TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 625b01c9c3ba8e3b52c75336d6d41f43d960af46 / . / library / psa_crypto.c
blob: cd20738d9a3acc72e5a9fe23a8da7657e386e039 [file] [log] [blame]
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]1/*
2 * PSA crypto layer on top of Mbed TLS crypto
3 */
4/* Copyright (C) 2018, ARM Limited, All Rights Reserved
5 * SPDX-License-Identifier: Apache-2.0
6 *
7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
8 * not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 *
19 * This file is part of mbed TLS (https://tls.mbed.org)
20 */
21
22#if !defined(MBEDTLS_CONFIG_FILE)
23#include "mbedtls/config.h"
24#else
25#include MBEDTLS_CONFIG_FILE
26#endif
27
28#if defined(MBEDTLS_PSA_CRYPTO_C)
29
30#include "psa/crypto.h"
31
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]32#include <stdlib.h>
33#include <string.h>
34#if defined(MBEDTLS_PLATFORM_C)
35#include "mbedtls/platform.h"
36#else
37#define mbedtls_calloc calloc
38#define mbedtls_free free
39#endif
40
Gilles Peskinea5905292018-02-07 20:59:33 +0100[diff] [blame]41#include "mbedtls/arc4.h"
42#include "mbedtls/blowfish.h"
43#include "mbedtls/camellia.h"
44#include "mbedtls/cipher.h"
45#include "mbedtls/ccm.h"
46#include "mbedtls/cmac.h"
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]47#include "mbedtls/ctr_drbg.h"
Gilles Peskinea5905292018-02-07 20:59:33 +0100[diff] [blame]48#include "mbedtls/des.h"
Gilles Peskine969ac722018-01-28 18:16:59 +0100[diff] [blame]49#include "mbedtls/ecp.h"
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]50#include "mbedtls/entropy.h"
Gilles Peskinea5905292018-02-07 20:59:33 +0100[diff] [blame]51#include "mbedtls/error.h"
52#include "mbedtls/gcm.h"
53#include "mbedtls/md2.h"
54#include "mbedtls/md4.h"
55#include "mbedtls/md5.h"
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]56#include "mbedtls/md.h"
57#include "mbedtls/md_internal.h"
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]58#include "mbedtls/pk.h"
Gilles Peskine969ac722018-01-28 18:16:59 +0100[diff] [blame]59#include "mbedtls/pk_internal.h"
Gilles Peskinea5905292018-02-07 20:59:33 +0100[diff] [blame]60#include "mbedtls/ripemd160.h"
Gilles Peskine969ac722018-01-28 18:16:59 +0100[diff] [blame]61#include "mbedtls/rsa.h"
Gilles Peskinea5905292018-02-07 20:59:33 +0100[diff] [blame]62#include "mbedtls/sha1.h"
63#include "mbedtls/sha256.h"
64#include "mbedtls/sha512.h"
65#include "mbedtls/xtea.h"
66
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]67
68
69/* Implementation that should never be optimized out by the compiler */
70static void mbedtls_zeroize( void *v, size_t n )
71{
72 volatile unsigned char *p = v; while( n-- ) *p++ = 0;
73}
74
Gilles Peskine9ef733f2018-02-07 21:05:37 +0100[diff] [blame]75/* constant-time buffer comparison */
76static inline int safer_memcmp( const uint8_t *a, const uint8_t *b, size_t n )
77{
78 size_t i;
79 unsigned char diff = 0;
80
81 for( i = 0; i < n; i++ )
82 diff |= a[i] ^ b[i];
83
84 return( diff );
85}
86
87
88
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]89/****************************************************************/
90/* Global data, support functions and library management */
91/****************************************************************/
92
93/* Number of key slots (plus one because 0 is not used).
94 * The value is a compile-time constant for now, for simplicity. */
95#define MBEDTLS_PSA_KEY_SLOT_COUNT 32
96
97typedef struct {
98 psa_key_type_t type;
mohammad16038cc1cee2018-03-28 01:21:33 +0300[diff] [blame]99 psa_key_policy_t policy;
mohammad1603804cd712018-03-20 22:44:08 +0200[diff] [blame]100 psa_key_lifetime_t lifetime;
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]101 union {
102 struct raw_data {
103 uint8_t *data;
104 size_t bytes;
105 } raw;
Gilles Peskine969ac722018-01-28 18:16:59 +0100[diff] [blame]106#if defined(MBEDTLS_RSA_C)
107 mbedtls_rsa_context *rsa;
108#endif /* MBEDTLS_RSA_C */
109#if defined(MBEDTLS_ECP_C)
110 mbedtls_ecp_keypair *ecp;
111#endif /* MBEDTLS_ECP_C */
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]112 } data;
113} key_slot_t;
114
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]115typedef struct {
116 int initialized;
117 mbedtls_entropy_context entropy;
118 mbedtls_ctr_drbg_context ctr_drbg;
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]119 key_slot_t key_slots[MBEDTLS_PSA_KEY_SLOT_COUNT];
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]120} psa_global_data_t;
121
122static psa_global_data_t global_data;
123
124static psa_status_t mbedtls_to_psa_error( int ret )
125{
Gilles Peskinea5905292018-02-07 20:59:33 +0100[diff] [blame]126 /* If there's both a high-level code and low-level code, dispatch on
127 * the high-level code. */
128 switch( ret < -0x7f ? - ( -ret & 0x7f80 ) : ret )
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]129 {
130 case 0:
131 return( PSA_SUCCESS );
Gilles Peskinea5905292018-02-07 20:59:33 +0100[diff] [blame]132
133 case MBEDTLS_ERR_AES_INVALID_KEY_LENGTH:
134 case MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH:
135 case MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE:
136 return( PSA_ERROR_NOT_SUPPORTED );
137 case MBEDTLS_ERR_AES_HW_ACCEL_FAILED:
138 return( PSA_ERROR_HARDWARE_FAILURE );
139
140 case MBEDTLS_ERR_ARC4_HW_ACCEL_FAILED:
141 return( PSA_ERROR_HARDWARE_FAILURE );
142
143 case MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH:
144 case MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH:
145 return( PSA_ERROR_NOT_SUPPORTED );
146 case MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED:
147 return( PSA_ERROR_HARDWARE_FAILURE );
148
149 case MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH:
150 case MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH:
151 return( PSA_ERROR_NOT_SUPPORTED );
152 case MBEDTLS_ERR_CAMELLIA_HW_ACCEL_FAILED:
153 return( PSA_ERROR_HARDWARE_FAILURE );
154
155 case MBEDTLS_ERR_CCM_BAD_INPUT:
156 return( PSA_ERROR_INVALID_ARGUMENT );
157 case MBEDTLS_ERR_CCM_AUTH_FAILED:
158 return( PSA_ERROR_INVALID_SIGNATURE );
159 case MBEDTLS_ERR_CCM_HW_ACCEL_FAILED:
160 return( PSA_ERROR_HARDWARE_FAILURE );
161
162 case MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE:
163 return( PSA_ERROR_NOT_SUPPORTED );
164 case MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA:
165 return( PSA_ERROR_INVALID_ARGUMENT );
166 case MBEDTLS_ERR_CIPHER_ALLOC_FAILED:
167 return( PSA_ERROR_INSUFFICIENT_MEMORY );
168 case MBEDTLS_ERR_CIPHER_INVALID_PADDING:
169 return( PSA_ERROR_INVALID_PADDING );
170 case MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED:
171 return( PSA_ERROR_BAD_STATE );
172 case MBEDTLS_ERR_CIPHER_AUTH_FAILED:
173 return( PSA_ERROR_INVALID_SIGNATURE );
174 case MBEDTLS_ERR_CIPHER_INVALID_CONTEXT:
175 return( PSA_ERROR_TAMPERING_DETECTED );
176 case MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED:
177 return( PSA_ERROR_HARDWARE_FAILURE );
178
179 case MBEDTLS_ERR_CMAC_HW_ACCEL_FAILED:
180 return( PSA_ERROR_HARDWARE_FAILURE );
181
182 case MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED:
183 return( PSA_ERROR_INSUFFICIENT_ENTROPY );
184 case MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG:
185 case MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG:
186 return( PSA_ERROR_NOT_SUPPORTED );
187 case MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR:
188 return( PSA_ERROR_INSUFFICIENT_ENTROPY );
189
190 case MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH:
191 return( PSA_ERROR_NOT_SUPPORTED );
192 case MBEDTLS_ERR_DES_HW_ACCEL_FAILED:
193 return( PSA_ERROR_HARDWARE_FAILURE );
194
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]195 case MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED:
196 case MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE:
197 case MBEDTLS_ERR_ENTROPY_SOURCE_FAILED:
198 return( PSA_ERROR_INSUFFICIENT_ENTROPY );
Gilles Peskinea5905292018-02-07 20:59:33 +0100[diff] [blame]199
200 case MBEDTLS_ERR_GCM_AUTH_FAILED:
201 return( PSA_ERROR_INVALID_SIGNATURE );
202 case MBEDTLS_ERR_GCM_BAD_INPUT:
203 return( PSA_ERROR_NOT_SUPPORTED );
204 case MBEDTLS_ERR_GCM_HW_ACCEL_FAILED:
205 return( PSA_ERROR_HARDWARE_FAILURE );
206
207 case MBEDTLS_ERR_MD2_HW_ACCEL_FAILED:
208 case MBEDTLS_ERR_MD4_HW_ACCEL_FAILED:
209 case MBEDTLS_ERR_MD5_HW_ACCEL_FAILED:
210 return( PSA_ERROR_HARDWARE_FAILURE );
211
212 case MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE:
213 return( PSA_ERROR_NOT_SUPPORTED );
214 case MBEDTLS_ERR_MD_BAD_INPUT_DATA:
215 return( PSA_ERROR_INVALID_ARGUMENT );
216 case MBEDTLS_ERR_MD_ALLOC_FAILED:
217 return( PSA_ERROR_INSUFFICIENT_MEMORY );
218 case MBEDTLS_ERR_MD_FILE_IO_ERROR:
219 return( PSA_ERROR_STORAGE_FAILURE );
220 case MBEDTLS_ERR_MD_HW_ACCEL_FAILED:
221 return( PSA_ERROR_HARDWARE_FAILURE );
222
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]223 case MBEDTLS_ERR_PK_ALLOC_FAILED:
224 return( PSA_ERROR_INSUFFICIENT_MEMORY );
225 case MBEDTLS_ERR_PK_TYPE_MISMATCH:
226 case MBEDTLS_ERR_PK_BAD_INPUT_DATA:
227 return( PSA_ERROR_INVALID_ARGUMENT );
228 case MBEDTLS_ERR_PK_FILE_IO_ERROR:
Gilles Peskinea5905292018-02-07 20:59:33 +0100[diff] [blame]229 return( PSA_ERROR_STORAGE_FAILURE );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]230 case MBEDTLS_ERR_PK_KEY_INVALID_VERSION:
231 case MBEDTLS_ERR_PK_KEY_INVALID_FORMAT:
232 return( PSA_ERROR_INVALID_ARGUMENT );
233 case MBEDTLS_ERR_PK_UNKNOWN_PK_ALG:
234 return( PSA_ERROR_NOT_SUPPORTED );
235 case MBEDTLS_ERR_PK_PASSWORD_REQUIRED:
236 case MBEDTLS_ERR_PK_PASSWORD_MISMATCH:
237 return( PSA_ERROR_NOT_PERMITTED );
238 case MBEDTLS_ERR_PK_INVALID_PUBKEY:
239 return( PSA_ERROR_INVALID_ARGUMENT );
240 case MBEDTLS_ERR_PK_INVALID_ALG:
241 case MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE:
242 case MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE:
243 return( PSA_ERROR_NOT_SUPPORTED );
244 case MBEDTLS_ERR_PK_SIG_LEN_MISMATCH:
245 return( PSA_ERROR_INVALID_SIGNATURE );
Gilles Peskinea5905292018-02-07 20:59:33 +0100[diff] [blame]246 case MBEDTLS_ERR_PK_HW_ACCEL_FAILED:
247 return( PSA_ERROR_HARDWARE_FAILURE );
248
249 case MBEDTLS_ERR_RIPEMD160_HW_ACCEL_FAILED:
250 return( PSA_ERROR_HARDWARE_FAILURE );
251
252 case MBEDTLS_ERR_RSA_BAD_INPUT_DATA:
253 return( PSA_ERROR_INVALID_ARGUMENT );
254 case MBEDTLS_ERR_RSA_INVALID_PADDING:
255 return( PSA_ERROR_INVALID_PADDING );
256 case MBEDTLS_ERR_RSA_KEY_GEN_FAILED:
257 return( PSA_ERROR_HARDWARE_FAILURE );
258 case MBEDTLS_ERR_RSA_KEY_CHECK_FAILED:
259 return( PSA_ERROR_INVALID_ARGUMENT );
260 case MBEDTLS_ERR_RSA_PUBLIC_FAILED:
261 case MBEDTLS_ERR_RSA_PRIVATE_FAILED:
262 return( PSA_ERROR_TAMPERING_DETECTED );
263 case MBEDTLS_ERR_RSA_VERIFY_FAILED:
264 return( PSA_ERROR_INVALID_SIGNATURE );
265 case MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE:
266 return( PSA_ERROR_BUFFER_TOO_SMALL );
267 case MBEDTLS_ERR_RSA_RNG_FAILED:
268 return( PSA_ERROR_INSUFFICIENT_MEMORY );
269 case MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION:
270 return( PSA_ERROR_NOT_SUPPORTED );
271 case MBEDTLS_ERR_RSA_HW_ACCEL_FAILED:
272 return( PSA_ERROR_HARDWARE_FAILURE );
273
274 case MBEDTLS_ERR_SHA1_HW_ACCEL_FAILED:
275 case MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED:
276 case MBEDTLS_ERR_SHA512_HW_ACCEL_FAILED:
277 return( PSA_ERROR_HARDWARE_FAILURE );
278
279 case MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH:
280 return( PSA_ERROR_INVALID_ARGUMENT );
281 case MBEDTLS_ERR_XTEA_HW_ACCEL_FAILED:
282 return( PSA_ERROR_HARDWARE_FAILURE );
283
itayzafrir5c753392018-05-08 11:18:38 +0300[diff] [blame]284 case MBEDTLS_ERR_ECP_BAD_INPUT_DATA:
itayzafrir7b30f8b2018-05-09 16:07:36 +0300[diff] [blame]285 case MBEDTLS_ERR_ECP_INVALID_KEY:
itayzafrir5c753392018-05-08 11:18:38 +0300[diff] [blame]286 return( PSA_ERROR_INVALID_ARGUMENT );
itayzafrir7b30f8b2018-05-09 16:07:36 +0300[diff] [blame]287 case MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL:
288 return( PSA_ERROR_BUFFER_TOO_SMALL );
289 case MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE:
290 return( PSA_ERROR_NOT_SUPPORTED );
291 case MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH:
292 case MBEDTLS_ERR_ECP_VERIFY_FAILED:
293 return( PSA_ERROR_INVALID_SIGNATURE );
294 case MBEDTLS_ERR_ECP_ALLOC_FAILED:
295 return( PSA_ERROR_INSUFFICIENT_MEMORY );
296 case MBEDTLS_ERR_ECP_HW_ACCEL_FAILED:
297 return( PSA_ERROR_HARDWARE_FAILURE );
itayzafrir5c753392018-05-08 11:18:38 +0300[diff] [blame]298
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]299 default:
300 return( PSA_ERROR_UNKNOWN_ERROR );
301 }
302}
303
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]304
305
306/****************************************************************/
307/* Key management */
308/****************************************************************/
309
310psa_status_t psa_import_key(psa_key_slot_t key,
311 psa_key_type_t type,
312 const uint8_t *data,
313 size_t data_length)
314{
315 key_slot_t *slot;
316
317 if( key == 0 || key > MBEDTLS_PSA_KEY_SLOT_COUNT )
318 return( PSA_ERROR_INVALID_ARGUMENT );
319 slot = &global_data.key_slots[key];
320 if( slot->type != PSA_KEY_TYPE_NONE )
321 return( PSA_ERROR_OCCUPIED_SLOT );
322
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]323 if( PSA_KEY_TYPE_IS_RAW_BYTES( type ) )
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]324 {
Gilles Peskine6d912132018-03-07 16:41:37 +0100[diff] [blame]325 /* Ensure that a bytes-to-bit conversion won't overflow. */
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]326 if( data_length > SIZE_MAX / 8 )
327 return( PSA_ERROR_NOT_SUPPORTED );
328 slot->data.raw.data = mbedtls_calloc( 1, data_length );
329 if( slot->data.raw.data == NULL )
330 return( PSA_ERROR_INSUFFICIENT_MEMORY );
331 memcpy( slot->data.raw.data, data, data_length );
332 slot->data.raw.bytes = data_length;
333 }
334 else
Gilles Peskine969ac722018-01-28 18:16:59 +0100[diff] [blame]335#if defined(MBEDTLS_PK_PARSE_C)
Gilles Peskinec66ea6a2018-02-03 22:43:28 +0100[diff] [blame]336 if( type == PSA_KEY_TYPE_RSA_PUBLIC_KEY ||
337 type == PSA_KEY_TYPE_RSA_KEYPAIR ||
338 PSA_KEY_TYPE_IS_ECC( type ) )
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]339 {
340 int ret;
Gilles Peskine969ac722018-01-28 18:16:59 +0100[diff] [blame]341 mbedtls_pk_context pk;
342 mbedtls_pk_init( &pk );
Gilles Peskinec66ea6a2018-02-03 22:43:28 +0100[diff] [blame]343 if( PSA_KEY_TYPE_IS_KEYPAIR( type ) )
344 ret = mbedtls_pk_parse_key( &pk, data, data_length, NULL, 0 );
345 else
346 ret = mbedtls_pk_parse_public_key( &pk, data, data_length );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]347 if( ret != 0 )
348 return( mbedtls_to_psa_error( ret ) );
Gilles Peskine969ac722018-01-28 18:16:59 +0100[diff] [blame]349 switch( mbedtls_pk_get_type( &pk ) )
350 {
351#if defined(MBEDTLS_RSA_C)
352 case MBEDTLS_PK_RSA:
Gilles Peskinec66ea6a2018-02-03 22:43:28 +0100[diff] [blame]353 if( type == PSA_KEY_TYPE_RSA_PUBLIC_KEY ||
354 type == PSA_KEY_TYPE_RSA_KEYPAIR )
Gilles Peskine969ac722018-01-28 18:16:59 +0100[diff] [blame]355 slot->data.rsa = pk.pk_ctx;
356 else
357 return( PSA_ERROR_INVALID_ARGUMENT );
358 break;
359#endif /* MBEDTLS_RSA_C */
360#if defined(MBEDTLS_ECP_C)
361 case MBEDTLS_PK_ECKEY:
362 if( PSA_KEY_TYPE_IS_ECC( type ) )
363 {
364 // TODO: check curve
365 slot->data.ecp = pk.pk_ctx;
366 }
367 else
368 return( PSA_ERROR_INVALID_ARGUMENT );
369 break;
370#endif /* MBEDTLS_ECP_C */
371 default:
372 return( PSA_ERROR_INVALID_ARGUMENT );
373 }
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]374 }
375 else
Gilles Peskine969ac722018-01-28 18:16:59 +0100[diff] [blame]376#endif /* defined(MBEDTLS_PK_PARSE_C) */
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]377 {
378 return( PSA_ERROR_NOT_SUPPORTED );
379 }
380
381 slot->type = type;
382 return( PSA_SUCCESS );
383}
384
385psa_status_t psa_destroy_key(psa_key_slot_t key)
386{
387 key_slot_t *slot;
388
389 if( key == 0 || key > MBEDTLS_PSA_KEY_SLOT_COUNT )
390 return( PSA_ERROR_INVALID_ARGUMENT );
391 slot = &global_data.key_slots[key];
392 if( slot->type == PSA_KEY_TYPE_NONE )
393 return( PSA_ERROR_EMPTY_SLOT );
394
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]395 if( PSA_KEY_TYPE_IS_RAW_BYTES( slot->type ) )
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]396 {
397 mbedtls_free( slot->data.raw.data );
398 }
399 else
Gilles Peskine969ac722018-01-28 18:16:59 +0100[diff] [blame]400#if defined(MBEDTLS_RSA_C)
Gilles Peskinec66ea6a2018-02-03 22:43:28 +0100[diff] [blame]401 if( slot->type == PSA_KEY_TYPE_RSA_PUBLIC_KEY ||
402 slot->type == PSA_KEY_TYPE_RSA_KEYPAIR )
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]403 {
Gilles Peskine969ac722018-01-28 18:16:59 +0100[diff] [blame]404 mbedtls_rsa_free( slot->data.rsa );
Gilles Peskine3c6e9702018-03-07 16:42:44 +0100[diff] [blame]405 mbedtls_free( slot->data.rsa );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]406 }
407 else
Gilles Peskine969ac722018-01-28 18:16:59 +0100[diff] [blame]408#endif /* defined(MBEDTLS_RSA_C) */
409#if defined(MBEDTLS_ECP_C)
410 if( PSA_KEY_TYPE_IS_ECC( slot->type ) )
411 {
412 mbedtls_ecp_keypair_free( slot->data.ecp );
Gilles Peskine3c6e9702018-03-07 16:42:44 +0100[diff] [blame]413 mbedtls_free( slot->data.ecp );
Gilles Peskine969ac722018-01-28 18:16:59 +0100[diff] [blame]414 }
415 else
416#endif /* defined(MBEDTLS_ECP_C) */
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]417 {
418 /* Shouldn't happen: the key type is not any type that we
Gilles Peskine6d912132018-03-07 16:41:37 +0100[diff] [blame]419 * put in. */
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]420 return( PSA_ERROR_TAMPERING_DETECTED );
421 }
422
423 mbedtls_zeroize( slot, sizeof( *slot ) );
424 return( PSA_SUCCESS );
425}
426
427psa_status_t psa_get_key_information(psa_key_slot_t key,
428 psa_key_type_t *type,
429 size_t *bits)
430{
431 key_slot_t *slot;
432
433 if( key == 0 || key > MBEDTLS_PSA_KEY_SLOT_COUNT )
Gilles Peskinec66ea6a2018-02-03 22:43:28 +0100[diff] [blame]434 return( PSA_ERROR_EMPTY_SLOT );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]435 slot = &global_data.key_slots[key];
436 if( type != NULL )
437 *type = slot->type;
438 if( bits != NULL )
439 *bits = 0;
440 if( slot->type == PSA_KEY_TYPE_NONE )
441 return( PSA_ERROR_EMPTY_SLOT );
442
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]443 if( PSA_KEY_TYPE_IS_RAW_BYTES( slot->type ) )
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]444 {
445 if( bits != NULL )
446 *bits = slot->data.raw.bytes * 8;
447 }
448 else
Gilles Peskine969ac722018-01-28 18:16:59 +0100[diff] [blame]449#if defined(MBEDTLS_RSA_C)
Gilles Peskinec66ea6a2018-02-03 22:43:28 +0100[diff] [blame]450 if( slot->type == PSA_KEY_TYPE_RSA_PUBLIC_KEY ||
451 slot->type == PSA_KEY_TYPE_RSA_KEYPAIR )
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]452 {
453 if( bits != NULL )
Gilles Peskine969ac722018-01-28 18:16:59 +0100[diff] [blame]454 *bits = mbedtls_rsa_get_bitlen( slot->data.rsa );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]455 }
456 else
Gilles Peskine969ac722018-01-28 18:16:59 +0100[diff] [blame]457#endif /* defined(MBEDTLS_RSA_C) */
458#if defined(MBEDTLS_ECP_C)
459 if( PSA_KEY_TYPE_IS_ECC( slot->type ) )
460 {
461 if( bits != NULL )
462 *bits = slot->data.ecp->grp.pbits;
463 }
464 else
465#endif /* defined(MBEDTLS_ECP_C) */
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]466 {
467 /* Shouldn't happen: the key type is not any type that we
Gilles Peskine6d912132018-03-07 16:41:37 +0100[diff] [blame]468 * put in. */
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]469 return( PSA_ERROR_TAMPERING_DETECTED );
470 }
471
472 return( PSA_SUCCESS );
473}
474
475psa_status_t psa_export_key(psa_key_slot_t key,
476 uint8_t *data,
477 size_t data_size,
478 size_t *data_length)
479{
480 key_slot_t *slot;
481
482 if( key == 0 || key > MBEDTLS_PSA_KEY_SLOT_COUNT )
Gilles Peskinec66ea6a2018-02-03 22:43:28 +0100[diff] [blame]483 return( PSA_ERROR_EMPTY_SLOT );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]484 slot = &global_data.key_slots[key];
485 if( slot->type == PSA_KEY_TYPE_NONE )
486 return( PSA_ERROR_EMPTY_SLOT );
487
mohammad160306e79202018-03-28 13:17:44 +0300[diff] [blame]488 if( !( slot->policy.usage & PSA_KEY_USAGE_EXPORT ) )
489 return( PSA_ERROR_NOT_PERMITTED );
490
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]491 if( PSA_KEY_TYPE_IS_RAW_BYTES( slot->type ) )
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]492 {
493 if( slot->data.raw.bytes > data_size )
494 return( PSA_ERROR_BUFFER_TOO_SMALL );
495 memcpy( data, slot->data.raw.data, slot->data.raw.bytes );
496 *data_length = slot->data.raw.bytes;
497 return( PSA_SUCCESS );
498 }
499 else
Gilles Peskine969ac722018-01-28 18:16:59 +0100[diff] [blame]500#if defined(MBEDTLS_PK_WRITE_C)
Gilles Peskinec66ea6a2018-02-03 22:43:28 +0100[diff] [blame]501 if( slot->type == PSA_KEY_TYPE_RSA_PUBLIC_KEY ||
502 slot->type == PSA_KEY_TYPE_RSA_KEYPAIR ||
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]503 PSA_KEY_TYPE_IS_ECC( slot->type ) )
504 {
Gilles Peskine969ac722018-01-28 18:16:59 +0100[diff] [blame]505 mbedtls_pk_context pk;
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]506 int ret;
Gilles Peskine969ac722018-01-28 18:16:59 +0100[diff] [blame]507 mbedtls_pk_init( &pk );
Gilles Peskinec66ea6a2018-02-03 22:43:28 +0100[diff] [blame]508 if( slot->type == PSA_KEY_TYPE_RSA_PUBLIC_KEY ||
509 slot->type == PSA_KEY_TYPE_RSA_KEYPAIR )
Gilles Peskine969ac722018-01-28 18:16:59 +0100[diff] [blame]510 {
511 pk.pk_info = &mbedtls_rsa_info;
512 pk.pk_ctx = slot->data.rsa;
513 }
514 else
515 {
516 pk.pk_info = &mbedtls_eckey_info;
517 pk.pk_ctx = slot->data.ecp;
518 }
Gilles Peskinec66ea6a2018-02-03 22:43:28 +0100[diff] [blame]519 if( PSA_KEY_TYPE_IS_KEYPAIR( slot->type ) )
520 ret = mbedtls_pk_write_key_der( &pk, data, data_size );
521 else
522 ret = mbedtls_pk_write_pubkey_der( &pk, data, data_size );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]523 if( ret < 0 )
524 return( mbedtls_to_psa_error( ret ) );
525 *data_length = ret;
526 return( PSA_SUCCESS );
527 }
528 else
Gilles Peskine6d912132018-03-07 16:41:37 +0100[diff] [blame]529#endif /* defined(MBEDTLS_PK_WRITE_C) */
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]530 {
Gilles Peskine6d912132018-03-07 16:41:37 +0100[diff] [blame]531 /* This shouldn't happen in the reference implementation, but
532 it is valid for a special-purpose implementation to omit
533 support for exporting certain key types. */
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]534 return( PSA_ERROR_NOT_SUPPORTED );
535 }
536}
537
538
539
540/****************************************************************/
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]541/* Message digests */
542/****************************************************************/
543
Gilles Peskinedc2fc842018-03-07 16:42:59 +0100[diff] [blame]544static const mbedtls_md_info_t *mbedtls_md_info_from_psa( psa_algorithm_t alg )
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]545{
546 switch( alg )
547 {
548#if defined(MBEDTLS_MD2_C)
549 case PSA_ALG_MD2:
550 return( &mbedtls_md2_info );
551#endif
552#if defined(MBEDTLS_MD4_C)
553 case PSA_ALG_MD4:
554 return( &mbedtls_md4_info );
555#endif
556#if defined(MBEDTLS_MD5_C)
557 case PSA_ALG_MD5:
558 return( &mbedtls_md5_info );
559#endif
560#if defined(MBEDTLS_RIPEMD160_C)
561 case PSA_ALG_RIPEMD160:
562 return( &mbedtls_ripemd160_info );
563#endif
564#if defined(MBEDTLS_SHA1_C)
565 case PSA_ALG_SHA_1:
566 return( &mbedtls_sha1_info );
567#endif
568#if defined(MBEDTLS_SHA256_C)
569 case PSA_ALG_SHA_224:
570 return( &mbedtls_sha224_info );
571 case PSA_ALG_SHA_256:
572 return( &mbedtls_sha256_info );
573#endif
574#if defined(MBEDTLS_SHA512_C)
575 case PSA_ALG_SHA_384:
576 return( &mbedtls_sha384_info );
577 case PSA_ALG_SHA_512:
578 return( &mbedtls_sha512_info );
579#endif
580 default:
581 return( NULL );
582 }
583}
584
585#if 0
586static psa_algorithm_t mbedtls_md_alg_to_psa( mbedtls_md_type_t md_alg )
587{
588 switch( md_alg )
589 {
590 case MBEDTLS_MD_NONE:
591 return( 0 );
592 case MBEDTLS_MD_MD2:
593 return( PSA_ALG_MD2 );
594 case MBEDTLS_MD_MD4:
595 return( PSA_ALG_MD4 );
596 case MBEDTLS_MD_MD5:
597 return( PSA_ALG_MD5 );
598 case MBEDTLS_MD_SHA1:
599 return( PSA_ALG_SHA_1 );
600 case MBEDTLS_MD_SHA224:
601 return( PSA_ALG_SHA_224 );
602 case MBEDTLS_MD_SHA256:
603 return( PSA_ALG_SHA_256 );
604 case MBEDTLS_MD_SHA384:
605 return( PSA_ALG_SHA_384 );
606 case MBEDTLS_MD_SHA512:
607 return( PSA_ALG_SHA_512 );
608 case MBEDTLS_MD_RIPEMD160:
609 return( PSA_ALG_RIPEMD160 );
610 default:
Gilles Peskine47c1bc02018-03-20 17:55:04 +0100[diff] [blame]611 return( 0 );
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]612 }
613}
614#endif
615
Gilles Peskine9ef733f2018-02-07 21:05:37 +0100[diff] [blame]616psa_status_t psa_hash_abort( psa_hash_operation_t *operation )
617{
618 switch( operation->alg )
619 {
620#if defined(MBEDTLS_MD2_C)
621 case PSA_ALG_MD2:
622 mbedtls_md2_free( &operation->ctx.md2 );
623 break;
624#endif
625#if defined(MBEDTLS_MD4_C)
626 case PSA_ALG_MD4:
627 mbedtls_md4_free( &operation->ctx.md4 );
628 break;
629#endif
630#if defined(MBEDTLS_MD5_C)
631 case PSA_ALG_MD5:
632 mbedtls_md5_free( &operation->ctx.md5 );
633 break;
634#endif
635#if defined(MBEDTLS_RIPEMD160_C)
636 case PSA_ALG_RIPEMD160:
637 mbedtls_ripemd160_free( &operation->ctx.ripemd160 );
638 break;
639#endif
640#if defined(MBEDTLS_SHA1_C)
641 case PSA_ALG_SHA_1:
642 mbedtls_sha1_free( &operation->ctx.sha1 );
643 break;
644#endif
645#if defined(MBEDTLS_SHA256_C)
646 case PSA_ALG_SHA_224:
647 case PSA_ALG_SHA_256:
648 mbedtls_sha256_free( &operation->ctx.sha256 );
649 break;
650#endif
651#if defined(MBEDTLS_SHA512_C)
652 case PSA_ALG_SHA_384:
653 case PSA_ALG_SHA_512:
654 mbedtls_sha512_free( &operation->ctx.sha512 );
655 break;
656#endif
657 default:
658 return( PSA_ERROR_NOT_SUPPORTED );
659 }
660 operation->alg = 0;
661 return( PSA_SUCCESS );
662}
663
664psa_status_t psa_hash_start( psa_hash_operation_t *operation,
665 psa_algorithm_t alg )
666{
667 int ret;
668 operation->alg = 0;
669 switch( alg )
670 {
671#if defined(MBEDTLS_MD2_C)
672 case PSA_ALG_MD2:
673 mbedtls_md2_init( &operation->ctx.md2 );
674 ret = mbedtls_md2_starts_ret( &operation->ctx.md2 );
675 break;
676#endif
677#if defined(MBEDTLS_MD4_C)
678 case PSA_ALG_MD4:
679 mbedtls_md4_init( &operation->ctx.md4 );
680 ret = mbedtls_md4_starts_ret( &operation->ctx.md4 );
681 break;
682#endif
683#if defined(MBEDTLS_MD5_C)
684 case PSA_ALG_MD5:
685 mbedtls_md5_init( &operation->ctx.md5 );
686 ret = mbedtls_md5_starts_ret( &operation->ctx.md5 );
687 break;
688#endif
689#if defined(MBEDTLS_RIPEMD160_C)
690 case PSA_ALG_RIPEMD160:
691 mbedtls_ripemd160_init( &operation->ctx.ripemd160 );
692 ret = mbedtls_ripemd160_starts_ret( &operation->ctx.ripemd160 );
693 break;
694#endif
695#if defined(MBEDTLS_SHA1_C)
696 case PSA_ALG_SHA_1:
697 mbedtls_sha1_init( &operation->ctx.sha1 );
698 ret = mbedtls_sha1_starts_ret( &operation->ctx.sha1 );
699 break;
700#endif
701#if defined(MBEDTLS_SHA256_C)
702 case PSA_ALG_SHA_224:
703 mbedtls_sha256_init( &operation->ctx.sha256 );
704 ret = mbedtls_sha256_starts_ret( &operation->ctx.sha256, 1 );
705 break;
706 case PSA_ALG_SHA_256:
707 mbedtls_sha256_init( &operation->ctx.sha256 );
708 ret = mbedtls_sha256_starts_ret( &operation->ctx.sha256, 0 );
709 break;
710#endif
711#if defined(MBEDTLS_SHA512_C)
712 case PSA_ALG_SHA_384:
713 mbedtls_sha512_init( &operation->ctx.sha512 );
714 ret = mbedtls_sha512_starts_ret( &operation->ctx.sha512, 1 );
715 break;
716 case PSA_ALG_SHA_512:
717 mbedtls_sha512_init( &operation->ctx.sha512 );
718 ret = mbedtls_sha512_starts_ret( &operation->ctx.sha512, 0 );
719 break;
720#endif
721 default:
722 return( PSA_ERROR_NOT_SUPPORTED );
723 }
724 if( ret == 0 )
725 operation->alg = alg;
726 else
727 psa_hash_abort( operation );
728 return( mbedtls_to_psa_error( ret ) );
729}
730
731psa_status_t psa_hash_update( psa_hash_operation_t *operation,
732 const uint8_t *input,
733 size_t input_length )
734{
735 int ret;
736 switch( operation->alg )
737 {
738#if defined(MBEDTLS_MD2_C)
739 case PSA_ALG_MD2:
740 ret = mbedtls_md2_update_ret( &operation->ctx.md2,
741 input, input_length );
742 break;
743#endif
744#if defined(MBEDTLS_MD4_C)
745 case PSA_ALG_MD4:
746 ret = mbedtls_md4_update_ret( &operation->ctx.md4,
747 input, input_length );
748 break;
749#endif
750#if defined(MBEDTLS_MD5_C)
751 case PSA_ALG_MD5:
752 ret = mbedtls_md5_update_ret( &operation->ctx.md5,
753 input, input_length );
754 break;
755#endif
756#if defined(MBEDTLS_RIPEMD160_C)
757 case PSA_ALG_RIPEMD160:
758 ret = mbedtls_ripemd160_update_ret( &operation->ctx.ripemd160,
759 input, input_length );
760 break;
761#endif
762#if defined(MBEDTLS_SHA1_C)
763 case PSA_ALG_SHA_1:
764 ret = mbedtls_sha1_update_ret( &operation->ctx.sha1,
765 input, input_length );
766 break;
767#endif
768#if defined(MBEDTLS_SHA256_C)
769 case PSA_ALG_SHA_224:
770 case PSA_ALG_SHA_256:
771 ret = mbedtls_sha256_update_ret( &operation->ctx.sha256,
772 input, input_length );
773 break;
774#endif
775#if defined(MBEDTLS_SHA512_C)
776 case PSA_ALG_SHA_384:
777 case PSA_ALG_SHA_512:
778 ret = mbedtls_sha512_update_ret( &operation->ctx.sha512,
779 input, input_length );
780 break;
781#endif
782 default:
783 ret = MBEDTLS_ERR_MD_BAD_INPUT_DATA;
784 break;
785 }
786 if( ret != 0 )
787 psa_hash_abort( operation );
788 return( mbedtls_to_psa_error( ret ) );
789}
790
791psa_status_t psa_hash_finish( psa_hash_operation_t *operation,
792 uint8_t *hash,
793 size_t hash_size,
794 size_t *hash_length )
795{
796 int ret;
797 size_t actual_hash_length = PSA_HASH_FINAL_SIZE( operation->alg );
798
799 /* Fill the output buffer with something that isn't a valid hash
800 * (barring an attack on the hash and deliberately-crafted input),
801 * in case the caller doesn't check the return status properly. */
802 *hash_length = actual_hash_length;
803 memset( hash, '!', hash_size );
804
805 if( hash_size < actual_hash_length )
806 return( PSA_ERROR_BUFFER_TOO_SMALL );
807
808 switch( operation->alg )
809 {
810#if defined(MBEDTLS_MD2_C)
811 case PSA_ALG_MD2:
812 ret = mbedtls_md2_finish_ret( &operation->ctx.md2, hash );
813 break;
814#endif
815#if defined(MBEDTLS_MD4_C)
816 case PSA_ALG_MD4:
817 ret = mbedtls_md4_finish_ret( &operation->ctx.md4, hash );
818 break;
819#endif
820#if defined(MBEDTLS_MD5_C)
821 case PSA_ALG_MD5:
822 ret = mbedtls_md5_finish_ret( &operation->ctx.md5, hash );
823 break;
824#endif
825#if defined(MBEDTLS_RIPEMD160_C)
826 case PSA_ALG_RIPEMD160:
827 ret = mbedtls_ripemd160_finish_ret( &operation->ctx.ripemd160, hash );
828 break;
829#endif
830#if defined(MBEDTLS_SHA1_C)
831 case PSA_ALG_SHA_1:
832 ret = mbedtls_sha1_finish_ret( &operation->ctx.sha1, hash );
833 break;
834#endif
835#if defined(MBEDTLS_SHA256_C)
836 case PSA_ALG_SHA_224:
837 case PSA_ALG_SHA_256:
838 ret = mbedtls_sha256_finish_ret( &operation->ctx.sha256, hash );
839 break;
840#endif
841#if defined(MBEDTLS_SHA512_C)
842 case PSA_ALG_SHA_384:
843 case PSA_ALG_SHA_512:
844 ret = mbedtls_sha512_finish_ret( &operation->ctx.sha512, hash );
845 break;
846#endif
847 default:
848 ret = MBEDTLS_ERR_MD_BAD_INPUT_DATA;
849 break;
850 }
851
852 if( ret == 0 )
853 {
854 return( psa_hash_abort( operation ) );
855 }
856 else
857 {
858 psa_hash_abort( operation );
859 return( mbedtls_to_psa_error( ret ) );
860 }
861}
862
863psa_status_t psa_hash_verify(psa_hash_operation_t *operation,
864 const uint8_t *hash,
865 size_t hash_length)
866{
867 uint8_t actual_hash[MBEDTLS_MD_MAX_SIZE];
868 size_t actual_hash_length;
869 psa_status_t status = psa_hash_finish( operation,
870 actual_hash, sizeof( actual_hash ),
871 &actual_hash_length );
872 if( status != PSA_SUCCESS )
873 return( status );
874 if( actual_hash_length != hash_length )
875 return( PSA_ERROR_INVALID_SIGNATURE );
876 if( safer_memcmp( hash, actual_hash, actual_hash_length ) != 0 )
877 return( PSA_ERROR_INVALID_SIGNATURE );
878 return( PSA_SUCCESS );
879}
880
881
882
883
884/****************************************************************/
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]885/* MAC */
886/****************************************************************/
887
Gilles Peskinedc2fc842018-03-07 16:42:59 +0100[diff] [blame]888static const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa(
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]889 psa_algorithm_t alg,
890 psa_key_type_t key_type,
891 size_t key_bits )
892{
893 mbedtls_cipher_id_t cipher_id;
894 mbedtls_cipher_mode_t mode;
895
896 if( PSA_ALG_IS_CIPHER( alg ) || PSA_ALG_IS_AEAD( alg ) )
897 {
898 if( PSA_ALG_IS_BLOCK_CIPHER( alg ) )
899 alg &= ~PSA_ALG_BLOCK_CIPHER_MODE_MASK;
900 switch( alg )
901 {
902 case PSA_ALG_STREAM_CIPHER:
903 mode = MBEDTLS_MODE_STREAM;
904 break;
905 case PSA_ALG_CBC_BASE:
906 mode = MBEDTLS_MODE_CBC;
907 break;
908 case PSA_ALG_CFB_BASE:
909 mode = MBEDTLS_MODE_CFB;
910 break;
911 case PSA_ALG_OFB_BASE:
912 mode = MBEDTLS_MODE_OFB;
913 break;
914 case PSA_ALG_CTR:
915 mode = MBEDTLS_MODE_CTR;
916 break;
917 case PSA_ALG_CCM:
918 mode = MBEDTLS_MODE_CCM;
919 break;
920 case PSA_ALG_GCM:
921 mode = MBEDTLS_MODE_GCM;
922 break;
923 default:
924 return( NULL );
925 }
926 }
927 else if( alg == PSA_ALG_CMAC )
928 mode = MBEDTLS_MODE_ECB;
929 else if( alg == PSA_ALG_GMAC )
930 mode = MBEDTLS_MODE_GCM;
931 else
932 return( NULL );
933
934 switch( key_type )
935 {
936 case PSA_KEY_TYPE_AES:
937 cipher_id = MBEDTLS_CIPHER_ID_AES;
938 break;
939 case PSA_KEY_TYPE_DES:
940 if( key_bits == 64 )
941 cipher_id = MBEDTLS_CIPHER_ID_DES;
942 else
943 cipher_id = MBEDTLS_CIPHER_ID_3DES;
944 break;
945 case PSA_KEY_TYPE_CAMELLIA:
946 cipher_id = MBEDTLS_CIPHER_ID_CAMELLIA;
947 break;
948 case PSA_KEY_TYPE_ARC4:
949 cipher_id = MBEDTLS_CIPHER_ID_ARC4;
950 break;
951 default:
952 return( NULL );
953 }
954
955 return( mbedtls_cipher_info_from_values( cipher_id, key_bits, mode ) );
956}
957
958psa_status_t psa_mac_abort( psa_mac_operation_t *operation )
959{
960 switch( operation->alg )
961 {
962#if defined(MBEDTLS_CMAC_C)
963 case PSA_ALG_CMAC:
964 mbedtls_cipher_free( &operation->ctx.cmac );
965 break;
966#endif /* MBEDTLS_CMAC_C */
967 default:
968#if defined(MBEDTLS_MD_C)
969 if( PSA_ALG_IS_HMAC( operation->alg ) )
970 mbedtls_md_free( &operation->ctx.hmac );
971 else
972#endif /* MBEDTLS_MD_C */
973 return( PSA_ERROR_NOT_SUPPORTED );
974 }
975 operation->alg = 0;
976 operation->key_set = 0;
977 operation->iv_set = 0;
978 operation->iv_required = 0;
979 operation->has_input = 0;
980 return( PSA_SUCCESS );
981}
982
983psa_status_t psa_mac_start( psa_mac_operation_t *operation,
984 psa_key_slot_t key,
985 psa_algorithm_t alg )
986{
987 int ret = MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE;
988 psa_status_t status;
989 key_slot_t *slot;
990 psa_key_type_t key_type;
991 size_t key_bits;
992 const mbedtls_cipher_info_t *cipher_info = NULL;
993
994 operation->alg = 0;
995 operation->key_set = 0;
996 operation->iv_set = 0;
997 operation->iv_required = 1;
998 operation->has_input = 0;
999
1000 status = psa_get_key_information( key, &key_type, &key_bits );
1001 if( status != PSA_SUCCESS )
1002 return( status );
1003 slot = &global_data.key_slots[key];
1004
mohammad16036df908f2018-04-02 08:34:15 -0700[diff] [blame]1005 if ( ( slot->policy.usage & PSA_KEY_USAGE_SIGN ) != 0 )
1006 operation->key_usage_sign = 1;
1007
1008 if ( ( slot->policy.usage & PSA_KEY_USAGE_VERIFY ) != 0 )
1009 operation->key_usage_verify = 1;
1010
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]1011 if( ! PSA_ALG_IS_HMAC( alg ) )
1012 {
Gilles Peskinedc2fc842018-03-07 16:42:59 +0100[diff] [blame]1013 cipher_info = mbedtls_cipher_info_from_psa( alg, key_type, key_bits );
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]1014 if( cipher_info == NULL )
1015 return( PSA_ERROR_NOT_SUPPORTED );
1016 operation->mac_size = cipher_info->block_size;
1017 }
1018 switch( alg )
1019 {
1020#if defined(MBEDTLS_CMAC_C)
1021 case PSA_ALG_CMAC:
1022 operation->iv_required = 0;
1023 mbedtls_cipher_init( &operation->ctx.cmac );
1024 ret = mbedtls_cipher_setup( &operation->ctx.cmac, cipher_info );
1025 if( ret != 0 )
1026 break;
1027 ret = mbedtls_cipher_cmac_starts( &operation->ctx.cmac,
1028 slot->data.raw.data,
1029 key_bits );
1030 break;
1031#endif /* MBEDTLS_CMAC_C */
1032 default:
1033#if defined(MBEDTLS_MD_C)
1034 if( PSA_ALG_IS_HMAC( alg ) )
1035 {
1036 const mbedtls_md_info_t *md_info =
Gilles Peskinedc2fc842018-03-07 16:42:59 +0100[diff] [blame]1037 mbedtls_md_info_from_psa( PSA_ALG_HMAC_HASH( alg ) );
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]1038 if( md_info == NULL )
1039 return( PSA_ERROR_NOT_SUPPORTED );
1040 if( key_type != PSA_KEY_TYPE_HMAC )
1041 return( PSA_ERROR_INVALID_ARGUMENT );
1042 operation->iv_required = 0;
1043 operation->mac_size = mbedtls_md_get_size( md_info );
1044 mbedtls_md_init( &operation->ctx.hmac );
1045 ret = mbedtls_md_setup( &operation->ctx.hmac, md_info, 1 );
1046 if( ret != 0 )
1047 break;
1048 ret = mbedtls_md_hmac_starts( &operation->ctx.hmac,
1049 slot->data.raw.data,
1050 slot->data.raw.bytes );
1051 break;
1052 }
1053 else
1054#endif /* MBEDTLS_MD_C */
1055 return( PSA_ERROR_NOT_SUPPORTED );
1056 }
1057
1058 /* If we reach this point, then the algorithm-specific part of the
1059 * context has at least been initialized, and may contain data that
1060 * needs to be wiped on error. */
1061 operation->alg = alg;
1062 if( ret != 0 )
1063 {
1064 psa_mac_abort( operation );
1065 return( mbedtls_to_psa_error( ret ) );
1066 }
1067 operation->key_set = 1;
Gilles Peskine47c1bc02018-03-20 17:55:04 +0100[diff] [blame]1068 return( PSA_SUCCESS );
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]1069}
1070
1071psa_status_t psa_mac_update( psa_mac_operation_t *operation,
1072 const uint8_t *input,
1073 size_t input_length )
1074{
1075 int ret;
1076 if( ! operation->key_set )
1077 return( PSA_ERROR_BAD_STATE );
1078 if( operation->iv_required && ! operation->iv_set )
1079 return( PSA_ERROR_BAD_STATE );
1080 operation->has_input = 1;
1081
1082 switch( operation->alg )
1083 {
1084#if defined(MBEDTLS_CMAC_C)
1085 case PSA_ALG_CMAC:
1086 ret = mbedtls_cipher_cmac_update( &operation->ctx.cmac,
1087 input, input_length );
1088 break;
1089#endif /* MBEDTLS_CMAC_C */
1090 default:
1091#if defined(MBEDTLS_MD_C)
1092 if( PSA_ALG_IS_HMAC( operation->alg ) )
1093 {
1094 ret = mbedtls_md_hmac_update( &operation->ctx.hmac,
1095 input, input_length );
1096 }
1097 else
1098#endif /* MBEDTLS_MD_C */
1099 {
1100 ret = MBEDTLS_ERR_MD_BAD_INPUT_DATA;
1101 }
1102 break;
1103 }
1104 if( ret != 0 )
1105 psa_mac_abort( operation );
1106 return( mbedtls_to_psa_error( ret ) );
1107}
1108
mohammad16036df908f2018-04-02 08:34:15 -0700[diff] [blame]1109static psa_status_t psa_mac_finish_internal( psa_mac_operation_t *operation,
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]1110 uint8_t *mac,
1111 size_t mac_size,
1112 size_t *mac_length )
1113{
1114 int ret;
1115 if( ! operation->key_set )
1116 return( PSA_ERROR_BAD_STATE );
1117 if( operation->iv_required && ! operation->iv_set )
1118 return( PSA_ERROR_BAD_STATE );
1119
1120 /* Fill the output buffer with something that isn't a valid mac
1121 * (barring an attack on the mac and deliberately-crafted input),
1122 * in case the caller doesn't check the return status properly. */
1123 *mac_length = operation->mac_size;
1124 memset( mac, '!', mac_size );
1125
1126 if( mac_size < operation->mac_size )
1127 return( PSA_ERROR_BUFFER_TOO_SMALL );
1128
1129 switch( operation->alg )
1130 {
1131#if defined(MBEDTLS_CMAC_C)
1132 case PSA_ALG_CMAC:
1133 ret = mbedtls_cipher_cmac_finish( &operation->ctx.cmac, mac );
1134 break;
1135#endif /* MBEDTLS_CMAC_C */
1136 default:
1137#if defined(MBEDTLS_MD_C)
1138 if( PSA_ALG_IS_HMAC( operation->alg ) )
1139 {
1140 ret = mbedtls_md_hmac_finish( &operation->ctx.hmac, mac );
1141 }
1142 else
1143#endif /* MBEDTLS_MD_C */
1144 {
1145 ret = MBEDTLS_ERR_MD_BAD_INPUT_DATA;
1146 }
1147 break;
1148 }
1149
1150 if( ret == 0 )
1151 {
1152 return( psa_mac_abort( operation ) );
1153 }
1154 else
1155 {
1156 psa_mac_abort( operation );
1157 return( mbedtls_to_psa_error( ret ) );
1158 }
1159}
1160
mohammad16036df908f2018-04-02 08:34:15 -0700[diff] [blame]1161psa_status_t psa_mac_finish( psa_mac_operation_t *operation,
1162 uint8_t *mac,
1163 size_t mac_size,
1164 size_t *mac_length )
1165{
1166 if( !( operation->key_usage_sign ) )
1167 return( PSA_ERROR_NOT_PERMITTED );
1168
1169 return( psa_mac_finish_internal(operation, mac, mac_size, mac_length ) );
1170}
1171
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]1172#define MBEDTLS_PSA_MAC_MAX_SIZE \
1173 ( MBEDTLS_MD_MAX_SIZE > MBEDTLS_MAX_BLOCK_LENGTH ? \
1174 MBEDTLS_MD_MAX_SIZE : \
1175 MBEDTLS_MAX_BLOCK_LENGTH )
1176psa_status_t psa_mac_verify( psa_mac_operation_t *operation,
1177 const uint8_t *mac,
1178 size_t mac_length )
1179{
1180 uint8_t actual_mac[MBEDTLS_PSA_MAC_MAX_SIZE];
1181 size_t actual_mac_length;
mohammad16036df908f2018-04-02 08:34:15 -0700[diff] [blame]1182 psa_status_t status;
1183
1184 if( !( operation->key_usage_verify ) )
1185 return( PSA_ERROR_NOT_PERMITTED );
1186
1187 status = psa_mac_finish_internal( operation,
1188 actual_mac, sizeof( actual_mac ),
1189 &actual_mac_length );
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]1190 if( status != PSA_SUCCESS )
1191 return( status );
1192 if( actual_mac_length != mac_length )
1193 return( PSA_ERROR_INVALID_SIGNATURE );
1194 if( safer_memcmp( mac, actual_mac, actual_mac_length ) != 0 )
1195 return( PSA_ERROR_INVALID_SIGNATURE );
1196 return( PSA_SUCCESS );
1197}
1198
1199
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]1200
1201
1202/****************************************************************/
1203/* Asymmetric cryptography */
1204/****************************************************************/
1205
Gilles Peskine8b18a4f2018-06-08 16:34:46 +0200[diff] [blame]1206/* Decode the hash algorithm from alg and store the mbedtls encoding in
1207 * md_alg. Verify that the hash length is consistent. */
1208static psa_status_t psa_rsa_decode_md_type( psa_algorithm_t alg,
1209 size_t hash_length,
1210 mbedtls_md_type_t *md_alg )
Nir Sonnenschein4db79eb2018-06-04 16:40:31 +0300[diff] [blame]1211{
Gilles Peskine61b91d42018-06-08 16:09:36 +0200[diff] [blame]1212 psa_algorithm_t hash_alg = PSA_ALG_RSA_GET_HASH( alg );
1213 const mbedtls_md_info_t *md_info = mbedtls_md_info_from_psa( hash_alg );
1214 *md_alg = hash_alg == 0 ? MBEDTLS_MD_NONE : mbedtls_md_get_type( md_info );
1215 if( *md_alg == MBEDTLS_MD_NONE )
Nir Sonnenschein4db79eb2018-06-04 16:40:31 +0300[diff] [blame]1216 {
1217#if SIZE_MAX > UINT_MAX
Gilles Peskine61b91d42018-06-08 16:09:36 +0200[diff] [blame]1218 if( hash_length > UINT_MAX )
1219 return( PSA_ERROR_INVALID_ARGUMENT );
Nir Sonnenschein4db79eb2018-06-04 16:40:31 +0300[diff] [blame]1220#endif
1221 }
1222 else
1223 {
Gilles Peskine61b91d42018-06-08 16:09:36 +0200[diff] [blame]1224 if( mbedtls_md_get_size( md_info ) != hash_length )
1225 return( PSA_ERROR_INVALID_ARGUMENT );
1226 if( md_info == NULL )
1227 return( PSA_ERROR_NOT_SUPPORTED );
Nir Sonnenschein4db79eb2018-06-04 16:40:31 +0300[diff] [blame]1228 }
Gilles Peskine61b91d42018-06-08 16:09:36 +0200[diff] [blame]1229 return( PSA_SUCCESS );
Nir Sonnenschein4db79eb2018-06-04 16:40:31 +0300[diff] [blame]1230}
1231
Gilles Peskine61b91d42018-06-08 16:09:36 +0200[diff] [blame]1232psa_status_t psa_asymmetric_sign( psa_key_slot_t key,
1233 psa_algorithm_t alg,
1234 const uint8_t *hash,
1235 size_t hash_length,
1236 const uint8_t *salt,
1237 size_t salt_length,
1238 uint8_t *signature,
1239 size_t signature_size,
1240 size_t *signature_length )
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]1241{
1242 key_slot_t *slot;
Nir Sonnenschein4db79eb2018-06-04 16:40:31 +0300[diff] [blame]1243 psa_status_t status;
Gilles Peskine93aa0332018-02-03 23:58:03 +0100[diff] [blame]1244 *signature_length = 0;
1245 (void) salt;
1246 (void) salt_length;
1247
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]1248 if( key == 0 || key > MBEDTLS_PSA_KEY_SLOT_COUNT )
1249 return( PSA_ERROR_EMPTY_SLOT );
1250 slot = &global_data.key_slots[key];
1251 if( slot->type == PSA_KEY_TYPE_NONE )
1252 return( PSA_ERROR_EMPTY_SLOT );
1253 if( ! PSA_KEY_TYPE_IS_KEYPAIR( slot->type ) )
1254 return( PSA_ERROR_INVALID_ARGUMENT );
Gilles Peskine61b91d42018-06-08 16:09:36 +0200[diff] [blame]1255 if( ! ( slot->policy.usage & PSA_KEY_USAGE_SIGN ) )
mohammad160306e79202018-03-28 13:17:44 +0300[diff] [blame]1256 return( PSA_ERROR_NOT_PERMITTED );
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]1257
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]1258#if defined(MBEDTLS_RSA_C)
1259 if( slot->type == PSA_KEY_TYPE_RSA_KEYPAIR )
1260 {
1261 mbedtls_rsa_context *rsa = slot->data.rsa;
1262 int ret;
Nir Sonnenschein4db79eb2018-06-04 16:40:31 +0300[diff] [blame]1263 mbedtls_md_type_t md_alg;
Gilles Peskine8b18a4f2018-06-08 16:34:46 +0200[diff] [blame]1264 status = psa_rsa_decode_md_type( alg, hash_length, &md_alg );
Gilles Peskine61b91d42018-06-08 16:09:36 +0200[diff] [blame]1265 if( status != PSA_SUCCESS )
1266 return( status );
Nir Sonnenschein4db79eb2018-06-04 16:40:31 +0300[diff] [blame]1267
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]1268 if( signature_size < rsa->len )
1269 return( PSA_ERROR_BUFFER_TOO_SMALL );
1270#if defined(MBEDTLS_PKCS1_V15)
Gilles Peskinea5926232018-03-28 14:16:50 +0200[diff] [blame]1271 if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) )
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]1272 {
1273 mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V15,
1274 MBEDTLS_MD_NONE );
1275 ret = mbedtls_rsa_pkcs1_sign( rsa,
1276 mbedtls_ctr_drbg_random,
1277 &global_data.ctr_drbg,
1278 MBEDTLS_RSA_PRIVATE,
1279 md_alg, hash_length, hash,
1280 signature );
1281 }
1282 else
1283#endif /* MBEDTLS_PKCS1_V15 */
1284#if defined(MBEDTLS_PKCS1_V21)
1285 if( alg == PSA_ALG_RSA_PSS_MGF1 )
1286 {
1287 mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg );
1288 ret = mbedtls_rsa_rsassa_pss_sign( rsa,
1289 mbedtls_ctr_drbg_random,
1290 &global_data.ctr_drbg,
1291 MBEDTLS_RSA_PRIVATE,
1292 md_alg, hash_length, hash,
1293 signature );
1294 }
1295 else
1296#endif /* MBEDTLS_PKCS1_V21 */
1297 {
1298 return( PSA_ERROR_INVALID_ARGUMENT );
1299 }
Gilles Peskine93aa0332018-02-03 23:58:03 +0100[diff] [blame]1300 if( ret == 0 )
1301 *signature_length = rsa->len;
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]1302 return( mbedtls_to_psa_error( ret ) );
1303 }
1304 else
1305#endif /* defined(MBEDTLS_RSA_C) */
1306#if defined(MBEDTLS_ECP_C)
1307 if( PSA_KEY_TYPE_IS_ECC( slot->type ) )
1308 {
itayzafrir5c753392018-05-08 11:18:38 +0300[diff] [blame]1309 mbedtls_ecp_keypair *ecdsa = slot->data.ecp;
1310 int ret;
1311 const mbedtls_md_info_t *md_info;
1312 mbedtls_md_type_t md_alg;
1313 if( signature_size < PSA_ECDSA_SIGNATURE_SIZE( ecdsa->grp.pbits ) )
1314 return( PSA_ERROR_BUFFER_TOO_SMALL );
1315 md_info = mbedtls_md_info_from_psa( alg );
1316 md_alg = mbedtls_md_get_type( md_info );
1317 ret = mbedtls_ecdsa_write_signature( ecdsa, md_alg, hash, hash_length,
Gilles Peskine61b91d42018-06-08 16:09:36 +0200[diff] [blame]1318 signature, signature_length,
1319 mbedtls_ctr_drbg_random,
1320 &global_data.ctr_drbg );
itayzafrir5c753392018-05-08 11:18:38 +0300[diff] [blame]1321 return( mbedtls_to_psa_error( ret ) );
1322 }
1323 else
1324#endif /* defined(MBEDTLS_ECP_C) */
1325 {
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]1326 return( PSA_ERROR_NOT_SUPPORTED );
1327 }
itayzafrir5c753392018-05-08 11:18:38 +0300[diff] [blame]1328}
1329
Gilles Peskine61b91d42018-06-08 16:09:36 +0200[diff] [blame]1330psa_status_t psa_asymmetric_verify( psa_key_slot_t key,
1331 psa_algorithm_t alg,
1332 const uint8_t *hash,
1333 size_t hash_length,
1334 const uint8_t *salt,
1335 size_t salt_length,
1336 uint8_t *signature,
1337 size_t signature_size )
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]1338{
1339 key_slot_t *slot;
Nir Sonnenschein4db79eb2018-06-04 16:40:31 +0300[diff] [blame]1340 psa_status_t status;
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]1341 (void) salt;
1342 (void) salt_length;
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]1343
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]1344 if( key == 0 || key > MBEDTLS_PSA_KEY_SLOT_COUNT )
Nir Sonnenschein7f5a3192018-05-06 22:26:54 +0300[diff] [blame]1345 return( PSA_ERROR_INVALID_ARGUMENT );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]1346 slot = &global_data.key_slots[key];
1347 if( slot->type == PSA_KEY_TYPE_NONE )
1348 return( PSA_ERROR_EMPTY_SLOT );
Gilles Peskine61b91d42018-06-08 16:09:36 +0200[diff] [blame]1349 if( ! ( slot->policy.usage & PSA_KEY_USAGE_VERIFY ) )
1350 return( PSA_ERROR_NOT_PERMITTED );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]1351
Gilles Peskine61b91d42018-06-08 16:09:36 +0200[diff] [blame]1352#if defined(MBEDTLS_RSA_C)
Nir Sonnenschein1c2a7ea2018-06-05 15:01:42 +0300[diff] [blame]1353 if( ( slot->type == PSA_KEY_TYPE_RSA_KEYPAIR ) ||
1354 ( slot->type == PSA_KEY_TYPE_RSA_PUBLIC_KEY ) )
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]1355 {
1356 mbedtls_rsa_context *rsa = slot->data.rsa;
1357 int ret;
Nir Sonnenschein4db79eb2018-06-04 16:40:31 +0300[diff] [blame]1358 mbedtls_md_type_t md_alg;
Gilles Peskine8b18a4f2018-06-08 16:34:46 +0200[diff] [blame]1359 status = psa_rsa_decode_md_type( alg, hash_length, &md_alg );
Gilles Peskine61b91d42018-06-08 16:09:36 +0200[diff] [blame]1360 if( status != PSA_SUCCESS )
1361 return( status );
Nir Sonnenschein4db79eb2018-06-04 16:40:31 +0300[diff] [blame]1362
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]1363 if( signature_size < rsa->len )
1364 return( PSA_ERROR_BUFFER_TOO_SMALL );
1365#if defined(MBEDTLS_PKCS1_V15)
Gilles Peskine6afe7892018-05-31 13:16:08 +0200[diff] [blame]1366 if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) )
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]1367 {
1368 mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V15,
1369 MBEDTLS_MD_NONE );
1370
1371 ret = mbedtls_rsa_pkcs1_verify( rsa,
Gilles Peskine61b91d42018-06-08 16:09:36 +0200[diff] [blame]1372 mbedtls_ctr_drbg_random,
1373 &global_data.ctr_drbg,
1374 MBEDTLS_RSA_PUBLIC,
1375 md_alg,
1376 hash_length,
1377 hash,
1378 signature );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]1379
1380 }
1381 else
1382#endif /* MBEDTLS_PKCS1_V15 */
1383#if defined(MBEDTLS_PKCS1_V21)
1384 if( alg == PSA_ALG_RSA_PSS_MGF1 )
1385 {
1386 return( PSA_ERROR_NOT_SUPPORTED );
1387 }
1388 else
1389#endif /* MBEDTLS_PKCS1_V21 */
1390 {
1391 return( PSA_ERROR_INVALID_ARGUMENT );
1392 }
1393 return( mbedtls_to_psa_error( ret ) );
1394 }
1395 else
1396#endif /* defined(MBEDTLS_RSA_C) */
1397#if defined(MBEDTLS_ECP_C)
1398 if( PSA_KEY_TYPE_IS_ECC( slot->type ) )
1399 {
Nir Sonnenscheinc4602912018-06-04 16:42:18 +0300[diff] [blame]1400 mbedtls_ecp_keypair *ecdsa = slot->data.ecp;
1401 int ret;
1402 (void)alg;
Gilles Peskine61b91d42018-06-08 16:09:36 +0200[diff] [blame]1403 ret = mbedtls_ecdsa_read_signature( ecdsa, hash, hash_length,
1404 signature, signature_size );
1405 return( mbedtls_to_psa_error( ret ) );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]1406 }
1407 else
1408#endif /* defined(MBEDTLS_ECP_C) */
1409 {
1410 return( PSA_ERROR_NOT_SUPPORTED );
1411 }
1412}
1413
Gilles Peskine61b91d42018-06-08 16:09:36 +0200[diff] [blame]1414psa_status_t psa_asymmetric_encrypt( psa_key_slot_t key,
1415 psa_algorithm_t alg,
1416 const uint8_t *input,
1417 size_t input_length,
1418 const uint8_t *salt,
1419 size_t salt_length,
1420 uint8_t *output,
1421 size_t output_size,
1422 size_t *output_length )
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]1423{
1424 key_slot_t *slot;
1425 (void) salt;
1426 (void) salt_length;
Nir Sonnenscheinca466c82018-06-04 16:43:12 +0300[diff] [blame]1427 *output_length = 0;
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]1428
1429 if( key == 0 || key > MBEDTLS_PSA_KEY_SLOT_COUNT )
Nir Sonnenschein7f5a3192018-05-06 22:26:54 +0300[diff] [blame]1430 return( PSA_ERROR_INVALID_ARGUMENT );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]1431 slot = &global_data.key_slots[key];
1432 if( slot->type == PSA_KEY_TYPE_NONE )
1433 return( PSA_ERROR_EMPTY_SLOT );
1434 if( ! PSA_KEY_TYPE_IS_KEYPAIR( slot->type ) )
1435 return( PSA_ERROR_INVALID_ARGUMENT );
Gilles Peskine61b91d42018-06-08 16:09:36 +0200[diff] [blame]1436 if( ! ( slot->policy.usage & PSA_KEY_USAGE_ENCRYPT ) )
1437 return( PSA_ERROR_NOT_PERMITTED );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]1438
1439#if defined(MBEDTLS_RSA_C)
Nir Sonnenschein1c2a7ea2018-06-05 15:01:42 +0300[diff] [blame]1440 if( ( slot->type == PSA_KEY_TYPE_RSA_KEYPAIR ) ||
Gilles Peskine61b91d42018-06-08 16:09:36 +0200[diff] [blame]1441 ( slot->type == PSA_KEY_TYPE_RSA_PUBLIC_KEY ) )
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]1442 {
1443 mbedtls_rsa_context *rsa = slot->data.rsa;
1444 int ret;
Gilles Peskine5b051bc2018-05-31 13:25:48 +0200[diff] [blame]1445 if( output_size < rsa->len )
Gilles Peskine61b91d42018-06-08 16:09:36 +0200[diff] [blame]1446 return( PSA_ERROR_INVALID_ARGUMENT );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]1447#if defined(MBEDTLS_PKCS1_V15)
Gilles Peskine6afe7892018-05-31 13:16:08 +0200[diff] [blame]1448 if( alg == PSA_ALG_RSA_PKCS1V15_CRYPT )
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]1449 {
Gilles Peskine61b91d42018-06-08 16:09:36 +0200[diff] [blame]1450 ret = mbedtls_rsa_pkcs1_encrypt( rsa,
1451 mbedtls_ctr_drbg_random,
1452 &global_data.ctr_drbg,
1453 MBEDTLS_RSA_PUBLIC,
1454 input_length,
1455 input,
1456 output );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]1457 }
1458 else
1459#endif /* MBEDTLS_PKCS1_V15 */
1460#if defined(MBEDTLS_PKCS1_V21)
Gilles Peskine625b01c2018-06-08 17:43:16 +0200[diff] [blame^]1461 if( PSA_ALG_IS_RSA_OAEP_MGF1( alg ) )
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]1462 {
1463 return( PSA_ERROR_NOT_SUPPORTED );
1464 }
1465 else
1466#endif /* MBEDTLS_PKCS1_V21 */
1467 {
1468 return( PSA_ERROR_INVALID_ARGUMENT );
1469 }
1470 if( ret == 0 )
Nir Sonnenschein717a0402018-06-04 16:36:15 +0300[diff] [blame]1471 *output_length = rsa->len;
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]1472 return( mbedtls_to_psa_error( ret ) );
1473 }
1474#endif
1475#if defined(MBEDTLS_ECP_C)
1476 if( PSA_KEY_TYPE_IS_ECC( slot->type ) )
1477 {
1478 // TODO
1479 return( PSA_ERROR_NOT_SUPPORTED );
1480 }
1481 else
1482#endif /* defined(MBEDTLS_ECP_C) */
1483 {
1484 return( PSA_ERROR_NOT_SUPPORTED );
1485 }
1486
Gilles Peskine5b051bc2018-05-31 13:25:48 +0200[diff] [blame]1487}
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]1488
Gilles Peskine61b91d42018-06-08 16:09:36 +0200[diff] [blame]1489psa_status_t psa_asymmetric_decrypt( psa_key_slot_t key,
1490 psa_algorithm_t alg,
1491 const uint8_t *input,
1492 size_t input_length,
1493 const uint8_t *salt,
1494 size_t salt_length,
1495 uint8_t *output,
1496 size_t output_size,
1497 size_t *output_length )
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]1498{
1499 key_slot_t *slot;
1500 (void) salt;
1501 (void) salt_length;
Nir Sonnenscheinca466c82018-06-04 16:43:12 +0300[diff] [blame]1502 *output_length = 0;
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]1503
1504 if( key == 0 || key > MBEDTLS_PSA_KEY_SLOT_COUNT )
1505 return( PSA_ERROR_EMPTY_SLOT );
1506 slot = &global_data.key_slots[key];
1507 if( slot->type == PSA_KEY_TYPE_NONE )
1508 return( PSA_ERROR_EMPTY_SLOT );
1509 if( ! PSA_KEY_TYPE_IS_KEYPAIR( slot->type ) )
1510 return( PSA_ERROR_INVALID_ARGUMENT );
Gilles Peskine61b91d42018-06-08 16:09:36 +0200[diff] [blame]1511 if( ! ( slot->policy.usage & PSA_KEY_USAGE_DECRYPT ) )
1512 return( PSA_ERROR_NOT_PERMITTED );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]1513
1514#if defined(MBEDTLS_RSA_C)
1515 if( slot->type == PSA_KEY_TYPE_RSA_KEYPAIR )
1516 {
1517 mbedtls_rsa_context *rsa = slot->data.rsa;
1518 int ret;
1519
Gilles Peskine5b051bc2018-05-31 13:25:48 +0200[diff] [blame]1520 if( output_size < rsa->len )
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]1521 return( PSA_ERROR_INVALID_ARGUMENT );
1522
1523#if defined(MBEDTLS_PKCS1_V15)
Gilles Peskine6afe7892018-05-31 13:16:08 +0200[diff] [blame]1524 if( alg == PSA_ALG_RSA_PKCS1V15_CRYPT )
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]1525 {
Gilles Peskine61b91d42018-06-08 16:09:36 +0200[diff] [blame]1526 ret = mbedtls_rsa_pkcs1_decrypt( rsa,
1527 mbedtls_ctr_drbg_random,
1528 &global_data.ctr_drbg,
1529 MBEDTLS_RSA_PRIVATE,
1530 output_length,
1531 input,
1532 output,
1533 output_size );
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]1534 }
1535 else
1536#endif /* MBEDTLS_PKCS1_V15 */
1537#if defined(MBEDTLS_PKCS1_V21)
Gilles Peskine625b01c2018-06-08 17:43:16 +0200[diff] [blame^]1538 if( PSA_ALG_IS_RSA_OAEP_MGF1( alg ) )
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]1539 {
1540 return( PSA_ERROR_NOT_SUPPORTED );
1541 }
1542 else
1543#endif /* MBEDTLS_PKCS1_V21 */
1544 {
1545 return( PSA_ERROR_INVALID_ARGUMENT );
1546 }
Nir Sonnenschein717a0402018-06-04 16:36:15 +0300[diff] [blame]1547
Nir Sonnenschein39e59142018-05-02 23:16:26 +0300[diff] [blame]1548 return( mbedtls_to_psa_error( ret ) );
1549 }
1550#endif
1551#if defined(MBEDTLS_ECP_C)
1552 if( PSA_KEY_TYPE_IS_ECC( slot->type ) )
1553 {
1554 // TODO
1555 return( PSA_ERROR_NOT_SUPPORTED );
1556 }
1557 else
1558#endif /* defined(MBEDTLS_ECP_C) */
1559 {
1560 return( PSA_ERROR_NOT_SUPPORTED );
1561 }
1562
Gilles Peskine5b051bc2018-05-31 13:25:48 +0200[diff] [blame]1563}
1564
Gilles Peskinea0655c32018-04-30 17:06:50 +0200[diff] [blame]1565
mohammad16038cc1cee2018-03-28 01:21:33 +0300[diff] [blame]1566/****************************************************************/
1567/* Key Policy */
1568/****************************************************************/
1569
1570void psa_key_policy_init(psa_key_policy_t *policy)
1571{
mohammad16036df908f2018-04-02 08:34:15 -0700[diff] [blame]1572 memset( policy, 0, sizeof( psa_key_policy_t ) );
mohammad16038cc1cee2018-03-28 01:21:33 +0300[diff] [blame]1573}
1574
1575void psa_key_policy_set_usage(psa_key_policy_t *policy,
1576 psa_key_usage_t usage,
1577 psa_algorithm_t alg)
1578{
mohammad16034eed7572018-03-28 05:14:59 -0700[diff] [blame]1579 policy->usage = usage;
1580 policy->alg = alg;
mohammad16038cc1cee2018-03-28 01:21:33 +0300[diff] [blame]1581}
1582
1583psa_key_usage_t psa_key_policy_get_usage(psa_key_policy_t *policy)
1584{
mohammad16036df908f2018-04-02 08:34:15 -0700[diff] [blame]1585 return( policy->usage );
mohammad16038cc1cee2018-03-28 01:21:33 +0300[diff] [blame]1586}
1587
1588psa_algorithm_t psa_key_policy_get_algorithm(psa_key_policy_t *policy)
1589{
mohammad16036df908f2018-04-02 08:34:15 -0700[diff] [blame]1590 return( policy->alg );
mohammad16038cc1cee2018-03-28 01:21:33 +0300[diff] [blame]1591}
1592
1593psa_status_t psa_set_key_policy(psa_key_slot_t key,
1594 const psa_key_policy_t *policy)
1595{
1596 key_slot_t *slot;
mohammad16038cc1cee2018-03-28 01:21:33 +0300[diff] [blame]1597
1598 if( key == 0 || key > MBEDTLS_PSA_KEY_SLOT_COUNT || policy == NULL )
1599 return( PSA_ERROR_INVALID_ARGUMENT );
Gilles Peskine5b051bc2018-05-31 13:25:48 +0200[diff] [blame]1600
mohammad16038cc1cee2018-03-28 01:21:33 +0300[diff] [blame]1601 slot = &global_data.key_slots[key];
1602 if( slot->type != PSA_KEY_TYPE_NONE )
1603 return( PSA_ERROR_OCCUPIED_SLOT );
1604
Gilles Peskine5b051bc2018-05-31 13:25:48 +0200[diff] [blame]1605 if( ( policy->usage & ~( PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT
1606 | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_SIGN
mohammad16036df908f2018-04-02 08:34:15 -0700[diff] [blame]1607 | PSA_KEY_USAGE_VERIFY ) ) != 0 )
mohammad16035feda722018-04-16 04:38:57 -0700[diff] [blame]1608 return( PSA_ERROR_INVALID_ARGUMENT );
mohammad16038cc1cee2018-03-28 01:21:33 +0300[diff] [blame]1609
mohammad16036df908f2018-04-02 08:34:15 -0700[diff] [blame]1610 slot->policy = *policy;
mohammad16038cc1cee2018-03-28 01:21:33 +0300[diff] [blame]1611
1612 return( PSA_SUCCESS );
1613}
1614
1615psa_status_t psa_get_key_policy(psa_key_slot_t key,
1616 psa_key_policy_t *policy)
1617{
1618 key_slot_t *slot;
1619
1620 if( key == 0 || key > MBEDTLS_PSA_KEY_SLOT_COUNT || policy == NULL )
1621 return( PSA_ERROR_INVALID_ARGUMENT );
1622
1623 slot = &global_data.key_slots[key];
Gilles Peskine5b051bc2018-05-31 13:25:48 +0200[diff] [blame]1624
mohammad16036df908f2018-04-02 08:34:15 -0700[diff] [blame]1625 *policy = slot->policy;
mohammad16038cc1cee2018-03-28 01:21:33 +0300[diff] [blame]1626
1627 return( PSA_SUCCESS );
1628}
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]1629
Gilles Peskinea0655c32018-04-30 17:06:50 +0200[diff] [blame]1630
1631
mohammad1603804cd712018-03-20 22:44:08 +0200[diff] [blame]1632/****************************************************************/
1633/* Key Lifetime */
1634/****************************************************************/
1635
1636psa_status_t psa_get_key_lifetime(psa_key_slot_t key,
1637 psa_key_lifetime_t *lifetime)
1638{
1639 key_slot_t *slot;
1640
1641 if( key == 0 || key > MBEDTLS_PSA_KEY_SLOT_COUNT )
1642 return( PSA_ERROR_INVALID_ARGUMENT );
1643
1644 slot = &global_data.key_slots[key];
Gilles Peskine5b051bc2018-05-31 13:25:48 +0200[diff] [blame]1645
mohammad1603804cd712018-03-20 22:44:08 +0200[diff] [blame]1646 *lifetime = slot->lifetime;
1647
1648 return( PSA_SUCCESS );
1649}
1650
1651psa_status_t psa_set_key_lifetime(psa_key_slot_t key,
1652 const psa_key_lifetime_t lifetime)
1653{
1654 key_slot_t *slot;
1655
1656 if( key == 0 || key > MBEDTLS_PSA_KEY_SLOT_COUNT )
1657 return( PSA_ERROR_INVALID_ARGUMENT );
1658
Gilles Peskine5b051bc2018-05-31 13:25:48 +0200[diff] [blame]1659 if( lifetime != PSA_KEY_LIFETIME_VOLATILE &&
1660 lifetime != PSA_KEY_LIFETIME_PERSISTENT &&
mohammad1603ba178512018-03-21 04:35:20 -0700[diff] [blame]1661 lifetime != PSA_KEY_LIFETIME_WRITE_ONCE)
1662 return( PSA_ERROR_INVALID_ARGUMENT );
1663
mohammad1603804cd712018-03-20 22:44:08 +0200[diff] [blame]1664 slot = &global_data.key_slots[key];
mohammad16035d7ec202018-03-28 01:29:41 +0300[diff] [blame]1665 if( slot->type != PSA_KEY_TYPE_NONE )
1666 return( PSA_ERROR_OCCUPIED_SLOT );
mohammad1603804cd712018-03-20 22:44:08 +0200[diff] [blame]1667
mohammad1603ba178512018-03-21 04:35:20 -0700[diff] [blame]1668 if ( lifetime != PSA_KEY_LIFETIME_VOLATILE )
1669 return( PSA_ERROR_NOT_SUPPORTED );
Gilles Peskine5b051bc2018-05-31 13:25:48 +0200[diff] [blame]1670
mohammad1603060ad8a2018-03-20 14:28:38 -0700[diff] [blame]1671 slot->lifetime = lifetime;
mohammad1603804cd712018-03-20 22:44:08 +0200[diff] [blame]1672
1673 return( PSA_SUCCESS );
1674}
1675
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]1676
Gilles Peskinea0655c32018-04-30 17:06:50 +0200[diff] [blame]1677
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]1678/****************************************************************/
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]1679/* Module setup */
1680/****************************************************************/
1681
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]1682void mbedtls_psa_crypto_free( void )
1683{
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]1684 size_t key;
1685 for( key = 1; key < MBEDTLS_PSA_KEY_SLOT_COUNT; key++ )
1686 psa_destroy_key( key );
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]1687 mbedtls_ctr_drbg_free( &global_data.ctr_drbg );
1688 mbedtls_entropy_free( &global_data.entropy );
1689 mbedtls_zeroize( &global_data, sizeof( global_data ) );
1690}
1691
1692psa_status_t psa_crypto_init( void )
1693{
1694 int ret;
1695 const unsigned char drbg_seed[] = "PSA";
1696
1697 if( global_data.initialized != 0 )
1698 return( PSA_SUCCESS );
1699
1700 mbedtls_zeroize( &global_data, sizeof( global_data ) );
1701 mbedtls_entropy_init( &global_data.entropy );
1702 mbedtls_ctr_drbg_init( &global_data.ctr_drbg );
1703
1704 ret = mbedtls_ctr_drbg_seed( &global_data.ctr_drbg,
1705 mbedtls_entropy_func,
1706 &global_data.entropy,
1707 drbg_seed, sizeof( drbg_seed ) - 1 );
1708 if( ret != 0 )
1709 goto exit;
1710
Gilles Peskinee4ebc122018-03-07 14:16:44 +0100[diff] [blame]1711 global_data.initialized = 1;
1712
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]1713exit:
1714 if( ret != 0 )
1715 mbedtls_psa_crypto_free( );
1716 return( mbedtls_to_psa_error( ret ) );
1717}
1718
1719#endif /* MBEDTLS_PSA_CRYPTO_C */