--- /dev/null
+/**\r
+ * \file psa_util.h\r
+ *\r
+ * \brief Utility functions for the use of the PSA Crypto library.\r
+ *\r
+ * \warning This function is not part of the public API and may\r
+ * change at any time.\r
+ */\r
+/*\r
+ * Copyright (C) 2006-2018, ARM Limited, All Rights Reserved\r
+ * SPDX-License-Identifier: Apache-2.0\r
+ *\r
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may\r
+ * not use this file except in compliance with the License.\r
+ * You may obtain a copy of the License at\r
+ *\r
+ * http://www.apache.org/licenses/LICENSE-2.0\r
+ *\r
+ * Unless required by applicable law or agreed to in writing, software\r
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT\r
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * See the License for the specific language governing permissions and\r
+ * limitations under the License.\r
+ *\r
+ * This file is part of mbed TLS (https://tls.mbed.org)\r
+ */\r
+\r
+#ifndef MBEDTLS_PSA_UTIL_H\r
+#define MBEDTLS_PSA_UTIL_H\r
+\r
+#if !defined(MBEDTLS_CONFIG_FILE)\r
+#include "config.h"\r
+#else\r
+#include MBEDTLS_CONFIG_FILE\r
+#endif\r
+\r
+#if defined(MBEDTLS_USE_PSA_CRYPTO)\r
+\r
+#include "psa/crypto.h"\r
+\r
+#include "ecp.h"\r
+#include "md.h"\r
+#include "pk.h"\r
+#include "oid.h"\r
+\r
+#include <string.h>\r
+\r
+/* Translations for symmetric crypto. */\r
+\r
+static inline psa_key_type_t mbedtls_psa_translate_cipher_type(\r
+ mbedtls_cipher_type_t cipher )\r
+{\r
+ switch( cipher )\r
+ {\r
+ case MBEDTLS_CIPHER_AES_128_CCM:\r
+ case MBEDTLS_CIPHER_AES_192_CCM:\r
+ case MBEDTLS_CIPHER_AES_256_CCM:\r
+ case MBEDTLS_CIPHER_AES_128_GCM:\r
+ case MBEDTLS_CIPHER_AES_192_GCM:\r
+ case MBEDTLS_CIPHER_AES_256_GCM:\r
+ case MBEDTLS_CIPHER_AES_128_CBC:\r
+ case MBEDTLS_CIPHER_AES_192_CBC:\r
+ case MBEDTLS_CIPHER_AES_256_CBC:\r
+ return( PSA_KEY_TYPE_AES );\r
+\r
+ /* ARIA not yet supported in PSA. */\r
+ /* case MBEDTLS_CIPHER_ARIA_128_CCM:\r
+ case MBEDTLS_CIPHER_ARIA_192_CCM:\r
+ case MBEDTLS_CIPHER_ARIA_256_CCM:\r
+ case MBEDTLS_CIPHER_ARIA_128_GCM:\r
+ case MBEDTLS_CIPHER_ARIA_192_GCM:\r
+ case MBEDTLS_CIPHER_ARIA_256_GCM:\r
+ case MBEDTLS_CIPHER_ARIA_128_CBC:\r
+ case MBEDTLS_CIPHER_ARIA_192_CBC:\r
+ case MBEDTLS_CIPHER_ARIA_256_CBC:\r
+ return( PSA_KEY_TYPE_ARIA ); */\r
+\r
+ default:\r
+ return( 0 );\r
+ }\r
+}\r
+\r
+static inline psa_algorithm_t mbedtls_psa_translate_cipher_mode(\r
+ mbedtls_cipher_mode_t mode, size_t taglen )\r
+{\r
+ switch( mode )\r
+ {\r
+ case MBEDTLS_MODE_GCM:\r
+ return( PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, taglen ) );\r
+ case MBEDTLS_MODE_CCM:\r
+ return( PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_CCM, taglen ) );\r
+ case MBEDTLS_MODE_CBC:\r
+ if( taglen == 0 )\r
+ return( PSA_ALG_CBC_NO_PADDING );\r
+ /* Intentional fallthrough for taglen != 0 */\r
+ /* fallthrough */\r
+ default:\r
+ return( 0 );\r
+ }\r
+}\r
+\r
+static inline psa_key_usage_t mbedtls_psa_translate_cipher_operation(\r
+ mbedtls_operation_t op )\r
+{\r
+ switch( op )\r
+ {\r
+ case MBEDTLS_ENCRYPT:\r
+ return( PSA_KEY_USAGE_ENCRYPT );\r
+ case MBEDTLS_DECRYPT:\r
+ return( PSA_KEY_USAGE_DECRYPT );\r
+ default:\r
+ return( 0 );\r
+ }\r
+}\r
+\r
+/* Translations for hashing. */\r
+\r
+static inline psa_algorithm_t mbedtls_psa_translate_md( mbedtls_md_type_t md_alg )\r
+{\r
+ switch( md_alg )\r
+ {\r
+#if defined(MBEDTLS_MD2_C)\r
+ case MBEDTLS_MD_MD2:\r
+ return( PSA_ALG_MD2 );\r
+#endif\r
+#if defined(MBEDTLS_MD4_C)\r
+ case MBEDTLS_MD_MD4:\r
+ return( PSA_ALG_MD4 );\r
+#endif\r
+#if defined(MBEDTLS_MD5_C)\r
+ case MBEDTLS_MD_MD5:\r
+ return( PSA_ALG_MD5 );\r
+#endif\r
+#if defined(MBEDTLS_SHA1_C)\r
+ case MBEDTLS_MD_SHA1:\r
+ return( PSA_ALG_SHA_1 );\r
+#endif\r
+#if defined(MBEDTLS_SHA256_C)\r
+ case MBEDTLS_MD_SHA224:\r
+ return( PSA_ALG_SHA_224 );\r
+ case MBEDTLS_MD_SHA256:\r
+ return( PSA_ALG_SHA_256 );\r
+#endif\r
+#if defined(MBEDTLS_SHA512_C)\r
+ case MBEDTLS_MD_SHA384:\r
+ return( PSA_ALG_SHA_384 );\r
+ case MBEDTLS_MD_SHA512:\r
+ return( PSA_ALG_SHA_512 );\r
+#endif\r
+#if defined(MBEDTLS_RIPEMD160_C)\r
+ case MBEDTLS_MD_RIPEMD160:\r
+ return( PSA_ALG_RIPEMD160 );\r
+#endif\r
+ case MBEDTLS_MD_NONE: /* Intentional fallthrough */\r
+ default:\r
+ return( 0 );\r
+ }\r
+}\r
+\r
+/* Translations for ECC. */\r
+\r
+static inline int mbedtls_psa_get_ecc_oid_from_id(\r
+ psa_ecc_curve_t curve, char const **oid, size_t *oid_len )\r
+{\r
+ switch( curve )\r
+ {\r
+#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)\r
+ case PSA_ECC_CURVE_SECP192R1:\r
+ *oid = MBEDTLS_OID_EC_GRP_SECP192R1;\r
+ *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP192R1 );\r
+ return( 0 );\r
+#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */\r
+#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)\r
+ case PSA_ECC_CURVE_SECP224R1:\r
+ *oid = MBEDTLS_OID_EC_GRP_SECP224R1;\r
+ *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP224R1 );\r
+ return( 0 );\r
+#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */\r
+#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)\r
+ case PSA_ECC_CURVE_SECP256R1:\r
+ *oid = MBEDTLS_OID_EC_GRP_SECP256R1;\r
+ *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP256R1 );\r
+ return( 0 );\r
+#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */\r
+#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)\r
+ case PSA_ECC_CURVE_SECP384R1:\r
+ *oid = MBEDTLS_OID_EC_GRP_SECP384R1;\r
+ *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP384R1 );\r
+ return( 0 );\r
+#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */\r
+#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)\r
+ case PSA_ECC_CURVE_SECP521R1:\r
+ *oid = MBEDTLS_OID_EC_GRP_SECP521R1;\r
+ *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP521R1 );\r
+ return( 0 );\r
+#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */\r
+#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)\r
+ case PSA_ECC_CURVE_SECP192K1:\r
+ *oid = MBEDTLS_OID_EC_GRP_SECP192K1;\r
+ *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP192K1 );\r
+ return( 0 );\r
+#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */\r
+#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)\r
+ case PSA_ECC_CURVE_SECP224K1:\r
+ *oid = MBEDTLS_OID_EC_GRP_SECP224K1;\r
+ *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP224K1 );\r
+ return( 0 );\r
+#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */\r
+#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)\r
+ case PSA_ECC_CURVE_SECP256K1:\r
+ *oid = MBEDTLS_OID_EC_GRP_SECP256K1;\r
+ *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP256K1 );\r
+ return( 0 );\r
+#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */\r
+#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)\r
+ case PSA_ECC_CURVE_BRAINPOOL_P256R1:\r
+ *oid = MBEDTLS_OID_EC_GRP_BP256R1;\r
+ *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_BP256R1 );\r
+ return( 0 );\r
+#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */\r
+#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)\r
+ case PSA_ECC_CURVE_BRAINPOOL_P384R1:\r
+ *oid = MBEDTLS_OID_EC_GRP_BP384R1;\r
+ *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_BP384R1 );\r
+ return( 0 );\r
+#endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */\r
+#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)\r
+ case PSA_ECC_CURVE_BRAINPOOL_P512R1:\r
+ *oid = MBEDTLS_OID_EC_GRP_BP512R1;\r
+ *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_BP512R1 );\r
+ return( 0 );\r
+#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */\r
+ }\r
+\r
+ return( -1 );\r
+}\r
+\r
+#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH 1\r
+\r
+#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)\r
+#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 192 + 7 ) / 8 ) + 1 )\r
+#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH\r
+#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 192 + 7 ) / 8 ) + 1 )\r
+#endif\r
+#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */\r
+\r
+#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)\r
+#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 224 + 7 ) / 8 ) + 1 )\r
+#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH\r
+#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 224 + 7 ) / 8 ) + 1 )\r
+#endif\r
+#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */\r
+\r
+#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)\r
+#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 256 + 7 ) / 8 ) + 1 )\r
+#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH\r
+#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 256 + 7 ) / 8 ) + 1 )\r
+#endif\r
+#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */\r
+\r
+#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)\r
+#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 384 + 7 ) / 8 ) + 1 )\r
+#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH\r
+#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 384 + 7 ) / 8 ) + 1 )\r
+#endif\r
+#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */\r
+\r
+#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)\r
+#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 521 + 7 ) / 8 ) + 1 )\r
+#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH\r
+#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 521 + 7 ) / 8 ) + 1 )\r
+#endif\r
+#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */\r
+\r
+#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)\r
+#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 192 + 7 ) / 8 ) + 1 )\r
+#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH\r
+#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 192 + 7 ) / 8 ) + 1 )\r
+#endif\r
+#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */\r
+\r
+#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)\r
+#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 224 + 7 ) / 8 ) + 1 )\r
+#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH\r
+#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 224 + 7 ) / 8 ) + 1 )\r
+#endif\r
+#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */\r
+\r
+#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)\r
+#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 256 + 7 ) / 8 ) + 1 )\r
+#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH\r
+#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 256 + 7 ) / 8 ) + 1 )\r
+#endif\r
+#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */\r
+\r
+#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)\r
+#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 256 + 7 ) / 8 ) + 1 )\r
+#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH\r
+#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 256 + 7 ) / 8 ) + 1 )\r
+#endif\r
+#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */\r
+\r
+#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)\r
+#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 384 + 7 ) / 8 ) + 1 )\r
+#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH\r
+#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 384 + 7 ) / 8 ) + 1 )\r
+#endif\r
+#endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */\r
+\r
+#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)\r
+#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 512 + 7 ) / 8 ) + 1 )\r
+#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH\r
+#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 512 + 7 ) / 8 ) + 1 )\r
+#endif\r
+#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */\r
+\r
+\r
+static inline psa_ecc_curve_t mbedtls_psa_translate_ecc_group( mbedtls_ecp_group_id grpid )\r
+{\r
+ switch( grpid )\r
+ {\r
+#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)\r
+ case MBEDTLS_ECP_DP_SECP192R1:\r
+ return( PSA_ECC_CURVE_SECP192R1 );\r
+#endif\r
+#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)\r
+ case MBEDTLS_ECP_DP_SECP224R1:\r
+ return( PSA_ECC_CURVE_SECP224R1 );\r
+#endif\r
+#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)\r
+ case MBEDTLS_ECP_DP_SECP256R1:\r
+ return( PSA_ECC_CURVE_SECP256R1 );\r
+#endif\r
+#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)\r
+ case MBEDTLS_ECP_DP_SECP384R1:\r
+ return( PSA_ECC_CURVE_SECP384R1 );\r
+#endif\r
+#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)\r
+ case MBEDTLS_ECP_DP_SECP521R1:\r
+ return( PSA_ECC_CURVE_SECP521R1 );\r
+#endif\r
+#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)\r
+ case MBEDTLS_ECP_DP_BP256R1:\r
+ return( PSA_ECC_CURVE_BRAINPOOL_P256R1 );\r
+#endif\r
+#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)\r
+ case MBEDTLS_ECP_DP_BP384R1:\r
+ return( PSA_ECC_CURVE_BRAINPOOL_P384R1 );\r
+#endif\r
+#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)\r
+ case MBEDTLS_ECP_DP_BP512R1:\r
+ return( PSA_ECC_CURVE_BRAINPOOL_P512R1 );\r
+#endif\r
+#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)\r
+ case MBEDTLS_ECP_DP_CURVE25519:\r
+ return( PSA_ECC_CURVE_CURVE25519 );\r
+#endif\r
+#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)\r
+ case MBEDTLS_ECP_DP_SECP192K1:\r
+ return( PSA_ECC_CURVE_SECP192K1 );\r
+#endif\r
+#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)\r
+ case MBEDTLS_ECP_DP_SECP224K1:\r
+ return( PSA_ECC_CURVE_SECP224K1 );\r
+#endif\r
+#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)\r
+ case MBEDTLS_ECP_DP_SECP256K1:\r
+ return( PSA_ECC_CURVE_SECP256K1 );\r
+#endif\r
+#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)\r
+ case MBEDTLS_ECP_DP_CURVE448:\r
+ return( PSA_ECC_CURVE_CURVE448 );\r
+#endif\r
+ default:\r
+ return( 0 );\r
+ }\r
+}\r
+\r
+\r
+#define MBEDTLS_PSA_ECC_KEY_BITS_OF_CURVE( curve ) \\r
+ ( curve == PSA_ECC_CURVE_SECP192R1 ? 192 : \\r
+ curve == PSA_ECC_CURVE_SECP224R1 ? 224 : \\r
+ curve == PSA_ECC_CURVE_SECP256R1 ? 256 : \\r
+ curve == PSA_ECC_CURVE_SECP384R1 ? 384 : \\r
+ curve == PSA_ECC_CURVE_SECP521R1 ? 521 : \\r
+ curve == PSA_ECC_CURVE_SECP192K1 ? 192 : \\r
+ curve == PSA_ECC_CURVE_SECP224K1 ? 224 : \\r
+ curve == PSA_ECC_CURVE_SECP256K1 ? 256 : \\r
+ curve == PSA_ECC_CURVE_BRAINPOOL_P256R1 ? 256 : \\r
+ curve == PSA_ECC_CURVE_BRAINPOOL_P384R1 ? 384 : \\r
+ curve == PSA_ECC_CURVE_BRAINPOOL_P512R1 ? 512 : \\r
+ 0 )\r
+\r
+#define MBEDTLS_PSA_ECC_KEY_BYTES_OF_CURVE( curve ) \\r
+ ( ( MBEDTLS_PSA_ECC_KEY_BITS_OF_CURVE( curve ) + 7 ) / 8 )\r
+\r
+/* Translations for PK layer */\r
+\r
+static inline int mbedtls_psa_err_translate_pk( psa_status_t status )\r
+{\r
+ switch( status )\r
+ {\r
+ case PSA_SUCCESS:\r
+ return( 0 );\r
+ case PSA_ERROR_NOT_SUPPORTED:\r
+ return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );\r
+ case PSA_ERROR_INSUFFICIENT_MEMORY:\r
+ return( MBEDTLS_ERR_PK_ALLOC_FAILED );\r
+ case PSA_ERROR_INSUFFICIENT_ENTROPY:\r
+ return( MBEDTLS_ERR_ECP_RANDOM_FAILED );\r
+ case PSA_ERROR_BAD_STATE:\r
+ return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );\r
+ /* All other failures */\r
+ case PSA_ERROR_COMMUNICATION_FAILURE:\r
+ case PSA_ERROR_HARDWARE_FAILURE:\r
+ case PSA_ERROR_TAMPERING_DETECTED:\r
+ return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );\r
+ default: /* We return the same as for the 'other failures',\r
+ * but list them separately nonetheless to indicate\r
+ * which failure conditions we have considered. */\r
+ return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );\r
+ }\r
+}\r
+\r
+/* Translations for ECC */\r
+\r
+/* This function transforms an ECC group identifier from\r
+ * https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8\r
+ * into a PSA ECC group identifier. */\r
+static inline psa_ecc_curve_t mbedtls_psa_parse_tls_ecc_group(\r
+ uint16_t tls_ecc_grp_reg_id )\r
+{\r
+ /* The PSA identifiers are currently aligned with those from\r
+ * the TLS Supported Groups registry, so no conversion is necessary. */\r
+ return( (psa_ecc_curve_t) tls_ecc_grp_reg_id );\r
+}\r
+\r
+/* This function takes a buffer holding an EC public key\r
+ * exported through psa_export_public_key(), and converts\r
+ * it into an ECPoint structure to be put into a ClientKeyExchange\r
+ * message in an ECDHE exchange.\r
+ *\r
+ * Both the present and the foreseeable future format of EC public keys\r
+ * used by PSA have the ECPoint structure contained in the exported key\r
+ * as a subbuffer, and the function merely selects this subbuffer instead\r
+ * of making a copy.\r
+ */\r
+static inline int mbedtls_psa_tls_psa_ec_to_ecpoint( unsigned char *src,\r
+ size_t srclen,\r
+ unsigned char **dst,\r
+ size_t *dstlen )\r
+{\r
+ *dst = src;\r
+ *dstlen = srclen;\r
+ return( 0 );\r
+}\r
+\r
+/* This function takes a buffer holding an ECPoint structure\r
+ * (as contained in a TLS ServerKeyExchange message for ECDHE\r
+ * exchanges) and converts it into a format that the PSA key\r
+ * agreement API understands.\r
+ */\r
+static inline int mbedtls_psa_tls_ecpoint_to_psa_ec( psa_ecc_curve_t curve,\r
+ unsigned char const *src,\r
+ size_t srclen,\r
+ unsigned char *dst,\r
+ size_t dstlen,\r
+ size_t *olen )\r
+{\r
+ ((void) curve);\r
+\r
+ if( srclen > dstlen )\r
+ return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );\r
+\r
+ memcpy( dst, src, srclen );\r
+ *olen = srclen;\r
+ return( 0 );\r
+}\r
+\r
+#endif /* MBEDTLS_USE_PSA_CRYPTO */\r
+\r
+#endif /* MBEDTLS_PSA_UTIL_H */\r
projects / freertos / blobdiff