| /* |
| * Functions to delegate cryptographic operations to an available |
| * and appropriate accelerator. |
| * Warning: This file is now auto-generated. |
| */ |
| /* Copyright The Mbed TLS Contributors |
| * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later |
| */ |
| |
| |
| /* BEGIN-common headers */ |
| #include "common.h" |
| #include "psa_crypto_aead.h" |
| #include "psa_crypto_cipher.h" |
| #include "psa_crypto_core.h" |
| #include "psa_crypto_driver_wrappers_no_static.h" |
| #include "psa_crypto_hash.h" |
| #include "psa_crypto_mac.h" |
| #include "psa_crypto_pake.h" |
| #include "psa_crypto_rsa.h" |
| |
| #include "mbedtls/platform.h" |
| #include "mbedtls/constant_time.h" |
| /* END-common headers */ |
| |
| #if defined(MBEDTLS_PSA_CRYPTO_C) |
| |
| /* BEGIN-driver headers */ |
| {% for driver in drivers -%} |
| /* Headers for {{driver.prefix}} {{driver.type}} driver */ |
| {% if driver['mbedtls/h_condition'] is defined -%} |
| #if {{ driver['mbedtls/h_condition'] }} |
| {% endif -%} |
| {% for header in driver.headers -%} |
| #include "{{ header }}" |
| {% endfor %} |
| {% if driver['mbedtls/h_condition'] is defined -%} |
| #endif |
| {% endif -%} |
| {% endfor %} |
| /* END-driver headers */ |
| |
| /* Auto-generated values depending on which drivers are registered. |
| * ID 0 is reserved for unallocated operations. |
| * ID 1 is reserved for the Mbed TLS software driver. */ |
| /* BEGIN-driver id definition */ |
| #define PSA_CRYPTO_MBED_TLS_DRIVER_ID (1) |
| {% for driver in drivers -%} |
| #define {{(driver.prefix + "_" + driver.type + "_driver_id").upper()}} ({{ loop.index + 1 }}) |
| {% endfor %} |
| /* END-driver id */ |
| |
| /* BEGIN-Common Macro definitions */ |
| {% macro entry_point_name(capability, entry_point, driver) -%} |
| {% if capability.name is defined and entry_point in capability.names.keys() -%} |
| {{ capability.names[entry_point]}} |
| {% else -%} |
| {{driver.prefix}}_{{driver.type}}_{{entry_point}} |
| {% endif -%} |
| {% endmacro %} |
| /* END-Common Macro definitions */ |
| |
| /* Support the 'old' SE interface when asked to */ |
| #if defined(MBEDTLS_PSA_CRYPTO_SE_C) |
| /* PSA_CRYPTO_DRIVER_PRESENT is defined when either a new-style or old-style |
| * SE driver is present, to avoid unused argument errors at compile time. */ |
| #ifndef PSA_CRYPTO_DRIVER_PRESENT |
| #define PSA_CRYPTO_DRIVER_PRESENT |
| #endif |
| #include "psa_crypto_se.h" |
| #endif |
| |
| static inline psa_status_t psa_driver_wrapper_init( void ) |
| { |
| psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; |
| |
| #if defined(MBEDTLS_PSA_CRYPTO_SE_C) |
| status = psa_init_all_se_drivers( ); |
| if( status != PSA_SUCCESS ) |
| return( status ); |
| #endif |
| |
| #if defined(PSA_CRYPTO_DRIVER_TEST) |
| status = mbedtls_test_transparent_init( ); |
| if( status != PSA_SUCCESS ) |
| return( status ); |
| |
| status = mbedtls_test_opaque_init( ); |
| if( status != PSA_SUCCESS ) |
| return( status ); |
| #endif |
| |
| (void) status; |
| return( PSA_SUCCESS ); |
| } |
| |
| static inline void psa_driver_wrapper_free( void ) |
| { |
| #if defined(MBEDTLS_PSA_CRYPTO_SE_C) |
| /* Unregister all secure element drivers, so that we restart from |
| * a pristine state. */ |
| psa_unregister_all_se_drivers( ); |
| #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ |
| |
| #if defined(PSA_CRYPTO_DRIVER_TEST) |
| mbedtls_test_transparent_free( ); |
| mbedtls_test_opaque_free( ); |
| #endif |
| } |
| |
| /* Start delegation functions */ |
| static inline psa_status_t psa_driver_wrapper_sign_message( |
| const psa_key_attributes_t *attributes, |
| const uint8_t *key_buffer, |
| size_t key_buffer_size, |
| psa_algorithm_t alg, |
| const uint8_t *input, |
| size_t input_length, |
| uint8_t *signature, |
| size_t signature_size, |
| size_t *signature_length ) |
| { |
| psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; |
| psa_key_location_t location = |
| PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) ); |
| |
| switch( location ) |
| { |
| case PSA_KEY_LOCATION_LOCAL_STORAGE: |
| /* Key is stored in the slot in export representation, so |
| * cycle through all known transparent accelerators */ |
| #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) |
| #if defined(PSA_CRYPTO_DRIVER_TEST) |
| status = mbedtls_test_transparent_signature_sign_message( |
| attributes, |
| key_buffer, |
| key_buffer_size, |
| alg, |
| input, |
| input_length, |
| signature, |
| signature_size, |
| signature_length ); |
| /* Declared with fallback == true */ |
| if( status != PSA_ERROR_NOT_SUPPORTED ) |
| return( status ); |
| #endif /* PSA_CRYPTO_DRIVER_TEST */ |
| #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ |
| break; |
| |
| /* Add cases for opaque driver here */ |
| #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) |
| #if defined(PSA_CRYPTO_DRIVER_TEST) |
| case PSA_CRYPTO_TEST_DRIVER_LOCATION: |
| status = mbedtls_test_opaque_signature_sign_message( |
| attributes, |
| key_buffer, |
| key_buffer_size, |
| alg, |
| input, |
| input_length, |
| signature, |
| signature_size, |
| signature_length ); |
| if( status != PSA_ERROR_NOT_SUPPORTED ) |
| return( status ); |
| break; |
| #endif /* PSA_CRYPTO_DRIVER_TEST */ |
| #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ |
| default: |
| /* Key is declared with a lifetime not known to us */ |
| (void)status; |
| break; |
| } |
| |
| return( psa_sign_message_builtin( attributes, |
| key_buffer, |
| key_buffer_size, |
| alg, |
| input, |
| input_length, |
| signature, |
| signature_size, |
| signature_length ) ); |
| } |
| |
| static inline psa_status_t psa_driver_wrapper_verify_message( |
| const psa_key_attributes_t *attributes, |
| const uint8_t *key_buffer, |
| size_t key_buffer_size, |
| psa_algorithm_t alg, |
| const uint8_t *input, |
| size_t input_length, |
| const uint8_t *signature, |
| size_t signature_length ) |
| { |
| psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; |
| psa_key_location_t location = |
| PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) ); |
| |
| switch( location ) |
| { |
| case PSA_KEY_LOCATION_LOCAL_STORAGE: |
| /* Key is stored in the slot in export representation, so |
| * cycle through all known transparent accelerators */ |
| #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) |
| #if defined(PSA_CRYPTO_DRIVER_TEST) |
| status = mbedtls_test_transparent_signature_verify_message( |
| attributes, |
| key_buffer, |
| key_buffer_size, |
| alg, |
| input, |
| input_length, |
| signature, |
| signature_length ); |
| /* Declared with fallback == true */ |
| if( status != PSA_ERROR_NOT_SUPPORTED ) |
| return( status ); |
| #endif /* PSA_CRYPTO_DRIVER_TEST */ |
| #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ |
| break; |
| |
| /* Add cases for opaque driver here */ |
| #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) |
| #if defined(PSA_CRYPTO_DRIVER_TEST) |
| case PSA_CRYPTO_TEST_DRIVER_LOCATION: |
| return( mbedtls_test_opaque_signature_verify_message( |
| attributes, |
| key_buffer, |
| key_buffer_size, |
| alg, |
| input, |
| input_length, |
| signature, |
| signature_length ) ); |
| if( status != PSA_ERROR_NOT_SUPPORTED ) |
| return( status ); |
| break; |
| #endif /* PSA_CRYPTO_DRIVER_TEST */ |
| #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ |
| default: |
| /* Key is declared with a lifetime not known to us */ |
| (void)status; |
| break; |
| } |
| |
| return( psa_verify_message_builtin( attributes, |
| key_buffer, |
| key_buffer_size, |
| alg, |
| input, |
| input_length, |
| signature, |
| signature_length ) ); |
| } |
| |
| static inline psa_status_t psa_driver_wrapper_sign_hash( |
| const psa_key_attributes_t *attributes, |
| const uint8_t *key_buffer, size_t key_buffer_size, |
| psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, |
| uint8_t *signature, size_t signature_size, size_t *signature_length ) |
| { |
| /* Try dynamically-registered SE interface first */ |
| #if defined(MBEDTLS_PSA_CRYPTO_SE_C) |
| const psa_drv_se_t *drv; |
| psa_drv_se_context_t *drv_context; |
| |
| if( psa_get_se_driver( psa_get_key_lifetime(attributes), &drv, &drv_context ) ) |
| { |
| if( drv->asymmetric == NULL || |
| drv->asymmetric->p_sign == NULL ) |
| { |
| /* Key is defined in SE, but we have no way to exercise it */ |
| return( PSA_ERROR_NOT_SUPPORTED ); |
| } |
| return( drv->asymmetric->p_sign( |
| drv_context, *( (psa_key_slot_number_t *)key_buffer ), |
| alg, hash, hash_length, |
| signature, signature_size, signature_length ) ); |
| } |
| #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ |
| |
| psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; |
| psa_key_location_t location = |
| PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) ); |
| |
| switch( location ) |
| { |
| case PSA_KEY_LOCATION_LOCAL_STORAGE: |
| /* Key is stored in the slot in export representation, so |
| * cycle through all known transparent accelerators */ |
| #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) |
| #if defined(PSA_CRYPTO_DRIVER_TEST) |
| status = mbedtls_test_transparent_signature_sign_hash( attributes, |
| key_buffer, |
| key_buffer_size, |
| alg, |
| hash, |
| hash_length, |
| signature, |
| signature_size, |
| signature_length ); |
| /* Declared with fallback == true */ |
| if( status != PSA_ERROR_NOT_SUPPORTED ) |
| return( status ); |
| #endif /* PSA_CRYPTO_DRIVER_TEST */ |
| #if defined (MBEDTLS_PSA_P256M_DRIVER_ENABLED) |
| if( PSA_KEY_TYPE_IS_ECC( psa_get_key_type(attributes) ) && |
| PSA_ALG_IS_ECDSA(alg) && |
| !PSA_ALG_ECDSA_IS_DETERMINISTIC( alg ) && |
| PSA_KEY_TYPE_ECC_GET_FAMILY(psa_get_key_type(attributes)) == PSA_ECC_FAMILY_SECP_R1 && |
| psa_get_key_bits(attributes) == 256 ) |
| { |
| status = p256_transparent_sign_hash( attributes, |
| key_buffer, |
| key_buffer_size, |
| alg, |
| hash, |
| hash_length, |
| signature, |
| signature_size, |
| signature_length ); |
| if( status != PSA_ERROR_NOT_SUPPORTED ) |
| return( status ); |
| } |
| #endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */ |
| #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ |
| /* Fell through, meaning no accelerator supports this operation */ |
| return( psa_sign_hash_builtin( attributes, |
| key_buffer, |
| key_buffer_size, |
| alg, |
| hash, |
| hash_length, |
| signature, |
| signature_size, |
| signature_length ) ); |
| |
| /* Add cases for opaque driver here */ |
| #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) |
| #if defined(PSA_CRYPTO_DRIVER_TEST) |
| case PSA_CRYPTO_TEST_DRIVER_LOCATION: |
| return( mbedtls_test_opaque_signature_sign_hash( attributes, |
| key_buffer, |
| key_buffer_size, |
| alg, |
| hash, |
| hash_length, |
| signature, |
| signature_size, |
| signature_length ) ); |
| #endif /* PSA_CRYPTO_DRIVER_TEST */ |
| #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ |
| default: |
| /* Key is declared with a lifetime not known to us */ |
| (void)status; |
| return( PSA_ERROR_INVALID_ARGUMENT ); |
| } |
| } |
| |
| static inline psa_status_t psa_driver_wrapper_verify_hash( |
| const psa_key_attributes_t *attributes, |
| const uint8_t *key_buffer, size_t key_buffer_size, |
| psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, |
| const uint8_t *signature, size_t signature_length ) |
| { |
| /* Try dynamically-registered SE interface first */ |
| #if defined(MBEDTLS_PSA_CRYPTO_SE_C) |
| const psa_drv_se_t *drv; |
| psa_drv_se_context_t *drv_context; |
| |
| if( psa_get_se_driver( psa_get_key_lifetime(attributes), &drv, &drv_context ) ) |
| { |
| if( drv->asymmetric == NULL || |
| drv->asymmetric->p_verify == NULL ) |
| { |
| /* Key is defined in SE, but we have no way to exercise it */ |
| return( PSA_ERROR_NOT_SUPPORTED ); |
| } |
| return( drv->asymmetric->p_verify( |
| drv_context, *( (psa_key_slot_number_t *)key_buffer ), |
| alg, hash, hash_length, |
| signature, signature_length ) ); |
| } |
| #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ |
| |
| psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; |
| psa_key_location_t location = |
| PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) ); |
| |
| switch( location ) |
| { |
| case PSA_KEY_LOCATION_LOCAL_STORAGE: |
| /* Key is stored in the slot in export representation, so |
| * cycle through all known transparent accelerators */ |
| #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) |
| #if defined(PSA_CRYPTO_DRIVER_TEST) |
| status = mbedtls_test_transparent_signature_verify_hash( |
| attributes, |
| key_buffer, |
| key_buffer_size, |
| alg, |
| hash, |
| hash_length, |
| signature, |
| signature_length ); |
| /* Declared with fallback == true */ |
| if( status != PSA_ERROR_NOT_SUPPORTED ) |
| return( status ); |
| #endif /* PSA_CRYPTO_DRIVER_TEST */ |
| #if defined (MBEDTLS_PSA_P256M_DRIVER_ENABLED) |
| if( PSA_KEY_TYPE_IS_ECC( psa_get_key_type(attributes) ) && |
| PSA_ALG_IS_ECDSA(alg) && |
| !PSA_ALG_ECDSA_IS_DETERMINISTIC( alg ) && |
| PSA_KEY_TYPE_ECC_GET_FAMILY(psa_get_key_type(attributes)) == PSA_ECC_FAMILY_SECP_R1 && |
| psa_get_key_bits(attributes) == 256 ) |
| { |
| status = p256_transparent_verify_hash( attributes, |
| key_buffer, |
| key_buffer_size, |
| alg, |
| hash, |
| hash_length, |
| signature, |
| signature_length ); |
| if( status != PSA_ERROR_NOT_SUPPORTED ) |
| return( status ); |
| } |
| #endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */ |
| #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ |
| |
| return( psa_verify_hash_builtin( attributes, |
| key_buffer, |
| key_buffer_size, |
| alg, |
| hash, |
| hash_length, |
| signature, |
| signature_length ) ); |
| |
| /* Add cases for opaque driver here */ |
| #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) |
| #if defined(PSA_CRYPTO_DRIVER_TEST) |
| case PSA_CRYPTO_TEST_DRIVER_LOCATION: |
| return( mbedtls_test_opaque_signature_verify_hash( attributes, |
| key_buffer, |
| key_buffer_size, |
| alg, |
| hash, |
| hash_length, |
| signature, |
| signature_length ) ); |
| #endif /* PSA_CRYPTO_DRIVER_TEST */ |
| #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ |
| default: |
| /* Key is declared with a lifetime not known to us */ |
| (void)status; |
| return( PSA_ERROR_INVALID_ARGUMENT ); |
| } |
| } |
| |
| static inline uint32_t psa_driver_wrapper_sign_hash_get_num_ops( |
| psa_sign_hash_interruptible_operation_t *operation ) |
| { |
| switch( operation->id ) |
| { |
| /* If uninitialised, return 0, as no work can have been done. */ |
| case 0: |
| return 0; |
| |
| case PSA_CRYPTO_MBED_TLS_DRIVER_ID: |
| return(mbedtls_psa_sign_hash_get_num_ops(&operation->ctx.mbedtls_ctx)); |
| |
| #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) |
| #if defined(PSA_CRYPTO_DRIVER_TEST) |
| /* Add test driver tests here */ |
| |
| #endif /* PSA_CRYPTO_DRIVER_TEST */ |
| #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ |
| } |
| |
| /* Can't happen (see discussion in #8271) */ |
| return 0; |
| } |
| |
| static inline uint32_t psa_driver_wrapper_verify_hash_get_num_ops( |
| psa_verify_hash_interruptible_operation_t *operation ) |
| { |
| switch( operation->id ) |
| { |
| /* If uninitialised, return 0, as no work can have been done. */ |
| case 0: |
| return 0; |
| |
| case PSA_CRYPTO_MBED_TLS_DRIVER_ID: |
| return (mbedtls_psa_verify_hash_get_num_ops(&operation->ctx.mbedtls_ctx)); |
| |
| #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) |
| #if defined(PSA_CRYPTO_DRIVER_TEST) |
| /* Add test driver tests here */ |
| |
| #endif /* PSA_CRYPTO_DRIVER_TEST */ |
| #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ |
| |
| } |
| |
| /* Can't happen (see discussion in #8271) */ |
| return 0; |
| } |
| |
| static inline psa_status_t psa_driver_wrapper_sign_hash_start( |
| psa_sign_hash_interruptible_operation_t *operation, |
| const psa_key_attributes_t *attributes, const uint8_t *key_buffer, |
| size_t key_buffer_size, psa_algorithm_t alg, |
| const uint8_t *hash, size_t hash_length ) |
| { |
| psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; |
| psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( |
| psa_get_key_lifetime(attributes) ); |
| |
| switch( location ) |
| { |
| case PSA_KEY_LOCATION_LOCAL_STORAGE: |
| /* Key is stored in the slot in export representation, so |
| * cycle through all known transparent accelerators */ |
| |
| #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) |
| #if defined(PSA_CRYPTO_DRIVER_TEST) |
| |
| /* Add test driver tests here */ |
| |
| /* Declared with fallback == true */ |
| |
| #endif /* PSA_CRYPTO_DRIVER_TEST */ |
| #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ |
| |
| /* Fell through, meaning no accelerator supports this operation */ |
| operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; |
| status = mbedtls_psa_sign_hash_start( &operation->ctx.mbedtls_ctx, |
| attributes, |
| key_buffer, key_buffer_size, |
| alg, hash, hash_length ); |
| break; |
| |
| /* Add cases for opaque driver here */ |
| |
| default: |
| /* Key is declared with a lifetime not known to us */ |
| status = PSA_ERROR_INVALID_ARGUMENT; |
| break; |
| } |
| |
| return( status ); |
| } |
| |
| static inline psa_status_t psa_driver_wrapper_sign_hash_complete( |
| psa_sign_hash_interruptible_operation_t *operation, |
| uint8_t *signature, size_t signature_size, |
| size_t *signature_length ) |
| { |
| switch( operation->id ) |
| { |
| case PSA_CRYPTO_MBED_TLS_DRIVER_ID: |
| return( mbedtls_psa_sign_hash_complete( &operation->ctx.mbedtls_ctx, |
| signature, signature_size, |
| signature_length ) ); |
| |
| #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) |
| #if defined(PSA_CRYPTO_DRIVER_TEST) |
| /* Add test driver tests here */ |
| |
| #endif /* PSA_CRYPTO_DRIVER_TEST */ |
| #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ |
| } |
| |
| ( void ) signature; |
| ( void ) signature_size; |
| ( void ) signature_length; |
| |
| return( PSA_ERROR_INVALID_ARGUMENT ); |
| } |
| |
| static inline psa_status_t psa_driver_wrapper_sign_hash_abort( |
| psa_sign_hash_interruptible_operation_t *operation ) |
| { |
| switch( operation->id ) |
| { |
| case PSA_CRYPTO_MBED_TLS_DRIVER_ID: |
| return( mbedtls_psa_sign_hash_abort( &operation->ctx.mbedtls_ctx ) ); |
| |
| #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) |
| #if defined(PSA_CRYPTO_DRIVER_TEST) |
| /* Add test driver tests here */ |
| |
| #endif /* PSA_CRYPTO_DRIVER_TEST */ |
| #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ |
| } |
| |
| return( PSA_ERROR_INVALID_ARGUMENT ); |
| } |
| |
| static inline psa_status_t psa_driver_wrapper_verify_hash_start( |
| psa_verify_hash_interruptible_operation_t *operation, |
| const psa_key_attributes_t *attributes, const uint8_t *key_buffer, |
| size_t key_buffer_size, psa_algorithm_t alg, |
| const uint8_t *hash, size_t hash_length, |
| const uint8_t *signature, size_t signature_length ) |
| { |
| psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; |
| psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( |
| psa_get_key_lifetime(attributes) ); |
| |
| switch( location ) |
| { |
| case PSA_KEY_LOCATION_LOCAL_STORAGE: |
| /* Key is stored in the slot in export representation, so |
| * cycle through all known transparent accelerators */ |
| |
| #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) |
| #if defined(PSA_CRYPTO_DRIVER_TEST) |
| |
| /* Add test driver tests here */ |
| |
| /* Declared with fallback == true */ |
| |
| #endif /* PSA_CRYPTO_DRIVER_TEST */ |
| #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ |
| |
| /* Fell through, meaning no accelerator supports this operation */ |
| operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; |
| status = mbedtls_psa_verify_hash_start( &operation->ctx.mbedtls_ctx, |
| attributes, |
| key_buffer, key_buffer_size, |
| alg, hash, hash_length, |
| signature, signature_length ); |
| break; |
| |
| /* Add cases for opaque driver here */ |
| |
| default: |
| /* Key is declared with a lifetime not known to us */ |
| status = PSA_ERROR_INVALID_ARGUMENT; |
| break; |
| } |
| |
| return( status ); |
| } |
| |
| static inline psa_status_t psa_driver_wrapper_verify_hash_complete( |
| psa_verify_hash_interruptible_operation_t *operation ) |
| { |
| switch( operation->id ) |
| { |
| case PSA_CRYPTO_MBED_TLS_DRIVER_ID: |
| return( mbedtls_psa_verify_hash_complete( |
| &operation->ctx.mbedtls_ctx |
| ) ); |
| |
| #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) |
| #if defined(PSA_CRYPTO_DRIVER_TEST) |
| /* Add test driver tests here */ |
| |
| #endif /* PSA_CRYPTO_DRIVER_TEST */ |
| #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ |
| } |
| |
| return( PSA_ERROR_INVALID_ARGUMENT ); |
| } |
| |
| static inline psa_status_t psa_driver_wrapper_verify_hash_abort( |
| psa_verify_hash_interruptible_operation_t *operation ) |
| { |
| switch( operation->id ) |
| { |
| case PSA_CRYPTO_MBED_TLS_DRIVER_ID: |
| return( mbedtls_psa_verify_hash_abort( &operation->ctx.mbedtls_ctx |
| ) ); |
| |
| #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) |
| #if defined(PSA_CRYPTO_DRIVER_TEST) |
| /* Add test driver tests here */ |
| |
| #endif /* PSA_CRYPTO_DRIVER_TEST */ |
| #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ |
| } |
| |
| return( PSA_ERROR_INVALID_ARGUMENT ); |
| } |
| |
| /** Calculate the key buffer size required to store the key material of a key |
| * associated with an opaque driver from input key data. |
| * |
| * \param[in] attributes The key attributes |
| * \param[in] data The input key data. |
| * \param[in] data_length The input data length. |
| * \param[out] key_buffer_size Minimum buffer size to contain the key material. |
| * |
| * \retval #PSA_SUCCESS \emptydescription |
| * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription |
| * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription |
| */ |
| static inline psa_status_t psa_driver_wrapper_get_key_buffer_size_from_key_data( |
| const psa_key_attributes_t *attributes, |
| const uint8_t *data, |
| size_t data_length, |
| size_t *key_buffer_size ) |
| { |
| psa_key_location_t location = |
| PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) ); |
| psa_key_type_t key_type = psa_get_key_type(attributes); |
| |
| *key_buffer_size = 0; |
| switch( location ) |
| { |
| #if defined(PSA_CRYPTO_DRIVER_TEST) |
| case PSA_CRYPTO_TEST_DRIVER_LOCATION: |
| *key_buffer_size = mbedtls_test_opaque_size_function( key_type, |
| PSA_BYTES_TO_BITS( data_length ) ); |
| return( ( *key_buffer_size != 0 ) ? |
| PSA_SUCCESS : PSA_ERROR_NOT_SUPPORTED ); |
| #endif /* PSA_CRYPTO_DRIVER_TEST */ |
| |
| default: |
| (void)key_type; |
| (void)data; |
| (void)data_length; |
| return( PSA_ERROR_INVALID_ARGUMENT ); |
| } |
| } |
| |
| static inline psa_status_t psa_driver_wrapper_generate_key( |
| const psa_key_attributes_t *attributes, |
| const psa_key_production_parameters_t *params, size_t params_data_length, |
| uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length ) |
| { |
| psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; |
| psa_key_location_t location = |
| PSA_KEY_LIFETIME_GET_LOCATION(psa_get_key_lifetime(attributes)); |
| |
| #if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE) |
| int is_default_production = |
| psa_key_production_parameters_are_default(params, params_data_length); |
| if( location != PSA_KEY_LOCATION_LOCAL_STORAGE && !is_default_production ) |
| { |
| /* We don't support passing custom production parameters |
| * to drivers yet. */ |
| return PSA_ERROR_NOT_SUPPORTED; |
| } |
| #else |
| int is_default_production = 1; |
| (void) is_default_production; |
| #endif |
| |
| /* Try dynamically-registered SE interface first */ |
| #if defined(MBEDTLS_PSA_CRYPTO_SE_C) |
| const psa_drv_se_t *drv; |
| psa_drv_se_context_t *drv_context; |
| |
| if( psa_get_se_driver( psa_get_key_lifetime(attributes), &drv, &drv_context ) ) |
| { |
| size_t pubkey_length = 0; /* We don't support this feature yet */ |
| if( drv->key_management == NULL || |
| drv->key_management->p_generate == NULL ) |
| { |
| /* Key is defined as being in SE, but we have no way to generate it */ |
| return( PSA_ERROR_NOT_SUPPORTED ); |
| } |
| return( drv->key_management->p_generate( |
| drv_context, |
| *( (psa_key_slot_number_t *)key_buffer ), |
| attributes, NULL, 0, &pubkey_length ) ); |
| } |
| #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ |
| |
| switch( location ) |
| { |
| case PSA_KEY_LOCATION_LOCAL_STORAGE: |
| #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) |
| /* Transparent drivers are limited to generating asymmetric keys. */ |
| /* We don't support passing custom production parameters |
| * to drivers yet. */ |
| if( PSA_KEY_TYPE_IS_ASYMMETRIC( psa_get_key_type(attributes) ) && |
| is_default_production ) |
| { |
| /* Cycle through all known transparent accelerators */ |
| #if defined(PSA_CRYPTO_DRIVER_TEST) |
| status = mbedtls_test_transparent_generate_key( |
| attributes, key_buffer, key_buffer_size, |
| key_buffer_length ); |
| /* Declared with fallback == true */ |
| if( status != PSA_ERROR_NOT_SUPPORTED ) |
| break; |
| #endif /* PSA_CRYPTO_DRIVER_TEST */ |
| #if defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED) |
| if( PSA_KEY_TYPE_IS_ECC( psa_get_key_type(attributes) ) && |
| psa_get_key_type(attributes) == PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1) && |
| psa_get_key_bits(attributes) == 256 ) |
| { |
| status = p256_transparent_generate_key( attributes, |
| key_buffer, |
| key_buffer_size, |
| key_buffer_length ); |
| if( status != PSA_ERROR_NOT_SUPPORTED ) |
| break; |
| } |
| |
| #endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */ |
| } |
| #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ |
| |
| /* Software fallback */ |
| status = psa_generate_key_internal( |
| attributes, params, params_data_length, |
| key_buffer, key_buffer_size, key_buffer_length ); |
| break; |
| |
| /* Add cases for opaque driver here */ |
| #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) |
| #if defined(PSA_CRYPTO_DRIVER_TEST) |
| case PSA_CRYPTO_TEST_DRIVER_LOCATION: |
| status = mbedtls_test_opaque_generate_key( |
| attributes, key_buffer, key_buffer_size, key_buffer_length ); |
| break; |
| #endif /* PSA_CRYPTO_DRIVER_TEST */ |
| #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ |
| |
| default: |
| /* Key is declared with a lifetime not known to us */ |
| status = PSA_ERROR_INVALID_ARGUMENT; |
| break; |
| } |
| |
| return( status ); |
| } |
| |
| static inline psa_status_t psa_driver_wrapper_import_key( |
| const psa_key_attributes_t *attributes, |
| const uint8_t *data, |
| size_t data_length, |
| uint8_t *key_buffer, |
| size_t key_buffer_size, |
| size_t *key_buffer_length, |
| size_t *bits ) |
| { |
| {% with entry_point = "import_key" -%} |
| {% macro entry_point_param(driver) -%} |
| attributes, |
| data, |
| data_length, |
| key_buffer, |
| key_buffer_size, |
| key_buffer_length, |
| bits |
| {% endmacro %} |
| psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; |
| psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( |
| psa_get_key_lifetime( attributes ) ); |
| |
| /* Try dynamically-registered SE interface first */ |
| #if defined(MBEDTLS_PSA_CRYPTO_SE_C) |
| const psa_drv_se_t *drv; |
| psa_drv_se_context_t *drv_context; |
| |
| if( psa_get_se_driver( psa_get_key_lifetime(attributes), &drv, &drv_context ) ) |
| { |
| if( drv->key_management == NULL || |
| drv->key_management->p_import == NULL ) |
| return( PSA_ERROR_NOT_SUPPORTED ); |
| |
| /* The driver should set the number of key bits, however in |
| * case it doesn't, we initialize bits to an invalid value. */ |
| *bits = PSA_MAX_KEY_BITS + 1; |
| status = drv->key_management->p_import( |
| drv_context, |
| *( (psa_key_slot_number_t *)key_buffer ), |
| attributes, data, data_length, bits ); |
| |
| if( status != PSA_SUCCESS ) |
| return( status ); |
| |
| if( (*bits) > PSA_MAX_KEY_BITS ) |
| return( PSA_ERROR_NOT_SUPPORTED ); |
| |
| return( PSA_SUCCESS ); |
| } |
| #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ |
| |
| switch( location ) |
| { |
| case PSA_KEY_LOCATION_LOCAL_STORAGE: |
| /* Key is stored in the slot in export representation, so |
| * cycle through all known transparent accelerators */ |
| #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) |
| {% with nest_indent=12 %} |
| {% include "OS-template-transparent.jinja" -%} |
| {% endwith -%} |
| #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ |
| |
| /* Fell through, meaning no accelerator supports this operation */ |
| return( psa_import_key_into_slot( attributes, |
| data, data_length, |
| key_buffer, key_buffer_size, |
| key_buffer_length, bits ) ); |
| /* Add cases for opaque driver here */ |
| #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) |
| {% with nest_indent=8 %} |
| {% include "OS-template-opaque.jinja" -%} |
| {% endwith -%} |
| #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ |
| default: |
| (void)status; |
| return( PSA_ERROR_INVALID_ARGUMENT ); |
| } |
| {% endwith %} |
| } |
| |
| static inline psa_status_t psa_driver_wrapper_export_key( |
| const psa_key_attributes_t *attributes, |
| const uint8_t *key_buffer, size_t key_buffer_size, |
| uint8_t *data, size_t data_size, size_t *data_length ) |
| |
| { |
| {% with entry_point = "export_key" -%} |
| {% macro entry_point_param(driver) -%} |
| attributes, |
| key_buffer, |
| key_buffer_size, |
| data, |
| data_size, |
| data_length |
| {% endmacro %} |
| psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; |
| psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( |
| psa_get_key_lifetime( attributes ) ); |
| |
| /* Try dynamically-registered SE interface first */ |
| #if defined(MBEDTLS_PSA_CRYPTO_SE_C) |
| const psa_drv_se_t *drv; |
| psa_drv_se_context_t *drv_context; |
| |
| if( psa_get_se_driver( psa_get_key_lifetime(attributes), &drv, &drv_context ) ) |
| { |
| if( ( drv->key_management == NULL ) || |
| ( drv->key_management->p_export == NULL ) ) |
| { |
| return( PSA_ERROR_NOT_SUPPORTED ); |
| } |
| |
| return( drv->key_management->p_export( |
| drv_context, |
| *( (psa_key_slot_number_t *)key_buffer ), |
| data, data_size, data_length ) ); |
| } |
| #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ |
| |
| switch( location ) |
| { |
| case PSA_KEY_LOCATION_LOCAL_STORAGE: |
| return( psa_export_key_internal( attributes, |
| key_buffer, |
| key_buffer_size, |
| data, |
| data_size, |
| data_length ) ); |
| |
| /* Add cases for opaque driver here */ |
| #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) |
| {% with nest_indent=8 %} |
| {% include "OS-template-opaque.jinja" -%} |
| {% endwith -%} |
| #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ |
| default: |
| /* Key is declared with a lifetime not known to us */ |
| return( status ); |
| } |
| {% endwith %} |
| } |
| |
| static inline psa_status_t psa_driver_wrapper_copy_key( |
| psa_key_attributes_t *attributes, |
| const uint8_t *source_key, size_t source_key_length, |
| uint8_t *target_key_buffer, size_t target_key_buffer_size, |
| size_t *target_key_buffer_length ) |
| { |
| {% with entry_point = "copy_key" -%} |
| {% macro entry_point_param(driver) -%} |
| attributes, |
| source_key, |
| source_key_length, |
| target_key_buffer, |
| target_key_buffer_size, |
| target_key_buffer_length |
| {% endmacro %} |
| psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; |
| psa_key_location_t location = |
| PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) ); |
| |
| #if defined(MBEDTLS_PSA_CRYPTO_SE_C) |
| const psa_drv_se_t *drv; |
| psa_drv_se_context_t *drv_context; |
| |
| if( psa_get_se_driver( psa_get_key_lifetime(attributes), &drv, &drv_context ) ) |
| { |
| /* Copying to a secure element is not implemented yet. */ |
| return( PSA_ERROR_NOT_SUPPORTED ); |
| } |
| #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ |
| |
| switch( location ) |
| { |
| #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) |
| {% with nest_indent=8 %} |
| {% include "OS-template-opaque.jinja" -%} |
| {% endwith -%} |
| #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ |
| default: |
| (void)source_key; |
| (void)source_key_length; |
| (void)target_key_buffer; |
| (void)target_key_buffer_size; |
| (void)target_key_buffer_length; |
| status = PSA_ERROR_INVALID_ARGUMENT; |
| } |
| return( status ); |
| {% endwith %} |
| } |
| |
| /* |
| * Cipher functions |
| */ |
| static inline psa_status_t psa_driver_wrapper_cipher_encrypt( |
| const psa_key_attributes_t *attributes, |
| const uint8_t *key_buffer, |
| size_t key_buffer_size, |
| psa_algorithm_t alg, |
| const uint8_t *iv, |
| size_t iv_length, |
| const uint8_t *input, |
| size_t input_length, |
| uint8_t *output, |
| size_t output_size, |
| size_t *output_length ) |
| { |
| psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; |
| psa_key_location_t location = |
| PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) ); |
| |
| switch( location ) |
| { |
| case PSA_KEY_LOCATION_LOCAL_STORAGE: |
| /* Key is stored in the slot in export representation, so |
| * cycle through all known transparent accelerators */ |
| #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) |
| #if defined(PSA_CRYPTO_DRIVER_TEST) |
| status = mbedtls_test_transparent_cipher_encrypt( attributes, |
| key_buffer, |
| key_buffer_size, |
| alg, |
| iv, |
| iv_length, |
| input, |
| input_length, |
| output, |
| output_size, |
| output_length ); |
| /* Declared with fallback == true */ |
| if( status != PSA_ERROR_NOT_SUPPORTED ) |
| return( status ); |
| #endif /* PSA_CRYPTO_DRIVER_TEST */ |
| #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ |
| |
| #if defined(MBEDTLS_PSA_BUILTIN_CIPHER) |
| return( mbedtls_psa_cipher_encrypt( attributes, |
| key_buffer, |
| key_buffer_size, |
| alg, |
| iv, |
| iv_length, |
| input, |
| input_length, |
| output, |
| output_size, |
| output_length ) ); |
| #else |
| return( PSA_ERROR_NOT_SUPPORTED ); |
| #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */ |
| |
| /* Add cases for opaque driver here */ |
| #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) |
| #if defined(PSA_CRYPTO_DRIVER_TEST) |
| case PSA_CRYPTO_TEST_DRIVER_LOCATION: |
| return( mbedtls_test_opaque_cipher_encrypt( attributes, |
| key_buffer, |
| key_buffer_size, |
| alg, |
| iv, |
| iv_length, |
| input, |
| input_length, |
| output, |
| output_size, |
| output_length ) ); |
| #endif /* PSA_CRYPTO_DRIVER_TEST */ |
| #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ |
| |
| default: |
| /* Key is declared with a lifetime not known to us */ |
| (void)status; |
| (void)key_buffer; |
| (void)key_buffer_size; |
| (void)alg; |
| (void)iv; |
| (void)iv_length; |
| (void)input; |
| (void)input_length; |
| (void)output; |
| (void)output_size; |
| (void)output_length; |
| return( PSA_ERROR_INVALID_ARGUMENT ); |
| } |
| } |
| |
| static inline psa_status_t psa_driver_wrapper_cipher_decrypt( |
| const psa_key_attributes_t *attributes, |
| const uint8_t *key_buffer, |
| size_t key_buffer_size, |
| psa_algorithm_t alg, |
| const uint8_t *input, |
| size_t input_length, |
| uint8_t *output, |
| size_t output_size, |
| size_t *output_length ) |
| { |
| psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; |
| psa_key_location_t location = |
| PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) ); |
| |
| switch( location ) |
| { |
| case PSA_KEY_LOCATION_LOCAL_STORAGE: |
| /* Key is stored in the slot in export representation, so |
| * cycle through all known transparent accelerators */ |
| #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) |
| #if defined(PSA_CRYPTO_DRIVER_TEST) |
| status = mbedtls_test_transparent_cipher_decrypt( attributes, |
| key_buffer, |
| key_buffer_size, |
| alg, |
| input, |
| input_length, |
| output, |
| output_size, |
| output_length ); |
| /* Declared with fallback == true */ |
| if( status != PSA_ERROR_NOT_SUPPORTED ) |
| return( status ); |
| #endif /* PSA_CRYPTO_DRIVER_TEST */ |
| #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ |
| |
| #if defined(MBEDTLS_PSA_BUILTIN_CIPHER) |
| return( mbedtls_psa_cipher_decrypt( attributes, |
| key_buffer, |
| key_buffer_size, |
| alg, |
| input, |
| input_length, |
| output, |
| output_size, |
| output_length ) ); |
| #else |
| return( PSA_ERROR_NOT_SUPPORTED ); |
| #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */ |
| |
| /* Add cases for opaque driver here */ |
| #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) |
| #if defined(PSA_CRYPTO_DRIVER_TEST) |
| case PSA_CRYPTO_TEST_DRIVER_LOCATION: |
| return( mbedtls_test_opaque_cipher_decrypt( attributes, |
| key_buffer, |
| key_buffer_size, |
| alg, |
| input, |
| input_length, |
| output, |
| output_size, |
| output_length ) ); |
| #endif /* PSA_CRYPTO_DRIVER_TEST */ |
| #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ |
| |
| default: |
| /* Key is declared with a lifetime not known to us */ |
| (void)status; |
| (void)key_buffer; |
| (void)key_buffer_size; |
| (void)alg; |
| (void)input; |
| (void)input_length; |
| (void)output; |
| (void)output_size; |
| (void)output_length; |
| return( PSA_ERROR_INVALID_ARGUMENT ); |
| } |
| } |
| |
| static inline psa_status_t psa_driver_wrapper_cipher_encrypt_setup( |
| psa_cipher_operation_t *operation, |
| const psa_key_attributes_t *attributes, |
| const uint8_t *key_buffer, size_t key_buffer_size, |
| psa_algorithm_t alg ) |
| { |
| psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; |
| psa_key_location_t location = |
| PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) ); |
| |
| switch( location ) |
| { |
| case PSA_KEY_LOCATION_LOCAL_STORAGE: |
| /* Key is stored in the slot in export representation, so |
| * cycle through all known transparent accelerators */ |
| #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) |
| #if defined(PSA_CRYPTO_DRIVER_TEST) |
| status = mbedtls_test_transparent_cipher_encrypt_setup( |
| &operation->ctx.transparent_test_driver_ctx, |
| attributes, |
| key_buffer, |
| key_buffer_size, |
| alg ); |
| /* Declared with fallback == true */ |
| if( status == PSA_SUCCESS ) |
| operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID; |
| |
| if( status != PSA_ERROR_NOT_SUPPORTED ) |
| return( status ); |
| #endif /* PSA_CRYPTO_DRIVER_TEST */ |
| #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ |
| #if defined(MBEDTLS_PSA_BUILTIN_CIPHER) |
| /* Fell through, meaning no accelerator supports this operation */ |
| status = mbedtls_psa_cipher_encrypt_setup( &operation->ctx.mbedtls_ctx, |
| attributes, |
| key_buffer, |
| key_buffer_size, |
| alg ); |
| if( status == PSA_SUCCESS ) |
| operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; |
| |
| if( status != PSA_ERROR_NOT_SUPPORTED ) |
| return( status ); |
| #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */ |
| return( PSA_ERROR_NOT_SUPPORTED ); |
| |
| /* Add cases for opaque driver here */ |
| #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) |
| #if defined(PSA_CRYPTO_DRIVER_TEST) |
| case PSA_CRYPTO_TEST_DRIVER_LOCATION: |
| status = mbedtls_test_opaque_cipher_encrypt_setup( |
| &operation->ctx.opaque_test_driver_ctx, |
| attributes, |
| key_buffer, key_buffer_size, |
| alg ); |
| |
| if( status == PSA_SUCCESS ) |
| operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID; |
| |
| return( status ); |
| #endif /* PSA_CRYPTO_DRIVER_TEST */ |
| #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ |
| default: |
| /* Key is declared with a lifetime not known to us */ |
| (void)status; |
| (void)operation; |
| (void)key_buffer; |
| (void)key_buffer_size; |
| (void)alg; |
| return( PSA_ERROR_INVALID_ARGUMENT ); |
| } |
| } |
| |
| static inline psa_status_t psa_driver_wrapper_cipher_decrypt_setup( |
| psa_cipher_operation_t *operation, |
| const psa_key_attributes_t *attributes, |
| const uint8_t *key_buffer, size_t key_buffer_size, |
| psa_algorithm_t alg ) |
| { |
| psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; |
| psa_key_location_t location = |
| PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) ); |
| |
| switch( location ) |
| { |
| case PSA_KEY_LOCATION_LOCAL_STORAGE: |
| /* Key is stored in the slot in export representation, so |
| * cycle through all known transparent accelerators */ |
| #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) |
| #if defined(PSA_CRYPTO_DRIVER_TEST) |
| status = mbedtls_test_transparent_cipher_decrypt_setup( |
| &operation->ctx.transparent_test_driver_ctx, |
| attributes, |
| key_buffer, |
| key_buffer_size, |
| alg ); |
| /* Declared with fallback == true */ |
| if( status == PSA_SUCCESS ) |
| operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID; |
| |
| if( status != PSA_ERROR_NOT_SUPPORTED ) |
| return( status ); |
| #endif /* PSA_CRYPTO_DRIVER_TEST */ |
| #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ |
| #if defined(MBEDTLS_PSA_BUILTIN_CIPHER) |
| /* Fell through, meaning no accelerator supports this operation */ |
| status = mbedtls_psa_cipher_decrypt_setup( &operation->ctx.mbedtls_ctx, |
| attributes, |
| key_buffer, |
| key_buffer_size, |
| alg ); |
| if( status == PSA_SUCCESS ) |
| operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; |
| |
| return( status ); |
| #else /* MBEDTLS_PSA_BUILTIN_CIPHER */ |
| return( PSA_ERROR_NOT_SUPPORTED ); |
| #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */ |
| |
| /* Add cases for opaque driver here */ |
| #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) |
| #if defined(PSA_CRYPTO_DRIVER_TEST) |
| case PSA_CRYPTO_TEST_DRIVER_LOCATION: |
| status = mbedtls_test_opaque_cipher_decrypt_setup( |
| &operation->ctx.opaque_test_driver_ctx, |
| attributes, |
| key_buffer, key_buffer_size, |
| alg ); |
| |
| if( status == PSA_SUCCESS ) |
| operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID; |
| |
| return( status ); |
| #endif /* PSA_CRYPTO_DRIVER_TEST */ |
| #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ |
| default: |
| /* Key is declared with a lifetime not known to us */ |
| (void)status; |
| (void)operation; |
| (void)key_buffer; |
| (void)key_buffer_size; |
| (void)alg; |
| return( PSA_ERROR_INVALID_ARGUMENT ); |
| } |
| } |
| |
| static inline psa_status_t psa_driver_wrapper_cipher_set_iv( |
| psa_cipher_operation_t *operation, |
| const uint8_t *iv, |
| size_t iv_length ) |
| { |
| switch( operation->id ) |
| { |
| #if defined(MBEDTLS_PSA_BUILTIN_CIPHER) |
| case PSA_CRYPTO_MBED_TLS_DRIVER_ID: |
| return( mbedtls_psa_cipher_set_iv( &operation->ctx.mbedtls_ctx, |
| iv, |
| iv_length ) ); |
| #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */ |
| |
| #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) |
| #if defined(PSA_CRYPTO_DRIVER_TEST) |
| case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: |
| return( mbedtls_test_transparent_cipher_set_iv( |
| &operation->ctx.transparent_test_driver_ctx, |
| iv, iv_length ) ); |
| |
| case MBEDTLS_TEST_OPAQUE_DRIVER_ID: |
| return( mbedtls_test_opaque_cipher_set_iv( |
| &operation->ctx.opaque_test_driver_ctx, |
| iv, iv_length ) ); |
| #endif /* PSA_CRYPTO_DRIVER_TEST */ |
| #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ |
| } |
| |
| (void)iv; |
| (void)iv_length; |
| |
| return( PSA_ERROR_INVALID_ARGUMENT ); |
| } |
| |
| static inline psa_status_t psa_driver_wrapper_cipher_update( |
| psa_cipher_operation_t *operation, |
| const uint8_t *input, |
| size_t input_length, |
| uint8_t *output, |
| size_t output_size, |
| size_t *output_length ) |
| { |
| switch( operation->id ) |
| { |
| #if defined(MBEDTLS_PSA_BUILTIN_CIPHER) |
| case PSA_CRYPTO_MBED_TLS_DRIVER_ID: |
| return( mbedtls_psa_cipher_update( &operation->ctx.mbedtls_ctx, |
| input, |
| input_length, |
| output, |
| output_size, |
| output_length ) ); |
| #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */ |
| |
| #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) |
| #if defined(PSA_CRYPTO_DRIVER_TEST) |
| case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: |
| return( mbedtls_test_transparent_cipher_update( |
| &operation->ctx.transparent_test_driver_ctx, |
| input, input_length, |
| output, output_size, output_length ) ); |
| |
| case MBEDTLS_TEST_OPAQUE_DRIVER_ID: |
| return( mbedtls_test_opaque_cipher_update( |
| &operation->ctx.opaque_test_driver_ctx, |
| input, input_length, |
| output, output_size, output_length ) ); |
| #endif /* PSA_CRYPTO_DRIVER_TEST */ |
| #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ |
| } |
| |
| (void)input; |
| (void)input_length; |
| (void)output; |
| (void)output_size; |
| (void)output_length; |
| |
| return( PSA_ERROR_INVALID_ARGUMENT ); |
| } |
| |
| static inline psa_status_t psa_driver_wrapper_cipher_finish( |
| psa_cipher_operation_t *operation, |
| uint8_t *output, |
| size_t output_size, |
| size_t *output_length ) |
| { |
| switch( operation->id ) |
| { |
| #if defined(MBEDTLS_PSA_BUILTIN_CIPHER) |
| case PSA_CRYPTO_MBED_TLS_DRIVER_ID: |
| return( mbedtls_psa_cipher_finish( &operation->ctx.mbedtls_ctx, |
| output, |
| output_size, |
| output_length ) ); |
| #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */ |
| |
| #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) |
| #if defined(PSA_CRYPTO_DRIVER_TEST) |
| case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: |
| return( mbedtls_test_transparent_cipher_finish( |
| &operation->ctx.transparent_test_driver_ctx, |
| output, output_size, output_length ) ); |
| |
| case MBEDTLS_TEST_OPAQUE_DRIVER_ID: |
| return( mbedtls_test_opaque_cipher_finish( |
| &operation->ctx.opaque_test_driver_ctx, |
| output, output_size, output_length ) ); |
| #endif /* PSA_CRYPTO_DRIVER_TEST */ |
| #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ |
| } |
| |
| (void)output; |
| (void)output_size; |
| (void)output_length; |
| |
| return( PSA_ERROR_INVALID_ARGUMENT ); |
| } |
| |
| static inline psa_status_t psa_driver_wrapper_cipher_abort( |
| psa_cipher_operation_t *operation ) |
| { |
| psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; |
| |
| switch( operation->id ) |
| { |
| #if defined(MBEDTLS_PSA_BUILTIN_CIPHER) |
| case PSA_CRYPTO_MBED_TLS_DRIVER_ID: |
| return( mbedtls_psa_cipher_abort( &operation->ctx.mbedtls_ctx ) ); |
| #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */ |
| |
| #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) |
| #if defined(PSA_CRYPTO_DRIVER_TEST) |
| case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: |
| status = mbedtls_test_transparent_cipher_abort( |
| &operation->ctx.transparent_test_driver_ctx ); |
| mbedtls_platform_zeroize( |
| &operation->ctx.transparent_test_driver_ctx, |
| sizeof( operation->ctx.transparent_test_driver_ctx ) ); |
| return( status ); |
| |
| case MBEDTLS_TEST_OPAQUE_DRIVER_ID: |
| status = mbedtls_test_opaque_cipher_abort( |
| &operation->ctx.opaque_test_driver_ctx ); |
| mbedtls_platform_zeroize( |
| &operation->ctx.opaque_test_driver_ctx, |
| sizeof( operation->ctx.opaque_test_driver_ctx ) ); |
| return( status ); |
| #endif /* PSA_CRYPTO_DRIVER_TEST */ |
| #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ |
| } |
| |
| (void)status; |
| return( PSA_ERROR_INVALID_ARGUMENT ); |
| } |
| |
| /* |
| * Hashing functions |
| */ |
| static inline psa_status_t psa_driver_wrapper_hash_compute( |
| psa_algorithm_t alg, |
| const uint8_t *input, |
| size_t input_length, |
| uint8_t *hash, |
| size_t hash_size, |
| size_t *hash_length) |
| { |
| psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; |
| |
| /* Try accelerators first */ |
| #if defined(PSA_CRYPTO_DRIVER_TEST) |
| status = mbedtls_test_transparent_hash_compute( |
| alg, input, input_length, hash, hash_size, hash_length ); |
| if( status != PSA_ERROR_NOT_SUPPORTED ) |
| return( status ); |
| #endif |
| |
| /* If software fallback is compiled in, try fallback */ |
| #if defined(MBEDTLS_PSA_BUILTIN_HASH) |
| status = mbedtls_psa_hash_compute( alg, input, input_length, |
| hash, hash_size, hash_length ); |
| if( status != PSA_ERROR_NOT_SUPPORTED ) |
| return( status ); |
| #endif |
| (void) status; |
| (void) alg; |
| (void) input; |
| (void) input_length; |
| (void) hash; |
| (void) hash_size; |
| (void) hash_length; |
| |
| return( PSA_ERROR_NOT_SUPPORTED ); |
| } |
| |
| static inline psa_status_t psa_driver_wrapper_hash_setup( |
| psa_hash_operation_t *operation, |
| psa_algorithm_t alg ) |
| { |
| psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; |
| |
| /* Try setup on accelerators first */ |
| #if defined(PSA_CRYPTO_DRIVER_TEST) |
| status = mbedtls_test_transparent_hash_setup( |
| &operation->ctx.test_driver_ctx, alg ); |
| if( status == PSA_SUCCESS ) |
| operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID; |
| |
| if( status != PSA_ERROR_NOT_SUPPORTED ) |
| return( status ); |
| #endif |
| |
| /* If software fallback is compiled in, try fallback */ |
| #if defined(MBEDTLS_PSA_BUILTIN_HASH) |
| status = mbedtls_psa_hash_setup( &operation->ctx.mbedtls_ctx, alg ); |
| if( status == PSA_SUCCESS ) |
| operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; |
| |
| if( status != PSA_ERROR_NOT_SUPPORTED ) |
| return( status ); |
| #endif |
| /* Nothing left to try if we fall through here */ |
| (void) status; |
| (void) operation; |
| (void) alg; |
| return( PSA_ERROR_NOT_SUPPORTED ); |
| } |
| |
| static inline psa_status_t psa_driver_wrapper_hash_clone( |
| const psa_hash_operation_t *source_operation, |
| psa_hash_operation_t *target_operation ) |
| { |
| switch( source_operation->id ) |
| { |
| #if defined(MBEDTLS_PSA_BUILTIN_HASH) |
| case PSA_CRYPTO_MBED_TLS_DRIVER_ID: |
| target_operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; |
| return( mbedtls_psa_hash_clone( &source_operation->ctx.mbedtls_ctx, |
| &target_operation->ctx.mbedtls_ctx ) ); |
| #endif |
| #if defined(PSA_CRYPTO_DRIVER_TEST) |
| case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: |
| target_operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID; |
| return( mbedtls_test_transparent_hash_clone( |
| &source_operation->ctx.test_driver_ctx, |
| &target_operation->ctx.test_driver_ctx ) ); |
| #endif |
| default: |
| (void) target_operation; |
| return( PSA_ERROR_BAD_STATE ); |
| } |
| } |
| |
| static inline psa_status_t psa_driver_wrapper_hash_update( |
| psa_hash_operation_t *operation, |
| const uint8_t *input, |
| size_t input_length ) |
| { |
| switch( operation->id ) |
| { |
| #if defined(MBEDTLS_PSA_BUILTIN_HASH) |
| case PSA_CRYPTO_MBED_TLS_DRIVER_ID: |
| return( mbedtls_psa_hash_update( &operation->ctx.mbedtls_ctx, |
| input, input_length ) ); |
| #endif |
| #if defined(PSA_CRYPTO_DRIVER_TEST) |
| case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: |
| return( mbedtls_test_transparent_hash_update( |
| &operation->ctx.test_driver_ctx, |
| input, input_length ) ); |
| #endif |
| default: |
| (void) input; |
| (void) input_length; |
| return( PSA_ERROR_BAD_STATE ); |
| } |
| } |
| |
| static inline psa_status_t psa_driver_wrapper_hash_finish( |
| psa_hash_operation_t *operation, |
| uint8_t *hash, |
| size_t hash_size, |
| size_t *hash_length ) |
| { |
| switch( operation->id ) |
| { |
| #if defined(MBEDTLS_PSA_BUILTIN_HASH) |
| case PSA_CRYPTO_MBED_TLS_DRIVER_ID: |
| return( mbedtls_psa_hash_finish( &operation->ctx.mbedtls_ctx, |
| hash, hash_size, hash_length ) ); |
| #endif |
| #if defined(PSA_CRYPTO_DRIVER_TEST) |
| case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: |
| return( mbedtls_test_transparent_hash_finish( |
| &operation->ctx.test_driver_ctx, |
| hash, hash_size, hash_length ) ); |
| #endif |
| default: |
| (void) hash; |
| (void) hash_size; |
| (void) hash_length; |
| return( PSA_ERROR_BAD_STATE ); |
| } |
| } |
| |
| static inline psa_status_t psa_driver_wrapper_hash_abort( |
| psa_hash_operation_t *operation ) |
| { |
| switch( operation->id ) |
| { |
| #if defined(MBEDTLS_PSA_BUILTIN_HASH) |
| case PSA_CRYPTO_MBED_TLS_DRIVER_ID: |
| return( mbedtls_psa_hash_abort( &operation->ctx.mbedtls_ctx ) ); |
| #endif |
| #if defined(PSA_CRYPTO_DRIVER_TEST) |
| case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: |
| return( mbedtls_test_transparent_hash_abort( |
| &operation->ctx.test_driver_ctx ) ); |
| #endif |
| default: |
| return( PSA_ERROR_BAD_STATE ); |
| } |
| } |
| |
| static inline psa_status_t psa_driver_wrapper_aead_encrypt( |
| const psa_key_attributes_t *attributes, |
| const uint8_t *key_buffer, size_t key_buffer_size, |
| psa_algorithm_t alg, |
| const uint8_t *nonce, size_t nonce_length, |
| const uint8_t *additional_data, size_t additional_data_length, |
| const uint8_t *plaintext, size_t plaintext_length, |
| uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length ) |
| { |
| psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; |
| psa_key_location_t location = |
| PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) ); |
| |
| switch( location ) |
| { |
| case PSA_KEY_LOCATION_LOCAL_STORAGE: |
| /* Key is stored in the slot in export representation, so |
| * cycle through all known transparent accelerators */ |
| |
| #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) |
| #if defined(PSA_CRYPTO_DRIVER_TEST) |
| status = mbedtls_test_transparent_aead_encrypt( |
| attributes, key_buffer, key_buffer_size, |
| alg, |
| nonce, nonce_length, |
| additional_data, additional_data_length, |
| plaintext, plaintext_length, |
| ciphertext, ciphertext_size, ciphertext_length ); |
| /* Declared with fallback == true */ |
| if( status != PSA_ERROR_NOT_SUPPORTED ) |
| return( status ); |
| #endif /* PSA_CRYPTO_DRIVER_TEST */ |
| #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ |
| |
| /* Fell through, meaning no accelerator supports this operation */ |
| return( mbedtls_psa_aead_encrypt( |
| attributes, key_buffer, key_buffer_size, |
| alg, |
| nonce, nonce_length, |
| additional_data, additional_data_length, |
| plaintext, plaintext_length, |
| ciphertext, ciphertext_size, ciphertext_length ) ); |
| |
| /* Add cases for opaque driver here */ |
| |
| default: |
| /* Key is declared with a lifetime not known to us */ |
| (void)status; |
| return( PSA_ERROR_INVALID_ARGUMENT ); |
| } |
| } |
| |
| static inline psa_status_t psa_driver_wrapper_aead_decrypt( |
| const psa_key_attributes_t *attributes, |
| const uint8_t *key_buffer, size_t key_buffer_size, |
| psa_algorithm_t alg, |
| const uint8_t *nonce, size_t nonce_length, |
| const uint8_t *additional_data, size_t additional_data_length, |
| const uint8_t *ciphertext, size_t ciphertext_length, |
| uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length ) |
| { |
| psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; |
| psa_key_location_t location = |
| PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) ); |
| |
| switch( location ) |
| { |
| case PSA_KEY_LOCATION_LOCAL_STORAGE: |
| /* Key is stored in the slot in export representation, so |
| * cycle through all known transparent accelerators */ |
| |
| #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) |
| #if defined(PSA_CRYPTO_DRIVER_TEST) |
| status = mbedtls_test_transparent_aead_decrypt( |
| attributes, key_buffer, key_buffer_size, |
| alg, |
| nonce, nonce_length, |
| additional_data, additional_data_length, |
| ciphertext, ciphertext_length, |
| plaintext, plaintext_size, plaintext_length ); |
| /* Declared with fallback == true */ |
| if( status != PSA_ERROR_NOT_SUPPORTED ) |
| return( status ); |
| #endif /* PSA_CRYPTO_DRIVER_TEST */ |
| #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ |
| |
| /* Fell through, meaning no accelerator supports this operation */ |
| return( mbedtls_psa_aead_decrypt( |
| attributes, key_buffer, key_buffer_size, |
| alg, |
| nonce, nonce_length, |
| additional_data, additional_data_length, |
| ciphertext, ciphertext_length, |
| plaintext, plaintext_size, plaintext_length ) ); |
| |
| /* Add cases for opaque driver here */ |
| |
| default: |
| /* Key is declared with a lifetime not known to us */ |
| (void)status; |
| return( PSA_ERROR_INVALID_ARGUMENT ); |
| } |
| } |
| |
| static inline psa_status_t psa_driver_wrapper_aead_encrypt_setup( |
| psa_aead_operation_t *operation, |
| const psa_key_attributes_t *attributes, |
| const uint8_t *key_buffer, size_t key_buffer_size, |
| psa_algorithm_t alg ) |
| { |
| psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; |
| psa_key_location_t location = |
| PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) ); |
| |
| switch( location ) |
| { |
| case PSA_KEY_LOCATION_LOCAL_STORAGE: |
| /* Key is stored in the slot in export representation, so |
| * cycle through all known transparent accelerators */ |
| |
| #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) |
| #if defined(PSA_CRYPTO_DRIVER_TEST) |
| operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID; |
| status = mbedtls_test_transparent_aead_encrypt_setup( |
| &operation->ctx.transparent_test_driver_ctx, |
| attributes, key_buffer, key_buffer_size, |
| alg ); |
| |
| /* Declared with fallback == true */ |
| if( status != PSA_ERROR_NOT_SUPPORTED ) |
| return( status ); |
| #endif /* PSA_CRYPTO_DRIVER_TEST */ |
| #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ |
| |
| /* Fell through, meaning no accelerator supports this operation */ |
| operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; |
| status = mbedtls_psa_aead_encrypt_setup( |
| &operation->ctx.mbedtls_ctx, attributes, |
| key_buffer, key_buffer_size, |
| alg ); |
| |
| return( status ); |
| |
| /* Add cases for opaque driver here */ |
| |
| default: |
| /* Key is declared with a lifetime not known to us */ |
| (void)status; |
| return( PSA_ERROR_INVALID_ARGUMENT ); |
| } |
| } |
| |
| static inline psa_status_t psa_driver_wrapper_aead_decrypt_setup( |
| psa_aead_operation_t *operation, |
| const psa_key_attributes_t *attributes, |
| const uint8_t *key_buffer, size_t key_buffer_size, |
| psa_algorithm_t alg ) |
| { |
| psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; |
| psa_key_location_t location = |
| PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) ); |
| |
| switch( location ) |
| { |
| case PSA_KEY_LOCATION_LOCAL_STORAGE: |
| /* Key is stored in the slot in export representation, so |
| * cycle through all known transparent accelerators */ |
| |
| #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) |
| #if defined(PSA_CRYPTO_DRIVER_TEST) |
| operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID; |
| status = mbedtls_test_transparent_aead_decrypt_setup( |
| &operation->ctx.transparent_test_driver_ctx, |
| attributes, |
| key_buffer, key_buffer_size, |
| alg ); |
| |
| /* Declared with fallback == true */ |
| if( status != PSA_ERROR_NOT_SUPPORTED ) |
| return( status ); |
| #endif /* PSA_CRYPTO_DRIVER_TEST */ |
| #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ |
| |
| /* Fell through, meaning no accelerator supports this operation */ |
| operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; |
| status = mbedtls_psa_aead_decrypt_setup( |
| &operation->ctx.mbedtls_ctx, |
| attributes, |
| key_buffer, key_buffer_size, |
| alg ); |
| |
| return( status ); |
| |
| /* Add cases for opaque driver here */ |
| |
| default: |
| /* Key is declared with a lifetime not known to us */ |
| (void)status; |
| return( PSA_ERROR_INVALID_ARGUMENT ); |
| } |
| } |
| |
| static inline psa_status_t psa_driver_wrapper_aead_set_nonce( |
| psa_aead_operation_t *operation, |
| const uint8_t *nonce, |
| size_t nonce_length ) |
| { |
| switch( operation->id ) |
| { |
| #if defined(MBEDTLS_PSA_BUILTIN_AEAD) |
| case PSA_CRYPTO_MBED_TLS_DRIVER_ID: |
| return( mbedtls_psa_aead_set_nonce( &operation->ctx.mbedtls_ctx, |
| nonce, |
| nonce_length ) ); |
| |
| #endif /* MBEDTLS_PSA_BUILTIN_AEAD */ |
| |
| #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) |
| #if defined(PSA_CRYPTO_DRIVER_TEST) |
| case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: |
| return( mbedtls_test_transparent_aead_set_nonce( |
| &operation->ctx.transparent_test_driver_ctx, |
| nonce, nonce_length ) ); |
| |
| /* Add cases for opaque driver here */ |
| |
| #endif /* PSA_CRYPTO_DRIVER_TEST */ |
| #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ |
| } |
| |
| (void)nonce; |
| (void)nonce_length; |
| |
| return( PSA_ERROR_INVALID_ARGUMENT ); |
| } |
| |
| static inline psa_status_t psa_driver_wrapper_aead_set_lengths( |
| psa_aead_operation_t *operation, |
| size_t ad_length, |
| size_t plaintext_length ) |
| { |
| switch( operation->id ) |
| { |
| #if defined(MBEDTLS_PSA_BUILTIN_AEAD) |
| case PSA_CRYPTO_MBED_TLS_DRIVER_ID: |
| return( mbedtls_psa_aead_set_lengths( &operation->ctx.mbedtls_ctx, |
| ad_length, |
| plaintext_length ) ); |
| |
| #endif /* MBEDTLS_PSA_BUILTIN_AEAD */ |
| |
| #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) |
| #if defined(PSA_CRYPTO_DRIVER_TEST) |
| case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: |
| return( mbedtls_test_transparent_aead_set_lengths( |
| &operation->ctx.transparent_test_driver_ctx, |
| ad_length, plaintext_length ) ); |
| |
| /* Add cases for opaque driver here */ |
| |
| #endif /* PSA_CRYPTO_DRIVER_TEST */ |
| #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ |
| } |
| |
| (void)ad_length; |
| (void)plaintext_length; |
| |
| return( PSA_ERROR_INVALID_ARGUMENT ); |
| } |
| |
| static inline psa_status_t psa_driver_wrapper_aead_update_ad( |
| psa_aead_operation_t *operation, |
| const uint8_t *input, |
| size_t input_length ) |
| { |
| switch( operation->id ) |
| { |
| #if defined(MBEDTLS_PSA_BUILTIN_AEAD) |
| case PSA_CRYPTO_MBED_TLS_DRIVER_ID: |
| return( mbedtls_psa_aead_update_ad( &operation->ctx.mbedtls_ctx, |
| input, |
| input_length ) ); |
| |
| #endif /* MBEDTLS_PSA_BUILTIN_AEAD */ |
| |
| #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) |
| #if defined(PSA_CRYPTO_DRIVER_TEST) |
| case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: |
| return( mbedtls_test_transparent_aead_update_ad( |
| &operation->ctx.transparent_test_driver_ctx, |
| input, input_length ) ); |
| |
| /* Add cases for opaque driver here */ |
| |
| #endif /* PSA_CRYPTO_DRIVER_TEST */ |
| #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ |
| } |
| |
| (void)input; |
| (void)input_length; |
| |
| return( PSA_ERROR_INVALID_ARGUMENT ); |
| } |
| |
| static inline psa_status_t psa_driver_wrapper_aead_update( |
| psa_aead_operation_t *operation, |
| const uint8_t *input, |
| size_t input_length, |
| uint8_t *output, |
| size_t output_size, |
| size_t *output_length ) |
| { |
| switch( operation->id ) |
| { |
| #if defined(MBEDTLS_PSA_BUILTIN_AEAD) |
| case PSA_CRYPTO_MBED_TLS_DRIVER_ID: |
| return( mbedtls_psa_aead_update( &operation->ctx.mbedtls_ctx, |
| input, input_length, |
| output, output_size, |
| output_length ) ); |
| |
| #endif /* MBEDTLS_PSA_BUILTIN_AEAD */ |
| |
| #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) |
| #if defined(PSA_CRYPTO_DRIVER_TEST) |
| case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: |
| return( mbedtls_test_transparent_aead_update( |
| &operation->ctx.transparent_test_driver_ctx, |
| input, input_length, output, output_size, |
| output_length ) ); |
| |
| /* Add cases for opaque driver here */ |
| |
| #endif /* PSA_CRYPTO_DRIVER_TEST */ |
| #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ |
| } |
| |
| (void)input; |
| (void)input_length; |
| (void)output; |
| (void)output_size; |
| (void)output_length; |
| |
| return( PSA_ERROR_INVALID_ARGUMENT ); |
| } |
| |
| static inline psa_status_t psa_driver_wrapper_aead_finish( |
| psa_aead_operation_t *operation, |
| uint8_t *ciphertext, |
| size_t ciphertext_size, |
| size_t *ciphertext_length, |
| uint8_t *tag, |
| size_t tag_size, |
| size_t *tag_length ) |
| { |
| switch( operation->id ) |
| { |
| #if defined(MBEDTLS_PSA_BUILTIN_AEAD) |
| case PSA_CRYPTO_MBED_TLS_DRIVER_ID: |
| return( mbedtls_psa_aead_finish( &operation->ctx.mbedtls_ctx, |
| ciphertext, |
| ciphertext_size, |
| ciphertext_length, tag, |
| tag_size, tag_length ) ); |
| |
| #endif /* MBEDTLS_PSA_BUILTIN_AEAD */ |
| |
| #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) |
| #if defined(PSA_CRYPTO_DRIVER_TEST) |
| case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: |
| return( mbedtls_test_transparent_aead_finish( |
| &operation->ctx.transparent_test_driver_ctx, |
| ciphertext, ciphertext_size, |
| ciphertext_length, tag, tag_size, tag_length ) ); |
| |
| /* Add cases for opaque driver here */ |
| |
| #endif /* PSA_CRYPTO_DRIVER_TEST */ |
| #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ |
| } |
| |
| (void)ciphertext; |
| (void)ciphertext_size; |
| (void)ciphertext_length; |
| (void)tag; |
| (void)tag_size; |
| (void)tag_length; |
| |
| return( PSA_ERROR_INVALID_ARGUMENT ); |
| } |
| |
| static inline psa_status_t psa_driver_wrapper_aead_verify( |
| psa_aead_operation_t *operation, |
| uint8_t *plaintext, |
| size_t plaintext_size, |
| size_t *plaintext_length, |
| const uint8_t *tag, |
| size_t tag_length ) |
| { |
| switch( operation->id ) |
| { |
| #if defined(MBEDTLS_PSA_BUILTIN_AEAD) |
| case PSA_CRYPTO_MBED_TLS_DRIVER_ID: |
| { |
| psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; |
| uint8_t check_tag[PSA_AEAD_TAG_MAX_SIZE]; |
| size_t check_tag_length; |
| |
| status = mbedtls_psa_aead_finish( &operation->ctx.mbedtls_ctx, |
| plaintext, |
| plaintext_size, |
| plaintext_length, |
| check_tag, |
| sizeof( check_tag ), |
| &check_tag_length ); |
| |
| if( status == PSA_SUCCESS ) |
| { |
| if( tag_length != check_tag_length || |
| mbedtls_ct_memcmp( tag, check_tag, tag_length ) |
| != 0 ) |
| status = PSA_ERROR_INVALID_SIGNATURE; |
| } |
| |
| mbedtls_platform_zeroize( check_tag, sizeof( check_tag ) ); |
| |
| return( status ); |
| } |
| |
| #endif /* MBEDTLS_PSA_BUILTIN_AEAD */ |
| |
| #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) |
| #if defined(PSA_CRYPTO_DRIVER_TEST) |
| case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: |
| return( mbedtls_test_transparent_aead_verify( |
| &operation->ctx.transparent_test_driver_ctx, |
| plaintext, plaintext_size, |
| plaintext_length, tag, tag_length ) ); |
| |
| /* Add cases for opaque driver here */ |
| |
| #endif /* PSA_CRYPTO_DRIVER_TEST */ |
| #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ |
| } |
| |
| (void)plaintext; |
| (void)plaintext_size; |
| (void)plaintext_length; |
| (void)tag; |
| (void)tag_length; |
| |
| return( PSA_ERROR_INVALID_ARGUMENT ); |
| } |
| |
| static inline psa_status_t psa_driver_wrapper_aead_abort( |
| psa_aead_operation_t *operation ) |
| { |
| switch( operation->id ) |
| { |
| #if defined(MBEDTLS_PSA_BUILTIN_AEAD) |
| case PSA_CRYPTO_MBED_TLS_DRIVER_ID: |
| return( mbedtls_psa_aead_abort( &operation->ctx.mbedtls_ctx ) ); |
| |
| #endif /* MBEDTLS_PSA_BUILTIN_AEAD */ |
| |
| #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) |
| #if defined(PSA_CRYPTO_DRIVER_TEST) |
| case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: |
| return( mbedtls_test_transparent_aead_abort( |
| &operation->ctx.transparent_test_driver_ctx ) ); |
| |
| /* Add cases for opaque driver here */ |
| |
| #endif /* PSA_CRYPTO_DRIVER_TEST */ |
| #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ |
| } |
| |
| return( PSA_ERROR_INVALID_ARGUMENT ); |
| } |
| |
| /* |
| * MAC functions |
| */ |
| static inline psa_status_t psa_driver_wrapper_mac_compute( |
| const psa_key_attributes_t *attributes, |
| const uint8_t *key_buffer, |
| size_t key_buffer_size, |
| psa_algorithm_t alg, |
| const uint8_t *input, |
| size_t input_length, |
| uint8_t *mac, |
| size_t mac_size, |
| size_t *mac_length ) |
| { |
| psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; |
| psa_key_location_t location = |
| PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) ); |
| |
| switch( location ) |
| { |
| case PSA_KEY_LOCATION_LOCAL_STORAGE: |
| /* Key is stored in the slot in export representation, so |
| * cycle through all known transparent accelerators */ |
| #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) |
| #if defined(PSA_CRYPTO_DRIVER_TEST) |
| status = mbedtls_test_transparent_mac_compute( |
| attributes, key_buffer, key_buffer_size, alg, |
| input, input_length, |
| mac, mac_size, mac_length ); |
| /* Declared with fallback == true */ |
| if( status != PSA_ERROR_NOT_SUPPORTED ) |
| return( status ); |
| #endif /* PSA_CRYPTO_DRIVER_TEST */ |
| #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ |
| #if defined(MBEDTLS_PSA_BUILTIN_MAC) |
| /* Fell through, meaning no accelerator supports this operation */ |
| status = mbedtls_psa_mac_compute( |
| attributes, key_buffer, key_buffer_size, alg, |
| input, input_length, |
| mac, mac_size, mac_length ); |
| if( status != PSA_ERROR_NOT_SUPPORTED ) |
| return( status ); |
| #endif /* MBEDTLS_PSA_BUILTIN_MAC */ |
| return( PSA_ERROR_NOT_SUPPORTED ); |
| |
| /* Add cases for opaque driver here */ |
| #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) |
| #if defined(PSA_CRYPTO_DRIVER_TEST) |
| case PSA_CRYPTO_TEST_DRIVER_LOCATION: |
| status = mbedtls_test_opaque_mac_compute( |
| attributes, key_buffer, key_buffer_size, alg, |
| input, input_length, |
| mac, mac_size, mac_length ); |
| return( status ); |
| #endif /* PSA_CRYPTO_DRIVER_TEST */ |
| #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ |
| default: |
| /* Key is declared with a lifetime not known to us */ |
| (void) key_buffer; |
| (void) key_buffer_size; |
| (void) alg; |
| (void) input; |
| (void) input_length; |
| (void) mac; |
| (void) mac_size; |
| (void) mac_length; |
| (void) status; |
| return( PSA_ERROR_INVALID_ARGUMENT ); |
| } |
| } |
| |
| static inline psa_status_t psa_driver_wrapper_mac_sign_setup( |
| psa_mac_operation_t *operation, |
| const psa_key_attributes_t *attributes, |
| const uint8_t *key_buffer, |
| size_t key_buffer_size, |
| psa_algorithm_t alg ) |
| { |
| psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; |
| psa_key_location_t location = |
| PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) ); |
| |
| switch( location ) |
| { |
| case PSA_KEY_LOCATION_LOCAL_STORAGE: |
| /* Key is stored in the slot in export representation, so |
| * cycle through all known transparent accelerators */ |
| #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) |
| #if defined(PSA_CRYPTO_DRIVER_TEST) |
| status = mbedtls_test_transparent_mac_sign_setup( |
| &operation->ctx.transparent_test_driver_ctx, |
| attributes, |
| key_buffer, key_buffer_size, |
| alg ); |
| /* Declared with fallback == true */ |
| if( status == PSA_SUCCESS ) |
| operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID; |
| |
| if( status != PSA_ERROR_NOT_SUPPORTED ) |
| return( status ); |
| #endif /* PSA_CRYPTO_DRIVER_TEST */ |
| #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ |
| #if defined(MBEDTLS_PSA_BUILTIN_MAC) |
| /* Fell through, meaning no accelerator supports this operation */ |
| status = mbedtls_psa_mac_sign_setup( &operation->ctx.mbedtls_ctx, |
| attributes, |
| key_buffer, key_buffer_size, |
| alg ); |
| if( status == PSA_SUCCESS ) |
| operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; |
| |
| if( status != PSA_ERROR_NOT_SUPPORTED ) |
| return( status ); |
| #endif /* MBEDTLS_PSA_BUILTIN_MAC */ |
| return( PSA_ERROR_NOT_SUPPORTED ); |
| |
| /* Add cases for opaque driver here */ |
| #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) |
| #if defined(PSA_CRYPTO_DRIVER_TEST) |
| case PSA_CRYPTO_TEST_DRIVER_LOCATION: |
| status = mbedtls_test_opaque_mac_sign_setup( |
| &operation->ctx.opaque_test_driver_ctx, |
| attributes, |
| key_buffer, key_buffer_size, |
| alg ); |
| |
| if( status == PSA_SUCCESS ) |
| operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID; |
| |
| return( status ); |
| #endif /* PSA_CRYPTO_DRIVER_TEST */ |
| #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ |
| default: |
| /* Key is declared with a lifetime not known to us */ |
| (void) status; |
| (void) operation; |
| (void) key_buffer; |
| (void) key_buffer_size; |
| (void) alg; |
| return( PSA_ERROR_INVALID_ARGUMENT ); |
| } |
| } |
| |
| static inline psa_status_t psa_driver_wrapper_mac_verify_setup( |
| psa_mac_operation_t *operation, |
| const psa_key_attributes_t *attributes, |
| const uint8_t *key_buffer, |
| size_t key_buffer_size, |
| psa_algorithm_t alg ) |
| { |
| psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; |
| psa_key_location_t location = |
| PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) ); |
| |
| switch( location ) |
| { |
| case PSA_KEY_LOCATION_LOCAL_STORAGE: |
| /* Key is stored in the slot in export representation, so |
| * cycle through all known transparent accelerators */ |
| #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) |
| #if defined(PSA_CRYPTO_DRIVER_TEST) |
| status = mbedtls_test_transparent_mac_verify_setup( |
| &operation->ctx.transparent_test_driver_ctx, |
| attributes, |
| key_buffer, key_buffer_size, |
| alg ); |
| /* Declared with fallback == true */ |
| if( status == PSA_SUCCESS ) |
| operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID; |
| |
| if( status != PSA_ERROR_NOT_SUPPORTED ) |
| return( status ); |
| #endif /* PSA_CRYPTO_DRIVER_TEST */ |
| #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ |
| #if defined(MBEDTLS_PSA_BUILTIN_MAC) |
| /* Fell through, meaning no accelerator supports this operation */ |
| status = mbedtls_psa_mac_verify_setup( &operation->ctx.mbedtls_ctx, |
| attributes, |
| key_buffer, key_buffer_size, |
| alg ); |
| if( status == PSA_SUCCESS ) |
| operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; |
| |
| if( status != PSA_ERROR_NOT_SUPPORTED ) |
| return( status ); |
| #endif /* MBEDTLS_PSA_BUILTIN_MAC */ |
| return( PSA_ERROR_NOT_SUPPORTED ); |
| |
| /* Add cases for opaque driver here */ |
| #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) |
| #if defined(PSA_CRYPTO_DRIVER_TEST) |
| case PSA_CRYPTO_TEST_DRIVER_LOCATION: |
| status = mbedtls_test_opaque_mac_verify_setup( |
| &operation->ctx.opaque_test_driver_ctx, |
| attributes, |
| key_buffer, key_buffer_size, |
| alg ); |
| |
| if( status == PSA_SUCCESS ) |
| operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID; |
| |
| return( status ); |
| #endif /* PSA_CRYPTO_DRIVER_TEST */ |
| #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ |
| default: |
| /* Key is declared with a lifetime not known to us */ |
| (void) status; |
| (void) operation; |
| (void) key_buffer; |
| (void) key_buffer_size; |
| (void) alg; |
| return( PSA_ERROR_INVALID_ARGUMENT ); |
| } |
| } |
| |
| static inline psa_status_t psa_driver_wrapper_mac_update( |
| psa_mac_operation_t *operation, |
| const uint8_t *input, |
| size_t input_length ) |
| { |
| switch( operation->id ) |
| { |
| #if defined(MBEDTLS_PSA_BUILTIN_MAC) |
| case PSA_CRYPTO_MBED_TLS_DRIVER_ID: |
| return( mbedtls_psa_mac_update( &operation->ctx.mbedtls_ctx, |
| input, input_length ) ); |
| #endif /* MBEDTLS_PSA_BUILTIN_MAC */ |
| |
| #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) |
| #if defined(PSA_CRYPTO_DRIVER_TEST) |
| case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: |
| return( mbedtls_test_transparent_mac_update( |
| &operation->ctx.transparent_test_driver_ctx, |
| input, input_length ) ); |
| |
| case MBEDTLS_TEST_OPAQUE_DRIVER_ID: |
| return( mbedtls_test_opaque_mac_update( |
| &operation->ctx.opaque_test_driver_ctx, |
| input, input_length ) ); |
| #endif /* PSA_CRYPTO_DRIVER_TEST */ |
| #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ |
| default: |
| (void) input; |
| (void) input_length; |
| return( PSA_ERROR_INVALID_ARGUMENT ); |
| } |
| } |
| |
| static inline psa_status_t psa_driver_wrapper_mac_sign_finish( |
| psa_mac_operation_t *operation, |
| uint8_t *mac, |
| size_t mac_size, |
| size_t *mac_length ) |
| { |
| switch( operation->id ) |
| { |
| #if defined(MBEDTLS_PSA_BUILTIN_MAC) |
| case PSA_CRYPTO_MBED_TLS_DRIVER_ID: |
| return( mbedtls_psa_mac_sign_finish( &operation->ctx.mbedtls_ctx, |
| mac, mac_size, mac_length ) ); |
| #endif /* MBEDTLS_PSA_BUILTIN_MAC */ |
| |
| #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) |
| #if defined(PSA_CRYPTO_DRIVER_TEST) |
| case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: |
| return( mbedtls_test_transparent_mac_sign_finish( |
| &operation->ctx.transparent_test_driver_ctx, |
| mac, mac_size, mac_length ) ); |
| |
| case MBEDTLS_TEST_OPAQUE_DRIVER_ID: |
| return( mbedtls_test_opaque_mac_sign_finish( |
| &operation->ctx.opaque_test_driver_ctx, |
| mac, mac_size, mac_length ) ); |
| #endif /* PSA_CRYPTO_DRIVER_TEST */ |
| #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ |
| default: |
| (void) mac; |
| (void) mac_size; |
| (void) mac_length; |
| return( PSA_ERROR_INVALID_ARGUMENT ); |
| } |
| } |
| |
| static inline psa_status_t psa_driver_wrapper_mac_verify_finish( |
| psa_mac_operation_t *operation, |
| const uint8_t *mac, |
| size_t mac_length ) |
| { |
| switch( operation->id ) |
| { |
| #if defined(MBEDTLS_PSA_BUILTIN_MAC) |
| case PSA_CRYPTO_MBED_TLS_DRIVER_ID: |
| return( mbedtls_psa_mac_verify_finish( &operation->ctx.mbedtls_ctx, |
| mac, mac_length ) ); |
| #endif /* MBEDTLS_PSA_BUILTIN_MAC */ |
| |
| #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) |
| #if defined(PSA_CRYPTO_DRIVER_TEST) |
| case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: |
| return( mbedtls_test_transparent_mac_verify_finish( |
| &operation->ctx.transparent_test_driver_ctx, |
| mac, mac_length ) ); |
| |
| case MBEDTLS_TEST_OPAQUE_DRIVER_ID: |
| return( mbedtls_test_opaque_mac_verify_finish( |
| &operation->ctx.opaque_test_driver_ctx, |
| mac, mac_length ) ); |
| #endif /* PSA_CRYPTO_DRIVER_TEST */ |
| #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ |
| default: |
| (void) mac; |
| (void) mac_length; |
| return( PSA_ERROR_INVALID_ARGUMENT ); |
| } |
| } |
| |
| static inline psa_status_t psa_driver_wrapper_mac_abort( |
| psa_mac_operation_t *operation ) |
| { |
| switch( operation->id ) |
| { |
| #if defined(MBEDTLS_PSA_BUILTIN_MAC) |
| case PSA_CRYPTO_MBED_TLS_DRIVER_ID: |
| return( mbedtls_psa_mac_abort( &operation->ctx.mbedtls_ctx ) ); |
| #endif /* MBEDTLS_PSA_BUILTIN_MAC */ |
| |
| #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) |
| #if defined(PSA_CRYPTO_DRIVER_TEST) |
| case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: |
| return( mbedtls_test_transparent_mac_abort( |
| &operation->ctx.transparent_test_driver_ctx ) ); |
| case MBEDTLS_TEST_OPAQUE_DRIVER_ID: |
| return( mbedtls_test_opaque_mac_abort( |
| &operation->ctx.opaque_test_driver_ctx ) ); |
| #endif /* PSA_CRYPTO_DRIVER_TEST */ |
| #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ |
| default: |
| return( PSA_ERROR_INVALID_ARGUMENT ); |
| } |
| } |
| |
| /* |
| * Asymmetric cryptography |
| */ |
| static inline psa_status_t psa_driver_wrapper_asymmetric_encrypt( |
| const psa_key_attributes_t *attributes, const uint8_t *key_buffer, |
| size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input, |
| size_t input_length, const uint8_t *salt, size_t salt_length, |
| uint8_t *output, size_t output_size, size_t *output_length ) |
| { |
| psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; |
| psa_key_location_t location = |
| PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) ); |
| |
| switch( location ) |
| { |
| case PSA_KEY_LOCATION_LOCAL_STORAGE: |
| /* Key is stored in the slot in export representation, so |
| * cycle through all known transparent accelerators */ |
| #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) |
| #if defined(PSA_CRYPTO_DRIVER_TEST) |
| status = mbedtls_test_transparent_asymmetric_encrypt( attributes, |
| key_buffer, key_buffer_size, alg, input, input_length, |
| salt, salt_length, output, output_size, |
| output_length ); |
| /* Declared with fallback == true */ |
| if( status != PSA_ERROR_NOT_SUPPORTED ) |
| return( status ); |
| #endif /* PSA_CRYPTO_DRIVER_TEST */ |
| #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ |
| return( mbedtls_psa_asymmetric_encrypt( attributes, |
| key_buffer, key_buffer_size, alg, input, input_length, |
| salt, salt_length, output, output_size, output_length ) |
| ); |
| /* Add cases for opaque driver here */ |
| #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) |
| #if defined(PSA_CRYPTO_DRIVER_TEST) |
| case PSA_CRYPTO_TEST_DRIVER_LOCATION: |
| return( mbedtls_test_opaque_asymmetric_encrypt( attributes, |
| key_buffer, key_buffer_size, alg, input, input_length, |
| salt, salt_length, output, output_size, output_length ) |
| ); |
| #endif /* PSA_CRYPTO_DRIVER_TEST */ |
| #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ |
| |
| default: |
| /* Key is declared with a lifetime not known to us */ |
| (void)status; |
| (void)key_buffer; |
| (void)key_buffer_size; |
| (void)alg; |
| (void)input; |
| (void)input_length; |
| (void)salt; |
| (void)salt_length; |
| (void)output; |
| (void)output_size; |
| (void)output_length; |
| return( PSA_ERROR_INVALID_ARGUMENT ); |
| } |
| } |
| |
| static inline psa_status_t psa_driver_wrapper_asymmetric_decrypt( |
| const psa_key_attributes_t *attributes, const uint8_t *key_buffer, |
| size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input, |
| size_t input_length, const uint8_t *salt, size_t salt_length, |
| uint8_t *output, size_t output_size, size_t *output_length ) |
| { |
| psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; |
| psa_key_location_t location = |
| PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) ); |
| |
| switch( location ) |
| { |
| case PSA_KEY_LOCATION_LOCAL_STORAGE: |
| /* Key is stored in the slot in export representation, so |
| * cycle through all known transparent accelerators */ |
| #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) |
| #if defined(PSA_CRYPTO_DRIVER_TEST) |
| status = mbedtls_test_transparent_asymmetric_decrypt( attributes, |
| key_buffer, key_buffer_size, alg, input, input_length, |
| salt, salt_length, output, output_size, |
| output_length ); |
| /* Declared with fallback == true */ |
| if( status != PSA_ERROR_NOT_SUPPORTED ) |
| return( status ); |
| #endif /* PSA_CRYPTO_DRIVER_TEST */ |
| #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ |
| return( mbedtls_psa_asymmetric_decrypt( attributes, |
| key_buffer, key_buffer_size, alg,input, input_length, |
| salt, salt_length, output, output_size, |
| output_length ) ); |
| /* Add cases for opaque driver here */ |
| #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) |
| #if defined(PSA_CRYPTO_DRIVER_TEST) |
| case PSA_CRYPTO_TEST_DRIVER_LOCATION: |
| return( mbedtls_test_opaque_asymmetric_decrypt( attributes, |
| key_buffer, key_buffer_size, alg, input, input_length, |
| salt, salt_length, output, output_size, |
| output_length ) ); |
| #endif /* PSA_CRYPTO_DRIVER_TEST */ |
| #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ |
| |
| default: |
| /* Key is declared with a lifetime not known to us */ |
| (void)status; |
| (void)key_buffer; |
| (void)key_buffer_size; |
| (void)alg; |
| (void)input; |
| (void)input_length; |
| (void)salt; |
| (void)salt_length; |
| (void)output; |
| (void)output_size; |
| (void)output_length; |
| return( PSA_ERROR_INVALID_ARGUMENT ); |
| } |
| } |
| |
| static inline psa_status_t psa_driver_wrapper_key_agreement( |
| const psa_key_attributes_t *attributes, |
| const uint8_t *key_buffer, |
| size_t key_buffer_size, |
| psa_algorithm_t alg, |
| const uint8_t *peer_key, |
| size_t peer_key_length, |
| uint8_t *shared_secret, |
| size_t shared_secret_size, |
| size_t *shared_secret_length |
| ) |
| { |
| psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; |
| psa_key_location_t location = |
| PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) ); |
| |
| switch( location ) |
| { |
| case PSA_KEY_LOCATION_LOCAL_STORAGE: |
| /* Key is stored in the slot in export representation, so |
| * cycle through all known transparent accelerators */ |
| #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) |
| #if defined(PSA_CRYPTO_DRIVER_TEST) |
| status = |
| mbedtls_test_transparent_key_agreement( attributes, |
| key_buffer, key_buffer_size, alg, peer_key, |
| peer_key_length, shared_secret, shared_secret_size, |
| shared_secret_length ); |
| if( status != PSA_ERROR_NOT_SUPPORTED ) |
| return( status ); |
| #endif /* PSA_CRYPTO_DRIVER_TEST */ |
| #if defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED) |
| if( PSA_KEY_TYPE_IS_ECC( psa_get_key_type(attributes) ) && |
| PSA_ALG_IS_ECDH(alg) && |
| PSA_KEY_TYPE_ECC_GET_FAMILY(psa_get_key_type(attributes)) == PSA_ECC_FAMILY_SECP_R1 && |
| psa_get_key_bits(attributes) == 256 ) |
| { |
| status = p256_transparent_key_agreement( attributes, |
| key_buffer, |
| key_buffer_size, |
| alg, |
| peer_key, |
| peer_key_length, |
| shared_secret, |
| shared_secret_size, |
| shared_secret_length ); |
| if( status != PSA_ERROR_NOT_SUPPORTED) |
| return( status ); |
| } |
| #endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */ |
| #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ |
| |
| /* Software Fallback */ |
| status = psa_key_agreement_raw_builtin( attributes, |
| key_buffer, |
| key_buffer_size, |
| alg, |
| peer_key, |
| peer_key_length, |
| shared_secret, |
| shared_secret_size, |
| shared_secret_length ); |
| return( status ); |
| #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) |
| #if defined(PSA_CRYPTO_DRIVER_TEST) |
| case PSA_CRYPTO_TEST_DRIVER_LOCATION: |
| return( mbedtls_test_opaque_key_agreement( attributes, |
| key_buffer, key_buffer_size, alg, peer_key, |
| peer_key_length, shared_secret, shared_secret_size, |
| shared_secret_length ) ); |
| #endif /* PSA_CRYPTO_DRIVER_TEST */ |
| #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ |
| |
| default: |
| (void) attributes; |
| (void) key_buffer; |
| (void) key_buffer_size; |
| (void) peer_key; |
| (void) peer_key_length; |
| (void) shared_secret; |
| (void) shared_secret_size; |
| (void) shared_secret_length; |
| return( PSA_ERROR_NOT_SUPPORTED ); |
| |
| } |
| } |
| |
| static inline psa_status_t psa_driver_wrapper_pake_setup( |
| psa_pake_operation_t *operation, |
| const psa_crypto_driver_pake_inputs_t *inputs ) |
| { |
| psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; |
| |
| psa_key_location_t location = |
| PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime( &inputs->attributes ) ); |
| |
| switch( location ) |
| { |
| case PSA_KEY_LOCATION_LOCAL_STORAGE: |
| /* Key is stored in the slot in export representation, so |
| * cycle through all known transparent accelerators */ |
| status = PSA_ERROR_NOT_SUPPORTED; |
| #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) |
| #if defined(PSA_CRYPTO_DRIVER_TEST) |
| status = mbedtls_test_transparent_pake_setup( |
| &operation->data.ctx.transparent_test_driver_ctx, |
| inputs ); |
| if( status == PSA_SUCCESS ) |
| operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID; |
| /* Declared with fallback == true */ |
| if( status != PSA_ERROR_NOT_SUPPORTED ) |
| return( status ); |
| #endif /* PSA_CRYPTO_DRIVER_TEST */ |
| #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ |
| #if defined(MBEDTLS_PSA_BUILTIN_PAKE) |
| status = mbedtls_psa_pake_setup( &operation->data.ctx.mbedtls_ctx, |
| inputs ); |
| if( status == PSA_SUCCESS ) |
| operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; |
| #endif |
| return status; |
| /* Add cases for opaque driver here */ |
| default: |
| /* Key is declared with a lifetime not known to us */ |
| (void)operation; |
| return( PSA_ERROR_INVALID_ARGUMENT ); |
| } |
| } |
| |
| static inline psa_status_t psa_driver_wrapper_pake_output( |
| psa_pake_operation_t *operation, |
| psa_crypto_driver_pake_step_t step, |
| uint8_t *output, |
| size_t output_size, |
| size_t *output_length ) |
| { |
| switch( operation->id ) |
| { |
| #if defined(MBEDTLS_PSA_BUILTIN_PAKE) |
| case PSA_CRYPTO_MBED_TLS_DRIVER_ID: |
| return( mbedtls_psa_pake_output( &operation->data.ctx.mbedtls_ctx, step, |
| output, output_size, output_length ) ); |
| #endif /* MBEDTLS_PSA_BUILTIN_PAKE */ |
| |
| #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) |
| #if defined(PSA_CRYPTO_DRIVER_TEST) |
| case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: |
| return( mbedtls_test_transparent_pake_output( |
| &operation->data.ctx.transparent_test_driver_ctx, |
| step, output, output_size, output_length ) ); |
| #endif /* PSA_CRYPTO_DRIVER_TEST */ |
| #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ |
| default: |
| (void) step; |
| (void) output; |
| (void) output_size; |
| (void) output_length; |
| return( PSA_ERROR_INVALID_ARGUMENT ); |
| } |
| } |
| |
| static inline psa_status_t psa_driver_wrapper_pake_input( |
| psa_pake_operation_t *operation, |
| psa_crypto_driver_pake_step_t step, |
| const uint8_t *input, |
| size_t input_length ) |
| { |
| switch( operation->id ) |
| { |
| #if defined(MBEDTLS_PSA_BUILTIN_PAKE) |
| case PSA_CRYPTO_MBED_TLS_DRIVER_ID: |
| return( mbedtls_psa_pake_input( &operation->data.ctx.mbedtls_ctx, |
| step, input, |
| input_length ) ); |
| #endif /* MBEDTLS_PSA_BUILTIN_PAKE */ |
| |
| #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) |
| #if defined(PSA_CRYPTO_DRIVER_TEST) |
| case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: |
| return( mbedtls_test_transparent_pake_input( |
| &operation->data.ctx.transparent_test_driver_ctx, |
| step, |
| input, input_length ) ); |
| #endif /* PSA_CRYPTO_DRIVER_TEST */ |
| #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ |
| default: |
| (void) step; |
| (void) input; |
| (void) input_length; |
| return( PSA_ERROR_INVALID_ARGUMENT ); |
| } |
| } |
| |
| static inline psa_status_t psa_driver_wrapper_pake_get_implicit_key( |
| psa_pake_operation_t *operation, |
| uint8_t *output, size_t output_size, |
| size_t *output_length ) |
| { |
| switch( operation->id ) |
| { |
| #if defined(MBEDTLS_PSA_BUILTIN_PAKE) |
| case PSA_CRYPTO_MBED_TLS_DRIVER_ID: |
| return( mbedtls_psa_pake_get_implicit_key( &operation->data.ctx.mbedtls_ctx, |
| output, output_size, output_length ) ); |
| #endif /* MBEDTLS_PSA_BUILTIN_PAKE */ |
| |
| #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) |
| #if defined(PSA_CRYPTO_DRIVER_TEST) |
| case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: |
| return( mbedtls_test_transparent_pake_get_implicit_key( |
| &operation->data.ctx.transparent_test_driver_ctx, |
| output, output_size, output_length ) ); |
| #endif /* PSA_CRYPTO_DRIVER_TEST */ |
| #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ |
| default: |
| (void) output; |
| (void) output_size; |
| (void) output_length; |
| return( PSA_ERROR_INVALID_ARGUMENT ); |
| } |
| } |
| |
| static inline psa_status_t psa_driver_wrapper_pake_abort( |
| psa_pake_operation_t * operation ) |
| { |
| switch( operation->id ) |
| { |
| #if defined(MBEDTLS_PSA_BUILTIN_PAKE) |
| case PSA_CRYPTO_MBED_TLS_DRIVER_ID: |
| return( mbedtls_psa_pake_abort( &operation->data.ctx.mbedtls_ctx ) ); |
| #endif /* MBEDTLS_PSA_BUILTIN_PAKE */ |
| |
| #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) |
| #if defined(PSA_CRYPTO_DRIVER_TEST) |
| case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: |
| return( mbedtls_test_transparent_pake_abort( |
| &operation->data.ctx.transparent_test_driver_ctx ) ); |
| #endif /* PSA_CRYPTO_DRIVER_TEST */ |
| #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ |
| default: |
| return( PSA_ERROR_INVALID_ARGUMENT ); |
| } |
| } |
| |
| #endif /* MBEDTLS_PSA_CRYPTO_C */ |