lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-08-07 06:42:56 +03:00
Code Activity

Dispatch cipher functions through the driver interface

Browse Source 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
This commit is contained in:
gabor-mezei-arm
2021-03-25 11:17:10 +01:00
parent d086e6e14f
commit fa990b5ffe
6 changed files with 469 additions and 249 deletions
Download Patch File Download Diff File Expand all files Collapse all files

115
library/psa_crypto.c
View File

@@ -3490,47 +3490,51 @@ psa_status_t psa_cipher_encrypt( mbedtls_svc_key_id_t key,
size_t *output_length )
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
size_t iv_length = 0;;
size_t olength;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot;
psa_key_type_t key_type;
size_t iv_length;
status = psa_cipher_encrypt_setup( &operation, key, alg );
/* The requested algorithm must be one that can be processed by cipher. */
if( ! PSA_ALG_IS_CIPHER( alg ) )
return( PSA_ERROR_INVALID_ARGUMENT );
/* Fetch key material from key storage. */
status = psa_get_and_lock_key_slot_with_policy( key, &slot,
PSA_KEY_USAGE_ENCRYPT,
alg );
if( status != PSA_SUCCESS )
goto exit;
return( status );
*output_length = 0;
if( operation.iv_required )
psa_key_attributes_t attributes = {
.core = slot->attr
};
key_type = slot->attr.type;
iv_length = PSA_CIPHER_IV_LENGTH( key_type, alg );
if( iv_length > 0 )
{
status = psa_cipher_generate_iv( &operation, output,
operation.default_iv_length,
&iv_length );
*output_length += iv_length;
if( output_size < iv_length )
{
status = PSA_ERROR_BUFFER_TOO_SMALL;
goto exit;
}
status = psa_generate_random( output, iv_length );
if( status != PSA_SUCCESS )
goto exit;
}
olength = 0;
status = psa_cipher_update( &operation, input, input_length,
output + iv_length, output_size - iv_length,
&olength );
*output_length += olength;
if( status != PSA_SUCCESS )
goto exit;
olength = 0;
status = psa_cipher_finish( &operation, output + *output_length,
output_size - *output_length, &olength );
*output_length += olength;
if( status != PSA_SUCCESS )
goto exit;
status = psa_driver_wrapper_cipher_encrypt(
&attributes, slot->key.data, slot->key.bytes,
alg, input, input_length,
output, output_size, output_length );
exit:
if ( status == PSA_SUCCESS )
status = psa_cipher_abort( &operation );
else
psa_cipher_abort( &operation );
unlock_status = psa_unlock_key_slot( slot );
return ( status );
return( ( status == PSA_SUCCESS ) ? unlock_status : status );
}
psa_status_t psa_cipher_decrypt( mbedtls_svc_key_id_t key,
@@ -3542,43 +3546,32 @@ psa_status_t psa_cipher_decrypt( mbedtls_svc_key_id_t key,
size_t *output_length )
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
size_t olength;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot;
status = psa_cipher_decrypt_setup( &operation, key, alg );
/* The requested algorithm must be one that can be processed by cipher. */
if( ! PSA_ALG_IS_CIPHER( alg ) )
return( PSA_ERROR_INVALID_ARGUMENT );
/* Fetch key material from key storage. */
status = psa_get_and_lock_key_slot_with_policy( key, &slot,
PSA_KEY_USAGE_DECRYPT,
alg );
if( status != PSA_SUCCESS )
goto exit;
return( status );
if( operation.iv_required )
{
status = psa_cipher_set_iv( &operation, input,
operation.default_iv_length );
if( status != PSA_SUCCESS )
goto exit;
}
psa_key_attributes_t attributes = {
.core = slot->attr
};
olength = 0;
status = psa_cipher_update( &operation, input + operation.default_iv_length,
input_length - operation.default_iv_length,
output, output_size, &olength );
*output_length = olength;
if( status != PSA_SUCCESS )
goto exit;
status = psa_driver_wrapper_cipher_decrypt(
&attributes, slot->key.data, slot->key.bytes,
alg, input, input_length,
output, output_size, output_length );
olength = 0;
status = psa_cipher_finish( &operation, output + *output_length,
output_size - *output_length, &olength );
*output_length += olength;
if( status != PSA_SUCCESS )
goto exit;
unlock_status = psa_unlock_key_slot( slot );
exit:
if ( status == PSA_SUCCESS )
status = psa_cipher_abort( &operation );
else
psa_cipher_abort( &operation );
return ( status );
return( ( status == PSA_SUCCESS ) ? unlock_status : status );
}

163
library/psa_crypto_cipher.c
View File

@@ -448,6 +448,107 @@ static psa_status_t cipher_abort( mbedtls_psa_cipher_operation_t *operation )
return( PSA_SUCCESS );
}
static psa_status_t cipher_encrypt( const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
uint8_t *output,
size_t output_size,
size_t *output_length )
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
mbedtls_psa_cipher_operation_t operation = MBEDTLS_PSA_CIPHER_OPERATION_INIT;
size_t olength;
status = cipher_encrypt_setup( &operation, attributes,
key_buffer, key_buffer_size, alg );
if( status != PSA_SUCCESS )
goto exit;
*output_length = 0;
if( operation.iv_length > 0 )
{
status = cipher_set_iv( &operation, output, operation.iv_length );
if( status != PSA_SUCCESS )
goto exit;
*output_length = operation.iv_length;
}
olength = 0;
status = cipher_update( &operation, input, input_length,
output + *output_length,output_size - *output_length,
&olength );
*output_length += olength;
if( status != PSA_SUCCESS )
goto exit;
olength = 0;
status = cipher_finish( &operation, output + *output_length,
output_size - *output_length, &olength );
*output_length += olength;
if( status != PSA_SUCCESS )
goto exit;
exit:
if( status == PSA_SUCCESS )
status = cipher_abort( &operation );
else
cipher_abort( &operation );
return( status );
}
static psa_status_t cipher_decrypt( const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
uint8_t *output,
size_t output_size,
size_t *output_length )
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
mbedtls_psa_cipher_operation_t operation = MBEDTLS_PSA_CIPHER_OPERATION_INIT;
size_t olength;
status = cipher_decrypt_setup( &operation, attributes,
key_buffer, key_buffer_size, alg );
if( status != PSA_SUCCESS )
goto exit;
if( operation.iv_length > 0 )
{
status = cipher_set_iv( &operation, input, operation.iv_length );
if( status != PSA_SUCCESS )
goto exit;
}
olength = 0;
status = cipher_update( &operation, input + operation.iv_length,
input_length - operation.iv_length,
output, output_size, &olength );
*output_length = olength;
if( status != PSA_SUCCESS )
goto exit;
olength = 0;
status = cipher_finish( &operation, output + *output_length,
output_size - *output_length, &olength );
*output_length += olength;
if( status != PSA_SUCCESS )
goto exit;
exit:
if ( status == PSA_SUCCESS )
status = cipher_abort( &operation );
else
cipher_abort( &operation );
return( status );
}
#endif /* MBEDTLS_PSA_BUILTIN_CIPHER || PSA_CRYPTO_DRIVER_TEST */
#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
@@ -501,6 +602,36 @@ psa_status_t mbedtls_psa_cipher_abort( mbedtls_psa_cipher_operation_t *operation
{
return( cipher_abort( operation ) );
}
psa_status_t mbedtls_psa_cipher_encrypt( const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
uint8_t *output,
size_t output_size,
size_t *output_length )
{
return( cipher_encrypt( attributes, key_buffer, key_buffer_size,
alg, input, input_length,
output, output_size, output_length ) );
}
psa_status_t mbedtls_psa_cipher_decrypt( const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
uint8_t *output,
size_t output_size,
size_t *output_length )
{
return( cipher_decrypt( attributes, key_buffer, key_buffer_size,
alg, input, input_length,
output, output_size, output_length ) );
}
#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
/*
@@ -556,6 +687,38 @@ psa_status_t mbedtls_transparent_test_driver_cipher_abort(
{
return( cipher_abort( operation ) );
}
psa_status_t mbedtls_transparent_test_driver_cipher_encrypt(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
uint8_t *output,
size_t output_size,
size_t *output_length )
{
return( cipher_encrypt( attributes, key_buffer, key_buffer_size,
alg, input, input_length,
output, output_size, output_length ) );
}
psa_status_t mbedtls_transparent_test_driver_cipher_decrypt(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
uint8_t *output,
size_t output_size,
size_t *output_length )
{
return( cipher_decrypt( attributes, key_buffer, key_buffer_size,
alg, input, input_length,
output, output_size, output_length ) );
}
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* MBEDTLS_PSA_CRYPTO_C */

120
library/psa_crypto_cipher.h
View File

@@ -199,6 +199,104 @@ psa_status_t mbedtls_psa_cipher_finish(
*/
psa_status_t mbedtls_psa_cipher_abort( mbedtls_psa_cipher_operation_t *operation );
/** Encrypt a message using a symmetric cipher.
*
* \note The signature of this function is that of a PSA driver
* cipher_encrypt entry point. This function behaves as a
* cipher_encrypt entry point as defined in the PSA driver
* interface specification for transparent drivers.
*
* \param[in] attributes The attributes of the key to use for the
* operation.
* \param[in] key_buffer The buffer containing the key context.
* \param[in] key_buffer_size Size of the \p key_buffer buffer in bytes.
* \param[in] alg The cipher algorithm to compute
* (\c PSA_ALG_XXX value such that
* #PSA_ALG_IS_CIPHER(\p alg) is true).
* \param[in] input Buffer containing the iv and the plaintext.
* \param[in] input_length Size of the \p input buffer in bytes.
* \param[in,out] output Buffer where the output is to be written.
* The IV must be written to this buffer before
* this function is called.
* \param[in] output_size Size of the \p output buffer in bytes.
* \param[out] output_length On success, the number of bytes
* that make up the returned output.
*
* \retval #PSA_SUCCESS
* \retval #PSA_ERROR_NOT_SUPPORTED
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p output buffer is too small.
* \retval #PSA_ERROR_INVALID_ARGUMENT
* The size of \p iv is not acceptable for the chosen algorithm,
* or the chosen algorithm does not use an IV.
* The total input size passed to this operation is not valid for
* this particular algorithm. For example, the algorithm is a based
* on block cipher and requires a whole number of blocks, but the
* total input size is not a multiple of the block size.
* \retval #PSA_ERROR_INVALID_PADDING
* This is a decryption operation for an algorithm that includes
* padding, and the ciphertext does not contain valid padding.
*/
psa_status_t mbedtls_psa_cipher_encrypt( const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
uint8_t *output,
size_t output_size,
size_t *output_length );
/** Decrypt a message using a symmetric cipher.
*
* \note The signature of this function is that of a PSA driver
* cipher_decrypt entry point. This function behaves as a
* cipher_decrypt entry point as defined in the PSA driver
* interface specification for transparent drivers.
*
* \param[in] attributes The attributes of the key to use for the
* operation.
* \param[in] key_buffer The buffer containing the key context.
* \param[in] key_buffer_size Size of the \p key_buffer buffer in bytes.
* \param[in] alg The cipher algorithm to compute
* (\c PSA_ALG_XXX value such that
* #PSA_ALG_IS_CIPHER(\p alg) is true).
* \param[in] input Buffer containing the iv and the ciphertext.
* \param[in] input_length Size of the \p input buffer in bytes.
* \param[out] output Buffer where the output is to be written.
* \param[in] output_size Size of the \p output buffer in bytes.
* \param[out] output_length On success, the number of bytes
* that make up the returned output.
*
* \retval #PSA_SUCCESS
* \retval #PSA_ERROR_NOT_SUPPORTED
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p output buffer is too small.
* \retval #PSA_ERROR_INVALID_ARGUMENT
* The size of \p iv is not acceptable for the chosen algorithm,
* or the chosen algorithm does not use an IV.
* The total input size passed to this operation is not valid for
* this particular algorithm. For example, the algorithm is a based
* on block cipher and requires a whole number of blocks, but the
* total input size is not a multiple of the block size.
* \retval #PSA_ERROR_INVALID_PADDING
* This is a decryption operation for an algorithm that includes
* padding, and the ciphertext does not contain valid padding.
*/
psa_status_t mbedtls_psa_cipher_decrypt( const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
uint8_t *output,
size_t output_size,
size_t *output_length );
/*
* BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY.
*/
@@ -231,6 +329,28 @@ psa_status_t mbedtls_transparent_test_driver_cipher_finish(
psa_status_t mbedtls_transparent_test_driver_cipher_abort(
mbedtls_psa_cipher_operation_t *operation );
psa_status_t mbedtls_transparent_test_driver_cipher_encrypt(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
uint8_t *output,
size_t output_size,
size_t *output_length );
psa_status_t mbedtls_transparent_test_driver_cipher_decrypt(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
uint8_t *output,
size_t output_size,
size_t *output_length );
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_CIPHER_H */

134
library/psa_crypto_driver_wrappers.c
View File

@@ -736,7 +736,9 @@ psa_status_t psa_driver_wrapper_get_builtin_key(
* Cipher functions
*/
psa_status_t psa_driver_wrapper_cipher_encrypt(
psa_key_slot_t *slot,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
@@ -744,22 +746,20 @@ psa_status_t psa_driver_wrapper_cipher_encrypt(
size_t output_size,
size_t *output_length )
{
#if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime);
psa_key_attributes_t attributes = {
.core = slot->attr
};
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_location_t location =
PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
switch( location )
{
case PSA_KEY_LOCATION_LOCAL_STORAGE:
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
status = mbedtls_test_transparent_cipher_encrypt( &attributes,
slot->key.data,
slot->key.bytes,
status = mbedtls_test_transparent_cipher_encrypt( attributes,
key_buffer,
key_buffer_size,
alg,
input,
input_length,
@@ -770,14 +770,29 @@ psa_status_t psa_driver_wrapper_cipher_encrypt(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
/* Fell through, meaning no accelerator supports this operation */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
return( mbedtls_psa_cipher_encrypt( attributes,
key_buffer,
key_buffer_size,
alg,
input,
input_length,
output,
output_size,
output_length ) );
#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
return( PSA_ERROR_NOT_SUPPORTED );
/* Add cases for opaque driver here */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TEST_DRIVER_LOCATION:
return( mbedtls_test_opaque_cipher_encrypt( &attributes,
slot->key.data,
slot->key.bytes,
return( mbedtls_test_opaque_cipher_encrypt( attributes,
key_buffer,
key_buffer_size,
alg,
input,
input_length,
@@ -785,25 +800,27 @@ psa_status_t psa_driver_wrapper_cipher_encrypt(
output_size,
output_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
default:
/* Key is declared with a lifetime not known to us */
return( status );
(void)status;
(void)key_buffer;
(void)key_buffer_size;
(void)alg;
(void)input;
(void)input_length;
(void)output;
(void)output_size;
(void)output_length;
return( PSA_ERROR_INVALID_ARGUMENT );
}
#else /* PSA_CRYPTO_DRIVER_PRESENT */
(void) slot;
(void) alg;
(void) input;
(void) input_length;
(void) output;
(void) output_size;
(void) output_length;
return( PSA_ERROR_NOT_SUPPORTED );
#endif /* PSA_CRYPTO_DRIVER_PRESENT */
}
psa_status_t psa_driver_wrapper_cipher_decrypt(
psa_key_slot_t *slot,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
@@ -811,22 +828,20 @@ psa_status_t psa_driver_wrapper_cipher_decrypt(
size_t output_size,
size_t *output_length )
{
#if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime);
psa_key_attributes_t attributes = {
.core = slot->attr
};
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_location_t location =
PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
switch( location )
{
case PSA_KEY_LOCATION_LOCAL_STORAGE:
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
status = mbedtls_test_transparent_cipher_decrypt( &attributes,
slot->key.data,
slot->key.bytes,
status = mbedtls_test_transparent_cipher_decrypt( attributes,
key_buffer,
key_buffer_size,
alg,
input,
input_length,
@@ -837,14 +852,29 @@ psa_status_t psa_driver_wrapper_cipher_decrypt(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
/* Fell through, meaning no accelerator supports this operation */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
return( mbedtls_psa_cipher_decrypt( attributes,
key_buffer,
key_buffer_size,
alg,
input,
input_length,
output,
output_size,
output_length ) );
#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
return( PSA_ERROR_NOT_SUPPORTED );
/* Add cases for opaque driver here */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TEST_DRIVER_LOCATION:
return( mbedtls_test_opaque_cipher_decrypt( &attributes,
slot->key.data,
slot->key.bytes,
return( mbedtls_test_opaque_cipher_decrypt( attributes,
key_buffer,
key_buffer_size,
alg,
input,
input_length,
@@ -852,21 +882,21 @@ psa_status_t psa_driver_wrapper_cipher_decrypt(
output_size,
output_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
default:
/* Key is declared with a lifetime not known to us */
return( status );
(void)status;
(void)key_buffer;
(void)key_buffer_size;
(void)alg;
(void)input;
(void)input_length;
(void)output;
(void)output_size;
(void)output_length;
return( PSA_ERROR_INVALID_ARGUMENT );
}
#else /* PSA_CRYPTO_DRIVER_PRESENT */
(void) slot;
(void) alg;
(void) input;
(void) input_length;
(void) output;
(void) output_size;
(void) output_length;
return( PSA_ERROR_NOT_SUPPORTED );
#endif /* PSA_CRYPTO_DRIVER_PRESENT */
}
psa_status_t psa_driver_wrapper_cipher_encrypt_setup(

8
library/psa_crypto_driver_wrappers.h
View File

@@ -98,7 +98,9 @@ psa_status_t psa_driver_wrapper_get_builtin_key(
* Cipher functions
*/
psa_status_t psa_driver_wrapper_cipher_encrypt(
psa_key_slot_t *slot,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
@@ -107,7 +109,9 @@ psa_status_t psa_driver_wrapper_cipher_encrypt(
size_t *output_length );
psa_status_t psa_driver_wrapper_cipher_decrypt(
psa_key_slot_t *slot,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,