1/* 2 * Functions to delegate cryptographic operations to an available 3 * and appropriate accelerator. 4 * Warning: This file is now auto-generated. 5 */ 6/* Copyright The Mbed TLS Contributors 7 * SPDX-License-Identifier: Apache-2.0 8 * 9 * Licensed under the Apache License, Version 2.0 (the "License"); you may 10 * not use this file except in compliance with the License. 11 * You may obtain a copy of the License at 12 * 13 * http://www.apache.org/licenses/LICENSE-2.0 14 * 15 * Unless required by applicable law or agreed to in writing, software 16 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 17 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 * See the License for the specific language governing permissions and 19 * limitations under the License. 20 */ 21 22 23/* BEGIN-common headers */ 24#include "common.h" 25#include "psa_crypto_aead.h" 26#include "psa_crypto_cipher.h" 27#include "psa_crypto_core.h" 28#include "psa_crypto_driver_wrappers.h" 29#include "psa_crypto_hash.h" 30#include "psa_crypto_mac.h" 31#include "psa_crypto_rsa.h" 32 33#include "mbedtls/platform.h" 34/* END-common headers */ 35 36#if defined(MBEDTLS_PSA_CRYPTO_C) 37 38/* BEGIN-driver headers */ 39#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) 40{% for driver in drivers -%} 41/* Headers for {{driver.prefix}} {{driver.type}} driver */ 42{% if driver['mbedtls/h_condition'] is defined -%} 43#if {{ driver['mbedtls/h_condition'] }} 44{% endif -%} 45{% for header in driver.headers -%} 46#include "{{ header }}" 47{% endfor %} 48{% if driver['mbedtls/h_condition'] is defined -%} 49#endif 50{% endif -%} 51{% endfor %} 52#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS */ 53/* END-driver headers */ 54 55/* Auto-generated values depending on which drivers are registered. 56 * ID 0 is reserved for unallocated operations. 57 * ID 1 is reserved for the Mbed TLS software driver. */ 58/* BEGIN-driver id definition */ 59#define PSA_CRYPTO_MBED_TLS_DRIVER_ID (1) 60{% for driver in drivers -%} 61#define {{(driver.prefix + "_" + driver.type + "_driver_id").upper()}} ({{ loop.index + 1 }}) 62{% endfor %} 63/* END-driver id */ 64 65/* BEGIN-Common Macro definitions */ 66{% macro entry_point_name(capability, entry_point, driver) -%} 67 {% if capability.name is defined and entry_point in capability.names.keys() -%} 68 {{ capability.names[entry_point]}} 69 {% else -%} 70 {{driver.prefix}}_{{driver.type}}_{{entry_point}} 71 {% endif -%} 72{% endmacro %} 73/* END-Common Macro definitions */ 74 75/* Support the 'old' SE interface when asked to */ 76#if defined(MBEDTLS_PSA_CRYPTO_SE_C) 77/* PSA_CRYPTO_DRIVER_PRESENT is defined when either a new-style or old-style 78 * SE driver is present, to avoid unused argument errors at compile time. */ 79#ifndef PSA_CRYPTO_DRIVER_PRESENT 80#define PSA_CRYPTO_DRIVER_PRESENT 81#endif 82#include "psa_crypto_se.h" 83#endif 84 85psa_status_t psa_driver_wrapper_init( void ) 86{ 87 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 88 89#if defined(MBEDTLS_PSA_CRYPTO_SE_C) 90 status = psa_init_all_se_drivers( ); 91 if( status != PSA_SUCCESS ) 92 return( status ); 93#endif 94 95#if defined(PSA_CRYPTO_DRIVER_TEST) 96 status = mbedtls_test_transparent_init( ); 97 if( status != PSA_SUCCESS ) 98 return( status ); 99 100 status = mbedtls_test_opaque_init( ); 101 if( status != PSA_SUCCESS ) 102 return( status ); 103#endif 104 105 (void) status; 106 return( PSA_SUCCESS ); 107} 108 109void psa_driver_wrapper_free( void ) 110{ 111#if defined(MBEDTLS_PSA_CRYPTO_SE_C) 112 /* Unregister all secure element drivers, so that we restart from 113 * a pristine state. */ 114 psa_unregister_all_se_drivers( ); 115#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ 116 117#if defined(PSA_CRYPTO_DRIVER_TEST) 118 mbedtls_test_transparent_free( ); 119 mbedtls_test_opaque_free( ); 120#endif 121} 122 123/* Start delegation functions */ 124psa_status_t psa_driver_wrapper_sign_message( 125 const psa_key_attributes_t *attributes, 126 const uint8_t *key_buffer, 127 size_t key_buffer_size, 128 psa_algorithm_t alg, 129 const uint8_t *input, 130 size_t input_length, 131 uint8_t *signature, 132 size_t signature_size, 133 size_t *signature_length ) 134{ 135 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 136 psa_key_location_t location = 137 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); 138 139 switch( location ) 140 { 141 case PSA_KEY_LOCATION_LOCAL_STORAGE: 142 /* Key is stored in the slot in export representation, so 143 * cycle through all known transparent accelerators */ 144#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 145#if defined(PSA_CRYPTO_DRIVER_TEST) 146 status = mbedtls_test_transparent_signature_sign_message( 147 attributes, 148 key_buffer, 149 key_buffer_size, 150 alg, 151 input, 152 input_length, 153 signature, 154 signature_size, 155 signature_length ); 156 /* Declared with fallback == true */ 157 if( status != PSA_ERROR_NOT_SUPPORTED ) 158 return( status ); 159#endif /* PSA_CRYPTO_DRIVER_TEST */ 160#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 161 break; 162 163 /* Add cases for opaque driver here */ 164#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 165#if defined(PSA_CRYPTO_DRIVER_TEST) 166 case PSA_CRYPTO_TEST_DRIVER_LOCATION: 167 status = mbedtls_test_opaque_signature_sign_message( 168 attributes, 169 key_buffer, 170 key_buffer_size, 171 alg, 172 input, 173 input_length, 174 signature, 175 signature_size, 176 signature_length ); 177 if( status != PSA_ERROR_NOT_SUPPORTED ) 178 return( status ); 179 break; 180#endif /* PSA_CRYPTO_DRIVER_TEST */ 181#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 182 default: 183 /* Key is declared with a lifetime not known to us */ 184 (void)status; 185 break; 186 } 187 188 return( psa_sign_message_builtin( attributes, 189 key_buffer, 190 key_buffer_size, 191 alg, 192 input, 193 input_length, 194 signature, 195 signature_size, 196 signature_length ) ); 197} 198 199psa_status_t psa_driver_wrapper_verify_message( 200 const psa_key_attributes_t *attributes, 201 const uint8_t *key_buffer, 202 size_t key_buffer_size, 203 psa_algorithm_t alg, 204 const uint8_t *input, 205 size_t input_length, 206 const uint8_t *signature, 207 size_t signature_length ) 208{ 209 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 210 psa_key_location_t location = 211 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); 212 213 switch( location ) 214 { 215 case PSA_KEY_LOCATION_LOCAL_STORAGE: 216 /* Key is stored in the slot in export representation, so 217 * cycle through all known transparent accelerators */ 218#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 219#if defined(PSA_CRYPTO_DRIVER_TEST) 220 status = mbedtls_test_transparent_signature_verify_message( 221 attributes, 222 key_buffer, 223 key_buffer_size, 224 alg, 225 input, 226 input_length, 227 signature, 228 signature_length ); 229 /* Declared with fallback == true */ 230 if( status != PSA_ERROR_NOT_SUPPORTED ) 231 return( status ); 232#endif /* PSA_CRYPTO_DRIVER_TEST */ 233#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 234 break; 235 236 /* Add cases for opaque driver here */ 237#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 238#if defined(PSA_CRYPTO_DRIVER_TEST) 239 case PSA_CRYPTO_TEST_DRIVER_LOCATION: 240 return( mbedtls_test_opaque_signature_verify_message( 241 attributes, 242 key_buffer, 243 key_buffer_size, 244 alg, 245 input, 246 input_length, 247 signature, 248 signature_length ) ); 249 if( status != PSA_ERROR_NOT_SUPPORTED ) 250 return( status ); 251 break; 252#endif /* PSA_CRYPTO_DRIVER_TEST */ 253#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 254 default: 255 /* Key is declared with a lifetime not known to us */ 256 (void)status; 257 break; 258 } 259 260 return( psa_verify_message_builtin( attributes, 261 key_buffer, 262 key_buffer_size, 263 alg, 264 input, 265 input_length, 266 signature, 267 signature_length ) ); 268} 269 270psa_status_t psa_driver_wrapper_sign_hash( 271 const psa_key_attributes_t *attributes, 272 const uint8_t *key_buffer, size_t key_buffer_size, 273 psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, 274 uint8_t *signature, size_t signature_size, size_t *signature_length ) 275{ 276 /* Try dynamically-registered SE interface first */ 277#if defined(MBEDTLS_PSA_CRYPTO_SE_C) 278 const psa_drv_se_t *drv; 279 psa_drv_se_context_t *drv_context; 280 281 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) ) 282 { 283 if( drv->asymmetric == NULL || 284 drv->asymmetric->p_sign == NULL ) 285 { 286 /* Key is defined in SE, but we have no way to exercise it */ 287 return( PSA_ERROR_NOT_SUPPORTED ); 288 } 289 return( drv->asymmetric->p_sign( 290 drv_context, *( (psa_key_slot_number_t *)key_buffer ), 291 alg, hash, hash_length, 292 signature, signature_size, signature_length ) ); 293 } 294#endif /* PSA_CRYPTO_SE_C */ 295 296 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 297 psa_key_location_t location = 298 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); 299 300 switch( location ) 301 { 302 case PSA_KEY_LOCATION_LOCAL_STORAGE: 303 /* Key is stored in the slot in export representation, so 304 * cycle through all known transparent accelerators */ 305#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 306#if defined(PSA_CRYPTO_DRIVER_TEST) 307 status = mbedtls_test_transparent_signature_sign_hash( attributes, 308 key_buffer, 309 key_buffer_size, 310 alg, 311 hash, 312 hash_length, 313 signature, 314 signature_size, 315 signature_length ); 316 /* Declared with fallback == true */ 317 if( status != PSA_ERROR_NOT_SUPPORTED ) 318 return( status ); 319#endif /* PSA_CRYPTO_DRIVER_TEST */ 320#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 321 /* Fell through, meaning no accelerator supports this operation */ 322 return( psa_sign_hash_builtin( attributes, 323 key_buffer, 324 key_buffer_size, 325 alg, 326 hash, 327 hash_length, 328 signature, 329 signature_size, 330 signature_length ) ); 331 332 /* Add cases for opaque driver here */ 333#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 334#if defined(PSA_CRYPTO_DRIVER_TEST) 335 case PSA_CRYPTO_TEST_DRIVER_LOCATION: 336 return( mbedtls_test_opaque_signature_sign_hash( attributes, 337 key_buffer, 338 key_buffer_size, 339 alg, 340 hash, 341 hash_length, 342 signature, 343 signature_size, 344 signature_length ) ); 345#endif /* PSA_CRYPTO_DRIVER_TEST */ 346#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 347 default: 348 /* Key is declared with a lifetime not known to us */ 349 (void)status; 350 return( PSA_ERROR_INVALID_ARGUMENT ); 351 } 352} 353 354psa_status_t psa_driver_wrapper_verify_hash( 355 const psa_key_attributes_t *attributes, 356 const uint8_t *key_buffer, size_t key_buffer_size, 357 psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, 358 const uint8_t *signature, size_t signature_length ) 359{ 360 /* Try dynamically-registered SE interface first */ 361#if defined(MBEDTLS_PSA_CRYPTO_SE_C) 362 const psa_drv_se_t *drv; 363 psa_drv_se_context_t *drv_context; 364 365 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) ) 366 { 367 if( drv->asymmetric == NULL || 368 drv->asymmetric->p_verify == NULL ) 369 { 370 /* Key is defined in SE, but we have no way to exercise it */ 371 return( PSA_ERROR_NOT_SUPPORTED ); 372 } 373 return( drv->asymmetric->p_verify( 374 drv_context, *( (psa_key_slot_number_t *)key_buffer ), 375 alg, hash, hash_length, 376 signature, signature_length ) ); 377 } 378#endif /* PSA_CRYPTO_SE_C */ 379 380 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 381 psa_key_location_t location = 382 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); 383 384 switch( location ) 385 { 386 case PSA_KEY_LOCATION_LOCAL_STORAGE: 387 /* Key is stored in the slot in export representation, so 388 * cycle through all known transparent accelerators */ 389#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 390#if defined(PSA_CRYPTO_DRIVER_TEST) 391 status = mbedtls_test_transparent_signature_verify_hash( 392 attributes, 393 key_buffer, 394 key_buffer_size, 395 alg, 396 hash, 397 hash_length, 398 signature, 399 signature_length ); 400 /* Declared with fallback == true */ 401 if( status != PSA_ERROR_NOT_SUPPORTED ) 402 return( status ); 403#endif /* PSA_CRYPTO_DRIVER_TEST */ 404#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 405 406 return( psa_verify_hash_builtin( attributes, 407 key_buffer, 408 key_buffer_size, 409 alg, 410 hash, 411 hash_length, 412 signature, 413 signature_length ) ); 414 415 /* Add cases for opaque driver here */ 416#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 417#if defined(PSA_CRYPTO_DRIVER_TEST) 418 case PSA_CRYPTO_TEST_DRIVER_LOCATION: 419 return( mbedtls_test_opaque_signature_verify_hash( attributes, 420 key_buffer, 421 key_buffer_size, 422 alg, 423 hash, 424 hash_length, 425 signature, 426 signature_length ) ); 427#endif /* PSA_CRYPTO_DRIVER_TEST */ 428#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 429 default: 430 /* Key is declared with a lifetime not known to us */ 431 (void)status; 432 return( PSA_ERROR_INVALID_ARGUMENT ); 433 } 434} 435 436/** Calculate the key buffer size required to store the key material of a key 437 * associated with an opaque driver from input key data. 438 * 439 * \param[in] attributes The key attributes 440 * \param[in] data The input key data. 441 * \param[in] data_length The input data length. 442 * \param[out] key_buffer_size Minimum buffer size to contain the key material. 443 * 444 * \retval #PSA_SUCCESS 445 * \retval #PSA_ERROR_INVALID_ARGUMENT 446 * \retval #PSA_ERROR_NOT_SUPPORTED 447 */ 448psa_status_t psa_driver_wrapper_get_key_buffer_size_from_key_data( 449 const psa_key_attributes_t *attributes, 450 const uint8_t *data, 451 size_t data_length, 452 size_t *key_buffer_size ) 453{ 454 psa_key_location_t location = 455 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); 456 psa_key_type_t key_type = attributes->core.type; 457 458 *key_buffer_size = 0; 459 switch( location ) 460 { 461#if defined(PSA_CRYPTO_DRIVER_TEST) 462 case PSA_CRYPTO_TEST_DRIVER_LOCATION: 463 *key_buffer_size = mbedtls_test_opaque_size_function( key_type, 464 PSA_BYTES_TO_BITS( data_length ) ); 465 return( ( *key_buffer_size != 0 ) ? 466 PSA_SUCCESS : PSA_ERROR_NOT_SUPPORTED ); 467#endif /* PSA_CRYPTO_DRIVER_TEST */ 468 469 default: 470 (void)key_type; 471 (void)data; 472 (void)data_length; 473 return( PSA_ERROR_INVALID_ARGUMENT ); 474 } 475} 476 477/** Get the key buffer size required to store the key material of a key 478 * associated with an opaque driver. 479 * 480 * \param[in] attributes The key attributes. 481 * \param[out] key_buffer_size Minimum buffer size to contain the key material 482 * 483 * \retval #PSA_SUCCESS 484 * The minimum size for a buffer to contain the key material has been 485 * returned successfully. 486 * \retval #PSA_ERROR_NOT_SUPPORTED 487 * The type and/or the size in bits of the key or the combination of 488 * the two is not supported. 489 * \retval #PSA_ERROR_INVALID_ARGUMENT 490 * The key is declared with a lifetime not known to us. 491 */ 492psa_status_t psa_driver_wrapper_get_key_buffer_size( 493 const psa_key_attributes_t *attributes, 494 size_t *key_buffer_size ) 495{ 496 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); 497 psa_key_type_t key_type = attributes->core.type; 498 size_t key_bits = attributes->core.bits; 499 500 *key_buffer_size = 0; 501 switch( location ) 502 { 503#if defined(PSA_CRYPTO_DRIVER_TEST) 504 case PSA_CRYPTO_TEST_DRIVER_LOCATION: 505#if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS) 506 /* Emulate property 'builtin_key_size' */ 507 if( psa_key_id_is_builtin( 508 MBEDTLS_SVC_KEY_ID_GET_KEY_ID( 509 psa_get_key_id( attributes ) ) ) ) 510 { 511 *key_buffer_size = sizeof( psa_drv_slot_number_t ); 512 return( PSA_SUCCESS ); 513 } 514#endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */ 515 *key_buffer_size = mbedtls_test_opaque_size_function( key_type, 516 key_bits ); 517 return( ( *key_buffer_size != 0 ) ? 518 PSA_SUCCESS : PSA_ERROR_NOT_SUPPORTED ); 519#endif /* PSA_CRYPTO_DRIVER_TEST */ 520 521 default: 522 (void)key_type; 523 (void)key_bits; 524 return( PSA_ERROR_INVALID_ARGUMENT ); 525 } 526} 527 528psa_status_t psa_driver_wrapper_generate_key( 529 const psa_key_attributes_t *attributes, 530 uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length ) 531{ 532 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 533 psa_key_location_t location = 534 PSA_KEY_LIFETIME_GET_LOCATION(attributes->core.lifetime); 535 536 /* Try dynamically-registered SE interface first */ 537#if defined(MBEDTLS_PSA_CRYPTO_SE_C) 538 const psa_drv_se_t *drv; 539 psa_drv_se_context_t *drv_context; 540 541 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) ) 542 { 543 size_t pubkey_length = 0; /* We don't support this feature yet */ 544 if( drv->key_management == NULL || 545 drv->key_management->p_generate == NULL ) 546 { 547 /* Key is defined as being in SE, but we have no way to generate it */ 548 return( PSA_ERROR_NOT_SUPPORTED ); 549 } 550 return( drv->key_management->p_generate( 551 drv_context, 552 *( (psa_key_slot_number_t *)key_buffer ), 553 attributes, NULL, 0, &pubkey_length ) ); 554 } 555#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ 556 557 switch( location ) 558 { 559 case PSA_KEY_LOCATION_LOCAL_STORAGE: 560#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 561 /* Transparent drivers are limited to generating asymmetric keys */ 562 if( PSA_KEY_TYPE_IS_ASYMMETRIC( attributes->core.type ) ) 563 { 564 /* Cycle through all known transparent accelerators */ 565#if defined(PSA_CRYPTO_DRIVER_TEST) 566 status = mbedtls_test_transparent_generate_key( 567 attributes, key_buffer, key_buffer_size, 568 key_buffer_length ); 569 /* Declared with fallback == true */ 570 if( status != PSA_ERROR_NOT_SUPPORTED ) 571 break; 572#endif /* PSA_CRYPTO_DRIVER_TEST */ 573 } 574#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 575 576 /* Software fallback */ 577 status = psa_generate_key_internal( 578 attributes, key_buffer, key_buffer_size, key_buffer_length ); 579 break; 580 581 /* Add cases for opaque driver here */ 582#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 583#if defined(PSA_CRYPTO_DRIVER_TEST) 584 case PSA_CRYPTO_TEST_DRIVER_LOCATION: 585 status = mbedtls_test_opaque_generate_key( 586 attributes, key_buffer, key_buffer_size, key_buffer_length ); 587 break; 588#endif /* PSA_CRYPTO_DRIVER_TEST */ 589#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 590 591 default: 592 /* Key is declared with a lifetime not known to us */ 593 status = PSA_ERROR_INVALID_ARGUMENT; 594 break; 595 } 596 597 return( status ); 598} 599 600psa_status_t psa_driver_wrapper_import_key( 601 const psa_key_attributes_t *attributes, 602 const uint8_t *data, 603 size_t data_length, 604 uint8_t *key_buffer, 605 size_t key_buffer_size, 606 size_t *key_buffer_length, 607 size_t *bits ) 608{ 609{% with entry_point = "import_key" -%} 610{% macro entry_point_param(driver) -%} 611attributes, 612data, 613data_length, 614key_buffer, 615key_buffer_size, 616key_buffer_length, 617bits 618{% endmacro %} 619 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 620 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( 621 psa_get_key_lifetime( attributes ) ); 622 623 /* Try dynamically-registered SE interface first */ 624#if defined(MBEDTLS_PSA_CRYPTO_SE_C) 625 const psa_drv_se_t *drv; 626 psa_drv_se_context_t *drv_context; 627 628 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) ) 629 { 630 if( drv->key_management == NULL || 631 drv->key_management->p_import == NULL ) 632 return( PSA_ERROR_NOT_SUPPORTED ); 633 634 /* The driver should set the number of key bits, however in 635 * case it doesn't, we initialize bits to an invalid value. */ 636 *bits = PSA_MAX_KEY_BITS + 1; 637 status = drv->key_management->p_import( 638 drv_context, 639 *( (psa_key_slot_number_t *)key_buffer ), 640 attributes, data, data_length, bits ); 641 642 if( status != PSA_SUCCESS ) 643 return( status ); 644 645 if( (*bits) > PSA_MAX_KEY_BITS ) 646 return( PSA_ERROR_NOT_SUPPORTED ); 647 648 return( PSA_SUCCESS ); 649 } 650#endif /* PSA_CRYPTO_SE_C */ 651 652 switch( location ) 653 { 654 case PSA_KEY_LOCATION_LOCAL_STORAGE: 655 /* Key is stored in the slot in export representation, so 656 * cycle through all known transparent accelerators */ 657#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 658{% with nest_indent=12 %} 659{% include "OS-template-transparent.jinja" -%} 660{% endwith -%} 661#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 662 663 /* Fell through, meaning no accelerator supports this operation */ 664 return( psa_import_key_into_slot( attributes, 665 data, data_length, 666 key_buffer, key_buffer_size, 667 key_buffer_length, bits ) ); 668 /* Add cases for opaque driver here */ 669#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 670{% with nest_indent=8 %} 671{% include "OS-template-opaque.jinja" -%} 672{% endwith -%} 673#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 674 default: 675 (void)status; 676 return( PSA_ERROR_INVALID_ARGUMENT ); 677 } 678{% endwith %} 679} 680 681psa_status_t psa_driver_wrapper_export_key( 682 const psa_key_attributes_t *attributes, 683 const uint8_t *key_buffer, size_t key_buffer_size, 684 uint8_t *data, size_t data_size, size_t *data_length ) 685 686{ 687{% with entry_point = "export_key" -%} 688{% macro entry_point_param(driver) -%} 689attributes, 690key_buffer, 691key_buffer_size, 692data, 693data_size, 694data_length 695{% endmacro %} 696 psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; 697 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( 698 psa_get_key_lifetime( attributes ) ); 699 700 /* Try dynamically-registered SE interface first */ 701#if defined(MBEDTLS_PSA_CRYPTO_SE_C) 702 const psa_drv_se_t *drv; 703 psa_drv_se_context_t *drv_context; 704 705 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) ) 706 { 707 if( ( drv->key_management == NULL ) || 708 ( drv->key_management->p_export == NULL ) ) 709 { 710 return( PSA_ERROR_NOT_SUPPORTED ); 711 } 712 713 return( drv->key_management->p_export( 714 drv_context, 715 *( (psa_key_slot_number_t *)key_buffer ), 716 data, data_size, data_length ) ); 717 } 718#endif /* PSA_CRYPTO_SE_C */ 719 720 switch( location ) 721 { 722 case PSA_KEY_LOCATION_LOCAL_STORAGE: 723 return( psa_export_key_internal( attributes, 724 key_buffer, 725 key_buffer_size, 726 data, 727 data_size, 728 data_length ) ); 729 730 /* Add cases for opaque driver here */ 731#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 732{% with nest_indent=8 %} 733{% include "OS-template-opaque.jinja" -%} 734{% endwith -%} 735#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 736 default: 737 /* Key is declared with a lifetime not known to us */ 738 return( status ); 739 } 740{% endwith %} 741} 742 743psa_status_t psa_driver_wrapper_export_public_key( 744 const psa_key_attributes_t *attributes, 745 const uint8_t *key_buffer, size_t key_buffer_size, 746 uint8_t *data, size_t data_size, size_t *data_length ) 747 748{ 749{% with entry_point = "export_public_key" -%} 750{% macro entry_point_param(driver) -%} 751attributes, 752key_buffer, 753key_buffer_size, 754data, 755data_size, 756data_length 757{% endmacro %} 758 psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; 759 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( 760 psa_get_key_lifetime( attributes ) ); 761 762 /* Try dynamically-registered SE interface first */ 763#if defined(MBEDTLS_PSA_CRYPTO_SE_C) 764 const psa_drv_se_t *drv; 765 psa_drv_se_context_t *drv_context; 766 767 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) ) 768 { 769 if( ( drv->key_management == NULL ) || 770 ( drv->key_management->p_export_public == NULL ) ) 771 { 772 return( PSA_ERROR_NOT_SUPPORTED ); 773 } 774 775 return( drv->key_management->p_export_public( 776 drv_context, 777 *( (psa_key_slot_number_t *)key_buffer ), 778 data, data_size, data_length ) ); 779 } 780#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ 781 782 switch( location ) 783 { 784 case PSA_KEY_LOCATION_LOCAL_STORAGE: 785 /* Key is stored in the slot in export representation, so 786 * cycle through all known transparent accelerators */ 787#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 788{% with nest_indent=12 %} 789{% include "OS-template-transparent.jinja" -%} 790{% endwith -%} 791#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 792 /* Fell through, meaning no accelerator supports this operation */ 793 return( psa_export_public_key_internal( attributes, 794 key_buffer, 795 key_buffer_size, 796 data, 797 data_size, 798 data_length ) ); 799 800 /* Add cases for opaque driver here */ 801#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 802{% with nest_indent=8 %} 803{% include "OS-template-opaque.jinja" -%} 804{% endwith -%} 805#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 806 default: 807 /* Key is declared with a lifetime not known to us */ 808 return( status ); 809 } 810{% endwith %} 811} 812 813psa_status_t psa_driver_wrapper_get_builtin_key( 814 psa_drv_slot_number_t slot_number, 815 psa_key_attributes_t *attributes, 816 uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length ) 817{ 818{% with entry_point = "get_builtin_key" -%} 819{% macro entry_point_param(driver) -%} 820slot_number, 821attributes, 822key_buffer, 823key_buffer_size, 824key_buffer_length 825{% endmacro %} 826 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); 827 switch( location ) 828 { 829#if defined(PSA_CRYPTO_DRIVER_TEST) 830{% with nest_indent=8 %} 831{% include "OS-template-opaque.jinja" -%} 832{% endwith -%} 833#endif /* PSA_CRYPTO_DRIVER_TEST */ 834 default: 835 (void) slot_number; 836 (void) key_buffer; 837 (void) key_buffer_size; 838 (void) key_buffer_length; 839 return( PSA_ERROR_DOES_NOT_EXIST ); 840 } 841{% endwith %} 842} 843 844psa_status_t psa_driver_wrapper_copy_key( 845 psa_key_attributes_t *attributes, 846 const uint8_t *source_key, size_t source_key_length, 847 uint8_t *target_key_buffer, size_t target_key_buffer_size, 848 size_t *target_key_buffer_length ) 849{ 850{% with entry_point = "copy_key" -%} 851{% macro entry_point_param(driver) -%} 852attributes, 853source_key, 854source_key_length, 855target_key_buffer, 856target_key_buffer_size, 857target_key_buffer_length 858{% endmacro %} 859 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 860 psa_key_location_t location = 861 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); 862 863#if defined(MBEDTLS_PSA_CRYPTO_SE_C) 864 const psa_drv_se_t *drv; 865 psa_drv_se_context_t *drv_context; 866 867 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) ) 868 { 869 /* Copying to a secure element is not implemented yet. */ 870 return( PSA_ERROR_NOT_SUPPORTED ); 871 } 872#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ 873 874 switch( location ) 875 { 876#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 877{% with nest_indent=8 %} 878{% include "OS-template-opaque.jinja" -%} 879{% endwith -%} 880#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 881 default: 882 (void)source_key; 883 (void)source_key_length; 884 (void)target_key_buffer; 885 (void)target_key_buffer_size; 886 (void)target_key_buffer_length; 887 status = PSA_ERROR_INVALID_ARGUMENT; 888 } 889 return( status ); 890{% endwith %} 891} 892 893/* 894 * Cipher functions 895 */ 896psa_status_t psa_driver_wrapper_cipher_encrypt( 897 const psa_key_attributes_t *attributes, 898 const uint8_t *key_buffer, 899 size_t key_buffer_size, 900 psa_algorithm_t alg, 901 const uint8_t *iv, 902 size_t iv_length, 903 const uint8_t *input, 904 size_t input_length, 905 uint8_t *output, 906 size_t output_size, 907 size_t *output_length ) 908{ 909 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 910 psa_key_location_t location = 911 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); 912 913 switch( location ) 914 { 915 case PSA_KEY_LOCATION_LOCAL_STORAGE: 916 /* Key is stored in the slot in export representation, so 917 * cycle through all known transparent accelerators */ 918#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 919#if defined(PSA_CRYPTO_DRIVER_TEST) 920 status = mbedtls_test_transparent_cipher_encrypt( attributes, 921 key_buffer, 922 key_buffer_size, 923 alg, 924 iv, 925 iv_length, 926 input, 927 input_length, 928 output, 929 output_size, 930 output_length ); 931 /* Declared with fallback == true */ 932 if( status != PSA_ERROR_NOT_SUPPORTED ) 933 return( status ); 934#endif /* PSA_CRYPTO_DRIVER_TEST */ 935#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 936 937#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) 938 return( mbedtls_psa_cipher_encrypt( attributes, 939 key_buffer, 940 key_buffer_size, 941 alg, 942 iv, 943 iv_length, 944 input, 945 input_length, 946 output, 947 output_size, 948 output_length ) ); 949#else 950 return( PSA_ERROR_NOT_SUPPORTED ); 951#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */ 952 953 /* Add cases for opaque driver here */ 954#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 955#if defined(PSA_CRYPTO_DRIVER_TEST) 956 case PSA_CRYPTO_TEST_DRIVER_LOCATION: 957 return( mbedtls_test_opaque_cipher_encrypt( attributes, 958 key_buffer, 959 key_buffer_size, 960 alg, 961 iv, 962 iv_length, 963 input, 964 input_length, 965 output, 966 output_size, 967 output_length ) ); 968#endif /* PSA_CRYPTO_DRIVER_TEST */ 969#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 970 971 default: 972 /* Key is declared with a lifetime not known to us */ 973 (void)status; 974 (void)key_buffer; 975 (void)key_buffer_size; 976 (void)alg; 977 (void)iv; 978 (void)iv_length; 979 (void)input; 980 (void)input_length; 981 (void)output; 982 (void)output_size; 983 (void)output_length; 984 return( PSA_ERROR_INVALID_ARGUMENT ); 985 } 986} 987 988psa_status_t psa_driver_wrapper_cipher_decrypt( 989 const psa_key_attributes_t *attributes, 990 const uint8_t *key_buffer, 991 size_t key_buffer_size, 992 psa_algorithm_t alg, 993 const uint8_t *input, 994 size_t input_length, 995 uint8_t *output, 996 size_t output_size, 997 size_t *output_length ) 998{ 999 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 1000 psa_key_location_t location = 1001 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); 1002 1003 switch( location ) 1004 { 1005 case PSA_KEY_LOCATION_LOCAL_STORAGE: 1006 /* Key is stored in the slot in export representation, so 1007 * cycle through all known transparent accelerators */ 1008#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 1009#if defined(PSA_CRYPTO_DRIVER_TEST) 1010 status = mbedtls_test_transparent_cipher_decrypt( attributes, 1011 key_buffer, 1012 key_buffer_size, 1013 alg, 1014 input, 1015 input_length, 1016 output, 1017 output_size, 1018 output_length ); 1019 /* Declared with fallback == true */ 1020 if( status != PSA_ERROR_NOT_SUPPORTED ) 1021 return( status ); 1022#endif /* PSA_CRYPTO_DRIVER_TEST */ 1023#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 1024 1025#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) 1026 return( mbedtls_psa_cipher_decrypt( attributes, 1027 key_buffer, 1028 key_buffer_size, 1029 alg, 1030 input, 1031 input_length, 1032 output, 1033 output_size, 1034 output_length ) ); 1035#else 1036 return( PSA_ERROR_NOT_SUPPORTED ); 1037#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */ 1038 1039 /* Add cases for opaque driver here */ 1040#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 1041#if defined(PSA_CRYPTO_DRIVER_TEST) 1042 case PSA_CRYPTO_TEST_DRIVER_LOCATION: 1043 return( mbedtls_test_opaque_cipher_decrypt( attributes, 1044 key_buffer, 1045 key_buffer_size, 1046 alg, 1047 input, 1048 input_length, 1049 output, 1050 output_size, 1051 output_length ) ); 1052#endif /* PSA_CRYPTO_DRIVER_TEST */ 1053#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 1054 1055 default: 1056 /* Key is declared with a lifetime not known to us */ 1057 (void)status; 1058 (void)key_buffer; 1059 (void)key_buffer_size; 1060 (void)alg; 1061 (void)input; 1062 (void)input_length; 1063 (void)output; 1064 (void)output_size; 1065 (void)output_length; 1066 return( PSA_ERROR_INVALID_ARGUMENT ); 1067 } 1068} 1069 1070psa_status_t psa_driver_wrapper_cipher_encrypt_setup( 1071 psa_cipher_operation_t *operation, 1072 const psa_key_attributes_t *attributes, 1073 const uint8_t *key_buffer, size_t key_buffer_size, 1074 psa_algorithm_t alg ) 1075{ 1076 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 1077 psa_key_location_t location = 1078 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); 1079 1080 switch( location ) 1081 { 1082 case PSA_KEY_LOCATION_LOCAL_STORAGE: 1083 /* Key is stored in the slot in export representation, so 1084 * cycle through all known transparent accelerators */ 1085#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 1086#if defined(PSA_CRYPTO_DRIVER_TEST) 1087 status = mbedtls_test_transparent_cipher_encrypt_setup( 1088 &operation->ctx.transparent_test_driver_ctx, 1089 attributes, 1090 key_buffer, 1091 key_buffer_size, 1092 alg ); 1093 /* Declared with fallback == true */ 1094 if( status == PSA_SUCCESS ) 1095 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID; 1096 1097 if( status != PSA_ERROR_NOT_SUPPORTED ) 1098 return( status ); 1099#endif /* PSA_CRYPTO_DRIVER_TEST */ 1100#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 1101#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) 1102 /* Fell through, meaning no accelerator supports this operation */ 1103 status = mbedtls_psa_cipher_encrypt_setup( &operation->ctx.mbedtls_ctx, 1104 attributes, 1105 key_buffer, 1106 key_buffer_size, 1107 alg ); 1108 if( status == PSA_SUCCESS ) 1109 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; 1110 1111 if( status != PSA_ERROR_NOT_SUPPORTED ) 1112 return( status ); 1113#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */ 1114 return( PSA_ERROR_NOT_SUPPORTED ); 1115 1116 /* Add cases for opaque driver here */ 1117#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 1118#if defined(PSA_CRYPTO_DRIVER_TEST) 1119 case PSA_CRYPTO_TEST_DRIVER_LOCATION: 1120 status = mbedtls_test_opaque_cipher_encrypt_setup( 1121 &operation->ctx.opaque_test_driver_ctx, 1122 attributes, 1123 key_buffer, key_buffer_size, 1124 alg ); 1125 1126 if( status == PSA_SUCCESS ) 1127 operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID; 1128 1129 return( status ); 1130#endif /* PSA_CRYPTO_DRIVER_TEST */ 1131#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 1132 default: 1133 /* Key is declared with a lifetime not known to us */ 1134 (void)status; 1135 (void)operation; 1136 (void)key_buffer; 1137 (void)key_buffer_size; 1138 (void)alg; 1139 return( PSA_ERROR_INVALID_ARGUMENT ); 1140 } 1141} 1142 1143psa_status_t psa_driver_wrapper_cipher_decrypt_setup( 1144 psa_cipher_operation_t *operation, 1145 const psa_key_attributes_t *attributes, 1146 const uint8_t *key_buffer, size_t key_buffer_size, 1147 psa_algorithm_t alg ) 1148{ 1149 psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; 1150 psa_key_location_t location = 1151 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); 1152 1153 switch( location ) 1154 { 1155 case PSA_KEY_LOCATION_LOCAL_STORAGE: 1156 /* Key is stored in the slot in export representation, so 1157 * cycle through all known transparent accelerators */ 1158#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 1159#if defined(PSA_CRYPTO_DRIVER_TEST) 1160 status = mbedtls_test_transparent_cipher_decrypt_setup( 1161 &operation->ctx.transparent_test_driver_ctx, 1162 attributes, 1163 key_buffer, 1164 key_buffer_size, 1165 alg ); 1166 /* Declared with fallback == true */ 1167 if( status == PSA_SUCCESS ) 1168 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID; 1169 1170 if( status != PSA_ERROR_NOT_SUPPORTED ) 1171 return( status ); 1172#endif /* PSA_CRYPTO_DRIVER_TEST */ 1173#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 1174#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) 1175 /* Fell through, meaning no accelerator supports this operation */ 1176 status = mbedtls_psa_cipher_decrypt_setup( &operation->ctx.mbedtls_ctx, 1177 attributes, 1178 key_buffer, 1179 key_buffer_size, 1180 alg ); 1181 if( status == PSA_SUCCESS ) 1182 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; 1183 1184 return( status ); 1185#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */ 1186 return( PSA_ERROR_NOT_SUPPORTED ); 1187 1188 /* Add cases for opaque driver here */ 1189#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 1190#if defined(PSA_CRYPTO_DRIVER_TEST) 1191 case PSA_CRYPTO_TEST_DRIVER_LOCATION: 1192 status = mbedtls_test_opaque_cipher_decrypt_setup( 1193 &operation->ctx.opaque_test_driver_ctx, 1194 attributes, 1195 key_buffer, key_buffer_size, 1196 alg ); 1197 1198 if( status == PSA_SUCCESS ) 1199 operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID; 1200 1201 return( status ); 1202#endif /* PSA_CRYPTO_DRIVER_TEST */ 1203#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 1204 default: 1205 /* Key is declared with a lifetime not known to us */ 1206 (void)status; 1207 (void)operation; 1208 (void)key_buffer; 1209 (void)key_buffer_size; 1210 (void)alg; 1211 return( PSA_ERROR_INVALID_ARGUMENT ); 1212 } 1213} 1214 1215psa_status_t psa_driver_wrapper_cipher_set_iv( 1216 psa_cipher_operation_t *operation, 1217 const uint8_t *iv, 1218 size_t iv_length ) 1219{ 1220 switch( operation->id ) 1221 { 1222#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) 1223 case PSA_CRYPTO_MBED_TLS_DRIVER_ID: 1224 return( mbedtls_psa_cipher_set_iv( &operation->ctx.mbedtls_ctx, 1225 iv, 1226 iv_length ) ); 1227#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */ 1228 1229#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 1230#if defined(PSA_CRYPTO_DRIVER_TEST) 1231 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: 1232 return( mbedtls_test_transparent_cipher_set_iv( 1233 &operation->ctx.transparent_test_driver_ctx, 1234 iv, iv_length ) ); 1235 1236 case MBEDTLS_TEST_OPAQUE_DRIVER_ID: 1237 return( mbedtls_test_opaque_cipher_set_iv( 1238 &operation->ctx.opaque_test_driver_ctx, 1239 iv, iv_length ) ); 1240#endif /* PSA_CRYPTO_DRIVER_TEST */ 1241#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 1242 } 1243 1244 (void)iv; 1245 (void)iv_length; 1246 1247 return( PSA_ERROR_INVALID_ARGUMENT ); 1248} 1249 1250psa_status_t psa_driver_wrapper_cipher_update( 1251 psa_cipher_operation_t *operation, 1252 const uint8_t *input, 1253 size_t input_length, 1254 uint8_t *output, 1255 size_t output_size, 1256 size_t *output_length ) 1257{ 1258 switch( operation->id ) 1259 { 1260#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) 1261 case PSA_CRYPTO_MBED_TLS_DRIVER_ID: 1262 return( mbedtls_psa_cipher_update( &operation->ctx.mbedtls_ctx, 1263 input, 1264 input_length, 1265 output, 1266 output_size, 1267 output_length ) ); 1268#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */ 1269 1270#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 1271#if defined(PSA_CRYPTO_DRIVER_TEST) 1272 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: 1273 return( mbedtls_test_transparent_cipher_update( 1274 &operation->ctx.transparent_test_driver_ctx, 1275 input, input_length, 1276 output, output_size, output_length ) ); 1277 1278 case MBEDTLS_TEST_OPAQUE_DRIVER_ID: 1279 return( mbedtls_test_opaque_cipher_update( 1280 &operation->ctx.opaque_test_driver_ctx, 1281 input, input_length, 1282 output, output_size, output_length ) ); 1283#endif /* PSA_CRYPTO_DRIVER_TEST */ 1284#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 1285 } 1286 1287 (void)input; 1288 (void)input_length; 1289 (void)output; 1290 (void)output_size; 1291 (void)output_length; 1292 1293 return( PSA_ERROR_INVALID_ARGUMENT ); 1294} 1295 1296psa_status_t psa_driver_wrapper_cipher_finish( 1297 psa_cipher_operation_t *operation, 1298 uint8_t *output, 1299 size_t output_size, 1300 size_t *output_length ) 1301{ 1302 switch( operation->id ) 1303 { 1304#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) 1305 case PSA_CRYPTO_MBED_TLS_DRIVER_ID: 1306 return( mbedtls_psa_cipher_finish( &operation->ctx.mbedtls_ctx, 1307 output, 1308 output_size, 1309 output_length ) ); 1310#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */ 1311 1312#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 1313#if defined(PSA_CRYPTO_DRIVER_TEST) 1314 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: 1315 return( mbedtls_test_transparent_cipher_finish( 1316 &operation->ctx.transparent_test_driver_ctx, 1317 output, output_size, output_length ) ); 1318 1319 case MBEDTLS_TEST_OPAQUE_DRIVER_ID: 1320 return( mbedtls_test_opaque_cipher_finish( 1321 &operation->ctx.opaque_test_driver_ctx, 1322 output, output_size, output_length ) ); 1323#endif /* PSA_CRYPTO_DRIVER_TEST */ 1324#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 1325 } 1326 1327 (void)output; 1328 (void)output_size; 1329 (void)output_length; 1330 1331 return( PSA_ERROR_INVALID_ARGUMENT ); 1332} 1333 1334psa_status_t psa_driver_wrapper_cipher_abort( 1335 psa_cipher_operation_t *operation ) 1336{ 1337 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 1338 1339 switch( operation->id ) 1340 { 1341#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) 1342 case PSA_CRYPTO_MBED_TLS_DRIVER_ID: 1343 return( mbedtls_psa_cipher_abort( &operation->ctx.mbedtls_ctx ) ); 1344#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */ 1345 1346#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 1347#if defined(PSA_CRYPTO_DRIVER_TEST) 1348 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: 1349 status = mbedtls_test_transparent_cipher_abort( 1350 &operation->ctx.transparent_test_driver_ctx ); 1351 mbedtls_platform_zeroize( 1352 &operation->ctx.transparent_test_driver_ctx, 1353 sizeof( operation->ctx.transparent_test_driver_ctx ) ); 1354 return( status ); 1355 1356 case MBEDTLS_TEST_OPAQUE_DRIVER_ID: 1357 status = mbedtls_test_opaque_cipher_abort( 1358 &operation->ctx.opaque_test_driver_ctx ); 1359 mbedtls_platform_zeroize( 1360 &operation->ctx.opaque_test_driver_ctx, 1361 sizeof( operation->ctx.opaque_test_driver_ctx ) ); 1362 return( status ); 1363#endif /* PSA_CRYPTO_DRIVER_TEST */ 1364#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 1365 } 1366 1367 (void)status; 1368 return( PSA_ERROR_INVALID_ARGUMENT ); 1369} 1370 1371/* 1372 * Hashing functions 1373 */ 1374psa_status_t psa_driver_wrapper_hash_compute( 1375 psa_algorithm_t alg, 1376 const uint8_t *input, 1377 size_t input_length, 1378 uint8_t *hash, 1379 size_t hash_size, 1380 size_t *hash_length) 1381{ 1382 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 1383 1384 /* Try accelerators first */ 1385#if defined(PSA_CRYPTO_DRIVER_TEST) 1386 status = mbedtls_test_transparent_hash_compute( 1387 alg, input, input_length, hash, hash_size, hash_length ); 1388 if( status != PSA_ERROR_NOT_SUPPORTED ) 1389 return( status ); 1390#endif 1391 1392 /* If software fallback is compiled in, try fallback */ 1393#if defined(MBEDTLS_PSA_BUILTIN_HASH) 1394 status = mbedtls_psa_hash_compute( alg, input, input_length, 1395 hash, hash_size, hash_length ); 1396 if( status != PSA_ERROR_NOT_SUPPORTED ) 1397 return( status ); 1398#endif 1399 (void) status; 1400 (void) alg; 1401 (void) input; 1402 (void) input_length; 1403 (void) hash; 1404 (void) hash_size; 1405 (void) hash_length; 1406 1407 return( PSA_ERROR_NOT_SUPPORTED ); 1408} 1409 1410psa_status_t psa_driver_wrapper_hash_setup( 1411 psa_hash_operation_t *operation, 1412 psa_algorithm_t alg ) 1413{ 1414 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 1415 1416 /* Try setup on accelerators first */ 1417#if defined(PSA_CRYPTO_DRIVER_TEST) 1418 status = mbedtls_test_transparent_hash_setup( 1419 &operation->ctx.test_driver_ctx, alg ); 1420 if( status == PSA_SUCCESS ) 1421 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID; 1422 1423 if( status != PSA_ERROR_NOT_SUPPORTED ) 1424 return( status ); 1425#endif 1426 1427 /* If software fallback is compiled in, try fallback */ 1428#if defined(MBEDTLS_PSA_BUILTIN_HASH) 1429 status = mbedtls_psa_hash_setup( &operation->ctx.mbedtls_ctx, alg ); 1430 if( status == PSA_SUCCESS ) 1431 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; 1432 1433 if( status != PSA_ERROR_NOT_SUPPORTED ) 1434 return( status ); 1435#endif 1436 /* Nothing left to try if we fall through here */ 1437 (void) status; 1438 (void) operation; 1439 (void) alg; 1440 return( PSA_ERROR_NOT_SUPPORTED ); 1441} 1442 1443psa_status_t psa_driver_wrapper_hash_clone( 1444 const psa_hash_operation_t *source_operation, 1445 psa_hash_operation_t *target_operation ) 1446{ 1447 switch( source_operation->id ) 1448 { 1449#if defined(MBEDTLS_PSA_BUILTIN_HASH) 1450 case PSA_CRYPTO_MBED_TLS_DRIVER_ID: 1451 target_operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; 1452 return( mbedtls_psa_hash_clone( &source_operation->ctx.mbedtls_ctx, 1453 &target_operation->ctx.mbedtls_ctx ) ); 1454#endif 1455#if defined(PSA_CRYPTO_DRIVER_TEST) 1456 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: 1457 target_operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID; 1458 return( mbedtls_test_transparent_hash_clone( 1459 &source_operation->ctx.test_driver_ctx, 1460 &target_operation->ctx.test_driver_ctx ) ); 1461#endif 1462 default: 1463 (void) target_operation; 1464 return( PSA_ERROR_BAD_STATE ); 1465 } 1466} 1467 1468psa_status_t psa_driver_wrapper_hash_update( 1469 psa_hash_operation_t *operation, 1470 const uint8_t *input, 1471 size_t input_length ) 1472{ 1473 switch( operation->id ) 1474 { 1475#if defined(MBEDTLS_PSA_BUILTIN_HASH) 1476 case PSA_CRYPTO_MBED_TLS_DRIVER_ID: 1477 return( mbedtls_psa_hash_update( &operation->ctx.mbedtls_ctx, 1478 input, input_length ) ); 1479#endif 1480#if defined(PSA_CRYPTO_DRIVER_TEST) 1481 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: 1482 return( mbedtls_test_transparent_hash_update( 1483 &operation->ctx.test_driver_ctx, 1484 input, input_length ) ); 1485#endif 1486 default: 1487 (void) input; 1488 (void) input_length; 1489 return( PSA_ERROR_BAD_STATE ); 1490 } 1491} 1492 1493psa_status_t psa_driver_wrapper_hash_finish( 1494 psa_hash_operation_t *operation, 1495 uint8_t *hash, 1496 size_t hash_size, 1497 size_t *hash_length ) 1498{ 1499 switch( operation->id ) 1500 { 1501#if defined(MBEDTLS_PSA_BUILTIN_HASH) 1502 case PSA_CRYPTO_MBED_TLS_DRIVER_ID: 1503 return( mbedtls_psa_hash_finish( &operation->ctx.mbedtls_ctx, 1504 hash, hash_size, hash_length ) ); 1505#endif 1506#if defined(PSA_CRYPTO_DRIVER_TEST) 1507 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: 1508 return( mbedtls_test_transparent_hash_finish( 1509 &operation->ctx.test_driver_ctx, 1510 hash, hash_size, hash_length ) ); 1511#endif 1512 default: 1513 (void) hash; 1514 (void) hash_size; 1515 (void) hash_length; 1516 return( PSA_ERROR_BAD_STATE ); 1517 } 1518} 1519 1520psa_status_t psa_driver_wrapper_hash_abort( 1521 psa_hash_operation_t *operation ) 1522{ 1523 switch( operation->id ) 1524 { 1525#if defined(MBEDTLS_PSA_BUILTIN_HASH) 1526 case PSA_CRYPTO_MBED_TLS_DRIVER_ID: 1527 return( mbedtls_psa_hash_abort( &operation->ctx.mbedtls_ctx ) ); 1528#endif 1529#if defined(PSA_CRYPTO_DRIVER_TEST) 1530 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: 1531 return( mbedtls_test_transparent_hash_abort( 1532 &operation->ctx.test_driver_ctx ) ); 1533#endif 1534 default: 1535 return( PSA_ERROR_BAD_STATE ); 1536 } 1537} 1538 1539psa_status_t psa_driver_wrapper_aead_encrypt( 1540 const psa_key_attributes_t *attributes, 1541 const uint8_t *key_buffer, size_t key_buffer_size, 1542 psa_algorithm_t alg, 1543 const uint8_t *nonce, size_t nonce_length, 1544 const uint8_t *additional_data, size_t additional_data_length, 1545 const uint8_t *plaintext, size_t plaintext_length, 1546 uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length ) 1547{ 1548 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 1549 psa_key_location_t location = 1550 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); 1551 1552 switch( location ) 1553 { 1554 case PSA_KEY_LOCATION_LOCAL_STORAGE: 1555 /* Key is stored in the slot in export representation, so 1556 * cycle through all known transparent accelerators */ 1557 1558#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 1559#if defined(PSA_CRYPTO_DRIVER_TEST) 1560 status = mbedtls_test_transparent_aead_encrypt( 1561 attributes, key_buffer, key_buffer_size, 1562 alg, 1563 nonce, nonce_length, 1564 additional_data, additional_data_length, 1565 plaintext, plaintext_length, 1566 ciphertext, ciphertext_size, ciphertext_length ); 1567 /* Declared with fallback == true */ 1568 if( status != PSA_ERROR_NOT_SUPPORTED ) 1569 return( status ); 1570#endif /* PSA_CRYPTO_DRIVER_TEST */ 1571#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 1572 1573 /* Fell through, meaning no accelerator supports this operation */ 1574 return( mbedtls_psa_aead_encrypt( 1575 attributes, key_buffer, key_buffer_size, 1576 alg, 1577 nonce, nonce_length, 1578 additional_data, additional_data_length, 1579 plaintext, plaintext_length, 1580 ciphertext, ciphertext_size, ciphertext_length ) ); 1581 1582 /* Add cases for opaque driver here */ 1583 1584 default: 1585 /* Key is declared with a lifetime not known to us */ 1586 (void)status; 1587 return( PSA_ERROR_INVALID_ARGUMENT ); 1588 } 1589} 1590 1591psa_status_t psa_driver_wrapper_aead_decrypt( 1592 const psa_key_attributes_t *attributes, 1593 const uint8_t *key_buffer, size_t key_buffer_size, 1594 psa_algorithm_t alg, 1595 const uint8_t *nonce, size_t nonce_length, 1596 const uint8_t *additional_data, size_t additional_data_length, 1597 const uint8_t *ciphertext, size_t ciphertext_length, 1598 uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length ) 1599{ 1600 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 1601 psa_key_location_t location = 1602 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); 1603 1604 switch( location ) 1605 { 1606 case PSA_KEY_LOCATION_LOCAL_STORAGE: 1607 /* Key is stored in the slot in export representation, so 1608 * cycle through all known transparent accelerators */ 1609 1610#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 1611#if defined(PSA_CRYPTO_DRIVER_TEST) 1612 status = mbedtls_test_transparent_aead_decrypt( 1613 attributes, key_buffer, key_buffer_size, 1614 alg, 1615 nonce, nonce_length, 1616 additional_data, additional_data_length, 1617 ciphertext, ciphertext_length, 1618 plaintext, plaintext_size, plaintext_length ); 1619 /* Declared with fallback == true */ 1620 if( status != PSA_ERROR_NOT_SUPPORTED ) 1621 return( status ); 1622#endif /* PSA_CRYPTO_DRIVER_TEST */ 1623#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 1624 1625 /* Fell through, meaning no accelerator supports this operation */ 1626 return( mbedtls_psa_aead_decrypt( 1627 attributes, key_buffer, key_buffer_size, 1628 alg, 1629 nonce, nonce_length, 1630 additional_data, additional_data_length, 1631 ciphertext, ciphertext_length, 1632 plaintext, plaintext_size, plaintext_length ) ); 1633 1634 /* Add cases for opaque driver here */ 1635 1636 default: 1637 /* Key is declared with a lifetime not known to us */ 1638 (void)status; 1639 return( PSA_ERROR_INVALID_ARGUMENT ); 1640 } 1641} 1642 1643psa_status_t psa_driver_wrapper_aead_encrypt_setup( 1644 psa_aead_operation_t *operation, 1645 const psa_key_attributes_t *attributes, 1646 const uint8_t *key_buffer, size_t key_buffer_size, 1647 psa_algorithm_t alg ) 1648{ 1649 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 1650 psa_key_location_t location = 1651 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); 1652 1653 switch( location ) 1654 { 1655 case PSA_KEY_LOCATION_LOCAL_STORAGE: 1656 /* Key is stored in the slot in export representation, so 1657 * cycle through all known transparent accelerators */ 1658 1659#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 1660#if defined(PSA_CRYPTO_DRIVER_TEST) 1661 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID; 1662 status = mbedtls_test_transparent_aead_encrypt_setup( 1663 &operation->ctx.transparent_test_driver_ctx, 1664 attributes, key_buffer, key_buffer_size, 1665 alg ); 1666 1667 /* Declared with fallback == true */ 1668 if( status != PSA_ERROR_NOT_SUPPORTED ) 1669 return( status ); 1670#endif /* PSA_CRYPTO_DRIVER_TEST */ 1671#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 1672 1673 /* Fell through, meaning no accelerator supports this operation */ 1674 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; 1675 status = mbedtls_psa_aead_encrypt_setup( 1676 &operation->ctx.mbedtls_ctx, attributes, 1677 key_buffer, key_buffer_size, 1678 alg ); 1679 1680 return( status ); 1681 1682 /* Add cases for opaque driver here */ 1683 1684 default: 1685 /* Key is declared with a lifetime not known to us */ 1686 (void)status; 1687 return( PSA_ERROR_INVALID_ARGUMENT ); 1688 } 1689} 1690 1691psa_status_t psa_driver_wrapper_aead_decrypt_setup( 1692 psa_aead_operation_t *operation, 1693 const psa_key_attributes_t *attributes, 1694 const uint8_t *key_buffer, size_t key_buffer_size, 1695 psa_algorithm_t alg ) 1696{ 1697 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 1698 psa_key_location_t location = 1699 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); 1700 1701 switch( location ) 1702 { 1703 case PSA_KEY_LOCATION_LOCAL_STORAGE: 1704 /* Key is stored in the slot in export representation, so 1705 * cycle through all known transparent accelerators */ 1706 1707#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 1708#if defined(PSA_CRYPTO_DRIVER_TEST) 1709 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID; 1710 status = mbedtls_test_transparent_aead_decrypt_setup( 1711 &operation->ctx.transparent_test_driver_ctx, 1712 attributes, 1713 key_buffer, key_buffer_size, 1714 alg ); 1715 1716 /* Declared with fallback == true */ 1717 if( status != PSA_ERROR_NOT_SUPPORTED ) 1718 return( status ); 1719#endif /* PSA_CRYPTO_DRIVER_TEST */ 1720#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 1721 1722 /* Fell through, meaning no accelerator supports this operation */ 1723 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; 1724 status = mbedtls_psa_aead_decrypt_setup( 1725 &operation->ctx.mbedtls_ctx, 1726 attributes, 1727 key_buffer, key_buffer_size, 1728 alg ); 1729 1730 return( status ); 1731 1732 /* Add cases for opaque driver here */ 1733 1734 default: 1735 /* Key is declared with a lifetime not known to us */ 1736 (void)status; 1737 return( PSA_ERROR_INVALID_ARGUMENT ); 1738 } 1739} 1740 1741psa_status_t psa_driver_wrapper_aead_set_nonce( 1742 psa_aead_operation_t *operation, 1743 const uint8_t *nonce, 1744 size_t nonce_length ) 1745{ 1746 switch( operation->id ) 1747 { 1748#if defined(MBEDTLS_PSA_BUILTIN_AEAD) 1749 case PSA_CRYPTO_MBED_TLS_DRIVER_ID: 1750 return( mbedtls_psa_aead_set_nonce( &operation->ctx.mbedtls_ctx, 1751 nonce, 1752 nonce_length ) ); 1753 1754#endif /* MBEDTLS_PSA_BUILTIN_AEAD */ 1755 1756#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 1757#if defined(PSA_CRYPTO_DRIVER_TEST) 1758 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: 1759 return( mbedtls_test_transparent_aead_set_nonce( 1760 &operation->ctx.transparent_test_driver_ctx, 1761 nonce, nonce_length ) ); 1762 1763 /* Add cases for opaque driver here */ 1764 1765#endif /* PSA_CRYPTO_DRIVER_TEST */ 1766#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 1767 } 1768 1769 (void)nonce; 1770 (void)nonce_length; 1771 1772 return( PSA_ERROR_INVALID_ARGUMENT ); 1773} 1774 1775psa_status_t psa_driver_wrapper_aead_set_lengths( 1776 psa_aead_operation_t *operation, 1777 size_t ad_length, 1778 size_t plaintext_length ) 1779{ 1780 switch( operation->id ) 1781 { 1782#if defined(MBEDTLS_PSA_BUILTIN_AEAD) 1783 case PSA_CRYPTO_MBED_TLS_DRIVER_ID: 1784 return( mbedtls_psa_aead_set_lengths( &operation->ctx.mbedtls_ctx, 1785 ad_length, 1786 plaintext_length ) ); 1787 1788#endif /* MBEDTLS_PSA_BUILTIN_AEAD */ 1789 1790#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 1791#if defined(PSA_CRYPTO_DRIVER_TEST) 1792 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: 1793 return( mbedtls_test_transparent_aead_set_lengths( 1794 &operation->ctx.transparent_test_driver_ctx, 1795 ad_length, plaintext_length ) ); 1796 1797 /* Add cases for opaque driver here */ 1798 1799#endif /* PSA_CRYPTO_DRIVER_TEST */ 1800#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 1801 } 1802 1803 (void)ad_length; 1804 (void)plaintext_length; 1805 1806 return( PSA_ERROR_INVALID_ARGUMENT ); 1807} 1808 1809psa_status_t psa_driver_wrapper_aead_update_ad( 1810 psa_aead_operation_t *operation, 1811 const uint8_t *input, 1812 size_t input_length ) 1813{ 1814 switch( operation->id ) 1815 { 1816#if defined(MBEDTLS_PSA_BUILTIN_AEAD) 1817 case PSA_CRYPTO_MBED_TLS_DRIVER_ID: 1818 return( mbedtls_psa_aead_update_ad( &operation->ctx.mbedtls_ctx, 1819 input, 1820 input_length ) ); 1821 1822#endif /* MBEDTLS_PSA_BUILTIN_AEAD */ 1823 1824#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 1825#if defined(PSA_CRYPTO_DRIVER_TEST) 1826 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: 1827 return( mbedtls_test_transparent_aead_update_ad( 1828 &operation->ctx.transparent_test_driver_ctx, 1829 input, input_length ) ); 1830 1831 /* Add cases for opaque driver here */ 1832 1833#endif /* PSA_CRYPTO_DRIVER_TEST */ 1834#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 1835 } 1836 1837 (void)input; 1838 (void)input_length; 1839 1840 return( PSA_ERROR_INVALID_ARGUMENT ); 1841} 1842 1843psa_status_t psa_driver_wrapper_aead_update( 1844 psa_aead_operation_t *operation, 1845 const uint8_t *input, 1846 size_t input_length, 1847 uint8_t *output, 1848 size_t output_size, 1849 size_t *output_length ) 1850{ 1851 switch( operation->id ) 1852 { 1853#if defined(MBEDTLS_PSA_BUILTIN_AEAD) 1854 case PSA_CRYPTO_MBED_TLS_DRIVER_ID: 1855 return( mbedtls_psa_aead_update( &operation->ctx.mbedtls_ctx, 1856 input, input_length, 1857 output, output_size, 1858 output_length ) ); 1859 1860#endif /* MBEDTLS_PSA_BUILTIN_AEAD */ 1861 1862#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 1863#if defined(PSA_CRYPTO_DRIVER_TEST) 1864 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: 1865 return( mbedtls_test_transparent_aead_update( 1866 &operation->ctx.transparent_test_driver_ctx, 1867 input, input_length, output, output_size, 1868 output_length ) ); 1869 1870 /* Add cases for opaque driver here */ 1871 1872#endif /* PSA_CRYPTO_DRIVER_TEST */ 1873#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 1874 } 1875 1876 (void)input; 1877 (void)input_length; 1878 (void)output; 1879 (void)output_size; 1880 (void)output_length; 1881 1882 return( PSA_ERROR_INVALID_ARGUMENT ); 1883} 1884 1885psa_status_t psa_driver_wrapper_aead_finish( 1886 psa_aead_operation_t *operation, 1887 uint8_t *ciphertext, 1888 size_t ciphertext_size, 1889 size_t *ciphertext_length, 1890 uint8_t *tag, 1891 size_t tag_size, 1892 size_t *tag_length ) 1893{ 1894 switch( operation->id ) 1895 { 1896#if defined(MBEDTLS_PSA_BUILTIN_AEAD) 1897 case PSA_CRYPTO_MBED_TLS_DRIVER_ID: 1898 return( mbedtls_psa_aead_finish( &operation->ctx.mbedtls_ctx, 1899 ciphertext, 1900 ciphertext_size, 1901 ciphertext_length, tag, 1902 tag_size, tag_length ) ); 1903 1904#endif /* MBEDTLS_PSA_BUILTIN_AEAD */ 1905 1906#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 1907#if defined(PSA_CRYPTO_DRIVER_TEST) 1908 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: 1909 return( mbedtls_test_transparent_aead_finish( 1910 &operation->ctx.transparent_test_driver_ctx, 1911 ciphertext, ciphertext_size, 1912 ciphertext_length, tag, tag_size, tag_length ) ); 1913 1914 /* Add cases for opaque driver here */ 1915 1916#endif /* PSA_CRYPTO_DRIVER_TEST */ 1917#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 1918 } 1919 1920 (void)ciphertext; 1921 (void)ciphertext_size; 1922 (void)ciphertext_length; 1923 (void)tag; 1924 (void)tag_size; 1925 (void)tag_length; 1926 1927 return( PSA_ERROR_INVALID_ARGUMENT ); 1928} 1929 1930psa_status_t psa_driver_wrapper_aead_verify( 1931 psa_aead_operation_t *operation, 1932 uint8_t *plaintext, 1933 size_t plaintext_size, 1934 size_t *plaintext_length, 1935 const uint8_t *tag, 1936 size_t tag_length ) 1937{ 1938 switch( operation->id ) 1939 { 1940#if defined(MBEDTLS_PSA_BUILTIN_AEAD) 1941 case PSA_CRYPTO_MBED_TLS_DRIVER_ID: 1942 { 1943 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 1944 uint8_t check_tag[PSA_AEAD_TAG_MAX_SIZE]; 1945 size_t check_tag_length; 1946 1947 status = mbedtls_psa_aead_finish( &operation->ctx.mbedtls_ctx, 1948 plaintext, 1949 plaintext_size, 1950 plaintext_length, 1951 check_tag, 1952 sizeof( check_tag ), 1953 &check_tag_length ); 1954 1955 if( status == PSA_SUCCESS ) 1956 { 1957 if( tag_length != check_tag_length || 1958 mbedtls_psa_safer_memcmp( tag, check_tag, tag_length ) 1959 != 0 ) 1960 status = PSA_ERROR_INVALID_SIGNATURE; 1961 } 1962 1963 mbedtls_platform_zeroize( check_tag, sizeof( check_tag ) ); 1964 1965 return( status ); 1966 } 1967 1968#endif /* MBEDTLS_PSA_BUILTIN_AEAD */ 1969 1970#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 1971#if defined(PSA_CRYPTO_DRIVER_TEST) 1972 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: 1973 return( mbedtls_test_transparent_aead_verify( 1974 &operation->ctx.transparent_test_driver_ctx, 1975 plaintext, plaintext_size, 1976 plaintext_length, tag, tag_length ) ); 1977 1978 /* Add cases for opaque driver here */ 1979 1980#endif /* PSA_CRYPTO_DRIVER_TEST */ 1981#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 1982 } 1983 1984 (void)plaintext; 1985 (void)plaintext_size; 1986 (void)plaintext_length; 1987 (void)tag; 1988 (void)tag_length; 1989 1990 return( PSA_ERROR_INVALID_ARGUMENT ); 1991} 1992 1993psa_status_t psa_driver_wrapper_aead_abort( 1994 psa_aead_operation_t *operation ) 1995{ 1996 switch( operation->id ) 1997 { 1998#if defined(MBEDTLS_PSA_BUILTIN_AEAD) 1999 case PSA_CRYPTO_MBED_TLS_DRIVER_ID: 2000 return( mbedtls_psa_aead_abort( &operation->ctx.mbedtls_ctx ) ); 2001 2002#endif /* MBEDTLS_PSA_BUILTIN_AEAD */ 2003 2004#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 2005#if defined(PSA_CRYPTO_DRIVER_TEST) 2006 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: 2007 return( mbedtls_test_transparent_aead_abort( 2008 &operation->ctx.transparent_test_driver_ctx ) ); 2009 2010 /* Add cases for opaque driver here */ 2011 2012#endif /* PSA_CRYPTO_DRIVER_TEST */ 2013#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 2014 } 2015 2016 return( PSA_ERROR_INVALID_ARGUMENT ); 2017} 2018 2019/* 2020 * MAC functions 2021 */ 2022psa_status_t psa_driver_wrapper_mac_compute( 2023 const psa_key_attributes_t *attributes, 2024 const uint8_t *key_buffer, 2025 size_t key_buffer_size, 2026 psa_algorithm_t alg, 2027 const uint8_t *input, 2028 size_t input_length, 2029 uint8_t *mac, 2030 size_t mac_size, 2031 size_t *mac_length ) 2032{ 2033 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 2034 psa_key_location_t location = 2035 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); 2036 2037 switch( location ) 2038 { 2039 case PSA_KEY_LOCATION_LOCAL_STORAGE: 2040 /* Key is stored in the slot in export representation, so 2041 * cycle through all known transparent accelerators */ 2042#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 2043#if defined(PSA_CRYPTO_DRIVER_TEST) 2044 status = mbedtls_test_transparent_mac_compute( 2045 attributes, key_buffer, key_buffer_size, alg, 2046 input, input_length, 2047 mac, mac_size, mac_length ); 2048 /* Declared with fallback == true */ 2049 if( status != PSA_ERROR_NOT_SUPPORTED ) 2050 return( status ); 2051#endif /* PSA_CRYPTO_DRIVER_TEST */ 2052#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 2053#if defined(MBEDTLS_PSA_BUILTIN_MAC) 2054 /* Fell through, meaning no accelerator supports this operation */ 2055 status = mbedtls_psa_mac_compute( 2056 attributes, key_buffer, key_buffer_size, alg, 2057 input, input_length, 2058 mac, mac_size, mac_length ); 2059 if( status != PSA_ERROR_NOT_SUPPORTED ) 2060 return( status ); 2061#endif /* MBEDTLS_PSA_BUILTIN_MAC */ 2062 return( PSA_ERROR_NOT_SUPPORTED ); 2063 2064 /* Add cases for opaque driver here */ 2065#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 2066#if defined(PSA_CRYPTO_DRIVER_TEST) 2067 case PSA_CRYPTO_TEST_DRIVER_LOCATION: 2068 status = mbedtls_test_opaque_mac_compute( 2069 attributes, key_buffer, key_buffer_size, alg, 2070 input, input_length, 2071 mac, mac_size, mac_length ); 2072 return( status ); 2073#endif /* PSA_CRYPTO_DRIVER_TEST */ 2074#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 2075 default: 2076 /* Key is declared with a lifetime not known to us */ 2077 (void) key_buffer; 2078 (void) key_buffer_size; 2079 (void) alg; 2080 (void) input; 2081 (void) input_length; 2082 (void) mac; 2083 (void) mac_size; 2084 (void) mac_length; 2085 (void) status; 2086 return( PSA_ERROR_INVALID_ARGUMENT ); 2087 } 2088} 2089 2090psa_status_t psa_driver_wrapper_mac_sign_setup( 2091 psa_mac_operation_t *operation, 2092 const psa_key_attributes_t *attributes, 2093 const uint8_t *key_buffer, 2094 size_t key_buffer_size, 2095 psa_algorithm_t alg ) 2096{ 2097 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 2098 psa_key_location_t location = 2099 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); 2100 2101 switch( location ) 2102 { 2103 case PSA_KEY_LOCATION_LOCAL_STORAGE: 2104 /* Key is stored in the slot in export representation, so 2105 * cycle through all known transparent accelerators */ 2106#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 2107#if defined(PSA_CRYPTO_DRIVER_TEST) 2108 status = mbedtls_test_transparent_mac_sign_setup( 2109 &operation->ctx.transparent_test_driver_ctx, 2110 attributes, 2111 key_buffer, key_buffer_size, 2112 alg ); 2113 /* Declared with fallback == true */ 2114 if( status == PSA_SUCCESS ) 2115 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID; 2116 2117 if( status != PSA_ERROR_NOT_SUPPORTED ) 2118 return( status ); 2119#endif /* PSA_CRYPTO_DRIVER_TEST */ 2120#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 2121#if defined(MBEDTLS_PSA_BUILTIN_MAC) 2122 /* Fell through, meaning no accelerator supports this operation */ 2123 status = mbedtls_psa_mac_sign_setup( &operation->ctx.mbedtls_ctx, 2124 attributes, 2125 key_buffer, key_buffer_size, 2126 alg ); 2127 if( status == PSA_SUCCESS ) 2128 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; 2129 2130 if( status != PSA_ERROR_NOT_SUPPORTED ) 2131 return( status ); 2132#endif /* MBEDTLS_PSA_BUILTIN_MAC */ 2133 return( PSA_ERROR_NOT_SUPPORTED ); 2134 2135 /* Add cases for opaque driver here */ 2136#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 2137#if defined(PSA_CRYPTO_DRIVER_TEST) 2138 case PSA_CRYPTO_TEST_DRIVER_LOCATION: 2139 status = mbedtls_test_opaque_mac_sign_setup( 2140 &operation->ctx.opaque_test_driver_ctx, 2141 attributes, 2142 key_buffer, key_buffer_size, 2143 alg ); 2144 2145 if( status == PSA_SUCCESS ) 2146 operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID; 2147 2148 return( status ); 2149#endif /* PSA_CRYPTO_DRIVER_TEST */ 2150#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 2151 default: 2152 /* Key is declared with a lifetime not known to us */ 2153 (void) status; 2154 (void) operation; 2155 (void) key_buffer; 2156 (void) key_buffer_size; 2157 (void) alg; 2158 return( PSA_ERROR_INVALID_ARGUMENT ); 2159 } 2160} 2161 2162psa_status_t psa_driver_wrapper_mac_verify_setup( 2163 psa_mac_operation_t *operation, 2164 const psa_key_attributes_t *attributes, 2165 const uint8_t *key_buffer, 2166 size_t key_buffer_size, 2167 psa_algorithm_t alg ) 2168{ 2169 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 2170 psa_key_location_t location = 2171 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); 2172 2173 switch( location ) 2174 { 2175 case PSA_KEY_LOCATION_LOCAL_STORAGE: 2176 /* Key is stored in the slot in export representation, so 2177 * cycle through all known transparent accelerators */ 2178#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 2179#if defined(PSA_CRYPTO_DRIVER_TEST) 2180 status = mbedtls_test_transparent_mac_verify_setup( 2181 &operation->ctx.transparent_test_driver_ctx, 2182 attributes, 2183 key_buffer, key_buffer_size, 2184 alg ); 2185 /* Declared with fallback == true */ 2186 if( status == PSA_SUCCESS ) 2187 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID; 2188 2189 if( status != PSA_ERROR_NOT_SUPPORTED ) 2190 return( status ); 2191#endif /* PSA_CRYPTO_DRIVER_TEST */ 2192#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 2193#if defined(MBEDTLS_PSA_BUILTIN_MAC) 2194 /* Fell through, meaning no accelerator supports this operation */ 2195 status = mbedtls_psa_mac_verify_setup( &operation->ctx.mbedtls_ctx, 2196 attributes, 2197 key_buffer, key_buffer_size, 2198 alg ); 2199 if( status == PSA_SUCCESS ) 2200 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; 2201 2202 if( status != PSA_ERROR_NOT_SUPPORTED ) 2203 return( status ); 2204#endif /* MBEDTLS_PSA_BUILTIN_MAC */ 2205 return( PSA_ERROR_NOT_SUPPORTED ); 2206 2207 /* Add cases for opaque driver here */ 2208#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 2209#if defined(PSA_CRYPTO_DRIVER_TEST) 2210 case PSA_CRYPTO_TEST_DRIVER_LOCATION: 2211 status = mbedtls_test_opaque_mac_verify_setup( 2212 &operation->ctx.opaque_test_driver_ctx, 2213 attributes, 2214 key_buffer, key_buffer_size, 2215 alg ); 2216 2217 if( status == PSA_SUCCESS ) 2218 operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID; 2219 2220 return( status ); 2221#endif /* PSA_CRYPTO_DRIVER_TEST */ 2222#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 2223 default: 2224 /* Key is declared with a lifetime not known to us */ 2225 (void) status; 2226 (void) operation; 2227 (void) key_buffer; 2228 (void) key_buffer_size; 2229 (void) alg; 2230 return( PSA_ERROR_INVALID_ARGUMENT ); 2231 } 2232} 2233 2234psa_status_t psa_driver_wrapper_mac_update( 2235 psa_mac_operation_t *operation, 2236 const uint8_t *input, 2237 size_t input_length ) 2238{ 2239 switch( operation->id ) 2240 { 2241#if defined(MBEDTLS_PSA_BUILTIN_MAC) 2242 case PSA_CRYPTO_MBED_TLS_DRIVER_ID: 2243 return( mbedtls_psa_mac_update( &operation->ctx.mbedtls_ctx, 2244 input, input_length ) ); 2245#endif /* MBEDTLS_PSA_BUILTIN_MAC */ 2246 2247#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 2248#if defined(PSA_CRYPTO_DRIVER_TEST) 2249 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: 2250 return( mbedtls_test_transparent_mac_update( 2251 &operation->ctx.transparent_test_driver_ctx, 2252 input, input_length ) ); 2253 2254 case MBEDTLS_TEST_OPAQUE_DRIVER_ID: 2255 return( mbedtls_test_opaque_mac_update( 2256 &operation->ctx.opaque_test_driver_ctx, 2257 input, input_length ) ); 2258#endif /* PSA_CRYPTO_DRIVER_TEST */ 2259#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 2260 default: 2261 (void) input; 2262 (void) input_length; 2263 return( PSA_ERROR_INVALID_ARGUMENT ); 2264 } 2265} 2266 2267psa_status_t psa_driver_wrapper_mac_sign_finish( 2268 psa_mac_operation_t *operation, 2269 uint8_t *mac, 2270 size_t mac_size, 2271 size_t *mac_length ) 2272{ 2273 switch( operation->id ) 2274 { 2275#if defined(MBEDTLS_PSA_BUILTIN_MAC) 2276 case PSA_CRYPTO_MBED_TLS_DRIVER_ID: 2277 return( mbedtls_psa_mac_sign_finish( &operation->ctx.mbedtls_ctx, 2278 mac, mac_size, mac_length ) ); 2279#endif /* MBEDTLS_PSA_BUILTIN_MAC */ 2280 2281#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 2282#if defined(PSA_CRYPTO_DRIVER_TEST) 2283 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: 2284 return( mbedtls_test_transparent_mac_sign_finish( 2285 &operation->ctx.transparent_test_driver_ctx, 2286 mac, mac_size, mac_length ) ); 2287 2288 case MBEDTLS_TEST_OPAQUE_DRIVER_ID: 2289 return( mbedtls_test_opaque_mac_sign_finish( 2290 &operation->ctx.opaque_test_driver_ctx, 2291 mac, mac_size, mac_length ) ); 2292#endif /* PSA_CRYPTO_DRIVER_TEST */ 2293#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 2294 default: 2295 (void) mac; 2296 (void) mac_size; 2297 (void) mac_length; 2298 return( PSA_ERROR_INVALID_ARGUMENT ); 2299 } 2300} 2301 2302psa_status_t psa_driver_wrapper_mac_verify_finish( 2303 psa_mac_operation_t *operation, 2304 const uint8_t *mac, 2305 size_t mac_length ) 2306{ 2307 switch( operation->id ) 2308 { 2309#if defined(MBEDTLS_PSA_BUILTIN_MAC) 2310 case PSA_CRYPTO_MBED_TLS_DRIVER_ID: 2311 return( mbedtls_psa_mac_verify_finish( &operation->ctx.mbedtls_ctx, 2312 mac, mac_length ) ); 2313#endif /* MBEDTLS_PSA_BUILTIN_MAC */ 2314 2315#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 2316#if defined(PSA_CRYPTO_DRIVER_TEST) 2317 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: 2318 return( mbedtls_test_transparent_mac_verify_finish( 2319 &operation->ctx.transparent_test_driver_ctx, 2320 mac, mac_length ) ); 2321 2322 case MBEDTLS_TEST_OPAQUE_DRIVER_ID: 2323 return( mbedtls_test_opaque_mac_verify_finish( 2324 &operation->ctx.opaque_test_driver_ctx, 2325 mac, mac_length ) ); 2326#endif /* PSA_CRYPTO_DRIVER_TEST */ 2327#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 2328 default: 2329 (void) mac; 2330 (void) mac_length; 2331 return( PSA_ERROR_INVALID_ARGUMENT ); 2332 } 2333} 2334 2335psa_status_t psa_driver_wrapper_mac_abort( 2336 psa_mac_operation_t *operation ) 2337{ 2338 switch( operation->id ) 2339 { 2340#if defined(MBEDTLS_PSA_BUILTIN_MAC) 2341 case PSA_CRYPTO_MBED_TLS_DRIVER_ID: 2342 return( mbedtls_psa_mac_abort( &operation->ctx.mbedtls_ctx ) ); 2343#endif /* MBEDTLS_PSA_BUILTIN_MAC */ 2344 2345#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 2346#if defined(PSA_CRYPTO_DRIVER_TEST) 2347 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: 2348 return( mbedtls_test_transparent_mac_abort( 2349 &operation->ctx.transparent_test_driver_ctx ) ); 2350 case MBEDTLS_TEST_OPAQUE_DRIVER_ID: 2351 return( mbedtls_test_opaque_mac_abort( 2352 &operation->ctx.opaque_test_driver_ctx ) ); 2353#endif /* PSA_CRYPTO_DRIVER_TEST */ 2354#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 2355 default: 2356 return( PSA_ERROR_INVALID_ARGUMENT ); 2357 } 2358} 2359 2360/* 2361 * Asymmetric cryptography 2362 */ 2363psa_status_t psa_driver_wrapper_asymmetric_encrypt( 2364 const psa_key_attributes_t *attributes, const uint8_t *key_buffer, 2365 size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input, 2366 size_t input_length, const uint8_t *salt, size_t salt_length, 2367 uint8_t *output, size_t output_size, size_t *output_length ) 2368{ 2369 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 2370 psa_key_location_t location = 2371 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); 2372 2373 switch( location ) 2374 { 2375 case PSA_KEY_LOCATION_LOCAL_STORAGE: 2376 /* Key is stored in the slot in export representation, so 2377 * cycle through all known transparent accelerators */ 2378#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 2379#if defined(PSA_CRYPTO_DRIVER_TEST) 2380 status = mbedtls_test_transparent_asymmetric_encrypt( attributes, 2381 key_buffer, key_buffer_size, alg, input, input_length, 2382 salt, salt_length, output, output_size, 2383 output_length ); 2384 /* Declared with fallback == true */ 2385 if( status != PSA_ERROR_NOT_SUPPORTED ) 2386 return( status ); 2387#endif /* PSA_CRYPTO_DRIVER_TEST */ 2388#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 2389 return( mbedtls_psa_asymmetric_encrypt( attributes, 2390 key_buffer, key_buffer_size, alg, input, input_length, 2391 salt, salt_length, output, output_size, output_length ) 2392 ); 2393 /* Add cases for opaque driver here */ 2394#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 2395#if defined(PSA_CRYPTO_DRIVER_TEST) 2396 case PSA_CRYPTO_TEST_DRIVER_LOCATION: 2397 return( mbedtls_test_opaque_asymmetric_encrypt( attributes, 2398 key_buffer, key_buffer_size, alg, input, input_length, 2399 salt, salt_length, output, output_size, output_length ) 2400 ); 2401#endif /* PSA_CRYPTO_DRIVER_TEST */ 2402#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 2403 2404 default: 2405 /* Key is declared with a lifetime not known to us */ 2406 (void)status; 2407 (void)key_buffer; 2408 (void)key_buffer_size; 2409 (void)alg; 2410 (void)input; 2411 (void)input_length; 2412 (void)salt; 2413 (void)salt_length; 2414 (void)output; 2415 (void)output_size; 2416 (void)output_length; 2417 return( PSA_ERROR_INVALID_ARGUMENT ); 2418 } 2419} 2420 2421psa_status_t psa_driver_wrapper_asymmetric_decrypt( 2422 const psa_key_attributes_t *attributes, const uint8_t *key_buffer, 2423 size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input, 2424 size_t input_length, const uint8_t *salt, size_t salt_length, 2425 uint8_t *output, size_t output_size, size_t *output_length ) 2426{ 2427 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 2428 psa_key_location_t location = 2429 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); 2430 2431 switch( location ) 2432 { 2433 case PSA_KEY_LOCATION_LOCAL_STORAGE: 2434 /* Key is stored in the slot in export representation, so 2435 * cycle through all known transparent accelerators */ 2436#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 2437#if defined(PSA_CRYPTO_DRIVER_TEST) 2438 status = mbedtls_test_transparent_asymmetric_decrypt( attributes, 2439 key_buffer, key_buffer_size, alg, input, input_length, 2440 salt, salt_length, output, output_size, 2441 output_length ); 2442 /* Declared with fallback == true */ 2443 if( status != PSA_ERROR_NOT_SUPPORTED ) 2444 return( status ); 2445#endif /* PSA_CRYPTO_DRIVER_TEST */ 2446#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 2447 return( mbedtls_psa_asymmetric_decrypt( attributes, 2448 key_buffer, key_buffer_size, alg,input, input_length, 2449 salt, salt_length, output, output_size, 2450 output_length ) ); 2451 /* Add cases for opaque driver here */ 2452#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 2453#if defined(PSA_CRYPTO_DRIVER_TEST) 2454 case PSA_CRYPTO_TEST_DRIVER_LOCATION: 2455 return( mbedtls_test_opaque_asymmetric_decrypt( attributes, 2456 key_buffer, key_buffer_size, alg, input, input_length, 2457 salt, salt_length, output, output_size, 2458 output_length ) ); 2459#endif /* PSA_CRYPTO_DRIVER_TEST */ 2460#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 2461 2462 default: 2463 /* Key is declared with a lifetime not known to us */ 2464 (void)status; 2465 (void)key_buffer; 2466 (void)key_buffer_size; 2467 (void)alg; 2468 (void)input; 2469 (void)input_length; 2470 (void)salt; 2471 (void)salt_length; 2472 (void)output; 2473 (void)output_size; 2474 (void)output_length; 2475 return( PSA_ERROR_INVALID_ARGUMENT ); 2476 } 2477} 2478 2479psa_status_t psa_driver_wrapper_key_agreement( 2480 const psa_key_attributes_t *attributes, 2481 const uint8_t *key_buffer, 2482 size_t key_buffer_size, 2483 psa_algorithm_t alg, 2484 const uint8_t *peer_key, 2485 size_t peer_key_length, 2486 uint8_t *shared_secret, 2487 size_t shared_secret_size, 2488 size_t *shared_secret_length 2489 ) 2490 { 2491 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 2492 psa_key_location_t location = 2493 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); 2494 2495 switch( location ) 2496 { 2497 case PSA_KEY_LOCATION_LOCAL_STORAGE: 2498 /* Key is stored in the slot in export representation, so 2499 * cycle through all known transparent accelerators */ 2500#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 2501#if defined(PSA_CRYPTO_DRIVER_TEST) 2502 status = 2503 mbedtls_test_transparent_key_agreement( attributes, 2504 key_buffer, key_buffer_size, alg, peer_key, 2505 peer_key_length, shared_secret, shared_secret_size, 2506 shared_secret_length ); 2507 if( status != PSA_ERROR_NOT_SUPPORTED ) 2508 return( status ); 2509#endif /* PSA_CRYPTO_DRIVER_TEST */ 2510#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 2511 2512 /* Software Fallback */ 2513 status = psa_key_agreement_raw_builtin( attributes, 2514 key_buffer, 2515 key_buffer_size, 2516 alg, 2517 peer_key, 2518 peer_key_length, 2519 shared_secret, 2520 shared_secret_size, 2521 shared_secret_length ); 2522 return( status ); 2523#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 2524#if defined(PSA_CRYPTO_DRIVER_TEST) 2525 case PSA_CRYPTO_TEST_DRIVER_LOCATION: 2526 return( mbedtls_test_opaque_key_agreement( attributes, 2527 key_buffer, key_buffer_size, alg, peer_key, 2528 peer_key_length, shared_secret, shared_secret_size, 2529 shared_secret_length ) ); 2530#endif /* PSA_CRYPTO_DRIVER_TEST */ 2531#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 2532 2533 default: 2534 (void) attributes; 2535 (void) key_buffer; 2536 (void) key_buffer_size; 2537 (void) peer_key; 2538 (void) peer_key_length; 2539 (void) shared_secret; 2540 (void) shared_secret_size; 2541 (void) shared_secret_length; 2542 return( PSA_ERROR_NOT_SUPPORTED ); 2543 2544 } 2545 } 2546 2547#endif /* MBEDTLS_PSA_CRYPTO_C */ 2548
