1 /*
2 * Functions to delegate cryptographic operations to an available
3 * and appropriate accelerator.
4 * Warning: This file is now auto-generated.
5 */
6 /* Copyright The Mbed TLS Contributors
7 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
8 */
9
10
11 /* BEGIN-common headers */
12 #include "common.h"
13 #include "psa_crypto_aead.h"
14 #include "psa_crypto_cipher.h"
15 #include "psa_crypto_core.h"
16 #include "psa_crypto_driver_wrappers_no_static.h"
17 #include "psa_crypto_hash.h"
18 #include "psa_crypto_mac.h"
19 #include "psa_crypto_pake.h"
20 #include "psa_crypto_rsa.h"
21
22 #include "mbedtls/platform.h"
23 #include "mbedtls/constant_time.h"
24 /* END-common headers */
25
26 #if defined(MBEDTLS_PSA_CRYPTO_C) || defined(MCUBOOT_USE_PSA_CRYPTO)
27
28 /* BEGIN-driver headers */
29 /* Headers for mbedtls_test opaque driver */
30 #if defined(PSA_CRYPTO_DRIVER_TEST)
31 #include "test/drivers/test_driver.h"
32
33 #endif
34 /* Headers for mbedtls_test transparent driver */
35 #if defined(PSA_CRYPTO_DRIVER_TEST)
36 #include "test/drivers/test_driver.h"
37
38 #endif
39 /* Headers for p256 transparent driver */
40 #if defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED)
41 #include "../3rdparty/p256-m/p256-m_driver_entrypoints.h"
42
43 #endif
44
45 /* Include TF-M builtin key driver */
46 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
47 #ifndef PSA_CRYPTO_DRIVER_PRESENT
48 #define PSA_CRYPTO_DRIVER_PRESENT
49 #endif
50 #ifndef PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT
51 #define PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT
52 #endif
53 #include "tfm_builtin_key_loader.h"
54 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
55
56 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
57 #ifndef PSA_CRYPTO_DRIVER_PRESENT
58 #define PSA_CRYPTO_DRIVER_PRESENT
59 #endif
60 #ifndef PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT
61 #define PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT
62 #endif
63 #include "cc3xx.h"
64 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
65
66 /* END-driver headers */
67
68 /* Auto-generated values depending on which drivers are registered.
69 * ID 0 is reserved for unallocated operations.
70 * ID 1 is reserved for the Mbed TLS software driver. */
71 /* BEGIN-driver id definition */
72 enum {
73 PSA_CRYPTO_MBED_TLS_DRIVER_ID = 1,
74 MBEDTLS_TEST_OPAQUE_DRIVER_ID,
75 MBEDTLS_TEST_TRANSPARENT_DRIVER_ID,
76 P256_TRANSPARENT_DRIVER_ID,
77 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
78 PSA_CRYPTO_TFM_BUILTIN_KEY_LOADER_DRIVER_ID,
79 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
80 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
81 PSA_CRYPTO_CC3XX_DRIVER_ID,
82 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
83 };
84
85 /* END-driver id */
86
87 /* BEGIN-Common Macro definitions */
88
89 /* END-Common Macro definitions */
90
91 /* Support the 'old' SE interface when asked to */
92 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
93 /* PSA_CRYPTO_DRIVER_PRESENT is defined when either a new-style or old-style
94 * SE driver is present, to avoid unused argument errors at compile time. */
95 #ifndef PSA_CRYPTO_DRIVER_PRESENT
96 #define PSA_CRYPTO_DRIVER_PRESENT
97 #endif
98 #include "psa_crypto_se.h"
99 #endif
100
psa_driver_wrapper_init(void)101 static inline psa_status_t psa_driver_wrapper_init( void )
102 {
103 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
104
105 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
106 status = tfm_builtin_key_loader_init();
107 if (status != PSA_SUCCESS)
108 return ( status );
109 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
110
111 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
112 status = psa_init_all_se_drivers( );
113 if( status != PSA_SUCCESS )
114 return( status );
115 #endif
116
117 #if defined(PSA_CRYPTO_DRIVER_TEST)
118 status = mbedtls_test_transparent_init( );
119 if( status != PSA_SUCCESS )
120 return( status );
121
122 status = mbedtls_test_opaque_init( );
123 if( status != PSA_SUCCESS )
124 return( status );
125 #endif
126
127 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
128 status = cc3xx_init();
129 if (status != PSA_SUCCESS)
130 return ( status );
131 #endif
132
133 (void) status;
134 return( PSA_SUCCESS );
135 }
136
psa_driver_wrapper_free(void)137 static inline void psa_driver_wrapper_free( void )
138 {
139 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
140 /* Unregister all secure element drivers, so that we restart from
141 * a pristine state. */
142 psa_unregister_all_se_drivers( );
143 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
144
145 #if defined(PSA_CRYPTO_DRIVER_TEST)
146 mbedtls_test_transparent_free( );
147 mbedtls_test_opaque_free( );
148 #endif
149
150 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
151 (void)cc3xx_free();
152 #endif
153 }
154
155 /* Start delegation functions */
psa_driver_wrapper_sign_message(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * input,size_t input_length,uint8_t * signature,size_t signature_size,size_t * signature_length)156 static inline psa_status_t psa_driver_wrapper_sign_message(
157 const psa_key_attributes_t *attributes,
158 const uint8_t *key_buffer,
159 size_t key_buffer_size,
160 psa_algorithm_t alg,
161 const uint8_t *input,
162 size_t input_length,
163 uint8_t *signature,
164 size_t signature_size,
165 size_t *signature_length )
166 {
167 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
168 psa_key_location_t location =
169 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
170
171 switch( location )
172 {
173 case PSA_KEY_LOCATION_LOCAL_STORAGE:
174 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
175 case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
176 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
177 /* Key is stored in the slot in export representation, so
178 * cycle through all known transparent accelerators */
179 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
180 #if defined(PSA_CRYPTO_DRIVER_TEST)
181 status = mbedtls_test_transparent_signature_sign_message(
182 attributes,
183 key_buffer,
184 key_buffer_size,
185 alg,
186 input,
187 input_length,
188 signature,
189 signature_size,
190 signature_length );
191 /* Declared with fallback == true */
192 if( status != PSA_ERROR_NOT_SUPPORTED )
193 return( status );
194 #endif /* PSA_CRYPTO_DRIVER_TEST */
195 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
196 status = cc3xx_sign_message(
197 attributes,
198 key_buffer,
199 key_buffer_size,
200 alg,
201 input,
202 input_length,
203 signature,
204 signature_size,
205 signature_length );
206 return( status );
207 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
208 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
209 return( psa_sign_message_builtin( attributes,
210 key_buffer,
211 key_buffer_size,
212 alg,
213 input,
214 input_length,
215 signature,
216 signature_size,
217 signature_length ) );
218 break;
219
220 /* Add cases for opaque driver here */
221 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
222 #if defined(PSA_CRYPTO_DRIVER_TEST)
223 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
224 status = mbedtls_test_opaque_signature_sign_message(
225 attributes,
226 key_buffer,
227 key_buffer_size,
228 alg,
229 input,
230 input_length,
231 signature,
232 signature_size,
233 signature_length );
234 if( status != PSA_ERROR_NOT_SUPPORTED )
235 return( status );
236 break;
237 #endif /* PSA_CRYPTO_DRIVER_TEST */
238 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
239 default:
240 /* Key is declared with a lifetime not known to us */
241 (void)status;
242 return( PSA_ERROR_INVALID_ARGUMENT );
243 }
244 }
245
psa_driver_wrapper_verify_message(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * input,size_t input_length,const uint8_t * signature,size_t signature_length)246 static inline psa_status_t psa_driver_wrapper_verify_message(
247 const psa_key_attributes_t *attributes,
248 const uint8_t *key_buffer,
249 size_t key_buffer_size,
250 psa_algorithm_t alg,
251 const uint8_t *input,
252 size_t input_length,
253 const uint8_t *signature,
254 size_t signature_length )
255 {
256 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
257 psa_key_location_t location =
258 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
259
260 switch( location )
261 {
262 case PSA_KEY_LOCATION_LOCAL_STORAGE:
263 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
264 case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
265 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
266 /* Key is stored in the slot in export representation, so
267 * cycle through all known transparent accelerators */
268 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
269 #if defined(PSA_CRYPTO_DRIVER_TEST)
270 status = mbedtls_test_transparent_signature_verify_message(
271 attributes,
272 key_buffer,
273 key_buffer_size,
274 alg,
275 input,
276 input_length,
277 signature,
278 signature_length );
279 /* Declared with fallback == true */
280 if( status != PSA_ERROR_NOT_SUPPORTED )
281 return( status );
282 #endif /* PSA_CRYPTO_DRIVER_TEST */
283 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
284 status = cc3xx_verify_message(
285 attributes,
286 key_buffer,
287 key_buffer_size,
288 alg,
289 input,
290 input_length,
291 signature,
292 signature_length );
293 return( status );
294 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
295 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
296 return( psa_verify_message_builtin( attributes,
297 key_buffer,
298 key_buffer_size,
299 alg,
300 input,
301 input_length,
302 signature,
303 signature_length ) );
304
305 /* Add cases for opaque driver here */
306 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
307 #if defined(PSA_CRYPTO_DRIVER_TEST)
308 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
309 return( mbedtls_test_opaque_signature_verify_message(
310 attributes,
311 key_buffer,
312 key_buffer_size,
313 alg,
314 input,
315 input_length,
316 signature,
317 signature_length ) );
318 if( status != PSA_ERROR_NOT_SUPPORTED )
319 return( status );
320 break;
321 #endif /* PSA_CRYPTO_DRIVER_TEST */
322 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
323 default:
324 /* Key is declared with a lifetime not known to us */
325 (void)status;
326 return( PSA_ERROR_INVALID_ARGUMENT );
327 }
328 }
329
psa_driver_wrapper_sign_hash(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * hash,size_t hash_length,uint8_t * signature,size_t signature_size,size_t * signature_length)330 static inline psa_status_t psa_driver_wrapper_sign_hash(
331 const psa_key_attributes_t *attributes,
332 const uint8_t *key_buffer, size_t key_buffer_size,
333 psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
334 uint8_t *signature, size_t signature_size, size_t *signature_length )
335 {
336 /* Try dynamically-registered SE interface first */
337 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
338 const psa_drv_se_t *drv;
339 psa_drv_se_context_t *drv_context;
340
341 if( psa_get_se_driver( psa_get_key_lifetime(attributes), &drv, &drv_context ) )
342 {
343 if( drv->asymmetric == NULL ||
344 drv->asymmetric->p_sign == NULL )
345 {
346 /* Key is defined in SE, but we have no way to exercise it */
347 return( PSA_ERROR_NOT_SUPPORTED );
348 }
349 return( drv->asymmetric->p_sign(
350 drv_context, *( (psa_key_slot_number_t *)key_buffer ),
351 alg, hash, hash_length,
352 signature, signature_size, signature_length ) );
353 }
354 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
355
356 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
357 psa_key_location_t location =
358 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
359
360 switch( location )
361 {
362 case PSA_KEY_LOCATION_LOCAL_STORAGE:
363 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
364 case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
365 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
366 /* Key is stored in the slot in export representation, so
367 * cycle through all known transparent accelerators */
368 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
369 #if defined(PSA_CRYPTO_DRIVER_TEST)
370 status = mbedtls_test_transparent_signature_sign_hash( attributes,
371 key_buffer,
372 key_buffer_size,
373 alg,
374 hash,
375 hash_length,
376 signature,
377 signature_size,
378 signature_length );
379 /* Declared with fallback == true */
380 if( status != PSA_ERROR_NOT_SUPPORTED )
381 return( status );
382 #endif /* PSA_CRYPTO_DRIVER_TEST */
383 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
384 status = cc3xx_sign_hash( attributes,
385 key_buffer,
386 key_buffer_size,
387 alg,
388 hash,
389 hash_length,
390 signature,
391 signature_size,
392 signature_length );
393 return( status );
394 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
395 #if defined (MBEDTLS_PSA_P256M_DRIVER_ENABLED)
396 if( PSA_KEY_TYPE_IS_ECC( psa_get_key_type(attributes) ) &&
397 PSA_ALG_IS_ECDSA(alg) &&
398 !PSA_ALG_ECDSA_IS_DETERMINISTIC( alg ) &&
399 PSA_KEY_TYPE_ECC_GET_FAMILY(psa_get_key_type(attributes)) == PSA_ECC_FAMILY_SECP_R1 &&
400 psa_get_key_bits(attributes) == 256 )
401 {
402 status = p256_transparent_sign_hash( attributes,
403 key_buffer,
404 key_buffer_size,
405 alg,
406 hash,
407 hash_length,
408 signature,
409 signature_size,
410 signature_length );
411 if( status != PSA_ERROR_NOT_SUPPORTED )
412 return( status );
413 }
414 #endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */
415 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
416 /* Fell through, meaning no accelerator supports this operation */
417 return( psa_sign_hash_builtin( attributes,
418 key_buffer,
419 key_buffer_size,
420 alg,
421 hash,
422 hash_length,
423 signature,
424 signature_size,
425 signature_length ) );
426
427 /* Add cases for opaque driver here */
428 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
429 #if defined(PSA_CRYPTO_DRIVER_TEST)
430 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
431 return( mbedtls_test_opaque_signature_sign_hash( attributes,
432 key_buffer,
433 key_buffer_size,
434 alg,
435 hash,
436 hash_length,
437 signature,
438 signature_size,
439 signature_length ) );
440 #endif /* PSA_CRYPTO_DRIVER_TEST */
441 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
442 default:
443 /* Key is declared with a lifetime not known to us */
444 (void)status;
445 return( PSA_ERROR_INVALID_ARGUMENT );
446 }
447 }
448
psa_driver_wrapper_verify_hash(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * hash,size_t hash_length,const uint8_t * signature,size_t signature_length)449 static inline psa_status_t psa_driver_wrapper_verify_hash(
450 const psa_key_attributes_t *attributes,
451 const uint8_t *key_buffer, size_t key_buffer_size,
452 psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
453 const uint8_t *signature, size_t signature_length )
454 {
455 /* Try dynamically-registered SE interface first */
456 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
457 const psa_drv_se_t *drv;
458 psa_drv_se_context_t *drv_context;
459
460 if( psa_get_se_driver( psa_get_key_lifetime(attributes), &drv, &drv_context ) )
461 {
462 if( drv->asymmetric == NULL ||
463 drv->asymmetric->p_verify == NULL )
464 {
465 /* Key is defined in SE, but we have no way to exercise it */
466 return( PSA_ERROR_NOT_SUPPORTED );
467 }
468 return( drv->asymmetric->p_verify(
469 drv_context, *( (psa_key_slot_number_t *)key_buffer ),
470 alg, hash, hash_length,
471 signature, signature_length ) );
472 }
473 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
474
475 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
476 psa_key_location_t location =
477 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
478
479 switch( location )
480 {
481 case PSA_KEY_LOCATION_LOCAL_STORAGE:
482 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
483 case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
484 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
485 /* Key is stored in the slot in export representation, so
486 * cycle through all known transparent accelerators */
487 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
488 #if defined(PSA_CRYPTO_DRIVER_TEST)
489 status = mbedtls_test_transparent_signature_verify_hash(
490 attributes,
491 key_buffer,
492 key_buffer_size,
493 alg,
494 hash,
495 hash_length,
496 signature,
497 signature_length );
498 /* Declared with fallback == true */
499 if( status != PSA_ERROR_NOT_SUPPORTED )
500 return( status );
501 #endif /* PSA_CRYPTO_DRIVER_TEST */
502 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
503 status = cc3xx_verify_hash( attributes,
504 key_buffer,
505 key_buffer_size,
506 alg,
507 hash,
508 hash_length,
509 signature,
510 signature_length );
511 return( status );
512 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
513 #if defined (MBEDTLS_PSA_P256M_DRIVER_ENABLED)
514 if( PSA_KEY_TYPE_IS_ECC( psa_get_key_type(attributes) ) &&
515 PSA_ALG_IS_ECDSA(alg) &&
516 !PSA_ALG_ECDSA_IS_DETERMINISTIC( alg ) &&
517 PSA_KEY_TYPE_ECC_GET_FAMILY(psa_get_key_type(attributes)) == PSA_ECC_FAMILY_SECP_R1 &&
518 psa_get_key_bits(attributes) == 256 )
519 {
520 status = p256_transparent_verify_hash( attributes,
521 key_buffer,
522 key_buffer_size,
523 alg,
524 hash,
525 hash_length,
526 signature,
527 signature_length );
528 if( status != PSA_ERROR_NOT_SUPPORTED )
529 return( status );
530 }
531 #endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */
532 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
533
534 return( psa_verify_hash_builtin( attributes,
535 key_buffer,
536 key_buffer_size,
537 alg,
538 hash,
539 hash_length,
540 signature,
541 signature_length ) );
542
543 /* Add cases for opaque driver here */
544 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
545 #if defined(PSA_CRYPTO_DRIVER_TEST)
546 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
547 return( mbedtls_test_opaque_signature_verify_hash( attributes,
548 key_buffer,
549 key_buffer_size,
550 alg,
551 hash,
552 hash_length,
553 signature,
554 signature_length ) );
555 #endif /* PSA_CRYPTO_DRIVER_TEST */
556 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
557 default:
558 /* Key is declared with a lifetime not known to us */
559 (void)status;
560 return( PSA_ERROR_INVALID_ARGUMENT );
561 }
562 }
563
psa_driver_wrapper_sign_hash_get_num_ops(psa_sign_hash_interruptible_operation_t * operation)564 static inline uint32_t psa_driver_wrapper_sign_hash_get_num_ops(
565 psa_sign_hash_interruptible_operation_t *operation )
566 {
567 switch( operation->id )
568 {
569 /* If uninitialised, return 0, as no work can have been done. */
570 case 0:
571 return 0;
572
573 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
574 return(mbedtls_psa_sign_hash_get_num_ops(&operation->ctx.mbedtls_ctx));
575
576 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
577 #if defined(PSA_CRYPTO_DRIVER_TEST)
578 /* Add test driver tests here */
579
580 #endif /* PSA_CRYPTO_DRIVER_TEST */
581 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
582 }
583
584 /* Can't happen (see discussion in #8271) */
585 return 0;
586 }
587
psa_driver_wrapper_verify_hash_get_num_ops(psa_verify_hash_interruptible_operation_t * operation)588 static inline uint32_t psa_driver_wrapper_verify_hash_get_num_ops(
589 psa_verify_hash_interruptible_operation_t *operation )
590 {
591 switch( operation->id )
592 {
593 /* If uninitialised, return 0, as no work can have been done. */
594 case 0:
595 return 0;
596
597 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
598 return (mbedtls_psa_verify_hash_get_num_ops(&operation->ctx.mbedtls_ctx));
599
600 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
601 #if defined(PSA_CRYPTO_DRIVER_TEST)
602 /* Add test driver tests here */
603
604 #endif /* PSA_CRYPTO_DRIVER_TEST */
605 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
606
607 }
608
609 /* Can't happen (see discussion in #8271) */
610 return 0;
611 }
612
psa_driver_wrapper_sign_hash_start(psa_sign_hash_interruptible_operation_t * operation,const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * hash,size_t hash_length)613 static inline psa_status_t psa_driver_wrapper_sign_hash_start(
614 psa_sign_hash_interruptible_operation_t *operation,
615 const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
616 size_t key_buffer_size, psa_algorithm_t alg,
617 const uint8_t *hash, size_t hash_length )
618 {
619 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
620 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
621 psa_get_key_lifetime(attributes) );
622
623 switch( location )
624 {
625 case PSA_KEY_LOCATION_LOCAL_STORAGE:
626 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
627 case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
628 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
629 /* Key is stored in the slot in export representation, so
630 * cycle through all known transparent accelerators */
631
632 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
633 #if defined(PSA_CRYPTO_DRIVER_TEST)
634
635 /* Add test driver tests here */
636
637 /* Declared with fallback == true */
638
639 #endif /* PSA_CRYPTO_DRIVER_TEST */
640 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
641
642 /* Fell through, meaning no accelerator supports this operation */
643 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
644 status = mbedtls_psa_sign_hash_start( &operation->ctx.mbedtls_ctx,
645 attributes,
646 key_buffer, key_buffer_size,
647 alg, hash, hash_length );
648 break;
649
650 /* Add cases for opaque driver here */
651
652 default:
653 /* Key is declared with a lifetime not known to us */
654 status = PSA_ERROR_INVALID_ARGUMENT;
655 break;
656 }
657
658 return( status );
659 }
660
psa_driver_wrapper_sign_hash_complete(psa_sign_hash_interruptible_operation_t * operation,uint8_t * signature,size_t signature_size,size_t * signature_length)661 static inline psa_status_t psa_driver_wrapper_sign_hash_complete(
662 psa_sign_hash_interruptible_operation_t *operation,
663 uint8_t *signature, size_t signature_size,
664 size_t *signature_length )
665 {
666 switch( operation->id )
667 {
668 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
669 return( mbedtls_psa_sign_hash_complete( &operation->ctx.mbedtls_ctx,
670 signature, signature_size,
671 signature_length ) );
672
673 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
674 #if defined(PSA_CRYPTO_DRIVER_TEST)
675 /* Add test driver tests here */
676
677 #endif /* PSA_CRYPTO_DRIVER_TEST */
678 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
679 }
680
681 ( void ) signature;
682 ( void ) signature_size;
683 ( void ) signature_length;
684
685 return( PSA_ERROR_INVALID_ARGUMENT );
686 }
687
psa_driver_wrapper_sign_hash_abort(psa_sign_hash_interruptible_operation_t * operation)688 static inline psa_status_t psa_driver_wrapper_sign_hash_abort(
689 psa_sign_hash_interruptible_operation_t *operation )
690 {
691 switch( operation->id )
692 {
693 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
694 return( mbedtls_psa_sign_hash_abort( &operation->ctx.mbedtls_ctx ) );
695
696 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
697 #if defined(PSA_CRYPTO_DRIVER_TEST)
698 /* Add test driver tests here */
699
700 #endif /* PSA_CRYPTO_DRIVER_TEST */
701 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
702 }
703
704 return( PSA_ERROR_INVALID_ARGUMENT );
705 }
706
psa_driver_wrapper_verify_hash_start(psa_verify_hash_interruptible_operation_t * operation,const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * hash,size_t hash_length,const uint8_t * signature,size_t signature_length)707 static inline psa_status_t psa_driver_wrapper_verify_hash_start(
708 psa_verify_hash_interruptible_operation_t *operation,
709 const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
710 size_t key_buffer_size, psa_algorithm_t alg,
711 const uint8_t *hash, size_t hash_length,
712 const uint8_t *signature, size_t signature_length )
713 {
714 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
715 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
716 psa_get_key_lifetime(attributes) );
717
718 switch( location )
719 {
720 case PSA_KEY_LOCATION_LOCAL_STORAGE:
721 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
722 case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
723 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
724 /* Key is stored in the slot in export representation, so
725 * cycle through all known transparent accelerators */
726
727 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
728 #if defined(PSA_CRYPTO_DRIVER_TEST)
729
730 /* Add test driver tests here */
731
732 /* Declared with fallback == true */
733
734 #endif /* PSA_CRYPTO_DRIVER_TEST */
735 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
736
737 /* Fell through, meaning no accelerator supports this operation */
738 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
739 status = mbedtls_psa_verify_hash_start( &operation->ctx.mbedtls_ctx,
740 attributes,
741 key_buffer, key_buffer_size,
742 alg, hash, hash_length,
743 signature, signature_length );
744 break;
745
746 /* Add cases for opaque driver here */
747
748 default:
749 /* Key is declared with a lifetime not known to us */
750 status = PSA_ERROR_INVALID_ARGUMENT;
751 break;
752 }
753
754 return( status );
755 }
756
psa_driver_wrapper_verify_hash_complete(psa_verify_hash_interruptible_operation_t * operation)757 static inline psa_status_t psa_driver_wrapper_verify_hash_complete(
758 psa_verify_hash_interruptible_operation_t *operation )
759 {
760 switch( operation->id )
761 {
762 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
763 return( mbedtls_psa_verify_hash_complete(
764 &operation->ctx.mbedtls_ctx
765 ) );
766
767 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
768 #if defined(PSA_CRYPTO_DRIVER_TEST)
769 /* Add test driver tests here */
770
771 #endif /* PSA_CRYPTO_DRIVER_TEST */
772 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
773 }
774
775 return( PSA_ERROR_INVALID_ARGUMENT );
776 }
777
psa_driver_wrapper_verify_hash_abort(psa_verify_hash_interruptible_operation_t * operation)778 static inline psa_status_t psa_driver_wrapper_verify_hash_abort(
779 psa_verify_hash_interruptible_operation_t *operation )
780 {
781 switch( operation->id )
782 {
783 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
784 return( mbedtls_psa_verify_hash_abort( &operation->ctx.mbedtls_ctx
785 ) );
786
787 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
788 #if defined(PSA_CRYPTO_DRIVER_TEST)
789 /* Add test driver tests here */
790
791 #endif /* PSA_CRYPTO_DRIVER_TEST */
792 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
793 }
794
795 return( PSA_ERROR_INVALID_ARGUMENT );
796 }
797
798 /** Calculate the key buffer size required to store the key material of a key
799 * associated with an opaque driver from input key data.
800 *
801 * \param[in] attributes The key attributes
802 * \param[in] data The input key data.
803 * \param[in] data_length The input data length.
804 * \param[out] key_buffer_size Minimum buffer size to contain the key material.
805 *
806 * \retval #PSA_SUCCESS \emptydescription
807 * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
808 * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
809 */
psa_driver_wrapper_get_key_buffer_size_from_key_data(const psa_key_attributes_t * attributes,const uint8_t * data,size_t data_length,size_t * key_buffer_size)810 static inline psa_status_t psa_driver_wrapper_get_key_buffer_size_from_key_data(
811 const psa_key_attributes_t *attributes,
812 const uint8_t *data,
813 size_t data_length,
814 size_t *key_buffer_size )
815 {
816 psa_key_location_t location =
817 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
818 psa_key_type_t key_type = psa_get_key_type(attributes);
819
820 *key_buffer_size = 0;
821 switch( location )
822 {
823 #if defined(PSA_CRYPTO_DRIVER_TEST)
824 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
825 *key_buffer_size = mbedtls_test_opaque_size_function( key_type,
826 PSA_BYTES_TO_BITS( data_length ) );
827 return( ( *key_buffer_size != 0 ) ?
828 PSA_SUCCESS : PSA_ERROR_NOT_SUPPORTED );
829 #endif /* PSA_CRYPTO_DRIVER_TEST */
830
831 default:
832 (void)key_type;
833 (void)data;
834 (void)data_length;
835 return( PSA_ERROR_INVALID_ARGUMENT );
836 }
837 }
838
psa_driver_wrapper_generate_key(const psa_key_attributes_t * attributes,const psa_key_production_parameters_t * params,size_t params_data_length,uint8_t * key_buffer,size_t key_buffer_size,size_t * key_buffer_length)839 static inline psa_status_t psa_driver_wrapper_generate_key(
840 const psa_key_attributes_t *attributes,
841 const psa_key_production_parameters_t *params, size_t params_data_length,
842 uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
843 {
844 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
845 psa_key_location_t location =
846 PSA_KEY_LIFETIME_GET_LOCATION(psa_get_key_lifetime(attributes));
847
848 #if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE)
849 int is_default_production =
850 psa_key_production_parameters_are_default(params, params_data_length);
851 if( location != PSA_KEY_LOCATION_LOCAL_STORAGE && !is_default_production )
852 {
853 /* We don't support passing custom production parameters
854 * to drivers yet. */
855 return PSA_ERROR_NOT_SUPPORTED;
856 }
857 #else
858 int is_default_production = 1;
859 (void) is_default_production;
860 #endif
861
862 /* Try dynamically-registered SE interface first */
863 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
864 const psa_drv_se_t *drv;
865 psa_drv_se_context_t *drv_context;
866
867 if( psa_get_se_driver( psa_get_key_lifetime(attributes), &drv, &drv_context ) )
868 {
869 size_t pubkey_length = 0; /* We don't support this feature yet */
870 if( drv->key_management == NULL ||
871 drv->key_management->p_generate == NULL )
872 {
873 /* Key is defined as being in SE, but we have no way to generate it */
874 return( PSA_ERROR_NOT_SUPPORTED );
875 }
876 return( drv->key_management->p_generate(
877 drv_context,
878 *( (psa_key_slot_number_t *)key_buffer ),
879 attributes, NULL, 0, &pubkey_length ) );
880 }
881 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
882
883 switch( location )
884 {
885 case PSA_KEY_LOCATION_LOCAL_STORAGE:
886 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
887 case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
888 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
889 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
890 /* Transparent drivers are limited to generating asymmetric keys. */
891 /* We don't support passing custom production parameters
892 * to drivers yet. */
893 if( PSA_KEY_TYPE_IS_ASYMMETRIC( psa_get_key_type(attributes) ) &&
894 is_default_production )
895 {
896 /* Cycle through all known transparent accelerators */
897 #if defined(PSA_CRYPTO_DRIVER_TEST)
898 status = mbedtls_test_transparent_generate_key(
899 attributes, key_buffer, key_buffer_size,
900 key_buffer_length );
901 /* Declared with fallback == true */
902 if( status != PSA_ERROR_NOT_SUPPORTED )
903 break;
904 #endif /* PSA_CRYPTO_DRIVER_TEST */
905 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
906 status = cc3xx_generate_key(
907 attributes, key_buffer, key_buffer_size,
908 key_buffer_length );
909 break;
910 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
911 #if defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED)
912 if( PSA_KEY_TYPE_IS_ECC( psa_get_key_type(attributes) ) &&
913 psa_get_key_type(attributes) == PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1) &&
914 psa_get_key_bits(attributes) == 256 )
915 {
916 status = p256_transparent_generate_key( attributes,
917 key_buffer,
918 key_buffer_size,
919 key_buffer_length );
920 if( status != PSA_ERROR_NOT_SUPPORTED )
921 break;
922 }
923
924 #endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */
925 }
926 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
927
928 /* Software fallback */
929 status = psa_generate_key_internal(
930 attributes, params, params_data_length,
931 key_buffer, key_buffer_size, key_buffer_length );
932 break;
933
934 /* Add cases for opaque driver here */
935 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
936 #if defined(PSA_CRYPTO_DRIVER_TEST)
937 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
938 status = mbedtls_test_opaque_generate_key(
939 attributes, key_buffer, key_buffer_size, key_buffer_length );
940 break;
941 #endif /* PSA_CRYPTO_DRIVER_TEST */
942 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
943
944 default:
945 /* Key is declared with a lifetime not known to us */
946 status = PSA_ERROR_INVALID_ARGUMENT;
947 break;
948 }
949
950 return( status );
951 }
952
psa_driver_wrapper_import_key(const psa_key_attributes_t * attributes,const uint8_t * data,size_t data_length,uint8_t * key_buffer,size_t key_buffer_size,size_t * key_buffer_length,size_t * bits)953 static inline psa_status_t psa_driver_wrapper_import_key(
954 const psa_key_attributes_t *attributes,
955 const uint8_t *data,
956 size_t data_length,
957 uint8_t *key_buffer,
958 size_t key_buffer_size,
959 size_t *key_buffer_length,
960 size_t *bits )
961 {
962
963 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
964 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
965 psa_get_key_lifetime( attributes ) );
966
967 /* Try dynamically-registered SE interface first */
968 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
969 const psa_drv_se_t *drv;
970 psa_drv_se_context_t *drv_context;
971
972 if( psa_get_se_driver( psa_get_key_lifetime(attributes), &drv, &drv_context ) )
973 {
974 if( drv->key_management == NULL ||
975 drv->key_management->p_import == NULL )
976 return( PSA_ERROR_NOT_SUPPORTED );
977
978 /* The driver should set the number of key bits, however in
979 * case it doesn't, we initialize bits to an invalid value. */
980 *bits = PSA_MAX_KEY_BITS + 1;
981 status = drv->key_management->p_import(
982 drv_context,
983 *( (psa_key_slot_number_t *)key_buffer ),
984 attributes, data, data_length, bits );
985
986 if( status != PSA_SUCCESS )
987 return( status );
988
989 if( (*bits) > PSA_MAX_KEY_BITS )
990 return( PSA_ERROR_NOT_SUPPORTED );
991
992 return( PSA_SUCCESS );
993 }
994 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
995
996 switch( location )
997 {
998 case PSA_KEY_LOCATION_LOCAL_STORAGE:
999 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
1000 case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
1001 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
1002 /* Key is stored in the slot in export representation, so
1003 * cycle through all known transparent accelerators */
1004 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1005
1006 #if (defined(PSA_CRYPTO_DRIVER_TEST) )
1007 status = mbedtls_test_transparent_import_key
1008 (attributes,
1009 data,
1010 data_length,
1011 key_buffer,
1012 key_buffer_size,
1013 key_buffer_length,
1014 bits
1015 );
1016
1017 if( status != PSA_ERROR_NOT_SUPPORTED )
1018 return( status );
1019 #endif
1020
1021 #if (defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED) )
1022 status = p256_transparent_import_key
1023 (attributes,
1024 data,
1025 data_length,
1026 key_buffer,
1027 key_buffer_size,
1028 key_buffer_length,
1029 bits
1030 );
1031
1032 if( status != PSA_ERROR_NOT_SUPPORTED )
1033 return( status );
1034 #endif
1035
1036
1037 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1038
1039 /* Fell through, meaning no accelerator supports this operation */
1040 return( psa_import_key_into_slot( attributes,
1041 data, data_length,
1042 key_buffer, key_buffer_size,
1043 key_buffer_length, bits ) );
1044 /* Add cases for opaque driver here */
1045 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1046
1047 #if (defined(PSA_CRYPTO_DRIVER_TEST) )
1048 case 0x7fffff:
1049 return( mbedtls_test_opaque_import_key
1050 (attributes,
1051 data,
1052 data_length,
1053 key_buffer,
1054 key_buffer_size,
1055 key_buffer_length,
1056 bits
1057 ));
1058 #endif
1059
1060
1061 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1062 default:
1063 (void)status;
1064 return( PSA_ERROR_INVALID_ARGUMENT );
1065 }
1066
1067 }
1068
psa_driver_wrapper_export_key(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,uint8_t * data,size_t data_size,size_t * data_length)1069 static inline psa_status_t psa_driver_wrapper_export_key(
1070 const psa_key_attributes_t *attributes,
1071 const uint8_t *key_buffer, size_t key_buffer_size,
1072 uint8_t *data, size_t data_size, size_t *data_length )
1073
1074 {
1075
1076 psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
1077 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
1078 psa_get_key_lifetime( attributes ) );
1079
1080 /* Try dynamically-registered SE interface first */
1081 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
1082 const psa_drv_se_t *drv;
1083 psa_drv_se_context_t *drv_context;
1084
1085 if( psa_get_se_driver( psa_get_key_lifetime(attributes), &drv, &drv_context ) )
1086 {
1087 if( ( drv->key_management == NULL ) ||
1088 ( drv->key_management->p_export == NULL ) )
1089 {
1090 return( PSA_ERROR_NOT_SUPPORTED );
1091 }
1092
1093 return( drv->key_management->p_export(
1094 drv_context,
1095 *( (psa_key_slot_number_t *)key_buffer ),
1096 data, data_size, data_length ) );
1097 }
1098 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
1099
1100 switch( location )
1101 {
1102 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1103 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
1104 case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
1105 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
1106 return( psa_export_key_internal( attributes,
1107 key_buffer,
1108 key_buffer_size,
1109 data,
1110 data_size,
1111 data_length ) );
1112
1113 /* Add cases for opaque driver here */
1114 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1115
1116 #if (defined(PSA_CRYPTO_DRIVER_TEST) )
1117 case 0x7fffff:
1118 return( mbedtls_test_opaque_export_key
1119 (attributes,
1120 key_buffer,
1121 key_buffer_size,
1122 data,
1123 data_size,
1124 data_length
1125 ));
1126 #endif
1127
1128
1129 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1130 default:
1131 /* Key is declared with a lifetime not known to us */
1132 return( status );
1133 }
1134
1135 }
1136
psa_driver_wrapper_copy_key(psa_key_attributes_t * attributes,const uint8_t * source_key,size_t source_key_length,uint8_t * target_key_buffer,size_t target_key_buffer_size,size_t * target_key_buffer_length)1137 static inline psa_status_t psa_driver_wrapper_copy_key(
1138 psa_key_attributes_t *attributes,
1139 const uint8_t *source_key, size_t source_key_length,
1140 uint8_t *target_key_buffer, size_t target_key_buffer_size,
1141 size_t *target_key_buffer_length )
1142 {
1143
1144 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1145 psa_key_location_t location =
1146 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
1147
1148 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
1149 const psa_drv_se_t *drv;
1150 psa_drv_se_context_t *drv_context;
1151
1152 if( psa_get_se_driver( psa_get_key_lifetime(attributes), &drv, &drv_context ) )
1153 {
1154 /* Copying to a secure element is not implemented yet. */
1155 return( PSA_ERROR_NOT_SUPPORTED );
1156 }
1157 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
1158
1159 switch( location )
1160 {
1161 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1162
1163 #if (defined(PSA_CRYPTO_DRIVER_TEST) )
1164 case 0x7fffff:
1165 return( mbedtls_test_opaque_copy_key
1166 (attributes,
1167 source_key,
1168 source_key_length,
1169 target_key_buffer,
1170 target_key_buffer_size,
1171 target_key_buffer_length
1172 ));
1173 #endif
1174
1175
1176 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1177 default:
1178 (void)source_key;
1179 (void)source_key_length;
1180 (void)target_key_buffer;
1181 (void)target_key_buffer_size;
1182 (void)target_key_buffer_length;
1183 status = PSA_ERROR_INVALID_ARGUMENT;
1184 }
1185 return( status );
1186
1187 }
1188
1189 /*
1190 * Cipher functions
1191 */
psa_driver_wrapper_cipher_encrypt(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * iv,size_t iv_length,const uint8_t * input,size_t input_length,uint8_t * output,size_t output_size,size_t * output_length)1192 static inline psa_status_t psa_driver_wrapper_cipher_encrypt(
1193 const psa_key_attributes_t *attributes,
1194 const uint8_t *key_buffer,
1195 size_t key_buffer_size,
1196 psa_algorithm_t alg,
1197 const uint8_t *iv,
1198 size_t iv_length,
1199 const uint8_t *input,
1200 size_t input_length,
1201 uint8_t *output,
1202 size_t output_size,
1203 size_t *output_length )
1204 {
1205 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1206 psa_key_location_t location =
1207 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
1208
1209 switch( location )
1210 {
1211 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1212 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
1213 case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
1214 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
1215 /* Key is stored in the slot in export representation, so
1216 * cycle through all known transparent accelerators */
1217 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1218 #if defined(PSA_CRYPTO_DRIVER_TEST)
1219 status = mbedtls_test_transparent_cipher_encrypt( attributes,
1220 key_buffer,
1221 key_buffer_size,
1222 alg,
1223 iv,
1224 iv_length,
1225 input,
1226 input_length,
1227 output,
1228 output_size,
1229 output_length );
1230 /* Declared with fallback == true */
1231 if( status != PSA_ERROR_NOT_SUPPORTED )
1232 return( status );
1233 #endif /* PSA_CRYPTO_DRIVER_TEST */
1234 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
1235 status = cc3xx_cipher_encrypt( attributes,
1236 key_buffer,
1237 key_buffer_size,
1238 alg,
1239 iv,
1240 iv_length,
1241 input,
1242 input_length,
1243 output,
1244 output_size,
1245 output_length );
1246 return( status );
1247 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
1248 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1249
1250 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1251 return( mbedtls_psa_cipher_encrypt( attributes,
1252 key_buffer,
1253 key_buffer_size,
1254 alg,
1255 iv,
1256 iv_length,
1257 input,
1258 input_length,
1259 output,
1260 output_size,
1261 output_length ) );
1262 #else
1263 return( PSA_ERROR_NOT_SUPPORTED );
1264 #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1265
1266 /* Add cases for opaque driver here */
1267 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1268 #if defined(PSA_CRYPTO_DRIVER_TEST)
1269 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
1270 return( mbedtls_test_opaque_cipher_encrypt( attributes,
1271 key_buffer,
1272 key_buffer_size,
1273 alg,
1274 iv,
1275 iv_length,
1276 input,
1277 input_length,
1278 output,
1279 output_size,
1280 output_length ) );
1281 #endif /* PSA_CRYPTO_DRIVER_TEST */
1282 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1283
1284 default:
1285 /* Key is declared with a lifetime not known to us */
1286 (void)status;
1287 (void)key_buffer;
1288 (void)key_buffer_size;
1289 (void)alg;
1290 (void)iv;
1291 (void)iv_length;
1292 (void)input;
1293 (void)input_length;
1294 (void)output;
1295 (void)output_size;
1296 (void)output_length;
1297 return( PSA_ERROR_INVALID_ARGUMENT );
1298 }
1299 }
1300
psa_driver_wrapper_cipher_decrypt(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * input,size_t input_length,uint8_t * output,size_t output_size,size_t * output_length)1301 static inline psa_status_t psa_driver_wrapper_cipher_decrypt(
1302 const psa_key_attributes_t *attributes,
1303 const uint8_t *key_buffer,
1304 size_t key_buffer_size,
1305 psa_algorithm_t alg,
1306 const uint8_t *input,
1307 size_t input_length,
1308 uint8_t *output,
1309 size_t output_size,
1310 size_t *output_length )
1311 {
1312 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1313 psa_key_location_t location =
1314 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
1315
1316 switch( location )
1317 {
1318 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1319 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
1320 case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
1321 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
1322 /* Key is stored in the slot in export representation, so
1323 * cycle through all known transparent accelerators */
1324 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1325 #if defined(PSA_CRYPTO_DRIVER_TEST)
1326 status = mbedtls_test_transparent_cipher_decrypt( attributes,
1327 key_buffer,
1328 key_buffer_size,
1329 alg,
1330 input,
1331 input_length,
1332 output,
1333 output_size,
1334 output_length );
1335 /* Declared with fallback == true */
1336 if( status != PSA_ERROR_NOT_SUPPORTED )
1337 return( status );
1338 #endif /* PSA_CRYPTO_DRIVER_TEST */
1339 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
1340 status = cc3xx_cipher_decrypt( attributes,
1341 key_buffer,
1342 key_buffer_size,
1343 alg,
1344 input,
1345 input_length,
1346 output,
1347 output_size,
1348 output_length );
1349 return( status );
1350 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
1351 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1352
1353 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1354 return( mbedtls_psa_cipher_decrypt( attributes,
1355 key_buffer,
1356 key_buffer_size,
1357 alg,
1358 input,
1359 input_length,
1360 output,
1361 output_size,
1362 output_length ) );
1363 #else
1364 return( PSA_ERROR_NOT_SUPPORTED );
1365 #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1366
1367 /* Add cases for opaque driver here */
1368 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1369 #if defined(PSA_CRYPTO_DRIVER_TEST)
1370 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
1371 return( mbedtls_test_opaque_cipher_decrypt( attributes,
1372 key_buffer,
1373 key_buffer_size,
1374 alg,
1375 input,
1376 input_length,
1377 output,
1378 output_size,
1379 output_length ) );
1380 #endif /* PSA_CRYPTO_DRIVER_TEST */
1381 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1382
1383 default:
1384 /* Key is declared with a lifetime not known to us */
1385 (void)status;
1386 (void)key_buffer;
1387 (void)key_buffer_size;
1388 (void)alg;
1389 (void)input;
1390 (void)input_length;
1391 (void)output;
1392 (void)output_size;
1393 (void)output_length;
1394 return( PSA_ERROR_INVALID_ARGUMENT );
1395 }
1396 }
1397
psa_driver_wrapper_cipher_encrypt_setup(psa_cipher_operation_t * operation,const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg)1398 static inline psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
1399 psa_cipher_operation_t *operation,
1400 const psa_key_attributes_t *attributes,
1401 const uint8_t *key_buffer, size_t key_buffer_size,
1402 psa_algorithm_t alg )
1403 {
1404 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1405 psa_key_location_t location =
1406 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
1407
1408 switch( location )
1409 {
1410 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1411 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
1412 case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
1413 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
1414 /* Key is stored in the slot in export representation, so
1415 * cycle through all known transparent accelerators */
1416 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1417 #if defined(PSA_CRYPTO_DRIVER_TEST)
1418 status = mbedtls_test_transparent_cipher_encrypt_setup(
1419 &operation->ctx.transparent_test_driver_ctx,
1420 attributes,
1421 key_buffer,
1422 key_buffer_size,
1423 alg );
1424 /* Declared with fallback == true */
1425 if( status == PSA_SUCCESS )
1426 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
1427
1428 if( status != PSA_ERROR_NOT_SUPPORTED )
1429 return( status );
1430 #endif /* PSA_CRYPTO_DRIVER_TEST */
1431 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
1432 status = cc3xx_cipher_encrypt_setup(
1433 &operation->ctx.cc3xx_driver_ctx,
1434 attributes,
1435 key_buffer,
1436 key_buffer_size,
1437 alg );
1438 operation->id = PSA_CRYPTO_CC3XX_DRIVER_ID;
1439 return( status );
1440 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
1441 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1442 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1443 /* Fell through, meaning no accelerator supports this operation */
1444 status = mbedtls_psa_cipher_encrypt_setup( &operation->ctx.mbedtls_ctx,
1445 attributes,
1446 key_buffer,
1447 key_buffer_size,
1448 alg );
1449 if( status == PSA_SUCCESS )
1450 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1451
1452 if( status != PSA_ERROR_NOT_SUPPORTED )
1453 return( status );
1454 #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1455 return( PSA_ERROR_NOT_SUPPORTED );
1456
1457 /* Add cases for opaque driver here */
1458 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1459 #if defined(PSA_CRYPTO_DRIVER_TEST)
1460 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
1461 status = mbedtls_test_opaque_cipher_encrypt_setup(
1462 &operation->ctx.opaque_test_driver_ctx,
1463 attributes,
1464 key_buffer, key_buffer_size,
1465 alg );
1466
1467 if( status == PSA_SUCCESS )
1468 operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID;
1469
1470 return( status );
1471 #endif /* PSA_CRYPTO_DRIVER_TEST */
1472 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1473 default:
1474 /* Key is declared with a lifetime not known to us */
1475 (void)status;
1476 (void)operation;
1477 (void)key_buffer;
1478 (void)key_buffer_size;
1479 (void)alg;
1480 return( PSA_ERROR_INVALID_ARGUMENT );
1481 }
1482 }
1483
psa_driver_wrapper_cipher_decrypt_setup(psa_cipher_operation_t * operation,const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg)1484 static inline psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
1485 psa_cipher_operation_t *operation,
1486 const psa_key_attributes_t *attributes,
1487 const uint8_t *key_buffer, size_t key_buffer_size,
1488 psa_algorithm_t alg )
1489 {
1490 psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
1491 psa_key_location_t location =
1492 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
1493
1494 switch( location )
1495 {
1496 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1497 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
1498 case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
1499 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
1500 /* Key is stored in the slot in export representation, so
1501 * cycle through all known transparent accelerators */
1502 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1503 #if defined(PSA_CRYPTO_DRIVER_TEST)
1504 status = mbedtls_test_transparent_cipher_decrypt_setup(
1505 &operation->ctx.transparent_test_driver_ctx,
1506 attributes,
1507 key_buffer,
1508 key_buffer_size,
1509 alg );
1510 /* Declared with fallback == true */
1511 if( status == PSA_SUCCESS )
1512 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
1513
1514 if( status != PSA_ERROR_NOT_SUPPORTED )
1515 return( status );
1516 #endif /* PSA_CRYPTO_DRIVER_TEST */
1517 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
1518 status = cc3xx_cipher_decrypt_setup(
1519 &operation->ctx.cc3xx_driver_ctx,
1520 attributes,
1521 key_buffer,
1522 key_buffer_size,
1523 alg );
1524 operation->id = PSA_CRYPTO_CC3XX_DRIVER_ID;
1525 return( status );
1526 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
1527 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1528 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1529 /* Fell through, meaning no accelerator supports this operation */
1530 status = mbedtls_psa_cipher_decrypt_setup( &operation->ctx.mbedtls_ctx,
1531 attributes,
1532 key_buffer,
1533 key_buffer_size,
1534 alg );
1535 if( status == PSA_SUCCESS )
1536 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1537
1538 return( status );
1539 #else /* MBEDTLS_PSA_BUILTIN_CIPHER */
1540 return( PSA_ERROR_NOT_SUPPORTED );
1541 #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1542
1543 /* Add cases for opaque driver here */
1544 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1545 #if defined(PSA_CRYPTO_DRIVER_TEST)
1546 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
1547 status = mbedtls_test_opaque_cipher_decrypt_setup(
1548 &operation->ctx.opaque_test_driver_ctx,
1549 attributes,
1550 key_buffer, key_buffer_size,
1551 alg );
1552
1553 if( status == PSA_SUCCESS )
1554 operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID;
1555
1556 return( status );
1557 #endif /* PSA_CRYPTO_DRIVER_TEST */
1558 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1559 default:
1560 /* Key is declared with a lifetime not known to us */
1561 (void)status;
1562 (void)operation;
1563 (void)key_buffer;
1564 (void)key_buffer_size;
1565 (void)alg;
1566 return( PSA_ERROR_INVALID_ARGUMENT );
1567 }
1568 }
1569
psa_driver_wrapper_cipher_set_iv(psa_cipher_operation_t * operation,const uint8_t * iv,size_t iv_length)1570 static inline psa_status_t psa_driver_wrapper_cipher_set_iv(
1571 psa_cipher_operation_t *operation,
1572 const uint8_t *iv,
1573 size_t iv_length )
1574 {
1575 switch( operation->id )
1576 {
1577 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1578 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1579 return( mbedtls_psa_cipher_set_iv( &operation->ctx.mbedtls_ctx,
1580 iv,
1581 iv_length ) );
1582 #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1583
1584 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1585 #if defined(PSA_CRYPTO_DRIVER_TEST)
1586 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1587 return( mbedtls_test_transparent_cipher_set_iv(
1588 &operation->ctx.transparent_test_driver_ctx,
1589 iv, iv_length ) );
1590
1591 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
1592 return( mbedtls_test_opaque_cipher_set_iv(
1593 &operation->ctx.opaque_test_driver_ctx,
1594 iv, iv_length ) );
1595 #endif /* PSA_CRYPTO_DRIVER_TEST */
1596 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
1597 case PSA_CRYPTO_CC3XX_DRIVER_ID:
1598 return( cc3xx_cipher_set_iv(
1599 &operation->ctx.cc3xx_driver_ctx,
1600 iv, iv_length ) );
1601 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
1602 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1603 }
1604
1605 (void)iv;
1606 (void)iv_length;
1607
1608 return( PSA_ERROR_INVALID_ARGUMENT );
1609 }
1610
psa_driver_wrapper_cipher_update(psa_cipher_operation_t * operation,const uint8_t * input,size_t input_length,uint8_t * output,size_t output_size,size_t * output_length)1611 static inline psa_status_t psa_driver_wrapper_cipher_update(
1612 psa_cipher_operation_t *operation,
1613 const uint8_t *input,
1614 size_t input_length,
1615 uint8_t *output,
1616 size_t output_size,
1617 size_t *output_length )
1618 {
1619 switch( operation->id )
1620 {
1621 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1622 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1623 return( mbedtls_psa_cipher_update( &operation->ctx.mbedtls_ctx,
1624 input,
1625 input_length,
1626 output,
1627 output_size,
1628 output_length ) );
1629 #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1630
1631 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1632 #if defined(PSA_CRYPTO_DRIVER_TEST)
1633 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1634 return( mbedtls_test_transparent_cipher_update(
1635 &operation->ctx.transparent_test_driver_ctx,
1636 input, input_length,
1637 output, output_size, output_length ) );
1638
1639 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
1640 return( mbedtls_test_opaque_cipher_update(
1641 &operation->ctx.opaque_test_driver_ctx,
1642 input, input_length,
1643 output, output_size, output_length ) );
1644 #endif /* PSA_CRYPTO_DRIVER_TEST */
1645 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
1646 case PSA_CRYPTO_CC3XX_DRIVER_ID:
1647 return( cc3xx_cipher_update(
1648 &operation->ctx.cc3xx_driver_ctx,
1649 input, input_length,
1650 output, output_size, output_length ) );
1651 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
1652 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1653 }
1654
1655 (void)input;
1656 (void)input_length;
1657 (void)output;
1658 (void)output_size;
1659 (void)output_length;
1660
1661 return( PSA_ERROR_INVALID_ARGUMENT );
1662 }
1663
psa_driver_wrapper_cipher_finish(psa_cipher_operation_t * operation,uint8_t * output,size_t output_size,size_t * output_length)1664 static inline psa_status_t psa_driver_wrapper_cipher_finish(
1665 psa_cipher_operation_t *operation,
1666 uint8_t *output,
1667 size_t output_size,
1668 size_t *output_length )
1669 {
1670 switch( operation->id )
1671 {
1672 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1673 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1674 return( mbedtls_psa_cipher_finish( &operation->ctx.mbedtls_ctx,
1675 output,
1676 output_size,
1677 output_length ) );
1678 #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1679
1680 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1681 #if defined(PSA_CRYPTO_DRIVER_TEST)
1682 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1683 return( mbedtls_test_transparent_cipher_finish(
1684 &operation->ctx.transparent_test_driver_ctx,
1685 output, output_size, output_length ) );
1686
1687 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
1688 return( mbedtls_test_opaque_cipher_finish(
1689 &operation->ctx.opaque_test_driver_ctx,
1690 output, output_size, output_length ) );
1691 #endif /* PSA_CRYPTO_DRIVER_TEST */
1692 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
1693 case PSA_CRYPTO_CC3XX_DRIVER_ID:
1694 return( cc3xx_cipher_finish(
1695 &operation->ctx.cc3xx_driver_ctx,
1696 output, output_size, output_length ) );
1697 #endif /* PSA_CRYPTO_DRIVER_CC3XX*/
1698 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1699 }
1700
1701 (void)output;
1702 (void)output_size;
1703 (void)output_length;
1704
1705 return( PSA_ERROR_INVALID_ARGUMENT );
1706 }
1707
psa_driver_wrapper_cipher_abort(psa_cipher_operation_t * operation)1708 static inline psa_status_t psa_driver_wrapper_cipher_abort(
1709 psa_cipher_operation_t *operation )
1710 {
1711 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1712
1713 switch( operation->id )
1714 {
1715 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1716 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1717 return( mbedtls_psa_cipher_abort( &operation->ctx.mbedtls_ctx ) );
1718 #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1719
1720 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1721 #if defined(PSA_CRYPTO_DRIVER_TEST)
1722 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1723 status = mbedtls_test_transparent_cipher_abort(
1724 &operation->ctx.transparent_test_driver_ctx );
1725 mbedtls_platform_zeroize(
1726 &operation->ctx.transparent_test_driver_ctx,
1727 sizeof( operation->ctx.transparent_test_driver_ctx ) );
1728 return( status );
1729
1730 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
1731 status = mbedtls_test_opaque_cipher_abort(
1732 &operation->ctx.opaque_test_driver_ctx );
1733 mbedtls_platform_zeroize(
1734 &operation->ctx.opaque_test_driver_ctx,
1735 sizeof( operation->ctx.opaque_test_driver_ctx ) );
1736 return( status );
1737 #endif /* PSA_CRYPTO_DRIVER_TEST */
1738 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
1739 case PSA_CRYPTO_CC3XX_DRIVER_ID:
1740 status = cc3xx_cipher_abort(
1741 &operation->ctx.cc3xx_driver_ctx );
1742 mbedtls_platform_zeroize(
1743 &operation->ctx.cc3xx_driver_ctx,
1744 sizeof( operation->ctx.cc3xx_driver_ctx ) );
1745 return( status );
1746 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
1747 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1748 }
1749
1750 (void)status;
1751 return( PSA_ERROR_INVALID_ARGUMENT );
1752 }
1753
1754 /*
1755 * Hashing functions
1756 */
psa_driver_wrapper_hash_compute(psa_algorithm_t alg,const uint8_t * input,size_t input_length,uint8_t * hash,size_t hash_size,size_t * hash_length)1757 static inline psa_status_t psa_driver_wrapper_hash_compute(
1758 psa_algorithm_t alg,
1759 const uint8_t *input,
1760 size_t input_length,
1761 uint8_t *hash,
1762 size_t hash_size,
1763 size_t *hash_length)
1764 {
1765 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1766
1767 /* Try accelerators first */
1768 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1769 #if defined(PSA_CRYPTO_DRIVER_TEST)
1770 status = mbedtls_test_transparent_hash_compute(
1771 alg, input, input_length, hash, hash_size, hash_length );
1772 if( status != PSA_ERROR_NOT_SUPPORTED )
1773 return( status );
1774 #endif /* PSA_CRYPTO_DRIVER_TEST */
1775 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
1776 status = cc3xx_hash_compute(alg, input, input_length, hash, hash_size,
1777 hash_length);
1778 return status;
1779 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
1780 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1781
1782 /* If software fallback is compiled in, try fallback */
1783 #if defined(MBEDTLS_PSA_BUILTIN_HASH)
1784 status = mbedtls_psa_hash_compute( alg, input, input_length,
1785 hash, hash_size, hash_length );
1786 if( status != PSA_ERROR_NOT_SUPPORTED )
1787 return( status );
1788 #endif
1789 (void) status;
1790 (void) alg;
1791 (void) input;
1792 (void) input_length;
1793 (void) hash;
1794 (void) hash_size;
1795 (void) hash_length;
1796
1797 return( PSA_ERROR_NOT_SUPPORTED );
1798 }
1799
psa_driver_wrapper_hash_setup(psa_hash_operation_t * operation,psa_algorithm_t alg)1800 static inline psa_status_t psa_driver_wrapper_hash_setup(
1801 psa_hash_operation_t *operation,
1802 psa_algorithm_t alg )
1803 {
1804 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1805
1806 /* Try setup on accelerators first */
1807 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1808 #if defined(PSA_CRYPTO_DRIVER_TEST)
1809 status = mbedtls_test_transparent_hash_setup(
1810 &operation->ctx.test_driver_ctx, alg );
1811 if( status == PSA_SUCCESS )
1812 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
1813
1814 if( status != PSA_ERROR_NOT_SUPPORTED )
1815 return( status );
1816 #endif /* PSA_CRYPTO_DRIVER_TEST */
1817 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
1818 status = cc3xx_hash_setup(&operation->ctx.cc3xx_driver_ctx, alg);
1819 operation->id = PSA_CRYPTO_CC3XX_DRIVER_ID;
1820 return( status );
1821 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
1822 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1823
1824 /* If software fallback is compiled in, try fallback */
1825 #if defined(MBEDTLS_PSA_BUILTIN_HASH)
1826 status = mbedtls_psa_hash_setup( &operation->ctx.mbedtls_ctx, alg );
1827 if( status == PSA_SUCCESS )
1828 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1829
1830 if( status != PSA_ERROR_NOT_SUPPORTED )
1831 return( status );
1832 #endif
1833 /* Nothing left to try if we fall through here */
1834 (void) status;
1835 (void) operation;
1836 (void) alg;
1837 return( PSA_ERROR_NOT_SUPPORTED );
1838 }
1839
psa_driver_wrapper_hash_clone(const psa_hash_operation_t * source_operation,psa_hash_operation_t * target_operation)1840 static inline psa_status_t psa_driver_wrapper_hash_clone(
1841 const psa_hash_operation_t *source_operation,
1842 psa_hash_operation_t *target_operation )
1843 {
1844 switch( source_operation->id )
1845 {
1846 #if defined(MBEDTLS_PSA_BUILTIN_HASH)
1847 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1848 target_operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1849 return( mbedtls_psa_hash_clone( &source_operation->ctx.mbedtls_ctx,
1850 &target_operation->ctx.mbedtls_ctx ) );
1851 #endif
1852 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1853 #if defined(PSA_CRYPTO_DRIVER_TEST)
1854 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1855 target_operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
1856 return( mbedtls_test_transparent_hash_clone(
1857 &source_operation->ctx.test_driver_ctx,
1858 &target_operation->ctx.test_driver_ctx ) );
1859 #endif /* PSA_CRYPTO_DRIVER_TEST */
1860 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
1861 case PSA_CRYPTO_CC3XX_DRIVER_ID:
1862 target_operation->id = PSA_CRYPTO_CC3XX_DRIVER_ID;
1863 return( cc3xx_hash_clone(
1864 &source_operation->ctx.cc3xx_driver_ctx,
1865 &target_operation->ctx.cc3xx_driver_ctx ) );
1866
1867 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
1868 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1869 default:
1870 (void) target_operation;
1871 return( PSA_ERROR_BAD_STATE );
1872 }
1873 }
1874
psa_driver_wrapper_hash_update(psa_hash_operation_t * operation,const uint8_t * input,size_t input_length)1875 static inline psa_status_t psa_driver_wrapper_hash_update(
1876 psa_hash_operation_t *operation,
1877 const uint8_t *input,
1878 size_t input_length )
1879 {
1880 switch( operation->id )
1881 {
1882 #if defined(MBEDTLS_PSA_BUILTIN_HASH)
1883 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1884 return( mbedtls_psa_hash_update( &operation->ctx.mbedtls_ctx,
1885 input, input_length ) );
1886 #endif
1887 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1888 #if defined(PSA_CRYPTO_DRIVER_TEST)
1889 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1890 return( mbedtls_test_transparent_hash_update(
1891 &operation->ctx.test_driver_ctx,
1892 input, input_length ) );
1893 #endif /* PSA_CRYPTO_DRIVER_TEST */
1894 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
1895 case PSA_CRYPTO_CC3XX_DRIVER_ID:
1896 return( cc3xx_hash_update(
1897 &operation->ctx.cc3xx_driver_ctx,
1898 input, input_length ) );
1899 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
1900 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1901 default:
1902 (void) input;
1903 (void) input_length;
1904 return( PSA_ERROR_BAD_STATE );
1905 }
1906 }
1907
psa_driver_wrapper_hash_finish(psa_hash_operation_t * operation,uint8_t * hash,size_t hash_size,size_t * hash_length)1908 static inline psa_status_t psa_driver_wrapper_hash_finish(
1909 psa_hash_operation_t *operation,
1910 uint8_t *hash,
1911 size_t hash_size,
1912 size_t *hash_length )
1913 {
1914 switch( operation->id )
1915 {
1916 #if defined(MBEDTLS_PSA_BUILTIN_HASH)
1917 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1918 return( mbedtls_psa_hash_finish( &operation->ctx.mbedtls_ctx,
1919 hash, hash_size, hash_length ) );
1920 #endif
1921 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1922 #if defined(PSA_CRYPTO_DRIVER_TEST)
1923 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1924 return( mbedtls_test_transparent_hash_finish(
1925 &operation->ctx.test_driver_ctx,
1926 hash, hash_size, hash_length ) );
1927 #endif /* PSA_CRYPTO_DRIVER_TEST */
1928 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
1929 case PSA_CRYPTO_CC3XX_DRIVER_ID:
1930 return( cc3xx_hash_finish(
1931 &operation->ctx.cc3xx_driver_ctx,
1932 hash, hash_size, hash_length ) );
1933 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
1934 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1935 default:
1936 (void) hash;
1937 (void) hash_size;
1938 (void) hash_length;
1939 return( PSA_ERROR_BAD_STATE );
1940 }
1941 }
1942
psa_driver_wrapper_hash_abort(psa_hash_operation_t * operation)1943 static inline psa_status_t psa_driver_wrapper_hash_abort(
1944 psa_hash_operation_t *operation )
1945 {
1946 switch( operation->id )
1947 {
1948 #if defined(MBEDTLS_PSA_BUILTIN_HASH)
1949 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1950 return( mbedtls_psa_hash_abort( &operation->ctx.mbedtls_ctx ) );
1951 #endif
1952 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1953 #if defined(PSA_CRYPTO_DRIVER_TEST)
1954 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1955 return( mbedtls_test_transparent_hash_abort(
1956 &operation->ctx.test_driver_ctx ) );
1957 #endif /* PSA_CRYPTO_DRIVER_TEST */
1958 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
1959 case PSA_CRYPTO_CC3XX_DRIVER_ID:
1960 return( cc3xx_hash_abort(
1961 &operation->ctx.cc3xx_driver_ctx ) );
1962 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
1963 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1964 default:
1965 return( PSA_ERROR_BAD_STATE );
1966 }
1967 }
1968
psa_driver_wrapper_aead_encrypt(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * nonce,size_t nonce_length,const uint8_t * additional_data,size_t additional_data_length,const uint8_t * plaintext,size_t plaintext_length,uint8_t * ciphertext,size_t ciphertext_size,size_t * ciphertext_length)1969 static inline psa_status_t psa_driver_wrapper_aead_encrypt(
1970 const psa_key_attributes_t *attributes,
1971 const uint8_t *key_buffer, size_t key_buffer_size,
1972 psa_algorithm_t alg,
1973 const uint8_t *nonce, size_t nonce_length,
1974 const uint8_t *additional_data, size_t additional_data_length,
1975 const uint8_t *plaintext, size_t plaintext_length,
1976 uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length )
1977 {
1978 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1979 psa_key_location_t location =
1980 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
1981
1982 switch( location )
1983 {
1984 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1985 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
1986 case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
1987 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
1988 /* Key is stored in the slot in export representation, so
1989 * cycle through all known transparent accelerators */
1990
1991 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1992 #if defined(PSA_CRYPTO_DRIVER_TEST)
1993 status = mbedtls_test_transparent_aead_encrypt(
1994 attributes, key_buffer, key_buffer_size,
1995 alg,
1996 nonce, nonce_length,
1997 additional_data, additional_data_length,
1998 plaintext, plaintext_length,
1999 ciphertext, ciphertext_size, ciphertext_length );
2000 /* Declared with fallback == true */
2001 if( status != PSA_ERROR_NOT_SUPPORTED )
2002 return( status );
2003 #endif /* PSA_CRYPTO_DRIVER_TEST */
2004 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
2005 status = cc3xx_aead_encrypt(
2006 attributes, key_buffer, key_buffer_size,
2007 alg,
2008 nonce, nonce_length,
2009 additional_data, additional_data_length,
2010 plaintext, plaintext_length,
2011 ciphertext, ciphertext_size, ciphertext_length );
2012
2013 return( status );
2014 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
2015 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2016
2017 /* Fell through, meaning no accelerator supports this operation */
2018 return( mbedtls_psa_aead_encrypt(
2019 attributes, key_buffer, key_buffer_size,
2020 alg,
2021 nonce, nonce_length,
2022 additional_data, additional_data_length,
2023 plaintext, plaintext_length,
2024 ciphertext, ciphertext_size, ciphertext_length ) );
2025
2026 /* Add cases for opaque driver here */
2027
2028 default:
2029 /* Key is declared with a lifetime not known to us */
2030 (void)status;
2031 return( PSA_ERROR_INVALID_ARGUMENT );
2032 }
2033 }
2034
psa_driver_wrapper_aead_decrypt(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * nonce,size_t nonce_length,const uint8_t * additional_data,size_t additional_data_length,const uint8_t * ciphertext,size_t ciphertext_length,uint8_t * plaintext,size_t plaintext_size,size_t * plaintext_length)2035 static inline psa_status_t psa_driver_wrapper_aead_decrypt(
2036 const psa_key_attributes_t *attributes,
2037 const uint8_t *key_buffer, size_t key_buffer_size,
2038 psa_algorithm_t alg,
2039 const uint8_t *nonce, size_t nonce_length,
2040 const uint8_t *additional_data, size_t additional_data_length,
2041 const uint8_t *ciphertext, size_t ciphertext_length,
2042 uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length )
2043 {
2044 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2045 psa_key_location_t location =
2046 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
2047
2048 switch( location )
2049 {
2050 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2051 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
2052 case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
2053 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
2054 /* Key is stored in the slot in export representation, so
2055 * cycle through all known transparent accelerators */
2056
2057 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2058 #if defined(PSA_CRYPTO_DRIVER_TEST)
2059 status = mbedtls_test_transparent_aead_decrypt(
2060 attributes, key_buffer, key_buffer_size,
2061 alg,
2062 nonce, nonce_length,
2063 additional_data, additional_data_length,
2064 ciphertext, ciphertext_length,
2065 plaintext, plaintext_size, plaintext_length );
2066 /* Declared with fallback == true */
2067 if( status != PSA_ERROR_NOT_SUPPORTED )
2068 return( status );
2069 #endif /* PSA_CRYPTO_DRIVER_TEST */
2070 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
2071 status = cc3xx_aead_decrypt(
2072 attributes, key_buffer, key_buffer_size,
2073 alg,
2074 nonce, nonce_length,
2075 additional_data, additional_data_length,
2076 ciphertext, ciphertext_length,
2077 plaintext, plaintext_size, plaintext_length );
2078
2079 return( status );
2080 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
2081 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2082
2083 /* Fell through, meaning no accelerator supports this operation */
2084 return( mbedtls_psa_aead_decrypt(
2085 attributes, key_buffer, key_buffer_size,
2086 alg,
2087 nonce, nonce_length,
2088 additional_data, additional_data_length,
2089 ciphertext, ciphertext_length,
2090 plaintext, plaintext_size, plaintext_length ) );
2091
2092 /* Add cases for opaque driver here */
2093
2094 default:
2095 /* Key is declared with a lifetime not known to us */
2096 (void)status;
2097 return( PSA_ERROR_INVALID_ARGUMENT );
2098 }
2099 }
2100
psa_driver_wrapper_aead_encrypt_setup(psa_aead_operation_t * operation,const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg)2101 static inline psa_status_t psa_driver_wrapper_aead_encrypt_setup(
2102 psa_aead_operation_t *operation,
2103 const psa_key_attributes_t *attributes,
2104 const uint8_t *key_buffer, size_t key_buffer_size,
2105 psa_algorithm_t alg )
2106 {
2107 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2108 psa_key_location_t location =
2109 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
2110
2111 switch( location )
2112 {
2113 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2114 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
2115 case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
2116 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
2117 /* Key is stored in the slot in export representation, so
2118 * cycle through all known transparent accelerators */
2119
2120 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2121 #if defined(PSA_CRYPTO_DRIVER_TEST)
2122 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
2123 status = mbedtls_test_transparent_aead_encrypt_setup(
2124 &operation->ctx.transparent_test_driver_ctx,
2125 attributes, key_buffer, key_buffer_size,
2126 alg );
2127
2128 /* Declared with fallback == true */
2129 if( status != PSA_ERROR_NOT_SUPPORTED )
2130 return( status );
2131 #endif /* PSA_CRYPTO_DRIVER_TEST */
2132 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
2133 operation->id = PSA_CRYPTO_CC3XX_DRIVER_ID;
2134 status = cc3xx_aead_encrypt_setup(
2135 &operation->ctx.cc3xx_driver_ctx,
2136 attributes, key_buffer, key_buffer_size,
2137 alg );
2138
2139 return( status );
2140 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
2141 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2142
2143 /* Fell through, meaning no accelerator supports this operation */
2144 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
2145 status = mbedtls_psa_aead_encrypt_setup(
2146 &operation->ctx.mbedtls_ctx, attributes,
2147 key_buffer, key_buffer_size,
2148 alg );
2149
2150 return( status );
2151
2152 /* Add cases for opaque driver here */
2153
2154 default:
2155 /* Key is declared with a lifetime not known to us */
2156 (void)status;
2157 return( PSA_ERROR_INVALID_ARGUMENT );
2158 }
2159 }
2160
psa_driver_wrapper_aead_decrypt_setup(psa_aead_operation_t * operation,const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg)2161 static inline psa_status_t psa_driver_wrapper_aead_decrypt_setup(
2162 psa_aead_operation_t *operation,
2163 const psa_key_attributes_t *attributes,
2164 const uint8_t *key_buffer, size_t key_buffer_size,
2165 psa_algorithm_t alg )
2166 {
2167 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2168 psa_key_location_t location =
2169 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
2170
2171 switch( location )
2172 {
2173 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2174 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
2175 case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
2176 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
2177 /* Key is stored in the slot in export representation, so
2178 * cycle through all known transparent accelerators */
2179
2180 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2181 #if defined(PSA_CRYPTO_DRIVER_TEST)
2182 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
2183 status = mbedtls_test_transparent_aead_decrypt_setup(
2184 &operation->ctx.transparent_test_driver_ctx,
2185 attributes,
2186 key_buffer, key_buffer_size,
2187 alg );
2188
2189 /* Declared with fallback == true */
2190 if( status != PSA_ERROR_NOT_SUPPORTED )
2191 return( status );
2192 #endif /* PSA_CRYPTO_DRIVER_TEST */
2193 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
2194 operation->id = PSA_CRYPTO_CC3XX_DRIVER_ID;
2195 status = cc3xx_aead_decrypt_setup(
2196 &operation->ctx.cc3xx_driver_ctx,
2197 attributes,
2198 key_buffer, key_buffer_size,
2199 alg );
2200
2201 return( status );
2202 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
2203 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2204
2205 /* Fell through, meaning no accelerator supports this operation */
2206 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
2207 status = mbedtls_psa_aead_decrypt_setup(
2208 &operation->ctx.mbedtls_ctx,
2209 attributes,
2210 key_buffer, key_buffer_size,
2211 alg );
2212
2213 return( status );
2214
2215 /* Add cases for opaque driver here */
2216
2217 default:
2218 /* Key is declared with a lifetime not known to us */
2219 (void)status;
2220 return( PSA_ERROR_INVALID_ARGUMENT );
2221 }
2222 }
2223
psa_driver_wrapper_aead_set_nonce(psa_aead_operation_t * operation,const uint8_t * nonce,size_t nonce_length)2224 static inline psa_status_t psa_driver_wrapper_aead_set_nonce(
2225 psa_aead_operation_t *operation,
2226 const uint8_t *nonce,
2227 size_t nonce_length )
2228 {
2229 switch( operation->id )
2230 {
2231 #if defined(MBEDTLS_PSA_BUILTIN_AEAD)
2232 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2233 return( mbedtls_psa_aead_set_nonce( &operation->ctx.mbedtls_ctx,
2234 nonce,
2235 nonce_length ) );
2236
2237 #endif /* MBEDTLS_PSA_BUILTIN_AEAD */
2238
2239 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2240 #if defined(PSA_CRYPTO_DRIVER_TEST)
2241 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2242 return( mbedtls_test_transparent_aead_set_nonce(
2243 &operation->ctx.transparent_test_driver_ctx,
2244 nonce, nonce_length ) );
2245
2246 /* Add cases for opaque driver here */
2247
2248 #endif /* PSA_CRYPTO_DRIVER_TEST */
2249 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
2250 case PSA_CRYPTO_CC3XX_DRIVER_ID:
2251 return( cc3xx_aead_set_nonce(
2252 &operation->ctx.cc3xx_driver_ctx,
2253 nonce, nonce_length ) );
2254 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
2255 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2256 }
2257
2258 (void)nonce;
2259 (void)nonce_length;
2260
2261 return( PSA_ERROR_INVALID_ARGUMENT );
2262 }
2263
psa_driver_wrapper_aead_set_lengths(psa_aead_operation_t * operation,size_t ad_length,size_t plaintext_length)2264 static inline psa_status_t psa_driver_wrapper_aead_set_lengths(
2265 psa_aead_operation_t *operation,
2266 size_t ad_length,
2267 size_t plaintext_length )
2268 {
2269 switch( operation->id )
2270 {
2271 #if defined(MBEDTLS_PSA_BUILTIN_AEAD)
2272 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2273 return( mbedtls_psa_aead_set_lengths( &operation->ctx.mbedtls_ctx,
2274 ad_length,
2275 plaintext_length ) );
2276
2277 #endif /* MBEDTLS_PSA_BUILTIN_AEAD */
2278
2279 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2280 #if defined(PSA_CRYPTO_DRIVER_TEST)
2281 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2282 return( mbedtls_test_transparent_aead_set_lengths(
2283 &operation->ctx.transparent_test_driver_ctx,
2284 ad_length, plaintext_length ) );
2285
2286 /* Add cases for opaque driver here */
2287
2288 #endif /* PSA_CRYPTO_DRIVER_TEST */
2289 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
2290 case PSA_CRYPTO_CC3XX_DRIVER_ID:
2291 return( cc3xx_aead_set_lengths(
2292 &operation->ctx.cc3xx_driver_ctx,
2293 ad_length, plaintext_length ) );
2294 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
2295 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2296 }
2297
2298 (void)ad_length;
2299 (void)plaintext_length;
2300
2301 return( PSA_ERROR_INVALID_ARGUMENT );
2302 }
2303
psa_driver_wrapper_aead_update_ad(psa_aead_operation_t * operation,const uint8_t * input,size_t input_length)2304 static inline psa_status_t psa_driver_wrapper_aead_update_ad(
2305 psa_aead_operation_t *operation,
2306 const uint8_t *input,
2307 size_t input_length )
2308 {
2309 switch( operation->id )
2310 {
2311 #if defined(MBEDTLS_PSA_BUILTIN_AEAD)
2312 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2313 return( mbedtls_psa_aead_update_ad( &operation->ctx.mbedtls_ctx,
2314 input,
2315 input_length ) );
2316
2317 #endif /* MBEDTLS_PSA_BUILTIN_AEAD */
2318
2319 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2320 #if defined(PSA_CRYPTO_DRIVER_TEST)
2321 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2322 return( mbedtls_test_transparent_aead_update_ad(
2323 &operation->ctx.transparent_test_driver_ctx,
2324 input, input_length ) );
2325
2326 /* Add cases for opaque driver here */
2327
2328 #endif /* PSA_CRYPTO_DRIVER_TEST */
2329 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
2330 case PSA_CRYPTO_CC3XX_DRIVER_ID:
2331 return( cc3xx_aead_update_ad(
2332 &operation->ctx.cc3xx_driver_ctx,
2333 input, input_length ) );
2334 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
2335 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2336 }
2337
2338 (void)input;
2339 (void)input_length;
2340
2341 return( PSA_ERROR_INVALID_ARGUMENT );
2342 }
2343
psa_driver_wrapper_aead_update(psa_aead_operation_t * operation,const uint8_t * input,size_t input_length,uint8_t * output,size_t output_size,size_t * output_length)2344 static inline psa_status_t psa_driver_wrapper_aead_update(
2345 psa_aead_operation_t *operation,
2346 const uint8_t *input,
2347 size_t input_length,
2348 uint8_t *output,
2349 size_t output_size,
2350 size_t *output_length )
2351 {
2352 switch( operation->id )
2353 {
2354 #if defined(MBEDTLS_PSA_BUILTIN_AEAD)
2355 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2356 return( mbedtls_psa_aead_update( &operation->ctx.mbedtls_ctx,
2357 input, input_length,
2358 output, output_size,
2359 output_length ) );
2360
2361 #endif /* MBEDTLS_PSA_BUILTIN_AEAD */
2362
2363 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2364 #if defined(PSA_CRYPTO_DRIVER_TEST)
2365 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2366 return( mbedtls_test_transparent_aead_update(
2367 &operation->ctx.transparent_test_driver_ctx,
2368 input, input_length, output, output_size,
2369 output_length ) );
2370
2371 /* Add cases for opaque driver here */
2372
2373 #endif /* PSA_CRYPTO_DRIVER_TEST */
2374 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
2375 case PSA_CRYPTO_CC3XX_DRIVER_ID:
2376 return( cc3xx_aead_update(
2377 &operation->ctx.cc3xx_driver_ctx,
2378 input, input_length, output, output_size,
2379 output_length ) );
2380 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
2381 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2382 }
2383
2384 (void)input;
2385 (void)input_length;
2386 (void)output;
2387 (void)output_size;
2388 (void)output_length;
2389
2390 return( PSA_ERROR_INVALID_ARGUMENT );
2391 }
2392
psa_driver_wrapper_aead_finish(psa_aead_operation_t * operation,uint8_t * ciphertext,size_t ciphertext_size,size_t * ciphertext_length,uint8_t * tag,size_t tag_size,size_t * tag_length)2393 static inline psa_status_t psa_driver_wrapper_aead_finish(
2394 psa_aead_operation_t *operation,
2395 uint8_t *ciphertext,
2396 size_t ciphertext_size,
2397 size_t *ciphertext_length,
2398 uint8_t *tag,
2399 size_t tag_size,
2400 size_t *tag_length )
2401 {
2402 switch( operation->id )
2403 {
2404 #if defined(MBEDTLS_PSA_BUILTIN_AEAD)
2405 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2406 return( mbedtls_psa_aead_finish( &operation->ctx.mbedtls_ctx,
2407 ciphertext,
2408 ciphertext_size,
2409 ciphertext_length, tag,
2410 tag_size, tag_length ) );
2411
2412 #endif /* MBEDTLS_PSA_BUILTIN_AEAD */
2413
2414 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2415 #if defined(PSA_CRYPTO_DRIVER_TEST)
2416 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2417 return( mbedtls_test_transparent_aead_finish(
2418 &operation->ctx.transparent_test_driver_ctx,
2419 ciphertext, ciphertext_size,
2420 ciphertext_length, tag, tag_size, tag_length ) );
2421
2422 /* Add cases for opaque driver here */
2423
2424 #endif /* PSA_CRYPTO_DRIVER_TEST */
2425 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
2426 case PSA_CRYPTO_CC3XX_DRIVER_ID:
2427 return( cc3xx_aead_finish(
2428 &operation->ctx.cc3xx_driver_ctx,
2429 ciphertext, ciphertext_size,
2430 ciphertext_length, tag, tag_size, tag_length ) );
2431 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
2432 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2433 }
2434
2435 (void)ciphertext;
2436 (void)ciphertext_size;
2437 (void)ciphertext_length;
2438 (void)tag;
2439 (void)tag_size;
2440 (void)tag_length;
2441
2442 return( PSA_ERROR_INVALID_ARGUMENT );
2443 }
2444
psa_driver_wrapper_aead_verify(psa_aead_operation_t * operation,uint8_t * plaintext,size_t plaintext_size,size_t * plaintext_length,const uint8_t * tag,size_t tag_length)2445 static inline psa_status_t psa_driver_wrapper_aead_verify(
2446 psa_aead_operation_t *operation,
2447 uint8_t *plaintext,
2448 size_t plaintext_size,
2449 size_t *plaintext_length,
2450 const uint8_t *tag,
2451 size_t tag_length )
2452 {
2453 switch( operation->id )
2454 {
2455 #if defined(MBEDTLS_PSA_BUILTIN_AEAD)
2456 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2457 {
2458 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2459 uint8_t check_tag[PSA_AEAD_TAG_MAX_SIZE];
2460 size_t check_tag_length;
2461
2462 status = mbedtls_psa_aead_finish( &operation->ctx.mbedtls_ctx,
2463 plaintext,
2464 plaintext_size,
2465 plaintext_length,
2466 check_tag,
2467 sizeof( check_tag ),
2468 &check_tag_length );
2469
2470 if( status == PSA_SUCCESS )
2471 {
2472 if( tag_length != check_tag_length ||
2473 mbedtls_ct_memcmp( tag, check_tag, tag_length )
2474 != 0 )
2475 status = PSA_ERROR_INVALID_SIGNATURE;
2476 }
2477
2478 mbedtls_platform_zeroize( check_tag, sizeof( check_tag ) );
2479
2480 return( status );
2481 }
2482
2483 #endif /* MBEDTLS_PSA_BUILTIN_AEAD */
2484
2485 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2486 #if defined(PSA_CRYPTO_DRIVER_TEST)
2487 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2488 return( mbedtls_test_transparent_aead_verify(
2489 &operation->ctx.transparent_test_driver_ctx,
2490 plaintext, plaintext_size,
2491 plaintext_length, tag, tag_length ) );
2492
2493 /* Add cases for opaque driver here */
2494
2495 #endif /* PSA_CRYPTO_DRIVER_TEST */
2496 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
2497 case PSA_CRYPTO_CC3XX_DRIVER_ID:
2498 return( cc3xx_aead_verify(
2499 &operation->ctx.cc3xx_driver_ctx,
2500 plaintext, plaintext_size,
2501 plaintext_length, tag, tag_length ) );
2502 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
2503 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2504 }
2505
2506 (void)plaintext;
2507 (void)plaintext_size;
2508 (void)plaintext_length;
2509 (void)tag;
2510 (void)tag_length;
2511
2512 return( PSA_ERROR_INVALID_ARGUMENT );
2513 }
2514
psa_driver_wrapper_aead_abort(psa_aead_operation_t * operation)2515 static inline psa_status_t psa_driver_wrapper_aead_abort(
2516 psa_aead_operation_t *operation )
2517 {
2518 switch( operation->id )
2519 {
2520 #if defined(MBEDTLS_PSA_BUILTIN_AEAD)
2521 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2522 return( mbedtls_psa_aead_abort( &operation->ctx.mbedtls_ctx ) );
2523
2524 #endif /* MBEDTLS_PSA_BUILTIN_AEAD */
2525
2526 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2527 #if defined(PSA_CRYPTO_DRIVER_TEST)
2528 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2529 return( mbedtls_test_transparent_aead_abort(
2530 &operation->ctx.transparent_test_driver_ctx ) );
2531
2532 /* Add cases for opaque driver here */
2533
2534 #endif /* PSA_CRYPTO_DRIVER_TEST */
2535 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
2536 case PSA_CRYPTO_CC3XX_DRIVER_ID:
2537 return( cc3xx_aead_abort(
2538 &operation->ctx.cc3xx_driver_ctx ) );
2539 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
2540 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2541 }
2542
2543 return( PSA_ERROR_INVALID_ARGUMENT );
2544 }
2545
2546 /*
2547 * MAC functions
2548 */
psa_driver_wrapper_mac_compute(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * input,size_t input_length,uint8_t * mac,size_t mac_size,size_t * mac_length)2549 static inline psa_status_t psa_driver_wrapper_mac_compute(
2550 const psa_key_attributes_t *attributes,
2551 const uint8_t *key_buffer,
2552 size_t key_buffer_size,
2553 psa_algorithm_t alg,
2554 const uint8_t *input,
2555 size_t input_length,
2556 uint8_t *mac,
2557 size_t mac_size,
2558 size_t *mac_length )
2559 {
2560 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2561 psa_key_location_t location =
2562 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
2563
2564 switch( location )
2565 {
2566 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2567 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
2568 case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
2569 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
2570 /* Key is stored in the slot in export representation, so
2571 * cycle through all known transparent accelerators */
2572 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2573 #if defined(PSA_CRYPTO_DRIVER_TEST)
2574 status = mbedtls_test_transparent_mac_compute(
2575 attributes, key_buffer, key_buffer_size, alg,
2576 input, input_length,
2577 mac, mac_size, mac_length );
2578 /* Declared with fallback == true */
2579 if( status != PSA_ERROR_NOT_SUPPORTED )
2580 return( status );
2581 #endif /* PSA_CRYPTO_DRIVER_TEST */
2582 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
2583 status = cc3xx_mac_compute(attributes, key_buffer, key_buffer_size, alg,
2584 input, input_length,
2585 mac, mac_size, mac_length);
2586 return( status );
2587 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
2588 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2589 #if defined(MBEDTLS_PSA_BUILTIN_MAC)
2590 /* Fell through, meaning no accelerator supports this operation */
2591 status = mbedtls_psa_mac_compute(
2592 attributes, key_buffer, key_buffer_size, alg,
2593 input, input_length,
2594 mac, mac_size, mac_length );
2595 if( status != PSA_ERROR_NOT_SUPPORTED )
2596 return( status );
2597 #endif /* MBEDTLS_PSA_BUILTIN_MAC */
2598 return( PSA_ERROR_NOT_SUPPORTED );
2599
2600 /* Add cases for opaque driver here */
2601 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2602 #if defined(PSA_CRYPTO_DRIVER_TEST)
2603 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2604 status = mbedtls_test_opaque_mac_compute(
2605 attributes, key_buffer, key_buffer_size, alg,
2606 input, input_length,
2607 mac, mac_size, mac_length );
2608 return( status );
2609 #endif /* PSA_CRYPTO_DRIVER_TEST */
2610 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2611 default:
2612 /* Key is declared with a lifetime not known to us */
2613 (void) key_buffer;
2614 (void) key_buffer_size;
2615 (void) alg;
2616 (void) input;
2617 (void) input_length;
2618 (void) mac;
2619 (void) mac_size;
2620 (void) mac_length;
2621 (void) status;
2622 return( PSA_ERROR_INVALID_ARGUMENT );
2623 }
2624 }
2625
psa_driver_wrapper_mac_sign_setup(psa_mac_operation_t * operation,const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg)2626 static inline psa_status_t psa_driver_wrapper_mac_sign_setup(
2627 psa_mac_operation_t *operation,
2628 const psa_key_attributes_t *attributes,
2629 const uint8_t *key_buffer,
2630 size_t key_buffer_size,
2631 psa_algorithm_t alg )
2632 {
2633 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2634 psa_key_location_t location =
2635 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
2636
2637 switch( location )
2638 {
2639 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2640 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
2641 case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
2642 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
2643 /* Key is stored in the slot in export representation, so
2644 * cycle through all known transparent accelerators */
2645 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2646 #if defined(PSA_CRYPTO_DRIVER_TEST)
2647 status = mbedtls_test_transparent_mac_sign_setup(
2648 &operation->ctx.transparent_test_driver_ctx,
2649 attributes,
2650 key_buffer, key_buffer_size,
2651 alg );
2652 /* Declared with fallback == true */
2653 if( status == PSA_SUCCESS )
2654 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
2655
2656 if( status != PSA_ERROR_NOT_SUPPORTED )
2657 return( status );
2658 #endif /* PSA_CRYPTO_DRIVER_TEST */
2659 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
2660 status = cc3xx_mac_sign_setup(
2661 &operation->ctx.cc3xx_driver_ctx,
2662 attributes,
2663 key_buffer, key_buffer_size,
2664 alg);
2665 operation->id = PSA_CRYPTO_CC3XX_DRIVER_ID;
2666 return status;
2667 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
2668 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2669 #if defined(MBEDTLS_PSA_BUILTIN_MAC)
2670 /* Fell through, meaning no accelerator supports this operation */
2671 status = mbedtls_psa_mac_sign_setup( &operation->ctx.mbedtls_ctx,
2672 attributes,
2673 key_buffer, key_buffer_size,
2674 alg );
2675 if( status == PSA_SUCCESS )
2676 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
2677
2678 if( status != PSA_ERROR_NOT_SUPPORTED )
2679 return( status );
2680 #endif /* MBEDTLS_PSA_BUILTIN_MAC */
2681 return( PSA_ERROR_NOT_SUPPORTED );
2682
2683 /* Add cases for opaque driver here */
2684 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2685 #if defined(PSA_CRYPTO_DRIVER_TEST)
2686 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2687 status = mbedtls_test_opaque_mac_sign_setup(
2688 &operation->ctx.opaque_test_driver_ctx,
2689 attributes,
2690 key_buffer, key_buffer_size,
2691 alg );
2692
2693 if( status == PSA_SUCCESS )
2694 operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID;
2695
2696 return( status );
2697 #endif /* PSA_CRYPTO_DRIVER_TEST */
2698 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2699 default:
2700 /* Key is declared with a lifetime not known to us */
2701 (void) status;
2702 (void) operation;
2703 (void) key_buffer;
2704 (void) key_buffer_size;
2705 (void) alg;
2706 return( PSA_ERROR_INVALID_ARGUMENT );
2707 }
2708 }
2709
psa_driver_wrapper_mac_verify_setup(psa_mac_operation_t * operation,const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg)2710 static inline psa_status_t psa_driver_wrapper_mac_verify_setup(
2711 psa_mac_operation_t *operation,
2712 const psa_key_attributes_t *attributes,
2713 const uint8_t *key_buffer,
2714 size_t key_buffer_size,
2715 psa_algorithm_t alg )
2716 {
2717 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2718 psa_key_location_t location =
2719 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
2720
2721 switch( location )
2722 {
2723 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2724 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
2725 case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
2726 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
2727 /* Key is stored in the slot in export representation, so
2728 * cycle through all known transparent accelerators */
2729 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2730 #if defined(PSA_CRYPTO_DRIVER_TEST)
2731 status = mbedtls_test_transparent_mac_verify_setup(
2732 &operation->ctx.transparent_test_driver_ctx,
2733 attributes,
2734 key_buffer, key_buffer_size,
2735 alg );
2736 /* Declared with fallback == true */
2737 if( status == PSA_SUCCESS )
2738 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
2739
2740 if( status != PSA_ERROR_NOT_SUPPORTED )
2741 return( status );
2742 #endif /* PSA_CRYPTO_DRIVER_TEST */
2743 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
2744 status = cc3xx_mac_verify_setup(
2745 &operation->ctx.cc3xx_driver_ctx,
2746 attributes,
2747 key_buffer, key_buffer_size,
2748 alg);
2749 operation->id = PSA_CRYPTO_CC3XX_DRIVER_ID;
2750 return status;
2751 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
2752 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2753 #if defined(MBEDTLS_PSA_BUILTIN_MAC)
2754 /* Fell through, meaning no accelerator supports this operation */
2755 status = mbedtls_psa_mac_verify_setup( &operation->ctx.mbedtls_ctx,
2756 attributes,
2757 key_buffer, key_buffer_size,
2758 alg );
2759 if( status == PSA_SUCCESS )
2760 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
2761
2762 if( status != PSA_ERROR_NOT_SUPPORTED )
2763 return( status );
2764 #endif /* MBEDTLS_PSA_BUILTIN_MAC */
2765 return( PSA_ERROR_NOT_SUPPORTED );
2766
2767 /* Add cases for opaque driver here */
2768 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2769 #if defined(PSA_CRYPTO_DRIVER_TEST)
2770 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2771 status = mbedtls_test_opaque_mac_verify_setup(
2772 &operation->ctx.opaque_test_driver_ctx,
2773 attributes,
2774 key_buffer, key_buffer_size,
2775 alg );
2776
2777 if( status == PSA_SUCCESS )
2778 operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID;
2779
2780 return( status );
2781 #endif /* PSA_CRYPTO_DRIVER_TEST */
2782 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2783 default:
2784 /* Key is declared with a lifetime not known to us */
2785 (void) status;
2786 (void) operation;
2787 (void) key_buffer;
2788 (void) key_buffer_size;
2789 (void) alg;
2790 return( PSA_ERROR_INVALID_ARGUMENT );
2791 }
2792 }
2793
psa_driver_wrapper_mac_update(psa_mac_operation_t * operation,const uint8_t * input,size_t input_length)2794 static inline psa_status_t psa_driver_wrapper_mac_update(
2795 psa_mac_operation_t *operation,
2796 const uint8_t *input,
2797 size_t input_length )
2798 {
2799 switch( operation->id )
2800 {
2801 #if defined(MBEDTLS_PSA_BUILTIN_MAC)
2802 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2803 return( mbedtls_psa_mac_update( &operation->ctx.mbedtls_ctx,
2804 input, input_length ) );
2805 #endif /* MBEDTLS_PSA_BUILTIN_MAC */
2806
2807 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2808 #if defined(PSA_CRYPTO_DRIVER_TEST)
2809 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2810 return( mbedtls_test_transparent_mac_update(
2811 &operation->ctx.transparent_test_driver_ctx,
2812 input, input_length ) );
2813
2814 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
2815 return( mbedtls_test_opaque_mac_update(
2816 &operation->ctx.opaque_test_driver_ctx,
2817 input, input_length ) );
2818 #endif /* PSA_CRYPTO_DRIVER_TEST */
2819 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
2820 case PSA_CRYPTO_CC3XX_DRIVER_ID:
2821 return(cc3xx_mac_update(&operation->ctx.cc3xx_driver_ctx, input, input_length));
2822 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
2823 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2824 default:
2825 (void) input;
2826 (void) input_length;
2827 return( PSA_ERROR_INVALID_ARGUMENT );
2828 }
2829 }
2830
psa_driver_wrapper_mac_sign_finish(psa_mac_operation_t * operation,uint8_t * mac,size_t mac_size,size_t * mac_length)2831 static inline psa_status_t psa_driver_wrapper_mac_sign_finish(
2832 psa_mac_operation_t *operation,
2833 uint8_t *mac,
2834 size_t mac_size,
2835 size_t *mac_length )
2836 {
2837 switch( operation->id )
2838 {
2839 #if defined(MBEDTLS_PSA_BUILTIN_MAC)
2840 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2841 return( mbedtls_psa_mac_sign_finish( &operation->ctx.mbedtls_ctx,
2842 mac, mac_size, mac_length ) );
2843 #endif /* MBEDTLS_PSA_BUILTIN_MAC */
2844
2845 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2846 #if defined(PSA_CRYPTO_DRIVER_TEST)
2847 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2848 return( mbedtls_test_transparent_mac_sign_finish(
2849 &operation->ctx.transparent_test_driver_ctx,
2850 mac, mac_size, mac_length ) );
2851
2852 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
2853 return( mbedtls_test_opaque_mac_sign_finish(
2854 &operation->ctx.opaque_test_driver_ctx,
2855 mac, mac_size, mac_length ) );
2856 #endif /* PSA_CRYPTO_DRIVER_TEST */
2857 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
2858 case PSA_CRYPTO_CC3XX_DRIVER_ID:
2859 return(cc3xx_mac_sign_finish(&operation->ctx.cc3xx_driver_ctx,
2860 mac, mac_size, mac_length));
2861 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
2862 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2863 default:
2864 (void) mac;
2865 (void) mac_size;
2866 (void) mac_length;
2867 return( PSA_ERROR_INVALID_ARGUMENT );
2868 }
2869 }
2870
psa_driver_wrapper_mac_verify_finish(psa_mac_operation_t * operation,const uint8_t * mac,size_t mac_length)2871 static inline psa_status_t psa_driver_wrapper_mac_verify_finish(
2872 psa_mac_operation_t *operation,
2873 const uint8_t *mac,
2874 size_t mac_length )
2875 {
2876 switch( operation->id )
2877 {
2878 #if defined(MBEDTLS_PSA_BUILTIN_MAC)
2879 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2880 return( mbedtls_psa_mac_verify_finish( &operation->ctx.mbedtls_ctx,
2881 mac, mac_length ) );
2882 #endif /* MBEDTLS_PSA_BUILTIN_MAC */
2883
2884 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2885 #if defined(PSA_CRYPTO_DRIVER_TEST)
2886 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2887 return( mbedtls_test_transparent_mac_verify_finish(
2888 &operation->ctx.transparent_test_driver_ctx,
2889 mac, mac_length ) );
2890
2891 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
2892 return( mbedtls_test_opaque_mac_verify_finish(
2893 &operation->ctx.opaque_test_driver_ctx,
2894 mac, mac_length ) );
2895 #endif /* PSA_CRYPTO_DRIVER_TEST */
2896 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
2897 case PSA_CRYPTO_CC3XX_DRIVER_ID:
2898 return(cc3xx_mac_verify_finish(
2899 &operation->ctx.cc3xx_driver_ctx,
2900 mac, mac_length));
2901 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
2902 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2903 default:
2904 (void) mac;
2905 (void) mac_length;
2906 return( PSA_ERROR_INVALID_ARGUMENT );
2907 }
2908 }
2909
psa_driver_wrapper_mac_abort(psa_mac_operation_t * operation)2910 static inline psa_status_t psa_driver_wrapper_mac_abort(
2911 psa_mac_operation_t *operation )
2912 {
2913 switch( operation->id )
2914 {
2915 #if defined(MBEDTLS_PSA_BUILTIN_MAC)
2916 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2917 return( mbedtls_psa_mac_abort( &operation->ctx.mbedtls_ctx ) );
2918 #endif /* MBEDTLS_PSA_BUILTIN_MAC */
2919
2920 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2921 #if defined(PSA_CRYPTO_DRIVER_TEST)
2922 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2923 return( mbedtls_test_transparent_mac_abort(
2924 &operation->ctx.transparent_test_driver_ctx ) );
2925 case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
2926 return( mbedtls_test_opaque_mac_abort(
2927 &operation->ctx.opaque_test_driver_ctx ) );
2928 #endif /* PSA_CRYPTO_DRIVER_TEST */
2929 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
2930 case PSA_CRYPTO_CC3XX_DRIVER_ID:
2931 return(cc3xx_mac_abort(&operation->ctx.cc3xx_driver_ctx));
2932 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
2933 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2934 default:
2935 return( PSA_ERROR_INVALID_ARGUMENT );
2936 }
2937 }
2938
2939 /*
2940 * Asymmetric cryptography
2941 */
psa_driver_wrapper_asymmetric_encrypt(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * input,size_t input_length,const uint8_t * salt,size_t salt_length,uint8_t * output,size_t output_size,size_t * output_length)2942 static inline psa_status_t psa_driver_wrapper_asymmetric_encrypt(
2943 const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
2944 size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input,
2945 size_t input_length, const uint8_t *salt, size_t salt_length,
2946 uint8_t *output, size_t output_size, size_t *output_length )
2947 {
2948 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2949 psa_key_location_t location =
2950 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
2951
2952 switch( location )
2953 {
2954 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2955 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
2956 case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
2957 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
2958 /* Key is stored in the slot in export representation, so
2959 * cycle through all known transparent accelerators */
2960 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2961 #if defined(PSA_CRYPTO_DRIVER_TEST)
2962 status = mbedtls_test_transparent_asymmetric_encrypt( attributes,
2963 key_buffer, key_buffer_size, alg, input, input_length,
2964 salt, salt_length, output, output_size,
2965 output_length );
2966 /* Declared with fallback == true */
2967 if( status != PSA_ERROR_NOT_SUPPORTED )
2968 return( status );
2969 #endif /* PSA_CRYPTO_DRIVER_TEST */
2970 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
2971 status = cc3xx_asymmetric_encrypt( attributes,
2972 key_buffer,
2973 key_buffer_size,
2974 alg,
2975 input,
2976 input_length,
2977 salt,
2978 salt_length,
2979 output,
2980 output_size,
2981 output_length );
2982 return( status );
2983 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
2984 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2985 return( mbedtls_psa_asymmetric_encrypt( attributes,
2986 key_buffer, key_buffer_size, alg, input, input_length,
2987 salt, salt_length, output, output_size, output_length )
2988 );
2989 /* Add cases for opaque driver here */
2990 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2991 #if defined(PSA_CRYPTO_DRIVER_TEST)
2992 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2993 return( mbedtls_test_opaque_asymmetric_encrypt( attributes,
2994 key_buffer, key_buffer_size, alg, input, input_length,
2995 salt, salt_length, output, output_size, output_length )
2996 );
2997 #endif /* PSA_CRYPTO_DRIVER_TEST */
2998 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2999
3000 default:
3001 /* Key is declared with a lifetime not known to us */
3002 (void)status;
3003 (void)key_buffer;
3004 (void)key_buffer_size;
3005 (void)alg;
3006 (void)input;
3007 (void)input_length;
3008 (void)salt;
3009 (void)salt_length;
3010 (void)output;
3011 (void)output_size;
3012 (void)output_length;
3013 return( PSA_ERROR_INVALID_ARGUMENT );
3014 }
3015 }
3016
psa_driver_wrapper_asymmetric_decrypt(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * input,size_t input_length,const uint8_t * salt,size_t salt_length,uint8_t * output,size_t output_size,size_t * output_length)3017 static inline psa_status_t psa_driver_wrapper_asymmetric_decrypt(
3018 const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
3019 size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input,
3020 size_t input_length, const uint8_t *salt, size_t salt_length,
3021 uint8_t *output, size_t output_size, size_t *output_length )
3022 {
3023 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
3024 psa_key_location_t location =
3025 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
3026
3027 switch( location )
3028 {
3029 case PSA_KEY_LOCATION_LOCAL_STORAGE:
3030 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
3031 case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
3032 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
3033 /* Key is stored in the slot in export representation, so
3034 * cycle through all known transparent accelerators */
3035 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
3036 #if defined(PSA_CRYPTO_DRIVER_TEST)
3037 status = mbedtls_test_transparent_asymmetric_decrypt( attributes,
3038 key_buffer, key_buffer_size, alg, input, input_length,
3039 salt, salt_length, output, output_size,
3040 output_length );
3041 /* Declared with fallback == true */
3042 if( status != PSA_ERROR_NOT_SUPPORTED )
3043 return( status );
3044 #endif /* PSA_CRYPTO_DRIVER_TEST */
3045 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
3046 status = cc3xx_asymmetric_decrypt( attributes,
3047 key_buffer,
3048 key_buffer_size,
3049 alg,
3050 input,
3051 input_length,
3052 salt,
3053 salt_length,
3054 output,
3055 output_size,
3056 output_length );
3057 return( status );
3058 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
3059 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
3060 return( mbedtls_psa_asymmetric_decrypt( attributes,
3061 key_buffer, key_buffer_size, alg,input, input_length,
3062 salt, salt_length, output, output_size,
3063 output_length ) );
3064 /* Add cases for opaque driver here */
3065 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
3066 #if defined(PSA_CRYPTO_DRIVER_TEST)
3067 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
3068 return( mbedtls_test_opaque_asymmetric_decrypt( attributes,
3069 key_buffer, key_buffer_size, alg, input, input_length,
3070 salt, salt_length, output, output_size,
3071 output_length ) );
3072 #endif /* PSA_CRYPTO_DRIVER_TEST */
3073 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
3074
3075 default:
3076 /* Key is declared with a lifetime not known to us */
3077 (void)status;
3078 (void)key_buffer;
3079 (void)key_buffer_size;
3080 (void)alg;
3081 (void)input;
3082 (void)input_length;
3083 (void)salt;
3084 (void)salt_length;
3085 (void)output;
3086 (void)output_size;
3087 (void)output_length;
3088 return( PSA_ERROR_INVALID_ARGUMENT );
3089 }
3090 }
3091
psa_driver_wrapper_key_agreement(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * peer_key,size_t peer_key_length,uint8_t * shared_secret,size_t shared_secret_size,size_t * shared_secret_length)3092 static inline psa_status_t psa_driver_wrapper_key_agreement(
3093 const psa_key_attributes_t *attributes,
3094 const uint8_t *key_buffer,
3095 size_t key_buffer_size,
3096 psa_algorithm_t alg,
3097 const uint8_t *peer_key,
3098 size_t peer_key_length,
3099 uint8_t *shared_secret,
3100 size_t shared_secret_size,
3101 size_t *shared_secret_length
3102 )
3103 {
3104 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
3105 psa_key_location_t location =
3106 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
3107
3108 switch( location )
3109 {
3110 case PSA_KEY_LOCATION_LOCAL_STORAGE:
3111 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
3112 case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
3113 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
3114 /* Key is stored in the slot in export representation, so
3115 * cycle through all known transparent accelerators */
3116 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
3117 #if defined(PSA_CRYPTO_DRIVER_TEST)
3118 status =
3119 mbedtls_test_transparent_key_agreement( attributes,
3120 key_buffer, key_buffer_size, alg, peer_key,
3121 peer_key_length, shared_secret, shared_secret_size,
3122 shared_secret_length );
3123 if( status != PSA_ERROR_NOT_SUPPORTED )
3124 return( status );
3125 #endif /* PSA_CRYPTO_DRIVER_TEST */
3126 #if defined(PSA_CRYPTO_DRIVER_CC3XX)
3127 status = cc3xx_key_agreement( attributes,
3128 key_buffer,
3129 key_buffer_size,
3130 peer_key,
3131 peer_key_length,
3132 shared_secret,
3133 shared_secret_size,
3134 shared_secret_length,
3135 alg );
3136 return( status );
3137 #endif /* PSA_CRYPTO_DRIVER_CC3XX */
3138 #if defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED)
3139 if( PSA_KEY_TYPE_IS_ECC( psa_get_key_type(attributes) ) &&
3140 PSA_ALG_IS_ECDH(alg) &&
3141 PSA_KEY_TYPE_ECC_GET_FAMILY(psa_get_key_type(attributes)) == PSA_ECC_FAMILY_SECP_R1 &&
3142 psa_get_key_bits(attributes) == 256 )
3143 {
3144 status = p256_transparent_key_agreement( attributes,
3145 key_buffer,
3146 key_buffer_size,
3147 alg,
3148 peer_key,
3149 peer_key_length,
3150 shared_secret,
3151 shared_secret_size,
3152 shared_secret_length );
3153 if( status != PSA_ERROR_NOT_SUPPORTED)
3154 return( status );
3155 }
3156 #endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */
3157 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
3158
3159 /* Software Fallback */
3160 status = psa_key_agreement_raw_builtin( attributes,
3161 key_buffer,
3162 key_buffer_size,
3163 alg,
3164 peer_key,
3165 peer_key_length,
3166 shared_secret,
3167 shared_secret_size,
3168 shared_secret_length );
3169 return( status );
3170 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
3171 #if defined(PSA_CRYPTO_DRIVER_TEST)
3172 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
3173 return( mbedtls_test_opaque_key_agreement( attributes,
3174 key_buffer, key_buffer_size, alg, peer_key,
3175 peer_key_length, shared_secret, shared_secret_size,
3176 shared_secret_length ) );
3177 #endif /* PSA_CRYPTO_DRIVER_TEST */
3178 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
3179
3180 default:
3181 (void) attributes;
3182 (void) key_buffer;
3183 (void) key_buffer_size;
3184 (void) peer_key;
3185 (void) peer_key_length;
3186 (void) shared_secret;
3187 (void) shared_secret_size;
3188 (void) shared_secret_length;
3189 return( PSA_ERROR_NOT_SUPPORTED );
3190
3191 }
3192 }
3193
psa_driver_wrapper_pake_setup(psa_pake_operation_t * operation,const psa_crypto_driver_pake_inputs_t * inputs)3194 static inline psa_status_t psa_driver_wrapper_pake_setup(
3195 psa_pake_operation_t *operation,
3196 const psa_crypto_driver_pake_inputs_t *inputs )
3197 {
3198 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
3199
3200 psa_key_location_t location =
3201 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime( &inputs->attributes ) );
3202
3203 switch( location )
3204 {
3205 case PSA_KEY_LOCATION_LOCAL_STORAGE:
3206 #if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER)
3207 case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION:
3208 #endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */
3209 /* Key is stored in the slot in export representation, so
3210 * cycle through all known transparent accelerators */
3211 status = PSA_ERROR_NOT_SUPPORTED;
3212 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
3213 #if defined(PSA_CRYPTO_DRIVER_TEST)
3214 status = mbedtls_test_transparent_pake_setup(
3215 &operation->data.ctx.transparent_test_driver_ctx,
3216 inputs );
3217 if( status == PSA_SUCCESS )
3218 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
3219 /* Declared with fallback == true */
3220 if( status != PSA_ERROR_NOT_SUPPORTED )
3221 return( status );
3222 #endif /* PSA_CRYPTO_DRIVER_TEST */
3223 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
3224 #if defined(MBEDTLS_PSA_BUILTIN_PAKE)
3225 status = mbedtls_psa_pake_setup( &operation->data.ctx.mbedtls_ctx,
3226 inputs );
3227 if( status == PSA_SUCCESS )
3228 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
3229 #endif
3230 return status;
3231 /* Add cases for opaque driver here */
3232 default:
3233 /* Key is declared with a lifetime not known to us */
3234 (void)operation;
3235 return( PSA_ERROR_INVALID_ARGUMENT );
3236 }
3237 }
3238
psa_driver_wrapper_pake_output(psa_pake_operation_t * operation,psa_crypto_driver_pake_step_t step,uint8_t * output,size_t output_size,size_t * output_length)3239 static inline psa_status_t psa_driver_wrapper_pake_output(
3240 psa_pake_operation_t *operation,
3241 psa_crypto_driver_pake_step_t step,
3242 uint8_t *output,
3243 size_t output_size,
3244 size_t *output_length )
3245 {
3246 switch( operation->id )
3247 {
3248 #if defined(MBEDTLS_PSA_BUILTIN_PAKE)
3249 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
3250 return( mbedtls_psa_pake_output( &operation->data.ctx.mbedtls_ctx, step,
3251 output, output_size, output_length ) );
3252 #endif /* MBEDTLS_PSA_BUILTIN_PAKE */
3253
3254 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
3255 #if defined(PSA_CRYPTO_DRIVER_TEST)
3256 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
3257 return( mbedtls_test_transparent_pake_output(
3258 &operation->data.ctx.transparent_test_driver_ctx,
3259 step, output, output_size, output_length ) );
3260 #endif /* PSA_CRYPTO_DRIVER_TEST */
3261 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
3262 default:
3263 (void) step;
3264 (void) output;
3265 (void) output_size;
3266 (void) output_length;
3267 return( PSA_ERROR_INVALID_ARGUMENT );
3268 }
3269 }
3270
psa_driver_wrapper_pake_input(psa_pake_operation_t * operation,psa_crypto_driver_pake_step_t step,const uint8_t * input,size_t input_length)3271 static inline psa_status_t psa_driver_wrapper_pake_input(
3272 psa_pake_operation_t *operation,
3273 psa_crypto_driver_pake_step_t step,
3274 const uint8_t *input,
3275 size_t input_length )
3276 {
3277 switch( operation->id )
3278 {
3279 #if defined(MBEDTLS_PSA_BUILTIN_PAKE)
3280 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
3281 return( mbedtls_psa_pake_input( &operation->data.ctx.mbedtls_ctx,
3282 step, input,
3283 input_length ) );
3284 #endif /* MBEDTLS_PSA_BUILTIN_PAKE */
3285
3286 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
3287 #if defined(PSA_CRYPTO_DRIVER_TEST)
3288 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
3289 return( mbedtls_test_transparent_pake_input(
3290 &operation->data.ctx.transparent_test_driver_ctx,
3291 step,
3292 input, input_length ) );
3293 #endif /* PSA_CRYPTO_DRIVER_TEST */
3294 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
3295 default:
3296 (void) step;
3297 (void) input;
3298 (void) input_length;
3299 return( PSA_ERROR_INVALID_ARGUMENT );
3300 }
3301 }
3302
psa_driver_wrapper_pake_get_implicit_key(psa_pake_operation_t * operation,uint8_t * output,size_t output_size,size_t * output_length)3303 static inline psa_status_t psa_driver_wrapper_pake_get_implicit_key(
3304 psa_pake_operation_t *operation,
3305 uint8_t *output, size_t output_size,
3306 size_t *output_length )
3307 {
3308 switch( operation->id )
3309 {
3310 #if defined(MBEDTLS_PSA_BUILTIN_PAKE)
3311 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
3312 return( mbedtls_psa_pake_get_implicit_key( &operation->data.ctx.mbedtls_ctx,
3313 output, output_size, output_length ) );
3314 #endif /* MBEDTLS_PSA_BUILTIN_PAKE */
3315
3316 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
3317 #if defined(PSA_CRYPTO_DRIVER_TEST)
3318 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
3319 return( mbedtls_test_transparent_pake_get_implicit_key(
3320 &operation->data.ctx.transparent_test_driver_ctx,
3321 output, output_size, output_length ) );
3322 #endif /* PSA_CRYPTO_DRIVER_TEST */
3323 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
3324 default:
3325 (void) output;
3326 (void) output_size;
3327 (void) output_length;
3328 return( PSA_ERROR_INVALID_ARGUMENT );
3329 }
3330 }
3331
psa_driver_wrapper_pake_abort(psa_pake_operation_t * operation)3332 static inline psa_status_t psa_driver_wrapper_pake_abort(
3333 psa_pake_operation_t * operation )
3334 {
3335 switch( operation->id )
3336 {
3337 #if defined(MBEDTLS_PSA_BUILTIN_PAKE)
3338 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
3339 return( mbedtls_psa_pake_abort( &operation->data.ctx.mbedtls_ctx ) );
3340 #endif /* MBEDTLS_PSA_BUILTIN_PAKE */
3341
3342 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
3343 #if defined(PSA_CRYPTO_DRIVER_TEST)
3344 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
3345 return( mbedtls_test_transparent_pake_abort(
3346 &operation->data.ctx.transparent_test_driver_ctx ) );
3347 #endif /* PSA_CRYPTO_DRIVER_TEST */
3348 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
3349 default:
3350 return( PSA_ERROR_INVALID_ARGUMENT );
3351 }
3352 }
3353
3354 #endif /* MBEDTLS_PSA_CRYPTO_C */
3355
