TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / d87d87371f4e3d51be50313a4c2ec26a38ba6d21 / . / library / psa_crypto_cipher.c
blob: 2268fc58507a80e9bce7d90a87287e4d951f3952 [file] [log] [blame]
Ronald Cron0ff57952021-03-08 16:46:35 +0100[diff] [blame]1/*
2 * PSA cipher driver entry points
3 */
4/*
5 * Copyright The Mbed TLS Contributors
6 * SPDX-License-Identifier: Apache-2.0
7 *
8 * Licensed under the Apache License, Version 2.0 (the "License"); you may
9 * not use this file except in compliance with the License.
10 * You may obtain a copy of the License at
11 *
12 * http://www.apache.org/licenses/LICENSE-2.0
13 *
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
16 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * See the License for the specific language governing permissions and
18 * limitations under the License.
19 */
20
21#include "common.h"
22
23#if defined(MBEDTLS_PSA_CRYPTO_C)
24
25#include <psa_crypto_cipher.h>
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]26#include "psa_crypto_core.h"
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]27#include "psa_crypto_random_impl.h"
28
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]29#include "mbedtls/cipher.h"
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]30#include "mbedtls/error.h"
Ronald Cron0ff57952021-03-08 16:46:35 +0100[diff] [blame]31
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]32#include <string.h>
33
Ronald Cron5d9b00d2021-03-10 14:43:20 +0100[diff] [blame]34#if ( defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES) || \
35 ( defined(PSA_CRYPTO_DRIVER_TEST) && \
36 defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DES) ) )
37#define BUILTIN_KEY_TYPE_DES 1
38#endif
39
40#if ( defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING) || \
41 ( defined(PSA_CRYPTO_DRIVER_TEST) && \
42 defined(MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING) ) )
43#define BUILTIN_ALG_CBC_NO_PADDING 1
44#endif
45
46#if ( defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7) || \
47 ( defined(PSA_CRYPTO_DRIVER_TEST) && \
48 defined(MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7) ) )
49#define BUILTIN_ALG_CBC_PKCS7 1
50#endif
51
52#if ( defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_CHACHA20) || \
53 ( defined(PSA_CRYPTO_DRIVER_TEST) && \
54 defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20) ) )
55#define BUILTIN_KEY_TYPE_CHACHA20 1
56#endif
57
Ronald Cron75e6ae22021-03-17 14:46:05 +0100[diff] [blame]58const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa(
59 psa_algorithm_t alg,
60 psa_key_type_t key_type,
61 size_t key_bits,
62 mbedtls_cipher_id_t* cipher_id )
63{
64 mbedtls_cipher_mode_t mode;
65 mbedtls_cipher_id_t cipher_id_tmp;
66
67 if( PSA_ALG_IS_AEAD( alg ) )
68 alg = PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, 0 );
69
70 if( PSA_ALG_IS_CIPHER( alg ) || PSA_ALG_IS_AEAD( alg ) )
71 {
72 switch( alg )
73 {
74 case PSA_ALG_STREAM_CIPHER:
75 mode = MBEDTLS_MODE_STREAM;
76 break;
77 case PSA_ALG_CTR:
78 mode = MBEDTLS_MODE_CTR;
79 break;
80 case PSA_ALG_CFB:
81 mode = MBEDTLS_MODE_CFB;
82 break;
83 case PSA_ALG_OFB:
84 mode = MBEDTLS_MODE_OFB;
85 break;
86 case PSA_ALG_ECB_NO_PADDING:
87 mode = MBEDTLS_MODE_ECB;
88 break;
89 case PSA_ALG_CBC_NO_PADDING:
90 mode = MBEDTLS_MODE_CBC;
91 break;
92 case PSA_ALG_CBC_PKCS7:
93 mode = MBEDTLS_MODE_CBC;
94 break;
95 case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 0 ):
96 mode = MBEDTLS_MODE_CCM;
97 break;
98 case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 0 ):
99 mode = MBEDTLS_MODE_GCM;
100 break;
101 case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CHACHA20_POLY1305, 0 ):
102 mode = MBEDTLS_MODE_CHACHAPOLY;
103 break;
104 default:
105 return( NULL );
106 }
107 }
108 else if( alg == PSA_ALG_CMAC )
109 mode = MBEDTLS_MODE_ECB;
110 else
111 return( NULL );
112
113 switch( key_type )
114 {
115 case PSA_KEY_TYPE_AES:
116 cipher_id_tmp = MBEDTLS_CIPHER_ID_AES;
117 break;
118 case PSA_KEY_TYPE_DES:
119 /* key_bits is 64 for Single-DES, 128 for two-key Triple-DES,
120 * and 192 for three-key Triple-DES. */
121 if( key_bits == 64 )
122 cipher_id_tmp = MBEDTLS_CIPHER_ID_DES;
123 else
124 cipher_id_tmp = MBEDTLS_CIPHER_ID_3DES;
125 /* mbedtls doesn't recognize two-key Triple-DES as an algorithm,
126 * but two-key Triple-DES is functionally three-key Triple-DES
127 * with K1=K3, so that's how we present it to mbedtls. */
128 if( key_bits == 128 )
129 key_bits = 192;
130 break;
131 case PSA_KEY_TYPE_CAMELLIA:
132 cipher_id_tmp = MBEDTLS_CIPHER_ID_CAMELLIA;
133 break;
Ronald Cron75e6ae22021-03-17 14:46:05 +0100[diff] [blame]134 case PSA_KEY_TYPE_CHACHA20:
135 cipher_id_tmp = MBEDTLS_CIPHER_ID_CHACHA20;
136 break;
137 default:
138 return( NULL );
139 }
140 if( cipher_id != NULL )
141 *cipher_id = cipher_id_tmp;
142
143 return( mbedtls_cipher_info_from_values( cipher_id_tmp,
144 (int) key_bits, mode ) );
145}
146
Ronald Cron5d9b00d2021-03-10 14:43:20 +0100[diff] [blame]147#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) || defined(PSA_CRYPTO_DRIVER_TEST)
148
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]149static psa_status_t cipher_setup(
Ronald Cron6e412a72021-03-10 09:58:47 +0100[diff] [blame]150 mbedtls_psa_cipher_operation_t *operation,
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]151 const psa_key_attributes_t *attributes,
152 const uint8_t *key_buffer, size_t key_buffer_size,
153 psa_algorithm_t alg,
154 mbedtls_operation_t cipher_operation )
155{
156 int ret = 0;
157 size_t key_bits;
158 const mbedtls_cipher_info_t *cipher_info = NULL;
159 psa_key_type_t key_type = attributes->core.type;
160
161 (void)key_buffer_size;
162
gabor-mezei-arm42cdb2a2021-04-12 15:47:35 +0200[diff] [blame]163 mbedtls_cipher_init( &operation->ctx.cipher );
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]164
Ronald Cron6e412a72021-03-10 09:58:47 +0100[diff] [blame]165 operation->alg = alg;
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]166 key_bits = attributes->core.bits;
167 cipher_info = mbedtls_cipher_info_from_psa( alg, key_type,
168 key_bits, NULL );
169 if( cipher_info == NULL )
170 return( PSA_ERROR_NOT_SUPPORTED );
171
gabor-mezei-arm42cdb2a2021-04-12 15:47:35 +0200[diff] [blame]172 ret = mbedtls_cipher_setup( &operation->ctx.cipher, cipher_info );
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]173 if( ret != 0 )
174 goto exit;
175
Ronald Cron5d9b00d2021-03-10 14:43:20 +0100[diff] [blame]176#if defined(BUILTIN_KEY_TYPE_DES)
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]177 if( key_type == PSA_KEY_TYPE_DES && key_bits == 128 )
178 {
179 /* Two-key Triple-DES is 3-key Triple-DES with K1=K3 */
180 uint8_t keys[24];
181 memcpy( keys, key_buffer, 16 );
182 memcpy( keys + 16, key_buffer, 8 );
gabor-mezei-arm42cdb2a2021-04-12 15:47:35 +0200[diff] [blame]183 ret = mbedtls_cipher_setkey( &operation->ctx.cipher,
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]184 keys,
185 192, cipher_operation );
186 }
187 else
188#endif
189 {
gabor-mezei-arm42cdb2a2021-04-12 15:47:35 +0200[diff] [blame]190 ret = mbedtls_cipher_setkey( &operation->ctx.cipher, key_buffer,
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]191 (int) key_bits, cipher_operation );
192 }
193 if( ret != 0 )
194 goto exit;
195
Ronald Cron5d9b00d2021-03-10 14:43:20 +0100[diff] [blame]196#if defined(BUILTIN_ALG_CBC_NO_PADDING) || \
197 defined(BUILTIN_ALG_CBC_PKCS7)
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]198 switch( alg )
199 {
200 case PSA_ALG_CBC_NO_PADDING:
gabor-mezei-arm42cdb2a2021-04-12 15:47:35 +0200[diff] [blame]201 ret = mbedtls_cipher_set_padding_mode( &operation->ctx.cipher,
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]202 MBEDTLS_PADDING_NONE );
203 break;
204 case PSA_ALG_CBC_PKCS7:
gabor-mezei-arm42cdb2a2021-04-12 15:47:35 +0200[diff] [blame]205 ret = mbedtls_cipher_set_padding_mode( &operation->ctx.cipher,
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]206 MBEDTLS_PADDING_PKCS7 );
207 break;
208 default:
209 /* The algorithm doesn't involve padding. */
210 ret = 0;
211 break;
212 }
213 if( ret != 0 )
214 goto exit;
Ronald Cron5d9b00d2021-03-10 14:43:20 +0100[diff] [blame]215#endif /* BUILTIN_ALG_CBC_NO_PADDING || BUILTIN_ALG_CBC_PKCS7 */
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]216
Ronald Cron6ad554c2021-03-26 09:29:09 +0100[diff] [blame]217 operation->block_length = ( PSA_ALG_IS_STREAM_CIPHER( alg ) ? 1 :
218 PSA_BLOCK_CIPHER_BLOCK_LENGTH( key_type ) );
Ronald Cronc17e8a92021-03-19 14:12:26 +0100[diff] [blame]219 operation->iv_length = PSA_CIPHER_IV_LENGTH( key_type, alg );
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]220
221exit:
222 return( mbedtls_to_psa_error( ret ) );
223}
224
Ronald Cron8287e6b2021-03-12 10:35:18 +0100[diff] [blame]225static psa_status_t cipher_encrypt_setup(
Ronald Cron6e412a72021-03-10 09:58:47 +0100[diff] [blame]226 mbedtls_psa_cipher_operation_t *operation,
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]227 const psa_key_attributes_t *attributes,
228 const uint8_t *key_buffer, size_t key_buffer_size,
229 psa_algorithm_t alg )
230{
231 return( cipher_setup( operation, attributes,
232 key_buffer, key_buffer_size,
233 alg, MBEDTLS_ENCRYPT ) );
234}
235
Ronald Cron8287e6b2021-03-12 10:35:18 +0100[diff] [blame]236static psa_status_t cipher_decrypt_setup(
Ronald Cron6e412a72021-03-10 09:58:47 +0100[diff] [blame]237 mbedtls_psa_cipher_operation_t *operation,
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]238 const psa_key_attributes_t *attributes,
239 const uint8_t *key_buffer, size_t key_buffer_size,
240 psa_algorithm_t alg )
241{
242 return( cipher_setup( operation, attributes,
243 key_buffer, key_buffer_size,
244 alg, MBEDTLS_DECRYPT ) );
245}
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]246
Ronald Cron8287e6b2021-03-12 10:35:18 +0100[diff] [blame]247static psa_status_t cipher_set_iv( mbedtls_psa_cipher_operation_t *operation,
248 const uint8_t *iv, size_t iv_length )
249{
Ronald Cron6ad554c2021-03-26 09:29:09 +0100[diff] [blame]250 if( iv_length != operation->iv_length )
Ronald Cron8287e6b2021-03-12 10:35:18 +0100[diff] [blame]251 return( PSA_ERROR_INVALID_ARGUMENT );
252
253 return( mbedtls_to_psa_error(
gabor-mezei-arm42cdb2a2021-04-12 15:47:35 +0200[diff] [blame]254 mbedtls_cipher_set_iv( &operation->ctx.cipher,
Ronald Cron8287e6b2021-03-12 10:35:18 +0100[diff] [blame]255 iv, iv_length ) ) );
256}
257
Gilles Peskine55dffe52021-09-13 09:33:28 +0200[diff] [blame]258/** Process input for which the algorithm is set to ECB mode.
259 *
260 * This requires manual processing, since the PSA API is defined as being
261 * able to process arbitrary-length calls to psa_cipher_update() with ECB mode,
262 * but the underlying mbedtls_cipher_update only takes full blocks.
263 *
264 * \param ctx The mbedtls cipher context to use. It must have been
265 * set up for ECB.
266 * \param[in] input The input plaintext or ciphertext to process.
267 * \param input_length The number of bytes to process from \p input.
268 * This does not need to be aligned to a block boundary.
269 * If there is a partial block at the end of the input,
270 * it is stored in \p ctx for future processing.
Gilles Peskined87d8732021-09-13 12:20:51 +0200[diff] [blame^]271 * \param output The buffer where the output is written. It must be
272 * at least `BS * floor((p + input_length) / BS)` bytes
273 * long, where `p` is the number of bytes in the
274 * unprocessed partial block in \p ctx (with
275 * `0 <= p <= BS - 1`) and `BS` is the block size.
Gilles Peskine55dffe52021-09-13 09:33:28 +0200[diff] [blame]276 * \param output_length On success, the number of bytes written to \p output.
277 * \c 0 on error.
278 *
279 * \return #PSA_SUCCESS or an error from a hardware accelerator
280 */
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]281static psa_status_t psa_cipher_update_ecb(
282 mbedtls_cipher_context_t *ctx,
283 const uint8_t *input,
284 size_t input_length,
285 uint8_t *output,
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]286 size_t *output_length )
287{
288 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
289 size_t block_size = ctx->cipher_info->block_size;
290 size_t internal_output_length = 0;
291 *output_length = 0;
292
293 if( input_length == 0 )
294 {
295 status = PSA_SUCCESS;
296 goto exit;
297 }
298
299 if( ctx->unprocessed_len > 0 )
300 {
301 /* Fill up to block size, and run the block if there's a full one. */
302 size_t bytes_to_copy = block_size - ctx->unprocessed_len;
303
304 if( input_length < bytes_to_copy )
305 bytes_to_copy = input_length;
306
307 memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ),
308 input, bytes_to_copy );
309 input_length -= bytes_to_copy;
310 input += bytes_to_copy;
311 ctx->unprocessed_len += bytes_to_copy;
312
313 if( ctx->unprocessed_len == block_size )
314 {
315 status = mbedtls_to_psa_error(
316 mbedtls_cipher_update( ctx,
317 ctx->unprocessed_data,
318 block_size,
319 output, &internal_output_length ) );
320
321 if( status != PSA_SUCCESS )
322 goto exit;
323
324 output += internal_output_length;
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]325 *output_length += internal_output_length;
326 ctx->unprocessed_len = 0;
327 }
328 }
329
330 while( input_length >= block_size )
331 {
332 /* Run all full blocks we have, one by one */
333 status = mbedtls_to_psa_error(
334 mbedtls_cipher_update( ctx, input,
335 block_size,
336 output, &internal_output_length ) );
337
338 if( status != PSA_SUCCESS )
339 goto exit;
340
341 input_length -= block_size;
342 input += block_size;
343
344 output += internal_output_length;
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]345 *output_length += internal_output_length;
346 }
347
348 if( input_length > 0 )
349 {
350 /* Save unprocessed bytes for later processing */
351 memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ),
352 input, input_length );
353 ctx->unprocessed_len += input_length;
354 }
355
356 status = PSA_SUCCESS;
357
358exit:
359 return( status );
360}
361
Ronald Cron8287e6b2021-03-12 10:35:18 +0100[diff] [blame]362static psa_status_t cipher_update( mbedtls_psa_cipher_operation_t *operation,
363 const uint8_t *input,
364 size_t input_length,
365 uint8_t *output,
366 size_t output_size,
367 size_t *output_length )
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]368{
369 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
370 size_t expected_output_size;
371
Ronald Cron6e412a72021-03-10 09:58:47 +0100[diff] [blame]372 if( ! PSA_ALG_IS_STREAM_CIPHER( operation->alg ) )
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]373 {
374 /* Take the unprocessed partial block left over from previous
375 * update calls, if any, plus the input to this call. Remove
376 * the last partial block, if any. You get the data that will be
377 * output in this call. */
378 expected_output_size =
gabor-mezei-arm42cdb2a2021-04-12 15:47:35 +0200[diff] [blame]379 ( operation->ctx.cipher.unprocessed_len + input_length )
Ronald Cron6ad554c2021-03-26 09:29:09 +0100[diff] [blame]380 / operation->block_length * operation->block_length;
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]381 }
382 else
383 {
384 expected_output_size = input_length;
385 }
386
387 if( output_size < expected_output_size )
388 return( PSA_ERROR_BUFFER_TOO_SMALL );
389
Ronald Cron6e412a72021-03-10 09:58:47 +0100[diff] [blame]390 if( operation->alg == PSA_ALG_ECB_NO_PADDING )
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]391 {
392 /* mbedtls_cipher_update has an API inconsistency: it will only
393 * process a single block at a time in ECB mode. Abstract away that
394 * inconsistency here to match the PSA API behaviour. */
gabor-mezei-arm42cdb2a2021-04-12 15:47:35 +0200[diff] [blame]395 status = psa_cipher_update_ecb( &operation->ctx.cipher,
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]396 input,
397 input_length,
398 output,
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]399 output_length );
400 }
401 else
402 {
403 status = mbedtls_to_psa_error(
gabor-mezei-arm42cdb2a2021-04-12 15:47:35 +0200[diff] [blame]404 mbedtls_cipher_update( &operation->ctx.cipher, input,
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]405 input_length, output, output_length ) );
gabor-mezei-arm58c17272021-06-29 16:41:25 +0200[diff] [blame]406
407 if( *output_length > output_size )
gabor-mezei-arm00e54f12021-06-29 19:06:30 +0200[diff] [blame]408 return( PSA_ERROR_CORRUPTION_DETECTED );
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]409 }
410
411 return( status );
412}
413
Ronald Cron8287e6b2021-03-12 10:35:18 +0100[diff] [blame]414static psa_status_t cipher_finish( mbedtls_psa_cipher_operation_t *operation,
415 uint8_t *output,
416 size_t output_size,
417 size_t *output_length )
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]418{
419 psa_status_t status = PSA_ERROR_GENERIC_ERROR;
420 uint8_t temp_output_buffer[MBEDTLS_MAX_BLOCK_LENGTH];
421
gabor-mezei-arm42cdb2a2021-04-12 15:47:35 +0200[diff] [blame]422 if( operation->ctx.cipher.unprocessed_len != 0 )
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]423 {
Ronald Cron6e412a72021-03-10 09:58:47 +0100[diff] [blame]424 if( operation->alg == PSA_ALG_ECB_NO_PADDING ||
425 operation->alg == PSA_ALG_CBC_NO_PADDING )
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]426 {
427 status = PSA_ERROR_INVALID_ARGUMENT;
428 goto exit;
429 }
430 }
431
432 status = mbedtls_to_psa_error(
gabor-mezei-arm42cdb2a2021-04-12 15:47:35 +0200[diff] [blame]433 mbedtls_cipher_finish( &operation->ctx.cipher,
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]434 temp_output_buffer,
435 output_length ) );
436 if( status != PSA_SUCCESS )
437 goto exit;
438
439 if( *output_length == 0 )
440 ; /* Nothing to copy. Note that output may be NULL in this case. */
441 else if( output_size >= *output_length )
442 memcpy( output, temp_output_buffer, *output_length );
443 else
444 status = PSA_ERROR_BUFFER_TOO_SMALL;
445
446exit:
447 mbedtls_platform_zeroize( temp_output_buffer,
448 sizeof( temp_output_buffer ) );
449
450 return( status );
451}
452
Ronald Cron8287e6b2021-03-12 10:35:18 +0100[diff] [blame]453static psa_status_t cipher_abort( mbedtls_psa_cipher_operation_t *operation )
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]454{
Ronald Cron937dfee2021-03-10 09:17:32 +0100[diff] [blame]455 /* Sanity check (shouldn't happen: operation->alg should
456 * always have been initialized to a valid value). */
Ronald Cron6e412a72021-03-10 09:58:47 +0100[diff] [blame]457 if( ! PSA_ALG_IS_CIPHER( operation->alg ) )
Ronald Cron937dfee2021-03-10 09:17:32 +0100[diff] [blame]458 return( PSA_ERROR_BAD_STATE );
459
gabor-mezei-arm42cdb2a2021-04-12 15:47:35 +0200[diff] [blame]460 mbedtls_cipher_free( &operation->ctx.cipher );
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]461
462 return( PSA_SUCCESS );
463}
gabor-mezei-arma9449a02021-03-25 11:17:10 +0100[diff] [blame]464
465static psa_status_t cipher_encrypt( const psa_key_attributes_t *attributes,
466 const uint8_t *key_buffer,
467 size_t key_buffer_size,
468 psa_algorithm_t alg,
469 const uint8_t *input,
470 size_t input_length,
471 uint8_t *output,
472 size_t output_size,
473 size_t *output_length )
474{
475 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
476 mbedtls_psa_cipher_operation_t operation = MBEDTLS_PSA_CIPHER_OPERATION_INIT;
gabor-mezei-arme5ff8f42021-06-25 15:23:05 +0200[diff] [blame]477 size_t olength, accumulated_length;
gabor-mezei-arma9449a02021-03-25 11:17:10 +0100[diff] [blame]478
gabor-mezei-arm47a8e142021-06-25 15:44:47 +0200[diff] [blame]479 status = cipher_encrypt_setup( &operation, attributes,
480 key_buffer, key_buffer_size, alg );
gabor-mezei-arma9449a02021-03-25 11:17:10 +0100[diff] [blame]481 if( status != PSA_SUCCESS )
482 goto exit;
483
gabor-mezei-arme5ff8f42021-06-25 15:23:05 +0200[diff] [blame]484 accumulated_length = 0;
gabor-mezei-arma9449a02021-03-25 11:17:10 +0100[diff] [blame]485 if( operation.iv_length > 0 )
486 {
487 status = cipher_set_iv( &operation, output, operation.iv_length );
488 if( status != PSA_SUCCESS )
489 goto exit;
490
gabor-mezei-arme5ff8f42021-06-25 15:23:05 +0200[diff] [blame]491 accumulated_length = operation.iv_length;
gabor-mezei-arma9449a02021-03-25 11:17:10 +0100[diff] [blame]492 }
493
gabor-mezei-arma9449a02021-03-25 11:17:10 +0100[diff] [blame]494 status = cipher_update( &operation, input, input_length,
gabor-mezei-arme5ff8f42021-06-25 15:23:05 +0200[diff] [blame]495 output + operation.iv_length,
496 output_size - operation.iv_length,
gabor-mezei-arma9449a02021-03-25 11:17:10 +0100[diff] [blame]497 &olength );
gabor-mezei-arma9449a02021-03-25 11:17:10 +0100[diff] [blame]498 if( status != PSA_SUCCESS )
499 goto exit;
500
gabor-mezei-arm6158e282021-06-29 16:42:13 +0200[diff] [blame]501 accumulated_length += olength;
502
gabor-mezei-arme5ff8f42021-06-25 15:23:05 +0200[diff] [blame]503 status = cipher_finish( &operation, output + accumulated_length,
504 output_size - accumulated_length, &olength );
gabor-mezei-arma9449a02021-03-25 11:17:10 +0100[diff] [blame]505 if( status != PSA_SUCCESS )
506 goto exit;
507
gabor-mezei-arm00e54f12021-06-29 19:06:30 +0200[diff] [blame]508 *output_length = accumulated_length + olength;
gabor-mezei-arme5ff8f42021-06-25 15:23:05 +0200[diff] [blame]509
gabor-mezei-arma9449a02021-03-25 11:17:10 +0100[diff] [blame]510exit:
511 if( status == PSA_SUCCESS )
512 status = cipher_abort( &operation );
513 else
514 cipher_abort( &operation );
515 return( status );
516}
517
518static psa_status_t cipher_decrypt( const psa_key_attributes_t *attributes,
519 const uint8_t *key_buffer,
520 size_t key_buffer_size,
521 psa_algorithm_t alg,
522 const uint8_t *input,
523 size_t input_length,
524 uint8_t *output,
525 size_t output_size,
526 size_t *output_length )
527{
528 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
529 mbedtls_psa_cipher_operation_t operation = MBEDTLS_PSA_CIPHER_OPERATION_INIT;
gabor-mezei-arme5ff8f42021-06-25 15:23:05 +0200[diff] [blame]530 size_t olength, accumulated_length;
gabor-mezei-arma9449a02021-03-25 11:17:10 +0100[diff] [blame]531
532 status = cipher_decrypt_setup( &operation, attributes,
533 key_buffer, key_buffer_size, alg );
534 if( status != PSA_SUCCESS )
535 goto exit;
536
537 if( operation.iv_length > 0 )
538 {
539 status = cipher_set_iv( &operation, input, operation.iv_length );
540 if( status != PSA_SUCCESS )
541 goto exit;
542 }
543
gabor-mezei-arma9449a02021-03-25 11:17:10 +0100[diff] [blame]544 status = cipher_update( &operation, input + operation.iv_length,
545 input_length - operation.iv_length,
546 output, output_size, &olength );
gabor-mezei-arma9449a02021-03-25 11:17:10 +0100[diff] [blame]547 if( status != PSA_SUCCESS )
548 goto exit;
549
gabor-mezei-arm6158e282021-06-29 16:42:13 +0200[diff] [blame]550 accumulated_length = olength;
gabor-mezei-arm258ae072021-06-25 15:25:38 +0200[diff] [blame]551
gabor-mezei-arme5ff8f42021-06-25 15:23:05 +0200[diff] [blame]552 status = cipher_finish( &operation, output + accumulated_length,
553 output_size - accumulated_length, &olength );
gabor-mezei-arma9449a02021-03-25 11:17:10 +0100[diff] [blame]554 if( status != PSA_SUCCESS )
555 goto exit;
556
gabor-mezei-arm00e54f12021-06-29 19:06:30 +0200[diff] [blame]557 *output_length = accumulated_length + olength;
gabor-mezei-arme5ff8f42021-06-25 15:23:05 +0200[diff] [blame]558
gabor-mezei-arma9449a02021-03-25 11:17:10 +0100[diff] [blame]559exit:
560 if ( status == PSA_SUCCESS )
561 status = cipher_abort( &operation );
562 else
563 cipher_abort( &operation );
564 return( status );
565}
Ronald Cron5d9b00d2021-03-10 14:43:20 +0100[diff] [blame]566#endif /* MBEDTLS_PSA_BUILTIN_CIPHER || PSA_CRYPTO_DRIVER_TEST */
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]567
Ronald Cron5d9b00d2021-03-10 14:43:20 +0100[diff] [blame]568#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
Ronald Cron8287e6b2021-03-12 10:35:18 +0100[diff] [blame]569psa_status_t mbedtls_psa_cipher_encrypt_setup(
570 mbedtls_psa_cipher_operation_t *operation,
571 const psa_key_attributes_t *attributes,
572 const uint8_t *key_buffer, size_t key_buffer_size,
573 psa_algorithm_t alg )
574{
575 return( cipher_encrypt_setup(
576 operation, attributes, key_buffer, key_buffer_size, alg ) );
577}
578
579psa_status_t mbedtls_psa_cipher_decrypt_setup(
580 mbedtls_psa_cipher_operation_t *operation,
581 const psa_key_attributes_t *attributes,
582 const uint8_t *key_buffer, size_t key_buffer_size,
583 psa_algorithm_t alg )
584{
585 return( cipher_decrypt_setup(
586 operation, attributes, key_buffer, key_buffer_size, alg ) );
587}
588
Ronald Cron8287e6b2021-03-12 10:35:18 +0100[diff] [blame]589psa_status_t mbedtls_psa_cipher_set_iv( mbedtls_psa_cipher_operation_t *operation,
590 const uint8_t *iv,
591 size_t iv_length )
592{
593 return( cipher_set_iv( operation, iv, iv_length ) );
594}
595
596psa_status_t mbedtls_psa_cipher_update( mbedtls_psa_cipher_operation_t *operation,
597 const uint8_t *input,
598 size_t input_length,
599 uint8_t *output,
600 size_t output_size,
601 size_t *output_length )
602{
603 return( cipher_update( operation, input, input_length,
604 output, output_size, output_length ) );
605}
606
607psa_status_t mbedtls_psa_cipher_finish( mbedtls_psa_cipher_operation_t *operation,
608 uint8_t *output,
609 size_t output_size,
610 size_t *output_length )
611{
612 return( cipher_finish( operation, output, output_size, output_length ) );
613}
614
615psa_status_t mbedtls_psa_cipher_abort( mbedtls_psa_cipher_operation_t *operation )
616{
617 return( cipher_abort( operation ) );
618}
gabor-mezei-arma9449a02021-03-25 11:17:10 +0100[diff] [blame]619
620psa_status_t mbedtls_psa_cipher_encrypt( const psa_key_attributes_t *attributes,
621 const uint8_t *key_buffer,
622 size_t key_buffer_size,
623 psa_algorithm_t alg,
624 const uint8_t *input,
625 size_t input_length,
626 uint8_t *output,
627 size_t output_size,
628 size_t *output_length )
629{
630 return( cipher_encrypt( attributes, key_buffer, key_buffer_size,
631 alg, input, input_length,
632 output, output_size, output_length ) );
633}
634
635psa_status_t mbedtls_psa_cipher_decrypt( const psa_key_attributes_t *attributes,
636 const uint8_t *key_buffer,
637 size_t key_buffer_size,
638 psa_algorithm_t alg,
639 const uint8_t *input,
640 size_t input_length,
641 uint8_t *output,
642 size_t output_size,
643 size_t *output_length )
644{
645 return( cipher_decrypt( attributes, key_buffer, key_buffer_size,
646 alg, input, input_length,
647 output, output_size, output_length ) );
648}
Ronald Cron5d9b00d2021-03-10 14:43:20 +0100[diff] [blame]649#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
Ronald Cron8287e6b2021-03-12 10:35:18 +0100[diff] [blame]650
Ronald Cron3522e322021-03-12 11:08:49 +0100[diff] [blame]651/*
652 * BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY.
653 */
654
655#if defined(PSA_CRYPTO_DRIVER_TEST)
656psa_status_t mbedtls_transparent_test_driver_cipher_encrypt_setup(
657 mbedtls_psa_cipher_operation_t *operation,
658 const psa_key_attributes_t *attributes,
659 const uint8_t *key_buffer, size_t key_buffer_size,
660 psa_algorithm_t alg )
661{
662 return( cipher_encrypt_setup(
663 operation, attributes, key_buffer, key_buffer_size, alg ) );
664}
665
666psa_status_t mbedtls_transparent_test_driver_cipher_decrypt_setup(
667 mbedtls_psa_cipher_operation_t *operation,
668 const psa_key_attributes_t *attributes,
669 const uint8_t *key_buffer, size_t key_buffer_size,
670 psa_algorithm_t alg )
671{
672 return( cipher_decrypt_setup(
673 operation, attributes, key_buffer, key_buffer_size, alg ) );
674}
675
Ronald Cron3522e322021-03-12 11:08:49 +0100[diff] [blame]676psa_status_t mbedtls_transparent_test_driver_cipher_set_iv(
677 mbedtls_psa_cipher_operation_t *operation,
678 const uint8_t *iv, size_t iv_length )
679{
680 return( cipher_set_iv( operation, iv, iv_length ) );
681}
682
683psa_status_t mbedtls_transparent_test_driver_cipher_update(
684 mbedtls_psa_cipher_operation_t *operation,
685 const uint8_t *input, size_t input_length,
686 uint8_t *output, size_t output_size, size_t *output_length )
687{
688 return( cipher_update( operation, input, input_length,
689 output, output_size, output_length ) );
690}
691
692psa_status_t mbedtls_transparent_test_driver_cipher_finish(
693 mbedtls_psa_cipher_operation_t *operation,
694 uint8_t *output, size_t output_size, size_t *output_length )
695{
696 return( cipher_finish( operation, output, output_size, output_length ) );
697}
698
699psa_status_t mbedtls_transparent_test_driver_cipher_abort(
700 mbedtls_psa_cipher_operation_t *operation )
701{
702 return( cipher_abort( operation ) );
703}
gabor-mezei-arma9449a02021-03-25 11:17:10 +0100[diff] [blame]704
705psa_status_t mbedtls_transparent_test_driver_cipher_encrypt(
706 const psa_key_attributes_t *attributes,
707 const uint8_t *key_buffer,
708 size_t key_buffer_size,
709 psa_algorithm_t alg,
710 const uint8_t *input,
711 size_t input_length,
712 uint8_t *output,
713 size_t output_size,
714 size_t *output_length )
715{
716 return( cipher_encrypt( attributes, key_buffer, key_buffer_size,
717 alg, input, input_length,
718 output, output_size, output_length ) );
719}
720
721psa_status_t mbedtls_transparent_test_driver_cipher_decrypt(
722 const psa_key_attributes_t *attributes,
723 const uint8_t *key_buffer,
724 size_t key_buffer_size,
725 psa_algorithm_t alg,
726 const uint8_t *input,
727 size_t input_length,
728 uint8_t *output,
729 size_t output_size,
730 size_t *output_length )
731{
732 return( cipher_decrypt( attributes, key_buffer, key_buffer_size,
733 alg, input, input_length,
734 output, output_size, output_length ) );
735}
Ronald Cron3522e322021-03-12 11:08:49 +0100[diff] [blame]736#endif /* PSA_CRYPTO_DRIVER_TEST */
737
Ronald Cron0ff57952021-03-08 16:46:35 +0100[diff] [blame]738#endif /* MBEDTLS_PSA_CRYPTO_C */