TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 7e710e8272d9803c4a8e3eded629c64723113e45 / . / library / psa_crypto_cipher.c
blob: 7e81dfee79dc0212c8d64c44914ea9a0dc9ce8f0 [file] [log] [blame]
Ronald Cron0ff57952021-03-08 16:46:35 +0100[diff] [blame]1/*
2 * PSA cipher driver entry points
3 */
4/*
5 * Copyright The Mbed TLS Contributors
6 * SPDX-License-Identifier: Apache-2.0
7 *
8 * Licensed under the Apache License, Version 2.0 (the "License"); you may
9 * not use this file except in compliance with the License.
10 * You may obtain a copy of the License at
11 *
12 * http://www.apache.org/licenses/LICENSE-2.0
13 *
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
16 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * See the License for the specific language governing permissions and
18 * limitations under the License.
19 */
20
21#include "common.h"
22
23#if defined(MBEDTLS_PSA_CRYPTO_C)
24
Martin Man4741e0b2022-08-02 12:44:35 +0200[diff] [blame]25#include "psa_crypto_cipher.h"
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]26#include "psa_crypto_core.h"
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]27#include "psa_crypto_random_impl.h"
28
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]29#include "mbedtls/cipher.h"
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]30#include "mbedtls/error.h"
Ronald Cron0ff57952021-03-08 16:46:35 +0100[diff] [blame]31
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]32#include <string.h>
33
Valerio Setti4a249822023-10-18 12:34:54 +0200[diff] [blame]34psa_status_t mbedtls_cipher_values_from_psa(
Ronald Cron75e6ae22021-03-17 14:46:05 +0100[diff] [blame]35 psa_algorithm_t alg,
36 psa_key_type_t key_type,
Valerio Setti4a249822023-10-18 12:34:54 +0200[diff] [blame]37 size_t *key_bits,
38 mbedtls_cipher_mode_t *mode,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]39 mbedtls_cipher_id_t *cipher_id)
Ronald Cron75e6ae22021-03-17 14:46:05 +0100[diff] [blame]40{
Ronald Cron75e6ae22021-03-17 14:46:05 +0100[diff] [blame]41 mbedtls_cipher_id_t cipher_id_tmp;
Valerio Setti4a249822023-10-18 12:34:54 +0200[diff] [blame]42 (void) key_bits;
Ronald Cron75e6ae22021-03-17 14:46:05 +0100[diff] [blame]43
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]44 if (PSA_ALG_IS_AEAD(alg)) {
45 alg = PSA_ALG_AEAD_WITH_SHORTENED_TAG(alg, 0);
46 }
Ronald Cron75e6ae22021-03-17 14:46:05 +0100[diff] [blame]47
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]48 if (PSA_ALG_IS_CIPHER(alg) || PSA_ALG_IS_AEAD(alg)) {
49 switch (alg) {
Gilles Peskine695c4cb2022-03-16 12:25:17 +0100[diff] [blame]50#if defined(MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER)
Ronald Cron75e6ae22021-03-17 14:46:05 +0100[diff] [blame]51 case PSA_ALG_STREAM_CIPHER:
Valerio Setti4a249822023-10-18 12:34:54 +0200[diff] [blame]52 *mode = MBEDTLS_MODE_STREAM;
Ronald Cron75e6ae22021-03-17 14:46:05 +0100[diff] [blame]53 break;
Gilles Peskine695c4cb2022-03-16 12:25:17 +0100[diff] [blame]54#endif
55#if defined(MBEDTLS_PSA_BUILTIN_ALG_CTR)
Ronald Cron75e6ae22021-03-17 14:46:05 +0100[diff] [blame]56 case PSA_ALG_CTR:
Valerio Setti4a249822023-10-18 12:34:54 +0200[diff] [blame]57 *mode = MBEDTLS_MODE_CTR;
Ronald Cron75e6ae22021-03-17 14:46:05 +0100[diff] [blame]58 break;
Gilles Peskine695c4cb2022-03-16 12:25:17 +0100[diff] [blame]59#endif
60#if defined(MBEDTLS_PSA_BUILTIN_ALG_CFB)
Ronald Cron75e6ae22021-03-17 14:46:05 +0100[diff] [blame]61 case PSA_ALG_CFB:
Valerio Setti4a249822023-10-18 12:34:54 +0200[diff] [blame]62 *mode = MBEDTLS_MODE_CFB;
Ronald Cron75e6ae22021-03-17 14:46:05 +0100[diff] [blame]63 break;
Gilles Peskine695c4cb2022-03-16 12:25:17 +0100[diff] [blame]64#endif
65#if defined(MBEDTLS_PSA_BUILTIN_ALG_OFB)
Ronald Cron75e6ae22021-03-17 14:46:05 +0100[diff] [blame]66 case PSA_ALG_OFB:
Valerio Setti4a249822023-10-18 12:34:54 +0200[diff] [blame]67 *mode = MBEDTLS_MODE_OFB;
Ronald Cron75e6ae22021-03-17 14:46:05 +0100[diff] [blame]68 break;
Gilles Peskine695c4cb2022-03-16 12:25:17 +0100[diff] [blame]69#endif
70#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING)
Ronald Cron75e6ae22021-03-17 14:46:05 +0100[diff] [blame]71 case PSA_ALG_ECB_NO_PADDING:
Valerio Setti4a249822023-10-18 12:34:54 +0200[diff] [blame]72 *mode = MBEDTLS_MODE_ECB;
Ronald Cron75e6ae22021-03-17 14:46:05 +0100[diff] [blame]73 break;
Gilles Peskine695c4cb2022-03-16 12:25:17 +0100[diff] [blame]74#endif
75#if defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING)
Ronald Cron75e6ae22021-03-17 14:46:05 +0100[diff] [blame]76 case PSA_ALG_CBC_NO_PADDING:
Valerio Setti4a249822023-10-18 12:34:54 +0200[diff] [blame]77 *mode = MBEDTLS_MODE_CBC;
Ronald Cron75e6ae22021-03-17 14:46:05 +0100[diff] [blame]78 break;
Gilles Peskine695c4cb2022-03-16 12:25:17 +0100[diff] [blame]79#endif
80#if defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7)
Ronald Cron75e6ae22021-03-17 14:46:05 +0100[diff] [blame]81 case PSA_ALG_CBC_PKCS7:
Valerio Setti4a249822023-10-18 12:34:54 +0200[diff] [blame]82 *mode = MBEDTLS_MODE_CBC;
Ronald Cron75e6ae22021-03-17 14:46:05 +0100[diff] [blame]83 break;
Gilles Peskine695c4cb2022-03-16 12:25:17 +0100[diff] [blame]84#endif
85#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM_STAR_NO_TAG)
Mateusz Starzyk594215b2021-10-14 12:23:06 +0200[diff] [blame]86 case PSA_ALG_CCM_STAR_NO_TAG:
Valerio Setti4a249822023-10-18 12:34:54 +0200[diff] [blame]87 *mode = MBEDTLS_MODE_CCM_STAR_NO_TAG;
Mateusz Starzyk594215b2021-10-14 12:23:06 +0200[diff] [blame]88 break;
Gilles Peskine695c4cb2022-03-16 12:25:17 +0100[diff] [blame]89#endif
90#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]91 case PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 0):
Valerio Setti4a249822023-10-18 12:34:54 +0200[diff] [blame]92 *mode = MBEDTLS_MODE_CCM;
Ronald Cron75e6ae22021-03-17 14:46:05 +0100[diff] [blame]93 break;
Gilles Peskine695c4cb2022-03-16 12:25:17 +0100[diff] [blame]94#endif
95#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]96 case PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM, 0):
Valerio Setti4a249822023-10-18 12:34:54 +0200[diff] [blame]97 *mode = MBEDTLS_MODE_GCM;
Ronald Cron75e6ae22021-03-17 14:46:05 +0100[diff] [blame]98 break;
Gilles Peskine695c4cb2022-03-16 12:25:17 +0100[diff] [blame]99#endif
100#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]101 case PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CHACHA20_POLY1305, 0):
Valerio Setti4a249822023-10-18 12:34:54 +0200[diff] [blame]102 *mode = MBEDTLS_MODE_CHACHAPOLY;
Ronald Cron75e6ae22021-03-17 14:46:05 +0100[diff] [blame]103 break;
Gilles Peskine695c4cb2022-03-16 12:25:17 +0100[diff] [blame]104#endif
Ronald Cron75e6ae22021-03-17 14:46:05 +0100[diff] [blame]105 default:
Valerio Setti4a249822023-10-18 12:34:54 +0200[diff] [blame]106 return PSA_ERROR_NOT_SUPPORTED;
Ronald Cron75e6ae22021-03-17 14:46:05 +0100[diff] [blame]107 }
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]108 } else if (alg == PSA_ALG_CMAC) {
Valerio Setti4a249822023-10-18 12:34:54 +0200[diff] [blame]109 *mode = MBEDTLS_MODE_ECB;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]110 } else {
Valerio Setti4a249822023-10-18 12:34:54 +0200[diff] [blame]111 return PSA_ERROR_NOT_SUPPORTED;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]112 }
Ronald Cron75e6ae22021-03-17 14:46:05 +0100[diff] [blame]113
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]114 switch (key_type) {
Gilles Peskine695c4cb2022-03-16 12:25:17 +0100[diff] [blame]115#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES)
Ronald Cron75e6ae22021-03-17 14:46:05 +0100[diff] [blame]116 case PSA_KEY_TYPE_AES:
117 cipher_id_tmp = MBEDTLS_CIPHER_ID_AES;
118 break;
Gilles Peskine695c4cb2022-03-16 12:25:17 +0100[diff] [blame]119#endif
120#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ARIA)
Gilles Peskine6c12a1e2021-09-21 11:59:39 +0200[diff] [blame]121 case PSA_KEY_TYPE_ARIA:
122 cipher_id_tmp = MBEDTLS_CIPHER_ID_ARIA;
123 break;
Gilles Peskine695c4cb2022-03-16 12:25:17 +0100[diff] [blame]124#endif
125#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES)
Ronald Cron75e6ae22021-03-17 14:46:05 +0100[diff] [blame]126 case PSA_KEY_TYPE_DES:
127 /* key_bits is 64 for Single-DES, 128 for two-key Triple-DES,
128 * and 192 for three-key Triple-DES. */
Valerio Setti4a249822023-10-18 12:34:54 +0200[diff] [blame]129 if (*key_bits == 64) {
Ronald Cron75e6ae22021-03-17 14:46:05 +0100[diff] [blame]130 cipher_id_tmp = MBEDTLS_CIPHER_ID_DES;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]131 } else {
Ronald Cron75e6ae22021-03-17 14:46:05 +0100[diff] [blame]132 cipher_id_tmp = MBEDTLS_CIPHER_ID_3DES;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]133 }
Ronald Cron75e6ae22021-03-17 14:46:05 +0100[diff] [blame]134 /* mbedtls doesn't recognize two-key Triple-DES as an algorithm,
135 * but two-key Triple-DES is functionally three-key Triple-DES
136 * with K1=K3, so that's how we present it to mbedtls. */
Valerio Setti4a249822023-10-18 12:34:54 +0200[diff] [blame]137 if (*key_bits == 128) {
138 *key_bits = 192;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]139 }
Ronald Cron75e6ae22021-03-17 14:46:05 +0100[diff] [blame]140 break;
Gilles Peskine695c4cb2022-03-16 12:25:17 +0100[diff] [blame]141#endif
142#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_CAMELLIA)
Ronald Cron75e6ae22021-03-17 14:46:05 +0100[diff] [blame]143 case PSA_KEY_TYPE_CAMELLIA:
144 cipher_id_tmp = MBEDTLS_CIPHER_ID_CAMELLIA;
145 break;
Gilles Peskine695c4cb2022-03-16 12:25:17 +0100[diff] [blame]146#endif
147#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_CHACHA20)
Ronald Cron75e6ae22021-03-17 14:46:05 +0100[diff] [blame]148 case PSA_KEY_TYPE_CHACHA20:
149 cipher_id_tmp = MBEDTLS_CIPHER_ID_CHACHA20;
150 break;
Gilles Peskine695c4cb2022-03-16 12:25:17 +0100[diff] [blame]151#endif
Ronald Cron75e6ae22021-03-17 14:46:05 +0100[diff] [blame]152 default:
Valerio Setti4a249822023-10-18 12:34:54 +0200[diff] [blame]153 return PSA_ERROR_NOT_SUPPORTED;
Ronald Cron75e6ae22021-03-17 14:46:05 +0100[diff] [blame]154 }
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]155 if (cipher_id != NULL) {
Ronald Cron75e6ae22021-03-17 14:46:05 +0100[diff] [blame]156 *cipher_id = cipher_id_tmp;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]157 }
Ronald Cron75e6ae22021-03-17 14:46:05 +0100[diff] [blame]158
Valerio Setti4a249822023-10-18 12:34:54 +0200[diff] [blame]159 return PSA_SUCCESS;
160}
161
162#if defined(MBEDTLS_CIPHER_C)
163const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa(
164 psa_algorithm_t alg,
165 psa_key_type_t key_type,
166 size_t key_bits,
167 mbedtls_cipher_id_t *cipher_id)
168{
169 mbedtls_cipher_mode_t mode;
170 psa_status_t status;
171 mbedtls_cipher_id_t cipher_id_tmp;
172
173 status = mbedtls_cipher_values_from_psa(alg, key_type, &key_bits, &mode, &cipher_id_tmp);
174 if (status != PSA_SUCCESS) {
175 return NULL;
176 }
177 if (cipher_id != NULL) {
178 *cipher_id = cipher_id_tmp;
179 }
180
181 return mbedtls_cipher_info_from_values(cipher_id_tmp, (int) key_bits, mode);
Ronald Cron75e6ae22021-03-17 14:46:05 +0100[diff] [blame]182}
Valerio Setti2c2aded2023-08-25 09:22:19 +0200[diff] [blame]183#endif /* MBEDTLS_CIPHER_C */
Ronald Cron75e6ae22021-03-17 14:46:05 +0100[diff] [blame]184
Ronald Cron0266cfe2021-03-13 18:50:11 +0100[diff] [blame]185#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
Ronald Cron5d9b00d2021-03-10 14:43:20 +0100[diff] [blame]186
Ronald Cron0266cfe2021-03-13 18:50:11 +0100[diff] [blame]187static psa_status_t psa_cipher_setup(
Ronald Cron6e412a72021-03-10 09:58:47 +0100[diff] [blame]188 mbedtls_psa_cipher_operation_t *operation,
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]189 const psa_key_attributes_t *attributes,
190 const uint8_t *key_buffer, size_t key_buffer_size,
191 psa_algorithm_t alg,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]192 mbedtls_operation_t cipher_operation)
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]193{
194 int ret = 0;
195 size_t key_bits;
196 const mbedtls_cipher_info_t *cipher_info = NULL;
197 psa_key_type_t key_type = attributes->core.type;
198
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]199 (void) key_buffer_size;
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]200
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]201 mbedtls_cipher_init(&operation->ctx.cipher);
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]202
Ronald Cron6e412a72021-03-10 09:58:47 +0100[diff] [blame]203 operation->alg = alg;
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]204 key_bits = attributes->core.bits;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]205 cipher_info = mbedtls_cipher_info_from_psa(alg, key_type,
206 key_bits, NULL);
207 if (cipher_info == NULL) {
208 return PSA_ERROR_NOT_SUPPORTED;
209 }
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]210
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]211 ret = mbedtls_cipher_setup(&operation->ctx.cipher, cipher_info);
212 if (ret != 0) {
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]213 goto exit;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]214 }
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]215
Ronald Cron0266cfe2021-03-13 18:50:11 +0100[diff] [blame]216#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]217 if (key_type == PSA_KEY_TYPE_DES && key_bits == 128) {
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]218 /* Two-key Triple-DES is 3-key Triple-DES with K1=K3 */
219 uint8_t keys[24];
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]220 memcpy(keys, key_buffer, 16);
221 memcpy(keys + 16, key_buffer, 8);
222 ret = mbedtls_cipher_setkey(&operation->ctx.cipher,
223 keys,
224 192, cipher_operation);
225 } else
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]226#endif
227 {
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]228 ret = mbedtls_cipher_setkey(&operation->ctx.cipher, key_buffer,
229 (int) key_bits, cipher_operation);
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]230 }
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]231 if (ret != 0) {
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]232 goto exit;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]233 }
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]234
Ronald Cron0266cfe2021-03-13 18:50:11 +0100[diff] [blame]235#if defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING) || \
236 defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]237 switch (alg) {
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]238 case PSA_ALG_CBC_NO_PADDING:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]239 ret = mbedtls_cipher_set_padding_mode(&operation->ctx.cipher,
240 MBEDTLS_PADDING_NONE);
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]241 break;
242 case PSA_ALG_CBC_PKCS7:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]243 ret = mbedtls_cipher_set_padding_mode(&operation->ctx.cipher,
244 MBEDTLS_PADDING_PKCS7);
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]245 break;
246 default:
247 /* The algorithm doesn't involve padding. */
248 ret = 0;
249 break;
250 }
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]251 if (ret != 0) {
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]252 goto exit;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]253 }
Ronald Cron0266cfe2021-03-13 18:50:11 +0100[diff] [blame]254#endif /* MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING ||
255 MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7 */
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]256
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]257 operation->block_length = (PSA_ALG_IS_STREAM_CIPHER(alg) ? 1 :
258 PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type));
259 operation->iv_length = PSA_CIPHER_IV_LENGTH(key_type, alg);
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]260
261exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]262 return mbedtls_to_psa_error(ret);
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]263}
264
Ronald Cron0266cfe2021-03-13 18:50:11 +0100[diff] [blame]265psa_status_t mbedtls_psa_cipher_encrypt_setup(
Ronald Cron6e412a72021-03-10 09:58:47 +0100[diff] [blame]266 mbedtls_psa_cipher_operation_t *operation,
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]267 const psa_key_attributes_t *attributes,
268 const uint8_t *key_buffer, size_t key_buffer_size,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]269 psa_algorithm_t alg)
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]270{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]271 return psa_cipher_setup(operation, attributes,
272 key_buffer, key_buffer_size,
273 alg, MBEDTLS_ENCRYPT);
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]274}
275
Ronald Cron0266cfe2021-03-13 18:50:11 +0100[diff] [blame]276psa_status_t mbedtls_psa_cipher_decrypt_setup(
Ronald Cron6e412a72021-03-10 09:58:47 +0100[diff] [blame]277 mbedtls_psa_cipher_operation_t *operation,
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]278 const psa_key_attributes_t *attributes,
279 const uint8_t *key_buffer, size_t key_buffer_size,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]280 psa_algorithm_t alg)
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]281{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]282 return psa_cipher_setup(operation, attributes,
283 key_buffer, key_buffer_size,
284 alg, MBEDTLS_DECRYPT);
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]285}
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]286
Ronald Cron0266cfe2021-03-13 18:50:11 +0100[diff] [blame]287psa_status_t mbedtls_psa_cipher_set_iv(
288 mbedtls_psa_cipher_operation_t *operation,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]289 const uint8_t *iv, size_t iv_length)
Ronald Cron8287e6b2021-03-12 10:35:18 +0100[diff] [blame]290{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]291 if (iv_length != operation->iv_length) {
292 return PSA_ERROR_INVALID_ARGUMENT;
293 }
Ronald Cron8287e6b2021-03-12 10:35:18 +0100[diff] [blame]294
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]295 return mbedtls_to_psa_error(
296 mbedtls_cipher_set_iv(&operation->ctx.cipher,
297 iv, iv_length));
Ronald Cron8287e6b2021-03-12 10:35:18 +0100[diff] [blame]298}
299
Gilles Peskine695c4cb2022-03-16 12:25:17 +0100[diff] [blame]300#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING)
Gilles Peskine55dffe52021-09-13 09:33:28 +0200[diff] [blame]301/** Process input for which the algorithm is set to ECB mode.
302 *
303 * This requires manual processing, since the PSA API is defined as being
304 * able to process arbitrary-length calls to psa_cipher_update() with ECB mode,
305 * but the underlying mbedtls_cipher_update only takes full blocks.
306 *
307 * \param ctx The mbedtls cipher context to use. It must have been
308 * set up for ECB.
309 * \param[in] input The input plaintext or ciphertext to process.
310 * \param input_length The number of bytes to process from \p input.
311 * This does not need to be aligned to a block boundary.
312 * If there is a partial block at the end of the input,
313 * it is stored in \p ctx for future processing.
Gilles Peskined87d8732021-09-13 12:20:51 +0200[diff] [blame]314 * \param output The buffer where the output is written. It must be
315 * at least `BS * floor((p + input_length) / BS)` bytes
316 * long, where `p` is the number of bytes in the
317 * unprocessed partial block in \p ctx (with
318 * `0 <= p <= BS - 1`) and `BS` is the block size.
Gilles Peskine55dffe52021-09-13 09:33:28 +0200[diff] [blame]319 * \param output_length On success, the number of bytes written to \p output.
320 * \c 0 on error.
321 *
322 * \return #PSA_SUCCESS or an error from a hardware accelerator
323 */
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]324static psa_status_t psa_cipher_update_ecb(
325 mbedtls_cipher_context_t *ctx,
326 const uint8_t *input,
327 size_t input_length,
328 uint8_t *output,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]329 size_t *output_length)
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]330{
331 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
Dave Rodgman85a88132023-06-24 11:41:50 +0100[diff] [blame]332 size_t block_size = mbedtls_cipher_info_get_block_size(ctx->cipher_info);
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]333 size_t internal_output_length = 0;
334 *output_length = 0;
335
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]336 if (input_length == 0) {
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]337 status = PSA_SUCCESS;
338 goto exit;
339 }
340
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]341 if (ctx->unprocessed_len > 0) {
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]342 /* Fill up to block size, and run the block if there's a full one. */
343 size_t bytes_to_copy = block_size - ctx->unprocessed_len;
344
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]345 if (input_length < bytes_to_copy) {
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]346 bytes_to_copy = input_length;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]347 }
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]348
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]349 memcpy(&(ctx->unprocessed_data[ctx->unprocessed_len]),
350 input, bytes_to_copy);
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]351 input_length -= bytes_to_copy;
352 input += bytes_to_copy;
353 ctx->unprocessed_len += bytes_to_copy;
354
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]355 if (ctx->unprocessed_len == block_size) {
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]356 status = mbedtls_to_psa_error(
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]357 mbedtls_cipher_update(ctx,
358 ctx->unprocessed_data,
359 block_size,
360 output, &internal_output_length));
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]361
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]362 if (status != PSA_SUCCESS) {
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]363 goto exit;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]364 }
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]365
366 output += internal_output_length;
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]367 *output_length += internal_output_length;
368 ctx->unprocessed_len = 0;
369 }
370 }
371
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]372 while (input_length >= block_size) {
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]373 /* Run all full blocks we have, one by one */
374 status = mbedtls_to_psa_error(
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]375 mbedtls_cipher_update(ctx, input,
376 block_size,
377 output, &internal_output_length));
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]378
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]379 if (status != PSA_SUCCESS) {
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]380 goto exit;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]381 }
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]382
383 input_length -= block_size;
384 input += block_size;
385
386 output += internal_output_length;
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]387 *output_length += internal_output_length;
388 }
389
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]390 if (input_length > 0) {
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]391 /* Save unprocessed bytes for later processing */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]392 memcpy(&(ctx->unprocessed_data[ctx->unprocessed_len]),
393 input, input_length);
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]394 ctx->unprocessed_len += input_length;
395 }
396
397 status = PSA_SUCCESS;
398
399exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]400 return status;
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]401}
Gilles Peskine695c4cb2022-03-16 12:25:17 +0100[diff] [blame]402#endif /* MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING */
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]403
Ronald Cron0266cfe2021-03-13 18:50:11 +0100[diff] [blame]404psa_status_t mbedtls_psa_cipher_update(
405 mbedtls_psa_cipher_operation_t *operation,
406 const uint8_t *input, size_t input_length,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]407 uint8_t *output, size_t output_size, size_t *output_length)
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]408{
409 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
410 size_t expected_output_size;
411
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]412 if (!PSA_ALG_IS_STREAM_CIPHER(operation->alg)) {
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]413 /* Take the unprocessed partial block left over from previous
414 * update calls, if any, plus the input to this call. Remove
415 * the last partial block, if any. You get the data that will be
416 * output in this call. */
417 expected_output_size =
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]418 (operation->ctx.cipher.unprocessed_len + input_length)
Ronald Cron6ad554c2021-03-26 09:29:09 +0100[diff] [blame]419 / operation->block_length * operation->block_length;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]420 } else {
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]421 expected_output_size = input_length;
422 }
423
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]424 if (output_size < expected_output_size) {
425 return PSA_ERROR_BUFFER_TOO_SMALL;
426 }
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]427
Gilles Peskine695c4cb2022-03-16 12:25:17 +0100[diff] [blame]428#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]429 if (operation->alg == PSA_ALG_ECB_NO_PADDING) {
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]430 /* mbedtls_cipher_update has an API inconsistency: it will only
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]431 * process a single block at a time in ECB mode. Abstract away that
432 * inconsistency here to match the PSA API behaviour. */
433 status = psa_cipher_update_ecb(&operation->ctx.cipher,
434 input,
435 input_length,
436 output,
437 output_length);
438 } else
Gilles Peskine695c4cb2022-03-16 12:25:17 +0100[diff] [blame]439#endif /* MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING */
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]440 {
441 status = mbedtls_to_psa_error(
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]442 mbedtls_cipher_update(&operation->ctx.cipher, input,
443 input_length, output, output_length));
gabor-mezei-arm58c17272021-06-29 16:41:25 +0200[diff] [blame]444
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]445 if (*output_length > output_size) {
446 return PSA_ERROR_CORRUPTION_DETECTED;
447 }
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]448 }
449
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]450 return status;
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]451}
452
Ronald Cron0266cfe2021-03-13 18:50:11 +0100[diff] [blame]453psa_status_t mbedtls_psa_cipher_finish(
454 mbedtls_psa_cipher_operation_t *operation,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]455 uint8_t *output, size_t output_size, size_t *output_length)
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]456{
457 psa_status_t status = PSA_ERROR_GENERIC_ERROR;
458 uint8_t temp_output_buffer[MBEDTLS_MAX_BLOCK_LENGTH];
459
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]460 if (operation->ctx.cipher.unprocessed_len != 0) {
461 if (operation->alg == PSA_ALG_ECB_NO_PADDING ||
462 operation->alg == PSA_ALG_CBC_NO_PADDING) {
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]463 status = PSA_ERROR_INVALID_ARGUMENT;
464 goto exit;
465 }
466 }
467
468 status = mbedtls_to_psa_error(
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]469 mbedtls_cipher_finish(&operation->ctx.cipher,
470 temp_output_buffer,
471 output_length));
472 if (status != PSA_SUCCESS) {
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]473 goto exit;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]474 }
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]475
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]476 if (*output_length == 0) {
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]477 ; /* Nothing to copy. Note that output may be NULL in this case. */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]478 } else if (output_size >= *output_length) {
479 memcpy(output, temp_output_buffer, *output_length);
480 } else {
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]481 status = PSA_ERROR_BUFFER_TOO_SMALL;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]482 }
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]483
484exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]485 mbedtls_platform_zeroize(temp_output_buffer,
486 sizeof(temp_output_buffer));
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]487
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]488 return status;
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]489}
490
Ronald Cron0266cfe2021-03-13 18:50:11 +0100[diff] [blame]491psa_status_t mbedtls_psa_cipher_abort(
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]492 mbedtls_psa_cipher_operation_t *operation)
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]493{
Ronald Cron937dfee2021-03-10 09:17:32 +0100[diff] [blame]494 /* Sanity check (shouldn't happen: operation->alg should
495 * always have been initialized to a valid value). */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]496 if (!PSA_ALG_IS_CIPHER(operation->alg)) {
497 return PSA_ERROR_BAD_STATE;
498 }
Ronald Cron937dfee2021-03-10 09:17:32 +0100[diff] [blame]499
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]500 mbedtls_cipher_free(&operation->ctx.cipher);
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]501
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]502 return PSA_SUCCESS;
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]503}
gabor-mezei-arma9449a02021-03-25 11:17:10 +0100[diff] [blame]504
Ronald Cron0266cfe2021-03-13 18:50:11 +0100[diff] [blame]505psa_status_t mbedtls_psa_cipher_encrypt(
506 const psa_key_attributes_t *attributes,
507 const uint8_t *key_buffer,
508 size_t key_buffer_size,
509 psa_algorithm_t alg,
Ronald Cron9b674282021-07-09 09:19:35 +0200[diff] [blame]510 const uint8_t *iv,
511 size_t iv_length,
Ronald Cron0266cfe2021-03-13 18:50:11 +0100[diff] [blame]512 const uint8_t *input,
513 size_t input_length,
514 uint8_t *output,
515 size_t output_size,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]516 size_t *output_length)
gabor-mezei-arma9449a02021-03-25 11:17:10 +0100[diff] [blame]517{
518 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
519 mbedtls_psa_cipher_operation_t operation = MBEDTLS_PSA_CIPHER_OPERATION_INIT;
Ronald Cron8188d192021-12-14 10:58:18 +0100[diff] [blame]520 size_t update_output_length, finish_output_length;
gabor-mezei-arma9449a02021-03-25 11:17:10 +0100[diff] [blame]521
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]522 status = mbedtls_psa_cipher_encrypt_setup(&operation, attributes,
523 key_buffer, key_buffer_size,
524 alg);
525 if (status != PSA_SUCCESS) {
gabor-mezei-arma9449a02021-03-25 11:17:10 +0100[diff] [blame]526 goto exit;
gabor-mezei-arma9449a02021-03-25 11:17:10 +0100[diff] [blame]527 }
528
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]529 if (iv_length > 0) {
530 status = mbedtls_psa_cipher_set_iv(&operation, iv, iv_length);
531 if (status != PSA_SUCCESS) {
532 goto exit;
533 }
534 }
535
536 status = mbedtls_psa_cipher_update(&operation, input, input_length,
537 output, output_size,
538 &update_output_length);
539 if (status != PSA_SUCCESS) {
gabor-mezei-arma9449a02021-03-25 11:17:10 +0100[diff] [blame]540 goto exit;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]541 }
gabor-mezei-arma9449a02021-03-25 11:17:10 +0100[diff] [blame]542
Gilles Peskine42649d92022-11-23 14:15:57 +0100[diff] [blame]543 status = mbedtls_psa_cipher_finish(
544 &operation,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]545 mbedtls_buffer_offset(output, update_output_length),
546 output_size - update_output_length, &finish_output_length);
547 if (status != PSA_SUCCESS) {
gabor-mezei-arma9449a02021-03-25 11:17:10 +0100[diff] [blame]548 goto exit;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]549 }
gabor-mezei-arma9449a02021-03-25 11:17:10 +0100[diff] [blame]550
Ronald Cron8188d192021-12-14 10:58:18 +0100[diff] [blame]551 *output_length = update_output_length + finish_output_length;
gabor-mezei-arme5ff8f42021-06-25 15:23:05 +0200[diff] [blame]552
gabor-mezei-arma9449a02021-03-25 11:17:10 +0100[diff] [blame]553exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]554 if (status == PSA_SUCCESS) {
555 status = mbedtls_psa_cipher_abort(&operation);
556 } else {
557 mbedtls_psa_cipher_abort(&operation);
558 }
Ronald Cron0266cfe2021-03-13 18:50:11 +0100[diff] [blame]559
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]560 return status;
gabor-mezei-arma9449a02021-03-25 11:17:10 +0100[diff] [blame]561}
562
Ronald Cron0266cfe2021-03-13 18:50:11 +0100[diff] [blame]563psa_status_t mbedtls_psa_cipher_decrypt(
564 const psa_key_attributes_t *attributes,
565 const uint8_t *key_buffer,
566 size_t key_buffer_size,
567 psa_algorithm_t alg,
568 const uint8_t *input,
569 size_t input_length,
570 uint8_t *output,
571 size_t output_size,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]572 size_t *output_length)
gabor-mezei-arma9449a02021-03-25 11:17:10 +0100[diff] [blame]573{
574 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
575 mbedtls_psa_cipher_operation_t operation = MBEDTLS_PSA_CIPHER_OPERATION_INIT;
gabor-mezei-arme5ff8f42021-06-25 15:23:05 +0200[diff] [blame]576 size_t olength, accumulated_length;
gabor-mezei-arma9449a02021-03-25 11:17:10 +0100[diff] [blame]577
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]578 status = mbedtls_psa_cipher_decrypt_setup(&operation, attributes,
579 key_buffer, key_buffer_size,
580 alg);
581 if (status != PSA_SUCCESS) {
gabor-mezei-arma9449a02021-03-25 11:17:10 +0100[diff] [blame]582 goto exit;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]583 }
gabor-mezei-arma9449a02021-03-25 11:17:10 +0100[diff] [blame]584
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]585 if (operation.iv_length > 0) {
586 status = mbedtls_psa_cipher_set_iv(&operation,
587 input, operation.iv_length);
588 if (status != PSA_SUCCESS) {
gabor-mezei-arma9449a02021-03-25 11:17:10 +0100[diff] [blame]589 goto exit;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]590 }
gabor-mezei-arma9449a02021-03-25 11:17:10 +0100[diff] [blame]591 }
592
Gilles Peskine42649d92022-11-23 14:15:57 +0100[diff] [blame]593 status = mbedtls_psa_cipher_update(
594 &operation,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]595 mbedtls_buffer_offset_const(input, operation.iv_length),
Gilles Peskine42649d92022-11-23 14:15:57 +0100[diff] [blame]596 input_length - operation.iv_length,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]597 output, output_size, &olength);
598 if (status != PSA_SUCCESS) {
gabor-mezei-arma9449a02021-03-25 11:17:10 +0100[diff] [blame]599 goto exit;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]600 }
gabor-mezei-arma9449a02021-03-25 11:17:10 +0100[diff] [blame]601
gabor-mezei-arm6158e282021-06-29 16:42:13 +0200[diff] [blame]602 accumulated_length = olength;
gabor-mezei-arm258ae072021-06-25 15:25:38 +0200[diff] [blame]603
Gilles Peskine42649d92022-11-23 14:15:57 +0100[diff] [blame]604 status = mbedtls_psa_cipher_finish(
605 &operation,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]606 mbedtls_buffer_offset(output, accumulated_length),
607 output_size - accumulated_length, &olength);
608 if (status != PSA_SUCCESS) {
gabor-mezei-arma9449a02021-03-25 11:17:10 +0100[diff] [blame]609 goto exit;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]610 }
gabor-mezei-arma9449a02021-03-25 11:17:10 +0100[diff] [blame]611
gabor-mezei-arm00e54f12021-06-29 19:06:30 +0200[diff] [blame]612 *output_length = accumulated_length + olength;
gabor-mezei-arme5ff8f42021-06-25 15:23:05 +0200[diff] [blame]613
gabor-mezei-arma9449a02021-03-25 11:17:10 +0100[diff] [blame]614exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]615 if (status == PSA_SUCCESS) {
616 status = mbedtls_psa_cipher_abort(&operation);
617 } else {
618 mbedtls_psa_cipher_abort(&operation);
619 }
Ronald Cron0266cfe2021-03-13 18:50:11 +0100[diff] [blame]620
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]621 return status;
gabor-mezei-arma9449a02021-03-25 11:17:10 +0100[diff] [blame]622}
Ronald Cron5d9b00d2021-03-10 14:43:20 +0100[diff] [blame]623#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
Ronald Cron8287e6b2021-03-12 10:35:18 +0100[diff] [blame]624
Ronald Cron0ff57952021-03-08 16:46:35 +0100[diff] [blame]625#endif /* MBEDTLS_PSA_CRYPTO_C */