1/* 2 * Functions to delegate cryptographic operations to an available 3 * and appropriate accelerator. 4 * Warning: This file is now auto-generated. 5 */ 6/* Copyright The Mbed TLS Contributors 7 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 8 */ 9 10 11/* BEGIN-common headers */ 12#include "common.h" 13#include "psa_crypto_aead.h" 14#include "psa_crypto_cipher.h" 15#include "psa_crypto_core.h" 16#include "psa_crypto_driver_wrappers_no_static.h" 17#include "psa_crypto_hash.h" 18#include "psa_crypto_mac.h" 19#include "psa_crypto_pake.h" 20#include "psa_crypto_rsa.h" 21 22#include "mbedtls/platform.h" 23#include "mbedtls/constant_time.h" 24/* END-common headers */ 25 26#if defined(MBEDTLS_PSA_CRYPTO_C) 27 28/* BEGIN-driver headers */ 29{% for driver in drivers -%} 30/* Headers for {{driver.prefix}} {{driver.type}} driver */ 31{% if driver['mbedtls/h_condition'] is defined -%} 32#if {{ driver['mbedtls/h_condition'] }} 33{% endif -%} 34{% for header in driver.headers -%} 35#include "{{ header }}" 36{% endfor %} 37{% if driver['mbedtls/h_condition'] is defined -%} 38#endif 39{% endif -%} 40{% endfor %} 41/* END-driver headers */ 42 43/* Auto-generated values depending on which drivers are registered. 44 * ID 0 is reserved for unallocated operations. 45 * ID 1 is reserved for the Mbed TLS software driver. */ 46/* BEGIN-driver id definition */ 47#define PSA_CRYPTO_MBED_TLS_DRIVER_ID (1) 48{% for driver in drivers -%} 49#define {{(driver.prefix + "_" + driver.type + "_driver_id").upper()}} ({{ loop.index + 1 }}) 50{% endfor %} 51/* END-driver id */ 52 53/* BEGIN-Common Macro definitions */ 54{% macro entry_point_name(capability, entry_point, driver) -%} 55 {% if capability.name is defined and entry_point in capability.names.keys() -%} 56 {{ capability.names[entry_point]}} 57 {% else -%} 58 {{driver.prefix}}_{{driver.type}}_{{entry_point}} 59 {% endif -%} 60{% endmacro %} 61/* END-Common Macro definitions */ 62 63/* Support the 'old' SE interface when asked to */ 64#if defined(MBEDTLS_PSA_CRYPTO_SE_C) 65/* PSA_CRYPTO_DRIVER_PRESENT is defined when either a new-style or old-style 66 * SE driver is present, to avoid unused argument errors at compile time. */ 67#ifndef PSA_CRYPTO_DRIVER_PRESENT 68#define PSA_CRYPTO_DRIVER_PRESENT 69#endif 70#include "psa_crypto_se.h" 71#endif 72 73static inline psa_status_t psa_driver_wrapper_init( void ) 74{ 75 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 76 77#if defined(MBEDTLS_PSA_CRYPTO_SE_C) 78 status = psa_init_all_se_drivers( ); 79 if( status != PSA_SUCCESS ) 80 return( status ); 81#endif 82 83#if defined(PSA_CRYPTO_DRIVER_TEST) 84 status = mbedtls_test_transparent_init( ); 85 if( status != PSA_SUCCESS ) 86 return( status ); 87 88 status = mbedtls_test_opaque_init( ); 89 if( status != PSA_SUCCESS ) 90 return( status ); 91#endif 92 93 (void) status; 94 return( PSA_SUCCESS ); 95} 96 97static inline void psa_driver_wrapper_free( void ) 98{ 99#if defined(MBEDTLS_PSA_CRYPTO_SE_C) 100 /* Unregister all secure element drivers, so that we restart from 101 * a pristine state. */ 102 psa_unregister_all_se_drivers( ); 103#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ 104 105#if defined(PSA_CRYPTO_DRIVER_TEST) 106 mbedtls_test_transparent_free( ); 107 mbedtls_test_opaque_free( ); 108#endif 109} 110 111/* Start delegation functions */ 112static inline psa_status_t psa_driver_wrapper_sign_message( 113 const psa_key_attributes_t *attributes, 114 const uint8_t *key_buffer, 115 size_t key_buffer_size, 116 psa_algorithm_t alg, 117 const uint8_t *input, 118 size_t input_length, 119 uint8_t *signature, 120 size_t signature_size, 121 size_t *signature_length ) 122{ 123 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 124 psa_key_location_t location = 125 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); 126 127 switch( location ) 128 { 129 case PSA_KEY_LOCATION_LOCAL_STORAGE: 130 /* Key is stored in the slot in export representation, so 131 * cycle through all known transparent accelerators */ 132#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 133#if defined(PSA_CRYPTO_DRIVER_TEST) 134 status = mbedtls_test_transparent_signature_sign_message( 135 attributes, 136 key_buffer, 137 key_buffer_size, 138 alg, 139 input, 140 input_length, 141 signature, 142 signature_size, 143 signature_length ); 144 /* Declared with fallback == true */ 145 if( status != PSA_ERROR_NOT_SUPPORTED ) 146 return( status ); 147#endif /* PSA_CRYPTO_DRIVER_TEST */ 148#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 149 break; 150 151 /* Add cases for opaque driver here */ 152#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 153#if defined(PSA_CRYPTO_DRIVER_TEST) 154 case PSA_CRYPTO_TEST_DRIVER_LOCATION: 155 status = mbedtls_test_opaque_signature_sign_message( 156 attributes, 157 key_buffer, 158 key_buffer_size, 159 alg, 160 input, 161 input_length, 162 signature, 163 signature_size, 164 signature_length ); 165 if( status != PSA_ERROR_NOT_SUPPORTED ) 166 return( status ); 167 break; 168#endif /* PSA_CRYPTO_DRIVER_TEST */ 169#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 170 default: 171 /* Key is declared with a lifetime not known to us */ 172 (void)status; 173 break; 174 } 175 176 return( psa_sign_message_builtin( attributes, 177 key_buffer, 178 key_buffer_size, 179 alg, 180 input, 181 input_length, 182 signature, 183 signature_size, 184 signature_length ) ); 185} 186 187static inline psa_status_t psa_driver_wrapper_verify_message( 188 const psa_key_attributes_t *attributes, 189 const uint8_t *key_buffer, 190 size_t key_buffer_size, 191 psa_algorithm_t alg, 192 const uint8_t *input, 193 size_t input_length, 194 const uint8_t *signature, 195 size_t signature_length ) 196{ 197 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 198 psa_key_location_t location = 199 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); 200 201 switch( location ) 202 { 203 case PSA_KEY_LOCATION_LOCAL_STORAGE: 204 /* Key is stored in the slot in export representation, so 205 * cycle through all known transparent accelerators */ 206#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 207#if defined(PSA_CRYPTO_DRIVER_TEST) 208 status = mbedtls_test_transparent_signature_verify_message( 209 attributes, 210 key_buffer, 211 key_buffer_size, 212 alg, 213 input, 214 input_length, 215 signature, 216 signature_length ); 217 /* Declared with fallback == true */ 218 if( status != PSA_ERROR_NOT_SUPPORTED ) 219 return( status ); 220#endif /* PSA_CRYPTO_DRIVER_TEST */ 221#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 222 break; 223 224 /* Add cases for opaque driver here */ 225#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 226#if defined(PSA_CRYPTO_DRIVER_TEST) 227 case PSA_CRYPTO_TEST_DRIVER_LOCATION: 228 return( mbedtls_test_opaque_signature_verify_message( 229 attributes, 230 key_buffer, 231 key_buffer_size, 232 alg, 233 input, 234 input_length, 235 signature, 236 signature_length ) ); 237 if( status != PSA_ERROR_NOT_SUPPORTED ) 238 return( status ); 239 break; 240#endif /* PSA_CRYPTO_DRIVER_TEST */ 241#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 242 default: 243 /* Key is declared with a lifetime not known to us */ 244 (void)status; 245 break; 246 } 247 248 return( psa_verify_message_builtin( attributes, 249 key_buffer, 250 key_buffer_size, 251 alg, 252 input, 253 input_length, 254 signature, 255 signature_length ) ); 256} 257 258static inline psa_status_t psa_driver_wrapper_sign_hash( 259 const psa_key_attributes_t *attributes, 260 const uint8_t *key_buffer, size_t key_buffer_size, 261 psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, 262 uint8_t *signature, size_t signature_size, size_t *signature_length ) 263{ 264 /* Try dynamically-registered SE interface first */ 265#if defined(MBEDTLS_PSA_CRYPTO_SE_C) 266 const psa_drv_se_t *drv; 267 psa_drv_se_context_t *drv_context; 268 269 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) ) 270 { 271 if( drv->asymmetric == NULL || 272 drv->asymmetric->p_sign == NULL ) 273 { 274 /* Key is defined in SE, but we have no way to exercise it */ 275 return( PSA_ERROR_NOT_SUPPORTED ); 276 } 277 return( drv->asymmetric->p_sign( 278 drv_context, *( (psa_key_slot_number_t *)key_buffer ), 279 alg, hash, hash_length, 280 signature, signature_size, signature_length ) ); 281 } 282#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ 283 284 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 285 psa_key_location_t location = 286 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); 287 288 switch( location ) 289 { 290 case PSA_KEY_LOCATION_LOCAL_STORAGE: 291 /* Key is stored in the slot in export representation, so 292 * cycle through all known transparent accelerators */ 293#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 294#if defined(PSA_CRYPTO_DRIVER_TEST) 295 status = mbedtls_test_transparent_signature_sign_hash( attributes, 296 key_buffer, 297 key_buffer_size, 298 alg, 299 hash, 300 hash_length, 301 signature, 302 signature_size, 303 signature_length ); 304 /* Declared with fallback == true */ 305 if( status != PSA_ERROR_NOT_SUPPORTED ) 306 return( status ); 307#endif /* PSA_CRYPTO_DRIVER_TEST */ 308#if defined (MBEDTLS_PSA_P256M_DRIVER_ENABLED) 309 if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) && 310 PSA_ALG_IS_ECDSA(alg) && 311 !PSA_ALG_ECDSA_IS_DETERMINISTIC( alg ) && 312 PSA_KEY_TYPE_ECC_GET_FAMILY(attributes->core.type) == PSA_ECC_FAMILY_SECP_R1 && 313 attributes->core.bits == 256 ) 314 { 315 status = p256_transparent_sign_hash( attributes, 316 key_buffer, 317 key_buffer_size, 318 alg, 319 hash, 320 hash_length, 321 signature, 322 signature_size, 323 signature_length ); 324 if( status != PSA_ERROR_NOT_SUPPORTED ) 325 return( status ); 326 } 327#endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */ 328#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 329 /* Fell through, meaning no accelerator supports this operation */ 330 return( psa_sign_hash_builtin( attributes, 331 key_buffer, 332 key_buffer_size, 333 alg, 334 hash, 335 hash_length, 336 signature, 337 signature_size, 338 signature_length ) ); 339 340 /* Add cases for opaque driver here */ 341#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 342#if defined(PSA_CRYPTO_DRIVER_TEST) 343 case PSA_CRYPTO_TEST_DRIVER_LOCATION: 344 return( mbedtls_test_opaque_signature_sign_hash( attributes, 345 key_buffer, 346 key_buffer_size, 347 alg, 348 hash, 349 hash_length, 350 signature, 351 signature_size, 352 signature_length ) ); 353#endif /* PSA_CRYPTO_DRIVER_TEST */ 354#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 355 default: 356 /* Key is declared with a lifetime not known to us */ 357 (void)status; 358 return( PSA_ERROR_INVALID_ARGUMENT ); 359 } 360} 361 362static inline psa_status_t psa_driver_wrapper_verify_hash( 363 const psa_key_attributes_t *attributes, 364 const uint8_t *key_buffer, size_t key_buffer_size, 365 psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, 366 const uint8_t *signature, size_t signature_length ) 367{ 368 /* Try dynamically-registered SE interface first */ 369#if defined(MBEDTLS_PSA_CRYPTO_SE_C) 370 const psa_drv_se_t *drv; 371 psa_drv_se_context_t *drv_context; 372 373 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) ) 374 { 375 if( drv->asymmetric == NULL || 376 drv->asymmetric->p_verify == NULL ) 377 { 378 /* Key is defined in SE, but we have no way to exercise it */ 379 return( PSA_ERROR_NOT_SUPPORTED ); 380 } 381 return( drv->asymmetric->p_verify( 382 drv_context, *( (psa_key_slot_number_t *)key_buffer ), 383 alg, hash, hash_length, 384 signature, signature_length ) ); 385 } 386#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ 387 388 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 389 psa_key_location_t location = 390 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); 391 392 switch( location ) 393 { 394 case PSA_KEY_LOCATION_LOCAL_STORAGE: 395 /* Key is stored in the slot in export representation, so 396 * cycle through all known transparent accelerators */ 397#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 398#if defined(PSA_CRYPTO_DRIVER_TEST) 399 status = mbedtls_test_transparent_signature_verify_hash( 400 attributes, 401 key_buffer, 402 key_buffer_size, 403 alg, 404 hash, 405 hash_length, 406 signature, 407 signature_length ); 408 /* Declared with fallback == true */ 409 if( status != PSA_ERROR_NOT_SUPPORTED ) 410 return( status ); 411#endif /* PSA_CRYPTO_DRIVER_TEST */ 412#if defined (MBEDTLS_PSA_P256M_DRIVER_ENABLED) 413 if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) && 414 PSA_ALG_IS_ECDSA(alg) && 415 !PSA_ALG_ECDSA_IS_DETERMINISTIC( alg ) && 416 PSA_KEY_TYPE_ECC_GET_FAMILY(attributes->core.type) == PSA_ECC_FAMILY_SECP_R1 && 417 attributes->core.bits == 256 ) 418 { 419 status = p256_transparent_verify_hash( attributes, 420 key_buffer, 421 key_buffer_size, 422 alg, 423 hash, 424 hash_length, 425 signature, 426 signature_length ); 427 if( status != PSA_ERROR_NOT_SUPPORTED ) 428 return( status ); 429 } 430#endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */ 431#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 432 433 return( psa_verify_hash_builtin( attributes, 434 key_buffer, 435 key_buffer_size, 436 alg, 437 hash, 438 hash_length, 439 signature, 440 signature_length ) ); 441 442 /* Add cases for opaque driver here */ 443#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 444#if defined(PSA_CRYPTO_DRIVER_TEST) 445 case PSA_CRYPTO_TEST_DRIVER_LOCATION: 446 return( mbedtls_test_opaque_signature_verify_hash( attributes, 447 key_buffer, 448 key_buffer_size, 449 alg, 450 hash, 451 hash_length, 452 signature, 453 signature_length ) ); 454#endif /* PSA_CRYPTO_DRIVER_TEST */ 455#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 456 default: 457 /* Key is declared with a lifetime not known to us */ 458 (void)status; 459 return( PSA_ERROR_INVALID_ARGUMENT ); 460 } 461} 462 463static inline uint32_t psa_driver_wrapper_sign_hash_get_num_ops( 464 psa_sign_hash_interruptible_operation_t *operation ) 465{ 466 switch( operation->id ) 467 { 468 /* If uninitialised, return 0, as no work can have been done. */ 469 case 0: 470 return 0; 471 472 case PSA_CRYPTO_MBED_TLS_DRIVER_ID: 473 return(mbedtls_psa_sign_hash_get_num_ops(&operation->ctx.mbedtls_ctx)); 474 475#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 476#if defined(PSA_CRYPTO_DRIVER_TEST) 477 /* Add test driver tests here */ 478 479#endif /* PSA_CRYPTO_DRIVER_TEST */ 480#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 481 } 482 483 /* Can't happen (see discussion in #8271) */ 484 return 0; 485} 486 487static inline uint32_t psa_driver_wrapper_verify_hash_get_num_ops( 488 psa_verify_hash_interruptible_operation_t *operation ) 489{ 490 switch( operation->id ) 491 { 492 /* If uninitialised, return 0, as no work can have been done. */ 493 case 0: 494 return 0; 495 496 case PSA_CRYPTO_MBED_TLS_DRIVER_ID: 497 return (mbedtls_psa_verify_hash_get_num_ops(&operation->ctx.mbedtls_ctx)); 498 499#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 500#if defined(PSA_CRYPTO_DRIVER_TEST) 501 /* Add test driver tests here */ 502 503#endif /* PSA_CRYPTO_DRIVER_TEST */ 504#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 505 506 } 507 508 /* Can't happen (see discussion in #8271) */ 509 return 0; 510} 511 512static inline psa_status_t psa_driver_wrapper_sign_hash_start( 513 psa_sign_hash_interruptible_operation_t *operation, 514 const psa_key_attributes_t *attributes, const uint8_t *key_buffer, 515 size_t key_buffer_size, psa_algorithm_t alg, 516 const uint8_t *hash, size_t hash_length ) 517{ 518 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( 519 attributes->core.lifetime ); 520 521 switch( location ) 522 { 523 case PSA_KEY_LOCATION_LOCAL_STORAGE: 524 /* Key is stored in the slot in export representation, so 525 * cycle through all known transparent accelerators */ 526 527#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 528#if defined(PSA_CRYPTO_DRIVER_TEST) 529 530 /* Add test driver tests here */ 531 532 /* Declared with fallback == true */ 533 534#endif /* PSA_CRYPTO_DRIVER_TEST */ 535#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 536 537 /* Fell through, meaning no accelerator supports this operation */ 538 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; 539 return( mbedtls_psa_sign_hash_start( &operation->ctx.mbedtls_ctx, 540 attributes, 541 key_buffer, key_buffer_size, 542 alg, hash, hash_length ) ); 543 break; 544 545 /* Add cases for opaque driver here */ 546 547 default: 548 /* Key is declared with a lifetime not known to us */ 549 return( PSA_ERROR_INVALID_ARGUMENT ); 550 } 551} 552 553static inline psa_status_t psa_driver_wrapper_sign_hash_complete( 554 psa_sign_hash_interruptible_operation_t *operation, 555 uint8_t *signature, size_t signature_size, 556 size_t *signature_length ) 557{ 558 switch( operation->id ) 559 { 560 case PSA_CRYPTO_MBED_TLS_DRIVER_ID: 561 return( mbedtls_psa_sign_hash_complete( &operation->ctx.mbedtls_ctx, 562 signature, signature_size, 563 signature_length ) ); 564 565#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 566#if defined(PSA_CRYPTO_DRIVER_TEST) 567 /* Add test driver tests here */ 568 569#endif /* PSA_CRYPTO_DRIVER_TEST */ 570#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 571 } 572 573 ( void ) signature; 574 ( void ) signature_size; 575 ( void ) signature_length; 576 577 return( PSA_ERROR_INVALID_ARGUMENT ); 578} 579 580static inline psa_status_t psa_driver_wrapper_sign_hash_abort( 581 psa_sign_hash_interruptible_operation_t *operation ) 582{ 583 switch( operation->id ) 584 { 585 case PSA_CRYPTO_MBED_TLS_DRIVER_ID: 586 return( mbedtls_psa_sign_hash_abort( &operation->ctx.mbedtls_ctx ) ); 587 588#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 589#if defined(PSA_CRYPTO_DRIVER_TEST) 590 /* Add test driver tests here */ 591 592#endif /* PSA_CRYPTO_DRIVER_TEST */ 593#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 594 } 595 596 return( PSA_ERROR_INVALID_ARGUMENT ); 597} 598 599static inline psa_status_t psa_driver_wrapper_verify_hash_start( 600 psa_verify_hash_interruptible_operation_t *operation, 601 const psa_key_attributes_t *attributes, const uint8_t *key_buffer, 602 size_t key_buffer_size, psa_algorithm_t alg, 603 const uint8_t *hash, size_t hash_length, 604 const uint8_t *signature, size_t signature_length ) 605{ 606 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( 607 attributes->core.lifetime ); 608 609 switch( location ) 610 { 611 case PSA_KEY_LOCATION_LOCAL_STORAGE: 612 /* Key is stored in the slot in export representation, so 613 * cycle through all known transparent accelerators */ 614 615#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 616#if defined(PSA_CRYPTO_DRIVER_TEST) 617 618 /* Add test driver tests here */ 619 620 /* Declared with fallback == true */ 621 622#endif /* PSA_CRYPTO_DRIVER_TEST */ 623#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 624 625 /* Fell through, meaning no accelerator supports this operation */ 626 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; 627 return( mbedtls_psa_verify_hash_start( &operation->ctx.mbedtls_ctx, 628 attributes, 629 key_buffer, key_buffer_size, 630 alg, hash, hash_length, 631 signature, signature_length 632 ) ); 633 break; 634 635 /* Add cases for opaque driver here */ 636 637 default: 638 /* Key is declared with a lifetime not known to us */ 639 return( PSA_ERROR_INVALID_ARGUMENT ); 640 } 641} 642 643static inline psa_status_t psa_driver_wrapper_verify_hash_complete( 644 psa_verify_hash_interruptible_operation_t *operation ) 645{ 646 switch( operation->id ) 647 { 648 case PSA_CRYPTO_MBED_TLS_DRIVER_ID: 649 return( mbedtls_psa_verify_hash_complete( 650 &operation->ctx.mbedtls_ctx 651 ) ); 652 653#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 654#if defined(PSA_CRYPTO_DRIVER_TEST) 655 /* Add test driver tests here */ 656 657#endif /* PSA_CRYPTO_DRIVER_TEST */ 658#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 659 } 660 661 return( PSA_ERROR_INVALID_ARGUMENT ); 662} 663 664static inline psa_status_t psa_driver_wrapper_verify_hash_abort( 665 psa_verify_hash_interruptible_operation_t *operation ) 666{ 667 switch( operation->id ) 668 { 669 case PSA_CRYPTO_MBED_TLS_DRIVER_ID: 670 return( mbedtls_psa_verify_hash_abort( &operation->ctx.mbedtls_ctx 671 ) ); 672 673#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 674#if defined(PSA_CRYPTO_DRIVER_TEST) 675 /* Add test driver tests here */ 676 677#endif /* PSA_CRYPTO_DRIVER_TEST */ 678#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 679 } 680 681 return( PSA_ERROR_INVALID_ARGUMENT ); 682} 683 684/** Calculate the key buffer size required to store the key material of a key 685 * associated with an opaque driver from input key data. 686 * 687 * \param[in] attributes The key attributes 688 * \param[in] data The input key data. 689 * \param[in] data_length The input data length. 690 * \param[out] key_buffer_size Minimum buffer size to contain the key material. 691 * 692 * \retval #PSA_SUCCESS \emptydescription 693 * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription 694 * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription 695 */ 696static inline psa_status_t psa_driver_wrapper_get_key_buffer_size_from_key_data( 697 const psa_key_attributes_t *attributes, 698 const uint8_t *data, 699 size_t data_length, 700 size_t *key_buffer_size ) 701{ 702 psa_key_location_t location = 703 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); 704 psa_key_type_t key_type = attributes->core.type; 705 706 *key_buffer_size = 0; 707 switch( location ) 708 { 709#if defined(PSA_CRYPTO_DRIVER_TEST) 710 case PSA_CRYPTO_TEST_DRIVER_LOCATION: 711 *key_buffer_size = mbedtls_test_opaque_size_function( key_type, 712 PSA_BYTES_TO_BITS( data_length ) ); 713 return( ( *key_buffer_size != 0 ) ? 714 PSA_SUCCESS : PSA_ERROR_NOT_SUPPORTED ); 715#endif /* PSA_CRYPTO_DRIVER_TEST */ 716 717 default: 718 (void)key_type; 719 (void)data; 720 (void)data_length; 721 return( PSA_ERROR_INVALID_ARGUMENT ); 722 } 723} 724 725static inline psa_status_t psa_driver_wrapper_generate_key( 726 const psa_key_attributes_t *attributes, 727 uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length ) 728{ 729 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 730 psa_key_location_t location = 731 PSA_KEY_LIFETIME_GET_LOCATION(attributes->core.lifetime); 732 733 /* Try dynamically-registered SE interface first */ 734#if defined(MBEDTLS_PSA_CRYPTO_SE_C) 735 const psa_drv_se_t *drv; 736 psa_drv_se_context_t *drv_context; 737 738 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) ) 739 { 740 size_t pubkey_length = 0; /* We don't support this feature yet */ 741 if( drv->key_management == NULL || 742 drv->key_management->p_generate == NULL ) 743 { 744 /* Key is defined as being in SE, but we have no way to generate it */ 745 return( PSA_ERROR_NOT_SUPPORTED ); 746 } 747 return( drv->key_management->p_generate( 748 drv_context, 749 *( (psa_key_slot_number_t *)key_buffer ), 750 attributes, NULL, 0, &pubkey_length ) ); 751 } 752#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ 753 754 switch( location ) 755 { 756 case PSA_KEY_LOCATION_LOCAL_STORAGE: 757#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 758 /* Transparent drivers are limited to generating asymmetric keys */ 759 if( PSA_KEY_TYPE_IS_ASYMMETRIC( attributes->core.type ) ) 760 { 761 /* Cycle through all known transparent accelerators */ 762#if defined(PSA_CRYPTO_DRIVER_TEST) 763 status = mbedtls_test_transparent_generate_key( 764 attributes, key_buffer, key_buffer_size, 765 key_buffer_length ); 766 /* Declared with fallback == true */ 767 if( status != PSA_ERROR_NOT_SUPPORTED ) 768 break; 769#endif /* PSA_CRYPTO_DRIVER_TEST */ 770#if defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED) 771 if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) && 772 attributes->core.type == PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1) && 773 attributes->core.bits == 256 ) 774 { 775 status = p256_transparent_generate_key( attributes, 776 key_buffer, 777 key_buffer_size, 778 key_buffer_length ); 779 if( status != PSA_ERROR_NOT_SUPPORTED ) 780 break; 781 } 782 783#endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */ 784 } 785#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 786 787 /* Software fallback */ 788 status = psa_generate_key_internal( 789 attributes, key_buffer, key_buffer_size, key_buffer_length ); 790 break; 791 792 /* Add cases for opaque driver here */ 793#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 794#if defined(PSA_CRYPTO_DRIVER_TEST) 795 case PSA_CRYPTO_TEST_DRIVER_LOCATION: 796 status = mbedtls_test_opaque_generate_key( 797 attributes, key_buffer, key_buffer_size, key_buffer_length ); 798 break; 799#endif /* PSA_CRYPTO_DRIVER_TEST */ 800#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 801 802 default: 803 /* Key is declared with a lifetime not known to us */ 804 status = PSA_ERROR_INVALID_ARGUMENT; 805 break; 806 } 807 808 return( status ); 809} 810 811static inline psa_status_t psa_driver_wrapper_import_key( 812 const psa_key_attributes_t *attributes, 813 const uint8_t *data, 814 size_t data_length, 815 uint8_t *key_buffer, 816 size_t key_buffer_size, 817 size_t *key_buffer_length, 818 size_t *bits ) 819{ 820{% with entry_point = "import_key" -%} 821{% macro entry_point_param(driver) -%} 822attributes, 823data, 824data_length, 825key_buffer, 826key_buffer_size, 827key_buffer_length, 828bits 829{% endmacro %} 830 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 831 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( 832 psa_get_key_lifetime( attributes ) ); 833 834 /* Try dynamically-registered SE interface first */ 835#if defined(MBEDTLS_PSA_CRYPTO_SE_C) 836 const psa_drv_se_t *drv; 837 psa_drv_se_context_t *drv_context; 838 839 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) ) 840 { 841 if( drv->key_management == NULL || 842 drv->key_management->p_import == NULL ) 843 return( PSA_ERROR_NOT_SUPPORTED ); 844 845 /* The driver should set the number of key bits, however in 846 * case it doesn't, we initialize bits to an invalid value. */ 847 *bits = PSA_MAX_KEY_BITS + 1; 848 status = drv->key_management->p_import( 849 drv_context, 850 *( (psa_key_slot_number_t *)key_buffer ), 851 attributes, data, data_length, bits ); 852 853 if( status != PSA_SUCCESS ) 854 return( status ); 855 856 if( (*bits) > PSA_MAX_KEY_BITS ) 857 return( PSA_ERROR_NOT_SUPPORTED ); 858 859 return( PSA_SUCCESS ); 860 } 861#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ 862 863 switch( location ) 864 { 865 case PSA_KEY_LOCATION_LOCAL_STORAGE: 866 /* Key is stored in the slot in export representation, so 867 * cycle through all known transparent accelerators */ 868#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 869{% with nest_indent=12 %} 870{% include "OS-template-transparent.jinja" -%} 871{% endwith -%} 872#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 873 874 /* Fell through, meaning no accelerator supports this operation */ 875 return( psa_import_key_into_slot( attributes, 876 data, data_length, 877 key_buffer, key_buffer_size, 878 key_buffer_length, bits ) ); 879 /* Add cases for opaque driver here */ 880#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 881{% with nest_indent=8 %} 882{% include "OS-template-opaque.jinja" -%} 883{% endwith -%} 884#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 885 default: 886 (void)status; 887 return( PSA_ERROR_INVALID_ARGUMENT ); 888 } 889{% endwith %} 890} 891 892static inline psa_status_t psa_driver_wrapper_export_key( 893 const psa_key_attributes_t *attributes, 894 const uint8_t *key_buffer, size_t key_buffer_size, 895 uint8_t *data, size_t data_size, size_t *data_length ) 896 897{ 898{% with entry_point = "export_key" -%} 899{% macro entry_point_param(driver) -%} 900attributes, 901key_buffer, 902key_buffer_size, 903data, 904data_size, 905data_length 906{% endmacro %} 907 psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; 908 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( 909 psa_get_key_lifetime( attributes ) ); 910 911 /* Try dynamically-registered SE interface first */ 912#if defined(MBEDTLS_PSA_CRYPTO_SE_C) 913 const psa_drv_se_t *drv; 914 psa_drv_se_context_t *drv_context; 915 916 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) ) 917 { 918 if( ( drv->key_management == NULL ) || 919 ( drv->key_management->p_export == NULL ) ) 920 { 921 return( PSA_ERROR_NOT_SUPPORTED ); 922 } 923 924 return( drv->key_management->p_export( 925 drv_context, 926 *( (psa_key_slot_number_t *)key_buffer ), 927 data, data_size, data_length ) ); 928 } 929#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ 930 931 switch( location ) 932 { 933 case PSA_KEY_LOCATION_LOCAL_STORAGE: 934 return( psa_export_key_internal( attributes, 935 key_buffer, 936 key_buffer_size, 937 data, 938 data_size, 939 data_length ) ); 940 941 /* Add cases for opaque driver here */ 942#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 943{% with nest_indent=8 %} 944{% include "OS-template-opaque.jinja" -%} 945{% endwith -%} 946#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 947 default: 948 /* Key is declared with a lifetime not known to us */ 949 return( status ); 950 } 951{% endwith %} 952} 953 954static inline psa_status_t psa_driver_wrapper_copy_key( 955 psa_key_attributes_t *attributes, 956 const uint8_t *source_key, size_t source_key_length, 957 uint8_t *target_key_buffer, size_t target_key_buffer_size, 958 size_t *target_key_buffer_length ) 959{ 960{% with entry_point = "copy_key" -%} 961{% macro entry_point_param(driver) -%} 962attributes, 963source_key, 964source_key_length, 965target_key_buffer, 966target_key_buffer_size, 967target_key_buffer_length 968{% endmacro %} 969 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 970 psa_key_location_t location = 971 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); 972 973#if defined(MBEDTLS_PSA_CRYPTO_SE_C) 974 const psa_drv_se_t *drv; 975 psa_drv_se_context_t *drv_context; 976 977 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) ) 978 { 979 /* Copying to a secure element is not implemented yet. */ 980 return( PSA_ERROR_NOT_SUPPORTED ); 981 } 982#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ 983 984 switch( location ) 985 { 986#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 987{% with nest_indent=8 %} 988{% include "OS-template-opaque.jinja" -%} 989{% endwith -%} 990#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 991 default: 992 (void)source_key; 993 (void)source_key_length; 994 (void)target_key_buffer; 995 (void)target_key_buffer_size; 996 (void)target_key_buffer_length; 997 status = PSA_ERROR_INVALID_ARGUMENT; 998 } 999 return( status ); 1000{% endwith %} 1001} 1002 1003/* 1004 * Cipher functions 1005 */ 1006static inline psa_status_t psa_driver_wrapper_cipher_encrypt( 1007 const psa_key_attributes_t *attributes, 1008 const uint8_t *key_buffer, 1009 size_t key_buffer_size, 1010 psa_algorithm_t alg, 1011 const uint8_t *iv, 1012 size_t iv_length, 1013 const uint8_t *input, 1014 size_t input_length, 1015 uint8_t *output, 1016 size_t output_size, 1017 size_t *output_length ) 1018{ 1019 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 1020 psa_key_location_t location = 1021 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); 1022 1023 switch( location ) 1024 { 1025 case PSA_KEY_LOCATION_LOCAL_STORAGE: 1026 /* Key is stored in the slot in export representation, so 1027 * cycle through all known transparent accelerators */ 1028#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 1029#if defined(PSA_CRYPTO_DRIVER_TEST) 1030 status = mbedtls_test_transparent_cipher_encrypt( attributes, 1031 key_buffer, 1032 key_buffer_size, 1033 alg, 1034 iv, 1035 iv_length, 1036 input, 1037 input_length, 1038 output, 1039 output_size, 1040 output_length ); 1041 /* Declared with fallback == true */ 1042 if( status != PSA_ERROR_NOT_SUPPORTED ) 1043 return( status ); 1044#endif /* PSA_CRYPTO_DRIVER_TEST */ 1045#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 1046 1047#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) 1048 return( mbedtls_psa_cipher_encrypt( attributes, 1049 key_buffer, 1050 key_buffer_size, 1051 alg, 1052 iv, 1053 iv_length, 1054 input, 1055 input_length, 1056 output, 1057 output_size, 1058 output_length ) ); 1059#else 1060 return( PSA_ERROR_NOT_SUPPORTED ); 1061#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */ 1062 1063 /* Add cases for opaque driver here */ 1064#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 1065#if defined(PSA_CRYPTO_DRIVER_TEST) 1066 case PSA_CRYPTO_TEST_DRIVER_LOCATION: 1067 return( mbedtls_test_opaque_cipher_encrypt( attributes, 1068 key_buffer, 1069 key_buffer_size, 1070 alg, 1071 iv, 1072 iv_length, 1073 input, 1074 input_length, 1075 output, 1076 output_size, 1077 output_length ) ); 1078#endif /* PSA_CRYPTO_DRIVER_TEST */ 1079#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 1080 1081 default: 1082 /* Key is declared with a lifetime not known to us */ 1083 (void)status; 1084 (void)key_buffer; 1085 (void)key_buffer_size; 1086 (void)alg; 1087 (void)iv; 1088 (void)iv_length; 1089 (void)input; 1090 (void)input_length; 1091 (void)output; 1092 (void)output_size; 1093 (void)output_length; 1094 return( PSA_ERROR_INVALID_ARGUMENT ); 1095 } 1096} 1097 1098static inline psa_status_t psa_driver_wrapper_cipher_decrypt( 1099 const psa_key_attributes_t *attributes, 1100 const uint8_t *key_buffer, 1101 size_t key_buffer_size, 1102 psa_algorithm_t alg, 1103 const uint8_t *input, 1104 size_t input_length, 1105 uint8_t *output, 1106 size_t output_size, 1107 size_t *output_length ) 1108{ 1109 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 1110 psa_key_location_t location = 1111 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); 1112 1113 switch( location ) 1114 { 1115 case PSA_KEY_LOCATION_LOCAL_STORAGE: 1116 /* Key is stored in the slot in export representation, so 1117 * cycle through all known transparent accelerators */ 1118#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 1119#if defined(PSA_CRYPTO_DRIVER_TEST) 1120 status = mbedtls_test_transparent_cipher_decrypt( attributes, 1121 key_buffer, 1122 key_buffer_size, 1123 alg, 1124 input, 1125 input_length, 1126 output, 1127 output_size, 1128 output_length ); 1129 /* Declared with fallback == true */ 1130 if( status != PSA_ERROR_NOT_SUPPORTED ) 1131 return( status ); 1132#endif /* PSA_CRYPTO_DRIVER_TEST */ 1133#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 1134 1135#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) 1136 return( mbedtls_psa_cipher_decrypt( attributes, 1137 key_buffer, 1138 key_buffer_size, 1139 alg, 1140 input, 1141 input_length, 1142 output, 1143 output_size, 1144 output_length ) ); 1145#else 1146 return( PSA_ERROR_NOT_SUPPORTED ); 1147#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */ 1148 1149 /* Add cases for opaque driver here */ 1150#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 1151#if defined(PSA_CRYPTO_DRIVER_TEST) 1152 case PSA_CRYPTO_TEST_DRIVER_LOCATION: 1153 return( mbedtls_test_opaque_cipher_decrypt( attributes, 1154 key_buffer, 1155 key_buffer_size, 1156 alg, 1157 input, 1158 input_length, 1159 output, 1160 output_size, 1161 output_length ) ); 1162#endif /* PSA_CRYPTO_DRIVER_TEST */ 1163#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 1164 1165 default: 1166 /* Key is declared with a lifetime not known to us */ 1167 (void)status; 1168 (void)key_buffer; 1169 (void)key_buffer_size; 1170 (void)alg; 1171 (void)input; 1172 (void)input_length; 1173 (void)output; 1174 (void)output_size; 1175 (void)output_length; 1176 return( PSA_ERROR_INVALID_ARGUMENT ); 1177 } 1178} 1179 1180static inline psa_status_t psa_driver_wrapper_cipher_encrypt_setup( 1181 psa_cipher_operation_t *operation, 1182 const psa_key_attributes_t *attributes, 1183 const uint8_t *key_buffer, size_t key_buffer_size, 1184 psa_algorithm_t alg ) 1185{ 1186 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 1187 psa_key_location_t location = 1188 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); 1189 1190 switch( location ) 1191 { 1192 case PSA_KEY_LOCATION_LOCAL_STORAGE: 1193 /* Key is stored in the slot in export representation, so 1194 * cycle through all known transparent accelerators */ 1195#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 1196#if defined(PSA_CRYPTO_DRIVER_TEST) 1197 status = mbedtls_test_transparent_cipher_encrypt_setup( 1198 &operation->ctx.transparent_test_driver_ctx, 1199 attributes, 1200 key_buffer, 1201 key_buffer_size, 1202 alg ); 1203 /* Declared with fallback == true */ 1204 if( status == PSA_SUCCESS ) 1205 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID; 1206 1207 if( status != PSA_ERROR_NOT_SUPPORTED ) 1208 return( status ); 1209#endif /* PSA_CRYPTO_DRIVER_TEST */ 1210#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 1211#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) 1212 /* Fell through, meaning no accelerator supports this operation */ 1213 status = mbedtls_psa_cipher_encrypt_setup( &operation->ctx.mbedtls_ctx, 1214 attributes, 1215 key_buffer, 1216 key_buffer_size, 1217 alg ); 1218 if( status == PSA_SUCCESS ) 1219 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; 1220 1221 if( status != PSA_ERROR_NOT_SUPPORTED ) 1222 return( status ); 1223#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */ 1224 return( PSA_ERROR_NOT_SUPPORTED ); 1225 1226 /* Add cases for opaque driver here */ 1227#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 1228#if defined(PSA_CRYPTO_DRIVER_TEST) 1229 case PSA_CRYPTO_TEST_DRIVER_LOCATION: 1230 status = mbedtls_test_opaque_cipher_encrypt_setup( 1231 &operation->ctx.opaque_test_driver_ctx, 1232 attributes, 1233 key_buffer, key_buffer_size, 1234 alg ); 1235 1236 if( status == PSA_SUCCESS ) 1237 operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID; 1238 1239 return( status ); 1240#endif /* PSA_CRYPTO_DRIVER_TEST */ 1241#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 1242 default: 1243 /* Key is declared with a lifetime not known to us */ 1244 (void)status; 1245 (void)operation; 1246 (void)key_buffer; 1247 (void)key_buffer_size; 1248 (void)alg; 1249 return( PSA_ERROR_INVALID_ARGUMENT ); 1250 } 1251} 1252 1253static inline psa_status_t psa_driver_wrapper_cipher_decrypt_setup( 1254 psa_cipher_operation_t *operation, 1255 const psa_key_attributes_t *attributes, 1256 const uint8_t *key_buffer, size_t key_buffer_size, 1257 psa_algorithm_t alg ) 1258{ 1259 psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; 1260 psa_key_location_t location = 1261 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); 1262 1263 switch( location ) 1264 { 1265 case PSA_KEY_LOCATION_LOCAL_STORAGE: 1266 /* Key is stored in the slot in export representation, so 1267 * cycle through all known transparent accelerators */ 1268#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 1269#if defined(PSA_CRYPTO_DRIVER_TEST) 1270 status = mbedtls_test_transparent_cipher_decrypt_setup( 1271 &operation->ctx.transparent_test_driver_ctx, 1272 attributes, 1273 key_buffer, 1274 key_buffer_size, 1275 alg ); 1276 /* Declared with fallback == true */ 1277 if( status == PSA_SUCCESS ) 1278 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID; 1279 1280 if( status != PSA_ERROR_NOT_SUPPORTED ) 1281 return( status ); 1282#endif /* PSA_CRYPTO_DRIVER_TEST */ 1283#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 1284#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) 1285 /* Fell through, meaning no accelerator supports this operation */ 1286 status = mbedtls_psa_cipher_decrypt_setup( &operation->ctx.mbedtls_ctx, 1287 attributes, 1288 key_buffer, 1289 key_buffer_size, 1290 alg ); 1291 if( status == PSA_SUCCESS ) 1292 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; 1293 1294 return( status ); 1295#else /* MBEDTLS_PSA_BUILTIN_CIPHER */ 1296 return( PSA_ERROR_NOT_SUPPORTED ); 1297#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */ 1298 1299 /* Add cases for opaque driver here */ 1300#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 1301#if defined(PSA_CRYPTO_DRIVER_TEST) 1302 case PSA_CRYPTO_TEST_DRIVER_LOCATION: 1303 status = mbedtls_test_opaque_cipher_decrypt_setup( 1304 &operation->ctx.opaque_test_driver_ctx, 1305 attributes, 1306 key_buffer, key_buffer_size, 1307 alg ); 1308 1309 if( status == PSA_SUCCESS ) 1310 operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID; 1311 1312 return( status ); 1313#endif /* PSA_CRYPTO_DRIVER_TEST */ 1314#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 1315 default: 1316 /* Key is declared with a lifetime not known to us */ 1317 (void)status; 1318 (void)operation; 1319 (void)key_buffer; 1320 (void)key_buffer_size; 1321 (void)alg; 1322 return( PSA_ERROR_INVALID_ARGUMENT ); 1323 } 1324} 1325 1326static inline psa_status_t psa_driver_wrapper_cipher_set_iv( 1327 psa_cipher_operation_t *operation, 1328 const uint8_t *iv, 1329 size_t iv_length ) 1330{ 1331 switch( operation->id ) 1332 { 1333#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) 1334 case PSA_CRYPTO_MBED_TLS_DRIVER_ID: 1335 return( mbedtls_psa_cipher_set_iv( &operation->ctx.mbedtls_ctx, 1336 iv, 1337 iv_length ) ); 1338#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */ 1339 1340#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 1341#if defined(PSA_CRYPTO_DRIVER_TEST) 1342 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: 1343 return( mbedtls_test_transparent_cipher_set_iv( 1344 &operation->ctx.transparent_test_driver_ctx, 1345 iv, iv_length ) ); 1346 1347 case MBEDTLS_TEST_OPAQUE_DRIVER_ID: 1348 return( mbedtls_test_opaque_cipher_set_iv( 1349 &operation->ctx.opaque_test_driver_ctx, 1350 iv, iv_length ) ); 1351#endif /* PSA_CRYPTO_DRIVER_TEST */ 1352#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 1353 } 1354 1355 (void)iv; 1356 (void)iv_length; 1357 1358 return( PSA_ERROR_INVALID_ARGUMENT ); 1359} 1360 1361static inline psa_status_t psa_driver_wrapper_cipher_update( 1362 psa_cipher_operation_t *operation, 1363 const uint8_t *input, 1364 size_t input_length, 1365 uint8_t *output, 1366 size_t output_size, 1367 size_t *output_length ) 1368{ 1369 switch( operation->id ) 1370 { 1371#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) 1372 case PSA_CRYPTO_MBED_TLS_DRIVER_ID: 1373 return( mbedtls_psa_cipher_update( &operation->ctx.mbedtls_ctx, 1374 input, 1375 input_length, 1376 output, 1377 output_size, 1378 output_length ) ); 1379#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */ 1380 1381#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 1382#if defined(PSA_CRYPTO_DRIVER_TEST) 1383 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: 1384 return( mbedtls_test_transparent_cipher_update( 1385 &operation->ctx.transparent_test_driver_ctx, 1386 input, input_length, 1387 output, output_size, output_length ) ); 1388 1389 case MBEDTLS_TEST_OPAQUE_DRIVER_ID: 1390 return( mbedtls_test_opaque_cipher_update( 1391 &operation->ctx.opaque_test_driver_ctx, 1392 input, input_length, 1393 output, output_size, output_length ) ); 1394#endif /* PSA_CRYPTO_DRIVER_TEST */ 1395#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 1396 } 1397 1398 (void)input; 1399 (void)input_length; 1400 (void)output; 1401 (void)output_size; 1402 (void)output_length; 1403 1404 return( PSA_ERROR_INVALID_ARGUMENT ); 1405} 1406 1407static inline psa_status_t psa_driver_wrapper_cipher_finish( 1408 psa_cipher_operation_t *operation, 1409 uint8_t *output, 1410 size_t output_size, 1411 size_t *output_length ) 1412{ 1413 switch( operation->id ) 1414 { 1415#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) 1416 case PSA_CRYPTO_MBED_TLS_DRIVER_ID: 1417 return( mbedtls_psa_cipher_finish( &operation->ctx.mbedtls_ctx, 1418 output, 1419 output_size, 1420 output_length ) ); 1421#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */ 1422 1423#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 1424#if defined(PSA_CRYPTO_DRIVER_TEST) 1425 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: 1426 return( mbedtls_test_transparent_cipher_finish( 1427 &operation->ctx.transparent_test_driver_ctx, 1428 output, output_size, output_length ) ); 1429 1430 case MBEDTLS_TEST_OPAQUE_DRIVER_ID: 1431 return( mbedtls_test_opaque_cipher_finish( 1432 &operation->ctx.opaque_test_driver_ctx, 1433 output, output_size, output_length ) ); 1434#endif /* PSA_CRYPTO_DRIVER_TEST */ 1435#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 1436 } 1437 1438 (void)output; 1439 (void)output_size; 1440 (void)output_length; 1441 1442 return( PSA_ERROR_INVALID_ARGUMENT ); 1443} 1444 1445static inline psa_status_t psa_driver_wrapper_cipher_abort( 1446 psa_cipher_operation_t *operation ) 1447{ 1448 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 1449 1450 switch( operation->id ) 1451 { 1452#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) 1453 case PSA_CRYPTO_MBED_TLS_DRIVER_ID: 1454 return( mbedtls_psa_cipher_abort( &operation->ctx.mbedtls_ctx ) ); 1455#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */ 1456 1457#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 1458#if defined(PSA_CRYPTO_DRIVER_TEST) 1459 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: 1460 status = mbedtls_test_transparent_cipher_abort( 1461 &operation->ctx.transparent_test_driver_ctx ); 1462 mbedtls_platform_zeroize( 1463 &operation->ctx.transparent_test_driver_ctx, 1464 sizeof( operation->ctx.transparent_test_driver_ctx ) ); 1465 return( status ); 1466 1467 case MBEDTLS_TEST_OPAQUE_DRIVER_ID: 1468 status = mbedtls_test_opaque_cipher_abort( 1469 &operation->ctx.opaque_test_driver_ctx ); 1470 mbedtls_platform_zeroize( 1471 &operation->ctx.opaque_test_driver_ctx, 1472 sizeof( operation->ctx.opaque_test_driver_ctx ) ); 1473 return( status ); 1474#endif /* PSA_CRYPTO_DRIVER_TEST */ 1475#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 1476 } 1477 1478 (void)status; 1479 return( PSA_ERROR_INVALID_ARGUMENT ); 1480} 1481 1482/* 1483 * Hashing functions 1484 */ 1485static inline psa_status_t psa_driver_wrapper_hash_compute( 1486 psa_algorithm_t alg, 1487 const uint8_t *input, 1488 size_t input_length, 1489 uint8_t *hash, 1490 size_t hash_size, 1491 size_t *hash_length) 1492{ 1493 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 1494 1495 /* Try accelerators first */ 1496#if defined(PSA_CRYPTO_DRIVER_TEST) 1497 status = mbedtls_test_transparent_hash_compute( 1498 alg, input, input_length, hash, hash_size, hash_length ); 1499 if( status != PSA_ERROR_NOT_SUPPORTED ) 1500 return( status ); 1501#endif 1502 1503 /* If software fallback is compiled in, try fallback */ 1504#if defined(MBEDTLS_PSA_BUILTIN_HASH) 1505 status = mbedtls_psa_hash_compute( alg, input, input_length, 1506 hash, hash_size, hash_length ); 1507 if( status != PSA_ERROR_NOT_SUPPORTED ) 1508 return( status ); 1509#endif 1510 (void) status; 1511 (void) alg; 1512 (void) input; 1513 (void) input_length; 1514 (void) hash; 1515 (void) hash_size; 1516 (void) hash_length; 1517 1518 return( PSA_ERROR_NOT_SUPPORTED ); 1519} 1520 1521static inline psa_status_t psa_driver_wrapper_hash_setup( 1522 psa_hash_operation_t *operation, 1523 psa_algorithm_t alg ) 1524{ 1525 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 1526 1527 /* Try setup on accelerators first */ 1528#if defined(PSA_CRYPTO_DRIVER_TEST) 1529 status = mbedtls_test_transparent_hash_setup( 1530 &operation->ctx.test_driver_ctx, alg ); 1531 if( status == PSA_SUCCESS ) 1532 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID; 1533 1534 if( status != PSA_ERROR_NOT_SUPPORTED ) 1535 return( status ); 1536#endif 1537 1538 /* If software fallback is compiled in, try fallback */ 1539#if defined(MBEDTLS_PSA_BUILTIN_HASH) 1540 status = mbedtls_psa_hash_setup( &operation->ctx.mbedtls_ctx, alg ); 1541 if( status == PSA_SUCCESS ) 1542 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; 1543 1544 if( status != PSA_ERROR_NOT_SUPPORTED ) 1545 return( status ); 1546#endif 1547 /* Nothing left to try if we fall through here */ 1548 (void) status; 1549 (void) operation; 1550 (void) alg; 1551 return( PSA_ERROR_NOT_SUPPORTED ); 1552} 1553 1554static inline psa_status_t psa_driver_wrapper_hash_clone( 1555 const psa_hash_operation_t *source_operation, 1556 psa_hash_operation_t *target_operation ) 1557{ 1558 switch( source_operation->id ) 1559 { 1560#if defined(MBEDTLS_PSA_BUILTIN_HASH) 1561 case PSA_CRYPTO_MBED_TLS_DRIVER_ID: 1562 target_operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; 1563 return( mbedtls_psa_hash_clone( &source_operation->ctx.mbedtls_ctx, 1564 &target_operation->ctx.mbedtls_ctx ) ); 1565#endif 1566#if defined(PSA_CRYPTO_DRIVER_TEST) 1567 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: 1568 target_operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID; 1569 return( mbedtls_test_transparent_hash_clone( 1570 &source_operation->ctx.test_driver_ctx, 1571 &target_operation->ctx.test_driver_ctx ) ); 1572#endif 1573 default: 1574 (void) target_operation; 1575 return( PSA_ERROR_BAD_STATE ); 1576 } 1577} 1578 1579static inline psa_status_t psa_driver_wrapper_hash_update( 1580 psa_hash_operation_t *operation, 1581 const uint8_t *input, 1582 size_t input_length ) 1583{ 1584 switch( operation->id ) 1585 { 1586#if defined(MBEDTLS_PSA_BUILTIN_HASH) 1587 case PSA_CRYPTO_MBED_TLS_DRIVER_ID: 1588 return( mbedtls_psa_hash_update( &operation->ctx.mbedtls_ctx, 1589 input, input_length ) ); 1590#endif 1591#if defined(PSA_CRYPTO_DRIVER_TEST) 1592 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: 1593 return( mbedtls_test_transparent_hash_update( 1594 &operation->ctx.test_driver_ctx, 1595 input, input_length ) ); 1596#endif 1597 default: 1598 (void) input; 1599 (void) input_length; 1600 return( PSA_ERROR_BAD_STATE ); 1601 } 1602} 1603 1604static inline psa_status_t psa_driver_wrapper_hash_finish( 1605 psa_hash_operation_t *operation, 1606 uint8_t *hash, 1607 size_t hash_size, 1608 size_t *hash_length ) 1609{ 1610 switch( operation->id ) 1611 { 1612#if defined(MBEDTLS_PSA_BUILTIN_HASH) 1613 case PSA_CRYPTO_MBED_TLS_DRIVER_ID: 1614 return( mbedtls_psa_hash_finish( &operation->ctx.mbedtls_ctx, 1615 hash, hash_size, hash_length ) ); 1616#endif 1617#if defined(PSA_CRYPTO_DRIVER_TEST) 1618 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: 1619 return( mbedtls_test_transparent_hash_finish( 1620 &operation->ctx.test_driver_ctx, 1621 hash, hash_size, hash_length ) ); 1622#endif 1623 default: 1624 (void) hash; 1625 (void) hash_size; 1626 (void) hash_length; 1627 return( PSA_ERROR_BAD_STATE ); 1628 } 1629} 1630 1631static inline psa_status_t psa_driver_wrapper_hash_abort( 1632 psa_hash_operation_t *operation ) 1633{ 1634 switch( operation->id ) 1635 { 1636#if defined(MBEDTLS_PSA_BUILTIN_HASH) 1637 case PSA_CRYPTO_MBED_TLS_DRIVER_ID: 1638 return( mbedtls_psa_hash_abort( &operation->ctx.mbedtls_ctx ) ); 1639#endif 1640#if defined(PSA_CRYPTO_DRIVER_TEST) 1641 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: 1642 return( mbedtls_test_transparent_hash_abort( 1643 &operation->ctx.test_driver_ctx ) ); 1644#endif 1645 default: 1646 return( PSA_ERROR_BAD_STATE ); 1647 } 1648} 1649 1650static inline psa_status_t psa_driver_wrapper_aead_encrypt( 1651 const psa_key_attributes_t *attributes, 1652 const uint8_t *key_buffer, size_t key_buffer_size, 1653 psa_algorithm_t alg, 1654 const uint8_t *nonce, size_t nonce_length, 1655 const uint8_t *additional_data, size_t additional_data_length, 1656 const uint8_t *plaintext, size_t plaintext_length, 1657 uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length ) 1658{ 1659 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 1660 psa_key_location_t location = 1661 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); 1662 1663 switch( location ) 1664 { 1665 case PSA_KEY_LOCATION_LOCAL_STORAGE: 1666 /* Key is stored in the slot in export representation, so 1667 * cycle through all known transparent accelerators */ 1668 1669#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 1670#if defined(PSA_CRYPTO_DRIVER_TEST) 1671 status = mbedtls_test_transparent_aead_encrypt( 1672 attributes, key_buffer, key_buffer_size, 1673 alg, 1674 nonce, nonce_length, 1675 additional_data, additional_data_length, 1676 plaintext, plaintext_length, 1677 ciphertext, ciphertext_size, ciphertext_length ); 1678 /* Declared with fallback == true */ 1679 if( status != PSA_ERROR_NOT_SUPPORTED ) 1680 return( status ); 1681#endif /* PSA_CRYPTO_DRIVER_TEST */ 1682#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 1683 1684 /* Fell through, meaning no accelerator supports this operation */ 1685 return( mbedtls_psa_aead_encrypt( 1686 attributes, key_buffer, key_buffer_size, 1687 alg, 1688 nonce, nonce_length, 1689 additional_data, additional_data_length, 1690 plaintext, plaintext_length, 1691 ciphertext, ciphertext_size, ciphertext_length ) ); 1692 1693 /* Add cases for opaque driver here */ 1694 1695 default: 1696 /* Key is declared with a lifetime not known to us */ 1697 (void)status; 1698 return( PSA_ERROR_INVALID_ARGUMENT ); 1699 } 1700} 1701 1702static inline psa_status_t psa_driver_wrapper_aead_decrypt( 1703 const psa_key_attributes_t *attributes, 1704 const uint8_t *key_buffer, size_t key_buffer_size, 1705 psa_algorithm_t alg, 1706 const uint8_t *nonce, size_t nonce_length, 1707 const uint8_t *additional_data, size_t additional_data_length, 1708 const uint8_t *ciphertext, size_t ciphertext_length, 1709 uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length ) 1710{ 1711 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 1712 psa_key_location_t location = 1713 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); 1714 1715 switch( location ) 1716 { 1717 case PSA_KEY_LOCATION_LOCAL_STORAGE: 1718 /* Key is stored in the slot in export representation, so 1719 * cycle through all known transparent accelerators */ 1720 1721#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 1722#if defined(PSA_CRYPTO_DRIVER_TEST) 1723 status = mbedtls_test_transparent_aead_decrypt( 1724 attributes, key_buffer, key_buffer_size, 1725 alg, 1726 nonce, nonce_length, 1727 additional_data, additional_data_length, 1728 ciphertext, ciphertext_length, 1729 plaintext, plaintext_size, plaintext_length ); 1730 /* Declared with fallback == true */ 1731 if( status != PSA_ERROR_NOT_SUPPORTED ) 1732 return( status ); 1733#endif /* PSA_CRYPTO_DRIVER_TEST */ 1734#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 1735 1736 /* Fell through, meaning no accelerator supports this operation */ 1737 return( mbedtls_psa_aead_decrypt( 1738 attributes, key_buffer, key_buffer_size, 1739 alg, 1740 nonce, nonce_length, 1741 additional_data, additional_data_length, 1742 ciphertext, ciphertext_length, 1743 plaintext, plaintext_size, plaintext_length ) ); 1744 1745 /* Add cases for opaque driver here */ 1746 1747 default: 1748 /* Key is declared with a lifetime not known to us */ 1749 (void)status; 1750 return( PSA_ERROR_INVALID_ARGUMENT ); 1751 } 1752} 1753 1754static inline psa_status_t psa_driver_wrapper_aead_encrypt_setup( 1755 psa_aead_operation_t *operation, 1756 const psa_key_attributes_t *attributes, 1757 const uint8_t *key_buffer, size_t key_buffer_size, 1758 psa_algorithm_t alg ) 1759{ 1760 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 1761 psa_key_location_t location = 1762 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); 1763 1764 switch( location ) 1765 { 1766 case PSA_KEY_LOCATION_LOCAL_STORAGE: 1767 /* Key is stored in the slot in export representation, so 1768 * cycle through all known transparent accelerators */ 1769 1770#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 1771#if defined(PSA_CRYPTO_DRIVER_TEST) 1772 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID; 1773 status = mbedtls_test_transparent_aead_encrypt_setup( 1774 &operation->ctx.transparent_test_driver_ctx, 1775 attributes, key_buffer, key_buffer_size, 1776 alg ); 1777 1778 /* Declared with fallback == true */ 1779 if( status != PSA_ERROR_NOT_SUPPORTED ) 1780 return( status ); 1781#endif /* PSA_CRYPTO_DRIVER_TEST */ 1782#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 1783 1784 /* Fell through, meaning no accelerator supports this operation */ 1785 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; 1786 status = mbedtls_psa_aead_encrypt_setup( 1787 &operation->ctx.mbedtls_ctx, attributes, 1788 key_buffer, key_buffer_size, 1789 alg ); 1790 1791 return( status ); 1792 1793 /* Add cases for opaque driver here */ 1794 1795 default: 1796 /* Key is declared with a lifetime not known to us */ 1797 (void)status; 1798 return( PSA_ERROR_INVALID_ARGUMENT ); 1799 } 1800} 1801 1802static inline psa_status_t psa_driver_wrapper_aead_decrypt_setup( 1803 psa_aead_operation_t *operation, 1804 const psa_key_attributes_t *attributes, 1805 const uint8_t *key_buffer, size_t key_buffer_size, 1806 psa_algorithm_t alg ) 1807{ 1808 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 1809 psa_key_location_t location = 1810 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); 1811 1812 switch( location ) 1813 { 1814 case PSA_KEY_LOCATION_LOCAL_STORAGE: 1815 /* Key is stored in the slot in export representation, so 1816 * cycle through all known transparent accelerators */ 1817 1818#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 1819#if defined(PSA_CRYPTO_DRIVER_TEST) 1820 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID; 1821 status = mbedtls_test_transparent_aead_decrypt_setup( 1822 &operation->ctx.transparent_test_driver_ctx, 1823 attributes, 1824 key_buffer, key_buffer_size, 1825 alg ); 1826 1827 /* Declared with fallback == true */ 1828 if( status != PSA_ERROR_NOT_SUPPORTED ) 1829 return( status ); 1830#endif /* PSA_CRYPTO_DRIVER_TEST */ 1831#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 1832 1833 /* Fell through, meaning no accelerator supports this operation */ 1834 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; 1835 status = mbedtls_psa_aead_decrypt_setup( 1836 &operation->ctx.mbedtls_ctx, 1837 attributes, 1838 key_buffer, key_buffer_size, 1839 alg ); 1840 1841 return( status ); 1842 1843 /* Add cases for opaque driver here */ 1844 1845 default: 1846 /* Key is declared with a lifetime not known to us */ 1847 (void)status; 1848 return( PSA_ERROR_INVALID_ARGUMENT ); 1849 } 1850} 1851 1852static inline psa_status_t psa_driver_wrapper_aead_set_nonce( 1853 psa_aead_operation_t *operation, 1854 const uint8_t *nonce, 1855 size_t nonce_length ) 1856{ 1857 switch( operation->id ) 1858 { 1859#if defined(MBEDTLS_PSA_BUILTIN_AEAD) 1860 case PSA_CRYPTO_MBED_TLS_DRIVER_ID: 1861 return( mbedtls_psa_aead_set_nonce( &operation->ctx.mbedtls_ctx, 1862 nonce, 1863 nonce_length ) ); 1864 1865#endif /* MBEDTLS_PSA_BUILTIN_AEAD */ 1866 1867#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 1868#if defined(PSA_CRYPTO_DRIVER_TEST) 1869 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: 1870 return( mbedtls_test_transparent_aead_set_nonce( 1871 &operation->ctx.transparent_test_driver_ctx, 1872 nonce, nonce_length ) ); 1873 1874 /* Add cases for opaque driver here */ 1875 1876#endif /* PSA_CRYPTO_DRIVER_TEST */ 1877#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 1878 } 1879 1880 (void)nonce; 1881 (void)nonce_length; 1882 1883 return( PSA_ERROR_INVALID_ARGUMENT ); 1884} 1885 1886static inline psa_status_t psa_driver_wrapper_aead_set_lengths( 1887 psa_aead_operation_t *operation, 1888 size_t ad_length, 1889 size_t plaintext_length ) 1890{ 1891 switch( operation->id ) 1892 { 1893#if defined(MBEDTLS_PSA_BUILTIN_AEAD) 1894 case PSA_CRYPTO_MBED_TLS_DRIVER_ID: 1895 return( mbedtls_psa_aead_set_lengths( &operation->ctx.mbedtls_ctx, 1896 ad_length, 1897 plaintext_length ) ); 1898 1899#endif /* MBEDTLS_PSA_BUILTIN_AEAD */ 1900 1901#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 1902#if defined(PSA_CRYPTO_DRIVER_TEST) 1903 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: 1904 return( mbedtls_test_transparent_aead_set_lengths( 1905 &operation->ctx.transparent_test_driver_ctx, 1906 ad_length, plaintext_length ) ); 1907 1908 /* Add cases for opaque driver here */ 1909 1910#endif /* PSA_CRYPTO_DRIVER_TEST */ 1911#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 1912 } 1913 1914 (void)ad_length; 1915 (void)plaintext_length; 1916 1917 return( PSA_ERROR_INVALID_ARGUMENT ); 1918} 1919 1920static inline psa_status_t psa_driver_wrapper_aead_update_ad( 1921 psa_aead_operation_t *operation, 1922 const uint8_t *input, 1923 size_t input_length ) 1924{ 1925 switch( operation->id ) 1926 { 1927#if defined(MBEDTLS_PSA_BUILTIN_AEAD) 1928 case PSA_CRYPTO_MBED_TLS_DRIVER_ID: 1929 return( mbedtls_psa_aead_update_ad( &operation->ctx.mbedtls_ctx, 1930 input, 1931 input_length ) ); 1932 1933#endif /* MBEDTLS_PSA_BUILTIN_AEAD */ 1934 1935#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 1936#if defined(PSA_CRYPTO_DRIVER_TEST) 1937 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: 1938 return( mbedtls_test_transparent_aead_update_ad( 1939 &operation->ctx.transparent_test_driver_ctx, 1940 input, input_length ) ); 1941 1942 /* Add cases for opaque driver here */ 1943 1944#endif /* PSA_CRYPTO_DRIVER_TEST */ 1945#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 1946 } 1947 1948 (void)input; 1949 (void)input_length; 1950 1951 return( PSA_ERROR_INVALID_ARGUMENT ); 1952} 1953 1954static inline psa_status_t psa_driver_wrapper_aead_update( 1955 psa_aead_operation_t *operation, 1956 const uint8_t *input, 1957 size_t input_length, 1958 uint8_t *output, 1959 size_t output_size, 1960 size_t *output_length ) 1961{ 1962 switch( operation->id ) 1963 { 1964#if defined(MBEDTLS_PSA_BUILTIN_AEAD) 1965 case PSA_CRYPTO_MBED_TLS_DRIVER_ID: 1966 return( mbedtls_psa_aead_update( &operation->ctx.mbedtls_ctx, 1967 input, input_length, 1968 output, output_size, 1969 output_length ) ); 1970 1971#endif /* MBEDTLS_PSA_BUILTIN_AEAD */ 1972 1973#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 1974#if defined(PSA_CRYPTO_DRIVER_TEST) 1975 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: 1976 return( mbedtls_test_transparent_aead_update( 1977 &operation->ctx.transparent_test_driver_ctx, 1978 input, input_length, output, output_size, 1979 output_length ) ); 1980 1981 /* Add cases for opaque driver here */ 1982 1983#endif /* PSA_CRYPTO_DRIVER_TEST */ 1984#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 1985 } 1986 1987 (void)input; 1988 (void)input_length; 1989 (void)output; 1990 (void)output_size; 1991 (void)output_length; 1992 1993 return( PSA_ERROR_INVALID_ARGUMENT ); 1994} 1995 1996static inline psa_status_t psa_driver_wrapper_aead_finish( 1997 psa_aead_operation_t *operation, 1998 uint8_t *ciphertext, 1999 size_t ciphertext_size, 2000 size_t *ciphertext_length, 2001 uint8_t *tag, 2002 size_t tag_size, 2003 size_t *tag_length ) 2004{ 2005 switch( operation->id ) 2006 { 2007#if defined(MBEDTLS_PSA_BUILTIN_AEAD) 2008 case PSA_CRYPTO_MBED_TLS_DRIVER_ID: 2009 return( mbedtls_psa_aead_finish( &operation->ctx.mbedtls_ctx, 2010 ciphertext, 2011 ciphertext_size, 2012 ciphertext_length, tag, 2013 tag_size, tag_length ) ); 2014 2015#endif /* MBEDTLS_PSA_BUILTIN_AEAD */ 2016 2017#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 2018#if defined(PSA_CRYPTO_DRIVER_TEST) 2019 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: 2020 return( mbedtls_test_transparent_aead_finish( 2021 &operation->ctx.transparent_test_driver_ctx, 2022 ciphertext, ciphertext_size, 2023 ciphertext_length, tag, tag_size, tag_length ) ); 2024 2025 /* Add cases for opaque driver here */ 2026 2027#endif /* PSA_CRYPTO_DRIVER_TEST */ 2028#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 2029 } 2030 2031 (void)ciphertext; 2032 (void)ciphertext_size; 2033 (void)ciphertext_length; 2034 (void)tag; 2035 (void)tag_size; 2036 (void)tag_length; 2037 2038 return( PSA_ERROR_INVALID_ARGUMENT ); 2039} 2040 2041static inline psa_status_t psa_driver_wrapper_aead_verify( 2042 psa_aead_operation_t *operation, 2043 uint8_t *plaintext, 2044 size_t plaintext_size, 2045 size_t *plaintext_length, 2046 const uint8_t *tag, 2047 size_t tag_length ) 2048{ 2049 switch( operation->id ) 2050 { 2051#if defined(MBEDTLS_PSA_BUILTIN_AEAD) 2052 case PSA_CRYPTO_MBED_TLS_DRIVER_ID: 2053 { 2054 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 2055 uint8_t check_tag[PSA_AEAD_TAG_MAX_SIZE]; 2056 size_t check_tag_length; 2057 2058 status = mbedtls_psa_aead_finish( &operation->ctx.mbedtls_ctx, 2059 plaintext, 2060 plaintext_size, 2061 plaintext_length, 2062 check_tag, 2063 sizeof( check_tag ), 2064 &check_tag_length ); 2065 2066 if( status == PSA_SUCCESS ) 2067 { 2068 if( tag_length != check_tag_length || 2069 mbedtls_ct_memcmp( tag, check_tag, tag_length ) 2070 != 0 ) 2071 status = PSA_ERROR_INVALID_SIGNATURE; 2072 } 2073 2074 mbedtls_platform_zeroize( check_tag, sizeof( check_tag ) ); 2075 2076 return( status ); 2077 } 2078 2079#endif /* MBEDTLS_PSA_BUILTIN_AEAD */ 2080 2081#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 2082#if defined(PSA_CRYPTO_DRIVER_TEST) 2083 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: 2084 return( mbedtls_test_transparent_aead_verify( 2085 &operation->ctx.transparent_test_driver_ctx, 2086 plaintext, plaintext_size, 2087 plaintext_length, tag, tag_length ) ); 2088 2089 /* Add cases for opaque driver here */ 2090 2091#endif /* PSA_CRYPTO_DRIVER_TEST */ 2092#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 2093 } 2094 2095 (void)plaintext; 2096 (void)plaintext_size; 2097 (void)plaintext_length; 2098 (void)tag; 2099 (void)tag_length; 2100 2101 return( PSA_ERROR_INVALID_ARGUMENT ); 2102} 2103 2104static inline psa_status_t psa_driver_wrapper_aead_abort( 2105 psa_aead_operation_t *operation ) 2106{ 2107 switch( operation->id ) 2108 { 2109#if defined(MBEDTLS_PSA_BUILTIN_AEAD) 2110 case PSA_CRYPTO_MBED_TLS_DRIVER_ID: 2111 return( mbedtls_psa_aead_abort( &operation->ctx.mbedtls_ctx ) ); 2112 2113#endif /* MBEDTLS_PSA_BUILTIN_AEAD */ 2114 2115#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 2116#if defined(PSA_CRYPTO_DRIVER_TEST) 2117 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: 2118 return( mbedtls_test_transparent_aead_abort( 2119 &operation->ctx.transparent_test_driver_ctx ) ); 2120 2121 /* Add cases for opaque driver here */ 2122 2123#endif /* PSA_CRYPTO_DRIVER_TEST */ 2124#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 2125 } 2126 2127 return( PSA_ERROR_INVALID_ARGUMENT ); 2128} 2129 2130/* 2131 * MAC functions 2132 */ 2133static inline psa_status_t psa_driver_wrapper_mac_compute( 2134 const psa_key_attributes_t *attributes, 2135 const uint8_t *key_buffer, 2136 size_t key_buffer_size, 2137 psa_algorithm_t alg, 2138 const uint8_t *input, 2139 size_t input_length, 2140 uint8_t *mac, 2141 size_t mac_size, 2142 size_t *mac_length ) 2143{ 2144 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 2145 psa_key_location_t location = 2146 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); 2147 2148 switch( location ) 2149 { 2150 case PSA_KEY_LOCATION_LOCAL_STORAGE: 2151 /* Key is stored in the slot in export representation, so 2152 * cycle through all known transparent accelerators */ 2153#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 2154#if defined(PSA_CRYPTO_DRIVER_TEST) 2155 status = mbedtls_test_transparent_mac_compute( 2156 attributes, key_buffer, key_buffer_size, alg, 2157 input, input_length, 2158 mac, mac_size, mac_length ); 2159 /* Declared with fallback == true */ 2160 if( status != PSA_ERROR_NOT_SUPPORTED ) 2161 return( status ); 2162#endif /* PSA_CRYPTO_DRIVER_TEST */ 2163#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 2164#if defined(MBEDTLS_PSA_BUILTIN_MAC) 2165 /* Fell through, meaning no accelerator supports this operation */ 2166 status = mbedtls_psa_mac_compute( 2167 attributes, key_buffer, key_buffer_size, alg, 2168 input, input_length, 2169 mac, mac_size, mac_length ); 2170 if( status != PSA_ERROR_NOT_SUPPORTED ) 2171 return( status ); 2172#endif /* MBEDTLS_PSA_BUILTIN_MAC */ 2173 return( PSA_ERROR_NOT_SUPPORTED ); 2174 2175 /* Add cases for opaque driver here */ 2176#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 2177#if defined(PSA_CRYPTO_DRIVER_TEST) 2178 case PSA_CRYPTO_TEST_DRIVER_LOCATION: 2179 status = mbedtls_test_opaque_mac_compute( 2180 attributes, key_buffer, key_buffer_size, alg, 2181 input, input_length, 2182 mac, mac_size, mac_length ); 2183 return( status ); 2184#endif /* PSA_CRYPTO_DRIVER_TEST */ 2185#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 2186 default: 2187 /* Key is declared with a lifetime not known to us */ 2188 (void) key_buffer; 2189 (void) key_buffer_size; 2190 (void) alg; 2191 (void) input; 2192 (void) input_length; 2193 (void) mac; 2194 (void) mac_size; 2195 (void) mac_length; 2196 (void) status; 2197 return( PSA_ERROR_INVALID_ARGUMENT ); 2198 } 2199} 2200 2201static inline psa_status_t psa_driver_wrapper_mac_sign_setup( 2202 psa_mac_operation_t *operation, 2203 const psa_key_attributes_t *attributes, 2204 const uint8_t *key_buffer, 2205 size_t key_buffer_size, 2206 psa_algorithm_t alg ) 2207{ 2208 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 2209 psa_key_location_t location = 2210 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); 2211 2212 switch( location ) 2213 { 2214 case PSA_KEY_LOCATION_LOCAL_STORAGE: 2215 /* Key is stored in the slot in export representation, so 2216 * cycle through all known transparent accelerators */ 2217#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 2218#if defined(PSA_CRYPTO_DRIVER_TEST) 2219 status = mbedtls_test_transparent_mac_sign_setup( 2220 &operation->ctx.transparent_test_driver_ctx, 2221 attributes, 2222 key_buffer, key_buffer_size, 2223 alg ); 2224 /* Declared with fallback == true */ 2225 if( status == PSA_SUCCESS ) 2226 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID; 2227 2228 if( status != PSA_ERROR_NOT_SUPPORTED ) 2229 return( status ); 2230#endif /* PSA_CRYPTO_DRIVER_TEST */ 2231#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 2232#if defined(MBEDTLS_PSA_BUILTIN_MAC) 2233 /* Fell through, meaning no accelerator supports this operation */ 2234 status = mbedtls_psa_mac_sign_setup( &operation->ctx.mbedtls_ctx, 2235 attributes, 2236 key_buffer, key_buffer_size, 2237 alg ); 2238 if( status == PSA_SUCCESS ) 2239 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; 2240 2241 if( status != PSA_ERROR_NOT_SUPPORTED ) 2242 return( status ); 2243#endif /* MBEDTLS_PSA_BUILTIN_MAC */ 2244 return( PSA_ERROR_NOT_SUPPORTED ); 2245 2246 /* Add cases for opaque driver here */ 2247#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 2248#if defined(PSA_CRYPTO_DRIVER_TEST) 2249 case PSA_CRYPTO_TEST_DRIVER_LOCATION: 2250 status = mbedtls_test_opaque_mac_sign_setup( 2251 &operation->ctx.opaque_test_driver_ctx, 2252 attributes, 2253 key_buffer, key_buffer_size, 2254 alg ); 2255 2256 if( status == PSA_SUCCESS ) 2257 operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID; 2258 2259 return( status ); 2260#endif /* PSA_CRYPTO_DRIVER_TEST */ 2261#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 2262 default: 2263 /* Key is declared with a lifetime not known to us */ 2264 (void) status; 2265 (void) operation; 2266 (void) key_buffer; 2267 (void) key_buffer_size; 2268 (void) alg; 2269 return( PSA_ERROR_INVALID_ARGUMENT ); 2270 } 2271} 2272 2273static inline psa_status_t psa_driver_wrapper_mac_verify_setup( 2274 psa_mac_operation_t *operation, 2275 const psa_key_attributes_t *attributes, 2276 const uint8_t *key_buffer, 2277 size_t key_buffer_size, 2278 psa_algorithm_t alg ) 2279{ 2280 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 2281 psa_key_location_t location = 2282 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); 2283 2284 switch( location ) 2285 { 2286 case PSA_KEY_LOCATION_LOCAL_STORAGE: 2287 /* Key is stored in the slot in export representation, so 2288 * cycle through all known transparent accelerators */ 2289#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 2290#if defined(PSA_CRYPTO_DRIVER_TEST) 2291 status = mbedtls_test_transparent_mac_verify_setup( 2292 &operation->ctx.transparent_test_driver_ctx, 2293 attributes, 2294 key_buffer, key_buffer_size, 2295 alg ); 2296 /* Declared with fallback == true */ 2297 if( status == PSA_SUCCESS ) 2298 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID; 2299 2300 if( status != PSA_ERROR_NOT_SUPPORTED ) 2301 return( status ); 2302#endif /* PSA_CRYPTO_DRIVER_TEST */ 2303#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 2304#if defined(MBEDTLS_PSA_BUILTIN_MAC) 2305 /* Fell through, meaning no accelerator supports this operation */ 2306 status = mbedtls_psa_mac_verify_setup( &operation->ctx.mbedtls_ctx, 2307 attributes, 2308 key_buffer, key_buffer_size, 2309 alg ); 2310 if( status == PSA_SUCCESS ) 2311 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; 2312 2313 if( status != PSA_ERROR_NOT_SUPPORTED ) 2314 return( status ); 2315#endif /* MBEDTLS_PSA_BUILTIN_MAC */ 2316 return( PSA_ERROR_NOT_SUPPORTED ); 2317 2318 /* Add cases for opaque driver here */ 2319#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 2320#if defined(PSA_CRYPTO_DRIVER_TEST) 2321 case PSA_CRYPTO_TEST_DRIVER_LOCATION: 2322 status = mbedtls_test_opaque_mac_verify_setup( 2323 &operation->ctx.opaque_test_driver_ctx, 2324 attributes, 2325 key_buffer, key_buffer_size, 2326 alg ); 2327 2328 if( status == PSA_SUCCESS ) 2329 operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID; 2330 2331 return( status ); 2332#endif /* PSA_CRYPTO_DRIVER_TEST */ 2333#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 2334 default: 2335 /* Key is declared with a lifetime not known to us */ 2336 (void) status; 2337 (void) operation; 2338 (void) key_buffer; 2339 (void) key_buffer_size; 2340 (void) alg; 2341 return( PSA_ERROR_INVALID_ARGUMENT ); 2342 } 2343} 2344 2345static inline psa_status_t psa_driver_wrapper_mac_update( 2346 psa_mac_operation_t *operation, 2347 const uint8_t *input, 2348 size_t input_length ) 2349{ 2350 switch( operation->id ) 2351 { 2352#if defined(MBEDTLS_PSA_BUILTIN_MAC) 2353 case PSA_CRYPTO_MBED_TLS_DRIVER_ID: 2354 return( mbedtls_psa_mac_update( &operation->ctx.mbedtls_ctx, 2355 input, input_length ) ); 2356#endif /* MBEDTLS_PSA_BUILTIN_MAC */ 2357 2358#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 2359#if defined(PSA_CRYPTO_DRIVER_TEST) 2360 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: 2361 return( mbedtls_test_transparent_mac_update( 2362 &operation->ctx.transparent_test_driver_ctx, 2363 input, input_length ) ); 2364 2365 case MBEDTLS_TEST_OPAQUE_DRIVER_ID: 2366 return( mbedtls_test_opaque_mac_update( 2367 &operation->ctx.opaque_test_driver_ctx, 2368 input, input_length ) ); 2369#endif /* PSA_CRYPTO_DRIVER_TEST */ 2370#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 2371 default: 2372 (void) input; 2373 (void) input_length; 2374 return( PSA_ERROR_INVALID_ARGUMENT ); 2375 } 2376} 2377 2378static inline psa_status_t psa_driver_wrapper_mac_sign_finish( 2379 psa_mac_operation_t *operation, 2380 uint8_t *mac, 2381 size_t mac_size, 2382 size_t *mac_length ) 2383{ 2384 switch( operation->id ) 2385 { 2386#if defined(MBEDTLS_PSA_BUILTIN_MAC) 2387 case PSA_CRYPTO_MBED_TLS_DRIVER_ID: 2388 return( mbedtls_psa_mac_sign_finish( &operation->ctx.mbedtls_ctx, 2389 mac, mac_size, mac_length ) ); 2390#endif /* MBEDTLS_PSA_BUILTIN_MAC */ 2391 2392#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 2393#if defined(PSA_CRYPTO_DRIVER_TEST) 2394 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: 2395 return( mbedtls_test_transparent_mac_sign_finish( 2396 &operation->ctx.transparent_test_driver_ctx, 2397 mac, mac_size, mac_length ) ); 2398 2399 case MBEDTLS_TEST_OPAQUE_DRIVER_ID: 2400 return( mbedtls_test_opaque_mac_sign_finish( 2401 &operation->ctx.opaque_test_driver_ctx, 2402 mac, mac_size, mac_length ) ); 2403#endif /* PSA_CRYPTO_DRIVER_TEST */ 2404#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 2405 default: 2406 (void) mac; 2407 (void) mac_size; 2408 (void) mac_length; 2409 return( PSA_ERROR_INVALID_ARGUMENT ); 2410 } 2411} 2412 2413static inline psa_status_t psa_driver_wrapper_mac_verify_finish( 2414 psa_mac_operation_t *operation, 2415 const uint8_t *mac, 2416 size_t mac_length ) 2417{ 2418 switch( operation->id ) 2419 { 2420#if defined(MBEDTLS_PSA_BUILTIN_MAC) 2421 case PSA_CRYPTO_MBED_TLS_DRIVER_ID: 2422 return( mbedtls_psa_mac_verify_finish( &operation->ctx.mbedtls_ctx, 2423 mac, mac_length ) ); 2424#endif /* MBEDTLS_PSA_BUILTIN_MAC */ 2425 2426#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 2427#if defined(PSA_CRYPTO_DRIVER_TEST) 2428 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: 2429 return( mbedtls_test_transparent_mac_verify_finish( 2430 &operation->ctx.transparent_test_driver_ctx, 2431 mac, mac_length ) ); 2432 2433 case MBEDTLS_TEST_OPAQUE_DRIVER_ID: 2434 return( mbedtls_test_opaque_mac_verify_finish( 2435 &operation->ctx.opaque_test_driver_ctx, 2436 mac, mac_length ) ); 2437#endif /* PSA_CRYPTO_DRIVER_TEST */ 2438#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 2439 default: 2440 (void) mac; 2441 (void) mac_length; 2442 return( PSA_ERROR_INVALID_ARGUMENT ); 2443 } 2444} 2445 2446static inline psa_status_t psa_driver_wrapper_mac_abort( 2447 psa_mac_operation_t *operation ) 2448{ 2449 switch( operation->id ) 2450 { 2451#if defined(MBEDTLS_PSA_BUILTIN_MAC) 2452 case PSA_CRYPTO_MBED_TLS_DRIVER_ID: 2453 return( mbedtls_psa_mac_abort( &operation->ctx.mbedtls_ctx ) ); 2454#endif /* MBEDTLS_PSA_BUILTIN_MAC */ 2455 2456#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 2457#if defined(PSA_CRYPTO_DRIVER_TEST) 2458 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: 2459 return( mbedtls_test_transparent_mac_abort( 2460 &operation->ctx.transparent_test_driver_ctx ) ); 2461 case MBEDTLS_TEST_OPAQUE_DRIVER_ID: 2462 return( mbedtls_test_opaque_mac_abort( 2463 &operation->ctx.opaque_test_driver_ctx ) ); 2464#endif /* PSA_CRYPTO_DRIVER_TEST */ 2465#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 2466 default: 2467 return( PSA_ERROR_INVALID_ARGUMENT ); 2468 } 2469} 2470 2471/* 2472 * Asymmetric cryptography 2473 */ 2474static inline psa_status_t psa_driver_wrapper_asymmetric_encrypt( 2475 const psa_key_attributes_t *attributes, const uint8_t *key_buffer, 2476 size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input, 2477 size_t input_length, const uint8_t *salt, size_t salt_length, 2478 uint8_t *output, size_t output_size, size_t *output_length ) 2479{ 2480 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 2481 psa_key_location_t location = 2482 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); 2483 2484 switch( location ) 2485 { 2486 case PSA_KEY_LOCATION_LOCAL_STORAGE: 2487 /* Key is stored in the slot in export representation, so 2488 * cycle through all known transparent accelerators */ 2489#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 2490#if defined(PSA_CRYPTO_DRIVER_TEST) 2491 status = mbedtls_test_transparent_asymmetric_encrypt( attributes, 2492 key_buffer, key_buffer_size, alg, input, input_length, 2493 salt, salt_length, output, output_size, 2494 output_length ); 2495 /* Declared with fallback == true */ 2496 if( status != PSA_ERROR_NOT_SUPPORTED ) 2497 return( status ); 2498#endif /* PSA_CRYPTO_DRIVER_TEST */ 2499#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 2500 return( mbedtls_psa_asymmetric_encrypt( attributes, 2501 key_buffer, key_buffer_size, alg, input, input_length, 2502 salt, salt_length, output, output_size, output_length ) 2503 ); 2504 /* Add cases for opaque driver here */ 2505#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 2506#if defined(PSA_CRYPTO_DRIVER_TEST) 2507 case PSA_CRYPTO_TEST_DRIVER_LOCATION: 2508 return( mbedtls_test_opaque_asymmetric_encrypt( attributes, 2509 key_buffer, key_buffer_size, alg, input, input_length, 2510 salt, salt_length, output, output_size, output_length ) 2511 ); 2512#endif /* PSA_CRYPTO_DRIVER_TEST */ 2513#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 2514 2515 default: 2516 /* Key is declared with a lifetime not known to us */ 2517 (void)status; 2518 (void)key_buffer; 2519 (void)key_buffer_size; 2520 (void)alg; 2521 (void)input; 2522 (void)input_length; 2523 (void)salt; 2524 (void)salt_length; 2525 (void)output; 2526 (void)output_size; 2527 (void)output_length; 2528 return( PSA_ERROR_INVALID_ARGUMENT ); 2529 } 2530} 2531 2532static inline psa_status_t psa_driver_wrapper_asymmetric_decrypt( 2533 const psa_key_attributes_t *attributes, const uint8_t *key_buffer, 2534 size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input, 2535 size_t input_length, const uint8_t *salt, size_t salt_length, 2536 uint8_t *output, size_t output_size, size_t *output_length ) 2537{ 2538 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 2539 psa_key_location_t location = 2540 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); 2541 2542 switch( location ) 2543 { 2544 case PSA_KEY_LOCATION_LOCAL_STORAGE: 2545 /* Key is stored in the slot in export representation, so 2546 * cycle through all known transparent accelerators */ 2547#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 2548#if defined(PSA_CRYPTO_DRIVER_TEST) 2549 status = mbedtls_test_transparent_asymmetric_decrypt( attributes, 2550 key_buffer, key_buffer_size, alg, input, input_length, 2551 salt, salt_length, output, output_size, 2552 output_length ); 2553 /* Declared with fallback == true */ 2554 if( status != PSA_ERROR_NOT_SUPPORTED ) 2555 return( status ); 2556#endif /* PSA_CRYPTO_DRIVER_TEST */ 2557#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 2558 return( mbedtls_psa_asymmetric_decrypt( attributes, 2559 key_buffer, key_buffer_size, alg,input, input_length, 2560 salt, salt_length, output, output_size, 2561 output_length ) ); 2562 /* Add cases for opaque driver here */ 2563#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 2564#if defined(PSA_CRYPTO_DRIVER_TEST) 2565 case PSA_CRYPTO_TEST_DRIVER_LOCATION: 2566 return( mbedtls_test_opaque_asymmetric_decrypt( attributes, 2567 key_buffer, key_buffer_size, alg, input, input_length, 2568 salt, salt_length, output, output_size, 2569 output_length ) ); 2570#endif /* PSA_CRYPTO_DRIVER_TEST */ 2571#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 2572 2573 default: 2574 /* Key is declared with a lifetime not known to us */ 2575 (void)status; 2576 (void)key_buffer; 2577 (void)key_buffer_size; 2578 (void)alg; 2579 (void)input; 2580 (void)input_length; 2581 (void)salt; 2582 (void)salt_length; 2583 (void)output; 2584 (void)output_size; 2585 (void)output_length; 2586 return( PSA_ERROR_INVALID_ARGUMENT ); 2587 } 2588} 2589 2590static inline psa_status_t psa_driver_wrapper_key_agreement( 2591 const psa_key_attributes_t *attributes, 2592 const uint8_t *key_buffer, 2593 size_t key_buffer_size, 2594 psa_algorithm_t alg, 2595 const uint8_t *peer_key, 2596 size_t peer_key_length, 2597 uint8_t *shared_secret, 2598 size_t shared_secret_size, 2599 size_t *shared_secret_length 2600 ) 2601{ 2602 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 2603 psa_key_location_t location = 2604 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); 2605 2606 switch( location ) 2607 { 2608 case PSA_KEY_LOCATION_LOCAL_STORAGE: 2609 /* Key is stored in the slot in export representation, so 2610 * cycle through all known transparent accelerators */ 2611#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 2612#if defined(PSA_CRYPTO_DRIVER_TEST) 2613 status = 2614 mbedtls_test_transparent_key_agreement( attributes, 2615 key_buffer, key_buffer_size, alg, peer_key, 2616 peer_key_length, shared_secret, shared_secret_size, 2617 shared_secret_length ); 2618 if( status != PSA_ERROR_NOT_SUPPORTED ) 2619 return( status ); 2620#endif /* PSA_CRYPTO_DRIVER_TEST */ 2621#if defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED) 2622 if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) && 2623 PSA_ALG_IS_ECDH(alg) && 2624 PSA_KEY_TYPE_ECC_GET_FAMILY(attributes->core.type) == PSA_ECC_FAMILY_SECP_R1 && 2625 attributes->core.bits == 256 ) 2626 { 2627 status = p256_transparent_key_agreement( attributes, 2628 key_buffer, 2629 key_buffer_size, 2630 alg, 2631 peer_key, 2632 peer_key_length, 2633 shared_secret, 2634 shared_secret_size, 2635 shared_secret_length ); 2636 if( status != PSA_ERROR_NOT_SUPPORTED) 2637 return( status ); 2638 } 2639#endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */ 2640#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 2641 2642 /* Software Fallback */ 2643 status = psa_key_agreement_raw_builtin( attributes, 2644 key_buffer, 2645 key_buffer_size, 2646 alg, 2647 peer_key, 2648 peer_key_length, 2649 shared_secret, 2650 shared_secret_size, 2651 shared_secret_length ); 2652 return( status ); 2653#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 2654#if defined(PSA_CRYPTO_DRIVER_TEST) 2655 case PSA_CRYPTO_TEST_DRIVER_LOCATION: 2656 return( mbedtls_test_opaque_key_agreement( attributes, 2657 key_buffer, key_buffer_size, alg, peer_key, 2658 peer_key_length, shared_secret, shared_secret_size, 2659 shared_secret_length ) ); 2660#endif /* PSA_CRYPTO_DRIVER_TEST */ 2661#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 2662 2663 default: 2664 (void) attributes; 2665 (void) key_buffer; 2666 (void) key_buffer_size; 2667 (void) peer_key; 2668 (void) peer_key_length; 2669 (void) shared_secret; 2670 (void) shared_secret_size; 2671 (void) shared_secret_length; 2672 return( PSA_ERROR_NOT_SUPPORTED ); 2673 2674 } 2675} 2676 2677static inline psa_status_t psa_driver_wrapper_pake_setup( 2678 psa_pake_operation_t *operation, 2679 const psa_crypto_driver_pake_inputs_t *inputs ) 2680{ 2681 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 2682 2683 psa_key_location_t location = 2684 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime( &inputs->attributes ) ); 2685 2686 switch( location ) 2687 { 2688 case PSA_KEY_LOCATION_LOCAL_STORAGE: 2689 /* Key is stored in the slot in export representation, so 2690 * cycle through all known transparent accelerators */ 2691 status = PSA_ERROR_NOT_SUPPORTED; 2692#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 2693#if defined(PSA_CRYPTO_DRIVER_TEST) 2694 status = mbedtls_test_transparent_pake_setup( 2695 &operation->data.ctx.transparent_test_driver_ctx, 2696 inputs ); 2697 if( status == PSA_SUCCESS ) 2698 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID; 2699 /* Declared with fallback == true */ 2700 if( status != PSA_ERROR_NOT_SUPPORTED ) 2701 return( status ); 2702#endif /* PSA_CRYPTO_DRIVER_TEST */ 2703#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 2704#if defined(MBEDTLS_PSA_BUILTIN_PAKE) 2705 status = mbedtls_psa_pake_setup( &operation->data.ctx.mbedtls_ctx, 2706 inputs ); 2707 if( status == PSA_SUCCESS ) 2708 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; 2709#endif 2710 return status; 2711 /* Add cases for opaque driver here */ 2712 default: 2713 /* Key is declared with a lifetime not known to us */ 2714 (void)operation; 2715 return( PSA_ERROR_INVALID_ARGUMENT ); 2716 } 2717} 2718 2719static inline psa_status_t psa_driver_wrapper_pake_output( 2720 psa_pake_operation_t *operation, 2721 psa_crypto_driver_pake_step_t step, 2722 uint8_t *output, 2723 size_t output_size, 2724 size_t *output_length ) 2725{ 2726 switch( operation->id ) 2727 { 2728#if defined(MBEDTLS_PSA_BUILTIN_PAKE) 2729 case PSA_CRYPTO_MBED_TLS_DRIVER_ID: 2730 return( mbedtls_psa_pake_output( &operation->data.ctx.mbedtls_ctx, step, 2731 output, output_size, output_length ) ); 2732#endif /* MBEDTLS_PSA_BUILTIN_PAKE */ 2733 2734#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 2735#if defined(PSA_CRYPTO_DRIVER_TEST) 2736 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: 2737 return( mbedtls_test_transparent_pake_output( 2738 &operation->data.ctx.transparent_test_driver_ctx, 2739 step, output, output_size, output_length ) ); 2740#endif /* PSA_CRYPTO_DRIVER_TEST */ 2741#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 2742 default: 2743 (void) step; 2744 (void) output; 2745 (void) output_size; 2746 (void) output_length; 2747 return( PSA_ERROR_INVALID_ARGUMENT ); 2748 } 2749} 2750 2751static inline psa_status_t psa_driver_wrapper_pake_input( 2752 psa_pake_operation_t *operation, 2753 psa_crypto_driver_pake_step_t step, 2754 const uint8_t *input, 2755 size_t input_length ) 2756{ 2757 switch( operation->id ) 2758 { 2759#if defined(MBEDTLS_PSA_BUILTIN_PAKE) 2760 case PSA_CRYPTO_MBED_TLS_DRIVER_ID: 2761 return( mbedtls_psa_pake_input( &operation->data.ctx.mbedtls_ctx, 2762 step, input, 2763 input_length ) ); 2764#endif /* MBEDTLS_PSA_BUILTIN_PAKE */ 2765 2766#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 2767#if defined(PSA_CRYPTO_DRIVER_TEST) 2768 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: 2769 return( mbedtls_test_transparent_pake_input( 2770 &operation->data.ctx.transparent_test_driver_ctx, 2771 step, 2772 input, input_length ) ); 2773#endif /* PSA_CRYPTO_DRIVER_TEST */ 2774#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 2775 default: 2776 (void) step; 2777 (void) input; 2778 (void) input_length; 2779 return( PSA_ERROR_INVALID_ARGUMENT ); 2780 } 2781} 2782 2783static inline psa_status_t psa_driver_wrapper_pake_get_implicit_key( 2784 psa_pake_operation_t *operation, 2785 uint8_t *output, size_t output_size, 2786 size_t *output_length ) 2787{ 2788 switch( operation->id ) 2789 { 2790#if defined(MBEDTLS_PSA_BUILTIN_PAKE) 2791 case PSA_CRYPTO_MBED_TLS_DRIVER_ID: 2792 return( mbedtls_psa_pake_get_implicit_key( &operation->data.ctx.mbedtls_ctx, 2793 output, output_size, output_length ) ); 2794#endif /* MBEDTLS_PSA_BUILTIN_PAKE */ 2795 2796#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 2797#if defined(PSA_CRYPTO_DRIVER_TEST) 2798 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: 2799 return( mbedtls_test_transparent_pake_get_implicit_key( 2800 &operation->data.ctx.transparent_test_driver_ctx, 2801 output, output_size, output_length ) ); 2802#endif /* PSA_CRYPTO_DRIVER_TEST */ 2803#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 2804 default: 2805 (void) output; 2806 (void) output_size; 2807 (void) output_length; 2808 return( PSA_ERROR_INVALID_ARGUMENT ); 2809 } 2810} 2811 2812static inline psa_status_t psa_driver_wrapper_pake_abort( 2813 psa_pake_operation_t * operation ) 2814{ 2815 switch( operation->id ) 2816 { 2817#if defined(MBEDTLS_PSA_BUILTIN_PAKE) 2818 case PSA_CRYPTO_MBED_TLS_DRIVER_ID: 2819 return( mbedtls_psa_pake_abort( &operation->data.ctx.mbedtls_ctx ) ); 2820#endif /* MBEDTLS_PSA_BUILTIN_PAKE */ 2821 2822#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 2823#if defined(PSA_CRYPTO_DRIVER_TEST) 2824 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: 2825 return( mbedtls_test_transparent_pake_abort( 2826 &operation->data.ctx.transparent_test_driver_ctx ) ); 2827#endif /* PSA_CRYPTO_DRIVER_TEST */ 2828#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 2829 default: 2830 return( PSA_ERROR_INVALID_ARGUMENT ); 2831 } 2832} 2833 2834#endif /* MBEDTLS_PSA_CRYPTO_C */ 2835
