TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 9e5a515aa8ca51a186db0df4c9d1c3f625306dd1 / . / library / psa_crypto.c
blob: 005b9feb4fe1e561f92f2e516d00c6ac2c49ad2d [file] [log] [blame]
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]1/*
2 * PSA crypto layer on top of Mbed TLS crypto
3 */
4/* Copyright (C) 2018, ARM Limited, All Rights Reserved
5 * SPDX-License-Identifier: Apache-2.0
6 *
7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
8 * not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 *
19 * This file is part of mbed TLS (https://tls.mbed.org)
20 */
21
22#if !defined(MBEDTLS_CONFIG_FILE)
23#include "mbedtls/config.h"
24#else
25#include MBEDTLS_CONFIG_FILE
26#endif
27
28#if defined(MBEDTLS_PSA_CRYPTO_C)
29
30#include "psa/crypto.h"
31
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]32#include <stdlib.h>
33#include <string.h>
34#if defined(MBEDTLS_PLATFORM_C)
35#include "mbedtls/platform.h"
36#else
37#define mbedtls_calloc calloc
38#define mbedtls_free free
39#endif
40
Gilles Peskinea5905292018-02-07 20:59:33 +0100[diff] [blame]41#include "mbedtls/arc4.h"
42#include "mbedtls/blowfish.h"
43#include "mbedtls/camellia.h"
44#include "mbedtls/cipher.h"
45#include "mbedtls/ccm.h"
46#include "mbedtls/cmac.h"
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]47#include "mbedtls/ctr_drbg.h"
Gilles Peskinea5905292018-02-07 20:59:33 +0100[diff] [blame]48#include "mbedtls/des.h"
Gilles Peskine969ac722018-01-28 18:16:59 +0100[diff] [blame]49#include "mbedtls/ecp.h"
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]50#include "mbedtls/entropy.h"
Gilles Peskinea5905292018-02-07 20:59:33 +0100[diff] [blame]51#include "mbedtls/error.h"
52#include "mbedtls/gcm.h"
53#include "mbedtls/md2.h"
54#include "mbedtls/md4.h"
55#include "mbedtls/md5.h"
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]56#include "mbedtls/md.h"
57#include "mbedtls/md_internal.h"
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]58#include "mbedtls/pk.h"
Gilles Peskine969ac722018-01-28 18:16:59 +0100[diff] [blame]59#include "mbedtls/pk_internal.h"
Gilles Peskinea5905292018-02-07 20:59:33 +0100[diff] [blame]60#include "mbedtls/ripemd160.h"
Gilles Peskine969ac722018-01-28 18:16:59 +0100[diff] [blame]61#include "mbedtls/rsa.h"
Gilles Peskinea5905292018-02-07 20:59:33 +0100[diff] [blame]62#include "mbedtls/sha1.h"
63#include "mbedtls/sha256.h"
64#include "mbedtls/sha512.h"
65#include "mbedtls/xtea.h"
66
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]67
68
69/* Implementation that should never be optimized out by the compiler */
70static void mbedtls_zeroize( void *v, size_t n )
71{
72 volatile unsigned char *p = v; while( n-- ) *p++ = 0;
73}
74
Gilles Peskine9ef733f2018-02-07 21:05:37 +0100[diff] [blame]75/* constant-time buffer comparison */
76static inline int safer_memcmp( const uint8_t *a, const uint8_t *b, size_t n )
77{
78 size_t i;
79 unsigned char diff = 0;
80
81 for( i = 0; i < n; i++ )
82 diff |= a[i] ^ b[i];
83
84 return( diff );
85}
86
87
88
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]89/****************************************************************/
90/* Global data, support functions and library management */
91/****************************************************************/
92
93/* Number of key slots (plus one because 0 is not used).
94 * The value is a compile-time constant for now, for simplicity. */
95#define MBEDTLS_PSA_KEY_SLOT_COUNT 32
96
97typedef struct {
98 psa_key_type_t type;
mohammad16038cc1cee2018-03-28 01:21:33 +0300[diff] [blame]99 psa_key_policy_t policy;
mohammad1603804cd712018-03-20 22:44:08 +0200[diff] [blame]100 psa_key_lifetime_t lifetime;
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]101 union {
102 struct raw_data {
103 uint8_t *data;
104 size_t bytes;
105 } raw;
Gilles Peskine969ac722018-01-28 18:16:59 +0100[diff] [blame]106#if defined(MBEDTLS_RSA_C)
107 mbedtls_rsa_context *rsa;
108#endif /* MBEDTLS_RSA_C */
109#if defined(MBEDTLS_ECP_C)
110 mbedtls_ecp_keypair *ecp;
111#endif /* MBEDTLS_ECP_C */
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]112 } data;
113} key_slot_t;
114
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]115typedef struct {
116 int initialized;
117 mbedtls_entropy_context entropy;
118 mbedtls_ctr_drbg_context ctr_drbg;
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]119 key_slot_t key_slots[MBEDTLS_PSA_KEY_SLOT_COUNT];
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]120} psa_global_data_t;
121
122static psa_global_data_t global_data;
123
124static psa_status_t mbedtls_to_psa_error( int ret )
125{
Gilles Peskinea5905292018-02-07 20:59:33 +0100[diff] [blame]126 /* If there's both a high-level code and low-level code, dispatch on
127 * the high-level code. */
128 switch( ret < -0x7f ? - ( -ret & 0x7f80 ) : ret )
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]129 {
130 case 0:
131 return( PSA_SUCCESS );
Gilles Peskinea5905292018-02-07 20:59:33 +0100[diff] [blame]132
133 case MBEDTLS_ERR_AES_INVALID_KEY_LENGTH:
134 case MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH:
135 case MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE:
136 return( PSA_ERROR_NOT_SUPPORTED );
137 case MBEDTLS_ERR_AES_HW_ACCEL_FAILED:
138 return( PSA_ERROR_HARDWARE_FAILURE );
139
140 case MBEDTLS_ERR_ARC4_HW_ACCEL_FAILED:
141 return( PSA_ERROR_HARDWARE_FAILURE );
142
143 case MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH:
144 case MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH:
145 return( PSA_ERROR_NOT_SUPPORTED );
146 case MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED:
147 return( PSA_ERROR_HARDWARE_FAILURE );
148
149 case MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH:
150 case MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH:
151 return( PSA_ERROR_NOT_SUPPORTED );
152 case MBEDTLS_ERR_CAMELLIA_HW_ACCEL_FAILED:
153 return( PSA_ERROR_HARDWARE_FAILURE );
154
155 case MBEDTLS_ERR_CCM_BAD_INPUT:
156 return( PSA_ERROR_INVALID_ARGUMENT );
157 case MBEDTLS_ERR_CCM_AUTH_FAILED:
158 return( PSA_ERROR_INVALID_SIGNATURE );
159 case MBEDTLS_ERR_CCM_HW_ACCEL_FAILED:
160 return( PSA_ERROR_HARDWARE_FAILURE );
161
162 case MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE:
163 return( PSA_ERROR_NOT_SUPPORTED );
164 case MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA:
165 return( PSA_ERROR_INVALID_ARGUMENT );
166 case MBEDTLS_ERR_CIPHER_ALLOC_FAILED:
167 return( PSA_ERROR_INSUFFICIENT_MEMORY );
168 case MBEDTLS_ERR_CIPHER_INVALID_PADDING:
169 return( PSA_ERROR_INVALID_PADDING );
170 case MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED:
171 return( PSA_ERROR_BAD_STATE );
172 case MBEDTLS_ERR_CIPHER_AUTH_FAILED:
173 return( PSA_ERROR_INVALID_SIGNATURE );
174 case MBEDTLS_ERR_CIPHER_INVALID_CONTEXT:
175 return( PSA_ERROR_TAMPERING_DETECTED );
176 case MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED:
177 return( PSA_ERROR_HARDWARE_FAILURE );
178
179 case MBEDTLS_ERR_CMAC_HW_ACCEL_FAILED:
180 return( PSA_ERROR_HARDWARE_FAILURE );
181
182 case MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED:
183 return( PSA_ERROR_INSUFFICIENT_ENTROPY );
184 case MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG:
185 case MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG:
186 return( PSA_ERROR_NOT_SUPPORTED );
187 case MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR:
188 return( PSA_ERROR_INSUFFICIENT_ENTROPY );
189
190 case MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH:
191 return( PSA_ERROR_NOT_SUPPORTED );
192 case MBEDTLS_ERR_DES_HW_ACCEL_FAILED:
193 return( PSA_ERROR_HARDWARE_FAILURE );
194
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]195 case MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED:
196 case MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE:
197 case MBEDTLS_ERR_ENTROPY_SOURCE_FAILED:
198 return( PSA_ERROR_INSUFFICIENT_ENTROPY );
Gilles Peskinea5905292018-02-07 20:59:33 +0100[diff] [blame]199
200 case MBEDTLS_ERR_GCM_AUTH_FAILED:
201 return( PSA_ERROR_INVALID_SIGNATURE );
202 case MBEDTLS_ERR_GCM_BAD_INPUT:
203 return( PSA_ERROR_NOT_SUPPORTED );
204 case MBEDTLS_ERR_GCM_HW_ACCEL_FAILED:
205 return( PSA_ERROR_HARDWARE_FAILURE );
206
207 case MBEDTLS_ERR_MD2_HW_ACCEL_FAILED:
208 case MBEDTLS_ERR_MD4_HW_ACCEL_FAILED:
209 case MBEDTLS_ERR_MD5_HW_ACCEL_FAILED:
210 return( PSA_ERROR_HARDWARE_FAILURE );
211
212 case MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE:
213 return( PSA_ERROR_NOT_SUPPORTED );
214 case MBEDTLS_ERR_MD_BAD_INPUT_DATA:
215 return( PSA_ERROR_INVALID_ARGUMENT );
216 case MBEDTLS_ERR_MD_ALLOC_FAILED:
217 return( PSA_ERROR_INSUFFICIENT_MEMORY );
218 case MBEDTLS_ERR_MD_FILE_IO_ERROR:
219 return( PSA_ERROR_STORAGE_FAILURE );
220 case MBEDTLS_ERR_MD_HW_ACCEL_FAILED:
221 return( PSA_ERROR_HARDWARE_FAILURE );
222
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]223 case MBEDTLS_ERR_PK_ALLOC_FAILED:
224 return( PSA_ERROR_INSUFFICIENT_MEMORY );
225 case MBEDTLS_ERR_PK_TYPE_MISMATCH:
226 case MBEDTLS_ERR_PK_BAD_INPUT_DATA:
227 return( PSA_ERROR_INVALID_ARGUMENT );
228 case MBEDTLS_ERR_PK_FILE_IO_ERROR:
Gilles Peskinea5905292018-02-07 20:59:33 +0100[diff] [blame]229 return( PSA_ERROR_STORAGE_FAILURE );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]230 case MBEDTLS_ERR_PK_KEY_INVALID_VERSION:
231 case MBEDTLS_ERR_PK_KEY_INVALID_FORMAT:
232 return( PSA_ERROR_INVALID_ARGUMENT );
233 case MBEDTLS_ERR_PK_UNKNOWN_PK_ALG:
234 return( PSA_ERROR_NOT_SUPPORTED );
235 case MBEDTLS_ERR_PK_PASSWORD_REQUIRED:
236 case MBEDTLS_ERR_PK_PASSWORD_MISMATCH:
237 return( PSA_ERROR_NOT_PERMITTED );
238 case MBEDTLS_ERR_PK_INVALID_PUBKEY:
239 return( PSA_ERROR_INVALID_ARGUMENT );
240 case MBEDTLS_ERR_PK_INVALID_ALG:
241 case MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE:
242 case MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE:
243 return( PSA_ERROR_NOT_SUPPORTED );
244 case MBEDTLS_ERR_PK_SIG_LEN_MISMATCH:
245 return( PSA_ERROR_INVALID_SIGNATURE );
Gilles Peskinea5905292018-02-07 20:59:33 +0100[diff] [blame]246 case MBEDTLS_ERR_PK_HW_ACCEL_FAILED:
247 return( PSA_ERROR_HARDWARE_FAILURE );
248
249 case MBEDTLS_ERR_RIPEMD160_HW_ACCEL_FAILED:
250 return( PSA_ERROR_HARDWARE_FAILURE );
251
252 case MBEDTLS_ERR_RSA_BAD_INPUT_DATA:
253 return( PSA_ERROR_INVALID_ARGUMENT );
254 case MBEDTLS_ERR_RSA_INVALID_PADDING:
255 return( PSA_ERROR_INVALID_PADDING );
256 case MBEDTLS_ERR_RSA_KEY_GEN_FAILED:
257 return( PSA_ERROR_HARDWARE_FAILURE );
258 case MBEDTLS_ERR_RSA_KEY_CHECK_FAILED:
259 return( PSA_ERROR_INVALID_ARGUMENT );
260 case MBEDTLS_ERR_RSA_PUBLIC_FAILED:
261 case MBEDTLS_ERR_RSA_PRIVATE_FAILED:
262 return( PSA_ERROR_TAMPERING_DETECTED );
263 case MBEDTLS_ERR_RSA_VERIFY_FAILED:
264 return( PSA_ERROR_INVALID_SIGNATURE );
265 case MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE:
266 return( PSA_ERROR_BUFFER_TOO_SMALL );
267 case MBEDTLS_ERR_RSA_RNG_FAILED:
268 return( PSA_ERROR_INSUFFICIENT_MEMORY );
269 case MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION:
270 return( PSA_ERROR_NOT_SUPPORTED );
271 case MBEDTLS_ERR_RSA_HW_ACCEL_FAILED:
272 return( PSA_ERROR_HARDWARE_FAILURE );
273
274 case MBEDTLS_ERR_SHA1_HW_ACCEL_FAILED:
275 case MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED:
276 case MBEDTLS_ERR_SHA512_HW_ACCEL_FAILED:
277 return( PSA_ERROR_HARDWARE_FAILURE );
278
279 case MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH:
280 return( PSA_ERROR_INVALID_ARGUMENT );
281 case MBEDTLS_ERR_XTEA_HW_ACCEL_FAILED:
282 return( PSA_ERROR_HARDWARE_FAILURE );
283
itayzafrir5c753392018-05-08 11:18:38 +0300[diff] [blame]284 case MBEDTLS_ERR_ECP_BAD_INPUT_DATA:
itayzafrir7b30f8b2018-05-09 16:07:36 +0300[diff] [blame]285 case MBEDTLS_ERR_ECP_INVALID_KEY:
itayzafrir5c753392018-05-08 11:18:38 +0300[diff] [blame]286 return( PSA_ERROR_INVALID_ARGUMENT );
itayzafrir7b30f8b2018-05-09 16:07:36 +0300[diff] [blame]287 case MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL:
288 return( PSA_ERROR_BUFFER_TOO_SMALL );
289 case MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE:
290 return( PSA_ERROR_NOT_SUPPORTED );
291 case MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH:
292 case MBEDTLS_ERR_ECP_VERIFY_FAILED:
293 return( PSA_ERROR_INVALID_SIGNATURE );
294 case MBEDTLS_ERR_ECP_ALLOC_FAILED:
295 return( PSA_ERROR_INSUFFICIENT_MEMORY );
296 case MBEDTLS_ERR_ECP_HW_ACCEL_FAILED:
297 return( PSA_ERROR_HARDWARE_FAILURE );
itayzafrir5c753392018-05-08 11:18:38 +0300[diff] [blame]298
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]299 default:
300 return( PSA_ERROR_UNKNOWN_ERROR );
301 }
302}
303
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]304
305
306/****************************************************************/
307/* Key management */
308/****************************************************************/
309
310psa_status_t psa_import_key(psa_key_slot_t key,
311 psa_key_type_t type,
312 const uint8_t *data,
313 size_t data_length)
314{
315 key_slot_t *slot;
316
317 if( key == 0 || key > MBEDTLS_PSA_KEY_SLOT_COUNT )
318 return( PSA_ERROR_INVALID_ARGUMENT );
319 slot = &global_data.key_slots[key];
320 if( slot->type != PSA_KEY_TYPE_NONE )
321 return( PSA_ERROR_OCCUPIED_SLOT );
322
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]323 if( PSA_KEY_TYPE_IS_RAW_BYTES( type ) )
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]324 {
Gilles Peskine6d912132018-03-07 16:41:37 +0100[diff] [blame]325 /* Ensure that a bytes-to-bit conversion won't overflow. */
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]326 if( data_length > SIZE_MAX / 8 )
327 return( PSA_ERROR_NOT_SUPPORTED );
328 slot->data.raw.data = mbedtls_calloc( 1, data_length );
329 if( slot->data.raw.data == NULL )
330 return( PSA_ERROR_INSUFFICIENT_MEMORY );
331 memcpy( slot->data.raw.data, data, data_length );
332 slot->data.raw.bytes = data_length;
333 }
334 else
Gilles Peskine969ac722018-01-28 18:16:59 +0100[diff] [blame]335#if defined(MBEDTLS_PK_PARSE_C)
Gilles Peskinec66ea6a2018-02-03 22:43:28 +0100[diff] [blame]336 if( type == PSA_KEY_TYPE_RSA_PUBLIC_KEY ||
337 type == PSA_KEY_TYPE_RSA_KEYPAIR ||
338 PSA_KEY_TYPE_IS_ECC( type ) )
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]339 {
340 int ret;
Gilles Peskine969ac722018-01-28 18:16:59 +0100[diff] [blame]341 mbedtls_pk_context pk;
342 mbedtls_pk_init( &pk );
Gilles Peskinec66ea6a2018-02-03 22:43:28 +0100[diff] [blame]343 if( PSA_KEY_TYPE_IS_KEYPAIR( type ) )
344 ret = mbedtls_pk_parse_key( &pk, data, data_length, NULL, 0 );
345 else
346 ret = mbedtls_pk_parse_public_key( &pk, data, data_length );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]347 if( ret != 0 )
348 return( mbedtls_to_psa_error( ret ) );
Gilles Peskine969ac722018-01-28 18:16:59 +0100[diff] [blame]349 switch( mbedtls_pk_get_type( &pk ) )
350 {
351#if defined(MBEDTLS_RSA_C)
352 case MBEDTLS_PK_RSA:
Gilles Peskinec66ea6a2018-02-03 22:43:28 +0100[diff] [blame]353 if( type == PSA_KEY_TYPE_RSA_PUBLIC_KEY ||
354 type == PSA_KEY_TYPE_RSA_KEYPAIR )
Gilles Peskine969ac722018-01-28 18:16:59 +0100[diff] [blame]355 slot->data.rsa = pk.pk_ctx;
356 else
357 return( PSA_ERROR_INVALID_ARGUMENT );
358 break;
359#endif /* MBEDTLS_RSA_C */
360#if defined(MBEDTLS_ECP_C)
361 case MBEDTLS_PK_ECKEY:
362 if( PSA_KEY_TYPE_IS_ECC( type ) )
363 {
364 // TODO: check curve
365 slot->data.ecp = pk.pk_ctx;
366 }
367 else
368 return( PSA_ERROR_INVALID_ARGUMENT );
369 break;
370#endif /* MBEDTLS_ECP_C */
371 default:
372 return( PSA_ERROR_INVALID_ARGUMENT );
373 }
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]374 }
375 else
Gilles Peskine969ac722018-01-28 18:16:59 +0100[diff] [blame]376#endif /* defined(MBEDTLS_PK_PARSE_C) */
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]377 {
378 return( PSA_ERROR_NOT_SUPPORTED );
379 }
380
381 slot->type = type;
382 return( PSA_SUCCESS );
383}
384
385psa_status_t psa_destroy_key(psa_key_slot_t key)
386{
387 key_slot_t *slot;
388
389 if( key == 0 || key > MBEDTLS_PSA_KEY_SLOT_COUNT )
390 return( PSA_ERROR_INVALID_ARGUMENT );
391 slot = &global_data.key_slots[key];
392 if( slot->type == PSA_KEY_TYPE_NONE )
393 return( PSA_ERROR_EMPTY_SLOT );
394
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]395 if( PSA_KEY_TYPE_IS_RAW_BYTES( slot->type ) )
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]396 {
397 mbedtls_free( slot->data.raw.data );
398 }
399 else
Gilles Peskine969ac722018-01-28 18:16:59 +0100[diff] [blame]400#if defined(MBEDTLS_RSA_C)
Gilles Peskinec66ea6a2018-02-03 22:43:28 +0100[diff] [blame]401 if( slot->type == PSA_KEY_TYPE_RSA_PUBLIC_KEY ||
402 slot->type == PSA_KEY_TYPE_RSA_KEYPAIR )
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]403 {
Gilles Peskine969ac722018-01-28 18:16:59 +0100[diff] [blame]404 mbedtls_rsa_free( slot->data.rsa );
Gilles Peskine3c6e9702018-03-07 16:42:44 +0100[diff] [blame]405 mbedtls_free( slot->data.rsa );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]406 }
407 else
Gilles Peskine969ac722018-01-28 18:16:59 +0100[diff] [blame]408#endif /* defined(MBEDTLS_RSA_C) */
409#if defined(MBEDTLS_ECP_C)
410 if( PSA_KEY_TYPE_IS_ECC( slot->type ) )
411 {
412 mbedtls_ecp_keypair_free( slot->data.ecp );
Gilles Peskine3c6e9702018-03-07 16:42:44 +0100[diff] [blame]413 mbedtls_free( slot->data.ecp );
Gilles Peskine969ac722018-01-28 18:16:59 +0100[diff] [blame]414 }
415 else
416#endif /* defined(MBEDTLS_ECP_C) */
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]417 {
418 /* Shouldn't happen: the key type is not any type that we
Gilles Peskine6d912132018-03-07 16:41:37 +0100[diff] [blame]419 * put in. */
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]420 return( PSA_ERROR_TAMPERING_DETECTED );
421 }
422
423 mbedtls_zeroize( slot, sizeof( *slot ) );
424 return( PSA_SUCCESS );
425}
426
427psa_status_t psa_get_key_information(psa_key_slot_t key,
428 psa_key_type_t *type,
429 size_t *bits)
430{
431 key_slot_t *slot;
432
433 if( key == 0 || key > MBEDTLS_PSA_KEY_SLOT_COUNT )
Gilles Peskinec66ea6a2018-02-03 22:43:28 +0100[diff] [blame]434 return( PSA_ERROR_EMPTY_SLOT );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]435 slot = &global_data.key_slots[key];
436 if( type != NULL )
437 *type = slot->type;
438 if( bits != NULL )
439 *bits = 0;
440 if( slot->type == PSA_KEY_TYPE_NONE )
441 return( PSA_ERROR_EMPTY_SLOT );
442
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]443 if( PSA_KEY_TYPE_IS_RAW_BYTES( slot->type ) )
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]444 {
445 if( bits != NULL )
446 *bits = slot->data.raw.bytes * 8;
447 }
448 else
Gilles Peskine969ac722018-01-28 18:16:59 +0100[diff] [blame]449#if defined(MBEDTLS_RSA_C)
Gilles Peskinec66ea6a2018-02-03 22:43:28 +0100[diff] [blame]450 if( slot->type == PSA_KEY_TYPE_RSA_PUBLIC_KEY ||
451 slot->type == PSA_KEY_TYPE_RSA_KEYPAIR )
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]452 {
453 if( bits != NULL )
Gilles Peskine969ac722018-01-28 18:16:59 +0100[diff] [blame]454 *bits = mbedtls_rsa_get_bitlen( slot->data.rsa );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]455 }
456 else
Gilles Peskine969ac722018-01-28 18:16:59 +0100[diff] [blame]457#endif /* defined(MBEDTLS_RSA_C) */
458#if defined(MBEDTLS_ECP_C)
459 if( PSA_KEY_TYPE_IS_ECC( slot->type ) )
460 {
461 if( bits != NULL )
462 *bits = slot->data.ecp->grp.pbits;
463 }
464 else
465#endif /* defined(MBEDTLS_ECP_C) */
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]466 {
467 /* Shouldn't happen: the key type is not any type that we
Gilles Peskine6d912132018-03-07 16:41:37 +0100[diff] [blame]468 * put in. */
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]469 return( PSA_ERROR_TAMPERING_DETECTED );
470 }
471
472 return( PSA_SUCCESS );
473}
474
475psa_status_t psa_export_key(psa_key_slot_t key,
476 uint8_t *data,
477 size_t data_size,
478 size_t *data_length)
479{
480 key_slot_t *slot;
481
482 if( key == 0 || key > MBEDTLS_PSA_KEY_SLOT_COUNT )
Gilles Peskinec66ea6a2018-02-03 22:43:28 +0100[diff] [blame]483 return( PSA_ERROR_EMPTY_SLOT );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]484 slot = &global_data.key_slots[key];
485 if( slot->type == PSA_KEY_TYPE_NONE )
486 return( PSA_ERROR_EMPTY_SLOT );
487
mohammad160306e79202018-03-28 13:17:44 +0300[diff] [blame]488 if( !( slot->policy.usage & PSA_KEY_USAGE_EXPORT ) )
489 return( PSA_ERROR_NOT_PERMITTED );
490
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]491 if( PSA_KEY_TYPE_IS_RAW_BYTES( slot->type ) )
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]492 {
493 if( slot->data.raw.bytes > data_size )
494 return( PSA_ERROR_BUFFER_TOO_SMALL );
495 memcpy( data, slot->data.raw.data, slot->data.raw.bytes );
496 *data_length = slot->data.raw.bytes;
497 return( PSA_SUCCESS );
498 }
499 else
Gilles Peskine969ac722018-01-28 18:16:59 +0100[diff] [blame]500#if defined(MBEDTLS_PK_WRITE_C)
Gilles Peskinec66ea6a2018-02-03 22:43:28 +0100[diff] [blame]501 if( slot->type == PSA_KEY_TYPE_RSA_PUBLIC_KEY ||
502 slot->type == PSA_KEY_TYPE_RSA_KEYPAIR ||
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]503 PSA_KEY_TYPE_IS_ECC( slot->type ) )
504 {
Gilles Peskine969ac722018-01-28 18:16:59 +0100[diff] [blame]505 mbedtls_pk_context pk;
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]506 int ret;
Gilles Peskine969ac722018-01-28 18:16:59 +0100[diff] [blame]507 mbedtls_pk_init( &pk );
Gilles Peskinec66ea6a2018-02-03 22:43:28 +0100[diff] [blame]508 if( slot->type == PSA_KEY_TYPE_RSA_PUBLIC_KEY ||
509 slot->type == PSA_KEY_TYPE_RSA_KEYPAIR )
Gilles Peskine969ac722018-01-28 18:16:59 +0100[diff] [blame]510 {
511 pk.pk_info = &mbedtls_rsa_info;
512 pk.pk_ctx = slot->data.rsa;
513 }
514 else
515 {
516 pk.pk_info = &mbedtls_eckey_info;
517 pk.pk_ctx = slot->data.ecp;
518 }
Gilles Peskinec66ea6a2018-02-03 22:43:28 +0100[diff] [blame]519 if( PSA_KEY_TYPE_IS_KEYPAIR( slot->type ) )
520 ret = mbedtls_pk_write_key_der( &pk, data, data_size );
521 else
522 ret = mbedtls_pk_write_pubkey_der( &pk, data, data_size );
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]523 if( ret < 0 )
524 return( mbedtls_to_psa_error( ret ) );
525 *data_length = ret;
526 return( PSA_SUCCESS );
527 }
528 else
Gilles Peskine6d912132018-03-07 16:41:37 +0100[diff] [blame]529#endif /* defined(MBEDTLS_PK_WRITE_C) */
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]530 {
Gilles Peskine6d912132018-03-07 16:41:37 +0100[diff] [blame]531 /* This shouldn't happen in the reference implementation, but
532 it is valid for a special-purpose implementation to omit
533 support for exporting certain key types. */
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]534 return( PSA_ERROR_NOT_SUPPORTED );
535 }
536}
537
538
539
540/****************************************************************/
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]541/* Message digests */
542/****************************************************************/
543
Gilles Peskinedc2fc842018-03-07 16:42:59 +0100[diff] [blame]544static const mbedtls_md_info_t *mbedtls_md_info_from_psa( psa_algorithm_t alg )
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]545{
546 switch( alg )
547 {
548#if defined(MBEDTLS_MD2_C)
549 case PSA_ALG_MD2:
550 return( &mbedtls_md2_info );
551#endif
552#if defined(MBEDTLS_MD4_C)
553 case PSA_ALG_MD4:
554 return( &mbedtls_md4_info );
555#endif
556#if defined(MBEDTLS_MD5_C)
557 case PSA_ALG_MD5:
558 return( &mbedtls_md5_info );
559#endif
560#if defined(MBEDTLS_RIPEMD160_C)
561 case PSA_ALG_RIPEMD160:
562 return( &mbedtls_ripemd160_info );
563#endif
564#if defined(MBEDTLS_SHA1_C)
565 case PSA_ALG_SHA_1:
566 return( &mbedtls_sha1_info );
567#endif
568#if defined(MBEDTLS_SHA256_C)
569 case PSA_ALG_SHA_224:
570 return( &mbedtls_sha224_info );
571 case PSA_ALG_SHA_256:
572 return( &mbedtls_sha256_info );
573#endif
574#if defined(MBEDTLS_SHA512_C)
575 case PSA_ALG_SHA_384:
576 return( &mbedtls_sha384_info );
577 case PSA_ALG_SHA_512:
578 return( &mbedtls_sha512_info );
579#endif
580 default:
581 return( NULL );
582 }
583}
584
585#if 0
586static psa_algorithm_t mbedtls_md_alg_to_psa( mbedtls_md_type_t md_alg )
587{
588 switch( md_alg )
589 {
590 case MBEDTLS_MD_NONE:
591 return( 0 );
592 case MBEDTLS_MD_MD2:
593 return( PSA_ALG_MD2 );
594 case MBEDTLS_MD_MD4:
595 return( PSA_ALG_MD4 );
596 case MBEDTLS_MD_MD5:
597 return( PSA_ALG_MD5 );
598 case MBEDTLS_MD_SHA1:
599 return( PSA_ALG_SHA_1 );
600 case MBEDTLS_MD_SHA224:
601 return( PSA_ALG_SHA_224 );
602 case MBEDTLS_MD_SHA256:
603 return( PSA_ALG_SHA_256 );
604 case MBEDTLS_MD_SHA384:
605 return( PSA_ALG_SHA_384 );
606 case MBEDTLS_MD_SHA512:
607 return( PSA_ALG_SHA_512 );
608 case MBEDTLS_MD_RIPEMD160:
609 return( PSA_ALG_RIPEMD160 );
610 default:
Gilles Peskine47c1bc02018-03-20 17:55:04 +0100[diff] [blame]611 return( 0 );
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]612 }
613}
614#endif
615
Gilles Peskine9ef733f2018-02-07 21:05:37 +0100[diff] [blame]616psa_status_t psa_hash_abort( psa_hash_operation_t *operation )
617{
618 switch( operation->alg )
619 {
620#if defined(MBEDTLS_MD2_C)
621 case PSA_ALG_MD2:
622 mbedtls_md2_free( &operation->ctx.md2 );
623 break;
624#endif
625#if defined(MBEDTLS_MD4_C)
626 case PSA_ALG_MD4:
627 mbedtls_md4_free( &operation->ctx.md4 );
628 break;
629#endif
630#if defined(MBEDTLS_MD5_C)
631 case PSA_ALG_MD5:
632 mbedtls_md5_free( &operation->ctx.md5 );
633 break;
634#endif
635#if defined(MBEDTLS_RIPEMD160_C)
636 case PSA_ALG_RIPEMD160:
637 mbedtls_ripemd160_free( &operation->ctx.ripemd160 );
638 break;
639#endif
640#if defined(MBEDTLS_SHA1_C)
641 case PSA_ALG_SHA_1:
642 mbedtls_sha1_free( &operation->ctx.sha1 );
643 break;
644#endif
645#if defined(MBEDTLS_SHA256_C)
646 case PSA_ALG_SHA_224:
647 case PSA_ALG_SHA_256:
648 mbedtls_sha256_free( &operation->ctx.sha256 );
649 break;
650#endif
651#if defined(MBEDTLS_SHA512_C)
652 case PSA_ALG_SHA_384:
653 case PSA_ALG_SHA_512:
654 mbedtls_sha512_free( &operation->ctx.sha512 );
655 break;
656#endif
657 default:
658 return( PSA_ERROR_NOT_SUPPORTED );
659 }
660 operation->alg = 0;
661 return( PSA_SUCCESS );
662}
663
664psa_status_t psa_hash_start( psa_hash_operation_t *operation,
665 psa_algorithm_t alg )
666{
667 int ret;
668 operation->alg = 0;
669 switch( alg )
670 {
671#if defined(MBEDTLS_MD2_C)
672 case PSA_ALG_MD2:
673 mbedtls_md2_init( &operation->ctx.md2 );
674 ret = mbedtls_md2_starts_ret( &operation->ctx.md2 );
675 break;
676#endif
677#if defined(MBEDTLS_MD4_C)
678 case PSA_ALG_MD4:
679 mbedtls_md4_init( &operation->ctx.md4 );
680 ret = mbedtls_md4_starts_ret( &operation->ctx.md4 );
681 break;
682#endif
683#if defined(MBEDTLS_MD5_C)
684 case PSA_ALG_MD5:
685 mbedtls_md5_init( &operation->ctx.md5 );
686 ret = mbedtls_md5_starts_ret( &operation->ctx.md5 );
687 break;
688#endif
689#if defined(MBEDTLS_RIPEMD160_C)
690 case PSA_ALG_RIPEMD160:
691 mbedtls_ripemd160_init( &operation->ctx.ripemd160 );
692 ret = mbedtls_ripemd160_starts_ret( &operation->ctx.ripemd160 );
693 break;
694#endif
695#if defined(MBEDTLS_SHA1_C)
696 case PSA_ALG_SHA_1:
697 mbedtls_sha1_init( &operation->ctx.sha1 );
698 ret = mbedtls_sha1_starts_ret( &operation->ctx.sha1 );
699 break;
700#endif
701#if defined(MBEDTLS_SHA256_C)
702 case PSA_ALG_SHA_224:
703 mbedtls_sha256_init( &operation->ctx.sha256 );
704 ret = mbedtls_sha256_starts_ret( &operation->ctx.sha256, 1 );
705 break;
706 case PSA_ALG_SHA_256:
707 mbedtls_sha256_init( &operation->ctx.sha256 );
708 ret = mbedtls_sha256_starts_ret( &operation->ctx.sha256, 0 );
709 break;
710#endif
711#if defined(MBEDTLS_SHA512_C)
712 case PSA_ALG_SHA_384:
713 mbedtls_sha512_init( &operation->ctx.sha512 );
714 ret = mbedtls_sha512_starts_ret( &operation->ctx.sha512, 1 );
715 break;
716 case PSA_ALG_SHA_512:
717 mbedtls_sha512_init( &operation->ctx.sha512 );
718 ret = mbedtls_sha512_starts_ret( &operation->ctx.sha512, 0 );
719 break;
720#endif
721 default:
722 return( PSA_ERROR_NOT_SUPPORTED );
723 }
724 if( ret == 0 )
725 operation->alg = alg;
726 else
727 psa_hash_abort( operation );
728 return( mbedtls_to_psa_error( ret ) );
729}
730
731psa_status_t psa_hash_update( psa_hash_operation_t *operation,
732 const uint8_t *input,
733 size_t input_length )
734{
735 int ret;
736 switch( operation->alg )
737 {
738#if defined(MBEDTLS_MD2_C)
739 case PSA_ALG_MD2:
740 ret = mbedtls_md2_update_ret( &operation->ctx.md2,
741 input, input_length );
742 break;
743#endif
744#if defined(MBEDTLS_MD4_C)
745 case PSA_ALG_MD4:
746 ret = mbedtls_md4_update_ret( &operation->ctx.md4,
747 input, input_length );
748 break;
749#endif
750#if defined(MBEDTLS_MD5_C)
751 case PSA_ALG_MD5:
752 ret = mbedtls_md5_update_ret( &operation->ctx.md5,
753 input, input_length );
754 break;
755#endif
756#if defined(MBEDTLS_RIPEMD160_C)
757 case PSA_ALG_RIPEMD160:
758 ret = mbedtls_ripemd160_update_ret( &operation->ctx.ripemd160,
759 input, input_length );
760 break;
761#endif
762#if defined(MBEDTLS_SHA1_C)
763 case PSA_ALG_SHA_1:
764 ret = mbedtls_sha1_update_ret( &operation->ctx.sha1,
765 input, input_length );
766 break;
767#endif
768#if defined(MBEDTLS_SHA256_C)
769 case PSA_ALG_SHA_224:
770 case PSA_ALG_SHA_256:
771 ret = mbedtls_sha256_update_ret( &operation->ctx.sha256,
772 input, input_length );
773 break;
774#endif
775#if defined(MBEDTLS_SHA512_C)
776 case PSA_ALG_SHA_384:
777 case PSA_ALG_SHA_512:
778 ret = mbedtls_sha512_update_ret( &operation->ctx.sha512,
779 input, input_length );
780 break;
781#endif
782 default:
783 ret = MBEDTLS_ERR_MD_BAD_INPUT_DATA;
784 break;
785 }
786 if( ret != 0 )
787 psa_hash_abort( operation );
788 return( mbedtls_to_psa_error( ret ) );
789}
790
791psa_status_t psa_hash_finish( psa_hash_operation_t *operation,
792 uint8_t *hash,
793 size_t hash_size,
794 size_t *hash_length )
795{
796 int ret;
797 size_t actual_hash_length = PSA_HASH_FINAL_SIZE( operation->alg );
798
799 /* Fill the output buffer with something that isn't a valid hash
800 * (barring an attack on the hash and deliberately-crafted input),
801 * in case the caller doesn't check the return status properly. */
802 *hash_length = actual_hash_length;
803 memset( hash, '!', hash_size );
804
805 if( hash_size < actual_hash_length )
806 return( PSA_ERROR_BUFFER_TOO_SMALL );
807
808 switch( operation->alg )
809 {
810#if defined(MBEDTLS_MD2_C)
811 case PSA_ALG_MD2:
812 ret = mbedtls_md2_finish_ret( &operation->ctx.md2, hash );
813 break;
814#endif
815#if defined(MBEDTLS_MD4_C)
816 case PSA_ALG_MD4:
817 ret = mbedtls_md4_finish_ret( &operation->ctx.md4, hash );
818 break;
819#endif
820#if defined(MBEDTLS_MD5_C)
821 case PSA_ALG_MD5:
822 ret = mbedtls_md5_finish_ret( &operation->ctx.md5, hash );
823 break;
824#endif
825#if defined(MBEDTLS_RIPEMD160_C)
826 case PSA_ALG_RIPEMD160:
827 ret = mbedtls_ripemd160_finish_ret( &operation->ctx.ripemd160, hash );
828 break;
829#endif
830#if defined(MBEDTLS_SHA1_C)
831 case PSA_ALG_SHA_1:
832 ret = mbedtls_sha1_finish_ret( &operation->ctx.sha1, hash );
833 break;
834#endif
835#if defined(MBEDTLS_SHA256_C)
836 case PSA_ALG_SHA_224:
837 case PSA_ALG_SHA_256:
838 ret = mbedtls_sha256_finish_ret( &operation->ctx.sha256, hash );
839 break;
840#endif
841#if defined(MBEDTLS_SHA512_C)
842 case PSA_ALG_SHA_384:
843 case PSA_ALG_SHA_512:
844 ret = mbedtls_sha512_finish_ret( &operation->ctx.sha512, hash );
845 break;
846#endif
847 default:
848 ret = MBEDTLS_ERR_MD_BAD_INPUT_DATA;
849 break;
850 }
851
852 if( ret == 0 )
853 {
854 return( psa_hash_abort( operation ) );
855 }
856 else
857 {
858 psa_hash_abort( operation );
859 return( mbedtls_to_psa_error( ret ) );
860 }
861}
862
863psa_status_t psa_hash_verify(psa_hash_operation_t *operation,
864 const uint8_t *hash,
865 size_t hash_length)
866{
867 uint8_t actual_hash[MBEDTLS_MD_MAX_SIZE];
868 size_t actual_hash_length;
869 psa_status_t status = psa_hash_finish( operation,
870 actual_hash, sizeof( actual_hash ),
871 &actual_hash_length );
872 if( status != PSA_SUCCESS )
873 return( status );
874 if( actual_hash_length != hash_length )
875 return( PSA_ERROR_INVALID_SIGNATURE );
876 if( safer_memcmp( hash, actual_hash, actual_hash_length ) != 0 )
877 return( PSA_ERROR_INVALID_SIGNATURE );
878 return( PSA_SUCCESS );
879}
880
881
882
883
884/****************************************************************/
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]885/* MAC */
886/****************************************************************/
887
Gilles Peskinedc2fc842018-03-07 16:42:59 +0100[diff] [blame]888static const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa(
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]889 psa_algorithm_t alg,
890 psa_key_type_t key_type,
891 size_t key_bits )
892{
893 mbedtls_cipher_id_t cipher_id;
894 mbedtls_cipher_mode_t mode;
895
896 if( PSA_ALG_IS_CIPHER( alg ) || PSA_ALG_IS_AEAD( alg ) )
897 {
898 if( PSA_ALG_IS_BLOCK_CIPHER( alg ) )
899 alg &= ~PSA_ALG_BLOCK_CIPHER_MODE_MASK;
900 switch( alg )
901 {
902 case PSA_ALG_STREAM_CIPHER:
903 mode = MBEDTLS_MODE_STREAM;
904 break;
905 case PSA_ALG_CBC_BASE:
906 mode = MBEDTLS_MODE_CBC;
907 break;
908 case PSA_ALG_CFB_BASE:
909 mode = MBEDTLS_MODE_CFB;
910 break;
911 case PSA_ALG_OFB_BASE:
912 mode = MBEDTLS_MODE_OFB;
913 break;
914 case PSA_ALG_CTR:
915 mode = MBEDTLS_MODE_CTR;
916 break;
917 case PSA_ALG_CCM:
918 mode = MBEDTLS_MODE_CCM;
919 break;
920 case PSA_ALG_GCM:
921 mode = MBEDTLS_MODE_GCM;
922 break;
923 default:
924 return( NULL );
925 }
926 }
927 else if( alg == PSA_ALG_CMAC )
928 mode = MBEDTLS_MODE_ECB;
929 else if( alg == PSA_ALG_GMAC )
930 mode = MBEDTLS_MODE_GCM;
931 else
932 return( NULL );
933
934 switch( key_type )
935 {
936 case PSA_KEY_TYPE_AES:
937 cipher_id = MBEDTLS_CIPHER_ID_AES;
938 break;
939 case PSA_KEY_TYPE_DES:
940 if( key_bits == 64 )
941 cipher_id = MBEDTLS_CIPHER_ID_DES;
942 else
943 cipher_id = MBEDTLS_CIPHER_ID_3DES;
944 break;
945 case PSA_KEY_TYPE_CAMELLIA:
946 cipher_id = MBEDTLS_CIPHER_ID_CAMELLIA;
947 break;
948 case PSA_KEY_TYPE_ARC4:
949 cipher_id = MBEDTLS_CIPHER_ID_ARC4;
950 break;
951 default:
952 return( NULL );
953 }
954
955 return( mbedtls_cipher_info_from_values( cipher_id, key_bits, mode ) );
956}
957
958psa_status_t psa_mac_abort( psa_mac_operation_t *operation )
959{
960 switch( operation->alg )
961 {
962#if defined(MBEDTLS_CMAC_C)
963 case PSA_ALG_CMAC:
964 mbedtls_cipher_free( &operation->ctx.cmac );
965 break;
966#endif /* MBEDTLS_CMAC_C */
967 default:
968#if defined(MBEDTLS_MD_C)
969 if( PSA_ALG_IS_HMAC( operation->alg ) )
970 mbedtls_md_free( &operation->ctx.hmac );
971 else
972#endif /* MBEDTLS_MD_C */
973 return( PSA_ERROR_NOT_SUPPORTED );
974 }
975 operation->alg = 0;
976 operation->key_set = 0;
977 operation->iv_set = 0;
978 operation->iv_required = 0;
979 operation->has_input = 0;
980 return( PSA_SUCCESS );
981}
982
983psa_status_t psa_mac_start( psa_mac_operation_t *operation,
984 psa_key_slot_t key,
985 psa_algorithm_t alg )
986{
987 int ret = MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE;
988 psa_status_t status;
989 key_slot_t *slot;
990 psa_key_type_t key_type;
991 size_t key_bits;
992 const mbedtls_cipher_info_t *cipher_info = NULL;
993
994 operation->alg = 0;
995 operation->key_set = 0;
996 operation->iv_set = 0;
997 operation->iv_required = 1;
998 operation->has_input = 0;
999
1000 status = psa_get_key_information( key, &key_type, &key_bits );
1001 if( status != PSA_SUCCESS )
1002 return( status );
1003 slot = &global_data.key_slots[key];
1004
mohammad16036df908f2018-04-02 08:34:15 -0700[diff] [blame]1005 if ( ( slot->policy.usage & PSA_KEY_USAGE_SIGN ) != 0 )
1006 operation->key_usage_sign = 1;
1007
1008 if ( ( slot->policy.usage & PSA_KEY_USAGE_VERIFY ) != 0 )
1009 operation->key_usage_verify = 1;
1010
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]1011 if( ! PSA_ALG_IS_HMAC( alg ) )
1012 {
Gilles Peskinedc2fc842018-03-07 16:42:59 +0100[diff] [blame]1013 cipher_info = mbedtls_cipher_info_from_psa( alg, key_type, key_bits );
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]1014 if( cipher_info == NULL )
1015 return( PSA_ERROR_NOT_SUPPORTED );
1016 operation->mac_size = cipher_info->block_size;
1017 }
1018 switch( alg )
1019 {
1020#if defined(MBEDTLS_CMAC_C)
1021 case PSA_ALG_CMAC:
1022 operation->iv_required = 0;
1023 mbedtls_cipher_init( &operation->ctx.cmac );
1024 ret = mbedtls_cipher_setup( &operation->ctx.cmac, cipher_info );
1025 if( ret != 0 )
1026 break;
1027 ret = mbedtls_cipher_cmac_starts( &operation->ctx.cmac,
1028 slot->data.raw.data,
1029 key_bits );
1030 break;
1031#endif /* MBEDTLS_CMAC_C */
1032 default:
1033#if defined(MBEDTLS_MD_C)
1034 if( PSA_ALG_IS_HMAC( alg ) )
1035 {
1036 const mbedtls_md_info_t *md_info =
Gilles Peskinedc2fc842018-03-07 16:42:59 +0100[diff] [blame]1037 mbedtls_md_info_from_psa( PSA_ALG_HMAC_HASH( alg ) );
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]1038 if( md_info == NULL )
1039 return( PSA_ERROR_NOT_SUPPORTED );
1040 if( key_type != PSA_KEY_TYPE_HMAC )
1041 return( PSA_ERROR_INVALID_ARGUMENT );
1042 operation->iv_required = 0;
1043 operation->mac_size = mbedtls_md_get_size( md_info );
1044 mbedtls_md_init( &operation->ctx.hmac );
1045 ret = mbedtls_md_setup( &operation->ctx.hmac, md_info, 1 );
1046 if( ret != 0 )
1047 break;
1048 ret = mbedtls_md_hmac_starts( &operation->ctx.hmac,
1049 slot->data.raw.data,
1050 slot->data.raw.bytes );
1051 break;
1052 }
1053 else
1054#endif /* MBEDTLS_MD_C */
1055 return( PSA_ERROR_NOT_SUPPORTED );
1056 }
1057
1058 /* If we reach this point, then the algorithm-specific part of the
1059 * context has at least been initialized, and may contain data that
1060 * needs to be wiped on error. */
1061 operation->alg = alg;
1062 if( ret != 0 )
1063 {
1064 psa_mac_abort( operation );
1065 return( mbedtls_to_psa_error( ret ) );
1066 }
1067 operation->key_set = 1;
Gilles Peskine47c1bc02018-03-20 17:55:04 +0100[diff] [blame]1068 return( PSA_SUCCESS );
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]1069}
1070
1071psa_status_t psa_mac_update( psa_mac_operation_t *operation,
1072 const uint8_t *input,
1073 size_t input_length )
1074{
1075 int ret;
1076 if( ! operation->key_set )
1077 return( PSA_ERROR_BAD_STATE );
1078 if( operation->iv_required && ! operation->iv_set )
1079 return( PSA_ERROR_BAD_STATE );
1080 operation->has_input = 1;
1081
1082 switch( operation->alg )
1083 {
1084#if defined(MBEDTLS_CMAC_C)
1085 case PSA_ALG_CMAC:
1086 ret = mbedtls_cipher_cmac_update( &operation->ctx.cmac,
1087 input, input_length );
1088 break;
1089#endif /* MBEDTLS_CMAC_C */
1090 default:
1091#if defined(MBEDTLS_MD_C)
1092 if( PSA_ALG_IS_HMAC( operation->alg ) )
1093 {
1094 ret = mbedtls_md_hmac_update( &operation->ctx.hmac,
1095 input, input_length );
1096 }
1097 else
1098#endif /* MBEDTLS_MD_C */
1099 {
1100 ret = MBEDTLS_ERR_MD_BAD_INPUT_DATA;
1101 }
1102 break;
1103 }
1104 if( ret != 0 )
1105 psa_mac_abort( operation );
1106 return( mbedtls_to_psa_error( ret ) );
1107}
1108
mohammad16036df908f2018-04-02 08:34:15 -0700[diff] [blame]1109static psa_status_t psa_mac_finish_internal( psa_mac_operation_t *operation,
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]1110 uint8_t *mac,
1111 size_t mac_size,
1112 size_t *mac_length )
1113{
1114 int ret;
1115 if( ! operation->key_set )
1116 return( PSA_ERROR_BAD_STATE );
1117 if( operation->iv_required && ! operation->iv_set )
1118 return( PSA_ERROR_BAD_STATE );
1119
1120 /* Fill the output buffer with something that isn't a valid mac
1121 * (barring an attack on the mac and deliberately-crafted input),
1122 * in case the caller doesn't check the return status properly. */
1123 *mac_length = operation->mac_size;
1124 memset( mac, '!', mac_size );
1125
1126 if( mac_size < operation->mac_size )
1127 return( PSA_ERROR_BUFFER_TOO_SMALL );
1128
1129 switch( operation->alg )
1130 {
1131#if defined(MBEDTLS_CMAC_C)
1132 case PSA_ALG_CMAC:
1133 ret = mbedtls_cipher_cmac_finish( &operation->ctx.cmac, mac );
1134 break;
1135#endif /* MBEDTLS_CMAC_C */
1136 default:
1137#if defined(MBEDTLS_MD_C)
1138 if( PSA_ALG_IS_HMAC( operation->alg ) )
1139 {
1140 ret = mbedtls_md_hmac_finish( &operation->ctx.hmac, mac );
1141 }
1142 else
1143#endif /* MBEDTLS_MD_C */
1144 {
1145 ret = MBEDTLS_ERR_MD_BAD_INPUT_DATA;
1146 }
1147 break;
1148 }
1149
1150 if( ret == 0 )
1151 {
1152 return( psa_mac_abort( operation ) );
1153 }
1154 else
1155 {
1156 psa_mac_abort( operation );
1157 return( mbedtls_to_psa_error( ret ) );
1158 }
1159}
1160
mohammad16036df908f2018-04-02 08:34:15 -0700[diff] [blame]1161psa_status_t psa_mac_finish( psa_mac_operation_t *operation,
1162 uint8_t *mac,
1163 size_t mac_size,
1164 size_t *mac_length )
1165{
1166 if( !( operation->key_usage_sign ) )
1167 return( PSA_ERROR_NOT_PERMITTED );
1168
1169 return( psa_mac_finish_internal(operation, mac, mac_size, mac_length ) );
1170}
1171
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]1172#define MBEDTLS_PSA_MAC_MAX_SIZE \
1173 ( MBEDTLS_MD_MAX_SIZE > MBEDTLS_MAX_BLOCK_LENGTH ? \
1174 MBEDTLS_MD_MAX_SIZE : \
1175 MBEDTLS_MAX_BLOCK_LENGTH )
1176psa_status_t psa_mac_verify( psa_mac_operation_t *operation,
1177 const uint8_t *mac,
1178 size_t mac_length )
1179{
1180 uint8_t actual_mac[MBEDTLS_PSA_MAC_MAX_SIZE];
1181 size_t actual_mac_length;
mohammad16036df908f2018-04-02 08:34:15 -0700[diff] [blame]1182 psa_status_t status;
1183
1184 if( !( operation->key_usage_verify ) )
1185 return( PSA_ERROR_NOT_PERMITTED );
1186
1187 status = psa_mac_finish_internal( operation,
1188 actual_mac, sizeof( actual_mac ),
1189 &actual_mac_length );
Gilles Peskine8c9def32018-02-08 10:02:12 +0100[diff] [blame]1190 if( status != PSA_SUCCESS )
1191 return( status );
1192 if( actual_mac_length != mac_length )
1193 return( PSA_ERROR_INVALID_SIGNATURE );
1194 if( safer_memcmp( mac, actual_mac, actual_mac_length ) != 0 )
1195 return( PSA_ERROR_INVALID_SIGNATURE );
1196 return( PSA_SUCCESS );
1197}
1198
1199
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]1200
1201
1202/****************************************************************/
1203/* Asymmetric cryptography */
1204/****************************************************************/
1205
1206psa_status_t psa_asymmetric_sign(psa_key_slot_t key,
1207 psa_algorithm_t alg,
1208 const uint8_t *hash,
1209 size_t hash_length,
1210 const uint8_t *salt,
1211 size_t salt_length,
1212 uint8_t *signature,
1213 size_t signature_size,
1214 size_t *signature_length)
1215{
1216 key_slot_t *slot;
1217
Gilles Peskine93aa0332018-02-03 23:58:03 +0100[diff] [blame]1218 *signature_length = 0;
1219 (void) salt;
1220 (void) salt_length;
1221
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]1222 if( key == 0 || key > MBEDTLS_PSA_KEY_SLOT_COUNT )
1223 return( PSA_ERROR_EMPTY_SLOT );
1224 slot = &global_data.key_slots[key];
1225 if( slot->type == PSA_KEY_TYPE_NONE )
1226 return( PSA_ERROR_EMPTY_SLOT );
1227 if( ! PSA_KEY_TYPE_IS_KEYPAIR( slot->type ) )
1228 return( PSA_ERROR_INVALID_ARGUMENT );
mohammad160306e79202018-03-28 13:17:44 +0300[diff] [blame]1229 if( !( slot->policy.usage & PSA_KEY_USAGE_SIGN ) )
1230 return( PSA_ERROR_NOT_PERMITTED );
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]1231
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]1232#if defined(MBEDTLS_RSA_C)
1233 if( slot->type == PSA_KEY_TYPE_RSA_KEYPAIR )
1234 {
1235 mbedtls_rsa_context *rsa = slot->data.rsa;
1236 int ret;
1237 psa_algorithm_t hash_alg = PSA_ALG_RSA_GET_HASH( alg );
Gilles Peskinedc2fc842018-03-07 16:42:59 +0100[diff] [blame]1238 const mbedtls_md_info_t *md_info = mbedtls_md_info_from_psa( hash_alg );
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]1239 mbedtls_md_type_t md_alg =
1240 hash_alg == 0 ? MBEDTLS_MD_NONE : mbedtls_md_get_type( md_info );
1241 if( md_alg == MBEDTLS_MD_NONE )
1242 {
1243#if SIZE_MAX > UINT_MAX
1244 if( hash_length > UINT_MAX )
1245 return( PSA_ERROR_INVALID_ARGUMENT );
1246#endif
1247 }
1248 else
1249 {
1250 if( mbedtls_md_get_size( md_info ) != hash_length )
1251 return( PSA_ERROR_INVALID_ARGUMENT );
1252 if( md_info == NULL )
1253 return( PSA_ERROR_NOT_SUPPORTED );
1254 }
1255 if( signature_size < rsa->len )
1256 return( PSA_ERROR_BUFFER_TOO_SMALL );
1257#if defined(MBEDTLS_PKCS1_V15)
Gilles Peskinea5926232018-03-28 14:16:50 +0200[diff] [blame]1258 if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) )
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]1259 {
1260 mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V15,
1261 MBEDTLS_MD_NONE );
1262 ret = mbedtls_rsa_pkcs1_sign( rsa,
1263 mbedtls_ctr_drbg_random,
1264 &global_data.ctr_drbg,
1265 MBEDTLS_RSA_PRIVATE,
1266 md_alg, hash_length, hash,
1267 signature );
1268 }
1269 else
1270#endif /* MBEDTLS_PKCS1_V15 */
1271#if defined(MBEDTLS_PKCS1_V21)
1272 if( alg == PSA_ALG_RSA_PSS_MGF1 )
1273 {
1274 mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg );
1275 ret = mbedtls_rsa_rsassa_pss_sign( rsa,
1276 mbedtls_ctr_drbg_random,
1277 &global_data.ctr_drbg,
1278 MBEDTLS_RSA_PRIVATE,
1279 md_alg, hash_length, hash,
1280 signature );
1281 }
1282 else
1283#endif /* MBEDTLS_PKCS1_V21 */
1284 {
1285 return( PSA_ERROR_INVALID_ARGUMENT );
1286 }
Gilles Peskine93aa0332018-02-03 23:58:03 +0100[diff] [blame]1287 if( ret == 0 )
1288 *signature_length = rsa->len;
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]1289 return( mbedtls_to_psa_error( ret ) );
1290 }
1291 else
1292#endif /* defined(MBEDTLS_RSA_C) */
1293#if defined(MBEDTLS_ECP_C)
1294 if( PSA_KEY_TYPE_IS_ECC( slot->type ) )
1295 {
itayzafrir5c753392018-05-08 11:18:38 +0300[diff] [blame]1296 mbedtls_ecp_keypair *ecdsa = slot->data.ecp;
1297 int ret;
1298 const mbedtls_md_info_t *md_info;
1299 mbedtls_md_type_t md_alg;
1300 if( signature_size < PSA_ECDSA_SIGNATURE_SIZE( ecdsa->grp.pbits ) )
1301 return( PSA_ERROR_BUFFER_TOO_SMALL );
1302 md_info = mbedtls_md_info_from_psa( alg );
1303 md_alg = mbedtls_md_get_type( md_info );
1304 ret = mbedtls_ecdsa_write_signature( ecdsa, md_alg, hash, hash_length,
1305 signature, signature_length, mbedtls_ctr_drbg_random,
1306 &global_data.ctr_drbg );
1307 return( mbedtls_to_psa_error( ret ) );
1308 }
1309 else
1310#endif /* defined(MBEDTLS_ECP_C) */
1311 {
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]1312 return( PSA_ERROR_NOT_SUPPORTED );
1313 }
itayzafrir5c753392018-05-08 11:18:38 +0300[diff] [blame]1314}
1315
1316psa_status_t psa_asymmetric_verify( psa_key_slot_t key,
1317 psa_algorithm_t alg,
1318 const uint8_t *hash,
1319 size_t hash_length,
1320 const uint8_t *salt,
1321 size_t salt_length,
1322 uint8_t *signature,
1323 size_t signature_size )
1324{
1325 key_slot_t *slot;
1326 (void) salt;
1327 (void) salt_length;
1328
1329 if( key == 0 || key > MBEDTLS_PSA_KEY_SLOT_COUNT )
1330 return( PSA_ERROR_INVALID_ARGUMENT );
1331 slot = &global_data.key_slots[key];
1332 if( slot->type == PSA_KEY_TYPE_NONE )
1333 return( PSA_ERROR_EMPTY_SLOT );
1334 if( ! PSA_KEY_TYPE_IS_KEYPAIR( slot->type ) )
1335 return( PSA_ERROR_INVALID_ARGUMENT );
1336 if( !( slot->policy.usage & PSA_KEY_USAGE_VERIFY ) )
1337 return( PSA_ERROR_NOT_PERMITTED );
1338
1339#if defined(MBEDTLS_ECP_C)
1340 if( PSA_KEY_TYPE_IS_ECC( slot->type ) )
1341 {
1342 mbedtls_ecp_keypair *ecdsa = slot->data.ecp;
1343 int ret;
1344 (void) alg;
1345 ret = mbedtls_ecdsa_read_signature( ecdsa, hash, hash_length, signature,
1346 signature_size );
1347 return( mbedtls_to_psa_error( ret ) );
1348 }
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]1349 else
1350#endif /* defined(MBEDTLS_ECP_C) */
1351 {
1352 return( PSA_ERROR_NOT_SUPPORTED );
1353 }
1354}
1355
1356
Gilles Peskinea0655c32018-04-30 17:06:50 +0200[diff] [blame]1357
mohammad16038cc1cee2018-03-28 01:21:33 +0300[diff] [blame]1358/****************************************************************/
1359/* Key Policy */
1360/****************************************************************/
1361
1362void psa_key_policy_init(psa_key_policy_t *policy)
1363{
mohammad16036df908f2018-04-02 08:34:15 -0700[diff] [blame]1364 memset( policy, 0, sizeof( psa_key_policy_t ) );
mohammad16038cc1cee2018-03-28 01:21:33 +0300[diff] [blame]1365}
1366
1367void psa_key_policy_set_usage(psa_key_policy_t *policy,
1368 psa_key_usage_t usage,
1369 psa_algorithm_t alg)
1370{
mohammad16034eed7572018-03-28 05:14:59 -0700[diff] [blame]1371 policy->usage = usage;
1372 policy->alg = alg;
mohammad16038cc1cee2018-03-28 01:21:33 +0300[diff] [blame]1373}
1374
1375psa_key_usage_t psa_key_policy_get_usage(psa_key_policy_t *policy)
1376{
mohammad16036df908f2018-04-02 08:34:15 -0700[diff] [blame]1377 return( policy->usage );
mohammad16038cc1cee2018-03-28 01:21:33 +0300[diff] [blame]1378}
1379
1380psa_algorithm_t psa_key_policy_get_algorithm(psa_key_policy_t *policy)
1381{
mohammad16036df908f2018-04-02 08:34:15 -0700[diff] [blame]1382 return( policy->alg );
mohammad16038cc1cee2018-03-28 01:21:33 +0300[diff] [blame]1383}
1384
1385psa_status_t psa_set_key_policy(psa_key_slot_t key,
1386 const psa_key_policy_t *policy)
1387{
1388 key_slot_t *slot;
mohammad16038cc1cee2018-03-28 01:21:33 +0300[diff] [blame]1389
1390 if( key == 0 || key > MBEDTLS_PSA_KEY_SLOT_COUNT || policy == NULL )
1391 return( PSA_ERROR_INVALID_ARGUMENT );
1392
1393 slot = &global_data.key_slots[key];
1394 if( slot->type != PSA_KEY_TYPE_NONE )
1395 return( PSA_ERROR_OCCUPIED_SLOT );
1396
mohammad16036df908f2018-04-02 08:34:15 -0700[diff] [blame]1397 if( ( policy->usage & ~( PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT
1398 | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_SIGN
1399 | PSA_KEY_USAGE_VERIFY ) ) != 0 )
mohammad16035feda722018-04-16 04:38:57 -0700[diff] [blame]1400 return( PSA_ERROR_INVALID_ARGUMENT );
mohammad16038cc1cee2018-03-28 01:21:33 +0300[diff] [blame]1401
mohammad16036df908f2018-04-02 08:34:15 -0700[diff] [blame]1402 slot->policy = *policy;
mohammad16038cc1cee2018-03-28 01:21:33 +0300[diff] [blame]1403
1404 return( PSA_SUCCESS );
1405}
1406
1407psa_status_t psa_get_key_policy(psa_key_slot_t key,
1408 psa_key_policy_t *policy)
1409{
1410 key_slot_t *slot;
1411
1412 if( key == 0 || key > MBEDTLS_PSA_KEY_SLOT_COUNT || policy == NULL )
1413 return( PSA_ERROR_INVALID_ARGUMENT );
1414
1415 slot = &global_data.key_slots[key];
mohammad16038cc1cee2018-03-28 01:21:33 +0300[diff] [blame]1416
mohammad16036df908f2018-04-02 08:34:15 -0700[diff] [blame]1417 *policy = slot->policy;
mohammad16038cc1cee2018-03-28 01:21:33 +0300[diff] [blame]1418
1419 return( PSA_SUCCESS );
1420}
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]1421
Gilles Peskinea0655c32018-04-30 17:06:50 +0200[diff] [blame]1422
1423
mohammad1603804cd712018-03-20 22:44:08 +0200[diff] [blame]1424/****************************************************************/
1425/* Key Lifetime */
1426/****************************************************************/
1427
1428psa_status_t psa_get_key_lifetime(psa_key_slot_t key,
1429 psa_key_lifetime_t *lifetime)
1430{
1431 key_slot_t *slot;
1432
1433 if( key == 0 || key > MBEDTLS_PSA_KEY_SLOT_COUNT )
1434 return( PSA_ERROR_INVALID_ARGUMENT );
1435
1436 slot = &global_data.key_slots[key];
mohammad1603804cd712018-03-20 22:44:08 +0200[diff] [blame]1437
1438 *lifetime = slot->lifetime;
1439
1440 return( PSA_SUCCESS );
1441}
1442
1443psa_status_t psa_set_key_lifetime(psa_key_slot_t key,
1444 const psa_key_lifetime_t lifetime)
1445{
1446 key_slot_t *slot;
1447
1448 if( key == 0 || key > MBEDTLS_PSA_KEY_SLOT_COUNT )
1449 return( PSA_ERROR_INVALID_ARGUMENT );
1450
mohammad1603ba178512018-03-21 04:35:20 -0700[diff] [blame]1451 if( lifetime != PSA_KEY_LIFETIME_VOLATILE &&
1452 lifetime != PSA_KEY_LIFETIME_PERSISTENT &&
1453 lifetime != PSA_KEY_LIFETIME_WRITE_ONCE)
1454 return( PSA_ERROR_INVALID_ARGUMENT );
1455
mohammad1603804cd712018-03-20 22:44:08 +0200[diff] [blame]1456 slot = &global_data.key_slots[key];
mohammad16035d7ec202018-03-28 01:29:41 +0300[diff] [blame]1457 if( slot->type != PSA_KEY_TYPE_NONE )
1458 return( PSA_ERROR_OCCUPIED_SLOT );
mohammad1603804cd712018-03-20 22:44:08 +0200[diff] [blame]1459
mohammad1603ba178512018-03-21 04:35:20 -0700[diff] [blame]1460 if ( lifetime != PSA_KEY_LIFETIME_VOLATILE )
1461 return( PSA_ERROR_NOT_SUPPORTED );
mohammad1603804cd712018-03-20 22:44:08 +0200[diff] [blame]1462
mohammad1603060ad8a2018-03-20 14:28:38 -0700[diff] [blame]1463 slot->lifetime = lifetime;
mohammad1603804cd712018-03-20 22:44:08 +0200[diff] [blame]1464
1465 return( PSA_SUCCESS );
1466}
1467
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]1468
mohammad16035955c982018-04-26 00:53:03 +0300[diff] [blame]1469/****************************************************************/
1470/* AEAD */
1471/****************************************************************/
1472psa_status_t psa_aead_encrypt( psa_key_slot_t key,
1473 psa_algorithm_t alg,
1474 const uint8_t *nonce,
1475 size_t nonce_length,
1476 const uint8_t *additional_data,
1477 size_t additional_data_length,
1478 const uint8_t *plaintext,
1479 size_t plaintext_length,
1480 uint8_t *ciphertext,
1481 size_t ciphertext_size,
1482 size_t *ciphertext_length )
1483{
1484 int ret;
1485 psa_status_t status;
1486 key_slot_t *slot;
1487 psa_key_type_t key_type;
1488 size_t key_bits;
1489 const mbedtls_cipher_info_t *cipher_info = NULL;
1490 unsigned char tag[16];
1491
mohammad16039e5a5152018-04-26 12:07:35 +0300[diff] [blame^]1492 if( ciphertext_size < ( plaintext_length + sizeof( tag ) ) )
1493 return( PSA_ERROR_INVALID_ARGUMENT );
1494
mohammad16035955c982018-04-26 00:53:03 +0300[diff] [blame]1495 status = psa_get_key_information( key, &key_type, &key_bits );
1496 if( status != PSA_SUCCESS )
1497 return( status );
1498 slot = &global_data.key_slots[key];
1499
1500 //TODO: check key policy
1501
1502 cipher_info = mbedtls_cipher_info_from_psa( alg, key_type, key_bits );
1503 if( cipher_info == NULL )
1504 return( PSA_ERROR_NOT_SUPPORTED );
1505
1506 if ( key_type != PSA_KEY_TYPE_RAW_DATA)
1507 return( PSA_ERROR_BAD_STATE );
1508
1509 operation->block_size = cipher_info->block_size;
1510
1511 if( alg == PSA_ALG_GCM )
1512 {
1513 mbedtls_gcm_context gcm;
1514 mbedtls_gcm_init( &gcm );
1515 ret = mbedtls_gcm_setkey( &gcm, cipher_info->base->cipher,
1516 ( const unsigned char * )slot->data.raw.data, key_bits );
1517 if( ret != 0 )
1518 {
1519 mbedtls_gcm_free( &gcm );
1520 return( mbedtls_to_psa_error( ret ) );
1521 }
1522 ret = mbedtls_gcm_crypt_and_tag( &gcm, MBEDTLS_GCM_ENCRYPT,
1523 plaintext_length, ( const unsigned char* )nonce ,
1524 nonce_length, ( const unsigned char* )additional_data,
1525 additional_data_length,
1526 ( const unsigned char* ) plaintext,
1527 ( unsigned char* )ciphertext, sizeof( tag ), tag );
1528 if( ret != 0 )
1529 {
1530 mbedtls_gcm_free( &gcm );
1531 return( mbedtls_to_psa_error( ret ) );
1532 }
1533
mohammad16035955c982018-04-26 00:53:03 +0300[diff] [blame]1534 mbedtls_gcm_free( &gcm );
1535 }
1536 else if( alg == PSA_ALG_CCM )
1537 {
1538 mbedtls_ccm_context ccm;
mohammad160347ddf3d2018-04-26 01:11:21 +0300[diff] [blame]1539 if( nonce_length < 7 || nonce_length > 13 )
1540 return( PSA_ERROR_INVALID_ARGUMENT );
1541
mohammad16035955c982018-04-26 00:53:03 +0300[diff] [blame]1542 mbedtls_ccm_init( &ccm );
1543 ret = mbedtls_ccm_setkey( &ccm, cipher_info->base->cipher,
1544 ( const unsigned char * )slot->data.raw.data, key_bits );
1545 if( ret != 0 )
1546 {
1547 mbedtls_ccm_free( &ccm );
1548 return( mbedtls_to_psa_error( ret ) );
1549 }
1550 ret = mbedtls_ccm_encrypt_and_tag( &ccm, plaintext_length,
1551 ( const unsigned char* )nonce ,
1552 nonce_length, ( const unsigned char* )additional_data,
1553 additional_data_length,
1554 ( const unsigned char* ) plaintext,
1555 ( unsigned char* )ciphertext, sizeof( tag ), tag );
1556 if( ret != 0 )
1557 {
1558 mbedtls_ccm_free( &ccm );
1559 return( mbedtls_to_psa_error( ret ) );
1560 }
1561
mohammad16035955c982018-04-26 00:53:03 +0300[diff] [blame]1562 mbedtls_ccm_free( &ccm );
1563 }
mohammad160347ddf3d2018-04-26 01:11:21 +0300[diff] [blame]1564 memcpy( ciphertext + plaintext_length, tag, sizeof( tag ) );
1565 return( PSA_SUCCESS );
mohammad16035955c982018-04-26 00:53:03 +0300[diff] [blame]1566}
1567
1568psa_status_t psa_aead_decrypt( psa_key_slot_t key,
1569 psa_algorithm_t alg,
1570 const uint8_t *nonce,
1571 size_t nonce_length,
1572 const uint8_t *additional_data,
1573 size_t additional_data_length,
1574 const uint8_t *ciphertext,
1575 size_t ciphertext_length,
1576 uint8_t *plaintext,
1577 size_t plaintext_size,
1578 size_t *plaintext_length )
1579{
1580 int ret;
1581 psa_status_t status;
1582 key_slot_t *slot;
1583 psa_key_type_t key_type;
1584 size_t key_bits;
1585 const mbedtls_cipher_info_t *cipher_info = NULL;
1586 unsigned char tag[16];
1587
mohammad16039e5a5152018-04-26 12:07:35 +0300[diff] [blame^]1588 if( plaintext_size < ( ciphertext_length + sizeof( tag ) ) )
1589 return( PSA_ERROR_INVALID_ARGUMENT );
1590
mohammad16035955c982018-04-26 00:53:03 +0300[diff] [blame]1591 status = psa_get_key_information( key, &key_type, &key_bits );
1592 if( status != PSA_SUCCESS )
1593 return( status );
1594 slot = &global_data.key_slots[key];
1595
1596 //TODO: check key policy
1597
1598 cipher_info = mbedtls_cipher_info_from_psa( alg, key_type, key_bits );
1599 if( cipher_info == NULL )
1600 return( PSA_ERROR_NOT_SUPPORTED );
1601
1602 if ( key_type != PSA_KEY_TYPE_RAW_DATA)
1603 return( PSA_ERROR_BAD_STATE );
1604
1605 operation->block_size = cipher_info->block_size;
1606
1607 if( alg == PSA_ALG_GCM )
1608 {
1609 mbedtls_gcm_context gcm;
mohammad160347ddf3d2018-04-26 01:11:21 +0300[diff] [blame]1610
mohammad16035955c982018-04-26 00:53:03 +0300[diff] [blame]1611 mbedtls_gcm_init( &gcm );
1612 ret = mbedtls_gcm_setkey( &gcm, cipher_info->base->cipher,
1613 ( const unsigned char * )slot->data.raw.data, key_bits );
1614 if( ret != 0 )
1615 {
1616 mbedtls_gcm_free( &gcm );
1617 return( mbedtls_to_psa_error( ret ) );
1618 }
1619 ret = mbedtls_gcm_crypt_and_tag( &gcm, MBEDTLS_GCM_DECRYPT,
1620 ciphertext_length, ( const unsigned char* )nonce ,
1621 nonce_length, ( const unsigned char* )additional_data,
1622 additional_data_length,
1623 ( const unsigned char* )ciphertext,
1624 ( unsigned char* )plaintext, sizeof( tag ), tag );
1625 if( ret != 0 )
1626 {
1627 mbedtls_gcm_free( &gcm );
1628 return( mbedtls_to_psa_error( ret ) );
1629 }
1630
mohammad16035955c982018-04-26 00:53:03 +0300[diff] [blame]1631 mbedtls_gcm_free( &gcm );
mohammad160347ddf3d2018-04-26 01:11:21 +0300[diff] [blame]1632 memcpy( plaintext + ciphertext_length + 8, tag, sizeof( tag ) );
mohammad16035955c982018-04-26 00:53:03 +0300[diff] [blame]1633 }
1634 else if( alg == PSA_ALG_CCM )
1635 {
1636 mbedtls_ccm_context ccm;
mohammad16039e5a5152018-04-26 12:07:35 +0300[diff] [blame^]1637
mohammad160347ddf3d2018-04-26 01:11:21 +0300[diff] [blame]1638 if( nonce_length < 7 || nonce_length > 13 )
1639 return( PSA_ERROR_INVALID_ARGUMENT );
1640
mohammad16035955c982018-04-26 00:53:03 +0300[diff] [blame]1641 mbedtls_ccm_init( &ccm );
1642 ret = mbedtls_ccm_setkey( &ccm, cipher_info->base->cipher,
1643 ( const unsigned char * )slot->data.raw.data, key_bits );
1644 if( ret != 0 )
1645 {
1646 mbedtls_ccm_free( &ccm );
1647 return( mbedtls_to_psa_error( ret ) );
1648 }
1649 ret = mbedtls_ccm_auth_decrypt( &ccm, ciphertext_length,
1650 ( const unsigned char* )nonce ,
1651 nonce_length, ( const unsigned char* )additional_data,
1652 additional_data_length,
1653 ( const unsigned char* )ciphertext ,
1654 ( unsigned char* )plaintext, sizeof( tag ), tag );
1655 if( ret != 0 )
1656 {
1657 mbedtls_ccm_free( &ccm );
1658 return( mbedtls_to_psa_error( ret ) );
1659 }
1660
mohammad16035955c982018-04-26 00:53:03 +0300[diff] [blame]1661 mbedtls_ccm_free( &ccm );
mohammad160347ddf3d2018-04-26 01:11:21 +0300[diff] [blame]1662 memcpy( plaintext + ciphertext_length, tag, sizeof( tag ) );
mohammad16035955c982018-04-26 00:53:03 +0300[diff] [blame]1663 }
mohammad16035955c982018-04-26 00:53:03 +0300[diff] [blame]1664 return( PSA_SUCCESS );
1665}
1666
Gilles Peskinea0655c32018-04-30 17:06:50 +0200[diff] [blame]1667
Gilles Peskine20035e32018-02-03 22:44:14 +0100[diff] [blame]1668/****************************************************************/
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]1669/* Module setup */
1670/****************************************************************/
1671
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]1672void mbedtls_psa_crypto_free( void )
1673{
Gilles Peskine2f9c4dc2018-01-28 13:16:24 +0100[diff] [blame]1674 size_t key;
1675 for( key = 1; key < MBEDTLS_PSA_KEY_SLOT_COUNT; key++ )
1676 psa_destroy_key( key );
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]1677 mbedtls_ctr_drbg_free( &global_data.ctr_drbg );
1678 mbedtls_entropy_free( &global_data.entropy );
1679 mbedtls_zeroize( &global_data, sizeof( global_data ) );
1680}
1681
1682psa_status_t psa_crypto_init( void )
1683{
1684 int ret;
1685 const unsigned char drbg_seed[] = "PSA";
1686
1687 if( global_data.initialized != 0 )
1688 return( PSA_SUCCESS );
1689
1690 mbedtls_zeroize( &global_data, sizeof( global_data ) );
1691 mbedtls_entropy_init( &global_data.entropy );
1692 mbedtls_ctr_drbg_init( &global_data.ctr_drbg );
1693
1694 ret = mbedtls_ctr_drbg_seed( &global_data.ctr_drbg,
1695 mbedtls_entropy_func,
1696 &global_data.entropy,
1697 drbg_seed, sizeof( drbg_seed ) - 1 );
1698 if( ret != 0 )
1699 goto exit;
1700
Gilles Peskinee4ebc122018-03-07 14:16:44 +0100[diff] [blame]1701 global_data.initialized = 1;
1702
Gilles Peskinee59236f2018-01-27 23:32:46 +0100[diff] [blame]1703exit:
1704 if( ret != 0 )
1705 mbedtls_psa_crypto_free( );
1706 return( mbedtls_to_psa_error( ret ) );
1707}
1708
1709#endif /* MBEDTLS_PSA_CRYPTO_C */