lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-08-08 17:42:09 +03:00
Code Activity

Merge pull request #4182 from gabor-mezei-arm/3258_implement_one-shot_MAC_and_cipher

Browse Source 
[Backport 2.x] Implement one-shot cipher
This commit is contained in:
Dave Rodgman
2021-06-30 17:04:11 +01:00
committed by GitHub
parent af9b4841fb e4be8a3bea
commit ba940cc695
12 changed files with 1448 additions and 732 deletions
Download Patch File Download Diff File Expand all files Collapse all files

103
library/psa_crypto.c
View File

@@ -3319,14 +3319,12 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation,
goto exit;
}
/* The requested algorithm must be one that can be processed by cipher. */
if( ! PSA_ALG_IS_CIPHER( alg ) )
{
status = PSA_ERROR_INVALID_ARGUMENT;
goto exit;
}
/* Fetch key material from key storage. */
status = psa_get_and_lock_key_slot_with_policy( key, &slot, usage, alg );
if( status != PSA_SUCCESS )
goto exit;
@@ -3556,6 +3554,107 @@ psa_status_t psa_cipher_abort( psa_cipher_operation_t *operation )
return( PSA_SUCCESS );
}
psa_status_t psa_cipher_encrypt( mbedtls_svc_key_id_t key,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
uint8_t *output,
size_t output_size,
size_t *output_length )
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot;
psa_key_type_t key_type;
size_t iv_length;
*output_length = 0;
if( ! PSA_ALG_IS_CIPHER( alg ) )
return( PSA_ERROR_INVALID_ARGUMENT );
status = psa_get_and_lock_key_slot_with_policy( key, &slot,
PSA_KEY_USAGE_ENCRYPT,
alg );
if( status != PSA_SUCCESS )
return( status );
psa_key_attributes_t attributes = {
.core = slot->attr
};
key_type = slot->attr.type;
iv_length = PSA_CIPHER_IV_LENGTH( key_type, alg );
if( iv_length > 0 )
{
if( output_size < iv_length )
{
status = PSA_ERROR_BUFFER_TOO_SMALL;
goto exit;
}
status = psa_generate_random( output, iv_length );
if( status != PSA_SUCCESS )
goto exit;
}
status = psa_driver_wrapper_cipher_encrypt(
&attributes, slot->key.data, slot->key.bytes,
alg, input, input_length,
output, output_size, output_length );
exit:
unlock_status = psa_unlock_key_slot( slot );
return( ( status == PSA_SUCCESS ) ? unlock_status : status );
}
psa_status_t psa_cipher_decrypt( mbedtls_svc_key_id_t key,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
uint8_t *output,
size_t output_size,
size_t *output_length )
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot;
*output_length = 0;
if( ! PSA_ALG_IS_CIPHER( alg ) )
return( PSA_ERROR_INVALID_ARGUMENT );
status = psa_get_and_lock_key_slot_with_policy( key, &slot,
PSA_KEY_USAGE_DECRYPT,
alg );
if( status != PSA_SUCCESS )
return( status );
psa_key_attributes_t attributes = {
.core = slot->attr
};
if( input_length < PSA_CIPHER_IV_LENGTH( slot->attr.type, alg ) )
{
status = PSA_ERROR_INVALID_ARGUMENT;
goto exit;
}
status = psa_driver_wrapper_cipher_decrypt(
&attributes, slot->key.data, slot->key.bytes,
alg, input, input_length,
output, output_size, output_length );
exit:
unlock_status = psa_unlock_key_slot( slot );
return( ( status == PSA_SUCCESS ) ? unlock_status : status );
}
/****************************************************************/
/* AEAD */
/****************************************************************/

195
library/psa_crypto_cipher.c
View File

@@ -163,9 +163,7 @@ static psa_status_t cipher_setup(
(void)key_buffer_size;
/* Proceed with initializing an mbed TLS cipher context if no driver is
* available for the given algorithm & key. */
mbedtls_cipher_init( &operation->cipher );
mbedtls_cipher_init( &operation->ctx.cipher );
operation->alg = alg;
key_bits = attributes->core.bits;
@@ -174,7 +172,7 @@ static psa_status_t cipher_setup(
if( cipher_info == NULL )
return( PSA_ERROR_NOT_SUPPORTED );
ret = mbedtls_cipher_setup( &operation->cipher, cipher_info );
ret = mbedtls_cipher_setup( &operation->ctx.cipher, cipher_info );
if( ret != 0 )
goto exit;
@@ -185,14 +183,14 @@ static psa_status_t cipher_setup(
uint8_t keys[24];
memcpy( keys, key_buffer, 16 );
memcpy( keys + 16, key_buffer, 8 );
ret = mbedtls_cipher_setkey( &operation->cipher,
ret = mbedtls_cipher_setkey( &operation->ctx.cipher,
keys,
192, cipher_operation );
}
else
#endif
{
ret = mbedtls_cipher_setkey( &operation->cipher, key_buffer,
ret = mbedtls_cipher_setkey( &operation->ctx.cipher, key_buffer,
(int) key_bits, cipher_operation );
}
if( ret != 0 )
@@ -203,11 +201,11 @@ static psa_status_t cipher_setup(
switch( alg )
{
case PSA_ALG_CBC_NO_PADDING:
ret = mbedtls_cipher_set_padding_mode( &operation->cipher,
ret = mbedtls_cipher_set_padding_mode( &operation->ctx.cipher,
MBEDTLS_PADDING_NONE );
break;
case PSA_ALG_CBC_PKCS7:
ret = mbedtls_cipher_set_padding_mode( &operation->cipher,
ret = mbedtls_cipher_set_padding_mode( &operation->ctx.cipher,
MBEDTLS_PADDING_PKCS7 );
break;
default:
@@ -256,7 +254,7 @@ static psa_status_t cipher_set_iv( mbedtls_psa_cipher_operation_t *operation,
return( PSA_ERROR_INVALID_ARGUMENT );
return( mbedtls_to_psa_error(
mbedtls_cipher_set_iv( &operation->cipher,
mbedtls_cipher_set_iv( &operation->ctx.cipher,
iv, iv_length ) ) );
}
@@ -365,7 +363,7 @@ static psa_status_t cipher_update( mbedtls_psa_cipher_operation_t *operation,
* the last partial block, if any. You get the data that will be
* output in this call. */
expected_output_size =
( operation->cipher.unprocessed_len + input_length )
( operation->ctx.cipher.unprocessed_len + input_length )
/ operation->block_length * operation->block_length;
}
else
@@ -381,7 +379,7 @@ static psa_status_t cipher_update( mbedtls_psa_cipher_operation_t *operation,
/* mbedtls_cipher_update has an API inconsistency: it will only
* process a single block at a time in ECB mode. Abstract away that
* inconsistency here to match the PSA API behaviour. */
status = psa_cipher_update_ecb( &operation->cipher,
status = psa_cipher_update_ecb( &operation->ctx.cipher,
input,
input_length,
output,
@@ -391,8 +389,11 @@ static psa_status_t cipher_update( mbedtls_psa_cipher_operation_t *operation,
else
{
status = mbedtls_to_psa_error(
mbedtls_cipher_update( &operation->cipher, input,
mbedtls_cipher_update( &operation->ctx.cipher, input,
input_length, output, output_length ) );
if( *output_length > output_size )
return( PSA_ERROR_CORRUPTION_DETECTED );
}
return( status );
@@ -406,7 +407,7 @@ static psa_status_t cipher_finish( mbedtls_psa_cipher_operation_t *operation,
psa_status_t status = PSA_ERROR_GENERIC_ERROR;
uint8_t temp_output_buffer[MBEDTLS_MAX_BLOCK_LENGTH];
if( operation->cipher.unprocessed_len != 0 )
if( operation->ctx.cipher.unprocessed_len != 0 )
{
if( operation->alg == PSA_ALG_ECB_NO_PADDING ||
operation->alg == PSA_ALG_CBC_NO_PADDING )
@@ -417,7 +418,7 @@ static psa_status_t cipher_finish( mbedtls_psa_cipher_operation_t *operation,
}
status = mbedtls_to_psa_error(
mbedtls_cipher_finish( &operation->cipher,
mbedtls_cipher_finish( &operation->ctx.cipher,
temp_output_buffer,
output_length ) );
if( status != PSA_SUCCESS )
@@ -444,10 +445,112 @@ static psa_status_t cipher_abort( mbedtls_psa_cipher_operation_t *operation )
if( ! PSA_ALG_IS_CIPHER( operation->alg ) )
return( PSA_ERROR_BAD_STATE );
mbedtls_cipher_free( &operation->cipher );
mbedtls_cipher_free( &operation->ctx.cipher );
return( PSA_SUCCESS );
}
static psa_status_t cipher_encrypt( const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
uint8_t *output,
size_t output_size,
size_t *output_length )
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
mbedtls_psa_cipher_operation_t operation = MBEDTLS_PSA_CIPHER_OPERATION_INIT;
size_t olength, accumulated_length;
status = cipher_encrypt_setup( &operation, attributes,
key_buffer, key_buffer_size, alg );
if( status != PSA_SUCCESS )
goto exit;
accumulated_length = 0;
if( operation.iv_length > 0 )
{
status = cipher_set_iv( &operation, output, operation.iv_length );
if( status != PSA_SUCCESS )
goto exit;
accumulated_length = operation.iv_length;
}
status = cipher_update( &operation, input, input_length,
output + operation.iv_length,
output_size - operation.iv_length,
&olength );
if( status != PSA_SUCCESS )
goto exit;
accumulated_length += olength;
status = cipher_finish( &operation, output + accumulated_length,
output_size - accumulated_length, &olength );
if( status != PSA_SUCCESS )
goto exit;
*output_length = accumulated_length + olength;
exit:
if( status == PSA_SUCCESS )
status = cipher_abort( &operation );
else
cipher_abort( &operation );
return( status );
}
static psa_status_t cipher_decrypt( const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
uint8_t *output,
size_t output_size,
size_t *output_length )
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
mbedtls_psa_cipher_operation_t operation = MBEDTLS_PSA_CIPHER_OPERATION_INIT;
size_t olength, accumulated_length;
status = cipher_decrypt_setup( &operation, attributes,
key_buffer, key_buffer_size, alg );
if( status != PSA_SUCCESS )
goto exit;
if( operation.iv_length > 0 )
{
status = cipher_set_iv( &operation, input, operation.iv_length );
if( status != PSA_SUCCESS )
goto exit;
}
status = cipher_update( &operation, input + operation.iv_length,
input_length - operation.iv_length,
output, output_size, &olength );
if( status != PSA_SUCCESS )
goto exit;
accumulated_length = olength;
status = cipher_finish( &operation, output + accumulated_length,
output_size - accumulated_length, &olength );
if( status != PSA_SUCCESS )
goto exit;
*output_length = accumulated_length + olength;
exit:
if ( status == PSA_SUCCESS )
status = cipher_abort( &operation );
else
cipher_abort( &operation );
return( status );
}
#endif /* MBEDTLS_PSA_BUILTIN_CIPHER || PSA_CRYPTO_DRIVER_TEST */
#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
@@ -501,6 +604,36 @@ psa_status_t mbedtls_psa_cipher_abort( mbedtls_psa_cipher_operation_t *operation
{
return( cipher_abort( operation ) );
}
psa_status_t mbedtls_psa_cipher_encrypt( const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
uint8_t *output,
size_t output_size,
size_t *output_length )
{
return( cipher_encrypt( attributes, key_buffer, key_buffer_size,
alg, input, input_length,
output, output_size, output_length ) );
}
psa_status_t mbedtls_psa_cipher_decrypt( const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
uint8_t *output,
size_t output_size,
size_t *output_length )
{
return( cipher_decrypt( attributes, key_buffer, key_buffer_size,
alg, input, input_length,
output, output_size, output_length ) );
}
#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
/*
@@ -556,6 +689,38 @@ psa_status_t mbedtls_transparent_test_driver_cipher_abort(
{
return( cipher_abort( operation ) );
}
psa_status_t mbedtls_transparent_test_driver_cipher_encrypt(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
uint8_t *output,
size_t output_size,
size_t *output_length )
{
return( cipher_encrypt( attributes, key_buffer, key_buffer_size,
alg, input, input_length,
output, output_size, output_length ) );
}
psa_status_t mbedtls_transparent_test_driver_cipher_decrypt(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
uint8_t *output,
size_t output_size,
size_t *output_length )
{
return( cipher_decrypt( attributes, key_buffer, key_buffer_size,
alg, input, input_length,
output, output_size, output_length ) );
}
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* MBEDTLS_PSA_CRYPTO_C */

127
library/psa_crypto_cipher.h
View File

@@ -199,6 +199,111 @@ psa_status_t mbedtls_psa_cipher_finish(
*/
psa_status_t mbedtls_psa_cipher_abort( mbedtls_psa_cipher_operation_t *operation );
/** Encrypt a message using a symmetric cipher.
*
* \note The signature of this function is that of a PSA driver
* cipher_encrypt entry point. This function behaves as a
* cipher_encrypt entry point as defined in the PSA driver
* interface specification for transparent drivers.
*
* \param[in] attributes The attributes of the key to use for the
* operation.
* \param[in] key_buffer The buffer containing the key context.
* \param[in] key_buffer_size Size of the \p key_buffer buffer in bytes.
* \param[in] alg The cipher algorithm to compute
* (\c PSA_ALG_XXX value such that
* #PSA_ALG_IS_CIPHER(\p alg) is true).
* \param[in] input Buffer containing the message to encrypt.
* \param[in] input_length Size of the \p input buffer in bytes.
* \param[in,out] output Buffer where the output is to be written.
* The core has generated and written the IV
* at the beginning of this buffer before
* this function is called. The size of the IV
* is PSA_CIPHER_IV_LENGTH( key_type, alg ) where
* \c key_type is the type of the key identified
* by \p key and \p alg is the cipher algorithm
* to compute.
* \param[in] output_size Size of the \p output buffer in bytes.
* \param[out] output_length On success, the number of bytes that make up
* the returned output. Initialized to zero
* by the core.
*
* \retval #PSA_SUCCESS
* \retval #PSA_ERROR_NOT_SUPPORTED
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p output buffer is too small.
* \retval #PSA_ERROR_INVALID_ARGUMENT
* The size of \p iv is not acceptable for the chosen algorithm,
* or the chosen algorithm does not use an IV.
* The total input size passed to this operation is not valid for
* this particular algorithm. For example, the algorithm is a based
* on block cipher and requires a whole number of blocks, but the
* total input size is not a multiple of the block size.
* \retval #PSA_ERROR_INVALID_PADDING
* This is a decryption operation for an algorithm that includes
* padding, and the ciphertext does not contain valid padding.
*/
psa_status_t mbedtls_psa_cipher_encrypt( const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
uint8_t *output,
size_t output_size,
size_t *output_length );
/** Decrypt a message using a symmetric cipher.
*
* \note The signature of this function is that of a PSA driver
* cipher_decrypt entry point. This function behaves as a
* cipher_decrypt entry point as defined in the PSA driver
* interface specification for transparent drivers.
*
* \param[in] attributes The attributes of the key to use for the
* operation.
* \param[in] key_buffer The buffer containing the key context.
* \param[in] key_buffer_size Size of the \p key_buffer buffer in bytes.
* \param[in] alg The cipher algorithm to compute
* (\c PSA_ALG_XXX value such that
* #PSA_ALG_IS_CIPHER(\p alg) is true).
* \param[in] input Buffer containing the iv and the ciphertext.
* \param[in] input_length Size of the \p input buffer in bytes.
* \param[out] output Buffer where the output is to be written.
* \param[in] output_size Size of the \p output buffer in bytes.
* \param[out] output_length On success, the number of bytes that make up
* the returned output. Initialized to zero
* by the core.
*
* \retval #PSA_SUCCESS
* \retval #PSA_ERROR_NOT_SUPPORTED
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p output buffer is too small.
* \retval #PSA_ERROR_INVALID_ARGUMENT
* The size of \p iv is not acceptable for the chosen algorithm,
* or the chosen algorithm does not use an IV.
* The total input size passed to this operation is not valid for
* this particular algorithm. For example, the algorithm is a based
* on block cipher and requires a whole number of blocks, but the
* total input size is not a multiple of the block size.
* \retval #PSA_ERROR_INVALID_PADDING
* This is a decryption operation for an algorithm that includes
* padding, and the ciphertext does not contain valid padding.
*/
psa_status_t mbedtls_psa_cipher_decrypt( const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
uint8_t *output,
size_t output_size,
size_t *output_length );
/*
* BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY.
*/
@@ -231,6 +336,28 @@ psa_status_t mbedtls_transparent_test_driver_cipher_finish(
psa_status_t mbedtls_transparent_test_driver_cipher_abort(
mbedtls_psa_cipher_operation_t *operation );
psa_status_t mbedtls_transparent_test_driver_cipher_encrypt(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
uint8_t *output,
size_t output_size,
size_t *output_length );
psa_status_t mbedtls_transparent_test_driver_cipher_decrypt(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
uint8_t *output,
size_t output_size,
size_t *output_length );
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_CIPHER_H */

134
library/psa_crypto_driver_wrappers.c
View File

@@ -736,7 +736,9 @@ psa_status_t psa_driver_wrapper_get_builtin_key(
* Cipher functions
*/
psa_status_t psa_driver_wrapper_cipher_encrypt(
psa_key_slot_t *slot,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
@@ -744,22 +746,20 @@ psa_status_t psa_driver_wrapper_cipher_encrypt(
size_t output_size,
size_t *output_length )
{
#if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime);
psa_key_attributes_t attributes = {
.core = slot->attr
};
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_location_t location =
PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
switch( location )
{
case PSA_KEY_LOCATION_LOCAL_STORAGE:
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
status = mbedtls_test_transparent_cipher_encrypt( &attributes,
slot->key.data,
slot->key.bytes,
status = mbedtls_test_transparent_cipher_encrypt( attributes,
key_buffer,
key_buffer_size,
alg,
input,
input_length,
@@ -770,14 +770,29 @@ psa_status_t psa_driver_wrapper_cipher_encrypt(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
/* Fell through, meaning no accelerator supports this operation */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
return( mbedtls_psa_cipher_encrypt( attributes,
key_buffer,
key_buffer_size,
alg,
input,
input_length,
output,
output_size,
output_length ) );
#else
return( PSA_ERROR_NOT_SUPPORTED );
#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
/* Add cases for opaque driver here */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TEST_DRIVER_LOCATION:
return( mbedtls_test_opaque_cipher_encrypt( &attributes,
slot->key.data,
slot->key.bytes,
return( mbedtls_test_opaque_cipher_encrypt( attributes,
key_buffer,
key_buffer_size,
alg,
input,
input_length,
@@ -785,25 +800,27 @@ psa_status_t psa_driver_wrapper_cipher_encrypt(
output_size,
output_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
default:
/* Key is declared with a lifetime not known to us */
return( status );
(void)status;
(void)key_buffer;
(void)key_buffer_size;
(void)alg;
(void)input;
(void)input_length;
(void)output;
(void)output_size;
(void)output_length;
return( PSA_ERROR_INVALID_ARGUMENT );
}
#else /* PSA_CRYPTO_DRIVER_PRESENT */
(void) slot;
(void) alg;
(void) input;
(void) input_length;
(void) output;
(void) output_size;
(void) output_length;
return( PSA_ERROR_NOT_SUPPORTED );
#endif /* PSA_CRYPTO_DRIVER_PRESENT */
}
psa_status_t psa_driver_wrapper_cipher_decrypt(
psa_key_slot_t *slot,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
@@ -811,22 +828,20 @@ psa_status_t psa_driver_wrapper_cipher_decrypt(
size_t output_size,
size_t *output_length )
{
#if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime);
psa_key_attributes_t attributes = {
.core = slot->attr
};
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_location_t location =
PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
switch( location )
{
case PSA_KEY_LOCATION_LOCAL_STORAGE:
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
status = mbedtls_test_transparent_cipher_decrypt( &attributes,
slot->key.data,
slot->key.bytes,
status = mbedtls_test_transparent_cipher_decrypt( attributes,
key_buffer,
key_buffer_size,
alg,
input,
input_length,
@@ -837,14 +852,29 @@ psa_status_t psa_driver_wrapper_cipher_decrypt(
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
/* Fell through, meaning no accelerator supports this operation */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
return( mbedtls_psa_cipher_decrypt( attributes,
key_buffer,
key_buffer_size,
alg,
input,
input_length,
output,
output_size,
output_length ) );
#else
return( PSA_ERROR_NOT_SUPPORTED );
#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
/* Add cases for opaque driver here */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TEST_DRIVER_LOCATION:
return( mbedtls_test_opaque_cipher_decrypt( &attributes,
slot->key.data,
slot->key.bytes,
return( mbedtls_test_opaque_cipher_decrypt( attributes,
key_buffer,
key_buffer_size,
alg,
input,
input_length,
@@ -852,21 +882,21 @@ psa_status_t psa_driver_wrapper_cipher_decrypt(
output_size,
output_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
default:
/* Key is declared with a lifetime not known to us */
return( status );
(void)status;
(void)key_buffer;
(void)key_buffer_size;
(void)alg;
(void)input;
(void)input_length;
(void)output;
(void)output_size;
(void)output_length;
return( PSA_ERROR_INVALID_ARGUMENT );
}
#else /* PSA_CRYPTO_DRIVER_PRESENT */
(void) slot;
(void) alg;
(void) input;
(void) input_length;
(void) output;
(void) output_size;
(void) output_length;
return( PSA_ERROR_NOT_SUPPORTED );
#endif /* PSA_CRYPTO_DRIVER_PRESENT */
}
psa_status_t psa_driver_wrapper_cipher_encrypt_setup(

8
library/psa_crypto_driver_wrappers.h
View File

@@ -98,7 +98,9 @@ psa_status_t psa_driver_wrapper_get_builtin_key(
* Cipher functions
*/
psa_status_t psa_driver_wrapper_cipher_encrypt(
psa_key_slot_t *slot,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
@@ -107,7 +109,9 @@ psa_status_t psa_driver_wrapper_cipher_encrypt(
size_t *output_length );
psa_status_t psa_driver_wrapper_cipher_decrypt(
psa_key_slot_t *slot,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,