1/* 2 * Functions to delegate cryptographic operations to an available 3 * and appropriate accelerator. 4 * Warning: This file is now auto-generated. 5 */ 6/* Copyright The Mbed TLS Contributors 7 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 8 */ 9 10 11/* BEGIN-common headers */ 12#include "common.h" 13#include "psa_crypto_aead.h" 14#include "psa_crypto_cipher.h" 15#include "psa_crypto_core.h" 16#include "psa_crypto_driver_wrappers_no_static.h" 17#include "psa_crypto_hash.h" 18#include "psa_crypto_mac.h" 19#include "psa_crypto_pake.h" 20#include "psa_crypto_rsa.h" 21 22#include "mbedtls/platform.h" 23#include "mbedtls/constant_time.h" 24/* END-common headers */ 25 26#if defined(MBEDTLS_PSA_CRYPTO_C) 27 28/* BEGIN-driver headers */ 29{% for driver in drivers -%} 30/* Headers for {{driver.prefix}} {{driver.type}} driver */ 31{% if driver['mbedtls/h_condition'] is defined -%} 32#if {{ driver['mbedtls/h_condition'] }} 33{% endif -%} 34{% for header in driver.headers -%} 35#include "{{ header }}" 36{% endfor %} 37{% if driver['mbedtls/h_condition'] is defined -%} 38#endif 39{% endif -%} 40{% endfor %} 41/* END-driver headers */ 42 43/* Auto-generated values depending on which drivers are registered. 44 * ID 0 is reserved for unallocated operations. 45 * ID 1 is reserved for the Mbed TLS software driver. */ 46/* BEGIN-driver id definition */ 47#define PSA_CRYPTO_MBED_TLS_DRIVER_ID (1) 48{% for driver in drivers -%} 49#define {{(driver.prefix + "_" + driver.type + "_driver_id").upper()}} ({{ loop.index + 1 }}) 50{% endfor %} 51/* END-driver id */ 52 53/* BEGIN-Common Macro definitions */ 54{% macro entry_point_name(capability, entry_point, driver) -%} 55 {% if capability.name is defined and entry_point in capability.names.keys() -%} 56 {{ capability.names[entry_point]}} 57 {% else -%} 58 {{driver.prefix}}_{{driver.type}}_{{entry_point}} 59 {% endif -%} 60{% endmacro %} 61/* END-Common Macro definitions */ 62 63/* Support the 'old' SE interface when asked to */ 64#if defined(MBEDTLS_PSA_CRYPTO_SE_C) 65/* PSA_CRYPTO_DRIVER_PRESENT is defined when either a new-style or old-style 66 * SE driver is present, to avoid unused argument errors at compile time. */ 67#ifndef PSA_CRYPTO_DRIVER_PRESENT 68#define PSA_CRYPTO_DRIVER_PRESENT 69#endif 70#include "psa_crypto_se.h" 71#endif 72 73static inline psa_status_t psa_driver_wrapper_init( void ) 74{ 75 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 76 77#if defined(MBEDTLS_PSA_CRYPTO_SE_C) 78 status = psa_init_all_se_drivers( ); 79 if( status != PSA_SUCCESS ) 80 return( status ); 81#endif 82 83#if defined(PSA_CRYPTO_DRIVER_TEST) 84 status = mbedtls_test_transparent_init( ); 85 if( status != PSA_SUCCESS ) 86 return( status ); 87 88 status = mbedtls_test_opaque_init( ); 89 if( status != PSA_SUCCESS ) 90 return( status ); 91#endif 92 93 (void) status; 94 return( PSA_SUCCESS ); 95} 96 97static inline void psa_driver_wrapper_free( void ) 98{ 99#if defined(MBEDTLS_PSA_CRYPTO_SE_C) 100 /* Unregister all secure element drivers, so that we restart from 101 * a pristine state. */ 102 psa_unregister_all_se_drivers( ); 103#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ 104 105#if defined(PSA_CRYPTO_DRIVER_TEST) 106 mbedtls_test_transparent_free( ); 107 mbedtls_test_opaque_free( ); 108#endif 109} 110 111/* Start delegation functions */ 112static inline psa_status_t psa_driver_wrapper_sign_message( 113 const psa_key_attributes_t *attributes, 114 const uint8_t *key_buffer, 115 size_t key_buffer_size, 116 psa_algorithm_t alg, 117 const uint8_t *input, 118 size_t input_length, 119 uint8_t *signature, 120 size_t signature_size, 121 size_t *signature_length ) 122{ 123 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 124 psa_key_location_t location = 125 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) ); 126 127 switch( location ) 128 { 129 case PSA_KEY_LOCATION_LOCAL_STORAGE: 130 /* Key is stored in the slot in export representation, so 131 * cycle through all known transparent accelerators */ 132#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 133#if defined(PSA_CRYPTO_DRIVER_TEST) 134 status = mbedtls_test_transparent_signature_sign_message( 135 attributes, 136 key_buffer, 137 key_buffer_size, 138 alg, 139 input, 140 input_length, 141 signature, 142 signature_size, 143 signature_length ); 144 /* Declared with fallback == true */ 145 if( status != PSA_ERROR_NOT_SUPPORTED ) 146 return( status ); 147#endif /* PSA_CRYPTO_DRIVER_TEST */ 148#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 149 break; 150 151 /* Add cases for opaque driver here */ 152#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 153#if defined(PSA_CRYPTO_DRIVER_TEST) 154 case PSA_CRYPTO_TEST_DRIVER_LOCATION: 155 status = mbedtls_test_opaque_signature_sign_message( 156 attributes, 157 key_buffer, 158 key_buffer_size, 159 alg, 160 input, 161 input_length, 162 signature, 163 signature_size, 164 signature_length ); 165 if( status != PSA_ERROR_NOT_SUPPORTED ) 166 return( status ); 167 break; 168#endif /* PSA_CRYPTO_DRIVER_TEST */ 169#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 170 default: 171 /* Key is declared with a lifetime not known to us */ 172 (void)status; 173 break; 174 } 175 176 return( psa_sign_message_builtin( attributes, 177 key_buffer, 178 key_buffer_size, 179 alg, 180 input, 181 input_length, 182 signature, 183 signature_size, 184 signature_length ) ); 185} 186 187static inline psa_status_t psa_driver_wrapper_verify_message( 188 const psa_key_attributes_t *attributes, 189 const uint8_t *key_buffer, 190 size_t key_buffer_size, 191 psa_algorithm_t alg, 192 const uint8_t *input, 193 size_t input_length, 194 const uint8_t *signature, 195 size_t signature_length ) 196{ 197 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 198 psa_key_location_t location = 199 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) ); 200 201 switch( location ) 202 { 203 case PSA_KEY_LOCATION_LOCAL_STORAGE: 204 /* Key is stored in the slot in export representation, so 205 * cycle through all known transparent accelerators */ 206#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 207#if defined(PSA_CRYPTO_DRIVER_TEST) 208 status = mbedtls_test_transparent_signature_verify_message( 209 attributes, 210 key_buffer, 211 key_buffer_size, 212 alg, 213 input, 214 input_length, 215 signature, 216 signature_length ); 217 /* Declared with fallback == true */ 218 if( status != PSA_ERROR_NOT_SUPPORTED ) 219 return( status ); 220#endif /* PSA_CRYPTO_DRIVER_TEST */ 221#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 222 break; 223 224 /* Add cases for opaque driver here */ 225#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 226#if defined(PSA_CRYPTO_DRIVER_TEST) 227 case PSA_CRYPTO_TEST_DRIVER_LOCATION: 228 return( mbedtls_test_opaque_signature_verify_message( 229 attributes, 230 key_buffer, 231 key_buffer_size, 232 alg, 233 input, 234 input_length, 235 signature, 236 signature_length ) ); 237 if( status != PSA_ERROR_NOT_SUPPORTED ) 238 return( status ); 239 break; 240#endif /* PSA_CRYPTO_DRIVER_TEST */ 241#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 242 default: 243 /* Key is declared with a lifetime not known to us */ 244 (void)status; 245 break; 246 } 247 248 return( psa_verify_message_builtin( attributes, 249 key_buffer, 250 key_buffer_size, 251 alg, 252 input, 253 input_length, 254 signature, 255 signature_length ) ); 256} 257 258static inline psa_status_t psa_driver_wrapper_sign_hash( 259 const psa_key_attributes_t *attributes, 260 const uint8_t *key_buffer, size_t key_buffer_size, 261 psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, 262 uint8_t *signature, size_t signature_size, size_t *signature_length ) 263{ 264 /* Try dynamically-registered SE interface first */ 265#if defined(MBEDTLS_PSA_CRYPTO_SE_C) 266 const psa_drv_se_t *drv; 267 psa_drv_se_context_t *drv_context; 268 269 if( psa_get_se_driver( psa_get_key_lifetime(attributes), &drv, &drv_context ) ) 270 { 271 if( drv->asymmetric == NULL || 272 drv->asymmetric->p_sign == NULL ) 273 { 274 /* Key is defined in SE, but we have no way to exercise it */ 275 return( PSA_ERROR_NOT_SUPPORTED ); 276 } 277 return( drv->asymmetric->p_sign( 278 drv_context, *( (psa_key_slot_number_t *)key_buffer ), 279 alg, hash, hash_length, 280 signature, signature_size, signature_length ) ); 281 } 282#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ 283 284 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 285 psa_key_location_t location = 286 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) ); 287 288 switch( location ) 289 { 290 case PSA_KEY_LOCATION_LOCAL_STORAGE: 291 /* Key is stored in the slot in export representation, so 292 * cycle through all known transparent accelerators */ 293#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 294#if defined(PSA_CRYPTO_DRIVER_TEST) 295 status = mbedtls_test_transparent_signature_sign_hash( attributes, 296 key_buffer, 297 key_buffer_size, 298 alg, 299 hash, 300 hash_length, 301 signature, 302 signature_size, 303 signature_length ); 304 /* Declared with fallback == true */ 305 if( status != PSA_ERROR_NOT_SUPPORTED ) 306 return( status ); 307#endif /* PSA_CRYPTO_DRIVER_TEST */ 308#if defined (MBEDTLS_PSA_P256M_DRIVER_ENABLED) 309 if( PSA_KEY_TYPE_IS_ECC( psa_get_key_type(attributes) ) && 310 PSA_ALG_IS_ECDSA(alg) && 311 !PSA_ALG_ECDSA_IS_DETERMINISTIC( alg ) && 312 PSA_KEY_TYPE_ECC_GET_FAMILY(psa_get_key_type(attributes)) == PSA_ECC_FAMILY_SECP_R1 && 313 psa_get_key_bits(attributes) == 256 ) 314 { 315 status = p256_transparent_sign_hash( attributes, 316 key_buffer, 317 key_buffer_size, 318 alg, 319 hash, 320 hash_length, 321 signature, 322 signature_size, 323 signature_length ); 324 if( status != PSA_ERROR_NOT_SUPPORTED ) 325 return( status ); 326 } 327#endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */ 328#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 329 /* Fell through, meaning no accelerator supports this operation */ 330 return( psa_sign_hash_builtin( attributes, 331 key_buffer, 332 key_buffer_size, 333 alg, 334 hash, 335 hash_length, 336 signature, 337 signature_size, 338 signature_length ) ); 339 340 /* Add cases for opaque driver here */ 341#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 342#if defined(PSA_CRYPTO_DRIVER_TEST) 343 case PSA_CRYPTO_TEST_DRIVER_LOCATION: 344 return( mbedtls_test_opaque_signature_sign_hash( attributes, 345 key_buffer, 346 key_buffer_size, 347 alg, 348 hash, 349 hash_length, 350 signature, 351 signature_size, 352 signature_length ) ); 353#endif /* PSA_CRYPTO_DRIVER_TEST */ 354#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 355 default: 356 /* Key is declared with a lifetime not known to us */ 357 (void)status; 358 return( PSA_ERROR_INVALID_ARGUMENT ); 359 } 360} 361 362static inline psa_status_t psa_driver_wrapper_verify_hash( 363 const psa_key_attributes_t *attributes, 364 const uint8_t *key_buffer, size_t key_buffer_size, 365 psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, 366 const uint8_t *signature, size_t signature_length ) 367{ 368 /* Try dynamically-registered SE interface first */ 369#if defined(MBEDTLS_PSA_CRYPTO_SE_C) 370 const psa_drv_se_t *drv; 371 psa_drv_se_context_t *drv_context; 372 373 if( psa_get_se_driver( psa_get_key_lifetime(attributes), &drv, &drv_context ) ) 374 { 375 if( drv->asymmetric == NULL || 376 drv->asymmetric->p_verify == NULL ) 377 { 378 /* Key is defined in SE, but we have no way to exercise it */ 379 return( PSA_ERROR_NOT_SUPPORTED ); 380 } 381 return( drv->asymmetric->p_verify( 382 drv_context, *( (psa_key_slot_number_t *)key_buffer ), 383 alg, hash, hash_length, 384 signature, signature_length ) ); 385 } 386#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ 387 388 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 389 psa_key_location_t location = 390 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) ); 391 392 switch( location ) 393 { 394 case PSA_KEY_LOCATION_LOCAL_STORAGE: 395 /* Key is stored in the slot in export representation, so 396 * cycle through all known transparent accelerators */ 397#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 398#if defined(PSA_CRYPTO_DRIVER_TEST) 399 status = mbedtls_test_transparent_signature_verify_hash( 400 attributes, 401 key_buffer, 402 key_buffer_size, 403 alg, 404 hash, 405 hash_length, 406 signature, 407 signature_length ); 408 /* Declared with fallback == true */ 409 if( status != PSA_ERROR_NOT_SUPPORTED ) 410 return( status ); 411#endif /* PSA_CRYPTO_DRIVER_TEST */ 412#if defined (MBEDTLS_PSA_P256M_DRIVER_ENABLED) 413 if( PSA_KEY_TYPE_IS_ECC( psa_get_key_type(attributes) ) && 414 PSA_ALG_IS_ECDSA(alg) && 415 !PSA_ALG_ECDSA_IS_DETERMINISTIC( alg ) && 416 PSA_KEY_TYPE_ECC_GET_FAMILY(psa_get_key_type(attributes)) == PSA_ECC_FAMILY_SECP_R1 && 417 psa_get_key_bits(attributes) == 256 ) 418 { 419 status = p256_transparent_verify_hash( attributes, 420 key_buffer, 421 key_buffer_size, 422 alg, 423 hash, 424 hash_length, 425 signature, 426 signature_length ); 427 if( status != PSA_ERROR_NOT_SUPPORTED ) 428 return( status ); 429 } 430#endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */ 431#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 432 433 return( psa_verify_hash_builtin( attributes, 434 key_buffer, 435 key_buffer_size, 436 alg, 437 hash, 438 hash_length, 439 signature, 440 signature_length ) ); 441 442 /* Add cases for opaque driver here */ 443#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 444#if defined(PSA_CRYPTO_DRIVER_TEST) 445 case PSA_CRYPTO_TEST_DRIVER_LOCATION: 446 return( mbedtls_test_opaque_signature_verify_hash( attributes, 447 key_buffer, 448 key_buffer_size, 449 alg, 450 hash, 451 hash_length, 452 signature, 453 signature_length ) ); 454#endif /* PSA_CRYPTO_DRIVER_TEST */ 455#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 456 default: 457 /* Key is declared with a lifetime not known to us */ 458 (void)status; 459 return( PSA_ERROR_INVALID_ARGUMENT ); 460 } 461} 462 463static inline uint32_t psa_driver_wrapper_sign_hash_get_num_ops( 464 psa_sign_hash_interruptible_operation_t *operation ) 465{ 466 switch( operation->id ) 467 { 468 /* If uninitialised, return 0, as no work can have been done. */ 469 case 0: 470 return 0; 471 472 case PSA_CRYPTO_MBED_TLS_DRIVER_ID: 473 return(mbedtls_psa_sign_hash_get_num_ops(&operation->ctx.mbedtls_ctx)); 474 475#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 476#if defined(PSA_CRYPTO_DRIVER_TEST) 477 /* Add test driver tests here */ 478 479#endif /* PSA_CRYPTO_DRIVER_TEST */ 480#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 481 } 482 483 /* Can't happen (see discussion in #8271) */ 484 return 0; 485} 486 487static inline uint32_t psa_driver_wrapper_verify_hash_get_num_ops( 488 psa_verify_hash_interruptible_operation_t *operation ) 489{ 490 switch( operation->id ) 491 { 492 /* If uninitialised, return 0, as no work can have been done. */ 493 case 0: 494 return 0; 495 496 case PSA_CRYPTO_MBED_TLS_DRIVER_ID: 497 return (mbedtls_psa_verify_hash_get_num_ops(&operation->ctx.mbedtls_ctx)); 498 499#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 500#if defined(PSA_CRYPTO_DRIVER_TEST) 501 /* Add test driver tests here */ 502 503#endif /* PSA_CRYPTO_DRIVER_TEST */ 504#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 505 506 } 507 508 /* Can't happen (see discussion in #8271) */ 509 return 0; 510} 511 512static inline psa_status_t psa_driver_wrapper_sign_hash_start( 513 psa_sign_hash_interruptible_operation_t *operation, 514 const psa_key_attributes_t *attributes, const uint8_t *key_buffer, 515 size_t key_buffer_size, psa_algorithm_t alg, 516 const uint8_t *hash, size_t hash_length ) 517{ 518 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 519 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( 520 psa_get_key_lifetime(attributes) ); 521 522 switch( location ) 523 { 524 case PSA_KEY_LOCATION_LOCAL_STORAGE: 525 /* Key is stored in the slot in export representation, so 526 * cycle through all known transparent accelerators */ 527 528#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 529#if defined(PSA_CRYPTO_DRIVER_TEST) 530 531 /* Add test driver tests here */ 532 533 /* Declared with fallback == true */ 534 535#endif /* PSA_CRYPTO_DRIVER_TEST */ 536#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 537 538 /* Fell through, meaning no accelerator supports this operation */ 539 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; 540 status = mbedtls_psa_sign_hash_start( &operation->ctx.mbedtls_ctx, 541 attributes, 542 key_buffer, key_buffer_size, 543 alg, hash, hash_length ); 544 break; 545 546 /* Add cases for opaque driver here */ 547 548 default: 549 /* Key is declared with a lifetime not known to us */ 550 status = PSA_ERROR_INVALID_ARGUMENT; 551 break; 552 } 553 554 return( status ); 555} 556 557static inline psa_status_t psa_driver_wrapper_sign_hash_complete( 558 psa_sign_hash_interruptible_operation_t *operation, 559 uint8_t *signature, size_t signature_size, 560 size_t *signature_length ) 561{ 562 switch( operation->id ) 563 { 564 case PSA_CRYPTO_MBED_TLS_DRIVER_ID: 565 return( mbedtls_psa_sign_hash_complete( &operation->ctx.mbedtls_ctx, 566 signature, signature_size, 567 signature_length ) ); 568 569#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 570#if defined(PSA_CRYPTO_DRIVER_TEST) 571 /* Add test driver tests here */ 572 573#endif /* PSA_CRYPTO_DRIVER_TEST */ 574#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 575 } 576 577 ( void ) signature; 578 ( void ) signature_size; 579 ( void ) signature_length; 580 581 return( PSA_ERROR_INVALID_ARGUMENT ); 582} 583 584static inline psa_status_t psa_driver_wrapper_sign_hash_abort( 585 psa_sign_hash_interruptible_operation_t *operation ) 586{ 587 switch( operation->id ) 588 { 589 case PSA_CRYPTO_MBED_TLS_DRIVER_ID: 590 return( mbedtls_psa_sign_hash_abort( &operation->ctx.mbedtls_ctx ) ); 591 592#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 593#if defined(PSA_CRYPTO_DRIVER_TEST) 594 /* Add test driver tests here */ 595 596#endif /* PSA_CRYPTO_DRIVER_TEST */ 597#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 598 } 599 600 return( PSA_ERROR_INVALID_ARGUMENT ); 601} 602 603static inline psa_status_t psa_driver_wrapper_verify_hash_start( 604 psa_verify_hash_interruptible_operation_t *operation, 605 const psa_key_attributes_t *attributes, const uint8_t *key_buffer, 606 size_t key_buffer_size, psa_algorithm_t alg, 607 const uint8_t *hash, size_t hash_length, 608 const uint8_t *signature, size_t signature_length ) 609{ 610 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 611 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( 612 psa_get_key_lifetime(attributes) ); 613 614 switch( location ) 615 { 616 case PSA_KEY_LOCATION_LOCAL_STORAGE: 617 /* Key is stored in the slot in export representation, so 618 * cycle through all known transparent accelerators */ 619 620#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 621#if defined(PSA_CRYPTO_DRIVER_TEST) 622 623 /* Add test driver tests here */ 624 625 /* Declared with fallback == true */ 626 627#endif /* PSA_CRYPTO_DRIVER_TEST */ 628#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 629 630 /* Fell through, meaning no accelerator supports this operation */ 631 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; 632 status = mbedtls_psa_verify_hash_start( &operation->ctx.mbedtls_ctx, 633 attributes, 634 key_buffer, key_buffer_size, 635 alg, hash, hash_length, 636 signature, signature_length ); 637 break; 638 639 /* Add cases for opaque driver here */ 640 641 default: 642 /* Key is declared with a lifetime not known to us */ 643 status = PSA_ERROR_INVALID_ARGUMENT; 644 break; 645 } 646 647 return( status ); 648} 649 650static inline psa_status_t psa_driver_wrapper_verify_hash_complete( 651 psa_verify_hash_interruptible_operation_t *operation ) 652{ 653 switch( operation->id ) 654 { 655 case PSA_CRYPTO_MBED_TLS_DRIVER_ID: 656 return( mbedtls_psa_verify_hash_complete( 657 &operation->ctx.mbedtls_ctx 658 ) ); 659 660#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 661#if defined(PSA_CRYPTO_DRIVER_TEST) 662 /* Add test driver tests here */ 663 664#endif /* PSA_CRYPTO_DRIVER_TEST */ 665#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 666 } 667 668 return( PSA_ERROR_INVALID_ARGUMENT ); 669} 670 671static inline psa_status_t psa_driver_wrapper_verify_hash_abort( 672 psa_verify_hash_interruptible_operation_t *operation ) 673{ 674 switch( operation->id ) 675 { 676 case PSA_CRYPTO_MBED_TLS_DRIVER_ID: 677 return( mbedtls_psa_verify_hash_abort( &operation->ctx.mbedtls_ctx 678 ) ); 679 680#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 681#if defined(PSA_CRYPTO_DRIVER_TEST) 682 /* Add test driver tests here */ 683 684#endif /* PSA_CRYPTO_DRIVER_TEST */ 685#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 686 } 687 688 return( PSA_ERROR_INVALID_ARGUMENT ); 689} 690 691/** Calculate the key buffer size required to store the key material of a key 692 * associated with an opaque driver from input key data. 693 * 694 * \param[in] attributes The key attributes 695 * \param[in] data The input key data. 696 * \param[in] data_length The input data length. 697 * \param[out] key_buffer_size Minimum buffer size to contain the key material. 698 * 699 * \retval #PSA_SUCCESS \emptydescription 700 * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription 701 * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription 702 */ 703static inline psa_status_t psa_driver_wrapper_get_key_buffer_size_from_key_data( 704 const psa_key_attributes_t *attributes, 705 const uint8_t *data, 706 size_t data_length, 707 size_t *key_buffer_size ) 708{ 709 psa_key_location_t location = 710 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) ); 711 psa_key_type_t key_type = psa_get_key_type(attributes); 712 713 *key_buffer_size = 0; 714 switch( location ) 715 { 716#if defined(PSA_CRYPTO_DRIVER_TEST) 717 case PSA_CRYPTO_TEST_DRIVER_LOCATION: 718 *key_buffer_size = mbedtls_test_opaque_size_function( key_type, 719 PSA_BYTES_TO_BITS( data_length ) ); 720 return( ( *key_buffer_size != 0 ) ? 721 PSA_SUCCESS : PSA_ERROR_NOT_SUPPORTED ); 722#endif /* PSA_CRYPTO_DRIVER_TEST */ 723 724 default: 725 (void)key_type; 726 (void)data; 727 (void)data_length; 728 return( PSA_ERROR_INVALID_ARGUMENT ); 729 } 730} 731 732static inline psa_status_t psa_driver_wrapper_generate_key( 733 const psa_key_attributes_t *attributes, 734 const psa_custom_key_parameters_t *custom, 735 const uint8_t *custom_data, size_t custom_data_length, 736 uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length ) 737{ 738 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 739 psa_key_location_t location = 740 PSA_KEY_LIFETIME_GET_LOCATION(psa_get_key_lifetime(attributes)); 741 742#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE) 743 int is_default_production = 744 psa_custom_key_parameters_are_default(custom, custom_data_length); 745 if( location != PSA_KEY_LOCATION_LOCAL_STORAGE && !is_default_production ) 746 { 747 /* We don't support passing custom production parameters 748 * to drivers yet. */ 749 return PSA_ERROR_NOT_SUPPORTED; 750 } 751#else 752 int is_default_production = 1; 753 (void) is_default_production; 754#endif 755 756 /* Try dynamically-registered SE interface first */ 757#if defined(MBEDTLS_PSA_CRYPTO_SE_C) 758 const psa_drv_se_t *drv; 759 psa_drv_se_context_t *drv_context; 760 761 if( psa_get_se_driver( psa_get_key_lifetime(attributes), &drv, &drv_context ) ) 762 { 763 size_t pubkey_length = 0; /* We don't support this feature yet */ 764 if( drv->key_management == NULL || 765 drv->key_management->p_generate == NULL ) 766 { 767 /* Key is defined as being in SE, but we have no way to generate it */ 768 return( PSA_ERROR_NOT_SUPPORTED ); 769 } 770 return( drv->key_management->p_generate( 771 drv_context, 772 *( (psa_key_slot_number_t *)key_buffer ), 773 attributes, NULL, 0, &pubkey_length ) ); 774 } 775#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ 776 777 switch( location ) 778 { 779 case PSA_KEY_LOCATION_LOCAL_STORAGE: 780#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 781 /* Transparent drivers are limited to generating asymmetric keys. */ 782 /* We don't support passing custom production parameters 783 * to drivers yet. */ 784 if( PSA_KEY_TYPE_IS_ASYMMETRIC( psa_get_key_type(attributes) ) && 785 is_default_production ) 786 { 787 /* Cycle through all known transparent accelerators */ 788#if defined(PSA_CRYPTO_DRIVER_TEST) 789 status = mbedtls_test_transparent_generate_key( 790 attributes, key_buffer, key_buffer_size, 791 key_buffer_length ); 792 /* Declared with fallback == true */ 793 if( status != PSA_ERROR_NOT_SUPPORTED ) 794 break; 795#endif /* PSA_CRYPTO_DRIVER_TEST */ 796#if defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED) 797 if( PSA_KEY_TYPE_IS_ECC( psa_get_key_type(attributes) ) && 798 psa_get_key_type(attributes) == PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1) && 799 psa_get_key_bits(attributes) == 256 ) 800 { 801 status = p256_transparent_generate_key( attributes, 802 key_buffer, 803 key_buffer_size, 804 key_buffer_length ); 805 if( status != PSA_ERROR_NOT_SUPPORTED ) 806 break; 807 } 808 809#endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */ 810 } 811#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 812 813 /* Software fallback */ 814 status = psa_generate_key_internal( 815 attributes, custom, custom_data, custom_data_length, 816 key_buffer, key_buffer_size, key_buffer_length ); 817 break; 818 819 /* Add cases for opaque driver here */ 820#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 821#if defined(PSA_CRYPTO_DRIVER_TEST) 822 case PSA_CRYPTO_TEST_DRIVER_LOCATION: 823 status = mbedtls_test_opaque_generate_key( 824 attributes, key_buffer, key_buffer_size, key_buffer_length ); 825 break; 826#endif /* PSA_CRYPTO_DRIVER_TEST */ 827#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 828 829 default: 830 /* Key is declared with a lifetime not known to us */ 831 status = PSA_ERROR_INVALID_ARGUMENT; 832 break; 833 } 834 835 return( status ); 836} 837 838static inline psa_status_t psa_driver_wrapper_import_key( 839 const psa_key_attributes_t *attributes, 840 const uint8_t *data, 841 size_t data_length, 842 uint8_t *key_buffer, 843 size_t key_buffer_size, 844 size_t *key_buffer_length, 845 size_t *bits ) 846{ 847{% with entry_point = "import_key" -%} 848{% macro entry_point_param(driver) -%} 849attributes, 850data, 851data_length, 852key_buffer, 853key_buffer_size, 854key_buffer_length, 855bits 856{% endmacro %} 857 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 858 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( 859 psa_get_key_lifetime( attributes ) ); 860 861 /* Try dynamically-registered SE interface first */ 862#if defined(MBEDTLS_PSA_CRYPTO_SE_C) 863 const psa_drv_se_t *drv; 864 psa_drv_se_context_t *drv_context; 865 866 if( psa_get_se_driver( psa_get_key_lifetime(attributes), &drv, &drv_context ) ) 867 { 868 if( drv->key_management == NULL || 869 drv->key_management->p_import == NULL ) 870 return( PSA_ERROR_NOT_SUPPORTED ); 871 872 /* The driver should set the number of key bits, however in 873 * case it doesn't, we initialize bits to an invalid value. */ 874 *bits = PSA_MAX_KEY_BITS + 1; 875 status = drv->key_management->p_import( 876 drv_context, 877 *( (psa_key_slot_number_t *)key_buffer ), 878 attributes, data, data_length, bits ); 879 880 if( status != PSA_SUCCESS ) 881 return( status ); 882 883 if( (*bits) > PSA_MAX_KEY_BITS ) 884 return( PSA_ERROR_NOT_SUPPORTED ); 885 886 return( PSA_SUCCESS ); 887 } 888#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ 889 890 switch( location ) 891 { 892 case PSA_KEY_LOCATION_LOCAL_STORAGE: 893 /* Key is stored in the slot in export representation, so 894 * cycle through all known transparent accelerators */ 895#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 896{% with nest_indent=12 %} 897{% include "OS-template-transparent.jinja" -%} 898{% endwith -%} 899#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 900 901 /* Fell through, meaning no accelerator supports this operation */ 902 return( psa_import_key_into_slot( attributes, 903 data, data_length, 904 key_buffer, key_buffer_size, 905 key_buffer_length, bits ) ); 906 /* Add cases for opaque driver here */ 907#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 908{% with nest_indent=8 %} 909{% include "OS-template-opaque.jinja" -%} 910{% endwith -%} 911#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 912 default: 913 (void)status; 914 return( PSA_ERROR_INVALID_ARGUMENT ); 915 } 916{% endwith %} 917} 918 919static inline psa_status_t psa_driver_wrapper_export_key( 920 const psa_key_attributes_t *attributes, 921 const uint8_t *key_buffer, size_t key_buffer_size, 922 uint8_t *data, size_t data_size, size_t *data_length ) 923 924{ 925{% with entry_point = "export_key" -%} 926{% macro entry_point_param(driver) -%} 927attributes, 928key_buffer, 929key_buffer_size, 930data, 931data_size, 932data_length 933{% endmacro %} 934 psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; 935 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( 936 psa_get_key_lifetime( attributes ) ); 937 938 /* Try dynamically-registered SE interface first */ 939#if defined(MBEDTLS_PSA_CRYPTO_SE_C) 940 const psa_drv_se_t *drv; 941 psa_drv_se_context_t *drv_context; 942 943 if( psa_get_se_driver( psa_get_key_lifetime(attributes), &drv, &drv_context ) ) 944 { 945 if( ( drv->key_management == NULL ) || 946 ( drv->key_management->p_export == NULL ) ) 947 { 948 return( PSA_ERROR_NOT_SUPPORTED ); 949 } 950 951 return( drv->key_management->p_export( 952 drv_context, 953 *( (psa_key_slot_number_t *)key_buffer ), 954 data, data_size, data_length ) ); 955 } 956#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ 957 958 switch( location ) 959 { 960 case PSA_KEY_LOCATION_LOCAL_STORAGE: 961 return( psa_export_key_internal( attributes, 962 key_buffer, 963 key_buffer_size, 964 data, 965 data_size, 966 data_length ) ); 967 968 /* Add cases for opaque driver here */ 969#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 970{% with nest_indent=8 %} 971{% include "OS-template-opaque.jinja" -%} 972{% endwith -%} 973#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 974 default: 975 /* Key is declared with a lifetime not known to us */ 976 return( status ); 977 } 978{% endwith %} 979} 980 981static inline psa_status_t psa_driver_wrapper_copy_key( 982 psa_key_attributes_t *attributes, 983 const uint8_t *source_key, size_t source_key_length, 984 uint8_t *target_key_buffer, size_t target_key_buffer_size, 985 size_t *target_key_buffer_length ) 986{ 987{% with entry_point = "copy_key" -%} 988{% macro entry_point_param(driver) -%} 989attributes, 990source_key, 991source_key_length, 992target_key_buffer, 993target_key_buffer_size, 994target_key_buffer_length 995{% endmacro %} 996 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 997 psa_key_location_t location = 998 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) ); 999 1000#if defined(MBEDTLS_PSA_CRYPTO_SE_C) 1001 const psa_drv_se_t *drv; 1002 psa_drv_se_context_t *drv_context; 1003 1004 if( psa_get_se_driver( psa_get_key_lifetime(attributes), &drv, &drv_context ) ) 1005 { 1006 /* Copying to a secure element is not implemented yet. */ 1007 return( PSA_ERROR_NOT_SUPPORTED ); 1008 } 1009#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ 1010 1011 switch( location ) 1012 { 1013#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 1014{% with nest_indent=8 %} 1015{% include "OS-template-opaque.jinja" -%} 1016{% endwith -%} 1017#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 1018 default: 1019 (void)source_key; 1020 (void)source_key_length; 1021 (void)target_key_buffer; 1022 (void)target_key_buffer_size; 1023 (void)target_key_buffer_length; 1024 status = PSA_ERROR_INVALID_ARGUMENT; 1025 } 1026 return( status ); 1027{% endwith %} 1028} 1029 1030/* 1031 * Cipher functions 1032 */ 1033static inline psa_status_t psa_driver_wrapper_cipher_encrypt( 1034 const psa_key_attributes_t *attributes, 1035 const uint8_t *key_buffer, 1036 size_t key_buffer_size, 1037 psa_algorithm_t alg, 1038 const uint8_t *iv, 1039 size_t iv_length, 1040 const uint8_t *input, 1041 size_t input_length, 1042 uint8_t *output, 1043 size_t output_size, 1044 size_t *output_length ) 1045{ 1046 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 1047 psa_key_location_t location = 1048 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) ); 1049 1050 switch( location ) 1051 { 1052 case PSA_KEY_LOCATION_LOCAL_STORAGE: 1053 /* Key is stored in the slot in export representation, so 1054 * cycle through all known transparent accelerators */ 1055#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 1056#if defined(PSA_CRYPTO_DRIVER_TEST) 1057 status = mbedtls_test_transparent_cipher_encrypt( attributes, 1058 key_buffer, 1059 key_buffer_size, 1060 alg, 1061 iv, 1062 iv_length, 1063 input, 1064 input_length, 1065 output, 1066 output_size, 1067 output_length ); 1068 /* Declared with fallback == true */ 1069 if( status != PSA_ERROR_NOT_SUPPORTED ) 1070 return( status ); 1071#endif /* PSA_CRYPTO_DRIVER_TEST */ 1072#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 1073 1074#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) 1075 return( mbedtls_psa_cipher_encrypt( attributes, 1076 key_buffer, 1077 key_buffer_size, 1078 alg, 1079 iv, 1080 iv_length, 1081 input, 1082 input_length, 1083 output, 1084 output_size, 1085 output_length ) ); 1086#else 1087 return( PSA_ERROR_NOT_SUPPORTED ); 1088#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */ 1089 1090 /* Add cases for opaque driver here */ 1091#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 1092#if defined(PSA_CRYPTO_DRIVER_TEST) 1093 case PSA_CRYPTO_TEST_DRIVER_LOCATION: 1094 return( mbedtls_test_opaque_cipher_encrypt( attributes, 1095 key_buffer, 1096 key_buffer_size, 1097 alg, 1098 iv, 1099 iv_length, 1100 input, 1101 input_length, 1102 output, 1103 output_size, 1104 output_length ) ); 1105#endif /* PSA_CRYPTO_DRIVER_TEST */ 1106#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 1107 1108 default: 1109 /* Key is declared with a lifetime not known to us */ 1110 (void)status; 1111 (void)key_buffer; 1112 (void)key_buffer_size; 1113 (void)alg; 1114 (void)iv; 1115 (void)iv_length; 1116 (void)input; 1117 (void)input_length; 1118 (void)output; 1119 (void)output_size; 1120 (void)output_length; 1121 return( PSA_ERROR_INVALID_ARGUMENT ); 1122 } 1123} 1124 1125static inline psa_status_t psa_driver_wrapper_cipher_decrypt( 1126 const psa_key_attributes_t *attributes, 1127 const uint8_t *key_buffer, 1128 size_t key_buffer_size, 1129 psa_algorithm_t alg, 1130 const uint8_t *input, 1131 size_t input_length, 1132 uint8_t *output, 1133 size_t output_size, 1134 size_t *output_length ) 1135{ 1136 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 1137 psa_key_location_t location = 1138 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) ); 1139 1140 switch( location ) 1141 { 1142 case PSA_KEY_LOCATION_LOCAL_STORAGE: 1143 /* Key is stored in the slot in export representation, so 1144 * cycle through all known transparent accelerators */ 1145#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 1146#if defined(PSA_CRYPTO_DRIVER_TEST) 1147 status = mbedtls_test_transparent_cipher_decrypt( attributes, 1148 key_buffer, 1149 key_buffer_size, 1150 alg, 1151 input, 1152 input_length, 1153 output, 1154 output_size, 1155 output_length ); 1156 /* Declared with fallback == true */ 1157 if( status != PSA_ERROR_NOT_SUPPORTED ) 1158 return( status ); 1159#endif /* PSA_CRYPTO_DRIVER_TEST */ 1160#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 1161 1162#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) 1163 return( mbedtls_psa_cipher_decrypt( attributes, 1164 key_buffer, 1165 key_buffer_size, 1166 alg, 1167 input, 1168 input_length, 1169 output, 1170 output_size, 1171 output_length ) ); 1172#else 1173 return( PSA_ERROR_NOT_SUPPORTED ); 1174#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */ 1175 1176 /* Add cases for opaque driver here */ 1177#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 1178#if defined(PSA_CRYPTO_DRIVER_TEST) 1179 case PSA_CRYPTO_TEST_DRIVER_LOCATION: 1180 return( mbedtls_test_opaque_cipher_decrypt( attributes, 1181 key_buffer, 1182 key_buffer_size, 1183 alg, 1184 input, 1185 input_length, 1186 output, 1187 output_size, 1188 output_length ) ); 1189#endif /* PSA_CRYPTO_DRIVER_TEST */ 1190#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 1191 1192 default: 1193 /* Key is declared with a lifetime not known to us */ 1194 (void)status; 1195 (void)key_buffer; 1196 (void)key_buffer_size; 1197 (void)alg; 1198 (void)input; 1199 (void)input_length; 1200 (void)output; 1201 (void)output_size; 1202 (void)output_length; 1203 return( PSA_ERROR_INVALID_ARGUMENT ); 1204 } 1205} 1206 1207static inline psa_status_t psa_driver_wrapper_cipher_encrypt_setup( 1208 psa_cipher_operation_t *operation, 1209 const psa_key_attributes_t *attributes, 1210 const uint8_t *key_buffer, size_t key_buffer_size, 1211 psa_algorithm_t alg ) 1212{ 1213 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 1214 psa_key_location_t location = 1215 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) ); 1216 1217 switch( location ) 1218 { 1219 case PSA_KEY_LOCATION_LOCAL_STORAGE: 1220 /* Key is stored in the slot in export representation, so 1221 * cycle through all known transparent accelerators */ 1222#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 1223#if defined(PSA_CRYPTO_DRIVER_TEST) 1224 status = mbedtls_test_transparent_cipher_encrypt_setup( 1225 &operation->ctx.transparent_test_driver_ctx, 1226 attributes, 1227 key_buffer, 1228 key_buffer_size, 1229 alg ); 1230 /* Declared with fallback == true */ 1231 if( status == PSA_SUCCESS ) 1232 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID; 1233 1234 if( status != PSA_ERROR_NOT_SUPPORTED ) 1235 return( status ); 1236#endif /* PSA_CRYPTO_DRIVER_TEST */ 1237#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 1238#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) 1239 /* Fell through, meaning no accelerator supports this operation */ 1240 status = mbedtls_psa_cipher_encrypt_setup( &operation->ctx.mbedtls_ctx, 1241 attributes, 1242 key_buffer, 1243 key_buffer_size, 1244 alg ); 1245 if( status == PSA_SUCCESS ) 1246 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; 1247 1248 if( status != PSA_ERROR_NOT_SUPPORTED ) 1249 return( status ); 1250#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */ 1251 return( PSA_ERROR_NOT_SUPPORTED ); 1252 1253 /* Add cases for opaque driver here */ 1254#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 1255#if defined(PSA_CRYPTO_DRIVER_TEST) 1256 case PSA_CRYPTO_TEST_DRIVER_LOCATION: 1257 status = mbedtls_test_opaque_cipher_encrypt_setup( 1258 &operation->ctx.opaque_test_driver_ctx, 1259 attributes, 1260 key_buffer, key_buffer_size, 1261 alg ); 1262 1263 if( status == PSA_SUCCESS ) 1264 operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID; 1265 1266 return( status ); 1267#endif /* PSA_CRYPTO_DRIVER_TEST */ 1268#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 1269 default: 1270 /* Key is declared with a lifetime not known to us */ 1271 (void)status; 1272 (void)operation; 1273 (void)key_buffer; 1274 (void)key_buffer_size; 1275 (void)alg; 1276 return( PSA_ERROR_INVALID_ARGUMENT ); 1277 } 1278} 1279 1280static inline psa_status_t psa_driver_wrapper_cipher_decrypt_setup( 1281 psa_cipher_operation_t *operation, 1282 const psa_key_attributes_t *attributes, 1283 const uint8_t *key_buffer, size_t key_buffer_size, 1284 psa_algorithm_t alg ) 1285{ 1286 psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; 1287 psa_key_location_t location = 1288 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) ); 1289 1290 switch( location ) 1291 { 1292 case PSA_KEY_LOCATION_LOCAL_STORAGE: 1293 /* Key is stored in the slot in export representation, so 1294 * cycle through all known transparent accelerators */ 1295#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 1296#if defined(PSA_CRYPTO_DRIVER_TEST) 1297 status = mbedtls_test_transparent_cipher_decrypt_setup( 1298 &operation->ctx.transparent_test_driver_ctx, 1299 attributes, 1300 key_buffer, 1301 key_buffer_size, 1302 alg ); 1303 /* Declared with fallback == true */ 1304 if( status == PSA_SUCCESS ) 1305 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID; 1306 1307 if( status != PSA_ERROR_NOT_SUPPORTED ) 1308 return( status ); 1309#endif /* PSA_CRYPTO_DRIVER_TEST */ 1310#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 1311#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) 1312 /* Fell through, meaning no accelerator supports this operation */ 1313 status = mbedtls_psa_cipher_decrypt_setup( &operation->ctx.mbedtls_ctx, 1314 attributes, 1315 key_buffer, 1316 key_buffer_size, 1317 alg ); 1318 if( status == PSA_SUCCESS ) 1319 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; 1320 1321 return( status ); 1322#else /* MBEDTLS_PSA_BUILTIN_CIPHER */ 1323 return( PSA_ERROR_NOT_SUPPORTED ); 1324#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */ 1325 1326 /* Add cases for opaque driver here */ 1327#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 1328#if defined(PSA_CRYPTO_DRIVER_TEST) 1329 case PSA_CRYPTO_TEST_DRIVER_LOCATION: 1330 status = mbedtls_test_opaque_cipher_decrypt_setup( 1331 &operation->ctx.opaque_test_driver_ctx, 1332 attributes, 1333 key_buffer, key_buffer_size, 1334 alg ); 1335 1336 if( status == PSA_SUCCESS ) 1337 operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID; 1338 1339 return( status ); 1340#endif /* PSA_CRYPTO_DRIVER_TEST */ 1341#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 1342 default: 1343 /* Key is declared with a lifetime not known to us */ 1344 (void)status; 1345 (void)operation; 1346 (void)key_buffer; 1347 (void)key_buffer_size; 1348 (void)alg; 1349 return( PSA_ERROR_INVALID_ARGUMENT ); 1350 } 1351} 1352 1353static inline psa_status_t psa_driver_wrapper_cipher_set_iv( 1354 psa_cipher_operation_t *operation, 1355 const uint8_t *iv, 1356 size_t iv_length ) 1357{ 1358 switch( operation->id ) 1359 { 1360#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) 1361 case PSA_CRYPTO_MBED_TLS_DRIVER_ID: 1362 return( mbedtls_psa_cipher_set_iv( &operation->ctx.mbedtls_ctx, 1363 iv, 1364 iv_length ) ); 1365#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */ 1366 1367#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 1368#if defined(PSA_CRYPTO_DRIVER_TEST) 1369 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: 1370 return( mbedtls_test_transparent_cipher_set_iv( 1371 &operation->ctx.transparent_test_driver_ctx, 1372 iv, iv_length ) ); 1373 1374 case MBEDTLS_TEST_OPAQUE_DRIVER_ID: 1375 return( mbedtls_test_opaque_cipher_set_iv( 1376 &operation->ctx.opaque_test_driver_ctx, 1377 iv, iv_length ) ); 1378#endif /* PSA_CRYPTO_DRIVER_TEST */ 1379#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 1380 } 1381 1382 (void)iv; 1383 (void)iv_length; 1384 1385 return( PSA_ERROR_INVALID_ARGUMENT ); 1386} 1387 1388static inline psa_status_t psa_driver_wrapper_cipher_update( 1389 psa_cipher_operation_t *operation, 1390 const uint8_t *input, 1391 size_t input_length, 1392 uint8_t *output, 1393 size_t output_size, 1394 size_t *output_length ) 1395{ 1396 switch( operation->id ) 1397 { 1398#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) 1399 case PSA_CRYPTO_MBED_TLS_DRIVER_ID: 1400 return( mbedtls_psa_cipher_update( &operation->ctx.mbedtls_ctx, 1401 input, 1402 input_length, 1403 output, 1404 output_size, 1405 output_length ) ); 1406#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */ 1407 1408#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 1409#if defined(PSA_CRYPTO_DRIVER_TEST) 1410 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: 1411 return( mbedtls_test_transparent_cipher_update( 1412 &operation->ctx.transparent_test_driver_ctx, 1413 input, input_length, 1414 output, output_size, output_length ) ); 1415 1416 case MBEDTLS_TEST_OPAQUE_DRIVER_ID: 1417 return( mbedtls_test_opaque_cipher_update( 1418 &operation->ctx.opaque_test_driver_ctx, 1419 input, input_length, 1420 output, output_size, output_length ) ); 1421#endif /* PSA_CRYPTO_DRIVER_TEST */ 1422#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 1423 } 1424 1425 (void)input; 1426 (void)input_length; 1427 (void)output; 1428 (void)output_size; 1429 (void)output_length; 1430 1431 return( PSA_ERROR_INVALID_ARGUMENT ); 1432} 1433 1434static inline psa_status_t psa_driver_wrapper_cipher_finish( 1435 psa_cipher_operation_t *operation, 1436 uint8_t *output, 1437 size_t output_size, 1438 size_t *output_length ) 1439{ 1440 switch( operation->id ) 1441 { 1442#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) 1443 case PSA_CRYPTO_MBED_TLS_DRIVER_ID: 1444 return( mbedtls_psa_cipher_finish( &operation->ctx.mbedtls_ctx, 1445 output, 1446 output_size, 1447 output_length ) ); 1448#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */ 1449 1450#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 1451#if defined(PSA_CRYPTO_DRIVER_TEST) 1452 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: 1453 return( mbedtls_test_transparent_cipher_finish( 1454 &operation->ctx.transparent_test_driver_ctx, 1455 output, output_size, output_length ) ); 1456 1457 case MBEDTLS_TEST_OPAQUE_DRIVER_ID: 1458 return( mbedtls_test_opaque_cipher_finish( 1459 &operation->ctx.opaque_test_driver_ctx, 1460 output, output_size, output_length ) ); 1461#endif /* PSA_CRYPTO_DRIVER_TEST */ 1462#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 1463 } 1464 1465 (void)output; 1466 (void)output_size; 1467 (void)output_length; 1468 1469 return( PSA_ERROR_INVALID_ARGUMENT ); 1470} 1471 1472static inline psa_status_t psa_driver_wrapper_cipher_abort( 1473 psa_cipher_operation_t *operation ) 1474{ 1475 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 1476 1477 switch( operation->id ) 1478 { 1479#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) 1480 case PSA_CRYPTO_MBED_TLS_DRIVER_ID: 1481 return( mbedtls_psa_cipher_abort( &operation->ctx.mbedtls_ctx ) ); 1482#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */ 1483 1484#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 1485#if defined(PSA_CRYPTO_DRIVER_TEST) 1486 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: 1487 status = mbedtls_test_transparent_cipher_abort( 1488 &operation->ctx.transparent_test_driver_ctx ); 1489 mbedtls_platform_zeroize( 1490 &operation->ctx.transparent_test_driver_ctx, 1491 sizeof( operation->ctx.transparent_test_driver_ctx ) ); 1492 return( status ); 1493 1494 case MBEDTLS_TEST_OPAQUE_DRIVER_ID: 1495 status = mbedtls_test_opaque_cipher_abort( 1496 &operation->ctx.opaque_test_driver_ctx ); 1497 mbedtls_platform_zeroize( 1498 &operation->ctx.opaque_test_driver_ctx, 1499 sizeof( operation->ctx.opaque_test_driver_ctx ) ); 1500 return( status ); 1501#endif /* PSA_CRYPTO_DRIVER_TEST */ 1502#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 1503 } 1504 1505 (void)status; 1506 return( PSA_ERROR_INVALID_ARGUMENT ); 1507} 1508 1509/* 1510 * Hashing functions 1511 */ 1512static inline psa_status_t psa_driver_wrapper_hash_compute( 1513 psa_algorithm_t alg, 1514 const uint8_t *input, 1515 size_t input_length, 1516 uint8_t *hash, 1517 size_t hash_size, 1518 size_t *hash_length) 1519{ 1520 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 1521 1522 /* Try accelerators first */ 1523#if defined(PSA_CRYPTO_DRIVER_TEST) 1524 status = mbedtls_test_transparent_hash_compute( 1525 alg, input, input_length, hash, hash_size, hash_length ); 1526 if( status != PSA_ERROR_NOT_SUPPORTED ) 1527 return( status ); 1528#endif 1529 1530 /* If software fallback is compiled in, try fallback */ 1531#if defined(MBEDTLS_PSA_BUILTIN_HASH) 1532 status = mbedtls_psa_hash_compute( alg, input, input_length, 1533 hash, hash_size, hash_length ); 1534 if( status != PSA_ERROR_NOT_SUPPORTED ) 1535 return( status ); 1536#endif 1537 (void) status; 1538 (void) alg; 1539 (void) input; 1540 (void) input_length; 1541 (void) hash; 1542 (void) hash_size; 1543 (void) hash_length; 1544 1545 return( PSA_ERROR_NOT_SUPPORTED ); 1546} 1547 1548static inline psa_status_t psa_driver_wrapper_hash_setup( 1549 psa_hash_operation_t *operation, 1550 psa_algorithm_t alg ) 1551{ 1552 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 1553 1554 /* Try setup on accelerators first */ 1555#if defined(PSA_CRYPTO_DRIVER_TEST) 1556 status = mbedtls_test_transparent_hash_setup( 1557 &operation->ctx.test_driver_ctx, alg ); 1558 if( status == PSA_SUCCESS ) 1559 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID; 1560 1561 if( status != PSA_ERROR_NOT_SUPPORTED ) 1562 return( status ); 1563#endif 1564 1565 /* If software fallback is compiled in, try fallback */ 1566#if defined(MBEDTLS_PSA_BUILTIN_HASH) 1567 status = mbedtls_psa_hash_setup( &operation->ctx.mbedtls_ctx, alg ); 1568 if( status == PSA_SUCCESS ) 1569 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; 1570 1571 if( status != PSA_ERROR_NOT_SUPPORTED ) 1572 return( status ); 1573#endif 1574 /* Nothing left to try if we fall through here */ 1575 (void) status; 1576 (void) operation; 1577 (void) alg; 1578 return( PSA_ERROR_NOT_SUPPORTED ); 1579} 1580 1581static inline psa_status_t psa_driver_wrapper_hash_clone( 1582 const psa_hash_operation_t *source_operation, 1583 psa_hash_operation_t *target_operation ) 1584{ 1585 switch( source_operation->id ) 1586 { 1587#if defined(MBEDTLS_PSA_BUILTIN_HASH) 1588 case PSA_CRYPTO_MBED_TLS_DRIVER_ID: 1589 target_operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; 1590 return( mbedtls_psa_hash_clone( &source_operation->ctx.mbedtls_ctx, 1591 &target_operation->ctx.mbedtls_ctx ) ); 1592#endif 1593#if defined(PSA_CRYPTO_DRIVER_TEST) 1594 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: 1595 target_operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID; 1596 return( mbedtls_test_transparent_hash_clone( 1597 &source_operation->ctx.test_driver_ctx, 1598 &target_operation->ctx.test_driver_ctx ) ); 1599#endif 1600 default: 1601 (void) target_operation; 1602 return( PSA_ERROR_BAD_STATE ); 1603 } 1604} 1605 1606static inline psa_status_t psa_driver_wrapper_hash_update( 1607 psa_hash_operation_t *operation, 1608 const uint8_t *input, 1609 size_t input_length ) 1610{ 1611 switch( operation->id ) 1612 { 1613#if defined(MBEDTLS_PSA_BUILTIN_HASH) 1614 case PSA_CRYPTO_MBED_TLS_DRIVER_ID: 1615 return( mbedtls_psa_hash_update( &operation->ctx.mbedtls_ctx, 1616 input, input_length ) ); 1617#endif 1618#if defined(PSA_CRYPTO_DRIVER_TEST) 1619 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: 1620 return( mbedtls_test_transparent_hash_update( 1621 &operation->ctx.test_driver_ctx, 1622 input, input_length ) ); 1623#endif 1624 default: 1625 (void) input; 1626 (void) input_length; 1627 return( PSA_ERROR_BAD_STATE ); 1628 } 1629} 1630 1631static inline psa_status_t psa_driver_wrapper_hash_finish( 1632 psa_hash_operation_t *operation, 1633 uint8_t *hash, 1634 size_t hash_size, 1635 size_t *hash_length ) 1636{ 1637 switch( operation->id ) 1638 { 1639#if defined(MBEDTLS_PSA_BUILTIN_HASH) 1640 case PSA_CRYPTO_MBED_TLS_DRIVER_ID: 1641 return( mbedtls_psa_hash_finish( &operation->ctx.mbedtls_ctx, 1642 hash, hash_size, hash_length ) ); 1643#endif 1644#if defined(PSA_CRYPTO_DRIVER_TEST) 1645 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: 1646 return( mbedtls_test_transparent_hash_finish( 1647 &operation->ctx.test_driver_ctx, 1648 hash, hash_size, hash_length ) ); 1649#endif 1650 default: 1651 (void) hash; 1652 (void) hash_size; 1653 (void) hash_length; 1654 return( PSA_ERROR_BAD_STATE ); 1655 } 1656} 1657 1658static inline psa_status_t psa_driver_wrapper_hash_abort( 1659 psa_hash_operation_t *operation ) 1660{ 1661 switch( operation->id ) 1662 { 1663#if defined(MBEDTLS_PSA_BUILTIN_HASH) 1664 case PSA_CRYPTO_MBED_TLS_DRIVER_ID: 1665 return( mbedtls_psa_hash_abort( &operation->ctx.mbedtls_ctx ) ); 1666#endif 1667#if defined(PSA_CRYPTO_DRIVER_TEST) 1668 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: 1669 return( mbedtls_test_transparent_hash_abort( 1670 &operation->ctx.test_driver_ctx ) ); 1671#endif 1672 default: 1673 return( PSA_ERROR_BAD_STATE ); 1674 } 1675} 1676 1677static inline psa_status_t psa_driver_wrapper_aead_encrypt( 1678 const psa_key_attributes_t *attributes, 1679 const uint8_t *key_buffer, size_t key_buffer_size, 1680 psa_algorithm_t alg, 1681 const uint8_t *nonce, size_t nonce_length, 1682 const uint8_t *additional_data, size_t additional_data_length, 1683 const uint8_t *plaintext, size_t plaintext_length, 1684 uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length ) 1685{ 1686 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 1687 psa_key_location_t location = 1688 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) ); 1689 1690 switch( location ) 1691 { 1692 case PSA_KEY_LOCATION_LOCAL_STORAGE: 1693 /* Key is stored in the slot in export representation, so 1694 * cycle through all known transparent accelerators */ 1695 1696#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 1697#if defined(PSA_CRYPTO_DRIVER_TEST) 1698 status = mbedtls_test_transparent_aead_encrypt( 1699 attributes, key_buffer, key_buffer_size, 1700 alg, 1701 nonce, nonce_length, 1702 additional_data, additional_data_length, 1703 plaintext, plaintext_length, 1704 ciphertext, ciphertext_size, ciphertext_length ); 1705 /* Declared with fallback == true */ 1706 if( status != PSA_ERROR_NOT_SUPPORTED ) 1707 return( status ); 1708#endif /* PSA_CRYPTO_DRIVER_TEST */ 1709#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 1710 1711 /* Fell through, meaning no accelerator supports this operation */ 1712 return( mbedtls_psa_aead_encrypt( 1713 attributes, key_buffer, key_buffer_size, 1714 alg, 1715 nonce, nonce_length, 1716 additional_data, additional_data_length, 1717 plaintext, plaintext_length, 1718 ciphertext, ciphertext_size, ciphertext_length ) ); 1719 1720 /* Add cases for opaque driver here */ 1721 1722 default: 1723 /* Key is declared with a lifetime not known to us */ 1724 (void)status; 1725 return( PSA_ERROR_INVALID_ARGUMENT ); 1726 } 1727} 1728 1729static inline psa_status_t psa_driver_wrapper_aead_decrypt( 1730 const psa_key_attributes_t *attributes, 1731 const uint8_t *key_buffer, size_t key_buffer_size, 1732 psa_algorithm_t alg, 1733 const uint8_t *nonce, size_t nonce_length, 1734 const uint8_t *additional_data, size_t additional_data_length, 1735 const uint8_t *ciphertext, size_t ciphertext_length, 1736 uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length ) 1737{ 1738 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 1739 psa_key_location_t location = 1740 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) ); 1741 1742 switch( location ) 1743 { 1744 case PSA_KEY_LOCATION_LOCAL_STORAGE: 1745 /* Key is stored in the slot in export representation, so 1746 * cycle through all known transparent accelerators */ 1747 1748#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 1749#if defined(PSA_CRYPTO_DRIVER_TEST) 1750 status = mbedtls_test_transparent_aead_decrypt( 1751 attributes, key_buffer, key_buffer_size, 1752 alg, 1753 nonce, nonce_length, 1754 additional_data, additional_data_length, 1755 ciphertext, ciphertext_length, 1756 plaintext, plaintext_size, plaintext_length ); 1757 /* Declared with fallback == true */ 1758 if( status != PSA_ERROR_NOT_SUPPORTED ) 1759 return( status ); 1760#endif /* PSA_CRYPTO_DRIVER_TEST */ 1761#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 1762 1763 /* Fell through, meaning no accelerator supports this operation */ 1764 return( mbedtls_psa_aead_decrypt( 1765 attributes, key_buffer, key_buffer_size, 1766 alg, 1767 nonce, nonce_length, 1768 additional_data, additional_data_length, 1769 ciphertext, ciphertext_length, 1770 plaintext, plaintext_size, plaintext_length ) ); 1771 1772 /* Add cases for opaque driver here */ 1773 1774 default: 1775 /* Key is declared with a lifetime not known to us */ 1776 (void)status; 1777 return( PSA_ERROR_INVALID_ARGUMENT ); 1778 } 1779} 1780 1781static inline psa_status_t psa_driver_wrapper_aead_encrypt_setup( 1782 psa_aead_operation_t *operation, 1783 const psa_key_attributes_t *attributes, 1784 const uint8_t *key_buffer, size_t key_buffer_size, 1785 psa_algorithm_t alg ) 1786{ 1787 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 1788 psa_key_location_t location = 1789 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) ); 1790 1791 switch( location ) 1792 { 1793 case PSA_KEY_LOCATION_LOCAL_STORAGE: 1794 /* Key is stored in the slot in export representation, so 1795 * cycle through all known transparent accelerators */ 1796 1797#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 1798#if defined(PSA_CRYPTO_DRIVER_TEST) 1799 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID; 1800 status = mbedtls_test_transparent_aead_encrypt_setup( 1801 &operation->ctx.transparent_test_driver_ctx, 1802 attributes, key_buffer, key_buffer_size, 1803 alg ); 1804 1805 /* Declared with fallback == true */ 1806 if( status != PSA_ERROR_NOT_SUPPORTED ) 1807 return( status ); 1808#endif /* PSA_CRYPTO_DRIVER_TEST */ 1809#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 1810 1811 /* Fell through, meaning no accelerator supports this operation */ 1812 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; 1813 status = mbedtls_psa_aead_encrypt_setup( 1814 &operation->ctx.mbedtls_ctx, attributes, 1815 key_buffer, key_buffer_size, 1816 alg ); 1817 1818 return( status ); 1819 1820 /* Add cases for opaque driver here */ 1821 1822 default: 1823 /* Key is declared with a lifetime not known to us */ 1824 (void)status; 1825 return( PSA_ERROR_INVALID_ARGUMENT ); 1826 } 1827} 1828 1829static inline psa_status_t psa_driver_wrapper_aead_decrypt_setup( 1830 psa_aead_operation_t *operation, 1831 const psa_key_attributes_t *attributes, 1832 const uint8_t *key_buffer, size_t key_buffer_size, 1833 psa_algorithm_t alg ) 1834{ 1835 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 1836 psa_key_location_t location = 1837 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) ); 1838 1839 switch( location ) 1840 { 1841 case PSA_KEY_LOCATION_LOCAL_STORAGE: 1842 /* Key is stored in the slot in export representation, so 1843 * cycle through all known transparent accelerators */ 1844 1845#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 1846#if defined(PSA_CRYPTO_DRIVER_TEST) 1847 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID; 1848 status = mbedtls_test_transparent_aead_decrypt_setup( 1849 &operation->ctx.transparent_test_driver_ctx, 1850 attributes, 1851 key_buffer, key_buffer_size, 1852 alg ); 1853 1854 /* Declared with fallback == true */ 1855 if( status != PSA_ERROR_NOT_SUPPORTED ) 1856 return( status ); 1857#endif /* PSA_CRYPTO_DRIVER_TEST */ 1858#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 1859 1860 /* Fell through, meaning no accelerator supports this operation */ 1861 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; 1862 status = mbedtls_psa_aead_decrypt_setup( 1863 &operation->ctx.mbedtls_ctx, 1864 attributes, 1865 key_buffer, key_buffer_size, 1866 alg ); 1867 1868 return( status ); 1869 1870 /* Add cases for opaque driver here */ 1871 1872 default: 1873 /* Key is declared with a lifetime not known to us */ 1874 (void)status; 1875 return( PSA_ERROR_INVALID_ARGUMENT ); 1876 } 1877} 1878 1879static inline psa_status_t psa_driver_wrapper_aead_set_nonce( 1880 psa_aead_operation_t *operation, 1881 const uint8_t *nonce, 1882 size_t nonce_length ) 1883{ 1884 switch( operation->id ) 1885 { 1886#if defined(MBEDTLS_PSA_BUILTIN_AEAD) 1887 case PSA_CRYPTO_MBED_TLS_DRIVER_ID: 1888 return( mbedtls_psa_aead_set_nonce( &operation->ctx.mbedtls_ctx, 1889 nonce, 1890 nonce_length ) ); 1891 1892#endif /* MBEDTLS_PSA_BUILTIN_AEAD */ 1893 1894#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 1895#if defined(PSA_CRYPTO_DRIVER_TEST) 1896 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: 1897 return( mbedtls_test_transparent_aead_set_nonce( 1898 &operation->ctx.transparent_test_driver_ctx, 1899 nonce, nonce_length ) ); 1900 1901 /* Add cases for opaque driver here */ 1902 1903#endif /* PSA_CRYPTO_DRIVER_TEST */ 1904#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 1905 } 1906 1907 (void)nonce; 1908 (void)nonce_length; 1909 1910 return( PSA_ERROR_INVALID_ARGUMENT ); 1911} 1912 1913static inline psa_status_t psa_driver_wrapper_aead_set_lengths( 1914 psa_aead_operation_t *operation, 1915 size_t ad_length, 1916 size_t plaintext_length ) 1917{ 1918 switch( operation->id ) 1919 { 1920#if defined(MBEDTLS_PSA_BUILTIN_AEAD) 1921 case PSA_CRYPTO_MBED_TLS_DRIVER_ID: 1922 return( mbedtls_psa_aead_set_lengths( &operation->ctx.mbedtls_ctx, 1923 ad_length, 1924 plaintext_length ) ); 1925 1926#endif /* MBEDTLS_PSA_BUILTIN_AEAD */ 1927 1928#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 1929#if defined(PSA_CRYPTO_DRIVER_TEST) 1930 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: 1931 return( mbedtls_test_transparent_aead_set_lengths( 1932 &operation->ctx.transparent_test_driver_ctx, 1933 ad_length, plaintext_length ) ); 1934 1935 /* Add cases for opaque driver here */ 1936 1937#endif /* PSA_CRYPTO_DRIVER_TEST */ 1938#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 1939 } 1940 1941 (void)ad_length; 1942 (void)plaintext_length; 1943 1944 return( PSA_ERROR_INVALID_ARGUMENT ); 1945} 1946 1947static inline psa_status_t psa_driver_wrapper_aead_update_ad( 1948 psa_aead_operation_t *operation, 1949 const uint8_t *input, 1950 size_t input_length ) 1951{ 1952 switch( operation->id ) 1953 { 1954#if defined(MBEDTLS_PSA_BUILTIN_AEAD) 1955 case PSA_CRYPTO_MBED_TLS_DRIVER_ID: 1956 return( mbedtls_psa_aead_update_ad( &operation->ctx.mbedtls_ctx, 1957 input, 1958 input_length ) ); 1959 1960#endif /* MBEDTLS_PSA_BUILTIN_AEAD */ 1961 1962#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 1963#if defined(PSA_CRYPTO_DRIVER_TEST) 1964 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: 1965 return( mbedtls_test_transparent_aead_update_ad( 1966 &operation->ctx.transparent_test_driver_ctx, 1967 input, input_length ) ); 1968 1969 /* Add cases for opaque driver here */ 1970 1971#endif /* PSA_CRYPTO_DRIVER_TEST */ 1972#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 1973 } 1974 1975 (void)input; 1976 (void)input_length; 1977 1978 return( PSA_ERROR_INVALID_ARGUMENT ); 1979} 1980 1981static inline psa_status_t psa_driver_wrapper_aead_update( 1982 psa_aead_operation_t *operation, 1983 const uint8_t *input, 1984 size_t input_length, 1985 uint8_t *output, 1986 size_t output_size, 1987 size_t *output_length ) 1988{ 1989 switch( operation->id ) 1990 { 1991#if defined(MBEDTLS_PSA_BUILTIN_AEAD) 1992 case PSA_CRYPTO_MBED_TLS_DRIVER_ID: 1993 return( mbedtls_psa_aead_update( &operation->ctx.mbedtls_ctx, 1994 input, input_length, 1995 output, output_size, 1996 output_length ) ); 1997 1998#endif /* MBEDTLS_PSA_BUILTIN_AEAD */ 1999 2000#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 2001#if defined(PSA_CRYPTO_DRIVER_TEST) 2002 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: 2003 return( mbedtls_test_transparent_aead_update( 2004 &operation->ctx.transparent_test_driver_ctx, 2005 input, input_length, output, output_size, 2006 output_length ) ); 2007 2008 /* Add cases for opaque driver here */ 2009 2010#endif /* PSA_CRYPTO_DRIVER_TEST */ 2011#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 2012 } 2013 2014 (void)input; 2015 (void)input_length; 2016 (void)output; 2017 (void)output_size; 2018 (void)output_length; 2019 2020 return( PSA_ERROR_INVALID_ARGUMENT ); 2021} 2022 2023static inline psa_status_t psa_driver_wrapper_aead_finish( 2024 psa_aead_operation_t *operation, 2025 uint8_t *ciphertext, 2026 size_t ciphertext_size, 2027 size_t *ciphertext_length, 2028 uint8_t *tag, 2029 size_t tag_size, 2030 size_t *tag_length ) 2031{ 2032 switch( operation->id ) 2033 { 2034#if defined(MBEDTLS_PSA_BUILTIN_AEAD) 2035 case PSA_CRYPTO_MBED_TLS_DRIVER_ID: 2036 return( mbedtls_psa_aead_finish( &operation->ctx.mbedtls_ctx, 2037 ciphertext, 2038 ciphertext_size, 2039 ciphertext_length, tag, 2040 tag_size, tag_length ) ); 2041 2042#endif /* MBEDTLS_PSA_BUILTIN_AEAD */ 2043 2044#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 2045#if defined(PSA_CRYPTO_DRIVER_TEST) 2046 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: 2047 return( mbedtls_test_transparent_aead_finish( 2048 &operation->ctx.transparent_test_driver_ctx, 2049 ciphertext, ciphertext_size, 2050 ciphertext_length, tag, tag_size, tag_length ) ); 2051 2052 /* Add cases for opaque driver here */ 2053 2054#endif /* PSA_CRYPTO_DRIVER_TEST */ 2055#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 2056 } 2057 2058 (void)ciphertext; 2059 (void)ciphertext_size; 2060 (void)ciphertext_length; 2061 (void)tag; 2062 (void)tag_size; 2063 (void)tag_length; 2064 2065 return( PSA_ERROR_INVALID_ARGUMENT ); 2066} 2067 2068static inline psa_status_t psa_driver_wrapper_aead_verify( 2069 psa_aead_operation_t *operation, 2070 uint8_t *plaintext, 2071 size_t plaintext_size, 2072 size_t *plaintext_length, 2073 const uint8_t *tag, 2074 size_t tag_length ) 2075{ 2076 switch( operation->id ) 2077 { 2078#if defined(MBEDTLS_PSA_BUILTIN_AEAD) 2079 case PSA_CRYPTO_MBED_TLS_DRIVER_ID: 2080 { 2081 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 2082 uint8_t check_tag[PSA_AEAD_TAG_MAX_SIZE]; 2083 size_t check_tag_length; 2084 2085 status = mbedtls_psa_aead_finish( &operation->ctx.mbedtls_ctx, 2086 plaintext, 2087 plaintext_size, 2088 plaintext_length, 2089 check_tag, 2090 sizeof( check_tag ), 2091 &check_tag_length ); 2092 2093 if( status == PSA_SUCCESS ) 2094 { 2095 if( tag_length != check_tag_length || 2096 mbedtls_ct_memcmp( tag, check_tag, tag_length ) 2097 != 0 ) 2098 status = PSA_ERROR_INVALID_SIGNATURE; 2099 } 2100 2101 mbedtls_platform_zeroize( check_tag, sizeof( check_tag ) ); 2102 2103 return( status ); 2104 } 2105 2106#endif /* MBEDTLS_PSA_BUILTIN_AEAD */ 2107 2108#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 2109#if defined(PSA_CRYPTO_DRIVER_TEST) 2110 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: 2111 return( mbedtls_test_transparent_aead_verify( 2112 &operation->ctx.transparent_test_driver_ctx, 2113 plaintext, plaintext_size, 2114 plaintext_length, tag, tag_length ) ); 2115 2116 /* Add cases for opaque driver here */ 2117 2118#endif /* PSA_CRYPTO_DRIVER_TEST */ 2119#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 2120 } 2121 2122 (void)plaintext; 2123 (void)plaintext_size; 2124 (void)plaintext_length; 2125 (void)tag; 2126 (void)tag_length; 2127 2128 return( PSA_ERROR_INVALID_ARGUMENT ); 2129} 2130 2131static inline psa_status_t psa_driver_wrapper_aead_abort( 2132 psa_aead_operation_t *operation ) 2133{ 2134 switch( operation->id ) 2135 { 2136#if defined(MBEDTLS_PSA_BUILTIN_AEAD) 2137 case PSA_CRYPTO_MBED_TLS_DRIVER_ID: 2138 return( mbedtls_psa_aead_abort( &operation->ctx.mbedtls_ctx ) ); 2139 2140#endif /* MBEDTLS_PSA_BUILTIN_AEAD */ 2141 2142#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 2143#if defined(PSA_CRYPTO_DRIVER_TEST) 2144 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: 2145 return( mbedtls_test_transparent_aead_abort( 2146 &operation->ctx.transparent_test_driver_ctx ) ); 2147 2148 /* Add cases for opaque driver here */ 2149 2150#endif /* PSA_CRYPTO_DRIVER_TEST */ 2151#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 2152 } 2153 2154 return( PSA_ERROR_INVALID_ARGUMENT ); 2155} 2156 2157/* 2158 * MAC functions 2159 */ 2160static inline psa_status_t psa_driver_wrapper_mac_compute( 2161 const psa_key_attributes_t *attributes, 2162 const uint8_t *key_buffer, 2163 size_t key_buffer_size, 2164 psa_algorithm_t alg, 2165 const uint8_t *input, 2166 size_t input_length, 2167 uint8_t *mac, 2168 size_t mac_size, 2169 size_t *mac_length ) 2170{ 2171 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 2172 psa_key_location_t location = 2173 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) ); 2174 2175 switch( location ) 2176 { 2177 case PSA_KEY_LOCATION_LOCAL_STORAGE: 2178 /* Key is stored in the slot in export representation, so 2179 * cycle through all known transparent accelerators */ 2180#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 2181#if defined(PSA_CRYPTO_DRIVER_TEST) 2182 status = mbedtls_test_transparent_mac_compute( 2183 attributes, key_buffer, key_buffer_size, alg, 2184 input, input_length, 2185 mac, mac_size, mac_length ); 2186 /* Declared with fallback == true */ 2187 if( status != PSA_ERROR_NOT_SUPPORTED ) 2188 return( status ); 2189#endif /* PSA_CRYPTO_DRIVER_TEST */ 2190#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 2191#if defined(MBEDTLS_PSA_BUILTIN_MAC) 2192 /* Fell through, meaning no accelerator supports this operation */ 2193 status = mbedtls_psa_mac_compute( 2194 attributes, key_buffer, key_buffer_size, alg, 2195 input, input_length, 2196 mac, mac_size, mac_length ); 2197 if( status != PSA_ERROR_NOT_SUPPORTED ) 2198 return( status ); 2199#endif /* MBEDTLS_PSA_BUILTIN_MAC */ 2200 return( PSA_ERROR_NOT_SUPPORTED ); 2201 2202 /* Add cases for opaque driver here */ 2203#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 2204#if defined(PSA_CRYPTO_DRIVER_TEST) 2205 case PSA_CRYPTO_TEST_DRIVER_LOCATION: 2206 status = mbedtls_test_opaque_mac_compute( 2207 attributes, key_buffer, key_buffer_size, alg, 2208 input, input_length, 2209 mac, mac_size, mac_length ); 2210 return( status ); 2211#endif /* PSA_CRYPTO_DRIVER_TEST */ 2212#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 2213 default: 2214 /* Key is declared with a lifetime not known to us */ 2215 (void) key_buffer; 2216 (void) key_buffer_size; 2217 (void) alg; 2218 (void) input; 2219 (void) input_length; 2220 (void) mac; 2221 (void) mac_size; 2222 (void) mac_length; 2223 (void) status; 2224 return( PSA_ERROR_INVALID_ARGUMENT ); 2225 } 2226} 2227 2228static inline psa_status_t psa_driver_wrapper_mac_sign_setup( 2229 psa_mac_operation_t *operation, 2230 const psa_key_attributes_t *attributes, 2231 const uint8_t *key_buffer, 2232 size_t key_buffer_size, 2233 psa_algorithm_t alg ) 2234{ 2235 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 2236 psa_key_location_t location = 2237 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) ); 2238 2239 switch( location ) 2240 { 2241 case PSA_KEY_LOCATION_LOCAL_STORAGE: 2242 /* Key is stored in the slot in export representation, so 2243 * cycle through all known transparent accelerators */ 2244#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 2245#if defined(PSA_CRYPTO_DRIVER_TEST) 2246 status = mbedtls_test_transparent_mac_sign_setup( 2247 &operation->ctx.transparent_test_driver_ctx, 2248 attributes, 2249 key_buffer, key_buffer_size, 2250 alg ); 2251 /* Declared with fallback == true */ 2252 if( status == PSA_SUCCESS ) 2253 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID; 2254 2255 if( status != PSA_ERROR_NOT_SUPPORTED ) 2256 return( status ); 2257#endif /* PSA_CRYPTO_DRIVER_TEST */ 2258#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 2259#if defined(MBEDTLS_PSA_BUILTIN_MAC) 2260 /* Fell through, meaning no accelerator supports this operation */ 2261 status = mbedtls_psa_mac_sign_setup( &operation->ctx.mbedtls_ctx, 2262 attributes, 2263 key_buffer, key_buffer_size, 2264 alg ); 2265 if( status == PSA_SUCCESS ) 2266 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; 2267 2268 if( status != PSA_ERROR_NOT_SUPPORTED ) 2269 return( status ); 2270#endif /* MBEDTLS_PSA_BUILTIN_MAC */ 2271 return( PSA_ERROR_NOT_SUPPORTED ); 2272 2273 /* Add cases for opaque driver here */ 2274#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 2275#if defined(PSA_CRYPTO_DRIVER_TEST) 2276 case PSA_CRYPTO_TEST_DRIVER_LOCATION: 2277 status = mbedtls_test_opaque_mac_sign_setup( 2278 &operation->ctx.opaque_test_driver_ctx, 2279 attributes, 2280 key_buffer, key_buffer_size, 2281 alg ); 2282 2283 if( status == PSA_SUCCESS ) 2284 operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID; 2285 2286 return( status ); 2287#endif /* PSA_CRYPTO_DRIVER_TEST */ 2288#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 2289 default: 2290 /* Key is declared with a lifetime not known to us */ 2291 (void) status; 2292 (void) operation; 2293 (void) key_buffer; 2294 (void) key_buffer_size; 2295 (void) alg; 2296 return( PSA_ERROR_INVALID_ARGUMENT ); 2297 } 2298} 2299 2300static inline psa_status_t psa_driver_wrapper_mac_verify_setup( 2301 psa_mac_operation_t *operation, 2302 const psa_key_attributes_t *attributes, 2303 const uint8_t *key_buffer, 2304 size_t key_buffer_size, 2305 psa_algorithm_t alg ) 2306{ 2307 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 2308 psa_key_location_t location = 2309 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) ); 2310 2311 switch( location ) 2312 { 2313 case PSA_KEY_LOCATION_LOCAL_STORAGE: 2314 /* Key is stored in the slot in export representation, so 2315 * cycle through all known transparent accelerators */ 2316#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 2317#if defined(PSA_CRYPTO_DRIVER_TEST) 2318 status = mbedtls_test_transparent_mac_verify_setup( 2319 &operation->ctx.transparent_test_driver_ctx, 2320 attributes, 2321 key_buffer, key_buffer_size, 2322 alg ); 2323 /* Declared with fallback == true */ 2324 if( status == PSA_SUCCESS ) 2325 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID; 2326 2327 if( status != PSA_ERROR_NOT_SUPPORTED ) 2328 return( status ); 2329#endif /* PSA_CRYPTO_DRIVER_TEST */ 2330#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 2331#if defined(MBEDTLS_PSA_BUILTIN_MAC) 2332 /* Fell through, meaning no accelerator supports this operation */ 2333 status = mbedtls_psa_mac_verify_setup( &operation->ctx.mbedtls_ctx, 2334 attributes, 2335 key_buffer, key_buffer_size, 2336 alg ); 2337 if( status == PSA_SUCCESS ) 2338 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; 2339 2340 if( status != PSA_ERROR_NOT_SUPPORTED ) 2341 return( status ); 2342#endif /* MBEDTLS_PSA_BUILTIN_MAC */ 2343 return( PSA_ERROR_NOT_SUPPORTED ); 2344 2345 /* Add cases for opaque driver here */ 2346#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 2347#if defined(PSA_CRYPTO_DRIVER_TEST) 2348 case PSA_CRYPTO_TEST_DRIVER_LOCATION: 2349 status = mbedtls_test_opaque_mac_verify_setup( 2350 &operation->ctx.opaque_test_driver_ctx, 2351 attributes, 2352 key_buffer, key_buffer_size, 2353 alg ); 2354 2355 if( status == PSA_SUCCESS ) 2356 operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID; 2357 2358 return( status ); 2359#endif /* PSA_CRYPTO_DRIVER_TEST */ 2360#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 2361 default: 2362 /* Key is declared with a lifetime not known to us */ 2363 (void) status; 2364 (void) operation; 2365 (void) key_buffer; 2366 (void) key_buffer_size; 2367 (void) alg; 2368 return( PSA_ERROR_INVALID_ARGUMENT ); 2369 } 2370} 2371 2372static inline psa_status_t psa_driver_wrapper_mac_update( 2373 psa_mac_operation_t *operation, 2374 const uint8_t *input, 2375 size_t input_length ) 2376{ 2377 switch( operation->id ) 2378 { 2379#if defined(MBEDTLS_PSA_BUILTIN_MAC) 2380 case PSA_CRYPTO_MBED_TLS_DRIVER_ID: 2381 return( mbedtls_psa_mac_update( &operation->ctx.mbedtls_ctx, 2382 input, input_length ) ); 2383#endif /* MBEDTLS_PSA_BUILTIN_MAC */ 2384 2385#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 2386#if defined(PSA_CRYPTO_DRIVER_TEST) 2387 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: 2388 return( mbedtls_test_transparent_mac_update( 2389 &operation->ctx.transparent_test_driver_ctx, 2390 input, input_length ) ); 2391 2392 case MBEDTLS_TEST_OPAQUE_DRIVER_ID: 2393 return( mbedtls_test_opaque_mac_update( 2394 &operation->ctx.opaque_test_driver_ctx, 2395 input, input_length ) ); 2396#endif /* PSA_CRYPTO_DRIVER_TEST */ 2397#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 2398 default: 2399 (void) input; 2400 (void) input_length; 2401 return( PSA_ERROR_INVALID_ARGUMENT ); 2402 } 2403} 2404 2405static inline psa_status_t psa_driver_wrapper_mac_sign_finish( 2406 psa_mac_operation_t *operation, 2407 uint8_t *mac, 2408 size_t mac_size, 2409 size_t *mac_length ) 2410{ 2411 switch( operation->id ) 2412 { 2413#if defined(MBEDTLS_PSA_BUILTIN_MAC) 2414 case PSA_CRYPTO_MBED_TLS_DRIVER_ID: 2415 return( mbedtls_psa_mac_sign_finish( &operation->ctx.mbedtls_ctx, 2416 mac, mac_size, mac_length ) ); 2417#endif /* MBEDTLS_PSA_BUILTIN_MAC */ 2418 2419#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 2420#if defined(PSA_CRYPTO_DRIVER_TEST) 2421 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: 2422 return( mbedtls_test_transparent_mac_sign_finish( 2423 &operation->ctx.transparent_test_driver_ctx, 2424 mac, mac_size, mac_length ) ); 2425 2426 case MBEDTLS_TEST_OPAQUE_DRIVER_ID: 2427 return( mbedtls_test_opaque_mac_sign_finish( 2428 &operation->ctx.opaque_test_driver_ctx, 2429 mac, mac_size, mac_length ) ); 2430#endif /* PSA_CRYPTO_DRIVER_TEST */ 2431#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 2432 default: 2433 (void) mac; 2434 (void) mac_size; 2435 (void) mac_length; 2436 return( PSA_ERROR_INVALID_ARGUMENT ); 2437 } 2438} 2439 2440static inline psa_status_t psa_driver_wrapper_mac_verify_finish( 2441 psa_mac_operation_t *operation, 2442 const uint8_t *mac, 2443 size_t mac_length ) 2444{ 2445 switch( operation->id ) 2446 { 2447#if defined(MBEDTLS_PSA_BUILTIN_MAC) 2448 case PSA_CRYPTO_MBED_TLS_DRIVER_ID: 2449 return( mbedtls_psa_mac_verify_finish( &operation->ctx.mbedtls_ctx, 2450 mac, mac_length ) ); 2451#endif /* MBEDTLS_PSA_BUILTIN_MAC */ 2452 2453#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 2454#if defined(PSA_CRYPTO_DRIVER_TEST) 2455 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: 2456 return( mbedtls_test_transparent_mac_verify_finish( 2457 &operation->ctx.transparent_test_driver_ctx, 2458 mac, mac_length ) ); 2459 2460 case MBEDTLS_TEST_OPAQUE_DRIVER_ID: 2461 return( mbedtls_test_opaque_mac_verify_finish( 2462 &operation->ctx.opaque_test_driver_ctx, 2463 mac, mac_length ) ); 2464#endif /* PSA_CRYPTO_DRIVER_TEST */ 2465#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 2466 default: 2467 (void) mac; 2468 (void) mac_length; 2469 return( PSA_ERROR_INVALID_ARGUMENT ); 2470 } 2471} 2472 2473static inline psa_status_t psa_driver_wrapper_mac_abort( 2474 psa_mac_operation_t *operation ) 2475{ 2476 switch( operation->id ) 2477 { 2478#if defined(MBEDTLS_PSA_BUILTIN_MAC) 2479 case PSA_CRYPTO_MBED_TLS_DRIVER_ID: 2480 return( mbedtls_psa_mac_abort( &operation->ctx.mbedtls_ctx ) ); 2481#endif /* MBEDTLS_PSA_BUILTIN_MAC */ 2482 2483#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 2484#if defined(PSA_CRYPTO_DRIVER_TEST) 2485 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: 2486 return( mbedtls_test_transparent_mac_abort( 2487 &operation->ctx.transparent_test_driver_ctx ) ); 2488 case MBEDTLS_TEST_OPAQUE_DRIVER_ID: 2489 return( mbedtls_test_opaque_mac_abort( 2490 &operation->ctx.opaque_test_driver_ctx ) ); 2491#endif /* PSA_CRYPTO_DRIVER_TEST */ 2492#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 2493 default: 2494 return( PSA_ERROR_INVALID_ARGUMENT ); 2495 } 2496} 2497 2498/* 2499 * Asymmetric cryptography 2500 */ 2501static inline psa_status_t psa_driver_wrapper_asymmetric_encrypt( 2502 const psa_key_attributes_t *attributes, const uint8_t *key_buffer, 2503 size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input, 2504 size_t input_length, const uint8_t *salt, size_t salt_length, 2505 uint8_t *output, size_t output_size, size_t *output_length ) 2506{ 2507 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 2508 psa_key_location_t location = 2509 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) ); 2510 2511 switch( location ) 2512 { 2513 case PSA_KEY_LOCATION_LOCAL_STORAGE: 2514 /* Key is stored in the slot in export representation, so 2515 * cycle through all known transparent accelerators */ 2516#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 2517#if defined(PSA_CRYPTO_DRIVER_TEST) 2518 status = mbedtls_test_transparent_asymmetric_encrypt( attributes, 2519 key_buffer, key_buffer_size, alg, input, input_length, 2520 salt, salt_length, output, output_size, 2521 output_length ); 2522 /* Declared with fallback == true */ 2523 if( status != PSA_ERROR_NOT_SUPPORTED ) 2524 return( status ); 2525#endif /* PSA_CRYPTO_DRIVER_TEST */ 2526#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 2527 return( mbedtls_psa_asymmetric_encrypt( attributes, 2528 key_buffer, key_buffer_size, alg, input, input_length, 2529 salt, salt_length, output, output_size, output_length ) 2530 ); 2531 /* Add cases for opaque driver here */ 2532#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 2533#if defined(PSA_CRYPTO_DRIVER_TEST) 2534 case PSA_CRYPTO_TEST_DRIVER_LOCATION: 2535 return( mbedtls_test_opaque_asymmetric_encrypt( attributes, 2536 key_buffer, key_buffer_size, alg, input, input_length, 2537 salt, salt_length, output, output_size, output_length ) 2538 ); 2539#endif /* PSA_CRYPTO_DRIVER_TEST */ 2540#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 2541 2542 default: 2543 /* Key is declared with a lifetime not known to us */ 2544 (void)status; 2545 (void)key_buffer; 2546 (void)key_buffer_size; 2547 (void)alg; 2548 (void)input; 2549 (void)input_length; 2550 (void)salt; 2551 (void)salt_length; 2552 (void)output; 2553 (void)output_size; 2554 (void)output_length; 2555 return( PSA_ERROR_INVALID_ARGUMENT ); 2556 } 2557} 2558 2559static inline psa_status_t psa_driver_wrapper_asymmetric_decrypt( 2560 const psa_key_attributes_t *attributes, const uint8_t *key_buffer, 2561 size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input, 2562 size_t input_length, const uint8_t *salt, size_t salt_length, 2563 uint8_t *output, size_t output_size, size_t *output_length ) 2564{ 2565 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 2566 psa_key_location_t location = 2567 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) ); 2568 2569 switch( location ) 2570 { 2571 case PSA_KEY_LOCATION_LOCAL_STORAGE: 2572 /* Key is stored in the slot in export representation, so 2573 * cycle through all known transparent accelerators */ 2574#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 2575#if defined(PSA_CRYPTO_DRIVER_TEST) 2576 status = mbedtls_test_transparent_asymmetric_decrypt( attributes, 2577 key_buffer, key_buffer_size, alg, input, input_length, 2578 salt, salt_length, output, output_size, 2579 output_length ); 2580 /* Declared with fallback == true */ 2581 if( status != PSA_ERROR_NOT_SUPPORTED ) 2582 return( status ); 2583#endif /* PSA_CRYPTO_DRIVER_TEST */ 2584#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 2585 return( mbedtls_psa_asymmetric_decrypt( attributes, 2586 key_buffer, key_buffer_size, alg,input, input_length, 2587 salt, salt_length, output, output_size, 2588 output_length ) ); 2589 /* Add cases for opaque driver here */ 2590#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 2591#if defined(PSA_CRYPTO_DRIVER_TEST) 2592 case PSA_CRYPTO_TEST_DRIVER_LOCATION: 2593 return( mbedtls_test_opaque_asymmetric_decrypt( attributes, 2594 key_buffer, key_buffer_size, alg, input, input_length, 2595 salt, salt_length, output, output_size, 2596 output_length ) ); 2597#endif /* PSA_CRYPTO_DRIVER_TEST */ 2598#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 2599 2600 default: 2601 /* Key is declared with a lifetime not known to us */ 2602 (void)status; 2603 (void)key_buffer; 2604 (void)key_buffer_size; 2605 (void)alg; 2606 (void)input; 2607 (void)input_length; 2608 (void)salt; 2609 (void)salt_length; 2610 (void)output; 2611 (void)output_size; 2612 (void)output_length; 2613 return( PSA_ERROR_INVALID_ARGUMENT ); 2614 } 2615} 2616 2617static inline psa_status_t psa_driver_wrapper_key_agreement( 2618 const psa_key_attributes_t *attributes, 2619 const uint8_t *key_buffer, 2620 size_t key_buffer_size, 2621 psa_algorithm_t alg, 2622 const uint8_t *peer_key, 2623 size_t peer_key_length, 2624 uint8_t *shared_secret, 2625 size_t shared_secret_size, 2626 size_t *shared_secret_length 2627 ) 2628{ 2629 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 2630 psa_key_location_t location = 2631 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) ); 2632 2633 switch( location ) 2634 { 2635 case PSA_KEY_LOCATION_LOCAL_STORAGE: 2636 /* Key is stored in the slot in export representation, so 2637 * cycle through all known transparent accelerators */ 2638#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 2639#if defined(PSA_CRYPTO_DRIVER_TEST) 2640 status = 2641 mbedtls_test_transparent_key_agreement( attributes, 2642 key_buffer, key_buffer_size, alg, peer_key, 2643 peer_key_length, shared_secret, shared_secret_size, 2644 shared_secret_length ); 2645 if( status != PSA_ERROR_NOT_SUPPORTED ) 2646 return( status ); 2647#endif /* PSA_CRYPTO_DRIVER_TEST */ 2648#if defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED) 2649 if( PSA_KEY_TYPE_IS_ECC( psa_get_key_type(attributes) ) && 2650 PSA_ALG_IS_ECDH(alg) && 2651 PSA_KEY_TYPE_ECC_GET_FAMILY(psa_get_key_type(attributes)) == PSA_ECC_FAMILY_SECP_R1 && 2652 psa_get_key_bits(attributes) == 256 ) 2653 { 2654 status = p256_transparent_key_agreement( attributes, 2655 key_buffer, 2656 key_buffer_size, 2657 alg, 2658 peer_key, 2659 peer_key_length, 2660 shared_secret, 2661 shared_secret_size, 2662 shared_secret_length ); 2663 if( status != PSA_ERROR_NOT_SUPPORTED) 2664 return( status ); 2665 } 2666#endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */ 2667#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 2668 2669 /* Software Fallback */ 2670 status = psa_key_agreement_raw_builtin( attributes, 2671 key_buffer, 2672 key_buffer_size, 2673 alg, 2674 peer_key, 2675 peer_key_length, 2676 shared_secret, 2677 shared_secret_size, 2678 shared_secret_length ); 2679 return( status ); 2680#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 2681#if defined(PSA_CRYPTO_DRIVER_TEST) 2682 case PSA_CRYPTO_TEST_DRIVER_LOCATION: 2683 return( mbedtls_test_opaque_key_agreement( attributes, 2684 key_buffer, key_buffer_size, alg, peer_key, 2685 peer_key_length, shared_secret, shared_secret_size, 2686 shared_secret_length ) ); 2687#endif /* PSA_CRYPTO_DRIVER_TEST */ 2688#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 2689 2690 default: 2691 (void) attributes; 2692 (void) key_buffer; 2693 (void) key_buffer_size; 2694 (void) peer_key; 2695 (void) peer_key_length; 2696 (void) shared_secret; 2697 (void) shared_secret_size; 2698 (void) shared_secret_length; 2699 return( PSA_ERROR_NOT_SUPPORTED ); 2700 2701 } 2702} 2703 2704static inline psa_status_t psa_driver_wrapper_pake_setup( 2705 psa_pake_operation_t *operation, 2706 const psa_crypto_driver_pake_inputs_t *inputs ) 2707{ 2708 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 2709 2710 psa_key_location_t location = 2711 PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime( &inputs->attributes ) ); 2712 2713 switch( location ) 2714 { 2715 case PSA_KEY_LOCATION_LOCAL_STORAGE: 2716 /* Key is stored in the slot in export representation, so 2717 * cycle through all known transparent accelerators */ 2718 status = PSA_ERROR_NOT_SUPPORTED; 2719#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 2720#if defined(PSA_CRYPTO_DRIVER_TEST) 2721 status = mbedtls_test_transparent_pake_setup( 2722 &operation->data.ctx.transparent_test_driver_ctx, 2723 inputs ); 2724 if( status == PSA_SUCCESS ) 2725 operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID; 2726 /* Declared with fallback == true */ 2727 if( status != PSA_ERROR_NOT_SUPPORTED ) 2728 return( status ); 2729#endif /* PSA_CRYPTO_DRIVER_TEST */ 2730#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 2731#if defined(MBEDTLS_PSA_BUILTIN_PAKE) 2732 status = mbedtls_psa_pake_setup( &operation->data.ctx.mbedtls_ctx, 2733 inputs ); 2734 if( status == PSA_SUCCESS ) 2735 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; 2736#endif 2737 return status; 2738 /* Add cases for opaque driver here */ 2739 default: 2740 /* Key is declared with a lifetime not known to us */ 2741 (void)operation; 2742 return( PSA_ERROR_INVALID_ARGUMENT ); 2743 } 2744} 2745 2746static inline psa_status_t psa_driver_wrapper_pake_output( 2747 psa_pake_operation_t *operation, 2748 psa_crypto_driver_pake_step_t step, 2749 uint8_t *output, 2750 size_t output_size, 2751 size_t *output_length ) 2752{ 2753 switch( operation->id ) 2754 { 2755#if defined(MBEDTLS_PSA_BUILTIN_PAKE) 2756 case PSA_CRYPTO_MBED_TLS_DRIVER_ID: 2757 return( mbedtls_psa_pake_output( &operation->data.ctx.mbedtls_ctx, step, 2758 output, output_size, output_length ) ); 2759#endif /* MBEDTLS_PSA_BUILTIN_PAKE */ 2760 2761#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 2762#if defined(PSA_CRYPTO_DRIVER_TEST) 2763 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: 2764 return( mbedtls_test_transparent_pake_output( 2765 &operation->data.ctx.transparent_test_driver_ctx, 2766 step, output, output_size, output_length ) ); 2767#endif /* PSA_CRYPTO_DRIVER_TEST */ 2768#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 2769 default: 2770 (void) step; 2771 (void) output; 2772 (void) output_size; 2773 (void) output_length; 2774 return( PSA_ERROR_INVALID_ARGUMENT ); 2775 } 2776} 2777 2778static inline psa_status_t psa_driver_wrapper_pake_input( 2779 psa_pake_operation_t *operation, 2780 psa_crypto_driver_pake_step_t step, 2781 const uint8_t *input, 2782 size_t input_length ) 2783{ 2784 switch( operation->id ) 2785 { 2786#if defined(MBEDTLS_PSA_BUILTIN_PAKE) 2787 case PSA_CRYPTO_MBED_TLS_DRIVER_ID: 2788 return( mbedtls_psa_pake_input( &operation->data.ctx.mbedtls_ctx, 2789 step, input, 2790 input_length ) ); 2791#endif /* MBEDTLS_PSA_BUILTIN_PAKE */ 2792 2793#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 2794#if defined(PSA_CRYPTO_DRIVER_TEST) 2795 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: 2796 return( mbedtls_test_transparent_pake_input( 2797 &operation->data.ctx.transparent_test_driver_ctx, 2798 step, 2799 input, input_length ) ); 2800#endif /* PSA_CRYPTO_DRIVER_TEST */ 2801#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 2802 default: 2803 (void) step; 2804 (void) input; 2805 (void) input_length; 2806 return( PSA_ERROR_INVALID_ARGUMENT ); 2807 } 2808} 2809 2810static inline psa_status_t psa_driver_wrapper_pake_get_implicit_key( 2811 psa_pake_operation_t *operation, 2812 uint8_t *output, size_t output_size, 2813 size_t *output_length ) 2814{ 2815 switch( operation->id ) 2816 { 2817#if defined(MBEDTLS_PSA_BUILTIN_PAKE) 2818 case PSA_CRYPTO_MBED_TLS_DRIVER_ID: 2819 return( mbedtls_psa_pake_get_implicit_key( &operation->data.ctx.mbedtls_ctx, 2820 output, output_size, output_length ) ); 2821#endif /* MBEDTLS_PSA_BUILTIN_PAKE */ 2822 2823#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 2824#if defined(PSA_CRYPTO_DRIVER_TEST) 2825 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: 2826 return( mbedtls_test_transparent_pake_get_implicit_key( 2827 &operation->data.ctx.transparent_test_driver_ctx, 2828 output, output_size, output_length ) ); 2829#endif /* PSA_CRYPTO_DRIVER_TEST */ 2830#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 2831 default: 2832 (void) output; 2833 (void) output_size; 2834 (void) output_length; 2835 return( PSA_ERROR_INVALID_ARGUMENT ); 2836 } 2837} 2838 2839static inline psa_status_t psa_driver_wrapper_pake_abort( 2840 psa_pake_operation_t * operation ) 2841{ 2842 switch( operation->id ) 2843 { 2844#if defined(MBEDTLS_PSA_BUILTIN_PAKE) 2845 case PSA_CRYPTO_MBED_TLS_DRIVER_ID: 2846 return( mbedtls_psa_pake_abort( &operation->data.ctx.mbedtls_ctx ) ); 2847#endif /* MBEDTLS_PSA_BUILTIN_PAKE */ 2848 2849#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) 2850#if defined(PSA_CRYPTO_DRIVER_TEST) 2851 case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: 2852 return( mbedtls_test_transparent_pake_abort( 2853 &operation->data.ctx.transparent_test_driver_ctx ) ); 2854#endif /* PSA_CRYPTO_DRIVER_TEST */ 2855#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ 2856 default: 2857 return( PSA_ERROR_INVALID_ARGUMENT ); 2858 } 2859} 2860 2861#endif /* MBEDTLS_PSA_CRYPTO_C */ 2862