TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 8cc1ceec3e00486e98712f61757c51b563025578 / . / library / psa_crypto.c
blob: d53d6ee404990a2bbb45484b74b473d20681f320 [file] [log] [blame]
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]1/*
2 * PSA crypto layer on top of Mbed TLS crypto
3 */
4/* Copyright (C) 2018, ARM Limited, All Rights Reserved
5 * SPDX-License-Identifier: Apache-2.0
6 *
7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
8 * not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 *
19 * This file is part of mbed TLS (https://tls.mbed.org)
20 */
21
22#if !defined(MBEDTLS_CONFIG_FILE)
23#include "mbedtls/config.h"
24#else
25#include MBEDTLS_CONFIG_FILE
26#endif
27
28#if defined(MBEDTLS_PSA_CRYPTO_C)
29
30#include "psa/crypto.h"
31
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]32#include <stdlib.h>
33#include <string.h>
34#if defined(MBEDTLS_PLATFORM_C)
35#include "mbedtls/platform.h"
36#else
37#define mbedtls_calloc calloc
38#define mbedtls_free free
39#endif
40
Gilles Peskinea5905292018-02-07 20:59:33 +0100[diff] [blame]41#include "mbedtls/arc4.h"
42#include "mbedtls/blowfish.h"
43#include "mbedtls/camellia.h"
44#include "mbedtls/cipher.h"
45#include "mbedtls/ccm.h"
46#include "mbedtls/cmac.h"
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]47#include "mbedtls/ctr_drbg.h"
Gilles Peskinea5905292018-02-07 20:59:33 +0100[diff] [blame]48#include "mbedtls/des.h"
Gilles Peskine969ac722018-01-28 18:16:59 +0100[diff] [blame]49#include "mbedtls/ecp.h"
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]50#include "mbedtls/entropy.h"
Gilles Peskinea5905292018-02-07 20:59:33 +0100[diff] [blame]51#include "mbedtls/error.h"
52#include "mbedtls/gcm.h"
53#include "mbedtls/md2.h"
54#include "mbedtls/md4.h"
55#include "mbedtls/md5.h"
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]56#include "mbedtls/md.h"
57#include "mbedtls/md_internal.h"
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]58#include "mbedtls/pk.h"
Gilles Peskine969ac722018-01-28 18:16:59 +0100[diff] [blame]59#include "mbedtls/pk_internal.h"
Gilles Peskinea5905292018-02-07 20:59:33 +0100[diff] [blame]60#include "mbedtls/ripemd160.h"
Gilles Peskine969ac722018-01-28 18:16:59 +0100[diff] [blame]61#include "mbedtls/rsa.h"
Gilles Peskinea5905292018-02-07 20:59:33 +0100[diff] [blame]62#include "mbedtls/sha1.h"
63#include "mbedtls/sha256.h"
64#include "mbedtls/sha512.h"
65#include "mbedtls/xtea.h"
66
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]67
68
69/* Implementation that should never be optimized out by the compiler */
70static void mbedtls_zeroize( void *v, size_t n )
71{
72 volatile unsigned char *p = v; while( n-- ) *p++ = 0;
73}
74
Gilles Peskine9ef733f2018-02-07 21:05:37 +0100[diff] [blame]75/* constant-time buffer comparison */
76static inline int safer_memcmp( const uint8_t *a, const uint8_t *b, size_t n )
77{
78 size_t i;
79 unsigned char diff = 0;
80
81 for( i = 0; i < n; i++ )
82 diff |= a[i] ^ b[i];
83
84 return( diff );
85}
86
87
88
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]89/****************************************************************/
90/* Global data, support functions and library management */
91/****************************************************************/
92
93/* Number of key slots (plus one because 0 is not used).
94 * The value is a compile-time constant for now, for simplicity. */
95#define MBEDTLS_PSA_KEY_SLOT_COUNT 32
96
97typedef struct {
98 psa_key_type_t type;
mohammad16038cc1cee2018-03-28 01:21:33 +0300[diff] [blame^]99 psa_key_policy_t policy;
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]100 union {
101 struct raw_data {
102 uint8_t *data;
103 size_t bytes;
104 } raw;
Gilles Peskine969ac722018-01-28 18:16:59 +0100[diff] [blame]105#if defined(MBEDTLS_RSA_C)
106 mbedtls_rsa_context *rsa;
107#endif /* MBEDTLS_RSA_C */
108#if defined(MBEDTLS_ECP_C)
109 mbedtls_ecp_keypair *ecp;
110#endif /* MBEDTLS_ECP_C */
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]111 } data;
112} key_slot_t;
113
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]114typedef struct {
115 int initialized;
116 mbedtls_entropy_context entropy;
117 mbedtls_ctr_drbg_context ctr_drbg;
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]118 key_slot_t key_slots[MBEDTLS_PSA_KEY_SLOT_COUNT];
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]119} psa_global_data_t;
120
121static psa_global_data_t global_data;
122
123static psa_status_t mbedtls_to_psa_error( int ret )
124{
Gilles Peskinea5905292018-02-07 20:59:33 +0100[diff] [blame]125 /* If there's both a high-level code and low-level code, dispatch on
126 * the high-level code. */
127 switch( ret < -0x7f ? - ( -ret & 0x7f80 ) : ret )
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]128 {
129 case 0:
130 return( PSA_SUCCESS );
Gilles Peskinea5905292018-02-07 20:59:33 +0100[diff] [blame]131
132 case MBEDTLS_ERR_AES_INVALID_KEY_LENGTH:
133 case MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH:
134 case MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE:
135 return( PSA_ERROR_NOT_SUPPORTED );
136 case MBEDTLS_ERR_AES_HW_ACCEL_FAILED:
137 return( PSA_ERROR_HARDWARE_FAILURE );
138
139 case MBEDTLS_ERR_ARC4_HW_ACCEL_FAILED:
140 return( PSA_ERROR_HARDWARE_FAILURE );
141
142 case MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH:
143 case MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH:
144 return( PSA_ERROR_NOT_SUPPORTED );
145 case MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED:
146 return( PSA_ERROR_HARDWARE_FAILURE );
147
148 case MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH:
149 case MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH:
150 return( PSA_ERROR_NOT_SUPPORTED );
151 case MBEDTLS_ERR_CAMELLIA_HW_ACCEL_FAILED:
152 return( PSA_ERROR_HARDWARE_FAILURE );
153
154 case MBEDTLS_ERR_CCM_BAD_INPUT:
155 return( PSA_ERROR_INVALID_ARGUMENT );
156 case MBEDTLS_ERR_CCM_AUTH_FAILED:
157 return( PSA_ERROR_INVALID_SIGNATURE );
158 case MBEDTLS_ERR_CCM_HW_ACCEL_FAILED:
159 return( PSA_ERROR_HARDWARE_FAILURE );
160
161 case MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE:
162 return( PSA_ERROR_NOT_SUPPORTED );
163 case MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA:
164 return( PSA_ERROR_INVALID_ARGUMENT );
165 case MBEDTLS_ERR_CIPHER_ALLOC_FAILED:
166 return( PSA_ERROR_INSUFFICIENT_MEMORY );
167 case MBEDTLS_ERR_CIPHER_INVALID_PADDING:
168 return( PSA_ERROR_INVALID_PADDING );
169 case MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED:
170 return( PSA_ERROR_BAD_STATE );
171 case MBEDTLS_ERR_CIPHER_AUTH_FAILED:
172 return( PSA_ERROR_INVALID_SIGNATURE );
173 case MBEDTLS_ERR_CIPHER_INVALID_CONTEXT:
174 return( PSA_ERROR_TAMPERING_DETECTED );
175 case MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED:
176 return( PSA_ERROR_HARDWARE_FAILURE );
177
178 case MBEDTLS_ERR_CMAC_HW_ACCEL_FAILED:
179 return( PSA_ERROR_HARDWARE_FAILURE );
180
181 case MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED:
182 return( PSA_ERROR_INSUFFICIENT_ENTROPY );
183 case MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG:
184 case MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG:
185 return( PSA_ERROR_NOT_SUPPORTED );
186 case MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR:
187 return( PSA_ERROR_INSUFFICIENT_ENTROPY );
188
189 case MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH:
190 return( PSA_ERROR_NOT_SUPPORTED );
191 case MBEDTLS_ERR_DES_HW_ACCEL_FAILED:
192 return( PSA_ERROR_HARDWARE_FAILURE );
193
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]194 case MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED:
195 case MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE:
196 case MBEDTLS_ERR_ENTROPY_SOURCE_FAILED:
197 return( PSA_ERROR_INSUFFICIENT_ENTROPY );
Gilles Peskinea5905292018-02-07 20:59:33 +0100[diff] [blame]198
199 case MBEDTLS_ERR_GCM_AUTH_FAILED:
200 return( PSA_ERROR_INVALID_SIGNATURE );
201 case MBEDTLS_ERR_GCM_BAD_INPUT:
202 return( PSA_ERROR_NOT_SUPPORTED );
203 case MBEDTLS_ERR_GCM_HW_ACCEL_FAILED:
204 return( PSA_ERROR_HARDWARE_FAILURE );
205
206 case MBEDTLS_ERR_MD2_HW_ACCEL_FAILED:
207 case MBEDTLS_ERR_MD4_HW_ACCEL_FAILED:
208 case MBEDTLS_ERR_MD5_HW_ACCEL_FAILED:
209 return( PSA_ERROR_HARDWARE_FAILURE );
210
211 case MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE:
212 return( PSA_ERROR_NOT_SUPPORTED );
213 case MBEDTLS_ERR_MD_BAD_INPUT_DATA:
214 return( PSA_ERROR_INVALID_ARGUMENT );
215 case MBEDTLS_ERR_MD_ALLOC_FAILED:
216 return( PSA_ERROR_INSUFFICIENT_MEMORY );
217 case MBEDTLS_ERR_MD_FILE_IO_ERROR:
218 return( PSA_ERROR_STORAGE_FAILURE );
219 case MBEDTLS_ERR_MD_HW_ACCEL_FAILED:
220 return( PSA_ERROR_HARDWARE_FAILURE );
221
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]222 case MBEDTLS_ERR_PK_ALLOC_FAILED:
223 return( PSA_ERROR_INSUFFICIENT_MEMORY );
224 case MBEDTLS_ERR_PK_TYPE_MISMATCH:
225 case MBEDTLS_ERR_PK_BAD_INPUT_DATA:
226 return( PSA_ERROR_INVALID_ARGUMENT );
227 case MBEDTLS_ERR_PK_FILE_IO_ERROR:
Gilles Peskinea5905292018-02-07 20:59:33 +0100[diff] [blame]228 return( PSA_ERROR_STORAGE_FAILURE );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]229 case MBEDTLS_ERR_PK_KEY_INVALID_VERSION:
230 case MBEDTLS_ERR_PK_KEY_INVALID_FORMAT:
231 return( PSA_ERROR_INVALID_ARGUMENT );
232 case MBEDTLS_ERR_PK_UNKNOWN_PK_ALG:
233 return( PSA_ERROR_NOT_SUPPORTED );
234 case MBEDTLS_ERR_PK_PASSWORD_REQUIRED:
235 case MBEDTLS_ERR_PK_PASSWORD_MISMATCH:
236 return( PSA_ERROR_NOT_PERMITTED );
237 case MBEDTLS_ERR_PK_INVALID_PUBKEY:
238 return( PSA_ERROR_INVALID_ARGUMENT );
239 case MBEDTLS_ERR_PK_INVALID_ALG:
240 case MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE:
241 case MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE:
242 return( PSA_ERROR_NOT_SUPPORTED );
243 case MBEDTLS_ERR_PK_SIG_LEN_MISMATCH:
244 return( PSA_ERROR_INVALID_SIGNATURE );
Gilles Peskinea5905292018-02-07 20:59:33 +0100[diff] [blame]245 case MBEDTLS_ERR_PK_HW_ACCEL_FAILED:
246 return( PSA_ERROR_HARDWARE_FAILURE );
247
248 case MBEDTLS_ERR_RIPEMD160_HW_ACCEL_FAILED:
249 return( PSA_ERROR_HARDWARE_FAILURE );
250
251 case MBEDTLS_ERR_RSA_BAD_INPUT_DATA:
252 return( PSA_ERROR_INVALID_ARGUMENT );
253 case MBEDTLS_ERR_RSA_INVALID_PADDING:
254 return( PSA_ERROR_INVALID_PADDING );
255 case MBEDTLS_ERR_RSA_KEY_GEN_FAILED:
256 return( PSA_ERROR_HARDWARE_FAILURE );
257 case MBEDTLS_ERR_RSA_KEY_CHECK_FAILED:
258 return( PSA_ERROR_INVALID_ARGUMENT );
259 case MBEDTLS_ERR_RSA_PUBLIC_FAILED:
260 case MBEDTLS_ERR_RSA_PRIVATE_FAILED:
261 return( PSA_ERROR_TAMPERING_DETECTED );
262 case MBEDTLS_ERR_RSA_VERIFY_FAILED:
263 return( PSA_ERROR_INVALID_SIGNATURE );
264 case MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE:
265 return( PSA_ERROR_BUFFER_TOO_SMALL );
266 case MBEDTLS_ERR_RSA_RNG_FAILED:
267 return( PSA_ERROR_INSUFFICIENT_MEMORY );
268 case MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION:
269 return( PSA_ERROR_NOT_SUPPORTED );
270 case MBEDTLS_ERR_RSA_HW_ACCEL_FAILED:
271 return( PSA_ERROR_HARDWARE_FAILURE );
272
273 case MBEDTLS_ERR_SHA1_HW_ACCEL_FAILED:
274 case MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED:
275 case MBEDTLS_ERR_SHA512_HW_ACCEL_FAILED:
276 return( PSA_ERROR_HARDWARE_FAILURE );
277
278 case MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH:
279 return( PSA_ERROR_INVALID_ARGUMENT );
280 case MBEDTLS_ERR_XTEA_HW_ACCEL_FAILED:
281 return( PSA_ERROR_HARDWARE_FAILURE );
282
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]283 default:
284 return( PSA_ERROR_UNKNOWN_ERROR );
285 }
286}
287
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]288
289
290/****************************************************************/
291/* Key management */
292/****************************************************************/
293
294psa_status_t psa_import_key(psa_key_slot_t key,
295 psa_key_type_t type,
296 const uint8_t *data,
297 size_t data_length)
298{
299 key_slot_t *slot;
300
301 if( key == 0 || key > MBEDTLS_PSA_KEY_SLOT_COUNT )
302 return( PSA_ERROR_INVALID_ARGUMENT );
303 slot = &global_data.key_slots[key];
304 if( slot->type != PSA_KEY_TYPE_NONE )
305 return( PSA_ERROR_OCCUPIED_SLOT );
306
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]307 if( PSA_KEY_TYPE_IS_RAW_BYTES( type ) )
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]308 {
Gilles Peskine6d912132018-03-07 16:41:37 +0100[diff] [blame]309 /* Ensure that a bytes-to-bit conversion won't overflow. */
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]310 if( data_length > SIZE_MAX / 8 )
311 return( PSA_ERROR_NOT_SUPPORTED );
312 slot->data.raw.data = mbedtls_calloc( 1, data_length );
313 if( slot->data.raw.data == NULL )
314 return( PSA_ERROR_INSUFFICIENT_MEMORY );
315 memcpy( slot->data.raw.data, data, data_length );
316 slot->data.raw.bytes = data_length;
317 }
318 else
Gilles Peskine969ac722018-01-28 18:16:59 +0100[diff] [blame]319#if defined(MBEDTLS_PK_PARSE_C)
Gilles Peskinec66ea6a2018-02-03 22:43:28 +0100[diff] [blame]320 if( type == PSA_KEY_TYPE_RSA_PUBLIC_KEY ||
321 type == PSA_KEY_TYPE_RSA_KEYPAIR ||
322 PSA_KEY_TYPE_IS_ECC( type ) )
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]323 {
324 int ret;
Gilles Peskine969ac722018-01-28 18:16:59 +0100[diff] [blame]325 mbedtls_pk_context pk;
326 mbedtls_pk_init( &pk );
Gilles Peskinec66ea6a2018-02-03 22:43:28 +0100[diff] [blame]327 if( PSA_KEY_TYPE_IS_KEYPAIR( type ) )
328 ret = mbedtls_pk_parse_key( &pk, data, data_length, NULL, 0 );
329 else
330 ret = mbedtls_pk_parse_public_key( &pk, data, data_length );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]331 if( ret != 0 )
332 return( mbedtls_to_psa_error( ret ) );
Gilles Peskine969ac722018-01-28 18:16:59 +0100[diff] [blame]333 switch( mbedtls_pk_get_type( &pk ) )
334 {
335#if defined(MBEDTLS_RSA_C)
336 case MBEDTLS_PK_RSA:
Gilles Peskinec66ea6a2018-02-03 22:43:28 +0100[diff] [blame]337 if( type == PSA_KEY_TYPE_RSA_PUBLIC_KEY ||
338 type == PSA_KEY_TYPE_RSA_KEYPAIR )
Gilles Peskine969ac722018-01-28 18:16:59 +0100[diff] [blame]339 slot->data.rsa = pk.pk_ctx;
340 else
341 return( PSA_ERROR_INVALID_ARGUMENT );
342 break;
343#endif /* MBEDTLS_RSA_C */
344#if defined(MBEDTLS_ECP_C)
345 case MBEDTLS_PK_ECKEY:
346 if( PSA_KEY_TYPE_IS_ECC( type ) )
347 {
348 // TODO: check curve
349 slot->data.ecp = pk.pk_ctx;
350 }
351 else
352 return( PSA_ERROR_INVALID_ARGUMENT );
353 break;
354#endif /* MBEDTLS_ECP_C */
355 default:
356 return( PSA_ERROR_INVALID_ARGUMENT );
357 }
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]358 }
359 else
Gilles Peskine969ac722018-01-28 18:16:59 +0100[diff] [blame]360#endif /* defined(MBEDTLS_PK_PARSE_C) */
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]361 {
362 return( PSA_ERROR_NOT_SUPPORTED );
363 }
364
365 slot->type = type;
366 return( PSA_SUCCESS );
367}
368
369psa_status_t psa_destroy_key(psa_key_slot_t key)
370{
371 key_slot_t *slot;
372
373 if( key == 0 || key > MBEDTLS_PSA_KEY_SLOT_COUNT )
374 return( PSA_ERROR_INVALID_ARGUMENT );
375 slot = &global_data.key_slots[key];
376 if( slot->type == PSA_KEY_TYPE_NONE )
377 return( PSA_ERROR_EMPTY_SLOT );
378
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]379 if( PSA_KEY_TYPE_IS_RAW_BYTES( slot->type ) )
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]380 {
381 mbedtls_free( slot->data.raw.data );
382 }
383 else
Gilles Peskine969ac722018-01-28 18:16:59 +0100[diff] [blame]384#if defined(MBEDTLS_RSA_C)
Gilles Peskinec66ea6a2018-02-03 22:43:28 +0100[diff] [blame]385 if( slot->type == PSA_KEY_TYPE_RSA_PUBLIC_KEY ||
386 slot->type == PSA_KEY_TYPE_RSA_KEYPAIR )
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]387 {
Gilles Peskine969ac722018-01-28 18:16:59 +0100[diff] [blame]388 mbedtls_rsa_free( slot->data.rsa );
Gilles Peskine3c6e9702018-03-07 16:42:44 +0100[diff] [blame]389 mbedtls_free( slot->data.rsa );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]390 }
391 else
Gilles Peskine969ac722018-01-28 18:16:59 +0100[diff] [blame]392#endif /* defined(MBEDTLS_RSA_C) */
393#if defined(MBEDTLS_ECP_C)
394 if( PSA_KEY_TYPE_IS_ECC( slot->type ) )
395 {
396 mbedtls_ecp_keypair_free( slot->data.ecp );
Gilles Peskine3c6e9702018-03-07 16:42:44 +0100[diff] [blame]397 mbedtls_free( slot->data.ecp );
Gilles Peskine969ac722018-01-28 18:16:59 +0100[diff] [blame]398 }
399 else
400#endif /* defined(MBEDTLS_ECP_C) */
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]401 {
402 /* Shouldn't happen: the key type is not any type that we
Gilles Peskine6d912132018-03-07 16:41:37 +0100[diff] [blame]403 * put in. */
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]404 return( PSA_ERROR_TAMPERING_DETECTED );
405 }
406
407 mbedtls_zeroize( slot, sizeof( *slot ) );
408 return( PSA_SUCCESS );
409}
410
411psa_status_t psa_get_key_information(psa_key_slot_t key,
412 psa_key_type_t *type,
413 size_t *bits)
414{
415 key_slot_t *slot;
416
417 if( key == 0 || key > MBEDTLS_PSA_KEY_SLOT_COUNT )
Gilles Peskinec66ea6a2018-02-03 22:43:28 +0100[diff] [blame]418 return( PSA_ERROR_EMPTY_SLOT );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]419 slot = &global_data.key_slots[key];
420 if( type != NULL )
421 *type = slot->type;
422 if( bits != NULL )
423 *bits = 0;
424 if( slot->type == PSA_KEY_TYPE_NONE )
425 return( PSA_ERROR_EMPTY_SLOT );
426
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]427 if( PSA_KEY_TYPE_IS_RAW_BYTES( slot->type ) )
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]428 {
429 if( bits != NULL )
430 *bits = slot->data.raw.bytes * 8;
431 }
432 else
Gilles Peskine969ac722018-01-28 18:16:59 +0100[diff] [blame]433#if defined(MBEDTLS_RSA_C)
Gilles Peskinec66ea6a2018-02-03 22:43:28 +0100[diff] [blame]434 if( slot->type == PSA_KEY_TYPE_RSA_PUBLIC_KEY ||
435 slot->type == PSA_KEY_TYPE_RSA_KEYPAIR )
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]436 {
437 if( bits != NULL )
Gilles Peskine969ac722018-01-28 18:16:59 +0100[diff] [blame]438 *bits = mbedtls_rsa_get_bitlen( slot->data.rsa );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]439 }
440 else
Gilles Peskine969ac722018-01-28 18:16:59 +0100[diff] [blame]441#endif /* defined(MBEDTLS_RSA_C) */
442#if defined(MBEDTLS_ECP_C)
443 if( PSA_KEY_TYPE_IS_ECC( slot->type ) )
444 {
445 if( bits != NULL )
446 *bits = slot->data.ecp->grp.pbits;
447 }
448 else
449#endif /* defined(MBEDTLS_ECP_C) */
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]450 {
451 /* Shouldn't happen: the key type is not any type that we
Gilles Peskine6d912132018-03-07 16:41:37 +0100[diff] [blame]452 * put in. */
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]453 return( PSA_ERROR_TAMPERING_DETECTED );
454 }
455
456 return( PSA_SUCCESS );
457}
458
459psa_status_t psa_export_key(psa_key_slot_t key,
460 uint8_t *data,
461 size_t data_size,
462 size_t *data_length)
463{
464 key_slot_t *slot;
465
466 if( key == 0 || key > MBEDTLS_PSA_KEY_SLOT_COUNT )
Gilles Peskinec66ea6a2018-02-03 22:43:28 +0100[diff] [blame]467 return( PSA_ERROR_EMPTY_SLOT );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]468 slot = &global_data.key_slots[key];
469 if( slot->type == PSA_KEY_TYPE_NONE )
470 return( PSA_ERROR_EMPTY_SLOT );
471
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]472 if( PSA_KEY_TYPE_IS_RAW_BYTES( slot->type ) )
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]473 {
474 if( slot->data.raw.bytes > data_size )
475 return( PSA_ERROR_BUFFER_TOO_SMALL );
476 memcpy( data, slot->data.raw.data, slot->data.raw.bytes );
477 *data_length = slot->data.raw.bytes;
478 return( PSA_SUCCESS );
479 }
480 else
Gilles Peskine969ac722018-01-28 18:16:59 +0100[diff] [blame]481#if defined(MBEDTLS_PK_WRITE_C)
Gilles Peskinec66ea6a2018-02-03 22:43:28 +0100[diff] [blame]482 if( slot->type == PSA_KEY_TYPE_RSA_PUBLIC_KEY ||
483 slot->type == PSA_KEY_TYPE_RSA_KEYPAIR ||
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]484 PSA_KEY_TYPE_IS_ECC( slot->type ) )
485 {
Gilles Peskine969ac722018-01-28 18:16:59 +0100[diff] [blame]486 mbedtls_pk_context pk;
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]487 int ret;
Gilles Peskine969ac722018-01-28 18:16:59 +0100[diff] [blame]488 mbedtls_pk_init( &pk );
Gilles Peskinec66ea6a2018-02-03 22:43:28 +0100[diff] [blame]489 if( slot->type == PSA_KEY_TYPE_RSA_PUBLIC_KEY ||
490 slot->type == PSA_KEY_TYPE_RSA_KEYPAIR )
Gilles Peskine969ac722018-01-28 18:16:59 +0100[diff] [blame]491 {
492 pk.pk_info = &mbedtls_rsa_info;
493 pk.pk_ctx = slot->data.rsa;
494 }
495 else
496 {
497 pk.pk_info = &mbedtls_eckey_info;
498 pk.pk_ctx = slot->data.ecp;
499 }
Gilles Peskinec66ea6a2018-02-03 22:43:28 +0100[diff] [blame]500 if( PSA_KEY_TYPE_IS_KEYPAIR( slot->type ) )
501 ret = mbedtls_pk_write_key_der( &pk, data, data_size );
502 else
503 ret = mbedtls_pk_write_pubkey_der( &pk, data, data_size );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]504 if( ret < 0 )
505 return( mbedtls_to_psa_error( ret ) );
506 *data_length = ret;
507 return( PSA_SUCCESS );
508 }
509 else
Gilles Peskine6d912132018-03-07 16:41:37 +0100[diff] [blame]510#endif /* defined(MBEDTLS_PK_WRITE_C) */
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]511 {
Gilles Peskine6d912132018-03-07 16:41:37 +0100[diff] [blame]512 /* This shouldn't happen in the reference implementation, but
513 it is valid for a special-purpose implementation to omit
514 support for exporting certain key types. */
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]515 return( PSA_ERROR_NOT_SUPPORTED );
516 }
517}
518
519
520
521/****************************************************************/
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]522/* Message digests */
523/****************************************************************/
524
Gilles Peskinedc2fc842018-03-07 16:42:59 +0100[diff] [blame]525static const mbedtls_md_info_t *mbedtls_md_info_from_psa( psa_algorithm_t alg )
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]526{
527 switch( alg )
528 {
529#if defined(MBEDTLS_MD2_C)
530 case PSA_ALG_MD2:
531 return( &mbedtls_md2_info );
532#endif
533#if defined(MBEDTLS_MD4_C)
534 case PSA_ALG_MD4:
535 return( &mbedtls_md4_info );
536#endif
537#if defined(MBEDTLS_MD5_C)
538 case PSA_ALG_MD5:
539 return( &mbedtls_md5_info );
540#endif
541#if defined(MBEDTLS_RIPEMD160_C)
542 case PSA_ALG_RIPEMD160:
543 return( &mbedtls_ripemd160_info );
544#endif
545#if defined(MBEDTLS_SHA1_C)
546 case PSA_ALG_SHA_1:
547 return( &mbedtls_sha1_info );
548#endif
549#if defined(MBEDTLS_SHA256_C)
550 case PSA_ALG_SHA_224:
551 return( &mbedtls_sha224_info );
552 case PSA_ALG_SHA_256:
553 return( &mbedtls_sha256_info );
554#endif
555#if defined(MBEDTLS_SHA512_C)
556 case PSA_ALG_SHA_384:
557 return( &mbedtls_sha384_info );
558 case PSA_ALG_SHA_512:
559 return( &mbedtls_sha512_info );
560#endif
561 default:
562 return( NULL );
563 }
564}
565
566#if 0
567static psa_algorithm_t mbedtls_md_alg_to_psa( mbedtls_md_type_t md_alg )
568{
569 switch( md_alg )
570 {
571 case MBEDTLS_MD_NONE:
572 return( 0 );
573 case MBEDTLS_MD_MD2:
574 return( PSA_ALG_MD2 );
575 case MBEDTLS_MD_MD4:
576 return( PSA_ALG_MD4 );
577 case MBEDTLS_MD_MD5:
578 return( PSA_ALG_MD5 );
579 case MBEDTLS_MD_SHA1:
580 return( PSA_ALG_SHA_1 );
581 case MBEDTLS_MD_SHA224:
582 return( PSA_ALG_SHA_224 );
583 case MBEDTLS_MD_SHA256:
584 return( PSA_ALG_SHA_256 );
585 case MBEDTLS_MD_SHA384:
586 return( PSA_ALG_SHA_384 );
587 case MBEDTLS_MD_SHA512:
588 return( PSA_ALG_SHA_512 );
589 case MBEDTLS_MD_RIPEMD160:
590 return( PSA_ALG_RIPEMD160 );
591 default:
Gilles Peskine47c1bc02018-03-20 17:55:04 +0100[diff] [blame]592 return( 0 );
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]593 }
594}
595#endif
596
Gilles Peskine9ef733f2018-02-07 21:05:37 +0100[diff] [blame]597psa_status_t psa_hash_abort( psa_hash_operation_t *operation )
598{
599 switch( operation->alg )
600 {
601#if defined(MBEDTLS_MD2_C)
602 case PSA_ALG_MD2:
603 mbedtls_md2_free( &operation->ctx.md2 );
604 break;
605#endif
606#if defined(MBEDTLS_MD4_C)
607 case PSA_ALG_MD4:
608 mbedtls_md4_free( &operation->ctx.md4 );
609 break;
610#endif
611#if defined(MBEDTLS_MD5_C)
612 case PSA_ALG_MD5:
613 mbedtls_md5_free( &operation->ctx.md5 );
614 break;
615#endif
616#if defined(MBEDTLS_RIPEMD160_C)
617 case PSA_ALG_RIPEMD160:
618 mbedtls_ripemd160_free( &operation->ctx.ripemd160 );
619 break;
620#endif
621#if defined(MBEDTLS_SHA1_C)
622 case PSA_ALG_SHA_1:
623 mbedtls_sha1_free( &operation->ctx.sha1 );
624 break;
625#endif
626#if defined(MBEDTLS_SHA256_C)
627 case PSA_ALG_SHA_224:
628 case PSA_ALG_SHA_256:
629 mbedtls_sha256_free( &operation->ctx.sha256 );
630 break;
631#endif
632#if defined(MBEDTLS_SHA512_C)
633 case PSA_ALG_SHA_384:
634 case PSA_ALG_SHA_512:
635 mbedtls_sha512_free( &operation->ctx.sha512 );
636 break;
637#endif
638 default:
639 return( PSA_ERROR_NOT_SUPPORTED );
640 }
641 operation->alg = 0;
642 return( PSA_SUCCESS );
643}
644
645psa_status_t psa_hash_start( psa_hash_operation_t *operation,
646 psa_algorithm_t alg )
647{
648 int ret;
649 operation->alg = 0;
650 switch( alg )
651 {
652#if defined(MBEDTLS_MD2_C)
653 case PSA_ALG_MD2:
654 mbedtls_md2_init( &operation->ctx.md2 );
655 ret = mbedtls_md2_starts_ret( &operation->ctx.md2 );
656 break;
657#endif
658#if defined(MBEDTLS_MD4_C)
659 case PSA_ALG_MD4:
660 mbedtls_md4_init( &operation->ctx.md4 );
661 ret = mbedtls_md4_starts_ret( &operation->ctx.md4 );
662 break;
663#endif
664#if defined(MBEDTLS_MD5_C)
665 case PSA_ALG_MD5:
666 mbedtls_md5_init( &operation->ctx.md5 );
667 ret = mbedtls_md5_starts_ret( &operation->ctx.md5 );
668 break;
669#endif
670#if defined(MBEDTLS_RIPEMD160_C)
671 case PSA_ALG_RIPEMD160:
672 mbedtls_ripemd160_init( &operation->ctx.ripemd160 );
673 ret = mbedtls_ripemd160_starts_ret( &operation->ctx.ripemd160 );
674 break;
675#endif
676#if defined(MBEDTLS_SHA1_C)
677 case PSA_ALG_SHA_1:
678 mbedtls_sha1_init( &operation->ctx.sha1 );
679 ret = mbedtls_sha1_starts_ret( &operation->ctx.sha1 );
680 break;
681#endif
682#if defined(MBEDTLS_SHA256_C)
683 case PSA_ALG_SHA_224:
684 mbedtls_sha256_init( &operation->ctx.sha256 );
685 ret = mbedtls_sha256_starts_ret( &operation->ctx.sha256, 1 );
686 break;
687 case PSA_ALG_SHA_256:
688 mbedtls_sha256_init( &operation->ctx.sha256 );
689 ret = mbedtls_sha256_starts_ret( &operation->ctx.sha256, 0 );
690 break;
691#endif
692#if defined(MBEDTLS_SHA512_C)
693 case PSA_ALG_SHA_384:
694 mbedtls_sha512_init( &operation->ctx.sha512 );
695 ret = mbedtls_sha512_starts_ret( &operation->ctx.sha512, 1 );
696 break;
697 case PSA_ALG_SHA_512:
698 mbedtls_sha512_init( &operation->ctx.sha512 );
699 ret = mbedtls_sha512_starts_ret( &operation->ctx.sha512, 0 );
700 break;
701#endif
702 default:
703 return( PSA_ERROR_NOT_SUPPORTED );
704 }
705 if( ret == 0 )
706 operation->alg = alg;
707 else
708 psa_hash_abort( operation );
709 return( mbedtls_to_psa_error( ret ) );
710}
711
712psa_status_t psa_hash_update( psa_hash_operation_t *operation,
713 const uint8_t *input,
714 size_t input_length )
715{
716 int ret;
717 switch( operation->alg )
718 {
719#if defined(MBEDTLS_MD2_C)
720 case PSA_ALG_MD2:
721 ret = mbedtls_md2_update_ret( &operation->ctx.md2,
722 input, input_length );
723 break;
724#endif
725#if defined(MBEDTLS_MD4_C)
726 case PSA_ALG_MD4:
727 ret = mbedtls_md4_update_ret( &operation->ctx.md4,
728 input, input_length );
729 break;
730#endif
731#if defined(MBEDTLS_MD5_C)
732 case PSA_ALG_MD5:
733 ret = mbedtls_md5_update_ret( &operation->ctx.md5,
734 input, input_length );
735 break;
736#endif
737#if defined(MBEDTLS_RIPEMD160_C)
738 case PSA_ALG_RIPEMD160:
739 ret = mbedtls_ripemd160_update_ret( &operation->ctx.ripemd160,
740 input, input_length );
741 break;
742#endif
743#if defined(MBEDTLS_SHA1_C)
744 case PSA_ALG_SHA_1:
745 ret = mbedtls_sha1_update_ret( &operation->ctx.sha1,
746 input, input_length );
747 break;
748#endif
749#if defined(MBEDTLS_SHA256_C)
750 case PSA_ALG_SHA_224:
751 case PSA_ALG_SHA_256:
752 ret = mbedtls_sha256_update_ret( &operation->ctx.sha256,
753 input, input_length );
754 break;
755#endif
756#if defined(MBEDTLS_SHA512_C)
757 case PSA_ALG_SHA_384:
758 case PSA_ALG_SHA_512:
759 ret = mbedtls_sha512_update_ret( &operation->ctx.sha512,
760 input, input_length );
761 break;
762#endif
763 default:
764 ret = MBEDTLS_ERR_MD_BAD_INPUT_DATA;
765 break;
766 }
767 if( ret != 0 )
768 psa_hash_abort( operation );
769 return( mbedtls_to_psa_error( ret ) );
770}
771
772psa_status_t psa_hash_finish( psa_hash_operation_t *operation,
773 uint8_t *hash,
774 size_t hash_size,
775 size_t *hash_length )
776{
777 int ret;
778 size_t actual_hash_length = PSA_HASH_FINAL_SIZE( operation->alg );
779
780 /* Fill the output buffer with something that isn't a valid hash
781 * (barring an attack on the hash and deliberately-crafted input),
782 * in case the caller doesn't check the return status properly. */
783 *hash_length = actual_hash_length;
784 memset( hash, '!', hash_size );
785
786 if( hash_size < actual_hash_length )
787 return( PSA_ERROR_BUFFER_TOO_SMALL );
788
789 switch( operation->alg )
790 {
791#if defined(MBEDTLS_MD2_C)
792 case PSA_ALG_MD2:
793 ret = mbedtls_md2_finish_ret( &operation->ctx.md2, hash );
794 break;
795#endif
796#if defined(MBEDTLS_MD4_C)
797 case PSA_ALG_MD4:
798 ret = mbedtls_md4_finish_ret( &operation->ctx.md4, hash );
799 break;
800#endif
801#if defined(MBEDTLS_MD5_C)
802 case PSA_ALG_MD5:
803 ret = mbedtls_md5_finish_ret( &operation->ctx.md5, hash );
804 break;
805#endif
806#if defined(MBEDTLS_RIPEMD160_C)
807 case PSA_ALG_RIPEMD160:
808 ret = mbedtls_ripemd160_finish_ret( &operation->ctx.ripemd160, hash );
809 break;
810#endif
811#if defined(MBEDTLS_SHA1_C)
812 case PSA_ALG_SHA_1:
813 ret = mbedtls_sha1_finish_ret( &operation->ctx.sha1, hash );
814 break;
815#endif
816#if defined(MBEDTLS_SHA256_C)
817 case PSA_ALG_SHA_224:
818 case PSA_ALG_SHA_256:
819 ret = mbedtls_sha256_finish_ret( &operation->ctx.sha256, hash );
820 break;
821#endif
822#if defined(MBEDTLS_SHA512_C)
823 case PSA_ALG_SHA_384:
824 case PSA_ALG_SHA_512:
825 ret = mbedtls_sha512_finish_ret( &operation->ctx.sha512, hash );
826 break;
827#endif
828 default:
829 ret = MBEDTLS_ERR_MD_BAD_INPUT_DATA;
830 break;
831 }
832
833 if( ret == 0 )
834 {
835 return( psa_hash_abort( operation ) );
836 }
837 else
838 {
839 psa_hash_abort( operation );
840 return( mbedtls_to_psa_error( ret ) );
841 }
842}
843
844psa_status_t psa_hash_verify(psa_hash_operation_t *operation,
845 const uint8_t *hash,
846 size_t hash_length)
847{
848 uint8_t actual_hash[MBEDTLS_MD_MAX_SIZE];
849 size_t actual_hash_length;
850 psa_status_t status = psa_hash_finish( operation,
851 actual_hash, sizeof( actual_hash ),
852 &actual_hash_length );
853 if( status != PSA_SUCCESS )
854 return( status );
855 if( actual_hash_length != hash_length )
856 return( PSA_ERROR_INVALID_SIGNATURE );
857 if( safer_memcmp( hash, actual_hash, actual_hash_length ) != 0 )
858 return( PSA_ERROR_INVALID_SIGNATURE );
859 return( PSA_SUCCESS );
860}
861
862
863
864
865/****************************************************************/
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]866/* MAC */
867/****************************************************************/
868
Gilles Peskinedc2fc842018-03-07 16:42:59 +0100[diff] [blame]869static const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa(
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]870 psa_algorithm_t alg,
871 psa_key_type_t key_type,
872 size_t key_bits )
873{
874 mbedtls_cipher_id_t cipher_id;
875 mbedtls_cipher_mode_t mode;
876
877 if( PSA_ALG_IS_CIPHER( alg ) || PSA_ALG_IS_AEAD( alg ) )
878 {
879 if( PSA_ALG_IS_BLOCK_CIPHER( alg ) )
880 alg &= ~PSA_ALG_BLOCK_CIPHER_MODE_MASK;
881 switch( alg )
882 {
883 case PSA_ALG_STREAM_CIPHER:
884 mode = MBEDTLS_MODE_STREAM;
885 break;
886 case PSA_ALG_CBC_BASE:
887 mode = MBEDTLS_MODE_CBC;
888 break;
889 case PSA_ALG_CFB_BASE:
890 mode = MBEDTLS_MODE_CFB;
891 break;
892 case PSA_ALG_OFB_BASE:
893 mode = MBEDTLS_MODE_OFB;
894 break;
895 case PSA_ALG_CTR:
896 mode = MBEDTLS_MODE_CTR;
897 break;
898 case PSA_ALG_CCM:
899 mode = MBEDTLS_MODE_CCM;
900 break;
901 case PSA_ALG_GCM:
902 mode = MBEDTLS_MODE_GCM;
903 break;
904 default:
905 return( NULL );
906 }
907 }
908 else if( alg == PSA_ALG_CMAC )
909 mode = MBEDTLS_MODE_ECB;
910 else if( alg == PSA_ALG_GMAC )
911 mode = MBEDTLS_MODE_GCM;
912 else
913 return( NULL );
914
915 switch( key_type )
916 {
917 case PSA_KEY_TYPE_AES:
918 cipher_id = MBEDTLS_CIPHER_ID_AES;
919 break;
920 case PSA_KEY_TYPE_DES:
921 if( key_bits == 64 )
922 cipher_id = MBEDTLS_CIPHER_ID_DES;
923 else
924 cipher_id = MBEDTLS_CIPHER_ID_3DES;
925 break;
926 case PSA_KEY_TYPE_CAMELLIA:
927 cipher_id = MBEDTLS_CIPHER_ID_CAMELLIA;
928 break;
929 case PSA_KEY_TYPE_ARC4:
930 cipher_id = MBEDTLS_CIPHER_ID_ARC4;
931 break;
932 default:
933 return( NULL );
934 }
935
936 return( mbedtls_cipher_info_from_values( cipher_id, key_bits, mode ) );
937}
938
939psa_status_t psa_mac_abort( psa_mac_operation_t *operation )
940{
941 switch( operation->alg )
942 {
943#if defined(MBEDTLS_CMAC_C)
944 case PSA_ALG_CMAC:
945 mbedtls_cipher_free( &operation->ctx.cmac );
946 break;
947#endif /* MBEDTLS_CMAC_C */
948 default:
949#if defined(MBEDTLS_MD_C)
950 if( PSA_ALG_IS_HMAC( operation->alg ) )
951 mbedtls_md_free( &operation->ctx.hmac );
952 else
953#endif /* MBEDTLS_MD_C */
954 return( PSA_ERROR_NOT_SUPPORTED );
955 }
956 operation->alg = 0;
957 operation->key_set = 0;
958 operation->iv_set = 0;
959 operation->iv_required = 0;
960 operation->has_input = 0;
961 return( PSA_SUCCESS );
962}
963
964psa_status_t psa_mac_start( psa_mac_operation_t *operation,
965 psa_key_slot_t key,
966 psa_algorithm_t alg )
967{
968 int ret = MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE;
969 psa_status_t status;
970 key_slot_t *slot;
971 psa_key_type_t key_type;
972 size_t key_bits;
973 const mbedtls_cipher_info_t *cipher_info = NULL;
974
975 operation->alg = 0;
976 operation->key_set = 0;
977 operation->iv_set = 0;
978 operation->iv_required = 1;
979 operation->has_input = 0;
980
981 status = psa_get_key_information( key, &key_type, &key_bits );
982 if( status != PSA_SUCCESS )
983 return( status );
984 slot = &global_data.key_slots[key];
985
986 if( ! PSA_ALG_IS_HMAC( alg ) )
987 {
Gilles Peskinedc2fc842018-03-07 16:42:59 +0100[diff] [blame]988 cipher_info = mbedtls_cipher_info_from_psa( alg, key_type, key_bits );
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]989 if( cipher_info == NULL )
990 return( PSA_ERROR_NOT_SUPPORTED );
991 operation->mac_size = cipher_info->block_size;
992 }
993 switch( alg )
994 {
995#if defined(MBEDTLS_CMAC_C)
996 case PSA_ALG_CMAC:
997 operation->iv_required = 0;
998 mbedtls_cipher_init( &operation->ctx.cmac );
999 ret = mbedtls_cipher_setup( &operation->ctx.cmac, cipher_info );
1000 if( ret != 0 )
1001 break;
1002 ret = mbedtls_cipher_cmac_starts( &operation->ctx.cmac,
1003 slot->data.raw.data,
1004 key_bits );
1005 break;
1006#endif /* MBEDTLS_CMAC_C */
1007 default:
1008#if defined(MBEDTLS_MD_C)
1009 if( PSA_ALG_IS_HMAC( alg ) )
1010 {
1011 const mbedtls_md_info_t *md_info =
Gilles Peskinedc2fc842018-03-07 16:42:59 +0100[diff] [blame]1012 mbedtls_md_info_from_psa( PSA_ALG_HMAC_HASH( alg ) );
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]1013 if( md_info == NULL )
1014 return( PSA_ERROR_NOT_SUPPORTED );
1015 if( key_type != PSA_KEY_TYPE_HMAC )
1016 return( PSA_ERROR_INVALID_ARGUMENT );
1017 operation->iv_required = 0;
1018 operation->mac_size = mbedtls_md_get_size( md_info );
1019 mbedtls_md_init( &operation->ctx.hmac );
1020 ret = mbedtls_md_setup( &operation->ctx.hmac, md_info, 1 );
1021 if( ret != 0 )
1022 break;
1023 ret = mbedtls_md_hmac_starts( &operation->ctx.hmac,
1024 slot->data.raw.data,
1025 slot->data.raw.bytes );
1026 break;
1027 }
1028 else
1029#endif /* MBEDTLS_MD_C */
1030 return( PSA_ERROR_NOT_SUPPORTED );
1031 }
1032
1033 /* If we reach this point, then the algorithm-specific part of the
1034 * context has at least been initialized, and may contain data that
1035 * needs to be wiped on error. */
1036 operation->alg = alg;
1037 if( ret != 0 )
1038 {
1039 psa_mac_abort( operation );
1040 return( mbedtls_to_psa_error( ret ) );
1041 }
1042 operation->key_set = 1;
Gilles Peskine47c1bc02018-03-20 17:55:04 +0100[diff] [blame]1043 return( PSA_SUCCESS );
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]1044}
1045
1046psa_status_t psa_mac_update( psa_mac_operation_t *operation,
1047 const uint8_t *input,
1048 size_t input_length )
1049{
1050 int ret;
1051 if( ! operation->key_set )
1052 return( PSA_ERROR_BAD_STATE );
1053 if( operation->iv_required && ! operation->iv_set )
1054 return( PSA_ERROR_BAD_STATE );
1055 operation->has_input = 1;
1056
1057 switch( operation->alg )
1058 {
1059#if defined(MBEDTLS_CMAC_C)
1060 case PSA_ALG_CMAC:
1061 ret = mbedtls_cipher_cmac_update( &operation->ctx.cmac,
1062 input, input_length );
1063 break;
1064#endif /* MBEDTLS_CMAC_C */
1065 default:
1066#if defined(MBEDTLS_MD_C)
1067 if( PSA_ALG_IS_HMAC( operation->alg ) )
1068 {
1069 ret = mbedtls_md_hmac_update( &operation->ctx.hmac,
1070 input, input_length );
1071 }
1072 else
1073#endif /* MBEDTLS_MD_C */
1074 {
1075 ret = MBEDTLS_ERR_MD_BAD_INPUT_DATA;
1076 }
1077 break;
1078 }
1079 if( ret != 0 )
1080 psa_mac_abort( operation );
1081 return( mbedtls_to_psa_error( ret ) );
1082}
1083
1084psa_status_t psa_mac_finish( psa_mac_operation_t *operation,
1085 uint8_t *mac,
1086 size_t mac_size,
1087 size_t *mac_length )
1088{
1089 int ret;
1090 if( ! operation->key_set )
1091 return( PSA_ERROR_BAD_STATE );
1092 if( operation->iv_required && ! operation->iv_set )
1093 return( PSA_ERROR_BAD_STATE );
1094
1095 /* Fill the output buffer with something that isn't a valid mac
1096 * (barring an attack on the mac and deliberately-crafted input),
1097 * in case the caller doesn't check the return status properly. */
1098 *mac_length = operation->mac_size;
1099 memset( mac, '!', mac_size );
1100
1101 if( mac_size < operation->mac_size )
1102 return( PSA_ERROR_BUFFER_TOO_SMALL );
1103
1104 switch( operation->alg )
1105 {
1106#if defined(MBEDTLS_CMAC_C)
1107 case PSA_ALG_CMAC:
1108 ret = mbedtls_cipher_cmac_finish( &operation->ctx.cmac, mac );
1109 break;
1110#endif /* MBEDTLS_CMAC_C */
1111 default:
1112#if defined(MBEDTLS_MD_C)
1113 if( PSA_ALG_IS_HMAC( operation->alg ) )
1114 {
1115 ret = mbedtls_md_hmac_finish( &operation->ctx.hmac, mac );
1116 }
1117 else
1118#endif /* MBEDTLS_MD_C */
1119 {
1120 ret = MBEDTLS_ERR_MD_BAD_INPUT_DATA;
1121 }
1122 break;
1123 }
1124
1125 if( ret == 0 )
1126 {
1127 return( psa_mac_abort( operation ) );
1128 }
1129 else
1130 {
1131 psa_mac_abort( operation );
1132 return( mbedtls_to_psa_error( ret ) );
1133 }
1134}
1135
1136#define MBEDTLS_PSA_MAC_MAX_SIZE \
1137 ( MBEDTLS_MD_MAX_SIZE > MBEDTLS_MAX_BLOCK_LENGTH ? \
1138 MBEDTLS_MD_MAX_SIZE : \
1139 MBEDTLS_MAX_BLOCK_LENGTH )
1140psa_status_t psa_mac_verify( psa_mac_operation_t *operation,
1141 const uint8_t *mac,
1142 size_t mac_length )
1143{
1144 uint8_t actual_mac[MBEDTLS_PSA_MAC_MAX_SIZE];
1145 size_t actual_mac_length;
1146 psa_status_t status = psa_mac_finish( operation,
1147 actual_mac, sizeof( actual_mac ),
1148 &actual_mac_length );
1149 if( status != PSA_SUCCESS )
1150 return( status );
1151 if( actual_mac_length != mac_length )
1152 return( PSA_ERROR_INVALID_SIGNATURE );
1153 if( safer_memcmp( mac, actual_mac, actual_mac_length ) != 0 )
1154 return( PSA_ERROR_INVALID_SIGNATURE );
1155 return( PSA_SUCCESS );
1156}
1157
1158
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]1159
1160
1161/****************************************************************/
1162/* Asymmetric cryptography */
1163/****************************************************************/
1164
1165psa_status_t psa_asymmetric_sign(psa_key_slot_t key,
1166 psa_algorithm_t alg,
1167 const uint8_t *hash,
1168 size_t hash_length,
1169 const uint8_t *salt,
1170 size_t salt_length,
1171 uint8_t *signature,
1172 size_t signature_size,
1173 size_t *signature_length)
1174{
1175 key_slot_t *slot;
1176
Gilles Peskine93aa0332018-02-03 23:58:03 +0100[diff] [blame]1177 *signature_length = 0;
1178 (void) salt;
1179 (void) salt_length;
1180
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]1181 if( key == 0 || key > MBEDTLS_PSA_KEY_SLOT_COUNT )
1182 return( PSA_ERROR_EMPTY_SLOT );
1183 slot = &global_data.key_slots[key];
1184 if( slot->type == PSA_KEY_TYPE_NONE )
1185 return( PSA_ERROR_EMPTY_SLOT );
1186 if( ! PSA_KEY_TYPE_IS_KEYPAIR( slot->type ) )
1187 return( PSA_ERROR_INVALID_ARGUMENT );
1188
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]1189#if defined(MBEDTLS_RSA_C)
1190 if( slot->type == PSA_KEY_TYPE_RSA_KEYPAIR )
1191 {
1192 mbedtls_rsa_context *rsa = slot->data.rsa;
1193 int ret;
1194 psa_algorithm_t hash_alg = PSA_ALG_RSA_GET_HASH( alg );
Gilles Peskinedc2fc842018-03-07 16:42:59 +0100[diff] [blame]1195 const mbedtls_md_info_t *md_info = mbedtls_md_info_from_psa( hash_alg );
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]1196 mbedtls_md_type_t md_alg =
1197 hash_alg == 0 ? MBEDTLS_MD_NONE : mbedtls_md_get_type( md_info );
1198 if( md_alg == MBEDTLS_MD_NONE )
1199 {
1200#if SIZE_MAX > UINT_MAX
1201 if( hash_length > UINT_MAX )
1202 return( PSA_ERROR_INVALID_ARGUMENT );
1203#endif
1204 }
1205 else
1206 {
1207 if( mbedtls_md_get_size( md_info ) != hash_length )
1208 return( PSA_ERROR_INVALID_ARGUMENT );
1209 if( md_info == NULL )
1210 return( PSA_ERROR_NOT_SUPPORTED );
1211 }
1212 if( signature_size < rsa->len )
1213 return( PSA_ERROR_BUFFER_TOO_SMALL );
1214#if defined(MBEDTLS_PKCS1_V15)
1215 if( PSA_ALG_IS_RSA_PKCS1V15( alg ) )
1216 {
1217 mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V15,
1218 MBEDTLS_MD_NONE );
1219 ret = mbedtls_rsa_pkcs1_sign( rsa,
1220 mbedtls_ctr_drbg_random,
1221 &global_data.ctr_drbg,
1222 MBEDTLS_RSA_PRIVATE,
1223 md_alg, hash_length, hash,
1224 signature );
1225 }
1226 else
1227#endif /* MBEDTLS_PKCS1_V15 */
1228#if defined(MBEDTLS_PKCS1_V21)
1229 if( alg == PSA_ALG_RSA_PSS_MGF1 )
1230 {
1231 mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg );
1232 ret = mbedtls_rsa_rsassa_pss_sign( rsa,
1233 mbedtls_ctr_drbg_random,
1234 &global_data.ctr_drbg,
1235 MBEDTLS_RSA_PRIVATE,
1236 md_alg, hash_length, hash,
1237 signature );
1238 }
1239 else
1240#endif /* MBEDTLS_PKCS1_V21 */
1241 {
1242 return( PSA_ERROR_INVALID_ARGUMENT );
1243 }
Gilles Peskine93aa0332018-02-03 23:58:03 +0100[diff] [blame]1244 if( ret == 0 )
1245 *signature_length = rsa->len;
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]1246 return( mbedtls_to_psa_error( ret ) );
1247 }
1248 else
1249#endif /* defined(MBEDTLS_RSA_C) */
1250#if defined(MBEDTLS_ECP_C)
1251 if( PSA_KEY_TYPE_IS_ECC( slot->type ) )
1252 {
1253 // TODO
1254 return( PSA_ERROR_NOT_SUPPORTED );
1255 }
1256 else
1257#endif /* defined(MBEDTLS_ECP_C) */
1258 {
1259 return( PSA_ERROR_NOT_SUPPORTED );
1260 }
1261}
1262
1263
mohammad16038cc1cee2018-03-28 01:21:33 +0300[diff] [blame^]1264/****************************************************************/
1265/* Key Policy */
1266/****************************************************************/
1267
1268void psa_key_policy_init(psa_key_policy_t *policy)
1269{
1270 mbedtls_zeroize( policy, sizeof( policy ) );
1271}
1272
1273void psa_key_policy_set_usage(psa_key_policy_t *policy,
1274 psa_key_usage_t usage,
1275 psa_algorithm_t alg)
1276{
1277 if( policy != NULL )
1278 {
1279 policy->usage = usage;
1280 policy->alg = alg;
1281 }
1282}
1283
1284psa_key_usage_t psa_key_policy_get_usage(psa_key_policy_t *policy)
1285{
1286 return policy->usage;
1287}
1288
1289psa_algorithm_t psa_key_policy_get_algorithm(psa_key_policy_t *policy)
1290{
1291 return policy->alg;
1292}
1293
1294psa_status_t psa_set_key_policy(psa_key_slot_t key,
1295 const psa_key_policy_t *policy)
1296{
1297 key_slot_t *slot;
1298 psa_key_usage_t usage = PSA_KEY_USAGE_NONE;
1299
1300 if( key == 0 || key > MBEDTLS_PSA_KEY_SLOT_COUNT || policy == NULL )
1301 return( PSA_ERROR_INVALID_ARGUMENT );
1302
1303 slot = &global_data.key_slots[key];
1304 if( slot->type != PSA_KEY_TYPE_NONE )
1305 return( PSA_ERROR_OCCUPIED_SLOT );
1306
1307 usage |= policy->usage & PSA_KEY_USAGE_EXPORT;
1308 usage |= policy->usage & PSA_KEY_USAGE_ENCRYPT;
1309 usage |= policy->usage & PSA_KEY_USAGE_DECRYPT;
1310 usage |= policy->usage & PSA_KEY_USAGE_SIGN;
1311 usage |= policy->usage & PSA_KEY_USAGE_VERIFY;
1312
1313 if( usage == PSA_KEY_USAGE_NONE )
1314 {
1315 return( PSA_ERROR_INVALID_KEY_POLICY );
1316 }
1317
1318 //TODO: is there any check over the algorithm before setting the policy?
1319 slot->policy.usage = policy->usage;
1320 slot->policy.alg = policy->alg;
1321
1322 return( PSA_SUCCESS );
1323}
1324
1325psa_status_t psa_get_key_policy(psa_key_slot_t key,
1326 psa_key_policy_t *policy)
1327{
1328 key_slot_t *slot;
1329
1330 if( key == 0 || key > MBEDTLS_PSA_KEY_SLOT_COUNT || policy == NULL )
1331 return( PSA_ERROR_INVALID_ARGUMENT );
1332
1333 slot = &global_data.key_slots[key];
1334 if( slot->type == PSA_KEY_TYPE_NONE )
1335 return( PSA_ERROR_EMPTY_SLOT );
1336
1337 policy->usage = slot->policy.usage;
1338 policy->alg = slot->policy.alg;
1339
1340 return( PSA_SUCCESS );
1341}
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]1342
1343/****************************************************************/
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]1344/* Module setup */
1345/****************************************************************/
1346
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]1347void mbedtls_psa_crypto_free( void )
1348{
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]1349 size_t key;
1350 for( key = 1; key < MBEDTLS_PSA_KEY_SLOT_COUNT; key++ )
1351 psa_destroy_key( key );
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]1352 mbedtls_ctr_drbg_free( &global_data.ctr_drbg );
1353 mbedtls_entropy_free( &global_data.entropy );
1354 mbedtls_zeroize( &global_data, sizeof( global_data ) );
1355}
1356
1357psa_status_t psa_crypto_init( void )
1358{
1359 int ret;
1360 const unsigned char drbg_seed[] = "PSA";
1361
1362 if( global_data.initialized != 0 )
1363 return( PSA_SUCCESS );
1364
1365 mbedtls_zeroize( &global_data, sizeof( global_data ) );
1366 mbedtls_entropy_init( &global_data.entropy );
1367 mbedtls_ctr_drbg_init( &global_data.ctr_drbg );
1368
1369 ret = mbedtls_ctr_drbg_seed( &global_data.ctr_drbg,
1370 mbedtls_entropy_func,
1371 &global_data.entropy,
1372 drbg_seed, sizeof( drbg_seed ) - 1 );
1373 if( ret != 0 )
1374 goto exit;
1375
Gilles Peskinee4ebc122018-03-07 14:16:44 +0100[diff] [blame]1376 global_data.initialized = 1;
1377
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]1378exit:
1379 if( ret != 0 )
1380 mbedtls_psa_crypto_free( );
1381 return( mbedtls_to_psa_error( ret ) );
1382}
1383
1384#endif /* MBEDTLS_PSA_CRYPTO_C */