TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 809634d5d9c610e3a2598b05a699b4cd6667879a / . / library / psa_crypto_cipher.c
blob: c309cfb18d21bf238055d6f9e5c928126cad5ad4 [file] [log] [blame]
Ronald Cron0ff57952021-03-08 16:46:35 +0100[diff] [blame]1/*
2 * PSA cipher driver entry points
3 */
4/*
5 * Copyright The Mbed TLS Contributors
6 * SPDX-License-Identifier: Apache-2.0
7 *
8 * Licensed under the Apache License, Version 2.0 (the "License"); you may
9 * not use this file except in compliance with the License.
10 * You may obtain a copy of the License at
11 *
12 * http://www.apache.org/licenses/LICENSE-2.0
13 *
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
16 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * See the License for the specific language governing permissions and
18 * limitations under the License.
19 */
20
21#include "common.h"
22
23#if defined(MBEDTLS_PSA_CRYPTO_C)
24
25#include <psa_crypto_cipher.h>
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]26#include "psa_crypto_core.h"
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]27#include "psa_crypto_random_impl.h"
28
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]29#include "mbedtls/cipher.h"
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]30#include "mbedtls/error.h"
Ronald Cron0ff57952021-03-08 16:46:35 +0100[diff] [blame]31
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]32#include <string.h>
33
Ronald Cron5d9b00d2021-03-10 14:43:20 +0100[diff] [blame]34#if ( defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES) || \
35 ( defined(PSA_CRYPTO_DRIVER_TEST) && \
36 defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DES) ) )
37#define BUILTIN_KEY_TYPE_DES 1
38#endif
39
40#if ( defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING) || \
41 ( defined(PSA_CRYPTO_DRIVER_TEST) && \
42 defined(MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING) ) )
43#define BUILTIN_ALG_CBC_NO_PADDING 1
44#endif
45
46#if ( defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7) || \
47 ( defined(PSA_CRYPTO_DRIVER_TEST) && \
48 defined(MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7) ) )
49#define BUILTIN_ALG_CBC_PKCS7 1
50#endif
51
52#if ( defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_CHACHA20) || \
53 ( defined(PSA_CRYPTO_DRIVER_TEST) && \
54 defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20) ) )
55#define BUILTIN_KEY_TYPE_CHACHA20 1
56#endif
57
Ronald Cron75e6ae22021-03-17 14:46:05 +0100[diff] [blame]58const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa(
59 psa_algorithm_t alg,
60 psa_key_type_t key_type,
61 size_t key_bits,
62 mbedtls_cipher_id_t* cipher_id )
63{
64 mbedtls_cipher_mode_t mode;
65 mbedtls_cipher_id_t cipher_id_tmp;
66
67 if( PSA_ALG_IS_AEAD( alg ) )
68 alg = PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, 0 );
69
70 if( PSA_ALG_IS_CIPHER( alg ) || PSA_ALG_IS_AEAD( alg ) )
71 {
72 switch( alg )
73 {
74 case PSA_ALG_STREAM_CIPHER:
75 mode = MBEDTLS_MODE_STREAM;
76 break;
77 case PSA_ALG_CTR:
78 mode = MBEDTLS_MODE_CTR;
79 break;
80 case PSA_ALG_CFB:
81 mode = MBEDTLS_MODE_CFB;
82 break;
83 case PSA_ALG_OFB:
84 mode = MBEDTLS_MODE_OFB;
85 break;
86 case PSA_ALG_ECB_NO_PADDING:
87 mode = MBEDTLS_MODE_ECB;
88 break;
89 case PSA_ALG_CBC_NO_PADDING:
90 mode = MBEDTLS_MODE_CBC;
91 break;
92 case PSA_ALG_CBC_PKCS7:
93 mode = MBEDTLS_MODE_CBC;
94 break;
95 case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 0 ):
96 mode = MBEDTLS_MODE_CCM;
97 break;
98 case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 0 ):
99 mode = MBEDTLS_MODE_GCM;
100 break;
101 case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CHACHA20_POLY1305, 0 ):
102 mode = MBEDTLS_MODE_CHACHAPOLY;
103 break;
104 default:
105 return( NULL );
106 }
107 }
108 else if( alg == PSA_ALG_CMAC )
109 mode = MBEDTLS_MODE_ECB;
110 else
111 return( NULL );
112
113 switch( key_type )
114 {
115 case PSA_KEY_TYPE_AES:
116 cipher_id_tmp = MBEDTLS_CIPHER_ID_AES;
117 break;
118 case PSA_KEY_TYPE_DES:
119 /* key_bits is 64 for Single-DES, 128 for two-key Triple-DES,
120 * and 192 for three-key Triple-DES. */
121 if( key_bits == 64 )
122 cipher_id_tmp = MBEDTLS_CIPHER_ID_DES;
123 else
124 cipher_id_tmp = MBEDTLS_CIPHER_ID_3DES;
125 /* mbedtls doesn't recognize two-key Triple-DES as an algorithm,
126 * but two-key Triple-DES is functionally three-key Triple-DES
127 * with K1=K3, so that's how we present it to mbedtls. */
128 if( key_bits == 128 )
129 key_bits = 192;
130 break;
131 case PSA_KEY_TYPE_CAMELLIA:
132 cipher_id_tmp = MBEDTLS_CIPHER_ID_CAMELLIA;
133 break;
134 case PSA_KEY_TYPE_ARC4:
135 cipher_id_tmp = MBEDTLS_CIPHER_ID_ARC4;
136 break;
137 case PSA_KEY_TYPE_CHACHA20:
138 cipher_id_tmp = MBEDTLS_CIPHER_ID_CHACHA20;
139 break;
140 default:
141 return( NULL );
142 }
143 if( cipher_id != NULL )
144 *cipher_id = cipher_id_tmp;
145
146 return( mbedtls_cipher_info_from_values( cipher_id_tmp,
147 (int) key_bits, mode ) );
148}
149
Ronald Cron5d9b00d2021-03-10 14:43:20 +0100[diff] [blame]150#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) || defined(PSA_CRYPTO_DRIVER_TEST)
151
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]152static psa_status_t cipher_setup(
Ronald Cron6e412a72021-03-10 09:58:47 +0100[diff] [blame]153 mbedtls_psa_cipher_operation_t *operation,
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]154 const psa_key_attributes_t *attributes,
155 const uint8_t *key_buffer, size_t key_buffer_size,
156 psa_algorithm_t alg,
157 mbedtls_operation_t cipher_operation )
158{
159 int ret = 0;
160 size_t key_bits;
161 const mbedtls_cipher_info_t *cipher_info = NULL;
162 psa_key_type_t key_type = attributes->core.type;
163
164 (void)key_buffer_size;
165
166 /* Proceed with initializing an mbed TLS cipher context if no driver is
167 * available for the given algorithm & key. */
gabor-mezei-armf67d8af2021-04-12 15:47:35 +0200[diff] [blame]168 mbedtls_cipher_init( &operation->ctx.cipher );
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]169
Ronald Cron6e412a72021-03-10 09:58:47 +0100[diff] [blame]170 operation->alg = alg;
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]171 key_bits = attributes->core.bits;
172 cipher_info = mbedtls_cipher_info_from_psa( alg, key_type,
173 key_bits, NULL );
174 if( cipher_info == NULL )
175 return( PSA_ERROR_NOT_SUPPORTED );
176
gabor-mezei-armf67d8af2021-04-12 15:47:35 +0200[diff] [blame]177 ret = mbedtls_cipher_setup( &operation->ctx.cipher, cipher_info );
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]178 if( ret != 0 )
179 goto exit;
180
Ronald Cron5d9b00d2021-03-10 14:43:20 +0100[diff] [blame]181#if defined(BUILTIN_KEY_TYPE_DES)
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]182 if( key_type == PSA_KEY_TYPE_DES && key_bits == 128 )
183 {
184 /* Two-key Triple-DES is 3-key Triple-DES with K1=K3 */
185 uint8_t keys[24];
186 memcpy( keys, key_buffer, 16 );
187 memcpy( keys + 16, key_buffer, 8 );
gabor-mezei-armf67d8af2021-04-12 15:47:35 +0200[diff] [blame]188 ret = mbedtls_cipher_setkey( &operation->ctx.cipher,
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]189 keys,
190 192, cipher_operation );
191 }
192 else
193#endif
194 {
gabor-mezei-armf67d8af2021-04-12 15:47:35 +0200[diff] [blame]195 ret = mbedtls_cipher_setkey( &operation->ctx.cipher, key_buffer,
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]196 (int) key_bits, cipher_operation );
197 }
198 if( ret != 0 )
199 goto exit;
200
Ronald Cron5d9b00d2021-03-10 14:43:20 +0100[diff] [blame]201#if defined(BUILTIN_ALG_CBC_NO_PADDING) || \
202 defined(BUILTIN_ALG_CBC_PKCS7)
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]203 switch( alg )
204 {
205 case PSA_ALG_CBC_NO_PADDING:
gabor-mezei-armf67d8af2021-04-12 15:47:35 +0200[diff] [blame]206 ret = mbedtls_cipher_set_padding_mode( &operation->ctx.cipher,
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]207 MBEDTLS_PADDING_NONE );
208 break;
209 case PSA_ALG_CBC_PKCS7:
gabor-mezei-armf67d8af2021-04-12 15:47:35 +0200[diff] [blame]210 ret = mbedtls_cipher_set_padding_mode( &operation->ctx.cipher,
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]211 MBEDTLS_PADDING_PKCS7 );
212 break;
213 default:
214 /* The algorithm doesn't involve padding. */
215 ret = 0;
216 break;
217 }
218 if( ret != 0 )
219 goto exit;
Ronald Cron5d9b00d2021-03-10 14:43:20 +0100[diff] [blame]220#endif /* BUILTIN_ALG_CBC_NO_PADDING || BUILTIN_ALG_CBC_PKCS7 */
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]221
Ronald Cron6ad554c2021-03-26 09:29:09 +0100[diff] [blame]222 operation->block_length = ( PSA_ALG_IS_STREAM_CIPHER( alg ) ? 1 :
223 PSA_BLOCK_CIPHER_BLOCK_LENGTH( key_type ) );
Ronald Cronc17e8a92021-03-19 14:12:26 +0100[diff] [blame]224 operation->iv_length = PSA_CIPHER_IV_LENGTH( key_type, alg );
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]225
226exit:
227 return( mbedtls_to_psa_error( ret ) );
228}
229
Ronald Cron8287e6b2021-03-12 10:35:18 +0100[diff] [blame]230static psa_status_t cipher_encrypt_setup(
Ronald Cron6e412a72021-03-10 09:58:47 +0100[diff] [blame]231 mbedtls_psa_cipher_operation_t *operation,
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]232 const psa_key_attributes_t *attributes,
233 const uint8_t *key_buffer, size_t key_buffer_size,
234 psa_algorithm_t alg )
235{
236 return( cipher_setup( operation, attributes,
237 key_buffer, key_buffer_size,
238 alg, MBEDTLS_ENCRYPT ) );
239}
240
Ronald Cron8287e6b2021-03-12 10:35:18 +0100[diff] [blame]241static psa_status_t cipher_decrypt_setup(
Ronald Cron6e412a72021-03-10 09:58:47 +0100[diff] [blame]242 mbedtls_psa_cipher_operation_t *operation,
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]243 const psa_key_attributes_t *attributes,
244 const uint8_t *key_buffer, size_t key_buffer_size,
245 psa_algorithm_t alg )
246{
247 return( cipher_setup( operation, attributes,
248 key_buffer, key_buffer_size,
249 alg, MBEDTLS_DECRYPT ) );
250}
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]251
Ronald Cron8287e6b2021-03-12 10:35:18 +0100[diff] [blame]252static psa_status_t cipher_set_iv( mbedtls_psa_cipher_operation_t *operation,
253 const uint8_t *iv, size_t iv_length )
254{
Ronald Cron6ad554c2021-03-26 09:29:09 +0100[diff] [blame]255 if( iv_length != operation->iv_length )
Ronald Cron8287e6b2021-03-12 10:35:18 +0100[diff] [blame]256 return( PSA_ERROR_INVALID_ARGUMENT );
257
258 return( mbedtls_to_psa_error(
gabor-mezei-armf67d8af2021-04-12 15:47:35 +0200[diff] [blame]259 mbedtls_cipher_set_iv( &operation->ctx.cipher,
Ronald Cron8287e6b2021-03-12 10:35:18 +0100[diff] [blame]260 iv, iv_length ) ) );
261}
262
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]263/* Process input for which the algorithm is set to ECB mode. This requires
264 * manual processing, since the PSA API is defined as being able to process
265 * arbitrary-length calls to psa_cipher_update() with ECB mode, but the
266 * underlying mbedtls_cipher_update only takes full blocks. */
267static psa_status_t psa_cipher_update_ecb(
268 mbedtls_cipher_context_t *ctx,
269 const uint8_t *input,
270 size_t input_length,
271 uint8_t *output,
272 size_t output_size,
273 size_t *output_length )
274{
275 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
276 size_t block_size = ctx->cipher_info->block_size;
277 size_t internal_output_length = 0;
278 *output_length = 0;
279
280 if( input_length == 0 )
281 {
282 status = PSA_SUCCESS;
283 goto exit;
284 }
285
286 if( ctx->unprocessed_len > 0 )
287 {
288 /* Fill up to block size, and run the block if there's a full one. */
289 size_t bytes_to_copy = block_size - ctx->unprocessed_len;
290
291 if( input_length < bytes_to_copy )
292 bytes_to_copy = input_length;
293
294 memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ),
295 input, bytes_to_copy );
296 input_length -= bytes_to_copy;
297 input += bytes_to_copy;
298 ctx->unprocessed_len += bytes_to_copy;
299
300 if( ctx->unprocessed_len == block_size )
301 {
302 status = mbedtls_to_psa_error(
303 mbedtls_cipher_update( ctx,
304 ctx->unprocessed_data,
305 block_size,
306 output, &internal_output_length ) );
307
308 if( status != PSA_SUCCESS )
309 goto exit;
310
311 output += internal_output_length;
312 output_size -= internal_output_length;
313 *output_length += internal_output_length;
314 ctx->unprocessed_len = 0;
315 }
316 }
317
318 while( input_length >= block_size )
319 {
320 /* Run all full blocks we have, one by one */
321 status = mbedtls_to_psa_error(
322 mbedtls_cipher_update( ctx, input,
323 block_size,
324 output, &internal_output_length ) );
325
326 if( status != PSA_SUCCESS )
327 goto exit;
328
329 input_length -= block_size;
330 input += block_size;
331
332 output += internal_output_length;
333 output_size -= internal_output_length;
334 *output_length += internal_output_length;
335 }
336
337 if( input_length > 0 )
338 {
339 /* Save unprocessed bytes for later processing */
340 memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ),
341 input, input_length );
342 ctx->unprocessed_len += input_length;
343 }
344
345 status = PSA_SUCCESS;
346
347exit:
348 return( status );
349}
350
Ronald Cron8287e6b2021-03-12 10:35:18 +0100[diff] [blame]351static psa_status_t cipher_update( mbedtls_psa_cipher_operation_t *operation,
352 const uint8_t *input,
353 size_t input_length,
354 uint8_t *output,
355 size_t output_size,
356 size_t *output_length )
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]357{
358 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
359 size_t expected_output_size;
360
Ronald Cron6e412a72021-03-10 09:58:47 +0100[diff] [blame]361 if( ! PSA_ALG_IS_STREAM_CIPHER( operation->alg ) )
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]362 {
363 /* Take the unprocessed partial block left over from previous
364 * update calls, if any, plus the input to this call. Remove
365 * the last partial block, if any. You get the data that will be
366 * output in this call. */
367 expected_output_size =
gabor-mezei-armf67d8af2021-04-12 15:47:35 +0200[diff] [blame]368 ( operation->ctx.cipher.unprocessed_len + input_length )
Ronald Cron6ad554c2021-03-26 09:29:09 +0100[diff] [blame]369 / operation->block_length * operation->block_length;
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]370 }
371 else
372 {
373 expected_output_size = input_length;
374 }
375
376 if( output_size < expected_output_size )
377 return( PSA_ERROR_BUFFER_TOO_SMALL );
378
Ronald Cron6e412a72021-03-10 09:58:47 +0100[diff] [blame]379 if( operation->alg == PSA_ALG_ECB_NO_PADDING )
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]380 {
381 /* mbedtls_cipher_update has an API inconsistency: it will only
382 * process a single block at a time in ECB mode. Abstract away that
383 * inconsistency here to match the PSA API behaviour. */
gabor-mezei-armf67d8af2021-04-12 15:47:35 +0200[diff] [blame]384 status = psa_cipher_update_ecb( &operation->ctx.cipher,
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]385 input,
386 input_length,
387 output,
388 output_size,
389 output_length );
390 }
391 else
392 {
393 status = mbedtls_to_psa_error(
gabor-mezei-armf67d8af2021-04-12 15:47:35 +0200[diff] [blame]394 mbedtls_cipher_update( &operation->ctx.cipher, input,
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]395 input_length, output, output_length ) );
gabor-mezei-arm42373bd2021-06-29 16:41:25 +0200[diff] [blame]396
397 if( *output_length > output_size )
398 return PSA_ERROR_CORRUPTION_DETECTED;
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]399 }
400
401 return( status );
402}
403
Ronald Cron8287e6b2021-03-12 10:35:18 +0100[diff] [blame]404static psa_status_t cipher_finish( mbedtls_psa_cipher_operation_t *operation,
405 uint8_t *output,
406 size_t output_size,
407 size_t *output_length )
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]408{
409 psa_status_t status = PSA_ERROR_GENERIC_ERROR;
410 uint8_t temp_output_buffer[MBEDTLS_MAX_BLOCK_LENGTH];
411
gabor-mezei-armf67d8af2021-04-12 15:47:35 +0200[diff] [blame]412 if( operation->ctx.cipher.unprocessed_len != 0 )
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]413 {
Ronald Cron6e412a72021-03-10 09:58:47 +0100[diff] [blame]414 if( operation->alg == PSA_ALG_ECB_NO_PADDING ||
415 operation->alg == PSA_ALG_CBC_NO_PADDING )
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]416 {
417 status = PSA_ERROR_INVALID_ARGUMENT;
418 goto exit;
419 }
420 }
421
422 status = mbedtls_to_psa_error(
gabor-mezei-armf67d8af2021-04-12 15:47:35 +0200[diff] [blame]423 mbedtls_cipher_finish( &operation->ctx.cipher,
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]424 temp_output_buffer,
425 output_length ) );
426 if( status != PSA_SUCCESS )
427 goto exit;
428
429 if( *output_length == 0 )
430 ; /* Nothing to copy. Note that output may be NULL in this case. */
431 else if( output_size >= *output_length )
432 memcpy( output, temp_output_buffer, *output_length );
433 else
434 status = PSA_ERROR_BUFFER_TOO_SMALL;
435
436exit:
437 mbedtls_platform_zeroize( temp_output_buffer,
438 sizeof( temp_output_buffer ) );
439
440 return( status );
441}
442
Ronald Cron8287e6b2021-03-12 10:35:18 +0100[diff] [blame]443static psa_status_t cipher_abort( mbedtls_psa_cipher_operation_t *operation )
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]444{
Ronald Cron937dfee2021-03-10 09:17:32 +0100[diff] [blame]445 /* Sanity check (shouldn't happen: operation->alg should
446 * always have been initialized to a valid value). */
Ronald Cron6e412a72021-03-10 09:58:47 +0100[diff] [blame]447 if( ! PSA_ALG_IS_CIPHER( operation->alg ) )
Ronald Cron937dfee2021-03-10 09:17:32 +0100[diff] [blame]448 return( PSA_ERROR_BAD_STATE );
449
gabor-mezei-armf67d8af2021-04-12 15:47:35 +0200[diff] [blame]450 mbedtls_cipher_free( &operation->ctx.cipher );
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]451
452 return( PSA_SUCCESS );
453}
gabor-mezei-armfa990b52021-03-25 11:17:10 +0100[diff] [blame]454
455static psa_status_t cipher_encrypt( const psa_key_attributes_t *attributes,
456 const uint8_t *key_buffer,
457 size_t key_buffer_size,
458 psa_algorithm_t alg,
459 const uint8_t *input,
460 size_t input_length,
461 uint8_t *output,
462 size_t output_size,
463 size_t *output_length )
464{
465 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
466 mbedtls_psa_cipher_operation_t operation = MBEDTLS_PSA_CIPHER_OPERATION_INIT;
gabor-mezei-arm7fbea092021-06-25 15:23:05 +0200[diff] [blame]467 size_t olength, accumulated_length;
gabor-mezei-armfa990b52021-03-25 11:17:10 +0100[diff] [blame]468
gabor-mezei-arm0e1d31b2021-06-25 15:44:47 +0200[diff] [blame]469 status = cipher_encrypt_setup( &operation, attributes,
470 key_buffer, key_buffer_size, alg );
gabor-mezei-armfa990b52021-03-25 11:17:10 +0100[diff] [blame]471 if( status != PSA_SUCCESS )
472 goto exit;
473
gabor-mezei-arm7fbea092021-06-25 15:23:05 +0200[diff] [blame]474 accumulated_length = 0;
gabor-mezei-armfa990b52021-03-25 11:17:10 +0100[diff] [blame]475 if( operation.iv_length > 0 )
476 {
477 status = cipher_set_iv( &operation, output, operation.iv_length );
478 if( status != PSA_SUCCESS )
479 goto exit;
480
gabor-mezei-arm7fbea092021-06-25 15:23:05 +0200[diff] [blame]481 accumulated_length = operation.iv_length;
gabor-mezei-armfa990b52021-03-25 11:17:10 +0100[diff] [blame]482 }
483
gabor-mezei-armfa990b52021-03-25 11:17:10 +0100[diff] [blame]484 status = cipher_update( &operation, input, input_length,
gabor-mezei-arm7fbea092021-06-25 15:23:05 +0200[diff] [blame]485 output + operation.iv_length,
486 output_size - operation.iv_length,
gabor-mezei-armfa990b52021-03-25 11:17:10 +0100[diff] [blame]487 &olength );
gabor-mezei-armfa990b52021-03-25 11:17:10 +0100[diff] [blame]488 if( status != PSA_SUCCESS )
489 goto exit;
490
gabor-mezei-arm809634d2021-06-29 16:42:13 +0200[diff] [blame^]491 accumulated_length += olength;
492
gabor-mezei-arm7fbea092021-06-25 15:23:05 +0200[diff] [blame]493 status = cipher_finish( &operation, output + accumulated_length,
494 output_size - accumulated_length, &olength );
gabor-mezei-armfa990b52021-03-25 11:17:10 +0100[diff] [blame]495 if( status != PSA_SUCCESS )
496 goto exit;
497
gabor-mezei-arm809634d2021-06-29 16:42:13 +0200[diff] [blame^]498 accumulated_length += olength;
gabor-mezei-arm7fbea092021-06-25 15:23:05 +0200[diff] [blame]499 *output_length = accumulated_length;
500
gabor-mezei-armfa990b52021-03-25 11:17:10 +0100[diff] [blame]501exit:
502 if( status == PSA_SUCCESS )
503 status = cipher_abort( &operation );
504 else
505 cipher_abort( &operation );
506 return( status );
507}
508
509static psa_status_t cipher_decrypt( const psa_key_attributes_t *attributes,
510 const uint8_t *key_buffer,
511 size_t key_buffer_size,
512 psa_algorithm_t alg,
513 const uint8_t *input,
514 size_t input_length,
515 uint8_t *output,
516 size_t output_size,
517 size_t *output_length )
518{
519 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
520 mbedtls_psa_cipher_operation_t operation = MBEDTLS_PSA_CIPHER_OPERATION_INIT;
gabor-mezei-arm7fbea092021-06-25 15:23:05 +0200[diff] [blame]521 size_t olength, accumulated_length;
gabor-mezei-armfa990b52021-03-25 11:17:10 +0100[diff] [blame]522
523 status = cipher_decrypt_setup( &operation, attributes,
524 key_buffer, key_buffer_size, alg );
525 if( status != PSA_SUCCESS )
526 goto exit;
527
528 if( operation.iv_length > 0 )
529 {
530 status = cipher_set_iv( &operation, input, operation.iv_length );
531 if( status != PSA_SUCCESS )
532 goto exit;
533 }
534
gabor-mezei-armfa990b52021-03-25 11:17:10 +0100[diff] [blame]535 status = cipher_update( &operation, input + operation.iv_length,
536 input_length - operation.iv_length,
537 output, output_size, &olength );
gabor-mezei-armfa990b52021-03-25 11:17:10 +0100[diff] [blame]538 if( status != PSA_SUCCESS )
539 goto exit;
540
gabor-mezei-arm809634d2021-06-29 16:42:13 +0200[diff] [blame^]541 accumulated_length = olength;
gabor-mezei-arm3fd792d2021-06-25 15:25:38 +0200[diff] [blame]542
gabor-mezei-arm7fbea092021-06-25 15:23:05 +0200[diff] [blame]543 status = cipher_finish( &operation, output + accumulated_length,
544 output_size - accumulated_length, &olength );
gabor-mezei-armfa990b52021-03-25 11:17:10 +0100[diff] [blame]545 if( status != PSA_SUCCESS )
546 goto exit;
547
gabor-mezei-arm809634d2021-06-29 16:42:13 +0200[diff] [blame^]548 accumulated_length += olength;
gabor-mezei-arm7fbea092021-06-25 15:23:05 +0200[diff] [blame]549 *output_length = accumulated_length;
550
gabor-mezei-armfa990b52021-03-25 11:17:10 +0100[diff] [blame]551exit:
552 if ( status == PSA_SUCCESS )
553 status = cipher_abort( &operation );
554 else
555 cipher_abort( &operation );
556 return( status );
557}
Ronald Cron5d9b00d2021-03-10 14:43:20 +0100[diff] [blame]558#endif /* MBEDTLS_PSA_BUILTIN_CIPHER || PSA_CRYPTO_DRIVER_TEST */
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]559
Ronald Cron5d9b00d2021-03-10 14:43:20 +0100[diff] [blame]560#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
Ronald Cron8287e6b2021-03-12 10:35:18 +0100[diff] [blame]561psa_status_t mbedtls_psa_cipher_encrypt_setup(
562 mbedtls_psa_cipher_operation_t *operation,
563 const psa_key_attributes_t *attributes,
564 const uint8_t *key_buffer, size_t key_buffer_size,
565 psa_algorithm_t alg )
566{
567 return( cipher_encrypt_setup(
568 operation, attributes, key_buffer, key_buffer_size, alg ) );
569}
570
571psa_status_t mbedtls_psa_cipher_decrypt_setup(
572 mbedtls_psa_cipher_operation_t *operation,
573 const psa_key_attributes_t *attributes,
574 const uint8_t *key_buffer, size_t key_buffer_size,
575 psa_algorithm_t alg )
576{
577 return( cipher_decrypt_setup(
578 operation, attributes, key_buffer, key_buffer_size, alg ) );
579}
580
Ronald Cron8287e6b2021-03-12 10:35:18 +0100[diff] [blame]581psa_status_t mbedtls_psa_cipher_set_iv( mbedtls_psa_cipher_operation_t *operation,
582 const uint8_t *iv,
583 size_t iv_length )
584{
585 return( cipher_set_iv( operation, iv, iv_length ) );
586}
587
588psa_status_t mbedtls_psa_cipher_update( mbedtls_psa_cipher_operation_t *operation,
589 const uint8_t *input,
590 size_t input_length,
591 uint8_t *output,
592 size_t output_size,
593 size_t *output_length )
594{
595 return( cipher_update( operation, input, input_length,
596 output, output_size, output_length ) );
597}
598
599psa_status_t mbedtls_psa_cipher_finish( mbedtls_psa_cipher_operation_t *operation,
600 uint8_t *output,
601 size_t output_size,
602 size_t *output_length )
603{
604 return( cipher_finish( operation, output, output_size, output_length ) );
605}
606
607psa_status_t mbedtls_psa_cipher_abort( mbedtls_psa_cipher_operation_t *operation )
608{
609 return( cipher_abort( operation ) );
610}
gabor-mezei-armfa990b52021-03-25 11:17:10 +0100[diff] [blame]611
612psa_status_t mbedtls_psa_cipher_encrypt( const psa_key_attributes_t *attributes,
613 const uint8_t *key_buffer,
614 size_t key_buffer_size,
615 psa_algorithm_t alg,
616 const uint8_t *input,
617 size_t input_length,
618 uint8_t *output,
619 size_t output_size,
620 size_t *output_length )
621{
622 return( cipher_encrypt( attributes, key_buffer, key_buffer_size,
623 alg, input, input_length,
624 output, output_size, output_length ) );
625}
626
627psa_status_t mbedtls_psa_cipher_decrypt( const psa_key_attributes_t *attributes,
628 const uint8_t *key_buffer,
629 size_t key_buffer_size,
630 psa_algorithm_t alg,
631 const uint8_t *input,
632 size_t input_length,
633 uint8_t *output,
634 size_t output_size,
635 size_t *output_length )
636{
637 return( cipher_decrypt( attributes, key_buffer, key_buffer_size,
638 alg, input, input_length,
639 output, output_size, output_length ) );
640}
Ronald Cron5d9b00d2021-03-10 14:43:20 +0100[diff] [blame]641#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
Ronald Cron8287e6b2021-03-12 10:35:18 +0100[diff] [blame]642
Ronald Cron3522e322021-03-12 11:08:49 +0100[diff] [blame]643/*
644 * BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY.
645 */
646
647#if defined(PSA_CRYPTO_DRIVER_TEST)
648psa_status_t mbedtls_transparent_test_driver_cipher_encrypt_setup(
649 mbedtls_psa_cipher_operation_t *operation,
650 const psa_key_attributes_t *attributes,
651 const uint8_t *key_buffer, size_t key_buffer_size,
652 psa_algorithm_t alg )
653{
654 return( cipher_encrypt_setup(
655 operation, attributes, key_buffer, key_buffer_size, alg ) );
656}
657
658psa_status_t mbedtls_transparent_test_driver_cipher_decrypt_setup(
659 mbedtls_psa_cipher_operation_t *operation,
660 const psa_key_attributes_t *attributes,
661 const uint8_t *key_buffer, size_t key_buffer_size,
662 psa_algorithm_t alg )
663{
664 return( cipher_decrypt_setup(
665 operation, attributes, key_buffer, key_buffer_size, alg ) );
666}
667
Ronald Cron3522e322021-03-12 11:08:49 +0100[diff] [blame]668psa_status_t mbedtls_transparent_test_driver_cipher_set_iv(
669 mbedtls_psa_cipher_operation_t *operation,
670 const uint8_t *iv, size_t iv_length )
671{
672 return( cipher_set_iv( operation, iv, iv_length ) );
673}
674
675psa_status_t mbedtls_transparent_test_driver_cipher_update(
676 mbedtls_psa_cipher_operation_t *operation,
677 const uint8_t *input, size_t input_length,
678 uint8_t *output, size_t output_size, size_t *output_length )
679{
680 return( cipher_update( operation, input, input_length,
681 output, output_size, output_length ) );
682}
683
684psa_status_t mbedtls_transparent_test_driver_cipher_finish(
685 mbedtls_psa_cipher_operation_t *operation,
686 uint8_t *output, size_t output_size, size_t *output_length )
687{
688 return( cipher_finish( operation, output, output_size, output_length ) );
689}
690
691psa_status_t mbedtls_transparent_test_driver_cipher_abort(
692 mbedtls_psa_cipher_operation_t *operation )
693{
694 return( cipher_abort( operation ) );
695}
gabor-mezei-armfa990b52021-03-25 11:17:10 +0100[diff] [blame]696
697psa_status_t mbedtls_transparent_test_driver_cipher_encrypt(
698 const psa_key_attributes_t *attributes,
699 const uint8_t *key_buffer,
700 size_t key_buffer_size,
701 psa_algorithm_t alg,
702 const uint8_t *input,
703 size_t input_length,
704 uint8_t *output,
705 size_t output_size,
706 size_t *output_length )
707{
708 return( cipher_encrypt( attributes, key_buffer, key_buffer_size,
709 alg, input, input_length,
710 output, output_size, output_length ) );
711}
712
713psa_status_t mbedtls_transparent_test_driver_cipher_decrypt(
714 const psa_key_attributes_t *attributes,
715 const uint8_t *key_buffer,
716 size_t key_buffer_size,
717 psa_algorithm_t alg,
718 const uint8_t *input,
719 size_t input_length,
720 uint8_t *output,
721 size_t output_size,
722 size_t *output_length )
723{
724 return( cipher_decrypt( attributes, key_buffer, key_buffer_size,
725 alg, input, input_length,
726 output, output_size, output_length ) );
727}
Ronald Cron3522e322021-03-12 11:08:49 +0100[diff] [blame]728#endif /* PSA_CRYPTO_DRIVER_TEST */
729
Ronald Cron0ff57952021-03-08 16:46:35 +0100[diff] [blame]730#endif /* MBEDTLS_PSA_CRYPTO_C */