From 2e73649f9c9bcbf1a6cfe39097f6fca2f27aba8b Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Tue, 22 Nov 2022 13:50:22 +0100 Subject: [PATCH] Add pake psa crypto driver wrappers implementation Signed-off-by: Przemek Stekiel --- library/psa_crypto_driver_wrappers.h | 4 +- .../psa_crypto_driver_wrappers.c.jinja | 270 +++++++++++++++++- 2 files changed, 261 insertions(+), 13 deletions(-) diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h index e011594be..a3755d3a4 100644 --- a/library/psa_crypto_driver_wrappers.h +++ b/library/psa_crypto_driver_wrappers.h @@ -420,8 +420,10 @@ psa_status_t psa_driver_wrapper_pake_setup( const psa_pake_cipher_suite_t *cipher_suite); psa_status_t psa_driver_wrapper_pake_set_password_key( + const psa_key_attributes_t *attributes, psa_pake_operation_t *operation, - mbedtls_svc_key_id_t password); + uint8_t *key_buffer, + size_t key_size); psa_status_t psa_driver_wrapper_pake_set_user( psa_pake_operation_t *operation, diff --git a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja index 8f9ff73b8..802722f97 100644 --- a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja +++ b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja @@ -2814,14 +2814,100 @@ psa_status_t psa_driver_wrapper_pake_setup( psa_pake_operation_t *operation, const psa_pake_cipher_suite_t *cipher_suite ) { - return( mbedtls_psa_pake_setup( operation, cipher_suite ) ); + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + /* Try setup on accelerators first */ +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_TEST) + status = mbedtls_test_transparent_pake_setup( + &operation->ctx.transparent_test_driver_ctx, + (const psa_pake_cipher_suite_t*) cipher_suite ); + if( status == PSA_SUCCESS ) + operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID; + + if( status != PSA_ERROR_NOT_SUPPORTED ) + return( status ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + + /* If software fallback is compiled in, try fallback */ +#if defined(MBEDTLS_PSA_BUILTIN_PAKE) + status = mbedtls_psa_pake_setup( &operation->ctx.mbedtls_ctx, cipher_suite ); + if( status == PSA_SUCCESS ) + operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; + + if( status != PSA_ERROR_NOT_SUPPORTED ) + return( status ); +#endif /* MBEDTLS_PSA_BUILTIN_PAKE */ + + /* Add cases for opaque driver here */ +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_TEST) + status = mbedtls_test_opaque_pake_setup( + &operation->ctx.opaque_test_driver_ctx, + (const psa_pake_cipher_suite_t*) cipher_suite ); + if( status == PSA_SUCCESS ) + operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID; + + if( status != PSA_ERROR_NOT_SUPPORTED ) + return( status ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + + /* Nothing left to try if we fall through here */ + (void) status; + (void) operation; + (void) cipher_suite; + return( PSA_ERROR_NOT_SUPPORTED ); } psa_status_t psa_driver_wrapper_pake_set_password_key( + const psa_key_attributes_t *attributes, psa_pake_operation_t *operation, - mbedtls_svc_key_id_t password ) + uint8_t *key_buffer, + size_t key_size ) { - return( mbedtls_psa_pake_set_password_key( operation, password ) ); + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_key_location_t location = + PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); + + switch( location ) + { + case PSA_KEY_LOCATION_LOCAL_STORAGE: + /* Key is stored in the slot in export representation, so + * cycle through all known transparent accelerators */ +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_TEST) + status = mbedtls_test_transparent_set_password_key( + attributes, + &operation->ctx.transparent_test_driver_ctx, + key_buffer, key_size ); + /* Declared with fallback == true */ + if( status != PSA_ERROR_NOT_SUPPORTED ) + return( status ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + return( mbedtls_psa_pake_set_password_key( + attributes, &operation->ctx.mbedtls_ctx, + key_buffer, key_size ) ); + /* Add cases for opaque driver here */ +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_TEST_DRIVER_LOCATION: + return( mbedtls_test_opaque_set_password_key( + attributes, + &operation->ctx.opaque_test_driver_ctx, + key_buffer, key_size ) ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + + default: + /* Key is declared with a lifetime not known to us */ + (void)status; + (void)key_buffer; + (void)key_size; + return( PSA_ERROR_INVALID_ARGUMENT ); + } } psa_status_t psa_driver_wrapper_pake_set_user( @@ -2829,7 +2915,31 @@ psa_status_t psa_driver_wrapper_pake_set_user( const uint8_t *user_id, size_t user_id_len ) { - return( mbedtls_psa_pake_set_user( operation, user_id, user_id_len ) ); + switch( operation->id ) + { +#if defined(MBEDTLS_PSA_BUILTIN_PAKE) + case PSA_CRYPTO_MBED_TLS_DRIVER_ID: + return( mbedtls_psa_pake_set_user( &operation->ctx.mbedtls_ctx, + user_id, user_id_len ) ); +#endif /* MBEDTLS_PSA_BUILTIN_PAKE */ + +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_TEST) + case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: + return( mbedtls_test_transparent_pake_set_user( + &operation->ctx.transparent_test_driver_ctx, + user_id, user_id_len ) ); + case MBEDTLS_TEST_OPAQUE_DRIVER_ID: + return( mbedtls_test_opaque_pake_set_user( + &operation->ctx.opaque_test_driver_ctx, + user_id, user_id_len ) ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + default: + (void) user_id; + (void) user_id_len; + return( PSA_ERROR_INVALID_ARGUMENT ); + } } psa_status_t psa_driver_wrapper_pake_set_peer( @@ -2837,14 +2947,60 @@ psa_status_t psa_driver_wrapper_pake_set_peer( const uint8_t *peer_id, size_t peer_id_len ) { - return( mbedtls_psa_pake_set_peer( operation, peer_id, peer_id_len ) ); + switch( operation->id ) + { +#if defined(MBEDTLS_PSA_BUILTIN_PAKE) + case PSA_CRYPTO_MBED_TLS_DRIVER_ID: + return( mbedtls_psa_pake_set_peer( &operation->ctx.mbedtls_ctx, + peer_id, peer_id_len ) ); +#endif /* MBEDTLS_PSA_BUILTIN_PAKE */ + +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_TEST) + case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: + return( mbedtls_test_transparent_pake_set_peer( + &operation->ctx.transparent_test_driver_ctx, + peer_id, peer_id_len ) ); + case MBEDTLS_TEST_OPAQUE_DRIVER_ID: + return( mbedtls_test_opaque_pake_set_peer( + &operation->ctx.opaque_test_driver_ctx, + peer_id, peer_id_len ) ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + default: + (void) peer_id; + (void) peer_id_len; + return( PSA_ERROR_INVALID_ARGUMENT ); + } } psa_status_t psa_driver_wrapper_pake_set_role( psa_pake_operation_t *operation, psa_pake_role_t role ) { - return( mbedtls_psa_pake_set_role( operation, role ) ); + switch( operation->id ) + { +#if defined(MBEDTLS_PSA_BUILTIN_PAKE) + case PSA_CRYPTO_MBED_TLS_DRIVER_ID: + return( mbedtls_psa_pake_set_role( &operation->ctx.mbedtls_ctx, role ) ); +#endif /* MBEDTLS_PSA_BUILTIN_PAKE */ + +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_TEST) + case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: + return( mbedtls_test_transparent_pake_set_role( + &operation->ctx.transparent_test_driver_ctx, + role ) ); + case MBEDTLS_TEST_OPAQUE_DRIVER_ID: + return( mbedtls_test_opaque_pake_set_role( + &operation->ctx.opaque_test_driver_ctx, + role ) ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + default: + (void) role; + return( PSA_ERROR_INVALID_ARGUMENT ); + } } psa_status_t psa_driver_wrapper_pake_output( @@ -2854,8 +3010,33 @@ psa_status_t psa_driver_wrapper_pake_output( size_t output_size, size_t *output_length ) { - return( mbedtls_psa_pake_output( operation, step, output, - output_size, output_length ) ); + switch( operation->id ) + { +#if defined(MBEDTLS_PSA_BUILTIN_PAKE) + case PSA_CRYPTO_MBED_TLS_DRIVER_ID: + return( mbedtls_psa_pake_output( &operation->ctx.mbedtls_ctx, step, output, + output_size, output_length ) ); +#endif /* MBEDTLS_PSA_BUILTIN_PAKE */ + +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_TEST) + case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: + return( mbedtls_test_transparent_pake_output( + &operation->ctx.transparent_test_driver_ctx, + step, output, output_size, output_length ) ); + case MBEDTLS_TEST_OPAQUE_DRIVER_ID: + return( mbedtls_test_opaque_pake_output( + &operation->ctx.opaque_test_driver_ctx, + step, output, output_size, output_length ) ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + default: + (void) step; + (void) output; + (void) output_size; + (void) output_length; + return( PSA_ERROR_INVALID_ARGUMENT ); + } } psa_status_t psa_driver_wrapper_pake_input( @@ -2864,21 +3045,86 @@ psa_status_t psa_driver_wrapper_pake_input( const uint8_t *input, size_t input_length ) { - return( mbedtls_psa_pake_input( operation, step, input, input_length ) ); + switch( operation->id ) + { +#if defined(MBEDTLS_PSA_BUILTIN_PAKE) + case PSA_CRYPTO_MBED_TLS_DRIVER_ID: + return( mbedtls_psa_pake_input( &operation->ctx.mbedtls_ctx, + step, input, input_length ) ); +#endif /* MBEDTLS_PSA_BUILTIN_PAKE */ + +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_TEST) + case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: + return( mbedtls_test_transparent_pake_input( + &operation->ctx.transparent_test_driver_ctx, + step, input, input_length ) ); + case MBEDTLS_TEST_OPAQUE_DRIVER_ID: + return( mbedtls_test_opaque_pake_input( + &operation->ctx.opaque_test_driver_ctx, + step, input, input_length ) ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + default: + (void) step; + (void) input; + (void) input_length; + return( PSA_ERROR_INVALID_ARGUMENT ); + } } psa_status_t psa_driver_wrapper_pake_get_implicit_key( psa_pake_operation_t *operation, psa_key_derivation_operation_t *output ) { - return( mbedtls_psa_pake_get_implicit_key( operation, output ) ); + switch( operation->id ) + { +#if defined(MBEDTLS_PSA_BUILTIN_PAKE) + case PSA_CRYPTO_MBED_TLS_DRIVER_ID: + return( mbedtls_psa_pake_get_implicit_key( &operation->ctx.mbedtls_ctx, output ) ); +#endif /* MBEDTLS_PSA_BUILTIN_PAKE */ + +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_TEST) + case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: + return( mbedtls_test_transparent_pake_get_implicit_key( + &operation->ctx.transparent_test_driver_ctx, + (psa_key_derivation_operation_t*) output ) ); + case MBEDTLS_TEST_OPAQUE_DRIVER_ID: + return( mbedtls_test_opaque_pake_get_implicit_key( + &operation->ctx.opaque_test_driver_ctx, + (psa_key_derivation_operation_t*) output ) ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + default: + (void) output; + return( PSA_ERROR_INVALID_ARGUMENT ); + } } psa_status_t psa_driver_wrapper_pake_abort( psa_pake_operation_t * operation ) { - return( mbedtls_psa_pake_abort( operation ) ); -} + switch( operation->id ) + { +#if defined(MBEDTLS_PSA_BUILTIN_PAKE) + case PSA_CRYPTO_MBED_TLS_DRIVER_ID: + return( mbedtls_psa_pake_abort( &operation->ctx.mbedtls_ctx ) ); #endif /* MBEDTLS_PSA_BUILTIN_PAKE */ +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_TEST) + case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: + return( mbedtls_test_transparent_pake_abort( + &operation->ctx.transparent_test_driver_ctx ) ); + case MBEDTLS_TEST_OPAQUE_DRIVER_ID: + return( mbedtls_test_opaque_pake_abort( + &operation->ctx.opaque_test_driver_ctx ) ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + default: + return( PSA_ERROR_INVALID_ARGUMENT ); + } +} + #endif /* MBEDTLS_PSA_CRYPTO_C */