psa_crypto_cipher: add mbedtls_cipher_values_from_psa()
This commit splits mbedtls_cipher_info_from_psa() in 2 parts:
- mbedtls_cipher_values_from_psa() that performs parameters' validation and
return cipher's values
- mbedtls_cipher_info_from_psa() which then use those values to return
the proper cipher_info pointer. Of course this depends on CIPHER_C.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c
index 73d8b01..6f026a0 100644
--- a/library/psa_crypto_aead.c
+++ b/library/psa_crypto_aead.c
@@ -43,21 +43,16 @@
psa_algorithm_t alg)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-
+ mbedtls_cipher_id_t cipher_id;
+ mbedtls_cipher_mode_t mode;
+ size_t key_bits = attributes->core.bits;
(void) key_buffer_size;
-#if defined(MBEDTLS_CIPHER_C)
- const mbedtls_cipher_info_t *cipher_info;
- mbedtls_cipher_id_t cipher_id;
- size_t key_bits = attributes->core.bits;
-
- cipher_info = mbedtls_cipher_info_from_psa(alg,
- attributes->core.type, key_bits,
- &cipher_id);
- if (cipher_info == NULL) {
- return PSA_ERROR_NOT_SUPPORTED;
+ status = mbedtls_cipher_values_from_psa(alg, attributes->core.type,
+ &key_bits, &mode, &cipher_id);
+ if (status != PSA_SUCCESS) {
+ return status;
}
-#endif /* MBEDTLS_CIPHER_C */
switch (PSA_ALG_AEAD_WITH_SHORTENED_TAG(alg, 0)) {
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
diff --git a/library/psa_crypto_cipher.c b/library/psa_crypto_cipher.c
index c881d65..7e81dfe 100644
--- a/library/psa_crypto_cipher.c
+++ b/library/psa_crypto_cipher.c
@@ -31,15 +31,15 @@
#include <string.h>
-#if defined(MBEDTLS_CIPHER_C)
-const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa(
+psa_status_t mbedtls_cipher_values_from_psa(
psa_algorithm_t alg,
psa_key_type_t key_type,
- size_t key_bits,
+ size_t *key_bits,
+ mbedtls_cipher_mode_t *mode,
mbedtls_cipher_id_t *cipher_id)
{
- mbedtls_cipher_mode_t mode;
mbedtls_cipher_id_t cipher_id_tmp;
+ (void) key_bits;
if (PSA_ALG_IS_AEAD(alg)) {
alg = PSA_ALG_AEAD_WITH_SHORTENED_TAG(alg, 0);
@@ -49,66 +49,66 @@
switch (alg) {
#if defined(MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER)
case PSA_ALG_STREAM_CIPHER:
- mode = MBEDTLS_MODE_STREAM;
+ *mode = MBEDTLS_MODE_STREAM;
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CTR)
case PSA_ALG_CTR:
- mode = MBEDTLS_MODE_CTR;
+ *mode = MBEDTLS_MODE_CTR;
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CFB)
case PSA_ALG_CFB:
- mode = MBEDTLS_MODE_CFB;
+ *mode = MBEDTLS_MODE_CFB;
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_OFB)
case PSA_ALG_OFB:
- mode = MBEDTLS_MODE_OFB;
+ *mode = MBEDTLS_MODE_OFB;
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING)
case PSA_ALG_ECB_NO_PADDING:
- mode = MBEDTLS_MODE_ECB;
+ *mode = MBEDTLS_MODE_ECB;
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING)
case PSA_ALG_CBC_NO_PADDING:
- mode = MBEDTLS_MODE_CBC;
+ *mode = MBEDTLS_MODE_CBC;
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7)
case PSA_ALG_CBC_PKCS7:
- mode = MBEDTLS_MODE_CBC;
+ *mode = MBEDTLS_MODE_CBC;
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM_STAR_NO_TAG)
case PSA_ALG_CCM_STAR_NO_TAG:
- mode = MBEDTLS_MODE_CCM_STAR_NO_TAG;
+ *mode = MBEDTLS_MODE_CCM_STAR_NO_TAG;
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
case PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 0):
- mode = MBEDTLS_MODE_CCM;
+ *mode = MBEDTLS_MODE_CCM;
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
case PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM, 0):
- mode = MBEDTLS_MODE_GCM;
+ *mode = MBEDTLS_MODE_GCM;
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
case PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CHACHA20_POLY1305, 0):
- mode = MBEDTLS_MODE_CHACHAPOLY;
+ *mode = MBEDTLS_MODE_CHACHAPOLY;
break;
#endif
default:
- return NULL;
+ return PSA_ERROR_NOT_SUPPORTED;
}
} else if (alg == PSA_ALG_CMAC) {
- mode = MBEDTLS_MODE_ECB;
+ *mode = MBEDTLS_MODE_ECB;
} else {
- return NULL;
+ return PSA_ERROR_NOT_SUPPORTED;
}
switch (key_type) {
@@ -126,7 +126,7 @@
case PSA_KEY_TYPE_DES:
/* key_bits is 64 for Single-DES, 128 for two-key Triple-DES,
* and 192 for three-key Triple-DES. */
- if (key_bits == 64) {
+ if (*key_bits == 64) {
cipher_id_tmp = MBEDTLS_CIPHER_ID_DES;
} else {
cipher_id_tmp = MBEDTLS_CIPHER_ID_3DES;
@@ -134,8 +134,8 @@
/* mbedtls doesn't recognize two-key Triple-DES as an algorithm,
* but two-key Triple-DES is functionally three-key Triple-DES
* with K1=K3, so that's how we present it to mbedtls. */
- if (key_bits == 128) {
- key_bits = 192;
+ if (*key_bits == 128) {
+ *key_bits = 192;
}
break;
#endif
@@ -150,14 +150,35 @@
break;
#endif
default:
- return NULL;
+ return PSA_ERROR_NOT_SUPPORTED;
}
if (cipher_id != NULL) {
*cipher_id = cipher_id_tmp;
}
- return mbedtls_cipher_info_from_values(cipher_id_tmp,
- (int) key_bits, mode);
+ return PSA_SUCCESS;
+}
+
+#if defined(MBEDTLS_CIPHER_C)
+const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa(
+ psa_algorithm_t alg,
+ psa_key_type_t key_type,
+ size_t key_bits,
+ mbedtls_cipher_id_t *cipher_id)
+{
+ mbedtls_cipher_mode_t mode;
+ psa_status_t status;
+ mbedtls_cipher_id_t cipher_id_tmp;
+
+ status = mbedtls_cipher_values_from_psa(alg, key_type, &key_bits, &mode, &cipher_id_tmp);
+ if (status != PSA_SUCCESS) {
+ return NULL;
+ }
+ if (cipher_id != NULL) {
+ *cipher_id = cipher_id_tmp;
+ }
+
+ return mbedtls_cipher_info_from_values(cipher_id_tmp, (int) key_bits, mode);
}
#endif /* MBEDTLS_CIPHER_C */
diff --git a/library/psa_crypto_cipher.h b/library/psa_crypto_cipher.h
index 933092d..5ed8a77 100644
--- a/library/psa_crypto_cipher.h
+++ b/library/psa_crypto_cipher.h
@@ -24,6 +24,27 @@
#include <mbedtls/cipher.h>
#include <psa/crypto.h>
+/** Get Mbed TLS cipher information given the cipher algorithm PSA identifier
+ * as well as the PSA type and size of the key to be used with the cipher
+ * algorithm.
+ *
+ * \param[in] alg PSA cipher algorithm identifier
+ * \param[in] key_type PSA key type
+ * \param[in,out] key_bits Size of the key in bits. The value provided in input
+ * might be updated if necessary.
+ * \param[out] mode Mbed TLS cipher mode
+ * \param[out] cipher_id Mbed TLS cipher algorithm identifier
+ *
+ * \return On success \c PSA_SUCCESS is returned and key_bits, mode and cipher_id
+ * are properly updated.
+ * \c PSA_ERROR_NOT_SUPPORTED is returned if the cipher algorithm is not
+ * supported.
+ */
+
+psa_status_t mbedtls_cipher_values_from_psa(psa_algorithm_t alg, psa_key_type_t key_type,
+ size_t *key_bits, mbedtls_cipher_mode_t *mode,
+ mbedtls_cipher_id_t *cipher_id);
+
#if defined(MBEDTLS_CIPHER_C)
/** Get Mbed TLS cipher information given the cipher algorithm PSA identifier
* as well as the PSA type and size of the key to be used with the cipher