psa_crypto_cipher: add mbedtls_cipher_values_from_psa()
This commit splits mbedtls_cipher_info_from_psa() in 2 parts: - mbedtls_cipher_values_from_psa() that performs parameters' validation and return cipher's values - mbedtls_cipher_info_from_psa() which then use those values to return the proper cipher_info pointer. Of course this depends on CIPHER_C. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This commit is contained in:
Valerio Setti
parent
2c2adedd82
commit
4a249828a8
3 changed files with 73 additions and 36 deletions
|
|
@ -43,21 +43,16 @@ static psa_status_t psa_aead_setup(
|
|||
psa_algorithm_t alg)
|
||||
{
|
||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
|
||||
mbedtls_cipher_id_t cipher_id;
|
||||
mbedtls_cipher_mode_t mode;
|
||||
size_t key_bits = attributes->core.bits;
|
||||
(void) key_buffer_size;
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_C)
|
||||
const mbedtls_cipher_info_t *cipher_info;
|
||||
mbedtls_cipher_id_t cipher_id;
|
||||
size_t key_bits = attributes->core.bits;
|
||||
|
||||
cipher_info = mbedtls_cipher_info_from_psa(alg,
|
||||
attributes->core.type, key_bits,
|
||||
&cipher_id);
|
||||
if (cipher_info == NULL) {
|
||||
return PSA_ERROR_NOT_SUPPORTED;
|
||||
status = mbedtls_cipher_values_from_psa(alg, attributes->core.type,
|
||||
&key_bits, &mode, &cipher_id);
|
||||
if (status != PSA_SUCCESS) {
|
||||
return status;
|
||||
}
|
||||
#endif /* MBEDTLS_CIPHER_C */
|
||||
|
||||
switch (PSA_ALG_AEAD_WITH_SHORTENED_TAG(alg, 0)) {
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
|
||||
|
|
|
|||
|
|
@ -31,15 +31,15 @@
|
|||
|
||||
#include <string.h>
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_C)
|
||||
const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa(
|
||||
psa_status_t mbedtls_cipher_values_from_psa(
|
||||
psa_algorithm_t alg,
|
||||
psa_key_type_t key_type,
|
||||
size_t key_bits,
|
||||
size_t *key_bits,
|
||||
mbedtls_cipher_mode_t *mode,
|
||||
mbedtls_cipher_id_t *cipher_id)
|
||||
{
|
||||
mbedtls_cipher_mode_t mode;
|
||||
mbedtls_cipher_id_t cipher_id_tmp;
|
||||
(void) key_bits;
|
||||
|
||||
if (PSA_ALG_IS_AEAD(alg)) {
|
||||
alg = PSA_ALG_AEAD_WITH_SHORTENED_TAG(alg, 0);
|
||||
|
|
@ -49,66 +49,66 @@ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa(
|
|||
switch (alg) {
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER)
|
||||
case PSA_ALG_STREAM_CIPHER:
|
||||
mode = MBEDTLS_MODE_STREAM;
|
||||
*mode = MBEDTLS_MODE_STREAM;
|
||||
break;
|
||||
#endif
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CTR)
|
||||
case PSA_ALG_CTR:
|
||||
mode = MBEDTLS_MODE_CTR;
|
||||
*mode = MBEDTLS_MODE_CTR;
|
||||
break;
|
||||
#endif
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CFB)
|
||||
case PSA_ALG_CFB:
|
||||
mode = MBEDTLS_MODE_CFB;
|
||||
*mode = MBEDTLS_MODE_CFB;
|
||||
break;
|
||||
#endif
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_OFB)
|
||||
case PSA_ALG_OFB:
|
||||
mode = MBEDTLS_MODE_OFB;
|
||||
*mode = MBEDTLS_MODE_OFB;
|
||||
break;
|
||||
#endif
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING)
|
||||
case PSA_ALG_ECB_NO_PADDING:
|
||||
mode = MBEDTLS_MODE_ECB;
|
||||
*mode = MBEDTLS_MODE_ECB;
|
||||
break;
|
||||
#endif
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING)
|
||||
case PSA_ALG_CBC_NO_PADDING:
|
||||
mode = MBEDTLS_MODE_CBC;
|
||||
*mode = MBEDTLS_MODE_CBC;
|
||||
break;
|
||||
#endif
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7)
|
||||
case PSA_ALG_CBC_PKCS7:
|
||||
mode = MBEDTLS_MODE_CBC;
|
||||
*mode = MBEDTLS_MODE_CBC;
|
||||
break;
|
||||
#endif
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM_STAR_NO_TAG)
|
||||
case PSA_ALG_CCM_STAR_NO_TAG:
|
||||
mode = MBEDTLS_MODE_CCM_STAR_NO_TAG;
|
||||
*mode = MBEDTLS_MODE_CCM_STAR_NO_TAG;
|
||||
break;
|
||||
#endif
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
|
||||
case PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 0):
|
||||
mode = MBEDTLS_MODE_CCM;
|
||||
*mode = MBEDTLS_MODE_CCM;
|
||||
break;
|
||||
#endif
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
|
||||
case PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM, 0):
|
||||
mode = MBEDTLS_MODE_GCM;
|
||||
*mode = MBEDTLS_MODE_GCM;
|
||||
break;
|
||||
#endif
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
|
||||
case PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CHACHA20_POLY1305, 0):
|
||||
mode = MBEDTLS_MODE_CHACHAPOLY;
|
||||
*mode = MBEDTLS_MODE_CHACHAPOLY;
|
||||
break;
|
||||
#endif
|
||||
default:
|
||||
return NULL;
|
||||
return PSA_ERROR_NOT_SUPPORTED;
|
||||
}
|
||||
} else if (alg == PSA_ALG_CMAC) {
|
||||
mode = MBEDTLS_MODE_ECB;
|
||||
*mode = MBEDTLS_MODE_ECB;
|
||||
} else {
|
||||
return NULL;
|
||||
return PSA_ERROR_NOT_SUPPORTED;
|
||||
}
|
||||
|
||||
switch (key_type) {
|
||||
|
|
@ -126,7 +126,7 @@ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa(
|
|||
case PSA_KEY_TYPE_DES:
|
||||
/* key_bits is 64 for Single-DES, 128 for two-key Triple-DES,
|
||||
* and 192 for three-key Triple-DES. */
|
||||
if (key_bits == 64) {
|
||||
if (*key_bits == 64) {
|
||||
cipher_id_tmp = MBEDTLS_CIPHER_ID_DES;
|
||||
} else {
|
||||
cipher_id_tmp = MBEDTLS_CIPHER_ID_3DES;
|
||||
|
|
@ -134,8 +134,8 @@ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa(
|
|||
/* mbedtls doesn't recognize two-key Triple-DES as an algorithm,
|
||||
* but two-key Triple-DES is functionally three-key Triple-DES
|
||||
* with K1=K3, so that's how we present it to mbedtls. */
|
||||
if (key_bits == 128) {
|
||||
key_bits = 192;
|
||||
if (*key_bits == 128) {
|
||||
*key_bits = 192;
|
||||
}
|
||||
break;
|
||||
#endif
|
||||
|
|
@ -150,14 +150,35 @@ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa(
|
|||
break;
|
||||
#endif
|
||||
default:
|
||||
return NULL;
|
||||
return PSA_ERROR_NOT_SUPPORTED;
|
||||
}
|
||||
if (cipher_id != NULL) {
|
||||
*cipher_id = cipher_id_tmp;
|
||||
}
|
||||
|
||||
return mbedtls_cipher_info_from_values(cipher_id_tmp,
|
||||
(int) key_bits, mode);
|
||||
return PSA_SUCCESS;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_C)
|
||||
const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa(
|
||||
psa_algorithm_t alg,
|
||||
psa_key_type_t key_type,
|
||||
size_t key_bits,
|
||||
mbedtls_cipher_id_t *cipher_id)
|
||||
{
|
||||
mbedtls_cipher_mode_t mode;
|
||||
psa_status_t status;
|
||||
mbedtls_cipher_id_t cipher_id_tmp;
|
||||
|
||||
status = mbedtls_cipher_values_from_psa(alg, key_type, &key_bits, &mode, &cipher_id_tmp);
|
||||
if (status != PSA_SUCCESS) {
|
||||
return NULL;
|
||||
}
|
||||
if (cipher_id != NULL) {
|
||||
*cipher_id = cipher_id_tmp;
|
||||
}
|
||||
|
||||
return mbedtls_cipher_info_from_values(cipher_id_tmp, (int) key_bits, mode);
|
||||
}
|
||||
#endif /* MBEDTLS_CIPHER_C */
|
||||
|
||||
|
|
|
|||
|
|
@ -24,6 +24,27 @@
|
|||
#include <mbedtls/cipher.h>
|
||||
#include <psa/crypto.h>
|
||||
|
||||
/** Get Mbed TLS cipher information given the cipher algorithm PSA identifier
|
||||
* as well as the PSA type and size of the key to be used with the cipher
|
||||
* algorithm.
|
||||
*
|
||||
* \param[in] alg PSA cipher algorithm identifier
|
||||
* \param[in] key_type PSA key type
|
||||
* \param[in,out] key_bits Size of the key in bits. The value provided in input
|
||||
* might be updated if necessary.
|
||||
* \param[out] mode Mbed TLS cipher mode
|
||||
* \param[out] cipher_id Mbed TLS cipher algorithm identifier
|
||||
*
|
||||
* \return On success \c PSA_SUCCESS is returned and key_bits, mode and cipher_id
|
||||
* are properly updated.
|
||||
* \c PSA_ERROR_NOT_SUPPORTED is returned if the cipher algorithm is not
|
||||
* supported.
|
||||
*/
|
||||
|
||||
psa_status_t mbedtls_cipher_values_from_psa(psa_algorithm_t alg, psa_key_type_t key_type,
|
||||
size_t *key_bits, mbedtls_cipher_mode_t *mode,
|
||||
mbedtls_cipher_id_t *cipher_id);
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_C)
|
||||
/** Get Mbed TLS cipher information given the cipher algorithm PSA identifier
|
||||
* as well as the PSA type and size of the key to be used with the cipher
|
||||
|
|
|
|||
Loading…
Reference in a new issue