From 503973bdf33e08ffa99f686ddf52834131d9964a Mon Sep 17 00:00:00 2001 From: mohammad1603 Date: Mon, 12 Mar 2018 15:59:30 +0200 Subject: [PATCH] initial implementation for PSA symmetric APIs - missing tests and documentations --- include/psa/crypto.h | 11 ++- include/psa/crypto_struct.h | 2 +- library/psa_crypto.c | 146 ++++++++++++++++++++++++++++++++++++ 3 files changed, 154 insertions(+), 5 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index f8b8ceadc..089484f19 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -1057,12 +1057,15 @@ psa_status_t psa_encrypt_set_iv(psa_cipher_operation_t *operation, psa_status_t psa_cipher_update(psa_cipher_operation_t *operation, const uint8_t *input, - size_t input_length); + size_t input_length, + unsigned char *output, + size_t output_size, + size_t *output_length); psa_status_t psa_cipher_finish(psa_cipher_operation_t *operation, - uint8_t *mac, - size_t mac_size, - size_t *mac_length); + uint8_t *output, + size_t output_size, + size_t *output_length); psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation); diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index eba4862c6..2975bdcb0 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -106,7 +106,7 @@ struct psa_cipher_operation_s uint8_t block_size; union { - unsigned dummy; /* Make the union non-empty even with no supported algorithms. */ + mbedtls_cipher_context_t cipher; } ctx; }; diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 7e633a3ce..428a237df 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1289,6 +1289,152 @@ psa_status_t psa_asymmetric_sign(psa_key_slot_t key, } +/****************************************************************/ +/* Symmetric cryptography */ +/****************************************************************/ + +psa_status_t psa_decrypt_setup(psa_cipher_operation_t *operation, + psa_key_slot_t key, + psa_algorithm_t alg); +{ + int ret = MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; + psa_status_t status; + key_slot_t *slot; + psa_key_type_t key_type; + size_t key_bits; + const mbedtls_cipher_info_t *cipher_info = NULL; + + operation->alg = 0; + operation->key_set = 0; + operation->iv_set = 0; + operation->block_size = 0; + operation->iv_size = 0; + + status = psa_get_key_information( key, &key_type, &key_bits ); + if( status != PSA_SUCCESS ) + return( status ); + slot = &global_data.key_slots[key]; + + cipher_info = mbedtls_cipher_info_from_psa( alg, key_type, key_bits ); + if( cipher_info == NULL ) + return( PSA_ERROR_NOT_SUPPORTED ); + + operation->block_size = cipher_info->block_size; + + mbedtls_cipher_init( &operation->ctx.cipher ); + ret = mbedtls_cipher_setup( &operation->ctx.cipher, cipher_info ); + if (ret != 0) + { + psa_cipher_abort( operation ); + return( mbedtls_to_psa_error( ret ) ); + } + + ret = mbedtls_cipher_setkey( &operation->ctx.cipher, slot->data.raw.data, + key_bits, MBEDTLS_DECRYPT ); + if (ret != 0) + { + psa_cipher_abort( operation ); + return( mbedtls_to_psa_error( ret ) ); + } + + operation->key_set = 1; + operation->alg = alg; + + return ( PSA_SUCCESS ); +} + +psa_status_t psa_encrypt_generate_iv(psa_cipher_operation_t *operation, + unsigned char *iv, + size_t iv_size, + size_t *iv_length) +{ + int ret = MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; + + ret = mbedtls_ctr_drbg_random( &global_data.ctr_drbg, iv, iv_size); + if (ret != 0) + { + return( mbedtls_to_psa_error( ret ) ); + } + + *iv_length = iv_size; + retuen ( PSA_SUCCESS ); +} + +psa_status_t psa_encrypt_set_iv(psa_cipher_operation_t *operation, + const unsigned char *iv, + size_t iv_length) +{ + int ret = MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; + + ret = mbedtls_cipher_set_iv( &operation->ctx.cipher, iv, iv_length ); + if (ret != 0) + { + psa_cipher_abort( operation ); + return( mbedtls_to_psa_error( ret ) ); + } + + operation->iv_set = 1; + operation->iv_size = iv_length; + + return ( PSA_SUCCESS ); +} + +psa_status_t psa_cipher_update(psa_cipher_operation_t *operation, + const uint8_t *input, + size_t input_length, + unsigned char *output, + size_t output_size, + size_t *output_length) +{ + int ret = MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; + + ret = mbedtls_cipher_update( &operation->ctx.cipher, input, + input_length, output, output_length ); + if (ret != 0) + { + psa_cipher_abort( operation ); + return( mbedtls_to_psa_error( ret ) ); + } + + return ( PSA_SUCCESS ); +} + +psa_status_t psa_cipher_finish(psa_cipher_operation_t *operation, + uint8_t *output, + size_t output_size, + size_t *output_length) +{ + int ret = MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; + + if( ! operation->key_set ) + return( PSA_ERROR_BAD_STATE ); + if( ! operation->iv_set ) + return( PSA_ERROR_BAD_STATE ); + + ret = mbedtls_cipher_finish( &operation->ctx.cipher, output, + output_length ); + if (ret != 0) + { + psa_cipher_abort( operation ); + return( mbedtls_to_psa_error( ret ) ); + } + + return ( PSA_SUCCESS ); +} + +psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation) +{ + mbedtls_cipher_free( &operation->ctx.cipher ); + + operation->alg = 0; + operation->key_set = 0; + operation->iv_set = 0; + operation->block_size = 0; + operation->iv_size = 0; + + return ( PSA_SUCCESS ); +} + /****************************************************************/ /* Key Policy */