yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-23 12:15:42 +01:00
Code Issues Packages Projects Releases Wiki Activity
1a0fbacde1
mbedtls/library/psa_crypto_driver_wrappers.c
Steven Cooreman 1a0fbacde1 Refactor opaque key handling in the test driver 
Builtin key support for the test driver is always compiled in, and no
  longer guarded by MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS.
Parsing the key slot from the buffer by cast and assign instead of memcmp.
For exporting keys, the test driver no longer reaches into the key
  identifier in order to check whether a key is builtin, but rather
  assumes so based on the key buffer length. It's the driver's
  responsibility to be able to detect the key material it returned as part
  of the get_builtin_key operation.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-04-15 15:06:52 +02:00

1319 lines
50 KiB
C
Raw Blame History

/*
* Functions to delegate cryptographic operations to an available
* and appropriate accelerator.
* Warning: This file will be auto-generated in the future.
*/
/* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "psa_crypto_aead.h"
#include "psa_crypto_cipher.h"
#include "psa_crypto_core.h"
#include "psa_crypto_driver_wrappers.h"
#include "psa_crypto_hash.h"
#include "mbedtls/platform.h"
#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS)
/* Include test driver definition when running tests */
#if defined(PSA_CRYPTO_DRIVER_TEST)
#ifndef PSA_CRYPTO_DRIVER_PRESENT
#define PSA_CRYPTO_DRIVER_PRESENT
#endif
#ifndef PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT
#define PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT
#endif
#include "test/drivers/test_driver.h"
#endif /* PSA_CRYPTO_DRIVER_TEST */
/* Repeat above block for each JSON-declared driver during autogeneration */
#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS */
/* Auto-generated values depending on which drivers are registered.
* ID 0 is reserved for unallocated operations.
* ID 1 is reserved for the Mbed TLS software driver. */
#define PSA_CRYPTO_MBED_TLS_DRIVER_ID (1)
#if defined(PSA_CRYPTO_DRIVER_TEST)
#define PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID (2)
#define PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID (3)
#endif /* PSA_CRYPTO_DRIVER_TEST */
/* Support the 'old' SE interface when asked to */
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
/* PSA_CRYPTO_DRIVER_PRESENT is defined when either a new-style or old-style
* SE driver is present, to avoid unused argument errors at compile time. */
#ifndef PSA_CRYPTO_DRIVER_PRESENT
#define PSA_CRYPTO_DRIVER_PRESENT
#endif
#include "psa_crypto_se.h"
#endif
/* Start delegation functions */
psa_status_t psa_driver_wrapper_sign_hash(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
uint8_t *signature, size_t signature_size, size_t *signature_length )
{
/* Try dynamically-registered SE interface first */
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
const psa_drv_se_t *drv;
psa_drv_se_context_t *drv_context;
if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
{
if( drv->asymmetric == NULL ||
drv->asymmetric->p_sign == NULL )
{
/* Key is defined in SE, but we have no way to exercise it */
return( PSA_ERROR_NOT_SUPPORTED );
}
return( drv->asymmetric->p_sign(
drv_context, *( (psa_key_slot_number_t *)key_buffer ),
alg, hash, hash_length,
signature, signature_size, signature_length ) );
}
#endif /* PSA_CRYPTO_SE_C */
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_location_t location =
PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
switch( location )
{
case PSA_KEY_LOCATION_LOCAL_STORAGE:
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
status = test_transparent_signature_sign_hash( attributes,
key_buffer,
key_buffer_size,
alg,
hash,
hash_length,
signature,
signature_size,
signature_length );
/* Declared with fallback == true */
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
/* Fell through, meaning no accelerator supports this operation */
return( psa_sign_hash_internal( attributes,
key_buffer,
key_buffer_size,
alg,
hash,
hash_length,
signature,
signature_size,
signature_length ) );
/* Add cases for opaque driver here */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
return( test_opaque_signature_sign_hash( attributes,
key_buffer,
key_buffer_size,
alg,
hash,
hash_length,
signature,
signature_size,
signature_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
default:
/* Key is declared with a lifetime not known to us */
(void)status;
return( PSA_ERROR_INVALID_ARGUMENT );
}
}
psa_status_t psa_driver_wrapper_verify_hash(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
const uint8_t *signature, size_t signature_length )
{
/* Try dynamically-registered SE interface first */
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
const psa_drv_se_t *drv;
psa_drv_se_context_t *drv_context;
if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
{
if( drv->asymmetric == NULL ||
drv->asymmetric->p_verify == NULL )
{
/* Key is defined in SE, but we have no way to exercise it */
return( PSA_ERROR_NOT_SUPPORTED );
}
return( drv->asymmetric->p_verify(
drv_context, *( (psa_key_slot_number_t *)key_buffer ),
alg, hash, hash_length,
signature, signature_length ) );
}
#endif /* PSA_CRYPTO_SE_C */
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_location_t location =
PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
switch( location )
{
case PSA_KEY_LOCATION_LOCAL_STORAGE:
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
status = test_transparent_signature_verify_hash( attributes,
key_buffer,
key_buffer_size,
alg,
hash,
hash_length,
signature,
signature_length );
/* Declared with fallback == true */
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
return( psa_verify_hash_internal( attributes,
key_buffer,
key_buffer_size,
alg,
hash,
hash_length,
signature,
signature_length ) );
/* Add cases for opaque driver here */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
return( test_opaque_signature_verify_hash( attributes,
key_buffer,
key_buffer_size,
alg,
hash,
hash_length,
signature,
signature_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
default:
/* Key is declared with a lifetime not known to us */
(void)status;
return( PSA_ERROR_INVALID_ARGUMENT );
}
}
/** Get the key buffer size for the key material of a generated key in the
* case of an opaque driver without storage.
*
* \param[in] attributes The key attributes.
* \param[out] key_buffer_size Minimum buffer size to contain the key material
*
* \retval #PSA_SUCCESS
* The minimum size for a buffer to contain the key material has been
* returned successfully.
* \retval #PSA_ERROR_INVALID_ARGUMENT
* The size in bits of the key is not valid.
* \retval #PSA_ERROR_NOT_SUPPORTED
* The type and/or the size in bits of the key or the combination of
* the two is not supported.
*/
psa_status_t psa_driver_wrapper_get_key_buffer_size(
const psa_key_attributes_t *attributes,
size_t *key_buffer_size )
{
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
psa_key_type_t key_type = attributes->core.type;
size_t key_bits = attributes->core.bits;
*key_buffer_size = 0;
switch( location )
{
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
#if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
/* Emulate property 'builtin_key_size' */
if( psa_key_id_is_builtin(
MBEDTLS_SVC_KEY_ID_GET_KEY_ID(
psa_get_key_id( attributes ) ) ) )
{
*key_buffer_size = sizeof( psa_drv_slot_number_t );
return( PSA_SUCCESS );
}
#endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
#ifdef TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION
*key_buffer_size = test_size_function( key_type, key_bits );
return( PSA_SUCCESS );
#else /* TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION */
if( PSA_KEY_TYPE_IS_KEY_PAIR( key_type ) )
{
int public_key_overhead =
( ( TEST_DRIVER_KEY_CONTEXT_STORE_PUBLIC_KEY == 1 ) ?
PSA_EXPORT_KEY_OUTPUT_SIZE( key_type, key_bits ) : 0 );
*key_buffer_size = TEST_DRIVER_KEY_CONTEXT_BASE_SIZE
+ TEST_DRIVER_KEY_CONTEXT_PUBLIC_KEY_SIZE
+ public_key_overhead;
}
else if( PSA_KEY_TYPE_IS_PUBLIC_KEY( key_type ) )
{
*key_buffer_size = TEST_DRIVER_KEY_CONTEXT_BASE_SIZE
+ TEST_DRIVER_KEY_CONTEXT_PUBLIC_KEY_SIZE;
}
else if ( !PSA_KEY_TYPE_IS_KEY_PAIR( key_type ) &&
!PSA_KEY_TYPE_IS_PUBLIC_KEY ( key_type ) )
{
*key_buffer_size = TEST_DRIVER_KEY_CONTEXT_BASE_SIZE
+ TEST_DRIVER_KEY_CONTEXT_SYMMETRIC_FACTOR
* ( ( key_bits + 7 ) / 8 );
}
else
{
return( PSA_ERROR_NOT_SUPPORTED );
}
return( PSA_SUCCESS );
#endif /* TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION */
#endif /* PSA_CRYPTO_DRIVER_TEST */
default:
(void)key_type;
(void)key_bits;
return( PSA_ERROR_NOT_SUPPORTED );
}
}
psa_status_t psa_driver_wrapper_generate_key(
const psa_key_attributes_t *attributes,
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_location_t location =
PSA_KEY_LIFETIME_GET_LOCATION(attributes->core.lifetime);
/* Try dynamically-registered SE interface first */
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
const psa_drv_se_t *drv;
psa_drv_se_context_t *drv_context;
if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
{
size_t pubkey_length = 0; /* We don't support this feature yet */
if( drv->key_management == NULL ||
drv->key_management->p_generate == NULL )
{
/* Key is defined as being in SE, but we have no way to generate it */
return( PSA_ERROR_NOT_SUPPORTED );
}
return( drv->key_management->p_generate(
drv_context,
*( (psa_key_slot_number_t *)key_buffer ),
attributes, NULL, 0, &pubkey_length ) );
}
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
switch( location )
{
case PSA_KEY_LOCATION_LOCAL_STORAGE:
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
/* Transparent drivers are limited to generating asymmetric keys */
if( PSA_KEY_TYPE_IS_ASYMMETRIC( attributes->core.type ) )
{
/* Cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_DRIVER_TEST)
status = test_transparent_generate_key(
attributes, key_buffer, key_buffer_size,
key_buffer_length );
/* Declared with fallback == true */
if( status != PSA_ERROR_NOT_SUPPORTED )
break;
#endif /* PSA_CRYPTO_DRIVER_TEST */
}
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
/* Software fallback */
status = psa_generate_key_internal(
attributes, key_buffer, key_buffer_size, key_buffer_length );
break;
/* Add cases for opaque driver here */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
status = test_opaque_generate_key(
attributes, key_buffer, key_buffer_size, key_buffer_length );
break;
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
default:
/* Key is declared with a lifetime not known to us */
status = PSA_ERROR_INVALID_ARGUMENT;
break;
}
return( status );
}
psa_status_t psa_driver_wrapper_import_key(
const psa_key_attributes_t *attributes,
const uint8_t *data,
size_t data_length,
uint8_t *key_buffer,
size_t key_buffer_size,
size_t *key_buffer_length,
size_t *bits )
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
psa_get_key_lifetime( attributes ) );
/* Try dynamically-registered SE interface first */
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
const psa_drv_se_t *drv;
psa_drv_se_context_t *drv_context;
if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
{
if( drv->key_management == NULL ||
drv->key_management->p_import == NULL )
return( PSA_ERROR_NOT_SUPPORTED );
/* The driver should set the number of key bits, however in
* case it doesn't, we initialize bits to an invalid value. */
*bits = PSA_MAX_KEY_BITS + 1;
status = drv->key_management->p_import(
drv_context,
*( (psa_key_slot_number_t *)key_buffer ),
attributes, data, data_length, bits );
if( status != PSA_SUCCESS )
return( status );
if( (*bits) > PSA_MAX_KEY_BITS )
return( PSA_ERROR_NOT_SUPPORTED );
return( PSA_SUCCESS );
}
#endif /* PSA_CRYPTO_SE_C */
switch( location )
{
case PSA_KEY_LOCATION_LOCAL_STORAGE:
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
status = test_transparent_import_key( attributes,
data, data_length,
key_buffer, key_buffer_size,
key_buffer_length, bits );
/* Declared with fallback == true */
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
/* Fell through, meaning no accelerator supports this operation */
return( psa_import_key_into_slot( attributes,
data, data_length,
key_buffer, key_buffer_size,
key_buffer_length, bits ) );
default:
/* Importing a key with external storage in not yet supported.
* Return in error indicating that the lifetime is not valid. */
(void)status;
return( PSA_ERROR_INVALID_ARGUMENT );
}
}
psa_status_t psa_driver_wrapper_export_key(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
uint8_t *data, size_t data_size, size_t *data_length )
{
psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
psa_get_key_lifetime( attributes ) );
/* Try dynamically-registered SE interface first */
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
const psa_drv_se_t *drv;
psa_drv_se_context_t *drv_context;
if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
{
if( ( drv->key_management == NULL ) ||
( drv->key_management->p_export == NULL ) )
{
return( PSA_ERROR_NOT_SUPPORTED );
}
return( drv->key_management->p_export(
drv_context,
*( (psa_key_slot_number_t *)key_buffer ),
data, data_size, data_length ) );
}
#endif /* PSA_CRYPTO_SE_C */
switch( location )
{
case PSA_KEY_LOCATION_LOCAL_STORAGE:
return( psa_export_key_internal( attributes,
key_buffer,
key_buffer_size,
data,
data_size,
data_length ) );
/* Add cases for opaque driver here */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
return( test_opaque_export_key( attributes,
key_buffer,
key_buffer_size,
data,
data_size,
data_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
default:
/* Key is declared with a lifetime not known to us */
return( status );
}
}
psa_status_t psa_driver_wrapper_export_public_key(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
uint8_t *data, size_t data_size, size_t *data_length )
{
psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
psa_get_key_lifetime( attributes ) );
/* Try dynamically-registered SE interface first */
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
const psa_drv_se_t *drv;
psa_drv_se_context_t *drv_context;
if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
{
if( ( drv->key_management == NULL ) ||
( drv->key_management->p_export_public == NULL ) )
{
return( PSA_ERROR_NOT_SUPPORTED );
}
return( drv->key_management->p_export_public(
drv_context,
*( (psa_key_slot_number_t *)key_buffer ),
data, data_size, data_length ) );
}
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
switch( location )
{
case PSA_KEY_LOCATION_LOCAL_STORAGE:
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
status = test_transparent_export_public_key( attributes,
key_buffer,
key_buffer_size,
data,
data_size,
data_length );
/* Declared with fallback == true */
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
/* Fell through, meaning no accelerator supports this operation */
return( psa_export_public_key_internal( attributes,
key_buffer,
key_buffer_size,
data,
data_size,
data_length ) );
/* Add cases for opaque driver here */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
return( test_opaque_export_public_key( attributes,
key_buffer,
key_buffer_size,
data,
data_size,
data_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
default:
/* Key is declared with a lifetime not known to us */
return( status );
}
}
psa_status_t psa_driver_wrapper_get_builtin_key(
psa_drv_slot_number_t slot_number,
psa_key_attributes_t *attributes,
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
{
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
switch( location )
{
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
return( test_opaque_get_builtin_key(
slot_number,
attributes,
key_buffer, key_buffer_size, key_buffer_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
default:
(void) slot_number;
(void) key_buffer;
(void) key_buffer_size;
(void) key_buffer_length;
return( PSA_ERROR_DOES_NOT_EXIST );
}
}
/*
* Cipher functions
*/
psa_status_t psa_driver_wrapper_cipher_encrypt(
psa_key_slot_t *slot,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
uint8_t *output,
size_t output_size,
size_t *output_length )
{
#if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime);
psa_key_attributes_t attributes = {
.core = slot->attr
};
switch( location )
{
case PSA_KEY_LOCATION_LOCAL_STORAGE:
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_DRIVER_TEST)
status = test_transparent_cipher_encrypt( &attributes,
slot->key.data,
slot->key.bytes,
alg,
input,
input_length,
output,
output_size,
output_length );
/* Declared with fallback == true */
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
/* Fell through, meaning no accelerator supports this operation */
return( PSA_ERROR_NOT_SUPPORTED );
/* Add cases for opaque driver here */
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
return( test_opaque_cipher_encrypt( &attributes,
slot->key.data,
slot->key.bytes,
alg,
input,
input_length,
output,
output_size,
output_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
default:
/* Key is declared with a lifetime not known to us */
return( status );
}
#else /* PSA_CRYPTO_DRIVER_PRESENT */
(void) slot;
(void) alg;
(void) input;
(void) input_length;
(void) output;
(void) output_size;
(void) output_length;
return( PSA_ERROR_NOT_SUPPORTED );
#endif /* PSA_CRYPTO_DRIVER_PRESENT */
}
psa_status_t psa_driver_wrapper_cipher_decrypt(
psa_key_slot_t *slot,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
uint8_t *output,
size_t output_size,
size_t *output_length )
{
#if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime);
psa_key_attributes_t attributes = {
.core = slot->attr
};
switch( location )
{
case PSA_KEY_LOCATION_LOCAL_STORAGE:
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_DRIVER_TEST)
status = test_transparent_cipher_decrypt( &attributes,
slot->key.data,
slot->key.bytes,
alg,
input,
input_length,
output,
output_size,
output_length );
/* Declared with fallback == true */
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
/* Fell through, meaning no accelerator supports this operation */
return( PSA_ERROR_NOT_SUPPORTED );
/* Add cases for opaque driver here */
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
return( test_opaque_cipher_decrypt( &attributes,
slot->key.data,
slot->key.bytes,
alg,
input,
input_length,
output,
output_size,
output_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
default:
/* Key is declared with a lifetime not known to us */
return( status );
}
#else /* PSA_CRYPTO_DRIVER_PRESENT */
(void) slot;
(void) alg;
(void) input;
(void) input_length;
(void) output;
(void) output_size;
(void) output_length;
return( PSA_ERROR_NOT_SUPPORTED );
#endif /* PSA_CRYPTO_DRIVER_PRESENT */
}
psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
psa_cipher_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg )
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_location_t location =
PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
switch( location )
{
case PSA_KEY_LOCATION_LOCAL_STORAGE:
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
status = test_transparent_cipher_encrypt_setup(
&operation->ctx.transparent_test_driver_ctx,
attributes,
key_buffer,
key_buffer_size,
alg );
/* Declared with fallback == true */
if( status == PSA_SUCCESS )
operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
/* Fell through, meaning no accelerator supports this operation */
status = mbedtls_psa_cipher_encrypt_setup( &operation->ctx.mbedtls_ctx,
attributes,
key_buffer,
key_buffer_size,
alg );
if( status == PSA_SUCCESS )
operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
return( PSA_ERROR_NOT_SUPPORTED );
/* Add cases for opaque driver here */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
status = test_opaque_cipher_encrypt_setup(
&operation->ctx.opaque_test_driver_ctx,
attributes,
key_buffer, key_buffer_size,
alg );
if( status == PSA_SUCCESS )
operation->id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID;
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
default:
/* Key is declared with a lifetime not known to us */
(void)status;
(void)key_buffer;
(void)key_buffer_size;
(void)alg;
return( PSA_ERROR_INVALID_ARGUMENT );
}
}
psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
psa_cipher_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg )
{
psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
psa_key_location_t location =
PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
switch( location )
{
case PSA_KEY_LOCATION_LOCAL_STORAGE:
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
status = test_transparent_cipher_decrypt_setup(
&operation->ctx.transparent_test_driver_ctx,
attributes,
key_buffer,
key_buffer_size,
alg );
/* Declared with fallback == true */
if( status == PSA_SUCCESS )
operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
/* Fell through, meaning no accelerator supports this operation */
status = mbedtls_psa_cipher_decrypt_setup( &operation->ctx.mbedtls_ctx,
attributes,
key_buffer,
key_buffer_size,
alg );
if( status == PSA_SUCCESS )
operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
return( status );
#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
return( PSA_ERROR_NOT_SUPPORTED );
/* Add cases for opaque driver here */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
status = test_opaque_cipher_decrypt_setup(
&operation->ctx.opaque_test_driver_ctx,
attributes,
key_buffer, key_buffer_size,
alg );
if( status == PSA_SUCCESS )
operation->id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID;
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
default:
/* Key is declared with a lifetime not known to us */
(void)status;
(void)key_buffer;
(void)key_buffer_size;
(void)alg;
return( PSA_ERROR_INVALID_ARGUMENT );
}
}
psa_status_t psa_driver_wrapper_cipher_set_iv(
psa_cipher_operation_t *operation,
const uint8_t *iv,
size_t iv_length )
{
switch( operation->id )
{
#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
return( mbedtls_psa_cipher_set_iv( &operation->ctx.mbedtls_ctx,
iv,
iv_length ) );
#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
return( test_transparent_cipher_set_iv(
&operation->ctx.transparent_test_driver_ctx,
iv, iv_length ) );
case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
return( test_opaque_cipher_set_iv(
&operation->ctx.opaque_test_driver_ctx,
iv, iv_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
}
(void)iv;
(void)iv_length;
return( PSA_ERROR_INVALID_ARGUMENT );
}
psa_status_t psa_driver_wrapper_cipher_update(
psa_cipher_operation_t *operation,
const uint8_t *input,
size_t input_length,
uint8_t *output,
size_t output_size,
size_t *output_length )
{
switch( operation->id )
{
#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
return( mbedtls_psa_cipher_update( &operation->ctx.mbedtls_ctx,
input,
input_length,
output,
output_size,
output_length ) );
#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
return( test_transparent_cipher_update(
&operation->ctx.transparent_test_driver_ctx,
input, input_length,
output, output_size, output_length ) );
case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
return( test_opaque_cipher_update(
&operation->ctx.opaque_test_driver_ctx,
input, input_length,
output, output_size, output_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
}
(void)input;
(void)input_length;
(void)output;
(void)output_size;
(void)output_length;
return( PSA_ERROR_INVALID_ARGUMENT );
}
psa_status_t psa_driver_wrapper_cipher_finish(
psa_cipher_operation_t *operation,
uint8_t *output,
size_t output_size,
size_t *output_length )
{
switch( operation->id )
{
#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
return( mbedtls_psa_cipher_finish( &operation->ctx.mbedtls_ctx,
output,
output_size,
output_length ) );
#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
return( test_transparent_cipher_finish(
&operation->ctx.transparent_test_driver_ctx,
output, output_size, output_length ) );
case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
return( test_opaque_cipher_finish(
&operation->ctx.opaque_test_driver_ctx,
output, output_size, output_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
}
(void)output;
(void)output_size;
(void)output_length;
return( PSA_ERROR_INVALID_ARGUMENT );
}
psa_status_t psa_driver_wrapper_cipher_abort(
psa_cipher_operation_t *operation )
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
switch( operation->id )
{
#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
return( mbedtls_psa_cipher_abort( &operation->ctx.mbedtls_ctx ) );
#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
status = test_transparent_cipher_abort(
&operation->ctx.transparent_test_driver_ctx );
mbedtls_platform_zeroize(
&operation->ctx.transparent_test_driver_ctx,
sizeof( operation->ctx.transparent_test_driver_ctx ) );
return( status );
case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
status = test_opaque_cipher_abort(
&operation->ctx.opaque_test_driver_ctx );
mbedtls_platform_zeroize(
&operation->ctx.opaque_test_driver_ctx,
sizeof( operation->ctx.opaque_test_driver_ctx ) );
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
}
(void)status;
return( PSA_ERROR_INVALID_ARGUMENT );
}
/*
* Hashing functions
*/
psa_status_t psa_driver_wrapper_hash_compute(
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
uint8_t *hash,
size_t hash_size,
size_t *hash_length)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
/* Try accelerators first */
#if defined(PSA_CRYPTO_DRIVER_TEST)
status = mbedtls_transparent_test_driver_hash_compute(
alg, input, input_length, hash, hash_size, hash_length );
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif
/* If software fallback is compiled in, try fallback */
#if defined(MBEDTLS_PSA_BUILTIN_HASH)
status = mbedtls_psa_hash_compute( alg, input, input_length,
hash, hash_size, hash_length );
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif
(void) status;
(void) alg;
(void) input;
(void) input_length;
(void) hash;
(void) hash_size;
(void) hash_length;
return( PSA_ERROR_NOT_SUPPORTED );
}
psa_status_t psa_driver_wrapper_hash_setup(
psa_hash_operation_t *operation,
psa_algorithm_t alg )
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
/* Try setup on accelerators first */
#if defined(PSA_CRYPTO_DRIVER_TEST)
status = mbedtls_transparent_test_driver_hash_setup(
&operation->ctx.test_driver_ctx, alg );
if( status == PSA_SUCCESS )
operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif
/* If software fallback is compiled in, try fallback */
#if defined(MBEDTLS_PSA_BUILTIN_HASH)
status = mbedtls_psa_hash_setup( &operation->ctx.mbedtls_ctx, alg );
if( status == PSA_SUCCESS )
operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif
/* Nothing left to try if we fall through here */
(void) status;
(void) operation;
(void) alg;
return( PSA_ERROR_NOT_SUPPORTED );
}
psa_status_t psa_driver_wrapper_hash_clone(
const psa_hash_operation_t *source_operation,
psa_hash_operation_t *target_operation )
{
switch( source_operation->id )
{
#if defined(MBEDTLS_PSA_BUILTIN_HASH)
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
target_operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
return( mbedtls_psa_hash_clone( &source_operation->ctx.mbedtls_ctx,
&target_operation->ctx.mbedtls_ctx ) );
#endif
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
target_operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
return( mbedtls_transparent_test_driver_hash_clone(
&source_operation->ctx.test_driver_ctx,
&target_operation->ctx.test_driver_ctx ) );
#endif
default:
(void) target_operation;
return( PSA_ERROR_BAD_STATE );
}
}
psa_status_t psa_driver_wrapper_hash_update(
psa_hash_operation_t *operation,
const uint8_t *input,
size_t input_length )
{
switch( operation->id )
{
#if defined(MBEDTLS_PSA_BUILTIN_HASH)
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
return( mbedtls_psa_hash_update( &operation->ctx.mbedtls_ctx,
input, input_length ) );
#endif
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
return( mbedtls_transparent_test_driver_hash_update(
&operation->ctx.test_driver_ctx,
input, input_length ) );
#endif
default:
(void) input;
(void) input_length;
return( PSA_ERROR_BAD_STATE );
}
}
psa_status_t psa_driver_wrapper_hash_finish(
psa_hash_operation_t *operation,
uint8_t *hash,
size_t hash_size,
size_t *hash_length )
{
switch( operation->id )
{
#if defined(MBEDTLS_PSA_BUILTIN_HASH)
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
return( mbedtls_psa_hash_finish( &operation->ctx.mbedtls_ctx,
hash, hash_size, hash_length ) );
#endif
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
return( mbedtls_transparent_test_driver_hash_finish(
&operation->ctx.test_driver_ctx,
hash, hash_size, hash_length ) );
#endif
default:
(void) hash;
(void) hash_size;
(void) hash_length;
return( PSA_ERROR_BAD_STATE );
}
}
psa_status_t psa_driver_wrapper_hash_abort(
psa_hash_operation_t *operation )
{
switch( operation->id )
{
#if defined(MBEDTLS_PSA_BUILTIN_HASH)
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
return( mbedtls_psa_hash_abort( &operation->ctx.mbedtls_ctx ) );
#endif
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
return( mbedtls_transparent_test_driver_hash_abort(
&operation->ctx.test_driver_ctx ) );
#endif
default:
return( PSA_ERROR_BAD_STATE );
}
}
psa_status_t psa_driver_wrapper_aead_encrypt(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *nonce, size_t nonce_length,
const uint8_t *additional_data, size_t additional_data_length,
const uint8_t *plaintext, size_t plaintext_length,
uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length )
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_location_t location =
PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
switch( location )
{
case PSA_KEY_LOCATION_LOCAL_STORAGE:
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
status = test_transparent_aead_encrypt(
attributes, key_buffer, key_buffer_size,
alg,
nonce, nonce_length,
additional_data, additional_data_length,
plaintext, plaintext_length,
ciphertext, ciphertext_size, ciphertext_length );
/* Declared with fallback == true */
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
/* Fell through, meaning no accelerator supports this operation */
return( mbedtls_psa_aead_encrypt(
attributes, key_buffer, key_buffer_size,
alg,
nonce, nonce_length,
additional_data, additional_data_length,
plaintext, plaintext_length,
ciphertext, ciphertext_size, ciphertext_length ) );
/* Add cases for opaque driver here */
default:
/* Key is declared with a lifetime not known to us */
(void)status;
return( PSA_ERROR_INVALID_ARGUMENT );
}
}
psa_status_t psa_driver_wrapper_aead_decrypt(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *nonce, size_t nonce_length,
const uint8_t *additional_data, size_t additional_data_length,
const uint8_t *ciphertext, size_t ciphertext_length,
uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length )
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_location_t location =
PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
switch( location )
{
case PSA_KEY_LOCATION_LOCAL_STORAGE:
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
status = test_transparent_aead_decrypt(
attributes, key_buffer, key_buffer_size,
alg,
nonce, nonce_length,
additional_data, additional_data_length,
ciphertext, ciphertext_length,
plaintext, plaintext_size, plaintext_length );
/* Declared with fallback == true */
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
/* Fell through, meaning no accelerator supports this operation */
return( mbedtls_psa_aead_decrypt(
attributes, key_buffer, key_buffer_size,
alg,
nonce, nonce_length,
additional_data, additional_data_length,
ciphertext, ciphertext_length,
plaintext, plaintext_size, plaintext_length ) );
/* Add cases for opaque driver here */
default:
/* Key is declared with a lifetime not known to us */
(void)status;
return( PSA_ERROR_INVALID_ARGUMENT );
}
}
/* End of automatically generated file. */
Reference in New Issue View Git Blame Copy Permalink