« back to all changes in this revision
Viewing changes to mbedtls/psa_util.h
- browse files at revision 80
- compare with another revision
- download diff
- download tarball
- view history from revision 80
- Committer: teusjannette at gmail
- Date: 2021-10-15 18:20:48 UTC
- Revision ID: teusjannette@gmail.com-20211015182048-jxzor4v0vphq2avn
new upstream version
- files added:
- mbedtls.old/config_psa.h
- files removed:
- mbedtls/config_psa.h
- files modified:
- bb/logic.cpp
added
removed
mbedtls/psa_util.h
1
/**
2
* \file psa_util.h
3
*
4
* \brief Utility functions for the use of the PSA Crypto library.
5
*
6
* \warning This function is not part of the public API and may
7
* change at any time.
8
*/
9
/*
10
* Copyright The Mbed TLS Contributors
11
* SPDX-License-Identifier: Apache-2.0
12
*
13
* Licensed under the Apache License, Version 2.0 (the "License"); you may
14
* not use this file except in compliance with the License.
15
* You may obtain a copy of the License at
16
*
17
* http://www.apache.org/licenses/LICENSE-2.0
18
*
19
* Unless required by applicable law or agreed to in writing, software
20
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
21
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
22
* See the License for the specific language governing permissions and
23
* limitations under the License.
24
*/
25
26
#ifndef MBEDTLS_PSA_UTIL_H
27
#define MBEDTLS_PSA_UTIL_H
28
29
#if !defined(MBEDTLS_CONFIG_FILE)
30
#include "mbedtls/config.h"
31
#else
32
#include MBEDTLS_CONFIG_FILE
33
#endif
34
35
#if defined(MBEDTLS_USE_PSA_CRYPTO)
36
37
#include "psa/crypto.h"
38
39
#include "mbedtls/ecp.h"
40
#include "mbedtls/md.h"
41
#include "mbedtls/pk.h"
42
#include "mbedtls/oid.h"
43
44
#include <string.h>
45
46
/* Translations for symmetric crypto. */
47
48
static inline psa_key_type_t mbedtls_psa_translate_cipher_type(
49
mbedtls_cipher_type_t cipher )
50
{
51
switch( cipher )
52
{
53
case MBEDTLS_CIPHER_AES_128_CCM:
54
case MBEDTLS_CIPHER_AES_192_CCM:
55
case MBEDTLS_CIPHER_AES_256_CCM:
56
case MBEDTLS_CIPHER_AES_128_GCM:
57
case MBEDTLS_CIPHER_AES_192_GCM:
58
case MBEDTLS_CIPHER_AES_256_GCM:
59
case MBEDTLS_CIPHER_AES_128_CBC:
60
case MBEDTLS_CIPHER_AES_192_CBC:
61
case MBEDTLS_CIPHER_AES_256_CBC:
62
return( PSA_KEY_TYPE_AES );
63
64
/* ARIA not yet supported in PSA. */
65
/* case MBEDTLS_CIPHER_ARIA_128_CCM:
66
case MBEDTLS_CIPHER_ARIA_192_CCM:
67
case MBEDTLS_CIPHER_ARIA_256_CCM:
68
case MBEDTLS_CIPHER_ARIA_128_GCM:
69
case MBEDTLS_CIPHER_ARIA_192_GCM:
70
case MBEDTLS_CIPHER_ARIA_256_GCM:
71
case MBEDTLS_CIPHER_ARIA_128_CBC:
72
case MBEDTLS_CIPHER_ARIA_192_CBC:
73
case MBEDTLS_CIPHER_ARIA_256_CBC:
74
return( PSA_KEY_TYPE_ARIA ); */
75
76
default:
77
return( 0 );
78
}
79
}
80
81
static inline psa_algorithm_t mbedtls_psa_translate_cipher_mode(
82
mbedtls_cipher_mode_t mode, size_t taglen )
83
{
84
switch( mode )
85
{
86
case MBEDTLS_MODE_ECB:
87
return( PSA_ALG_ECB_NO_PADDING );
88
case MBEDTLS_MODE_GCM:
89
return( PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, taglen ) );
90
case MBEDTLS_MODE_CCM:
91
return( PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_CCM, taglen ) );
92
case MBEDTLS_MODE_CBC:
93
if( taglen == 0 )
94
return( PSA_ALG_CBC_NO_PADDING );
95
/* Intentional fallthrough for taglen != 0 */
96
/* fallthrough */
97
default:
98
return( 0 );
99
}
100
}
101
102
static inline psa_key_usage_t mbedtls_psa_translate_cipher_operation(
103
mbedtls_operation_t op )
104
{
105
switch( op )
106
{
107
case MBEDTLS_ENCRYPT:
108
return( PSA_KEY_USAGE_ENCRYPT );
109
case MBEDTLS_DECRYPT:
110
return( PSA_KEY_USAGE_DECRYPT );
111
default:
112
return( 0 );
113
}
114
}
115
116
/* Translations for hashing. */
117
118
static inline psa_algorithm_t mbedtls_psa_translate_md( mbedtls_md_type_t md_alg )
119
{
120
switch( md_alg )
121
{
122
#if defined(MBEDTLS_MD2_C)
123
case MBEDTLS_MD_MD2:
124
return( PSA_ALG_MD2 );
125
#endif
126
#if defined(MBEDTLS_MD4_C)
127
case MBEDTLS_MD_MD4:
128
return( PSA_ALG_MD4 );
129
#endif
130
#if defined(MBEDTLS_MD5_C)
131
case MBEDTLS_MD_MD5:
132
return( PSA_ALG_MD5 );
133
#endif
134
#if defined(MBEDTLS_SHA1_C)
135
case MBEDTLS_MD_SHA1:
136
return( PSA_ALG_SHA_1 );
137
#endif
138
#if defined(MBEDTLS_SHA256_C)
139
case MBEDTLS_MD_SHA224:
140
return( PSA_ALG_SHA_224 );
141
case MBEDTLS_MD_SHA256:
142
return( PSA_ALG_SHA_256 );
143
#endif
144
#if defined(MBEDTLS_SHA512_C)
145
case MBEDTLS_MD_SHA384:
146
return( PSA_ALG_SHA_384 );
147
case MBEDTLS_MD_SHA512:
148
return( PSA_ALG_SHA_512 );
149
#endif
150
#if defined(MBEDTLS_RIPEMD160_C)
151
case MBEDTLS_MD_RIPEMD160:
152
return( PSA_ALG_RIPEMD160 );
153
#endif
154
case MBEDTLS_MD_NONE: /* Intentional fallthrough */
155
default:
156
return( 0 );
157
}
158
}
159
160
/* Translations for ECC. */
161
162
static inline int mbedtls_psa_get_ecc_oid_from_id(
163
psa_ecc_family_t curve, size_t bits,
164
char const **oid, size_t *oid_len )
165
{
166
switch( curve )
167
{
168
case PSA_ECC_FAMILY_SECP_R1:
169
switch( bits )
170
{
171
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
172
case 192:
173
*oid = MBEDTLS_OID_EC_GRP_SECP192R1;
174
*oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP192R1 );
175
return( 0 );
176
#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
177
#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
178
case 224:
179
*oid = MBEDTLS_OID_EC_GRP_SECP224R1;
180
*oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP224R1 );
181
return( 0 );
182
#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
183
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
184
case 256:
185
*oid = MBEDTLS_OID_EC_GRP_SECP256R1;
186
*oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP256R1 );
187
return( 0 );
188
#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
189
#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
190
case 384:
191
*oid = MBEDTLS_OID_EC_GRP_SECP384R1;
192
*oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP384R1 );
193
return( 0 );
194
#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
195
#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
196
case 521:
197
*oid = MBEDTLS_OID_EC_GRP_SECP521R1;
198
*oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP521R1 );
199
return( 0 );
200
#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
201
}
202
break;
203
case PSA_ECC_FAMILY_SECP_K1:
204
switch( bits )
205
{
206
#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
207
case 192:
208
*oid = MBEDTLS_OID_EC_GRP_SECP192K1;
209
*oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP192K1 );
210
return( 0 );
211
#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
212
#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
213
case 224:
214
*oid = MBEDTLS_OID_EC_GRP_SECP224K1;
215
*oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP224K1 );
216
return( 0 );
217
#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
218
#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
219
case 256:
220
*oid = MBEDTLS_OID_EC_GRP_SECP256K1;
221
*oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP256K1 );
222
return( 0 );
223
#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
224
}
225
break;
226
case PSA_ECC_FAMILY_BRAINPOOL_P_R1:
227
switch( bits )
228
{
229
#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
230
case 256:
231
*oid = MBEDTLS_OID_EC_GRP_BP256R1;
232
*oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_BP256R1 );
233
return( 0 );
234
#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
235
#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
236
case 384:
237
*oid = MBEDTLS_OID_EC_GRP_BP384R1;
238
*oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_BP384R1 );
239
return( 0 );
240
#endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */
241
#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
242
case 512:
243
*oid = MBEDTLS_OID_EC_GRP_BP512R1;
244
*oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_BP512R1 );
245
return( 0 );
246
#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
247
}
248
break;
249
}
250
(void) oid;
251
(void) oid_len;
252
return( -1 );
253
}
254
255
#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH 1
256
257
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
258
#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 192 + 7 ) / 8 ) + 1 )
259
#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
260
#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 192 + 7 ) / 8 ) + 1 )
261
#endif
262
#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
263
264
#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
265
#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 224 + 7 ) / 8 ) + 1 )
266
#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
267
#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 224 + 7 ) / 8 ) + 1 )
268
#endif
269
#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
270
271
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
272
#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 256 + 7 ) / 8 ) + 1 )
273
#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
274
#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 256 + 7 ) / 8 ) + 1 )
275
#endif
276
#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
277
278
#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
279
#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 384 + 7 ) / 8 ) + 1 )
280
#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
281
#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 384 + 7 ) / 8 ) + 1 )
282
#endif
283
#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
284
285
#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
286
#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 521 + 7 ) / 8 ) + 1 )
287
#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
288
#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 521 + 7 ) / 8 ) + 1 )
289
#endif
290
#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
291
292
#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
293
#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 192 + 7 ) / 8 ) + 1 )
294
#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
295
#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 192 + 7 ) / 8 ) + 1 )
296
#endif
297
#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
298
299
#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
300
#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 224 + 7 ) / 8 ) + 1 )
301
#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
302
#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 224 + 7 ) / 8 ) + 1 )
303
#endif
304
#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
305
306
#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
307
#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 256 + 7 ) / 8 ) + 1 )
308
#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
309
#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 256 + 7 ) / 8 ) + 1 )
310
#endif
311
#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
312
313
#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
314
#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 256 + 7 ) / 8 ) + 1 )
315
#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
316
#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 256 + 7 ) / 8 ) + 1 )
317
#endif
318
#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
319
320
#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
321
#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 384 + 7 ) / 8 ) + 1 )
322
#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
323
#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 384 + 7 ) / 8 ) + 1 )
324
#endif
325
#endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */
326
327
#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
328
#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 512 + 7 ) / 8 ) + 1 )
329
#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
330
#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 512 + 7 ) / 8 ) + 1 )
331
#endif
332
#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
333
334
335
/* Translations for PK layer */
336
337
static inline int mbedtls_psa_err_translate_pk( psa_status_t status )
338
{
339
switch( status )
340
{
341
case PSA_SUCCESS:
342
return( 0 );
343
case PSA_ERROR_NOT_SUPPORTED:
344
return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
345
case PSA_ERROR_INSUFFICIENT_MEMORY:
346
return( MBEDTLS_ERR_PK_ALLOC_FAILED );
347
case PSA_ERROR_INSUFFICIENT_ENTROPY:
348
return( MBEDTLS_ERR_ECP_RANDOM_FAILED );
349
case PSA_ERROR_BAD_STATE:
350
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
351
/* All other failures */
352
case PSA_ERROR_COMMUNICATION_FAILURE:
353
case PSA_ERROR_HARDWARE_FAILURE:
354
case PSA_ERROR_CORRUPTION_DETECTED:
355
return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );
356
default: /* We return the same as for the 'other failures',
357
* but list them separately nonetheless to indicate
358
* which failure conditions we have considered. */
359
return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );
360
}
361
}
362
363
/* Translations for ECC */
364
365
/* This function transforms an ECC group identifier from
366
* https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8
367
* into a PSA ECC group identifier. */
368
#if defined(MBEDTLS_ECP_C)
369
static inline psa_key_type_t mbedtls_psa_parse_tls_ecc_group(
370
uint16_t tls_ecc_grp_reg_id, size_t *bits )
371
{
372
const mbedtls_ecp_curve_info *curve_info =
373
mbedtls_ecp_curve_info_from_tls_id( tls_ecc_grp_reg_id );
374
if( curve_info == NULL )
375
return( 0 );
376
return( PSA_KEY_TYPE_ECC_KEY_PAIR(
377
mbedtls_ecc_group_to_psa( curve_info->grp_id, bits ) ) );
378
}
379
#endif /* MBEDTLS_ECP_C */
380
381
/* This function takes a buffer holding an EC public key
382
* exported through psa_export_public_key(), and converts
383
* it into an ECPoint structure to be put into a ClientKeyExchange
384
* message in an ECDHE exchange.
385
*
386
* Both the present and the foreseeable future format of EC public keys
387
* used by PSA have the ECPoint structure contained in the exported key
388
* as a subbuffer, and the function merely selects this subbuffer instead
389
* of making a copy.
390
*/
391
static inline int mbedtls_psa_tls_psa_ec_to_ecpoint( unsigned char *src,
392
size_t srclen,
393
unsigned char **dst,
394
size_t *dstlen )
395
{
396
*dst = src;
397
*dstlen = srclen;
398
return( 0 );
399
}
400
401
/* This function takes a buffer holding an ECPoint structure
402
* (as contained in a TLS ServerKeyExchange message for ECDHE
403
* exchanges) and converts it into a format that the PSA key
404
* agreement API understands.
405
*/
406
static inline int mbedtls_psa_tls_ecpoint_to_psa_ec( unsigned char const *src,
407
size_t srclen,
408
unsigned char *dst,
409
size_t dstlen,
410
size_t *olen )
411
{
412
if( srclen > dstlen )
413
return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
414
415
memcpy( dst, src, srclen );
416
*olen = srclen;
417
return( 0 );
418
}
419
420
#endif /* MBEDTLS_USE_PSA_CRYPTO */
421
422
#endif /* MBEDTLS_PSA_UTIL_H */
Loggerhead is a web-based interface for Breezy
Version: 2.0.1