diff --git a/docs/architecture/testing/driver-interface-test-strategy.md b/docs/architecture/testing/driver-interface-test-strategy.md index d6769da0b..086fc1adb 100644 --- a/docs/architecture/testing/driver-interface-test-strategy.md +++ b/docs/architecture/testing/driver-interface-test-strategy.md @@ -4,9 +4,19 @@ This document describes the test strategy for the driver interfaces in Mbed Cryp The driver interfaces are standardized through PSA Cryptography functional specifications. -## Secure element driver interface +## Secure element driver interface testing -The secure element driver interface (SE interface for short) is defined by [`psa/crypto_se_driver.h`](../../../include/psa/crypto_se_driver.h). This is an interface between Mbed Crypto and one or more third-party drivers. +### Secure element driver interfaces + +#### Opaque driver interface + +The [unified driver interface](../../proposed/psa-driver-interface.md) supports both transparent drivers (for accelerators) and opaque drivers (for secure elements). + +Drivers exposing this interface need to be registered at compile time by declaring their JSON description file. + +#### Dynamic secure element driver interface + +The dynamic secure element driver interface (SE interface for short) is defined by [`psa/crypto_se_driver.h`](../../../include/psa/crypto_se_driver.h). This is an interface between Mbed Crypto and one or more third-party drivers. The SE interface consists of one function provided by Mbed Crypto (`psa_register_se_driver`) and many functions that drivers must implement. To make a driver usable by Mbed Crypto, the initialization code must call `psa_register_se_driver` with a structure that describes the driver. The structure mostly contains function pointers, pointing to the driver's methods. All calls to a driver function are triggered by a call to a PSA crypto API function. @@ -18,6 +28,8 @@ Many SE driver interface unit tests could be covered by running the existing API #### SE driver registration +This applies to dynamic drivers only. + * Test `psa_register_se_driver` with valid and with invalid arguments. * Make at least one failing call to `psa_register_se_driver` followed by a successful call. * Make at least one test that successfully registers the maximum number of drivers and fails to register one more. @@ -102,14 +114,20 @@ We should have at least one driver that covers the whole interface: A PKCS#11 driver would be a good candidate. It would be useful as part of our product offering. -## Accelerator driver interface +## Transparent driver interface testing -The accelerator driver interface is defined by [`psa/crypto_accel_driver.h`](../../../include/psa/crypto_accel_driver.h). - -TODO - -## Entropy driver interface - -The entropy driver interface is defined by [`psa/crypto_entropy_driver.h`](../../../include/psa/crypto_entropy_driver.h). +The [unified driver interface](../../proposed/psa-driver-interface.md) defines interfaces for accelerators. + +### Test requirements + +#### Requirements for transparent driver testing + +Every cryptographic mechanism for which a transparent driver interface exists (key creation, cryptographic operations, …) must be exercised in at least one build. The test must verify that the driver code is called. + +#### Requirements for fallback + +The driver interface includes a fallback mechanism so that a driver can reject a request at runtime and let another driver handle the request. For each entry point, there must be at least three test runs with two or more drivers available with driver A configured to fall back to driver B, with one run where A returns `PSA_SUCCESS`, one where A returns `PSA_ERROR_NOT_SUPPORTED` and B is invoked, and one where A returns a different error and B is not invoked. + +## Entropy and randomness interface testing TODO diff --git a/include/psa/crypto_accel_driver.h b/include/psa/crypto_accel_driver.h deleted file mode 100644 index 4488ea8ad..000000000 --- a/include/psa/crypto_accel_driver.h +++ /dev/null @@ -1,823 +0,0 @@ -/** - * \file psa/crypto_accel_driver.h - * \brief PSA cryptography accelerator driver module - * - * This header declares types and function signatures for cryptography - * drivers that access key material directly. This is meant for - * on-chip cryptography accelerators. - * - * This file is part of the PSA Crypto Driver Model, containing functions for - * driver developers to implement to enable hardware to be called in a - * standardized way by a PSA Cryptographic API implementation. The functions - * comprising the driver model, which driver authors implement, are not - * intended to be called by application developers. - */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef PSA_CRYPTO_ACCEL_DRIVER_H -#define PSA_CRYPTO_ACCEL_DRIVER_H - -#include "crypto_driver_common.h" - -#ifdef __cplusplus -extern "C" { -#endif - -/** \defgroup driver_digest Hardware-Accelerated Message Digests - * - * Generation and authentication of Message Digests (aka hashes) must be done - * in parts using the following sequence: - * - `psa_drv_hash_setup_t` - * - `psa_drv_hash_update_t` - * - `psa_drv_hash_update_t` - * - ... - * - `psa_drv_hash_finish_t` - * - * If a previously started Message Digest operation needs to be terminated - * before the `psa_drv_hash_finish_t` operation is complete, it should be aborted - * by the `psa_drv_hash_abort_t`. Failure to do so may result in allocated - * resources not being freed or in other undefined behavior. - */ -/**@{*/ - -/** \brief The hardware-specific hash context structure - * - * The contents of this structure are implementation dependent and are - * therefore not described here - */ -typedef struct psa_drv_hash_context_s psa_drv_hash_context_t; - -/** \brief The function prototype for the start operation of a hash (message - * digest) operation - * - * Functions that implement this prototype should be named in the following - * convention: - * ~~~~~~~~~~~~~{.c} - * psa_drv_hash__setup - * ~~~~~~~~~~~~~ - * Where `ALGO` is the name of the underlying hash function - * - * \param[in,out] p_context A structure that will contain the - * hardware-specific hash context - * - * \retval #PSA_SUCCESS Success. - */ -typedef psa_status_t (*psa_drv_hash_setup_t)(psa_drv_hash_context_t *p_context); - -/** \brief The function prototype for the update operation of a hash (message - * digest) operation - * - * Functions that implement this prototype should be named in the following - * convention: - * ~~~~~~~~~~~~~{.c} - * psa_drv_hash__update - * ~~~~~~~~~~~~~ - * Where `ALGO` is the name of the underlying algorithm - * - * \param[in,out] p_context A hardware-specific structure for the - * previously-established hash operation to be - * continued - * \param[in] p_input A buffer containing the message to be appended - * to the hash operation - * \param[in] input_length The size in bytes of the input message buffer - */ -typedef psa_status_t (*psa_drv_hash_update_t)(psa_drv_hash_context_t *p_context, - const uint8_t *p_input, - size_t input_length); - -/** \brief The function prototype for the finish operation of a hash (message - * digest) operation - * - * Functions that implement this prototype should be named in the following - * convention: - * ~~~~~~~~~~~~~{.c} - * psa_drv_hash__finish - * ~~~~~~~~~~~~~ - * Where `ALGO` is the name of the underlying algorithm - * - * \param[in,out] p_context A hardware-specific structure for the - * previously started hash operation to be - * fiinished - * \param[out] p_output A buffer where the generated digest will be - * placed - * \param[in] output_size The size in bytes of the buffer that has been - * allocated for the `p_output` buffer - * \param[out] p_output_length The number of bytes placed in `p_output` after - * success - * - * \retval #PSA_SUCCESS - * Success. - */ -typedef psa_status_t (*psa_drv_hash_finish_t)(psa_drv_hash_context_t *p_context, - uint8_t *p_output, - size_t output_size, - size_t *p_output_length); - -/** \brief The function prototype for the abort operation of a hash (message - * digest) operation - * - * Functions that implement this prototype should be named in the following - * convention: - * ~~~~~~~~~~~~~{.c} - * psa_drv_hash__abort - * ~~~~~~~~~~~~~ - * Where `ALGO` is the name of the underlying algorithm - * - * \param[in,out] p_context A hardware-specific structure for the previously - * started hash operation to be aborted - */ -typedef void (*psa_drv_hash_abort_t)(psa_drv_hash_context_t *p_context); - -/**@}*/ - -/** \defgroup accel_mac Hardware-Accelerated Message Authentication Code - * Generation and authentication of Message Authentication Codes (MACs) using - * cryptographic accelerators can be done either as a single function call (via the - * `psa_drv_accel_mac_generate_t` or `psa_drv_accel_mac_verify_t` - * functions), or in parts using the following sequence: - * - `psa_drv_accel_mac_setup_t` - * - `psa_drv_accel_mac_update_t` - * - `psa_drv_accel_mac_update_t` - * - ... - * - `psa_drv_accel_mac_finish_t` or `psa_drv_accel_mac_finish_verify_t` - * - * If a previously started MAC operation needs to be terminated, it - * should be done so by the `psa_drv_accel_mac_abort_t`. Failure to do so may - * result in allocated resources not being freed or in other undefined - * behavior. - * - */ -/**@{*/ - -/** \brief The hardware-accelerator-specific MAC context structure - * - * The contents of this structure are implementation dependent and are - * therefore not described here. - */ -typedef struct psa_drv_accel_mac_context_s psa_drv_accel_mac_context_t; - -/** \brief The function prototype for the setup operation of a - * hardware-accelerated MAC operation - * - * Functions that implement this prototype should be named in the following - * convention: - * ~~~~~~~~~~~~~{.c} - * psa_drv_accel_mac___setup - * ~~~~~~~~~~~~~ - * Where `ALGO` is the name of the underlying primitive, and `MAC_VARIANT` - * is the specific variant of a MAC operation (such as HMAC or CMAC) - * - * \param[in,out] p_context A structure that will contain the - * hardware-specific MAC context - * \param[in] p_key A buffer containing the cleartext key material - * to be used in the operation - * \param[in] key_length The size in bytes of the key material - * - * \retval #PSA_SUCCESS - * Success. - */ -typedef psa_status_t (*psa_drv_accel_mac_setup_t)(psa_drv_accel_mac_context_t *p_context, - const uint8_t *p_key, - size_t key_length); - -/** \brief The function prototype for the update operation of a - * hardware-accelerated MAC operation - * - * Functions that implement this prototype should be named in the following - * convention: - * ~~~~~~~~~~~~~{.c} - * psa_drv_accel_mac___update - * ~~~~~~~~~~~~~ - * Where `ALGO` is the name of the underlying algorithm, and `MAC_VARIANT` - * is the specific variant of a MAC operation (such as HMAC or CMAC) - * - * \param[in,out] p_context A hardware-specific structure for the - * previously-established MAC operation to be - * continued - * \param[in] p_input A buffer containing the message to be appended - * to the MAC operation - * \param[in] input_length The size in bytes of the input message buffer - */ -typedef psa_status_t (*psa_drv_accel_mac_update_t)(psa_drv_accel_mac_context_t *p_context, - const uint8_t *p_input, - size_t input_length); - -/** \brief The function prototype for the finish operation of a - * hardware-accelerated MAC operation - * - * Functions that implement this prototype should be named in the following - * convention: - * ~~~~~~~~~~~~~{.c} - * psa_drv_accel_mac___finish - * ~~~~~~~~~~~~~ - * Where `ALGO` is the name of the underlying algorithm, and `MAC_VARIANT` is - * the specific variant of a MAC operation (such as HMAC or CMAC) - * - * \param[in,out] p_context A hardware-specific structure for the - * previously started MAC operation to be - * finished - * \param[out] p_mac A buffer where the generated MAC will be placed - * \param[in] mac_length The size in bytes of the buffer that has been - * allocated for the `p_mac` buffer - * - * \retval #PSA_SUCCESS - * Success. - */ -typedef psa_status_t (*psa_drv_accel_mac_finish_t)(psa_drv_accel_mac_context_t *p_context, - uint8_t *p_mac, - size_t mac_length); - -/** \brief The function prototype for the finish and verify operation of a - * hardware-accelerated MAC operation - * - * Functions that implement this prototype should be named in the following - * convention: - * ~~~~~~~~~~~~~{.c} - * psa_drv_accel_mac___finish_verify - * ~~~~~~~~~~~~~ - * Where `ALGO` is the name of the underlying algorithm, and `MAC_VARIANT` is - * the specific variant of a MAC operation (such as HMAC or CMAC) - * - * \param[in,out] p_context A hardware-specific structure for the - * previously started MAC operation to be - * verified and finished - * \param[in] p_mac A buffer containing the MAC that will be used - * for verification - * \param[in] mac_length The size in bytes of the data in the `p_mac` - * buffer - * - * \retval #PSA_SUCCESS - * The operation completed successfully and the comparison matched - */ -typedef psa_status_t (*psa_drv_accel_mac_finish_verify_t)(psa_drv_accel_mac_context_t *p_context, - const uint8_t *p_mac, - size_t mac_length); - -/** \brief The function prototype for the abort operation for a previously - * started hardware-accelerated MAC operation - * - * Functions that implement this prototype should be named in the following - * convention: - * ~~~~~~~~~~~~~{.c} - * psa_drv_accel_mac___abort - * ~~~~~~~~~~~~~ - * Where `ALGO` is the name of the underlying algorithm, and `MAC_VARIANT` is - * the specific variant of a MAC operation (such as HMAC or CMAC) - * - * \param[in,out] p_context A hardware-specific structure for the - * previously started MAC operation to be - * aborted - * - */ -typedef psa_status_t (*psa_drv_accel_mac_abort_t)(psa_drv_accel_mac_context_t *p_context); - -/** \brief The function prototype for the one-shot operation of a - * hardware-accelerated MAC operation - * - * Functions that implement this prototype should be named in the following - * convention: - * ~~~~~~~~~~~~~{.c} - * psa_drv_accel_mac__ - * ~~~~~~~~~~~~~ - * Where `ALGO` is the name of the underlying algorithm, and `MAC_VARIANT` is - * the specific variant of a MAC operation (such as HMAC or CMAC) - * - * \param[in] p_input A buffer containing the data to be MACed - * \param[in] input_length The length in bytes of the `p_input` data - * \param[in] p_key A buffer containing the key material to be used - * for the MAC operation - * \param[in] key_length The length in bytes of the `p_key` data - * \param[in] alg The algorithm to be performed - * \param[out] p_mac The buffer where the resulting MAC will be placed - * upon success - * \param[in] mac_length The length in bytes of the `p_mac` buffer - */ -typedef psa_status_t (*psa_drv_accel_mac_t)(const uint8_t *p_input, - size_t input_length, - const uint8_t *p_key, - size_t key_length, - psa_algorithm_t alg, - uint8_t *p_mac, - size_t mac_length); - -/** \brief The function prototype for the one-shot hardware-accelerated MAC - * Verify operation - * - * Functions that implement this prototype should be named in the following - * convention: - * ~~~~~~~~~~~~~{.c} - * psa_drv_accel_mac___verify - * ~~~~~~~~~~~~~ - * Where `ALGO` is the name of the underlying algorithm, and `MAC_VARIANT` is - * the specific variant of a MAC operation (such as HMAC or CMAC) - * - * \param[in] p_input A buffer containing the data to be MACed - * \param[in] input_length The length in bytes of the `p_input` data - * \param[in] p_key A buffer containing the key material to be used - * for the MAC operation - * \param[in] key_length The length in bytes of the `p_key` data - * \param[in] alg The algorithm to be performed - * \param[in] p_mac The MAC data to be compared - * \param[in] mac_length The length in bytes of the `p_mac` buffer - * - * \retval #PSA_SUCCESS - * The operation completed successfully and the comparison matched - */ -typedef psa_status_t (*psa_drv_accel_mac_verify_t)(const uint8_t *p_input, - size_t input_length, - const uint8_t *p_key, - size_t key_length, - psa_algorithm_t alg, - const uint8_t *p_mac, - size_t mac_length); -/**@}*/ - -/** \defgroup accel_cipher Hardware-Accelerated Block Ciphers - * Encryption and Decryption using hardware-acceleration in block modes other - * than ECB must be done in multiple parts, using the following flow: - * - `psa_drv_accel_ciphersetup_t` - * - `psa_drv_accel_cipher_set_iv_t` (optional depending upon block mode) - * - `psa_drv_accel_cipher_update_t` - * - `psa_drv_accel_cipher_update_t` - * - ... - * - `psa_drv_accel_cipher_finish_t` - * - * If a previously started hardware-accelerated Cipher operation needs to be - * terminated, it should be done so by the `psa_drv_accel_cipher_abort_t`. - * Failure to do so may result in allocated resources not being freed or in - * other undefined behavior. - */ -/**@{*/ - -/** \brief The hardware-accelerator-specific cipher context structure - * - * The contents of this structure are implementation dependent and are - * therefore not described here. - */ -typedef struct psa_drv_accel_cipher_context_s psa_drv_accel_cipher_context_t; - -/** \brief The function prototype for the setup operation of - * hardware-accelerated block cipher operations. - * Functions that implement this prototype should be named in the following - * conventions: - * ~~~~~~~~~~~~~{.c} - * psa_drv_accel_cipher_setup__ - * ~~~~~~~~~~~~~ - * Where - * - `CIPHER_NAME` is the name of the underlying block cipher (i.e. AES or DES) - * - `MODE` is the block mode of the cipher operation (i.e. CBC or CTR) - * - * For stream ciphers: - * ~~~~~~~~~~~~~{.c} - * psa_drv_accel_cipher_setup_ - * ~~~~~~~~~~~~~ - * Where `CIPHER_NAME` is the name of a stream cipher (i.e. RC4) - * - * \param[in,out] p_context A structure that will contain the - * hardware-specific cipher context - * \param[in] direction Indicates if the operation is an encrypt or a - * decrypt - * \param[in] p_key_data A buffer containing the cleartext key material - * to be used in the operation - * \param[in] key_data_size The size in bytes of the key material - * - * \retval #PSA_SUCCESS - */ -typedef psa_status_t (*psa_drv_accel_cipher_setup_t)(psa_drv_accel_cipher_context_t *p_context, - psa_encrypt_or_decrypt_t direction, - const uint8_t *p_key_data, - size_t key_data_size); - -/** \brief The function prototype for the set initialization vector operation - * of hardware-accelerated block cipher operations - * Functions that implement this prototype should be named in the following - * convention: - * ~~~~~~~~~~~~~{.c} - * psa_drv_accel_cipher_set_iv__ - * ~~~~~~~~~~~~~ - * Where - * - `CIPHER_NAME` is the name of the underlying block cipher (i.e. AES or DES) - * - `MODE` is the block mode of the cipher operation (i.e. CBC or CTR) - * - * \param[in,out] p_context A structure that contains the previously setup - * hardware-specific cipher context - * \param[in] p_iv A buffer containing the initialization vecotr - * \param[in] iv_length The size in bytes of the contents of `p_iv` - * - * \retval #PSA_SUCCESS - */ -typedef psa_status_t (*psa_drv_accel_cipher_set_iv_t)(psa_drv_accel_cipher_context_t *p_context, - const uint8_t *p_iv, - size_t iv_length); - -/** \brief The function prototype for the update operation of - * hardware-accelerated block cipher operations. - * - * Functions that implement this prototype should be named in the following - * convention: - * ~~~~~~~~~~~~~{.c} - * psa_drv_accel_cipher_update__ - * ~~~~~~~~~~~~~ - * Where - * - `CIPHER_NAME` is the name of the underlying block cipher (i.e. AES or DES) - * - `MODE` is the block mode of the cipher operation (i.e. CBC or CTR) - * - * \param[in,out] p_context A hardware-specific structure for the - * previously started cipher operation - * \param[in] p_input A buffer containing the data to be - * encrypted or decrypted - * \param[in] input_size The size in bytes of the `p_input` buffer - * \param[out] p_output A caller-allocated buffer where the - * generated output will be placed - * \param[in] output_size The size in bytes of the `p_output` buffer - * \param[out] p_output_length After completion, will contain the number - * of bytes placed in the `p_output` buffer - * - * \retval #PSA_SUCCESS - */ -typedef psa_status_t (*psa_drv_accel_cipher_update_t)(psa_drv_accel_cipher_context_t *p_context, - const uint8_t *p_input, - size_t input_size, - uint8_t *p_output, - size_t output_size, - size_t *p_output_length); - -/** \brief The function prototype for the finish operation of - * hardware-accelerated block cipher operations. - * - * Functions that implement this prototype should be named in the following - * convention: - * ~~~~~~~~~~~~~{.c} - * psa_drv_accel_cipher_finish__ - * ~~~~~~~~~~~~~ - * Where - * - `CIPHER_NAME` is the name of the underlying block cipher (i.e. AES or DES) - * - `MODE` is the block mode of the cipher operation (i.e. CBC or CTR) - * - * \param[in,out] p_context A hardware-specific structure for the - * previously started cipher operation - * \param[out] p_output A caller-allocated buffer where the generated - * output will be placed - * \param[in] output_size The size in bytes of the `p_output` buffer - * \param[out] p_output_length After completion, will contain the number of - * bytes placed in the `p_output` buffer - * - * \retval #PSA_SUCCESS - */ -typedef psa_status_t (*psa_drv_accel_cipher_finish_t)(psa_drv_accel_cipher_context_t *p_context, - uint8_t *p_output, - size_t output_size, - size_t *p_output_length); - -/** \brief The function prototype for the abort operation of - * hardware-accelerated block cipher operations. - * - * Functions that implement the following prototype should be named in the - * following convention: - * ~~~~~~~~~~~~~{.c} - * psa_drv_accel_cipher_abort__ - * ~~~~~~~~~~~~~ - * Where - * - `CIPHER_NAME` is the name of the underlying block cipher (i.e. AES or DES) - * - `MODE` is the block mode of the cipher operation (i.e. CBC or CTR) - * - * \param[in,out] p_context A hardware-specific structure for the - * previously started cipher operation - * - * \retval #PSA_SUCCESS - */ -typedef psa_status_t (*psa_drv_accel_cipher_abort_t)(psa_drv_accel_cipher_context_t *p_context); - -/**@}*/ - -/** \defgroup accel_aead Hardware-Accelerated Authenticated Encryption with Additional Data - * - * Hardware-accelerated Authenticated Encryption with Additional Data (AEAD) - * operations must be done in one function call. While this creates a burden - * for implementers as there must be sufficient space in memory for the entire - * message, it prevents decrypted data from being made available before the - * authentication operation is complete and the data is known to be authentic. - */ -/**@{*/ - -/** \brief The function prototype for the hardware-accelerated authenticated - * encryption operation. - * - * Functions that implement this prototype should be named in the following - * convention: - * ~~~~~~~~~~~~~{.c} - * psa_drv_accel_aead__encrypt - * ~~~~~~~~~~~~~ - * Where `ALGO` is the name of the AEAD algorithm - * - * \param[in] p_key A pointer to the key material - * \param[in] key_length The size in bytes of the key material - * \param[in] alg The AEAD algorithm to compute - * (\c PSA_ALG_XXX value such that - * #PSA_ALG_IS_AEAD(`alg`) is true) - * \param[in] nonce Nonce or IV to use - * \param[in] nonce_length Size of the `nonce` buffer in bytes - * \param[in] additional_data Additional data that will be MACed - * but not encrypted. - * \param[in] additional_data_length Size of `additional_data` in bytes - * \param[in] plaintext Data that will be MACed and - * encrypted. - * \param[in] plaintext_length Size of `plaintext` in bytes - * \param[out] ciphertext Output buffer for the authenticated and - * encrypted data. The additional data is - * not part of this output. For algorithms - * where the encrypted data and the - * authentication tag are defined as - * separate outputs, the authentication - * tag is appended to the encrypted data. - * \param[in] ciphertext_size Size of the `ciphertext` buffer in - * bytes - * This must be at least - * #PSA_AEAD_ENCRYPT_OUTPUT_SIZE(`alg`, - * `plaintext_length`). - * \param[out] ciphertext_length On success, the size of the output in - * the `ciphertext` buffer - * - * \retval #PSA_SUCCESS - * - */ -typedef psa_status_t (*psa_drv_accel_aead_encrypt_t)(const uint8_t *p_key, - size_t key_length, - psa_algorithm_t alg, - const uint8_t *nonce, - size_t nonce_length, - const uint8_t *additional_data, - size_t additional_data_length, - const uint8_t *plaintext, - size_t plaintext_length, - uint8_t *ciphertext, - size_t ciphertext_size, - size_t *ciphertext_length); - -/** \brief The function prototype for the hardware-accelerated authenticated - * decryption operation. - * - * Functions that implement this prototype should be named in the following - * convention: - * ~~~~~~~~~~~~~{.c} - * psa_drv_accel_aead__decrypt - * ~~~~~~~~~~~~~ - * Where `ALGO` is the name of the AEAD algorithm - * \param[in] p_key A pointer to the key material - * \param[in] key_length The size in bytes of the key material - * \param[in] alg The AEAD algorithm to compute - * (\c PSA_ALG_XXX value such that - * #PSA_ALG_IS_AEAD(`alg`) is true) - * \param[in] nonce Nonce or IV to use - * \param[in] nonce_length Size of the `nonce` buffer in bytes - * \param[in] additional_data Additional data that has been MACed - * but not encrypted - * \param[in] additional_data_length Size of `additional_data` in bytes - * \param[in] ciphertext Data that has been MACed and - * encrypted - * For algorithms where the encrypted data - * and the authentication tag are defined - * as separate inputs, the buffer must - * contain the encrypted data followed by - * the authentication tag. - * \param[in] ciphertext_length Size of `ciphertext` in bytes - * \param[out] plaintext Output buffer for the decrypted data - * \param[in] plaintext_size Size of the `plaintext` buffer in - * bytes - * This must be at least - * #PSA_AEAD_DECRYPT_OUTPUT_SIZE(`alg`, - * `ciphertext_length`). - * \param[out] plaintext_length On success, the size of the output - * in the \b plaintext buffer - * - * \retval #PSA_SUCCESS - * Success. - */ -typedef psa_status_t (*psa_drv_accel_aead_decrypt_t)(const uint8_t *p_key, - size_t key_length, - psa_algorithm_t alg, - const uint8_t *nonce, - size_t nonce_length, - const uint8_t *additional_data, - size_t additional_data_length, - const uint8_t *ciphertext, - size_t ciphertext_length, - uint8_t *plaintext, - size_t plaintext_size, - size_t *plaintext_length); - -/**@}*/ - -/** \defgroup accel_asymmetric Hardware-Accelerated Asymmetric Cryptography - * - * Since the amount of data that can (or should) be encrypted or signed using - * asymmetric keys is limited by the key size, hardware-accelerated asymmetric - * key operations must be done in single function calls. - */ -/**@{*/ - - -/** - * \brief The function prototype for the hardware-accelerated asymmetric sign - * operation. - * - * Functions that implement this prototype should be named in the following - * convention: - * ~~~~~~~~~~~~~{.c} - * psa_drv_accel_asymmetric__sign - * ~~~~~~~~~~~~~ - * Where `ALGO` is the name of the signing algorithm - * - * This function supports any asymmetric-key output from psa_export_key() as - * the buffer in \p p_key. Refer to the documentation of \ref - * psa_export_key() for the formats. - * - * \param[in] p_key A buffer containing the private key - * material - * \param[in] key_size The size in bytes of the `p_key` data - * \param[in] alg A signature algorithm that is compatible - * with the type of `p_key` - * \param[in] p_hash The hash or message to sign - * \param[in] hash_length Size of the `p_hash` buffer in bytes - * \param[out] p_signature Buffer where the signature is to be written - * \param[in] signature_size Size of the `p_signature` buffer in bytes - * \param[out] p_signature_length On success, the number of bytes - * that make up the returned signature value - * - * \retval #PSA_SUCCESS - */ -typedef psa_status_t (*psa_drv_accel_asymmetric_sign_t)(const uint8_t *p_key, - size_t key_size, - psa_algorithm_t alg, - psa_key_type_t key_type, - const uint8_t *p_hash, - size_t hash_length, - uint8_t *p_signature, - size_t signature_size, - size_t *p_signature_length); - -/** - * \brief The function prototype for the hardware-accelerated signature verify - * operation - * - * Functions that implement this prototype should be named in the following - * convention: - * ~~~~~~~~~~~~~{.c} - * psa_drv_accel_asymmetric__verify - * ~~~~~~~~~~~~~ - * Where `ALGO` is the name of the signing algorithm - * - * This function supports any output from \ref psa_export_public_key() as the - * buffer in \p p_key. Refer to the documentation of \ref - * psa_export_public_key() for the format of public keys and to the - * documentation of \ref psa_export_key() for the format for other key types. - * - * \param[in] p_key A buffer containing the public key material - * \param[in] key_size The size in bytes of the `p_key` data - * \param[in] alg A signature algorithm that is compatible with - * the type of `key` - * \param[in] p_hash The hash or message whose signature is to be - * verified - * \param[in] hash_length Size of the `p_hash` buffer in bytes - * \param[in] p_signature Buffer containing the signature to verify - * \param[in] signature_length Size of the `p_signature` buffer in bytes - * - * \retval #PSA_SUCCESS - * The signature is valid. - */ -typedef psa_status_t (*psa_drv_accel_asymmetric_verify_t)(const uint8_t *p_key, - size_t key_size, - psa_algorithm_t alg, - psa_key_type_t key_type, - const uint8_t *p_hash, - size_t hash_length, - const uint8_t *p_signature, - size_t signature_length); - -/** - * \brief The function prototype for the hardware-accelerated asymmetric - * encrypt operation - * - * Functions that implement this prototype should be named in the following - * convention: - * ~~~~~~~~~~~~~{.c} - * psa_drv_accel_asymmetric__encrypt - * ~~~~~~~~~~~~~ - * Where `ALGO` is the name of the encryption algorithm - * - * This function supports any output from \ref psa_export_public_key() as the - * buffer in \p p_key. Refer to the documentation of \ref - * psa_export_public_key() for the format of public keys and to the - * documentation of \ref psa_export_key() for the format for other key types. - * - * \param[in] p_key A buffer containing the public key material - * \param[in] key_size The size in bytes of the `p_key` data - * \param[in] alg An asymmetric encryption algorithm that is - * compatible with the type of `key` - * \param[in] p_input The message to encrypt - * \param[in] input_length Size of the `p_input` buffer in bytes - * \param[in] p_salt A salt or label, if supported by the - * encryption algorithm - * If the algorithm does not support a - * salt, pass `NULL` - * If the algorithm supports an optional - * salt and you do not want to pass a salt, - * pass `NULL`. - * For #PSA_ALG_RSA_PKCS1V15_CRYPT, no salt is - * supported. - * \param[in] salt_length Size of the `p_salt` buffer in bytes - * If `p_salt` is `NULL`, pass 0. - * \param[out] p_output Buffer where the encrypted message is to - * be written - * \param[in] output_size Size of the `p_output` buffer in bytes - * \param[out] p_output_length On success, the number of bytes - * that make up the returned output - * - * \retval #PSA_SUCCESS - */ -typedef psa_status_t (*psa_drv_accel_asymmetric_encrypt_t)(const uint8_t *p_key, - size_t key_size, - psa_algorithm_t alg, - psa_key_type_t key_type, - const uint8_t *p_input, - size_t input_length, - const uint8_t *p_salt, - size_t salt_length, - uint8_t *p_output, - size_t output_size, - size_t *p_output_length); - -/** - * \brief The function prototype for the hardware=acce;erated asymmetric - * decrypt operation - * - * Functions that implement this prototype should be named in the following - * convention: - * ~~~~~~~~~~~~~{.c} - * psa_drv_accel_asymmetric__decrypt - * ~~~~~~~~~~~~~ - * Where `ALGO` is the name of the encryption algorithm - * - * This function supports any asymmetric-key output from psa_export_key() as - * the buffer in \p p_key. Refer to the documentation of \ref - * psa_export_key() for the formats. - * - * \param[in] p_key A buffer containing the private key material - * \param[in] key_size The size in bytes of the `p_key` data - * \param[in] alg An asymmetric encryption algorithm that is - * compatible with the type of `key` - * \param[in] p_input The message to decrypt - * \param[in] input_length Size of the `p_input` buffer in bytes - * \param[in] p_salt A salt or label, if supported by the - * encryption algorithm - * If the algorithm does not support a - * salt, pass `NULL`. - * If the algorithm supports an optional - * salt and you do not want to pass a salt, - * pass `NULL`. - * For #PSA_ALG_RSA_PKCS1V15_CRYPT, no salt is - * supported - * \param[in] salt_length Size of the `p_salt` buffer in bytes - * If `p_salt` is `NULL`, pass 0 - * \param[out] p_output Buffer where the decrypted message is to - * be written - * \param[in] output_size Size of the `p_output` buffer in bytes - * \param[out] p_output_length On success, the number of bytes - * that make up the returned output - * - * \retval #PSA_SUCCESS - */ -typedef psa_status_t (*psa_drv_accel_asymmetric_decrypt_t)(const uint8_t *p_key, - size_t key_size, - psa_algorithm_t alg, - psa_key_type_t key_type, - const uint8_t *p_input, - size_t input_length, - const uint8_t *p_salt, - size_t salt_length, - uint8_t *p_output, - size_t output_size, - size_t *p_output_length); - -/**@}*/ - -#ifdef __cplusplus -} -#endif - -#endif /* PSA_CRYPTO_ACCEL_DRIVER_H */ diff --git a/include/psa/crypto_driver_common.h b/include/psa/crypto_driver_common.h index 2ce75d2b0..1b6f32256 100644 --- a/include/psa/crypto_driver_common.h +++ b/include/psa/crypto_driver_common.h @@ -5,9 +5,8 @@ * This file contains common definitions shared by all PSA crypto drivers. * Do not include it directly: instead, include the header file(s) for * the type(s) of driver that you are implementing. For example, if - * you are writing a driver for a chip that provides both a hardware - * random generator and an accelerator for some cryptographic algorithms, - * include `psa/crypto_entropy_driver.h` and `psa/crypto_accel_driver.h`. + * you are writing a dynamically registered driver for a secure element, + * include `psa/crypto_se_driver.h`. * * This file is part of the PSA Crypto Driver Model, containing functions for * driver developers to implement to enable hardware to be called in a diff --git a/include/psa/crypto_entropy_driver.h b/include/psa/crypto_entropy_driver.h deleted file mode 100644 index 9b6546ee9..000000000 --- a/include/psa/crypto_entropy_driver.h +++ /dev/null @@ -1,108 +0,0 @@ -/** - * \file psa/crypto_entropy_driver.h - * \brief PSA entropy source driver module - * - * This header declares types and function signatures for entropy sources. - * - * This file is part of the PSA Crypto Driver Model, containing functions for - * driver developers to implement to enable hardware to be called in a - * standardized way by a PSA Cryptographic API implementation. The functions - * comprising the driver model, which driver authors implement, are not - * intended to be called by application developers. - */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef PSA_CRYPTO_ENTROPY_DRIVER_H -#define PSA_CRYPTO_ENTROPY_DRIVER_H - -#include "crypto_driver_common.h" - -#ifdef __cplusplus -extern "C" { -#endif - -/** \defgroup driver_rng Entropy Generation - */ -/**@{*/ - -/** \brief Initialize an entropy driver - * - * - * \param[in,out] p_context A hardware-specific structure - * containing any context information for - * the implementation - * - * \retval #PSA_SUCCESS - */ -typedef psa_status_t (*psa_drv_entropy_init_t)(void *p_context); - -/** \brief Get a specified number of bits from the entropy source - * - * It retrives `buffer_size` bytes of data from the entropy source. The entropy - * source will always fill the provided buffer to its full size, however, most - * entropy sources have biases, and the actual amount of entropy contained in - * the buffer will be less than the number of bytes. - * The driver will return the actual number of bytes of entropy placed in the - * buffer in `p_received_entropy_bytes`. - * A PSA Crypto API implementation will likely feed the output of this function - * into a Digital Random Bit Generator (DRBG), and typically has a minimum - * amount of entropy that it needs. - * To accomplish this, the PSA Crypto implementation should be designed to call - * this function multiple times until it has received the required amount of - * entropy from the entropy source. - * - * \param[in,out] p_context A hardware-specific structure - * containing any context information - * for the implementation - * \param[out] p_buffer A caller-allocated buffer for the - * retrieved entropy to be placed in - * \param[in] buffer_size The allocated size of `p_buffer` - * \param[out] p_received_entropy_bits The amount of entropy (in bits) - * actually provided in `p_buffer` - * - * \retval #PSA_SUCCESS - */ -typedef psa_status_t (*psa_drv_entropy_get_bits_t)(void *p_context, - uint8_t *p_buffer, - uint32_t buffer_size, - uint32_t *p_received_entropy_bits); - -/** - * \brief A struct containing all of the function pointers needed to interface - * to an entropy source - * - * PSA Crypto API implementations should populate instances of the table as - * appropriate upon startup. - * - * If one of the functions is not implemented, it should be set to NULL. - */ -typedef struct { - /** The driver-specific size of the entropy context */ - const size_t context_size; - /** Function that performs initialization for the entropy source */ - psa_drv_entropy_init_t p_init; - /** Function that performs the get_bits operation for the entropy source */ - psa_drv_entropy_get_bits_t p_get_bits; -} psa_drv_entropy_t; -/**@}*/ - -#ifdef __cplusplus -} -#endif - -#endif /* PSA_CRYPTO_ENTROPY_DRIVER_H */ diff --git a/programs/test/cpp_dummy_build.cpp b/programs/test/cpp_dummy_build.cpp index c69cd2bd7..5abb46a46 100644 --- a/programs/test/cpp_dummy_build.cpp +++ b/programs/test/cpp_dummy_build.cpp @@ -111,8 +111,6 @@ #include "psa/crypto.h" #include "psa/crypto_se_driver.h" -#include "psa/crypto_entropy_driver.h" -#include "psa/crypto_accel_driver.h" #include "../library/psa_crypto_its.h" int main() diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj index 0af414517..440cc1159 100644 --- a/visualc/VS2010/mbedTLS.vcxproj +++ b/visualc/VS2010/mbedTLS.vcxproj @@ -222,11 +222,9 @@ - -