Coverage Report

Created: 2024-11-21 07:03

/src/mbedtls/build/library/psa_crypto_driver_wrappers.h
Line
Count
Source (jump to first uncovered line)
1
/*
2
 *  Functions to delegate cryptographic operations to an available
3
 *  and appropriate accelerator.
4
 *  Warning: This file is now auto-generated.
5
 */
6
/*  Copyright The Mbed TLS Contributors
7
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
8
 */
9
10
11
/* BEGIN-common headers */
12
#include "common.h"
13
#include "psa_crypto_aead.h"
14
#include "psa_crypto_cipher.h"
15
#include "psa_crypto_core.h"
16
#include "psa_crypto_driver_wrappers_no_static.h"
17
#include "psa_crypto_hash.h"
18
#include "psa_crypto_mac.h"
19
#include "psa_crypto_pake.h"
20
#include "psa_crypto_rsa.h"
21
22
#include "mbedtls/platform.h"
23
#include "mbedtls/constant_time.h"
24
/* END-common headers */
25
26
#if defined(MBEDTLS_PSA_CRYPTO_C)
27
28
/* BEGIN-driver headers */
29
/* Headers for mbedtls_test opaque driver */
30
#if defined(PSA_CRYPTO_DRIVER_TEST)
31
#include "test/drivers/test_driver.h"
32
33
#endif
34
/* Headers for mbedtls_test transparent driver */
35
#if defined(PSA_CRYPTO_DRIVER_TEST)
36
#include "test/drivers/test_driver.h"
37
38
#endif
39
/* Headers for p256 transparent driver */
40
#if defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED)
41
#include "../3rdparty/p256-m/p256-m_driver_entrypoints.h"
42
43
#endif
44
45
/* END-driver headers */
46
47
/* Auto-generated values depending on which drivers are registered.
48
 * ID 0 is reserved for unallocated operations.
49
 * ID 1 is reserved for the Mbed TLS software driver. */
50
/* BEGIN-driver id definition */
51
18.7k
#define PSA_CRYPTO_MBED_TLS_DRIVER_ID (1)
52
#define MBEDTLS_TEST_OPAQUE_DRIVER_ID (2)
53
#define MBEDTLS_TEST_TRANSPARENT_DRIVER_ID (3)
54
#define P256_TRANSPARENT_DRIVER_ID (4)
55
56
/* END-driver id */
57
58
/* BEGIN-Common Macro definitions */
59
60
/* END-Common Macro definitions */
61
62
/* Support the 'old' SE interface when asked to */
63
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
64
/* PSA_CRYPTO_DRIVER_PRESENT is defined when either a new-style or old-style
65
 * SE driver is present, to avoid unused argument errors at compile time. */
66
#ifndef PSA_CRYPTO_DRIVER_PRESENT
67
#define PSA_CRYPTO_DRIVER_PRESENT
68
#endif
69
#include "psa_crypto_se.h"
70
#endif
71
72
static inline psa_status_t psa_driver_wrapper_init( void )
73
10
{
74
10
    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
75
76
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
77
    status = psa_init_all_se_drivers( );
78
    if( status != PSA_SUCCESS )
79
        return( status );
80
#endif
81
82
#if defined(PSA_CRYPTO_DRIVER_TEST)
83
    status = mbedtls_test_transparent_init( );
84
    if( status != PSA_SUCCESS )
85
        return( status );
86
87
    status = mbedtls_test_opaque_init( );
88
    if( status != PSA_SUCCESS )
89
        return( status );
90
#endif
91
92
10
    (void) status;
93
10
    return( PSA_SUCCESS );
94
10
}
95
96
static inline void psa_driver_wrapper_free( void )
97
0
{
98
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
99
    /* Unregister all secure element drivers, so that we restart from
100
     * a pristine state. */
101
    psa_unregister_all_se_drivers( );
102
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
103
104
#if defined(PSA_CRYPTO_DRIVER_TEST)
105
    mbedtls_test_transparent_free( );
106
    mbedtls_test_opaque_free( );
107
#endif
108
0
}
109
110
/* Start delegation functions */
111
static inline psa_status_t psa_driver_wrapper_sign_message(
112
    const psa_key_attributes_t *attributes,
113
    const uint8_t *key_buffer,
114
    size_t key_buffer_size,
115
    psa_algorithm_t alg,
116
    const uint8_t *input,
117
    size_t input_length,
118
    uint8_t *signature,
119
    size_t signature_size,
120
    size_t *signature_length )
121
0
{
122
0
    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
123
0
    psa_key_location_t location =
124
0
        PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
125
126
0
    switch( location )
127
0
    {
128
0
        case PSA_KEY_LOCATION_LOCAL_STORAGE:
129
            /* Key is stored in the slot in export representation, so
130
             * cycle through all known transparent accelerators */
131
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
132
#if defined(PSA_CRYPTO_DRIVER_TEST)
133
            status = mbedtls_test_transparent_signature_sign_message(
134
                        attributes,
135
                        key_buffer,
136
                        key_buffer_size,
137
                        alg,
138
                        input,
139
                        input_length,
140
                        signature,
141
                        signature_size,
142
                        signature_length );
143
            /* Declared with fallback == true */
144
            if( status != PSA_ERROR_NOT_SUPPORTED )
145
                return( status );
146
#endif /* PSA_CRYPTO_DRIVER_TEST */
147
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
148
0
            break;
149
150
        /* Add cases for opaque driver here */
151
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
152
#if defined(PSA_CRYPTO_DRIVER_TEST)
153
        case PSA_CRYPTO_TEST_DRIVER_LOCATION:
154
            status = mbedtls_test_opaque_signature_sign_message(
155
                        attributes,
156
                        key_buffer,
157
                        key_buffer_size,
158
                        alg,
159
                        input,
160
                        input_length,
161
                        signature,
162
                        signature_size,
163
                        signature_length );
164
            if( status != PSA_ERROR_NOT_SUPPORTED )
165
                return( status );
166
            break;
167
#endif /* PSA_CRYPTO_DRIVER_TEST */
168
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
169
0
        default:
170
            /* Key is declared with a lifetime not known to us */
171
0
            (void)status;
172
0
            break;
173
0
    }
174
175
0
    return( psa_sign_message_builtin( attributes,
176
0
                                      key_buffer,
177
0
                                      key_buffer_size,
178
0
                                      alg,
179
0
                                      input,
180
0
                                      input_length,
181
0
                                      signature,
182
0
                                      signature_size,
183
0
                                      signature_length ) );
184
0
}
185
186
static inline psa_status_t psa_driver_wrapper_verify_message(
187
    const psa_key_attributes_t *attributes,
188
    const uint8_t *key_buffer,
189
    size_t key_buffer_size,
190
    psa_algorithm_t alg,
191
    const uint8_t *input,
192
    size_t input_length,
193
    const uint8_t *signature,
194
    size_t signature_length )
195
0
{
196
0
    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
197
0
    psa_key_location_t location =
198
0
        PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
199
200
0
    switch( location )
201
0
    {
202
0
        case PSA_KEY_LOCATION_LOCAL_STORAGE:
203
            /* Key is stored in the slot in export representation, so
204
             * cycle through all known transparent accelerators */
205
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
206
#if defined(PSA_CRYPTO_DRIVER_TEST)
207
            status = mbedtls_test_transparent_signature_verify_message(
208
                        attributes,
209
                        key_buffer,
210
                        key_buffer_size,
211
                        alg,
212
                        input,
213
                        input_length,
214
                        signature,
215
                        signature_length );
216
            /* Declared with fallback == true */
217
            if( status != PSA_ERROR_NOT_SUPPORTED )
218
                return( status );
219
#endif /* PSA_CRYPTO_DRIVER_TEST */
220
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
221
0
            break;
222
223
        /* Add cases for opaque driver here */
224
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
225
#if defined(PSA_CRYPTO_DRIVER_TEST)
226
        case PSA_CRYPTO_TEST_DRIVER_LOCATION:
227
            return( mbedtls_test_opaque_signature_verify_message(
228
                        attributes,
229
                        key_buffer,
230
                        key_buffer_size,
231
                        alg,
232
                        input,
233
                        input_length,
234
                        signature,
235
                        signature_length ) );
236
            if( status != PSA_ERROR_NOT_SUPPORTED )
237
                return( status );
238
            break;
239
#endif /* PSA_CRYPTO_DRIVER_TEST */
240
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
241
0
        default:
242
            /* Key is declared with a lifetime not known to us */
243
0
            (void)status;
244
0
            break;
245
0
    }
246
247
0
    return( psa_verify_message_builtin( attributes,
248
0
                                        key_buffer,
249
0
                                        key_buffer_size,
250
0
                                        alg,
251
0
                                        input,
252
0
                                        input_length,
253
0
                                        signature,
254
0
                                        signature_length ) );
255
0
}
256
257
static inline psa_status_t psa_driver_wrapper_sign_hash(
258
    const psa_key_attributes_t *attributes,
259
    const uint8_t *key_buffer, size_t key_buffer_size,
260
    psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
261
    uint8_t *signature, size_t signature_size, size_t *signature_length )
262
0
{
263
    /* Try dynamically-registered SE interface first */
264
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
265
    const psa_drv_se_t *drv;
266
    psa_drv_se_context_t *drv_context;
267
268
    if( psa_get_se_driver( psa_get_key_lifetime(attributes), &drv, &drv_context ) )
269
    {
270
        if( drv->asymmetric == NULL ||
271
            drv->asymmetric->p_sign == NULL )
272
        {
273
            /* Key is defined in SE, but we have no way to exercise it */
274
            return( PSA_ERROR_NOT_SUPPORTED );
275
        }
276
        return( drv->asymmetric->p_sign(
277
                    drv_context, *( (psa_key_slot_number_t *)key_buffer ),
278
                    alg, hash, hash_length,
279
                    signature, signature_size, signature_length ) );
280
    }
281
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
282
283
0
    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
284
0
    psa_key_location_t location =
285
0
        PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
286
287
0
    switch( location )
288
0
    {
289
0
        case PSA_KEY_LOCATION_LOCAL_STORAGE:
290
            /* Key is stored in the slot in export representation, so
291
             * cycle through all known transparent accelerators */
292
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
293
#if defined(PSA_CRYPTO_DRIVER_TEST)
294
            status = mbedtls_test_transparent_signature_sign_hash( attributes,
295
                                                           key_buffer,
296
                                                           key_buffer_size,
297
                                                           alg,
298
                                                           hash,
299
                                                           hash_length,
300
                                                           signature,
301
                                                           signature_size,
302
                                                           signature_length );
303
            /* Declared with fallback == true */
304
            if( status != PSA_ERROR_NOT_SUPPORTED )
305
                return( status );
306
#endif /* PSA_CRYPTO_DRIVER_TEST */
307
#if defined (MBEDTLS_PSA_P256M_DRIVER_ENABLED)
308
            if( PSA_KEY_TYPE_IS_ECC( psa_get_key_type(attributes) ) &&
309
                PSA_ALG_IS_ECDSA(alg) &&
310
                !PSA_ALG_ECDSA_IS_DETERMINISTIC( alg ) &&
311
                PSA_KEY_TYPE_ECC_GET_FAMILY(psa_get_key_type(attributes)) == PSA_ECC_FAMILY_SECP_R1 &&
312
                psa_get_key_bits(attributes) == 256 )
313
            {
314
                status = p256_transparent_sign_hash( attributes,
315
                                                     key_buffer,
316
                                                     key_buffer_size,
317
                                                     alg,
318
                                                     hash,
319
                                                     hash_length,
320
                                                     signature,
321
                                                     signature_size,
322
                                                     signature_length );
323
                if( status != PSA_ERROR_NOT_SUPPORTED )
324
                return( status );
325
            }
326
#endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */
327
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
328
            /* Fell through, meaning no accelerator supports this operation */
329
0
            return( psa_sign_hash_builtin( attributes,
330
0
                                           key_buffer,
331
0
                                           key_buffer_size,
332
0
                                           alg,
333
0
                                           hash,
334
0
                                           hash_length,
335
0
                                           signature,
336
0
                                           signature_size,
337
0
                                           signature_length ) );
338
339
        /* Add cases for opaque driver here */
340
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
341
#if defined(PSA_CRYPTO_DRIVER_TEST)
342
        case PSA_CRYPTO_TEST_DRIVER_LOCATION:
343
            return( mbedtls_test_opaque_signature_sign_hash( attributes,
344
                                                             key_buffer,
345
                                                             key_buffer_size,
346
                                                             alg,
347
                                                             hash,
348
                                                             hash_length,
349
                                                             signature,
350
                                                             signature_size,
351
                                                             signature_length ) );
352
#endif /* PSA_CRYPTO_DRIVER_TEST */
353
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
354
0
        default:
355
            /* Key is declared with a lifetime not known to us */
356
0
            (void)status;
357
0
            return( PSA_ERROR_INVALID_ARGUMENT );
358
0
    }
359
0
}
360
361
static inline psa_status_t psa_driver_wrapper_verify_hash(
362
    const psa_key_attributes_t *attributes,
363
    const uint8_t *key_buffer, size_t key_buffer_size,
364
    psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
365
    const uint8_t *signature, size_t signature_length )
366
0
{
367
    /* Try dynamically-registered SE interface first */
368
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
369
    const psa_drv_se_t *drv;
370
    psa_drv_se_context_t *drv_context;
371
372
    if( psa_get_se_driver( psa_get_key_lifetime(attributes), &drv, &drv_context ) )
373
    {
374
        if( drv->asymmetric == NULL ||
375
            drv->asymmetric->p_verify == NULL )
376
        {
377
            /* Key is defined in SE, but we have no way to exercise it */
378
            return( PSA_ERROR_NOT_SUPPORTED );
379
        }
380
        return( drv->asymmetric->p_verify(
381
                    drv_context, *( (psa_key_slot_number_t *)key_buffer ),
382
                    alg, hash, hash_length,
383
                    signature, signature_length ) );
384
    }
385
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
386
387
0
    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
388
0
    psa_key_location_t location =
389
0
        PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
390
391
0
    switch( location )
392
0
    {
393
0
        case PSA_KEY_LOCATION_LOCAL_STORAGE:
394
            /* Key is stored in the slot in export representation, so
395
             * cycle through all known transparent accelerators */
396
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
397
#if defined(PSA_CRYPTO_DRIVER_TEST)
398
            status = mbedtls_test_transparent_signature_verify_hash(
399
                         attributes,
400
                         key_buffer,
401
                         key_buffer_size,
402
                         alg,
403
                         hash,
404
                         hash_length,
405
                         signature,
406
                         signature_length );
407
            /* Declared with fallback == true */
408
            if( status != PSA_ERROR_NOT_SUPPORTED )
409
                return( status );
410
#endif /* PSA_CRYPTO_DRIVER_TEST */
411
#if defined (MBEDTLS_PSA_P256M_DRIVER_ENABLED)
412
            if( PSA_KEY_TYPE_IS_ECC( psa_get_key_type(attributes) ) &&
413
                PSA_ALG_IS_ECDSA(alg) &&
414
                !PSA_ALG_ECDSA_IS_DETERMINISTIC( alg ) &&
415
                PSA_KEY_TYPE_ECC_GET_FAMILY(psa_get_key_type(attributes)) == PSA_ECC_FAMILY_SECP_R1 &&
416
                psa_get_key_bits(attributes) == 256 )
417
            {
418
                status = p256_transparent_verify_hash( attributes,
419
                                                       key_buffer,
420
                                                       key_buffer_size,
421
                                                       alg,
422
                                                       hash,
423
                                                       hash_length,
424
                                                       signature,
425
                                                       signature_length );
426
                if( status != PSA_ERROR_NOT_SUPPORTED )
427
                return( status );
428
            }
429
#endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */
430
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
431
432
0
            return( psa_verify_hash_builtin( attributes,
433
0
                                             key_buffer,
434
0
                                             key_buffer_size,
435
0
                                             alg,
436
0
                                             hash,
437
0
                                             hash_length,
438
0
                                             signature,
439
0
                                             signature_length ) );
440
441
        /* Add cases for opaque driver here */
442
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
443
#if defined(PSA_CRYPTO_DRIVER_TEST)
444
        case PSA_CRYPTO_TEST_DRIVER_LOCATION:
445
            return( mbedtls_test_opaque_signature_verify_hash( attributes,
446
                                                               key_buffer,
447
                                                               key_buffer_size,
448
                                                               alg,
449
                                                               hash,
450
                                                               hash_length,
451
                                                               signature,
452
                                                               signature_length ) );
453
#endif /* PSA_CRYPTO_DRIVER_TEST */
454
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
455
0
        default:
456
            /* Key is declared with a lifetime not known to us */
457
0
            (void)status;
458
0
            return( PSA_ERROR_INVALID_ARGUMENT );
459
0
    }
460
0
}
461
462
static inline uint32_t psa_driver_wrapper_sign_hash_get_num_ops(
463
    psa_sign_hash_interruptible_operation_t *operation )
464
0
{
465
0
    switch( operation->id )
466
0
    {
467
        /* If uninitialised, return 0, as no work can have been done. */
468
0
        case 0:
469
0
            return 0;
470
471
0
        case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
472
0
            return(mbedtls_psa_sign_hash_get_num_ops(&operation->ctx.mbedtls_ctx));
473
474
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
475
#if defined(PSA_CRYPTO_DRIVER_TEST)
476
            /* Add test driver tests here */
477
478
#endif /* PSA_CRYPTO_DRIVER_TEST */
479
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
480
0
    }
481
482
    /* Can't happen (see discussion in #8271) */
483
0
    return 0;
484
0
}
485
486
static inline uint32_t psa_driver_wrapper_verify_hash_get_num_ops(
487
    psa_verify_hash_interruptible_operation_t *operation )
488
0
{
489
0
    switch( operation->id )
490
0
    {
491
        /* If uninitialised, return 0, as no work can have been done. */
492
0
        case 0:
493
0
            return 0;
494
495
0
        case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
496
0
            return (mbedtls_psa_verify_hash_get_num_ops(&operation->ctx.mbedtls_ctx));
497
498
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
499
#if defined(PSA_CRYPTO_DRIVER_TEST)
500
            /* Add test driver tests here */
501
502
#endif /* PSA_CRYPTO_DRIVER_TEST */
503
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
504
505
0
    }
506
507
    /* Can't happen (see discussion in #8271) */
508
0
    return 0;
509
0
}
510
511
static inline psa_status_t psa_driver_wrapper_sign_hash_start(
512
    psa_sign_hash_interruptible_operation_t *operation,
513
    const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
514
    size_t key_buffer_size, psa_algorithm_t alg,
515
    const uint8_t *hash, size_t hash_length )
516
0
{
517
0
    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
518
0
    psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
519
0
                                                    psa_get_key_lifetime(attributes) );
520
521
0
    switch( location )
522
0
    {
523
0
        case PSA_KEY_LOCATION_LOCAL_STORAGE:
524
            /* Key is stored in the slot in export representation, so
525
             * cycle through all known transparent accelerators */
526
527
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
528
#if defined(PSA_CRYPTO_DRIVER_TEST)
529
530
            /* Add test driver tests here */
531
532
            /* Declared with fallback == true */
533
534
#endif /* PSA_CRYPTO_DRIVER_TEST */
535
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
536
537
            /* Fell through, meaning no accelerator supports this operation */
538
0
            operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
539
0
            status = mbedtls_psa_sign_hash_start( &operation->ctx.mbedtls_ctx,
540
0
                                                  attributes,
541
0
                                                  key_buffer, key_buffer_size,
542
0
                                                  alg, hash, hash_length );
543
0
            break;
544
545
            /* Add cases for opaque driver here */
546
547
0
        default:
548
            /* Key is declared with a lifetime not known to us */
549
0
            status = PSA_ERROR_INVALID_ARGUMENT;
550
0
            break;
551
0
    }
552
553
0
    return( status );
554
0
}
555
556
static inline psa_status_t psa_driver_wrapper_sign_hash_complete(
557
    psa_sign_hash_interruptible_operation_t *operation,
558
    uint8_t *signature, size_t signature_size,
559
    size_t *signature_length )
560
0
{
561
0
    switch( operation->id )
562
0
    {
563
0
        case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
564
0
            return( mbedtls_psa_sign_hash_complete( &operation->ctx.mbedtls_ctx,
565
0
                                                    signature, signature_size,
566
0
                                                    signature_length ) );
567
568
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
569
#if defined(PSA_CRYPTO_DRIVER_TEST)
570
            /* Add test driver tests here */
571
572
#endif /* PSA_CRYPTO_DRIVER_TEST */
573
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
574
0
    }
575
576
0
    ( void ) signature;
577
0
    ( void ) signature_size;
578
0
    ( void ) signature_length;
579
580
0
    return( PSA_ERROR_INVALID_ARGUMENT );
581
0
}
582
583
static inline psa_status_t psa_driver_wrapper_sign_hash_abort(
584
    psa_sign_hash_interruptible_operation_t *operation )
585
0
{
586
0
    switch( operation->id )
587
0
    {
588
0
        case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
589
0
            return( mbedtls_psa_sign_hash_abort( &operation->ctx.mbedtls_ctx ) );
590
591
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
592
#if defined(PSA_CRYPTO_DRIVER_TEST)
593
            /* Add test driver tests here */
594
595
#endif /* PSA_CRYPTO_DRIVER_TEST */
596
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
597
0
    }
598
599
0
    return( PSA_ERROR_INVALID_ARGUMENT );
600
0
}
601
602
static inline psa_status_t psa_driver_wrapper_verify_hash_start(
603
    psa_verify_hash_interruptible_operation_t *operation,
604
    const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
605
    size_t key_buffer_size, psa_algorithm_t alg,
606
    const uint8_t *hash, size_t hash_length,
607
    const uint8_t *signature, size_t signature_length )
608
0
{
609
0
    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
610
0
    psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
611
0
                                                    psa_get_key_lifetime(attributes) );
612
613
0
    switch( location )
614
0
    {
615
0
        case PSA_KEY_LOCATION_LOCAL_STORAGE:
616
            /* Key is stored in the slot in export representation, so
617
             * cycle through all known transparent accelerators */
618
619
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
620
#if defined(PSA_CRYPTO_DRIVER_TEST)
621
622
            /* Add test driver tests here */
623
624
            /* Declared with fallback == true */
625
626
#endif /* PSA_CRYPTO_DRIVER_TEST */
627
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
628
629
            /* Fell through, meaning no accelerator supports this operation */
630
0
            operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
631
0
            status = mbedtls_psa_verify_hash_start( &operation->ctx.mbedtls_ctx,
632
0
                                                    attributes,
633
0
                                                    key_buffer, key_buffer_size,
634
0
                                                    alg, hash, hash_length,
635
0
                                                    signature, signature_length );
636
0
            break;
637
638
            /* Add cases for opaque driver here */
639
640
0
        default:
641
            /* Key is declared with a lifetime not known to us */
642
0
            status = PSA_ERROR_INVALID_ARGUMENT;
643
0
            break;
644
0
    }
645
646
0
    return( status );
647
0
}
648
649
static inline psa_status_t psa_driver_wrapper_verify_hash_complete(
650
    psa_verify_hash_interruptible_operation_t *operation )
651
0
{
652
0
    switch( operation->id )
653
0
    {
654
0
        case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
655
0
            return( mbedtls_psa_verify_hash_complete(
656
0
                                                     &operation->ctx.mbedtls_ctx
657
0
                                                     ) );
658
659
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
660
#if defined(PSA_CRYPTO_DRIVER_TEST)
661
            /* Add test driver tests here */
662
663
#endif /* PSA_CRYPTO_DRIVER_TEST */
664
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
665
0
    }
666
667
0
    return( PSA_ERROR_INVALID_ARGUMENT );
668
0
}
669
670
static inline psa_status_t psa_driver_wrapper_verify_hash_abort(
671
    psa_verify_hash_interruptible_operation_t *operation )
672
0
{
673
0
    switch( operation->id )
674
0
    {
675
0
        case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
676
0
            return( mbedtls_psa_verify_hash_abort( &operation->ctx.mbedtls_ctx
677
0
                                                 ) );
678
679
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
680
#if defined(PSA_CRYPTO_DRIVER_TEST)
681
            /* Add test driver tests here */
682
683
#endif /* PSA_CRYPTO_DRIVER_TEST */
684
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
685
0
    }
686
687
0
    return( PSA_ERROR_INVALID_ARGUMENT );
688
0
}
689
690
/** Calculate the key buffer size required to store the key material of a key
691
 *  associated with an opaque driver from input key data.
692
 *
693
 * \param[in] attributes        The key attributes
694
 * \param[in] data              The input key data.
695
 * \param[in] data_length       The input data length.
696
 * \param[out] key_buffer_size  Minimum buffer size to contain the key material.
697
 *
698
 * \retval #PSA_SUCCESS \emptydescription
699
 * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
700
 * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
701
 */
702
static inline psa_status_t psa_driver_wrapper_get_key_buffer_size_from_key_data(
703
    const psa_key_attributes_t *attributes,
704
    const uint8_t *data,
705
    size_t data_length,
706
    size_t *key_buffer_size )
707
0
{
708
0
    psa_key_location_t location =
709
0
        PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
710
0
    psa_key_type_t key_type = psa_get_key_type(attributes);
711
712
0
    *key_buffer_size = 0;
713
0
    switch( location )
714
0
    {
715
#if defined(PSA_CRYPTO_DRIVER_TEST)
716
        case PSA_CRYPTO_TEST_DRIVER_LOCATION:
717
            *key_buffer_size = mbedtls_test_opaque_size_function( key_type,
718
                                     PSA_BYTES_TO_BITS( data_length ) );
719
            return( ( *key_buffer_size != 0 ) ?
720
                    PSA_SUCCESS : PSA_ERROR_NOT_SUPPORTED );
721
#endif /* PSA_CRYPTO_DRIVER_TEST */
722
723
0
        default:
724
0
            (void)key_type;
725
0
            (void)data;
726
0
            (void)data_length;
727
0
            return( PSA_ERROR_INVALID_ARGUMENT );
728
0
    }
729
0
}
730
731
static inline psa_status_t psa_driver_wrapper_generate_key(
732
    const psa_key_attributes_t *attributes,
733
    const psa_custom_key_parameters_t *custom,
734
    const uint8_t *custom_data, size_t custom_data_length,
735
    uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
736
0
{
737
0
    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
738
0
    psa_key_location_t location =
739
0
        PSA_KEY_LIFETIME_GET_LOCATION(psa_get_key_lifetime(attributes));
740
741
0
#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE)
742
0
    int is_default_production =
743
0
        psa_custom_key_parameters_are_default(custom, custom_data_length);
744
0
    if( location != PSA_KEY_LOCATION_LOCAL_STORAGE && !is_default_production )
745
0
    {
746
        /* We don't support passing custom production parameters
747
         * to drivers yet. */
748
0
        return PSA_ERROR_NOT_SUPPORTED;
749
0
    }
750
#else
751
    int is_default_production = 1;
752
    (void) is_default_production;
753
#endif
754
755
    /* Try dynamically-registered SE interface first */
756
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
757
    const psa_drv_se_t *drv;
758
    psa_drv_se_context_t *drv_context;
759
760
    if( psa_get_se_driver( psa_get_key_lifetime(attributes), &drv, &drv_context ) )
761
    {
762
        size_t pubkey_length = 0; /* We don't support this feature yet */
763
        if( drv->key_management == NULL ||
764
            drv->key_management->p_generate == NULL )
765
        {
766
            /* Key is defined as being in SE, but we have no way to generate it */
767
            return( PSA_ERROR_NOT_SUPPORTED );
768
        }
769
        return( drv->key_management->p_generate(
770
            drv_context,
771
            *( (psa_key_slot_number_t *)key_buffer ),
772
            attributes, NULL, 0, &pubkey_length ) );
773
    }
774
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
775
776
0
    switch( location )
777
0
    {
778
0
        case PSA_KEY_LOCATION_LOCAL_STORAGE:
779
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
780
            /* Transparent drivers are limited to generating asymmetric keys. */
781
            /* We don't support passing custom production parameters
782
             * to drivers yet. */
783
            if( PSA_KEY_TYPE_IS_ASYMMETRIC( psa_get_key_type(attributes) ) &&
784
                is_default_production )
785
            {
786
            /* Cycle through all known transparent accelerators */
787
#if defined(PSA_CRYPTO_DRIVER_TEST)
788
                status = mbedtls_test_transparent_generate_key(
789
                    attributes, key_buffer, key_buffer_size,
790
                    key_buffer_length );
791
                /* Declared with fallback == true */
792
                if( status != PSA_ERROR_NOT_SUPPORTED )
793
                    break;
794
#endif /* PSA_CRYPTO_DRIVER_TEST */
795
#if defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED)
796
                if( PSA_KEY_TYPE_IS_ECC( psa_get_key_type(attributes) ) &&
797
                    psa_get_key_type(attributes) == PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1) &&
798
                    psa_get_key_bits(attributes) == 256 )
799
                {
800
                    status = p256_transparent_generate_key( attributes,
801
                                                            key_buffer,
802
                                                            key_buffer_size,
803
                                                            key_buffer_length );
804
                    if( status != PSA_ERROR_NOT_SUPPORTED )
805
                        break;
806
                }
807
808
#endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */
809
            }
810
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
811
812
            /* Software fallback */
813
0
            status = psa_generate_key_internal(
814
0
                attributes, custom, custom_data, custom_data_length,
815
0
                key_buffer, key_buffer_size, key_buffer_length );
816
0
            break;
817
818
        /* Add cases for opaque driver here */
819
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
820
#if defined(PSA_CRYPTO_DRIVER_TEST)
821
        case PSA_CRYPTO_TEST_DRIVER_LOCATION:
822
            status = mbedtls_test_opaque_generate_key(
823
                attributes, key_buffer, key_buffer_size, key_buffer_length );
824
            break;
825
#endif /* PSA_CRYPTO_DRIVER_TEST */
826
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
827
828
0
        default:
829
            /* Key is declared with a lifetime not known to us */
830
0
            status = PSA_ERROR_INVALID_ARGUMENT;
831
0
            break;
832
0
    }
833
834
0
    return( status );
835
0
}
836
837
static inline psa_status_t psa_driver_wrapper_import_key(
838
    const psa_key_attributes_t *attributes,
839
    const uint8_t *data,
840
    size_t data_length,
841
    uint8_t *key_buffer,
842
    size_t key_buffer_size,
843
    size_t *key_buffer_length,
844
    size_t *bits )
845
826
{
846
847
826
    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
848
826
    psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
849
826
                                      psa_get_key_lifetime( attributes ) );
850
851
    /* Try dynamically-registered SE interface first */
852
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
853
    const psa_drv_se_t *drv;
854
    psa_drv_se_context_t *drv_context;
855
856
    if( psa_get_se_driver( psa_get_key_lifetime(attributes), &drv, &drv_context ) )
857
    {
858
        if( drv->key_management == NULL ||
859
            drv->key_management->p_import == NULL )
860
            return( PSA_ERROR_NOT_SUPPORTED );
861
862
        /* The driver should set the number of key bits, however in
863
         * case it doesn't, we initialize bits to an invalid value. */
864
        *bits = PSA_MAX_KEY_BITS + 1;
865
        status = drv->key_management->p_import(
866
            drv_context,
867
            *( (psa_key_slot_number_t *)key_buffer ),
868
            attributes, data, data_length, bits );
869
870
        if( status != PSA_SUCCESS )
871
            return( status );
872
873
        if( (*bits) > PSA_MAX_KEY_BITS )
874
            return( PSA_ERROR_NOT_SUPPORTED );
875
876
        return( PSA_SUCCESS );
877
    }
878
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
879
880
826
    switch( location )
881
826
    {
882
826
        case PSA_KEY_LOCATION_LOCAL_STORAGE:
883
            /* Key is stored in the slot in export representation, so
884
             * cycle through all known transparent accelerators */
885
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
886
887
#if (defined(PSA_CRYPTO_DRIVER_TEST) )
888
            status = mbedtls_test_transparent_import_key
889
                (attributes,
890
                                data,
891
                                data_length,
892
                                key_buffer,
893
                                key_buffer_size,
894
                                key_buffer_length,
895
                                bits
896
            );
897
898
            if( status != PSA_ERROR_NOT_SUPPORTED )
899
                return( status );
900
#endif
901
902
#if (defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED) )
903
            status = p256_transparent_import_key
904
                (attributes,
905
                                data,
906
                                data_length,
907
                                key_buffer,
908
                                key_buffer_size,
909
                                key_buffer_length,
910
                                bits
911
            );
912
913
            if( status != PSA_ERROR_NOT_SUPPORTED )
914
                return( status );
915
#endif
916
917
918
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
919
920
            /* Fell through, meaning no accelerator supports this operation */
921
826
            return( psa_import_key_into_slot( attributes,
922
826
                                              data, data_length,
923
826
                                              key_buffer, key_buffer_size,
924
826
                                              key_buffer_length, bits ) );
925
        /* Add cases for opaque driver here */
926
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
927
928
#if (defined(PSA_CRYPTO_DRIVER_TEST) )
929
        case 0x7fffff:
930
            return( mbedtls_test_opaque_import_key
931
            (attributes,
932
                            data,
933
                            data_length,
934
                            key_buffer,
935
                            key_buffer_size,
936
                            key_buffer_length,
937
                            bits
938
        ));
939
#endif
940
941
942
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
943
0
        default:
944
0
            (void)status;
945
0
            return( PSA_ERROR_INVALID_ARGUMENT );
946
826
    }
947
948
826
}
949
950
static inline psa_status_t psa_driver_wrapper_export_key(
951
    const psa_key_attributes_t *attributes,
952
    const uint8_t *key_buffer, size_t key_buffer_size,
953
    uint8_t *data, size_t data_size, size_t *data_length )
954
955
0
{
956
957
0
    psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
958
0
    psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
959
0
                                      psa_get_key_lifetime( attributes ) );
960
961
    /* Try dynamically-registered SE interface first */
962
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
963
    const psa_drv_se_t *drv;
964
    psa_drv_se_context_t *drv_context;
965
966
    if( psa_get_se_driver( psa_get_key_lifetime(attributes), &drv, &drv_context ) )
967
    {
968
        if( ( drv->key_management == NULL   ) ||
969
            ( drv->key_management->p_export == NULL ) )
970
        {
971
            return( PSA_ERROR_NOT_SUPPORTED );
972
        }
973
974
        return( drv->key_management->p_export(
975
                     drv_context,
976
                     *( (psa_key_slot_number_t *)key_buffer ),
977
                     data, data_size, data_length ) );
978
    }
979
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
980
981
0
    switch( location )
982
0
    {
983
0
        case PSA_KEY_LOCATION_LOCAL_STORAGE:
984
0
            return( psa_export_key_internal( attributes,
985
0
                                             key_buffer,
986
0
                                             key_buffer_size,
987
0
                                             data,
988
0
                                             data_size,
989
0
                                             data_length ) );
990
991
        /* Add cases for opaque driver here */
992
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
993
994
#if (defined(PSA_CRYPTO_DRIVER_TEST) )
995
        case 0x7fffff:
996
            return( mbedtls_test_opaque_export_key
997
            (attributes,
998
                            key_buffer,
999
                            key_buffer_size,
1000
                            data,
1001
                            data_size,
1002
                            data_length
1003
        ));
1004
#endif
1005
1006
1007
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1008
0
        default:
1009
            /* Key is declared with a lifetime not known to us */
1010
0
            return( status );
1011
0
    }
1012
1013
0
}
1014
1015
static inline psa_status_t psa_driver_wrapper_copy_key(
1016
    psa_key_attributes_t *attributes,
1017
    const uint8_t *source_key, size_t source_key_length,
1018
    uint8_t *target_key_buffer, size_t target_key_buffer_size,
1019
    size_t *target_key_buffer_length )
1020
0
{
1021
1022
0
    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1023
0
    psa_key_location_t location =
1024
0
        PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
1025
1026
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
1027
    const psa_drv_se_t *drv;
1028
    psa_drv_se_context_t *drv_context;
1029
1030
    if( psa_get_se_driver( psa_get_key_lifetime(attributes), &drv, &drv_context ) )
1031
    {
1032
        /* Copying to a secure element is not implemented yet. */
1033
        return( PSA_ERROR_NOT_SUPPORTED );
1034
    }
1035
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
1036
1037
0
    switch( location )
1038
0
    {
1039
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1040
1041
#if (defined(PSA_CRYPTO_DRIVER_TEST) )
1042
        case 0x7fffff:
1043
            return( mbedtls_test_opaque_copy_key
1044
            (attributes,
1045
                            source_key,
1046
                            source_key_length,
1047
                            target_key_buffer,
1048
                            target_key_buffer_size,
1049
                            target_key_buffer_length
1050
        ));
1051
#endif
1052
1053
1054
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1055
0
        default:
1056
0
            (void)source_key;
1057
0
            (void)source_key_length;
1058
0
            (void)target_key_buffer;
1059
0
            (void)target_key_buffer_size;
1060
0
            (void)target_key_buffer_length;
1061
0
            status = PSA_ERROR_INVALID_ARGUMENT;
1062
0
    }
1063
0
    return( status );
1064
1065
0
}
1066
1067
/*
1068
 * Cipher functions
1069
 */
1070
static inline psa_status_t psa_driver_wrapper_cipher_encrypt(
1071
    const psa_key_attributes_t *attributes,
1072
    const uint8_t *key_buffer,
1073
    size_t key_buffer_size,
1074
    psa_algorithm_t alg,
1075
    const uint8_t *iv,
1076
    size_t iv_length,
1077
    const uint8_t *input,
1078
    size_t input_length,
1079
    uint8_t *output,
1080
    size_t output_size,
1081
    size_t *output_length )
1082
0
{
1083
0
    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1084
0
    psa_key_location_t location =
1085
0
        PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
1086
1087
0
    switch( location )
1088
0
    {
1089
0
        case PSA_KEY_LOCATION_LOCAL_STORAGE:
1090
            /* Key is stored in the slot in export representation, so
1091
             * cycle through all known transparent accelerators */
1092
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1093
#if defined(PSA_CRYPTO_DRIVER_TEST)
1094
            status = mbedtls_test_transparent_cipher_encrypt( attributes,
1095
                                                              key_buffer,
1096
                                                              key_buffer_size,
1097
                                                              alg,
1098
                                                              iv,
1099
                                                              iv_length,
1100
                                                              input,
1101
                                                              input_length,
1102
                                                              output,
1103
                                                              output_size,
1104
                                                              output_length );
1105
            /* Declared with fallback == true */
1106
            if( status != PSA_ERROR_NOT_SUPPORTED )
1107
                return( status );
1108
#endif /* PSA_CRYPTO_DRIVER_TEST */
1109
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1110
1111
0
#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1112
0
            return( mbedtls_psa_cipher_encrypt( attributes,
1113
0
                                                key_buffer,
1114
0
                                                key_buffer_size,
1115
0
                                                alg,
1116
0
                                                iv,
1117
0
                                                iv_length,
1118
0
                                                input,
1119
0
                                                input_length,
1120
0
                                                output,
1121
0
                                                output_size,
1122
0
                                                output_length ) );
1123
#else
1124
            return( PSA_ERROR_NOT_SUPPORTED );
1125
#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1126
1127
        /* Add cases for opaque driver here */
1128
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1129
#if defined(PSA_CRYPTO_DRIVER_TEST)
1130
        case PSA_CRYPTO_TEST_DRIVER_LOCATION:
1131
            return( mbedtls_test_opaque_cipher_encrypt( attributes,
1132
                                                        key_buffer,
1133
                                                        key_buffer_size,
1134
                                                        alg,
1135
                                                        iv,
1136
                                                        iv_length,
1137
                                                        input,
1138
                                                        input_length,
1139
                                                        output,
1140
                                                        output_size,
1141
                                                        output_length ) );
1142
#endif /* PSA_CRYPTO_DRIVER_TEST */
1143
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1144
1145
0
        default:
1146
            /* Key is declared with a lifetime not known to us */
1147
0
            (void)status;
1148
0
            (void)key_buffer;
1149
0
            (void)key_buffer_size;
1150
0
            (void)alg;
1151
0
            (void)iv;
1152
0
            (void)iv_length;
1153
0
            (void)input;
1154
0
            (void)input_length;
1155
0
            (void)output;
1156
0
            (void)output_size;
1157
0
            (void)output_length;
1158
0
            return( PSA_ERROR_INVALID_ARGUMENT );
1159
0
    }
1160
0
}
1161
1162
static inline psa_status_t psa_driver_wrapper_cipher_decrypt(
1163
    const psa_key_attributes_t *attributes,
1164
    const uint8_t *key_buffer,
1165
    size_t key_buffer_size,
1166
    psa_algorithm_t alg,
1167
    const uint8_t *input,
1168
    size_t input_length,
1169
    uint8_t *output,
1170
    size_t output_size,
1171
    size_t *output_length )
1172
8
{
1173
8
    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1174
8
    psa_key_location_t location =
1175
8
        PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
1176
1177
8
    switch( location )
1178
8
    {
1179
8
        case PSA_KEY_LOCATION_LOCAL_STORAGE:
1180
            /* Key is stored in the slot in export representation, so
1181
             * cycle through all known transparent accelerators */
1182
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1183
#if defined(PSA_CRYPTO_DRIVER_TEST)
1184
            status = mbedtls_test_transparent_cipher_decrypt( attributes,
1185
                                                              key_buffer,
1186
                                                              key_buffer_size,
1187
                                                              alg,
1188
                                                              input,
1189
                                                              input_length,
1190
                                                              output,
1191
                                                              output_size,
1192
                                                              output_length );
1193
            /* Declared with fallback == true */
1194
            if( status != PSA_ERROR_NOT_SUPPORTED )
1195
                return( status );
1196
#endif /* PSA_CRYPTO_DRIVER_TEST */
1197
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1198
1199
8
#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1200
8
            return( mbedtls_psa_cipher_decrypt( attributes,
1201
8
                                                key_buffer,
1202
8
                                                key_buffer_size,
1203
8
                                                alg,
1204
8
                                                input,
1205
8
                                                input_length,
1206
8
                                                output,
1207
8
                                                output_size,
1208
8
                                                output_length ) );
1209
#else
1210
            return( PSA_ERROR_NOT_SUPPORTED );
1211
#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1212
1213
        /* Add cases for opaque driver here */
1214
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1215
#if defined(PSA_CRYPTO_DRIVER_TEST)
1216
        case PSA_CRYPTO_TEST_DRIVER_LOCATION:
1217
            return( mbedtls_test_opaque_cipher_decrypt( attributes,
1218
                                                        key_buffer,
1219
                                                        key_buffer_size,
1220
                                                        alg,
1221
                                                        input,
1222
                                                        input_length,
1223
                                                        output,
1224
                                                        output_size,
1225
                                                        output_length ) );
1226
#endif /* PSA_CRYPTO_DRIVER_TEST */
1227
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1228
1229
0
        default:
1230
            /* Key is declared with a lifetime not known to us */
1231
0
            (void)status;
1232
0
            (void)key_buffer;
1233
0
            (void)key_buffer_size;
1234
0
            (void)alg;
1235
0
            (void)input;
1236
0
            (void)input_length;
1237
0
            (void)output;
1238
0
            (void)output_size;
1239
0
            (void)output_length;
1240
0
            return( PSA_ERROR_INVALID_ARGUMENT );
1241
8
    }
1242
8
}
1243
1244
static inline psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
1245
    psa_cipher_operation_t *operation,
1246
    const psa_key_attributes_t *attributes,
1247
    const uint8_t *key_buffer, size_t key_buffer_size,
1248
    psa_algorithm_t alg )
1249
10
{
1250
10
    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1251
10
    psa_key_location_t location =
1252
10
        PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
1253
1254
10
    switch( location )
1255
10
    {
1256
10
        case PSA_KEY_LOCATION_LOCAL_STORAGE:
1257
            /* Key is stored in the slot in export representation, so
1258
             * cycle through all known transparent accelerators */
1259
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1260
#if defined(PSA_CRYPTO_DRIVER_TEST)
1261
            status = mbedtls_test_transparent_cipher_encrypt_setup(
1262
                &operation->ctx.transparent_test_driver_ctx,
1263
                attributes,
1264
                key_buffer,
1265
                key_buffer_size,
1266
                alg );
1267
            /* Declared with fallback == true */
1268
            if( status == PSA_SUCCESS )
1269
                operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
1270
1271
            if( status != PSA_ERROR_NOT_SUPPORTED )
1272
                return( status );
1273
#endif /* PSA_CRYPTO_DRIVER_TEST */
1274
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1275
10
#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1276
            /* Fell through, meaning no accelerator supports this operation */
1277
10
            status = mbedtls_psa_cipher_encrypt_setup( &operation->ctx.mbedtls_ctx,
1278
10
                                                       attributes,
1279
10
                                                       key_buffer,
1280
10
                                                       key_buffer_size,
1281
10
                                                       alg );
1282
10
            if( status == PSA_SUCCESS )
1283
10
                operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1284
1285
10
            if( status != PSA_ERROR_NOT_SUPPORTED )
1286
10
                return( status );
1287
0
#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1288
0
            return( PSA_ERROR_NOT_SUPPORTED );
1289
1290
        /* Add cases for opaque driver here */
1291
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1292
#if defined(PSA_CRYPTO_DRIVER_TEST)
1293
        case PSA_CRYPTO_TEST_DRIVER_LOCATION:
1294
            status = mbedtls_test_opaque_cipher_encrypt_setup(
1295
                &operation->ctx.opaque_test_driver_ctx,
1296
                attributes,
1297
                key_buffer, key_buffer_size,
1298
                alg );
1299
1300
            if( status == PSA_SUCCESS )
1301
                operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID;
1302
1303
            return( status );
1304
#endif /* PSA_CRYPTO_DRIVER_TEST */
1305
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1306
0
        default:
1307
            /* Key is declared with a lifetime not known to us */
1308
0
            (void)status;
1309
0
            (void)operation;
1310
0
            (void)key_buffer;
1311
0
            (void)key_buffer_size;
1312
0
            (void)alg;
1313
0
            return( PSA_ERROR_INVALID_ARGUMENT );
1314
10
    }
1315
10
}
1316
1317
static inline psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
1318
    psa_cipher_operation_t *operation,
1319
    const psa_key_attributes_t *attributes,
1320
    const uint8_t *key_buffer, size_t key_buffer_size,
1321
    psa_algorithm_t alg )
1322
7
{
1323
7
    psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
1324
7
    psa_key_location_t location =
1325
7
        PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
1326
1327
7
    switch( location )
1328
7
    {
1329
7
        case PSA_KEY_LOCATION_LOCAL_STORAGE:
1330
            /* Key is stored in the slot in export representation, so
1331
             * cycle through all known transparent accelerators */
1332
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1333
#if defined(PSA_CRYPTO_DRIVER_TEST)
1334
            status = mbedtls_test_transparent_cipher_decrypt_setup(
1335
                &operation->ctx.transparent_test_driver_ctx,
1336
                attributes,
1337
                key_buffer,
1338
                key_buffer_size,
1339
                alg );
1340
            /* Declared with fallback == true */
1341
            if( status == PSA_SUCCESS )
1342
                operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
1343
1344
            if( status != PSA_ERROR_NOT_SUPPORTED )
1345
                return( status );
1346
#endif /* PSA_CRYPTO_DRIVER_TEST */
1347
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1348
7
#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1349
            /* Fell through, meaning no accelerator supports this operation */
1350
7
            status = mbedtls_psa_cipher_decrypt_setup( &operation->ctx.mbedtls_ctx,
1351
7
                                                       attributes,
1352
7
                                                       key_buffer,
1353
7
                                                       key_buffer_size,
1354
7
                                                       alg );
1355
7
            if( status == PSA_SUCCESS )
1356
7
                operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1357
1358
7
            return( status );
1359
#else /* MBEDTLS_PSA_BUILTIN_CIPHER */
1360
            return( PSA_ERROR_NOT_SUPPORTED );
1361
#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1362
1363
        /* Add cases for opaque driver here */
1364
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1365
#if defined(PSA_CRYPTO_DRIVER_TEST)
1366
        case PSA_CRYPTO_TEST_DRIVER_LOCATION:
1367
            status = mbedtls_test_opaque_cipher_decrypt_setup(
1368
                         &operation->ctx.opaque_test_driver_ctx,
1369
                         attributes,
1370
                         key_buffer, key_buffer_size,
1371
                         alg );
1372
1373
            if( status == PSA_SUCCESS )
1374
                operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID;
1375
1376
            return( status );
1377
#endif /* PSA_CRYPTO_DRIVER_TEST */
1378
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1379
0
        default:
1380
            /* Key is declared with a lifetime not known to us */
1381
0
            (void)status;
1382
0
            (void)operation;
1383
0
            (void)key_buffer;
1384
0
            (void)key_buffer_size;
1385
0
            (void)alg;
1386
0
            return( PSA_ERROR_INVALID_ARGUMENT );
1387
7
    }
1388
7
}
1389
1390
static inline psa_status_t psa_driver_wrapper_cipher_set_iv(
1391
    psa_cipher_operation_t *operation,
1392
    const uint8_t *iv,
1393
    size_t iv_length )
1394
15
{
1395
15
    switch( operation->id )
1396
15
    {
1397
0
#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1398
15
        case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1399
15
            return( mbedtls_psa_cipher_set_iv( &operation->ctx.mbedtls_ctx,
1400
15
                                               iv,
1401
15
                                               iv_length ) );
1402
15
#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1403
1404
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1405
#if defined(PSA_CRYPTO_DRIVER_TEST)
1406
        case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1407
            return( mbedtls_test_transparent_cipher_set_iv(
1408
                        &operation->ctx.transparent_test_driver_ctx,
1409
                        iv, iv_length ) );
1410
1411
        case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
1412
            return( mbedtls_test_opaque_cipher_set_iv(
1413
                        &operation->ctx.opaque_test_driver_ctx,
1414
                        iv, iv_length ) );
1415
#endif /* PSA_CRYPTO_DRIVER_TEST */
1416
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1417
15
    }
1418
1419
0
    (void)iv;
1420
0
    (void)iv_length;
1421
1422
0
    return( PSA_ERROR_INVALID_ARGUMENT );
1423
15
}
1424
1425
static inline psa_status_t psa_driver_wrapper_cipher_update(
1426
    psa_cipher_operation_t *operation,
1427
    const uint8_t *input,
1428
    size_t input_length,
1429
    uint8_t *output,
1430
    size_t output_size,
1431
    size_t *output_length )
1432
1.41k
{
1433
1.41k
    switch( operation->id )
1434
1.41k
    {
1435
0
#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1436
1.41k
        case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1437
1.41k
            return( mbedtls_psa_cipher_update( &operation->ctx.mbedtls_ctx,
1438
1.41k
                                               input,
1439
1.41k
                                               input_length,
1440
1.41k
                                               output,
1441
1.41k
                                               output_size,
1442
1.41k
                                               output_length ) );
1443
1.41k
#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1444
1445
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1446
#if defined(PSA_CRYPTO_DRIVER_TEST)
1447
        case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1448
            return( mbedtls_test_transparent_cipher_update(
1449
                        &operation->ctx.transparent_test_driver_ctx,
1450
                        input, input_length,
1451
                        output, output_size, output_length ) );
1452
1453
        case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
1454
            return( mbedtls_test_opaque_cipher_update(
1455
                        &operation->ctx.opaque_test_driver_ctx,
1456
                        input, input_length,
1457
                        output, output_size, output_length ) );
1458
#endif /* PSA_CRYPTO_DRIVER_TEST */
1459
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1460
1.41k
    }
1461
1462
0
    (void)input;
1463
0
    (void)input_length;
1464
0
    (void)output;
1465
0
    (void)output_size;
1466
0
    (void)output_length;
1467
1468
0
    return( PSA_ERROR_INVALID_ARGUMENT );
1469
1.41k
}
1470
1471
static inline psa_status_t psa_driver_wrapper_cipher_finish(
1472
    psa_cipher_operation_t *operation,
1473
    uint8_t *output,
1474
    size_t output_size,
1475
    size_t *output_length )
1476
17
{
1477
17
    switch( operation->id )
1478
17
    {
1479
0
#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1480
17
        case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1481
17
            return( mbedtls_psa_cipher_finish( &operation->ctx.mbedtls_ctx,
1482
17
                                               output,
1483
17
                                               output_size,
1484
17
                                               output_length ) );
1485
17
#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1486
1487
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1488
#if defined(PSA_CRYPTO_DRIVER_TEST)
1489
        case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1490
            return( mbedtls_test_transparent_cipher_finish(
1491
                        &operation->ctx.transparent_test_driver_ctx,
1492
                        output, output_size, output_length ) );
1493
1494
        case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
1495
            return( mbedtls_test_opaque_cipher_finish(
1496
                        &operation->ctx.opaque_test_driver_ctx,
1497
                        output, output_size, output_length ) );
1498
#endif /* PSA_CRYPTO_DRIVER_TEST */
1499
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1500
17
    }
1501
1502
0
    (void)output;
1503
0
    (void)output_size;
1504
0
    (void)output_length;
1505
1506
0
    return( PSA_ERROR_INVALID_ARGUMENT );
1507
17
}
1508
1509
static inline psa_status_t psa_driver_wrapper_cipher_abort(
1510
    psa_cipher_operation_t *operation )
1511
17
{
1512
17
    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1513
1514
17
    switch( operation->id )
1515
17
    {
1516
0
#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
1517
17
        case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1518
17
            return( mbedtls_psa_cipher_abort( &operation->ctx.mbedtls_ctx ) );
1519
17
#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
1520
1521
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1522
#if defined(PSA_CRYPTO_DRIVER_TEST)
1523
        case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1524
            status = mbedtls_test_transparent_cipher_abort(
1525
                         &operation->ctx.transparent_test_driver_ctx );
1526
            mbedtls_platform_zeroize(
1527
                &operation->ctx.transparent_test_driver_ctx,
1528
                sizeof( operation->ctx.transparent_test_driver_ctx ) );
1529
            return( status );
1530
1531
        case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
1532
            status = mbedtls_test_opaque_cipher_abort(
1533
                         &operation->ctx.opaque_test_driver_ctx );
1534
            mbedtls_platform_zeroize(
1535
                &operation->ctx.opaque_test_driver_ctx,
1536
                sizeof( operation->ctx.opaque_test_driver_ctx ) );
1537
            return( status );
1538
#endif /* PSA_CRYPTO_DRIVER_TEST */
1539
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1540
17
    }
1541
1542
0
    (void)status;
1543
0
    return( PSA_ERROR_INVALID_ARGUMENT );
1544
17
}
1545
1546
/*
1547
 * Hashing functions
1548
 */
1549
static inline psa_status_t psa_driver_wrapper_hash_compute(
1550
    psa_algorithm_t alg,
1551
    const uint8_t *input,
1552
    size_t input_length,
1553
    uint8_t *hash,
1554
    size_t hash_size,
1555
    size_t *hash_length)
1556
785
{
1557
785
    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1558
1559
    /* Try accelerators first */
1560
#if defined(PSA_CRYPTO_DRIVER_TEST)
1561
    status = mbedtls_test_transparent_hash_compute(
1562
                alg, input, input_length, hash, hash_size, hash_length );
1563
    if( status != PSA_ERROR_NOT_SUPPORTED )
1564
        return( status );
1565
#endif
1566
1567
    /* If software fallback is compiled in, try fallback */
1568
785
#if defined(MBEDTLS_PSA_BUILTIN_HASH)
1569
785
    status = mbedtls_psa_hash_compute( alg, input, input_length,
1570
785
                                       hash, hash_size, hash_length );
1571
785
    if( status != PSA_ERROR_NOT_SUPPORTED )
1572
785
        return( status );
1573
0
#endif
1574
0
    (void) status;
1575
0
    (void) alg;
1576
0
    (void) input;
1577
0
    (void) input_length;
1578
0
    (void) hash;
1579
0
    (void) hash_size;
1580
0
    (void) hash_length;
1581
1582
0
    return( PSA_ERROR_NOT_SUPPORTED );
1583
785
}
1584
1585
static inline psa_status_t psa_driver_wrapper_hash_setup(
1586
    psa_hash_operation_t *operation,
1587
    psa_algorithm_t alg )
1588
1.67k
{
1589
1.67k
    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1590
1591
    /* Try setup on accelerators first */
1592
#if defined(PSA_CRYPTO_DRIVER_TEST)
1593
    status = mbedtls_test_transparent_hash_setup(
1594
                &operation->ctx.test_driver_ctx, alg );
1595
    if( status == PSA_SUCCESS )
1596
        operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
1597
1598
    if( status != PSA_ERROR_NOT_SUPPORTED )
1599
        return( status );
1600
#endif
1601
1602
    /* If software fallback is compiled in, try fallback */
1603
1.67k
#if defined(MBEDTLS_PSA_BUILTIN_HASH)
1604
1.67k
    status = mbedtls_psa_hash_setup( &operation->ctx.mbedtls_ctx, alg );
1605
1.67k
    if( status == PSA_SUCCESS )
1606
1.67k
        operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1607
1608
1.67k
    if( status != PSA_ERROR_NOT_SUPPORTED )
1609
1.67k
        return( status );
1610
0
#endif
1611
    /* Nothing left to try if we fall through here */
1612
0
    (void) status;
1613
0
    (void) operation;
1614
0
    (void) alg;
1615
0
    return( PSA_ERROR_NOT_SUPPORTED );
1616
1.67k
}
1617
1618
static inline psa_status_t psa_driver_wrapper_hash_clone(
1619
    const psa_hash_operation_t *source_operation,
1620
    psa_hash_operation_t *target_operation )
1621
0
{
1622
0
    switch( source_operation->id )
1623
0
    {
1624
0
#if defined(MBEDTLS_PSA_BUILTIN_HASH)
1625
0
        case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1626
0
            target_operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1627
0
            return( mbedtls_psa_hash_clone( &source_operation->ctx.mbedtls_ctx,
1628
0
                                            &target_operation->ctx.mbedtls_ctx ) );
1629
0
#endif
1630
#if defined(PSA_CRYPTO_DRIVER_TEST)
1631
        case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1632
            target_operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
1633
            return( mbedtls_test_transparent_hash_clone(
1634
                        &source_operation->ctx.test_driver_ctx,
1635
                        &target_operation->ctx.test_driver_ctx ) );
1636
#endif
1637
0
        default:
1638
0
            (void) target_operation;
1639
0
            return( PSA_ERROR_BAD_STATE );
1640
0
    }
1641
0
}
1642
1643
static inline psa_status_t psa_driver_wrapper_hash_update(
1644
    psa_hash_operation_t *operation,
1645
    const uint8_t *input,
1646
    size_t input_length )
1647
8.74k
{
1648
8.74k
    switch( operation->id )
1649
8.74k
    {
1650
0
#if defined(MBEDTLS_PSA_BUILTIN_HASH)
1651
8.74k
        case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1652
8.74k
            return( mbedtls_psa_hash_update( &operation->ctx.mbedtls_ctx,
1653
8.74k
                                             input, input_length ) );
1654
0
#endif
1655
#if defined(PSA_CRYPTO_DRIVER_TEST)
1656
        case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1657
            return( mbedtls_test_transparent_hash_update(
1658
                        &operation->ctx.test_driver_ctx,
1659
                        input, input_length ) );
1660
#endif
1661
0
        default:
1662
0
            (void) input;
1663
0
            (void) input_length;
1664
0
            return( PSA_ERROR_BAD_STATE );
1665
8.74k
    }
1666
8.74k
}
1667
1668
static inline psa_status_t psa_driver_wrapper_hash_finish(
1669
    psa_hash_operation_t *operation,
1670
    uint8_t *hash,
1671
    size_t hash_size,
1672
    size_t *hash_length )
1673
1.63k
{
1674
1.63k
    switch( operation->id )
1675
1.63k
    {
1676
0
#if defined(MBEDTLS_PSA_BUILTIN_HASH)
1677
1.63k
        case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1678
1.63k
            return( mbedtls_psa_hash_finish( &operation->ctx.mbedtls_ctx,
1679
1.63k
                                             hash, hash_size, hash_length ) );
1680
0
#endif
1681
#if defined(PSA_CRYPTO_DRIVER_TEST)
1682
        case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1683
            return( mbedtls_test_transparent_hash_finish(
1684
                        &operation->ctx.test_driver_ctx,
1685
                        hash, hash_size, hash_length ) );
1686
#endif
1687
0
        default:
1688
0
            (void) hash;
1689
0
            (void) hash_size;
1690
0
            (void) hash_length;
1691
0
            return( PSA_ERROR_BAD_STATE );
1692
1.63k
    }
1693
1.63k
}
1694
1695
static inline psa_status_t psa_driver_wrapper_hash_abort(
1696
    psa_hash_operation_t *operation )
1697
1.67k
{
1698
1.67k
    switch( operation->id )
1699
1.67k
    {
1700
0
#if defined(MBEDTLS_PSA_BUILTIN_HASH)
1701
1.67k
        case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1702
1.67k
            return( mbedtls_psa_hash_abort( &operation->ctx.mbedtls_ctx ) );
1703
0
#endif
1704
#if defined(PSA_CRYPTO_DRIVER_TEST)
1705
        case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1706
            return( mbedtls_test_transparent_hash_abort(
1707
                        &operation->ctx.test_driver_ctx ) );
1708
#endif
1709
0
        default:
1710
0
            return( PSA_ERROR_BAD_STATE );
1711
1.67k
    }
1712
1.67k
}
1713
1714
static inline psa_status_t psa_driver_wrapper_aead_encrypt(
1715
    const psa_key_attributes_t *attributes,
1716
    const uint8_t *key_buffer, size_t key_buffer_size,
1717
    psa_algorithm_t alg,
1718
    const uint8_t *nonce, size_t nonce_length,
1719
    const uint8_t *additional_data, size_t additional_data_length,
1720
    const uint8_t *plaintext, size_t plaintext_length,
1721
    uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length )
1722
2
{
1723
2
    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1724
2
    psa_key_location_t location =
1725
2
        PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
1726
1727
2
    switch( location )
1728
2
    {
1729
2
        case PSA_KEY_LOCATION_LOCAL_STORAGE:
1730
            /* Key is stored in the slot in export representation, so
1731
             * cycle through all known transparent accelerators */
1732
1733
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1734
#if defined(PSA_CRYPTO_DRIVER_TEST)
1735
            status = mbedtls_test_transparent_aead_encrypt(
1736
                         attributes, key_buffer, key_buffer_size,
1737
                         alg,
1738
                         nonce, nonce_length,
1739
                         additional_data, additional_data_length,
1740
                         plaintext, plaintext_length,
1741
                         ciphertext, ciphertext_size, ciphertext_length );
1742
            /* Declared with fallback == true */
1743
            if( status != PSA_ERROR_NOT_SUPPORTED )
1744
                return( status );
1745
#endif /* PSA_CRYPTO_DRIVER_TEST */
1746
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1747
1748
            /* Fell through, meaning no accelerator supports this operation */
1749
2
            return( mbedtls_psa_aead_encrypt(
1750
2
                        attributes, key_buffer, key_buffer_size,
1751
2
                        alg,
1752
2
                        nonce, nonce_length,
1753
2
                        additional_data, additional_data_length,
1754
2
                        plaintext, plaintext_length,
1755
2
                        ciphertext, ciphertext_size, ciphertext_length ) );
1756
1757
        /* Add cases for opaque driver here */
1758
1759
0
        default:
1760
            /* Key is declared with a lifetime not known to us */
1761
0
            (void)status;
1762
0
            return( PSA_ERROR_INVALID_ARGUMENT );
1763
2
    }
1764
2
}
1765
1766
static inline psa_status_t psa_driver_wrapper_aead_decrypt(
1767
    const psa_key_attributes_t *attributes,
1768
    const uint8_t *key_buffer, size_t key_buffer_size,
1769
    psa_algorithm_t alg,
1770
    const uint8_t *nonce, size_t nonce_length,
1771
    const uint8_t *additional_data, size_t additional_data_length,
1772
    const uint8_t *ciphertext, size_t ciphertext_length,
1773
    uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length )
1774
7
{
1775
7
    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1776
7
    psa_key_location_t location =
1777
7
        PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
1778
1779
7
    switch( location )
1780
7
    {
1781
7
        case PSA_KEY_LOCATION_LOCAL_STORAGE:
1782
            /* Key is stored in the slot in export representation, so
1783
             * cycle through all known transparent accelerators */
1784
1785
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1786
#if defined(PSA_CRYPTO_DRIVER_TEST)
1787
            status = mbedtls_test_transparent_aead_decrypt(
1788
                        attributes, key_buffer, key_buffer_size,
1789
                        alg,
1790
                        nonce, nonce_length,
1791
                        additional_data, additional_data_length,
1792
                        ciphertext, ciphertext_length,
1793
                        plaintext, plaintext_size, plaintext_length );
1794
            /* Declared with fallback == true */
1795
            if( status != PSA_ERROR_NOT_SUPPORTED )
1796
                return( status );
1797
#endif /* PSA_CRYPTO_DRIVER_TEST */
1798
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1799
1800
            /* Fell through, meaning no accelerator supports this operation */
1801
7
            return( mbedtls_psa_aead_decrypt(
1802
7
                        attributes, key_buffer, key_buffer_size,
1803
7
                        alg,
1804
7
                        nonce, nonce_length,
1805
7
                        additional_data, additional_data_length,
1806
7
                        ciphertext, ciphertext_length,
1807
7
                        plaintext, plaintext_size, plaintext_length ) );
1808
1809
        /* Add cases for opaque driver here */
1810
1811
0
        default:
1812
            /* Key is declared with a lifetime not known to us */
1813
0
            (void)status;
1814
0
            return( PSA_ERROR_INVALID_ARGUMENT );
1815
7
    }
1816
7
}
1817
1818
static inline psa_status_t psa_driver_wrapper_aead_encrypt_setup(
1819
   psa_aead_operation_t *operation,
1820
   const psa_key_attributes_t *attributes,
1821
   const uint8_t *key_buffer, size_t key_buffer_size,
1822
   psa_algorithm_t alg )
1823
1
{
1824
1
    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1825
1
    psa_key_location_t location =
1826
1
        PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
1827
1828
1
    switch( location )
1829
1
    {
1830
1
        case PSA_KEY_LOCATION_LOCAL_STORAGE:
1831
            /* Key is stored in the slot in export representation, so
1832
             * cycle through all known transparent accelerators */
1833
1834
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1835
#if defined(PSA_CRYPTO_DRIVER_TEST)
1836
            operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
1837
            status = mbedtls_test_transparent_aead_encrypt_setup(
1838
                        &operation->ctx.transparent_test_driver_ctx,
1839
                        attributes, key_buffer, key_buffer_size,
1840
                        alg );
1841
1842
            /* Declared with fallback == true */
1843
            if( status != PSA_ERROR_NOT_SUPPORTED )
1844
                return( status );
1845
#endif /* PSA_CRYPTO_DRIVER_TEST */
1846
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1847
1848
            /* Fell through, meaning no accelerator supports this operation */
1849
1
            operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1850
1
            status = mbedtls_psa_aead_encrypt_setup(
1851
1
                        &operation->ctx.mbedtls_ctx, attributes,
1852
1
                        key_buffer, key_buffer_size,
1853
1
                        alg );
1854
1855
1
            return( status );
1856
1857
        /* Add cases for opaque driver here */
1858
1859
0
        default:
1860
            /* Key is declared with a lifetime not known to us */
1861
0
            (void)status;
1862
0
            return( PSA_ERROR_INVALID_ARGUMENT );
1863
1
    }
1864
1
}
1865
1866
static inline psa_status_t psa_driver_wrapper_aead_decrypt_setup(
1867
   psa_aead_operation_t *operation,
1868
   const psa_key_attributes_t *attributes,
1869
   const uint8_t *key_buffer, size_t key_buffer_size,
1870
   psa_algorithm_t alg )
1871
0
{
1872
0
    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
1873
0
    psa_key_location_t location =
1874
0
        PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
1875
1876
0
    switch( location )
1877
0
    {
1878
0
        case PSA_KEY_LOCATION_LOCAL_STORAGE:
1879
            /* Key is stored in the slot in export representation, so
1880
             * cycle through all known transparent accelerators */
1881
1882
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1883
#if defined(PSA_CRYPTO_DRIVER_TEST)
1884
            operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
1885
            status = mbedtls_test_transparent_aead_decrypt_setup(
1886
                        &operation->ctx.transparent_test_driver_ctx,
1887
                        attributes,
1888
                        key_buffer, key_buffer_size,
1889
                        alg );
1890
1891
            /* Declared with fallback == true */
1892
            if( status != PSA_ERROR_NOT_SUPPORTED )
1893
                return( status );
1894
#endif /* PSA_CRYPTO_DRIVER_TEST */
1895
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1896
1897
            /* Fell through, meaning no accelerator supports this operation */
1898
0
            operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
1899
0
            status = mbedtls_psa_aead_decrypt_setup(
1900
0
                        &operation->ctx.mbedtls_ctx,
1901
0
                        attributes,
1902
0
                        key_buffer, key_buffer_size,
1903
0
                        alg );
1904
1905
0
            return( status );
1906
1907
        /* Add cases for opaque driver here */
1908
1909
0
        default:
1910
            /* Key is declared with a lifetime not known to us */
1911
0
            (void)status;
1912
0
            return( PSA_ERROR_INVALID_ARGUMENT );
1913
0
    }
1914
0
}
1915
1916
static inline psa_status_t psa_driver_wrapper_aead_set_nonce(
1917
   psa_aead_operation_t *operation,
1918
   const uint8_t *nonce,
1919
   size_t nonce_length )
1920
1
{
1921
1
    switch( operation->id )
1922
1
    {
1923
0
#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
1924
1
        case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1925
1
            return( mbedtls_psa_aead_set_nonce( &operation->ctx.mbedtls_ctx,
1926
1
                                                nonce,
1927
1
                                                nonce_length ) );
1928
1929
1
#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
1930
1931
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1932
#if defined(PSA_CRYPTO_DRIVER_TEST)
1933
        case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1934
            return( mbedtls_test_transparent_aead_set_nonce(
1935
                         &operation->ctx.transparent_test_driver_ctx,
1936
                         nonce, nonce_length ) );
1937
1938
        /* Add cases for opaque driver here */
1939
1940
#endif /* PSA_CRYPTO_DRIVER_TEST */
1941
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1942
1
    }
1943
1944
0
    (void)nonce;
1945
0
    (void)nonce_length;
1946
1947
0
    return( PSA_ERROR_INVALID_ARGUMENT );
1948
1
}
1949
1950
static inline psa_status_t psa_driver_wrapper_aead_set_lengths(
1951
   psa_aead_operation_t *operation,
1952
   size_t ad_length,
1953
   size_t plaintext_length )
1954
1
{
1955
1
    switch( operation->id )
1956
1
    {
1957
0
#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
1958
1
        case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1959
1
            return( mbedtls_psa_aead_set_lengths( &operation->ctx.mbedtls_ctx,
1960
1
                                                  ad_length,
1961
1
                                                  plaintext_length ) );
1962
1963
1
#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
1964
1965
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
1966
#if defined(PSA_CRYPTO_DRIVER_TEST)
1967
        case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
1968
            return( mbedtls_test_transparent_aead_set_lengths(
1969
                        &operation->ctx.transparent_test_driver_ctx,
1970
                        ad_length, plaintext_length ) );
1971
1972
        /* Add cases for opaque driver here */
1973
1974
#endif /* PSA_CRYPTO_DRIVER_TEST */
1975
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
1976
1
    }
1977
1978
0
    (void)ad_length;
1979
0
    (void)plaintext_length;
1980
1981
0
    return( PSA_ERROR_INVALID_ARGUMENT );
1982
1
}
1983
1984
static inline psa_status_t psa_driver_wrapper_aead_update_ad(
1985
   psa_aead_operation_t *operation,
1986
   const uint8_t *input,
1987
   size_t input_length )
1988
0
{
1989
0
    switch( operation->id )
1990
0
    {
1991
0
#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
1992
0
        case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
1993
0
            return( mbedtls_psa_aead_update_ad( &operation->ctx.mbedtls_ctx,
1994
0
                                                input,
1995
0
                                                input_length ) );
1996
1997
0
#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
1998
1999
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2000
#if defined(PSA_CRYPTO_DRIVER_TEST)
2001
        case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2002
            return( mbedtls_test_transparent_aead_update_ad(
2003
                        &operation->ctx.transparent_test_driver_ctx,
2004
                        input, input_length ) );
2005
2006
        /* Add cases for opaque driver here */
2007
2008
#endif /* PSA_CRYPTO_DRIVER_TEST */
2009
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2010
0
    }
2011
2012
0
    (void)input;
2013
0
    (void)input_length;
2014
2015
0
    return( PSA_ERROR_INVALID_ARGUMENT );
2016
0
}
2017
2018
static inline psa_status_t psa_driver_wrapper_aead_update(
2019
   psa_aead_operation_t *operation,
2020
   const uint8_t *input,
2021
   size_t input_length,
2022
   uint8_t *output,
2023
   size_t output_size,
2024
   size_t *output_length )
2025
316
{
2026
316
    switch( operation->id )
2027
316
    {
2028
0
#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
2029
316
        case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2030
316
            return( mbedtls_psa_aead_update( &operation->ctx.mbedtls_ctx,
2031
316
                                             input, input_length,
2032
316
                                             output, output_size,
2033
316
                                             output_length ) );
2034
2035
316
#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
2036
2037
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2038
#if defined(PSA_CRYPTO_DRIVER_TEST)
2039
        case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2040
            return( mbedtls_test_transparent_aead_update(
2041
                        &operation->ctx.transparent_test_driver_ctx,
2042
                        input, input_length, output, output_size,
2043
                        output_length ) );
2044
2045
        /* Add cases for opaque driver here */
2046
2047
#endif /* PSA_CRYPTO_DRIVER_TEST */
2048
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2049
316
    }
2050
2051
0
    (void)input;
2052
0
    (void)input_length;
2053
0
    (void)output;
2054
0
    (void)output_size;
2055
0
    (void)output_length;
2056
2057
0
    return( PSA_ERROR_INVALID_ARGUMENT );
2058
316
}
2059
2060
static inline psa_status_t psa_driver_wrapper_aead_finish(
2061
   psa_aead_operation_t *operation,
2062
   uint8_t *ciphertext,
2063
   size_t ciphertext_size,
2064
   size_t *ciphertext_length,
2065
   uint8_t *tag,
2066
   size_t tag_size,
2067
   size_t *tag_length )
2068
1
{
2069
1
    switch( operation->id )
2070
1
    {
2071
0
#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
2072
1
        case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2073
1
            return( mbedtls_psa_aead_finish( &operation->ctx.mbedtls_ctx,
2074
1
                                             ciphertext,
2075
1
                                             ciphertext_size,
2076
1
                                             ciphertext_length, tag,
2077
1
                                             tag_size, tag_length ) );
2078
2079
1
#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
2080
2081
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2082
#if defined(PSA_CRYPTO_DRIVER_TEST)
2083
        case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2084
            return( mbedtls_test_transparent_aead_finish(
2085
                        &operation->ctx.transparent_test_driver_ctx,
2086
                        ciphertext, ciphertext_size,
2087
                        ciphertext_length, tag, tag_size, tag_length ) );
2088
2089
        /* Add cases for opaque driver here */
2090
2091
#endif /* PSA_CRYPTO_DRIVER_TEST */
2092
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2093
1
    }
2094
2095
0
    (void)ciphertext;
2096
0
    (void)ciphertext_size;
2097
0
    (void)ciphertext_length;
2098
0
    (void)tag;
2099
0
    (void)tag_size;
2100
0
    (void)tag_length;
2101
2102
0
    return( PSA_ERROR_INVALID_ARGUMENT );
2103
1
}
2104
2105
static inline psa_status_t psa_driver_wrapper_aead_verify(
2106
   psa_aead_operation_t *operation,
2107
   uint8_t *plaintext,
2108
   size_t plaintext_size,
2109
   size_t *plaintext_length,
2110
   const uint8_t *tag,
2111
   size_t tag_length )
2112
0
{
2113
0
    switch( operation->id )
2114
0
    {
2115
0
#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
2116
0
        case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2117
0
            {
2118
0
                psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2119
0
                uint8_t check_tag[PSA_AEAD_TAG_MAX_SIZE];
2120
0
                size_t check_tag_length;
2121
2122
0
                status = mbedtls_psa_aead_finish( &operation->ctx.mbedtls_ctx,
2123
0
                                                  plaintext,
2124
0
                                                  plaintext_size,
2125
0
                                                  plaintext_length,
2126
0
                                                  check_tag,
2127
0
                                                  sizeof( check_tag ),
2128
0
                                                  &check_tag_length );
2129
2130
0
                if( status == PSA_SUCCESS )
2131
0
                {
2132
0
                    if( tag_length != check_tag_length ||
2133
0
                        mbedtls_ct_memcmp( tag, check_tag, tag_length )
2134
0
                        != 0 )
2135
0
                        status = PSA_ERROR_INVALID_SIGNATURE;
2136
0
                }
2137
2138
0
                mbedtls_platform_zeroize( check_tag, sizeof( check_tag ) );
2139
2140
0
                return( status );
2141
0
            }
2142
2143
0
#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
2144
2145
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2146
#if defined(PSA_CRYPTO_DRIVER_TEST)
2147
        case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2148
            return( mbedtls_test_transparent_aead_verify(
2149
                        &operation->ctx.transparent_test_driver_ctx,
2150
                        plaintext, plaintext_size,
2151
                        plaintext_length, tag, tag_length ) );
2152
2153
        /* Add cases for opaque driver here */
2154
2155
#endif /* PSA_CRYPTO_DRIVER_TEST */
2156
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2157
0
    }
2158
2159
0
    (void)plaintext;
2160
0
    (void)plaintext_size;
2161
0
    (void)plaintext_length;
2162
0
    (void)tag;
2163
0
    (void)tag_length;
2164
2165
0
    return( PSA_ERROR_INVALID_ARGUMENT );
2166
0
}
2167
2168
static inline psa_status_t psa_driver_wrapper_aead_abort(
2169
   psa_aead_operation_t *operation )
2170
1
{
2171
1
    switch( operation->id )
2172
1
    {
2173
0
#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
2174
1
        case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2175
1
            return( mbedtls_psa_aead_abort( &operation->ctx.mbedtls_ctx ) );
2176
2177
1
#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
2178
2179
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2180
#if defined(PSA_CRYPTO_DRIVER_TEST)
2181
        case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2182
            return( mbedtls_test_transparent_aead_abort(
2183
               &operation->ctx.transparent_test_driver_ctx ) );
2184
2185
        /* Add cases for opaque driver here */
2186
2187
#endif /* PSA_CRYPTO_DRIVER_TEST */
2188
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2189
1
    }
2190
2191
0
    return( PSA_ERROR_INVALID_ARGUMENT );
2192
1
}
2193
2194
/*
2195
 * MAC functions
2196
 */
2197
static inline psa_status_t psa_driver_wrapper_mac_compute(
2198
    const psa_key_attributes_t *attributes,
2199
    const uint8_t *key_buffer,
2200
    size_t key_buffer_size,
2201
    psa_algorithm_t alg,
2202
    const uint8_t *input,
2203
    size_t input_length,
2204
    uint8_t *mac,
2205
    size_t mac_size,
2206
    size_t *mac_length )
2207
323
{
2208
323
    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2209
323
    psa_key_location_t location =
2210
323
        PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
2211
2212
323
    switch( location )
2213
323
    {
2214
323
        case PSA_KEY_LOCATION_LOCAL_STORAGE:
2215
            /* Key is stored in the slot in export representation, so
2216
             * cycle through all known transparent accelerators */
2217
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2218
#if defined(PSA_CRYPTO_DRIVER_TEST)
2219
            status = mbedtls_test_transparent_mac_compute(
2220
                attributes, key_buffer, key_buffer_size, alg,
2221
                input, input_length,
2222
                mac, mac_size, mac_length );
2223
            /* Declared with fallback == true */
2224
            if( status != PSA_ERROR_NOT_SUPPORTED )
2225
                return( status );
2226
#endif /* PSA_CRYPTO_DRIVER_TEST */
2227
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2228
323
#if defined(MBEDTLS_PSA_BUILTIN_MAC)
2229
            /* Fell through, meaning no accelerator supports this operation */
2230
323
            status = mbedtls_psa_mac_compute(
2231
323
                attributes, key_buffer, key_buffer_size, alg,
2232
323
                input, input_length,
2233
323
                mac, mac_size, mac_length );
2234
323
            if( status != PSA_ERROR_NOT_SUPPORTED )
2235
323
                return( status );
2236
0
#endif /* MBEDTLS_PSA_BUILTIN_MAC */
2237
0
            return( PSA_ERROR_NOT_SUPPORTED );
2238
2239
        /* Add cases for opaque driver here */
2240
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2241
#if defined(PSA_CRYPTO_DRIVER_TEST)
2242
        case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2243
            status = mbedtls_test_opaque_mac_compute(
2244
                attributes, key_buffer, key_buffer_size, alg,
2245
                input, input_length,
2246
                mac, mac_size, mac_length );
2247
            return( status );
2248
#endif /* PSA_CRYPTO_DRIVER_TEST */
2249
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2250
0
        default:
2251
            /* Key is declared with a lifetime not known to us */
2252
0
            (void) key_buffer;
2253
0
            (void) key_buffer_size;
2254
0
            (void) alg;
2255
0
            (void) input;
2256
0
            (void) input_length;
2257
0
            (void) mac;
2258
0
            (void) mac_size;
2259
0
            (void) mac_length;
2260
0
            (void) status;
2261
0
            return( PSA_ERROR_INVALID_ARGUMENT );
2262
323
    }
2263
323
}
2264
2265
static inline psa_status_t psa_driver_wrapper_mac_sign_setup(
2266
    psa_mac_operation_t *operation,
2267
    const psa_key_attributes_t *attributes,
2268
    const uint8_t *key_buffer,
2269
    size_t key_buffer_size,
2270
    psa_algorithm_t alg )
2271
198
{
2272
198
    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2273
198
    psa_key_location_t location =
2274
198
        PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
2275
2276
198
    switch( location )
2277
198
    {
2278
198
        case PSA_KEY_LOCATION_LOCAL_STORAGE:
2279
            /* Key is stored in the slot in export representation, so
2280
             * cycle through all known transparent accelerators */
2281
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2282
#if defined(PSA_CRYPTO_DRIVER_TEST)
2283
            status = mbedtls_test_transparent_mac_sign_setup(
2284
                &operation->ctx.transparent_test_driver_ctx,
2285
                attributes,
2286
                key_buffer, key_buffer_size,
2287
                alg );
2288
            /* Declared with fallback == true */
2289
            if( status == PSA_SUCCESS )
2290
                operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
2291
2292
            if( status != PSA_ERROR_NOT_SUPPORTED )
2293
                return( status );
2294
#endif /* PSA_CRYPTO_DRIVER_TEST */
2295
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2296
198
#if defined(MBEDTLS_PSA_BUILTIN_MAC)
2297
            /* Fell through, meaning no accelerator supports this operation */
2298
198
            status = mbedtls_psa_mac_sign_setup( &operation->ctx.mbedtls_ctx,
2299
198
                                                 attributes,
2300
198
                                                 key_buffer, key_buffer_size,
2301
198
                                                 alg );
2302
198
            if( status == PSA_SUCCESS )
2303
198
                operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
2304
2305
198
            if( status != PSA_ERROR_NOT_SUPPORTED )
2306
198
                return( status );
2307
0
#endif /* MBEDTLS_PSA_BUILTIN_MAC */
2308
0
            return( PSA_ERROR_NOT_SUPPORTED );
2309
2310
        /* Add cases for opaque driver here */
2311
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2312
#if defined(PSA_CRYPTO_DRIVER_TEST)
2313
        case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2314
            status = mbedtls_test_opaque_mac_sign_setup(
2315
                &operation->ctx.opaque_test_driver_ctx,
2316
                attributes,
2317
                key_buffer, key_buffer_size,
2318
                alg );
2319
2320
            if( status == PSA_SUCCESS )
2321
                operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID;
2322
2323
            return( status );
2324
#endif /* PSA_CRYPTO_DRIVER_TEST */
2325
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2326
0
        default:
2327
            /* Key is declared with a lifetime not known to us */
2328
0
            (void) status;
2329
0
            (void) operation;
2330
0
            (void) key_buffer;
2331
0
            (void) key_buffer_size;
2332
0
            (void) alg;
2333
0
            return( PSA_ERROR_INVALID_ARGUMENT );
2334
198
    }
2335
198
}
2336
2337
static inline psa_status_t psa_driver_wrapper_mac_verify_setup(
2338
    psa_mac_operation_t *operation,
2339
    const psa_key_attributes_t *attributes,
2340
    const uint8_t *key_buffer,
2341
    size_t key_buffer_size,
2342
    psa_algorithm_t alg )
2343
92
{
2344
92
    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2345
92
    psa_key_location_t location =
2346
92
        PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
2347
2348
92
    switch( location )
2349
92
    {
2350
92
        case PSA_KEY_LOCATION_LOCAL_STORAGE:
2351
            /* Key is stored in the slot in export representation, so
2352
             * cycle through all known transparent accelerators */
2353
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2354
#if defined(PSA_CRYPTO_DRIVER_TEST)
2355
            status = mbedtls_test_transparent_mac_verify_setup(
2356
                &operation->ctx.transparent_test_driver_ctx,
2357
                attributes,
2358
                key_buffer, key_buffer_size,
2359
                alg );
2360
            /* Declared with fallback == true */
2361
            if( status == PSA_SUCCESS )
2362
                operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
2363
2364
            if( status != PSA_ERROR_NOT_SUPPORTED )
2365
                return( status );
2366
#endif /* PSA_CRYPTO_DRIVER_TEST */
2367
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2368
92
#if defined(MBEDTLS_PSA_BUILTIN_MAC)
2369
            /* Fell through, meaning no accelerator supports this operation */
2370
92
            status = mbedtls_psa_mac_verify_setup( &operation->ctx.mbedtls_ctx,
2371
92
                                                   attributes,
2372
92
                                                   key_buffer, key_buffer_size,
2373
92
                                                   alg );
2374
92
            if( status == PSA_SUCCESS )
2375
92
                operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
2376
2377
92
            if( status != PSA_ERROR_NOT_SUPPORTED )
2378
92
                return( status );
2379
0
#endif /* MBEDTLS_PSA_BUILTIN_MAC */
2380
0
            return( PSA_ERROR_NOT_SUPPORTED );
2381
2382
        /* Add cases for opaque driver here */
2383
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2384
#if defined(PSA_CRYPTO_DRIVER_TEST)
2385
        case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2386
            status = mbedtls_test_opaque_mac_verify_setup(
2387
                &operation->ctx.opaque_test_driver_ctx,
2388
                attributes,
2389
                key_buffer, key_buffer_size,
2390
                alg );
2391
2392
            if( status == PSA_SUCCESS )
2393
                operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID;
2394
2395
            return( status );
2396
#endif /* PSA_CRYPTO_DRIVER_TEST */
2397
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2398
0
        default:
2399
            /* Key is declared with a lifetime not known to us */
2400
0
            (void) status;
2401
0
            (void) operation;
2402
0
            (void) key_buffer;
2403
0
            (void) key_buffer_size;
2404
0
            (void) alg;
2405
0
            return( PSA_ERROR_INVALID_ARGUMENT );
2406
92
    }
2407
92
}
2408
2409
static inline psa_status_t psa_driver_wrapper_mac_update(
2410
    psa_mac_operation_t *operation,
2411
    const uint8_t *input,
2412
    size_t input_length )
2413
2.35k
{
2414
2.35k
    switch( operation->id )
2415
2.35k
    {
2416
0
#if defined(MBEDTLS_PSA_BUILTIN_MAC)
2417
2.35k
        case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2418
2.35k
            return( mbedtls_psa_mac_update( &operation->ctx.mbedtls_ctx,
2419
2.35k
                                            input, input_length ) );
2420
0
#endif /* MBEDTLS_PSA_BUILTIN_MAC */
2421
2422
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2423
#if defined(PSA_CRYPTO_DRIVER_TEST)
2424
        case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2425
            return( mbedtls_test_transparent_mac_update(
2426
                        &operation->ctx.transparent_test_driver_ctx,
2427
                        input, input_length ) );
2428
2429
        case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
2430
            return( mbedtls_test_opaque_mac_update(
2431
                        &operation->ctx.opaque_test_driver_ctx,
2432
                        input, input_length ) );
2433
#endif /* PSA_CRYPTO_DRIVER_TEST */
2434
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2435
0
        default:
2436
0
            (void) input;
2437
0
            (void) input_length;
2438
0
            return( PSA_ERROR_INVALID_ARGUMENT );
2439
2.35k
    }
2440
2.35k
}
2441
2442
static inline psa_status_t psa_driver_wrapper_mac_sign_finish(
2443
    psa_mac_operation_t *operation,
2444
    uint8_t *mac,
2445
    size_t mac_size,
2446
    size_t *mac_length )
2447
198
{
2448
198
    switch( operation->id )
2449
198
    {
2450
0
#if defined(MBEDTLS_PSA_BUILTIN_MAC)
2451
198
        case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2452
198
            return( mbedtls_psa_mac_sign_finish( &operation->ctx.mbedtls_ctx,
2453
198
                                                 mac, mac_size, mac_length ) );
2454
0
#endif /* MBEDTLS_PSA_BUILTIN_MAC */
2455
2456
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2457
#if defined(PSA_CRYPTO_DRIVER_TEST)
2458
        case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2459
            return( mbedtls_test_transparent_mac_sign_finish(
2460
                        &operation->ctx.transparent_test_driver_ctx,
2461
                        mac, mac_size, mac_length ) );
2462
2463
        case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
2464
            return( mbedtls_test_opaque_mac_sign_finish(
2465
                        &operation->ctx.opaque_test_driver_ctx,
2466
                        mac, mac_size, mac_length ) );
2467
#endif /* PSA_CRYPTO_DRIVER_TEST */
2468
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2469
0
        default:
2470
0
            (void) mac;
2471
0
            (void) mac_size;
2472
0
            (void) mac_length;
2473
0
            return( PSA_ERROR_INVALID_ARGUMENT );
2474
198
    }
2475
198
}
2476
2477
static inline psa_status_t psa_driver_wrapper_mac_verify_finish(
2478
    psa_mac_operation_t *operation,
2479
    const uint8_t *mac,
2480
    size_t mac_length )
2481
56
{
2482
56
    switch( operation->id )
2483
56
    {
2484
0
#if defined(MBEDTLS_PSA_BUILTIN_MAC)
2485
56
        case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2486
56
            return( mbedtls_psa_mac_verify_finish( &operation->ctx.mbedtls_ctx,
2487
56
                                                   mac, mac_length ) );
2488
0
#endif /* MBEDTLS_PSA_BUILTIN_MAC */
2489
2490
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2491
#if defined(PSA_CRYPTO_DRIVER_TEST)
2492
        case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2493
            return( mbedtls_test_transparent_mac_verify_finish(
2494
                        &operation->ctx.transparent_test_driver_ctx,
2495
                        mac, mac_length ) );
2496
2497
        case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
2498
            return( mbedtls_test_opaque_mac_verify_finish(
2499
                        &operation->ctx.opaque_test_driver_ctx,
2500
                        mac, mac_length ) );
2501
#endif /* PSA_CRYPTO_DRIVER_TEST */
2502
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2503
0
        default:
2504
0
            (void) mac;
2505
0
            (void) mac_length;
2506
0
            return( PSA_ERROR_INVALID_ARGUMENT );
2507
56
    }
2508
56
}
2509
2510
static inline psa_status_t psa_driver_wrapper_mac_abort(
2511
    psa_mac_operation_t *operation )
2512
290
{
2513
290
    switch( operation->id )
2514
290
    {
2515
0
#if defined(MBEDTLS_PSA_BUILTIN_MAC)
2516
290
        case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2517
290
            return( mbedtls_psa_mac_abort( &operation->ctx.mbedtls_ctx ) );
2518
0
#endif /* MBEDTLS_PSA_BUILTIN_MAC */
2519
2520
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2521
#if defined(PSA_CRYPTO_DRIVER_TEST)
2522
        case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2523
            return( mbedtls_test_transparent_mac_abort(
2524
                        &operation->ctx.transparent_test_driver_ctx ) );
2525
        case MBEDTLS_TEST_OPAQUE_DRIVER_ID:
2526
            return( mbedtls_test_opaque_mac_abort(
2527
                        &operation->ctx.opaque_test_driver_ctx ) );
2528
#endif /* PSA_CRYPTO_DRIVER_TEST */
2529
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2530
0
        default:
2531
0
            return( PSA_ERROR_INVALID_ARGUMENT );
2532
290
    }
2533
290
}
2534
2535
/*
2536
 * Asymmetric cryptography
2537
 */
2538
static inline psa_status_t psa_driver_wrapper_asymmetric_encrypt(
2539
    const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
2540
    size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input,
2541
    size_t input_length, const uint8_t *salt, size_t salt_length,
2542
    uint8_t *output, size_t output_size, size_t *output_length )
2543
0
{
2544
0
    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2545
0
    psa_key_location_t location =
2546
0
        PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
2547
2548
0
    switch( location )
2549
0
    {
2550
0
        case PSA_KEY_LOCATION_LOCAL_STORAGE:
2551
            /* Key is stored in the slot in export representation, so
2552
             * cycle through all known transparent accelerators */
2553
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2554
#if defined(PSA_CRYPTO_DRIVER_TEST)
2555
            status = mbedtls_test_transparent_asymmetric_encrypt( attributes,
2556
                        key_buffer, key_buffer_size, alg, input, input_length,
2557
                        salt, salt_length, output, output_size,
2558
                        output_length );
2559
            /* Declared with fallback == true */
2560
            if( status != PSA_ERROR_NOT_SUPPORTED )
2561
                return( status );
2562
#endif /* PSA_CRYPTO_DRIVER_TEST */
2563
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2564
0
            return( mbedtls_psa_asymmetric_encrypt( attributes,
2565
0
                        key_buffer, key_buffer_size, alg, input, input_length,
2566
0
                        salt, salt_length, output, output_size, output_length )
2567
0
                  );
2568
        /* Add cases for opaque driver here */
2569
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2570
#if defined(PSA_CRYPTO_DRIVER_TEST)
2571
        case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2572
            return( mbedtls_test_opaque_asymmetric_encrypt( attributes,
2573
                        key_buffer, key_buffer_size, alg, input, input_length,
2574
                        salt, salt_length, output, output_size, output_length )
2575
                  );
2576
#endif /* PSA_CRYPTO_DRIVER_TEST */
2577
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2578
2579
0
        default:
2580
            /* Key is declared with a lifetime not known to us */
2581
0
            (void)status;
2582
0
            (void)key_buffer;
2583
0
            (void)key_buffer_size;
2584
0
            (void)alg;
2585
0
            (void)input;
2586
0
            (void)input_length;
2587
0
            (void)salt;
2588
0
            (void)salt_length;
2589
0
            (void)output;
2590
0
            (void)output_size;
2591
0
            (void)output_length;
2592
0
            return( PSA_ERROR_INVALID_ARGUMENT );
2593
0
    }
2594
0
}
2595
2596
static inline psa_status_t psa_driver_wrapper_asymmetric_decrypt(
2597
    const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
2598
    size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input,
2599
    size_t input_length, const uint8_t *salt, size_t salt_length,
2600
    uint8_t *output, size_t output_size, size_t *output_length )
2601
0
{
2602
0
    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2603
0
    psa_key_location_t location =
2604
0
        PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
2605
2606
0
    switch( location )
2607
0
    {
2608
0
        case PSA_KEY_LOCATION_LOCAL_STORAGE:
2609
            /* Key is stored in the slot in export representation, so
2610
             * cycle through all known transparent accelerators */
2611
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2612
#if defined(PSA_CRYPTO_DRIVER_TEST)
2613
            status = mbedtls_test_transparent_asymmetric_decrypt( attributes,
2614
                        key_buffer, key_buffer_size, alg, input, input_length,
2615
                        salt, salt_length, output, output_size,
2616
                        output_length );
2617
            /* Declared with fallback == true */
2618
            if( status != PSA_ERROR_NOT_SUPPORTED )
2619
                return( status );
2620
#endif /* PSA_CRYPTO_DRIVER_TEST */
2621
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2622
0
            return( mbedtls_psa_asymmetric_decrypt( attributes,
2623
0
                        key_buffer, key_buffer_size, alg,input, input_length,
2624
0
                        salt, salt_length, output, output_size,
2625
0
                        output_length ) );
2626
        /* Add cases for opaque driver here */
2627
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2628
#if defined(PSA_CRYPTO_DRIVER_TEST)
2629
        case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2630
            return( mbedtls_test_opaque_asymmetric_decrypt( attributes,
2631
                        key_buffer, key_buffer_size, alg, input, input_length,
2632
                        salt, salt_length, output, output_size,
2633
                        output_length ) );
2634
#endif /* PSA_CRYPTO_DRIVER_TEST */
2635
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2636
2637
0
        default:
2638
            /* Key is declared with a lifetime not known to us */
2639
0
            (void)status;
2640
0
            (void)key_buffer;
2641
0
            (void)key_buffer_size;
2642
0
            (void)alg;
2643
0
            (void)input;
2644
0
            (void)input_length;
2645
0
            (void)salt;
2646
0
            (void)salt_length;
2647
0
            (void)output;
2648
0
            (void)output_size;
2649
0
            (void)output_length;
2650
0
            return( PSA_ERROR_INVALID_ARGUMENT );
2651
0
    }
2652
0
}
2653
2654
static inline psa_status_t psa_driver_wrapper_key_agreement(
2655
    const psa_key_attributes_t *attributes,
2656
    const uint8_t *key_buffer,
2657
    size_t key_buffer_size,
2658
    psa_algorithm_t alg,
2659
    const uint8_t *peer_key,
2660
    size_t peer_key_length,
2661
    uint8_t *shared_secret,
2662
    size_t shared_secret_size,
2663
    size_t *shared_secret_length
2664
 )
2665
0
{
2666
0
    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2667
0
    psa_key_location_t location =
2668
0
        PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
2669
2670
0
    switch( location )
2671
0
    {
2672
0
        case PSA_KEY_LOCATION_LOCAL_STORAGE:
2673
            /* Key is stored in the slot in export representation, so
2674
             * cycle through all known transparent accelerators */
2675
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2676
#if defined(PSA_CRYPTO_DRIVER_TEST)
2677
            status =
2678
                mbedtls_test_transparent_key_agreement( attributes,
2679
                        key_buffer, key_buffer_size, alg, peer_key,
2680
                        peer_key_length, shared_secret, shared_secret_size,
2681
                        shared_secret_length );
2682
            if( status != PSA_ERROR_NOT_SUPPORTED )
2683
                return( status );
2684
#endif /* PSA_CRYPTO_DRIVER_TEST */
2685
#if defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED)
2686
            if( PSA_KEY_TYPE_IS_ECC( psa_get_key_type(attributes) ) &&
2687
                PSA_ALG_IS_ECDH(alg) &&
2688
                PSA_KEY_TYPE_ECC_GET_FAMILY(psa_get_key_type(attributes)) == PSA_ECC_FAMILY_SECP_R1 &&
2689
                psa_get_key_bits(attributes) == 256 )
2690
            {
2691
                status = p256_transparent_key_agreement( attributes,
2692
                                                         key_buffer,
2693
                                                         key_buffer_size,
2694
                                                         alg,
2695
                                                         peer_key,
2696
                                                         peer_key_length,
2697
                                                         shared_secret,
2698
                                                         shared_secret_size,
2699
                                                         shared_secret_length );
2700
                if( status != PSA_ERROR_NOT_SUPPORTED)
2701
                    return( status );
2702
            }
2703
#endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */
2704
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2705
2706
            /* Software Fallback */
2707
0
            status = psa_key_agreement_raw_builtin( attributes,
2708
0
                                                    key_buffer,
2709
0
                                                    key_buffer_size,
2710
0
                                                    alg,
2711
0
                                                    peer_key,
2712
0
                                                    peer_key_length,
2713
0
                                                    shared_secret,
2714
0
                                                    shared_secret_size,
2715
0
                                                    shared_secret_length );
2716
0
            return( status );
2717
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2718
#if defined(PSA_CRYPTO_DRIVER_TEST)
2719
        case PSA_CRYPTO_TEST_DRIVER_LOCATION:
2720
            return( mbedtls_test_opaque_key_agreement( attributes,
2721
                        key_buffer, key_buffer_size, alg, peer_key,
2722
                        peer_key_length, shared_secret, shared_secret_size,
2723
                        shared_secret_length ) );
2724
#endif /* PSA_CRYPTO_DRIVER_TEST */
2725
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2726
2727
0
        default:
2728
0
            (void) attributes;
2729
0
            (void) key_buffer;
2730
0
            (void) key_buffer_size;
2731
0
            (void) peer_key;
2732
0
            (void) peer_key_length;
2733
0
            (void) shared_secret;
2734
0
            (void) shared_secret_size;
2735
0
            (void) shared_secret_length;
2736
0
            return( PSA_ERROR_NOT_SUPPORTED );
2737
2738
0
    }
2739
0
}
2740
2741
static inline psa_status_t psa_driver_wrapper_pake_setup(
2742
    psa_pake_operation_t *operation,
2743
    const psa_crypto_driver_pake_inputs_t *inputs )
2744
0
{
2745
0
    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
2746
2747
0
    psa_key_location_t location =
2748
0
            PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime( &inputs->attributes ) );
2749
2750
0
    switch( location )
2751
0
    {
2752
0
        case PSA_KEY_LOCATION_LOCAL_STORAGE:
2753
            /* Key is stored in the slot in export representation, so
2754
             * cycle through all known transparent accelerators */
2755
0
            status = PSA_ERROR_NOT_SUPPORTED;
2756
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2757
#if defined(PSA_CRYPTO_DRIVER_TEST)
2758
            status = mbedtls_test_transparent_pake_setup(
2759
                        &operation->data.ctx.transparent_test_driver_ctx,
2760
                        inputs );
2761
            if( status == PSA_SUCCESS )
2762
                operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID;
2763
            /* Declared with fallback == true */
2764
            if( status != PSA_ERROR_NOT_SUPPORTED )
2765
                return( status );
2766
#endif /* PSA_CRYPTO_DRIVER_TEST */
2767
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2768
0
#if defined(MBEDTLS_PSA_BUILTIN_PAKE)
2769
0
            status = mbedtls_psa_pake_setup( &operation->data.ctx.mbedtls_ctx,
2770
0
                        inputs );
2771
0
            if( status == PSA_SUCCESS )
2772
0
                operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
2773
0
#endif
2774
0
            return status;
2775
        /* Add cases for opaque driver here */
2776
0
        default:
2777
            /* Key is declared with a lifetime not known to us */
2778
0
            (void)operation;
2779
0
            return( PSA_ERROR_INVALID_ARGUMENT );
2780
0
    }
2781
0
}
2782
2783
static inline psa_status_t psa_driver_wrapper_pake_output(
2784
    psa_pake_operation_t *operation,
2785
    psa_crypto_driver_pake_step_t step,
2786
    uint8_t *output,
2787
    size_t output_size,
2788
    size_t *output_length )
2789
0
{
2790
0
    switch( operation->id )
2791
0
    {
2792
0
#if defined(MBEDTLS_PSA_BUILTIN_PAKE)
2793
0
        case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2794
0
            return( mbedtls_psa_pake_output( &operation->data.ctx.mbedtls_ctx, step,
2795
0
                                             output, output_size, output_length ) );
2796
0
#endif /* MBEDTLS_PSA_BUILTIN_PAKE */
2797
2798
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2799
#if defined(PSA_CRYPTO_DRIVER_TEST)
2800
        case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2801
            return( mbedtls_test_transparent_pake_output(
2802
                        &operation->data.ctx.transparent_test_driver_ctx,
2803
                        step, output, output_size, output_length ) );
2804
#endif /* PSA_CRYPTO_DRIVER_TEST */
2805
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2806
0
        default:
2807
0
            (void) step;
2808
0
            (void) output;
2809
0
            (void) output_size;
2810
0
            (void) output_length;
2811
0
            return( PSA_ERROR_INVALID_ARGUMENT );
2812
0
    }
2813
0
}
2814
2815
static inline psa_status_t psa_driver_wrapper_pake_input(
2816
    psa_pake_operation_t *operation,
2817
    psa_crypto_driver_pake_step_t step,
2818
    const uint8_t *input,
2819
    size_t input_length )
2820
0
{
2821
0
    switch( operation->id )
2822
0
    {
2823
0
#if defined(MBEDTLS_PSA_BUILTIN_PAKE)
2824
0
        case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2825
0
            return( mbedtls_psa_pake_input( &operation->data.ctx.mbedtls_ctx,
2826
0
                                            step, input,
2827
0
                                            input_length ) );
2828
0
#endif /* MBEDTLS_PSA_BUILTIN_PAKE */
2829
2830
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2831
#if defined(PSA_CRYPTO_DRIVER_TEST)
2832
        case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2833
            return( mbedtls_test_transparent_pake_input(
2834
                        &operation->data.ctx.transparent_test_driver_ctx,
2835
                        step,
2836
                        input, input_length ) );
2837
#endif /* PSA_CRYPTO_DRIVER_TEST */
2838
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2839
0
        default:
2840
0
            (void) step;
2841
0
            (void) input;
2842
0
            (void) input_length;
2843
0
            return( PSA_ERROR_INVALID_ARGUMENT );
2844
0
    }
2845
0
}
2846
2847
static inline psa_status_t psa_driver_wrapper_pake_get_implicit_key(
2848
    psa_pake_operation_t *operation,
2849
    uint8_t *output, size_t output_size,
2850
    size_t *output_length )
2851
0
{
2852
0
    switch( operation->id )
2853
0
    {
2854
0
#if defined(MBEDTLS_PSA_BUILTIN_PAKE)
2855
0
        case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2856
0
            return( mbedtls_psa_pake_get_implicit_key( &operation->data.ctx.mbedtls_ctx,
2857
0
                                                       output, output_size, output_length ) );
2858
0
#endif /* MBEDTLS_PSA_BUILTIN_PAKE */
2859
2860
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2861
#if defined(PSA_CRYPTO_DRIVER_TEST)
2862
        case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2863
            return( mbedtls_test_transparent_pake_get_implicit_key(
2864
                        &operation->data.ctx.transparent_test_driver_ctx,
2865
                        output, output_size, output_length ) );
2866
#endif /* PSA_CRYPTO_DRIVER_TEST */
2867
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2868
0
        default:
2869
0
            (void) output;
2870
0
            (void) output_size;
2871
0
            (void) output_length;
2872
0
            return( PSA_ERROR_INVALID_ARGUMENT );
2873
0
    }
2874
0
}
2875
2876
static inline psa_status_t psa_driver_wrapper_pake_abort(
2877
    psa_pake_operation_t * operation )
2878
0
{
2879
0
    switch( operation->id )
2880
0
    {
2881
0
#if defined(MBEDTLS_PSA_BUILTIN_PAKE)
2882
0
        case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
2883
0
            return( mbedtls_psa_pake_abort( &operation->data.ctx.mbedtls_ctx ) );
2884
0
#endif /* MBEDTLS_PSA_BUILTIN_PAKE */
2885
2886
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
2887
#if defined(PSA_CRYPTO_DRIVER_TEST)
2888
        case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID:
2889
            return( mbedtls_test_transparent_pake_abort(
2890
                        &operation->data.ctx.transparent_test_driver_ctx ) );
2891
#endif /* PSA_CRYPTO_DRIVER_TEST */
2892
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
2893
0
        default:
2894
0
            return( PSA_ERROR_INVALID_ARGUMENT );
2895
0
    }
2896
0
}
2897
2898
#endif /* MBEDTLS_PSA_CRYPTO_C */