mirror of
				https://github.com/Mbed-TLS/mbedtls.git
				synced 2025-10-24 13:32:59 +03:00 
			
		
		
		
	Make it possible to enable CTR_DRBG/PSA without a PSA AES driver
Make it possible, but not officially supported, to switch the CTR_DRBG module to PSA mode even if MBEDTLS_AES_C is defined. This is not really useful in practice, but is convenient to test the PSA mode without setting up drivers. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
		| @@ -16,6 +16,8 @@ | |||||||
| #include <psa/crypto.h> | #include <psa/crypto.h> | ||||||
| #endif | #endif | ||||||
|  |  | ||||||
|  | #include <mbedtls/ctr_drbg.h> | ||||||
|  |  | ||||||
| #if defined(MBEDTLS_PSA_CRYPTO_C) | #if defined(MBEDTLS_PSA_CRYPTO_C) | ||||||
| /** Initialize the PSA Crypto subsystem. */ | /** Initialize the PSA Crypto subsystem. */ | ||||||
| #define PSA_INIT() PSA_ASSERT(psa_crypto_init()) | #define PSA_INIT() PSA_ASSERT(psa_crypto_init()) | ||||||
| @@ -432,12 +434,12 @@ uint64_t mbedtls_test_parse_binary_string(data_t *bin_string); | |||||||
|  * This is like #PSA_DONE except it does nothing under the same conditions as |  * This is like #PSA_DONE except it does nothing under the same conditions as | ||||||
|  * #AES_PSA_INIT. |  * #AES_PSA_INIT. | ||||||
|  */ |  */ | ||||||
| #if defined(MBEDTLS_AES_C) | #if !defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) | ||||||
| #define AES_PSA_INIT() ((void) 0) | #define AES_PSA_INIT() ((void) 0) | ||||||
| #define AES_PSA_DONE() ((void) 0) | #define AES_PSA_DONE() ((void) 0) | ||||||
| #else /* MBEDTLS_AES_C */ | #else /* MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO */ | ||||||
| #define AES_PSA_INIT()   PSA_INIT() | #define AES_PSA_INIT()   PSA_INIT() | ||||||
| #define AES_PSA_DONE()   PSA_DONE() | #define AES_PSA_DONE()   PSA_DONE() | ||||||
| #endif /* MBEDTLS_AES_C */ | #endif /* MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO */ | ||||||
|  |  | ||||||
| #endif /* PSA_CRYPTO_HELPERS_H */ | #endif /* PSA_CRYPTO_HELPERS_H */ | ||||||
|   | |||||||
| @@ -13,6 +13,10 @@ | |||||||
| #include <psa_crypto_slot_management.h> | #include <psa_crypto_slot_management.h> | ||||||
| #include <test/psa_crypto_helpers.h> | #include <test/psa_crypto_helpers.h> | ||||||
|  |  | ||||||
|  | #if defined(MBEDTLS_CTR_DRBG_C) | ||||||
|  | #include <mbedtls/ctr_drbg.h> | ||||||
|  | #endif | ||||||
|  |  | ||||||
| #if defined(MBEDTLS_PSA_CRYPTO_C) | #if defined(MBEDTLS_PSA_CRYPTO_C) | ||||||
|  |  | ||||||
| #include <psa/crypto.h> | #include <psa/crypto.h> | ||||||
| @@ -70,8 +74,9 @@ const char *mbedtls_test_helper_is_psa_leaking(void) | |||||||
|  |  | ||||||
|     mbedtls_psa_get_stats(&stats); |     mbedtls_psa_get_stats(&stats); | ||||||
|  |  | ||||||
| #if defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_AES_C) && \ | #if !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) &&                        \ | ||||||
|     !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) |     defined(MBEDTLS_CTR_DRBG_C) &&                                      \ | ||||||
|  |     defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) | ||||||
|     /* When AES_C is not defined and PSA does not have an external RNG, |     /* When AES_C is not defined and PSA does not have an external RNG, | ||||||
|      * then CTR_DRBG uses PSA to perform AES-ECB. In this scenario 1 key |      * then CTR_DRBG uses PSA to perform AES-ECB. In this scenario 1 key | ||||||
|      * slot is used internally from PSA to hold the AES key and it should |      * slot is used internally from PSA to hold the AES key and it should | ||||||
|   | |||||||
| @@ -32,9 +32,24 @@ | |||||||
|  |  | ||||||
| #include "mbedtls/build_info.h" | #include "mbedtls/build_info.h" | ||||||
|  |  | ||||||
| /* In case AES_C is defined then it is the primary option for backward | /* The CTR_DRBG implementation can either directly call the low-level AES | ||||||
|  * compatibility purposes. If that's not available, PSA is used instead */ |  * module (gated by MBEDTLS_AES_C) or call the PSA API to perform AES | ||||||
| #if defined(MBEDTLS_AES_C) |  * operations. Calling the AES module directly is the default, both for | ||||||
|  |  * maximum backward compatibility and because it's a bit more efficient | ||||||
|  |  * (less glue code). | ||||||
|  |  * | ||||||
|  |  * When MBEDTLS_AES_C is disabled, the CTR_DRBG module calls PSA crypto and | ||||||
|  |  * thus benefits from the PSA AES accelerator driver. | ||||||
|  |  * It is technically possible to enable MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO | ||||||
|  |  * to use PSA even when MBEDTLS_AES_C is disabled, but there is very little | ||||||
|  |  * reason to do so other than testing purposes and this is not officially | ||||||
|  |  * supported. | ||||||
|  |  */ | ||||||
|  | #if !defined(MBEDTLS_AES_C) | ||||||
|  | #define MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO | ||||||
|  | #endif | ||||||
|  |  | ||||||
|  | #if !defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) | ||||||
| #include "mbedtls/aes.h" | #include "mbedtls/aes.h" | ||||||
| #else | #else | ||||||
| #include "psa/crypto.h" | #include "psa/crypto.h" | ||||||
| @@ -157,7 +172,7 @@ extern "C" { | |||||||
| #define MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN (MBEDTLS_CTR_DRBG_ENTROPY_LEN + 1) / 2 | #define MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN (MBEDTLS_CTR_DRBG_ENTROPY_LEN + 1) / 2 | ||||||
| #endif | #endif | ||||||
|  |  | ||||||
| #if !defined(MBEDTLS_AES_C) | #if defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) | ||||||
| typedef struct mbedtls_ctr_drbg_psa_context { | typedef struct mbedtls_ctr_drbg_psa_context { | ||||||
|     mbedtls_svc_key_id_t key_id; |     mbedtls_svc_key_id_t key_id; | ||||||
|     psa_cipher_operation_t operation; |     psa_cipher_operation_t operation; | ||||||
| @@ -189,7 +204,7 @@ typedef struct mbedtls_ctr_drbg_context { | |||||||
|                                                   * This is the maximum number of requests |                                                   * This is the maximum number of requests | ||||||
|                                                   * that can be made between reseedings. */ |                                                   * that can be made between reseedings. */ | ||||||
|  |  | ||||||
| #if defined(MBEDTLS_AES_C) | #if !defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) | ||||||
|     mbedtls_aes_context MBEDTLS_PRIVATE(aes_ctx);        /*!< The AES context. */ |     mbedtls_aes_context MBEDTLS_PRIVATE(aes_ctx);        /*!< The AES context. */ | ||||||
| #else | #else | ||||||
|     mbedtls_ctr_drbg_psa_context MBEDTLS_PRIVATE(psa_ctx); /*!< The PSA context. */ |     mbedtls_ctr_drbg_psa_context MBEDTLS_PRIVATE(psa_ctx); /*!< The PSA context. */ | ||||||
|   | |||||||
| @@ -26,13 +26,13 @@ | |||||||
| #endif | #endif | ||||||
|  |  | ||||||
| /* Using error translation functions from PSA to MbedTLS */ | /* Using error translation functions from PSA to MbedTLS */ | ||||||
| #if !defined(MBEDTLS_AES_C) | #if defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) | ||||||
| #include "psa_util_internal.h" | #include "psa_util_internal.h" | ||||||
| #endif | #endif | ||||||
|  |  | ||||||
| #include "mbedtls/platform.h" | #include "mbedtls/platform.h" | ||||||
|  |  | ||||||
| #if !defined(MBEDTLS_AES_C) | #if defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) | ||||||
| static psa_status_t ctr_drbg_setup_psa_context(mbedtls_ctr_drbg_psa_context *psa_ctx, | static psa_status_t ctr_drbg_setup_psa_context(mbedtls_ctr_drbg_psa_context *psa_ctx, | ||||||
|                                                unsigned char *key, size_t key_len) |                                                unsigned char *key, size_t key_len) | ||||||
| { | { | ||||||
| @@ -73,7 +73,7 @@ static void ctr_drbg_destroy_psa_contex(mbedtls_ctr_drbg_psa_context *psa_ctx) | |||||||
| void mbedtls_ctr_drbg_init(mbedtls_ctr_drbg_context *ctx) | void mbedtls_ctr_drbg_init(mbedtls_ctr_drbg_context *ctx) | ||||||
| { | { | ||||||
|     memset(ctx, 0, sizeof(mbedtls_ctr_drbg_context)); |     memset(ctx, 0, sizeof(mbedtls_ctr_drbg_context)); | ||||||
| #if defined(MBEDTLS_AES_C) | #if !defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) | ||||||
|     mbedtls_aes_init(&ctx->aes_ctx); |     mbedtls_aes_init(&ctx->aes_ctx); | ||||||
| #else | #else | ||||||
|     ctx->psa_ctx.key_id = MBEDTLS_SVC_KEY_ID_INIT; |     ctx->psa_ctx.key_id = MBEDTLS_SVC_KEY_ID_INIT; | ||||||
| @@ -102,7 +102,7 @@ void mbedtls_ctr_drbg_free(mbedtls_ctr_drbg_context *ctx) | |||||||
|         mbedtls_mutex_free(&ctx->mutex); |         mbedtls_mutex_free(&ctx->mutex); | ||||||
|     } |     } | ||||||
| #endif | #endif | ||||||
| #if defined(MBEDTLS_AES_C) | #if !defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) | ||||||
|     mbedtls_aes_free(&ctx->aes_ctx); |     mbedtls_aes_free(&ctx->aes_ctx); | ||||||
| #else | #else | ||||||
|     ctr_drbg_destroy_psa_contex(&ctx->psa_ctx); |     ctr_drbg_destroy_psa_contex(&ctx->psa_ctx); | ||||||
| @@ -168,7 +168,7 @@ static int block_cipher_df(unsigned char *output, | |||||||
|     unsigned char chain[MBEDTLS_CTR_DRBG_BLOCKSIZE]; |     unsigned char chain[MBEDTLS_CTR_DRBG_BLOCKSIZE]; | ||||||
|     unsigned char *p, *iv; |     unsigned char *p, *iv; | ||||||
|     int ret = 0; |     int ret = 0; | ||||||
| #if defined(MBEDTLS_AES_C) | #if !defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) | ||||||
|     mbedtls_aes_context aes_ctx; |     mbedtls_aes_context aes_ctx; | ||||||
| #else | #else | ||||||
|     psa_status_t status; |     psa_status_t status; | ||||||
| @@ -209,7 +209,7 @@ static int block_cipher_df(unsigned char *output, | |||||||
|         key[i] = i; |         key[i] = i; | ||||||
|     } |     } | ||||||
|  |  | ||||||
| #if defined(MBEDTLS_AES_C) | #if !defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) | ||||||
|     mbedtls_aes_init(&aes_ctx); |     mbedtls_aes_init(&aes_ctx); | ||||||
|  |  | ||||||
|     if ((ret = mbedtls_aes_setkey_enc(&aes_ctx, key, |     if ((ret = mbedtls_aes_setkey_enc(&aes_ctx, key, | ||||||
| @@ -238,7 +238,7 @@ static int block_cipher_df(unsigned char *output, | |||||||
|             use_len -= (use_len >= MBEDTLS_CTR_DRBG_BLOCKSIZE) ? |             use_len -= (use_len >= MBEDTLS_CTR_DRBG_BLOCKSIZE) ? | ||||||
|                        MBEDTLS_CTR_DRBG_BLOCKSIZE : use_len; |                        MBEDTLS_CTR_DRBG_BLOCKSIZE : use_len; | ||||||
|  |  | ||||||
| #if defined(MBEDTLS_AES_C) | #if !defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) | ||||||
|             if ((ret = mbedtls_aes_crypt_ecb(&aes_ctx, MBEDTLS_AES_ENCRYPT, |             if ((ret = mbedtls_aes_crypt_ecb(&aes_ctx, MBEDTLS_AES_ENCRYPT, | ||||||
|                                              chain, chain)) != 0) { |                                              chain, chain)) != 0) { | ||||||
|                 goto exit; |                 goto exit; | ||||||
| @@ -264,7 +264,7 @@ static int block_cipher_df(unsigned char *output, | |||||||
|     /* |     /* | ||||||
|      * Do final encryption with reduced data |      * Do final encryption with reduced data | ||||||
|      */ |      */ | ||||||
| #if defined(MBEDTLS_AES_C) | #if !defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) | ||||||
|     if ((ret = mbedtls_aes_setkey_enc(&aes_ctx, tmp, |     if ((ret = mbedtls_aes_setkey_enc(&aes_ctx, tmp, | ||||||
|                                       MBEDTLS_CTR_DRBG_KEYBITS)) != 0) { |                                       MBEDTLS_CTR_DRBG_KEYBITS)) != 0) { | ||||||
|         goto exit; |         goto exit; | ||||||
| @@ -282,7 +282,7 @@ static int block_cipher_df(unsigned char *output, | |||||||
|     p = output; |     p = output; | ||||||
|  |  | ||||||
|     for (j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE) { |     for (j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE) { | ||||||
| #if defined(MBEDTLS_AES_C) | #if !defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) | ||||||
|         if ((ret = mbedtls_aes_crypt_ecb(&aes_ctx, MBEDTLS_AES_ENCRYPT, |         if ((ret = mbedtls_aes_crypt_ecb(&aes_ctx, MBEDTLS_AES_ENCRYPT, | ||||||
|                                          iv, iv)) != 0) { |                                          iv, iv)) != 0) { | ||||||
|             goto exit; |             goto exit; | ||||||
| @@ -299,7 +299,7 @@ static int block_cipher_df(unsigned char *output, | |||||||
|         p += MBEDTLS_CTR_DRBG_BLOCKSIZE; |         p += MBEDTLS_CTR_DRBG_BLOCKSIZE; | ||||||
|     } |     } | ||||||
| exit: | exit: | ||||||
| #if defined(MBEDTLS_AES_C) | #if !defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) | ||||||
|     mbedtls_aes_free(&aes_ctx); |     mbedtls_aes_free(&aes_ctx); | ||||||
| #else | #else | ||||||
|     ctr_drbg_destroy_psa_contex(&psa_ctx); |     ctr_drbg_destroy_psa_contex(&psa_ctx); | ||||||
| @@ -336,7 +336,7 @@ static int ctr_drbg_update_internal(mbedtls_ctr_drbg_context *ctx, | |||||||
|     unsigned char *p = tmp; |     unsigned char *p = tmp; | ||||||
|     int j; |     int j; | ||||||
|     int ret = 0; |     int ret = 0; | ||||||
| #if !defined(MBEDTLS_AES_C) | #if defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) | ||||||
|     psa_status_t status; |     psa_status_t status; | ||||||
|     size_t tmp_len; |     size_t tmp_len; | ||||||
| #endif | #endif | ||||||
| @@ -352,7 +352,7 @@ static int ctr_drbg_update_internal(mbedtls_ctr_drbg_context *ctx, | |||||||
|         /* |         /* | ||||||
|          * Crypt counter block |          * Crypt counter block | ||||||
|          */ |          */ | ||||||
| #if defined(MBEDTLS_AES_C) | #if !defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) | ||||||
|         if ((ret = mbedtls_aes_crypt_ecb(&ctx->aes_ctx, MBEDTLS_AES_ENCRYPT, |         if ((ret = mbedtls_aes_crypt_ecb(&ctx->aes_ctx, MBEDTLS_AES_ENCRYPT, | ||||||
|                                          ctx->counter, p)) != 0) { |                                          ctx->counter, p)) != 0) { | ||||||
|             goto exit; |             goto exit; | ||||||
| @@ -374,7 +374,7 @@ static int ctr_drbg_update_internal(mbedtls_ctr_drbg_context *ctx, | |||||||
|     /* |     /* | ||||||
|      * Update key and counter |      * Update key and counter | ||||||
|      */ |      */ | ||||||
| #if defined(MBEDTLS_AES_C) | #if !defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) | ||||||
|     if ((ret = mbedtls_aes_setkey_enc(&ctx->aes_ctx, tmp, |     if ((ret = mbedtls_aes_setkey_enc(&ctx->aes_ctx, tmp, | ||||||
|                                       MBEDTLS_CTR_DRBG_KEYBITS)) != 0) { |                                       MBEDTLS_CTR_DRBG_KEYBITS)) != 0) { | ||||||
|         goto exit; |         goto exit; | ||||||
| @@ -564,7 +564,7 @@ int mbedtls_ctr_drbg_seed(mbedtls_ctr_drbg_context *ctx, | |||||||
|                  good_nonce_len(ctx->entropy_len)); |                  good_nonce_len(ctx->entropy_len)); | ||||||
|  |  | ||||||
|     /* Initialize with an empty key. */ |     /* Initialize with an empty key. */ | ||||||
| #if defined(MBEDTLS_AES_C) | #if !defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) | ||||||
|     if ((ret = mbedtls_aes_setkey_enc(&ctx->aes_ctx, key, |     if ((ret = mbedtls_aes_setkey_enc(&ctx->aes_ctx, key, | ||||||
|                                       MBEDTLS_CTR_DRBG_KEYBITS)) != 0) { |                                       MBEDTLS_CTR_DRBG_KEYBITS)) != 0) { | ||||||
|         return ret; |         return ret; | ||||||
| @@ -655,7 +655,7 @@ int mbedtls_ctr_drbg_random_with_add(void *p_rng, | |||||||
|         /* |         /* | ||||||
|          * Crypt counter block |          * Crypt counter block | ||||||
|          */ |          */ | ||||||
| #if defined(MBEDTLS_AES_C) | #if !defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) | ||||||
|         if ((ret = mbedtls_aes_crypt_ecb(&ctx->aes_ctx, MBEDTLS_AES_ENCRYPT, |         if ((ret = mbedtls_aes_crypt_ecb(&ctx->aes_ctx, MBEDTLS_AES_ENCRYPT, | ||||||
|                                          ctx->counter, locals.tmp)) != 0) { |                                          ctx->counter, locals.tmp)) != 0) { | ||||||
|             goto exit; |             goto exit; | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user