TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / a83316991461337fd3b477aa4f42362b5101a0fc / . / library / psa_crypto_cipher.c
blob: 22f5363844099c00ae8d1d3fb89c02754c1ac0df [file] [log] [blame]
Ronald Cron0ff57952021-03-08 16:46:35 +0100[diff] [blame]1/*
2 * PSA cipher driver entry points
3 */
4/*
5 * Copyright The Mbed TLS Contributors
6 * SPDX-License-Identifier: Apache-2.0
7 *
8 * Licensed under the Apache License, Version 2.0 (the "License"); you may
9 * not use this file except in compliance with the License.
10 * You may obtain a copy of the License at
11 *
12 * http://www.apache.org/licenses/LICENSE-2.0
13 *
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
16 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * See the License for the specific language governing permissions and
18 * limitations under the License.
19 */
20
21#include "common.h"
22
23#if defined(MBEDTLS_PSA_CRYPTO_C)
24
25#include <psa_crypto_cipher.h>
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]26#include "psa_crypto_core.h"
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]27#include "psa_crypto_random_impl.h"
28
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]29#include "mbedtls/cipher.h"
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]30#include "mbedtls/error.h"
Ronald Cron0ff57952021-03-08 16:46:35 +0100[diff] [blame]31
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]32#include <string.h>
33
Ronald Cron5d9b00d2021-03-10 14:43:20 +0100[diff] [blame]34#if ( defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES) || \
35 ( defined(PSA_CRYPTO_DRIVER_TEST) && \
36 defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DES) ) )
37#define BUILTIN_KEY_TYPE_DES 1
38#endif
39
40#if ( defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING) || \
41 ( defined(PSA_CRYPTO_DRIVER_TEST) && \
42 defined(MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING) ) )
43#define BUILTIN_ALG_CBC_NO_PADDING 1
44#endif
45
46#if ( defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7) || \
47 ( defined(PSA_CRYPTO_DRIVER_TEST) && \
48 defined(MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7) ) )
49#define BUILTIN_ALG_CBC_PKCS7 1
50#endif
51
52#if ( defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_CHACHA20) || \
53 ( defined(PSA_CRYPTO_DRIVER_TEST) && \
54 defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20) ) )
55#define BUILTIN_KEY_TYPE_CHACHA20 1
56#endif
57
Ronald Cron75e6ae22021-03-17 14:46:05 +0100[diff] [blame]58const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa(
59 psa_algorithm_t alg,
60 psa_key_type_t key_type,
61 size_t key_bits,
62 mbedtls_cipher_id_t* cipher_id )
63{
64 mbedtls_cipher_mode_t mode;
65 mbedtls_cipher_id_t cipher_id_tmp;
66
67 if( PSA_ALG_IS_AEAD( alg ) )
68 alg = PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, 0 );
69
70 if( PSA_ALG_IS_CIPHER( alg ) || PSA_ALG_IS_AEAD( alg ) )
71 {
72 switch( alg )
73 {
74 case PSA_ALG_STREAM_CIPHER:
75 mode = MBEDTLS_MODE_STREAM;
76 break;
77 case PSA_ALG_CTR:
78 mode = MBEDTLS_MODE_CTR;
79 break;
80 case PSA_ALG_CFB:
81 mode = MBEDTLS_MODE_CFB;
82 break;
83 case PSA_ALG_OFB:
84 mode = MBEDTLS_MODE_OFB;
85 break;
86 case PSA_ALG_ECB_NO_PADDING:
87 mode = MBEDTLS_MODE_ECB;
88 break;
89 case PSA_ALG_CBC_NO_PADDING:
90 mode = MBEDTLS_MODE_CBC;
91 break;
92 case PSA_ALG_CBC_PKCS7:
93 mode = MBEDTLS_MODE_CBC;
94 break;
95 case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 0 ):
96 mode = MBEDTLS_MODE_CCM;
97 break;
98 case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 0 ):
99 mode = MBEDTLS_MODE_GCM;
100 break;
101 case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CHACHA20_POLY1305, 0 ):
102 mode = MBEDTLS_MODE_CHACHAPOLY;
103 break;
104 default:
105 return( NULL );
106 }
107 }
108 else if( alg == PSA_ALG_CMAC )
109 mode = MBEDTLS_MODE_ECB;
110 else
111 return( NULL );
112
113 switch( key_type )
114 {
115 case PSA_KEY_TYPE_AES:
116 cipher_id_tmp = MBEDTLS_CIPHER_ID_AES;
117 break;
Gilles Peskine8890f642021-09-21 11:59:39 +0200[diff] [blame]118 case PSA_KEY_TYPE_ARIA:
119 cipher_id_tmp = MBEDTLS_CIPHER_ID_ARIA;
120 break;
Ronald Cron75e6ae22021-03-17 14:46:05 +0100[diff] [blame]121 case PSA_KEY_TYPE_DES:
122 /* key_bits is 64 for Single-DES, 128 for two-key Triple-DES,
123 * and 192 for three-key Triple-DES. */
124 if( key_bits == 64 )
125 cipher_id_tmp = MBEDTLS_CIPHER_ID_DES;
126 else
127 cipher_id_tmp = MBEDTLS_CIPHER_ID_3DES;
128 /* mbedtls doesn't recognize two-key Triple-DES as an algorithm,
129 * but two-key Triple-DES is functionally three-key Triple-DES
130 * with K1=K3, so that's how we present it to mbedtls. */
131 if( key_bits == 128 )
132 key_bits = 192;
133 break;
134 case PSA_KEY_TYPE_CAMELLIA:
135 cipher_id_tmp = MBEDTLS_CIPHER_ID_CAMELLIA;
136 break;
137 case PSA_KEY_TYPE_ARC4:
138 cipher_id_tmp = MBEDTLS_CIPHER_ID_ARC4;
139 break;
140 case PSA_KEY_TYPE_CHACHA20:
141 cipher_id_tmp = MBEDTLS_CIPHER_ID_CHACHA20;
142 break;
143 default:
144 return( NULL );
145 }
146 if( cipher_id != NULL )
147 *cipher_id = cipher_id_tmp;
148
149 return( mbedtls_cipher_info_from_values( cipher_id_tmp,
150 (int) key_bits, mode ) );
151}
152
Ronald Cron5d9b00d2021-03-10 14:43:20 +0100[diff] [blame]153#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) || defined(PSA_CRYPTO_DRIVER_TEST)
154
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]155static psa_status_t cipher_setup(
Ronald Cron6e412a72021-03-10 09:58:47 +0100[diff] [blame]156 mbedtls_psa_cipher_operation_t *operation,
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]157 const psa_key_attributes_t *attributes,
158 const uint8_t *key_buffer, size_t key_buffer_size,
159 psa_algorithm_t alg,
160 mbedtls_operation_t cipher_operation )
161{
162 int ret = 0;
163 size_t key_bits;
164 const mbedtls_cipher_info_t *cipher_info = NULL;
165 psa_key_type_t key_type = attributes->core.type;
166
167 (void)key_buffer_size;
168
gabor-mezei-armf67d8af2021-04-12 15:47:35 +0200[diff] [blame]169 mbedtls_cipher_init( &operation->ctx.cipher );
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]170
Ronald Cron6e412a72021-03-10 09:58:47 +0100[diff] [blame]171 operation->alg = alg;
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]172 key_bits = attributes->core.bits;
173 cipher_info = mbedtls_cipher_info_from_psa( alg, key_type,
174 key_bits, NULL );
175 if( cipher_info == NULL )
176 return( PSA_ERROR_NOT_SUPPORTED );
177
gabor-mezei-armf67d8af2021-04-12 15:47:35 +0200[diff] [blame]178 ret = mbedtls_cipher_setup( &operation->ctx.cipher, cipher_info );
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]179 if( ret != 0 )
180 goto exit;
181
Ronald Cron5d9b00d2021-03-10 14:43:20 +0100[diff] [blame]182#if defined(BUILTIN_KEY_TYPE_DES)
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]183 if( key_type == PSA_KEY_TYPE_DES && key_bits == 128 )
184 {
185 /* Two-key Triple-DES is 3-key Triple-DES with K1=K3 */
186 uint8_t keys[24];
187 memcpy( keys, key_buffer, 16 );
188 memcpy( keys + 16, key_buffer, 8 );
gabor-mezei-armf67d8af2021-04-12 15:47:35 +0200[diff] [blame]189 ret = mbedtls_cipher_setkey( &operation->ctx.cipher,
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]190 keys,
191 192, cipher_operation );
192 }
193 else
194#endif
195 {
gabor-mezei-armf67d8af2021-04-12 15:47:35 +0200[diff] [blame]196 ret = mbedtls_cipher_setkey( &operation->ctx.cipher, key_buffer,
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]197 (int) key_bits, cipher_operation );
198 }
199 if( ret != 0 )
200 goto exit;
201
Ronald Cron5d9b00d2021-03-10 14:43:20 +0100[diff] [blame]202#if defined(BUILTIN_ALG_CBC_NO_PADDING) || \
203 defined(BUILTIN_ALG_CBC_PKCS7)
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]204 switch( alg )
205 {
206 case PSA_ALG_CBC_NO_PADDING:
gabor-mezei-armf67d8af2021-04-12 15:47:35 +0200[diff] [blame]207 ret = mbedtls_cipher_set_padding_mode( &operation->ctx.cipher,
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]208 MBEDTLS_PADDING_NONE );
209 break;
210 case PSA_ALG_CBC_PKCS7:
gabor-mezei-armf67d8af2021-04-12 15:47:35 +0200[diff] [blame]211 ret = mbedtls_cipher_set_padding_mode( &operation->ctx.cipher,
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]212 MBEDTLS_PADDING_PKCS7 );
213 break;
214 default:
215 /* The algorithm doesn't involve padding. */
216 ret = 0;
217 break;
218 }
219 if( ret != 0 )
220 goto exit;
Ronald Cron5d9b00d2021-03-10 14:43:20 +0100[diff] [blame]221#endif /* BUILTIN_ALG_CBC_NO_PADDING || BUILTIN_ALG_CBC_PKCS7 */
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]222
Ronald Cron6ad554c2021-03-26 09:29:09 +0100[diff] [blame]223 operation->block_length = ( PSA_ALG_IS_STREAM_CIPHER( alg ) ? 1 :
224 PSA_BLOCK_CIPHER_BLOCK_LENGTH( key_type ) );
Ronald Cronc17e8a92021-03-19 14:12:26 +0100[diff] [blame]225 operation->iv_length = PSA_CIPHER_IV_LENGTH( key_type, alg );
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]226
227exit:
228 return( mbedtls_to_psa_error( ret ) );
229}
230
Ronald Cron8287e6b2021-03-12 10:35:18 +0100[diff] [blame]231static psa_status_t cipher_encrypt_setup(
Ronald Cron6e412a72021-03-10 09:58:47 +0100[diff] [blame]232 mbedtls_psa_cipher_operation_t *operation,
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]233 const psa_key_attributes_t *attributes,
234 const uint8_t *key_buffer, size_t key_buffer_size,
235 psa_algorithm_t alg )
236{
237 return( cipher_setup( operation, attributes,
238 key_buffer, key_buffer_size,
239 alg, MBEDTLS_ENCRYPT ) );
240}
241
Ronald Cron8287e6b2021-03-12 10:35:18 +0100[diff] [blame]242static psa_status_t cipher_decrypt_setup(
Ronald Cron6e412a72021-03-10 09:58:47 +0100[diff] [blame]243 mbedtls_psa_cipher_operation_t *operation,
Ronald Crond6d28882020-12-14 14:56:02 +0100[diff] [blame]244 const psa_key_attributes_t *attributes,
245 const uint8_t *key_buffer, size_t key_buffer_size,
246 psa_algorithm_t alg )
247{
248 return( cipher_setup( operation, attributes,
249 key_buffer, key_buffer_size,
250 alg, MBEDTLS_DECRYPT ) );
251}
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]252
Ronald Cron8287e6b2021-03-12 10:35:18 +0100[diff] [blame]253static psa_status_t cipher_set_iv( mbedtls_psa_cipher_operation_t *operation,
254 const uint8_t *iv, size_t iv_length )
255{
Ronald Cron6ad554c2021-03-26 09:29:09 +0100[diff] [blame]256 if( iv_length != operation->iv_length )
Ronald Cron8287e6b2021-03-12 10:35:18 +0100[diff] [blame]257 return( PSA_ERROR_INVALID_ARGUMENT );
258
259 return( mbedtls_to_psa_error(
gabor-mezei-armf67d8af2021-04-12 15:47:35 +0200[diff] [blame]260 mbedtls_cipher_set_iv( &operation->ctx.cipher,
Ronald Cron8287e6b2021-03-12 10:35:18 +0100[diff] [blame]261 iv, iv_length ) ) );
262}
263
Gilles Peskine7b1c9162021-09-13 09:33:28 +0200[diff] [blame]264/** Process input for which the algorithm is set to ECB mode.
265 *
266 * This requires manual processing, since the PSA API is defined as being
267 * able to process arbitrary-length calls to psa_cipher_update() with ECB mode,
268 * but the underlying mbedtls_cipher_update only takes full blocks.
269 *
270 * \param ctx The mbedtls cipher context to use. It must have been
271 * set up for ECB.
272 * \param[in] input The input plaintext or ciphertext to process.
273 * \param input_length The number of bytes to process from \p input.
274 * This does not need to be aligned to a block boundary.
275 * If there is a partial block at the end of the input,
276 * it is stored in \p ctx for future processing.
Gilles Peskine03900162021-09-13 12:20:51 +0200[diff] [blame]277 * \param output The buffer where the output is written. It must be
278 * at least `BS * floor((p + input_length) / BS)` bytes
279 * long, where `p` is the number of bytes in the
280 * unprocessed partial block in \p ctx (with
281 * `0 <= p <= BS - 1`) and `BS` is the block size.
Gilles Peskine7b1c9162021-09-13 09:33:28 +0200[diff] [blame]282 * \param output_length On success, the number of bytes written to \p output.
283 * \c 0 on error.
284 *
285 * \return #PSA_SUCCESS or an error from a hardware accelerator
286 */
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]287static psa_status_t psa_cipher_update_ecb(
288 mbedtls_cipher_context_t *ctx,
289 const uint8_t *input,
290 size_t input_length,
291 uint8_t *output,
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]292 size_t *output_length )
293{
294 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
295 size_t block_size = ctx->cipher_info->block_size;
296 size_t internal_output_length = 0;
297 *output_length = 0;
298
299 if( input_length == 0 )
300 {
301 status = PSA_SUCCESS;
302 goto exit;
303 }
304
305 if( ctx->unprocessed_len > 0 )
306 {
307 /* Fill up to block size, and run the block if there's a full one. */
308 size_t bytes_to_copy = block_size - ctx->unprocessed_len;
309
310 if( input_length < bytes_to_copy )
311 bytes_to_copy = input_length;
312
313 memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ),
314 input, bytes_to_copy );
315 input_length -= bytes_to_copy;
316 input += bytes_to_copy;
317 ctx->unprocessed_len += bytes_to_copy;
318
319 if( ctx->unprocessed_len == block_size )
320 {
321 status = mbedtls_to_psa_error(
322 mbedtls_cipher_update( ctx,
323 ctx->unprocessed_data,
324 block_size,
325 output, &internal_output_length ) );
326
327 if( status != PSA_SUCCESS )
328 goto exit;
329
330 output += internal_output_length;
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]331 *output_length += internal_output_length;
332 ctx->unprocessed_len = 0;
333 }
334 }
335
336 while( input_length >= block_size )
337 {
338 /* Run all full blocks we have, one by one */
339 status = mbedtls_to_psa_error(
340 mbedtls_cipher_update( ctx, input,
341 block_size,
342 output, &internal_output_length ) );
343
344 if( status != PSA_SUCCESS )
345 goto exit;
346
347 input_length -= block_size;
348 input += block_size;
349
350 output += internal_output_length;
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]351 *output_length += internal_output_length;
352 }
353
354 if( input_length > 0 )
355 {
356 /* Save unprocessed bytes for later processing */
357 memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ),
358 input, input_length );
359 ctx->unprocessed_len += input_length;
360 }
361
362 status = PSA_SUCCESS;
363
364exit:
365 return( status );
366}
367
Ronald Cron8287e6b2021-03-12 10:35:18 +0100[diff] [blame]368static psa_status_t cipher_update( mbedtls_psa_cipher_operation_t *operation,
369 const uint8_t *input,
370 size_t input_length,
371 uint8_t *output,
372 size_t output_size,
373 size_t *output_length )
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]374{
375 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
376 size_t expected_output_size;
377
Ronald Cron6e412a72021-03-10 09:58:47 +0100[diff] [blame]378 if( ! PSA_ALG_IS_STREAM_CIPHER( operation->alg ) )
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]379 {
380 /* Take the unprocessed partial block left over from previous
381 * update calls, if any, plus the input to this call. Remove
382 * the last partial block, if any. You get the data that will be
383 * output in this call. */
384 expected_output_size =
gabor-mezei-armf67d8af2021-04-12 15:47:35 +0200[diff] [blame]385 ( operation->ctx.cipher.unprocessed_len + input_length )
Ronald Cron6ad554c2021-03-26 09:29:09 +0100[diff] [blame]386 / operation->block_length * operation->block_length;
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]387 }
388 else
389 {
390 expected_output_size = input_length;
391 }
392
393 if( output_size < expected_output_size )
394 return( PSA_ERROR_BUFFER_TOO_SMALL );
395
Ronald Cron6e412a72021-03-10 09:58:47 +0100[diff] [blame]396 if( operation->alg == PSA_ALG_ECB_NO_PADDING )
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]397 {
398 /* mbedtls_cipher_update has an API inconsistency: it will only
399 * process a single block at a time in ECB mode. Abstract away that
400 * inconsistency here to match the PSA API behaviour. */
gabor-mezei-armf67d8af2021-04-12 15:47:35 +0200[diff] [blame]401 status = psa_cipher_update_ecb( &operation->ctx.cipher,
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]402 input,
403 input_length,
404 output,
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]405 output_length );
406 }
407 else
408 {
409 status = mbedtls_to_psa_error(
gabor-mezei-armf67d8af2021-04-12 15:47:35 +0200[diff] [blame]410 mbedtls_cipher_update( &operation->ctx.cipher, input,
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]411 input_length, output, output_length ) );
gabor-mezei-arm42373bd2021-06-29 16:41:25 +0200[diff] [blame]412
413 if( *output_length > output_size )
gabor-mezei-arm25230452021-06-29 19:06:30 +0200[diff] [blame]414 return( PSA_ERROR_CORRUPTION_DETECTED );
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]415 }
416
417 return( status );
418}
419
Ronald Cron8287e6b2021-03-12 10:35:18 +0100[diff] [blame]420static psa_status_t cipher_finish( mbedtls_psa_cipher_operation_t *operation,
421 uint8_t *output,
422 size_t output_size,
423 size_t *output_length )
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]424{
425 psa_status_t status = PSA_ERROR_GENERIC_ERROR;
426 uint8_t temp_output_buffer[MBEDTLS_MAX_BLOCK_LENGTH];
427
gabor-mezei-armf67d8af2021-04-12 15:47:35 +0200[diff] [blame]428 if( operation->ctx.cipher.unprocessed_len != 0 )
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]429 {
Ronald Cron6e412a72021-03-10 09:58:47 +0100[diff] [blame]430 if( operation->alg == PSA_ALG_ECB_NO_PADDING ||
431 operation->alg == PSA_ALG_CBC_NO_PADDING )
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]432 {
433 status = PSA_ERROR_INVALID_ARGUMENT;
434 goto exit;
435 }
436 }
437
438 status = mbedtls_to_psa_error(
gabor-mezei-armf67d8af2021-04-12 15:47:35 +0200[diff] [blame]439 mbedtls_cipher_finish( &operation->ctx.cipher,
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]440 temp_output_buffer,
441 output_length ) );
442 if( status != PSA_SUCCESS )
443 goto exit;
444
445 if( *output_length == 0 )
446 ; /* Nothing to copy. Note that output may be NULL in this case. */
447 else if( output_size >= *output_length )
448 memcpy( output, temp_output_buffer, *output_length );
449 else
450 status = PSA_ERROR_BUFFER_TOO_SMALL;
451
452exit:
453 mbedtls_platform_zeroize( temp_output_buffer,
454 sizeof( temp_output_buffer ) );
455
456 return( status );
457}
458
Ronald Cron8287e6b2021-03-12 10:35:18 +0100[diff] [blame]459static psa_status_t cipher_abort( mbedtls_psa_cipher_operation_t *operation )
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]460{
Ronald Cron937dfee2021-03-10 09:17:32 +0100[diff] [blame]461 /* Sanity check (shouldn't happen: operation->alg should
462 * always have been initialized to a valid value). */
Ronald Cron6e412a72021-03-10 09:58:47 +0100[diff] [blame]463 if( ! PSA_ALG_IS_CIPHER( operation->alg ) )
Ronald Cron937dfee2021-03-10 09:17:32 +0100[diff] [blame]464 return( PSA_ERROR_BAD_STATE );
465
gabor-mezei-armf67d8af2021-04-12 15:47:35 +0200[diff] [blame]466 mbedtls_cipher_free( &operation->ctx.cipher );
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]467
468 return( PSA_SUCCESS );
469}
gabor-mezei-armfa990b52021-03-25 11:17:10 +0100[diff] [blame]470
471static psa_status_t cipher_encrypt( const psa_key_attributes_t *attributes,
472 const uint8_t *key_buffer,
473 size_t key_buffer_size,
474 psa_algorithm_t alg,
Ronald Crona8331692021-07-09 09:19:35 +0200[diff] [blame^]475 const uint8_t *iv,
476 size_t iv_length,
gabor-mezei-armfa990b52021-03-25 11:17:10 +0100[diff] [blame]477 const uint8_t *input,
478 size_t input_length,
479 uint8_t *output,
480 size_t output_size,
481 size_t *output_length )
482{
483 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
484 mbedtls_psa_cipher_operation_t operation = MBEDTLS_PSA_CIPHER_OPERATION_INIT;
Ronald Crona8331692021-07-09 09:19:35 +0200[diff] [blame^]485 size_t update_output_length, finish_output_length;
gabor-mezei-armfa990b52021-03-25 11:17:10 +0100[diff] [blame]486
gabor-mezei-arm0e1d31b2021-06-25 15:44:47 +0200[diff] [blame]487 status = cipher_encrypt_setup( &operation, attributes,
488 key_buffer, key_buffer_size, alg );
gabor-mezei-armfa990b52021-03-25 11:17:10 +0100[diff] [blame]489 if( status != PSA_SUCCESS )
490 goto exit;
491
Ronald Crona8331692021-07-09 09:19:35 +0200[diff] [blame^]492 if( iv_length > 0 )
gabor-mezei-armfa990b52021-03-25 11:17:10 +0100[diff] [blame]493 {
Ronald Crona8331692021-07-09 09:19:35 +0200[diff] [blame^]494 status = cipher_set_iv( &operation, iv, iv_length );
gabor-mezei-armfa990b52021-03-25 11:17:10 +0100[diff] [blame]495 if( status != PSA_SUCCESS )
496 goto exit;
gabor-mezei-armfa990b52021-03-25 11:17:10 +0100[diff] [blame]497 }
498
gabor-mezei-armfa990b52021-03-25 11:17:10 +0100[diff] [blame]499 status = cipher_update( &operation, input, input_length,
Ronald Crona8331692021-07-09 09:19:35 +0200[diff] [blame^]500 output, output_size, &update_output_length );
gabor-mezei-armfa990b52021-03-25 11:17:10 +0100[diff] [blame]501 if( status != PSA_SUCCESS )
502 goto exit;
503
Ronald Crona8331692021-07-09 09:19:35 +0200[diff] [blame^]504 status = cipher_finish( &operation, output + update_output_length,
505 output_size - update_output_length,
506 &finish_output_length );
gabor-mezei-armfa990b52021-03-25 11:17:10 +0100[diff] [blame]507 if( status != PSA_SUCCESS )
508 goto exit;
509
Ronald Crona8331692021-07-09 09:19:35 +0200[diff] [blame^]510 *output_length = update_output_length + finish_output_length;
gabor-mezei-arm7fbea092021-06-25 15:23:05 +0200[diff] [blame]511
gabor-mezei-armfa990b52021-03-25 11:17:10 +0100[diff] [blame]512exit:
513 if( status == PSA_SUCCESS )
514 status = cipher_abort( &operation );
515 else
516 cipher_abort( &operation );
517 return( status );
518}
519
520static psa_status_t cipher_decrypt( const psa_key_attributes_t *attributes,
521 const uint8_t *key_buffer,
522 size_t key_buffer_size,
523 psa_algorithm_t alg,
524 const uint8_t *input,
525 size_t input_length,
526 uint8_t *output,
527 size_t output_size,
528 size_t *output_length )
529{
530 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
531 mbedtls_psa_cipher_operation_t operation = MBEDTLS_PSA_CIPHER_OPERATION_INIT;
gabor-mezei-arm7fbea092021-06-25 15:23:05 +0200[diff] [blame]532 size_t olength, accumulated_length;
gabor-mezei-armfa990b52021-03-25 11:17:10 +0100[diff] [blame]533
534 status = cipher_decrypt_setup( &operation, attributes,
535 key_buffer, key_buffer_size, alg );
536 if( status != PSA_SUCCESS )
537 goto exit;
538
539 if( operation.iv_length > 0 )
540 {
541 status = cipher_set_iv( &operation, input, operation.iv_length );
542 if( status != PSA_SUCCESS )
543 goto exit;
544 }
545
gabor-mezei-armfa990b52021-03-25 11:17:10 +0100[diff] [blame]546 status = cipher_update( &operation, input + operation.iv_length,
547 input_length - operation.iv_length,
548 output, output_size, &olength );
gabor-mezei-armfa990b52021-03-25 11:17:10 +0100[diff] [blame]549 if( status != PSA_SUCCESS )
550 goto exit;
551
gabor-mezei-arm809634d2021-06-29 16:42:13 +0200[diff] [blame]552 accumulated_length = olength;
gabor-mezei-arm3fd792d2021-06-25 15:25:38 +0200[diff] [blame]553
gabor-mezei-arm7fbea092021-06-25 15:23:05 +0200[diff] [blame]554 status = cipher_finish( &operation, output + accumulated_length,
555 output_size - accumulated_length, &olength );
gabor-mezei-armfa990b52021-03-25 11:17:10 +0100[diff] [blame]556 if( status != PSA_SUCCESS )
557 goto exit;
558
gabor-mezei-arm25230452021-06-29 19:06:30 +0200[diff] [blame]559 *output_length = accumulated_length + olength;
gabor-mezei-arm7fbea092021-06-25 15:23:05 +0200[diff] [blame]560
gabor-mezei-armfa990b52021-03-25 11:17:10 +0100[diff] [blame]561exit:
562 if ( status == PSA_SUCCESS )
563 status = cipher_abort( &operation );
564 else
565 cipher_abort( &operation );
566 return( status );
567}
Ronald Cron5d9b00d2021-03-10 14:43:20 +0100[diff] [blame]568#endif /* MBEDTLS_PSA_BUILTIN_CIPHER || PSA_CRYPTO_DRIVER_TEST */
Ronald Cron6d051732020-10-01 14:10:20 +0200[diff] [blame]569
Ronald Cron5d9b00d2021-03-10 14:43:20 +0100[diff] [blame]570#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
Ronald Cron8287e6b2021-03-12 10:35:18 +0100[diff] [blame]571psa_status_t mbedtls_psa_cipher_encrypt_setup(
572 mbedtls_psa_cipher_operation_t *operation,
573 const psa_key_attributes_t *attributes,
574 const uint8_t *key_buffer, size_t key_buffer_size,
575 psa_algorithm_t alg )
576{
577 return( cipher_encrypt_setup(
578 operation, attributes, key_buffer, key_buffer_size, alg ) );
579}
580
581psa_status_t mbedtls_psa_cipher_decrypt_setup(
582 mbedtls_psa_cipher_operation_t *operation,
583 const psa_key_attributes_t *attributes,
584 const uint8_t *key_buffer, size_t key_buffer_size,
585 psa_algorithm_t alg )
586{
587 return( cipher_decrypt_setup(
588 operation, attributes, key_buffer, key_buffer_size, alg ) );
589}
590
Ronald Cron8287e6b2021-03-12 10:35:18 +0100[diff] [blame]591psa_status_t mbedtls_psa_cipher_set_iv( mbedtls_psa_cipher_operation_t *operation,
592 const uint8_t *iv,
593 size_t iv_length )
594{
595 return( cipher_set_iv( operation, iv, iv_length ) );
596}
597
598psa_status_t mbedtls_psa_cipher_update( mbedtls_psa_cipher_operation_t *operation,
599 const uint8_t *input,
600 size_t input_length,
601 uint8_t *output,
602 size_t output_size,
603 size_t *output_length )
604{
605 return( cipher_update( operation, input, input_length,
606 output, output_size, output_length ) );
607}
608
609psa_status_t mbedtls_psa_cipher_finish( mbedtls_psa_cipher_operation_t *operation,
610 uint8_t *output,
611 size_t output_size,
612 size_t *output_length )
613{
614 return( cipher_finish( operation, output, output_size, output_length ) );
615}
616
617psa_status_t mbedtls_psa_cipher_abort( mbedtls_psa_cipher_operation_t *operation )
618{
619 return( cipher_abort( operation ) );
620}
gabor-mezei-armfa990b52021-03-25 11:17:10 +0100[diff] [blame]621
622psa_status_t mbedtls_psa_cipher_encrypt( const psa_key_attributes_t *attributes,
623 const uint8_t *key_buffer,
624 size_t key_buffer_size,
625 psa_algorithm_t alg,
Ronald Crona8331692021-07-09 09:19:35 +0200[diff] [blame^]626 const uint8_t *iv,
627 size_t iv_length,
gabor-mezei-armfa990b52021-03-25 11:17:10 +0100[diff] [blame]628 const uint8_t *input,
629 size_t input_length,
630 uint8_t *output,
631 size_t output_size,
632 size_t *output_length )
633{
634 return( cipher_encrypt( attributes, key_buffer, key_buffer_size,
Ronald Crona8331692021-07-09 09:19:35 +0200[diff] [blame^]635 alg, iv, iv_length, input, input_length,
gabor-mezei-armfa990b52021-03-25 11:17:10 +0100[diff] [blame]636 output, output_size, output_length ) );
637}
638
639psa_status_t mbedtls_psa_cipher_decrypt( const psa_key_attributes_t *attributes,
640 const uint8_t *key_buffer,
641 size_t key_buffer_size,
642 psa_algorithm_t alg,
643 const uint8_t *input,
644 size_t input_length,
645 uint8_t *output,
646 size_t output_size,
647 size_t *output_length )
648{
649 return( cipher_decrypt( attributes, key_buffer, key_buffer_size,
650 alg, input, input_length,
651 output, output_size, output_length ) );
652}
Ronald Cron5d9b00d2021-03-10 14:43:20 +0100[diff] [blame]653#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
Ronald Cron8287e6b2021-03-12 10:35:18 +0100[diff] [blame]654
Ronald Cron3522e322021-03-12 11:08:49 +0100[diff] [blame]655/*
656 * BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY.
657 */
658
659#if defined(PSA_CRYPTO_DRIVER_TEST)
660psa_status_t mbedtls_transparent_test_driver_cipher_encrypt_setup(
661 mbedtls_psa_cipher_operation_t *operation,
662 const psa_key_attributes_t *attributes,
663 const uint8_t *key_buffer, size_t key_buffer_size,
664 psa_algorithm_t alg )
665{
666 return( cipher_encrypt_setup(
667 operation, attributes, key_buffer, key_buffer_size, alg ) );
668}
669
670psa_status_t mbedtls_transparent_test_driver_cipher_decrypt_setup(
671 mbedtls_psa_cipher_operation_t *operation,
672 const psa_key_attributes_t *attributes,
673 const uint8_t *key_buffer, size_t key_buffer_size,
674 psa_algorithm_t alg )
675{
676 return( cipher_decrypt_setup(
677 operation, attributes, key_buffer, key_buffer_size, alg ) );
678}
679
Ronald Cron3522e322021-03-12 11:08:49 +0100[diff] [blame]680psa_status_t mbedtls_transparent_test_driver_cipher_set_iv(
681 mbedtls_psa_cipher_operation_t *operation,
682 const uint8_t *iv, size_t iv_length )
683{
684 return( cipher_set_iv( operation, iv, iv_length ) );
685}
686
687psa_status_t mbedtls_transparent_test_driver_cipher_update(
688 mbedtls_psa_cipher_operation_t *operation,
689 const uint8_t *input, size_t input_length,
690 uint8_t *output, size_t output_size, size_t *output_length )
691{
692 return( cipher_update( operation, input, input_length,
693 output, output_size, output_length ) );
694}
695
696psa_status_t mbedtls_transparent_test_driver_cipher_finish(
697 mbedtls_psa_cipher_operation_t *operation,
698 uint8_t *output, size_t output_size, size_t *output_length )
699{
700 return( cipher_finish( operation, output, output_size, output_length ) );
701}
702
703psa_status_t mbedtls_transparent_test_driver_cipher_abort(
704 mbedtls_psa_cipher_operation_t *operation )
705{
706 return( cipher_abort( operation ) );
707}
gabor-mezei-armfa990b52021-03-25 11:17:10 +0100[diff] [blame]708
709psa_status_t mbedtls_transparent_test_driver_cipher_encrypt(
710 const psa_key_attributes_t *attributes,
711 const uint8_t *key_buffer,
712 size_t key_buffer_size,
713 psa_algorithm_t alg,
Ronald Crona8331692021-07-09 09:19:35 +0200[diff] [blame^]714 const uint8_t *iv,
715 size_t iv_length,
gabor-mezei-armfa990b52021-03-25 11:17:10 +0100[diff] [blame]716 const uint8_t *input,
717 size_t input_length,
718 uint8_t *output,
719 size_t output_size,
720 size_t *output_length )
721{
722 return( cipher_encrypt( attributes, key_buffer, key_buffer_size,
Ronald Crona8331692021-07-09 09:19:35 +0200[diff] [blame^]723 alg, iv, iv_length, input, input_length,
gabor-mezei-armfa990b52021-03-25 11:17:10 +0100[diff] [blame]724 output, output_size, output_length ) );
725}
726
727psa_status_t mbedtls_transparent_test_driver_cipher_decrypt(
728 const psa_key_attributes_t *attributes,
729 const uint8_t *key_buffer,
730 size_t key_buffer_size,
731 psa_algorithm_t alg,
732 const uint8_t *input,
733 size_t input_length,
734 uint8_t *output,
735 size_t output_size,
736 size_t *output_length )
737{
738 return( cipher_decrypt( attributes, key_buffer, key_buffer_size,
739 alg, input, input_length,
740 output, output_size, output_length ) );
741}
Ronald Cron3522e322021-03-12 11:08:49 +0100[diff] [blame]742#endif /* PSA_CRYPTO_DRIVER_TEST */
743
Ronald Cron0ff57952021-03-08 16:46:35 +0100[diff] [blame]744#endif /* MBEDTLS_PSA_CRYPTO_C */