TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / df2b5da57f2c269455ae2fd66f37b2e294e5447d / . / library / psa_crypto_driver_wrappers.c
blob: 9e946e367021035a7d7af9fc5367d730551d450f [file] [log] [blame]
Paul Elliottdf2b5da2023-03-21 18:12:47 +0000[diff] [blame^]1/*
2 * Functions to delegate cryptographic operations to an available
3 * and appropriate accelerator.
4 * Warning: This file is now auto-generated.
5 */
6/* Copyright The Mbed TLS Contributors
7 * SPDX-License-Identifier: Apache-2.0
8 *
9 * Licensed under the Apache License, Version 2.0 (the "License"); you may
10 * not use this file except in compliance with the License.
11 * You may obtain a copy of the License at
12 *
13 * http://www.apache.org/licenses/LICENSE-2.0
14 *
15 * Unless required by applicable law or agreed to in writing, software
16 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
17 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18 * See the License for the specific language governing permissions and
19 * limitations under the License.
20 */
21
22
23/* BEGIN-common headers */
24#include "common.h"
25#include "psa_crypto_aead.h"
26#include "psa_crypto_cipher.h"
27#include "psa_crypto_core.h"
28#include "psa_crypto_driver_wrappers.h"
29#include "psa_crypto_hash.h"
30#include "psa_crypto_mac.h"
31#include "psa_crypto_pake.h"
32#include "psa_crypto_rsa.h"
33
34#include "mbedtls/platform.h"
35/* END-common headers */
36
37#if defined(MBEDTLS_PSA_CRYPTO_C)
38
39/* BEGIN-driver headers */
40#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS)
41/* Headers for mbedtls_test opaque driver */
42#if defined(PSA_CRYPTO_DRIVER_TEST)
43#include "test/drivers/test_driver.h"
44
45#endif
46/* Headers for mbedtls_test transparent driver */
47#if defined(PSA_CRYPTO_DRIVER_TEST)
48#include "test/drivers/test_driver.h"
49
50#endif
51
52#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS */
53/* END-driver headers */
54
55/* Auto-generated values depending on which drivers are registered.
56 * ID 0 is reserved for unallocated operations.
57 * ID 1 is reserved for the Mbed TLS software driver. */
58/* BEGIN-driver id definition */
59#define PSA_CRYPTO_MBED_TLS_DRIVER_ID (1)
60#define MBEDTLS_TEST_OPAQUE_DRIVER_ID (2)
61#define MBEDTLS_TEST_TRANSPARENT_DRIVER_ID (3)
62
63/* END-driver id */
64
65/* BEGIN-Common Macro definitions */
66
67/* END-Common Macro definitions */
68
69/* Support the 'old' SE interface when asked to */
70#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
71/* PSA_CRYPTO_DRIVER_PRESENT is defined when either a new-style or old-style
72 * SE driver is present, to avoid unused argument errors at compile time. */
73#ifndef PSA_CRYPTO_DRIVER_PRESENT
74#define PSA_CRYPTO_DRIVER_PRESENT
75#endif
76#include "psa_crypto_se.h"
77#endif
78
79psa_status_t psa_driver_wrapper_init( void )
80{
81 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
82
83#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
84 status = psa_init_all_se_drivers( );
85 if( status != PSA_SUCCESS )
86 return( status );
87#endif
88
89#if defined(PSA_CRYPTO_DRIVER_TEST)
90 status = mbedtls_test_transparent_init( );
91 if( status != PSA_SUCCESS )
92 return( status );
93
94 status = mbedtls_test_opaque_init( );
95 if( status != PSA_SUCCESS )
96 return( status );
97#endif
98
99 (void) status;
100 return( PSA_SUCCESS );
101}
102
103void psa_driver_wrapper_free( void )
104{
105#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
106 /* Unregister all secure element drivers, so that we restart from
107 * a pristine state. */
108 psa_unregister_all_se_drivers( );
109#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
110
111#if defined(PSA_CRYPTO_DRIVER_TEST)
112 mbedtls_test_transparent_free( );
113 mbedtls_test_opaque_free( );
114#endif
115}
116
117/* Start delegation functions */
118psa_status_t psa_driver_wrapper_sign_message(
119 const psa_key_attributes_t *attributes,
120 const uint8_t *key_buffer,
121 size_t key_buffer_size,
122 psa_algorithm_t alg,
123 const uint8_t *input,
124 size_t input_length,
125 uint8_t *signature,
126 size_t signature_size,
127 size_t *signature_length )
128{
129 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
130 psa_key_location_t location =
131 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
132
133 switch( location )
134 {
135 case PSA_KEY_LOCATION_LOCAL_STORAGE:
136 /* Key is stored in the slot in export representation, so
137 * cycle through all known transparent accelerators */
138#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
139#if defined(PSA_CRYPTO_DRIVER_TEST)
140 status = mbedtls_test_transparent_signature_sign_message(
141 attributes,
142 key_buffer,
143 key_buffer_size,
144 alg,
145 input,
146 input_length,
147 signature,
148 signature_size,
149 signature_length );
150 /* Declared with fallback == true */
151 if( status != PSA_ERROR_NOT_SUPPORTED )
152 return( status );
153#endif /* PSA_CRYPTO_DRIVER_TEST */
154#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
155 break;
156
157 /* Add cases for opaque driver here */
158#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
159#if defined(PSA_CRYPTO_DRIVER_TEST)
160 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
161 status = mbedtls_test_opaque_signature_sign_message(
162 attributes,
163 key_buffer,
164 key_buffer_size,
165 alg,
166 input,
167 input_length,
168 signature,
169 signature_size,
170 signature_length );
171 if( status != PSA_ERROR_NOT_SUPPORTED )
172 return( status );
173 break;
174#endif /* PSA_CRYPTO_DRIVER_TEST */
175#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
176 default:
177 /* Key is declared with a lifetime not known to us */
178 (void)status;
179 break;
180 }
181
182 return( psa_sign_message_builtin( attributes,
183 key_buffer,
184 key_buffer_size,
185 alg,
186 input,
187 input_length,
188 signature,
189 signature_size,
190 signature_length ) );
191}
192
193psa_status_t psa_driver_wrapper_verify_message(
194 const psa_key_attributes_t *attributes,
195 const uint8_t *key_buffer,
196 size_t key_buffer_size,
197 psa_algorithm_t alg,
198 const uint8_t *input,
199 size_t input_length,
200 const uint8_t *signature,
201 size_t signature_length )
202{
203 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
204 psa_key_location_t location =
205 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
206
207 switch( location )
208 {
209 case PSA_KEY_LOCATION_LOCAL_STORAGE:
210 /* Key is stored in the slot in export representation, so
211 * cycle through all known transparent accelerators */
212#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
213#if defined(PSA_CRYPTO_DRIVER_TEST)
214 status = mbedtls_test_transparent_signature_verify_message(
215 attributes,
216 key_buffer,
217 key_buffer_size,
218 alg,
219 input,
220 input_length,
221 signature,
222 signature_length );
223 /* Declared with fallback == true */
224 if( status != PSA_ERROR_NOT_SUPPORTED )
225 return( status );
226#endif /* PSA_CRYPTO_DRIVER_TEST */
227#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
228 break;
229
230 /* Add cases for opaque driver here */
231#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
232#if defined(PSA_CRYPTO_DRIVER_TEST)
233 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
234 return( mbedtls_test_opaque_signature_verify_message(
235 attributes,
236 key_buffer,
237 key_buffer_size,
238 alg,
239 input,
240 input_length,
241 signature,
242 signature_length ) );
243 if( status != PSA_ERROR_NOT_SUPPORTED )
244 return( status );
245 break;
246#endif /* PSA_CRYPTO_DRIVER_TEST */
247#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
248 default:
249 /* Key is declared with a lifetime not known to us */
250 (void)status;
251 break;
252 }
253
254 return( psa_verify_message_builtin( attributes,
255 key_buffer,
256 key_buffer_size,
257 alg,
258 input,
259 input_length,
260 signature,
261 signature_length ) );
262}
263
264psa_status_t psa_driver_wrapper_sign_hash(
265 const psa_key_attributes_t *attributes,
266 const uint8_t *key_buffer, size_t key_buffer_size,
267 psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
268 uint8_t *signature, size_t signature_size, size_t *signature_length )
269{
270 /* Try dynamically-registered SE interface first */
271#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
272 const psa_drv_se_t *drv;
273 psa_drv_se_context_t *drv_context;
274
275 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
276 {
277 if( drv->asymmetric == NULL ||
278 drv->asymmetric->p_sign == NULL )
279 {
280 /* Key is defined in SE, but we have no way to exercise it */
281 return( PSA_ERROR_NOT_SUPPORTED );
282 }
283 return( drv->asymmetric->p_sign(
284 drv_context, *( (psa_key_slot_number_t *)key_buffer ),
285 alg, hash, hash_length,
286 signature, signature_size, signature_length ) );
287 }
288#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
289
290 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
291 psa_key_location_t location =
292 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
293
294 switch( location )
295 {
296 case PSA_KEY_LOCATION_LOCAL_STORAGE:
297 /* Key is stored in the slot in export representation, so
298 * cycle through all known transparent accelerators */
299#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
300#if defined(PSA_CRYPTO_DRIVER_TEST)
301 status = mbedtls_test_transparent_signature_sign_hash( attributes,
302 key_buffer,
303 key_buffer_size,
304 alg,
305 hash,
306 hash_length,
307 signature,
308 signature_size,
309 signature_length );
310 /* Declared with fallback == true */
311 if( status != PSA_ERROR_NOT_SUPPORTED )
312 return( status );
313#endif /* PSA_CRYPTO_DRIVER_TEST */
314#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
315 /* Fell through, meaning no accelerator supports this operation */
316 return( psa_sign_hash_builtin( attributes,
317 key_buffer,
318 key_buffer_size,
319 alg,
320 hash,
321 hash_length,
322 signature,
323 signature_size,
324 signature_length ) );
325
326 /* Add cases for opaque driver here */
327#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
328#if defined(PSA_CRYPTO_DRIVER_TEST)
329 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
330 return( mbedtls_test_opaque_signature_sign_hash( attributes,
331 key_buffer,
332 key_buffer_size,
333 alg,
334 hash,
335 hash_length,
336 signature,
337 signature_size,
338 signature_length ) );
339#endif /* PSA_CRYPTO_DRIVER_TEST */
340#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
341 default:
342 /* Key is declared with a lifetime not known to us */
343 (void)status;
344 return( PSA_ERROR_INVALID_ARGUMENT );
345 }
346}
347
348psa_status_t psa_driver_wrapper_verify_hash(
349 const psa_key_attributes_t *attributes,
350 const uint8_t *key_buffer, size_t key_buffer_size,
351 psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
352 const uint8_t *signature, size_t signature_length )
353{
354 /* Try dynamically-registered SE interface first */
355#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
356 const psa_drv_se_t *drv;
357 psa_drv_se_context_t *drv_context;
358
359 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
360 {
361 if( drv->asymmetric == NULL ||
362 drv->asymmetric->p_verify == NULL )
363 {
364 /* Key is defined in SE, but we have no way to exercise it */
365 return( PSA_ERROR_NOT_SUPPORTED );
366 }
367 return( drv->asymmetric->p_verify(
368 drv_context, *( (psa_key_slot_number_t *)key_buffer ),
369 alg, hash, hash_length,
370 signature, signature_length ) );
371 }
372#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
373
374 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
375 psa_key_location_t location =
376 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
377
378 switch( location )
379 {
380 case PSA_KEY_LOCATION_LOCAL_STORAGE:
381 /* Key is stored in the slot in export representation, so
382 * cycle through all known transparent accelerators */
383#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
384#if defined(PSA_CRYPTO_DRIVER_TEST)
385 status = mbedtls_test_transparent_signature_verify_hash(
386 attributes,
387 key_buffer,
388 key_buffer_size,
389 alg,
390 hash,
391 hash_length,
392 signature,
393 signature_length );
394 /* Declared with fallback == true */
395 if( status != PSA_ERROR_NOT_SUPPORTED )
396 return( status );
397#endif /* PSA_CRYPTO_DRIVER_TEST */
398#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
399
400 return( psa_verify_hash_builtin( attributes,
401 key_buffer,
402 key_buffer_size,
403 alg,
404 hash,
405 hash_length,
406 signature,
407 signature_length ) );
408
409 /* Add cases for opaque driver here */
410#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
411#if defined(PSA_CRYPTO_DRIVER_TEST)
412 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
413 return( mbedtls_test_opaque_signature_verify_hash( attributes,
414 key_buffer,
415 key_buffer_size,
416 alg,
417 hash,
418 hash_length,
419 signature,
420 signature_length ) );
421#endif /* PSA_CRYPTO_DRIVER_TEST */
422#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
423 default:
424 /* Key is declared with a lifetime not known to us */
425 (void)status;
426 return( PSA_ERROR_INVALID_ARGUMENT );
427 }
428}
429
430uint32_t psa_driver_wrapper_sign_hash_get_num_ops(
431 psa_sign_hash_interruptible_operation_t *operation )
432{
433 switch( operation->id )
434 {
435 /* If uninitialised, return 0, as no work can have been done. */
436 case 0:
437 return 0;
438
439 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
440 return(mbedtls_psa_sign_hash_get_num_ops(&operation->ctx.mbedtls_ctx));
441
442#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
443#if defined(PSA_CRYPTO_DRIVER_TEST)
444 /* Add test driver tests here */
445
446#endif /* PSA_CRYPTO_DRIVER_TEST */
447#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
448 }
449
450 return( PSA_ERROR_INVALID_ARGUMENT );
451}
452
453uint32_t psa_driver_wrapper_verify_hash_get_num_ops(
454 psa_verify_hash_interruptible_operation_t *operation )
455{
456 switch( operation->id )
457 {
458 /* If uninitialised, return 0, as no work can have been done. */
459 case 0:
460 return 0;
461
462 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
463 return (mbedtls_psa_verify_hash_get_num_ops(&operation->ctx.mbedtls_ctx));
464
465#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
466#if defined(PSA_CRYPTO_DRIVER_TEST)
467 /* Add test driver tests here */
468
469#endif /* PSA_CRYPTO_DRIVER_TEST */
470#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
471
472 }
473
474 return( PSA_ERROR_INVALID_ARGUMENT );
475}
476
477psa_status_t psa_driver_wrapper_sign_hash_start(
478 psa_sign_hash_interruptible_operation_t *operation,
479 const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
480 size_t key_buffer_size, psa_algorithm_t alg,
481 const uint8_t *hash, size_t hash_length )
482{
483 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
484 psa_key_location_t location =
485 PSA_KEY_LIFETIME_GET_LOCATION(
486 attributes->core.lifetime );
487
488 switch( location )
489 {
490 case PSA_KEY_LOCATION_LOCAL_STORAGE:
491 /* Key is stored in the slot in export representation, so
492 * cycle through all known transparent accelerators */
493
494#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
495#if defined(PSA_CRYPTO_DRIVER_TEST)
496
497 /* Add test driver tests here */
498
499 /* Declared with fallback == true */
500
501#endif /* PSA_CRYPTO_DRIVER_TEST */
502#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
503
504 /* Fell through, meaning no accelerator supports this operation */
505 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
506 return( mbedtls_psa_sign_hash_start( &operation->ctx.mbedtls_ctx,
507 attributes,
508 key_buffer, key_buffer_size,
509 alg, hash, hash_length ) );
510 break;
511
512 /* Add cases for opaque driver here */
513
514 default:
515 /* Key is declared with a lifetime not known to us */
516 ( void ) status;
517 return( PSA_ERROR_INVALID_ARGUMENT );
518 }
519
520 ( void ) operation;
521 ( void ) key_buffer;
522 ( void ) key_buffer_size;
523 ( void ) alg;
524 ( void ) hash;
525 ( void ) hash_length;
526
527 return( status );
528}
529
530psa_status_t psa_driver_wrapper_sign_hash_complete(
531 psa_sign_hash_interruptible_operation_t *operation,
532 uint8_t *signature, size_t signature_size,
533 size_t *signature_length )
534{
535 switch( operation->id )
536 {
537 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
538 return( mbedtls_psa_sign_hash_complete( &operation->ctx.mbedtls_ctx,
539 signature, signature_size,
540 signature_length ) );
541
542#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
543#if defined(PSA_CRYPTO_DRIVER_TEST)
544 /* Add test driver tests here */
545
546#endif /* PSA_CRYPTO_DRIVER_TEST */
547#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
548 }
549
550 ( void ) signature;
551 ( void ) signature_size;
552 ( void ) signature_length;
553
554 return( PSA_ERROR_INVALID_ARGUMENT );
555}
556
557psa_status_t psa_driver_wrapper_sign_hash_abort(
558 psa_sign_hash_interruptible_operation_t *operation )
559{
560 switch( operation->id )
561 {
562 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
563 return( mbedtls_psa_sign_hash_abort( &operation->ctx.mbedtls_ctx ) );
564
565#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
566#if defined(PSA_CRYPTO_DRIVER_TEST)
567 /* Add test driver tests here */
568
569#endif /* PSA_CRYPTO_DRIVER_TEST */
570#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
571 }
572
573 return( PSA_ERROR_INVALID_ARGUMENT );
574}
575
576psa_status_t psa_driver_wrapper_verify_hash_start(
577 psa_verify_hash_interruptible_operation_t *operation,
578 const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
579 size_t key_buffer_size, psa_algorithm_t alg,
580 const uint8_t *hash, size_t hash_length,
581 const uint8_t *signature, size_t signature_length )
582{
583
584 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
585 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
586 attributes->core.lifetime );
587
588 switch( location )
589 {
590 case PSA_KEY_LOCATION_LOCAL_STORAGE:
591 /* Key is stored in the slot in export representation, so
592 * cycle through all known transparent accelerators */
593
594#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
595#if defined(PSA_CRYPTO_DRIVER_TEST)
596
597 /* Add test driver tests here */
598
599 /* Declared with fallback == true */
600
601#endif /* PSA_CRYPTO_DRIVER_TEST */
602#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
603
604 /* Fell through, meaning no accelerator supports this operation */
605 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
606 return( mbedtls_psa_verify_hash_start( &operation->ctx.mbedtls_ctx,
607 attributes,
608 key_buffer, key_buffer_size,
609 alg, hash, hash_length,
610 signature, signature_length
611 ) );
612 break;
613
614 /* Add cases for opaque driver here */
615
616 default:
617 /* Key is declared with a lifetime not known to us */
618 ( void ) status;
619 return( PSA_ERROR_INVALID_ARGUMENT );
620 }
621
622 ( void ) operation;
623 ( void ) key_buffer;
624 ( void ) key_buffer_size;
625 ( void ) alg;
626 ( void ) hash;
627 ( void ) hash_length;
628 ( void ) signature;
629 ( void ) signature_length;
630
631 return( status );
632}
633
634psa_status_t psa_driver_wrapper_verify_hash_complete(
635 psa_verify_hash_interruptible_operation_t *operation )
636{
637 switch( operation->id )
638 {
639 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
640 return( mbedtls_psa_verify_hash_complete(
641 &operation->ctx.mbedtls_ctx
642 ) );
643
644#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
645#if defined(PSA_CRYPTO_DRIVER_TEST)
646 /* Add test driver tests here */
647
648#endif /* PSA_CRYPTO_DRIVER_TEST */
649#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
650 }
651
652 return( PSA_ERROR_INVALID_ARGUMENT );
653}
654
655psa_status_t psa_driver_wrapper_verify_hash_abort(
656 psa_verify_hash_interruptible_operation_t *operation )
657{
658 switch( operation->id )
659 {
660 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
661 return( mbedtls_psa_verify_hash_abort( &operation->ctx.mbedtls_ctx
662 ) );
663
664#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
665#if defined(PSA_CRYPTO_DRIVER_TEST)
666 /* Add test driver tests here */
667
668#endif /* PSA_CRYPTO_DRIVER_TEST */
669#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
670 }
671
672 return( PSA_ERROR_INVALID_ARGUMENT );
673}
674
675/** Calculate the key buffer size required to store the key material of a key
676 * associated with an opaque driver from input key data.
677 *
678 * \param[in] attributes The key attributes
679 * \param[in] data The input key data.
680 * \param[in] data_length The input data length.
681 * \param[out] key_buffer_size Minimum buffer size to contain the key material.
682 *
683 * \retval #PSA_SUCCESS \emptydescription
684 * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
685 * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
686 */
687psa_status_t psa_driver_wrapper_get_key_buffer_size_from_key_data(
688 const psa_key_attributes_t *attributes,
689 const uint8_t *data,
690 size_t data_length,
691 size_t *key_buffer_size )
692{
693 psa_key_location_t location =
694 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
695 psa_key_type_t key_type = attributes->core.type;
696
697 *key_buffer_size = 0;
698 switch( location )
699 {
700#if defined(PSA_CRYPTO_DRIVER_TEST)
701 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
702 *key_buffer_size = mbedtls_test_opaque_size_function( key_type,
703 PSA_BYTES_TO_BITS( data_length ) );
704 return( ( *key_buffer_size != 0 ) ?
705 PSA_SUCCESS : PSA_ERROR_NOT_SUPPORTED );
706#endif /* PSA_CRYPTO_DRIVER_TEST */
707
708 default:
709 (void)key_type;
710 (void)data;
711 (void)data_length;
712 return( PSA_ERROR_INVALID_ARGUMENT );
713 }
714}
715
716/** Get the key buffer size required to store the key material of a key
717 * associated with an opaque driver.
718 *
719 * \param[in] attributes The key attributes.
720 * \param[out] key_buffer_size Minimum buffer size to contain the key material
721 *
722 * \retval #PSA_SUCCESS
723 * The minimum size for a buffer to contain the key material has been
724 * returned successfully.
725 * \retval #PSA_ERROR_NOT_SUPPORTED
726 * The type and/or the size in bits of the key or the combination of
727 * the two is not supported.
728 * \retval #PSA_ERROR_INVALID_ARGUMENT
729 * The key is declared with a lifetime not known to us.
730 */
731psa_status_t psa_driver_wrapper_get_key_buffer_size(
732 const psa_key_attributes_t *attributes,
733 size_t *key_buffer_size )
734{
735 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
736 psa_key_type_t key_type = attributes->core.type;
737 size_t key_bits = attributes->core.bits;
738
739 *key_buffer_size = 0;
740 switch( location )
741 {
742#if defined(PSA_CRYPTO_DRIVER_TEST)
743 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
744#if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
745 /* Emulate property 'builtin_key_size' */
746 if( psa_key_id_is_builtin(
747 MBEDTLS_SVC_KEY_ID_GET_KEY_ID(
748 psa_get_key_id( attributes ) ) ) )
749 {
750 *key_buffer_size = sizeof( psa_drv_slot_number_t );
751 return( PSA_SUCCESS );
752 }
753#endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
754 *key_buffer_size = mbedtls_test_opaque_size_function( key_type,
755 key_bits );
756 return( ( *key_buffer_size != 0 ) ?
757 PSA_SUCCESS : PSA_ERROR_NOT_SUPPORTED );
758#endif /* PSA_CRYPTO_DRIVER_TEST */
759
760 default:
761 (void)key_type;
762 (void)key_bits;
763 return( PSA_ERROR_INVALID_ARGUMENT );
764 }
765}
766
767psa_status_t psa_driver_wrapper_generate_key(
768 const psa_key_attributes_t *attributes,
769 uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
770{
771 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
772 psa_key_location_t location =
773 PSA_KEY_LIFETIME_GET_LOCATION(attributes->core.lifetime);
774
775 /* Try dynamically-registered SE interface first */
776#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
777 const psa_drv_se_t *drv;
778 psa_drv_se_context_t *drv_context;
779
780 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
781 {
782 size_t pubkey_length = 0; /* We don't support this feature yet */
783 if( drv->key_management == NULL ||
784 drv->key_management->p_generate == NULL )
785 {
786 /* Key is defined as being in SE, but we have no way to generate it */
787 return( PSA_ERROR_NOT_SUPPORTED );
788 }
789 return( drv->key_management->p_generate(
790 drv_context,
791 *( (psa_key_slot_number_t *)key_buffer ),
792 attributes, NULL, 0, &pubkey_length ) );
793 }
794#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
795
796 switch( location )
797 {
798 case PSA_KEY_LOCATION_LOCAL_STORAGE:
799#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
800 /* Transparent drivers are limited to generating asymmetric keys */
801 if( PSA_KEY_TYPE_IS_ASYMMETRIC( attributes->core.type ) )
802 {
803 /* Cycle through all known transparent accelerators */
804#if defined(PSA_CRYPTO_DRIVER_TEST)
805 status = mbedtls_test_transparent_generate_key(
806 attributes, key_buffer, key_buffer_size,
807 key_buffer_length );
808 /* Declared with fallback == true */
809 if( status != PSA_ERROR_NOT_SUPPORTED )
810 break;
811#endif /* PSA_CRYPTO_DRIVER_TEST */
812 }
813#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
814
815 /* Software fallback */
816 status = psa_generate_key_internal(
817 attributes, key_buffer, key_buffer_size, key_buffer_length );
818 break;
819
820 /* Add cases for opaque driver here */
821#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
822#if defined(PSA_CRYPTO_DRIVER_TEST)
823 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
824 status = mbedtls_test_opaque_generate_key(
825 attributes, key_buffer, key_buffer_size, key_buffer_length );
826 break;
827#endif /* PSA_CRYPTO_DRIVER_TEST */
828#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
829
830 default:
831 /* Key is declared with a lifetime not known to us */
832 status = PSA_ERROR_INVALID_ARGUMENT;
833 break;
834 }
835
836 return( status );
837}
838
839psa_status_t psa_driver_wrapper_import_key(
840 const psa_key_attributes_t *attributes,
841 const uint8_t *data,
842 size_t data_length,
843 uint8_t *key_buffer,
844 size_t key_buffer_size,
845 size_t *key_buffer_length,
846 size_t *bits )
847{
848
849 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
850 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
851 psa_get_key_lifetime( attributes ) );
852
853 /* Try dynamically-registered SE interface first */
854#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
855 const psa_drv_se_t *drv;
856 psa_drv_se_context_t *drv_context;
857
858 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
859 {
860 if( drv->key_management == NULL ||
861 drv->key_management->p_import == NULL )
862 return( PSA_ERROR_NOT_SUPPORTED );
863
864 /* The driver should set the number of key bits, however in
865 * case it doesn't, we initialize bits to an invalid value. */
866 *bits = PSA_MAX_KEY_BITS + 1;
867 status = drv->key_management->p_import(
868 drv_context,
869 *( (psa_key_slot_number_t *)key_buffer ),
870 attributes, data, data_length, bits );
871
872 if( status != PSA_SUCCESS )
873 return( status );
874
875 if( (*bits) > PSA_MAX_KEY_BITS )
876 return( PSA_ERROR_NOT_SUPPORTED );
877
878 return( PSA_SUCCESS );
879 }
880#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
881
882 switch( location )
883 {
884 case PSA_KEY_LOCATION_LOCAL_STORAGE:
885 /* Key is stored in the slot in export representation, so
886 * cycle through all known transparent accelerators */
887#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
888
889#if (defined(PSA_CRYPTO_DRIVER_TEST) )
890 status = mbedtls_test_transparent_import_key
891 (attributes,
892 data,
893 data_length,
894 key_buffer,
895 key_buffer_size,
896 key_buffer_length,
897 bits
898 );
899
900 if( status != PSA_ERROR_NOT_SUPPORTED )
901 return( status );
902#endif
903
904
905#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
906
907 /* Fell through, meaning no accelerator supports this operation */
908 return( psa_import_key_into_slot( attributes,
909 data, data_length,
910 key_buffer, key_buffer_size,
911 key_buffer_length, bits ) );
912 /* Add cases for opaque driver here */
913#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
914
915#if (defined(PSA_CRYPTO_DRIVER_TEST) )
916 case 0x7fffff:
917 return( mbedtls_test_opaque_import_key
918 (attributes,
919 data,
920 data_length,
921 key_buffer,
922 key_buffer_size,
923 key_buffer_length,
924 bits
925 ));
926#endif
927
928
929#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
930 default:
931 (void)status;
932 return( PSA_ERROR_INVALID_ARGUMENT );
933 }
934
935}
936
937psa_status_t psa_driver_wrapper_export_key(
938 const psa_key_attributes_t *attributes,
939 const uint8_t *key_buffer, size_t key_buffer_size,
940 uint8_t *data, size_t data_size, size_t *data_length )
941
942{
943
944 psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
945 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
946 psa_get_key_lifetime( attributes ) );
947
948 /* Try dynamically-registered SE interface first */
949#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
950 const psa_drv_se_t *drv;
951 psa_drv_se_context_t *drv_context;
952
953 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
954 {
955 if( ( drv->key_management == NULL ) ||
956 ( drv->key_management->p_export == NULL ) )
957 {
958 return( PSA_ERROR_NOT_SUPPORTED );
959 }
960
961 return( drv->key_management->p_export(
962 drv_context,
963 *( (psa_key_slot_number_t *)key_buffer ),
964 data, data_size, data_length ) );
965 }
966#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
967
968 switch( location )
969 {
970 case PSA_KEY_LOCATION_LOCAL_STORAGE:
971 return( psa_export_key_internal( attributes,
972 key_buffer,
973 key_buffer_size,
974 data,
975 data_size,
976 data_length ) );
977
978 /* Add cases for opaque driver here */
979#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
980
981#if (defined(PSA_CRYPTO_DRIVER_TEST) )
982 case 0x7fffff:
983 return( mbedtls_test_opaque_export_key
984 (attributes,
985 key_buffer,
986 key_buffer_size,
987 data,
988 data_size,
989 data_length
990 ));
991#endif
992
993
994#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
995 default:
996 /* Key is declared with a lifetime not known to us */
997 return( status );
998 }
999
1000}
1001
1002psa_status_t psa_driver_wrapper_export_public_key(
1003 const psa_key_attributes_t *attributes,
1004 const uint8_t *key_buffer, size_t key_buffer_size,
1005 uint8_t *data, size_t data_size, size_t *data_length )
1006
1007{
1008
1009 psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
1010 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
1011 psa_get_key_lifetime( attributes ) );
1012
1013 /* Try dynamically-registered SE interface first */
1014#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
1015 const psa_drv_se_t *drv;
1016 psa_drv_se_context_t *drv_context;
1017
1018 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
1019 {
1020 if( ( drv->key_management == NULL ) ||
1021 ( drv->key_management->p_export_public == NULL ) )
1022 {
1023 return( PSA_ERROR_NOT_SUPPORTED );
1024 }
1025
1026 return( drv->key_management->p_export_public(
1027 drv_context,
1028 *( (psa_key_slot_number_t *)key_buffer ),
1029 data, data_size, data_length ) );
1030 }
1031#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
1032
1033 switch( location )
1034 {
1035 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1036 /* Key is stored in the slot in export representation, so
1037 * cycle through all known transparent accelerators */
1038#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1039
1040#if (defined(PSA_CRYPTO_DRIVER_TEST) )
1041 status = mbedtls_test_transparent_export_public_key
1042 (attributes,
1043 key_buffer,
1044 key_buffer_size,
1045 data,
1046 data_size,
1047 data_length
1048 );
1049
1050 if( status != PSA_ERROR_NOT_SUPPORTED )
1051 return( status );
1052#endif
1053
1054
1055#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1056 /* Fell through, meaning no accelerator supports this operation */
1057 return( psa_export_public_key_internal( attributes,
1058 key_buffer,
1059 key_buffer_size,
1060 data,
1061 data_size,
1062 data_length ) );
1063
1064 /* Add cases for opaque driver here */
1065#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1066
1067#if (defined(PSA_CRYPTO_DRIVER_TEST) )
1068 case 0x7fffff:
1069 return( mbedtls_test_opaque_export_public_key
1070 (attributes,
1071 key_buffer,
1072 key_buffer_size,
1073 data,
1074 data_size,
1075 data_length
1076 ));
1077#endif
1078
1079
1080#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1081 default:
1082 /* Key is declared with a lifetime not known to us */
1083 return( status );
1084 }
1085
1086}
1087
1088psa_status_t psa_driver_wrapper_get_builtin_key(
1089 psa_drv_slot_number_t slot_number,
1090 psa_key_attributes_t *attributes,
1091 uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
1092{
1093
1094 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1095 switch( location )
1096 {
1097#if defined(PSA_CRYPTO_DRIVER_TEST)
1098
1099#if (defined(PSA_CRYPTO_DRIVER_TEST) )
1100 case 0x7fffff:
1101 return( mbedtls_test_opaque_get_builtin_key
1102 (slot_number,
1103 attributes,
1104 key_buffer,
1105 key_buffer_size,
1106 key_buffer_length
1107 ));
1108#endif
1109
1110
1111#endif /* PSA_CRYPTO_DRIVER_TEST */
1112 default:
1113 (void) slot_number;
1114 (void) key_buffer;
1115 (void) key_buffer_size;
1116 (void) key_buffer_length;
1117 return( PSA_ERROR_DOES_NOT_EXIST );
1118 }
1119
1120}
1121
1122psa_status_t psa_driver_wrapper_copy_key(
1123 psa_key_attributes_t *attributes,
1124 const uint8_t *source_key, size_t source_key_length,
1125 uint8_t *target_key_buffer, size_t target_key_buffer_size,
1126 size_t *target_key_buffer_length )
1127{
1128
1129 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1130 psa_key_location_t location =
1131 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1132
1133#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
1134 const psa_drv_se_t *drv;
1135 psa_drv_se_context_t *drv_context;
1136
1137 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
1138 {
1139 /* Copying to a secure element is not implemented yet. */
1140 return( PSA_ERROR_NOT_SUPPORTED );
1141 }
1142#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
1143
1144 switch( location )
1145 {
1146#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1147
1148#if (defined(PSA_CRYPTO_DRIVER_TEST) )
1149 case 0x7fffff:
1150 return( mbedtls_test_opaque_copy_key
1151 (attributes,
1152 source_key,
1153 source_key_length,
1154 target_key_buffer,
1155 target_key_buffer_size,
1156 target_key_buffer_length
1157 ));
1158#endif
1159
1160
1161#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1162 default:
1163 (void)source_key;
1164 (void)source_key_length;
1165 (void)target_key_buffer;
1166 (void)target_key_buffer_size;
1167 (void)target_key_buffer_length;
1168 status = PSA_ERROR_INVALID_ARGUMENT;
1169 }
1170 return( status );
1171
1172}
1173
1174/*
1175 * Cipher functions
1176 */
1177psa_status_t psa_driver_wrapper_cipher_encrypt(
1178 const psa_key_attributes_t *attributes,
1179 const uint8_t *key_buffer,
1180 size_t key_buffer_size,
1181 psa_algorithm_t alg,
1182 const uint8_t *iv,
1183 size_t iv_length,
1184 const uint8_t *input,
1185 size_t input_length,
1186 uint8_t *output,
1187 size_t output_size,
1188 size_t *output_length )
1189{
1190 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1191 psa_key_location_t location =
1192 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1193
1194 switch( location )
1195 {
1196 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1197 /* Key is stored in the slot in export representation, so
1198 * cycle through all known transparent accelerators */
1199#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1200#if defined(PSA_CRYPTO_DRIVER_TEST)
1201 status = mbedtls_test_transparent_cipher_encrypt( attributes,
1202 key_buffer,
1203 key_buffer_size,
1204 alg,
1205 iv,
1206 iv_length,
1207 input,
1208 input_length,
1209 output,
1210 output_size,
1211 output_length );
1212 /* Declared with fallback == true */
1213 if( status != PSA_ERROR_NOT_SUPPORTED )
1214 return( status );
1215#endif /* PSA_CRYPTO_DRIVER_TEST */
1216#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1217
1218#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1219 return( mbedtls_psa_cipher_encrypt( attributes,
1220 key_buffer,
1221 key_buffer_size,
1222 alg,
1223 iv,
1224 iv_length,
1225 input,
1226 input_length,
1227 output,
1228 output_size,
1229 output_length ) );
1230#else
1231 return( PSA_ERROR_NOT_SUPPORTED );
1232#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1233
1234 /* Add cases for opaque driver here */
1235#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1236#if defined(PSA_CRYPTO_DRIVER_TEST)
1237 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
1238 return( mbedtls_test_opaque_cipher_encrypt( attributes,
1239 key_buffer,
1240 key_buffer_size,
1241 alg,
1242 iv,
1243 iv_length,
1244 input,
1245 input_length,
1246 output,
1247 output_size,
1248 output_length ) );
1249#endif /* PSA_CRYPTO_DRIVER_TEST */
1250#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1251
1252 default:
1253 /* Key is declared with a lifetime not known to us */
1254 (void)status;
1255 (void)key_buffer;
1256 (void)key_buffer_size;
1257 (void)alg;
1258 (void)iv;
1259 (void)iv_length;
1260 (void)input;
1261 (void)input_length;
1262 (void)output;
1263 (void)output_size;
1264 (void)output_length;
1265 return( PSA_ERROR_INVALID_ARGUMENT );
1266 }
1267}
1268
1269psa_status_t psa_driver_wrapper_cipher_decrypt(
1270 const psa_key_attributes_t *attributes,
1271 const uint8_t *key_buffer,
1272 size_t key_buffer_size,
1273 psa_algorithm_t alg,
1274 const uint8_t *input,
1275 size_t input_length,
1276 uint8_t *output,
1277 size_t output_size,
1278 size_t *output_length )
1279{
1280 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1281 psa_key_location_t location =
1282 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1283
1284 switch( location )
1285 {
1286 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1287 /* Key is stored in the slot in export representation, so
1288 * cycle through all known transparent accelerators */
1289#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1290#if defined(PSA_CRYPTO_DRIVER_TEST)
1291 status = mbedtls_test_transparent_cipher_decrypt( attributes,
1292 key_buffer,
1293 key_buffer_size,
1294 alg,
1295 input,
1296 input_length,
1297 output,
1298 output_size,
1299 output_length );
1300 /* Declared with fallback == true */
1301 if( status != PSA_ERROR_NOT_SUPPORTED )
1302 return( status );
1303#endif /* PSA_CRYPTO_DRIVER_TEST */
1304#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1305
1306#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1307 return( mbedtls_psa_cipher_decrypt( attributes,
1308 key_buffer,
1309 key_buffer_size,
1310 alg,
1311 input,
1312 input_length,
1313 output,
1314 output_size,
1315 output_length ) );
1316#else
1317 return( PSA_ERROR_NOT_SUPPORTED );
1318#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1319
1320 /* Add cases for opaque driver here */
1321#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1322#if defined(PSA_CRYPTO_DRIVER_TEST)
1323 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
1324 return( mbedtls_test_opaque_cipher_decrypt( attributes,
1325 key_buffer,
1326 key_buffer_size,
1327 alg,
1328 input,
1329 input_length,
1330 output,
1331 output_size,
1332 output_length ) );
1333#endif /* PSA_CRYPTO_DRIVER_TEST */
1334#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1335
1336 default:
1337 /* Key is declared with a lifetime not known to us */
1338 (void)status;
1339 (void)key_buffer;
1340 (void)key_buffer_size;
1341 (void)alg;
1342 (void)input;
1343 (void)input_length;
1344 (void)output;
1345 (void)output_size;
1346 (void)output_length;
1347 return( PSA_ERROR_INVALID_ARGUMENT );
1348 }
1349}
1350
1351psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
1352 psa_cipher_operation_t *operation,
1353 const psa_key_attributes_t *attributes,
1354 const uint8_t *key_buffer, size_t key_buffer_size,
1355 psa_algorithm_t alg )
1356{
1357 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1358 psa_key_location_t location =
1359 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1360
1361 switch( location )
1362 {
1363 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1364 /* Key is stored in the slot in export representation, so
1365 * cycle through all known transparent accelerators */
1366#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1367#if defined(PSA_CRYPTO_DRIVER_TEST)
1368 status = mbedtls_test_transparent_cipher_encrypt_setup(
1369 &operation->ctx.transparent_test_driver_ctx,
1370 attributes,
1371 key_buffer,
1372 key_buffer_size,
1373 alg );
1374 /* Declared with fallback == true */
1375 if( status == PSA_SUCCESS )
1376 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
1377
1378 if( status != PSA_ERROR_NOT_SUPPORTED )
1379 return( status );
1380#endif /* PSA_CRYPTO_DRIVER_TEST */
1381#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1382#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1383 /* Fell through, meaning no accelerator supports this operation */
1384 status = mbedtls_psa_cipher_encrypt_setup( &operation->ctx.mbedtls_ctx,
1385 attributes,
1386 key_buffer,
1387 key_buffer_size,
1388 alg );
1389 if( status == PSA_SUCCESS )
1390 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1391
1392 if( status != PSA_ERROR_NOT_SUPPORTED )
1393 return( status );
1394#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1395 return( PSA_ERROR_NOT_SUPPORTED );
1396
1397 /* Add cases for opaque driver here */
1398#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1399#if defined(PSA_CRYPTO_DRIVER_TEST)
1400 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
1401 status = mbedtls_test_opaque_cipher_encrypt_setup(
1402 &operation->ctx.opaque_test_driver_ctx,
1403 attributes,
1404 key_buffer, key_buffer_size,
1405 alg );
1406
1407 if( status == PSA_SUCCESS )
1408 operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID;
1409
1410 return( status );
1411#endif /* PSA_CRYPTO_DRIVER_TEST */
1412#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1413 default:
1414 /* Key is declared with a lifetime not known to us */
1415 (void)status;
1416 (void)operation;
1417 (void)key_buffer;
1418 (void)key_buffer_size;
1419 (void)alg;
1420 return( PSA_ERROR_INVALID_ARGUMENT );
1421 }
1422}
1423
1424psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
1425 psa_cipher_operation_t *operation,
1426 const psa_key_attributes_t *attributes,
1427 const uint8_t *key_buffer, size_t key_buffer_size,
1428 psa_algorithm_t alg )
1429{
1430 psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
1431 psa_key_location_t location =
1432 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1433
1434 switch( location )
1435 {
1436 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1437 /* Key is stored in the slot in export representation, so
1438 * cycle through all known transparent accelerators */
1439#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1440#if defined(PSA_CRYPTO_DRIVER_TEST)
1441 status = mbedtls_test_transparent_cipher_decrypt_setup(
1442 &operation->ctx.transparent_test_driver_ctx,
1443 attributes,
1444 key_buffer,
1445 key_buffer_size,
1446 alg );
1447 /* Declared with fallback == true */
1448 if( status == PSA_SUCCESS )
1449 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
1450
1451 if( status != PSA_ERROR_NOT_SUPPORTED )
1452 return( status );
1453#endif /* PSA_CRYPTO_DRIVER_TEST */
1454#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1455#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1456 /* Fell through, meaning no accelerator supports this operation */
1457 status = mbedtls_psa_cipher_decrypt_setup( &operation->ctx.mbedtls_ctx,
1458 attributes,
1459 key_buffer,
1460 key_buffer_size,
1461 alg );
1462 if( status == PSA_SUCCESS )
1463 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1464
1465 return( status );
1466#else /* MBEDTLS_PSA_BUILTIN_CIPHER */
1467 return( PSA_ERROR_NOT_SUPPORTED );
1468#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1469
1470 /* Add cases for opaque driver here */
1471#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1472#if defined(PSA_CRYPTO_DRIVER_TEST)
1473 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
1474 status = mbedtls_test_opaque_cipher_decrypt_setup(
1475 &operation->ctx.opaque_test_driver_ctx,
1476 attributes,
1477 key_buffer, key_buffer_size,
1478 alg );
1479
1480 if( status == PSA_SUCCESS )
1481 operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID;
1482
1483 return( status );
1484#endif /* PSA_CRYPTO_DRIVER_TEST */
1485#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1486 default:
1487 /* Key is declared with a lifetime not known to us */
1488 (void)status;
1489 (void)operation;
1490 (void)key_buffer;
1491 (void)key_buffer_size;
1492 (void)alg;
1493 return( PSA_ERROR_INVALID_ARGUMENT );
1494 }
1495}
1496
1497psa_status_t psa_driver_wrapper_cipher_set_iv(
1498 psa_cipher_operation_t *operation,
1499 const uint8_t *iv,
1500 size_t iv_length )
1501{
1502 switch( operation->id )
1503 {
1504#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1505 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1506 return( mbedtls_psa_cipher_set_iv( &operation->ctx.mbedtls_ctx,
1507 iv,
1508 iv_length ) );
1509#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1510
1511#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1512#if defined(PSA_CRYPTO_DRIVER_TEST)
1513 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1514 return( mbedtls_test_transparent_cipher_set_iv(
1515 &operation->ctx.transparent_test_driver_ctx,
1516 iv, iv_length ) );
1517
1518 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
1519 return( mbedtls_test_opaque_cipher_set_iv(
1520 &operation->ctx.opaque_test_driver_ctx,
1521 iv, iv_length ) );
1522#endif /* PSA_CRYPTO_DRIVER_TEST */
1523#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1524 }
1525
1526 (void)iv;
1527 (void)iv_length;
1528
1529 return( PSA_ERROR_INVALID_ARGUMENT );
1530}
1531
1532psa_status_t psa_driver_wrapper_cipher_update(
1533 psa_cipher_operation_t *operation,
1534 const uint8_t *input,
1535 size_t input_length,
1536 uint8_t *output,
1537 size_t output_size,
1538 size_t *output_length )
1539{
1540 switch( operation->id )
1541 {
1542#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1543 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1544 return( mbedtls_psa_cipher_update( &operation->ctx.mbedtls_ctx,
1545 input,
1546 input_length,
1547 output,
1548 output_size,
1549 output_length ) );
1550#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1551
1552#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1553#if defined(PSA_CRYPTO_DRIVER_TEST)
1554 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1555 return( mbedtls_test_transparent_cipher_update(
1556 &operation->ctx.transparent_test_driver_ctx,
1557 input, input_length,
1558 output, output_size, output_length ) );
1559
1560 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
1561 return( mbedtls_test_opaque_cipher_update(
1562 &operation->ctx.opaque_test_driver_ctx,
1563 input, input_length,
1564 output, output_size, output_length ) );
1565#endif /* PSA_CRYPTO_DRIVER_TEST */
1566#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1567 }
1568
1569 (void)input;
1570 (void)input_length;
1571 (void)output;
1572 (void)output_size;
1573 (void)output_length;
1574
1575 return( PSA_ERROR_INVALID_ARGUMENT );
1576}
1577
1578psa_status_t psa_driver_wrapper_cipher_finish(
1579 psa_cipher_operation_t *operation,
1580 uint8_t *output,
1581 size_t output_size,
1582 size_t *output_length )
1583{
1584 switch( operation->id )
1585 {
1586#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1587 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1588 return( mbedtls_psa_cipher_finish( &operation->ctx.mbedtls_ctx,
1589 output,
1590 output_size,
1591 output_length ) );
1592#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1593
1594#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1595#if defined(PSA_CRYPTO_DRIVER_TEST)
1596 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1597 return( mbedtls_test_transparent_cipher_finish(
1598 &operation->ctx.transparent_test_driver_ctx,
1599 output, output_size, output_length ) );
1600
1601 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
1602 return( mbedtls_test_opaque_cipher_finish(
1603 &operation->ctx.opaque_test_driver_ctx,
1604 output, output_size, output_length ) );
1605#endif /* PSA_CRYPTO_DRIVER_TEST */
1606#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1607 }
1608
1609 (void)output;
1610 (void)output_size;
1611 (void)output_length;
1612
1613 return( PSA_ERROR_INVALID_ARGUMENT );
1614}
1615
1616psa_status_t psa_driver_wrapper_cipher_abort(
1617 psa_cipher_operation_t *operation )
1618{
1619 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1620
1621 switch( operation->id )
1622 {
1623#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1624 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1625 return( mbedtls_psa_cipher_abort( &operation->ctx.mbedtls_ctx ) );
1626#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1627
1628#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1629#if defined(PSA_CRYPTO_DRIVER_TEST)
1630 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1631 status = mbedtls_test_transparent_cipher_abort(
1632 &operation->ctx.transparent_test_driver_ctx );
1633 mbedtls_platform_zeroize(
1634 &operation->ctx.transparent_test_driver_ctx,
1635 sizeof( operation->ctx.transparent_test_driver_ctx ) );
1636 return( status );
1637
1638 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
1639 status = mbedtls_test_opaque_cipher_abort(
1640 &operation->ctx.opaque_test_driver_ctx );
1641 mbedtls_platform_zeroize(
1642 &operation->ctx.opaque_test_driver_ctx,
1643 sizeof( operation->ctx.opaque_test_driver_ctx ) );
1644 return( status );
1645#endif /* PSA_CRYPTO_DRIVER_TEST */
1646#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1647 }
1648
1649 (void)status;
1650 return( PSA_ERROR_INVALID_ARGUMENT );
1651}
1652
1653/*
1654 * Hashing functions
1655 */
1656psa_status_t psa_driver_wrapper_hash_compute(
1657 psa_algorithm_t alg,
1658 const uint8_t *input,
1659 size_t input_length,
1660 uint8_t *hash,
1661 size_t hash_size,
1662 size_t *hash_length)
1663{
1664 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1665
1666 /* Try accelerators first */
1667#if defined(PSA_CRYPTO_DRIVER_TEST)
1668 status = mbedtls_test_transparent_hash_compute(
1669 alg, input, input_length, hash, hash_size, hash_length );
1670 if( status != PSA_ERROR_NOT_SUPPORTED )
1671 return( status );
1672#endif
1673
1674 /* If software fallback is compiled in, try fallback */
1675#if defined(MBEDTLS_PSA_BUILTIN_HASH)
1676 status = mbedtls_psa_hash_compute( alg, input, input_length,
1677 hash, hash_size, hash_length );
1678 if( status != PSA_ERROR_NOT_SUPPORTED )
1679 return( status );
1680#endif
1681 (void) status;
1682 (void) alg;
1683 (void) input;
1684 (void) input_length;
1685 (void) hash;
1686 (void) hash_size;
1687 (void) hash_length;
1688
1689 return( PSA_ERROR_NOT_SUPPORTED );
1690}
1691
1692psa_status_t psa_driver_wrapper_hash_setup(
1693 psa_hash_operation_t *operation,
1694 psa_algorithm_t alg )
1695{
1696 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1697
1698 /* Try setup on accelerators first */
1699#if defined(PSA_CRYPTO_DRIVER_TEST)
1700 status = mbedtls_test_transparent_hash_setup(
1701 &operation->ctx.test_driver_ctx, alg );
1702 if( status == PSA_SUCCESS )
1703 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
1704
1705 if( status != PSA_ERROR_NOT_SUPPORTED )
1706 return( status );
1707#endif
1708
1709 /* If software fallback is compiled in, try fallback */
1710#if defined(MBEDTLS_PSA_BUILTIN_HASH)
1711 status = mbedtls_psa_hash_setup( &operation->ctx.mbedtls_ctx, alg );
1712 if( status == PSA_SUCCESS )
1713 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1714
1715 if( status != PSA_ERROR_NOT_SUPPORTED )
1716 return( status );
1717#endif
1718 /* Nothing left to try if we fall through here */
1719 (void) status;
1720 (void) operation;
1721 (void) alg;
1722 return( PSA_ERROR_NOT_SUPPORTED );
1723}
1724
1725psa_status_t psa_driver_wrapper_hash_clone(
1726 const psa_hash_operation_t *source_operation,
1727 psa_hash_operation_t *target_operation )
1728{
1729 switch( source_operation->id )
1730 {
1731#if defined(MBEDTLS_PSA_BUILTIN_HASH)
1732 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1733 target_operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1734 return( mbedtls_psa_hash_clone( &source_operation->ctx.mbedtls_ctx,
1735 &target_operation->ctx.mbedtls_ctx ) );
1736#endif
1737#if defined(PSA_CRYPTO_DRIVER_TEST)
1738 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1739 target_operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
1740 return( mbedtls_test_transparent_hash_clone(
1741 &source_operation->ctx.test_driver_ctx,
1742 &target_operation->ctx.test_driver_ctx ) );
1743#endif
1744 default:
1745 (void) target_operation;
1746 return( PSA_ERROR_BAD_STATE );
1747 }
1748}
1749
1750psa_status_t psa_driver_wrapper_hash_update(
1751 psa_hash_operation_t *operation,
1752 const uint8_t *input,
1753 size_t input_length )
1754{
1755 switch( operation->id )
1756 {
1757#if defined(MBEDTLS_PSA_BUILTIN_HASH)
1758 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1759 return( mbedtls_psa_hash_update( &operation->ctx.mbedtls_ctx,
1760 input, input_length ) );
1761#endif
1762#if defined(PSA_CRYPTO_DRIVER_TEST)
1763 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1764 return( mbedtls_test_transparent_hash_update(
1765 &operation->ctx.test_driver_ctx,
1766 input, input_length ) );
1767#endif
1768 default:
1769 (void) input;
1770 (void) input_length;
1771 return( PSA_ERROR_BAD_STATE );
1772 }
1773}
1774
1775psa_status_t psa_driver_wrapper_hash_finish(
1776 psa_hash_operation_t *operation,
1777 uint8_t *hash,
1778 size_t hash_size,
1779 size_t *hash_length )
1780{
1781 switch( operation->id )
1782 {
1783#if defined(MBEDTLS_PSA_BUILTIN_HASH)
1784 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1785 return( mbedtls_psa_hash_finish( &operation->ctx.mbedtls_ctx,
1786 hash, hash_size, hash_length ) );
1787#endif
1788#if defined(PSA_CRYPTO_DRIVER_TEST)
1789 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1790 return( mbedtls_test_transparent_hash_finish(
1791 &operation->ctx.test_driver_ctx,
1792 hash, hash_size, hash_length ) );
1793#endif
1794 default:
1795 (void) hash;
1796 (void) hash_size;
1797 (void) hash_length;
1798 return( PSA_ERROR_BAD_STATE );
1799 }
1800}
1801
1802psa_status_t psa_driver_wrapper_hash_abort(
1803 psa_hash_operation_t *operation )
1804{
1805 switch( operation->id )
1806 {
1807#if defined(MBEDTLS_PSA_BUILTIN_HASH)
1808 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1809 return( mbedtls_psa_hash_abort( &operation->ctx.mbedtls_ctx ) );
1810#endif
1811#if defined(PSA_CRYPTO_DRIVER_TEST)
1812 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1813 return( mbedtls_test_transparent_hash_abort(
1814 &operation->ctx.test_driver_ctx ) );
1815#endif
1816 default:
1817 return( PSA_ERROR_BAD_STATE );
1818 }
1819}
1820
1821psa_status_t psa_driver_wrapper_aead_encrypt(
1822 const psa_key_attributes_t *attributes,
1823 const uint8_t *key_buffer, size_t key_buffer_size,
1824 psa_algorithm_t alg,
1825 const uint8_t *nonce, size_t nonce_length,
1826 const uint8_t *additional_data, size_t additional_data_length,
1827 const uint8_t *plaintext, size_t plaintext_length,
1828 uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length )
1829{
1830 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1831 psa_key_location_t location =
1832 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1833
1834 switch( location )
1835 {
1836 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1837 /* Key is stored in the slot in export representation, so
1838 * cycle through all known transparent accelerators */
1839
1840#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1841#if defined(PSA_CRYPTO_DRIVER_TEST)
1842 status = mbedtls_test_transparent_aead_encrypt(
1843 attributes, key_buffer, key_buffer_size,
1844 alg,
1845 nonce, nonce_length,
1846 additional_data, additional_data_length,
1847 plaintext, plaintext_length,
1848 ciphertext, ciphertext_size, ciphertext_length );
1849 /* Declared with fallback == true */
1850 if( status != PSA_ERROR_NOT_SUPPORTED )
1851 return( status );
1852#endif /* PSA_CRYPTO_DRIVER_TEST */
1853#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1854
1855 /* Fell through, meaning no accelerator supports this operation */
1856 return( mbedtls_psa_aead_encrypt(
1857 attributes, key_buffer, key_buffer_size,
1858 alg,
1859 nonce, nonce_length,
1860 additional_data, additional_data_length,
1861 plaintext, plaintext_length,
1862 ciphertext, ciphertext_size, ciphertext_length ) );
1863
1864 /* Add cases for opaque driver here */
1865
1866 default:
1867 /* Key is declared with a lifetime not known to us */
1868 (void)status;
1869 return( PSA_ERROR_INVALID_ARGUMENT );
1870 }
1871}
1872
1873psa_status_t psa_driver_wrapper_aead_decrypt(
1874 const psa_key_attributes_t *attributes,
1875 const uint8_t *key_buffer, size_t key_buffer_size,
1876 psa_algorithm_t alg,
1877 const uint8_t *nonce, size_t nonce_length,
1878 const uint8_t *additional_data, size_t additional_data_length,
1879 const uint8_t *ciphertext, size_t ciphertext_length,
1880 uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length )
1881{
1882 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1883 psa_key_location_t location =
1884 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1885
1886 switch( location )
1887 {
1888 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1889 /* Key is stored in the slot in export representation, so
1890 * cycle through all known transparent accelerators */
1891
1892#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1893#if defined(PSA_CRYPTO_DRIVER_TEST)
1894 status = mbedtls_test_transparent_aead_decrypt(
1895 attributes, key_buffer, key_buffer_size,
1896 alg,
1897 nonce, nonce_length,
1898 additional_data, additional_data_length,
1899 ciphertext, ciphertext_length,
1900 plaintext, plaintext_size, plaintext_length );
1901 /* Declared with fallback == true */
1902 if( status != PSA_ERROR_NOT_SUPPORTED )
1903 return( status );
1904#endif /* PSA_CRYPTO_DRIVER_TEST */
1905#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1906
1907 /* Fell through, meaning no accelerator supports this operation */
1908 return( mbedtls_psa_aead_decrypt(
1909 attributes, key_buffer, key_buffer_size,
1910 alg,
1911 nonce, nonce_length,
1912 additional_data, additional_data_length,
1913 ciphertext, ciphertext_length,
1914 plaintext, plaintext_size, plaintext_length ) );
1915
1916 /* Add cases for opaque driver here */
1917
1918 default:
1919 /* Key is declared with a lifetime not known to us */
1920 (void)status;
1921 return( PSA_ERROR_INVALID_ARGUMENT );
1922 }
1923}
1924
1925psa_status_t psa_driver_wrapper_aead_encrypt_setup(
1926 psa_aead_operation_t *operation,
1927 const psa_key_attributes_t *attributes,
1928 const uint8_t *key_buffer, size_t key_buffer_size,
1929 psa_algorithm_t alg )
1930{
1931 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1932 psa_key_location_t location =
1933 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1934
1935 switch( location )
1936 {
1937 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1938 /* Key is stored in the slot in export representation, so
1939 * cycle through all known transparent accelerators */
1940
1941#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1942#if defined(PSA_CRYPTO_DRIVER_TEST)
1943 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
1944 status = mbedtls_test_transparent_aead_encrypt_setup(
1945 &operation->ctx.transparent_test_driver_ctx,
1946 attributes, key_buffer, key_buffer_size,
1947 alg );
1948
1949 /* Declared with fallback == true */
1950 if( status != PSA_ERROR_NOT_SUPPORTED )
1951 return( status );
1952#endif /* PSA_CRYPTO_DRIVER_TEST */
1953#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1954
1955 /* Fell through, meaning no accelerator supports this operation */
1956 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1957 status = mbedtls_psa_aead_encrypt_setup(
1958 &operation->ctx.mbedtls_ctx, attributes,
1959 key_buffer, key_buffer_size,
1960 alg );
1961
1962 return( status );
1963
1964 /* Add cases for opaque driver here */
1965
1966 default:
1967 /* Key is declared with a lifetime not known to us */
1968 (void)status;
1969 return( PSA_ERROR_INVALID_ARGUMENT );
1970 }
1971}
1972
1973psa_status_t psa_driver_wrapper_aead_decrypt_setup(
1974 psa_aead_operation_t *operation,
1975 const psa_key_attributes_t *attributes,
1976 const uint8_t *key_buffer, size_t key_buffer_size,
1977 psa_algorithm_t alg )
1978{
1979 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1980 psa_key_location_t location =
1981 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1982
1983 switch( location )
1984 {
1985 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1986 /* Key is stored in the slot in export representation, so
1987 * cycle through all known transparent accelerators */
1988
1989#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1990#if defined(PSA_CRYPTO_DRIVER_TEST)
1991 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
1992 status = mbedtls_test_transparent_aead_decrypt_setup(
1993 &operation->ctx.transparent_test_driver_ctx,
1994 attributes,
1995 key_buffer, key_buffer_size,
1996 alg );
1997
1998 /* Declared with fallback == true */
1999 if( status != PSA_ERROR_NOT_SUPPORTED )
2000 return( status );
2001#endif /* PSA_CRYPTO_DRIVER_TEST */
2002#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2003
2004 /* Fell through, meaning no accelerator supports this operation */
2005 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
2006 status = mbedtls_psa_aead_decrypt_setup(
2007 &operation->ctx.mbedtls_ctx,
2008 attributes,
2009 key_buffer, key_buffer_size,
2010 alg );
2011
2012 return( status );
2013
2014 /* Add cases for opaque driver here */
2015
2016 default:
2017 /* Key is declared with a lifetime not known to us */
2018 (void)status;
2019 return( PSA_ERROR_INVALID_ARGUMENT );
2020 }
2021}
2022
2023psa_status_t psa_driver_wrapper_aead_set_nonce(
2024 psa_aead_operation_t *operation,
2025 const uint8_t *nonce,
2026 size_t nonce_length )
2027{
2028 switch( operation->id )
2029 {
2030#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
2031 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2032 return( mbedtls_psa_aead_set_nonce( &operation->ctx.mbedtls_ctx,
2033 nonce,
2034 nonce_length ) );
2035
2036#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
2037
2038#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2039#if defined(PSA_CRYPTO_DRIVER_TEST)
2040 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2041 return( mbedtls_test_transparent_aead_set_nonce(
2042 &operation->ctx.transparent_test_driver_ctx,
2043 nonce, nonce_length ) );
2044
2045 /* Add cases for opaque driver here */
2046
2047#endif /* PSA_CRYPTO_DRIVER_TEST */
2048#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2049 }
2050
2051 (void)nonce;
2052 (void)nonce_length;
2053
2054 return( PSA_ERROR_INVALID_ARGUMENT );
2055}
2056
2057psa_status_t psa_driver_wrapper_aead_set_lengths(
2058 psa_aead_operation_t *operation,
2059 size_t ad_length,
2060 size_t plaintext_length )
2061{
2062 switch( operation->id )
2063 {
2064#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
2065 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2066 return( mbedtls_psa_aead_set_lengths( &operation->ctx.mbedtls_ctx,
2067 ad_length,
2068 plaintext_length ) );
2069
2070#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
2071
2072#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2073#if defined(PSA_CRYPTO_DRIVER_TEST)
2074 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2075 return( mbedtls_test_transparent_aead_set_lengths(
2076 &operation->ctx.transparent_test_driver_ctx,
2077 ad_length, plaintext_length ) );
2078
2079 /* Add cases for opaque driver here */
2080
2081#endif /* PSA_CRYPTO_DRIVER_TEST */
2082#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2083 }
2084
2085 (void)ad_length;
2086 (void)plaintext_length;
2087
2088 return( PSA_ERROR_INVALID_ARGUMENT );
2089}
2090
2091psa_status_t psa_driver_wrapper_aead_update_ad(
2092 psa_aead_operation_t *operation,
2093 const uint8_t *input,
2094 size_t input_length )
2095{
2096 switch( operation->id )
2097 {
2098#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
2099 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2100 return( mbedtls_psa_aead_update_ad( &operation->ctx.mbedtls_ctx,
2101 input,
2102 input_length ) );
2103
2104#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
2105
2106#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2107#if defined(PSA_CRYPTO_DRIVER_TEST)
2108 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2109 return( mbedtls_test_transparent_aead_update_ad(
2110 &operation->ctx.transparent_test_driver_ctx,
2111 input, input_length ) );
2112
2113 /* Add cases for opaque driver here */
2114
2115#endif /* PSA_CRYPTO_DRIVER_TEST */
2116#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2117 }
2118
2119 (void)input;
2120 (void)input_length;
2121
2122 return( PSA_ERROR_INVALID_ARGUMENT );
2123}
2124
2125psa_status_t psa_driver_wrapper_aead_update(
2126 psa_aead_operation_t *operation,
2127 const uint8_t *input,
2128 size_t input_length,
2129 uint8_t *output,
2130 size_t output_size,
2131 size_t *output_length )
2132{
2133 switch( operation->id )
2134 {
2135#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
2136 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2137 return( mbedtls_psa_aead_update( &operation->ctx.mbedtls_ctx,
2138 input, input_length,
2139 output, output_size,
2140 output_length ) );
2141
2142#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
2143
2144#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2145#if defined(PSA_CRYPTO_DRIVER_TEST)
2146 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2147 return( mbedtls_test_transparent_aead_update(
2148 &operation->ctx.transparent_test_driver_ctx,
2149 input, input_length, output, output_size,
2150 output_length ) );
2151
2152 /* Add cases for opaque driver here */
2153
2154#endif /* PSA_CRYPTO_DRIVER_TEST */
2155#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2156 }
2157
2158 (void)input;
2159 (void)input_length;
2160 (void)output;
2161 (void)output_size;
2162 (void)output_length;
2163
2164 return( PSA_ERROR_INVALID_ARGUMENT );
2165}
2166
2167psa_status_t psa_driver_wrapper_aead_finish(
2168 psa_aead_operation_t *operation,
2169 uint8_t *ciphertext,
2170 size_t ciphertext_size,
2171 size_t *ciphertext_length,
2172 uint8_t *tag,
2173 size_t tag_size,
2174 size_t *tag_length )
2175{
2176 switch( operation->id )
2177 {
2178#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
2179 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2180 return( mbedtls_psa_aead_finish( &operation->ctx.mbedtls_ctx,
2181 ciphertext,
2182 ciphertext_size,
2183 ciphertext_length, tag,
2184 tag_size, tag_length ) );
2185
2186#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
2187
2188#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2189#if defined(PSA_CRYPTO_DRIVER_TEST)
2190 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2191 return( mbedtls_test_transparent_aead_finish(
2192 &operation->ctx.transparent_test_driver_ctx,
2193 ciphertext, ciphertext_size,
2194 ciphertext_length, tag, tag_size, tag_length ) );
2195
2196 /* Add cases for opaque driver here */
2197
2198#endif /* PSA_CRYPTO_DRIVER_TEST */
2199#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2200 }
2201
2202 (void)ciphertext;
2203 (void)ciphertext_size;
2204 (void)ciphertext_length;
2205 (void)tag;
2206 (void)tag_size;
2207 (void)tag_length;
2208
2209 return( PSA_ERROR_INVALID_ARGUMENT );
2210}
2211
2212psa_status_t psa_driver_wrapper_aead_verify(
2213 psa_aead_operation_t *operation,
2214 uint8_t *plaintext,
2215 size_t plaintext_size,
2216 size_t *plaintext_length,
2217 const uint8_t *tag,
2218 size_t tag_length )
2219{
2220 switch( operation->id )
2221 {
2222#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
2223 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2224 {
2225 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2226 uint8_t check_tag[PSA_AEAD_TAG_MAX_SIZE];
2227 size_t check_tag_length;
2228
2229 status = mbedtls_psa_aead_finish( &operation->ctx.mbedtls_ctx,
2230 plaintext,
2231 plaintext_size,
2232 plaintext_length,
2233 check_tag,
2234 sizeof( check_tag ),
2235 &check_tag_length );
2236
2237 if( status == PSA_SUCCESS )
2238 {
2239 if( tag_length != check_tag_length ||
2240 mbedtls_psa_safer_memcmp( tag, check_tag, tag_length )
2241 != 0 )
2242 status = PSA_ERROR_INVALID_SIGNATURE;
2243 }
2244
2245 mbedtls_platform_zeroize( check_tag, sizeof( check_tag ) );
2246
2247 return( status );
2248 }
2249
2250#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
2251
2252#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2253#if defined(PSA_CRYPTO_DRIVER_TEST)
2254 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2255 return( mbedtls_test_transparent_aead_verify(
2256 &operation->ctx.transparent_test_driver_ctx,
2257 plaintext, plaintext_size,
2258 plaintext_length, tag, tag_length ) );
2259
2260 /* Add cases for opaque driver here */
2261
2262#endif /* PSA_CRYPTO_DRIVER_TEST */
2263#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2264 }
2265
2266 (void)plaintext;
2267 (void)plaintext_size;
2268 (void)plaintext_length;
2269 (void)tag;
2270 (void)tag_length;
2271
2272 return( PSA_ERROR_INVALID_ARGUMENT );
2273}
2274
2275psa_status_t psa_driver_wrapper_aead_abort(
2276 psa_aead_operation_t *operation )
2277{
2278 switch( operation->id )
2279 {
2280#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
2281 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2282 return( mbedtls_psa_aead_abort( &operation->ctx.mbedtls_ctx ) );
2283
2284#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
2285
2286#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2287#if defined(PSA_CRYPTO_DRIVER_TEST)
2288 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2289 return( mbedtls_test_transparent_aead_abort(
2290 &operation->ctx.transparent_test_driver_ctx ) );
2291
2292 /* Add cases for opaque driver here */
2293
2294#endif /* PSA_CRYPTO_DRIVER_TEST */
2295#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2296 }
2297
2298 return( PSA_ERROR_INVALID_ARGUMENT );
2299}
2300
2301/*
2302 * MAC functions
2303 */
2304psa_status_t psa_driver_wrapper_mac_compute(
2305 const psa_key_attributes_t *attributes,
2306 const uint8_t *key_buffer,
2307 size_t key_buffer_size,
2308 psa_algorithm_t alg,
2309 const uint8_t *input,
2310 size_t input_length,
2311 uint8_t *mac,
2312 size_t mac_size,
2313 size_t *mac_length )
2314{
2315 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2316 psa_key_location_t location =
2317 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
2318
2319 switch( location )
2320 {
2321 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2322 /* Key is stored in the slot in export representation, so
2323 * cycle through all known transparent accelerators */
2324#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2325#if defined(PSA_CRYPTO_DRIVER_TEST)
2326 status = mbedtls_test_transparent_mac_compute(
2327 attributes, key_buffer, key_buffer_size, alg,
2328 input, input_length,
2329 mac, mac_size, mac_length );
2330 /* Declared with fallback == true */
2331 if( status != PSA_ERROR_NOT_SUPPORTED )
2332 return( status );
2333#endif /* PSA_CRYPTO_DRIVER_TEST */
2334#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2335#if defined(MBEDTLS_PSA_BUILTIN_MAC)
2336 /* Fell through, meaning no accelerator supports this operation */
2337 status = mbedtls_psa_mac_compute(
2338 attributes, key_buffer, key_buffer_size, alg,
2339 input, input_length,
2340 mac, mac_size, mac_length );
2341 if( status != PSA_ERROR_NOT_SUPPORTED )
2342 return( status );
2343#endif /* MBEDTLS_PSA_BUILTIN_MAC */
2344 return( PSA_ERROR_NOT_SUPPORTED );
2345
2346 /* Add cases for opaque driver here */
2347#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2348#if defined(PSA_CRYPTO_DRIVER_TEST)
2349 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2350 status = mbedtls_test_opaque_mac_compute(
2351 attributes, key_buffer, key_buffer_size, alg,
2352 input, input_length,
2353 mac, mac_size, mac_length );
2354 return( status );
2355#endif /* PSA_CRYPTO_DRIVER_TEST */
2356#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2357 default:
2358 /* Key is declared with a lifetime not known to us */
2359 (void) key_buffer;
2360 (void) key_buffer_size;
2361 (void) alg;
2362 (void) input;
2363 (void) input_length;
2364 (void) mac;
2365 (void) mac_size;
2366 (void) mac_length;
2367 (void) status;
2368 return( PSA_ERROR_INVALID_ARGUMENT );
2369 }
2370}
2371
2372psa_status_t psa_driver_wrapper_mac_sign_setup(
2373 psa_mac_operation_t *operation,
2374 const psa_key_attributes_t *attributes,
2375 const uint8_t *key_buffer,
2376 size_t key_buffer_size,
2377 psa_algorithm_t alg )
2378{
2379 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2380 psa_key_location_t location =
2381 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
2382
2383 switch( location )
2384 {
2385 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2386 /* Key is stored in the slot in export representation, so
2387 * cycle through all known transparent accelerators */
2388#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2389#if defined(PSA_CRYPTO_DRIVER_TEST)
2390 status = mbedtls_test_transparent_mac_sign_setup(
2391 &operation->ctx.transparent_test_driver_ctx,
2392 attributes,
2393 key_buffer, key_buffer_size,
2394 alg );
2395 /* Declared with fallback == true */
2396 if( status == PSA_SUCCESS )
2397 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
2398
2399 if( status != PSA_ERROR_NOT_SUPPORTED )
2400 return( status );
2401#endif /* PSA_CRYPTO_DRIVER_TEST */
2402#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2403#if defined(MBEDTLS_PSA_BUILTIN_MAC)
2404 /* Fell through, meaning no accelerator supports this operation */
2405 status = mbedtls_psa_mac_sign_setup( &operation->ctx.mbedtls_ctx,
2406 attributes,
2407 key_buffer, key_buffer_size,
2408 alg );
2409 if( status == PSA_SUCCESS )
2410 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
2411
2412 if( status != PSA_ERROR_NOT_SUPPORTED )
2413 return( status );
2414#endif /* MBEDTLS_PSA_BUILTIN_MAC */
2415 return( PSA_ERROR_NOT_SUPPORTED );
2416
2417 /* Add cases for opaque driver here */
2418#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2419#if defined(PSA_CRYPTO_DRIVER_TEST)
2420 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2421 status = mbedtls_test_opaque_mac_sign_setup(
2422 &operation->ctx.opaque_test_driver_ctx,
2423 attributes,
2424 key_buffer, key_buffer_size,
2425 alg );
2426
2427 if( status == PSA_SUCCESS )
2428 operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID;
2429
2430 return( status );
2431#endif /* PSA_CRYPTO_DRIVER_TEST */
2432#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2433 default:
2434 /* Key is declared with a lifetime not known to us */
2435 (void) status;
2436 (void) operation;
2437 (void) key_buffer;
2438 (void) key_buffer_size;
2439 (void) alg;
2440 return( PSA_ERROR_INVALID_ARGUMENT );
2441 }
2442}
2443
2444psa_status_t psa_driver_wrapper_mac_verify_setup(
2445 psa_mac_operation_t *operation,
2446 const psa_key_attributes_t *attributes,
2447 const uint8_t *key_buffer,
2448 size_t key_buffer_size,
2449 psa_algorithm_t alg )
2450{
2451 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2452 psa_key_location_t location =
2453 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
2454
2455 switch( location )
2456 {
2457 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2458 /* Key is stored in the slot in export representation, so
2459 * cycle through all known transparent accelerators */
2460#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2461#if defined(PSA_CRYPTO_DRIVER_TEST)
2462 status = mbedtls_test_transparent_mac_verify_setup(
2463 &operation->ctx.transparent_test_driver_ctx,
2464 attributes,
2465 key_buffer, key_buffer_size,
2466 alg );
2467 /* Declared with fallback == true */
2468 if( status == PSA_SUCCESS )
2469 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
2470
2471 if( status != PSA_ERROR_NOT_SUPPORTED )
2472 return( status );
2473#endif /* PSA_CRYPTO_DRIVER_TEST */
2474#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2475#if defined(MBEDTLS_PSA_BUILTIN_MAC)
2476 /* Fell through, meaning no accelerator supports this operation */
2477 status = mbedtls_psa_mac_verify_setup( &operation->ctx.mbedtls_ctx,
2478 attributes,
2479 key_buffer, key_buffer_size,
2480 alg );
2481 if( status == PSA_SUCCESS )
2482 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
2483
2484 if( status != PSA_ERROR_NOT_SUPPORTED )
2485 return( status );
2486#endif /* MBEDTLS_PSA_BUILTIN_MAC */
2487 return( PSA_ERROR_NOT_SUPPORTED );
2488
2489 /* Add cases for opaque driver here */
2490#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2491#if defined(PSA_CRYPTO_DRIVER_TEST)
2492 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2493 status = mbedtls_test_opaque_mac_verify_setup(
2494 &operation->ctx.opaque_test_driver_ctx,
2495 attributes,
2496 key_buffer, key_buffer_size,
2497 alg );
2498
2499 if( status == PSA_SUCCESS )
2500 operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID;
2501
2502 return( status );
2503#endif /* PSA_CRYPTO_DRIVER_TEST */
2504#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2505 default:
2506 /* Key is declared with a lifetime not known to us */
2507 (void) status;
2508 (void) operation;
2509 (void) key_buffer;
2510 (void) key_buffer_size;
2511 (void) alg;
2512 return( PSA_ERROR_INVALID_ARGUMENT );
2513 }
2514}
2515
2516psa_status_t psa_driver_wrapper_mac_update(
2517 psa_mac_operation_t *operation,
2518 const uint8_t *input,
2519 size_t input_length )
2520{
2521 switch( operation->id )
2522 {
2523#if defined(MBEDTLS_PSA_BUILTIN_MAC)
2524 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2525 return( mbedtls_psa_mac_update( &operation->ctx.mbedtls_ctx,
2526 input, input_length ) );
2527#endif /* MBEDTLS_PSA_BUILTIN_MAC */
2528
2529#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2530#if defined(PSA_CRYPTO_DRIVER_TEST)
2531 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2532 return( mbedtls_test_transparent_mac_update(
2533 &operation->ctx.transparent_test_driver_ctx,
2534 input, input_length ) );
2535
2536 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
2537 return( mbedtls_test_opaque_mac_update(
2538 &operation->ctx.opaque_test_driver_ctx,
2539 input, input_length ) );
2540#endif /* PSA_CRYPTO_DRIVER_TEST */
2541#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2542 default:
2543 (void) input;
2544 (void) input_length;
2545 return( PSA_ERROR_INVALID_ARGUMENT );
2546 }
2547}
2548
2549psa_status_t psa_driver_wrapper_mac_sign_finish(
2550 psa_mac_operation_t *operation,
2551 uint8_t *mac,
2552 size_t mac_size,
2553 size_t *mac_length )
2554{
2555 switch( operation->id )
2556 {
2557#if defined(MBEDTLS_PSA_BUILTIN_MAC)
2558 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2559 return( mbedtls_psa_mac_sign_finish( &operation->ctx.mbedtls_ctx,
2560 mac, mac_size, mac_length ) );
2561#endif /* MBEDTLS_PSA_BUILTIN_MAC */
2562
2563#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2564#if defined(PSA_CRYPTO_DRIVER_TEST)
2565 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2566 return( mbedtls_test_transparent_mac_sign_finish(
2567 &operation->ctx.transparent_test_driver_ctx,
2568 mac, mac_size, mac_length ) );
2569
2570 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
2571 return( mbedtls_test_opaque_mac_sign_finish(
2572 &operation->ctx.opaque_test_driver_ctx,
2573 mac, mac_size, mac_length ) );
2574#endif /* PSA_CRYPTO_DRIVER_TEST */
2575#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2576 default:
2577 (void) mac;
2578 (void) mac_size;
2579 (void) mac_length;
2580 return( PSA_ERROR_INVALID_ARGUMENT );
2581 }
2582}
2583
2584psa_status_t psa_driver_wrapper_mac_verify_finish(
2585 psa_mac_operation_t *operation,
2586 const uint8_t *mac,
2587 size_t mac_length )
2588{
2589 switch( operation->id )
2590 {
2591#if defined(MBEDTLS_PSA_BUILTIN_MAC)
2592 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2593 return( mbedtls_psa_mac_verify_finish( &operation->ctx.mbedtls_ctx,
2594 mac, mac_length ) );
2595#endif /* MBEDTLS_PSA_BUILTIN_MAC */
2596
2597#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2598#if defined(PSA_CRYPTO_DRIVER_TEST)
2599 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2600 return( mbedtls_test_transparent_mac_verify_finish(
2601 &operation->ctx.transparent_test_driver_ctx,
2602 mac, mac_length ) );
2603
2604 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
2605 return( mbedtls_test_opaque_mac_verify_finish(
2606 &operation->ctx.opaque_test_driver_ctx,
2607 mac, mac_length ) );
2608#endif /* PSA_CRYPTO_DRIVER_TEST */
2609#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2610 default:
2611 (void) mac;
2612 (void) mac_length;
2613 return( PSA_ERROR_INVALID_ARGUMENT );
2614 }
2615}
2616
2617psa_status_t psa_driver_wrapper_mac_abort(
2618 psa_mac_operation_t *operation )
2619{
2620 switch( operation->id )
2621 {
2622#if defined(MBEDTLS_PSA_BUILTIN_MAC)
2623 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2624 return( mbedtls_psa_mac_abort( &operation->ctx.mbedtls_ctx ) );
2625#endif /* MBEDTLS_PSA_BUILTIN_MAC */
2626
2627#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2628#if defined(PSA_CRYPTO_DRIVER_TEST)
2629 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2630 return( mbedtls_test_transparent_mac_abort(
2631 &operation->ctx.transparent_test_driver_ctx ) );
2632 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
2633 return( mbedtls_test_opaque_mac_abort(
2634 &operation->ctx.opaque_test_driver_ctx ) );
2635#endif /* PSA_CRYPTO_DRIVER_TEST */
2636#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2637 default:
2638 return( PSA_ERROR_INVALID_ARGUMENT );
2639 }
2640}
2641
2642/*
2643 * Asymmetric cryptography
2644 */
2645psa_status_t psa_driver_wrapper_asymmetric_encrypt(
2646 const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
2647 size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input,
2648 size_t input_length, const uint8_t *salt, size_t salt_length,
2649 uint8_t *output, size_t output_size, size_t *output_length )
2650{
2651 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2652 psa_key_location_t location =
2653 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
2654
2655 switch( location )
2656 {
2657 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2658 /* Key is stored in the slot in export representation, so
2659 * cycle through all known transparent accelerators */
2660#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2661#if defined(PSA_CRYPTO_DRIVER_TEST)
2662 status = mbedtls_test_transparent_asymmetric_encrypt( attributes,
2663 key_buffer, key_buffer_size, alg, input, input_length,
2664 salt, salt_length, output, output_size,
2665 output_length );
2666 /* Declared with fallback == true */
2667 if( status != PSA_ERROR_NOT_SUPPORTED )
2668 return( status );
2669#endif /* PSA_CRYPTO_DRIVER_TEST */
2670#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2671 return( mbedtls_psa_asymmetric_encrypt( attributes,
2672 key_buffer, key_buffer_size, alg, input, input_length,
2673 salt, salt_length, output, output_size, output_length )
2674 );
2675 /* Add cases for opaque driver here */
2676#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2677#if defined(PSA_CRYPTO_DRIVER_TEST)
2678 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2679 return( mbedtls_test_opaque_asymmetric_encrypt( attributes,
2680 key_buffer, key_buffer_size, alg, input, input_length,
2681 salt, salt_length, output, output_size, output_length )
2682 );
2683#endif /* PSA_CRYPTO_DRIVER_TEST */
2684#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2685
2686 default:
2687 /* Key is declared with a lifetime not known to us */
2688 (void)status;
2689 (void)key_buffer;
2690 (void)key_buffer_size;
2691 (void)alg;
2692 (void)input;
2693 (void)input_length;
2694 (void)salt;
2695 (void)salt_length;
2696 (void)output;
2697 (void)output_size;
2698 (void)output_length;
2699 return( PSA_ERROR_INVALID_ARGUMENT );
2700 }
2701}
2702
2703psa_status_t psa_driver_wrapper_asymmetric_decrypt(
2704 const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
2705 size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input,
2706 size_t input_length, const uint8_t *salt, size_t salt_length,
2707 uint8_t *output, size_t output_size, size_t *output_length )
2708{
2709 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2710 psa_key_location_t location =
2711 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
2712
2713 switch( location )
2714 {
2715 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2716 /* Key is stored in the slot in export representation, so
2717 * cycle through all known transparent accelerators */
2718#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2719#if defined(PSA_CRYPTO_DRIVER_TEST)
2720 status = mbedtls_test_transparent_asymmetric_decrypt( attributes,
2721 key_buffer, key_buffer_size, alg, input, input_length,
2722 salt, salt_length, output, output_size,
2723 output_length );
2724 /* Declared with fallback == true */
2725 if( status != PSA_ERROR_NOT_SUPPORTED )
2726 return( status );
2727#endif /* PSA_CRYPTO_DRIVER_TEST */
2728#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2729 return( mbedtls_psa_asymmetric_decrypt( attributes,
2730 key_buffer, key_buffer_size, alg,input, input_length,
2731 salt, salt_length, output, output_size,
2732 output_length ) );
2733 /* Add cases for opaque driver here */
2734#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2735#if defined(PSA_CRYPTO_DRIVER_TEST)
2736 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2737 return( mbedtls_test_opaque_asymmetric_decrypt( attributes,
2738 key_buffer, key_buffer_size, alg, input, input_length,
2739 salt, salt_length, output, output_size,
2740 output_length ) );
2741#endif /* PSA_CRYPTO_DRIVER_TEST */
2742#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2743
2744 default:
2745 /* Key is declared with a lifetime not known to us */
2746 (void)status;
2747 (void)key_buffer;
2748 (void)key_buffer_size;
2749 (void)alg;
2750 (void)input;
2751 (void)input_length;
2752 (void)salt;
2753 (void)salt_length;
2754 (void)output;
2755 (void)output_size;
2756 (void)output_length;
2757 return( PSA_ERROR_INVALID_ARGUMENT );
2758 }
2759}
2760
2761psa_status_t psa_driver_wrapper_key_agreement(
2762 const psa_key_attributes_t *attributes,
2763 const uint8_t *key_buffer,
2764 size_t key_buffer_size,
2765 psa_algorithm_t alg,
2766 const uint8_t *peer_key,
2767 size_t peer_key_length,
2768 uint8_t *shared_secret,
2769 size_t shared_secret_size,
2770 size_t *shared_secret_length
2771 )
2772 {
2773 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2774 psa_key_location_t location =
2775 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
2776
2777 switch( location )
2778 {
2779 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2780 /* Key is stored in the slot in export representation, so
2781 * cycle through all known transparent accelerators */
2782#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2783#if defined(PSA_CRYPTO_DRIVER_TEST)
2784 status =
2785 mbedtls_test_transparent_key_agreement( attributes,
2786 key_buffer, key_buffer_size, alg, peer_key,
2787 peer_key_length, shared_secret, shared_secret_size,
2788 shared_secret_length );
2789 if( status != PSA_ERROR_NOT_SUPPORTED )
2790 return( status );
2791#endif /* PSA_CRYPTO_DRIVER_TEST */
2792#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2793
2794 /* Software Fallback */
2795 status = psa_key_agreement_raw_builtin( attributes,
2796 key_buffer,
2797 key_buffer_size,
2798 alg,
2799 peer_key,
2800 peer_key_length,
2801 shared_secret,
2802 shared_secret_size,
2803 shared_secret_length );
2804 return( status );
2805#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2806#if defined(PSA_CRYPTO_DRIVER_TEST)
2807 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2808 return( mbedtls_test_opaque_key_agreement( attributes,
2809 key_buffer, key_buffer_size, alg, peer_key,
2810 peer_key_length, shared_secret, shared_secret_size,
2811 shared_secret_length ) );
2812#endif /* PSA_CRYPTO_DRIVER_TEST */
2813#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2814
2815 default:
2816 (void) attributes;
2817 (void) key_buffer;
2818 (void) key_buffer_size;
2819 (void) peer_key;
2820 (void) peer_key_length;
2821 (void) shared_secret;
2822 (void) shared_secret_size;
2823 (void) shared_secret_length;
2824 return( PSA_ERROR_NOT_SUPPORTED );
2825
2826 }
2827 }
2828
2829psa_status_t psa_driver_wrapper_pake_setup(
2830 psa_pake_operation_t *operation,
2831 const psa_crypto_driver_pake_inputs_t *inputs )
2832{
2833 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2834
2835 psa_key_location_t location =
2836 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime( &inputs->attributes ) );
2837
2838 switch( location )
2839 {
2840 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2841 /* Key is stored in the slot in export representation, so
2842 * cycle through all known transparent accelerators */
2843#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2844#if defined(PSA_CRYPTO_DRIVER_TEST)
2845 status = mbedtls_test_transparent_pake_setup(
2846 &operation->data.ctx.transparent_test_driver_ctx,
2847 inputs );
2848 if( status == PSA_SUCCESS )
2849 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
2850 /* Declared with fallback == true */
2851 if( status != PSA_ERROR_NOT_SUPPORTED )
2852 return( status );
2853#endif /* PSA_CRYPTO_DRIVER_TEST */
2854#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2855#if defined(MBEDTLS_PSA_BUILTIN_PAKE)
2856 status = mbedtls_psa_pake_setup( &operation->data.ctx.mbedtls_ctx,
2857 inputs );
2858 if( status == PSA_SUCCESS )
2859 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
2860 return status;
2861#endif
2862 return( PSA_ERROR_NOT_SUPPORTED );
2863 /* Add cases for opaque driver here */
2864 default:
2865 /* Key is declared with a lifetime not known to us */
2866 (void)operation;
2867 (void)inputs;
2868 (void)status;
2869 return( PSA_ERROR_INVALID_ARGUMENT );
2870 }
2871}
2872psa_status_t psa_driver_wrapper_pake_output(
2873 psa_pake_operation_t *operation,
2874 psa_crypto_driver_pake_step_t step,
2875 uint8_t *output,
2876 size_t output_size,
2877 size_t *output_length )
2878{
2879 switch( operation->id )
2880 {
2881#if defined(MBEDTLS_PSA_BUILTIN_PAKE)
2882 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2883 return( mbedtls_psa_pake_output( &operation->data.ctx.mbedtls_ctx, step,
2884 output, output_size, output_length ) );
2885#endif /* MBEDTLS_PSA_BUILTIN_PAKE */
2886
2887#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2888#if defined(PSA_CRYPTO_DRIVER_TEST)
2889 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2890 return( mbedtls_test_transparent_pake_output(
2891 &operation->data.ctx.transparent_test_driver_ctx,
2892 step, output, output_size, output_length ) );
2893#endif /* PSA_CRYPTO_DRIVER_TEST */
2894#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2895 default:
2896 (void) step;
2897 (void) output;
2898 (void) output_size;
2899 (void) output_length;
2900 return( PSA_ERROR_INVALID_ARGUMENT );
2901 }
2902}
2903
2904psa_status_t psa_driver_wrapper_pake_input(
2905 psa_pake_operation_t *operation,
2906 psa_crypto_driver_pake_step_t step,
2907 const uint8_t *input,
2908 size_t input_length )
2909{
2910 switch( operation->id )
2911 {
2912#if defined(MBEDTLS_PSA_BUILTIN_PAKE)
2913 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2914 return( mbedtls_psa_pake_input( &operation->data.ctx.mbedtls_ctx,
2915 step, input,
2916 input_length ) );
2917#endif /* MBEDTLS_PSA_BUILTIN_PAKE */
2918
2919#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2920#if defined(PSA_CRYPTO_DRIVER_TEST)
2921 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2922 return( mbedtls_test_transparent_pake_input(
2923 &operation->data.ctx.transparent_test_driver_ctx,
2924 step,
2925 input, input_length ) );
2926#endif /* PSA_CRYPTO_DRIVER_TEST */
2927#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2928 default:
2929 (void) step;
2930 (void) input;
2931 (void) input_length;
2932 return( PSA_ERROR_INVALID_ARGUMENT );
2933 }
2934}
2935
2936psa_status_t psa_driver_wrapper_pake_get_implicit_key(
2937 psa_pake_operation_t *operation,
2938 uint8_t *output, size_t output_size,
2939 size_t *output_length )
2940{
2941 switch( operation->id )
2942 {
2943#if defined(MBEDTLS_PSA_BUILTIN_PAKE)
2944 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2945 return( mbedtls_psa_pake_get_implicit_key( &operation->data.ctx.mbedtls_ctx,
2946 output, output_size, output_length ) );
2947#endif /* MBEDTLS_PSA_BUILTIN_PAKE */
2948
2949#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2950#if defined(PSA_CRYPTO_DRIVER_TEST)
2951 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2952 return( mbedtls_test_transparent_pake_get_implicit_key(
2953 &operation->data.ctx.transparent_test_driver_ctx,
2954 output, output_size, output_length ) );
2955#endif /* PSA_CRYPTO_DRIVER_TEST */
2956#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2957 default:
2958 (void) output;
2959 (void) output_size;
2960 (void) output_length;
2961 return( PSA_ERROR_INVALID_ARGUMENT );
2962 }
2963}
2964
2965psa_status_t psa_driver_wrapper_pake_abort(
2966 psa_pake_operation_t * operation )
2967{
2968 switch( operation->id )
2969 {
2970#if defined(MBEDTLS_PSA_BUILTIN_PAKE)
2971 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2972 return( mbedtls_psa_pake_abort( &operation->data.ctx.mbedtls_ctx ) );
2973#endif /* MBEDTLS_PSA_BUILTIN_PAKE */
2974
2975#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2976#if defined(PSA_CRYPTO_DRIVER_TEST)
2977 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2978 return( mbedtls_test_transparent_pake_abort(
2979 &operation->data.ctx.transparent_test_driver_ctx ) );
2980#endif /* PSA_CRYPTO_DRIVER_TEST */
2981#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2982 default:
2983 return( PSA_ERROR_INVALID_ARGUMENT );
2984 }
2985}
2986
2987#endif /* MBEDTLS_PSA_CRYPTO_C */