87 };
88
89 switch( location )
90 {
91 case PSA_KEY_LOCATION_LOCAL_STORAGE:
92 /* Key is stored in the slot in export representation, so
93 * cycle through all known transparent accelerators */
94#if defined(MBEDTLS_TEST_HOOKS)
95 status = test_transparent_signature_sign_hash( &attributes,
96 slot->data.key.data,
97 slot->data.key.bytes,
98 alg,
99 hash,
100 hash_length,
101 signature,
102 signature_size,
103 signature_length );
104 /* Declared with fallback == true */
105 if( status != PSA_ERROR_NOT_SUPPORTED )
106 return status;
107#endif /* MBEDTLS_TEST_HOOKS */
108 /* Fell through, meaning no accelerator supports this operation */
109 return PSA_ERROR_NOT_SUPPORTED;
110 /* Add cases for opaque driver here */
111#if defined(MBEDTLS_TEST_HOOKS)
112 case MBEDTLS_PSA_CRYPTO_TEST_DRIVER_LIFETIME:
113 return( test_opaque_signature_sign_hash( &attributes,
114 slot->data.key.data,
115 slot->data.key.bytes,
116 alg,
117 hash,
118 hash_length,
119 signature,
120 signature_size,
121 signature_length ) );
122#endif /* MBEDTLS_TEST_HOOKS */
123 default:
124 /* Key is declared with a lifetime not known to us */
125 return status;
126 }
Steven Cooreman7a250572020-07-17 16:43:05 +0200[diff] [blame]127#else /* MBEDTLS_PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
128 return PSA_ERROR_NOT_SUPPORTED;
129#endif /* MBEDTLS_PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
Steven Cooremancd84cb42020-07-16 20:28:36 +0200[diff] [blame]130#else /* MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT */
131 (void)slot;
132 (void)alg;
133 (void)hash;
134 (void)hash_length;
135 (void)signature;
136 (void)signature_size;
137 (void)signature_length;
138
139 return PSA_ERROR_NOT_SUPPORTED;
140#endif /* MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT */
141}
142
Steven Cooreman55ae2172020-07-17 19:46:15 +0200[diff] [blame]143psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot,
144 psa_algorithm_t alg,
145 const uint8_t *hash,
146 size_t hash_length,
147 const uint8_t *signature,
148 size_t signature_length )
149{
150#if defined(MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT)
151 /* Try dynamically-registered SE interface first */
152#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
153 const psa_drv_se_t *drv;
154 psa_drv_se_context_t *drv_context;
155
156 if( psa_get_se_driver( slot->attr.lifetime, &drv, &drv_context ) )
157 {
158 if( drv->asymmetric == NULL ||
159 drv->asymmetric->p_verify == NULL )
160 {
161 /* Key is defined in SE, but we have no way to exercise it */
162 return PSA_ERROR_INVALID_ARGUMENT;
163 }
164 return( drv->asymmetric->p_verify( drv_context,
165 slot->data.se.slot_number,
166 alg,
167 hash, hash_length,
168 signature, signature_length ) );
169 }
170#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
171
172 /* Then try accelerator API */
173#if defined(MBEDTLS_PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
174 psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
175 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime);
176 psa_key_attributes_t attributes = {
177 .core = slot->attr
178 };
179
180 switch( location )
181 {
182 case PSA_KEY_LOCATION_LOCAL_STORAGE:
183 /* Key is stored in the slot in export representation, so
184 * cycle through all known transparent accelerators */
185#if defined(MBEDTLS_TEST_HOOKS)
186 status = test_transparent_signature_verify_hash( &attributes,
187 slot->data.key.data,
188 slot->data.key.bytes,
189 alg,
190 hash,
191 hash_length,
192 signature,
193 signature_length );
194 /* Declared with fallback == true */
195 if( status != PSA_ERROR_NOT_SUPPORTED )
196 return status;
197#endif /* MBEDTLS_TEST_HOOKS */
198 /* Fell through, meaning no accelerator supports this operation */
199 return PSA_ERROR_NOT_SUPPORTED;
200 /* Add cases for opaque driver here */
201#if defined(MBEDTLS_TEST_HOOKS)
202 case MBEDTLS_PSA_CRYPTO_TEST_DRIVER_LIFETIME:
203 return( test_opaque_signature_verify_hash( &attributes,
204 slot->data.key.data,
205 slot->data.key.bytes,
206 alg,
207 hash,
208 hash_length,
209 signature,
210 signature_length ) );
211#endif /* MBEDTLS_TEST_HOOKS */
212 default:
213 /* Key is declared with a lifetime not known to us */
214 return status;
215 }
216#else /* MBEDTLS_PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
217 return PSA_ERROR_NOT_SUPPORTED;
218#endif /* MBEDTLS_PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
219#else /* MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT */
220 (void)slot;
221 (void)alg;
222 (void)hash;
223 (void)hash_length;
224 (void)signature;
225 (void)signature_length;
226
227 return PSA_ERROR_NOT_SUPPORTED;
228#endif /* MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT */
229}
230
Steven Cooreman2a1664c2020-07-20 15:33:08 +0200[diff] [blame^]231#if defined(MBEDTLS_PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
232static psa_status_t get_expected_key_size( const psa_key_attributes_t *attributes,
233 size_t *expected_size )
234{
235 if( PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ) == PSA_KEY_LOCATION_LOCAL_STORAGE )
236 {
237 if( PSA_KEY_TYPE_IS_UNSTRUCTURED( attributes->core.type ) )
238 {
239 *expected_size = PSA_BITS_TO_BYTES( attributes->core.bits );
240 return PSA_SUCCESS;
241 }
242
243 if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) )
244 {
245 if( PSA_KEY_TYPE_IS_KEY_PAIR( attributes->core.type ) )
246 {
247 *expected_size = PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE( attributes->core.bits );
248 return PSA_SUCCESS;
249 }
250 else
251 {
252 *expected_size = PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE( attributes->core.bits );
253 return PSA_SUCCESS;
254 }
255 }
256
257 if( PSA_KEY_TYPE_IS_RSA( attributes->core.type ) )
258 {
259 if( PSA_KEY_TYPE_IS_KEY_PAIR( attributes->core.type ) )
260 {
261 *expected_size = PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE( attributes->core.bits );
262 return PSA_SUCCESS;
263 }
264 else
265 {
266 *expected_size = PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE( attributes->core.bits );
267 return PSA_SUCCESS;
268 }
269 }
270
271 return PSA_ERROR_NOT_SUPPORTED;
272 }
273 else
274 {
275 /* TBD: opaque driver support, need to calculate size through driver-defined size function */
276 return PSA_ERROR_NOT_SUPPORTED;
277 }
278}
279#endif /* MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT */
280
Steven Cooreman55ae2172020-07-17 19:46:15 +0200[diff] [blame]281psa_status_t psa_driver_wrapper_generate_key( const psa_key_attributes_t *attributes,
282 psa_key_slot_t *slot )
283{
Steven Cooreman2a1664c2020-07-20 15:33:08 +0200[diff] [blame^]284#if defined(MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT)
285 /* Try dynamically-registered SE interface first */
286#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
287 const psa_drv_se_t *drv;
288 psa_drv_se_context_t *drv_context;
289
290 if( psa_get_se_driver( slot->attr.lifetime, &drv, &drv_context ) )
291 {
292 size_t pubkey_length = 0; /* We don't support this feature yet */
293 if( drv->key_management == NULL ||
294 drv->key_management->p_generate == NULL )
295 {
296 /* Key is defined as being in SE, but we have no way to generate it */
297 return PSA_ERROR_NOT_SUPPORTED;
298 }
299 return( drv->key_management->p_generate(
300 drv_context,
301 slot->data.se.slot_number, attributes,
302 NULL, 0, &pubkey_length ) );
303 }
304#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
305
306 /* Then try accelerator API */
307#if defined(MBEDTLS_PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
308 psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
309 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime);
310 size_t export_size = 0;
311
312 status = get_expected_key_size( attributes, &export_size );
313 if( status != PSA_SUCCESS )
314 return status;
315
316 slot->data.key.data = mbedtls_calloc(1, export_size);
317 if( slot->data.key.data == NULL )
318 return PSA_ERROR_INSUFFICIENT_MEMORY;
319 slot->data.key.bytes = export_size;
320
321 switch( location )
322 {
323 case PSA_KEY_LOCATION_LOCAL_STORAGE:
324 /* Key is stored in the slot in export representation, so
325 * cycle through all known transparent accelerators */
326
327 /* Transparent drivers are limited to generating asymmetric keys */
328 if( ! PSA_KEY_TYPE_IS_ASYMMETRIC( slot->attr.type ) )
329 {
330 status = PSA_ERROR_NOT_SUPPORTED;
331 break;
332 }
333#if defined(MBEDTLS_TEST_HOOKS)
334 status = test_transparent_generate_key( attributes,
335 slot->data.key.data,
336 slot->data.key.bytes,
337 &slot->data.key.bytes );
338 /* Declared with fallback == true */
339 if( status != PSA_ERROR_NOT_SUPPORTED )
340 break;
341#endif /* MBEDTLS_TEST_HOOKS */
342 /* Fell through, meaning no accelerator supports this operation */
343 status = PSA_ERROR_NOT_SUPPORTED;
344 break;
345 /* Add cases for opaque driver here */
346#if defined(MBEDTLS_TEST_HOOKS)
347 case MBEDTLS_PSA_CRYPTO_TEST_DRIVER_LIFETIME:
348 status = test_opaque_generate_key( attributes,
349 slot->data.key.data,
350 slot->data.key.bytes,
351 &slot->data.key.bytes );
352 break;
353#endif /* MBEDTLS_TEST_HOOKS */
354 default:
355 /* Key is declared with a lifetime not known to us */
356 status = PSA_ERROR_INVALID_ARGUMENT;
357 break;
358 }
359
360 if( status != PSA_SUCCESS )
361 {
362 /* free allocated buffer */
363 mbedtls_free( slot->data.key.data );
364 slot->data.key.data = NULL;
365 slot->data.key.bytes = 0;
366 }
367
368 return( status );
369#else /* MBEDTLS_PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
370 return PSA_ERROR_NOT_SUPPORTED;
371#endif /* MBEDTLS_PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
372#else /* MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT */
Steven Cooreman55ae2172020-07-17 19:46:15 +0200[diff] [blame]373 (void) attributes;
374 (void) slot;
375
376 return PSA_ERROR_NOT_SUPPORTED;
Steven Cooreman2a1664c2020-07-20 15:33:08 +0200[diff] [blame^]377#endif /* MBEDTLS_PSA_CRYPTO_DRIVER_PRESENT */
Steven Cooreman55ae2172020-07-17 19:46:15 +0200[diff] [blame]378}
379
Steven Cooremancd84cb42020-07-16 20:28:36 +0200[diff] [blame]380/* End of automatically generated file. */