1 /*
2 * Functions to delegate cryptographic operations to an available
3 * and appropriate accelerator.
4 * Warning: This file will be auto-generated in the future.
5 */
6 /* Copyright The Mbed TLS Contributors
7 * SPDX-License-Identifier: Apache-2.0
8 *
9 * Licensed under the Apache License, Version 2.0 (the "License"); you may
10 * not use this file except in compliance with the License.
11 * You may obtain a copy of the License at
12 *
13 * http://www.apache.org/licenses/LICENSE-2.0
14 *
15 * Unless required by applicable law or agreed to in writing, software
16 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
17 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18 * See the License for the specific language governing permissions and
19 * limitations under the License.
20 */
21
22 #include "psa_crypto_core.h"
23 #include "psa_crypto_driver_wrappers.h"
24 #include "mbedtls/platform.h"
25
26 #if defined(MBEDTLS_PSA_CRYPTO_DRIVERS)
27
28 /* Include test driver definition when running tests */
29 #if defined(PSA_CRYPTO_DRIVER_TEST)
30 #ifndef PSA_CRYPTO_DRIVER_PRESENT
31 #define PSA_CRYPTO_DRIVER_PRESENT
32 #endif
33 #ifndef PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT
34 #define PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT
35 #endif
36 #include "test/drivers/test_driver.h"
37 #endif /* PSA_CRYPTO_DRIVER_TEST */
38
39 /* Repeat above block for each JSON-declared driver during autogeneration */
40
41 /* Auto-generated values depending on which drivers are registered. ID 0 is
42 * reserved for unallocated operations. */
43 #if defined(PSA_CRYPTO_DRIVER_TEST)
44 #define PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID (1)
45 #define PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID (2)
46 #endif /* PSA_CRYPTO_DRIVER_TEST */
47 #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS */
48
49 /* Support the 'old' SE interface when asked to */
50 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
51 /* PSA_CRYPTO_DRIVER_PRESENT is defined when either a new-style or old-style
52 * SE driver is present, to avoid unused argument errors at compile time. */
53 #ifndef PSA_CRYPTO_DRIVER_PRESENT
54 #define PSA_CRYPTO_DRIVER_PRESENT
55 #endif
56 #include "psa_crypto_se.h"
57 #endif
58
59 /* Start delegation functions */
psa_driver_wrapper_sign_hash(psa_key_slot_t * slot,psa_algorithm_t alg,const uint8_t * hash,size_t hash_length,uint8_t * signature,size_t signature_size,size_t * signature_length)60 psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot,
61 psa_algorithm_t alg,
62 const uint8_t *hash,
63 size_t hash_length,
64 uint8_t *signature,
65 size_t signature_size,
66 size_t *signature_length )
67 {
68 #if defined(PSA_CRYPTO_DRIVER_PRESENT)
69 /* Try dynamically-registered SE interface first */
70 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
71 const psa_drv_se_t *drv;
72 psa_drv_se_context_t *drv_context;
73
74 if( psa_get_se_driver( slot->attr.lifetime, &drv, &drv_context ) )
75 {
76 if( drv->asymmetric == NULL ||
77 drv->asymmetric->p_sign == NULL )
78 {
79 /* Key is defined in SE, but we have no way to exercise it */
80 return( PSA_ERROR_NOT_SUPPORTED );
81 }
82 return( drv->asymmetric->p_sign( drv_context,
83 slot->data.se.slot_number,
84 alg,
85 hash, hash_length,
86 signature, signature_size,
87 signature_length ) );
88 }
89 #endif /* PSA_CRYPTO_SE_C */
90
91 /* Then try accelerator API */
92 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
93 psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
94 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime);
95 psa_key_attributes_t attributes = {
96 .core = slot->attr
97 };
98
99 switch( location )
100 {
101 case PSA_KEY_LOCATION_LOCAL_STORAGE:
102 /* Key is stored in the slot in export representation, so
103 * cycle through all known transparent accelerators */
104 #if defined(PSA_CRYPTO_DRIVER_TEST)
105 status = test_transparent_signature_sign_hash( &attributes,
106 slot->data.key.data,
107 slot->data.key.bytes,
108 alg,
109 hash,
110 hash_length,
111 signature,
112 signature_size,
113 signature_length );
114 /* Declared with fallback == true */
115 if( status != PSA_ERROR_NOT_SUPPORTED )
116 return( status );
117 #endif /* PSA_CRYPTO_DRIVER_TEST */
118 /* Fell through, meaning no accelerator supports this operation */
119 return( PSA_ERROR_NOT_SUPPORTED );
120 /* Add cases for opaque driver here */
121 #if defined(PSA_CRYPTO_DRIVER_TEST)
122 case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
123 return( test_opaque_signature_sign_hash( &attributes,
124 slot->data.key.data,
125 slot->data.key.bytes,
126 alg,
127 hash,
128 hash_length,
129 signature,
130 signature_size,
131 signature_length ) );
132 #endif /* PSA_CRYPTO_DRIVER_TEST */
133 default:
134 /* Key is declared with a lifetime not known to us */
135 return( status );
136 }
137 #else /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
138 return( PSA_ERROR_NOT_SUPPORTED );
139 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
140 #else /* PSA_CRYPTO_DRIVER_PRESENT */
141 (void)slot;
142 (void)alg;
143 (void)hash;
144 (void)hash_length;
145 (void)signature;
146 (void)signature_size;
147 (void)signature_length;
148
149 return( PSA_ERROR_NOT_SUPPORTED );
150 #endif /* PSA_CRYPTO_DRIVER_PRESENT */
151 }
152
psa_driver_wrapper_verify_hash(psa_key_slot_t * slot,psa_algorithm_t alg,const uint8_t * hash,size_t hash_length,const uint8_t * signature,size_t signature_length)153 psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot,
154 psa_algorithm_t alg,
155 const uint8_t *hash,
156 size_t hash_length,
157 const uint8_t *signature,
158 size_t signature_length )
159 {
160 #if defined(PSA_CRYPTO_DRIVER_PRESENT)
161 /* Try dynamically-registered SE interface first */
162 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
163 const psa_drv_se_t *drv;
164 psa_drv_se_context_t *drv_context;
165
166 if( psa_get_se_driver( slot->attr.lifetime, &drv, &drv_context ) )
167 {
168 if( drv->asymmetric == NULL ||
169 drv->asymmetric->p_verify == NULL )
170 {
171 /* Key is defined in SE, but we have no way to exercise it */
172 return( PSA_ERROR_NOT_SUPPORTED );
173 }
174 return( drv->asymmetric->p_verify( drv_context,
175 slot->data.se.slot_number,
176 alg,
177 hash, hash_length,
178 signature, signature_length ) );
179 }
180 #endif /* PSA_CRYPTO_SE_C */
181
182 /* Then try accelerator API */
183 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
184 psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
185 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime);
186 psa_key_attributes_t attributes = {
187 .core = slot->attr
188 };
189
190 switch( location )
191 {
192 case PSA_KEY_LOCATION_LOCAL_STORAGE:
193 /* Key is stored in the slot in export representation, so
194 * cycle through all known transparent accelerators */
195 #if defined(PSA_CRYPTO_DRIVER_TEST)
196 status = test_transparent_signature_verify_hash( &attributes,
197 slot->data.key.data,
198 slot->data.key.bytes,
199 alg,
200 hash,
201 hash_length,
202 signature,
203 signature_length );
204 /* Declared with fallback == true */
205 if( status != PSA_ERROR_NOT_SUPPORTED )
206 return( status );
207 #endif /* PSA_CRYPTO_DRIVER_TEST */
208 /* Fell through, meaning no accelerator supports this operation */
209 return( PSA_ERROR_NOT_SUPPORTED );
210 /* Add cases for opaque driver here */
211 #if defined(PSA_CRYPTO_DRIVER_TEST)
212 case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
213 return( test_opaque_signature_verify_hash( &attributes,
214 slot->data.key.data,
215 slot->data.key.bytes,
216 alg,
217 hash,
218 hash_length,
219 signature,
220 signature_length ) );
221 #endif /* PSA_CRYPTO_DRIVER_TEST */
222 default:
223 /* Key is declared with a lifetime not known to us */
224 return( status );
225 }
226 #else /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
227 return( PSA_ERROR_NOT_SUPPORTED );
228 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
229 #else /* PSA_CRYPTO_DRIVER_PRESENT */
230 (void)slot;
231 (void)alg;
232 (void)hash;
233 (void)hash_length;
234 (void)signature;
235 (void)signature_length;
236
237 return( PSA_ERROR_NOT_SUPPORTED );
238 #endif /* PSA_CRYPTO_DRIVER_PRESENT */
239 }
240
241 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
242 /** Calculate the size to allocate for buffering a key with given attributes.
243 *
244 * This function provides a way to get the expected size for storing a key with
245 * the given attributes. This will be the size of the export representation for
246 * cleartext keys, and a driver-defined size for keys stored by opaque drivers.
247 *
248 * \param[in] attributes The key attribute structure of the key to store.
249 * \param[out] expected_size On success, a byte size large enough to contain
250 * the declared key.
251 *
252 * \retval #PSA_SUCCESS
253 * \retval #PSA_ERROR_NOT_SUPPORTED
254 */
get_expected_key_size(const psa_key_attributes_t * attributes,size_t * expected_size)255 static psa_status_t get_expected_key_size( const psa_key_attributes_t *attributes,
256 size_t *expected_size )
257 {
258 size_t buffer_size = 0;
259 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
260 psa_key_type_t key_type = attributes->core.type;
261 size_t key_bits = attributes->core.bits;
262
263 switch( location )
264 {
265 case PSA_KEY_LOCATION_LOCAL_STORAGE:
266 buffer_size = PSA_KEY_EXPORT_MAX_SIZE( key_type, key_bits );
267
268 if( buffer_size == 0 )
269 return( PSA_ERROR_NOT_SUPPORTED );
270
271 *expected_size = buffer_size;
272 return( PSA_SUCCESS );
273
274 #if defined(PSA_CRYPTO_DRIVER_TEST)
275 case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
276 #ifdef TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION
277 *expected_size = test_size_function( key_type, key_bits );
278 return( PSA_SUCCESS );
279 #else /* TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION */
280 if( PSA_KEY_TYPE_IS_KEY_PAIR( key_type ) )
281 {
282 int public_key_overhead = ( ( TEST_DRIVER_KEY_CONTEXT_STORE_PUBLIC_KEY == 1 ) ?
283 PSA_KEY_EXPORT_MAX_SIZE( key_type, key_bits ) : 0 );
284 *expected_size = TEST_DRIVER_KEY_CONTEXT_BASE_SIZE
285 + TEST_DRIVER_KEY_CONTEXT_PUBLIC_KEY_SIZE
286 + public_key_overhead;
287 }
288 else if( PSA_KEY_TYPE_IS_PUBLIC_KEY( attributes->core.type ) )
289 {
290 *expected_size = TEST_DRIVER_KEY_CONTEXT_BASE_SIZE
291 + TEST_DRIVER_KEY_CONTEXT_PUBLIC_KEY_SIZE;
292 }
293 else if ( !PSA_KEY_TYPE_IS_KEY_PAIR( key_type ) &&
294 !PSA_KEY_TYPE_IS_PUBLIC_KEY ( attributes->core.type ) )
295 {
296 *expected_size = TEST_DRIVER_KEY_CONTEXT_BASE_SIZE
297 + TEST_DRIVER_KEY_CONTEXT_SYMMETRIC_FACTOR
298 * ( ( key_bits + 7 ) / 8 );
299 }
300 else
301 {
302 return( PSA_ERROR_NOT_SUPPORTED );
303 }
304 return( PSA_SUCCESS );
305 #endif /* TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION */
306 #endif /* PSA_CRYPTO_DRIVER_TEST */
307
308 default:
309 return( PSA_ERROR_NOT_SUPPORTED );
310 }
311 }
312 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
313
psa_driver_wrapper_generate_key(const psa_key_attributes_t * attributes,psa_key_slot_t * slot)314 psa_status_t psa_driver_wrapper_generate_key( const psa_key_attributes_t *attributes,
315 psa_key_slot_t *slot )
316 {
317 #if defined(PSA_CRYPTO_DRIVER_PRESENT)
318 /* Try dynamically-registered SE interface first */
319 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
320 const psa_drv_se_t *drv;
321 psa_drv_se_context_t *drv_context;
322
323 if( psa_get_se_driver( slot->attr.lifetime, &drv, &drv_context ) )
324 {
325 size_t pubkey_length = 0; /* We don't support this feature yet */
326 if( drv->key_management == NULL ||
327 drv->key_management->p_generate == NULL )
328 {
329 /* Key is defined as being in SE, but we have no way to generate it */
330 return( PSA_ERROR_NOT_SUPPORTED );
331 }
332 return( drv->key_management->p_generate(
333 drv_context,
334 slot->data.se.slot_number, attributes,
335 NULL, 0, &pubkey_length ) );
336 }
337 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
338
339 /* Then try accelerator API */
340 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
341 psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
342 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime);
343 size_t export_size = 0;
344
345 status = get_expected_key_size( attributes, &export_size );
346 if( status != PSA_SUCCESS )
347 return( status );
348
349 slot->data.key.data = mbedtls_calloc(1, export_size);
350 if( slot->data.key.data == NULL )
351 return( PSA_ERROR_INSUFFICIENT_MEMORY );
352 slot->data.key.bytes = export_size;
353
354 switch( location )
355 {
356 case PSA_KEY_LOCATION_LOCAL_STORAGE:
357 /* Key is stored in the slot in export representation, so
358 * cycle through all known transparent accelerators */
359
360 /* Transparent drivers are limited to generating asymmetric keys */
361 if( ! PSA_KEY_TYPE_IS_ASYMMETRIC( slot->attr.type ) )
362 {
363 status = PSA_ERROR_NOT_SUPPORTED;
364 break;
365 }
366 #if defined(PSA_CRYPTO_DRIVER_TEST)
367 status = test_transparent_generate_key( attributes,
368 slot->data.key.data,
369 slot->data.key.bytes,
370 &slot->data.key.bytes );
371 /* Declared with fallback == true */
372 if( status != PSA_ERROR_NOT_SUPPORTED )
373 break;
374 #endif /* PSA_CRYPTO_DRIVER_TEST */
375 /* Fell through, meaning no accelerator supports this operation */
376 status = PSA_ERROR_NOT_SUPPORTED;
377 break;
378 /* Add cases for opaque driver here */
379 #if defined(PSA_CRYPTO_DRIVER_TEST)
380 case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
381 status = test_opaque_generate_key( attributes,
382 slot->data.key.data,
383 slot->data.key.bytes,
384 &slot->data.key.bytes );
385 break;
386 #endif /* PSA_CRYPTO_DRIVER_TEST */
387 default:
388 /* Key is declared with a lifetime not known to us */
389 status = PSA_ERROR_INVALID_ARGUMENT;
390 break;
391 }
392
393 if( status != PSA_SUCCESS )
394 {
395 /* free allocated buffer */
396 mbedtls_free( slot->data.key.data );
397 slot->data.key.data = NULL;
398 slot->data.key.bytes = 0;
399 }
400
401 return( status );
402 #else /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
403 return( PSA_ERROR_NOT_SUPPORTED );
404 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
405 #else /* PSA_CRYPTO_DRIVER_PRESENT */
406 (void) attributes;
407 (void) slot;
408
409 return( PSA_ERROR_NOT_SUPPORTED );
410 #endif /* PSA_CRYPTO_DRIVER_PRESENT */
411 }
412
psa_driver_wrapper_validate_key(const psa_key_attributes_t * attributes,const uint8_t * data,size_t data_length,size_t * bits)413 psa_status_t psa_driver_wrapper_validate_key( const psa_key_attributes_t *attributes,
414 const uint8_t *data,
415 size_t data_length,
416 size_t *bits )
417 {
418 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
419 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
420 /* Try accelerators in turn */
421 #if defined(PSA_CRYPTO_DRIVER_TEST)
422 status = test_transparent_validate_key( attributes,
423 data,
424 data_length,
425 bits );
426 /* Declared with fallback == true */
427 if( status != PSA_ERROR_NOT_SUPPORTED )
428 return( status );
429 #endif /* PSA_CRYPTO_DRIVER_TEST */
430
431 return( PSA_ERROR_NOT_SUPPORTED );
432 #else /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
433 (void) attributes;
434 (void) data;
435 (void) data_length;
436 (void) bits;
437 return( PSA_ERROR_NOT_SUPPORTED );
438 #endif /* PSA_CRYPTO_DRIVER_PRESENT */
439 }
440
psa_driver_wrapper_export_public_key(const psa_key_slot_t * slot,uint8_t * data,size_t data_size,size_t * data_length)441 psa_status_t psa_driver_wrapper_export_public_key( const psa_key_slot_t *slot,
442 uint8_t *data,
443 size_t data_size,
444 size_t *data_length )
445 {
446 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
447 psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
448 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime);
449 psa_key_attributes_t attributes = {
450 .core = slot->attr
451 };
452
453 switch( location )
454 {
455 case PSA_KEY_LOCATION_LOCAL_STORAGE:
456 /* Key is stored in the slot in export representation, so
457 * cycle through all known transparent accelerators */
458 #if defined(PSA_CRYPTO_DRIVER_TEST)
459 status = test_transparent_export_public_key( &attributes,
460 slot->data.key.data,
461 slot->data.key.bytes,
462 data,
463 data_size,
464 data_length );
465 /* Declared with fallback == true */
466 if( status != PSA_ERROR_NOT_SUPPORTED )
467 return( status );
468 #endif /* PSA_CRYPTO_DRIVER_TEST */
469 /* Fell through, meaning no accelerator supports this operation */
470 return( PSA_ERROR_NOT_SUPPORTED );
471 /* Add cases for opaque driver here */
472 #if defined(PSA_CRYPTO_DRIVER_TEST)
473 case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
474 return( test_opaque_export_public_key( &attributes,
475 slot->data.key.data,
476 slot->data.key.bytes,
477 data,
478 data_size,
479 data_length ) );
480 #endif /* PSA_CRYPTO_DRIVER_TEST */
481 default:
482 /* Key is declared with a lifetime not known to us */
483 return( status );
484 }
485 #else /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
486 (void) slot;
487 (void) data;
488 (void) data_size;
489 (void) data_length;
490 return( PSA_ERROR_NOT_SUPPORTED );
491 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
492 }
493
494 /*
495 * Cipher functions
496 */
psa_driver_wrapper_cipher_encrypt(psa_key_slot_t * slot,psa_algorithm_t alg,const uint8_t * input,size_t input_length,uint8_t * output,size_t output_size,size_t * output_length)497 psa_status_t psa_driver_wrapper_cipher_encrypt(
498 psa_key_slot_t *slot,
499 psa_algorithm_t alg,
500 const uint8_t *input,
501 size_t input_length,
502 uint8_t *output,
503 size_t output_size,
504 size_t *output_length )
505 {
506 #if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
507 psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
508 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime);
509 psa_key_attributes_t attributes = {
510 .core = slot->attr
511 };
512
513 switch( location )
514 {
515 case PSA_KEY_LOCATION_LOCAL_STORAGE:
516 /* Key is stored in the slot in export representation, so
517 * cycle through all known transparent accelerators */
518 #if defined(PSA_CRYPTO_DRIVER_TEST)
519 status = test_transparent_cipher_encrypt( &attributes,
520 slot->data.key.data,
521 slot->data.key.bytes,
522 alg,
523 input,
524 input_length,
525 output,
526 output_size,
527 output_length );
528 /* Declared with fallback == true */
529 if( status != PSA_ERROR_NOT_SUPPORTED )
530 return( status );
531 #endif /* PSA_CRYPTO_DRIVER_TEST */
532 /* Fell through, meaning no accelerator supports this operation */
533 return( PSA_ERROR_NOT_SUPPORTED );
534 /* Add cases for opaque driver here */
535 #if defined(PSA_CRYPTO_DRIVER_TEST)
536 case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
537 return( test_opaque_cipher_encrypt( &attributes,
538 slot->data.key.data,
539 slot->data.key.bytes,
540 alg,
541 input,
542 input_length,
543 output,
544 output_size,
545 output_length ) );
546 #endif /* PSA_CRYPTO_DRIVER_TEST */
547 default:
548 /* Key is declared with a lifetime not known to us */
549 return( status );
550 }
551 #else /* PSA_CRYPTO_DRIVER_PRESENT */
552 (void) slot;
553 (void) alg;
554 (void) input;
555 (void) input_length;
556 (void) output;
557 (void) output_size;
558 (void) output_length;
559
560 return( PSA_ERROR_NOT_SUPPORTED );
561 #endif /* PSA_CRYPTO_DRIVER_PRESENT */
562 }
563
psa_driver_wrapper_cipher_decrypt(psa_key_slot_t * slot,psa_algorithm_t alg,const uint8_t * input,size_t input_length,uint8_t * output,size_t output_size,size_t * output_length)564 psa_status_t psa_driver_wrapper_cipher_decrypt(
565 psa_key_slot_t *slot,
566 psa_algorithm_t alg,
567 const uint8_t *input,
568 size_t input_length,
569 uint8_t *output,
570 size_t output_size,
571 size_t *output_length )
572 {
573 #if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
574 psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
575 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime);
576 psa_key_attributes_t attributes = {
577 .core = slot->attr
578 };
579
580 switch( location )
581 {
582 case PSA_KEY_LOCATION_LOCAL_STORAGE:
583 /* Key is stored in the slot in export representation, so
584 * cycle through all known transparent accelerators */
585 #if defined(PSA_CRYPTO_DRIVER_TEST)
586 status = test_transparent_cipher_decrypt( &attributes,
587 slot->data.key.data,
588 slot->data.key.bytes,
589 alg,
590 input,
591 input_length,
592 output,
593 output_size,
594 output_length );
595 /* Declared with fallback == true */
596 if( status != PSA_ERROR_NOT_SUPPORTED )
597 return( status );
598 #endif /* PSA_CRYPTO_DRIVER_TEST */
599 /* Fell through, meaning no accelerator supports this operation */
600 return( PSA_ERROR_NOT_SUPPORTED );
601 /* Add cases for opaque driver here */
602 #if defined(PSA_CRYPTO_DRIVER_TEST)
603 case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
604 return( test_opaque_cipher_decrypt( &attributes,
605 slot->data.key.data,
606 slot->data.key.bytes,
607 alg,
608 input,
609 input_length,
610 output,
611 output_size,
612 output_length ) );
613 #endif /* PSA_CRYPTO_DRIVER_TEST */
614 default:
615 /* Key is declared with a lifetime not known to us */
616 return( status );
617 }
618 #else /* PSA_CRYPTO_DRIVER_PRESENT */
619 (void) slot;
620 (void) alg;
621 (void) input;
622 (void) input_length;
623 (void) output;
624 (void) output_size;
625 (void) output_length;
626
627 return( PSA_ERROR_NOT_SUPPORTED );
628 #endif /* PSA_CRYPTO_DRIVER_PRESENT */
629 }
630
psa_driver_wrapper_cipher_encrypt_setup(psa_operation_driver_context_t * operation,psa_key_slot_t * slot,psa_algorithm_t alg)631 psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
632 psa_operation_driver_context_t *operation,
633 psa_key_slot_t *slot,
634 psa_algorithm_t alg )
635 {
636 #if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
637 psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
638 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime);
639 psa_key_attributes_t attributes = {
640 .core = slot->attr
641 };
642
643 switch( location )
644 {
645 case PSA_KEY_LOCATION_LOCAL_STORAGE:
646 /* Key is stored in the slot in export representation, so
647 * cycle through all known transparent accelerators */
648 #if defined(PSA_CRYPTO_DRIVER_TEST)
649 operation->ctx = mbedtls_calloc( 1, sizeof(test_transparent_cipher_operation_t) );
650 if( operation->ctx == NULL )
651 return PSA_ERROR_INSUFFICIENT_MEMORY;
652
653 status = test_transparent_cipher_encrypt_setup( operation->ctx,
654 &attributes,
655 slot->data.key.data,
656 slot->data.key.bytes,
657 alg );
658 /* Declared with fallback == true */
659 if( status == PSA_SUCCESS )
660 operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
661 else
662 {
663 mbedtls_platform_zeroize(
664 operation->ctx,
665 sizeof( test_transparent_cipher_operation_t ) );
666 mbedtls_free( operation->ctx );
667 operation->ctx = NULL;
668 }
669
670 return( status );
671 #endif /* PSA_CRYPTO_DRIVER_TEST */
672 /* Fell through, meaning no accelerator supports this operation */
673 return( PSA_ERROR_NOT_SUPPORTED );
674 /* Add cases for opaque driver here */
675 #if defined(PSA_CRYPTO_DRIVER_TEST)
676 case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
677 operation->ctx = mbedtls_calloc( 1, sizeof(test_opaque_cipher_operation_t) );
678 if( operation->ctx == NULL )
679 return( PSA_ERROR_INSUFFICIENT_MEMORY );
680
681 status = test_opaque_cipher_encrypt_setup( operation->ctx,
682 &attributes,
683 slot->data.key.data,
684 slot->data.key.bytes,
685 alg );
686 if( status == PSA_SUCCESS )
687 operation->id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID;
688 else
689 {
690 mbedtls_platform_zeroize(
691 operation->ctx,
692 sizeof( test_opaque_cipher_operation_t ) );
693 mbedtls_free( operation->ctx );
694 operation->ctx = NULL;
695 }
696
697 return( status );
698 #endif /* PSA_CRYPTO_DRIVER_TEST */
699 default:
700 /* Key is declared with a lifetime not known to us */
701 return( PSA_ERROR_NOT_SUPPORTED );
702 }
703 #else /* PSA_CRYPTO_DRIVER_PRESENT */
704 (void)slot;
705 (void)alg;
706 (void)operation;
707
708 return( PSA_ERROR_NOT_SUPPORTED );
709 #endif /* PSA_CRYPTO_DRIVER_PRESENT */
710 }
711
psa_driver_wrapper_cipher_decrypt_setup(psa_operation_driver_context_t * operation,psa_key_slot_t * slot,psa_algorithm_t alg)712 psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
713 psa_operation_driver_context_t *operation,
714 psa_key_slot_t *slot,
715 psa_algorithm_t alg )
716 {
717 #if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
718 psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
719 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime);
720 psa_key_attributes_t attributes = {
721 .core = slot->attr
722 };
723
724 switch( location )
725 {
726 case PSA_KEY_LOCATION_LOCAL_STORAGE:
727 /* Key is stored in the slot in export representation, so
728 * cycle through all known transparent accelerators */
729 #if defined(PSA_CRYPTO_DRIVER_TEST)
730 operation->ctx = mbedtls_calloc( 1, sizeof(test_transparent_cipher_operation_t) );
731 if( operation->ctx == NULL )
732 return( PSA_ERROR_INSUFFICIENT_MEMORY );
733
734 status = test_transparent_cipher_decrypt_setup( operation->ctx,
735 &attributes,
736 slot->data.key.data,
737 slot->data.key.bytes,
738 alg );
739 /* Declared with fallback == true */
740 if( status == PSA_SUCCESS )
741 operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
742 else
743 {
744 mbedtls_platform_zeroize(
745 operation->ctx,
746 sizeof( test_transparent_cipher_operation_t ) );
747 mbedtls_free( operation->ctx );
748 operation->ctx = NULL;
749 }
750
751 return( status );
752 #endif /* PSA_CRYPTO_DRIVER_TEST */
753 /* Fell through, meaning no accelerator supports this operation */
754 return( PSA_ERROR_NOT_SUPPORTED );
755 /* Add cases for opaque driver here */
756 #if defined(PSA_CRYPTO_DRIVER_TEST)
757 case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
758 operation->ctx = mbedtls_calloc( 1, sizeof(test_opaque_cipher_operation_t) );
759 if( operation->ctx == NULL )
760 return PSA_ERROR_INSUFFICIENT_MEMORY;
761
762 status = test_opaque_cipher_decrypt_setup( operation->ctx,
763 &attributes,
764 slot->data.key.data,
765 slot->data.key.bytes,
766 alg );
767 if( status == PSA_SUCCESS )
768 operation->id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID;
769 else
770 {
771 mbedtls_platform_zeroize(
772 operation->ctx,
773 sizeof( test_opaque_cipher_operation_t ) );
774 mbedtls_free( operation->ctx );
775 operation->ctx = NULL;
776 }
777
778 return( status );
779 #endif /* PSA_CRYPTO_DRIVER_TEST */
780 default:
781 /* Key is declared with a lifetime not known to us */
782 return( PSA_ERROR_NOT_SUPPORTED );
783 }
784 #else /* PSA_CRYPTO_DRIVER_PRESENT */
785 (void)slot;
786 (void)alg;
787 (void)operation;
788
789 return( PSA_ERROR_NOT_SUPPORTED );
790 #endif /* PSA_CRYPTO_DRIVER_PRESENT */
791 }
792
psa_driver_wrapper_cipher_generate_iv(psa_operation_driver_context_t * operation,uint8_t * iv,size_t iv_size,size_t * iv_length)793 psa_status_t psa_driver_wrapper_cipher_generate_iv(
794 psa_operation_driver_context_t *operation,
795 uint8_t *iv,
796 size_t iv_size,
797 size_t *iv_length )
798 {
799 #if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
800 switch( operation->id )
801 {
802 #if defined(PSA_CRYPTO_DRIVER_TEST)
803 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
804 return( test_transparent_cipher_generate_iv( operation->ctx,
805 iv,
806 iv_size,
807 iv_length ) );
808 #endif /* PSA_CRYPTO_DRIVER_TEST */
809 #if defined(PSA_CRYPTO_DRIVER_TEST)
810 case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
811 return( test_opaque_cipher_generate_iv( operation->ctx,
812 iv,
813 iv_size,
814 iv_length ) );
815 #endif /* PSA_CRYPTO_DRIVER_TEST */
816 default:
817 /* Key is attached to a driver not known to us */
818 return( PSA_ERROR_BAD_STATE );
819 }
820 #else /* PSA_CRYPTO_DRIVER_PRESENT */
821 (void) operation;
822 (void) iv;
823 (void) iv_size;
824 (void) iv_length;
825
826 return( PSA_ERROR_NOT_SUPPORTED );
827 #endif /* PSA_CRYPTO_DRIVER_PRESENT */
828 }
829
psa_driver_wrapper_cipher_set_iv(psa_operation_driver_context_t * operation,const uint8_t * iv,size_t iv_length)830 psa_status_t psa_driver_wrapper_cipher_set_iv(
831 psa_operation_driver_context_t *operation,
832 const uint8_t *iv,
833 size_t iv_length )
834 {
835 #if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
836 switch( operation->id )
837 {
838 #if defined(PSA_CRYPTO_DRIVER_TEST)
839 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
840 return( test_transparent_cipher_set_iv( operation->ctx,
841 iv,
842 iv_length ) );
843 #endif /* PSA_CRYPTO_DRIVER_TEST */
844 #if defined(PSA_CRYPTO_DRIVER_TEST)
845 case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
846 return( test_opaque_cipher_set_iv( operation->ctx,
847 iv,
848 iv_length ) );
849 #endif /* PSA_CRYPTO_DRIVER_TEST */
850 default:
851 /* Key is attached to a driver not known to us */
852 return( PSA_ERROR_BAD_STATE );
853 }
854 #else /* PSA_CRYPTO_DRIVER_PRESENT */
855 (void) operation;
856 (void) iv;
857 (void) iv_length;
858
859 return( PSA_ERROR_NOT_SUPPORTED );
860 #endif /* PSA_CRYPTO_DRIVER_PRESENT */
861 }
862
psa_driver_wrapper_cipher_update(psa_operation_driver_context_t * operation,const uint8_t * input,size_t input_length,uint8_t * output,size_t output_size,size_t * output_length)863 psa_status_t psa_driver_wrapper_cipher_update(
864 psa_operation_driver_context_t *operation,
865 const uint8_t *input,
866 size_t input_length,
867 uint8_t *output,
868 size_t output_size,
869 size_t *output_length )
870 {
871 #if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
872 switch( operation->id )
873 {
874 #if defined(PSA_CRYPTO_DRIVER_TEST)
875 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
876 return( test_transparent_cipher_update( operation->ctx,
877 input,
878 input_length,
879 output,
880 output_size,
881 output_length ) );
882 #endif /* PSA_CRYPTO_DRIVER_TEST */
883 #if defined(PSA_CRYPTO_DRIVER_TEST)
884 case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
885 return( test_opaque_cipher_update( operation->ctx,
886 input,
887 input_length,
888 output,
889 output_size,
890 output_length ) );
891 #endif /* PSA_CRYPTO_DRIVER_TEST */
892 default:
893 /* Key is attached to a driver not known to us */
894 return( PSA_ERROR_BAD_STATE );
895 }
896 #else /* PSA_CRYPTO_DRIVER_PRESENT */
897 (void) operation;
898 (void) input;
899 (void) input_length;
900 (void) output;
901 (void) output_length;
902 (void) output_size;
903
904 return( PSA_ERROR_NOT_SUPPORTED );
905 #endif /* PSA_CRYPTO_DRIVER_PRESENT */
906 }
907
psa_driver_wrapper_cipher_finish(psa_operation_driver_context_t * operation,uint8_t * output,size_t output_size,size_t * output_length)908 psa_status_t psa_driver_wrapper_cipher_finish(
909 psa_operation_driver_context_t *operation,
910 uint8_t *output,
911 size_t output_size,
912 size_t *output_length )
913 {
914 #if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
915 switch( operation->id )
916 {
917 #if defined(PSA_CRYPTO_DRIVER_TEST)
918 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
919 return( test_transparent_cipher_finish( operation->ctx,
920 output,
921 output_size,
922 output_length ) );
923 #endif /* PSA_CRYPTO_DRIVER_TEST */
924 #if defined(PSA_CRYPTO_DRIVER_TEST)
925 case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
926 return( test_opaque_cipher_finish( operation->ctx,
927 output,
928 output_size,
929 output_length ) );
930 #endif /* PSA_CRYPTO_DRIVER_TEST */
931 default:
932 /* Key is attached to a driver not known to us */
933 return( PSA_ERROR_BAD_STATE );
934 }
935 #else /* PSA_CRYPTO_DRIVER_PRESENT */
936 (void) operation;
937 (void) output;
938 (void) output_size;
939 (void) output_length;
940
941 return( PSA_ERROR_NOT_SUPPORTED );
942 #endif /* PSA_CRYPTO_DRIVER_PRESENT */
943 }
944
psa_driver_wrapper_cipher_abort(psa_operation_driver_context_t * operation)945 psa_status_t psa_driver_wrapper_cipher_abort(
946 psa_operation_driver_context_t *operation )
947 {
948 #if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
949 psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
950
951 /* The object has (apparently) been initialized but it is not in use. It's
952 * ok to call abort on such an object, and there's nothing to do. */
953 if( operation->ctx == NULL && operation->id == 0 )
954 return( PSA_SUCCESS );
955
956 switch( operation->id )
957 {
958 #if defined(PSA_CRYPTO_DRIVER_TEST)
959 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
960 status = test_transparent_cipher_abort( operation->ctx );
961 mbedtls_platform_zeroize(
962 operation->ctx,
963 sizeof( test_transparent_cipher_operation_t ) );
964 mbedtls_free( operation->ctx );
965 operation->ctx = NULL;
966 operation->id = 0;
967
968 return( status );
969 #endif /* PSA_CRYPTO_DRIVER_TEST */
970 #if defined(PSA_CRYPTO_DRIVER_TEST)
971 case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
972 status = test_opaque_cipher_abort( operation->ctx );
973 mbedtls_platform_zeroize(
974 operation->ctx,
975 sizeof( test_opaque_cipher_operation_t ) );
976 mbedtls_free( operation->ctx );
977 operation->ctx = NULL;
978 operation->id = 0;
979
980 return( status );
981 #endif /* PSA_CRYPTO_DRIVER_TEST */
982 default:
983 /* Operation is attached to a driver not known to us */
984 return( PSA_ERROR_BAD_STATE );
985 }
986 #else /* PSA_CRYPTO_DRIVER_PRESENT */
987 (void)operation;
988
989 return( PSA_ERROR_NOT_SUPPORTED );
990 #endif /* PSA_CRYPTO_DRIVER_PRESENT */
991 }
992
993 /* End of automatically generated file. */
994
