| /** |
| * \file psa_util_internal.h |
| * |
| * \brief Internal utility functions for use of PSA Crypto. |
| */ |
| /* |
| * Copyright The Mbed TLS Contributors |
| * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later |
| */ |
| |
| #ifndef MBEDTLS_PSA_UTIL_INTERNAL_H |
| #define MBEDTLS_PSA_UTIL_INTERNAL_H |
| |
| /* Include the public header so that users only need one include. */ |
| #include "mbedtls/psa_util.h" |
| |
| #include "psa/crypto.h" |
| |
| #if defined(MBEDTLS_PSA_CRYPTO_CLIENT) |
| |
| /************************************************************************* |
| * FFDH |
| ************************************************************************/ |
| |
| #define MBEDTLS_PSA_MAX_FFDH_PUBKEY_LENGTH \ |
| PSA_KEY_EXPORT_FFDH_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS) |
| |
| /************************************************************************* |
| * ECC |
| ************************************************************************/ |
| |
| #define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH \ |
| PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) |
| |
| #define MBEDTLS_PSA_MAX_EC_KEY_PAIR_LENGTH \ |
| PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) |
| |
| /************************************************************************* |
| * Error translation |
| ************************************************************************/ |
| |
| typedef struct { |
| /* Error codes used by PSA crypto are in -255..-128, fitting in 16 bits. */ |
| int16_t psa_status; |
| /* Error codes used by Mbed TLS are in one of the ranges |
| * -127..-1 (low-level) or -32767..-4096 (high-level with a low-level |
| * code optionally added), fitting in 16 bits. */ |
| int16_t mbedtls_error; |
| } mbedtls_error_pair_t; |
| |
| #if defined(MBEDTLS_MD_LIGHT) |
| extern const mbedtls_error_pair_t psa_to_md_errors[4]; |
| #endif |
| |
| #if defined(MBEDTLS_BLOCK_CIPHER_SOME_PSA) |
| extern const mbedtls_error_pair_t psa_to_cipher_errors[4]; |
| #endif |
| |
| #if defined(MBEDTLS_LMS_C) |
| extern const mbedtls_error_pair_t psa_to_lms_errors[3]; |
| #endif |
| |
| #if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) |
| extern const mbedtls_error_pair_t psa_to_ssl_errors[7]; |
| #endif |
| |
| #if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) || \ |
| defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) |
| extern const mbedtls_error_pair_t psa_to_pk_rsa_errors[8]; |
| #endif |
| |
| #if defined(MBEDTLS_USE_PSA_CRYPTO) && \ |
| defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) |
| extern const mbedtls_error_pair_t psa_to_pk_ecdsa_errors[7]; |
| #endif |
| |
| /* Generic fallback function for error translation, |
| * when the received state was not module-specific. */ |
| int psa_generic_status_to_mbedtls(psa_status_t status); |
| |
| /* This function iterates over provided local error translations, |
| * and if no match was found - calls the fallback error translation function. */ |
| int psa_status_to_mbedtls(psa_status_t status, |
| const mbedtls_error_pair_t *local_translations, |
| size_t local_errors_num, |
| int (*fallback_f)(psa_status_t)); |
| |
| /* The second out of three-stage error handling functions of the pk module, |
| * acts as a fallback after RSA / ECDSA error translation, and if no match |
| * is found, it itself calls psa_generic_status_to_mbedtls. */ |
| int psa_pk_status_to_mbedtls(psa_status_t status); |
| |
| /* Utility macro to shorten the defines of error translator in modules. */ |
| #define PSA_TO_MBEDTLS_ERR_LIST(status, error_list, fallback_f) \ |
| psa_status_to_mbedtls(status, error_list, \ |
| sizeof(error_list)/sizeof(error_list[0]), \ |
| fallback_f) |
| |
| #endif /* MBEDTLS_PSA_CRYPTO_CLIENT */ |
| #endif /* MBEDTLS_PSA_UTIL_INTERNAL_H */ |