1 /**
2  * \file psa_util_internal.h
3  *
4  * \brief Internal utility functions for use of PSA Crypto.
5  */
6 /*
7  *  Copyright The Mbed TLS Contributors
8  *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
9  */
10 
11 #ifndef MBEDTLS_PSA_UTIL_INTERNAL_H
12 #define MBEDTLS_PSA_UTIL_INTERNAL_H
13 
14 /* Include the public header so that users only need one include. */
15 #include "mbedtls/psa_util.h"
16 
17 #include "psa/crypto.h"
18 
19 #if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
20 
21 /*************************************************************************
22  * FFDH
23  ************************************************************************/
24 
25 #define MBEDTLS_PSA_MAX_FFDH_PUBKEY_LENGTH \
26     PSA_KEY_EXPORT_FFDH_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS)
27 
28 /*************************************************************************
29  * ECC
30  ************************************************************************/
31 
32 #define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH \
33     PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)
34 
35 #define MBEDTLS_PSA_MAX_EC_KEY_PAIR_LENGTH \
36     PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)
37 
38 /*************************************************************************
39  * Error translation
40  ************************************************************************/
41 
42 typedef struct {
43     /* Error codes used by PSA crypto are in -255..-128, fitting in 16 bits. */
44     int16_t psa_status;
45     /* Error codes used by Mbed TLS are in one of the ranges
46      * -127..-1 (low-level) or -32767..-4096 (high-level with a low-level
47      * code optionally added), fitting in 16 bits. */
48     int16_t mbedtls_error;
49 } mbedtls_error_pair_t;
50 
51 #if defined(MBEDTLS_MD_LIGHT)
52 extern const mbedtls_error_pair_t psa_to_md_errors[4];
53 #endif
54 
55 #if defined(MBEDTLS_BLOCK_CIPHER_SOME_PSA)
56 extern const mbedtls_error_pair_t psa_to_cipher_errors[4];
57 #endif
58 
59 #if defined(MBEDTLS_LMS_C)
60 extern const mbedtls_error_pair_t psa_to_lms_errors[3];
61 #endif
62 
63 #if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
64 extern const mbedtls_error_pair_t psa_to_ssl_errors[7];
65 #endif
66 
67 #if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) ||    \
68     defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC)
69 extern const mbedtls_error_pair_t psa_to_pk_rsa_errors[8];
70 #endif
71 
72 #if defined(MBEDTLS_USE_PSA_CRYPTO) && \
73     defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
74 extern const mbedtls_error_pair_t psa_to_pk_ecdsa_errors[7];
75 #endif
76 
77 /* Generic fallback function for error translation,
78  * when the received state was not module-specific. */
79 int psa_generic_status_to_mbedtls(psa_status_t status);
80 
81 /* This function iterates over provided local error translations,
82  * and if no match was found - calls the fallback error translation function. */
83 int psa_status_to_mbedtls(psa_status_t status,
84                           const mbedtls_error_pair_t *local_translations,
85                           size_t local_errors_num,
86                           int (*fallback_f)(psa_status_t));
87 
88 /* The second out of three-stage error handling functions of the pk module,
89  * acts as a fallback after RSA / ECDSA error translation, and if no match
90  * is found, it itself calls psa_generic_status_to_mbedtls. */
91 int psa_pk_status_to_mbedtls(psa_status_t status);
92 
93 /* Utility macro to shorten the defines of error translator in modules. */
94 #define PSA_TO_MBEDTLS_ERR_LIST(status, error_list, fallback_f)       \
95     psa_status_to_mbedtls(status, error_list,                         \
96                           sizeof(error_list)/sizeof(error_list[0]),   \
97                           fallback_f)
98 
99 #endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
100 #endif /* MBEDTLS_PSA_UTIL_INTERNAL_H */
101