TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 61a8b2daf210beb6a78e6065d725d839241ce1ce / . / library / psa_crypto_cipher.c
blob: acbbd5ca6beb607f9bf13c87e2680f2de84d0aff [file] [log] [blame]
Ronald Cron0ff57952021-03-08 16:46:35 +0100[diff] [blame]1/*
2 * PSA cipher driver entry points
3 */
4/*
5 * Copyright The Mbed TLS Contributors
6 * SPDX-License-Identifier: Apache-2.0
7 *
8 * Licensed under the Apache License, Version 2.0 (the "License"); you may
9 * not use this file except in compliance with the License.
10 * You may obtain a copy of the License at
11 *
12 * http://www.apache.org/licenses/LICENSE-2.0
13 *
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
16 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * See the License for the specific language governing permissions and
18 * limitations under the License.
19 */
20
21#include "common.h"
22
23#if defined(MBEDTLS_PSA_CRYPTO_C)
24
25#include <psa_crypto_cipher.h>
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]26#include "psa_crypto_core.h"
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]27#include "psa_crypto_random_impl.h"
28
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]29#include "mbedtls/cipher.h"
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]30#include "mbedtls/error.h"
Ronald Cron0ff57952021-03-08 16:46:35 +0100[diff] [blame]31
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]32#include <string.h>
33
Ronald Cron5d9b00d2021-03-10 14:43:20 +0100[diff] [blame]34#if ( defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES) || \
35 ( defined(PSA_CRYPTO_DRIVER_TEST) && \
36 defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DES) ) )
37#define BUILTIN_KEY_TYPE_DES 1
38#endif
39
40#if ( defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING) || \
41 ( defined(PSA_CRYPTO_DRIVER_TEST) && \
42 defined(MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING) ) )
43#define BUILTIN_ALG_CBC_NO_PADDING 1
44#endif
45
46#if ( defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7) || \
47 ( defined(PSA_CRYPTO_DRIVER_TEST) && \
48 defined(MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7) ) )
49#define BUILTIN_ALG_CBC_PKCS7 1
50#endif
51
52#if ( defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_CHACHA20) || \
53 ( defined(PSA_CRYPTO_DRIVER_TEST) && \
54 defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20) ) )
55#define BUILTIN_KEY_TYPE_CHACHA20 1
56#endif
57
Ronald Cron75e6ae22021-03-17 14:46:05 +0100[diff] [blame]58const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa(
59 psa_algorithm_t alg,
60 psa_key_type_t key_type,
61 size_t key_bits,
62 mbedtls_cipher_id_t* cipher_id )
63{
64 mbedtls_cipher_mode_t mode;
65 mbedtls_cipher_id_t cipher_id_tmp;
66
67 if( PSA_ALG_IS_AEAD( alg ) )
68 alg = PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, 0 );
69
70 if( PSA_ALG_IS_CIPHER( alg ) || PSA_ALG_IS_AEAD( alg ) )
71 {
72 switch( alg )
73 {
74 case PSA_ALG_STREAM_CIPHER:
75 mode = MBEDTLS_MODE_STREAM;
76 break;
77 case PSA_ALG_CTR:
78 mode = MBEDTLS_MODE_CTR;
79 break;
80 case PSA_ALG_CFB:
81 mode = MBEDTLS_MODE_CFB;
82 break;
83 case PSA_ALG_OFB:
84 mode = MBEDTLS_MODE_OFB;
85 break;
86 case PSA_ALG_ECB_NO_PADDING:
87 mode = MBEDTLS_MODE_ECB;
88 break;
89 case PSA_ALG_CBC_NO_PADDING:
90 mode = MBEDTLS_MODE_CBC;
91 break;
92 case PSA_ALG_CBC_PKCS7:
93 mode = MBEDTLS_MODE_CBC;
94 break;
Mateusz Starzyk594215b2021-10-14 12:23:06 +0200[diff] [blame]95 case PSA_ALG_CCM_STAR_NO_TAG:
96 mode = MBEDTLS_MODE_CCM;
97 break;
Ronald Cron75e6ae22021-03-17 14:46:05 +0100[diff] [blame]98 case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 0 ):
99 mode = MBEDTLS_MODE_CCM;
100 break;
101 case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 0 ):
102 mode = MBEDTLS_MODE_GCM;
103 break;
104 case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CHACHA20_POLY1305, 0 ):
105 mode = MBEDTLS_MODE_CHACHAPOLY;
106 break;
107 default:
108 return( NULL );
109 }
110 }
111 else if( alg == PSA_ALG_CMAC )
112 mode = MBEDTLS_MODE_ECB;
113 else
114 return( NULL );
115
116 switch( key_type )
117 {
118 case PSA_KEY_TYPE_AES:
119 cipher_id_tmp = MBEDTLS_CIPHER_ID_AES;
120 break;
121 case PSA_KEY_TYPE_DES:
122 /* key_bits is 64 for Single-DES, 128 for two-key Triple-DES,
123 * and 192 for three-key Triple-DES. */
124 if( key_bits == 64 )
125 cipher_id_tmp = MBEDTLS_CIPHER_ID_DES;
126 else
127 cipher_id_tmp = MBEDTLS_CIPHER_ID_3DES;
128 /* mbedtls doesn't recognize two-key Triple-DES as an algorithm,
129 * but two-key Triple-DES is functionally three-key Triple-DES
130 * with K1=K3, so that's how we present it to mbedtls. */
131 if( key_bits == 128 )
132 key_bits = 192;
133 break;
134 case PSA_KEY_TYPE_CAMELLIA:
135 cipher_id_tmp = MBEDTLS_CIPHER_ID_CAMELLIA;
136 break;
Ronald Cron75e6ae22021-03-17 14:46:05 +0100[diff] [blame]137 case PSA_KEY_TYPE_CHACHA20:
138 cipher_id_tmp = MBEDTLS_CIPHER_ID_CHACHA20;
139 break;
140 default:
141 return( NULL );
142 }
143 if( cipher_id != NULL )
144 *cipher_id = cipher_id_tmp;
145
146 return( mbedtls_cipher_info_from_values( cipher_id_tmp,
147 (int) key_bits, mode ) );
148}
149
Ronald Cron5d9b00d2021-03-10 14:43:20 +0100[diff] [blame]150#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) || defined(PSA_CRYPTO_DRIVER_TEST)
151
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]152static psa_status_t cipher_setup(
Ronald Cron6e412a72021-03-10 09:58:47 +0100[diff] [blame]153 mbedtls_psa_cipher_operation_t *operation,
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]154 const psa_key_attributes_t *attributes,
155 const uint8_t *key_buffer, size_t key_buffer_size,
156 psa_algorithm_t alg,
157 mbedtls_operation_t cipher_operation )
158{
159 int ret = 0;
160 size_t key_bits;
161 const mbedtls_cipher_info_t *cipher_info = NULL;
162 psa_key_type_t key_type = attributes->core.type;
163
164 (void)key_buffer_size;
165
gabor-mezei-arm42cdb2a2021-04-12 15:47:35 +0200[diff] [blame]166 mbedtls_cipher_init( &operation->ctx.cipher );
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]167
Ronald Cron6e412a72021-03-10 09:58:47 +0100[diff] [blame]168 operation->alg = alg;
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]169 key_bits = attributes->core.bits;
170 cipher_info = mbedtls_cipher_info_from_psa( alg, key_type,
171 key_bits, NULL );
172 if( cipher_info == NULL )
173 return( PSA_ERROR_NOT_SUPPORTED );
174
gabor-mezei-arm42cdb2a2021-04-12 15:47:35 +0200[diff] [blame]175 ret = mbedtls_cipher_setup( &operation->ctx.cipher, cipher_info );
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]176 if( ret != 0 )
177 goto exit;
178
Ronald Cron5d9b00d2021-03-10 14:43:20 +0100[diff] [blame]179#if defined(BUILTIN_KEY_TYPE_DES)
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]180 if( key_type == PSA_KEY_TYPE_DES && key_bits == 128 )
181 {
182 /* Two-key Triple-DES is 3-key Triple-DES with K1=K3 */
183 uint8_t keys[24];
184 memcpy( keys, key_buffer, 16 );
185 memcpy( keys + 16, key_buffer, 8 );
gabor-mezei-arm42cdb2a2021-04-12 15:47:35 +0200[diff] [blame]186 ret = mbedtls_cipher_setkey( &operation->ctx.cipher,
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]187 keys,
188 192, cipher_operation );
189 }
190 else
191#endif
192 {
gabor-mezei-arm42cdb2a2021-04-12 15:47:35 +0200[diff] [blame]193 ret = mbedtls_cipher_setkey( &operation->ctx.cipher, key_buffer,
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]194 (int) key_bits, cipher_operation );
195 }
196 if( ret != 0 )
197 goto exit;
198
Ronald Cron5d9b00d2021-03-10 14:43:20 +0100[diff] [blame]199#if defined(BUILTIN_ALG_CBC_NO_PADDING) || \
200 defined(BUILTIN_ALG_CBC_PKCS7)
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]201 switch( alg )
202 {
203 case PSA_ALG_CBC_NO_PADDING:
gabor-mezei-arm42cdb2a2021-04-12 15:47:35 +0200[diff] [blame]204 ret = mbedtls_cipher_set_padding_mode( &operation->ctx.cipher,
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]205 MBEDTLS_PADDING_NONE );
206 break;
207 case PSA_ALG_CBC_PKCS7:
gabor-mezei-arm42cdb2a2021-04-12 15:47:35 +0200[diff] [blame]208 ret = mbedtls_cipher_set_padding_mode( &operation->ctx.cipher,
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]209 MBEDTLS_PADDING_PKCS7 );
210 break;
211 default:
212 /* The algorithm doesn't involve padding. */
213 ret = 0;
214 break;
215 }
216 if( ret != 0 )
217 goto exit;
Ronald Cron5d9b00d2021-03-10 14:43:20 +0100[diff] [blame]218#endif /* BUILTIN_ALG_CBC_NO_PADDING || BUILTIN_ALG_CBC_PKCS7 */
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]219
Ronald Cron6ad554c2021-03-26 09:29:09 +0100[diff] [blame]220 operation->block_length = ( PSA_ALG_IS_STREAM_CIPHER( alg ) ? 1 :
221 PSA_BLOCK_CIPHER_BLOCK_LENGTH( key_type ) );
Ronald Cronc17e8a92021-03-19 14:12:26 +0100[diff] [blame]222 operation->iv_length = PSA_CIPHER_IV_LENGTH( key_type, alg );
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]223
224exit:
225 return( mbedtls_to_psa_error( ret ) );
226}
227
Ronald Cron8287e6b2021-03-12 10:35:18 +0100[diff] [blame]228static psa_status_t cipher_encrypt_setup(
Ronald Cron6e412a72021-03-10 09:58:47 +0100[diff] [blame]229 mbedtls_psa_cipher_operation_t *operation,
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]230 const psa_key_attributes_t *attributes,
231 const uint8_t *key_buffer, size_t key_buffer_size,
232 psa_algorithm_t alg )
233{
234 return( cipher_setup( operation, attributes,
235 key_buffer, key_buffer_size,
236 alg, MBEDTLS_ENCRYPT ) );
237}
238
Ronald Cron8287e6b2021-03-12 10:35:18 +0100[diff] [blame]239static psa_status_t cipher_decrypt_setup(
Ronald Cron6e412a72021-03-10 09:58:47 +0100[diff] [blame]240 mbedtls_psa_cipher_operation_t *operation,
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]241 const psa_key_attributes_t *attributes,
242 const uint8_t *key_buffer, size_t key_buffer_size,
243 psa_algorithm_t alg )
244{
245 return( cipher_setup( operation, attributes,
246 key_buffer, key_buffer_size,
247 alg, MBEDTLS_DECRYPT ) );
248}
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]249
Ronald Cron8287e6b2021-03-12 10:35:18 +0100[diff] [blame]250static psa_status_t cipher_set_iv( mbedtls_psa_cipher_operation_t *operation,
251 const uint8_t *iv, size_t iv_length )
252{
Ronald Cron6ad554c2021-03-26 09:29:09 +0100[diff] [blame]253 if( iv_length != operation->iv_length )
Ronald Cron8287e6b2021-03-12 10:35:18 +0100[diff] [blame]254 return( PSA_ERROR_INVALID_ARGUMENT );
255
256 return( mbedtls_to_psa_error(
gabor-mezei-arm42cdb2a2021-04-12 15:47:35 +0200[diff] [blame]257 mbedtls_cipher_set_iv( &operation->ctx.cipher,
Ronald Cron8287e6b2021-03-12 10:35:18 +0100[diff] [blame]258 iv, iv_length ) ) );
259}
260
Gilles Peskine55dffe52021-09-13 09:33:28 +0200[diff] [blame]261/** Process input for which the algorithm is set to ECB mode.
262 *
263 * This requires manual processing, since the PSA API is defined as being
264 * able to process arbitrary-length calls to psa_cipher_update() with ECB mode,
265 * but the underlying mbedtls_cipher_update only takes full blocks.
266 *
267 * \param ctx The mbedtls cipher context to use. It must have been
268 * set up for ECB.
269 * \param[in] input The input plaintext or ciphertext to process.
270 * \param input_length The number of bytes to process from \p input.
271 * This does not need to be aligned to a block boundary.
272 * If there is a partial block at the end of the input,
273 * it is stored in \p ctx for future processing.
Gilles Peskined87d8732021-09-13 12:20:51 +0200[diff] [blame]274 * \param output The buffer where the output is written. It must be
275 * at least `BS * floor((p + input_length) / BS)` bytes
276 * long, where `p` is the number of bytes in the
277 * unprocessed partial block in \p ctx (with
278 * `0 <= p <= BS - 1`) and `BS` is the block size.
Gilles Peskine55dffe52021-09-13 09:33:28 +0200[diff] [blame]279 * \param output_length On success, the number of bytes written to \p output.
280 * \c 0 on error.
281 *
282 * \return #PSA_SUCCESS or an error from a hardware accelerator
283 */
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]284static psa_status_t psa_cipher_update_ecb(
285 mbedtls_cipher_context_t *ctx,
286 const uint8_t *input,
287 size_t input_length,
288 uint8_t *output,
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]289 size_t *output_length )
290{
291 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
292 size_t block_size = ctx->cipher_info->block_size;
293 size_t internal_output_length = 0;
294 *output_length = 0;
295
296 if( input_length == 0 )
297 {
298 status = PSA_SUCCESS;
299 goto exit;
300 }
301
302 if( ctx->unprocessed_len > 0 )
303 {
304 /* Fill up to block size, and run the block if there's a full one. */
305 size_t bytes_to_copy = block_size - ctx->unprocessed_len;
306
307 if( input_length < bytes_to_copy )
308 bytes_to_copy = input_length;
309
310 memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ),
311 input, bytes_to_copy );
312 input_length -= bytes_to_copy;
313 input += bytes_to_copy;
314 ctx->unprocessed_len += bytes_to_copy;
315
316 if( ctx->unprocessed_len == block_size )
317 {
318 status = mbedtls_to_psa_error(
319 mbedtls_cipher_update( ctx,
320 ctx->unprocessed_data,
321 block_size,
322 output, &internal_output_length ) );
323
324 if( status != PSA_SUCCESS )
325 goto exit;
326
327 output += internal_output_length;
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]328 *output_length += internal_output_length;
329 ctx->unprocessed_len = 0;
330 }
331 }
332
333 while( input_length >= block_size )
334 {
335 /* Run all full blocks we have, one by one */
336 status = mbedtls_to_psa_error(
337 mbedtls_cipher_update( ctx, input,
338 block_size,
339 output, &internal_output_length ) );
340
341 if( status != PSA_SUCCESS )
342 goto exit;
343
344 input_length -= block_size;
345 input += block_size;
346
347 output += internal_output_length;
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]348 *output_length += internal_output_length;
349 }
350
351 if( input_length > 0 )
352 {
353 /* Save unprocessed bytes for later processing */
354 memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ),
355 input, input_length );
356 ctx->unprocessed_len += input_length;
357 }
358
359 status = PSA_SUCCESS;
360
361exit:
362 return( status );
363}
364
Ronald Cron8287e6b2021-03-12 10:35:18 +0100[diff] [blame]365static psa_status_t cipher_update( mbedtls_psa_cipher_operation_t *operation,
366 const uint8_t *input,
367 size_t input_length,
368 uint8_t *output,
369 size_t output_size,
370 size_t *output_length )
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]371{
372 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
373 size_t expected_output_size;
374
Ronald Cron6e412a72021-03-10 09:58:47 +0100[diff] [blame]375 if( ! PSA_ALG_IS_STREAM_CIPHER( operation->alg ) )
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]376 {
377 /* Take the unprocessed partial block left over from previous
378 * update calls, if any, plus the input to this call. Remove
379 * the last partial block, if any. You get the data that will be
380 * output in this call. */
381 expected_output_size =
gabor-mezei-arm42cdb2a2021-04-12 15:47:35 +0200[diff] [blame]382 ( operation->ctx.cipher.unprocessed_len + input_length )
Ronald Cron6ad554c2021-03-26 09:29:09 +0100[diff] [blame]383 / operation->block_length * operation->block_length;
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]384 }
385 else
386 {
387 expected_output_size = input_length;
388 }
389
390 if( output_size < expected_output_size )
391 return( PSA_ERROR_BUFFER_TOO_SMALL );
392
Ronald Cron6e412a72021-03-10 09:58:47 +0100[diff] [blame]393 if( operation->alg == PSA_ALG_ECB_NO_PADDING )
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]394 {
395 /* mbedtls_cipher_update has an API inconsistency: it will only
396 * process a single block at a time in ECB mode. Abstract away that
397 * inconsistency here to match the PSA API behaviour. */
gabor-mezei-arm42cdb2a2021-04-12 15:47:35 +0200[diff] [blame]398 status = psa_cipher_update_ecb( &operation->ctx.cipher,
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]399 input,
400 input_length,
401 output,
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]402 output_length );
403 }
404 else
405 {
406 status = mbedtls_to_psa_error(
gabor-mezei-arm42cdb2a2021-04-12 15:47:35 +0200[diff] [blame]407 mbedtls_cipher_update( &operation->ctx.cipher, input,
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]408 input_length, output, output_length ) );
gabor-mezei-arm58c17272021-06-29 16:41:25 +0200[diff] [blame]409
410 if( *output_length > output_size )
gabor-mezei-arm00e54f12021-06-29 19:06:30 +0200[diff] [blame]411 return( PSA_ERROR_CORRUPTION_DETECTED );
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]412 }
413
414 return( status );
415}
416
Ronald Cron8287e6b2021-03-12 10:35:18 +0100[diff] [blame]417static psa_status_t cipher_finish( mbedtls_psa_cipher_operation_t *operation,
418 uint8_t *output,
419 size_t output_size,
420 size_t *output_length )
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]421{
422 psa_status_t status = PSA_ERROR_GENERIC_ERROR;
423 uint8_t temp_output_buffer[MBEDTLS_MAX_BLOCK_LENGTH];
424
gabor-mezei-arm42cdb2a2021-04-12 15:47:35 +0200[diff] [blame]425 if( operation->ctx.cipher.unprocessed_len != 0 )
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]426 {
Ronald Cron6e412a72021-03-10 09:58:47 +0100[diff] [blame]427 if( operation->alg == PSA_ALG_ECB_NO_PADDING ||
428 operation->alg == PSA_ALG_CBC_NO_PADDING )
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]429 {
430 status = PSA_ERROR_INVALID_ARGUMENT;
431 goto exit;
432 }
433 }
434
435 status = mbedtls_to_psa_error(
gabor-mezei-arm42cdb2a2021-04-12 15:47:35 +0200[diff] [blame]436 mbedtls_cipher_finish( &operation->ctx.cipher,
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]437 temp_output_buffer,
438 output_length ) );
439 if( status != PSA_SUCCESS )
440 goto exit;
441
442 if( *output_length == 0 )
443 ; /* Nothing to copy. Note that output may be NULL in this case. */
444 else if( output_size >= *output_length )
445 memcpy( output, temp_output_buffer, *output_length );
446 else
447 status = PSA_ERROR_BUFFER_TOO_SMALL;
448
449exit:
450 mbedtls_platform_zeroize( temp_output_buffer,
451 sizeof( temp_output_buffer ) );
452
453 return( status );
454}
455
Ronald Cron8287e6b2021-03-12 10:35:18 +0100[diff] [blame]456static psa_status_t cipher_abort( mbedtls_psa_cipher_operation_t *operation )
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]457{
Ronald Cron937dfee2021-03-10 09:17:32 +0100[diff] [blame]458 /* Sanity check (shouldn't happen: operation->alg should
459 * always have been initialized to a valid value). */
Ronald Cron6e412a72021-03-10 09:58:47 +0100[diff] [blame]460 if( ! PSA_ALG_IS_CIPHER( operation->alg ) )
Ronald Cron937dfee2021-03-10 09:17:32 +0100[diff] [blame]461 return( PSA_ERROR_BAD_STATE );
462
gabor-mezei-arm42cdb2a2021-04-12 15:47:35 +0200[diff] [blame]463 mbedtls_cipher_free( &operation->ctx.cipher );
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]464
465 return( PSA_SUCCESS );
466}
gabor-mezei-arma9449a02021-03-25 11:17:10 +0100[diff] [blame]467
468static psa_status_t cipher_encrypt( const psa_key_attributes_t *attributes,
469 const uint8_t *key_buffer,
470 size_t key_buffer_size,
471 psa_algorithm_t alg,
472 const uint8_t *input,
473 size_t input_length,
474 uint8_t *output,
475 size_t output_size,
476 size_t *output_length )
477{
478 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
479 mbedtls_psa_cipher_operation_t operation = MBEDTLS_PSA_CIPHER_OPERATION_INIT;
gabor-mezei-arme5ff8f42021-06-25 15:23:05 +0200[diff] [blame]480 size_t olength, accumulated_length;
gabor-mezei-arma9449a02021-03-25 11:17:10 +0100[diff] [blame]481
gabor-mezei-arm47a8e142021-06-25 15:44:47 +0200[diff] [blame]482 status = cipher_encrypt_setup( &operation, attributes,
483 key_buffer, key_buffer_size, alg );
gabor-mezei-arma9449a02021-03-25 11:17:10 +0100[diff] [blame]484 if( status != PSA_SUCCESS )
485 goto exit;
486
gabor-mezei-arme5ff8f42021-06-25 15:23:05 +0200[diff] [blame]487 accumulated_length = 0;
gabor-mezei-arma9449a02021-03-25 11:17:10 +0100[diff] [blame]488 if( operation.iv_length > 0 )
489 {
490 status = cipher_set_iv( &operation, output, operation.iv_length );
491 if( status != PSA_SUCCESS )
492 goto exit;
493
gabor-mezei-arme5ff8f42021-06-25 15:23:05 +0200[diff] [blame]494 accumulated_length = operation.iv_length;
gabor-mezei-arma9449a02021-03-25 11:17:10 +0100[diff] [blame]495 }
496
gabor-mezei-arma9449a02021-03-25 11:17:10 +0100[diff] [blame]497 status = cipher_update( &operation, input, input_length,
gabor-mezei-arme5ff8f42021-06-25 15:23:05 +0200[diff] [blame]498 output + operation.iv_length,
499 output_size - operation.iv_length,
gabor-mezei-arma9449a02021-03-25 11:17:10 +0100[diff] [blame]500 &olength );
gabor-mezei-arma9449a02021-03-25 11:17:10 +0100[diff] [blame]501 if( status != PSA_SUCCESS )
502 goto exit;
503
gabor-mezei-arm6158e282021-06-29 16:42:13 +0200[diff] [blame]504 accumulated_length += olength;
505
gabor-mezei-arme5ff8f42021-06-25 15:23:05 +0200[diff] [blame]506 status = cipher_finish( &operation, output + accumulated_length,
507 output_size - accumulated_length, &olength );
gabor-mezei-arma9449a02021-03-25 11:17:10 +0100[diff] [blame]508 if( status != PSA_SUCCESS )
509 goto exit;
510
gabor-mezei-arm00e54f12021-06-29 19:06:30 +0200[diff] [blame]511 *output_length = accumulated_length + olength;
gabor-mezei-arme5ff8f42021-06-25 15:23:05 +0200[diff] [blame]512
gabor-mezei-arma9449a02021-03-25 11:17:10 +0100[diff] [blame]513exit:
514 if( status == PSA_SUCCESS )
515 status = cipher_abort( &operation );
516 else
517 cipher_abort( &operation );
518 return( status );
519}
520
521static psa_status_t cipher_decrypt( const psa_key_attributes_t *attributes,
522 const uint8_t *key_buffer,
523 size_t key_buffer_size,
524 psa_algorithm_t alg,
525 const uint8_t *input,
526 size_t input_length,
527 uint8_t *output,
528 size_t output_size,
529 size_t *output_length )
530{
531 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
532 mbedtls_psa_cipher_operation_t operation = MBEDTLS_PSA_CIPHER_OPERATION_INIT;
gabor-mezei-arme5ff8f42021-06-25 15:23:05 +0200[diff] [blame]533 size_t olength, accumulated_length;
gabor-mezei-arma9449a02021-03-25 11:17:10 +0100[diff] [blame]534
535 status = cipher_decrypt_setup( &operation, attributes,
536 key_buffer, key_buffer_size, alg );
537 if( status != PSA_SUCCESS )
538 goto exit;
539
540 if( operation.iv_length > 0 )
541 {
542 status = cipher_set_iv( &operation, input, operation.iv_length );
543 if( status != PSA_SUCCESS )
544 goto exit;
545 }
546
gabor-mezei-arma9449a02021-03-25 11:17:10 +0100[diff] [blame]547 status = cipher_update( &operation, input + operation.iv_length,
548 input_length - operation.iv_length,
549 output, output_size, &olength );
gabor-mezei-arma9449a02021-03-25 11:17:10 +0100[diff] [blame]550 if( status != PSA_SUCCESS )
551 goto exit;
552
gabor-mezei-arm6158e282021-06-29 16:42:13 +0200[diff] [blame]553 accumulated_length = olength;
gabor-mezei-arm258ae072021-06-25 15:25:38 +0200[diff] [blame]554
gabor-mezei-arme5ff8f42021-06-25 15:23:05 +0200[diff] [blame]555 status = cipher_finish( &operation, output + accumulated_length,
556 output_size - accumulated_length, &olength );
gabor-mezei-arma9449a02021-03-25 11:17:10 +0100[diff] [blame]557 if( status != PSA_SUCCESS )
558 goto exit;
559
gabor-mezei-arm00e54f12021-06-29 19:06:30 +0200[diff] [blame]560 *output_length = accumulated_length + olength;
gabor-mezei-arme5ff8f42021-06-25 15:23:05 +0200[diff] [blame]561
gabor-mezei-arma9449a02021-03-25 11:17:10 +0100[diff] [blame]562exit:
563 if ( status == PSA_SUCCESS )
564 status = cipher_abort( &operation );
565 else
566 cipher_abort( &operation );
567 return( status );
568}
Ronald Cron5d9b00d2021-03-10 14:43:20 +0100[diff] [blame]569#endif /* MBEDTLS_PSA_BUILTIN_CIPHER || PSA_CRYPTO_DRIVER_TEST */
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]570
Ronald Cron5d9b00d2021-03-10 14:43:20 +0100[diff] [blame]571#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
Ronald Cron8287e6b2021-03-12 10:35:18 +0100[diff] [blame]572psa_status_t mbedtls_psa_cipher_encrypt_setup(
573 mbedtls_psa_cipher_operation_t *operation,
574 const psa_key_attributes_t *attributes,
575 const uint8_t *key_buffer, size_t key_buffer_size,
576 psa_algorithm_t alg )
577{
578 return( cipher_encrypt_setup(
579 operation, attributes, key_buffer, key_buffer_size, alg ) );
580}
581
582psa_status_t mbedtls_psa_cipher_decrypt_setup(
583 mbedtls_psa_cipher_operation_t *operation,
584 const psa_key_attributes_t *attributes,
585 const uint8_t *key_buffer, size_t key_buffer_size,
586 psa_algorithm_t alg )
587{
588 return( cipher_decrypt_setup(
589 operation, attributes, key_buffer, key_buffer_size, alg ) );
590}
591
Ronald Cron8287e6b2021-03-12 10:35:18 +0100[diff] [blame]592psa_status_t mbedtls_psa_cipher_set_iv( mbedtls_psa_cipher_operation_t *operation,
593 const uint8_t *iv,
594 size_t iv_length )
595{
596 return( cipher_set_iv( operation, iv, iv_length ) );
597}
598
599psa_status_t mbedtls_psa_cipher_update( mbedtls_psa_cipher_operation_t *operation,
600 const uint8_t *input,
601 size_t input_length,
602 uint8_t *output,
603 size_t output_size,
604 size_t *output_length )
605{
606 return( cipher_update( operation, input, input_length,
607 output, output_size, output_length ) );
608}
609
610psa_status_t mbedtls_psa_cipher_finish( mbedtls_psa_cipher_operation_t *operation,
611 uint8_t *output,
612 size_t output_size,
613 size_t *output_length )
614{
615 return( cipher_finish( operation, output, output_size, output_length ) );
616}
617
618psa_status_t mbedtls_psa_cipher_abort( mbedtls_psa_cipher_operation_t *operation )
619{
620 return( cipher_abort( operation ) );
621}
gabor-mezei-arma9449a02021-03-25 11:17:10 +0100[diff] [blame]622
623psa_status_t mbedtls_psa_cipher_encrypt( const psa_key_attributes_t *attributes,
624 const uint8_t *key_buffer,
625 size_t key_buffer_size,
626 psa_algorithm_t alg,
627 const uint8_t *input,
628 size_t input_length,
629 uint8_t *output,
630 size_t output_size,
631 size_t *output_length )
632{
633 return( cipher_encrypt( attributes, key_buffer, key_buffer_size,
634 alg, input, input_length,
635 output, output_size, output_length ) );
636}
637
638psa_status_t mbedtls_psa_cipher_decrypt( const psa_key_attributes_t *attributes,
639 const uint8_t *key_buffer,
640 size_t key_buffer_size,
641 psa_algorithm_t alg,
642 const uint8_t *input,
643 size_t input_length,
644 uint8_t *output,
645 size_t output_size,
646 size_t *output_length )
647{
648 return( cipher_decrypt( attributes, key_buffer, key_buffer_size,
649 alg, input, input_length,
650 output, output_size, output_length ) );
651}
Ronald Cron5d9b00d2021-03-10 14:43:20 +0100[diff] [blame]652#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
Ronald Cron8287e6b2021-03-12 10:35:18 +0100[diff] [blame]653
Ronald Cron3522e322021-03-12 11:08:49 +0100[diff] [blame]654/*
655 * BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY.
656 */
657
658#if defined(PSA_CRYPTO_DRIVER_TEST)
659psa_status_t mbedtls_transparent_test_driver_cipher_encrypt_setup(
660 mbedtls_psa_cipher_operation_t *operation,
661 const psa_key_attributes_t *attributes,
662 const uint8_t *key_buffer, size_t key_buffer_size,
663 psa_algorithm_t alg )
664{
665 return( cipher_encrypt_setup(
666 operation, attributes, key_buffer, key_buffer_size, alg ) );
667}
668
669psa_status_t mbedtls_transparent_test_driver_cipher_decrypt_setup(
670 mbedtls_psa_cipher_operation_t *operation,
671 const psa_key_attributes_t *attributes,
672 const uint8_t *key_buffer, size_t key_buffer_size,
673 psa_algorithm_t alg )
674{
675 return( cipher_decrypt_setup(
676 operation, attributes, key_buffer, key_buffer_size, alg ) );
677}
678
Ronald Cron3522e322021-03-12 11:08:49 +0100[diff] [blame]679psa_status_t mbedtls_transparent_test_driver_cipher_set_iv(
680 mbedtls_psa_cipher_operation_t *operation,
681 const uint8_t *iv, size_t iv_length )
682{
683 return( cipher_set_iv( operation, iv, iv_length ) );
684}
685
686psa_status_t mbedtls_transparent_test_driver_cipher_update(
687 mbedtls_psa_cipher_operation_t *operation,
688 const uint8_t *input, size_t input_length,
689 uint8_t *output, size_t output_size, size_t *output_length )
690{
691 return( cipher_update( operation, input, input_length,
692 output, output_size, output_length ) );
693}
694
695psa_status_t mbedtls_transparent_test_driver_cipher_finish(
696 mbedtls_psa_cipher_operation_t *operation,
697 uint8_t *output, size_t output_size, size_t *output_length )
698{
699 return( cipher_finish( operation, output, output_size, output_length ) );
700}
701
702psa_status_t mbedtls_transparent_test_driver_cipher_abort(
703 mbedtls_psa_cipher_operation_t *operation )
704{
705 return( cipher_abort( operation ) );
706}
gabor-mezei-arma9449a02021-03-25 11:17:10 +0100[diff] [blame]707
708psa_status_t mbedtls_transparent_test_driver_cipher_encrypt(
709 const psa_key_attributes_t *attributes,
710 const uint8_t *key_buffer,
711 size_t key_buffer_size,
712 psa_algorithm_t alg,
713 const uint8_t *input,
714 size_t input_length,
715 uint8_t *output,
716 size_t output_size,
717 size_t *output_length )
718{
719 return( cipher_encrypt( attributes, key_buffer, key_buffer_size,
720 alg, input, input_length,
721 output, output_size, output_length ) );
722}
723
724psa_status_t mbedtls_transparent_test_driver_cipher_decrypt(
725 const psa_key_attributes_t *attributes,
726 const uint8_t *key_buffer,
727 size_t key_buffer_size,
728 psa_algorithm_t alg,
729 const uint8_t *input,
730 size_t input_length,
731 uint8_t *output,
732 size_t output_size,
733 size_t *output_length )
734{
735 return( cipher_decrypt( attributes, key_buffer, key_buffer_size,
736 alg, input, input_length,
737 output, output_size, output_length ) );
738}
Ronald Cron3522e322021-03-12 11:08:49 +0100[diff] [blame]739#endif /* PSA_CRYPTO_DRIVER_TEST */
740
Ronald Cron0ff57952021-03-08 16:46:35 +0100[diff] [blame]741#endif /* MBEDTLS_PSA_CRYPTO_C */