psa: cipher: Include Mbed TLS cipher driver only if necessary
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
parent
3522e32132
commit
5d9b00dddb
4 changed files with 89 additions and 9 deletions
|
@ -25,6 +25,17 @@
|
|||
#include <psa/crypto_driver_common.h>
|
||||
#include "mbedtls/cipher.h"
|
||||
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER) || \
|
||||
defined(MBEDTLS_PSA_BUILTIN_ALG_CTR) || \
|
||||
defined(MBEDTLS_PSA_BUILTIN_ALG_CFB) || \
|
||||
defined(MBEDTLS_PSA_BUILTIN_ALG_OFB) || \
|
||||
defined(MBEDTLS_PSA_BUILTIN_ALG_XTS) || \
|
||||
defined(MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING) || \
|
||||
defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING) || \
|
||||
defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7)
|
||||
#define MBEDTLS_PSA_BUILTIN_CIPHER 1
|
||||
#endif
|
||||
|
||||
typedef struct {
|
||||
/** Context structure for the Mbed TLS cipher implementation. */
|
||||
psa_algorithm_t alg;
|
||||
|
|
|
@ -31,6 +31,32 @@
|
|||
|
||||
#include <string.h>
|
||||
|
||||
#if ( defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES) || \
|
||||
( defined(PSA_CRYPTO_DRIVER_TEST) && \
|
||||
defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DES) ) )
|
||||
#define BUILTIN_KEY_TYPE_DES 1
|
||||
#endif
|
||||
|
||||
#if ( defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING) || \
|
||||
( defined(PSA_CRYPTO_DRIVER_TEST) && \
|
||||
defined(MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING) ) )
|
||||
#define BUILTIN_ALG_CBC_NO_PADDING 1
|
||||
#endif
|
||||
|
||||
#if ( defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7) || \
|
||||
( defined(PSA_CRYPTO_DRIVER_TEST) && \
|
||||
defined(MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7) ) )
|
||||
#define BUILTIN_ALG_CBC_PKCS7 1
|
||||
#endif
|
||||
|
||||
#if ( defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_CHACHA20) || \
|
||||
( defined(PSA_CRYPTO_DRIVER_TEST) && \
|
||||
defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20) ) )
|
||||
#define BUILTIN_KEY_TYPE_CHACHA20 1
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) || defined(PSA_CRYPTO_DRIVER_TEST)
|
||||
|
||||
static psa_status_t cipher_setup(
|
||||
mbedtls_psa_cipher_operation_t *operation,
|
||||
const psa_key_attributes_t *attributes,
|
||||
|
@ -60,7 +86,7 @@ static psa_status_t cipher_setup(
|
|||
if( ret != 0 )
|
||||
goto exit;
|
||||
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES)
|
||||
#if defined(BUILTIN_KEY_TYPE_DES)
|
||||
if( key_type == PSA_KEY_TYPE_DES && key_bits == 128 )
|
||||
{
|
||||
/* Two-key Triple-DES is 3-key Triple-DES with K1=K3 */
|
||||
|
@ -80,8 +106,8 @@ static psa_status_t cipher_setup(
|
|||
if( ret != 0 )
|
||||
goto exit;
|
||||
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING) || \
|
||||
defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7)
|
||||
#if defined(BUILTIN_ALG_CBC_NO_PADDING) || \
|
||||
defined(BUILTIN_ALG_CBC_PKCS7)
|
||||
switch( alg )
|
||||
{
|
||||
case PSA_ALG_CBC_NO_PADDING:
|
||||
|
@ -99,7 +125,7 @@ static psa_status_t cipher_setup(
|
|||
}
|
||||
if( ret != 0 )
|
||||
goto exit;
|
||||
#endif /* MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING || MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7 */
|
||||
#endif /* BUILTIN_ALG_CBC_NO_PADDING || BUILTIN_ALG_CBC_PKCS7 */
|
||||
|
||||
operation->block_size = ( PSA_ALG_IS_STREAM_CIPHER( alg ) ? 1 :
|
||||
PSA_BLOCK_CIPHER_BLOCK_LENGTH( key_type ) );
|
||||
|
@ -108,7 +134,7 @@ static psa_status_t cipher_setup(
|
|||
{
|
||||
operation->iv_size = PSA_BLOCK_CIPHER_BLOCK_LENGTH( key_type );
|
||||
}
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_CHACHA20)
|
||||
#if defined(BUILTIN_KEY_TYPE_CHACHA20)
|
||||
else
|
||||
if( ( alg == PSA_ALG_STREAM_CIPHER ) &&
|
||||
( key_type == PSA_KEY_TYPE_CHACHA20 ) )
|
||||
|
@ -359,7 +385,9 @@ static psa_status_t cipher_abort( mbedtls_psa_cipher_operation_t *operation )
|
|||
|
||||
return( PSA_SUCCESS );
|
||||
}
|
||||
#endif /* MBEDTLS_PSA_BUILTIN_CIPHER || PSA_CRYPTO_DRIVER_TEST */
|
||||
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
|
||||
psa_status_t mbedtls_psa_cipher_encrypt_setup(
|
||||
mbedtls_psa_cipher_operation_t *operation,
|
||||
const psa_key_attributes_t *attributes,
|
||||
|
@ -417,6 +445,7 @@ psa_status_t mbedtls_psa_cipher_abort( mbedtls_psa_cipher_operation_t *operation
|
|||
{
|
||||
return( cipher_abort( operation ) );
|
||||
}
|
||||
#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
|
||||
|
||||
/*
|
||||
* BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY.
|
||||
|
|
|
@ -741,6 +741,7 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
|
|||
return( status );
|
||||
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
||||
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
|
||||
/* Fell through, meaning no accelerator supports this operation */
|
||||
status = mbedtls_psa_cipher_encrypt_setup( &operation->ctx.mbedtls_ctx,
|
||||
attributes,
|
||||
|
@ -751,6 +752,8 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
|
|||
operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
|
||||
|
||||
return( status );
|
||||
#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
|
||||
return( PSA_ERROR_NOT_SUPPORTED );
|
||||
|
||||
/* Add cases for opaque driver here */
|
||||
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
|
||||
|
@ -771,6 +774,9 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
|
|||
default:
|
||||
/* Key is declared with a lifetime not known to us */
|
||||
(void)status;
|
||||
(void)key_buffer;
|
||||
(void)key_buffer_size;
|
||||
(void)alg;
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
}
|
||||
}
|
||||
|
@ -806,6 +812,7 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
|
|||
return( status );
|
||||
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
||||
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
|
||||
/* Fell through, meaning no accelerator supports this operation */
|
||||
status = mbedtls_psa_cipher_decrypt_setup( &operation->ctx.mbedtls_ctx,
|
||||
attributes,
|
||||
|
@ -816,6 +823,8 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
|
|||
operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
|
||||
|
||||
return( status );
|
||||
#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
|
||||
return( PSA_ERROR_NOT_SUPPORTED );
|
||||
|
||||
/* Add cases for opaque driver here */
|
||||
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
|
||||
|
@ -836,6 +845,9 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
|
|||
default:
|
||||
/* Key is declared with a lifetime not known to us */
|
||||
(void)status;
|
||||
(void)key_buffer;
|
||||
(void)key_buffer_size;
|
||||
(void)alg;
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
}
|
||||
}
|
||||
|
@ -848,11 +860,14 @@ psa_status_t psa_driver_wrapper_cipher_generate_iv(
|
|||
{
|
||||
switch( operation->id )
|
||||
{
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
|
||||
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
|
||||
return( mbedtls_psa_cipher_generate_iv( &operation->ctx.mbedtls_ctx,
|
||||
iv,
|
||||
iv_size,
|
||||
iv_length ) );
|
||||
#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
|
||||
|
||||
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
|
||||
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
||||
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
|
||||
|
@ -870,6 +885,10 @@ psa_status_t psa_driver_wrapper_cipher_generate_iv(
|
|||
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
|
||||
}
|
||||
|
||||
(void)iv;
|
||||
(void)iv_size;
|
||||
(void)iv_length;
|
||||
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
}
|
||||
|
||||
|
@ -880,10 +899,12 @@ psa_status_t psa_driver_wrapper_cipher_set_iv(
|
|||
{
|
||||
switch( operation->id )
|
||||
{
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
|
||||
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
|
||||
return( mbedtls_psa_cipher_set_iv( &operation->ctx.mbedtls_ctx,
|
||||
iv,
|
||||
iv_length ) );
|
||||
#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
|
||||
|
||||
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
|
||||
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
||||
|
@ -900,6 +921,9 @@ psa_status_t psa_driver_wrapper_cipher_set_iv(
|
|||
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
|
||||
}
|
||||
|
||||
(void)iv;
|
||||
(void)iv_length;
|
||||
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
}
|
||||
|
||||
|
@ -913,6 +937,7 @@ psa_status_t psa_driver_wrapper_cipher_update(
|
|||
{
|
||||
switch( operation->id )
|
||||
{
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
|
||||
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
|
||||
return( mbedtls_psa_cipher_update( &operation->ctx.mbedtls_ctx,
|
||||
input,
|
||||
|
@ -920,6 +945,8 @@ psa_status_t psa_driver_wrapper_cipher_update(
|
|||
output,
|
||||
output_size,
|
||||
output_length ) );
|
||||
#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
|
||||
|
||||
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
|
||||
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
||||
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
|
||||
|
@ -937,6 +964,12 @@ psa_status_t psa_driver_wrapper_cipher_update(
|
|||
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
|
||||
}
|
||||
|
||||
(void)input;
|
||||
(void)input_length;
|
||||
(void)output;
|
||||
(void)output_size;
|
||||
(void)output_length;
|
||||
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
}
|
||||
|
||||
|
@ -948,12 +981,13 @@ psa_status_t psa_driver_wrapper_cipher_finish(
|
|||
{
|
||||
switch( operation->id )
|
||||
{
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
|
||||
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
|
||||
return( mbedtls_psa_cipher_finish( &operation->ctx.mbedtls_ctx,
|
||||
output,
|
||||
output_size,
|
||||
output_length ) );
|
||||
|
||||
#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
|
||||
|
||||
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
|
||||
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
||||
|
@ -970,6 +1004,10 @@ psa_status_t psa_driver_wrapper_cipher_finish(
|
|||
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
|
||||
}
|
||||
|
||||
(void)output;
|
||||
(void)output_size;
|
||||
(void)output_length;
|
||||
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
}
|
||||
|
||||
|
@ -980,8 +1018,10 @@ psa_status_t psa_driver_wrapper_cipher_abort(
|
|||
|
||||
switch( operation->id )
|
||||
{
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
|
||||
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
|
||||
return( mbedtls_psa_cipher_abort( &operation->ctx.mbedtls_ctx ) );
|
||||
#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
|
||||
|
||||
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
|
||||
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
||||
|
|
|
@ -93,11 +93,11 @@ depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
|
|||
cipher_encrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":"8f9408fe80a81d3e813da3c7b0b2bd":0:PSA_SUCCESS:PSA_SUCCESS
|
||||
|
||||
PSA symmetric encrypt: AES-CTR, 16 bytes, fallback
|
||||
depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
|
||||
depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_BUILTIN_CIPHER
|
||||
cipher_encrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":"8f9408fe80a81d3e813da3c7b0b2bd32":0:PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS
|
||||
|
||||
PSA symmetric encrypt: AES-CTR, 15 bytes, fallback
|
||||
depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
|
||||
depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_BUILTIN_CIPHER
|
||||
cipher_encrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":"8f9408fe80a81d3e813da3c7b0b2bd":0:PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS
|
||||
|
||||
PSA symmetric encrypt: AES-CTR, 16 bytes, fake
|
||||
|
@ -113,7 +113,7 @@ depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
|
|||
cipher_decrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"396ee84fb75fdbb5c2b13c7fe5a654aa":"dd3b5e5319b7591daab1e1a92687feb2":0:PSA_SUCCESS:PSA_SUCCESS
|
||||
|
||||
PSA symmetric decrypt: AES-CTR, 16 bytes, fallback
|
||||
depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
|
||||
depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_BUILTIN_CIPHER
|
||||
cipher_decrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"396ee84fb75fdbb5c2b13c7fe5a654aa":"dd3b5e5319b7591daab1e1a92687feb2":0:PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS
|
||||
|
||||
PSA symmetric decrypt: AES-CTR, 16 bytes, fake
|
||||
|
|
Loading…
Reference in a new issue