1 /*
2 * PSA cipher driver entry points
3 */
4 /*
5 * Copyright The Mbed TLS Contributors
6 * SPDX-License-Identifier: Apache-2.0
7 *
8 * Licensed under the Apache License, Version 2.0 (the "License"); you may
9 * not use this file except in compliance with the License.
10 * You may obtain a copy of the License at
11 *
12 * http://www.apache.org/licenses/LICENSE-2.0
13 *
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
16 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * See the License for the specific language governing permissions and
18 * limitations under the License.
19 */
20
21 #include "common.h"
22
23 #if defined(MBEDTLS_PSA_CRYPTO_C)
24
25 #include <psa_crypto_cipher.h>
26 #include "psa_crypto_core.h"
27 #include "psa_crypto_random_impl.h"
28
29 #include "mbedtls/cipher.h"
30 #include "mbedtls/error.h"
31
32 #include <string.h>
33
34 #if ( defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES) || \
35 ( defined(PSA_CRYPTO_DRIVER_TEST) && \
36 defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DES) ) )
37 #define BUILTIN_KEY_TYPE_DES 1
38 #endif
39
40 #if ( defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING) || \
41 ( defined(PSA_CRYPTO_DRIVER_TEST) && \
42 defined(MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING) ) )
43 #define BUILTIN_ALG_CBC_NO_PADDING 1
44 #endif
45
46 #if ( defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7) || \
47 ( defined(PSA_CRYPTO_DRIVER_TEST) && \
48 defined(MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7) ) )
49 #define BUILTIN_ALG_CBC_PKCS7 1
50 #endif
51
52 #if ( defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_CHACHA20) || \
53 ( defined(PSA_CRYPTO_DRIVER_TEST) && \
54 defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20) ) )
55 #define BUILTIN_KEY_TYPE_CHACHA20 1
56 #endif
57
mbedtls_cipher_info_from_psa(psa_algorithm_t alg,psa_key_type_t key_type,size_t key_bits,mbedtls_cipher_id_t * cipher_id)58 const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa(
59 psa_algorithm_t alg,
60 psa_key_type_t key_type,
61 size_t key_bits,
62 mbedtls_cipher_id_t* cipher_id )
63 {
64 mbedtls_cipher_mode_t mode;
65 mbedtls_cipher_id_t cipher_id_tmp;
66
67 if( PSA_ALG_IS_AEAD( alg ) )
68 alg = PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, 0 );
69
70 if( PSA_ALG_IS_CIPHER( alg ) || PSA_ALG_IS_AEAD( alg ) )
71 {
72 switch( alg )
73 {
74 case PSA_ALG_STREAM_CIPHER:
75 mode = MBEDTLS_MODE_STREAM;
76 break;
77 case PSA_ALG_CTR:
78 mode = MBEDTLS_MODE_CTR;
79 break;
80 case PSA_ALG_CFB:
81 mode = MBEDTLS_MODE_CFB;
82 break;
83 case PSA_ALG_OFB:
84 mode = MBEDTLS_MODE_OFB;
85 break;
86 case PSA_ALG_ECB_NO_PADDING:
87 mode = MBEDTLS_MODE_ECB;
88 break;
89 case PSA_ALG_CBC_NO_PADDING:
90 mode = MBEDTLS_MODE_CBC;
91 break;
92 case PSA_ALG_CBC_PKCS7:
93 mode = MBEDTLS_MODE_CBC;
94 break;
95 case PSA_ALG_CCM_STAR_NO_TAG:
96 mode = MBEDTLS_MODE_CCM_STAR_NO_TAG;
97 break;
98 case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 0 ):
99 mode = MBEDTLS_MODE_CCM;
100 break;
101 case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 0 ):
102 mode = MBEDTLS_MODE_GCM;
103 break;
104 case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CHACHA20_POLY1305, 0 ):
105 mode = MBEDTLS_MODE_CHACHAPOLY;
106 break;
107 default:
108 return( NULL );
109 }
110 }
111 else if( alg == PSA_ALG_CMAC )
112 mode = MBEDTLS_MODE_ECB;
113 else
114 return( NULL );
115
116 switch( key_type )
117 {
118 case PSA_KEY_TYPE_AES:
119 cipher_id_tmp = MBEDTLS_CIPHER_ID_AES;
120 break;
121 case PSA_KEY_TYPE_ARIA:
122 cipher_id_tmp = MBEDTLS_CIPHER_ID_ARIA;
123 break;
124 case PSA_KEY_TYPE_DES:
125 /* key_bits is 64 for Single-DES, 128 for two-key Triple-DES,
126 * and 192 for three-key Triple-DES. */
127 if( key_bits == 64 )
128 cipher_id_tmp = MBEDTLS_CIPHER_ID_DES;
129 else
130 cipher_id_tmp = MBEDTLS_CIPHER_ID_3DES;
131 /* mbedtls doesn't recognize two-key Triple-DES as an algorithm,
132 * but two-key Triple-DES is functionally three-key Triple-DES
133 * with K1=K3, so that's how we present it to mbedtls. */
134 if( key_bits == 128 )
135 key_bits = 192;
136 break;
137 case PSA_KEY_TYPE_CAMELLIA:
138 cipher_id_tmp = MBEDTLS_CIPHER_ID_CAMELLIA;
139 break;
140 case PSA_KEY_TYPE_CHACHA20:
141 cipher_id_tmp = MBEDTLS_CIPHER_ID_CHACHA20;
142 break;
143 default:
144 return( NULL );
145 }
146 if( cipher_id != NULL )
147 *cipher_id = cipher_id_tmp;
148
149 return( mbedtls_cipher_info_from_values( cipher_id_tmp,
150 (int) key_bits, mode ) );
151 }
152
153 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER) || defined(PSA_CRYPTO_DRIVER_TEST)
154
cipher_setup(mbedtls_psa_cipher_operation_t * operation,const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,mbedtls_operation_t cipher_operation)155 static psa_status_t cipher_setup(
156 mbedtls_psa_cipher_operation_t *operation,
157 const psa_key_attributes_t *attributes,
158 const uint8_t *key_buffer, size_t key_buffer_size,
159 psa_algorithm_t alg,
160 mbedtls_operation_t cipher_operation )
161 {
162 int ret = 0;
163 size_t key_bits;
164 const mbedtls_cipher_info_t *cipher_info = NULL;
165 psa_key_type_t key_type = attributes->core.type;
166
167 (void)key_buffer_size;
168
169 mbedtls_cipher_init( &operation->ctx.cipher );
170
171 operation->alg = alg;
172 key_bits = attributes->core.bits;
173 cipher_info = mbedtls_cipher_info_from_psa( alg, key_type,
174 key_bits, NULL );
175 if( cipher_info == NULL )
176 return( PSA_ERROR_NOT_SUPPORTED );
177
178 ret = mbedtls_cipher_setup( &operation->ctx.cipher, cipher_info );
179 if( ret != 0 )
180 goto exit;
181
182 #if defined(BUILTIN_KEY_TYPE_DES)
183 if( key_type == PSA_KEY_TYPE_DES && key_bits == 128 )
184 {
185 /* Two-key Triple-DES is 3-key Triple-DES with K1=K3 */
186 uint8_t keys[24];
187 memcpy( keys, key_buffer, 16 );
188 memcpy( keys + 16, key_buffer, 8 );
189 ret = mbedtls_cipher_setkey( &operation->ctx.cipher,
190 keys,
191 192, cipher_operation );
192 }
193 else
194 #endif
195 {
196 ret = mbedtls_cipher_setkey( &operation->ctx.cipher, key_buffer,
197 (int) key_bits, cipher_operation );
198 }
199 if( ret != 0 )
200 goto exit;
201
202 #if defined(BUILTIN_ALG_CBC_NO_PADDING) || \
203 defined(BUILTIN_ALG_CBC_PKCS7)
204 switch( alg )
205 {
206 case PSA_ALG_CBC_NO_PADDING:
207 ret = mbedtls_cipher_set_padding_mode( &operation->ctx.cipher,
208 MBEDTLS_PADDING_NONE );
209 break;
210 case PSA_ALG_CBC_PKCS7:
211 ret = mbedtls_cipher_set_padding_mode( &operation->ctx.cipher,
212 MBEDTLS_PADDING_PKCS7 );
213 break;
214 default:
215 /* The algorithm doesn't involve padding. */
216 ret = 0;
217 break;
218 }
219 if( ret != 0 )
220 goto exit;
221 #endif /* BUILTIN_ALG_CBC_NO_PADDING || BUILTIN_ALG_CBC_PKCS7 */
222
223 operation->block_length = ( PSA_ALG_IS_STREAM_CIPHER( alg ) ? 1 :
224 PSA_BLOCK_CIPHER_BLOCK_LENGTH( key_type ) );
225 operation->iv_length = PSA_CIPHER_IV_LENGTH( key_type, alg );
226
227 exit:
228 return( mbedtls_to_psa_error( ret ) );
229 }
230
cipher_encrypt_setup(mbedtls_psa_cipher_operation_t * operation,const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg)231 static psa_status_t cipher_encrypt_setup(
232 mbedtls_psa_cipher_operation_t *operation,
233 const psa_key_attributes_t *attributes,
234 const uint8_t *key_buffer, size_t key_buffer_size,
235 psa_algorithm_t alg )
236 {
237 return( cipher_setup( operation, attributes,
238 key_buffer, key_buffer_size,
239 alg, MBEDTLS_ENCRYPT ) );
240 }
241
cipher_decrypt_setup(mbedtls_psa_cipher_operation_t * operation,const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg)242 static psa_status_t cipher_decrypt_setup(
243 mbedtls_psa_cipher_operation_t *operation,
244 const psa_key_attributes_t *attributes,
245 const uint8_t *key_buffer, size_t key_buffer_size,
246 psa_algorithm_t alg )
247 {
248 return( cipher_setup( operation, attributes,
249 key_buffer, key_buffer_size,
250 alg, MBEDTLS_DECRYPT ) );
251 }
252
cipher_set_iv(mbedtls_psa_cipher_operation_t * operation,const uint8_t * iv,size_t iv_length)253 static psa_status_t cipher_set_iv( mbedtls_psa_cipher_operation_t *operation,
254 const uint8_t *iv, size_t iv_length )
255 {
256 if( iv_length != operation->iv_length )
257 return( PSA_ERROR_INVALID_ARGUMENT );
258
259 return( mbedtls_to_psa_error(
260 mbedtls_cipher_set_iv( &operation->ctx.cipher,
261 iv, iv_length ) ) );
262 }
263
264 /** Process input for which the algorithm is set to ECB mode.
265 *
266 * This requires manual processing, since the PSA API is defined as being
267 * able to process arbitrary-length calls to psa_cipher_update() with ECB mode,
268 * but the underlying mbedtls_cipher_update only takes full blocks.
269 *
270 * \param ctx The mbedtls cipher context to use. It must have been
271 * set up for ECB.
272 * \param[in] input The input plaintext or ciphertext to process.
273 * \param input_length The number of bytes to process from \p input.
274 * This does not need to be aligned to a block boundary.
275 * If there is a partial block at the end of the input,
276 * it is stored in \p ctx for future processing.
277 * \param output The buffer where the output is written. It must be
278 * at least `BS * floor((p + input_length) / BS)` bytes
279 * long, where `p` is the number of bytes in the
280 * unprocessed partial block in \p ctx (with
281 * `0 <= p <= BS - 1`) and `BS` is the block size.
282 * \param output_length On success, the number of bytes written to \p output.
283 * \c 0 on error.
284 *
285 * \return #PSA_SUCCESS or an error from a hardware accelerator
286 */
psa_cipher_update_ecb(mbedtls_cipher_context_t * ctx,const uint8_t * input,size_t input_length,uint8_t * output,size_t * output_length)287 static psa_status_t psa_cipher_update_ecb(
288 mbedtls_cipher_context_t *ctx,
289 const uint8_t *input,
290 size_t input_length,
291 uint8_t *output,
292 size_t *output_length )
293 {
294 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
295 size_t block_size = ctx->cipher_info->block_size;
296 size_t internal_output_length = 0;
297 *output_length = 0;
298
299 if( input_length == 0 )
300 {
301 status = PSA_SUCCESS;
302 goto exit;
303 }
304
305 if( ctx->unprocessed_len > 0 )
306 {
307 /* Fill up to block size, and run the block if there's a full one. */
308 size_t bytes_to_copy = block_size - ctx->unprocessed_len;
309
310 if( input_length < bytes_to_copy )
311 bytes_to_copy = input_length;
312
313 memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ),
314 input, bytes_to_copy );
315 input_length -= bytes_to_copy;
316 input += bytes_to_copy;
317 ctx->unprocessed_len += bytes_to_copy;
318
319 if( ctx->unprocessed_len == block_size )
320 {
321 status = mbedtls_to_psa_error(
322 mbedtls_cipher_update( ctx,
323 ctx->unprocessed_data,
324 block_size,
325 output, &internal_output_length ) );
326
327 if( status != PSA_SUCCESS )
328 goto exit;
329
330 output += internal_output_length;
331 *output_length += internal_output_length;
332 ctx->unprocessed_len = 0;
333 }
334 }
335
336 while( input_length >= block_size )
337 {
338 /* Run all full blocks we have, one by one */
339 status = mbedtls_to_psa_error(
340 mbedtls_cipher_update( ctx, input,
341 block_size,
342 output, &internal_output_length ) );
343
344 if( status != PSA_SUCCESS )
345 goto exit;
346
347 input_length -= block_size;
348 input += block_size;
349
350 output += internal_output_length;
351 *output_length += internal_output_length;
352 }
353
354 if( input_length > 0 )
355 {
356 /* Save unprocessed bytes for later processing */
357 memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ),
358 input, input_length );
359 ctx->unprocessed_len += input_length;
360 }
361
362 status = PSA_SUCCESS;
363
364 exit:
365 return( status );
366 }
367
cipher_update(mbedtls_psa_cipher_operation_t * operation,const uint8_t * input,size_t input_length,uint8_t * output,size_t output_size,size_t * output_length)368 static psa_status_t cipher_update( mbedtls_psa_cipher_operation_t *operation,
369 const uint8_t *input,
370 size_t input_length,
371 uint8_t *output,
372 size_t output_size,
373 size_t *output_length )
374 {
375 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
376 size_t expected_output_size;
377
378 if( ! PSA_ALG_IS_STREAM_CIPHER( operation->alg ) )
379 {
380 /* Take the unprocessed partial block left over from previous
381 * update calls, if any, plus the input to this call. Remove
382 * the last partial block, if any. You get the data that will be
383 * output in this call. */
384 expected_output_size =
385 ( operation->ctx.cipher.unprocessed_len + input_length )
386 / operation->block_length * operation->block_length;
387 }
388 else
389 {
390 expected_output_size = input_length;
391 }
392
393 if( output_size < expected_output_size )
394 return( PSA_ERROR_BUFFER_TOO_SMALL );
395
396 if( operation->alg == PSA_ALG_ECB_NO_PADDING )
397 {
398 /* mbedtls_cipher_update has an API inconsistency: it will only
399 * process a single block at a time in ECB mode. Abstract away that
400 * inconsistency here to match the PSA API behaviour. */
401 status = psa_cipher_update_ecb( &operation->ctx.cipher,
402 input,
403 input_length,
404 output,
405 output_length );
406 }
407 else
408 {
409 status = mbedtls_to_psa_error(
410 mbedtls_cipher_update( &operation->ctx.cipher, input,
411 input_length, output, output_length ) );
412
413 if( *output_length > output_size )
414 return( PSA_ERROR_CORRUPTION_DETECTED );
415 }
416
417 return( status );
418 }
419
cipher_finish(mbedtls_psa_cipher_operation_t * operation,uint8_t * output,size_t output_size,size_t * output_length)420 static psa_status_t cipher_finish( mbedtls_psa_cipher_operation_t *operation,
421 uint8_t *output,
422 size_t output_size,
423 size_t *output_length )
424 {
425 psa_status_t status = PSA_ERROR_GENERIC_ERROR;
426 uint8_t temp_output_buffer[MBEDTLS_MAX_BLOCK_LENGTH];
427
428 if( operation->ctx.cipher.unprocessed_len != 0 )
429 {
430 if( operation->alg == PSA_ALG_ECB_NO_PADDING ||
431 operation->alg == PSA_ALG_CBC_NO_PADDING )
432 {
433 status = PSA_ERROR_INVALID_ARGUMENT;
434 goto exit;
435 }
436 }
437
438 status = mbedtls_to_psa_error(
439 mbedtls_cipher_finish( &operation->ctx.cipher,
440 temp_output_buffer,
441 output_length ) );
442 if( status != PSA_SUCCESS )
443 goto exit;
444
445 if( *output_length == 0 )
446 ; /* Nothing to copy. Note that output may be NULL in this case. */
447 else if( output_size >= *output_length )
448 memcpy( output, temp_output_buffer, *output_length );
449 else
450 status = PSA_ERROR_BUFFER_TOO_SMALL;
451
452 exit:
453 mbedtls_platform_zeroize( temp_output_buffer,
454 sizeof( temp_output_buffer ) );
455
456 return( status );
457 }
458
cipher_abort(mbedtls_psa_cipher_operation_t * operation)459 static psa_status_t cipher_abort( mbedtls_psa_cipher_operation_t *operation )
460 {
461 /* Sanity check (shouldn't happen: operation->alg should
462 * always have been initialized to a valid value). */
463 if( ! PSA_ALG_IS_CIPHER( operation->alg ) )
464 return( PSA_ERROR_BAD_STATE );
465
466 mbedtls_cipher_free( &operation->ctx.cipher );
467
468 return( PSA_SUCCESS );
469 }
470
cipher_encrypt(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * input,size_t input_length,uint8_t * output,size_t output_size,size_t * output_length)471 static psa_status_t cipher_encrypt( const psa_key_attributes_t *attributes,
472 const uint8_t *key_buffer,
473 size_t key_buffer_size,
474 psa_algorithm_t alg,
475 const uint8_t *input,
476 size_t input_length,
477 uint8_t *output,
478 size_t output_size,
479 size_t *output_length )
480 {
481 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
482 mbedtls_psa_cipher_operation_t operation = MBEDTLS_PSA_CIPHER_OPERATION_INIT;
483 size_t olength, accumulated_length;
484
485 status = cipher_encrypt_setup( &operation, attributes,
486 key_buffer, key_buffer_size, alg );
487 if( status != PSA_SUCCESS )
488 goto exit;
489
490 accumulated_length = 0;
491 if( operation.iv_length > 0 )
492 {
493 status = cipher_set_iv( &operation, output, operation.iv_length );
494 if( status != PSA_SUCCESS )
495 goto exit;
496
497 accumulated_length = operation.iv_length;
498 }
499
500 status = cipher_update( &operation, input, input_length,
501 output + operation.iv_length,
502 output_size - operation.iv_length,
503 &olength );
504 if( status != PSA_SUCCESS )
505 goto exit;
506
507 accumulated_length += olength;
508
509 status = cipher_finish( &operation, output + accumulated_length,
510 output_size - accumulated_length, &olength );
511 if( status != PSA_SUCCESS )
512 goto exit;
513
514 *output_length = accumulated_length + olength;
515
516 exit:
517 if( status == PSA_SUCCESS )
518 status = cipher_abort( &operation );
519 else
520 cipher_abort( &operation );
521 return( status );
522 }
523
cipher_decrypt(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * input,size_t input_length,uint8_t * output,size_t output_size,size_t * output_length)524 static psa_status_t cipher_decrypt( const psa_key_attributes_t *attributes,
525 const uint8_t *key_buffer,
526 size_t key_buffer_size,
527 psa_algorithm_t alg,
528 const uint8_t *input,
529 size_t input_length,
530 uint8_t *output,
531 size_t output_size,
532 size_t *output_length )
533 {
534 psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
535 mbedtls_psa_cipher_operation_t operation = MBEDTLS_PSA_CIPHER_OPERATION_INIT;
536 size_t olength, accumulated_length;
537
538 status = cipher_decrypt_setup( &operation, attributes,
539 key_buffer, key_buffer_size, alg );
540 if( status != PSA_SUCCESS )
541 goto exit;
542
543 if( operation.iv_length > 0 )
544 {
545 status = cipher_set_iv( &operation, input, operation.iv_length );
546 if( status != PSA_SUCCESS )
547 goto exit;
548 }
549
550 status = cipher_update( &operation, input + operation.iv_length,
551 input_length - operation.iv_length,
552 output, output_size, &olength );
553 if( status != PSA_SUCCESS )
554 goto exit;
555
556 accumulated_length = olength;
557
558 status = cipher_finish( &operation, output + accumulated_length,
559 output_size - accumulated_length, &olength );
560 if( status != PSA_SUCCESS )
561 goto exit;
562
563 *output_length = accumulated_length + olength;
564
565 exit:
566 if ( status == PSA_SUCCESS )
567 status = cipher_abort( &operation );
568 else
569 cipher_abort( &operation );
570 return( status );
571 }
572 #endif /* MBEDTLS_PSA_BUILTIN_CIPHER || PSA_CRYPTO_DRIVER_TEST */
573
574 #if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
mbedtls_psa_cipher_encrypt_setup(mbedtls_psa_cipher_operation_t * operation,const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg)575 psa_status_t mbedtls_psa_cipher_encrypt_setup(
576 mbedtls_psa_cipher_operation_t *operation,
577 const psa_key_attributes_t *attributes,
578 const uint8_t *key_buffer, size_t key_buffer_size,
579 psa_algorithm_t alg )
580 {
581 return( cipher_encrypt_setup(
582 operation, attributes, key_buffer, key_buffer_size, alg ) );
583 }
584
mbedtls_psa_cipher_decrypt_setup(mbedtls_psa_cipher_operation_t * operation,const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg)585 psa_status_t mbedtls_psa_cipher_decrypt_setup(
586 mbedtls_psa_cipher_operation_t *operation,
587 const psa_key_attributes_t *attributes,
588 const uint8_t *key_buffer, size_t key_buffer_size,
589 psa_algorithm_t alg )
590 {
591 return( cipher_decrypt_setup(
592 operation, attributes, key_buffer, key_buffer_size, alg ) );
593 }
594
mbedtls_psa_cipher_set_iv(mbedtls_psa_cipher_operation_t * operation,const uint8_t * iv,size_t iv_length)595 psa_status_t mbedtls_psa_cipher_set_iv( mbedtls_psa_cipher_operation_t *operation,
596 const uint8_t *iv,
597 size_t iv_length )
598 {
599 return( cipher_set_iv( operation, iv, iv_length ) );
600 }
601
mbedtls_psa_cipher_update(mbedtls_psa_cipher_operation_t * operation,const uint8_t * input,size_t input_length,uint8_t * output,size_t output_size,size_t * output_length)602 psa_status_t mbedtls_psa_cipher_update( mbedtls_psa_cipher_operation_t *operation,
603 const uint8_t *input,
604 size_t input_length,
605 uint8_t *output,
606 size_t output_size,
607 size_t *output_length )
608 {
609 return( cipher_update( operation, input, input_length,
610 output, output_size, output_length ) );
611 }
612
mbedtls_psa_cipher_finish(mbedtls_psa_cipher_operation_t * operation,uint8_t * output,size_t output_size,size_t * output_length)613 psa_status_t mbedtls_psa_cipher_finish( mbedtls_psa_cipher_operation_t *operation,
614 uint8_t *output,
615 size_t output_size,
616 size_t *output_length )
617 {
618 return( cipher_finish( operation, output, output_size, output_length ) );
619 }
620
mbedtls_psa_cipher_abort(mbedtls_psa_cipher_operation_t * operation)621 psa_status_t mbedtls_psa_cipher_abort( mbedtls_psa_cipher_operation_t *operation )
622 {
623 return( cipher_abort( operation ) );
624 }
625
mbedtls_psa_cipher_encrypt(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * input,size_t input_length,uint8_t * output,size_t output_size,size_t * output_length)626 psa_status_t mbedtls_psa_cipher_encrypt( const psa_key_attributes_t *attributes,
627 const uint8_t *key_buffer,
628 size_t key_buffer_size,
629 psa_algorithm_t alg,
630 const uint8_t *input,
631 size_t input_length,
632 uint8_t *output,
633 size_t output_size,
634 size_t *output_length )
635 {
636 return( cipher_encrypt( attributes, key_buffer, key_buffer_size,
637 alg, input, input_length,
638 output, output_size, output_length ) );
639 }
640
mbedtls_psa_cipher_decrypt(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * input,size_t input_length,uint8_t * output,size_t output_size,size_t * output_length)641 psa_status_t mbedtls_psa_cipher_decrypt( const psa_key_attributes_t *attributes,
642 const uint8_t *key_buffer,
643 size_t key_buffer_size,
644 psa_algorithm_t alg,
645 const uint8_t *input,
646 size_t input_length,
647 uint8_t *output,
648 size_t output_size,
649 size_t *output_length )
650 {
651 return( cipher_decrypt( attributes, key_buffer, key_buffer_size,
652 alg, input, input_length,
653 output, output_size, output_length ) );
654 }
655 #endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
656
657 /*
658 * BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY.
659 */
660
661 #if defined(PSA_CRYPTO_DRIVER_TEST)
mbedtls_transparent_test_driver_cipher_encrypt_setup(mbedtls_psa_cipher_operation_t * operation,const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg)662 psa_status_t mbedtls_transparent_test_driver_cipher_encrypt_setup(
663 mbedtls_psa_cipher_operation_t *operation,
664 const psa_key_attributes_t *attributes,
665 const uint8_t *key_buffer, size_t key_buffer_size,
666 psa_algorithm_t alg )
667 {
668 return( cipher_encrypt_setup(
669 operation, attributes, key_buffer, key_buffer_size, alg ) );
670 }
671
mbedtls_transparent_test_driver_cipher_decrypt_setup(mbedtls_psa_cipher_operation_t * operation,const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg)672 psa_status_t mbedtls_transparent_test_driver_cipher_decrypt_setup(
673 mbedtls_psa_cipher_operation_t *operation,
674 const psa_key_attributes_t *attributes,
675 const uint8_t *key_buffer, size_t key_buffer_size,
676 psa_algorithm_t alg )
677 {
678 return( cipher_decrypt_setup(
679 operation, attributes, key_buffer, key_buffer_size, alg ) );
680 }
681
mbedtls_transparent_test_driver_cipher_set_iv(mbedtls_psa_cipher_operation_t * operation,const uint8_t * iv,size_t iv_length)682 psa_status_t mbedtls_transparent_test_driver_cipher_set_iv(
683 mbedtls_psa_cipher_operation_t *operation,
684 const uint8_t *iv, size_t iv_length )
685 {
686 return( cipher_set_iv( operation, iv, iv_length ) );
687 }
688
mbedtls_transparent_test_driver_cipher_update(mbedtls_psa_cipher_operation_t * operation,const uint8_t * input,size_t input_length,uint8_t * output,size_t output_size,size_t * output_length)689 psa_status_t mbedtls_transparent_test_driver_cipher_update(
690 mbedtls_psa_cipher_operation_t *operation,
691 const uint8_t *input, size_t input_length,
692 uint8_t *output, size_t output_size, size_t *output_length )
693 {
694 return( cipher_update( operation, input, input_length,
695 output, output_size, output_length ) );
696 }
697
mbedtls_transparent_test_driver_cipher_finish(mbedtls_psa_cipher_operation_t * operation,uint8_t * output,size_t output_size,size_t * output_length)698 psa_status_t mbedtls_transparent_test_driver_cipher_finish(
699 mbedtls_psa_cipher_operation_t *operation,
700 uint8_t *output, size_t output_size, size_t *output_length )
701 {
702 return( cipher_finish( operation, output, output_size, output_length ) );
703 }
704
mbedtls_transparent_test_driver_cipher_abort(mbedtls_psa_cipher_operation_t * operation)705 psa_status_t mbedtls_transparent_test_driver_cipher_abort(
706 mbedtls_psa_cipher_operation_t *operation )
707 {
708 return( cipher_abort( operation ) );
709 }
710
mbedtls_transparent_test_driver_cipher_encrypt(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * input,size_t input_length,uint8_t * output,size_t output_size,size_t * output_length)711 psa_status_t mbedtls_transparent_test_driver_cipher_encrypt(
712 const psa_key_attributes_t *attributes,
713 const uint8_t *key_buffer,
714 size_t key_buffer_size,
715 psa_algorithm_t alg,
716 const uint8_t *input,
717 size_t input_length,
718 uint8_t *output,
719 size_t output_size,
720 size_t *output_length )
721 {
722 return( cipher_encrypt( attributes, key_buffer, key_buffer_size,
723 alg, input, input_length,
724 output, output_size, output_length ) );
725 }
726
mbedtls_transparent_test_driver_cipher_decrypt(const psa_key_attributes_t * attributes,const uint8_t * key_buffer,size_t key_buffer_size,psa_algorithm_t alg,const uint8_t * input,size_t input_length,uint8_t * output,size_t output_size,size_t * output_length)727 psa_status_t mbedtls_transparent_test_driver_cipher_decrypt(
728 const psa_key_attributes_t *attributes,
729 const uint8_t *key_buffer,
730 size_t key_buffer_size,
731 psa_algorithm_t alg,
732 const uint8_t *input,
733 size_t input_length,
734 uint8_t *output,
735 size_t output_size,
736 size_t *output_length )
737 {
738 return( cipher_decrypt( attributes, key_buffer, key_buffer_size,
739 alg, input, input_length,
740 output, output_size, output_length ) );
741 }
742 #endif /* PSA_CRYPTO_DRIVER_TEST */
743
744 #endif /* MBEDTLS_PSA_CRYPTO_C */
745