1 /*
2 * Functions to delegate cryptographic operations to an available
3 * and appropriate accelerator.
4 * Warning: This file will be auto-generated in the future.
5 */
6 /* Copyright The Mbed TLS Contributors
7 * SPDX-License-Identifier: Apache-2.0
8 *
9 * Licensed under the Apache License, Version 2.0 (the "License"); you may
10 * not use this file except in compliance with the License.
11 * You may obtain a copy of the License at
12 *
13 * http://www.apache.org/licenses/LICENSE-2.0
14 *
15 * Unless required by applicable law or agreed to in writing, software
16 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
17 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18 * See the License for the specific language governing permissions and
19 * limitations under the License.
20 */
21
22 #include "common.h"
23 #include "psa_crypto_aead.h"
24 #include "psa_crypto_cipher.h"
25 #include "psa_crypto_core.h"
26 #include "psa_crypto_driver_wrappers.h"
27 #include "psa_crypto_hash.h"
28 #include "psa_crypto_mac.h"
29
30 #include "mbedtls/platform.h"
31
32 #if defined(MBEDTLS_PSA_CRYPTO_C)
33
34 #if defined(MBEDTLS_PSA_CRYPTO_DRIVERS)
35
36 /* Include test driver definition when running tests */
37 #if defined(PSA_CRYPTO_DRIVER_TEST)
38 #ifndef PSA_CRYPTO_DRIVER_PRESENT
39 #define PSA_CRYPTO_DRIVER_PRESENT
40 #endif
41 #ifndef PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT
42 #define PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT
43 #endif
44 #include "test/drivers/test_driver.h"
45 #endif /* PSA_CRYPTO_DRIVER_TEST */
46
47 /* Repeat above block for each JSON-declared driver during autogeneration */
48 #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS */
49
50 /* Auto-generated values depending on which drivers are registered.
51 * ID 0 is reserved for unallocated operations.
52 * ID 1 is reserved for the Mbed TLS software driver. */
53 #define PSA_CRYPTO_MBED_TLS_DRIVER_ID (1)
54
55 #if defined(PSA_CRYPTO_DRIVER_TEST)
56 #define PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID (2)
57 #define PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID (3)
58 #endif /* PSA_CRYPTO_DRIVER_TEST */
59
60 /* Support the 'old' SE interface when asked to */
61 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
62 /* PSA_CRYPTO_DRIVER_PRESENT is defined when either a new-style or old-style
63 * SE driver is present, to avoid unused argument errors at compile time. */
64 #ifndef PSA_CRYPTO_DRIVER_PRESENT
65 #define PSA_CRYPTO_DRIVER_PRESENT
66 #endif
67 #include "psa_crypto_se.h"
68 #endif
69
70 /* Start delegation functions */
psa_driver_wrapper_sign_message(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * input,size_t input_length,uint8_t * signature,size_t signature_size,size_t * signature_length)71 psa_status_t psa_driver_wrapper_sign_message(
72 const psa_key_attributes_t *attributes,
73 const uint8_t *key_buffer,
74 size_t key_buffer_size,
75 psa_algorithm_t alg,
76 const uint8_t *input,
77 size_t input_length,
78 uint8_t *signature,
79 size_t signature_size,
80 size_t *signature_length )
81 {
82 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
83 psa_key_location_t location =
84 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
85
86 switch( location )
87 {
88 case PSA_KEY_LOCATION_LOCAL_STORAGE:
89 /* Key is stored in the slot in export representation, so
90 * cycle through all known transparent accelerators */
91 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
92 #if defined(PSA_CRYPTO_DRIVER_TEST)
93 status = mbedtls_test_transparent_signature_sign_message(
94 attributes,
95 key_buffer,
96 key_buffer_size,
97 alg,
98 input,
99 input_length,
100 signature,
101 signature_size,
102 signature_length );
103 /* Declared with fallback == true */
104 if( status != PSA_ERROR_NOT_SUPPORTED )
105 return( status );
106 #endif /* PSA_CRYPTO_DRIVER_TEST */
107 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
108 break;
109
110 /* Add cases for opaque driver here */
111 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
112 #if defined(PSA_CRYPTO_DRIVER_TEST)
113 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
114 status = mbedtls_test_opaque_signature_sign_message(
115 attributes,
116 key_buffer,
117 key_buffer_size,
118 alg,
119 input,
120 input_length,
121 signature,
122 signature_size,
123 signature_length );
124 if( status != PSA_ERROR_NOT_SUPPORTED )
125 return( status );
126 break;
127 #endif /* PSA_CRYPTO_DRIVER_TEST */
128 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
129 default:
130 /* Key is declared with a lifetime not known to us */
131 (void)status;
132 break;
133 }
134
135 return( psa_sign_message_builtin( attributes,
136 key_buffer,
137 key_buffer_size,
138 alg,
139 input,
140 input_length,
141 signature,
142 signature_size,
143 signature_length ) );
144 }
145
psa_driver_wrapper_verify_message(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * input,size_t input_length,const uint8_t * signature,size_t signature_length)146 psa_status_t psa_driver_wrapper_verify_message(
147 const psa_key_attributes_t *attributes,
148 const uint8_t *key_buffer,
149 size_t key_buffer_size,
150 psa_algorithm_t alg,
151 const uint8_t *input,
152 size_t input_length,
153 const uint8_t *signature,
154 size_t signature_length )
155 {
156 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
157 psa_key_location_t location =
158 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
159
160 switch( location )
161 {
162 case PSA_KEY_LOCATION_LOCAL_STORAGE:
163 /* Key is stored in the slot in export representation, so
164 * cycle through all known transparent accelerators */
165 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
166 #if defined(PSA_CRYPTO_DRIVER_TEST)
167 status = mbedtls_test_transparent_signature_verify_message(
168 attributes,
169 key_buffer,
170 key_buffer_size,
171 alg,
172 input,
173 input_length,
174 signature,
175 signature_length );
176 /* Declared with fallback == true */
177 if( status != PSA_ERROR_NOT_SUPPORTED )
178 return( status );
179 #endif /* PSA_CRYPTO_DRIVER_TEST */
180 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
181 break;
182
183 /* Add cases for opaque driver here */
184 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
185 #if defined(PSA_CRYPTO_DRIVER_TEST)
186 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
187 return( mbedtls_test_opaque_signature_verify_message(
188 attributes,
189 key_buffer,
190 key_buffer_size,
191 alg,
192 input,
193 input_length,
194 signature,
195 signature_length ) );
196 if( status != PSA_ERROR_NOT_SUPPORTED )
197 return( status );
198 break;
199 #endif /* PSA_CRYPTO_DRIVER_TEST */
200 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
201 default:
202 /* Key is declared with a lifetime not known to us */
203 (void)status;
204 break;
205 }
206
207 return( psa_verify_message_builtin( attributes,
208 key_buffer,
209 key_buffer_size,
210 alg,
211 input,
212 input_length,
213 signature,
214 signature_length ) );
215 }
216
psa_driver_wrapper_sign_hash(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * hash,size_t hash_length,uint8_t * signature,size_t signature_size,size_t * signature_length)217 psa_status_t psa_driver_wrapper_sign_hash(
218 const psa_key_attributes_t *attributes,
219 const uint8_t *key_buffer, size_t key_buffer_size,
220 psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
221 uint8_t *signature, size_t signature_size, size_t *signature_length )
222 {
223 /* Try dynamically-registered SE interface first */
224 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
225 const psa_drv_se_t *drv;
226 psa_drv_se_context_t *drv_context;
227
228 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
229 {
230 if( drv->asymmetric == NULL ||
231 drv->asymmetric->p_sign == NULL )
232 {
233 /* Key is defined in SE, but we have no way to exercise it */
234 return( PSA_ERROR_NOT_SUPPORTED );
235 }
236 return( drv->asymmetric->p_sign(
237 drv_context, *( (psa_key_slot_number_t *)key_buffer ),
238 alg, hash, hash_length,
239 signature, signature_size, signature_length ) );
240 }
241 #endif /* PSA_CRYPTO_SE_C */
242
243 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
244 psa_key_location_t location =
245 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
246
247 switch( location )
248 {
249 case PSA_KEY_LOCATION_LOCAL_STORAGE:
250 /* Key is stored in the slot in export representation, so
251 * cycle through all known transparent accelerators */
252 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
253 #if defined(PSA_CRYPTO_DRIVER_TEST)
254 status = mbedtls_test_transparent_signature_sign_hash( attributes,
255 key_buffer,
256 key_buffer_size,
257 alg,
258 hash,
259 hash_length,
260 signature,
261 signature_size,
262 signature_length );
263 /* Declared with fallback == true */
264 if( status != PSA_ERROR_NOT_SUPPORTED )
265 return( status );
266 #endif /* PSA_CRYPTO_DRIVER_TEST */
267 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
268 /* Fell through, meaning no accelerator supports this operation */
269 return( psa_sign_hash_builtin( attributes,
270 key_buffer,
271 key_buffer_size,
272 alg,
273 hash,
274 hash_length,
275 signature,
276 signature_size,
277 signature_length ) );
278
279 /* Add cases for opaque driver here */
280 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
281 #if defined(PSA_CRYPTO_DRIVER_TEST)
282 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
283 return( mbedtls_test_opaque_signature_sign_hash( attributes,
284 key_buffer,
285 key_buffer_size,
286 alg,
287 hash,
288 hash_length,
289 signature,
290 signature_size,
291 signature_length ) );
292 #endif /* PSA_CRYPTO_DRIVER_TEST */
293 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
294 default:
295 /* Key is declared with a lifetime not known to us */
296 (void)status;
297 return( PSA_ERROR_INVALID_ARGUMENT );
298 }
299 }
300
psa_driver_wrapper_verify_hash(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * hash,size_t hash_length,const uint8_t * signature,size_t signature_length)301 psa_status_t psa_driver_wrapper_verify_hash(
302 const psa_key_attributes_t *attributes,
303 const uint8_t *key_buffer, size_t key_buffer_size,
304 psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
305 const uint8_t *signature, size_t signature_length )
306 {
307 /* Try dynamically-registered SE interface first */
308 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
309 const psa_drv_se_t *drv;
310 psa_drv_se_context_t *drv_context;
311
312 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
313 {
314 if( drv->asymmetric == NULL ||
315 drv->asymmetric->p_verify == NULL )
316 {
317 /* Key is defined in SE, but we have no way to exercise it */
318 return( PSA_ERROR_NOT_SUPPORTED );
319 }
320 return( drv->asymmetric->p_verify(
321 drv_context, *( (psa_key_slot_number_t *)key_buffer ),
322 alg, hash, hash_length,
323 signature, signature_length ) );
324 }
325 #endif /* PSA_CRYPTO_SE_C */
326
327 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
328 psa_key_location_t location =
329 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
330
331 switch( location )
332 {
333 case PSA_KEY_LOCATION_LOCAL_STORAGE:
334 /* Key is stored in the slot in export representation, so
335 * cycle through all known transparent accelerators */
336 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
337 #if defined(PSA_CRYPTO_DRIVER_TEST)
338 status = mbedtls_test_transparent_signature_verify_hash(
339 attributes,
340 key_buffer,
341 key_buffer_size,
342 alg,
343 hash,
344 hash_length,
345 signature,
346 signature_length );
347 /* Declared with fallback == true */
348 if( status != PSA_ERROR_NOT_SUPPORTED )
349 return( status );
350 #endif /* PSA_CRYPTO_DRIVER_TEST */
351 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
352
353 return( psa_verify_hash_builtin( attributes,
354 key_buffer,
355 key_buffer_size,
356 alg,
357 hash,
358 hash_length,
359 signature,
360 signature_length ) );
361
362 /* Add cases for opaque driver here */
363 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
364 #if defined(PSA_CRYPTO_DRIVER_TEST)
365 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
366 return( mbedtls_test_opaque_signature_verify_hash( attributes,
367 key_buffer,
368 key_buffer_size,
369 alg,
370 hash,
371 hash_length,
372 signature,
373 signature_length ) );
374 #endif /* PSA_CRYPTO_DRIVER_TEST */
375 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
376 default:
377 /* Key is declared with a lifetime not known to us */
378 (void)status;
379 return( PSA_ERROR_INVALID_ARGUMENT );
380 }
381 }
382
383 /** Calculate the key buffer size required to store the key material of a key
384 * associated with an opaque driver from input key data.
385 *
386 * \param[in] attributes The key attributes
387 * \param[in] data The input key data.
388 * \param[in] data_length The input data length.
389 * \param[out] key_buffer_size Minimum buffer size to contain the key material.
390 *
391 * \retval #PSA_SUCCESS
392 * \retval #PSA_ERROR_INVALID_ARGUMENT
393 * \retval #PSA_ERROR_NOT_SUPPORTED
394 */
psa_driver_wrapper_get_key_buffer_size_from_key_data(const psa_key_attributes_t * attributes,const uint8_t * data,size_t data_length,size_t * key_buffer_size)395 psa_status_t psa_driver_wrapper_get_key_buffer_size_from_key_data(
396 const psa_key_attributes_t *attributes,
397 const uint8_t *data,
398 size_t data_length,
399 size_t *key_buffer_size )
400 {
401 psa_key_location_t location =
402 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
403 psa_key_type_t key_type = attributes->core.type;
404
405 *key_buffer_size = 0;
406 switch( location )
407 {
408 #if defined(PSA_CRYPTO_DRIVER_TEST)
409 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
410 *key_buffer_size = mbedtls_test_opaque_size_function( key_type,
411 PSA_BYTES_TO_BITS( data_length ) );
412 return( ( *key_buffer_size != 0 ) ?
413 PSA_SUCCESS : PSA_ERROR_NOT_SUPPORTED );
414 #endif /* PSA_CRYPTO_DRIVER_TEST */
415
416 default:
417 (void)key_type;
418 (void)data;
419 (void)data_length;
420 return( PSA_ERROR_INVALID_ARGUMENT );
421 }
422 }
423
424 /** Get the key buffer size required to store the key material of a key
425 * associated with an opaque driver.
426 *
427 * \param[in] attributes The key attributes.
428 * \param[out] key_buffer_size Minimum buffer size to contain the key material
429 *
430 * \retval #PSA_SUCCESS
431 * The minimum size for a buffer to contain the key material has been
432 * returned successfully.
433 * \retval #PSA_ERROR_NOT_SUPPORTED
434 * The type and/or the size in bits of the key or the combination of
435 * the two is not supported.
436 * \retval #PSA_ERROR_INVALID_ARGUMENT
437 * The key is declared with a lifetime not known to us.
438 */
psa_driver_wrapper_get_key_buffer_size(const psa_key_attributes_t * attributes,size_t * key_buffer_size)439 psa_status_t psa_driver_wrapper_get_key_buffer_size(
440 const psa_key_attributes_t *attributes,
441 size_t *key_buffer_size )
442 {
443 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
444 psa_key_type_t key_type = attributes->core.type;
445 size_t key_bits = attributes->core.bits;
446
447 *key_buffer_size = 0;
448 switch( location )
449 {
450 #if defined(PSA_CRYPTO_DRIVER_TEST)
451 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
452 #if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
453 /* Emulate property 'builtin_key_size' */
454 if( psa_key_id_is_builtin(
455 MBEDTLS_SVC_KEY_ID_GET_KEY_ID(
456 psa_get_key_id( attributes ) ) ) )
457 {
458 *key_buffer_size = sizeof( psa_drv_slot_number_t );
459 return( PSA_SUCCESS );
460 }
461 #endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
462 *key_buffer_size = mbedtls_test_opaque_size_function( key_type,
463 key_bits );
464 return( ( *key_buffer_size != 0 ) ?
465 PSA_SUCCESS : PSA_ERROR_NOT_SUPPORTED );
466 #endif /* PSA_CRYPTO_DRIVER_TEST */
467
468 default:
469 (void)key_type;
470 (void)key_bits;
471 return( PSA_ERROR_INVALID_ARGUMENT );
472 }
473 }
474
psa_driver_wrapper_generate_key(const psa_key_attributes_t * attributes,uint8_t * key_buffer,size_t key_buffer_size,size_t * key_buffer_length)475 psa_status_t psa_driver_wrapper_generate_key(
476 const psa_key_attributes_t *attributes,
477 uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
478 {
479 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
480 psa_key_location_t location =
481 PSA_KEY_LIFETIME_GET_LOCATION(attributes->core.lifetime);
482
483 /* Try dynamically-registered SE interface first */
484 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
485 const psa_drv_se_t *drv;
486 psa_drv_se_context_t *drv_context;
487
488 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
489 {
490 size_t pubkey_length = 0; /* We don't support this feature yet */
491 if( drv->key_management == NULL ||
492 drv->key_management->p_generate == NULL )
493 {
494 /* Key is defined as being in SE, but we have no way to generate it */
495 return( PSA_ERROR_NOT_SUPPORTED );
496 }
497 return( drv->key_management->p_generate(
498 drv_context,
499 *( (psa_key_slot_number_t *)key_buffer ),
500 attributes, NULL, 0, &pubkey_length ) );
501 }
502 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
503
504 switch( location )
505 {
506 case PSA_KEY_LOCATION_LOCAL_STORAGE:
507 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
508 /* Transparent drivers are limited to generating asymmetric keys */
509 if( PSA_KEY_TYPE_IS_ASYMMETRIC( attributes->core.type ) )
510 {
511 /* Cycle through all known transparent accelerators */
512 #if defined(PSA_CRYPTO_DRIVER_TEST)
513 status = mbedtls_test_transparent_generate_key(
514 attributes, key_buffer, key_buffer_size,
515 key_buffer_length );
516 /* Declared with fallback == true */
517 if( status != PSA_ERROR_NOT_SUPPORTED )
518 break;
519 #endif /* PSA_CRYPTO_DRIVER_TEST */
520 }
521 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
522
523 /* Software fallback */
524 status = psa_generate_key_internal(
525 attributes, key_buffer, key_buffer_size, key_buffer_length );
526 break;
527
528 /* Add cases for opaque driver here */
529 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
530 #if defined(PSA_CRYPTO_DRIVER_TEST)
531 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
532 status = mbedtls_test_opaque_generate_key(
533 attributes, key_buffer, key_buffer_size, key_buffer_length );
534 break;
535 #endif /* PSA_CRYPTO_DRIVER_TEST */
536 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
537
538 default:
539 /* Key is declared with a lifetime not known to us */
540 status = PSA_ERROR_INVALID_ARGUMENT;
541 break;
542 }
543
544 return( status );
545 }
546
psa_driver_wrapper_import_key(const psa_key_attributes_t * attributes,const uint8_t * data,size_t data_length,uint8_t * key_buffer,size_t key_buffer_size,size_t * key_buffer_length,size_t * bits)547 psa_status_t psa_driver_wrapper_import_key(
548 const psa_key_attributes_t *attributes,
549 const uint8_t *data,
550 size_t data_length,
551 uint8_t *key_buffer,
552 size_t key_buffer_size,
553 size_t *key_buffer_length,
554 size_t *bits )
555 {
556 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
557 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
558 psa_get_key_lifetime( attributes ) );
559
560 /* Try dynamically-registered SE interface first */
561 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
562 const psa_drv_se_t *drv;
563 psa_drv_se_context_t *drv_context;
564
565 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
566 {
567 if( drv->key_management == NULL ||
568 drv->key_management->p_import == NULL )
569 return( PSA_ERROR_NOT_SUPPORTED );
570
571 /* The driver should set the number of key bits, however in
572 * case it doesn't, we initialize bits to an invalid value. */
573 *bits = PSA_MAX_KEY_BITS + 1;
574 status = drv->key_management->p_import(
575 drv_context,
576 *( (psa_key_slot_number_t *)key_buffer ),
577 attributes, data, data_length, bits );
578
579 if( status != PSA_SUCCESS )
580 return( status );
581
582 if( (*bits) > PSA_MAX_KEY_BITS )
583 return( PSA_ERROR_NOT_SUPPORTED );
584
585 return( PSA_SUCCESS );
586 }
587 #endif /* PSA_CRYPTO_SE_C */
588
589 switch( location )
590 {
591 case PSA_KEY_LOCATION_LOCAL_STORAGE:
592 /* Key is stored in the slot in export representation, so
593 * cycle through all known transparent accelerators */
594 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
595 #if defined(PSA_CRYPTO_DRIVER_TEST)
596 status = mbedtls_test_transparent_import_key(
597 attributes,
598 data, data_length,
599 key_buffer, key_buffer_size,
600 key_buffer_length, bits );
601 /* Declared with fallback == true */
602 if( status != PSA_ERROR_NOT_SUPPORTED )
603 return( status );
604 #endif /* PSA_CRYPTO_DRIVER_TEST */
605 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
606 /* Fell through, meaning no accelerator supports this operation */
607 return( psa_import_key_into_slot( attributes,
608 data, data_length,
609 key_buffer, key_buffer_size,
610 key_buffer_length, bits ) );
611 /* Add cases for opaque driver here */
612 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
613 #if defined(PSA_CRYPTO_DRIVER_TEST)
614 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
615 return( mbedtls_test_opaque_import_key(
616 attributes,
617 data, data_length,
618 key_buffer, key_buffer_size,
619 key_buffer_length, bits ) );
620 #endif /* PSA_CRYPTO_DRIVER_TEST */
621 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
622 default:
623 (void)status;
624 return( PSA_ERROR_INVALID_ARGUMENT );
625 }
626
627 }
628
psa_driver_wrapper_export_key(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,uint8_t * data,size_t data_size,size_t * data_length)629 psa_status_t psa_driver_wrapper_export_key(
630 const psa_key_attributes_t *attributes,
631 const uint8_t *key_buffer, size_t key_buffer_size,
632 uint8_t *data, size_t data_size, size_t *data_length )
633
634 {
635 psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
636 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
637 psa_get_key_lifetime( attributes ) );
638
639 /* Try dynamically-registered SE interface first */
640 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
641 const psa_drv_se_t *drv;
642 psa_drv_se_context_t *drv_context;
643
644 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
645 {
646 if( ( drv->key_management == NULL ) ||
647 ( drv->key_management->p_export == NULL ) )
648 {
649 return( PSA_ERROR_NOT_SUPPORTED );
650 }
651
652 return( drv->key_management->p_export(
653 drv_context,
654 *( (psa_key_slot_number_t *)key_buffer ),
655 data, data_size, data_length ) );
656 }
657 #endif /* PSA_CRYPTO_SE_C */
658
659 switch( location )
660 {
661 case PSA_KEY_LOCATION_LOCAL_STORAGE:
662 return( psa_export_key_internal( attributes,
663 key_buffer,
664 key_buffer_size,
665 data,
666 data_size,
667 data_length ) );
668
669 /* Add cases for opaque driver here */
670 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
671 #if defined(PSA_CRYPTO_DRIVER_TEST)
672 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
673 return( mbedtls_test_opaque_export_key( attributes,
674 key_buffer,
675 key_buffer_size,
676 data,
677 data_size,
678 data_length ) );
679 #endif /* PSA_CRYPTO_DRIVER_TEST */
680 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
681 default:
682 /* Key is declared with a lifetime not known to us */
683 return( status );
684 }
685 }
686
psa_driver_wrapper_export_public_key(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,uint8_t * data,size_t data_size,size_t * data_length)687 psa_status_t psa_driver_wrapper_export_public_key(
688 const psa_key_attributes_t *attributes,
689 const uint8_t *key_buffer, size_t key_buffer_size,
690 uint8_t *data, size_t data_size, size_t *data_length )
691
692 {
693 psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
694 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
695 psa_get_key_lifetime( attributes ) );
696
697 /* Try dynamically-registered SE interface first */
698 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
699 const psa_drv_se_t *drv;
700 psa_drv_se_context_t *drv_context;
701
702 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
703 {
704 if( ( drv->key_management == NULL ) ||
705 ( drv->key_management->p_export_public == NULL ) )
706 {
707 return( PSA_ERROR_NOT_SUPPORTED );
708 }
709
710 return( drv->key_management->p_export_public(
711 drv_context,
712 *( (psa_key_slot_number_t *)key_buffer ),
713 data, data_size, data_length ) );
714 }
715 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
716
717 switch( location )
718 {
719 case PSA_KEY_LOCATION_LOCAL_STORAGE:
720 /* Key is stored in the slot in export representation, so
721 * cycle through all known transparent accelerators */
722 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
723 #if defined(PSA_CRYPTO_DRIVER_TEST)
724 status = mbedtls_test_transparent_export_public_key(
725 attributes,
726 key_buffer,
727 key_buffer_size,
728 data,
729 data_size,
730 data_length );
731 /* Declared with fallback == true */
732 if( status != PSA_ERROR_NOT_SUPPORTED )
733 return( status );
734 #endif /* PSA_CRYPTO_DRIVER_TEST */
735 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
736 /* Fell through, meaning no accelerator supports this operation */
737 return( psa_export_public_key_internal( attributes,
738 key_buffer,
739 key_buffer_size,
740 data,
741 data_size,
742 data_length ) );
743
744 /* Add cases for opaque driver here */
745 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
746 #if defined(PSA_CRYPTO_DRIVER_TEST)
747 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
748 return( mbedtls_test_opaque_export_public_key( attributes,
749 key_buffer,
750 key_buffer_size,
751 data,
752 data_size,
753 data_length ) );
754 #endif /* PSA_CRYPTO_DRIVER_TEST */
755 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
756 default:
757 /* Key is declared with a lifetime not known to us */
758 return( status );
759 }
760 }
761
psa_driver_wrapper_get_builtin_key(psa_drv_slot_number_t slot_number,psa_key_attributes_t * attributes,uint8_t * key_buffer,size_t key_buffer_size,size_t * key_buffer_length)762 psa_status_t psa_driver_wrapper_get_builtin_key(
763 psa_drv_slot_number_t slot_number,
764 psa_key_attributes_t *attributes,
765 uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
766 {
767 psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
768 switch( location )
769 {
770 #if defined(PSA_CRYPTO_DRIVER_TEST)
771 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
772 return( mbedtls_test_opaque_get_builtin_key(
773 slot_number,
774 attributes,
775 key_buffer, key_buffer_size, key_buffer_length ) );
776 #endif /* PSA_CRYPTO_DRIVER_TEST */
777 default:
778 (void) slot_number;
779 (void) key_buffer;
780 (void) key_buffer_size;
781 (void) key_buffer_length;
782 return( PSA_ERROR_DOES_NOT_EXIST );
783 }
784 }
785
psa_driver_wrapper_copy_key(psa_key_attributes_t * attributes,const uint8_t * source_key,size_t source_key_length,uint8_t * target_key_buffer,size_t target_key_buffer_size,size_t * target_key_buffer_length)786 psa_status_t psa_driver_wrapper_copy_key(
787 psa_key_attributes_t *attributes,
788 const uint8_t *source_key, size_t source_key_length,
789 uint8_t *target_key_buffer, size_t target_key_buffer_size,
790 size_t *target_key_buffer_length )
791 {
792 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
793 psa_key_location_t location =
794 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
795
796 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
797 const psa_drv_se_t *drv;
798 psa_drv_se_context_t *drv_context;
799
800 if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
801 {
802 /* Copying to a secure element is not implemented yet. */
803 return( PSA_ERROR_NOT_SUPPORTED );
804 }
805 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
806
807 switch( location )
808 {
809 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
810 #if defined(PSA_CRYPTO_DRIVER_TEST)
811 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
812 return( mbedtls_test_opaque_copy_key( attributes, source_key,
813 source_key_length,
814 target_key_buffer,
815 target_key_buffer_size,
816 target_key_buffer_length) );
817 #endif /* PSA_CRYPTO_DRIVER_TEST */
818 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
819 default:
820 (void)source_key;
821 (void)source_key_length;
822 (void)target_key_buffer;
823 (void)target_key_buffer_size;
824 (void)target_key_buffer_length;
825 status = PSA_ERROR_INVALID_ARGUMENT;
826 }
827 return( status );
828 }
829
830 /*
831 * Cipher functions
832 */
psa_driver_wrapper_cipher_encrypt(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * input,size_t input_length,uint8_t * output,size_t output_size,size_t * output_length)833 psa_status_t psa_driver_wrapper_cipher_encrypt(
834 const psa_key_attributes_t *attributes,
835 const uint8_t *key_buffer,
836 size_t key_buffer_size,
837 psa_algorithm_t alg,
838 const uint8_t *input,
839 size_t input_length,
840 uint8_t *output,
841 size_t output_size,
842 size_t *output_length )
843 {
844 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
845 psa_key_location_t location =
846 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
847
848 switch( location )
849 {
850 case PSA_KEY_LOCATION_LOCAL_STORAGE:
851 /* Key is stored in the slot in export representation, so
852 * cycle through all known transparent accelerators */
853 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
854 #if defined(PSA_CRYPTO_DRIVER_TEST)
855 status = mbedtls_test_transparent_cipher_encrypt( attributes,
856 key_buffer,
857 key_buffer_size,
858 alg,
859 input,
860 input_length,
861 output,
862 output_size,
863 output_length );
864 /* Declared with fallback == true */
865 if( status != PSA_ERROR_NOT_SUPPORTED )
866 return( status );
867 #endif /* PSA_CRYPTO_DRIVER_TEST */
868 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
869
870 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
871 return( mbedtls_psa_cipher_encrypt( attributes,
872 key_buffer,
873 key_buffer_size,
874 alg,
875 input,
876 input_length,
877 output,
878 output_size,
879 output_length ) );
880 #else
881 return( PSA_ERROR_NOT_SUPPORTED );
882 #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
883
884 /* Add cases for opaque driver here */
885 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
886 #if defined(PSA_CRYPTO_DRIVER_TEST)
887 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
888 return( mbedtls_test_opaque_cipher_encrypt( attributes,
889 key_buffer,
890 key_buffer_size,
891 alg,
892 input,
893 input_length,
894 output,
895 output_size,
896 output_length ) );
897 #endif /* PSA_CRYPTO_DRIVER_TEST */
898 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
899
900 default:
901 /* Key is declared with a lifetime not known to us */
902 (void)status;
903 (void)key_buffer;
904 (void)key_buffer_size;
905 (void)alg;
906 (void)input;
907 (void)input_length;
908 (void)output;
909 (void)output_size;
910 (void)output_length;
911 return( PSA_ERROR_INVALID_ARGUMENT );
912 }
913 }
914
psa_driver_wrapper_cipher_decrypt(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * input,size_t input_length,uint8_t * output,size_t output_size,size_t * output_length)915 psa_status_t psa_driver_wrapper_cipher_decrypt(
916 const psa_key_attributes_t *attributes,
917 const uint8_t *key_buffer,
918 size_t key_buffer_size,
919 psa_algorithm_t alg,
920 const uint8_t *input,
921 size_t input_length,
922 uint8_t *output,
923 size_t output_size,
924 size_t *output_length )
925 {
926 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
927 psa_key_location_t location =
928 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
929
930 switch( location )
931 {
932 case PSA_KEY_LOCATION_LOCAL_STORAGE:
933 /* Key is stored in the slot in export representation, so
934 * cycle through all known transparent accelerators */
935 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
936 #if defined(PSA_CRYPTO_DRIVER_TEST)
937 status = mbedtls_test_transparent_cipher_decrypt( attributes,
938 key_buffer,
939 key_buffer_size,
940 alg,
941 input,
942 input_length,
943 output,
944 output_size,
945 output_length );
946 /* Declared with fallback == true */
947 if( status != PSA_ERROR_NOT_SUPPORTED )
948 return( status );
949 #endif /* PSA_CRYPTO_DRIVER_TEST */
950 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
951
952 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
953 return( mbedtls_psa_cipher_decrypt( attributes,
954 key_buffer,
955 key_buffer_size,
956 alg,
957 input,
958 input_length,
959 output,
960 output_size,
961 output_length ) );
962 #else
963 return( PSA_ERROR_NOT_SUPPORTED );
964 #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
965
966 /* Add cases for opaque driver here */
967 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
968 #if defined(PSA_CRYPTO_DRIVER_TEST)
969 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
970 return( mbedtls_test_opaque_cipher_decrypt( attributes,
971 key_buffer,
972 key_buffer_size,
973 alg,
974 input,
975 input_length,
976 output,
977 output_size,
978 output_length ) );
979 #endif /* PSA_CRYPTO_DRIVER_TEST */
980 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
981
982 default:
983 /* Key is declared with a lifetime not known to us */
984 (void)status;
985 (void)key_buffer;
986 (void)key_buffer_size;
987 (void)alg;
988 (void)input;
989 (void)input_length;
990 (void)output;
991 (void)output_size;
992 (void)output_length;
993 return( PSA_ERROR_INVALID_ARGUMENT );
994 }
995 }
996
psa_driver_wrapper_cipher_encrypt_setup(psa_cipher_operation_t * operation,const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg)997 psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
998 psa_cipher_operation_t *operation,
999 const psa_key_attributes_t *attributes,
1000 const uint8_t *key_buffer, size_t key_buffer_size,
1001 psa_algorithm_t alg )
1002 {
1003 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1004 psa_key_location_t location =
1005 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1006
1007 switch( location )
1008 {
1009 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1010 /* Key is stored in the slot in export representation, so
1011 * cycle through all known transparent accelerators */
1012 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1013 #if defined(PSA_CRYPTO_DRIVER_TEST)
1014 status = mbedtls_test_transparent_cipher_encrypt_setup(
1015 &operation->ctx.transparent_test_driver_ctx,
1016 attributes,
1017 key_buffer,
1018 key_buffer_size,
1019 alg );
1020 /* Declared with fallback == true */
1021 if( status == PSA_SUCCESS )
1022 operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
1023
1024 if( status != PSA_ERROR_NOT_SUPPORTED )
1025 return( status );
1026 #endif /* PSA_CRYPTO_DRIVER_TEST */
1027 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1028 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1029 /* Fell through, meaning no accelerator supports this operation */
1030 status = mbedtls_psa_cipher_encrypt_setup( &operation->ctx.mbedtls_ctx,
1031 attributes,
1032 key_buffer,
1033 key_buffer_size,
1034 alg );
1035 if( status == PSA_SUCCESS )
1036 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1037
1038 if( status != PSA_ERROR_NOT_SUPPORTED )
1039 return( status );
1040 #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1041 return( PSA_ERROR_NOT_SUPPORTED );
1042
1043 /* Add cases for opaque driver here */
1044 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1045 #if defined(PSA_CRYPTO_DRIVER_TEST)
1046 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
1047 status = mbedtls_test_opaque_cipher_encrypt_setup(
1048 &operation->ctx.opaque_test_driver_ctx,
1049 attributes,
1050 key_buffer, key_buffer_size,
1051 alg );
1052
1053 if( status == PSA_SUCCESS )
1054 operation->id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID;
1055
1056 return( status );
1057 #endif /* PSA_CRYPTO_DRIVER_TEST */
1058 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1059 default:
1060 /* Key is declared with a lifetime not known to us */
1061 (void)status;
1062 (void)key_buffer;
1063 (void)key_buffer_size;
1064 (void)alg;
1065 return( PSA_ERROR_INVALID_ARGUMENT );
1066 }
1067 }
1068
psa_driver_wrapper_cipher_decrypt_setup(psa_cipher_operation_t * operation,const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg)1069 psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
1070 psa_cipher_operation_t *operation,
1071 const psa_key_attributes_t *attributes,
1072 const uint8_t *key_buffer, size_t key_buffer_size,
1073 psa_algorithm_t alg )
1074 {
1075 psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
1076 psa_key_location_t location =
1077 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1078
1079 switch( location )
1080 {
1081 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1082 /* Key is stored in the slot in export representation, so
1083 * cycle through all known transparent accelerators */
1084 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1085 #if defined(PSA_CRYPTO_DRIVER_TEST)
1086 status = mbedtls_test_transparent_cipher_decrypt_setup(
1087 &operation->ctx.transparent_test_driver_ctx,
1088 attributes,
1089 key_buffer,
1090 key_buffer_size,
1091 alg );
1092 /* Declared with fallback == true */
1093 if( status == PSA_SUCCESS )
1094 operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
1095
1096 if( status != PSA_ERROR_NOT_SUPPORTED )
1097 return( status );
1098 #endif /* PSA_CRYPTO_DRIVER_TEST */
1099 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1100 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1101 /* Fell through, meaning no accelerator supports this operation */
1102 status = mbedtls_psa_cipher_decrypt_setup( &operation->ctx.mbedtls_ctx,
1103 attributes,
1104 key_buffer,
1105 key_buffer_size,
1106 alg );
1107 if( status == PSA_SUCCESS )
1108 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1109
1110 return( status );
1111 #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1112 return( PSA_ERROR_NOT_SUPPORTED );
1113
1114 /* Add cases for opaque driver here */
1115 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1116 #if defined(PSA_CRYPTO_DRIVER_TEST)
1117 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
1118 status = mbedtls_test_opaque_cipher_decrypt_setup(
1119 &operation->ctx.opaque_test_driver_ctx,
1120 attributes,
1121 key_buffer, key_buffer_size,
1122 alg );
1123
1124 if( status == PSA_SUCCESS )
1125 operation->id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID;
1126
1127 return( status );
1128 #endif /* PSA_CRYPTO_DRIVER_TEST */
1129 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1130 default:
1131 /* Key is declared with a lifetime not known to us */
1132 (void)status;
1133 (void)key_buffer;
1134 (void)key_buffer_size;
1135 (void)alg;
1136 return( PSA_ERROR_INVALID_ARGUMENT );
1137 }
1138 }
1139
psa_driver_wrapper_cipher_set_iv(psa_cipher_operation_t * operation,const uint8_t * iv,size_t iv_length)1140 psa_status_t psa_driver_wrapper_cipher_set_iv(
1141 psa_cipher_operation_t *operation,
1142 const uint8_t *iv,
1143 size_t iv_length )
1144 {
1145 switch( operation->id )
1146 {
1147 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1148 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1149 return( mbedtls_psa_cipher_set_iv( &operation->ctx.mbedtls_ctx,
1150 iv,
1151 iv_length ) );
1152 #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1153
1154 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1155 #if defined(PSA_CRYPTO_DRIVER_TEST)
1156 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
1157 return( mbedtls_test_transparent_cipher_set_iv(
1158 &operation->ctx.transparent_test_driver_ctx,
1159 iv, iv_length ) );
1160
1161 case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
1162 return( mbedtls_test_opaque_cipher_set_iv(
1163 &operation->ctx.opaque_test_driver_ctx,
1164 iv, iv_length ) );
1165 #endif /* PSA_CRYPTO_DRIVER_TEST */
1166 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1167 }
1168
1169 (void)iv;
1170 (void)iv_length;
1171
1172 return( PSA_ERROR_INVALID_ARGUMENT );
1173 }
1174
psa_driver_wrapper_cipher_update(psa_cipher_operation_t * operation,const uint8_t * input,size_t input_length,uint8_t * output,size_t output_size,size_t * output_length)1175 psa_status_t psa_driver_wrapper_cipher_update(
1176 psa_cipher_operation_t *operation,
1177 const uint8_t *input,
1178 size_t input_length,
1179 uint8_t *output,
1180 size_t output_size,
1181 size_t *output_length )
1182 {
1183 switch( operation->id )
1184 {
1185 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1186 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1187 return( mbedtls_psa_cipher_update( &operation->ctx.mbedtls_ctx,
1188 input,
1189 input_length,
1190 output,
1191 output_size,
1192 output_length ) );
1193 #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1194
1195 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1196 #if defined(PSA_CRYPTO_DRIVER_TEST)
1197 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
1198 return( mbedtls_test_transparent_cipher_update(
1199 &operation->ctx.transparent_test_driver_ctx,
1200 input, input_length,
1201 output, output_size, output_length ) );
1202
1203 case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
1204 return( mbedtls_test_opaque_cipher_update(
1205 &operation->ctx.opaque_test_driver_ctx,
1206 input, input_length,
1207 output, output_size, output_length ) );
1208 #endif /* PSA_CRYPTO_DRIVER_TEST */
1209 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1210 }
1211
1212 (void)input;
1213 (void)input_length;
1214 (void)output;
1215 (void)output_size;
1216 (void)output_length;
1217
1218 return( PSA_ERROR_INVALID_ARGUMENT );
1219 }
1220
psa_driver_wrapper_cipher_finish(psa_cipher_operation_t * operation,uint8_t * output,size_t output_size,size_t * output_length)1221 psa_status_t psa_driver_wrapper_cipher_finish(
1222 psa_cipher_operation_t *operation,
1223 uint8_t *output,
1224 size_t output_size,
1225 size_t *output_length )
1226 {
1227 switch( operation->id )
1228 {
1229 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1230 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1231 return( mbedtls_psa_cipher_finish( &operation->ctx.mbedtls_ctx,
1232 output,
1233 output_size,
1234 output_length ) );
1235 #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1236
1237 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1238 #if defined(PSA_CRYPTO_DRIVER_TEST)
1239 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
1240 return( mbedtls_test_transparent_cipher_finish(
1241 &operation->ctx.transparent_test_driver_ctx,
1242 output, output_size, output_length ) );
1243
1244 case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
1245 return( mbedtls_test_opaque_cipher_finish(
1246 &operation->ctx.opaque_test_driver_ctx,
1247 output, output_size, output_length ) );
1248 #endif /* PSA_CRYPTO_DRIVER_TEST */
1249 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1250 }
1251
1252 (void)output;
1253 (void)output_size;
1254 (void)output_length;
1255
1256 return( PSA_ERROR_INVALID_ARGUMENT );
1257 }
1258
psa_driver_wrapper_cipher_abort(psa_cipher_operation_t * operation)1259 psa_status_t psa_driver_wrapper_cipher_abort(
1260 psa_cipher_operation_t *operation )
1261 {
1262 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1263
1264 switch( operation->id )
1265 {
1266 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1267 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1268 return( mbedtls_psa_cipher_abort( &operation->ctx.mbedtls_ctx ) );
1269 #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1270
1271 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1272 #if defined(PSA_CRYPTO_DRIVER_TEST)
1273 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
1274 status = mbedtls_test_transparent_cipher_abort(
1275 &operation->ctx.transparent_test_driver_ctx );
1276 mbedtls_platform_zeroize(
1277 &operation->ctx.transparent_test_driver_ctx,
1278 sizeof( operation->ctx.transparent_test_driver_ctx ) );
1279 return( status );
1280
1281 case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
1282 status = mbedtls_test_opaque_cipher_abort(
1283 &operation->ctx.opaque_test_driver_ctx );
1284 mbedtls_platform_zeroize(
1285 &operation->ctx.opaque_test_driver_ctx,
1286 sizeof( operation->ctx.opaque_test_driver_ctx ) );
1287 return( status );
1288 #endif /* PSA_CRYPTO_DRIVER_TEST */
1289 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1290 }
1291
1292 (void)status;
1293 return( PSA_ERROR_INVALID_ARGUMENT );
1294 }
1295
1296 /*
1297 * Hashing functions
1298 */
psa_driver_wrapper_hash_compute(psa_algorithm_t alg,const uint8_t * input,size_t input_length,uint8_t * hash,size_t hash_size,size_t * hash_length)1299 psa_status_t psa_driver_wrapper_hash_compute(
1300 psa_algorithm_t alg,
1301 const uint8_t *input,
1302 size_t input_length,
1303 uint8_t *hash,
1304 size_t hash_size,
1305 size_t *hash_length)
1306 {
1307 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1308
1309 /* Try accelerators first */
1310 #if defined(PSA_CRYPTO_DRIVER_TEST)
1311 status = mbedtls_test_transparent_hash_compute(
1312 alg, input, input_length, hash, hash_size, hash_length );
1313 if( status != PSA_ERROR_NOT_SUPPORTED )
1314 return( status );
1315 #endif
1316
1317 /* If software fallback is compiled in, try fallback */
1318 #if defined(MBEDTLS_PSA_BUILTIN_HASH)
1319 status = mbedtls_psa_hash_compute( alg, input, input_length,
1320 hash, hash_size, hash_length );
1321 if( status != PSA_ERROR_NOT_SUPPORTED )
1322 return( status );
1323 #endif
1324 (void) status;
1325 (void) alg;
1326 (void) input;
1327 (void) input_length;
1328 (void) hash;
1329 (void) hash_size;
1330 (void) hash_length;
1331
1332 return( PSA_ERROR_NOT_SUPPORTED );
1333 }
1334
psa_driver_wrapper_hash_setup(psa_hash_operation_t * operation,psa_algorithm_t alg)1335 psa_status_t psa_driver_wrapper_hash_setup(
1336 psa_hash_operation_t *operation,
1337 psa_algorithm_t alg )
1338 {
1339 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1340
1341 /* Try setup on accelerators first */
1342 #if defined(PSA_CRYPTO_DRIVER_TEST)
1343 status = mbedtls_test_transparent_hash_setup(
1344 &operation->ctx.test_driver_ctx, alg );
1345 if( status == PSA_SUCCESS )
1346 operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
1347
1348 if( status != PSA_ERROR_NOT_SUPPORTED )
1349 return( status );
1350 #endif
1351
1352 /* If software fallback is compiled in, try fallback */
1353 #if defined(MBEDTLS_PSA_BUILTIN_HASH)
1354 status = mbedtls_psa_hash_setup( &operation->ctx.mbedtls_ctx, alg );
1355 if( status == PSA_SUCCESS )
1356 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1357
1358 if( status != PSA_ERROR_NOT_SUPPORTED )
1359 return( status );
1360 #endif
1361 /* Nothing left to try if we fall through here */
1362 (void) status;
1363 (void) operation;
1364 (void) alg;
1365 return( PSA_ERROR_NOT_SUPPORTED );
1366 }
1367
psa_driver_wrapper_hash_clone(const psa_hash_operation_t * source_operation,psa_hash_operation_t * target_operation)1368 psa_status_t psa_driver_wrapper_hash_clone(
1369 const psa_hash_operation_t *source_operation,
1370 psa_hash_operation_t *target_operation )
1371 {
1372 switch( source_operation->id )
1373 {
1374 #if defined(MBEDTLS_PSA_BUILTIN_HASH)
1375 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1376 target_operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1377 return( mbedtls_psa_hash_clone( &source_operation->ctx.mbedtls_ctx,
1378 &target_operation->ctx.mbedtls_ctx ) );
1379 #endif
1380 #if defined(PSA_CRYPTO_DRIVER_TEST)
1381 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
1382 target_operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
1383 return( mbedtls_test_transparent_hash_clone(
1384 &source_operation->ctx.test_driver_ctx,
1385 &target_operation->ctx.test_driver_ctx ) );
1386 #endif
1387 default:
1388 (void) target_operation;
1389 return( PSA_ERROR_BAD_STATE );
1390 }
1391 }
1392
psa_driver_wrapper_hash_update(psa_hash_operation_t * operation,const uint8_t * input,size_t input_length)1393 psa_status_t psa_driver_wrapper_hash_update(
1394 psa_hash_operation_t *operation,
1395 const uint8_t *input,
1396 size_t input_length )
1397 {
1398 switch( operation->id )
1399 {
1400 #if defined(MBEDTLS_PSA_BUILTIN_HASH)
1401 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1402 return( mbedtls_psa_hash_update( &operation->ctx.mbedtls_ctx,
1403 input, input_length ) );
1404 #endif
1405 #if defined(PSA_CRYPTO_DRIVER_TEST)
1406 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
1407 return( mbedtls_test_transparent_hash_update(
1408 &operation->ctx.test_driver_ctx,
1409 input, input_length ) );
1410 #endif
1411 default:
1412 (void) input;
1413 (void) input_length;
1414 return( PSA_ERROR_BAD_STATE );
1415 }
1416 }
1417
psa_driver_wrapper_hash_finish(psa_hash_operation_t * operation,uint8_t * hash,size_t hash_size,size_t * hash_length)1418 psa_status_t psa_driver_wrapper_hash_finish(
1419 psa_hash_operation_t *operation,
1420 uint8_t *hash,
1421 size_t hash_size,
1422 size_t *hash_length )
1423 {
1424 switch( operation->id )
1425 {
1426 #if defined(MBEDTLS_PSA_BUILTIN_HASH)
1427 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1428 return( mbedtls_psa_hash_finish( &operation->ctx.mbedtls_ctx,
1429 hash, hash_size, hash_length ) );
1430 #endif
1431 #if defined(PSA_CRYPTO_DRIVER_TEST)
1432 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
1433 return( mbedtls_test_transparent_hash_finish(
1434 &operation->ctx.test_driver_ctx,
1435 hash, hash_size, hash_length ) );
1436 #endif
1437 default:
1438 (void) hash;
1439 (void) hash_size;
1440 (void) hash_length;
1441 return( PSA_ERROR_BAD_STATE );
1442 }
1443 }
1444
psa_driver_wrapper_hash_abort(psa_hash_operation_t * operation)1445 psa_status_t psa_driver_wrapper_hash_abort(
1446 psa_hash_operation_t *operation )
1447 {
1448 switch( operation->id )
1449 {
1450 #if defined(MBEDTLS_PSA_BUILTIN_HASH)
1451 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1452 return( mbedtls_psa_hash_abort( &operation->ctx.mbedtls_ctx ) );
1453 #endif
1454 #if defined(PSA_CRYPTO_DRIVER_TEST)
1455 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
1456 return( mbedtls_test_transparent_hash_abort(
1457 &operation->ctx.test_driver_ctx ) );
1458 #endif
1459 default:
1460 return( PSA_ERROR_BAD_STATE );
1461 }
1462 }
1463
psa_driver_wrapper_aead_encrypt(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * nonce,size_t nonce_length,const uint8_t * additional_data,size_t additional_data_length,const uint8_t * plaintext,size_t plaintext_length,uint8_t * ciphertext,size_t ciphertext_size,size_t * ciphertext_length)1464 psa_status_t psa_driver_wrapper_aead_encrypt(
1465 const psa_key_attributes_t *attributes,
1466 const uint8_t *key_buffer, size_t key_buffer_size,
1467 psa_algorithm_t alg,
1468 const uint8_t *nonce, size_t nonce_length,
1469 const uint8_t *additional_data, size_t additional_data_length,
1470 const uint8_t *plaintext, size_t plaintext_length,
1471 uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length )
1472 {
1473 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1474 psa_key_location_t location =
1475 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1476
1477 switch( location )
1478 {
1479 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1480 /* Key is stored in the slot in export representation, so
1481 * cycle through all known transparent accelerators */
1482
1483 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1484 #if defined(PSA_CRYPTO_DRIVER_TEST)
1485 status = mbedtls_test_transparent_aead_encrypt(
1486 attributes, key_buffer, key_buffer_size,
1487 alg,
1488 nonce, nonce_length,
1489 additional_data, additional_data_length,
1490 plaintext, plaintext_length,
1491 ciphertext, ciphertext_size, ciphertext_length );
1492 /* Declared with fallback == true */
1493 if( status != PSA_ERROR_NOT_SUPPORTED )
1494 return( status );
1495 #endif /* PSA_CRYPTO_DRIVER_TEST */
1496 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1497
1498 /* Fell through, meaning no accelerator supports this operation */
1499 return( mbedtls_psa_aead_encrypt(
1500 attributes, key_buffer, key_buffer_size,
1501 alg,
1502 nonce, nonce_length,
1503 additional_data, additional_data_length,
1504 plaintext, plaintext_length,
1505 ciphertext, ciphertext_size, ciphertext_length ) );
1506
1507 /* Add cases for opaque driver here */
1508
1509 default:
1510 /* Key is declared with a lifetime not known to us */
1511 (void)status;
1512 return( PSA_ERROR_INVALID_ARGUMENT );
1513 }
1514 }
1515
psa_driver_wrapper_aead_decrypt(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * nonce,size_t nonce_length,const uint8_t * additional_data,size_t additional_data_length,const uint8_t * ciphertext,size_t ciphertext_length,uint8_t * plaintext,size_t plaintext_size,size_t * plaintext_length)1516 psa_status_t psa_driver_wrapper_aead_decrypt(
1517 const psa_key_attributes_t *attributes,
1518 const uint8_t *key_buffer, size_t key_buffer_size,
1519 psa_algorithm_t alg,
1520 const uint8_t *nonce, size_t nonce_length,
1521 const uint8_t *additional_data, size_t additional_data_length,
1522 const uint8_t *ciphertext, size_t ciphertext_length,
1523 uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length )
1524 {
1525 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1526 psa_key_location_t location =
1527 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1528
1529 switch( location )
1530 {
1531 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1532 /* Key is stored in the slot in export representation, so
1533 * cycle through all known transparent accelerators */
1534
1535 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1536 #if defined(PSA_CRYPTO_DRIVER_TEST)
1537 status = mbedtls_test_transparent_aead_decrypt(
1538 attributes, key_buffer, key_buffer_size,
1539 alg,
1540 nonce, nonce_length,
1541 additional_data, additional_data_length,
1542 ciphertext, ciphertext_length,
1543 plaintext, plaintext_size, plaintext_length );
1544 /* Declared with fallback == true */
1545 if( status != PSA_ERROR_NOT_SUPPORTED )
1546 return( status );
1547 #endif /* PSA_CRYPTO_DRIVER_TEST */
1548 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1549
1550 /* Fell through, meaning no accelerator supports this operation */
1551 return( mbedtls_psa_aead_decrypt(
1552 attributes, key_buffer, key_buffer_size,
1553 alg,
1554 nonce, nonce_length,
1555 additional_data, additional_data_length,
1556 ciphertext, ciphertext_length,
1557 plaintext, plaintext_size, plaintext_length ) );
1558
1559 /* Add cases for opaque driver here */
1560
1561 default:
1562 /* Key is declared with a lifetime not known to us */
1563 (void)status;
1564 return( PSA_ERROR_INVALID_ARGUMENT );
1565 }
1566 }
1567
psa_driver_wrapper_aead_encrypt_setup(psa_aead_operation_t * operation,const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg)1568 psa_status_t psa_driver_wrapper_aead_encrypt_setup(
1569 psa_aead_operation_t *operation,
1570 const psa_key_attributes_t *attributes,
1571 const uint8_t *key_buffer, size_t key_buffer_size,
1572 psa_algorithm_t alg )
1573 {
1574 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1575 psa_key_location_t location =
1576 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1577
1578 switch( location )
1579 {
1580 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1581 /* Key is stored in the slot in export representation, so
1582 * cycle through all known transparent accelerators */
1583
1584 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1585 #if defined(PSA_CRYPTO_DRIVER_TEST)
1586 operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
1587 status = mbedtls_test_transparent_aead_encrypt_setup(
1588 &operation->ctx.transparent_test_driver_ctx,
1589 attributes, key_buffer, key_buffer_size,
1590 alg );
1591
1592 /* Declared with fallback == true */
1593 if( status != PSA_ERROR_NOT_SUPPORTED )
1594 return( status );
1595 #endif /* PSA_CRYPTO_DRIVER_TEST */
1596 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1597
1598 /* Fell through, meaning no accelerator supports this operation */
1599 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1600 status = mbedtls_psa_aead_encrypt_setup(
1601 &operation->ctx.mbedtls_ctx, attributes,
1602 key_buffer, key_buffer_size,
1603 alg );
1604
1605 return( status );
1606
1607 /* Add cases for opaque driver here */
1608
1609 default:
1610 /* Key is declared with a lifetime not known to us */
1611 (void)status;
1612 return( PSA_ERROR_INVALID_ARGUMENT );
1613 }
1614 }
1615
psa_driver_wrapper_aead_decrypt_setup(psa_aead_operation_t * operation,const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg)1616 psa_status_t psa_driver_wrapper_aead_decrypt_setup(
1617 psa_aead_operation_t *operation,
1618 const psa_key_attributes_t *attributes,
1619 const uint8_t *key_buffer, size_t key_buffer_size,
1620 psa_algorithm_t alg )
1621 {
1622 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1623 psa_key_location_t location =
1624 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1625
1626 switch( location )
1627 {
1628 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1629 /* Key is stored in the slot in export representation, so
1630 * cycle through all known transparent accelerators */
1631
1632 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1633 #if defined(PSA_CRYPTO_DRIVER_TEST)
1634 operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
1635 status = mbedtls_test_transparent_aead_decrypt_setup(
1636 &operation->ctx.transparent_test_driver_ctx,
1637 attributes,
1638 key_buffer, key_buffer_size,
1639 alg );
1640
1641 /* Declared with fallback == true */
1642 if( status != PSA_ERROR_NOT_SUPPORTED )
1643 return( status );
1644 #endif /* PSA_CRYPTO_DRIVER_TEST */
1645 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1646
1647 /* Fell through, meaning no accelerator supports this operation */
1648 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1649 status = mbedtls_psa_aead_decrypt_setup(
1650 &operation->ctx.mbedtls_ctx,
1651 attributes,
1652 key_buffer, key_buffer_size,
1653 alg );
1654
1655 return( status );
1656
1657 /* Add cases for opaque driver here */
1658
1659 default:
1660 /* Key is declared with a lifetime not known to us */
1661 (void)status;
1662 return( PSA_ERROR_INVALID_ARGUMENT );
1663 }
1664 }
1665
psa_driver_wrapper_aead_set_nonce(psa_aead_operation_t * operation,const uint8_t * nonce,size_t nonce_length)1666 psa_status_t psa_driver_wrapper_aead_set_nonce(
1667 psa_aead_operation_t *operation,
1668 const uint8_t *nonce,
1669 size_t nonce_length )
1670 {
1671 switch( operation->id )
1672 {
1673 #if defined(MBEDTLS_PSA_BUILTIN_AEAD)
1674 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1675 return( mbedtls_psa_aead_set_nonce( &operation->ctx.mbedtls_ctx,
1676 nonce,
1677 nonce_length ) );
1678
1679 #endif /* MBEDTLS_PSA_BUILTIN_AEAD */
1680
1681 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1682 #if defined(PSA_CRYPTO_DRIVER_TEST)
1683 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
1684 return( mbedtls_test_transparent_aead_set_nonce(
1685 &operation->ctx.transparent_test_driver_ctx,
1686 nonce, nonce_length ) );
1687
1688 /* Add cases for opaque driver here */
1689
1690 #endif /* PSA_CRYPTO_DRIVER_TEST */
1691 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1692 }
1693
1694 (void)nonce;
1695 (void)nonce_length;
1696
1697 return( PSA_ERROR_INVALID_ARGUMENT );
1698 }
1699
psa_driver_wrapper_aead_set_lengths(psa_aead_operation_t * operation,size_t ad_length,size_t plaintext_length)1700 psa_status_t psa_driver_wrapper_aead_set_lengths(
1701 psa_aead_operation_t *operation,
1702 size_t ad_length,
1703 size_t plaintext_length )
1704 {
1705 switch( operation->id )
1706 {
1707 #if defined(MBEDTLS_PSA_BUILTIN_AEAD)
1708 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1709 return( mbedtls_psa_aead_set_lengths( &operation->ctx.mbedtls_ctx,
1710 ad_length,
1711 plaintext_length ) );
1712
1713 #endif /* MBEDTLS_PSA_BUILTIN_AEAD */
1714
1715 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1716 #if defined(PSA_CRYPTO_DRIVER_TEST)
1717 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
1718 return( mbedtls_test_transparent_aead_set_lengths(
1719 &operation->ctx.transparent_test_driver_ctx,
1720 ad_length, plaintext_length ) );
1721
1722 /* Add cases for opaque driver here */
1723
1724 #endif /* PSA_CRYPTO_DRIVER_TEST */
1725 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1726 }
1727
1728 (void)ad_length;
1729 (void)plaintext_length;
1730
1731 return( PSA_ERROR_INVALID_ARGUMENT );
1732 }
1733
psa_driver_wrapper_aead_update_ad(psa_aead_operation_t * operation,const uint8_t * input,size_t input_length)1734 psa_status_t psa_driver_wrapper_aead_update_ad(
1735 psa_aead_operation_t *operation,
1736 const uint8_t *input,
1737 size_t input_length )
1738 {
1739 switch( operation->id )
1740 {
1741 #if defined(MBEDTLS_PSA_BUILTIN_AEAD)
1742 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1743 return( mbedtls_psa_aead_update_ad( &operation->ctx.mbedtls_ctx,
1744 input,
1745 input_length ) );
1746
1747 #endif /* MBEDTLS_PSA_BUILTIN_AEAD */
1748
1749 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1750 #if defined(PSA_CRYPTO_DRIVER_TEST)
1751 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
1752 return( mbedtls_test_transparent_aead_update_ad(
1753 &operation->ctx.transparent_test_driver_ctx,
1754 input, input_length ) );
1755
1756 /* Add cases for opaque driver here */
1757
1758 #endif /* PSA_CRYPTO_DRIVER_TEST */
1759 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1760 }
1761
1762 (void)input;
1763 (void)input_length;
1764
1765 return( PSA_ERROR_INVALID_ARGUMENT );
1766 }
1767
psa_driver_wrapper_aead_update(psa_aead_operation_t * operation,const uint8_t * input,size_t input_length,uint8_t * output,size_t output_size,size_t * output_length)1768 psa_status_t psa_driver_wrapper_aead_update(
1769 psa_aead_operation_t *operation,
1770 const uint8_t *input,
1771 size_t input_length,
1772 uint8_t *output,
1773 size_t output_size,
1774 size_t *output_length )
1775 {
1776 switch( operation->id )
1777 {
1778 #if defined(MBEDTLS_PSA_BUILTIN_AEAD)
1779 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1780 return( mbedtls_psa_aead_update( &operation->ctx.mbedtls_ctx,
1781 input, input_length,
1782 output, output_size,
1783 output_length ) );
1784
1785 #endif /* MBEDTLS_PSA_BUILTIN_AEAD */
1786
1787 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1788 #if defined(PSA_CRYPTO_DRIVER_TEST)
1789 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
1790 return( mbedtls_test_transparent_aead_update(
1791 &operation->ctx.transparent_test_driver_ctx,
1792 input, input_length, output, output_size,
1793 output_length ) );
1794
1795 /* Add cases for opaque driver here */
1796
1797 #endif /* PSA_CRYPTO_DRIVER_TEST */
1798 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1799 }
1800
1801 (void)input;
1802 (void)input_length;
1803 (void)output;
1804 (void)output_size;
1805 (void)output_length;
1806
1807 return( PSA_ERROR_INVALID_ARGUMENT );
1808 }
1809
psa_driver_wrapper_aead_finish(psa_aead_operation_t * operation,uint8_t * ciphertext,size_t ciphertext_size,size_t * ciphertext_length,uint8_t * tag,size_t tag_size,size_t * tag_length)1810 psa_status_t psa_driver_wrapper_aead_finish(
1811 psa_aead_operation_t *operation,
1812 uint8_t *ciphertext,
1813 size_t ciphertext_size,
1814 size_t *ciphertext_length,
1815 uint8_t *tag,
1816 size_t tag_size,
1817 size_t *tag_length )
1818 {
1819 switch( operation->id )
1820 {
1821 #if defined(MBEDTLS_PSA_BUILTIN_AEAD)
1822 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1823 return( mbedtls_psa_aead_finish( &operation->ctx.mbedtls_ctx,
1824 ciphertext,
1825 ciphertext_size,
1826 ciphertext_length, tag,
1827 tag_size, tag_length ) );
1828
1829 #endif /* MBEDTLS_PSA_BUILTIN_AEAD */
1830
1831 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1832 #if defined(PSA_CRYPTO_DRIVER_TEST)
1833 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
1834 return( mbedtls_test_transparent_aead_finish(
1835 &operation->ctx.transparent_test_driver_ctx,
1836 ciphertext, ciphertext_size,
1837 ciphertext_length, tag, tag_size, tag_length ) );
1838
1839 /* Add cases for opaque driver here */
1840
1841 #endif /* PSA_CRYPTO_DRIVER_TEST */
1842 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1843 }
1844
1845 (void)ciphertext;
1846 (void)ciphertext_size;
1847 (void)ciphertext_length;
1848 (void)tag;
1849 (void)tag_size;
1850 (void)tag_length;
1851
1852 return( PSA_ERROR_INVALID_ARGUMENT );
1853 }
1854
psa_driver_wrapper_aead_verify(psa_aead_operation_t * operation,uint8_t * plaintext,size_t plaintext_size,size_t * plaintext_length,const uint8_t * tag,size_t tag_length)1855 psa_status_t psa_driver_wrapper_aead_verify(
1856 psa_aead_operation_t *operation,
1857 uint8_t *plaintext,
1858 size_t plaintext_size,
1859 size_t *plaintext_length,
1860 const uint8_t *tag,
1861 size_t tag_length )
1862 {
1863 switch( operation->id )
1864 {
1865 #if defined(MBEDTLS_PSA_BUILTIN_AEAD)
1866 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1867 {
1868 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1869 uint8_t check_tag[PSA_AEAD_TAG_MAX_SIZE];
1870 size_t check_tag_length;
1871
1872 status = mbedtls_psa_aead_finish( &operation->ctx.mbedtls_ctx,
1873 plaintext,
1874 plaintext_size,
1875 plaintext_length,
1876 check_tag,
1877 sizeof( check_tag ),
1878 &check_tag_length );
1879
1880 if( status == PSA_SUCCESS )
1881 {
1882 if( tag_length != check_tag_length ||
1883 mbedtls_psa_safer_memcmp( tag, check_tag, tag_length )
1884 != 0 )
1885 status = PSA_ERROR_INVALID_SIGNATURE;
1886 }
1887
1888 mbedtls_platform_zeroize( check_tag, sizeof( check_tag ) );
1889
1890 return( status );
1891 }
1892
1893 #endif /* MBEDTLS_PSA_BUILTIN_AEAD */
1894
1895 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1896 #if defined(PSA_CRYPTO_DRIVER_TEST)
1897 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
1898 return( mbedtls_test_transparent_aead_verify(
1899 &operation->ctx.transparent_test_driver_ctx,
1900 plaintext, plaintext_size,
1901 plaintext_length, tag, tag_length ) );
1902
1903 /* Add cases for opaque driver here */
1904
1905 #endif /* PSA_CRYPTO_DRIVER_TEST */
1906 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1907 }
1908
1909 (void)plaintext;
1910 (void)plaintext_size;
1911 (void)plaintext_length;
1912 (void)tag;
1913 (void)tag_length;
1914
1915 return( PSA_ERROR_INVALID_ARGUMENT );
1916 }
1917
psa_driver_wrapper_aead_abort(psa_aead_operation_t * operation)1918 psa_status_t psa_driver_wrapper_aead_abort(
1919 psa_aead_operation_t *operation )
1920 {
1921 switch( operation->id )
1922 {
1923 #if defined(MBEDTLS_PSA_BUILTIN_AEAD)
1924 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1925 return( mbedtls_psa_aead_abort( &operation->ctx.mbedtls_ctx ) );
1926
1927 #endif /* MBEDTLS_PSA_BUILTIN_AEAD */
1928
1929 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1930 #if defined(PSA_CRYPTO_DRIVER_TEST)
1931 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
1932 return( mbedtls_test_transparent_aead_abort(
1933 &operation->ctx.transparent_test_driver_ctx ) );
1934
1935 /* Add cases for opaque driver here */
1936
1937 #endif /* PSA_CRYPTO_DRIVER_TEST */
1938 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1939 }
1940
1941 return( PSA_ERROR_INVALID_ARGUMENT );
1942 }
1943
1944 /*
1945 * MAC functions
1946 */
psa_driver_wrapper_mac_compute(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * input,size_t input_length,uint8_t * mac,size_t mac_size,size_t * mac_length)1947 psa_status_t psa_driver_wrapper_mac_compute(
1948 const psa_key_attributes_t *attributes,
1949 const uint8_t *key_buffer,
1950 size_t key_buffer_size,
1951 psa_algorithm_t alg,
1952 const uint8_t *input,
1953 size_t input_length,
1954 uint8_t *mac,
1955 size_t mac_size,
1956 size_t *mac_length )
1957 {
1958 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1959 psa_key_location_t location =
1960 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
1961
1962 switch( location )
1963 {
1964 case PSA_KEY_LOCATION_LOCAL_STORAGE:
1965 /* Key is stored in the slot in export representation, so
1966 * cycle through all known transparent accelerators */
1967 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1968 #if defined(PSA_CRYPTO_DRIVER_TEST)
1969 status = mbedtls_test_transparent_mac_compute(
1970 attributes, key_buffer, key_buffer_size, alg,
1971 input, input_length,
1972 mac, mac_size, mac_length );
1973 /* Declared with fallback == true */
1974 if( status != PSA_ERROR_NOT_SUPPORTED )
1975 return( status );
1976 #endif /* PSA_CRYPTO_DRIVER_TEST */
1977 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1978 #if defined(MBEDTLS_PSA_BUILTIN_MAC)
1979 /* Fell through, meaning no accelerator supports this operation */
1980 status = mbedtls_psa_mac_compute(
1981 attributes, key_buffer, key_buffer_size, alg,
1982 input, input_length,
1983 mac, mac_size, mac_length );
1984 if( status != PSA_ERROR_NOT_SUPPORTED )
1985 return( status );
1986 #endif /* MBEDTLS_PSA_BUILTIN_MAC */
1987 return( PSA_ERROR_NOT_SUPPORTED );
1988
1989 /* Add cases for opaque driver here */
1990 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1991 #if defined(PSA_CRYPTO_DRIVER_TEST)
1992 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
1993 status = mbedtls_test_opaque_mac_compute(
1994 attributes, key_buffer, key_buffer_size, alg,
1995 input, input_length,
1996 mac, mac_size, mac_length );
1997 return( status );
1998 #endif /* PSA_CRYPTO_DRIVER_TEST */
1999 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2000 default:
2001 /* Key is declared with a lifetime not known to us */
2002 (void) key_buffer;
2003 (void) key_buffer_size;
2004 (void) alg;
2005 (void) input;
2006 (void) input_length;
2007 (void) mac;
2008 (void) mac_size;
2009 (void) mac_length;
2010 (void) status;
2011 return( PSA_ERROR_INVALID_ARGUMENT );
2012 }
2013 }
2014
psa_driver_wrapper_mac_sign_setup(psa_mac_operation_t * operation,const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg)2015 psa_status_t psa_driver_wrapper_mac_sign_setup(
2016 psa_mac_operation_t *operation,
2017 const psa_key_attributes_t *attributes,
2018 const uint8_t *key_buffer,
2019 size_t key_buffer_size,
2020 psa_algorithm_t alg )
2021 {
2022 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2023 psa_key_location_t location =
2024 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
2025
2026 switch( location )
2027 {
2028 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2029 /* Key is stored in the slot in export representation, so
2030 * cycle through all known transparent accelerators */
2031 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2032 #if defined(PSA_CRYPTO_DRIVER_TEST)
2033 status = mbedtls_test_transparent_mac_sign_setup(
2034 &operation->ctx.transparent_test_driver_ctx,
2035 attributes,
2036 key_buffer, key_buffer_size,
2037 alg );
2038 /* Declared with fallback == true */
2039 if( status == PSA_SUCCESS )
2040 operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
2041
2042 if( status != PSA_ERROR_NOT_SUPPORTED )
2043 return( status );
2044 #endif /* PSA_CRYPTO_DRIVER_TEST */
2045 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2046 #if defined(MBEDTLS_PSA_BUILTIN_MAC)
2047 /* Fell through, meaning no accelerator supports this operation */
2048 status = mbedtls_psa_mac_sign_setup( &operation->ctx.mbedtls_ctx,
2049 attributes,
2050 key_buffer, key_buffer_size,
2051 alg );
2052 if( status == PSA_SUCCESS )
2053 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
2054
2055 if( status != PSA_ERROR_NOT_SUPPORTED )
2056 return( status );
2057 #endif /* MBEDTLS_PSA_BUILTIN_MAC */
2058 return( PSA_ERROR_NOT_SUPPORTED );
2059
2060 /* Add cases for opaque driver here */
2061 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2062 #if defined(PSA_CRYPTO_DRIVER_TEST)
2063 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2064 status = mbedtls_test_opaque_mac_sign_setup(
2065 &operation->ctx.opaque_test_driver_ctx,
2066 attributes,
2067 key_buffer, key_buffer_size,
2068 alg );
2069
2070 if( status == PSA_SUCCESS )
2071 operation->id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID;
2072
2073 return( status );
2074 #endif /* PSA_CRYPTO_DRIVER_TEST */
2075 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2076 default:
2077 /* Key is declared with a lifetime not known to us */
2078 (void) status;
2079 (void) key_buffer;
2080 (void) key_buffer_size;
2081 (void) alg;
2082 return( PSA_ERROR_INVALID_ARGUMENT );
2083 }
2084 }
2085
psa_driver_wrapper_mac_verify_setup(psa_mac_operation_t * operation,const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg)2086 psa_status_t psa_driver_wrapper_mac_verify_setup(
2087 psa_mac_operation_t *operation,
2088 const psa_key_attributes_t *attributes,
2089 const uint8_t *key_buffer,
2090 size_t key_buffer_size,
2091 psa_algorithm_t alg )
2092 {
2093 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2094 psa_key_location_t location =
2095 PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
2096
2097 switch( location )
2098 {
2099 case PSA_KEY_LOCATION_LOCAL_STORAGE:
2100 /* Key is stored in the slot in export representation, so
2101 * cycle through all known transparent accelerators */
2102 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2103 #if defined(PSA_CRYPTO_DRIVER_TEST)
2104 status = mbedtls_test_transparent_mac_verify_setup(
2105 &operation->ctx.transparent_test_driver_ctx,
2106 attributes,
2107 key_buffer, key_buffer_size,
2108 alg );
2109 /* Declared with fallback == true */
2110 if( status == PSA_SUCCESS )
2111 operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
2112
2113 if( status != PSA_ERROR_NOT_SUPPORTED )
2114 return( status );
2115 #endif /* PSA_CRYPTO_DRIVER_TEST */
2116 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2117 #if defined(MBEDTLS_PSA_BUILTIN_MAC)
2118 /* Fell through, meaning no accelerator supports this operation */
2119 status = mbedtls_psa_mac_verify_setup( &operation->ctx.mbedtls_ctx,
2120 attributes,
2121 key_buffer, key_buffer_size,
2122 alg );
2123 if( status == PSA_SUCCESS )
2124 operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
2125
2126 if( status != PSA_ERROR_NOT_SUPPORTED )
2127 return( status );
2128 #endif /* MBEDTLS_PSA_BUILTIN_MAC */
2129 return( PSA_ERROR_NOT_SUPPORTED );
2130
2131 /* Add cases for opaque driver here */
2132 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2133 #if defined(PSA_CRYPTO_DRIVER_TEST)
2134 case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2135 status = mbedtls_test_opaque_mac_verify_setup(
2136 &operation->ctx.opaque_test_driver_ctx,
2137 attributes,
2138 key_buffer, key_buffer_size,
2139 alg );
2140
2141 if( status == PSA_SUCCESS )
2142 operation->id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID;
2143
2144 return( status );
2145 #endif /* PSA_CRYPTO_DRIVER_TEST */
2146 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2147 default:
2148 /* Key is declared with a lifetime not known to us */
2149 (void) status;
2150 (void) key_buffer;
2151 (void) key_buffer_size;
2152 (void) alg;
2153 return( PSA_ERROR_INVALID_ARGUMENT );
2154 }
2155 }
2156
psa_driver_wrapper_mac_update(psa_mac_operation_t * operation,const uint8_t * input,size_t input_length)2157 psa_status_t psa_driver_wrapper_mac_update(
2158 psa_mac_operation_t *operation,
2159 const uint8_t *input,
2160 size_t input_length )
2161 {
2162 switch( operation->id )
2163 {
2164 #if defined(MBEDTLS_PSA_BUILTIN_MAC)
2165 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2166 return( mbedtls_psa_mac_update( &operation->ctx.mbedtls_ctx,
2167 input, input_length ) );
2168 #endif /* MBEDTLS_PSA_BUILTIN_MAC */
2169
2170 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2171 #if defined(PSA_CRYPTO_DRIVER_TEST)
2172 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
2173 return( mbedtls_test_transparent_mac_update(
2174 &operation->ctx.transparent_test_driver_ctx,
2175 input, input_length ) );
2176
2177 case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
2178 return( mbedtls_test_opaque_mac_update(
2179 &operation->ctx.opaque_test_driver_ctx,
2180 input, input_length ) );
2181 #endif /* PSA_CRYPTO_DRIVER_TEST */
2182 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2183 default:
2184 (void) input;
2185 (void) input_length;
2186 return( PSA_ERROR_INVALID_ARGUMENT );
2187 }
2188 }
2189
psa_driver_wrapper_mac_sign_finish(psa_mac_operation_t * operation,uint8_t * mac,size_t mac_size,size_t * mac_length)2190 psa_status_t psa_driver_wrapper_mac_sign_finish(
2191 psa_mac_operation_t *operation,
2192 uint8_t *mac,
2193 size_t mac_size,
2194 size_t *mac_length )
2195 {
2196 switch( operation->id )
2197 {
2198 #if defined(MBEDTLS_PSA_BUILTIN_MAC)
2199 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2200 return( mbedtls_psa_mac_sign_finish( &operation->ctx.mbedtls_ctx,
2201 mac, mac_size, mac_length ) );
2202 #endif /* MBEDTLS_PSA_BUILTIN_MAC */
2203
2204 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2205 #if defined(PSA_CRYPTO_DRIVER_TEST)
2206 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
2207 return( mbedtls_test_transparent_mac_sign_finish(
2208 &operation->ctx.transparent_test_driver_ctx,
2209 mac, mac_size, mac_length ) );
2210
2211 case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
2212 return( mbedtls_test_opaque_mac_sign_finish(
2213 &operation->ctx.opaque_test_driver_ctx,
2214 mac, mac_size, mac_length ) );
2215 #endif /* PSA_CRYPTO_DRIVER_TEST */
2216 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2217 default:
2218 (void) mac;
2219 (void) mac_size;
2220 (void) mac_length;
2221 return( PSA_ERROR_INVALID_ARGUMENT );
2222 }
2223 }
2224
psa_driver_wrapper_mac_verify_finish(psa_mac_operation_t * operation,const uint8_t * mac,size_t mac_length)2225 psa_status_t psa_driver_wrapper_mac_verify_finish(
2226 psa_mac_operation_t *operation,
2227 const uint8_t *mac,
2228 size_t mac_length )
2229 {
2230 switch( operation->id )
2231 {
2232 #if defined(MBEDTLS_PSA_BUILTIN_MAC)
2233 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2234 return( mbedtls_psa_mac_verify_finish( &operation->ctx.mbedtls_ctx,
2235 mac, mac_length ) );
2236 #endif /* MBEDTLS_PSA_BUILTIN_MAC */
2237
2238 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2239 #if defined(PSA_CRYPTO_DRIVER_TEST)
2240 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
2241 return( mbedtls_test_transparent_mac_verify_finish(
2242 &operation->ctx.transparent_test_driver_ctx,
2243 mac, mac_length ) );
2244
2245 case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
2246 return( mbedtls_test_opaque_mac_verify_finish(
2247 &operation->ctx.opaque_test_driver_ctx,
2248 mac, mac_length ) );
2249 #endif /* PSA_CRYPTO_DRIVER_TEST */
2250 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2251 default:
2252 (void) mac;
2253 (void) mac_length;
2254 return( PSA_ERROR_INVALID_ARGUMENT );
2255 }
2256 }
2257
psa_driver_wrapper_mac_abort(psa_mac_operation_t * operation)2258 psa_status_t psa_driver_wrapper_mac_abort(
2259 psa_mac_operation_t *operation )
2260 {
2261 switch( operation->id )
2262 {
2263 #if defined(MBEDTLS_PSA_BUILTIN_MAC)
2264 case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2265 return( mbedtls_psa_mac_abort( &operation->ctx.mbedtls_ctx ) );
2266 #endif /* MBEDTLS_PSA_BUILTIN_MAC */
2267
2268 #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2269 #if defined(PSA_CRYPTO_DRIVER_TEST)
2270 case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
2271 return( mbedtls_test_transparent_mac_abort(
2272 &operation->ctx.transparent_test_driver_ctx ) );
2273 case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
2274 return( mbedtls_test_opaque_mac_abort(
2275 &operation->ctx.opaque_test_driver_ctx ) );
2276 #endif /* PSA_CRYPTO_DRIVER_TEST */
2277 #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2278 default:
2279 return( PSA_ERROR_INVALID_ARGUMENT );
2280 }
2281 }
2282
2283 #endif /* MBEDTLS_PSA_CRYPTO_C */
2284