1/**
2 * \file psa_crypto_invasive.h
3 *
4 * \brief PSA cryptography module: invasive interfaces for test only.
5 *
6 * The interfaces in this file are intended for testing purposes only.
7 * They MUST NOT be made available to clients over IPC in integrations
8 * with isolation, and they SHOULD NOT be made available in library
9 * integrations except when building the library for testing.
10 */
11/*
12 *  Copyright The Mbed TLS Contributors
13 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
14 */
15
16#ifndef PSA_CRYPTO_INVASIVE_H
17#define PSA_CRYPTO_INVASIVE_H
18
19/*
20 * Include the build-time configuration information header. Here, we do not
21 * include `"mbedtls/build_info.h"` directly but `"psa/build_info.h"`, which
22 * is basically just an alias to it. This is to ease the maintenance of the
23 * TF-PSA-Crypto repository which has a different build system and
24 * configuration.
25 */
26#include "psa/build_info.h"
27
28#include "psa/crypto.h"
29#include "common.h"
30
31#include "mbedtls/entropy.h"
32
33#if !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
34/** \brief Configure entropy sources.
35 *
36 * This function may only be called before a call to psa_crypto_init(),
37 * or after a call to mbedtls_psa_crypto_free() and before any
38 * subsequent call to psa_crypto_init().
39 *
40 * This function is only intended for test purposes. The functionality
41 * it provides is also useful for system integrators, but
42 * system integrators should configure entropy drivers instead of
43 * breaking through to the Mbed TLS API.
44 *
45 * \param entropy_init  Function to initialize the entropy context
46 *                      and set up the desired entropy sources.
47 *                      It is called by psa_crypto_init().
48 *                      By default this is mbedtls_entropy_init().
49 *                      This function cannot report failures directly.
50 *                      To indicate a failure, set the entropy context
51 *                      to a state where mbedtls_entropy_func() will
52 *                      return an error.
53 * \param entropy_free  Function to free the entropy context
54 *                      and associated resources.
55 *                      It is called by mbedtls_psa_crypto_free().
56 *                      By default this is mbedtls_entropy_free().
57 *
58 * \retval #PSA_SUCCESS
59 *         Success.
60 * \retval #PSA_ERROR_NOT_PERMITTED
61 *         The caller does not have the permission to configure
62 *         entropy sources.
63 * \retval #PSA_ERROR_BAD_STATE
64 *         The library has already been initialized.
65 */
66psa_status_t mbedtls_psa_crypto_configure_entropy_sources(
67    void (* entropy_init)(mbedtls_entropy_context *ctx),
68    void (* entropy_free)(mbedtls_entropy_context *ctx));
69#endif /* !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) */
70
71#if defined(MBEDTLS_TEST_HOOKS) && defined(MBEDTLS_PSA_CRYPTO_C)
72psa_status_t psa_mac_key_can_do(
73    psa_algorithm_t algorithm,
74    psa_key_type_t key_type);
75
76psa_status_t psa_crypto_copy_input(const uint8_t *input, size_t input_len,
77                                   uint8_t *input_copy, size_t input_copy_len);
78
79psa_status_t psa_crypto_copy_output(const uint8_t *output_copy, size_t output_copy_len,
80                                    uint8_t *output, size_t output_len);
81
82/*
83 * Test hooks to use for memory unpoisoning/poisoning in copy functions.
84 */
85extern void (*psa_input_pre_copy_hook)(const uint8_t *input, size_t input_len);
86extern void (*psa_input_post_copy_hook)(const uint8_t *input, size_t input_len);
87extern void (*psa_output_pre_copy_hook)(const uint8_t *output, size_t output_len);
88extern void (*psa_output_post_copy_hook)(const uint8_t *output, size_t output_len);
89
90#endif /* MBEDTLS_TEST_HOOKS && MBEDTLS_PSA_CRYPTO_C */
91
92#endif /* PSA_CRYPTO_INVASIVE_H */
93