psa_crypto_cipher: add mbedtls_cipher_values_from_psa()

This commit splits mbedtls_cipher_info_from_psa() in 2 parts:

- mbedtls_cipher_values_from_psa() that performs parameters' validation and
  return cipher's values

- mbedtls_cipher_info_from_psa() which then use those values to return
  the proper cipher_info pointer. Of course this depends on CIPHER_C.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This commit is contained in:
Valerio Setti 2023-10-18 12:34:54 +02:00
parent 2c2adedd82
commit 4a249828a8
3 changed files with 73 additions and 36 deletions

View file

@ -43,21 +43,16 @@ static psa_status_t psa_aead_setup(
psa_algorithm_t alg) psa_algorithm_t alg)
{ {
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
mbedtls_cipher_id_t cipher_id;
mbedtls_cipher_mode_t mode;
size_t key_bits = attributes->core.bits;
(void) key_buffer_size; (void) key_buffer_size;
#if defined(MBEDTLS_CIPHER_C) status = mbedtls_cipher_values_from_psa(alg, attributes->core.type,
const mbedtls_cipher_info_t *cipher_info; &key_bits, &mode, &cipher_id);
mbedtls_cipher_id_t cipher_id; if (status != PSA_SUCCESS) {
size_t key_bits = attributes->core.bits; return status;
cipher_info = mbedtls_cipher_info_from_psa(alg,
attributes->core.type, key_bits,
&cipher_id);
if (cipher_info == NULL) {
return PSA_ERROR_NOT_SUPPORTED;
} }
#endif /* MBEDTLS_CIPHER_C */
switch (PSA_ALG_AEAD_WITH_SHORTENED_TAG(alg, 0)) { switch (PSA_ALG_AEAD_WITH_SHORTENED_TAG(alg, 0)) {
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)

View file

@ -31,15 +31,15 @@
#include <string.h> #include <string.h>
#if defined(MBEDTLS_CIPHER_C) psa_status_t mbedtls_cipher_values_from_psa(
const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa(
psa_algorithm_t alg, psa_algorithm_t alg,
psa_key_type_t key_type, psa_key_type_t key_type,
size_t key_bits, size_t *key_bits,
mbedtls_cipher_mode_t *mode,
mbedtls_cipher_id_t *cipher_id) mbedtls_cipher_id_t *cipher_id)
{ {
mbedtls_cipher_mode_t mode;
mbedtls_cipher_id_t cipher_id_tmp; mbedtls_cipher_id_t cipher_id_tmp;
(void) key_bits;
if (PSA_ALG_IS_AEAD(alg)) { if (PSA_ALG_IS_AEAD(alg)) {
alg = PSA_ALG_AEAD_WITH_SHORTENED_TAG(alg, 0); alg = PSA_ALG_AEAD_WITH_SHORTENED_TAG(alg, 0);
@ -49,66 +49,66 @@ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa(
switch (alg) { switch (alg) {
#if defined(MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER) #if defined(MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER)
case PSA_ALG_STREAM_CIPHER: case PSA_ALG_STREAM_CIPHER:
mode = MBEDTLS_MODE_STREAM; *mode = MBEDTLS_MODE_STREAM;
break; break;
#endif #endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CTR) #if defined(MBEDTLS_PSA_BUILTIN_ALG_CTR)
case PSA_ALG_CTR: case PSA_ALG_CTR:
mode = MBEDTLS_MODE_CTR; *mode = MBEDTLS_MODE_CTR;
break; break;
#endif #endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CFB) #if defined(MBEDTLS_PSA_BUILTIN_ALG_CFB)
case PSA_ALG_CFB: case PSA_ALG_CFB:
mode = MBEDTLS_MODE_CFB; *mode = MBEDTLS_MODE_CFB;
break; break;
#endif #endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_OFB) #if defined(MBEDTLS_PSA_BUILTIN_ALG_OFB)
case PSA_ALG_OFB: case PSA_ALG_OFB:
mode = MBEDTLS_MODE_OFB; *mode = MBEDTLS_MODE_OFB;
break; break;
#endif #endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING) #if defined(MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING)
case PSA_ALG_ECB_NO_PADDING: case PSA_ALG_ECB_NO_PADDING:
mode = MBEDTLS_MODE_ECB; *mode = MBEDTLS_MODE_ECB;
break; break;
#endif #endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING) #if defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING)
case PSA_ALG_CBC_NO_PADDING: case PSA_ALG_CBC_NO_PADDING:
mode = MBEDTLS_MODE_CBC; *mode = MBEDTLS_MODE_CBC;
break; break;
#endif #endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7) #if defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7)
case PSA_ALG_CBC_PKCS7: case PSA_ALG_CBC_PKCS7:
mode = MBEDTLS_MODE_CBC; *mode = MBEDTLS_MODE_CBC;
break; break;
#endif #endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM_STAR_NO_TAG) #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM_STAR_NO_TAG)
case PSA_ALG_CCM_STAR_NO_TAG: case PSA_ALG_CCM_STAR_NO_TAG:
mode = MBEDTLS_MODE_CCM_STAR_NO_TAG; *mode = MBEDTLS_MODE_CCM_STAR_NO_TAG;
break; break;
#endif #endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
case PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 0): case PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 0):
mode = MBEDTLS_MODE_CCM; *mode = MBEDTLS_MODE_CCM;
break; break;
#endif #endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
case PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM, 0): case PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM, 0):
mode = MBEDTLS_MODE_GCM; *mode = MBEDTLS_MODE_GCM;
break; break;
#endif #endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) #if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
case PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CHACHA20_POLY1305, 0): case PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CHACHA20_POLY1305, 0):
mode = MBEDTLS_MODE_CHACHAPOLY; *mode = MBEDTLS_MODE_CHACHAPOLY;
break; break;
#endif #endif
default: default:
return NULL; return PSA_ERROR_NOT_SUPPORTED;
} }
} else if (alg == PSA_ALG_CMAC) { } else if (alg == PSA_ALG_CMAC) {
mode = MBEDTLS_MODE_ECB; *mode = MBEDTLS_MODE_ECB;
} else { } else {
return NULL; return PSA_ERROR_NOT_SUPPORTED;
} }
switch (key_type) { switch (key_type) {
@ -126,7 +126,7 @@ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa(
case PSA_KEY_TYPE_DES: case PSA_KEY_TYPE_DES:
/* key_bits is 64 for Single-DES, 128 for two-key Triple-DES, /* key_bits is 64 for Single-DES, 128 for two-key Triple-DES,
* and 192 for three-key Triple-DES. */ * and 192 for three-key Triple-DES. */
if (key_bits == 64) { if (*key_bits == 64) {
cipher_id_tmp = MBEDTLS_CIPHER_ID_DES; cipher_id_tmp = MBEDTLS_CIPHER_ID_DES;
} else { } else {
cipher_id_tmp = MBEDTLS_CIPHER_ID_3DES; cipher_id_tmp = MBEDTLS_CIPHER_ID_3DES;
@ -134,8 +134,8 @@ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa(
/* mbedtls doesn't recognize two-key Triple-DES as an algorithm, /* mbedtls doesn't recognize two-key Triple-DES as an algorithm,
* but two-key Triple-DES is functionally three-key Triple-DES * but two-key Triple-DES is functionally three-key Triple-DES
* with K1=K3, so that's how we present it to mbedtls. */ * with K1=K3, so that's how we present it to mbedtls. */
if (key_bits == 128) { if (*key_bits == 128) {
key_bits = 192; *key_bits = 192;
} }
break; break;
#endif #endif
@ -150,14 +150,35 @@ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa(
break; break;
#endif #endif
default: default:
return PSA_ERROR_NOT_SUPPORTED;
}
if (cipher_id != NULL) {
*cipher_id = cipher_id_tmp;
}
return PSA_SUCCESS;
}
#if defined(MBEDTLS_CIPHER_C)
const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa(
psa_algorithm_t alg,
psa_key_type_t key_type,
size_t key_bits,
mbedtls_cipher_id_t *cipher_id)
{
mbedtls_cipher_mode_t mode;
psa_status_t status;
mbedtls_cipher_id_t cipher_id_tmp;
status = mbedtls_cipher_values_from_psa(alg, key_type, &key_bits, &mode, &cipher_id_tmp);
if (status != PSA_SUCCESS) {
return NULL; return NULL;
} }
if (cipher_id != NULL) { if (cipher_id != NULL) {
*cipher_id = cipher_id_tmp; *cipher_id = cipher_id_tmp;
} }
return mbedtls_cipher_info_from_values(cipher_id_tmp, return mbedtls_cipher_info_from_values(cipher_id_tmp, (int) key_bits, mode);
(int) key_bits, mode);
} }
#endif /* MBEDTLS_CIPHER_C */ #endif /* MBEDTLS_CIPHER_C */

View file

@ -24,6 +24,27 @@
#include <mbedtls/cipher.h> #include <mbedtls/cipher.h>
#include <psa/crypto.h> #include <psa/crypto.h>
/** Get Mbed TLS cipher information given the cipher algorithm PSA identifier
* as well as the PSA type and size of the key to be used with the cipher
* algorithm.
*
* \param[in] alg PSA cipher algorithm identifier
* \param[in] key_type PSA key type
* \param[in,out] key_bits Size of the key in bits. The value provided in input
* might be updated if necessary.
* \param[out] mode Mbed TLS cipher mode
* \param[out] cipher_id Mbed TLS cipher algorithm identifier
*
* \return On success \c PSA_SUCCESS is returned and key_bits, mode and cipher_id
* are properly updated.
* \c PSA_ERROR_NOT_SUPPORTED is returned if the cipher algorithm is not
* supported.
*/
psa_status_t mbedtls_cipher_values_from_psa(psa_algorithm_t alg, psa_key_type_t key_type,
size_t *key_bits, mbedtls_cipher_mode_t *mode,
mbedtls_cipher_id_t *cipher_id);
#if defined(MBEDTLS_CIPHER_C) #if defined(MBEDTLS_CIPHER_C)
/** Get Mbed TLS cipher information given the cipher algorithm PSA identifier /** Get Mbed TLS cipher information given the cipher algorithm PSA identifier
* as well as the PSA type and size of the key to be used with the cipher * as well as the PSA type and size of the key to be used with the cipher