1 /*
2  *  Functions to delegate cryptographic operations to an available
3  *  and appropriate accelerator.
4  *  Warning: This file is now auto-generated.
5  */
6 /*  Copyright The Mbed TLS Contributors
7  *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
8  */
9 
10 
11 /* BEGIN-common headers */
12 #include "common.h"
13 #include "psa_crypto_aead.h"
14 #include "psa_crypto_cipher.h"
15 #include "psa_crypto_core.h"
16 #include "psa_crypto_driver_wrappers_no_static.h"
17 #include "psa_crypto_hash.h"
18 #include "psa_crypto_mac.h"
19 #include "psa_crypto_pake.h"
20 #include "psa_crypto_rsa.h"
21 
22 #include "mbedtls/platform.h"
23 #include "mbedtls/constant_time.h"
24 /* END-common headers */
25 
26 #if defined(MBEDTLS_PSA_CRYPTO_C) || defined(MCUBOOT_USE_PSA_CRYPTO)
27 
28 /* BEGIN-driver headers */
29 /* Headers for mbedtls_test opaque driver */
30 #if defined(PSA_CRYPTO_DRIVER_TEST)
31 #include "test/drivers/test_driver.h"
32 
33 #endif
34 /* Headers for mbedtls_test transparent driver */
35 #if defined(PSA_CRYPTO_DRIVER_TEST)
36 #include "test/drivers/test_driver.h"
37 
38 #endif
39 /* Headers for p256 transparent driver */
40 #if defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED)
41 #include "../3rdparty/p256-m/p256-m_driver_entrypoints.h"
42 
43 #endif
44 
45 /* Include TF-M builtin key driver */
46 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
47 #ifndef PSA_CRYPTO_DRIVER_PRESENT
48 #define PSA_CRYPTO_DRIVER_PRESENT
49 #endif
50 #ifndef PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT
51 #define PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT
52 #endif
53 #include "tfm_builtin_key_loader.h"
54 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
55 
56 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
57 #ifndef PSA_CRYPTO_DRIVER_PRESENT
58 #define PSA_CRYPTO_DRIVER_PRESENT
59 #endif
60 #ifndef PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT
61 #define PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT
62 #endif
63 #include "cc3xx.h"
64 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
65 
66 /* END-driver headers */
67 
68 /* Auto-generated values depending on which drivers are registered.
69  * ID 0 is reserved for unallocated operations.
70  * ID 1 is reserved for the Mbed TLS software driver. */
71 /* BEGIN-driver id definition */
72 enum {
73     PSA_CRYPTO_MBED_TLS_DRIVER_ID = 1,
74     MBEDTLS_TEST_OPAQUE_DRIVER_ID,
75     MBEDTLS_TEST_TRANSPARENT_DRIVER_ID,
76     P256_TRANSPARENT_DRIVER_ID,
77 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
78     PSA_CRYPTO_TFM_BUILTIN_KEY_LOADER_DRIVER_ID,
79 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
80 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
81     PSA_CRYPTO_CC3XX_DRIVER_ID,
82 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
83 };
84 
85 /* END-driver id */
86 
87 /* BEGIN-Common Macro definitions */
88 
89 /* END-Common Macro definitions */
90 
91 /* Support the 'old' SE interface when asked to */
92 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
93 /* PSA_CRYPTO_DRIVER_PRESENT is defined when either a new-style or old-style
94  * SE driver is present, to avoid unused argument errors at compile time. */
95 #ifndef PSA_CRYPTO_DRIVER_PRESENT
96 #define PSA_CRYPTO_DRIVER_PRESENT
97 #endif
98 #include "psa_crypto_se.h"
99 #endif
100 
psa_driver_wrapper_init(void)101 static inline psa_status_t psa_driver_wrapper_init( void )
102 {
103     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
104 
105 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
106     status = tfm_builtin_key_loader_init();
107     if (status != PSA_SUCCESS)
108         return ( status );
109 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
110 
111 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
112     status = psa_init_all_se_drivers( );
113     if( status != PSA_SUCCESS )
114         return( status );
115 #endif
116 
117 #if defined(PSA_CRYPTO_DRIVER_TEST)
118     status = mbedtls_test_transparent_init( );
119     if( status != PSA_SUCCESS )
120         return( status );
121 
122     status = mbedtls_test_opaque_init( );
123     if( status != PSA_SUCCESS )
124         return( status );
125 #endif
126 
127 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
128     status = cc3xx_init();
129     if (status != PSA_SUCCESS)
130         return ( status );
131 #endif
132 
133     (void) status;
134     return( PSA_SUCCESS );
135 }
136 
psa_driver_wrapper_free(void)137 static inline void psa_driver_wrapper_free( void )
138 {
139 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
140     /* Unregister all secure element drivers, so that we restart from
141      * a pristine state. */
142     psa_unregister_all_se_drivers( );
143 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
144 
145 #if defined(PSA_CRYPTO_DRIVER_TEST)
146     mbedtls_test_transparent_free( );
147     mbedtls_test_opaque_free( );
148 #endif
149 
150 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
151     (void)cc3xx_free();
152 #endif
153 }
154 
155 /* Start delegation functions */
psa_driver_wrapper_sign_message(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * input,size_t input_length,uint8_t * signature,size_t signature_size,size_t * signature_length)156 static inline psa_status_t psa_driver_wrapper_sign_message(
157     const psa_key_attributes_t *attributes,
158     const uint8_t *key_buffer,
159     size_t key_buffer_size,
160     psa_algorithm_t alg,
161     const uint8_t *input,
162     size_t input_length,
163     uint8_t *signature,
164     size_t signature_size,
165     size_t *signature_length )
166 {
167     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
168     psa_key_location_t location =
169         PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
170 
171     switch( location )
172     {
173         case PSA_KEY_LOCATION_LOCAL_STORAGE:
174 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
175         case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
176 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
177             /* Key is stored in the slot in export representation, so
178              * cycle through all known transparent accelerators */
179 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
180 #if defined(PSA_CRYPTO_DRIVER_TEST)
181             status = mbedtls_test_transparent_signature_sign_message(
182                         attributes,
183                         key_buffer,
184                         key_buffer_size,
185                         alg,
186                         input,
187                         input_length,
188                         signature,
189                         signature_size,
190                         signature_length );
191             /* Declared with fallback == true */
192             if( status != PSA_ERROR_NOT_SUPPORTED )
193                 return( status );
194 #endif /* PSA_CRYPTO_DRIVER_TEST */
195 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
196             status = cc3xx_sign_message(
197                         attributes,
198                         key_buffer,
199                         key_buffer_size,
200                         alg,
201                         input,
202                         input_length,
203                         signature,
204                         signature_size,
205                         signature_length );
206             return( status );
207 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
208 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
209             return( psa_sign_message_builtin( attributes,
210                                               key_buffer,
211                                               key_buffer_size,
212                                               alg,
213                                               input,
214                                               input_length,
215                                               signature,
216                                               signature_size,
217                                               signature_length ) );
218             break;
219 
220         /* Add cases for opaque driver here */
221 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
222 #if defined(PSA_CRYPTO_DRIVER_TEST)
223         case PSA_CRYPTO_TEST_DRIVER_LOCATION:
224             status = mbedtls_test_opaque_signature_sign_message(
225                         attributes,
226                         key_buffer,
227                         key_buffer_size,
228                         alg,
229                         input,
230                         input_length,
231                         signature,
232                         signature_size,
233                         signature_length );
234             if( status != PSA_ERROR_NOT_SUPPORTED )
235                 return( status );
236             break;
237 #endif /* PSA_CRYPTO_DRIVER_TEST */
238 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
239         default:
240             /* Key is declared with a lifetime not known to us */
241             (void)status;
242             return( PSA_ERROR_INVALID_ARGUMENT );
243     }
244 }
245 
psa_driver_wrapper_verify_message(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * input,size_t input_length,const uint8_t * signature,size_t signature_length)246 static inline psa_status_t psa_driver_wrapper_verify_message(
247     const psa_key_attributes_t *attributes,
248     const uint8_t *key_buffer,
249     size_t key_buffer_size,
250     psa_algorithm_t alg,
251     const uint8_t *input,
252     size_t input_length,
253     const uint8_t *signature,
254     size_t signature_length )
255 {
256     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
257     psa_key_location_t location =
258         PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
259 
260     switch( location )
261     {
262         case PSA_KEY_LOCATION_LOCAL_STORAGE:
263 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
264         case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
265 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
266             /* Key is stored in the slot in export representation, so
267              * cycle through all known transparent accelerators */
268 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
269 #if defined(PSA_CRYPTO_DRIVER_TEST)
270             status = mbedtls_test_transparent_signature_verify_message(
271                         attributes,
272                         key_buffer,
273                         key_buffer_size,
274                         alg,
275                         input,
276                         input_length,
277                         signature,
278                         signature_length );
279             /* Declared with fallback == true */
280             if( status != PSA_ERROR_NOT_SUPPORTED )
281                 return( status );
282 #endif /* PSA_CRYPTO_DRIVER_TEST */
283 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
284             status = cc3xx_verify_message(
285                         attributes,
286                         key_buffer,
287                         key_buffer_size,
288                         alg,
289                         input,
290                         input_length,
291                         signature,
292                         signature_length );
293             return( status );
294 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
295 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
296             return( psa_verify_message_builtin( attributes,
297                                                 key_buffer,
298                                                 key_buffer_size,
299                                                 alg,
300                                                 input,
301                                                 input_length,
302                                                 signature,
303                                                 signature_length ) );
304 
305         /* Add cases for opaque driver here */
306 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
307 #if defined(PSA_CRYPTO_DRIVER_TEST)
308         case PSA_CRYPTO_TEST_DRIVER_LOCATION:
309             return( mbedtls_test_opaque_signature_verify_message(
310                         attributes,
311                         key_buffer,
312                         key_buffer_size,
313                         alg,
314                         input,
315                         input_length,
316                         signature,
317                         signature_length ) );
318             if( status != PSA_ERROR_NOT_SUPPORTED )
319                 return( status );
320             break;
321 #endif /* PSA_CRYPTO_DRIVER_TEST */
322 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
323         default:
324             /* Key is declared with a lifetime not known to us */
325             (void)status;
326             return( PSA_ERROR_INVALID_ARGUMENT );
327     }
328 }
329 
psa_driver_wrapper_sign_hash(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * hash,size_t hash_length,uint8_t * signature,size_t signature_size,size_t * signature_length)330 static inline psa_status_t psa_driver_wrapper_sign_hash(
331     const psa_key_attributes_t *attributes,
332     const uint8_t *key_buffer, size_t key_buffer_size,
333     psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
334     uint8_t *signature, size_t signature_size, size_t *signature_length )
335 {
336     /* Try dynamically-registered SE interface first */
337 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
338     const psa_drv_se_t *drv;
339     psa_drv_se_context_t *drv_context;
340 
341     if( psa_get_se_driver( psa_get_key_lifetime(attributes), &drv, &drv_context ) )
342     {
343         if( drv->asymmetric == NULL ||
344             drv->asymmetric->p_sign == NULL )
345         {
346             /* Key is defined in SE, but we have no way to exercise it */
347             return( PSA_ERROR_NOT_SUPPORTED );
348         }
349         return( drv->asymmetric->p_sign(
350                     drv_context, *( (psa_key_slot_number_t *)key_buffer ),
351                     alg, hash, hash_length,
352                     signature, signature_size, signature_length ) );
353     }
354 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
355 
356     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
357     psa_key_location_t location =
358         PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
359 
360     switch( location )
361     {
362         case PSA_KEY_LOCATION_LOCAL_STORAGE:
363 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
364         case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
365 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
366             /* Key is stored in the slot in export representation, so
367              * cycle through all known transparent accelerators */
368 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
369 #if defined(PSA_CRYPTO_DRIVER_TEST)
370             status = mbedtls_test_transparent_signature_sign_hash( attributes,
371                                                            key_buffer,
372                                                            key_buffer_size,
373                                                            alg,
374                                                            hash,
375                                                            hash_length,
376                                                            signature,
377                                                            signature_size,
378                                                            signature_length );
379             /* Declared with fallback == true */
380             if( status != PSA_ERROR_NOT_SUPPORTED )
381                 return( status );
382 #endif /* PSA_CRYPTO_DRIVER_TEST */
383 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
384             status = cc3xx_sign_hash( attributes,
385                                       key_buffer,
386                                       key_buffer_size,
387                                       alg,
388                                       hash,
389                                       hash_length,
390                                       signature,
391                                       signature_size,
392                                       signature_length );
393             return( status );
394 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
395 #if defined (MBEDTLS_PSA_P256M_DRIVER_ENABLED)
396             if( PSA_KEY_TYPE_IS_ECC( psa_get_key_type(attributes) ) &&
397                 PSA_ALG_IS_ECDSA(alg) &&
398                 !PSA_ALG_ECDSA_IS_DETERMINISTIC( alg ) &&
399                 PSA_KEY_TYPE_ECC_GET_FAMILY(psa_get_key_type(attributes)) == PSA_ECC_FAMILY_SECP_R1 &&
400                 psa_get_key_bits(attributes) == 256 )
401             {
402                 status = p256_transparent_sign_hash( attributes,
403                                                      key_buffer,
404                                                      key_buffer_size,
405                                                      alg,
406                                                      hash,
407                                                      hash_length,
408                                                      signature,
409                                                      signature_size,
410                                                      signature_length );
411                 if( status != PSA_ERROR_NOT_SUPPORTED )
412                 return( status );
413             }
414 #endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */
415 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
416             /* Fell through, meaning no accelerator supports this operation */
417             return( psa_sign_hash_builtin( attributes,
418                                            key_buffer,
419                                            key_buffer_size,
420                                            alg,
421                                            hash,
422                                            hash_length,
423                                            signature,
424                                            signature_size,
425                                            signature_length ) );
426 
427         /* Add cases for opaque driver here */
428 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
429 #if defined(PSA_CRYPTO_DRIVER_TEST)
430         case PSA_CRYPTO_TEST_DRIVER_LOCATION:
431             return( mbedtls_test_opaque_signature_sign_hash( attributes,
432                                                              key_buffer,
433                                                              key_buffer_size,
434                                                              alg,
435                                                              hash,
436                                                              hash_length,
437                                                              signature,
438                                                              signature_size,
439                                                              signature_length ) );
440 #endif /* PSA_CRYPTO_DRIVER_TEST */
441 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
442         default:
443             /* Key is declared with a lifetime not known to us */
444             (void)status;
445             return( PSA_ERROR_INVALID_ARGUMENT );
446     }
447 }
448 
psa_driver_wrapper_verify_hash(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * hash,size_t hash_length,const uint8_t * signature,size_t signature_length)449 static inline psa_status_t psa_driver_wrapper_verify_hash(
450     const psa_key_attributes_t *attributes,
451     const uint8_t *key_buffer, size_t key_buffer_size,
452     psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
453     const uint8_t *signature, size_t signature_length )
454 {
455     /* Try dynamically-registered SE interface first */
456 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
457     const psa_drv_se_t *drv;
458     psa_drv_se_context_t *drv_context;
459 
460     if( psa_get_se_driver( psa_get_key_lifetime(attributes), &drv, &drv_context ) )
461     {
462         if( drv->asymmetric == NULL ||
463             drv->asymmetric->p_verify == NULL )
464         {
465             /* Key is defined in SE, but we have no way to exercise it */
466             return( PSA_ERROR_NOT_SUPPORTED );
467         }
468         return( drv->asymmetric->p_verify(
469                     drv_context, *( (psa_key_slot_number_t *)key_buffer ),
470                     alg, hash, hash_length,
471                     signature, signature_length ) );
472     }
473 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
474 
475     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
476     psa_key_location_t location =
477         PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
478 
479     switch( location )
480     {
481         case PSA_KEY_LOCATION_LOCAL_STORAGE:
482 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
483         case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
484 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
485             /* Key is stored in the slot in export representation, so
486              * cycle through all known transparent accelerators */
487 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
488 #if defined(PSA_CRYPTO_DRIVER_TEST)
489             status = mbedtls_test_transparent_signature_verify_hash(
490                          attributes,
491                          key_buffer,
492                          key_buffer_size,
493                          alg,
494                          hash,
495                          hash_length,
496                          signature,
497                          signature_length );
498             /* Declared with fallback == true */
499             if( status != PSA_ERROR_NOT_SUPPORTED )
500                 return( status );
501 #endif /* PSA_CRYPTO_DRIVER_TEST */
502 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
503             status = cc3xx_verify_hash( attributes,
504                                         key_buffer,
505                                         key_buffer_size,
506                                         alg,
507                                         hash,
508                                         hash_length,
509                                         signature,
510                                         signature_length );
511             return( status );
512 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
513 #if defined (MBEDTLS_PSA_P256M_DRIVER_ENABLED)
514             if( PSA_KEY_TYPE_IS_ECC( psa_get_key_type(attributes) ) &&
515                 PSA_ALG_IS_ECDSA(alg) &&
516                 !PSA_ALG_ECDSA_IS_DETERMINISTIC( alg ) &&
517                 PSA_KEY_TYPE_ECC_GET_FAMILY(psa_get_key_type(attributes)) == PSA_ECC_FAMILY_SECP_R1 &&
518                 psa_get_key_bits(attributes) == 256 )
519             {
520                 status = p256_transparent_verify_hash( attributes,
521                                                        key_buffer,
522                                                        key_buffer_size,
523                                                        alg,
524                                                        hash,
525                                                        hash_length,
526                                                        signature,
527                                                        signature_length );
528                 if( status != PSA_ERROR_NOT_SUPPORTED )
529                 return( status );
530             }
531 #endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */
532 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
533 
534             return( psa_verify_hash_builtin( attributes,
535                                              key_buffer,
536                                              key_buffer_size,
537                                              alg,
538                                              hash,
539                                              hash_length,
540                                              signature,
541                                              signature_length ) );
542 
543         /* Add cases for opaque driver here */
544 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
545 #if defined(PSA_CRYPTO_DRIVER_TEST)
546         case PSA_CRYPTO_TEST_DRIVER_LOCATION:
547             return( mbedtls_test_opaque_signature_verify_hash( attributes,
548                                                                key_buffer,
549                                                                key_buffer_size,
550                                                                alg,
551                                                                hash,
552                                                                hash_length,
553                                                                signature,
554                                                                signature_length ) );
555 #endif /* PSA_CRYPTO_DRIVER_TEST */
556 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
557         default:
558             /* Key is declared with a lifetime not known to us */
559             (void)status;
560             return( PSA_ERROR_INVALID_ARGUMENT );
561     }
562 }
563 
psa_driver_wrapper_sign_hash_get_num_ops(psa_sign_hash_interruptible_operation_t * operation)564 static inline uint32_t psa_driver_wrapper_sign_hash_get_num_ops(
565     psa_sign_hash_interruptible_operation_t *operation )
566 {
567     switch( operation->id )
568     {
569         /* If uninitialised, return 0, as no work can have been done. */
570         case 0:
571             return 0;
572 
573         case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
574             return(mbedtls_psa_sign_hash_get_num_ops(&operation->ctx.mbedtls_ctx));
575 
576 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
577 #if defined(PSA_CRYPTO_DRIVER_TEST)
578             /* Add test driver tests here */
579 
580 #endif /* PSA_CRYPTO_DRIVER_TEST */
581 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
582     }
583 
584     /* Can't happen (see discussion in #8271) */
585     return 0;
586 }
587 
psa_driver_wrapper_verify_hash_get_num_ops(psa_verify_hash_interruptible_operation_t * operation)588 static inline uint32_t psa_driver_wrapper_verify_hash_get_num_ops(
589     psa_verify_hash_interruptible_operation_t *operation )
590 {
591     switch( operation->id )
592     {
593         /* If uninitialised, return 0, as no work can have been done. */
594         case 0:
595             return 0;
596 
597         case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
598             return (mbedtls_psa_verify_hash_get_num_ops(&operation->ctx.mbedtls_ctx));
599 
600 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
601 #if defined(PSA_CRYPTO_DRIVER_TEST)
602             /* Add test driver tests here */
603 
604 #endif /* PSA_CRYPTO_DRIVER_TEST */
605 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
606 
607     }
608 
609     /* Can't happen (see discussion in #8271) */
610     return 0;
611 }
612 
psa_driver_wrapper_sign_hash_start(psa_sign_hash_interruptible_operation_t * operation,const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * hash,size_t hash_length)613 static inline psa_status_t psa_driver_wrapper_sign_hash_start(
614     psa_sign_hash_interruptible_operation_t *operation,
615     const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
616     size_t key_buffer_size, psa_algorithm_t alg,
617     const uint8_t *hash, size_t hash_length )
618 {
619     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
620     psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
621                                                     psa_get_key_lifetime(attributes) );
622 
623     switch( location )
624     {
625         case PSA_KEY_LOCATION_LOCAL_STORAGE:
626 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
627         case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
628 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
629             /* Key is stored in the slot in export representation, so
630              * cycle through all known transparent accelerators */
631 
632 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
633 #if defined(PSA_CRYPTO_DRIVER_TEST)
634 
635             /* Add test driver tests here */
636 
637             /* Declared with fallback == true */
638 
639 #endif /* PSA_CRYPTO_DRIVER_TEST */
640 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
641 
642             /* Fell through, meaning no accelerator supports this operation */
643             operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
644             status = mbedtls_psa_sign_hash_start( &operation->ctx.mbedtls_ctx,
645                                                   attributes,
646                                                   key_buffer, key_buffer_size,
647                                                   alg, hash, hash_length );
648             break;
649 
650             /* Add cases for opaque driver here */
651 
652         default:
653             /* Key is declared with a lifetime not known to us */
654             status = PSA_ERROR_INVALID_ARGUMENT;
655             break;
656     }
657 
658     return( status );
659 }
660 
psa_driver_wrapper_sign_hash_complete(psa_sign_hash_interruptible_operation_t * operation,uint8_t * signature,size_t signature_size,size_t * signature_length)661 static inline psa_status_t psa_driver_wrapper_sign_hash_complete(
662     psa_sign_hash_interruptible_operation_t *operation,
663     uint8_t *signature, size_t signature_size,
664     size_t *signature_length )
665 {
666     switch( operation->id )
667     {
668         case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
669             return( mbedtls_psa_sign_hash_complete( &operation->ctx.mbedtls_ctx,
670                                                     signature, signature_size,
671                                                     signature_length ) );
672 
673 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
674 #if defined(PSA_CRYPTO_DRIVER_TEST)
675             /* Add test driver tests here */
676 
677 #endif /* PSA_CRYPTO_DRIVER_TEST */
678 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
679     }
680 
681     ( void ) signature;
682     ( void ) signature_size;
683     ( void ) signature_length;
684 
685     return( PSA_ERROR_INVALID_ARGUMENT );
686 }
687 
psa_driver_wrapper_sign_hash_abort(psa_sign_hash_interruptible_operation_t * operation)688 static inline psa_status_t psa_driver_wrapper_sign_hash_abort(
689     psa_sign_hash_interruptible_operation_t *operation )
690 {
691     switch( operation->id )
692     {
693         case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
694             return( mbedtls_psa_sign_hash_abort( &operation->ctx.mbedtls_ctx ) );
695 
696 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
697 #if defined(PSA_CRYPTO_DRIVER_TEST)
698             /* Add test driver tests here */
699 
700 #endif /* PSA_CRYPTO_DRIVER_TEST */
701 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
702     }
703 
704     return( PSA_ERROR_INVALID_ARGUMENT );
705 }
706 
psa_driver_wrapper_verify_hash_start(psa_verify_hash_interruptible_operation_t * operation,const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * hash,size_t hash_length,const uint8_t * signature,size_t signature_length)707 static inline psa_status_t psa_driver_wrapper_verify_hash_start(
708     psa_verify_hash_interruptible_operation_t *operation,
709     const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
710     size_t key_buffer_size, psa_algorithm_t alg,
711     const uint8_t *hash, size_t hash_length,
712     const uint8_t *signature, size_t signature_length )
713 {
714     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
715     psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
716                                                     psa_get_key_lifetime(attributes) );
717 
718     switch( location )
719     {
720         case PSA_KEY_LOCATION_LOCAL_STORAGE:
721 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
722         case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
723 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
724             /* Key is stored in the slot in export representation, so
725              * cycle through all known transparent accelerators */
726 
727 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
728 #if defined(PSA_CRYPTO_DRIVER_TEST)
729 
730             /* Add test driver tests here */
731 
732             /* Declared with fallback == true */
733 
734 #endif /* PSA_CRYPTO_DRIVER_TEST */
735 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
736 
737             /* Fell through, meaning no accelerator supports this operation */
738             operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
739             status = mbedtls_psa_verify_hash_start( &operation->ctx.mbedtls_ctx,
740                                                     attributes,
741                                                     key_buffer, key_buffer_size,
742                                                     alg, hash, hash_length,
743                                                     signature, signature_length );
744             break;
745 
746             /* Add cases for opaque driver here */
747 
748         default:
749             /* Key is declared with a lifetime not known to us */
750             status = PSA_ERROR_INVALID_ARGUMENT;
751             break;
752     }
753 
754     return( status );
755 }
756 
psa_driver_wrapper_verify_hash_complete(psa_verify_hash_interruptible_operation_t * operation)757 static inline psa_status_t psa_driver_wrapper_verify_hash_complete(
758     psa_verify_hash_interruptible_operation_t *operation )
759 {
760     switch( operation->id )
761     {
762         case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
763             return( mbedtls_psa_verify_hash_complete(
764                                                      &operation->ctx.mbedtls_ctx
765                                                      ) );
766 
767 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
768 #if defined(PSA_CRYPTO_DRIVER_TEST)
769             /* Add test driver tests here */
770 
771 #endif /* PSA_CRYPTO_DRIVER_TEST */
772 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
773     }
774 
775     return( PSA_ERROR_INVALID_ARGUMENT );
776 }
777 
psa_driver_wrapper_verify_hash_abort(psa_verify_hash_interruptible_operation_t * operation)778 static inline psa_status_t psa_driver_wrapper_verify_hash_abort(
779     psa_verify_hash_interruptible_operation_t *operation )
780 {
781     switch( operation->id )
782     {
783         case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
784             return( mbedtls_psa_verify_hash_abort( &operation->ctx.mbedtls_ctx
785                                                  ) );
786 
787 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
788 #if defined(PSA_CRYPTO_DRIVER_TEST)
789             /* Add test driver tests here */
790 
791 #endif /* PSA_CRYPTO_DRIVER_TEST */
792 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
793     }
794 
795     return( PSA_ERROR_INVALID_ARGUMENT );
796 }
797 
798 /** Calculate the key buffer size required to store the key material of a key
799  *  associated with an opaque driver from input key data.
800  *
801  * \param[in] attributes        The key attributes
802  * \param[in] data              The input key data.
803  * \param[in] data_length       The input data length.
804  * \param[out] key_buffer_size  Minimum buffer size to contain the key material.
805  *
806  * \retval #PSA_SUCCESS \emptydescription
807  * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
808  * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
809  */
psa_driver_wrapper_get_key_buffer_size_from_key_data(const psa_key_attributes_t * attributes,const uint8_t * data,size_t data_length,size_t * key_buffer_size)810 static inline psa_status_t psa_driver_wrapper_get_key_buffer_size_from_key_data(
811     const psa_key_attributes_t *attributes,
812     const uint8_t *data,
813     size_t data_length,
814     size_t *key_buffer_size )
815 {
816     psa_key_location_t location =
817         PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
818     psa_key_type_t key_type = psa_get_key_type(attributes);
819 
820     *key_buffer_size = 0;
821     switch( location )
822     {
823 #if defined(PSA_CRYPTO_DRIVER_TEST)
824         case PSA_CRYPTO_TEST_DRIVER_LOCATION:
825             *key_buffer_size = mbedtls_test_opaque_size_function( key_type,
826                                      PSA_BYTES_TO_BITS( data_length ) );
827             return( ( *key_buffer_size != 0 ) ?
828                     PSA_SUCCESS : PSA_ERROR_NOT_SUPPORTED );
829 #endif /* PSA_CRYPTO_DRIVER_TEST */
830 
831         default:
832             (void)key_type;
833             (void)data;
834             (void)data_length;
835             return( PSA_ERROR_INVALID_ARGUMENT );
836     }
837 }
838 
psa_driver_wrapper_generate_key(const psa_key_attributes_t * attributes,const psa_custom_key_parameters_t * custom,const uint8_t * custom_data,size_t custom_data_length,uint8_t * key_buffer,size_t key_buffer_size,size_t * key_buffer_length)839 static inline psa_status_t psa_driver_wrapper_generate_key(
840     const psa_key_attributes_t *attributes,
841     const psa_custom_key_parameters_t *custom,
842     const uint8_t *custom_data, size_t custom_data_length,
843     uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
844 {
845     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
846     psa_key_location_t location =
847         PSA_KEY_LIFETIME_GET_LOCATION(psa_get_key_lifetime(attributes));
848 
849 #if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE)
850     int is_default_production =
851         psa_custom_key_parameters_are_default(custom, custom_data_length);
852     if( location != PSA_KEY_LOCATION_LOCAL_STORAGE && !is_default_production )
853     {
854         /* We don't support passing custom production parameters
855          * to drivers yet. */
856         return PSA_ERROR_NOT_SUPPORTED;
857     }
858 #else
859     int is_default_production = 1;
860     (void) is_default_production;
861 #endif
862 
863     /* Try dynamically-registered SE interface first */
864 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
865     const psa_drv_se_t *drv;
866     psa_drv_se_context_t *drv_context;
867 
868     if( psa_get_se_driver( psa_get_key_lifetime(attributes), &drv, &drv_context ) )
869     {
870         size_t pubkey_length = 0; /* We don't support this feature yet */
871         if( drv->key_management == NULL ||
872             drv->key_management->p_generate == NULL )
873         {
874             /* Key is defined as being in SE, but we have no way to generate it */
875             return( PSA_ERROR_NOT_SUPPORTED );
876         }
877         return( drv->key_management->p_generate(
878             drv_context,
879             *( (psa_key_slot_number_t *)key_buffer ),
880             attributes, NULL, 0, &pubkey_length ) );
881     }
882 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
883 
884     switch( location )
885     {
886         case PSA_KEY_LOCATION_LOCAL_STORAGE:
887 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
888         case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
889 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
890 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
891             /* Transparent drivers are limited to generating asymmetric keys. */
892             /* We don't support passing custom production parameters
893              * to drivers yet. */
894             if( PSA_KEY_TYPE_IS_ASYMMETRIC( psa_get_key_type(attributes) ) &&
895                 is_default_production )
896             {
897             /* Cycle through all known transparent accelerators */
898 #if defined(PSA_CRYPTO_DRIVER_TEST)
899                 status = mbedtls_test_transparent_generate_key(
900                     attributes, key_buffer, key_buffer_size,
901                     key_buffer_length );
902                 /* Declared with fallback == true */
903                 if( status != PSA_ERROR_NOT_SUPPORTED )
904                     break;
905 #endif /* PSA_CRYPTO_DRIVER_TEST */
906 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
907                 status = cc3xx_generate_key(
908                     attributes, key_buffer, key_buffer_size,
909                     key_buffer_length );
910                 break;
911 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
912 #if defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED)
913                 if( PSA_KEY_TYPE_IS_ECC( psa_get_key_type(attributes) ) &&
914                     psa_get_key_type(attributes) == PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1) &&
915                     psa_get_key_bits(attributes) == 256 )
916                 {
917                     status = p256_transparent_generate_key( attributes,
918                                                             key_buffer,
919                                                             key_buffer_size,
920                                                             key_buffer_length );
921                     if( status != PSA_ERROR_NOT_SUPPORTED )
922                         break;
923                 }
924 
925 #endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */
926             }
927 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
928 
929             /* Software fallback */
930             status = psa_generate_key_internal(
931                 attributes, custom, custom_data, custom_data_length,
932                 key_buffer, key_buffer_size, key_buffer_length );
933             break;
934 
935         /* Add cases for opaque driver here */
936 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
937 #if defined(PSA_CRYPTO_DRIVER_TEST)
938         case PSA_CRYPTO_TEST_DRIVER_LOCATION:
939             status = mbedtls_test_opaque_generate_key(
940                 attributes, key_buffer, key_buffer_size, key_buffer_length );
941             break;
942 #endif /* PSA_CRYPTO_DRIVER_TEST */
943 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
944 
945         default:
946             /* Key is declared with a lifetime not known to us */
947             status = PSA_ERROR_INVALID_ARGUMENT;
948             break;
949     }
950 
951     return( status );
952 }
953 
psa_driver_wrapper_import_key(const psa_key_attributes_t * attributes,const uint8_t * data,size_t data_length,uint8_t * key_buffer,size_t key_buffer_size,size_t * key_buffer_length,size_t * bits)954 static inline psa_status_t psa_driver_wrapper_import_key(
955     const psa_key_attributes_t *attributes,
956     const uint8_t *data,
957     size_t data_length,
958     uint8_t *key_buffer,
959     size_t key_buffer_size,
960     size_t *key_buffer_length,
961     size_t *bits )
962 {
963 
964     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
965     psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
966                                       psa_get_key_lifetime( attributes ) );
967 
968     /* Try dynamically-registered SE interface first */
969 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
970     const psa_drv_se_t *drv;
971     psa_drv_se_context_t *drv_context;
972 
973     if( psa_get_se_driver( psa_get_key_lifetime(attributes), &drv, &drv_context ) )
974     {
975         if( drv->key_management == NULL ||
976             drv->key_management->p_import == NULL )
977             return( PSA_ERROR_NOT_SUPPORTED );
978 
979         /* The driver should set the number of key bits, however in
980          * case it doesn't, we initialize bits to an invalid value. */
981         *bits = PSA_MAX_KEY_BITS + 1;
982         status = drv->key_management->p_import(
983             drv_context,
984             *( (psa_key_slot_number_t *)key_buffer ),
985             attributes, data, data_length, bits );
986 
987         if( status != PSA_SUCCESS )
988             return( status );
989 
990         if( (*bits) > PSA_MAX_KEY_BITS )
991             return( PSA_ERROR_NOT_SUPPORTED );
992 
993         return( PSA_SUCCESS );
994     }
995 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
996 
997     switch( location )
998     {
999         case PSA_KEY_LOCATION_LOCAL_STORAGE:
1000 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
1001         case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
1002 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
1003             /* Key is stored in the slot in export representation, so
1004              * cycle through all known transparent accelerators */
1005 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1006 
1007 #if (defined(PSA_CRYPTO_DRIVER_TEST) )
1008             status = mbedtls_test_transparent_import_key
1009                 (attributes,
1010                                 data,
1011                                 data_length,
1012                                 key_buffer,
1013                                 key_buffer_size,
1014                                 key_buffer_length,
1015                                 bits
1016             );
1017 
1018             if( status != PSA_ERROR_NOT_SUPPORTED )
1019                 return( status );
1020 #endif
1021 
1022 #if (defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED) )
1023             status = p256_transparent_import_key
1024                 (attributes,
1025                                 data,
1026                                 data_length,
1027                                 key_buffer,
1028                                 key_buffer_size,
1029                                 key_buffer_length,
1030                                 bits
1031             );
1032 
1033             if( status != PSA_ERROR_NOT_SUPPORTED )
1034                 return( status );
1035 #endif
1036 
1037 
1038 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1039 
1040             /* Fell through, meaning no accelerator supports this operation */
1041             return( psa_import_key_into_slot( attributes,
1042                                               data, data_length,
1043                                               key_buffer, key_buffer_size,
1044                                               key_buffer_length, bits ) );
1045         /* Add cases for opaque driver here */
1046 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1047 
1048 #if (defined(PSA_CRYPTO_DRIVER_TEST) )
1049         case 0x7fffff:
1050             return( mbedtls_test_opaque_import_key
1051             (attributes,
1052                             data,
1053                             data_length,
1054                             key_buffer,
1055                             key_buffer_size,
1056                             key_buffer_length,
1057                             bits
1058         ));
1059 #endif
1060 
1061 
1062 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1063         default:
1064             (void)status;
1065             return( PSA_ERROR_INVALID_ARGUMENT );
1066     }
1067 
1068 }
1069 
psa_driver_wrapper_export_key(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,uint8_t * data,size_t data_size,size_t * data_length)1070 static inline psa_status_t psa_driver_wrapper_export_key(
1071     const psa_key_attributes_t *attributes,
1072     const uint8_t *key_buffer, size_t key_buffer_size,
1073     uint8_t *data, size_t data_size, size_t *data_length )
1074 
1075 {
1076 
1077     psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
1078     psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
1079                                       psa_get_key_lifetime( attributes ) );
1080 
1081     /* Try dynamically-registered SE interface first */
1082 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
1083     const psa_drv_se_t *drv;
1084     psa_drv_se_context_t *drv_context;
1085 
1086     if( psa_get_se_driver( psa_get_key_lifetime(attributes), &drv, &drv_context ) )
1087     {
1088         if( ( drv->key_management == NULL   ) ||
1089             ( drv->key_management->p_export == NULL ) )
1090         {
1091             return( PSA_ERROR_NOT_SUPPORTED );
1092         }
1093 
1094         return( drv->key_management->p_export(
1095                      drv_context,
1096                      *( (psa_key_slot_number_t *)key_buffer ),
1097                      data, data_size, data_length ) );
1098     }
1099 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
1100 
1101     switch( location )
1102     {
1103         case PSA_KEY_LOCATION_LOCAL_STORAGE:
1104 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
1105         case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
1106 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
1107             return( psa_export_key_internal( attributes,
1108                                              key_buffer,
1109                                              key_buffer_size,
1110                                              data,
1111                                              data_size,
1112                                              data_length ) );
1113 
1114         /* Add cases for opaque driver here */
1115 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1116 
1117 #if (defined(PSA_CRYPTO_DRIVER_TEST) )
1118         case 0x7fffff:
1119             return( mbedtls_test_opaque_export_key
1120             (attributes,
1121                             key_buffer,
1122                             key_buffer_size,
1123                             data,
1124                             data_size,
1125                             data_length
1126         ));
1127 #endif
1128 
1129 
1130 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1131         default:
1132             /* Key is declared with a lifetime not known to us */
1133             return( status );
1134     }
1135 
1136 }
1137 
psa_driver_wrapper_copy_key(psa_key_attributes_t * attributes,const uint8_t * source_key,size_t source_key_length,uint8_t * target_key_buffer,size_t target_key_buffer_size,size_t * target_key_buffer_length)1138 static inline psa_status_t psa_driver_wrapper_copy_key(
1139     psa_key_attributes_t *attributes,
1140     const uint8_t *source_key, size_t source_key_length,
1141     uint8_t *target_key_buffer, size_t target_key_buffer_size,
1142     size_t *target_key_buffer_length )
1143 {
1144 
1145     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1146     psa_key_location_t location =
1147         PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
1148 
1149 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
1150     const psa_drv_se_t *drv;
1151     psa_drv_se_context_t *drv_context;
1152 
1153     if( psa_get_se_driver( psa_get_key_lifetime(attributes), &drv, &drv_context ) )
1154     {
1155         /* Copying to a secure element is not implemented yet. */
1156         return( PSA_ERROR_NOT_SUPPORTED );
1157     }
1158 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
1159 
1160     switch( location )
1161     {
1162 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1163 
1164 #if (defined(PSA_CRYPTO_DRIVER_TEST) )
1165         case 0x7fffff:
1166             return( mbedtls_test_opaque_copy_key
1167             (attributes,
1168                             source_key,
1169                             source_key_length,
1170                             target_key_buffer,
1171                             target_key_buffer_size,
1172                             target_key_buffer_length
1173         ));
1174 #endif
1175 
1176 
1177 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1178         default:
1179             (void)source_key;
1180             (void)source_key_length;
1181             (void)target_key_buffer;
1182             (void)target_key_buffer_size;
1183             (void)target_key_buffer_length;
1184             status = PSA_ERROR_INVALID_ARGUMENT;
1185     }
1186     return( status );
1187 
1188 }
1189 
1190 /*
1191  * Cipher functions
1192  */
psa_driver_wrapper_cipher_encrypt(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * iv,size_t iv_length,const uint8_t * input,size_t input_length,uint8_t * output,size_t output_size,size_t * output_length)1193 static inline psa_status_t psa_driver_wrapper_cipher_encrypt(
1194     const psa_key_attributes_t *attributes,
1195     const uint8_t *key_buffer,
1196     size_t key_buffer_size,
1197     psa_algorithm_t alg,
1198     const uint8_t *iv,
1199     size_t iv_length,
1200     const uint8_t *input,
1201     size_t input_length,
1202     uint8_t *output,
1203     size_t output_size,
1204     size_t *output_length )
1205 {
1206     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1207     psa_key_location_t location =
1208         PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
1209 
1210     switch( location )
1211     {
1212         case PSA_KEY_LOCATION_LOCAL_STORAGE:
1213 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
1214         case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
1215 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
1216             /* Key is stored in the slot in export representation, so
1217              * cycle through all known transparent accelerators */
1218 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1219 #if defined(PSA_CRYPTO_DRIVER_TEST)
1220             status = mbedtls_test_transparent_cipher_encrypt( attributes,
1221                                                               key_buffer,
1222                                                               key_buffer_size,
1223                                                               alg,
1224                                                               iv,
1225                                                               iv_length,
1226                                                               input,
1227                                                               input_length,
1228                                                               output,
1229                                                               output_size,
1230                                                               output_length );
1231             /* Declared with fallback == true */
1232             if( status != PSA_ERROR_NOT_SUPPORTED )
1233                 return( status );
1234 #endif /* PSA_CRYPTO_DRIVER_TEST */
1235 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
1236             status = cc3xx_cipher_encrypt( attributes,
1237                                            key_buffer,
1238                                            key_buffer_size,
1239                                            alg,
1240                                            iv,
1241                                            iv_length,
1242                                            input,
1243                                            input_length,
1244                                            output,
1245                                            output_size,
1246                                            output_length );
1247             return( status );
1248 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
1249 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1250 
1251 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1252             return( mbedtls_psa_cipher_encrypt( attributes,
1253                                                 key_buffer,
1254                                                 key_buffer_size,
1255                                                 alg,
1256                                                 iv,
1257                                                 iv_length,
1258                                                 input,
1259                                                 input_length,
1260                                                 output,
1261                                                 output_size,
1262                                                 output_length ) );
1263 #else
1264             return( PSA_ERROR_NOT_SUPPORTED );
1265 #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1266 
1267         /* Add cases for opaque driver here */
1268 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1269 #if defined(PSA_CRYPTO_DRIVER_TEST)
1270         case PSA_CRYPTO_TEST_DRIVER_LOCATION:
1271             return( mbedtls_test_opaque_cipher_encrypt( attributes,
1272                                                         key_buffer,
1273                                                         key_buffer_size,
1274                                                         alg,
1275                                                         iv,
1276                                                         iv_length,
1277                                                         input,
1278                                                         input_length,
1279                                                         output,
1280                                                         output_size,
1281                                                         output_length ) );
1282 #endif /* PSA_CRYPTO_DRIVER_TEST */
1283 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1284 
1285         default:
1286             /* Key is declared with a lifetime not known to us */
1287             (void)status;
1288             (void)key_buffer;
1289             (void)key_buffer_size;
1290             (void)alg;
1291             (void)iv;
1292             (void)iv_length;
1293             (void)input;
1294             (void)input_length;
1295             (void)output;
1296             (void)output_size;
1297             (void)output_length;
1298             return( PSA_ERROR_INVALID_ARGUMENT );
1299     }
1300 }
1301 
psa_driver_wrapper_cipher_decrypt(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * input,size_t input_length,uint8_t * output,size_t output_size,size_t * output_length)1302 static inline psa_status_t psa_driver_wrapper_cipher_decrypt(
1303     const psa_key_attributes_t *attributes,
1304     const uint8_t *key_buffer,
1305     size_t key_buffer_size,
1306     psa_algorithm_t alg,
1307     const uint8_t *input,
1308     size_t input_length,
1309     uint8_t *output,
1310     size_t output_size,
1311     size_t *output_length )
1312 {
1313     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1314     psa_key_location_t location =
1315         PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
1316 
1317     switch( location )
1318     {
1319         case PSA_KEY_LOCATION_LOCAL_STORAGE:
1320 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
1321         case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
1322 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
1323             /* Key is stored in the slot in export representation, so
1324              * cycle through all known transparent accelerators */
1325 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1326 #if defined(PSA_CRYPTO_DRIVER_TEST)
1327             status = mbedtls_test_transparent_cipher_decrypt( attributes,
1328                                                               key_buffer,
1329                                                               key_buffer_size,
1330                                                               alg,
1331                                                               input,
1332                                                               input_length,
1333                                                               output,
1334                                                               output_size,
1335                                                               output_length );
1336             /* Declared with fallback == true */
1337             if( status != PSA_ERROR_NOT_SUPPORTED )
1338                 return( status );
1339 #endif /* PSA_CRYPTO_DRIVER_TEST */
1340 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
1341             status = cc3xx_cipher_decrypt( attributes,
1342                                            key_buffer,
1343                                            key_buffer_size,
1344                                            alg,
1345                                            input,
1346                                            input_length,
1347                                            output,
1348                                            output_size,
1349                                            output_length );
1350             return( status );
1351 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
1352 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1353 
1354 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1355             return( mbedtls_psa_cipher_decrypt( attributes,
1356                                                 key_buffer,
1357                                                 key_buffer_size,
1358                                                 alg,
1359                                                 input,
1360                                                 input_length,
1361                                                 output,
1362                                                 output_size,
1363                                                 output_length ) );
1364 #else
1365             return( PSA_ERROR_NOT_SUPPORTED );
1366 #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1367 
1368         /* Add cases for opaque driver here */
1369 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1370 #if defined(PSA_CRYPTO_DRIVER_TEST)
1371         case PSA_CRYPTO_TEST_DRIVER_LOCATION:
1372             return( mbedtls_test_opaque_cipher_decrypt( attributes,
1373                                                         key_buffer,
1374                                                         key_buffer_size,
1375                                                         alg,
1376                                                         input,
1377                                                         input_length,
1378                                                         output,
1379                                                         output_size,
1380                                                         output_length ) );
1381 #endif /* PSA_CRYPTO_DRIVER_TEST */
1382 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1383 
1384         default:
1385             /* Key is declared with a lifetime not known to us */
1386             (void)status;
1387             (void)key_buffer;
1388             (void)key_buffer_size;
1389             (void)alg;
1390             (void)input;
1391             (void)input_length;
1392             (void)output;
1393             (void)output_size;
1394             (void)output_length;
1395             return( PSA_ERROR_INVALID_ARGUMENT );
1396     }
1397 }
1398 
psa_driver_wrapper_cipher_encrypt_setup(psa_cipher_operation_t * operation,const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg)1399 static inline psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
1400     psa_cipher_operation_t *operation,
1401     const psa_key_attributes_t *attributes,
1402     const uint8_t *key_buffer, size_t key_buffer_size,
1403     psa_algorithm_t alg )
1404 {
1405     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1406     psa_key_location_t location =
1407         PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
1408 
1409     switch( location )
1410     {
1411         case PSA_KEY_LOCATION_LOCAL_STORAGE:
1412 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
1413         case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
1414 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
1415             /* Key is stored in the slot in export representation, so
1416              * cycle through all known transparent accelerators */
1417 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1418 #if defined(PSA_CRYPTO_DRIVER_TEST)
1419             status = mbedtls_test_transparent_cipher_encrypt_setup(
1420                 &operation->ctx.transparent_test_driver_ctx,
1421                 attributes,
1422                 key_buffer,
1423                 key_buffer_size,
1424                 alg );
1425             /* Declared with fallback == true */
1426             if( status == PSA_SUCCESS )
1427                 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
1428 
1429             if( status != PSA_ERROR_NOT_SUPPORTED )
1430                 return( status );
1431 #endif /* PSA_CRYPTO_DRIVER_TEST */
1432 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
1433             status = cc3xx_cipher_encrypt_setup(
1434                 &operation->ctx.cc3xx_driver_ctx,
1435                 attributes,
1436                 key_buffer,
1437                 key_buffer_size,
1438                 alg );
1439             operation->id = PSA_CRYPTO_CC3XX_DRIVER_ID;
1440             return( status );
1441 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
1442 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1443 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1444             /* Fell through, meaning no accelerator supports this operation */
1445             status = mbedtls_psa_cipher_encrypt_setup( &operation->ctx.mbedtls_ctx,
1446                                                        attributes,
1447                                                        key_buffer,
1448                                                        key_buffer_size,
1449                                                        alg );
1450             if( status == PSA_SUCCESS )
1451                 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1452 
1453             if( status != PSA_ERROR_NOT_SUPPORTED )
1454                 return( status );
1455 #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1456             return( PSA_ERROR_NOT_SUPPORTED );
1457 
1458         /* Add cases for opaque driver here */
1459 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1460 #if defined(PSA_CRYPTO_DRIVER_TEST)
1461         case PSA_CRYPTO_TEST_DRIVER_LOCATION:
1462             status = mbedtls_test_opaque_cipher_encrypt_setup(
1463                 &operation->ctx.opaque_test_driver_ctx,
1464                 attributes,
1465                 key_buffer, key_buffer_size,
1466                 alg );
1467 
1468             if( status == PSA_SUCCESS )
1469                 operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID;
1470 
1471             return( status );
1472 #endif /* PSA_CRYPTO_DRIVER_TEST */
1473 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1474         default:
1475             /* Key is declared with a lifetime not known to us */
1476             (void)status;
1477             (void)operation;
1478             (void)key_buffer;
1479             (void)key_buffer_size;
1480             (void)alg;
1481             return( PSA_ERROR_INVALID_ARGUMENT );
1482     }
1483 }
1484 
psa_driver_wrapper_cipher_decrypt_setup(psa_cipher_operation_t * operation,const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg)1485 static inline psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
1486     psa_cipher_operation_t *operation,
1487     const psa_key_attributes_t *attributes,
1488     const uint8_t *key_buffer, size_t key_buffer_size,
1489     psa_algorithm_t alg )
1490 {
1491     psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
1492     psa_key_location_t location =
1493         PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
1494 
1495     switch( location )
1496     {
1497         case PSA_KEY_LOCATION_LOCAL_STORAGE:
1498 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
1499         case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
1500 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
1501             /* Key is stored in the slot in export representation, so
1502              * cycle through all known transparent accelerators */
1503 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1504 #if defined(PSA_CRYPTO_DRIVER_TEST)
1505             status = mbedtls_test_transparent_cipher_decrypt_setup(
1506                 &operation->ctx.transparent_test_driver_ctx,
1507                 attributes,
1508                 key_buffer,
1509                 key_buffer_size,
1510                 alg );
1511             /* Declared with fallback == true */
1512             if( status == PSA_SUCCESS )
1513                 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
1514 
1515             if( status != PSA_ERROR_NOT_SUPPORTED )
1516                 return( status );
1517 #endif /* PSA_CRYPTO_DRIVER_TEST */
1518 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
1519             status = cc3xx_cipher_decrypt_setup(
1520                 &operation->ctx.cc3xx_driver_ctx,
1521                 attributes,
1522                 key_buffer,
1523                 key_buffer_size,
1524                 alg );
1525             operation->id = PSA_CRYPTO_CC3XX_DRIVER_ID;
1526             return( status );
1527 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
1528 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1529 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1530             /* Fell through, meaning no accelerator supports this operation */
1531             status = mbedtls_psa_cipher_decrypt_setup( &operation->ctx.mbedtls_ctx,
1532                                                        attributes,
1533                                                        key_buffer,
1534                                                        key_buffer_size,
1535                                                        alg );
1536             if( status == PSA_SUCCESS )
1537                 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1538 
1539             return( status );
1540 #else /* MBEDTLS_PSA_BUILTIN_CIPHER */
1541             return( PSA_ERROR_NOT_SUPPORTED );
1542 #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1543 
1544         /* Add cases for opaque driver here */
1545 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1546 #if defined(PSA_CRYPTO_DRIVER_TEST)
1547         case PSA_CRYPTO_TEST_DRIVER_LOCATION:
1548             status = mbedtls_test_opaque_cipher_decrypt_setup(
1549                          &operation->ctx.opaque_test_driver_ctx,
1550                          attributes,
1551                          key_buffer, key_buffer_size,
1552                          alg );
1553 
1554             if( status == PSA_SUCCESS )
1555                 operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID;
1556 
1557             return( status );
1558 #endif /* PSA_CRYPTO_DRIVER_TEST */
1559 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1560         default:
1561             /* Key is declared with a lifetime not known to us */
1562             (void)status;
1563             (void)operation;
1564             (void)key_buffer;
1565             (void)key_buffer_size;
1566             (void)alg;
1567             return( PSA_ERROR_INVALID_ARGUMENT );
1568     }
1569 }
1570 
psa_driver_wrapper_cipher_set_iv(psa_cipher_operation_t * operation,const uint8_t * iv,size_t iv_length)1571 static inline psa_status_t psa_driver_wrapper_cipher_set_iv(
1572     psa_cipher_operation_t *operation,
1573     const uint8_t *iv,
1574     size_t iv_length )
1575 {
1576     switch( operation->id )
1577     {
1578 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1579         case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1580             return( mbedtls_psa_cipher_set_iv( &operation->ctx.mbedtls_ctx,
1581                                                iv,
1582                                                iv_length ) );
1583 #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1584 
1585 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1586 #if defined(PSA_CRYPTO_DRIVER_TEST)
1587         case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1588             return( mbedtls_test_transparent_cipher_set_iv(
1589                         &operation->ctx.transparent_test_driver_ctx,
1590                         iv, iv_length ) );
1591 
1592         case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
1593             return( mbedtls_test_opaque_cipher_set_iv(
1594                         &operation->ctx.opaque_test_driver_ctx,
1595                         iv, iv_length ) );
1596 #endif /* PSA_CRYPTO_DRIVER_TEST */
1597 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
1598         case PSA_CRYPTO_CC3XX_DRIVER_ID:
1599             return( cc3xx_cipher_set_iv(
1600                         &operation->ctx.cc3xx_driver_ctx,
1601                         iv, iv_length ) );
1602 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
1603 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1604     }
1605 
1606     (void)iv;
1607     (void)iv_length;
1608 
1609     return( PSA_ERROR_INVALID_ARGUMENT );
1610 }
1611 
psa_driver_wrapper_cipher_update(psa_cipher_operation_t * operation,const uint8_t * input,size_t input_length,uint8_t * output,size_t output_size,size_t * output_length)1612 static inline psa_status_t psa_driver_wrapper_cipher_update(
1613     psa_cipher_operation_t *operation,
1614     const uint8_t *input,
1615     size_t input_length,
1616     uint8_t *output,
1617     size_t output_size,
1618     size_t *output_length )
1619 {
1620     switch( operation->id )
1621     {
1622 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1623         case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1624             return( mbedtls_psa_cipher_update( &operation->ctx.mbedtls_ctx,
1625                                                input,
1626                                                input_length,
1627                                                output,
1628                                                output_size,
1629                                                output_length ) );
1630 #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1631 
1632 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1633 #if defined(PSA_CRYPTO_DRIVER_TEST)
1634         case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1635             return( mbedtls_test_transparent_cipher_update(
1636                         &operation->ctx.transparent_test_driver_ctx,
1637                         input, input_length,
1638                         output, output_size, output_length ) );
1639 
1640         case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
1641             return( mbedtls_test_opaque_cipher_update(
1642                         &operation->ctx.opaque_test_driver_ctx,
1643                         input, input_length,
1644                         output, output_size, output_length ) );
1645 #endif /* PSA_CRYPTO_DRIVER_TEST */
1646 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
1647         case PSA_CRYPTO_CC3XX_DRIVER_ID:
1648             return( cc3xx_cipher_update(
1649                         &operation->ctx.cc3xx_driver_ctx,
1650                         input, input_length,
1651                         output, output_size, output_length ) );
1652 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
1653 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1654     }
1655 
1656     (void)input;
1657     (void)input_length;
1658     (void)output;
1659     (void)output_size;
1660     (void)output_length;
1661 
1662     return( PSA_ERROR_INVALID_ARGUMENT );
1663 }
1664 
psa_driver_wrapper_cipher_finish(psa_cipher_operation_t * operation,uint8_t * output,size_t output_size,size_t * output_length)1665 static inline psa_status_t psa_driver_wrapper_cipher_finish(
1666     psa_cipher_operation_t *operation,
1667     uint8_t *output,
1668     size_t output_size,
1669     size_t *output_length )
1670 {
1671     switch( operation->id )
1672     {
1673 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1674         case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1675             return( mbedtls_psa_cipher_finish( &operation->ctx.mbedtls_ctx,
1676                                                output,
1677                                                output_size,
1678                                                output_length ) );
1679 #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1680 
1681 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1682 #if defined(PSA_CRYPTO_DRIVER_TEST)
1683         case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1684             return( mbedtls_test_transparent_cipher_finish(
1685                         &operation->ctx.transparent_test_driver_ctx,
1686                         output, output_size, output_length ) );
1687 
1688         case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
1689             return( mbedtls_test_opaque_cipher_finish(
1690                         &operation->ctx.opaque_test_driver_ctx,
1691                         output, output_size, output_length ) );
1692 #endif /* PSA_CRYPTO_DRIVER_TEST */
1693 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
1694         case PSA_CRYPTO_CC3XX_DRIVER_ID:
1695             return( cc3xx_cipher_finish(
1696                         &operation->ctx.cc3xx_driver_ctx,
1697                         output, output_size, output_length ) );
1698 #endif /* PSA_CRYPTO_DRIVER_CC3XX*/
1699 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1700     }
1701 
1702     (void)output;
1703     (void)output_size;
1704     (void)output_length;
1705 
1706     return( PSA_ERROR_INVALID_ARGUMENT );
1707 }
1708 
psa_driver_wrapper_cipher_abort(psa_cipher_operation_t * operation)1709 static inline psa_status_t psa_driver_wrapper_cipher_abort(
1710     psa_cipher_operation_t *operation )
1711 {
1712     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1713 
1714     switch( operation->id )
1715     {
1716 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1717         case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1718             return( mbedtls_psa_cipher_abort( &operation->ctx.mbedtls_ctx ) );
1719 #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1720 
1721 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1722 #if defined(PSA_CRYPTO_DRIVER_TEST)
1723         case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1724             status = mbedtls_test_transparent_cipher_abort(
1725                          &operation->ctx.transparent_test_driver_ctx );
1726             mbedtls_platform_zeroize(
1727                 &operation->ctx.transparent_test_driver_ctx,
1728                 sizeof( operation->ctx.transparent_test_driver_ctx ) );
1729             return( status );
1730 
1731         case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
1732             status = mbedtls_test_opaque_cipher_abort(
1733                          &operation->ctx.opaque_test_driver_ctx );
1734             mbedtls_platform_zeroize(
1735                 &operation->ctx.opaque_test_driver_ctx,
1736                 sizeof( operation->ctx.opaque_test_driver_ctx ) );
1737             return( status );
1738 #endif /* PSA_CRYPTO_DRIVER_TEST */
1739 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
1740         case PSA_CRYPTO_CC3XX_DRIVER_ID:
1741             status = cc3xx_cipher_abort(
1742                          &operation->ctx.cc3xx_driver_ctx );
1743             mbedtls_platform_zeroize(
1744                 &operation->ctx.cc3xx_driver_ctx,
1745                 sizeof( operation->ctx.cc3xx_driver_ctx ) );
1746             return( status );
1747 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
1748 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1749     }
1750 
1751     (void)status;
1752     return( PSA_ERROR_INVALID_ARGUMENT );
1753 }
1754 
1755 /*
1756  * Hashing functions
1757  */
psa_driver_wrapper_hash_compute(psa_algorithm_t alg,const uint8_t * input,size_t input_length,uint8_t * hash,size_t hash_size,size_t * hash_length)1758 static inline psa_status_t psa_driver_wrapper_hash_compute(
1759     psa_algorithm_t alg,
1760     const uint8_t *input,
1761     size_t input_length,
1762     uint8_t *hash,
1763     size_t hash_size,
1764     size_t *hash_length)
1765 {
1766     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1767 
1768     /* Try accelerators first */
1769 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1770 #if defined(PSA_CRYPTO_DRIVER_TEST)
1771     status = mbedtls_test_transparent_hash_compute(
1772                 alg, input, input_length, hash, hash_size, hash_length );
1773     if( status != PSA_ERROR_NOT_SUPPORTED )
1774         return( status );
1775 #endif /* PSA_CRYPTO_DRIVER_TEST */
1776 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
1777     status = cc3xx_hash_compute(alg, input, input_length, hash, hash_size,
1778             hash_length);
1779     return status;
1780 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
1781 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1782 
1783     /* If software fallback is compiled in, try fallback */
1784 #if defined(MBEDTLS_PSA_BUILTIN_HASH)
1785     status = mbedtls_psa_hash_compute( alg, input, input_length,
1786                                        hash, hash_size, hash_length );
1787     if( status != PSA_ERROR_NOT_SUPPORTED )
1788         return( status );
1789 #endif
1790     (void) status;
1791     (void) alg;
1792     (void) input;
1793     (void) input_length;
1794     (void) hash;
1795     (void) hash_size;
1796     (void) hash_length;
1797 
1798     return( PSA_ERROR_NOT_SUPPORTED );
1799 }
1800 
psa_driver_wrapper_hash_setup(psa_hash_operation_t * operation,psa_algorithm_t alg)1801 static inline psa_status_t psa_driver_wrapper_hash_setup(
1802     psa_hash_operation_t *operation,
1803     psa_algorithm_t alg )
1804 {
1805     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1806 
1807     /* Try setup on accelerators first */
1808 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1809 #if defined(PSA_CRYPTO_DRIVER_TEST)
1810     status = mbedtls_test_transparent_hash_setup(
1811                 &operation->ctx.test_driver_ctx, alg );
1812     if( status == PSA_SUCCESS )
1813         operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
1814 
1815     if( status != PSA_ERROR_NOT_SUPPORTED )
1816         return( status );
1817 #endif /* PSA_CRYPTO_DRIVER_TEST */
1818 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
1819     status = cc3xx_hash_setup(&operation->ctx.cc3xx_driver_ctx, alg);
1820     operation->id = PSA_CRYPTO_CC3XX_DRIVER_ID;
1821     return( status );
1822 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
1823 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1824 
1825     /* If software fallback is compiled in, try fallback */
1826 #if defined(MBEDTLS_PSA_BUILTIN_HASH)
1827     status = mbedtls_psa_hash_setup( &operation->ctx.mbedtls_ctx, alg );
1828     if( status == PSA_SUCCESS )
1829         operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1830 
1831     if( status != PSA_ERROR_NOT_SUPPORTED )
1832         return( status );
1833 #endif
1834     /* Nothing left to try if we fall through here */
1835     (void) status;
1836     (void) operation;
1837     (void) alg;
1838     return( PSA_ERROR_NOT_SUPPORTED );
1839 }
1840 
psa_driver_wrapper_hash_clone(const psa_hash_operation_t * source_operation,psa_hash_operation_t * target_operation)1841 static inline psa_status_t psa_driver_wrapper_hash_clone(
1842     const psa_hash_operation_t *source_operation,
1843     psa_hash_operation_t *target_operation )
1844 {
1845     switch( source_operation->id )
1846     {
1847 #if defined(MBEDTLS_PSA_BUILTIN_HASH)
1848         case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1849             target_operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1850             return( mbedtls_psa_hash_clone( &source_operation->ctx.mbedtls_ctx,
1851                                             &target_operation->ctx.mbedtls_ctx ) );
1852 #endif
1853 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1854 #if defined(PSA_CRYPTO_DRIVER_TEST)
1855         case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1856             target_operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
1857             return( mbedtls_test_transparent_hash_clone(
1858                         &source_operation->ctx.test_driver_ctx,
1859                         &target_operation->ctx.test_driver_ctx ) );
1860 #endif /* PSA_CRYPTO_DRIVER_TEST */
1861 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
1862         case PSA_CRYPTO_CC3XX_DRIVER_ID:
1863             target_operation->id = PSA_CRYPTO_CC3XX_DRIVER_ID;
1864             return( cc3xx_hash_clone(
1865                         &source_operation->ctx.cc3xx_driver_ctx,
1866                         &target_operation->ctx.cc3xx_driver_ctx ) );
1867 
1868 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
1869 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1870         default:
1871             (void) target_operation;
1872             return( PSA_ERROR_BAD_STATE );
1873     }
1874 }
1875 
psa_driver_wrapper_hash_update(psa_hash_operation_t * operation,const uint8_t * input,size_t input_length)1876 static inline psa_status_t psa_driver_wrapper_hash_update(
1877     psa_hash_operation_t *operation,
1878     const uint8_t *input,
1879     size_t input_length )
1880 {
1881     switch( operation->id )
1882     {
1883 #if defined(MBEDTLS_PSA_BUILTIN_HASH)
1884         case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1885             return( mbedtls_psa_hash_update( &operation->ctx.mbedtls_ctx,
1886                                              input, input_length ) );
1887 #endif
1888 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1889 #if defined(PSA_CRYPTO_DRIVER_TEST)
1890         case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1891             return( mbedtls_test_transparent_hash_update(
1892                         &operation->ctx.test_driver_ctx,
1893                         input, input_length ) );
1894 #endif /* PSA_CRYPTO_DRIVER_TEST */
1895 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
1896         case PSA_CRYPTO_CC3XX_DRIVER_ID:
1897             return( cc3xx_hash_update(
1898                         &operation->ctx.cc3xx_driver_ctx,
1899                         input, input_length ) );
1900 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
1901 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1902         default:
1903             (void) input;
1904             (void) input_length;
1905             return( PSA_ERROR_BAD_STATE );
1906     }
1907 }
1908 
psa_driver_wrapper_hash_finish(psa_hash_operation_t * operation,uint8_t * hash,size_t hash_size,size_t * hash_length)1909 static inline psa_status_t psa_driver_wrapper_hash_finish(
1910     psa_hash_operation_t *operation,
1911     uint8_t *hash,
1912     size_t hash_size,
1913     size_t *hash_length )
1914 {
1915     switch( operation->id )
1916     {
1917 #if defined(MBEDTLS_PSA_BUILTIN_HASH)
1918         case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1919             return( mbedtls_psa_hash_finish( &operation->ctx.mbedtls_ctx,
1920                                              hash, hash_size, hash_length ) );
1921 #endif
1922 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1923 #if defined(PSA_CRYPTO_DRIVER_TEST)
1924         case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1925             return( mbedtls_test_transparent_hash_finish(
1926                         &operation->ctx.test_driver_ctx,
1927                         hash, hash_size, hash_length ) );
1928 #endif /* PSA_CRYPTO_DRIVER_TEST */
1929 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
1930         case PSA_CRYPTO_CC3XX_DRIVER_ID:
1931             return( cc3xx_hash_finish(
1932                         &operation->ctx.cc3xx_driver_ctx,
1933                         hash, hash_size, hash_length ) );
1934 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
1935 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1936         default:
1937             (void) hash;
1938             (void) hash_size;
1939             (void) hash_length;
1940             return( PSA_ERROR_BAD_STATE );
1941     }
1942 }
1943 
psa_driver_wrapper_hash_abort(psa_hash_operation_t * operation)1944 static inline psa_status_t psa_driver_wrapper_hash_abort(
1945     psa_hash_operation_t *operation )
1946 {
1947     switch( operation->id )
1948     {
1949 #if defined(MBEDTLS_PSA_BUILTIN_HASH)
1950         case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1951             return( mbedtls_psa_hash_abort( &operation->ctx.mbedtls_ctx ) );
1952 #endif
1953 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1954 #if defined(PSA_CRYPTO_DRIVER_TEST)
1955         case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1956             return( mbedtls_test_transparent_hash_abort(
1957                         &operation->ctx.test_driver_ctx ) );
1958 #endif /* PSA_CRYPTO_DRIVER_TEST */
1959 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
1960         case PSA_CRYPTO_CC3XX_DRIVER_ID:
1961             return( cc3xx_hash_abort(
1962                         &operation->ctx.cc3xx_driver_ctx ) );
1963 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
1964 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1965         default:
1966             return( PSA_ERROR_BAD_STATE );
1967     }
1968 }
1969 
psa_driver_wrapper_aead_encrypt(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * nonce,size_t nonce_length,const uint8_t * additional_data,size_t additional_data_length,const uint8_t * plaintext,size_t plaintext_length,uint8_t * ciphertext,size_t ciphertext_size,size_t * ciphertext_length)1970 static inline psa_status_t psa_driver_wrapper_aead_encrypt(
1971     const psa_key_attributes_t *attributes,
1972     const uint8_t *key_buffer, size_t key_buffer_size,
1973     psa_algorithm_t alg,
1974     const uint8_t *nonce, size_t nonce_length,
1975     const uint8_t *additional_data, size_t additional_data_length,
1976     const uint8_t *plaintext, size_t plaintext_length,
1977     uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length )
1978 {
1979     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1980     psa_key_location_t location =
1981         PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
1982 
1983     switch( location )
1984     {
1985         case PSA_KEY_LOCATION_LOCAL_STORAGE:
1986 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
1987         case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
1988 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
1989             /* Key is stored in the slot in export representation, so
1990              * cycle through all known transparent accelerators */
1991 
1992 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1993 #if defined(PSA_CRYPTO_DRIVER_TEST)
1994             status = mbedtls_test_transparent_aead_encrypt(
1995                          attributes, key_buffer, key_buffer_size,
1996                          alg,
1997                          nonce, nonce_length,
1998                          additional_data, additional_data_length,
1999                          plaintext, plaintext_length,
2000                          ciphertext, ciphertext_size, ciphertext_length );
2001             /* Declared with fallback == true */
2002             if( status != PSA_ERROR_NOT_SUPPORTED )
2003                 return( status );
2004 #endif /* PSA_CRYPTO_DRIVER_TEST */
2005 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
2006             status = cc3xx_aead_encrypt(
2007                         attributes, key_buffer, key_buffer_size,
2008                         alg,
2009                         nonce, nonce_length,
2010                         additional_data, additional_data_length,
2011                         plaintext, plaintext_length,
2012                         ciphertext, ciphertext_size, ciphertext_length );
2013 
2014             return( status );
2015 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
2016 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2017 
2018             /* Fell through, meaning no accelerator supports this operation */
2019             return( mbedtls_psa_aead_encrypt(
2020                         attributes, key_buffer, key_buffer_size,
2021                         alg,
2022                         nonce, nonce_length,
2023                         additional_data, additional_data_length,
2024                         plaintext, plaintext_length,
2025                         ciphertext, ciphertext_size, ciphertext_length ) );
2026 
2027         /* Add cases for opaque driver here */
2028 
2029         default:
2030             /* Key is declared with a lifetime not known to us */
2031             (void)status;
2032             return( PSA_ERROR_INVALID_ARGUMENT );
2033     }
2034 }
2035 
psa_driver_wrapper_aead_decrypt(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * nonce,size_t nonce_length,const uint8_t * additional_data,size_t additional_data_length,const uint8_t * ciphertext,size_t ciphertext_length,uint8_t * plaintext,size_t plaintext_size,size_t * plaintext_length)2036 static inline psa_status_t psa_driver_wrapper_aead_decrypt(
2037     const psa_key_attributes_t *attributes,
2038     const uint8_t *key_buffer, size_t key_buffer_size,
2039     psa_algorithm_t alg,
2040     const uint8_t *nonce, size_t nonce_length,
2041     const uint8_t *additional_data, size_t additional_data_length,
2042     const uint8_t *ciphertext, size_t ciphertext_length,
2043     uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length )
2044 {
2045     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2046     psa_key_location_t location =
2047         PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
2048 
2049     switch( location )
2050     {
2051         case PSA_KEY_LOCATION_LOCAL_STORAGE:
2052 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
2053         case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
2054 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
2055             /* Key is stored in the slot in export representation, so
2056              * cycle through all known transparent accelerators */
2057 
2058 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2059 #if defined(PSA_CRYPTO_DRIVER_TEST)
2060             status = mbedtls_test_transparent_aead_decrypt(
2061                         attributes, key_buffer, key_buffer_size,
2062                         alg,
2063                         nonce, nonce_length,
2064                         additional_data, additional_data_length,
2065                         ciphertext, ciphertext_length,
2066                         plaintext, plaintext_size, plaintext_length );
2067             /* Declared with fallback == true */
2068             if( status != PSA_ERROR_NOT_SUPPORTED )
2069                 return( status );
2070 #endif /* PSA_CRYPTO_DRIVER_TEST */
2071 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
2072             status = cc3xx_aead_decrypt(
2073                         attributes, key_buffer, key_buffer_size,
2074                         alg,
2075                         nonce, nonce_length,
2076                         additional_data, additional_data_length,
2077                         ciphertext, ciphertext_length,
2078                         plaintext, plaintext_size, plaintext_length );
2079 
2080             return( status );
2081 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
2082 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2083 
2084             /* Fell through, meaning no accelerator supports this operation */
2085             return( mbedtls_psa_aead_decrypt(
2086                         attributes, key_buffer, key_buffer_size,
2087                         alg,
2088                         nonce, nonce_length,
2089                         additional_data, additional_data_length,
2090                         ciphertext, ciphertext_length,
2091                         plaintext, plaintext_size, plaintext_length ) );
2092 
2093         /* Add cases for opaque driver here */
2094 
2095         default:
2096             /* Key is declared with a lifetime not known to us */
2097             (void)status;
2098             return( PSA_ERROR_INVALID_ARGUMENT );
2099     }
2100 }
2101 
psa_driver_wrapper_aead_encrypt_setup(psa_aead_operation_t * operation,const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg)2102 static inline psa_status_t psa_driver_wrapper_aead_encrypt_setup(
2103    psa_aead_operation_t *operation,
2104    const psa_key_attributes_t *attributes,
2105    const uint8_t *key_buffer, size_t key_buffer_size,
2106    psa_algorithm_t alg )
2107 {
2108     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2109     psa_key_location_t location =
2110         PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
2111 
2112     switch( location )
2113     {
2114         case PSA_KEY_LOCATION_LOCAL_STORAGE:
2115 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
2116         case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
2117 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
2118             /* Key is stored in the slot in export representation, so
2119              * cycle through all known transparent accelerators */
2120 
2121 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2122 #if defined(PSA_CRYPTO_DRIVER_TEST)
2123             operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
2124             status = mbedtls_test_transparent_aead_encrypt_setup(
2125                         &operation->ctx.transparent_test_driver_ctx,
2126                         attributes, key_buffer, key_buffer_size,
2127                         alg );
2128 
2129             /* Declared with fallback == true */
2130             if( status != PSA_ERROR_NOT_SUPPORTED )
2131                 return( status );
2132 #endif /* PSA_CRYPTO_DRIVER_TEST */
2133 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
2134             operation->id = PSA_CRYPTO_CC3XX_DRIVER_ID;
2135             status = cc3xx_aead_encrypt_setup(
2136                     &operation->ctx.cc3xx_driver_ctx,
2137                     attributes, key_buffer, key_buffer_size,
2138                     alg );
2139 
2140             return( status );
2141 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
2142 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2143 
2144             /* Fell through, meaning no accelerator supports this operation */
2145             operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
2146             status = mbedtls_psa_aead_encrypt_setup(
2147                         &operation->ctx.mbedtls_ctx, attributes,
2148                         key_buffer, key_buffer_size,
2149                         alg );
2150 
2151             return( status );
2152 
2153         /* Add cases for opaque driver here */
2154 
2155         default:
2156             /* Key is declared with a lifetime not known to us */
2157             (void)status;
2158             return( PSA_ERROR_INVALID_ARGUMENT );
2159     }
2160 }
2161 
psa_driver_wrapper_aead_decrypt_setup(psa_aead_operation_t * operation,const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg)2162 static inline psa_status_t psa_driver_wrapper_aead_decrypt_setup(
2163    psa_aead_operation_t *operation,
2164    const psa_key_attributes_t *attributes,
2165    const uint8_t *key_buffer, size_t key_buffer_size,
2166    psa_algorithm_t alg )
2167 {
2168     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2169     psa_key_location_t location =
2170         PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
2171 
2172     switch( location )
2173     {
2174         case PSA_KEY_LOCATION_LOCAL_STORAGE:
2175 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
2176         case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
2177 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
2178             /* Key is stored in the slot in export representation, so
2179              * cycle through all known transparent accelerators */
2180 
2181 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2182 #if defined(PSA_CRYPTO_DRIVER_TEST)
2183             operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
2184             status = mbedtls_test_transparent_aead_decrypt_setup(
2185                         &operation->ctx.transparent_test_driver_ctx,
2186                         attributes,
2187                         key_buffer, key_buffer_size,
2188                         alg );
2189 
2190             /* Declared with fallback == true */
2191             if( status != PSA_ERROR_NOT_SUPPORTED )
2192                 return( status );
2193 #endif /* PSA_CRYPTO_DRIVER_TEST */
2194 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
2195             operation->id = PSA_CRYPTO_CC3XX_DRIVER_ID;
2196             status = cc3xx_aead_decrypt_setup(
2197                     &operation->ctx.cc3xx_driver_ctx,
2198                     attributes,
2199                     key_buffer, key_buffer_size,
2200                     alg );
2201 
2202             return( status );
2203 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
2204 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2205 
2206             /* Fell through, meaning no accelerator supports this operation */
2207             operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
2208             status = mbedtls_psa_aead_decrypt_setup(
2209                         &operation->ctx.mbedtls_ctx,
2210                         attributes,
2211                         key_buffer, key_buffer_size,
2212                         alg );
2213 
2214             return( status );
2215 
2216         /* Add cases for opaque driver here */
2217 
2218         default:
2219             /* Key is declared with a lifetime not known to us */
2220             (void)status;
2221             return( PSA_ERROR_INVALID_ARGUMENT );
2222     }
2223 }
2224 
psa_driver_wrapper_aead_set_nonce(psa_aead_operation_t * operation,const uint8_t * nonce,size_t nonce_length)2225 static inline psa_status_t psa_driver_wrapper_aead_set_nonce(
2226    psa_aead_operation_t *operation,
2227    const uint8_t *nonce,
2228    size_t nonce_length )
2229 {
2230     switch( operation->id )
2231     {
2232 #if defined(MBEDTLS_PSA_BUILTIN_AEAD)
2233         case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2234             return( mbedtls_psa_aead_set_nonce( &operation->ctx.mbedtls_ctx,
2235                                                 nonce,
2236                                                 nonce_length ) );
2237 
2238 #endif /* MBEDTLS_PSA_BUILTIN_AEAD */
2239 
2240 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2241 #if defined(PSA_CRYPTO_DRIVER_TEST)
2242         case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2243             return( mbedtls_test_transparent_aead_set_nonce(
2244                          &operation->ctx.transparent_test_driver_ctx,
2245                          nonce, nonce_length ) );
2246 
2247         /* Add cases for opaque driver here */
2248 
2249 #endif /* PSA_CRYPTO_DRIVER_TEST */
2250 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
2251         case PSA_CRYPTO_CC3XX_DRIVER_ID:
2252             return( cc3xx_aead_set_nonce(
2253                         &operation->ctx.cc3xx_driver_ctx,
2254                         nonce, nonce_length ) );
2255 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
2256 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2257     }
2258 
2259     (void)nonce;
2260     (void)nonce_length;
2261 
2262     return( PSA_ERROR_INVALID_ARGUMENT );
2263 }
2264 
psa_driver_wrapper_aead_set_lengths(psa_aead_operation_t * operation,size_t ad_length,size_t plaintext_length)2265 static inline psa_status_t psa_driver_wrapper_aead_set_lengths(
2266    psa_aead_operation_t *operation,
2267    size_t ad_length,
2268    size_t plaintext_length )
2269 {
2270     switch( operation->id )
2271     {
2272 #if defined(MBEDTLS_PSA_BUILTIN_AEAD)
2273         case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2274             return( mbedtls_psa_aead_set_lengths( &operation->ctx.mbedtls_ctx,
2275                                                   ad_length,
2276                                                   plaintext_length ) );
2277 
2278 #endif /* MBEDTLS_PSA_BUILTIN_AEAD */
2279 
2280 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2281 #if defined(PSA_CRYPTO_DRIVER_TEST)
2282         case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2283             return( mbedtls_test_transparent_aead_set_lengths(
2284                         &operation->ctx.transparent_test_driver_ctx,
2285                         ad_length, plaintext_length ) );
2286 
2287         /* Add cases for opaque driver here */
2288 
2289 #endif /* PSA_CRYPTO_DRIVER_TEST */
2290 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
2291         case PSA_CRYPTO_CC3XX_DRIVER_ID:
2292             return( cc3xx_aead_set_lengths(
2293                     &operation->ctx.cc3xx_driver_ctx,
2294                     ad_length, plaintext_length ) );
2295 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
2296 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2297     }
2298 
2299     (void)ad_length;
2300     (void)plaintext_length;
2301 
2302     return( PSA_ERROR_INVALID_ARGUMENT );
2303 }
2304 
psa_driver_wrapper_aead_update_ad(psa_aead_operation_t * operation,const uint8_t * input,size_t input_length)2305 static inline psa_status_t psa_driver_wrapper_aead_update_ad(
2306    psa_aead_operation_t *operation,
2307    const uint8_t *input,
2308    size_t input_length )
2309 {
2310     switch( operation->id )
2311     {
2312 #if defined(MBEDTLS_PSA_BUILTIN_AEAD)
2313         case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2314             return( mbedtls_psa_aead_update_ad( &operation->ctx.mbedtls_ctx,
2315                                                 input,
2316                                                 input_length ) );
2317 
2318 #endif /* MBEDTLS_PSA_BUILTIN_AEAD */
2319 
2320 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2321 #if defined(PSA_CRYPTO_DRIVER_TEST)
2322         case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2323             return( mbedtls_test_transparent_aead_update_ad(
2324                         &operation->ctx.transparent_test_driver_ctx,
2325                         input, input_length ) );
2326 
2327         /* Add cases for opaque driver here */
2328 
2329 #endif /* PSA_CRYPTO_DRIVER_TEST */
2330 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
2331         case PSA_CRYPTO_CC3XX_DRIVER_ID:
2332             return( cc3xx_aead_update_ad(
2333                     &operation->ctx.cc3xx_driver_ctx,
2334                     input, input_length ) );
2335 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
2336 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2337     }
2338 
2339     (void)input;
2340     (void)input_length;
2341 
2342     return( PSA_ERROR_INVALID_ARGUMENT );
2343 }
2344 
psa_driver_wrapper_aead_update(psa_aead_operation_t * operation,const uint8_t * input,size_t input_length,uint8_t * output,size_t output_size,size_t * output_length)2345 static inline psa_status_t psa_driver_wrapper_aead_update(
2346    psa_aead_operation_t *operation,
2347    const uint8_t *input,
2348    size_t input_length,
2349    uint8_t *output,
2350    size_t output_size,
2351    size_t *output_length )
2352 {
2353     switch( operation->id )
2354     {
2355 #if defined(MBEDTLS_PSA_BUILTIN_AEAD)
2356         case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2357             return( mbedtls_psa_aead_update( &operation->ctx.mbedtls_ctx,
2358                                              input, input_length,
2359                                              output, output_size,
2360                                              output_length ) );
2361 
2362 #endif /* MBEDTLS_PSA_BUILTIN_AEAD */
2363 
2364 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2365 #if defined(PSA_CRYPTO_DRIVER_TEST)
2366         case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2367             return( mbedtls_test_transparent_aead_update(
2368                         &operation->ctx.transparent_test_driver_ctx,
2369                         input, input_length, output, output_size,
2370                         output_length ) );
2371 
2372         /* Add cases for opaque driver here */
2373 
2374 #endif /* PSA_CRYPTO_DRIVER_TEST */
2375 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
2376         case PSA_CRYPTO_CC3XX_DRIVER_ID:
2377             return( cc3xx_aead_update(
2378                     &operation->ctx.cc3xx_driver_ctx,
2379                     input, input_length, output, output_size,
2380                     output_length ) );
2381 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
2382 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2383     }
2384 
2385     (void)input;
2386     (void)input_length;
2387     (void)output;
2388     (void)output_size;
2389     (void)output_length;
2390 
2391     return( PSA_ERROR_INVALID_ARGUMENT );
2392 }
2393 
psa_driver_wrapper_aead_finish(psa_aead_operation_t * operation,uint8_t * ciphertext,size_t ciphertext_size,size_t * ciphertext_length,uint8_t * tag,size_t tag_size,size_t * tag_length)2394 static inline psa_status_t psa_driver_wrapper_aead_finish(
2395    psa_aead_operation_t *operation,
2396    uint8_t *ciphertext,
2397    size_t ciphertext_size,
2398    size_t *ciphertext_length,
2399    uint8_t *tag,
2400    size_t tag_size,
2401    size_t *tag_length )
2402 {
2403     switch( operation->id )
2404     {
2405 #if defined(MBEDTLS_PSA_BUILTIN_AEAD)
2406         case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2407             return( mbedtls_psa_aead_finish( &operation->ctx.mbedtls_ctx,
2408                                              ciphertext,
2409                                              ciphertext_size,
2410                                              ciphertext_length, tag,
2411                                              tag_size, tag_length ) );
2412 
2413 #endif /* MBEDTLS_PSA_BUILTIN_AEAD */
2414 
2415 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2416 #if defined(PSA_CRYPTO_DRIVER_TEST)
2417         case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2418             return( mbedtls_test_transparent_aead_finish(
2419                         &operation->ctx.transparent_test_driver_ctx,
2420                         ciphertext, ciphertext_size,
2421                         ciphertext_length, tag, tag_size, tag_length ) );
2422 
2423         /* Add cases for opaque driver here */
2424 
2425 #endif /* PSA_CRYPTO_DRIVER_TEST */
2426 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
2427         case PSA_CRYPTO_CC3XX_DRIVER_ID:
2428             return( cc3xx_aead_finish(
2429                     &operation->ctx.cc3xx_driver_ctx,
2430                     ciphertext, ciphertext_size,
2431                     ciphertext_length, tag, tag_size, tag_length ) );
2432 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
2433 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2434     }
2435 
2436     (void)ciphertext;
2437     (void)ciphertext_size;
2438     (void)ciphertext_length;
2439     (void)tag;
2440     (void)tag_size;
2441     (void)tag_length;
2442 
2443     return( PSA_ERROR_INVALID_ARGUMENT );
2444 }
2445 
psa_driver_wrapper_aead_verify(psa_aead_operation_t * operation,uint8_t * plaintext,size_t plaintext_size,size_t * plaintext_length,const uint8_t * tag,size_t tag_length)2446 static inline psa_status_t psa_driver_wrapper_aead_verify(
2447    psa_aead_operation_t *operation,
2448    uint8_t *plaintext,
2449    size_t plaintext_size,
2450    size_t *plaintext_length,
2451    const uint8_t *tag,
2452    size_t tag_length )
2453 {
2454     switch( operation->id )
2455     {
2456 #if defined(MBEDTLS_PSA_BUILTIN_AEAD)
2457         case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2458             {
2459                 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2460                 uint8_t check_tag[PSA_AEAD_TAG_MAX_SIZE];
2461                 size_t check_tag_length;
2462 
2463                 status = mbedtls_psa_aead_finish( &operation->ctx.mbedtls_ctx,
2464                                                   plaintext,
2465                                                   plaintext_size,
2466                                                   plaintext_length,
2467                                                   check_tag,
2468                                                   sizeof( check_tag ),
2469                                                   &check_tag_length );
2470 
2471                 if( status == PSA_SUCCESS )
2472                 {
2473                     if( tag_length != check_tag_length ||
2474                         mbedtls_ct_memcmp( tag, check_tag, tag_length )
2475                         != 0 )
2476                         status = PSA_ERROR_INVALID_SIGNATURE;
2477                 }
2478 
2479                 mbedtls_platform_zeroize( check_tag, sizeof( check_tag ) );
2480 
2481                 return( status );
2482             }
2483 
2484 #endif /* MBEDTLS_PSA_BUILTIN_AEAD */
2485 
2486 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2487 #if defined(PSA_CRYPTO_DRIVER_TEST)
2488         case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2489             return( mbedtls_test_transparent_aead_verify(
2490                         &operation->ctx.transparent_test_driver_ctx,
2491                         plaintext, plaintext_size,
2492                         plaintext_length, tag, tag_length ) );
2493 
2494         /* Add cases for opaque driver here */
2495 
2496 #endif /* PSA_CRYPTO_DRIVER_TEST */
2497 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
2498         case PSA_CRYPTO_CC3XX_DRIVER_ID:
2499             return( cc3xx_aead_verify(
2500                     &operation->ctx.cc3xx_driver_ctx,
2501                     plaintext, plaintext_size,
2502                     plaintext_length, tag, tag_length ) );
2503 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
2504 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2505     }
2506 
2507     (void)plaintext;
2508     (void)plaintext_size;
2509     (void)plaintext_length;
2510     (void)tag;
2511     (void)tag_length;
2512 
2513     return( PSA_ERROR_INVALID_ARGUMENT );
2514 }
2515 
psa_driver_wrapper_aead_abort(psa_aead_operation_t * operation)2516 static inline psa_status_t psa_driver_wrapper_aead_abort(
2517    psa_aead_operation_t *operation )
2518 {
2519     switch( operation->id )
2520     {
2521 #if defined(MBEDTLS_PSA_BUILTIN_AEAD)
2522         case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2523             return( mbedtls_psa_aead_abort( &operation->ctx.mbedtls_ctx ) );
2524 
2525 #endif /* MBEDTLS_PSA_BUILTIN_AEAD */
2526 
2527 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2528 #if defined(PSA_CRYPTO_DRIVER_TEST)
2529         case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2530             return( mbedtls_test_transparent_aead_abort(
2531                &operation->ctx.transparent_test_driver_ctx ) );
2532 
2533         /* Add cases for opaque driver here */
2534 
2535 #endif /* PSA_CRYPTO_DRIVER_TEST */
2536 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
2537         case PSA_CRYPTO_CC3XX_DRIVER_ID:
2538             return( cc3xx_aead_abort(
2539                     &operation->ctx.cc3xx_driver_ctx ) );
2540 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
2541 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2542     }
2543 
2544     return( PSA_ERROR_INVALID_ARGUMENT );
2545 }
2546 
2547 /*
2548  * MAC functions
2549  */
psa_driver_wrapper_mac_compute(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * input,size_t input_length,uint8_t * mac,size_t mac_size,size_t * mac_length)2550 static inline psa_status_t psa_driver_wrapper_mac_compute(
2551     const psa_key_attributes_t *attributes,
2552     const uint8_t *key_buffer,
2553     size_t key_buffer_size,
2554     psa_algorithm_t alg,
2555     const uint8_t *input,
2556     size_t input_length,
2557     uint8_t *mac,
2558     size_t mac_size,
2559     size_t *mac_length )
2560 {
2561     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2562     psa_key_location_t location =
2563         PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
2564 
2565     switch( location )
2566     {
2567         case PSA_KEY_LOCATION_LOCAL_STORAGE:
2568 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
2569         case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
2570 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
2571             /* Key is stored in the slot in export representation, so
2572              * cycle through all known transparent accelerators */
2573 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2574 #if defined(PSA_CRYPTO_DRIVER_TEST)
2575             status = mbedtls_test_transparent_mac_compute(
2576                 attributes, key_buffer, key_buffer_size, alg,
2577                 input, input_length,
2578                 mac, mac_size, mac_length );
2579             /* Declared with fallback == true */
2580             if( status != PSA_ERROR_NOT_SUPPORTED )
2581                 return( status );
2582 #endif /* PSA_CRYPTO_DRIVER_TEST */
2583 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
2584             status = cc3xx_mac_compute(attributes, key_buffer, key_buffer_size, alg,
2585                 input, input_length,
2586                 mac, mac_size, mac_length);
2587             return( status );
2588 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
2589 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2590 #if defined(MBEDTLS_PSA_BUILTIN_MAC)
2591             /* Fell through, meaning no accelerator supports this operation */
2592             status = mbedtls_psa_mac_compute(
2593                 attributes, key_buffer, key_buffer_size, alg,
2594                 input, input_length,
2595                 mac, mac_size, mac_length );
2596             if( status != PSA_ERROR_NOT_SUPPORTED )
2597                 return( status );
2598 #endif /* MBEDTLS_PSA_BUILTIN_MAC */
2599             return( PSA_ERROR_NOT_SUPPORTED );
2600 
2601         /* Add cases for opaque driver here */
2602 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2603 #if defined(PSA_CRYPTO_DRIVER_TEST)
2604         case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2605             status = mbedtls_test_opaque_mac_compute(
2606                 attributes, key_buffer, key_buffer_size, alg,
2607                 input, input_length,
2608                 mac, mac_size, mac_length );
2609             return( status );
2610 #endif /* PSA_CRYPTO_DRIVER_TEST */
2611 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2612         default:
2613             /* Key is declared with a lifetime not known to us */
2614             (void) key_buffer;
2615             (void) key_buffer_size;
2616             (void) alg;
2617             (void) input;
2618             (void) input_length;
2619             (void) mac;
2620             (void) mac_size;
2621             (void) mac_length;
2622             (void) status;
2623             return( PSA_ERROR_INVALID_ARGUMENT );
2624     }
2625 }
2626 
psa_driver_wrapper_mac_sign_setup(psa_mac_operation_t * operation,const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg)2627 static inline psa_status_t psa_driver_wrapper_mac_sign_setup(
2628     psa_mac_operation_t *operation,
2629     const psa_key_attributes_t *attributes,
2630     const uint8_t *key_buffer,
2631     size_t key_buffer_size,
2632     psa_algorithm_t alg )
2633 {
2634     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2635     psa_key_location_t location =
2636         PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
2637 
2638     switch( location )
2639     {
2640         case PSA_KEY_LOCATION_LOCAL_STORAGE:
2641 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
2642         case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
2643 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
2644             /* Key is stored in the slot in export representation, so
2645              * cycle through all known transparent accelerators */
2646 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2647 #if defined(PSA_CRYPTO_DRIVER_TEST)
2648             status = mbedtls_test_transparent_mac_sign_setup(
2649                 &operation->ctx.transparent_test_driver_ctx,
2650                 attributes,
2651                 key_buffer, key_buffer_size,
2652                 alg );
2653             /* Declared with fallback == true */
2654             if( status == PSA_SUCCESS )
2655                 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
2656 
2657             if( status != PSA_ERROR_NOT_SUPPORTED )
2658                 return( status );
2659 #endif /* PSA_CRYPTO_DRIVER_TEST */
2660 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
2661             status = cc3xx_mac_sign_setup(
2662                     &operation->ctx.cc3xx_driver_ctx,
2663                     attributes,
2664                     key_buffer, key_buffer_size,
2665                     alg);
2666             operation->id = PSA_CRYPTO_CC3XX_DRIVER_ID;
2667             return status;
2668 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
2669 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2670 #if defined(MBEDTLS_PSA_BUILTIN_MAC)
2671             /* Fell through, meaning no accelerator supports this operation */
2672             status = mbedtls_psa_mac_sign_setup( &operation->ctx.mbedtls_ctx,
2673                                                  attributes,
2674                                                  key_buffer, key_buffer_size,
2675                                                  alg );
2676             if( status == PSA_SUCCESS )
2677                 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
2678 
2679             if( status != PSA_ERROR_NOT_SUPPORTED )
2680                 return( status );
2681 #endif /* MBEDTLS_PSA_BUILTIN_MAC */
2682             return( PSA_ERROR_NOT_SUPPORTED );
2683 
2684         /* Add cases for opaque driver here */
2685 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2686 #if defined(PSA_CRYPTO_DRIVER_TEST)
2687         case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2688             status = mbedtls_test_opaque_mac_sign_setup(
2689                 &operation->ctx.opaque_test_driver_ctx,
2690                 attributes,
2691                 key_buffer, key_buffer_size,
2692                 alg );
2693 
2694             if( status == PSA_SUCCESS )
2695                 operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID;
2696 
2697             return( status );
2698 #endif /* PSA_CRYPTO_DRIVER_TEST */
2699 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2700         default:
2701             /* Key is declared with a lifetime not known to us */
2702             (void) status;
2703             (void) operation;
2704             (void) key_buffer;
2705             (void) key_buffer_size;
2706             (void) alg;
2707             return( PSA_ERROR_INVALID_ARGUMENT );
2708     }
2709 }
2710 
psa_driver_wrapper_mac_verify_setup(psa_mac_operation_t * operation,const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg)2711 static inline psa_status_t psa_driver_wrapper_mac_verify_setup(
2712     psa_mac_operation_t *operation,
2713     const psa_key_attributes_t *attributes,
2714     const uint8_t *key_buffer,
2715     size_t key_buffer_size,
2716     psa_algorithm_t alg )
2717 {
2718     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2719     psa_key_location_t location =
2720         PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
2721 
2722     switch( location )
2723     {
2724         case PSA_KEY_LOCATION_LOCAL_STORAGE:
2725 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
2726         case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
2727 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
2728             /* Key is stored in the slot in export representation, so
2729              * cycle through all known transparent accelerators */
2730 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2731 #if defined(PSA_CRYPTO_DRIVER_TEST)
2732             status = mbedtls_test_transparent_mac_verify_setup(
2733                 &operation->ctx.transparent_test_driver_ctx,
2734                 attributes,
2735                 key_buffer, key_buffer_size,
2736                 alg );
2737             /* Declared with fallback == true */
2738             if( status == PSA_SUCCESS )
2739                 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
2740 
2741             if( status != PSA_ERROR_NOT_SUPPORTED )
2742                 return( status );
2743 #endif /* PSA_CRYPTO_DRIVER_TEST */
2744 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
2745             status = cc3xx_mac_verify_setup(
2746                 &operation->ctx.cc3xx_driver_ctx,
2747                 attributes,
2748                 key_buffer, key_buffer_size,
2749                 alg);
2750             operation->id = PSA_CRYPTO_CC3XX_DRIVER_ID;
2751             return status;
2752 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
2753 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2754 #if defined(MBEDTLS_PSA_BUILTIN_MAC)
2755             /* Fell through, meaning no accelerator supports this operation */
2756             status = mbedtls_psa_mac_verify_setup( &operation->ctx.mbedtls_ctx,
2757                                                    attributes,
2758                                                    key_buffer, key_buffer_size,
2759                                                    alg );
2760             if( status == PSA_SUCCESS )
2761                 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
2762 
2763             if( status != PSA_ERROR_NOT_SUPPORTED )
2764                 return( status );
2765 #endif /* MBEDTLS_PSA_BUILTIN_MAC */
2766             return( PSA_ERROR_NOT_SUPPORTED );
2767 
2768         /* Add cases for opaque driver here */
2769 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2770 #if defined(PSA_CRYPTO_DRIVER_TEST)
2771         case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2772             status = mbedtls_test_opaque_mac_verify_setup(
2773                 &operation->ctx.opaque_test_driver_ctx,
2774                 attributes,
2775                 key_buffer, key_buffer_size,
2776                 alg );
2777 
2778             if( status == PSA_SUCCESS )
2779                 operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID;
2780 
2781             return( status );
2782 #endif /* PSA_CRYPTO_DRIVER_TEST */
2783 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2784         default:
2785             /* Key is declared with a lifetime not known to us */
2786             (void) status;
2787             (void) operation;
2788             (void) key_buffer;
2789             (void) key_buffer_size;
2790             (void) alg;
2791             return( PSA_ERROR_INVALID_ARGUMENT );
2792     }
2793 }
2794 
psa_driver_wrapper_mac_update(psa_mac_operation_t * operation,const uint8_t * input,size_t input_length)2795 static inline psa_status_t psa_driver_wrapper_mac_update(
2796     psa_mac_operation_t *operation,
2797     const uint8_t *input,
2798     size_t input_length )
2799 {
2800     switch( operation->id )
2801     {
2802 #if defined(MBEDTLS_PSA_BUILTIN_MAC)
2803         case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2804             return( mbedtls_psa_mac_update( &operation->ctx.mbedtls_ctx,
2805                                             input, input_length ) );
2806 #endif /* MBEDTLS_PSA_BUILTIN_MAC */
2807 
2808 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2809 #if defined(PSA_CRYPTO_DRIVER_TEST)
2810         case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2811             return( mbedtls_test_transparent_mac_update(
2812                         &operation->ctx.transparent_test_driver_ctx,
2813                         input, input_length ) );
2814 
2815         case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
2816             return( mbedtls_test_opaque_mac_update(
2817                         &operation->ctx.opaque_test_driver_ctx,
2818                         input, input_length ) );
2819 #endif /* PSA_CRYPTO_DRIVER_TEST */
2820 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
2821         case PSA_CRYPTO_CC3XX_DRIVER_ID:
2822             return(cc3xx_mac_update(&operation->ctx.cc3xx_driver_ctx, input, input_length));
2823 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
2824 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2825         default:
2826             (void) input;
2827             (void) input_length;
2828             return( PSA_ERROR_INVALID_ARGUMENT );
2829     }
2830 }
2831 
psa_driver_wrapper_mac_sign_finish(psa_mac_operation_t * operation,uint8_t * mac,size_t mac_size,size_t * mac_length)2832 static inline psa_status_t psa_driver_wrapper_mac_sign_finish(
2833     psa_mac_operation_t *operation,
2834     uint8_t *mac,
2835     size_t mac_size,
2836     size_t *mac_length )
2837 {
2838     switch( operation->id )
2839     {
2840 #if defined(MBEDTLS_PSA_BUILTIN_MAC)
2841         case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2842             return( mbedtls_psa_mac_sign_finish( &operation->ctx.mbedtls_ctx,
2843                                                  mac, mac_size, mac_length ) );
2844 #endif /* MBEDTLS_PSA_BUILTIN_MAC */
2845 
2846 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2847 #if defined(PSA_CRYPTO_DRIVER_TEST)
2848         case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2849             return( mbedtls_test_transparent_mac_sign_finish(
2850                         &operation->ctx.transparent_test_driver_ctx,
2851                         mac, mac_size, mac_length ) );
2852 
2853         case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
2854             return( mbedtls_test_opaque_mac_sign_finish(
2855                         &operation->ctx.opaque_test_driver_ctx,
2856                         mac, mac_size, mac_length ) );
2857 #endif /* PSA_CRYPTO_DRIVER_TEST */
2858 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
2859         case PSA_CRYPTO_CC3XX_DRIVER_ID:
2860             return(cc3xx_mac_sign_finish(&operation->ctx.cc3xx_driver_ctx,
2861                         mac, mac_size, mac_length));
2862 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
2863 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2864         default:
2865             (void) mac;
2866             (void) mac_size;
2867             (void) mac_length;
2868             return( PSA_ERROR_INVALID_ARGUMENT );
2869     }
2870 }
2871 
psa_driver_wrapper_mac_verify_finish(psa_mac_operation_t * operation,const uint8_t * mac,size_t mac_length)2872 static inline psa_status_t psa_driver_wrapper_mac_verify_finish(
2873     psa_mac_operation_t *operation,
2874     const uint8_t *mac,
2875     size_t mac_length )
2876 {
2877     switch( operation->id )
2878     {
2879 #if defined(MBEDTLS_PSA_BUILTIN_MAC)
2880         case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2881             return( mbedtls_psa_mac_verify_finish( &operation->ctx.mbedtls_ctx,
2882                                                    mac, mac_length ) );
2883 #endif /* MBEDTLS_PSA_BUILTIN_MAC */
2884 
2885 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2886 #if defined(PSA_CRYPTO_DRIVER_TEST)
2887         case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2888             return( mbedtls_test_transparent_mac_verify_finish(
2889                         &operation->ctx.transparent_test_driver_ctx,
2890                         mac, mac_length ) );
2891 
2892         case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
2893             return( mbedtls_test_opaque_mac_verify_finish(
2894                         &operation->ctx.opaque_test_driver_ctx,
2895                         mac, mac_length ) );
2896 #endif /* PSA_CRYPTO_DRIVER_TEST */
2897 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
2898         case PSA_CRYPTO_CC3XX_DRIVER_ID:
2899             return(cc3xx_mac_verify_finish(
2900                         &operation->ctx.cc3xx_driver_ctx,
2901                         mac, mac_length));
2902 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
2903 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2904         default:
2905             (void) mac;
2906             (void) mac_length;
2907             return( PSA_ERROR_INVALID_ARGUMENT );
2908     }
2909 }
2910 
psa_driver_wrapper_mac_abort(psa_mac_operation_t * operation)2911 static inline psa_status_t psa_driver_wrapper_mac_abort(
2912     psa_mac_operation_t *operation )
2913 {
2914     switch( operation->id )
2915     {
2916 #if defined(MBEDTLS_PSA_BUILTIN_MAC)
2917         case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2918             return( mbedtls_psa_mac_abort( &operation->ctx.mbedtls_ctx ) );
2919 #endif /* MBEDTLS_PSA_BUILTIN_MAC */
2920 
2921 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2922 #if defined(PSA_CRYPTO_DRIVER_TEST)
2923         case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2924             return( mbedtls_test_transparent_mac_abort(
2925                         &operation->ctx.transparent_test_driver_ctx ) );
2926         case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
2927             return( mbedtls_test_opaque_mac_abort(
2928                         &operation->ctx.opaque_test_driver_ctx ) );
2929 #endif /* PSA_CRYPTO_DRIVER_TEST */
2930 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
2931         case PSA_CRYPTO_CC3XX_DRIVER_ID:
2932             return(cc3xx_mac_abort(&operation->ctx.cc3xx_driver_ctx));
2933 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
2934 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2935         default:
2936             return( PSA_ERROR_INVALID_ARGUMENT );
2937     }
2938 }
2939 
2940 /*
2941  * Asymmetric cryptography
2942  */
psa_driver_wrapper_asymmetric_encrypt(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * input,size_t input_length,const uint8_t * salt,size_t salt_length,uint8_t * output,size_t output_size,size_t * output_length)2943 static inline psa_status_t psa_driver_wrapper_asymmetric_encrypt(
2944     const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
2945     size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input,
2946     size_t input_length, const uint8_t *salt, size_t salt_length,
2947     uint8_t *output, size_t output_size, size_t *output_length )
2948 {
2949     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2950     psa_key_location_t location =
2951         PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
2952 
2953     switch( location )
2954     {
2955         case PSA_KEY_LOCATION_LOCAL_STORAGE:
2956 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
2957         case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
2958 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
2959             /* Key is stored in the slot in export representation, so
2960              * cycle through all known transparent accelerators */
2961 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2962 #if defined(PSA_CRYPTO_DRIVER_TEST)
2963             status = mbedtls_test_transparent_asymmetric_encrypt( attributes,
2964                         key_buffer, key_buffer_size, alg, input, input_length,
2965                         salt, salt_length, output, output_size,
2966                         output_length );
2967             /* Declared with fallback == true */
2968             if( status != PSA_ERROR_NOT_SUPPORTED )
2969                 return( status );
2970 #endif /* PSA_CRYPTO_DRIVER_TEST */
2971 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
2972             status = cc3xx_asymmetric_encrypt( attributes,
2973                                                key_buffer,
2974                                                key_buffer_size,
2975                                                alg,
2976                                                input,
2977                                                input_length,
2978                                                salt,
2979                                                salt_length,
2980                                                output,
2981                                                output_size,
2982                                                output_length );
2983             return( status );
2984 #endif  /* PSA_CRYPTO_DRIVER_CC3XX */
2985 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2986             return( mbedtls_psa_asymmetric_encrypt( attributes,
2987                         key_buffer, key_buffer_size, alg, input, input_length,
2988                         salt, salt_length, output, output_size, output_length )
2989                   );
2990         /* Add cases for opaque driver here */
2991 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2992 #if defined(PSA_CRYPTO_DRIVER_TEST)
2993         case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2994             return( mbedtls_test_opaque_asymmetric_encrypt( attributes,
2995                         key_buffer, key_buffer_size, alg, input, input_length,
2996                         salt, salt_length, output, output_size, output_length )
2997                   );
2998 #endif /* PSA_CRYPTO_DRIVER_TEST */
2999 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
3000 
3001         default:
3002             /* Key is declared with a lifetime not known to us */
3003             (void)status;
3004             (void)key_buffer;
3005             (void)key_buffer_size;
3006             (void)alg;
3007             (void)input;
3008             (void)input_length;
3009             (void)salt;
3010             (void)salt_length;
3011             (void)output;
3012             (void)output_size;
3013             (void)output_length;
3014             return( PSA_ERROR_INVALID_ARGUMENT );
3015     }
3016 }
3017 
psa_driver_wrapper_asymmetric_decrypt(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * input,size_t input_length,const uint8_t * salt,size_t salt_length,uint8_t * output,size_t output_size,size_t * output_length)3018 static inline psa_status_t psa_driver_wrapper_asymmetric_decrypt(
3019     const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
3020     size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input,
3021     size_t input_length, const uint8_t *salt, size_t salt_length,
3022     uint8_t *output, size_t output_size, size_t *output_length )
3023 {
3024     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
3025     psa_key_location_t location =
3026         PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
3027 
3028     switch( location )
3029     {
3030         case PSA_KEY_LOCATION_LOCAL_STORAGE:
3031 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
3032         case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
3033 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
3034             /* Key is stored in the slot in export representation, so
3035              * cycle through all known transparent accelerators */
3036 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
3037 #if defined(PSA_CRYPTO_DRIVER_TEST)
3038             status = mbedtls_test_transparent_asymmetric_decrypt( attributes,
3039                         key_buffer, key_buffer_size, alg, input, input_length,
3040                         salt, salt_length, output, output_size,
3041                         output_length );
3042             /* Declared with fallback == true */
3043             if( status != PSA_ERROR_NOT_SUPPORTED )
3044                 return( status );
3045 #endif /* PSA_CRYPTO_DRIVER_TEST */
3046 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
3047             status = cc3xx_asymmetric_decrypt( attributes,
3048                                                key_buffer,
3049                                                key_buffer_size,
3050                                                alg,
3051                                                input,
3052                                                input_length,
3053                                                salt,
3054                                                salt_length,
3055                                                output,
3056                                                output_size,
3057                                                output_length );
3058             return( status );
3059 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
3060 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
3061             return( mbedtls_psa_asymmetric_decrypt( attributes,
3062                         key_buffer, key_buffer_size, alg,input, input_length,
3063                         salt, salt_length, output, output_size,
3064                         output_length ) );
3065         /* Add cases for opaque driver here */
3066 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
3067 #if defined(PSA_CRYPTO_DRIVER_TEST)
3068         case PSA_CRYPTO_TEST_DRIVER_LOCATION:
3069             return( mbedtls_test_opaque_asymmetric_decrypt( attributes,
3070                         key_buffer, key_buffer_size, alg, input, input_length,
3071                         salt, salt_length, output, output_size,
3072                         output_length ) );
3073 #endif /* PSA_CRYPTO_DRIVER_TEST */
3074 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
3075 
3076         default:
3077             /* Key is declared with a lifetime not known to us */
3078             (void)status;
3079             (void)key_buffer;
3080             (void)key_buffer_size;
3081             (void)alg;
3082             (void)input;
3083             (void)input_length;
3084             (void)salt;
3085             (void)salt_length;
3086             (void)output;
3087             (void)output_size;
3088             (void)output_length;
3089             return( PSA_ERROR_INVALID_ARGUMENT );
3090     }
3091 }
3092 
psa_driver_wrapper_key_agreement(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * peer_key,size_t peer_key_length,uint8_t * shared_secret,size_t shared_secret_size,size_t * shared_secret_length)3093 static inline psa_status_t psa_driver_wrapper_key_agreement(
3094     const psa_key_attributes_t *attributes,
3095     const uint8_t *key_buffer,
3096     size_t key_buffer_size,
3097     psa_algorithm_t alg,
3098     const uint8_t *peer_key,
3099     size_t peer_key_length,
3100     uint8_t *shared_secret,
3101     size_t shared_secret_size,
3102     size_t *shared_secret_length
3103  )
3104 {
3105     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
3106     psa_key_location_t location =
3107         PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
3108 
3109     switch( location )
3110     {
3111         case PSA_KEY_LOCATION_LOCAL_STORAGE:
3112 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
3113         case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
3114 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
3115             /* Key is stored in the slot in export representation, so
3116              * cycle through all known transparent accelerators */
3117 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
3118 #if defined(PSA_CRYPTO_DRIVER_TEST)
3119             status =
3120                 mbedtls_test_transparent_key_agreement( attributes,
3121                         key_buffer, key_buffer_size, alg, peer_key,
3122                         peer_key_length, shared_secret, shared_secret_size,
3123                         shared_secret_length );
3124             if( status != PSA_ERROR_NOT_SUPPORTED )
3125                 return( status );
3126 #endif /* PSA_CRYPTO_DRIVER_TEST */
3127 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
3128             status = cc3xx_key_agreement( attributes,
3129                                           key_buffer,
3130                                           key_buffer_size,
3131                                           peer_key,
3132                                           peer_key_length,
3133                                           shared_secret,
3134                                           shared_secret_size,
3135                                           shared_secret_length,
3136                                           alg );
3137             return( status );
3138 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
3139 #if defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED)
3140             if( PSA_KEY_TYPE_IS_ECC( psa_get_key_type(attributes) ) &&
3141                 PSA_ALG_IS_ECDH(alg) &&
3142                 PSA_KEY_TYPE_ECC_GET_FAMILY(psa_get_key_type(attributes)) == PSA_ECC_FAMILY_SECP_R1 &&
3143                 psa_get_key_bits(attributes) == 256 )
3144             {
3145                 status = p256_transparent_key_agreement( attributes,
3146                                                          key_buffer,
3147                                                          key_buffer_size,
3148                                                          alg,
3149                                                          peer_key,
3150                                                          peer_key_length,
3151                                                          shared_secret,
3152                                                          shared_secret_size,
3153                                                          shared_secret_length );
3154                 if( status != PSA_ERROR_NOT_SUPPORTED)
3155                     return( status );
3156             }
3157 #endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */
3158 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
3159 
3160             /* Software Fallback */
3161             status = psa_key_agreement_raw_builtin( attributes,
3162                                                     key_buffer,
3163                                                     key_buffer_size,
3164                                                     alg,
3165                                                     peer_key,
3166                                                     peer_key_length,
3167                                                     shared_secret,
3168                                                     shared_secret_size,
3169                                                     shared_secret_length );
3170             return( status );
3171 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
3172 #if defined(PSA_CRYPTO_DRIVER_TEST)
3173         case PSA_CRYPTO_TEST_DRIVER_LOCATION:
3174             return( mbedtls_test_opaque_key_agreement( attributes,
3175                         key_buffer, key_buffer_size, alg, peer_key,
3176                         peer_key_length, shared_secret, shared_secret_size,
3177                         shared_secret_length ) );
3178 #endif /* PSA_CRYPTO_DRIVER_TEST */
3179 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
3180 
3181         default:
3182             (void) attributes;
3183             (void) key_buffer;
3184             (void) key_buffer_size;
3185             (void) peer_key;
3186             (void) peer_key_length;
3187             (void) shared_secret;
3188             (void) shared_secret_size;
3189             (void) shared_secret_length;
3190             return( PSA_ERROR_NOT_SUPPORTED );
3191 
3192     }
3193 }
3194 
psa_driver_wrapper_pake_setup(psa_pake_operation_t * operation,const psa_crypto_driver_pake_inputs_t * inputs)3195 static inline psa_status_t psa_driver_wrapper_pake_setup(
3196     psa_pake_operation_t *operation,
3197     const psa_crypto_driver_pake_inputs_t *inputs )
3198 {
3199     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
3200 
3201     psa_key_location_t location =
3202             PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime( &inputs->attributes ) );
3203 
3204     switch( location )
3205     {
3206         case PSA_KEY_LOCATION_LOCAL_STORAGE:
3207 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
3208         case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
3209 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
3210             /* Key is stored in the slot in export representation, so
3211              * cycle through all known transparent accelerators */
3212             status = PSA_ERROR_NOT_SUPPORTED;
3213 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
3214 #if defined(PSA_CRYPTO_DRIVER_TEST)
3215             status = mbedtls_test_transparent_pake_setup(
3216                         &operation->data.ctx.transparent_test_driver_ctx,
3217                         inputs );
3218             if( status == PSA_SUCCESS )
3219                 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
3220             /* Declared with fallback == true */
3221             if( status != PSA_ERROR_NOT_SUPPORTED )
3222                 return( status );
3223 #endif /* PSA_CRYPTO_DRIVER_TEST */
3224 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
3225 #if defined(MBEDTLS_PSA_BUILTIN_PAKE)
3226             status = mbedtls_psa_pake_setup( &operation->data.ctx.mbedtls_ctx,
3227                         inputs );
3228             if( status == PSA_SUCCESS )
3229                 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
3230 #endif
3231             return status;
3232         /* Add cases for opaque driver here */
3233         default:
3234             /* Key is declared with a lifetime not known to us */
3235             (void)operation;
3236             return( PSA_ERROR_INVALID_ARGUMENT );
3237     }
3238 }
3239 
psa_driver_wrapper_pake_output(psa_pake_operation_t * operation,psa_crypto_driver_pake_step_t step,uint8_t * output,size_t output_size,size_t * output_length)3240 static inline psa_status_t psa_driver_wrapper_pake_output(
3241     psa_pake_operation_t *operation,
3242     psa_crypto_driver_pake_step_t step,
3243     uint8_t *output,
3244     size_t output_size,
3245     size_t *output_length )
3246 {
3247     switch( operation->id )
3248     {
3249 #if defined(MBEDTLS_PSA_BUILTIN_PAKE)
3250         case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
3251             return( mbedtls_psa_pake_output( &operation->data.ctx.mbedtls_ctx, step,
3252                                              output, output_size, output_length ) );
3253 #endif /* MBEDTLS_PSA_BUILTIN_PAKE */
3254 
3255 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
3256 #if defined(PSA_CRYPTO_DRIVER_TEST)
3257         case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
3258             return( mbedtls_test_transparent_pake_output(
3259                         &operation->data.ctx.transparent_test_driver_ctx,
3260                         step, output, output_size, output_length ) );
3261 #endif /* PSA_CRYPTO_DRIVER_TEST */
3262 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
3263         default:
3264             (void) step;
3265             (void) output;
3266             (void) output_size;
3267             (void) output_length;
3268             return( PSA_ERROR_INVALID_ARGUMENT );
3269     }
3270 }
3271 
psa_driver_wrapper_pake_input(psa_pake_operation_t * operation,psa_crypto_driver_pake_step_t step,const uint8_t * input,size_t input_length)3272 static inline psa_status_t psa_driver_wrapper_pake_input(
3273     psa_pake_operation_t *operation,
3274     psa_crypto_driver_pake_step_t step,
3275     const uint8_t *input,
3276     size_t input_length )
3277 {
3278     switch( operation->id )
3279     {
3280 #if defined(MBEDTLS_PSA_BUILTIN_PAKE)
3281         case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
3282             return( mbedtls_psa_pake_input( &operation->data.ctx.mbedtls_ctx,
3283                                             step, input,
3284                                             input_length ) );
3285 #endif /* MBEDTLS_PSA_BUILTIN_PAKE */
3286 
3287 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
3288 #if defined(PSA_CRYPTO_DRIVER_TEST)
3289         case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
3290             return( mbedtls_test_transparent_pake_input(
3291                         &operation->data.ctx.transparent_test_driver_ctx,
3292                         step,
3293                         input, input_length ) );
3294 #endif /* PSA_CRYPTO_DRIVER_TEST */
3295 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
3296         default:
3297             (void) step;
3298             (void) input;
3299             (void) input_length;
3300             return( PSA_ERROR_INVALID_ARGUMENT );
3301     }
3302 }
3303 
psa_driver_wrapper_pake_get_implicit_key(psa_pake_operation_t * operation,uint8_t * output,size_t output_size,size_t * output_length)3304 static inline psa_status_t psa_driver_wrapper_pake_get_implicit_key(
3305     psa_pake_operation_t *operation,
3306     uint8_t *output, size_t output_size,
3307     size_t *output_length )
3308 {
3309     switch( operation->id )
3310     {
3311 #if defined(MBEDTLS_PSA_BUILTIN_PAKE)
3312         case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
3313             return( mbedtls_psa_pake_get_implicit_key( &operation->data.ctx.mbedtls_ctx,
3314                                                        output, output_size, output_length ) );
3315 #endif /* MBEDTLS_PSA_BUILTIN_PAKE */
3316 
3317 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
3318 #if defined(PSA_CRYPTO_DRIVER_TEST)
3319         case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
3320             return( mbedtls_test_transparent_pake_get_implicit_key(
3321                         &operation->data.ctx.transparent_test_driver_ctx,
3322                         output, output_size, output_length ) );
3323 #endif /* PSA_CRYPTO_DRIVER_TEST */
3324 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
3325         default:
3326             (void) output;
3327             (void) output_size;
3328             (void) output_length;
3329             return( PSA_ERROR_INVALID_ARGUMENT );
3330     }
3331 }
3332 
psa_driver_wrapper_pake_abort(psa_pake_operation_t * operation)3333 static inline psa_status_t psa_driver_wrapper_pake_abort(
3334     psa_pake_operation_t * operation )
3335 {
3336     switch( operation->id )
3337     {
3338 #if defined(MBEDTLS_PSA_BUILTIN_PAKE)
3339         case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
3340             return( mbedtls_psa_pake_abort( &operation->data.ctx.mbedtls_ctx ) );
3341 #endif /* MBEDTLS_PSA_BUILTIN_PAKE */
3342 
3343 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
3344 #if defined(PSA_CRYPTO_DRIVER_TEST)
3345         case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
3346             return( mbedtls_test_transparent_pake_abort(
3347                         &operation->data.ctx.transparent_test_driver_ctx ) );
3348 #endif /* PSA_CRYPTO_DRIVER_TEST */
3349 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
3350         default:
3351             return( PSA_ERROR_INVALID_ARGUMENT );
3352     }
3353 }
3354 
3355 #endif /* MBEDTLS_PSA_CRYPTO_C */
3356