1 /*
2 * Functions to delegate cryptographic operations to an available
3 * and appropriate accelerator.
4 * Warning: This file is now auto-generated.
5 */
6 /* Copyright The Mbed TLS Contributors
7 * SPDX-License-Identifier: Apache-2.0
8 *
9 * Licensed under the Apache License, Version 2.0 (the "License"); you may
10 * not use this file except in compliance with the License.
11 * You may obtain a copy of the License at
12 *
13 * http://www.apache.org/licenses/LICENSE-2.0
14 *
15 * Unless required by applicable law or agreed to in writing, software
16 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
17 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18 * See the License for the specific language governing permissions and
19 * limitations under the License.
20 */
21
22
23 /* BEGIN-common headers */
24 #include "common.h"
25 #include "psa_crypto_aead.h"
26 #include "psa_crypto_cipher.h"
27 #include "psa_crypto_core.h"
28 #include "psa_crypto_driver_wrappers.h"
29 #include "psa_crypto_hash.h"
30 #include "psa_crypto_mac.h"
31 #include "psa_crypto_rsa.h"
32
33 #include "mbedtls/platform.h"
34 /* END-common headers */
35
36 #if defined(MBEDTLS_PSA_CRYPTO_C)
37
38 /* BEGIN-driver headers */
39 #if defined(MBEDTLS_PSA_CRYPTO_DRIVERS)
40 /* Headers for mbedtls_test opaque driver */
41 #if defined(PSA_CRYPTO_DRIVER_TEST)
42 #include "test/drivers/test_driver.h"
43
44 #endif
45 /* Headers for mbedtls_test transparent driver */
46 #if defined(PSA_CRYPTO_DRIVER_TEST)
47 #include "test/drivers/test_driver.h"
48
49 #endif
50
51 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
52 #ifndef PSA_CRYPTO_DRIVER_PRESENT
53 #define PSA_CRYPTO_DRIVER_PRESENT
54 #endif
55 #ifndef PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT
56 #define PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT
57 #endif
58 #include "cc3xx.h"
59 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
60
61 /* Include TF-M builtin key driver */
62 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
63 #ifndef PSA_CRYPTO_DRIVER_PRESENT
64 #define PSA_CRYPTO_DRIVER_PRESENT
65 #endif
66 #ifndef PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT
67 #define PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT
68 #endif
69 #include "tfm_crypto_defs.h"
70 #include "tfm_builtin_key_loader.h"
71 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
72
73 #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS */
74 /* END-driver headers */
75
76 /* Auto-generated values depending on which drivers are registered.
77 * ID 0 is reserved for unallocated operations.
78 * ID 1 is reserved for the Mbed TLS software driver. */
79 /* BEGIN-driver id definition */
80 #define PSA_CRYPTO_MBED_TLS_DRIVER_ID (1)
81 #define MBEDTLS_TEST_OPAQUE_DRIVER_ID (2)
82 #define MBEDTLS_TEST_TRANSPARENT_DRIVER_ID (3)
83 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
84 #define PSA_CRYPTO_CC3XX_DRIVER_ID (4)
85 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
86 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
87 #define PSA_CRYPTO_TFM_BUILTIN_KEY_LOADER_DRIVER_ID (5)
88 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
89
90 /* END-driver id */
91
92 /* BEGIN-Common Macro definitions */
93
94 /* END-Common Macro definitions */
95
96 /* Support the 'old' SE interface when asked to */
97 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
98 /* PSA_CRYPTO_DRIVER_PRESENT is defined when either a new-style or old-style
99 * SE driver is present, to avoid unused argument errors at compile time. */
100 #ifndef PSA_CRYPTO_DRIVER_PRESENT
101 #define PSA_CRYPTO_DRIVER_PRESENT
102 #endif
103 #include "psa_crypto_se.h"
104 #endif
105
psa_driver_wrapper_init(void)106 psa_status_t psa_driver_wrapper_init( void )
107 {
108 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
109
110 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
111 status = cc3xx_init();
112 if (status != PSA_SUCCESS)
113 return ( status );
114 #endif
115
116 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
117 status = psa_init_all_se_drivers( );
118 if( status != PSA_SUCCESS )
119 return( status );
120 #endif
121
122 #if defined(PSA_CRYPTO_DRIVER_TEST)
123 status = mbedtls_test_transparent_init( );
124 if( status != PSA_SUCCESS )
125 return( status );
126
127 status = mbedtls_test_opaque_init( );
128 if( status != PSA_SUCCESS )
129 return( status );
130 #endif
131
132 (void) status;
133 return( PSA_SUCCESS );
134 }
135
psa_driver_wrapper_free(void)136 void psa_driver_wrapper_free( void )
137 {
138 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
139 (void)cc3xx_free();
140 #endif
141
142 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
143 /* Unregister all secure element drivers, so that we restart from
144 * a pristine state. */
145 psa_unregister_all_se_drivers( );
146 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
147
148 #if defined(PSA_CRYPTO_DRIVER_TEST)
149 mbedtls_test_transparent_free( );
150 mbedtls_test_opaque_free( );
151 #endif
152 }
153
154 /* Start delegation functions */
psa_driver_wrapper_sign_message(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * input,size_t input_length,uint8_t * signature,size_t signature_size,size_t * signature_length)155 psa_status_t psa_driver_wrapper_sign_message(
156 const psa_key_attributes_t *attributes,
157 const uint8_t *key_buffer,
158 size_t key_buffer_size,
159 psa_algorithm_t alg,
160 const uint8_t *input,
161 size_t input_length,
162 uint8_t *signature,
163 size_t signature_size,
164 size_t *signature_length )
165 {
166 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
167 psa_key_location_t location =
168 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
169
170 switch( location )
171 {
172 case PSA_KEY_LOCATION_LOCAL_STORAGE:
173 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
174 case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
175 #endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
176 /* Key is stored in the slot in export representation, so
177 * cycle through all known transparent accelerators */
178 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
179 #if defined(PSA_CRYPTO_DRIVER_TEST)
180 status = mbedtls_test_transparent_signature_sign_message(
181 attributes,
182 key_buffer,
183 key_buffer_size,
184 alg,
185 input,
186 input_length,
187 signature,
188 signature_size,
189 signature_length );
190 /* Declared with fallback == true */
191 if( status != PSA_ERROR_NOT_SUPPORTED )
192 return( status );
193 #endif /* PSA_CRYPTO_DRIVER_TEST */
194 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
195 status = cc3xx_sign_message(
196 attributes,
197 key_buffer,
198 key_buffer_size,
199 alg,
200 input,
201 input_length,
202 signature,
203 signature_size,
204 signature_length );
205 return( status );
206 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
207 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
208 #if !defined(PSA_CRYPTO_DRIVER_CC3XX)
209 /* Fell through, meaning no accelerator supports this operation */
210 return( psa_sign_message_builtin( attributes,
211 key_buffer,
212 key_buffer_size,
213 alg,
214 input,
215 input_length,
216 signature,
217 signature_size,
218 signature_length ) );
219 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
220 /* Add cases for opaque driver here */
221 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
222 #if defined(PSA_CRYPTO_DRIVER_TEST)
223 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
224 status = mbedtls_test_opaque_signature_sign_message(
225 attributes,
226 key_buffer,
227 key_buffer_size,
228 alg,
229 input,
230 input_length,
231 signature,
232 signature_size,
233 signature_length );
234 if( status != PSA_ERROR_NOT_SUPPORTED )
235 return( status );
236 break;
237 #endif /* PSA_CRYPTO_DRIVER_TEST */
238 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
239 default:
240 /* Key is declared with a lifetime not known to us */
241 (void)status;
242 return( PSA_ERROR_INVALID_ARGUMENT );
243 }
244
245 return status;
246 }
247
psa_driver_wrapper_verify_message(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * input,size_t input_length,const uint8_t * signature,size_t signature_length)248 psa_status_t psa_driver_wrapper_verify_message(
249 const psa_key_attributes_t *attributes,
250 const uint8_t *key_buffer,
251 size_t key_buffer_size,
252 psa_algorithm_t alg,
253 const uint8_t *input,
254 size_t input_length,
255 const uint8_t *signature,
256 size_t signature_length )
257 {
258 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
259 psa_key_location_t location =
260 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
261
262 switch( location )
263 {
264 case PSA_KEY_LOCATION_LOCAL_STORAGE:
265 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
266 case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
267 #endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
268 /* Key is stored in the slot in export representation, so
269 * cycle through all known transparent accelerators */
270 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
271 #if defined(PSA_CRYPTO_DRIVER_TEST)
272 status = mbedtls_test_transparent_signature_verify_message(
273 attributes,
274 key_buffer,
275 key_buffer_size,
276 alg,
277 input,
278 input_length,
279 signature,
280 signature_length );
281 /* Declared with fallback == true */
282 if( status != PSA_ERROR_NOT_SUPPORTED )
283 return( status );
284 #endif /* PSA_CRYPTO_DRIVER_TEST */
285 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
286 status = cc3xx_verify_message(
287 attributes,
288 key_buffer,
289 key_buffer_size,
290 alg,
291 input,
292 input_length,
293 signature,
294 signature_length );
295 return( status );
296 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
297 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
298 #if !defined(PSA_CRYPTO_DRIVER_CC3XX)
299 /* Fell through, meaning no accelerator supports this operation */
300 return( psa_verify_message_builtin( attributes,
301 key_buffer,
302 key_buffer_size,
303 alg,
304 input,
305 input_length,
306 signature,
307 signature_length ) );
308 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
309 /* Add cases for opaque driver here */
310 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
311 #if defined(PSA_CRYPTO_DRIVER_TEST)
312 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
313 return( mbedtls_test_opaque_signature_verify_message(
314 attributes,
315 key_buffer,
316 key_buffer_size,
317 alg,
318 input,
319 input_length,
320 signature,
321 signature_length ) );
322 if( status != PSA_ERROR_NOT_SUPPORTED )
323 return( status );
324 break;
325 #endif /* PSA_CRYPTO_DRIVER_TEST */
326 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
327 default:
328 /* Key is declared with a lifetime not known to us */
329 (void)status;
330 return( PSA_ERROR_INVALID_ARGUMENT );
331 }
332 return status;
333 }
334
psa_driver_wrapper_sign_hash(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * hash,size_t hash_length,uint8_t * signature,size_t signature_size,size_t * signature_length)335 psa_status_t psa_driver_wrapper_sign_hash(
336 const psa_key_attributes_t *attributes,
337 const uint8_t *key_buffer, size_t key_buffer_size,
338 psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
339 uint8_t *signature, size_t signature_size, size_t *signature_length )
340 {
341 /* Try dynamically-registered SE interface first */
342 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
343 const psa_drv_se_t *drv;
344 psa_drv_se_context_t *drv_context;
345
346 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
347 {
348 if( drv->asymmetric == NULL ||
349 drv->asymmetric->p_sign == NULL )
350 {
351 /* Key is defined in SE, but we have no way to exercise it */
352 return( PSA_ERROR_NOT_SUPPORTED );
353 }
354 return( drv->asymmetric->p_sign(
355 drv_context, *( (psa_key_slot_number_t *)key_buffer ),
356 alg, hash, hash_length,
357 signature, signature_size, signature_length ) );
358 }
359 #endif /* PSA_CRYPTO_SE_C */
360
361 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
362 psa_key_location_t location =
363 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
364
365 switch( location )
366 {
367 case PSA_KEY_LOCATION_LOCAL_STORAGE:
368 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
369 case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
370 #endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
371 /* Key is stored in the slot in export representation, so
372 * cycle through all known transparent accelerators */
373 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
374 #if defined(PSA_CRYPTO_DRIVER_TEST)
375 status = mbedtls_test_transparent_signature_sign_hash( attributes,
376 key_buffer,
377 key_buffer_size,
378 alg,
379 hash,
380 hash_length,
381 signature,
382 signature_size,
383 signature_length );
384 /* Declared with fallback == true */
385 if( status != PSA_ERROR_NOT_SUPPORTED )
386 return( status );
387 #endif /* PSA_CRYPTO_DRIVER_TEST */
388 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
389 status = cc3xx_sign_hash( attributes,
390 key_buffer,
391 key_buffer_size,
392 alg,
393 hash,
394 hash_length,
395 signature,
396 signature_size,
397 signature_length );
398 return( status );
399 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
400 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
401 #if !defined(PSA_CRYPTO_DRIVER_CC3XX)
402 /* Fell through, meaning no accelerator supports this operation */
403 return( psa_sign_hash_builtin( attributes,
404 key_buffer,
405 key_buffer_size,
406 alg,
407 hash,
408 hash_length,
409 signature,
410 signature_size,
411 signature_length ) );
412 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
413 /* Add cases for opaque driver here */
414 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
415 #if defined(PSA_CRYPTO_DRIVER_TEST)
416 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
417 return( mbedtls_test_opaque_signature_sign_hash( attributes,
418 key_buffer,
419 key_buffer_size,
420 alg,
421 hash,
422 hash_length,
423 signature,
424 signature_size,
425 signature_length ) );
426 #endif /* PSA_CRYPTO_DRIVER_TEST */
427 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
428 default:
429 /* Key is declared with a lifetime not known to us */
430 (void)status;
431 return( PSA_ERROR_INVALID_ARGUMENT );
432 }
433 }
434
psa_driver_wrapper_verify_hash(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * hash,size_t hash_length,const uint8_t * signature,size_t signature_length)435 psa_status_t psa_driver_wrapper_verify_hash(
436 const psa_key_attributes_t *attributes,
437 const uint8_t *key_buffer, size_t key_buffer_size,
438 psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
439 const uint8_t *signature, size_t signature_length )
440 {
441 /* Try dynamically-registered SE interface first */
442 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
443 const psa_drv_se_t *drv;
444 psa_drv_se_context_t *drv_context;
445
446 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
447 {
448 if( drv->asymmetric == NULL ||
449 drv->asymmetric->p_verify == NULL )
450 {
451 /* Key is defined in SE, but we have no way to exercise it */
452 return( PSA_ERROR_NOT_SUPPORTED );
453 }
454 return( drv->asymmetric->p_verify(
455 drv_context, *( (psa_key_slot_number_t *)key_buffer ),
456 alg, hash, hash_length,
457 signature, signature_length ) );
458 }
459 #endif /* PSA_CRYPTO_SE_C */
460
461 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
462 psa_key_location_t location =
463 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
464
465 switch( location )
466 {
467 case PSA_KEY_LOCATION_LOCAL_STORAGE:
468 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
469 case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
470 #endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
471 /* Key is stored in the slot in export representation, so
472 * cycle through all known transparent accelerators */
473 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
474 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
475 status = cc3xx_verify_hash( attributes,
476 key_buffer,
477 key_buffer_size,
478 alg,
479 hash,
480 hash_length,
481 signature,
482 signature_length );
483 return( status );
484 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
485 #if defined(PSA_CRYPTO_DRIVER_TEST)
486 status = mbedtls_test_transparent_signature_verify_hash(
487 attributes,
488 key_buffer,
489 key_buffer_size,
490 alg,
491 hash,
492 hash_length,
493 signature,
494 signature_length );
495 /* Declared with fallback == true */
496 if( status != PSA_ERROR_NOT_SUPPORTED )
497 return( status );
498 #endif /* PSA_CRYPTO_DRIVER_TEST */
499 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
500 #if !defined(PSA_CRYPTO_DRIVER_CC3XX)
501 return( psa_verify_hash_builtin( attributes,
502 key_buffer,
503 key_buffer_size,
504 alg,
505 hash,
506 hash_length,
507 signature,
508 signature_length ) );
509 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
510 /* Add cases for opaque driver here */
511 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
512 #if defined(PSA_CRYPTO_DRIVER_TEST)
513 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
514 return( mbedtls_test_opaque_signature_verify_hash( attributes,
515 key_buffer,
516 key_buffer_size,
517 alg,
518 hash,
519 hash_length,
520 signature,
521 signature_length ) );
522 #endif /* PSA_CRYPTO_DRIVER_TEST */
523 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
524 default:
525 /* Key is declared with a lifetime not known to us */
526 (void)status;
527 return( PSA_ERROR_INVALID_ARGUMENT );
528 }
529 }
530
531 /** Calculate the key buffer size required to store the key material of a key
532 * associated with an opaque driver from input key data.
533 *
534 * \param[in] attributes The key attributes
535 * \param[in] data The input key data.
536 * \param[in] data_length The input data length.
537 * \param[out] key_buffer_size Minimum buffer size to contain the key material.
538 *
539 * \retval #PSA_SUCCESS
540 * \retval #PSA_ERROR_INVALID_ARGUMENT
541 * \retval #PSA_ERROR_NOT_SUPPORTED
542 */
psa_driver_wrapper_get_key_buffer_size_from_key_data(const psa_key_attributes_t * attributes,const uint8_t * data,size_t data_length,size_t * key_buffer_size)543 psa_status_t psa_driver_wrapper_get_key_buffer_size_from_key_data(
544 const psa_key_attributes_t *attributes,
545 const uint8_t *data,
546 size_t data_length,
547 size_t *key_buffer_size )
548 {
549 psa_key_location_t location =
550 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
551 psa_key_type_t key_type = attributes->core.type;
552
553 *key_buffer_size = 0;
554 switch( location )
555 {
556 #if defined(PSA_CRYPTO_DRIVER_TEST)
557 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
558 *key_buffer_size = mbedtls_test_opaque_size_function( key_type,
559 PSA_BYTES_TO_BITS( data_length ) );
560 return( ( *key_buffer_size != 0 ) ?
561 PSA_SUCCESS : PSA_ERROR_NOT_SUPPORTED );
562 #endif /* PSA_CRYPTO_DRIVER_TEST */
563
564 default:
565 (void)key_type;
566 (void)data;
567 (void)data_length;
568 return( PSA_ERROR_INVALID_ARGUMENT );
569 }
570 }
571
572 /** Get the key buffer size required to store the key material of a key
573 * associated with an opaque driver.
574 *
575 * \param[in] attributes The key attributes.
576 * \param[out] key_buffer_size Minimum buffer size to contain the key material
577 *
578 * \retval #PSA_SUCCESS
579 * The minimum size for a buffer to contain the key material has been
580 * returned successfully.
581 * \retval #PSA_ERROR_NOT_SUPPORTED
582 * The type and/or the size in bits of the key or the combination of
583 * the two is not supported.
584 * \retval #PSA_ERROR_INVALID_ARGUMENT
585 * The key is declared with a lifetime not known to us.
586 */
psa_driver_wrapper_get_key_buffer_size(const psa_key_attributes_t * attributes,size_t * key_buffer_size)587 psa_status_t psa_driver_wrapper_get_key_buffer_size(
588 const psa_key_attributes_t *attributes,
589 size_t *key_buffer_size )
590 {
591 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
592 psa_key_type_t key_type = attributes->core.type;
593 size_t key_bits = attributes->core.bits;
594
595 *key_buffer_size = 0;
596 switch( location )
597 {
598 #if defined(PSA_CRYPTO_DRIVER_TEST)
599 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
600 #if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
601 /* Emulate property 'builtin_key_size' */
602 if( psa_key_id_is_builtin(
603 MBEDTLS_SVC_KEY_ID_GET_KEY_ID(
604 psa_get_key_id( attributes ) ) ) )
605 {
606 *key_buffer_size = sizeof( psa_drv_slot_number_t );
607 return( PSA_SUCCESS );
608 }
609 #endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
610 *key_buffer_size = mbedtls_test_opaque_size_function( key_type,
611 key_bits );
612 return( ( *key_buffer_size != 0 ) ?
613 PSA_SUCCESS : PSA_ERROR_NOT_SUPPORTED );
614 #endif /* PSA_CRYPTO_DRIVER_TEST */
615 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
616 case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
617 return tfm_builtin_key_loader_get_key_buffer_size(psa_get_key_id(attributes),
618 key_buffer_size);
619 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
620 default:
621 (void)key_type;
622 (void)key_bits;
623 return( PSA_ERROR_INVALID_ARGUMENT );
624 }
625 }
626
psa_driver_wrapper_generate_key(const psa_key_attributes_t * attributes,uint8_t * key_buffer,size_t key_buffer_size,size_t * key_buffer_length)627 psa_status_t psa_driver_wrapper_generate_key(
628 const psa_key_attributes_t *attributes,
629 uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
630 {
631 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
632 psa_key_location_t location =
633 PSA_KEY_LIFETIME_GET_LOCATION(attributes->core.lifetime);
634
635 /* Try dynamically-registered SE interface first */
636 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
637 const psa_drv_se_t *drv;
638 psa_drv_se_context_t *drv_context;
639
640 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
641 {
642 size_t pubkey_length = 0; /* We don't support this feature yet */
643 if( drv->key_management == NULL ||
644 drv->key_management->p_generate == NULL )
645 {
646 /* Key is defined as being in SE, but we have no way to generate it */
647 return( PSA_ERROR_NOT_SUPPORTED );
648 }
649 return( drv->key_management->p_generate(
650 drv_context,
651 *( (psa_key_slot_number_t *)key_buffer ),
652 attributes, NULL, 0, &pubkey_length ) );
653 }
654 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
655
656 switch( location )
657 {
658 case PSA_KEY_LOCATION_LOCAL_STORAGE:
659 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
660 case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
661 #endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
662 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
663 /* Transparent drivers are limited to generating asymmetric keys */
664 if( PSA_KEY_TYPE_IS_ASYMMETRIC( attributes->core.type ) )
665 {
666 /* Cycle through all known transparent accelerators */
667 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
668 status = cc3xx_generate_key(
669 attributes, key_buffer, key_buffer_size,
670 key_buffer_length );
671 break;
672 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
673 #if defined(PSA_CRYPTO_DRIVER_TEST)
674 status = mbedtls_test_transparent_generate_key(
675 attributes, key_buffer, key_buffer_size,
676 key_buffer_length );
677 /* Declared with fallback == true */
678 if( status != PSA_ERROR_NOT_SUPPORTED )
679 break;
680 #endif /* PSA_CRYPTO_DRIVER_TEST */
681 }
682 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
683
684 /* Software fallback */
685 status = psa_generate_key_internal(
686 attributes, key_buffer, key_buffer_size, key_buffer_length );
687 break;
688
689 /* Add cases for opaque driver here */
690 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
691 #if defined(PSA_CRYPTO_DRIVER_TEST)
692 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
693 status = mbedtls_test_opaque_generate_key(
694 attributes, key_buffer, key_buffer_size, key_buffer_length );
695 break;
696 #endif /* PSA_CRYPTO_DRIVER_TEST */
697 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
698
699 default:
700 /* Key is declared with a lifetime not known to us */
701 status = PSA_ERROR_INVALID_ARGUMENT;
702 break;
703 }
704
705 return( status );
706 }
707
psa_driver_wrapper_import_key(const psa_key_attributes_t * attributes,const uint8_t * data,size_t data_length,uint8_t * key_buffer,size_t key_buffer_size,size_t * key_buffer_length,size_t * bits)708 psa_status_t psa_driver_wrapper_import_key(
709 const psa_key_attributes_t *attributes,
710 const uint8_t *data,
711 size_t data_length,
712 uint8_t *key_buffer,
713 size_t key_buffer_size,
714 size_t *key_buffer_length,
715 size_t *bits )
716 {
717
718 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
719 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
720 psa_get_key_lifetime( attributes ) );
721
722 /* Try dynamically-registered SE interface first */
723 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
724 const psa_drv_se_t *drv;
725 psa_drv_se_context_t *drv_context;
726
727 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
728 {
729 if( drv->key_management == NULL ||
730 drv->key_management->p_import == NULL )
731 return( PSA_ERROR_NOT_SUPPORTED );
732
733 /* The driver should set the number of key bits, however in
734 * case it doesn't, we initialize bits to an invalid value. */
735 *bits = PSA_MAX_KEY_BITS + 1;
736 status = drv->key_management->p_import(
737 drv_context,
738 *( (psa_key_slot_number_t *)key_buffer ),
739 attributes, data, data_length, bits );
740
741 if( status != PSA_SUCCESS )
742 return( status );
743
744 if( (*bits) > PSA_MAX_KEY_BITS )
745 return( PSA_ERROR_NOT_SUPPORTED );
746
747 return( PSA_SUCCESS );
748 }
749 #endif /* PSA_CRYPTO_SE_C */
750
751 switch( location )
752 {
753 case PSA_KEY_LOCATION_LOCAL_STORAGE:
754 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
755 case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
756 #endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
757 /* Key is stored in the slot in export representation, so
758 * cycle through all known transparent accelerators */
759 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
760
761 #if (defined(PSA_CRYPTO_DRIVER_TEST) )
762 status = mbedtls_test_transparent_import_key
763 (attributes,
764 data,
765 data_length,
766 key_buffer,
767 key_buffer_size,
768 key_buffer_length,
769 bits
770 );
771
772 if( status != PSA_ERROR_NOT_SUPPORTED )
773 return( status );
774 #endif
775
776
777 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
778
779 /* Fell through, meaning no accelerator supports this operation */
780 return( psa_import_key_into_slot( attributes,
781 data, data_length,
782 key_buffer, key_buffer_size,
783 key_buffer_length, bits ) );
784 /* Add cases for opaque driver here */
785 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
786
787 #if (defined(PSA_CRYPTO_DRIVER_TEST) )
788 case 0x7fffff:
789 return( mbedtls_test_opaque_import_key
790 (attributes,
791 data,
792 data_length,
793 key_buffer,
794 key_buffer_size,
795 key_buffer_length,
796 bits
797 ));
798 #endif
799
800
801 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
802 default:
803 (void)status;
804 return( PSA_ERROR_INVALID_ARGUMENT );
805 }
806
807 }
808
psa_driver_wrapper_export_key(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,uint8_t * data,size_t data_size,size_t * data_length)809 psa_status_t psa_driver_wrapper_export_key(
810 const psa_key_attributes_t *attributes,
811 const uint8_t *key_buffer, size_t key_buffer_size,
812 uint8_t *data, size_t data_size, size_t *data_length )
813
814 {
815
816 psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
817 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
818 psa_get_key_lifetime( attributes ) );
819
820 /* Try dynamically-registered SE interface first */
821 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
822 const psa_drv_se_t *drv;
823 psa_drv_se_context_t *drv_context;
824
825 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
826 {
827 if( ( drv->key_management == NULL ) ||
828 ( drv->key_management->p_export == NULL ) )
829 {
830 return( PSA_ERROR_NOT_SUPPORTED );
831 }
832
833 return( drv->key_management->p_export(
834 drv_context,
835 *( (psa_key_slot_number_t *)key_buffer ),
836 data, data_size, data_length ) );
837 }
838 #endif /* PSA_CRYPTO_SE_C */
839
840 switch( location )
841 {
842 case PSA_KEY_LOCATION_LOCAL_STORAGE:
843 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
844 case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
845 #endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
846 return( psa_export_key_internal( attributes,
847 key_buffer,
848 key_buffer_size,
849 data,
850 data_size,
851 data_length ) );
852
853 /* Add cases for opaque driver here */
854 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
855
856 #if (defined(PSA_CRYPTO_DRIVER_TEST) )
857 case 0x7fffff:
858 return( mbedtls_test_opaque_export_key
859 (attributes,
860 key_buffer,
861 key_buffer_size,
862 data,
863 data_size,
864 data_length
865 ));
866 #endif
867
868
869 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
870 default:
871 /* Key is declared with a lifetime not known to us */
872 return( status );
873 }
874
875 }
876
psa_driver_wrapper_export_public_key(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,uint8_t * data,size_t data_size,size_t * data_length)877 psa_status_t psa_driver_wrapper_export_public_key(
878 const psa_key_attributes_t *attributes,
879 const uint8_t *key_buffer, size_t key_buffer_size,
880 uint8_t *data, size_t data_size, size_t *data_length )
881
882 {
883
884 psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
885 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
886 psa_get_key_lifetime( attributes ) );
887
888 /* Try dynamically-registered SE interface first */
889 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
890 const psa_drv_se_t *drv;
891 psa_drv_se_context_t *drv_context;
892
893 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
894 {
895 if( ( drv->key_management == NULL ) ||
896 ( drv->key_management->p_export_public == NULL ) )
897 {
898 return( PSA_ERROR_NOT_SUPPORTED );
899 }
900
901 return( drv->key_management->p_export_public(
902 drv_context,
903 *( (psa_key_slot_number_t *)key_buffer ),
904 data, data_size, data_length ) );
905 }
906 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
907
908 switch( location )
909 {
910 case PSA_KEY_LOCATION_LOCAL_STORAGE:
911 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
912 case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
913 #endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
914 /* Key is stored in the slot in export representation, so
915 * cycle through all known transparent accelerators */
916 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
917
918 #if (defined(PSA_CRYPTO_DRIVER_TEST) )
919 status = mbedtls_test_transparent_export_public_key
920 (attributes,
921 key_buffer,
922 key_buffer_size,
923 data,
924 data_size,
925 data_length
926 );
927
928 if( status != PSA_ERROR_NOT_SUPPORTED )
929 return( status );
930 #endif
931 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
932 status = cc3xx_export_public_key(
933 attributes,
934 key_buffer,
935 key_buffer_size,
936 data,
937 data_size,
938 data_length );
939 return( status );
940 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
941
942 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
943 #if !defined(PSA_CRYPTO_DRIVER_CC3XX)
944 /* Fell through, meaning no accelerator supports this operation */
945 return( psa_export_public_key_internal( attributes,
946 key_buffer,
947 key_buffer_size,
948 data,
949 data_size,
950 data_length ) );
951 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
952 /* Add cases for opaque driver here */
953 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
954
955 #if (defined(PSA_CRYPTO_DRIVER_TEST) )
956 case 0x7fffff:
957 return( mbedtls_test_opaque_export_public_key
958 (attributes,
959 key_buffer,
960 key_buffer_size,
961 data,
962 data_size,
963 data_length
964 ));
965 #endif
966
967
968 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
969 default:
970 /* Key is declared with a lifetime not known to us */
971 return( status );
972 }
973
974 }
975
psa_driver_wrapper_get_builtin_key(psa_drv_slot_number_t slot_number,psa_key_attributes_t * attributes,uint8_t * key_buffer,size_t key_buffer_size,size_t * key_buffer_length)976 psa_status_t psa_driver_wrapper_get_builtin_key(
977 psa_drv_slot_number_t slot_number,
978 psa_key_attributes_t *attributes,
979 uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
980 {
981
982 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
983 switch( location )
984 {
985 #if defined(PSA_CRYPTO_DRIVER_TEST)
986
987 #if (defined(PSA_CRYPTO_DRIVER_TEST) )
988 case 0x7fffff:
989 return( mbedtls_test_opaque_get_builtin_key
990 (slot_number,
991 attributes,
992 key_buffer,
993 key_buffer_size,
994 key_buffer_length
995 ));
996 #endif
997
998
999 #endif /* PSA_CRYPTO_DRIVER_TEST */
1000 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
1001 case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
1002 return( tfm_builtin_key_loader_get_key_buffer(
1003 slot_number,
1004 attributes,
1005 key_buffer, key_buffer_size, key_buffer_length ) );
1006 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
1007 default:
1008 (void) slot_number;
1009 (void) key_buffer;
1010 (void) key_buffer_size;
1011 (void) key_buffer_length;
1012 return( PSA_ERROR_DOES_NOT_EXIST );
1013 }
1014
1015 }
1016
psa_driver_wrapper_copy_key(psa_key_attributes_t * attributes,const uint8_t * source_key,size_t source_key_length,uint8_t * target_key_buffer,size_t target_key_buffer_size,size_t * target_key_buffer_length)1017 psa_status_t psa_driver_wrapper_copy_key(
1018 psa_key_attributes_t *attributes,
1019 const uint8_t *source_key, size_t source_key_length,
1020 uint8_t *target_key_buffer, size_t target_key_buffer_size,
1021 size_t *target_key_buffer_length )
1022 {
1023
1024 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1025 psa_key_location_t location =
1026 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1027
1028 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
1029 const psa_drv_se_t *drv;
1030 psa_drv_se_context_t *drv_context;
1031
1032 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
1033 {
1034 /* Copying to a secure element is not implemented yet. */
1035 return( PSA_ERROR_NOT_SUPPORTED );
1036 }
1037 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
1038
1039 switch( location )
1040 {
1041 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1042
1043 #if (defined(PSA_CRYPTO_DRIVER_TEST) )
1044 case 0x7fffff:
1045 return( mbedtls_test_opaque_copy_key
1046 (attributes,
1047 source_key,
1048 source_key_length,
1049 target_key_buffer,
1050 target_key_buffer_size,
1051 target_key_buffer_length
1052 ));
1053 #endif
1054
1055
1056 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1057 default:
1058 (void)source_key;
1059 (void)source_key_length;
1060 (void)target_key_buffer;
1061 (void)target_key_buffer_size;
1062 (void)target_key_buffer_length;
1063 status = PSA_ERROR_INVALID_ARGUMENT;
1064 }
1065 return( status );
1066
1067 }
1068
1069 /*
1070 * Cipher functions
1071 */
psa_driver_wrapper_cipher_encrypt(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * iv,size_t iv_length,const uint8_t * input,size_t input_length,uint8_t * output,size_t output_size,size_t * output_length)1072 psa_status_t psa_driver_wrapper_cipher_encrypt(
1073 const psa_key_attributes_t *attributes,
1074 const uint8_t *key_buffer,
1075 size_t key_buffer_size,
1076 psa_algorithm_t alg,
1077 const uint8_t *iv,
1078 size_t iv_length,
1079 const uint8_t *input,
1080 size_t input_length,
1081 uint8_t *output,
1082 size_t output_size,
1083 size_t *output_length )
1084 {
1085 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1086 psa_key_location_t location =
1087 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1088
1089 switch( location )
1090 {
1091 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1092 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
1093 case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
1094 #endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
1095 /* Key is stored in the slot in export representation, so
1096 * cycle through all known transparent accelerators */
1097 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1098 #if defined(PSA_CRYPTO_DRIVER_TEST)
1099 status = mbedtls_test_transparent_cipher_encrypt( attributes,
1100 key_buffer,
1101 key_buffer_size,
1102 alg,
1103 iv,
1104 iv_length,
1105 input,
1106 input_length,
1107 output,
1108 output_size,
1109 output_length );
1110 /* Declared with fallback == true */
1111 if( status != PSA_ERROR_NOT_SUPPORTED )
1112 return( status );
1113 #endif /* PSA_CRYPTO_DRIVER_TEST */
1114 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
1115 status = cc3xx_cipher_encrypt( attributes,
1116 key_buffer,
1117 key_buffer_size,
1118 alg,
1119 iv,
1120 iv_length,
1121 input,
1122 input_length,
1123 output,
1124 output_size,
1125 output_length );
1126 return( status );
1127 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
1128 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1129
1130 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER) && !defined(PSA_CRYPTO_DRIVER_CC3XX)
1131 return( mbedtls_psa_cipher_encrypt( attributes,
1132 key_buffer,
1133 key_buffer_size,
1134 alg,
1135 iv,
1136 iv_length,
1137 input,
1138 input_length,
1139 output,
1140 output_size,
1141 output_length ) );
1142 #else
1143 return( PSA_ERROR_NOT_SUPPORTED );
1144 #endif
1145
1146 /* Add cases for opaque driver here */
1147 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1148 #if defined(PSA_CRYPTO_DRIVER_TEST)
1149 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
1150 return( mbedtls_test_opaque_cipher_encrypt( attributes,
1151 key_buffer,
1152 key_buffer_size,
1153 alg,
1154 iv,
1155 iv_length,
1156 input,
1157 input_length,
1158 output,
1159 output_size,
1160 output_length ) );
1161 #endif /* PSA_CRYPTO_DRIVER_TEST */
1162 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1163
1164 default:
1165 /* Key is declared with a lifetime not known to us */
1166 (void)status;
1167 (void)key_buffer;
1168 (void)key_buffer_size;
1169 (void)alg;
1170 (void)iv;
1171 (void)iv_length;
1172 (void)input;
1173 (void)input_length;
1174 (void)output;
1175 (void)output_size;
1176 (void)output_length;
1177 return( PSA_ERROR_INVALID_ARGUMENT );
1178 }
1179 }
1180
psa_driver_wrapper_cipher_decrypt(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * input,size_t input_length,uint8_t * output,size_t output_size,size_t * output_length)1181 psa_status_t psa_driver_wrapper_cipher_decrypt(
1182 const psa_key_attributes_t *attributes,
1183 const uint8_t *key_buffer,
1184 size_t key_buffer_size,
1185 psa_algorithm_t alg,
1186 const uint8_t *input,
1187 size_t input_length,
1188 uint8_t *output,
1189 size_t output_size,
1190 size_t *output_length )
1191 {
1192 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1193 psa_key_location_t location =
1194 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1195
1196 switch( location )
1197 {
1198 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1199 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
1200 case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
1201 #endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
1202 /* Key is stored in the slot in export representation, so
1203 * cycle through all known transparent accelerators */
1204 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1205 #if defined(PSA_CRYPTO_DRIVER_TEST)
1206 status = mbedtls_test_transparent_cipher_decrypt( attributes,
1207 key_buffer,
1208 key_buffer_size,
1209 alg,
1210 input,
1211 input_length,
1212 output,
1213 output_size,
1214 output_length );
1215 /* Declared with fallback == true */
1216 if( status != PSA_ERROR_NOT_SUPPORTED )
1217 return( status );
1218 #endif /* PSA_CRYPTO_DRIVER_TEST */
1219 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
1220 status = cc3xx_cipher_decrypt( attributes,
1221 key_buffer,
1222 key_buffer_size,
1223 alg,
1224 input,
1225 input_length,
1226 output,
1227 output_size,
1228 output_length );
1229 return( status );
1230 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
1231 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1232
1233 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER) && !defined(PSA_CRYPTO_DRIVER_CC3XX)
1234 return( mbedtls_psa_cipher_decrypt( attributes,
1235 key_buffer,
1236 key_buffer_size,
1237 alg,
1238 input,
1239 input_length,
1240 output,
1241 output_size,
1242 output_length ) );
1243 #else
1244 return( PSA_ERROR_NOT_SUPPORTED );
1245 #endif
1246
1247 /* Add cases for opaque driver here */
1248 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1249 #if defined(PSA_CRYPTO_DRIVER_TEST)
1250 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
1251 return( mbedtls_test_opaque_cipher_decrypt( attributes,
1252 key_buffer,
1253 key_buffer_size,
1254 alg,
1255 input,
1256 input_length,
1257 output,
1258 output_size,
1259 output_length ) );
1260 #endif /* PSA_CRYPTO_DRIVER_TEST */
1261 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1262
1263 default:
1264 /* Key is declared with a lifetime not known to us */
1265 (void)status;
1266 (void)key_buffer;
1267 (void)key_buffer_size;
1268 (void)alg;
1269 (void)input;
1270 (void)input_length;
1271 (void)output;
1272 (void)output_size;
1273 (void)output_length;
1274 return( PSA_ERROR_INVALID_ARGUMENT );
1275 }
1276 }
1277
psa_driver_wrapper_cipher_encrypt_setup(psa_cipher_operation_t * operation,const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg)1278 psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
1279 psa_cipher_operation_t *operation,
1280 const psa_key_attributes_t *attributes,
1281 const uint8_t *key_buffer, size_t key_buffer_size,
1282 psa_algorithm_t alg )
1283 {
1284 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1285 psa_key_location_t location =
1286 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1287
1288 switch( location )
1289 {
1290 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1291 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
1292 case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
1293 #endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
1294 /* Key is stored in the slot in export representation, so
1295 * cycle through all known transparent accelerators */
1296 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1297 #if defined(PSA_CRYPTO_DRIVER_TEST)
1298 status = mbedtls_test_transparent_cipher_encrypt_setup(
1299 &operation->ctx.transparent_test_driver_ctx,
1300 attributes,
1301 key_buffer,
1302 key_buffer_size,
1303 alg );
1304 /* Declared with fallback == true */
1305 if( status == PSA_SUCCESS )
1306 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
1307
1308 if( status != PSA_ERROR_NOT_SUPPORTED )
1309 return( status );
1310 #endif /* PSA_CRYPTO_DRIVER_TEST */
1311 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
1312 status = cc3xx_cipher_encrypt_setup(
1313 &operation->ctx.cc3xx_driver_ctx,
1314 attributes,
1315 key_buffer,
1316 key_buffer_size,
1317 alg );
1318 operation->id = PSA_CRYPTO_CC3XX_DRIVER_ID;
1319 return( status );
1320 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
1321 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1322 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER) && !defined(PSA_CRYPTO_DRIVER_CC3XX)
1323 /* Fell through, meaning no accelerator supports this operation */
1324 status = mbedtls_psa_cipher_encrypt_setup( &operation->ctx.mbedtls_ctx,
1325 attributes,
1326 key_buffer,
1327 key_buffer_size,
1328 alg );
1329 if( status == PSA_SUCCESS )
1330 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1331
1332 if( status != PSA_ERROR_NOT_SUPPORTED )
1333 return( status );
1334 #endif
1335 return( PSA_ERROR_NOT_SUPPORTED );
1336
1337 /* Add cases for opaque driver here */
1338 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1339 #if defined(PSA_CRYPTO_DRIVER_TEST)
1340 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
1341 status = mbedtls_test_opaque_cipher_encrypt_setup(
1342 &operation->ctx.opaque_test_driver_ctx,
1343 attributes,
1344 key_buffer, key_buffer_size,
1345 alg );
1346
1347 if( status == PSA_SUCCESS )
1348 operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID;
1349
1350 return( status );
1351 #endif /* PSA_CRYPTO_DRIVER_TEST */
1352 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1353 default:
1354 /* Key is declared with a lifetime not known to us */
1355 (void)status;
1356 (void)operation;
1357 (void)key_buffer;
1358 (void)key_buffer_size;
1359 (void)alg;
1360 return( PSA_ERROR_INVALID_ARGUMENT );
1361 }
1362 }
1363
psa_driver_wrapper_cipher_decrypt_setup(psa_cipher_operation_t * operation,const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg)1364 psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
1365 psa_cipher_operation_t *operation,
1366 const psa_key_attributes_t *attributes,
1367 const uint8_t *key_buffer, size_t key_buffer_size,
1368 psa_algorithm_t alg )
1369 {
1370 psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
1371 psa_key_location_t location =
1372 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1373
1374 switch( location )
1375 {
1376 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1377 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
1378 case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
1379 #endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
1380 /* Key is stored in the slot in export representation, so
1381 * cycle through all known transparent accelerators */
1382 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1383 #if defined(PSA_CRYPTO_DRIVER_TEST)
1384 status = mbedtls_test_transparent_cipher_decrypt_setup(
1385 &operation->ctx.transparent_test_driver_ctx,
1386 attributes,
1387 key_buffer,
1388 key_buffer_size,
1389 alg );
1390 /* Declared with fallback == true */
1391 if( status == PSA_SUCCESS )
1392 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
1393
1394 if( status != PSA_ERROR_NOT_SUPPORTED )
1395 return( status );
1396 #endif /* PSA_CRYPTO_DRIVER_TEST */
1397 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
1398 status = cc3xx_cipher_decrypt_setup(
1399 &operation->ctx.cc3xx_driver_ctx,
1400 attributes,
1401 key_buffer,
1402 key_buffer_size,
1403 alg );
1404 operation->id = PSA_CRYPTO_CC3XX_DRIVER_ID;
1405 return( status );
1406 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
1407 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1408 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER) && !defined(PSA_CRYPTO_DRIVER_CC3XX)
1409 /* Fell through, meaning no accelerator supports this operation */
1410 status = mbedtls_psa_cipher_decrypt_setup( &operation->ctx.mbedtls_ctx,
1411 attributes,
1412 key_buffer,
1413 key_buffer_size,
1414 alg );
1415 if( status == PSA_SUCCESS )
1416 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1417
1418 return( status );
1419 #endif
1420 return( PSA_ERROR_NOT_SUPPORTED );
1421
1422 /* Add cases for opaque driver here */
1423 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1424 #if defined(PSA_CRYPTO_DRIVER_TEST)
1425 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
1426 status = mbedtls_test_opaque_cipher_decrypt_setup(
1427 &operation->ctx.opaque_test_driver_ctx,
1428 attributes,
1429 key_buffer, key_buffer_size,
1430 alg );
1431
1432 if( status == PSA_SUCCESS )
1433 operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID;
1434
1435 return( status );
1436 #endif /* PSA_CRYPTO_DRIVER_TEST */
1437 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1438 default:
1439 /* Key is declared with a lifetime not known to us */
1440 (void)status;
1441 (void)operation;
1442 (void)key_buffer;
1443 (void)key_buffer_size;
1444 (void)alg;
1445 return( PSA_ERROR_INVALID_ARGUMENT );
1446 }
1447 }
1448
psa_driver_wrapper_cipher_set_iv(psa_cipher_operation_t * operation,const uint8_t * iv,size_t iv_length)1449 psa_status_t psa_driver_wrapper_cipher_set_iv(
1450 psa_cipher_operation_t *operation,
1451 const uint8_t *iv,
1452 size_t iv_length )
1453 {
1454 switch( operation->id )
1455 {
1456 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER) && !defined(PSA_CRYPTO_DRIVER_CC3XX)
1457 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1458 return( mbedtls_psa_cipher_set_iv( &operation->ctx.mbedtls_ctx,
1459 iv,
1460 iv_length ) );
1461 #endif
1462
1463 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1464 #if defined(PSA_CRYPTO_DRIVER_TEST)
1465 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1466 return( mbedtls_test_transparent_cipher_set_iv(
1467 &operation->ctx.transparent_test_driver_ctx,
1468 iv, iv_length ) );
1469
1470 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
1471 return( mbedtls_test_opaque_cipher_set_iv(
1472 &operation->ctx.opaque_test_driver_ctx,
1473 iv, iv_length ) );
1474 #endif /* PSA_CRYPTO_DRIVER_TEST */
1475 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
1476 case PSA_CRYPTO_CC3XX_DRIVER_ID:
1477 return( cc3xx_cipher_set_iv(
1478 &operation->ctx.cc3xx_driver_ctx,
1479 iv, iv_length ) );
1480 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
1481 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1482 }
1483
1484 (void)iv;
1485 (void)iv_length;
1486
1487 return( PSA_ERROR_INVALID_ARGUMENT );
1488 }
1489
psa_driver_wrapper_cipher_update(psa_cipher_operation_t * operation,const uint8_t * input,size_t input_length,uint8_t * output,size_t output_size,size_t * output_length)1490 psa_status_t psa_driver_wrapper_cipher_update(
1491 psa_cipher_operation_t *operation,
1492 const uint8_t *input,
1493 size_t input_length,
1494 uint8_t *output,
1495 size_t output_size,
1496 size_t *output_length )
1497 {
1498 switch( operation->id )
1499 {
1500 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER) && !defined(PSA_CRYPTO_DRIVER_CC3XX)
1501 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1502 return( mbedtls_psa_cipher_update( &operation->ctx.mbedtls_ctx,
1503 input,
1504 input_length,
1505 output,
1506 output_size,
1507 output_length ) );
1508 #endif
1509
1510 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1511 #if defined(PSA_CRYPTO_DRIVER_TEST)
1512 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1513 return( mbedtls_test_transparent_cipher_update(
1514 &operation->ctx.transparent_test_driver_ctx,
1515 input, input_length,
1516 output, output_size, output_length ) );
1517
1518 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
1519 return( mbedtls_test_opaque_cipher_update(
1520 &operation->ctx.opaque_test_driver_ctx,
1521 input, input_length,
1522 output, output_size, output_length ) );
1523 #endif /* PSA_CRYPTO_DRIVER_TEST */
1524 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
1525 case PSA_CRYPTO_CC3XX_DRIVER_ID:
1526 return( cc3xx_cipher_update(
1527 &operation->ctx.cc3xx_driver_ctx,
1528 input, input_length,
1529 output, output_size, output_length ) );
1530 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
1531 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1532 }
1533
1534 (void)input;
1535 (void)input_length;
1536 (void)output;
1537 (void)output_size;
1538 (void)output_length;
1539
1540 return( PSA_ERROR_INVALID_ARGUMENT );
1541 }
1542
psa_driver_wrapper_cipher_finish(psa_cipher_operation_t * operation,uint8_t * output,size_t output_size,size_t * output_length)1543 psa_status_t psa_driver_wrapper_cipher_finish(
1544 psa_cipher_operation_t *operation,
1545 uint8_t *output,
1546 size_t output_size,
1547 size_t *output_length )
1548 {
1549 switch( operation->id )
1550 {
1551 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER) && !defined(PSA_CRYPTO_DRIVER_CC3XX)
1552 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1553 return( mbedtls_psa_cipher_finish( &operation->ctx.mbedtls_ctx,
1554 output,
1555 output_size,
1556 output_length ) );
1557 #endif
1558
1559 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1560 #if defined(PSA_CRYPTO_DRIVER_TEST)
1561 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1562 return( mbedtls_test_transparent_cipher_finish(
1563 &operation->ctx.transparent_test_driver_ctx,
1564 output, output_size, output_length ) );
1565
1566 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
1567 return( mbedtls_test_opaque_cipher_finish(
1568 &operation->ctx.opaque_test_driver_ctx,
1569 output, output_size, output_length ) );
1570 #endif /* PSA_CRYPTO_DRIVER_TEST */
1571 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
1572 case PSA_CRYPTO_CC3XX_DRIVER_ID:
1573 return( cc3xx_cipher_finish(
1574 &operation->ctx.cc3xx_driver_ctx,
1575 output, output_size, output_length ) );
1576 #endif /* PSA_CRYPTO_DRIVER_CC3XX*/
1577 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1578 }
1579
1580 (void)output;
1581 (void)output_size;
1582 (void)output_length;
1583
1584 return( PSA_ERROR_INVALID_ARGUMENT );
1585 }
1586
psa_driver_wrapper_cipher_abort(psa_cipher_operation_t * operation)1587 psa_status_t psa_driver_wrapper_cipher_abort(
1588 psa_cipher_operation_t *operation )
1589 {
1590 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1591
1592 switch( operation->id )
1593 {
1594 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER) && !defined(PSA_CRYPTO_DRIVER_CC3XX)
1595 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1596 return( mbedtls_psa_cipher_abort( &operation->ctx.mbedtls_ctx ) );
1597 #endif
1598
1599 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1600 #if defined(PSA_CRYPTO_DRIVER_TEST)
1601 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1602 status = mbedtls_test_transparent_cipher_abort(
1603 &operation->ctx.transparent_test_driver_ctx );
1604 mbedtls_platform_zeroize(
1605 &operation->ctx.transparent_test_driver_ctx,
1606 sizeof( operation->ctx.transparent_test_driver_ctx ) );
1607 return( status );
1608
1609 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
1610 status = mbedtls_test_opaque_cipher_abort(
1611 &operation->ctx.opaque_test_driver_ctx );
1612 mbedtls_platform_zeroize(
1613 &operation->ctx.opaque_test_driver_ctx,
1614 sizeof( operation->ctx.opaque_test_driver_ctx ) );
1615 return( status );
1616 #endif /* PSA_CRYPTO_DRIVER_TEST */
1617 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
1618 case PSA_CRYPTO_CC3XX_DRIVER_ID:
1619 status = cc3xx_cipher_abort(
1620 &operation->ctx.cc3xx_driver_ctx );
1621 mbedtls_platform_zeroize(
1622 &operation->ctx.cc3xx_driver_ctx,
1623 sizeof( operation->ctx.cc3xx_driver_ctx ) );
1624 return( status );
1625 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
1626 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1627 }
1628
1629 (void)status;
1630 return( PSA_ERROR_INVALID_ARGUMENT );
1631 }
1632
1633 /*
1634 * Hashing functions
1635 */
psa_driver_wrapper_hash_compute(psa_algorithm_t alg,const uint8_t * input,size_t input_length,uint8_t * hash,size_t hash_size,size_t * hash_length)1636 psa_status_t psa_driver_wrapper_hash_compute(
1637 psa_algorithm_t alg,
1638 const uint8_t *input,
1639 size_t input_length,
1640 uint8_t *hash,
1641 size_t hash_size,
1642 size_t *hash_length)
1643 {
1644 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1645
1646 /* Try accelerators first */
1647 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1648 #if defined(PSA_CRYPTO_DRIVER_TEST)
1649 status = mbedtls_test_transparent_hash_compute(
1650 alg, input, input_length, hash, hash_size, hash_length );
1651 if( status != PSA_ERROR_NOT_SUPPORTED )
1652 return( status );
1653 #endif /* PSA_CRYPTO_DRIVER_TEST */
1654 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
1655 status = cc3xx_hash_compute(alg, input, input_length, hash, hash_size,
1656 hash_length);
1657 return status;
1658 #endif /* defined(PSA_CRYPTO_DRIVER_CC3XX) */
1659 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1660 /* If software fallback is compiled in, try fallback */
1661 #if defined(MBEDTLS_PSA_BUILTIN_HASH) && !defined(PSA_CRYPTO_DRIVER_CC3XX)
1662 status = mbedtls_psa_hash_compute( alg, input, input_length,
1663 hash, hash_size, hash_length );
1664 if( status != PSA_ERROR_NOT_SUPPORTED )
1665 return( status );
1666 #endif
1667 (void) status;
1668 (void) alg;
1669 (void) input;
1670 (void) input_length;
1671 (void) hash;
1672 (void) hash_size;
1673 (void) hash_length;
1674
1675 return( PSA_ERROR_NOT_SUPPORTED );
1676 }
1677
psa_driver_wrapper_hash_setup(psa_hash_operation_t * operation,psa_algorithm_t alg)1678 psa_status_t psa_driver_wrapper_hash_setup(
1679 psa_hash_operation_t *operation,
1680 psa_algorithm_t alg )
1681 {
1682 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1683
1684 /* Try setup on accelerators first */
1685 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1686 #if defined(PSA_CRYPTO_DRIVER_TEST)
1687 status = mbedtls_test_transparent_hash_setup(
1688 &operation->ctx.test_driver_ctx, alg );
1689 if( status == PSA_SUCCESS )
1690 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
1691
1692 if( status != PSA_ERROR_NOT_SUPPORTED )
1693 return( status );
1694 #endif /* PSA_CRYPTO_DRIVER_TEST */
1695 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
1696 status = cc3xx_hash_setup(&operation->ctx.cc3xx_driver_ctx, alg);
1697 operation->id = PSA_CRYPTO_CC3XX_DRIVER_ID;
1698 return( status );
1699 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
1700 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1701
1702 #if defined(MBEDTLS_PSA_BUILTIN_HASH) && !defined(PSA_CRYPTO_DRIVER_CC3XX)
1703 /* If software fallback is compiled in, try fallback */
1704 status = mbedtls_psa_hash_setup( &operation->ctx.mbedtls_ctx, alg );
1705 if( status == PSA_SUCCESS )
1706 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1707
1708 if( status != PSA_ERROR_NOT_SUPPORTED )
1709 return( status );
1710 #endif
1711 /* Nothing left to try if we fall through here */
1712 (void) status;
1713 (void) operation;
1714 (void) alg;
1715 return( PSA_ERROR_NOT_SUPPORTED );
1716 }
1717
psa_driver_wrapper_hash_clone(const psa_hash_operation_t * source_operation,psa_hash_operation_t * target_operation)1718 psa_status_t psa_driver_wrapper_hash_clone(
1719 const psa_hash_operation_t *source_operation,
1720 psa_hash_operation_t *target_operation )
1721 {
1722 switch( source_operation->id )
1723 {
1724 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1725 #if defined(PSA_CRYPTO_DRIVER_TEST)
1726 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1727 target_operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
1728 return( mbedtls_test_transparent_hash_clone(
1729 &source_operation->ctx.test_driver_ctx,
1730 &target_operation->ctx.test_driver_ctx ) );
1731 #endif /* PSA_CRYPTO_DRIVER_TEST */
1732 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
1733 case PSA_CRYPTO_CC3XX_DRIVER_ID:
1734 target_operation->id = PSA_CRYPTO_CC3XX_DRIVER_ID;
1735 return( cc3xx_hash_clone(
1736 &source_operation->ctx.cc3xx_driver_ctx,
1737 &target_operation->ctx.cc3xx_driver_ctx ) );
1738
1739 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
1740 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1741 #if defined(MBEDTLS_PSA_BUILTIN_HASH) && !defined(PSA_CRYPTO_DRIVER_CC3XX)
1742 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1743 target_operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1744 return( mbedtls_psa_hash_clone( &source_operation->ctx.mbedtls_ctx,
1745 &target_operation->ctx.mbedtls_ctx ) );
1746 #endif
1747 default:
1748 (void) target_operation;
1749 return( PSA_ERROR_BAD_STATE );
1750 }
1751 }
1752
psa_driver_wrapper_hash_update(psa_hash_operation_t * operation,const uint8_t * input,size_t input_length)1753 psa_status_t psa_driver_wrapper_hash_update(
1754 psa_hash_operation_t *operation,
1755 const uint8_t *input,
1756 size_t input_length )
1757 {
1758 switch( operation->id )
1759 {
1760 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1761 #if defined(PSA_CRYPTO_DRIVER_TEST)
1762 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1763 return( mbedtls_test_transparent_hash_update(
1764 &operation->ctx.test_driver_ctx,
1765 input, input_length ) );
1766 #endif /* PSA_CRYPTO_DRIVER_TEST */
1767 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
1768 case PSA_CRYPTO_CC3XX_DRIVER_ID:
1769 return( cc3xx_hash_update(
1770 &operation->ctx.cc3xx_driver_ctx,
1771 input, input_length ) );
1772 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
1773 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1774 #if defined(MBEDTLS_PSA_BUILTIN_HASH) && !defined(PSA_CRYPTO_DRIVER_CC3XX)
1775 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1776 return( mbedtls_psa_hash_update( &operation->ctx.mbedtls_ctx,
1777 input, input_length ) );
1778 #endif
1779 default:
1780 (void) input;
1781 (void) input_length;
1782 return( PSA_ERROR_BAD_STATE );
1783 }
1784 }
1785
psa_driver_wrapper_hash_finish(psa_hash_operation_t * operation,uint8_t * hash,size_t hash_size,size_t * hash_length)1786 psa_status_t psa_driver_wrapper_hash_finish(
1787 psa_hash_operation_t *operation,
1788 uint8_t *hash,
1789 size_t hash_size,
1790 size_t *hash_length )
1791 {
1792 switch( operation->id )
1793 {
1794 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1795 #if defined(PSA_CRYPTO_DRIVER_TEST)
1796 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1797 return( mbedtls_test_transparent_hash_finish(
1798 &operation->ctx.test_driver_ctx,
1799 hash, hash_size, hash_length ) );
1800 #endif /* PSA_CRYPTO_DRIVER_TEST */
1801 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
1802 case PSA_CRYPTO_CC3XX_DRIVER_ID:
1803 return( cc3xx_hash_finish(
1804 &operation->ctx.cc3xx_driver_ctx,
1805 hash, hash_size, hash_length ) );
1806 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
1807 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1808 #if defined(MBEDTLS_PSA_BUILTIN_HASH) && !defined(PSA_CRYPTO_DRIVER_CC3XX)
1809 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1810 return( mbedtls_psa_hash_finish( &operation->ctx.mbedtls_ctx,
1811 hash, hash_size, hash_length ) );
1812 #endif
1813 default:
1814 (void) hash;
1815 (void) hash_size;
1816 (void) hash_length;
1817 return( PSA_ERROR_BAD_STATE );
1818 }
1819 }
1820
psa_driver_wrapper_hash_abort(psa_hash_operation_t * operation)1821 psa_status_t psa_driver_wrapper_hash_abort(
1822 psa_hash_operation_t *operation )
1823 {
1824 switch( operation->id )
1825 {
1826 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1827 #if defined(PSA_CRYPTO_DRIVER_TEST)
1828 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1829 return( mbedtls_test_transparent_hash_abort(
1830 &operation->ctx.test_driver_ctx ) );
1831 #endif /* PSA_CRYPTO_DRIVER_TEST */
1832 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
1833 case PSA_CRYPTO_CC3XX_DRIVER_ID:
1834 return( cc3xx_hash_abort(
1835 &operation->ctx.cc3xx_driver_ctx ) );
1836 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
1837 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1838 #if defined(MBEDTLS_PSA_BUILTIN_HASH) && !defined(PSA_CRYPTO_DRIVER_CC3XX)
1839 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1840 return( mbedtls_psa_hash_abort( &operation->ctx.mbedtls_ctx ) );
1841 #endif
1842 default:
1843 return( PSA_ERROR_BAD_STATE );
1844 }
1845 }
1846
psa_driver_wrapper_aead_encrypt(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * nonce,size_t nonce_length,const uint8_t * additional_data,size_t additional_data_length,const uint8_t * plaintext,size_t plaintext_length,uint8_t * ciphertext,size_t ciphertext_size,size_t * ciphertext_length)1847 psa_status_t psa_driver_wrapper_aead_encrypt(
1848 const psa_key_attributes_t *attributes,
1849 const uint8_t *key_buffer, size_t key_buffer_size,
1850 psa_algorithm_t alg,
1851 const uint8_t *nonce, size_t nonce_length,
1852 const uint8_t *additional_data, size_t additional_data_length,
1853 const uint8_t *plaintext, size_t plaintext_length,
1854 uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length )
1855 {
1856 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1857 psa_key_location_t location =
1858 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1859
1860 switch( location )
1861 {
1862 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1863 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
1864 case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
1865 #endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
1866 /* Key is stored in the slot in export representation, so
1867 * cycle through all known transparent accelerators */
1868
1869 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1870 #if defined(PSA_CRYPTO_DRIVER_TEST)
1871 status = mbedtls_test_transparent_aead_encrypt(
1872 attributes, key_buffer, key_buffer_size,
1873 alg,
1874 nonce, nonce_length,
1875 additional_data, additional_data_length,
1876 plaintext, plaintext_length,
1877 ciphertext, ciphertext_size, ciphertext_length );
1878 /* Declared with fallback == true */
1879 if( status != PSA_ERROR_NOT_SUPPORTED )
1880 return( status );
1881 #endif /* PSA_CRYPTO_DRIVER_TEST */
1882 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
1883 status = cc3xx_aead_encrypt(
1884 attributes, key_buffer, key_buffer_size,
1885 alg,
1886 nonce, nonce_length,
1887 additional_data, additional_data_length,
1888 plaintext, plaintext_length,
1889 ciphertext, ciphertext_size, ciphertext_length );
1890
1891 return( status );
1892 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
1893 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1894 #if !defined(PSA_CRYPTO_DRIVER_CC3XX)
1895 /* Fell through, meaning no accelerator supports this operation */
1896 return( mbedtls_psa_aead_encrypt(
1897 attributes, key_buffer, key_buffer_size,
1898 alg,
1899 nonce, nonce_length,
1900 additional_data, additional_data_length,
1901 plaintext, plaintext_length,
1902 ciphertext, ciphertext_size, ciphertext_length ) );
1903 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
1904 /* Add cases for opaque driver here */
1905
1906 default:
1907 /* Key is declared with a lifetime not known to us */
1908 (void)status;
1909 return( PSA_ERROR_INVALID_ARGUMENT );
1910 }
1911 }
1912
psa_driver_wrapper_aead_decrypt(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * nonce,size_t nonce_length,const uint8_t * additional_data,size_t additional_data_length,const uint8_t * ciphertext,size_t ciphertext_length,uint8_t * plaintext,size_t plaintext_size,size_t * plaintext_length)1913 psa_status_t psa_driver_wrapper_aead_decrypt(
1914 const psa_key_attributes_t *attributes,
1915 const uint8_t *key_buffer, size_t key_buffer_size,
1916 psa_algorithm_t alg,
1917 const uint8_t *nonce, size_t nonce_length,
1918 const uint8_t *additional_data, size_t additional_data_length,
1919 const uint8_t *ciphertext, size_t ciphertext_length,
1920 uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length )
1921 {
1922 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1923 psa_key_location_t location =
1924 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1925
1926 switch( location )
1927 {
1928 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1929 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
1930 case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
1931 #endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
1932 /* Key is stored in the slot in export representation, so
1933 * cycle through all known transparent accelerators */
1934
1935 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1936 #if defined(PSA_CRYPTO_DRIVER_TEST)
1937 status = mbedtls_test_transparent_aead_decrypt(
1938 attributes, key_buffer, key_buffer_size,
1939 alg,
1940 nonce, nonce_length,
1941 additional_data, additional_data_length,
1942 ciphertext, ciphertext_length,
1943 plaintext, plaintext_size, plaintext_length );
1944 /* Declared with fallback == true */
1945 if( status != PSA_ERROR_NOT_SUPPORTED )
1946 return( status );
1947 #endif /* PSA_CRYPTO_DRIVER_TEST */
1948 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
1949 status = cc3xx_aead_decrypt(
1950 attributes, key_buffer, key_buffer_size,
1951 alg,
1952 nonce, nonce_length,
1953 additional_data, additional_data_length,
1954 ciphertext, ciphertext_length,
1955 plaintext, plaintext_size, plaintext_length );
1956
1957 return( status );
1958 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
1959 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1960 #if !defined(PSA_CRYPTO_DRIVER_CC3XX)
1961 /* Fell through, meaning no accelerator supports this operation */
1962 return( mbedtls_psa_aead_decrypt(
1963 attributes, key_buffer, key_buffer_size,
1964 alg,
1965 nonce, nonce_length,
1966 additional_data, additional_data_length,
1967 ciphertext, ciphertext_length,
1968 plaintext, plaintext_size, plaintext_length ) );
1969 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
1970 /* Add cases for opaque driver here */
1971
1972 default:
1973 /* Key is declared with a lifetime not known to us */
1974 (void)status;
1975 return( PSA_ERROR_INVALID_ARGUMENT );
1976 }
1977 }
1978
psa_driver_wrapper_aead_encrypt_setup(psa_aead_operation_t * operation,const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg)1979 psa_status_t psa_driver_wrapper_aead_encrypt_setup(
1980 psa_aead_operation_t *operation,
1981 const psa_key_attributes_t *attributes,
1982 const uint8_t *key_buffer, size_t key_buffer_size,
1983 psa_algorithm_t alg )
1984 {
1985 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1986 psa_key_location_t location =
1987 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1988
1989 switch( location )
1990 {
1991 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1992 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
1993 case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
1994 #endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
1995 /* Key is stored in the slot in export representation, so
1996 * cycle through all known transparent accelerators */
1997
1998 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1999 #if defined(PSA_CRYPTO_DRIVER_TEST)
2000 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
2001 status = mbedtls_test_transparent_aead_encrypt_setup(
2002 &operation->ctx.transparent_test_driver_ctx,
2003 attributes, key_buffer, key_buffer_size,
2004 alg );
2005
2006 /* Declared with fallback == true */
2007 if( status != PSA_ERROR_NOT_SUPPORTED )
2008 return( status );
2009 #endif /* PSA_CRYPTO_DRIVER_TEST */
2010 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
2011 operation->id = PSA_CRYPTO_CC3XX_DRIVER_ID;
2012 status = cc3xx_aead_encrypt_setup(
2013 &operation->ctx.cc3xx_driver_ctx,
2014 attributes, key_buffer, key_buffer_size,
2015 alg );
2016
2017 return( status );
2018 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
2019 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2020 #if !defined(PSA_CRYPTO_DRIVER_CC3XX)
2021 /* Fell through, meaning no accelerator supports this operation */
2022 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
2023 status = mbedtls_psa_aead_encrypt_setup(
2024 &operation->ctx.mbedtls_ctx, attributes,
2025 key_buffer, key_buffer_size,
2026 alg );
2027
2028 return( status );
2029 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
2030 /* Add cases for opaque driver here */
2031
2032 default:
2033 /* Key is declared with a lifetime not known to us */
2034 (void)status;
2035 return( PSA_ERROR_INVALID_ARGUMENT );
2036 }
2037 }
2038
psa_driver_wrapper_aead_decrypt_setup(psa_aead_operation_t * operation,const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg)2039 psa_status_t psa_driver_wrapper_aead_decrypt_setup(
2040 psa_aead_operation_t *operation,
2041 const psa_key_attributes_t *attributes,
2042 const uint8_t *key_buffer, size_t key_buffer_size,
2043 psa_algorithm_t alg )
2044 {
2045 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2046 psa_key_location_t location =
2047 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
2048
2049 switch( location )
2050 {
2051 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2052 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
2053 case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
2054 #endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
2055 /* Key is stored in the slot in export representation, so
2056 * cycle through all known transparent accelerators */
2057
2058 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2059 #if defined(PSA_CRYPTO_DRIVER_TEST)
2060 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
2061 status = mbedtls_test_transparent_aead_decrypt_setup(
2062 &operation->ctx.transparent_test_driver_ctx,
2063 attributes,
2064 key_buffer, key_buffer_size,
2065 alg );
2066
2067 /* Declared with fallback == true */
2068 if( status != PSA_ERROR_NOT_SUPPORTED )
2069 return( status );
2070 #endif /* PSA_CRYPTO_DRIVER_TEST */
2071 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
2072 operation->id = PSA_CRYPTO_CC3XX_DRIVER_ID;
2073 status = cc3xx_aead_decrypt_setup(
2074 &operation->ctx.cc3xx_driver_ctx,
2075 attributes,
2076 key_buffer, key_buffer_size,
2077 alg );
2078
2079 return( status );
2080 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
2081 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2082 #if !defined(PSA_CRYPTO_DRIVER_CC3XX)
2083 /* Fell through, meaning no accelerator supports this operation */
2084 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
2085 status = mbedtls_psa_aead_decrypt_setup(
2086 &operation->ctx.mbedtls_ctx,
2087 attributes,
2088 key_buffer, key_buffer_size,
2089 alg );
2090
2091 return( status );
2092 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
2093 /* Add cases for opaque driver here */
2094
2095 default:
2096 /* Key is declared with a lifetime not known to us */
2097 (void)status;
2098 return( PSA_ERROR_INVALID_ARGUMENT );
2099 }
2100 }
2101
psa_driver_wrapper_aead_set_nonce(psa_aead_operation_t * operation,const uint8_t * nonce,size_t nonce_length)2102 psa_status_t psa_driver_wrapper_aead_set_nonce(
2103 psa_aead_operation_t *operation,
2104 const uint8_t *nonce,
2105 size_t nonce_length )
2106 {
2107 switch( operation->id )
2108 {
2109 #if defined(MBEDTLS_PSA_BUILTIN_AEAD) && !defined(PSA_CRYPTO_DRIVER_CC3XX)
2110 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2111 return( mbedtls_psa_aead_set_nonce( &operation->ctx.mbedtls_ctx,
2112 nonce,
2113 nonce_length ) );
2114
2115 #endif
2116
2117 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2118 #if defined(PSA_CRYPTO_DRIVER_TEST)
2119 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2120 return( mbedtls_test_transparent_aead_set_nonce(
2121 &operation->ctx.transparent_test_driver_ctx,
2122 nonce, nonce_length ) );
2123
2124 /* Add cases for opaque driver here */
2125
2126 #endif /* PSA_CRYPTO_DRIVER_TEST */
2127 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
2128 case PSA_CRYPTO_CC3XX_DRIVER_ID:
2129 return( cc3xx_aead_set_nonce(
2130 &operation->ctx.cc3xx_driver_ctx,
2131 nonce, nonce_length ) );
2132
2133 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
2134 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2135 }
2136
2137 (void)nonce;
2138 (void)nonce_length;
2139
2140 return( PSA_ERROR_INVALID_ARGUMENT );
2141 }
2142
psa_driver_wrapper_aead_set_lengths(psa_aead_operation_t * operation,size_t ad_length,size_t plaintext_length)2143 psa_status_t psa_driver_wrapper_aead_set_lengths(
2144 psa_aead_operation_t *operation,
2145 size_t ad_length,
2146 size_t plaintext_length )
2147 {
2148 switch( operation->id )
2149 {
2150 #if defined(MBEDTLS_PSA_BUILTIN_AEAD) && !defined(PSA_CRYPTO_DRIVER_CC3XX)
2151 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2152 return( mbedtls_psa_aead_set_lengths( &operation->ctx.mbedtls_ctx,
2153 ad_length,
2154 plaintext_length ) );
2155
2156 #endif
2157
2158 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2159 #if defined(PSA_CRYPTO_DRIVER_TEST)
2160 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2161 return( mbedtls_test_transparent_aead_set_lengths(
2162 &operation->ctx.transparent_test_driver_ctx,
2163 ad_length, plaintext_length ) );
2164
2165 /* Add cases for opaque driver here */
2166
2167 #endif /* PSA_CRYPTO_DRIVER_TEST */
2168 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
2169 case PSA_CRYPTO_CC3XX_DRIVER_ID:
2170 return( cc3xx_aead_set_lengths(
2171 &operation->ctx.cc3xx_driver_ctx,
2172 ad_length, plaintext_length ) );
2173
2174 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
2175 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2176 }
2177
2178 (void)ad_length;
2179 (void)plaintext_length;
2180
2181 return( PSA_ERROR_INVALID_ARGUMENT );
2182 }
2183
psa_driver_wrapper_aead_update_ad(psa_aead_operation_t * operation,const uint8_t * input,size_t input_length)2184 psa_status_t psa_driver_wrapper_aead_update_ad(
2185 psa_aead_operation_t *operation,
2186 const uint8_t *input,
2187 size_t input_length )
2188 {
2189 switch( operation->id )
2190 {
2191 #if defined(MBEDTLS_PSA_BUILTIN_AEAD) && !defined(PSA_CRYPTO_DRIVER_CC3XX)
2192 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2193 return( mbedtls_psa_aead_update_ad( &operation->ctx.mbedtls_ctx,
2194 input,
2195 input_length ) );
2196
2197 #endif
2198
2199 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2200 #if defined(PSA_CRYPTO_DRIVER_TEST)
2201 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2202 return( mbedtls_test_transparent_aead_update_ad(
2203 &operation->ctx.transparent_test_driver_ctx,
2204 input, input_length ) );
2205
2206 /* Add cases for opaque driver here */
2207
2208 #endif /* PSA_CRYPTO_DRIVER_TEST */
2209 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
2210 case PSA_CRYPTO_CC3XX_DRIVER_ID:
2211 return( cc3xx_aead_update_ad(
2212 &operation->ctx.cc3xx_driver_ctx,
2213 input, input_length ) );
2214
2215 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
2216 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2217 }
2218
2219 (void)input;
2220 (void)input_length;
2221
2222 return( PSA_ERROR_INVALID_ARGUMENT );
2223 }
2224
psa_driver_wrapper_aead_update(psa_aead_operation_t * operation,const uint8_t * input,size_t input_length,uint8_t * output,size_t output_size,size_t * output_length)2225 psa_status_t psa_driver_wrapper_aead_update(
2226 psa_aead_operation_t *operation,
2227 const uint8_t *input,
2228 size_t input_length,
2229 uint8_t *output,
2230 size_t output_size,
2231 size_t *output_length )
2232 {
2233 switch( operation->id )
2234 {
2235 #if defined(MBEDTLS_PSA_BUILTIN_AEAD) && !defined(PSA_CRYPTO_DRIVER_CC3XX)
2236 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2237 return( mbedtls_psa_aead_update( &operation->ctx.mbedtls_ctx,
2238 input, input_length,
2239 output, output_size,
2240 output_length ) );
2241
2242 #endif
2243
2244 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2245 #if defined(PSA_CRYPTO_DRIVER_TEST)
2246 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2247 return( mbedtls_test_transparent_aead_update(
2248 &operation->ctx.transparent_test_driver_ctx,
2249 input, input_length, output, output_size,
2250 output_length ) );
2251
2252 /* Add cases for opaque driver here */
2253
2254 #endif /* PSA_CRYPTO_DRIVER_TEST */
2255 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
2256 case PSA_CRYPTO_CC3XX_DRIVER_ID:
2257 return( cc3xx_aead_update(
2258 &operation->ctx.cc3xx_driver_ctx,
2259 input, input_length, output, output_size,
2260 output_length ) );
2261
2262 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
2263 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2264 }
2265
2266 (void)input;
2267 (void)input_length;
2268 (void)output;
2269 (void)output_size;
2270 (void)output_length;
2271
2272 return( PSA_ERROR_INVALID_ARGUMENT );
2273 }
2274
psa_driver_wrapper_aead_finish(psa_aead_operation_t * operation,uint8_t * ciphertext,size_t ciphertext_size,size_t * ciphertext_length,uint8_t * tag,size_t tag_size,size_t * tag_length)2275 psa_status_t psa_driver_wrapper_aead_finish(
2276 psa_aead_operation_t *operation,
2277 uint8_t *ciphertext,
2278 size_t ciphertext_size,
2279 size_t *ciphertext_length,
2280 uint8_t *tag,
2281 size_t tag_size,
2282 size_t *tag_length )
2283 {
2284 switch( operation->id )
2285 {
2286 #if defined(MBEDTLS_PSA_BUILTIN_AEAD) && !defined(PSA_CRYPTO_DRIVER_CC3XX)
2287 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2288 return( mbedtls_psa_aead_finish( &operation->ctx.mbedtls_ctx,
2289 ciphertext,
2290 ciphertext_size,
2291 ciphertext_length, tag,
2292 tag_size, tag_length ) );
2293
2294 #endif
2295
2296 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2297 #if defined(PSA_CRYPTO_DRIVER_TEST)
2298 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2299 return( mbedtls_test_transparent_aead_finish(
2300 &operation->ctx.transparent_test_driver_ctx,
2301 ciphertext, ciphertext_size,
2302 ciphertext_length, tag, tag_size, tag_length ) );
2303
2304 /* Add cases for opaque driver here */
2305
2306 #endif /* PSA_CRYPTO_DRIVER_TEST */
2307 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
2308 case PSA_CRYPTO_CC3XX_DRIVER_ID:
2309 return( cc3xx_aead_finish(
2310 &operation->ctx.cc3xx_driver_ctx,
2311 ciphertext, ciphertext_size,
2312 ciphertext_length, tag, tag_size, tag_length ) );
2313
2314 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
2315 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2316 }
2317
2318 (void)ciphertext;
2319 (void)ciphertext_size;
2320 (void)ciphertext_length;
2321 (void)tag;
2322 (void)tag_size;
2323 (void)tag_length;
2324
2325 return( PSA_ERROR_INVALID_ARGUMENT );
2326 }
2327
psa_driver_wrapper_aead_verify(psa_aead_operation_t * operation,uint8_t * plaintext,size_t plaintext_size,size_t * plaintext_length,const uint8_t * tag,size_t tag_length)2328 psa_status_t psa_driver_wrapper_aead_verify(
2329 psa_aead_operation_t *operation,
2330 uint8_t *plaintext,
2331 size_t plaintext_size,
2332 size_t *plaintext_length,
2333 const uint8_t *tag,
2334 size_t tag_length )
2335 {
2336 switch( operation->id )
2337 {
2338 #if defined(MBEDTLS_PSA_BUILTIN_AEAD) && !defined(PSA_CRYPTO_DRIVER_CC3XX)
2339 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2340 {
2341 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2342 uint8_t check_tag[PSA_AEAD_TAG_MAX_SIZE];
2343 size_t check_tag_length;
2344
2345 status = mbedtls_psa_aead_finish( &operation->ctx.mbedtls_ctx,
2346 plaintext,
2347 plaintext_size,
2348 plaintext_length,
2349 check_tag,
2350 sizeof( check_tag ),
2351 &check_tag_length );
2352
2353 if( status == PSA_SUCCESS )
2354 {
2355 if( tag_length != check_tag_length ||
2356 mbedtls_psa_safer_memcmp( tag, check_tag, tag_length )
2357 != 0 )
2358 status = PSA_ERROR_INVALID_SIGNATURE;
2359 }
2360
2361 mbedtls_platform_zeroize( check_tag, sizeof( check_tag ) );
2362
2363 return( status );
2364 }
2365
2366 #endif
2367
2368 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2369 #if defined(PSA_CRYPTO_DRIVER_TEST)
2370 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2371 return( mbedtls_test_transparent_aead_verify(
2372 &operation->ctx.transparent_test_driver_ctx,
2373 plaintext, plaintext_size,
2374 plaintext_length, tag, tag_length ) );
2375
2376 /* Add cases for opaque driver here */
2377
2378 #endif /* PSA_CRYPTO_DRIVER_TEST */
2379 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
2380 case PSA_CRYPTO_CC3XX_DRIVER_ID:
2381 return( cc3xx_aead_verify(
2382 &operation->ctx.cc3xx_driver_ctx,
2383 plaintext, plaintext_size,
2384 plaintext_length, tag, tag_length ) );
2385
2386 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
2387 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2388 }
2389
2390 (void)plaintext;
2391 (void)plaintext_size;
2392 (void)plaintext_length;
2393 (void)tag;
2394 (void)tag_length;
2395
2396 return( PSA_ERROR_INVALID_ARGUMENT );
2397 }
2398
psa_driver_wrapper_aead_abort(psa_aead_operation_t * operation)2399 psa_status_t psa_driver_wrapper_aead_abort(
2400 psa_aead_operation_t *operation )
2401 {
2402 switch( operation->id )
2403 {
2404 #if defined(MBEDTLS_PSA_BUILTIN_AEAD) && !defined(PSA_CRYPTO_DRIVER_CC3XX)
2405 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2406 return( mbedtls_psa_aead_abort( &operation->ctx.mbedtls_ctx ) );
2407
2408 #endif
2409
2410 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2411 #if defined(PSA_CRYPTO_DRIVER_TEST)
2412 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2413 return( mbedtls_test_transparent_aead_abort(
2414 &operation->ctx.transparent_test_driver_ctx ) );
2415
2416 /* Add cases for opaque driver here */
2417
2418 #endif /* PSA_CRYPTO_DRIVER_TEST */
2419 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
2420 case PSA_CRYPTO_CC3XX_DRIVER_ID:
2421 return( cc3xx_aead_abort(
2422 &operation->ctx.cc3xx_driver_ctx ) );
2423
2424 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
2425 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2426 }
2427
2428 return( PSA_ERROR_INVALID_ARGUMENT );
2429 }
2430
2431 /*
2432 * MAC functions
2433 */
psa_driver_wrapper_mac_compute(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * input,size_t input_length,uint8_t * mac,size_t mac_size,size_t * mac_length)2434 psa_status_t psa_driver_wrapper_mac_compute(
2435 const psa_key_attributes_t *attributes,
2436 const uint8_t *key_buffer,
2437 size_t key_buffer_size,
2438 psa_algorithm_t alg,
2439 const uint8_t *input,
2440 size_t input_length,
2441 uint8_t *mac,
2442 size_t mac_size,
2443 size_t *mac_length )
2444 {
2445 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2446 psa_key_location_t location =
2447 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
2448
2449 switch( location )
2450 {
2451 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2452 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
2453 case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
2454 #endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
2455 /* Key is stored in the slot in export representation, so
2456 * cycle through all known transparent accelerators */
2457 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2458 #if defined(PSA_CRYPTO_DRIVER_TEST)
2459 status = mbedtls_test_transparent_mac_compute(
2460 attributes, key_buffer, key_buffer_size, alg,
2461 input, input_length,
2462 mac, mac_size, mac_length );
2463 /* Declared with fallback == true */
2464 if( status != PSA_ERROR_NOT_SUPPORTED )
2465 return( status );
2466 #endif /* PSA_CRYPTO_DRIVER_TEST */
2467 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
2468 status = cc3xx_mac_compute(attributes, key_buffer, key_buffer_size, alg,
2469 input, input_length,
2470 mac, mac_size, mac_length);
2471 return( status );
2472 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
2473 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2474 #if defined(MBEDTLS_PSA_BUILTIN_MAC) && !defined(PSA_CRYPTO_DRIVER_CC3XX)
2475 /* Fell through, meaning no accelerator supports this operation */
2476 status = mbedtls_psa_mac_compute(
2477 attributes, key_buffer, key_buffer_size, alg,
2478 input, input_length,
2479 mac, mac_size, mac_length );
2480 if( status != PSA_ERROR_NOT_SUPPORTED )
2481 return( status );
2482 #endif
2483 return( PSA_ERROR_NOT_SUPPORTED );
2484
2485 /* Add cases for opaque driver here */
2486 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2487 #if defined(PSA_CRYPTO_DRIVER_TEST)
2488 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2489 status = mbedtls_test_opaque_mac_compute(
2490 attributes, key_buffer, key_buffer_size, alg,
2491 input, input_length,
2492 mac, mac_size, mac_length );
2493 return( status );
2494 #endif /* PSA_CRYPTO_DRIVER_TEST */
2495 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2496 default:
2497 /* Key is declared with a lifetime not known to us */
2498 (void) key_buffer;
2499 (void) key_buffer_size;
2500 (void) alg;
2501 (void) input;
2502 (void) input_length;
2503 (void) mac;
2504 (void) mac_size;
2505 (void) mac_length;
2506 (void) status;
2507 return( PSA_ERROR_INVALID_ARGUMENT );
2508 }
2509 }
2510
psa_driver_wrapper_mac_sign_setup(psa_mac_operation_t * operation,const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg)2511 psa_status_t psa_driver_wrapper_mac_sign_setup(
2512 psa_mac_operation_t *operation,
2513 const psa_key_attributes_t *attributes,
2514 const uint8_t *key_buffer,
2515 size_t key_buffer_size,
2516 psa_algorithm_t alg )
2517 {
2518 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2519 psa_key_location_t location =
2520 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
2521
2522 switch( location )
2523 {
2524 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2525 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
2526 case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
2527 #endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
2528 /* Key is stored in the slot in export representation, so
2529 * cycle through all known transparent accelerators */
2530 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2531 #if defined(PSA_CRYPTO_DRIVER_TEST)
2532 status = mbedtls_test_transparent_mac_sign_setup(
2533 &operation->ctx.transparent_test_driver_ctx,
2534 attributes,
2535 key_buffer, key_buffer_size,
2536 alg );
2537 /* Declared with fallback == true */
2538 if( status == PSA_SUCCESS )
2539 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
2540
2541 if( status != PSA_ERROR_NOT_SUPPORTED )
2542 return( status );
2543 #endif /* PSA_CRYPTO_DRIVER_TEST */
2544 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
2545 status = cc3xx_mac_sign_setup(
2546 &operation->ctx.cc3xx_driver_ctx,
2547 attributes,
2548 key_buffer, key_buffer_size,
2549 alg);
2550 operation->id = PSA_CRYPTO_CC3XX_DRIVER_ID;
2551 return status;
2552 #endif /* defined(PSA_CRYPTO_DRIVER_CC3XX) */
2553 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2554 #if defined(MBEDTLS_PSA_BUILTIN_MAC) && !defined(PSA_CRYPTO_DRIVER_CC3XX)
2555 /* Fell through, meaning no accelerator supports this operation */
2556 status = mbedtls_psa_mac_sign_setup( &operation->ctx.mbedtls_ctx,
2557 attributes,
2558 key_buffer, key_buffer_size,
2559 alg );
2560 if( status == PSA_SUCCESS )
2561 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
2562
2563 if( status != PSA_ERROR_NOT_SUPPORTED )
2564 return( status );
2565 #endif
2566 return( PSA_ERROR_NOT_SUPPORTED );
2567
2568 /* Add cases for opaque driver here */
2569 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2570 #if defined(PSA_CRYPTO_DRIVER_TEST)
2571 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2572 status = mbedtls_test_opaque_mac_sign_setup(
2573 &operation->ctx.opaque_test_driver_ctx,
2574 attributes,
2575 key_buffer, key_buffer_size,
2576 alg );
2577
2578 if( status == PSA_SUCCESS )
2579 operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID;
2580
2581 return( status );
2582 #endif /* PSA_CRYPTO_DRIVER_TEST */
2583 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2584 default:
2585 /* Key is declared with a lifetime not known to us */
2586 (void) status;
2587 (void) operation;
2588 (void) key_buffer;
2589 (void) key_buffer_size;
2590 (void) alg;
2591 return( PSA_ERROR_INVALID_ARGUMENT );
2592 }
2593 }
2594
psa_driver_wrapper_mac_verify_setup(psa_mac_operation_t * operation,const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg)2595 psa_status_t psa_driver_wrapper_mac_verify_setup(
2596 psa_mac_operation_t *operation,
2597 const psa_key_attributes_t *attributes,
2598 const uint8_t *key_buffer,
2599 size_t key_buffer_size,
2600 psa_algorithm_t alg )
2601 {
2602 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2603 psa_key_location_t location =
2604 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
2605
2606 switch( location )
2607 {
2608 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2609 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
2610 case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
2611 #endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
2612 /* Key is stored in the slot in export representation, so
2613 * cycle through all known transparent accelerators */
2614 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2615 #if defined(PSA_CRYPTO_DRIVER_TEST)
2616 status = mbedtls_test_transparent_mac_verify_setup(
2617 &operation->ctx.transparent_test_driver_ctx,
2618 attributes,
2619 key_buffer, key_buffer_size,
2620 alg );
2621 /* Declared with fallback == true */
2622 if( status == PSA_SUCCESS )
2623 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
2624
2625 if( status != PSA_ERROR_NOT_SUPPORTED )
2626 return( status );
2627 #endif /* PSA_CRYPTO_DRIVER_TEST */
2628 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
2629 status = cc3xx_mac_verify_setup(
2630 &operation->ctx.cc3xx_driver_ctx,
2631 attributes,
2632 key_buffer, key_buffer_size,
2633 alg);
2634 operation->id = PSA_CRYPTO_CC3XX_DRIVER_ID;
2635 return status;
2636 #endif /* defined(PSA_CRYPTO_DRIVER_CC3XX) */
2637 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2638 #if defined(MBEDTLS_PSA_BUILTIN_MAC) && !defined(PSA_CRYPTO_DRIVER_CC3XX)
2639 /* Fell through, meaning no accelerator supports this operation */
2640 status = mbedtls_psa_mac_verify_setup( &operation->ctx.mbedtls_ctx,
2641 attributes,
2642 key_buffer, key_buffer_size,
2643 alg );
2644 if( status == PSA_SUCCESS )
2645 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
2646
2647 if( status != PSA_ERROR_NOT_SUPPORTED )
2648 return( status );
2649 #endif
2650 return( PSA_ERROR_NOT_SUPPORTED );
2651
2652 /* Add cases for opaque driver here */
2653 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2654 #if defined(PSA_CRYPTO_DRIVER_TEST)
2655 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2656 status = mbedtls_test_opaque_mac_verify_setup(
2657 &operation->ctx.opaque_test_driver_ctx,
2658 attributes,
2659 key_buffer, key_buffer_size,
2660 alg );
2661
2662 if( status == PSA_SUCCESS )
2663 operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID;
2664
2665 return( status );
2666 #endif /* PSA_CRYPTO_DRIVER_TEST */
2667 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2668 default:
2669 /* Key is declared with a lifetime not known to us */
2670 (void) status;
2671 (void) operation;
2672 (void) key_buffer;
2673 (void) key_buffer_size;
2674 (void) alg;
2675 return( PSA_ERROR_INVALID_ARGUMENT );
2676 }
2677 }
2678
psa_driver_wrapper_mac_update(psa_mac_operation_t * operation,const uint8_t * input,size_t input_length)2679 psa_status_t psa_driver_wrapper_mac_update(
2680 psa_mac_operation_t *operation,
2681 const uint8_t *input,
2682 size_t input_length )
2683 {
2684 switch( operation->id )
2685 {
2686 #if defined(MBEDTLS_PSA_BUILTIN_MAC) && !defined(PSA_CRYPTO_DRIVER_CC3XX)
2687 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2688 return( mbedtls_psa_mac_update( &operation->ctx.mbedtls_ctx,
2689 input, input_length ) );
2690 #endif
2691
2692 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2693 #if defined(PSA_CRYPTO_DRIVER_TEST)
2694 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2695 return( mbedtls_test_transparent_mac_update(
2696 &operation->ctx.transparent_test_driver_ctx,
2697 input, input_length ) );
2698
2699 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
2700 return( mbedtls_test_opaque_mac_update(
2701 &operation->ctx.opaque_test_driver_ctx,
2702 input, input_length ) );
2703 #endif /* PSA_CRYPTO_DRIVER_TEST */
2704 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
2705 case PSA_CRYPTO_CC3XX_DRIVER_ID:
2706 return(cc3xx_mac_update(&operation->ctx.cc3xx_driver_ctx, input, input_length));
2707 #endif /* defined(PSA_CRYPTO_DRIVER_CC3XX) */
2708 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2709 default:
2710 (void) input;
2711 (void) input_length;
2712 return( PSA_ERROR_INVALID_ARGUMENT );
2713 }
2714 }
2715
psa_driver_wrapper_mac_sign_finish(psa_mac_operation_t * operation,uint8_t * mac,size_t mac_size,size_t * mac_length)2716 psa_status_t psa_driver_wrapper_mac_sign_finish(
2717 psa_mac_operation_t *operation,
2718 uint8_t *mac,
2719 size_t mac_size,
2720 size_t *mac_length )
2721 {
2722 switch( operation->id )
2723 {
2724 #if defined(MBEDTLS_PSA_BUILTIN_MAC) && !defined(PSA_CRYPTO_DRIVER_CC3XX)
2725 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2726 return( mbedtls_psa_mac_sign_finish( &operation->ctx.mbedtls_ctx,
2727 mac, mac_size, mac_length ) );
2728 #endif
2729
2730 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2731 #if defined(PSA_CRYPTO_DRIVER_TEST)
2732 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2733 return( mbedtls_test_transparent_mac_sign_finish(
2734 &operation->ctx.transparent_test_driver_ctx,
2735 mac, mac_size, mac_length ) );
2736
2737 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
2738 return( mbedtls_test_opaque_mac_sign_finish(
2739 &operation->ctx.opaque_test_driver_ctx,
2740 mac, mac_size, mac_length ) );
2741 #endif /* PSA_CRYPTO_DRIVER_TEST */
2742 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
2743 case PSA_CRYPTO_CC3XX_DRIVER_ID:
2744 return(cc3xx_mac_sign_finish(&operation->ctx.cc3xx_driver_ctx,
2745 mac, mac_size, mac_length));
2746 #endif /* defined(PSA_CRYPTO_DRIVER_CC3XX) */
2747 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2748 default:
2749 (void) mac;
2750 (void) mac_size;
2751 (void) mac_length;
2752 return( PSA_ERROR_INVALID_ARGUMENT );
2753 }
2754 }
2755
psa_driver_wrapper_mac_verify_finish(psa_mac_operation_t * operation,const uint8_t * mac,size_t mac_length)2756 psa_status_t psa_driver_wrapper_mac_verify_finish(
2757 psa_mac_operation_t *operation,
2758 const uint8_t *mac,
2759 size_t mac_length )
2760 {
2761 switch( operation->id )
2762 {
2763 #if defined(MBEDTLS_PSA_BUILTIN_MAC) && !defined(PSA_CRYPTO_DRIVER_CC3XX)
2764 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2765 return( mbedtls_psa_mac_verify_finish( &operation->ctx.mbedtls_ctx,
2766 mac, mac_length ) );
2767 #endif
2768
2769 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2770 #if defined(PSA_CRYPTO_DRIVER_TEST)
2771 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2772 return( mbedtls_test_transparent_mac_verify_finish(
2773 &operation->ctx.transparent_test_driver_ctx,
2774 mac, mac_length ) );
2775
2776 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
2777 return( mbedtls_test_opaque_mac_verify_finish(
2778 &operation->ctx.opaque_test_driver_ctx,
2779 mac, mac_length ) );
2780 #endif /* PSA_CRYPTO_DRIVER_TEST */
2781 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
2782 case PSA_CRYPTO_CC3XX_DRIVER_ID:
2783 return(cc3xx_mac_verify_finish(
2784 &operation->ctx.cc3xx_driver_ctx,
2785 mac, mac_length));
2786 #endif /* defined(PSA_CRYPTO_DRIVER_CC3XX) */
2787 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2788 default:
2789 (void) mac;
2790 (void) mac_length;
2791 return( PSA_ERROR_INVALID_ARGUMENT );
2792 }
2793 }
2794
psa_driver_wrapper_mac_abort(psa_mac_operation_t * operation)2795 psa_status_t psa_driver_wrapper_mac_abort(
2796 psa_mac_operation_t *operation )
2797 {
2798 switch( operation->id )
2799 {
2800 #if defined(MBEDTLS_PSA_BUILTIN_MAC) && !defined(PSA_CRYPTO_DRIVER_CC3XX)
2801 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2802 return( mbedtls_psa_mac_abort( &operation->ctx.mbedtls_ctx ) );
2803 #endif
2804
2805 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2806 #if defined(PSA_CRYPTO_DRIVER_TEST)
2807 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2808 return( mbedtls_test_transparent_mac_abort(
2809 &operation->ctx.transparent_test_driver_ctx ) );
2810 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
2811 return( mbedtls_test_opaque_mac_abort(
2812 &operation->ctx.opaque_test_driver_ctx ) );
2813 #endif /* PSA_CRYPTO_DRIVER_TEST */
2814 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
2815 case PSA_CRYPTO_CC3XX_DRIVER_ID:
2816 return(cc3xx_mac_abort(&operation->ctx.cc3xx_driver_ctx));
2817 #endif /* defined(PSA_CRYPTO_DRIVER_CC3XX) */
2818 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2819 default:
2820 return( PSA_ERROR_INVALID_ARGUMENT );
2821 }
2822 }
2823
2824 /*
2825 * Asymmetric cryptography
2826 */
psa_driver_wrapper_asymmetric_encrypt(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * input,size_t input_length,const uint8_t * salt,size_t salt_length,uint8_t * output,size_t output_size,size_t * output_length)2827 psa_status_t psa_driver_wrapper_asymmetric_encrypt(
2828 const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
2829 size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input,
2830 size_t input_length, const uint8_t *salt, size_t salt_length,
2831 uint8_t *output, size_t output_size, size_t *output_length )
2832 {
2833 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2834 psa_key_location_t location =
2835 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
2836
2837 switch( location )
2838 {
2839 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2840 /* Key is stored in the slot in export representation, so
2841 * cycle through all known transparent accelerators */
2842 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2843 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
2844 status = cc3xx_asymmetric_encrypt( attributes,
2845 key_buffer,
2846 key_buffer_size,
2847 alg,
2848 input,
2849 input_length,
2850 salt,
2851 salt_length,
2852 output,
2853 output_size,
2854 output_length );
2855 return( status );
2856 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
2857 #if defined(PSA_CRYPTO_DRIVER_TEST)
2858 status = mbedtls_test_transparent_asymmetric_encrypt( attributes,
2859 key_buffer, key_buffer_size, alg, input, input_length,
2860 salt, salt_length, output, output_size,
2861 output_length );
2862 /* Declared with fallback == true */
2863 if( status != PSA_ERROR_NOT_SUPPORTED )
2864 return( status );
2865 #endif /* PSA_CRYPTO_DRIVER_TEST */
2866 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2867 #if !defined(PSA_CRYPTO_DRIVER_CC3XX)
2868 return( mbedtls_psa_asymmetric_encrypt( attributes,
2869 key_buffer, key_buffer_size, alg, input, input_length,
2870 salt, salt_length, output, output_size, output_length )
2871 );
2872 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
2873 /* Add cases for opaque driver here */
2874 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2875 #if defined(PSA_CRYPTO_DRIVER_TEST)
2876 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2877 return( mbedtls_test_opaque_asymmetric_encrypt( attributes,
2878 key_buffer, key_buffer_size, alg, input, input_length,
2879 salt, salt_length, output, output_size, output_length )
2880 );
2881 #endif /* PSA_CRYPTO_DRIVER_TEST */
2882 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2883
2884 default:
2885 /* Key is declared with a lifetime not known to us */
2886 (void)status;
2887 (void)key_buffer;
2888 (void)key_buffer_size;
2889 (void)alg;
2890 (void)input;
2891 (void)input_length;
2892 (void)salt;
2893 (void)salt_length;
2894 (void)output;
2895 (void)output_size;
2896 (void)output_length;
2897 return( PSA_ERROR_INVALID_ARGUMENT );
2898 }
2899 }
2900
psa_driver_wrapper_asymmetric_decrypt(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * input,size_t input_length,const uint8_t * salt,size_t salt_length,uint8_t * output,size_t output_size,size_t * output_length)2901 psa_status_t psa_driver_wrapper_asymmetric_decrypt(
2902 const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
2903 size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input,
2904 size_t input_length, const uint8_t *salt, size_t salt_length,
2905 uint8_t *output, size_t output_size, size_t *output_length )
2906 {
2907 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2908 psa_key_location_t location =
2909 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
2910
2911 switch( location )
2912 {
2913 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2914 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
2915 case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
2916 #endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
2917 /* Key is stored in the slot in export representation, so
2918 * cycle through all known transparent accelerators */
2919 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2920 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
2921 status = cc3xx_asymmetric_decrypt( attributes,
2922 key_buffer,
2923 key_buffer_size,
2924 alg,
2925 input,
2926 input_length,
2927 salt,
2928 salt_length,
2929 output,
2930 output_size,
2931 output_length );
2932 return( status );
2933 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
2934 #if defined(PSA_CRYPTO_DRIVER_TEST)
2935 status = mbedtls_test_transparent_asymmetric_decrypt( attributes,
2936 key_buffer, key_buffer_size, alg, input, input_length,
2937 salt, salt_length, output, output_size,
2938 output_length );
2939 /* Declared with fallback == true */
2940 if( status != PSA_ERROR_NOT_SUPPORTED )
2941 return( status );
2942 #endif /* PSA_CRYPTO_DRIVER_TEST */
2943 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2944 #if !defined(PSA_CRYPTO_DRIVER_CC3XX)
2945 return( mbedtls_psa_asymmetric_decrypt( attributes,
2946 key_buffer, key_buffer_size, alg,input, input_length,
2947 salt, salt_length, output, output_size,
2948 output_length ) );
2949 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
2950 /* Add cases for opaque driver here */
2951 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2952 #if defined(PSA_CRYPTO_DRIVER_TEST)
2953 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2954 return( mbedtls_test_opaque_asymmetric_decrypt( attributes,
2955 key_buffer, key_buffer_size, alg, input, input_length,
2956 salt, salt_length, output, output_size,
2957 output_length ) );
2958 #endif /* PSA_CRYPTO_DRIVER_TEST */
2959 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2960
2961 default:
2962 /* Key is declared with a lifetime not known to us */
2963 (void)status;
2964 (void)key_buffer;
2965 (void)key_buffer_size;
2966 (void)alg;
2967 (void)input;
2968 (void)input_length;
2969 (void)salt;
2970 (void)salt_length;
2971 (void)output;
2972 (void)output_size;
2973 (void)output_length;
2974 return( PSA_ERROR_INVALID_ARGUMENT );
2975 }
2976 }
2977
psa_driver_wrapper_key_agreement(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * peer_key,size_t peer_key_length,uint8_t * shared_secret,size_t shared_secret_size,size_t * shared_secret_length)2978 psa_status_t psa_driver_wrapper_key_agreement(
2979 const psa_key_attributes_t *attributes,
2980 const uint8_t *key_buffer,
2981 size_t key_buffer_size,
2982 psa_algorithm_t alg,
2983 const uint8_t *peer_key,
2984 size_t peer_key_length,
2985 uint8_t *shared_secret,
2986 size_t shared_secret_size,
2987 size_t *shared_secret_length
2988 )
2989 {
2990 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2991 psa_key_location_t location =
2992 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
2993
2994 switch( location )
2995 {
2996 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2997 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
2998 case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
2999 #endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */
3000 /* Key is stored in the slot in export representation, so
3001 * cycle through all known transparent accelerators */
3002 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
3003 #if defined(PSA_CRYPTO_DRIVER_TEST)
3004 status =
3005 mbedtls_test_transparent_key_agreement( attributes,
3006 key_buffer, key_buffer_size, alg, peer_key,
3007 peer_key_length, shared_secret, shared_secret_size,
3008 shared_secret_length );
3009 if( status != PSA_ERROR_NOT_SUPPORTED )
3010 return( status );
3011 #endif /* PSA_CRYPTO_DRIVER_TEST */
3012 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
3013 status = cc3xx_key_agreement( attributes,
3014 key_buffer,
3015 key_buffer_size,
3016 peer_key,
3017 peer_key_length,
3018 shared_secret,
3019 shared_secret_size,
3020 shared_secret_length,
3021 alg );
3022 return( status );
3023 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
3024 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
3025
3026 /* Software Fallback */
3027 status = psa_key_agreement_raw_builtin( attributes,
3028 key_buffer,
3029 key_buffer_size,
3030 alg,
3031 peer_key,
3032 peer_key_length,
3033 shared_secret,
3034 shared_secret_size,
3035 shared_secret_length );
3036 return( status );
3037 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
3038 #if defined(PSA_CRYPTO_DRIVER_TEST)
3039 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
3040 return( mbedtls_test_opaque_key_agreement( attributes,
3041 key_buffer, key_buffer_size, alg, peer_key,
3042 peer_key_length, shared_secret, shared_secret_size,
3043 shared_secret_length ) );
3044 #endif /* PSA_CRYPTO_DRIVER_TEST */
3045 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
3046
3047 default:
3048 (void) attributes;
3049 (void) key_buffer;
3050 (void) key_buffer_size;
3051 (void) peer_key;
3052 (void) peer_key_length;
3053 (void) shared_secret;
3054 (void) shared_secret_size;
3055 (void) shared_secret_length;
3056 return( PSA_ERROR_NOT_SUPPORTED );
3057
3058 }
3059 }
3060
3061 #endif /* MBEDTLS_PSA_CRYPTO_C */
3062
