psa_crypto_cipher: add mbedtls_cipher_values_from_psa()
This commit splits mbedtls_cipher_info_from_psa() in 2 parts: - mbedtls_cipher_values_from_psa() that performs parameters' validation and return cipher's values - mbedtls_cipher_info_from_psa() which then use those values to return the proper cipher_info pointer. Of course this depends on CIPHER_C. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This commit is contained in:
parent
2c2adedd82
commit
4a249828a8
3 changed files with 73 additions and 36 deletions
|
@ -43,21 +43,16 @@ static psa_status_t psa_aead_setup(
|
||||||
psa_algorithm_t alg)
|
psa_algorithm_t alg)
|
||||||
{
|
{
|
||||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||||
|
mbedtls_cipher_id_t cipher_id;
|
||||||
|
mbedtls_cipher_mode_t mode;
|
||||||
|
size_t key_bits = attributes->core.bits;
|
||||||
(void) key_buffer_size;
|
(void) key_buffer_size;
|
||||||
|
|
||||||
#if defined(MBEDTLS_CIPHER_C)
|
status = mbedtls_cipher_values_from_psa(alg, attributes->core.type,
|
||||||
const mbedtls_cipher_info_t *cipher_info;
|
&key_bits, &mode, &cipher_id);
|
||||||
mbedtls_cipher_id_t cipher_id;
|
if (status != PSA_SUCCESS) {
|
||||||
size_t key_bits = attributes->core.bits;
|
return status;
|
||||||
|
|
||||||
cipher_info = mbedtls_cipher_info_from_psa(alg,
|
|
||||||
attributes->core.type, key_bits,
|
|
||||||
&cipher_id);
|
|
||||||
if (cipher_info == NULL) {
|
|
||||||
return PSA_ERROR_NOT_SUPPORTED;
|
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_CIPHER_C */
|
|
||||||
|
|
||||||
switch (PSA_ALG_AEAD_WITH_SHORTENED_TAG(alg, 0)) {
|
switch (PSA_ALG_AEAD_WITH_SHORTENED_TAG(alg, 0)) {
|
||||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
|
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
|
||||||
|
|
|
@ -31,15 +31,15 @@
|
||||||
|
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
|
|
||||||
#if defined(MBEDTLS_CIPHER_C)
|
psa_status_t mbedtls_cipher_values_from_psa(
|
||||||
const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa(
|
|
||||||
psa_algorithm_t alg,
|
psa_algorithm_t alg,
|
||||||
psa_key_type_t key_type,
|
psa_key_type_t key_type,
|
||||||
size_t key_bits,
|
size_t *key_bits,
|
||||||
|
mbedtls_cipher_mode_t *mode,
|
||||||
mbedtls_cipher_id_t *cipher_id)
|
mbedtls_cipher_id_t *cipher_id)
|
||||||
{
|
{
|
||||||
mbedtls_cipher_mode_t mode;
|
|
||||||
mbedtls_cipher_id_t cipher_id_tmp;
|
mbedtls_cipher_id_t cipher_id_tmp;
|
||||||
|
(void) key_bits;
|
||||||
|
|
||||||
if (PSA_ALG_IS_AEAD(alg)) {
|
if (PSA_ALG_IS_AEAD(alg)) {
|
||||||
alg = PSA_ALG_AEAD_WITH_SHORTENED_TAG(alg, 0);
|
alg = PSA_ALG_AEAD_WITH_SHORTENED_TAG(alg, 0);
|
||||||
|
@ -49,66 +49,66 @@ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa(
|
||||||
switch (alg) {
|
switch (alg) {
|
||||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER)
|
#if defined(MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER)
|
||||||
case PSA_ALG_STREAM_CIPHER:
|
case PSA_ALG_STREAM_CIPHER:
|
||||||
mode = MBEDTLS_MODE_STREAM;
|
*mode = MBEDTLS_MODE_STREAM;
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CTR)
|
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CTR)
|
||||||
case PSA_ALG_CTR:
|
case PSA_ALG_CTR:
|
||||||
mode = MBEDTLS_MODE_CTR;
|
*mode = MBEDTLS_MODE_CTR;
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CFB)
|
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CFB)
|
||||||
case PSA_ALG_CFB:
|
case PSA_ALG_CFB:
|
||||||
mode = MBEDTLS_MODE_CFB;
|
*mode = MBEDTLS_MODE_CFB;
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_OFB)
|
#if defined(MBEDTLS_PSA_BUILTIN_ALG_OFB)
|
||||||
case PSA_ALG_OFB:
|
case PSA_ALG_OFB:
|
||||||
mode = MBEDTLS_MODE_OFB;
|
*mode = MBEDTLS_MODE_OFB;
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING)
|
#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING)
|
||||||
case PSA_ALG_ECB_NO_PADDING:
|
case PSA_ALG_ECB_NO_PADDING:
|
||||||
mode = MBEDTLS_MODE_ECB;
|
*mode = MBEDTLS_MODE_ECB;
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING)
|
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING)
|
||||||
case PSA_ALG_CBC_NO_PADDING:
|
case PSA_ALG_CBC_NO_PADDING:
|
||||||
mode = MBEDTLS_MODE_CBC;
|
*mode = MBEDTLS_MODE_CBC;
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7)
|
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7)
|
||||||
case PSA_ALG_CBC_PKCS7:
|
case PSA_ALG_CBC_PKCS7:
|
||||||
mode = MBEDTLS_MODE_CBC;
|
*mode = MBEDTLS_MODE_CBC;
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM_STAR_NO_TAG)
|
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM_STAR_NO_TAG)
|
||||||
case PSA_ALG_CCM_STAR_NO_TAG:
|
case PSA_ALG_CCM_STAR_NO_TAG:
|
||||||
mode = MBEDTLS_MODE_CCM_STAR_NO_TAG;
|
*mode = MBEDTLS_MODE_CCM_STAR_NO_TAG;
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
|
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
|
||||||
case PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 0):
|
case PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 0):
|
||||||
mode = MBEDTLS_MODE_CCM;
|
*mode = MBEDTLS_MODE_CCM;
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
|
#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
|
||||||
case PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM, 0):
|
case PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM, 0):
|
||||||
mode = MBEDTLS_MODE_GCM;
|
*mode = MBEDTLS_MODE_GCM;
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
|
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
|
||||||
case PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CHACHA20_POLY1305, 0):
|
case PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CHACHA20_POLY1305, 0):
|
||||||
mode = MBEDTLS_MODE_CHACHAPOLY;
|
*mode = MBEDTLS_MODE_CHACHAPOLY;
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
default:
|
default:
|
||||||
return NULL;
|
return PSA_ERROR_NOT_SUPPORTED;
|
||||||
}
|
}
|
||||||
} else if (alg == PSA_ALG_CMAC) {
|
} else if (alg == PSA_ALG_CMAC) {
|
||||||
mode = MBEDTLS_MODE_ECB;
|
*mode = MBEDTLS_MODE_ECB;
|
||||||
} else {
|
} else {
|
||||||
return NULL;
|
return PSA_ERROR_NOT_SUPPORTED;
|
||||||
}
|
}
|
||||||
|
|
||||||
switch (key_type) {
|
switch (key_type) {
|
||||||
|
@ -126,7 +126,7 @@ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa(
|
||||||
case PSA_KEY_TYPE_DES:
|
case PSA_KEY_TYPE_DES:
|
||||||
/* key_bits is 64 for Single-DES, 128 for two-key Triple-DES,
|
/* key_bits is 64 for Single-DES, 128 for two-key Triple-DES,
|
||||||
* and 192 for three-key Triple-DES. */
|
* and 192 for three-key Triple-DES. */
|
||||||
if (key_bits == 64) {
|
if (*key_bits == 64) {
|
||||||
cipher_id_tmp = MBEDTLS_CIPHER_ID_DES;
|
cipher_id_tmp = MBEDTLS_CIPHER_ID_DES;
|
||||||
} else {
|
} else {
|
||||||
cipher_id_tmp = MBEDTLS_CIPHER_ID_3DES;
|
cipher_id_tmp = MBEDTLS_CIPHER_ID_3DES;
|
||||||
|
@ -134,8 +134,8 @@ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa(
|
||||||
/* mbedtls doesn't recognize two-key Triple-DES as an algorithm,
|
/* mbedtls doesn't recognize two-key Triple-DES as an algorithm,
|
||||||
* but two-key Triple-DES is functionally three-key Triple-DES
|
* but two-key Triple-DES is functionally three-key Triple-DES
|
||||||
* with K1=K3, so that's how we present it to mbedtls. */
|
* with K1=K3, so that's how we present it to mbedtls. */
|
||||||
if (key_bits == 128) {
|
if (*key_bits == 128) {
|
||||||
key_bits = 192;
|
*key_bits = 192;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
|
@ -150,14 +150,35 @@ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa(
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
default:
|
default:
|
||||||
|
return PSA_ERROR_NOT_SUPPORTED;
|
||||||
|
}
|
||||||
|
if (cipher_id != NULL) {
|
||||||
|
*cipher_id = cipher_id_tmp;
|
||||||
|
}
|
||||||
|
|
||||||
|
return PSA_SUCCESS;
|
||||||
|
}
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_CIPHER_C)
|
||||||
|
const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa(
|
||||||
|
psa_algorithm_t alg,
|
||||||
|
psa_key_type_t key_type,
|
||||||
|
size_t key_bits,
|
||||||
|
mbedtls_cipher_id_t *cipher_id)
|
||||||
|
{
|
||||||
|
mbedtls_cipher_mode_t mode;
|
||||||
|
psa_status_t status;
|
||||||
|
mbedtls_cipher_id_t cipher_id_tmp;
|
||||||
|
|
||||||
|
status = mbedtls_cipher_values_from_psa(alg, key_type, &key_bits, &mode, &cipher_id_tmp);
|
||||||
|
if (status != PSA_SUCCESS) {
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
if (cipher_id != NULL) {
|
if (cipher_id != NULL) {
|
||||||
*cipher_id = cipher_id_tmp;
|
*cipher_id = cipher_id_tmp;
|
||||||
}
|
}
|
||||||
|
|
||||||
return mbedtls_cipher_info_from_values(cipher_id_tmp,
|
return mbedtls_cipher_info_from_values(cipher_id_tmp, (int) key_bits, mode);
|
||||||
(int) key_bits, mode);
|
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_CIPHER_C */
|
#endif /* MBEDTLS_CIPHER_C */
|
||||||
|
|
||||||
|
|
|
@ -24,6 +24,27 @@
|
||||||
#include <mbedtls/cipher.h>
|
#include <mbedtls/cipher.h>
|
||||||
#include <psa/crypto.h>
|
#include <psa/crypto.h>
|
||||||
|
|
||||||
|
/** Get Mbed TLS cipher information given the cipher algorithm PSA identifier
|
||||||
|
* as well as the PSA type and size of the key to be used with the cipher
|
||||||
|
* algorithm.
|
||||||
|
*
|
||||||
|
* \param[in] alg PSA cipher algorithm identifier
|
||||||
|
* \param[in] key_type PSA key type
|
||||||
|
* \param[in,out] key_bits Size of the key in bits. The value provided in input
|
||||||
|
* might be updated if necessary.
|
||||||
|
* \param[out] mode Mbed TLS cipher mode
|
||||||
|
* \param[out] cipher_id Mbed TLS cipher algorithm identifier
|
||||||
|
*
|
||||||
|
* \return On success \c PSA_SUCCESS is returned and key_bits, mode and cipher_id
|
||||||
|
* are properly updated.
|
||||||
|
* \c PSA_ERROR_NOT_SUPPORTED is returned if the cipher algorithm is not
|
||||||
|
* supported.
|
||||||
|
*/
|
||||||
|
|
||||||
|
psa_status_t mbedtls_cipher_values_from_psa(psa_algorithm_t alg, psa_key_type_t key_type,
|
||||||
|
size_t *key_bits, mbedtls_cipher_mode_t *mode,
|
||||||
|
mbedtls_cipher_id_t *cipher_id);
|
||||||
|
|
||||||
#if defined(MBEDTLS_CIPHER_C)
|
#if defined(MBEDTLS_CIPHER_C)
|
||||||
/** Get Mbed TLS cipher information given the cipher algorithm PSA identifier
|
/** Get Mbed TLS cipher information given the cipher algorithm PSA identifier
|
||||||
* as well as the PSA type and size of the key to be used with the cipher
|
* as well as the PSA type and size of the key to be used with the cipher
|
||||||
|
|
Loading…
Reference in a new issue