TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / ee649bc91804f581d4298046cf7e16a3f654995c / . / library / psa_crypto_driver_wrappers.h
blob: b9015572084c39ea09dd25fe74fec4df3a802d59 [file] [log] [blame]
David Horstmann0d111762024-08-28 20:49:12 +0100[diff] [blame]1/*
2 * Functions to delegate cryptographic operations to an available
3 * and appropriate accelerator.
4 * Warning: This file is now auto-generated.
5 */
6/* Copyright The Mbed TLS Contributors
7 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
8 */
9
10
11/* BEGIN-common headers */
12#include "common.h"
13#include "psa_crypto_aead.h"
14#include "psa_crypto_cipher.h"
15#include "psa_crypto_core.h"
16#include "psa_crypto_driver_wrappers_no_static.h"
17#include "psa_crypto_hash.h"
18#include "psa_crypto_mac.h"
19#include "psa_crypto_pake.h"
20#include "psa_crypto_rsa.h"
21
22#include "mbedtls/platform.h"
23#include "mbedtls/constant_time.h"
24/* END-common headers */
25
26#if defined(MBEDTLS_PSA_CRYPTO_C)
27
28/* BEGIN-driver headers */
29/* Headers for mbedtls_test opaque driver */
30#if defined(PSA_CRYPTO_DRIVER_TEST)
31#include "test/drivers/test_driver.h"
32
33#endif
34/* Headers for mbedtls_test transparent driver */
35#if defined(PSA_CRYPTO_DRIVER_TEST)
36#include "test/drivers/test_driver.h"
37
38#endif
39/* Headers for p256 transparent driver */
40#if defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED)
41#include "../3rdparty/p256-m/p256-m_driver_entrypoints.h"
42
43#endif
44
45/* END-driver headers */
46
47/* Auto-generated values depending on which drivers are registered.
48 * ID 0 is reserved for unallocated operations.
49 * ID 1 is reserved for the Mbed TLS software driver. */
50/* BEGIN-driver id definition */
51#define PSA_CRYPTO_MBED_TLS_DRIVER_ID (1)
52#define MBEDTLS_TEST_OPAQUE_DRIVER_ID (2)
53#define MBEDTLS_TEST_TRANSPARENT_DRIVER_ID (3)
54#define P256_TRANSPARENT_DRIVER_ID (4)
55
56/* END-driver id */
57
58/* BEGIN-Common Macro definitions */
59
60/* END-Common Macro definitions */
61
62/* Support the 'old' SE interface when asked to */
63#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
64/* PSA_CRYPTO_DRIVER_PRESENT is defined when either a new-style or old-style
65 * SE driver is present, to avoid unused argument errors at compile time. */
66#ifndef PSA_CRYPTO_DRIVER_PRESENT
67#define PSA_CRYPTO_DRIVER_PRESENT
68#endif
69#include "psa_crypto_se.h"
70#endif
71
72static inline psa_status_t psa_driver_wrapper_init( void )
73{
74 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
75
76#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
77 status = psa_init_all_se_drivers( );
78 if( status != PSA_SUCCESS )
79 return( status );
80#endif
81
82#if defined(PSA_CRYPTO_DRIVER_TEST)
83 status = mbedtls_test_transparent_init( );
84 if( status != PSA_SUCCESS )
85 return( status );
86
87 status = mbedtls_test_opaque_init( );
88 if( status != PSA_SUCCESS )
89 return( status );
90#endif
91
92 (void) status;
93 return( PSA_SUCCESS );
94}
95
96static inline void psa_driver_wrapper_free( void )
97{
98#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
99 /* Unregister all secure element drivers, so that we restart from
100 * a pristine state. */
101 psa_unregister_all_se_drivers( );
102#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
103
104#if defined(PSA_CRYPTO_DRIVER_TEST)
105 mbedtls_test_transparent_free( );
106 mbedtls_test_opaque_free( );
107#endif
108}
109
110/* Start delegation functions */
111static inline psa_status_t psa_driver_wrapper_sign_message(
112 const psa_key_attributes_t *attributes,
113 const uint8_t *key_buffer,
114 size_t key_buffer_size,
115 psa_algorithm_t alg,
116 const uint8_t *input,
117 size_t input_length,
118 uint8_t *signature,
119 size_t signature_size,
120 size_t *signature_length )
121{
122 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
123 psa_key_location_t location =
124 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
125
126 switch( location )
127 {
128 case PSA_KEY_LOCATION_LOCAL_STORAGE:
129 /* Key is stored in the slot in export representation, so
130 * cycle through all known transparent accelerators */
131#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
132#if defined(PSA_CRYPTO_DRIVER_TEST)
133 status = mbedtls_test_transparent_signature_sign_message(
134 attributes,
135 key_buffer,
136 key_buffer_size,
137 alg,
138 input,
139 input_length,
140 signature,
141 signature_size,
142 signature_length );
143 /* Declared with fallback == true */
144 if( status != PSA_ERROR_NOT_SUPPORTED )
145 return( status );
146#endif /* PSA_CRYPTO_DRIVER_TEST */
147#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
148 break;
149
150 /* Add cases for opaque driver here */
151#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
152#if defined(PSA_CRYPTO_DRIVER_TEST)
153 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
154 status = mbedtls_test_opaque_signature_sign_message(
155 attributes,
156 key_buffer,
157 key_buffer_size,
158 alg,
159 input,
160 input_length,
161 signature,
162 signature_size,
163 signature_length );
164 if( status != PSA_ERROR_NOT_SUPPORTED )
165 return( status );
166 break;
167#endif /* PSA_CRYPTO_DRIVER_TEST */
168#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
169 default:
170 /* Key is declared with a lifetime not known to us */
171 (void)status;
172 break;
173 }
174
175 return( psa_sign_message_builtin( attributes,
176 key_buffer,
177 key_buffer_size,
178 alg,
179 input,
180 input_length,
181 signature,
182 signature_size,
183 signature_length ) );
184}
185
186static inline psa_status_t psa_driver_wrapper_verify_message(
187 const psa_key_attributes_t *attributes,
188 const uint8_t *key_buffer,
189 size_t key_buffer_size,
190 psa_algorithm_t alg,
191 const uint8_t *input,
192 size_t input_length,
193 const uint8_t *signature,
194 size_t signature_length )
195{
196 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
197 psa_key_location_t location =
198 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
199
200 switch( location )
201 {
202 case PSA_KEY_LOCATION_LOCAL_STORAGE:
203 /* Key is stored in the slot in export representation, so
204 * cycle through all known transparent accelerators */
205#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
206#if defined(PSA_CRYPTO_DRIVER_TEST)
207 status = mbedtls_test_transparent_signature_verify_message(
208 attributes,
209 key_buffer,
210 key_buffer_size,
211 alg,
212 input,
213 input_length,
214 signature,
215 signature_length );
216 /* Declared with fallback == true */
217 if( status != PSA_ERROR_NOT_SUPPORTED )
218 return( status );
219#endif /* PSA_CRYPTO_DRIVER_TEST */
220#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
221 break;
222
223 /* Add cases for opaque driver here */
224#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
225#if defined(PSA_CRYPTO_DRIVER_TEST)
226 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
227 return( mbedtls_test_opaque_signature_verify_message(
228 attributes,
229 key_buffer,
230 key_buffer_size,
231 alg,
232 input,
233 input_length,
234 signature,
235 signature_length ) );
236 if( status != PSA_ERROR_NOT_SUPPORTED )
237 return( status );
238 break;
239#endif /* PSA_CRYPTO_DRIVER_TEST */
240#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
241 default:
242 /* Key is declared with a lifetime not known to us */
243 (void)status;
244 break;
245 }
246
247 return( psa_verify_message_builtin( attributes,
248 key_buffer,
249 key_buffer_size,
250 alg,
251 input,
252 input_length,
253 signature,
254 signature_length ) );
255}
256
257static inline psa_status_t psa_driver_wrapper_sign_hash(
258 const psa_key_attributes_t *attributes,
259 const uint8_t *key_buffer, size_t key_buffer_size,
260 psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
261 uint8_t *signature, size_t signature_size, size_t *signature_length )
262{
263 /* Try dynamically-registered SE interface first */
264#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
265 const psa_drv_se_t *drv;
266 psa_drv_se_context_t *drv_context;
267
268 if( psa_get_se_driver( psa_get_key_lifetime(attributes), &drv, &drv_context ) )
269 {
270 if( drv->asymmetric == NULL ||
271 drv->asymmetric->p_sign == NULL )
272 {
273 /* Key is defined in SE, but we have no way to exercise it */
274 return( PSA_ERROR_NOT_SUPPORTED );
275 }
276 return( drv->asymmetric->p_sign(
277 drv_context, *( (psa_key_slot_number_t *)key_buffer ),
278 alg, hash, hash_length,
279 signature, signature_size, signature_length ) );
280 }
281#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
282
283 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
284 psa_key_location_t location =
285 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
286
287 switch( location )
288 {
289 case PSA_KEY_LOCATION_LOCAL_STORAGE:
290 /* Key is stored in the slot in export representation, so
291 * cycle through all known transparent accelerators */
292#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
293#if defined(PSA_CRYPTO_DRIVER_TEST)
294 status = mbedtls_test_transparent_signature_sign_hash( attributes,
295 key_buffer,
296 key_buffer_size,
297 alg,
298 hash,
299 hash_length,
300 signature,
301 signature_size,
302 signature_length );
303 /* Declared with fallback == true */
304 if( status != PSA_ERROR_NOT_SUPPORTED )
305 return( status );
306#endif /* PSA_CRYPTO_DRIVER_TEST */
307#if defined (MBEDTLS_PSA_P256M_DRIVER_ENABLED)
308 if( PSA_KEY_TYPE_IS_ECC( psa_get_key_type(attributes) ) &&
309 PSA_ALG_IS_ECDSA(alg) &&
310 !PSA_ALG_ECDSA_IS_DETERMINISTIC( alg ) &&
311 PSA_KEY_TYPE_ECC_GET_FAMILY(psa_get_key_type(attributes)) == PSA_ECC_FAMILY_SECP_R1 &&
312 psa_get_key_bits(attributes) == 256 )
313 {
314 status = p256_transparent_sign_hash( attributes,
315 key_buffer,
316 key_buffer_size,
317 alg,
318 hash,
319 hash_length,
320 signature,
321 signature_size,
322 signature_length );
323 if( status != PSA_ERROR_NOT_SUPPORTED )
324 return( status );
325 }
326#endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */
327#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
328 /* Fell through, meaning no accelerator supports this operation */
329 return( psa_sign_hash_builtin( attributes,
330 key_buffer,
331 key_buffer_size,
332 alg,
333 hash,
334 hash_length,
335 signature,
336 signature_size,
337 signature_length ) );
338
339 /* Add cases for opaque driver here */
340#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
341#if defined(PSA_CRYPTO_DRIVER_TEST)
342 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
343 return( mbedtls_test_opaque_signature_sign_hash( attributes,
344 key_buffer,
345 key_buffer_size,
346 alg,
347 hash,
348 hash_length,
349 signature,
350 signature_size,
351 signature_length ) );
352#endif /* PSA_CRYPTO_DRIVER_TEST */
353#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
354 default:
355 /* Key is declared with a lifetime not known to us */
356 (void)status;
357 return( PSA_ERROR_INVALID_ARGUMENT );
358 }
359}
360
361static inline psa_status_t psa_driver_wrapper_verify_hash(
362 const psa_key_attributes_t *attributes,
363 const uint8_t *key_buffer, size_t key_buffer_size,
364 psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
365 const uint8_t *signature, size_t signature_length )
366{
367 /* Try dynamically-registered SE interface first */
368#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
369 const psa_drv_se_t *drv;
370 psa_drv_se_context_t *drv_context;
371
372 if( psa_get_se_driver( psa_get_key_lifetime(attributes), &drv, &drv_context ) )
373 {
374 if( drv->asymmetric == NULL ||
375 drv->asymmetric->p_verify == NULL )
376 {
377 /* Key is defined in SE, but we have no way to exercise it */
378 return( PSA_ERROR_NOT_SUPPORTED );
379 }
380 return( drv->asymmetric->p_verify(
381 drv_context, *( (psa_key_slot_number_t *)key_buffer ),
382 alg, hash, hash_length,
383 signature, signature_length ) );
384 }
385#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
386
387 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
388 psa_key_location_t location =
389 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
390
391 switch( location )
392 {
393 case PSA_KEY_LOCATION_LOCAL_STORAGE:
394 /* Key is stored in the slot in export representation, so
395 * cycle through all known transparent accelerators */
396#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
397#if defined(PSA_CRYPTO_DRIVER_TEST)
398 status = mbedtls_test_transparent_signature_verify_hash(
399 attributes,
400 key_buffer,
401 key_buffer_size,
402 alg,
403 hash,
404 hash_length,
405 signature,
406 signature_length );
407 /* Declared with fallback == true */
408 if( status != PSA_ERROR_NOT_SUPPORTED )
409 return( status );
410#endif /* PSA_CRYPTO_DRIVER_TEST */
411#if defined (MBEDTLS_PSA_P256M_DRIVER_ENABLED)
412 if( PSA_KEY_TYPE_IS_ECC( psa_get_key_type(attributes) ) &&
413 PSA_ALG_IS_ECDSA(alg) &&
414 !PSA_ALG_ECDSA_IS_DETERMINISTIC( alg ) &&
415 PSA_KEY_TYPE_ECC_GET_FAMILY(psa_get_key_type(attributes)) == PSA_ECC_FAMILY_SECP_R1 &&
416 psa_get_key_bits(attributes) == 256 )
417 {
418 status = p256_transparent_verify_hash( attributes,
419 key_buffer,
420 key_buffer_size,
421 alg,
422 hash,
423 hash_length,
424 signature,
425 signature_length );
426 if( status != PSA_ERROR_NOT_SUPPORTED )
427 return( status );
428 }
429#endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */
430#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
431
432 return( psa_verify_hash_builtin( attributes,
433 key_buffer,
434 key_buffer_size,
435 alg,
436 hash,
437 hash_length,
438 signature,
439 signature_length ) );
440
441 /* Add cases for opaque driver here */
442#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
443#if defined(PSA_CRYPTO_DRIVER_TEST)
444 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
445 return( mbedtls_test_opaque_signature_verify_hash( attributes,
446 key_buffer,
447 key_buffer_size,
448 alg,
449 hash,
450 hash_length,
451 signature,
452 signature_length ) );
453#endif /* PSA_CRYPTO_DRIVER_TEST */
454#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
455 default:
456 /* Key is declared with a lifetime not known to us */
457 (void)status;
458 return( PSA_ERROR_INVALID_ARGUMENT );
459 }
460}
461
462static inline uint32_t psa_driver_wrapper_sign_hash_get_num_ops(
463 psa_sign_hash_interruptible_operation_t *operation )
464{
465 switch( operation->id )
466 {
467 /* If uninitialised, return 0, as no work can have been done. */
468 case 0:
469 return 0;
470
471 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
472 return(mbedtls_psa_sign_hash_get_num_ops(&operation->ctx.mbedtls_ctx));
473
474#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
475#if defined(PSA_CRYPTO_DRIVER_TEST)
476 /* Add test driver tests here */
477
478#endif /* PSA_CRYPTO_DRIVER_TEST */
479#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
480 }
481
482 /* Can't happen (see discussion in #8271) */
483 return 0;
484}
485
486static inline uint32_t psa_driver_wrapper_verify_hash_get_num_ops(
487 psa_verify_hash_interruptible_operation_t *operation )
488{
489 switch( operation->id )
490 {
491 /* If uninitialised, return 0, as no work can have been done. */
492 case 0:
493 return 0;
494
495 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
496 return (mbedtls_psa_verify_hash_get_num_ops(&operation->ctx.mbedtls_ctx));
497
498#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
499#if defined(PSA_CRYPTO_DRIVER_TEST)
500 /* Add test driver tests here */
501
502#endif /* PSA_CRYPTO_DRIVER_TEST */
503#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
504
505 }
506
507 /* Can't happen (see discussion in #8271) */
508 return 0;
509}
510
511static inline psa_status_t psa_driver_wrapper_sign_hash_start(
512 psa_sign_hash_interruptible_operation_t *operation,
513 const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
514 size_t key_buffer_size, psa_algorithm_t alg,
515 const uint8_t *hash, size_t hash_length )
516{
517 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
518 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
519 psa_get_key_lifetime(attributes) );
520
521 switch( location )
522 {
523 case PSA_KEY_LOCATION_LOCAL_STORAGE:
524 /* Key is stored in the slot in export representation, so
525 * cycle through all known transparent accelerators */
526
527#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
528#if defined(PSA_CRYPTO_DRIVER_TEST)
529
530 /* Add test driver tests here */
531
532 /* Declared with fallback == true */
533
534#endif /* PSA_CRYPTO_DRIVER_TEST */
535#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
536
537 /* Fell through, meaning no accelerator supports this operation */
538 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
539 status = mbedtls_psa_sign_hash_start( &operation->ctx.mbedtls_ctx,
540 attributes,
541 key_buffer, key_buffer_size,
542 alg, hash, hash_length );
543 break;
544
545 /* Add cases for opaque driver here */
546
547 default:
548 /* Key is declared with a lifetime not known to us */
549 status = PSA_ERROR_INVALID_ARGUMENT;
550 break;
551 }
552
553 return( status );
554}
555
556static inline psa_status_t psa_driver_wrapper_sign_hash_complete(
557 psa_sign_hash_interruptible_operation_t *operation,
558 uint8_t *signature, size_t signature_size,
559 size_t *signature_length )
560{
561 switch( operation->id )
562 {
563 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
564 return( mbedtls_psa_sign_hash_complete( &operation->ctx.mbedtls_ctx,
565 signature, signature_size,
566 signature_length ) );
567
568#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
569#if defined(PSA_CRYPTO_DRIVER_TEST)
570 /* Add test driver tests here */
571
572#endif /* PSA_CRYPTO_DRIVER_TEST */
573#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
574 }
575
576 ( void ) signature;
577 ( void ) signature_size;
578 ( void ) signature_length;
579
580 return( PSA_ERROR_INVALID_ARGUMENT );
581}
582
583static inline psa_status_t psa_driver_wrapper_sign_hash_abort(
584 psa_sign_hash_interruptible_operation_t *operation )
585{
586 switch( operation->id )
587 {
588 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
589 return( mbedtls_psa_sign_hash_abort( &operation->ctx.mbedtls_ctx ) );
590
591#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
592#if defined(PSA_CRYPTO_DRIVER_TEST)
593 /* Add test driver tests here */
594
595#endif /* PSA_CRYPTO_DRIVER_TEST */
596#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
597 }
598
599 return( PSA_ERROR_INVALID_ARGUMENT );
600}
601
602static inline psa_status_t psa_driver_wrapper_verify_hash_start(
603 psa_verify_hash_interruptible_operation_t *operation,
604 const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
605 size_t key_buffer_size, psa_algorithm_t alg,
606 const uint8_t *hash, size_t hash_length,
607 const uint8_t *signature, size_t signature_length )
608{
609 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
610 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
611 psa_get_key_lifetime(attributes) );
612
613 switch( location )
614 {
615 case PSA_KEY_LOCATION_LOCAL_STORAGE:
616 /* Key is stored in the slot in export representation, so
617 * cycle through all known transparent accelerators */
618
619#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
620#if defined(PSA_CRYPTO_DRIVER_TEST)
621
622 /* Add test driver tests here */
623
624 /* Declared with fallback == true */
625
626#endif /* PSA_CRYPTO_DRIVER_TEST */
627#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
628
629 /* Fell through, meaning no accelerator supports this operation */
630 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
631 status = mbedtls_psa_verify_hash_start( &operation->ctx.mbedtls_ctx,
632 attributes,
633 key_buffer, key_buffer_size,
634 alg, hash, hash_length,
635 signature, signature_length );
636 break;
637
638 /* Add cases for opaque driver here */
639
640 default:
641 /* Key is declared with a lifetime not known to us */
642 status = PSA_ERROR_INVALID_ARGUMENT;
643 break;
644 }
645
646 return( status );
647}
648
649static inline psa_status_t psa_driver_wrapper_verify_hash_complete(
650 psa_verify_hash_interruptible_operation_t *operation )
651{
652 switch( operation->id )
653 {
654 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
655 return( mbedtls_psa_verify_hash_complete(
656 &operation->ctx.mbedtls_ctx
657 ) );
658
659#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
660#if defined(PSA_CRYPTO_DRIVER_TEST)
661 /* Add test driver tests here */
662
663#endif /* PSA_CRYPTO_DRIVER_TEST */
664#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
665 }
666
667 return( PSA_ERROR_INVALID_ARGUMENT );
668}
669
670static inline psa_status_t psa_driver_wrapper_verify_hash_abort(
671 psa_verify_hash_interruptible_operation_t *operation )
672{
673 switch( operation->id )
674 {
675 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
676 return( mbedtls_psa_verify_hash_abort( &operation->ctx.mbedtls_ctx
677 ) );
678
679#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
680#if defined(PSA_CRYPTO_DRIVER_TEST)
681 /* Add test driver tests here */
682
683#endif /* PSA_CRYPTO_DRIVER_TEST */
684#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
685 }
686
687 return( PSA_ERROR_INVALID_ARGUMENT );
688}
689
690/** Calculate the key buffer size required to store the key material of a key
691 * associated with an opaque driver from input key data.
692 *
693 * \param[in] attributes The key attributes
694 * \param[in] data The input key data.
695 * \param[in] data_length The input data length.
696 * \param[out] key_buffer_size Minimum buffer size to contain the key material.
697 *
698 * \retval #PSA_SUCCESS \emptydescription
699 * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
700 * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
701 */
702static inline psa_status_t psa_driver_wrapper_get_key_buffer_size_from_key_data(
703 const psa_key_attributes_t *attributes,
704 const uint8_t *data,
705 size_t data_length,
706 size_t *key_buffer_size )
707{
708 psa_key_location_t location =
709 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
710 psa_key_type_t key_type = psa_get_key_type(attributes);
711
712 *key_buffer_size = 0;
713 switch( location )
714 {
715#if defined(PSA_CRYPTO_DRIVER_TEST)
716 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
717 *key_buffer_size = mbedtls_test_opaque_size_function( key_type,
718 PSA_BYTES_TO_BITS( data_length ) );
719 return( ( *key_buffer_size != 0 ) ?
720 PSA_SUCCESS : PSA_ERROR_NOT_SUPPORTED );
721#endif /* PSA_CRYPTO_DRIVER_TEST */
722
723 default:
724 (void)key_type;
725 (void)data;
726 (void)data_length;
727 return( PSA_ERROR_INVALID_ARGUMENT );
728 }
729}
730
731static inline psa_status_t psa_driver_wrapper_generate_key(
732 const psa_key_attributes_t *attributes,
733 const psa_custom_key_parameters_t *custom,
734 const uint8_t *custom_data, size_t custom_data_length,
735 uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
736{
737 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
738 psa_key_location_t location =
739 PSA_KEY_LIFETIME_GET_LOCATION(psa_get_key_lifetime(attributes));
740
741#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE)
742 int is_default_production =
743 psa_custom_key_parameters_are_default(custom, custom_data_length);
744 if( location != PSA_KEY_LOCATION_LOCAL_STORAGE && !is_default_production )
745 {
746 /* We don't support passing custom production parameters
747 * to drivers yet. */
748 return PSA_ERROR_NOT_SUPPORTED;
749 }
750#else
751 int is_default_production = 1;
752 (void) is_default_production;
753#endif
754
755 /* Try dynamically-registered SE interface first */
756#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
757 const psa_drv_se_t *drv;
758 psa_drv_se_context_t *drv_context;
759
760 if( psa_get_se_driver( psa_get_key_lifetime(attributes), &drv, &drv_context ) )
761 {
762 size_t pubkey_length = 0; /* We don't support this feature yet */
763 if( drv->key_management == NULL ||
764 drv->key_management->p_generate == NULL )
765 {
766 /* Key is defined as being in SE, but we have no way to generate it */
767 return( PSA_ERROR_NOT_SUPPORTED );
768 }
769 return( drv->key_management->p_generate(
770 drv_context,
771 *( (psa_key_slot_number_t *)key_buffer ),
772 attributes, NULL, 0, &pubkey_length ) );
773 }
774#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
775
776 switch( location )
777 {
778 case PSA_KEY_LOCATION_LOCAL_STORAGE:
779#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
780 /* Transparent drivers are limited to generating asymmetric keys. */
781 /* We don't support passing custom production parameters
782 * to drivers yet. */
783 if( PSA_KEY_TYPE_IS_ASYMMETRIC( psa_get_key_type(attributes) ) &&
784 is_default_production )
785 {
786 /* Cycle through all known transparent accelerators */
787#if defined(PSA_CRYPTO_DRIVER_TEST)
788 status = mbedtls_test_transparent_generate_key(
789 attributes, key_buffer, key_buffer_size,
790 key_buffer_length );
791 /* Declared with fallback == true */
792 if( status != PSA_ERROR_NOT_SUPPORTED )
793 break;
794#endif /* PSA_CRYPTO_DRIVER_TEST */
795#if defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED)
796 if( PSA_KEY_TYPE_IS_ECC( psa_get_key_type(attributes) ) &&
797 psa_get_key_type(attributes) == PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1) &&
798 psa_get_key_bits(attributes) == 256 )
799 {
800 status = p256_transparent_generate_key( attributes,
801 key_buffer,
802 key_buffer_size,
803 key_buffer_length );
804 if( status != PSA_ERROR_NOT_SUPPORTED )
805 break;
806 }
807
808#endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */
809 }
810#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
811
812 /* Software fallback */
813 status = psa_generate_key_internal(
814 attributes, custom, custom_data, custom_data_length,
815 key_buffer, key_buffer_size, key_buffer_length );
816 break;
817
818 /* Add cases for opaque driver here */
819#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
820#if defined(PSA_CRYPTO_DRIVER_TEST)
821 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
822 status = mbedtls_test_opaque_generate_key(
823 attributes, key_buffer, key_buffer_size, key_buffer_length );
824 break;
825#endif /* PSA_CRYPTO_DRIVER_TEST */
826#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
827
828 default:
829 /* Key is declared with a lifetime not known to us */
830 status = PSA_ERROR_INVALID_ARGUMENT;
831 break;
832 }
833
834 return( status );
835}
836
837static inline psa_status_t psa_driver_wrapper_import_key(
838 const psa_key_attributes_t *attributes,
839 const uint8_t *data,
840 size_t data_length,
841 uint8_t *key_buffer,
842 size_t key_buffer_size,
843 size_t *key_buffer_length,
844 size_t *bits )
845{
846
847 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
848 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
849 psa_get_key_lifetime( attributes ) );
850
851 /* Try dynamically-registered SE interface first */
852#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
853 const psa_drv_se_t *drv;
854 psa_drv_se_context_t *drv_context;
855
856 if( psa_get_se_driver( psa_get_key_lifetime(attributes), &drv, &drv_context ) )
857 {
858 if( drv->key_management == NULL ||
859 drv->key_management->p_import == NULL )
860 return( PSA_ERROR_NOT_SUPPORTED );
861
862 /* The driver should set the number of key bits, however in
863 * case it doesn't, we initialize bits to an invalid value. */
864 *bits = PSA_MAX_KEY_BITS + 1;
865 status = drv->key_management->p_import(
866 drv_context,
867 *( (psa_key_slot_number_t *)key_buffer ),
868 attributes, data, data_length, bits );
869
870 if( status != PSA_SUCCESS )
871 return( status );
872
873 if( (*bits) > PSA_MAX_KEY_BITS )
874 return( PSA_ERROR_NOT_SUPPORTED );
875
876 return( PSA_SUCCESS );
877 }
878#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
879
880 switch( location )
881 {
882 case PSA_KEY_LOCATION_LOCAL_STORAGE:
883 /* Key is stored in the slot in export representation, so
884 * cycle through all known transparent accelerators */
885#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
886
887#if (defined(PSA_CRYPTO_DRIVER_TEST) )
888 status = mbedtls_test_transparent_import_key
889 (attributes,
890 data,
891 data_length,
892 key_buffer,
893 key_buffer_size,
894 key_buffer_length,
895 bits
896 );
897
898 if( status != PSA_ERROR_NOT_SUPPORTED )
899 return( status );
900#endif
901
902#if (defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED) )
903 status = p256_transparent_import_key
904 (attributes,
905 data,
906 data_length,
907 key_buffer,
908 key_buffer_size,
909 key_buffer_length,
910 bits
911 );
912
913 if( status != PSA_ERROR_NOT_SUPPORTED )
914 return( status );
915#endif
916
917
918#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
919
920 /* Fell through, meaning no accelerator supports this operation */
921 return( psa_import_key_into_slot( attributes,
922 data, data_length,
923 key_buffer, key_buffer_size,
924 key_buffer_length, bits ) );
925 /* Add cases for opaque driver here */
926#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
927
928#if (defined(PSA_CRYPTO_DRIVER_TEST) )
929 case 0x7fffff:
930 return( mbedtls_test_opaque_import_key
931 (attributes,
932 data,
933 data_length,
934 key_buffer,
935 key_buffer_size,
936 key_buffer_length,
937 bits
938 ));
939#endif
940
941
942#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
943 default:
944 (void)status;
945 return( PSA_ERROR_INVALID_ARGUMENT );
946 }
947
948}
949
950static inline psa_status_t psa_driver_wrapper_export_key(
951 const psa_key_attributes_t *attributes,
952 const uint8_t *key_buffer, size_t key_buffer_size,
953 uint8_t *data, size_t data_size, size_t *data_length )
954
955{
956
957 psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
958 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
959 psa_get_key_lifetime( attributes ) );
960
961 /* Try dynamically-registered SE interface first */
962#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
963 const psa_drv_se_t *drv;
964 psa_drv_se_context_t *drv_context;
965
966 if( psa_get_se_driver( psa_get_key_lifetime(attributes), &drv, &drv_context ) )
967 {
968 if( ( drv->key_management == NULL ) ||
969 ( drv->key_management->p_export == NULL ) )
970 {
971 return( PSA_ERROR_NOT_SUPPORTED );
972 }
973
974 return( drv->key_management->p_export(
975 drv_context,
976 *( (psa_key_slot_number_t *)key_buffer ),
977 data, data_size, data_length ) );
978 }
979#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
980
981 switch( location )
982 {
983 case PSA_KEY_LOCATION_LOCAL_STORAGE:
984 return( psa_export_key_internal( attributes,
985 key_buffer,
986 key_buffer_size,
987 data,
988 data_size,
989 data_length ) );
990
991 /* Add cases for opaque driver here */
992#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
993
994#if (defined(PSA_CRYPTO_DRIVER_TEST) )
995 case 0x7fffff:
996 return( mbedtls_test_opaque_export_key
997 (attributes,
998 key_buffer,
999 key_buffer_size,
1000 data,
1001 data_size,
1002 data_length
1003 ));
1004#endif
1005
1006
1007#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1008 default:
1009 /* Key is declared with a lifetime not known to us */
1010 return( status );
1011 }
1012
1013}
1014
1015static inline psa_status_t psa_driver_wrapper_copy_key(
1016 psa_key_attributes_t *attributes,
1017 const uint8_t *source_key, size_t source_key_length,
1018 uint8_t *target_key_buffer, size_t target_key_buffer_size,
1019 size_t *target_key_buffer_length )
1020{
1021
1022 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1023 psa_key_location_t location =
1024 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
1025
1026#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
1027 const psa_drv_se_t *drv;
1028 psa_drv_se_context_t *drv_context;
1029
1030 if( psa_get_se_driver( psa_get_key_lifetime(attributes), &drv, &drv_context ) )
1031 {
1032 /* Copying to a secure element is not implemented yet. */
1033 return( PSA_ERROR_NOT_SUPPORTED );
1034 }
1035#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
1036
1037 switch( location )
1038 {
1039#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1040
1041#if (defined(PSA_CRYPTO_DRIVER_TEST) )
1042 case 0x7fffff:
1043 return( mbedtls_test_opaque_copy_key
1044 (attributes,
1045 source_key,
1046 source_key_length,
1047 target_key_buffer,
1048 target_key_buffer_size,
1049 target_key_buffer_length
1050 ));
1051#endif
1052
1053
1054#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1055 default:
1056 (void)source_key;
1057 (void)source_key_length;
1058 (void)target_key_buffer;
1059 (void)target_key_buffer_size;
1060 (void)target_key_buffer_length;
1061 status = PSA_ERROR_INVALID_ARGUMENT;
1062 }
1063 return( status );
1064
1065}
1066
1067/*
1068 * Cipher functions
1069 */
1070static inline psa_status_t psa_driver_wrapper_cipher_encrypt(
1071 const psa_key_attributes_t *attributes,
1072 const uint8_t *key_buffer,
1073 size_t key_buffer_size,
1074 psa_algorithm_t alg,
1075 const uint8_t *iv,
1076 size_t iv_length,
1077 const uint8_t *input,
1078 size_t input_length,
1079 uint8_t *output,
1080 size_t output_size,
1081 size_t *output_length )
1082{
1083 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1084 psa_key_location_t location =
1085 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
1086
1087 switch( location )
1088 {
1089 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1090 /* Key is stored in the slot in export representation, so
1091 * cycle through all known transparent accelerators */
1092#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1093#if defined(PSA_CRYPTO_DRIVER_TEST)
1094 status = mbedtls_test_transparent_cipher_encrypt( attributes,
1095 key_buffer,
1096 key_buffer_size,
1097 alg,
1098 iv,
1099 iv_length,
1100 input,
1101 input_length,
1102 output,
1103 output_size,
1104 output_length );
1105 /* Declared with fallback == true */
1106 if( status != PSA_ERROR_NOT_SUPPORTED )
1107 return( status );
1108#endif /* PSA_CRYPTO_DRIVER_TEST */
1109#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1110
1111#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1112 return( mbedtls_psa_cipher_encrypt( attributes,
1113 key_buffer,
1114 key_buffer_size,
1115 alg,
1116 iv,
1117 iv_length,
1118 input,
1119 input_length,
1120 output,
1121 output_size,
1122 output_length ) );
1123#else
1124 return( PSA_ERROR_NOT_SUPPORTED );
1125#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1126
1127 /* Add cases for opaque driver here */
1128#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1129#if defined(PSA_CRYPTO_DRIVER_TEST)
1130 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
1131 return( mbedtls_test_opaque_cipher_encrypt( attributes,
1132 key_buffer,
1133 key_buffer_size,
1134 alg,
1135 iv,
1136 iv_length,
1137 input,
1138 input_length,
1139 output,
1140 output_size,
1141 output_length ) );
1142#endif /* PSA_CRYPTO_DRIVER_TEST */
1143#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1144
1145 default:
1146 /* Key is declared with a lifetime not known to us */
1147 (void)status;
1148 (void)key_buffer;
1149 (void)key_buffer_size;
1150 (void)alg;
1151 (void)iv;
1152 (void)iv_length;
1153 (void)input;
1154 (void)input_length;
1155 (void)output;
1156 (void)output_size;
1157 (void)output_length;
1158 return( PSA_ERROR_INVALID_ARGUMENT );
1159 }
1160}
1161
1162static inline psa_status_t psa_driver_wrapper_cipher_decrypt(
1163 const psa_key_attributes_t *attributes,
1164 const uint8_t *key_buffer,
1165 size_t key_buffer_size,
1166 psa_algorithm_t alg,
1167 const uint8_t *input,
1168 size_t input_length,
1169 uint8_t *output,
1170 size_t output_size,
1171 size_t *output_length )
1172{
1173 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1174 psa_key_location_t location =
1175 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
1176
1177 switch( location )
1178 {
1179 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1180 /* Key is stored in the slot in export representation, so
1181 * cycle through all known transparent accelerators */
1182#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1183#if defined(PSA_CRYPTO_DRIVER_TEST)
1184 status = mbedtls_test_transparent_cipher_decrypt( attributes,
1185 key_buffer,
1186 key_buffer_size,
1187 alg,
1188 input,
1189 input_length,
1190 output,
1191 output_size,
1192 output_length );
1193 /* Declared with fallback == true */
1194 if( status != PSA_ERROR_NOT_SUPPORTED )
1195 return( status );
1196#endif /* PSA_CRYPTO_DRIVER_TEST */
1197#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1198
1199#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1200 return( mbedtls_psa_cipher_decrypt( attributes,
1201 key_buffer,
1202 key_buffer_size,
1203 alg,
1204 input,
1205 input_length,
1206 output,
1207 output_size,
1208 output_length ) );
1209#else
1210 return( PSA_ERROR_NOT_SUPPORTED );
1211#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1212
1213 /* Add cases for opaque driver here */
1214#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1215#if defined(PSA_CRYPTO_DRIVER_TEST)
1216 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
1217 return( mbedtls_test_opaque_cipher_decrypt( attributes,
1218 key_buffer,
1219 key_buffer_size,
1220 alg,
1221 input,
1222 input_length,
1223 output,
1224 output_size,
1225 output_length ) );
1226#endif /* PSA_CRYPTO_DRIVER_TEST */
1227#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1228
1229 default:
1230 /* Key is declared with a lifetime not known to us */
1231 (void)status;
1232 (void)key_buffer;
1233 (void)key_buffer_size;
1234 (void)alg;
1235 (void)input;
1236 (void)input_length;
1237 (void)output;
1238 (void)output_size;
1239 (void)output_length;
1240 return( PSA_ERROR_INVALID_ARGUMENT );
1241 }
1242}
1243
1244static inline psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
1245 psa_cipher_operation_t *operation,
1246 const psa_key_attributes_t *attributes,
1247 const uint8_t *key_buffer, size_t key_buffer_size,
1248 psa_algorithm_t alg )
1249{
1250 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1251 psa_key_location_t location =
1252 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
1253
1254 switch( location )
1255 {
1256 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1257 /* Key is stored in the slot in export representation, so
1258 * cycle through all known transparent accelerators */
1259#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1260#if defined(PSA_CRYPTO_DRIVER_TEST)
1261 status = mbedtls_test_transparent_cipher_encrypt_setup(
1262 &operation->ctx.transparent_test_driver_ctx,
1263 attributes,
1264 key_buffer,
1265 key_buffer_size,
1266 alg );
1267 /* Declared with fallback == true */
1268 if( status == PSA_SUCCESS )
1269 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
1270
1271 if( status != PSA_ERROR_NOT_SUPPORTED )
1272 return( status );
1273#endif /* PSA_CRYPTO_DRIVER_TEST */
1274#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1275#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1276 /* Fell through, meaning no accelerator supports this operation */
1277 status = mbedtls_psa_cipher_encrypt_setup( &operation->ctx.mbedtls_ctx,
1278 attributes,
1279 key_buffer,
1280 key_buffer_size,
1281 alg );
1282 if( status == PSA_SUCCESS )
1283 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1284
1285 if( status != PSA_ERROR_NOT_SUPPORTED )
1286 return( status );
1287#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1288 return( PSA_ERROR_NOT_SUPPORTED );
1289
1290 /* Add cases for opaque driver here */
1291#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1292#if defined(PSA_CRYPTO_DRIVER_TEST)
1293 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
1294 status = mbedtls_test_opaque_cipher_encrypt_setup(
1295 &operation->ctx.opaque_test_driver_ctx,
1296 attributes,
1297 key_buffer, key_buffer_size,
1298 alg );
1299
1300 if( status == PSA_SUCCESS )
1301 operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID;
1302
1303 return( status );
1304#endif /* PSA_CRYPTO_DRIVER_TEST */
1305#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1306 default:
1307 /* Key is declared with a lifetime not known to us */
1308 (void)status;
1309 (void)operation;
1310 (void)key_buffer;
1311 (void)key_buffer_size;
1312 (void)alg;
1313 return( PSA_ERROR_INVALID_ARGUMENT );
1314 }
1315}
1316
1317static inline psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
1318 psa_cipher_operation_t *operation,
1319 const psa_key_attributes_t *attributes,
1320 const uint8_t *key_buffer, size_t key_buffer_size,
1321 psa_algorithm_t alg )
1322{
1323 psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
1324 psa_key_location_t location =
1325 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
1326
1327 switch( location )
1328 {
1329 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1330 /* Key is stored in the slot in export representation, so
1331 * cycle through all known transparent accelerators */
1332#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1333#if defined(PSA_CRYPTO_DRIVER_TEST)
1334 status = mbedtls_test_transparent_cipher_decrypt_setup(
1335 &operation->ctx.transparent_test_driver_ctx,
1336 attributes,
1337 key_buffer,
1338 key_buffer_size,
1339 alg );
1340 /* Declared with fallback == true */
1341 if( status == PSA_SUCCESS )
1342 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
1343
1344 if( status != PSA_ERROR_NOT_SUPPORTED )
1345 return( status );
1346#endif /* PSA_CRYPTO_DRIVER_TEST */
1347#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1348#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1349 /* Fell through, meaning no accelerator supports this operation */
1350 status = mbedtls_psa_cipher_decrypt_setup( &operation->ctx.mbedtls_ctx,
1351 attributes,
1352 key_buffer,
1353 key_buffer_size,
1354 alg );
1355 if( status == PSA_SUCCESS )
1356 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1357
1358 return( status );
1359#else /* MBEDTLS_PSA_BUILTIN_CIPHER */
1360 return( PSA_ERROR_NOT_SUPPORTED );
1361#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1362
1363 /* Add cases for opaque driver here */
1364#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1365#if defined(PSA_CRYPTO_DRIVER_TEST)
1366 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
1367 status = mbedtls_test_opaque_cipher_decrypt_setup(
1368 &operation->ctx.opaque_test_driver_ctx,
1369 attributes,
1370 key_buffer, key_buffer_size,
1371 alg );
1372
1373 if( status == PSA_SUCCESS )
1374 operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID;
1375
1376 return( status );
1377#endif /* PSA_CRYPTO_DRIVER_TEST */
1378#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1379 default:
1380 /* Key is declared with a lifetime not known to us */
1381 (void)status;
1382 (void)operation;
1383 (void)key_buffer;
1384 (void)key_buffer_size;
1385 (void)alg;
1386 return( PSA_ERROR_INVALID_ARGUMENT );
1387 }
1388}
1389
1390static inline psa_status_t psa_driver_wrapper_cipher_set_iv(
1391 psa_cipher_operation_t *operation,
1392 const uint8_t *iv,
1393 size_t iv_length )
1394{
1395 switch( operation->id )
1396 {
1397#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1398 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1399 return( mbedtls_psa_cipher_set_iv( &operation->ctx.mbedtls_ctx,
1400 iv,
1401 iv_length ) );
1402#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1403
1404#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1405#if defined(PSA_CRYPTO_DRIVER_TEST)
1406 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1407 return( mbedtls_test_transparent_cipher_set_iv(
1408 &operation->ctx.transparent_test_driver_ctx,
1409 iv, iv_length ) );
1410
1411 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
1412 return( mbedtls_test_opaque_cipher_set_iv(
1413 &operation->ctx.opaque_test_driver_ctx,
1414 iv, iv_length ) );
1415#endif /* PSA_CRYPTO_DRIVER_TEST */
1416#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1417 }
1418
1419 (void)iv;
1420 (void)iv_length;
1421
1422 return( PSA_ERROR_INVALID_ARGUMENT );
1423}
1424
1425static inline psa_status_t psa_driver_wrapper_cipher_update(
1426 psa_cipher_operation_t *operation,
1427 const uint8_t *input,
1428 size_t input_length,
1429 uint8_t *output,
1430 size_t output_size,
1431 size_t *output_length )
1432{
1433 switch( operation->id )
1434 {
1435#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1436 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1437 return( mbedtls_psa_cipher_update( &operation->ctx.mbedtls_ctx,
1438 input,
1439 input_length,
1440 output,
1441 output_size,
1442 output_length ) );
1443#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1444
1445#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1446#if defined(PSA_CRYPTO_DRIVER_TEST)
1447 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1448 return( mbedtls_test_transparent_cipher_update(
1449 &operation->ctx.transparent_test_driver_ctx,
1450 input, input_length,
1451 output, output_size, output_length ) );
1452
1453 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
1454 return( mbedtls_test_opaque_cipher_update(
1455 &operation->ctx.opaque_test_driver_ctx,
1456 input, input_length,
1457 output, output_size, output_length ) );
1458#endif /* PSA_CRYPTO_DRIVER_TEST */
1459#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1460 }
1461
1462 (void)input;
1463 (void)input_length;
1464 (void)output;
1465 (void)output_size;
1466 (void)output_length;
1467
1468 return( PSA_ERROR_INVALID_ARGUMENT );
1469}
1470
1471static inline psa_status_t psa_driver_wrapper_cipher_finish(
1472 psa_cipher_operation_t *operation,
1473 uint8_t *output,
1474 size_t output_size,
1475 size_t *output_length )
1476{
1477 switch( operation->id )
1478 {
1479#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1480 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1481 return( mbedtls_psa_cipher_finish( &operation->ctx.mbedtls_ctx,
1482 output,
1483 output_size,
1484 output_length ) );
1485#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1486
1487#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1488#if defined(PSA_CRYPTO_DRIVER_TEST)
1489 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1490 return( mbedtls_test_transparent_cipher_finish(
1491 &operation->ctx.transparent_test_driver_ctx,
1492 output, output_size, output_length ) );
1493
1494 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
1495 return( mbedtls_test_opaque_cipher_finish(
1496 &operation->ctx.opaque_test_driver_ctx,
1497 output, output_size, output_length ) );
1498#endif /* PSA_CRYPTO_DRIVER_TEST */
1499#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1500 }
1501
1502 (void)output;
1503 (void)output_size;
1504 (void)output_length;
1505
1506 return( PSA_ERROR_INVALID_ARGUMENT );
1507}
1508
1509static inline psa_status_t psa_driver_wrapper_cipher_abort(
1510 psa_cipher_operation_t *operation )
1511{
1512 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1513
1514 switch( operation->id )
1515 {
1516#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1517 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1518 return( mbedtls_psa_cipher_abort( &operation->ctx.mbedtls_ctx ) );
1519#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1520
1521#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1522#if defined(PSA_CRYPTO_DRIVER_TEST)
1523 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1524 status = mbedtls_test_transparent_cipher_abort(
1525 &operation->ctx.transparent_test_driver_ctx );
1526 mbedtls_platform_zeroize(
1527 &operation->ctx.transparent_test_driver_ctx,
1528 sizeof( operation->ctx.transparent_test_driver_ctx ) );
1529 return( status );
1530
1531 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
1532 status = mbedtls_test_opaque_cipher_abort(
1533 &operation->ctx.opaque_test_driver_ctx );
1534 mbedtls_platform_zeroize(
1535 &operation->ctx.opaque_test_driver_ctx,
1536 sizeof( operation->ctx.opaque_test_driver_ctx ) );
1537 return( status );
1538#endif /* PSA_CRYPTO_DRIVER_TEST */
1539#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1540 }
1541
1542 (void)status;
1543 return( PSA_ERROR_INVALID_ARGUMENT );
1544}
1545
1546/*
1547 * Hashing functions
1548 */
1549static inline psa_status_t psa_driver_wrapper_hash_compute(
1550 psa_algorithm_t alg,
1551 const uint8_t *input,
1552 size_t input_length,
1553 uint8_t *hash,
1554 size_t hash_size,
1555 size_t *hash_length)
1556{
1557 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1558
1559 /* Try accelerators first */
1560#if defined(PSA_CRYPTO_DRIVER_TEST)
1561 status = mbedtls_test_transparent_hash_compute(
1562 alg, input, input_length, hash, hash_size, hash_length );
1563 if( status != PSA_ERROR_NOT_SUPPORTED )
1564 return( status );
1565#endif
1566
1567 /* If software fallback is compiled in, try fallback */
1568#if defined(MBEDTLS_PSA_BUILTIN_HASH)
1569 status = mbedtls_psa_hash_compute( alg, input, input_length,
1570 hash, hash_size, hash_length );
1571 if( status != PSA_ERROR_NOT_SUPPORTED )
1572 return( status );
1573#endif
1574 (void) status;
1575 (void) alg;
1576 (void) input;
1577 (void) input_length;
1578 (void) hash;
1579 (void) hash_size;
1580 (void) hash_length;
1581
1582 return( PSA_ERROR_NOT_SUPPORTED );
1583}
1584
1585static inline psa_status_t psa_driver_wrapper_hash_setup(
1586 psa_hash_operation_t *operation,
1587 psa_algorithm_t alg )
1588{
1589 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1590
1591 /* Try setup on accelerators first */
1592#if defined(PSA_CRYPTO_DRIVER_TEST)
1593 status = mbedtls_test_transparent_hash_setup(
1594 &operation->ctx.test_driver_ctx, alg );
1595 if( status == PSA_SUCCESS )
1596 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
1597
1598 if( status != PSA_ERROR_NOT_SUPPORTED )
1599 return( status );
1600#endif
1601
1602 /* If software fallback is compiled in, try fallback */
1603#if defined(MBEDTLS_PSA_BUILTIN_HASH)
1604 status = mbedtls_psa_hash_setup( &operation->ctx.mbedtls_ctx, alg );
1605 if( status == PSA_SUCCESS )
1606 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1607
1608 if( status != PSA_ERROR_NOT_SUPPORTED )
1609 return( status );
1610#endif
1611 /* Nothing left to try if we fall through here */
1612 (void) status;
1613 (void) operation;
1614 (void) alg;
1615 return( PSA_ERROR_NOT_SUPPORTED );
1616}
1617
1618static inline psa_status_t psa_driver_wrapper_hash_clone(
1619 const psa_hash_operation_t *source_operation,
1620 psa_hash_operation_t *target_operation )
1621{
1622 switch( source_operation->id )
1623 {
1624#if defined(MBEDTLS_PSA_BUILTIN_HASH)
1625 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1626 target_operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1627 return( mbedtls_psa_hash_clone( &source_operation->ctx.mbedtls_ctx,
1628 &target_operation->ctx.mbedtls_ctx ) );
1629#endif
1630#if defined(PSA_CRYPTO_DRIVER_TEST)
1631 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1632 target_operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
1633 return( mbedtls_test_transparent_hash_clone(
1634 &source_operation->ctx.test_driver_ctx,
1635 &target_operation->ctx.test_driver_ctx ) );
1636#endif
1637 default:
1638 (void) target_operation;
1639 return( PSA_ERROR_BAD_STATE );
1640 }
1641}
1642
1643static inline psa_status_t psa_driver_wrapper_hash_update(
1644 psa_hash_operation_t *operation,
1645 const uint8_t *input,
1646 size_t input_length )
1647{
1648 switch( operation->id )
1649 {
1650#if defined(MBEDTLS_PSA_BUILTIN_HASH)
1651 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1652 return( mbedtls_psa_hash_update( &operation->ctx.mbedtls_ctx,
1653 input, input_length ) );
1654#endif
1655#if defined(PSA_CRYPTO_DRIVER_TEST)
1656 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1657 return( mbedtls_test_transparent_hash_update(
1658 &operation->ctx.test_driver_ctx,
1659 input, input_length ) );
1660#endif
1661 default:
1662 (void) input;
1663 (void) input_length;
1664 return( PSA_ERROR_BAD_STATE );
1665 }
1666}
1667
1668static inline psa_status_t psa_driver_wrapper_hash_finish(
1669 psa_hash_operation_t *operation,
1670 uint8_t *hash,
1671 size_t hash_size,
1672 size_t *hash_length )
1673{
1674 switch( operation->id )
1675 {
1676#if defined(MBEDTLS_PSA_BUILTIN_HASH)
1677 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1678 return( mbedtls_psa_hash_finish( &operation->ctx.mbedtls_ctx,
1679 hash, hash_size, hash_length ) );
1680#endif
1681#if defined(PSA_CRYPTO_DRIVER_TEST)
1682 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1683 return( mbedtls_test_transparent_hash_finish(
1684 &operation->ctx.test_driver_ctx,
1685 hash, hash_size, hash_length ) );
1686#endif
1687 default:
1688 (void) hash;
1689 (void) hash_size;
1690 (void) hash_length;
1691 return( PSA_ERROR_BAD_STATE );
1692 }
1693}
1694
1695static inline psa_status_t psa_driver_wrapper_hash_abort(
1696 psa_hash_operation_t *operation )
1697{
1698 switch( operation->id )
1699 {
1700#if defined(MBEDTLS_PSA_BUILTIN_HASH)
1701 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1702 return( mbedtls_psa_hash_abort( &operation->ctx.mbedtls_ctx ) );
1703#endif
1704#if defined(PSA_CRYPTO_DRIVER_TEST)
1705 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1706 return( mbedtls_test_transparent_hash_abort(
1707 &operation->ctx.test_driver_ctx ) );
1708#endif
1709 default:
1710 return( PSA_ERROR_BAD_STATE );
1711 }
1712}
1713
1714static inline psa_status_t psa_driver_wrapper_aead_encrypt(
1715 const psa_key_attributes_t *attributes,
1716 const uint8_t *key_buffer, size_t key_buffer_size,
1717 psa_algorithm_t alg,
1718 const uint8_t *nonce, size_t nonce_length,
1719 const uint8_t *additional_data, size_t additional_data_length,
1720 const uint8_t *plaintext, size_t plaintext_length,
1721 uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length )
1722{
1723 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1724 psa_key_location_t location =
1725 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
1726
1727 switch( location )
1728 {
1729 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1730 /* Key is stored in the slot in export representation, so
1731 * cycle through all known transparent accelerators */
1732
1733#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1734#if defined(PSA_CRYPTO_DRIVER_TEST)
1735 status = mbedtls_test_transparent_aead_encrypt(
1736 attributes, key_buffer, key_buffer_size,
1737 alg,
1738 nonce, nonce_length,
1739 additional_data, additional_data_length,
1740 plaintext, plaintext_length,
1741 ciphertext, ciphertext_size, ciphertext_length );
1742 /* Declared with fallback == true */
1743 if( status != PSA_ERROR_NOT_SUPPORTED )
1744 return( status );
1745#endif /* PSA_CRYPTO_DRIVER_TEST */
1746#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1747
1748 /* Fell through, meaning no accelerator supports this operation */
1749 return( mbedtls_psa_aead_encrypt(
1750 attributes, key_buffer, key_buffer_size,
1751 alg,
1752 nonce, nonce_length,
1753 additional_data, additional_data_length,
1754 plaintext, plaintext_length,
1755 ciphertext, ciphertext_size, ciphertext_length ) );
1756
1757 /* Add cases for opaque driver here */
1758
1759 default:
1760 /* Key is declared with a lifetime not known to us */
1761 (void)status;
1762 return( PSA_ERROR_INVALID_ARGUMENT );
1763 }
1764}
1765
1766static inline psa_status_t psa_driver_wrapper_aead_decrypt(
1767 const psa_key_attributes_t *attributes,
1768 const uint8_t *key_buffer, size_t key_buffer_size,
1769 psa_algorithm_t alg,
1770 const uint8_t *nonce, size_t nonce_length,
1771 const uint8_t *additional_data, size_t additional_data_length,
1772 const uint8_t *ciphertext, size_t ciphertext_length,
1773 uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length )
1774{
1775 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1776 psa_key_location_t location =
1777 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
1778
1779 switch( location )
1780 {
1781 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1782 /* Key is stored in the slot in export representation, so
1783 * cycle through all known transparent accelerators */
1784
1785#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1786#if defined(PSA_CRYPTO_DRIVER_TEST)
1787 status = mbedtls_test_transparent_aead_decrypt(
1788 attributes, key_buffer, key_buffer_size,
1789 alg,
1790 nonce, nonce_length,
1791 additional_data, additional_data_length,
1792 ciphertext, ciphertext_length,
1793 plaintext, plaintext_size, plaintext_length );
1794 /* Declared with fallback == true */
1795 if( status != PSA_ERROR_NOT_SUPPORTED )
1796 return( status );
1797#endif /* PSA_CRYPTO_DRIVER_TEST */
1798#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1799
1800 /* Fell through, meaning no accelerator supports this operation */
1801 return( mbedtls_psa_aead_decrypt(
1802 attributes, key_buffer, key_buffer_size,
1803 alg,
1804 nonce, nonce_length,
1805 additional_data, additional_data_length,
1806 ciphertext, ciphertext_length,
1807 plaintext, plaintext_size, plaintext_length ) );
1808
1809 /* Add cases for opaque driver here */
1810
1811 default:
1812 /* Key is declared with a lifetime not known to us */
1813 (void)status;
1814 return( PSA_ERROR_INVALID_ARGUMENT );
1815 }
1816}
1817
1818static inline psa_status_t psa_driver_wrapper_aead_encrypt_setup(
1819 psa_aead_operation_t *operation,
1820 const psa_key_attributes_t *attributes,
1821 const uint8_t *key_buffer, size_t key_buffer_size,
1822 psa_algorithm_t alg )
1823{
1824 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1825 psa_key_location_t location =
1826 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
1827
1828 switch( location )
1829 {
1830 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1831 /* Key is stored in the slot in export representation, so
1832 * cycle through all known transparent accelerators */
1833
1834#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1835#if defined(PSA_CRYPTO_DRIVER_TEST)
1836 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
1837 status = mbedtls_test_transparent_aead_encrypt_setup(
1838 &operation->ctx.transparent_test_driver_ctx,
1839 attributes, key_buffer, key_buffer_size,
1840 alg );
1841
1842 /* Declared with fallback == true */
1843 if( status != PSA_ERROR_NOT_SUPPORTED )
1844 return( status );
1845#endif /* PSA_CRYPTO_DRIVER_TEST */
1846#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1847
1848 /* Fell through, meaning no accelerator supports this operation */
1849 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1850 status = mbedtls_psa_aead_encrypt_setup(
1851 &operation->ctx.mbedtls_ctx, attributes,
1852 key_buffer, key_buffer_size,
1853 alg );
1854
1855 return( status );
1856
1857 /* Add cases for opaque driver here */
1858
1859 default:
1860 /* Key is declared with a lifetime not known to us */
1861 (void)status;
1862 return( PSA_ERROR_INVALID_ARGUMENT );
1863 }
1864}
1865
1866static inline psa_status_t psa_driver_wrapper_aead_decrypt_setup(
1867 psa_aead_operation_t *operation,
1868 const psa_key_attributes_t *attributes,
1869 const uint8_t *key_buffer, size_t key_buffer_size,
1870 psa_algorithm_t alg )
1871{
1872 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1873 psa_key_location_t location =
1874 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
1875
1876 switch( location )
1877 {
1878 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1879 /* Key is stored in the slot in export representation, so
1880 * cycle through all known transparent accelerators */
1881
1882#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1883#if defined(PSA_CRYPTO_DRIVER_TEST)
1884 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
1885 status = mbedtls_test_transparent_aead_decrypt_setup(
1886 &operation->ctx.transparent_test_driver_ctx,
1887 attributes,
1888 key_buffer, key_buffer_size,
1889 alg );
1890
1891 /* Declared with fallback == true */
1892 if( status != PSA_ERROR_NOT_SUPPORTED )
1893 return( status );
1894#endif /* PSA_CRYPTO_DRIVER_TEST */
1895#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1896
1897 /* Fell through, meaning no accelerator supports this operation */
1898 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1899 status = mbedtls_psa_aead_decrypt_setup(
1900 &operation->ctx.mbedtls_ctx,
1901 attributes,
1902 key_buffer, key_buffer_size,
1903 alg );
1904
1905 return( status );
1906
1907 /* Add cases for opaque driver here */
1908
1909 default:
1910 /* Key is declared with a lifetime not known to us */
1911 (void)status;
1912 return( PSA_ERROR_INVALID_ARGUMENT );
1913 }
1914}
1915
1916static inline psa_status_t psa_driver_wrapper_aead_set_nonce(
1917 psa_aead_operation_t *operation,
1918 const uint8_t *nonce,
1919 size_t nonce_length )
1920{
1921 switch( operation->id )
1922 {
1923#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
1924 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1925 return( mbedtls_psa_aead_set_nonce( &operation->ctx.mbedtls_ctx,
1926 nonce,
1927 nonce_length ) );
1928
1929#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
1930
1931#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1932#if defined(PSA_CRYPTO_DRIVER_TEST)
1933 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1934 return( mbedtls_test_transparent_aead_set_nonce(
1935 &operation->ctx.transparent_test_driver_ctx,
1936 nonce, nonce_length ) );
1937
1938 /* Add cases for opaque driver here */
1939
1940#endif /* PSA_CRYPTO_DRIVER_TEST */
1941#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1942 }
1943
1944 (void)nonce;
1945 (void)nonce_length;
1946
1947 return( PSA_ERROR_INVALID_ARGUMENT );
1948}
1949
1950static inline psa_status_t psa_driver_wrapper_aead_set_lengths(
1951 psa_aead_operation_t *operation,
1952 size_t ad_length,
1953 size_t plaintext_length )
1954{
1955 switch( operation->id )
1956 {
1957#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
1958 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1959 return( mbedtls_psa_aead_set_lengths( &operation->ctx.mbedtls_ctx,
1960 ad_length,
1961 plaintext_length ) );
1962
1963#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
1964
1965#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1966#if defined(PSA_CRYPTO_DRIVER_TEST)
1967 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1968 return( mbedtls_test_transparent_aead_set_lengths(
1969 &operation->ctx.transparent_test_driver_ctx,
1970 ad_length, plaintext_length ) );
1971
1972 /* Add cases for opaque driver here */
1973
1974#endif /* PSA_CRYPTO_DRIVER_TEST */
1975#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1976 }
1977
1978 (void)ad_length;
1979 (void)plaintext_length;
1980
1981 return( PSA_ERROR_INVALID_ARGUMENT );
1982}
1983
1984static inline psa_status_t psa_driver_wrapper_aead_update_ad(
1985 psa_aead_operation_t *operation,
1986 const uint8_t *input,
1987 size_t input_length )
1988{
1989 switch( operation->id )
1990 {
1991#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
1992 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1993 return( mbedtls_psa_aead_update_ad( &operation->ctx.mbedtls_ctx,
1994 input,
1995 input_length ) );
1996
1997#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
1998
1999#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2000#if defined(PSA_CRYPTO_DRIVER_TEST)
2001 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2002 return( mbedtls_test_transparent_aead_update_ad(
2003 &operation->ctx.transparent_test_driver_ctx,
2004 input, input_length ) );
2005
2006 /* Add cases for opaque driver here */
2007
2008#endif /* PSA_CRYPTO_DRIVER_TEST */
2009#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2010 }
2011
2012 (void)input;
2013 (void)input_length;
2014
2015 return( PSA_ERROR_INVALID_ARGUMENT );
2016}
2017
2018static inline psa_status_t psa_driver_wrapper_aead_update(
2019 psa_aead_operation_t *operation,
2020 const uint8_t *input,
2021 size_t input_length,
2022 uint8_t *output,
2023 size_t output_size,
2024 size_t *output_length )
2025{
2026 switch( operation->id )
2027 {
2028#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
2029 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2030 return( mbedtls_psa_aead_update( &operation->ctx.mbedtls_ctx,
2031 input, input_length,
2032 output, output_size,
2033 output_length ) );
2034
2035#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
2036
2037#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2038#if defined(PSA_CRYPTO_DRIVER_TEST)
2039 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2040 return( mbedtls_test_transparent_aead_update(
2041 &operation->ctx.transparent_test_driver_ctx,
2042 input, input_length, output, output_size,
2043 output_length ) );
2044
2045 /* Add cases for opaque driver here */
2046
2047#endif /* PSA_CRYPTO_DRIVER_TEST */
2048#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2049 }
2050
2051 (void)input;
2052 (void)input_length;
2053 (void)output;
2054 (void)output_size;
2055 (void)output_length;
2056
2057 return( PSA_ERROR_INVALID_ARGUMENT );
2058}
2059
2060static inline psa_status_t psa_driver_wrapper_aead_finish(
2061 psa_aead_operation_t *operation,
2062 uint8_t *ciphertext,
2063 size_t ciphertext_size,
2064 size_t *ciphertext_length,
2065 uint8_t *tag,
2066 size_t tag_size,
2067 size_t *tag_length )
2068{
2069 switch( operation->id )
2070 {
2071#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
2072 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2073 return( mbedtls_psa_aead_finish( &operation->ctx.mbedtls_ctx,
2074 ciphertext,
2075 ciphertext_size,
2076 ciphertext_length, tag,
2077 tag_size, tag_length ) );
2078
2079#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
2080
2081#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2082#if defined(PSA_CRYPTO_DRIVER_TEST)
2083 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2084 return( mbedtls_test_transparent_aead_finish(
2085 &operation->ctx.transparent_test_driver_ctx,
2086 ciphertext, ciphertext_size,
2087 ciphertext_length, tag, tag_size, tag_length ) );
2088
2089 /* Add cases for opaque driver here */
2090
2091#endif /* PSA_CRYPTO_DRIVER_TEST */
2092#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2093 }
2094
2095 (void)ciphertext;
2096 (void)ciphertext_size;
2097 (void)ciphertext_length;
2098 (void)tag;
2099 (void)tag_size;
2100 (void)tag_length;
2101
2102 return( PSA_ERROR_INVALID_ARGUMENT );
2103}
2104
2105static inline psa_status_t psa_driver_wrapper_aead_verify(
2106 psa_aead_operation_t *operation,
2107 uint8_t *plaintext,
2108 size_t plaintext_size,
2109 size_t *plaintext_length,
2110 const uint8_t *tag,
2111 size_t tag_length )
2112{
2113 switch( operation->id )
2114 {
2115#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
2116 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2117 {
2118 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2119 uint8_t check_tag[PSA_AEAD_TAG_MAX_SIZE];
2120 size_t check_tag_length;
2121
2122 status = mbedtls_psa_aead_finish( &operation->ctx.mbedtls_ctx,
2123 plaintext,
2124 plaintext_size,
2125 plaintext_length,
2126 check_tag,
2127 sizeof( check_tag ),
2128 &check_tag_length );
2129
2130 if( status == PSA_SUCCESS )
2131 {
2132 if( tag_length != check_tag_length ||
2133 mbedtls_ct_memcmp( tag, check_tag, tag_length )
2134 != 0 )
2135 status = PSA_ERROR_INVALID_SIGNATURE;
2136 }
2137
2138 mbedtls_platform_zeroize( check_tag, sizeof( check_tag ) );
2139
2140 return( status );
2141 }
2142
2143#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
2144
2145#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2146#if defined(PSA_CRYPTO_DRIVER_TEST)
2147 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2148 return( mbedtls_test_transparent_aead_verify(
2149 &operation->ctx.transparent_test_driver_ctx,
2150 plaintext, plaintext_size,
2151 plaintext_length, tag, tag_length ) );
2152
2153 /* Add cases for opaque driver here */
2154
2155#endif /* PSA_CRYPTO_DRIVER_TEST */
2156#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2157 }
2158
2159 (void)plaintext;
2160 (void)plaintext_size;
2161 (void)plaintext_length;
2162 (void)tag;
2163 (void)tag_length;
2164
2165 return( PSA_ERROR_INVALID_ARGUMENT );
2166}
2167
2168static inline psa_status_t psa_driver_wrapper_aead_abort(
2169 psa_aead_operation_t *operation )
2170{
2171 switch( operation->id )
2172 {
2173#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
2174 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2175 return( mbedtls_psa_aead_abort( &operation->ctx.mbedtls_ctx ) );
2176
2177#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
2178
2179#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2180#if defined(PSA_CRYPTO_DRIVER_TEST)
2181 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2182 return( mbedtls_test_transparent_aead_abort(
2183 &operation->ctx.transparent_test_driver_ctx ) );
2184
2185 /* Add cases for opaque driver here */
2186
2187#endif /* PSA_CRYPTO_DRIVER_TEST */
2188#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2189 }
2190
2191 return( PSA_ERROR_INVALID_ARGUMENT );
2192}
2193
2194/*
2195 * MAC functions
2196 */
2197static inline psa_status_t psa_driver_wrapper_mac_compute(
2198 const psa_key_attributes_t *attributes,
2199 const uint8_t *key_buffer,
2200 size_t key_buffer_size,
2201 psa_algorithm_t alg,
2202 const uint8_t *input,
2203 size_t input_length,
2204 uint8_t *mac,
2205 size_t mac_size,
2206 size_t *mac_length )
2207{
2208 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2209 psa_key_location_t location =
2210 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
2211
2212 switch( location )
2213 {
2214 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2215 /* Key is stored in the slot in export representation, so
2216 * cycle through all known transparent accelerators */
2217#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2218#if defined(PSA_CRYPTO_DRIVER_TEST)
2219 status = mbedtls_test_transparent_mac_compute(
2220 attributes, key_buffer, key_buffer_size, alg,
2221 input, input_length,
2222 mac, mac_size, mac_length );
2223 /* Declared with fallback == true */
2224 if( status != PSA_ERROR_NOT_SUPPORTED )
2225 return( status );
2226#endif /* PSA_CRYPTO_DRIVER_TEST */
2227#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2228#if defined(MBEDTLS_PSA_BUILTIN_MAC)
2229 /* Fell through, meaning no accelerator supports this operation */
2230 status = mbedtls_psa_mac_compute(
2231 attributes, key_buffer, key_buffer_size, alg,
2232 input, input_length,
2233 mac, mac_size, mac_length );
2234 if( status != PSA_ERROR_NOT_SUPPORTED )
2235 return( status );
2236#endif /* MBEDTLS_PSA_BUILTIN_MAC */
2237 return( PSA_ERROR_NOT_SUPPORTED );
2238
2239 /* Add cases for opaque driver here */
2240#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2241#if defined(PSA_CRYPTO_DRIVER_TEST)
2242 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2243 status = mbedtls_test_opaque_mac_compute(
2244 attributes, key_buffer, key_buffer_size, alg,
2245 input, input_length,
2246 mac, mac_size, mac_length );
2247 return( status );
2248#endif /* PSA_CRYPTO_DRIVER_TEST */
2249#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2250 default:
2251 /* Key is declared with a lifetime not known to us */
2252 (void) key_buffer;
2253 (void) key_buffer_size;
2254 (void) alg;
2255 (void) input;
2256 (void) input_length;
2257 (void) mac;
2258 (void) mac_size;
2259 (void) mac_length;
2260 (void) status;
2261 return( PSA_ERROR_INVALID_ARGUMENT );
2262 }
2263}
2264
2265static inline psa_status_t psa_driver_wrapper_mac_sign_setup(
2266 psa_mac_operation_t *operation,
2267 const psa_key_attributes_t *attributes,
2268 const uint8_t *key_buffer,
2269 size_t key_buffer_size,
2270 psa_algorithm_t alg )
2271{
2272 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2273 psa_key_location_t location =
2274 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
2275
2276 switch( location )
2277 {
2278 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2279 /* Key is stored in the slot in export representation, so
2280 * cycle through all known transparent accelerators */
2281#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2282#if defined(PSA_CRYPTO_DRIVER_TEST)
2283 status = mbedtls_test_transparent_mac_sign_setup(
2284 &operation->ctx.transparent_test_driver_ctx,
2285 attributes,
2286 key_buffer, key_buffer_size,
2287 alg );
2288 /* Declared with fallback == true */
2289 if( status == PSA_SUCCESS )
2290 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
2291
2292 if( status != PSA_ERROR_NOT_SUPPORTED )
2293 return( status );
2294#endif /* PSA_CRYPTO_DRIVER_TEST */
2295#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2296#if defined(MBEDTLS_PSA_BUILTIN_MAC)
2297 /* Fell through, meaning no accelerator supports this operation */
2298 status = mbedtls_psa_mac_sign_setup( &operation->ctx.mbedtls_ctx,
2299 attributes,
2300 key_buffer, key_buffer_size,
2301 alg );
2302 if( status == PSA_SUCCESS )
2303 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
2304
2305 if( status != PSA_ERROR_NOT_SUPPORTED )
2306 return( status );
2307#endif /* MBEDTLS_PSA_BUILTIN_MAC */
2308 return( PSA_ERROR_NOT_SUPPORTED );
2309
2310 /* Add cases for opaque driver here */
2311#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2312#if defined(PSA_CRYPTO_DRIVER_TEST)
2313 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2314 status = mbedtls_test_opaque_mac_sign_setup(
2315 &operation->ctx.opaque_test_driver_ctx,
2316 attributes,
2317 key_buffer, key_buffer_size,
2318 alg );
2319
2320 if( status == PSA_SUCCESS )
2321 operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID;
2322
2323 return( status );
2324#endif /* PSA_CRYPTO_DRIVER_TEST */
2325#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2326 default:
2327 /* Key is declared with a lifetime not known to us */
2328 (void) status;
2329 (void) operation;
2330 (void) key_buffer;
2331 (void) key_buffer_size;
2332 (void) alg;
2333 return( PSA_ERROR_INVALID_ARGUMENT );
2334 }
2335}
2336
2337static inline psa_status_t psa_driver_wrapper_mac_verify_setup(
2338 psa_mac_operation_t *operation,
2339 const psa_key_attributes_t *attributes,
2340 const uint8_t *key_buffer,
2341 size_t key_buffer_size,
2342 psa_algorithm_t alg )
2343{
2344 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2345 psa_key_location_t location =
2346 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
2347
2348 switch( location )
2349 {
2350 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2351 /* Key is stored in the slot in export representation, so
2352 * cycle through all known transparent accelerators */
2353#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2354#if defined(PSA_CRYPTO_DRIVER_TEST)
2355 status = mbedtls_test_transparent_mac_verify_setup(
2356 &operation->ctx.transparent_test_driver_ctx,
2357 attributes,
2358 key_buffer, key_buffer_size,
2359 alg );
2360 /* Declared with fallback == true */
2361 if( status == PSA_SUCCESS )
2362 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
2363
2364 if( status != PSA_ERROR_NOT_SUPPORTED )
2365 return( status );
2366#endif /* PSA_CRYPTO_DRIVER_TEST */
2367#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2368#if defined(MBEDTLS_PSA_BUILTIN_MAC)
2369 /* Fell through, meaning no accelerator supports this operation */
2370 status = mbedtls_psa_mac_verify_setup( &operation->ctx.mbedtls_ctx,
2371 attributes,
2372 key_buffer, key_buffer_size,
2373 alg );
2374 if( status == PSA_SUCCESS )
2375 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
2376
2377 if( status != PSA_ERROR_NOT_SUPPORTED )
2378 return( status );
2379#endif /* MBEDTLS_PSA_BUILTIN_MAC */
2380 return( PSA_ERROR_NOT_SUPPORTED );
2381
2382 /* Add cases for opaque driver here */
2383#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2384#if defined(PSA_CRYPTO_DRIVER_TEST)
2385 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2386 status = mbedtls_test_opaque_mac_verify_setup(
2387 &operation->ctx.opaque_test_driver_ctx,
2388 attributes,
2389 key_buffer, key_buffer_size,
2390 alg );
2391
2392 if( status == PSA_SUCCESS )
2393 operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID;
2394
2395 return( status );
2396#endif /* PSA_CRYPTO_DRIVER_TEST */
2397#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2398 default:
2399 /* Key is declared with a lifetime not known to us */
2400 (void) status;
2401 (void) operation;
2402 (void) key_buffer;
2403 (void) key_buffer_size;
2404 (void) alg;
2405 return( PSA_ERROR_INVALID_ARGUMENT );
2406 }
2407}
2408
2409static inline psa_status_t psa_driver_wrapper_mac_update(
2410 psa_mac_operation_t *operation,
2411 const uint8_t *input,
2412 size_t input_length )
2413{
2414 switch( operation->id )
2415 {
2416#if defined(MBEDTLS_PSA_BUILTIN_MAC)
2417 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2418 return( mbedtls_psa_mac_update( &operation->ctx.mbedtls_ctx,
2419 input, input_length ) );
2420#endif /* MBEDTLS_PSA_BUILTIN_MAC */
2421
2422#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2423#if defined(PSA_CRYPTO_DRIVER_TEST)
2424 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2425 return( mbedtls_test_transparent_mac_update(
2426 &operation->ctx.transparent_test_driver_ctx,
2427 input, input_length ) );
2428
2429 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
2430 return( mbedtls_test_opaque_mac_update(
2431 &operation->ctx.opaque_test_driver_ctx,
2432 input, input_length ) );
2433#endif /* PSA_CRYPTO_DRIVER_TEST */
2434#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2435 default:
2436 (void) input;
2437 (void) input_length;
2438 return( PSA_ERROR_INVALID_ARGUMENT );
2439 }
2440}
2441
2442static inline psa_status_t psa_driver_wrapper_mac_sign_finish(
2443 psa_mac_operation_t *operation,
2444 uint8_t *mac,
2445 size_t mac_size,
2446 size_t *mac_length )
2447{
2448 switch( operation->id )
2449 {
2450#if defined(MBEDTLS_PSA_BUILTIN_MAC)
2451 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2452 return( mbedtls_psa_mac_sign_finish( &operation->ctx.mbedtls_ctx,
2453 mac, mac_size, mac_length ) );
2454#endif /* MBEDTLS_PSA_BUILTIN_MAC */
2455
2456#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2457#if defined(PSA_CRYPTO_DRIVER_TEST)
2458 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2459 return( mbedtls_test_transparent_mac_sign_finish(
2460 &operation->ctx.transparent_test_driver_ctx,
2461 mac, mac_size, mac_length ) );
2462
2463 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
2464 return( mbedtls_test_opaque_mac_sign_finish(
2465 &operation->ctx.opaque_test_driver_ctx,
2466 mac, mac_size, mac_length ) );
2467#endif /* PSA_CRYPTO_DRIVER_TEST */
2468#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2469 default:
2470 (void) mac;
2471 (void) mac_size;
2472 (void) mac_length;
2473 return( PSA_ERROR_INVALID_ARGUMENT );
2474 }
2475}
2476
2477static inline psa_status_t psa_driver_wrapper_mac_verify_finish(
2478 psa_mac_operation_t *operation,
2479 const uint8_t *mac,
2480 size_t mac_length )
2481{
2482 switch( operation->id )
2483 {
2484#if defined(MBEDTLS_PSA_BUILTIN_MAC)
2485 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2486 return( mbedtls_psa_mac_verify_finish( &operation->ctx.mbedtls_ctx,
2487 mac, mac_length ) );
2488#endif /* MBEDTLS_PSA_BUILTIN_MAC */
2489
2490#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2491#if defined(PSA_CRYPTO_DRIVER_TEST)
2492 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2493 return( mbedtls_test_transparent_mac_verify_finish(
2494 &operation->ctx.transparent_test_driver_ctx,
2495 mac, mac_length ) );
2496
2497 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
2498 return( mbedtls_test_opaque_mac_verify_finish(
2499 &operation->ctx.opaque_test_driver_ctx,
2500 mac, mac_length ) );
2501#endif /* PSA_CRYPTO_DRIVER_TEST */
2502#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2503 default:
2504 (void) mac;
2505 (void) mac_length;
2506 return( PSA_ERROR_INVALID_ARGUMENT );
2507 }
2508}
2509
2510static inline psa_status_t psa_driver_wrapper_mac_abort(
2511 psa_mac_operation_t *operation )
2512{
2513 switch( operation->id )
2514 {
2515#if defined(MBEDTLS_PSA_BUILTIN_MAC)
2516 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2517 return( mbedtls_psa_mac_abort( &operation->ctx.mbedtls_ctx ) );
2518#endif /* MBEDTLS_PSA_BUILTIN_MAC */
2519
2520#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2521#if defined(PSA_CRYPTO_DRIVER_TEST)
2522 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2523 return( mbedtls_test_transparent_mac_abort(
2524 &operation->ctx.transparent_test_driver_ctx ) );
2525 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
2526 return( mbedtls_test_opaque_mac_abort(
2527 &operation->ctx.opaque_test_driver_ctx ) );
2528#endif /* PSA_CRYPTO_DRIVER_TEST */
2529#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2530 default:
2531 return( PSA_ERROR_INVALID_ARGUMENT );
2532 }
2533}
2534
2535/*
2536 * Asymmetric cryptography
2537 */
2538static inline psa_status_t psa_driver_wrapper_asymmetric_encrypt(
2539 const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
2540 size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input,
2541 size_t input_length, const uint8_t *salt, size_t salt_length,
2542 uint8_t *output, size_t output_size, size_t *output_length )
2543{
2544 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2545 psa_key_location_t location =
2546 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
2547
2548 switch( location )
2549 {
2550 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2551 /* Key is stored in the slot in export representation, so
2552 * cycle through all known transparent accelerators */
2553#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2554#if defined(PSA_CRYPTO_DRIVER_TEST)
2555 status = mbedtls_test_transparent_asymmetric_encrypt( attributes,
2556 key_buffer, key_buffer_size, alg, input, input_length,
2557 salt, salt_length, output, output_size,
2558 output_length );
2559 /* Declared with fallback == true */
2560 if( status != PSA_ERROR_NOT_SUPPORTED )
2561 return( status );
2562#endif /* PSA_CRYPTO_DRIVER_TEST */
2563#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2564 return( mbedtls_psa_asymmetric_encrypt( attributes,
2565 key_buffer, key_buffer_size, alg, input, input_length,
2566 salt, salt_length, output, output_size, output_length )
2567 );
2568 /* Add cases for opaque driver here */
2569#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2570#if defined(PSA_CRYPTO_DRIVER_TEST)
2571 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2572 return( mbedtls_test_opaque_asymmetric_encrypt( attributes,
2573 key_buffer, key_buffer_size, alg, input, input_length,
2574 salt, salt_length, output, output_size, output_length )
2575 );
2576#endif /* PSA_CRYPTO_DRIVER_TEST */
2577#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2578
2579 default:
2580 /* Key is declared with a lifetime not known to us */
2581 (void)status;
2582 (void)key_buffer;
2583 (void)key_buffer_size;
2584 (void)alg;
2585 (void)input;
2586 (void)input_length;
2587 (void)salt;
2588 (void)salt_length;
2589 (void)output;
2590 (void)output_size;
2591 (void)output_length;
2592 return( PSA_ERROR_INVALID_ARGUMENT );
2593 }
2594}
2595
2596static inline psa_status_t psa_driver_wrapper_asymmetric_decrypt(
2597 const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
2598 size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input,
2599 size_t input_length, const uint8_t *salt, size_t salt_length,
2600 uint8_t *output, size_t output_size, size_t *output_length )
2601{
2602 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2603 psa_key_location_t location =
2604 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
2605
2606 switch( location )
2607 {
2608 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2609 /* Key is stored in the slot in export representation, so
2610 * cycle through all known transparent accelerators */
2611#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2612#if defined(PSA_CRYPTO_DRIVER_TEST)
2613 status = mbedtls_test_transparent_asymmetric_decrypt( attributes,
2614 key_buffer, key_buffer_size, alg, input, input_length,
2615 salt, salt_length, output, output_size,
2616 output_length );
2617 /* Declared with fallback == true */
2618 if( status != PSA_ERROR_NOT_SUPPORTED )
2619 return( status );
2620#endif /* PSA_CRYPTO_DRIVER_TEST */
2621#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2622 return( mbedtls_psa_asymmetric_decrypt( attributes,
2623 key_buffer, key_buffer_size, alg,input, input_length,
2624 salt, salt_length, output, output_size,
2625 output_length ) );
2626 /* Add cases for opaque driver here */
2627#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2628#if defined(PSA_CRYPTO_DRIVER_TEST)
2629 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2630 return( mbedtls_test_opaque_asymmetric_decrypt( attributes,
2631 key_buffer, key_buffer_size, alg, input, input_length,
2632 salt, salt_length, output, output_size,
2633 output_length ) );
2634#endif /* PSA_CRYPTO_DRIVER_TEST */
2635#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2636
2637 default:
2638 /* Key is declared with a lifetime not known to us */
2639 (void)status;
2640 (void)key_buffer;
2641 (void)key_buffer_size;
2642 (void)alg;
2643 (void)input;
2644 (void)input_length;
2645 (void)salt;
2646 (void)salt_length;
2647 (void)output;
2648 (void)output_size;
2649 (void)output_length;
2650 return( PSA_ERROR_INVALID_ARGUMENT );
2651 }
2652}
2653
2654static inline psa_status_t psa_driver_wrapper_key_agreement(
2655 const psa_key_attributes_t *attributes,
2656 const uint8_t *key_buffer,
2657 size_t key_buffer_size,
2658 psa_algorithm_t alg,
2659 const uint8_t *peer_key,
2660 size_t peer_key_length,
2661 uint8_t *shared_secret,
2662 size_t shared_secret_size,
2663 size_t *shared_secret_length
2664 )
2665{
2666 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2667 psa_key_location_t location =
2668 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
2669
2670 switch( location )
2671 {
2672 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2673 /* Key is stored in the slot in export representation, so
2674 * cycle through all known transparent accelerators */
2675#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2676#if defined(PSA_CRYPTO_DRIVER_TEST)
2677 status =
2678 mbedtls_test_transparent_key_agreement( attributes,
2679 key_buffer, key_buffer_size, alg, peer_key,
2680 peer_key_length, shared_secret, shared_secret_size,
2681 shared_secret_length );
2682 if( status != PSA_ERROR_NOT_SUPPORTED )
2683 return( status );
2684#endif /* PSA_CRYPTO_DRIVER_TEST */
2685#if defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED)
2686 if( PSA_KEY_TYPE_IS_ECC( psa_get_key_type(attributes) ) &&
2687 PSA_ALG_IS_ECDH(alg) &&
2688 PSA_KEY_TYPE_ECC_GET_FAMILY(psa_get_key_type(attributes)) == PSA_ECC_FAMILY_SECP_R1 &&
2689 psa_get_key_bits(attributes) == 256 )
2690 {
2691 status = p256_transparent_key_agreement( attributes,
2692 key_buffer,
2693 key_buffer_size,
2694 alg,
2695 peer_key,
2696 peer_key_length,
2697 shared_secret,
2698 shared_secret_size,
2699 shared_secret_length );
2700 if( status != PSA_ERROR_NOT_SUPPORTED)
2701 return( status );
2702 }
2703#endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */
2704#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2705
2706 /* Software Fallback */
2707 status = psa_key_agreement_raw_builtin( attributes,
2708 key_buffer,
2709 key_buffer_size,
2710 alg,
2711 peer_key,
2712 peer_key_length,
2713 shared_secret,
2714 shared_secret_size,
2715 shared_secret_length );
2716 return( status );
2717#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2718#if defined(PSA_CRYPTO_DRIVER_TEST)
2719 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2720 return( mbedtls_test_opaque_key_agreement( attributes,
2721 key_buffer, key_buffer_size, alg, peer_key,
2722 peer_key_length, shared_secret, shared_secret_size,
2723 shared_secret_length ) );
2724#endif /* PSA_CRYPTO_DRIVER_TEST */
2725#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2726
2727 default:
2728 (void) attributes;
2729 (void) key_buffer;
2730 (void) key_buffer_size;
2731 (void) peer_key;
2732 (void) peer_key_length;
2733 (void) shared_secret;
2734 (void) shared_secret_size;
2735 (void) shared_secret_length;
2736 return( PSA_ERROR_NOT_SUPPORTED );
2737
2738 }
2739}
2740
2741static inline psa_status_t psa_driver_wrapper_pake_setup(
2742 psa_pake_operation_t *operation,
2743 const psa_crypto_driver_pake_inputs_t *inputs )
2744{
2745 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2746
2747 psa_key_location_t location =
2748 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime( &inputs->attributes ) );
2749
2750 switch( location )
2751 {
2752 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2753 /* Key is stored in the slot in export representation, so
2754 * cycle through all known transparent accelerators */
2755 status = PSA_ERROR_NOT_SUPPORTED;
2756#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2757#if defined(PSA_CRYPTO_DRIVER_TEST)
2758 status = mbedtls_test_transparent_pake_setup(
2759 &operation->data.ctx.transparent_test_driver_ctx,
2760 inputs );
2761 if( status == PSA_SUCCESS )
2762 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
2763 /* Declared with fallback == true */
2764 if( status != PSA_ERROR_NOT_SUPPORTED )
2765 return( status );
2766#endif /* PSA_CRYPTO_DRIVER_TEST */
2767#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2768#if defined(MBEDTLS_PSA_BUILTIN_PAKE)
2769 status = mbedtls_psa_pake_setup( &operation->data.ctx.mbedtls_ctx,
2770 inputs );
2771 if( status == PSA_SUCCESS )
2772 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
2773#endif
2774 return status;
2775 /* Add cases for opaque driver here */
2776 default:
2777 /* Key is declared with a lifetime not known to us */
2778 (void)operation;
2779 return( PSA_ERROR_INVALID_ARGUMENT );
2780 }
2781}
2782
2783static inline psa_status_t psa_driver_wrapper_pake_output(
2784 psa_pake_operation_t *operation,
2785 psa_crypto_driver_pake_step_t step,
2786 uint8_t *output,
2787 size_t output_size,
2788 size_t *output_length )
2789{
2790 switch( operation->id )
2791 {
2792#if defined(MBEDTLS_PSA_BUILTIN_PAKE)
2793 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2794 return( mbedtls_psa_pake_output( &operation->data.ctx.mbedtls_ctx, step,
2795 output, output_size, output_length ) );
2796#endif /* MBEDTLS_PSA_BUILTIN_PAKE */
2797
2798#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2799#if defined(PSA_CRYPTO_DRIVER_TEST)
2800 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2801 return( mbedtls_test_transparent_pake_output(
2802 &operation->data.ctx.transparent_test_driver_ctx,
2803 step, output, output_size, output_length ) );
2804#endif /* PSA_CRYPTO_DRIVER_TEST */
2805#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2806 default:
2807 (void) step;
2808 (void) output;
2809 (void) output_size;
2810 (void) output_length;
2811 return( PSA_ERROR_INVALID_ARGUMENT );
2812 }
2813}
2814
2815static inline psa_status_t psa_driver_wrapper_pake_input(
2816 psa_pake_operation_t *operation,
2817 psa_crypto_driver_pake_step_t step,
2818 const uint8_t *input,
2819 size_t input_length )
2820{
2821 switch( operation->id )
2822 {
2823#if defined(MBEDTLS_PSA_BUILTIN_PAKE)
2824 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2825 return( mbedtls_psa_pake_input( &operation->data.ctx.mbedtls_ctx,
2826 step, input,
2827 input_length ) );
2828#endif /* MBEDTLS_PSA_BUILTIN_PAKE */
2829
2830#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2831#if defined(PSA_CRYPTO_DRIVER_TEST)
2832 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2833 return( mbedtls_test_transparent_pake_input(
2834 &operation->data.ctx.transparent_test_driver_ctx,
2835 step,
2836 input, input_length ) );
2837#endif /* PSA_CRYPTO_DRIVER_TEST */
2838#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2839 default:
2840 (void) step;
2841 (void) input;
2842 (void) input_length;
2843 return( PSA_ERROR_INVALID_ARGUMENT );
2844 }
2845}
2846
2847static inline psa_status_t psa_driver_wrapper_pake_get_implicit_key(
2848 psa_pake_operation_t *operation,
2849 uint8_t *output, size_t output_size,
2850 size_t *output_length )
2851{
2852 switch( operation->id )
2853 {
2854#if defined(MBEDTLS_PSA_BUILTIN_PAKE)
2855 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2856 return( mbedtls_psa_pake_get_implicit_key( &operation->data.ctx.mbedtls_ctx,
2857 output, output_size, output_length ) );
2858#endif /* MBEDTLS_PSA_BUILTIN_PAKE */
2859
2860#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2861#if defined(PSA_CRYPTO_DRIVER_TEST)
2862 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2863 return( mbedtls_test_transparent_pake_get_implicit_key(
2864 &operation->data.ctx.transparent_test_driver_ctx,
2865 output, output_size, output_length ) );
2866#endif /* PSA_CRYPTO_DRIVER_TEST */
2867#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2868 default:
2869 (void) output;
2870 (void) output_size;
2871 (void) output_length;
2872 return( PSA_ERROR_INVALID_ARGUMENT );
2873 }
2874}
2875
2876static inline psa_status_t psa_driver_wrapper_pake_abort(
2877 psa_pake_operation_t * operation )
2878{
2879 switch( operation->id )
2880 {
2881#if defined(MBEDTLS_PSA_BUILTIN_PAKE)
2882 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2883 return( mbedtls_psa_pake_abort( &operation->data.ctx.mbedtls_ctx ) );
2884#endif /* MBEDTLS_PSA_BUILTIN_PAKE */
2885
2886#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2887#if defined(PSA_CRYPTO_DRIVER_TEST)
2888 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2889 return( mbedtls_test_transparent_pake_abort(
2890 &operation->data.ctx.transparent_test_driver_ctx ) );
2891#endif /* PSA_CRYPTO_DRIVER_TEST */
2892#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2893 default:
2894 return( PSA_ERROR_INVALID_ARGUMENT );
2895 }
2896}
2897
2898#endif /* MBEDTLS_PSA_CRYPTO_C */