1 /*
2 * Functions to delegate cryptographic operations to an available
3 * and appropriate accelerator.
4 * Warning: This file will be auto-generated in the future.
5 */
6 /* Copyright The Mbed TLS Contributors
7 * SPDX-License-Identifier: Apache-2.0
8 *
9 * Licensed under the Apache License, Version 2.0 (the "License"); you may
10 * not use this file except in compliance with the License.
11 * You may obtain a copy of the License at
12 *
13 * http://www.apache.org/licenses/LICENSE-2.0
14 *
15 * Unless required by applicable law or agreed to in writing, software
16 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
17 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18 * See the License for the specific language governing permissions and
19 * limitations under the License.
20 */
21
22 #include "psa_crypto_aead.h"
23 #include "psa_crypto_cipher.h"
24 #include "psa_crypto_core.h"
25 #include "psa_crypto_driver_wrappers.h"
26 #include "psa_crypto_hash.h"
27 #include "psa_crypto_mac.h"
28
29 #include "mbedtls/platform.h"
30
31 #if defined(MBEDTLS_PSA_CRYPTO_C)
32
33 #if defined(MBEDTLS_PSA_CRYPTO_DRIVERS)
34
35 /* Include test driver definition when running tests */
36 #if defined(PSA_CRYPTO_DRIVER_TEST)
37 #ifndef PSA_CRYPTO_DRIVER_PRESENT
38 #define PSA_CRYPTO_DRIVER_PRESENT
39 #endif
40 #ifndef PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT
41 #define PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT
42 #endif
43 #include "test/drivers/test_driver.h"
44 #endif /* PSA_CRYPTO_DRIVER_TEST */
45
46 /* Repeat above block for each JSON-declared driver during autogeneration */
47 #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS */
48
49 /* Auto-generated values depending on which drivers are registered.
50 * ID 0 is reserved for unallocated operations.
51 * ID 1 is reserved for the Mbed TLS software driver. */
52 #define PSA_CRYPTO_MBED_TLS_DRIVER_ID (1)
53
54 #if defined(PSA_CRYPTO_DRIVER_TEST)
55 #define PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID (2)
56 #define PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID (3)
57 #endif /* PSA_CRYPTO_DRIVER_TEST */
58
59 /* Support the 'old' SE interface when asked to */
60 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
61 /* PSA_CRYPTO_DRIVER_PRESENT is defined when either a new-style or old-style
62 * SE driver is present, to avoid unused argument errors at compile time. */
63 #ifndef PSA_CRYPTO_DRIVER_PRESENT
64 #define PSA_CRYPTO_DRIVER_PRESENT
65 #endif
66 #include "psa_crypto_se.h"
67 #endif
68
psa_driver_wrapper_init(void)69 psa_status_t psa_driver_wrapper_init( void )
70 {
71 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
72
73 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
74 status = psa_init_all_se_drivers( );
75 if( status != PSA_SUCCESS )
76 return( status );
77 #endif
78
79 #if defined(PSA_CRYPTO_DRIVER_TEST)
80 status = mbedtls_test_transparent_init( );
81 if( status != PSA_SUCCESS )
82 return( status );
83
84 status = mbedtls_test_opaque_init( );
85 if( status != PSA_SUCCESS )
86 return( status );
87 #endif
88
89 (void) status;
90 return( PSA_SUCCESS );
91 }
92
psa_driver_wrapper_free(void)93 void psa_driver_wrapper_free( void )
94 {
95 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
96 /* Unregister all secure element drivers, so that we restart from
97 * a pristine state. */
98 psa_unregister_all_se_drivers( );
99 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
100
101 #if defined(PSA_CRYPTO_DRIVER_TEST)
102 mbedtls_test_transparent_free( );
103 mbedtls_test_opaque_free( );
104 #endif
105 }
106
107 /* Start delegation functions */
psa_driver_wrapper_sign_message(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * input,size_t input_length,uint8_t * signature,size_t signature_size,size_t * signature_length)108 psa_status_t psa_driver_wrapper_sign_message(
109 const psa_key_attributes_t *attributes,
110 const uint8_t *key_buffer,
111 size_t key_buffer_size,
112 psa_algorithm_t alg,
113 const uint8_t *input,
114 size_t input_length,
115 uint8_t *signature,
116 size_t signature_size,
117 size_t *signature_length )
118 {
119 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
120 psa_key_location_t location =
121 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
122
123 switch( location )
124 {
125 case PSA_KEY_LOCATION_LOCAL_STORAGE:
126 /* Key is stored in the slot in export representation, so
127 * cycle through all known transparent accelerators */
128 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
129 #if defined(PSA_CRYPTO_DRIVER_TEST)
130 status = mbedtls_test_transparent_signature_sign_message(
131 attributes,
132 key_buffer,
133 key_buffer_size,
134 alg,
135 input,
136 input_length,
137 signature,
138 signature_size,
139 signature_length );
140 /* Declared with fallback == true */
141 if( status != PSA_ERROR_NOT_SUPPORTED )
142 return( status );
143 #endif /* PSA_CRYPTO_DRIVER_TEST */
144 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
145 break;
146
147 /* Add cases for opaque driver here */
148 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
149 #if defined(PSA_CRYPTO_DRIVER_TEST)
150 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
151 status = mbedtls_test_opaque_signature_sign_message(
152 attributes,
153 key_buffer,
154 key_buffer_size,
155 alg,
156 input,
157 input_length,
158 signature,
159 signature_size,
160 signature_length );
161 if( status != PSA_ERROR_NOT_SUPPORTED )
162 return( status );
163 break;
164 #endif /* PSA_CRYPTO_DRIVER_TEST */
165 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
166 default:
167 /* Key is declared with a lifetime not known to us */
168 (void)status;
169 break;
170 }
171
172 return( psa_sign_message_builtin( attributes,
173 key_buffer,
174 key_buffer_size,
175 alg,
176 input,
177 input_length,
178 signature,
179 signature_size,
180 signature_length ) );
181 }
182
psa_driver_wrapper_verify_message(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * input,size_t input_length,const uint8_t * signature,size_t signature_length)183 psa_status_t psa_driver_wrapper_verify_message(
184 const psa_key_attributes_t *attributes,
185 const uint8_t *key_buffer,
186 size_t key_buffer_size,
187 psa_algorithm_t alg,
188 const uint8_t *input,
189 size_t input_length,
190 const uint8_t *signature,
191 size_t signature_length )
192 {
193 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
194 psa_key_location_t location =
195 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
196
197 switch( location )
198 {
199 case PSA_KEY_LOCATION_LOCAL_STORAGE:
200 /* Key is stored in the slot in export representation, so
201 * cycle through all known transparent accelerators */
202 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
203 #if defined(PSA_CRYPTO_DRIVER_TEST)
204 status = mbedtls_test_transparent_signature_verify_message(
205 attributes,
206 key_buffer,
207 key_buffer_size,
208 alg,
209 input,
210 input_length,
211 signature,
212 signature_length );
213 /* Declared with fallback == true */
214 if( status != PSA_ERROR_NOT_SUPPORTED )
215 return( status );
216 #endif /* PSA_CRYPTO_DRIVER_TEST */
217 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
218 break;
219
220 /* Add cases for opaque driver here */
221 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
222 #if defined(PSA_CRYPTO_DRIVER_TEST)
223 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
224 return( mbedtls_test_opaque_signature_verify_message(
225 attributes,
226 key_buffer,
227 key_buffer_size,
228 alg,
229 input,
230 input_length,
231 signature,
232 signature_length ) );
233 if( status != PSA_ERROR_NOT_SUPPORTED )
234 return( status );
235 break;
236 #endif /* PSA_CRYPTO_DRIVER_TEST */
237 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
238 default:
239 /* Key is declared with a lifetime not known to us */
240 (void)status;
241 break;
242 }
243
244 return( psa_verify_message_builtin( attributes,
245 key_buffer,
246 key_buffer_size,
247 alg,
248 input,
249 input_length,
250 signature,
251 signature_length ) );
252 }
253
psa_driver_wrapper_sign_hash(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * hash,size_t hash_length,uint8_t * signature,size_t signature_size,size_t * signature_length)254 psa_status_t psa_driver_wrapper_sign_hash(
255 const psa_key_attributes_t *attributes,
256 const uint8_t *key_buffer, size_t key_buffer_size,
257 psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
258 uint8_t *signature, size_t signature_size, size_t *signature_length )
259 {
260 /* Try dynamically-registered SE interface first */
261 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
262 const psa_drv_se_t *drv;
263 psa_drv_se_context_t *drv_context;
264
265 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
266 {
267 if( drv->asymmetric == NULL ||
268 drv->asymmetric->p_sign == NULL )
269 {
270 /* Key is defined in SE, but we have no way to exercise it */
271 return( PSA_ERROR_NOT_SUPPORTED );
272 }
273 return( drv->asymmetric->p_sign(
274 drv_context, *( (psa_key_slot_number_t *)key_buffer ),
275 alg, hash, hash_length,
276 signature, signature_size, signature_length ) );
277 }
278 #endif /* PSA_CRYPTO_SE_C */
279
280 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
281 psa_key_location_t location =
282 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
283
284 switch( location )
285 {
286 case PSA_KEY_LOCATION_LOCAL_STORAGE:
287 /* Key is stored in the slot in export representation, so
288 * cycle through all known transparent accelerators */
289 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
290 #if defined(PSA_CRYPTO_DRIVER_TEST)
291 status = mbedtls_test_transparent_signature_sign_hash( attributes,
292 key_buffer,
293 key_buffer_size,
294 alg,
295 hash,
296 hash_length,
297 signature,
298 signature_size,
299 signature_length );
300 /* Declared with fallback == true */
301 if( status != PSA_ERROR_NOT_SUPPORTED )
302 return( status );
303 #endif /* PSA_CRYPTO_DRIVER_TEST */
304 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
305 /* Fell through, meaning no accelerator supports this operation */
306 return( psa_sign_hash_builtin( attributes,
307 key_buffer,
308 key_buffer_size,
309 alg,
310 hash,
311 hash_length,
312 signature,
313 signature_size,
314 signature_length ) );
315
316 /* Add cases for opaque driver here */
317 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
318 #if defined(PSA_CRYPTO_DRIVER_TEST)
319 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
320 return( mbedtls_test_opaque_signature_sign_hash( attributes,
321 key_buffer,
322 key_buffer_size,
323 alg,
324 hash,
325 hash_length,
326 signature,
327 signature_size,
328 signature_length ) );
329 #endif /* PSA_CRYPTO_DRIVER_TEST */
330 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
331 default:
332 /* Key is declared with a lifetime not known to us */
333 (void)status;
334 return( PSA_ERROR_INVALID_ARGUMENT );
335 }
336 }
337
psa_driver_wrapper_verify_hash(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * hash,size_t hash_length,const uint8_t * signature,size_t signature_length)338 psa_status_t psa_driver_wrapper_verify_hash(
339 const psa_key_attributes_t *attributes,
340 const uint8_t *key_buffer, size_t key_buffer_size,
341 psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
342 const uint8_t *signature, size_t signature_length )
343 {
344 /* Try dynamically-registered SE interface first */
345 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
346 const psa_drv_se_t *drv;
347 psa_drv_se_context_t *drv_context;
348
349 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
350 {
351 if( drv->asymmetric == NULL ||
352 drv->asymmetric->p_verify == NULL )
353 {
354 /* Key is defined in SE, but we have no way to exercise it */
355 return( PSA_ERROR_NOT_SUPPORTED );
356 }
357 return( drv->asymmetric->p_verify(
358 drv_context, *( (psa_key_slot_number_t *)key_buffer ),
359 alg, hash, hash_length,
360 signature, signature_length ) );
361 }
362 #endif /* PSA_CRYPTO_SE_C */
363
364 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
365 psa_key_location_t location =
366 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
367
368 switch( location )
369 {
370 case PSA_KEY_LOCATION_LOCAL_STORAGE:
371 /* Key is stored in the slot in export representation, so
372 * cycle through all known transparent accelerators */
373 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
374 #if defined(PSA_CRYPTO_DRIVER_TEST)
375 status = mbedtls_test_transparent_signature_verify_hash(
376 attributes,
377 key_buffer,
378 key_buffer_size,
379 alg,
380 hash,
381 hash_length,
382 signature,
383 signature_length );
384 /* Declared with fallback == true */
385 if( status != PSA_ERROR_NOT_SUPPORTED )
386 return( status );
387 #endif /* PSA_CRYPTO_DRIVER_TEST */
388 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
389
390 return( psa_verify_hash_builtin( attributes,
391 key_buffer,
392 key_buffer_size,
393 alg,
394 hash,
395 hash_length,
396 signature,
397 signature_length ) );
398
399 /* Add cases for opaque driver here */
400 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
401 #if defined(PSA_CRYPTO_DRIVER_TEST)
402 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
403 return( mbedtls_test_opaque_signature_verify_hash( attributes,
404 key_buffer,
405 key_buffer_size,
406 alg,
407 hash,
408 hash_length,
409 signature,
410 signature_length ) );
411 #endif /* PSA_CRYPTO_DRIVER_TEST */
412 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
413 default:
414 /* Key is declared with a lifetime not known to us */
415 (void)status;
416 return( PSA_ERROR_INVALID_ARGUMENT );
417 }
418 }
419
420 /** Get the key buffer size required to store the key material of a key
421 * associated with an opaque driver without storage.
422 *
423 * \param[in] attributes The key attributes.
424 * \param[out] key_buffer_size Minimum buffer size to contain the key material
425 *
426 * \retval #PSA_SUCCESS
427 * The minimum size for a buffer to contain the key material has been
428 * returned successfully.
429 * \retval #PSA_ERROR_INVALID_ARGUMENT
430 * The size in bits of the key is not valid.
431 * \retval #PSA_ERROR_NOT_SUPPORTED
432 * The type and/or the size in bits of the key or the combination of
433 * the two is not supported.
434 */
psa_driver_wrapper_get_key_buffer_size(const psa_key_attributes_t * attributes,size_t * key_buffer_size)435 psa_status_t psa_driver_wrapper_get_key_buffer_size(
436 const psa_key_attributes_t *attributes,
437 size_t *key_buffer_size )
438 {
439 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
440 psa_key_type_t key_type = attributes->core.type;
441 size_t key_bits = attributes->core.bits;
442
443 *key_buffer_size = 0;
444 switch( location )
445 {
446 #if defined(PSA_CRYPTO_DRIVER_TEST)
447 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
448 #if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
449 /* Emulate property 'builtin_key_size' */
450 if( psa_key_id_is_builtin(
451 MBEDTLS_SVC_KEY_ID_GET_KEY_ID(
452 psa_get_key_id( attributes ) ) ) )
453 {
454 *key_buffer_size = sizeof( psa_drv_slot_number_t );
455 return( PSA_SUCCESS );
456 }
457 #endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
458 *key_buffer_size = mbedtls_test_size_function( key_type, key_bits );
459 return( ( *key_buffer_size != 0 ) ?
460 PSA_SUCCESS : PSA_ERROR_NOT_SUPPORTED );
461 #endif /* PSA_CRYPTO_DRIVER_TEST */
462
463 default:
464 (void)key_type;
465 (void)key_bits;
466 return( PSA_ERROR_NOT_SUPPORTED );
467 }
468 }
469
psa_driver_wrapper_generate_key(const psa_key_attributes_t * attributes,uint8_t * key_buffer,size_t key_buffer_size,size_t * key_buffer_length)470 psa_status_t psa_driver_wrapper_generate_key(
471 const psa_key_attributes_t *attributes,
472 uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
473 {
474 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
475 psa_key_location_t location =
476 PSA_KEY_LIFETIME_GET_LOCATION(attributes->core.lifetime);
477
478 /* Try dynamically-registered SE interface first */
479 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
480 const psa_drv_se_t *drv;
481 psa_drv_se_context_t *drv_context;
482
483 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
484 {
485 size_t pubkey_length = 0; /* We don't support this feature yet */
486 if( drv->key_management == NULL ||
487 drv->key_management->p_generate == NULL )
488 {
489 /* Key is defined as being in SE, but we have no way to generate it */
490 return( PSA_ERROR_NOT_SUPPORTED );
491 }
492 return( drv->key_management->p_generate(
493 drv_context,
494 *( (psa_key_slot_number_t *)key_buffer ),
495 attributes, NULL, 0, &pubkey_length ) );
496 }
497 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
498
499 switch( location )
500 {
501 case PSA_KEY_LOCATION_LOCAL_STORAGE:
502 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
503 /* Transparent drivers are limited to generating asymmetric keys */
504 if( PSA_KEY_TYPE_IS_ASYMMETRIC( attributes->core.type ) )
505 {
506 /* Cycle through all known transparent accelerators */
507 #if defined(PSA_CRYPTO_DRIVER_TEST)
508 status = mbedtls_test_transparent_generate_key(
509 attributes, key_buffer, key_buffer_size,
510 key_buffer_length );
511 /* Declared with fallback == true */
512 if( status != PSA_ERROR_NOT_SUPPORTED )
513 break;
514 #endif /* PSA_CRYPTO_DRIVER_TEST */
515 }
516 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
517
518 /* Software fallback */
519 status = psa_generate_key_internal(
520 attributes, key_buffer, key_buffer_size, key_buffer_length );
521 break;
522
523 /* Add cases for opaque driver here */
524 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
525 #if defined(PSA_CRYPTO_DRIVER_TEST)
526 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
527 status = mbedtls_test_opaque_generate_key(
528 attributes, key_buffer, key_buffer_size, key_buffer_length );
529 break;
530 #endif /* PSA_CRYPTO_DRIVER_TEST */
531 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
532
533 default:
534 /* Key is declared with a lifetime not known to us */
535 status = PSA_ERROR_INVALID_ARGUMENT;
536 break;
537 }
538
539 return( status );
540 }
541
psa_driver_wrapper_import_key(const psa_key_attributes_t * attributes,const uint8_t * data,size_t data_length,uint8_t * key_buffer,size_t key_buffer_size,size_t * key_buffer_length,size_t * bits)542 psa_status_t psa_driver_wrapper_import_key(
543 const psa_key_attributes_t *attributes,
544 const uint8_t *data,
545 size_t data_length,
546 uint8_t *key_buffer,
547 size_t key_buffer_size,
548 size_t *key_buffer_length,
549 size_t *bits )
550 {
551 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
552 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
553 psa_get_key_lifetime( attributes ) );
554
555 /* Try dynamically-registered SE interface first */
556 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
557 const psa_drv_se_t *drv;
558 psa_drv_se_context_t *drv_context;
559
560 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
561 {
562 if( drv->key_management == NULL ||
563 drv->key_management->p_import == NULL )
564 return( PSA_ERROR_NOT_SUPPORTED );
565
566 /* The driver should set the number of key bits, however in
567 * case it doesn't, we initialize bits to an invalid value. */
568 *bits = PSA_MAX_KEY_BITS + 1;
569 status = drv->key_management->p_import(
570 drv_context,
571 *( (psa_key_slot_number_t *)key_buffer ),
572 attributes, data, data_length, bits );
573
574 if( status != PSA_SUCCESS )
575 return( status );
576
577 if( (*bits) > PSA_MAX_KEY_BITS )
578 return( PSA_ERROR_NOT_SUPPORTED );
579
580 return( PSA_SUCCESS );
581 }
582 #endif /* PSA_CRYPTO_SE_C */
583
584 switch( location )
585 {
586 case PSA_KEY_LOCATION_LOCAL_STORAGE:
587 /* Key is stored in the slot in export representation, so
588 * cycle through all known transparent accelerators */
589 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
590 #if defined(PSA_CRYPTO_DRIVER_TEST)
591 status = mbedtls_test_transparent_import_key(
592 attributes,
593 data, data_length,
594 key_buffer, key_buffer_size,
595 key_buffer_length, bits );
596 /* Declared with fallback == true */
597 if( status != PSA_ERROR_NOT_SUPPORTED )
598 return( status );
599 #endif /* PSA_CRYPTO_DRIVER_TEST */
600 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
601 /* Fell through, meaning no accelerator supports this operation */
602 return( psa_import_key_into_slot( attributes,
603 data, data_length,
604 key_buffer, key_buffer_size,
605 key_buffer_length, bits ) );
606
607 default:
608 /* Importing a key with external storage in not yet supported.
609 * Return in error indicating that the lifetime is not valid. */
610 (void)status;
611 return( PSA_ERROR_INVALID_ARGUMENT );
612 }
613
614 }
615
psa_driver_wrapper_export_key(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,uint8_t * data,size_t data_size,size_t * data_length)616 psa_status_t psa_driver_wrapper_export_key(
617 const psa_key_attributes_t *attributes,
618 const uint8_t *key_buffer, size_t key_buffer_size,
619 uint8_t *data, size_t data_size, size_t *data_length )
620
621 {
622 psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
623 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
624 psa_get_key_lifetime( attributes ) );
625
626 /* Try dynamically-registered SE interface first */
627 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
628 const psa_drv_se_t *drv;
629 psa_drv_se_context_t *drv_context;
630
631 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
632 {
633 if( ( drv->key_management == NULL ) ||
634 ( drv->key_management->p_export == NULL ) )
635 {
636 return( PSA_ERROR_NOT_SUPPORTED );
637 }
638
639 return( drv->key_management->p_export(
640 drv_context,
641 *( (psa_key_slot_number_t *)key_buffer ),
642 data, data_size, data_length ) );
643 }
644 #endif /* PSA_CRYPTO_SE_C */
645
646 switch( location )
647 {
648 case PSA_KEY_LOCATION_LOCAL_STORAGE:
649 return( psa_export_key_internal( attributes,
650 key_buffer,
651 key_buffer_size,
652 data,
653 data_size,
654 data_length ) );
655
656 /* Add cases for opaque driver here */
657 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
658 #if defined(PSA_CRYPTO_DRIVER_TEST)
659 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
660 return( mbedtls_test_opaque_export_key( attributes,
661 key_buffer,
662 key_buffer_size,
663 data,
664 data_size,
665 data_length ) );
666 #endif /* PSA_CRYPTO_DRIVER_TEST */
667 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
668 default:
669 /* Key is declared with a lifetime not known to us */
670 return( status );
671 }
672 }
673
psa_driver_wrapper_export_public_key(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,uint8_t * data,size_t data_size,size_t * data_length)674 psa_status_t psa_driver_wrapper_export_public_key(
675 const psa_key_attributes_t *attributes,
676 const uint8_t *key_buffer, size_t key_buffer_size,
677 uint8_t *data, size_t data_size, size_t *data_length )
678
679 {
680 psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
681 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
682 psa_get_key_lifetime( attributes ) );
683
684 /* Try dynamically-registered SE interface first */
685 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
686 const psa_drv_se_t *drv;
687 psa_drv_se_context_t *drv_context;
688
689 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
690 {
691 if( ( drv->key_management == NULL ) ||
692 ( drv->key_management->p_export_public == NULL ) )
693 {
694 return( PSA_ERROR_NOT_SUPPORTED );
695 }
696
697 return( drv->key_management->p_export_public(
698 drv_context,
699 *( (psa_key_slot_number_t *)key_buffer ),
700 data, data_size, data_length ) );
701 }
702 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
703
704 switch( location )
705 {
706 case PSA_KEY_LOCATION_LOCAL_STORAGE:
707 /* Key is stored in the slot in export representation, so
708 * cycle through all known transparent accelerators */
709 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
710 #if defined(PSA_CRYPTO_DRIVER_TEST)
711 status = mbedtls_test_transparent_export_public_key(
712 attributes,
713 key_buffer,
714 key_buffer_size,
715 data,
716 data_size,
717 data_length );
718 /* Declared with fallback == true */
719 if( status != PSA_ERROR_NOT_SUPPORTED )
720 return( status );
721 #endif /* PSA_CRYPTO_DRIVER_TEST */
722 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
723 /* Fell through, meaning no accelerator supports this operation */
724 return( psa_export_public_key_internal( attributes,
725 key_buffer,
726 key_buffer_size,
727 data,
728 data_size,
729 data_length ) );
730
731 /* Add cases for opaque driver here */
732 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
733 #if defined(PSA_CRYPTO_DRIVER_TEST)
734 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
735 return( mbedtls_test_opaque_export_public_key( attributes,
736 key_buffer,
737 key_buffer_size,
738 data,
739 data_size,
740 data_length ) );
741 #endif /* PSA_CRYPTO_DRIVER_TEST */
742 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
743 default:
744 /* Key is declared with a lifetime not known to us */
745 return( status );
746 }
747 }
748
psa_driver_wrapper_get_builtin_key(psa_drv_slot_number_t slot_number,psa_key_attributes_t * attributes,uint8_t * key_buffer,size_t key_buffer_size,size_t * key_buffer_length)749 psa_status_t psa_driver_wrapper_get_builtin_key(
750 psa_drv_slot_number_t slot_number,
751 psa_key_attributes_t *attributes,
752 uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
753 {
754 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
755 switch( location )
756 {
757 #if defined(PSA_CRYPTO_DRIVER_TEST)
758 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
759 return( mbedtls_test_opaque_get_builtin_key(
760 slot_number,
761 attributes,
762 key_buffer, key_buffer_size, key_buffer_length ) );
763 #endif /* PSA_CRYPTO_DRIVER_TEST */
764 default:
765 (void) slot_number;
766 (void) key_buffer;
767 (void) key_buffer_size;
768 (void) key_buffer_length;
769 return( PSA_ERROR_DOES_NOT_EXIST );
770 }
771 }
772
773 /*
774 * Cipher functions
775 */
psa_driver_wrapper_cipher_encrypt(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * iv,size_t iv_length,const uint8_t * input,size_t input_length,uint8_t * output,size_t output_size,size_t * output_length)776 psa_status_t psa_driver_wrapper_cipher_encrypt(
777 const psa_key_attributes_t *attributes,
778 const uint8_t *key_buffer,
779 size_t key_buffer_size,
780 psa_algorithm_t alg,
781 const uint8_t *iv,
782 size_t iv_length,
783 const uint8_t *input,
784 size_t input_length,
785 uint8_t *output,
786 size_t output_size,
787 size_t *output_length )
788 {
789 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
790 psa_key_location_t location =
791 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
792
793 switch( location )
794 {
795 case PSA_KEY_LOCATION_LOCAL_STORAGE:
796 /* Key is stored in the slot in export representation, so
797 * cycle through all known transparent accelerators */
798 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
799 #if defined(PSA_CRYPTO_DRIVER_TEST)
800 status = mbedtls_test_transparent_cipher_encrypt( attributes,
801 key_buffer,
802 key_buffer_size,
803 alg,
804 iv,
805 iv_length,
806 input,
807 input_length,
808 output,
809 output_size,
810 output_length );
811 /* Declared with fallback == true */
812 if( status != PSA_ERROR_NOT_SUPPORTED )
813 return( status );
814 #endif /* PSA_CRYPTO_DRIVER_TEST */
815 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
816
817 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
818 return( mbedtls_psa_cipher_encrypt( attributes,
819 key_buffer,
820 key_buffer_size,
821 alg,
822 iv,
823 iv_length,
824 input,
825 input_length,
826 output,
827 output_size,
828 output_length ) );
829 #else
830 return( PSA_ERROR_NOT_SUPPORTED );
831 #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
832
833 /* Add cases for opaque driver here */
834 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
835 #if defined(PSA_CRYPTO_DRIVER_TEST)
836 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
837 return( mbedtls_test_opaque_cipher_encrypt( attributes,
838 key_buffer,
839 key_buffer_size,
840 alg,
841 iv,
842 iv_length,
843 input,
844 input_length,
845 output,
846 output_size,
847 output_length ) );
848 #endif /* PSA_CRYPTO_DRIVER_TEST */
849 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
850
851 default:
852 /* Key is declared with a lifetime not known to us */
853 (void)status;
854 (void)key_buffer;
855 (void)key_buffer_size;
856 (void)alg;
857 (void)input;
858 (void)input_length;
859 (void)output;
860 (void)output_size;
861 (void)output_length;
862 return( PSA_ERROR_INVALID_ARGUMENT );
863 }
864 }
865
psa_driver_wrapper_cipher_decrypt(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * input,size_t input_length,uint8_t * output,size_t output_size,size_t * output_length)866 psa_status_t psa_driver_wrapper_cipher_decrypt(
867 const psa_key_attributes_t *attributes,
868 const uint8_t *key_buffer,
869 size_t key_buffer_size,
870 psa_algorithm_t alg,
871 const uint8_t *input,
872 size_t input_length,
873 uint8_t *output,
874 size_t output_size,
875 size_t *output_length )
876 {
877 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
878 psa_key_location_t location =
879 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
880
881 switch( location )
882 {
883 case PSA_KEY_LOCATION_LOCAL_STORAGE:
884 /* Key is stored in the slot in export representation, so
885 * cycle through all known transparent accelerators */
886 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
887 #if defined(PSA_CRYPTO_DRIVER_TEST)
888 status = mbedtls_test_transparent_cipher_decrypt( attributes,
889 key_buffer,
890 key_buffer_size,
891 alg,
892 input,
893 input_length,
894 output,
895 output_size,
896 output_length );
897 /* Declared with fallback == true */
898 if( status != PSA_ERROR_NOT_SUPPORTED )
899 return( status );
900 #endif /* PSA_CRYPTO_DRIVER_TEST */
901 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
902
903 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
904 return( mbedtls_psa_cipher_decrypt( attributes,
905 key_buffer,
906 key_buffer_size,
907 alg,
908 input,
909 input_length,
910 output,
911 output_size,
912 output_length ) );
913 #else
914 return( PSA_ERROR_NOT_SUPPORTED );
915 #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
916
917 /* Add cases for opaque driver here */
918 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
919 #if defined(PSA_CRYPTO_DRIVER_TEST)
920 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
921 return( mbedtls_test_opaque_cipher_decrypt( attributes,
922 key_buffer,
923 key_buffer_size,
924 alg,
925 input,
926 input_length,
927 output,
928 output_size,
929 output_length ) );
930 #endif /* PSA_CRYPTO_DRIVER_TEST */
931 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
932
933 default:
934 /* Key is declared with a lifetime not known to us */
935 (void)status;
936 (void)key_buffer;
937 (void)key_buffer_size;
938 (void)alg;
939 (void)input;
940 (void)input_length;
941 (void)output;
942 (void)output_size;
943 (void)output_length;
944 return( PSA_ERROR_INVALID_ARGUMENT );
945 }
946 }
947
psa_driver_wrapper_cipher_encrypt_setup(psa_cipher_operation_t * operation,const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg)948 psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
949 psa_cipher_operation_t *operation,
950 const psa_key_attributes_t *attributes,
951 const uint8_t *key_buffer, size_t key_buffer_size,
952 psa_algorithm_t alg )
953 {
954 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
955 psa_key_location_t location =
956 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
957
958 switch( location )
959 {
960 case PSA_KEY_LOCATION_LOCAL_STORAGE:
961 /* Key is stored in the slot in export representation, so
962 * cycle through all known transparent accelerators */
963 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
964 #if defined(PSA_CRYPTO_DRIVER_TEST)
965 status = mbedtls_test_transparent_cipher_encrypt_setup(
966 &operation->ctx.transparent_test_driver_ctx,
967 attributes,
968 key_buffer,
969 key_buffer_size,
970 alg );
971 /* Declared with fallback == true */
972 if( status == PSA_SUCCESS )
973 operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
974
975 if( status != PSA_ERROR_NOT_SUPPORTED )
976 return( status );
977 #endif /* PSA_CRYPTO_DRIVER_TEST */
978 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
979 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
980 /* Fell through, meaning no accelerator supports this operation */
981 status = mbedtls_psa_cipher_encrypt_setup( &operation->ctx.mbedtls_ctx,
982 attributes,
983 key_buffer,
984 key_buffer_size,
985 alg );
986 if( status == PSA_SUCCESS )
987 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
988
989 if( status != PSA_ERROR_NOT_SUPPORTED )
990 return( status );
991 #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
992 return( PSA_ERROR_NOT_SUPPORTED );
993
994 /* Add cases for opaque driver here */
995 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
996 #if defined(PSA_CRYPTO_DRIVER_TEST)
997 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
998 status = mbedtls_test_opaque_cipher_encrypt_setup(
999 &operation->ctx.opaque_test_driver_ctx,
1000 attributes,
1001 key_buffer, key_buffer_size,
1002 alg );
1003
1004 if( status == PSA_SUCCESS )
1005 operation->id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID;
1006
1007 return( status );
1008 #endif /* PSA_CRYPTO_DRIVER_TEST */
1009 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1010 default:
1011 /* Key is declared with a lifetime not known to us */
1012 (void)status;
1013 (void)operation;
1014 (void)key_buffer;
1015 (void)key_buffer_size;
1016 (void)alg;
1017 return( PSA_ERROR_INVALID_ARGUMENT );
1018 }
1019 }
1020
psa_driver_wrapper_cipher_decrypt_setup(psa_cipher_operation_t * operation,const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg)1021 psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
1022 psa_cipher_operation_t *operation,
1023 const psa_key_attributes_t *attributes,
1024 const uint8_t *key_buffer, size_t key_buffer_size,
1025 psa_algorithm_t alg )
1026 {
1027 psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
1028 psa_key_location_t location =
1029 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1030
1031 switch( location )
1032 {
1033 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1034 /* Key is stored in the slot in export representation, so
1035 * cycle through all known transparent accelerators */
1036 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1037 #if defined(PSA_CRYPTO_DRIVER_TEST)
1038 status = mbedtls_test_transparent_cipher_decrypt_setup(
1039 &operation->ctx.transparent_test_driver_ctx,
1040 attributes,
1041 key_buffer,
1042 key_buffer_size,
1043 alg );
1044 /* Declared with fallback == true */
1045 if( status == PSA_SUCCESS )
1046 operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
1047
1048 if( status != PSA_ERROR_NOT_SUPPORTED )
1049 return( status );
1050 #endif /* PSA_CRYPTO_DRIVER_TEST */
1051 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1052 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1053 /* Fell through, meaning no accelerator supports this operation */
1054 status = mbedtls_psa_cipher_decrypt_setup( &operation->ctx.mbedtls_ctx,
1055 attributes,
1056 key_buffer,
1057 key_buffer_size,
1058 alg );
1059 if( status == PSA_SUCCESS )
1060 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1061
1062 return( status );
1063 #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1064 return( PSA_ERROR_NOT_SUPPORTED );
1065
1066 /* Add cases for opaque driver here */
1067 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1068 #if defined(PSA_CRYPTO_DRIVER_TEST)
1069 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
1070 status = mbedtls_test_opaque_cipher_decrypt_setup(
1071 &operation->ctx.opaque_test_driver_ctx,
1072 attributes,
1073 key_buffer, key_buffer_size,
1074 alg );
1075
1076 if( status == PSA_SUCCESS )
1077 operation->id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID;
1078
1079 return( status );
1080 #endif /* PSA_CRYPTO_DRIVER_TEST */
1081 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1082 default:
1083 /* Key is declared with a lifetime not known to us */
1084 (void)status;
1085 (void)operation;
1086 (void)key_buffer;
1087 (void)key_buffer_size;
1088 (void)alg;
1089 return( PSA_ERROR_INVALID_ARGUMENT );
1090 }
1091 }
1092
psa_driver_wrapper_cipher_set_iv(psa_cipher_operation_t * operation,const uint8_t * iv,size_t iv_length)1093 psa_status_t psa_driver_wrapper_cipher_set_iv(
1094 psa_cipher_operation_t *operation,
1095 const uint8_t *iv,
1096 size_t iv_length )
1097 {
1098 switch( operation->id )
1099 {
1100 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1101 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1102 return( mbedtls_psa_cipher_set_iv( &operation->ctx.mbedtls_ctx,
1103 iv,
1104 iv_length ) );
1105 #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1106
1107 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1108 #if defined(PSA_CRYPTO_DRIVER_TEST)
1109 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
1110 return( mbedtls_test_transparent_cipher_set_iv(
1111 &operation->ctx.transparent_test_driver_ctx,
1112 iv, iv_length ) );
1113
1114 case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
1115 return( mbedtls_test_opaque_cipher_set_iv(
1116 &operation->ctx.opaque_test_driver_ctx,
1117 iv, iv_length ) );
1118 #endif /* PSA_CRYPTO_DRIVER_TEST */
1119 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1120 }
1121
1122 (void)iv;
1123 (void)iv_length;
1124
1125 return( PSA_ERROR_INVALID_ARGUMENT );
1126 }
1127
psa_driver_wrapper_cipher_update(psa_cipher_operation_t * operation,const uint8_t * input,size_t input_length,uint8_t * output,size_t output_size,size_t * output_length)1128 psa_status_t psa_driver_wrapper_cipher_update(
1129 psa_cipher_operation_t *operation,
1130 const uint8_t *input,
1131 size_t input_length,
1132 uint8_t *output,
1133 size_t output_size,
1134 size_t *output_length )
1135 {
1136 switch( operation->id )
1137 {
1138 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1139 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1140 return( mbedtls_psa_cipher_update( &operation->ctx.mbedtls_ctx,
1141 input,
1142 input_length,
1143 output,
1144 output_size,
1145 output_length ) );
1146 #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1147
1148 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1149 #if defined(PSA_CRYPTO_DRIVER_TEST)
1150 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
1151 return( mbedtls_test_transparent_cipher_update(
1152 &operation->ctx.transparent_test_driver_ctx,
1153 input, input_length,
1154 output, output_size, output_length ) );
1155
1156 case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
1157 return( mbedtls_test_opaque_cipher_update(
1158 &operation->ctx.opaque_test_driver_ctx,
1159 input, input_length,
1160 output, output_size, output_length ) );
1161 #endif /* PSA_CRYPTO_DRIVER_TEST */
1162 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1163 }
1164
1165 (void)input;
1166 (void)input_length;
1167 (void)output;
1168 (void)output_size;
1169 (void)output_length;
1170
1171 return( PSA_ERROR_INVALID_ARGUMENT );
1172 }
1173
psa_driver_wrapper_cipher_finish(psa_cipher_operation_t * operation,uint8_t * output,size_t output_size,size_t * output_length)1174 psa_status_t psa_driver_wrapper_cipher_finish(
1175 psa_cipher_operation_t *operation,
1176 uint8_t *output,
1177 size_t output_size,
1178 size_t *output_length )
1179 {
1180 switch( operation->id )
1181 {
1182 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1183 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1184 return( mbedtls_psa_cipher_finish( &operation->ctx.mbedtls_ctx,
1185 output,
1186 output_size,
1187 output_length ) );
1188 #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1189
1190 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1191 #if defined(PSA_CRYPTO_DRIVER_TEST)
1192 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
1193 return( mbedtls_test_transparent_cipher_finish(
1194 &operation->ctx.transparent_test_driver_ctx,
1195 output, output_size, output_length ) );
1196
1197 case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
1198 return( mbedtls_test_opaque_cipher_finish(
1199 &operation->ctx.opaque_test_driver_ctx,
1200 output, output_size, output_length ) );
1201 #endif /* PSA_CRYPTO_DRIVER_TEST */
1202 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1203 }
1204
1205 (void)output;
1206 (void)output_size;
1207 (void)output_length;
1208
1209 return( PSA_ERROR_INVALID_ARGUMENT );
1210 }
1211
psa_driver_wrapper_cipher_abort(psa_cipher_operation_t * operation)1212 psa_status_t psa_driver_wrapper_cipher_abort(
1213 psa_cipher_operation_t *operation )
1214 {
1215 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1216
1217 switch( operation->id )
1218 {
1219 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1220 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1221 return( mbedtls_psa_cipher_abort( &operation->ctx.mbedtls_ctx ) );
1222 #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1223
1224 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1225 #if defined(PSA_CRYPTO_DRIVER_TEST)
1226 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
1227 status = mbedtls_test_transparent_cipher_abort(
1228 &operation->ctx.transparent_test_driver_ctx );
1229 mbedtls_platform_zeroize(
1230 &operation->ctx.transparent_test_driver_ctx,
1231 sizeof( operation->ctx.transparent_test_driver_ctx ) );
1232 return( status );
1233
1234 case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
1235 status = mbedtls_test_opaque_cipher_abort(
1236 &operation->ctx.opaque_test_driver_ctx );
1237 mbedtls_platform_zeroize(
1238 &operation->ctx.opaque_test_driver_ctx,
1239 sizeof( operation->ctx.opaque_test_driver_ctx ) );
1240 return( status );
1241 #endif /* PSA_CRYPTO_DRIVER_TEST */
1242 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1243 }
1244
1245 (void)status;
1246 return( PSA_ERROR_INVALID_ARGUMENT );
1247 }
1248
1249 /*
1250 * Hashing functions
1251 */
psa_driver_wrapper_hash_compute(psa_algorithm_t alg,const uint8_t * input,size_t input_length,uint8_t * hash,size_t hash_size,size_t * hash_length)1252 psa_status_t psa_driver_wrapper_hash_compute(
1253 psa_algorithm_t alg,
1254 const uint8_t *input,
1255 size_t input_length,
1256 uint8_t *hash,
1257 size_t hash_size,
1258 size_t *hash_length)
1259 {
1260 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1261
1262 /* Try accelerators first */
1263 #if defined(PSA_CRYPTO_DRIVER_TEST)
1264 status = mbedtls_test_transparent_hash_compute(
1265 alg, input, input_length, hash, hash_size, hash_length );
1266 if( status != PSA_ERROR_NOT_SUPPORTED )
1267 return( status );
1268 #endif
1269
1270 /* If software fallback is compiled in, try fallback */
1271 #if defined(MBEDTLS_PSA_BUILTIN_HASH)
1272 status = mbedtls_psa_hash_compute( alg, input, input_length,
1273 hash, hash_size, hash_length );
1274 if( status != PSA_ERROR_NOT_SUPPORTED )
1275 return( status );
1276 #endif
1277 (void) status;
1278 (void) alg;
1279 (void) input;
1280 (void) input_length;
1281 (void) hash;
1282 (void) hash_size;
1283 (void) hash_length;
1284
1285 return( PSA_ERROR_NOT_SUPPORTED );
1286 }
1287
psa_driver_wrapper_hash_setup(psa_hash_operation_t * operation,psa_algorithm_t alg)1288 psa_status_t psa_driver_wrapper_hash_setup(
1289 psa_hash_operation_t *operation,
1290 psa_algorithm_t alg )
1291 {
1292 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1293
1294 /* Try setup on accelerators first */
1295 #if defined(PSA_CRYPTO_DRIVER_TEST)
1296 status = mbedtls_test_transparent_hash_setup(
1297 &operation->ctx.test_driver_ctx, alg );
1298 if( status == PSA_SUCCESS )
1299 operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
1300
1301 if( status != PSA_ERROR_NOT_SUPPORTED )
1302 return( status );
1303 #endif
1304
1305 /* If software fallback is compiled in, try fallback */
1306 #if defined(MBEDTLS_PSA_BUILTIN_HASH)
1307 status = mbedtls_psa_hash_setup( &operation->ctx.mbedtls_ctx, alg );
1308 if( status == PSA_SUCCESS )
1309 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1310
1311 if( status != PSA_ERROR_NOT_SUPPORTED )
1312 return( status );
1313 #endif
1314 /* Nothing left to try if we fall through here */
1315 (void) status;
1316 (void) operation;
1317 (void) alg;
1318 return( PSA_ERROR_NOT_SUPPORTED );
1319 }
1320
psa_driver_wrapper_hash_clone(const psa_hash_operation_t * source_operation,psa_hash_operation_t * target_operation)1321 psa_status_t psa_driver_wrapper_hash_clone(
1322 const psa_hash_operation_t *source_operation,
1323 psa_hash_operation_t *target_operation )
1324 {
1325 switch( source_operation->id )
1326 {
1327 #if defined(MBEDTLS_PSA_BUILTIN_HASH)
1328 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1329 target_operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1330 return( mbedtls_psa_hash_clone( &source_operation->ctx.mbedtls_ctx,
1331 &target_operation->ctx.mbedtls_ctx ) );
1332 #endif
1333 #if defined(PSA_CRYPTO_DRIVER_TEST)
1334 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
1335 target_operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
1336 return( mbedtls_test_transparent_hash_clone(
1337 &source_operation->ctx.test_driver_ctx,
1338 &target_operation->ctx.test_driver_ctx ) );
1339 #endif
1340 default:
1341 (void) target_operation;
1342 return( PSA_ERROR_BAD_STATE );
1343 }
1344 }
1345
psa_driver_wrapper_hash_update(psa_hash_operation_t * operation,const uint8_t * input,size_t input_length)1346 psa_status_t psa_driver_wrapper_hash_update(
1347 psa_hash_operation_t *operation,
1348 const uint8_t *input,
1349 size_t input_length )
1350 {
1351 switch( operation->id )
1352 {
1353 #if defined(MBEDTLS_PSA_BUILTIN_HASH)
1354 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1355 return( mbedtls_psa_hash_update( &operation->ctx.mbedtls_ctx,
1356 input, input_length ) );
1357 #endif
1358 #if defined(PSA_CRYPTO_DRIVER_TEST)
1359 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
1360 return( mbedtls_test_transparent_hash_update(
1361 &operation->ctx.test_driver_ctx,
1362 input, input_length ) );
1363 #endif
1364 default:
1365 (void) input;
1366 (void) input_length;
1367 return( PSA_ERROR_BAD_STATE );
1368 }
1369 }
1370
psa_driver_wrapper_hash_finish(psa_hash_operation_t * operation,uint8_t * hash,size_t hash_size,size_t * hash_length)1371 psa_status_t psa_driver_wrapper_hash_finish(
1372 psa_hash_operation_t *operation,
1373 uint8_t *hash,
1374 size_t hash_size,
1375 size_t *hash_length )
1376 {
1377 switch( operation->id )
1378 {
1379 #if defined(MBEDTLS_PSA_BUILTIN_HASH)
1380 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1381 return( mbedtls_psa_hash_finish( &operation->ctx.mbedtls_ctx,
1382 hash, hash_size, hash_length ) );
1383 #endif
1384 #if defined(PSA_CRYPTO_DRIVER_TEST)
1385 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
1386 return( mbedtls_test_transparent_hash_finish(
1387 &operation->ctx.test_driver_ctx,
1388 hash, hash_size, hash_length ) );
1389 #endif
1390 default:
1391 (void) hash;
1392 (void) hash_size;
1393 (void) hash_length;
1394 return( PSA_ERROR_BAD_STATE );
1395 }
1396 }
1397
psa_driver_wrapper_hash_abort(psa_hash_operation_t * operation)1398 psa_status_t psa_driver_wrapper_hash_abort(
1399 psa_hash_operation_t *operation )
1400 {
1401 switch( operation->id )
1402 {
1403 #if defined(MBEDTLS_PSA_BUILTIN_HASH)
1404 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1405 return( mbedtls_psa_hash_abort( &operation->ctx.mbedtls_ctx ) );
1406 #endif
1407 #if defined(PSA_CRYPTO_DRIVER_TEST)
1408 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
1409 return( mbedtls_test_transparent_hash_abort(
1410 &operation->ctx.test_driver_ctx ) );
1411 #endif
1412 default:
1413 return( PSA_ERROR_BAD_STATE );
1414 }
1415 }
1416
psa_driver_wrapper_aead_encrypt(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * nonce,size_t nonce_length,const uint8_t * additional_data,size_t additional_data_length,const uint8_t * plaintext,size_t plaintext_length,uint8_t * ciphertext,size_t ciphertext_size,size_t * ciphertext_length)1417 psa_status_t psa_driver_wrapper_aead_encrypt(
1418 const psa_key_attributes_t *attributes,
1419 const uint8_t *key_buffer, size_t key_buffer_size,
1420 psa_algorithm_t alg,
1421 const uint8_t *nonce, size_t nonce_length,
1422 const uint8_t *additional_data, size_t additional_data_length,
1423 const uint8_t *plaintext, size_t plaintext_length,
1424 uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length )
1425 {
1426 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1427 psa_key_location_t location =
1428 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1429
1430 switch( location )
1431 {
1432 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1433 /* Key is stored in the slot in export representation, so
1434 * cycle through all known transparent accelerators */
1435
1436 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1437 #if defined(PSA_CRYPTO_DRIVER_TEST)
1438 status = mbedtls_test_transparent_aead_encrypt(
1439 attributes, key_buffer, key_buffer_size,
1440 alg,
1441 nonce, nonce_length,
1442 additional_data, additional_data_length,
1443 plaintext, plaintext_length,
1444 ciphertext, ciphertext_size, ciphertext_length );
1445 /* Declared with fallback == true */
1446 if( status != PSA_ERROR_NOT_SUPPORTED )
1447 return( status );
1448 #endif /* PSA_CRYPTO_DRIVER_TEST */
1449 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1450
1451 /* Fell through, meaning no accelerator supports this operation */
1452 return( mbedtls_psa_aead_encrypt(
1453 attributes, key_buffer, key_buffer_size,
1454 alg,
1455 nonce, nonce_length,
1456 additional_data, additional_data_length,
1457 plaintext, plaintext_length,
1458 ciphertext, ciphertext_size, ciphertext_length ) );
1459
1460 /* Add cases for opaque driver here */
1461
1462 default:
1463 /* Key is declared with a lifetime not known to us */
1464 (void)status;
1465 return( PSA_ERROR_INVALID_ARGUMENT );
1466 }
1467 }
1468
psa_driver_wrapper_aead_decrypt(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * nonce,size_t nonce_length,const uint8_t * additional_data,size_t additional_data_length,const uint8_t * ciphertext,size_t ciphertext_length,uint8_t * plaintext,size_t plaintext_size,size_t * plaintext_length)1469 psa_status_t psa_driver_wrapper_aead_decrypt(
1470 const psa_key_attributes_t *attributes,
1471 const uint8_t *key_buffer, size_t key_buffer_size,
1472 psa_algorithm_t alg,
1473 const uint8_t *nonce, size_t nonce_length,
1474 const uint8_t *additional_data, size_t additional_data_length,
1475 const uint8_t *ciphertext, size_t ciphertext_length,
1476 uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length )
1477 {
1478 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1479 psa_key_location_t location =
1480 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1481
1482 switch( location )
1483 {
1484 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1485 /* Key is stored in the slot in export representation, so
1486 * cycle through all known transparent accelerators */
1487
1488 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1489 #if defined(PSA_CRYPTO_DRIVER_TEST)
1490 status = mbedtls_test_transparent_aead_decrypt(
1491 attributes, key_buffer, key_buffer_size,
1492 alg,
1493 nonce, nonce_length,
1494 additional_data, additional_data_length,
1495 ciphertext, ciphertext_length,
1496 plaintext, plaintext_size, plaintext_length );
1497 /* Declared with fallback == true */
1498 if( status != PSA_ERROR_NOT_SUPPORTED )
1499 return( status );
1500 #endif /* PSA_CRYPTO_DRIVER_TEST */
1501 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1502
1503 /* Fell through, meaning no accelerator supports this operation */
1504 return( mbedtls_psa_aead_decrypt(
1505 attributes, key_buffer, key_buffer_size,
1506 alg,
1507 nonce, nonce_length,
1508 additional_data, additional_data_length,
1509 ciphertext, ciphertext_length,
1510 plaintext, plaintext_size, plaintext_length ) );
1511
1512 /* Add cases for opaque driver here */
1513
1514 default:
1515 /* Key is declared with a lifetime not known to us */
1516 (void)status;
1517 return( PSA_ERROR_INVALID_ARGUMENT );
1518 }
1519 }
1520
1521
1522 /*
1523 * MAC functions
1524 */
psa_driver_wrapper_mac_compute(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * input,size_t input_length,uint8_t * mac,size_t mac_size,size_t * mac_length)1525 psa_status_t psa_driver_wrapper_mac_compute(
1526 const psa_key_attributes_t *attributes,
1527 const uint8_t *key_buffer,
1528 size_t key_buffer_size,
1529 psa_algorithm_t alg,
1530 const uint8_t *input,
1531 size_t input_length,
1532 uint8_t *mac,
1533 size_t mac_size,
1534 size_t *mac_length )
1535 {
1536 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1537 psa_key_location_t location =
1538 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1539
1540 switch( location )
1541 {
1542 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1543 /* Key is stored in the slot in export representation, so
1544 * cycle through all known transparent accelerators */
1545 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1546 #if defined(PSA_CRYPTO_DRIVER_TEST)
1547 status = mbedtls_test_transparent_mac_compute(
1548 attributes, key_buffer, key_buffer_size, alg,
1549 input, input_length,
1550 mac, mac_size, mac_length );
1551 /* Declared with fallback == true */
1552 if( status != PSA_ERROR_NOT_SUPPORTED )
1553 return( status );
1554 #endif /* PSA_CRYPTO_DRIVER_TEST */
1555 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1556 #if defined(MBEDTLS_PSA_BUILTIN_MAC)
1557 /* Fell through, meaning no accelerator supports this operation */
1558 status = mbedtls_psa_mac_compute(
1559 attributes, key_buffer, key_buffer_size, alg,
1560 input, input_length,
1561 mac, mac_size, mac_length );
1562 if( status != PSA_ERROR_NOT_SUPPORTED )
1563 return( status );
1564 #endif /* MBEDTLS_PSA_BUILTIN_MAC */
1565 return( PSA_ERROR_NOT_SUPPORTED );
1566
1567 /* Add cases for opaque driver here */
1568 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1569 #if defined(PSA_CRYPTO_DRIVER_TEST)
1570 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
1571 status = mbedtls_test_opaque_mac_compute(
1572 attributes, key_buffer, key_buffer_size, alg,
1573 input, input_length,
1574 mac, mac_size, mac_length );
1575 return( status );
1576 #endif /* PSA_CRYPTO_DRIVER_TEST */
1577 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1578 default:
1579 /* Key is declared with a lifetime not known to us */
1580 (void) key_buffer;
1581 (void) key_buffer_size;
1582 (void) alg;
1583 (void) input;
1584 (void) input_length;
1585 (void) mac;
1586 (void) mac_size;
1587 (void) mac_length;
1588 (void) status;
1589 return( PSA_ERROR_INVALID_ARGUMENT );
1590 }
1591 }
1592
psa_driver_wrapper_mac_sign_setup(psa_mac_operation_t * operation,const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg)1593 psa_status_t psa_driver_wrapper_mac_sign_setup(
1594 psa_mac_operation_t *operation,
1595 const psa_key_attributes_t *attributes,
1596 const uint8_t *key_buffer,
1597 size_t key_buffer_size,
1598 psa_algorithm_t alg )
1599 {
1600 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1601 psa_key_location_t location =
1602 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1603
1604 switch( location )
1605 {
1606 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1607 /* Key is stored in the slot in export representation, so
1608 * cycle through all known transparent accelerators */
1609 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1610 #if defined(PSA_CRYPTO_DRIVER_TEST)
1611 status = mbedtls_test_transparent_mac_sign_setup(
1612 &operation->ctx.transparent_test_driver_ctx,
1613 attributes,
1614 key_buffer, key_buffer_size,
1615 alg );
1616 /* Declared with fallback == true */
1617 if( status == PSA_SUCCESS )
1618 operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
1619
1620 if( status != PSA_ERROR_NOT_SUPPORTED )
1621 return( status );
1622 #endif /* PSA_CRYPTO_DRIVER_TEST */
1623 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1624 #if defined(MBEDTLS_PSA_BUILTIN_MAC)
1625 /* Fell through, meaning no accelerator supports this operation */
1626 status = mbedtls_psa_mac_sign_setup( &operation->ctx.mbedtls_ctx,
1627 attributes,
1628 key_buffer, key_buffer_size,
1629 alg );
1630 if( status == PSA_SUCCESS )
1631 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1632
1633 if( status != PSA_ERROR_NOT_SUPPORTED )
1634 return( status );
1635 #endif /* MBEDTLS_PSA_BUILTIN_MAC */
1636 return( PSA_ERROR_NOT_SUPPORTED );
1637
1638 /* Add cases for opaque driver here */
1639 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1640 #if defined(PSA_CRYPTO_DRIVER_TEST)
1641 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
1642 status = mbedtls_test_opaque_mac_sign_setup(
1643 &operation->ctx.opaque_test_driver_ctx,
1644 attributes,
1645 key_buffer, key_buffer_size,
1646 alg );
1647
1648 if( status == PSA_SUCCESS )
1649 operation->id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID;
1650
1651 return( status );
1652 #endif /* PSA_CRYPTO_DRIVER_TEST */
1653 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1654 default:
1655 /* Key is declared with a lifetime not known to us */
1656 (void) status;
1657 (void) operation;
1658 (void) key_buffer;
1659 (void) key_buffer_size;
1660 (void) alg;
1661 return( PSA_ERROR_INVALID_ARGUMENT );
1662 }
1663 }
1664
psa_driver_wrapper_mac_verify_setup(psa_mac_operation_t * operation,const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg)1665 psa_status_t psa_driver_wrapper_mac_verify_setup(
1666 psa_mac_operation_t *operation,
1667 const psa_key_attributes_t *attributes,
1668 const uint8_t *key_buffer,
1669 size_t key_buffer_size,
1670 psa_algorithm_t alg )
1671 {
1672 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1673 psa_key_location_t location =
1674 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1675
1676 switch( location )
1677 {
1678 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1679 /* Key is stored in the slot in export representation, so
1680 * cycle through all known transparent accelerators */
1681 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1682 #if defined(PSA_CRYPTO_DRIVER_TEST)
1683 status = mbedtls_test_transparent_mac_verify_setup(
1684 &operation->ctx.transparent_test_driver_ctx,
1685 attributes,
1686 key_buffer, key_buffer_size,
1687 alg );
1688 /* Declared with fallback == true */
1689 if( status == PSA_SUCCESS )
1690 operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
1691
1692 if( status != PSA_ERROR_NOT_SUPPORTED )
1693 return( status );
1694 #endif /* PSA_CRYPTO_DRIVER_TEST */
1695 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1696 #if defined(MBEDTLS_PSA_BUILTIN_MAC)
1697 /* Fell through, meaning no accelerator supports this operation */
1698 status = mbedtls_psa_mac_verify_setup( &operation->ctx.mbedtls_ctx,
1699 attributes,
1700 key_buffer, key_buffer_size,
1701 alg );
1702 if( status == PSA_SUCCESS )
1703 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1704
1705 if( status != PSA_ERROR_NOT_SUPPORTED )
1706 return( status );
1707 #endif /* MBEDTLS_PSA_BUILTIN_MAC */
1708 return( PSA_ERROR_NOT_SUPPORTED );
1709
1710 /* Add cases for opaque driver here */
1711 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1712 #if defined(PSA_CRYPTO_DRIVER_TEST)
1713 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
1714 status = mbedtls_test_opaque_mac_verify_setup(
1715 &operation->ctx.opaque_test_driver_ctx,
1716 attributes,
1717 key_buffer, key_buffer_size,
1718 alg );
1719
1720 if( status == PSA_SUCCESS )
1721 operation->id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID;
1722
1723 return( status );
1724 #endif /* PSA_CRYPTO_DRIVER_TEST */
1725 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1726 default:
1727 /* Key is declared with a lifetime not known to us */
1728 (void) status;
1729 (void) operation;
1730 (void) key_buffer;
1731 (void) key_buffer_size;
1732 (void) alg;
1733 return( PSA_ERROR_INVALID_ARGUMENT );
1734 }
1735 }
1736
psa_driver_wrapper_mac_update(psa_mac_operation_t * operation,const uint8_t * input,size_t input_length)1737 psa_status_t psa_driver_wrapper_mac_update(
1738 psa_mac_operation_t *operation,
1739 const uint8_t *input,
1740 size_t input_length )
1741 {
1742 switch( operation->id )
1743 {
1744 #if defined(MBEDTLS_PSA_BUILTIN_MAC)
1745 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1746 return( mbedtls_psa_mac_update( &operation->ctx.mbedtls_ctx,
1747 input, input_length ) );
1748 #endif /* MBEDTLS_PSA_BUILTIN_MAC */
1749
1750 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1751 #if defined(PSA_CRYPTO_DRIVER_TEST)
1752 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
1753 return( mbedtls_test_transparent_mac_update(
1754 &operation->ctx.transparent_test_driver_ctx,
1755 input, input_length ) );
1756
1757 case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
1758 return( mbedtls_test_opaque_mac_update(
1759 &operation->ctx.opaque_test_driver_ctx,
1760 input, input_length ) );
1761 #endif /* PSA_CRYPTO_DRIVER_TEST */
1762 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1763 default:
1764 (void) input;
1765 (void) input_length;
1766 return( PSA_ERROR_INVALID_ARGUMENT );
1767 }
1768 }
1769
psa_driver_wrapper_mac_sign_finish(psa_mac_operation_t * operation,uint8_t * mac,size_t mac_size,size_t * mac_length)1770 psa_status_t psa_driver_wrapper_mac_sign_finish(
1771 psa_mac_operation_t *operation,
1772 uint8_t *mac,
1773 size_t mac_size,
1774 size_t *mac_length )
1775 {
1776 switch( operation->id )
1777 {
1778 #if defined(MBEDTLS_PSA_BUILTIN_MAC)
1779 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1780 return( mbedtls_psa_mac_sign_finish( &operation->ctx.mbedtls_ctx,
1781 mac, mac_size, mac_length ) );
1782 #endif /* MBEDTLS_PSA_BUILTIN_MAC */
1783
1784 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1785 #if defined(PSA_CRYPTO_DRIVER_TEST)
1786 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
1787 return( mbedtls_test_transparent_mac_sign_finish(
1788 &operation->ctx.transparent_test_driver_ctx,
1789 mac, mac_size, mac_length ) );
1790
1791 case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
1792 return( mbedtls_test_opaque_mac_sign_finish(
1793 &operation->ctx.opaque_test_driver_ctx,
1794 mac, mac_size, mac_length ) );
1795 #endif /* PSA_CRYPTO_DRIVER_TEST */
1796 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1797 default:
1798 (void) mac;
1799 (void) mac_size;
1800 (void) mac_length;
1801 return( PSA_ERROR_INVALID_ARGUMENT );
1802 }
1803 }
1804
psa_driver_wrapper_mac_verify_finish(psa_mac_operation_t * operation,const uint8_t * mac,size_t mac_length)1805 psa_status_t psa_driver_wrapper_mac_verify_finish(
1806 psa_mac_operation_t *operation,
1807 const uint8_t *mac,
1808 size_t mac_length )
1809 {
1810 switch( operation->id )
1811 {
1812 #if defined(MBEDTLS_PSA_BUILTIN_MAC)
1813 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1814 return( mbedtls_psa_mac_verify_finish( &operation->ctx.mbedtls_ctx,
1815 mac, mac_length ) );
1816 #endif /* MBEDTLS_PSA_BUILTIN_MAC */
1817
1818 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1819 #if defined(PSA_CRYPTO_DRIVER_TEST)
1820 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
1821 return( mbedtls_test_transparent_mac_verify_finish(
1822 &operation->ctx.transparent_test_driver_ctx,
1823 mac, mac_length ) );
1824
1825 case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
1826 return( mbedtls_test_opaque_mac_verify_finish(
1827 &operation->ctx.opaque_test_driver_ctx,
1828 mac, mac_length ) );
1829 #endif /* PSA_CRYPTO_DRIVER_TEST */
1830 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1831 default:
1832 (void) mac;
1833 (void) mac_length;
1834 return( PSA_ERROR_INVALID_ARGUMENT );
1835 }
1836 }
1837
psa_driver_wrapper_mac_abort(psa_mac_operation_t * operation)1838 psa_status_t psa_driver_wrapper_mac_abort(
1839 psa_mac_operation_t *operation )
1840 {
1841 switch( operation->id )
1842 {
1843 #if defined(MBEDTLS_PSA_BUILTIN_MAC)
1844 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1845 return( mbedtls_psa_mac_abort( &operation->ctx.mbedtls_ctx ) );
1846 #endif /* MBEDTLS_PSA_BUILTIN_MAC */
1847
1848 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1849 #if defined(PSA_CRYPTO_DRIVER_TEST)
1850 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
1851 return( mbedtls_test_transparent_mac_abort(
1852 &operation->ctx.transparent_test_driver_ctx ) );
1853 case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
1854 return( mbedtls_test_opaque_mac_abort(
1855 &operation->ctx.opaque_test_driver_ctx ) );
1856 #endif /* PSA_CRYPTO_DRIVER_TEST */
1857 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1858 default:
1859 return( PSA_ERROR_INVALID_ARGUMENT );
1860 }
1861 }
1862
1863 #endif /* MBEDTLS_PSA_CRYPTO_C */
1864
