mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-27 14:24:18 +01:00
fc8d0aedd6
To avoid code duplication of the old-style SE interface usage call psa_driver_wrapper_sign/verify_hash function instead of the direct internal functions. Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
1432 lines
54 KiB
C
1432 lines
54 KiB
C
/*
|
|
* Functions to delegate cryptographic operations to an available
|
|
* and appropriate accelerator.
|
|
* Warning: This file will be auto-generated in the future.
|
|
*/
|
|
/* Copyright The Mbed TLS Contributors
|
|
* SPDX-License-Identifier: Apache-2.0
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
* not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
|
|
#include "psa_crypto_aead.h"
|
|
#include "psa_crypto_cipher.h"
|
|
#include "psa_crypto_core.h"
|
|
#include "psa_crypto_driver_wrappers.h"
|
|
#include "psa_crypto_hash.h"
|
|
|
|
#include "mbedtls/platform.h"
|
|
|
|
#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS)
|
|
|
|
/* Include test driver definition when running tests */
|
|
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
|
#ifndef PSA_CRYPTO_DRIVER_PRESENT
|
|
#define PSA_CRYPTO_DRIVER_PRESENT
|
|
#endif
|
|
#ifndef PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT
|
|
#define PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT
|
|
#endif
|
|
#include "test/drivers/test_driver.h"
|
|
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
|
|
|
/* Repeat above block for each JSON-declared driver during autogeneration */
|
|
#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS */
|
|
|
|
/* Auto-generated values depending on which drivers are registered.
|
|
* ID 0 is reserved for unallocated operations.
|
|
* ID 1 is reserved for the Mbed TLS software driver. */
|
|
#define PSA_CRYPTO_MBED_TLS_DRIVER_ID (1)
|
|
|
|
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
|
#define PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID (2)
|
|
#define PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID (3)
|
|
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
|
|
|
/* Support the 'old' SE interface when asked to */
|
|
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
|
|
/* PSA_CRYPTO_DRIVER_PRESENT is defined when either a new-style or old-style
|
|
* SE driver is present, to avoid unused argument errors at compile time. */
|
|
#ifndef PSA_CRYPTO_DRIVER_PRESENT
|
|
#define PSA_CRYPTO_DRIVER_PRESENT
|
|
#endif
|
|
#include "psa_crypto_se.h"
|
|
#endif
|
|
|
|
/* Start delegation functions */
|
|
psa_status_t psa_driver_wrapper_sign_message(
|
|
const psa_key_attributes_t *attributes,
|
|
const uint8_t *key_buffer,
|
|
size_t key_buffer_size,
|
|
psa_algorithm_t alg,
|
|
const uint8_t *input,
|
|
size_t input_length,
|
|
uint8_t *signature,
|
|
size_t signature_size,
|
|
size_t *signature_length )
|
|
{
|
|
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
|
psa_key_location_t location =
|
|
PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
|
|
|
|
switch( location )
|
|
{
|
|
case PSA_KEY_LOCATION_LOCAL_STORAGE:
|
|
/* Key is stored in the slot in export representation, so
|
|
* cycle through all known transparent accelerators */
|
|
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
|
|
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
|
status = mbedtls_test_transparent_signature_sign_message(
|
|
attributes,
|
|
key_buffer,
|
|
key_buffer_size,
|
|
alg,
|
|
input,
|
|
input_length,
|
|
signature,
|
|
signature_size,
|
|
signature_length );
|
|
/* Declared with fallback == true */
|
|
if( status != PSA_ERROR_NOT_SUPPORTED )
|
|
return( status );
|
|
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
|
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
|
|
/* Fell through, meaning no accelerator supports this operation */
|
|
return( psa_sign_message_internal( attributes,
|
|
key_buffer,
|
|
key_buffer_size,
|
|
alg,
|
|
input,
|
|
input_length,
|
|
signature,
|
|
signature_size,
|
|
signature_length ) );
|
|
|
|
/* Add cases for opaque driver here */
|
|
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
|
|
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
|
case PSA_CRYPTO_TEST_DRIVER_LOCATION:
|
|
return( mbedtls_test_opaque_signature_sign_message(
|
|
attributes,
|
|
key_buffer,
|
|
key_buffer_size,
|
|
alg,
|
|
input,
|
|
input_length,
|
|
signature,
|
|
signature_size,
|
|
signature_length ) );
|
|
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
|
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
|
|
default:
|
|
/* Key is declared with a lifetime not known to us */
|
|
(void)status;
|
|
return( PSA_ERROR_INVALID_ARGUMENT );
|
|
}
|
|
}
|
|
|
|
psa_status_t psa_driver_wrapper_verify_message(
|
|
const psa_key_attributes_t *attributes,
|
|
const uint8_t *key_buffer,
|
|
size_t key_buffer_size,
|
|
psa_algorithm_t alg,
|
|
const uint8_t *input,
|
|
size_t input_length,
|
|
const uint8_t *signature,
|
|
size_t signature_length )
|
|
{
|
|
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
|
psa_key_location_t location =
|
|
PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
|
|
|
|
switch( location )
|
|
{
|
|
case PSA_KEY_LOCATION_LOCAL_STORAGE:
|
|
/* Key is stored in the slot in export representation, so
|
|
* cycle through all known transparent accelerators */
|
|
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
|
|
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
|
status = mbedtls_test_transparent_signature_verify_message(
|
|
attributes,
|
|
key_buffer,
|
|
key_buffer_size,
|
|
alg,
|
|
input,
|
|
input_length,
|
|
signature,
|
|
signature_length );
|
|
/* Declared with fallback == true */
|
|
if( status != PSA_ERROR_NOT_SUPPORTED )
|
|
return( status );
|
|
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
|
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
|
|
|
|
return( psa_verify_message_internal( attributes,
|
|
key_buffer,
|
|
key_buffer_size,
|
|
alg,
|
|
input,
|
|
input_length,
|
|
signature,
|
|
signature_length ) );
|
|
|
|
/* Add cases for opaque driver here */
|
|
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
|
|
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
|
case PSA_CRYPTO_TEST_DRIVER_LOCATION:
|
|
return( mbedtls_test_opaque_signature_verify_message(
|
|
attributes,
|
|
key_buffer,
|
|
key_buffer_size,
|
|
alg,
|
|
input,
|
|
input_length,
|
|
signature,
|
|
signature_length ) );
|
|
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
|
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
|
|
default:
|
|
/* Key is declared with a lifetime not known to us */
|
|
(void)status;
|
|
return( PSA_ERROR_INVALID_ARGUMENT );
|
|
}
|
|
}
|
|
|
|
psa_status_t psa_driver_wrapper_sign_hash(
|
|
const psa_key_attributes_t *attributes,
|
|
const uint8_t *key_buffer, size_t key_buffer_size,
|
|
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
|
|
uint8_t *signature, size_t signature_size, size_t *signature_length )
|
|
{
|
|
/* Try dynamically-registered SE interface first */
|
|
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
|
|
const psa_drv_se_t *drv;
|
|
psa_drv_se_context_t *drv_context;
|
|
|
|
if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
|
|
{
|
|
if( drv->asymmetric == NULL ||
|
|
drv->asymmetric->p_sign == NULL )
|
|
{
|
|
/* Key is defined in SE, but we have no way to exercise it */
|
|
return( PSA_ERROR_NOT_SUPPORTED );
|
|
}
|
|
return( drv->asymmetric->p_sign(
|
|
drv_context, *( (psa_key_slot_number_t *)key_buffer ),
|
|
alg, hash, hash_length,
|
|
signature, signature_size, signature_length ) );
|
|
}
|
|
#endif /* PSA_CRYPTO_SE_C */
|
|
|
|
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
|
psa_key_location_t location =
|
|
PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
|
|
|
|
switch( location )
|
|
{
|
|
case PSA_KEY_LOCATION_LOCAL_STORAGE:
|
|
/* Key is stored in the slot in export representation, so
|
|
* cycle through all known transparent accelerators */
|
|
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
|
|
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
|
status = mbedtls_test_transparent_signature_sign_hash( attributes,
|
|
key_buffer,
|
|
key_buffer_size,
|
|
alg,
|
|
hash,
|
|
hash_length,
|
|
signature,
|
|
signature_size,
|
|
signature_length );
|
|
/* Declared with fallback == true */
|
|
if( status != PSA_ERROR_NOT_SUPPORTED )
|
|
return( status );
|
|
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
|
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
|
|
/* Fell through, meaning no accelerator supports this operation */
|
|
return( psa_sign_hash_internal( attributes,
|
|
key_buffer,
|
|
key_buffer_size,
|
|
alg,
|
|
hash,
|
|
hash_length,
|
|
signature,
|
|
signature_size,
|
|
signature_length ) );
|
|
|
|
/* Add cases for opaque driver here */
|
|
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
|
|
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
|
case PSA_CRYPTO_TEST_DRIVER_LOCATION:
|
|
return( mbedtls_test_opaque_signature_sign_hash( attributes,
|
|
key_buffer,
|
|
key_buffer_size,
|
|
alg,
|
|
hash,
|
|
hash_length,
|
|
signature,
|
|
signature_size,
|
|
signature_length ) );
|
|
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
|
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
|
|
default:
|
|
/* Key is declared with a lifetime not known to us */
|
|
(void)status;
|
|
return( PSA_ERROR_INVALID_ARGUMENT );
|
|
}
|
|
}
|
|
|
|
psa_status_t psa_driver_wrapper_verify_hash(
|
|
const psa_key_attributes_t *attributes,
|
|
const uint8_t *key_buffer, size_t key_buffer_size,
|
|
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
|
|
const uint8_t *signature, size_t signature_length )
|
|
{
|
|
/* Try dynamically-registered SE interface first */
|
|
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
|
|
const psa_drv_se_t *drv;
|
|
psa_drv_se_context_t *drv_context;
|
|
|
|
if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
|
|
{
|
|
if( drv->asymmetric == NULL ||
|
|
drv->asymmetric->p_verify == NULL )
|
|
{
|
|
/* Key is defined in SE, but we have no way to exercise it */
|
|
return( PSA_ERROR_NOT_SUPPORTED );
|
|
}
|
|
return( drv->asymmetric->p_verify(
|
|
drv_context, *( (psa_key_slot_number_t *)key_buffer ),
|
|
alg, hash, hash_length,
|
|
signature, signature_length ) );
|
|
}
|
|
#endif /* PSA_CRYPTO_SE_C */
|
|
|
|
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
|
psa_key_location_t location =
|
|
PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
|
|
|
|
switch( location )
|
|
{
|
|
case PSA_KEY_LOCATION_LOCAL_STORAGE:
|
|
/* Key is stored in the slot in export representation, so
|
|
* cycle through all known transparent accelerators */
|
|
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
|
|
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
|
status = mbedtls_test_transparent_signature_verify_hash(
|
|
attributes,
|
|
key_buffer,
|
|
key_buffer_size,
|
|
alg,
|
|
hash,
|
|
hash_length,
|
|
signature,
|
|
signature_length );
|
|
/* Declared with fallback == true */
|
|
if( status != PSA_ERROR_NOT_SUPPORTED )
|
|
return( status );
|
|
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
|
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
|
|
|
|
return( psa_verify_hash_internal( attributes,
|
|
key_buffer,
|
|
key_buffer_size,
|
|
alg,
|
|
hash,
|
|
hash_length,
|
|
signature,
|
|
signature_length ) );
|
|
|
|
/* Add cases for opaque driver here */
|
|
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
|
|
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
|
case PSA_CRYPTO_TEST_DRIVER_LOCATION:
|
|
return( mbedtls_test_opaque_signature_verify_hash( attributes,
|
|
key_buffer,
|
|
key_buffer_size,
|
|
alg,
|
|
hash,
|
|
hash_length,
|
|
signature,
|
|
signature_length ) );
|
|
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
|
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
|
|
default:
|
|
/* Key is declared with a lifetime not known to us */
|
|
(void)status;
|
|
return( PSA_ERROR_INVALID_ARGUMENT );
|
|
}
|
|
}
|
|
|
|
/** Get the key buffer size required to store the key material of a key
|
|
* associated with an opaque driver without storage.
|
|
*
|
|
* \param[in] attributes The key attributes.
|
|
* \param[out] key_buffer_size Minimum buffer size to contain the key material
|
|
*
|
|
* \retval #PSA_SUCCESS
|
|
* The minimum size for a buffer to contain the key material has been
|
|
* returned successfully.
|
|
* \retval #PSA_ERROR_INVALID_ARGUMENT
|
|
* The size in bits of the key is not valid.
|
|
* \retval #PSA_ERROR_NOT_SUPPORTED
|
|
* The type and/or the size in bits of the key or the combination of
|
|
* the two is not supported.
|
|
*/
|
|
psa_status_t psa_driver_wrapper_get_key_buffer_size(
|
|
const psa_key_attributes_t *attributes,
|
|
size_t *key_buffer_size )
|
|
{
|
|
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
|
|
psa_key_type_t key_type = attributes->core.type;
|
|
size_t key_bits = attributes->core.bits;
|
|
|
|
*key_buffer_size = 0;
|
|
switch( location )
|
|
{
|
|
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
|
case PSA_CRYPTO_TEST_DRIVER_LOCATION:
|
|
#if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
|
|
/* Emulate property 'builtin_key_size' */
|
|
if( psa_key_id_is_builtin(
|
|
MBEDTLS_SVC_KEY_ID_GET_KEY_ID(
|
|
psa_get_key_id( attributes ) ) ) )
|
|
{
|
|
*key_buffer_size = sizeof( psa_drv_slot_number_t );
|
|
return( PSA_SUCCESS );
|
|
}
|
|
#endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
|
|
*key_buffer_size = mbedtls_test_size_function( key_type, key_bits );
|
|
return( ( *key_buffer_size != 0 ) ?
|
|
PSA_SUCCESS : PSA_ERROR_NOT_SUPPORTED );
|
|
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
|
|
|
default:
|
|
(void)key_type;
|
|
(void)key_bits;
|
|
return( PSA_ERROR_NOT_SUPPORTED );
|
|
}
|
|
}
|
|
|
|
psa_status_t psa_driver_wrapper_generate_key(
|
|
const psa_key_attributes_t *attributes,
|
|
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
|
|
{
|
|
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
|
psa_key_location_t location =
|
|
PSA_KEY_LIFETIME_GET_LOCATION(attributes->core.lifetime);
|
|
|
|
/* Try dynamically-registered SE interface first */
|
|
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
|
|
const psa_drv_se_t *drv;
|
|
psa_drv_se_context_t *drv_context;
|
|
|
|
if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
|
|
{
|
|
size_t pubkey_length = 0; /* We don't support this feature yet */
|
|
if( drv->key_management == NULL ||
|
|
drv->key_management->p_generate == NULL )
|
|
{
|
|
/* Key is defined as being in SE, but we have no way to generate it */
|
|
return( PSA_ERROR_NOT_SUPPORTED );
|
|
}
|
|
return( drv->key_management->p_generate(
|
|
drv_context,
|
|
*( (psa_key_slot_number_t *)key_buffer ),
|
|
attributes, NULL, 0, &pubkey_length ) );
|
|
}
|
|
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
|
|
|
|
switch( location )
|
|
{
|
|
case PSA_KEY_LOCATION_LOCAL_STORAGE:
|
|
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
|
|
/* Transparent drivers are limited to generating asymmetric keys */
|
|
if( PSA_KEY_TYPE_IS_ASYMMETRIC( attributes->core.type ) )
|
|
{
|
|
/* Cycle through all known transparent accelerators */
|
|
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
|
status = mbedtls_test_transparent_generate_key(
|
|
attributes, key_buffer, key_buffer_size,
|
|
key_buffer_length );
|
|
/* Declared with fallback == true */
|
|
if( status != PSA_ERROR_NOT_SUPPORTED )
|
|
break;
|
|
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
|
}
|
|
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
|
|
|
|
/* Software fallback */
|
|
status = psa_generate_key_internal(
|
|
attributes, key_buffer, key_buffer_size, key_buffer_length );
|
|
break;
|
|
|
|
/* Add cases for opaque driver here */
|
|
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
|
|
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
|
case PSA_CRYPTO_TEST_DRIVER_LOCATION:
|
|
status = mbedtls_test_opaque_generate_key(
|
|
attributes, key_buffer, key_buffer_size, key_buffer_length );
|
|
break;
|
|
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
|
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
|
|
|
|
default:
|
|
/* Key is declared with a lifetime not known to us */
|
|
status = PSA_ERROR_INVALID_ARGUMENT;
|
|
break;
|
|
}
|
|
|
|
return( status );
|
|
}
|
|
|
|
psa_status_t psa_driver_wrapper_import_key(
|
|
const psa_key_attributes_t *attributes,
|
|
const uint8_t *data,
|
|
size_t data_length,
|
|
uint8_t *key_buffer,
|
|
size_t key_buffer_size,
|
|
size_t *key_buffer_length,
|
|
size_t *bits )
|
|
{
|
|
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
|
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
|
|
psa_get_key_lifetime( attributes ) );
|
|
|
|
/* Try dynamically-registered SE interface first */
|
|
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
|
|
const psa_drv_se_t *drv;
|
|
psa_drv_se_context_t *drv_context;
|
|
|
|
if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
|
|
{
|
|
if( drv->key_management == NULL ||
|
|
drv->key_management->p_import == NULL )
|
|
return( PSA_ERROR_NOT_SUPPORTED );
|
|
|
|
/* The driver should set the number of key bits, however in
|
|
* case it doesn't, we initialize bits to an invalid value. */
|
|
*bits = PSA_MAX_KEY_BITS + 1;
|
|
status = drv->key_management->p_import(
|
|
drv_context,
|
|
*( (psa_key_slot_number_t *)key_buffer ),
|
|
attributes, data, data_length, bits );
|
|
|
|
if( status != PSA_SUCCESS )
|
|
return( status );
|
|
|
|
if( (*bits) > PSA_MAX_KEY_BITS )
|
|
return( PSA_ERROR_NOT_SUPPORTED );
|
|
|
|
return( PSA_SUCCESS );
|
|
}
|
|
#endif /* PSA_CRYPTO_SE_C */
|
|
|
|
switch( location )
|
|
{
|
|
case PSA_KEY_LOCATION_LOCAL_STORAGE:
|
|
/* Key is stored in the slot in export representation, so
|
|
* cycle through all known transparent accelerators */
|
|
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
|
|
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
|
status = mbedtls_test_transparent_import_key(
|
|
attributes,
|
|
data, data_length,
|
|
key_buffer, key_buffer_size,
|
|
key_buffer_length, bits );
|
|
/* Declared with fallback == true */
|
|
if( status != PSA_ERROR_NOT_SUPPORTED )
|
|
return( status );
|
|
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
|
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
|
|
/* Fell through, meaning no accelerator supports this operation */
|
|
return( psa_import_key_into_slot( attributes,
|
|
data, data_length,
|
|
key_buffer, key_buffer_size,
|
|
key_buffer_length, bits ) );
|
|
|
|
default:
|
|
/* Importing a key with external storage in not yet supported.
|
|
* Return in error indicating that the lifetime is not valid. */
|
|
(void)status;
|
|
return( PSA_ERROR_INVALID_ARGUMENT );
|
|
}
|
|
|
|
}
|
|
|
|
psa_status_t psa_driver_wrapper_export_key(
|
|
const psa_key_attributes_t *attributes,
|
|
const uint8_t *key_buffer, size_t key_buffer_size,
|
|
uint8_t *data, size_t data_size, size_t *data_length )
|
|
|
|
{
|
|
psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
|
|
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
|
|
psa_get_key_lifetime( attributes ) );
|
|
|
|
/* Try dynamically-registered SE interface first */
|
|
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
|
|
const psa_drv_se_t *drv;
|
|
psa_drv_se_context_t *drv_context;
|
|
|
|
if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
|
|
{
|
|
if( ( drv->key_management == NULL ) ||
|
|
( drv->key_management->p_export == NULL ) )
|
|
{
|
|
return( PSA_ERROR_NOT_SUPPORTED );
|
|
}
|
|
|
|
return( drv->key_management->p_export(
|
|
drv_context,
|
|
*( (psa_key_slot_number_t *)key_buffer ),
|
|
data, data_size, data_length ) );
|
|
}
|
|
#endif /* PSA_CRYPTO_SE_C */
|
|
|
|
switch( location )
|
|
{
|
|
case PSA_KEY_LOCATION_LOCAL_STORAGE:
|
|
return( psa_export_key_internal( attributes,
|
|
key_buffer,
|
|
key_buffer_size,
|
|
data,
|
|
data_size,
|
|
data_length ) );
|
|
|
|
/* Add cases for opaque driver here */
|
|
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
|
|
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
|
case PSA_CRYPTO_TEST_DRIVER_LOCATION:
|
|
return( mbedtls_test_opaque_export_key( attributes,
|
|
key_buffer,
|
|
key_buffer_size,
|
|
data,
|
|
data_size,
|
|
data_length ) );
|
|
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
|
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
|
|
default:
|
|
/* Key is declared with a lifetime not known to us */
|
|
return( status );
|
|
}
|
|
}
|
|
|
|
psa_status_t psa_driver_wrapper_export_public_key(
|
|
const psa_key_attributes_t *attributes,
|
|
const uint8_t *key_buffer, size_t key_buffer_size,
|
|
uint8_t *data, size_t data_size, size_t *data_length )
|
|
|
|
{
|
|
psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
|
|
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
|
|
psa_get_key_lifetime( attributes ) );
|
|
|
|
/* Try dynamically-registered SE interface first */
|
|
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
|
|
const psa_drv_se_t *drv;
|
|
psa_drv_se_context_t *drv_context;
|
|
|
|
if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
|
|
{
|
|
if( ( drv->key_management == NULL ) ||
|
|
( drv->key_management->p_export_public == NULL ) )
|
|
{
|
|
return( PSA_ERROR_NOT_SUPPORTED );
|
|
}
|
|
|
|
return( drv->key_management->p_export_public(
|
|
drv_context,
|
|
*( (psa_key_slot_number_t *)key_buffer ),
|
|
data, data_size, data_length ) );
|
|
}
|
|
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
|
|
|
|
switch( location )
|
|
{
|
|
case PSA_KEY_LOCATION_LOCAL_STORAGE:
|
|
/* Key is stored in the slot in export representation, so
|
|
* cycle through all known transparent accelerators */
|
|
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
|
|
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
|
status = mbedtls_test_transparent_export_public_key(
|
|
attributes,
|
|
key_buffer,
|
|
key_buffer_size,
|
|
data,
|
|
data_size,
|
|
data_length );
|
|
/* Declared with fallback == true */
|
|
if( status != PSA_ERROR_NOT_SUPPORTED )
|
|
return( status );
|
|
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
|
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
|
|
/* Fell through, meaning no accelerator supports this operation */
|
|
return( psa_export_public_key_internal( attributes,
|
|
key_buffer,
|
|
key_buffer_size,
|
|
data,
|
|
data_size,
|
|
data_length ) );
|
|
|
|
/* Add cases for opaque driver here */
|
|
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
|
|
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
|
case PSA_CRYPTO_TEST_DRIVER_LOCATION:
|
|
return( mbedtls_test_opaque_export_public_key( attributes,
|
|
key_buffer,
|
|
key_buffer_size,
|
|
data,
|
|
data_size,
|
|
data_length ) );
|
|
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
|
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
|
|
default:
|
|
/* Key is declared with a lifetime not known to us */
|
|
return( status );
|
|
}
|
|
}
|
|
|
|
psa_status_t psa_driver_wrapper_get_builtin_key(
|
|
psa_drv_slot_number_t slot_number,
|
|
psa_key_attributes_t *attributes,
|
|
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
|
|
{
|
|
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
|
|
switch( location )
|
|
{
|
|
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
|
case PSA_CRYPTO_TEST_DRIVER_LOCATION:
|
|
return( mbedtls_test_opaque_get_builtin_key(
|
|
slot_number,
|
|
attributes,
|
|
key_buffer, key_buffer_size, key_buffer_length ) );
|
|
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
|
default:
|
|
(void) slot_number;
|
|
(void) key_buffer;
|
|
(void) key_buffer_size;
|
|
(void) key_buffer_length;
|
|
return( PSA_ERROR_DOES_NOT_EXIST );
|
|
}
|
|
}
|
|
|
|
/*
|
|
* Cipher functions
|
|
*/
|
|
psa_status_t psa_driver_wrapper_cipher_encrypt(
|
|
psa_key_slot_t *slot,
|
|
psa_algorithm_t alg,
|
|
const uint8_t *input,
|
|
size_t input_length,
|
|
uint8_t *output,
|
|
size_t output_size,
|
|
size_t *output_length )
|
|
{
|
|
#if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
|
|
psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
|
|
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime);
|
|
psa_key_attributes_t attributes = {
|
|
.core = slot->attr
|
|
};
|
|
|
|
switch( location )
|
|
{
|
|
case PSA_KEY_LOCATION_LOCAL_STORAGE:
|
|
/* Key is stored in the slot in export representation, so
|
|
* cycle through all known transparent accelerators */
|
|
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
|
status = mbedtls_test_transparent_cipher_encrypt( &attributes,
|
|
slot->key.data,
|
|
slot->key.bytes,
|
|
alg,
|
|
input,
|
|
input_length,
|
|
output,
|
|
output_size,
|
|
output_length );
|
|
/* Declared with fallback == true */
|
|
if( status != PSA_ERROR_NOT_SUPPORTED )
|
|
return( status );
|
|
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
|
/* Fell through, meaning no accelerator supports this operation */
|
|
return( PSA_ERROR_NOT_SUPPORTED );
|
|
/* Add cases for opaque driver here */
|
|
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
|
case PSA_CRYPTO_TEST_DRIVER_LOCATION:
|
|
return( mbedtls_test_opaque_cipher_encrypt( &attributes,
|
|
slot->key.data,
|
|
slot->key.bytes,
|
|
alg,
|
|
input,
|
|
input_length,
|
|
output,
|
|
output_size,
|
|
output_length ) );
|
|
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
|
default:
|
|
/* Key is declared with a lifetime not known to us */
|
|
return( status );
|
|
}
|
|
#else /* PSA_CRYPTO_DRIVER_PRESENT */
|
|
(void) slot;
|
|
(void) alg;
|
|
(void) input;
|
|
(void) input_length;
|
|
(void) output;
|
|
(void) output_size;
|
|
(void) output_length;
|
|
|
|
return( PSA_ERROR_NOT_SUPPORTED );
|
|
#endif /* PSA_CRYPTO_DRIVER_PRESENT */
|
|
}
|
|
|
|
psa_status_t psa_driver_wrapper_cipher_decrypt(
|
|
psa_key_slot_t *slot,
|
|
psa_algorithm_t alg,
|
|
const uint8_t *input,
|
|
size_t input_length,
|
|
uint8_t *output,
|
|
size_t output_size,
|
|
size_t *output_length )
|
|
{
|
|
#if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
|
|
psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
|
|
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime);
|
|
psa_key_attributes_t attributes = {
|
|
.core = slot->attr
|
|
};
|
|
|
|
switch( location )
|
|
{
|
|
case PSA_KEY_LOCATION_LOCAL_STORAGE:
|
|
/* Key is stored in the slot in export representation, so
|
|
* cycle through all known transparent accelerators */
|
|
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
|
status = mbedtls_test_transparent_cipher_decrypt( &attributes,
|
|
slot->key.data,
|
|
slot->key.bytes,
|
|
alg,
|
|
input,
|
|
input_length,
|
|
output,
|
|
output_size,
|
|
output_length );
|
|
/* Declared with fallback == true */
|
|
if( status != PSA_ERROR_NOT_SUPPORTED )
|
|
return( status );
|
|
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
|
/* Fell through, meaning no accelerator supports this operation */
|
|
return( PSA_ERROR_NOT_SUPPORTED );
|
|
/* Add cases for opaque driver here */
|
|
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
|
case PSA_CRYPTO_TEST_DRIVER_LOCATION:
|
|
return( mbedtls_test_opaque_cipher_decrypt( &attributes,
|
|
slot->key.data,
|
|
slot->key.bytes,
|
|
alg,
|
|
input,
|
|
input_length,
|
|
output,
|
|
output_size,
|
|
output_length ) );
|
|
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
|
default:
|
|
/* Key is declared with a lifetime not known to us */
|
|
return( status );
|
|
}
|
|
#else /* PSA_CRYPTO_DRIVER_PRESENT */
|
|
(void) slot;
|
|
(void) alg;
|
|
(void) input;
|
|
(void) input_length;
|
|
(void) output;
|
|
(void) output_size;
|
|
(void) output_length;
|
|
|
|
return( PSA_ERROR_NOT_SUPPORTED );
|
|
#endif /* PSA_CRYPTO_DRIVER_PRESENT */
|
|
}
|
|
|
|
psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
|
|
psa_cipher_operation_t *operation,
|
|
const psa_key_attributes_t *attributes,
|
|
const uint8_t *key_buffer, size_t key_buffer_size,
|
|
psa_algorithm_t alg )
|
|
{
|
|
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
|
psa_key_location_t location =
|
|
PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
|
|
|
|
switch( location )
|
|
{
|
|
case PSA_KEY_LOCATION_LOCAL_STORAGE:
|
|
/* Key is stored in the slot in export representation, so
|
|
* cycle through all known transparent accelerators */
|
|
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
|
|
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
|
status = mbedtls_test_transparent_cipher_encrypt_setup(
|
|
&operation->ctx.transparent_test_driver_ctx,
|
|
attributes,
|
|
key_buffer,
|
|
key_buffer_size,
|
|
alg );
|
|
/* Declared with fallback == true */
|
|
if( status == PSA_SUCCESS )
|
|
operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
|
|
|
|
if( status != PSA_ERROR_NOT_SUPPORTED )
|
|
return( status );
|
|
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
|
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
|
|
#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
|
|
/* Fell through, meaning no accelerator supports this operation */
|
|
status = mbedtls_psa_cipher_encrypt_setup( &operation->ctx.mbedtls_ctx,
|
|
attributes,
|
|
key_buffer,
|
|
key_buffer_size,
|
|
alg );
|
|
if( status == PSA_SUCCESS )
|
|
operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
|
|
|
|
if( status != PSA_ERROR_NOT_SUPPORTED )
|
|
return( status );
|
|
#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
|
|
return( PSA_ERROR_NOT_SUPPORTED );
|
|
|
|
/* Add cases for opaque driver here */
|
|
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
|
|
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
|
case PSA_CRYPTO_TEST_DRIVER_LOCATION:
|
|
status = mbedtls_test_opaque_cipher_encrypt_setup(
|
|
&operation->ctx.opaque_test_driver_ctx,
|
|
attributes,
|
|
key_buffer, key_buffer_size,
|
|
alg );
|
|
|
|
if( status == PSA_SUCCESS )
|
|
operation->id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID;
|
|
|
|
return( status );
|
|
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
|
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
|
|
default:
|
|
/* Key is declared with a lifetime not known to us */
|
|
(void)status;
|
|
(void)key_buffer;
|
|
(void)key_buffer_size;
|
|
(void)alg;
|
|
return( PSA_ERROR_INVALID_ARGUMENT );
|
|
}
|
|
}
|
|
|
|
psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
|
|
psa_cipher_operation_t *operation,
|
|
const psa_key_attributes_t *attributes,
|
|
const uint8_t *key_buffer, size_t key_buffer_size,
|
|
psa_algorithm_t alg )
|
|
{
|
|
psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
|
|
psa_key_location_t location =
|
|
PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
|
|
|
|
switch( location )
|
|
{
|
|
case PSA_KEY_LOCATION_LOCAL_STORAGE:
|
|
/* Key is stored in the slot in export representation, so
|
|
* cycle through all known transparent accelerators */
|
|
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
|
|
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
|
status = mbedtls_test_transparent_cipher_decrypt_setup(
|
|
&operation->ctx.transparent_test_driver_ctx,
|
|
attributes,
|
|
key_buffer,
|
|
key_buffer_size,
|
|
alg );
|
|
/* Declared with fallback == true */
|
|
if( status == PSA_SUCCESS )
|
|
operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
|
|
|
|
if( status != PSA_ERROR_NOT_SUPPORTED )
|
|
return( status );
|
|
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
|
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
|
|
#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
|
|
/* Fell through, meaning no accelerator supports this operation */
|
|
status = mbedtls_psa_cipher_decrypt_setup( &operation->ctx.mbedtls_ctx,
|
|
attributes,
|
|
key_buffer,
|
|
key_buffer_size,
|
|
alg );
|
|
if( status == PSA_SUCCESS )
|
|
operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
|
|
|
|
return( status );
|
|
#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
|
|
return( PSA_ERROR_NOT_SUPPORTED );
|
|
|
|
/* Add cases for opaque driver here */
|
|
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
|
|
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
|
case PSA_CRYPTO_TEST_DRIVER_LOCATION:
|
|
status = mbedtls_test_opaque_cipher_decrypt_setup(
|
|
&operation->ctx.opaque_test_driver_ctx,
|
|
attributes,
|
|
key_buffer, key_buffer_size,
|
|
alg );
|
|
|
|
if( status == PSA_SUCCESS )
|
|
operation->id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID;
|
|
|
|
return( status );
|
|
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
|
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
|
|
default:
|
|
/* Key is declared with a lifetime not known to us */
|
|
(void)status;
|
|
(void)key_buffer;
|
|
(void)key_buffer_size;
|
|
(void)alg;
|
|
return( PSA_ERROR_INVALID_ARGUMENT );
|
|
}
|
|
}
|
|
|
|
psa_status_t psa_driver_wrapper_cipher_set_iv(
|
|
psa_cipher_operation_t *operation,
|
|
const uint8_t *iv,
|
|
size_t iv_length )
|
|
{
|
|
switch( operation->id )
|
|
{
|
|
#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
|
|
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
|
|
return( mbedtls_psa_cipher_set_iv( &operation->ctx.mbedtls_ctx,
|
|
iv,
|
|
iv_length ) );
|
|
#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
|
|
|
|
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
|
|
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
|
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
|
|
return( mbedtls_test_transparent_cipher_set_iv(
|
|
&operation->ctx.transparent_test_driver_ctx,
|
|
iv, iv_length ) );
|
|
|
|
case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
|
|
return( mbedtls_test_opaque_cipher_set_iv(
|
|
&operation->ctx.opaque_test_driver_ctx,
|
|
iv, iv_length ) );
|
|
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
|
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
|
|
}
|
|
|
|
(void)iv;
|
|
(void)iv_length;
|
|
|
|
return( PSA_ERROR_INVALID_ARGUMENT );
|
|
}
|
|
|
|
psa_status_t psa_driver_wrapper_cipher_update(
|
|
psa_cipher_operation_t *operation,
|
|
const uint8_t *input,
|
|
size_t input_length,
|
|
uint8_t *output,
|
|
size_t output_size,
|
|
size_t *output_length )
|
|
{
|
|
switch( operation->id )
|
|
{
|
|
#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
|
|
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
|
|
return( mbedtls_psa_cipher_update( &operation->ctx.mbedtls_ctx,
|
|
input,
|
|
input_length,
|
|
output,
|
|
output_size,
|
|
output_length ) );
|
|
#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
|
|
|
|
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
|
|
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
|
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
|
|
return( mbedtls_test_transparent_cipher_update(
|
|
&operation->ctx.transparent_test_driver_ctx,
|
|
input, input_length,
|
|
output, output_size, output_length ) );
|
|
|
|
case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
|
|
return( mbedtls_test_opaque_cipher_update(
|
|
&operation->ctx.opaque_test_driver_ctx,
|
|
input, input_length,
|
|
output, output_size, output_length ) );
|
|
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
|
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
|
|
}
|
|
|
|
(void)input;
|
|
(void)input_length;
|
|
(void)output;
|
|
(void)output_size;
|
|
(void)output_length;
|
|
|
|
return( PSA_ERROR_INVALID_ARGUMENT );
|
|
}
|
|
|
|
psa_status_t psa_driver_wrapper_cipher_finish(
|
|
psa_cipher_operation_t *operation,
|
|
uint8_t *output,
|
|
size_t output_size,
|
|
size_t *output_length )
|
|
{
|
|
switch( operation->id )
|
|
{
|
|
#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
|
|
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
|
|
return( mbedtls_psa_cipher_finish( &operation->ctx.mbedtls_ctx,
|
|
output,
|
|
output_size,
|
|
output_length ) );
|
|
#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
|
|
|
|
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
|
|
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
|
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
|
|
return( mbedtls_test_transparent_cipher_finish(
|
|
&operation->ctx.transparent_test_driver_ctx,
|
|
output, output_size, output_length ) );
|
|
|
|
case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
|
|
return( mbedtls_test_opaque_cipher_finish(
|
|
&operation->ctx.opaque_test_driver_ctx,
|
|
output, output_size, output_length ) );
|
|
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
|
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
|
|
}
|
|
|
|
(void)output;
|
|
(void)output_size;
|
|
(void)output_length;
|
|
|
|
return( PSA_ERROR_INVALID_ARGUMENT );
|
|
}
|
|
|
|
psa_status_t psa_driver_wrapper_cipher_abort(
|
|
psa_cipher_operation_t *operation )
|
|
{
|
|
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
|
|
|
switch( operation->id )
|
|
{
|
|
#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
|
|
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
|
|
return( mbedtls_psa_cipher_abort( &operation->ctx.mbedtls_ctx ) );
|
|
#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
|
|
|
|
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
|
|
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
|
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
|
|
status = mbedtls_test_transparent_cipher_abort(
|
|
&operation->ctx.transparent_test_driver_ctx );
|
|
mbedtls_platform_zeroize(
|
|
&operation->ctx.transparent_test_driver_ctx,
|
|
sizeof( operation->ctx.transparent_test_driver_ctx ) );
|
|
return( status );
|
|
|
|
case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
|
|
status = mbedtls_test_opaque_cipher_abort(
|
|
&operation->ctx.opaque_test_driver_ctx );
|
|
mbedtls_platform_zeroize(
|
|
&operation->ctx.opaque_test_driver_ctx,
|
|
sizeof( operation->ctx.opaque_test_driver_ctx ) );
|
|
return( status );
|
|
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
|
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
|
|
}
|
|
|
|
(void)status;
|
|
return( PSA_ERROR_INVALID_ARGUMENT );
|
|
}
|
|
|
|
/*
|
|
* Hashing functions
|
|
*/
|
|
psa_status_t psa_driver_wrapper_hash_compute(
|
|
psa_algorithm_t alg,
|
|
const uint8_t *input,
|
|
size_t input_length,
|
|
uint8_t *hash,
|
|
size_t hash_size,
|
|
size_t *hash_length)
|
|
{
|
|
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
|
|
|
/* Try accelerators first */
|
|
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
|
status = mbedtls_test_transparent_hash_compute(
|
|
alg, input, input_length, hash, hash_size, hash_length );
|
|
if( status != PSA_ERROR_NOT_SUPPORTED )
|
|
return( status );
|
|
#endif
|
|
|
|
/* If software fallback is compiled in, try fallback */
|
|
#if defined(MBEDTLS_PSA_BUILTIN_HASH)
|
|
status = mbedtls_psa_hash_compute( alg, input, input_length,
|
|
hash, hash_size, hash_length );
|
|
if( status != PSA_ERROR_NOT_SUPPORTED )
|
|
return( status );
|
|
#endif
|
|
(void) status;
|
|
(void) alg;
|
|
(void) input;
|
|
(void) input_length;
|
|
(void) hash;
|
|
(void) hash_size;
|
|
(void) hash_length;
|
|
|
|
return( PSA_ERROR_NOT_SUPPORTED );
|
|
}
|
|
|
|
psa_status_t psa_driver_wrapper_hash_setup(
|
|
psa_hash_operation_t *operation,
|
|
psa_algorithm_t alg )
|
|
{
|
|
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
|
|
|
/* Try setup on accelerators first */
|
|
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
|
status = mbedtls_test_transparent_hash_setup(
|
|
&operation->ctx.test_driver_ctx, alg );
|
|
if( status == PSA_SUCCESS )
|
|
operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
|
|
|
|
if( status != PSA_ERROR_NOT_SUPPORTED )
|
|
return( status );
|
|
#endif
|
|
|
|
/* If software fallback is compiled in, try fallback */
|
|
#if defined(MBEDTLS_PSA_BUILTIN_HASH)
|
|
status = mbedtls_psa_hash_setup( &operation->ctx.mbedtls_ctx, alg );
|
|
if( status == PSA_SUCCESS )
|
|
operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
|
|
|
|
if( status != PSA_ERROR_NOT_SUPPORTED )
|
|
return( status );
|
|
#endif
|
|
/* Nothing left to try if we fall through here */
|
|
(void) status;
|
|
(void) operation;
|
|
(void) alg;
|
|
return( PSA_ERROR_NOT_SUPPORTED );
|
|
}
|
|
|
|
psa_status_t psa_driver_wrapper_hash_clone(
|
|
const psa_hash_operation_t *source_operation,
|
|
psa_hash_operation_t *target_operation )
|
|
{
|
|
switch( source_operation->id )
|
|
{
|
|
#if defined(MBEDTLS_PSA_BUILTIN_HASH)
|
|
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
|
|
target_operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
|
|
return( mbedtls_psa_hash_clone( &source_operation->ctx.mbedtls_ctx,
|
|
&target_operation->ctx.mbedtls_ctx ) );
|
|
#endif
|
|
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
|
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
|
|
target_operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
|
|
return( mbedtls_test_transparent_hash_clone(
|
|
&source_operation->ctx.test_driver_ctx,
|
|
&target_operation->ctx.test_driver_ctx ) );
|
|
#endif
|
|
default:
|
|
(void) target_operation;
|
|
return( PSA_ERROR_BAD_STATE );
|
|
}
|
|
}
|
|
|
|
psa_status_t psa_driver_wrapper_hash_update(
|
|
psa_hash_operation_t *operation,
|
|
const uint8_t *input,
|
|
size_t input_length )
|
|
{
|
|
switch( operation->id )
|
|
{
|
|
#if defined(MBEDTLS_PSA_BUILTIN_HASH)
|
|
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
|
|
return( mbedtls_psa_hash_update( &operation->ctx.mbedtls_ctx,
|
|
input, input_length ) );
|
|
#endif
|
|
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
|
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
|
|
return( mbedtls_test_transparent_hash_update(
|
|
&operation->ctx.test_driver_ctx,
|
|
input, input_length ) );
|
|
#endif
|
|
default:
|
|
(void) input;
|
|
(void) input_length;
|
|
return( PSA_ERROR_BAD_STATE );
|
|
}
|
|
}
|
|
|
|
psa_status_t psa_driver_wrapper_hash_finish(
|
|
psa_hash_operation_t *operation,
|
|
uint8_t *hash,
|
|
size_t hash_size,
|
|
size_t *hash_length )
|
|
{
|
|
switch( operation->id )
|
|
{
|
|
#if defined(MBEDTLS_PSA_BUILTIN_HASH)
|
|
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
|
|
return( mbedtls_psa_hash_finish( &operation->ctx.mbedtls_ctx,
|
|
hash, hash_size, hash_length ) );
|
|
#endif
|
|
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
|
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
|
|
return( mbedtls_test_transparent_hash_finish(
|
|
&operation->ctx.test_driver_ctx,
|
|
hash, hash_size, hash_length ) );
|
|
#endif
|
|
default:
|
|
(void) hash;
|
|
(void) hash_size;
|
|
(void) hash_length;
|
|
return( PSA_ERROR_BAD_STATE );
|
|
}
|
|
}
|
|
|
|
psa_status_t psa_driver_wrapper_hash_abort(
|
|
psa_hash_operation_t *operation )
|
|
{
|
|
switch( operation->id )
|
|
{
|
|
#if defined(MBEDTLS_PSA_BUILTIN_HASH)
|
|
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
|
|
return( mbedtls_psa_hash_abort( &operation->ctx.mbedtls_ctx ) );
|
|
#endif
|
|
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
|
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
|
|
return( mbedtls_test_transparent_hash_abort(
|
|
&operation->ctx.test_driver_ctx ) );
|
|
#endif
|
|
default:
|
|
return( PSA_ERROR_BAD_STATE );
|
|
}
|
|
}
|
|
|
|
psa_status_t psa_driver_wrapper_aead_encrypt(
|
|
const psa_key_attributes_t *attributes,
|
|
const uint8_t *key_buffer, size_t key_buffer_size,
|
|
psa_algorithm_t alg,
|
|
const uint8_t *nonce, size_t nonce_length,
|
|
const uint8_t *additional_data, size_t additional_data_length,
|
|
const uint8_t *plaintext, size_t plaintext_length,
|
|
uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length )
|
|
{
|
|
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
|
psa_key_location_t location =
|
|
PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
|
|
|
|
switch( location )
|
|
{
|
|
case PSA_KEY_LOCATION_LOCAL_STORAGE:
|
|
/* Key is stored in the slot in export representation, so
|
|
* cycle through all known transparent accelerators */
|
|
|
|
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
|
|
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
|
status = mbedtls_test_transparent_aead_encrypt(
|
|
attributes, key_buffer, key_buffer_size,
|
|
alg,
|
|
nonce, nonce_length,
|
|
additional_data, additional_data_length,
|
|
plaintext, plaintext_length,
|
|
ciphertext, ciphertext_size, ciphertext_length );
|
|
/* Declared with fallback == true */
|
|
if( status != PSA_ERROR_NOT_SUPPORTED )
|
|
return( status );
|
|
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
|
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
|
|
|
|
/* Fell through, meaning no accelerator supports this operation */
|
|
return( mbedtls_psa_aead_encrypt(
|
|
attributes, key_buffer, key_buffer_size,
|
|
alg,
|
|
nonce, nonce_length,
|
|
additional_data, additional_data_length,
|
|
plaintext, plaintext_length,
|
|
ciphertext, ciphertext_size, ciphertext_length ) );
|
|
|
|
/* Add cases for opaque driver here */
|
|
|
|
default:
|
|
/* Key is declared with a lifetime not known to us */
|
|
(void)status;
|
|
return( PSA_ERROR_INVALID_ARGUMENT );
|
|
}
|
|
}
|
|
|
|
psa_status_t psa_driver_wrapper_aead_decrypt(
|
|
const psa_key_attributes_t *attributes,
|
|
const uint8_t *key_buffer, size_t key_buffer_size,
|
|
psa_algorithm_t alg,
|
|
const uint8_t *nonce, size_t nonce_length,
|
|
const uint8_t *additional_data, size_t additional_data_length,
|
|
const uint8_t *ciphertext, size_t ciphertext_length,
|
|
uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length )
|
|
{
|
|
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
|
psa_key_location_t location =
|
|
PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
|
|
|
|
switch( location )
|
|
{
|
|
case PSA_KEY_LOCATION_LOCAL_STORAGE:
|
|
/* Key is stored in the slot in export representation, so
|
|
* cycle through all known transparent accelerators */
|
|
|
|
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
|
|
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
|
status = mbedtls_test_transparent_aead_decrypt(
|
|
attributes, key_buffer, key_buffer_size,
|
|
alg,
|
|
nonce, nonce_length,
|
|
additional_data, additional_data_length,
|
|
ciphertext, ciphertext_length,
|
|
plaintext, plaintext_size, plaintext_length );
|
|
/* Declared with fallback == true */
|
|
if( status != PSA_ERROR_NOT_SUPPORTED )
|
|
return( status );
|
|
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
|
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
|
|
|
|
/* Fell through, meaning no accelerator supports this operation */
|
|
return( mbedtls_psa_aead_decrypt(
|
|
attributes, key_buffer, key_buffer_size,
|
|
alg,
|
|
nonce, nonce_length,
|
|
additional_data, additional_data_length,
|
|
ciphertext, ciphertext_length,
|
|
plaintext, plaintext_size, plaintext_length ) );
|
|
|
|
/* Add cases for opaque driver here */
|
|
|
|
default:
|
|
/* Key is declared with a lifetime not known to us */
|
|
(void)status;
|
|
return( PSA_ERROR_INVALID_ARGUMENT );
|
|
}
|
|
}
|
|
/* End of automatically generated file. */
|