Merge pull request #7716 from mpg/psa-util-internal
Split psa_util.h between internal and public
This commit is contained in:
commit
6aca2c9613
30 changed files with 263 additions and 331 deletions
|
@ -366,7 +366,7 @@ typedef struct mbedtls_cipher_context_t {
|
|||
mbedtls_cmac_context_t *MBEDTLS_PRIVATE(cmac_ctx);
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
/** Indicates whether the cipher operations should be performed
|
||||
* by Mbed TLS' own crypto library or an external implementation
|
||||
* of the PSA Crypto API.
|
||||
|
@ -375,7 +375,7 @@ typedef struct mbedtls_cipher_context_t {
|
|||
* mbedtls_cipher_setup_psa().
|
||||
*/
|
||||
unsigned char MBEDTLS_PRIVATE(psa_enabled);
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO && !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
} mbedtls_cipher_context_t;
|
||||
|
||||
|
|
|
@ -2,9 +2,6 @@
|
|||
* \file psa_util.h
|
||||
*
|
||||
* \brief Utility functions for the use of the PSA Crypto library.
|
||||
*
|
||||
* \warning This function is not part of the public API and may
|
||||
* change at any time.
|
||||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
|
@ -29,214 +26,8 @@
|
|||
|
||||
#include "mbedtls/build_info.h"
|
||||
|
||||
#include "mbedtls/platform_util.h"
|
||||
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_C)
|
||||
|
||||
#include "psa/crypto.h"
|
||||
|
||||
#include "mbedtls/ecp.h"
|
||||
#include "mbedtls/md.h"
|
||||
#include "mbedtls/pk.h"
|
||||
#include "mbedtls/oid.h"
|
||||
#include "mbedtls/error.h"
|
||||
#include <string.h>
|
||||
|
||||
/* Translations for symmetric crypto. */
|
||||
|
||||
static inline psa_key_type_t mbedtls_psa_translate_cipher_type(
|
||||
mbedtls_cipher_type_t cipher)
|
||||
{
|
||||
switch (cipher) {
|
||||
case MBEDTLS_CIPHER_AES_128_CCM:
|
||||
case MBEDTLS_CIPHER_AES_192_CCM:
|
||||
case MBEDTLS_CIPHER_AES_256_CCM:
|
||||
case MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:
|
||||
case MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:
|
||||
case MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:
|
||||
case MBEDTLS_CIPHER_AES_128_GCM:
|
||||
case MBEDTLS_CIPHER_AES_192_GCM:
|
||||
case MBEDTLS_CIPHER_AES_256_GCM:
|
||||
case MBEDTLS_CIPHER_AES_128_CBC:
|
||||
case MBEDTLS_CIPHER_AES_192_CBC:
|
||||
case MBEDTLS_CIPHER_AES_256_CBC:
|
||||
case MBEDTLS_CIPHER_AES_128_ECB:
|
||||
case MBEDTLS_CIPHER_AES_192_ECB:
|
||||
case MBEDTLS_CIPHER_AES_256_ECB:
|
||||
return PSA_KEY_TYPE_AES;
|
||||
|
||||
/* ARIA not yet supported in PSA. */
|
||||
/* case MBEDTLS_CIPHER_ARIA_128_CCM:
|
||||
case MBEDTLS_CIPHER_ARIA_192_CCM:
|
||||
case MBEDTLS_CIPHER_ARIA_256_CCM:
|
||||
case MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:
|
||||
case MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:
|
||||
case MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:
|
||||
case MBEDTLS_CIPHER_ARIA_128_GCM:
|
||||
case MBEDTLS_CIPHER_ARIA_192_GCM:
|
||||
case MBEDTLS_CIPHER_ARIA_256_GCM:
|
||||
case MBEDTLS_CIPHER_ARIA_128_CBC:
|
||||
case MBEDTLS_CIPHER_ARIA_192_CBC:
|
||||
case MBEDTLS_CIPHER_ARIA_256_CBC:
|
||||
return( PSA_KEY_TYPE_ARIA ); */
|
||||
|
||||
default:
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
static inline psa_algorithm_t mbedtls_psa_translate_cipher_mode(
|
||||
mbedtls_cipher_mode_t mode, size_t taglen)
|
||||
{
|
||||
switch (mode) {
|
||||
case MBEDTLS_MODE_ECB:
|
||||
return PSA_ALG_ECB_NO_PADDING;
|
||||
case MBEDTLS_MODE_GCM:
|
||||
return PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM, taglen);
|
||||
case MBEDTLS_MODE_CCM:
|
||||
return PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, taglen);
|
||||
case MBEDTLS_MODE_CCM_STAR_NO_TAG:
|
||||
return PSA_ALG_CCM_STAR_NO_TAG;
|
||||
case MBEDTLS_MODE_CBC:
|
||||
if (taglen == 0) {
|
||||
return PSA_ALG_CBC_NO_PADDING;
|
||||
} else {
|
||||
return 0;
|
||||
}
|
||||
default:
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
static inline psa_key_usage_t mbedtls_psa_translate_cipher_operation(
|
||||
mbedtls_operation_t op)
|
||||
{
|
||||
switch (op) {
|
||||
case MBEDTLS_ENCRYPT:
|
||||
return PSA_KEY_USAGE_ENCRYPT;
|
||||
case MBEDTLS_DECRYPT:
|
||||
return PSA_KEY_USAGE_DECRYPT;
|
||||
default:
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
/* Translations for ECC. */
|
||||
|
||||
static inline int mbedtls_psa_get_ecc_oid_from_id(
|
||||
psa_ecc_family_t curve, size_t bits,
|
||||
char const **oid, size_t *oid_len)
|
||||
{
|
||||
switch (curve) {
|
||||
case PSA_ECC_FAMILY_SECP_R1:
|
||||
switch (bits) {
|
||||
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
|
||||
case 192:
|
||||
*oid = MBEDTLS_OID_EC_GRP_SECP192R1;
|
||||
*oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_SECP192R1);
|
||||
return 0;
|
||||
#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
|
||||
#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
|
||||
case 224:
|
||||
*oid = MBEDTLS_OID_EC_GRP_SECP224R1;
|
||||
*oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_SECP224R1);
|
||||
return 0;
|
||||
#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
|
||||
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
|
||||
case 256:
|
||||
*oid = MBEDTLS_OID_EC_GRP_SECP256R1;
|
||||
*oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_SECP256R1);
|
||||
return 0;
|
||||
#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
|
||||
#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
|
||||
case 384:
|
||||
*oid = MBEDTLS_OID_EC_GRP_SECP384R1;
|
||||
*oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_SECP384R1);
|
||||
return 0;
|
||||
#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
|
||||
#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
|
||||
case 521:
|
||||
*oid = MBEDTLS_OID_EC_GRP_SECP521R1;
|
||||
*oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_SECP521R1);
|
||||
return 0;
|
||||
#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
|
||||
}
|
||||
break;
|
||||
case PSA_ECC_FAMILY_SECP_K1:
|
||||
switch (bits) {
|
||||
#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
|
||||
case 192:
|
||||
*oid = MBEDTLS_OID_EC_GRP_SECP192K1;
|
||||
*oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_SECP192K1);
|
||||
return 0;
|
||||
#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
|
||||
#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
|
||||
case 224:
|
||||
*oid = MBEDTLS_OID_EC_GRP_SECP224K1;
|
||||
*oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_SECP224K1);
|
||||
return 0;
|
||||
#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
|
||||
#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
|
||||
case 256:
|
||||
*oid = MBEDTLS_OID_EC_GRP_SECP256K1;
|
||||
*oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_SECP256K1);
|
||||
return 0;
|
||||
#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
|
||||
}
|
||||
break;
|
||||
case PSA_ECC_FAMILY_BRAINPOOL_P_R1:
|
||||
switch (bits) {
|
||||
#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
|
||||
case 256:
|
||||
*oid = MBEDTLS_OID_EC_GRP_BP256R1;
|
||||
*oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_BP256R1);
|
||||
return 0;
|
||||
#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
|
||||
#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
|
||||
case 384:
|
||||
*oid = MBEDTLS_OID_EC_GRP_BP384R1;
|
||||
*oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_BP384R1);
|
||||
return 0;
|
||||
#endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */
|
||||
#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
|
||||
case 512:
|
||||
*oid = MBEDTLS_OID_EC_GRP_BP512R1;
|
||||
*oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_BP512R1);
|
||||
return 0;
|
||||
#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
|
||||
}
|
||||
break;
|
||||
case PSA_ECC_FAMILY_MONTGOMERY:
|
||||
switch (bits) {
|
||||
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
|
||||
case 255:
|
||||
*oid = MBEDTLS_OID_X25519;
|
||||
*oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_X25519);
|
||||
return 0;
|
||||
#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */
|
||||
#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
|
||||
case 448:
|
||||
*oid = MBEDTLS_OID_X448;
|
||||
*oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_X448);
|
||||
return 0;
|
||||
#endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */
|
||||
}
|
||||
break;
|
||||
}
|
||||
(void) oid;
|
||||
(void) oid_len;
|
||||
return -1;
|
||||
}
|
||||
|
||||
#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH \
|
||||
PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)
|
||||
|
||||
#define MBEDTLS_PSA_MAX_EC_KEY_PAIR_LENGTH \
|
||||
PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)
|
||||
|
||||
#define MBEDTLS_PSA_MAX_FFDH_PUBKEY_LENGTH \
|
||||
PSA_KEY_EXPORT_FFDH_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS)
|
||||
|
||||
/* Expose whatever RNG the PSA subsystem uses to applications using the
|
||||
* mbedtls_xxx API. The declarations and definitions here need to be
|
||||
* consistent with the implementation in library/psa_crypto_random_impl.h.
|
||||
|
@ -321,58 +112,5 @@ extern mbedtls_psa_drbg_context_t *const mbedtls_psa_random_state;
|
|||
|
||||
#endif /* !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) */
|
||||
|
||||
typedef struct {
|
||||
/* Error codes used by PSA crypto are in -255..-128, fitting in 16 bits. */
|
||||
int16_t psa_status;
|
||||
/* Error codes used by Mbed TLS are in one of the ranges
|
||||
* -127..-1 (low-level) or -32767..-4096 (high-level with a low-level
|
||||
* code optionally added), fitting in 16 bits. */
|
||||
int16_t mbedtls_error;
|
||||
} mbedtls_error_pair_t;
|
||||
|
||||
#if defined(MBEDTLS_MD_LIGHT)
|
||||
extern const mbedtls_error_pair_t psa_to_md_errors[4];
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_LMS_C)
|
||||
extern const mbedtls_error_pair_t psa_to_lms_errors[3];
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
extern const mbedtls_error_pair_t psa_to_ssl_errors[7];
|
||||
#endif
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) || \
|
||||
defined(MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY)
|
||||
extern const mbedtls_error_pair_t psa_to_pk_rsa_errors[8];
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
|
||||
defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
|
||||
extern const mbedtls_error_pair_t psa_to_pk_ecdsa_errors[7];
|
||||
#endif
|
||||
|
||||
/* Generic fallback function for error translation,
|
||||
* when the received state was not module-specific. */
|
||||
int psa_generic_status_to_mbedtls(psa_status_t status);
|
||||
|
||||
/* This function iterates over provided local error translations,
|
||||
* and if no match was found - calls the fallback error translation function. */
|
||||
int psa_status_to_mbedtls(psa_status_t status,
|
||||
const mbedtls_error_pair_t *local_translations,
|
||||
size_t local_errors_num,
|
||||
int (*fallback_f)(psa_status_t));
|
||||
|
||||
/* The second out of three-stage error handling functions of the pk module,
|
||||
* acts as a fallback after RSA / ECDSA error translation, and if no match
|
||||
* is found, it itself calls psa_generic_status_to_mbedtls. */
|
||||
int psa_pk_status_to_mbedtls(psa_status_t status);
|
||||
|
||||
/* Utility macro to shorten the defines of error translator in modules. */
|
||||
#define PSA_TO_MBEDTLS_ERR_LIST(status, error_list, fallback_f) \
|
||||
psa_status_to_mbedtls(status, error_list, \
|
||||
sizeof(error_list)/sizeof(error_list[0]), \
|
||||
fallback_f)
|
||||
|
||||
#endif /* MBEDTLS_PSA_CRYPTO_C */
|
||||
#endif /* MBEDTLS_PSA_UTIL_H */
|
||||
|
|
134
library/cipher.c
134
library/cipher.c
|
@ -54,10 +54,9 @@
|
|||
#include "mbedtls/cmac.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#include "psa/crypto.h"
|
||||
#include "mbedtls/psa_util.h"
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO && !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
#if defined(MBEDTLS_NIST_KW_C)
|
||||
#include "mbedtls/nist_kw.h"
|
||||
|
@ -144,6 +143,72 @@ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_values(
|
|||
return NULL;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
static inline psa_key_type_t mbedtls_psa_translate_cipher_type(
|
||||
mbedtls_cipher_type_t cipher)
|
||||
{
|
||||
switch (cipher) {
|
||||
case MBEDTLS_CIPHER_AES_128_CCM:
|
||||
case MBEDTLS_CIPHER_AES_192_CCM:
|
||||
case MBEDTLS_CIPHER_AES_256_CCM:
|
||||
case MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:
|
||||
case MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:
|
||||
case MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:
|
||||
case MBEDTLS_CIPHER_AES_128_GCM:
|
||||
case MBEDTLS_CIPHER_AES_192_GCM:
|
||||
case MBEDTLS_CIPHER_AES_256_GCM:
|
||||
case MBEDTLS_CIPHER_AES_128_CBC:
|
||||
case MBEDTLS_CIPHER_AES_192_CBC:
|
||||
case MBEDTLS_CIPHER_AES_256_CBC:
|
||||
case MBEDTLS_CIPHER_AES_128_ECB:
|
||||
case MBEDTLS_CIPHER_AES_192_ECB:
|
||||
case MBEDTLS_CIPHER_AES_256_ECB:
|
||||
return PSA_KEY_TYPE_AES;
|
||||
|
||||
/* ARIA not yet supported in PSA. */
|
||||
/* case MBEDTLS_CIPHER_ARIA_128_CCM:
|
||||
case MBEDTLS_CIPHER_ARIA_192_CCM:
|
||||
case MBEDTLS_CIPHER_ARIA_256_CCM:
|
||||
case MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:
|
||||
case MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:
|
||||
case MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:
|
||||
case MBEDTLS_CIPHER_ARIA_128_GCM:
|
||||
case MBEDTLS_CIPHER_ARIA_192_GCM:
|
||||
case MBEDTLS_CIPHER_ARIA_256_GCM:
|
||||
case MBEDTLS_CIPHER_ARIA_128_CBC:
|
||||
case MBEDTLS_CIPHER_ARIA_192_CBC:
|
||||
case MBEDTLS_CIPHER_ARIA_256_CBC:
|
||||
return( PSA_KEY_TYPE_ARIA ); */
|
||||
|
||||
default:
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
static inline psa_algorithm_t mbedtls_psa_translate_cipher_mode(
|
||||
mbedtls_cipher_mode_t mode, size_t taglen)
|
||||
{
|
||||
switch (mode) {
|
||||
case MBEDTLS_MODE_ECB:
|
||||
return PSA_ALG_ECB_NO_PADDING;
|
||||
case MBEDTLS_MODE_GCM:
|
||||
return PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM, taglen);
|
||||
case MBEDTLS_MODE_CCM:
|
||||
return PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, taglen);
|
||||
case MBEDTLS_MODE_CCM_STAR_NO_TAG:
|
||||
return PSA_ALG_CCM_STAR_NO_TAG;
|
||||
case MBEDTLS_MODE_CBC:
|
||||
if (taglen == 0) {
|
||||
return PSA_ALG_CBC_NO_PADDING;
|
||||
} else {
|
||||
return 0;
|
||||
}
|
||||
default:
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO && !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
void mbedtls_cipher_init(mbedtls_cipher_context_t *ctx)
|
||||
{
|
||||
memset(ctx, 0, sizeof(mbedtls_cipher_context_t));
|
||||
|
@ -155,7 +220,7 @@ void mbedtls_cipher_free(mbedtls_cipher_context_t *ctx)
|
|||
return;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
if (ctx->psa_enabled == 1) {
|
||||
if (ctx->cipher_ctx != NULL) {
|
||||
mbedtls_cipher_context_psa * const cipher_psa =
|
||||
|
@ -173,7 +238,7 @@ void mbedtls_cipher_free(mbedtls_cipher_context_t *ctx)
|
|||
mbedtls_platform_zeroize(ctx, sizeof(mbedtls_cipher_context_t));
|
||||
return;
|
||||
}
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO && !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
#if defined(MBEDTLS_CMAC_C)
|
||||
if (ctx->cmac_ctx) {
|
||||
|
@ -219,8 +284,7 @@ int mbedtls_cipher_setup(mbedtls_cipher_context_t *ctx,
|
|||
return 0;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
int mbedtls_cipher_setup_psa(mbedtls_cipher_context_t *ctx,
|
||||
const mbedtls_cipher_info_t *cipher_info,
|
||||
size_t taglen)
|
||||
|
@ -254,8 +318,7 @@ int mbedtls_cipher_setup_psa(mbedtls_cipher_context_t *ctx,
|
|||
ctx->psa_enabled = 1;
|
||||
return 0;
|
||||
}
|
||||
#endif /* MBEDTLS_DEPRECATED_REMOVED */
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO && !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
int mbedtls_cipher_setkey(mbedtls_cipher_context_t *ctx,
|
||||
const unsigned char *key,
|
||||
|
@ -269,7 +332,7 @@ int mbedtls_cipher_setkey(mbedtls_cipher_context_t *ctx,
|
|||
return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
if (ctx->psa_enabled == 1) {
|
||||
mbedtls_cipher_context_psa * const cipher_psa =
|
||||
(mbedtls_cipher_context_psa *) ctx->cipher_ctx;
|
||||
|
@ -302,7 +365,6 @@ int mbedtls_cipher_setkey(mbedtls_cipher_context_t *ctx,
|
|||
* and use it for AEAD decryption. Until tests relying on this
|
||||
* are changed, allow any usage in PSA. */
|
||||
psa_set_key_usage_flags(&attributes,
|
||||
/* mbedtls_psa_translate_cipher_operation( operation ); */
|
||||
PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT);
|
||||
psa_set_key_algorithm(&attributes, cipher_psa->alg);
|
||||
|
||||
|
@ -326,7 +388,7 @@ int mbedtls_cipher_setkey(mbedtls_cipher_context_t *ctx,
|
|||
ctx->operation = operation;
|
||||
return 0;
|
||||
}
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO && !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
if ((ctx->cipher_info->flags & MBEDTLS_CIPHER_VARIABLE_KEY_LEN) == 0 &&
|
||||
(int) mbedtls_cipher_info_get_key_bitlen(ctx->cipher_info) != key_bitlen) {
|
||||
|
@ -364,14 +426,14 @@ int mbedtls_cipher_set_iv(mbedtls_cipher_context_t *ctx,
|
|||
if (ctx->cipher_info == NULL) {
|
||||
return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
|
||||
}
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
if (ctx->psa_enabled == 1) {
|
||||
/* While PSA Crypto has an API for multipart
|
||||
* operations, we currently don't make it
|
||||
* accessible through the cipher layer. */
|
||||
return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
|
||||
}
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO && !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
/* avoid buffer overflow in ctx->iv */
|
||||
if (iv_len > MBEDTLS_MAX_IV_LENGTH) {
|
||||
|
@ -460,13 +522,13 @@ int mbedtls_cipher_reset(mbedtls_cipher_context_t *ctx)
|
|||
return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
if (ctx->psa_enabled == 1) {
|
||||
/* We don't support resetting PSA-based
|
||||
* cipher contexts, yet. */
|
||||
return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
|
||||
}
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO && !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
ctx->unprocessed_len = 0;
|
||||
|
||||
|
@ -481,14 +543,14 @@ int mbedtls_cipher_update_ad(mbedtls_cipher_context_t *ctx,
|
|||
return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
if (ctx->psa_enabled == 1) {
|
||||
/* While PSA Crypto has an API for multipart
|
||||
* operations, we currently don't make it
|
||||
* accessible through the cipher layer. */
|
||||
return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
|
||||
}
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO && !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
#if defined(MBEDTLS_GCM_C)
|
||||
if (MBEDTLS_MODE_GCM == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode)) {
|
||||
|
@ -532,14 +594,14 @@ int mbedtls_cipher_update(mbedtls_cipher_context_t *ctx, const unsigned char *in
|
|||
return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
if (ctx->psa_enabled == 1) {
|
||||
/* While PSA Crypto has an API for multipart
|
||||
* operations, we currently don't make it
|
||||
* accessible through the cipher layer. */
|
||||
return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
|
||||
}
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO && !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
*olen = 0;
|
||||
block_size = mbedtls_cipher_get_block_size(ctx);
|
||||
|
@ -956,14 +1018,14 @@ int mbedtls_cipher_finish(mbedtls_cipher_context_t *ctx,
|
|||
return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
if (ctx->psa_enabled == 1) {
|
||||
/* While PSA Crypto has an API for multipart
|
||||
* operations, we currently don't make it
|
||||
* accessible through the cipher layer. */
|
||||
return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
|
||||
}
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO && !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
*olen = 0;
|
||||
|
||||
|
@ -1055,7 +1117,7 @@ int mbedtls_cipher_set_padding_mode(mbedtls_cipher_context_t *ctx,
|
|||
return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
if (ctx->psa_enabled == 1) {
|
||||
/* While PSA Crypto knows about CBC padding
|
||||
* schemes, we currently don't make them
|
||||
|
@ -1066,7 +1128,7 @@ int mbedtls_cipher_set_padding_mode(mbedtls_cipher_context_t *ctx,
|
|||
|
||||
return 0;
|
||||
}
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO && !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
switch (mode) {
|
||||
#if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
|
||||
|
@ -1118,14 +1180,14 @@ int mbedtls_cipher_write_tag(mbedtls_cipher_context_t *ctx,
|
|||
return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
if (ctx->psa_enabled == 1) {
|
||||
/* While PSA Crypto has an API for multipart
|
||||
* operations, we currently don't make it
|
||||
* accessible through the cipher layer. */
|
||||
return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
|
||||
}
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO && !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
#if defined(MBEDTLS_GCM_C)
|
||||
if (MBEDTLS_MODE_GCM == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode)) {
|
||||
|
@ -1167,14 +1229,14 @@ int mbedtls_cipher_check_tag(mbedtls_cipher_context_t *ctx,
|
|||
return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
if (ctx->psa_enabled == 1) {
|
||||
/* While PSA Crypto has an API for multipart
|
||||
* operations, we currently don't make it
|
||||
* accessible through the cipher layer. */
|
||||
return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
|
||||
}
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO && !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
/* Status to return on a non-authenticated algorithm. */
|
||||
ret = MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
|
||||
|
@ -1242,7 +1304,7 @@ int mbedtls_cipher_crypt(mbedtls_cipher_context_t *ctx,
|
|||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
size_t finish_olen;
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
if (ctx->psa_enabled == 1) {
|
||||
/* As in the non-PSA case, we don't check that
|
||||
* a key has been set. If not, the key slot will
|
||||
|
@ -1300,7 +1362,7 @@ int mbedtls_cipher_crypt(mbedtls_cipher_context_t *ctx,
|
|||
*olen += part_len;
|
||||
return 0;
|
||||
}
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO && !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
if ((ret = mbedtls_cipher_set_iv(ctx, iv, iv_len)) != 0) {
|
||||
return ret;
|
||||
|
@ -1337,7 +1399,7 @@ static int mbedtls_cipher_aead_encrypt(mbedtls_cipher_context_t *ctx,
|
|||
unsigned char *output, size_t *olen,
|
||||
unsigned char *tag, size_t tag_len)
|
||||
{
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
if (ctx->psa_enabled == 1) {
|
||||
/* As in the non-PSA case, we don't check that
|
||||
* a key has been set. If not, the key slot will
|
||||
|
@ -1368,7 +1430,7 @@ static int mbedtls_cipher_aead_encrypt(mbedtls_cipher_context_t *ctx,
|
|||
*olen -= tag_len;
|
||||
return 0;
|
||||
}
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO && !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
#if defined(MBEDTLS_GCM_C)
|
||||
if (MBEDTLS_MODE_GCM == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode)) {
|
||||
|
@ -1414,7 +1476,7 @@ static int mbedtls_cipher_aead_decrypt(mbedtls_cipher_context_t *ctx,
|
|||
unsigned char *output, size_t *olen,
|
||||
const unsigned char *tag, size_t tag_len)
|
||||
{
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
if (ctx->psa_enabled == 1) {
|
||||
/* As in the non-PSA case, we don't check that
|
||||
* a key has been set. If not, the key slot will
|
||||
|
@ -1446,7 +1508,7 @@ static int mbedtls_cipher_aead_decrypt(mbedtls_cipher_context_t *ctx,
|
|||
|
||||
return 0;
|
||||
}
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO && !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
#if defined(MBEDTLS_GCM_C)
|
||||
if (MBEDTLS_MODE_GCM == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode)) {
|
||||
|
@ -1519,7 +1581,7 @@ int mbedtls_cipher_auth_encrypt_ext(mbedtls_cipher_context_t *ctx,
|
|||
{
|
||||
#if defined(MBEDTLS_NIST_KW_C)
|
||||
if (
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
ctx->psa_enabled == 0 &&
|
||||
#endif
|
||||
(MBEDTLS_MODE_KW == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode) ||
|
||||
|
@ -1570,7 +1632,7 @@ int mbedtls_cipher_auth_decrypt_ext(mbedtls_cipher_context_t *ctx,
|
|||
{
|
||||
#if defined(MBEDTLS_NIST_KW_C)
|
||||
if (
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
ctx->psa_enabled == 0 &&
|
||||
#endif
|
||||
(MBEDTLS_MODE_KW == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode) ||
|
||||
|
|
|
@ -41,7 +41,7 @@
|
|||
#include "mbedtls/lms.h"
|
||||
#include "mbedtls/platform_util.h"
|
||||
#include "mbedtls/error.h"
|
||||
#include "mbedtls/psa_util.h"
|
||||
#include "psa_util_internal.h"
|
||||
|
||||
#include "psa/crypto.h"
|
||||
|
||||
|
|
|
@ -39,7 +39,7 @@
|
|||
#include "lmots.h"
|
||||
|
||||
#include "psa/crypto.h"
|
||||
#include "mbedtls/psa_util.h"
|
||||
#include "psa_util_internal.h"
|
||||
#include "mbedtls/lms.h"
|
||||
#include "mbedtls/error.h"
|
||||
#include "mbedtls/platform_util.h"
|
||||
|
|
|
@ -56,7 +56,7 @@
|
|||
#if defined(MBEDTLS_PSA_CRYPTO_C)
|
||||
#include <psa/crypto.h>
|
||||
#include "md_psa.h"
|
||||
#include "mbedtls/psa_util.h"
|
||||
#include "psa_util_internal.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_MD_SOME_PSA)
|
||||
|
|
|
@ -39,7 +39,7 @@
|
|||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_C)
|
||||
#include "mbedtls/psa_util.h"
|
||||
#include "psa_util_internal.h"
|
||||
#include "md_psa.h"
|
||||
#endif
|
||||
|
||||
|
|
|
@ -34,7 +34,7 @@
|
|||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_C)
|
||||
#include "mbedtls/psa_util.h"
|
||||
#include "psa_util_internal.h"
|
||||
#define PSA_PK_TO_MBEDTLS_ERR(status) psa_pk_status_to_mbedtls(status)
|
||||
#define PSA_PK_RSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \
|
||||
psa_to_pk_rsa_errors, \
|
||||
|
|
|
@ -43,7 +43,7 @@
|
|||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_C)
|
||||
#include "mbedtls/psa_util.h"
|
||||
#include "psa_util_internal.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
|
|
|
@ -39,7 +39,7 @@
|
|||
#include "mbedtls/des.h"
|
||||
#endif
|
||||
|
||||
#include "mbedtls/psa_util.h"
|
||||
#include "psa_util_internal.h"
|
||||
|
||||
#if defined(MBEDTLS_ASN1_PARSE_C)
|
||||
|
||||
|
|
|
@ -44,7 +44,7 @@
|
|||
|
||||
#include "mbedtls/platform.h"
|
||||
|
||||
#include "mbedtls/psa_util.h"
|
||||
#include "psa_util_internal.h"
|
||||
|
||||
#if defined(MBEDTLS_ASN1_PARSE_C)
|
||||
static int pkcs5_parse_pbkdf2_params(const mbedtls_asn1_buf *params,
|
||||
|
|
|
@ -54,7 +54,7 @@
|
|||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_C)
|
||||
#include "mbedtls/psa_util.h"
|
||||
#include "psa_util_internal.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
|
|
|
@ -53,7 +53,7 @@
|
|||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
#include "psa/crypto.h"
|
||||
#include "mbedtls/psa_util.h"
|
||||
#include "psa_util_internal.h"
|
||||
#endif
|
||||
#include "mbedtls/platform.h"
|
||||
|
||||
|
|
|
@ -27,6 +27,7 @@
|
|||
#include "psa_crypto_ffdh.h"
|
||||
#include "psa_crypto_random_impl.h"
|
||||
#include "mbedtls/platform.h"
|
||||
#include "mbedtls/error.h"
|
||||
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_LEGACY) || \
|
||||
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY) || \
|
||||
|
|
|
@ -28,7 +28,7 @@
|
|||
#include "psa_crypto_slot_management.h"
|
||||
|
||||
#include <mbedtls/ecjpake.h>
|
||||
#include <mbedtls/psa_util.h>
|
||||
#include <psa_util_internal.h>
|
||||
|
||||
#include <mbedtls/platform.h>
|
||||
#include <mbedtls/error.h>
|
||||
|
|
|
@ -3,12 +3,12 @@
|
|||
* \brief PSA crypto random generator implementation abstraction.
|
||||
*
|
||||
* The definitions here need to be consistent with the declarations
|
||||
* in include/mbedtls/psa_util.h. This file contains some redundant
|
||||
* in include/psa_util_internal.h. This file contains some redundant
|
||||
* declarations to increase the chance that a compiler will detect
|
||||
* inconsistencies if one file is changed without updating the other,
|
||||
* but not all potential inconsistencies can be enforced, so make sure
|
||||
* to check the public declarations and contracts in
|
||||
* include/mbedtls/psa_util.h if you modify this file.
|
||||
* include/psa_util_internal.h if you modify this file.
|
||||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
|
@ -30,7 +30,7 @@
|
|||
#ifndef PSA_CRYPTO_RANDOM_IMPL_H
|
||||
#define PSA_CRYPTO_RANDOM_IMPL_H
|
||||
|
||||
#include <mbedtls/psa_util.h>
|
||||
#include <psa_util_internal.h>
|
||||
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
|
||||
|
||||
|
@ -123,7 +123,7 @@ typedef struct {
|
|||
mbedtls_psa_drbg_context_t drbg;
|
||||
} mbedtls_psa_random_context_t;
|
||||
|
||||
/* Defined in include/mbedtls/psa_util.h so that it's visible to
|
||||
/* Defined in include/psa_util_internal.h so that it's visible to
|
||||
* application code. The declaration here is redundant, but included
|
||||
* as a safety net to make it more likely that a future change that
|
||||
* accidentally causes the implementation to diverge from the interface
|
||||
|
@ -154,7 +154,7 @@ static mbedtls_f_rng_t *const mbedtls_psa_get_random;
|
|||
/* psa_crypto.c sets this variable to a pointer to the DRBG state in the
|
||||
* global PSA crypto state. */
|
||||
/* The type `mbedtls_psa_drbg_context_t` is defined in
|
||||
* include/mbedtls/psa_util.h so that `mbedtls_psa_random_state` can be
|
||||
* include/psa_util_internal.h so that `mbedtls_psa_random_state` can be
|
||||
* declared there and be visible to application code. */
|
||||
extern mbedtls_psa_drbg_context_t *const mbedtls_psa_random_state;
|
||||
|
||||
|
|
|
@ -25,11 +25,31 @@
|
|||
#include <psa/crypto.h>
|
||||
|
||||
#include "psa_crypto_core.h"
|
||||
#include <mbedtls/psa_util.h>
|
||||
#include <psa_util_internal.h>
|
||||
|
||||
/* The following includes are needed for MBEDTLS_ERR_XXX macros */
|
||||
#include <mbedtls/error.h>
|
||||
#if defined(MBEDTLS_MD_LIGHT)
|
||||
#include <mbedtls/md.h>
|
||||
#endif
|
||||
#if defined(MBEDTLS_LMS_C)
|
||||
#include <mbedtls/lms.h>
|
||||
#endif
|
||||
#if defined(MBEDTLS_SSL_TLS_C) && \
|
||||
(defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3))
|
||||
#include <mbedtls/ssl.h>
|
||||
#endif
|
||||
#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) || \
|
||||
defined(MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY)
|
||||
#include <mbedtls/rsa.h>
|
||||
#endif
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
|
||||
defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
|
||||
#include <mbedtls/ecp.h>
|
||||
#endif
|
||||
#if defined(MBEDTLS_PK_C)
|
||||
#include <mbedtls/pk.h>
|
||||
#endif
|
||||
|
||||
/* PSA_SUCCESS is kept at the top of each error table since
|
||||
* it's the most common status when everything functions properly. */
|
||||
|
@ -50,7 +70,8 @@ const mbedtls_error_pair_t psa_to_lms_errors[] =
|
|||
{ PSA_ERROR_INVALID_ARGUMENT, MBEDTLS_ERR_LMS_BAD_INPUT_DATA }
|
||||
};
|
||||
#endif
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
#if defined(MBEDTLS_SSL_TLS_C) && \
|
||||
(defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3))
|
||||
const mbedtls_error_pair_t psa_to_ssl_errors[] =
|
||||
{
|
||||
{ PSA_SUCCESS, 0 },
|
||||
|
@ -123,6 +144,7 @@ int psa_status_to_mbedtls(psa_status_t status,
|
|||
return fallback_f(status);
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_PK_C)
|
||||
int psa_pk_status_to_mbedtls(psa_status_t status)
|
||||
{
|
||||
switch (status) {
|
||||
|
@ -146,4 +168,5 @@ int psa_pk_status_to_mbedtls(psa_status_t status)
|
|||
return psa_generic_status_to_mbedtls(status);
|
||||
}
|
||||
}
|
||||
#endif /* MBEDTLS_PK_C */
|
||||
#endif /* MBEDTLS_PSA_CRYPTO_C */
|
||||
|
|
108
library/psa_util_internal.h
Normal file
108
library/psa_util_internal.h
Normal file
|
@ -0,0 +1,108 @@
|
|||
/**
|
||||
* \file psa_util_internal.h
|
||||
*
|
||||
* \brief Internal utility functions for use of PSA Crypto.
|
||||
*/
|
||||
/*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#ifndef MBEDTLS_PSA_UTIL_INTERNAL_H
|
||||
#define MBEDTLS_PSA_UTIL_INTERNAL_H
|
||||
|
||||
/* Include the public header so that users only need one include. */
|
||||
#include "mbedtls/psa_util.h"
|
||||
|
||||
#include "psa/crypto.h"
|
||||
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_C)
|
||||
|
||||
/*************************************************************************
|
||||
* FFDH
|
||||
************************************************************************/
|
||||
|
||||
#define MBEDTLS_PSA_MAX_FFDH_PUBKEY_LENGTH \
|
||||
PSA_KEY_EXPORT_FFDH_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS)
|
||||
|
||||
/*************************************************************************
|
||||
* ECC
|
||||
************************************************************************/
|
||||
|
||||
#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH \
|
||||
PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)
|
||||
|
||||
#define MBEDTLS_PSA_MAX_EC_KEY_PAIR_LENGTH \
|
||||
PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)
|
||||
|
||||
/*************************************************************************
|
||||
* Error translation
|
||||
************************************************************************/
|
||||
|
||||
typedef struct {
|
||||
/* Error codes used by PSA crypto are in -255..-128, fitting in 16 bits. */
|
||||
int16_t psa_status;
|
||||
/* Error codes used by Mbed TLS are in one of the ranges
|
||||
* -127..-1 (low-level) or -32767..-4096 (high-level with a low-level
|
||||
* code optionally added), fitting in 16 bits. */
|
||||
int16_t mbedtls_error;
|
||||
} mbedtls_error_pair_t;
|
||||
|
||||
#if defined(MBEDTLS_MD_LIGHT)
|
||||
extern const mbedtls_error_pair_t psa_to_md_errors[4];
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_LMS_C)
|
||||
extern const mbedtls_error_pair_t psa_to_lms_errors[3];
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
extern const mbedtls_error_pair_t psa_to_ssl_errors[7];
|
||||
#endif
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) || \
|
||||
defined(MBEDTLS_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY)
|
||||
extern const mbedtls_error_pair_t psa_to_pk_rsa_errors[8];
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
|
||||
defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
|
||||
extern const mbedtls_error_pair_t psa_to_pk_ecdsa_errors[7];
|
||||
#endif
|
||||
|
||||
/* Generic fallback function for error translation,
|
||||
* when the received state was not module-specific. */
|
||||
int psa_generic_status_to_mbedtls(psa_status_t status);
|
||||
|
||||
/* This function iterates over provided local error translations,
|
||||
* and if no match was found - calls the fallback error translation function. */
|
||||
int psa_status_to_mbedtls(psa_status_t status,
|
||||
const mbedtls_error_pair_t *local_translations,
|
||||
size_t local_errors_num,
|
||||
int (*fallback_f)(psa_status_t));
|
||||
|
||||
/* The second out of three-stage error handling functions of the pk module,
|
||||
* acts as a fallback after RSA / ECDSA error translation, and if no match
|
||||
* is found, it itself calls psa_generic_status_to_mbedtls. */
|
||||
int psa_pk_status_to_mbedtls(psa_status_t status);
|
||||
|
||||
/* Utility macro to shorten the defines of error translator in modules. */
|
||||
#define PSA_TO_MBEDTLS_ERR_LIST(status, error_list, fallback_f) \
|
||||
psa_status_to_mbedtls(status, error_list, \
|
||||
sizeof(error_list)/sizeof(error_list[0]), \
|
||||
fallback_f)
|
||||
|
||||
#endif /* MBEDTLS_PSA_CRYPTO_C */
|
||||
#endif /* MBEDTLS_PSA_UTIL_INTERNAL_H */
|
|
@ -24,12 +24,14 @@
|
|||
|
||||
#include "mbedtls/build_info.h"
|
||||
|
||||
#include "mbedtls/error.h"
|
||||
|
||||
#include "mbedtls/ssl.h"
|
||||
#include "mbedtls/cipher.h"
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
#include "psa/crypto.h"
|
||||
#include "mbedtls/psa_util.h"
|
||||
#include "psa_util_internal.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_MD_CAN_MD5)
|
||||
|
|
|
@ -40,7 +40,7 @@
|
|||
#include <string.h>
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
#include "mbedtls/psa_util.h"
|
||||
#include "psa_util_internal.h"
|
||||
#include "psa/crypto.h"
|
||||
#endif
|
||||
|
||||
|
|
|
@ -42,7 +42,7 @@
|
|||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
#include "md_psa.h"
|
||||
#include "mbedtls/psa_util.h"
|
||||
#include "psa_util_internal.h"
|
||||
#include "psa/crypto.h"
|
||||
#endif
|
||||
|
||||
|
|
|
@ -31,7 +31,7 @@
|
|||
#include "mbedtls/constant_time.h"
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
#include "mbedtls/psa_util.h"
|
||||
#include "psa_util_internal.h"
|
||||
#include "psa/crypto.h"
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
|
||||
/* Define a local translating function to save code size by not using too many
|
||||
|
|
|
@ -37,7 +37,7 @@
|
|||
#include "ssl_debug_helpers.h"
|
||||
|
||||
#include "psa/crypto.h"
|
||||
#include "mbedtls/psa_util.h"
|
||||
#include "psa_util_internal.h"
|
||||
|
||||
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) || \
|
||||
defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_FFDH)
|
||||
|
|
|
@ -25,6 +25,7 @@
|
|||
#include "mbedtls/error.h"
|
||||
#include "mbedtls/platform.h"
|
||||
#include "mbedtls/constant_time.h"
|
||||
#include "mbedtls/oid.h"
|
||||
#include "md_psa.h"
|
||||
|
||||
#include "ssl_misc.h"
|
||||
|
|
|
@ -46,7 +46,7 @@
|
|||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
#include "psa/crypto.h"
|
||||
#include "mbedtls/psa_util.h"
|
||||
#include "psa_util_internal.h"
|
||||
#include "md_psa.h"
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
#include "pk_internal.h"
|
||||
|
|
|
@ -44,7 +44,7 @@
|
|||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
#include "psa/crypto.h"
|
||||
#include "mbedtls/psa_util.h"
|
||||
#include "psa_util_internal.h"
|
||||
#include "md_psa.h"
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
|
|
|
@ -35,7 +35,7 @@
|
|||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
#include "psa/crypto.h"
|
||||
#include "mbedtls/psa_util.h"
|
||||
#include "psa_util_internal.h"
|
||||
#include "md_psa.h"
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
|
|
|
@ -28,10 +28,6 @@
|
|||
#include <psa/crypto.h>
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
#include "mbedtls/psa_util.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_MD_LIGHT)
|
||||
#include "mbedtls/md.h"
|
||||
#endif
|
||||
|
|
|
@ -19,7 +19,7 @@
|
|||
#include "md_psa.h"
|
||||
|
||||
/* Used for properly sizing the key buffer in pk_genkey_ec() */
|
||||
#include "mbedtls/psa_util.h"
|
||||
#include "psa_util_internal.h"
|
||||
|
||||
#define RSA_KEY_SIZE 512
|
||||
#define RSA_KEY_LEN 64
|
||||
|
|
|
@ -8,6 +8,7 @@
|
|||
#include "sys/types.h"
|
||||
#include "sys/stat.h"
|
||||
#include "mbedtls/rsa.h"
|
||||
#include "mbedtls/error.h"
|
||||
/* END_HEADER */
|
||||
|
||||
/* BEGIN_DEPENDENCIES
|
||||
|
|
Loading…
Reference in a new issue