1 /**
2  * \file psa_util_internal.h
3  *
4  * \brief Internal utility functions for use of PSA Crypto.
5  */
6 /*
7  *  Copyright The Mbed TLS Contributors
8  *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
9  */
10 
11 #ifndef MBEDTLS_PSA_UTIL_INTERNAL_H
12 #define MBEDTLS_PSA_UTIL_INTERNAL_H
13 
14 /* Include the public header so that users only need one include. */
15 #include "mbedtls/psa_util.h"
16 
17 #include "psa/crypto.h"
18 
19 #if defined(MBEDTLS_PSA_CRYPTO_C)
20 
21 /*************************************************************************
22  * FFDH
23  ************************************************************************/
24 
25 #define MBEDTLS_PSA_MAX_FFDH_PUBKEY_LENGTH \
26     PSA_KEY_EXPORT_FFDH_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS)
27 
28 /*************************************************************************
29  * ECC
30  ************************************************************************/
31 
32 #define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH \
33     PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)
34 
35 #define MBEDTLS_PSA_MAX_EC_KEY_PAIR_LENGTH \
36     PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)
37 
38 /*************************************************************************
39  * Error translation
40  ************************************************************************/
41 
42 typedef struct {
43     /* Error codes used by PSA crypto are in -255..-128, fitting in 16 bits. */
44     int16_t psa_status;
45     /* Error codes used by Mbed TLS are in one of the ranges
46      * -127..-1 (low-level) or -32767..-4096 (high-level with a low-level
47      * code optionally added), fitting in 16 bits. */
48     int16_t mbedtls_error;
49 } mbedtls_error_pair_t;
50 
51 #if defined(MBEDTLS_MD_LIGHT)
52 extern const mbedtls_error_pair_t psa_to_md_errors[4];
53 #endif
54 
55 #if defined(MBEDTLS_LMS_C)
56 extern const mbedtls_error_pair_t psa_to_lms_errors[3];
57 #endif
58 
59 #if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
60 extern const mbedtls_error_pair_t psa_to_ssl_errors[7];
61 #endif
62 
63 #if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) ||    \
64     defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC)
65 extern const mbedtls_error_pair_t psa_to_pk_rsa_errors[8];
66 #endif
67 
68 #if defined(MBEDTLS_USE_PSA_CRYPTO) && \
69     defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
70 extern const mbedtls_error_pair_t psa_to_pk_ecdsa_errors[7];
71 #endif
72 
73 /* Generic fallback function for error translation,
74  * when the received state was not module-specific. */
75 int psa_generic_status_to_mbedtls(psa_status_t status);
76 
77 /* This function iterates over provided local error translations,
78  * and if no match was found - calls the fallback error translation function. */
79 int psa_status_to_mbedtls(psa_status_t status,
80                           const mbedtls_error_pair_t *local_translations,
81                           size_t local_errors_num,
82                           int (*fallback_f)(psa_status_t));
83 
84 /* The second out of three-stage error handling functions of the pk module,
85  * acts as a fallback after RSA / ECDSA error translation, and if no match
86  * is found, it itself calls psa_generic_status_to_mbedtls. */
87 int psa_pk_status_to_mbedtls(psa_status_t status);
88 
89 /* Utility macro to shorten the defines of error translator in modules. */
90 #define PSA_TO_MBEDTLS_ERR_LIST(status, error_list, fallback_f)       \
91     psa_status_to_mbedtls(status, error_list,                         \
92                           sizeof(error_list)/sizeof(error_list[0]),   \
93                           fallback_f)
94 
95 #endif /* MBEDTLS_PSA_CRYPTO_C */
96 #endif /* MBEDTLS_PSA_UTIL_INTERNAL_H */
97