Unify PSA to Mbed TLS error translation
Move all error translation utilities to psa_util.c. Introduce macros and functions to avoid having a local copy of the error translating function in each place. Identify overlapping errors and introduce a generic function. Provide a single macro for all error translations (unless one file needs a couple of different ones). Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
This commit is contained in:
parent
05b80a4eee
commit
8a045ce5e6
29 changed files with 459 additions and 147 deletions
|
@ -344,6 +344,41 @@ extern mbedtls_psa_drbg_context_t *const mbedtls_psa_random_state;
|
||||||
|
|
||||||
#endif /* !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) */
|
#endif /* !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) */
|
||||||
|
|
||||||
#endif /* MBEDTLS_PSA_CRYPTO_C */
|
/* PSA errors use int32_t, while Mbed TLS ones use int16_t. psa_status_t
|
||||||
|
* is enough to store either of them. */
|
||||||
|
#if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_MD5_C)
|
||||||
|
extern psa_status_t psa_to_md_errors[8];
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_LMS_C)
|
||||||
|
extern psa_status_t psa_to_lms_errors[6];
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||||
|
extern psa_status_t psa_to_ssl_errors[14];
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) || \
|
||||||
|
defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR)
|
||||||
|
extern psa_status_t psa_to_pk_rsa_errors[16];
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
|
||||||
|
defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
|
||||||
|
extern psa_status_t psa_to_pk_ecdsa_errors[14];
|
||||||
|
#endif
|
||||||
|
|
||||||
|
int psa_generic_status_to_mbedtls(psa_status_t status);
|
||||||
|
|
||||||
|
int psa_status_to_mbedtls(psa_status_t status,
|
||||||
|
psa_status_t *local_translations,
|
||||||
|
size_t local_errors_num,
|
||||||
|
int (*fallback_f)(psa_status_t));
|
||||||
|
|
||||||
|
int psa_pk_status_to_mbedtls(psa_status_t status);
|
||||||
|
|
||||||
|
#define PSA_TO_MBEDTLS_ERR_LIST(status, error_list, fallback_f) \
|
||||||
|
psa_status_to_mbedtls(status, error_list, sizeof(error_list), fallback_f)
|
||||||
|
|
||||||
|
#endif /* MBEDTLS_PSA_CRYPTO_C */
|
||||||
#endif /* MBEDTLS_PSA_UTIL_H */
|
#endif /* MBEDTLS_PSA_UTIL_H */
|
||||||
|
|
|
@ -77,6 +77,7 @@ set(src_crypto
|
||||||
psa_crypto_slot_management.c
|
psa_crypto_slot_management.c
|
||||||
psa_crypto_storage.c
|
psa_crypto_storage.c
|
||||||
psa_its_file.c
|
psa_its_file.c
|
||||||
|
psa_util.c
|
||||||
ripemd160.c
|
ripemd160.c
|
||||||
rsa.c
|
rsa.c
|
||||||
rsa_alt_helpers.c
|
rsa_alt_helpers.c
|
||||||
|
|
|
@ -142,6 +142,7 @@ OBJS_CRYPTO= \
|
||||||
psa_crypto_slot_management.o \
|
psa_crypto_slot_management.o \
|
||||||
psa_crypto_storage.o \
|
psa_crypto_storage.o \
|
||||||
psa_its_file.o \
|
psa_its_file.o \
|
||||||
|
psa_util.o \
|
||||||
ripemd160.o \
|
ripemd160.o \
|
||||||
rsa.o \
|
rsa.o \
|
||||||
rsa_alt_helpers.o \
|
rsa_alt_helpers.o \
|
||||||
|
|
|
@ -46,6 +46,11 @@
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
|
#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \
|
||||||
|
psa_to_ssl_errors, \
|
||||||
|
psa_generic_status_to_mbedtls)
|
||||||
|
#endif
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Define MBEDTLS_EFFICIENT_UNALIGNED_VOLATILE_ACCESS where assembly is present to
|
* Define MBEDTLS_EFFICIENT_UNALIGNED_VOLATILE_ACCESS where assembly is present to
|
||||||
|
@ -620,7 +625,7 @@ cleanup:
|
||||||
|
|
||||||
psa_hash_abort(&operation);
|
psa_hash_abort(&operation);
|
||||||
psa_hash_abort(&aux_operation);
|
psa_hash_abort(&aux_operation);
|
||||||
return psa_ssl_status_to_mbedtls(status);
|
return PSA_TO_MBEDTLS_ERR(status);
|
||||||
}
|
}
|
||||||
|
|
||||||
#undef MAX_HASH_BLOCK_LENGTH
|
#undef MAX_HASH_BLOCK_LENGTH
|
||||||
|
|
|
@ -35,6 +35,11 @@
|
||||||
#if !defined(MBEDTLS_MD_C)
|
#if !defined(MBEDTLS_MD_C)
|
||||||
#include "psa/crypto.h"
|
#include "psa/crypto.h"
|
||||||
#include "mbedtls/psa_util.h"
|
#include "mbedtls/psa_util.h"
|
||||||
|
#if !defined(MBEDTLS_ECJPAKE_ALT)
|
||||||
|
#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \
|
||||||
|
psa_to_md_errors, \
|
||||||
|
psa_generic_status_to_mbedtls)
|
||||||
|
#endif /* !MBEDTLS_ECJPAKE_ALT */
|
||||||
#endif /* !MBEDTLS_MD_C */
|
#endif /* !MBEDTLS_MD_C */
|
||||||
|
|
||||||
#include "hash_info.h"
|
#include "hash_info.h"
|
||||||
|
@ -72,7 +77,7 @@ static int mbedtls_ecjpake_compute_hash(mbedtls_md_type_t md_type,
|
||||||
|
|
||||||
status = psa_hash_compute(alg, input, ilen, output, out_size, &out_len);
|
status = psa_hash_compute(alg, input, ilen, output, out_size, &out_len);
|
||||||
|
|
||||||
return mbedtls_md_error_from_psa(status);
|
return PSA_TO_MBEDTLS_ERR(status);
|
||||||
#endif /* !MBEDTLS_MD_C */
|
#endif /* !MBEDTLS_MD_C */
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -104,6 +104,7 @@ mbedtls_md_type_t mbedtls_hash_info_md_from_psa(psa_algorithm_t psa_alg)
|
||||||
return entry->md_type;
|
return entry->md_type;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||||
int mbedtls_md_error_from_psa(psa_status_t status)
|
int mbedtls_md_error_from_psa(psa_status_t status)
|
||||||
{
|
{
|
||||||
switch (status) {
|
switch (status) {
|
||||||
|
@ -119,3 +120,4 @@ int mbedtls_md_error_from_psa(psa_status_t status)
|
||||||
return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
|
return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||||
|
|
|
@ -34,6 +34,7 @@
|
||||||
|
|
||||||
#include "mbedtls/md.h"
|
#include "mbedtls/md.h"
|
||||||
#include "psa/crypto.h"
|
#include "psa/crypto.h"
|
||||||
|
#include "mbedtls/platform_util.h"
|
||||||
|
|
||||||
/** \def MBEDTLS_HASH_MAX_SIZE
|
/** \def MBEDTLS_HASH_MAX_SIZE
|
||||||
*
|
*
|
||||||
|
@ -88,12 +89,13 @@ psa_algorithm_t mbedtls_hash_info_psa_from_md(mbedtls_md_type_t md_type);
|
||||||
*/
|
*/
|
||||||
mbedtls_md_type_t mbedtls_hash_info_md_from_psa(psa_algorithm_t psa_alg);
|
mbedtls_md_type_t mbedtls_hash_info_md_from_psa(psa_algorithm_t psa_alg);
|
||||||
|
|
||||||
|
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||||
/** Convert PSA status to MD error code.
|
/** Convert PSA status to MD error code.
|
||||||
*
|
*
|
||||||
* \param status PSA status.
|
* \param status PSA status.
|
||||||
*
|
*
|
||||||
* \return The corresponding MD error code,
|
* \return The corresponding MD error code,
|
||||||
*/
|
*/
|
||||||
int mbedtls_md_error_from_psa(psa_status_t status);
|
int MBEDTLS_DEPRECATED mbedtls_md_error_from_psa(psa_status_t status);
|
||||||
|
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||||
#endif /* MBEDTLS_HASH_INFO_H */
|
#endif /* MBEDTLS_HASH_INFO_H */
|
||||||
|
|
|
@ -41,9 +41,14 @@
|
||||||
#include "mbedtls/lms.h"
|
#include "mbedtls/lms.h"
|
||||||
#include "mbedtls/platform_util.h"
|
#include "mbedtls/platform_util.h"
|
||||||
#include "mbedtls/error.h"
|
#include "mbedtls/error.h"
|
||||||
|
#include "mbedtls/psa_util.h"
|
||||||
|
|
||||||
#include "psa/crypto.h"
|
#include "psa/crypto.h"
|
||||||
|
|
||||||
|
#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \
|
||||||
|
psa_to_lms_errors, \
|
||||||
|
psa_generic_status_to_mbedtls)
|
||||||
|
|
||||||
#define PUBLIC_KEY_TYPE_OFFSET (0)
|
#define PUBLIC_KEY_TYPE_OFFSET (0)
|
||||||
#define PUBLIC_KEY_I_KEY_ID_OFFSET (PUBLIC_KEY_TYPE_OFFSET + \
|
#define PUBLIC_KEY_I_KEY_ID_OFFSET (PUBLIC_KEY_TYPE_OFFSET + \
|
||||||
MBEDTLS_LMOTS_TYPE_LEN)
|
MBEDTLS_LMOTS_TYPE_LEN)
|
||||||
|
@ -198,7 +203,7 @@ static int create_digit_array_with_checksum(const mbedtls_lmots_parameters_t *pa
|
||||||
exit:
|
exit:
|
||||||
psa_hash_abort(&op);
|
psa_hash_abort(&op);
|
||||||
|
|
||||||
return mbedtls_lms_error_from_psa(status);
|
return PSA_TO_MBEDTLS_ERR(status);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Hash each element of the string of digits (+ checksum), producing a hash
|
/* Hash each element of the string of digits (+ checksum), producing a hash
|
||||||
|
@ -321,7 +326,7 @@ exit:
|
||||||
psa_hash_abort(&op);
|
psa_hash_abort(&op);
|
||||||
mbedtls_platform_zeroize(tmp_hash, sizeof(tmp_hash));
|
mbedtls_platform_zeroize(tmp_hash, sizeof(tmp_hash));
|
||||||
|
|
||||||
return mbedtls_lms_error_from_psa(status);
|
return PSA_TO_MBEDTLS_ERR(status);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Combine the hashes of the digit array into a public key. This is used in
|
/* Combine the hashes of the digit array into a public key. This is used in
|
||||||
|
@ -386,9 +391,10 @@ exit:
|
||||||
psa_hash_abort(&op);
|
psa_hash_abort(&op);
|
||||||
}
|
}
|
||||||
|
|
||||||
return mbedtls_lms_error_from_psa(status);
|
return PSA_TO_MBEDTLS_ERR(status);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||||
int mbedtls_lms_error_from_psa(psa_status_t status)
|
int mbedtls_lms_error_from_psa(psa_status_t status)
|
||||||
{
|
{
|
||||||
switch (status) {
|
switch (status) {
|
||||||
|
@ -406,6 +412,7 @@ int mbedtls_lms_error_from_psa(psa_status_t status)
|
||||||
return MBEDTLS_ERR_ERROR_GENERIC_ERROR;
|
return MBEDTLS_ERR_ERROR_GENERIC_ERROR;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||||
|
|
||||||
void mbedtls_lmots_public_init(mbedtls_lmots_public_t *ctx)
|
void mbedtls_lmots_public_init(mbedtls_lmots_public_t *ctx)
|
||||||
{
|
{
|
||||||
|
@ -682,7 +689,7 @@ int mbedtls_lmots_generate_private_key(mbedtls_lmots_private_t *ctx,
|
||||||
exit:
|
exit:
|
||||||
psa_hash_abort(&op);
|
psa_hash_abort(&op);
|
||||||
|
|
||||||
return mbedtls_lms_error_from_psa(status);
|
return PSA_TO_MBEDTLS_ERR(status);
|
||||||
}
|
}
|
||||||
|
|
||||||
int mbedtls_lmots_calculate_public_key(mbedtls_lmots_public_t *ctx,
|
int mbedtls_lmots_calculate_public_key(mbedtls_lmots_public_t *ctx,
|
||||||
|
|
|
@ -79,6 +79,7 @@ void mbedtls_lms_unsigned_int_to_network_bytes(unsigned int val, size_t len,
|
||||||
unsigned int mbedtls_lms_network_bytes_to_unsigned_int(size_t len,
|
unsigned int mbedtls_lms_network_bytes_to_unsigned_int(size_t len,
|
||||||
const unsigned char *bytes);
|
const unsigned char *bytes);
|
||||||
|
|
||||||
|
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||||
/**
|
/**
|
||||||
* \brief This function converts a \ref psa_status_t to a
|
* \brief This function converts a \ref psa_status_t to a
|
||||||
* low-level LMS error code.
|
* low-level LMS error code.
|
||||||
|
@ -87,8 +88,8 @@ unsigned int mbedtls_lms_network_bytes_to_unsigned_int(size_t len,
|
||||||
*
|
*
|
||||||
* \return The corresponding LMS error code.
|
* \return The corresponding LMS error code.
|
||||||
*/
|
*/
|
||||||
int mbedtls_lms_error_from_psa(psa_status_t status);
|
int MBEDTLS_DEPRECATED mbedtls_lms_error_from_psa(psa_status_t status);
|
||||||
|
#endif
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \brief This function initializes a public LMOTS context
|
* \brief This function initializes a public LMOTS context
|
||||||
|
|
|
@ -39,13 +39,17 @@
|
||||||
#include "lmots.h"
|
#include "lmots.h"
|
||||||
|
|
||||||
#include "psa/crypto.h"
|
#include "psa/crypto.h"
|
||||||
|
#include "mbedtls/psa_util.h"
|
||||||
#include "mbedtls/lms.h"
|
#include "mbedtls/lms.h"
|
||||||
#include "mbedtls/error.h"
|
#include "mbedtls/error.h"
|
||||||
#include "mbedtls/platform_util.h"
|
#include "mbedtls/platform_util.h"
|
||||||
|
|
||||||
#include "mbedtls/platform.h"
|
#include "mbedtls/platform.h"
|
||||||
|
|
||||||
|
#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \
|
||||||
|
psa_to_lms_errors, \
|
||||||
|
psa_generic_status_to_mbedtls)
|
||||||
|
|
||||||
#define SIG_Q_LEAF_ID_OFFSET (0)
|
#define SIG_Q_LEAF_ID_OFFSET (0)
|
||||||
#define SIG_OTS_SIG_OFFSET (SIG_Q_LEAF_ID_OFFSET + \
|
#define SIG_OTS_SIG_OFFSET (SIG_Q_LEAF_ID_OFFSET + \
|
||||||
MBEDTLS_LMOTS_Q_LEAF_ID_LEN)
|
MBEDTLS_LMOTS_Q_LEAF_ID_LEN)
|
||||||
|
@ -140,7 +144,7 @@ static int create_merkle_leaf_value(const mbedtls_lms_parameters_t *params,
|
||||||
exit:
|
exit:
|
||||||
psa_hash_abort(&op);
|
psa_hash_abort(&op);
|
||||||
|
|
||||||
return mbedtls_lms_error_from_psa(status);
|
return PSA_TO_MBEDTLS_ERR(status);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Calculate the value of an internal node of the Merkle tree (which is a hash
|
/* Calculate the value of an internal node of the Merkle tree (which is a hash
|
||||||
|
@ -220,7 +224,7 @@ static int create_merkle_internal_value(const mbedtls_lms_parameters_t *params,
|
||||||
exit:
|
exit:
|
||||||
psa_hash_abort(&op);
|
psa_hash_abort(&op);
|
||||||
|
|
||||||
return mbedtls_lms_error_from_psa(status);
|
return PSA_TO_MBEDTLS_ERR(status);
|
||||||
}
|
}
|
||||||
|
|
||||||
void mbedtls_lms_public_init(mbedtls_lms_public_t *ctx)
|
void mbedtls_lms_public_init(mbedtls_lms_public_t *ctx)
|
||||||
|
|
|
@ -39,6 +39,13 @@
|
||||||
#include "psa/crypto.h"
|
#include "psa/crypto.h"
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if !defined(MBEDTLS_MD5_C)
|
||||||
|
#include "mbedtls/psa_util.h"
|
||||||
|
#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \
|
||||||
|
psa_to_md_errors, \
|
||||||
|
psa_generic_status_to_mbedtls)
|
||||||
|
#endif
|
||||||
|
|
||||||
#include "mbedtls/legacy_or_psa.h"
|
#include "mbedtls/legacy_or_psa.h"
|
||||||
|
|
||||||
#if defined(MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA) && \
|
#if defined(MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA) && \
|
||||||
|
@ -236,7 +243,7 @@ static int pem_pbkdf1(unsigned char *key, size_t keylen,
|
||||||
exit:
|
exit:
|
||||||
mbedtls_platform_zeroize(md5sum, 16);
|
mbedtls_platform_zeroize(md5sum, 16);
|
||||||
|
|
||||||
return mbedtls_md_error_from_psa(status);
|
return PSA_TO_MBEDTLS_ERR(status);
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_MD5_C */
|
#endif /* MBEDTLS_MD5_C */
|
||||||
|
|
||||||
|
|
17
library/pk.c
17
library/pk.c
|
@ -41,6 +41,13 @@
|
||||||
|
|
||||||
#if defined(MBEDTLS_PSA_CRYPTO_C)
|
#if defined(MBEDTLS_PSA_CRYPTO_C)
|
||||||
#include "mbedtls/psa_util.h"
|
#include "mbedtls/psa_util.h"
|
||||||
|
#define PSA_PK_TO_MBEDTLS_ERR(status) psa_pk_status_to_mbedtls(status)
|
||||||
|
#define PSA_PK_RSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \
|
||||||
|
psa_to_pk_rsa_errors, \
|
||||||
|
psa_pk_status_to_mbedtls)
|
||||||
|
#define PSA_PK_ECDSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \
|
||||||
|
psa_to_pk_ecdsa_errors, \
|
||||||
|
psa_pk_status_to_mbedtls)
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#include <limits.h>
|
#include <limits.h>
|
||||||
|
@ -540,7 +547,7 @@ int mbedtls_pk_verify_ext(mbedtls_pk_type_t type, const void *options,
|
||||||
&key_id);
|
&key_id);
|
||||||
if (status != PSA_SUCCESS) {
|
if (status != PSA_SUCCESS) {
|
||||||
psa_destroy_key(key_id);
|
psa_destroy_key(key_id);
|
||||||
return mbedtls_pk_error_from_psa(status);
|
return PSA_PK_TO_MBEDTLS_ERR(status);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* This function requires returning MBEDTLS_ERR_PK_SIG_LEN_MISMATCH
|
/* This function requires returning MBEDTLS_ERR_PK_SIG_LEN_MISMATCH
|
||||||
|
@ -562,7 +569,7 @@ int mbedtls_pk_verify_ext(mbedtls_pk_type_t type, const void *options,
|
||||||
status = destruction_status;
|
status = destruction_status;
|
||||||
}
|
}
|
||||||
|
|
||||||
return mbedtls_pk_error_from_psa_rsa(status);
|
return PSA_PK_RSA_TO_MBEDTLS_ERR(status);
|
||||||
} else
|
} else
|
||||||
#endif
|
#endif
|
||||||
{
|
{
|
||||||
|
@ -700,7 +707,7 @@ int mbedtls_pk_sign_ext(mbedtls_pk_type_t pk_type,
|
||||||
status = psa_sign_hash(*key, PSA_ALG_RSA_PSS(psa_md_alg),
|
status = psa_sign_hash(*key, PSA_ALG_RSA_PSS(psa_md_alg),
|
||||||
hash, hash_len,
|
hash, hash_len,
|
||||||
sig, sig_size, sig_len);
|
sig, sig_size, sig_len);
|
||||||
return mbedtls_pk_error_from_psa_rsa(status);
|
return PSA_PK_RSA_TO_MBEDTLS_ERR(status);
|
||||||
}
|
}
|
||||||
|
|
||||||
return mbedtls_pk_psa_rsa_sign_ext(PSA_ALG_RSA_PSS(psa_md_alg),
|
return mbedtls_pk_psa_rsa_sign_ext(PSA_ALG_RSA_PSS(psa_md_alg),
|
||||||
|
@ -896,7 +903,7 @@ int mbedtls_pk_wrap_as_opaque(mbedtls_pk_context *pk,
|
||||||
/* import private key into PSA */
|
/* import private key into PSA */
|
||||||
status = psa_import_key(&attributes, d, d_len, key);
|
status = psa_import_key(&attributes, d, d_len, key);
|
||||||
if (status != PSA_SUCCESS) {
|
if (status != PSA_SUCCESS) {
|
||||||
return mbedtls_pk_error_from_psa(status);
|
return PSA_PK_TO_MBEDTLS_ERR(status);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* make PK context wrap the key slot */
|
/* make PK context wrap the key slot */
|
||||||
|
@ -936,7 +943,7 @@ int mbedtls_pk_wrap_as_opaque(mbedtls_pk_context *pk,
|
||||||
mbedtls_platform_zeroize(buf, sizeof(buf));
|
mbedtls_platform_zeroize(buf, sizeof(buf));
|
||||||
|
|
||||||
if (status != PSA_SUCCESS) {
|
if (status != PSA_SUCCESS) {
|
||||||
return mbedtls_pk_error_from_psa(status);
|
return PSA_PK_TO_MBEDTLS_ERR(status);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* make PK context wrap the key slot */
|
/* make PK context wrap the key slot */
|
||||||
|
|
|
@ -40,9 +40,19 @@
|
||||||
#include "pkwrite.h"
|
#include "pkwrite.h"
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_PSA_CRYPTO_C)
|
||||||
|
#include "mbedtls/psa_util.h"
|
||||||
|
#define PSA_PK_TO_MBEDTLS_ERR(status) psa_pk_status_to_mbedtls(status)
|
||||||
|
#define PSA_PK_RSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \
|
||||||
|
psa_to_pk_rsa_errors, \
|
||||||
|
psa_pk_status_to_mbedtls)
|
||||||
|
#define PSA_PK_ECDSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \
|
||||||
|
psa_to_pk_ecdsa_errors, \
|
||||||
|
psa_pk_status_to_mbedtls)
|
||||||
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
#include "psa/crypto.h"
|
#include "psa/crypto.h"
|
||||||
#include "mbedtls/psa_util.h"
|
|
||||||
#include "hash_info.h"
|
#include "hash_info.h"
|
||||||
|
|
||||||
#if defined(MBEDTLS_PK_CAN_ECDSA_SOME)
|
#if defined(MBEDTLS_PK_CAN_ECDSA_SOME)
|
||||||
|
@ -57,6 +67,7 @@
|
||||||
#include <stdint.h>
|
#include <stdint.h>
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
|
|
||||||
|
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||||
#if defined(MBEDTLS_PSA_CRYPTO_C)
|
#if defined(MBEDTLS_PSA_CRYPTO_C)
|
||||||
int mbedtls_pk_error_from_psa(psa_status_t status)
|
int mbedtls_pk_error_from_psa(psa_status_t status)
|
||||||
{
|
{
|
||||||
|
@ -113,11 +124,9 @@ int mbedtls_pk_error_from_psa_rsa(psa_status_t status)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#endif /* PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY || PSA_WANT_KEY_TYPE_RSA_KEY_PAIR */
|
#endif /* PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY || PSA_WANT_KEY_TYPE_RSA_KEY_PAIR */
|
||||||
|
|
||||||
#endif /* MBEDTLS_PSA_CRYPTO_C */
|
#endif /* MBEDTLS_PSA_CRYPTO_C */
|
||||||
|
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
|
|
||||||
#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
|
#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
|
||||||
int mbedtls_pk_error_from_psa_ecdsa(psa_status_t status)
|
int mbedtls_pk_error_from_psa_ecdsa(psa_status_t status)
|
||||||
{
|
{
|
||||||
|
@ -138,8 +147,8 @@ int mbedtls_pk_error_from_psa_ecdsa(psa_status_t status)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
|
#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
|
||||||
|
|
||||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||||
|
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||||
|
|
||||||
#if defined(MBEDTLS_RSA_C)
|
#if defined(MBEDTLS_RSA_C)
|
||||||
static int rsa_can_do(mbedtls_pk_type_t type)
|
static int rsa_can_do(mbedtls_pk_type_t type)
|
||||||
|
@ -196,14 +205,14 @@ static int rsa_verify_wrap(void *ctx, mbedtls_md_type_t md_alg,
|
||||||
buf + sizeof(buf) - key_len, key_len,
|
buf + sizeof(buf) - key_len, key_len,
|
||||||
&key_id);
|
&key_id);
|
||||||
if (status != PSA_SUCCESS) {
|
if (status != PSA_SUCCESS) {
|
||||||
ret = mbedtls_pk_error_from_psa(status);
|
ret = PSA_PK_TO_MBEDTLS_ERR(status);
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
status = psa_verify_hash(key_id, psa_alg_md, hash, hash_len,
|
status = psa_verify_hash(key_id, psa_alg_md, hash, hash_len,
|
||||||
sig, sig_len);
|
sig, sig_len);
|
||||||
if (status != PSA_SUCCESS) {
|
if (status != PSA_SUCCESS) {
|
||||||
ret = mbedtls_pk_error_from_psa_rsa(status);
|
ret = PSA_PK_RSA_TO_MBEDTLS_ERR(status);
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
ret = 0;
|
ret = 0;
|
||||||
|
@ -211,7 +220,7 @@ static int rsa_verify_wrap(void *ctx, mbedtls_md_type_t md_alg,
|
||||||
cleanup:
|
cleanup:
|
||||||
status = psa_destroy_key(key_id);
|
status = psa_destroy_key(key_id);
|
||||||
if (ret == 0 && status != PSA_SUCCESS) {
|
if (ret == 0 && status != PSA_SUCCESS) {
|
||||||
ret = mbedtls_pk_error_from_psa(status);
|
ret = PSA_PK_TO_MBEDTLS_ERR(status);
|
||||||
}
|
}
|
||||||
|
|
||||||
return ret;
|
return ret;
|
||||||
|
@ -289,13 +298,13 @@ int mbedtls_pk_psa_rsa_sign_ext(psa_algorithm_t alg,
|
||||||
buf + sizeof(buf) - key_len, key_len,
|
buf + sizeof(buf) - key_len, key_len,
|
||||||
&key_id);
|
&key_id);
|
||||||
if (status != PSA_SUCCESS) {
|
if (status != PSA_SUCCESS) {
|
||||||
ret = mbedtls_pk_error_from_psa(status);
|
ret = PSA_PK_TO_MBEDTLS_ERR(status);
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
status = psa_sign_hash(key_id, alg, hash, hash_len,
|
status = psa_sign_hash(key_id, alg, hash, hash_len,
|
||||||
sig, sig_size, sig_len);
|
sig, sig_size, sig_len);
|
||||||
if (status != PSA_SUCCESS) {
|
if (status != PSA_SUCCESS) {
|
||||||
ret = mbedtls_pk_error_from_psa_rsa(status);
|
ret = PSA_PK_RSA_TO_MBEDTLS_ERR(status);
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -304,7 +313,7 @@ int mbedtls_pk_psa_rsa_sign_ext(psa_algorithm_t alg,
|
||||||
cleanup:
|
cleanup:
|
||||||
status = psa_destroy_key(key_id);
|
status = psa_destroy_key(key_id);
|
||||||
if (ret == 0 && status != PSA_SUCCESS) {
|
if (ret == 0 && status != PSA_SUCCESS) {
|
||||||
ret = mbedtls_pk_error_from_psa(status);
|
ret = PSA_PK_TO_MBEDTLS_ERR(status);
|
||||||
}
|
}
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
@ -398,7 +407,7 @@ static int rsa_decrypt_wrap(void *ctx,
|
||||||
buf + sizeof(buf) - key_len, key_len,
|
buf + sizeof(buf) - key_len, key_len,
|
||||||
&key_id);
|
&key_id);
|
||||||
if (status != PSA_SUCCESS) {
|
if (status != PSA_SUCCESS) {
|
||||||
ret = mbedtls_pk_error_from_psa(status);
|
ret = PSA_PK_TO_MBEDTLS_ERR(status);
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -407,7 +416,7 @@ static int rsa_decrypt_wrap(void *ctx,
|
||||||
NULL, 0,
|
NULL, 0,
|
||||||
output, osize, olen);
|
output, osize, olen);
|
||||||
if (status != PSA_SUCCESS) {
|
if (status != PSA_SUCCESS) {
|
||||||
ret = mbedtls_pk_error_from_psa_rsa(status);
|
ret = PSA_PK_RSA_TO_MBEDTLS_ERR(status);
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -417,7 +426,7 @@ cleanup:
|
||||||
mbedtls_platform_zeroize(buf, sizeof(buf));
|
mbedtls_platform_zeroize(buf, sizeof(buf));
|
||||||
status = psa_destroy_key(key_id);
|
status = psa_destroy_key(key_id);
|
||||||
if (ret == 0 && status != PSA_SUCCESS) {
|
if (ret == 0 && status != PSA_SUCCESS) {
|
||||||
ret = mbedtls_pk_error_from_psa(status);
|
ret = PSA_PK_TO_MBEDTLS_ERR(status);
|
||||||
}
|
}
|
||||||
|
|
||||||
return ret;
|
return ret;
|
||||||
|
@ -484,7 +493,7 @@ static int rsa_encrypt_wrap(void *ctx,
|
||||||
buf + sizeof(buf) - key_len, key_len,
|
buf + sizeof(buf) - key_len, key_len,
|
||||||
&key_id);
|
&key_id);
|
||||||
if (status != PSA_SUCCESS) {
|
if (status != PSA_SUCCESS) {
|
||||||
ret = mbedtls_pk_error_from_psa(status);
|
ret = PSA_PK_TO_MBEDTLS_ERR(status);
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -493,7 +502,7 @@ static int rsa_encrypt_wrap(void *ctx,
|
||||||
NULL, 0,
|
NULL, 0,
|
||||||
output, osize, olen);
|
output, osize, olen);
|
||||||
if (status != PSA_SUCCESS) {
|
if (status != PSA_SUCCESS) {
|
||||||
ret = mbedtls_pk_error_from_psa_rsa(status);
|
ret = PSA_PK_RSA_TO_MBEDTLS_ERR(status);
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -502,7 +511,7 @@ static int rsa_encrypt_wrap(void *ctx,
|
||||||
cleanup:
|
cleanup:
|
||||||
status = psa_destroy_key(key_id);
|
status = psa_destroy_key(key_id);
|
||||||
if (ret == 0 && status != PSA_SUCCESS) {
|
if (ret == 0 && status != PSA_SUCCESS) {
|
||||||
ret = mbedtls_pk_error_from_psa(status);
|
ret = PSA_PK_TO_MBEDTLS_ERR(status);
|
||||||
}
|
}
|
||||||
|
|
||||||
return ret;
|
return ret;
|
||||||
|
@ -716,7 +725,7 @@ static int ecdsa_verify_wrap(void *ctx_arg, mbedtls_md_type_t md_alg,
|
||||||
buf, key_len,
|
buf, key_len,
|
||||||
&key_id);
|
&key_id);
|
||||||
if (status != PSA_SUCCESS) {
|
if (status != PSA_SUCCESS) {
|
||||||
ret = mbedtls_pk_error_from_psa(status);
|
ret = PSA_PK_TO_MBEDTLS_ERR(status);
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -737,7 +746,7 @@ static int ecdsa_verify_wrap(void *ctx_arg, mbedtls_md_type_t md_alg,
|
||||||
hash, hash_len,
|
hash, hash_len,
|
||||||
buf, 2 * signature_part_size);
|
buf, 2 * signature_part_size);
|
||||||
if (status != PSA_SUCCESS) {
|
if (status != PSA_SUCCESS) {
|
||||||
ret = mbedtls_pk_error_from_psa_ecdsa(status);
|
ret = PSA_PK_ECDSA_TO_MBEDTLS_ERR(status);
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -750,7 +759,7 @@ static int ecdsa_verify_wrap(void *ctx_arg, mbedtls_md_type_t md_alg,
|
||||||
cleanup:
|
cleanup:
|
||||||
status = psa_destroy_key(key_id);
|
status = psa_destroy_key(key_id);
|
||||||
if (ret == 0 && status != PSA_SUCCESS) {
|
if (ret == 0 && status != PSA_SUCCESS) {
|
||||||
ret = mbedtls_pk_error_from_psa(status);
|
ret = PSA_PK_TO_MBEDTLS_ERR(status);
|
||||||
}
|
}
|
||||||
|
|
||||||
return ret;
|
return ret;
|
||||||
|
@ -908,14 +917,14 @@ static int ecdsa_sign_wrap(void *ctx_arg, mbedtls_md_type_t md_alg,
|
||||||
buf, key_len,
|
buf, key_len,
|
||||||
&key_id);
|
&key_id);
|
||||||
if (status != PSA_SUCCESS) {
|
if (status != PSA_SUCCESS) {
|
||||||
ret = mbedtls_pk_error_from_psa(status);
|
ret = PSA_PK_TO_MBEDTLS_ERR(status);
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
status = psa_sign_hash(key_id, psa_sig_md, hash, hash_len,
|
status = psa_sign_hash(key_id, psa_sig_md, hash, hash_len,
|
||||||
sig, sig_size, sig_len);
|
sig, sig_size, sig_len);
|
||||||
if (status != PSA_SUCCESS) {
|
if (status != PSA_SUCCESS) {
|
||||||
ret = mbedtls_pk_error_from_psa_ecdsa(status);
|
ret = PSA_PK_ECDSA_TO_MBEDTLS_ERR(status);
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -925,7 +934,7 @@ cleanup:
|
||||||
mbedtls_platform_zeroize(buf, sizeof(buf));
|
mbedtls_platform_zeroize(buf, sizeof(buf));
|
||||||
status = psa_destroy_key(key_id);
|
status = psa_destroy_key(key_id);
|
||||||
if (ret == 0 && status != PSA_SUCCESS) {
|
if (ret == 0 && status != PSA_SUCCESS) {
|
||||||
ret = mbedtls_pk_error_from_psa(status);
|
ret = PSA_PK_TO_MBEDTLS_ERR(status);
|
||||||
}
|
}
|
||||||
|
|
||||||
return ret;
|
return ret;
|
||||||
|
@ -1448,7 +1457,7 @@ static int pk_opaque_sign_wrap(void *ctx, mbedtls_md_type_t md_alg,
|
||||||
|
|
||||||
status = psa_get_key_attributes(*key, &attributes);
|
status = psa_get_key_attributes(*key, &attributes);
|
||||||
if (status != PSA_SUCCESS) {
|
if (status != PSA_SUCCESS) {
|
||||||
return mbedtls_pk_error_from_psa(status);
|
return PSA_PK_TO_MBEDTLS_ERR(status);
|
||||||
}
|
}
|
||||||
|
|
||||||
type = psa_get_key_type(&attributes);
|
type = psa_get_key_type(&attributes);
|
||||||
|
@ -1472,15 +1481,15 @@ static int pk_opaque_sign_wrap(void *ctx, mbedtls_md_type_t md_alg,
|
||||||
if (status != PSA_SUCCESS) {
|
if (status != PSA_SUCCESS) {
|
||||||
#if defined(MBEDTLS_PK_CAN_ECDSA_SIGN)
|
#if defined(MBEDTLS_PK_CAN_ECDSA_SIGN)
|
||||||
if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(type)) {
|
if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(type)) {
|
||||||
return mbedtls_pk_error_from_psa_ecdsa(status);
|
return PSA_PK_ECDSA_TO_MBEDTLS_ERR(status);
|
||||||
} else
|
} else
|
||||||
#endif /* MBEDTLS_PK_CAN_ECDSA_SIGN */
|
#endif /* MBEDTLS_PK_CAN_ECDSA_SIGN */
|
||||||
#if defined(MBEDTLS_RSA_C)
|
#if defined(MBEDTLS_RSA_C)
|
||||||
if (PSA_KEY_TYPE_IS_RSA(type)) {
|
if (PSA_KEY_TYPE_IS_RSA(type)) {
|
||||||
return mbedtls_pk_error_from_psa_rsa(status);
|
return PSA_PK_RSA_TO_MBEDTLS_ERR(status);
|
||||||
} else
|
} else
|
||||||
#endif /* MBEDTLS_RSA_C */
|
#endif /* MBEDTLS_RSA_C */
|
||||||
return mbedtls_pk_error_from_psa(status);
|
return PSA_PK_TO_MBEDTLS_ERR(status);
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_PK_CAN_ECDSA_SIGN)
|
#if defined(MBEDTLS_PK_CAN_ECDSA_SIGN)
|
||||||
|
@ -1535,7 +1544,7 @@ static int pk_opaque_rsa_decrypt(void *ctx,
|
||||||
NULL, 0,
|
NULL, 0,
|
||||||
output, osize, olen);
|
output, osize, olen);
|
||||||
if (status != PSA_SUCCESS) {
|
if (status != PSA_SUCCESS) {
|
||||||
return mbedtls_pk_error_from_psa_rsa(status);
|
return PSA_PK_RSA_TO_MBEDTLS_ERR(status);
|
||||||
}
|
}
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
|
|
|
@ -137,26 +137,30 @@ extern const mbedtls_pk_info_t mbedtls_rsa_alt_info;
|
||||||
extern const mbedtls_pk_info_t mbedtls_pk_ecdsa_opaque_info;
|
extern const mbedtls_pk_info_t mbedtls_pk_ecdsa_opaque_info;
|
||||||
extern const mbedtls_pk_info_t mbedtls_pk_rsa_opaque_info;
|
extern const mbedtls_pk_info_t mbedtls_pk_rsa_opaque_info;
|
||||||
|
|
||||||
|
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||||
#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
|
#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
|
||||||
int mbedtls_pk_error_from_psa_ecdsa(psa_status_t status);
|
int MBEDTLS_DEPRECATED mbedtls_pk_error_from_psa_ecdsa(psa_status_t status);
|
||||||
|
#endif
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||||
|
|
||||||
#if defined(MBEDTLS_PSA_CRYPTO_C)
|
#if defined(MBEDTLS_PSA_CRYPTO_C)
|
||||||
int mbedtls_pk_error_from_psa(psa_status_t status);
|
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||||
|
int MBEDTLS_DEPRECATED mbedtls_pk_error_from_psa(psa_status_t status);
|
||||||
|
|
||||||
#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) || \
|
#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) || \
|
||||||
defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR)
|
defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR)
|
||||||
int mbedtls_pk_error_from_psa_rsa(psa_status_t status);
|
int MBEDTLS_DEPRECATED mbedtls_pk_error_from_psa_rsa(psa_status_t status);
|
||||||
#endif /* PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY || PSA_WANT_KEY_TYPE_RSA_KEY_PAIR */
|
#endif /* PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY || PSA_WANT_KEY_TYPE_RSA_KEY_PAIR */
|
||||||
|
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||||
|
|
||||||
#if defined(MBEDTLS_RSA_C)
|
#if defined(MBEDTLS_RSA_C)
|
||||||
int mbedtls_pk_psa_rsa_sign_ext(psa_algorithm_t psa_alg_md,
|
int mbedtls_pk_psa_rsa_sign_ext(psa_algorithm_t psa_alg_md,
|
||||||
mbedtls_rsa_context *rsa_ctx,
|
mbedtls_rsa_context *rsa_ctx,
|
||||||
const unsigned char *hash, size_t hash_len,
|
const unsigned char *hash, size_t hash_len,
|
||||||
unsigned char *sig, size_t sig_size,
|
unsigned char *sig, size_t sig_size,
|
||||||
size_t *sig_len);
|
size_t *sig_len);
|
||||||
#endif /* MBEDTLS_RSA_C */
|
#endif /* MBEDTLS_RSA_C */
|
||||||
|
|
||||||
#endif /* MBEDTLS_PSA_CRYPTO_C */
|
#endif /* MBEDTLS_PSA_CRYPTO_C */
|
||||||
|
|
|
@ -35,6 +35,13 @@
|
||||||
|
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
|
|
||||||
|
#if !defined(MBEDTLS_MD_C)
|
||||||
|
#include "mbedtls/psa_util.h"
|
||||||
|
#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \
|
||||||
|
psa_to_md_errors, \
|
||||||
|
psa_generic_status_to_mbedtls)
|
||||||
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_DES_C)
|
#if defined(MBEDTLS_DES_C)
|
||||||
#include "mbedtls/des.h"
|
#include "mbedtls/des.h"
|
||||||
#endif
|
#endif
|
||||||
|
@ -328,7 +335,7 @@ exit:
|
||||||
if (status == PSA_SUCCESS) {
|
if (status == PSA_SUCCESS) {
|
||||||
status = status_abort;
|
status = status_abort;
|
||||||
}
|
}
|
||||||
return mbedtls_md_error_from_psa(status);
|
return PSA_TO_MBEDTLS_ERR(status);
|
||||||
#endif /* !MBEDTLS_MD_C */
|
#endif /* !MBEDTLS_MD_C */
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -47,6 +47,12 @@
|
||||||
#include "hash_info.h"
|
#include "hash_info.h"
|
||||||
#include "mbedtls/psa_util.h"
|
#include "mbedtls/psa_util.h"
|
||||||
|
|
||||||
|
#if !defined(MBEDTLS_MD_C)
|
||||||
|
#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \
|
||||||
|
psa_to_md_errors, \
|
||||||
|
psa_generic_status_to_mbedtls)
|
||||||
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_ASN1_PARSE_C)
|
#if defined(MBEDTLS_ASN1_PARSE_C)
|
||||||
static int pkcs5_parse_pbkdf2_params(const mbedtls_asn1_buf *params,
|
static int pkcs5_parse_pbkdf2_params(const mbedtls_asn1_buf *params,
|
||||||
mbedtls_asn1_buf *salt, int *iterations,
|
mbedtls_asn1_buf *salt, int *iterations,
|
||||||
|
@ -452,7 +458,7 @@ cleanup:
|
||||||
status = status_destruction;
|
status = status_destruction;
|
||||||
}
|
}
|
||||||
|
|
||||||
return mbedtls_md_error_from_psa(status);
|
return PSA_TO_MBEDTLS_ERR(status);
|
||||||
#endif /* !MBEDTLS_MD_C */
|
#endif /* !MBEDTLS_MD_C */
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
150
library/psa_util.c
Normal file
150
library/psa_util.c
Normal file
|
@ -0,0 +1,150 @@
|
||||||
|
/*
|
||||||
|
* PSA hashing layer on top of Mbed TLS software crypto
|
||||||
|
*/
|
||||||
|
/*
|
||||||
|
* Copyright The Mbed TLS Contributors
|
||||||
|
* SPDX-License-Identifier: Apache-2.0
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
* not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include "common.h"
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_PSA_CRYPTO_C)
|
||||||
|
|
||||||
|
#include <psa/crypto.h>
|
||||||
|
|
||||||
|
#include "psa_crypto_core.h"
|
||||||
|
#include <mbedtls/psa_util.h>
|
||||||
|
#include <mbedtls/error.h>
|
||||||
|
#include <mbedtls/lms.h>
|
||||||
|
#include <mbedtls/ssl.h>
|
||||||
|
#include <mbedtls/rsa.h>
|
||||||
|
|
||||||
|
/* PSA_SUCCESS is kept at the top of each error table since
|
||||||
|
* it's the most common status when everything functions properly. */
|
||||||
|
#if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_MD5_C)
|
||||||
|
psa_status_t psa_to_md_errors[] =
|
||||||
|
{
|
||||||
|
PSA_SUCCESS, 0,
|
||||||
|
PSA_ERROR_NOT_SUPPORTED, MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE,
|
||||||
|
PSA_ERROR_INVALID_ARGUMENT, MBEDTLS_ERR_MD_BAD_INPUT_DATA,
|
||||||
|
PSA_ERROR_INSUFFICIENT_MEMORY, MBEDTLS_ERR_MD_ALLOC_FAILED
|
||||||
|
};
|
||||||
|
#endif
|
||||||
|
#if defined(MBEDTLS_LMS_C)
|
||||||
|
psa_status_t psa_to_lms_errors[] =
|
||||||
|
{
|
||||||
|
PSA_SUCCESS, 0,
|
||||||
|
PSA_ERROR_BUFFER_TOO_SMALL, MBEDTLS_ERR_LMS_BUFFER_TOO_SMALL,
|
||||||
|
PSA_ERROR_INVALID_ARGUMENT, MBEDTLS_ERR_LMS_BAD_INPUT_DATA
|
||||||
|
};
|
||||||
|
#endif
|
||||||
|
#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||||
|
psa_status_t psa_to_ssl_errors[] =
|
||||||
|
{
|
||||||
|
PSA_SUCCESS, 0,
|
||||||
|
PSA_ERROR_INSUFFICIENT_MEMORY, MBEDTLS_ERR_SSL_ALLOC_FAILED,
|
||||||
|
PSA_ERROR_NOT_SUPPORTED, MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE,
|
||||||
|
PSA_ERROR_INVALID_SIGNATURE, MBEDTLS_ERR_SSL_INVALID_MAC,
|
||||||
|
PSA_ERROR_INVALID_ARGUMENT, MBEDTLS_ERR_SSL_BAD_INPUT_DATA,
|
||||||
|
PSA_ERROR_BAD_STATE, MBEDTLS_ERR_SSL_INTERNAL_ERROR,
|
||||||
|
PSA_ERROR_BUFFER_TOO_SMALL, MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL
|
||||||
|
};
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) || \
|
||||||
|
defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR)
|
||||||
|
psa_status_t psa_to_pk_rsa_errors[] =
|
||||||
|
{
|
||||||
|
PSA_SUCCESS, 0,
|
||||||
|
PSA_ERROR_NOT_PERMITTED, MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
PSA_ERROR_INVALID_ARGUMENT, MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
PSA_ERROR_INVALID_HANDLE, MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
|
||||||
|
PSA_ERROR_BUFFER_TOO_SMALL, MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE,
|
||||||
|
PSA_ERROR_INSUFFICIENT_ENTROPY, MBEDTLS_ERR_RSA_RNG_FAILED,
|
||||||
|
PSA_ERROR_INVALID_SIGNATURE, MBEDTLS_ERR_RSA_VERIFY_FAILED,
|
||||||
|
PSA_ERROR_INVALID_PADDING, MBEDTLS_ERR_RSA_INVALID_PADDING
|
||||||
|
};
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
|
||||||
|
defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
|
||||||
|
psa_status_t psa_to_pk_ecdsa_errors[] =
|
||||||
|
{
|
||||||
|
PSA_SUCCESS, 0,
|
||||||
|
PSA_ERROR_NOT_PERMITTED, MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
|
||||||
|
PSA_ERROR_INVALID_ARGUMENT, MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
|
||||||
|
PSA_ERROR_INVALID_HANDLE, MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE,
|
||||||
|
PSA_ERROR_BUFFER_TOO_SMALL, MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL,
|
||||||
|
PSA_ERROR_INSUFFICIENT_ENTROPY, MBEDTLS_ERR_ECP_RANDOM_FAILED,
|
||||||
|
PSA_ERROR_INVALID_SIGNATURE, MBEDTLS_ERR_ECP_VERIFY_FAILED
|
||||||
|
};
|
||||||
|
#endif
|
||||||
|
|
||||||
|
int psa_generic_status_to_mbedtls(psa_status_t status)
|
||||||
|
{
|
||||||
|
switch (status) {
|
||||||
|
case PSA_SUCCESS:
|
||||||
|
return 0;
|
||||||
|
case PSA_ERROR_NOT_SUPPORTED:
|
||||||
|
return MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED;
|
||||||
|
case PSA_ERROR_CORRUPTION_DETECTED:
|
||||||
|
return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||||
|
case PSA_ERROR_COMMUNICATION_FAILURE:
|
||||||
|
case PSA_ERROR_HARDWARE_FAILURE:
|
||||||
|
return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
|
||||||
|
case PSA_ERROR_NOT_PERMITTED:
|
||||||
|
default:
|
||||||
|
return MBEDTLS_ERR_ERROR_GENERIC_ERROR;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
int psa_status_to_mbedtls(psa_status_t status,
|
||||||
|
psa_status_t *local_translations,
|
||||||
|
size_t local_errors_size,
|
||||||
|
int (*fallback_f)(psa_status_t))
|
||||||
|
{
|
||||||
|
size_t local_errors_num = (size_t) local_errors_size / 2;
|
||||||
|
for (size_t i = 0; i < local_errors_num; i++) {
|
||||||
|
if (status == local_translations[2 * i]) {
|
||||||
|
return local_translations[2 * i + 1];
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return fallback_f(status);
|
||||||
|
}
|
||||||
|
|
||||||
|
int psa_pk_status_to_mbedtls(psa_status_t status)
|
||||||
|
{
|
||||||
|
switch (status) {
|
||||||
|
case PSA_ERROR_INVALID_HANDLE:
|
||||||
|
return MBEDTLS_ERR_PK_KEY_INVALID_FORMAT;
|
||||||
|
case PSA_ERROR_BUFFER_TOO_SMALL:
|
||||||
|
return MBEDTLS_ERR_PK_BUFFER_TOO_SMALL;
|
||||||
|
case PSA_ERROR_NOT_SUPPORTED:
|
||||||
|
return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
|
||||||
|
case PSA_ERROR_INVALID_ARGUMENT:
|
||||||
|
return MBEDTLS_ERR_PK_INVALID_ALG;
|
||||||
|
case PSA_ERROR_INSUFFICIENT_MEMORY:
|
||||||
|
return MBEDTLS_ERR_PK_ALLOC_FAILED;
|
||||||
|
case PSA_ERROR_BAD_STATE:
|
||||||
|
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
|
||||||
|
case PSA_ERROR_DATA_CORRUPT:
|
||||||
|
case PSA_ERROR_DATA_INVALID:
|
||||||
|
case PSA_ERROR_STORAGE_FAILURE:
|
||||||
|
return MBEDTLS_ERR_PK_FILE_IO_ERROR;
|
||||||
|
default:
|
||||||
|
return psa_generic_status_to_mbedtls(status);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
#endif /* MBEDTLS_PSA_CRYPTO_C */
|
|
@ -60,7 +60,10 @@
|
||||||
#if !defined(MBEDTLS_MD_C)
|
#if !defined(MBEDTLS_MD_C)
|
||||||
#include "psa/crypto.h"
|
#include "psa/crypto.h"
|
||||||
#include "mbedtls/psa_util.h"
|
#include "mbedtls/psa_util.h"
|
||||||
#endif /* MBEDTLS_MD_C */
|
#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \
|
||||||
|
psa_to_md_errors, \
|
||||||
|
psa_generic_status_to_mbedtls)
|
||||||
|
#endif /* !MBEDTLS_MD_C */
|
||||||
#endif /* MBEDTLS_PKCS1_V21 */
|
#endif /* MBEDTLS_PKCS1_V21 */
|
||||||
|
|
||||||
#include "mbedtls/platform.h"
|
#include "mbedtls/platform.h"
|
||||||
|
@ -1156,7 +1159,7 @@ exit:
|
||||||
#else
|
#else
|
||||||
psa_hash_abort(&op);
|
psa_hash_abort(&op);
|
||||||
|
|
||||||
return mbedtls_md_error_from_psa(status);
|
return PSA_TO_MBEDTLS_ERR(status);
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1236,7 +1239,7 @@ exit:
|
||||||
exit:
|
exit:
|
||||||
psa_hash_abort(&op);
|
psa_hash_abort(&op);
|
||||||
|
|
||||||
return mbedtls_md_error_from_psa(status);
|
return PSA_TO_MBEDTLS_ERR(status);
|
||||||
#endif /* !MBEDTLS_MD_C */
|
#endif /* !MBEDTLS_MD_C */
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1269,7 +1272,7 @@ static int compute_hash(mbedtls_md_type_t md_alg,
|
||||||
|
|
||||||
status = psa_hash_compute(alg, input, ilen, output, out_size, &out_len);
|
status = psa_hash_compute(alg, input, ilen, output, out_size, &out_len);
|
||||||
|
|
||||||
return mbedtls_md_error_from_psa(status);
|
return PSA_TO_MBEDTLS_ERR(status);
|
||||||
#endif /* !MBEDTLS_MD_C */
|
#endif /* !MBEDTLS_MD_C */
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_PKCS1_V21 */
|
#endif /* MBEDTLS_PKCS1_V21 */
|
||||||
|
|
|
@ -37,6 +37,12 @@
|
||||||
|
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
|
#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \
|
||||||
|
psa_to_ssl_errors, \
|
||||||
|
psa_generic_status_to_mbedtls)
|
||||||
|
#endif
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* If DTLS is in use, then at least one of SHA-256 or SHA-384 is
|
* If DTLS is in use, then at least one of SHA-256 or SHA-384 is
|
||||||
* available. Try SHA-256 first as 384 wastes resources
|
* available. Try SHA-256 first as 384 wastes resources
|
||||||
|
@ -126,7 +132,7 @@ int mbedtls_ssl_cookie_setup(mbedtls_ssl_cookie_ctx *ctx,
|
||||||
|
|
||||||
if ((status = psa_generate_key(&attributes,
|
if ((status = psa_generate_key(&attributes,
|
||||||
&ctx->psa_hmac_key)) != PSA_SUCCESS) {
|
&ctx->psa_hmac_key)) != PSA_SUCCESS) {
|
||||||
return psa_ssl_status_to_mbedtls(status);
|
return PSA_TO_MBEDTLS_ERR(status);
|
||||||
}
|
}
|
||||||
#else
|
#else
|
||||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||||
|
@ -215,26 +221,26 @@ int mbedtls_ssl_cookie_write(void *p_ctx,
|
||||||
status = psa_mac_sign_setup(&operation, ctx->psa_hmac_key,
|
status = psa_mac_sign_setup(&operation, ctx->psa_hmac_key,
|
||||||
ctx->psa_hmac_alg);
|
ctx->psa_hmac_alg);
|
||||||
if (status != PSA_SUCCESS) {
|
if (status != PSA_SUCCESS) {
|
||||||
ret = psa_ssl_status_to_mbedtls(status);
|
ret = PSA_TO_MBEDTLS_ERR(status);
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
status = psa_mac_update(&operation, *p - 4, 4);
|
status = psa_mac_update(&operation, *p - 4, 4);
|
||||||
if (status != PSA_SUCCESS) {
|
if (status != PSA_SUCCESS) {
|
||||||
ret = psa_ssl_status_to_mbedtls(status);
|
ret = PSA_TO_MBEDTLS_ERR(status);
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
status = psa_mac_update(&operation, cli_id, cli_id_len);
|
status = psa_mac_update(&operation, cli_id, cli_id_len);
|
||||||
if (status != PSA_SUCCESS) {
|
if (status != PSA_SUCCESS) {
|
||||||
ret = psa_ssl_status_to_mbedtls(status);
|
ret = PSA_TO_MBEDTLS_ERR(status);
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
status = psa_mac_sign_finish(&operation, *p, COOKIE_MD_OUTLEN,
|
status = psa_mac_sign_finish(&operation, *p, COOKIE_MD_OUTLEN,
|
||||||
&sign_mac_length);
|
&sign_mac_length);
|
||||||
if (status != PSA_SUCCESS) {
|
if (status != PSA_SUCCESS) {
|
||||||
ret = psa_ssl_status_to_mbedtls(status);
|
ret = PSA_TO_MBEDTLS_ERR(status);
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -263,7 +269,7 @@ int mbedtls_ssl_cookie_write(void *p_ctx,
|
||||||
exit:
|
exit:
|
||||||
status = psa_mac_abort(&operation);
|
status = psa_mac_abort(&operation);
|
||||||
if (status != PSA_SUCCESS) {
|
if (status != PSA_SUCCESS) {
|
||||||
ret = psa_ssl_status_to_mbedtls(status);
|
ret = PSA_TO_MBEDTLS_ERR(status);
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||||
return ret;
|
return ret;
|
||||||
|
@ -299,27 +305,27 @@ int mbedtls_ssl_cookie_check(void *p_ctx,
|
||||||
status = psa_mac_verify_setup(&operation, ctx->psa_hmac_key,
|
status = psa_mac_verify_setup(&operation, ctx->psa_hmac_key,
|
||||||
ctx->psa_hmac_alg);
|
ctx->psa_hmac_alg);
|
||||||
if (status != PSA_SUCCESS) {
|
if (status != PSA_SUCCESS) {
|
||||||
ret = psa_ssl_status_to_mbedtls(status);
|
ret = PSA_TO_MBEDTLS_ERR(status);
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
status = psa_mac_update(&operation, cookie, 4);
|
status = psa_mac_update(&operation, cookie, 4);
|
||||||
if (status != PSA_SUCCESS) {
|
if (status != PSA_SUCCESS) {
|
||||||
ret = psa_ssl_status_to_mbedtls(status);
|
ret = PSA_TO_MBEDTLS_ERR(status);
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
status = psa_mac_update(&operation, cli_id,
|
status = psa_mac_update(&operation, cli_id,
|
||||||
cli_id_len);
|
cli_id_len);
|
||||||
if (status != PSA_SUCCESS) {
|
if (status != PSA_SUCCESS) {
|
||||||
ret = psa_ssl_status_to_mbedtls(status);
|
ret = PSA_TO_MBEDTLS_ERR(status);
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
status = psa_mac_verify_finish(&operation, cookie + 4,
|
status = psa_mac_verify_finish(&operation, cookie + 4,
|
||||||
COOKIE_HMAC_LEN);
|
COOKIE_HMAC_LEN);
|
||||||
if (status != PSA_SUCCESS) {
|
if (status != PSA_SUCCESS) {
|
||||||
ret = psa_ssl_status_to_mbedtls(status);
|
ret = PSA_TO_MBEDTLS_ERR(status);
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -374,7 +380,7 @@ exit:
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
status = psa_mac_abort(&operation);
|
status = psa_mac_abort(&operation);
|
||||||
if (status != PSA_SUCCESS) {
|
if (status != PSA_SUCCESS) {
|
||||||
ret = psa_ssl_status_to_mbedtls(status);
|
ret = PSA_TO_MBEDTLS_ERR(status);
|
||||||
}
|
}
|
||||||
#else
|
#else
|
||||||
mbedtls_platform_zeroize(ref_hmac, sizeof(ref_hmac));
|
mbedtls_platform_zeroize(ref_hmac, sizeof(ref_hmac));
|
||||||
|
|
|
@ -2514,6 +2514,7 @@ psa_status_t mbedtls_ssl_cipher_to_psa(mbedtls_cipher_type_t mbedtls_cipher_type
|
||||||
psa_key_type_t *key_type,
|
psa_key_type_t *key_type,
|
||||||
size_t *key_size);
|
size_t *key_size);
|
||||||
|
|
||||||
|
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||||
/**
|
/**
|
||||||
* \brief Convert given PSA status to mbedtls error code.
|
* \brief Convert given PSA status to mbedtls error code.
|
||||||
*
|
*
|
||||||
|
@ -2521,7 +2522,7 @@ psa_status_t mbedtls_ssl_cipher_to_psa(mbedtls_cipher_type_t mbedtls_cipher_type
|
||||||
*
|
*
|
||||||
* \return corresponding mbedtls error code
|
* \return corresponding mbedtls error code
|
||||||
*/
|
*/
|
||||||
static inline int psa_ssl_status_to_mbedtls(psa_status_t status)
|
static inline MBEDTLS_DEPRECATED int psa_ssl_status_to_mbedtls(psa_status_t status)
|
||||||
{
|
{
|
||||||
switch (status) {
|
switch (status) {
|
||||||
case PSA_SUCCESS:
|
case PSA_SUCCESS:
|
||||||
|
@ -2542,6 +2543,7 @@ static inline int psa_ssl_status_to_mbedtls(psa_status_t status)
|
||||||
return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
|
return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||||
#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */
|
#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
|
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
|
||||||
|
|
|
@ -48,6 +48,12 @@
|
||||||
#include "mbedtls/oid.h"
|
#include "mbedtls/oid.h"
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
|
#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \
|
||||||
|
psa_to_ssl_errors, \
|
||||||
|
psa_generic_status_to_mbedtls)
|
||||||
|
#endif
|
||||||
|
|
||||||
static uint32_t ssl_get_hs_total_len(mbedtls_ssl_context const *ssl);
|
static uint32_t ssl_get_hs_total_len(mbedtls_ssl_context const *ssl);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -879,10 +885,10 @@ int mbedtls_ssl_encrypt_buf(mbedtls_ssl_context *ssl,
|
||||||
hmac_failed_etm_disabled:
|
hmac_failed_etm_disabled:
|
||||||
mbedtls_platform_zeroize(mac, transform->maclen);
|
mbedtls_platform_zeroize(mac, transform->maclen);
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
ret = psa_ssl_status_to_mbedtls(status);
|
ret = PSA_TO_MBEDTLS_ERR(status);
|
||||||
status = psa_mac_abort(&operation);
|
status = psa_mac_abort(&operation);
|
||||||
if (ret == 0 && status != PSA_SUCCESS) {
|
if (ret == 0 && status != PSA_SUCCESS) {
|
||||||
ret = psa_ssl_status_to_mbedtls(status);
|
ret = PSA_TO_MBEDTLS_ERR(status);
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||||
if (ret != 0) {
|
if (ret != 0) {
|
||||||
|
@ -979,7 +985,7 @@ hmac_failed_etm_disabled:
|
||||||
&rec->data_len);
|
&rec->data_len);
|
||||||
|
|
||||||
if (status != PSA_SUCCESS) {
|
if (status != PSA_SUCCESS) {
|
||||||
ret = psa_ssl_status_to_mbedtls(status);
|
ret = PSA_TO_MBEDTLS_ERR(status);
|
||||||
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_encrypt_buf", ret);
|
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_encrypt_buf", ret);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
@ -1089,7 +1095,7 @@ hmac_failed_etm_disabled:
|
||||||
transform->psa_key_enc, transform->psa_alg);
|
transform->psa_key_enc, transform->psa_alg);
|
||||||
|
|
||||||
if (status != PSA_SUCCESS) {
|
if (status != PSA_SUCCESS) {
|
||||||
ret = psa_ssl_status_to_mbedtls(status);
|
ret = PSA_TO_MBEDTLS_ERR(status);
|
||||||
MBEDTLS_SSL_DEBUG_RET(1, "psa_cipher_encrypt_setup", ret);
|
MBEDTLS_SSL_DEBUG_RET(1, "psa_cipher_encrypt_setup", ret);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
@ -1097,7 +1103,7 @@ hmac_failed_etm_disabled:
|
||||||
status = psa_cipher_set_iv(&cipher_op, transform->iv_enc, transform->ivlen);
|
status = psa_cipher_set_iv(&cipher_op, transform->iv_enc, transform->ivlen);
|
||||||
|
|
||||||
if (status != PSA_SUCCESS) {
|
if (status != PSA_SUCCESS) {
|
||||||
ret = psa_ssl_status_to_mbedtls(status);
|
ret = PSA_TO_MBEDTLS_ERR(status);
|
||||||
MBEDTLS_SSL_DEBUG_RET(1, "psa_cipher_set_iv", ret);
|
MBEDTLS_SSL_DEBUG_RET(1, "psa_cipher_set_iv", ret);
|
||||||
return ret;
|
return ret;
|
||||||
|
|
||||||
|
@ -1108,7 +1114,7 @@ hmac_failed_etm_disabled:
|
||||||
data, rec->data_len, &olen);
|
data, rec->data_len, &olen);
|
||||||
|
|
||||||
if (status != PSA_SUCCESS) {
|
if (status != PSA_SUCCESS) {
|
||||||
ret = psa_ssl_status_to_mbedtls(status);
|
ret = PSA_TO_MBEDTLS_ERR(status);
|
||||||
MBEDTLS_SSL_DEBUG_RET(1, "psa_cipher_update", ret);
|
MBEDTLS_SSL_DEBUG_RET(1, "psa_cipher_update", ret);
|
||||||
return ret;
|
return ret;
|
||||||
|
|
||||||
|
@ -1119,7 +1125,7 @@ hmac_failed_etm_disabled:
|
||||||
&part_len);
|
&part_len);
|
||||||
|
|
||||||
if (status != PSA_SUCCESS) {
|
if (status != PSA_SUCCESS) {
|
||||||
ret = psa_ssl_status_to_mbedtls(status);
|
ret = PSA_TO_MBEDTLS_ERR(status);
|
||||||
MBEDTLS_SSL_DEBUG_RET(1, "psa_cipher_finish", ret);
|
MBEDTLS_SSL_DEBUG_RET(1, "psa_cipher_finish", ret);
|
||||||
return ret;
|
return ret;
|
||||||
|
|
||||||
|
@ -1222,10 +1228,10 @@ hmac_failed_etm_disabled:
|
||||||
hmac_failed_etm_enabled:
|
hmac_failed_etm_enabled:
|
||||||
mbedtls_platform_zeroize(mac, transform->maclen);
|
mbedtls_platform_zeroize(mac, transform->maclen);
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
ret = psa_ssl_status_to_mbedtls(status);
|
ret = PSA_TO_MBEDTLS_ERR(status);
|
||||||
status = psa_mac_abort(&operation);
|
status = psa_mac_abort(&operation);
|
||||||
if (ret == 0 && status != PSA_SUCCESS) {
|
if (ret == 0 && status != PSA_SUCCESS) {
|
||||||
ret = psa_ssl_status_to_mbedtls(status);
|
ret = PSA_TO_MBEDTLS_ERR(status);
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||||
if (ret != 0) {
|
if (ret != 0) {
|
||||||
|
@ -1399,7 +1405,7 @@ int mbedtls_ssl_decrypt_buf(mbedtls_ssl_context const *ssl,
|
||||||
&olen);
|
&olen);
|
||||||
|
|
||||||
if (status != PSA_SUCCESS) {
|
if (status != PSA_SUCCESS) {
|
||||||
ret = psa_ssl_status_to_mbedtls(status);
|
ret = PSA_TO_MBEDTLS_ERR(status);
|
||||||
MBEDTLS_SSL_DEBUG_RET(1, "psa_aead_decrypt", ret);
|
MBEDTLS_SSL_DEBUG_RET(1, "psa_aead_decrypt", ret);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
@ -1571,10 +1577,10 @@ int mbedtls_ssl_decrypt_buf(mbedtls_ssl_context const *ssl,
|
||||||
|
|
||||||
hmac_failed_etm_enabled:
|
hmac_failed_etm_enabled:
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
ret = psa_ssl_status_to_mbedtls(status);
|
ret = PSA_TO_MBEDTLS_ERR(status);
|
||||||
status = psa_mac_abort(&operation);
|
status = psa_mac_abort(&operation);
|
||||||
if (ret == 0 && status != PSA_SUCCESS) {
|
if (ret == 0 && status != PSA_SUCCESS) {
|
||||||
ret = psa_ssl_status_to_mbedtls(status);
|
ret = PSA_TO_MBEDTLS_ERR(status);
|
||||||
}
|
}
|
||||||
#else
|
#else
|
||||||
mbedtls_platform_zeroize(mac_expect, transform->maclen);
|
mbedtls_platform_zeroize(mac_expect, transform->maclen);
|
||||||
|
@ -1621,7 +1627,7 @@ hmac_failed_etm_enabled:
|
||||||
transform->psa_key_dec, transform->psa_alg);
|
transform->psa_key_dec, transform->psa_alg);
|
||||||
|
|
||||||
if (status != PSA_SUCCESS) {
|
if (status != PSA_SUCCESS) {
|
||||||
ret = psa_ssl_status_to_mbedtls(status);
|
ret = PSA_TO_MBEDTLS_ERR(status);
|
||||||
MBEDTLS_SSL_DEBUG_RET(1, "psa_cipher_decrypt_setup", ret);
|
MBEDTLS_SSL_DEBUG_RET(1, "psa_cipher_decrypt_setup", ret);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
@ -1629,7 +1635,7 @@ hmac_failed_etm_enabled:
|
||||||
status = psa_cipher_set_iv(&cipher_op, transform->iv_dec, transform->ivlen);
|
status = psa_cipher_set_iv(&cipher_op, transform->iv_dec, transform->ivlen);
|
||||||
|
|
||||||
if (status != PSA_SUCCESS) {
|
if (status != PSA_SUCCESS) {
|
||||||
ret = psa_ssl_status_to_mbedtls(status);
|
ret = PSA_TO_MBEDTLS_ERR(status);
|
||||||
MBEDTLS_SSL_DEBUG_RET(1, "psa_cipher_set_iv", ret);
|
MBEDTLS_SSL_DEBUG_RET(1, "psa_cipher_set_iv", ret);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
@ -1639,7 +1645,7 @@ hmac_failed_etm_enabled:
|
||||||
data, rec->data_len, &olen);
|
data, rec->data_len, &olen);
|
||||||
|
|
||||||
if (status != PSA_SUCCESS) {
|
if (status != PSA_SUCCESS) {
|
||||||
ret = psa_ssl_status_to_mbedtls(status);
|
ret = PSA_TO_MBEDTLS_ERR(status);
|
||||||
MBEDTLS_SSL_DEBUG_RET(1, "psa_cipher_update", ret);
|
MBEDTLS_SSL_DEBUG_RET(1, "psa_cipher_update", ret);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
@ -1649,7 +1655,7 @@ hmac_failed_etm_enabled:
|
||||||
&part_len);
|
&part_len);
|
||||||
|
|
||||||
if (status != PSA_SUCCESS) {
|
if (status != PSA_SUCCESS) {
|
||||||
ret = psa_ssl_status_to_mbedtls(status);
|
ret = PSA_TO_MBEDTLS_ERR(status);
|
||||||
MBEDTLS_SSL_DEBUG_RET(1, "psa_cipher_finish", ret);
|
MBEDTLS_SSL_DEBUG_RET(1, "psa_cipher_finish", ret);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
|
@ -30,6 +30,12 @@
|
||||||
|
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
|
#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \
|
||||||
|
psa_to_ssl_errors, \
|
||||||
|
psa_generic_status_to_mbedtls)
|
||||||
|
#endif
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Initialize context
|
* Initialize context
|
||||||
*/
|
*/
|
||||||
|
@ -91,7 +97,7 @@ static int ssl_ticket_gen_key(mbedtls_ssl_ticket_context *ctx,
|
||||||
psa_set_key_type(&attributes, key->key_type);
|
psa_set_key_type(&attributes, key->key_type);
|
||||||
psa_set_key_bits(&attributes, key->key_bits);
|
psa_set_key_bits(&attributes, key->key_bits);
|
||||||
|
|
||||||
ret = psa_ssl_status_to_mbedtls(
|
ret = PSA_TO_MBEDTLS_ERR(
|
||||||
psa_import_key(&attributes, buf,
|
psa_import_key(&attributes, buf,
|
||||||
PSA_BITS_TO_BYTES(key->key_bits),
|
PSA_BITS_TO_BYTES(key->key_bits),
|
||||||
&key->key));
|
&key->key));
|
||||||
|
@ -133,7 +139,7 @@ static int ssl_ticket_update_keys(mbedtls_ssl_ticket_context *ctx)
|
||||||
|
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
if ((status = psa_destroy_key(ctx->keys[ctx->active].key)) != PSA_SUCCESS) {
|
if ((status = psa_destroy_key(ctx->keys[ctx->active].key)) != PSA_SUCCESS) {
|
||||||
return psa_ssl_status_to_mbedtls(status);
|
return PSA_TO_MBEDTLS_ERR(status);
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||||
|
|
||||||
|
@ -169,7 +175,7 @@ int mbedtls_ssl_ticket_rotate(mbedtls_ssl_ticket_context *ctx,
|
||||||
|
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
if ((status = psa_destroy_key(key->key)) != PSA_SUCCESS) {
|
if ((status = psa_destroy_key(key->key)) != PSA_SUCCESS) {
|
||||||
ret = psa_ssl_status_to_mbedtls(status);
|
ret = PSA_TO_MBEDTLS_ERR(status);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -182,7 +188,7 @@ int mbedtls_ssl_ticket_rotate(mbedtls_ssl_ticket_context *ctx,
|
||||||
if ((status = psa_import_key(&attributes, k,
|
if ((status = psa_import_key(&attributes, k,
|
||||||
PSA_BITS_TO_BYTES(key->key_bits),
|
PSA_BITS_TO_BYTES(key->key_bits),
|
||||||
&key->key)) != PSA_SUCCESS) {
|
&key->key)) != PSA_SUCCESS) {
|
||||||
ret = psa_ssl_status_to_mbedtls(status);
|
ret = PSA_TO_MBEDTLS_ERR(status);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
#else
|
#else
|
||||||
|
@ -355,7 +361,7 @@ int mbedtls_ssl_ticket_write(void *p_ticket,
|
||||||
state, clear_len,
|
state, clear_len,
|
||||||
state, end - state,
|
state, end - state,
|
||||||
&ciph_len)) != PSA_SUCCESS) {
|
&ciph_len)) != PSA_SUCCESS) {
|
||||||
ret = psa_ssl_status_to_mbedtls(status);
|
ret = PSA_TO_MBEDTLS_ERR(status);
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
#else
|
#else
|
||||||
|
@ -465,7 +471,7 @@ int mbedtls_ssl_ticket_parse(void *p_ticket,
|
||||||
key_name, TICKET_ADD_DATA_LEN,
|
key_name, TICKET_ADD_DATA_LEN,
|
||||||
ticket, enc_len + TICKET_AUTH_TAG_BYTES,
|
ticket, enc_len + TICKET_AUTH_TAG_BYTES,
|
||||||
ticket, enc_len, &clear_len)) != PSA_SUCCESS) {
|
ticket, enc_len, &clear_len)) != PSA_SUCCESS) {
|
||||||
ret = psa_ssl_status_to_mbedtls(status);
|
ret = PSA_TO_MBEDTLS_ERR(status);
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
#else
|
#else
|
||||||
|
|
|
@ -52,6 +52,12 @@
|
||||||
#include "mbedtls/oid.h"
|
#include "mbedtls/oid.h"
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
|
#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \
|
||||||
|
psa_to_ssl_errors, \
|
||||||
|
psa_generic_status_to_mbedtls)
|
||||||
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_TEST_HOOKS)
|
#if defined(MBEDTLS_TEST_HOOKS)
|
||||||
static mbedtls_ssl_chk_buf_ptr_args chk_buf_ptr_fail_args;
|
static mbedtls_ssl_chk_buf_ptr_args chk_buf_ptr_fail_args;
|
||||||
|
|
||||||
|
@ -5759,7 +5765,7 @@ exit:
|
||||||
!defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
!defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||||
(void) ssl;
|
(void) ssl;
|
||||||
#endif
|
#endif
|
||||||
return psa_ssl_status_to_mbedtls(status);
|
return PSA_TO_MBEDTLS_ERR(status);
|
||||||
}
|
}
|
||||||
#else /* MBEDTLS_USE_PSA_CRYPTO */
|
#else /* MBEDTLS_USE_PSA_CRYPTO */
|
||||||
|
|
||||||
|
@ -8230,7 +8236,7 @@ static int ssl_tls12_populate_transform(mbedtls_ssl_transform *transform,
|
||||||
&alg,
|
&alg,
|
||||||
&key_type,
|
&key_type,
|
||||||
&key_bits)) != PSA_SUCCESS) {
|
&key_bits)) != PSA_SUCCESS) {
|
||||||
ret = psa_ssl_status_to_mbedtls(status);
|
ret = PSA_TO_MBEDTLS_ERR(status);
|
||||||
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_cipher_to_psa", ret);
|
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_cipher_to_psa", ret);
|
||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
|
@ -8478,7 +8484,7 @@ static int ssl_tls12_populate_transform(mbedtls_ssl_transform *transform,
|
||||||
PSA_BITS_TO_BYTES(key_bits),
|
PSA_BITS_TO_BYTES(key_bits),
|
||||||
&transform->psa_key_enc)) != PSA_SUCCESS) {
|
&transform->psa_key_enc)) != PSA_SUCCESS) {
|
||||||
MBEDTLS_SSL_DEBUG_RET(3, "psa_import_key", (int) status);
|
MBEDTLS_SSL_DEBUG_RET(3, "psa_import_key", (int) status);
|
||||||
ret = psa_ssl_status_to_mbedtls(status);
|
ret = PSA_TO_MBEDTLS_ERR(status);
|
||||||
MBEDTLS_SSL_DEBUG_RET(1, "psa_import_key", ret);
|
MBEDTLS_SSL_DEBUG_RET(1, "psa_import_key", ret);
|
||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
|
@ -8489,7 +8495,7 @@ static int ssl_tls12_populate_transform(mbedtls_ssl_transform *transform,
|
||||||
key2,
|
key2,
|
||||||
PSA_BITS_TO_BYTES(key_bits),
|
PSA_BITS_TO_BYTES(key_bits),
|
||||||
&transform->psa_key_dec)) != PSA_SUCCESS) {
|
&transform->psa_key_dec)) != PSA_SUCCESS) {
|
||||||
ret = psa_ssl_status_to_mbedtls(status);
|
ret = PSA_TO_MBEDTLS_ERR(status);
|
||||||
MBEDTLS_SSL_DEBUG_RET(1, "psa_import_key", ret);
|
MBEDTLS_SSL_DEBUG_RET(1, "psa_import_key", ret);
|
||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
|
@ -8552,7 +8558,7 @@ static int ssl_tls12_populate_transform(mbedtls_ssl_transform *transform,
|
||||||
if ((status = psa_import_key(&attributes,
|
if ((status = psa_import_key(&attributes,
|
||||||
mac_enc, mac_key_len,
|
mac_enc, mac_key_len,
|
||||||
&transform->psa_mac_enc)) != PSA_SUCCESS) {
|
&transform->psa_mac_enc)) != PSA_SUCCESS) {
|
||||||
ret = psa_ssl_status_to_mbedtls(status);
|
ret = PSA_TO_MBEDTLS_ERR(status);
|
||||||
MBEDTLS_SSL_DEBUG_RET(1, "psa_import_mac_key", ret);
|
MBEDTLS_SSL_DEBUG_RET(1, "psa_import_mac_key", ret);
|
||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
|
@ -8573,7 +8579,7 @@ static int ssl_tls12_populate_transform(mbedtls_ssl_transform *transform,
|
||||||
if ((status = psa_import_key(&attributes,
|
if ((status = psa_import_key(&attributes,
|
||||||
mac_dec, mac_key_len,
|
mac_dec, mac_key_len,
|
||||||
&transform->psa_mac_dec)) != PSA_SUCCESS) {
|
&transform->psa_mac_dec)) != PSA_SUCCESS) {
|
||||||
ret = psa_ssl_status_to_mbedtls(status);
|
ret = PSA_TO_MBEDTLS_ERR(status);
|
||||||
MBEDTLS_SSL_DEBUG_RET(1, "psa_import_mac_key", ret);
|
MBEDTLS_SSL_DEBUG_RET(1, "psa_import_mac_key", ret);
|
||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
|
@ -8628,7 +8634,7 @@ int mbedtls_psa_ecjpake_read_round(
|
||||||
status = psa_pake_input(pake_ctx, step,
|
status = psa_pake_input(pake_ctx, step,
|
||||||
buf + input_offset, length);
|
buf + input_offset, length);
|
||||||
if (status != PSA_SUCCESS) {
|
if (status != PSA_SUCCESS) {
|
||||||
return psa_ssl_status_to_mbedtls(status);
|
return PSA_TO_MBEDTLS_ERR(status);
|
||||||
}
|
}
|
||||||
|
|
||||||
input_offset += length;
|
input_offset += length;
|
||||||
|
@ -8670,7 +8676,7 @@ int mbedtls_psa_ecjpake_write_round(
|
||||||
len - output_offset - 1,
|
len - output_offset - 1,
|
||||||
&output_len);
|
&output_len);
|
||||||
if (status != PSA_SUCCESS) {
|
if (status != PSA_SUCCESS) {
|
||||||
return psa_ssl_status_to_mbedtls(status);
|
return PSA_TO_MBEDTLS_ERR(status);
|
||||||
}
|
}
|
||||||
|
|
||||||
*(buf + output_offset) = (uint8_t) output_len;
|
*(buf + output_offset) = (uint8_t) output_len;
|
||||||
|
|
|
@ -33,6 +33,9 @@
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
#include "mbedtls/psa_util.h"
|
#include "mbedtls/psa_util.h"
|
||||||
#include "psa/crypto.h"
|
#include "psa/crypto.h"
|
||||||
|
#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \
|
||||||
|
psa_to_ssl_errors, \
|
||||||
|
psa_generic_status_to_mbedtls)
|
||||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||||
|
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
|
@ -2951,7 +2954,7 @@ ecdh_calc_secret:
|
||||||
status = psa_generate_key(&key_attributes,
|
status = psa_generate_key(&key_attributes,
|
||||||
&handshake->ecdh_psa_privkey);
|
&handshake->ecdh_psa_privkey);
|
||||||
if (status != PSA_SUCCESS) {
|
if (status != PSA_SUCCESS) {
|
||||||
return psa_ssl_status_to_mbedtls(status);
|
return PSA_TO_MBEDTLS_ERR(status);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Export the public part of the ECDH private key from PSA.
|
/* Export the public part of the ECDH private key from PSA.
|
||||||
|
@ -2968,7 +2971,7 @@ ecdh_calc_secret:
|
||||||
if (status != PSA_SUCCESS) {
|
if (status != PSA_SUCCESS) {
|
||||||
psa_destroy_key(handshake->ecdh_psa_privkey);
|
psa_destroy_key(handshake->ecdh_psa_privkey);
|
||||||
handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
|
handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
|
||||||
return psa_ssl_status_to_mbedtls(status);
|
return PSA_TO_MBEDTLS_ERR(status);
|
||||||
}
|
}
|
||||||
|
|
||||||
*p = (unsigned char) own_pubkey_len;
|
*p = (unsigned char) own_pubkey_len;
|
||||||
|
@ -3000,9 +3003,9 @@ ecdh_calc_secret:
|
||||||
handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
|
handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
|
||||||
|
|
||||||
if (status != PSA_SUCCESS) {
|
if (status != PSA_SUCCESS) {
|
||||||
return psa_ssl_status_to_mbedtls(status);
|
return PSA_TO_MBEDTLS_ERR(status);
|
||||||
} else if (destruction_status != PSA_SUCCESS) {
|
} else if (destruction_status != PSA_SUCCESS) {
|
||||||
return psa_ssl_status_to_mbedtls(destruction_status);
|
return PSA_TO_MBEDTLS_ERR(destruction_status);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Write the ECDH computation length before the ECDH computation */
|
/* Write the ECDH computation length before the ECDH computation */
|
||||||
|
|
|
@ -34,6 +34,12 @@
|
||||||
|
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
|
#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \
|
||||||
|
psa_to_ssl_errors, \
|
||||||
|
psa_generic_status_to_mbedtls)
|
||||||
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_ECP_C)
|
#if defined(MBEDTLS_ECP_C)
|
||||||
#include "mbedtls/ecp.h"
|
#include "mbedtls/ecp.h"
|
||||||
#endif
|
#endif
|
||||||
|
@ -2588,7 +2594,7 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl)
|
||||||
&key_attributes);
|
&key_attributes);
|
||||||
if (status != PSA_SUCCESS) {
|
if (status != PSA_SUCCESS) {
|
||||||
ssl->handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
|
ssl->handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
|
||||||
return psa_ssl_status_to_mbedtls(status);
|
return PSA_TO_MBEDTLS_ERR(status);
|
||||||
}
|
}
|
||||||
|
|
||||||
ssl->handshake->ecdh_psa_type = psa_get_key_type(&key_attributes);
|
ssl->handshake->ecdh_psa_type = psa_get_key_type(&key_attributes);
|
||||||
|
@ -2635,7 +2641,7 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl)
|
||||||
status = psa_import_key(&key_attributes, buf, key_len,
|
status = psa_import_key(&key_attributes, buf, key_len,
|
||||||
&ssl->handshake->ecdh_psa_privkey);
|
&ssl->handshake->ecdh_psa_privkey);
|
||||||
if (status != PSA_SUCCESS) {
|
if (status != PSA_SUCCESS) {
|
||||||
ret = psa_ssl_status_to_mbedtls(status);
|
ret = PSA_TO_MBEDTLS_ERR(status);
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2956,7 +2962,7 @@ curve_matching_done:
|
||||||
status = psa_generate_key(&key_attributes,
|
status = psa_generate_key(&key_attributes,
|
||||||
&handshake->ecdh_psa_privkey);
|
&handshake->ecdh_psa_privkey);
|
||||||
if (status != PSA_SUCCESS) {
|
if (status != PSA_SUCCESS) {
|
||||||
ret = psa_ssl_status_to_mbedtls(status);
|
ret = PSA_TO_MBEDTLS_ERR(status);
|
||||||
MBEDTLS_SSL_DEBUG_RET(1, "psa_generate_key", ret);
|
MBEDTLS_SSL_DEBUG_RET(1, "psa_generate_key", ret);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
@ -2980,7 +2986,7 @@ curve_matching_done:
|
||||||
own_pubkey, own_pubkey_max_len,
|
own_pubkey, own_pubkey_max_len,
|
||||||
&len);
|
&len);
|
||||||
if (status != PSA_SUCCESS) {
|
if (status != PSA_SUCCESS) {
|
||||||
ret = psa_ssl_status_to_mbedtls(status);
|
ret = PSA_TO_MBEDTLS_ERR(status);
|
||||||
MBEDTLS_SSL_DEBUG_RET(1, "psa_export_public_key", ret);
|
MBEDTLS_SSL_DEBUG_RET(1, "psa_export_public_key", ret);
|
||||||
(void) psa_destroy_key(handshake->ecdh_psa_privkey);
|
(void) psa_destroy_key(handshake->ecdh_psa_privkey);
|
||||||
handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
|
handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
|
||||||
|
@ -3688,7 +3694,7 @@ static int ssl_parse_client_key_exchange(mbedtls_ssl_context *ssl)
|
||||||
handshake->premaster, sizeof(handshake->premaster),
|
handshake->premaster, sizeof(handshake->premaster),
|
||||||
&handshake->pmslen);
|
&handshake->pmslen);
|
||||||
if (status != PSA_SUCCESS) {
|
if (status != PSA_SUCCESS) {
|
||||||
ret = psa_ssl_status_to_mbedtls(status);
|
ret = PSA_TO_MBEDTLS_ERR(status);
|
||||||
MBEDTLS_SSL_DEBUG_RET(1, "psa_raw_key_agreement", ret);
|
MBEDTLS_SSL_DEBUG_RET(1, "psa_raw_key_agreement", ret);
|
||||||
if (handshake->ecdh_psa_privkey_is_external == 0) {
|
if (handshake->ecdh_psa_privkey_is_external == 0) {
|
||||||
(void) psa_destroy_key(handshake->ecdh_psa_privkey);
|
(void) psa_destroy_key(handshake->ecdh_psa_privkey);
|
||||||
|
@ -3701,7 +3707,7 @@ static int ssl_parse_client_key_exchange(mbedtls_ssl_context *ssl)
|
||||||
status = psa_destroy_key(handshake->ecdh_psa_privkey);
|
status = psa_destroy_key(handshake->ecdh_psa_privkey);
|
||||||
|
|
||||||
if (status != PSA_SUCCESS) {
|
if (status != PSA_SUCCESS) {
|
||||||
ret = psa_ssl_status_to_mbedtls(status);
|
ret = PSA_TO_MBEDTLS_ERR(status);
|
||||||
MBEDTLS_SSL_DEBUG_RET(1, "psa_destroy_key", ret);
|
MBEDTLS_SSL_DEBUG_RET(1, "psa_destroy_key", ret);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
@ -3894,9 +3900,9 @@ static int ssl_parse_client_key_exchange(mbedtls_ssl_context *ssl)
|
||||||
handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
|
handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
|
||||||
|
|
||||||
if (status != PSA_SUCCESS) {
|
if (status != PSA_SUCCESS) {
|
||||||
return psa_ssl_status_to_mbedtls(status);
|
return PSA_TO_MBEDTLS_ERR(status);
|
||||||
} else if (destruction_status != PSA_SUCCESS) {
|
} else if (destruction_status != PSA_SUCCESS) {
|
||||||
return psa_ssl_status_to_mbedtls(destruction_status);
|
return PSA_TO_MBEDTLS_ERR(destruction_status);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Write the ECDH computation length before the ECDH computation */
|
/* Write the ECDH computation length before the ECDH computation */
|
||||||
|
|
|
@ -34,6 +34,10 @@
|
||||||
#include "ssl_tls13_keys.h"
|
#include "ssl_tls13_keys.h"
|
||||||
#include "ssl_debug_helpers.h"
|
#include "ssl_debug_helpers.h"
|
||||||
|
|
||||||
|
#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \
|
||||||
|
psa_to_ssl_errors, \
|
||||||
|
psa_generic_status_to_mbedtls)
|
||||||
|
|
||||||
/* Write extensions */
|
/* Write extensions */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -188,7 +192,7 @@ static int ssl_tls13_reset_key_share(mbedtls_ssl_context *ssl)
|
||||||
/* Destroy generated private key. */
|
/* Destroy generated private key. */
|
||||||
status = psa_destroy_key(ssl->handshake->ecdh_psa_privkey);
|
status = psa_destroy_key(ssl->handshake->ecdh_psa_privkey);
|
||||||
if (status != PSA_SUCCESS) {
|
if (status != PSA_SUCCESS) {
|
||||||
ret = psa_ssl_status_to_mbedtls(status);
|
ret = PSA_TO_MBEDTLS_ERR(status);
|
||||||
MBEDTLS_SSL_DEBUG_RET(1, "psa_destroy_key", ret);
|
MBEDTLS_SSL_DEBUG_RET(1, "psa_destroy_key", ret);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
|
@ -36,6 +36,13 @@
|
||||||
#include "ssl_tls13_keys.h"
|
#include "ssl_tls13_keys.h"
|
||||||
#include "ssl_debug_helpers.h"
|
#include "ssl_debug_helpers.h"
|
||||||
|
|
||||||
|
#include "psa/crypto.h"
|
||||||
|
#include "mbedtls/psa_util.h"
|
||||||
|
|
||||||
|
#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \
|
||||||
|
psa_to_ssl_errors, \
|
||||||
|
psa_generic_status_to_mbedtls)
|
||||||
|
|
||||||
const uint8_t mbedtls_ssl_tls13_hello_retry_request_magic[
|
const uint8_t mbedtls_ssl_tls13_hello_retry_request_magic[
|
||||||
MBEDTLS_SERVER_HELLO_RANDOM_LEN] =
|
MBEDTLS_SERVER_HELLO_RANDOM_LEN] =
|
||||||
{ 0xCF, 0x21, 0xAD, 0x74, 0xE5, 0x9A, 0x61, 0x11,
|
{ 0xCF, 0x21, 0xAD, 0x74, 0xE5, 0x9A, 0x61, 0x11,
|
||||||
|
@ -1016,7 +1023,7 @@ static int ssl_tls13_write_certificate_verify_body(mbedtls_ssl_context *ssl,
|
||||||
verify_hash, sizeof(verify_hash),
|
verify_hash, sizeof(verify_hash),
|
||||||
&verify_hash_len);
|
&verify_hash_len);
|
||||||
if (status != PSA_SUCCESS) {
|
if (status != PSA_SUCCESS) {
|
||||||
return psa_ssl_status_to_mbedtls(status);
|
return PSA_TO_MBEDTLS_ERR(status);
|
||||||
}
|
}
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_BUF(3, "verify hash", verify_hash, verify_hash_len);
|
MBEDTLS_SSL_DEBUG_BUF(3, "verify hash", verify_hash, verify_hash_len);
|
||||||
|
@ -1482,7 +1489,7 @@ int mbedtls_ssl_tls13_generate_and_write_ecdh_key_exchange(
|
||||||
status = psa_generate_key(&key_attributes,
|
status = psa_generate_key(&key_attributes,
|
||||||
&handshake->ecdh_psa_privkey);
|
&handshake->ecdh_psa_privkey);
|
||||||
if (status != PSA_SUCCESS) {
|
if (status != PSA_SUCCESS) {
|
||||||
ret = psa_ssl_status_to_mbedtls(status);
|
ret = PSA_TO_MBEDTLS_ERR(status);
|
||||||
MBEDTLS_SSL_DEBUG_RET(1, "psa_generate_key", ret);
|
MBEDTLS_SSL_DEBUG_RET(1, "psa_generate_key", ret);
|
||||||
return ret;
|
return ret;
|
||||||
|
|
||||||
|
@ -1493,7 +1500,7 @@ int mbedtls_ssl_tls13_generate_and_write_ecdh_key_exchange(
|
||||||
buf, (size_t) (end - buf),
|
buf, (size_t) (end - buf),
|
||||||
&own_pubkey_len);
|
&own_pubkey_len);
|
||||||
if (status != PSA_SUCCESS) {
|
if (status != PSA_SUCCESS) {
|
||||||
ret = psa_ssl_status_to_mbedtls(status);
|
ret = PSA_TO_MBEDTLS_ERR(status);
|
||||||
MBEDTLS_SSL_DEBUG_RET(1, "psa_export_public_key", ret);
|
MBEDTLS_SSL_DEBUG_RET(1, "psa_export_public_key", ret);
|
||||||
return ret;
|
return ret;
|
||||||
|
|
||||||
|
|
|
@ -35,6 +35,10 @@
|
||||||
|
|
||||||
#include "psa/crypto.h"
|
#include "psa/crypto.h"
|
||||||
|
|
||||||
|
#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \
|
||||||
|
psa_to_ssl_errors, \
|
||||||
|
psa_generic_status_to_mbedtls)
|
||||||
|
|
||||||
#define MBEDTLS_SSL_TLS1_3_LABEL(name, string) \
|
#define MBEDTLS_SSL_TLS1_3_LABEL(name, string) \
|
||||||
.name = string,
|
.name = string,
|
||||||
|
|
||||||
|
@ -215,7 +219,7 @@ cleanup:
|
||||||
abort_status = psa_key_derivation_abort(&operation);
|
abort_status = psa_key_derivation_abort(&operation);
|
||||||
status = (status == PSA_SUCCESS ? abort_status : status);
|
status = (status == PSA_SUCCESS ? abort_status : status);
|
||||||
mbedtls_platform_zeroize(hkdf_label, hkdf_label_len);
|
mbedtls_platform_zeroize(hkdf_label, hkdf_label_len);
|
||||||
return psa_ssl_status_to_mbedtls(status);
|
return PSA_TO_MBEDTLS_ERR(status);
|
||||||
}
|
}
|
||||||
|
|
||||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||||
|
@ -309,7 +313,7 @@ int mbedtls_ssl_tls13_derive_secret(
|
||||||
status = psa_hash_compute(hash_alg, ctx, ctx_len, hashed_context,
|
status = psa_hash_compute(hash_alg, ctx, ctx_len, hashed_context,
|
||||||
PSA_HASH_LENGTH(hash_alg), &ctx_len);
|
PSA_HASH_LENGTH(hash_alg), &ctx_len);
|
||||||
if (status != PSA_SUCCESS) {
|
if (status != PSA_SUCCESS) {
|
||||||
ret = psa_ssl_status_to_mbedtls(status);
|
ret = PSA_TO_MBEDTLS_ERR(status);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
|
@ -416,7 +420,7 @@ int mbedtls_ssl_tls13_evolve_secret(
|
||||||
cleanup:
|
cleanup:
|
||||||
abort_status = psa_key_derivation_abort(&operation);
|
abort_status = psa_key_derivation_abort(&operation);
|
||||||
status = (status == PSA_SUCCESS ? abort_status : status);
|
status = (status == PSA_SUCCESS ? abort_status : status);
|
||||||
ret = (ret == 0 ? psa_ssl_status_to_mbedtls(status) : ret);
|
ret = (ret == 0 ? PSA_TO_MBEDTLS_ERR(status) : ret);
|
||||||
mbedtls_platform_zeroize(tmp_secret, sizeof(tmp_secret));
|
mbedtls_platform_zeroize(tmp_secret, sizeof(tmp_secret));
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
@ -740,19 +744,19 @@ static int ssl_tls13_calc_finished_core(psa_algorithm_t hash_alg,
|
||||||
|
|
||||||
status = psa_import_key(&attributes, finished_key, hash_len, &key);
|
status = psa_import_key(&attributes, finished_key, hash_len, &key);
|
||||||
if (status != PSA_SUCCESS) {
|
if (status != PSA_SUCCESS) {
|
||||||
ret = psa_ssl_status_to_mbedtls(status);
|
ret = PSA_TO_MBEDTLS_ERR(status);
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
status = psa_mac_compute(key, alg, transcript, hash_len,
|
status = psa_mac_compute(key, alg, transcript, hash_len,
|
||||||
dst, hash_len, dst_len);
|
dst, hash_len, dst_len);
|
||||||
ret = psa_ssl_status_to_mbedtls(status);
|
ret = PSA_TO_MBEDTLS_ERR(status);
|
||||||
|
|
||||||
exit:
|
exit:
|
||||||
|
|
||||||
status = psa_destroy_key(key);
|
status = psa_destroy_key(key);
|
||||||
if (ret == 0) {
|
if (ret == 0) {
|
||||||
ret = psa_ssl_status_to_mbedtls(status);
|
ret = PSA_TO_MBEDTLS_ERR(status);
|
||||||
}
|
}
|
||||||
|
|
||||||
mbedtls_platform_zeroize(finished_key, sizeof(finished_key));
|
mbedtls_platform_zeroize(finished_key, sizeof(finished_key));
|
||||||
|
@ -1040,8 +1044,8 @@ int mbedtls_ssl_tls13_populate_transform(mbedtls_ssl_transform *transform,
|
||||||
&alg,
|
&alg,
|
||||||
&key_type,
|
&key_type,
|
||||||
&key_bits)) != PSA_SUCCESS) {
|
&key_bits)) != PSA_SUCCESS) {
|
||||||
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_cipher_to_psa", psa_ssl_status_to_mbedtls(status));
|
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_cipher_to_psa", PSA_TO_MBEDTLS_ERR(status));
|
||||||
return psa_ssl_status_to_mbedtls(status);
|
return PSA_TO_MBEDTLS_ERR(status);
|
||||||
}
|
}
|
||||||
|
|
||||||
transform->psa_alg = alg;
|
transform->psa_alg = alg;
|
||||||
|
@ -1055,8 +1059,8 @@ int mbedtls_ssl_tls13_populate_transform(mbedtls_ssl_transform *transform,
|
||||||
key_enc,
|
key_enc,
|
||||||
PSA_BITS_TO_BYTES(key_bits),
|
PSA_BITS_TO_BYTES(key_bits),
|
||||||
&transform->psa_key_enc)) != PSA_SUCCESS) {
|
&transform->psa_key_enc)) != PSA_SUCCESS) {
|
||||||
MBEDTLS_SSL_DEBUG_RET(1, "psa_import_key", psa_ssl_status_to_mbedtls(status));
|
MBEDTLS_SSL_DEBUG_RET(1, "psa_import_key", PSA_TO_MBEDTLS_ERR(status));
|
||||||
return psa_ssl_status_to_mbedtls(status);
|
return PSA_TO_MBEDTLS_ERR(status);
|
||||||
}
|
}
|
||||||
|
|
||||||
psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT);
|
psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT);
|
||||||
|
@ -1065,8 +1069,8 @@ int mbedtls_ssl_tls13_populate_transform(mbedtls_ssl_transform *transform,
|
||||||
key_dec,
|
key_dec,
|
||||||
PSA_BITS_TO_BYTES(key_bits),
|
PSA_BITS_TO_BYTES(key_bits),
|
||||||
&transform->psa_key_dec)) != PSA_SUCCESS) {
|
&transform->psa_key_dec)) != PSA_SUCCESS) {
|
||||||
MBEDTLS_SSL_DEBUG_RET(1, "psa_import_key", psa_ssl_status_to_mbedtls(status));
|
MBEDTLS_SSL_DEBUG_RET(1, "psa_import_key", PSA_TO_MBEDTLS_ERR(status));
|
||||||
return psa_ssl_status_to_mbedtls(status);
|
return PSA_TO_MBEDTLS_ERR(status);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||||
|
@ -1094,7 +1098,7 @@ static int ssl_tls13_get_cipher_key_info(
|
||||||
status = mbedtls_ssl_cipher_to_psa(ciphersuite_info->cipher, taglen,
|
status = mbedtls_ssl_cipher_to_psa(ciphersuite_info->cipher, taglen,
|
||||||
&alg, &key_type, &key_bits);
|
&alg, &key_type, &key_bits);
|
||||||
if (status != PSA_SUCCESS) {
|
if (status != PSA_SUCCESS) {
|
||||||
return psa_ssl_status_to_mbedtls(status);
|
return PSA_TO_MBEDTLS_ERR(status);
|
||||||
}
|
}
|
||||||
|
|
||||||
*key_len = PSA_BITS_TO_BYTES(key_bits);
|
*key_len = PSA_BITS_TO_BYTES(key_bits);
|
||||||
|
@ -1467,7 +1471,7 @@ static int ssl_tls13_key_schedule_stage_handshake(mbedtls_ssl_context *ssl)
|
||||||
status = psa_get_key_attributes(handshake->ecdh_psa_privkey,
|
status = psa_get_key_attributes(handshake->ecdh_psa_privkey,
|
||||||
&key_attributes);
|
&key_attributes);
|
||||||
if (status != PSA_SUCCESS) {
|
if (status != PSA_SUCCESS) {
|
||||||
ret = psa_ssl_status_to_mbedtls(status);
|
ret = PSA_TO_MBEDTLS_ERR(status);
|
||||||
}
|
}
|
||||||
|
|
||||||
shared_secret_len = PSA_BITS_TO_BYTES(
|
shared_secret_len = PSA_BITS_TO_BYTES(
|
||||||
|
@ -1482,14 +1486,14 @@ static int ssl_tls13_key_schedule_stage_handshake(mbedtls_ssl_context *ssl)
|
||||||
handshake->ecdh_psa_peerkey, handshake->ecdh_psa_peerkey_len,
|
handshake->ecdh_psa_peerkey, handshake->ecdh_psa_peerkey_len,
|
||||||
shared_secret, shared_secret_len, &shared_secret_len);
|
shared_secret, shared_secret_len, &shared_secret_len);
|
||||||
if (status != PSA_SUCCESS) {
|
if (status != PSA_SUCCESS) {
|
||||||
ret = psa_ssl_status_to_mbedtls(status);
|
ret = PSA_TO_MBEDTLS_ERR(status);
|
||||||
MBEDTLS_SSL_DEBUG_RET(1, "psa_raw_key_agreement", ret);
|
MBEDTLS_SSL_DEBUG_RET(1, "psa_raw_key_agreement", ret);
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
status = psa_destroy_key(handshake->ecdh_psa_privkey);
|
status = psa_destroy_key(handshake->ecdh_psa_privkey);
|
||||||
if (status != PSA_SUCCESS) {
|
if (status != PSA_SUCCESS) {
|
||||||
ret = psa_ssl_status_to_mbedtls(status);
|
ret = PSA_TO_MBEDTLS_ERR(status);
|
||||||
MBEDTLS_SSL_DEBUG_RET(1, "psa_destroy_key", ret);
|
MBEDTLS_SSL_DEBUG_RET(1, "psa_destroy_key", ret);
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
@ -1826,7 +1830,7 @@ int mbedtls_ssl_tls13_export_handshake_psk(mbedtls_ssl_context *ssl,
|
||||||
|
|
||||||
status = psa_get_key_attributes(ssl->handshake->psk_opaque, &key_attributes);
|
status = psa_get_key_attributes(ssl->handshake->psk_opaque, &key_attributes);
|
||||||
if (status != PSA_SUCCESS) {
|
if (status != PSA_SUCCESS) {
|
||||||
return psa_ssl_status_to_mbedtls(status);
|
return PSA_TO_MBEDTLS_ERR(status);
|
||||||
}
|
}
|
||||||
|
|
||||||
*psk_len = PSA_BITS_TO_BYTES(psa_get_key_bits(&key_attributes));
|
*psk_len = PSA_BITS_TO_BYTES(psa_get_key_bits(&key_attributes));
|
||||||
|
@ -1840,7 +1844,7 @@ int mbedtls_ssl_tls13_export_handshake_psk(mbedtls_ssl_context *ssl,
|
||||||
if (status != PSA_SUCCESS) {
|
if (status != PSA_SUCCESS) {
|
||||||
mbedtls_free((void *) *psk);
|
mbedtls_free((void *) *psk);
|
||||||
*psk = NULL;
|
*psk = NULL;
|
||||||
return psa_ssl_status_to_mbedtls(status);
|
return PSA_TO_MBEDTLS_ERR(status);
|
||||||
}
|
}
|
||||||
return 0;
|
return 0;
|
||||||
#else
|
#else
|
||||||
|
|
|
@ -18,6 +18,12 @@
|
||||||
#include <constant_time_internal.h>
|
#include <constant_time_internal.h>
|
||||||
#include <test/constant_flow.h>
|
#include <test/constant_flow.h>
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
|
#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \
|
||||||
|
psa_to_ssl_errors, \
|
||||||
|
psa_generic_status_to_mbedtls)
|
||||||
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
|
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
|
||||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
|
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
|
||||||
defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
|
defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
|
||||||
|
@ -1299,27 +1305,27 @@ static int psa_cipher_encrypt_helper(mbedtls_ssl_transform *transform,
|
||||||
transform->psa_key_enc, transform->psa_alg);
|
transform->psa_key_enc, transform->psa_alg);
|
||||||
|
|
||||||
if (status != PSA_SUCCESS) {
|
if (status != PSA_SUCCESS) {
|
||||||
return psa_ssl_status_to_mbedtls(status);
|
return PSA_TO_MBEDTLS_ERR(status);
|
||||||
}
|
}
|
||||||
|
|
||||||
status = psa_cipher_set_iv(&cipher_op, iv, iv_len);
|
status = psa_cipher_set_iv(&cipher_op, iv, iv_len);
|
||||||
|
|
||||||
if (status != PSA_SUCCESS) {
|
if (status != PSA_SUCCESS) {
|
||||||
return psa_ssl_status_to_mbedtls(status);
|
return PSA_TO_MBEDTLS_ERR(status);
|
||||||
}
|
}
|
||||||
|
|
||||||
status = psa_cipher_update(&cipher_op,
|
status = psa_cipher_update(&cipher_op,
|
||||||
input, ilen, output, ilen, olen);
|
input, ilen, output, ilen, olen);
|
||||||
|
|
||||||
if (status != PSA_SUCCESS) {
|
if (status != PSA_SUCCESS) {
|
||||||
return psa_ssl_status_to_mbedtls(status);
|
return PSA_TO_MBEDTLS_ERR(status);
|
||||||
}
|
}
|
||||||
|
|
||||||
status = psa_cipher_finish(&cipher_op,
|
status = psa_cipher_finish(&cipher_op,
|
||||||
output + *olen, ilen - *olen, &part_len);
|
output + *olen, ilen - *olen, &part_len);
|
||||||
|
|
||||||
if (status != PSA_SUCCESS) {
|
if (status != PSA_SUCCESS) {
|
||||||
return psa_ssl_status_to_mbedtls(status);
|
return PSA_TO_MBEDTLS_ERR(status);
|
||||||
}
|
}
|
||||||
|
|
||||||
*olen += part_len;
|
*olen += part_len;
|
||||||
|
@ -1614,7 +1620,7 @@ static int build_transforms(mbedtls_ssl_transform *t_in,
|
||||||
&key_bits);
|
&key_bits);
|
||||||
|
|
||||||
if (status != PSA_SUCCESS) {
|
if (status != PSA_SUCCESS) {
|
||||||
ret = psa_ssl_status_to_mbedtls(status);
|
ret = PSA_TO_MBEDTLS_ERR(status);
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1633,7 +1639,7 @@ static int build_transforms(mbedtls_ssl_transform *t_in,
|
||||||
&t_in->psa_key_enc);
|
&t_in->psa_key_enc);
|
||||||
|
|
||||||
if (status != PSA_SUCCESS) {
|
if (status != PSA_SUCCESS) {
|
||||||
ret = psa_ssl_status_to_mbedtls(status);
|
ret = PSA_TO_MBEDTLS_ERR(status);
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1643,7 +1649,7 @@ static int build_transforms(mbedtls_ssl_transform *t_in,
|
||||||
&t_out->psa_key_enc);
|
&t_out->psa_key_enc);
|
||||||
|
|
||||||
if (status != PSA_SUCCESS) {
|
if (status != PSA_SUCCESS) {
|
||||||
ret = psa_ssl_status_to_mbedtls(status);
|
ret = PSA_TO_MBEDTLS_ERR(status);
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1655,7 +1661,7 @@ static int build_transforms(mbedtls_ssl_transform *t_in,
|
||||||
&t_in->psa_key_dec);
|
&t_in->psa_key_dec);
|
||||||
|
|
||||||
if (status != PSA_SUCCESS) {
|
if (status != PSA_SUCCESS) {
|
||||||
ret = psa_ssl_status_to_mbedtls(status);
|
ret = PSA_TO_MBEDTLS_ERR(status);
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1665,7 +1671,7 @@ static int build_transforms(mbedtls_ssl_transform *t_in,
|
||||||
&t_out->psa_key_dec);
|
&t_out->psa_key_dec);
|
||||||
|
|
||||||
if (status != PSA_SUCCESS) {
|
if (status != PSA_SUCCESS) {
|
||||||
ret = psa_ssl_status_to_mbedtls(status);
|
ret = PSA_TO_MBEDTLS_ERR(status);
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -1735,7 +1741,7 @@ static int ssl_tls12_populate_session(mbedtls_ssl_session *session,
|
||||||
session->peer_cert_digest,
|
session->peer_cert_digest,
|
||||||
MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN,
|
MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN,
|
||||||
&hash_size);
|
&hash_size);
|
||||||
ret = psa_ssl_status_to_mbedtls(status);
|
ret = PSA_TO_MBEDTLS_ERR(status);
|
||||||
#else
|
#else
|
||||||
ret = mbedtls_md(mbedtls_md_info_from_type(
|
ret = mbedtls_md(mbedtls_md_info_from_type(
|
||||||
MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE),
|
MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE),
|
||||||
|
|
Loading…
Reference in a new issue