TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / TF-M / trusted-firmware-m / 377a1550a5c335f5b9ee2185825b19ea2c34b7d4 / . / secure_fw / services / crypto / crypto_cipher.c
blob: be2ac5d72d71c217a707bd829d310faf4ac05ae0 [file] [log] [blame]
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]1/*
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame^]2 * Copyright (c) 2018-2019, Arm Limited. All rights reserved.
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 *
6 */
7
8#include <limits.h>
9
10#include "tfm_crypto_defs.h"
11
12/* Pre include Mbed TLS headers */
13#define LIB_PREFIX_NAME __tfm_crypto__
14#include "mbedtls_global_symbols.h"
15
16/* Include the Mbed TLS configuration file, the way Mbed TLS does it
17 * in each of its header files.
18 */
19#if !defined(MBEDTLS_CONFIG_FILE)
20#include "platform/ext/common/tfm_mbedtls_config.h"
21#else
22#include MBEDTLS_CONFIG_FILE
23#endif
24
25#include "psa_crypto.h"
26
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame^]27#include "tfm_crypto_struct.h"
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]28
29#include "tfm_crypto_api.h"
30#include "crypto_utils.h"
31
32/**
33 * \brief For a TFM_CRYPTO_CIPHER_OPERATION, define the possible
34 * modes of configuration.
35 *
36 */
37enum tfm_crypto_cipher_mode_t {
38 TFM_CRYPTO_CIPHER_MODE_DECRYPT = 0,
39 TFM_CRYPTO_CIPHER_MODE_ENCRYPT = 1,
40};
41
42static enum tfm_crypto_err_t tfm_crypto_cipher_setup(
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame^]43 psa_cipher_operation_t *operation,
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]44 psa_key_slot_t key,
45 psa_algorithm_t alg,
46 enum tfm_crypto_cipher_mode_t c_mode)
47{
48 const mbedtls_cipher_info_t *info = NULL;
49 psa_algorithm_t padding_mode = PSA_ALG_BLOCK_CIPHER_PAD_NONE;
50 psa_key_type_t key_type;
51 size_t key_size;
52 enum tfm_crypto_err_t err;
53 uint8_t key_data[TFM_CRYPTO_MAX_KEY_LENGTH];
54 uint32_t ret;
55 mbedtls_cipher_type_t type = MBEDTLS_CIPHER_NONE;
56 mbedtls_cipher_padding_t mbedtls_padding_mode = MBEDTLS_PADDING_NONE;
57
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame^]58 struct tfm_cipher_operation_s *ctx = NULL;
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]59
60 /* Validate pointers */
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame^]61 err = tfm_crypto_memory_check(operation,
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]62 sizeof(psa_cipher_operation_t),
63 TFM_MEMORY_ACCESS_RW);
64 if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
65 return TFM_CRYPTO_ERR_PSA_ERROR_INVALID_ARGUMENT;
66 }
67
68 if (!PSA_ALG_IS_CIPHER(alg)) {
69 return TFM_CRYPTO_ERR_PSA_ERROR_NOT_SUPPORTED;
70 }
71
72 /* FIXME: Check that key is compatible with alg */
73 err = tfm_crypto_get_key_information(key, &key_type, &key_size);
74 if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
75 return err;
76 }
77
78 err = tfm_crypto_export_key(key, &key_data[0], TFM_CRYPTO_MAX_KEY_LENGTH,
79 &key_size);
80 if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
81 return err;
82 }
83
84 /* Mbed TLS cipher setup */
85 if (PSA_BYTES_TO_BITS(key_size) == 128) {
86 if (alg == PSA_ALG_CBC_BASE) {
87 type = MBEDTLS_CIPHER_AES_128_CBC;
88 } else if (alg == PSA_ALG_CFB_BASE) {
89 if (c_mode == TFM_CRYPTO_CIPHER_MODE_ENCRYPT) {
90 type = MBEDTLS_CIPHER_AES_128_CFB128;
91 }
92 }
93 }
94
95 /* The requested alg/key/mode is not supported */
96 if (type == MBEDTLS_CIPHER_NONE) {
97 return TFM_CRYPTO_ERR_PSA_ERROR_NOT_SUPPORTED;
98 }
99
100 /* Allocate the operation context in the TFM space */
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame^]101 err = tfm_crypto_operation_alloc(TFM_CRYPTO_CIPHER_OPERATION,
102 &(operation->handle));
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]103 if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
104 return err;
105 }
106
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]107 /* Look up the corresponding operation context */
108 err = tfm_crypto_operation_lookup(TFM_CRYPTO_CIPHER_OPERATION,
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame^]109 operation->handle,
110 (void **)&ctx);
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]111 if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
112 return err;
113 }
114
115 /* Bind the algorithm to the cipher operation */
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame^]116 ctx->alg = alg;
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]117
118 /* Mbed TLS cipher init */
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame^]119 mbedtls_cipher_init(&(ctx->cipher));
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]120 info = mbedtls_cipher_info_from_type(type);
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame^]121 ret = mbedtls_cipher_setup(&(ctx->cipher), info);
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]122 if (ret != 0) {
123 /* Release the operation context */
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame^]124 tfm_crypto_operation_release(&(operation->handle));
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]125 return TFM_CRYPTO_ERR_PSA_ERROR_COMMUNICATION_FAILURE;
126 }
127
128 /* FIXME: Check based on the algorithm, if we need to have an IV */
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame^]129 ctx->iv_required = 1;
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]130
131 /* Bind the key to the cipher operation */
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame^]132 ctx->key = key;
133 ctx->key_set = 1;
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]134
135 /* Mbed TLS cipher set key */
136 if (c_mode == TFM_CRYPTO_CIPHER_MODE_ENCRYPT) {
137
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame^]138 ret = mbedtls_cipher_setkey(&(ctx->cipher),
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]139 &key_data[0],
140 PSA_BYTES_TO_BITS(key_size),
141 MBEDTLS_ENCRYPT);
142
143 } else if (c_mode == TFM_CRYPTO_CIPHER_MODE_DECRYPT) {
144
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame^]145 ret = mbedtls_cipher_setkey(&(ctx->cipher),
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]146 &key_data[0],
147 PSA_BYTES_TO_BITS(key_size),
148 MBEDTLS_DECRYPT);
149 } else {
150 /* Release the operation context */
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame^]151 tfm_crypto_operation_release(&(operation->handle));
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]152 return TFM_CRYPTO_ERR_PSA_ERROR_INVALID_ARGUMENT;
153 }
154
155 if (ret != 0) {
156 /* Release the operation context */
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame^]157 tfm_crypto_operation_release(&(operation->handle));
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]158 return TFM_CRYPTO_ERR_PSA_ERROR_COMMUNICATION_FAILURE;
159 }
160
161 /* Mbed TLS cipher set padding mode in case of CBC */
162 if ((alg & ~PSA_ALG_BLOCK_CIPHER_PADDING_MASK) == PSA_ALG_CBC_BASE) {
163
164 /* Check the value of padding field */
165 padding_mode = alg & PSA_ALG_BLOCK_CIPHER_PADDING_MASK;
166
167 switch (padding_mode) {
168 case PSA_ALG_BLOCK_CIPHER_PAD_PKCS7:
169 mbedtls_padding_mode = MBEDTLS_PADDING_PKCS7;
170 break;
171 case PSA_ALG_BLOCK_CIPHER_PAD_NONE:
172 mbedtls_padding_mode = MBEDTLS_PADDING_NONE;
173 break;
174 default:
175 return TFM_CRYPTO_ERR_PSA_ERROR_INVALID_ARGUMENT;
176 }
177
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame^]178 ret = mbedtls_cipher_set_padding_mode(&(ctx->cipher),
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]179 mbedtls_padding_mode);
180 if (ret != 0) {
181 /* Release the operation context */
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame^]182 tfm_crypto_operation_release(&(operation->handle));
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]183 return TFM_CRYPTO_ERR_PSA_ERROR_COMMUNICATION_FAILURE;
184 }
185 }
186
187 return TFM_CRYPTO_ERR_PSA_SUCCESS;
188}
189
190/*!
191 * \defgroup public_psa Public functions, PSA
192 *
193 */
194
195/*!@{*/
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame^]196enum tfm_crypto_err_t tfm_crypto_cipher_set_iv(
197 psa_cipher_operation_t *operation,
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]198 const unsigned char *iv,
199 size_t iv_length)
200{
201 int ret;
202 enum tfm_crypto_err_t err;
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame^]203 struct tfm_cipher_operation_s *ctx = NULL;
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]204
205 /* Validate pointers */
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame^]206 err = tfm_crypto_memory_check(operation,
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]207 sizeof(psa_cipher_operation_t),
208 TFM_MEMORY_ACCESS_RW);
209 if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
210 return TFM_CRYPTO_ERR_PSA_ERROR_INVALID_ARGUMENT;
211 }
212 err = tfm_crypto_memory_check((void *)iv, iv_length, TFM_MEMORY_ACCESS_RO);
213 if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
214 return TFM_CRYPTO_ERR_PSA_ERROR_INVALID_ARGUMENT;
215 }
216
217 /* Look up the corresponding operation context */
218 err = tfm_crypto_operation_lookup(TFM_CRYPTO_CIPHER_OPERATION,
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame^]219 operation->handle,
220 (void **)&ctx);
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]221 if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
222 return err;
223 }
224
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame^]225 if (ctx->iv_required == 0) {
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]226 /* Release the operation context */
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame^]227 tfm_crypto_operation_release(&(operation->handle));
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]228 return TFM_CRYPTO_ERR_PSA_ERROR_NOT_PERMITTED;
229 }
230
231 if (iv_length > PSA_CIPHER_IV_MAX_SIZE) {
232 /* Release the operation context */
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame^]233 tfm_crypto_operation_release(&(operation->handle));
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]234 return TFM_CRYPTO_ERR_PSA_ERROR_NOT_SUPPORTED;
235 }
236
237 /* Bind the IV to the cipher operation */
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame^]238 ret = mbedtls_cipher_set_iv(&(ctx->cipher), iv, iv_length);
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]239 if (ret != 0) {
240 /* Release the operation context */
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame^]241 tfm_crypto_operation_release(&(operation->handle));
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]242 return TFM_CRYPTO_ERR_PSA_ERROR_COMMUNICATION_FAILURE;
243 }
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame^]244 ctx->iv_set = 1;
245 ctx->iv_size = iv_length;
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]246
247 /* Reset the context after IV is set */
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame^]248 ret = mbedtls_cipher_reset(&(ctx->cipher));
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]249 if (ret != 0) {
250 /* Release the operation context */
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame^]251 tfm_crypto_operation_release(&(operation->handle));
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]252 return TFM_CRYPTO_ERR_PSA_ERROR_COMMUNICATION_FAILURE;
253 }
254
255 return TFM_CRYPTO_ERR_PSA_SUCCESS;
256}
257
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame^]258enum tfm_crypto_err_t tfm_crypto_cipher_encrypt_setup(
259 psa_cipher_operation_t *operation,
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]260 psa_key_slot_t key,
261 psa_algorithm_t alg)
262{
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame^]263 return tfm_crypto_cipher_setup(operation,
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]264 key,
265 alg,
266 TFM_CRYPTO_CIPHER_MODE_ENCRYPT);
267}
268
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame^]269enum tfm_crypto_err_t tfm_crypto_cipher_decrypt_setup(
270 psa_cipher_operation_t *operation,
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]271 psa_key_slot_t key,
272 psa_algorithm_t alg)
273{
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame^]274 return tfm_crypto_cipher_setup(operation,
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]275 key,
276 alg,
277 TFM_CRYPTO_CIPHER_MODE_DECRYPT);
278}
279
280enum tfm_crypto_err_t tfm_crypto_cipher_update(
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame^]281 psa_cipher_operation_t *operation,
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]282 const uint8_t *input,
283 size_t input_length,
284 unsigned char *output,
285 size_t output_size,
286 size_t *output_length)
287{
288 int ret;
289 enum tfm_crypto_err_t err;
290 size_t olen;
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame^]291 struct tfm_cipher_operation_s *ctx = NULL;
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]292
293 /* Validate pointers */
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame^]294 err = tfm_crypto_memory_check(operation,
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]295 sizeof(psa_cipher_operation_t),
296 TFM_MEMORY_ACCESS_RW);
297 if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
298 return TFM_CRYPTO_ERR_PSA_ERROR_INVALID_ARGUMENT;
299 }
300 err = tfm_crypto_memory_check((void *)input,
301 input_length,
302 TFM_MEMORY_ACCESS_RO);
303 if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
304 return TFM_CRYPTO_ERR_PSA_ERROR_INVALID_ARGUMENT;
305 }
306 err = tfm_crypto_memory_check(output,
307 output_size,
308 TFM_MEMORY_ACCESS_RW);
309 if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
310 return TFM_CRYPTO_ERR_PSA_ERROR_INVALID_ARGUMENT;
311 }
312 err = tfm_crypto_memory_check(output_length,
313 sizeof(size_t),
314 TFM_MEMORY_ACCESS_RW);
315 if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
316 return TFM_CRYPTO_ERR_PSA_ERROR_INVALID_ARGUMENT;
317 }
318
319 /* Look up the corresponding operation context */
320 err = tfm_crypto_operation_lookup(TFM_CRYPTO_CIPHER_OPERATION,
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame^]321 operation->handle,
322 (void **)&ctx);
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]323 if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
324 return err;
325 }
326
327 /* If the IV is required and it's not been set yet */
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame^]328 if ((ctx->iv_required == 1) && (ctx->iv_set == 0)) {
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]329
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame^]330 if (ctx->cipher.operation != MBEDTLS_DECRYPT) {
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]331 /* Release the operation context */
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame^]332 tfm_crypto_operation_release(&(operation->handle));
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]333 return TFM_CRYPTO_ERR_PSA_ERROR_BAD_STATE;
334 }
335
336 /* This call is used to set the IV on the object */
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame^]337 err = tfm_crypto_cipher_set_iv(operation, input, input_length);
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]338
339 *output_length = 0;
340
341 return err;
342 }
343
344 /* If the key is not set, setup phase has not been completed */
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame^]345 if (ctx->key_set == 0) {
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]346 /* Release the operation context */
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame^]347 tfm_crypto_operation_release(&(operation->handle));
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]348 return TFM_CRYPTO_ERR_PSA_ERROR_BAD_STATE;
349 }
350
351 *output_length = 0;
352
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame^]353 ret = mbedtls_cipher_update(&(ctx->cipher), input, input_length,
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]354 output, &olen);
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]355 if ((ret != 0) || (olen == 0)) {
356 /* Release the operation context */
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame^]357 tfm_crypto_operation_release(&(operation->handle));
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]358 return TFM_CRYPTO_ERR_PSA_ERROR_COMMUNICATION_FAILURE;
359 }
360
361 /* Assign the output buffer length */
362 *output_length = olen;
363
364 return TFM_CRYPTO_ERR_PSA_SUCCESS;
365}
366
367enum tfm_crypto_err_t tfm_crypto_cipher_finish(
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame^]368 psa_cipher_operation_t *operation,
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]369 uint8_t *output,
370 size_t output_size,
371 size_t *output_length)
372{
373 int ret;
374 enum tfm_crypto_err_t err;
375 size_t olen;
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame^]376 struct tfm_cipher_operation_s *ctx = NULL;
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]377
378 /* Validate pointers */
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame^]379 err = tfm_crypto_memory_check(operation,
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]380 sizeof(psa_cipher_operation_t),
381 TFM_MEMORY_ACCESS_RW);
382 if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
383 return TFM_CRYPTO_ERR_PSA_ERROR_INVALID_ARGUMENT;
384 }
385 err = tfm_crypto_memory_check(output,
386 output_size,
387 TFM_MEMORY_ACCESS_RW);
388 if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
389 return TFM_CRYPTO_ERR_PSA_ERROR_INVALID_ARGUMENT;
390 }
391 err = tfm_crypto_memory_check(output_length,
392 sizeof(size_t),
393 TFM_MEMORY_ACCESS_RW);
394 if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
395 return TFM_CRYPTO_ERR_PSA_ERROR_INVALID_ARGUMENT;
396 }
397
398 *output_length = 0;
399
400 /* Look up the corresponding operation context */
401 err = tfm_crypto_operation_lookup(TFM_CRYPTO_CIPHER_OPERATION,
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame^]402 operation->handle,
403 (void **)&ctx);
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]404 if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
405 return err;
406 }
407
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame^]408 ret = mbedtls_cipher_finish(&(ctx->cipher), output, &olen);
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]409 if (ret != 0) {
410 /* Release the operation context */
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame^]411 tfm_crypto_operation_release(&(operation->handle));
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]412 return TFM_CRYPTO_ERR_PSA_ERROR_COMMUNICATION_FAILURE;
413 }
414
415 *output_length = olen;
416
417 /* Clear the Mbed TLS context */
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame^]418 mbedtls_cipher_free(&(ctx->cipher));
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]419
420 /* Release the operation context */
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame^]421 err = tfm_crypto_operation_release(&(operation->handle));
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]422 if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
423 return err;
424 }
425
426 return TFM_CRYPTO_ERR_PSA_SUCCESS;
427}
428
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame^]429enum tfm_crypto_err_t tfm_crypto_cipher_abort(psa_cipher_operation_t *operation)
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]430{
431 enum tfm_crypto_err_t err;
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame^]432 struct tfm_cipher_operation_s *ctx = NULL;
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]433
434 /* Validate pointers */
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame^]435 err = tfm_crypto_memory_check(operation,
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]436 sizeof(psa_cipher_operation_t),
437 TFM_MEMORY_ACCESS_RW);
438 if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
439 return TFM_CRYPTO_ERR_PSA_ERROR_INVALID_ARGUMENT;
440 }
441
442 /* Look up the corresponding operation context */
443 err = tfm_crypto_operation_lookup(TFM_CRYPTO_CIPHER_OPERATION,
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame^]444 operation->handle,
445 (void **)&ctx);
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]446 if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
447 return err;
448 }
449
450 /* Clear the Mbed TLS context */
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame^]451 mbedtls_cipher_free(&(ctx->cipher));
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]452
453 /* Release the operation context */
Antonio de Angelis377a1552018-11-22 17:02:40 +0000[diff] [blame^]454 err = tfm_crypto_operation_release(&(operation->handle));
Antonio de Angelis8908f472018-08-31 15:44:25 +0100[diff] [blame]455 if (err != TFM_CRYPTO_ERR_PSA_SUCCESS) {
456 return err;
457 }
458
459 return TFM_CRYPTO_ERR_PSA_SUCCESS;
460}
461/*!@}*/