1 /**
2 * \file psa_util.h
3 *
4 * \brief Utility functions for the use of the PSA Crypto library.
5 *
6 * \warning This function is not part of the public API and may
7 * change at any time.
8 */
9 /*
10 * Copyright The Mbed TLS Contributors
11 * SPDX-License-Identifier: Apache-2.0
12 *
13 * Licensed under the Apache License, Version 2.0 (the "License"); you may
14 * not use this file except in compliance with the License.
15 * You may obtain a copy of the License at
16 *
17 * http://www.apache.org/licenses/LICENSE-2.0
18 *
19 * Unless required by applicable law or agreed to in writing, software
20 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
21 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
22 * See the License for the specific language governing permissions and
23 * limitations under the License.
24 */
25
26 #ifndef MBEDTLS_PSA_UTIL_H
27 #define MBEDTLS_PSA_UTIL_H
28 #include "mbedtls/private_access.h"
29
30 #include "mbedtls/build_info.h"
31
32 #if defined(MBEDTLS_PSA_CRYPTO_C)
33
34 #include "psa/crypto.h"
35
36 #include "mbedtls/ecp.h"
37 #include "mbedtls/md.h"
38 #include "mbedtls/pk.h"
39 #include "mbedtls/oid.h"
40 #include "mbedtls/error.h"
41
42 #include <string.h>
43
44 /* Translations for symmetric crypto. */
45
mbedtls_psa_translate_cipher_type(mbedtls_cipher_type_t cipher)46 static inline psa_key_type_t mbedtls_psa_translate_cipher_type(
47 mbedtls_cipher_type_t cipher )
48 {
49 switch( cipher )
50 {
51 case MBEDTLS_CIPHER_AES_128_CCM:
52 case MBEDTLS_CIPHER_AES_192_CCM:
53 case MBEDTLS_CIPHER_AES_256_CCM:
54 case MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG:
55 case MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG:
56 case MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG:
57 case MBEDTLS_CIPHER_AES_128_GCM:
58 case MBEDTLS_CIPHER_AES_192_GCM:
59 case MBEDTLS_CIPHER_AES_256_GCM:
60 case MBEDTLS_CIPHER_AES_128_CBC:
61 case MBEDTLS_CIPHER_AES_192_CBC:
62 case MBEDTLS_CIPHER_AES_256_CBC:
63 case MBEDTLS_CIPHER_AES_128_ECB:
64 case MBEDTLS_CIPHER_AES_192_ECB:
65 case MBEDTLS_CIPHER_AES_256_ECB:
66 return( PSA_KEY_TYPE_AES );
67
68 /* ARIA not yet supported in PSA. */
69 /* case MBEDTLS_CIPHER_ARIA_128_CCM:
70 case MBEDTLS_CIPHER_ARIA_192_CCM:
71 case MBEDTLS_CIPHER_ARIA_256_CCM:
72 case MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:
73 case MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:
74 case MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:
75 case MBEDTLS_CIPHER_ARIA_128_GCM:
76 case MBEDTLS_CIPHER_ARIA_192_GCM:
77 case MBEDTLS_CIPHER_ARIA_256_GCM:
78 case MBEDTLS_CIPHER_ARIA_128_CBC:
79 case MBEDTLS_CIPHER_ARIA_192_CBC:
80 case MBEDTLS_CIPHER_ARIA_256_CBC:
81 return( PSA_KEY_TYPE_ARIA ); */
82
83 default:
84 return( 0 );
85 }
86 }
87
mbedtls_psa_translate_cipher_mode(mbedtls_cipher_mode_t mode,size_t taglen)88 static inline psa_algorithm_t mbedtls_psa_translate_cipher_mode(
89 mbedtls_cipher_mode_t mode, size_t taglen )
90 {
91 switch( mode )
92 {
93 case MBEDTLS_MODE_ECB:
94 return( PSA_ALG_ECB_NO_PADDING );
95 case MBEDTLS_MODE_GCM:
96 return( PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, taglen ) );
97 case MBEDTLS_MODE_CCM:
98 return( PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, taglen ) );
99 case MBEDTLS_MODE_CCM_STAR_NO_TAG:
100 return PSA_ALG_CCM_STAR_NO_TAG;
101 case MBEDTLS_MODE_CBC:
102 if( taglen == 0 )
103 return( PSA_ALG_CBC_NO_PADDING );
104 else
105 return( 0 );
106 default:
107 return( 0 );
108 }
109 }
110
mbedtls_psa_translate_cipher_operation(mbedtls_operation_t op)111 static inline psa_key_usage_t mbedtls_psa_translate_cipher_operation(
112 mbedtls_operation_t op )
113 {
114 switch( op )
115 {
116 case MBEDTLS_ENCRYPT:
117 return( PSA_KEY_USAGE_ENCRYPT );
118 case MBEDTLS_DECRYPT:
119 return( PSA_KEY_USAGE_DECRYPT );
120 default:
121 return( 0 );
122 }
123 }
124
125 /* Translations for hashing. */
126
127 /* Note: this function should not be used from inside the library, use
128 * mbedtls_hash_info_psa_from_md() from the internal hash_info.h instead.
129 * It is kept only for compatibility in case applications were using it. */
mbedtls_psa_translate_md(mbedtls_md_type_t md_alg)130 static inline psa_algorithm_t mbedtls_psa_translate_md( mbedtls_md_type_t md_alg )
131 {
132 switch( md_alg )
133 {
134 #if defined(MBEDTLS_MD5_C) || defined(PSA_WANT_ALG_MD5)
135 case MBEDTLS_MD_MD5:
136 return( PSA_ALG_MD5 );
137 #endif
138 #if defined(MBEDTLS_SHA1_C) || defined(PSA_WANT_ALG_SHA_1)
139 case MBEDTLS_MD_SHA1:
140 return( PSA_ALG_SHA_1 );
141 #endif
142 #if defined(MBEDTLS_SHA224_C) || defined(PSA_WANT_ALG_SHA_224)
143 case MBEDTLS_MD_SHA224:
144 return( PSA_ALG_SHA_224 );
145 #endif
146 #if defined(MBEDTLS_SHA256_C) || defined(PSA_WANT_ALG_SHA_256)
147 case MBEDTLS_MD_SHA256:
148 return( PSA_ALG_SHA_256 );
149 #endif
150 #if defined(MBEDTLS_SHA384_C) || defined(PSA_WANT_ALG_SHA_384)
151 case MBEDTLS_MD_SHA384:
152 return( PSA_ALG_SHA_384 );
153 #endif
154 #if defined(MBEDTLS_SHA512_C) || defined(PSA_WANT_ALG_SHA_512)
155 case MBEDTLS_MD_SHA512:
156 return( PSA_ALG_SHA_512 );
157 #endif
158 #if defined(MBEDTLS_RIPEMD160_C) || defined(PSA_WANT_ALG_RIPEMD160)
159 case MBEDTLS_MD_RIPEMD160:
160 return( PSA_ALG_RIPEMD160 );
161 #endif
162 case MBEDTLS_MD_NONE:
163 return( 0 );
164 default:
165 return( 0 );
166 }
167 }
168
169 /* Translations for ECC. */
170
mbedtls_psa_get_ecc_oid_from_id(psa_ecc_family_t curve,size_t bits,char const ** oid,size_t * oid_len)171 static inline int mbedtls_psa_get_ecc_oid_from_id(
172 psa_ecc_family_t curve, size_t bits,
173 char const **oid, size_t *oid_len )
174 {
175 switch( curve )
176 {
177 case PSA_ECC_FAMILY_SECP_R1:
178 switch( bits )
179 {
180 #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
181 case 192:
182 *oid = MBEDTLS_OID_EC_GRP_SECP192R1;
183 *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP192R1 );
184 return( 0 );
185 #endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
186 #if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
187 case 224:
188 *oid = MBEDTLS_OID_EC_GRP_SECP224R1;
189 *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP224R1 );
190 return( 0 );
191 #endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
192 #if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
193 case 256:
194 *oid = MBEDTLS_OID_EC_GRP_SECP256R1;
195 *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP256R1 );
196 return( 0 );
197 #endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
198 #if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
199 case 384:
200 *oid = MBEDTLS_OID_EC_GRP_SECP384R1;
201 *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP384R1 );
202 return( 0 );
203 #endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
204 #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
205 case 521:
206 *oid = MBEDTLS_OID_EC_GRP_SECP521R1;
207 *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP521R1 );
208 return( 0 );
209 #endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
210 }
211 break;
212 case PSA_ECC_FAMILY_SECP_K1:
213 switch( bits )
214 {
215 #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
216 case 192:
217 *oid = MBEDTLS_OID_EC_GRP_SECP192K1;
218 *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP192K1 );
219 return( 0 );
220 #endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
221 #if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
222 case 224:
223 *oid = MBEDTLS_OID_EC_GRP_SECP224K1;
224 *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP224K1 );
225 return( 0 );
226 #endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
227 #if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
228 case 256:
229 *oid = MBEDTLS_OID_EC_GRP_SECP256K1;
230 *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP256K1 );
231 return( 0 );
232 #endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
233 }
234 break;
235 case PSA_ECC_FAMILY_BRAINPOOL_P_R1:
236 switch( bits )
237 {
238 #if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
239 case 256:
240 *oid = MBEDTLS_OID_EC_GRP_BP256R1;
241 *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_BP256R1 );
242 return( 0 );
243 #endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
244 #if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
245 case 384:
246 *oid = MBEDTLS_OID_EC_GRP_BP384R1;
247 *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_BP384R1 );
248 return( 0 );
249 #endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */
250 #if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
251 case 512:
252 *oid = MBEDTLS_OID_EC_GRP_BP512R1;
253 *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_BP512R1 );
254 return( 0 );
255 #endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
256 }
257 break;
258 }
259 (void) oid;
260 (void) oid_len;
261 return( -1 );
262 }
263
264 #define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH \
265 PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE( PSA_VENDOR_ECC_MAX_CURVE_BITS )
266
267 /* This function transforms an ECC group identifier from
268 * https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8
269 * into a PSA ECC group identifier. */
270 #if defined(MBEDTLS_ECP_C)
mbedtls_psa_parse_tls_ecc_group(uint16_t tls_ecc_grp_reg_id,size_t * bits)271 static inline psa_key_type_t mbedtls_psa_parse_tls_ecc_group(
272 uint16_t tls_ecc_grp_reg_id, size_t *bits )
273 {
274 const mbedtls_ecp_curve_info *curve_info =
275 mbedtls_ecp_curve_info_from_tls_id( tls_ecc_grp_reg_id );
276 if( curve_info == NULL )
277 return( 0 );
278 return( PSA_KEY_TYPE_ECC_KEY_PAIR(
279 mbedtls_ecc_group_to_psa( curve_info->grp_id, bits ) ) );
280 }
281 #endif /* MBEDTLS_ECP_C */
282
283 /* Expose whatever RNG the PSA subsystem uses to applications using the
284 * mbedtls_xxx API. The declarations and definitions here need to be
285 * consistent with the implementation in library/psa_crypto_random_impl.h.
286 * See that file for implementation documentation. */
287
288
289 /* The type of a `f_rng` random generator function that many library functions
290 * take.
291 *
292 * This type name is not part of the Mbed TLS stable API. It may be renamed
293 * or moved without warning.
294 */
295 typedef int mbedtls_f_rng_t( void *p_rng, unsigned char *output, size_t output_size );
296
297 #if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
298
299 /** The random generator function for the PSA subsystem.
300 *
301 * This function is suitable as the `f_rng` random generator function
302 * parameter of many `mbedtls_xxx` functions. Use #MBEDTLS_PSA_RANDOM_STATE
303 * to obtain the \p p_rng parameter.
304 *
305 * The implementation of this function depends on the configuration of the
306 * library.
307 *
308 * \note Depending on the configuration, this may be a function or
309 * a pointer to a function.
310 *
311 * \note This function may only be used if the PSA crypto subsystem is active.
312 * This means that you must call psa_crypto_init() before any call to
313 * this function, and you must not call this function after calling
314 * mbedtls_psa_crypto_free().
315 *
316 * \param p_rng The random generator context. This must be
317 * #MBEDTLS_PSA_RANDOM_STATE. No other state is
318 * supported.
319 * \param output The buffer to fill. It must have room for
320 * \c output_size bytes.
321 * \param output_size The number of bytes to write to \p output.
322 * This function may fail if \p output_size is too
323 * large. It is guaranteed to accept any output size
324 * requested by Mbed TLS library functions. The
325 * maximum request size depends on the library
326 * configuration.
327 *
328 * \return \c 0 on success.
329 * \return An `MBEDTLS_ERR_ENTROPY_xxx`,
330 * `MBEDTLS_ERR_PLATFORM_xxx,
331 * `MBEDTLS_ERR_CTR_DRBG_xxx` or
332 * `MBEDTLS_ERR_HMAC_DRBG_xxx` on error.
333 */
334 int mbedtls_psa_get_random( void *p_rng,
335 unsigned char *output,
336 size_t output_size );
337
338 /** The random generator state for the PSA subsystem.
339 *
340 * This macro expands to an expression which is suitable as the `p_rng`
341 * random generator state parameter of many `mbedtls_xxx` functions.
342 * It must be used in combination with the random generator function
343 * mbedtls_psa_get_random().
344 *
345 * The implementation of this macro depends on the configuration of the
346 * library. Do not make any assumption on its nature.
347 */
348 #define MBEDTLS_PSA_RANDOM_STATE NULL
349
350 #else /* !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) */
351
352 #if defined(MBEDTLS_CTR_DRBG_C)
353 #include "mbedtls/ctr_drbg.h"
354 typedef mbedtls_ctr_drbg_context mbedtls_psa_drbg_context_t;
355 static mbedtls_f_rng_t *const mbedtls_psa_get_random = mbedtls_ctr_drbg_random;
356 #elif defined(MBEDTLS_HMAC_DRBG_C)
357 #include "mbedtls/hmac_drbg.h"
358 typedef mbedtls_hmac_drbg_context mbedtls_psa_drbg_context_t;
359 static mbedtls_f_rng_t *const mbedtls_psa_get_random = mbedtls_hmac_drbg_random;
360 #endif
361 extern mbedtls_psa_drbg_context_t *const mbedtls_psa_random_state;
362
363 #define MBEDTLS_PSA_RANDOM_STATE mbedtls_psa_random_state
364
365 #endif /* !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) */
366
367 #endif /* MBEDTLS_PSA_CRYPTO_C */
368
369 #endif /* MBEDTLS_PSA_UTIL_H */
370
