lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-29 11:41:15 +03:00
Code Activity

Add initial pass on a multi-part test driver

Browse Source 
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
This commit is contained in:
Steven Cooreman
2020-07-28 18:49:51 +02:00
parent b1d3f2779b
commit 37941cb5e1
7 changed files with 1126 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
library/psa_crypto.c
View File

@ -4079,6 +4079,23 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation,
PSA_KEY_USAGE_ENCRYPT :
PSA_KEY_USAGE_DECRYPT );
status = psa_get_key_from_slot( handle, &slot, usage, alg );
if( status != PSA_SUCCESS )
goto exit;
/* Try doing this through a driver before using software fallback */
if( cipher_operation == MBEDTLS_ENCRYPT )
status = psa_driver_wrapper_cipher_encrypt_setup( operation,
slot,
alg );
else
status = psa_driver_wrapper_cipher_decrypt_setup( operation,
slot,
alg );
if( status != PSA_ERROR_NOT_SUPPORTED )
goto exit;
/* A context must be freshly initialized before it can be set up. */
if( operation->alg != 0 )
{

524
library/psa_crypto_driver_wrappers.c
View File

@ -38,6 +38,11 @@
/* Repeat above block for each JSON-declared driver during autogeneration */
/* Auto-generated values depending on which drivers are registered */
#if defined(PSA_CRYPTO_DRIVER_TEST)
#define PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID (1)
#define PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID (2)
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS */
/* Support the 'old' SE interface when asked to */
@ -370,4 +375,523 @@ psa_status_t psa_driver_wrapper_generate_key( const psa_key_attributes_t *attrib
#endif /* PSA_CRYPTO_DRIVER_PRESENT */
}
/*
* Cipher functions
*/
psa_status_t psa_driver_wrapper_cipher_encrypt(
psa_key_slot_t *slot,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
uint8_t *output,
size_t output_size,
size_t *output_length )
{
#if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime);
psa_key_attributes_t attributes = {
.core = slot->attr
};
switch( location )
{
case PSA_KEY_LOCATION_LOCAL_STORAGE:
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_DRIVER_TEST)
status = test_transparent_cipher_encrypt( &attributes,
slot->data.key.data,
slot->data.key.bytes,
alg,
input,
input_length,
output,
output_size,
output_length );
/* Declared with fallback == true */
if( status != PSA_ERROR_NOT_SUPPORTED )
return status;
#endif /* PSA_CRYPTO_DRIVER_TEST */
/* Fell through, meaning no accelerator supports this operation */
return PSA_ERROR_NOT_SUPPORTED;
/* Add cases for opaque driver here */
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
return( test_opaque_cipher_encrypt( &attributes,
slot->data.key.data,
slot->data.key.bytes,
alg,
input,
input_length,
output,
output_size,
output_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
default:
/* Key is declared with a lifetime not known to us */
return status;
}
#else /* PSA_CRYPTO_DRIVER_PRESENT */
(void) slot;
(void) alg;
(void) input;
(void) input_length;
(void) output;
(void) output_size;
(void) output_length;
return PSA_ERROR_NOT_SUPPORTED;
#endif /* PSA_CRYPTO_DRIVER_PRESENT */
}
psa_status_t psa_driver_wrapper_cipher_decrypt(
psa_key_slot_t *slot,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
uint8_t *output,
size_t output_size,
size_t *output_length )
{
#if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime);
psa_key_attributes_t attributes = {
.core = slot->attr
};
switch( location )
{
case PSA_KEY_LOCATION_LOCAL_STORAGE:
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_DRIVER_TEST)
status = test_transparent_cipher_decrypt( &attributes,
slot->data.key.data,
slot->data.key.bytes,
alg,
input,
input_length,
output,
output_size,
output_length );
/* Declared with fallback == true */
if( status != PSA_ERROR_NOT_SUPPORTED )
return status;
#endif /* PSA_CRYPTO_DRIVER_TEST */
/* Fell through, meaning no accelerator supports this operation */
return PSA_ERROR_NOT_SUPPORTED;
/* Add cases for opaque driver here */
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
return( test_opaque_cipher_decrypt( &attributes,
slot->data.key.data,
slot->data.key.bytes,
alg,
input,
input_length,
output,
output_size,
output_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
default:
/* Key is declared with a lifetime not known to us */
return status;
}
#else /* PSA_CRYPTO_DRIVER_PRESENT */
(void) slot;
(void) alg;
(void) input;
(void) input_length;
(void) output;
(void) output_size;
(void) output_length;
return PSA_ERROR_NOT_SUPPORTED;
#endif /* PSA_CRYPTO_DRIVER_PRESENT */
}
psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
psa_cipher_operation_t *operation,
psa_key_slot_t *slot,
psa_algorithm_t alg )
{
#if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime);
psa_key_attributes_t attributes = {
.core = slot->attr
};
/* Check for operation already allocated */
if( operation->ctx.driver.ctx != NULL )
return PSA_ERROR_BAD_STATE;
switch( location )
{
case PSA_KEY_LOCATION_LOCAL_STORAGE:
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_DRIVER_TEST)
operation->ctx.driver.ctx = mbedtls_calloc( 1, sizeof(test_transparent_cipher_operation_t) );
if( operation->ctx.driver.ctx == NULL )
return PSA_ERROR_INSUFFICIENT_MEMORY;
status = test_transparent_cipher_encrypt_setup( operation->ctx.driver.ctx,
&attributes,
slot->data.key.data,
slot->data.key.bytes,
alg );
/* Declared with fallback == true */
if( status != PSA_ERROR_NOT_SUPPORTED )
{
if( status == PSA_SUCCESS )
operation->ctx.driver.id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
else
{
mbedtls_free( operation->ctx.driver.ctx );
operation->ctx.driver.ctx = NULL;
}
return status;
}
else
{
mbedtls_free( operation->ctx.driver.ctx );
operation->ctx.driver.ctx = NULL;
}
#endif /* PSA_CRYPTO_DRIVER_TEST */
/* Fell through, meaning no accelerator supports this operation */
return PSA_ERROR_NOT_SUPPORTED;
/* Add cases for opaque driver here */
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
operation->ctx.driver.ctx = mbedtls_calloc( 1, sizeof(test_opaque_cipher_operation_t) );
if( operation->ctx.driver.ctx == NULL )
return PSA_ERROR_INSUFFICIENT_MEMORY;
status = test_opaque_cipher_encrypt_setup( operation->ctx.driver.ctx,
&attributes,
slot->data.key.data,
slot->data.key.bytes,
alg );
if( status == PSA_SUCCESS )
operation->ctx.driver.id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID;
else
{
mbedtls_free( operation->ctx.driver.ctx );
operation->ctx.driver.ctx = NULL;
}
return status;
#endif /* PSA_CRYPTO_DRIVER_TEST */
default:
/* Key is declared with a lifetime not known to us */
return PSA_ERROR_BAD_STATE;
}
#else /* PSA_CRYPTO_DRIVER_PRESENT */
(void)slot;
(void)alg;
(void)operation;
return PSA_ERROR_NOT_SUPPORTED;
#endif /* PSA_CRYPTO_DRIVER_PRESENT */
}
psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
psa_cipher_operation_t *operation,
psa_key_slot_t *slot,
psa_algorithm_t alg )
{
#if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime);
psa_key_attributes_t attributes = {
.core = slot->attr
};
/* Check for operation already allocated */
if( operation->ctx.driver.ctx != NULL )
return PSA_ERROR_BAD_STATE;
switch( location )
{
case PSA_KEY_LOCATION_LOCAL_STORAGE:
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_DRIVER_TEST)
operation->ctx.driver.ctx = mbedtls_calloc( 1, sizeof(test_transparent_cipher_operation_t) );
if( operation->ctx.driver.ctx == NULL )
return PSA_ERROR_INSUFFICIENT_MEMORY;
status = test_transparent_cipher_decrypt_setup( operation->ctx.driver.ctx,
&attributes,
slot->data.key.data,
slot->data.key.bytes,
alg );
/* Declared with fallback == true */
if( status != PSA_ERROR_NOT_SUPPORTED )
{
if( status == PSA_SUCCESS )
operation->ctx.driver.id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
else
{
mbedtls_free( operation->ctx.driver.ctx );
operation->ctx.driver.ctx = NULL;
}
return status;
}
else
{
mbedtls_free( operation->ctx.driver.ctx );
operation->ctx.driver.ctx = NULL;
}
#endif /* PSA_CRYPTO_DRIVER_TEST */
/* Fell through, meaning no accelerator supports this operation */
return PSA_ERROR_NOT_SUPPORTED;
/* Add cases for opaque driver here */
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
operation->ctx.driver.ctx = mbedtls_calloc( 1, sizeof(test_opaque_cipher_operation_t) );
if( operation->ctx.driver.ctx == NULL )
return PSA_ERROR_INSUFFICIENT_MEMORY;
status = test_opaque_cipher_decrypt_setup( operation->ctx.driver.ctx,
&attributes,
slot->data.key.data,
slot->data.key.bytes,
alg );
if( status == PSA_SUCCESS )
operation->ctx.driver.id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID;
else
{
mbedtls_free( operation->ctx.driver.ctx );
operation->ctx.driver.ctx = NULL;
}
return status;
#endif /* PSA_CRYPTO_DRIVER_TEST */
default:
/* Key is declared with a lifetime not known to us */
return PSA_ERROR_BAD_STATE;
}
#else /* PSA_CRYPTO_DRIVER_PRESENT */
(void)slot;
(void)alg;
(void)operation;
return PSA_ERROR_NOT_SUPPORTED;
#endif /* PSA_CRYPTO_DRIVER_PRESENT */
}
psa_status_t psa_driver_wrapper_cipher_generate_iv(
psa_cipher_operation_t *operation,
uint8_t *iv,
size_t iv_size,
size_t *iv_length )
{
#if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
/* Check for operation already allocated */
if( operation->ctx.driver.ctx == NULL )
return PSA_ERROR_INVALID_ARGUMENT;
switch( operation->ctx.driver.id )
{
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
return( test_transparent_cipher_generate_iv( operation->ctx.driver.ctx,
iv,
iv_size,
iv_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
return( test_opaque_cipher_generate_iv( operation->ctx.driver.ctx,
iv,
iv_size,
iv_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
default:
/* Key is attached to a driver not known to us */
return PSA_ERROR_BAD_STATE;
}
#else /* PSA_CRYPTO_DRIVER_PRESENT */
(void) operation;
(void) iv;
(void) iv_size;
(void) iv_length;
return PSA_ERROR_NOT_SUPPORTED;
#endif /* PSA_CRYPTO_DRIVER_PRESENT */
}
psa_status_t psa_driver_wrapper_cipher_set_iv(
psa_cipher_operation_t *operation,
const uint8_t *iv,
size_t iv_length )
{
#if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
/* Check for operation already allocated */
if( operation->ctx.driver.ctx == NULL )
return PSA_ERROR_INVALID_ARGUMENT;
switch( operation->ctx.driver.id )
{
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
return( test_transparent_cipher_set_iv( operation->ctx.driver.ctx,
iv,
iv_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
return( test_opaque_cipher_set_iv( operation->ctx.driver.ctx,
iv,
iv_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
default:
/* Key is attached to a driver not known to us */
return PSA_ERROR_BAD_STATE;
}
#else /* PSA_CRYPTO_DRIVER_PRESENT */
(void) operation;
(void) iv;
(void) iv_length;
return PSA_ERROR_NOT_SUPPORTED;
#endif /* PSA_CRYPTO_DRIVER_PRESENT */
}
psa_status_t psa_driver_wrapper_cipher_update(
psa_cipher_operation_t *operation,
const uint8_t *input,
size_t input_length,
uint8_t *output,
size_t output_size,
size_t *output_length )
{
#if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
/* Check for operation already allocated */
if( operation->ctx.driver.ctx == NULL )
return PSA_ERROR_INVALID_ARGUMENT;
switch( operation->ctx.driver.id )
{
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
return( test_transparent_cipher_update( operation->ctx.driver.ctx,
input,
input_length,
output,
output_size,
output_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
return( test_opaque_cipher_update( operation->ctx.driver.ctx,
input,
input_length,
output,
output_size,
output_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
default:
/* Key is attached to a driver not known to us */
return PSA_ERROR_BAD_STATE;
}
#else /* PSA_CRYPTO_DRIVER_PRESENT */
(void) operation;
(void) input;
(void) input_length;
(void) output;
(void) output_length;
(void) output_size;
return PSA_ERROR_NOT_SUPPORTED;
#endif /* PSA_CRYPTO_DRIVER_PRESENT */
}
psa_status_t psa_driver_wrapper_cipher_finish(
psa_cipher_operation_t *operation,
uint8_t *output,
size_t output_size,
size_t *output_length )
{
#if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
/* Check for operation already allocated */
if( operation->ctx.driver.ctx == NULL )
return PSA_ERROR_INVALID_ARGUMENT;
switch( operation->ctx.driver.id )
{
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
return( test_transparent_cipher_finish( operation->ctx.driver.ctx,
output,
output_size,
output_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
return( test_opaque_cipher_finish( operation->ctx.driver.ctx,
output,
output_size,
output_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
default:
/* Key is attached to a driver not known to us */
return PSA_ERROR_BAD_STATE;
}
#else /* PSA_CRYPTO_DRIVER_PRESENT */
(void) operation;
(void) output;
(void) output_size;
(void) output_length;
return PSA_ERROR_NOT_SUPPORTED;
#endif /* PSA_CRYPTO_DRIVER_PRESENT */
}
psa_status_t psa_driver_wrapper_cipher_abort(
psa_cipher_operation_t *operation )
{
#if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
/* Check for operation already allocated */
if( operation->ctx.driver.ctx == NULL )
return PSA_ERROR_INVALID_ARGUMENT;
switch( operation->ctx.driver.id )
{
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
status = test_transparent_cipher_abort( operation->ctx.driver.ctx );
mbedtls_free( operation->ctx.driver.ctx );
operation->ctx.driver.ctx = NULL;
operation->ctx.driver.id = 0;
return status;
#endif /* PSA_CRYPTO_DRIVER_TEST */
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
status = test_opaque_cipher_abort( operation->ctx.driver.ctx );
mbedtls_free( operation->ctx.driver.ctx );
operation->ctx.driver.ctx = NULL;
return status;
#endif /* PSA_CRYPTO_DRIVER_TEST */
default:
/* Operation is attached to a driver not known to us */
return PSA_ERROR_BAD_STATE;
}
#else /* PSA_CRYPTO_DRIVER_PRESENT */
(void)operation;
return PSA_ERROR_NOT_SUPPORTED;
#endif /* PSA_CRYPTO_DRIVER_PRESENT */
}
/* End of automatically generated file. */

62
library/psa_crypto_driver_wrappers.h
View File

@ -25,6 +25,9 @@
#include "psa/crypto.h"
#include "psa/crypto_driver_common.h"
/*
* Signature functions
*/
psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot,
psa_algorithm_t alg,
const uint8_t *hash,
@ -43,6 +46,65 @@ psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot,
psa_status_t psa_driver_wrapper_generate_key( const psa_key_attributes_t *attributes,
psa_key_slot_t *slot );
/*
* Cipher functions
*/
psa_status_t psa_driver_wrapper_cipher_encrypt(
psa_key_slot_t *slot,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
uint8_t *output,
size_t output_size,
size_t *output_length );
psa_status_t psa_driver_wrapper_cipher_decrypt(
psa_key_slot_t *slot,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
uint8_t *output,
size_t output_size,
size_t *output_length );
psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
psa_cipher_operation_t *operation,
psa_key_slot_t *slot,
psa_algorithm_t alg );
psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
psa_cipher_operation_t *operation,
psa_key_slot_t *slot,
psa_algorithm_t alg );
psa_status_t psa_driver_wrapper_cipher_generate_iv(
psa_cipher_operation_t *operation,
uint8_t *iv,
size_t iv_size,
size_t *iv_length );
psa_status_t psa_driver_wrapper_cipher_set_iv(
psa_cipher_operation_t *operation,
const uint8_t *iv,
size_t iv_length );
psa_status_t psa_driver_wrapper_cipher_update(
psa_cipher_operation_t *operation,
const uint8_t *input,
size_t input_length,
uint8_t *output,
size_t output_size,
size_t *output_length );
psa_status_t psa_driver_wrapper_cipher_finish(
psa_cipher_operation_t *operation,
uint8_t *output,
size_t output_size,
size_t *output_length );
psa_status_t psa_driver_wrapper_cipher_abort(
psa_cipher_operation_t *operation );
#endif /* PSA_CRYPTO_DRIVER_WRAPPERS_H */
/* End of automatically generated file. */