Merge pull request #7980 from xkqian/codesize_exclude_psa_wrappers

Codesize exclude psa wrappers
This commit is contained in:
Dave Rodgman 2023-09-26 13:18:01 +01:00 committed by GitHub
commit d472a8fa5d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
19 changed files with 394 additions and 694 deletions

View file

@ -22,9 +22,9 @@
#include "p256-m_driver_entrypoints.h"
#include "p256-m/p256-m.h"
#include "psa/crypto.h"
#include "psa_crypto_driver_wrappers.h"
#include <stddef.h>
#include <string.h>
#include "psa_crypto_driver_wrappers_no_static.h"
#if defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED)

View file

@ -49,7 +49,7 @@ psa_status_t psa_api( ... )
```
The code of most PSA APIs is expected to match precisely the above layout. However, it is likely that the code structure of some APIs will be more complicated with several calls to the driver interface, mainly to encompass a larger variety of hardware designs. For example, to encompass hardware accelerators that are capable of verifying a MAC and those that are only capable of computing a MAC, the psa_mac_verify() API could call first psa_driver_wrapper_mac_verify() and then fallback to psa_driver_wrapper_mac_compute().
The implementations of `psa_driver_wrapper_<entry_point>` functions are generated by the build system based on the JSON driver description files of the various PSA drivers making up the Mbed TLS PSA Cryptography API implementation. The implementations are generated in a psa_crypto_driver_wrappers.c C file and the function prototypes declared in a psa_crypto_driver_wrappers.h header file.
The implementations of `psa_driver_wrapper_<entry_point>` functions are generated by the build system based on the JSON driver description files of the various PSA drivers making up the Mbed TLS PSA Cryptography API implementation. The implementations are splited into two parts. The static ones are generated in a psa_crypto_driver_wrappers.h header file, the non-static ones are generated in a psa_crypto_driver_wrappers_no_static.c C file and the function prototypes declared in a psa_crypto_driver_wrappers_no_static.h header file.
The psa_driver_wrapper_<entry_point>() functions dispatch cryptographic operations to accelerator drivers, secure element drivers as well as to the software implementations of cryptographic operations.
@ -139,7 +139,7 @@ Some mechanisms require other mechanisms. For example, you can't do GCM without
The general structure of a cryptographic operation function is:
1. API function defined in `library/psa_crypto.c`. The entry point performs generic checks that don't depend on whether the mechanism is implemented in software or in a driver and looks up keys in the key store.
2. Driver dispatch code in `scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja` or files included from there.
2. Driver dispatch code in `scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja`, `scripts/data_files/driver_templates/psa_crypto_driver_wrappers_no_static.c.jinja` or files included from there.
3. Built-in implementation in `library/psa_crypto_*.c` (with function declarations in the corresponding `.h` file). These files typically contain the implementation of modes of operation over basic building blocks that are defined elsewhere. For example, HMAC is implemented in `library/psa_crypto_mac.c` but the underlying hash functions are implemented in `library/sha*.c` and `library/md*.c`.
4. Basic cryptographic building blocks in `library/*.c`.

View file

@ -1,7 +1,7 @@
Migrating to an auto generated psa_crypto_driver_wrappers.c file
Migrating to an auto generated psa_crypto_driver_wrappers.h file
================================================================
This document describes how to migrate to the auto generated psa_crypto_driver_wrappers.c file.
This document describes how to migrate to the auto generated psa_crypto_driver_wrappers.h file.
It is meant to give the library user migration guidelines while the Mbed TLS project tides over multiple minor revs of version 1.0, after which this will be merged into psa-driver-interface.md.
For a practical guide with a description of the current state of drivers Mbed TLS, see our [PSA Cryptoprocessor driver development examples](../psa-driver-example-and-guide.html).
@ -27,10 +27,10 @@ While that is the larger goal, for version 1.1 here's what's changed
#### What's changed
(1) psa_crypto_driver_wrappers.c will from this point on be auto generated.
(2) The auto generation is based on the template file at **scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja**.
(3) The driver JSONS to be used for generating the psa_crypto_driver_wrappers.c file can be found at **scripts/data_files/driver_jsons/** as their default location, this path includes the schemas against which the driver schemas will be validated (driver_opaque_schema.json, driver_transparent_schema.json) and a driverlist.json which specifies the drivers to be considered and the order in which they want to be called into. The default location for driverlist.json and driver JSONS can be overloaded by passing an argument --json-dir while running the script generate_driver_wrappers.py.
(4) While the complete driver wrapper templating support is yet to come in, if the library user sees a need to patch psa_crypto_driver_wrappers.c file, the user will need to patch into the template file as needed (psa_crypto_driver_wrappers.c.jinja).
(1) psa_crypto_driver_wrappers.h will from this point on be auto generated.
(2) The auto generation is based on the template file at **scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja**.
(3) The driver JSONS to be used for generating the psa_crypto_driver_wrappers.h file can be found at **scripts/data_files/driver_jsons/** as their default location, this path includes the schemas against which the driver schemas will be validated (driver_opaque_schema.json, driver_transparent_schema.json) and a driverlist.json which specifies the drivers to be considered and the order in which they want to be called into. The default location for driverlist.json and driver JSONS can be overloaded by passing an argument --json-dir while running the script generate_driver_wrappers.py.
(4) While the complete driver wrapper templating support is yet to come in, if the library user sees a need to patch psa_crypto_driver_wrappers.h file, the user will need to patch into the template file as needed (psa_crypto_driver_wrappers.h.jinja).
#### How to set your driver up

View file

@ -74,7 +74,7 @@ Include any header files required by the driver in `psa_crypto_driver_wrappers.h
**4. For each operation being accelerated, locate the function in the driver dispatch layer that corresponds to the entry point of that operation.** \
The file `psa_crypto_driver_wrappers.c.jinja` contains the driver wrapper functions. For the entry points that have driver wrapper auto-generation implemented, the functions have been replaced with `jinja` templating logic. While the file has a `.jinja` extension, the driver wrapper functions for the remaining entry points are simple C functions. The names of these functions are of the form `psa_driver_wrapper` followed by the entry point name. So, for example, the function `psa_driver_wrapper_sign_hash()` corresponds to the `sign_hash` entry point.
The file `psa_crypto_driver_wrappers.h.jinja` and `psa_crypto_driver_wrappers_no_static.c.jinja` contains the driver wrapper functions. For the entry points that have driver wrapper auto-generation implemented, the functions have been replaced with `jinja` templating logic. While the file has a `.jinja` extension, the driver wrapper functions for the remaining entry points are simple C functions. The names of these functions are of the form `psa_driver_wrapper` followed by the entry point name. So, for example, the function `psa_driver_wrapper_sign_hash()` corresponds to the `sign_hash` entry point.
**5. If a driver entry point function has been provided then ensure it has the same signature as the driver wrapper function.** \
If one has not been provided then write one. Its name should begin with the driver prefix, followed by transparent/opaque (depending on driver type), and end with the entry point name. It should have the same signature as the driver wrapper function. The purpose of the entry point function is to take arguments in PSA format for the implemented operation and return outputs/status codes in PSA format. \
@ -153,7 +153,7 @@ The p256-m driver implements four entry points: `generate_key`, `key_agreement`,
There are no entry points for `sign_message` and `verify_message`, which are not necessary for a sign-and-hash algorithm. The core still implements these functions by doing the hashes and then calling the sign/verify-hash entry points.
The driver entry point functions can be found in `p256m_driver_entrypoints.[hc]`. These functions act as an interface between Mbed TLS and p256-m; converting between PSA and p256-m argument formats and performing sanity checks. If the driver's status codes differ from PSA's, it is recommended to implement a status code translation function. The function `p256_to_psa_error()` converts error codes returned by p256-m into PSA error codes.
The driver wrapper functions in `psa_crypto_driver_wrappers.c.jinja` for all four entry points have also been modified. The code block below shows the additions made to `psa_driver_wrapper_sign_hash()`. In adherence to the defined process, all code related to the driver call is placed within a check for `MBEDTLS_PSA_P256M_DRIVER_ENABLED`. p256-m only supports non-deterministic ECDSA using keys based on NIST P256; these constraints are enforced through checks (see the `if` statement). Checks that involve accessing key attributes, (e.g. checking key type or bits) **must** be performed in the driver wrapper. This is because this information is marked private and may not be accessed outside the library. Other checks can be performed here or in the entry point function. The status returned by the driver is propagated up the call hierarchy **unless** the driver does not support the operation (i.e. return `PSA_ERROR_NOT_SUPPORTED`). In that case the next available driver/built-in implementation is called.
The driver wrapper functions in `psa_crypto_driver_wrappers.h.jinja` for all four entry points have also been modified. The code block below shows the additions made to `psa_driver_wrapper_sign_hash()`. In adherence to the defined process, all code related to the driver call is placed within a check for `MBEDTLS_PSA_P256M_DRIVER_ENABLED`. p256-m only supports non-deterministic ECDSA using keys based on NIST P256; these constraints are enforced through checks (see the `if` statement). Checks that involve accessing key attributes, (e.g. checking key type or bits) **must** be performed in the driver wrapper. This is because this information is marked private and may not be accessed outside the library. Other checks can be performed here or in the entry point function. The status returned by the driver is propagated up the call hierarchy **unless** the driver does not support the operation (i.e. return `PSA_ERROR_NOT_SUPPORTED`). In that case the next available driver/built-in implementation is called.
```
#if defined (MBEDTLS_PSA_P256M_DRIVER_ENABLED)

View file

@ -121,7 +121,7 @@ typedef mbedtls_psa_pake_operation_t
*
* The union members are the driver's context structures, and the member names
* are formatted as `'drivername'_ctx`. This allows for procedural generation
* of both this file and the content of psa_crypto_driver_wrappers.c */
* of both this file and the content of psa_crypto_driver_wrappers.h */
typedef union {
unsigned dummy; /* Make sure this union is always non-empty */

View file

@ -94,7 +94,7 @@ typedef struct {
*
* The union members are the driver's context structures, and the member names
* are formatted as `'drivername'_ctx`. This allows for procedural generation
* of both this file and the content of psa_crypto_driver_wrappers.c */
* of both this file and the content of psa_crypto_driver_wrappers.h */
typedef union {
unsigned dummy; /* Make sure this union is always non-empty */

3
library/.gitignore vendored
View file

@ -6,5 +6,6 @@ libmbed*
/error.c
/version_features.c
/ssl_debug_helpers_generated.c
/psa_crypto_driver_wrappers.c
/psa_crypto_driver_wrappers.h
/psa_crypto_driver_wrappers_no_static.c
###END_GENERATED_FILES###

View file

@ -67,7 +67,7 @@ set(src_crypto
psa_crypto_aead.c
psa_crypto_cipher.c
psa_crypto_client.c
psa_crypto_driver_wrappers.c
psa_crypto_driver_wrappers_no_static.c
psa_crypto_ecp.c
psa_crypto_ffdh.c
psa_crypto_hash.c
@ -174,14 +174,16 @@ if(GEN_FILES)
add_custom_command(
OUTPUT
${CMAKE_CURRENT_BINARY_DIR}/psa_crypto_driver_wrappers.c
${CMAKE_CURRENT_BINARY_DIR}/psa_crypto_driver_wrappers.h
${CMAKE_CURRENT_BINARY_DIR}/psa_crypto_driver_wrappers_no_static.c
COMMAND
${MBEDTLS_PYTHON_EXECUTABLE}
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/generate_driver_wrappers.py
${CMAKE_CURRENT_BINARY_DIR}
DEPENDS
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/generate_driver_wrappers.py
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/data_files/driver_templates/psa_crypto_driver_wrappers_no_static.c.jinja
)
@ -189,7 +191,7 @@ else()
link_to_source(error.c)
link_to_source(version_features.c)
link_to_source(ssl_debug_helpers_generated.c)
link_to_source(psa_crypto_driver_wrappers.c)
link_to_source(psa_crypto_driver_wrappers_no_static.c)
endif()
if(CMAKE_COMPILER_IS_GNUCC)

View file

@ -136,7 +136,7 @@ OBJS_CRYPTO= \
psa_crypto_aead.o \
psa_crypto_cipher.o \
psa_crypto_client.o \
psa_crypto_driver_wrappers.o \
psa_crypto_driver_wrappers_no_static.o \
psa_crypto_ecp.o \
psa_crypto_ffdh.o \
psa_crypto_hash.o \
@ -316,7 +316,8 @@ libmbedcrypto.dll: $(OBJS_CRYPTO)
GENERATED_FILES = \
error.c version_features.c \
ssl_debug_helpers_generated.c \
psa_crypto_driver_wrappers.c
psa_crypto_driver_wrappers.h \
psa_crypto_driver_wrappers_no_static.c
generated_files: $(GENERATED_FILES)
# See root Makefile
@ -352,12 +353,18 @@ version_features.c:
echo " Gen $@"
$(PERL) ../scripts/generate_features.pl
psa_crypto_driver_wrappers.c: $(gen_file_dep) ../scripts/generate_driver_wrappers.py
psa_crypto_driver_wrappers.c: $(gen_file_dep) ../scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja
psa_crypto_driver_wrappers.c:
echo " Gen $@"
GENERATED_WRAPPER_FILES = \
psa_crypto_driver_wrappers.h \
psa_crypto_driver_wrappers_no_static.c
$(GENERATED_WRAPPER_FILES): ../scripts/generate_driver_wrappers.py
$(GENERATED_WRAPPER_FILES): ../scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja
$(GENERATED_WRAPPER_FILES): ../scripts/data_files/driver_templates/psa_crypto_driver_wrappers_no_static.c.jinja
$(GENERATED_WRAPPER_FILES):
echo " Gen $(GENERATED_WRAPPER_FILES)"
$(PYTHON) ../scripts/generate_driver_wrappers.py
psa_crypto.o:psa_crypto_driver_wrappers.h
clean:
ifndef WINDOWS
rm -f *.o libmbed*

View file

@ -34,6 +34,7 @@
#include "psa_crypto_core.h"
#include "psa_crypto_invasive.h"
#include "psa_crypto_driver_wrappers.h"
#include "psa_crypto_driver_wrappers_no_static.h"
#include "psa_crypto_ecp.h"
#include "psa_crypto_ffdh.h"
#include "psa_crypto_hash.h"

View file

@ -1,445 +0,0 @@
/*
* Function signatures for functionality that can be provided by
* cryptographic accelerators.
*/
/* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef PSA_CRYPTO_DRIVER_WRAPPERS_H
#define PSA_CRYPTO_DRIVER_WRAPPERS_H
#include "psa/crypto.h"
#include "psa/crypto_driver_common.h"
#if defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED)
#include "../3rdparty/p256-m/p256-m_driver_entrypoints.h"
#endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */
/*
* Initialization and termination functions
*/
psa_status_t psa_driver_wrapper_init(void);
void psa_driver_wrapper_free(void);
/*
* Signature functions
*/
psa_status_t psa_driver_wrapper_sign_message(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
uint8_t *signature,
size_t signature_size,
size_t *signature_length);
psa_status_t psa_driver_wrapper_verify_message(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
const uint8_t *signature,
size_t signature_length);
psa_status_t psa_driver_wrapper_sign_hash(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
uint8_t *signature, size_t signature_size, size_t *signature_length);
psa_status_t psa_driver_wrapper_verify_hash(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
const uint8_t *signature, size_t signature_length);
/*
* Interruptible Signature functions
*/
uint32_t psa_driver_wrapper_sign_hash_get_num_ops(
psa_sign_hash_interruptible_operation_t *operation);
uint32_t psa_driver_wrapper_verify_hash_get_num_ops(
psa_verify_hash_interruptible_operation_t *operation);
psa_status_t psa_driver_wrapper_sign_hash_start(
psa_sign_hash_interruptible_operation_t *operation,
const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
size_t key_buffer_size, psa_algorithm_t alg,
const uint8_t *hash, size_t hash_length);
psa_status_t psa_driver_wrapper_sign_hash_complete(
psa_sign_hash_interruptible_operation_t *operation,
uint8_t *signature, size_t signature_size,
size_t *signature_length);
psa_status_t psa_driver_wrapper_sign_hash_abort(
psa_sign_hash_interruptible_operation_t *operation);
psa_status_t psa_driver_wrapper_verify_hash_start(
psa_verify_hash_interruptible_operation_t *operation,
const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
size_t key_buffer_size, psa_algorithm_t alg,
const uint8_t *hash, size_t hash_length,
const uint8_t *signature, size_t signature_length);
psa_status_t psa_driver_wrapper_verify_hash_complete(
psa_verify_hash_interruptible_operation_t *operation);
psa_status_t psa_driver_wrapper_verify_hash_abort(
psa_verify_hash_interruptible_operation_t *operation);
/*
* Key handling functions
*/
psa_status_t psa_driver_wrapper_import_key(
const psa_key_attributes_t *attributes,
const uint8_t *data, size_t data_length,
uint8_t *key_buffer, size_t key_buffer_size,
size_t *key_buffer_length, size_t *bits);
psa_status_t psa_driver_wrapper_export_key(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
uint8_t *data, size_t data_size, size_t *data_length);
psa_status_t psa_driver_wrapper_export_public_key(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
uint8_t *data, size_t data_size, size_t *data_length);
psa_status_t psa_driver_wrapper_get_key_buffer_size(
const psa_key_attributes_t *attributes,
size_t *key_buffer_size);
psa_status_t psa_driver_wrapper_get_key_buffer_size_from_key_data(
const psa_key_attributes_t *attributes,
const uint8_t *data,
size_t data_length,
size_t *key_buffer_size);
psa_status_t psa_driver_wrapper_generate_key(
const psa_key_attributes_t *attributes,
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length);
psa_status_t psa_driver_wrapper_get_builtin_key(
psa_drv_slot_number_t slot_number,
psa_key_attributes_t *attributes,
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length);
psa_status_t psa_driver_wrapper_copy_key(
psa_key_attributes_t *attributes,
const uint8_t *source_key, size_t source_key_length,
uint8_t *target_key_buffer, size_t target_key_buffer_size,
size_t *target_key_buffer_length);
/*
* Cipher functions
*/
psa_status_t psa_driver_wrapper_cipher_encrypt(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *iv,
size_t iv_length,
const uint8_t *input,
size_t input_length,
uint8_t *output,
size_t output_size,
size_t *output_length);
psa_status_t psa_driver_wrapper_cipher_decrypt(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
uint8_t *output,
size_t output_size,
size_t *output_length);
psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
psa_cipher_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg);
psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
psa_cipher_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg);
psa_status_t psa_driver_wrapper_cipher_set_iv(
psa_cipher_operation_t *operation,
const uint8_t *iv,
size_t iv_length);
psa_status_t psa_driver_wrapper_cipher_update(
psa_cipher_operation_t *operation,
const uint8_t *input,
size_t input_length,
uint8_t *output,
size_t output_size,
size_t *output_length);
psa_status_t psa_driver_wrapper_cipher_finish(
psa_cipher_operation_t *operation,
uint8_t *output,
size_t output_size,
size_t *output_length);
psa_status_t psa_driver_wrapper_cipher_abort(
psa_cipher_operation_t *operation);
/*
* Hashing functions
*/
psa_status_t psa_driver_wrapper_hash_compute(
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
uint8_t *hash,
size_t hash_size,
size_t *hash_length);
psa_status_t psa_driver_wrapper_hash_setup(
psa_hash_operation_t *operation,
psa_algorithm_t alg);
psa_status_t psa_driver_wrapper_hash_clone(
const psa_hash_operation_t *source_operation,
psa_hash_operation_t *target_operation);
psa_status_t psa_driver_wrapper_hash_update(
psa_hash_operation_t *operation,
const uint8_t *input,
size_t input_length);
psa_status_t psa_driver_wrapper_hash_finish(
psa_hash_operation_t *operation,
uint8_t *hash,
size_t hash_size,
size_t *hash_length);
psa_status_t psa_driver_wrapper_hash_abort(
psa_hash_operation_t *operation);
/*
* AEAD functions
*/
psa_status_t psa_driver_wrapper_aead_encrypt(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *nonce, size_t nonce_length,
const uint8_t *additional_data, size_t additional_data_length,
const uint8_t *plaintext, size_t plaintext_length,
uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length);
psa_status_t psa_driver_wrapper_aead_decrypt(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *nonce, size_t nonce_length,
const uint8_t *additional_data, size_t additional_data_length,
const uint8_t *ciphertext, size_t ciphertext_length,
uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length);
psa_status_t psa_driver_wrapper_aead_encrypt_setup(
psa_aead_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg);
psa_status_t psa_driver_wrapper_aead_decrypt_setup(
psa_aead_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg);
psa_status_t psa_driver_wrapper_aead_set_nonce(
psa_aead_operation_t *operation,
const uint8_t *nonce,
size_t nonce_length);
psa_status_t psa_driver_wrapper_aead_set_lengths(
psa_aead_operation_t *operation,
size_t ad_length,
size_t plaintext_length);
psa_status_t psa_driver_wrapper_aead_update_ad(
psa_aead_operation_t *operation,
const uint8_t *input,
size_t input_length);
psa_status_t psa_driver_wrapper_aead_update(
psa_aead_operation_t *operation,
const uint8_t *input,
size_t input_length,
uint8_t *output,
size_t output_size,
size_t *output_length);
psa_status_t psa_driver_wrapper_aead_finish(
psa_aead_operation_t *operation,
uint8_t *ciphertext,
size_t ciphertext_size,
size_t *ciphertext_length,
uint8_t *tag,
size_t tag_size,
size_t *tag_length);
psa_status_t psa_driver_wrapper_aead_verify(
psa_aead_operation_t *operation,
uint8_t *plaintext,
size_t plaintext_size,
size_t *plaintext_length,
const uint8_t *tag,
size_t tag_length);
psa_status_t psa_driver_wrapper_aead_abort(
psa_aead_operation_t *operation);
/*
* MAC functions
*/
psa_status_t psa_driver_wrapper_mac_compute(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
uint8_t *mac,
size_t mac_size,
size_t *mac_length);
psa_status_t psa_driver_wrapper_mac_sign_setup(
psa_mac_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg);
psa_status_t psa_driver_wrapper_mac_verify_setup(
psa_mac_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg);
psa_status_t psa_driver_wrapper_mac_update(
psa_mac_operation_t *operation,
const uint8_t *input,
size_t input_length);
psa_status_t psa_driver_wrapper_mac_sign_finish(
psa_mac_operation_t *operation,
uint8_t *mac,
size_t mac_size,
size_t *mac_length);
psa_status_t psa_driver_wrapper_mac_verify_finish(
psa_mac_operation_t *operation,
const uint8_t *mac,
size_t mac_length);
psa_status_t psa_driver_wrapper_mac_abort(
psa_mac_operation_t *operation);
/*
* Asymmetric cryptography
*/
psa_status_t psa_driver_wrapper_asymmetric_encrypt(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
const uint8_t *salt,
size_t salt_length,
uint8_t *output,
size_t output_size,
size_t *output_length);
psa_status_t psa_driver_wrapper_asymmetric_decrypt(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
const uint8_t *salt,
size_t salt_length,
uint8_t *output,
size_t output_size,
size_t *output_length);
/*
* Raw Key Agreement
*/
psa_status_t psa_driver_wrapper_key_agreement(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *peer_key,
size_t peer_key_length,
uint8_t *shared_secret,
size_t shared_secret_size,
size_t *shared_secret_length);
/*
* PAKE functions.
*/
psa_status_t psa_driver_wrapper_pake_setup(
psa_pake_operation_t *operation,
const psa_crypto_driver_pake_inputs_t *inputs);
psa_status_t psa_driver_wrapper_pake_output(
psa_pake_operation_t *operation,
psa_crypto_driver_pake_step_t step,
uint8_t *output,
size_t output_size,
size_t *output_length);
psa_status_t psa_driver_wrapper_pake_input(
psa_pake_operation_t *operation,
psa_crypto_driver_pake_step_t step,
const uint8_t *input,
size_t input_length);
psa_status_t psa_driver_wrapper_pake_get_implicit_key(
psa_pake_operation_t *operation,
uint8_t *output, size_t output_size,
size_t *output_length);
psa_status_t psa_driver_wrapper_pake_abort(
psa_pake_operation_t *operation);
#endif /* PSA_CRYPTO_DRIVER_WRAPPERS_H */
/* End of automatically generated file. */

View file

@ -0,0 +1,43 @@
/*
* Function signatures for functionality that can be provided by
* cryptographic accelerators.
*/
/* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef PSA_CRYPTO_DRIVER_WRAPPERS_NO_STATIC_H
#define PSA_CRYPTO_DRIVER_WRAPPERS_NO_STATIC_H
#include "psa/crypto.h"
#include "psa/crypto_driver_common.h"
psa_status_t psa_driver_wrapper_export_public_key(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
uint8_t *data, size_t data_size, size_t *data_length);
psa_status_t psa_driver_wrapper_get_key_buffer_size(
const psa_key_attributes_t *attributes,
size_t *key_buffer_size);
psa_status_t psa_driver_wrapper_get_builtin_key(
psa_drv_slot_number_t slot_number,
psa_key_attributes_t *attributes,
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length);
#endif /* PSA_CRYPTO_DRIVER_WRAPPERS_NO_STATIC_H */
/* End of automatically generated file. */

View file

@ -25,7 +25,7 @@
#include "psa/crypto.h"
#include "psa_crypto_core.h"
#include "psa_crypto_driver_wrappers.h"
#include "psa_crypto_driver_wrappers_no_static.h"
#include "psa_crypto_slot_management.h"
#include "psa_crypto_storage.h"
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)

View file

@ -25,7 +25,7 @@
#include "psa_crypto_aead.h"
#include "psa_crypto_cipher.h"
#include "psa_crypto_core.h"
#include "psa_crypto_driver_wrappers.h"
#include "psa_crypto_driver_wrappers_no_static.h"
#include "psa_crypto_hash.h"
#include "psa_crypto_mac.h"
#include "psa_crypto_pake.h"
@ -82,7 +82,7 @@
#include "psa_crypto_se.h"
#endif
psa_status_t psa_driver_wrapper_init( void )
static inline psa_status_t psa_driver_wrapper_init( void )
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
@ -106,7 +106,7 @@ psa_status_t psa_driver_wrapper_init( void )
return( PSA_SUCCESS );
}
void psa_driver_wrapper_free( void )
static inline void psa_driver_wrapper_free( void )
{
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
/* Unregister all secure element drivers, so that we restart from
@ -121,7 +121,7 @@ void psa_driver_wrapper_free( void )
}
/* Start delegation functions */
psa_status_t psa_driver_wrapper_sign_message(
static inline psa_status_t psa_driver_wrapper_sign_message(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
@ -196,7 +196,7 @@ psa_status_t psa_driver_wrapper_sign_message(
signature_length ) );
}
psa_status_t psa_driver_wrapper_verify_message(
static inline psa_status_t psa_driver_wrapper_verify_message(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
@ -267,7 +267,7 @@ psa_status_t psa_driver_wrapper_verify_message(
signature_length ) );
}
psa_status_t psa_driver_wrapper_sign_hash(
static inline psa_status_t psa_driver_wrapper_sign_hash(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
@ -371,7 +371,7 @@ psa_status_t psa_driver_wrapper_sign_hash(
}
}
psa_status_t psa_driver_wrapper_verify_hash(
static inline psa_status_t psa_driver_wrapper_verify_hash(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
@ -472,7 +472,7 @@ psa_status_t psa_driver_wrapper_verify_hash(
}
}
uint32_t psa_driver_wrapper_sign_hash_get_num_ops(
static inline uint32_t psa_driver_wrapper_sign_hash_get_num_ops(
psa_sign_hash_interruptible_operation_t *operation )
{
switch( operation->id )
@ -495,7 +495,7 @@ uint32_t psa_driver_wrapper_sign_hash_get_num_ops(
return( PSA_ERROR_INVALID_ARGUMENT );
}
uint32_t psa_driver_wrapper_verify_hash_get_num_ops(
static inline uint32_t psa_driver_wrapper_verify_hash_get_num_ops(
psa_verify_hash_interruptible_operation_t *operation )
{
switch( operation->id )
@ -519,7 +519,7 @@ uint32_t psa_driver_wrapper_verify_hash_get_num_ops(
return( PSA_ERROR_INVALID_ARGUMENT );
}
psa_status_t psa_driver_wrapper_sign_hash_start(
static inline psa_status_t psa_driver_wrapper_sign_hash_start(
psa_sign_hash_interruptible_operation_t *operation,
const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
size_t key_buffer_size, psa_algorithm_t alg,
@ -572,7 +572,7 @@ psa_status_t psa_driver_wrapper_sign_hash_start(
return( status );
}
psa_status_t psa_driver_wrapper_sign_hash_complete(
static inline psa_status_t psa_driver_wrapper_sign_hash_complete(
psa_sign_hash_interruptible_operation_t *operation,
uint8_t *signature, size_t signature_size,
size_t *signature_length )
@ -599,7 +599,7 @@ psa_status_t psa_driver_wrapper_sign_hash_complete(
return( PSA_ERROR_INVALID_ARGUMENT );
}
psa_status_t psa_driver_wrapper_sign_hash_abort(
static inline psa_status_t psa_driver_wrapper_sign_hash_abort(
psa_sign_hash_interruptible_operation_t *operation )
{
switch( operation->id )
@ -618,7 +618,7 @@ psa_status_t psa_driver_wrapper_sign_hash_abort(
return( PSA_ERROR_INVALID_ARGUMENT );
}
psa_status_t psa_driver_wrapper_verify_hash_start(
static inline psa_status_t psa_driver_wrapper_verify_hash_start(
psa_verify_hash_interruptible_operation_t *operation,
const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
size_t key_buffer_size, psa_algorithm_t alg,
@ -676,7 +676,7 @@ psa_status_t psa_driver_wrapper_verify_hash_start(
return( status );
}
psa_status_t psa_driver_wrapper_verify_hash_complete(
static inline psa_status_t psa_driver_wrapper_verify_hash_complete(
psa_verify_hash_interruptible_operation_t *operation )
{
switch( operation->id )
@ -697,7 +697,7 @@ psa_status_t psa_driver_wrapper_verify_hash_complete(
return( PSA_ERROR_INVALID_ARGUMENT );
}
psa_status_t psa_driver_wrapper_verify_hash_abort(
static inline psa_status_t psa_driver_wrapper_verify_hash_abort(
psa_verify_hash_interruptible_operation_t *operation )
{
switch( operation->id )
@ -729,7 +729,7 @@ psa_status_t psa_driver_wrapper_verify_hash_abort(
* \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
* \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
*/
psa_status_t psa_driver_wrapper_get_key_buffer_size_from_key_data(
static inline psa_status_t psa_driver_wrapper_get_key_buffer_size_from_key_data(
const psa_key_attributes_t *attributes,
const uint8_t *data,
size_t data_length,
@ -758,58 +758,7 @@ psa_status_t psa_driver_wrapper_get_key_buffer_size_from_key_data(
}
}
/** Get the key buffer size required to store the key material of a key
* associated with an opaque driver.
*
* \param[in] attributes The key attributes.
* \param[out] key_buffer_size Minimum buffer size to contain the key material
*
* \retval #PSA_SUCCESS
* The minimum size for a buffer to contain the key material has been
* returned successfully.
* \retval #PSA_ERROR_NOT_SUPPORTED
* The type and/or the size in bits of the key or the combination of
* the two is not supported.
* \retval #PSA_ERROR_INVALID_ARGUMENT
* The key is declared with a lifetime not known to us.
*/
psa_status_t psa_driver_wrapper_get_key_buffer_size(
const psa_key_attributes_t *attributes,
size_t *key_buffer_size )
{
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
psa_key_type_t key_type = attributes->core.type;
size_t key_bits = attributes->core.bits;
*key_buffer_size = 0;
switch( location )
{
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TEST_DRIVER_LOCATION:
#if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
/* Emulate property 'builtin_key_size' */
if( psa_key_id_is_builtin(
MBEDTLS_SVC_KEY_ID_GET_KEY_ID(
psa_get_key_id( attributes ) ) ) )
{
*key_buffer_size = sizeof( psa_drv_slot_number_t );
return( PSA_SUCCESS );
}
#endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
*key_buffer_size = mbedtls_test_opaque_size_function( key_type,
key_bits );
return( ( *key_buffer_size != 0 ) ?
PSA_SUCCESS : PSA_ERROR_NOT_SUPPORTED );
#endif /* PSA_CRYPTO_DRIVER_TEST */
default:
(void)key_type;
(void)key_bits;
return( PSA_ERROR_INVALID_ARGUMENT );
}
}
psa_status_t psa_driver_wrapper_generate_key(
static inline psa_status_t psa_driver_wrapper_generate_key(
const psa_key_attributes_t *attributes,
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
{
@ -895,7 +844,7 @@ psa_status_t psa_driver_wrapper_generate_key(
return( status );
}
psa_status_t psa_driver_wrapper_import_key(
static inline psa_status_t psa_driver_wrapper_import_key(
const psa_key_attributes_t *attributes,
const uint8_t *data,
size_t data_length,
@ -976,7 +925,7 @@ bits
{% endwith %}
}
psa_status_t psa_driver_wrapper_export_key(
static inline psa_status_t psa_driver_wrapper_export_key(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
uint8_t *data, size_t data_size, size_t *data_length )
@ -1038,108 +987,7 @@ data_length
{% endwith %}
}
psa_status_t psa_driver_wrapper_export_public_key(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
uint8_t *data, size_t data_size, size_t *data_length )
{
{% with entry_point = "export_public_key" -%}
{% macro entry_point_param(driver) -%}
attributes,
key_buffer,
key_buffer_size,
data,
data_size,
data_length
{% endmacro %}
psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
psa_get_key_lifetime( attributes ) );
/* Try dynamically-registered SE interface first */
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
const psa_drv_se_t *drv;
psa_drv_se_context_t *drv_context;
if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
{
if( ( drv->key_management == NULL ) ||
( drv->key_management->p_export_public == NULL ) )
{
return( PSA_ERROR_NOT_SUPPORTED );
}
return( drv->key_management->p_export_public(
drv_context,
*( (psa_key_slot_number_t *)key_buffer ),
data, data_size, data_length ) );
}
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
switch( location )
{
case PSA_KEY_LOCATION_LOCAL_STORAGE:
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
{% with nest_indent=12 %}
{% include "OS-template-transparent.jinja" -%}
{% endwith -%}
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
/* Fell through, meaning no accelerator supports this operation */
return( psa_export_public_key_internal( attributes,
key_buffer,
key_buffer_size,
data,
data_size,
data_length ) );
/* Add cases for opaque driver here */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
{% with nest_indent=8 %}
{% include "OS-template-opaque.jinja" -%}
{% endwith -%}
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
default:
/* Key is declared with a lifetime not known to us */
return( status );
}
{% endwith %}
}
psa_status_t psa_driver_wrapper_get_builtin_key(
psa_drv_slot_number_t slot_number,
psa_key_attributes_t *attributes,
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
{
{% with entry_point = "get_builtin_key" -%}
{% macro entry_point_param(driver) -%}
slot_number,
attributes,
key_buffer,
key_buffer_size,
key_buffer_length
{% endmacro %}
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
switch( location )
{
#if defined(PSA_CRYPTO_DRIVER_TEST)
{% with nest_indent=8 %}
{% include "OS-template-opaque.jinja" -%}
{% endwith -%}
#endif /* PSA_CRYPTO_DRIVER_TEST */
default:
(void) slot_number;
(void) key_buffer;
(void) key_buffer_size;
(void) key_buffer_length;
return( PSA_ERROR_DOES_NOT_EXIST );
}
{% endwith %}
}
psa_status_t psa_driver_wrapper_copy_key(
static inline psa_status_t psa_driver_wrapper_copy_key(
psa_key_attributes_t *attributes,
const uint8_t *source_key, size_t source_key_length,
uint8_t *target_key_buffer, size_t target_key_buffer_size,
@ -1191,7 +1039,7 @@ target_key_buffer_length
/*
* Cipher functions
*/
psa_status_t psa_driver_wrapper_cipher_encrypt(
static inline psa_status_t psa_driver_wrapper_cipher_encrypt(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
@ -1283,7 +1131,7 @@ psa_status_t psa_driver_wrapper_cipher_encrypt(
}
}
psa_status_t psa_driver_wrapper_cipher_decrypt(
static inline psa_status_t psa_driver_wrapper_cipher_decrypt(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
@ -1365,7 +1213,7 @@ psa_status_t psa_driver_wrapper_cipher_decrypt(
}
}
psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
static inline psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
psa_cipher_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
@ -1438,7 +1286,7 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
}
}
psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
static inline psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
psa_cipher_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
@ -1511,7 +1359,7 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
}
}
psa_status_t psa_driver_wrapper_cipher_set_iv(
static inline psa_status_t psa_driver_wrapper_cipher_set_iv(
psa_cipher_operation_t *operation,
const uint8_t *iv,
size_t iv_length )
@ -1546,7 +1394,7 @@ psa_status_t psa_driver_wrapper_cipher_set_iv(
return( PSA_ERROR_INVALID_ARGUMENT );
}
psa_status_t psa_driver_wrapper_cipher_update(
static inline psa_status_t psa_driver_wrapper_cipher_update(
psa_cipher_operation_t *operation,
const uint8_t *input,
size_t input_length,
@ -1592,7 +1440,7 @@ psa_status_t psa_driver_wrapper_cipher_update(
return( PSA_ERROR_INVALID_ARGUMENT );
}
psa_status_t psa_driver_wrapper_cipher_finish(
static inline psa_status_t psa_driver_wrapper_cipher_finish(
psa_cipher_operation_t *operation,
uint8_t *output,
size_t output_size,
@ -1630,7 +1478,7 @@ psa_status_t psa_driver_wrapper_cipher_finish(
return( PSA_ERROR_INVALID_ARGUMENT );
}
psa_status_t psa_driver_wrapper_cipher_abort(
static inline psa_status_t psa_driver_wrapper_cipher_abort(
psa_cipher_operation_t *operation )
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
@ -1670,7 +1518,7 @@ psa_status_t psa_driver_wrapper_cipher_abort(
/*
* Hashing functions
*/
psa_status_t psa_driver_wrapper_hash_compute(
static inline psa_status_t psa_driver_wrapper_hash_compute(
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
@ -1706,7 +1554,7 @@ psa_status_t psa_driver_wrapper_hash_compute(
return( PSA_ERROR_NOT_SUPPORTED );
}
psa_status_t psa_driver_wrapper_hash_setup(
static inline psa_status_t psa_driver_wrapper_hash_setup(
psa_hash_operation_t *operation,
psa_algorithm_t alg )
{
@ -1739,7 +1587,7 @@ psa_status_t psa_driver_wrapper_hash_setup(
return( PSA_ERROR_NOT_SUPPORTED );
}
psa_status_t psa_driver_wrapper_hash_clone(
static inline psa_status_t psa_driver_wrapper_hash_clone(
const psa_hash_operation_t *source_operation,
psa_hash_operation_t *target_operation )
{
@ -1764,7 +1612,7 @@ psa_status_t psa_driver_wrapper_hash_clone(
}
}
psa_status_t psa_driver_wrapper_hash_update(
static inline psa_status_t psa_driver_wrapper_hash_update(
psa_hash_operation_t *operation,
const uint8_t *input,
size_t input_length )
@ -1789,7 +1637,7 @@ psa_status_t psa_driver_wrapper_hash_update(
}
}
psa_status_t psa_driver_wrapper_hash_finish(
static inline psa_status_t psa_driver_wrapper_hash_finish(
psa_hash_operation_t *operation,
uint8_t *hash,
size_t hash_size,
@ -1816,7 +1664,7 @@ psa_status_t psa_driver_wrapper_hash_finish(
}
}
psa_status_t psa_driver_wrapper_hash_abort(
static inline psa_status_t psa_driver_wrapper_hash_abort(
psa_hash_operation_t *operation )
{
switch( operation->id )
@ -1835,7 +1683,7 @@ psa_status_t psa_driver_wrapper_hash_abort(
}
}
psa_status_t psa_driver_wrapper_aead_encrypt(
static inline psa_status_t psa_driver_wrapper_aead_encrypt(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg,
@ -1887,7 +1735,7 @@ psa_status_t psa_driver_wrapper_aead_encrypt(
}
}
psa_status_t psa_driver_wrapper_aead_decrypt(
static inline psa_status_t psa_driver_wrapper_aead_decrypt(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg,
@ -1939,7 +1787,7 @@ psa_status_t psa_driver_wrapper_aead_decrypt(
}
}
psa_status_t psa_driver_wrapper_aead_encrypt_setup(
static inline psa_status_t psa_driver_wrapper_aead_encrypt_setup(
psa_aead_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
@ -1987,7 +1835,7 @@ psa_status_t psa_driver_wrapper_aead_encrypt_setup(
}
}
psa_status_t psa_driver_wrapper_aead_decrypt_setup(
static inline psa_status_t psa_driver_wrapper_aead_decrypt_setup(
psa_aead_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
@ -2037,7 +1885,7 @@ psa_status_t psa_driver_wrapper_aead_decrypt_setup(
}
}
psa_status_t psa_driver_wrapper_aead_set_nonce(
static inline psa_status_t psa_driver_wrapper_aead_set_nonce(
psa_aead_operation_t *operation,
const uint8_t *nonce,
size_t nonce_length )
@ -2071,7 +1919,7 @@ psa_status_t psa_driver_wrapper_aead_set_nonce(
return( PSA_ERROR_INVALID_ARGUMENT );
}
psa_status_t psa_driver_wrapper_aead_set_lengths(
static inline psa_status_t psa_driver_wrapper_aead_set_lengths(
psa_aead_operation_t *operation,
size_t ad_length,
size_t plaintext_length )
@ -2105,7 +1953,7 @@ psa_status_t psa_driver_wrapper_aead_set_lengths(
return( PSA_ERROR_INVALID_ARGUMENT );
}
psa_status_t psa_driver_wrapper_aead_update_ad(
static inline psa_status_t psa_driver_wrapper_aead_update_ad(
psa_aead_operation_t *operation,
const uint8_t *input,
size_t input_length )
@ -2139,7 +1987,7 @@ psa_status_t psa_driver_wrapper_aead_update_ad(
return( PSA_ERROR_INVALID_ARGUMENT );
}
psa_status_t psa_driver_wrapper_aead_update(
static inline psa_status_t psa_driver_wrapper_aead_update(
psa_aead_operation_t *operation,
const uint8_t *input,
size_t input_length,
@ -2181,7 +2029,7 @@ psa_status_t psa_driver_wrapper_aead_update(
return( PSA_ERROR_INVALID_ARGUMENT );
}
psa_status_t psa_driver_wrapper_aead_finish(
static inline psa_status_t psa_driver_wrapper_aead_finish(
psa_aead_operation_t *operation,
uint8_t *ciphertext,
size_t ciphertext_size,
@ -2226,7 +2074,7 @@ psa_status_t psa_driver_wrapper_aead_finish(
return( PSA_ERROR_INVALID_ARGUMENT );
}
psa_status_t psa_driver_wrapper_aead_verify(
static inline psa_status_t psa_driver_wrapper_aead_verify(
psa_aead_operation_t *operation,
uint8_t *plaintext,
size_t plaintext_size,
@ -2289,7 +2137,7 @@ psa_status_t psa_driver_wrapper_aead_verify(
return( PSA_ERROR_INVALID_ARGUMENT );
}
psa_status_t psa_driver_wrapper_aead_abort(
static inline psa_status_t psa_driver_wrapper_aead_abort(
psa_aead_operation_t *operation )
{
switch( operation->id )
@ -2318,7 +2166,7 @@ psa_status_t psa_driver_wrapper_aead_abort(
/*
* MAC functions
*/
psa_status_t psa_driver_wrapper_mac_compute(
static inline psa_status_t psa_driver_wrapper_mac_compute(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
@ -2386,7 +2234,7 @@ psa_status_t psa_driver_wrapper_mac_compute(
}
}
psa_status_t psa_driver_wrapper_mac_sign_setup(
static inline psa_status_t psa_driver_wrapper_mac_sign_setup(
psa_mac_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
@ -2458,7 +2306,7 @@ psa_status_t psa_driver_wrapper_mac_sign_setup(
}
}
psa_status_t psa_driver_wrapper_mac_verify_setup(
static inline psa_status_t psa_driver_wrapper_mac_verify_setup(
psa_mac_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
@ -2530,7 +2378,7 @@ psa_status_t psa_driver_wrapper_mac_verify_setup(
}
}
psa_status_t psa_driver_wrapper_mac_update(
static inline psa_status_t psa_driver_wrapper_mac_update(
psa_mac_operation_t *operation,
const uint8_t *input,
size_t input_length )
@ -2563,7 +2411,7 @@ psa_status_t psa_driver_wrapper_mac_update(
}
}
psa_status_t psa_driver_wrapper_mac_sign_finish(
static inline psa_status_t psa_driver_wrapper_mac_sign_finish(
psa_mac_operation_t *operation,
uint8_t *mac,
size_t mac_size,
@ -2598,7 +2446,7 @@ psa_status_t psa_driver_wrapper_mac_sign_finish(
}
}
psa_status_t psa_driver_wrapper_mac_verify_finish(
static inline psa_status_t psa_driver_wrapper_mac_verify_finish(
psa_mac_operation_t *operation,
const uint8_t *mac,
size_t mac_length )
@ -2631,7 +2479,7 @@ psa_status_t psa_driver_wrapper_mac_verify_finish(
}
}
psa_status_t psa_driver_wrapper_mac_abort(
static inline psa_status_t psa_driver_wrapper_mac_abort(
psa_mac_operation_t *operation )
{
switch( operation->id )
@ -2659,7 +2507,7 @@ psa_status_t psa_driver_wrapper_mac_abort(
/*
* Asymmetric cryptography
*/
psa_status_t psa_driver_wrapper_asymmetric_encrypt(
static inline psa_status_t psa_driver_wrapper_asymmetric_encrypt(
const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input,
size_t input_length, const uint8_t *salt, size_t salt_length,
@ -2717,7 +2565,7 @@ psa_status_t psa_driver_wrapper_asymmetric_encrypt(
}
}
psa_status_t psa_driver_wrapper_asymmetric_decrypt(
static inline psa_status_t psa_driver_wrapper_asymmetric_decrypt(
const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input,
size_t input_length, const uint8_t *salt, size_t salt_length,
@ -2775,7 +2623,7 @@ psa_status_t psa_driver_wrapper_asymmetric_decrypt(
}
}
psa_status_t psa_driver_wrapper_key_agreement(
static inline psa_status_t psa_driver_wrapper_key_agreement(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
@ -2786,7 +2634,7 @@ psa_status_t psa_driver_wrapper_key_agreement(
size_t shared_secret_size,
size_t *shared_secret_length
)
{
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_location_t location =
PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
@ -2860,9 +2708,9 @@ psa_status_t psa_driver_wrapper_key_agreement(
return( PSA_ERROR_NOT_SUPPORTED );
}
}
}
psa_status_t psa_driver_wrapper_pake_setup(
static inline psa_status_t psa_driver_wrapper_pake_setup(
psa_pake_operation_t *operation,
const psa_crypto_driver_pake_inputs_t *inputs )
{
@ -2905,7 +2753,8 @@ psa_status_t psa_driver_wrapper_pake_setup(
return( PSA_ERROR_INVALID_ARGUMENT );
}
}
psa_status_t psa_driver_wrapper_pake_output(
static inline psa_status_t psa_driver_wrapper_pake_output(
psa_pake_operation_t *operation,
psa_crypto_driver_pake_step_t step,
uint8_t *output,
@ -2937,7 +2786,7 @@ psa_status_t psa_driver_wrapper_pake_output(
}
}
psa_status_t psa_driver_wrapper_pake_input(
static inline psa_status_t psa_driver_wrapper_pake_input(
psa_pake_operation_t *operation,
psa_crypto_driver_pake_step_t step,
const uint8_t *input,
@ -2969,7 +2818,7 @@ psa_status_t psa_driver_wrapper_pake_input(
}
}
psa_status_t psa_driver_wrapper_pake_get_implicit_key(
static inline psa_status_t psa_driver_wrapper_pake_get_implicit_key(
psa_pake_operation_t *operation,
uint8_t *output, size_t output_size,
size_t *output_length )
@ -2998,7 +2847,7 @@ psa_status_t psa_driver_wrapper_pake_get_implicit_key(
}
}
psa_status_t psa_driver_wrapper_pake_abort(
static inline psa_status_t psa_driver_wrapper_pake_abort(
psa_pake_operation_t * operation )
{
switch( operation->id )

View file

@ -0,0 +1,236 @@
/*
* Functions to delegate cryptographic operations to an available
* and appropriate accelerator.
* Warning: This file is now auto-generated.
*/
/* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/* BEGIN-common headers */
#include "common.h"
#include "psa_crypto_aead.h"
#include "psa_crypto_cipher.h"
#include "psa_crypto_core.h"
#include "psa_crypto_driver_wrappers_no_static.h"
#include "psa_crypto_hash.h"
#include "psa_crypto_mac.h"
#include "psa_crypto_pake.h"
#include "psa_crypto_rsa.h"
#include "mbedtls/platform.h"
/* END-common headers */
#if defined(MBEDTLS_PSA_CRYPTO_C)
/* BEGIN-driver headers */
{% for driver in drivers -%}
/* Headers for {{driver.prefix}} {{driver.type}} driver */
{% if driver['mbedtls/h_condition'] is defined -%}
#if {{ driver['mbedtls/h_condition'] }}
{% endif -%}
{% for header in driver.headers -%}
#include "{{ header }}"
{% endfor %}
{% if driver['mbedtls/h_condition'] is defined -%}
#endif
{% endif -%}
{% endfor %}
/* END-driver headers */
/* Auto-generated values depending on which drivers are registered.
* ID 0 is reserved for unallocated operations.
* ID 1 is reserved for the Mbed TLS software driver. */
/* BEGIN-driver id definition */
#define PSA_CRYPTO_MBED_TLS_DRIVER_ID (1)
{% for driver in drivers -%}
#define {{(driver.prefix + "_" + driver.type + "_driver_id").upper()}} ({{ loop.index + 1 }})
{% endfor %}
/* END-driver id */
/* BEGIN-Common Macro definitions */
{% macro entry_point_name(capability, entry_point, driver) -%}
{% if capability.name is defined and entry_point in capability.names.keys() -%}
{{ capability.names[entry_point]}}
{% else -%}
{{driver.prefix}}_{{driver.type}}_{{entry_point}}
{% endif -%}
{% endmacro %}
/* END-Common Macro definitions */
/* Support the 'old' SE interface when asked to */
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
/* PSA_CRYPTO_DRIVER_PRESENT is defined when either a new-style or old-style
* SE driver is present, to avoid unused argument errors at compile time. */
#ifndef PSA_CRYPTO_DRIVER_PRESENT
#define PSA_CRYPTO_DRIVER_PRESENT
#endif
#include "psa_crypto_se.h"
#endif
/** Get the key buffer size required to store the key material of a key
* associated with an opaque driver.
*
* \param[in] attributes The key attributes.
* \param[out] key_buffer_size Minimum buffer size to contain the key material
*
* \retval #PSA_SUCCESS
* The minimum size for a buffer to contain the key material has been
* returned successfully.
* \retval #PSA_ERROR_NOT_SUPPORTED
* The type and/or the size in bits of the key or the combination of
* the two is not supported.
* \retval #PSA_ERROR_INVALID_ARGUMENT
* The key is declared with a lifetime not known to us.
*/
psa_status_t psa_driver_wrapper_get_key_buffer_size(
const psa_key_attributes_t *attributes,
size_t *key_buffer_size )
{
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
psa_key_type_t key_type = attributes->core.type;
size_t key_bits = attributes->core.bits;
*key_buffer_size = 0;
switch( location )
{
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TEST_DRIVER_LOCATION:
#if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
/* Emulate property 'builtin_key_size' */
if( psa_key_id_is_builtin(
MBEDTLS_SVC_KEY_ID_GET_KEY_ID(
psa_get_key_id( attributes ) ) ) )
{
*key_buffer_size = sizeof( psa_drv_slot_number_t );
return( PSA_SUCCESS );
}
#endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
*key_buffer_size = mbedtls_test_opaque_size_function( key_type,
key_bits );
return( ( *key_buffer_size != 0 ) ?
PSA_SUCCESS : PSA_ERROR_NOT_SUPPORTED );
#endif /* PSA_CRYPTO_DRIVER_TEST */
default:
(void)key_type;
(void)key_bits;
return( PSA_ERROR_INVALID_ARGUMENT );
}
}
psa_status_t psa_driver_wrapper_export_public_key(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
uint8_t *data, size_t data_size, size_t *data_length )
{
{% with entry_point = "export_public_key" -%}
{% macro entry_point_param(driver) -%}
attributes,
key_buffer,
key_buffer_size,
data,
data_size,
data_length
{% endmacro %}
psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
psa_get_key_lifetime( attributes ) );
/* Try dynamically-registered SE interface first */
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
const psa_drv_se_t *drv;
psa_drv_se_context_t *drv_context;
if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
{
if( ( drv->key_management == NULL ) ||
( drv->key_management->p_export_public == NULL ) )
{
return( PSA_ERROR_NOT_SUPPORTED );
}
return( drv->key_management->p_export_public(
drv_context,
*( (psa_key_slot_number_t *)key_buffer ),
data, data_size, data_length ) );
}
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
switch( location )
{
case PSA_KEY_LOCATION_LOCAL_STORAGE:
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
{% with nest_indent=12 %}
{% include "OS-template-transparent.jinja" -%}
{% endwith -%}
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
/* Fell through, meaning no accelerator supports this operation */
return( psa_export_public_key_internal( attributes,
key_buffer,
key_buffer_size,
data,
data_size,
data_length ) );
/* Add cases for opaque driver here */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
{% with nest_indent=8 %}
{% include "OS-template-opaque.jinja" -%}
{% endwith -%}
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
default:
/* Key is declared with a lifetime not known to us */
return( status );
}
{% endwith %}
}
psa_status_t psa_driver_wrapper_get_builtin_key(
psa_drv_slot_number_t slot_number,
psa_key_attributes_t *attributes,
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
{
{% with entry_point = "get_builtin_key" -%}
{% macro entry_point_param(driver) -%}
slot_number,
attributes,
key_buffer,
key_buffer_size,
key_buffer_length
{% endmacro %}
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
switch( location )
{
#if defined(PSA_CRYPTO_DRIVER_TEST)
{% with nest_indent=8 %}
{% include "OS-template-opaque.jinja" -%}
{% endwith -%}
#endif /* PSA_CRYPTO_DRIVER_TEST */
default:
(void) slot_number;
(void) key_buffer;
(void) key_buffer_size;
(void) key_buffer_length;
return( PSA_ERROR_DOES_NOT_EXIST );
}
{% endwith %}
}
#endif /* MBEDTLS_PSA_CRYPTO_C */

View file

@ -1,9 +1,10 @@
#!/usr/bin/env python3
"""Generate library/psa_crypto_driver_wrappers.c
"""Generate library/psa_crypto_driver_wrappers.h
library/psa_crypto_driver_wrappers_no_static.c
This module is invoked by the build scripts to auto generate the
psa_crypto_driver_wrappers.c based on template files in
script/data_files/driver_templates/.
psa_crypto_driver_wrappers.h and psa_crypto_driver_wrappers_no_static
based on template files in script/data_files/driver_templates/.
"""
# Copyright The Mbed TLS Contributors
# SPDX-License-Identifier: Apache-2.0
@ -59,19 +60,19 @@ def render(template_path: str, driver_jsoncontext: list) -> str:
return template.render(drivers=driver_jsoncontext)
def generate_driver_wrapper_file(template_dir: str,
output_dir: str,
template_file_name: str,
driver_jsoncontext: list) -> None:
"""
Generate the file psa_crypto_driver_wrapper.c.
"""
driver_wrapper_template_filename = \
os.path.join(template_dir, "psa_crypto_driver_wrappers.c.jinja")
os.path.join(template_dir, template_file_name)
result = render(driver_wrapper_template_filename, driver_jsoncontext)
with open(file=os.path.join(output_dir, "psa_crypto_driver_wrappers.c"),
with open(file=os.path.join(output_dir, os.path.splitext(template_file_name)[0]),
mode='w',
encoding='UTF-8') as out_file:
out_file.write(result)
@ -167,6 +168,9 @@ def trace_exception(e: Exception, file=sys.stderr) -> None:
), file)
TEMPLATE_FILENAMES = ["psa_crypto_driver_wrappers.h.jinja",
"psa_crypto_driver_wrappers_no_static.c.jinja"]
def main() -> int:
"""
Main with command line arguments.
@ -207,7 +211,9 @@ def main() -> int:
except DriverReaderException as e:
trace_exception(e)
return 1
generate_driver_wrapper_file(template_directory, output_directory, merged_driver_json)
for template_filename in TEMPLATE_FILENAMES:
generate_driver_wrapper_file(template_directory, output_directory,
template_filename, merged_driver_json)
return 0

View file

@ -1,7 +1,7 @@
@rem Generate automatically-generated configuration-independent source files
@rem and build scripts.
@rem Perl and Python 3 must be on the PATH.
@rem psa_crypto_driver_wrappers.c needs to be generated prior to
@rem psa_crypto_driver_wrappers.h needs to be generated prior to
@rem generate_visualc_files.pl being invoked.
python scripts\generate_driver_wrappers.py || exit /b 1
perl scripts\generate_errors.pl || exit /b 1

View file

@ -128,7 +128,7 @@ check()
check scripts/generate_errors.pl library/error.c
check scripts/generate_query_config.pl programs/test/query_config.c
check scripts/generate_driver_wrappers.py library/psa_crypto_driver_wrappers.c
check scripts/generate_driver_wrappers.py library/psa_crypto_driver_wrappers.h
check scripts/generate_features.pl library/version_features.c
check scripts/generate_ssl_debug_helpers.py library/ssl_debug_helpers_generated.c
# generate_visualc_files enumerates source files (library/*.c). It doesn't

View file

@ -284,7 +284,7 @@ class CodeParser():
"library/*.c",
"3rdparty/everest/library/everest.c",
"3rdparty/everest/library/x25519.c"
], ["library/psa_crypto_driver_wrappers.c"])
], ["library/psa_crypto_driver_wrappers.h"])
symbols = self.parse_symbols()
# Remove identifier macros like mbedtls_printf or mbedtls_calloc