1 /*
2  *  Functions to delegate cryptographic operations to an available
3  *  and appropriate accelerator.
4  *  Warning: This file will be auto-generated in the future.
5  */
6 /*  Copyright The Mbed TLS Contributors
7  *  SPDX-License-Identifier: Apache-2.0
8  *
9  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
10  *  not use this file except in compliance with the License.
11  *  You may obtain a copy of the License at
12  *
13  *  http://www.apache.org/licenses/LICENSE-2.0
14  *
15  *  Unless required by applicable law or agreed to in writing, software
16  *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
17  *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18  *  See the License for the specific language governing permissions and
19  *  limitations under the License.
20  */
21 
22 #include "psa_crypto_core.h"
23 #include "psa_crypto_driver_wrappers.h"
24 #include "mbedtls/platform.h"
25 
26 #if defined(MBEDTLS_PSA_CRYPTO_DRIVERS)
27 
28 /* Include test driver definition when running tests */
29 #if defined(PSA_CRYPTO_DRIVER_TEST)
30 #ifndef PSA_CRYPTO_DRIVER_PRESENT
31 #define PSA_CRYPTO_DRIVER_PRESENT
32 #endif
33 #ifndef PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT
34 #define PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT
35 #endif
36 #include "test/drivers/test_driver.h"
37 #endif /* PSA_CRYPTO_DRIVER_TEST */
38 
39 /* Repeat above block for each JSON-declared driver during autogeneration */
40 
41 /* Auto-generated values depending on which drivers are registered. ID 0 is
42  * reserved for unallocated operations. */
43 #if defined(PSA_CRYPTO_DRIVER_TEST)
44 #define PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID (1)
45 #define PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID (2)
46 #endif /* PSA_CRYPTO_DRIVER_TEST */
47 #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS */
48 
49 /* Support the 'old' SE interface when asked to */
50 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
51 /* PSA_CRYPTO_DRIVER_PRESENT is defined when either a new-style or old-style
52  * SE driver is present, to avoid unused argument errors at compile time. */
53 #ifndef PSA_CRYPTO_DRIVER_PRESENT
54 #define PSA_CRYPTO_DRIVER_PRESENT
55 #endif
56 #include "psa_crypto_se.h"
57 #endif
58 
59 /* Start delegation functions */
psa_driver_wrapper_sign_hash(psa_key_slot_t * slot,psa_algorithm_t alg,const uint8_t * hash,size_t hash_length,uint8_t * signature,size_t signature_size,size_t * signature_length)60 psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot,
61                                            psa_algorithm_t alg,
62                                            const uint8_t *hash,
63                                            size_t hash_length,
64                                            uint8_t *signature,
65                                            size_t signature_size,
66                                            size_t *signature_length )
67 {
68 #if defined(PSA_CRYPTO_DRIVER_PRESENT)
69     /* Try dynamically-registered SE interface first */
70 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
71     const psa_drv_se_t *drv;
72     psa_drv_se_context_t *drv_context;
73 
74     if( psa_get_se_driver( slot->attr.lifetime, &drv, &drv_context ) )
75     {
76         if( drv->asymmetric == NULL ||
77             drv->asymmetric->p_sign == NULL )
78         {
79             /* Key is defined in SE, but we have no way to exercise it */
80             return( PSA_ERROR_NOT_SUPPORTED );
81         }
82         return( drv->asymmetric->p_sign( drv_context,
83                                          slot->data.se.slot_number,
84                                          alg,
85                                          hash, hash_length,
86                                          signature, signature_size,
87                                          signature_length ) );
88     }
89 #endif /* PSA_CRYPTO_SE_C */
90 
91     /* Then try accelerator API */
92 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
93     psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
94     psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime);
95     psa_key_attributes_t attributes = {
96       .core = slot->attr
97     };
98 
99     switch( location )
100     {
101         case PSA_KEY_LOCATION_LOCAL_STORAGE:
102             /* Key is stored in the slot in export representation, so
103              * cycle through all known transparent accelerators */
104 #if defined(PSA_CRYPTO_DRIVER_TEST)
105             status = test_transparent_signature_sign_hash( &attributes,
106                                                            slot->data.key.data,
107                                                            slot->data.key.bytes,
108                                                            alg,
109                                                            hash,
110                                                            hash_length,
111                                                            signature,
112                                                            signature_size,
113                                                            signature_length );
114             /* Declared with fallback == true */
115             if( status != PSA_ERROR_NOT_SUPPORTED )
116                 return( status );
117 #endif /* PSA_CRYPTO_DRIVER_TEST */
118             /* Fell through, meaning no accelerator supports this operation */
119             return( PSA_ERROR_NOT_SUPPORTED );
120         /* Add cases for opaque driver here */
121 #if defined(PSA_CRYPTO_DRIVER_TEST)
122         case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
123             return( test_opaque_signature_sign_hash( &attributes,
124                                                      slot->data.key.data,
125                                                      slot->data.key.bytes,
126                                                      alg,
127                                                      hash,
128                                                      hash_length,
129                                                      signature,
130                                                      signature_size,
131                                                      signature_length ) );
132 #endif /* PSA_CRYPTO_DRIVER_TEST */
133         default:
134             /* Key is declared with a lifetime not known to us */
135             return( status );
136     }
137 #else /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
138     return( PSA_ERROR_NOT_SUPPORTED );
139 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
140 #else /* PSA_CRYPTO_DRIVER_PRESENT */
141     (void)slot;
142     (void)alg;
143     (void)hash;
144     (void)hash_length;
145     (void)signature;
146     (void)signature_size;
147     (void)signature_length;
148 
149     return( PSA_ERROR_NOT_SUPPORTED );
150 #endif /* PSA_CRYPTO_DRIVER_PRESENT */
151 }
152 
psa_driver_wrapper_verify_hash(psa_key_slot_t * slot,psa_algorithm_t alg,const uint8_t * hash,size_t hash_length,const uint8_t * signature,size_t signature_length)153 psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot,
154                                              psa_algorithm_t alg,
155                                              const uint8_t *hash,
156                                              size_t hash_length,
157                                              const uint8_t *signature,
158                                              size_t signature_length )
159 {
160 #if defined(PSA_CRYPTO_DRIVER_PRESENT)
161     /* Try dynamically-registered SE interface first */
162 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
163     const psa_drv_se_t *drv;
164     psa_drv_se_context_t *drv_context;
165 
166     if( psa_get_se_driver( slot->attr.lifetime, &drv, &drv_context ) )
167     {
168         if( drv->asymmetric == NULL ||
169             drv->asymmetric->p_verify == NULL )
170         {
171             /* Key is defined in SE, but we have no way to exercise it */
172             return( PSA_ERROR_NOT_SUPPORTED );
173         }
174         return( drv->asymmetric->p_verify( drv_context,
175                                            slot->data.se.slot_number,
176                                            alg,
177                                            hash, hash_length,
178                                            signature, signature_length ) );
179     }
180 #endif /* PSA_CRYPTO_SE_C */
181 
182     /* Then try accelerator API */
183 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
184     psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
185     psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime);
186     psa_key_attributes_t attributes = {
187       .core = slot->attr
188     };
189 
190     switch( location )
191     {
192         case PSA_KEY_LOCATION_LOCAL_STORAGE:
193             /* Key is stored in the slot in export representation, so
194              * cycle through all known transparent accelerators */
195 #if defined(PSA_CRYPTO_DRIVER_TEST)
196             status = test_transparent_signature_verify_hash( &attributes,
197                                                              slot->data.key.data,
198                                                              slot->data.key.bytes,
199                                                              alg,
200                                                              hash,
201                                                              hash_length,
202                                                              signature,
203                                                              signature_length );
204             /* Declared with fallback == true */
205             if( status != PSA_ERROR_NOT_SUPPORTED )
206                 return( status );
207 #endif /* PSA_CRYPTO_DRIVER_TEST */
208             /* Fell through, meaning no accelerator supports this operation */
209             return( PSA_ERROR_NOT_SUPPORTED );
210         /* Add cases for opaque driver here */
211 #if defined(PSA_CRYPTO_DRIVER_TEST)
212         case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
213             return( test_opaque_signature_verify_hash( &attributes,
214                                                        slot->data.key.data,
215                                                        slot->data.key.bytes,
216                                                        alg,
217                                                        hash,
218                                                        hash_length,
219                                                        signature,
220                                                        signature_length ) );
221 #endif /* PSA_CRYPTO_DRIVER_TEST */
222         default:
223             /* Key is declared with a lifetime not known to us */
224             return( status );
225     }
226 #else /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
227     return( PSA_ERROR_NOT_SUPPORTED );
228 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
229 #else /* PSA_CRYPTO_DRIVER_PRESENT */
230     (void)slot;
231     (void)alg;
232     (void)hash;
233     (void)hash_length;
234     (void)signature;
235     (void)signature_length;
236 
237     return( PSA_ERROR_NOT_SUPPORTED );
238 #endif /* PSA_CRYPTO_DRIVER_PRESENT */
239 }
240 
241 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
242 /** Calculate the size to allocate for buffering a key with given attributes.
243  *
244  * This function provides a way to get the expected size for storing a key with
245  * the given attributes. This will be the size of the export representation for
246  * cleartext keys, and a driver-defined size for keys stored by opaque drivers.
247  *
248  * \param[in] attributes        The key attribute structure of the key to store.
249  * \param[out] expected_size    On success, a byte size large enough to contain
250  *                              the declared key.
251  *
252  * \retval #PSA_SUCCESS
253  * \retval #PSA_ERROR_NOT_SUPPORTED
254  */
get_expected_key_size(const psa_key_attributes_t * attributes,size_t * expected_size)255 static psa_status_t get_expected_key_size( const psa_key_attributes_t *attributes,
256                                            size_t *expected_size )
257 {
258     size_t buffer_size = 0;
259     psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
260     psa_key_type_t key_type = attributes->core.type;
261     size_t key_bits = attributes->core.bits;
262 
263     switch( location )
264     {
265         case PSA_KEY_LOCATION_LOCAL_STORAGE:
266             buffer_size = PSA_KEY_EXPORT_MAX_SIZE( key_type, key_bits );
267 
268             if( buffer_size == 0 )
269                 return( PSA_ERROR_NOT_SUPPORTED );
270 
271             *expected_size = buffer_size;
272             return( PSA_SUCCESS );
273 
274 #if defined(PSA_CRYPTO_DRIVER_TEST)
275         case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
276 #ifdef TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION
277             *expected_size = test_size_function( key_type, key_bits );
278             return( PSA_SUCCESS );
279 #else /* TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION */
280             if( PSA_KEY_TYPE_IS_KEY_PAIR( key_type ) )
281             {
282                 int public_key_overhead = ( ( TEST_DRIVER_KEY_CONTEXT_STORE_PUBLIC_KEY == 1 ) ?
283                                            PSA_KEY_EXPORT_MAX_SIZE( key_type, key_bits ) : 0 );
284                 *expected_size = TEST_DRIVER_KEY_CONTEXT_BASE_SIZE
285                                  + TEST_DRIVER_KEY_CONTEXT_PUBLIC_KEY_SIZE
286                                  + public_key_overhead;
287             }
288             else if( PSA_KEY_TYPE_IS_PUBLIC_KEY( attributes->core.type ) )
289             {
290                 *expected_size = TEST_DRIVER_KEY_CONTEXT_BASE_SIZE
291                                  + TEST_DRIVER_KEY_CONTEXT_PUBLIC_KEY_SIZE;
292             }
293             else if ( !PSA_KEY_TYPE_IS_KEY_PAIR( key_type ) &&
294                       !PSA_KEY_TYPE_IS_PUBLIC_KEY ( attributes->core.type ) )
295             {
296                 *expected_size = TEST_DRIVER_KEY_CONTEXT_BASE_SIZE
297                                  + TEST_DRIVER_KEY_CONTEXT_SYMMETRIC_FACTOR
298                                  * ( ( key_bits + 7 ) / 8 );
299             }
300             else
301             {
302                 return( PSA_ERROR_NOT_SUPPORTED );
303             }
304             return( PSA_SUCCESS );
305 #endif /* TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION */
306 #endif /* PSA_CRYPTO_DRIVER_TEST */
307 
308         default:
309             return( PSA_ERROR_NOT_SUPPORTED );
310     }
311 }
312 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
313 
psa_driver_wrapper_generate_key(const psa_key_attributes_t * attributes,psa_key_slot_t * slot)314 psa_status_t psa_driver_wrapper_generate_key( const psa_key_attributes_t *attributes,
315                                               psa_key_slot_t *slot )
316 {
317 #if defined(PSA_CRYPTO_DRIVER_PRESENT)
318     /* Try dynamically-registered SE interface first */
319 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
320     const psa_drv_se_t *drv;
321     psa_drv_se_context_t *drv_context;
322 
323     if( psa_get_se_driver( slot->attr.lifetime, &drv, &drv_context ) )
324     {
325         size_t pubkey_length = 0; /* We don't support this feature yet */
326         if( drv->key_management == NULL ||
327             drv->key_management->p_generate == NULL )
328         {
329             /* Key is defined as being in SE, but we have no way to generate it */
330             return( PSA_ERROR_NOT_SUPPORTED );
331         }
332         return( drv->key_management->p_generate(
333             drv_context,
334             slot->data.se.slot_number, attributes,
335             NULL, 0, &pubkey_length ) );
336     }
337 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
338 
339     /* Then try accelerator API */
340 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
341     psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
342     psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime);
343     size_t export_size = 0;
344 
345     status = get_expected_key_size( attributes, &export_size );
346     if( status != PSA_SUCCESS )
347         return( status );
348 
349     slot->data.key.data = mbedtls_calloc(1, export_size);
350     if( slot->data.key.data == NULL )
351         return( PSA_ERROR_INSUFFICIENT_MEMORY );
352     slot->data.key.bytes = export_size;
353 
354     switch( location )
355     {
356         case PSA_KEY_LOCATION_LOCAL_STORAGE:
357             /* Key is stored in the slot in export representation, so
358              * cycle through all known transparent accelerators */
359 
360             /* Transparent drivers are limited to generating asymmetric keys */
361             if( ! PSA_KEY_TYPE_IS_ASYMMETRIC( slot->attr.type ) )
362             {
363                 status = PSA_ERROR_NOT_SUPPORTED;
364                 break;
365             }
366 #if defined(PSA_CRYPTO_DRIVER_TEST)
367             status = test_transparent_generate_key( attributes,
368                                                     slot->data.key.data,
369                                                     slot->data.key.bytes,
370                                                     &slot->data.key.bytes );
371             /* Declared with fallback == true */
372             if( status != PSA_ERROR_NOT_SUPPORTED )
373                 break;
374 #endif /* PSA_CRYPTO_DRIVER_TEST */
375             /* Fell through, meaning no accelerator supports this operation */
376             status = PSA_ERROR_NOT_SUPPORTED;
377             break;
378         /* Add cases for opaque driver here */
379 #if defined(PSA_CRYPTO_DRIVER_TEST)
380         case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
381             status = test_opaque_generate_key( attributes,
382                                                slot->data.key.data,
383                                                slot->data.key.bytes,
384                                                &slot->data.key.bytes );
385             break;
386 #endif /* PSA_CRYPTO_DRIVER_TEST */
387         default:
388             /* Key is declared with a lifetime not known to us */
389             status = PSA_ERROR_INVALID_ARGUMENT;
390             break;
391     }
392 
393     if( status != PSA_SUCCESS )
394     {
395         /* free allocated buffer */
396         mbedtls_free( slot->data.key.data );
397         slot->data.key.data = NULL;
398         slot->data.key.bytes = 0;
399     }
400 
401     return( status );
402 #else /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
403     return( PSA_ERROR_NOT_SUPPORTED );
404 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
405 #else /* PSA_CRYPTO_DRIVER_PRESENT */
406     (void) attributes;
407     (void) slot;
408 
409     return( PSA_ERROR_NOT_SUPPORTED );
410 #endif /* PSA_CRYPTO_DRIVER_PRESENT */
411 }
412 
psa_driver_wrapper_validate_key(const psa_key_attributes_t * attributes,const uint8_t * data,size_t data_length,size_t * bits)413 psa_status_t psa_driver_wrapper_validate_key( const psa_key_attributes_t *attributes,
414                                               const uint8_t *data,
415                                               size_t data_length,
416                                               size_t *bits )
417 {
418 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
419     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
420     /* Try accelerators in turn */
421 #if defined(PSA_CRYPTO_DRIVER_TEST)
422     status = test_transparent_validate_key( attributes,
423                                             data,
424                                             data_length,
425                                             bits );
426     /* Declared with fallback == true */
427     if( status != PSA_ERROR_NOT_SUPPORTED )
428         return( status );
429 #endif /* PSA_CRYPTO_DRIVER_TEST */
430 
431     return( PSA_ERROR_NOT_SUPPORTED );
432 #else /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
433     (void) attributes;
434     (void) data;
435     (void) data_length;
436     (void) bits;
437     return( PSA_ERROR_NOT_SUPPORTED );
438 #endif /* PSA_CRYPTO_DRIVER_PRESENT */
439 }
440 
psa_driver_wrapper_export_public_key(const psa_key_slot_t * slot,uint8_t * data,size_t data_size,size_t * data_length)441 psa_status_t psa_driver_wrapper_export_public_key( const psa_key_slot_t *slot,
442                                                    uint8_t *data,
443                                                    size_t data_size,
444                                                    size_t *data_length )
445 {
446 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
447     psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
448     psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime);
449     psa_key_attributes_t attributes = {
450       .core = slot->attr
451     };
452 
453     switch( location )
454     {
455         case PSA_KEY_LOCATION_LOCAL_STORAGE:
456             /* Key is stored in the slot in export representation, so
457              * cycle through all known transparent accelerators */
458 #if defined(PSA_CRYPTO_DRIVER_TEST)
459             status = test_transparent_export_public_key( &attributes,
460                                                          slot->data.key.data,
461                                                          slot->data.key.bytes,
462                                                          data,
463                                                          data_size,
464                                                          data_length );
465             /* Declared with fallback == true */
466             if( status != PSA_ERROR_NOT_SUPPORTED )
467                 return( status );
468 #endif /* PSA_CRYPTO_DRIVER_TEST */
469             /* Fell through, meaning no accelerator supports this operation */
470             return( PSA_ERROR_NOT_SUPPORTED );
471         /* Add cases for opaque driver here */
472 #if defined(PSA_CRYPTO_DRIVER_TEST)
473         case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
474             return( test_opaque_export_public_key( &attributes,
475                                                    slot->data.key.data,
476                                                    slot->data.key.bytes,
477                                                    data,
478                                                    data_size,
479                                                    data_length ) );
480 #endif /* PSA_CRYPTO_DRIVER_TEST */
481         default:
482             /* Key is declared with a lifetime not known to us */
483             return( status );
484     }
485 #else /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
486     (void) slot;
487     (void) data;
488     (void) data_size;
489     (void) data_length;
490     return( PSA_ERROR_NOT_SUPPORTED );
491 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
492 }
493 
494 /*
495  * Cipher functions
496  */
psa_driver_wrapper_cipher_encrypt(psa_key_slot_t * slot,psa_algorithm_t alg,const uint8_t * input,size_t input_length,uint8_t * output,size_t output_size,size_t * output_length)497 psa_status_t psa_driver_wrapper_cipher_encrypt(
498     psa_key_slot_t *slot,
499     psa_algorithm_t alg,
500     const uint8_t *input,
501     size_t input_length,
502     uint8_t *output,
503     size_t output_size,
504     size_t *output_length )
505 {
506 #if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
507     psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
508     psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime);
509     psa_key_attributes_t attributes = {
510       .core = slot->attr
511     };
512 
513     switch( location )
514     {
515         case PSA_KEY_LOCATION_LOCAL_STORAGE:
516             /* Key is stored in the slot in export representation, so
517              * cycle through all known transparent accelerators */
518 #if defined(PSA_CRYPTO_DRIVER_TEST)
519             status = test_transparent_cipher_encrypt( &attributes,
520                                                       slot->data.key.data,
521                                                       slot->data.key.bytes,
522                                                       alg,
523                                                       input,
524                                                       input_length,
525                                                       output,
526                                                       output_size,
527                                                       output_length );
528             /* Declared with fallback == true */
529             if( status != PSA_ERROR_NOT_SUPPORTED )
530                 return( status );
531 #endif /* PSA_CRYPTO_DRIVER_TEST */
532             /* Fell through, meaning no accelerator supports this operation */
533             return( PSA_ERROR_NOT_SUPPORTED );
534         /* Add cases for opaque driver here */
535 #if defined(PSA_CRYPTO_DRIVER_TEST)
536         case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
537             return( test_opaque_cipher_encrypt( &attributes,
538                                                 slot->data.key.data,
539                                                 slot->data.key.bytes,
540                                                 alg,
541                                                 input,
542                                                 input_length,
543                                                 output,
544                                                 output_size,
545                                                 output_length ) );
546 #endif /* PSA_CRYPTO_DRIVER_TEST */
547         default:
548             /* Key is declared with a lifetime not known to us */
549             return( status );
550     }
551 #else /* PSA_CRYPTO_DRIVER_PRESENT */
552     (void) slot;
553     (void) alg;
554     (void) input;
555     (void) input_length;
556     (void) output;
557     (void) output_size;
558     (void) output_length;
559 
560     return( PSA_ERROR_NOT_SUPPORTED );
561 #endif /* PSA_CRYPTO_DRIVER_PRESENT */
562 }
563 
psa_driver_wrapper_cipher_decrypt(psa_key_slot_t * slot,psa_algorithm_t alg,const uint8_t * input,size_t input_length,uint8_t * output,size_t output_size,size_t * output_length)564 psa_status_t psa_driver_wrapper_cipher_decrypt(
565     psa_key_slot_t *slot,
566     psa_algorithm_t alg,
567     const uint8_t *input,
568     size_t input_length,
569     uint8_t *output,
570     size_t output_size,
571     size_t *output_length )
572 {
573 #if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
574     psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
575     psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime);
576     psa_key_attributes_t attributes = {
577       .core = slot->attr
578     };
579 
580     switch( location )
581     {
582         case PSA_KEY_LOCATION_LOCAL_STORAGE:
583             /* Key is stored in the slot in export representation, so
584              * cycle through all known transparent accelerators */
585 #if defined(PSA_CRYPTO_DRIVER_TEST)
586             status = test_transparent_cipher_decrypt( &attributes,
587                                                       slot->data.key.data,
588                                                       slot->data.key.bytes,
589                                                       alg,
590                                                       input,
591                                                       input_length,
592                                                       output,
593                                                       output_size,
594                                                       output_length );
595             /* Declared with fallback == true */
596             if( status != PSA_ERROR_NOT_SUPPORTED )
597                 return( status );
598 #endif /* PSA_CRYPTO_DRIVER_TEST */
599             /* Fell through, meaning no accelerator supports this operation */
600             return( PSA_ERROR_NOT_SUPPORTED );
601         /* Add cases for opaque driver here */
602 #if defined(PSA_CRYPTO_DRIVER_TEST)
603         case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
604             return( test_opaque_cipher_decrypt( &attributes,
605                                                 slot->data.key.data,
606                                                 slot->data.key.bytes,
607                                                 alg,
608                                                 input,
609                                                 input_length,
610                                                 output,
611                                                 output_size,
612                                                 output_length ) );
613 #endif /* PSA_CRYPTO_DRIVER_TEST */
614         default:
615             /* Key is declared with a lifetime not known to us */
616             return( status );
617     }
618 #else /* PSA_CRYPTO_DRIVER_PRESENT */
619     (void) slot;
620     (void) alg;
621     (void) input;
622     (void) input_length;
623     (void) output;
624     (void) output_size;
625     (void) output_length;
626 
627     return( PSA_ERROR_NOT_SUPPORTED );
628 #endif /* PSA_CRYPTO_DRIVER_PRESENT */
629 }
630 
psa_driver_wrapper_cipher_encrypt_setup(psa_operation_driver_context_t * operation,psa_key_slot_t * slot,psa_algorithm_t alg)631 psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
632     psa_operation_driver_context_t *operation,
633     psa_key_slot_t *slot,
634     psa_algorithm_t alg )
635 {
636 #if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
637     psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
638     psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime);
639     psa_key_attributes_t attributes = {
640       .core = slot->attr
641     };
642 
643     switch( location )
644     {
645         case PSA_KEY_LOCATION_LOCAL_STORAGE:
646             /* Key is stored in the slot in export representation, so
647              * cycle through all known transparent accelerators */
648 #if defined(PSA_CRYPTO_DRIVER_TEST)
649             operation->ctx = mbedtls_calloc( 1, sizeof(test_transparent_cipher_operation_t) );
650             if( operation->ctx == NULL )
651                 return PSA_ERROR_INSUFFICIENT_MEMORY;
652 
653             status = test_transparent_cipher_encrypt_setup( operation->ctx,
654                                                             &attributes,
655                                                             slot->data.key.data,
656                                                             slot->data.key.bytes,
657                                                             alg );
658             /* Declared with fallback == true */
659             if( status == PSA_SUCCESS )
660                 operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
661             else
662             {
663                 mbedtls_platform_zeroize(
664                     operation->ctx,
665                     sizeof( test_transparent_cipher_operation_t ) );
666                 mbedtls_free( operation->ctx );
667                 operation->ctx = NULL;
668             }
669 
670             return( status );
671 #endif /* PSA_CRYPTO_DRIVER_TEST */
672             /* Fell through, meaning no accelerator supports this operation */
673             return( PSA_ERROR_NOT_SUPPORTED );
674         /* Add cases for opaque driver here */
675 #if defined(PSA_CRYPTO_DRIVER_TEST)
676         case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
677             operation->ctx = mbedtls_calloc( 1, sizeof(test_opaque_cipher_operation_t) );
678             if( operation->ctx == NULL )
679                 return( PSA_ERROR_INSUFFICIENT_MEMORY );
680 
681             status = test_opaque_cipher_encrypt_setup( operation->ctx,
682                                                        &attributes,
683                                                        slot->data.key.data,
684                                                        slot->data.key.bytes,
685                                                        alg );
686             if( status == PSA_SUCCESS )
687                 operation->id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID;
688             else
689             {
690                 mbedtls_platform_zeroize(
691                     operation->ctx,
692                     sizeof( test_opaque_cipher_operation_t ) );
693                 mbedtls_free( operation->ctx );
694                 operation->ctx = NULL;
695             }
696 
697             return( status );
698 #endif /* PSA_CRYPTO_DRIVER_TEST */
699         default:
700             /* Key is declared with a lifetime not known to us */
701             return( PSA_ERROR_NOT_SUPPORTED );
702     }
703 #else /* PSA_CRYPTO_DRIVER_PRESENT */
704     (void)slot;
705     (void)alg;
706     (void)operation;
707 
708     return( PSA_ERROR_NOT_SUPPORTED );
709 #endif /* PSA_CRYPTO_DRIVER_PRESENT */
710 }
711 
psa_driver_wrapper_cipher_decrypt_setup(psa_operation_driver_context_t * operation,psa_key_slot_t * slot,psa_algorithm_t alg)712 psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
713     psa_operation_driver_context_t *operation,
714     psa_key_slot_t *slot,
715     psa_algorithm_t alg )
716 {
717 #if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
718     psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
719     psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime);
720     psa_key_attributes_t attributes = {
721       .core = slot->attr
722     };
723 
724     switch( location )
725     {
726         case PSA_KEY_LOCATION_LOCAL_STORAGE:
727             /* Key is stored in the slot in export representation, so
728              * cycle through all known transparent accelerators */
729 #if defined(PSA_CRYPTO_DRIVER_TEST)
730             operation->ctx = mbedtls_calloc( 1, sizeof(test_transparent_cipher_operation_t) );
731             if( operation->ctx == NULL )
732                 return( PSA_ERROR_INSUFFICIENT_MEMORY );
733 
734             status = test_transparent_cipher_decrypt_setup( operation->ctx,
735                                                             &attributes,
736                                                             slot->data.key.data,
737                                                             slot->data.key.bytes,
738                                                             alg );
739             /* Declared with fallback == true */
740             if( status == PSA_SUCCESS )
741                 operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
742             else
743             {
744                 mbedtls_platform_zeroize(
745                     operation->ctx,
746                     sizeof( test_transparent_cipher_operation_t ) );
747                 mbedtls_free( operation->ctx );
748                 operation->ctx = NULL;
749             }
750 
751             return( status );
752 #endif /* PSA_CRYPTO_DRIVER_TEST */
753             /* Fell through, meaning no accelerator supports this operation */
754             return( PSA_ERROR_NOT_SUPPORTED );
755         /* Add cases for opaque driver here */
756 #if defined(PSA_CRYPTO_DRIVER_TEST)
757         case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
758             operation->ctx = mbedtls_calloc( 1, sizeof(test_opaque_cipher_operation_t) );
759             if( operation->ctx == NULL )
760                 return PSA_ERROR_INSUFFICIENT_MEMORY;
761 
762             status = test_opaque_cipher_decrypt_setup( operation->ctx,
763                                                        &attributes,
764                                                        slot->data.key.data,
765                                                        slot->data.key.bytes,
766                                                        alg );
767             if( status == PSA_SUCCESS )
768                 operation->id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID;
769             else
770             {
771                 mbedtls_platform_zeroize(
772                     operation->ctx,
773                     sizeof( test_opaque_cipher_operation_t ) );
774                 mbedtls_free( operation->ctx );
775                 operation->ctx = NULL;
776             }
777 
778             return( status );
779 #endif /* PSA_CRYPTO_DRIVER_TEST */
780         default:
781             /* Key is declared with a lifetime not known to us */
782             return( PSA_ERROR_NOT_SUPPORTED );
783     }
784 #else /* PSA_CRYPTO_DRIVER_PRESENT */
785     (void)slot;
786     (void)alg;
787     (void)operation;
788 
789     return( PSA_ERROR_NOT_SUPPORTED );
790 #endif /* PSA_CRYPTO_DRIVER_PRESENT */
791 }
792 
psa_driver_wrapper_cipher_generate_iv(psa_operation_driver_context_t * operation,uint8_t * iv,size_t iv_size,size_t * iv_length)793 psa_status_t psa_driver_wrapper_cipher_generate_iv(
794     psa_operation_driver_context_t *operation,
795     uint8_t *iv,
796     size_t iv_size,
797     size_t *iv_length )
798 {
799 #if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
800     switch( operation->id )
801     {
802 #if defined(PSA_CRYPTO_DRIVER_TEST)
803         case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
804             return( test_transparent_cipher_generate_iv( operation->ctx,
805                                                          iv,
806                                                          iv_size,
807                                                          iv_length ) );
808 #endif /* PSA_CRYPTO_DRIVER_TEST */
809 #if defined(PSA_CRYPTO_DRIVER_TEST)
810         case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
811             return( test_opaque_cipher_generate_iv( operation->ctx,
812                                                     iv,
813                                                     iv_size,
814                                                     iv_length ) );
815 #endif /* PSA_CRYPTO_DRIVER_TEST */
816         default:
817             /* Key is attached to a driver not known to us */
818             return( PSA_ERROR_BAD_STATE );
819     }
820 #else /* PSA_CRYPTO_DRIVER_PRESENT */
821     (void) operation;
822     (void) iv;
823     (void) iv_size;
824     (void) iv_length;
825 
826     return( PSA_ERROR_NOT_SUPPORTED );
827 #endif /* PSA_CRYPTO_DRIVER_PRESENT */
828 }
829 
psa_driver_wrapper_cipher_set_iv(psa_operation_driver_context_t * operation,const uint8_t * iv,size_t iv_length)830 psa_status_t psa_driver_wrapper_cipher_set_iv(
831     psa_operation_driver_context_t *operation,
832     const uint8_t *iv,
833     size_t iv_length )
834 {
835 #if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
836     switch( operation->id )
837     {
838 #if defined(PSA_CRYPTO_DRIVER_TEST)
839         case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
840             return( test_transparent_cipher_set_iv( operation->ctx,
841                                                     iv,
842                                                     iv_length ) );
843 #endif /* PSA_CRYPTO_DRIVER_TEST */
844 #if defined(PSA_CRYPTO_DRIVER_TEST)
845         case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
846             return( test_opaque_cipher_set_iv( operation->ctx,
847                                                iv,
848                                                iv_length ) );
849 #endif /* PSA_CRYPTO_DRIVER_TEST */
850         default:
851             /* Key is attached to a driver not known to us */
852             return( PSA_ERROR_BAD_STATE );
853     }
854 #else /* PSA_CRYPTO_DRIVER_PRESENT */
855     (void) operation;
856     (void) iv;
857     (void) iv_length;
858 
859     return( PSA_ERROR_NOT_SUPPORTED );
860 #endif /* PSA_CRYPTO_DRIVER_PRESENT */
861 }
862 
psa_driver_wrapper_cipher_update(psa_operation_driver_context_t * operation,const uint8_t * input,size_t input_length,uint8_t * output,size_t output_size,size_t * output_length)863 psa_status_t psa_driver_wrapper_cipher_update(
864     psa_operation_driver_context_t *operation,
865     const uint8_t *input,
866     size_t input_length,
867     uint8_t *output,
868     size_t output_size,
869     size_t *output_length )
870 {
871 #if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
872     switch( operation->id )
873     {
874 #if defined(PSA_CRYPTO_DRIVER_TEST)
875         case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
876             return( test_transparent_cipher_update( operation->ctx,
877                                                     input,
878                                                     input_length,
879                                                     output,
880                                                     output_size,
881                                                     output_length ) );
882 #endif /* PSA_CRYPTO_DRIVER_TEST */
883 #if defined(PSA_CRYPTO_DRIVER_TEST)
884         case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
885             return( test_opaque_cipher_update( operation->ctx,
886                                                input,
887                                                input_length,
888                                                output,
889                                                output_size,
890                                                output_length ) );
891 #endif /* PSA_CRYPTO_DRIVER_TEST */
892         default:
893             /* Key is attached to a driver not known to us */
894             return( PSA_ERROR_BAD_STATE );
895     }
896 #else /* PSA_CRYPTO_DRIVER_PRESENT */
897     (void) operation;
898     (void) input;
899     (void) input_length;
900     (void) output;
901     (void) output_length;
902     (void) output_size;
903 
904     return( PSA_ERROR_NOT_SUPPORTED );
905 #endif /* PSA_CRYPTO_DRIVER_PRESENT */
906 }
907 
psa_driver_wrapper_cipher_finish(psa_operation_driver_context_t * operation,uint8_t * output,size_t output_size,size_t * output_length)908 psa_status_t psa_driver_wrapper_cipher_finish(
909     psa_operation_driver_context_t *operation,
910     uint8_t *output,
911     size_t output_size,
912     size_t *output_length )
913 {
914 #if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
915     switch( operation->id )
916     {
917 #if defined(PSA_CRYPTO_DRIVER_TEST)
918         case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
919             return( test_transparent_cipher_finish( operation->ctx,
920                                                     output,
921                                                     output_size,
922                                                     output_length ) );
923 #endif /* PSA_CRYPTO_DRIVER_TEST */
924 #if defined(PSA_CRYPTO_DRIVER_TEST)
925         case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
926             return( test_opaque_cipher_finish( operation->ctx,
927                                                output,
928                                                output_size,
929                                                output_length ) );
930 #endif /* PSA_CRYPTO_DRIVER_TEST */
931         default:
932             /* Key is attached to a driver not known to us */
933             return( PSA_ERROR_BAD_STATE );
934     }
935 #else /* PSA_CRYPTO_DRIVER_PRESENT */
936     (void) operation;
937     (void) output;
938     (void) output_size;
939     (void) output_length;
940 
941     return( PSA_ERROR_NOT_SUPPORTED );
942 #endif /* PSA_CRYPTO_DRIVER_PRESENT */
943 }
944 
psa_driver_wrapper_cipher_abort(psa_operation_driver_context_t * operation)945 psa_status_t psa_driver_wrapper_cipher_abort(
946     psa_operation_driver_context_t *operation )
947 {
948 #if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
949     psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
950 
951     /* The object has (apparently) been initialized but it is not in use. It's
952      * ok to call abort on such an object, and there's nothing to do. */
953     if( operation->ctx == NULL && operation->id == 0 )
954         return( PSA_SUCCESS );
955 
956     switch( operation->id )
957     {
958 #if defined(PSA_CRYPTO_DRIVER_TEST)
959         case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
960             status = test_transparent_cipher_abort( operation->ctx );
961             mbedtls_platform_zeroize(
962                 operation->ctx,
963                 sizeof( test_transparent_cipher_operation_t ) );
964             mbedtls_free( operation->ctx );
965             operation->ctx = NULL;
966             operation->id = 0;
967 
968             return( status );
969 #endif /* PSA_CRYPTO_DRIVER_TEST */
970 #if defined(PSA_CRYPTO_DRIVER_TEST)
971         case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
972             status = test_opaque_cipher_abort( operation->ctx );
973             mbedtls_platform_zeroize(
974                 operation->ctx,
975                 sizeof( test_opaque_cipher_operation_t ) );
976             mbedtls_free( operation->ctx );
977             operation->ctx = NULL;
978             operation->id = 0;
979 
980             return( status );
981 #endif /* PSA_CRYPTO_DRIVER_TEST */
982         default:
983             /* Operation is attached to a driver not known to us */
984             return( PSA_ERROR_BAD_STATE );
985     }
986 #else /* PSA_CRYPTO_DRIVER_PRESENT */
987     (void)operation;
988 
989     return( PSA_ERROR_NOT_SUPPORTED );
990 #endif /* PSA_CRYPTO_DRIVER_PRESENT */
991 }
992 
993 /* End of automatically generated file. */
994