TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 8c9def3e7fa05bda96fefd49076d1d6a1a6417cd / . / library / psa_crypto.c
blob: e264990ff396d3859c7d374e6a25542af932e7ca [file] [log] [blame]
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]1/*
2 * PSA crypto layer on top of Mbed TLS crypto
3 */
4/* Copyright (C) 2018, ARM Limited, All Rights Reserved
5 * SPDX-License-Identifier: Apache-2.0
6 *
7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
8 * not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 *
19 * This file is part of mbed TLS (https://tls.mbed.org)
20 */
21
22#if !defined(MBEDTLS_CONFIG_FILE)
23#include "mbedtls/config.h"
24#else
25#include MBEDTLS_CONFIG_FILE
26#endif
27
28#if defined(MBEDTLS_PSA_CRYPTO_C)
29
30#include "psa/crypto.h"
31
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]32#include <stdlib.h>
33#include <string.h>
34#if defined(MBEDTLS_PLATFORM_C)
35#include "mbedtls/platform.h"
36#else
37#define mbedtls_calloc calloc
38#define mbedtls_free free
39#endif
40
Gilles Peskinea5905292018-02-07 20:59:33 +0100[diff] [blame]41#include "mbedtls/arc4.h"
42#include "mbedtls/blowfish.h"
43#include "mbedtls/camellia.h"
44#include "mbedtls/cipher.h"
45#include "mbedtls/ccm.h"
46#include "mbedtls/cmac.h"
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]47#include "mbedtls/ctr_drbg.h"
Gilles Peskinea5905292018-02-07 20:59:33 +0100[diff] [blame]48#include "mbedtls/des.h"
Gilles Peskine969ac722018-01-28 18:16:59 +0100[diff] [blame]49#include "mbedtls/ecp.h"
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]50#include "mbedtls/entropy.h"
Gilles Peskinea5905292018-02-07 20:59:33 +0100[diff] [blame]51#include "mbedtls/error.h"
52#include "mbedtls/gcm.h"
53#include "mbedtls/md2.h"
54#include "mbedtls/md4.h"
55#include "mbedtls/md5.h"
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]56#include "mbedtls/md.h"
57#include "mbedtls/md_internal.h"
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]58#include "mbedtls/pk.h"
Gilles Peskine969ac722018-01-28 18:16:59 +0100[diff] [blame]59#include "mbedtls/pk_internal.h"
Gilles Peskinea5905292018-02-07 20:59:33 +0100[diff] [blame]60#include "mbedtls/ripemd160.h"
Gilles Peskine969ac722018-01-28 18:16:59 +0100[diff] [blame]61#include "mbedtls/rsa.h"
Gilles Peskinea5905292018-02-07 20:59:33 +0100[diff] [blame]62#include "mbedtls/sha1.h"
63#include "mbedtls/sha256.h"
64#include "mbedtls/sha512.h"
65#include "mbedtls/xtea.h"
66
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]67
68
69/* Implementation that should never be optimized out by the compiler */
70static void mbedtls_zeroize( void *v, size_t n )
71{
72 volatile unsigned char *p = v; while( n-- ) *p++ = 0;
73}
74
Gilles Peskine9ef733f2018-02-07 21:05:37 +0100[diff] [blame]75/* constant-time buffer comparison */
76static inline int safer_memcmp( const uint8_t *a, const uint8_t *b, size_t n )
77{
78 size_t i;
79 unsigned char diff = 0;
80
81 for( i = 0; i < n; i++ )
82 diff |= a[i] ^ b[i];
83
84 return( diff );
85}
86
87
88
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]89/****************************************************************/
90/* Global data, support functions and library management */
91/****************************************************************/
92
93/* Number of key slots (plus one because 0 is not used).
94 * The value is a compile-time constant for now, for simplicity. */
95#define MBEDTLS_PSA_KEY_SLOT_COUNT 32
96
97typedef struct {
98 psa_key_type_t type;
99 union {
100 struct raw_data {
101 uint8_t *data;
102 size_t bytes;
103 } raw;
Gilles Peskine969ac722018-01-28 18:16:59 +0100[diff] [blame]104#if defined(MBEDTLS_RSA_C)
105 mbedtls_rsa_context *rsa;
106#endif /* MBEDTLS_RSA_C */
107#if defined(MBEDTLS_ECP_C)
108 mbedtls_ecp_keypair *ecp;
109#endif /* MBEDTLS_ECP_C */
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]110 } data;
111} key_slot_t;
112
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]113typedef struct {
114 int initialized;
115 mbedtls_entropy_context entropy;
116 mbedtls_ctr_drbg_context ctr_drbg;
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]117 key_slot_t key_slots[MBEDTLS_PSA_KEY_SLOT_COUNT];
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]118} psa_global_data_t;
119
120static psa_global_data_t global_data;
121
122static psa_status_t mbedtls_to_psa_error( int ret )
123{
Gilles Peskinea5905292018-02-07 20:59:33 +0100[diff] [blame]124 /* If there's both a high-level code and low-level code, dispatch on
125 * the high-level code. */
126 switch( ret < -0x7f ? - ( -ret & 0x7f80 ) : ret )
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]127 {
128 case 0:
129 return( PSA_SUCCESS );
Gilles Peskinea5905292018-02-07 20:59:33 +0100[diff] [blame]130
131 case MBEDTLS_ERR_AES_INVALID_KEY_LENGTH:
132 case MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH:
133 case MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE:
134 return( PSA_ERROR_NOT_SUPPORTED );
135 case MBEDTLS_ERR_AES_HW_ACCEL_FAILED:
136 return( PSA_ERROR_HARDWARE_FAILURE );
137
138 case MBEDTLS_ERR_ARC4_HW_ACCEL_FAILED:
139 return( PSA_ERROR_HARDWARE_FAILURE );
140
141 case MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH:
142 case MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH:
143 return( PSA_ERROR_NOT_SUPPORTED );
144 case MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED:
145 return( PSA_ERROR_HARDWARE_FAILURE );
146
147 case MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH:
148 case MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH:
149 return( PSA_ERROR_NOT_SUPPORTED );
150 case MBEDTLS_ERR_CAMELLIA_HW_ACCEL_FAILED:
151 return( PSA_ERROR_HARDWARE_FAILURE );
152
153 case MBEDTLS_ERR_CCM_BAD_INPUT:
154 return( PSA_ERROR_INVALID_ARGUMENT );
155 case MBEDTLS_ERR_CCM_AUTH_FAILED:
156 return( PSA_ERROR_INVALID_SIGNATURE );
157 case MBEDTLS_ERR_CCM_HW_ACCEL_FAILED:
158 return( PSA_ERROR_HARDWARE_FAILURE );
159
160 case MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE:
161 return( PSA_ERROR_NOT_SUPPORTED );
162 case MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA:
163 return( PSA_ERROR_INVALID_ARGUMENT );
164 case MBEDTLS_ERR_CIPHER_ALLOC_FAILED:
165 return( PSA_ERROR_INSUFFICIENT_MEMORY );
166 case MBEDTLS_ERR_CIPHER_INVALID_PADDING:
167 return( PSA_ERROR_INVALID_PADDING );
168 case MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED:
169 return( PSA_ERROR_BAD_STATE );
170 case MBEDTLS_ERR_CIPHER_AUTH_FAILED:
171 return( PSA_ERROR_INVALID_SIGNATURE );
172 case MBEDTLS_ERR_CIPHER_INVALID_CONTEXT:
173 return( PSA_ERROR_TAMPERING_DETECTED );
174 case MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED:
175 return( PSA_ERROR_HARDWARE_FAILURE );
176
177 case MBEDTLS_ERR_CMAC_HW_ACCEL_FAILED:
178 return( PSA_ERROR_HARDWARE_FAILURE );
179
180 case MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED:
181 return( PSA_ERROR_INSUFFICIENT_ENTROPY );
182 case MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG:
183 case MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG:
184 return( PSA_ERROR_NOT_SUPPORTED );
185 case MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR:
186 return( PSA_ERROR_INSUFFICIENT_ENTROPY );
187
188 case MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH:
189 return( PSA_ERROR_NOT_SUPPORTED );
190 case MBEDTLS_ERR_DES_HW_ACCEL_FAILED:
191 return( PSA_ERROR_HARDWARE_FAILURE );
192
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]193 case MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED:
194 case MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE:
195 case MBEDTLS_ERR_ENTROPY_SOURCE_FAILED:
196 return( PSA_ERROR_INSUFFICIENT_ENTROPY );
Gilles Peskinea5905292018-02-07 20:59:33 +0100[diff] [blame]197
198 case MBEDTLS_ERR_GCM_AUTH_FAILED:
199 return( PSA_ERROR_INVALID_SIGNATURE );
200 case MBEDTLS_ERR_GCM_BAD_INPUT:
201 return( PSA_ERROR_NOT_SUPPORTED );
202 case MBEDTLS_ERR_GCM_HW_ACCEL_FAILED:
203 return( PSA_ERROR_HARDWARE_FAILURE );
204
205 case MBEDTLS_ERR_MD2_HW_ACCEL_FAILED:
206 case MBEDTLS_ERR_MD4_HW_ACCEL_FAILED:
207 case MBEDTLS_ERR_MD5_HW_ACCEL_FAILED:
208 return( PSA_ERROR_HARDWARE_FAILURE );
209
210 case MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE:
211 return( PSA_ERROR_NOT_SUPPORTED );
212 case MBEDTLS_ERR_MD_BAD_INPUT_DATA:
213 return( PSA_ERROR_INVALID_ARGUMENT );
214 case MBEDTLS_ERR_MD_ALLOC_FAILED:
215 return( PSA_ERROR_INSUFFICIENT_MEMORY );
216 case MBEDTLS_ERR_MD_FILE_IO_ERROR:
217 return( PSA_ERROR_STORAGE_FAILURE );
218 case MBEDTLS_ERR_MD_HW_ACCEL_FAILED:
219 return( PSA_ERROR_HARDWARE_FAILURE );
220
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]221 case MBEDTLS_ERR_PK_ALLOC_FAILED:
222 return( PSA_ERROR_INSUFFICIENT_MEMORY );
223 case MBEDTLS_ERR_PK_TYPE_MISMATCH:
224 case MBEDTLS_ERR_PK_BAD_INPUT_DATA:
225 return( PSA_ERROR_INVALID_ARGUMENT );
226 case MBEDTLS_ERR_PK_FILE_IO_ERROR:
Gilles Peskinea5905292018-02-07 20:59:33 +0100[diff] [blame]227 return( PSA_ERROR_STORAGE_FAILURE );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]228 case MBEDTLS_ERR_PK_KEY_INVALID_VERSION:
229 case MBEDTLS_ERR_PK_KEY_INVALID_FORMAT:
230 return( PSA_ERROR_INVALID_ARGUMENT );
231 case MBEDTLS_ERR_PK_UNKNOWN_PK_ALG:
232 return( PSA_ERROR_NOT_SUPPORTED );
233 case MBEDTLS_ERR_PK_PASSWORD_REQUIRED:
234 case MBEDTLS_ERR_PK_PASSWORD_MISMATCH:
235 return( PSA_ERROR_NOT_PERMITTED );
236 case MBEDTLS_ERR_PK_INVALID_PUBKEY:
237 return( PSA_ERROR_INVALID_ARGUMENT );
238 case MBEDTLS_ERR_PK_INVALID_ALG:
239 case MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE:
240 case MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE:
241 return( PSA_ERROR_NOT_SUPPORTED );
242 case MBEDTLS_ERR_PK_SIG_LEN_MISMATCH:
243 return( PSA_ERROR_INVALID_SIGNATURE );
Gilles Peskinea5905292018-02-07 20:59:33 +0100[diff] [blame]244 case MBEDTLS_ERR_PK_HW_ACCEL_FAILED:
245 return( PSA_ERROR_HARDWARE_FAILURE );
246
247 case MBEDTLS_ERR_RIPEMD160_HW_ACCEL_FAILED:
248 return( PSA_ERROR_HARDWARE_FAILURE );
249
250 case MBEDTLS_ERR_RSA_BAD_INPUT_DATA:
251 return( PSA_ERROR_INVALID_ARGUMENT );
252 case MBEDTLS_ERR_RSA_INVALID_PADDING:
253 return( PSA_ERROR_INVALID_PADDING );
254 case MBEDTLS_ERR_RSA_KEY_GEN_FAILED:
255 return( PSA_ERROR_HARDWARE_FAILURE );
256 case MBEDTLS_ERR_RSA_KEY_CHECK_FAILED:
257 return( PSA_ERROR_INVALID_ARGUMENT );
258 case MBEDTLS_ERR_RSA_PUBLIC_FAILED:
259 case MBEDTLS_ERR_RSA_PRIVATE_FAILED:
260 return( PSA_ERROR_TAMPERING_DETECTED );
261 case MBEDTLS_ERR_RSA_VERIFY_FAILED:
262 return( PSA_ERROR_INVALID_SIGNATURE );
263 case MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE:
264 return( PSA_ERROR_BUFFER_TOO_SMALL );
265 case MBEDTLS_ERR_RSA_RNG_FAILED:
266 return( PSA_ERROR_INSUFFICIENT_MEMORY );
267 case MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION:
268 return( PSA_ERROR_NOT_SUPPORTED );
269 case MBEDTLS_ERR_RSA_HW_ACCEL_FAILED:
270 return( PSA_ERROR_HARDWARE_FAILURE );
271
272 case MBEDTLS_ERR_SHA1_HW_ACCEL_FAILED:
273 case MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED:
274 case MBEDTLS_ERR_SHA512_HW_ACCEL_FAILED:
275 return( PSA_ERROR_HARDWARE_FAILURE );
276
277 case MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH:
278 return( PSA_ERROR_INVALID_ARGUMENT );
279 case MBEDTLS_ERR_XTEA_HW_ACCEL_FAILED:
280 return( PSA_ERROR_HARDWARE_FAILURE );
281
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]282 default:
283 return( PSA_ERROR_UNKNOWN_ERROR );
284 }
285}
286
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]287
288
289/****************************************************************/
290/* Key management */
291/****************************************************************/
292
293psa_status_t psa_import_key(psa_key_slot_t key,
294 psa_key_type_t type,
295 const uint8_t *data,
296 size_t data_length)
297{
298 key_slot_t *slot;
299
300 if( key == 0 || key > MBEDTLS_PSA_KEY_SLOT_COUNT )
301 return( PSA_ERROR_INVALID_ARGUMENT );
302 slot = &global_data.key_slots[key];
303 if( slot->type != PSA_KEY_TYPE_NONE )
304 return( PSA_ERROR_OCCUPIED_SLOT );
305
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame^]306 if( PSA_KEY_TYPE_IS_RAW_BYTES( type ) )
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]307 {
308 if( data_length > SIZE_MAX / 8 )
309 return( PSA_ERROR_NOT_SUPPORTED );
310 slot->data.raw.data = mbedtls_calloc( 1, data_length );
311 if( slot->data.raw.data == NULL )
312 return( PSA_ERROR_INSUFFICIENT_MEMORY );
313 memcpy( slot->data.raw.data, data, data_length );
314 slot->data.raw.bytes = data_length;
315 }
316 else
Gilles Peskine969ac722018-01-28 18:16:59 +0100[diff] [blame]317#if defined(MBEDTLS_PK_PARSE_C)
Gilles Peskinec66ea6a2018-02-03 22:43:28 +0100[diff] [blame]318 if( type == PSA_KEY_TYPE_RSA_PUBLIC_KEY ||
319 type == PSA_KEY_TYPE_RSA_KEYPAIR ||
320 PSA_KEY_TYPE_IS_ECC( type ) )
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]321 {
322 int ret;
Gilles Peskine969ac722018-01-28 18:16:59 +0100[diff] [blame]323 mbedtls_pk_context pk;
324 mbedtls_pk_init( &pk );
Gilles Peskinec66ea6a2018-02-03 22:43:28 +0100[diff] [blame]325 if( PSA_KEY_TYPE_IS_KEYPAIR( type ) )
326 ret = mbedtls_pk_parse_key( &pk, data, data_length, NULL, 0 );
327 else
328 ret = mbedtls_pk_parse_public_key( &pk, data, data_length );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]329 if( ret != 0 )
330 return( mbedtls_to_psa_error( ret ) );
Gilles Peskine969ac722018-01-28 18:16:59 +0100[diff] [blame]331 switch( mbedtls_pk_get_type( &pk ) )
332 {
333#if defined(MBEDTLS_RSA_C)
334 case MBEDTLS_PK_RSA:
Gilles Peskinec66ea6a2018-02-03 22:43:28 +0100[diff] [blame]335 if( type == PSA_KEY_TYPE_RSA_PUBLIC_KEY ||
336 type == PSA_KEY_TYPE_RSA_KEYPAIR )
Gilles Peskine969ac722018-01-28 18:16:59 +0100[diff] [blame]337 slot->data.rsa = pk.pk_ctx;
338 else
339 return( PSA_ERROR_INVALID_ARGUMENT );
340 break;
341#endif /* MBEDTLS_RSA_C */
342#if defined(MBEDTLS_ECP_C)
343 case MBEDTLS_PK_ECKEY:
344 if( PSA_KEY_TYPE_IS_ECC( type ) )
345 {
346 // TODO: check curve
347 slot->data.ecp = pk.pk_ctx;
348 }
349 else
350 return( PSA_ERROR_INVALID_ARGUMENT );
351 break;
352#endif /* MBEDTLS_ECP_C */
353 default:
354 return( PSA_ERROR_INVALID_ARGUMENT );
355 }
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]356 }
357 else
Gilles Peskine969ac722018-01-28 18:16:59 +0100[diff] [blame]358#endif /* defined(MBEDTLS_PK_PARSE_C) */
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]359 {
360 return( PSA_ERROR_NOT_SUPPORTED );
361 }
362
363 slot->type = type;
364 return( PSA_SUCCESS );
365}
366
367psa_status_t psa_destroy_key(psa_key_slot_t key)
368{
369 key_slot_t *slot;
370
371 if( key == 0 || key > MBEDTLS_PSA_KEY_SLOT_COUNT )
372 return( PSA_ERROR_INVALID_ARGUMENT );
373 slot = &global_data.key_slots[key];
374 if( slot->type == PSA_KEY_TYPE_NONE )
375 return( PSA_ERROR_EMPTY_SLOT );
376
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame^]377 if( PSA_KEY_TYPE_IS_RAW_BYTES( slot->type ) )
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]378 {
379 mbedtls_free( slot->data.raw.data );
380 }
381 else
Gilles Peskine969ac722018-01-28 18:16:59 +0100[diff] [blame]382#if defined(MBEDTLS_RSA_C)
Gilles Peskinec66ea6a2018-02-03 22:43:28 +0100[diff] [blame]383 if( slot->type == PSA_KEY_TYPE_RSA_PUBLIC_KEY ||
384 slot->type == PSA_KEY_TYPE_RSA_KEYPAIR )
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]385 {
Gilles Peskine969ac722018-01-28 18:16:59 +0100[diff] [blame]386 mbedtls_rsa_free( slot->data.rsa );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]387 }
388 else
Gilles Peskine969ac722018-01-28 18:16:59 +0100[diff] [blame]389#endif /* defined(MBEDTLS_RSA_C) */
390#if defined(MBEDTLS_ECP_C)
391 if( PSA_KEY_TYPE_IS_ECC( slot->type ) )
392 {
393 mbedtls_ecp_keypair_free( slot->data.ecp );
394 }
395 else
396#endif /* defined(MBEDTLS_ECP_C) */
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]397 {
398 /* Shouldn't happen: the key type is not any type that we
399 * put it. */
400 return( PSA_ERROR_TAMPERING_DETECTED );
401 }
402
403 mbedtls_zeroize( slot, sizeof( *slot ) );
404 return( PSA_SUCCESS );
405}
406
407psa_status_t psa_get_key_information(psa_key_slot_t key,
408 psa_key_type_t *type,
409 size_t *bits)
410{
411 key_slot_t *slot;
412
413 if( key == 0 || key > MBEDTLS_PSA_KEY_SLOT_COUNT )
Gilles Peskinec66ea6a2018-02-03 22:43:28 +0100[diff] [blame]414 return( PSA_ERROR_EMPTY_SLOT );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]415 slot = &global_data.key_slots[key];
416 if( type != NULL )
417 *type = slot->type;
418 if( bits != NULL )
419 *bits = 0;
420 if( slot->type == PSA_KEY_TYPE_NONE )
421 return( PSA_ERROR_EMPTY_SLOT );
422
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame^]423 if( PSA_KEY_TYPE_IS_RAW_BYTES( slot->type ) )
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]424 {
425 if( bits != NULL )
426 *bits = slot->data.raw.bytes * 8;
427 }
428 else
Gilles Peskine969ac722018-01-28 18:16:59 +0100[diff] [blame]429#if defined(MBEDTLS_RSA_C)
Gilles Peskinec66ea6a2018-02-03 22:43:28 +0100[diff] [blame]430 if( slot->type == PSA_KEY_TYPE_RSA_PUBLIC_KEY ||
431 slot->type == PSA_KEY_TYPE_RSA_KEYPAIR )
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]432 {
433 if( bits != NULL )
Gilles Peskine969ac722018-01-28 18:16:59 +0100[diff] [blame]434 *bits = mbedtls_rsa_get_bitlen( slot->data.rsa );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]435 }
436 else
Gilles Peskine969ac722018-01-28 18:16:59 +0100[diff] [blame]437#endif /* defined(MBEDTLS_RSA_C) */
438#if defined(MBEDTLS_ECP_C)
439 if( PSA_KEY_TYPE_IS_ECC( slot->type ) )
440 {
441 if( bits != NULL )
442 *bits = slot->data.ecp->grp.pbits;
443 }
444 else
445#endif /* defined(MBEDTLS_ECP_C) */
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]446 {
447 /* Shouldn't happen: the key type is not any type that we
448 * put it. */
449 return( PSA_ERROR_TAMPERING_DETECTED );
450 }
451
452 return( PSA_SUCCESS );
453}
454
455psa_status_t psa_export_key(psa_key_slot_t key,
456 uint8_t *data,
457 size_t data_size,
458 size_t *data_length)
459{
460 key_slot_t *slot;
461
462 if( key == 0 || key > MBEDTLS_PSA_KEY_SLOT_COUNT )
Gilles Peskinec66ea6a2018-02-03 22:43:28 +0100[diff] [blame]463 return( PSA_ERROR_EMPTY_SLOT );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]464 slot = &global_data.key_slots[key];
465 if( slot->type == PSA_KEY_TYPE_NONE )
466 return( PSA_ERROR_EMPTY_SLOT );
467
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame^]468 if( PSA_KEY_TYPE_IS_RAW_BYTES( slot->type ) )
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]469 {
470 if( slot->data.raw.bytes > data_size )
471 return( PSA_ERROR_BUFFER_TOO_SMALL );
472 memcpy( data, slot->data.raw.data, slot->data.raw.bytes );
473 *data_length = slot->data.raw.bytes;
474 return( PSA_SUCCESS );
475 }
476 else
Gilles Peskine969ac722018-01-28 18:16:59 +0100[diff] [blame]477#if defined(MBEDTLS_PK_WRITE_C)
Gilles Peskinec66ea6a2018-02-03 22:43:28 +0100[diff] [blame]478 if( slot->type == PSA_KEY_TYPE_RSA_PUBLIC_KEY ||
479 slot->type == PSA_KEY_TYPE_RSA_KEYPAIR ||
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]480 PSA_KEY_TYPE_IS_ECC( slot->type ) )
481 {
Gilles Peskine969ac722018-01-28 18:16:59 +0100[diff] [blame]482 mbedtls_pk_context pk;
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]483 int ret;
Gilles Peskine969ac722018-01-28 18:16:59 +0100[diff] [blame]484 mbedtls_pk_init( &pk );
Gilles Peskinec66ea6a2018-02-03 22:43:28 +0100[diff] [blame]485 if( slot->type == PSA_KEY_TYPE_RSA_PUBLIC_KEY ||
486 slot->type == PSA_KEY_TYPE_RSA_KEYPAIR )
Gilles Peskine969ac722018-01-28 18:16:59 +0100[diff] [blame]487 {
488 pk.pk_info = &mbedtls_rsa_info;
489 pk.pk_ctx = slot->data.rsa;
490 }
491 else
492 {
493 pk.pk_info = &mbedtls_eckey_info;
494 pk.pk_ctx = slot->data.ecp;
495 }
Gilles Peskinec66ea6a2018-02-03 22:43:28 +0100[diff] [blame]496 if( PSA_KEY_TYPE_IS_KEYPAIR( slot->type ) )
497 ret = mbedtls_pk_write_key_der( &pk, data, data_size );
498 else
499 ret = mbedtls_pk_write_pubkey_der( &pk, data, data_size );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]500 if( ret < 0 )
501 return( mbedtls_to_psa_error( ret ) );
502 *data_length = ret;
503 return( PSA_SUCCESS );
504 }
505 else
Gilles Peskine969ac722018-01-28 18:16:59 +0100[diff] [blame]506#endif /* definedMBEDTLS_PK_WRITE_C) */
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]507 {
508 return( PSA_ERROR_NOT_SUPPORTED );
509 }
510}
511
512
513
514/****************************************************************/
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]515/* Message digests */
516/****************************************************************/
517
518static const mbedtls_md_info_t *mbedtls_md_info_of_psa( psa_algorithm_t alg )
519{
520 switch( alg )
521 {
522#if defined(MBEDTLS_MD2_C)
523 case PSA_ALG_MD2:
524 return( &mbedtls_md2_info );
525#endif
526#if defined(MBEDTLS_MD4_C)
527 case PSA_ALG_MD4:
528 return( &mbedtls_md4_info );
529#endif
530#if defined(MBEDTLS_MD5_C)
531 case PSA_ALG_MD5:
532 return( &mbedtls_md5_info );
533#endif
534#if defined(MBEDTLS_RIPEMD160_C)
535 case PSA_ALG_RIPEMD160:
536 return( &mbedtls_ripemd160_info );
537#endif
538#if defined(MBEDTLS_SHA1_C)
539 case PSA_ALG_SHA_1:
540 return( &mbedtls_sha1_info );
541#endif
542#if defined(MBEDTLS_SHA256_C)
543 case PSA_ALG_SHA_224:
544 return( &mbedtls_sha224_info );
545 case PSA_ALG_SHA_256:
546 return( &mbedtls_sha256_info );
547#endif
548#if defined(MBEDTLS_SHA512_C)
549 case PSA_ALG_SHA_384:
550 return( &mbedtls_sha384_info );
551 case PSA_ALG_SHA_512:
552 return( &mbedtls_sha512_info );
553#endif
554 default:
555 return( NULL );
556 }
557}
558
559#if 0
560static psa_algorithm_t mbedtls_md_alg_to_psa( mbedtls_md_type_t md_alg )
561{
562 switch( md_alg )
563 {
564 case MBEDTLS_MD_NONE:
565 return( 0 );
566 case MBEDTLS_MD_MD2:
567 return( PSA_ALG_MD2 );
568 case MBEDTLS_MD_MD4:
569 return( PSA_ALG_MD4 );
570 case MBEDTLS_MD_MD5:
571 return( PSA_ALG_MD5 );
572 case MBEDTLS_MD_SHA1:
573 return( PSA_ALG_SHA_1 );
574 case MBEDTLS_MD_SHA224:
575 return( PSA_ALG_SHA_224 );
576 case MBEDTLS_MD_SHA256:
577 return( PSA_ALG_SHA_256 );
578 case MBEDTLS_MD_SHA384:
579 return( PSA_ALG_SHA_384 );
580 case MBEDTLS_MD_SHA512:
581 return( PSA_ALG_SHA_512 );
582 case MBEDTLS_MD_RIPEMD160:
583 return( PSA_ALG_RIPEMD160 );
584 default:
585 return( MBEDTLS_MD_NOT_SUPPORTED );
586 }
587}
588#endif
589
Gilles Peskine9ef733f2018-02-07 21:05:37 +0100[diff] [blame]590psa_status_t psa_hash_abort( psa_hash_operation_t *operation )
591{
592 switch( operation->alg )
593 {
594#if defined(MBEDTLS_MD2_C)
595 case PSA_ALG_MD2:
596 mbedtls_md2_free( &operation->ctx.md2 );
597 break;
598#endif
599#if defined(MBEDTLS_MD4_C)
600 case PSA_ALG_MD4:
601 mbedtls_md4_free( &operation->ctx.md4 );
602 break;
603#endif
604#if defined(MBEDTLS_MD5_C)
605 case PSA_ALG_MD5:
606 mbedtls_md5_free( &operation->ctx.md5 );
607 break;
608#endif
609#if defined(MBEDTLS_RIPEMD160_C)
610 case PSA_ALG_RIPEMD160:
611 mbedtls_ripemd160_free( &operation->ctx.ripemd160 );
612 break;
613#endif
614#if defined(MBEDTLS_SHA1_C)
615 case PSA_ALG_SHA_1:
616 mbedtls_sha1_free( &operation->ctx.sha1 );
617 break;
618#endif
619#if defined(MBEDTLS_SHA256_C)
620 case PSA_ALG_SHA_224:
621 case PSA_ALG_SHA_256:
622 mbedtls_sha256_free( &operation->ctx.sha256 );
623 break;
624#endif
625#if defined(MBEDTLS_SHA512_C)
626 case PSA_ALG_SHA_384:
627 case PSA_ALG_SHA_512:
628 mbedtls_sha512_free( &operation->ctx.sha512 );
629 break;
630#endif
631 default:
632 return( PSA_ERROR_NOT_SUPPORTED );
633 }
634 operation->alg = 0;
635 return( PSA_SUCCESS );
636}
637
638psa_status_t psa_hash_start( psa_hash_operation_t *operation,
639 psa_algorithm_t alg )
640{
641 int ret;
642 operation->alg = 0;
643 switch( alg )
644 {
645#if defined(MBEDTLS_MD2_C)
646 case PSA_ALG_MD2:
647 mbedtls_md2_init( &operation->ctx.md2 );
648 ret = mbedtls_md2_starts_ret( &operation->ctx.md2 );
649 break;
650#endif
651#if defined(MBEDTLS_MD4_C)
652 case PSA_ALG_MD4:
653 mbedtls_md4_init( &operation->ctx.md4 );
654 ret = mbedtls_md4_starts_ret( &operation->ctx.md4 );
655 break;
656#endif
657#if defined(MBEDTLS_MD5_C)
658 case PSA_ALG_MD5:
659 mbedtls_md5_init( &operation->ctx.md5 );
660 ret = mbedtls_md5_starts_ret( &operation->ctx.md5 );
661 break;
662#endif
663#if defined(MBEDTLS_RIPEMD160_C)
664 case PSA_ALG_RIPEMD160:
665 mbedtls_ripemd160_init( &operation->ctx.ripemd160 );
666 ret = mbedtls_ripemd160_starts_ret( &operation->ctx.ripemd160 );
667 break;
668#endif
669#if defined(MBEDTLS_SHA1_C)
670 case PSA_ALG_SHA_1:
671 mbedtls_sha1_init( &operation->ctx.sha1 );
672 ret = mbedtls_sha1_starts_ret( &operation->ctx.sha1 );
673 break;
674#endif
675#if defined(MBEDTLS_SHA256_C)
676 case PSA_ALG_SHA_224:
677 mbedtls_sha256_init( &operation->ctx.sha256 );
678 ret = mbedtls_sha256_starts_ret( &operation->ctx.sha256, 1 );
679 break;
680 case PSA_ALG_SHA_256:
681 mbedtls_sha256_init( &operation->ctx.sha256 );
682 ret = mbedtls_sha256_starts_ret( &operation->ctx.sha256, 0 );
683 break;
684#endif
685#if defined(MBEDTLS_SHA512_C)
686 case PSA_ALG_SHA_384:
687 mbedtls_sha512_init( &operation->ctx.sha512 );
688 ret = mbedtls_sha512_starts_ret( &operation->ctx.sha512, 1 );
689 break;
690 case PSA_ALG_SHA_512:
691 mbedtls_sha512_init( &operation->ctx.sha512 );
692 ret = mbedtls_sha512_starts_ret( &operation->ctx.sha512, 0 );
693 break;
694#endif
695 default:
696 return( PSA_ERROR_NOT_SUPPORTED );
697 }
698 if( ret == 0 )
699 operation->alg = alg;
700 else
701 psa_hash_abort( operation );
702 return( mbedtls_to_psa_error( ret ) );
703}
704
705psa_status_t psa_hash_update( psa_hash_operation_t *operation,
706 const uint8_t *input,
707 size_t input_length )
708{
709 int ret;
710 switch( operation->alg )
711 {
712#if defined(MBEDTLS_MD2_C)
713 case PSA_ALG_MD2:
714 ret = mbedtls_md2_update_ret( &operation->ctx.md2,
715 input, input_length );
716 break;
717#endif
718#if defined(MBEDTLS_MD4_C)
719 case PSA_ALG_MD4:
720 ret = mbedtls_md4_update_ret( &operation->ctx.md4,
721 input, input_length );
722 break;
723#endif
724#if defined(MBEDTLS_MD5_C)
725 case PSA_ALG_MD5:
726 ret = mbedtls_md5_update_ret( &operation->ctx.md5,
727 input, input_length );
728 break;
729#endif
730#if defined(MBEDTLS_RIPEMD160_C)
731 case PSA_ALG_RIPEMD160:
732 ret = mbedtls_ripemd160_update_ret( &operation->ctx.ripemd160,
733 input, input_length );
734 break;
735#endif
736#if defined(MBEDTLS_SHA1_C)
737 case PSA_ALG_SHA_1:
738 ret = mbedtls_sha1_update_ret( &operation->ctx.sha1,
739 input, input_length );
740 break;
741#endif
742#if defined(MBEDTLS_SHA256_C)
743 case PSA_ALG_SHA_224:
744 case PSA_ALG_SHA_256:
745 ret = mbedtls_sha256_update_ret( &operation->ctx.sha256,
746 input, input_length );
747 break;
748#endif
749#if defined(MBEDTLS_SHA512_C)
750 case PSA_ALG_SHA_384:
751 case PSA_ALG_SHA_512:
752 ret = mbedtls_sha512_update_ret( &operation->ctx.sha512,
753 input, input_length );
754 break;
755#endif
756 default:
757 ret = MBEDTLS_ERR_MD_BAD_INPUT_DATA;
758 break;
759 }
760 if( ret != 0 )
761 psa_hash_abort( operation );
762 return( mbedtls_to_psa_error( ret ) );
763}
764
765psa_status_t psa_hash_finish( psa_hash_operation_t *operation,
766 uint8_t *hash,
767 size_t hash_size,
768 size_t *hash_length )
769{
770 int ret;
771 size_t actual_hash_length = PSA_HASH_FINAL_SIZE( operation->alg );
772
773 /* Fill the output buffer with something that isn't a valid hash
774 * (barring an attack on the hash and deliberately-crafted input),
775 * in case the caller doesn't check the return status properly. */
776 *hash_length = actual_hash_length;
777 memset( hash, '!', hash_size );
778
779 if( hash_size < actual_hash_length )
780 return( PSA_ERROR_BUFFER_TOO_SMALL );
781
782 switch( operation->alg )
783 {
784#if defined(MBEDTLS_MD2_C)
785 case PSA_ALG_MD2:
786 ret = mbedtls_md2_finish_ret( &operation->ctx.md2, hash );
787 break;
788#endif
789#if defined(MBEDTLS_MD4_C)
790 case PSA_ALG_MD4:
791 ret = mbedtls_md4_finish_ret( &operation->ctx.md4, hash );
792 break;
793#endif
794#if defined(MBEDTLS_MD5_C)
795 case PSA_ALG_MD5:
796 ret = mbedtls_md5_finish_ret( &operation->ctx.md5, hash );
797 break;
798#endif
799#if defined(MBEDTLS_RIPEMD160_C)
800 case PSA_ALG_RIPEMD160:
801 ret = mbedtls_ripemd160_finish_ret( &operation->ctx.ripemd160, hash );
802 break;
803#endif
804#if defined(MBEDTLS_SHA1_C)
805 case PSA_ALG_SHA_1:
806 ret = mbedtls_sha1_finish_ret( &operation->ctx.sha1, hash );
807 break;
808#endif
809#if defined(MBEDTLS_SHA256_C)
810 case PSA_ALG_SHA_224:
811 case PSA_ALG_SHA_256:
812 ret = mbedtls_sha256_finish_ret( &operation->ctx.sha256, hash );
813 break;
814#endif
815#if defined(MBEDTLS_SHA512_C)
816 case PSA_ALG_SHA_384:
817 case PSA_ALG_SHA_512:
818 ret = mbedtls_sha512_finish_ret( &operation->ctx.sha512, hash );
819 break;
820#endif
821 default:
822 ret = MBEDTLS_ERR_MD_BAD_INPUT_DATA;
823 break;
824 }
825
826 if( ret == 0 )
827 {
828 return( psa_hash_abort( operation ) );
829 }
830 else
831 {
832 psa_hash_abort( operation );
833 return( mbedtls_to_psa_error( ret ) );
834 }
835}
836
837psa_status_t psa_hash_verify(psa_hash_operation_t *operation,
838 const uint8_t *hash,
839 size_t hash_length)
840{
841 uint8_t actual_hash[MBEDTLS_MD_MAX_SIZE];
842 size_t actual_hash_length;
843 psa_status_t status = psa_hash_finish( operation,
844 actual_hash, sizeof( actual_hash ),
845 &actual_hash_length );
846 if( status != PSA_SUCCESS )
847 return( status );
848 if( actual_hash_length != hash_length )
849 return( PSA_ERROR_INVALID_SIGNATURE );
850 if( safer_memcmp( hash, actual_hash, actual_hash_length ) != 0 )
851 return( PSA_ERROR_INVALID_SIGNATURE );
852 return( PSA_SUCCESS );
853}
854
855
856
857
858/****************************************************************/
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame^]859/* MAC */
860/****************************************************************/
861
862static const mbedtls_cipher_info_t *mbedtls_cipher_info_of_psa(
863 psa_algorithm_t alg,
864 psa_key_type_t key_type,
865 size_t key_bits )
866{
867 mbedtls_cipher_id_t cipher_id;
868 mbedtls_cipher_mode_t mode;
869
870 if( PSA_ALG_IS_CIPHER( alg ) || PSA_ALG_IS_AEAD( alg ) )
871 {
872 if( PSA_ALG_IS_BLOCK_CIPHER( alg ) )
873 alg &= ~PSA_ALG_BLOCK_CIPHER_MODE_MASK;
874 switch( alg )
875 {
876 case PSA_ALG_STREAM_CIPHER:
877 mode = MBEDTLS_MODE_STREAM;
878 break;
879 case PSA_ALG_CBC_BASE:
880 mode = MBEDTLS_MODE_CBC;
881 break;
882 case PSA_ALG_CFB_BASE:
883 mode = MBEDTLS_MODE_CFB;
884 break;
885 case PSA_ALG_OFB_BASE:
886 mode = MBEDTLS_MODE_OFB;
887 break;
888 case PSA_ALG_CTR:
889 mode = MBEDTLS_MODE_CTR;
890 break;
891 case PSA_ALG_CCM:
892 mode = MBEDTLS_MODE_CCM;
893 break;
894 case PSA_ALG_GCM:
895 mode = MBEDTLS_MODE_GCM;
896 break;
897 default:
898 return( NULL );
899 }
900 }
901 else if( alg == PSA_ALG_CMAC )
902 mode = MBEDTLS_MODE_ECB;
903 else if( alg == PSA_ALG_GMAC )
904 mode = MBEDTLS_MODE_GCM;
905 else
906 return( NULL );
907
908 switch( key_type )
909 {
910 case PSA_KEY_TYPE_AES:
911 cipher_id = MBEDTLS_CIPHER_ID_AES;
912 break;
913 case PSA_KEY_TYPE_DES:
914 if( key_bits == 64 )
915 cipher_id = MBEDTLS_CIPHER_ID_DES;
916 else
917 cipher_id = MBEDTLS_CIPHER_ID_3DES;
918 break;
919 case PSA_KEY_TYPE_CAMELLIA:
920 cipher_id = MBEDTLS_CIPHER_ID_CAMELLIA;
921 break;
922 case PSA_KEY_TYPE_ARC4:
923 cipher_id = MBEDTLS_CIPHER_ID_ARC4;
924 break;
925 default:
926 return( NULL );
927 }
928
929 return( mbedtls_cipher_info_from_values( cipher_id, key_bits, mode ) );
930}
931
932psa_status_t psa_mac_abort( psa_mac_operation_t *operation )
933{
934 switch( operation->alg )
935 {
936#if defined(MBEDTLS_CMAC_C)
937 case PSA_ALG_CMAC:
938 mbedtls_cipher_free( &operation->ctx.cmac );
939 break;
940#endif /* MBEDTLS_CMAC_C */
941 default:
942#if defined(MBEDTLS_MD_C)
943 if( PSA_ALG_IS_HMAC( operation->alg ) )
944 mbedtls_md_free( &operation->ctx.hmac );
945 else
946#endif /* MBEDTLS_MD_C */
947 return( PSA_ERROR_NOT_SUPPORTED );
948 }
949 operation->alg = 0;
950 operation->key_set = 0;
951 operation->iv_set = 0;
952 operation->iv_required = 0;
953 operation->has_input = 0;
954 return( PSA_SUCCESS );
955}
956
957psa_status_t psa_mac_start( psa_mac_operation_t *operation,
958 psa_key_slot_t key,
959 psa_algorithm_t alg )
960{
961 int ret = MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE;
962 psa_status_t status;
963 key_slot_t *slot;
964 psa_key_type_t key_type;
965 size_t key_bits;
966 const mbedtls_cipher_info_t *cipher_info = NULL;
967
968 operation->alg = 0;
969 operation->key_set = 0;
970 operation->iv_set = 0;
971 operation->iv_required = 1;
972 operation->has_input = 0;
973
974 status = psa_get_key_information( key, &key_type, &key_bits );
975 if( status != PSA_SUCCESS )
976 return( status );
977 slot = &global_data.key_slots[key];
978
979 if( ! PSA_ALG_IS_HMAC( alg ) )
980 {
981 cipher_info = mbedtls_cipher_info_of_psa( alg, key_type, key_bits );
982 if( cipher_info == NULL )
983 return( PSA_ERROR_NOT_SUPPORTED );
984 operation->mac_size = cipher_info->block_size;
985 }
986 switch( alg )
987 {
988#if defined(MBEDTLS_CMAC_C)
989 case PSA_ALG_CMAC:
990 operation->iv_required = 0;
991 mbedtls_cipher_init( &operation->ctx.cmac );
992 ret = mbedtls_cipher_setup( &operation->ctx.cmac, cipher_info );
993 if( ret != 0 )
994 break;
995 ret = mbedtls_cipher_cmac_starts( &operation->ctx.cmac,
996 slot->data.raw.data,
997 key_bits );
998 break;
999#endif /* MBEDTLS_CMAC_C */
1000 default:
1001#if defined(MBEDTLS_MD_C)
1002 if( PSA_ALG_IS_HMAC( alg ) )
1003 {
1004 const mbedtls_md_info_t *md_info =
1005 mbedtls_md_info_of_psa( PSA_ALG_HMAC_HASH( alg ) );
1006 if( md_info == NULL )
1007 return( PSA_ERROR_NOT_SUPPORTED );
1008 if( key_type != PSA_KEY_TYPE_HMAC )
1009 return( PSA_ERROR_INVALID_ARGUMENT );
1010 operation->iv_required = 0;
1011 operation->mac_size = mbedtls_md_get_size( md_info );
1012 mbedtls_md_init( &operation->ctx.hmac );
1013 ret = mbedtls_md_setup( &operation->ctx.hmac, md_info, 1 );
1014 if( ret != 0 )
1015 break;
1016 ret = mbedtls_md_hmac_starts( &operation->ctx.hmac,
1017 slot->data.raw.data,
1018 slot->data.raw.bytes );
1019 break;
1020 }
1021 else
1022#endif /* MBEDTLS_MD_C */
1023 return( PSA_ERROR_NOT_SUPPORTED );
1024 }
1025
1026 /* If we reach this point, then the algorithm-specific part of the
1027 * context has at least been initialized, and may contain data that
1028 * needs to be wiped on error. */
1029 operation->alg = alg;
1030 if( ret != 0 )
1031 {
1032 psa_mac_abort( operation );
1033 return( mbedtls_to_psa_error( ret ) );
1034 }
1035 operation->key_set = 1;
1036 return( 0 );
1037}
1038
1039psa_status_t psa_mac_update( psa_mac_operation_t *operation,
1040 const uint8_t *input,
1041 size_t input_length )
1042{
1043 int ret;
1044 if( ! operation->key_set )
1045 return( PSA_ERROR_BAD_STATE );
1046 if( operation->iv_required && ! operation->iv_set )
1047 return( PSA_ERROR_BAD_STATE );
1048 operation->has_input = 1;
1049
1050 switch( operation->alg )
1051 {
1052#if defined(MBEDTLS_CMAC_C)
1053 case PSA_ALG_CMAC:
1054 ret = mbedtls_cipher_cmac_update( &operation->ctx.cmac,
1055 input, input_length );
1056 break;
1057#endif /* MBEDTLS_CMAC_C */
1058 default:
1059#if defined(MBEDTLS_MD_C)
1060 if( PSA_ALG_IS_HMAC( operation->alg ) )
1061 {
1062 ret = mbedtls_md_hmac_update( &operation->ctx.hmac,
1063 input, input_length );
1064 }
1065 else
1066#endif /* MBEDTLS_MD_C */
1067 {
1068 ret = MBEDTLS_ERR_MD_BAD_INPUT_DATA;
1069 }
1070 break;
1071 }
1072 if( ret != 0 )
1073 psa_mac_abort( operation );
1074 return( mbedtls_to_psa_error( ret ) );
1075}
1076
1077psa_status_t psa_mac_finish( psa_mac_operation_t *operation,
1078 uint8_t *mac,
1079 size_t mac_size,
1080 size_t *mac_length )
1081{
1082 int ret;
1083 if( ! operation->key_set )
1084 return( PSA_ERROR_BAD_STATE );
1085 if( operation->iv_required && ! operation->iv_set )
1086 return( PSA_ERROR_BAD_STATE );
1087
1088 /* Fill the output buffer with something that isn't a valid mac
1089 * (barring an attack on the mac and deliberately-crafted input),
1090 * in case the caller doesn't check the return status properly. */
1091 *mac_length = operation->mac_size;
1092 memset( mac, '!', mac_size );
1093
1094 if( mac_size < operation->mac_size )
1095 return( PSA_ERROR_BUFFER_TOO_SMALL );
1096
1097 switch( operation->alg )
1098 {
1099#if defined(MBEDTLS_CMAC_C)
1100 case PSA_ALG_CMAC:
1101 ret = mbedtls_cipher_cmac_finish( &operation->ctx.cmac, mac );
1102 break;
1103#endif /* MBEDTLS_CMAC_C */
1104 default:
1105#if defined(MBEDTLS_MD_C)
1106 if( PSA_ALG_IS_HMAC( operation->alg ) )
1107 {
1108 ret = mbedtls_md_hmac_finish( &operation->ctx.hmac, mac );
1109 }
1110 else
1111#endif /* MBEDTLS_MD_C */
1112 {
1113 ret = MBEDTLS_ERR_MD_BAD_INPUT_DATA;
1114 }
1115 break;
1116 }
1117
1118 if( ret == 0 )
1119 {
1120 return( psa_mac_abort( operation ) );
1121 }
1122 else
1123 {
1124 psa_mac_abort( operation );
1125 return( mbedtls_to_psa_error( ret ) );
1126 }
1127}
1128
1129#define MBEDTLS_PSA_MAC_MAX_SIZE \
1130 ( MBEDTLS_MD_MAX_SIZE > MBEDTLS_MAX_BLOCK_LENGTH ? \
1131 MBEDTLS_MD_MAX_SIZE : \
1132 MBEDTLS_MAX_BLOCK_LENGTH )
1133psa_status_t psa_mac_verify( psa_mac_operation_t *operation,
1134 const uint8_t *mac,
1135 size_t mac_length )
1136{
1137 uint8_t actual_mac[MBEDTLS_PSA_MAC_MAX_SIZE];
1138 size_t actual_mac_length;
1139 psa_status_t status = psa_mac_finish( operation,
1140 actual_mac, sizeof( actual_mac ),
1141 &actual_mac_length );
1142 if( status != PSA_SUCCESS )
1143 return( status );
1144 if( actual_mac_length != mac_length )
1145 return( PSA_ERROR_INVALID_SIGNATURE );
1146 if( safer_memcmp( mac, actual_mac, actual_mac_length ) != 0 )
1147 return( PSA_ERROR_INVALID_SIGNATURE );
1148 return( PSA_SUCCESS );
1149}
1150
1151
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]1152
1153
1154/****************************************************************/
1155/* Asymmetric cryptography */
1156/****************************************************************/
1157
1158psa_status_t psa_asymmetric_sign(psa_key_slot_t key,
1159 psa_algorithm_t alg,
1160 const uint8_t *hash,
1161 size_t hash_length,
1162 const uint8_t *salt,
1163 size_t salt_length,
1164 uint8_t *signature,
1165 size_t signature_size,
1166 size_t *signature_length)
1167{
1168 key_slot_t *slot;
1169
Gilles Peskine93aa0332018-02-03 23:58:03 +0100[diff] [blame]1170 *signature_length = 0;
1171 (void) salt;
1172 (void) salt_length;
1173
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]1174 if( key == 0 || key > MBEDTLS_PSA_KEY_SLOT_COUNT )
1175 return( PSA_ERROR_EMPTY_SLOT );
1176 slot = &global_data.key_slots[key];
1177 if( slot->type == PSA_KEY_TYPE_NONE )
1178 return( PSA_ERROR_EMPTY_SLOT );
1179 if( ! PSA_KEY_TYPE_IS_KEYPAIR( slot->type ) )
1180 return( PSA_ERROR_INVALID_ARGUMENT );
1181
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]1182#if defined(MBEDTLS_RSA_C)
1183 if( slot->type == PSA_KEY_TYPE_RSA_KEYPAIR )
1184 {
1185 mbedtls_rsa_context *rsa = slot->data.rsa;
1186 int ret;
1187 psa_algorithm_t hash_alg = PSA_ALG_RSA_GET_HASH( alg );
1188 const mbedtls_md_info_t *md_info = mbedtls_md_info_of_psa( hash_alg );
1189 mbedtls_md_type_t md_alg =
1190 hash_alg == 0 ? MBEDTLS_MD_NONE : mbedtls_md_get_type( md_info );
1191 if( md_alg == MBEDTLS_MD_NONE )
1192 {
1193#if SIZE_MAX > UINT_MAX
1194 if( hash_length > UINT_MAX )
1195 return( PSA_ERROR_INVALID_ARGUMENT );
1196#endif
1197 }
1198 else
1199 {
1200 if( mbedtls_md_get_size( md_info ) != hash_length )
1201 return( PSA_ERROR_INVALID_ARGUMENT );
1202 if( md_info == NULL )
1203 return( PSA_ERROR_NOT_SUPPORTED );
1204 }
1205 if( signature_size < rsa->len )
1206 return( PSA_ERROR_BUFFER_TOO_SMALL );
1207#if defined(MBEDTLS_PKCS1_V15)
1208 if( PSA_ALG_IS_RSA_PKCS1V15( alg ) )
1209 {
1210 mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V15,
1211 MBEDTLS_MD_NONE );
1212 ret = mbedtls_rsa_pkcs1_sign( rsa,
1213 mbedtls_ctr_drbg_random,
1214 &global_data.ctr_drbg,
1215 MBEDTLS_RSA_PRIVATE,
1216 md_alg, hash_length, hash,
1217 signature );
1218 }
1219 else
1220#endif /* MBEDTLS_PKCS1_V15 */
1221#if defined(MBEDTLS_PKCS1_V21)
1222 if( alg == PSA_ALG_RSA_PSS_MGF1 )
1223 {
1224 mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg );
1225 ret = mbedtls_rsa_rsassa_pss_sign( rsa,
1226 mbedtls_ctr_drbg_random,
1227 &global_data.ctr_drbg,
1228 MBEDTLS_RSA_PRIVATE,
1229 md_alg, hash_length, hash,
1230 signature );
1231 }
1232 else
1233#endif /* MBEDTLS_PKCS1_V21 */
1234 {
1235 return( PSA_ERROR_INVALID_ARGUMENT );
1236 }
Gilles Peskine93aa0332018-02-03 23:58:03 +0100[diff] [blame]1237 if( ret == 0 )
1238 *signature_length = rsa->len;
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]1239 return( mbedtls_to_psa_error( ret ) );
1240 }
1241 else
1242#endif /* defined(MBEDTLS_RSA_C) */
1243#if defined(MBEDTLS_ECP_C)
1244 if( PSA_KEY_TYPE_IS_ECC( slot->type ) )
1245 {
1246 // TODO
1247 return( PSA_ERROR_NOT_SUPPORTED );
1248 }
1249 else
1250#endif /* defined(MBEDTLS_ECP_C) */
1251 {
1252 return( PSA_ERROR_NOT_SUPPORTED );
1253 }
1254}
1255
1256
1257
1258/****************************************************************/
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]1259/* Module setup */
1260/****************************************************************/
1261
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]1262void mbedtls_psa_crypto_free( void )
1263{
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]1264 size_t key;
1265 for( key = 1; key < MBEDTLS_PSA_KEY_SLOT_COUNT; key++ )
1266 psa_destroy_key( key );
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]1267 mbedtls_ctr_drbg_free( &global_data.ctr_drbg );
1268 mbedtls_entropy_free( &global_data.entropy );
1269 mbedtls_zeroize( &global_data, sizeof( global_data ) );
1270}
1271
1272psa_status_t psa_crypto_init( void )
1273{
1274 int ret;
1275 const unsigned char drbg_seed[] = "PSA";
1276
1277 if( global_data.initialized != 0 )
1278 return( PSA_SUCCESS );
1279
1280 mbedtls_zeroize( &global_data, sizeof( global_data ) );
1281 mbedtls_entropy_init( &global_data.entropy );
1282 mbedtls_ctr_drbg_init( &global_data.ctr_drbg );
1283
1284 ret = mbedtls_ctr_drbg_seed( &global_data.ctr_drbg,
1285 mbedtls_entropy_func,
1286 &global_data.entropy,
1287 drbg_seed, sizeof( drbg_seed ) - 1 );
1288 if( ret != 0 )
1289 goto exit;
1290
1291exit:
1292 if( ret != 0 )
1293 mbedtls_psa_crypto_free( );
1294 return( mbedtls_to_psa_error( ret ) );
1295}
1296
1297#endif /* MBEDTLS_PSA_CRYPTO_C */