TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 258ae07fb01909a5582001f4d29f4cf2eb5b7265 / . / library / psa_crypto_cipher.c
blob: 4d5bf209cc804f97bd01810e128ca36a7ae5d354 [file] [log] [blame]
Ronald Cron0ff57952021-03-08 16:46:35 +0100[diff] [blame]1/*
2 * PSA cipher driver entry points
3 */
4/*
5 * Copyright The Mbed TLS Contributors
6 * SPDX-License-Identifier: Apache-2.0
7 *
8 * Licensed under the Apache License, Version 2.0 (the "License"); you may
9 * not use this file except in compliance with the License.
10 * You may obtain a copy of the License at
11 *
12 * http://www.apache.org/licenses/LICENSE-2.0
13 *
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
16 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * See the License for the specific language governing permissions and
18 * limitations under the License.
19 */
20
21#include "common.h"
22
23#if defined(MBEDTLS_PSA_CRYPTO_C)
24
25#include <psa_crypto_cipher.h>
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]26#include "psa_crypto_core.h"
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]27#include "psa_crypto_random_impl.h"
28
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]29#include "mbedtls/cipher.h"
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]30#include "mbedtls/error.h"
Ronald Cron0ff57952021-03-08 16:46:35 +0100[diff] [blame]31
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]32#include <string.h>
33
Ronald Cron5d9b00d2021-03-10 14:43:20 +0100[diff] [blame]34#if ( defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES) || \
35 ( defined(PSA_CRYPTO_DRIVER_TEST) && \
36 defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DES) ) )
37#define BUILTIN_KEY_TYPE_DES 1
38#endif
39
40#if ( defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING) || \
41 ( defined(PSA_CRYPTO_DRIVER_TEST) && \
42 defined(MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING) ) )
43#define BUILTIN_ALG_CBC_NO_PADDING 1
44#endif
45
46#if ( defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7) || \
47 ( defined(PSA_CRYPTO_DRIVER_TEST) && \
48 defined(MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7) ) )
49#define BUILTIN_ALG_CBC_PKCS7 1
50#endif
51
52#if ( defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_CHACHA20) || \
53 ( defined(PSA_CRYPTO_DRIVER_TEST) && \
54 defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20) ) )
55#define BUILTIN_KEY_TYPE_CHACHA20 1
56#endif
57
Ronald Cron75e6ae22021-03-17 14:46:05 +0100[diff] [blame]58const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa(
59 psa_algorithm_t alg,
60 psa_key_type_t key_type,
61 size_t key_bits,
62 mbedtls_cipher_id_t* cipher_id )
63{
64 mbedtls_cipher_mode_t mode;
65 mbedtls_cipher_id_t cipher_id_tmp;
66
67 if( PSA_ALG_IS_AEAD( alg ) )
68 alg = PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, 0 );
69
70 if( PSA_ALG_IS_CIPHER( alg ) || PSA_ALG_IS_AEAD( alg ) )
71 {
72 switch( alg )
73 {
74 case PSA_ALG_STREAM_CIPHER:
75 mode = MBEDTLS_MODE_STREAM;
76 break;
77 case PSA_ALG_CTR:
78 mode = MBEDTLS_MODE_CTR;
79 break;
80 case PSA_ALG_CFB:
81 mode = MBEDTLS_MODE_CFB;
82 break;
83 case PSA_ALG_OFB:
84 mode = MBEDTLS_MODE_OFB;
85 break;
86 case PSA_ALG_ECB_NO_PADDING:
87 mode = MBEDTLS_MODE_ECB;
88 break;
89 case PSA_ALG_CBC_NO_PADDING:
90 mode = MBEDTLS_MODE_CBC;
91 break;
92 case PSA_ALG_CBC_PKCS7:
93 mode = MBEDTLS_MODE_CBC;
94 break;
95 case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 0 ):
96 mode = MBEDTLS_MODE_CCM;
97 break;
98 case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 0 ):
99 mode = MBEDTLS_MODE_GCM;
100 break;
101 case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CHACHA20_POLY1305, 0 ):
102 mode = MBEDTLS_MODE_CHACHAPOLY;
103 break;
104 default:
105 return( NULL );
106 }
107 }
108 else if( alg == PSA_ALG_CMAC )
109 mode = MBEDTLS_MODE_ECB;
110 else
111 return( NULL );
112
113 switch( key_type )
114 {
115 case PSA_KEY_TYPE_AES:
116 cipher_id_tmp = MBEDTLS_CIPHER_ID_AES;
117 break;
118 case PSA_KEY_TYPE_DES:
119 /* key_bits is 64 for Single-DES, 128 for two-key Triple-DES,
120 * and 192 for three-key Triple-DES. */
121 if( key_bits == 64 )
122 cipher_id_tmp = MBEDTLS_CIPHER_ID_DES;
123 else
124 cipher_id_tmp = MBEDTLS_CIPHER_ID_3DES;
125 /* mbedtls doesn't recognize two-key Triple-DES as an algorithm,
126 * but two-key Triple-DES is functionally three-key Triple-DES
127 * with K1=K3, so that's how we present it to mbedtls. */
128 if( key_bits == 128 )
129 key_bits = 192;
130 break;
131 case PSA_KEY_TYPE_CAMELLIA:
132 cipher_id_tmp = MBEDTLS_CIPHER_ID_CAMELLIA;
133 break;
Ronald Cron75e6ae22021-03-17 14:46:05 +0100[diff] [blame]134 case PSA_KEY_TYPE_CHACHA20:
135 cipher_id_tmp = MBEDTLS_CIPHER_ID_CHACHA20;
136 break;
137 default:
138 return( NULL );
139 }
140 if( cipher_id != NULL )
141 *cipher_id = cipher_id_tmp;
142
143 return( mbedtls_cipher_info_from_values( cipher_id_tmp,
144 (int) key_bits, mode ) );
145}
146
Ronald Cron5d9b00d2021-03-10 14:43:20 +0100[diff] [blame]147#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) || defined(PSA_CRYPTO_DRIVER_TEST)
148
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]149static psa_status_t cipher_setup(
Ronald Cron6e412a72021-03-10 09:58:47 +0100[diff] [blame]150 mbedtls_psa_cipher_operation_t *operation,
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]151 const psa_key_attributes_t *attributes,
152 const uint8_t *key_buffer, size_t key_buffer_size,
153 psa_algorithm_t alg,
154 mbedtls_operation_t cipher_operation )
155{
156 int ret = 0;
157 size_t key_bits;
158 const mbedtls_cipher_info_t *cipher_info = NULL;
159 psa_key_type_t key_type = attributes->core.type;
160
161 (void)key_buffer_size;
162
163 /* Proceed with initializing an mbed TLS cipher context if no driver is
164 * available for the given algorithm & key. */
gabor-mezei-arm42cdb2a2021-04-12 15:47:35 +0200[diff] [blame]165 mbedtls_cipher_init( &operation->ctx.cipher );
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]166
Ronald Cron6e412a72021-03-10 09:58:47 +0100[diff] [blame]167 operation->alg = alg;
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]168 key_bits = attributes->core.bits;
169 cipher_info = mbedtls_cipher_info_from_psa( alg, key_type,
170 key_bits, NULL );
171 if( cipher_info == NULL )
172 return( PSA_ERROR_NOT_SUPPORTED );
173
gabor-mezei-arm42cdb2a2021-04-12 15:47:35 +0200[diff] [blame]174 ret = mbedtls_cipher_setup( &operation->ctx.cipher, cipher_info );
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]175 if( ret != 0 )
176 goto exit;
177
Ronald Cron5d9b00d2021-03-10 14:43:20 +0100[diff] [blame]178#if defined(BUILTIN_KEY_TYPE_DES)
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]179 if( key_type == PSA_KEY_TYPE_DES && key_bits == 128 )
180 {
181 /* Two-key Triple-DES is 3-key Triple-DES with K1=K3 */
182 uint8_t keys[24];
183 memcpy( keys, key_buffer, 16 );
184 memcpy( keys + 16, key_buffer, 8 );
gabor-mezei-arm42cdb2a2021-04-12 15:47:35 +0200[diff] [blame]185 ret = mbedtls_cipher_setkey( &operation->ctx.cipher,
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]186 keys,
187 192, cipher_operation );
188 }
189 else
190#endif
191 {
gabor-mezei-arm42cdb2a2021-04-12 15:47:35 +0200[diff] [blame]192 ret = mbedtls_cipher_setkey( &operation->ctx.cipher, key_buffer,
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]193 (int) key_bits, cipher_operation );
194 }
195 if( ret != 0 )
196 goto exit;
197
Ronald Cron5d9b00d2021-03-10 14:43:20 +0100[diff] [blame]198#if defined(BUILTIN_ALG_CBC_NO_PADDING) || \
199 defined(BUILTIN_ALG_CBC_PKCS7)
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]200 switch( alg )
201 {
202 case PSA_ALG_CBC_NO_PADDING:
gabor-mezei-arm42cdb2a2021-04-12 15:47:35 +0200[diff] [blame]203 ret = mbedtls_cipher_set_padding_mode( &operation->ctx.cipher,
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]204 MBEDTLS_PADDING_NONE );
205 break;
206 case PSA_ALG_CBC_PKCS7:
gabor-mezei-arm42cdb2a2021-04-12 15:47:35 +0200[diff] [blame]207 ret = mbedtls_cipher_set_padding_mode( &operation->ctx.cipher,
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]208 MBEDTLS_PADDING_PKCS7 );
209 break;
210 default:
211 /* The algorithm doesn't involve padding. */
212 ret = 0;
213 break;
214 }
215 if( ret != 0 )
216 goto exit;
Ronald Cron5d9b00d2021-03-10 14:43:20 +0100[diff] [blame]217#endif /* BUILTIN_ALG_CBC_NO_PADDING || BUILTIN_ALG_CBC_PKCS7 */
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]218
Ronald Cron6ad554c2021-03-26 09:29:09 +0100[diff] [blame]219 operation->block_length = ( PSA_ALG_IS_STREAM_CIPHER( alg ) ? 1 :
220 PSA_BLOCK_CIPHER_BLOCK_LENGTH( key_type ) );
Ronald Cronc17e8a92021-03-19 14:12:26 +0100[diff] [blame]221 operation->iv_length = PSA_CIPHER_IV_LENGTH( key_type, alg );
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]222
223exit:
224 return( mbedtls_to_psa_error( ret ) );
225}
226
Ronald Cron8287e6b2021-03-12 10:35:18 +0100[diff] [blame]227static psa_status_t cipher_encrypt_setup(
Ronald Cron6e412a72021-03-10 09:58:47 +0100[diff] [blame]228 mbedtls_psa_cipher_operation_t *operation,
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]229 const psa_key_attributes_t *attributes,
230 const uint8_t *key_buffer, size_t key_buffer_size,
231 psa_algorithm_t alg )
232{
233 return( cipher_setup( operation, attributes,
234 key_buffer, key_buffer_size,
235 alg, MBEDTLS_ENCRYPT ) );
236}
237
Ronald Cron8287e6b2021-03-12 10:35:18 +0100[diff] [blame]238static psa_status_t cipher_decrypt_setup(
Ronald Cron6e412a72021-03-10 09:58:47 +0100[diff] [blame]239 mbedtls_psa_cipher_operation_t *operation,
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]240 const psa_key_attributes_t *attributes,
241 const uint8_t *key_buffer, size_t key_buffer_size,
242 psa_algorithm_t alg )
243{
244 return( cipher_setup( operation, attributes,
245 key_buffer, key_buffer_size,
246 alg, MBEDTLS_DECRYPT ) );
247}
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]248
Ronald Cron8287e6b2021-03-12 10:35:18 +0100[diff] [blame]249static psa_status_t cipher_set_iv( mbedtls_psa_cipher_operation_t *operation,
250 const uint8_t *iv, size_t iv_length )
251{
Ronald Cron6ad554c2021-03-26 09:29:09 +0100[diff] [blame]252 if( iv_length != operation->iv_length )
Ronald Cron8287e6b2021-03-12 10:35:18 +0100[diff] [blame]253 return( PSA_ERROR_INVALID_ARGUMENT );
254
255 return( mbedtls_to_psa_error(
gabor-mezei-arm42cdb2a2021-04-12 15:47:35 +0200[diff] [blame]256 mbedtls_cipher_set_iv( &operation->ctx.cipher,
Ronald Cron8287e6b2021-03-12 10:35:18 +0100[diff] [blame]257 iv, iv_length ) ) );
258}
259
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]260/* Process input for which the algorithm is set to ECB mode. This requires
261 * manual processing, since the PSA API is defined as being able to process
262 * arbitrary-length calls to psa_cipher_update() with ECB mode, but the
263 * underlying mbedtls_cipher_update only takes full blocks. */
264static psa_status_t psa_cipher_update_ecb(
265 mbedtls_cipher_context_t *ctx,
266 const uint8_t *input,
267 size_t input_length,
268 uint8_t *output,
269 size_t output_size,
270 size_t *output_length )
271{
272 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
273 size_t block_size = ctx->cipher_info->block_size;
274 size_t internal_output_length = 0;
275 *output_length = 0;
276
277 if( input_length == 0 )
278 {
279 status = PSA_SUCCESS;
280 goto exit;
281 }
282
283 if( ctx->unprocessed_len > 0 )
284 {
285 /* Fill up to block size, and run the block if there's a full one. */
286 size_t bytes_to_copy = block_size - ctx->unprocessed_len;
287
288 if( input_length < bytes_to_copy )
289 bytes_to_copy = input_length;
290
291 memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ),
292 input, bytes_to_copy );
293 input_length -= bytes_to_copy;
294 input += bytes_to_copy;
295 ctx->unprocessed_len += bytes_to_copy;
296
297 if( ctx->unprocessed_len == block_size )
298 {
299 status = mbedtls_to_psa_error(
300 mbedtls_cipher_update( ctx,
301 ctx->unprocessed_data,
302 block_size,
303 output, &internal_output_length ) );
304
305 if( status != PSA_SUCCESS )
306 goto exit;
307
308 output += internal_output_length;
309 output_size -= internal_output_length;
310 *output_length += internal_output_length;
311 ctx->unprocessed_len = 0;
312 }
313 }
314
315 while( input_length >= block_size )
316 {
317 /* Run all full blocks we have, one by one */
318 status = mbedtls_to_psa_error(
319 mbedtls_cipher_update( ctx, input,
320 block_size,
321 output, &internal_output_length ) );
322
323 if( status != PSA_SUCCESS )
324 goto exit;
325
326 input_length -= block_size;
327 input += block_size;
328
329 output += internal_output_length;
330 output_size -= internal_output_length;
331 *output_length += internal_output_length;
332 }
333
334 if( input_length > 0 )
335 {
336 /* Save unprocessed bytes for later processing */
337 memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ),
338 input, input_length );
339 ctx->unprocessed_len += input_length;
340 }
341
342 status = PSA_SUCCESS;
343
344exit:
345 return( status );
346}
347
Ronald Cron8287e6b2021-03-12 10:35:18 +0100[diff] [blame]348static psa_status_t cipher_update( mbedtls_psa_cipher_operation_t *operation,
349 const uint8_t *input,
350 size_t input_length,
351 uint8_t *output,
352 size_t output_size,
353 size_t *output_length )
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]354{
355 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
356 size_t expected_output_size;
357
Ronald Cron6e412a72021-03-10 09:58:47 +0100[diff] [blame]358 if( ! PSA_ALG_IS_STREAM_CIPHER( operation->alg ) )
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]359 {
360 /* Take the unprocessed partial block left over from previous
361 * update calls, if any, plus the input to this call. Remove
362 * the last partial block, if any. You get the data that will be
363 * output in this call. */
364 expected_output_size =
gabor-mezei-arm42cdb2a2021-04-12 15:47:35 +0200[diff] [blame]365 ( operation->ctx.cipher.unprocessed_len + input_length )
Ronald Cron6ad554c2021-03-26 09:29:09 +0100[diff] [blame]366 / operation->block_length * operation->block_length;
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]367 }
368 else
369 {
370 expected_output_size = input_length;
371 }
372
373 if( output_size < expected_output_size )
374 return( PSA_ERROR_BUFFER_TOO_SMALL );
375
Ronald Cron6e412a72021-03-10 09:58:47 +0100[diff] [blame]376 if( operation->alg == PSA_ALG_ECB_NO_PADDING )
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]377 {
378 /* mbedtls_cipher_update has an API inconsistency: it will only
379 * process a single block at a time in ECB mode. Abstract away that
380 * inconsistency here to match the PSA API behaviour. */
gabor-mezei-arm42cdb2a2021-04-12 15:47:35 +0200[diff] [blame]381 status = psa_cipher_update_ecb( &operation->ctx.cipher,
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]382 input,
383 input_length,
384 output,
385 output_size,
386 output_length );
387 }
388 else
389 {
390 status = mbedtls_to_psa_error(
gabor-mezei-arm42cdb2a2021-04-12 15:47:35 +0200[diff] [blame]391 mbedtls_cipher_update( &operation->ctx.cipher, input,
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]392 input_length, output, output_length ) );
393 }
394
395 return( status );
396}
397
Ronald Cron8287e6b2021-03-12 10:35:18 +0100[diff] [blame]398static psa_status_t cipher_finish( mbedtls_psa_cipher_operation_t *operation,
399 uint8_t *output,
400 size_t output_size,
401 size_t *output_length )
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]402{
403 psa_status_t status = PSA_ERROR_GENERIC_ERROR;
404 uint8_t temp_output_buffer[MBEDTLS_MAX_BLOCK_LENGTH];
405
gabor-mezei-arm42cdb2a2021-04-12 15:47:35 +0200[diff] [blame]406 if( operation->ctx.cipher.unprocessed_len != 0 )
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]407 {
Ronald Cron6e412a72021-03-10 09:58:47 +0100[diff] [blame]408 if( operation->alg == PSA_ALG_ECB_NO_PADDING ||
409 operation->alg == PSA_ALG_CBC_NO_PADDING )
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]410 {
411 status = PSA_ERROR_INVALID_ARGUMENT;
412 goto exit;
413 }
414 }
415
416 status = mbedtls_to_psa_error(
gabor-mezei-arm42cdb2a2021-04-12 15:47:35 +0200[diff] [blame]417 mbedtls_cipher_finish( &operation->ctx.cipher,
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]418 temp_output_buffer,
419 output_length ) );
420 if( status != PSA_SUCCESS )
421 goto exit;
422
423 if( *output_length == 0 )
424 ; /* Nothing to copy. Note that output may be NULL in this case. */
425 else if( output_size >= *output_length )
426 memcpy( output, temp_output_buffer, *output_length );
427 else
428 status = PSA_ERROR_BUFFER_TOO_SMALL;
429
430exit:
431 mbedtls_platform_zeroize( temp_output_buffer,
432 sizeof( temp_output_buffer ) );
433
434 return( status );
435}
436
Ronald Cron8287e6b2021-03-12 10:35:18 +0100[diff] [blame]437static psa_status_t cipher_abort( mbedtls_psa_cipher_operation_t *operation )
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]438{
Ronald Cron937dfee2021-03-10 09:17:32 +0100[diff] [blame]439 /* Sanity check (shouldn't happen: operation->alg should
440 * always have been initialized to a valid value). */
Ronald Cron6e412a72021-03-10 09:58:47 +0100[diff] [blame]441 if( ! PSA_ALG_IS_CIPHER( operation->alg ) )
Ronald Cron937dfee2021-03-10 09:17:32 +0100[diff] [blame]442 return( PSA_ERROR_BAD_STATE );
443
gabor-mezei-arm42cdb2a2021-04-12 15:47:35 +0200[diff] [blame]444 mbedtls_cipher_free( &operation->ctx.cipher );
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]445
446 return( PSA_SUCCESS );
447}
gabor-mezei-arma9449a02021-03-25 11:17:10 +0100[diff] [blame]448
449static psa_status_t cipher_encrypt( const psa_key_attributes_t *attributes,
450 const uint8_t *key_buffer,
451 size_t key_buffer_size,
452 psa_algorithm_t alg,
453 const uint8_t *input,
454 size_t input_length,
455 uint8_t *output,
456 size_t output_size,
457 size_t *output_length )
458{
459 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
460 mbedtls_psa_cipher_operation_t operation = MBEDTLS_PSA_CIPHER_OPERATION_INIT;
gabor-mezei-arme5ff8f42021-06-25 15:23:05 +0200[diff] [blame]461 size_t olength, accumulated_length;
gabor-mezei-arma9449a02021-03-25 11:17:10 +0100[diff] [blame]462
463 status = cipher_encrypt_setup( &operation, attributes,
464 key_buffer, key_buffer_size, alg );
465 if( status != PSA_SUCCESS )
466 goto exit;
467
gabor-mezei-arme5ff8f42021-06-25 15:23:05 +0200[diff] [blame]468 accumulated_length = 0;
gabor-mezei-arma9449a02021-03-25 11:17:10 +0100[diff] [blame]469 if( operation.iv_length > 0 )
470 {
471 status = cipher_set_iv( &operation, output, operation.iv_length );
472 if( status != PSA_SUCCESS )
473 goto exit;
474
gabor-mezei-arme5ff8f42021-06-25 15:23:05 +0200[diff] [blame]475 accumulated_length = operation.iv_length;
gabor-mezei-arma9449a02021-03-25 11:17:10 +0100[diff] [blame]476 }
477
gabor-mezei-arma9449a02021-03-25 11:17:10 +0100[diff] [blame]478 status = cipher_update( &operation, input, input_length,
gabor-mezei-arme5ff8f42021-06-25 15:23:05 +0200[diff] [blame]479 output + operation.iv_length,
480 output_size - operation.iv_length,
gabor-mezei-arma9449a02021-03-25 11:17:10 +0100[diff] [blame]481 &olength );
gabor-mezei-arme5ff8f42021-06-25 15:23:05 +0200[diff] [blame]482 accumulated_length += olength;
gabor-mezei-arma9449a02021-03-25 11:17:10 +0100[diff] [blame]483 if( status != PSA_SUCCESS )
484 goto exit;
485
gabor-mezei-arme5ff8f42021-06-25 15:23:05 +0200[diff] [blame]486 status = cipher_finish( &operation, output + accumulated_length,
487 output_size - accumulated_length, &olength );
488 accumulated_length += olength;
gabor-mezei-arma9449a02021-03-25 11:17:10 +0100[diff] [blame]489 if( status != PSA_SUCCESS )
490 goto exit;
491
gabor-mezei-arme5ff8f42021-06-25 15:23:05 +0200[diff] [blame]492 *output_length = accumulated_length;
493
gabor-mezei-arma9449a02021-03-25 11:17:10 +0100[diff] [blame]494exit:
495 if( status == PSA_SUCCESS )
496 status = cipher_abort( &operation );
497 else
498 cipher_abort( &operation );
499 return( status );
500}
501
502static psa_status_t cipher_decrypt( const psa_key_attributes_t *attributes,
503 const uint8_t *key_buffer,
504 size_t key_buffer_size,
505 psa_algorithm_t alg,
506 const uint8_t *input,
507 size_t input_length,
508 uint8_t *output,
509 size_t output_size,
510 size_t *output_length )
511{
512 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
513 mbedtls_psa_cipher_operation_t operation = MBEDTLS_PSA_CIPHER_OPERATION_INIT;
gabor-mezei-arme5ff8f42021-06-25 15:23:05 +0200[diff] [blame]514 size_t olength, accumulated_length;
gabor-mezei-arma9449a02021-03-25 11:17:10 +0100[diff] [blame]515
516 status = cipher_decrypt_setup( &operation, attributes,
517 key_buffer, key_buffer_size, alg );
518 if( status != PSA_SUCCESS )
519 goto exit;
520
521 if( operation.iv_length > 0 )
522 {
523 status = cipher_set_iv( &operation, input, operation.iv_length );
524 if( status != PSA_SUCCESS )
525 goto exit;
526 }
527
gabor-mezei-arma9449a02021-03-25 11:17:10 +0100[diff] [blame]528 status = cipher_update( &operation, input + operation.iv_length,
529 input_length - operation.iv_length,
530 output, output_size, &olength );
gabor-mezei-arme5ff8f42021-06-25 15:23:05 +0200[diff] [blame]531 accumulated_length = olength;
gabor-mezei-arma9449a02021-03-25 11:17:10 +0100[diff] [blame]532 if( status != PSA_SUCCESS )
533 goto exit;
534
gabor-mezei-arm258ae072021-06-25 15:25:38 +0200[diff] [blame^]535 if( output_size < accumulated_length )
536 {
537 status = PSA_ERROR_BUFFER_TOO_SMALL;
538 goto exit;
539 }
540
gabor-mezei-arme5ff8f42021-06-25 15:23:05 +0200[diff] [blame]541 status = cipher_finish( &operation, output + accumulated_length,
542 output_size - accumulated_length, &olength );
543 accumulated_length += olength;
gabor-mezei-arma9449a02021-03-25 11:17:10 +0100[diff] [blame]544 if( status != PSA_SUCCESS )
545 goto exit;
546
gabor-mezei-arme5ff8f42021-06-25 15:23:05 +0200[diff] [blame]547 *output_length = accumulated_length;
548
gabor-mezei-arma9449a02021-03-25 11:17:10 +0100[diff] [blame]549exit:
550 if ( status == PSA_SUCCESS )
551 status = cipher_abort( &operation );
552 else
553 cipher_abort( &operation );
554 return( status );
555}
Ronald Cron5d9b00d2021-03-10 14:43:20 +0100[diff] [blame]556#endif /* MBEDTLS_PSA_BUILTIN_CIPHER || PSA_CRYPTO_DRIVER_TEST */
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]557
Ronald Cron5d9b00d2021-03-10 14:43:20 +0100[diff] [blame]558#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
Ronald Cron8287e6b2021-03-12 10:35:18 +0100[diff] [blame]559psa_status_t mbedtls_psa_cipher_encrypt_setup(
560 mbedtls_psa_cipher_operation_t *operation,
561 const psa_key_attributes_t *attributes,
562 const uint8_t *key_buffer, size_t key_buffer_size,
563 psa_algorithm_t alg )
564{
565 return( cipher_encrypt_setup(
566 operation, attributes, key_buffer, key_buffer_size, alg ) );
567}
568
569psa_status_t mbedtls_psa_cipher_decrypt_setup(
570 mbedtls_psa_cipher_operation_t *operation,
571 const psa_key_attributes_t *attributes,
572 const uint8_t *key_buffer, size_t key_buffer_size,
573 psa_algorithm_t alg )
574{
575 return( cipher_decrypt_setup(
576 operation, attributes, key_buffer, key_buffer_size, alg ) );
577}
578
Ronald Cron8287e6b2021-03-12 10:35:18 +0100[diff] [blame]579psa_status_t mbedtls_psa_cipher_set_iv( mbedtls_psa_cipher_operation_t *operation,
580 const uint8_t *iv,
581 size_t iv_length )
582{
583 return( cipher_set_iv( operation, iv, iv_length ) );
584}
585
586psa_status_t mbedtls_psa_cipher_update( mbedtls_psa_cipher_operation_t *operation,
587 const uint8_t *input,
588 size_t input_length,
589 uint8_t *output,
590 size_t output_size,
591 size_t *output_length )
592{
593 return( cipher_update( operation, input, input_length,
594 output, output_size, output_length ) );
595}
596
597psa_status_t mbedtls_psa_cipher_finish( mbedtls_psa_cipher_operation_t *operation,
598 uint8_t *output,
599 size_t output_size,
600 size_t *output_length )
601{
602 return( cipher_finish( operation, output, output_size, output_length ) );
603}
604
605psa_status_t mbedtls_psa_cipher_abort( mbedtls_psa_cipher_operation_t *operation )
606{
607 return( cipher_abort( operation ) );
608}
gabor-mezei-arma9449a02021-03-25 11:17:10 +0100[diff] [blame]609
610psa_status_t mbedtls_psa_cipher_encrypt( const psa_key_attributes_t *attributes,
611 const uint8_t *key_buffer,
612 size_t key_buffer_size,
613 psa_algorithm_t alg,
614 const uint8_t *input,
615 size_t input_length,
616 uint8_t *output,
617 size_t output_size,
618 size_t *output_length )
619{
620 return( cipher_encrypt( attributes, key_buffer, key_buffer_size,
621 alg, input, input_length,
622 output, output_size, output_length ) );
623}
624
625psa_status_t mbedtls_psa_cipher_decrypt( const psa_key_attributes_t *attributes,
626 const uint8_t *key_buffer,
627 size_t key_buffer_size,
628 psa_algorithm_t alg,
629 const uint8_t *input,
630 size_t input_length,
631 uint8_t *output,
632 size_t output_size,
633 size_t *output_length )
634{
635 return( cipher_decrypt( attributes, key_buffer, key_buffer_size,
636 alg, input, input_length,
637 output, output_size, output_length ) );
638}
Ronald Cron5d9b00d2021-03-10 14:43:20 +0100[diff] [blame]639#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
Ronald Cron8287e6b2021-03-12 10:35:18 +0100[diff] [blame]640
Ronald Cron3522e322021-03-12 11:08:49 +0100[diff] [blame]641/*
642 * BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY.
643 */
644
645#if defined(PSA_CRYPTO_DRIVER_TEST)
646psa_status_t mbedtls_transparent_test_driver_cipher_encrypt_setup(
647 mbedtls_psa_cipher_operation_t *operation,
648 const psa_key_attributes_t *attributes,
649 const uint8_t *key_buffer, size_t key_buffer_size,
650 psa_algorithm_t alg )
651{
652 return( cipher_encrypt_setup(
653 operation, attributes, key_buffer, key_buffer_size, alg ) );
654}
655
656psa_status_t mbedtls_transparent_test_driver_cipher_decrypt_setup(
657 mbedtls_psa_cipher_operation_t *operation,
658 const psa_key_attributes_t *attributes,
659 const uint8_t *key_buffer, size_t key_buffer_size,
660 psa_algorithm_t alg )
661{
662 return( cipher_decrypt_setup(
663 operation, attributes, key_buffer, key_buffer_size, alg ) );
664}
665
Ronald Cron3522e322021-03-12 11:08:49 +0100[diff] [blame]666psa_status_t mbedtls_transparent_test_driver_cipher_set_iv(
667 mbedtls_psa_cipher_operation_t *operation,
668 const uint8_t *iv, size_t iv_length )
669{
670 return( cipher_set_iv( operation, iv, iv_length ) );
671}
672
673psa_status_t mbedtls_transparent_test_driver_cipher_update(
674 mbedtls_psa_cipher_operation_t *operation,
675 const uint8_t *input, size_t input_length,
676 uint8_t *output, size_t output_size, size_t *output_length )
677{
678 return( cipher_update( operation, input, input_length,
679 output, output_size, output_length ) );
680}
681
682psa_status_t mbedtls_transparent_test_driver_cipher_finish(
683 mbedtls_psa_cipher_operation_t *operation,
684 uint8_t *output, size_t output_size, size_t *output_length )
685{
686 return( cipher_finish( operation, output, output_size, output_length ) );
687}
688
689psa_status_t mbedtls_transparent_test_driver_cipher_abort(
690 mbedtls_psa_cipher_operation_t *operation )
691{
692 return( cipher_abort( operation ) );
693}
gabor-mezei-arma9449a02021-03-25 11:17:10 +0100[diff] [blame]694
695psa_status_t mbedtls_transparent_test_driver_cipher_encrypt(
696 const psa_key_attributes_t *attributes,
697 const uint8_t *key_buffer,
698 size_t key_buffer_size,
699 psa_algorithm_t alg,
700 const uint8_t *input,
701 size_t input_length,
702 uint8_t *output,
703 size_t output_size,
704 size_t *output_length )
705{
706 return( cipher_encrypt( attributes, key_buffer, key_buffer_size,
707 alg, input, input_length,
708 output, output_size, output_length ) );
709}
710
711psa_status_t mbedtls_transparent_test_driver_cipher_decrypt(
712 const psa_key_attributes_t *attributes,
713 const uint8_t *key_buffer,
714 size_t key_buffer_size,
715 psa_algorithm_t alg,
716 const uint8_t *input,
717 size_t input_length,
718 uint8_t *output,
719 size_t output_size,
720 size_t *output_length )
721{
722 return( cipher_decrypt( attributes, key_buffer, key_buffer_size,
723 alg, input, input_length,
724 output, output_size, output_length ) );
725}
Ronald Cron3522e322021-03-12 11:08:49 +0100[diff] [blame]726#endif /* PSA_CRYPTO_DRIVER_TEST */
727
Ronald Cron0ff57952021-03-08 16:46:35 +0100[diff] [blame]728#endif /* MBEDTLS_PSA_CRYPTO_C */