TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / c2a938711085813eae11d99550b280c416a8242e / . / library / psa_crypto_driver_wrappers.c
blob: a5ae6a29e465acb4c75a3b224f0172cee85cc692 [file] [log] [blame]
Dave Rodgmanc2a93872022-07-12 10:04:43 +0100[diff] [blame^]1/*
2 * Functions to delegate cryptographic operations to an available
3 * and appropriate accelerator.
4 * Warning: This file will be auto-generated in the future.
5 */
6/* Copyright The Mbed TLS Contributors
7 * SPDX-License-Identifier: Apache-2.0
8 *
9 * Licensed under the Apache License, Version 2.0 (the "License"); you may
10 * not use this file except in compliance with the License.
11 * You may obtain a copy of the License at
12 *
13 * http://www.apache.org/licenses/LICENSE-2.0
14 *
15 * Unless required by applicable law or agreed to in writing, software
16 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
17 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18 * See the License for the specific language governing permissions and
19 * limitations under the License.
20 */
21
22#include "common.h"
23#include "psa_crypto_aead.h"
24#include "psa_crypto_cipher.h"
25#include "psa_crypto_core.h"
26#include "psa_crypto_driver_wrappers.h"
27#include "psa_crypto_hash.h"
28#include "psa_crypto_mac.h"
29#include "psa_crypto_rsa.h"
30
31#include "mbedtls/platform.h"
32
33#if defined(MBEDTLS_PSA_CRYPTO_C)
34
35#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS)
36
37/* Include test driver definition when running tests */
38#if defined(PSA_CRYPTO_DRIVER_TEST)
39#ifndef PSA_CRYPTO_DRIVER_PRESENT
40#define PSA_CRYPTO_DRIVER_PRESENT
41#endif
42#ifndef PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT
43#define PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT
44#endif
45#include "test/drivers/test_driver.h"
46#endif /* PSA_CRYPTO_DRIVER_TEST */
47
48/* Repeat above block for each JSON-declared driver during autogeneration */
49#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS */
50
51/* Auto-generated values depending on which drivers are registered.
52 * ID 0 is reserved for unallocated operations.
53 * ID 1 is reserved for the Mbed TLS software driver. */
54#define PSA_CRYPTO_MBED_TLS_DRIVER_ID (1)
55
56#if defined(PSA_CRYPTO_DRIVER_TEST)
57#define PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID (2)
58#define PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID (3)
59#endif /* PSA_CRYPTO_DRIVER_TEST */
60
61/* Support the 'old' SE interface when asked to */
62#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
63/* PSA_CRYPTO_DRIVER_PRESENT is defined when either a new-style or old-style
64 * SE driver is present, to avoid unused argument errors at compile time. */
65#ifndef PSA_CRYPTO_DRIVER_PRESENT
66#define PSA_CRYPTO_DRIVER_PRESENT
67#endif
68#include "psa_crypto_se.h"
69#endif
70
71psa_status_t psa_driver_wrapper_init( void )
72{
73 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
74
75#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
76 status = psa_init_all_se_drivers( );
77 if( status != PSA_SUCCESS )
78 return( status );
79#endif
80
81#if defined(PSA_CRYPTO_DRIVER_TEST)
82 status = mbedtls_test_transparent_init( );
83 if( status != PSA_SUCCESS )
84 return( status );
85
86 status = mbedtls_test_opaque_init( );
87 if( status != PSA_SUCCESS )
88 return( status );
89#endif
90
91 (void) status;
92 return( PSA_SUCCESS );
93}
94
95void psa_driver_wrapper_free( void )
96{
97#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
98 /* Unregister all secure element drivers, so that we restart from
99 * a pristine state. */
100 psa_unregister_all_se_drivers( );
101#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
102
103#if defined(PSA_CRYPTO_DRIVER_TEST)
104 mbedtls_test_transparent_free( );
105 mbedtls_test_opaque_free( );
106#endif
107}
108
109/* Start delegation functions */
110psa_status_t psa_driver_wrapper_sign_message(
111 const psa_key_attributes_t *attributes,
112 const uint8_t *key_buffer,
113 size_t key_buffer_size,
114 psa_algorithm_t alg,
115 const uint8_t *input,
116 size_t input_length,
117 uint8_t *signature,
118 size_t signature_size,
119 size_t *signature_length )
120{
121 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
122 psa_key_location_t location =
123 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
124
125 switch( location )
126 {
127 case PSA_KEY_LOCATION_LOCAL_STORAGE:
128 /* Key is stored in the slot in export representation, so
129 * cycle through all known transparent accelerators */
130#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
131#if defined(PSA_CRYPTO_DRIVER_TEST)
132 status = mbedtls_test_transparent_signature_sign_message(
133 attributes,
134 key_buffer,
135 key_buffer_size,
136 alg,
137 input,
138 input_length,
139 signature,
140 signature_size,
141 signature_length );
142 /* Declared with fallback == true */
143 if( status != PSA_ERROR_NOT_SUPPORTED )
144 return( status );
145#endif /* PSA_CRYPTO_DRIVER_TEST */
146#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
147 break;
148
149 /* Add cases for opaque driver here */
150#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
151#if defined(PSA_CRYPTO_DRIVER_TEST)
152 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
153 status = mbedtls_test_opaque_signature_sign_message(
154 attributes,
155 key_buffer,
156 key_buffer_size,
157 alg,
158 input,
159 input_length,
160 signature,
161 signature_size,
162 signature_length );
163 if( status != PSA_ERROR_NOT_SUPPORTED )
164 return( status );
165 break;
166#endif /* PSA_CRYPTO_DRIVER_TEST */
167#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
168 default:
169 /* Key is declared with a lifetime not known to us */
170 (void)status;
171 break;
172 }
173
174 return( psa_sign_message_builtin( attributes,
175 key_buffer,
176 key_buffer_size,
177 alg,
178 input,
179 input_length,
180 signature,
181 signature_size,
182 signature_length ) );
183}
184
185psa_status_t psa_driver_wrapper_verify_message(
186 const psa_key_attributes_t *attributes,
187 const uint8_t *key_buffer,
188 size_t key_buffer_size,
189 psa_algorithm_t alg,
190 const uint8_t *input,
191 size_t input_length,
192 const uint8_t *signature,
193 size_t signature_length )
194{
195 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
196 psa_key_location_t location =
197 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
198
199 switch( location )
200 {
201 case PSA_KEY_LOCATION_LOCAL_STORAGE:
202 /* Key is stored in the slot in export representation, so
203 * cycle through all known transparent accelerators */
204#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
205#if defined(PSA_CRYPTO_DRIVER_TEST)
206 status = mbedtls_test_transparent_signature_verify_message(
207 attributes,
208 key_buffer,
209 key_buffer_size,
210 alg,
211 input,
212 input_length,
213 signature,
214 signature_length );
215 /* Declared with fallback == true */
216 if( status != PSA_ERROR_NOT_SUPPORTED )
217 return( status );
218#endif /* PSA_CRYPTO_DRIVER_TEST */
219#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
220 break;
221
222 /* Add cases for opaque driver here */
223#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
224#if defined(PSA_CRYPTO_DRIVER_TEST)
225 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
226 return( mbedtls_test_opaque_signature_verify_message(
227 attributes,
228 key_buffer,
229 key_buffer_size,
230 alg,
231 input,
232 input_length,
233 signature,
234 signature_length ) );
235 if( status != PSA_ERROR_NOT_SUPPORTED )
236 return( status );
237 break;
238#endif /* PSA_CRYPTO_DRIVER_TEST */
239#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
240 default:
241 /* Key is declared with a lifetime not known to us */
242 (void)status;
243 break;
244 }
245
246 return( psa_verify_message_builtin( attributes,
247 key_buffer,
248 key_buffer_size,
249 alg,
250 input,
251 input_length,
252 signature,
253 signature_length ) );
254}
255
256psa_status_t psa_driver_wrapper_sign_hash(
257 const psa_key_attributes_t *attributes,
258 const uint8_t *key_buffer, size_t key_buffer_size,
259 psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
260 uint8_t *signature, size_t signature_size, size_t *signature_length )
261{
262 /* Try dynamically-registered SE interface first */
263#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
264 const psa_drv_se_t *drv;
265 psa_drv_se_context_t *drv_context;
266
267 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
268 {
269 if( drv->asymmetric == NULL ||
270 drv->asymmetric->p_sign == NULL )
271 {
272 /* Key is defined in SE, but we have no way to exercise it */
273 return( PSA_ERROR_NOT_SUPPORTED );
274 }
275 return( drv->asymmetric->p_sign(
276 drv_context, *( (psa_key_slot_number_t *)key_buffer ),
277 alg, hash, hash_length,
278 signature, signature_size, signature_length ) );
279 }
280#endif /* PSA_CRYPTO_SE_C */
281
282 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
283 psa_key_location_t location =
284 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
285
286 switch( location )
287 {
288 case PSA_KEY_LOCATION_LOCAL_STORAGE:
289 /* Key is stored in the slot in export representation, so
290 * cycle through all known transparent accelerators */
291#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
292#if defined(PSA_CRYPTO_DRIVER_TEST)
293 status = mbedtls_test_transparent_signature_sign_hash( attributes,
294 key_buffer,
295 key_buffer_size,
296 alg,
297 hash,
298 hash_length,
299 signature,
300 signature_size,
301 signature_length );
302 /* Declared with fallback == true */
303 if( status != PSA_ERROR_NOT_SUPPORTED )
304 return( status );
305#endif /* PSA_CRYPTO_DRIVER_TEST */
306#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
307 /* Fell through, meaning no accelerator supports this operation */
308 return( psa_sign_hash_builtin( attributes,
309 key_buffer,
310 key_buffer_size,
311 alg,
312 hash,
313 hash_length,
314 signature,
315 signature_size,
316 signature_length ) );
317
318 /* Add cases for opaque driver here */
319#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
320#if defined(PSA_CRYPTO_DRIVER_TEST)
321 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
322 return( mbedtls_test_opaque_signature_sign_hash( attributes,
323 key_buffer,
324 key_buffer_size,
325 alg,
326 hash,
327 hash_length,
328 signature,
329 signature_size,
330 signature_length ) );
331#endif /* PSA_CRYPTO_DRIVER_TEST */
332#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
333 default:
334 /* Key is declared with a lifetime not known to us */
335 (void)status;
336 return( PSA_ERROR_INVALID_ARGUMENT );
337 }
338}
339
340psa_status_t psa_driver_wrapper_verify_hash(
341 const psa_key_attributes_t *attributes,
342 const uint8_t *key_buffer, size_t key_buffer_size,
343 psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
344 const uint8_t *signature, size_t signature_length )
345{
346 /* Try dynamically-registered SE interface first */
347#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
348 const psa_drv_se_t *drv;
349 psa_drv_se_context_t *drv_context;
350
351 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
352 {
353 if( drv->asymmetric == NULL ||
354 drv->asymmetric->p_verify == NULL )
355 {
356 /* Key is defined in SE, but we have no way to exercise it */
357 return( PSA_ERROR_NOT_SUPPORTED );
358 }
359 return( drv->asymmetric->p_verify(
360 drv_context, *( (psa_key_slot_number_t *)key_buffer ),
361 alg, hash, hash_length,
362 signature, signature_length ) );
363 }
364#endif /* PSA_CRYPTO_SE_C */
365
366 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
367 psa_key_location_t location =
368 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
369
370 switch( location )
371 {
372 case PSA_KEY_LOCATION_LOCAL_STORAGE:
373 /* Key is stored in the slot in export representation, so
374 * cycle through all known transparent accelerators */
375#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
376#if defined(PSA_CRYPTO_DRIVER_TEST)
377 status = mbedtls_test_transparent_signature_verify_hash(
378 attributes,
379 key_buffer,
380 key_buffer_size,
381 alg,
382 hash,
383 hash_length,
384 signature,
385 signature_length );
386 /* Declared with fallback == true */
387 if( status != PSA_ERROR_NOT_SUPPORTED )
388 return( status );
389#endif /* PSA_CRYPTO_DRIVER_TEST */
390#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
391
392 return( psa_verify_hash_builtin( attributes,
393 key_buffer,
394 key_buffer_size,
395 alg,
396 hash,
397 hash_length,
398 signature,
399 signature_length ) );
400
401 /* Add cases for opaque driver here */
402#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
403#if defined(PSA_CRYPTO_DRIVER_TEST)
404 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
405 return( mbedtls_test_opaque_signature_verify_hash( attributes,
406 key_buffer,
407 key_buffer_size,
408 alg,
409 hash,
410 hash_length,
411 signature,
412 signature_length ) );
413#endif /* PSA_CRYPTO_DRIVER_TEST */
414#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
415 default:
416 /* Key is declared with a lifetime not known to us */
417 (void)status;
418 return( PSA_ERROR_INVALID_ARGUMENT );
419 }
420}
421
422/** Calculate the key buffer size required to store the key material of a key
423 * associated with an opaque driver from input key data.
424 *
425 * \param[in] attributes The key attributes
426 * \param[in] data The input key data.
427 * \param[in] data_length The input data length.
428 * \param[out] key_buffer_size Minimum buffer size to contain the key material.
429 *
430 * \retval #PSA_SUCCESS
431 * \retval #PSA_ERROR_INVALID_ARGUMENT
432 * \retval #PSA_ERROR_NOT_SUPPORTED
433 */
434psa_status_t psa_driver_wrapper_get_key_buffer_size_from_key_data(
435 const psa_key_attributes_t *attributes,
436 const uint8_t *data,
437 size_t data_length,
438 size_t *key_buffer_size )
439{
440 psa_key_location_t location =
441 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
442 psa_key_type_t key_type = attributes->core.type;
443
444 *key_buffer_size = 0;
445 switch( location )
446 {
447#if defined(PSA_CRYPTO_DRIVER_TEST)
448 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
449 *key_buffer_size = mbedtls_test_opaque_size_function( key_type,
450 PSA_BYTES_TO_BITS( data_length ) );
451 return( ( *key_buffer_size != 0 ) ?
452 PSA_SUCCESS : PSA_ERROR_NOT_SUPPORTED );
453#endif /* PSA_CRYPTO_DRIVER_TEST */
454
455 default:
456 (void)key_type;
457 (void)data;
458 (void)data_length;
459 return( PSA_ERROR_INVALID_ARGUMENT );
460 }
461}
462
463/** Get the key buffer size required to store the key material of a key
464 * associated with an opaque driver.
465 *
466 * \param[in] attributes The key attributes.
467 * \param[out] key_buffer_size Minimum buffer size to contain the key material
468 *
469 * \retval #PSA_SUCCESS
470 * The minimum size for a buffer to contain the key material has been
471 * returned successfully.
472 * \retval #PSA_ERROR_NOT_SUPPORTED
473 * The type and/or the size in bits of the key or the combination of
474 * the two is not supported.
475 * \retval #PSA_ERROR_INVALID_ARGUMENT
476 * The key is declared with a lifetime not known to us.
477 */
478psa_status_t psa_driver_wrapper_get_key_buffer_size(
479 const psa_key_attributes_t *attributes,
480 size_t *key_buffer_size )
481{
482 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
483 psa_key_type_t key_type = attributes->core.type;
484 size_t key_bits = attributes->core.bits;
485
486 *key_buffer_size = 0;
487 switch( location )
488 {
489#if defined(PSA_CRYPTO_DRIVER_TEST)
490 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
491#if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
492 /* Emulate property 'builtin_key_size' */
493 if( psa_key_id_is_builtin(
494 MBEDTLS_SVC_KEY_ID_GET_KEY_ID(
495 psa_get_key_id( attributes ) ) ) )
496 {
497 *key_buffer_size = sizeof( psa_drv_slot_number_t );
498 return( PSA_SUCCESS );
499 }
500#endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
501 *key_buffer_size = mbedtls_test_opaque_size_function( key_type,
502 key_bits );
503 return( ( *key_buffer_size != 0 ) ?
504 PSA_SUCCESS : PSA_ERROR_NOT_SUPPORTED );
505#endif /* PSA_CRYPTO_DRIVER_TEST */
506
507 default:
508 (void)key_type;
509 (void)key_bits;
510 return( PSA_ERROR_INVALID_ARGUMENT );
511 }
512}
513
514psa_status_t psa_driver_wrapper_generate_key(
515 const psa_key_attributes_t *attributes,
516 uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
517{
518 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
519 psa_key_location_t location =
520 PSA_KEY_LIFETIME_GET_LOCATION(attributes->core.lifetime);
521
522 /* Try dynamically-registered SE interface first */
523#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
524 const psa_drv_se_t *drv;
525 psa_drv_se_context_t *drv_context;
526
527 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
528 {
529 size_t pubkey_length = 0; /* We don't support this feature yet */
530 if( drv->key_management == NULL ||
531 drv->key_management->p_generate == NULL )
532 {
533 /* Key is defined as being in SE, but we have no way to generate it */
534 return( PSA_ERROR_NOT_SUPPORTED );
535 }
536 return( drv->key_management->p_generate(
537 drv_context,
538 *( (psa_key_slot_number_t *)key_buffer ),
539 attributes, NULL, 0, &pubkey_length ) );
540 }
541#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
542
543 switch( location )
544 {
545 case PSA_KEY_LOCATION_LOCAL_STORAGE:
546#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
547 /* Transparent drivers are limited to generating asymmetric keys */
548 if( PSA_KEY_TYPE_IS_ASYMMETRIC( attributes->core.type ) )
549 {
550 /* Cycle through all known transparent accelerators */
551#if defined(PSA_CRYPTO_DRIVER_TEST)
552 status = mbedtls_test_transparent_generate_key(
553 attributes, key_buffer, key_buffer_size,
554 key_buffer_length );
555 /* Declared with fallback == true */
556 if( status != PSA_ERROR_NOT_SUPPORTED )
557 break;
558#endif /* PSA_CRYPTO_DRIVER_TEST */
559 }
560#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
561
562 /* Software fallback */
563 status = psa_generate_key_internal(
564 attributes, key_buffer, key_buffer_size, key_buffer_length );
565 break;
566
567 /* Add cases for opaque driver here */
568#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
569#if defined(PSA_CRYPTO_DRIVER_TEST)
570 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
571 status = mbedtls_test_opaque_generate_key(
572 attributes, key_buffer, key_buffer_size, key_buffer_length );
573 break;
574#endif /* PSA_CRYPTO_DRIVER_TEST */
575#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
576
577 default:
578 /* Key is declared with a lifetime not known to us */
579 status = PSA_ERROR_INVALID_ARGUMENT;
580 break;
581 }
582
583 return( status );
584}
585
586psa_status_t psa_driver_wrapper_import_key(
587 const psa_key_attributes_t *attributes,
588 const uint8_t *data,
589 size_t data_length,
590 uint8_t *key_buffer,
591 size_t key_buffer_size,
592 size_t *key_buffer_length,
593 size_t *bits )
594{
595 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
596 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
597 psa_get_key_lifetime( attributes ) );
598
599 /* Try dynamically-registered SE interface first */
600#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
601 const psa_drv_se_t *drv;
602 psa_drv_se_context_t *drv_context;
603
604 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
605 {
606 if( drv->key_management == NULL ||
607 drv->key_management->p_import == NULL )
608 return( PSA_ERROR_NOT_SUPPORTED );
609
610 /* The driver should set the number of key bits, however in
611 * case it doesn't, we initialize bits to an invalid value. */
612 *bits = PSA_MAX_KEY_BITS + 1;
613 status = drv->key_management->p_import(
614 drv_context,
615 *( (psa_key_slot_number_t *)key_buffer ),
616 attributes, data, data_length, bits );
617
618 if( status != PSA_SUCCESS )
619 return( status );
620
621 if( (*bits) > PSA_MAX_KEY_BITS )
622 return( PSA_ERROR_NOT_SUPPORTED );
623
624 return( PSA_SUCCESS );
625 }
626#endif /* PSA_CRYPTO_SE_C */
627
628 switch( location )
629 {
630 case PSA_KEY_LOCATION_LOCAL_STORAGE:
631 /* Key is stored in the slot in export representation, so
632 * cycle through all known transparent accelerators */
633#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
634#if defined(PSA_CRYPTO_DRIVER_TEST)
635 status = mbedtls_test_transparent_import_key(
636 attributes,
637 data, data_length,
638 key_buffer, key_buffer_size,
639 key_buffer_length, bits );
640 /* Declared with fallback == true */
641 if( status != PSA_ERROR_NOT_SUPPORTED )
642 return( status );
643#endif /* PSA_CRYPTO_DRIVER_TEST */
644#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
645 /* Fell through, meaning no accelerator supports this operation */
646 return( psa_import_key_into_slot( attributes,
647 data, data_length,
648 key_buffer, key_buffer_size,
649 key_buffer_length, bits ) );
650 /* Add cases for opaque driver here */
651#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
652#if defined(PSA_CRYPTO_DRIVER_TEST)
653 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
654 return( mbedtls_test_opaque_import_key(
655 attributes,
656 data, data_length,
657 key_buffer, key_buffer_size,
658 key_buffer_length, bits ) );
659#endif /* PSA_CRYPTO_DRIVER_TEST */
660#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
661 default:
662 (void)status;
663 return( PSA_ERROR_INVALID_ARGUMENT );
664 }
665
666}
667
668psa_status_t psa_driver_wrapper_export_key(
669 const psa_key_attributes_t *attributes,
670 const uint8_t *key_buffer, size_t key_buffer_size,
671 uint8_t *data, size_t data_size, size_t *data_length )
672
673{
674 psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
675 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
676 psa_get_key_lifetime( attributes ) );
677
678 /* Try dynamically-registered SE interface first */
679#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
680 const psa_drv_se_t *drv;
681 psa_drv_se_context_t *drv_context;
682
683 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
684 {
685 if( ( drv->key_management == NULL ) ||
686 ( drv->key_management->p_export == NULL ) )
687 {
688 return( PSA_ERROR_NOT_SUPPORTED );
689 }
690
691 return( drv->key_management->p_export(
692 drv_context,
693 *( (psa_key_slot_number_t *)key_buffer ),
694 data, data_size, data_length ) );
695 }
696#endif /* PSA_CRYPTO_SE_C */
697
698 switch( location )
699 {
700 case PSA_KEY_LOCATION_LOCAL_STORAGE:
701 return( psa_export_key_internal( attributes,
702 key_buffer,
703 key_buffer_size,
704 data,
705 data_size,
706 data_length ) );
707
708 /* Add cases for opaque driver here */
709#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
710#if defined(PSA_CRYPTO_DRIVER_TEST)
711 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
712 return( mbedtls_test_opaque_export_key( attributes,
713 key_buffer,
714 key_buffer_size,
715 data,
716 data_size,
717 data_length ) );
718#endif /* PSA_CRYPTO_DRIVER_TEST */
719#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
720 default:
721 /* Key is declared with a lifetime not known to us */
722 return( status );
723 }
724}
725
726psa_status_t psa_driver_wrapper_export_public_key(
727 const psa_key_attributes_t *attributes,
728 const uint8_t *key_buffer, size_t key_buffer_size,
729 uint8_t *data, size_t data_size, size_t *data_length )
730
731{
732 psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
733 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
734 psa_get_key_lifetime( attributes ) );
735
736 /* Try dynamically-registered SE interface first */
737#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
738 const psa_drv_se_t *drv;
739 psa_drv_se_context_t *drv_context;
740
741 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
742 {
743 if( ( drv->key_management == NULL ) ||
744 ( drv->key_management->p_export_public == NULL ) )
745 {
746 return( PSA_ERROR_NOT_SUPPORTED );
747 }
748
749 return( drv->key_management->p_export_public(
750 drv_context,
751 *( (psa_key_slot_number_t *)key_buffer ),
752 data, data_size, data_length ) );
753 }
754#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
755
756 switch( location )
757 {
758 case PSA_KEY_LOCATION_LOCAL_STORAGE:
759 /* Key is stored in the slot in export representation, so
760 * cycle through all known transparent accelerators */
761#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
762#if defined(PSA_CRYPTO_DRIVER_TEST)
763 status = mbedtls_test_transparent_export_public_key(
764 attributes,
765 key_buffer,
766 key_buffer_size,
767 data,
768 data_size,
769 data_length );
770 /* Declared with fallback == true */
771 if( status != PSA_ERROR_NOT_SUPPORTED )
772 return( status );
773#endif /* PSA_CRYPTO_DRIVER_TEST */
774#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
775 /* Fell through, meaning no accelerator supports this operation */
776 return( psa_export_public_key_internal( attributes,
777 key_buffer,
778 key_buffer_size,
779 data,
780 data_size,
781 data_length ) );
782
783 /* Add cases for opaque driver here */
784#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
785#if defined(PSA_CRYPTO_DRIVER_TEST)
786 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
787 return( mbedtls_test_opaque_export_public_key( attributes,
788 key_buffer,
789 key_buffer_size,
790 data,
791 data_size,
792 data_length ) );
793#endif /* PSA_CRYPTO_DRIVER_TEST */
794#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
795 default:
796 /* Key is declared with a lifetime not known to us */
797 return( status );
798 }
799}
800
801psa_status_t psa_driver_wrapper_get_builtin_key(
802 psa_drv_slot_number_t slot_number,
803 psa_key_attributes_t *attributes,
804 uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
805{
806 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
807 switch( location )
808 {
809#if defined(PSA_CRYPTO_DRIVER_TEST)
810 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
811 return( mbedtls_test_opaque_get_builtin_key(
812 slot_number,
813 attributes,
814 key_buffer, key_buffer_size, key_buffer_length ) );
815#endif /* PSA_CRYPTO_DRIVER_TEST */
816 default:
817 (void) slot_number;
818 (void) key_buffer;
819 (void) key_buffer_size;
820 (void) key_buffer_length;
821 return( PSA_ERROR_DOES_NOT_EXIST );
822 }
823}
824
825psa_status_t psa_driver_wrapper_copy_key(
826 psa_key_attributes_t *attributes,
827 const uint8_t *source_key, size_t source_key_length,
828 uint8_t *target_key_buffer, size_t target_key_buffer_size,
829 size_t *target_key_buffer_length )
830{
831 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
832 psa_key_location_t location =
833 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
834
835#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
836 const psa_drv_se_t *drv;
837 psa_drv_se_context_t *drv_context;
838
839 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
840 {
841 /* Copying to a secure element is not implemented yet. */
842 return( PSA_ERROR_NOT_SUPPORTED );
843 }
844#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
845
846 switch( location )
847 {
848#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
849#if defined(PSA_CRYPTO_DRIVER_TEST)
850 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
851 return( mbedtls_test_opaque_copy_key( attributes, source_key,
852 source_key_length,
853 target_key_buffer,
854 target_key_buffer_size,
855 target_key_buffer_length) );
856#endif /* PSA_CRYPTO_DRIVER_TEST */
857#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
858 default:
859 (void)source_key;
860 (void)source_key_length;
861 (void)target_key_buffer;
862 (void)target_key_buffer_size;
863 (void)target_key_buffer_length;
864 status = PSA_ERROR_INVALID_ARGUMENT;
865 }
866 return( status );
867}
868
869/*
870 * Cipher functions
871 */
872psa_status_t psa_driver_wrapper_cipher_encrypt(
873 const psa_key_attributes_t *attributes,
874 const uint8_t *key_buffer,
875 size_t key_buffer_size,
876 psa_algorithm_t alg,
877 const uint8_t *iv,
878 size_t iv_length,
879 const uint8_t *input,
880 size_t input_length,
881 uint8_t *output,
882 size_t output_size,
883 size_t *output_length )
884{
885 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
886 psa_key_location_t location =
887 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
888
889 switch( location )
890 {
891 case PSA_KEY_LOCATION_LOCAL_STORAGE:
892 /* Key is stored in the slot in export representation, so
893 * cycle through all known transparent accelerators */
894#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
895#if defined(PSA_CRYPTO_DRIVER_TEST)
896 status = mbedtls_test_transparent_cipher_encrypt( attributes,
897 key_buffer,
898 key_buffer_size,
899 alg,
900 iv,
901 iv_length,
902 input,
903 input_length,
904 output,
905 output_size,
906 output_length );
907 /* Declared with fallback == true */
908 if( status != PSA_ERROR_NOT_SUPPORTED )
909 return( status );
910#endif /* PSA_CRYPTO_DRIVER_TEST */
911#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
912
913#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
914 return( mbedtls_psa_cipher_encrypt( attributes,
915 key_buffer,
916 key_buffer_size,
917 alg,
918 iv,
919 iv_length,
920 input,
921 input_length,
922 output,
923 output_size,
924 output_length ) );
925#else
926 return( PSA_ERROR_NOT_SUPPORTED );
927#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
928
929 /* Add cases for opaque driver here */
930#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
931#if defined(PSA_CRYPTO_DRIVER_TEST)
932 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
933 return( mbedtls_test_opaque_cipher_encrypt( attributes,
934 key_buffer,
935 key_buffer_size,
936 alg,
937 iv,
938 iv_length,
939 input,
940 input_length,
941 output,
942 output_size,
943 output_length ) );
944#endif /* PSA_CRYPTO_DRIVER_TEST */
945#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
946
947 default:
948 /* Key is declared with a lifetime not known to us */
949 (void)status;
950 (void)key_buffer;
951 (void)key_buffer_size;
952 (void)alg;
953 (void)iv;
954 (void)iv_length;
955 (void)input;
956 (void)input_length;
957 (void)output;
958 (void)output_size;
959 (void)output_length;
960 return( PSA_ERROR_INVALID_ARGUMENT );
961 }
962}
963
964psa_status_t psa_driver_wrapper_cipher_decrypt(
965 const psa_key_attributes_t *attributes,
966 const uint8_t *key_buffer,
967 size_t key_buffer_size,
968 psa_algorithm_t alg,
969 const uint8_t *input,
970 size_t input_length,
971 uint8_t *output,
972 size_t output_size,
973 size_t *output_length )
974{
975 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
976 psa_key_location_t location =
977 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
978
979 switch( location )
980 {
981 case PSA_KEY_LOCATION_LOCAL_STORAGE:
982 /* Key is stored in the slot in export representation, so
983 * cycle through all known transparent accelerators */
984#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
985#if defined(PSA_CRYPTO_DRIVER_TEST)
986 status = mbedtls_test_transparent_cipher_decrypt( attributes,
987 key_buffer,
988 key_buffer_size,
989 alg,
990 input,
991 input_length,
992 output,
993 output_size,
994 output_length );
995 /* Declared with fallback == true */
996 if( status != PSA_ERROR_NOT_SUPPORTED )
997 return( status );
998#endif /* PSA_CRYPTO_DRIVER_TEST */
999#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1000
1001#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1002 return( mbedtls_psa_cipher_decrypt( attributes,
1003 key_buffer,
1004 key_buffer_size,
1005 alg,
1006 input,
1007 input_length,
1008 output,
1009 output_size,
1010 output_length ) );
1011#else
1012 return( PSA_ERROR_NOT_SUPPORTED );
1013#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1014
1015 /* Add cases for opaque driver here */
1016#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1017#if defined(PSA_CRYPTO_DRIVER_TEST)
1018 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
1019 return( mbedtls_test_opaque_cipher_decrypt( attributes,
1020 key_buffer,
1021 key_buffer_size,
1022 alg,
1023 input,
1024 input_length,
1025 output,
1026 output_size,
1027 output_length ) );
1028#endif /* PSA_CRYPTO_DRIVER_TEST */
1029#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1030
1031 default:
1032 /* Key is declared with a lifetime not known to us */
1033 (void)status;
1034 (void)key_buffer;
1035 (void)key_buffer_size;
1036 (void)alg;
1037 (void)input;
1038 (void)input_length;
1039 (void)output;
1040 (void)output_size;
1041 (void)output_length;
1042 return( PSA_ERROR_INVALID_ARGUMENT );
1043 }
1044}
1045
1046psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
1047 psa_cipher_operation_t *operation,
1048 const psa_key_attributes_t *attributes,
1049 const uint8_t *key_buffer, size_t key_buffer_size,
1050 psa_algorithm_t alg )
1051{
1052 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1053 psa_key_location_t location =
1054 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1055
1056 switch( location )
1057 {
1058 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1059 /* Key is stored in the slot in export representation, so
1060 * cycle through all known transparent accelerators */
1061#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1062#if defined(PSA_CRYPTO_DRIVER_TEST)
1063 status = mbedtls_test_transparent_cipher_encrypt_setup(
1064 &operation->ctx.transparent_test_driver_ctx,
1065 attributes,
1066 key_buffer,
1067 key_buffer_size,
1068 alg );
1069 /* Declared with fallback == true */
1070 if( status == PSA_SUCCESS )
1071 operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
1072
1073 if( status != PSA_ERROR_NOT_SUPPORTED )
1074 return( status );
1075#endif /* PSA_CRYPTO_DRIVER_TEST */
1076#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1077#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1078 /* Fell through, meaning no accelerator supports this operation */
1079 status = mbedtls_psa_cipher_encrypt_setup( &operation->ctx.mbedtls_ctx,
1080 attributes,
1081 key_buffer,
1082 key_buffer_size,
1083 alg );
1084 if( status == PSA_SUCCESS )
1085 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1086
1087 if( status != PSA_ERROR_NOT_SUPPORTED )
1088 return( status );
1089#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1090 return( PSA_ERROR_NOT_SUPPORTED );
1091
1092 /* Add cases for opaque driver here */
1093#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1094#if defined(PSA_CRYPTO_DRIVER_TEST)
1095 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
1096 status = mbedtls_test_opaque_cipher_encrypt_setup(
1097 &operation->ctx.opaque_test_driver_ctx,
1098 attributes,
1099 key_buffer, key_buffer_size,
1100 alg );
1101
1102 if( status == PSA_SUCCESS )
1103 operation->id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID;
1104
1105 return( status );
1106#endif /* PSA_CRYPTO_DRIVER_TEST */
1107#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1108 default:
1109 /* Key is declared with a lifetime not known to us */
1110 (void)status;
1111 (void)operation;
1112 (void)key_buffer;
1113 (void)key_buffer_size;
1114 (void)alg;
1115 return( PSA_ERROR_INVALID_ARGUMENT );
1116 }
1117}
1118
1119psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
1120 psa_cipher_operation_t *operation,
1121 const psa_key_attributes_t *attributes,
1122 const uint8_t *key_buffer, size_t key_buffer_size,
1123 psa_algorithm_t alg )
1124{
1125 psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
1126 psa_key_location_t location =
1127 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1128
1129 switch( location )
1130 {
1131 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1132 /* Key is stored in the slot in export representation, so
1133 * cycle through all known transparent accelerators */
1134#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1135#if defined(PSA_CRYPTO_DRIVER_TEST)
1136 status = mbedtls_test_transparent_cipher_decrypt_setup(
1137 &operation->ctx.transparent_test_driver_ctx,
1138 attributes,
1139 key_buffer,
1140 key_buffer_size,
1141 alg );
1142 /* Declared with fallback == true */
1143 if( status == PSA_SUCCESS )
1144 operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
1145
1146 if( status != PSA_ERROR_NOT_SUPPORTED )
1147 return( status );
1148#endif /* PSA_CRYPTO_DRIVER_TEST */
1149#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1150#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1151 /* Fell through, meaning no accelerator supports this operation */
1152 status = mbedtls_psa_cipher_decrypt_setup( &operation->ctx.mbedtls_ctx,
1153 attributes,
1154 key_buffer,
1155 key_buffer_size,
1156 alg );
1157 if( status == PSA_SUCCESS )
1158 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1159
1160 return( status );
1161#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1162 return( PSA_ERROR_NOT_SUPPORTED );
1163
1164 /* Add cases for opaque driver here */
1165#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1166#if defined(PSA_CRYPTO_DRIVER_TEST)
1167 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
1168 status = mbedtls_test_opaque_cipher_decrypt_setup(
1169 &operation->ctx.opaque_test_driver_ctx,
1170 attributes,
1171 key_buffer, key_buffer_size,
1172 alg );
1173
1174 if( status == PSA_SUCCESS )
1175 operation->id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID;
1176
1177 return( status );
1178#endif /* PSA_CRYPTO_DRIVER_TEST */
1179#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1180 default:
1181 /* Key is declared with a lifetime not known to us */
1182 (void)status;
1183 (void)operation;
1184 (void)key_buffer;
1185 (void)key_buffer_size;
1186 (void)alg;
1187 return( PSA_ERROR_INVALID_ARGUMENT );
1188 }
1189}
1190
1191psa_status_t psa_driver_wrapper_cipher_set_iv(
1192 psa_cipher_operation_t *operation,
1193 const uint8_t *iv,
1194 size_t iv_length )
1195{
1196 switch( operation->id )
1197 {
1198#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1199 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1200 return( mbedtls_psa_cipher_set_iv( &operation->ctx.mbedtls_ctx,
1201 iv,
1202 iv_length ) );
1203#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1204
1205#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1206#if defined(PSA_CRYPTO_DRIVER_TEST)
1207 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
1208 return( mbedtls_test_transparent_cipher_set_iv(
1209 &operation->ctx.transparent_test_driver_ctx,
1210 iv, iv_length ) );
1211
1212 case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
1213 return( mbedtls_test_opaque_cipher_set_iv(
1214 &operation->ctx.opaque_test_driver_ctx,
1215 iv, iv_length ) );
1216#endif /* PSA_CRYPTO_DRIVER_TEST */
1217#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1218 }
1219
1220 (void)iv;
1221 (void)iv_length;
1222
1223 return( PSA_ERROR_INVALID_ARGUMENT );
1224}
1225
1226psa_status_t psa_driver_wrapper_cipher_update(
1227 psa_cipher_operation_t *operation,
1228 const uint8_t *input,
1229 size_t input_length,
1230 uint8_t *output,
1231 size_t output_size,
1232 size_t *output_length )
1233{
1234 switch( operation->id )
1235 {
1236#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1237 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1238 return( mbedtls_psa_cipher_update( &operation->ctx.mbedtls_ctx,
1239 input,
1240 input_length,
1241 output,
1242 output_size,
1243 output_length ) );
1244#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1245
1246#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1247#if defined(PSA_CRYPTO_DRIVER_TEST)
1248 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
1249 return( mbedtls_test_transparent_cipher_update(
1250 &operation->ctx.transparent_test_driver_ctx,
1251 input, input_length,
1252 output, output_size, output_length ) );
1253
1254 case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
1255 return( mbedtls_test_opaque_cipher_update(
1256 &operation->ctx.opaque_test_driver_ctx,
1257 input, input_length,
1258 output, output_size, output_length ) );
1259#endif /* PSA_CRYPTO_DRIVER_TEST */
1260#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1261 }
1262
1263 (void)input;
1264 (void)input_length;
1265 (void)output;
1266 (void)output_size;
1267 (void)output_length;
1268
1269 return( PSA_ERROR_INVALID_ARGUMENT );
1270}
1271
1272psa_status_t psa_driver_wrapper_cipher_finish(
1273 psa_cipher_operation_t *operation,
1274 uint8_t *output,
1275 size_t output_size,
1276 size_t *output_length )
1277{
1278 switch( operation->id )
1279 {
1280#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1281 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1282 return( mbedtls_psa_cipher_finish( &operation->ctx.mbedtls_ctx,
1283 output,
1284 output_size,
1285 output_length ) );
1286#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1287
1288#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1289#if defined(PSA_CRYPTO_DRIVER_TEST)
1290 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
1291 return( mbedtls_test_transparent_cipher_finish(
1292 &operation->ctx.transparent_test_driver_ctx,
1293 output, output_size, output_length ) );
1294
1295 case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
1296 return( mbedtls_test_opaque_cipher_finish(
1297 &operation->ctx.opaque_test_driver_ctx,
1298 output, output_size, output_length ) );
1299#endif /* PSA_CRYPTO_DRIVER_TEST */
1300#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1301 }
1302
1303 (void)output;
1304 (void)output_size;
1305 (void)output_length;
1306
1307 return( PSA_ERROR_INVALID_ARGUMENT );
1308}
1309
1310psa_status_t psa_driver_wrapper_cipher_abort(
1311 psa_cipher_operation_t *operation )
1312{
1313 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1314
1315 switch( operation->id )
1316 {
1317#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1318 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1319 return( mbedtls_psa_cipher_abort( &operation->ctx.mbedtls_ctx ) );
1320#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1321
1322#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1323#if defined(PSA_CRYPTO_DRIVER_TEST)
1324 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
1325 status = mbedtls_test_transparent_cipher_abort(
1326 &operation->ctx.transparent_test_driver_ctx );
1327 mbedtls_platform_zeroize(
1328 &operation->ctx.transparent_test_driver_ctx,
1329 sizeof( operation->ctx.transparent_test_driver_ctx ) );
1330 return( status );
1331
1332 case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
1333 status = mbedtls_test_opaque_cipher_abort(
1334 &operation->ctx.opaque_test_driver_ctx );
1335 mbedtls_platform_zeroize(
1336 &operation->ctx.opaque_test_driver_ctx,
1337 sizeof( operation->ctx.opaque_test_driver_ctx ) );
1338 return( status );
1339#endif /* PSA_CRYPTO_DRIVER_TEST */
1340#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1341 }
1342
1343 (void)status;
1344 return( PSA_ERROR_INVALID_ARGUMENT );
1345}
1346
1347/*
1348 * Hashing functions
1349 */
1350psa_status_t psa_driver_wrapper_hash_compute(
1351 psa_algorithm_t alg,
1352 const uint8_t *input,
1353 size_t input_length,
1354 uint8_t *hash,
1355 size_t hash_size,
1356 size_t *hash_length)
1357{
1358 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1359
1360 /* Try accelerators first */
1361#if defined(PSA_CRYPTO_DRIVER_TEST)
1362 status = mbedtls_test_transparent_hash_compute(
1363 alg, input, input_length, hash, hash_size, hash_length );
1364 if( status != PSA_ERROR_NOT_SUPPORTED )
1365 return( status );
1366#endif
1367
1368 /* If software fallback is compiled in, try fallback */
1369#if defined(MBEDTLS_PSA_BUILTIN_HASH)
1370 status = mbedtls_psa_hash_compute( alg, input, input_length,
1371 hash, hash_size, hash_length );
1372 if( status != PSA_ERROR_NOT_SUPPORTED )
1373 return( status );
1374#endif
1375 (void) status;
1376 (void) alg;
1377 (void) input;
1378 (void) input_length;
1379 (void) hash;
1380 (void) hash_size;
1381 (void) hash_length;
1382
1383 return( PSA_ERROR_NOT_SUPPORTED );
1384}
1385
1386psa_status_t psa_driver_wrapper_hash_setup(
1387 psa_hash_operation_t *operation,
1388 psa_algorithm_t alg )
1389{
1390 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1391
1392 /* Try setup on accelerators first */
1393#if defined(PSA_CRYPTO_DRIVER_TEST)
1394 status = mbedtls_test_transparent_hash_setup(
1395 &operation->ctx.test_driver_ctx, alg );
1396 if( status == PSA_SUCCESS )
1397 operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
1398
1399 if( status != PSA_ERROR_NOT_SUPPORTED )
1400 return( status );
1401#endif
1402
1403 /* If software fallback is compiled in, try fallback */
1404#if defined(MBEDTLS_PSA_BUILTIN_HASH)
1405 status = mbedtls_psa_hash_setup( &operation->ctx.mbedtls_ctx, alg );
1406 if( status == PSA_SUCCESS )
1407 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1408
1409 if( status != PSA_ERROR_NOT_SUPPORTED )
1410 return( status );
1411#endif
1412 /* Nothing left to try if we fall through here */
1413 (void) status;
1414 (void) operation;
1415 (void) alg;
1416 return( PSA_ERROR_NOT_SUPPORTED );
1417}
1418
1419psa_status_t psa_driver_wrapper_hash_clone(
1420 const psa_hash_operation_t *source_operation,
1421 psa_hash_operation_t *target_operation )
1422{
1423 switch( source_operation->id )
1424 {
1425#if defined(MBEDTLS_PSA_BUILTIN_HASH)
1426 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1427 target_operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1428 return( mbedtls_psa_hash_clone( &source_operation->ctx.mbedtls_ctx,
1429 &target_operation->ctx.mbedtls_ctx ) );
1430#endif
1431#if defined(PSA_CRYPTO_DRIVER_TEST)
1432 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
1433 target_operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
1434 return( mbedtls_test_transparent_hash_clone(
1435 &source_operation->ctx.test_driver_ctx,
1436 &target_operation->ctx.test_driver_ctx ) );
1437#endif
1438 default:
1439 (void) target_operation;
1440 return( PSA_ERROR_BAD_STATE );
1441 }
1442}
1443
1444psa_status_t psa_driver_wrapper_hash_update(
1445 psa_hash_operation_t *operation,
1446 const uint8_t *input,
1447 size_t input_length )
1448{
1449 switch( operation->id )
1450 {
1451#if defined(MBEDTLS_PSA_BUILTIN_HASH)
1452 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1453 return( mbedtls_psa_hash_update( &operation->ctx.mbedtls_ctx,
1454 input, input_length ) );
1455#endif
1456#if defined(PSA_CRYPTO_DRIVER_TEST)
1457 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
1458 return( mbedtls_test_transparent_hash_update(
1459 &operation->ctx.test_driver_ctx,
1460 input, input_length ) );
1461#endif
1462 default:
1463 (void) input;
1464 (void) input_length;
1465 return( PSA_ERROR_BAD_STATE );
1466 }
1467}
1468
1469psa_status_t psa_driver_wrapper_hash_finish(
1470 psa_hash_operation_t *operation,
1471 uint8_t *hash,
1472 size_t hash_size,
1473 size_t *hash_length )
1474{
1475 switch( operation->id )
1476 {
1477#if defined(MBEDTLS_PSA_BUILTIN_HASH)
1478 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1479 return( mbedtls_psa_hash_finish( &operation->ctx.mbedtls_ctx,
1480 hash, hash_size, hash_length ) );
1481#endif
1482#if defined(PSA_CRYPTO_DRIVER_TEST)
1483 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
1484 return( mbedtls_test_transparent_hash_finish(
1485 &operation->ctx.test_driver_ctx,
1486 hash, hash_size, hash_length ) );
1487#endif
1488 default:
1489 (void) hash;
1490 (void) hash_size;
1491 (void) hash_length;
1492 return( PSA_ERROR_BAD_STATE );
1493 }
1494}
1495
1496psa_status_t psa_driver_wrapper_hash_abort(
1497 psa_hash_operation_t *operation )
1498{
1499 switch( operation->id )
1500 {
1501#if defined(MBEDTLS_PSA_BUILTIN_HASH)
1502 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1503 return( mbedtls_psa_hash_abort( &operation->ctx.mbedtls_ctx ) );
1504#endif
1505#if defined(PSA_CRYPTO_DRIVER_TEST)
1506 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
1507 return( mbedtls_test_transparent_hash_abort(
1508 &operation->ctx.test_driver_ctx ) );
1509#endif
1510 default:
1511 return( PSA_ERROR_BAD_STATE );
1512 }
1513}
1514
1515psa_status_t psa_driver_wrapper_aead_encrypt(
1516 const psa_key_attributes_t *attributes,
1517 const uint8_t *key_buffer, size_t key_buffer_size,
1518 psa_algorithm_t alg,
1519 const uint8_t *nonce, size_t nonce_length,
1520 const uint8_t *additional_data, size_t additional_data_length,
1521 const uint8_t *plaintext, size_t plaintext_length,
1522 uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length )
1523{
1524 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1525 psa_key_location_t location =
1526 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1527
1528 switch( location )
1529 {
1530 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1531 /* Key is stored in the slot in export representation, so
1532 * cycle through all known transparent accelerators */
1533
1534#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1535#if defined(PSA_CRYPTO_DRIVER_TEST)
1536 status = mbedtls_test_transparent_aead_encrypt(
1537 attributes, key_buffer, key_buffer_size,
1538 alg,
1539 nonce, nonce_length,
1540 additional_data, additional_data_length,
1541 plaintext, plaintext_length,
1542 ciphertext, ciphertext_size, ciphertext_length );
1543 /* Declared with fallback == true */
1544 if( status != PSA_ERROR_NOT_SUPPORTED )
1545 return( status );
1546#endif /* PSA_CRYPTO_DRIVER_TEST */
1547#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1548
1549 /* Fell through, meaning no accelerator supports this operation */
1550 return( mbedtls_psa_aead_encrypt(
1551 attributes, key_buffer, key_buffer_size,
1552 alg,
1553 nonce, nonce_length,
1554 additional_data, additional_data_length,
1555 plaintext, plaintext_length,
1556 ciphertext, ciphertext_size, ciphertext_length ) );
1557
1558 /* Add cases for opaque driver here */
1559
1560 default:
1561 /* Key is declared with a lifetime not known to us */
1562 (void)status;
1563 return( PSA_ERROR_INVALID_ARGUMENT );
1564 }
1565}
1566
1567psa_status_t psa_driver_wrapper_aead_decrypt(
1568 const psa_key_attributes_t *attributes,
1569 const uint8_t *key_buffer, size_t key_buffer_size,
1570 psa_algorithm_t alg,
1571 const uint8_t *nonce, size_t nonce_length,
1572 const uint8_t *additional_data, size_t additional_data_length,
1573 const uint8_t *ciphertext, size_t ciphertext_length,
1574 uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length )
1575{
1576 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1577 psa_key_location_t location =
1578 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1579
1580 switch( location )
1581 {
1582 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1583 /* Key is stored in the slot in export representation, so
1584 * cycle through all known transparent accelerators */
1585
1586#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1587#if defined(PSA_CRYPTO_DRIVER_TEST)
1588 status = mbedtls_test_transparent_aead_decrypt(
1589 attributes, key_buffer, key_buffer_size,
1590 alg,
1591 nonce, nonce_length,
1592 additional_data, additional_data_length,
1593 ciphertext, ciphertext_length,
1594 plaintext, plaintext_size, plaintext_length );
1595 /* Declared with fallback == true */
1596 if( status != PSA_ERROR_NOT_SUPPORTED )
1597 return( status );
1598#endif /* PSA_CRYPTO_DRIVER_TEST */
1599#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1600
1601 /* Fell through, meaning no accelerator supports this operation */
1602 return( mbedtls_psa_aead_decrypt(
1603 attributes, key_buffer, key_buffer_size,
1604 alg,
1605 nonce, nonce_length,
1606 additional_data, additional_data_length,
1607 ciphertext, ciphertext_length,
1608 plaintext, plaintext_size, plaintext_length ) );
1609
1610 /* Add cases for opaque driver here */
1611
1612 default:
1613 /* Key is declared with a lifetime not known to us */
1614 (void)status;
1615 return( PSA_ERROR_INVALID_ARGUMENT );
1616 }
1617}
1618
1619psa_status_t psa_driver_get_tag_len( psa_aead_operation_t *operation,
1620 uint8_t *tag_len )
1621{
1622 if( operation == NULL || tag_len == NULL )
1623 return( PSA_ERROR_INVALID_ARGUMENT );
1624
1625#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1626#if defined(PSA_CRYPTO_DRIVER_TEST)
1627 *tag_len = operation->ctx.transparent_test_driver_ctx.tag_length;
1628 return ( PSA_SUCCESS );
1629#endif
1630#endif
1631 *tag_len = operation->ctx.mbedtls_ctx.tag_length;
1632 return ( PSA_SUCCESS );
1633}
1634
1635psa_status_t psa_driver_wrapper_aead_encrypt_setup(
1636 psa_aead_operation_t *operation,
1637 const psa_key_attributes_t *attributes,
1638 const uint8_t *key_buffer, size_t key_buffer_size,
1639 psa_algorithm_t alg )
1640{
1641 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1642 psa_key_location_t location =
1643 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1644
1645 switch( location )
1646 {
1647 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1648 /* Key is stored in the slot in export representation, so
1649 * cycle through all known transparent accelerators */
1650
1651#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1652#if defined(PSA_CRYPTO_DRIVER_TEST)
1653 operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
1654 status = mbedtls_test_transparent_aead_encrypt_setup(
1655 &operation->ctx.transparent_test_driver_ctx,
1656 attributes, key_buffer, key_buffer_size,
1657 alg );
1658
1659 /* Declared with fallback == true */
1660 if( status != PSA_ERROR_NOT_SUPPORTED )
1661 return( status );
1662#endif /* PSA_CRYPTO_DRIVER_TEST */
1663#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1664
1665 /* Fell through, meaning no accelerator supports this operation */
1666 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1667 status = mbedtls_psa_aead_encrypt_setup(
1668 &operation->ctx.mbedtls_ctx, attributes,
1669 key_buffer, key_buffer_size,
1670 alg );
1671
1672 return( status );
1673
1674 /* Add cases for opaque driver here */
1675
1676 default:
1677 /* Key is declared with a lifetime not known to us */
1678 (void)status;
1679 return( PSA_ERROR_INVALID_ARGUMENT );
1680 }
1681}
1682
1683psa_status_t psa_driver_wrapper_aead_decrypt_setup(
1684 psa_aead_operation_t *operation,
1685 const psa_key_attributes_t *attributes,
1686 const uint8_t *key_buffer, size_t key_buffer_size,
1687 psa_algorithm_t alg )
1688{
1689 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1690 psa_key_location_t location =
1691 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1692
1693 switch( location )
1694 {
1695 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1696 /* Key is stored in the slot in export representation, so
1697 * cycle through all known transparent accelerators */
1698
1699#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1700#if defined(PSA_CRYPTO_DRIVER_TEST)
1701 operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
1702 status = mbedtls_test_transparent_aead_decrypt_setup(
1703 &operation->ctx.transparent_test_driver_ctx,
1704 attributes,
1705 key_buffer, key_buffer_size,
1706 alg );
1707
1708 /* Declared with fallback == true */
1709 if( status != PSA_ERROR_NOT_SUPPORTED )
1710 return( status );
1711#endif /* PSA_CRYPTO_DRIVER_TEST */
1712#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1713
1714 /* Fell through, meaning no accelerator supports this operation */
1715 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1716 status = mbedtls_psa_aead_decrypt_setup(
1717 &operation->ctx.mbedtls_ctx,
1718 attributes,
1719 key_buffer, key_buffer_size,
1720 alg );
1721
1722 return( status );
1723
1724 /* Add cases for opaque driver here */
1725
1726 default:
1727 /* Key is declared with a lifetime not known to us */
1728 (void)status;
1729 return( PSA_ERROR_INVALID_ARGUMENT );
1730 }
1731}
1732
1733psa_status_t psa_driver_wrapper_aead_set_nonce(
1734 psa_aead_operation_t *operation,
1735 const uint8_t *nonce,
1736 size_t nonce_length )
1737{
1738 switch( operation->id )
1739 {
1740#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
1741 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1742 return( mbedtls_psa_aead_set_nonce( &operation->ctx.mbedtls_ctx,
1743 nonce,
1744 nonce_length ) );
1745
1746#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
1747
1748#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1749#if defined(PSA_CRYPTO_DRIVER_TEST)
1750 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
1751 return( mbedtls_test_transparent_aead_set_nonce(
1752 &operation->ctx.transparent_test_driver_ctx,
1753 nonce, nonce_length ) );
1754
1755 /* Add cases for opaque driver here */
1756
1757#endif /* PSA_CRYPTO_DRIVER_TEST */
1758#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1759 }
1760
1761 (void)nonce;
1762 (void)nonce_length;
1763
1764 return( PSA_ERROR_INVALID_ARGUMENT );
1765}
1766
1767psa_status_t psa_driver_wrapper_aead_set_lengths(
1768 psa_aead_operation_t *operation,
1769 size_t ad_length,
1770 size_t plaintext_length )
1771{
1772 switch( operation->id )
1773 {
1774#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
1775 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1776 return( mbedtls_psa_aead_set_lengths( &operation->ctx.mbedtls_ctx,
1777 ad_length,
1778 plaintext_length ) );
1779
1780#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
1781
1782#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1783#if defined(PSA_CRYPTO_DRIVER_TEST)
1784 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
1785 return( mbedtls_test_transparent_aead_set_lengths(
1786 &operation->ctx.transparent_test_driver_ctx,
1787 ad_length, plaintext_length ) );
1788
1789 /* Add cases for opaque driver here */
1790
1791#endif /* PSA_CRYPTO_DRIVER_TEST */
1792#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1793 }
1794
1795 (void)ad_length;
1796 (void)plaintext_length;
1797
1798 return( PSA_ERROR_INVALID_ARGUMENT );
1799}
1800
1801psa_status_t psa_driver_wrapper_aead_update_ad(
1802 psa_aead_operation_t *operation,
1803 const uint8_t *input,
1804 size_t input_length )
1805{
1806 switch( operation->id )
1807 {
1808#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
1809 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1810 return( mbedtls_psa_aead_update_ad( &operation->ctx.mbedtls_ctx,
1811 input,
1812 input_length ) );
1813
1814#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
1815
1816#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1817#if defined(PSA_CRYPTO_DRIVER_TEST)
1818 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
1819 return( mbedtls_test_transparent_aead_update_ad(
1820 &operation->ctx.transparent_test_driver_ctx,
1821 input, input_length ) );
1822
1823 /* Add cases for opaque driver here */
1824
1825#endif /* PSA_CRYPTO_DRIVER_TEST */
1826#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1827 }
1828
1829 (void)input;
1830 (void)input_length;
1831
1832 return( PSA_ERROR_INVALID_ARGUMENT );
1833}
1834
1835psa_status_t psa_driver_wrapper_aead_update(
1836 psa_aead_operation_t *operation,
1837 const uint8_t *input,
1838 size_t input_length,
1839 uint8_t *output,
1840 size_t output_size,
1841 size_t *output_length )
1842{
1843 switch( operation->id )
1844 {
1845#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
1846 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1847 return( mbedtls_psa_aead_update( &operation->ctx.mbedtls_ctx,
1848 input, input_length,
1849 output, output_size,
1850 output_length ) );
1851
1852#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
1853
1854#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1855#if defined(PSA_CRYPTO_DRIVER_TEST)
1856 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
1857 return( mbedtls_test_transparent_aead_update(
1858 &operation->ctx.transparent_test_driver_ctx,
1859 input, input_length, output, output_size,
1860 output_length ) );
1861
1862 /* Add cases for opaque driver here */
1863
1864#endif /* PSA_CRYPTO_DRIVER_TEST */
1865#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1866 }
1867
1868 (void)input;
1869 (void)input_length;
1870 (void)output;
1871 (void)output_size;
1872 (void)output_length;
1873
1874 return( PSA_ERROR_INVALID_ARGUMENT );
1875}
1876
1877psa_status_t psa_driver_wrapper_aead_finish(
1878 psa_aead_operation_t *operation,
1879 uint8_t *ciphertext,
1880 size_t ciphertext_size,
1881 size_t *ciphertext_length,
1882 uint8_t *tag,
1883 size_t tag_size,
1884 size_t *tag_length )
1885{
1886 switch( operation->id )
1887 {
1888#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
1889 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1890 return( mbedtls_psa_aead_finish( &operation->ctx.mbedtls_ctx,
1891 ciphertext,
1892 ciphertext_size,
1893 ciphertext_length, tag,
1894 tag_size, tag_length ) );
1895
1896#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
1897
1898#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1899#if defined(PSA_CRYPTO_DRIVER_TEST)
1900 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
1901 return( mbedtls_test_transparent_aead_finish(
1902 &operation->ctx.transparent_test_driver_ctx,
1903 ciphertext, ciphertext_size,
1904 ciphertext_length, tag, tag_size, tag_length ) );
1905
1906 /* Add cases for opaque driver here */
1907
1908#endif /* PSA_CRYPTO_DRIVER_TEST */
1909#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1910 }
1911
1912 (void)ciphertext;
1913 (void)ciphertext_size;
1914 (void)ciphertext_length;
1915 (void)tag;
1916 (void)tag_size;
1917 (void)tag_length;
1918
1919 return( PSA_ERROR_INVALID_ARGUMENT );
1920}
1921
1922psa_status_t psa_driver_wrapper_aead_verify(
1923 psa_aead_operation_t *operation,
1924 uint8_t *plaintext,
1925 size_t plaintext_size,
1926 size_t *plaintext_length,
1927 const uint8_t *tag,
1928 size_t tag_length )
1929{
1930 switch( operation->id )
1931 {
1932#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
1933 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1934 {
1935 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1936 uint8_t check_tag[PSA_AEAD_TAG_MAX_SIZE];
1937 size_t check_tag_length;
1938
1939 status = mbedtls_psa_aead_finish( &operation->ctx.mbedtls_ctx,
1940 plaintext,
1941 plaintext_size,
1942 plaintext_length,
1943 check_tag,
1944 sizeof( check_tag ),
1945 &check_tag_length );
1946
1947 if( status == PSA_SUCCESS )
1948 {
1949 if( tag_length != check_tag_length ||
1950 mbedtls_psa_safer_memcmp( tag, check_tag, tag_length )
1951 != 0 )
1952 status = PSA_ERROR_INVALID_SIGNATURE;
1953 }
1954
1955 mbedtls_platform_zeroize( check_tag, sizeof( check_tag ) );
1956
1957 return( status );
1958 }
1959
1960#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
1961
1962#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1963#if defined(PSA_CRYPTO_DRIVER_TEST)
1964 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
1965 return( mbedtls_test_transparent_aead_verify(
1966 &operation->ctx.transparent_test_driver_ctx,
1967 plaintext, plaintext_size,
1968 plaintext_length, tag, tag_length ) );
1969
1970 /* Add cases for opaque driver here */
1971
1972#endif /* PSA_CRYPTO_DRIVER_TEST */
1973#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1974 }
1975
1976 (void)plaintext;
1977 (void)plaintext_size;
1978 (void)plaintext_length;
1979 (void)tag;
1980 (void)tag_length;
1981
1982 return( PSA_ERROR_INVALID_ARGUMENT );
1983}
1984
1985psa_status_t psa_driver_wrapper_aead_abort(
1986 psa_aead_operation_t *operation )
1987{
1988 switch( operation->id )
1989 {
1990#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
1991 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1992 return( mbedtls_psa_aead_abort( &operation->ctx.mbedtls_ctx ) );
1993
1994#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
1995
1996#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1997#if defined(PSA_CRYPTO_DRIVER_TEST)
1998 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
1999 return( mbedtls_test_transparent_aead_abort(
2000 &operation->ctx.transparent_test_driver_ctx ) );
2001
2002 /* Add cases for opaque driver here */
2003
2004#endif /* PSA_CRYPTO_DRIVER_TEST */
2005#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2006 }
2007
2008 return( PSA_ERROR_INVALID_ARGUMENT );
2009}
2010
2011/*
2012 * MAC functions
2013 */
2014psa_status_t psa_driver_wrapper_mac_compute(
2015 const psa_key_attributes_t *attributes,
2016 const uint8_t *key_buffer,
2017 size_t key_buffer_size,
2018 psa_algorithm_t alg,
2019 const uint8_t *input,
2020 size_t input_length,
2021 uint8_t *mac,
2022 size_t mac_size,
2023 size_t *mac_length )
2024{
2025 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2026 psa_key_location_t location =
2027 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
2028
2029 switch( location )
2030 {
2031 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2032 /* Key is stored in the slot in export representation, so
2033 * cycle through all known transparent accelerators */
2034#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2035#if defined(PSA_CRYPTO_DRIVER_TEST)
2036 status = mbedtls_test_transparent_mac_compute(
2037 attributes, key_buffer, key_buffer_size, alg,
2038 input, input_length,
2039 mac, mac_size, mac_length );
2040 /* Declared with fallback == true */
2041 if( status != PSA_ERROR_NOT_SUPPORTED )
2042 return( status );
2043#endif /* PSA_CRYPTO_DRIVER_TEST */
2044#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2045#if defined(MBEDTLS_PSA_BUILTIN_MAC)
2046 /* Fell through, meaning no accelerator supports this operation */
2047 status = mbedtls_psa_mac_compute(
2048 attributes, key_buffer, key_buffer_size, alg,
2049 input, input_length,
2050 mac, mac_size, mac_length );
2051 if( status != PSA_ERROR_NOT_SUPPORTED )
2052 return( status );
2053#endif /* MBEDTLS_PSA_BUILTIN_MAC */
2054 return( PSA_ERROR_NOT_SUPPORTED );
2055
2056 /* Add cases for opaque driver here */
2057#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2058#if defined(PSA_CRYPTO_DRIVER_TEST)
2059 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2060 status = mbedtls_test_opaque_mac_compute(
2061 attributes, key_buffer, key_buffer_size, alg,
2062 input, input_length,
2063 mac, mac_size, mac_length );
2064 return( status );
2065#endif /* PSA_CRYPTO_DRIVER_TEST */
2066#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2067 default:
2068 /* Key is declared with a lifetime not known to us */
2069 (void) key_buffer;
2070 (void) key_buffer_size;
2071 (void) alg;
2072 (void) input;
2073 (void) input_length;
2074 (void) mac;
2075 (void) mac_size;
2076 (void) mac_length;
2077 (void) status;
2078 return( PSA_ERROR_INVALID_ARGUMENT );
2079 }
2080}
2081
2082psa_status_t psa_driver_wrapper_mac_sign_setup(
2083 psa_mac_operation_t *operation,
2084 const psa_key_attributes_t *attributes,
2085 const uint8_t *key_buffer,
2086 size_t key_buffer_size,
2087 psa_algorithm_t alg )
2088{
2089 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2090 psa_key_location_t location =
2091 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
2092
2093 switch( location )
2094 {
2095 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2096 /* Key is stored in the slot in export representation, so
2097 * cycle through all known transparent accelerators */
2098#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2099#if defined(PSA_CRYPTO_DRIVER_TEST)
2100 status = mbedtls_test_transparent_mac_sign_setup(
2101 &operation->ctx.transparent_test_driver_ctx,
2102 attributes,
2103 key_buffer, key_buffer_size,
2104 alg );
2105 /* Declared with fallback == true */
2106 if( status == PSA_SUCCESS )
2107 operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
2108
2109 if( status != PSA_ERROR_NOT_SUPPORTED )
2110 return( status );
2111#endif /* PSA_CRYPTO_DRIVER_TEST */
2112#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2113#if defined(MBEDTLS_PSA_BUILTIN_MAC)
2114 /* Fell through, meaning no accelerator supports this operation */
2115 status = mbedtls_psa_mac_sign_setup( &operation->ctx.mbedtls_ctx,
2116 attributes,
2117 key_buffer, key_buffer_size,
2118 alg );
2119 if( status == PSA_SUCCESS )
2120 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
2121
2122 if( status != PSA_ERROR_NOT_SUPPORTED )
2123 return( status );
2124#endif /* MBEDTLS_PSA_BUILTIN_MAC */
2125 return( PSA_ERROR_NOT_SUPPORTED );
2126
2127 /* Add cases for opaque driver here */
2128#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2129#if defined(PSA_CRYPTO_DRIVER_TEST)
2130 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2131 status = mbedtls_test_opaque_mac_sign_setup(
2132 &operation->ctx.opaque_test_driver_ctx,
2133 attributes,
2134 key_buffer, key_buffer_size,
2135 alg );
2136
2137 if( status == PSA_SUCCESS )
2138 operation->id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID;
2139
2140 return( status );
2141#endif /* PSA_CRYPTO_DRIVER_TEST */
2142#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2143 default:
2144 /* Key is declared with a lifetime not known to us */
2145 (void) status;
2146 (void) operation;
2147 (void) key_buffer;
2148 (void) key_buffer_size;
2149 (void) alg;
2150 return( PSA_ERROR_INVALID_ARGUMENT );
2151 }
2152}
2153
2154psa_status_t psa_driver_wrapper_mac_verify_setup(
2155 psa_mac_operation_t *operation,
2156 const psa_key_attributes_t *attributes,
2157 const uint8_t *key_buffer,
2158 size_t key_buffer_size,
2159 psa_algorithm_t alg )
2160{
2161 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2162 psa_key_location_t location =
2163 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
2164
2165 switch( location )
2166 {
2167 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2168 /* Key is stored in the slot in export representation, so
2169 * cycle through all known transparent accelerators */
2170#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2171#if defined(PSA_CRYPTO_DRIVER_TEST)
2172 status = mbedtls_test_transparent_mac_verify_setup(
2173 &operation->ctx.transparent_test_driver_ctx,
2174 attributes,
2175 key_buffer, key_buffer_size,
2176 alg );
2177 /* Declared with fallback == true */
2178 if( status == PSA_SUCCESS )
2179 operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
2180
2181 if( status != PSA_ERROR_NOT_SUPPORTED )
2182 return( status );
2183#endif /* PSA_CRYPTO_DRIVER_TEST */
2184#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2185#if defined(MBEDTLS_PSA_BUILTIN_MAC)
2186 /* Fell through, meaning no accelerator supports this operation */
2187 status = mbedtls_psa_mac_verify_setup( &operation->ctx.mbedtls_ctx,
2188 attributes,
2189 key_buffer, key_buffer_size,
2190 alg );
2191 if( status == PSA_SUCCESS )
2192 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
2193
2194 if( status != PSA_ERROR_NOT_SUPPORTED )
2195 return( status );
2196#endif /* MBEDTLS_PSA_BUILTIN_MAC */
2197 return( PSA_ERROR_NOT_SUPPORTED );
2198
2199 /* Add cases for opaque driver here */
2200#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2201#if defined(PSA_CRYPTO_DRIVER_TEST)
2202 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2203 status = mbedtls_test_opaque_mac_verify_setup(
2204 &operation->ctx.opaque_test_driver_ctx,
2205 attributes,
2206 key_buffer, key_buffer_size,
2207 alg );
2208
2209 if( status == PSA_SUCCESS )
2210 operation->id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID;
2211
2212 return( status );
2213#endif /* PSA_CRYPTO_DRIVER_TEST */
2214#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2215 default:
2216 /* Key is declared with a lifetime not known to us */
2217 (void) status;
2218 (void) operation;
2219 (void) key_buffer;
2220 (void) key_buffer_size;
2221 (void) alg;
2222 return( PSA_ERROR_INVALID_ARGUMENT );
2223 }
2224}
2225
2226psa_status_t psa_driver_wrapper_mac_update(
2227 psa_mac_operation_t *operation,
2228 const uint8_t *input,
2229 size_t input_length )
2230{
2231 switch( operation->id )
2232 {
2233#if defined(MBEDTLS_PSA_BUILTIN_MAC)
2234 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2235 return( mbedtls_psa_mac_update( &operation->ctx.mbedtls_ctx,
2236 input, input_length ) );
2237#endif /* MBEDTLS_PSA_BUILTIN_MAC */
2238
2239#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2240#if defined(PSA_CRYPTO_DRIVER_TEST)
2241 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
2242 return( mbedtls_test_transparent_mac_update(
2243 &operation->ctx.transparent_test_driver_ctx,
2244 input, input_length ) );
2245
2246 case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
2247 return( mbedtls_test_opaque_mac_update(
2248 &operation->ctx.opaque_test_driver_ctx,
2249 input, input_length ) );
2250#endif /* PSA_CRYPTO_DRIVER_TEST */
2251#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2252 default:
2253 (void) input;
2254 (void) input_length;
2255 return( PSA_ERROR_INVALID_ARGUMENT );
2256 }
2257}
2258
2259psa_status_t psa_driver_wrapper_mac_sign_finish(
2260 psa_mac_operation_t *operation,
2261 uint8_t *mac,
2262 size_t mac_size,
2263 size_t *mac_length )
2264{
2265 switch( operation->id )
2266 {
2267#if defined(MBEDTLS_PSA_BUILTIN_MAC)
2268 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2269 return( mbedtls_psa_mac_sign_finish( &operation->ctx.mbedtls_ctx,
2270 mac, mac_size, mac_length ) );
2271#endif /* MBEDTLS_PSA_BUILTIN_MAC */
2272
2273#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2274#if defined(PSA_CRYPTO_DRIVER_TEST)
2275 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
2276 return( mbedtls_test_transparent_mac_sign_finish(
2277 &operation->ctx.transparent_test_driver_ctx,
2278 mac, mac_size, mac_length ) );
2279
2280 case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
2281 return( mbedtls_test_opaque_mac_sign_finish(
2282 &operation->ctx.opaque_test_driver_ctx,
2283 mac, mac_size, mac_length ) );
2284#endif /* PSA_CRYPTO_DRIVER_TEST */
2285#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2286 default:
2287 (void) mac;
2288 (void) mac_size;
2289 (void) mac_length;
2290 return( PSA_ERROR_INVALID_ARGUMENT );
2291 }
2292}
2293
2294psa_status_t psa_driver_wrapper_mac_verify_finish(
2295 psa_mac_operation_t *operation,
2296 const uint8_t *mac,
2297 size_t mac_length )
2298{
2299 switch( operation->id )
2300 {
2301#if defined(MBEDTLS_PSA_BUILTIN_MAC)
2302 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2303 return( mbedtls_psa_mac_verify_finish( &operation->ctx.mbedtls_ctx,
2304 mac, mac_length ) );
2305#endif /* MBEDTLS_PSA_BUILTIN_MAC */
2306
2307#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2308#if defined(PSA_CRYPTO_DRIVER_TEST)
2309 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
2310 return( mbedtls_test_transparent_mac_verify_finish(
2311 &operation->ctx.transparent_test_driver_ctx,
2312 mac, mac_length ) );
2313
2314 case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
2315 return( mbedtls_test_opaque_mac_verify_finish(
2316 &operation->ctx.opaque_test_driver_ctx,
2317 mac, mac_length ) );
2318#endif /* PSA_CRYPTO_DRIVER_TEST */
2319#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2320 default:
2321 (void) mac;
2322 (void) mac_length;
2323 return( PSA_ERROR_INVALID_ARGUMENT );
2324 }
2325}
2326
2327psa_status_t psa_driver_wrapper_mac_abort(
2328 psa_mac_operation_t *operation )
2329{
2330 switch( operation->id )
2331 {
2332#if defined(MBEDTLS_PSA_BUILTIN_MAC)
2333 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2334 return( mbedtls_psa_mac_abort( &operation->ctx.mbedtls_ctx ) );
2335#endif /* MBEDTLS_PSA_BUILTIN_MAC */
2336
2337#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2338#if defined(PSA_CRYPTO_DRIVER_TEST)
2339 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
2340 return( mbedtls_test_transparent_mac_abort(
2341 &operation->ctx.transparent_test_driver_ctx ) );
2342 case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
2343 return( mbedtls_test_opaque_mac_abort(
2344 &operation->ctx.opaque_test_driver_ctx ) );
2345#endif /* PSA_CRYPTO_DRIVER_TEST */
2346#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2347 default:
2348 return( PSA_ERROR_INVALID_ARGUMENT );
2349 }
2350}
2351
2352/*
2353 * Asymmetric cryptography
2354 */
2355psa_status_t psa_driver_wrapper_asymmetric_encrypt(
2356 const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
2357 size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input,
2358 size_t input_length, const uint8_t *salt, size_t salt_length,
2359 uint8_t *output, size_t output_size, size_t *output_length )
2360{
2361 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2362 psa_key_location_t location =
2363 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
2364
2365 switch( location )
2366 {
2367 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2368 /* Key is stored in the slot in export representation, so
2369 * cycle through all known transparent accelerators */
2370#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2371#if defined(PSA_CRYPTO_DRIVER_TEST)
2372 status = mbedtls_test_transparent_asymmetric_encrypt( attributes,
2373 key_buffer, key_buffer_size, alg, input, input_length,
2374 salt, salt_length, output, output_size,
2375 output_length );
2376 /* Declared with fallback == true */
2377 if( status != PSA_ERROR_NOT_SUPPORTED )
2378 return( status );
2379#endif /* PSA_CRYPTO_DRIVER_TEST */
2380#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2381 return( mbedtls_psa_asymmetric_encrypt( attributes,
2382 key_buffer, key_buffer_size, alg, input, input_length,
2383 salt, salt_length, output, output_size, output_length )
2384 );
2385 /* Add cases for opaque driver here */
2386#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2387#if defined(PSA_CRYPTO_DRIVER_TEST)
2388 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2389 return( mbedtls_test_opaque_asymmetric_encrypt( attributes,
2390 key_buffer, key_buffer_size, alg, input, input_length,
2391 salt, salt_length, output, output_size, output_length )
2392 );
2393#endif /* PSA_CRYPTO_DRIVER_TEST */
2394#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2395
2396 default:
2397 /* Key is declared with a lifetime not known to us */
2398 (void)status;
2399 (void)key_buffer;
2400 (void)key_buffer_size;
2401 (void)alg;
2402 (void)input;
2403 (void)input_length;
2404 (void)salt;
2405 (void)salt_length;
2406 (void)output;
2407 (void)output_size;
2408 (void)output_length;
2409 return( PSA_ERROR_INVALID_ARGUMENT );
2410 }
2411}
2412
2413psa_status_t psa_driver_wrapper_asymmetric_decrypt(
2414 const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
2415 size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input,
2416 size_t input_length, const uint8_t *salt, size_t salt_length,
2417 uint8_t *output, size_t output_size, size_t *output_length )
2418{
2419 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2420 psa_key_location_t location =
2421 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
2422
2423 switch( location )
2424 {
2425 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2426 /* Key is stored in the slot in export representation, so
2427 * cycle through all known transparent accelerators */
2428#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2429#if defined(PSA_CRYPTO_DRIVER_TEST)
2430 status = mbedtls_test_transparent_asymmetric_decrypt( attributes,
2431 key_buffer, key_buffer_size, alg, input, input_length,
2432 salt, salt_length, output, output_size,
2433 output_length );
2434 /* Declared with fallback == true */
2435 if( status != PSA_ERROR_NOT_SUPPORTED )
2436 return( status );
2437#endif /* PSA_CRYPTO_DRIVER_TEST */
2438#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2439 return( mbedtls_psa_asymmetric_decrypt( attributes,
2440 key_buffer, key_buffer_size, alg,input, input_length,
2441 salt, salt_length, output, output_size,
2442 output_length ) );
2443 /* Add cases for opaque driver here */
2444#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2445#if defined(PSA_CRYPTO_DRIVER_TEST)
2446 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2447 return( mbedtls_test_opaque_asymmetric_decrypt( attributes,
2448 key_buffer, key_buffer_size, alg, input, input_length,
2449 salt, salt_length, output, output_size,
2450 output_length ) );
2451#endif /* PSA_CRYPTO_DRIVER_TEST */
2452#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2453
2454 default:
2455 /* Key is declared with a lifetime not known to us */
2456 (void)status;
2457 (void)key_buffer;
2458 (void)key_buffer_size;
2459 (void)alg;
2460 (void)input;
2461 (void)input_length;
2462 (void)salt;
2463 (void)salt_length;
2464 (void)output;
2465 (void)output_size;
2466 (void)output_length;
2467 return( PSA_ERROR_INVALID_ARGUMENT );
2468 }
2469}
2470
2471#endif /* MBEDTLS_PSA_CRYPTO_C */