From c45b4afc63fb6fb9116d80658b9823f7eee500cf Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 29 Sep 2020 16:18:05 +0200 Subject: [PATCH 01/28] Fix PSA SE driver tests Fix PSA SE driver tests in configuration full + MBEDTLS_PSA_CRYPTO_DRIVERS. Signed-off-by: Ronald Cron --- library/psa_crypto.c | 12 ++++++++++++ library/psa_crypto_driver_wrappers.c | 14 +++++++------- 2 files changed, 19 insertions(+), 7 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 37389f8d0..b9369feab 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3558,6 +3558,12 @@ psa_status_t psa_cipher_generate_iv( psa_cipher_operation_t *operation, { psa_status_t status; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + + if( operation->alg == 0 ) + { + return( PSA_ERROR_BAD_STATE ); + } + if( operation->iv_set || ! operation->iv_required ) { return( PSA_ERROR_BAD_STATE ); @@ -3602,6 +3608,12 @@ psa_status_t psa_cipher_set_iv( psa_cipher_operation_t *operation, { psa_status_t status; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + + if( operation->alg == 0 ) + { + return( PSA_ERROR_BAD_STATE ); + } + if( operation->iv_set || ! operation->iv_required ) { return( PSA_ERROR_BAD_STATE ); diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index 6c94472f8..9fbc61023 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -779,7 +779,7 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup( #endif /* PSA_CRYPTO_DRIVER_TEST */ default: /* Key is declared with a lifetime not known to us */ - return( PSA_ERROR_NOT_SUPPORTED ); + return( PSA_ERROR_INVALID_ARGUMENT ); } #else /* PSA_CRYPTO_DRIVER_PRESENT */ (void)slot; @@ -860,7 +860,7 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup( #endif /* PSA_CRYPTO_DRIVER_TEST */ default: /* Key is declared with a lifetime not known to us */ - return( PSA_ERROR_NOT_SUPPORTED ); + return( PSA_ERROR_INVALID_ARGUMENT ); } #else /* PSA_CRYPTO_DRIVER_PRESENT */ (void)slot; @@ -896,7 +896,7 @@ psa_status_t psa_driver_wrapper_cipher_generate_iv( #endif /* PSA_CRYPTO_DRIVER_TEST */ default: /* Key is attached to a driver not known to us */ - return( PSA_ERROR_BAD_STATE ); + return( PSA_ERROR_INVALID_ARGUMENT ); } #else /* PSA_CRYPTO_DRIVER_PRESENT */ (void) operation; @@ -930,7 +930,7 @@ psa_status_t psa_driver_wrapper_cipher_set_iv( #endif /* PSA_CRYPTO_DRIVER_TEST */ default: /* Key is attached to a driver not known to us */ - return( PSA_ERROR_BAD_STATE ); + return( PSA_ERROR_INVALID_ARGUMENT ); } #else /* PSA_CRYPTO_DRIVER_PRESENT */ (void) operation; @@ -972,7 +972,7 @@ psa_status_t psa_driver_wrapper_cipher_update( #endif /* PSA_CRYPTO_DRIVER_TEST */ default: /* Key is attached to a driver not known to us */ - return( PSA_ERROR_BAD_STATE ); + return( PSA_ERROR_INVALID_ARGUMENT ); } #else /* PSA_CRYPTO_DRIVER_PRESENT */ (void) operation; @@ -1011,7 +1011,7 @@ psa_status_t psa_driver_wrapper_cipher_finish( #endif /* PSA_CRYPTO_DRIVER_TEST */ default: /* Key is attached to a driver not known to us */ - return( PSA_ERROR_BAD_STATE ); + return( PSA_ERROR_INVALID_ARGUMENT ); } #else /* PSA_CRYPTO_DRIVER_PRESENT */ (void) operation; @@ -1062,7 +1062,7 @@ psa_status_t psa_driver_wrapper_cipher_abort( #endif /* PSA_CRYPTO_DRIVER_TEST */ default: /* Operation is attached to a driver not known to us */ - return( PSA_ERROR_BAD_STATE ); + return( PSA_ERROR_INVALID_ARGUMENT ); } #else /* PSA_CRYPTO_DRIVER_PRESENT */ (void)operation; From 0ff579590d27eaa8f30e267e57300959e208a335 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 8 Mar 2021 16:46:35 +0100 Subject: [PATCH 02/28] psa: Add psa_crypto_cipher.[ch] Add psa_crypto_cipher.[ch] files to contain the Mbed TLS implementation of PSA driver cipher driver entry points. Signed-off-by: Ronald Cron --- library/CMakeLists.txt | 1 + library/Makefile | 1 + library/psa_crypto_cipher.c | 27 +++++++++++++++++++++++++++ library/psa_crypto_cipher.h | 26 ++++++++++++++++++++++++++ visualc/VS2010/mbedTLS.vcxproj | 2 ++ 5 files changed, 57 insertions(+) create mode 100644 library/psa_crypto_cipher.c create mode 100644 library/psa_crypto_cipher.h diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 2b2672e2c..cff4cf975 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -61,6 +61,7 @@ set(src_crypto platform_util.c poly1305.c psa_crypto.c + psa_crypto_cipher.c psa_crypto_client.c psa_crypto_driver_wrappers.c psa_crypto_ecp.c diff --git a/library/Makefile b/library/Makefile index e9829cc4c..55af96e8f 100644 --- a/library/Makefile +++ b/library/Makefile @@ -118,6 +118,7 @@ OBJS_CRYPTO= \ platform_util.o \ poly1305.o \ psa_crypto.o \ + psa_crypto_cipher.o \ psa_crypto_client.o \ psa_crypto_driver_wrappers.o \ psa_crypto_ecp.o \ diff --git a/library/psa_crypto_cipher.c b/library/psa_crypto_cipher.c new file mode 100644 index 000000000..d6ad9025d --- /dev/null +++ b/library/psa_crypto_cipher.c @@ -0,0 +1,27 @@ +/* + * PSA cipher driver entry points + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "common.h" + +#if defined(MBEDTLS_PSA_CRYPTO_C) + +#include + +#endif /* MBEDTLS_PSA_CRYPTO_C */ diff --git a/library/psa_crypto_cipher.h b/library/psa_crypto_cipher.h new file mode 100644 index 000000000..223da775d --- /dev/null +++ b/library/psa_crypto_cipher.h @@ -0,0 +1,26 @@ +/* + * PSA cipher driver entry points + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef PSA_CRYPTO_CIPHER_H +#define PSA_CRYPTO_CIPHER_H + +#include + +#endif /* PSA_CRYPTO_CIPHER_H */ diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj index 7a013443f..0db6c4c7e 100644 --- a/visualc/VS2010/mbedTLS.vcxproj +++ b/visualc/VS2010/mbedTLS.vcxproj @@ -250,6 +250,7 @@ + @@ -324,6 +325,7 @@ + From 590d3e56e918c477d88812368538bd6c19cbd7a9 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 1 Oct 2020 16:14:50 +0200 Subject: [PATCH 03/28] psa: Rework psa_cipher_setup (1) Rework psa_cipher_setup in preparation of calling the cipher setup based on cipher.c through the interface of a PSA driver cipher_setup entry point. Signed-off-by: Ronald Cron --- library/psa_crypto.c | 27 +++++++++++++++++---------- 1 file changed, 17 insertions(+), 10 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index b9369feab..91ab85b93 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3441,6 +3441,12 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation, psa_key_lifetime_is_external( slot->attr.lifetime ) ) goto exit; + psa_key_attributes_t attributes = { + .core = slot->attr + }; + const uint8_t *key_buffer = slot->key.data; + psa_key_type_t key_type = attributes.core.type; + /* Proceed with initializing an mbed TLS cipher context if no driver is * available for the given algorithm & key. */ mbedtls_cipher_init( &operation->ctx.cipher ); @@ -3452,8 +3458,9 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation, operation->alg = alg; operation->mbedtls_in_use = 1; - key_bits = psa_get_key_slot_bits( slot ); - cipher_info = mbedtls_cipher_info_from_psa( alg, slot->attr.type, key_bits, NULL ); + key_bits = attributes.core.bits; + cipher_info = mbedtls_cipher_info_from_psa( alg, key_type, + key_bits, NULL ); if( cipher_info == NULL ) { status = PSA_ERROR_NOT_SUPPORTED; @@ -3465,12 +3472,12 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation, goto exit; #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES) - if( slot->attr.type == PSA_KEY_TYPE_DES && key_bits == 128 ) + if( key_type == PSA_KEY_TYPE_DES && key_bits == 128 ) { /* Two-key Triple-DES is 3-key Triple-DES with K1=K3 */ uint8_t keys[24]; - memcpy( keys, slot->key.data, 16 ); - memcpy( keys + 16, slot->key.data, 8 ); + memcpy( keys, key_buffer, 16 ); + memcpy( keys + 16, key_buffer, 8 ); ret = mbedtls_cipher_setkey( &operation->ctx.cipher, keys, 192, cipher_operation ); @@ -3478,8 +3485,7 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation, else #endif { - ret = mbedtls_cipher_setkey( &operation->ctx.cipher, - slot->key.data, + ret = mbedtls_cipher_setkey( &operation->ctx.cipher, key_buffer, (int) key_bits, cipher_operation ); } if( ret != 0 ) @@ -3507,15 +3513,16 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation, #endif /* MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING || MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7 */ operation->block_size = ( PSA_ALG_IS_STREAM_CIPHER( alg ) ? 1 : - PSA_BLOCK_CIPHER_BLOCK_LENGTH( slot->attr.type ) ); + PSA_BLOCK_CIPHER_BLOCK_LENGTH( key_type ) ); if( ( alg & PSA_ALG_CIPHER_FROM_BLOCK_FLAG ) != 0 && alg != PSA_ALG_ECB_NO_PADDING ) { - operation->iv_size = PSA_BLOCK_CIPHER_BLOCK_LENGTH( slot->attr.type ); + operation->iv_size = PSA_BLOCK_CIPHER_BLOCK_LENGTH( key_type ); } #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_CHACHA20) else - if( alg == PSA_ALG_STREAM_CIPHER && slot->attr.type == PSA_KEY_TYPE_CHACHA20 ) + if( ( alg == PSA_ALG_STREAM_CIPHER ) && + ( key_type == PSA_KEY_TYPE_CHACHA20 ) ) operation->iv_size = 12; #endif From ab99ac2f33158da9e7d0af12a9bf196ec913b2fc Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 1 Oct 2020 16:38:28 +0200 Subject: [PATCH 04/28] psa: Rework psa_cipher_setup (2) Split out the cipher setup based on cipher.c in psa_cipher_setup_internal() whose signature is that of a PSA driver cipher_setup entry point. Signed-off-by: Ronald Cron --- library/psa_crypto.c | 150 +++++++++++++++++++++++-------------------- 1 file changed, 80 insertions(+), 70 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 91ab85b93..3c8b97dbe 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3379,73 +3379,19 @@ exit: /* Symmetric cryptography */ /****************************************************************/ -static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation, - mbedtls_svc_key_id_t key, - psa_algorithm_t alg, - mbedtls_operation_t cipher_operation ) +static psa_status_t psa_cipher_setup_internal( + psa_cipher_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, + mbedtls_operation_t cipher_operation ) { - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; int ret = 0; - psa_key_slot_t *slot; size_t key_bits; const mbedtls_cipher_info_t *cipher_info = NULL; - psa_key_usage_t usage = ( cipher_operation == MBEDTLS_ENCRYPT ? - PSA_KEY_USAGE_ENCRYPT : - PSA_KEY_USAGE_DECRYPT ); + psa_key_type_t key_type = attributes->core.type; - /* A context must be freshly initialized before it can be set up. */ - if( operation->alg != 0 ) - return( PSA_ERROR_BAD_STATE ); - - /* The requested algorithm must be one that can be processed by cipher. */ - if( ! PSA_ALG_IS_CIPHER( alg ) ) - return( PSA_ERROR_INVALID_ARGUMENT ); - - /* Fetch key material from key storage. */ - status = psa_get_and_lock_key_slot_with_policy( key, &slot, usage, alg ); - if( status != PSA_SUCCESS ) - goto exit; - - /* Initialize the operation struct members, except for alg. The alg member - * is used to indicate to psa_cipher_abort that there are resources to free, - * so we only set it after resources have been allocated/initialized. */ - operation->key_set = 0; - operation->iv_set = 0; - operation->mbedtls_in_use = 0; - operation->iv_size = 0; - operation->block_size = 0; - if( alg == PSA_ALG_ECB_NO_PADDING ) - operation->iv_required = 0; - else - operation->iv_required = 1; - - /* Try doing the operation through a driver before using software fallback. */ - if( cipher_operation == MBEDTLS_ENCRYPT ) - status = psa_driver_wrapper_cipher_encrypt_setup( &operation->ctx.driver, - slot, - alg ); - else - status = psa_driver_wrapper_cipher_decrypt_setup( &operation->ctx.driver, - slot, - alg ); - - if( status == PSA_SUCCESS ) - { - /* Once the driver context is initialised, it needs to be freed using - * psa_cipher_abort. Indicate this through setting alg. */ - operation->alg = alg; - } - - if( status != PSA_ERROR_NOT_SUPPORTED || - psa_key_lifetime_is_external( slot->attr.lifetime ) ) - goto exit; - - psa_key_attributes_t attributes = { - .core = slot->attr - }; - const uint8_t *key_buffer = slot->key.data; - psa_key_type_t key_type = attributes.core.type; + (void)key_buffer_size; /* Proceed with initializing an mbed TLS cipher context if no driver is * available for the given algorithm & key. */ @@ -3458,14 +3404,11 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation, operation->alg = alg; operation->mbedtls_in_use = 1; - key_bits = attributes.core.bits; + key_bits = attributes->core.bits; cipher_info = mbedtls_cipher_info_from_psa( alg, key_type, key_bits, NULL ); if( cipher_info == NULL ) - { - status = PSA_ERROR_NOT_SUPPORTED; - goto exit; - } + return( PSA_ERROR_NOT_SUPPORTED ); ret = mbedtls_cipher_setup( &operation->ctx.cipher, cipher_info ); if( ret != 0 ) @@ -3526,11 +3469,78 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation, operation->iv_size = 12; #endif - status = PSA_SUCCESS; +exit: + return( mbedtls_to_psa_error( ret ) ); +} + +static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation, + mbedtls_svc_key_id_t key, + psa_algorithm_t alg, + mbedtls_operation_t cipher_operation ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; + psa_key_slot_t *slot; + psa_key_usage_t usage = ( cipher_operation == MBEDTLS_ENCRYPT ? + PSA_KEY_USAGE_ENCRYPT : + PSA_KEY_USAGE_DECRYPT ); + + /* A context must be freshly initialized before it can be set up. */ + if( operation->alg != 0 ) + return( PSA_ERROR_BAD_STATE ); + + /* The requested algorithm must be one that can be processed by cipher. */ + if( ! PSA_ALG_IS_CIPHER( alg ) ) + return( PSA_ERROR_INVALID_ARGUMENT ); + + /* Fetch key material from key storage. */ + status = psa_get_and_lock_key_slot_with_policy( key, &slot, usage, alg ); + if( status != PSA_SUCCESS ) + goto exit; + + /* Initialize the operation struct members, except for alg. The alg member + * is used to indicate to psa_cipher_abort that there are resources to free, + * so we only set it after resources have been allocated/initialized. */ + operation->key_set = 0; + operation->iv_set = 0; + operation->mbedtls_in_use = 0; + operation->iv_size = 0; + operation->block_size = 0; + if( alg == PSA_ALG_ECB_NO_PADDING ) + operation->iv_required = 0; + else + operation->iv_required = 1; + + /* Try doing the operation through a driver before using software fallback. */ + if( cipher_operation == MBEDTLS_ENCRYPT ) + status = psa_driver_wrapper_cipher_encrypt_setup( &operation->ctx.driver, + slot, + alg ); + else + status = psa_driver_wrapper_cipher_decrypt_setup( &operation->ctx.driver, + slot, + alg ); + + if( status == PSA_SUCCESS ) + { + /* Once the driver context is initialized, it needs to be freed using + * psa_cipher_abort. Indicate this through setting alg. */ + operation->alg = alg; + } + + if( status != PSA_ERROR_NOT_SUPPORTED || + psa_key_lifetime_is_external( slot->attr.lifetime ) ) + goto exit; + + psa_key_attributes_t attributes = { + .core = slot->attr + }; + status = psa_cipher_setup_internal( operation, &attributes, + slot->key.data, + slot->key.bytes, + alg, cipher_operation ); exit: - if( ret != 0 ) - status = mbedtls_to_psa_error( ret ); if( status == PSA_SUCCESS ) { /* Update operation flags for both driver and software implementations */ From 7986f7e14bab46b47b7b63485b1bbb719bebf043 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 9 Mar 2021 10:03:08 +0100 Subject: [PATCH 05/28] psa: Export "internally" mbedtls_cipher_info_from_psa Export "internally" mbedtls_cipher_info_from_psa to be able to use it in psa_crypto_cipher.c. Signed-off-by: Ronald Cron --- library/psa_crypto.c | 2 +- library/psa_crypto_core.h | 16 ++++++++++++++++ 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 3c8b97dbe..94d0c05c2 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -2310,7 +2310,7 @@ psa_status_t psa_hash_clone( const psa_hash_operation_t *source_operation, /* MAC */ /****************************************************************/ -static const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa( +const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa( psa_algorithm_t alg, psa_key_type_t key_type, size_t key_bits, diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h index ec7ac8049..f949c7188 100644 --- a/library/psa_crypto_core.h +++ b/library/psa_crypto_core.h @@ -212,6 +212,22 @@ psa_status_t psa_copy_key_material_into_slot( psa_key_slot_t *slot, */ psa_status_t mbedtls_to_psa_error( int ret ); +/** Get Mbed TLS cipher information given the cipher algorithm PSA identifier + * as well as the PSA type and size of the key to be used with the cipher + * algorithm. + * + * \param alg PSA cipher algorithm identifier + * \param key_type PSA key type + * \param key_bits Size of the key in bits + * \param[out] cipher_id Mbed TLS cipher algorithm identifier + * + * \return The Mbed TLS cipher information of the cipher algorithm. + * \c NULL if the PSA cipher algorithm is not supported. + */ +const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa( + psa_algorithm_t alg, psa_key_type_t key_type, size_t key_bits, + mbedtls_cipher_id_t *cipher_id ); + /** Import a key in binary format. * * \note The signature of this function is that of a PSA driver From d6d28885f0b06f4d126ef64ba9e4016b3cf510cc Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 14 Dec 2020 14:56:02 +0100 Subject: [PATCH 06/28] psa: Add mbedtls_psa_cipher_encrypt/decrypt_setup functions Signed-off-by: Ronald Cron --- library/psa_crypto.c | 110 ++++----------------------------- library/psa_crypto_cipher.c | 119 ++++++++++++++++++++++++++++++++++++ library/psa_crypto_cipher.h | 60 ++++++++++++++++++ 3 files changed, 191 insertions(+), 98 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 94d0c05c2..1c9905c9f 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -29,6 +29,7 @@ #include "psa_crypto_service_integration.h" #include "psa/crypto.h" +#include "psa_crypto_cipher.h" #include "psa_crypto_core.h" #include "psa_crypto_invasive.h" #include "psa_crypto_driver_wrappers.h" @@ -3379,100 +3380,6 @@ exit: /* Symmetric cryptography */ /****************************************************************/ -static psa_status_t psa_cipher_setup_internal( - psa_cipher_operation_t *operation, - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, size_t key_buffer_size, - psa_algorithm_t alg, - mbedtls_operation_t cipher_operation ) -{ - int ret = 0; - size_t key_bits; - const mbedtls_cipher_info_t *cipher_info = NULL; - psa_key_type_t key_type = attributes->core.type; - - (void)key_buffer_size; - - /* Proceed with initializing an mbed TLS cipher context if no driver is - * available for the given algorithm & key. */ - mbedtls_cipher_init( &operation->ctx.cipher ); - - /* Once the cipher context is initialised, it needs to be freed using - * psa_cipher_abort. Indicate there is something to be freed through setting - * alg, and indicate the operation is being done using mbedtls crypto through - * setting mbedtls_in_use. */ - operation->alg = alg; - operation->mbedtls_in_use = 1; - - key_bits = attributes->core.bits; - cipher_info = mbedtls_cipher_info_from_psa( alg, key_type, - key_bits, NULL ); - if( cipher_info == NULL ) - return( PSA_ERROR_NOT_SUPPORTED ); - - ret = mbedtls_cipher_setup( &operation->ctx.cipher, cipher_info ); - if( ret != 0 ) - goto exit; - -#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES) - if( key_type == PSA_KEY_TYPE_DES && key_bits == 128 ) - { - /* Two-key Triple-DES is 3-key Triple-DES with K1=K3 */ - uint8_t keys[24]; - memcpy( keys, key_buffer, 16 ); - memcpy( keys + 16, key_buffer, 8 ); - ret = mbedtls_cipher_setkey( &operation->ctx.cipher, - keys, - 192, cipher_operation ); - } - else -#endif - { - ret = mbedtls_cipher_setkey( &operation->ctx.cipher, key_buffer, - (int) key_bits, cipher_operation ); - } - if( ret != 0 ) - goto exit; - -#if defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7) - switch( alg ) - { - case PSA_ALG_CBC_NO_PADDING: - ret = mbedtls_cipher_set_padding_mode( &operation->ctx.cipher, - MBEDTLS_PADDING_NONE ); - break; - case PSA_ALG_CBC_PKCS7: - ret = mbedtls_cipher_set_padding_mode( &operation->ctx.cipher, - MBEDTLS_PADDING_PKCS7 ); - break; - default: - /* The algorithm doesn't involve padding. */ - ret = 0; - break; - } - if( ret != 0 ) - goto exit; -#endif /* MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING || MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7 */ - - operation->block_size = ( PSA_ALG_IS_STREAM_CIPHER( alg ) ? 1 : - PSA_BLOCK_CIPHER_BLOCK_LENGTH( key_type ) ); - if( ( alg & PSA_ALG_CIPHER_FROM_BLOCK_FLAG ) != 0 && - alg != PSA_ALG_ECB_NO_PADDING ) - { - operation->iv_size = PSA_BLOCK_CIPHER_BLOCK_LENGTH( key_type ); - } -#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_CHACHA20) - else - if( ( alg == PSA_ALG_STREAM_CIPHER ) && - ( key_type == PSA_KEY_TYPE_CHACHA20 ) ) - operation->iv_size = 12; -#endif - -exit: - return( mbedtls_to_psa_error( ret ) ); -} - static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation, mbedtls_svc_key_id_t key, psa_algorithm_t alg, @@ -3535,10 +3442,17 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation, psa_key_attributes_t attributes = { .core = slot->attr }; - status = psa_cipher_setup_internal( operation, &attributes, - slot->key.data, - slot->key.bytes, - alg, cipher_operation ); + /* Try doing the operation through a driver before using software fallback. */ + if( cipher_operation == MBEDTLS_ENCRYPT ) + status = mbedtls_psa_cipher_encrypt_setup( operation, &attributes, + slot->key.data, + slot->key.bytes, + alg ); + else + status = mbedtls_psa_cipher_decrypt_setup( operation, &attributes, + slot->key.data, + slot->key.bytes, + alg ); exit: if( status == PSA_SUCCESS ) diff --git a/library/psa_crypto_cipher.c b/library/psa_crypto_cipher.c index d6ad9025d..73a2dabf8 100644 --- a/library/psa_crypto_cipher.c +++ b/library/psa_crypto_cipher.c @@ -23,5 +23,124 @@ #if defined(MBEDTLS_PSA_CRYPTO_C) #include +#include "psa_crypto_core.h" +#include "mbedtls/cipher.h" +#include + +static psa_status_t cipher_setup( + psa_cipher_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, + mbedtls_operation_t cipher_operation ) +{ + int ret = 0; + size_t key_bits; + const mbedtls_cipher_info_t *cipher_info = NULL; + psa_key_type_t key_type = attributes->core.type; + + (void)key_buffer_size; + + /* Proceed with initializing an mbed TLS cipher context if no driver is + * available for the given algorithm & key. */ + mbedtls_cipher_init( &operation->ctx.cipher ); + + /* Once the cipher context is initialised, it needs to be freed using + * psa_cipher_abort. Indicate there is something to be freed through setting + * alg, and indicate the operation is being done using mbedtls crypto through + * setting mbedtls_in_use. */ + operation->alg = alg; + operation->mbedtls_in_use = 1; + + key_bits = attributes->core.bits; + cipher_info = mbedtls_cipher_info_from_psa( alg, key_type, + key_bits, NULL ); + if( cipher_info == NULL ) + return( PSA_ERROR_NOT_SUPPORTED ); + + ret = mbedtls_cipher_setup( &operation->ctx.cipher, cipher_info ); + if( ret != 0 ) + goto exit; + +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES) + if( key_type == PSA_KEY_TYPE_DES && key_bits == 128 ) + { + /* Two-key Triple-DES is 3-key Triple-DES with K1=K3 */ + uint8_t keys[24]; + memcpy( keys, key_buffer, 16 ); + memcpy( keys + 16, key_buffer, 8 ); + ret = mbedtls_cipher_setkey( &operation->ctx.cipher, + keys, + 192, cipher_operation ); + } + else +#endif + { + ret = mbedtls_cipher_setkey( &operation->ctx.cipher, key_buffer, + (int) key_bits, cipher_operation ); + } + if( ret != 0 ) + goto exit; + +#if defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7) + switch( alg ) + { + case PSA_ALG_CBC_NO_PADDING: + ret = mbedtls_cipher_set_padding_mode( &operation->ctx.cipher, + MBEDTLS_PADDING_NONE ); + break; + case PSA_ALG_CBC_PKCS7: + ret = mbedtls_cipher_set_padding_mode( &operation->ctx.cipher, + MBEDTLS_PADDING_PKCS7 ); + break; + default: + /* The algorithm doesn't involve padding. */ + ret = 0; + break; + } + if( ret != 0 ) + goto exit; +#endif /* MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING || MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7 */ + + operation->block_size = ( PSA_ALG_IS_STREAM_CIPHER( alg ) ? 1 : + PSA_BLOCK_CIPHER_BLOCK_LENGTH( key_type ) ); + if( ( alg & PSA_ALG_CIPHER_FROM_BLOCK_FLAG ) != 0 && + alg != PSA_ALG_ECB_NO_PADDING ) + { + operation->iv_size = PSA_BLOCK_CIPHER_BLOCK_LENGTH( key_type ); + } +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_CHACHA20) + else + if( ( alg == PSA_ALG_STREAM_CIPHER ) && + ( key_type == PSA_KEY_TYPE_CHACHA20 ) ) + operation->iv_size = 12; +#endif + +exit: + return( mbedtls_to_psa_error( ret ) ); +} + +psa_status_t mbedtls_psa_cipher_encrypt_setup( + psa_cipher_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg ) +{ + return( cipher_setup( operation, attributes, + key_buffer, key_buffer_size, + alg, MBEDTLS_ENCRYPT ) ); +} + +psa_status_t mbedtls_psa_cipher_decrypt_setup( + psa_cipher_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg ) +{ + return( cipher_setup( operation, attributes, + key_buffer, key_buffer_size, + alg, MBEDTLS_DECRYPT ) ); +} #endif /* MBEDTLS_PSA_CRYPTO_C */ diff --git a/library/psa_crypto_cipher.h b/library/psa_crypto_cipher.h index 223da775d..e3231fc7c 100644 --- a/library/psa_crypto_cipher.h +++ b/library/psa_crypto_cipher.h @@ -23,4 +23,64 @@ #include +/** + * \brief Set the key for a multipart symmetric encryption operation. + * + * \note The signature of this function is that of a PSA driver + * cipher_encrypt_setup entry point. This function behaves as a + * cipher_encrypt_setup entry point as defined in the PSA driver + * interface specification for transparent drivers. + * + * \param[in,out] operation The operation object to set up. It has been + * initialized as per the documentation for + * #psa_cipher_operation_t and not yet in use. + * \param[in] attributes The attributes of the key to use for the + * operation. + * \param[in] key_buffer The buffer containing the key context. + * \param[in] key_buffer_size Size of the \p key_buffer buffer in bytes. + * \param[in] alg The cipher algorithm to compute + * (\c PSA_ALG_XXX value such that + * #PSA_ALG_IS_CIPHER(\p alg) is true). + * + * \retval #PSA_SUCCESS + * \retval #PSA_ERROR_NOT_SUPPORTED + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_CORRUPTION_DETECTED + */ +psa_status_t mbedtls_psa_cipher_encrypt_setup( + psa_cipher_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg ); + +/** + * \brief Set the key for a multipart symmetric decryption operation. + * + * \note The signature of this function is that of a PSA driver + * cipher_decrypt_setup entry point. This function behaves as a + * cipher_decrypt_setup entry point as defined in the PSA driver + * interface specification for transparent drivers. + * + * \param[in,out] operation The operation object to set up. It has been + * initialized as per the documentation for + * #psa_cipher_operation_t and not yet in use. + * \param[in] attributes The attributes of the key to use for the + * operation. + * \param[in] key_buffer The buffer containing the key context. + * \param[in] key_buffer_size Size of the \p key_buffer buffer in bytes. + * \param[in] alg The cipher algorithm to compute + * (\c PSA_ALG_XXX value such that + * #PSA_ALG_IS_CIPHER(\p alg) is true). + * + * \retval #PSA_SUCCESS + * \retval #PSA_ERROR_NOT_SUPPORTED + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_CORRUPTION_DETECTED + */ +psa_status_t mbedtls_psa_cipher_decrypt_setup( + psa_cipher_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg ); + #endif /* PSA_CRYPTO_CIPHER_H */ From a4af55f14f132530e8e7449dd63b8af9652a335e Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 14 Dec 2020 14:36:06 +0100 Subject: [PATCH 07/28] psa: driver wrapper: Change cipher_*_setup signatures Change the signature of psa_driver_wrapper_cipher_encrypt/decrypt_setup to that of a PSA driver cipher_encrypt/decrypt_setup entry point. Change the operation context to the PSA one to be able to call the software implementation from the driver wrapper later on. Signed-off-by: Ronald Cron --- library/psa_crypto.c | 19 ++-- library/psa_crypto_driver_wrappers.c | 138 +++++++++++++++------------ library/psa_crypto_driver_wrappers.h | 10 +- 3 files changed, 94 insertions(+), 73 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 1c9905c9f..399b37cea 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3418,14 +3418,22 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation, else operation->iv_required = 1; + psa_key_attributes_t attributes = { + .core = slot->attr + }; + /* Try doing the operation through a driver before using software fallback. */ if( cipher_operation == MBEDTLS_ENCRYPT ) - status = psa_driver_wrapper_cipher_encrypt_setup( &operation->ctx.driver, - slot, + status = psa_driver_wrapper_cipher_encrypt_setup( operation, + &attributes, + slot->key.data, + slot->key.bytes, alg ); else - status = psa_driver_wrapper_cipher_decrypt_setup( &operation->ctx.driver, - slot, + status = psa_driver_wrapper_cipher_decrypt_setup( operation, + &attributes, + slot->key.data, + slot->key.bytes, alg ); if( status == PSA_SUCCESS ) @@ -3439,9 +3447,6 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation, psa_key_lifetime_is_external( slot->attr.lifetime ) ) goto exit; - psa_key_attributes_t attributes = { - .core = slot->attr - }; /* Try doing the operation through a driver before using software fallback. */ if( cipher_operation == MBEDTLS_ENCRYPT ) status = mbedtls_psa_cipher_encrypt_setup( operation, &attributes, diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index 9fbc61023..0c5546324 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -710,16 +710,16 @@ psa_status_t psa_driver_wrapper_cipher_decrypt( } psa_status_t psa_driver_wrapper_cipher_encrypt_setup( - psa_operation_driver_context_t *operation, - psa_key_slot_t *slot, + psa_cipher_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg ) { #if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; - psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime); - psa_key_attributes_t attributes = { - .core = slot->attr - }; + psa_key_location_t location = + PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); + void *driver_ctx = NULL; switch( location ) { @@ -727,25 +727,28 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup( /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_DRIVER_TEST) - operation->ctx = mbedtls_calloc( 1, sizeof(test_transparent_cipher_operation_t) ); - if( operation->ctx == NULL ) + driver_ctx = mbedtls_calloc( 1, + sizeof( test_transparent_cipher_operation_t ) ); + if( driver_ctx == NULL ) return PSA_ERROR_INSUFFICIENT_MEMORY; - status = test_transparent_cipher_encrypt_setup( operation->ctx, - &attributes, - slot->key.data, - slot->key.bytes, + status = test_transparent_cipher_encrypt_setup( driver_ctx, + attributes, + key_buffer, + key_buffer_size, alg ); /* Declared with fallback == true */ if( status == PSA_SUCCESS ) - operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID; + { + operation->ctx.driver.id = + PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID; + operation->ctx.driver.ctx = driver_ctx; + } else { - mbedtls_platform_zeroize( - operation->ctx, + mbedtls_platform_zeroize( driver_ctx, sizeof( test_transparent_cipher_operation_t ) ); - mbedtls_free( operation->ctx ); - operation->ctx = NULL; + mbedtls_free( driver_ctx ); } return( status ); @@ -755,24 +758,26 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup( /* Add cases for opaque driver here */ #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TEST_DRIVER_LIFETIME: - operation->ctx = mbedtls_calloc( 1, sizeof(test_opaque_cipher_operation_t) ); - if( operation->ctx == NULL ) + driver_ctx = + mbedtls_calloc( 1, sizeof(test_opaque_cipher_operation_t) ); + if( driver_ctx == NULL ) return( PSA_ERROR_INSUFFICIENT_MEMORY ); - status = test_opaque_cipher_encrypt_setup( operation->ctx, - &attributes, - slot->key.data, - slot->key.bytes, + status = test_opaque_cipher_encrypt_setup( driver_ctx, + attributes, + key_buffer, + key_buffer_size, alg ); if( status == PSA_SUCCESS ) - operation->id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID; + { + operation->ctx.driver.id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID; + operation->ctx.driver.ctx = driver_ctx; + } else { mbedtls_platform_zeroize( - operation->ctx, - sizeof( test_opaque_cipher_operation_t ) ); - mbedtls_free( operation->ctx ); - operation->ctx = NULL; + driver_ctx, sizeof( test_opaque_cipher_operation_t ) ); + mbedtls_free( driver_ctx ); } return( status ); @@ -782,25 +787,27 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup( return( PSA_ERROR_INVALID_ARGUMENT ); } #else /* PSA_CRYPTO_DRIVER_PRESENT */ - (void)slot; - (void)alg; (void)operation; + (void)attributes; + (void)key_buffer; + (void)key_buffer_size; + (void)alg; return( PSA_ERROR_NOT_SUPPORTED ); #endif /* PSA_CRYPTO_DRIVER_PRESENT */ } psa_status_t psa_driver_wrapper_cipher_decrypt_setup( - psa_operation_driver_context_t *operation, - psa_key_slot_t *slot, + psa_cipher_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg ) { #if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; - psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime); - psa_key_attributes_t attributes = { - .core = slot->attr - }; + psa_key_location_t location = + PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); + void *driver_ctx = NULL; switch( location ) { @@ -808,25 +815,28 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup( /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_DRIVER_TEST) - operation->ctx = mbedtls_calloc( 1, sizeof(test_transparent_cipher_operation_t) ); - if( operation->ctx == NULL ) - return( PSA_ERROR_INSUFFICIENT_MEMORY ); + driver_ctx = mbedtls_calloc( 1, + sizeof( test_transparent_cipher_operation_t ) ); + if( driver_ctx == NULL ) + return PSA_ERROR_INSUFFICIENT_MEMORY; - status = test_transparent_cipher_decrypt_setup( operation->ctx, - &attributes, - slot->key.data, - slot->key.bytes, + status = test_transparent_cipher_decrypt_setup( driver_ctx, + attributes, + key_buffer, + key_buffer_size, alg ); /* Declared with fallback == true */ if( status == PSA_SUCCESS ) - operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID; + { + operation->ctx.driver.id = + PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID; + operation->ctx.driver.ctx = driver_ctx; + } else { - mbedtls_platform_zeroize( - operation->ctx, + mbedtls_platform_zeroize( driver_ctx, sizeof( test_transparent_cipher_operation_t ) ); - mbedtls_free( operation->ctx ); - operation->ctx = NULL; + mbedtls_free( driver_ctx ); } return( status ); @@ -836,24 +846,26 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup( /* Add cases for opaque driver here */ #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TEST_DRIVER_LIFETIME: - operation->ctx = mbedtls_calloc( 1, sizeof(test_opaque_cipher_operation_t) ); - if( operation->ctx == NULL ) - return PSA_ERROR_INSUFFICIENT_MEMORY; + driver_ctx = + mbedtls_calloc( 1, sizeof(test_opaque_cipher_operation_t) ); + if( driver_ctx == NULL ) + return( PSA_ERROR_INSUFFICIENT_MEMORY ); - status = test_opaque_cipher_decrypt_setup( operation->ctx, - &attributes, - slot->key.data, - slot->key.bytes, + status = test_opaque_cipher_decrypt_setup( driver_ctx, + attributes, + key_buffer, + key_buffer_size, alg ); if( status == PSA_SUCCESS ) - operation->id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID; + { + operation->ctx.driver.id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID; + operation->ctx.driver.ctx = driver_ctx; + } else { mbedtls_platform_zeroize( - operation->ctx, - sizeof( test_opaque_cipher_operation_t ) ); - mbedtls_free( operation->ctx ); - operation->ctx = NULL; + driver_ctx, sizeof( test_opaque_cipher_operation_t ) ); + mbedtls_free( driver_ctx ); } return( status ); @@ -863,9 +875,11 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup( return( PSA_ERROR_INVALID_ARGUMENT ); } #else /* PSA_CRYPTO_DRIVER_PRESENT */ - (void)slot; - (void)alg; (void)operation; + (void)attributes; + (void)key_buffer; + (void)key_buffer_size; + (void)alg; return( PSA_ERROR_NOT_SUPPORTED ); #endif /* PSA_CRYPTO_DRIVER_PRESENT */ diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h index dd7c6c7a1..e3b59f742 100644 --- a/library/psa_crypto_driver_wrappers.h +++ b/library/psa_crypto_driver_wrappers.h @@ -90,13 +90,15 @@ psa_status_t psa_driver_wrapper_cipher_decrypt( size_t *output_length ); psa_status_t psa_driver_wrapper_cipher_encrypt_setup( - psa_operation_driver_context_t *operation, - psa_key_slot_t *slot, + psa_cipher_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg ); psa_status_t psa_driver_wrapper_cipher_decrypt_setup( - psa_operation_driver_context_t *operation, - psa_key_slot_t *slot, + psa_cipher_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg ); psa_status_t psa_driver_wrapper_cipher_generate_iv( From 0b8055982724a2bd6ef8424e120ca782fe34080b Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 14 Dec 2020 18:08:20 +0100 Subject: [PATCH 08/28] psa: Call cipher setup implementation as a driver Signed-off-by: Ronald Cron --- library/psa_crypto.c | 16 --------- library/psa_crypto_driver_wrappers.c | 54 +++++++++++++++------------- 2 files changed, 29 insertions(+), 41 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 399b37cea..b26a98840 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3443,22 +3443,6 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation, operation->alg = alg; } - if( status != PSA_ERROR_NOT_SUPPORTED || - psa_key_lifetime_is_external( slot->attr.lifetime ) ) - goto exit; - - /* Try doing the operation through a driver before using software fallback. */ - if( cipher_operation == MBEDTLS_ENCRYPT ) - status = mbedtls_psa_cipher_encrypt_setup( operation, &attributes, - slot->key.data, - slot->key.bytes, - alg ); - else - status = mbedtls_psa_cipher_decrypt_setup( operation, &attributes, - slot->key.data, - slot->key.bytes, - alg ); - exit: if( status == PSA_SUCCESS ) { diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index 0c5546324..7960a08d6 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -19,6 +19,7 @@ * limitations under the License. */ +#include "psa_crypto_cipher.h" #include "psa_crypto_core.h" #include "psa_crypto_driver_wrappers.h" #include "psa_crypto_hash.h" @@ -715,8 +716,7 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup( const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg ) { -#if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) - psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); void *driver_ctx = NULL; @@ -726,6 +726,7 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup( case PSA_KEY_LOCATION_LOCAL_STORAGE: /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) driver_ctx = mbedtls_calloc( 1, sizeof( test_transparent_cipher_operation_t ) ); @@ -751,11 +752,19 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup( mbedtls_free( driver_ctx ); } - return( status ); + if( status != PSA_ERROR_NOT_SUPPORTED ) + return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ /* Fell through, meaning no accelerator supports this operation */ - return( PSA_ERROR_NOT_SUPPORTED ); + return( mbedtls_psa_cipher_encrypt_setup( operation, + attributes, + key_buffer, + key_buffer_size, + alg ) ); + /* Add cases for opaque driver here */ +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TEST_DRIVER_LIFETIME: driver_ctx = @@ -782,19 +791,13 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup( return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ default: /* Key is declared with a lifetime not known to us */ + (void)status; + (void)driver_ctx; return( PSA_ERROR_INVALID_ARGUMENT ); } -#else /* PSA_CRYPTO_DRIVER_PRESENT */ - (void)operation; - (void)attributes; - (void)key_buffer; - (void)key_buffer_size; - (void)alg; - - return( PSA_ERROR_NOT_SUPPORTED ); -#endif /* PSA_CRYPTO_DRIVER_PRESENT */ } psa_status_t psa_driver_wrapper_cipher_decrypt_setup( @@ -803,7 +806,6 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup( const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg ) { -#if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); @@ -814,6 +816,7 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup( case PSA_KEY_LOCATION_LOCAL_STORAGE: /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) driver_ctx = mbedtls_calloc( 1, sizeof( test_transparent_cipher_operation_t ) ); @@ -839,11 +842,18 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup( mbedtls_free( driver_ctx ); } - return( status ); + if( status != PSA_ERROR_NOT_SUPPORTED ) + return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ /* Fell through, meaning no accelerator supports this operation */ - return( PSA_ERROR_NOT_SUPPORTED ); + return( mbedtls_psa_cipher_decrypt_setup( operation, + attributes, + key_buffer, + key_buffer_size, + alg ) ); /* Add cases for opaque driver here */ +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TEST_DRIVER_LIFETIME: driver_ctx = @@ -870,19 +880,13 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup( return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ default: /* Key is declared with a lifetime not known to us */ + (void)status; + (void)driver_ctx; return( PSA_ERROR_INVALID_ARGUMENT ); } -#else /* PSA_CRYPTO_DRIVER_PRESENT */ - (void)operation; - (void)attributes; - (void)key_buffer; - (void)key_buffer_size; - (void)alg; - - return( PSA_ERROR_NOT_SUPPORTED ); -#endif /* PSA_CRYPTO_DRIVER_PRESENT */ } psa_status_t psa_driver_wrapper_cipher_generate_iv( From 6d05173359fb53eb2a893e6834a221a4262233da Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 1 Oct 2020 14:10:20 +0200 Subject: [PATCH 09/28] psa: Add mbedtls_psa_cipher_xyz() APIs Signed-off-by: Ronald Cron --- library/psa_crypto.c | 219 +++++------------------------------- library/psa_crypto_cipher.c | 219 ++++++++++++++++++++++++++++++++++++ library/psa_crypto_cipher.h | 123 ++++++++++++++++++++ 3 files changed, 371 insertions(+), 190 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index b26a98840..5c867b622 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3476,8 +3476,7 @@ psa_status_t psa_cipher_generate_iv( psa_cipher_operation_t *operation, size_t iv_size, size_t *iv_length ) { - psa_status_t status; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; if( operation->alg == 0 ) { @@ -3495,30 +3494,20 @@ psa_status_t psa_cipher_generate_iv( psa_cipher_operation_t *operation, iv, iv_size, iv_length ); - goto exit; } - - if( iv_size < operation->iv_size ) + else { - status = PSA_ERROR_BUFFER_TOO_SMALL; - goto exit; - } - ret = mbedtls_psa_get_random( MBEDTLS_PSA_RANDOM_STATE, - iv, operation->iv_size ); - if( ret != 0 ) - { - status = mbedtls_to_psa_error( ret ); - goto exit; + status = mbedtls_psa_cipher_generate_iv( operation, + iv, + iv_size, + iv_length ); } - *iv_length = operation->iv_size; - status = psa_cipher_set_iv( operation, iv, *iv_length ); - -exit: if( status == PSA_SUCCESS ) operation->iv_set = 1; else psa_cipher_abort( operation ); + return( status ); } @@ -3526,8 +3515,7 @@ psa_status_t psa_cipher_set_iv( psa_cipher_operation_t *operation, const uint8_t *iv, size_t iv_length ) { - psa_status_t status; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; if( operation->alg == 0 ) { @@ -3544,17 +3532,12 @@ psa_status_t psa_cipher_set_iv( psa_cipher_operation_t *operation, status = psa_driver_wrapper_cipher_set_iv( &operation->ctx.driver, iv, iv_length ); - goto exit; + } + else + { + status = mbedtls_psa_cipher_set_iv( operation, iv, iv_length ); } - if( iv_length != operation->iv_size ) - { - status = PSA_ERROR_INVALID_ARGUMENT; - goto exit; - } - ret = mbedtls_cipher_set_iv( &operation->ctx.cipher, iv, iv_length ); - status = mbedtls_to_psa_error( ret ); -exit: if( status == PSA_SUCCESS ) operation->iv_set = 1; else @@ -3562,94 +3545,6 @@ exit: return( status ); } -/* Process input for which the algorithm is set to ECB mode. This requires - * manual processing, since the PSA API is defined as being able to process - * arbitrary-length calls to psa_cipher_update() with ECB mode, but the - * underlying mbedtls_cipher_update only takes full blocks. */ -static psa_status_t psa_cipher_update_ecb_internal( - mbedtls_cipher_context_t *ctx, - const uint8_t *input, - size_t input_length, - uint8_t *output, - size_t output_size, - size_t *output_length ) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t block_size = ctx->cipher_info->block_size; - size_t internal_output_length = 0; - *output_length = 0; - - if( input_length == 0 ) - { - status = PSA_SUCCESS; - goto exit; - } - - if( ctx->unprocessed_len > 0 ) - { - /* Fill up to block size, and run the block if there's a full one. */ - size_t bytes_to_copy = block_size - ctx->unprocessed_len; - - if( input_length < bytes_to_copy ) - bytes_to_copy = input_length; - - memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), - input, bytes_to_copy ); - input_length -= bytes_to_copy; - input += bytes_to_copy; - ctx->unprocessed_len += bytes_to_copy; - - if( ctx->unprocessed_len == block_size ) - { - status = mbedtls_to_psa_error( - mbedtls_cipher_update( ctx, - ctx->unprocessed_data, - block_size, - output, &internal_output_length ) ); - - if( status != PSA_SUCCESS ) - goto exit; - - output += internal_output_length; - output_size -= internal_output_length; - *output_length += internal_output_length; - ctx->unprocessed_len = 0; - } - } - - while( input_length >= block_size ) - { - /* Run all full blocks we have, one by one */ - status = mbedtls_to_psa_error( - mbedtls_cipher_update( ctx, input, - block_size, - output, &internal_output_length ) ); - - if( status != PSA_SUCCESS ) - goto exit; - - input_length -= block_size; - input += block_size; - - output += internal_output_length; - output_size -= internal_output_length; - *output_length += internal_output_length; - } - - if( input_length > 0 ) - { - /* Save unprocessed bytes for later processing */ - memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), - input, input_length ); - ctx->unprocessed_len += input_length; - } - - status = PSA_SUCCESS; - -exit: - return( status ); -} - psa_status_t psa_cipher_update( psa_cipher_operation_t *operation, const uint8_t *input, size_t input_length, @@ -3658,7 +3553,7 @@ psa_status_t psa_cipher_update( psa_cipher_operation_t *operation, size_t *output_length ) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t expected_output_size; + if( operation->alg == 0 ) { return( PSA_ERROR_BAD_STATE ); @@ -3676,51 +3571,20 @@ psa_status_t psa_cipher_update( psa_cipher_operation_t *operation, output, output_size, output_length ); - goto exit; - } - - if( ! PSA_ALG_IS_STREAM_CIPHER( operation->alg ) ) - { - /* Take the unprocessed partial block left over from previous - * update calls, if any, plus the input to this call. Remove - * the last partial block, if any. You get the data that will be - * output in this call. */ - expected_output_size = - ( operation->ctx.cipher.unprocessed_len + input_length ) - / operation->block_size * operation->block_size; } else { - expected_output_size = input_length; + status = mbedtls_psa_cipher_update( operation, + input, + input_length, + output, + output_size, + output_length ); } - if( output_size < expected_output_size ) - { - status = PSA_ERROR_BUFFER_TOO_SMALL; - goto exit; - } - - if( operation->alg == PSA_ALG_ECB_NO_PADDING ) - { - /* mbedtls_cipher_update has an API inconsistency: it will only - * process a single block at a time in ECB mode. Abstract away that - * inconsistency here to match the PSA API behaviour. */ - status = psa_cipher_update_ecb_internal( &operation->ctx.cipher, - input, - input_length, - output, - output_size, - output_length ); - } - else - { - status = mbedtls_to_psa_error( - mbedtls_cipher_update( &operation->ctx.cipher, input, - input_length, output, output_length ) ); - } -exit: if( status != PSA_SUCCESS ) psa_cipher_abort( operation ); + return( status ); } @@ -3730,7 +3594,7 @@ psa_status_t psa_cipher_finish( psa_cipher_operation_t *operation, size_t *output_length ) { psa_status_t status = PSA_ERROR_GENERIC_ERROR; - uint8_t temp_output_buffer[MBEDTLS_MAX_BLOCK_LENGTH]; + if( operation->alg == 0 ) { return( PSA_ERROR_BAD_STATE ); @@ -3746,37 +3610,15 @@ psa_status_t psa_cipher_finish( psa_cipher_operation_t *operation, output, output_size, output_length ); - goto exit; } - - if( operation->ctx.cipher.unprocessed_len != 0 ) - { - if( operation->alg == PSA_ALG_ECB_NO_PADDING || - operation->alg == PSA_ALG_CBC_NO_PADDING ) - { - status = PSA_ERROR_INVALID_ARGUMENT; - goto exit; - } - } - - status = mbedtls_to_psa_error( - mbedtls_cipher_finish( &operation->ctx.cipher, - temp_output_buffer, - output_length ) ); - if( status != PSA_SUCCESS ) - goto exit; - - if( *output_length == 0 ) - ; /* Nothing to copy. Note that output may be NULL in this case. */ - else if( output_size >= *output_length ) - memcpy( output, temp_output_buffer, *output_length ); else - status = PSA_ERROR_BUFFER_TOO_SMALL; - -exit: - if( operation->mbedtls_in_use == 1 ) - mbedtls_platform_zeroize( temp_output_buffer, sizeof( temp_output_buffer ) ); - + { + status = mbedtls_psa_cipher_finish( operation, + output, + output_size, + output_length ); + } + if( status == PSA_SUCCESS ) return( psa_cipher_abort( operation ) ); else @@ -3806,7 +3648,7 @@ psa_status_t psa_cipher_abort( psa_cipher_operation_t *operation ) if( operation->mbedtls_in_use == 0 ) psa_driver_wrapper_cipher_abort( &operation->ctx.driver ); else - mbedtls_cipher_free( &operation->ctx.cipher ); + mbedtls_psa_cipher_abort( operation ); operation->alg = 0; operation->key_set = 0; @@ -3819,9 +3661,6 @@ psa_status_t psa_cipher_abort( psa_cipher_operation_t *operation ) return( PSA_SUCCESS ); } - - - /****************************************************************/ /* AEAD */ /****************************************************************/ diff --git a/library/psa_crypto_cipher.c b/library/psa_crypto_cipher.c index 73a2dabf8..91d471b2f 100644 --- a/library/psa_crypto_cipher.c +++ b/library/psa_crypto_cipher.c @@ -24,7 +24,10 @@ #include #include "psa_crypto_core.h" +#include "psa_crypto_random_impl.h" + #include "mbedtls/cipher.h" +#include "mbedtls/error.h" #include @@ -143,4 +146,220 @@ psa_status_t mbedtls_psa_cipher_decrypt_setup( key_buffer, key_buffer_size, alg, MBEDTLS_DECRYPT ) ); } + +psa_status_t mbedtls_psa_cipher_generate_iv( + psa_cipher_operation_t *operation, + uint8_t *iv, size_t iv_size, size_t *iv_length ) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + + if( iv_size < operation->iv_size ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + + ret = mbedtls_psa_get_random( MBEDTLS_PSA_RANDOM_STATE, + iv, operation->iv_size ); + if( ret != 0 ) + return( mbedtls_to_psa_error( ret ) ); + + *iv_length = operation->iv_size; + + return( mbedtls_psa_cipher_set_iv( operation, iv, *iv_length ) ); +} + +psa_status_t mbedtls_psa_cipher_set_iv( psa_cipher_operation_t *operation, + const uint8_t *iv, + size_t iv_length ) +{ + if( iv_length != operation->iv_size ) + return( PSA_ERROR_INVALID_ARGUMENT ); + + return( mbedtls_to_psa_error( + mbedtls_cipher_set_iv( &operation->ctx.cipher, + iv, iv_length ) ) ); +} + +/* Process input for which the algorithm is set to ECB mode. This requires + * manual processing, since the PSA API is defined as being able to process + * arbitrary-length calls to psa_cipher_update() with ECB mode, but the + * underlying mbedtls_cipher_update only takes full blocks. */ +static psa_status_t psa_cipher_update_ecb( + mbedtls_cipher_context_t *ctx, + const uint8_t *input, + size_t input_length, + uint8_t *output, + size_t output_size, + size_t *output_length ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + size_t block_size = ctx->cipher_info->block_size; + size_t internal_output_length = 0; + *output_length = 0; + + if( input_length == 0 ) + { + status = PSA_SUCCESS; + goto exit; + } + + if( ctx->unprocessed_len > 0 ) + { + /* Fill up to block size, and run the block if there's a full one. */ + size_t bytes_to_copy = block_size - ctx->unprocessed_len; + + if( input_length < bytes_to_copy ) + bytes_to_copy = input_length; + + memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), + input, bytes_to_copy ); + input_length -= bytes_to_copy; + input += bytes_to_copy; + ctx->unprocessed_len += bytes_to_copy; + + if( ctx->unprocessed_len == block_size ) + { + status = mbedtls_to_psa_error( + mbedtls_cipher_update( ctx, + ctx->unprocessed_data, + block_size, + output, &internal_output_length ) ); + + if( status != PSA_SUCCESS ) + goto exit; + + output += internal_output_length; + output_size -= internal_output_length; + *output_length += internal_output_length; + ctx->unprocessed_len = 0; + } + } + + while( input_length >= block_size ) + { + /* Run all full blocks we have, one by one */ + status = mbedtls_to_psa_error( + mbedtls_cipher_update( ctx, input, + block_size, + output, &internal_output_length ) ); + + if( status != PSA_SUCCESS ) + goto exit; + + input_length -= block_size; + input += block_size; + + output += internal_output_length; + output_size -= internal_output_length; + *output_length += internal_output_length; + } + + if( input_length > 0 ) + { + /* Save unprocessed bytes for later processing */ + memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), + input, input_length ); + ctx->unprocessed_len += input_length; + } + + status = PSA_SUCCESS; + +exit: + return( status ); +} + +psa_status_t mbedtls_psa_cipher_update( psa_cipher_operation_t *operation, + const uint8_t *input, + size_t input_length, + uint8_t *output, + size_t output_size, + size_t *output_length ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + size_t expected_output_size; + + if( ! PSA_ALG_IS_STREAM_CIPHER( operation->alg ) ) + { + /* Take the unprocessed partial block left over from previous + * update calls, if any, plus the input to this call. Remove + * the last partial block, if any. You get the data that will be + * output in this call. */ + expected_output_size = + ( operation->ctx.cipher.unprocessed_len + input_length ) + / operation->block_size * operation->block_size; + } + else + { + expected_output_size = input_length; + } + + if( output_size < expected_output_size ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + + if( operation->alg == PSA_ALG_ECB_NO_PADDING ) + { + /* mbedtls_cipher_update has an API inconsistency: it will only + * process a single block at a time in ECB mode. Abstract away that + * inconsistency here to match the PSA API behaviour. */ + status = psa_cipher_update_ecb( &operation->ctx.cipher, + input, + input_length, + output, + output_size, + output_length ); + } + else + { + status = mbedtls_to_psa_error( + mbedtls_cipher_update( &operation->ctx.cipher, input, + input_length, output, output_length ) ); + } + + return( status ); +} + +psa_status_t mbedtls_psa_cipher_finish( psa_cipher_operation_t *operation, + uint8_t *output, + size_t output_size, + size_t *output_length ) +{ + psa_status_t status = PSA_ERROR_GENERIC_ERROR; + uint8_t temp_output_buffer[MBEDTLS_MAX_BLOCK_LENGTH]; + + if( operation->ctx.cipher.unprocessed_len != 0 ) + { + if( operation->alg == PSA_ALG_ECB_NO_PADDING || + operation->alg == PSA_ALG_CBC_NO_PADDING ) + { + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; + } + } + + status = mbedtls_to_psa_error( + mbedtls_cipher_finish( &operation->ctx.cipher, + temp_output_buffer, + output_length ) ); + if( status != PSA_SUCCESS ) + goto exit; + + if( *output_length == 0 ) + ; /* Nothing to copy. Note that output may be NULL in this case. */ + else if( output_size >= *output_length ) + memcpy( output, temp_output_buffer, *output_length ); + else + status = PSA_ERROR_BUFFER_TOO_SMALL; + +exit: + mbedtls_platform_zeroize( temp_output_buffer, + sizeof( temp_output_buffer ) ); + + return( status ); +} + +psa_status_t mbedtls_psa_cipher_abort( psa_cipher_operation_t *operation ) +{ + mbedtls_cipher_free( &operation->ctx.cipher ); + + return( PSA_SUCCESS ); +} + #endif /* MBEDTLS_PSA_CRYPTO_C */ diff --git a/library/psa_crypto_cipher.h b/library/psa_crypto_cipher.h index e3231fc7c..3a58a8111 100644 --- a/library/psa_crypto_cipher.h +++ b/library/psa_crypto_cipher.h @@ -83,4 +83,127 @@ psa_status_t mbedtls_psa_cipher_decrypt_setup( const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg ); +/** Generate an IV for a symmetric encryption operation. + * + * This function generates a random IV (initialization vector), nonce + * or initial counter value for the encryption operation as appropriate + * for the chosen algorithm, key type and key size. + * + * \note The signature of this function is that of a PSA driver + * cipher_generate_iv entry point. This function behaves as a + * cipher_generate_iv entry point as defined in the PSA driver + * interface specification for transparent drivers. + * + * \param[in,out] operation Active cipher operation. + * \param[out] iv Buffer where the generated IV is to be written. + * \param[in] iv_size Size of the \p iv buffer in bytes. + * \param[out] iv_length On success, the number of bytes of the + * generated IV. + * + * \retval #PSA_SUCCESS + * \retval #PSA_ERROR_BUFFER_TOO_SMALL + * The size of the \p iv buffer is too small. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + */ +psa_status_t mbedtls_psa_cipher_generate_iv( + psa_cipher_operation_t *operation, + uint8_t *iv, size_t iv_size, size_t *iv_length ); + +/** Set the IV for a symmetric encryption or decryption operation. + * + * This function sets the IV (initialization vector), nonce + * or initial counter value for the encryption or decryption operation. + * + * \note The signature of this function is that of a PSA driver + * cipher_set_iv entry point. This function behaves as a + * cipher_set_iv entry point as defined in the PSA driver + * interface specification for transparent drivers. + * + * \param[in,out] operation Active cipher operation. + * \param[in] iv Buffer containing the IV to use. + * \param[in] iv_length Size of the IV in bytes. + * + * \retval #PSA_SUCCESS + * \retval #PSA_ERROR_INVALID_ARGUMENT + * The size of \p iv is not acceptable for the chosen algorithm, + * or the chosen algorithm does not use an IV. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + */ +psa_status_t mbedtls_psa_cipher_set_iv( + psa_cipher_operation_t *operation, + const uint8_t *iv, size_t iv_length ); + +/** Encrypt or decrypt a message fragment in an active cipher operation. + * + * \note The signature of this function is that of a PSA driver + * cipher_update entry point. This function behaves as a + * cipher_update entry point as defined in the PSA driver + * interface specification for transparent drivers. + * + * \param[in,out] operation Active cipher operation. + * \param[in] input Buffer containing the message fragment to + * encrypt or decrypt. + * \param[in] input_length Size of the \p input buffer in bytes. + * \param[out] output Buffer where the output is to be written. + * \param[in] output_size Size of the \p output buffer in bytes. + * \param[out] output_length On success, the number of bytes + * that make up the returned output. + * + * \retval #PSA_SUCCESS + * \retval #PSA_ERROR_BUFFER_TOO_SMALL + * The size of the \p output buffer is too small. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + */ +psa_status_t mbedtls_psa_cipher_update( + psa_cipher_operation_t *operation, + const uint8_t *input, size_t input_length, + uint8_t *output, size_t output_size, size_t *output_length ); + +/** Finish encrypting or decrypting a message in a cipher operation. + * + * \note The signature of this function is that of a PSA driver + * cipher_finish entry point. This function behaves as a + * cipher_finish entry point as defined in the PSA driver + * interface specification for transparent drivers. + * + * \param[in,out] operation Active cipher operation. + * \param[out] output Buffer where the output is to be written. + * \param[in] output_size Size of the \p output buffer in bytes. + * \param[out] output_length On success, the number of bytes + * that make up the returned output. + * + * \retval #PSA_SUCCESS + * \retval #PSA_ERROR_INVALID_ARGUMENT + * The total input size passed to this operation is not valid for + * this particular algorithm. For example, the algorithm is a based + * on block cipher and requires a whole number of blocks, but the + * total input size is not a multiple of the block size. + * \retval #PSA_ERROR_INVALID_PADDING + * This is a decryption operation for an algorithm that includes + * padding, and the ciphertext does not contain valid padding. + * \retval #PSA_ERROR_BUFFER_TOO_SMALL + * The size of the \p output buffer is too small. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + */ +psa_status_t mbedtls_psa_cipher_finish( + psa_cipher_operation_t *operation, + uint8_t *output, size_t output_size, size_t *output_length ); + +/** Abort a cipher operation. + * + * Aborting an operation frees all associated resources except for the + * \p operation structure itself. Once aborted, the operation object + * can be reused for another operation. + * + * \note The signature of this function is that of a PSA driver + * cipher_abort entry point. This function behaves as a + * cipher_abort entry point as defined in the PSA driver + * interface specification for transparent drivers. + * + * \param[in,out] operation Initialized cipher operation. + * + * \retval #PSA_SUCCESS + */ +psa_status_t mbedtls_psa_cipher_abort( psa_cipher_operation_t *operation ); + #endif /* PSA_CRYPTO_CIPHER_H */ From 6056fe8a81b93e2c96950206ff26431c5dea2460 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 15 Dec 2020 13:58:07 +0100 Subject: [PATCH 10/28] psa: driver wrapper: Change cipher_xyz signature Change the operation context to the PSA one to be able to call the software implementation from the driver wrapper later on. Signed-off-by: Ronald Cron --- library/psa_crypto.c | 10 ++-- library/psa_crypto_driver_wrappers.c | 73 +++++++++++++++------------- library/psa_crypto_driver_wrappers.h | 10 ++-- 3 files changed, 48 insertions(+), 45 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 5c867b622..7ecf32ed4 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3490,7 +3490,7 @@ psa_status_t psa_cipher_generate_iv( psa_cipher_operation_t *operation, if( operation->mbedtls_in_use == 0 ) { - status = psa_driver_wrapper_cipher_generate_iv( &operation->ctx.driver, + status = psa_driver_wrapper_cipher_generate_iv( operation, iv, iv_size, iv_length ); @@ -3529,7 +3529,7 @@ psa_status_t psa_cipher_set_iv( psa_cipher_operation_t *operation, if( operation->mbedtls_in_use == 0 ) { - status = psa_driver_wrapper_cipher_set_iv( &operation->ctx.driver, + status = psa_driver_wrapper_cipher_set_iv( operation, iv, iv_length ); } @@ -3565,7 +3565,7 @@ psa_status_t psa_cipher_update( psa_cipher_operation_t *operation, if( operation->mbedtls_in_use == 0 ) { - status = psa_driver_wrapper_cipher_update( &operation->ctx.driver, + status = psa_driver_wrapper_cipher_update( operation, input, input_length, output, @@ -3606,7 +3606,7 @@ psa_status_t psa_cipher_finish( psa_cipher_operation_t *operation, if( operation->mbedtls_in_use == 0 ) { - status = psa_driver_wrapper_cipher_finish( &operation->ctx.driver, + status = psa_driver_wrapper_cipher_finish( operation, output, output_size, output_length ); @@ -3646,7 +3646,7 @@ psa_status_t psa_cipher_abort( psa_cipher_operation_t *operation ) return( PSA_ERROR_BAD_STATE ); if( operation->mbedtls_in_use == 0 ) - psa_driver_wrapper_cipher_abort( &operation->ctx.driver ); + psa_driver_wrapper_cipher_abort( operation ); else mbedtls_psa_cipher_abort( operation ); diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index 7960a08d6..f8a1c5253 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -890,27 +890,29 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup( } psa_status_t psa_driver_wrapper_cipher_generate_iv( - psa_operation_driver_context_t *operation, + psa_cipher_operation_t *operation, uint8_t *iv, size_t iv_size, size_t *iv_length ) { #if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) - switch( operation->id ) + switch( operation->ctx.driver.id ) { #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: - return( test_transparent_cipher_generate_iv( operation->ctx, - iv, - iv_size, - iv_length ) ); + return( test_transparent_cipher_generate_iv( + operation->ctx.driver.ctx, + iv, + iv_size, + iv_length ) ); #endif /* PSA_CRYPTO_DRIVER_TEST */ #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID: - return( test_opaque_cipher_generate_iv( operation->ctx, - iv, - iv_size, - iv_length ) ); + return( test_opaque_cipher_generate_iv( + operation->ctx.driver.ctx, + iv, + iv_size, + iv_length ) ); #endif /* PSA_CRYPTO_DRIVER_TEST */ default: /* Key is attached to a driver not known to us */ @@ -927,22 +929,22 @@ psa_status_t psa_driver_wrapper_cipher_generate_iv( } psa_status_t psa_driver_wrapper_cipher_set_iv( - psa_operation_driver_context_t *operation, + psa_cipher_operation_t *operation, const uint8_t *iv, size_t iv_length ) { #if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) - switch( operation->id ) + switch( operation->ctx.driver.id ) { #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: - return( test_transparent_cipher_set_iv( operation->ctx, + return( test_transparent_cipher_set_iv( operation->ctx.driver.ctx, iv, iv_length ) ); #endif /* PSA_CRYPTO_DRIVER_TEST */ #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID: - return( test_opaque_cipher_set_iv( operation->ctx, + return( test_opaque_cipher_set_iv( operation->ctx.driver.ctx, iv, iv_length ) ); #endif /* PSA_CRYPTO_DRIVER_TEST */ @@ -960,7 +962,7 @@ psa_status_t psa_driver_wrapper_cipher_set_iv( } psa_status_t psa_driver_wrapper_cipher_update( - psa_operation_driver_context_t *operation, + psa_cipher_operation_t *operation, const uint8_t *input, size_t input_length, uint8_t *output, @@ -968,11 +970,11 @@ psa_status_t psa_driver_wrapper_cipher_update( size_t *output_length ) { #if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) - switch( operation->id ) + switch( operation->ctx.driver.id ) { #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: - return( test_transparent_cipher_update( operation->ctx, + return( test_transparent_cipher_update( operation->ctx.driver.ctx, input, input_length, output, @@ -981,7 +983,7 @@ psa_status_t psa_driver_wrapper_cipher_update( #endif /* PSA_CRYPTO_DRIVER_TEST */ #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID: - return( test_opaque_cipher_update( operation->ctx, + return( test_opaque_cipher_update( operation->ctx.driver.ctx, input, input_length, output, @@ -1005,24 +1007,24 @@ psa_status_t psa_driver_wrapper_cipher_update( } psa_status_t psa_driver_wrapper_cipher_finish( - psa_operation_driver_context_t *operation, + psa_cipher_operation_t *operation, uint8_t *output, size_t output_size, size_t *output_length ) { #if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) - switch( operation->id ) + switch( operation->ctx.driver.id ) { #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: - return( test_transparent_cipher_finish( operation->ctx, + return( test_transparent_cipher_finish( operation->ctx.driver.ctx, output, output_size, output_length ) ); #endif /* PSA_CRYPTO_DRIVER_TEST */ #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID: - return( test_opaque_cipher_finish( operation->ctx, + return( test_opaque_cipher_finish( operation->ctx.driver.ctx, output, output_size, output_length ) ); @@ -1042,39 +1044,40 @@ psa_status_t psa_driver_wrapper_cipher_finish( } psa_status_t psa_driver_wrapper_cipher_abort( - psa_operation_driver_context_t *operation ) + psa_cipher_operation_t *operation ) { #if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; + psa_operation_driver_context_t *driver_context = &operation->ctx.driver; /* The object has (apparently) been initialized but it is not in use. It's * ok to call abort on such an object, and there's nothing to do. */ - if( operation->ctx == NULL && operation->id == 0 ) + if( driver_context->ctx == NULL && driver_context->id == 0 ) return( PSA_SUCCESS ); - switch( operation->id ) + switch( driver_context->id ) { #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: - status = test_transparent_cipher_abort( operation->ctx ); + status = test_transparent_cipher_abort( driver_context->ctx ); mbedtls_platform_zeroize( - operation->ctx, + driver_context->ctx, sizeof( test_transparent_cipher_operation_t ) ); - mbedtls_free( operation->ctx ); - operation->ctx = NULL; - operation->id = 0; + mbedtls_free( driver_context->ctx ); + driver_context->ctx = NULL; + driver_context->id = 0; return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID: - status = test_opaque_cipher_abort( operation->ctx ); + status = test_opaque_cipher_abort( driver_context->ctx ); mbedtls_platform_zeroize( - operation->ctx, + driver_context->ctx, sizeof( test_opaque_cipher_operation_t ) ); - mbedtls_free( operation->ctx ); - operation->ctx = NULL; - operation->id = 0; + mbedtls_free( driver_context->ctx ); + driver_context->ctx = NULL; + driver_context->id = 0; return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h index e3b59f742..d4ff91cde 100644 --- a/library/psa_crypto_driver_wrappers.h +++ b/library/psa_crypto_driver_wrappers.h @@ -102,18 +102,18 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup( psa_algorithm_t alg ); psa_status_t psa_driver_wrapper_cipher_generate_iv( - psa_operation_driver_context_t *operation, + psa_cipher_operation_t *operation, uint8_t *iv, size_t iv_size, size_t *iv_length ); psa_status_t psa_driver_wrapper_cipher_set_iv( - psa_operation_driver_context_t *operation, + psa_cipher_operation_t *operation, const uint8_t *iv, size_t iv_length ); psa_status_t psa_driver_wrapper_cipher_update( - psa_operation_driver_context_t *operation, + psa_cipher_operation_t *operation, const uint8_t *input, size_t input_length, uint8_t *output, @@ -121,13 +121,13 @@ psa_status_t psa_driver_wrapper_cipher_update( size_t *output_length ); psa_status_t psa_driver_wrapper_cipher_finish( - psa_operation_driver_context_t *operation, + psa_cipher_operation_t *operation, uint8_t *output, size_t output_size, size_t *output_length ); psa_status_t psa_driver_wrapper_cipher_abort( - psa_operation_driver_context_t *operation ); + psa_cipher_operation_t *operation ); /* * Hashing functions From dd24c9bbd9b1ac417ce72a66781928ba91bdc67d Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 15 Dec 2020 14:10:01 +0100 Subject: [PATCH 11/28] psa: Call cipher operations software implementations as a driver Signed-off-by: Ronald Cron --- library/psa_crypto.c | 80 +++++----------------- library/psa_crypto_driver_wrappers.c | 99 +++++++++++++--------------- 2 files changed, 63 insertions(+), 116 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 7ecf32ed4..22dce5d7f 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3488,20 +3488,10 @@ psa_status_t psa_cipher_generate_iv( psa_cipher_operation_t *operation, return( PSA_ERROR_BAD_STATE ); } - if( operation->mbedtls_in_use == 0 ) - { - status = psa_driver_wrapper_cipher_generate_iv( operation, - iv, - iv_size, - iv_length ); - } - else - { - status = mbedtls_psa_cipher_generate_iv( operation, - iv, - iv_size, - iv_length ); - } + status = psa_driver_wrapper_cipher_generate_iv( operation, + iv, + iv_size, + iv_length ); if( status == PSA_SUCCESS ) operation->iv_set = 1; @@ -3527,16 +3517,9 @@ psa_status_t psa_cipher_set_iv( psa_cipher_operation_t *operation, return( PSA_ERROR_BAD_STATE ); } - if( operation->mbedtls_in_use == 0 ) - { - status = psa_driver_wrapper_cipher_set_iv( operation, - iv, - iv_length ); - } - else - { - status = mbedtls_psa_cipher_set_iv( operation, iv, iv_length ); - } + status = psa_driver_wrapper_cipher_set_iv( operation, + iv, + iv_length ); if( status == PSA_SUCCESS ) operation->iv_set = 1; @@ -3563,25 +3546,12 @@ psa_status_t psa_cipher_update( psa_cipher_operation_t *operation, return( PSA_ERROR_BAD_STATE ); } - if( operation->mbedtls_in_use == 0 ) - { - status = psa_driver_wrapper_cipher_update( operation, - input, - input_length, - output, - output_size, - output_length ); - } - else - { - status = mbedtls_psa_cipher_update( operation, - input, - input_length, - output, - output_size, - output_length ); - } - + status = psa_driver_wrapper_cipher_update( operation, + input, + input_length, + output, + output_size, + output_length ); if( status != PSA_SUCCESS ) psa_cipher_abort( operation ); @@ -3604,21 +3574,10 @@ psa_status_t psa_cipher_finish( psa_cipher_operation_t *operation, return( PSA_ERROR_BAD_STATE ); } - if( operation->mbedtls_in_use == 0 ) - { - status = psa_driver_wrapper_cipher_finish( operation, - output, - output_size, - output_length ); - } - else - { - status = mbedtls_psa_cipher_finish( operation, - output, - output_size, - output_length ); - } - + status = psa_driver_wrapper_cipher_finish( operation, + output, + output_size, + output_length ); if( status == PSA_SUCCESS ) return( psa_cipher_abort( operation ) ); else @@ -3645,10 +3604,7 @@ psa_status_t psa_cipher_abort( psa_cipher_operation_t *operation ) if( ! PSA_ALG_IS_CIPHER( operation->alg ) ) return( PSA_ERROR_BAD_STATE ); - if( operation->mbedtls_in_use == 0 ) - psa_driver_wrapper_cipher_abort( operation ); - else - mbedtls_psa_cipher_abort( operation ); + psa_driver_wrapper_cipher_abort( operation ); operation->alg = 0; operation->key_set = 0; diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index f8a1c5253..883b94432 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -895,7 +895,13 @@ psa_status_t psa_driver_wrapper_cipher_generate_iv( size_t iv_size, size_t *iv_length ) { -#if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) + if( operation->mbedtls_in_use ) + return( mbedtls_psa_cipher_generate_iv( operation, + iv, + iv_size, + iv_length ) ); + +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) switch( operation->ctx.driver.id ) { #if defined(PSA_CRYPTO_DRIVER_TEST) @@ -906,6 +912,7 @@ psa_status_t psa_driver_wrapper_cipher_generate_iv( iv_size, iv_length ) ); #endif /* PSA_CRYPTO_DRIVER_TEST */ + #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID: return( test_opaque_cipher_generate_iv( @@ -914,18 +921,10 @@ psa_status_t psa_driver_wrapper_cipher_generate_iv( iv_size, iv_length ) ); #endif /* PSA_CRYPTO_DRIVER_TEST */ - default: - /* Key is attached to a driver not known to us */ - return( PSA_ERROR_INVALID_ARGUMENT ); } -#else /* PSA_CRYPTO_DRIVER_PRESENT */ - (void) operation; - (void) iv; - (void) iv_size; - (void) iv_length; +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ - return( PSA_ERROR_NOT_SUPPORTED ); -#endif /* PSA_CRYPTO_DRIVER_PRESENT */ + return( PSA_ERROR_INVALID_ARGUMENT ); } psa_status_t psa_driver_wrapper_cipher_set_iv( @@ -933,7 +932,12 @@ psa_status_t psa_driver_wrapper_cipher_set_iv( const uint8_t *iv, size_t iv_length ) { -#if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) + if( operation->mbedtls_in_use ) + return( mbedtls_psa_cipher_set_iv( operation, + iv, + iv_length ) ); + +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) switch( operation->ctx.driver.id ) { #if defined(PSA_CRYPTO_DRIVER_TEST) @@ -948,17 +952,10 @@ psa_status_t psa_driver_wrapper_cipher_set_iv( iv, iv_length ) ); #endif /* PSA_CRYPTO_DRIVER_TEST */ - default: - /* Key is attached to a driver not known to us */ - return( PSA_ERROR_INVALID_ARGUMENT ); } -#else /* PSA_CRYPTO_DRIVER_PRESENT */ - (void) operation; - (void) iv; - (void) iv_length; +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ - return( PSA_ERROR_NOT_SUPPORTED ); -#endif /* PSA_CRYPTO_DRIVER_PRESENT */ + return( PSA_ERROR_INVALID_ARGUMENT ); } psa_status_t psa_driver_wrapper_cipher_update( @@ -969,7 +966,15 @@ psa_status_t psa_driver_wrapper_cipher_update( size_t output_size, size_t *output_length ) { -#if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) + if( operation->mbedtls_in_use ) + return( mbedtls_psa_cipher_update( operation, + input, + input_length, + output, + output_size, + output_length ) ); + +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) switch( operation->ctx.driver.id ) { #if defined(PSA_CRYPTO_DRIVER_TEST) @@ -990,20 +995,10 @@ psa_status_t psa_driver_wrapper_cipher_update( output_size, output_length ) ); #endif /* PSA_CRYPTO_DRIVER_TEST */ - default: - /* Key is attached to a driver not known to us */ - return( PSA_ERROR_INVALID_ARGUMENT ); } -#else /* PSA_CRYPTO_DRIVER_PRESENT */ - (void) operation; - (void) input; - (void) input_length; - (void) output; - (void) output_length; - (void) output_size; +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ - return( PSA_ERROR_NOT_SUPPORTED ); -#endif /* PSA_CRYPTO_DRIVER_PRESENT */ + return( PSA_ERROR_INVALID_ARGUMENT ); } psa_status_t psa_driver_wrapper_cipher_finish( @@ -1012,7 +1007,13 @@ psa_status_t psa_driver_wrapper_cipher_finish( size_t output_size, size_t *output_length ) { -#if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) + if( operation->mbedtls_in_use ) + return( mbedtls_psa_cipher_finish( operation, + output, + output_size, + output_length ) ); + +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) switch( operation->ctx.driver.id ) { #if defined(PSA_CRYPTO_DRIVER_TEST) @@ -1029,25 +1030,20 @@ psa_status_t psa_driver_wrapper_cipher_finish( output_size, output_length ) ); #endif /* PSA_CRYPTO_DRIVER_TEST */ - default: - /* Key is attached to a driver not known to us */ - return( PSA_ERROR_INVALID_ARGUMENT ); } -#else /* PSA_CRYPTO_DRIVER_PRESENT */ - (void) operation; - (void) output; - (void) output_size; - (void) output_length; +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ - return( PSA_ERROR_NOT_SUPPORTED ); -#endif /* PSA_CRYPTO_DRIVER_PRESENT */ + return( PSA_ERROR_INVALID_ARGUMENT ); } psa_status_t psa_driver_wrapper_cipher_abort( psa_cipher_operation_t *operation ) { -#if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) - psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; + if( operation->mbedtls_in_use ) + return( mbedtls_psa_cipher_abort( operation ) ); + +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_operation_driver_context_t *driver_context = &operation->ctx.driver; /* The object has (apparently) been initialized but it is not in use. It's @@ -1081,15 +1077,10 @@ psa_status_t psa_driver_wrapper_cipher_abort( return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ - default: - /* Operation is attached to a driver not known to us */ - return( PSA_ERROR_INVALID_ARGUMENT ); } -#else /* PSA_CRYPTO_DRIVER_PRESENT */ - (void)operation; +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ - return( PSA_ERROR_NOT_SUPPORTED ); -#endif /* PSA_CRYPTO_DRIVER_PRESENT */ + return( PSA_ERROR_INVALID_ARGUMENT ); } /* From 8d310ad2e66bc01aa6510aa9441f9056c0d910e9 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 15 Dec 2020 15:17:20 +0100 Subject: [PATCH 12/28] psa: Rework unauthenticated cipher support in transparent test driver Make use of psa_cipher_xyz_internal() functions to simplify the transparent test driver code and extend the algorithms it supports to all algorithms supported by the MbedTLS library. Signed-off-by: Ronald Cron --- tests/include/test/drivers/cipher.h | 11 +- tests/src/drivers/cipher.c | 234 +++++++--------------------- 2 files changed, 59 insertions(+), 186 deletions(-) diff --git a/tests/include/test/drivers/cipher.h b/tests/include/test/drivers/cipher.h index ef787f794..06efa983a 100644 --- a/tests/include/test/drivers/cipher.h +++ b/tests/include/test/drivers/cipher.h @@ -28,17 +28,10 @@ #if defined(PSA_CRYPTO_DRIVER_TEST) #include +#include #include "mbedtls/cipher.h" -typedef struct { - psa_algorithm_t alg; - unsigned int key_set : 1; - unsigned int iv_required : 1; - unsigned int iv_set : 1; - uint8_t iv_size; - uint8_t block_size; - mbedtls_cipher_context_t cipher; -} test_transparent_cipher_operation_t; +typedef psa_cipher_operation_t test_transparent_cipher_operation_t; typedef struct{ unsigned int initialised : 1; diff --git a/tests/src/drivers/cipher.c b/tests/src/drivers/cipher.c index fa7c6a9e7..6a205b487 100644 --- a/tests/src/drivers/cipher.c +++ b/tests/src/drivers/cipher.c @@ -26,6 +26,7 @@ #if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) #include "psa/crypto.h" +#include "psa_crypto_cipher.h" #include "psa_crypto_core.h" #include "mbedtls/cipher.h" @@ -204,79 +205,28 @@ psa_status_t test_transparent_cipher_decrypt( output, output_size, output_length) ); } -static psa_status_t test_transparent_cipher_setup( - mbedtls_operation_t direction, - test_transparent_cipher_operation_t *operation, - const psa_key_attributes_t *attributes, - const uint8_t *key, size_t key_length, - psa_algorithm_t alg) -{ - const mbedtls_cipher_info_t *cipher_info = NULL; - int ret = 0; - - test_driver_cipher_hooks.hits++; - - if( operation->alg != 0 ) - return( PSA_ERROR_BAD_STATE ); - - /* Wiping the entire struct here, instead of member-by-member. This is useful - * for the test suite, since it gives a chance of catching memory corruption - * errors should the core not have allocated (enough) memory for our context - * struct. */ - memset( operation, 0, sizeof( *operation ) ); - - /* Allow overriding return value for testing purposes */ - if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) - return( test_driver_cipher_hooks.forced_status ); - - /* Test driver supports AES-CTR only, to verify operation calls. */ - if( alg != PSA_ALG_CTR || - psa_get_key_type( attributes ) != PSA_KEY_TYPE_AES ) - return( PSA_ERROR_NOT_SUPPORTED ); - - operation->alg = alg; - operation->iv_size = 16; - - cipher_info = mbedtls_cipher_info_from_values( MBEDTLS_CIPHER_ID_AES, - key_length * 8, - MBEDTLS_MODE_CTR ); - if( cipher_info == NULL ) - return( PSA_ERROR_NOT_SUPPORTED ); - - mbedtls_cipher_init( &operation->cipher ); - ret = mbedtls_cipher_setup( &operation->cipher, cipher_info ); - if( ret != 0 ) { - mbedtls_cipher_free( &operation->cipher ); - return( mbedtls_to_psa_error( ret ) ); - } - - ret = mbedtls_cipher_setkey( &operation->cipher, - key, - key_length * 8, direction ); - if( ret != 0 ) { - mbedtls_cipher_free( &operation->cipher ); - return( mbedtls_to_psa_error( ret ) ); - } - - operation->iv_set = 0; - operation->iv_required = 1; - operation->key_set = 1; - - return( test_driver_cipher_hooks.forced_status ); -} - psa_status_t test_transparent_cipher_encrypt_setup( test_transparent_cipher_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, psa_algorithm_t alg) { - return ( test_transparent_cipher_setup( MBEDTLS_ENCRYPT, - operation, - attributes, - key, - key_length, - alg ) ); + test_driver_cipher_hooks.hits++; + + /* Wiping the entire struct here, instead of member-by-member. This is + * useful for the test suite, since it gives a chance of catching memory + * corruption errors should the core not have allocated (enough) memory for + * our context struct. */ + memset( operation, 0, sizeof( *operation ) ); + + if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) + return( test_driver_cipher_hooks.forced_status ); + + return ( mbedtls_psa_cipher_encrypt_setup( operation, + attributes, + key, + key_length, + alg ) ); } psa_status_t test_transparent_cipher_decrypt_setup( @@ -285,12 +235,16 @@ psa_status_t test_transparent_cipher_decrypt_setup( const uint8_t *key, size_t key_length, psa_algorithm_t alg) { - return ( test_transparent_cipher_setup( MBEDTLS_DECRYPT, - operation, - attributes, - key, - key_length, - alg ) ); + test_driver_cipher_hooks.hits++; + + if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) + return( test_driver_cipher_hooks.forced_status ); + + return ( mbedtls_psa_cipher_decrypt_setup( operation, + attributes, + key, + key_length, + alg ) ); } psa_status_t test_transparent_cipher_abort( @@ -300,18 +254,16 @@ psa_status_t test_transparent_cipher_abort( if( operation->alg == 0 ) return( PSA_SUCCESS ); - if( operation->alg != PSA_ALG_CTR ) - return( PSA_ERROR_BAD_STATE ); - mbedtls_cipher_free( &operation->cipher ); + mbedtls_psa_cipher_abort( operation ); - /* Wiping the entire struct here, instead of member-by-member. This is useful - * for the test suite, since it gives a chance of catching memory corruption - * errors should the core not have allocated (enough) memory for our context - * struct. */ + /* Wiping the entire struct here, instead of member-by-member. This is + * useful for the test suite, since it gives a chance of catching memory + * corruption errors should the core not have allocated (enough) memory for + * our context struct. */ memset( operation, 0, sizeof( *operation ) ); - return( PSA_SUCCESS ); + return( test_driver_cipher_hooks.forced_status ); } psa_status_t test_transparent_cipher_generate_iv( @@ -320,35 +272,15 @@ psa_status_t test_transparent_cipher_generate_iv( size_t iv_size, size_t *iv_length) { - psa_status_t status; - mbedtls_test_rnd_pseudo_info rnd_info; - memset( &rnd_info, 0x5A, sizeof( mbedtls_test_rnd_pseudo_info ) ); - test_driver_cipher_hooks.hits++; if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) return( test_driver_cipher_hooks.forced_status ); - if( operation->alg != PSA_ALG_CTR ) - return( PSA_ERROR_BAD_STATE ); - - if( operation->iv_set || ! operation->iv_required ) - return( PSA_ERROR_BAD_STATE ); - - if( iv_size < operation->iv_size ) - return( PSA_ERROR_BUFFER_TOO_SMALL ); - - status = mbedtls_to_psa_error( - mbedtls_test_rnd_pseudo_rand( &rnd_info, - iv, - operation->iv_size ) ); - if( status != PSA_SUCCESS ) - return( status ); - - *iv_length = operation->iv_size; - status = test_transparent_cipher_set_iv( operation, iv, *iv_length ); - - return( status ); + return( mbedtls_psa_cipher_generate_iv( operation, + iv, + iv_size, + iv_length ) ); } psa_status_t test_transparent_cipher_set_iv( @@ -356,29 +288,14 @@ psa_status_t test_transparent_cipher_set_iv( const uint8_t *iv, size_t iv_length) { - psa_status_t status; - test_driver_cipher_hooks.hits++; if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) return( test_driver_cipher_hooks.forced_status ); - if( operation->alg != PSA_ALG_CTR ) - return( PSA_ERROR_BAD_STATE ); - - if( operation->iv_set || ! operation->iv_required ) - return( PSA_ERROR_BAD_STATE ); - - if( iv_length != operation->iv_size ) - return( PSA_ERROR_INVALID_ARGUMENT ); - - status = mbedtls_to_psa_error( - mbedtls_cipher_set_iv( &operation->cipher, iv, iv_length ) ); - - if( status == PSA_SUCCESS ) - operation->iv_set = 1; - - return( status ); + return( mbedtls_psa_cipher_set_iv( operation, + iv, + iv_length ) ); } psa_status_t test_transparent_cipher_update( @@ -389,27 +306,8 @@ psa_status_t test_transparent_cipher_update( size_t output_size, size_t *output_length) { - psa_status_t status; - test_driver_cipher_hooks.hits++; - if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) - return( test_driver_cipher_hooks.forced_status ); - - if( operation->alg != PSA_ALG_CTR ) - return( PSA_ERROR_BAD_STATE ); - - /* CTR is a stream cipher, so data in and out are always the same size */ - if( output_size < input_length ) - return( PSA_ERROR_BUFFER_TOO_SMALL ); - - status = mbedtls_to_psa_error( - mbedtls_cipher_update( &operation->cipher, input, - input_length, output, output_length ) ); - - if( status != PSA_SUCCESS ) - return status; - if( test_driver_cipher_hooks.forced_output != NULL ) { if( output_size < test_driver_cipher_hooks.forced_output_length ) @@ -419,9 +317,17 @@ psa_status_t test_transparent_cipher_update( test_driver_cipher_hooks.forced_output, test_driver_cipher_hooks.forced_output_length ); *output_length = test_driver_cipher_hooks.forced_output_length; + + return( test_driver_cipher_hooks.forced_status ); } - return( test_driver_cipher_hooks.forced_status ); + if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) + return( test_driver_cipher_hooks.forced_status ); + + return( mbedtls_psa_cipher_update( operation, + input, input_length, + output, output_size, + output_length ) ); } psa_status_t test_transparent_cipher_finish( @@ -430,41 +336,8 @@ psa_status_t test_transparent_cipher_finish( size_t output_size, size_t *output_length) { - psa_status_t status = PSA_ERROR_GENERIC_ERROR; - uint8_t temp_output_buffer[MBEDTLS_MAX_BLOCK_LENGTH]; - test_driver_cipher_hooks.hits++; - if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) - return( test_driver_cipher_hooks.forced_status ); - - if( operation->alg != PSA_ALG_CTR ) - return( PSA_ERROR_BAD_STATE ); - - if( ! operation->key_set ) - return( PSA_ERROR_BAD_STATE ); - - if( operation->iv_required && ! operation->iv_set ) - return( PSA_ERROR_BAD_STATE ); - - status = mbedtls_to_psa_error( - mbedtls_cipher_finish( &operation->cipher, - temp_output_buffer, - output_length ) ); - - mbedtls_cipher_free( &operation->cipher ); - - if( status != PSA_SUCCESS ) - return( status ); - - if( *output_length == 0 ) - ; /* Nothing to copy. Note that output may be NULL in this case. */ - else if( output_size >= *output_length ) - memcpy( output, temp_output_buffer, *output_length ); - else - return( PSA_ERROR_BUFFER_TOO_SMALL ); - - if( test_driver_cipher_hooks.forced_output != NULL ) { if( output_size < test_driver_cipher_hooks.forced_output_length ) @@ -474,9 +347,16 @@ psa_status_t test_transparent_cipher_finish( test_driver_cipher_hooks.forced_output, test_driver_cipher_hooks.forced_output_length ); *output_length = test_driver_cipher_hooks.forced_output_length; + + return( test_driver_cipher_hooks.forced_status ); } - return( test_driver_cipher_hooks.forced_status ); + if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) + return( test_driver_cipher_hooks.forced_status ); + + return( mbedtls_psa_cipher_finish( operation, + output, output_size, + output_length ) ); } /* From 06aa442beffcc5f6090ccba6883e826e906c1b90 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 9 Mar 2021 17:32:57 +0100 Subject: [PATCH 13/28] psa: cipher: Remove unused `key_set` operation field Signed-off-by: Ronald Cron --- include/psa/crypto_struct.h | 3 +-- library/psa_crypto.c | 9 +-------- 2 files changed, 2 insertions(+), 10 deletions(-) diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index 87eefb9b1..3ccad24cd 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -144,7 +144,6 @@ static inline struct psa_mac_operation_s psa_mac_operation_init( void ) struct psa_cipher_operation_s { psa_algorithm_t alg; - unsigned int key_set : 1; unsigned int iv_required : 1; unsigned int iv_set : 1; unsigned int mbedtls_in_use : 1; /* Indicates mbed TLS is handling the operation. */ @@ -158,7 +157,7 @@ struct psa_cipher_operation_s } ctx; }; -#define PSA_CIPHER_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, {0}} +#define PSA_CIPHER_OPERATION_INIT {0, 0, 0, 0, 0, 0, {0}} static inline struct psa_cipher_operation_s psa_cipher_operation_init( void ) { const struct psa_cipher_operation_s v = PSA_CIPHER_OPERATION_INIT; diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 22dce5d7f..3dfee3b3c 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3408,7 +3408,6 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation, /* Initialize the operation struct members, except for alg. The alg member * is used to indicate to psa_cipher_abort that there are resources to free, * so we only set it after resources have been allocated/initialized. */ - operation->key_set = 0; operation->iv_set = 0; operation->mbedtls_in_use = 0; operation->iv_size = 0; @@ -3444,12 +3443,7 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation, } exit: - if( status == PSA_SUCCESS ) - { - /* Update operation flags for both driver and software implementations */ - operation->key_set = 1; - } - else + if( status != PSA_SUCCESS ) psa_cipher_abort( operation ); unlock_status = psa_unlock_key_slot( slot ); @@ -3607,7 +3601,6 @@ psa_status_t psa_cipher_abort( psa_cipher_operation_t *operation ) psa_driver_wrapper_cipher_abort( operation ); operation->alg = 0; - operation->key_set = 0; operation->iv_set = 0; operation->mbedtls_in_use = 0; operation->iv_size = 0; From 49fafa98b18eb28828fc266838496cfdfc37128c Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 10 Mar 2021 08:34:23 +0100 Subject: [PATCH 14/28] psa: cipher: Dispatch based on driver identifier For cipher multi-part operations, dispatch based on the driver identifier even in the case of the Mbed TLS software implementation (viewed as a driver). Also use the driver identifier to check that an cipher operation context is active or not. This aligns the way hash and cipher multi-part operations are dispatched. Signed-off-by: Ronald Cron --- include/psa/crypto_struct.h | 14 +-- library/psa_crypto.c | 28 +++--- library/psa_crypto_cipher.c | 6 -- library/psa_crypto_driver_wrappers.c | 139 +++++++++++++-------------- 4 files changed, 88 insertions(+), 99 deletions(-) diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index 3ccad24cd..491d952d0 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -73,11 +73,6 @@ extern "C" { #include "psa/crypto_driver_contexts.h" typedef struct { - /** Unique ID indicating which driver got assigned to do the - * operation. Since driver contexts are driver-specific, swapping - * drivers halfway through the operation is not supported. - * ID values are auto-generated in psa_driver_wrappers.h */ - unsigned int id; /** Context structure for the assigned driver, when id is not zero. */ void* ctx; } psa_operation_driver_context_t; @@ -143,10 +138,17 @@ static inline struct psa_mac_operation_s psa_mac_operation_init( void ) struct psa_cipher_operation_s { + /** Unique ID indicating which driver got assigned to do the + * operation. Since driver contexts are driver-specific, swapping + * drivers halfway through the operation is not supported. + * ID values are auto-generated in psa_crypto_driver_wrappers.h + * ID value zero means the context is not valid or not assigned to + * any driver (i.e. none of the driver contexts are active). */ + unsigned int id; + psa_algorithm_t alg; unsigned int iv_required : 1; unsigned int iv_set : 1; - unsigned int mbedtls_in_use : 1; /* Indicates mbed TLS is handling the operation. */ uint8_t iv_size; uint8_t block_size; union diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 3dfee3b3c..f4d8a3e43 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3393,7 +3393,7 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation, PSA_KEY_USAGE_DECRYPT ); /* A context must be freshly initialized before it can be set up. */ - if( operation->alg != 0 ) + if( operation->id != 0 ) return( PSA_ERROR_BAD_STATE ); /* The requested algorithm must be one that can be processed by cipher. */ @@ -3405,11 +3405,12 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation, if( status != PSA_SUCCESS ) goto exit; - /* Initialize the operation struct members, except for alg. The alg member + /* Initialize the operation struct members, except for id. The id member * is used to indicate to psa_cipher_abort that there are resources to free, - * so we only set it after resources have been allocated/initialized. */ + * so we only set it (in the driver wrapper) after resources have been + * allocated/initialized. */ + operation->alg = alg; operation->iv_set = 0; - operation->mbedtls_in_use = 0; operation->iv_size = 0; operation->block_size = 0; if( alg == PSA_ALG_ECB_NO_PADDING ) @@ -3435,13 +3436,6 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation, slot->key.bytes, alg ); - if( status == PSA_SUCCESS ) - { - /* Once the driver context is initialized, it needs to be freed using - * psa_cipher_abort. Indicate this through setting alg. */ - operation->alg = alg; - } - exit: if( status != PSA_SUCCESS ) psa_cipher_abort( operation ); @@ -3472,7 +3466,7 @@ psa_status_t psa_cipher_generate_iv( psa_cipher_operation_t *operation, { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - if( operation->alg == 0 ) + if( operation->id == 0 ) { return( PSA_ERROR_BAD_STATE ); } @@ -3501,7 +3495,7 @@ psa_status_t psa_cipher_set_iv( psa_cipher_operation_t *operation, { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - if( operation->alg == 0 ) + if( operation->id == 0 ) { return( PSA_ERROR_BAD_STATE ); } @@ -3531,7 +3525,7 @@ psa_status_t psa_cipher_update( psa_cipher_operation_t *operation, { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - if( operation->alg == 0 ) + if( operation->id == 0 ) { return( PSA_ERROR_BAD_STATE ); } @@ -3559,7 +3553,7 @@ psa_status_t psa_cipher_finish( psa_cipher_operation_t *operation, { psa_status_t status = PSA_ERROR_GENERIC_ERROR; - if( operation->alg == 0 ) + if( operation->id == 0 ) { return( PSA_ERROR_BAD_STATE ); } @@ -3585,7 +3579,7 @@ psa_status_t psa_cipher_finish( psa_cipher_operation_t *operation, psa_status_t psa_cipher_abort( psa_cipher_operation_t *operation ) { - if( operation->alg == 0 ) + if( operation->id == 0 ) { /* The object has (apparently) been initialized but it is not (yet) * in use. It's ok to call abort on such an object, and there's @@ -3600,9 +3594,9 @@ psa_status_t psa_cipher_abort( psa_cipher_operation_t *operation ) psa_driver_wrapper_cipher_abort( operation ); + operation->id = 0; operation->alg = 0; operation->iv_set = 0; - operation->mbedtls_in_use = 0; operation->iv_size = 0; operation->block_size = 0; operation->iv_required = 0; diff --git a/library/psa_crypto_cipher.c b/library/psa_crypto_cipher.c index 91d471b2f..340f674cf 100644 --- a/library/psa_crypto_cipher.c +++ b/library/psa_crypto_cipher.c @@ -49,13 +49,7 @@ static psa_status_t cipher_setup( * available for the given algorithm & key. */ mbedtls_cipher_init( &operation->ctx.cipher ); - /* Once the cipher context is initialised, it needs to be freed using - * psa_cipher_abort. Indicate there is something to be freed through setting - * alg, and indicate the operation is being done using mbedtls crypto through - * setting mbedtls_in_use. */ operation->alg = alg; - operation->mbedtls_in_use = 1; - key_bits = attributes->core.bits; cipher_info = mbedtls_cipher_info_from_psa( alg, key_type, key_bits, NULL ); diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index 883b94432..7a9bc7e77 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -741,8 +741,7 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup( /* Declared with fallback == true */ if( status == PSA_SUCCESS ) { - operation->ctx.driver.id = - PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID; + operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID; operation->ctx.driver.ctx = driver_ctx; } else @@ -757,11 +756,15 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup( #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ /* Fell through, meaning no accelerator supports this operation */ - return( mbedtls_psa_cipher_encrypt_setup( operation, - attributes, - key_buffer, - key_buffer_size, - alg ) ); + status = mbedtls_psa_cipher_encrypt_setup( operation, + attributes, + key_buffer, + key_buffer_size, + alg ); + if( status == PSA_SUCCESS ) + operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; + + return( status ); /* Add cases for opaque driver here */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) @@ -779,7 +782,7 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup( alg ); if( status == PSA_SUCCESS ) { - operation->ctx.driver.id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID; + operation->id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID; operation->ctx.driver.ctx = driver_ctx; } else @@ -831,8 +834,7 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup( /* Declared with fallback == true */ if( status == PSA_SUCCESS ) { - operation->ctx.driver.id = - PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID; + operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID; operation->ctx.driver.ctx = driver_ctx; } else @@ -847,11 +849,16 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup( #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ /* Fell through, meaning no accelerator supports this operation */ - return( mbedtls_psa_cipher_decrypt_setup( operation, - attributes, - key_buffer, - key_buffer_size, - alg ) ); + status = mbedtls_psa_cipher_decrypt_setup( operation, + attributes, + key_buffer, + key_buffer_size, + alg ); + if( status == PSA_SUCCESS ) + operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; + + return( status ); + /* Add cases for opaque driver here */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) @@ -868,7 +875,7 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup( alg ); if( status == PSA_SUCCESS ) { - operation->ctx.driver.id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID; + operation->id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID; operation->ctx.driver.ctx = driver_ctx; } else @@ -895,15 +902,14 @@ psa_status_t psa_driver_wrapper_cipher_generate_iv( size_t iv_size, size_t *iv_length ) { - if( operation->mbedtls_in_use ) - return( mbedtls_psa_cipher_generate_iv( operation, - iv, - iv_size, - iv_length ) ); - -#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) - switch( operation->ctx.driver.id ) + switch( operation->id ) { + case PSA_CRYPTO_MBED_TLS_DRIVER_ID: + return( mbedtls_psa_cipher_generate_iv( operation, + iv, + iv_size, + iv_length ) ); +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: return( test_transparent_cipher_generate_iv( @@ -911,9 +917,7 @@ psa_status_t psa_driver_wrapper_cipher_generate_iv( iv, iv_size, iv_length ) ); -#endif /* PSA_CRYPTO_DRIVER_TEST */ -#if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID: return( test_opaque_cipher_generate_iv( operation->ctx.driver.ctx, @@ -921,8 +925,8 @@ psa_status_t psa_driver_wrapper_cipher_generate_iv( iv_size, iv_length ) ); #endif /* PSA_CRYPTO_DRIVER_TEST */ - } #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + } return( PSA_ERROR_INVALID_ARGUMENT ); } @@ -932,28 +936,27 @@ psa_status_t psa_driver_wrapper_cipher_set_iv( const uint8_t *iv, size_t iv_length ) { - if( operation->mbedtls_in_use ) - return( mbedtls_psa_cipher_set_iv( operation, - iv, - iv_length ) ); + switch( operation->id ) + { + case PSA_CRYPTO_MBED_TLS_DRIVER_ID: + return( mbedtls_psa_cipher_set_iv( operation, + iv, + iv_length ) ); #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) - switch( operation->ctx.driver.id ) - { #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: return( test_transparent_cipher_set_iv( operation->ctx.driver.ctx, iv, iv_length ) ); -#endif /* PSA_CRYPTO_DRIVER_TEST */ -#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID: return( test_opaque_cipher_set_iv( operation->ctx.driver.ctx, iv, iv_length ) ); #endif /* PSA_CRYPTO_DRIVER_TEST */ - } #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + } return( PSA_ERROR_INVALID_ARGUMENT ); } @@ -966,17 +969,16 @@ psa_status_t psa_driver_wrapper_cipher_update( size_t output_size, size_t *output_length ) { - if( operation->mbedtls_in_use ) - return( mbedtls_psa_cipher_update( operation, - input, - input_length, - output, - output_size, - output_length ) ); - -#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) - switch( operation->ctx.driver.id ) + switch( operation->id ) { + case PSA_CRYPTO_MBED_TLS_DRIVER_ID: + return( mbedtls_psa_cipher_update( operation, + input, + input_length, + output, + output_size, + output_length ) ); +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: return( test_transparent_cipher_update( operation->ctx.driver.ctx, @@ -985,8 +987,6 @@ psa_status_t psa_driver_wrapper_cipher_update( output, output_size, output_length ) ); -#endif /* PSA_CRYPTO_DRIVER_TEST */ -#if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID: return( test_opaque_cipher_update( operation->ctx.driver.ctx, input, @@ -995,8 +995,8 @@ psa_status_t psa_driver_wrapper_cipher_update( output_size, output_length ) ); #endif /* PSA_CRYPTO_DRIVER_TEST */ - } #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + } return( PSA_ERROR_INVALID_ARGUMENT ); } @@ -1007,31 +1007,31 @@ psa_status_t psa_driver_wrapper_cipher_finish( size_t output_size, size_t *output_length ) { - if( operation->mbedtls_in_use ) - return( mbedtls_psa_cipher_finish( operation, - output, - output_size, - output_length ) ); + switch( operation->id ) + { + case PSA_CRYPTO_MBED_TLS_DRIVER_ID: + return( mbedtls_psa_cipher_finish( operation, + output, + output_size, + output_length ) ); + #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) - switch( operation->ctx.driver.id ) - { #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: return( test_transparent_cipher_finish( operation->ctx.driver.ctx, output, output_size, output_length ) ); -#endif /* PSA_CRYPTO_DRIVER_TEST */ -#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID: return( test_opaque_cipher_finish( operation->ctx.driver.ctx, output, output_size, output_length ) ); #endif /* PSA_CRYPTO_DRIVER_TEST */ - } #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + } return( PSA_ERROR_INVALID_ARGUMENT ); } @@ -1039,20 +1039,21 @@ psa_status_t psa_driver_wrapper_cipher_finish( psa_status_t psa_driver_wrapper_cipher_abort( psa_cipher_operation_t *operation ) { - if( operation->mbedtls_in_use ) - return( mbedtls_psa_cipher_abort( operation ) ); - -#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_operation_driver_context_t *driver_context = &operation->ctx.driver; /* The object has (apparently) been initialized but it is not in use. It's * ok to call abort on such an object, and there's nothing to do. */ - if( driver_context->ctx == NULL && driver_context->id == 0 ) + if( ( operation->id != PSA_CRYPTO_MBED_TLS_DRIVER_ID ) && + ( driver_context->ctx == NULL ) ) return( PSA_SUCCESS ); - switch( driver_context->id ) + switch( operation->id ) { + case PSA_CRYPTO_MBED_TLS_DRIVER_ID: + return( mbedtls_psa_cipher_abort( operation ) ); + +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: status = test_transparent_cipher_abort( driver_context->ctx ); @@ -1061,11 +1062,9 @@ psa_status_t psa_driver_wrapper_cipher_abort( sizeof( test_transparent_cipher_operation_t ) ); mbedtls_free( driver_context->ctx ); driver_context->ctx = NULL; - driver_context->id = 0; return( status ); -#endif /* PSA_CRYPTO_DRIVER_TEST */ -#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID: status = test_opaque_cipher_abort( driver_context->ctx ); mbedtls_platform_zeroize( @@ -1073,13 +1072,13 @@ psa_status_t psa_driver_wrapper_cipher_abort( sizeof( test_opaque_cipher_operation_t ) ); mbedtls_free( driver_context->ctx ); driver_context->ctx = NULL; - driver_context->id = 0; return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ - } #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + } + (void)status; return( PSA_ERROR_INVALID_ARGUMENT ); } From 937dfee92c49738571a569f14eb3dd66675afcb1 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 10 Mar 2021 09:17:32 +0100 Subject: [PATCH 15/28] psa: cipher: Re-organize multi-part operation context Move members that are of no use to the PSA crypto core to the Mbed TLS implementation specific operation context. Signed-off-by: Ronald Cron --- include/psa/crypto_struct.h | 15 ++++++--- library/psa_crypto.c | 11 ------- library/psa_crypto_cipher.c | 65 ++++++++++++++++++++++--------------- 3 files changed, 49 insertions(+), 42 deletions(-) diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index 491d952d0..52f4973c0 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -136,6 +136,14 @@ static inline struct psa_mac_operation_s psa_mac_operation_init( void ) return( v ); } +typedef struct { + /** Context structure for the Mbed TLS cipher implementation. */ + psa_algorithm_t alg; + uint8_t iv_size; + uint8_t block_size; + mbedtls_cipher_context_t cipher; +} mbedtls_psa_cipher_operation_t; + struct psa_cipher_operation_s { /** Unique ID indicating which driver got assigned to do the @@ -146,20 +154,17 @@ struct psa_cipher_operation_s * any driver (i.e. none of the driver contexts are active). */ unsigned int id; - psa_algorithm_t alg; unsigned int iv_required : 1; unsigned int iv_set : 1; - uint8_t iv_size; - uint8_t block_size; union { unsigned dummy; /* Enable easier initializing of the union. */ - mbedtls_cipher_context_t cipher; + mbedtls_psa_cipher_operation_t mbedtls_ctx; psa_operation_driver_context_t driver; } ctx; }; -#define PSA_CIPHER_OPERATION_INIT {0, 0, 0, 0, 0, 0, {0}} +#define PSA_CIPHER_OPERATION_INIT {0, 0, 0, {0}} static inline struct psa_cipher_operation_s psa_cipher_operation_init( void ) { const struct psa_cipher_operation_s v = PSA_CIPHER_OPERATION_INIT; diff --git a/library/psa_crypto.c b/library/psa_crypto.c index f4d8a3e43..38b18fd24 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3409,10 +3409,7 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation, * is used to indicate to psa_cipher_abort that there are resources to free, * so we only set it (in the driver wrapper) after resources have been * allocated/initialized. */ - operation->alg = alg; operation->iv_set = 0; - operation->iv_size = 0; - operation->block_size = 0; if( alg == PSA_ALG_ECB_NO_PADDING ) operation->iv_required = 0; else @@ -3587,18 +3584,10 @@ psa_status_t psa_cipher_abort( psa_cipher_operation_t *operation ) return( PSA_SUCCESS ); } - /* Sanity check (shouldn't happen: operation->alg should - * always have been initialized to a valid value). */ - if( ! PSA_ALG_IS_CIPHER( operation->alg ) ) - return( PSA_ERROR_BAD_STATE ); - psa_driver_wrapper_cipher_abort( operation ); operation->id = 0; - operation->alg = 0; operation->iv_set = 0; - operation->iv_size = 0; - operation->block_size = 0; operation->iv_required = 0; return( PSA_SUCCESS ); diff --git a/library/psa_crypto_cipher.c b/library/psa_crypto_cipher.c index 340f674cf..a2b29423c 100644 --- a/library/psa_crypto_cipher.c +++ b/library/psa_crypto_cipher.c @@ -42,21 +42,22 @@ static psa_status_t cipher_setup( size_t key_bits; const mbedtls_cipher_info_t *cipher_info = NULL; psa_key_type_t key_type = attributes->core.type; + mbedtls_psa_cipher_operation_t *mbedtls_ctx = &operation->ctx.mbedtls_ctx; (void)key_buffer_size; /* Proceed with initializing an mbed TLS cipher context if no driver is * available for the given algorithm & key. */ - mbedtls_cipher_init( &operation->ctx.cipher ); + mbedtls_cipher_init( &mbedtls_ctx->cipher ); - operation->alg = alg; + mbedtls_ctx->alg = alg; key_bits = attributes->core.bits; cipher_info = mbedtls_cipher_info_from_psa( alg, key_type, key_bits, NULL ); if( cipher_info == NULL ) return( PSA_ERROR_NOT_SUPPORTED ); - ret = mbedtls_cipher_setup( &operation->ctx.cipher, cipher_info ); + ret = mbedtls_cipher_setup( &mbedtls_ctx->cipher, cipher_info ); if( ret != 0 ) goto exit; @@ -67,14 +68,14 @@ static psa_status_t cipher_setup( uint8_t keys[24]; memcpy( keys, key_buffer, 16 ); memcpy( keys + 16, key_buffer, 8 ); - ret = mbedtls_cipher_setkey( &operation->ctx.cipher, + ret = mbedtls_cipher_setkey( &mbedtls_ctx->cipher, keys, 192, cipher_operation ); } else #endif { - ret = mbedtls_cipher_setkey( &operation->ctx.cipher, key_buffer, + ret = mbedtls_cipher_setkey( &mbedtls_ctx->cipher, key_buffer, (int) key_bits, cipher_operation ); } if( ret != 0 ) @@ -85,11 +86,11 @@ static psa_status_t cipher_setup( switch( alg ) { case PSA_ALG_CBC_NO_PADDING: - ret = mbedtls_cipher_set_padding_mode( &operation->ctx.cipher, + ret = mbedtls_cipher_set_padding_mode( &mbedtls_ctx->cipher, MBEDTLS_PADDING_NONE ); break; case PSA_ALG_CBC_PKCS7: - ret = mbedtls_cipher_set_padding_mode( &operation->ctx.cipher, + ret = mbedtls_cipher_set_padding_mode( &mbedtls_ctx->cipher, MBEDTLS_PADDING_PKCS7 ); break; default: @@ -101,18 +102,18 @@ static psa_status_t cipher_setup( goto exit; #endif /* MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING || MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7 */ - operation->block_size = ( PSA_ALG_IS_STREAM_CIPHER( alg ) ? 1 : + mbedtls_ctx->block_size = ( PSA_ALG_IS_STREAM_CIPHER( alg ) ? 1 : PSA_BLOCK_CIPHER_BLOCK_LENGTH( key_type ) ); if( ( alg & PSA_ALG_CIPHER_FROM_BLOCK_FLAG ) != 0 && alg != PSA_ALG_ECB_NO_PADDING ) { - operation->iv_size = PSA_BLOCK_CIPHER_BLOCK_LENGTH( key_type ); + mbedtls_ctx->iv_size = PSA_BLOCK_CIPHER_BLOCK_LENGTH( key_type ); } #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_CHACHA20) else if( ( alg == PSA_ALG_STREAM_CIPHER ) && ( key_type == PSA_KEY_TYPE_CHACHA20 ) ) - operation->iv_size = 12; + mbedtls_ctx->iv_size = 12; #endif exit: @@ -146,16 +147,17 @@ psa_status_t mbedtls_psa_cipher_generate_iv( uint8_t *iv, size_t iv_size, size_t *iv_length ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + mbedtls_psa_cipher_operation_t *mbedtls_ctx = &operation->ctx.mbedtls_ctx; - if( iv_size < operation->iv_size ) + if( iv_size < mbedtls_ctx->iv_size ) return( PSA_ERROR_BUFFER_TOO_SMALL ); ret = mbedtls_psa_get_random( MBEDTLS_PSA_RANDOM_STATE, - iv, operation->iv_size ); + iv, mbedtls_ctx->iv_size ); if( ret != 0 ) return( mbedtls_to_psa_error( ret ) ); - *iv_length = operation->iv_size; + *iv_length = mbedtls_ctx->iv_size; return( mbedtls_psa_cipher_set_iv( operation, iv, *iv_length ) ); } @@ -164,11 +166,13 @@ psa_status_t mbedtls_psa_cipher_set_iv( psa_cipher_operation_t *operation, const uint8_t *iv, size_t iv_length ) { - if( iv_length != operation->iv_size ) + mbedtls_psa_cipher_operation_t *mbedtls_ctx = &operation->ctx.mbedtls_ctx; + + if( iv_length != mbedtls_ctx->iv_size ) return( PSA_ERROR_INVALID_ARGUMENT ); return( mbedtls_to_psa_error( - mbedtls_cipher_set_iv( &operation->ctx.cipher, + mbedtls_cipher_set_iv( &mbedtls_ctx->cipher, iv, iv_length ) ) ); } @@ -268,17 +272,18 @@ psa_status_t mbedtls_psa_cipher_update( psa_cipher_operation_t *operation, size_t *output_length ) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + mbedtls_psa_cipher_operation_t *mbedtls_ctx = &operation->ctx.mbedtls_ctx; size_t expected_output_size; - if( ! PSA_ALG_IS_STREAM_CIPHER( operation->alg ) ) + if( ! PSA_ALG_IS_STREAM_CIPHER( mbedtls_ctx->alg ) ) { /* Take the unprocessed partial block left over from previous * update calls, if any, plus the input to this call. Remove * the last partial block, if any. You get the data that will be * output in this call. */ expected_output_size = - ( operation->ctx.cipher.unprocessed_len + input_length ) - / operation->block_size * operation->block_size; + ( mbedtls_ctx->cipher.unprocessed_len + input_length ) + / mbedtls_ctx->block_size * mbedtls_ctx->block_size; } else { @@ -288,12 +293,12 @@ psa_status_t mbedtls_psa_cipher_update( psa_cipher_operation_t *operation, if( output_size < expected_output_size ) return( PSA_ERROR_BUFFER_TOO_SMALL ); - if( operation->alg == PSA_ALG_ECB_NO_PADDING ) + if( mbedtls_ctx->alg == PSA_ALG_ECB_NO_PADDING ) { /* mbedtls_cipher_update has an API inconsistency: it will only * process a single block at a time in ECB mode. Abstract away that * inconsistency here to match the PSA API behaviour. */ - status = psa_cipher_update_ecb( &operation->ctx.cipher, + status = psa_cipher_update_ecb( &mbedtls_ctx->cipher, input, input_length, output, @@ -303,7 +308,7 @@ psa_status_t mbedtls_psa_cipher_update( psa_cipher_operation_t *operation, else { status = mbedtls_to_psa_error( - mbedtls_cipher_update( &operation->ctx.cipher, input, + mbedtls_cipher_update( &mbedtls_ctx->cipher, input, input_length, output, output_length ) ); } @@ -316,12 +321,13 @@ psa_status_t mbedtls_psa_cipher_finish( psa_cipher_operation_t *operation, size_t *output_length ) { psa_status_t status = PSA_ERROR_GENERIC_ERROR; + mbedtls_psa_cipher_operation_t *mbedtls_ctx = &operation->ctx.mbedtls_ctx; uint8_t temp_output_buffer[MBEDTLS_MAX_BLOCK_LENGTH]; - if( operation->ctx.cipher.unprocessed_len != 0 ) + if( mbedtls_ctx->cipher.unprocessed_len != 0 ) { - if( operation->alg == PSA_ALG_ECB_NO_PADDING || - operation->alg == PSA_ALG_CBC_NO_PADDING ) + if( mbedtls_ctx->alg == PSA_ALG_ECB_NO_PADDING || + mbedtls_ctx->alg == PSA_ALG_CBC_NO_PADDING ) { status = PSA_ERROR_INVALID_ARGUMENT; goto exit; @@ -329,7 +335,7 @@ psa_status_t mbedtls_psa_cipher_finish( psa_cipher_operation_t *operation, } status = mbedtls_to_psa_error( - mbedtls_cipher_finish( &operation->ctx.cipher, + mbedtls_cipher_finish( &mbedtls_ctx->cipher, temp_output_buffer, output_length ) ); if( status != PSA_SUCCESS ) @@ -351,7 +357,14 @@ exit: psa_status_t mbedtls_psa_cipher_abort( psa_cipher_operation_t *operation ) { - mbedtls_cipher_free( &operation->ctx.cipher ); + mbedtls_psa_cipher_operation_t *mbedtls_ctx = &operation->ctx.mbedtls_ctx; + + /* Sanity check (shouldn't happen: operation->alg should + * always have been initialized to a valid value). */ + if( ! PSA_ALG_IS_CIPHER( mbedtls_ctx->alg ) ) + return( PSA_ERROR_BAD_STATE ); + + mbedtls_cipher_free( &mbedtls_ctx->cipher ); return( PSA_SUCCESS ); } From 6e412a71ee3505b92f34e9cfa153231bccf347f6 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 10 Mar 2021 09:58:47 +0100 Subject: [PATCH 16/28] psa: cipher: Pass Mbed TLS implementation its operation ctx As per drivers, pass to the Mbed TLS implementation of the cipher multi-part operation its operation context and not the PSA operation context. Signed-off-by: Ronald Cron --- library/psa_crypto_cipher.c | 78 +++++++++++++--------------- library/psa_crypto_cipher.h | 14 ++--- library/psa_crypto_driver_wrappers.c | 16 +++--- tests/include/test/drivers/cipher.h | 2 +- 4 files changed, 51 insertions(+), 59 deletions(-) diff --git a/library/psa_crypto_cipher.c b/library/psa_crypto_cipher.c index a2b29423c..e86aa9548 100644 --- a/library/psa_crypto_cipher.c +++ b/library/psa_crypto_cipher.c @@ -32,7 +32,7 @@ #include static psa_status_t cipher_setup( - psa_cipher_operation_t *operation, + mbedtls_psa_cipher_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, @@ -42,22 +42,21 @@ static psa_status_t cipher_setup( size_t key_bits; const mbedtls_cipher_info_t *cipher_info = NULL; psa_key_type_t key_type = attributes->core.type; - mbedtls_psa_cipher_operation_t *mbedtls_ctx = &operation->ctx.mbedtls_ctx; (void)key_buffer_size; /* Proceed with initializing an mbed TLS cipher context if no driver is * available for the given algorithm & key. */ - mbedtls_cipher_init( &mbedtls_ctx->cipher ); + mbedtls_cipher_init( &operation->cipher ); - mbedtls_ctx->alg = alg; + operation->alg = alg; key_bits = attributes->core.bits; cipher_info = mbedtls_cipher_info_from_psa( alg, key_type, key_bits, NULL ); if( cipher_info == NULL ) return( PSA_ERROR_NOT_SUPPORTED ); - ret = mbedtls_cipher_setup( &mbedtls_ctx->cipher, cipher_info ); + ret = mbedtls_cipher_setup( &operation->cipher, cipher_info ); if( ret != 0 ) goto exit; @@ -68,14 +67,14 @@ static psa_status_t cipher_setup( uint8_t keys[24]; memcpy( keys, key_buffer, 16 ); memcpy( keys + 16, key_buffer, 8 ); - ret = mbedtls_cipher_setkey( &mbedtls_ctx->cipher, + ret = mbedtls_cipher_setkey( &operation->cipher, keys, 192, cipher_operation ); } else #endif { - ret = mbedtls_cipher_setkey( &mbedtls_ctx->cipher, key_buffer, + ret = mbedtls_cipher_setkey( &operation->cipher, key_buffer, (int) key_bits, cipher_operation ); } if( ret != 0 ) @@ -86,11 +85,11 @@ static psa_status_t cipher_setup( switch( alg ) { case PSA_ALG_CBC_NO_PADDING: - ret = mbedtls_cipher_set_padding_mode( &mbedtls_ctx->cipher, + ret = mbedtls_cipher_set_padding_mode( &operation->cipher, MBEDTLS_PADDING_NONE ); break; case PSA_ALG_CBC_PKCS7: - ret = mbedtls_cipher_set_padding_mode( &mbedtls_ctx->cipher, + ret = mbedtls_cipher_set_padding_mode( &operation->cipher, MBEDTLS_PADDING_PKCS7 ); break; default: @@ -102,18 +101,18 @@ static psa_status_t cipher_setup( goto exit; #endif /* MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING || MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7 */ - mbedtls_ctx->block_size = ( PSA_ALG_IS_STREAM_CIPHER( alg ) ? 1 : + operation->block_size = ( PSA_ALG_IS_STREAM_CIPHER( alg ) ? 1 : PSA_BLOCK_CIPHER_BLOCK_LENGTH( key_type ) ); if( ( alg & PSA_ALG_CIPHER_FROM_BLOCK_FLAG ) != 0 && alg != PSA_ALG_ECB_NO_PADDING ) { - mbedtls_ctx->iv_size = PSA_BLOCK_CIPHER_BLOCK_LENGTH( key_type ); + operation->iv_size = PSA_BLOCK_CIPHER_BLOCK_LENGTH( key_type ); } #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_CHACHA20) else if( ( alg == PSA_ALG_STREAM_CIPHER ) && ( key_type == PSA_KEY_TYPE_CHACHA20 ) ) - mbedtls_ctx->iv_size = 12; + operation->iv_size = 12; #endif exit: @@ -121,7 +120,7 @@ exit: } psa_status_t mbedtls_psa_cipher_encrypt_setup( - psa_cipher_operation_t *operation, + mbedtls_psa_cipher_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg ) @@ -132,7 +131,7 @@ psa_status_t mbedtls_psa_cipher_encrypt_setup( } psa_status_t mbedtls_psa_cipher_decrypt_setup( - psa_cipher_operation_t *operation, + mbedtls_psa_cipher_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg ) @@ -143,36 +142,33 @@ psa_status_t mbedtls_psa_cipher_decrypt_setup( } psa_status_t mbedtls_psa_cipher_generate_iv( - psa_cipher_operation_t *operation, + mbedtls_psa_cipher_operation_t *operation, uint8_t *iv, size_t iv_size, size_t *iv_length ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_psa_cipher_operation_t *mbedtls_ctx = &operation->ctx.mbedtls_ctx; - if( iv_size < mbedtls_ctx->iv_size ) + if( iv_size < operation->iv_size ) return( PSA_ERROR_BUFFER_TOO_SMALL ); ret = mbedtls_psa_get_random( MBEDTLS_PSA_RANDOM_STATE, - iv, mbedtls_ctx->iv_size ); + iv, operation->iv_size ); if( ret != 0 ) return( mbedtls_to_psa_error( ret ) ); - *iv_length = mbedtls_ctx->iv_size; + *iv_length = operation->iv_size; return( mbedtls_psa_cipher_set_iv( operation, iv, *iv_length ) ); } -psa_status_t mbedtls_psa_cipher_set_iv( psa_cipher_operation_t *operation, +psa_status_t mbedtls_psa_cipher_set_iv( mbedtls_psa_cipher_operation_t *operation, const uint8_t *iv, size_t iv_length ) { - mbedtls_psa_cipher_operation_t *mbedtls_ctx = &operation->ctx.mbedtls_ctx; - - if( iv_length != mbedtls_ctx->iv_size ) + if( iv_length != operation->iv_size ) return( PSA_ERROR_INVALID_ARGUMENT ); return( mbedtls_to_psa_error( - mbedtls_cipher_set_iv( &mbedtls_ctx->cipher, + mbedtls_cipher_set_iv( &operation->cipher, iv, iv_length ) ) ); } @@ -264,7 +260,7 @@ exit: return( status ); } -psa_status_t mbedtls_psa_cipher_update( psa_cipher_operation_t *operation, +psa_status_t mbedtls_psa_cipher_update( mbedtls_psa_cipher_operation_t *operation, const uint8_t *input, size_t input_length, uint8_t *output, @@ -272,18 +268,17 @@ psa_status_t mbedtls_psa_cipher_update( psa_cipher_operation_t *operation, size_t *output_length ) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_psa_cipher_operation_t *mbedtls_ctx = &operation->ctx.mbedtls_ctx; size_t expected_output_size; - if( ! PSA_ALG_IS_STREAM_CIPHER( mbedtls_ctx->alg ) ) + if( ! PSA_ALG_IS_STREAM_CIPHER( operation->alg ) ) { /* Take the unprocessed partial block left over from previous * update calls, if any, plus the input to this call. Remove * the last partial block, if any. You get the data that will be * output in this call. */ expected_output_size = - ( mbedtls_ctx->cipher.unprocessed_len + input_length ) - / mbedtls_ctx->block_size * mbedtls_ctx->block_size; + ( operation->cipher.unprocessed_len + input_length ) + / operation->block_size * operation->block_size; } else { @@ -293,12 +288,12 @@ psa_status_t mbedtls_psa_cipher_update( psa_cipher_operation_t *operation, if( output_size < expected_output_size ) return( PSA_ERROR_BUFFER_TOO_SMALL ); - if( mbedtls_ctx->alg == PSA_ALG_ECB_NO_PADDING ) + if( operation->alg == PSA_ALG_ECB_NO_PADDING ) { /* mbedtls_cipher_update has an API inconsistency: it will only * process a single block at a time in ECB mode. Abstract away that * inconsistency here to match the PSA API behaviour. */ - status = psa_cipher_update_ecb( &mbedtls_ctx->cipher, + status = psa_cipher_update_ecb( &operation->cipher, input, input_length, output, @@ -308,26 +303,25 @@ psa_status_t mbedtls_psa_cipher_update( psa_cipher_operation_t *operation, else { status = mbedtls_to_psa_error( - mbedtls_cipher_update( &mbedtls_ctx->cipher, input, + mbedtls_cipher_update( &operation->cipher, input, input_length, output, output_length ) ); } return( status ); } -psa_status_t mbedtls_psa_cipher_finish( psa_cipher_operation_t *operation, +psa_status_t mbedtls_psa_cipher_finish( mbedtls_psa_cipher_operation_t *operation, uint8_t *output, size_t output_size, size_t *output_length ) { psa_status_t status = PSA_ERROR_GENERIC_ERROR; - mbedtls_psa_cipher_operation_t *mbedtls_ctx = &operation->ctx.mbedtls_ctx; uint8_t temp_output_buffer[MBEDTLS_MAX_BLOCK_LENGTH]; - if( mbedtls_ctx->cipher.unprocessed_len != 0 ) + if( operation->cipher.unprocessed_len != 0 ) { - if( mbedtls_ctx->alg == PSA_ALG_ECB_NO_PADDING || - mbedtls_ctx->alg == PSA_ALG_CBC_NO_PADDING ) + if( operation->alg == PSA_ALG_ECB_NO_PADDING || + operation->alg == PSA_ALG_CBC_NO_PADDING ) { status = PSA_ERROR_INVALID_ARGUMENT; goto exit; @@ -335,7 +329,7 @@ psa_status_t mbedtls_psa_cipher_finish( psa_cipher_operation_t *operation, } status = mbedtls_to_psa_error( - mbedtls_cipher_finish( &mbedtls_ctx->cipher, + mbedtls_cipher_finish( &operation->cipher, temp_output_buffer, output_length ) ); if( status != PSA_SUCCESS ) @@ -355,16 +349,14 @@ exit: return( status ); } -psa_status_t mbedtls_psa_cipher_abort( psa_cipher_operation_t *operation ) +psa_status_t mbedtls_psa_cipher_abort( mbedtls_psa_cipher_operation_t *operation ) { - mbedtls_psa_cipher_operation_t *mbedtls_ctx = &operation->ctx.mbedtls_ctx; - /* Sanity check (shouldn't happen: operation->alg should * always have been initialized to a valid value). */ - if( ! PSA_ALG_IS_CIPHER( mbedtls_ctx->alg ) ) + if( ! PSA_ALG_IS_CIPHER( operation->alg ) ) return( PSA_ERROR_BAD_STATE ); - mbedtls_cipher_free( &mbedtls_ctx->cipher ); + mbedtls_cipher_free( &operation->cipher ); return( PSA_SUCCESS ); } diff --git a/library/psa_crypto_cipher.h b/library/psa_crypto_cipher.h index 3a58a8111..127f18c44 100644 --- a/library/psa_crypto_cipher.h +++ b/library/psa_crypto_cipher.h @@ -48,7 +48,7 @@ * \retval #PSA_ERROR_CORRUPTION_DETECTED */ psa_status_t mbedtls_psa_cipher_encrypt_setup( - psa_cipher_operation_t *operation, + mbedtls_psa_cipher_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg ); @@ -78,7 +78,7 @@ psa_status_t mbedtls_psa_cipher_encrypt_setup( * \retval #PSA_ERROR_CORRUPTION_DETECTED */ psa_status_t mbedtls_psa_cipher_decrypt_setup( - psa_cipher_operation_t *operation, + mbedtls_psa_cipher_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg ); @@ -106,7 +106,7 @@ psa_status_t mbedtls_psa_cipher_decrypt_setup( * \retval #PSA_ERROR_INSUFFICIENT_MEMORY */ psa_status_t mbedtls_psa_cipher_generate_iv( - psa_cipher_operation_t *operation, + mbedtls_psa_cipher_operation_t *operation, uint8_t *iv, size_t iv_size, size_t *iv_length ); /** Set the IV for a symmetric encryption or decryption operation. @@ -130,7 +130,7 @@ psa_status_t mbedtls_psa_cipher_generate_iv( * \retval #PSA_ERROR_INSUFFICIENT_MEMORY */ psa_status_t mbedtls_psa_cipher_set_iv( - psa_cipher_operation_t *operation, + mbedtls_psa_cipher_operation_t *operation, const uint8_t *iv, size_t iv_length ); /** Encrypt or decrypt a message fragment in an active cipher operation. @@ -155,7 +155,7 @@ psa_status_t mbedtls_psa_cipher_set_iv( * \retval #PSA_ERROR_INSUFFICIENT_MEMORY */ psa_status_t mbedtls_psa_cipher_update( - psa_cipher_operation_t *operation, + mbedtls_psa_cipher_operation_t *operation, const uint8_t *input, size_t input_length, uint8_t *output, size_t output_size, size_t *output_length ); @@ -186,7 +186,7 @@ psa_status_t mbedtls_psa_cipher_update( * \retval #PSA_ERROR_INSUFFICIENT_MEMORY */ psa_status_t mbedtls_psa_cipher_finish( - psa_cipher_operation_t *operation, + mbedtls_psa_cipher_operation_t *operation, uint8_t *output, size_t output_size, size_t *output_length ); /** Abort a cipher operation. @@ -204,6 +204,6 @@ psa_status_t mbedtls_psa_cipher_finish( * * \retval #PSA_SUCCESS */ -psa_status_t mbedtls_psa_cipher_abort( psa_cipher_operation_t *operation ); +psa_status_t mbedtls_psa_cipher_abort( mbedtls_psa_cipher_operation_t *operation ); #endif /* PSA_CRYPTO_CIPHER_H */ diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index 7a9bc7e77..af63fbf88 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -756,13 +756,13 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup( #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ /* Fell through, meaning no accelerator supports this operation */ - status = mbedtls_psa_cipher_encrypt_setup( operation, + status = mbedtls_psa_cipher_encrypt_setup( &operation->ctx.mbedtls_ctx, attributes, key_buffer, key_buffer_size, alg ); if( status == PSA_SUCCESS ) - operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; + operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; return( status ); @@ -849,7 +849,7 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup( #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ /* Fell through, meaning no accelerator supports this operation */ - status = mbedtls_psa_cipher_decrypt_setup( operation, + status = mbedtls_psa_cipher_decrypt_setup( &operation->ctx.mbedtls_ctx, attributes, key_buffer, key_buffer_size, @@ -905,7 +905,7 @@ psa_status_t psa_driver_wrapper_cipher_generate_iv( switch( operation->id ) { case PSA_CRYPTO_MBED_TLS_DRIVER_ID: - return( mbedtls_psa_cipher_generate_iv( operation, + return( mbedtls_psa_cipher_generate_iv( &operation->ctx.mbedtls_ctx, iv, iv_size, iv_length ) ); @@ -939,7 +939,7 @@ psa_status_t psa_driver_wrapper_cipher_set_iv( switch( operation->id ) { case PSA_CRYPTO_MBED_TLS_DRIVER_ID: - return( mbedtls_psa_cipher_set_iv( operation, + return( mbedtls_psa_cipher_set_iv( &operation->ctx.mbedtls_ctx, iv, iv_length ) ); @@ -972,7 +972,7 @@ psa_status_t psa_driver_wrapper_cipher_update( switch( operation->id ) { case PSA_CRYPTO_MBED_TLS_DRIVER_ID: - return( mbedtls_psa_cipher_update( operation, + return( mbedtls_psa_cipher_update( &operation->ctx.mbedtls_ctx, input, input_length, output, @@ -1010,7 +1010,7 @@ psa_status_t psa_driver_wrapper_cipher_finish( switch( operation->id ) { case PSA_CRYPTO_MBED_TLS_DRIVER_ID: - return( mbedtls_psa_cipher_finish( operation, + return( mbedtls_psa_cipher_finish( &operation->ctx.mbedtls_ctx, output, output_size, output_length ) ); @@ -1051,7 +1051,7 @@ psa_status_t psa_driver_wrapper_cipher_abort( switch( operation->id ) { case PSA_CRYPTO_MBED_TLS_DRIVER_ID: - return( mbedtls_psa_cipher_abort( operation ) ); + return( mbedtls_psa_cipher_abort( &operation->ctx.mbedtls_ctx ) ); #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) diff --git a/tests/include/test/drivers/cipher.h b/tests/include/test/drivers/cipher.h index 06efa983a..a1eb51214 100644 --- a/tests/include/test/drivers/cipher.h +++ b/tests/include/test/drivers/cipher.h @@ -31,7 +31,7 @@ #include #include "mbedtls/cipher.h" -typedef psa_cipher_operation_t test_transparent_cipher_operation_t; +typedef mbedtls_psa_cipher_operation_t test_transparent_cipher_operation_t; typedef struct{ unsigned int initialised : 1; From 7cb9c3d36087c244da5a245b8032476e2511d6a5 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 10 Mar 2021 12:21:48 +0100 Subject: [PATCH 17/28] psa: cipher: Move to driver operation context application allocation Signed-off-by: Ronald Cron --- include/psa/crypto_builtin_cipher.h | 59 +++++++++ include/psa/crypto_driver_contexts.h | 13 ++ include/psa/crypto_struct.h | 22 +--- library/psa_crypto_driver_wrappers.c | 182 ++++++++------------------- tests/include/test/drivers/cipher.h | 70 ++++------- tests/src/drivers/cipher.c | 28 ++--- visualc/VS2010/mbedTLS.vcxproj | 1 + 7 files changed, 167 insertions(+), 208 deletions(-) create mode 100644 include/psa/crypto_builtin_cipher.h diff --git a/include/psa/crypto_builtin_cipher.h b/include/psa/crypto_builtin_cipher.h new file mode 100644 index 000000000..1c6e4c526 --- /dev/null +++ b/include/psa/crypto_builtin_cipher.h @@ -0,0 +1,59 @@ +/* + * Context structure declaration of the software-based driver which performs + * cipher operations through the PSA Crypto driver dispatch layer. + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef PSA_CRYPTO_BUILTIN_CIPHER_H +#define PSA_CRYPTO_BUILTIN_CIPHER_H + +#include +#include "mbedtls/cipher.h" + +typedef struct { + /** Context structure for the Mbed TLS cipher implementation. */ + psa_algorithm_t alg; + uint8_t iv_size; + uint8_t block_size; + mbedtls_cipher_context_t cipher; +} mbedtls_psa_cipher_operation_t; + +#define MBEDTLS_PSA_CIPHER_OPERATION_INIT {0, 0, 0, {0}} + +/* + * BEYOND THIS POINT, TEST DRIVER DECLARATIONS ONLY. + */ +#if defined(PSA_CRYPTO_DRIVER_TEST) + +typedef mbedtls_psa_cipher_operation_t + mbedtls_transparent_test_driver_cipher_operation_t; + +typedef struct { + unsigned int initialised : 1; + mbedtls_transparent_test_driver_cipher_operation_t ctx; +} mbedtls_opaque_test_driver_cipher_operation_t; + +#define MBEDTLS_TRANSPARENT_TEST_DRIVER_CIPHER_OPERATION_INIT \ + MBEDTLS_PSA_CIPHER_OPERATION_INIT + +#define MBEDTLS_OPAQUE_TEST_DRIVER_CIPHER_OPERATION_INIT \ + { 0, MBEDTLS_TRANSPARENT_TEST_DRIVER_CIPHER_OPERATION_INIT } + +#endif /* PSA_CRYPTO_DRIVER_TEST */ + +#endif /* PSA_CRYPTO_BUILTIN_CIPHER_H */ diff --git a/include/psa/crypto_driver_contexts.h b/include/psa/crypto_driver_contexts.h index fdf178f94..f3f08b8eb 100644 --- a/include/psa/crypto_driver_contexts.h +++ b/include/psa/crypto_driver_contexts.h @@ -31,6 +31,7 @@ /* Include the context structure definitions for the Mbed TLS software drivers */ #include "psa/crypto_builtin_hash.h" +#include "psa/crypto_builtin_cipher.h" /* Define the context to be used for an operation that is executed through the * PSA Driver wrapper layer as the union of all possible driver's contexts. @@ -47,5 +48,17 @@ typedef union { #endif } psa_driver_hash_context_t; +typedef union { + unsigned dummy; /* Make sure this structure is always non-empty */ + mbedtls_psa_cipher_operation_t mbedtls_ctx; +#if defined(PSA_CRYPTO_DRIVER_TEST) + mbedtls_transparent_test_driver_cipher_operation_t + transparent_test_driver_ctx; + + mbedtls_opaque_test_driver_cipher_operation_t + opaque_test_driver_ctx; +#endif +} psa_driver_cipher_context_t; + #endif /* PSA_CRYPTO_DRIVER_CONTEXTS_H */ /* End of automatically generated file. */ diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index 52f4973c0..0ef885df8 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -65,18 +65,12 @@ extern "C" { #include MBEDTLS_CONFIG_FILE #endif -#include "mbedtls/cipher.h" #include "mbedtls/cmac.h" #include "mbedtls/gcm.h" /* Include the context definition for the compiled-in drivers */ #include "psa/crypto_driver_contexts.h" -typedef struct { - /** Context structure for the assigned driver, when id is not zero. */ - void* ctx; -} psa_operation_driver_context_t; - struct psa_hash_operation_s { /** Unique ID indicating which driver got assigned to do the @@ -136,14 +130,6 @@ static inline struct psa_mac_operation_s psa_mac_operation_init( void ) return( v ); } -typedef struct { - /** Context structure for the Mbed TLS cipher implementation. */ - psa_algorithm_t alg; - uint8_t iv_size; - uint8_t block_size; - mbedtls_cipher_context_t cipher; -} mbedtls_psa_cipher_operation_t; - struct psa_cipher_operation_s { /** Unique ID indicating which driver got assigned to do the @@ -156,12 +142,8 @@ struct psa_cipher_operation_s unsigned int iv_required : 1; unsigned int iv_set : 1; - union - { - unsigned dummy; /* Enable easier initializing of the union. */ - mbedtls_psa_cipher_operation_t mbedtls_ctx; - psa_operation_driver_context_t driver; - } ctx; + + psa_driver_cipher_context_t ctx; }; #define PSA_CIPHER_OPERATION_INIT {0, 0, 0, {0}} diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index af63fbf88..75ea6f58b 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -719,7 +719,6 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup( psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); - void *driver_ctx = NULL; switch( location ) { @@ -728,28 +727,15 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup( * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) - driver_ctx = mbedtls_calloc( 1, - sizeof( test_transparent_cipher_operation_t ) ); - if( driver_ctx == NULL ) - return PSA_ERROR_INSUFFICIENT_MEMORY; - - status = test_transparent_cipher_encrypt_setup( driver_ctx, - attributes, - key_buffer, - key_buffer_size, - alg ); + status = test_transparent_cipher_encrypt_setup( + &operation->ctx.transparent_test_driver_ctx, + attributes, + key_buffer, + key_buffer_size, + alg ); /* Declared with fallback == true */ if( status == PSA_SUCCESS ) - { operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID; - operation->ctx.driver.ctx = driver_ctx; - } - else - { - mbedtls_platform_zeroize( driver_ctx, - sizeof( test_transparent_cipher_operation_t ) ); - mbedtls_free( driver_ctx ); - } if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); @@ -770,27 +756,14 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup( #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TEST_DRIVER_LIFETIME: - driver_ctx = - mbedtls_calloc( 1, sizeof(test_opaque_cipher_operation_t) ); - if( driver_ctx == NULL ) - return( PSA_ERROR_INSUFFICIENT_MEMORY ); + status = test_opaque_cipher_encrypt_setup( + &operation->ctx.opaque_test_driver_ctx, + attributes, + key_buffer, key_buffer_size, + alg ); - status = test_opaque_cipher_encrypt_setup( driver_ctx, - attributes, - key_buffer, - key_buffer_size, - alg ); if( status == PSA_SUCCESS ) - { operation->id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID; - operation->ctx.driver.ctx = driver_ctx; - } - else - { - mbedtls_platform_zeroize( - driver_ctx, sizeof( test_opaque_cipher_operation_t ) ); - mbedtls_free( driver_ctx ); - } return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ @@ -798,7 +771,6 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup( default: /* Key is declared with a lifetime not known to us */ (void)status; - (void)driver_ctx; return( PSA_ERROR_INVALID_ARGUMENT ); } } @@ -812,7 +784,6 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup( psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); - void *driver_ctx = NULL; switch( location ) { @@ -821,28 +792,15 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup( * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) - driver_ctx = mbedtls_calloc( 1, - sizeof( test_transparent_cipher_operation_t ) ); - if( driver_ctx == NULL ) - return PSA_ERROR_INSUFFICIENT_MEMORY; - - status = test_transparent_cipher_decrypt_setup( driver_ctx, - attributes, - key_buffer, - key_buffer_size, - alg ); + status = test_transparent_cipher_decrypt_setup( + &operation->ctx.transparent_test_driver_ctx, + attributes, + key_buffer, + key_buffer_size, + alg ); /* Declared with fallback == true */ if( status == PSA_SUCCESS ) - { operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID; - operation->ctx.driver.ctx = driver_ctx; - } - else - { - mbedtls_platform_zeroize( driver_ctx, - sizeof( test_transparent_cipher_operation_t ) ); - mbedtls_free( driver_ctx ); - } if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); @@ -863,27 +821,14 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup( #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TEST_DRIVER_LIFETIME: - driver_ctx = - mbedtls_calloc( 1, sizeof(test_opaque_cipher_operation_t) ); - if( driver_ctx == NULL ) - return( PSA_ERROR_INSUFFICIENT_MEMORY ); + status = test_opaque_cipher_decrypt_setup( + &operation->ctx.opaque_test_driver_ctx, + attributes, + key_buffer, key_buffer_size, + alg ); - status = test_opaque_cipher_decrypt_setup( driver_ctx, - attributes, - key_buffer, - key_buffer_size, - alg ); if( status == PSA_SUCCESS ) - { operation->id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID; - operation->ctx.driver.ctx = driver_ctx; - } - else - { - mbedtls_platform_zeroize( - driver_ctx, sizeof( test_opaque_cipher_operation_t ) ); - mbedtls_free( driver_ctx ); - } return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ @@ -891,7 +836,6 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup( default: /* Key is declared with a lifetime not known to us */ (void)status; - (void)driver_ctx; return( PSA_ERROR_INVALID_ARGUMENT ); } } @@ -913,14 +857,12 @@ psa_status_t psa_driver_wrapper_cipher_generate_iv( #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: return( test_transparent_cipher_generate_iv( - operation->ctx.driver.ctx, - iv, - iv_size, - iv_length ) ); + &operation->ctx.transparent_test_driver_ctx, + iv, iv_size, iv_length ) ); case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID: return( test_opaque_cipher_generate_iv( - operation->ctx.driver.ctx, + &operation->ctx.opaque_test_driver_ctx, iv, iv_size, iv_length ) ); @@ -946,14 +888,14 @@ psa_status_t psa_driver_wrapper_cipher_set_iv( #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: - return( test_transparent_cipher_set_iv( operation->ctx.driver.ctx, - iv, - iv_length ) ); + return( test_transparent_cipher_set_iv( + &operation->ctx.transparent_test_driver_ctx, + iv, iv_length ) ); case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID: - return( test_opaque_cipher_set_iv( operation->ctx.driver.ctx, - iv, - iv_length ) ); + return( test_opaque_cipher_set_iv( + &operation->ctx.opaque_test_driver_ctx, + iv, iv_length ) ); #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ } @@ -981,19 +923,16 @@ psa_status_t psa_driver_wrapper_cipher_update( #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: - return( test_transparent_cipher_update( operation->ctx.driver.ctx, - input, - input_length, - output, - output_size, - output_length ) ); + return( test_transparent_cipher_update( + &operation->ctx.transparent_test_driver_ctx, + input, input_length, + output, output_size, output_length ) ); + case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID: - return( test_opaque_cipher_update( operation->ctx.driver.ctx, - input, - input_length, - output, - output_size, - output_length ) ); + return( test_opaque_cipher_update( + &operation->ctx.opaque_test_driver_ctx, + input, input_length, + output, output_size, output_length ) ); #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ } @@ -1019,16 +958,14 @@ psa_status_t psa_driver_wrapper_cipher_finish( #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: - return( test_transparent_cipher_finish( operation->ctx.driver.ctx, - output, - output_size, - output_length ) ); + return( test_transparent_cipher_finish( + &operation->ctx.transparent_test_driver_ctx, + output, output_size, output_length ) ); case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID: - return( test_opaque_cipher_finish( operation->ctx.driver.ctx, - output, - output_size, - output_length ) ); + return( test_opaque_cipher_finish( + &operation->ctx.opaque_test_driver_ctx, + output, output_size, output_length ) ); #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ } @@ -1040,13 +977,6 @@ psa_status_t psa_driver_wrapper_cipher_abort( psa_cipher_operation_t *operation ) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_operation_driver_context_t *driver_context = &operation->ctx.driver; - - /* The object has (apparently) been initialized but it is not in use. It's - * ok to call abort on such an object, and there's nothing to do. */ - if( ( operation->id != PSA_CRYPTO_MBED_TLS_DRIVER_ID ) && - ( driver_context->ctx == NULL ) ) - return( PSA_SUCCESS ); switch( operation->id ) { @@ -1056,23 +986,19 @@ psa_status_t psa_driver_wrapper_cipher_abort( #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: - status = test_transparent_cipher_abort( driver_context->ctx ); + status = test_transparent_cipher_abort( + &operation->ctx.transparent_test_driver_ctx ); mbedtls_platform_zeroize( - driver_context->ctx, - sizeof( test_transparent_cipher_operation_t ) ); - mbedtls_free( driver_context->ctx ); - driver_context->ctx = NULL; - + &operation->ctx.transparent_test_driver_ctx, + sizeof( operation->ctx.transparent_test_driver_ctx ) ); return( status ); case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID: - status = test_opaque_cipher_abort( driver_context->ctx ); + status = test_opaque_cipher_abort( + &operation->ctx.opaque_test_driver_ctx ); mbedtls_platform_zeroize( - driver_context->ctx, - sizeof( test_opaque_cipher_operation_t ) ); - mbedtls_free( driver_context->ctx ); - driver_context->ctx = NULL; - + &operation->ctx.opaque_test_driver_ctx, + sizeof( operation->ctx.opaque_test_driver_ctx ) ); return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ diff --git a/tests/include/test/drivers/cipher.h b/tests/include/test/drivers/cipher.h index a1eb51214..56b11591f 100644 --- a/tests/include/test/drivers/cipher.h +++ b/tests/include/test/drivers/cipher.h @@ -31,12 +31,6 @@ #include #include "mbedtls/cipher.h" -typedef mbedtls_psa_cipher_operation_t test_transparent_cipher_operation_t; - -typedef struct{ - unsigned int initialised : 1; - test_transparent_cipher_operation_t ctx; -} test_opaque_cipher_operation_t; typedef struct { /* If non-null, on success, copy this to the output. */ @@ -73,44 +67,36 @@ psa_status_t test_transparent_cipher_decrypt( uint8_t *output, size_t output_size, size_t *output_length); psa_status_t test_transparent_cipher_encrypt_setup( - test_transparent_cipher_operation_t *operation, + mbedtls_transparent_test_driver_cipher_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, psa_algorithm_t alg); psa_status_t test_transparent_cipher_decrypt_setup( - test_transparent_cipher_operation_t *operation, + mbedtls_transparent_test_driver_cipher_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, psa_algorithm_t alg); psa_status_t test_transparent_cipher_abort( - test_transparent_cipher_operation_t *operation); + mbedtls_transparent_test_driver_cipher_operation_t *operation ); psa_status_t test_transparent_cipher_generate_iv( - test_transparent_cipher_operation_t *operation, - uint8_t *iv, - size_t iv_size, - size_t *iv_length); + mbedtls_transparent_test_driver_cipher_operation_t *operation, + uint8_t *iv, size_t iv_size, size_t *iv_length); psa_status_t test_transparent_cipher_set_iv( - test_transparent_cipher_operation_t *operation, - const uint8_t *iv, - size_t iv_length); + mbedtls_transparent_test_driver_cipher_operation_t *operation, + const uint8_t *iv, size_t iv_length); psa_status_t test_transparent_cipher_update( - test_transparent_cipher_operation_t *operation, - const uint8_t *input, - size_t input_length, - uint8_t *output, - size_t output_size, - size_t *output_length); + mbedtls_transparent_test_driver_cipher_operation_t *operation, + const uint8_t *input, size_t input_length, + uint8_t *output, size_t output_size, size_t *output_length); psa_status_t test_transparent_cipher_finish( - test_transparent_cipher_operation_t *operation, - uint8_t *output, - size_t output_size, - size_t *output_length); + mbedtls_transparent_test_driver_cipher_operation_t *operation, + uint8_t *output, size_t output_size, size_t *output_length); /* * opaque versions @@ -130,44 +116,36 @@ psa_status_t test_opaque_cipher_decrypt( uint8_t *output, size_t output_size, size_t *output_length); psa_status_t test_opaque_cipher_encrypt_setup( - test_opaque_cipher_operation_t *operation, + mbedtls_opaque_test_driver_cipher_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, psa_algorithm_t alg); psa_status_t test_opaque_cipher_decrypt_setup( - test_opaque_cipher_operation_t *operation, + mbedtls_opaque_test_driver_cipher_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, psa_algorithm_t alg); psa_status_t test_opaque_cipher_abort( - test_opaque_cipher_operation_t *operation); + mbedtls_opaque_test_driver_cipher_operation_t *operation); psa_status_t test_opaque_cipher_generate_iv( - test_opaque_cipher_operation_t *operation, - uint8_t *iv, - size_t iv_size, - size_t *iv_length); + mbedtls_opaque_test_driver_cipher_operation_t *operation, + uint8_t *iv, size_t iv_size, size_t *iv_length); psa_status_t test_opaque_cipher_set_iv( - test_opaque_cipher_operation_t *operation, - const uint8_t *iv, - size_t iv_length); + mbedtls_opaque_test_driver_cipher_operation_t *operation, + const uint8_t *iv, size_t iv_length); psa_status_t test_opaque_cipher_update( - test_opaque_cipher_operation_t *operation, - const uint8_t *input, - size_t input_length, - uint8_t *output, - size_t output_size, - size_t *output_length); + mbedtls_opaque_test_driver_cipher_operation_t *operation, + const uint8_t *input, size_t input_length, + uint8_t *output, size_t output_size, size_t *output_length); psa_status_t test_opaque_cipher_finish( - test_opaque_cipher_operation_t *operation, - uint8_t *output, - size_t output_size, - size_t *output_length); + mbedtls_opaque_test_driver_cipher_operation_t *operation, + uint8_t *output, size_t output_size, size_t *output_length); #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_TEST_DRIVERS_CIPHER_H */ diff --git a/tests/src/drivers/cipher.c b/tests/src/drivers/cipher.c index 6a205b487..607cd949b 100644 --- a/tests/src/drivers/cipher.c +++ b/tests/src/drivers/cipher.c @@ -206,7 +206,7 @@ psa_status_t test_transparent_cipher_decrypt( } psa_status_t test_transparent_cipher_encrypt_setup( - test_transparent_cipher_operation_t *operation, + mbedtls_transparent_test_driver_cipher_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, psa_algorithm_t alg) @@ -230,7 +230,7 @@ psa_status_t test_transparent_cipher_encrypt_setup( } psa_status_t test_transparent_cipher_decrypt_setup( - test_transparent_cipher_operation_t *operation, + mbedtls_transparent_test_driver_cipher_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, psa_algorithm_t alg) @@ -248,7 +248,7 @@ psa_status_t test_transparent_cipher_decrypt_setup( } psa_status_t test_transparent_cipher_abort( - test_transparent_cipher_operation_t *operation) + mbedtls_transparent_test_driver_cipher_operation_t *operation) { test_driver_cipher_hooks.hits++; @@ -267,7 +267,7 @@ psa_status_t test_transparent_cipher_abort( } psa_status_t test_transparent_cipher_generate_iv( - test_transparent_cipher_operation_t *operation, + mbedtls_transparent_test_driver_cipher_operation_t *operation, uint8_t *iv, size_t iv_size, size_t *iv_length) @@ -284,7 +284,7 @@ psa_status_t test_transparent_cipher_generate_iv( } psa_status_t test_transparent_cipher_set_iv( - test_transparent_cipher_operation_t *operation, + mbedtls_transparent_test_driver_cipher_operation_t *operation, const uint8_t *iv, size_t iv_length) { @@ -299,7 +299,7 @@ psa_status_t test_transparent_cipher_set_iv( } psa_status_t test_transparent_cipher_update( - test_transparent_cipher_operation_t *operation, + mbedtls_transparent_test_driver_cipher_operation_t *operation, const uint8_t *input, size_t input_length, uint8_t *output, @@ -331,7 +331,7 @@ psa_status_t test_transparent_cipher_update( } psa_status_t test_transparent_cipher_finish( - test_transparent_cipher_operation_t *operation, + mbedtls_transparent_test_driver_cipher_operation_t *operation, uint8_t *output, size_t output_size, size_t *output_length) @@ -401,7 +401,7 @@ psa_status_t test_opaque_cipher_decrypt( } psa_status_t test_opaque_cipher_encrypt_setup( - test_opaque_cipher_operation_t *operation, + mbedtls_opaque_test_driver_cipher_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, psa_algorithm_t alg) @@ -415,7 +415,7 @@ psa_status_t test_opaque_cipher_encrypt_setup( } psa_status_t test_opaque_cipher_decrypt_setup( - test_opaque_cipher_operation_t *operation, + mbedtls_opaque_test_driver_cipher_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, psa_algorithm_t alg) @@ -429,14 +429,14 @@ psa_status_t test_opaque_cipher_decrypt_setup( } psa_status_t test_opaque_cipher_abort( - test_opaque_cipher_operation_t *operation) + mbedtls_opaque_test_driver_cipher_operation_t *operation ) { (void) operation; return( PSA_ERROR_NOT_SUPPORTED ); } psa_status_t test_opaque_cipher_generate_iv( - test_opaque_cipher_operation_t *operation, + mbedtls_opaque_test_driver_cipher_operation_t *operation, uint8_t *iv, size_t iv_size, size_t *iv_length) @@ -449,7 +449,7 @@ psa_status_t test_opaque_cipher_generate_iv( } psa_status_t test_opaque_cipher_set_iv( - test_opaque_cipher_operation_t *operation, + mbedtls_opaque_test_driver_cipher_operation_t *operation, const uint8_t *iv, size_t iv_length) { @@ -460,7 +460,7 @@ psa_status_t test_opaque_cipher_set_iv( } psa_status_t test_opaque_cipher_update( - test_opaque_cipher_operation_t *operation, + mbedtls_opaque_test_driver_cipher_operation_t *operation, const uint8_t *input, size_t input_length, uint8_t *output, @@ -477,7 +477,7 @@ psa_status_t test_opaque_cipher_update( } psa_status_t test_opaque_cipher_finish( - test_opaque_cipher_operation_t *operation, + mbedtls_opaque_test_driver_cipher_operation_t *operation, uint8_t *output, size_t output_size, size_t *output_length) diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj index 0db6c4c7e..0fb1b5c7f 100644 --- a/visualc/VS2010/mbedTLS.vcxproj +++ b/visualc/VS2010/mbedTLS.vcxproj @@ -222,6 +222,7 @@ + From 8287e6b078749249c298af86841883e54ebc8d59 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 12 Mar 2021 10:35:18 +0100 Subject: [PATCH 18/28] psa: cipher: Add utility functions Isolate the Mbed TLS cipher driver interfaces. Do the actual cipher operations in utility functions that are just called by the interface functions. The utility functions are intended to be also called by the cipher test driver interface functions (to be introduced subsequently) and allow to test the case where cipher operations are fully accelerated with no fallback (component test_psa_crypto_config_basic of all.sh). Signed-off-by: Ronald Cron --- library/psa_crypto_cipher.c | 111 +++++++++++++++++++++++++++--------- 1 file changed, 84 insertions(+), 27 deletions(-) diff --git a/library/psa_crypto_cipher.c b/library/psa_crypto_cipher.c index e86aa9548..147ce815d 100644 --- a/library/psa_crypto_cipher.c +++ b/library/psa_crypto_cipher.c @@ -119,7 +119,7 @@ exit: return( mbedtls_to_psa_error( ret ) ); } -psa_status_t mbedtls_psa_cipher_encrypt_setup( +static psa_status_t cipher_encrypt_setup( mbedtls_psa_cipher_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, @@ -130,7 +130,7 @@ psa_status_t mbedtls_psa_cipher_encrypt_setup( alg, MBEDTLS_ENCRYPT ) ); } -psa_status_t mbedtls_psa_cipher_decrypt_setup( +static psa_status_t cipher_decrypt_setup( mbedtls_psa_cipher_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, @@ -141,7 +141,18 @@ psa_status_t mbedtls_psa_cipher_decrypt_setup( alg, MBEDTLS_DECRYPT ) ); } -psa_status_t mbedtls_psa_cipher_generate_iv( +static psa_status_t cipher_set_iv( mbedtls_psa_cipher_operation_t *operation, + const uint8_t *iv, size_t iv_length ) +{ + if( iv_length != operation->iv_size ) + return( PSA_ERROR_INVALID_ARGUMENT ); + + return( mbedtls_to_psa_error( + mbedtls_cipher_set_iv( &operation->cipher, + iv, iv_length ) ) ); +} + +static psa_status_t cipher_generate_iv( mbedtls_psa_cipher_operation_t *operation, uint8_t *iv, size_t iv_size, size_t *iv_length ) { @@ -157,19 +168,7 @@ psa_status_t mbedtls_psa_cipher_generate_iv( *iv_length = operation->iv_size; - return( mbedtls_psa_cipher_set_iv( operation, iv, *iv_length ) ); -} - -psa_status_t mbedtls_psa_cipher_set_iv( mbedtls_psa_cipher_operation_t *operation, - const uint8_t *iv, - size_t iv_length ) -{ - if( iv_length != operation->iv_size ) - return( PSA_ERROR_INVALID_ARGUMENT ); - - return( mbedtls_to_psa_error( - mbedtls_cipher_set_iv( &operation->cipher, - iv, iv_length ) ) ); + return( cipher_set_iv( operation, iv, *iv_length ) ); } /* Process input for which the algorithm is set to ECB mode. This requires @@ -260,12 +259,12 @@ exit: return( status ); } -psa_status_t mbedtls_psa_cipher_update( mbedtls_psa_cipher_operation_t *operation, - const uint8_t *input, - size_t input_length, - uint8_t *output, - size_t output_size, - size_t *output_length ) +static psa_status_t cipher_update( mbedtls_psa_cipher_operation_t *operation, + const uint8_t *input, + size_t input_length, + uint8_t *output, + size_t output_size, + size_t *output_length ) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; size_t expected_output_size; @@ -310,10 +309,10 @@ psa_status_t mbedtls_psa_cipher_update( mbedtls_psa_cipher_operation_t *operatio return( status ); } -psa_status_t mbedtls_psa_cipher_finish( mbedtls_psa_cipher_operation_t *operation, - uint8_t *output, - size_t output_size, - size_t *output_length ) +static psa_status_t cipher_finish( mbedtls_psa_cipher_operation_t *operation, + uint8_t *output, + size_t output_size, + size_t *output_length ) { psa_status_t status = PSA_ERROR_GENERIC_ERROR; uint8_t temp_output_buffer[MBEDTLS_MAX_BLOCK_LENGTH]; @@ -349,7 +348,7 @@ exit: return( status ); } -psa_status_t mbedtls_psa_cipher_abort( mbedtls_psa_cipher_operation_t *operation ) +static psa_status_t cipher_abort( mbedtls_psa_cipher_operation_t *operation ) { /* Sanity check (shouldn't happen: operation->alg should * always have been initialized to a valid value). */ @@ -361,4 +360,62 @@ psa_status_t mbedtls_psa_cipher_abort( mbedtls_psa_cipher_operation_t *operation return( PSA_SUCCESS ); } +psa_status_t mbedtls_psa_cipher_encrypt_setup( + mbedtls_psa_cipher_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg ) +{ + return( cipher_encrypt_setup( + operation, attributes, key_buffer, key_buffer_size, alg ) ); +} + +psa_status_t mbedtls_psa_cipher_decrypt_setup( + mbedtls_psa_cipher_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg ) +{ + return( cipher_decrypt_setup( + operation, attributes, key_buffer, key_buffer_size, alg ) ); +} + +psa_status_t mbedtls_psa_cipher_generate_iv( + mbedtls_psa_cipher_operation_t *operation, + uint8_t *iv, size_t iv_size, size_t *iv_length ) +{ + return( cipher_generate_iv( operation, iv, iv_size, iv_length ) ); +} + +psa_status_t mbedtls_psa_cipher_set_iv( mbedtls_psa_cipher_operation_t *operation, + const uint8_t *iv, + size_t iv_length ) +{ + return( cipher_set_iv( operation, iv, iv_length ) ); +} + +psa_status_t mbedtls_psa_cipher_update( mbedtls_psa_cipher_operation_t *operation, + const uint8_t *input, + size_t input_length, + uint8_t *output, + size_t output_size, + size_t *output_length ) +{ + return( cipher_update( operation, input, input_length, + output, output_size, output_length ) ); +} + +psa_status_t mbedtls_psa_cipher_finish( mbedtls_psa_cipher_operation_t *operation, + uint8_t *output, + size_t output_size, + size_t *output_length ) +{ + return( cipher_finish( operation, output, output_size, output_length ) ); +} + +psa_status_t mbedtls_psa_cipher_abort( mbedtls_psa_cipher_operation_t *operation ) +{ + return( cipher_abort( operation ) ); +} + #endif /* MBEDTLS_PSA_CRYPTO_C */ From 3522e32132c77973355de78069d36cf2a17897c2 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 12 Mar 2021 11:08:49 +0100 Subject: [PATCH 19/28] psa: cipher: Add transparent driver test specific entry points Signed-off-by: Ronald Cron --- library/psa_crypto_cipher.c | 62 +++++++++++++++++++++++++++++++++++++ library/psa_crypto_cipher.h | 38 +++++++++++++++++++++++ tests/src/drivers/cipher.c | 39 +++++++++-------------- 3 files changed, 114 insertions(+), 25 deletions(-) diff --git a/library/psa_crypto_cipher.c b/library/psa_crypto_cipher.c index 147ce815d..f47df9e29 100644 --- a/library/psa_crypto_cipher.c +++ b/library/psa_crypto_cipher.c @@ -418,4 +418,66 @@ psa_status_t mbedtls_psa_cipher_abort( mbedtls_psa_cipher_operation_t *operation return( cipher_abort( operation ) ); } +/* + * BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY. + */ + +#if defined(PSA_CRYPTO_DRIVER_TEST) +psa_status_t mbedtls_transparent_test_driver_cipher_encrypt_setup( + mbedtls_psa_cipher_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg ) +{ + return( cipher_encrypt_setup( + operation, attributes, key_buffer, key_buffer_size, alg ) ); +} + +psa_status_t mbedtls_transparent_test_driver_cipher_decrypt_setup( + mbedtls_psa_cipher_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg ) +{ + return( cipher_decrypt_setup( + operation, attributes, key_buffer, key_buffer_size, alg ) ); +} + +psa_status_t mbedtls_transparent_test_driver_cipher_generate_iv( + mbedtls_psa_cipher_operation_t *operation, + uint8_t *iv, size_t iv_size, size_t *iv_length ) +{ + return( cipher_generate_iv( operation, iv, iv_size, iv_length ) ); +} + +psa_status_t mbedtls_transparent_test_driver_cipher_set_iv( + mbedtls_psa_cipher_operation_t *operation, + const uint8_t *iv, size_t iv_length ) +{ + return( cipher_set_iv( operation, iv, iv_length ) ); +} + +psa_status_t mbedtls_transparent_test_driver_cipher_update( + mbedtls_psa_cipher_operation_t *operation, + const uint8_t *input, size_t input_length, + uint8_t *output, size_t output_size, size_t *output_length ) +{ + return( cipher_update( operation, input, input_length, + output, output_size, output_length ) ); +} + +psa_status_t mbedtls_transparent_test_driver_cipher_finish( + mbedtls_psa_cipher_operation_t *operation, + uint8_t *output, size_t output_size, size_t *output_length ) +{ + return( cipher_finish( operation, output, output_size, output_length ) ); +} + +psa_status_t mbedtls_transparent_test_driver_cipher_abort( + mbedtls_psa_cipher_operation_t *operation ) +{ + return( cipher_abort( operation ) ); +} +#endif /* PSA_CRYPTO_DRIVER_TEST */ + #endif /* MBEDTLS_PSA_CRYPTO_C */ diff --git a/library/psa_crypto_cipher.h b/library/psa_crypto_cipher.h index 127f18c44..cb85ee17c 100644 --- a/library/psa_crypto_cipher.h +++ b/library/psa_crypto_cipher.h @@ -206,4 +206,42 @@ psa_status_t mbedtls_psa_cipher_finish( */ psa_status_t mbedtls_psa_cipher_abort( mbedtls_psa_cipher_operation_t *operation ); +/* + * BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY. + */ + +#if defined(PSA_CRYPTO_DRIVER_TEST) +psa_status_t mbedtls_transparent_test_driver_cipher_encrypt_setup( + mbedtls_psa_cipher_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg ); + +psa_status_t mbedtls_transparent_test_driver_cipher_decrypt_setup( + mbedtls_psa_cipher_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg ); + +psa_status_t mbedtls_transparent_test_driver_cipher_generate_iv( + mbedtls_psa_cipher_operation_t *operation, + uint8_t *iv, size_t iv_size, size_t *iv_length ); + +psa_status_t mbedtls_transparent_test_driver_cipher_set_iv( + mbedtls_psa_cipher_operation_t *operation, + const uint8_t *iv, size_t iv_length ); + +psa_status_t mbedtls_transparent_test_driver_cipher_update( + mbedtls_psa_cipher_operation_t *operation, + const uint8_t *input, size_t input_length, + uint8_t *output, size_t output_size, size_t *output_length ); + +psa_status_t mbedtls_transparent_test_driver_cipher_finish( + mbedtls_psa_cipher_operation_t *operation, + uint8_t *output, size_t output_size, size_t *output_length ); + +psa_status_t mbedtls_transparent_test_driver_cipher_abort( + mbedtls_psa_cipher_operation_t *operation ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ + #endif /* PSA_CRYPTO_CIPHER_H */ diff --git a/tests/src/drivers/cipher.c b/tests/src/drivers/cipher.c index 607cd949b..295d47a69 100644 --- a/tests/src/drivers/cipher.c +++ b/tests/src/drivers/cipher.c @@ -222,11 +222,8 @@ psa_status_t test_transparent_cipher_encrypt_setup( if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) return( test_driver_cipher_hooks.forced_status ); - return ( mbedtls_psa_cipher_encrypt_setup( operation, - attributes, - key, - key_length, - alg ) ); + return ( mbedtls_transparent_test_driver_cipher_encrypt_setup( + operation, attributes, key, key_length, alg ) ); } psa_status_t test_transparent_cipher_decrypt_setup( @@ -240,11 +237,8 @@ psa_status_t test_transparent_cipher_decrypt_setup( if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) return( test_driver_cipher_hooks.forced_status ); - return ( mbedtls_psa_cipher_decrypt_setup( operation, - attributes, - key, - key_length, - alg ) ); + return ( mbedtls_transparent_test_driver_cipher_decrypt_setup( + operation, attributes, key, key_length, alg ) ); } psa_status_t test_transparent_cipher_abort( @@ -255,7 +249,7 @@ psa_status_t test_transparent_cipher_abort( if( operation->alg == 0 ) return( PSA_SUCCESS ); - mbedtls_psa_cipher_abort( operation ); + mbedtls_transparent_test_driver_cipher_abort( operation ); /* Wiping the entire struct here, instead of member-by-member. This is * useful for the test suite, since it gives a chance of catching memory @@ -277,10 +271,8 @@ psa_status_t test_transparent_cipher_generate_iv( if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) return( test_driver_cipher_hooks.forced_status ); - return( mbedtls_psa_cipher_generate_iv( operation, - iv, - iv_size, - iv_length ) ); + return( mbedtls_transparent_test_driver_cipher_generate_iv( + operation, iv, iv_size, iv_length ) ); } psa_status_t test_transparent_cipher_set_iv( @@ -293,9 +285,8 @@ psa_status_t test_transparent_cipher_set_iv( if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) return( test_driver_cipher_hooks.forced_status ); - return( mbedtls_psa_cipher_set_iv( operation, - iv, - iv_length ) ); + return( mbedtls_transparent_test_driver_cipher_set_iv( + operation, iv, iv_length ) ); } psa_status_t test_transparent_cipher_update( @@ -324,10 +315,9 @@ psa_status_t test_transparent_cipher_update( if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) return( test_driver_cipher_hooks.forced_status ); - return( mbedtls_psa_cipher_update( operation, - input, input_length, - output, output_size, - output_length ) ); + return( mbedtls_transparent_test_driver_cipher_update( + operation, input, input_length, + output, output_size, output_length ) ); } psa_status_t test_transparent_cipher_finish( @@ -354,9 +344,8 @@ psa_status_t test_transparent_cipher_finish( if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) return( test_driver_cipher_hooks.forced_status ); - return( mbedtls_psa_cipher_finish( operation, - output, output_size, - output_length ) ); + return( mbedtls_transparent_test_driver_cipher_finish( + operation, output, output_size, output_length ) ); } /* From 5d9b00dddbd4acd1c9eb0a472bfd4a01bc136be4 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 10 Mar 2021 14:43:20 +0100 Subject: [PATCH 20/28] psa: cipher: Include Mbed TLS cipher driver only if necessary Signed-off-by: Ronald Cron --- include/psa/crypto_builtin_cipher.h | 11 +++++ library/psa_crypto_cipher.c | 39 ++++++++++++++--- library/psa_crypto_driver_wrappers.c | 42 ++++++++++++++++++- ...test_suite_psa_crypto_driver_wrappers.data | 6 +-- 4 files changed, 89 insertions(+), 9 deletions(-) diff --git a/include/psa/crypto_builtin_cipher.h b/include/psa/crypto_builtin_cipher.h index 1c6e4c526..72d3e8d7a 100644 --- a/include/psa/crypto_builtin_cipher.h +++ b/include/psa/crypto_builtin_cipher.h @@ -25,6 +25,17 @@ #include #include "mbedtls/cipher.h" +#if defined(MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_CTR) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_CFB) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_OFB) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_XTS) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7) +#define MBEDTLS_PSA_BUILTIN_CIPHER 1 +#endif + typedef struct { /** Context structure for the Mbed TLS cipher implementation. */ psa_algorithm_t alg; diff --git a/library/psa_crypto_cipher.c b/library/psa_crypto_cipher.c index f47df9e29..ca91eaa36 100644 --- a/library/psa_crypto_cipher.c +++ b/library/psa_crypto_cipher.c @@ -31,6 +31,32 @@ #include +#if ( defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES) || \ + ( defined(PSA_CRYPTO_DRIVER_TEST) && \ + defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DES) ) ) +#define BUILTIN_KEY_TYPE_DES 1 +#endif + +#if ( defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING) || \ + ( defined(PSA_CRYPTO_DRIVER_TEST) && \ + defined(MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING) ) ) +#define BUILTIN_ALG_CBC_NO_PADDING 1 +#endif + +#if ( defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7) || \ + ( defined(PSA_CRYPTO_DRIVER_TEST) && \ + defined(MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7) ) ) +#define BUILTIN_ALG_CBC_PKCS7 1 +#endif + +#if ( defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_CHACHA20) || \ + ( defined(PSA_CRYPTO_DRIVER_TEST) && \ + defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20) ) ) +#define BUILTIN_KEY_TYPE_CHACHA20 1 +#endif + +#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) || defined(PSA_CRYPTO_DRIVER_TEST) + static psa_status_t cipher_setup( mbedtls_psa_cipher_operation_t *operation, const psa_key_attributes_t *attributes, @@ -60,7 +86,7 @@ static psa_status_t cipher_setup( if( ret != 0 ) goto exit; -#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES) +#if defined(BUILTIN_KEY_TYPE_DES) if( key_type == PSA_KEY_TYPE_DES && key_bits == 128 ) { /* Two-key Triple-DES is 3-key Triple-DES with K1=K3 */ @@ -80,8 +106,8 @@ static psa_status_t cipher_setup( if( ret != 0 ) goto exit; -#if defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7) +#if defined(BUILTIN_ALG_CBC_NO_PADDING) || \ + defined(BUILTIN_ALG_CBC_PKCS7) switch( alg ) { case PSA_ALG_CBC_NO_PADDING: @@ -99,7 +125,7 @@ static psa_status_t cipher_setup( } if( ret != 0 ) goto exit; -#endif /* MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING || MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7 */ +#endif /* BUILTIN_ALG_CBC_NO_PADDING || BUILTIN_ALG_CBC_PKCS7 */ operation->block_size = ( PSA_ALG_IS_STREAM_CIPHER( alg ) ? 1 : PSA_BLOCK_CIPHER_BLOCK_LENGTH( key_type ) ); @@ -108,7 +134,7 @@ static psa_status_t cipher_setup( { operation->iv_size = PSA_BLOCK_CIPHER_BLOCK_LENGTH( key_type ); } -#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_CHACHA20) +#if defined(BUILTIN_KEY_TYPE_CHACHA20) else if( ( alg == PSA_ALG_STREAM_CIPHER ) && ( key_type == PSA_KEY_TYPE_CHACHA20 ) ) @@ -359,7 +385,9 @@ static psa_status_t cipher_abort( mbedtls_psa_cipher_operation_t *operation ) return( PSA_SUCCESS ); } +#endif /* MBEDTLS_PSA_BUILTIN_CIPHER || PSA_CRYPTO_DRIVER_TEST */ +#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) psa_status_t mbedtls_psa_cipher_encrypt_setup( mbedtls_psa_cipher_operation_t *operation, const psa_key_attributes_t *attributes, @@ -417,6 +445,7 @@ psa_status_t mbedtls_psa_cipher_abort( mbedtls_psa_cipher_operation_t *operation { return( cipher_abort( operation ) ); } +#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */ /* * BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY. diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index 75ea6f58b..765920fc8 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -741,6 +741,7 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup( return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ +#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) /* Fell through, meaning no accelerator supports this operation */ status = mbedtls_psa_cipher_encrypt_setup( &operation->ctx.mbedtls_ctx, attributes, @@ -751,6 +752,8 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup( operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; return( status ); +#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */ + return( PSA_ERROR_NOT_SUPPORTED ); /* Add cases for opaque driver here */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) @@ -771,6 +774,9 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup( default: /* Key is declared with a lifetime not known to us */ (void)status; + (void)key_buffer; + (void)key_buffer_size; + (void)alg; return( PSA_ERROR_INVALID_ARGUMENT ); } } @@ -806,6 +812,7 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup( return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ +#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) /* Fell through, meaning no accelerator supports this operation */ status = mbedtls_psa_cipher_decrypt_setup( &operation->ctx.mbedtls_ctx, attributes, @@ -816,6 +823,8 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup( operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; return( status ); +#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */ + return( PSA_ERROR_NOT_SUPPORTED ); /* Add cases for opaque driver here */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) @@ -836,6 +845,9 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup( default: /* Key is declared with a lifetime not known to us */ (void)status; + (void)key_buffer; + (void)key_buffer_size; + (void)alg; return( PSA_ERROR_INVALID_ARGUMENT ); } } @@ -848,11 +860,14 @@ psa_status_t psa_driver_wrapper_cipher_generate_iv( { switch( operation->id ) { +#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) case PSA_CRYPTO_MBED_TLS_DRIVER_ID: return( mbedtls_psa_cipher_generate_iv( &operation->ctx.mbedtls_ctx, iv, iv_size, iv_length ) ); +#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */ + #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: @@ -870,6 +885,10 @@ psa_status_t psa_driver_wrapper_cipher_generate_iv( #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ } + (void)iv; + (void)iv_size; + (void)iv_length; + return( PSA_ERROR_INVALID_ARGUMENT ); } @@ -880,10 +899,12 @@ psa_status_t psa_driver_wrapper_cipher_set_iv( { switch( operation->id ) { +#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) case PSA_CRYPTO_MBED_TLS_DRIVER_ID: return( mbedtls_psa_cipher_set_iv( &operation->ctx.mbedtls_ctx, iv, iv_length ) ); +#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) @@ -900,6 +921,9 @@ psa_status_t psa_driver_wrapper_cipher_set_iv( #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ } + (void)iv; + (void)iv_length; + return( PSA_ERROR_INVALID_ARGUMENT ); } @@ -913,6 +937,7 @@ psa_status_t psa_driver_wrapper_cipher_update( { switch( operation->id ) { +#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) case PSA_CRYPTO_MBED_TLS_DRIVER_ID: return( mbedtls_psa_cipher_update( &operation->ctx.mbedtls_ctx, input, @@ -920,6 +945,8 @@ psa_status_t psa_driver_wrapper_cipher_update( output, output_size, output_length ) ); +#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */ + #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: @@ -937,6 +964,12 @@ psa_status_t psa_driver_wrapper_cipher_update( #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ } + (void)input; + (void)input_length; + (void)output; + (void)output_size; + (void)output_length; + return( PSA_ERROR_INVALID_ARGUMENT ); } @@ -948,12 +981,13 @@ psa_status_t psa_driver_wrapper_cipher_finish( { switch( operation->id ) { +#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) case PSA_CRYPTO_MBED_TLS_DRIVER_ID: return( mbedtls_psa_cipher_finish( &operation->ctx.mbedtls_ctx, output, output_size, output_length ) ); - +#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) @@ -970,6 +1004,10 @@ psa_status_t psa_driver_wrapper_cipher_finish( #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ } + (void)output; + (void)output_size; + (void)output_length; + return( PSA_ERROR_INVALID_ARGUMENT ); } @@ -980,8 +1018,10 @@ psa_status_t psa_driver_wrapper_cipher_abort( switch( operation->id ) { +#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) case PSA_CRYPTO_MBED_TLS_DRIVER_ID: return( mbedtls_psa_cipher_abort( &operation->ctx.mbedtls_ctx ) ); +#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.data b/tests/suites/test_suite_psa_crypto_driver_wrappers.data index b4ae8e56d..07311e47a 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.data +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.data @@ -93,11 +93,11 @@ depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES cipher_encrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":"8f9408fe80a81d3e813da3c7b0b2bd":0:PSA_SUCCESS:PSA_SUCCESS PSA symmetric encrypt: AES-CTR, 16 bytes, fallback -depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_BUILTIN_CIPHER cipher_encrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":"8f9408fe80a81d3e813da3c7b0b2bd32":0:PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS PSA symmetric encrypt: AES-CTR, 15 bytes, fallback -depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_BUILTIN_CIPHER cipher_encrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":"8f9408fe80a81d3e813da3c7b0b2bd":0:PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS PSA symmetric encrypt: AES-CTR, 16 bytes, fake @@ -113,7 +113,7 @@ depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES cipher_decrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"396ee84fb75fdbb5c2b13c7fe5a654aa":"dd3b5e5319b7591daab1e1a92687feb2":0:PSA_SUCCESS:PSA_SUCCESS PSA symmetric decrypt: AES-CTR, 16 bytes, fallback -depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_BUILTIN_CIPHER cipher_decrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"396ee84fb75fdbb5c2b13c7fe5a654aa":"dd3b5e5319b7591daab1e1a92687feb2":0:PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS PSA symmetric decrypt: AES-CTR, 16 bytes, fake From 067de3b5ea85ac6e1b0c284b703274ded878fc8f Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 11 Mar 2021 11:49:03 +0100 Subject: [PATCH 21/28] tests: psa: Test cipher operations by a transparent driver Test cipher operations by a transparent driver in all.sh test_psa_crypto_config_basic and test_psa_crypto_drivers components. Signed-off-by: Ronald Cron --- tests/scripts/all.sh | 40 +++++++++++++++++++++++++++++++++++----- 1 file changed, 35 insertions(+), 5 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 00e18ddd8..bd7813608 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1443,29 +1443,59 @@ component_test_no_use_psa_crypto_full_cmake_asan() { } component_test_psa_crypto_config_basic() { - # full plus MBEDTLS_PSA_CRYPTO_CONFIG - msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG" + # Test the library excluding all Mbed TLS cryptographic support for which + # we have an accelerator support. Acceleration is faked with the + # transparent test driver. + msg "test: full + MBEDTLS_PSA_CRYPTO_CONFIG + as much acceleration as supported" scripts/config.py full scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO + + # There is no intended accelerator support for ALG STREAM_CIPHER and + # ALG_ECB_NO_PADDING. Therefore, asking for them in the build implies the + # inclusion of the Mbed TLS cipher operations. As we want to test here with + # cipher operations solely supported by accelerators, disabled those + # PSA configuration options. + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING + + # Don't test DES encryption as: + # 1) It is not an issue if we don't test all cipher types here. + # 2) That way we don't have to modify in psa_crypto.c the compilation + # guards MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES for the code they guard to be + # available to the test driver. Modifications that we would need to + # revert when we move to compile the test driver separately. + # We also disable MBEDTLS_DES_C as the dependencies on DES in PSA test + # suites are still based on MBEDTLS_DES_C and not PSA_WANT_KEY_TYPE_DES. + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_DES + scripts/config.py unset MBEDTLS_DES_C + # Need to define the correct symbol and include the test driver header path in order to build with the test driver loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST" - loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR" + loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_KEY_TYPE_AES" + loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA" loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR" - loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN" - loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_RSA_PSS" + loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR" + loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING" + loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7" + loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_CTR" + loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_CFB" loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_ECDSA" loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA" loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_MD2" loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_MD4" loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_MD5" + loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_OFB" loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_RIPEMD160" + loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN" + loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_RSA_PSS" loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_SHA_1" loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_SHA_224" loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_SHA_256" loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_SHA_384" loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_SHA_512" + loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_XTS" loc_cflags="${loc_cflags} -I../tests/include -O2" make CC=gcc CFLAGS="$loc_cflags" LDFLAGS="$ASAN_CFLAGS" From 1f0db80c78de0906a51bfb3fa654c52352b1ea92 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 12 Mar 2021 09:59:30 +0100 Subject: [PATCH 22/28] psa: cipher: Fix symmetric key management Symmetric key management is not intended to be delegated to drivers. Thus, key management code for a given symmetric key type should be included in the library whether or not the support for cryptographic operations based on that type of symmetric key may be delegated to drivers. Signed-off-by: Ronald Cron --- library/psa_crypto.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 38b18fd24..2658a1303 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -524,31 +524,31 @@ static psa_status_t validate_unstructured_key_bit_size( psa_key_type_t type, case PSA_KEY_TYPE_HMAC: case PSA_KEY_TYPE_DERIVE: break; -#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES) +#if defined(PSA_WANT_KEY_TYPE_AES) case PSA_KEY_TYPE_AES: if( bits != 128 && bits != 192 && bits != 256 ) return( PSA_ERROR_INVALID_ARGUMENT ); break; #endif -#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_CAMELLIA) +#if defined(PSA_WANT_KEY_TYPE_CAMELLIA) case PSA_KEY_TYPE_CAMELLIA: if( bits != 128 && bits != 192 && bits != 256 ) return( PSA_ERROR_INVALID_ARGUMENT ); break; #endif -#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES) +#if defined(PSA_WANT_KEY_TYPE_DES) case PSA_KEY_TYPE_DES: if( bits != 64 && bits != 128 && bits != 192 ) return( PSA_ERROR_INVALID_ARGUMENT ); break; #endif -#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ARC4) +#if defined(PSA_WANT_KEY_TYPE_ARC4) case PSA_KEY_TYPE_ARC4: if( bits < 8 || bits > 2048 ) return( PSA_ERROR_INVALID_ARGUMENT ); break; #endif -#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_CHACHA20) +#if defined(PSA_WANT_KEY_TYPE_CHACHA20) case PSA_KEY_TYPE_CHACHA20: if( bits != 256 ) return( PSA_ERROR_INVALID_ARGUMENT ); From 9198e8c259bf3d50e08cce6c015c87649dddce13 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 17 Mar 2021 14:29:56 +0100 Subject: [PATCH 23/28] psa: driver contexts: Fix include order and wrapping Signed-off-by: Ronald Cron --- include/psa/crypto_driver_contexts.h | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/include/psa/crypto_driver_contexts.h b/include/psa/crypto_driver_contexts.h index f3f08b8eb..bee6895e8 100644 --- a/include/psa/crypto_driver_contexts.h +++ b/include/psa/crypto_driver_contexts.h @@ -30,8 +30,8 @@ * declared during the autogeneration process. */ /* Include the context structure definitions for the Mbed TLS software drivers */ -#include "psa/crypto_builtin_hash.h" #include "psa/crypto_builtin_cipher.h" +#include "psa/crypto_builtin_hash.h" /* Define the context to be used for an operation that is executed through the * PSA Driver wrapper layer as the union of all possible driver's contexts. @@ -52,11 +52,8 @@ typedef union { unsigned dummy; /* Make sure this structure is always non-empty */ mbedtls_psa_cipher_operation_t mbedtls_ctx; #if defined(PSA_CRYPTO_DRIVER_TEST) - mbedtls_transparent_test_driver_cipher_operation_t - transparent_test_driver_ctx; - - mbedtls_opaque_test_driver_cipher_operation_t - opaque_test_driver_ctx; + mbedtls_transparent_test_driver_cipher_operation_t transparent_test_driver_ctx; + mbedtls_opaque_test_driver_cipher_operation_t opaque_test_driver_ctx; #endif } psa_driver_cipher_context_t; From 75e6ae25ef7f48e0dc7512e8fb00a3de43fdc907 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 17 Mar 2021 14:46:05 +0100 Subject: [PATCH 24/28] Move mbedtls_cipher_info_from_psa to psa_crypto_cipher.c Signed-off-by: Ronald Cron --- library/psa_crypto.c | 92 ------------------------------------- library/psa_crypto_cipher.c | 92 +++++++++++++++++++++++++++++++++++++ library/psa_crypto_cipher.h | 17 +++++++ library/psa_crypto_core.h | 16 ------- 4 files changed, 109 insertions(+), 108 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 2658a1303..5dd93af9b 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -2311,98 +2311,6 @@ psa_status_t psa_hash_clone( const psa_hash_operation_t *source_operation, /* MAC */ /****************************************************************/ -const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa( - psa_algorithm_t alg, - psa_key_type_t key_type, - size_t key_bits, - mbedtls_cipher_id_t* cipher_id ) -{ - mbedtls_cipher_mode_t mode; - mbedtls_cipher_id_t cipher_id_tmp; - - if( PSA_ALG_IS_AEAD( alg ) ) - alg = PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, 0 ); - - if( PSA_ALG_IS_CIPHER( alg ) || PSA_ALG_IS_AEAD( alg ) ) - { - switch( alg ) - { - case PSA_ALG_STREAM_CIPHER: - mode = MBEDTLS_MODE_STREAM; - break; - case PSA_ALG_CTR: - mode = MBEDTLS_MODE_CTR; - break; - case PSA_ALG_CFB: - mode = MBEDTLS_MODE_CFB; - break; - case PSA_ALG_OFB: - mode = MBEDTLS_MODE_OFB; - break; - case PSA_ALG_ECB_NO_PADDING: - mode = MBEDTLS_MODE_ECB; - break; - case PSA_ALG_CBC_NO_PADDING: - mode = MBEDTLS_MODE_CBC; - break; - case PSA_ALG_CBC_PKCS7: - mode = MBEDTLS_MODE_CBC; - break; - case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 0 ): - mode = MBEDTLS_MODE_CCM; - break; - case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 0 ): - mode = MBEDTLS_MODE_GCM; - break; - case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CHACHA20_POLY1305, 0 ): - mode = MBEDTLS_MODE_CHACHAPOLY; - break; - default: - return( NULL ); - } - } - else if( alg == PSA_ALG_CMAC ) - mode = MBEDTLS_MODE_ECB; - else - return( NULL ); - - switch( key_type ) - { - case PSA_KEY_TYPE_AES: - cipher_id_tmp = MBEDTLS_CIPHER_ID_AES; - break; - case PSA_KEY_TYPE_DES: - /* key_bits is 64 for Single-DES, 128 for two-key Triple-DES, - * and 192 for three-key Triple-DES. */ - if( key_bits == 64 ) - cipher_id_tmp = MBEDTLS_CIPHER_ID_DES; - else - cipher_id_tmp = MBEDTLS_CIPHER_ID_3DES; - /* mbedtls doesn't recognize two-key Triple-DES as an algorithm, - * but two-key Triple-DES is functionally three-key Triple-DES - * with K1=K3, so that's how we present it to mbedtls. */ - if( key_bits == 128 ) - key_bits = 192; - break; - case PSA_KEY_TYPE_CAMELLIA: - cipher_id_tmp = MBEDTLS_CIPHER_ID_CAMELLIA; - break; - case PSA_KEY_TYPE_ARC4: - cipher_id_tmp = MBEDTLS_CIPHER_ID_ARC4; - break; - case PSA_KEY_TYPE_CHACHA20: - cipher_id_tmp = MBEDTLS_CIPHER_ID_CHACHA20; - break; - default: - return( NULL ); - } - if( cipher_id != NULL ) - *cipher_id = cipher_id_tmp; - - return( mbedtls_cipher_info_from_values( cipher_id_tmp, - (int) key_bits, mode ) ); -} - #if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) static size_t psa_get_hash_block_size( psa_algorithm_t alg ) { diff --git a/library/psa_crypto_cipher.c b/library/psa_crypto_cipher.c index ca91eaa36..5440e45a6 100644 --- a/library/psa_crypto_cipher.c +++ b/library/psa_crypto_cipher.c @@ -55,6 +55,98 @@ #define BUILTIN_KEY_TYPE_CHACHA20 1 #endif +const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa( + psa_algorithm_t alg, + psa_key_type_t key_type, + size_t key_bits, + mbedtls_cipher_id_t* cipher_id ) +{ + mbedtls_cipher_mode_t mode; + mbedtls_cipher_id_t cipher_id_tmp; + + if( PSA_ALG_IS_AEAD( alg ) ) + alg = PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, 0 ); + + if( PSA_ALG_IS_CIPHER( alg ) || PSA_ALG_IS_AEAD( alg ) ) + { + switch( alg ) + { + case PSA_ALG_STREAM_CIPHER: + mode = MBEDTLS_MODE_STREAM; + break; + case PSA_ALG_CTR: + mode = MBEDTLS_MODE_CTR; + break; + case PSA_ALG_CFB: + mode = MBEDTLS_MODE_CFB; + break; + case PSA_ALG_OFB: + mode = MBEDTLS_MODE_OFB; + break; + case PSA_ALG_ECB_NO_PADDING: + mode = MBEDTLS_MODE_ECB; + break; + case PSA_ALG_CBC_NO_PADDING: + mode = MBEDTLS_MODE_CBC; + break; + case PSA_ALG_CBC_PKCS7: + mode = MBEDTLS_MODE_CBC; + break; + case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 0 ): + mode = MBEDTLS_MODE_CCM; + break; + case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 0 ): + mode = MBEDTLS_MODE_GCM; + break; + case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CHACHA20_POLY1305, 0 ): + mode = MBEDTLS_MODE_CHACHAPOLY; + break; + default: + return( NULL ); + } + } + else if( alg == PSA_ALG_CMAC ) + mode = MBEDTLS_MODE_ECB; + else + return( NULL ); + + switch( key_type ) + { + case PSA_KEY_TYPE_AES: + cipher_id_tmp = MBEDTLS_CIPHER_ID_AES; + break; + case PSA_KEY_TYPE_DES: + /* key_bits is 64 for Single-DES, 128 for two-key Triple-DES, + * and 192 for three-key Triple-DES. */ + if( key_bits == 64 ) + cipher_id_tmp = MBEDTLS_CIPHER_ID_DES; + else + cipher_id_tmp = MBEDTLS_CIPHER_ID_3DES; + /* mbedtls doesn't recognize two-key Triple-DES as an algorithm, + * but two-key Triple-DES is functionally three-key Triple-DES + * with K1=K3, so that's how we present it to mbedtls. */ + if( key_bits == 128 ) + key_bits = 192; + break; + case PSA_KEY_TYPE_CAMELLIA: + cipher_id_tmp = MBEDTLS_CIPHER_ID_CAMELLIA; + break; + case PSA_KEY_TYPE_ARC4: + cipher_id_tmp = MBEDTLS_CIPHER_ID_ARC4; + break; + case PSA_KEY_TYPE_CHACHA20: + cipher_id_tmp = MBEDTLS_CIPHER_ID_CHACHA20; + break; + default: + return( NULL ); + } + if( cipher_id != NULL ) + *cipher_id = cipher_id_tmp; + + return( mbedtls_cipher_info_from_values( cipher_id_tmp, + (int) key_bits, mode ) ); +} + #if defined(MBEDTLS_PSA_BUILTIN_CIPHER) || defined(PSA_CRYPTO_DRIVER_TEST) static psa_status_t cipher_setup( diff --git a/library/psa_crypto_cipher.h b/library/psa_crypto_cipher.h index cb85ee17c..3130e8b18 100644 --- a/library/psa_crypto_cipher.h +++ b/library/psa_crypto_cipher.h @@ -21,8 +21,25 @@ #ifndef PSA_CRYPTO_CIPHER_H #define PSA_CRYPTO_CIPHER_H +#include #include +/** Get Mbed TLS cipher information given the cipher algorithm PSA identifier + * as well as the PSA type and size of the key to be used with the cipher + * algorithm. + * + * \param alg PSA cipher algorithm identifier + * \param key_type PSA key type + * \param key_bits Size of the key in bits + * \param[out] cipher_id Mbed TLS cipher algorithm identifier + * + * \return The Mbed TLS cipher information of the cipher algorithm. + * \c NULL if the PSA cipher algorithm is not supported. + */ +const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa( + psa_algorithm_t alg, psa_key_type_t key_type, size_t key_bits, + mbedtls_cipher_id_t *cipher_id ); + /** * \brief Set the key for a multipart symmetric encryption operation. * diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h index f949c7188..ec7ac8049 100644 --- a/library/psa_crypto_core.h +++ b/library/psa_crypto_core.h @@ -212,22 +212,6 @@ psa_status_t psa_copy_key_material_into_slot( psa_key_slot_t *slot, */ psa_status_t mbedtls_to_psa_error( int ret ); -/** Get Mbed TLS cipher information given the cipher algorithm PSA identifier - * as well as the PSA type and size of the key to be used with the cipher - * algorithm. - * - * \param alg PSA cipher algorithm identifier - * \param key_type PSA key type - * \param key_bits Size of the key in bits - * \param[out] cipher_id Mbed TLS cipher algorithm identifier - * - * \return The Mbed TLS cipher information of the cipher algorithm. - * \c NULL if the PSA cipher algorithm is not supported. - */ -const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa( - psa_algorithm_t alg, psa_key_type_t key_type, size_t key_bits, - mbedtls_cipher_id_t *cipher_id ); - /** Import a key in binary format. * * \note The signature of this function is that of a PSA driver From 02d68b2b8e271dac3027e9a7d941d61d46c78793 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 17 Mar 2021 15:19:43 +0100 Subject: [PATCH 25/28] psa: cipher: Fix comment type Signed-off-by: Ronald Cron --- include/psa/crypto_builtin_cipher.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/psa/crypto_builtin_cipher.h b/include/psa/crypto_builtin_cipher.h index 72d3e8d7a..0fd577af3 100644 --- a/include/psa/crypto_builtin_cipher.h +++ b/include/psa/crypto_builtin_cipher.h @@ -37,7 +37,7 @@ #endif typedef struct { - /** Context structure for the Mbed TLS cipher implementation. */ + /* Context structure for the Mbed TLS cipher implementation. */ psa_algorithm_t alg; uint8_t iv_size; uint8_t block_size; From 7b4154df0fc1aefdd67bde4d4798f1d81becce58 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 19 Mar 2021 14:49:41 +0100 Subject: [PATCH 26/28] psa: wrapper: Fix potential unreachable statement warning Signed-off-by: Ronald Cron --- library/psa_crypto_driver_wrappers.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index 765920fc8..32c957eff 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -751,7 +751,8 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup( if( status == PSA_SUCCESS ) operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; - return( status ); + if( status != PSA_ERROR_NOT_SUPPORTED ) + return( status ); #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */ return( PSA_ERROR_NOT_SUPPORTED ); From e6f6301390dde5cf570317b9a2af9dff64172712 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 19 Mar 2021 14:57:08 +0100 Subject: [PATCH 27/28] psa: Add cipher accelerator flags to test_psa_crypto_drivers Add cipher accelerator compilation flags to test_psa_crypto_drivers() all.sh component. The flags are not necessary currently but may become. Signed-off-by: Ronald Cron --- tests/scripts/all.sh | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index bd7813608..f768e1e5e 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2269,21 +2269,29 @@ component_test_psa_crypto_drivers () { scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS # Need to define the correct symbol and include the test driver header path in order to build with the test driver loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST" - loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR" + loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_KEY_TYPE_AES" + loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA" loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR" - loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN" - loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_RSA_PSS" + loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR" + loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING" + loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7" + loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_CTR" + loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_CFB" loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_ECDSA" loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA" loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_MD2" loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_MD4" loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_MD5" + loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_OFB" loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_RIPEMD160" + loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN" + loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_RSA_PSS" loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_SHA_1" loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_SHA_224" loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_SHA_256" loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_SHA_384" loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_SHA_512" + loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_XTS" loc_cflags="${loc_cflags} -I../tests/include -O2" make CC=gcc CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS" From f2381aaa43c6b74dec1949b4613f4dcdabf28013 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 23 Mar 2021 11:31:19 +0100 Subject: [PATCH 28/28] psa: cipher: Use psa_generate_random to generate IVs Use psa_generate_random() to generate IVs instead of mbedtls_psa_get_random(). mbedtls_psa_get_random() is meant to be used as the f_rng argument of Mbed TLS library functions. Signed-off-by: Ronald Cron --- library/psa_crypto_cipher.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/library/psa_crypto_cipher.c b/library/psa_crypto_cipher.c index 5440e45a6..dac9d7f41 100644 --- a/library/psa_crypto_cipher.c +++ b/library/psa_crypto_cipher.c @@ -274,15 +274,14 @@ static psa_status_t cipher_generate_iv( mbedtls_psa_cipher_operation_t *operation, uint8_t *iv, size_t iv_size, size_t *iv_length ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int status = PSA_ERROR_CORRUPTION_DETECTED; if( iv_size < operation->iv_size ) return( PSA_ERROR_BUFFER_TOO_SMALL ); - ret = mbedtls_psa_get_random( MBEDTLS_PSA_RANDOM_STATE, - iv, operation->iv_size ); - if( ret != 0 ) - return( mbedtls_to_psa_error( ret ) ); + status = psa_generate_random( iv, operation->iv_size ); + if( status != PSA_SUCCESS ) + return( status ); *iv_length = operation->iv_size;