diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h index 1b3d59fabce5..f3a2fbfd0498 100644 --- a/include/mbedtls/build_info.h +++ b/include/mbedtls/build_info.h @@ -60,7 +60,7 @@ #endif #if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/mbedtls_config.h" +#include "mbedtls/config.h" #else #include MBEDTLS_CONFIG_FILE #endif diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 8a05efd8b423..2ca593a79e7e 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -901,7 +901,7 @@ psa_status_t psa_hash_compare(psa_algorithm_t alg, const uint8_t *input, size_t input_length, const uint8_t *hash, - size_t hash_length); + const size_t hash_length); /** The type of the state data structure for multipart hash operations. * @@ -1259,7 +1259,7 @@ psa_status_t psa_mac_verify(mbedtls_svc_key_id_t key, const uint8_t *input, size_t input_length, const uint8_t *mac, - size_t mac_length); + const size_t mac_length); /** The type of the state data structure for multipart MAC operations. * diff --git a/include/psa/crypto_accel_driver.h b/include/psa/crypto_accel_driver.h new file mode 100644 index 000000000000..9fa6c86a9473 --- /dev/null +++ b/include/psa/crypto_accel_driver.h @@ -0,0 +1,169 @@ +/** + * \file psa/crypto_accel_driver.h + * \brief PSA cryptography accelerator driver module + * + * This header declares types and function signatures for cryptography + * drivers that access key material directly. This is meant for + * on-chip cryptography accelerators. + * + * This file is part of the PSA Crypto Driver Model, containing functions for + * driver developers to implement to enable hardware to be called in a + * standardized way by a PSA Cryptographic API implementation. The functions + * comprising the driver model, which driver authors implement, are not + * intended to be called by application developers. + */ + +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#ifndef PSA_CRYPTO_ACCEL_DRIVER_H + #define PSA_CRYPTO_ACCEL_DRIVER_H + + #include "crypto_driver_common.h" + + #ifdef __cplusplus +extern "C" { + #endif + +/** Import vendor defined key data into a slot. + * + * `slot->type` must have been set previously. + * This function assumes that the slot does not contain any key material yet. + * On failure, the slot content is unchanged. + * + * Persistent storage is not affected. + * + * \param[in,out] slot The key slot to import data into. + * Its `type` field must have previously been set to + * the desired key type. + * It must not contain any key material yet. + * \param[in] data Buffer containing the key material to parse and import. + * \param data_length Size of \p data in bytes. + * \param write_to_persistent_memory Specify if the imported key needs to be written to persistent memory. + * + * \retval PSA_SUCCESS + * \retval PSA_ERROR_INVALID_ARGUMENT + * \retval PSA_ERROR_NOT_SUPPORTED + * \retval PSA_ERROR_INSUFFICIENT_MEMORY + * \retval Implementation dependent + */ +psa_status_t psa_import_key_into_slot_vendor(const psa_key_attributes_t * attributes, + psa_key_slot_t * slot, + const uint8_t * data, + size_t data_length, + mbedtls_svc_key_id_t * key, + bool write_to_persistent_memory); + +/** + * \brief Generate a vendor defined key or key pair. + * + * \note This function has to be defined by the vendor if MBEDTLS_PSA_CRYPTO_ACCEL_DRV_C + * is defined. Do not use this function directly; + * to generate a key, use psa_generate_key() instead. + * + * \param[in] slot + * \param[in] bits + * \param[in] domain_parameters + * \param[in] domain_parameters_size + * + * + * \retval #PSA_SUCCESS + * Success. + * If the key is persistent, the key material and the key's metadata + * have been saved to persistent storage. + * + * \retval #PSA_ERROR_NOT_SUPPORTED + * \retval Implementation dependent. + */ +psa_status_t psa_generate_key_vendor(psa_key_slot_t * slot, + size_t bits, + const uint8_t * domain_parameters, + size_t domain_parameters_size); + +/** + * \brief Generate symmetric key of vendor defined format. + * + * \warning This function **can** fail! Callers MUST check the return status + * and MUST NOT use the content of the output buffer if the return + * status is not #PSA_SUCCESS. + * + * \note This function has to be defined by the vendor if MBEDTLS_PSA_CRYPTO_ACCEL_DRV_C + * is defined. + * A weakly linked version is provided by default and returns + * PSA_ERROR_NOT_SUPPORTED. Do not use this function directly; + * to generate a key, use psa_generate_key() instead. + * + * \param[in] type Type of symmetric key to be generated. + * \param[out] output Output buffer for the generated data. + * \param[out] output_size Number of bytes to generate and output. + * + * \retval #PSA_SUCCESS + * \retval #PSA_ERROR_NOT_SUPPORTED + * \retval Implementation dependent + */ +psa_status_t psa_generate_symmetric_vendor(psa_key_type_t type, size_t bits, uint8_t * output, size_t output_size); + +/** Finalize the creation of a vendor defined key once its key material has been set. + * + * This entails writing the key to persistent storage. + * + * This function is to be called only by psa_finish_key_creation(). + * + * \param[in,out] slot Pointer to the slot with key material. + * + * \retval #PSA_SUCCESS + * The key was successfully created. The handle is now valid. + * \return If this function fails, the key slot is an invalid state. + */ +psa_status_t psa_finish_key_creation_vendor(psa_key_slot_t * slot); + +/** + * \brief Perform vendor specific setup for cipher operations. + * + * + * \note This function has to be defined by the vendor if MBEDTLS_PSA_CRYPTO_ACCEL_DRV_C + * is defined. + * A weakly linked version is provided by default and returns + * PSA_ERROR_NOT_SUPPORTED. Do not use this function directly; + * to generate a key, use psa_generate_key() instead. + * + * \param[in,out] operation The operation object to set up. It must have + * been initialized as per the documentation for + * #psa_cipher_operation_t and not yet in use. + * \param handle Handle to the key to use for the operation. + * It must remain valid until the operation + * terminates. + * \param alg The cipher algorithm to compute + * (\c PSA_ALG_XXX value such that + * #PSA_ALG_IS_CIPHER(\p alg) is true). + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_NOT_SUPPORTED + * . + */ +psa_status_t psa_cipher_setup_vendor(psa_cipher_operation_t * operation, + psa_key_slot_t * slot, + psa_algorithm_t alg, + mbedtls_operation_t cipher_operation); + +/**@}*/ + + #ifdef __cplusplus +} + #endif + +#endif /* PSA_CRYPTO_ACCEL_DRIVER_H */ diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h index 3d6bb2c1e814..a3bbb63ce8b1 100644 --- a/include/psa/crypto_sizes.h +++ b/include/psa/crypto_sizes.h @@ -840,7 +840,7 @@ */ #define PSA_EXPORT_KEY_OUTPUT_SIZE(key_type, key_bits) \ (PSA_KEY_TYPE_IS_UNSTRUCTURED(key_type) ? PSA_BITS_TO_BYTES(key_bits) : \ - (key_type) == PSA_KEY_TYPE_RSA_KEY_PAIR ? PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(key_bits) : \ + PSA_KEY_TYPE_IS_RSA_KEY_PAIR (key_type) ? PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(key_bits) : \ (key_type) == PSA_KEY_TYPE_RSA_PUBLIC_KEY ? PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \ (key_type) == PSA_KEY_TYPE_DSA_KEY_PAIR ? PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE(key_bits) : \ (key_type) == PSA_KEY_TYPE_DSA_PUBLIC_KEY ? PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \ diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 39acd96c5287..524bc7856504 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -505,6 +505,10 @@ */ #define PSA_KEY_TYPE_AES ((psa_key_type_t) 0x2400) +/** Whether a key type is AES; plaintext or wrapped. */ +#define PSA_KEY_TYPE_IS_AES(type) ((((type) == PSA_KEY_TYPE_AES) != 0) || \ + (((type) == (PSA_KEY_TYPE_VENDOR_FLAG | PSA_KEY_TYPE_AES)) != 0)) + /** Key for a cipher, AEAD or MAC algorithm based on the * ARIA block cipher. */ #define PSA_KEY_TYPE_ARIA ((psa_key_type_t) 0x2406) @@ -546,10 +550,17 @@ * * The size of an RSA key is the bit size of the modulus. */ -#define PSA_KEY_TYPE_RSA_KEY_PAIR ((psa_key_type_t) 0x7001) +#define PSA_KEY_TYPE_RSA_KEY_PAIR ((psa_key_type_t)0x7001) + +/** Whether a key type is an RSA key pair; standard or vendor. */ +#define PSA_KEY_TYPE_IS_RSA_KEY_PAIR(type) \ + ((type == PSA_KEY_TYPE_RSA_KEY_PAIR) || \ + (type == (PSA_KEY_TYPE_RSA_KEY_PAIR | PSA_KEY_TYPE_VENDOR_FLAG))) + /** Whether a key type is an RSA key (pair or public-only). */ #define PSA_KEY_TYPE_IS_RSA(type) \ - (PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) == PSA_KEY_TYPE_RSA_PUBLIC_KEY) + ((PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) == PSA_KEY_TYPE_RSA_PUBLIC_KEY) || \ + (PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) == (PSA_KEY_TYPE_RSA_PUBLIC_KEY | PSA_KEY_TYPE_VENDOR_FLAG))) #define PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE ((psa_key_type_t) 0x4100) #define PSA_KEY_TYPE_ECC_KEY_PAIR_BASE ((psa_key_type_t) 0x7100) @@ -579,16 +590,22 @@ /** Whether a key type is an elliptic curve key (pair or public-only). */ #define PSA_KEY_TYPE_IS_ECC(type) \ - ((PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) & \ - ~PSA_KEY_TYPE_ECC_CURVE_MASK) == PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE) + (((PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) & \ + ~PSA_KEY_TYPE_ECC_CURVE_MASK) == PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE) || \ + ((PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) & \ + ~PSA_KEY_TYPE_ECC_CURVE_MASK) == (PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE | PSA_KEY_TYPE_VENDOR_FLAG))) /** Whether a key type is an elliptic curve key pair. */ #define PSA_KEY_TYPE_IS_ECC_KEY_PAIR(type) \ - (((type) & ~PSA_KEY_TYPE_ECC_CURVE_MASK) == \ - PSA_KEY_TYPE_ECC_KEY_PAIR_BASE) + ((((type) & ~PSA_KEY_TYPE_ECC_CURVE_MASK) == \ + PSA_KEY_TYPE_ECC_KEY_PAIR_BASE) || \ + (((type) & ~PSA_KEY_TYPE_ECC_CURVE_MASK) == \ + (PSA_KEY_TYPE_ECC_KEY_PAIR_BASE | PSA_KEY_TYPE_VENDOR_FLAG))) /** Whether a key type is an elliptic curve public key. */ #define PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(type) \ - (((type) & ~PSA_KEY_TYPE_ECC_CURVE_MASK) == \ - PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE) + ((((type) & ~PSA_KEY_TYPE_ECC_CURVE_MASK) == \ + PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE) || \ + (((type) & ~PSA_KEY_TYPE_ECC_CURVE_MASK) == \ + (PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE | PSA_KEY_TYPE_VENDOR_FLAG))) /** Extract the curve from an elliptic curve key type. */ #define PSA_KEY_TYPE_ECC_GET_FAMILY(type) \ @@ -2301,6 +2318,11 @@ */ #define PSA_KEY_LIFETIME_PERSISTENT ((psa_key_lifetime_t) 0x00000001) +#define PSA_KEY_LIFETIME_IS_PERSISTENT(lifetime) \ + (((lifetime) & PSA_KEY_LIFETIME_PERSISTENT) != 0) + +#define PSA_KEY_LIFETIME_VENDOR_FLAG ((psa_key_lifetime_t)0x80000000) + /** The persistence level of volatile keys. * * See ::psa_key_persistence_t for more information. diff --git a/library/cipher.c b/library/cipher.c index 81e855d46575..e9fc658c2e5a 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -23,7 +23,7 @@ #include "common.h" -#if defined(MBEDTLS_CIPHER_C) +#if defined(MBEDTLS_CIPHER_C) && !defined(MBEDTLS_CIPHER_ALT) #include "mbedtls/cipher.h" #include "cipher_wrap.h" diff --git a/library/constant_time.c b/library/constant_time.c index 552a918f43ab..4fe873c8cc3c 100644 --- a/library/constant_time.c +++ b/library/constant_time.c @@ -252,7 +252,7 @@ unsigned mbedtls_ct_size_bool_eq(size_t x, return 1 ^ diff1; } -#if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT) +#if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) /** Constant-flow "greater than" comparison: * return x > y @@ -413,7 +413,7 @@ signed char mbedtls_ct_base64_dec_value(unsigned char c) #endif /* MBEDTLS_BASE64_C */ -#if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT) +#if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) /** Shift some data towards the left inside a buffer. * @@ -910,7 +910,7 @@ int mbedtls_mpi_lt_mpi_ct(const mbedtls_mpi *X, #endif /* MBEDTLS_BIGNUM_C */ -#if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT) +#if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) int mbedtls_ct_rsaes_pkcs1_v15_unpadding(unsigned char *input, size_t ilen, diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c index acc4208cc37b..ee722b3d0d98 100644 --- a/library/ctr_drbg.c +++ b/library/ctr_drbg.c @@ -24,7 +24,7 @@ #include "common.h" -#if defined(MBEDTLS_CTR_DRBG_C) +#if !defined(MBEDTLS_CTR_DRBG_C_ALT) #include "mbedtls/ctr_drbg.h" #include "mbedtls/platform_util.h" diff --git a/library/ecdh.c b/library/ecdh.c index b529af59c9fb..fe427fff1f2f 100644 --- a/library/ecdh.c +++ b/library/ecdh.c @@ -34,6 +34,14 @@ #include +#if !defined(MBEDTLS_ECDH_ALT) + +/* Parameter validation macros based on platform_util.h */ +#define ECDH_VALIDATE_RET( cond ) \ + MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_ECP_BAD_INPUT_DATA ) +#define ECDH_VALIDATE( cond ) \ + MBEDTLS_INTERNAL_VALIDATE( cond ) + #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) typedef mbedtls_ecdh_context mbedtls_ecdh_context_mbed; #endif @@ -694,4 +702,6 @@ int mbedtls_ecdh_calc_secret(mbedtls_ecdh_context *ctx, size_t *olen, } #endif } + +#endif /* !MBEDTLS_ECDH_ALT */ #endif /* MBEDTLS_ECDH_C */ diff --git a/library/entropy.c b/library/entropy.c index e55410c76d68..1fe847ed6602 100644 --- a/library/entropy.c +++ b/library/entropy.c @@ -32,10 +32,14 @@ #include #endif +#if defined(MBEDTLS_ENTROPY_NV_SEED) || defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" +#endif -#include "mbedtls/platform.h" - +#if defined(MBEDTLS_SELF_TEST) && !defined(MBEDTLS_PLATFORM_C) +#include +#define mbedtls_printf printf +#endif /* MBEDTLS_SELF_TEST */ #define ENTROPY_MAX_LOOP 256 /**< Maximum amount to loop before error */ diff --git a/library/platform.c b/library/platform.c index b15b7b29adc3..dfd6741001c6 100644 --- a/library/platform.c +++ b/library/platform.c @@ -53,8 +53,8 @@ static void platform_free_uninit(void *ptr) #define MBEDTLS_PLATFORM_STD_FREE platform_free_uninit #endif /* !MBEDTLS_PLATFORM_STD_FREE */ -static void * (*mbedtls_calloc_func)(size_t, size_t) = MBEDTLS_PLATFORM_STD_CALLOC; -static void (*mbedtls_free_func)(void *) = MBEDTLS_PLATFORM_STD_FREE; +void * (*mbedtls_calloc_func)(size_t, size_t) = MBEDTLS_PLATFORM_STD_CALLOC; +void (*mbedtls_free_func)(void *) = MBEDTLS_PLATFORM_STD_FREE; void *mbedtls_calloc(size_t nmemb, size_t size) { diff --git a/library/platform_util.c b/library/platform_util.c index f891cd48a3cf..e3c5063537fb 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -99,7 +99,7 @@ */ #if !defined(MBEDTLS_PLATFORM_HAS_EXPLICIT_BZERO) && !defined(__STDC_LIB_EXT1__) \ && !defined(_WIN32) -static void *(*const volatile memset_func)(void *, int, size_t) = memset; +void *(*const volatile memset_func)(void *, int, size_t) = memset; #endif void mbedtls_platform_zeroize(void *buf, size_t len) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index bc19ed07c7f2..5d403189c106 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -82,6 +82,11 @@ #include "mbedtls/sha512.h" #include "hash_info.h" +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) +#include "tfm_crypto_defs.h" +#include "tfm_builtin_key_loader.h" +#endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */ + #define ARRAY_LENGTH(array) (sizeof(array) / sizeof(*(array))) #if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) || \ @@ -1011,7 +1016,13 @@ static psa_status_t psa_get_and_lock_transparent_key_slot_with_policy( return status; } - if (psa_key_lifetime_is_external((*p_slot)->attr.lifetime)) { + + if( psa_key_lifetime_is_external( (*p_slot)->attr.lifetime ) +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) + && PSA_KEY_LIFETIME_GET_LOCATION((*p_slot)->attr.lifetime) != TFM_BUILTIN_KEY_LOADER_KEY_LOCATION +#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */ + ) + { psa_unlock_key_slot(*p_slot); *p_slot = NULL; return PSA_ERROR_NOT_SUPPORTED; @@ -1312,7 +1323,7 @@ psa_status_t psa_get_key_slot_number( } #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ -static psa_status_t psa_export_key_buffer_internal(const uint8_t *key_buffer, +psa_status_t psa_export_key_buffer_internal(const uint8_t *key_buffer, size_t key_buffer_size, uint8_t *data, size_t data_size, @@ -1749,7 +1760,7 @@ static psa_status_t psa_start_key_creation( * \return If this function fails, the key slot is an invalid state. * You must call psa_fail_key_creation() to wipe and free the slot. */ -static psa_status_t psa_finish_key_creation( +psa_status_t psa_finish_key_creation( psa_key_slot_t *slot, psa_se_drv_table_entry_t *driver, mbedtls_svc_key_id_t *key) @@ -1776,6 +1787,13 @@ static psa_status_t psa_finish_key_creation( sizeof(data)); } else #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ +#if defined (MBEDTLS_PSA_CRYPTO_ACCEL_DRV_C) + if (PSA_KEY_TYPE_IS_VENDOR_DEFINED(slot->attr.type)) + { + status = psa_finish_key_creation_vendor( slot ); + } + else +#endif /* MBEDTLS_PSA_CRYPTO_ACCEL_DRV_C */ { /* Key material is saved in export representation in the slot, so * just pass the slot buffer for storage. */ @@ -1963,6 +1981,15 @@ psa_status_t psa_import_key(const psa_key_attributes_t *attributes, goto exit; } + +#if defined (MBEDTLS_PSA_CRYPTO_ACCEL_DRV_C) + if (PSA_KEY_TYPE_IS_VENDOR_DEFINED(slot->attr.type)) + { + status = psa_import_key_into_slot_vendor( attributes, slot, data, data_length, key, true ); + goto exit; + } +#endif /* MBEDTLS_PSA_CRYPTO_ACCEL_DRV_C */ + /* In the case of a transparent key or an opaque key stored in local * storage ( thus not in the case of importing a key in a secure element * with storage ( MBEDTLS_PSA_CRYPTO_SE_C ) ),we have to allocate a @@ -2959,7 +2986,7 @@ psa_status_t psa_sign_hash_builtin( psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, uint8_t *signature, size_t signature_size, size_t *signature_length) { - if (attributes->core.type == PSA_KEY_TYPE_RSA_KEY_PAIR) { + if( PSA_KEY_TYPE_IS_RSA_KEY_PAIR(attributes->core.type) ) { if (PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) || PSA_ALG_IS_RSA_PSS(alg)) { #if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ @@ -3974,6 +4001,15 @@ static psa_status_t psa_cipher_setup(psa_cipher_operation_t *operation, .core = slot->attr }; + +#if defined (MBEDTLS_PSA_CRYPTO_ACCEL_DRV_C) + if (PSA_KEY_TYPE_IS_VENDOR_DEFINED(slot->attr.type)) + { + status = psa_cipher_setup_vendor(operation, slot, alg, cipher_operation); + goto exit; + } +#endif /* MBEDTLS_PSA_CRYPTO_ACCEL_DRV_C */ + /* Try doing the operation through a driver before using software fallback. */ if (cipher_operation == MBEDTLS_ENCRYPT) { status = psa_driver_wrapper_cipher_encrypt_setup(operation, @@ -7024,6 +7060,15 @@ psa_status_t psa_generate_key(const psa_key_attributes_t *attributes, goto exit; } +#if defined(MBEDTLS_PSA_CRYPTO_ACCEL_DRV_C) + if (PSA_KEY_TYPE_IS_VENDOR_DEFINED(slot->attr.type)) + { + status = psa_generate_key_vendor(slot, attributes->core.bits, + attributes->domain_parameters, attributes->domain_parameters_size); + goto exit; + } +#endif /* MBEDTLS_PSA_CRYPTO_ACCEL_DRV_C */ + /* In the case of a transparent key or an opaque key stored in local * storage ( thus not in the case of generating a key in a secure element * with storage ( MBEDTLS_PSA_CRYPTO_SE_C ) ),we have to allocate a diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c index 85d1f39be77b..64e72b0305e6 100644 --- a/library/psa_crypto_aead.c +++ b/library/psa_crypto_aead.c @@ -46,13 +46,35 @@ static psa_status_t psa_aead_setup( size_t key_bits; const mbedtls_cipher_info_t *cipher_info; mbedtls_cipher_id_t cipher_id; + psa_key_type_t temp_keytype = 0; (void) key_buffer_size; key_bits = attributes->core.bits; + #if defined (MBEDTLS_PSA_CRYPTO_ACCEL_DRV_C) + if (PSA_KEY_TYPE_IS_VENDOR_DEFINED(attributes->core.type)) + { + /* The mbedcrypto implementation obtains the list of methods based on the keybit size. + * Since the wrapped keybit size does not correspond to the raw key size i.e the + * AES256 raw bit size is 256 but the wrapped size is 416 bytes, provide the 256 bit value + * to mbedcrypto so that the right methods are invoked. */ + status = vendor_bitlength_to_raw_bitlength(attributes->core.type, attributes->core.bits, &key_bits); + if (status != PSA_SUCCESS) + { + return status; + } + + temp_keytype = (psa_key_type_t)(attributes->core.type & ~PSA_KEY_TYPE_VENDOR_FLAG); + } + else +#endif /* MBEDTLS_PSA_CRYPTO_ACCEL_DRV_C */ + { + temp_keytype = (psa_key_type_t)(attributes->core.type); + } + cipher_info = mbedtls_cipher_info_from_psa(alg, - attributes->core.type, key_bits, + temp_keytype, key_bits, &cipher_id); if (cipher_info == NULL) { return PSA_ERROR_NOT_SUPPORTED; diff --git a/library/psa_crypto_cipher.c b/library/psa_crypto_cipher.c index c501144e3f16..eab9cdd452ee 100644 --- a/library/psa_crypto_cipher.c +++ b/library/psa_crypto_cipher.c @@ -101,6 +101,11 @@ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa( mode = MBEDTLS_MODE_CHACHAPOLY; break; #endif + + case PSA_ALG_XTS: + mode = MBEDTLS_MODE_XTS; + break; + default: return NULL; } diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h index 8bc1b647c0e9..623cc9573f79 100644 --- a/library/psa_crypto_core.h +++ b/library/psa_crypto_core.h @@ -154,8 +154,8 @@ static inline void psa_key_slot_set_flags(psa_key_slot_t *slot, uint16_t mask, uint16_t value) { - slot->attr.flags = ((~mask & slot->attr.flags) | - (mask & value)); + slot->attr.flags = (psa_key_attributes_flag_t) ( ( ~mask & slot->attr.flags ) | + ( mask & value ) ); } /** Turn on flags in psa_key_slot_t::attr::core::flags. @@ -177,7 +177,7 @@ static inline void psa_key_slot_set_bits_in_flags(psa_key_slot_t *slot, static inline void psa_key_slot_clear_bits(psa_key_slot_t *slot, uint16_t mask) { - slot->attr.flags &= ~mask; + slot->attr.flags = (psa_key_attributes_flag_t) (slot->attr.flags & (~mask)); } #if defined(MBEDTLS_PSA_CRYPTO_SE_C) diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index 9e946e367021..3fcc94925f8d 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -42,13 +42,31 @@ #if defined(PSA_CRYPTO_DRIVER_TEST) #include "test/drivers/test_driver.h" +#endif /* PSA_CRYPTO_DRIVER_TEST */ + +#if defined(PSA_CRYPTO_DRIVER_CC3XX) +#ifndef PSA_CRYPTO_DRIVER_PRESENT +#define PSA_CRYPTO_DRIVER_PRESENT #endif -/* Headers for mbedtls_test transparent driver */ -#if defined(PSA_CRYPTO_DRIVER_TEST) -#include "test/drivers/test_driver.h" +#ifndef PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT +#define PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT +#endif +#include "cc3xx.h" +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ +/* Include TF-M builtin key driver */ +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) +#ifndef PSA_CRYPTO_DRIVER_PRESENT +#define PSA_CRYPTO_DRIVER_PRESENT +#endif +#ifndef PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT +#define PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT #endif +#include "tfm_crypto_defs.h" +#include "tfm_builtin_key_loader.h" +#endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */ +/* Repeat above block for each JSON-declared driver during autogeneration */ #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS */ /* END-driver headers */ @@ -66,6 +84,14 @@ /* END-Common Macro definitions */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) +#define PSA_CRYPTO_CC3XX_DRIVER_ID (4) +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ + +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) +#define PSA_CRYPTO_TFM_BUILTIN_KEY_LOADER_DRIVER_ID (5) +#endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */ + /* Support the 'old' SE interface when asked to */ #if defined(MBEDTLS_PSA_CRYPTO_SE_C) /* PSA_CRYPTO_DRIVER_PRESENT is defined when either a new-style or old-style @@ -80,6 +106,12 @@ psa_status_t psa_driver_wrapper_init( void ) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + status = cc3xx_init(); + if (status != PSA_SUCCESS) + return ( status ); +#endif + #if defined(MBEDTLS_PSA_CRYPTO_SE_C) status = psa_init_all_se_drivers( ); if( status != PSA_SUCCESS ) @@ -102,6 +134,10 @@ psa_status_t psa_driver_wrapper_init( void ) void psa_driver_wrapper_free( void ) { +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + (void)cc3xx_free(); +#endif + #if defined(MBEDTLS_PSA_CRYPTO_SE_C) /* Unregister all secure element drivers, so that we restart from * a pristine state. */ @@ -133,6 +169,9 @@ psa_status_t psa_driver_wrapper_sign_message( switch( location ) { case PSA_KEY_LOCATION_LOCAL_STORAGE: +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) + case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION: +#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */ /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) @@ -151,6 +190,19 @@ psa_status_t psa_driver_wrapper_sign_message( if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + status = cc3xx_sign_message( + attributes, + key_buffer, + key_buffer_size, + alg, + input, + input_length, + signature, + signature_size, + signature_length ); + return( status ); +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ break; @@ -207,6 +259,9 @@ psa_status_t psa_driver_wrapper_verify_message( switch( location ) { case PSA_KEY_LOCATION_LOCAL_STORAGE: +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) + case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION: +#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */ /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) @@ -224,6 +279,18 @@ psa_status_t psa_driver_wrapper_verify_message( if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + status = cc3xx_verify_message( + attributes, + key_buffer, + key_buffer_size, + alg, + input, + input_length, + signature, + signature_length ); + return( status ); +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ break; @@ -294,6 +361,9 @@ psa_status_t psa_driver_wrapper_sign_hash( switch( location ) { case PSA_KEY_LOCATION_LOCAL_STORAGE: +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) + case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION: +#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */ /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) @@ -311,7 +381,20 @@ psa_status_t psa_driver_wrapper_sign_hash( if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + status = cc3xx_sign_hash( attributes, + key_buffer, + key_buffer_size, + alg, + hash, + hash_length, + signature, + signature_size, + signature_length ); + return( status ); +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ +#if !defined(PSA_CRYPTO_DRIVER_CC3XX) /* Fell through, meaning no accelerator supports this operation */ return( psa_sign_hash_builtin( attributes, key_buffer, @@ -322,7 +405,7 @@ psa_status_t psa_driver_wrapper_sign_hash( signature, signature_size, signature_length ) ); - +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ /* Add cases for opaque driver here */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) @@ -378,9 +461,23 @@ psa_status_t psa_driver_wrapper_verify_hash( switch( location ) { case PSA_KEY_LOCATION_LOCAL_STORAGE: +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) + case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION: +#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */ /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + status = cc3xx_verify_hash( attributes, + key_buffer, + key_buffer_size, + alg, + hash, + hash_length, + signature, + signature_length ); + return( status ); +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ #if defined(PSA_CRYPTO_DRIVER_TEST) status = mbedtls_test_transparent_signature_verify_hash( attributes, @@ -396,7 +493,7 @@ psa_status_t psa_driver_wrapper_verify_hash( return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ - +#if !defined(PSA_CRYPTO_DRIVER_CC3XX) return( psa_verify_hash_builtin( attributes, key_buffer, key_buffer_size, @@ -405,7 +502,7 @@ psa_status_t psa_driver_wrapper_verify_hash( hash_length, signature, signature_length ) ); - +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ /* Add cases for opaque driver here */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) @@ -756,7 +853,11 @@ psa_status_t psa_driver_wrapper_get_key_buffer_size( return( ( *key_buffer_size != 0 ) ? PSA_SUCCESS : PSA_ERROR_NOT_SUPPORTED ); #endif /* PSA_CRYPTO_DRIVER_TEST */ - +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) + case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION: + return tfm_builtin_key_loader_get_key_buffer_size(psa_get_key_id(attributes), + key_buffer_size); +#endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */ default: (void)key_type; (void)key_bits; @@ -796,11 +897,20 @@ psa_status_t psa_driver_wrapper_generate_key( switch( location ) { case PSA_KEY_LOCATION_LOCAL_STORAGE: +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) + case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION: +#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) /* Transparent drivers are limited to generating asymmetric keys */ if( PSA_KEY_TYPE_IS_ASYMMETRIC( attributes->core.type ) ) { /* Cycle through all known transparent accelerators */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + status = cc3xx_generate_key( + attributes, key_buffer, key_buffer_size, + key_buffer_length ); + break; +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ #if defined(PSA_CRYPTO_DRIVER_TEST) status = mbedtls_test_transparent_generate_key( attributes, key_buffer, key_buffer_size, @@ -882,6 +992,9 @@ psa_status_t psa_driver_wrapper_import_key( switch( location ) { case PSA_KEY_LOCATION_LOCAL_STORAGE: +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) + case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION: +#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */ /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) @@ -968,6 +1081,9 @@ psa_status_t psa_driver_wrapper_export_key( switch( location ) { case PSA_KEY_LOCATION_LOCAL_STORAGE: +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) + case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION: +#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */ return( psa_export_key_internal( attributes, key_buffer, key_buffer_size, @@ -1033,6 +1149,9 @@ psa_status_t psa_driver_wrapper_export_public_key( switch( location ) { case PSA_KEY_LOCATION_LOCAL_STORAGE: +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) + case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION: +#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */ /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) @@ -1049,10 +1168,19 @@ psa_status_t psa_driver_wrapper_export_public_key( if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); -#endif - - +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + status = cc3xx_export_public_key( + attributes, + key_buffer, + key_buffer_size, + data, + data_size, + data_length ); + return( status ); +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ +#if !defined(PSA_CRYPTO_DRIVER_CC3XX) /* Fell through, meaning no accelerator supports this operation */ return( psa_export_public_key_internal( attributes, key_buffer, @@ -1060,7 +1188,7 @@ psa_status_t psa_driver_wrapper_export_public_key( data, data_size, data_length ) ); - +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ /* Add cases for opaque driver here */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) @@ -1109,6 +1237,13 @@ psa_status_t psa_driver_wrapper_get_builtin_key( #endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) + case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION: + return( tfm_builtin_key_loader_get_key_buffer( + slot_number, + attributes, + key_buffer, key_buffer_size, key_buffer_length ) ); +#endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */ default: (void) slot_number; (void) key_buffer; @@ -1194,6 +1329,9 @@ psa_status_t psa_driver_wrapper_cipher_encrypt( switch( location ) { case PSA_KEY_LOCATION_LOCAL_STORAGE: +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) + case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION: +#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */ /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) @@ -1213,9 +1351,23 @@ psa_status_t psa_driver_wrapper_cipher_encrypt( if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + status = cc3xx_cipher_encrypt( attributes, + key_buffer, + key_buffer_size, + alg, + iv, + iv_length, + input, + input_length, + output, + output_size, + output_length ); + return( status ); +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ -#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) +#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) && !defined(PSA_CRYPTO_DRIVER_CC3XX) return( mbedtls_psa_cipher_encrypt( attributes, key_buffer, key_buffer_size, @@ -1284,6 +1436,9 @@ psa_status_t psa_driver_wrapper_cipher_decrypt( switch( location ) { case PSA_KEY_LOCATION_LOCAL_STORAGE: +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) + case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION: +#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */ /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) @@ -1301,9 +1456,21 @@ psa_status_t psa_driver_wrapper_cipher_decrypt( if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + status = cc3xx_cipher_decrypt( attributes, + key_buffer, + key_buffer_size, + alg, + input, + input_length, + output, + output_size, + output_length ); + return( status ); +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ -#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) +#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) && !defined(PSA_CRYPTO_DRIVER_CC3XX) return( mbedtls_psa_cipher_decrypt( attributes, key_buffer, key_buffer_size, @@ -1361,6 +1528,9 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup( switch( location ) { case PSA_KEY_LOCATION_LOCAL_STORAGE: +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) + case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION: +#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */ /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) @@ -1378,8 +1548,18 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup( if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + status = cc3xx_cipher_encrypt_setup( + &operation->ctx.cc3xx_driver_ctx, + attributes, + key_buffer, + key_buffer_size, + alg ); + operation->id = PSA_CRYPTO_CC3XX_DRIVER_ID; + return( status ); +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ -#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) +#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) && !defined(PSA_CRYPTO_DRIVER_CC3XX) /* Fell through, meaning no accelerator supports this operation */ status = mbedtls_psa_cipher_encrypt_setup( &operation->ctx.mbedtls_ctx, attributes, @@ -1434,6 +1614,9 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup( switch( location ) { case PSA_KEY_LOCATION_LOCAL_STORAGE: +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) + case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION: +#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */ /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) @@ -1451,8 +1634,18 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup( if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + status = cc3xx_cipher_decrypt_setup( + &operation->ctx.cc3xx_driver_ctx, + attributes, + key_buffer, + key_buffer_size, + alg ); + operation->id = PSA_CRYPTO_CC3XX_DRIVER_ID; + return( status ); +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ -#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) +#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) && !defined(PSA_CRYPTO_DRIVER_CC3XX) /* Fell through, meaning no accelerator supports this operation */ status = mbedtls_psa_cipher_decrypt_setup( &operation->ctx.mbedtls_ctx, attributes, @@ -1501,7 +1694,7 @@ psa_status_t psa_driver_wrapper_cipher_set_iv( { switch( operation->id ) { -#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) +#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) && !defined(PSA_CRYPTO_DRIVER_CC3XX) case PSA_CRYPTO_MBED_TLS_DRIVER_ID: return( mbedtls_psa_cipher_set_iv( &operation->ctx.mbedtls_ctx, iv, @@ -1520,6 +1713,12 @@ psa_status_t psa_driver_wrapper_cipher_set_iv( &operation->ctx.opaque_test_driver_ctx, iv, iv_length ) ); #endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + case PSA_CRYPTO_CC3XX_DRIVER_ID: + return( cc3xx_cipher_set_iv( + &operation->ctx.cc3xx_driver_ctx, + iv, iv_length ) ); +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ } @@ -1539,7 +1738,7 @@ psa_status_t psa_driver_wrapper_cipher_update( { switch( operation->id ) { -#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) +#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) && !defined(PSA_CRYPTO_DRIVER_CC3XX) case PSA_CRYPTO_MBED_TLS_DRIVER_ID: return( mbedtls_psa_cipher_update( &operation->ctx.mbedtls_ctx, input, @@ -1563,6 +1762,13 @@ psa_status_t psa_driver_wrapper_cipher_update( input, input_length, output, output_size, output_length ) ); #endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + case PSA_CRYPTO_CC3XX_DRIVER_ID: + return( cc3xx_cipher_update( + &operation->ctx.cc3xx_driver_ctx, + input, input_length, + output, output_size, output_length ) ); +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ } @@ -1583,7 +1789,7 @@ psa_status_t psa_driver_wrapper_cipher_finish( { switch( operation->id ) { -#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) +#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) && !defined(PSA_CRYPTO_DRIVER_CC3XX) case PSA_CRYPTO_MBED_TLS_DRIVER_ID: return( mbedtls_psa_cipher_finish( &operation->ctx.mbedtls_ctx, output, @@ -1603,6 +1809,12 @@ psa_status_t psa_driver_wrapper_cipher_finish( &operation->ctx.opaque_test_driver_ctx, output, output_size, output_length ) ); #endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + case PSA_CRYPTO_CC3XX_DRIVER_ID: + return( cc3xx_cipher_finish( + &operation->ctx.cc3xx_driver_ctx, + output, output_size, output_length ) ); +#endif /* PSA_CRYPTO_DRIVER_CC3XX*/ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ } @@ -1620,7 +1832,7 @@ psa_status_t psa_driver_wrapper_cipher_abort( switch( operation->id ) { -#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) +#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) && !defined(PSA_CRYPTO_DRIVER_CC3XX) case PSA_CRYPTO_MBED_TLS_DRIVER_ID: return( mbedtls_psa_cipher_abort( &operation->ctx.mbedtls_ctx ) ); #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */ @@ -1643,6 +1855,15 @@ psa_status_t psa_driver_wrapper_cipher_abort( sizeof( operation->ctx.opaque_test_driver_ctx ) ); return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + case PSA_CRYPTO_CC3XX_DRIVER_ID: + status = cc3xx_cipher_abort( + &operation->ctx.cc3xx_driver_ctx ); + mbedtls_platform_zeroize( + &operation->ctx.cc3xx_driver_ctx, + sizeof( operation->ctx.cc3xx_driver_ctx ) ); + return( status ); +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ } @@ -1664,15 +1885,21 @@ psa_status_t psa_driver_wrapper_hash_compute( psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; /* Try accelerators first */ +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) status = mbedtls_test_transparent_hash_compute( alg, input, input_length, hash, hash_size, hash_length ); if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); -#endif - +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + status = cc3xx_hash_compute(alg, input, input_length, hash, hash_size, + hash_length); + return status; +#endif /* defined(PSA_CRYPTO_DRIVER_CC3XX) */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ /* If software fallback is compiled in, try fallback */ -#if defined(MBEDTLS_PSA_BUILTIN_HASH) +#if defined(MBEDTLS_PSA_BUILTIN_HASH) && !defined(PSA_CRYPTO_DRIVER_CC3XX) status = mbedtls_psa_hash_compute( alg, input, input_length, hash, hash_size, hash_length ); if( status != PSA_ERROR_NOT_SUPPORTED ) @@ -1696,6 +1923,7 @@ psa_status_t psa_driver_wrapper_hash_setup( psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; /* Try setup on accelerators first */ +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) status = mbedtls_test_transparent_hash_setup( &operation->ctx.test_driver_ctx, alg ); @@ -1704,17 +1932,23 @@ psa_status_t psa_driver_wrapper_hash_setup( if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); -#endif +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + status = cc3xx_hash_setup(&operation->ctx.cc3xx_driver_ctx, alg); + operation->id = PSA_CRYPTO_CC3XX_DRIVER_ID; + return( status ); +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ +#if defined(MBEDTLS_PSA_BUILTIN_HASH) && !defined(PSA_CRYPTO_DRIVER_CC3XX) /* If software fallback is compiled in, try fallback */ -#if defined(MBEDTLS_PSA_BUILTIN_HASH) status = mbedtls_psa_hash_setup( &operation->ctx.mbedtls_ctx, alg ); if( status == PSA_SUCCESS ) operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); -#endif +#endif /* defined(MBEDTLS_PSA_BUILTIN_HASH) */ /* Nothing left to try if we fall through here */ (void) status; (void) operation; @@ -1728,19 +1962,29 @@ psa_status_t psa_driver_wrapper_hash_clone( { switch( source_operation->id ) { -#if defined(MBEDTLS_PSA_BUILTIN_HASH) - case PSA_CRYPTO_MBED_TLS_DRIVER_ID: - target_operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; - return( mbedtls_psa_hash_clone( &source_operation->ctx.mbedtls_ctx, - &target_operation->ctx.mbedtls_ctx ) ); -#endif +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: target_operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID; return( mbedtls_test_transparent_hash_clone( &source_operation->ctx.test_driver_ctx, &target_operation->ctx.test_driver_ctx ) ); -#endif +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + case PSA_CRYPTO_CC3XX_DRIVER_ID: + target_operation->id = PSA_CRYPTO_CC3XX_DRIVER_ID; + return( cc3xx_hash_clone( + &source_operation->ctx.cc3xx_driver_ctx, + &target_operation->ctx.cc3xx_driver_ctx ) ); + +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ +#if defined(MBEDTLS_PSA_BUILTIN_HASH) && !defined(PSA_CRYPTO_DRIVER_CC3XX) + case PSA_CRYPTO_MBED_TLS_DRIVER_ID: + target_operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; + return( mbedtls_psa_hash_clone( &source_operation->ctx.mbedtls_ctx, + &target_operation->ctx.mbedtls_ctx ) ); +#endif /* defined(MBEDTLS_PSA_BUILTIN_HASH) */ default: (void) target_operation; return( PSA_ERROR_BAD_STATE ); @@ -1754,17 +1998,25 @@ psa_status_t psa_driver_wrapper_hash_update( { switch( operation->id ) { -#if defined(MBEDTLS_PSA_BUILTIN_HASH) - case PSA_CRYPTO_MBED_TLS_DRIVER_ID: - return( mbedtls_psa_hash_update( &operation->ctx.mbedtls_ctx, - input, input_length ) ); -#endif +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: return( mbedtls_test_transparent_hash_update( &operation->ctx.test_driver_ctx, input, input_length ) ); -#endif +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + case PSA_CRYPTO_CC3XX_DRIVER_ID: + return( cc3xx_hash_update( + &operation->ctx.cc3xx_driver_ctx, + input, input_length ) ); +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ +#if defined(MBEDTLS_PSA_BUILTIN_HASH) && !defined(PSA_CRYPTO_DRIVER_CC3XX) + case PSA_CRYPTO_MBED_TLS_DRIVER_ID: + return( mbedtls_psa_hash_update( &operation->ctx.mbedtls_ctx, + input, input_length ) ); +#endif /* defined(MBEDTLS_PSA_BUILTIN_HASH) */ default: (void) input; (void) input_length; @@ -1780,17 +2032,25 @@ psa_status_t psa_driver_wrapper_hash_finish( { switch( operation->id ) { -#if defined(MBEDTLS_PSA_BUILTIN_HASH) - case PSA_CRYPTO_MBED_TLS_DRIVER_ID: - return( mbedtls_psa_hash_finish( &operation->ctx.mbedtls_ctx, - hash, hash_size, hash_length ) ); -#endif +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: return( mbedtls_test_transparent_hash_finish( &operation->ctx.test_driver_ctx, hash, hash_size, hash_length ) ); -#endif +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + case PSA_CRYPTO_CC3XX_DRIVER_ID: + return( cc3xx_hash_finish( + &operation->ctx.cc3xx_driver_ctx, + hash, hash_size, hash_length ) ); +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ +#if defined(MBEDTLS_PSA_BUILTIN_HASH) && !defined(PSA_CRYPTO_DRIVER_CC3XX) + case PSA_CRYPTO_MBED_TLS_DRIVER_ID: + return( mbedtls_psa_hash_finish( &operation->ctx.mbedtls_ctx, + hash, hash_size, hash_length ) ); +#endif /* defined(MBEDTLS_PSA_BUILTIN_HASH) */ default: (void) hash; (void) hash_size; @@ -1804,15 +2064,22 @@ psa_status_t psa_driver_wrapper_hash_abort( { switch( operation->id ) { -#if defined(MBEDTLS_PSA_BUILTIN_HASH) - case PSA_CRYPTO_MBED_TLS_DRIVER_ID: - return( mbedtls_psa_hash_abort( &operation->ctx.mbedtls_ctx ) ); -#endif +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: return( mbedtls_test_transparent_hash_abort( &operation->ctx.test_driver_ctx ) ); -#endif +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + case PSA_CRYPTO_CC3XX_DRIVER_ID: + return( cc3xx_hash_abort( + &operation->ctx.cc3xx_driver_ctx ) ); +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ +#if defined(MBEDTLS_PSA_BUILTIN_HASH) && !defined(PSA_CRYPTO_DRIVER_CC3XX) + case PSA_CRYPTO_MBED_TLS_DRIVER_ID: + return( mbedtls_psa_hash_abort( &operation->ctx.mbedtls_ctx ) ); +#endif /* defined(MBEDTLS_PSA_BUILTIN_HASH) */ default: return( PSA_ERROR_BAD_STATE ); } @@ -1834,6 +2101,9 @@ psa_status_t psa_driver_wrapper_aead_encrypt( switch( location ) { case PSA_KEY_LOCATION_LOCAL_STORAGE: +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) + case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION: +#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */ /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ @@ -1850,8 +2120,19 @@ psa_status_t psa_driver_wrapper_aead_encrypt( if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ -#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + status = cc3xx_aead_encrypt( + attributes, key_buffer, key_buffer_size, + alg, + nonce, nonce_length, + additional_data, additional_data_length, + plaintext, plaintext_length, + ciphertext, ciphertext_size, ciphertext_length ); + return( status ); +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ +#if !defined(PSA_CRYPTO_DRIVER_CC3XX) /* Fell through, meaning no accelerator supports this operation */ return( mbedtls_psa_aead_encrypt( attributes, key_buffer, key_buffer_size, @@ -1860,7 +2141,7 @@ psa_status_t psa_driver_wrapper_aead_encrypt( additional_data, additional_data_length, plaintext, plaintext_length, ciphertext, ciphertext_size, ciphertext_length ) ); - +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ /* Add cases for opaque driver here */ default: @@ -1886,6 +2167,9 @@ psa_status_t psa_driver_wrapper_aead_decrypt( switch( location ) { case PSA_KEY_LOCATION_LOCAL_STORAGE: +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) + case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION: +#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */ /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ @@ -1902,8 +2186,19 @@ psa_status_t psa_driver_wrapper_aead_decrypt( if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ -#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + status = cc3xx_aead_decrypt( + attributes, key_buffer, key_buffer_size, + alg, + nonce, nonce_length, + additional_data, additional_data_length, + ciphertext, ciphertext_length, + plaintext, plaintext_size, plaintext_length ); + return( status ); +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ +#if !defined(PSA_CRYPTO_DRIVER_CC3XX) /* Fell through, meaning no accelerator supports this operation */ return( mbedtls_psa_aead_decrypt( attributes, key_buffer, key_buffer_size, @@ -1912,7 +2207,7 @@ psa_status_t psa_driver_wrapper_aead_decrypt( additional_data, additional_data_length, ciphertext, ciphertext_length, plaintext, plaintext_size, plaintext_length ) ); - +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ /* Add cases for opaque driver here */ default: @@ -1935,6 +2230,9 @@ psa_status_t psa_driver_wrapper_aead_encrypt_setup( switch( location ) { case PSA_KEY_LOCATION_LOCAL_STORAGE: +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) + case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION: +#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */ /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ @@ -1950,8 +2248,17 @@ psa_status_t psa_driver_wrapper_aead_encrypt_setup( if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ -#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + operation->id = PSA_CRYPTO_CC3XX_DRIVER_ID; + status = cc3xx_aead_encrypt_setup( + &operation->ctx.cc3xx_driver_ctx, + attributes, key_buffer, key_buffer_size, + alg ); + return( status ); +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ +#if !defined(PSA_CRYPTO_DRIVER_CC3XX) /* Fell through, meaning no accelerator supports this operation */ operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; status = mbedtls_psa_aead_encrypt_setup( @@ -1960,7 +2267,7 @@ psa_status_t psa_driver_wrapper_aead_encrypt_setup( alg ); return( status ); - +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ /* Add cases for opaque driver here */ default: @@ -1983,6 +2290,9 @@ psa_status_t psa_driver_wrapper_aead_decrypt_setup( switch( location ) { case PSA_KEY_LOCATION_LOCAL_STORAGE: +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) + case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION: +#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */ /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ @@ -1999,8 +2309,18 @@ psa_status_t psa_driver_wrapper_aead_decrypt_setup( if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ -#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + operation->id = PSA_CRYPTO_CC3XX_DRIVER_ID; + status = cc3xx_aead_decrypt_setup( + &operation->ctx.cc3xx_driver_ctx, + attributes, + key_buffer, key_buffer_size, + alg ); + return( status ); +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ +#if !defined(PSA_CRYPTO_DRIVER_CC3XX) /* Fell through, meaning no accelerator supports this operation */ operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; status = mbedtls_psa_aead_decrypt_setup( @@ -2010,7 +2330,7 @@ psa_status_t psa_driver_wrapper_aead_decrypt_setup( alg ); return( status ); - +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ /* Add cases for opaque driver here */ default: @@ -2027,7 +2347,7 @@ psa_status_t psa_driver_wrapper_aead_set_nonce( { switch( operation->id ) { -#if defined(MBEDTLS_PSA_BUILTIN_AEAD) +#if defined(MBEDTLS_PSA_BUILTIN_AEAD) && !defined(PSA_CRYPTO_DRIVER_CC3XX) case PSA_CRYPTO_MBED_TLS_DRIVER_ID: return( mbedtls_psa_aead_set_nonce( &operation->ctx.mbedtls_ctx, nonce, @@ -2045,6 +2365,13 @@ psa_status_t psa_driver_wrapper_aead_set_nonce( /* Add cases for opaque driver here */ #endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + case PSA_CRYPTO_CC3XX_DRIVER_ID: + return( cc3xx_aead_set_nonce( + &operation->ctx.cc3xx_driver_ctx, + nonce, nonce_length ) ); + +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ } @@ -2061,7 +2388,7 @@ psa_status_t psa_driver_wrapper_aead_set_lengths( { switch( operation->id ) { -#if defined(MBEDTLS_PSA_BUILTIN_AEAD) +#if defined(MBEDTLS_PSA_BUILTIN_AEAD) && !defined(PSA_CRYPTO_DRIVER_CC3XX) case PSA_CRYPTO_MBED_TLS_DRIVER_ID: return( mbedtls_psa_aead_set_lengths( &operation->ctx.mbedtls_ctx, ad_length, @@ -2079,6 +2406,13 @@ psa_status_t psa_driver_wrapper_aead_set_lengths( /* Add cases for opaque driver here */ #endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + case PSA_CRYPTO_CC3XX_DRIVER_ID: + return( cc3xx_aead_set_lengths( + &operation->ctx.cc3xx_driver_ctx, + ad_length, plaintext_length ) ); + +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ } @@ -2095,7 +2429,7 @@ psa_status_t psa_driver_wrapper_aead_update_ad( { switch( operation->id ) { -#if defined(MBEDTLS_PSA_BUILTIN_AEAD) +#if defined(MBEDTLS_PSA_BUILTIN_AEAD) && !defined(PSA_CRYPTO_DRIVER_CC3XX) case PSA_CRYPTO_MBED_TLS_DRIVER_ID: return( mbedtls_psa_aead_update_ad( &operation->ctx.mbedtls_ctx, input, @@ -2113,6 +2447,13 @@ psa_status_t psa_driver_wrapper_aead_update_ad( /* Add cases for opaque driver here */ #endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + case PSA_CRYPTO_CC3XX_DRIVER_ID: + return( cc3xx_aead_update_ad( + &operation->ctx.cc3xx_driver_ctx, + input, input_length ) ); + +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ } @@ -2132,7 +2473,7 @@ psa_status_t psa_driver_wrapper_aead_update( { switch( operation->id ) { -#if defined(MBEDTLS_PSA_BUILTIN_AEAD) +#if defined(MBEDTLS_PSA_BUILTIN_AEAD) && !defined(PSA_CRYPTO_DRIVER_CC3XX) case PSA_CRYPTO_MBED_TLS_DRIVER_ID: return( mbedtls_psa_aead_update( &operation->ctx.mbedtls_ctx, input, input_length, @@ -2152,6 +2493,14 @@ psa_status_t psa_driver_wrapper_aead_update( /* Add cases for opaque driver here */ #endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + case PSA_CRYPTO_CC3XX_DRIVER_ID: + return( cc3xx_aead_update( + &operation->ctx.cc3xx_driver_ctx, + input, input_length, output, output_size, + output_length ) ); + +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ } @@ -2175,7 +2524,7 @@ psa_status_t psa_driver_wrapper_aead_finish( { switch( operation->id ) { -#if defined(MBEDTLS_PSA_BUILTIN_AEAD) +#if defined(MBEDTLS_PSA_BUILTIN_AEAD) && !defined(PSA_CRYPTO_DRIVER_CC3XX) case PSA_CRYPTO_MBED_TLS_DRIVER_ID: return( mbedtls_psa_aead_finish( &operation->ctx.mbedtls_ctx, ciphertext, @@ -2196,6 +2545,14 @@ psa_status_t psa_driver_wrapper_aead_finish( /* Add cases for opaque driver here */ #endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + case PSA_CRYPTO_CC3XX_DRIVER_ID: + return( cc3xx_aead_finish( + &operation->ctx.cc3xx_driver_ctx, + ciphertext, ciphertext_size, + ciphertext_length, tag, tag_size, tag_length ) ); + +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ } @@ -2219,7 +2576,7 @@ psa_status_t psa_driver_wrapper_aead_verify( { switch( operation->id ) { -#if defined(MBEDTLS_PSA_BUILTIN_AEAD) +#if defined(MBEDTLS_PSA_BUILTIN_AEAD) && !defined(PSA_CRYPTO_DRIVER_CC3XX) case PSA_CRYPTO_MBED_TLS_DRIVER_ID: { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; @@ -2260,6 +2617,14 @@ psa_status_t psa_driver_wrapper_aead_verify( /* Add cases for opaque driver here */ #endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + case PSA_CRYPTO_CC3XX_DRIVER_ID: + return( cc3xx_aead_verify( + &operation->ctx.cc3xx_driver_ctx, + plaintext, plaintext_size, + plaintext_length, tag, tag_length ) ); + +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ } @@ -2277,7 +2642,7 @@ psa_status_t psa_driver_wrapper_aead_abort( { switch( operation->id ) { -#if defined(MBEDTLS_PSA_BUILTIN_AEAD) +#if defined(MBEDTLS_PSA_BUILTIN_AEAD) && !defined(PSA_CRYPTO_DRIVER_CC3XX) case PSA_CRYPTO_MBED_TLS_DRIVER_ID: return( mbedtls_psa_aead_abort( &operation->ctx.mbedtls_ctx ) ); @@ -2292,6 +2657,12 @@ psa_status_t psa_driver_wrapper_aead_abort( /* Add cases for opaque driver here */ #endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + case PSA_CRYPTO_CC3XX_DRIVER_ID: + return( cc3xx_aead_abort( + &operation->ctx.cc3xx_driver_ctx ) ); + +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ } @@ -2319,6 +2690,9 @@ psa_status_t psa_driver_wrapper_mac_compute( switch( location ) { case PSA_KEY_LOCATION_LOCAL_STORAGE: +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) + case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION: +#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */ /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) @@ -2331,8 +2705,14 @@ psa_status_t psa_driver_wrapper_mac_compute( if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + status = cc3xx_mac_compute(attributes, key_buffer, key_buffer_size, alg, + input, input_length, + mac, mac_size, mac_length); + return( status ); +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ -#if defined(MBEDTLS_PSA_BUILTIN_MAC) +#if defined(MBEDTLS_PSA_BUILTIN_MAC) && !defined(PSA_CRYPTO_DRIVER_CC3XX) /* Fell through, meaning no accelerator supports this operation */ status = mbedtls_psa_mac_compute( attributes, key_buffer, key_buffer_size, alg, @@ -2383,6 +2763,9 @@ psa_status_t psa_driver_wrapper_mac_sign_setup( switch( location ) { case PSA_KEY_LOCATION_LOCAL_STORAGE: +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) + case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION: +#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */ /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) @@ -2399,8 +2782,17 @@ psa_status_t psa_driver_wrapper_mac_sign_setup( if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + status = cc3xx_mac_sign_setup( + &operation->ctx.cc3xx_driver_ctx, + attributes, + key_buffer, key_buffer_size, + alg); + operation->id = PSA_CRYPTO_CC3XX_DRIVER_ID; + return status; +#endif /* defined(PSA_CRYPTO_DRIVER_CC3XX) */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ -#if defined(MBEDTLS_PSA_BUILTIN_MAC) +#if defined(MBEDTLS_PSA_BUILTIN_MAC) && !defined(PSA_CRYPTO_DRIVER_CC3XX) /* Fell through, meaning no accelerator supports this operation */ status = mbedtls_psa_mac_sign_setup( &operation->ctx.mbedtls_ctx, attributes, @@ -2455,6 +2847,9 @@ psa_status_t psa_driver_wrapper_mac_verify_setup( switch( location ) { case PSA_KEY_LOCATION_LOCAL_STORAGE: +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) + case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION: +#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */ /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) @@ -2471,8 +2866,17 @@ psa_status_t psa_driver_wrapper_mac_verify_setup( if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + status = cc3xx_mac_verify_setup( + &operation->ctx.cc3xx_driver_ctx, + attributes, + key_buffer, key_buffer_size, + alg); + operation->id = PSA_CRYPTO_CC3XX_DRIVER_ID; + return status; +#endif /* defined(PSA_CRYPTO_DRIVER_CC3XX) */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ -#if defined(MBEDTLS_PSA_BUILTIN_MAC) +#if defined(MBEDTLS_PSA_BUILTIN_MAC) && !defined(PSA_CRYPTO_DRIVER_CC3XX) /* Fell through, meaning no accelerator supports this operation */ status = mbedtls_psa_mac_verify_setup( &operation->ctx.mbedtls_ctx, attributes, @@ -2520,7 +2924,7 @@ psa_status_t psa_driver_wrapper_mac_update( { switch( operation->id ) { -#if defined(MBEDTLS_PSA_BUILTIN_MAC) +#if defined(MBEDTLS_PSA_BUILTIN_MAC) && !defined(PSA_CRYPTO_DRIVER_CC3XX) case PSA_CRYPTO_MBED_TLS_DRIVER_ID: return( mbedtls_psa_mac_update( &operation->ctx.mbedtls_ctx, input, input_length ) ); @@ -2538,6 +2942,10 @@ psa_status_t psa_driver_wrapper_mac_update( &operation->ctx.opaque_test_driver_ctx, input, input_length ) ); #endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + case PSA_CRYPTO_CC3XX_DRIVER_ID: + return(cc3xx_mac_update(&operation->ctx.cc3xx_driver_ctx, input, input_length)); +#endif /* defined(PSA_CRYPTO_DRIVER_CC3XX) */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ default: (void) input; @@ -2554,7 +2962,7 @@ psa_status_t psa_driver_wrapper_mac_sign_finish( { switch( operation->id ) { -#if defined(MBEDTLS_PSA_BUILTIN_MAC) +#if defined(MBEDTLS_PSA_BUILTIN_MAC) && !defined(PSA_CRYPTO_DRIVER_CC3XX) case PSA_CRYPTO_MBED_TLS_DRIVER_ID: return( mbedtls_psa_mac_sign_finish( &operation->ctx.mbedtls_ctx, mac, mac_size, mac_length ) ); @@ -2572,6 +2980,11 @@ psa_status_t psa_driver_wrapper_mac_sign_finish( &operation->ctx.opaque_test_driver_ctx, mac, mac_size, mac_length ) ); #endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + case PSA_CRYPTO_CC3XX_DRIVER_ID: + return(cc3xx_mac_sign_finish(&operation->ctx.cc3xx_driver_ctx, + mac, mac_size, mac_length)); +#endif /* defined(PSA_CRYPTO_DRIVER_CC3XX) */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ default: (void) mac; @@ -2588,7 +3001,7 @@ psa_status_t psa_driver_wrapper_mac_verify_finish( { switch( operation->id ) { -#if defined(MBEDTLS_PSA_BUILTIN_MAC) +#if defined(MBEDTLS_PSA_BUILTIN_MAC) && !defined(PSA_CRYPTO_DRIVER_CC3XX) case PSA_CRYPTO_MBED_TLS_DRIVER_ID: return( mbedtls_psa_mac_verify_finish( &operation->ctx.mbedtls_ctx, mac, mac_length ) ); @@ -2606,6 +3019,12 @@ psa_status_t psa_driver_wrapper_mac_verify_finish( &operation->ctx.opaque_test_driver_ctx, mac, mac_length ) ); #endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + case PSA_CRYPTO_CC3XX_DRIVER_ID: + return(cc3xx_mac_verify_finish( + &operation->ctx.cc3xx_driver_ctx, + mac, mac_length)); +#endif /* defined(PSA_CRYPTO_DRIVER_CC3XX) */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ default: (void) mac; @@ -2619,7 +3038,7 @@ psa_status_t psa_driver_wrapper_mac_abort( { switch( operation->id ) { -#if defined(MBEDTLS_PSA_BUILTIN_MAC) +#if defined(MBEDTLS_PSA_BUILTIN_MAC) && !defined(PSA_CRYPTO_DRIVER_CC3XX) case PSA_CRYPTO_MBED_TLS_DRIVER_ID: return( mbedtls_psa_mac_abort( &operation->ctx.mbedtls_ctx ) ); #endif /* MBEDTLS_PSA_BUILTIN_MAC */ @@ -2633,6 +3052,10 @@ psa_status_t psa_driver_wrapper_mac_abort( return( mbedtls_test_opaque_mac_abort( &operation->ctx.opaque_test_driver_ctx ) ); #endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + case PSA_CRYPTO_CC3XX_DRIVER_ID: + return(cc3xx_mac_abort(&operation->ctx.cc3xx_driver_ctx)); +#endif /* defined(PSA_CRYPTO_DRIVER_CC3XX) */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ default: return( PSA_ERROR_INVALID_ARGUMENT ); @@ -2655,9 +3078,26 @@ psa_status_t psa_driver_wrapper_asymmetric_encrypt( switch( location ) { case PSA_KEY_LOCATION_LOCAL_STORAGE: +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) + case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION: +#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */ /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + status = cc3xx_asymmetric_encrypt( attributes, + key_buffer, + key_buffer_size, + alg, + input, + input_length, + salt, + salt_length, + output, + output_size, + output_length ); + return( status ); +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ #if defined(PSA_CRYPTO_DRIVER_TEST) status = mbedtls_test_transparent_asymmetric_encrypt( attributes, key_buffer, key_buffer_size, alg, input, input_length, @@ -2668,10 +3108,12 @@ psa_status_t psa_driver_wrapper_asymmetric_encrypt( return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ +#if !defined(PSA_CRYPTO_DRIVER_CC3XX) return( mbedtls_psa_asymmetric_encrypt( attributes, key_buffer, key_buffer_size, alg, input, input_length, salt, salt_length, output, output_size, output_length ) ); +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ /* Add cases for opaque driver here */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) @@ -2713,9 +3155,26 @@ psa_status_t psa_driver_wrapper_asymmetric_decrypt( switch( location ) { case PSA_KEY_LOCATION_LOCAL_STORAGE: +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) + case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION: +#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */ /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + status = cc3xx_asymmetric_decrypt( attributes, + key_buffer, + key_buffer_size, + alg, + input, + input_length, + salt, + salt_length, + output, + output_size, + output_length ); + return( status ); +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ #if defined(PSA_CRYPTO_DRIVER_TEST) status = mbedtls_test_transparent_asymmetric_decrypt( attributes, key_buffer, key_buffer_size, alg, input, input_length, @@ -2726,10 +3185,12 @@ psa_status_t psa_driver_wrapper_asymmetric_decrypt( return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ +#if !defined(PSA_CRYPTO_DRIVER_CC3XX) return( mbedtls_psa_asymmetric_decrypt( attributes, key_buffer, key_buffer_size, alg,input, input_length, salt, salt_length, output, output_size, output_length ) ); +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ /* Add cases for opaque driver here */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) @@ -2777,6 +3238,9 @@ psa_status_t psa_driver_wrapper_key_agreement( switch( location ) { case PSA_KEY_LOCATION_LOCAL_STORAGE: +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) + case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION: +#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */ /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) @@ -2789,6 +3253,18 @@ psa_status_t psa_driver_wrapper_key_agreement( if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + status = cc3xx_key_agreement( attributes, + key_buffer, + key_buffer_size, + peer_key, + peer_key_length, + shared_secret, + shared_secret_size, + shared_secret_length, + alg ); + return( status ); +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ /* Software Fallback */ diff --git a/library/psa_crypto_ecp.c b/library/psa_crypto_ecp.c index f70d804b0fae..384f103e24c1 100644 --- a/library/psa_crypto_ecp.c +++ b/library/psa_crypto_ecp.c @@ -73,6 +73,12 @@ psa_status_t mbedtls_psa_ecp_load_representation( * format, meaning their curve_bytes is equal to the amount of input. */ } +#if defined (MBEDTLS_PSA_CRYPTO_ACCEL_DRV_C) && defined(MBEDTLS_ECP_ALT) + curve_bytes = ( 0U != PSA_ECC_BYTES_VENDOR_RAW(curve_bytes) ) ? + PSA_ECC_BYTES_VENDOR_RAW(curve_bytes) : curve_bytes ; + + curve_bits = PSA_BYTES_TO_BITS(curve_bytes); +#else if (explicit_bits) { /* With an explicit bit-size, the data must have the matching length. */ if (curve_bytes != PSA_BITS_TO_BYTES(curve_bits)) { @@ -84,6 +90,7 @@ psa_status_t mbedtls_psa_ecp_load_representation( * at this stage is rounded up to the nearest multiple of 8. */ curve_bits = PSA_BYTES_TO_BITS(curve_bytes); } +#endif /* Allocate and initialize a key representation. */ ecp = mbedtls_calloc(1, sizeof(mbedtls_ecp_keypair)); @@ -142,6 +149,15 @@ psa_status_t mbedtls_psa_ecp_load_representation( } *p_ecp = ecp; +#if defined (MBEDTLS_PSA_CRYPTO_ACCEL_DRV_C) && defined(MBEDTLS_ECP_ALT) + if (PSA_KEY_TYPE_IS_VENDOR_DEFINED(type)) + { + /* Setup the vendor context flag */ + (*p_ecp)->grp.vendor_ctx = (bool *) true; + + } +#endif /* MBEDTLS_PSA_CRYPTO_ACCEL_DRV_C */ + exit: if (status != PSA_SUCCESS) { mbedtls_ecp_keypair_free(ecp); @@ -234,16 +250,30 @@ psa_status_t mbedtls_psa_ecp_export_key(psa_key_type_t type, return status; } else { - if (data_size < PSA_BITS_TO_BYTES(ecp->grp.nbits)) { - return PSA_ERROR_BUFFER_TOO_SMALL; + uint32_t private_key_bytes = 0; + +#if defined (MBEDTLS_PSA_CRYPTO_ACCEL_DRV_C) && defined(MBEDTLS_ECP_ALT) + if (PSA_KEY_TYPE_IS_VENDOR_DEFINED(type)) + { + /* Setup the vendor private key size. The + * mbedtls_ecp_write_key() fn seems to require buffer greater than key size */ + private_key_bytes = RM_PSA_CRYPTO_ECC_KEY_WRAPPED_SIZE_BYTES(ecp->grp.nbits); + } + else +#endif /* MBEDTLS_PSA_CRYPTO_ACCEL_DRV_C */ + { + private_key_bytes = PSA_BITS_TO_BYTES( ecp->grp.nbits); } + if( data_size < private_key_bytes ) + return PSA_ERROR_BUFFER_TOO_SMALL; + status = mbedtls_to_psa_error( mbedtls_ecp_write_key(ecp, data, - PSA_BITS_TO_BYTES(ecp->grp.nbits))); + private_key_bytes)); if (status == PSA_SUCCESS) { - *data_length = PSA_BITS_TO_BYTES(ecp->grp.nbits); + *data_length = private_key_bytes; } else { memset(data, 0, data_size); } diff --git a/library/psa_crypto_mac.c b/library/psa_crypto_mac.c index 07f123ee0551..7f0c01c39bb7 100644 --- a/library/psa_crypto_mac.c +++ b/library/psa_crypto_mac.c @@ -184,8 +184,8 @@ static psa_status_t cmac_setup(mbedtls_psa_mac_operation_t *operation, const mbedtls_cipher_info_t *cipher_info = mbedtls_cipher_info_from_psa( PSA_ALG_CMAC, - psa_get_key_type(attributes), - psa_get_key_bits(attributes), + (psa_get_key_type( attributes ) & ~PSA_KEY_TYPE_VENDOR_FLAG), + psa_get_key_bits( attributes ), NULL); if (cipher_info == NULL) { diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c index 3ff589dc8807..826dbb0c4c24 100644 --- a/library/psa_crypto_rsa.c +++ b/library/psa_crypto_rsa.c @@ -115,6 +115,16 @@ psa_status_t mbedtls_psa_rsa_load_representation( *p_rsa = mbedtls_pk_rsa(ctx); ctx.pk_info = NULL; + +#if defined (MBEDTLS_PSA_CRYPTO_ACCEL_DRV_C) && defined(MBEDTLS_RSA_ALT) + if (PSA_KEY_TYPE_IS_VENDOR_DEFINED(type)) + { + /* Setup the vendor context flag */ + (*p_rsa)->vendor_ctx = (bool *) true; + } + else +#endif /* MBEDTLS_PSA_CRYPTO_ACCEL_DRV_C */ + exit: mbedtls_pk_free(&ctx); return status; @@ -240,7 +250,7 @@ psa_status_t mbedtls_psa_rsa_export_public_key( #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) && \ defined(MBEDTLS_GENPRIME) -static psa_status_t psa_rsa_read_exponent(const uint8_t *domain_parameters, +psa_status_t psa_rsa_read_exponent(const uint8_t *domain_parameters, size_t domain_parameters_size, int *exponent) { @@ -652,7 +662,7 @@ psa_status_t mbedtls_psa_asymmetric_decrypt(const psa_key_attributes_t *attribut *output_length = 0; - if (attributes->core.type == PSA_KEY_TYPE_RSA_KEY_PAIR) { + if( PSA_KEY_TYPE_IS_RSA_KEY_PAIR (attributes->core.type) ) { #if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) mbedtls_rsa_context *rsa = NULL; diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index cb7fa59c0b79..d7da5f884cae 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -255,7 +255,21 @@ static psa_status_t psa_load_persistent_key_into_slot(psa_key_slot_t *slot) } #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ - status = psa_copy_key_material_into_slot(slot, key_data, key_data_length); +#if defined (MBEDTLS_PSA_CRYPTO_ACCEL_DRV_C) + psa_key_attributes_t attributes; + + attributes.core = slot->attr; + + if (PSA_KEY_TYPE_IS_VENDOR_DEFINED(slot->attr.type)) + { + status = psa_import_key_into_slot_vendor( &attributes, slot, key_data, key_data_length, NULL, false); + goto exit; + } + else +#endif /* MBEDTLS_PSA_CRYPTO_ACCEL_DRV_C */ + { + status = psa_copy_key_material_into_slot( slot, key_data, key_data_length ); + } exit: psa_free_persistent_key_data(key_data, key_data_length); diff --git a/library/psa_util.c b/library/psa_util.c index 43a10a32c17f..7aac81c63fba 100644 --- a/library/psa_util.c +++ b/library/psa_util.c @@ -28,7 +28,10 @@ #include #include #include + +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) #include +#endif #include /* PSA_SUCCESS is kept at the top of each error table since