1/*
2 *  Functions to delegate cryptographic operations to an available
3 *  and appropriate accelerator.
4 *  Warning: This file is now auto-generated.
5 */
6/*  Copyright The Mbed TLS Contributors
7 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
8 */
9
10
11/* BEGIN-common headers */
12#include "common.h"
13#include "psa_crypto_aead.h"
14#include "psa_crypto_cipher.h"
15#include "psa_crypto_core.h"
16#include "psa_crypto_driver_wrappers_no_static.h"
17#include "psa_crypto_hash.h"
18#include "psa_crypto_mac.h"
19#include "psa_crypto_pake.h"
20#include "psa_crypto_rsa.h"
21
22#include "mbedtls/platform.h"
23#include "mbedtls/constant_time.h"
24/* END-common headers */
25
26#if defined(MBEDTLS_PSA_CRYPTO_C)
27
28/* BEGIN-driver headers */
29{% for driver in drivers -%}
30/* Headers for {{driver.prefix}} {{driver.type}} driver */
31{% if driver['mbedtls/h_condition'] is defined -%}
32#if {{ driver['mbedtls/h_condition'] }}
33{% endif -%}
34{% for header in driver.headers -%}
35#include "{{ header }}"
36{% endfor %}
37{% if driver['mbedtls/h_condition'] is defined -%}
38#endif
39{% endif -%}
40{% endfor %}
41/* END-driver headers */
42
43/* Auto-generated values depending on which drivers are registered.
44 * ID 0 is reserved for unallocated operations.
45 * ID 1 is reserved for the Mbed TLS software driver. */
46/* BEGIN-driver id definition */
47#define PSA_CRYPTO_MBED_TLS_DRIVER_ID (1)
48{% for driver in drivers -%}
49#define {{(driver.prefix + "_" + driver.type + "_driver_id").upper()}} ({{ loop.index + 1 }})
50{% endfor %}
51/* END-driver id */
52
53/* BEGIN-Common Macro definitions */
54{% macro entry_point_name(capability, entry_point, driver) -%}
55    {% if capability.name is defined and entry_point in capability.names.keys() -%}
56    {{ capability.names[entry_point]}}
57    {% else -%}
58    {{driver.prefix}}_{{driver.type}}_{{entry_point}}
59    {% endif -%}
60{% endmacro %}
61/* END-Common Macro definitions */
62
63/* Support the 'old' SE interface when asked to */
64#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
65/* PSA_CRYPTO_DRIVER_PRESENT is defined when either a new-style or old-style
66 * SE driver is present, to avoid unused argument errors at compile time. */
67#ifndef PSA_CRYPTO_DRIVER_PRESENT
68#define PSA_CRYPTO_DRIVER_PRESENT
69#endif
70#include "psa_crypto_se.h"
71#endif
72
73static inline psa_status_t psa_driver_wrapper_init( void )
74{
75    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
76
77#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
78    status = psa_init_all_se_drivers( );
79    if( status != PSA_SUCCESS )
80        return( status );
81#endif
82
83#if defined(PSA_CRYPTO_DRIVER_TEST)
84    status = mbedtls_test_transparent_init( );
85    if( status != PSA_SUCCESS )
86        return( status );
87
88    status = mbedtls_test_opaque_init( );
89    if( status != PSA_SUCCESS )
90        return( status );
91#endif
92
93    (void) status;
94    return( PSA_SUCCESS );
95}
96
97static inline void psa_driver_wrapper_free( void )
98{
99#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
100    /* Unregister all secure element drivers, so that we restart from
101     * a pristine state. */
102    psa_unregister_all_se_drivers( );
103#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
104
105#if defined(PSA_CRYPTO_DRIVER_TEST)
106    mbedtls_test_transparent_free( );
107    mbedtls_test_opaque_free( );
108#endif
109}
110
111/* Start delegation functions */
112static inline psa_status_t psa_driver_wrapper_sign_message(
113    const psa_key_attributes_t *attributes,
114    const uint8_t *key_buffer,
115    size_t key_buffer_size,
116    psa_algorithm_t alg,
117    const uint8_t *input,
118    size_t input_length,
119    uint8_t *signature,
120    size_t signature_size,
121    size_t *signature_length )
122{
123    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
124    psa_key_location_t location =
125        PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
126
127    switch( location )
128    {
129        case PSA_KEY_LOCATION_LOCAL_STORAGE:
130            /* Key is stored in the slot in export representation, so
131             * cycle through all known transparent accelerators */
132#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
133#if defined(PSA_CRYPTO_DRIVER_TEST)
134            status = mbedtls_test_transparent_signature_sign_message(
135                        attributes,
136                        key_buffer,
137                        key_buffer_size,
138                        alg,
139                        input,
140                        input_length,
141                        signature,
142                        signature_size,
143                        signature_length );
144            /* Declared with fallback == true */
145            if( status != PSA_ERROR_NOT_SUPPORTED )
146                return( status );
147#endif /* PSA_CRYPTO_DRIVER_TEST */
148#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
149            break;
150
151        /* Add cases for opaque driver here */
152#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
153#if defined(PSA_CRYPTO_DRIVER_TEST)
154        case PSA_CRYPTO_TEST_DRIVER_LOCATION:
155            status = mbedtls_test_opaque_signature_sign_message(
156                        attributes,
157                        key_buffer,
158                        key_buffer_size,
159                        alg,
160                        input,
161                        input_length,
162                        signature,
163                        signature_size,
164                        signature_length );
165            if( status != PSA_ERROR_NOT_SUPPORTED )
166                return( status );
167            break;
168#endif /* PSA_CRYPTO_DRIVER_TEST */
169#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
170        default:
171            /* Key is declared with a lifetime not known to us */
172            (void)status;
173            break;
174    }
175
176    return( psa_sign_message_builtin( attributes,
177                                      key_buffer,
178                                      key_buffer_size,
179                                      alg,
180                                      input,
181                                      input_length,
182                                      signature,
183                                      signature_size,
184                                      signature_length ) );
185}
186
187static inline psa_status_t psa_driver_wrapper_verify_message(
188    const psa_key_attributes_t *attributes,
189    const uint8_t *key_buffer,
190    size_t key_buffer_size,
191    psa_algorithm_t alg,
192    const uint8_t *input,
193    size_t input_length,
194    const uint8_t *signature,
195    size_t signature_length )
196{
197    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
198    psa_key_location_t location =
199        PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
200
201    switch( location )
202    {
203        case PSA_KEY_LOCATION_LOCAL_STORAGE:
204            /* Key is stored in the slot in export representation, so
205             * cycle through all known transparent accelerators */
206#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
207#if defined(PSA_CRYPTO_DRIVER_TEST)
208            status = mbedtls_test_transparent_signature_verify_message(
209                        attributes,
210                        key_buffer,
211                        key_buffer_size,
212                        alg,
213                        input,
214                        input_length,
215                        signature,
216                        signature_length );
217            /* Declared with fallback == true */
218            if( status != PSA_ERROR_NOT_SUPPORTED )
219                return( status );
220#endif /* PSA_CRYPTO_DRIVER_TEST */
221#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
222            break;
223
224        /* Add cases for opaque driver here */
225#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
226#if defined(PSA_CRYPTO_DRIVER_TEST)
227        case PSA_CRYPTO_TEST_DRIVER_LOCATION:
228            return( mbedtls_test_opaque_signature_verify_message(
229                        attributes,
230                        key_buffer,
231                        key_buffer_size,
232                        alg,
233                        input,
234                        input_length,
235                        signature,
236                        signature_length ) );
237            if( status != PSA_ERROR_NOT_SUPPORTED )
238                return( status );
239            break;
240#endif /* PSA_CRYPTO_DRIVER_TEST */
241#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
242        default:
243            /* Key is declared with a lifetime not known to us */
244            (void)status;
245            break;
246    }
247
248    return( psa_verify_message_builtin( attributes,
249                                        key_buffer,
250                                        key_buffer_size,
251                                        alg,
252                                        input,
253                                        input_length,
254                                        signature,
255                                        signature_length ) );
256}
257
258static inline psa_status_t psa_driver_wrapper_sign_hash(
259    const psa_key_attributes_t *attributes,
260    const uint8_t *key_buffer, size_t key_buffer_size,
261    psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
262    uint8_t *signature, size_t signature_size, size_t *signature_length )
263{
264    /* Try dynamically-registered SE interface first */
265#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
266    const psa_drv_se_t *drv;
267    psa_drv_se_context_t *drv_context;
268
269    if( psa_get_se_driver( psa_get_key_lifetime(attributes), &drv, &drv_context ) )
270    {
271        if( drv->asymmetric == NULL ||
272            drv->asymmetric->p_sign == NULL )
273        {
274            /* Key is defined in SE, but we have no way to exercise it */
275            return( PSA_ERROR_NOT_SUPPORTED );
276        }
277        return( drv->asymmetric->p_sign(
278                    drv_context, *( (psa_key_slot_number_t *)key_buffer ),
279                    alg, hash, hash_length,
280                    signature, signature_size, signature_length ) );
281    }
282#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
283
284    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
285    psa_key_location_t location =
286        PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
287
288    switch( location )
289    {
290        case PSA_KEY_LOCATION_LOCAL_STORAGE:
291            /* Key is stored in the slot in export representation, so
292             * cycle through all known transparent accelerators */
293#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
294#if defined(PSA_CRYPTO_DRIVER_TEST)
295            status = mbedtls_test_transparent_signature_sign_hash( attributes,
296                                                           key_buffer,
297                                                           key_buffer_size,
298                                                           alg,
299                                                           hash,
300                                                           hash_length,
301                                                           signature,
302                                                           signature_size,
303                                                           signature_length );
304            /* Declared with fallback == true */
305            if( status != PSA_ERROR_NOT_SUPPORTED )
306                return( status );
307#endif /* PSA_CRYPTO_DRIVER_TEST */
308#if defined (MBEDTLS_PSA_P256M_DRIVER_ENABLED)
309            if( PSA_KEY_TYPE_IS_ECC( psa_get_key_type(attributes) ) &&
310                PSA_ALG_IS_ECDSA(alg) &&
311                !PSA_ALG_ECDSA_IS_DETERMINISTIC( alg ) &&
312                PSA_KEY_TYPE_ECC_GET_FAMILY(psa_get_key_type(attributes)) == PSA_ECC_FAMILY_SECP_R1 &&
313                psa_get_key_bits(attributes) == 256 )
314            {
315                status = p256_transparent_sign_hash( attributes,
316                                                     key_buffer,
317                                                     key_buffer_size,
318                                                     alg,
319                                                     hash,
320                                                     hash_length,
321                                                     signature,
322                                                     signature_size,
323                                                     signature_length );
324                if( status != PSA_ERROR_NOT_SUPPORTED )
325                return( status );
326            }
327#endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */
328#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
329            /* Fell through, meaning no accelerator supports this operation */
330            return( psa_sign_hash_builtin( attributes,
331                                           key_buffer,
332                                           key_buffer_size,
333                                           alg,
334                                           hash,
335                                           hash_length,
336                                           signature,
337                                           signature_size,
338                                           signature_length ) );
339
340        /* Add cases for opaque driver here */
341#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
342#if defined(PSA_CRYPTO_DRIVER_TEST)
343        case PSA_CRYPTO_TEST_DRIVER_LOCATION:
344            return( mbedtls_test_opaque_signature_sign_hash( attributes,
345                                                             key_buffer,
346                                                             key_buffer_size,
347                                                             alg,
348                                                             hash,
349                                                             hash_length,
350                                                             signature,
351                                                             signature_size,
352                                                             signature_length ) );
353#endif /* PSA_CRYPTO_DRIVER_TEST */
354#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
355        default:
356            /* Key is declared with a lifetime not known to us */
357            (void)status;
358            return( PSA_ERROR_INVALID_ARGUMENT );
359    }
360}
361
362static inline psa_status_t psa_driver_wrapper_verify_hash(
363    const psa_key_attributes_t *attributes,
364    const uint8_t *key_buffer, size_t key_buffer_size,
365    psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
366    const uint8_t *signature, size_t signature_length )
367{
368    /* Try dynamically-registered SE interface first */
369#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
370    const psa_drv_se_t *drv;
371    psa_drv_se_context_t *drv_context;
372
373    if( psa_get_se_driver( psa_get_key_lifetime(attributes), &drv, &drv_context ) )
374    {
375        if( drv->asymmetric == NULL ||
376            drv->asymmetric->p_verify == NULL )
377        {
378            /* Key is defined in SE, but we have no way to exercise it */
379            return( PSA_ERROR_NOT_SUPPORTED );
380        }
381        return( drv->asymmetric->p_verify(
382                    drv_context, *( (psa_key_slot_number_t *)key_buffer ),
383                    alg, hash, hash_length,
384                    signature, signature_length ) );
385    }
386#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
387
388    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
389    psa_key_location_t location =
390        PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
391
392    switch( location )
393    {
394        case PSA_KEY_LOCATION_LOCAL_STORAGE:
395            /* Key is stored in the slot in export representation, so
396             * cycle through all known transparent accelerators */
397#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
398#if defined(PSA_CRYPTO_DRIVER_TEST)
399            status = mbedtls_test_transparent_signature_verify_hash(
400                         attributes,
401                         key_buffer,
402                         key_buffer_size,
403                         alg,
404                         hash,
405                         hash_length,
406                         signature,
407                         signature_length );
408            /* Declared with fallback == true */
409            if( status != PSA_ERROR_NOT_SUPPORTED )
410                return( status );
411#endif /* PSA_CRYPTO_DRIVER_TEST */
412#if defined (MBEDTLS_PSA_P256M_DRIVER_ENABLED)
413            if( PSA_KEY_TYPE_IS_ECC( psa_get_key_type(attributes) ) &&
414                PSA_ALG_IS_ECDSA(alg) &&
415                !PSA_ALG_ECDSA_IS_DETERMINISTIC( alg ) &&
416                PSA_KEY_TYPE_ECC_GET_FAMILY(psa_get_key_type(attributes)) == PSA_ECC_FAMILY_SECP_R1 &&
417                psa_get_key_bits(attributes) == 256 )
418            {
419                status = p256_transparent_verify_hash( attributes,
420                                                       key_buffer,
421                                                       key_buffer_size,
422                                                       alg,
423                                                       hash,
424                                                       hash_length,
425                                                       signature,
426                                                       signature_length );
427                if( status != PSA_ERROR_NOT_SUPPORTED )
428                return( status );
429            }
430#endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */
431#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
432
433            return( psa_verify_hash_builtin( attributes,
434                                             key_buffer,
435                                             key_buffer_size,
436                                             alg,
437                                             hash,
438                                             hash_length,
439                                             signature,
440                                             signature_length ) );
441
442        /* Add cases for opaque driver here */
443#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
444#if defined(PSA_CRYPTO_DRIVER_TEST)
445        case PSA_CRYPTO_TEST_DRIVER_LOCATION:
446            return( mbedtls_test_opaque_signature_verify_hash( attributes,
447                                                               key_buffer,
448                                                               key_buffer_size,
449                                                               alg,
450                                                               hash,
451                                                               hash_length,
452                                                               signature,
453                                                               signature_length ) );
454#endif /* PSA_CRYPTO_DRIVER_TEST */
455#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
456        default:
457            /* Key is declared with a lifetime not known to us */
458            (void)status;
459            return( PSA_ERROR_INVALID_ARGUMENT );
460    }
461}
462
463static inline uint32_t psa_driver_wrapper_sign_hash_get_num_ops(
464    psa_sign_hash_interruptible_operation_t *operation )
465{
466    switch( operation->id )
467    {
468        /* If uninitialised, return 0, as no work can have been done. */
469        case 0:
470            return 0;
471
472        case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
473            return(mbedtls_psa_sign_hash_get_num_ops(&operation->ctx.mbedtls_ctx));
474
475#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
476#if defined(PSA_CRYPTO_DRIVER_TEST)
477            /* Add test driver tests here */
478
479#endif /* PSA_CRYPTO_DRIVER_TEST */
480#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
481    }
482
483    /* Can't happen (see discussion in #8271) */
484    return 0;
485}
486
487static inline uint32_t psa_driver_wrapper_verify_hash_get_num_ops(
488    psa_verify_hash_interruptible_operation_t *operation )
489{
490    switch( operation->id )
491    {
492        /* If uninitialised, return 0, as no work can have been done. */
493        case 0:
494            return 0;
495
496        case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
497            return (mbedtls_psa_verify_hash_get_num_ops(&operation->ctx.mbedtls_ctx));
498
499#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
500#if defined(PSA_CRYPTO_DRIVER_TEST)
501            /* Add test driver tests here */
502
503#endif /* PSA_CRYPTO_DRIVER_TEST */
504#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
505
506    }
507
508    /* Can't happen (see discussion in #8271) */
509    return 0;
510}
511
512static inline psa_status_t psa_driver_wrapper_sign_hash_start(
513    psa_sign_hash_interruptible_operation_t *operation,
514    const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
515    size_t key_buffer_size, psa_algorithm_t alg,
516    const uint8_t *hash, size_t hash_length )
517{
518    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
519    psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
520                                                    psa_get_key_lifetime(attributes) );
521
522    switch( location )
523    {
524        case PSA_KEY_LOCATION_LOCAL_STORAGE:
525            /* Key is stored in the slot in export representation, so
526             * cycle through all known transparent accelerators */
527
528#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
529#if defined(PSA_CRYPTO_DRIVER_TEST)
530
531            /* Add test driver tests here */
532
533            /* Declared with fallback == true */
534
535#endif /* PSA_CRYPTO_DRIVER_TEST */
536#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
537
538            /* Fell through, meaning no accelerator supports this operation */
539            operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
540            status = mbedtls_psa_sign_hash_start( &operation->ctx.mbedtls_ctx,
541                                                  attributes,
542                                                  key_buffer, key_buffer_size,
543                                                  alg, hash, hash_length );
544            break;
545
546            /* Add cases for opaque driver here */
547
548        default:
549            /* Key is declared with a lifetime not known to us */
550            status = PSA_ERROR_INVALID_ARGUMENT;
551            break;
552    }
553
554    return( status );
555}
556
557static inline psa_status_t psa_driver_wrapper_sign_hash_complete(
558    psa_sign_hash_interruptible_operation_t *operation,
559    uint8_t *signature, size_t signature_size,
560    size_t *signature_length )
561{
562    switch( operation->id )
563    {
564        case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
565            return( mbedtls_psa_sign_hash_complete( &operation->ctx.mbedtls_ctx,
566                                                    signature, signature_size,
567                                                    signature_length ) );
568
569#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
570#if defined(PSA_CRYPTO_DRIVER_TEST)
571            /* Add test driver tests here */
572
573#endif /* PSA_CRYPTO_DRIVER_TEST */
574#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
575    }
576
577    ( void ) signature;
578    ( void ) signature_size;
579    ( void ) signature_length;
580
581    return( PSA_ERROR_INVALID_ARGUMENT );
582}
583
584static inline psa_status_t psa_driver_wrapper_sign_hash_abort(
585    psa_sign_hash_interruptible_operation_t *operation )
586{
587    switch( operation->id )
588    {
589        case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
590            return( mbedtls_psa_sign_hash_abort( &operation->ctx.mbedtls_ctx ) );
591
592#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
593#if defined(PSA_CRYPTO_DRIVER_TEST)
594            /* Add test driver tests here */
595
596#endif /* PSA_CRYPTO_DRIVER_TEST */
597#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
598    }
599
600    return( PSA_ERROR_INVALID_ARGUMENT );
601}
602
603static inline psa_status_t psa_driver_wrapper_verify_hash_start(
604    psa_verify_hash_interruptible_operation_t *operation,
605    const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
606    size_t key_buffer_size, psa_algorithm_t alg,
607    const uint8_t *hash, size_t hash_length,
608    const uint8_t *signature, size_t signature_length )
609{
610    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
611    psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
612                                                    psa_get_key_lifetime(attributes) );
613
614    switch( location )
615    {
616        case PSA_KEY_LOCATION_LOCAL_STORAGE:
617            /* Key is stored in the slot in export representation, so
618             * cycle through all known transparent accelerators */
619
620#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
621#if defined(PSA_CRYPTO_DRIVER_TEST)
622
623            /* Add test driver tests here */
624
625            /* Declared with fallback == true */
626
627#endif /* PSA_CRYPTO_DRIVER_TEST */
628#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
629
630            /* Fell through, meaning no accelerator supports this operation */
631            operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
632            status = mbedtls_psa_verify_hash_start( &operation->ctx.mbedtls_ctx,
633                                                    attributes,
634                                                    key_buffer, key_buffer_size,
635                                                    alg, hash, hash_length,
636                                                    signature, signature_length );
637            break;
638
639            /* Add cases for opaque driver here */
640
641        default:
642            /* Key is declared with a lifetime not known to us */
643            status = PSA_ERROR_INVALID_ARGUMENT;
644            break;
645    }
646
647    return( status );
648}
649
650static inline psa_status_t psa_driver_wrapper_verify_hash_complete(
651    psa_verify_hash_interruptible_operation_t *operation )
652{
653    switch( operation->id )
654    {
655        case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
656            return( mbedtls_psa_verify_hash_complete(
657                                                     &operation->ctx.mbedtls_ctx
658                                                     ) );
659
660#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
661#if defined(PSA_CRYPTO_DRIVER_TEST)
662            /* Add test driver tests here */
663
664#endif /* PSA_CRYPTO_DRIVER_TEST */
665#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
666    }
667
668    return( PSA_ERROR_INVALID_ARGUMENT );
669}
670
671static inline psa_status_t psa_driver_wrapper_verify_hash_abort(
672    psa_verify_hash_interruptible_operation_t *operation )
673{
674    switch( operation->id )
675    {
676        case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
677            return( mbedtls_psa_verify_hash_abort( &operation->ctx.mbedtls_ctx
678                                                 ) );
679
680#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
681#if defined(PSA_CRYPTO_DRIVER_TEST)
682            /* Add test driver tests here */
683
684#endif /* PSA_CRYPTO_DRIVER_TEST */
685#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
686    }
687
688    return( PSA_ERROR_INVALID_ARGUMENT );
689}
690
691/** Calculate the key buffer size required to store the key material of a key
692 *  associated with an opaque driver from input key data.
693 *
694 * \param[in] attributes        The key attributes
695 * \param[in] data              The input key data.
696 * \param[in] data_length       The input data length.
697 * \param[out] key_buffer_size  Minimum buffer size to contain the key material.
698 *
699 * \retval #PSA_SUCCESS \emptydescription
700 * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
701 * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
702 */
703static inline psa_status_t psa_driver_wrapper_get_key_buffer_size_from_key_data(
704    const psa_key_attributes_t *attributes,
705    const uint8_t *data,
706    size_t data_length,
707    size_t *key_buffer_size )
708{
709    psa_key_location_t location =
710        PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
711    psa_key_type_t key_type = psa_get_key_type(attributes);
712
713    *key_buffer_size = 0;
714    switch( location )
715    {
716#if defined(PSA_CRYPTO_DRIVER_TEST)
717        case PSA_CRYPTO_TEST_DRIVER_LOCATION:
718            *key_buffer_size = mbedtls_test_opaque_size_function( key_type,
719                                     PSA_BYTES_TO_BITS( data_length ) );
720            return( ( *key_buffer_size != 0 ) ?
721                    PSA_SUCCESS : PSA_ERROR_NOT_SUPPORTED );
722#endif /* PSA_CRYPTO_DRIVER_TEST */
723
724        default:
725            (void)key_type;
726            (void)data;
727            (void)data_length;
728            return( PSA_ERROR_INVALID_ARGUMENT );
729    }
730}
731
732static inline psa_status_t psa_driver_wrapper_generate_key(
733    const psa_key_attributes_t *attributes,
734    const psa_custom_key_parameters_t *custom,
735    const uint8_t *custom_data, size_t custom_data_length,
736    uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
737{
738    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
739    psa_key_location_t location =
740        PSA_KEY_LIFETIME_GET_LOCATION(psa_get_key_lifetime(attributes));
741
742#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE)
743    int is_default_production =
744        psa_custom_key_parameters_are_default(custom, custom_data_length);
745    if( location != PSA_KEY_LOCATION_LOCAL_STORAGE && !is_default_production )
746    {
747        /* We don't support passing custom production parameters
748         * to drivers yet. */
749        return PSA_ERROR_NOT_SUPPORTED;
750    }
751#else
752    int is_default_production = 1;
753    (void) is_default_production;
754#endif
755
756    /* Try dynamically-registered SE interface first */
757#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
758    const psa_drv_se_t *drv;
759    psa_drv_se_context_t *drv_context;
760
761    if( psa_get_se_driver( psa_get_key_lifetime(attributes), &drv, &drv_context ) )
762    {
763        size_t pubkey_length = 0; /* We don't support this feature yet */
764        if( drv->key_management == NULL ||
765            drv->key_management->p_generate == NULL )
766        {
767            /* Key is defined as being in SE, but we have no way to generate it */
768            return( PSA_ERROR_NOT_SUPPORTED );
769        }
770        return( drv->key_management->p_generate(
771            drv_context,
772            *( (psa_key_slot_number_t *)key_buffer ),
773            attributes, NULL, 0, &pubkey_length ) );
774    }
775#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
776
777    switch( location )
778    {
779        case PSA_KEY_LOCATION_LOCAL_STORAGE:
780#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
781            /* Transparent drivers are limited to generating asymmetric keys. */
782            /* We don't support passing custom production parameters
783             * to drivers yet. */
784            if( PSA_KEY_TYPE_IS_ASYMMETRIC( psa_get_key_type(attributes) ) &&
785                is_default_production )
786            {
787            /* Cycle through all known transparent accelerators */
788#if defined(PSA_CRYPTO_DRIVER_TEST)
789                status = mbedtls_test_transparent_generate_key(
790                    attributes, key_buffer, key_buffer_size,
791                    key_buffer_length );
792                /* Declared with fallback == true */
793                if( status != PSA_ERROR_NOT_SUPPORTED )
794                    break;
795#endif /* PSA_CRYPTO_DRIVER_TEST */
796#if defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED)
797                if( PSA_KEY_TYPE_IS_ECC( psa_get_key_type(attributes) ) &&
798                    psa_get_key_type(attributes) == PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1) &&
799                    psa_get_key_bits(attributes) == 256 )
800                {
801                    status = p256_transparent_generate_key( attributes,
802                                                            key_buffer,
803                                                            key_buffer_size,
804                                                            key_buffer_length );
805                    if( status != PSA_ERROR_NOT_SUPPORTED )
806                        break;
807                }
808
809#endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */
810            }
811#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
812
813            /* Software fallback */
814            status = psa_generate_key_internal(
815                attributes, custom, custom_data, custom_data_length,
816                key_buffer, key_buffer_size, key_buffer_length );
817            break;
818
819        /* Add cases for opaque driver here */
820#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
821#if defined(PSA_CRYPTO_DRIVER_TEST)
822        case PSA_CRYPTO_TEST_DRIVER_LOCATION:
823            status = mbedtls_test_opaque_generate_key(
824                attributes, key_buffer, key_buffer_size, key_buffer_length );
825            break;
826#endif /* PSA_CRYPTO_DRIVER_TEST */
827#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
828
829        default:
830            /* Key is declared with a lifetime not known to us */
831            status = PSA_ERROR_INVALID_ARGUMENT;
832            break;
833    }
834
835    return( status );
836}
837
838static inline psa_status_t psa_driver_wrapper_import_key(
839    const psa_key_attributes_t *attributes,
840    const uint8_t *data,
841    size_t data_length,
842    uint8_t *key_buffer,
843    size_t key_buffer_size,
844    size_t *key_buffer_length,
845    size_t *bits )
846{
847{% with entry_point = "import_key" -%}
848{% macro entry_point_param(driver) -%}
849attributes,
850data,
851data_length,
852key_buffer,
853key_buffer_size,
854key_buffer_length,
855bits
856{% endmacro %}
857    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
858    psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
859                                      psa_get_key_lifetime( attributes ) );
860
861    /* Try dynamically-registered SE interface first */
862#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
863    const psa_drv_se_t *drv;
864    psa_drv_se_context_t *drv_context;
865
866    if( psa_get_se_driver( psa_get_key_lifetime(attributes), &drv, &drv_context ) )
867    {
868        if( drv->key_management == NULL ||
869            drv->key_management->p_import == NULL )
870            return( PSA_ERROR_NOT_SUPPORTED );
871
872        /* The driver should set the number of key bits, however in
873         * case it doesn't, we initialize bits to an invalid value. */
874        *bits = PSA_MAX_KEY_BITS + 1;
875        status = drv->key_management->p_import(
876            drv_context,
877            *( (psa_key_slot_number_t *)key_buffer ),
878            attributes, data, data_length, bits );
879
880        if( status != PSA_SUCCESS )
881            return( status );
882
883        if( (*bits) > PSA_MAX_KEY_BITS )
884            return( PSA_ERROR_NOT_SUPPORTED );
885
886        return( PSA_SUCCESS );
887    }
888#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
889
890    switch( location )
891    {
892        case PSA_KEY_LOCATION_LOCAL_STORAGE:
893            /* Key is stored in the slot in export representation, so
894             * cycle through all known transparent accelerators */
895#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
896{% with nest_indent=12 %}
897{% include "OS-template-transparent.jinja" -%}
898{% endwith -%}
899#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
900
901            /* Fell through, meaning no accelerator supports this operation */
902            return( psa_import_key_into_slot( attributes,
903                                              data, data_length,
904                                              key_buffer, key_buffer_size,
905                                              key_buffer_length, bits ) );
906        /* Add cases for opaque driver here */
907#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
908{% with nest_indent=8 %}
909{% include "OS-template-opaque.jinja" -%}
910{% endwith -%}
911#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
912        default:
913            (void)status;
914            return( PSA_ERROR_INVALID_ARGUMENT );
915    }
916{% endwith %}
917}
918
919static inline psa_status_t psa_driver_wrapper_export_key(
920    const psa_key_attributes_t *attributes,
921    const uint8_t *key_buffer, size_t key_buffer_size,
922    uint8_t *data, size_t data_size, size_t *data_length )
923
924{
925{% with entry_point = "export_key" -%}
926{% macro entry_point_param(driver) -%}
927attributes,
928key_buffer,
929key_buffer_size,
930data,
931data_size,
932data_length
933{% endmacro %}
934    psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
935    psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
936                                      psa_get_key_lifetime( attributes ) );
937
938    /* Try dynamically-registered SE interface first */
939#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
940    const psa_drv_se_t *drv;
941    psa_drv_se_context_t *drv_context;
942
943    if( psa_get_se_driver( psa_get_key_lifetime(attributes), &drv, &drv_context ) )
944    {
945        if( ( drv->key_management == NULL   ) ||
946            ( drv->key_management->p_export == NULL ) )
947        {
948            return( PSA_ERROR_NOT_SUPPORTED );
949        }
950
951        return( drv->key_management->p_export(
952                     drv_context,
953                     *( (psa_key_slot_number_t *)key_buffer ),
954                     data, data_size, data_length ) );
955    }
956#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
957
958    switch( location )
959    {
960        case PSA_KEY_LOCATION_LOCAL_STORAGE:
961            return( psa_export_key_internal( attributes,
962                                             key_buffer,
963                                             key_buffer_size,
964                                             data,
965                                             data_size,
966                                             data_length ) );
967
968        /* Add cases for opaque driver here */
969#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
970{% with nest_indent=8 %}
971{% include "OS-template-opaque.jinja" -%}
972{% endwith -%}
973#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
974        default:
975            /* Key is declared with a lifetime not known to us */
976            return( status );
977    }
978{% endwith %}
979}
980
981static inline psa_status_t psa_driver_wrapper_copy_key(
982    psa_key_attributes_t *attributes,
983    const uint8_t *source_key, size_t source_key_length,
984    uint8_t *target_key_buffer, size_t target_key_buffer_size,
985    size_t *target_key_buffer_length )
986{
987{% with entry_point = "copy_key" -%}
988{% macro entry_point_param(driver) -%}
989attributes,
990source_key,
991source_key_length,
992target_key_buffer,
993target_key_buffer_size,
994target_key_buffer_length
995{% endmacro %}
996    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
997    psa_key_location_t location =
998        PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
999
1000#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
1001    const psa_drv_se_t *drv;
1002    psa_drv_se_context_t *drv_context;
1003
1004    if( psa_get_se_driver( psa_get_key_lifetime(attributes), &drv, &drv_context ) )
1005    {
1006        /* Copying to a secure element is not implemented yet. */
1007        return( PSA_ERROR_NOT_SUPPORTED );
1008    }
1009#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
1010
1011    switch( location )
1012    {
1013#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1014{% with nest_indent=8 %}
1015{% include "OS-template-opaque.jinja" -%}
1016{% endwith -%}
1017#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1018        default:
1019            (void)source_key;
1020            (void)source_key_length;
1021            (void)target_key_buffer;
1022            (void)target_key_buffer_size;
1023            (void)target_key_buffer_length;
1024            status = PSA_ERROR_INVALID_ARGUMENT;
1025    }
1026    return( status );
1027{% endwith %}
1028}
1029
1030/*
1031 * Cipher functions
1032 */
1033static inline psa_status_t psa_driver_wrapper_cipher_encrypt(
1034    const psa_key_attributes_t *attributes,
1035    const uint8_t *key_buffer,
1036    size_t key_buffer_size,
1037    psa_algorithm_t alg,
1038    const uint8_t *iv,
1039    size_t iv_length,
1040    const uint8_t *input,
1041    size_t input_length,
1042    uint8_t *output,
1043    size_t output_size,
1044    size_t *output_length )
1045{
1046    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1047    psa_key_location_t location =
1048        PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
1049
1050    switch( location )
1051    {
1052        case PSA_KEY_LOCATION_LOCAL_STORAGE:
1053            /* Key is stored in the slot in export representation, so
1054             * cycle through all known transparent accelerators */
1055#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1056#if defined(PSA_CRYPTO_DRIVER_TEST)
1057            status = mbedtls_test_transparent_cipher_encrypt( attributes,
1058                                                              key_buffer,
1059                                                              key_buffer_size,
1060                                                              alg,
1061                                                              iv,
1062                                                              iv_length,
1063                                                              input,
1064                                                              input_length,
1065                                                              output,
1066                                                              output_size,
1067                                                              output_length );
1068            /* Declared with fallback == true */
1069            if( status != PSA_ERROR_NOT_SUPPORTED )
1070                return( status );
1071#endif /* PSA_CRYPTO_DRIVER_TEST */
1072#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1073
1074#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1075            return( mbedtls_psa_cipher_encrypt( attributes,
1076                                                key_buffer,
1077                                                key_buffer_size,
1078                                                alg,
1079                                                iv,
1080                                                iv_length,
1081                                                input,
1082                                                input_length,
1083                                                output,
1084                                                output_size,
1085                                                output_length ) );
1086#else
1087            return( PSA_ERROR_NOT_SUPPORTED );
1088#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1089
1090        /* Add cases for opaque driver here */
1091#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1092#if defined(PSA_CRYPTO_DRIVER_TEST)
1093        case PSA_CRYPTO_TEST_DRIVER_LOCATION:
1094            return( mbedtls_test_opaque_cipher_encrypt( attributes,
1095                                                        key_buffer,
1096                                                        key_buffer_size,
1097                                                        alg,
1098                                                        iv,
1099                                                        iv_length,
1100                                                        input,
1101                                                        input_length,
1102                                                        output,
1103                                                        output_size,
1104                                                        output_length ) );
1105#endif /* PSA_CRYPTO_DRIVER_TEST */
1106#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1107
1108        default:
1109            /* Key is declared with a lifetime not known to us */
1110            (void)status;
1111            (void)key_buffer;
1112            (void)key_buffer_size;
1113            (void)alg;
1114            (void)iv;
1115            (void)iv_length;
1116            (void)input;
1117            (void)input_length;
1118            (void)output;
1119            (void)output_size;
1120            (void)output_length;
1121            return( PSA_ERROR_INVALID_ARGUMENT );
1122    }
1123}
1124
1125static inline psa_status_t psa_driver_wrapper_cipher_decrypt(
1126    const psa_key_attributes_t *attributes,
1127    const uint8_t *key_buffer,
1128    size_t key_buffer_size,
1129    psa_algorithm_t alg,
1130    const uint8_t *input,
1131    size_t input_length,
1132    uint8_t *output,
1133    size_t output_size,
1134    size_t *output_length )
1135{
1136    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1137    psa_key_location_t location =
1138        PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
1139
1140    switch( location )
1141    {
1142        case PSA_KEY_LOCATION_LOCAL_STORAGE:
1143            /* Key is stored in the slot in export representation, so
1144             * cycle through all known transparent accelerators */
1145#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1146#if defined(PSA_CRYPTO_DRIVER_TEST)
1147            status = mbedtls_test_transparent_cipher_decrypt( attributes,
1148                                                              key_buffer,
1149                                                              key_buffer_size,
1150                                                              alg,
1151                                                              input,
1152                                                              input_length,
1153                                                              output,
1154                                                              output_size,
1155                                                              output_length );
1156            /* Declared with fallback == true */
1157            if( status != PSA_ERROR_NOT_SUPPORTED )
1158                return( status );
1159#endif /* PSA_CRYPTO_DRIVER_TEST */
1160#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1161
1162#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1163            return( mbedtls_psa_cipher_decrypt( attributes,
1164                                                key_buffer,
1165                                                key_buffer_size,
1166                                                alg,
1167                                                input,
1168                                                input_length,
1169                                                output,
1170                                                output_size,
1171                                                output_length ) );
1172#else
1173            return( PSA_ERROR_NOT_SUPPORTED );
1174#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1175
1176        /* Add cases for opaque driver here */
1177#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1178#if defined(PSA_CRYPTO_DRIVER_TEST)
1179        case PSA_CRYPTO_TEST_DRIVER_LOCATION:
1180            return( mbedtls_test_opaque_cipher_decrypt( attributes,
1181                                                        key_buffer,
1182                                                        key_buffer_size,
1183                                                        alg,
1184                                                        input,
1185                                                        input_length,
1186                                                        output,
1187                                                        output_size,
1188                                                        output_length ) );
1189#endif /* PSA_CRYPTO_DRIVER_TEST */
1190#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1191
1192        default:
1193            /* Key is declared with a lifetime not known to us */
1194            (void)status;
1195            (void)key_buffer;
1196            (void)key_buffer_size;
1197            (void)alg;
1198            (void)input;
1199            (void)input_length;
1200            (void)output;
1201            (void)output_size;
1202            (void)output_length;
1203            return( PSA_ERROR_INVALID_ARGUMENT );
1204    }
1205}
1206
1207static inline psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
1208    psa_cipher_operation_t *operation,
1209    const psa_key_attributes_t *attributes,
1210    const uint8_t *key_buffer, size_t key_buffer_size,
1211    psa_algorithm_t alg )
1212{
1213    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1214    psa_key_location_t location =
1215        PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
1216
1217    switch( location )
1218    {
1219        case PSA_KEY_LOCATION_LOCAL_STORAGE:
1220            /* Key is stored in the slot in export representation, so
1221             * cycle through all known transparent accelerators */
1222#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1223#if defined(PSA_CRYPTO_DRIVER_TEST)
1224            status = mbedtls_test_transparent_cipher_encrypt_setup(
1225                &operation->ctx.transparent_test_driver_ctx,
1226                attributes,
1227                key_buffer,
1228                key_buffer_size,
1229                alg );
1230            /* Declared with fallback == true */
1231            if( status == PSA_SUCCESS )
1232                operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
1233
1234            if( status != PSA_ERROR_NOT_SUPPORTED )
1235                return( status );
1236#endif /* PSA_CRYPTO_DRIVER_TEST */
1237#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1238#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1239            /* Fell through, meaning no accelerator supports this operation */
1240            status = mbedtls_psa_cipher_encrypt_setup( &operation->ctx.mbedtls_ctx,
1241                                                       attributes,
1242                                                       key_buffer,
1243                                                       key_buffer_size,
1244                                                       alg );
1245            if( status == PSA_SUCCESS )
1246                operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1247
1248            if( status != PSA_ERROR_NOT_SUPPORTED )
1249                return( status );
1250#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1251            return( PSA_ERROR_NOT_SUPPORTED );
1252
1253        /* Add cases for opaque driver here */
1254#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1255#if defined(PSA_CRYPTO_DRIVER_TEST)
1256        case PSA_CRYPTO_TEST_DRIVER_LOCATION:
1257            status = mbedtls_test_opaque_cipher_encrypt_setup(
1258                &operation->ctx.opaque_test_driver_ctx,
1259                attributes,
1260                key_buffer, key_buffer_size,
1261                alg );
1262
1263            if( status == PSA_SUCCESS )
1264                operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID;
1265
1266            return( status );
1267#endif /* PSA_CRYPTO_DRIVER_TEST */
1268#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1269        default:
1270            /* Key is declared with a lifetime not known to us */
1271            (void)status;
1272            (void)operation;
1273            (void)key_buffer;
1274            (void)key_buffer_size;
1275            (void)alg;
1276            return( PSA_ERROR_INVALID_ARGUMENT );
1277    }
1278}
1279
1280static inline psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
1281    psa_cipher_operation_t *operation,
1282    const psa_key_attributes_t *attributes,
1283    const uint8_t *key_buffer, size_t key_buffer_size,
1284    psa_algorithm_t alg )
1285{
1286    psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
1287    psa_key_location_t location =
1288        PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
1289
1290    switch( location )
1291    {
1292        case PSA_KEY_LOCATION_LOCAL_STORAGE:
1293            /* Key is stored in the slot in export representation, so
1294             * cycle through all known transparent accelerators */
1295#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1296#if defined(PSA_CRYPTO_DRIVER_TEST)
1297            status = mbedtls_test_transparent_cipher_decrypt_setup(
1298                &operation->ctx.transparent_test_driver_ctx,
1299                attributes,
1300                key_buffer,
1301                key_buffer_size,
1302                alg );
1303            /* Declared with fallback == true */
1304            if( status == PSA_SUCCESS )
1305                operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
1306
1307            if( status != PSA_ERROR_NOT_SUPPORTED )
1308                return( status );
1309#endif /* PSA_CRYPTO_DRIVER_TEST */
1310#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1311#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1312            /* Fell through, meaning no accelerator supports this operation */
1313            status = mbedtls_psa_cipher_decrypt_setup( &operation->ctx.mbedtls_ctx,
1314                                                       attributes,
1315                                                       key_buffer,
1316                                                       key_buffer_size,
1317                                                       alg );
1318            if( status == PSA_SUCCESS )
1319                operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1320
1321            return( status );
1322#else /* MBEDTLS_PSA_BUILTIN_CIPHER */
1323            return( PSA_ERROR_NOT_SUPPORTED );
1324#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1325
1326        /* Add cases for opaque driver here */
1327#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1328#if defined(PSA_CRYPTO_DRIVER_TEST)
1329        case PSA_CRYPTO_TEST_DRIVER_LOCATION:
1330            status = mbedtls_test_opaque_cipher_decrypt_setup(
1331                         &operation->ctx.opaque_test_driver_ctx,
1332                         attributes,
1333                         key_buffer, key_buffer_size,
1334                         alg );
1335
1336            if( status == PSA_SUCCESS )
1337                operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID;
1338
1339            return( status );
1340#endif /* PSA_CRYPTO_DRIVER_TEST */
1341#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1342        default:
1343            /* Key is declared with a lifetime not known to us */
1344            (void)status;
1345            (void)operation;
1346            (void)key_buffer;
1347            (void)key_buffer_size;
1348            (void)alg;
1349            return( PSA_ERROR_INVALID_ARGUMENT );
1350    }
1351}
1352
1353static inline psa_status_t psa_driver_wrapper_cipher_set_iv(
1354    psa_cipher_operation_t *operation,
1355    const uint8_t *iv,
1356    size_t iv_length )
1357{
1358    switch( operation->id )
1359    {
1360#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1361        case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1362            return( mbedtls_psa_cipher_set_iv( &operation->ctx.mbedtls_ctx,
1363                                               iv,
1364                                               iv_length ) );
1365#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1366
1367#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1368#if defined(PSA_CRYPTO_DRIVER_TEST)
1369        case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1370            return( mbedtls_test_transparent_cipher_set_iv(
1371                        &operation->ctx.transparent_test_driver_ctx,
1372                        iv, iv_length ) );
1373
1374        case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
1375            return( mbedtls_test_opaque_cipher_set_iv(
1376                        &operation->ctx.opaque_test_driver_ctx,
1377                        iv, iv_length ) );
1378#endif /* PSA_CRYPTO_DRIVER_TEST */
1379#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1380    }
1381
1382    (void)iv;
1383    (void)iv_length;
1384
1385    return( PSA_ERROR_INVALID_ARGUMENT );
1386}
1387
1388static inline psa_status_t psa_driver_wrapper_cipher_update(
1389    psa_cipher_operation_t *operation,
1390    const uint8_t *input,
1391    size_t input_length,
1392    uint8_t *output,
1393    size_t output_size,
1394    size_t *output_length )
1395{
1396    switch( operation->id )
1397    {
1398#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1399        case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1400            return( mbedtls_psa_cipher_update( &operation->ctx.mbedtls_ctx,
1401                                               input,
1402                                               input_length,
1403                                               output,
1404                                               output_size,
1405                                               output_length ) );
1406#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1407
1408#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1409#if defined(PSA_CRYPTO_DRIVER_TEST)
1410        case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1411            return( mbedtls_test_transparent_cipher_update(
1412                        &operation->ctx.transparent_test_driver_ctx,
1413                        input, input_length,
1414                        output, output_size, output_length ) );
1415
1416        case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
1417            return( mbedtls_test_opaque_cipher_update(
1418                        &operation->ctx.opaque_test_driver_ctx,
1419                        input, input_length,
1420                        output, output_size, output_length ) );
1421#endif /* PSA_CRYPTO_DRIVER_TEST */
1422#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1423    }
1424
1425    (void)input;
1426    (void)input_length;
1427    (void)output;
1428    (void)output_size;
1429    (void)output_length;
1430
1431    return( PSA_ERROR_INVALID_ARGUMENT );
1432}
1433
1434static inline psa_status_t psa_driver_wrapper_cipher_finish(
1435    psa_cipher_operation_t *operation,
1436    uint8_t *output,
1437    size_t output_size,
1438    size_t *output_length )
1439{
1440    switch( operation->id )
1441    {
1442#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1443        case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1444            return( mbedtls_psa_cipher_finish( &operation->ctx.mbedtls_ctx,
1445                                               output,
1446                                               output_size,
1447                                               output_length ) );
1448#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1449
1450#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1451#if defined(PSA_CRYPTO_DRIVER_TEST)
1452        case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1453            return( mbedtls_test_transparent_cipher_finish(
1454                        &operation->ctx.transparent_test_driver_ctx,
1455                        output, output_size, output_length ) );
1456
1457        case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
1458            return( mbedtls_test_opaque_cipher_finish(
1459                        &operation->ctx.opaque_test_driver_ctx,
1460                        output, output_size, output_length ) );
1461#endif /* PSA_CRYPTO_DRIVER_TEST */
1462#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1463    }
1464
1465    (void)output;
1466    (void)output_size;
1467    (void)output_length;
1468
1469    return( PSA_ERROR_INVALID_ARGUMENT );
1470}
1471
1472static inline psa_status_t psa_driver_wrapper_cipher_abort(
1473    psa_cipher_operation_t *operation )
1474{
1475    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1476
1477    switch( operation->id )
1478    {
1479#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1480        case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1481            return( mbedtls_psa_cipher_abort( &operation->ctx.mbedtls_ctx ) );
1482#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1483
1484#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1485#if defined(PSA_CRYPTO_DRIVER_TEST)
1486        case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1487            status = mbedtls_test_transparent_cipher_abort(
1488                         &operation->ctx.transparent_test_driver_ctx );
1489            mbedtls_platform_zeroize(
1490                &operation->ctx.transparent_test_driver_ctx,
1491                sizeof( operation->ctx.transparent_test_driver_ctx ) );
1492            return( status );
1493
1494        case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
1495            status = mbedtls_test_opaque_cipher_abort(
1496                         &operation->ctx.opaque_test_driver_ctx );
1497            mbedtls_platform_zeroize(
1498                &operation->ctx.opaque_test_driver_ctx,
1499                sizeof( operation->ctx.opaque_test_driver_ctx ) );
1500            return( status );
1501#endif /* PSA_CRYPTO_DRIVER_TEST */
1502#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1503    }
1504
1505    (void)status;
1506    return( PSA_ERROR_INVALID_ARGUMENT );
1507}
1508
1509/*
1510 * Hashing functions
1511 */
1512static inline psa_status_t psa_driver_wrapper_hash_compute(
1513    psa_algorithm_t alg,
1514    const uint8_t *input,
1515    size_t input_length,
1516    uint8_t *hash,
1517    size_t hash_size,
1518    size_t *hash_length)
1519{
1520    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1521
1522    /* Try accelerators first */
1523#if defined(PSA_CRYPTO_DRIVER_TEST)
1524    status = mbedtls_test_transparent_hash_compute(
1525                alg, input, input_length, hash, hash_size, hash_length );
1526    if( status != PSA_ERROR_NOT_SUPPORTED )
1527        return( status );
1528#endif
1529
1530    /* If software fallback is compiled in, try fallback */
1531#if defined(MBEDTLS_PSA_BUILTIN_HASH)
1532    status = mbedtls_psa_hash_compute( alg, input, input_length,
1533                                       hash, hash_size, hash_length );
1534    if( status != PSA_ERROR_NOT_SUPPORTED )
1535        return( status );
1536#endif
1537    (void) status;
1538    (void) alg;
1539    (void) input;
1540    (void) input_length;
1541    (void) hash;
1542    (void) hash_size;
1543    (void) hash_length;
1544
1545    return( PSA_ERROR_NOT_SUPPORTED );
1546}
1547
1548static inline psa_status_t psa_driver_wrapper_hash_setup(
1549    psa_hash_operation_t *operation,
1550    psa_algorithm_t alg )
1551{
1552    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1553
1554    /* Try setup on accelerators first */
1555#if defined(PSA_CRYPTO_DRIVER_TEST)
1556    status = mbedtls_test_transparent_hash_setup(
1557                &operation->ctx.test_driver_ctx, alg );
1558    if( status == PSA_SUCCESS )
1559        operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
1560
1561    if( status != PSA_ERROR_NOT_SUPPORTED )
1562        return( status );
1563#endif
1564
1565    /* If software fallback is compiled in, try fallback */
1566#if defined(MBEDTLS_PSA_BUILTIN_HASH)
1567    status = mbedtls_psa_hash_setup( &operation->ctx.mbedtls_ctx, alg );
1568    if( status == PSA_SUCCESS )
1569        operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1570
1571    if( status != PSA_ERROR_NOT_SUPPORTED )
1572        return( status );
1573#endif
1574    /* Nothing left to try if we fall through here */
1575    (void) status;
1576    (void) operation;
1577    (void) alg;
1578    return( PSA_ERROR_NOT_SUPPORTED );
1579}
1580
1581static inline psa_status_t psa_driver_wrapper_hash_clone(
1582    const psa_hash_operation_t *source_operation,
1583    psa_hash_operation_t *target_operation )
1584{
1585    switch( source_operation->id )
1586    {
1587#if defined(MBEDTLS_PSA_BUILTIN_HASH)
1588        case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1589            target_operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1590            return( mbedtls_psa_hash_clone( &source_operation->ctx.mbedtls_ctx,
1591                                            &target_operation->ctx.mbedtls_ctx ) );
1592#endif
1593#if defined(PSA_CRYPTO_DRIVER_TEST)
1594        case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1595            target_operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
1596            return( mbedtls_test_transparent_hash_clone(
1597                        &source_operation->ctx.test_driver_ctx,
1598                        &target_operation->ctx.test_driver_ctx ) );
1599#endif
1600        default:
1601            (void) target_operation;
1602            return( PSA_ERROR_BAD_STATE );
1603    }
1604}
1605
1606static inline psa_status_t psa_driver_wrapper_hash_update(
1607    psa_hash_operation_t *operation,
1608    const uint8_t *input,
1609    size_t input_length )
1610{
1611    switch( operation->id )
1612    {
1613#if defined(MBEDTLS_PSA_BUILTIN_HASH)
1614        case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1615            return( mbedtls_psa_hash_update( &operation->ctx.mbedtls_ctx,
1616                                             input, input_length ) );
1617#endif
1618#if defined(PSA_CRYPTO_DRIVER_TEST)
1619        case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1620            return( mbedtls_test_transparent_hash_update(
1621                        &operation->ctx.test_driver_ctx,
1622                        input, input_length ) );
1623#endif
1624        default:
1625            (void) input;
1626            (void) input_length;
1627            return( PSA_ERROR_BAD_STATE );
1628    }
1629}
1630
1631static inline psa_status_t psa_driver_wrapper_hash_finish(
1632    psa_hash_operation_t *operation,
1633    uint8_t *hash,
1634    size_t hash_size,
1635    size_t *hash_length )
1636{
1637    switch( operation->id )
1638    {
1639#if defined(MBEDTLS_PSA_BUILTIN_HASH)
1640        case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1641            return( mbedtls_psa_hash_finish( &operation->ctx.mbedtls_ctx,
1642                                             hash, hash_size, hash_length ) );
1643#endif
1644#if defined(PSA_CRYPTO_DRIVER_TEST)
1645        case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1646            return( mbedtls_test_transparent_hash_finish(
1647                        &operation->ctx.test_driver_ctx,
1648                        hash, hash_size, hash_length ) );
1649#endif
1650        default:
1651            (void) hash;
1652            (void) hash_size;
1653            (void) hash_length;
1654            return( PSA_ERROR_BAD_STATE );
1655    }
1656}
1657
1658static inline psa_status_t psa_driver_wrapper_hash_abort(
1659    psa_hash_operation_t *operation )
1660{
1661    switch( operation->id )
1662    {
1663#if defined(MBEDTLS_PSA_BUILTIN_HASH)
1664        case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1665            return( mbedtls_psa_hash_abort( &operation->ctx.mbedtls_ctx ) );
1666#endif
1667#if defined(PSA_CRYPTO_DRIVER_TEST)
1668        case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1669            return( mbedtls_test_transparent_hash_abort(
1670                        &operation->ctx.test_driver_ctx ) );
1671#endif
1672        default:
1673            return( PSA_ERROR_BAD_STATE );
1674    }
1675}
1676
1677static inline psa_status_t psa_driver_wrapper_aead_encrypt(
1678    const psa_key_attributes_t *attributes,
1679    const uint8_t *key_buffer, size_t key_buffer_size,
1680    psa_algorithm_t alg,
1681    const uint8_t *nonce, size_t nonce_length,
1682    const uint8_t *additional_data, size_t additional_data_length,
1683    const uint8_t *plaintext, size_t plaintext_length,
1684    uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length )
1685{
1686    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1687    psa_key_location_t location =
1688        PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
1689
1690    switch( location )
1691    {
1692        case PSA_KEY_LOCATION_LOCAL_STORAGE:
1693            /* Key is stored in the slot in export representation, so
1694             * cycle through all known transparent accelerators */
1695
1696#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1697#if defined(PSA_CRYPTO_DRIVER_TEST)
1698            status = mbedtls_test_transparent_aead_encrypt(
1699                         attributes, key_buffer, key_buffer_size,
1700                         alg,
1701                         nonce, nonce_length,
1702                         additional_data, additional_data_length,
1703                         plaintext, plaintext_length,
1704                         ciphertext, ciphertext_size, ciphertext_length );
1705            /* Declared with fallback == true */
1706            if( status != PSA_ERROR_NOT_SUPPORTED )
1707                return( status );
1708#endif /* PSA_CRYPTO_DRIVER_TEST */
1709#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1710
1711            /* Fell through, meaning no accelerator supports this operation */
1712            return( mbedtls_psa_aead_encrypt(
1713                        attributes, key_buffer, key_buffer_size,
1714                        alg,
1715                        nonce, nonce_length,
1716                        additional_data, additional_data_length,
1717                        plaintext, plaintext_length,
1718                        ciphertext, ciphertext_size, ciphertext_length ) );
1719
1720        /* Add cases for opaque driver here */
1721
1722        default:
1723            /* Key is declared with a lifetime not known to us */
1724            (void)status;
1725            return( PSA_ERROR_INVALID_ARGUMENT );
1726    }
1727}
1728
1729static inline psa_status_t psa_driver_wrapper_aead_decrypt(
1730    const psa_key_attributes_t *attributes,
1731    const uint8_t *key_buffer, size_t key_buffer_size,
1732    psa_algorithm_t alg,
1733    const uint8_t *nonce, size_t nonce_length,
1734    const uint8_t *additional_data, size_t additional_data_length,
1735    const uint8_t *ciphertext, size_t ciphertext_length,
1736    uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length )
1737{
1738    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1739    psa_key_location_t location =
1740        PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
1741
1742    switch( location )
1743    {
1744        case PSA_KEY_LOCATION_LOCAL_STORAGE:
1745            /* Key is stored in the slot in export representation, so
1746             * cycle through all known transparent accelerators */
1747
1748#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1749#if defined(PSA_CRYPTO_DRIVER_TEST)
1750            status = mbedtls_test_transparent_aead_decrypt(
1751                        attributes, key_buffer, key_buffer_size,
1752                        alg,
1753                        nonce, nonce_length,
1754                        additional_data, additional_data_length,
1755                        ciphertext, ciphertext_length,
1756                        plaintext, plaintext_size, plaintext_length );
1757            /* Declared with fallback == true */
1758            if( status != PSA_ERROR_NOT_SUPPORTED )
1759                return( status );
1760#endif /* PSA_CRYPTO_DRIVER_TEST */
1761#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1762
1763            /* Fell through, meaning no accelerator supports this operation */
1764            return( mbedtls_psa_aead_decrypt(
1765                        attributes, key_buffer, key_buffer_size,
1766                        alg,
1767                        nonce, nonce_length,
1768                        additional_data, additional_data_length,
1769                        ciphertext, ciphertext_length,
1770                        plaintext, plaintext_size, plaintext_length ) );
1771
1772        /* Add cases for opaque driver here */
1773
1774        default:
1775            /* Key is declared with a lifetime not known to us */
1776            (void)status;
1777            return( PSA_ERROR_INVALID_ARGUMENT );
1778    }
1779}
1780
1781static inline psa_status_t psa_driver_wrapper_aead_encrypt_setup(
1782   psa_aead_operation_t *operation,
1783   const psa_key_attributes_t *attributes,
1784   const uint8_t *key_buffer, size_t key_buffer_size,
1785   psa_algorithm_t alg )
1786{
1787    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1788    psa_key_location_t location =
1789        PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
1790
1791    switch( location )
1792    {
1793        case PSA_KEY_LOCATION_LOCAL_STORAGE:
1794            /* Key is stored in the slot in export representation, so
1795             * cycle through all known transparent accelerators */
1796
1797#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1798#if defined(PSA_CRYPTO_DRIVER_TEST)
1799            operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
1800            status = mbedtls_test_transparent_aead_encrypt_setup(
1801                        &operation->ctx.transparent_test_driver_ctx,
1802                        attributes, key_buffer, key_buffer_size,
1803                        alg );
1804
1805            /* Declared with fallback == true */
1806            if( status != PSA_ERROR_NOT_SUPPORTED )
1807                return( status );
1808#endif /* PSA_CRYPTO_DRIVER_TEST */
1809#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1810
1811            /* Fell through, meaning no accelerator supports this operation */
1812            operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1813            status = mbedtls_psa_aead_encrypt_setup(
1814                        &operation->ctx.mbedtls_ctx, attributes,
1815                        key_buffer, key_buffer_size,
1816                        alg );
1817
1818            return( status );
1819
1820        /* Add cases for opaque driver here */
1821
1822        default:
1823            /* Key is declared with a lifetime not known to us */
1824            (void)status;
1825            return( PSA_ERROR_INVALID_ARGUMENT );
1826    }
1827}
1828
1829static inline psa_status_t psa_driver_wrapper_aead_decrypt_setup(
1830   psa_aead_operation_t *operation,
1831   const psa_key_attributes_t *attributes,
1832   const uint8_t *key_buffer, size_t key_buffer_size,
1833   psa_algorithm_t alg )
1834{
1835    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1836    psa_key_location_t location =
1837        PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
1838
1839    switch( location )
1840    {
1841        case PSA_KEY_LOCATION_LOCAL_STORAGE:
1842            /* Key is stored in the slot in export representation, so
1843             * cycle through all known transparent accelerators */
1844
1845#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1846#if defined(PSA_CRYPTO_DRIVER_TEST)
1847            operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
1848            status = mbedtls_test_transparent_aead_decrypt_setup(
1849                        &operation->ctx.transparent_test_driver_ctx,
1850                        attributes,
1851                        key_buffer, key_buffer_size,
1852                        alg );
1853
1854            /* Declared with fallback == true */
1855            if( status != PSA_ERROR_NOT_SUPPORTED )
1856                return( status );
1857#endif /* PSA_CRYPTO_DRIVER_TEST */
1858#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1859
1860            /* Fell through, meaning no accelerator supports this operation */
1861            operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1862            status = mbedtls_psa_aead_decrypt_setup(
1863                        &operation->ctx.mbedtls_ctx,
1864                        attributes,
1865                        key_buffer, key_buffer_size,
1866                        alg );
1867
1868            return( status );
1869
1870        /* Add cases for opaque driver here */
1871
1872        default:
1873            /* Key is declared with a lifetime not known to us */
1874            (void)status;
1875            return( PSA_ERROR_INVALID_ARGUMENT );
1876    }
1877}
1878
1879static inline psa_status_t psa_driver_wrapper_aead_set_nonce(
1880   psa_aead_operation_t *operation,
1881   const uint8_t *nonce,
1882   size_t nonce_length )
1883{
1884    switch( operation->id )
1885    {
1886#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
1887        case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1888            return( mbedtls_psa_aead_set_nonce( &operation->ctx.mbedtls_ctx,
1889                                                nonce,
1890                                                nonce_length ) );
1891
1892#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
1893
1894#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1895#if defined(PSA_CRYPTO_DRIVER_TEST)
1896        case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1897            return( mbedtls_test_transparent_aead_set_nonce(
1898                         &operation->ctx.transparent_test_driver_ctx,
1899                         nonce, nonce_length ) );
1900
1901        /* Add cases for opaque driver here */
1902
1903#endif /* PSA_CRYPTO_DRIVER_TEST */
1904#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1905    }
1906
1907    (void)nonce;
1908    (void)nonce_length;
1909
1910    return( PSA_ERROR_INVALID_ARGUMENT );
1911}
1912
1913static inline psa_status_t psa_driver_wrapper_aead_set_lengths(
1914   psa_aead_operation_t *operation,
1915   size_t ad_length,
1916   size_t plaintext_length )
1917{
1918    switch( operation->id )
1919    {
1920#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
1921        case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1922            return( mbedtls_psa_aead_set_lengths( &operation->ctx.mbedtls_ctx,
1923                                                  ad_length,
1924                                                  plaintext_length ) );
1925
1926#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
1927
1928#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1929#if defined(PSA_CRYPTO_DRIVER_TEST)
1930        case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1931            return( mbedtls_test_transparent_aead_set_lengths(
1932                        &operation->ctx.transparent_test_driver_ctx,
1933                        ad_length, plaintext_length ) );
1934
1935        /* Add cases for opaque driver here */
1936
1937#endif /* PSA_CRYPTO_DRIVER_TEST */
1938#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1939    }
1940
1941    (void)ad_length;
1942    (void)plaintext_length;
1943
1944    return( PSA_ERROR_INVALID_ARGUMENT );
1945}
1946
1947static inline psa_status_t psa_driver_wrapper_aead_update_ad(
1948   psa_aead_operation_t *operation,
1949   const uint8_t *input,
1950   size_t input_length )
1951{
1952    switch( operation->id )
1953    {
1954#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
1955        case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1956            return( mbedtls_psa_aead_update_ad( &operation->ctx.mbedtls_ctx,
1957                                                input,
1958                                                input_length ) );
1959
1960#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
1961
1962#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1963#if defined(PSA_CRYPTO_DRIVER_TEST)
1964        case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1965            return( mbedtls_test_transparent_aead_update_ad(
1966                        &operation->ctx.transparent_test_driver_ctx,
1967                        input, input_length ) );
1968
1969        /* Add cases for opaque driver here */
1970
1971#endif /* PSA_CRYPTO_DRIVER_TEST */
1972#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1973    }
1974
1975    (void)input;
1976    (void)input_length;
1977
1978    return( PSA_ERROR_INVALID_ARGUMENT );
1979}
1980
1981static inline psa_status_t psa_driver_wrapper_aead_update(
1982   psa_aead_operation_t *operation,
1983   const uint8_t *input,
1984   size_t input_length,
1985   uint8_t *output,
1986   size_t output_size,
1987   size_t *output_length )
1988{
1989    switch( operation->id )
1990    {
1991#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
1992        case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1993            return( mbedtls_psa_aead_update( &operation->ctx.mbedtls_ctx,
1994                                             input, input_length,
1995                                             output, output_size,
1996                                             output_length ) );
1997
1998#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
1999
2000#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2001#if defined(PSA_CRYPTO_DRIVER_TEST)
2002        case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2003            return( mbedtls_test_transparent_aead_update(
2004                        &operation->ctx.transparent_test_driver_ctx,
2005                        input, input_length, output, output_size,
2006                        output_length ) );
2007
2008        /* Add cases for opaque driver here */
2009
2010#endif /* PSA_CRYPTO_DRIVER_TEST */
2011#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2012    }
2013
2014    (void)input;
2015    (void)input_length;
2016    (void)output;
2017    (void)output_size;
2018    (void)output_length;
2019
2020    return( PSA_ERROR_INVALID_ARGUMENT );
2021}
2022
2023static inline psa_status_t psa_driver_wrapper_aead_finish(
2024   psa_aead_operation_t *operation,
2025   uint8_t *ciphertext,
2026   size_t ciphertext_size,
2027   size_t *ciphertext_length,
2028   uint8_t *tag,
2029   size_t tag_size,
2030   size_t *tag_length )
2031{
2032    switch( operation->id )
2033    {
2034#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
2035        case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2036            return( mbedtls_psa_aead_finish( &operation->ctx.mbedtls_ctx,
2037                                             ciphertext,
2038                                             ciphertext_size,
2039                                             ciphertext_length, tag,
2040                                             tag_size, tag_length ) );
2041
2042#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
2043
2044#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2045#if defined(PSA_CRYPTO_DRIVER_TEST)
2046        case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2047            return( mbedtls_test_transparent_aead_finish(
2048                        &operation->ctx.transparent_test_driver_ctx,
2049                        ciphertext, ciphertext_size,
2050                        ciphertext_length, tag, tag_size, tag_length ) );
2051
2052        /* Add cases for opaque driver here */
2053
2054#endif /* PSA_CRYPTO_DRIVER_TEST */
2055#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2056    }
2057
2058    (void)ciphertext;
2059    (void)ciphertext_size;
2060    (void)ciphertext_length;
2061    (void)tag;
2062    (void)tag_size;
2063    (void)tag_length;
2064
2065    return( PSA_ERROR_INVALID_ARGUMENT );
2066}
2067
2068static inline psa_status_t psa_driver_wrapper_aead_verify(
2069   psa_aead_operation_t *operation,
2070   uint8_t *plaintext,
2071   size_t plaintext_size,
2072   size_t *plaintext_length,
2073   const uint8_t *tag,
2074   size_t tag_length )
2075{
2076    switch( operation->id )
2077    {
2078#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
2079        case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2080            {
2081                psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2082                uint8_t check_tag[PSA_AEAD_TAG_MAX_SIZE];
2083                size_t check_tag_length;
2084
2085                status = mbedtls_psa_aead_finish( &operation->ctx.mbedtls_ctx,
2086                                                  plaintext,
2087                                                  plaintext_size,
2088                                                  plaintext_length,
2089                                                  check_tag,
2090                                                  sizeof( check_tag ),
2091                                                  &check_tag_length );
2092
2093                if( status == PSA_SUCCESS )
2094                {
2095                    if( tag_length != check_tag_length ||
2096                        mbedtls_ct_memcmp( tag, check_tag, tag_length )
2097                        != 0 )
2098                        status = PSA_ERROR_INVALID_SIGNATURE;
2099                }
2100
2101                mbedtls_platform_zeroize( check_tag, sizeof( check_tag ) );
2102
2103                return( status );
2104            }
2105
2106#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
2107
2108#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2109#if defined(PSA_CRYPTO_DRIVER_TEST)
2110        case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2111            return( mbedtls_test_transparent_aead_verify(
2112                        &operation->ctx.transparent_test_driver_ctx,
2113                        plaintext, plaintext_size,
2114                        plaintext_length, tag, tag_length ) );
2115
2116        /* Add cases for opaque driver here */
2117
2118#endif /* PSA_CRYPTO_DRIVER_TEST */
2119#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2120    }
2121
2122    (void)plaintext;
2123    (void)plaintext_size;
2124    (void)plaintext_length;
2125    (void)tag;
2126    (void)tag_length;
2127
2128    return( PSA_ERROR_INVALID_ARGUMENT );
2129}
2130
2131static inline psa_status_t psa_driver_wrapper_aead_abort(
2132   psa_aead_operation_t *operation )
2133{
2134    switch( operation->id )
2135    {
2136#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
2137        case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2138            return( mbedtls_psa_aead_abort( &operation->ctx.mbedtls_ctx ) );
2139
2140#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
2141
2142#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2143#if defined(PSA_CRYPTO_DRIVER_TEST)
2144        case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2145            return( mbedtls_test_transparent_aead_abort(
2146               &operation->ctx.transparent_test_driver_ctx ) );
2147
2148        /* Add cases for opaque driver here */
2149
2150#endif /* PSA_CRYPTO_DRIVER_TEST */
2151#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2152    }
2153
2154    return( PSA_ERROR_INVALID_ARGUMENT );
2155}
2156
2157/*
2158 * MAC functions
2159 */
2160static inline psa_status_t psa_driver_wrapper_mac_compute(
2161    const psa_key_attributes_t *attributes,
2162    const uint8_t *key_buffer,
2163    size_t key_buffer_size,
2164    psa_algorithm_t alg,
2165    const uint8_t *input,
2166    size_t input_length,
2167    uint8_t *mac,
2168    size_t mac_size,
2169    size_t *mac_length )
2170{
2171    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2172    psa_key_location_t location =
2173        PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
2174
2175    switch( location )
2176    {
2177        case PSA_KEY_LOCATION_LOCAL_STORAGE:
2178            /* Key is stored in the slot in export representation, so
2179             * cycle through all known transparent accelerators */
2180#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2181#if defined(PSA_CRYPTO_DRIVER_TEST)
2182            status = mbedtls_test_transparent_mac_compute(
2183                attributes, key_buffer, key_buffer_size, alg,
2184                input, input_length,
2185                mac, mac_size, mac_length );
2186            /* Declared with fallback == true */
2187            if( status != PSA_ERROR_NOT_SUPPORTED )
2188                return( status );
2189#endif /* PSA_CRYPTO_DRIVER_TEST */
2190#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2191#if defined(MBEDTLS_PSA_BUILTIN_MAC)
2192            /* Fell through, meaning no accelerator supports this operation */
2193            status = mbedtls_psa_mac_compute(
2194                attributes, key_buffer, key_buffer_size, alg,
2195                input, input_length,
2196                mac, mac_size, mac_length );
2197            if( status != PSA_ERROR_NOT_SUPPORTED )
2198                return( status );
2199#endif /* MBEDTLS_PSA_BUILTIN_MAC */
2200            return( PSA_ERROR_NOT_SUPPORTED );
2201
2202        /* Add cases for opaque driver here */
2203#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2204#if defined(PSA_CRYPTO_DRIVER_TEST)
2205        case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2206            status = mbedtls_test_opaque_mac_compute(
2207                attributes, key_buffer, key_buffer_size, alg,
2208                input, input_length,
2209                mac, mac_size, mac_length );
2210            return( status );
2211#endif /* PSA_CRYPTO_DRIVER_TEST */
2212#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2213        default:
2214            /* Key is declared with a lifetime not known to us */
2215            (void) key_buffer;
2216            (void) key_buffer_size;
2217            (void) alg;
2218            (void) input;
2219            (void) input_length;
2220            (void) mac;
2221            (void) mac_size;
2222            (void) mac_length;
2223            (void) status;
2224            return( PSA_ERROR_INVALID_ARGUMENT );
2225    }
2226}
2227
2228static inline psa_status_t psa_driver_wrapper_mac_sign_setup(
2229    psa_mac_operation_t *operation,
2230    const psa_key_attributes_t *attributes,
2231    const uint8_t *key_buffer,
2232    size_t key_buffer_size,
2233    psa_algorithm_t alg )
2234{
2235    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2236    psa_key_location_t location =
2237        PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
2238
2239    switch( location )
2240    {
2241        case PSA_KEY_LOCATION_LOCAL_STORAGE:
2242            /* Key is stored in the slot in export representation, so
2243             * cycle through all known transparent accelerators */
2244#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2245#if defined(PSA_CRYPTO_DRIVER_TEST)
2246            status = mbedtls_test_transparent_mac_sign_setup(
2247                &operation->ctx.transparent_test_driver_ctx,
2248                attributes,
2249                key_buffer, key_buffer_size,
2250                alg );
2251            /* Declared with fallback == true */
2252            if( status == PSA_SUCCESS )
2253                operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
2254
2255            if( status != PSA_ERROR_NOT_SUPPORTED )
2256                return( status );
2257#endif /* PSA_CRYPTO_DRIVER_TEST */
2258#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2259#if defined(MBEDTLS_PSA_BUILTIN_MAC)
2260            /* Fell through, meaning no accelerator supports this operation */
2261            status = mbedtls_psa_mac_sign_setup( &operation->ctx.mbedtls_ctx,
2262                                                 attributes,
2263                                                 key_buffer, key_buffer_size,
2264                                                 alg );
2265            if( status == PSA_SUCCESS )
2266                operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
2267
2268            if( status != PSA_ERROR_NOT_SUPPORTED )
2269                return( status );
2270#endif /* MBEDTLS_PSA_BUILTIN_MAC */
2271            return( PSA_ERROR_NOT_SUPPORTED );
2272
2273        /* Add cases for opaque driver here */
2274#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2275#if defined(PSA_CRYPTO_DRIVER_TEST)
2276        case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2277            status = mbedtls_test_opaque_mac_sign_setup(
2278                &operation->ctx.opaque_test_driver_ctx,
2279                attributes,
2280                key_buffer, key_buffer_size,
2281                alg );
2282
2283            if( status == PSA_SUCCESS )
2284                operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID;
2285
2286            return( status );
2287#endif /* PSA_CRYPTO_DRIVER_TEST */
2288#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2289        default:
2290            /* Key is declared with a lifetime not known to us */
2291            (void) status;
2292            (void) operation;
2293            (void) key_buffer;
2294            (void) key_buffer_size;
2295            (void) alg;
2296            return( PSA_ERROR_INVALID_ARGUMENT );
2297    }
2298}
2299
2300static inline psa_status_t psa_driver_wrapper_mac_verify_setup(
2301    psa_mac_operation_t *operation,
2302    const psa_key_attributes_t *attributes,
2303    const uint8_t *key_buffer,
2304    size_t key_buffer_size,
2305    psa_algorithm_t alg )
2306{
2307    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2308    psa_key_location_t location =
2309        PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
2310
2311    switch( location )
2312    {
2313        case PSA_KEY_LOCATION_LOCAL_STORAGE:
2314            /* Key is stored in the slot in export representation, so
2315             * cycle through all known transparent accelerators */
2316#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2317#if defined(PSA_CRYPTO_DRIVER_TEST)
2318            status = mbedtls_test_transparent_mac_verify_setup(
2319                &operation->ctx.transparent_test_driver_ctx,
2320                attributes,
2321                key_buffer, key_buffer_size,
2322                alg );
2323            /* Declared with fallback == true */
2324            if( status == PSA_SUCCESS )
2325                operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
2326
2327            if( status != PSA_ERROR_NOT_SUPPORTED )
2328                return( status );
2329#endif /* PSA_CRYPTO_DRIVER_TEST */
2330#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2331#if defined(MBEDTLS_PSA_BUILTIN_MAC)
2332            /* Fell through, meaning no accelerator supports this operation */
2333            status = mbedtls_psa_mac_verify_setup( &operation->ctx.mbedtls_ctx,
2334                                                   attributes,
2335                                                   key_buffer, key_buffer_size,
2336                                                   alg );
2337            if( status == PSA_SUCCESS )
2338                operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
2339
2340            if( status != PSA_ERROR_NOT_SUPPORTED )
2341                return( status );
2342#endif /* MBEDTLS_PSA_BUILTIN_MAC */
2343            return( PSA_ERROR_NOT_SUPPORTED );
2344
2345        /* Add cases for opaque driver here */
2346#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2347#if defined(PSA_CRYPTO_DRIVER_TEST)
2348        case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2349            status = mbedtls_test_opaque_mac_verify_setup(
2350                &operation->ctx.opaque_test_driver_ctx,
2351                attributes,
2352                key_buffer, key_buffer_size,
2353                alg );
2354
2355            if( status == PSA_SUCCESS )
2356                operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID;
2357
2358            return( status );
2359#endif /* PSA_CRYPTO_DRIVER_TEST */
2360#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2361        default:
2362            /* Key is declared with a lifetime not known to us */
2363            (void) status;
2364            (void) operation;
2365            (void) key_buffer;
2366            (void) key_buffer_size;
2367            (void) alg;
2368            return( PSA_ERROR_INVALID_ARGUMENT );
2369    }
2370}
2371
2372static inline psa_status_t psa_driver_wrapper_mac_update(
2373    psa_mac_operation_t *operation,
2374    const uint8_t *input,
2375    size_t input_length )
2376{
2377    switch( operation->id )
2378    {
2379#if defined(MBEDTLS_PSA_BUILTIN_MAC)
2380        case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2381            return( mbedtls_psa_mac_update( &operation->ctx.mbedtls_ctx,
2382                                            input, input_length ) );
2383#endif /* MBEDTLS_PSA_BUILTIN_MAC */
2384
2385#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2386#if defined(PSA_CRYPTO_DRIVER_TEST)
2387        case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2388            return( mbedtls_test_transparent_mac_update(
2389                        &operation->ctx.transparent_test_driver_ctx,
2390                        input, input_length ) );
2391
2392        case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
2393            return( mbedtls_test_opaque_mac_update(
2394                        &operation->ctx.opaque_test_driver_ctx,
2395                        input, input_length ) );
2396#endif /* PSA_CRYPTO_DRIVER_TEST */
2397#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2398        default:
2399            (void) input;
2400            (void) input_length;
2401            return( PSA_ERROR_INVALID_ARGUMENT );
2402    }
2403}
2404
2405static inline psa_status_t psa_driver_wrapper_mac_sign_finish(
2406    psa_mac_operation_t *operation,
2407    uint8_t *mac,
2408    size_t mac_size,
2409    size_t *mac_length )
2410{
2411    switch( operation->id )
2412    {
2413#if defined(MBEDTLS_PSA_BUILTIN_MAC)
2414        case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2415            return( mbedtls_psa_mac_sign_finish( &operation->ctx.mbedtls_ctx,
2416                                                 mac, mac_size, mac_length ) );
2417#endif /* MBEDTLS_PSA_BUILTIN_MAC */
2418
2419#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2420#if defined(PSA_CRYPTO_DRIVER_TEST)
2421        case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2422            return( mbedtls_test_transparent_mac_sign_finish(
2423                        &operation->ctx.transparent_test_driver_ctx,
2424                        mac, mac_size, mac_length ) );
2425
2426        case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
2427            return( mbedtls_test_opaque_mac_sign_finish(
2428                        &operation->ctx.opaque_test_driver_ctx,
2429                        mac, mac_size, mac_length ) );
2430#endif /* PSA_CRYPTO_DRIVER_TEST */
2431#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2432        default:
2433            (void) mac;
2434            (void) mac_size;
2435            (void) mac_length;
2436            return( PSA_ERROR_INVALID_ARGUMENT );
2437    }
2438}
2439
2440static inline psa_status_t psa_driver_wrapper_mac_verify_finish(
2441    psa_mac_operation_t *operation,
2442    const uint8_t *mac,
2443    size_t mac_length )
2444{
2445    switch( operation->id )
2446    {
2447#if defined(MBEDTLS_PSA_BUILTIN_MAC)
2448        case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2449            return( mbedtls_psa_mac_verify_finish( &operation->ctx.mbedtls_ctx,
2450                                                   mac, mac_length ) );
2451#endif /* MBEDTLS_PSA_BUILTIN_MAC */
2452
2453#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2454#if defined(PSA_CRYPTO_DRIVER_TEST)
2455        case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2456            return( mbedtls_test_transparent_mac_verify_finish(
2457                        &operation->ctx.transparent_test_driver_ctx,
2458                        mac, mac_length ) );
2459
2460        case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
2461            return( mbedtls_test_opaque_mac_verify_finish(
2462                        &operation->ctx.opaque_test_driver_ctx,
2463                        mac, mac_length ) );
2464#endif /* PSA_CRYPTO_DRIVER_TEST */
2465#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2466        default:
2467            (void) mac;
2468            (void) mac_length;
2469            return( PSA_ERROR_INVALID_ARGUMENT );
2470    }
2471}
2472
2473static inline psa_status_t psa_driver_wrapper_mac_abort(
2474    psa_mac_operation_t *operation )
2475{
2476    switch( operation->id )
2477    {
2478#if defined(MBEDTLS_PSA_BUILTIN_MAC)
2479        case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2480            return( mbedtls_psa_mac_abort( &operation->ctx.mbedtls_ctx ) );
2481#endif /* MBEDTLS_PSA_BUILTIN_MAC */
2482
2483#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2484#if defined(PSA_CRYPTO_DRIVER_TEST)
2485        case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2486            return( mbedtls_test_transparent_mac_abort(
2487                        &operation->ctx.transparent_test_driver_ctx ) );
2488        case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
2489            return( mbedtls_test_opaque_mac_abort(
2490                        &operation->ctx.opaque_test_driver_ctx ) );
2491#endif /* PSA_CRYPTO_DRIVER_TEST */
2492#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2493        default:
2494            return( PSA_ERROR_INVALID_ARGUMENT );
2495    }
2496}
2497
2498/*
2499 * Asymmetric cryptography
2500 */
2501static inline psa_status_t psa_driver_wrapper_asymmetric_encrypt(
2502    const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
2503    size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input,
2504    size_t input_length, const uint8_t *salt, size_t salt_length,
2505    uint8_t *output, size_t output_size, size_t *output_length )
2506{
2507    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2508    psa_key_location_t location =
2509        PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
2510
2511    switch( location )
2512    {
2513        case PSA_KEY_LOCATION_LOCAL_STORAGE:
2514            /* Key is stored in the slot in export representation, so
2515             * cycle through all known transparent accelerators */
2516#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2517#if defined(PSA_CRYPTO_DRIVER_TEST)
2518            status = mbedtls_test_transparent_asymmetric_encrypt( attributes,
2519                        key_buffer, key_buffer_size, alg, input, input_length,
2520                        salt, salt_length, output, output_size,
2521                        output_length );
2522            /* Declared with fallback == true */
2523            if( status != PSA_ERROR_NOT_SUPPORTED )
2524                return( status );
2525#endif /* PSA_CRYPTO_DRIVER_TEST */
2526#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2527            return( mbedtls_psa_asymmetric_encrypt( attributes,
2528                        key_buffer, key_buffer_size, alg, input, input_length,
2529                        salt, salt_length, output, output_size, output_length )
2530                  );
2531        /* Add cases for opaque driver here */
2532#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2533#if defined(PSA_CRYPTO_DRIVER_TEST)
2534        case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2535            return( mbedtls_test_opaque_asymmetric_encrypt( attributes,
2536                        key_buffer, key_buffer_size, alg, input, input_length,
2537                        salt, salt_length, output, output_size, output_length )
2538                  );
2539#endif /* PSA_CRYPTO_DRIVER_TEST */
2540#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2541
2542        default:
2543            /* Key is declared with a lifetime not known to us */
2544            (void)status;
2545            (void)key_buffer;
2546            (void)key_buffer_size;
2547            (void)alg;
2548            (void)input;
2549            (void)input_length;
2550            (void)salt;
2551            (void)salt_length;
2552            (void)output;
2553            (void)output_size;
2554            (void)output_length;
2555            return( PSA_ERROR_INVALID_ARGUMENT );
2556    }
2557}
2558
2559static inline psa_status_t psa_driver_wrapper_asymmetric_decrypt(
2560    const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
2561    size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input,
2562    size_t input_length, const uint8_t *salt, size_t salt_length,
2563    uint8_t *output, size_t output_size, size_t *output_length )
2564{
2565    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2566    psa_key_location_t location =
2567        PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
2568
2569    switch( location )
2570    {
2571        case PSA_KEY_LOCATION_LOCAL_STORAGE:
2572            /* Key is stored in the slot in export representation, so
2573             * cycle through all known transparent accelerators */
2574#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2575#if defined(PSA_CRYPTO_DRIVER_TEST)
2576            status = mbedtls_test_transparent_asymmetric_decrypt( attributes,
2577                        key_buffer, key_buffer_size, alg, input, input_length,
2578                        salt, salt_length, output, output_size,
2579                        output_length );
2580            /* Declared with fallback == true */
2581            if( status != PSA_ERROR_NOT_SUPPORTED )
2582                return( status );
2583#endif /* PSA_CRYPTO_DRIVER_TEST */
2584#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2585            return( mbedtls_psa_asymmetric_decrypt( attributes,
2586                        key_buffer, key_buffer_size, alg,input, input_length,
2587                        salt, salt_length, output, output_size,
2588                        output_length ) );
2589        /* Add cases for opaque driver here */
2590#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2591#if defined(PSA_CRYPTO_DRIVER_TEST)
2592        case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2593            return( mbedtls_test_opaque_asymmetric_decrypt( attributes,
2594                        key_buffer, key_buffer_size, alg, input, input_length,
2595                        salt, salt_length, output, output_size,
2596                        output_length ) );
2597#endif /* PSA_CRYPTO_DRIVER_TEST */
2598#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2599
2600        default:
2601            /* Key is declared with a lifetime not known to us */
2602            (void)status;
2603            (void)key_buffer;
2604            (void)key_buffer_size;
2605            (void)alg;
2606            (void)input;
2607            (void)input_length;
2608            (void)salt;
2609            (void)salt_length;
2610            (void)output;
2611            (void)output_size;
2612            (void)output_length;
2613            return( PSA_ERROR_INVALID_ARGUMENT );
2614    }
2615}
2616
2617static inline psa_status_t psa_driver_wrapper_key_agreement(
2618    const psa_key_attributes_t *attributes,
2619    const uint8_t *key_buffer,
2620    size_t key_buffer_size,
2621    psa_algorithm_t alg,
2622    const uint8_t *peer_key,
2623    size_t peer_key_length,
2624    uint8_t *shared_secret,
2625    size_t shared_secret_size,
2626    size_t *shared_secret_length
2627 )
2628{
2629    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2630    psa_key_location_t location =
2631        PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
2632
2633    switch( location )
2634    {
2635        case PSA_KEY_LOCATION_LOCAL_STORAGE:
2636            /* Key is stored in the slot in export representation, so
2637             * cycle through all known transparent accelerators */
2638#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2639#if defined(PSA_CRYPTO_DRIVER_TEST)
2640            status =
2641                mbedtls_test_transparent_key_agreement( attributes,
2642                        key_buffer, key_buffer_size, alg, peer_key,
2643                        peer_key_length, shared_secret, shared_secret_size,
2644                        shared_secret_length );
2645            if( status != PSA_ERROR_NOT_SUPPORTED )
2646                return( status );
2647#endif /* PSA_CRYPTO_DRIVER_TEST */
2648#if defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED)
2649            if( PSA_KEY_TYPE_IS_ECC( psa_get_key_type(attributes) ) &&
2650                PSA_ALG_IS_ECDH(alg) &&
2651                PSA_KEY_TYPE_ECC_GET_FAMILY(psa_get_key_type(attributes)) == PSA_ECC_FAMILY_SECP_R1 &&
2652                psa_get_key_bits(attributes) == 256 )
2653            {
2654                status = p256_transparent_key_agreement( attributes,
2655                                                         key_buffer,
2656                                                         key_buffer_size,
2657                                                         alg,
2658                                                         peer_key,
2659                                                         peer_key_length,
2660                                                         shared_secret,
2661                                                         shared_secret_size,
2662                                                         shared_secret_length );
2663                if( status != PSA_ERROR_NOT_SUPPORTED)
2664                    return( status );
2665            }
2666#endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */
2667#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2668
2669            /* Software Fallback */
2670            status = psa_key_agreement_raw_builtin( attributes,
2671                                                    key_buffer,
2672                                                    key_buffer_size,
2673                                                    alg,
2674                                                    peer_key,
2675                                                    peer_key_length,
2676                                                    shared_secret,
2677                                                    shared_secret_size,
2678                                                    shared_secret_length );
2679            return( status );
2680#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2681#if defined(PSA_CRYPTO_DRIVER_TEST)
2682        case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2683            return( mbedtls_test_opaque_key_agreement( attributes,
2684                        key_buffer, key_buffer_size, alg, peer_key,
2685                        peer_key_length, shared_secret, shared_secret_size,
2686                        shared_secret_length ) );
2687#endif /* PSA_CRYPTO_DRIVER_TEST */
2688#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2689
2690        default:
2691            (void) attributes;
2692            (void) key_buffer;
2693            (void) key_buffer_size;
2694            (void) peer_key;
2695            (void) peer_key_length;
2696            (void) shared_secret;
2697            (void) shared_secret_size;
2698            (void) shared_secret_length;
2699            return( PSA_ERROR_NOT_SUPPORTED );
2700
2701    }
2702}
2703
2704static inline psa_status_t psa_driver_wrapper_pake_setup(
2705    psa_pake_operation_t *operation,
2706    const psa_crypto_driver_pake_inputs_t *inputs )
2707{
2708    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2709
2710    psa_key_location_t location =
2711            PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime( &inputs->attributes ) );
2712
2713    switch( location )
2714    {
2715        case PSA_KEY_LOCATION_LOCAL_STORAGE:
2716            /* Key is stored in the slot in export representation, so
2717             * cycle through all known transparent accelerators */
2718            status = PSA_ERROR_NOT_SUPPORTED;
2719#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2720#if defined(PSA_CRYPTO_DRIVER_TEST)
2721            status = mbedtls_test_transparent_pake_setup(
2722                        &operation->data.ctx.transparent_test_driver_ctx,
2723                        inputs );
2724            if( status == PSA_SUCCESS )
2725                operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
2726            /* Declared with fallback == true */
2727            if( status != PSA_ERROR_NOT_SUPPORTED )
2728                return( status );
2729#endif /* PSA_CRYPTO_DRIVER_TEST */
2730#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2731#if defined(MBEDTLS_PSA_BUILTIN_PAKE)
2732            status = mbedtls_psa_pake_setup( &operation->data.ctx.mbedtls_ctx,
2733                        inputs );
2734            if( status == PSA_SUCCESS )
2735                operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
2736#endif
2737            return status;
2738        /* Add cases for opaque driver here */
2739        default:
2740            /* Key is declared with a lifetime not known to us */
2741            (void)operation;
2742            return( PSA_ERROR_INVALID_ARGUMENT );
2743    }
2744}
2745
2746static inline psa_status_t psa_driver_wrapper_pake_output(
2747    psa_pake_operation_t *operation,
2748    psa_crypto_driver_pake_step_t step,
2749    uint8_t *output,
2750    size_t output_size,
2751    size_t *output_length )
2752{
2753    switch( operation->id )
2754    {
2755#if defined(MBEDTLS_PSA_BUILTIN_PAKE)
2756        case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2757            return( mbedtls_psa_pake_output( &operation->data.ctx.mbedtls_ctx, step,
2758                                             output, output_size, output_length ) );
2759#endif /* MBEDTLS_PSA_BUILTIN_PAKE */
2760
2761#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2762#if defined(PSA_CRYPTO_DRIVER_TEST)
2763        case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2764            return( mbedtls_test_transparent_pake_output(
2765                        &operation->data.ctx.transparent_test_driver_ctx,
2766                        step, output, output_size, output_length ) );
2767#endif /* PSA_CRYPTO_DRIVER_TEST */
2768#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2769        default:
2770            (void) step;
2771            (void) output;
2772            (void) output_size;
2773            (void) output_length;
2774            return( PSA_ERROR_INVALID_ARGUMENT );
2775    }
2776}
2777
2778static inline psa_status_t psa_driver_wrapper_pake_input(
2779    psa_pake_operation_t *operation,
2780    psa_crypto_driver_pake_step_t step,
2781    const uint8_t *input,
2782    size_t input_length )
2783{
2784    switch( operation->id )
2785    {
2786#if defined(MBEDTLS_PSA_BUILTIN_PAKE)
2787        case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2788            return( mbedtls_psa_pake_input( &operation->data.ctx.mbedtls_ctx,
2789                                            step, input,
2790                                            input_length ) );
2791#endif /* MBEDTLS_PSA_BUILTIN_PAKE */
2792
2793#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2794#if defined(PSA_CRYPTO_DRIVER_TEST)
2795        case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2796            return( mbedtls_test_transparent_pake_input(
2797                        &operation->data.ctx.transparent_test_driver_ctx,
2798                        step,
2799                        input, input_length ) );
2800#endif /* PSA_CRYPTO_DRIVER_TEST */
2801#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2802        default:
2803            (void) step;
2804            (void) input;
2805            (void) input_length;
2806            return( PSA_ERROR_INVALID_ARGUMENT );
2807    }
2808}
2809
2810static inline psa_status_t psa_driver_wrapper_pake_get_implicit_key(
2811    psa_pake_operation_t *operation,
2812    uint8_t *output, size_t output_size,
2813    size_t *output_length )
2814{
2815    switch( operation->id )
2816    {
2817#if defined(MBEDTLS_PSA_BUILTIN_PAKE)
2818        case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2819            return( mbedtls_psa_pake_get_implicit_key( &operation->data.ctx.mbedtls_ctx,
2820                                                       output, output_size, output_length ) );
2821#endif /* MBEDTLS_PSA_BUILTIN_PAKE */
2822
2823#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2824#if defined(PSA_CRYPTO_DRIVER_TEST)
2825        case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2826            return( mbedtls_test_transparent_pake_get_implicit_key(
2827                        &operation->data.ctx.transparent_test_driver_ctx,
2828                        output, output_size, output_length ) );
2829#endif /* PSA_CRYPTO_DRIVER_TEST */
2830#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2831        default:
2832            (void) output;
2833            (void) output_size;
2834            (void) output_length;
2835            return( PSA_ERROR_INVALID_ARGUMENT );
2836    }
2837}
2838
2839static inline psa_status_t psa_driver_wrapper_pake_abort(
2840    psa_pake_operation_t * operation )
2841{
2842    switch( operation->id )
2843    {
2844#if defined(MBEDTLS_PSA_BUILTIN_PAKE)
2845        case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2846            return( mbedtls_psa_pake_abort( &operation->data.ctx.mbedtls_ctx ) );
2847#endif /* MBEDTLS_PSA_BUILTIN_PAKE */
2848
2849#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2850#if defined(PSA_CRYPTO_DRIVER_TEST)
2851        case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2852            return( mbedtls_test_transparent_pake_abort(
2853                        &operation->data.ctx.transparent_test_driver_ctx ) );
2854#endif /* PSA_CRYPTO_DRIVER_TEST */
2855#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2856        default:
2857            return( PSA_ERROR_INVALID_ARGUMENT );
2858    }
2859}
2860
2861#endif /* MBEDTLS_PSA_CRYPTO_C */
2862