psa: Add mbedtls_psa_cipher_xyz() APIs
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index b26a988..5c867b6 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3476,8 +3476,7 @@
size_t iv_size,
size_t *iv_length )
{
- psa_status_t status;
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
if( operation->alg == 0 )
{
@@ -3495,30 +3494,20 @@
iv,
iv_size,
iv_length );
- goto exit;
}
-
- if( iv_size < operation->iv_size )
+ else
{
- status = PSA_ERROR_BUFFER_TOO_SMALL;
- goto exit;
- }
- ret = mbedtls_psa_get_random( MBEDTLS_PSA_RANDOM_STATE,
- iv, operation->iv_size );
- if( ret != 0 )
- {
- status = mbedtls_to_psa_error( ret );
- goto exit;
+ status = mbedtls_psa_cipher_generate_iv( operation,
+ iv,
+ iv_size,
+ iv_length );
}
- *iv_length = operation->iv_size;
- status = psa_cipher_set_iv( operation, iv, *iv_length );
-
-exit:
if( status == PSA_SUCCESS )
operation->iv_set = 1;
else
psa_cipher_abort( operation );
+
return( status );
}
@@ -3526,8 +3515,7 @@
const uint8_t *iv,
size_t iv_length )
{
- psa_status_t status;
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
if( operation->alg == 0 )
{
@@ -3544,17 +3532,12 @@
status = psa_driver_wrapper_cipher_set_iv( &operation->ctx.driver,
iv,
iv_length );
- goto exit;
+ }
+ else
+ {
+ status = mbedtls_psa_cipher_set_iv( operation, iv, iv_length );
}
- if( iv_length != operation->iv_size )
- {
- status = PSA_ERROR_INVALID_ARGUMENT;
- goto exit;
- }
- ret = mbedtls_cipher_set_iv( &operation->ctx.cipher, iv, iv_length );
- status = mbedtls_to_psa_error( ret );
-exit:
if( status == PSA_SUCCESS )
operation->iv_set = 1;
else
@@ -3562,94 +3545,6 @@
return( status );
}
-/* Process input for which the algorithm is set to ECB mode. This requires
- * manual processing, since the PSA API is defined as being able to process
- * arbitrary-length calls to psa_cipher_update() with ECB mode, but the
- * underlying mbedtls_cipher_update only takes full blocks. */
-static psa_status_t psa_cipher_update_ecb_internal(
- mbedtls_cipher_context_t *ctx,
- const uint8_t *input,
- size_t input_length,
- uint8_t *output,
- size_t output_size,
- size_t *output_length )
-{
- psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
- size_t block_size = ctx->cipher_info->block_size;
- size_t internal_output_length = 0;
- *output_length = 0;
-
- if( input_length == 0 )
- {
- status = PSA_SUCCESS;
- goto exit;
- }
-
- if( ctx->unprocessed_len > 0 )
- {
- /* Fill up to block size, and run the block if there's a full one. */
- size_t bytes_to_copy = block_size - ctx->unprocessed_len;
-
- if( input_length < bytes_to_copy )
- bytes_to_copy = input_length;
-
- memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ),
- input, bytes_to_copy );
- input_length -= bytes_to_copy;
- input += bytes_to_copy;
- ctx->unprocessed_len += bytes_to_copy;
-
- if( ctx->unprocessed_len == block_size )
- {
- status = mbedtls_to_psa_error(
- mbedtls_cipher_update( ctx,
- ctx->unprocessed_data,
- block_size,
- output, &internal_output_length ) );
-
- if( status != PSA_SUCCESS )
- goto exit;
-
- output += internal_output_length;
- output_size -= internal_output_length;
- *output_length += internal_output_length;
- ctx->unprocessed_len = 0;
- }
- }
-
- while( input_length >= block_size )
- {
- /* Run all full blocks we have, one by one */
- status = mbedtls_to_psa_error(
- mbedtls_cipher_update( ctx, input,
- block_size,
- output, &internal_output_length ) );
-
- if( status != PSA_SUCCESS )
- goto exit;
-
- input_length -= block_size;
- input += block_size;
-
- output += internal_output_length;
- output_size -= internal_output_length;
- *output_length += internal_output_length;
- }
-
- if( input_length > 0 )
- {
- /* Save unprocessed bytes for later processing */
- memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ),
- input, input_length );
- ctx->unprocessed_len += input_length;
- }
-
- status = PSA_SUCCESS;
-
-exit:
- return( status );
-}
-
psa_status_t psa_cipher_update( psa_cipher_operation_t *operation,
const uint8_t *input,
size_t input_length,
@@ -3658,7 +3553,7 @@
size_t *output_length )
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
- size_t expected_output_size;
+
if( operation->alg == 0 )
{
return( PSA_ERROR_BAD_STATE );
@@ -3676,51 +3571,20 @@
output,
output_size,
output_length );
- goto exit;
- }
-
- if( ! PSA_ALG_IS_STREAM_CIPHER( operation->alg ) )
- {
- /* Take the unprocessed partial block left over from previous
- * update calls, if any, plus the input to this call. Remove
- * the last partial block, if any. You get the data that will be
- * output in this call. */
- expected_output_size =
- ( operation->ctx.cipher.unprocessed_len + input_length )
- / operation->block_size * operation->block_size;
}
else
{
- expected_output_size = input_length;
+ status = mbedtls_psa_cipher_update( operation,
+ input,
+ input_length,
+ output,
+ output_size,
+ output_length );
}
- if( output_size < expected_output_size )
- {
- status = PSA_ERROR_BUFFER_TOO_SMALL;
- goto exit;
- }
-
- if( operation->alg == PSA_ALG_ECB_NO_PADDING )
- {
- /* mbedtls_cipher_update has an API inconsistency: it will only
- * process a single block at a time in ECB mode. Abstract away that
- * inconsistency here to match the PSA API behaviour. */
- status = psa_cipher_update_ecb_internal( &operation->ctx.cipher,
- input,
- input_length,
- output,
- output_size,
- output_length );
- }
- else
- {
- status = mbedtls_to_psa_error(
- mbedtls_cipher_update( &operation->ctx.cipher, input,
- input_length, output, output_length ) );
- }
-exit:
if( status != PSA_SUCCESS )
psa_cipher_abort( operation );
+
return( status );
}
@@ -3730,7 +3594,7 @@
size_t *output_length )
{
psa_status_t status = PSA_ERROR_GENERIC_ERROR;
- uint8_t temp_output_buffer[MBEDTLS_MAX_BLOCK_LENGTH];
+
if( operation->alg == 0 )
{
return( PSA_ERROR_BAD_STATE );
@@ -3746,37 +3610,15 @@
output,
output_size,
output_length );
- goto exit;
}
-
- if( operation->ctx.cipher.unprocessed_len != 0 )
- {
- if( operation->alg == PSA_ALG_ECB_NO_PADDING ||
- operation->alg == PSA_ALG_CBC_NO_PADDING )
- {
- status = PSA_ERROR_INVALID_ARGUMENT;
- goto exit;
- }
- }
-
- status = mbedtls_to_psa_error(
- mbedtls_cipher_finish( &operation->ctx.cipher,
- temp_output_buffer,
- output_length ) );
- if( status != PSA_SUCCESS )
- goto exit;
-
- if( *output_length == 0 )
- ; /* Nothing to copy. Note that output may be NULL in this case. */
- else if( output_size >= *output_length )
- memcpy( output, temp_output_buffer, *output_length );
else
- status = PSA_ERROR_BUFFER_TOO_SMALL;
-
-exit:
- if( operation->mbedtls_in_use == 1 )
- mbedtls_platform_zeroize( temp_output_buffer, sizeof( temp_output_buffer ) );
-
+ {
+ status = mbedtls_psa_cipher_finish( operation,
+ output,
+ output_size,
+ output_length );
+ }
+
if( status == PSA_SUCCESS )
return( psa_cipher_abort( operation ) );
else
@@ -3806,7 +3648,7 @@
if( operation->mbedtls_in_use == 0 )
psa_driver_wrapper_cipher_abort( &operation->ctx.driver );
else
- mbedtls_cipher_free( &operation->ctx.cipher );
+ mbedtls_psa_cipher_abort( operation );
operation->alg = 0;
operation->key_set = 0;
@@ -3819,9 +3661,6 @@
return( PSA_SUCCESS );
}
-
-
-
/****************************************************************/
/* AEAD */
/****************************************************************/
diff --git a/library/psa_crypto_cipher.c b/library/psa_crypto_cipher.c
index 73a2dab..91d471b 100644
--- a/library/psa_crypto_cipher.c
+++ b/library/psa_crypto_cipher.c
@@ -24,7 +24,10 @@
#include <psa_crypto_cipher.h>
#include "psa_crypto_core.h"
+#include "psa_crypto_random_impl.h"
+
#include "mbedtls/cipher.h"
+#include "mbedtls/error.h"
#include <string.h>
@@ -143,4 +146,220 @@
key_buffer, key_buffer_size,
alg, MBEDTLS_DECRYPT ) );
}
+
+psa_status_t mbedtls_psa_cipher_generate_iv(
+ psa_cipher_operation_t *operation,
+ uint8_t *iv, size_t iv_size, size_t *iv_length )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+
+ if( iv_size < operation->iv_size )
+ return( PSA_ERROR_BUFFER_TOO_SMALL );
+
+ ret = mbedtls_psa_get_random( MBEDTLS_PSA_RANDOM_STATE,
+ iv, operation->iv_size );
+ if( ret != 0 )
+ return( mbedtls_to_psa_error( ret ) );
+
+ *iv_length = operation->iv_size;
+
+ return( mbedtls_psa_cipher_set_iv( operation, iv, *iv_length ) );
+}
+
+psa_status_t mbedtls_psa_cipher_set_iv( psa_cipher_operation_t *operation,
+ const uint8_t *iv,
+ size_t iv_length )
+{
+ if( iv_length != operation->iv_size )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+
+ return( mbedtls_to_psa_error(
+ mbedtls_cipher_set_iv( &operation->ctx.cipher,
+ iv, iv_length ) ) );
+}
+
+/* Process input for which the algorithm is set to ECB mode. This requires
+ * manual processing, since the PSA API is defined as being able to process
+ * arbitrary-length calls to psa_cipher_update() with ECB mode, but the
+ * underlying mbedtls_cipher_update only takes full blocks. */
+static psa_status_t psa_cipher_update_ecb(
+ mbedtls_cipher_context_t *ctx,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length )
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ size_t block_size = ctx->cipher_info->block_size;
+ size_t internal_output_length = 0;
+ *output_length = 0;
+
+ if( input_length == 0 )
+ {
+ status = PSA_SUCCESS;
+ goto exit;
+ }
+
+ if( ctx->unprocessed_len > 0 )
+ {
+ /* Fill up to block size, and run the block if there's a full one. */
+ size_t bytes_to_copy = block_size - ctx->unprocessed_len;
+
+ if( input_length < bytes_to_copy )
+ bytes_to_copy = input_length;
+
+ memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ),
+ input, bytes_to_copy );
+ input_length -= bytes_to_copy;
+ input += bytes_to_copy;
+ ctx->unprocessed_len += bytes_to_copy;
+
+ if( ctx->unprocessed_len == block_size )
+ {
+ status = mbedtls_to_psa_error(
+ mbedtls_cipher_update( ctx,
+ ctx->unprocessed_data,
+ block_size,
+ output, &internal_output_length ) );
+
+ if( status != PSA_SUCCESS )
+ goto exit;
+
+ output += internal_output_length;
+ output_size -= internal_output_length;
+ *output_length += internal_output_length;
+ ctx->unprocessed_len = 0;
+ }
+ }
+
+ while( input_length >= block_size )
+ {
+ /* Run all full blocks we have, one by one */
+ status = mbedtls_to_psa_error(
+ mbedtls_cipher_update( ctx, input,
+ block_size,
+ output, &internal_output_length ) );
+
+ if( status != PSA_SUCCESS )
+ goto exit;
+
+ input_length -= block_size;
+ input += block_size;
+
+ output += internal_output_length;
+ output_size -= internal_output_length;
+ *output_length += internal_output_length;
+ }
+
+ if( input_length > 0 )
+ {
+ /* Save unprocessed bytes for later processing */
+ memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ),
+ input, input_length );
+ ctx->unprocessed_len += input_length;
+ }
+
+ status = PSA_SUCCESS;
+
+exit:
+ return( status );
+}
+
+psa_status_t mbedtls_psa_cipher_update( psa_cipher_operation_t *operation,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length )
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ size_t expected_output_size;
+
+ if( ! PSA_ALG_IS_STREAM_CIPHER( operation->alg ) )
+ {
+ /* Take the unprocessed partial block left over from previous
+ * update calls, if any, plus the input to this call. Remove
+ * the last partial block, if any. You get the data that will be
+ * output in this call. */
+ expected_output_size =
+ ( operation->ctx.cipher.unprocessed_len + input_length )
+ / operation->block_size * operation->block_size;
+ }
+ else
+ {
+ expected_output_size = input_length;
+ }
+
+ if( output_size < expected_output_size )
+ return( PSA_ERROR_BUFFER_TOO_SMALL );
+
+ if( operation->alg == PSA_ALG_ECB_NO_PADDING )
+ {
+ /* mbedtls_cipher_update has an API inconsistency: it will only
+ * process a single block at a time in ECB mode. Abstract away that
+ * inconsistency here to match the PSA API behaviour. */
+ status = psa_cipher_update_ecb( &operation->ctx.cipher,
+ input,
+ input_length,
+ output,
+ output_size,
+ output_length );
+ }
+ else
+ {
+ status = mbedtls_to_psa_error(
+ mbedtls_cipher_update( &operation->ctx.cipher, input,
+ input_length, output, output_length ) );
+ }
+
+ return( status );
+}
+
+psa_status_t mbedtls_psa_cipher_finish( psa_cipher_operation_t *operation,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length )
+{
+ psa_status_t status = PSA_ERROR_GENERIC_ERROR;
+ uint8_t temp_output_buffer[MBEDTLS_MAX_BLOCK_LENGTH];
+
+ if( operation->ctx.cipher.unprocessed_len != 0 )
+ {
+ if( operation->alg == PSA_ALG_ECB_NO_PADDING ||
+ operation->alg == PSA_ALG_CBC_NO_PADDING )
+ {
+ status = PSA_ERROR_INVALID_ARGUMENT;
+ goto exit;
+ }
+ }
+
+ status = mbedtls_to_psa_error(
+ mbedtls_cipher_finish( &operation->ctx.cipher,
+ temp_output_buffer,
+ output_length ) );
+ if( status != PSA_SUCCESS )
+ goto exit;
+
+ if( *output_length == 0 )
+ ; /* Nothing to copy. Note that output may be NULL in this case. */
+ else if( output_size >= *output_length )
+ memcpy( output, temp_output_buffer, *output_length );
+ else
+ status = PSA_ERROR_BUFFER_TOO_SMALL;
+
+exit:
+ mbedtls_platform_zeroize( temp_output_buffer,
+ sizeof( temp_output_buffer ) );
+
+ return( status );
+}
+
+psa_status_t mbedtls_psa_cipher_abort( psa_cipher_operation_t *operation )
+{
+ mbedtls_cipher_free( &operation->ctx.cipher );
+
+ return( PSA_SUCCESS );
+}
+
#endif /* MBEDTLS_PSA_CRYPTO_C */
diff --git a/library/psa_crypto_cipher.h b/library/psa_crypto_cipher.h
index e3231fc..3a58a81 100644
--- a/library/psa_crypto_cipher.h
+++ b/library/psa_crypto_cipher.h
@@ -83,4 +83,127 @@
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg );
+/** Generate an IV for a symmetric encryption operation.
+ *
+ * This function generates a random IV (initialization vector), nonce
+ * or initial counter value for the encryption operation as appropriate
+ * for the chosen algorithm, key type and key size.
+ *
+ * \note The signature of this function is that of a PSA driver
+ * cipher_generate_iv entry point. This function behaves as a
+ * cipher_generate_iv entry point as defined in the PSA driver
+ * interface specification for transparent drivers.
+ *
+ * \param[in,out] operation Active cipher operation.
+ * \param[out] iv Buffer where the generated IV is to be written.
+ * \param[in] iv_size Size of the \p iv buffer in bytes.
+ * \param[out] iv_length On success, the number of bytes of the
+ * generated IV.
+ *
+ * \retval #PSA_SUCCESS
+ * \retval #PSA_ERROR_BUFFER_TOO_SMALL
+ * The size of the \p iv buffer is too small.
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ */
+psa_status_t mbedtls_psa_cipher_generate_iv(
+ psa_cipher_operation_t *operation,
+ uint8_t *iv, size_t iv_size, size_t *iv_length );
+
+/** Set the IV for a symmetric encryption or decryption operation.
+ *
+ * This function sets the IV (initialization vector), nonce
+ * or initial counter value for the encryption or decryption operation.
+ *
+ * \note The signature of this function is that of a PSA driver
+ * cipher_set_iv entry point. This function behaves as a
+ * cipher_set_iv entry point as defined in the PSA driver
+ * interface specification for transparent drivers.
+ *
+ * \param[in,out] operation Active cipher operation.
+ * \param[in] iv Buffer containing the IV to use.
+ * \param[in] iv_length Size of the IV in bytes.
+ *
+ * \retval #PSA_SUCCESS
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * The size of \p iv is not acceptable for the chosen algorithm,
+ * or the chosen algorithm does not use an IV.
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ */
+psa_status_t mbedtls_psa_cipher_set_iv(
+ psa_cipher_operation_t *operation,
+ const uint8_t *iv, size_t iv_length );
+
+/** Encrypt or decrypt a message fragment in an active cipher operation.
+ *
+ * \note The signature of this function is that of a PSA driver
+ * cipher_update entry point. This function behaves as a
+ * cipher_update entry point as defined in the PSA driver
+ * interface specification for transparent drivers.
+ *
+ * \param[in,out] operation Active cipher operation.
+ * \param[in] input Buffer containing the message fragment to
+ * encrypt or decrypt.
+ * \param[in] input_length Size of the \p input buffer in bytes.
+ * \param[out] output Buffer where the output is to be written.
+ * \param[in] output_size Size of the \p output buffer in bytes.
+ * \param[out] output_length On success, the number of bytes
+ * that make up the returned output.
+ *
+ * \retval #PSA_SUCCESS
+ * \retval #PSA_ERROR_BUFFER_TOO_SMALL
+ * The size of the \p output buffer is too small.
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ */
+psa_status_t mbedtls_psa_cipher_update(
+ psa_cipher_operation_t *operation,
+ const uint8_t *input, size_t input_length,
+ uint8_t *output, size_t output_size, size_t *output_length );
+
+/** Finish encrypting or decrypting a message in a cipher operation.
+ *
+ * \note The signature of this function is that of a PSA driver
+ * cipher_finish entry point. This function behaves as a
+ * cipher_finish entry point as defined in the PSA driver
+ * interface specification for transparent drivers.
+ *
+ * \param[in,out] operation Active cipher operation.
+ * \param[out] output Buffer where the output is to be written.
+ * \param[in] output_size Size of the \p output buffer in bytes.
+ * \param[out] output_length On success, the number of bytes
+ * that make up the returned output.
+ *
+ * \retval #PSA_SUCCESS
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * The total input size passed to this operation is not valid for
+ * this particular algorithm. For example, the algorithm is a based
+ * on block cipher and requires a whole number of blocks, but the
+ * total input size is not a multiple of the block size.
+ * \retval #PSA_ERROR_INVALID_PADDING
+ * This is a decryption operation for an algorithm that includes
+ * padding, and the ciphertext does not contain valid padding.
+ * \retval #PSA_ERROR_BUFFER_TOO_SMALL
+ * The size of the \p output buffer is too small.
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ */
+psa_status_t mbedtls_psa_cipher_finish(
+ psa_cipher_operation_t *operation,
+ uint8_t *output, size_t output_size, size_t *output_length );
+
+/** Abort a cipher operation.
+ *
+ * Aborting an operation frees all associated resources except for the
+ * \p operation structure itself. Once aborted, the operation object
+ * can be reused for another operation.
+ *
+ * \note The signature of this function is that of a PSA driver
+ * cipher_abort entry point. This function behaves as a
+ * cipher_abort entry point as defined in the PSA driver
+ * interface specification for transparent drivers.
+ *
+ * \param[in,out] operation Initialized cipher operation.
+ *
+ * \retval #PSA_SUCCESS
+ */
+psa_status_t mbedtls_psa_cipher_abort( psa_cipher_operation_t *operation );
+
#endif /* PSA_CRYPTO_CIPHER_H */
