1/**
2 * \file psa_util_internal.h
3 *
4 * \brief Internal utility functions for use of PSA Crypto.
5 */
6/*
7 *  Copyright The Mbed TLS Contributors
8 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
9 */
10
11#ifndef MBEDTLS_PSA_UTIL_INTERNAL_H
12#define MBEDTLS_PSA_UTIL_INTERNAL_H
13
14/* Include the public header so that users only need one include. */
15#include "mbedtls/psa_util.h"
16
17#include "psa/crypto.h"
18
19#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
20
21/*************************************************************************
22 * FFDH
23 ************************************************************************/
24
25#define MBEDTLS_PSA_MAX_FFDH_PUBKEY_LENGTH \
26    PSA_KEY_EXPORT_FFDH_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS)
27
28/*************************************************************************
29 * ECC
30 ************************************************************************/
31
32#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH \
33    PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)
34
35#define MBEDTLS_PSA_MAX_EC_KEY_PAIR_LENGTH \
36    PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)
37
38/*************************************************************************
39 * Error translation
40 ************************************************************************/
41
42typedef struct {
43    /* Error codes used by PSA crypto are in -255..-128, fitting in 16 bits. */
44    int16_t psa_status;
45    /* Error codes used by Mbed TLS are in one of the ranges
46     * -127..-1 (low-level) or -32767..-4096 (high-level with a low-level
47     * code optionally added), fitting in 16 bits. */
48    int16_t mbedtls_error;
49} mbedtls_error_pair_t;
50
51#if defined(MBEDTLS_MD_LIGHT)
52extern const mbedtls_error_pair_t psa_to_md_errors[4];
53#endif
54
55#if defined(MBEDTLS_BLOCK_CIPHER_SOME_PSA)
56extern const mbedtls_error_pair_t psa_to_cipher_errors[4];
57#endif
58
59#if defined(MBEDTLS_LMS_C)
60extern const mbedtls_error_pair_t psa_to_lms_errors[3];
61#endif
62
63#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
64extern const mbedtls_error_pair_t psa_to_ssl_errors[7];
65#endif
66
67#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) ||    \
68    defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC)
69extern const mbedtls_error_pair_t psa_to_pk_rsa_errors[8];
70#endif
71
72#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
73    defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
74extern const mbedtls_error_pair_t psa_to_pk_ecdsa_errors[7];
75#endif
76
77/* Generic fallback function for error translation,
78 * when the received state was not module-specific. */
79int psa_generic_status_to_mbedtls(psa_status_t status);
80
81/* This function iterates over provided local error translations,
82 * and if no match was found - calls the fallback error translation function. */
83int psa_status_to_mbedtls(psa_status_t status,
84                          const mbedtls_error_pair_t *local_translations,
85                          size_t local_errors_num,
86                          int (*fallback_f)(psa_status_t));
87
88/* The second out of three-stage error handling functions of the pk module,
89 * acts as a fallback after RSA / ECDSA error translation, and if no match
90 * is found, it itself calls psa_generic_status_to_mbedtls. */
91int psa_pk_status_to_mbedtls(psa_status_t status);
92
93/* Utility macro to shorten the defines of error translator in modules. */
94#define PSA_TO_MBEDTLS_ERR_LIST(status, error_list, fallback_f)       \
95    psa_status_to_mbedtls(status, error_list,                         \
96                          sizeof(error_list)/sizeof(error_list[0]),   \
97                          fallback_f)
98
99#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
100#endif /* MBEDTLS_PSA_UTIL_INTERNAL_H */
101