1 /*
2 * Functions to delegate cryptographic operations to an available
3 * and appropriate accelerator.
4 * Warning: This file is now auto-generated.
5 */
6 /* Copyright The Mbed TLS Contributors
7 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
8 */
9
10
11 /* BEGIN-common headers */
12 #include "common.h"
13 #include "psa_crypto_aead.h"
14 #include "psa_crypto_cipher.h"
15 #include "psa_crypto_core.h"
16 #include "psa_crypto_driver_wrappers_no_static.h"
17 #include "psa_crypto_hash.h"
18 #include "psa_crypto_mac.h"
19 #include "psa_crypto_pake.h"
20 #include "psa_crypto_rsa.h"
21
22 #include "mbedtls/platform.h"
23 #include "mbedtls/constant_time.h"
24 /* END-common headers */
25
26 #if defined(MBEDTLS_PSA_CRYPTO_C) || defined(MCUBOOT_USE_PSA_CRYPTO)
27
28 /* BEGIN-driver headers */
29 /* Headers for mbedtls_test opaque driver */
30 #if defined(PSA_CRYPTO_DRIVER_TEST)
31 #include "test/drivers/test_driver.h"
32
33 #endif
34 /* Headers for mbedtls_test transparent driver */
35 #if defined(PSA_CRYPTO_DRIVER_TEST)
36 #include "test/drivers/test_driver.h"
37
38 #endif
39 /* Headers for p256 transparent driver */
40 #if defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED)
41 #include "../3rdparty/p256-m/p256-m_driver_entrypoints.h"
42
43 #endif
44
45 /* Include TF-M builtin key driver */
46 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
47 #ifndef PSA_CRYPTO_DRIVER_PRESENT
48 #define PSA_CRYPTO_DRIVER_PRESENT
49 #endif
50 #ifndef PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT
51 #define PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT
52 #endif
53 #include "tfm_builtin_key_loader.h"
54 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
55
56 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
57 #ifndef PSA_CRYPTO_DRIVER_PRESENT
58 #define PSA_CRYPTO_DRIVER_PRESENT
59 #endif
60 #ifndef PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT
61 #define PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT
62 #endif
63 #include "cc3xx.h"
64 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
65
66 /* END-driver headers */
67
68 /* Auto-generated values depending on which drivers are registered.
69 * ID 0 is reserved for unallocated operations.
70 * ID 1 is reserved for the Mbed TLS software driver. */
71 /* BEGIN-driver id definition */
72 enum {
73 PSA_CRYPTO_MBED_TLS_DRIVER_ID = 1,
74 MBEDTLS_TEST_OPAQUE_DRIVER_ID,
75 MBEDTLS_TEST_TRANSPARENT_DRIVER_ID,
76 P256_TRANSPARENT_DRIVER_ID,
77 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
78 PSA_CRYPTO_TFM_BUILTIN_KEY_LOADER_DRIVER_ID,
79 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
80 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
81 PSA_CRYPTO_CC3XX_DRIVER_ID,
82 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
83 };
84
85 /* END-driver id */
86
87 /* BEGIN-Common Macro definitions */
88
89 /* END-Common Macro definitions */
90
91 /* Support the 'old' SE interface when asked to */
92 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
93 /* PSA_CRYPTO_DRIVER_PRESENT is defined when either a new-style or old-style
94 * SE driver is present, to avoid unused argument errors at compile time. */
95 #ifndef PSA_CRYPTO_DRIVER_PRESENT
96 #define PSA_CRYPTO_DRIVER_PRESENT
97 #endif
98 #include "psa_crypto_se.h"
99 #endif
100
psa_driver_wrapper_init(void)101 static inline psa_status_t psa_driver_wrapper_init( void )
102 {
103 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
104
105 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
106 status = tfm_builtin_key_loader_init();
107 if (status != PSA_SUCCESS)
108 return ( status );
109 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
110
111 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
112 status = psa_init_all_se_drivers( );
113 if( status != PSA_SUCCESS )
114 return( status );
115 #endif
116
117 #if defined(PSA_CRYPTO_DRIVER_TEST)
118 status = mbedtls_test_transparent_init( );
119 if( status != PSA_SUCCESS )
120 return( status );
121
122 status = mbedtls_test_opaque_init( );
123 if( status != PSA_SUCCESS )
124 return( status );
125 #endif
126
127 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
128 status = cc3xx_init();
129 if (status != PSA_SUCCESS)
130 return ( status );
131 #endif
132
133 (void) status;
134 return( PSA_SUCCESS );
135 }
136
psa_driver_wrapper_free(void)137 static inline void psa_driver_wrapper_free( void )
138 {
139 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
140 /* Unregister all secure element drivers, so that we restart from
141 * a pristine state. */
142 psa_unregister_all_se_drivers( );
143 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
144
145 #if defined(PSA_CRYPTO_DRIVER_TEST)
146 mbedtls_test_transparent_free( );
147 mbedtls_test_opaque_free( );
148 #endif
149
150 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
151 (void)cc3xx_free();
152 #endif
153 }
154
155 /* Start delegation functions */
psa_driver_wrapper_sign_message(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * input,size_t input_length,uint8_t * signature,size_t signature_size,size_t * signature_length)156 static inline psa_status_t psa_driver_wrapper_sign_message(
157 const psa_key_attributes_t *attributes,
158 const uint8_t *key_buffer,
159 size_t key_buffer_size,
160 psa_algorithm_t alg,
161 const uint8_t *input,
162 size_t input_length,
163 uint8_t *signature,
164 size_t signature_size,
165 size_t *signature_length )
166 {
167 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
168 psa_key_location_t location =
169 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
170
171 switch( location )
172 {
173 case PSA_KEY_LOCATION_LOCAL_STORAGE:
174 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
175 case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
176 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
177 /* Key is stored in the slot in export representation, so
178 * cycle through all known transparent accelerators */
179 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
180 #if defined(PSA_CRYPTO_DRIVER_TEST)
181 status = mbedtls_test_transparent_signature_sign_message(
182 attributes,
183 key_buffer,
184 key_buffer_size,
185 alg,
186 input,
187 input_length,
188 signature,
189 signature_size,
190 signature_length );
191 /* Declared with fallback == true */
192 if( status != PSA_ERROR_NOT_SUPPORTED )
193 return( status );
194 #endif /* PSA_CRYPTO_DRIVER_TEST */
195 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
196 status = cc3xx_sign_message(
197 attributes,
198 key_buffer,
199 key_buffer_size,
200 alg,
201 input,
202 input_length,
203 signature,
204 signature_size,
205 signature_length );
206 return( status );
207 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
208 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
209 return( psa_sign_message_builtin( attributes,
210 key_buffer,
211 key_buffer_size,
212 alg,
213 input,
214 input_length,
215 signature,
216 signature_size,
217 signature_length ) );
218 break;
219
220 /* Add cases for opaque driver here */
221 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
222 #if defined(PSA_CRYPTO_DRIVER_TEST)
223 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
224 status = mbedtls_test_opaque_signature_sign_message(
225 attributes,
226 key_buffer,
227 key_buffer_size,
228 alg,
229 input,
230 input_length,
231 signature,
232 signature_size,
233 signature_length );
234 if( status != PSA_ERROR_NOT_SUPPORTED )
235 return( status );
236 break;
237 #endif /* PSA_CRYPTO_DRIVER_TEST */
238 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
239 default:
240 /* Key is declared with a lifetime not known to us */
241 (void)status;
242 return( PSA_ERROR_INVALID_ARGUMENT );
243 }
244 }
245
psa_driver_wrapper_verify_message(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * input,size_t input_length,const uint8_t * signature,size_t signature_length)246 static inline psa_status_t psa_driver_wrapper_verify_message(
247 const psa_key_attributes_t *attributes,
248 const uint8_t *key_buffer,
249 size_t key_buffer_size,
250 psa_algorithm_t alg,
251 const uint8_t *input,
252 size_t input_length,
253 const uint8_t *signature,
254 size_t signature_length )
255 {
256 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
257 psa_key_location_t location =
258 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
259
260 switch( location )
261 {
262 case PSA_KEY_LOCATION_LOCAL_STORAGE:
263 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
264 case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
265 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
266 /* Key is stored in the slot in export representation, so
267 * cycle through all known transparent accelerators */
268 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
269 #if defined(PSA_CRYPTO_DRIVER_TEST)
270 status = mbedtls_test_transparent_signature_verify_message(
271 attributes,
272 key_buffer,
273 key_buffer_size,
274 alg,
275 input,
276 input_length,
277 signature,
278 signature_length );
279 /* Declared with fallback == true */
280 if( status != PSA_ERROR_NOT_SUPPORTED )
281 return( status );
282 #endif /* PSA_CRYPTO_DRIVER_TEST */
283 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
284 status = cc3xx_verify_message(
285 attributes,
286 key_buffer,
287 key_buffer_size,
288 alg,
289 input,
290 input_length,
291 signature,
292 signature_length );
293 return( status );
294 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
295 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
296 return( psa_verify_message_builtin( attributes,
297 key_buffer,
298 key_buffer_size,
299 alg,
300 input,
301 input_length,
302 signature,
303 signature_length ) );
304
305 /* Add cases for opaque driver here */
306 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
307 #if defined(PSA_CRYPTO_DRIVER_TEST)
308 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
309 return( mbedtls_test_opaque_signature_verify_message(
310 attributes,
311 key_buffer,
312 key_buffer_size,
313 alg,
314 input,
315 input_length,
316 signature,
317 signature_length ) );
318 if( status != PSA_ERROR_NOT_SUPPORTED )
319 return( status );
320 break;
321 #endif /* PSA_CRYPTO_DRIVER_TEST */
322 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
323 default:
324 /* Key is declared with a lifetime not known to us */
325 (void)status;
326 return( PSA_ERROR_INVALID_ARGUMENT );
327 }
328 }
329
psa_driver_wrapper_sign_hash(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * hash,size_t hash_length,uint8_t * signature,size_t signature_size,size_t * signature_length)330 static inline psa_status_t psa_driver_wrapper_sign_hash(
331 const psa_key_attributes_t *attributes,
332 const uint8_t *key_buffer, size_t key_buffer_size,
333 psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
334 uint8_t *signature, size_t signature_size, size_t *signature_length )
335 {
336 /* Try dynamically-registered SE interface first */
337 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
338 const psa_drv_se_t *drv;
339 psa_drv_se_context_t *drv_context;
340
341 if( psa_get_se_driver( psa_get_key_lifetime(attributes), &drv, &drv_context ) )
342 {
343 if( drv->asymmetric == NULL ||
344 drv->asymmetric->p_sign == NULL )
345 {
346 /* Key is defined in SE, but we have no way to exercise it */
347 return( PSA_ERROR_NOT_SUPPORTED );
348 }
349 return( drv->asymmetric->p_sign(
350 drv_context, *( (psa_key_slot_number_t *)key_buffer ),
351 alg, hash, hash_length,
352 signature, signature_size, signature_length ) );
353 }
354 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
355
356 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
357 psa_key_location_t location =
358 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
359
360 switch( location )
361 {
362 case PSA_KEY_LOCATION_LOCAL_STORAGE:
363 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
364 case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
365 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
366 /* Key is stored in the slot in export representation, so
367 * cycle through all known transparent accelerators */
368 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
369 #if defined(PSA_CRYPTO_DRIVER_TEST)
370 status = mbedtls_test_transparent_signature_sign_hash( attributes,
371 key_buffer,
372 key_buffer_size,
373 alg,
374 hash,
375 hash_length,
376 signature,
377 signature_size,
378 signature_length );
379 /* Declared with fallback == true */
380 if( status != PSA_ERROR_NOT_SUPPORTED )
381 return( status );
382 #endif /* PSA_CRYPTO_DRIVER_TEST */
383 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
384 status = cc3xx_sign_hash( attributes,
385 key_buffer,
386 key_buffer_size,
387 alg,
388 hash,
389 hash_length,
390 signature,
391 signature_size,
392 signature_length );
393 return( status );
394 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
395 #if defined (MBEDTLS_PSA_P256M_DRIVER_ENABLED)
396 if( PSA_KEY_TYPE_IS_ECC( psa_get_key_type(attributes) ) &&
397 PSA_ALG_IS_ECDSA(alg) &&
398 !PSA_ALG_ECDSA_IS_DETERMINISTIC( alg ) &&
399 PSA_KEY_TYPE_ECC_GET_FAMILY(psa_get_key_type(attributes)) == PSA_ECC_FAMILY_SECP_R1 &&
400 psa_get_key_bits(attributes) == 256 )
401 {
402 status = p256_transparent_sign_hash( attributes,
403 key_buffer,
404 key_buffer_size,
405 alg,
406 hash,
407 hash_length,
408 signature,
409 signature_size,
410 signature_length );
411 if( status != PSA_ERROR_NOT_SUPPORTED )
412 return( status );
413 }
414 #endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */
415 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
416 /* Fell through, meaning no accelerator supports this operation */
417 return( psa_sign_hash_builtin( attributes,
418 key_buffer,
419 key_buffer_size,
420 alg,
421 hash,
422 hash_length,
423 signature,
424 signature_size,
425 signature_length ) );
426
427 /* Add cases for opaque driver here */
428 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
429 #if defined(PSA_CRYPTO_DRIVER_TEST)
430 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
431 return( mbedtls_test_opaque_signature_sign_hash( attributes,
432 key_buffer,
433 key_buffer_size,
434 alg,
435 hash,
436 hash_length,
437 signature,
438 signature_size,
439 signature_length ) );
440 #endif /* PSA_CRYPTO_DRIVER_TEST */
441 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
442 default:
443 /* Key is declared with a lifetime not known to us */
444 (void)status;
445 return( PSA_ERROR_INVALID_ARGUMENT );
446 }
447 }
448
psa_driver_wrapper_verify_hash(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * hash,size_t hash_length,const uint8_t * signature,size_t signature_length)449 static inline psa_status_t psa_driver_wrapper_verify_hash(
450 const psa_key_attributes_t *attributes,
451 const uint8_t *key_buffer, size_t key_buffer_size,
452 psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
453 const uint8_t *signature, size_t signature_length )
454 {
455 /* Try dynamically-registered SE interface first */
456 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
457 const psa_drv_se_t *drv;
458 psa_drv_se_context_t *drv_context;
459
460 if( psa_get_se_driver( psa_get_key_lifetime(attributes), &drv, &drv_context ) )
461 {
462 if( drv->asymmetric == NULL ||
463 drv->asymmetric->p_verify == NULL )
464 {
465 /* Key is defined in SE, but we have no way to exercise it */
466 return( PSA_ERROR_NOT_SUPPORTED );
467 }
468 return( drv->asymmetric->p_verify(
469 drv_context, *( (psa_key_slot_number_t *)key_buffer ),
470 alg, hash, hash_length,
471 signature, signature_length ) );
472 }
473 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
474
475 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
476 psa_key_location_t location =
477 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
478
479 switch( location )
480 {
481 case PSA_KEY_LOCATION_LOCAL_STORAGE:
482 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
483 case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
484 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
485 /* Key is stored in the slot in export representation, so
486 * cycle through all known transparent accelerators */
487 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
488 #if defined(PSA_CRYPTO_DRIVER_TEST)
489 status = mbedtls_test_transparent_signature_verify_hash(
490 attributes,
491 key_buffer,
492 key_buffer_size,
493 alg,
494 hash,
495 hash_length,
496 signature,
497 signature_length );
498 /* Declared with fallback == true */
499 if( status != PSA_ERROR_NOT_SUPPORTED )
500 return( status );
501 #endif /* PSA_CRYPTO_DRIVER_TEST */
502 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
503 status = cc3xx_verify_hash( attributes,
504 key_buffer,
505 key_buffer_size,
506 alg,
507 hash,
508 hash_length,
509 signature,
510 signature_length );
511 return( status );
512 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
513 #if defined (MBEDTLS_PSA_P256M_DRIVER_ENABLED)
514 if( PSA_KEY_TYPE_IS_ECC( psa_get_key_type(attributes) ) &&
515 PSA_ALG_IS_ECDSA(alg) &&
516 !PSA_ALG_ECDSA_IS_DETERMINISTIC( alg ) &&
517 PSA_KEY_TYPE_ECC_GET_FAMILY(psa_get_key_type(attributes)) == PSA_ECC_FAMILY_SECP_R1 &&
518 psa_get_key_bits(attributes) == 256 )
519 {
520 status = p256_transparent_verify_hash( attributes,
521 key_buffer,
522 key_buffer_size,
523 alg,
524 hash,
525 hash_length,
526 signature,
527 signature_length );
528 if( status != PSA_ERROR_NOT_SUPPORTED )
529 return( status );
530 }
531 #endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */
532 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
533
534 return( psa_verify_hash_builtin( attributes,
535 key_buffer,
536 key_buffer_size,
537 alg,
538 hash,
539 hash_length,
540 signature,
541 signature_length ) );
542
543 /* Add cases for opaque driver here */
544 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
545 #if defined(PSA_CRYPTO_DRIVER_TEST)
546 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
547 return( mbedtls_test_opaque_signature_verify_hash( attributes,
548 key_buffer,
549 key_buffer_size,
550 alg,
551 hash,
552 hash_length,
553 signature,
554 signature_length ) );
555 #endif /* PSA_CRYPTO_DRIVER_TEST */
556 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
557 default:
558 /* Key is declared with a lifetime not known to us */
559 (void)status;
560 return( PSA_ERROR_INVALID_ARGUMENT );
561 }
562 }
563
psa_driver_wrapper_sign_hash_get_num_ops(psa_sign_hash_interruptible_operation_t * operation)564 static inline uint32_t psa_driver_wrapper_sign_hash_get_num_ops(
565 psa_sign_hash_interruptible_operation_t *operation )
566 {
567 switch( operation->id )
568 {
569 /* If uninitialised, return 0, as no work can have been done. */
570 case 0:
571 return 0;
572
573 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
574 return(mbedtls_psa_sign_hash_get_num_ops(&operation->ctx.mbedtls_ctx));
575
576 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
577 #if defined(PSA_CRYPTO_DRIVER_TEST)
578 /* Add test driver tests here */
579
580 #endif /* PSA_CRYPTO_DRIVER_TEST */
581 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
582 }
583
584 /* Can't happen (see discussion in #8271) */
585 return 0;
586 }
587
psa_driver_wrapper_verify_hash_get_num_ops(psa_verify_hash_interruptible_operation_t * operation)588 static inline uint32_t psa_driver_wrapper_verify_hash_get_num_ops(
589 psa_verify_hash_interruptible_operation_t *operation )
590 {
591 switch( operation->id )
592 {
593 /* If uninitialised, return 0, as no work can have been done. */
594 case 0:
595 return 0;
596
597 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
598 return (mbedtls_psa_verify_hash_get_num_ops(&operation->ctx.mbedtls_ctx));
599
600 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
601 #if defined(PSA_CRYPTO_DRIVER_TEST)
602 /* Add test driver tests here */
603
604 #endif /* PSA_CRYPTO_DRIVER_TEST */
605 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
606
607 }
608
609 /* Can't happen (see discussion in #8271) */
610 return 0;
611 }
612
psa_driver_wrapper_sign_hash_start(psa_sign_hash_interruptible_operation_t * operation,const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * hash,size_t hash_length)613 static inline psa_status_t psa_driver_wrapper_sign_hash_start(
614 psa_sign_hash_interruptible_operation_t *operation,
615 const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
616 size_t key_buffer_size, psa_algorithm_t alg,
617 const uint8_t *hash, size_t hash_length )
618 {
619 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
620 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
621 psa_get_key_lifetime(attributes) );
622
623 switch( location )
624 {
625 case PSA_KEY_LOCATION_LOCAL_STORAGE:
626 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
627 case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
628 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
629 /* Key is stored in the slot in export representation, so
630 * cycle through all known transparent accelerators */
631
632 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
633 #if defined(PSA_CRYPTO_DRIVER_TEST)
634
635 /* Add test driver tests here */
636
637 /* Declared with fallback == true */
638
639 #endif /* PSA_CRYPTO_DRIVER_TEST */
640 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
641
642 /* Fell through, meaning no accelerator supports this operation */
643 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
644 status = mbedtls_psa_sign_hash_start( &operation->ctx.mbedtls_ctx,
645 attributes,
646 key_buffer, key_buffer_size,
647 alg, hash, hash_length );
648 break;
649
650 /* Add cases for opaque driver here */
651
652 default:
653 /* Key is declared with a lifetime not known to us */
654 status = PSA_ERROR_INVALID_ARGUMENT;
655 break;
656 }
657
658 return( status );
659 }
660
psa_driver_wrapper_sign_hash_complete(psa_sign_hash_interruptible_operation_t * operation,uint8_t * signature,size_t signature_size,size_t * signature_length)661 static inline psa_status_t psa_driver_wrapper_sign_hash_complete(
662 psa_sign_hash_interruptible_operation_t *operation,
663 uint8_t *signature, size_t signature_size,
664 size_t *signature_length )
665 {
666 switch( operation->id )
667 {
668 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
669 return( mbedtls_psa_sign_hash_complete( &operation->ctx.mbedtls_ctx,
670 signature, signature_size,
671 signature_length ) );
672
673 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
674 #if defined(PSA_CRYPTO_DRIVER_TEST)
675 /* Add test driver tests here */
676
677 #endif /* PSA_CRYPTO_DRIVER_TEST */
678 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
679 }
680
681 ( void ) signature;
682 ( void ) signature_size;
683 ( void ) signature_length;
684
685 return( PSA_ERROR_INVALID_ARGUMENT );
686 }
687
psa_driver_wrapper_sign_hash_abort(psa_sign_hash_interruptible_operation_t * operation)688 static inline psa_status_t psa_driver_wrapper_sign_hash_abort(
689 psa_sign_hash_interruptible_operation_t *operation )
690 {
691 switch( operation->id )
692 {
693 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
694 return( mbedtls_psa_sign_hash_abort( &operation->ctx.mbedtls_ctx ) );
695
696 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
697 #if defined(PSA_CRYPTO_DRIVER_TEST)
698 /* Add test driver tests here */
699
700 #endif /* PSA_CRYPTO_DRIVER_TEST */
701 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
702 }
703
704 return( PSA_ERROR_INVALID_ARGUMENT );
705 }
706
psa_driver_wrapper_verify_hash_start(psa_verify_hash_interruptible_operation_t * operation,const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * hash,size_t hash_length,const uint8_t * signature,size_t signature_length)707 static inline psa_status_t psa_driver_wrapper_verify_hash_start(
708 psa_verify_hash_interruptible_operation_t *operation,
709 const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
710 size_t key_buffer_size, psa_algorithm_t alg,
711 const uint8_t *hash, size_t hash_length,
712 const uint8_t *signature, size_t signature_length )
713 {
714 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
715 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
716 psa_get_key_lifetime(attributes) );
717
718 switch( location )
719 {
720 case PSA_KEY_LOCATION_LOCAL_STORAGE:
721 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
722 case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
723 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
724 /* Key is stored in the slot in export representation, so
725 * cycle through all known transparent accelerators */
726
727 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
728 #if defined(PSA_CRYPTO_DRIVER_TEST)
729
730 /* Add test driver tests here */
731
732 /* Declared with fallback == true */
733
734 #endif /* PSA_CRYPTO_DRIVER_TEST */
735 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
736
737 /* Fell through, meaning no accelerator supports this operation */
738 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
739 status = mbedtls_psa_verify_hash_start( &operation->ctx.mbedtls_ctx,
740 attributes,
741 key_buffer, key_buffer_size,
742 alg, hash, hash_length,
743 signature, signature_length );
744 break;
745
746 /* Add cases for opaque driver here */
747
748 default:
749 /* Key is declared with a lifetime not known to us */
750 status = PSA_ERROR_INVALID_ARGUMENT;
751 break;
752 }
753
754 return( status );
755 }
756
psa_driver_wrapper_verify_hash_complete(psa_verify_hash_interruptible_operation_t * operation)757 static inline psa_status_t psa_driver_wrapper_verify_hash_complete(
758 psa_verify_hash_interruptible_operation_t *operation )
759 {
760 switch( operation->id )
761 {
762 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
763 return( mbedtls_psa_verify_hash_complete(
764 &operation->ctx.mbedtls_ctx
765 ) );
766
767 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
768 #if defined(PSA_CRYPTO_DRIVER_TEST)
769 /* Add test driver tests here */
770
771 #endif /* PSA_CRYPTO_DRIVER_TEST */
772 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
773 }
774
775 return( PSA_ERROR_INVALID_ARGUMENT );
776 }
777
psa_driver_wrapper_verify_hash_abort(psa_verify_hash_interruptible_operation_t * operation)778 static inline psa_status_t psa_driver_wrapper_verify_hash_abort(
779 psa_verify_hash_interruptible_operation_t *operation )
780 {
781 switch( operation->id )
782 {
783 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
784 return( mbedtls_psa_verify_hash_abort( &operation->ctx.mbedtls_ctx
785 ) );
786
787 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
788 #if defined(PSA_CRYPTO_DRIVER_TEST)
789 /* Add test driver tests here */
790
791 #endif /* PSA_CRYPTO_DRIVER_TEST */
792 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
793 }
794
795 return( PSA_ERROR_INVALID_ARGUMENT );
796 }
797
798 /** Calculate the key buffer size required to store the key material of a key
799 * associated with an opaque driver from input key data.
800 *
801 * \param[in] attributes The key attributes
802 * \param[in] data The input key data.
803 * \param[in] data_length The input data length.
804 * \param[out] key_buffer_size Minimum buffer size to contain the key material.
805 *
806 * \retval #PSA_SUCCESS \emptydescription
807 * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
808 * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
809 */
psa_driver_wrapper_get_key_buffer_size_from_key_data(const psa_key_attributes_t * attributes,const uint8_t * data,size_t data_length,size_t * key_buffer_size)810 static inline psa_status_t psa_driver_wrapper_get_key_buffer_size_from_key_data(
811 const psa_key_attributes_t *attributes,
812 const uint8_t *data,
813 size_t data_length,
814 size_t *key_buffer_size )
815 {
816 psa_key_location_t location =
817 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
818 psa_key_type_t key_type = psa_get_key_type(attributes);
819
820 *key_buffer_size = 0;
821 switch( location )
822 {
823 #if defined(PSA_CRYPTO_DRIVER_TEST)
824 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
825 *key_buffer_size = mbedtls_test_opaque_size_function( key_type,
826 PSA_BYTES_TO_BITS( data_length ) );
827 return( ( *key_buffer_size != 0 ) ?
828 PSA_SUCCESS : PSA_ERROR_NOT_SUPPORTED );
829 #endif /* PSA_CRYPTO_DRIVER_TEST */
830
831 default:
832 (void)key_type;
833 (void)data;
834 (void)data_length;
835 return( PSA_ERROR_INVALID_ARGUMENT );
836 }
837 }
838
psa_driver_wrapper_generate_key(const psa_key_attributes_t * attributes,const psa_custom_key_parameters_t * custom,const uint8_t * custom_data,size_t custom_data_length,uint8_t * key_buffer,size_t key_buffer_size,size_t * key_buffer_length)839 static inline psa_status_t psa_driver_wrapper_generate_key(
840 const psa_key_attributes_t *attributes,
841 const psa_custom_key_parameters_t *custom,
842 const uint8_t *custom_data, size_t custom_data_length,
843 uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
844 {
845 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
846 psa_key_location_t location =
847 PSA_KEY_LIFETIME_GET_LOCATION(psa_get_key_lifetime(attributes));
848
849 #if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE)
850 int is_default_production =
851 psa_custom_key_parameters_are_default(custom, custom_data_length);
852 if( location != PSA_KEY_LOCATION_LOCAL_STORAGE && !is_default_production )
853 {
854 /* We don't support passing custom production parameters
855 * to drivers yet. */
856 return PSA_ERROR_NOT_SUPPORTED;
857 }
858 #else
859 int is_default_production = 1;
860 (void) is_default_production;
861 #endif
862
863 /* Try dynamically-registered SE interface first */
864 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
865 const psa_drv_se_t *drv;
866 psa_drv_se_context_t *drv_context;
867
868 if( psa_get_se_driver( psa_get_key_lifetime(attributes), &drv, &drv_context ) )
869 {
870 size_t pubkey_length = 0; /* We don't support this feature yet */
871 if( drv->key_management == NULL ||
872 drv->key_management->p_generate == NULL )
873 {
874 /* Key is defined as being in SE, but we have no way to generate it */
875 return( PSA_ERROR_NOT_SUPPORTED );
876 }
877 return( drv->key_management->p_generate(
878 drv_context,
879 *( (psa_key_slot_number_t *)key_buffer ),
880 attributes, NULL, 0, &pubkey_length ) );
881 }
882 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
883
884 switch( location )
885 {
886 case PSA_KEY_LOCATION_LOCAL_STORAGE:
887 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
888 case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
889 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
890 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
891 /* Transparent drivers are limited to generating asymmetric keys. */
892 /* We don't support passing custom production parameters
893 * to drivers yet. */
894 if( PSA_KEY_TYPE_IS_ASYMMETRIC( psa_get_key_type(attributes) ) &&
895 is_default_production )
896 {
897 /* Cycle through all known transparent accelerators */
898 #if defined(PSA_CRYPTO_DRIVER_TEST)
899 status = mbedtls_test_transparent_generate_key(
900 attributes, key_buffer, key_buffer_size,
901 key_buffer_length );
902 /* Declared with fallback == true */
903 if( status != PSA_ERROR_NOT_SUPPORTED )
904 break;
905 #endif /* PSA_CRYPTO_DRIVER_TEST */
906 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
907 status = cc3xx_generate_key(
908 attributes, key_buffer, key_buffer_size,
909 key_buffer_length );
910 break;
911 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
912 #if defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED)
913 if( PSA_KEY_TYPE_IS_ECC( psa_get_key_type(attributes) ) &&
914 psa_get_key_type(attributes) == PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1) &&
915 psa_get_key_bits(attributes) == 256 )
916 {
917 status = p256_transparent_generate_key( attributes,
918 key_buffer,
919 key_buffer_size,
920 key_buffer_length );
921 if( status != PSA_ERROR_NOT_SUPPORTED )
922 break;
923 }
924
925 #endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */
926 }
927 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
928
929 /* Software fallback */
930 status = psa_generate_key_internal(
931 attributes, custom, custom_data, custom_data_length,
932 key_buffer, key_buffer_size, key_buffer_length );
933 break;
934
935 /* Add cases for opaque driver here */
936 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
937 #if defined(PSA_CRYPTO_DRIVER_TEST)
938 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
939 status = mbedtls_test_opaque_generate_key(
940 attributes, key_buffer, key_buffer_size, key_buffer_length );
941 break;
942 #endif /* PSA_CRYPTO_DRIVER_TEST */
943 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
944
945 default:
946 /* Key is declared with a lifetime not known to us */
947 status = PSA_ERROR_INVALID_ARGUMENT;
948 break;
949 }
950
951 return( status );
952 }
953
psa_driver_wrapper_import_key(const psa_key_attributes_t * attributes,const uint8_t * data,size_t data_length,uint8_t * key_buffer,size_t key_buffer_size,size_t * key_buffer_length,size_t * bits)954 static inline psa_status_t psa_driver_wrapper_import_key(
955 const psa_key_attributes_t *attributes,
956 const uint8_t *data,
957 size_t data_length,
958 uint8_t *key_buffer,
959 size_t key_buffer_size,
960 size_t *key_buffer_length,
961 size_t *bits )
962 {
963
964 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
965 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
966 psa_get_key_lifetime( attributes ) );
967
968 /* Try dynamically-registered SE interface first */
969 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
970 const psa_drv_se_t *drv;
971 psa_drv_se_context_t *drv_context;
972
973 if( psa_get_se_driver( psa_get_key_lifetime(attributes), &drv, &drv_context ) )
974 {
975 if( drv->key_management == NULL ||
976 drv->key_management->p_import == NULL )
977 return( PSA_ERROR_NOT_SUPPORTED );
978
979 /* The driver should set the number of key bits, however in
980 * case it doesn't, we initialize bits to an invalid value. */
981 *bits = PSA_MAX_KEY_BITS + 1;
982 status = drv->key_management->p_import(
983 drv_context,
984 *( (psa_key_slot_number_t *)key_buffer ),
985 attributes, data, data_length, bits );
986
987 if( status != PSA_SUCCESS )
988 return( status );
989
990 if( (*bits) > PSA_MAX_KEY_BITS )
991 return( PSA_ERROR_NOT_SUPPORTED );
992
993 return( PSA_SUCCESS );
994 }
995 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
996
997 switch( location )
998 {
999 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1000 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
1001 case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
1002 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
1003 /* Key is stored in the slot in export representation, so
1004 * cycle through all known transparent accelerators */
1005 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1006
1007 #if (defined(PSA_CRYPTO_DRIVER_TEST) )
1008 status = mbedtls_test_transparent_import_key
1009 (attributes,
1010 data,
1011 data_length,
1012 key_buffer,
1013 key_buffer_size,
1014 key_buffer_length,
1015 bits
1016 );
1017
1018 if( status != PSA_ERROR_NOT_SUPPORTED )
1019 return( status );
1020 #endif
1021
1022 #if (defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED) )
1023 status = p256_transparent_import_key
1024 (attributes,
1025 data,
1026 data_length,
1027 key_buffer,
1028 key_buffer_size,
1029 key_buffer_length,
1030 bits
1031 );
1032
1033 if( status != PSA_ERROR_NOT_SUPPORTED )
1034 return( status );
1035 #endif
1036
1037
1038 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1039
1040 /* Fell through, meaning no accelerator supports this operation */
1041 return( psa_import_key_into_slot( attributes,
1042 data, data_length,
1043 key_buffer, key_buffer_size,
1044 key_buffer_length, bits ) );
1045 /* Add cases for opaque driver here */
1046 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1047
1048 #if (defined(PSA_CRYPTO_DRIVER_TEST) )
1049 case 0x7fffff:
1050 return( mbedtls_test_opaque_import_key
1051 (attributes,
1052 data,
1053 data_length,
1054 key_buffer,
1055 key_buffer_size,
1056 key_buffer_length,
1057 bits
1058 ));
1059 #endif
1060
1061
1062 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1063 default:
1064 (void)status;
1065 return( PSA_ERROR_INVALID_ARGUMENT );
1066 }
1067
1068 }
1069
psa_driver_wrapper_export_key(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,uint8_t * data,size_t data_size,size_t * data_length)1070 static inline psa_status_t psa_driver_wrapper_export_key(
1071 const psa_key_attributes_t *attributes,
1072 const uint8_t *key_buffer, size_t key_buffer_size,
1073 uint8_t *data, size_t data_size, size_t *data_length )
1074
1075 {
1076
1077 psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
1078 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
1079 psa_get_key_lifetime( attributes ) );
1080
1081 /* Try dynamically-registered SE interface first */
1082 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
1083 const psa_drv_se_t *drv;
1084 psa_drv_se_context_t *drv_context;
1085
1086 if( psa_get_se_driver( psa_get_key_lifetime(attributes), &drv, &drv_context ) )
1087 {
1088 if( ( drv->key_management == NULL ) ||
1089 ( drv->key_management->p_export == NULL ) )
1090 {
1091 return( PSA_ERROR_NOT_SUPPORTED );
1092 }
1093
1094 return( drv->key_management->p_export(
1095 drv_context,
1096 *( (psa_key_slot_number_t *)key_buffer ),
1097 data, data_size, data_length ) );
1098 }
1099 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
1100
1101 switch( location )
1102 {
1103 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1104 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
1105 case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
1106 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
1107 return( psa_export_key_internal( attributes,
1108 key_buffer,
1109 key_buffer_size,
1110 data,
1111 data_size,
1112 data_length ) );
1113
1114 /* Add cases for opaque driver here */
1115 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1116
1117 #if (defined(PSA_CRYPTO_DRIVER_TEST) )
1118 case 0x7fffff:
1119 return( mbedtls_test_opaque_export_key
1120 (attributes,
1121 key_buffer,
1122 key_buffer_size,
1123 data,
1124 data_size,
1125 data_length
1126 ));
1127 #endif
1128
1129
1130 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1131 default:
1132 /* Key is declared with a lifetime not known to us */
1133 return( status );
1134 }
1135
1136 }
1137
psa_driver_wrapper_copy_key(psa_key_attributes_t * attributes,const uint8_t * source_key,size_t source_key_length,uint8_t * target_key_buffer,size_t target_key_buffer_size,size_t * target_key_buffer_length)1138 static inline psa_status_t psa_driver_wrapper_copy_key(
1139 psa_key_attributes_t *attributes,
1140 const uint8_t *source_key, size_t source_key_length,
1141 uint8_t *target_key_buffer, size_t target_key_buffer_size,
1142 size_t *target_key_buffer_length )
1143 {
1144
1145 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1146 psa_key_location_t location =
1147 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
1148
1149 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
1150 const psa_drv_se_t *drv;
1151 psa_drv_se_context_t *drv_context;
1152
1153 if( psa_get_se_driver( psa_get_key_lifetime(attributes), &drv, &drv_context ) )
1154 {
1155 /* Copying to a secure element is not implemented yet. */
1156 return( PSA_ERROR_NOT_SUPPORTED );
1157 }
1158 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
1159
1160 switch( location )
1161 {
1162 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1163
1164 #if (defined(PSA_CRYPTO_DRIVER_TEST) )
1165 case 0x7fffff:
1166 return( mbedtls_test_opaque_copy_key
1167 (attributes,
1168 source_key,
1169 source_key_length,
1170 target_key_buffer,
1171 target_key_buffer_size,
1172 target_key_buffer_length
1173 ));
1174 #endif
1175
1176
1177 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1178 default:
1179 (void)source_key;
1180 (void)source_key_length;
1181 (void)target_key_buffer;
1182 (void)target_key_buffer_size;
1183 (void)target_key_buffer_length;
1184 status = PSA_ERROR_INVALID_ARGUMENT;
1185 }
1186 return( status );
1187
1188 }
1189
1190 /*
1191 * Cipher functions
1192 */
psa_driver_wrapper_cipher_encrypt(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * iv,size_t iv_length,const uint8_t * input,size_t input_length,uint8_t * output,size_t output_size,size_t * output_length)1193 static inline psa_status_t psa_driver_wrapper_cipher_encrypt(
1194 const psa_key_attributes_t *attributes,
1195 const uint8_t *key_buffer,
1196 size_t key_buffer_size,
1197 psa_algorithm_t alg,
1198 const uint8_t *iv,
1199 size_t iv_length,
1200 const uint8_t *input,
1201 size_t input_length,
1202 uint8_t *output,
1203 size_t output_size,
1204 size_t *output_length )
1205 {
1206 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1207 psa_key_location_t location =
1208 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
1209
1210 switch( location )
1211 {
1212 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1213 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
1214 case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
1215 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
1216 /* Key is stored in the slot in export representation, so
1217 * cycle through all known transparent accelerators */
1218 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1219 #if defined(PSA_CRYPTO_DRIVER_TEST)
1220 status = mbedtls_test_transparent_cipher_encrypt( attributes,
1221 key_buffer,
1222 key_buffer_size,
1223 alg,
1224 iv,
1225 iv_length,
1226 input,
1227 input_length,
1228 output,
1229 output_size,
1230 output_length );
1231 /* Declared with fallback == true */
1232 if( status != PSA_ERROR_NOT_SUPPORTED )
1233 return( status );
1234 #endif /* PSA_CRYPTO_DRIVER_TEST */
1235 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
1236 status = cc3xx_cipher_encrypt( attributes,
1237 key_buffer,
1238 key_buffer_size,
1239 alg,
1240 iv,
1241 iv_length,
1242 input,
1243 input_length,
1244 output,
1245 output_size,
1246 output_length );
1247 return( status );
1248 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
1249 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1250
1251 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1252 return( mbedtls_psa_cipher_encrypt( attributes,
1253 key_buffer,
1254 key_buffer_size,
1255 alg,
1256 iv,
1257 iv_length,
1258 input,
1259 input_length,
1260 output,
1261 output_size,
1262 output_length ) );
1263 #else
1264 return( PSA_ERROR_NOT_SUPPORTED );
1265 #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1266
1267 /* Add cases for opaque driver here */
1268 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1269 #if defined(PSA_CRYPTO_DRIVER_TEST)
1270 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
1271 return( mbedtls_test_opaque_cipher_encrypt( attributes,
1272 key_buffer,
1273 key_buffer_size,
1274 alg,
1275 iv,
1276 iv_length,
1277 input,
1278 input_length,
1279 output,
1280 output_size,
1281 output_length ) );
1282 #endif /* PSA_CRYPTO_DRIVER_TEST */
1283 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1284
1285 default:
1286 /* Key is declared with a lifetime not known to us */
1287 (void)status;
1288 (void)key_buffer;
1289 (void)key_buffer_size;
1290 (void)alg;
1291 (void)iv;
1292 (void)iv_length;
1293 (void)input;
1294 (void)input_length;
1295 (void)output;
1296 (void)output_size;
1297 (void)output_length;
1298 return( PSA_ERROR_INVALID_ARGUMENT );
1299 }
1300 }
1301
psa_driver_wrapper_cipher_decrypt(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * input,size_t input_length,uint8_t * output,size_t output_size,size_t * output_length)1302 static inline psa_status_t psa_driver_wrapper_cipher_decrypt(
1303 const psa_key_attributes_t *attributes,
1304 const uint8_t *key_buffer,
1305 size_t key_buffer_size,
1306 psa_algorithm_t alg,
1307 const uint8_t *input,
1308 size_t input_length,
1309 uint8_t *output,
1310 size_t output_size,
1311 size_t *output_length )
1312 {
1313 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1314 psa_key_location_t location =
1315 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
1316
1317 switch( location )
1318 {
1319 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1320 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
1321 case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
1322 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
1323 /* Key is stored in the slot in export representation, so
1324 * cycle through all known transparent accelerators */
1325 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1326 #if defined(PSA_CRYPTO_DRIVER_TEST)
1327 status = mbedtls_test_transparent_cipher_decrypt( attributes,
1328 key_buffer,
1329 key_buffer_size,
1330 alg,
1331 input,
1332 input_length,
1333 output,
1334 output_size,
1335 output_length );
1336 /* Declared with fallback == true */
1337 if( status != PSA_ERROR_NOT_SUPPORTED )
1338 return( status );
1339 #endif /* PSA_CRYPTO_DRIVER_TEST */
1340 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
1341 status = cc3xx_cipher_decrypt( attributes,
1342 key_buffer,
1343 key_buffer_size,
1344 alg,
1345 input,
1346 input_length,
1347 output,
1348 output_size,
1349 output_length );
1350 return( status );
1351 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
1352 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1353
1354 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1355 return( mbedtls_psa_cipher_decrypt( attributes,
1356 key_buffer,
1357 key_buffer_size,
1358 alg,
1359 input,
1360 input_length,
1361 output,
1362 output_size,
1363 output_length ) );
1364 #else
1365 return( PSA_ERROR_NOT_SUPPORTED );
1366 #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1367
1368 /* Add cases for opaque driver here */
1369 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1370 #if defined(PSA_CRYPTO_DRIVER_TEST)
1371 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
1372 return( mbedtls_test_opaque_cipher_decrypt( attributes,
1373 key_buffer,
1374 key_buffer_size,
1375 alg,
1376 input,
1377 input_length,
1378 output,
1379 output_size,
1380 output_length ) );
1381 #endif /* PSA_CRYPTO_DRIVER_TEST */
1382 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1383
1384 default:
1385 /* Key is declared with a lifetime not known to us */
1386 (void)status;
1387 (void)key_buffer;
1388 (void)key_buffer_size;
1389 (void)alg;
1390 (void)input;
1391 (void)input_length;
1392 (void)output;
1393 (void)output_size;
1394 (void)output_length;
1395 return( PSA_ERROR_INVALID_ARGUMENT );
1396 }
1397 }
1398
psa_driver_wrapper_cipher_encrypt_setup(psa_cipher_operation_t * operation,const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg)1399 static inline psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
1400 psa_cipher_operation_t *operation,
1401 const psa_key_attributes_t *attributes,
1402 const uint8_t *key_buffer, size_t key_buffer_size,
1403 psa_algorithm_t alg )
1404 {
1405 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1406 psa_key_location_t location =
1407 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
1408
1409 switch( location )
1410 {
1411 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1412 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
1413 case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
1414 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
1415 /* Key is stored in the slot in export representation, so
1416 * cycle through all known transparent accelerators */
1417 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1418 #if defined(PSA_CRYPTO_DRIVER_TEST)
1419 status = mbedtls_test_transparent_cipher_encrypt_setup(
1420 &operation->ctx.transparent_test_driver_ctx,
1421 attributes,
1422 key_buffer,
1423 key_buffer_size,
1424 alg );
1425 /* Declared with fallback == true */
1426 if( status == PSA_SUCCESS )
1427 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
1428
1429 if( status != PSA_ERROR_NOT_SUPPORTED )
1430 return( status );
1431 #endif /* PSA_CRYPTO_DRIVER_TEST */
1432 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
1433 status = cc3xx_cipher_encrypt_setup(
1434 &operation->ctx.cc3xx_driver_ctx,
1435 attributes,
1436 key_buffer,
1437 key_buffer_size,
1438 alg );
1439 operation->id = PSA_CRYPTO_CC3XX_DRIVER_ID;
1440 return( status );
1441 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
1442 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1443 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1444 /* Fell through, meaning no accelerator supports this operation */
1445 status = mbedtls_psa_cipher_encrypt_setup( &operation->ctx.mbedtls_ctx,
1446 attributes,
1447 key_buffer,
1448 key_buffer_size,
1449 alg );
1450 if( status == PSA_SUCCESS )
1451 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1452
1453 if( status != PSA_ERROR_NOT_SUPPORTED )
1454 return( status );
1455 #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1456 return( PSA_ERROR_NOT_SUPPORTED );
1457
1458 /* Add cases for opaque driver here */
1459 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1460 #if defined(PSA_CRYPTO_DRIVER_TEST)
1461 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
1462 status = mbedtls_test_opaque_cipher_encrypt_setup(
1463 &operation->ctx.opaque_test_driver_ctx,
1464 attributes,
1465 key_buffer, key_buffer_size,
1466 alg );
1467
1468 if( status == PSA_SUCCESS )
1469 operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID;
1470
1471 return( status );
1472 #endif /* PSA_CRYPTO_DRIVER_TEST */
1473 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1474 default:
1475 /* Key is declared with a lifetime not known to us */
1476 (void)status;
1477 (void)operation;
1478 (void)key_buffer;
1479 (void)key_buffer_size;
1480 (void)alg;
1481 return( PSA_ERROR_INVALID_ARGUMENT );
1482 }
1483 }
1484
psa_driver_wrapper_cipher_decrypt_setup(psa_cipher_operation_t * operation,const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg)1485 static inline psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
1486 psa_cipher_operation_t *operation,
1487 const psa_key_attributes_t *attributes,
1488 const uint8_t *key_buffer, size_t key_buffer_size,
1489 psa_algorithm_t alg )
1490 {
1491 psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
1492 psa_key_location_t location =
1493 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
1494
1495 switch( location )
1496 {
1497 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1498 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
1499 case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
1500 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
1501 /* Key is stored in the slot in export representation, so
1502 * cycle through all known transparent accelerators */
1503 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1504 #if defined(PSA_CRYPTO_DRIVER_TEST)
1505 status = mbedtls_test_transparent_cipher_decrypt_setup(
1506 &operation->ctx.transparent_test_driver_ctx,
1507 attributes,
1508 key_buffer,
1509 key_buffer_size,
1510 alg );
1511 /* Declared with fallback == true */
1512 if( status == PSA_SUCCESS )
1513 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
1514
1515 if( status != PSA_ERROR_NOT_SUPPORTED )
1516 return( status );
1517 #endif /* PSA_CRYPTO_DRIVER_TEST */
1518 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
1519 status = cc3xx_cipher_decrypt_setup(
1520 &operation->ctx.cc3xx_driver_ctx,
1521 attributes,
1522 key_buffer,
1523 key_buffer_size,
1524 alg );
1525 operation->id = PSA_CRYPTO_CC3XX_DRIVER_ID;
1526 return( status );
1527 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
1528 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1529 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1530 /* Fell through, meaning no accelerator supports this operation */
1531 status = mbedtls_psa_cipher_decrypt_setup( &operation->ctx.mbedtls_ctx,
1532 attributes,
1533 key_buffer,
1534 key_buffer_size,
1535 alg );
1536 if( status == PSA_SUCCESS )
1537 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1538
1539 return( status );
1540 #else /* MBEDTLS_PSA_BUILTIN_CIPHER */
1541 return( PSA_ERROR_NOT_SUPPORTED );
1542 #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1543
1544 /* Add cases for opaque driver here */
1545 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1546 #if defined(PSA_CRYPTO_DRIVER_TEST)
1547 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
1548 status = mbedtls_test_opaque_cipher_decrypt_setup(
1549 &operation->ctx.opaque_test_driver_ctx,
1550 attributes,
1551 key_buffer, key_buffer_size,
1552 alg );
1553
1554 if( status == PSA_SUCCESS )
1555 operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID;
1556
1557 return( status );
1558 #endif /* PSA_CRYPTO_DRIVER_TEST */
1559 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1560 default:
1561 /* Key is declared with a lifetime not known to us */
1562 (void)status;
1563 (void)operation;
1564 (void)key_buffer;
1565 (void)key_buffer_size;
1566 (void)alg;
1567 return( PSA_ERROR_INVALID_ARGUMENT );
1568 }
1569 }
1570
psa_driver_wrapper_cipher_set_iv(psa_cipher_operation_t * operation,const uint8_t * iv,size_t iv_length)1571 static inline psa_status_t psa_driver_wrapper_cipher_set_iv(
1572 psa_cipher_operation_t *operation,
1573 const uint8_t *iv,
1574 size_t iv_length )
1575 {
1576 switch( operation->id )
1577 {
1578 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1579 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1580 return( mbedtls_psa_cipher_set_iv( &operation->ctx.mbedtls_ctx,
1581 iv,
1582 iv_length ) );
1583 #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1584
1585 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1586 #if defined(PSA_CRYPTO_DRIVER_TEST)
1587 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1588 return( mbedtls_test_transparent_cipher_set_iv(
1589 &operation->ctx.transparent_test_driver_ctx,
1590 iv, iv_length ) );
1591
1592 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
1593 return( mbedtls_test_opaque_cipher_set_iv(
1594 &operation->ctx.opaque_test_driver_ctx,
1595 iv, iv_length ) );
1596 #endif /* PSA_CRYPTO_DRIVER_TEST */
1597 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
1598 case PSA_CRYPTO_CC3XX_DRIVER_ID:
1599 return( cc3xx_cipher_set_iv(
1600 &operation->ctx.cc3xx_driver_ctx,
1601 iv, iv_length ) );
1602 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
1603 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1604 }
1605
1606 (void)iv;
1607 (void)iv_length;
1608
1609 return( PSA_ERROR_INVALID_ARGUMENT );
1610 }
1611
psa_driver_wrapper_cipher_update(psa_cipher_operation_t * operation,const uint8_t * input,size_t input_length,uint8_t * output,size_t output_size,size_t * output_length)1612 static inline psa_status_t psa_driver_wrapper_cipher_update(
1613 psa_cipher_operation_t *operation,
1614 const uint8_t *input,
1615 size_t input_length,
1616 uint8_t *output,
1617 size_t output_size,
1618 size_t *output_length )
1619 {
1620 switch( operation->id )
1621 {
1622 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1623 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1624 return( mbedtls_psa_cipher_update( &operation->ctx.mbedtls_ctx,
1625 input,
1626 input_length,
1627 output,
1628 output_size,
1629 output_length ) );
1630 #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1631
1632 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1633 #if defined(PSA_CRYPTO_DRIVER_TEST)
1634 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1635 return( mbedtls_test_transparent_cipher_update(
1636 &operation->ctx.transparent_test_driver_ctx,
1637 input, input_length,
1638 output, output_size, output_length ) );
1639
1640 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
1641 return( mbedtls_test_opaque_cipher_update(
1642 &operation->ctx.opaque_test_driver_ctx,
1643 input, input_length,
1644 output, output_size, output_length ) );
1645 #endif /* PSA_CRYPTO_DRIVER_TEST */
1646 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
1647 case PSA_CRYPTO_CC3XX_DRIVER_ID:
1648 return( cc3xx_cipher_update(
1649 &operation->ctx.cc3xx_driver_ctx,
1650 input, input_length,
1651 output, output_size, output_length ) );
1652 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
1653 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1654 }
1655
1656 (void)input;
1657 (void)input_length;
1658 (void)output;
1659 (void)output_size;
1660 (void)output_length;
1661
1662 return( PSA_ERROR_INVALID_ARGUMENT );
1663 }
1664
psa_driver_wrapper_cipher_finish(psa_cipher_operation_t * operation,uint8_t * output,size_t output_size,size_t * output_length)1665 static inline psa_status_t psa_driver_wrapper_cipher_finish(
1666 psa_cipher_operation_t *operation,
1667 uint8_t *output,
1668 size_t output_size,
1669 size_t *output_length )
1670 {
1671 switch( operation->id )
1672 {
1673 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1674 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1675 return( mbedtls_psa_cipher_finish( &operation->ctx.mbedtls_ctx,
1676 output,
1677 output_size,
1678 output_length ) );
1679 #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1680
1681 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1682 #if defined(PSA_CRYPTO_DRIVER_TEST)
1683 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1684 return( mbedtls_test_transparent_cipher_finish(
1685 &operation->ctx.transparent_test_driver_ctx,
1686 output, output_size, output_length ) );
1687
1688 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
1689 return( mbedtls_test_opaque_cipher_finish(
1690 &operation->ctx.opaque_test_driver_ctx,
1691 output, output_size, output_length ) );
1692 #endif /* PSA_CRYPTO_DRIVER_TEST */
1693 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
1694 case PSA_CRYPTO_CC3XX_DRIVER_ID:
1695 return( cc3xx_cipher_finish(
1696 &operation->ctx.cc3xx_driver_ctx,
1697 output, output_size, output_length ) );
1698 #endif /* PSA_CRYPTO_DRIVER_CC3XX*/
1699 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1700 }
1701
1702 (void)output;
1703 (void)output_size;
1704 (void)output_length;
1705
1706 return( PSA_ERROR_INVALID_ARGUMENT );
1707 }
1708
psa_driver_wrapper_cipher_abort(psa_cipher_operation_t * operation)1709 static inline psa_status_t psa_driver_wrapper_cipher_abort(
1710 psa_cipher_operation_t *operation )
1711 {
1712 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1713
1714 switch( operation->id )
1715 {
1716 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1717 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1718 return( mbedtls_psa_cipher_abort( &operation->ctx.mbedtls_ctx ) );
1719 #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1720
1721 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1722 #if defined(PSA_CRYPTO_DRIVER_TEST)
1723 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1724 status = mbedtls_test_transparent_cipher_abort(
1725 &operation->ctx.transparent_test_driver_ctx );
1726 mbedtls_platform_zeroize(
1727 &operation->ctx.transparent_test_driver_ctx,
1728 sizeof( operation->ctx.transparent_test_driver_ctx ) );
1729 return( status );
1730
1731 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
1732 status = mbedtls_test_opaque_cipher_abort(
1733 &operation->ctx.opaque_test_driver_ctx );
1734 mbedtls_platform_zeroize(
1735 &operation->ctx.opaque_test_driver_ctx,
1736 sizeof( operation->ctx.opaque_test_driver_ctx ) );
1737 return( status );
1738 #endif /* PSA_CRYPTO_DRIVER_TEST */
1739 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
1740 case PSA_CRYPTO_CC3XX_DRIVER_ID:
1741 status = cc3xx_cipher_abort(
1742 &operation->ctx.cc3xx_driver_ctx );
1743 mbedtls_platform_zeroize(
1744 &operation->ctx.cc3xx_driver_ctx,
1745 sizeof( operation->ctx.cc3xx_driver_ctx ) );
1746 return( status );
1747 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
1748 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1749 }
1750
1751 (void)status;
1752 return( PSA_ERROR_INVALID_ARGUMENT );
1753 }
1754
1755 /*
1756 * Hashing functions
1757 */
psa_driver_wrapper_hash_compute(psa_algorithm_t alg,const uint8_t * input,size_t input_length,uint8_t * hash,size_t hash_size,size_t * hash_length)1758 static inline psa_status_t psa_driver_wrapper_hash_compute(
1759 psa_algorithm_t alg,
1760 const uint8_t *input,
1761 size_t input_length,
1762 uint8_t *hash,
1763 size_t hash_size,
1764 size_t *hash_length)
1765 {
1766 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1767
1768 /* Try accelerators first */
1769 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1770 #if defined(PSA_CRYPTO_DRIVER_TEST)
1771 status = mbedtls_test_transparent_hash_compute(
1772 alg, input, input_length, hash, hash_size, hash_length );
1773 if( status != PSA_ERROR_NOT_SUPPORTED )
1774 return( status );
1775 #endif /* PSA_CRYPTO_DRIVER_TEST */
1776 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
1777 status = cc3xx_hash_compute(alg, input, input_length, hash, hash_size,
1778 hash_length);
1779 return status;
1780 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
1781 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1782
1783 /* If software fallback is compiled in, try fallback */
1784 #if defined(MBEDTLS_PSA_BUILTIN_HASH)
1785 status = mbedtls_psa_hash_compute( alg, input, input_length,
1786 hash, hash_size, hash_length );
1787 if( status != PSA_ERROR_NOT_SUPPORTED )
1788 return( status );
1789 #endif
1790 (void) status;
1791 (void) alg;
1792 (void) input;
1793 (void) input_length;
1794 (void) hash;
1795 (void) hash_size;
1796 (void) hash_length;
1797
1798 return( PSA_ERROR_NOT_SUPPORTED );
1799 }
1800
psa_driver_wrapper_hash_setup(psa_hash_operation_t * operation,psa_algorithm_t alg)1801 static inline psa_status_t psa_driver_wrapper_hash_setup(
1802 psa_hash_operation_t *operation,
1803 psa_algorithm_t alg )
1804 {
1805 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1806
1807 /* Try setup on accelerators first */
1808 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1809 #if defined(PSA_CRYPTO_DRIVER_TEST)
1810 status = mbedtls_test_transparent_hash_setup(
1811 &operation->ctx.test_driver_ctx, alg );
1812 if( status == PSA_SUCCESS )
1813 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
1814
1815 if( status != PSA_ERROR_NOT_SUPPORTED )
1816 return( status );
1817 #endif /* PSA_CRYPTO_DRIVER_TEST */
1818 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
1819 status = cc3xx_hash_setup(&operation->ctx.cc3xx_driver_ctx, alg);
1820 operation->id = PSA_CRYPTO_CC3XX_DRIVER_ID;
1821 return( status );
1822 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
1823 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1824
1825 /* If software fallback is compiled in, try fallback */
1826 #if defined(MBEDTLS_PSA_BUILTIN_HASH)
1827 status = mbedtls_psa_hash_setup( &operation->ctx.mbedtls_ctx, alg );
1828 if( status == PSA_SUCCESS )
1829 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1830
1831 if( status != PSA_ERROR_NOT_SUPPORTED )
1832 return( status );
1833 #endif
1834 /* Nothing left to try if we fall through here */
1835 (void) status;
1836 (void) operation;
1837 (void) alg;
1838 return( PSA_ERROR_NOT_SUPPORTED );
1839 }
1840
psa_driver_wrapper_hash_clone(const psa_hash_operation_t * source_operation,psa_hash_operation_t * target_operation)1841 static inline psa_status_t psa_driver_wrapper_hash_clone(
1842 const psa_hash_operation_t *source_operation,
1843 psa_hash_operation_t *target_operation )
1844 {
1845 switch( source_operation->id )
1846 {
1847 #if defined(MBEDTLS_PSA_BUILTIN_HASH)
1848 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1849 target_operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1850 return( mbedtls_psa_hash_clone( &source_operation->ctx.mbedtls_ctx,
1851 &target_operation->ctx.mbedtls_ctx ) );
1852 #endif
1853 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1854 #if defined(PSA_CRYPTO_DRIVER_TEST)
1855 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1856 target_operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
1857 return( mbedtls_test_transparent_hash_clone(
1858 &source_operation->ctx.test_driver_ctx,
1859 &target_operation->ctx.test_driver_ctx ) );
1860 #endif /* PSA_CRYPTO_DRIVER_TEST */
1861 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
1862 case PSA_CRYPTO_CC3XX_DRIVER_ID:
1863 target_operation->id = PSA_CRYPTO_CC3XX_DRIVER_ID;
1864 return( cc3xx_hash_clone(
1865 &source_operation->ctx.cc3xx_driver_ctx,
1866 &target_operation->ctx.cc3xx_driver_ctx ) );
1867
1868 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
1869 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1870 default:
1871 (void) target_operation;
1872 return( PSA_ERROR_BAD_STATE );
1873 }
1874 }
1875
psa_driver_wrapper_hash_update(psa_hash_operation_t * operation,const uint8_t * input,size_t input_length)1876 static inline psa_status_t psa_driver_wrapper_hash_update(
1877 psa_hash_operation_t *operation,
1878 const uint8_t *input,
1879 size_t input_length )
1880 {
1881 switch( operation->id )
1882 {
1883 #if defined(MBEDTLS_PSA_BUILTIN_HASH)
1884 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1885 return( mbedtls_psa_hash_update( &operation->ctx.mbedtls_ctx,
1886 input, input_length ) );
1887 #endif
1888 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1889 #if defined(PSA_CRYPTO_DRIVER_TEST)
1890 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1891 return( mbedtls_test_transparent_hash_update(
1892 &operation->ctx.test_driver_ctx,
1893 input, input_length ) );
1894 #endif /* PSA_CRYPTO_DRIVER_TEST */
1895 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
1896 case PSA_CRYPTO_CC3XX_DRIVER_ID:
1897 return( cc3xx_hash_update(
1898 &operation->ctx.cc3xx_driver_ctx,
1899 input, input_length ) );
1900 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
1901 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1902 default:
1903 (void) input;
1904 (void) input_length;
1905 return( PSA_ERROR_BAD_STATE );
1906 }
1907 }
1908
psa_driver_wrapper_hash_finish(psa_hash_operation_t * operation,uint8_t * hash,size_t hash_size,size_t * hash_length)1909 static inline psa_status_t psa_driver_wrapper_hash_finish(
1910 psa_hash_operation_t *operation,
1911 uint8_t *hash,
1912 size_t hash_size,
1913 size_t *hash_length )
1914 {
1915 switch( operation->id )
1916 {
1917 #if defined(MBEDTLS_PSA_BUILTIN_HASH)
1918 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1919 return( mbedtls_psa_hash_finish( &operation->ctx.mbedtls_ctx,
1920 hash, hash_size, hash_length ) );
1921 #endif
1922 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1923 #if defined(PSA_CRYPTO_DRIVER_TEST)
1924 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1925 return( mbedtls_test_transparent_hash_finish(
1926 &operation->ctx.test_driver_ctx,
1927 hash, hash_size, hash_length ) );
1928 #endif /* PSA_CRYPTO_DRIVER_TEST */
1929 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
1930 case PSA_CRYPTO_CC3XX_DRIVER_ID:
1931 return( cc3xx_hash_finish(
1932 &operation->ctx.cc3xx_driver_ctx,
1933 hash, hash_size, hash_length ) );
1934 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
1935 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1936 default:
1937 (void) hash;
1938 (void) hash_size;
1939 (void) hash_length;
1940 return( PSA_ERROR_BAD_STATE );
1941 }
1942 }
1943
psa_driver_wrapper_hash_abort(psa_hash_operation_t * operation)1944 static inline psa_status_t psa_driver_wrapper_hash_abort(
1945 psa_hash_operation_t *operation )
1946 {
1947 switch( operation->id )
1948 {
1949 #if defined(MBEDTLS_PSA_BUILTIN_HASH)
1950 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1951 return( mbedtls_psa_hash_abort( &operation->ctx.mbedtls_ctx ) );
1952 #endif
1953 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1954 #if defined(PSA_CRYPTO_DRIVER_TEST)
1955 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1956 return( mbedtls_test_transparent_hash_abort(
1957 &operation->ctx.test_driver_ctx ) );
1958 #endif /* PSA_CRYPTO_DRIVER_TEST */
1959 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
1960 case PSA_CRYPTO_CC3XX_DRIVER_ID:
1961 return( cc3xx_hash_abort(
1962 &operation->ctx.cc3xx_driver_ctx ) );
1963 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
1964 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1965 default:
1966 return( PSA_ERROR_BAD_STATE );
1967 }
1968 }
1969
psa_driver_wrapper_aead_encrypt(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * nonce,size_t nonce_length,const uint8_t * additional_data,size_t additional_data_length,const uint8_t * plaintext,size_t plaintext_length,uint8_t * ciphertext,size_t ciphertext_size,size_t * ciphertext_length)1970 static inline psa_status_t psa_driver_wrapper_aead_encrypt(
1971 const psa_key_attributes_t *attributes,
1972 const uint8_t *key_buffer, size_t key_buffer_size,
1973 psa_algorithm_t alg,
1974 const uint8_t *nonce, size_t nonce_length,
1975 const uint8_t *additional_data, size_t additional_data_length,
1976 const uint8_t *plaintext, size_t plaintext_length,
1977 uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length )
1978 {
1979 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1980 psa_key_location_t location =
1981 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
1982
1983 switch( location )
1984 {
1985 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1986 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
1987 case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
1988 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
1989 /* Key is stored in the slot in export representation, so
1990 * cycle through all known transparent accelerators */
1991
1992 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1993 #if defined(PSA_CRYPTO_DRIVER_TEST)
1994 status = mbedtls_test_transparent_aead_encrypt(
1995 attributes, key_buffer, key_buffer_size,
1996 alg,
1997 nonce, nonce_length,
1998 additional_data, additional_data_length,
1999 plaintext, plaintext_length,
2000 ciphertext, ciphertext_size, ciphertext_length );
2001 /* Declared with fallback == true */
2002 if( status != PSA_ERROR_NOT_SUPPORTED )
2003 return( status );
2004 #endif /* PSA_CRYPTO_DRIVER_TEST */
2005 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
2006 status = cc3xx_aead_encrypt(
2007 attributes, key_buffer, key_buffer_size,
2008 alg,
2009 nonce, nonce_length,
2010 additional_data, additional_data_length,
2011 plaintext, plaintext_length,
2012 ciphertext, ciphertext_size, ciphertext_length );
2013
2014 return( status );
2015 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
2016 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2017
2018 /* Fell through, meaning no accelerator supports this operation */
2019 return( mbedtls_psa_aead_encrypt(
2020 attributes, key_buffer, key_buffer_size,
2021 alg,
2022 nonce, nonce_length,
2023 additional_data, additional_data_length,
2024 plaintext, plaintext_length,
2025 ciphertext, ciphertext_size, ciphertext_length ) );
2026
2027 /* Add cases for opaque driver here */
2028
2029 default:
2030 /* Key is declared with a lifetime not known to us */
2031 (void)status;
2032 return( PSA_ERROR_INVALID_ARGUMENT );
2033 }
2034 }
2035
psa_driver_wrapper_aead_decrypt(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * nonce,size_t nonce_length,const uint8_t * additional_data,size_t additional_data_length,const uint8_t * ciphertext,size_t ciphertext_length,uint8_t * plaintext,size_t plaintext_size,size_t * plaintext_length)2036 static inline psa_status_t psa_driver_wrapper_aead_decrypt(
2037 const psa_key_attributes_t *attributes,
2038 const uint8_t *key_buffer, size_t key_buffer_size,
2039 psa_algorithm_t alg,
2040 const uint8_t *nonce, size_t nonce_length,
2041 const uint8_t *additional_data, size_t additional_data_length,
2042 const uint8_t *ciphertext, size_t ciphertext_length,
2043 uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length )
2044 {
2045 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2046 psa_key_location_t location =
2047 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
2048
2049 switch( location )
2050 {
2051 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2052 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
2053 case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
2054 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
2055 /* Key is stored in the slot in export representation, so
2056 * cycle through all known transparent accelerators */
2057
2058 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2059 #if defined(PSA_CRYPTO_DRIVER_TEST)
2060 status = mbedtls_test_transparent_aead_decrypt(
2061 attributes, key_buffer, key_buffer_size,
2062 alg,
2063 nonce, nonce_length,
2064 additional_data, additional_data_length,
2065 ciphertext, ciphertext_length,
2066 plaintext, plaintext_size, plaintext_length );
2067 /* Declared with fallback == true */
2068 if( status != PSA_ERROR_NOT_SUPPORTED )
2069 return( status );
2070 #endif /* PSA_CRYPTO_DRIVER_TEST */
2071 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
2072 status = cc3xx_aead_decrypt(
2073 attributes, key_buffer, key_buffer_size,
2074 alg,
2075 nonce, nonce_length,
2076 additional_data, additional_data_length,
2077 ciphertext, ciphertext_length,
2078 plaintext, plaintext_size, plaintext_length );
2079
2080 return( status );
2081 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
2082 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2083
2084 /* Fell through, meaning no accelerator supports this operation */
2085 return( mbedtls_psa_aead_decrypt(
2086 attributes, key_buffer, key_buffer_size,
2087 alg,
2088 nonce, nonce_length,
2089 additional_data, additional_data_length,
2090 ciphertext, ciphertext_length,
2091 plaintext, plaintext_size, plaintext_length ) );
2092
2093 /* Add cases for opaque driver here */
2094
2095 default:
2096 /* Key is declared with a lifetime not known to us */
2097 (void)status;
2098 return( PSA_ERROR_INVALID_ARGUMENT );
2099 }
2100 }
2101
psa_driver_wrapper_aead_encrypt_setup(psa_aead_operation_t * operation,const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg)2102 static inline psa_status_t psa_driver_wrapper_aead_encrypt_setup(
2103 psa_aead_operation_t *operation,
2104 const psa_key_attributes_t *attributes,
2105 const uint8_t *key_buffer, size_t key_buffer_size,
2106 psa_algorithm_t alg )
2107 {
2108 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2109 psa_key_location_t location =
2110 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
2111
2112 switch( location )
2113 {
2114 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2115 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
2116 case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
2117 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
2118 /* Key is stored in the slot in export representation, so
2119 * cycle through all known transparent accelerators */
2120
2121 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2122 #if defined(PSA_CRYPTO_DRIVER_TEST)
2123 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
2124 status = mbedtls_test_transparent_aead_encrypt_setup(
2125 &operation->ctx.transparent_test_driver_ctx,
2126 attributes, key_buffer, key_buffer_size,
2127 alg );
2128
2129 /* Declared with fallback == true */
2130 if( status != PSA_ERROR_NOT_SUPPORTED )
2131 return( status );
2132 #endif /* PSA_CRYPTO_DRIVER_TEST */
2133 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
2134 operation->id = PSA_CRYPTO_CC3XX_DRIVER_ID;
2135 status = cc3xx_aead_encrypt_setup(
2136 &operation->ctx.cc3xx_driver_ctx,
2137 attributes, key_buffer, key_buffer_size,
2138 alg );
2139
2140 return( status );
2141 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
2142 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2143
2144 /* Fell through, meaning no accelerator supports this operation */
2145 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
2146 status = mbedtls_psa_aead_encrypt_setup(
2147 &operation->ctx.mbedtls_ctx, attributes,
2148 key_buffer, key_buffer_size,
2149 alg );
2150
2151 return( status );
2152
2153 /* Add cases for opaque driver here */
2154
2155 default:
2156 /* Key is declared with a lifetime not known to us */
2157 (void)status;
2158 return( PSA_ERROR_INVALID_ARGUMENT );
2159 }
2160 }
2161
psa_driver_wrapper_aead_decrypt_setup(psa_aead_operation_t * operation,const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg)2162 static inline psa_status_t psa_driver_wrapper_aead_decrypt_setup(
2163 psa_aead_operation_t *operation,
2164 const psa_key_attributes_t *attributes,
2165 const uint8_t *key_buffer, size_t key_buffer_size,
2166 psa_algorithm_t alg )
2167 {
2168 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2169 psa_key_location_t location =
2170 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
2171
2172 switch( location )
2173 {
2174 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2175 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
2176 case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
2177 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
2178 /* Key is stored in the slot in export representation, so
2179 * cycle through all known transparent accelerators */
2180
2181 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2182 #if defined(PSA_CRYPTO_DRIVER_TEST)
2183 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
2184 status = mbedtls_test_transparent_aead_decrypt_setup(
2185 &operation->ctx.transparent_test_driver_ctx,
2186 attributes,
2187 key_buffer, key_buffer_size,
2188 alg );
2189
2190 /* Declared with fallback == true */
2191 if( status != PSA_ERROR_NOT_SUPPORTED )
2192 return( status );
2193 #endif /* PSA_CRYPTO_DRIVER_TEST */
2194 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
2195 operation->id = PSA_CRYPTO_CC3XX_DRIVER_ID;
2196 status = cc3xx_aead_decrypt_setup(
2197 &operation->ctx.cc3xx_driver_ctx,
2198 attributes,
2199 key_buffer, key_buffer_size,
2200 alg );
2201
2202 return( status );
2203 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
2204 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2205
2206 /* Fell through, meaning no accelerator supports this operation */
2207 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
2208 status = mbedtls_psa_aead_decrypt_setup(
2209 &operation->ctx.mbedtls_ctx,
2210 attributes,
2211 key_buffer, key_buffer_size,
2212 alg );
2213
2214 return( status );
2215
2216 /* Add cases for opaque driver here */
2217
2218 default:
2219 /* Key is declared with a lifetime not known to us */
2220 (void)status;
2221 return( PSA_ERROR_INVALID_ARGUMENT );
2222 }
2223 }
2224
psa_driver_wrapper_aead_set_nonce(psa_aead_operation_t * operation,const uint8_t * nonce,size_t nonce_length)2225 static inline psa_status_t psa_driver_wrapper_aead_set_nonce(
2226 psa_aead_operation_t *operation,
2227 const uint8_t *nonce,
2228 size_t nonce_length )
2229 {
2230 switch( operation->id )
2231 {
2232 #if defined(MBEDTLS_PSA_BUILTIN_AEAD)
2233 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2234 return( mbedtls_psa_aead_set_nonce( &operation->ctx.mbedtls_ctx,
2235 nonce,
2236 nonce_length ) );
2237
2238 #endif /* MBEDTLS_PSA_BUILTIN_AEAD */
2239
2240 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2241 #if defined(PSA_CRYPTO_DRIVER_TEST)
2242 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2243 return( mbedtls_test_transparent_aead_set_nonce(
2244 &operation->ctx.transparent_test_driver_ctx,
2245 nonce, nonce_length ) );
2246
2247 /* Add cases for opaque driver here */
2248
2249 #endif /* PSA_CRYPTO_DRIVER_TEST */
2250 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
2251 case PSA_CRYPTO_CC3XX_DRIVER_ID:
2252 return( cc3xx_aead_set_nonce(
2253 &operation->ctx.cc3xx_driver_ctx,
2254 nonce, nonce_length ) );
2255 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
2256 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2257 }
2258
2259 (void)nonce;
2260 (void)nonce_length;
2261
2262 return( PSA_ERROR_INVALID_ARGUMENT );
2263 }
2264
psa_driver_wrapper_aead_set_lengths(psa_aead_operation_t * operation,size_t ad_length,size_t plaintext_length)2265 static inline psa_status_t psa_driver_wrapper_aead_set_lengths(
2266 psa_aead_operation_t *operation,
2267 size_t ad_length,
2268 size_t plaintext_length )
2269 {
2270 switch( operation->id )
2271 {
2272 #if defined(MBEDTLS_PSA_BUILTIN_AEAD)
2273 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2274 return( mbedtls_psa_aead_set_lengths( &operation->ctx.mbedtls_ctx,
2275 ad_length,
2276 plaintext_length ) );
2277
2278 #endif /* MBEDTLS_PSA_BUILTIN_AEAD */
2279
2280 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2281 #if defined(PSA_CRYPTO_DRIVER_TEST)
2282 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2283 return( mbedtls_test_transparent_aead_set_lengths(
2284 &operation->ctx.transparent_test_driver_ctx,
2285 ad_length, plaintext_length ) );
2286
2287 /* Add cases for opaque driver here */
2288
2289 #endif /* PSA_CRYPTO_DRIVER_TEST */
2290 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
2291 case PSA_CRYPTO_CC3XX_DRIVER_ID:
2292 return( cc3xx_aead_set_lengths(
2293 &operation->ctx.cc3xx_driver_ctx,
2294 ad_length, plaintext_length ) );
2295 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
2296 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2297 }
2298
2299 (void)ad_length;
2300 (void)plaintext_length;
2301
2302 return( PSA_ERROR_INVALID_ARGUMENT );
2303 }
2304
psa_driver_wrapper_aead_update_ad(psa_aead_operation_t * operation,const uint8_t * input,size_t input_length)2305 static inline psa_status_t psa_driver_wrapper_aead_update_ad(
2306 psa_aead_operation_t *operation,
2307 const uint8_t *input,
2308 size_t input_length )
2309 {
2310 switch( operation->id )
2311 {
2312 #if defined(MBEDTLS_PSA_BUILTIN_AEAD)
2313 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2314 return( mbedtls_psa_aead_update_ad( &operation->ctx.mbedtls_ctx,
2315 input,
2316 input_length ) );
2317
2318 #endif /* MBEDTLS_PSA_BUILTIN_AEAD */
2319
2320 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2321 #if defined(PSA_CRYPTO_DRIVER_TEST)
2322 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2323 return( mbedtls_test_transparent_aead_update_ad(
2324 &operation->ctx.transparent_test_driver_ctx,
2325 input, input_length ) );
2326
2327 /* Add cases for opaque driver here */
2328
2329 #endif /* PSA_CRYPTO_DRIVER_TEST */
2330 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
2331 case PSA_CRYPTO_CC3XX_DRIVER_ID:
2332 return( cc3xx_aead_update_ad(
2333 &operation->ctx.cc3xx_driver_ctx,
2334 input, input_length ) );
2335 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
2336 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2337 }
2338
2339 (void)input;
2340 (void)input_length;
2341
2342 return( PSA_ERROR_INVALID_ARGUMENT );
2343 }
2344
psa_driver_wrapper_aead_update(psa_aead_operation_t * operation,const uint8_t * input,size_t input_length,uint8_t * output,size_t output_size,size_t * output_length)2345 static inline psa_status_t psa_driver_wrapper_aead_update(
2346 psa_aead_operation_t *operation,
2347 const uint8_t *input,
2348 size_t input_length,
2349 uint8_t *output,
2350 size_t output_size,
2351 size_t *output_length )
2352 {
2353 switch( operation->id )
2354 {
2355 #if defined(MBEDTLS_PSA_BUILTIN_AEAD)
2356 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2357 return( mbedtls_psa_aead_update( &operation->ctx.mbedtls_ctx,
2358 input, input_length,
2359 output, output_size,
2360 output_length ) );
2361
2362 #endif /* MBEDTLS_PSA_BUILTIN_AEAD */
2363
2364 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2365 #if defined(PSA_CRYPTO_DRIVER_TEST)
2366 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2367 return( mbedtls_test_transparent_aead_update(
2368 &operation->ctx.transparent_test_driver_ctx,
2369 input, input_length, output, output_size,
2370 output_length ) );
2371
2372 /* Add cases for opaque driver here */
2373
2374 #endif /* PSA_CRYPTO_DRIVER_TEST */
2375 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
2376 case PSA_CRYPTO_CC3XX_DRIVER_ID:
2377 return( cc3xx_aead_update(
2378 &operation->ctx.cc3xx_driver_ctx,
2379 input, input_length, output, output_size,
2380 output_length ) );
2381 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
2382 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2383 }
2384
2385 (void)input;
2386 (void)input_length;
2387 (void)output;
2388 (void)output_size;
2389 (void)output_length;
2390
2391 return( PSA_ERROR_INVALID_ARGUMENT );
2392 }
2393
psa_driver_wrapper_aead_finish(psa_aead_operation_t * operation,uint8_t * ciphertext,size_t ciphertext_size,size_t * ciphertext_length,uint8_t * tag,size_t tag_size,size_t * tag_length)2394 static inline psa_status_t psa_driver_wrapper_aead_finish(
2395 psa_aead_operation_t *operation,
2396 uint8_t *ciphertext,
2397 size_t ciphertext_size,
2398 size_t *ciphertext_length,
2399 uint8_t *tag,
2400 size_t tag_size,
2401 size_t *tag_length )
2402 {
2403 switch( operation->id )
2404 {
2405 #if defined(MBEDTLS_PSA_BUILTIN_AEAD)
2406 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2407 return( mbedtls_psa_aead_finish( &operation->ctx.mbedtls_ctx,
2408 ciphertext,
2409 ciphertext_size,
2410 ciphertext_length, tag,
2411 tag_size, tag_length ) );
2412
2413 #endif /* MBEDTLS_PSA_BUILTIN_AEAD */
2414
2415 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2416 #if defined(PSA_CRYPTO_DRIVER_TEST)
2417 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2418 return( mbedtls_test_transparent_aead_finish(
2419 &operation->ctx.transparent_test_driver_ctx,
2420 ciphertext, ciphertext_size,
2421 ciphertext_length, tag, tag_size, tag_length ) );
2422
2423 /* Add cases for opaque driver here */
2424
2425 #endif /* PSA_CRYPTO_DRIVER_TEST */
2426 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
2427 case PSA_CRYPTO_CC3XX_DRIVER_ID:
2428 return( cc3xx_aead_finish(
2429 &operation->ctx.cc3xx_driver_ctx,
2430 ciphertext, ciphertext_size,
2431 ciphertext_length, tag, tag_size, tag_length ) );
2432 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
2433 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2434 }
2435
2436 (void)ciphertext;
2437 (void)ciphertext_size;
2438 (void)ciphertext_length;
2439 (void)tag;
2440 (void)tag_size;
2441 (void)tag_length;
2442
2443 return( PSA_ERROR_INVALID_ARGUMENT );
2444 }
2445
psa_driver_wrapper_aead_verify(psa_aead_operation_t * operation,uint8_t * plaintext,size_t plaintext_size,size_t * plaintext_length,const uint8_t * tag,size_t tag_length)2446 static inline psa_status_t psa_driver_wrapper_aead_verify(
2447 psa_aead_operation_t *operation,
2448 uint8_t *plaintext,
2449 size_t plaintext_size,
2450 size_t *plaintext_length,
2451 const uint8_t *tag,
2452 size_t tag_length )
2453 {
2454 switch( operation->id )
2455 {
2456 #if defined(MBEDTLS_PSA_BUILTIN_AEAD)
2457 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2458 {
2459 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2460 uint8_t check_tag[PSA_AEAD_TAG_MAX_SIZE];
2461 size_t check_tag_length;
2462
2463 status = mbedtls_psa_aead_finish( &operation->ctx.mbedtls_ctx,
2464 plaintext,
2465 plaintext_size,
2466 plaintext_length,
2467 check_tag,
2468 sizeof( check_tag ),
2469 &check_tag_length );
2470
2471 if( status == PSA_SUCCESS )
2472 {
2473 if( tag_length != check_tag_length ||
2474 mbedtls_ct_memcmp( tag, check_tag, tag_length )
2475 != 0 )
2476 status = PSA_ERROR_INVALID_SIGNATURE;
2477 }
2478
2479 mbedtls_platform_zeroize( check_tag, sizeof( check_tag ) );
2480
2481 return( status );
2482 }
2483
2484 #endif /* MBEDTLS_PSA_BUILTIN_AEAD */
2485
2486 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2487 #if defined(PSA_CRYPTO_DRIVER_TEST)
2488 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2489 return( mbedtls_test_transparent_aead_verify(
2490 &operation->ctx.transparent_test_driver_ctx,
2491 plaintext, plaintext_size,
2492 plaintext_length, tag, tag_length ) );
2493
2494 /* Add cases for opaque driver here */
2495
2496 #endif /* PSA_CRYPTO_DRIVER_TEST */
2497 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
2498 case PSA_CRYPTO_CC3XX_DRIVER_ID:
2499 return( cc3xx_aead_verify(
2500 &operation->ctx.cc3xx_driver_ctx,
2501 plaintext, plaintext_size,
2502 plaintext_length, tag, tag_length ) );
2503 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
2504 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2505 }
2506
2507 (void)plaintext;
2508 (void)plaintext_size;
2509 (void)plaintext_length;
2510 (void)tag;
2511 (void)tag_length;
2512
2513 return( PSA_ERROR_INVALID_ARGUMENT );
2514 }
2515
psa_driver_wrapper_aead_abort(psa_aead_operation_t * operation)2516 static inline psa_status_t psa_driver_wrapper_aead_abort(
2517 psa_aead_operation_t *operation )
2518 {
2519 switch( operation->id )
2520 {
2521 #if defined(MBEDTLS_PSA_BUILTIN_AEAD)
2522 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2523 return( mbedtls_psa_aead_abort( &operation->ctx.mbedtls_ctx ) );
2524
2525 #endif /* MBEDTLS_PSA_BUILTIN_AEAD */
2526
2527 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2528 #if defined(PSA_CRYPTO_DRIVER_TEST)
2529 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2530 return( mbedtls_test_transparent_aead_abort(
2531 &operation->ctx.transparent_test_driver_ctx ) );
2532
2533 /* Add cases for opaque driver here */
2534
2535 #endif /* PSA_CRYPTO_DRIVER_TEST */
2536 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
2537 case PSA_CRYPTO_CC3XX_DRIVER_ID:
2538 return( cc3xx_aead_abort(
2539 &operation->ctx.cc3xx_driver_ctx ) );
2540 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
2541 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2542 }
2543
2544 return( PSA_ERROR_INVALID_ARGUMENT );
2545 }
2546
2547 /*
2548 * MAC functions
2549 */
psa_driver_wrapper_mac_compute(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * input,size_t input_length,uint8_t * mac,size_t mac_size,size_t * mac_length)2550 static inline psa_status_t psa_driver_wrapper_mac_compute(
2551 const psa_key_attributes_t *attributes,
2552 const uint8_t *key_buffer,
2553 size_t key_buffer_size,
2554 psa_algorithm_t alg,
2555 const uint8_t *input,
2556 size_t input_length,
2557 uint8_t *mac,
2558 size_t mac_size,
2559 size_t *mac_length )
2560 {
2561 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2562 psa_key_location_t location =
2563 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
2564
2565 switch( location )
2566 {
2567 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2568 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
2569 case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
2570 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
2571 /* Key is stored in the slot in export representation, so
2572 * cycle through all known transparent accelerators */
2573 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2574 #if defined(PSA_CRYPTO_DRIVER_TEST)
2575 status = mbedtls_test_transparent_mac_compute(
2576 attributes, key_buffer, key_buffer_size, alg,
2577 input, input_length,
2578 mac, mac_size, mac_length );
2579 /* Declared with fallback == true */
2580 if( status != PSA_ERROR_NOT_SUPPORTED )
2581 return( status );
2582 #endif /* PSA_CRYPTO_DRIVER_TEST */
2583 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
2584 status = cc3xx_mac_compute(attributes, key_buffer, key_buffer_size, alg,
2585 input, input_length,
2586 mac, mac_size, mac_length);
2587 return( status );
2588 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
2589 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2590 #if defined(MBEDTLS_PSA_BUILTIN_MAC)
2591 /* Fell through, meaning no accelerator supports this operation */
2592 status = mbedtls_psa_mac_compute(
2593 attributes, key_buffer, key_buffer_size, alg,
2594 input, input_length,
2595 mac, mac_size, mac_length );
2596 if( status != PSA_ERROR_NOT_SUPPORTED )
2597 return( status );
2598 #endif /* MBEDTLS_PSA_BUILTIN_MAC */
2599 return( PSA_ERROR_NOT_SUPPORTED );
2600
2601 /* Add cases for opaque driver here */
2602 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2603 #if defined(PSA_CRYPTO_DRIVER_TEST)
2604 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2605 status = mbedtls_test_opaque_mac_compute(
2606 attributes, key_buffer, key_buffer_size, alg,
2607 input, input_length,
2608 mac, mac_size, mac_length );
2609 return( status );
2610 #endif /* PSA_CRYPTO_DRIVER_TEST */
2611 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2612 default:
2613 /* Key is declared with a lifetime not known to us */
2614 (void) key_buffer;
2615 (void) key_buffer_size;
2616 (void) alg;
2617 (void) input;
2618 (void) input_length;
2619 (void) mac;
2620 (void) mac_size;
2621 (void) mac_length;
2622 (void) status;
2623 return( PSA_ERROR_INVALID_ARGUMENT );
2624 }
2625 }
2626
psa_driver_wrapper_mac_sign_setup(psa_mac_operation_t * operation,const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg)2627 static inline psa_status_t psa_driver_wrapper_mac_sign_setup(
2628 psa_mac_operation_t *operation,
2629 const psa_key_attributes_t *attributes,
2630 const uint8_t *key_buffer,
2631 size_t key_buffer_size,
2632 psa_algorithm_t alg )
2633 {
2634 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2635 psa_key_location_t location =
2636 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
2637
2638 switch( location )
2639 {
2640 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2641 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
2642 case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
2643 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
2644 /* Key is stored in the slot in export representation, so
2645 * cycle through all known transparent accelerators */
2646 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2647 #if defined(PSA_CRYPTO_DRIVER_TEST)
2648 status = mbedtls_test_transparent_mac_sign_setup(
2649 &operation->ctx.transparent_test_driver_ctx,
2650 attributes,
2651 key_buffer, key_buffer_size,
2652 alg );
2653 /* Declared with fallback == true */
2654 if( status == PSA_SUCCESS )
2655 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
2656
2657 if( status != PSA_ERROR_NOT_SUPPORTED )
2658 return( status );
2659 #endif /* PSA_CRYPTO_DRIVER_TEST */
2660 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
2661 status = cc3xx_mac_sign_setup(
2662 &operation->ctx.cc3xx_driver_ctx,
2663 attributes,
2664 key_buffer, key_buffer_size,
2665 alg);
2666 operation->id = PSA_CRYPTO_CC3XX_DRIVER_ID;
2667 return status;
2668 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
2669 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2670 #if defined(MBEDTLS_PSA_BUILTIN_MAC)
2671 /* Fell through, meaning no accelerator supports this operation */
2672 status = mbedtls_psa_mac_sign_setup( &operation->ctx.mbedtls_ctx,
2673 attributes,
2674 key_buffer, key_buffer_size,
2675 alg );
2676 if( status == PSA_SUCCESS )
2677 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
2678
2679 if( status != PSA_ERROR_NOT_SUPPORTED )
2680 return( status );
2681 #endif /* MBEDTLS_PSA_BUILTIN_MAC */
2682 return( PSA_ERROR_NOT_SUPPORTED );
2683
2684 /* Add cases for opaque driver here */
2685 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2686 #if defined(PSA_CRYPTO_DRIVER_TEST)
2687 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2688 status = mbedtls_test_opaque_mac_sign_setup(
2689 &operation->ctx.opaque_test_driver_ctx,
2690 attributes,
2691 key_buffer, key_buffer_size,
2692 alg );
2693
2694 if( status == PSA_SUCCESS )
2695 operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID;
2696
2697 return( status );
2698 #endif /* PSA_CRYPTO_DRIVER_TEST */
2699 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2700 default:
2701 /* Key is declared with a lifetime not known to us */
2702 (void) status;
2703 (void) operation;
2704 (void) key_buffer;
2705 (void) key_buffer_size;
2706 (void) alg;
2707 return( PSA_ERROR_INVALID_ARGUMENT );
2708 }
2709 }
2710
psa_driver_wrapper_mac_verify_setup(psa_mac_operation_t * operation,const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg)2711 static inline psa_status_t psa_driver_wrapper_mac_verify_setup(
2712 psa_mac_operation_t *operation,
2713 const psa_key_attributes_t *attributes,
2714 const uint8_t *key_buffer,
2715 size_t key_buffer_size,
2716 psa_algorithm_t alg )
2717 {
2718 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2719 psa_key_location_t location =
2720 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
2721
2722 switch( location )
2723 {
2724 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2725 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
2726 case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
2727 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
2728 /* Key is stored in the slot in export representation, so
2729 * cycle through all known transparent accelerators */
2730 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2731 #if defined(PSA_CRYPTO_DRIVER_TEST)
2732 status = mbedtls_test_transparent_mac_verify_setup(
2733 &operation->ctx.transparent_test_driver_ctx,
2734 attributes,
2735 key_buffer, key_buffer_size,
2736 alg );
2737 /* Declared with fallback == true */
2738 if( status == PSA_SUCCESS )
2739 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
2740
2741 if( status != PSA_ERROR_NOT_SUPPORTED )
2742 return( status );
2743 #endif /* PSA_CRYPTO_DRIVER_TEST */
2744 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
2745 status = cc3xx_mac_verify_setup(
2746 &operation->ctx.cc3xx_driver_ctx,
2747 attributes,
2748 key_buffer, key_buffer_size,
2749 alg);
2750 operation->id = PSA_CRYPTO_CC3XX_DRIVER_ID;
2751 return status;
2752 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
2753 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2754 #if defined(MBEDTLS_PSA_BUILTIN_MAC)
2755 /* Fell through, meaning no accelerator supports this operation */
2756 status = mbedtls_psa_mac_verify_setup( &operation->ctx.mbedtls_ctx,
2757 attributes,
2758 key_buffer, key_buffer_size,
2759 alg );
2760 if( status == PSA_SUCCESS )
2761 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
2762
2763 if( status != PSA_ERROR_NOT_SUPPORTED )
2764 return( status );
2765 #endif /* MBEDTLS_PSA_BUILTIN_MAC */
2766 return( PSA_ERROR_NOT_SUPPORTED );
2767
2768 /* Add cases for opaque driver here */
2769 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2770 #if defined(PSA_CRYPTO_DRIVER_TEST)
2771 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2772 status = mbedtls_test_opaque_mac_verify_setup(
2773 &operation->ctx.opaque_test_driver_ctx,
2774 attributes,
2775 key_buffer, key_buffer_size,
2776 alg );
2777
2778 if( status == PSA_SUCCESS )
2779 operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID;
2780
2781 return( status );
2782 #endif /* PSA_CRYPTO_DRIVER_TEST */
2783 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2784 default:
2785 /* Key is declared with a lifetime not known to us */
2786 (void) status;
2787 (void) operation;
2788 (void) key_buffer;
2789 (void) key_buffer_size;
2790 (void) alg;
2791 return( PSA_ERROR_INVALID_ARGUMENT );
2792 }
2793 }
2794
psa_driver_wrapper_mac_update(psa_mac_operation_t * operation,const uint8_t * input,size_t input_length)2795 static inline psa_status_t psa_driver_wrapper_mac_update(
2796 psa_mac_operation_t *operation,
2797 const uint8_t *input,
2798 size_t input_length )
2799 {
2800 switch( operation->id )
2801 {
2802 #if defined(MBEDTLS_PSA_BUILTIN_MAC)
2803 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2804 return( mbedtls_psa_mac_update( &operation->ctx.mbedtls_ctx,
2805 input, input_length ) );
2806 #endif /* MBEDTLS_PSA_BUILTIN_MAC */
2807
2808 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2809 #if defined(PSA_CRYPTO_DRIVER_TEST)
2810 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2811 return( mbedtls_test_transparent_mac_update(
2812 &operation->ctx.transparent_test_driver_ctx,
2813 input, input_length ) );
2814
2815 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
2816 return( mbedtls_test_opaque_mac_update(
2817 &operation->ctx.opaque_test_driver_ctx,
2818 input, input_length ) );
2819 #endif /* PSA_CRYPTO_DRIVER_TEST */
2820 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
2821 case PSA_CRYPTO_CC3XX_DRIVER_ID:
2822 return(cc3xx_mac_update(&operation->ctx.cc3xx_driver_ctx, input, input_length));
2823 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
2824 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2825 default:
2826 (void) input;
2827 (void) input_length;
2828 return( PSA_ERROR_INVALID_ARGUMENT );
2829 }
2830 }
2831
psa_driver_wrapper_mac_sign_finish(psa_mac_operation_t * operation,uint8_t * mac,size_t mac_size,size_t * mac_length)2832 static inline psa_status_t psa_driver_wrapper_mac_sign_finish(
2833 psa_mac_operation_t *operation,
2834 uint8_t *mac,
2835 size_t mac_size,
2836 size_t *mac_length )
2837 {
2838 switch( operation->id )
2839 {
2840 #if defined(MBEDTLS_PSA_BUILTIN_MAC)
2841 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2842 return( mbedtls_psa_mac_sign_finish( &operation->ctx.mbedtls_ctx,
2843 mac, mac_size, mac_length ) );
2844 #endif /* MBEDTLS_PSA_BUILTIN_MAC */
2845
2846 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2847 #if defined(PSA_CRYPTO_DRIVER_TEST)
2848 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2849 return( mbedtls_test_transparent_mac_sign_finish(
2850 &operation->ctx.transparent_test_driver_ctx,
2851 mac, mac_size, mac_length ) );
2852
2853 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
2854 return( mbedtls_test_opaque_mac_sign_finish(
2855 &operation->ctx.opaque_test_driver_ctx,
2856 mac, mac_size, mac_length ) );
2857 #endif /* PSA_CRYPTO_DRIVER_TEST */
2858 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
2859 case PSA_CRYPTO_CC3XX_DRIVER_ID:
2860 return(cc3xx_mac_sign_finish(&operation->ctx.cc3xx_driver_ctx,
2861 mac, mac_size, mac_length));
2862 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
2863 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2864 default:
2865 (void) mac;
2866 (void) mac_size;
2867 (void) mac_length;
2868 return( PSA_ERROR_INVALID_ARGUMENT );
2869 }
2870 }
2871
psa_driver_wrapper_mac_verify_finish(psa_mac_operation_t * operation,const uint8_t * mac,size_t mac_length)2872 static inline psa_status_t psa_driver_wrapper_mac_verify_finish(
2873 psa_mac_operation_t *operation,
2874 const uint8_t *mac,
2875 size_t mac_length )
2876 {
2877 switch( operation->id )
2878 {
2879 #if defined(MBEDTLS_PSA_BUILTIN_MAC)
2880 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2881 return( mbedtls_psa_mac_verify_finish( &operation->ctx.mbedtls_ctx,
2882 mac, mac_length ) );
2883 #endif /* MBEDTLS_PSA_BUILTIN_MAC */
2884
2885 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2886 #if defined(PSA_CRYPTO_DRIVER_TEST)
2887 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2888 return( mbedtls_test_transparent_mac_verify_finish(
2889 &operation->ctx.transparent_test_driver_ctx,
2890 mac, mac_length ) );
2891
2892 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
2893 return( mbedtls_test_opaque_mac_verify_finish(
2894 &operation->ctx.opaque_test_driver_ctx,
2895 mac, mac_length ) );
2896 #endif /* PSA_CRYPTO_DRIVER_TEST */
2897 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
2898 case PSA_CRYPTO_CC3XX_DRIVER_ID:
2899 return(cc3xx_mac_verify_finish(
2900 &operation->ctx.cc3xx_driver_ctx,
2901 mac, mac_length));
2902 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
2903 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2904 default:
2905 (void) mac;
2906 (void) mac_length;
2907 return( PSA_ERROR_INVALID_ARGUMENT );
2908 }
2909 }
2910
psa_driver_wrapper_mac_abort(psa_mac_operation_t * operation)2911 static inline psa_status_t psa_driver_wrapper_mac_abort(
2912 psa_mac_operation_t *operation )
2913 {
2914 switch( operation->id )
2915 {
2916 #if defined(MBEDTLS_PSA_BUILTIN_MAC)
2917 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2918 return( mbedtls_psa_mac_abort( &operation->ctx.mbedtls_ctx ) );
2919 #endif /* MBEDTLS_PSA_BUILTIN_MAC */
2920
2921 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2922 #if defined(PSA_CRYPTO_DRIVER_TEST)
2923 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2924 return( mbedtls_test_transparent_mac_abort(
2925 &operation->ctx.transparent_test_driver_ctx ) );
2926 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
2927 return( mbedtls_test_opaque_mac_abort(
2928 &operation->ctx.opaque_test_driver_ctx ) );
2929 #endif /* PSA_CRYPTO_DRIVER_TEST */
2930 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
2931 case PSA_CRYPTO_CC3XX_DRIVER_ID:
2932 return(cc3xx_mac_abort(&operation->ctx.cc3xx_driver_ctx));
2933 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
2934 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2935 default:
2936 return( PSA_ERROR_INVALID_ARGUMENT );
2937 }
2938 }
2939
2940 /*
2941 * Asymmetric cryptography
2942 */
psa_driver_wrapper_asymmetric_encrypt(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * input,size_t input_length,const uint8_t * salt,size_t salt_length,uint8_t * output,size_t output_size,size_t * output_length)2943 static inline psa_status_t psa_driver_wrapper_asymmetric_encrypt(
2944 const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
2945 size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input,
2946 size_t input_length, const uint8_t *salt, size_t salt_length,
2947 uint8_t *output, size_t output_size, size_t *output_length )
2948 {
2949 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2950 psa_key_location_t location =
2951 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
2952
2953 switch( location )
2954 {
2955 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2956 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
2957 case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
2958 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
2959 /* Key is stored in the slot in export representation, so
2960 * cycle through all known transparent accelerators */
2961 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2962 #if defined(PSA_CRYPTO_DRIVER_TEST)
2963 status = mbedtls_test_transparent_asymmetric_encrypt( attributes,
2964 key_buffer, key_buffer_size, alg, input, input_length,
2965 salt, salt_length, output, output_size,
2966 output_length );
2967 /* Declared with fallback == true */
2968 if( status != PSA_ERROR_NOT_SUPPORTED )
2969 return( status );
2970 #endif /* PSA_CRYPTO_DRIVER_TEST */
2971 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
2972 status = cc3xx_asymmetric_encrypt( attributes,
2973 key_buffer,
2974 key_buffer_size,
2975 alg,
2976 input,
2977 input_length,
2978 salt,
2979 salt_length,
2980 output,
2981 output_size,
2982 output_length );
2983 return( status );
2984 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
2985 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2986 return( mbedtls_psa_asymmetric_encrypt( attributes,
2987 key_buffer, key_buffer_size, alg, input, input_length,
2988 salt, salt_length, output, output_size, output_length )
2989 );
2990 /* Add cases for opaque driver here */
2991 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2992 #if defined(PSA_CRYPTO_DRIVER_TEST)
2993 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2994 return( mbedtls_test_opaque_asymmetric_encrypt( attributes,
2995 key_buffer, key_buffer_size, alg, input, input_length,
2996 salt, salt_length, output, output_size, output_length )
2997 );
2998 #endif /* PSA_CRYPTO_DRIVER_TEST */
2999 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
3000
3001 default:
3002 /* Key is declared with a lifetime not known to us */
3003 (void)status;
3004 (void)key_buffer;
3005 (void)key_buffer_size;
3006 (void)alg;
3007 (void)input;
3008 (void)input_length;
3009 (void)salt;
3010 (void)salt_length;
3011 (void)output;
3012 (void)output_size;
3013 (void)output_length;
3014 return( PSA_ERROR_INVALID_ARGUMENT );
3015 }
3016 }
3017
psa_driver_wrapper_asymmetric_decrypt(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * input,size_t input_length,const uint8_t * salt,size_t salt_length,uint8_t * output,size_t output_size,size_t * output_length)3018 static inline psa_status_t psa_driver_wrapper_asymmetric_decrypt(
3019 const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
3020 size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input,
3021 size_t input_length, const uint8_t *salt, size_t salt_length,
3022 uint8_t *output, size_t output_size, size_t *output_length )
3023 {
3024 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
3025 psa_key_location_t location =
3026 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
3027
3028 switch( location )
3029 {
3030 case PSA_KEY_LOCATION_LOCAL_STORAGE:
3031 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
3032 case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
3033 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
3034 /* Key is stored in the slot in export representation, so
3035 * cycle through all known transparent accelerators */
3036 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
3037 #if defined(PSA_CRYPTO_DRIVER_TEST)
3038 status = mbedtls_test_transparent_asymmetric_decrypt( attributes,
3039 key_buffer, key_buffer_size, alg, input, input_length,
3040 salt, salt_length, output, output_size,
3041 output_length );
3042 /* Declared with fallback == true */
3043 if( status != PSA_ERROR_NOT_SUPPORTED )
3044 return( status );
3045 #endif /* PSA_CRYPTO_DRIVER_TEST */
3046 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
3047 status = cc3xx_asymmetric_decrypt( attributes,
3048 key_buffer,
3049 key_buffer_size,
3050 alg,
3051 input,
3052 input_length,
3053 salt,
3054 salt_length,
3055 output,
3056 output_size,
3057 output_length );
3058 return( status );
3059 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
3060 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
3061 return( mbedtls_psa_asymmetric_decrypt( attributes,
3062 key_buffer, key_buffer_size, alg,input, input_length,
3063 salt, salt_length, output, output_size,
3064 output_length ) );
3065 /* Add cases for opaque driver here */
3066 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
3067 #if defined(PSA_CRYPTO_DRIVER_TEST)
3068 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
3069 return( mbedtls_test_opaque_asymmetric_decrypt( attributes,
3070 key_buffer, key_buffer_size, alg, input, input_length,
3071 salt, salt_length, output, output_size,
3072 output_length ) );
3073 #endif /* PSA_CRYPTO_DRIVER_TEST */
3074 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
3075
3076 default:
3077 /* Key is declared with a lifetime not known to us */
3078 (void)status;
3079 (void)key_buffer;
3080 (void)key_buffer_size;
3081 (void)alg;
3082 (void)input;
3083 (void)input_length;
3084 (void)salt;
3085 (void)salt_length;
3086 (void)output;
3087 (void)output_size;
3088 (void)output_length;
3089 return( PSA_ERROR_INVALID_ARGUMENT );
3090 }
3091 }
3092
psa_driver_wrapper_key_agreement(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * peer_key,size_t peer_key_length,uint8_t * shared_secret,size_t shared_secret_size,size_t * shared_secret_length)3093 static inline psa_status_t psa_driver_wrapper_key_agreement(
3094 const psa_key_attributes_t *attributes,
3095 const uint8_t *key_buffer,
3096 size_t key_buffer_size,
3097 psa_algorithm_t alg,
3098 const uint8_t *peer_key,
3099 size_t peer_key_length,
3100 uint8_t *shared_secret,
3101 size_t shared_secret_size,
3102 size_t *shared_secret_length
3103 )
3104 {
3105 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
3106 psa_key_location_t location =
3107 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
3108
3109 switch( location )
3110 {
3111 case PSA_KEY_LOCATION_LOCAL_STORAGE:
3112 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
3113 case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
3114 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
3115 /* Key is stored in the slot in export representation, so
3116 * cycle through all known transparent accelerators */
3117 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
3118 #if defined(PSA_CRYPTO_DRIVER_TEST)
3119 status =
3120 mbedtls_test_transparent_key_agreement( attributes,
3121 key_buffer, key_buffer_size, alg, peer_key,
3122 peer_key_length, shared_secret, shared_secret_size,
3123 shared_secret_length );
3124 if( status != PSA_ERROR_NOT_SUPPORTED )
3125 return( status );
3126 #endif /* PSA_CRYPTO_DRIVER_TEST */
3127 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
3128 status = cc3xx_key_agreement( attributes,
3129 key_buffer,
3130 key_buffer_size,
3131 peer_key,
3132 peer_key_length,
3133 shared_secret,
3134 shared_secret_size,
3135 shared_secret_length,
3136 alg );
3137 return( status );
3138 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
3139 #if defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED)
3140 if( PSA_KEY_TYPE_IS_ECC( psa_get_key_type(attributes) ) &&
3141 PSA_ALG_IS_ECDH(alg) &&
3142 PSA_KEY_TYPE_ECC_GET_FAMILY(psa_get_key_type(attributes)) == PSA_ECC_FAMILY_SECP_R1 &&
3143 psa_get_key_bits(attributes) == 256 )
3144 {
3145 status = p256_transparent_key_agreement( attributes,
3146 key_buffer,
3147 key_buffer_size,
3148 alg,
3149 peer_key,
3150 peer_key_length,
3151 shared_secret,
3152 shared_secret_size,
3153 shared_secret_length );
3154 if( status != PSA_ERROR_NOT_SUPPORTED)
3155 return( status );
3156 }
3157 #endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */
3158 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
3159
3160 /* Software Fallback */
3161 status = psa_key_agreement_raw_builtin( attributes,
3162 key_buffer,
3163 key_buffer_size,
3164 alg,
3165 peer_key,
3166 peer_key_length,
3167 shared_secret,
3168 shared_secret_size,
3169 shared_secret_length );
3170 return( status );
3171 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
3172 #if defined(PSA_CRYPTO_DRIVER_TEST)
3173 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
3174 return( mbedtls_test_opaque_key_agreement( attributes,
3175 key_buffer, key_buffer_size, alg, peer_key,
3176 peer_key_length, shared_secret, shared_secret_size,
3177 shared_secret_length ) );
3178 #endif /* PSA_CRYPTO_DRIVER_TEST */
3179 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
3180
3181 default:
3182 (void) attributes;
3183 (void) key_buffer;
3184 (void) key_buffer_size;
3185 (void) peer_key;
3186 (void) peer_key_length;
3187 (void) shared_secret;
3188 (void) shared_secret_size;
3189 (void) shared_secret_length;
3190 return( PSA_ERROR_NOT_SUPPORTED );
3191
3192 }
3193 }
3194
psa_driver_wrapper_pake_setup(psa_pake_operation_t * operation,const psa_crypto_driver_pake_inputs_t * inputs)3195 static inline psa_status_t psa_driver_wrapper_pake_setup(
3196 psa_pake_operation_t *operation,
3197 const psa_crypto_driver_pake_inputs_t *inputs )
3198 {
3199 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
3200
3201 psa_key_location_t location =
3202 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime( &inputs->attributes ) );
3203
3204 switch( location )
3205 {
3206 case PSA_KEY_LOCATION_LOCAL_STORAGE:
3207 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
3208 case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
3209 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
3210 /* Key is stored in the slot in export representation, so
3211 * cycle through all known transparent accelerators */
3212 status = PSA_ERROR_NOT_SUPPORTED;
3213 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
3214 #if defined(PSA_CRYPTO_DRIVER_TEST)
3215 status = mbedtls_test_transparent_pake_setup(
3216 &operation->data.ctx.transparent_test_driver_ctx,
3217 inputs );
3218 if( status == PSA_SUCCESS )
3219 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
3220 /* Declared with fallback == true */
3221 if( status != PSA_ERROR_NOT_SUPPORTED )
3222 return( status );
3223 #endif /* PSA_CRYPTO_DRIVER_TEST */
3224 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
3225 #if defined(MBEDTLS_PSA_BUILTIN_PAKE)
3226 status = mbedtls_psa_pake_setup( &operation->data.ctx.mbedtls_ctx,
3227 inputs );
3228 if( status == PSA_SUCCESS )
3229 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
3230 #endif
3231 return status;
3232 /* Add cases for opaque driver here */
3233 default:
3234 /* Key is declared with a lifetime not known to us */
3235 (void)operation;
3236 return( PSA_ERROR_INVALID_ARGUMENT );
3237 }
3238 }
3239
psa_driver_wrapper_pake_output(psa_pake_operation_t * operation,psa_crypto_driver_pake_step_t step,uint8_t * output,size_t output_size,size_t * output_length)3240 static inline psa_status_t psa_driver_wrapper_pake_output(
3241 psa_pake_operation_t *operation,
3242 psa_crypto_driver_pake_step_t step,
3243 uint8_t *output,
3244 size_t output_size,
3245 size_t *output_length )
3246 {
3247 switch( operation->id )
3248 {
3249 #if defined(MBEDTLS_PSA_BUILTIN_PAKE)
3250 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
3251 return( mbedtls_psa_pake_output( &operation->data.ctx.mbedtls_ctx, step,
3252 output, output_size, output_length ) );
3253 #endif /* MBEDTLS_PSA_BUILTIN_PAKE */
3254
3255 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
3256 #if defined(PSA_CRYPTO_DRIVER_TEST)
3257 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
3258 return( mbedtls_test_transparent_pake_output(
3259 &operation->data.ctx.transparent_test_driver_ctx,
3260 step, output, output_size, output_length ) );
3261 #endif /* PSA_CRYPTO_DRIVER_TEST */
3262 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
3263 default:
3264 (void) step;
3265 (void) output;
3266 (void) output_size;
3267 (void) output_length;
3268 return( PSA_ERROR_INVALID_ARGUMENT );
3269 }
3270 }
3271
psa_driver_wrapper_pake_input(psa_pake_operation_t * operation,psa_crypto_driver_pake_step_t step,const uint8_t * input,size_t input_length)3272 static inline psa_status_t psa_driver_wrapper_pake_input(
3273 psa_pake_operation_t *operation,
3274 psa_crypto_driver_pake_step_t step,
3275 const uint8_t *input,
3276 size_t input_length )
3277 {
3278 switch( operation->id )
3279 {
3280 #if defined(MBEDTLS_PSA_BUILTIN_PAKE)
3281 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
3282 return( mbedtls_psa_pake_input( &operation->data.ctx.mbedtls_ctx,
3283 step, input,
3284 input_length ) );
3285 #endif /* MBEDTLS_PSA_BUILTIN_PAKE */
3286
3287 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
3288 #if defined(PSA_CRYPTO_DRIVER_TEST)
3289 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
3290 return( mbedtls_test_transparent_pake_input(
3291 &operation->data.ctx.transparent_test_driver_ctx,
3292 step,
3293 input, input_length ) );
3294 #endif /* PSA_CRYPTO_DRIVER_TEST */
3295 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
3296 default:
3297 (void) step;
3298 (void) input;
3299 (void) input_length;
3300 return( PSA_ERROR_INVALID_ARGUMENT );
3301 }
3302 }
3303
psa_driver_wrapper_pake_get_implicit_key(psa_pake_operation_t * operation,uint8_t * output,size_t output_size,size_t * output_length)3304 static inline psa_status_t psa_driver_wrapper_pake_get_implicit_key(
3305 psa_pake_operation_t *operation,
3306 uint8_t *output, size_t output_size,
3307 size_t *output_length )
3308 {
3309 switch( operation->id )
3310 {
3311 #if defined(MBEDTLS_PSA_BUILTIN_PAKE)
3312 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
3313 return( mbedtls_psa_pake_get_implicit_key( &operation->data.ctx.mbedtls_ctx,
3314 output, output_size, output_length ) );
3315 #endif /* MBEDTLS_PSA_BUILTIN_PAKE */
3316
3317 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
3318 #if defined(PSA_CRYPTO_DRIVER_TEST)
3319 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
3320 return( mbedtls_test_transparent_pake_get_implicit_key(
3321 &operation->data.ctx.transparent_test_driver_ctx,
3322 output, output_size, output_length ) );
3323 #endif /* PSA_CRYPTO_DRIVER_TEST */
3324 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
3325 default:
3326 (void) output;
3327 (void) output_size;
3328 (void) output_length;
3329 return( PSA_ERROR_INVALID_ARGUMENT );
3330 }
3331 }
3332
psa_driver_wrapper_pake_abort(psa_pake_operation_t * operation)3333 static inline psa_status_t psa_driver_wrapper_pake_abort(
3334 psa_pake_operation_t * operation )
3335 {
3336 switch( operation->id )
3337 {
3338 #if defined(MBEDTLS_PSA_BUILTIN_PAKE)
3339 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
3340 return( mbedtls_psa_pake_abort( &operation->data.ctx.mbedtls_ctx ) );
3341 #endif /* MBEDTLS_PSA_BUILTIN_PAKE */
3342
3343 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
3344 #if defined(PSA_CRYPTO_DRIVER_TEST)
3345 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
3346 return( mbedtls_test_transparent_pake_abort(
3347 &operation->data.ctx.transparent_test_driver_ctx ) );
3348 #endif /* PSA_CRYPTO_DRIVER_TEST */
3349 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
3350 default:
3351 return( PSA_ERROR_INVALID_ARGUMENT );
3352 }
3353 }
3354
3355 #endif /* MBEDTLS_PSA_CRYPTO_C */
3356