psa: Add mbedtls_psa_cipher_xyz() APIs

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron 2020-10-01 14:10:20 +02:00
parent 0b80559827
commit 6d05173359
3 changed files with 371 additions and 190 deletions

View file

@ -3476,8 +3476,7 @@ psa_status_t psa_cipher_generate_iv( psa_cipher_operation_t *operation,
size_t iv_size, size_t iv_size,
size_t *iv_length ) size_t *iv_length )
{ {
psa_status_t status; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
if( operation->alg == 0 ) if( operation->alg == 0 )
{ {
@ -3495,30 +3494,20 @@ psa_status_t psa_cipher_generate_iv( psa_cipher_operation_t *operation,
iv, iv,
iv_size, iv_size,
iv_length ); iv_length );
goto exit;
} }
else
if( iv_size < operation->iv_size )
{ {
status = PSA_ERROR_BUFFER_TOO_SMALL; status = mbedtls_psa_cipher_generate_iv( operation,
goto exit; iv,
} iv_size,
ret = mbedtls_psa_get_random( MBEDTLS_PSA_RANDOM_STATE, iv_length );
iv, operation->iv_size );
if( ret != 0 )
{
status = mbedtls_to_psa_error( ret );
goto exit;
} }
*iv_length = operation->iv_size;
status = psa_cipher_set_iv( operation, iv, *iv_length );
exit:
if( status == PSA_SUCCESS ) if( status == PSA_SUCCESS )
operation->iv_set = 1; operation->iv_set = 1;
else else
psa_cipher_abort( operation ); psa_cipher_abort( operation );
return( status ); return( status );
} }
@ -3526,8 +3515,7 @@ psa_status_t psa_cipher_set_iv( psa_cipher_operation_t *operation,
const uint8_t *iv, const uint8_t *iv,
size_t iv_length ) size_t iv_length )
{ {
psa_status_t status; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
if( operation->alg == 0 ) if( operation->alg == 0 )
{ {
@ -3544,17 +3532,12 @@ psa_status_t psa_cipher_set_iv( psa_cipher_operation_t *operation,
status = psa_driver_wrapper_cipher_set_iv( &operation->ctx.driver, status = psa_driver_wrapper_cipher_set_iv( &operation->ctx.driver,
iv, iv,
iv_length ); iv_length );
goto exit; }
else
{
status = mbedtls_psa_cipher_set_iv( operation, iv, iv_length );
} }
if( iv_length != operation->iv_size )
{
status = PSA_ERROR_INVALID_ARGUMENT;
goto exit;
}
ret = mbedtls_cipher_set_iv( &operation->ctx.cipher, iv, iv_length );
status = mbedtls_to_psa_error( ret );
exit:
if( status == PSA_SUCCESS ) if( status == PSA_SUCCESS )
operation->iv_set = 1; operation->iv_set = 1;
else else
@ -3562,94 +3545,6 @@ exit:
return( status ); return( status );
} }
/* Process input for which the algorithm is set to ECB mode. This requires
* manual processing, since the PSA API is defined as being able to process
* arbitrary-length calls to psa_cipher_update() with ECB mode, but the
* underlying mbedtls_cipher_update only takes full blocks. */
static psa_status_t psa_cipher_update_ecb_internal(
mbedtls_cipher_context_t *ctx,
const uint8_t *input,
size_t input_length,
uint8_t *output,
size_t output_size,
size_t *output_length )
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
size_t block_size = ctx->cipher_info->block_size;
size_t internal_output_length = 0;
*output_length = 0;
if( input_length == 0 )
{
status = PSA_SUCCESS;
goto exit;
}
if( ctx->unprocessed_len > 0 )
{
/* Fill up to block size, and run the block if there's a full one. */
size_t bytes_to_copy = block_size - ctx->unprocessed_len;
if( input_length < bytes_to_copy )
bytes_to_copy = input_length;
memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ),
input, bytes_to_copy );
input_length -= bytes_to_copy;
input += bytes_to_copy;
ctx->unprocessed_len += bytes_to_copy;
if( ctx->unprocessed_len == block_size )
{
status = mbedtls_to_psa_error(
mbedtls_cipher_update( ctx,
ctx->unprocessed_data,
block_size,
output, &internal_output_length ) );
if( status != PSA_SUCCESS )
goto exit;
output += internal_output_length;
output_size -= internal_output_length;
*output_length += internal_output_length;
ctx->unprocessed_len = 0;
}
}
while( input_length >= block_size )
{
/* Run all full blocks we have, one by one */
status = mbedtls_to_psa_error(
mbedtls_cipher_update( ctx, input,
block_size,
output, &internal_output_length ) );
if( status != PSA_SUCCESS )
goto exit;
input_length -= block_size;
input += block_size;
output += internal_output_length;
output_size -= internal_output_length;
*output_length += internal_output_length;
}
if( input_length > 0 )
{
/* Save unprocessed bytes for later processing */
memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ),
input, input_length );
ctx->unprocessed_len += input_length;
}
status = PSA_SUCCESS;
exit:
return( status );
}
psa_status_t psa_cipher_update( psa_cipher_operation_t *operation, psa_status_t psa_cipher_update( psa_cipher_operation_t *operation,
const uint8_t *input, const uint8_t *input,
size_t input_length, size_t input_length,
@ -3658,7 +3553,7 @@ psa_status_t psa_cipher_update( psa_cipher_operation_t *operation,
size_t *output_length ) size_t *output_length )
{ {
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
size_t expected_output_size;
if( operation->alg == 0 ) if( operation->alg == 0 )
{ {
return( PSA_ERROR_BAD_STATE ); return( PSA_ERROR_BAD_STATE );
@ -3676,51 +3571,20 @@ psa_status_t psa_cipher_update( psa_cipher_operation_t *operation,
output, output,
output_size, output_size,
output_length ); output_length );
goto exit;
}
if( ! PSA_ALG_IS_STREAM_CIPHER( operation->alg ) )
{
/* Take the unprocessed partial block left over from previous
* update calls, if any, plus the input to this call. Remove
* the last partial block, if any. You get the data that will be
* output in this call. */
expected_output_size =
( operation->ctx.cipher.unprocessed_len + input_length )
/ operation->block_size * operation->block_size;
} }
else else
{ {
expected_output_size = input_length; status = mbedtls_psa_cipher_update( operation,
input,
input_length,
output,
output_size,
output_length );
} }
if( output_size < expected_output_size )
{
status = PSA_ERROR_BUFFER_TOO_SMALL;
goto exit;
}
if( operation->alg == PSA_ALG_ECB_NO_PADDING )
{
/* mbedtls_cipher_update has an API inconsistency: it will only
* process a single block at a time in ECB mode. Abstract away that
* inconsistency here to match the PSA API behaviour. */
status = psa_cipher_update_ecb_internal( &operation->ctx.cipher,
input,
input_length,
output,
output_size,
output_length );
}
else
{
status = mbedtls_to_psa_error(
mbedtls_cipher_update( &operation->ctx.cipher, input,
input_length, output, output_length ) );
}
exit:
if( status != PSA_SUCCESS ) if( status != PSA_SUCCESS )
psa_cipher_abort( operation ); psa_cipher_abort( operation );
return( status ); return( status );
} }
@ -3730,7 +3594,7 @@ psa_status_t psa_cipher_finish( psa_cipher_operation_t *operation,
size_t *output_length ) size_t *output_length )
{ {
psa_status_t status = PSA_ERROR_GENERIC_ERROR; psa_status_t status = PSA_ERROR_GENERIC_ERROR;
uint8_t temp_output_buffer[MBEDTLS_MAX_BLOCK_LENGTH];
if( operation->alg == 0 ) if( operation->alg == 0 )
{ {
return( PSA_ERROR_BAD_STATE ); return( PSA_ERROR_BAD_STATE );
@ -3746,36 +3610,14 @@ psa_status_t psa_cipher_finish( psa_cipher_operation_t *operation,
output, output,
output_size, output_size,
output_length ); output_length );
goto exit;
} }
if( operation->ctx.cipher.unprocessed_len != 0 )
{
if( operation->alg == PSA_ALG_ECB_NO_PADDING ||
operation->alg == PSA_ALG_CBC_NO_PADDING )
{
status = PSA_ERROR_INVALID_ARGUMENT;
goto exit;
}
}
status = mbedtls_to_psa_error(
mbedtls_cipher_finish( &operation->ctx.cipher,
temp_output_buffer,
output_length ) );
if( status != PSA_SUCCESS )
goto exit;
if( *output_length == 0 )
; /* Nothing to copy. Note that output may be NULL in this case. */
else if( output_size >= *output_length )
memcpy( output, temp_output_buffer, *output_length );
else else
status = PSA_ERROR_BUFFER_TOO_SMALL; {
status = mbedtls_psa_cipher_finish( operation,
exit: output,
if( operation->mbedtls_in_use == 1 ) output_size,
mbedtls_platform_zeroize( temp_output_buffer, sizeof( temp_output_buffer ) ); output_length );
}
if( status == PSA_SUCCESS ) if( status == PSA_SUCCESS )
return( psa_cipher_abort( operation ) ); return( psa_cipher_abort( operation ) );
@ -3806,7 +3648,7 @@ psa_status_t psa_cipher_abort( psa_cipher_operation_t *operation )
if( operation->mbedtls_in_use == 0 ) if( operation->mbedtls_in_use == 0 )
psa_driver_wrapper_cipher_abort( &operation->ctx.driver ); psa_driver_wrapper_cipher_abort( &operation->ctx.driver );
else else
mbedtls_cipher_free( &operation->ctx.cipher ); mbedtls_psa_cipher_abort( operation );
operation->alg = 0; operation->alg = 0;
operation->key_set = 0; operation->key_set = 0;
@ -3819,9 +3661,6 @@ psa_status_t psa_cipher_abort( psa_cipher_operation_t *operation )
return( PSA_SUCCESS ); return( PSA_SUCCESS );
} }
/****************************************************************/ /****************************************************************/
/* AEAD */ /* AEAD */
/****************************************************************/ /****************************************************************/

View file

@ -24,7 +24,10 @@
#include <psa_crypto_cipher.h> #include <psa_crypto_cipher.h>
#include "psa_crypto_core.h" #include "psa_crypto_core.h"
#include "psa_crypto_random_impl.h"
#include "mbedtls/cipher.h" #include "mbedtls/cipher.h"
#include "mbedtls/error.h"
#include <string.h> #include <string.h>
@ -143,4 +146,220 @@ psa_status_t mbedtls_psa_cipher_decrypt_setup(
key_buffer, key_buffer_size, key_buffer, key_buffer_size,
alg, MBEDTLS_DECRYPT ) ); alg, MBEDTLS_DECRYPT ) );
} }
psa_status_t mbedtls_psa_cipher_generate_iv(
psa_cipher_operation_t *operation,
uint8_t *iv, size_t iv_size, size_t *iv_length )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
if( iv_size < operation->iv_size )
return( PSA_ERROR_BUFFER_TOO_SMALL );
ret = mbedtls_psa_get_random( MBEDTLS_PSA_RANDOM_STATE,
iv, operation->iv_size );
if( ret != 0 )
return( mbedtls_to_psa_error( ret ) );
*iv_length = operation->iv_size;
return( mbedtls_psa_cipher_set_iv( operation, iv, *iv_length ) );
}
psa_status_t mbedtls_psa_cipher_set_iv( psa_cipher_operation_t *operation,
const uint8_t *iv,
size_t iv_length )
{
if( iv_length != operation->iv_size )
return( PSA_ERROR_INVALID_ARGUMENT );
return( mbedtls_to_psa_error(
mbedtls_cipher_set_iv( &operation->ctx.cipher,
iv, iv_length ) ) );
}
/* Process input for which the algorithm is set to ECB mode. This requires
* manual processing, since the PSA API is defined as being able to process
* arbitrary-length calls to psa_cipher_update() with ECB mode, but the
* underlying mbedtls_cipher_update only takes full blocks. */
static psa_status_t psa_cipher_update_ecb(
mbedtls_cipher_context_t *ctx,
const uint8_t *input,
size_t input_length,
uint8_t *output,
size_t output_size,
size_t *output_length )
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
size_t block_size = ctx->cipher_info->block_size;
size_t internal_output_length = 0;
*output_length = 0;
if( input_length == 0 )
{
status = PSA_SUCCESS;
goto exit;
}
if( ctx->unprocessed_len > 0 )
{
/* Fill up to block size, and run the block if there's a full one. */
size_t bytes_to_copy = block_size - ctx->unprocessed_len;
if( input_length < bytes_to_copy )
bytes_to_copy = input_length;
memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ),
input, bytes_to_copy );
input_length -= bytes_to_copy;
input += bytes_to_copy;
ctx->unprocessed_len += bytes_to_copy;
if( ctx->unprocessed_len == block_size )
{
status = mbedtls_to_psa_error(
mbedtls_cipher_update( ctx,
ctx->unprocessed_data,
block_size,
output, &internal_output_length ) );
if( status != PSA_SUCCESS )
goto exit;
output += internal_output_length;
output_size -= internal_output_length;
*output_length += internal_output_length;
ctx->unprocessed_len = 0;
}
}
while( input_length >= block_size )
{
/* Run all full blocks we have, one by one */
status = mbedtls_to_psa_error(
mbedtls_cipher_update( ctx, input,
block_size,
output, &internal_output_length ) );
if( status != PSA_SUCCESS )
goto exit;
input_length -= block_size;
input += block_size;
output += internal_output_length;
output_size -= internal_output_length;
*output_length += internal_output_length;
}
if( input_length > 0 )
{
/* Save unprocessed bytes for later processing */
memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ),
input, input_length );
ctx->unprocessed_len += input_length;
}
status = PSA_SUCCESS;
exit:
return( status );
}
psa_status_t mbedtls_psa_cipher_update( psa_cipher_operation_t *operation,
const uint8_t *input,
size_t input_length,
uint8_t *output,
size_t output_size,
size_t *output_length )
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
size_t expected_output_size;
if( ! PSA_ALG_IS_STREAM_CIPHER( operation->alg ) )
{
/* Take the unprocessed partial block left over from previous
* update calls, if any, plus the input to this call. Remove
* the last partial block, if any. You get the data that will be
* output in this call. */
expected_output_size =
( operation->ctx.cipher.unprocessed_len + input_length )
/ operation->block_size * operation->block_size;
}
else
{
expected_output_size = input_length;
}
if( output_size < expected_output_size )
return( PSA_ERROR_BUFFER_TOO_SMALL );
if( operation->alg == PSA_ALG_ECB_NO_PADDING )
{
/* mbedtls_cipher_update has an API inconsistency: it will only
* process a single block at a time in ECB mode. Abstract away that
* inconsistency here to match the PSA API behaviour. */
status = psa_cipher_update_ecb( &operation->ctx.cipher,
input,
input_length,
output,
output_size,
output_length );
}
else
{
status = mbedtls_to_psa_error(
mbedtls_cipher_update( &operation->ctx.cipher, input,
input_length, output, output_length ) );
}
return( status );
}
psa_status_t mbedtls_psa_cipher_finish( psa_cipher_operation_t *operation,
uint8_t *output,
size_t output_size,
size_t *output_length )
{
psa_status_t status = PSA_ERROR_GENERIC_ERROR;
uint8_t temp_output_buffer[MBEDTLS_MAX_BLOCK_LENGTH];
if( operation->ctx.cipher.unprocessed_len != 0 )
{
if( operation->alg == PSA_ALG_ECB_NO_PADDING ||
operation->alg == PSA_ALG_CBC_NO_PADDING )
{
status = PSA_ERROR_INVALID_ARGUMENT;
goto exit;
}
}
status = mbedtls_to_psa_error(
mbedtls_cipher_finish( &operation->ctx.cipher,
temp_output_buffer,
output_length ) );
if( status != PSA_SUCCESS )
goto exit;
if( *output_length == 0 )
; /* Nothing to copy. Note that output may be NULL in this case. */
else if( output_size >= *output_length )
memcpy( output, temp_output_buffer, *output_length );
else
status = PSA_ERROR_BUFFER_TOO_SMALL;
exit:
mbedtls_platform_zeroize( temp_output_buffer,
sizeof( temp_output_buffer ) );
return( status );
}
psa_status_t mbedtls_psa_cipher_abort( psa_cipher_operation_t *operation )
{
mbedtls_cipher_free( &operation->ctx.cipher );
return( PSA_SUCCESS );
}
#endif /* MBEDTLS_PSA_CRYPTO_C */ #endif /* MBEDTLS_PSA_CRYPTO_C */

View file

@ -83,4 +83,127 @@ psa_status_t mbedtls_psa_cipher_decrypt_setup(
const uint8_t *key_buffer, size_t key_buffer_size, const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg ); psa_algorithm_t alg );
/** Generate an IV for a symmetric encryption operation.
*
* This function generates a random IV (initialization vector), nonce
* or initial counter value for the encryption operation as appropriate
* for the chosen algorithm, key type and key size.
*
* \note The signature of this function is that of a PSA driver
* cipher_generate_iv entry point. This function behaves as a
* cipher_generate_iv entry point as defined in the PSA driver
* interface specification for transparent drivers.
*
* \param[in,out] operation Active cipher operation.
* \param[out] iv Buffer where the generated IV is to be written.
* \param[in] iv_size Size of the \p iv buffer in bytes.
* \param[out] iv_length On success, the number of bytes of the
* generated IV.
*
* \retval #PSA_SUCCESS
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p iv buffer is too small.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
*/
psa_status_t mbedtls_psa_cipher_generate_iv(
psa_cipher_operation_t *operation,
uint8_t *iv, size_t iv_size, size_t *iv_length );
/** Set the IV for a symmetric encryption or decryption operation.
*
* This function sets the IV (initialization vector), nonce
* or initial counter value for the encryption or decryption operation.
*
* \note The signature of this function is that of a PSA driver
* cipher_set_iv entry point. This function behaves as a
* cipher_set_iv entry point as defined in the PSA driver
* interface specification for transparent drivers.
*
* \param[in,out] operation Active cipher operation.
* \param[in] iv Buffer containing the IV to use.
* \param[in] iv_length Size of the IV in bytes.
*
* \retval #PSA_SUCCESS
* \retval #PSA_ERROR_INVALID_ARGUMENT
* The size of \p iv is not acceptable for the chosen algorithm,
* or the chosen algorithm does not use an IV.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
*/
psa_status_t mbedtls_psa_cipher_set_iv(
psa_cipher_operation_t *operation,
const uint8_t *iv, size_t iv_length );
/** Encrypt or decrypt a message fragment in an active cipher operation.
*
* \note The signature of this function is that of a PSA driver
* cipher_update entry point. This function behaves as a
* cipher_update entry point as defined in the PSA driver
* interface specification for transparent drivers.
*
* \param[in,out] operation Active cipher operation.
* \param[in] input Buffer containing the message fragment to
* encrypt or decrypt.
* \param[in] input_length Size of the \p input buffer in bytes.
* \param[out] output Buffer where the output is to be written.
* \param[in] output_size Size of the \p output buffer in bytes.
* \param[out] output_length On success, the number of bytes
* that make up the returned output.
*
* \retval #PSA_SUCCESS
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p output buffer is too small.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
*/
psa_status_t mbedtls_psa_cipher_update(
psa_cipher_operation_t *operation,
const uint8_t *input, size_t input_length,
uint8_t *output, size_t output_size, size_t *output_length );
/** Finish encrypting or decrypting a message in a cipher operation.
*
* \note The signature of this function is that of a PSA driver
* cipher_finish entry point. This function behaves as a
* cipher_finish entry point as defined in the PSA driver
* interface specification for transparent drivers.
*
* \param[in,out] operation Active cipher operation.
* \param[out] output Buffer where the output is to be written.
* \param[in] output_size Size of the \p output buffer in bytes.
* \param[out] output_length On success, the number of bytes
* that make up the returned output.
*
* \retval #PSA_SUCCESS
* \retval #PSA_ERROR_INVALID_ARGUMENT
* The total input size passed to this operation is not valid for
* this particular algorithm. For example, the algorithm is a based
* on block cipher and requires a whole number of blocks, but the
* total input size is not a multiple of the block size.
* \retval #PSA_ERROR_INVALID_PADDING
* This is a decryption operation for an algorithm that includes
* padding, and the ciphertext does not contain valid padding.
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p output buffer is too small.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
*/
psa_status_t mbedtls_psa_cipher_finish(
psa_cipher_operation_t *operation,
uint8_t *output, size_t output_size, size_t *output_length );
/** Abort a cipher operation.
*
* Aborting an operation frees all associated resources except for the
* \p operation structure itself. Once aborted, the operation object
* can be reused for another operation.
*
* \note The signature of this function is that of a PSA driver
* cipher_abort entry point. This function behaves as a
* cipher_abort entry point as defined in the PSA driver
* interface specification for transparent drivers.
*
* \param[in,out] operation Initialized cipher operation.
*
* \retval #PSA_SUCCESS
*/
psa_status_t mbedtls_psa_cipher_abort( psa_cipher_operation_t *operation );
#endif /* PSA_CRYPTO_CIPHER_H */ #endif /* PSA_CRYPTO_CIPHER_H */