diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h index e18e823c15e..461eb9afe2c 100644 --- a/include/mbedtls/build_info.h +++ b/include/mbedtls/build_info.h @@ -110,7 +110,7 @@ /* X.509, TLS and non-PSA crypto configuration */ #if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/mbedtls_config.h" +#include "mbedtls/config.h" #else #include MBEDTLS_CONFIG_FILE #endif diff --git a/include/mbedtls/config_adjust_legacy_from_psa.h b/include/mbedtls/config_adjust_legacy_from_psa.h index 48f1bab1ede..fb2066de775 100644 --- a/include/mbedtls/config_adjust_legacy_from_psa.h +++ b/include/mbedtls/config_adjust_legacy_from_psa.h @@ -366,6 +366,32 @@ /* End of ECC section */ +/* MLKEM: key types: enable built-ins as needed. + */ +#if defined(PSA_WANT_KEY_TYPE_MLKEM_KEY_PAIR_GENERATE) +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_MLKEM_KEY_PAIR_GENERATE 1 +#if defined(PSA_WANT_KEY_TYPE_MLKEM_KEY_PAIR_IMPORT) +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_MLKEM_KEY_PAIR_IMPORT 1 +#endif /* PSA_WANT_KEY_TYPE_MLKEM_KEY_PAIR_IMPORT */ +#if defined(PSA_WANT_KEY_TYPE_MLKEM_KEY_PAIR_EXPORT) +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_MLKEM_KEY_PAIR_EXPORT 1 +#endif /* PSA_WANT_KEY_TYPE_MLKEM_KEY_PAIR_EXPORT */ +#endif /* PSA_WANT_KEY_TYPE_MLKEM_KEY_PAIR_GENERATE */ + +#if defined(PSA_WANT_KEY_TYPE_MLKEM_KEY_PAIR_BASIC) +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_MLKEM_KEY_PAIR_BASIC 1 +#endif /* PSA_WANT_KEY_TYPE_MLKEM_KEY_PAIR_BASIC */ + +#if defined(PSA_WANT_KEY_TYPE_MLKEM_KEY_ENCAPSULATE) +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_MLKEM_KEY_ENCAPSULATE 1 +#endif /* PSA_WANT_KEY_TYPE_MLKEM_KEY_ENCAPSULATE */ + +#if defined(PSA_WANT_KEY_TYPE_MLKEM_KEY_DECAPSULATE) +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_MLKEM_KEY_DECAPSULATE 1 +#endif /* PSA_WANT_KEY_TYPE_MLKEM_KEY_DECAPSULATE */ + +/* End of MLKEM section */ + /* * DH key types follow the same pattern used above for EC keys. They are defined * by a triplet (group, key_type, alg). A triplet is accelerated if all its diff --git a/include/mbedtls/config_adjust_psa_from_legacy.h b/include/mbedtls/config_adjust_psa_from_legacy.h index 14ca14696f7..3d76bb646ca 100644 --- a/include/mbedtls/config_adjust_psa_from_legacy.h +++ b/include/mbedtls/config_adjust_psa_from_legacy.h @@ -84,6 +84,23 @@ #define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1 #endif /* MBEDTLS_ECP_C */ +#if defined(MBEDTLS_MLKEM_C) +#define PSA_WANT_KEY_TYPE_MLKEM_KEY_PAIR_BASIC 1 +#define PSA_WANT_KEY_TYPE_MLKEM_KEY_PAIR_IMPORT 1 +#define PSA_WANT_KEY_TYPE_MLKEM_KEY_PAIR_EXPORT 1 +#define PSA_WANT_KEY_TYPE_MLKEM_KEY_PAIR_GENERATE 1 +#define PSA_WANT_KEY_TYPE_MLKEM_KEY_ENCAPSULATE 1 +#define PSA_WANT_KEY_TYPE_MLKEM_KEY_DECAPSULATE 1 +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_MLKEM_KEY_PAIR_BASIC 1 +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_MLKEM_KEY_PAIR_IMPORT 1 +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_MLKEM_KEY_PAIR_EXPORT 1 +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_MLKEM_KEY_PAIR_GENERATE 1 +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_MLKEM_KEY_ENCAPSULATE 1 +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_MLKEM_KEY_DECAPSULATE 1 +// #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_MLKEM_PUBLIC_KEY 1 +// #define PSA_WANT_KEY_TYPE_MLKEM_PUBLIC_KEY 1 +#endif /* MBEDTLS_MLKEM_C */ + #if defined(MBEDTLS_DHM_C) #define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC 1 #define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT 1 diff --git a/include/mbedtls/mlkem.h b/include/mbedtls/mlkem.h new file mode 100644 index 00000000000..df180477f8e --- /dev/null +++ b/include/mbedtls/mlkem.h @@ -0,0 +1,81 @@ +/** + * \file mlkem.h + * + * \brief This file provides an API for Post Quantum Cryptography Module Lattice Keys(MLKEM). + * + */ + +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + +#ifndef MBEDTLS_MLKEM_H +#define MBEDTLS_MLKEM_H +#include "mbedtls/private_access.h" + +#include "mbedtls/build_info.h" +#include "mbedtls/platform_util.h" + +#include "mbedtls/bignum.h" + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct mbedtls_mlkem_data { + uint32_t key_len; + uint32_t * key_data; +} mbedtls_mlkem_data_t; + +/** + * \brief The MLKEM context structure. + */ +typedef struct mbedtls_mlkem_context { + mbedtls_mlkem_data_t decaps_key; /*!< The decapsulated key data */ + mbedtls_mlkem_data_t d; /*!< d seed data. */ + mbedtls_mlkem_data_t z; /*!< z seed data. */ + mbedtls_mlkem_data_t encaps_key; /*!< The encapsulated key data */ +} mbedtls_mlkem_context; + +typedef enum mbedtls_mlkem_bits { + MBEDTLS_MLKEM_512 = 512, + MBEDTLS_MLKEM_768 = 768 +} mbedtls_mlkem_bits_t; + +void mbedtls_mlkem_init(mbedtls_mlkem_context * ctx); + +int mbedtls_mlkem_export_keypair(mbedtls_mlkem_context * ctx, + uint8_t * key_buffer, + size_t * key_buffer_length); + +int mbedtls_mlkem_export_public_key(mbedtls_mlkem_context * ctx, + mbedtls_mlkem_bits_t bits); + +int mbedtls_mlkem_expand_key_pair(mbedtls_mlkem_context *ctx, + mbedtls_mlkem_bits_t bits, + mbedtls_mlkem_data_t *random_d, + mbedtls_mlkem_data_t *random_z, + uint32_t (*f_rng)(uint32_t, uint32_t *)); + +int mbedtls_mlkem_generate_key(mbedtls_mlkem_context * ctx, + mbedtls_mlkem_bits_t bits, + uint32_t (*f_rng)(uint32_t, uint32_t *)); + +int mbedtls_mlkem_encapsulate(mbedtls_mlkem_context * ctx, + mbedtls_mlkem_bits_t bits, + mbedtls_mlkem_data_t * cipher, + mbedtls_mlkem_data_t * shared_key, + uint32_t (*f_rng)(uint32_t, uint32_t *)); + +int mbedtls_mlkem_decapsulate(mbedtls_mlkem_context * ctx, + mbedtls_mlkem_bits_t bits, + mbedtls_mlkem_data_t * cipher, + mbedtls_mlkem_data_t * shared_key, + uint32_t (*f_rng)(uint32_t, uint32_t *)); + +#ifdef __cplusplus +} +#endif + +#endif /* mlkem.h */ \ No newline at end of file diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index b898f1f8d3e..b91a20aacbb 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -21,7 +21,7 @@ * otherwise error codes would be unknown in test_suite_psa_crypto_util.data.*/ #include -#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) || defined(MCUBOOT_USE_PSA_CRYPTO) /** The random generator function for the PSA subsystem. * diff --git a/include/mbedtls/sha3.h b/include/mbedtls/sha3.h index 3eeee65e66b..eb91bdb219a 100644 --- a/include/mbedtls/sha3.h +++ b/include/mbedtls/sha3.h @@ -42,6 +42,9 @@ typedef enum { MBEDTLS_SHA3_512, /*!< SHA3-512 */ } mbedtls_sha3_id; + +#if !defined(MBEDTLS_SHA3_ALT) + /** * \brief The SHA-3 context structure. * @@ -55,6 +58,10 @@ typedef struct { } mbedtls_sha3_context; +#else /* MBEDTLS_SHA3_ALT */ +#include "sha3_alt.h" +#endif /* MBEDTLS_SHA3_ALT */ + /** * \brief This function initializes a SHA-3 context. * diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 2fe9f35ec3c..ac8b4877e55 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -911,7 +911,7 @@ psa_status_t psa_hash_compare(psa_algorithm_t alg, const uint8_t *input, size_t input_length, const uint8_t *hash, - size_t hash_length); + const size_t hash_length); /** The type of the state data structure for multipart hash operations. * @@ -1269,7 +1269,7 @@ psa_status_t psa_mac_verify(mbedtls_svc_key_id_t key, const uint8_t *input, size_t input_length, const uint8_t *mac, - size_t mac_length); + const size_t mac_length); /** The type of the state data structure for multipart MAC operations. * @@ -4339,6 +4339,90 @@ psa_status_t psa_generate_key_ext(const psa_key_attributes_t *attributes, mbedtls_svc_key_id_t *key); #endif /* !__cplusplus */ + +/** \defgroup key_encapsulation Key encapsulation and decapsulation + * @{ + */ + +/** + * \brief Generate an encapsulated key pair + * + * \param[in] key Identifier of the key to use for encapsulation. + * It must allow the usage #PSA_KEY_USAGE_ENCAPSULATE. + * \param[in] alg The encapsulation algorithm to use. + * (\c PSA_ALG_XXX value such that + * #PSA_ALG_IS_KEY_ENCAPSULATION(\p alg) is true + * \param[in] attributes The attributes of the key to be generated. + * \param[out] output_key Identifier of the generated key is to be written. + * \param[out] ciphertext Buffer where the ciphertext is to be written. + * \param ciphertext_size Size of the \p ciphertext buffer in bytes. + * \param[in] ciphertext_length On success, the number of bytes that make up \p ciphertext. + * + * \retval #PSA_SUCCESS \emptydescription + * \retval #PSA_ERROR_ALREADY_EXISTS \emptydescription + * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription + * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_STORAGE \emptydescription + * \retval #PSA_ERROR_DATA_INVALID \emptydescription + * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_encapsulate(psa_key_id_t key, + psa_algorithm_t alg, + const psa_key_attributes_t * attributes, + psa_key_id_t * output_key, + uint8_t * ciphertext, + size_t ciphertext_size, + size_t * ciphertext_length); + +/** + * \brief Decapslulate an encapsulated a shared secret key + * + * + * \param[in] key Identifier of the key to use for decapsulation. + * It must allow the usage #PSA_KEY_USAGE_ENCAPSULATE. + * \param[in] alg The encapsulation algorithm to use. + * (\c PSA_ALG_XXX value such that + * #PSA_ALG_IS_KEY_ENCAPSULATION(\p alg) is true + * \param[in] ciphertext The ciphertext to decapsulate. + * \param ciphertext_len Size of the \p ciphertext buffer in bytes. + * \param[in] attributes The attributes of the key to be generated. + * \param[out] output_key Identifier of the generated key is to be written. + * + * \retval #PSA_SUCCESS \emptydescription + * \retval #PSA_ERROR_ALREADY_EXISTS \emptydescription + * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription + * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_STORAGE \emptydescription + * \retval #PSA_ERROR_DATA_INVALID \emptydescription + * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_decapsulate(psa_key_id_t key, + psa_algorithm_t alg, + const uint8_t * ciphertext, + size_t ciphertext_length, + const psa_key_attributes_t * attributes, + psa_key_id_t * output_key); + /**@}*/ /** \defgroup interruptible_hash Interruptible sign/verify hash diff --git a/include/psa/crypto_accel_driver.h b/include/psa/crypto_accel_driver.h new file mode 100644 index 00000000000..a0f2358affa --- /dev/null +++ b/include/psa/crypto_accel_driver.h @@ -0,0 +1,140 @@ +/** + * \file psa/crypto_accel_driver.h + * \brief PSA cryptography accelerator driver module + * + * This header declares types and function signatures for cryptography + * drivers that access key material directly. This is meant for + * on-chip cryptography accelerators. + * + * This file is part of the PSA Crypto Driver Model, containing functions for + * driver developers to implement to enable hardware to be called in a + * standardized way by a PSA Cryptographic API implementation. The functions + * comprising the driver model, which driver authors implement, are not + * intended to be called by application developers. + */ + +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#ifndef PSA_CRYPTO_ACCEL_DRIVER_H + #define PSA_CRYPTO_ACCEL_DRIVER_H + + #include "crypto_driver_common.h" + #include + + #ifdef __cplusplus +extern "C" { + #endif + +/** Import vendor defined key data into a slot. + * + * `slot->type` must have been set previously. + * This function assumes that the slot does not contain any key material yet. + * On failure, the slot content is unchanged. + * + * Persistent storage is not affected. + * + * \param[in,out] slot The key slot to import data into. + * Its `type` field must have previously been set to + * the desired key type. + * It must not contain any key material yet. + * \param[in] data Buffer containing the key material to parse and import. + * \param data_length Size of \p data in bytes. + * \param write_to_persistent_memory Specify if the imported key needs to be written to persistent memory. + * + * \retval PSA_SUCCESS + * \retval PSA_ERROR_INVALID_ARGUMENT + * \retval PSA_ERROR_NOT_SUPPORTED + * \retval PSA_ERROR_INSUFFICIENT_MEMORY + * \retval Implementation dependent + */ +psa_status_t psa_import_key_into_slot_vendor(const psa_key_attributes_t * attributes, + psa_key_slot_t * slot, + const uint8_t * data, + size_t data_length, + mbedtls_svc_key_id_t * key, + bool write_to_persistent_memory); + +/** + * \brief Generate a vendor defined key or key pair. + * + * \note This function has to be defined by the vendor if MBEDTLS_PSA_CRYPTO_ACCEL_DRV_C + * is defined. Do not use this function directly; + * to generate a key, use psa_generate_key() instead. + * + * \param[in] slot + * \param[in] bits + * \param[in] params + * \param[in] params_data_length + * + * + * \retval #PSA_SUCCESS + * Success. + * If the key is persistent, the key material and the key's metadata + * have been saved to persistent storage. + * + * \retval #PSA_ERROR_NOT_SUPPORTED + * \retval Implementation dependent. + */ +psa_status_t psa_generate_key_vendor (psa_key_slot_t * slot, + size_t bits, + const psa_key_production_parameters_t *params, + size_t params_data_length); + +/** + * \brief Generate symmetric key of vendor defined format. + * + * \warning This function **can** fail! Callers MUST check the return status + * and MUST NOT use the content of the output buffer if the return + * status is not #PSA_SUCCESS. + * + * \note This function has to be defined by the vendor if MBEDTLS_PSA_CRYPTO_ACCEL_DRV_C + * is defined. + * A weakly linked version is provided by default and returns + * PSA_ERROR_NOT_SUPPORTED. Do not use this function directly; + * to generate a key, use psa_generate_key() instead. + * + * \param[in] type Type of symmetric key to be generated. + * \param[out] output Output buffer for the generated data. + * \param[out] output_size Number of bytes to generate and output. + * + * \retval #PSA_SUCCESS + * \retval #PSA_ERROR_NOT_SUPPORTED + * \retval Implementation dependent + */ +psa_status_t psa_generate_symmetric_vendor(psa_key_type_t type, size_t bits, uint8_t * output, size_t output_size); + +/** Finalize the creation of a vendor defined key once its key material has been set. + * + * This entails writing the key to persistent storage. + * + * This function is to be called only by psa_finish_key_creation(). + * + * \param[in,out] slot Pointer to the slot with key material. + * + * \retval #PSA_SUCCESS + * The key was successfully created. The handle is now valid. + * \return If this function fails, the key slot is an invalid state. + */ +psa_status_t psa_finish_key_creation_vendor(psa_key_slot_t * slot); + +/**@}*/ + + #ifdef __cplusplus +} + #endif + +#endif /* PSA_CRYPTO_ACCEL_DRIVER_H */ diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index 70740901e1f..814109502b1 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -32,6 +32,10 @@ extern "C" { #define MBEDTLS_PSA_KEY_SLOT_COUNT 32 #endif + /* Functions to support vendor defined format */ +psa_status_t vendor_bitlength_to_raw_bitlength(psa_key_type_t type, size_t vendor_bits, size_t * raw_bits); +void psa_aead_setup_vendor (void * ctx); + /* If the size of static key slots is not explicitly defined by the user, then * set it to the maximum between PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE and * PSA_CIPHER_MAX_KEY_LENGTH. diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h index 87b8c39fa6d..e49cb960297 100644 --- a/include/psa/crypto_sizes.h +++ b/include/psa/crypto_sizes.h @@ -37,8 +37,8 @@ */ #include "psa/build_info.h" -#define PSA_BITS_TO_BYTES(bits) (((bits) + 7u) / 8u) -#define PSA_BYTES_TO_BITS(bytes) ((bytes) * 8u) +#define PSA_BITS_TO_BYTES(bits) (((bits) + 7U) / 8U) +#define PSA_BYTES_TO_BITS(bytes) ((bytes) * 8U) #define PSA_MAX_OF_THREE(a, b, c) ((a) <= (b) ? (b) <= (c) ? \ (c) : (b) : (a) <= (c) ? (c) : (a)) @@ -59,20 +59,20 @@ */ #define PSA_HASH_LENGTH(alg) \ ( \ - PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD5 ? 16u : \ - PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_RIPEMD160 ? 20u : \ - PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_1 ? 20u : \ - PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_224 ? 28u : \ - PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_256 ? 32u : \ - PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_384 ? 48u : \ - PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512 ? 64u : \ - PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_224 ? 28u : \ - PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_256 ? 32u : \ - PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_224 ? 28u : \ - PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_256 ? 32u : \ - PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_384 ? 48u : \ - PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_512 ? 64u : \ - 0u) + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD5 ? 16U : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_RIPEMD160 ? 20U : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_1 ? 20U : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_224 ? 28U : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_256 ? 32U : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_384 ? 48U : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512 ? 64U : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_224 ? 28U : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_256 ? 32U : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_224 ? 28U : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_256 ? 32U : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_384 ? 48U : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_512 ? 64U : \ + 0U) /** The input block size of a hash algorithm, in bytes. * @@ -91,20 +91,20 @@ */ #define PSA_HASH_BLOCK_LENGTH(alg) \ ( \ - PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD5 ? 64u : \ - PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_RIPEMD160 ? 64u : \ - PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_1 ? 64u : \ - PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_224 ? 64u : \ - PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_256 ? 64u : \ - PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_384 ? 128u : \ - PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512 ? 128u : \ - PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_224 ? 128u : \ - PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_256 ? 128u : \ - PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_224 ? 144u : \ - PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_256 ? 136u : \ - PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_384 ? 104u : \ - PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_512 ? 72u : \ - 0u) + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD5 ? 64U : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_RIPEMD160 ? 64U : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_1 ? 64U : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_224 ? 64U : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_256 ? 64U : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_384 ? 128U : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512 ? 128U : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_224 ? 128U : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_256 ? 128U : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_224 ? 144U : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_256 ? 136U : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_384 ? 104U : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_512 ? 72U : \ + 0U) /** \def PSA_HASH_MAX_SIZE * @@ -119,35 +119,35 @@ /* Note: PSA_HASH_MAX_SIZE should be kept in sync with MBEDTLS_MD_MAX_SIZE, * see the note on MBEDTLS_MD_MAX_SIZE for details. */ #if defined(PSA_WANT_ALG_SHA3_224) -#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 144u +#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 144U #elif defined(PSA_WANT_ALG_SHA3_256) -#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 136u +#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 136U #elif defined(PSA_WANT_ALG_SHA_512) -#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128u +#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128U #elif defined(PSA_WANT_ALG_SHA_384) -#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128u +#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128U #elif defined(PSA_WANT_ALG_SHA3_384) -#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 104u +#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 104U #elif defined(PSA_WANT_ALG_SHA3_512) -#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 72u +#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 72U #elif defined(PSA_WANT_ALG_SHA_256) -#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64u +#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64U #elif defined(PSA_WANT_ALG_SHA_224) -#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64u +#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64U #else /* SHA-1 or smaller */ -#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64u +#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64U #endif #if defined(PSA_WANT_ALG_SHA_512) || defined(PSA_WANT_ALG_SHA3_512) -#define PSA_HASH_MAX_SIZE 64u +#define PSA_HASH_MAX_SIZE 64U #elif defined(PSA_WANT_ALG_SHA_384) || defined(PSA_WANT_ALG_SHA3_384) -#define PSA_HASH_MAX_SIZE 48u +#define PSA_HASH_MAX_SIZE 48U #elif defined(PSA_WANT_ALG_SHA_256) || defined(PSA_WANT_ALG_SHA3_256) -#define PSA_HASH_MAX_SIZE 32u +#define PSA_HASH_MAX_SIZE 32U #elif defined(PSA_WANT_ALG_SHA_224) || defined(PSA_WANT_ALG_SHA3_224) -#define PSA_HASH_MAX_SIZE 28u +#define PSA_HASH_MAX_SIZE 28U #else /* SHA-1 or smaller */ -#define PSA_HASH_MAX_SIZE 20u +#define PSA_HASH_MAX_SIZE 20U #endif /** \def PSA_MAC_MAX_SIZE @@ -188,13 +188,13 @@ #define PSA_AEAD_TAG_LENGTH(key_type, key_bits, alg) \ (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 ? \ PSA_ALG_AEAD_GET_TAG_LENGTH(alg) : \ - ((void) (key_bits), 0u)) + ((void) (key_bits), 0U)) /** The maximum tag size for all supported AEAD algorithms, in bytes. * * See also #PSA_AEAD_TAG_LENGTH(\p key_type, \p key_bits, \p alg). */ -#define PSA_AEAD_TAG_MAX_SIZE 16u +#define PSA_AEAD_TAG_MAX_SIZE 16U /* The maximum size of an RSA key on this implementation, in bits. * This is a vendor-specific macro. @@ -209,7 +209,7 @@ * * Note that an implementation may set different size limits for different * operations, and does not need to accept all key sizes up to the limit. */ -#define PSA_VENDOR_RSA_MAX_KEY_BITS 4096u +#define PSA_VENDOR_RSA_MAX_KEY_BITS 4096U /* The minimum size of an RSA key on this implementation, in bits. * This is a vendor-specific macro. @@ -226,49 +226,49 @@ /* The maximum size of an DH key on this implementation, in bits. * This is a vendor-specific macro.*/ #if defined(PSA_WANT_DH_RFC7919_8192) -#define PSA_VENDOR_FFDH_MAX_KEY_BITS 8192u +#define PSA_VENDOR_FFDH_MAX_KEY_BITS 8192U #elif defined(PSA_WANT_DH_RFC7919_6144) -#define PSA_VENDOR_FFDH_MAX_KEY_BITS 6144u +#define PSA_VENDOR_FFDH_MAX_KEY_BITS 6144U #elif defined(PSA_WANT_DH_RFC7919_4096) -#define PSA_VENDOR_FFDH_MAX_KEY_BITS 4096u +#define PSA_VENDOR_FFDH_MAX_KEY_BITS 4096U #elif defined(PSA_WANT_DH_RFC7919_3072) -#define PSA_VENDOR_FFDH_MAX_KEY_BITS 3072u +#define PSA_VENDOR_FFDH_MAX_KEY_BITS 3072U #elif defined(PSA_WANT_DH_RFC7919_2048) -#define PSA_VENDOR_FFDH_MAX_KEY_BITS 2048u +#define PSA_VENDOR_FFDH_MAX_KEY_BITS 2048U #else -#define PSA_VENDOR_FFDH_MAX_KEY_BITS 0u +#define PSA_VENDOR_FFDH_MAX_KEY_BITS 0U #endif /* The maximum size of an ECC key on this implementation, in bits. * This is a vendor-specific macro. */ #if defined(PSA_WANT_ECC_SECP_R1_521) -#define PSA_VENDOR_ECC_MAX_CURVE_BITS 521u +#define PSA_VENDOR_ECC_MAX_CURVE_BITS 521U #elif defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512) -#define PSA_VENDOR_ECC_MAX_CURVE_BITS 512u +#define PSA_VENDOR_ECC_MAX_CURVE_BITS 512U #elif defined(PSA_WANT_ECC_MONTGOMERY_448) -#define PSA_VENDOR_ECC_MAX_CURVE_BITS 448u +#define PSA_VENDOR_ECC_MAX_CURVE_BITS 448U #elif defined(PSA_WANT_ECC_SECP_R1_384) -#define PSA_VENDOR_ECC_MAX_CURVE_BITS 384u +#define PSA_VENDOR_ECC_MAX_CURVE_BITS 384U #elif defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384) -#define PSA_VENDOR_ECC_MAX_CURVE_BITS 384u +#define PSA_VENDOR_ECC_MAX_CURVE_BITS 384U #elif defined(PSA_WANT_ECC_SECP_R1_256) -#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256u +#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256U #elif defined(PSA_WANT_ECC_SECP_K1_256) -#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256u +#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256U #elif defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) -#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256u +#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256U #elif defined(PSA_WANT_ECC_MONTGOMERY_255) -#define PSA_VENDOR_ECC_MAX_CURVE_BITS 255u +#define PSA_VENDOR_ECC_MAX_CURVE_BITS 255U #elif defined(PSA_WANT_ECC_SECP_R1_224) -#define PSA_VENDOR_ECC_MAX_CURVE_BITS 224u +#define PSA_VENDOR_ECC_MAX_CURVE_BITS 224U #elif defined(PSA_WANT_ECC_SECP_K1_224) -#define PSA_VENDOR_ECC_MAX_CURVE_BITS 224u +#define PSA_VENDOR_ECC_MAX_CURVE_BITS 224U #elif defined(PSA_WANT_ECC_SECP_R1_192) -#define PSA_VENDOR_ECC_MAX_CURVE_BITS 192u +#define PSA_VENDOR_ECC_MAX_CURVE_BITS 192U #elif defined(PSA_WANT_ECC_SECP_K1_192) -#define PSA_VENDOR_ECC_MAX_CURVE_BITS 192u +#define PSA_VENDOR_ECC_MAX_CURVE_BITS 192U #else -#define PSA_VENDOR_ECC_MAX_CURVE_BITS 0u +#define PSA_VENDOR_ECC_MAX_CURVE_BITS 0U #endif /** This macro returns the maximum supported length of the PSK for the @@ -286,23 +286,23 @@ * Therefore, no implementation should define a value smaller than 64 * for #PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE. */ -#define PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE 128u +#define PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE 128U /* The expected size of input passed to psa_tls12_ecjpake_to_pms_input, * which is expected to work with P-256 curve only. */ -#define PSA_TLS12_ECJPAKE_TO_PMS_INPUT_SIZE 65u +#define PSA_TLS12_ECJPAKE_TO_PMS_INPUT_SIZE 65U /* The size of a serialized K.X coordinate to be used in * psa_tls12_ecjpake_to_pms_input. This function only accepts the P-256 * curve. */ -#define PSA_TLS12_ECJPAKE_TO_PMS_DATA_SIZE 32u +#define PSA_TLS12_ECJPAKE_TO_PMS_DATA_SIZE 32U /* The maximum number of iterations for PBKDF2 on this implementation, in bits. * This is a vendor-specific macro. This can be configured if necessary */ #define PSA_VENDOR_PBKDF2_MAX_ITERATIONS 0xffffffffU /** The maximum size of a block cipher. */ -#define PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE 16u +#define PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE 16U /** The size of the output of psa_mac_sign_finish(), in bytes. * @@ -329,7 +329,7 @@ ((alg) & PSA_ALG_MAC_TRUNCATION_MASK ? PSA_MAC_TRUNCATED_LENGTH(alg) : \ PSA_ALG_IS_HMAC(alg) ? PSA_HASH_LENGTH(PSA_ALG_HMAC_GET_HASH(alg)) : \ PSA_ALG_IS_BLOCK_CIPHER_MAC(alg) ? PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \ - ((void) (key_type), (void) (key_bits), 0u)) + ((void) (key_type), (void) (key_bits), 0U)) /** The maximum size of the output of psa_aead_encrypt(), in bytes. * @@ -360,7 +360,7 @@ #define PSA_AEAD_ENCRYPT_OUTPUT_SIZE(key_type, alg, plaintext_length) \ (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 ? \ (plaintext_length) + PSA_ALG_AEAD_GET_TAG_LENGTH(alg) : \ - 0u) + 0U) /** A sufficient output buffer size for psa_aead_encrypt(), for any of the * supported key types and AEAD algorithms. @@ -414,7 +414,7 @@ (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 && \ (ciphertext_length) > PSA_ALG_AEAD_GET_TAG_LENGTH(alg) ? \ (ciphertext_length) - PSA_ALG_AEAD_GET_TAG_LENGTH(alg) : \ - 0u) + 0U) /** A sufficient output buffer size for psa_aead_decrypt(), for any of the * supported key types and AEAD algorithms. @@ -464,12 +464,12 @@ */ #define PSA_AEAD_NONCE_LENGTH(key_type, alg) \ (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) == 16 ? \ - MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_CCM) ? 13u : \ - MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_GCM) ? 12u : \ - 0u : \ + MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_CCM) ? 13U : \ + MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_GCM) ? 12U : \ + 0U : \ (key_type) == PSA_KEY_TYPE_CHACHA20 && \ - MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_CHACHA20_POLY1305) ? 12u : \ - 0u) + MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_CHACHA20_POLY1305) ? 12U : \ + 0U) /** The maximum default nonce size among all supported pairs of key types and * AEAD algorithms, in bytes. @@ -482,7 +482,7 @@ * just the largest size that may be generated by * #psa_aead_generate_nonce(). */ -#define PSA_AEAD_NONCE_MAX_SIZE 13u +#define PSA_AEAD_NONCE_MAX_SIZE 13U /** A sufficient output buffer size for psa_aead_update(). * @@ -519,7 +519,7 @@ PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \ PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), (input_length)) : \ (input_length) : \ - 0u) + 0U) /** A sufficient output buffer size for psa_aead_update(), for any of the * supported key types and AEAD algorithms. @@ -559,7 +559,7 @@ (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 && \ PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \ PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \ - 0u) + 0U) /** A sufficient ciphertext buffer size for psa_aead_finish(), for any of the * supported key types and AEAD algorithms. @@ -604,8 +604,8 @@ #define PSA_RSA_MINIMUM_PADDING_SIZE(alg) \ (PSA_ALG_IS_RSA_OAEP(alg) ? \ - 2u * PSA_HASH_LENGTH(PSA_ALG_RSA_OAEP_GET_HASH(alg)) + 1u : \ - 11u /*PKCS#1v1.5*/) + 2U * PSA_HASH_LENGTH(PSA_ALG_RSA_OAEP_GET_HASH(alg)) + 1U : \ + 11U /*PKCS#1v1.5*/) /** * \brief ECDSA signature size for a given curve bit size @@ -616,7 +616,7 @@ * \note This macro returns a compile-time constant if its argument is one. */ #define PSA_ECDSA_SIGNATURE_SIZE(curve_bits) \ - (PSA_BITS_TO_BYTES(curve_bits) * 2u) + (PSA_BITS_TO_BYTES(curve_bits) * 2U) /** Sufficient signature buffer size for psa_sign_hash(). * @@ -646,7 +646,7 @@ #define PSA_SIGN_OUTPUT_SIZE(key_type, key_bits, alg) \ (PSA_KEY_TYPE_IS_RSA(key_type) ? ((void) alg, PSA_BITS_TO_BYTES(key_bits)) : \ PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_ECDSA_SIGNATURE_SIZE(key_bits) : \ - ((void) alg, 0u)) + ((void) alg, 0U)) #define PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE \ PSA_ECDSA_SIGNATURE_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) @@ -699,7 +699,7 @@ #define PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(key_type, key_bits, alg) \ (PSA_KEY_TYPE_IS_RSA(key_type) ? \ ((void) alg, PSA_BITS_TO_BYTES(key_bits)) : \ - 0u) + 0U) /** A sufficient output buffer size for psa_asymmetric_encrypt(), for any * supported asymmetric encryption. @@ -738,7 +738,7 @@ #define PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(key_type, key_bits, alg) \ (PSA_KEY_TYPE_IS_RSA(key_type) ? \ PSA_BITS_TO_BYTES(key_bits) - PSA_RSA_MINIMUM_PADDING_SIZE(alg) : \ - 0u) + 0U) /** A sufficient output buffer size for psa_asymmetric_decrypt(), for any * supported asymmetric decryption. @@ -761,7 +761,7 @@ * - 0 to 1 bytes of leading 0 due to the sign bit. */ #define PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(bits) \ - ((bits) / 8u + 5u) + ((bits) / 8U + 5U) /* Maximum size of the export encoding of an RSA public key. * Assumes that the public exponent is less than 2^32. @@ -775,7 +775,7 @@ * - 7 bytes for the public exponent. */ #define PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) \ - (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) + 11u) + (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) + 11U) /* Maximum size of the export encoding of an RSA key pair. * Assumes that the public exponent is less than 2^32 and that the size @@ -800,7 +800,7 @@ * - 7 bytes for the public exponent. */ #define PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(key_bits) \ - (9u * PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE((key_bits) / 2u + 1u) + 14u) + (9U * PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE((key_bits) / 2U + 1U) + 14U) /* Maximum size of the export encoding of a DSA public key. * @@ -819,7 +819,7 @@ * - 1 + 1 + 32 bytes for 1 sub-size INTEGER (q <= 256 bits). */ #define PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE(key_bits) \ - (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) * 3u + 59u) + (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) * 3U + 59U) /* Maximum size of the export encoding of a DSA key pair. * @@ -838,7 +838,7 @@ * - 2 * (1 + 1 + 32) bytes for 2 sub-size INTEGERs (q, x <= 256 bits). */ #define PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE(key_bits) \ - (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) * 3u + 75u) + (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) * 3U + 75U) /* Maximum size of the export encoding of an ECC public key. * @@ -851,7 +851,7 @@ * - 1 byte + 2 * point size. */ #define PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) \ - (2u * PSA_BITS_TO_BYTES(key_bits) + 1u) + (2U * PSA_BITS_TO_BYTES(key_bits) + 1U) /* Maximum size of the export encoding of an ECC key pair. * @@ -872,6 +872,46 @@ #define PSA_KEY_EXPORT_FFDH_PUBLIC_KEY_MAX_SIZE(key_bits) \ (PSA_BITS_TO_BYTES(key_bits)) +#define PSA_KEY_BITS_ML_KEM_512 512U +#define PSA_KEY_BITS_ML_KEM_768 768U + +#define PSA_ML_KEM_512_ENC_KEY_SIZE 800U +#define PSA_ML_KEM_512_DEC_KEY_SIZE 1632U +#define PSA_ML_KEM_768_ENC_KEY_SIZE 1184U +#define PSA_ML_KEM_768_DEC_KEY_SIZE 2400U + +#define PSA_ML_KEM_SEED_SIZE 32U + +/* Maximum size of the ML-KEM Encap Key. + */ +#define PSA_KEY_EXPORT_ML_KEM_PUBLIC_KEY_MAX_SIZE(key_bits) \ + ((key_bits) == PSA_KEY_BITS_ML_KEM_512 ? PSA_ML_KEM_512_ENC_KEY_SIZE : \ + (key_bits) == PSA_KEY_BITS_ML_KEM_768 ? PSA_ML_KEM_768_ENC_KEY_SIZE : 0U) + +/* Maximum size of the ML-KEM Decap Key. + */ +#define PSA_KEY_EXPORT_ML_KEM_PRIVATE_KEY_SIZE(key_bits) \ + ((key_bits) == PSA_KEY_BITS_ML_KEM_512 ? PSA_ML_KEM_512_DEC_KEY_SIZE : \ + (key_bits) == PSA_KEY_BITS_ML_KEM_768 ? PSA_ML_KEM_768_DEC_KEY_SIZE : 0U) + +/* Maximum size of the generation encoding of an ML-KEM key pair. + */ +#define PSA_KEY_GEN_ML_KEM_KEY_PAIR_MAX_SIZE(key_bits) \ + (PSA_KEY_EXPORT_ML_KEM_PRIVATE_KEY_SIZE(key_bits) + (2 * PSA_ML_KEM_SEED_SIZE)) + +/* Maximum size of the export encoding of an ML-KEM key pair. + */ +#define PSA_KEY_EXPORT_ML_KEM_KEY_PAIR_MAX_SIZE (2 * PSA_ML_KEM_SEED_SIZE) + +#define PSA_ML_KEM_512_CIPHERTEXT_SIZE 768U +#define PSA_ML_KEM_768_CIPHERTEXT_SIZE 1088U + +#define PSA_ML_KEM_CIPHERTEXT_SIZE(key_bits) \ + ((key_bits) == PSA_KEY_BITS_ML_KEM_512 ? PSA_ML_KEM_512_CIPHERTEXT_SIZE : \ + (key_bits) == PSA_KEY_BITS_ML_KEM_768 ? PSA_ML_KEM_768_CIPHERTEXT_SIZE : 0U) + +#define PSA_ML_KEM_SHARED_SECRET_SIZE 32U + /** Sufficient output buffer size for psa_export_key() or * psa_export_public_key(). * @@ -914,13 +954,15 @@ #define PSA_EXPORT_KEY_OUTPUT_SIZE(key_type, key_bits) \ (PSA_KEY_TYPE_IS_UNSTRUCTURED(key_type) ? PSA_BITS_TO_BYTES(key_bits) : \ PSA_KEY_TYPE_IS_DH(key_type) ? PSA_BITS_TO_BYTES(key_bits) : \ - (key_type) == PSA_KEY_TYPE_RSA_KEY_PAIR ? PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(key_bits) : \ + PSA_KEY_TYPE_IS_RSA_KEY_PAIR (key_type) ? PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(key_bits) : \ (key_type) == PSA_KEY_TYPE_RSA_PUBLIC_KEY ? PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \ (key_type) == PSA_KEY_TYPE_DSA_KEY_PAIR ? PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE(key_bits) : \ (key_type) == PSA_KEY_TYPE_DSA_PUBLIC_KEY ? PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \ PSA_KEY_TYPE_IS_ECC_KEY_PAIR(key_type) ? PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(key_bits) : \ PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) : \ - 0u) + (key_type) == PSA_KEY_TYPE_ML_KEM_PUBLIC_KEY ? PSA_KEY_EXPORT_ML_KEM_PUBLIC_KEY_MAX_SIZE(key_bits) : \ + PSA_KEY_TYPE_IS_ML_KEM(key_type) ? PSA_KEY_GEN_ML_KEM_KEY_PAIR_MAX_SIZE(key_bits) : \ + 0U) /** Sufficient output buffer size for psa_export_public_key(). * @@ -970,8 +1012,9 @@ #define PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(key_type, key_bits) \ (PSA_KEY_TYPE_IS_RSA(key_type) ? PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \ PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) : \ + PSA_KEY_TYPE_IS_ML_KEM(key_type) ? PSA_KEY_EXPORT_ML_KEM_PUBLIC_KEY_MAX_SIZE(key_bits) : \ PSA_KEY_TYPE_IS_DH(key_type) ? PSA_BITS_TO_BYTES(key_bits) : \ - 0u) + 0U) /** Sufficient buffer size for exporting any asymmetric key pair. * @@ -1067,7 +1110,7 @@ */ #define PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(key_type, key_bits) \ ((PSA_KEY_TYPE_IS_ECC_KEY_PAIR(key_type) || \ - PSA_KEY_TYPE_IS_DH_KEY_PAIR(key_type)) ? PSA_BITS_TO_BYTES(key_bits) : 0u) + PSA_KEY_TYPE_IS_DH_KEY_PAIR(key_type)) ? PSA_BITS_TO_BYTES(key_bits) : 0U) /** Maximum size of the output from psa_raw_key_agreement(). * @@ -1143,15 +1186,15 @@ (alg) == PSA_ALG_CBC_NO_PADDING || \ (alg) == PSA_ALG_CBC_PKCS7) ? PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \ (key_type) == PSA_KEY_TYPE_CHACHA20 && \ - (alg) == PSA_ALG_STREAM_CIPHER ? 12u : \ - (alg) == PSA_ALG_CCM_STAR_NO_TAG ? 13u : \ - 0u) + (alg) == PSA_ALG_STREAM_CIPHER ? 12U : \ + (alg) == PSA_ALG_CCM_STAR_NO_TAG ? 13U : \ + 0U) /** The maximum IV size for all supported cipher algorithms, in bytes. * * See also #PSA_CIPHER_IV_LENGTH(). */ -#define PSA_CIPHER_IV_MAX_SIZE 16u +#define PSA_CIPHER_IV_MAX_SIZE 16U /** The maximum size of the output of psa_cipher_encrypt(), in bytes. * @@ -1180,11 +1223,11 @@ (alg == PSA_ALG_CBC_PKCS7 ? \ (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) != 0 ? \ PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), \ - (input_length) + 1u) + \ - PSA_CIPHER_IV_LENGTH((key_type), (alg)) : 0u) : \ + (input_length) + 1U) + \ + PSA_CIPHER_IV_LENGTH((key_type), (alg)) : 0U) : \ (PSA_ALG_IS_CIPHER(alg) ? \ (input_length) + PSA_CIPHER_IV_LENGTH((key_type), (alg)) : \ - 0u)) + 0U)) /** A sufficient output buffer size for psa_cipher_encrypt(), for any of the * supported key types and cipher algorithms. @@ -1199,7 +1242,7 @@ */ #define PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE(input_length) \ (PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, \ - (input_length) + 1u) + \ + (input_length) + 1U) + \ PSA_CIPHER_IV_MAX_SIZE) /** The maximum size of the output of psa_cipher_decrypt(), in bytes. @@ -1225,7 +1268,7 @@ (PSA_ALG_IS_CIPHER(alg) && \ ((key_type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_SYMMETRIC ? \ (input_length) : \ - 0u) + 0U) /** A sufficient output buffer size for psa_cipher_decrypt(), for any of the * supported key types and cipher algorithms. @@ -1266,8 +1309,8 @@ (alg) == PSA_ALG_ECB_NO_PADDING) ? \ PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), \ input_length) : \ - (input_length)) : 0u) : \ - 0u) + (input_length)) : 0U) : \ + 0U) /** A sufficient output buffer size for psa_cipher_update(), for any of the * supported key types and cipher algorithms. @@ -1303,8 +1346,8 @@ (PSA_ALG_IS_CIPHER(alg) ? \ (alg == PSA_ALG_CBC_PKCS7 ? \ PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \ - 0u) : \ - 0u) + 0U) : \ + 0U) /** A sufficient ciphertext buffer size for psa_cipher_finish(), for any of the * supported key types and cipher algorithms. diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 1d678dbfc29..b1399868d94 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -498,6 +498,10 @@ */ #define PSA_KEY_TYPE_AES ((psa_key_type_t) 0x2400) +/** Whether a key type is AES; plaintext or wrapped. */ +#define PSA_KEY_TYPE_IS_AES(type) ((((type) == PSA_KEY_TYPE_AES) != 0) || \ + (((type) == (PSA_KEY_TYPE_VENDOR_FLAG | PSA_KEY_TYPE_AES)) != 0)) + /** Key for a cipher, AEAD or MAC algorithm based on the * ARIA block cipher. */ #define PSA_KEY_TYPE_ARIA ((psa_key_type_t) 0x2406) @@ -539,10 +543,17 @@ * * The size of an RSA key is the bit size of the modulus. */ -#define PSA_KEY_TYPE_RSA_KEY_PAIR ((psa_key_type_t) 0x7001) +#define PSA_KEY_TYPE_RSA_KEY_PAIR ((psa_key_type_t)0x7001) + +/** Whether a key type is an RSA key pair; standard or vendor. */ +#define PSA_KEY_TYPE_IS_RSA_KEY_PAIR(type) \ + ((type == PSA_KEY_TYPE_RSA_KEY_PAIR) || \ + (type == (PSA_KEY_TYPE_RSA_KEY_PAIR | PSA_KEY_TYPE_VENDOR_FLAG))) + /** Whether a key type is an RSA key (pair or public-only). */ #define PSA_KEY_TYPE_IS_RSA(type) \ - (PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) == PSA_KEY_TYPE_RSA_PUBLIC_KEY) + ((PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) == PSA_KEY_TYPE_RSA_PUBLIC_KEY) || \ + (PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) == (PSA_KEY_TYPE_RSA_PUBLIC_KEY | PSA_KEY_TYPE_VENDOR_FLAG))) #define PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE ((psa_key_type_t) 0x4100) #define PSA_KEY_TYPE_ECC_KEY_PAIR_BASE ((psa_key_type_t) 0x7100) @@ -572,16 +583,22 @@ /** Whether a key type is an elliptic curve key (pair or public-only). */ #define PSA_KEY_TYPE_IS_ECC(type) \ - ((PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) & \ - ~PSA_KEY_TYPE_ECC_CURVE_MASK) == PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE) + (((PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) & \ + ~PSA_KEY_TYPE_ECC_CURVE_MASK) == PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE) || \ + ((PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) & \ + ~PSA_KEY_TYPE_ECC_CURVE_MASK) == (PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE | PSA_KEY_TYPE_VENDOR_FLAG))) /** Whether a key type is an elliptic curve key pair. */ #define PSA_KEY_TYPE_IS_ECC_KEY_PAIR(type) \ - (((type) & ~PSA_KEY_TYPE_ECC_CURVE_MASK) == \ - PSA_KEY_TYPE_ECC_KEY_PAIR_BASE) + ((((type) & ~PSA_KEY_TYPE_ECC_CURVE_MASK) == \ + PSA_KEY_TYPE_ECC_KEY_PAIR_BASE) || \ + (((type) & ~PSA_KEY_TYPE_ECC_CURVE_MASK) == \ + (PSA_KEY_TYPE_ECC_KEY_PAIR_BASE | PSA_KEY_TYPE_VENDOR_FLAG))) /** Whether a key type is an elliptic curve public key. */ #define PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(type) \ - (((type) & ~PSA_KEY_TYPE_ECC_CURVE_MASK) == \ - PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE) + ((((type) & ~PSA_KEY_TYPE_ECC_CURVE_MASK) == \ + PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE) || \ + (((type) & ~PSA_KEY_TYPE_ECC_CURVE_MASK) == \ + (PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE | PSA_KEY_TYPE_VENDOR_FLAG))) /** Extract the curve from an elliptic curve key type. */ #define PSA_KEY_TYPE_ECC_GET_FAMILY(type) \ @@ -733,6 +750,58 @@ ((type) & PSA_KEY_TYPE_DH_GROUP_MASK) : \ 0)) +/** ML-KEM key pair. + * + */ +#define PSA_KEY_TYPE_ML_KEM_KEY_PAIR ((psa_key_type_t)0x7004) + +#define PSA_KEY_TYPE_ML_KEM_PUBLIC_KEY ((psa_key_type_t)0x4004) + +#define PSA_KEY_TYPE_IS_ML_KEM(type) \ + (PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) == PSA_KEY_TYPE_ML_KEM_PUBLIC_KEY) + +/** The ML-KEM algorithm. + * + */ +#define PSA_ALG_ML_KEM ((psa_algorithm_t) 0x0c000200) + +#define PSA_ALG_IS_ML_KEM(alg) \ + (((alg) & ~0x00000100) == 0x0c000200) + +/** Whether the specified algorithm is an encapsulation algorithm that can be used + * with psa_encapsulate() and psa_decapsulate(). + * + * \param alg An algorithm identifier (value of type #psa_algorithm_t). + * + * \return 1 if alg is an encapsulation algorithm that can be used + * to encapsulate and decapsulate. 0 if \p alg is not + * an encapsulation algorithm. This macro can return either 0 or 1 + * if \p alg is not a supported algorithm identifier. + */ +#define PSA_ALG_IS_KEY_ENCAPSULATION(alg) \ + PSA_ALG_IS_ML_KEM(alg) + +/** ML-DSA key pair. + * + */ +#define PSA_KEY_TYPE_MLDSA_KEY_PAIR ((psa_key_type_t)0x7002) + +#define PSA_KEY_TYPE_MLDSA_PUBLIC_KEY ((psa_key_type_t)0x4002) + +#define PSA_KEY_TYPE_IS_MLDSA(type) \ + (PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) == PSA_KEY_TYPE_MLDSA_PUBLIC_KEY) + +/** The ML-DSA algorithm. + * + */ +#define PSA_ALG_MLDSA ((psa_algorithm_t) 0x06004400) + +#define PSA_ALG_IS_MLDSA(alg) \ + (((alg) & ~0x00000100) == 0x06004400) + +#define PSA_ALG_IS_HASH_MLDSA(alg) \ + (((alg) & ~0x000001ff) == 0x06004600) + /** Diffie-Hellman groups defined in RFC 7919 Appendix A. * * This family includes groups with the following key sizes (in bits): @@ -1686,7 +1755,7 @@ #define PSA_ALG_IS_SIGN_HASH(alg) \ (PSA_ALG_IS_RSA_PSS(alg) || PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) || \ PSA_ALG_IS_ECDSA(alg) || PSA_ALG_IS_HASH_EDDSA(alg) || \ - PSA_ALG_IS_VENDOR_HASH_AND_SIGN(alg)) + PSA_ALG_IS_HASH_MLDSA(alg) || PSA_ALG_IS_VENDOR_HASH_AND_SIGN(alg)) /** Whether the specified algorithm is a signature algorithm that can be used * with psa_sign_message() and psa_verify_message(). @@ -2321,6 +2390,11 @@ */ #define PSA_KEY_LIFETIME_PERSISTENT ((psa_key_lifetime_t) 0x00000001) +#define PSA_KEY_LIFETIME_IS_PERSISTENT(lifetime) \ + (((lifetime) & PSA_KEY_LIFETIME_PERSISTENT) != 0) + +#define PSA_KEY_LIFETIME_VENDOR_FLAG ((psa_key_lifetime_t)0x80000000) + /** The persistence level of volatile keys. * * See ::psa_key_persistence_t for more information. @@ -2652,6 +2726,28 @@ static inline int mbedtls_svc_key_id_is_null(mbedtls_svc_key_id_t key) */ #define PSA_KEY_USAGE_VERIFY_DERIVATION ((psa_key_usage_t) 0x00008000) +/** Whether the key may be used to encapsulate a key. + * + * This flag allows the key to be used in a key encapsulation operation, if + * otherwise permitted by the key's type and policy. + * + * If this flag is present on all keys used in calls to + * psa_generate_key() for a key generation operation, then it + * permits calling psa_encapsulate() + */ +#define PSA_KEY_USAGE_ENCAPSULATE ((psa_key_usage_t) 0x00010000) + +/** Whether the key may be used to decapsulate a key. + * + * This flag allows the key to be used in a key decapsulation operation, if + * otherwise permitted by the key's type and policy. + * + * If this flag is present on all keys used in calls to + * psa_generate_key() for a key generation operation, then it + * permits calling psa_decapsulate() + */ +#define PSA_KEY_USAGE_DECAPSULATE ((psa_key_usage_t) 0x00020000) + /**@}*/ /** \defgroup derivation Key derivation diff --git a/library/cipher.c b/library/cipher.c index 2ae01dd84d5..ef23468cacf 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -11,7 +11,7 @@ #include "common.h" -#if defined(MBEDTLS_CIPHER_C) +#if defined(MBEDTLS_CIPHER_C) && !defined(MBEDTLS_CIPHER_ALT) #include "mbedtls/cipher.h" #include "cipher_invasive.h" diff --git a/library/constant_time.c b/library/constant_time.c index d212ddfd810..539fb215ab3 100644 --- a/library/constant_time.c +++ b/library/constant_time.c @@ -146,7 +146,7 @@ int mbedtls_ct_memcmp_partial(const void *a, #endif -#if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT) +#if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) void mbedtls_ct_memmove_left(void *start, size_t total, size_t offset) { @@ -227,7 +227,7 @@ void mbedtls_ct_memcpy_offset(unsigned char *dest, } } -#if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT) +#if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) void mbedtls_ct_zeroize_if(mbedtls_ct_condition_t condition, void *buf, size_t len) { diff --git a/library/constant_time_internal.h b/library/constant_time_internal.h index 61a5c6d4e95..f7957a613ef 100644 --- a/library/constant_time_internal.h +++ b/library/constant_time_internal.h @@ -433,7 +433,7 @@ static inline int mbedtls_ct_error_if_else_0(mbedtls_ct_condition_t condition, i * Block memory operations */ -#if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT) +#if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) /** Conditionally set a block of memory to zero. * diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c index b82044eb7d2..977e663f989 100644 --- a/library/ctr_drbg.c +++ b/library/ctr_drbg.c @@ -12,7 +12,7 @@ #include "common.h" -#if defined(MBEDTLS_CTR_DRBG_C) +#if !defined(MBEDTLS_CTR_DRBG_C_ALT) #include "ctr.h" #include "mbedtls/ctr_drbg.h" diff --git a/library/ecdh.c b/library/ecdh.c index b276c6adadf..24ecfcd8f43 100644 --- a/library/ecdh.c +++ b/library/ecdh.c @@ -22,6 +22,14 @@ #include +#if !defined(MBEDTLS_ECDH_ALT) + +/* Parameter validation macros based on platform_util.h */ +#define ECDH_VALIDATE_RET( cond ) \ + MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_ECP_BAD_INPUT_DATA ) +#define ECDH_VALIDATE( cond ) \ + MBEDTLS_INTERNAL_VALIDATE( cond ) + #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) typedef mbedtls_ecdh_context mbedtls_ecdh_context_mbed; #endif @@ -691,4 +699,6 @@ int mbedtls_ecdh_calc_secret(mbedtls_ecdh_context *ctx, size_t *olen, } #endif } + +#endif /* !MBEDTLS_ECDH_ALT */ #endif /* MBEDTLS_ECDH_C */ diff --git a/library/entropy.c b/library/entropy.c index 7dcf067a526..5cfdbdb567b 100644 --- a/library/entropy.c +++ b/library/entropy.c @@ -20,7 +20,14 @@ #include #endif +#if defined(MBEDTLS_ENTROPY_NV_SEED) || defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" +#endif + +#if defined(MBEDTLS_SELF_TEST) && !defined(MBEDTLS_PLATFORM_C) +#include +#define mbedtls_printf printf +#endif /* MBEDTLS_SELF_TEST */ #define ENTROPY_MAX_LOOP 256 /**< Maximum amount to loop before error */ diff --git a/library/platform_util.c b/library/platform_util.c index 19ef07aead7..2d9c731d91d 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -88,7 +88,7 @@ #if !defined(MBEDTLS_PLATFORM_HAS_EXPLICIT_BZERO) && !(defined(__STDC_LIB_EXT1__) && \ !defined(__IAR_SYSTEMS_ICC__)) \ && !defined(_WIN32) -static void *(*const volatile memset_func)(void *, int, size_t) = memset; +void *(*const volatile memset_func)(void *, int, size_t) = memset; #endif void mbedtls_platform_zeroize(void *buf, size_t len) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 9c28609d7e9..5dd78086576 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -27,6 +27,7 @@ #include "psa_crypto_ffdh.h" #include "psa_crypto_hash.h" #include "psa_crypto_mac.h" +#include "psa_crypto_mlkem.h" #include "psa_crypto_rsa.h" #include "psa_crypto_ecp.h" #if defined(MBEDTLS_PSA_CRYPTO_SE_C) @@ -61,6 +62,7 @@ #include "mbedtls/error.h" #include "mbedtls/gcm.h" #include "mbedtls/md5.h" +#include "mbedtls/mlkem.h" #include "mbedtls/pk.h" #include "pk_wrap.h" #include "mbedtls/platform_util.h" @@ -73,6 +75,11 @@ #include "mbedtls/psa_util.h" #include "mbedtls/threading.h" +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) +#include "tfm_crypto_defs.h" +#include "tfm_builtin_key_loader.h" +#endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */ + #if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND) @@ -806,6 +813,17 @@ psa_status_t psa_import_key_into_slot( #endif /* (defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) && defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT)) || * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */ +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_MLKEM_KEY_PAIR_IMPORT) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_MLKEM_PUBLIC_KEY) + if (PSA_KEY_TYPE_IS_ML_KEM(type)) { + return mbedtls_psa_mlkem_import_key(attributes, + data, data_length, + key_buffer, key_buffer_size, + key_buffer_length, + bits); + } +#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_IMPORT) || + * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) */ } return PSA_ERROR_NOT_SUPPORTED; @@ -1172,7 +1190,12 @@ static psa_status_t psa_get_and_lock_transparent_key_slot_with_policy( return status; } - if (psa_key_lifetime_is_external((*p_slot)->attr.lifetime)) { + if( psa_key_lifetime_is_external( (*p_slot)->attr.lifetime ) +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) + && PSA_KEY_LIFETIME_GET_LOCATION((*p_slot)->attr.lifetime) != TFM_BUILTIN_KEY_LOADER_KEY_LOCATION +#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */ + ) + { psa_unregister_read_under_mutex(*p_slot); *p_slot = NULL; return PSA_ERROR_NOT_SUPPORTED; @@ -1463,7 +1486,7 @@ psa_status_t psa_get_key_slot_number( } #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ -static psa_status_t psa_export_key_buffer_internal(const uint8_t *key_buffer, +psa_status_t psa_export_key_buffer_internal(const uint8_t *key_buffer, size_t key_buffer_size, uint8_t *data, size_t data_size, @@ -1489,10 +1512,28 @@ psa_status_t psa_export_key_internal( if (key_type_is_raw_bytes(type) || PSA_KEY_TYPE_IS_RSA(type) || PSA_KEY_TYPE_IS_ECC(type) || - PSA_KEY_TYPE_IS_DH(type)) { + PSA_KEY_TYPE_IS_DH(type) || + PSA_KEY_TYPE_IS_ML_KEM(type)) { return psa_export_key_buffer_internal( key_buffer, key_buffer_size, data, data_size, data_length); + } else if (PSA_KEY_TYPE_IS_ML_KEM(type)) { +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_MLKEM_KEY_PAIR_EXPORT) + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + mbedtls_mlkem_context *mlkem = NULL; + + status = mbedtls_psa_mlkem_load_representation( + attributes->type, attributes->bits, + key_buffer, key_buffer_size, &mlkem); + if (status != PSA_SUCCESS) { + return status; + } + + return mbedtls_psa_mlkem_export_key(attributes->type, attributes->bits, mlkem, data, data_size, data_length); +#else + /* We don't know how to export a MLKEM key. */ + return PSA_ERROR_NOT_SUPPORTED; +#endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_MLKEM_KEY_PAIR_EXPORT */ } else { /* This shouldn't happen in the reference implementation, but it is valid for a special-purpose implementation to omit @@ -1561,7 +1602,7 @@ psa_status_t psa_export_public_key_internal( if (PSA_KEY_TYPE_IS_PUBLIC_KEY(type) && (PSA_KEY_TYPE_IS_RSA(type) || PSA_KEY_TYPE_IS_ECC(type) || - PSA_KEY_TYPE_IS_DH(type))) { + PSA_KEY_TYPE_IS_DH(type) || PSA_KEY_TYPE_IS_ML_KEM(type))) { /* Exporting public -> public */ return psa_export_key_buffer_internal( key_buffer, key_buffer_size, @@ -1606,6 +1647,19 @@ psa_status_t psa_export_public_key_internal( return PSA_ERROR_NOT_SUPPORTED; #endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_EXPORT) || * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY) */ + } else if (PSA_KEY_TYPE_IS_ML_KEM(type)) { +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_MLKEM_KEY_PAIR_EXPORT) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_MLKEM_PUBLIC_KEY) + return mbedtls_psa_mlkem_export_public_key(attributes, + key_buffer, + key_buffer_size, + data, data_size, + data_length); +#else + /* We don't know how to convert a private MLKEM key to public */ + return PSA_ERROR_NOT_SUPPORTED; +#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_MLKEM_KEY_PAIR_EXPORT) || + * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_MLKEM_PUBLIC_KEY) */ } else { (void) key_buffer; (void) key_buffer_size; @@ -1681,7 +1735,9 @@ static psa_status_t psa_validate_key_policy(const psa_key_policy_t *policy) PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_DERIVATION | - PSA_KEY_USAGE_DERIVE)) != 0) { + PSA_KEY_USAGE_DERIVE | + PSA_KEY_USAGE_ENCAPSULATE | + PSA_KEY_USAGE_DECAPSULATE)) != 0) { return PSA_ERROR_INVALID_ARGUMENT; } @@ -1911,7 +1967,7 @@ static psa_status_t psa_start_key_creation( * \return If this function fails, the key slot is an invalid state. * You must call psa_fail_key_creation() to wipe and free the slot. */ -static psa_status_t psa_finish_key_creation( +psa_status_t psa_finish_key_creation( psa_key_slot_t *slot, psa_se_drv_table_entry_t *driver, mbedtls_svc_key_id_t *key) @@ -1943,6 +1999,13 @@ static psa_status_t psa_finish_key_creation( sizeof(data)); } else #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ +#if defined (MBEDTLS_PSA_CRYPTO_ACCEL_DRV_C) + if (PSA_KEY_TYPE_IS_VENDOR_DEFINED(slot->attr.type)) + { + status = psa_finish_key_creation_vendor( slot ); + } + else +#endif /* MBEDTLS_PSA_CRYPTO_ACCEL_DRV_C */ { /* Key material is saved in export representation in the slot, so * just pass the slot buffer for storage. */ @@ -2105,6 +2168,14 @@ psa_status_t psa_import_key(const psa_key_attributes_t *attributes, goto exit; } +#if defined (MBEDTLS_PSA_CRYPTO_ACCEL_DRV_C) + if (PSA_KEY_TYPE_IS_VENDOR_DEFINED(slot->attr.type)) + { + status = psa_import_key_into_slot_vendor( attributes, slot, data, data_length, key, true ); + goto exit; + } +#endif /* MBEDTLS_PSA_CRYPTO_ACCEL_DRV_C */ + /* In the case of a transparent key or an opaque key stored in local * storage ( thus not in the case of importing a key in a secure element * with storage ( MBEDTLS_PSA_CRYPTO_SE_C ) ),we have to allocate a @@ -3310,7 +3381,7 @@ psa_status_t psa_sign_hash_builtin( psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, uint8_t *signature, size_t signature_size, size_t *signature_length) { - if (attributes->type == PSA_KEY_TYPE_RSA_KEY_PAIR) { + if( PSA_KEY_TYPE_IS_RSA_KEY_PAIR(attributes->type) ) { if (PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) || PSA_ALG_IS_RSA_PSS(alg)) { #if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ @@ -8105,6 +8176,14 @@ static psa_status_t psa_validate_key_type_and_size_for_key_generation( } else #endif /* defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE) */ +#if defined(PSA_WANT_KEY_TYPE_MLKEM_KEY_PAIR_GENERATE) + if (PSA_KEY_TYPE_IS_ML_KEM(type) && PSA_KEY_TYPE_IS_KEY_PAIR(type)) { + /* To avoid empty block, return successfully here. */ + // REVISIT: KF do we want logic here? + return PSA_SUCCESS; + } else +#endif /* defined(PSA_WANT_KEY_TYPE_MLKEM_KEY_PAIR_GENERATE) */ + #if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE) if (PSA_KEY_TYPE_IS_DH(type) && PSA_KEY_TYPE_IS_KEY_PAIR(type)) { if (psa_is_dh_key_size_valid(bits) == 0) { @@ -8166,6 +8245,15 @@ psa_status_t psa_generate_key_internal( } else #endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_GENERATE) */ +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_MLKEM_KEY_PAIR_GENERATE) + if (PSA_KEY_TYPE_IS_ML_KEM(type) && PSA_KEY_TYPE_IS_KEY_PAIR(type)) { + return mbedtls_psa_mlkem_generate_key(attributes->bits, + key_buffer, + key_buffer_size, + key_buffer_length); + } else +#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_MLKEM_KEY_PAIR_GENERATE) */ + #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_GENERATE) if (PSA_KEY_TYPE_IS_DH(type) && PSA_KEY_TYPE_IS_KEY_PAIR(type)) { return mbedtls_psa_ffdh_generate_key(attributes, @@ -8223,6 +8311,15 @@ psa_status_t psa_generate_key_custom(const psa_key_attributes_t *attributes, goto exit; } +#if defined(MBEDTLS_PSA_CRYPTO_ACCEL_DRV_C) + if (PSA_KEY_TYPE_IS_VENDOR_DEFINED(slot->attr.type)) + { + status = psa_generate_key_vendor(slot, attributes->bits, + (const psa_key_production_parameters_t *)custom, custom_data_length); + goto exit; + } +#endif /* MBEDTLS_PSA_CRYPTO_ACCEL_DRV_C */ + /* In the case of a transparent key or an opaque key stored in local * storage ( thus not in the case of generating a key in a secure element * with storage ( MBEDTLS_PSA_CRYPTO_SE_C ) ),we have to allocate a @@ -8294,7 +8391,151 @@ psa_status_t psa_generate_key(const psa_key_attributes_t *attributes, key); } +psa_status_t psa_encapsulate(psa_key_id_t key, + psa_algorithm_t alg, + const psa_key_attributes_t * attributes, + psa_key_id_t * output_key, + uint8_t * ciphertext, + size_t ciphertext_size, + size_t * ciphertext_length) +{ + psa_status_t status = PSA_ERROR_NOT_SUPPORTED; + psa_key_slot_t *slot = NULL; + psa_key_usage_t usage = PSA_KEY_USAGE_ENCAPSULATE; + psa_key_slot_t *output_slot = NULL; + psa_se_drv_table_entry_t *output_driver = NULL; + size_t output_key_buffer_size = PSA_ML_KEM_SHARED_SECRET_SIZE; + + if (!PSA_ALG_IS_KEY_ENCAPSULATION(alg)) { + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; + } + + /* Look up the slot for the private key */ + status = psa_get_and_lock_key_slot_with_policy(key, &slot, usage, alg); + if (status != PSA_SUCCESS) { + goto exit; + } + + /* Set up a key slot for the new secret */ + *output_key = MBEDTLS_SVC_KEY_ID_INIT; + + /* Reject any attempt to create a zero-length key so that we don't + * risk tripping up later, e.g. on a malloc(0) that returns NULL. */ + if (psa_get_key_bits(attributes) == 0) { + return PSA_ERROR_INVALID_ARGUMENT; + } + status = psa_start_key_creation(PSA_KEY_CREATION_GENERATE, attributes, + &output_slot, &output_driver); + if (status != PSA_SUCCESS) { + goto exit; + } + + status = psa_allocate_buffer_to_slot(output_slot, output_key_buffer_size); + if (status != PSA_SUCCESS) { + goto exit; + } + +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_MLKEM_KEY_ENCAPSULATE) + status = mbedtls_psa_mlkem_encapsulate(&slot->attr, + slot->key.data, + slot->key.bytes, + output_slot->key.data, + output_slot->key.bytes, + ciphertext, + ciphertext_size, + ciphertext_length); +#else + status = PSA_ERROR_NOT_SUPPORTED; +#endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_MLKEM_KEY_ENCAPSULATE */ + + if (status != PSA_SUCCESS) { + psa_remove_key_data_from_memory(output_slot); + } + +exit: + if (status == PSA_SUCCESS) { + status = psa_finish_key_creation(output_slot, output_driver, output_key); + } + if (status != PSA_SUCCESS) { + psa_fail_key_creation(output_slot, output_driver); + } + + return status; +} + +psa_status_t psa_decapsulate(psa_key_id_t key, + psa_algorithm_t alg, + const uint8_t * ciphertext, + size_t ciphertext_length, + const psa_key_attributes_t * attributes, + psa_key_id_t * output_key) +{ + psa_status_t status = PSA_ERROR_NOT_SUPPORTED; + psa_key_slot_t *slot = NULL; + psa_key_usage_t usage = PSA_KEY_USAGE_DECAPSULATE; + psa_key_slot_t *output_slot = NULL; + psa_se_drv_table_entry_t *output_driver = NULL; + size_t output_key_buffer_size = PSA_ML_KEM_SHARED_SECRET_SIZE; + + if (!PSA_ALG_IS_KEY_ENCAPSULATION(alg)) { + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; + } + + /* Look up the slot for the private key */ + status = psa_get_and_lock_key_slot_with_policy(key, &slot, usage, alg); + if (status != PSA_SUCCESS) { + goto exit; + } + + /* Set up a key slot for the new secret */ + *output_key = MBEDTLS_SVC_KEY_ID_INIT; + + /* Reject any attempt to create a zero-length key so that we don't + * risk tripping up later, e.g. on a malloc(0) that returns NULL. */ + if (psa_get_key_bits(attributes) == 0) { + return PSA_ERROR_INVALID_ARGUMENT; + } + + status = psa_start_key_creation(PSA_KEY_CREATION_GENERATE, attributes, + &output_slot, &output_driver); + if (status != PSA_SUCCESS) { + goto exit; + } + + status = psa_allocate_buffer_to_slot(output_slot, output_key_buffer_size); + if (status != PSA_SUCCESS) { + goto exit; + } + +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_MLKEM_KEY_DECAPSULATE) + status = mbedtls_psa_mlkem_decapsulate(slot->attr.bits, + slot->key.data, + slot->key.bytes, + ciphertext, + ciphertext_length, + output_slot->key.data, + &output_slot->key.bytes); +#else + status = PSA_ERROR_NOT_SUPPORTED; +#endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_MLKEM_KEY_DECAPSULATE */ + + if (status != PSA_SUCCESS) { + psa_remove_key_data_from_memory(output_slot); + } + +exit: + if (status == PSA_SUCCESS) { + status = psa_finish_key_creation(output_slot, output_driver, output_key); + } + if (status != PSA_SUCCESS) { + psa_fail_key_creation(output_slot, output_driver); + } + + return status; +} /****************************************************************/ /* Module setup */ @@ -9456,4 +9697,4 @@ psa_status_t psa_crypto_local_output_free(psa_crypto_local_output_t *local_outpu return PSA_SUCCESS; } -#endif /* MBEDTLS_PSA_CRYPTO_C */ +#endif /* MBEDTLS_PSA_CRYPTO_C */ \ No newline at end of file diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c index a201985b4f0..e6c7074359b 100644 --- a/library/psa_crypto_aead.c +++ b/library/psa_crypto_aead.c @@ -34,9 +34,36 @@ static psa_status_t psa_aead_setup( mbedtls_cipher_id_t cipher_id; mbedtls_cipher_mode_t mode; size_t key_bits = attributes->bits; + psa_key_type_t temp_keytype = 0; + (void) key_buffer_size; - status = mbedtls_cipher_values_from_psa(alg, attributes->type, + key_bits = attributes->bits; + +#if defined (MBEDTLS_CCM_ALT) || defined (MBEDTLS_GCM_ALT) + #if defined (MBEDTLS_PSA_CRYPTO_ACCEL_DRV_C) + if (PSA_KEY_TYPE_IS_VENDOR_DEFINED(attributes->type)) + { + /* The mbedcrypto implementation obtains the list of methods based on the keybit size. + * Since the wrapped keybit size does not correspond to the raw key size i.e the + * AES256 raw bit size is 256 but the wrapped size is 416 bytes, provide the 256 bit value + * to mbedcrypto so that the right methods are invoked. */ + status = vendor_bitlength_to_raw_bitlength(attributes->type, attributes->bits, &key_bits); + if (status != PSA_SUCCESS) + { + return status; + } + + temp_keytype = (psa_key_type_t)(attributes->type & ~PSA_KEY_TYPE_VENDOR_FLAG); + } + else +#endif /* MBEDTLS_PSA_CRYPTO_ACCEL_DRV_C */ +#endif + { + temp_keytype = (psa_key_type_t)(attributes->type); + } + + status = mbedtls_cipher_values_from_psa(alg, temp_keytype, &key_bits, &mode, &cipher_id); if (status != PSA_SUCCESS) { return status; @@ -54,6 +81,14 @@ static psa_status_t psa_aead_setup( } mbedtls_ccm_init(&operation->ctx.ccm); +#if defined (MBEDTLS_PSA_CRYPTO_ACCEL_DRV_C) +#if defined(MBEDTLS_CCM_ALT) +if ((PSA_KEY_TYPE_IS_VENDOR_DEFINED(attributes->type)) && ((key_buffer_size == (SIZE_AES_128BIT_KEYLEN_BYTES_WRAPPED)) || (key_buffer_size == (SIZE_AES_192BIT_KEYLEN_BYTES_WRAPPED)) || (key_buffer_size == (SIZE_AES_256BIT_KEYLEN_BYTES_WRAPPED)))) +{ + operation->ctx.ccm.vendor_flag = 1U; +} +#endif +#endif status = mbedtls_to_psa_error( mbedtls_ccm_setkey(&operation->ctx.ccm, cipher_id, key_buffer, (unsigned int) key_bits)); @@ -74,6 +109,16 @@ static psa_status_t psa_aead_setup( } mbedtls_gcm_init(&operation->ctx.gcm); + +#if defined (MBEDTLS_PSA_CRYPTO_ACCEL_DRV_C) +#if defined(MBEDTLS_GCM_ALT) +if ((PSA_KEY_TYPE_IS_VENDOR_DEFINED(attributes->type)) && ((key_buffer_size == (SIZE_AES_128BIT_KEYLEN_BYTES_WRAPPED)) || (key_buffer_size == (SIZE_AES_192BIT_KEYLEN_BYTES_WRAPPED)) || (key_buffer_size == (SIZE_AES_256BIT_KEYLEN_BYTES_WRAPPED)))) +{ + operation->ctx.gcm.vendor_flag = 1U; +} +#endif +#endif + status = mbedtls_to_psa_error( mbedtls_gcm_setkey(&operation->ctx.gcm, cipher_id, key_buffer, (unsigned int) key_bits)); diff --git a/library/psa_crypto_cipher.c b/library/psa_crypto_cipher.c index efc5813ff08..cdfda208b3e 100644 --- a/library/psa_crypto_cipher.c +++ b/library/psa_crypto_cipher.c @@ -194,6 +194,11 @@ psa_status_t mbedtls_cipher_values_from_psa( *mode = MBEDTLS_MODE_CHACHAPOLY; break; #endif + + case PSA_ALG_XTS: + *mode = MBEDTLS_MODE_XTS; + break; + default: return PSA_ERROR_NOT_SUPPORTED; } @@ -294,8 +299,27 @@ static psa_status_t psa_cipher_setup( operation->alg = alg; key_bits = attributes->bits; +#if defined (MBEDTLS_CIPHER_ALT) +#if defined (MBEDTLS_PSA_CRYPTO_ACCEL_DRV_C) + if (PSA_KEY_TYPE_IS_VENDOR_DEFINED(key_type)) + { + ret = vendor_bitlength_to_raw_bitlength(key_type, key_bits, &key_bits); + if (ret != PSA_SUCCESS) + { + return ret; + } + cipher_info = mbedtls_cipher_info_from_psa(alg, + (psa_key_type_t) (key_type & ~PSA_KEY_TYPE_VENDOR_FLAG), + key_bits, + NULL); + } + else +#endif /* MBEDTLS_PSA_CRYPTO_ACCEL_DRV_C */ +#endif + { cipher_info = mbedtls_cipher_info_from_psa(alg, key_type, key_bits, NULL); + } if (cipher_info == NULL) { return PSA_ERROR_NOT_SUPPORTED; } @@ -305,6 +329,16 @@ static psa_status_t psa_cipher_setup( goto exit; } +#if defined (MBEDTLS_CIPHER_ALT) +#if defined (MBEDTLS_PSA_CRYPTO_ACCEL_DRV_C) + if (PSA_KEY_TYPE_IS_VENDOR_DEFINED(key_type)) + { + void * p_aes_ctx = NULL; + p_aes_ctx = operation->ctx.cipher.cipher_ctx; + psa_aead_setup_vendor(p_aes_ctx); + } +#endif /* MBEDTLS_PSA_CRYPTO_ACCEL_DRV_C */ +#endif #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES) if (key_type == PSA_KEY_TYPE_DES && key_bits == 128) { /* Two-key Triple-DES is 3-key Triple-DES with K1=K3 */ diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h index 0ed221b5018..79ccd86cdde 100644 --- a/library/psa_crypto_driver_wrappers.h +++ b/library/psa_crypto_driver_wrappers.h @@ -14,6 +14,7 @@ #include "psa_crypto_cipher.h" #include "psa_crypto_core.h" #include "psa_crypto_driver_wrappers_no_static.h" +#include "psa/crypto_accel_driver.h" #include "psa_crypto_hash.h" #include "psa_crypto_mac.h" #include "psa_crypto_pake.h" @@ -23,7 +24,7 @@ #include "mbedtls/constant_time.h" /* END-common headers */ -#if defined(MBEDTLS_PSA_CRYPTO_C) +#if defined(MBEDTLS_PSA_CRYPTO_C) || defined(MCUBOOT_USE_PSA_CRYPTO) /* BEGIN-driver headers */ /* Headers for mbedtls_test opaque driver */ @@ -42,16 +43,45 @@ #endif +/* Include TF-M builtin key driver */ +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) +#ifndef PSA_CRYPTO_DRIVER_PRESENT +#define PSA_CRYPTO_DRIVER_PRESENT +#endif +#ifndef PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT +#define PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT +#endif +#include "tfm_builtin_key_loader.h" +#endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */ + +#if defined(PSA_CRYPTO_DRIVER_CC3XX) +#ifndef PSA_CRYPTO_DRIVER_PRESENT +#define PSA_CRYPTO_DRIVER_PRESENT +#endif +#ifndef PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT +#define PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT +#endif +#include "cc3xx.h" +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ + /* END-driver headers */ /* Auto-generated values depending on which drivers are registered. * ID 0 is reserved for unallocated operations. * ID 1 is reserved for the Mbed TLS software driver. */ /* BEGIN-driver id definition */ -#define PSA_CRYPTO_MBED_TLS_DRIVER_ID (1) -#define MBEDTLS_TEST_OPAQUE_DRIVER_ID (2) -#define MBEDTLS_TEST_TRANSPARENT_DRIVER_ID (3) -#define P256_TRANSPARENT_DRIVER_ID (4) +enum { + PSA_CRYPTO_MBED_TLS_DRIVER_ID = 1, + MBEDTLS_TEST_OPAQUE_DRIVER_ID, + MBEDTLS_TEST_TRANSPARENT_DRIVER_ID, + P256_TRANSPARENT_DRIVER_ID, +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) + PSA_CRYPTO_TFM_BUILTIN_KEY_LOADER_DRIVER_ID, +#endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + PSA_CRYPTO_CC3XX_DRIVER_ID, +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ +}; /* END-driver id */ @@ -73,6 +103,12 @@ static inline psa_status_t psa_driver_wrapper_init( void ) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) + status = tfm_builtin_key_loader_init(); + if (status != PSA_SUCCESS) + return ( status ); +#endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */ + #if defined(MBEDTLS_PSA_CRYPTO_SE_C) status = psa_init_all_se_drivers( ); if( status != PSA_SUCCESS ) @@ -89,6 +125,11 @@ static inline psa_status_t psa_driver_wrapper_init( void ) return( status ); #endif +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + status = cc3xx_init(); + if (status != PSA_SUCCESS) + return ( status ); +#endif (void) status; return( PSA_SUCCESS ); } @@ -105,6 +146,10 @@ static inline void psa_driver_wrapper_free( void ) mbedtls_test_transparent_free( ); mbedtls_test_opaque_free( ); #endif + +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + (void)cc3xx_free(); +#endif } /* Start delegation functions */ @@ -126,6 +171,9 @@ static inline psa_status_t psa_driver_wrapper_sign_message( switch( location ) { case PSA_KEY_LOCATION_LOCAL_STORAGE: +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) + case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION: +#endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */ /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) @@ -144,7 +192,29 @@ static inline psa_status_t psa_driver_wrapper_sign_message( if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ -#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + status = cc3xx_sign_message( + attributes, + key_buffer, + key_buffer_size, + alg, + input, + input_length, + signature, + signature_size, + signature_length ); + return( status ); +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + return( psa_sign_message_builtin( attributes, + key_buffer, + key_buffer_size, + alg, + input, + input_length, + signature, + signature_size, + signature_length ) ); break; /* Add cases for opaque driver here */ @@ -169,18 +239,8 @@ static inline psa_status_t psa_driver_wrapper_sign_message( default: /* Key is declared with a lifetime not known to us */ (void)status; - break; + return( PSA_ERROR_INVALID_ARGUMENT ); } - - return( psa_sign_message_builtin( attributes, - key_buffer, - key_buffer_size, - alg, - input, - input_length, - signature, - signature_size, - signature_length ) ); } static inline psa_status_t psa_driver_wrapper_verify_message( @@ -200,6 +260,9 @@ static inline psa_status_t psa_driver_wrapper_verify_message( switch( location ) { case PSA_KEY_LOCATION_LOCAL_STORAGE: +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) + case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION: +#endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */ /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) @@ -217,8 +280,27 @@ static inline psa_status_t psa_driver_wrapper_verify_message( if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + status = cc3xx_verify_message( + attributes, + key_buffer, + key_buffer_size, + alg, + input, + input_length, + signature, + signature_length ); + return( status ); +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ - break; + return( psa_verify_message_builtin( attributes, + key_buffer, + key_buffer_size, + alg, + input, + input_length, + signature, + signature_length ) ); /* Add cases for opaque driver here */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) @@ -241,17 +323,8 @@ static inline psa_status_t psa_driver_wrapper_verify_message( default: /* Key is declared with a lifetime not known to us */ (void)status; - break; + return( PSA_ERROR_INVALID_ARGUMENT ); } - - return( psa_verify_message_builtin( attributes, - key_buffer, - key_buffer_size, - alg, - input, - input_length, - signature, - signature_length ) ); } static inline psa_status_t psa_driver_wrapper_sign_hash( @@ -287,6 +360,9 @@ static inline psa_status_t psa_driver_wrapper_sign_hash( switch( location ) { case PSA_KEY_LOCATION_LOCAL_STORAGE: +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) + case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION: +#endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */ /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) @@ -304,6 +380,18 @@ static inline psa_status_t psa_driver_wrapper_sign_hash( if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + status = cc3xx_sign_hash( attributes, + key_buffer, + key_buffer_size, + alg, + hash, + hash_length, + signature, + signature_size, + signature_length ); + return( status ); +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ #if defined (MBEDTLS_PSA_P256M_DRIVER_ENABLED) if( PSA_KEY_TYPE_IS_ECC( psa_get_key_type(attributes) ) && PSA_ALG_IS_RANDOMIZED_ECDSA(alg) && @@ -390,6 +478,9 @@ static inline psa_status_t psa_driver_wrapper_verify_hash( switch( location ) { case PSA_KEY_LOCATION_LOCAL_STORAGE: +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) + case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION: +#endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */ /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) @@ -407,6 +498,17 @@ static inline psa_status_t psa_driver_wrapper_verify_hash( if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + status = cc3xx_verify_hash( attributes, + key_buffer, + key_buffer_size, + alg, + hash, + hash_length, + signature, + signature_length ); + return( status ); +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ #if defined (MBEDTLS_PSA_P256M_DRIVER_ENABLED) if( PSA_KEY_TYPE_IS_ECC( psa_get_key_type(attributes) ) && PSA_ALG_IS_ECDSA(alg) && @@ -519,6 +621,9 @@ static inline psa_status_t psa_driver_wrapper_sign_hash_start( switch( location ) { case PSA_KEY_LOCATION_LOCAL_STORAGE: +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) + case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION: +#endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */ /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ @@ -611,6 +716,9 @@ static inline psa_status_t psa_driver_wrapper_verify_hash_start( switch( location ) { case PSA_KEY_LOCATION_LOCAL_STORAGE: +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) + case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION: +#endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */ /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ @@ -774,6 +882,9 @@ static inline psa_status_t psa_driver_wrapper_generate_key( switch( location ) { case PSA_KEY_LOCATION_LOCAL_STORAGE: +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) + case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION: +#endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) /* Transparent drivers are limited to generating asymmetric keys. */ /* We don't support passing custom production parameters @@ -790,6 +901,12 @@ static inline psa_status_t psa_driver_wrapper_generate_key( if( status != PSA_ERROR_NOT_SUPPORTED ) break; #endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + status = cc3xx_generate_key( + attributes, key_buffer, key_buffer_size, + key_buffer_length ); + break; +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ #if defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED) if( PSA_KEY_TYPE_IS_ECC( psa_get_key_type(attributes) ) && psa_get_key_type(attributes) == PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1) && @@ -878,6 +995,9 @@ static inline psa_status_t psa_driver_wrapper_import_key( switch( location ) { case PSA_KEY_LOCATION_LOCAL_STORAGE: +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) + case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION: +#endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */ /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) @@ -979,6 +1099,9 @@ static inline psa_status_t psa_driver_wrapper_export_key( switch( location ) { case PSA_KEY_LOCATION_LOCAL_STORAGE: +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) + case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION: +#endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */ return( psa_export_key_internal( attributes, key_buffer, key_buffer_size, @@ -1085,6 +1208,9 @@ static inline psa_status_t psa_driver_wrapper_cipher_encrypt( switch( location ) { case PSA_KEY_LOCATION_LOCAL_STORAGE: +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) + case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION: +#endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */ /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) @@ -1104,6 +1230,20 @@ static inline psa_status_t psa_driver_wrapper_cipher_encrypt( if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + status = cc3xx_cipher_encrypt( attributes, + key_buffer, + key_buffer_size, + alg, + iv, + iv_length, + input, + input_length, + output, + output_size, + output_length ); + return( status ); +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ #if defined(MBEDTLS_PSA_BUILTIN_CIPHER) @@ -1175,6 +1315,9 @@ static inline psa_status_t psa_driver_wrapper_cipher_decrypt( switch( location ) { case PSA_KEY_LOCATION_LOCAL_STORAGE: +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) + case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION: +#endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */ /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) @@ -1192,6 +1335,18 @@ static inline psa_status_t psa_driver_wrapper_cipher_decrypt( if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + status = cc3xx_cipher_decrypt( attributes, + key_buffer, + key_buffer_size, + alg, + input, + input_length, + output, + output_size, + output_length ); + return( status ); +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ #if defined(MBEDTLS_PSA_BUILTIN_CIPHER) @@ -1252,6 +1407,9 @@ static inline psa_status_t psa_driver_wrapper_cipher_encrypt_setup( switch( location ) { case PSA_KEY_LOCATION_LOCAL_STORAGE: +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) + case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION: +#endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */ /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) @@ -1269,6 +1427,16 @@ static inline psa_status_t psa_driver_wrapper_cipher_encrypt_setup( if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + status = cc3xx_cipher_encrypt_setup( + &operation->ctx.cc3xx_driver_ctx, + attributes, + key_buffer, + key_buffer_size, + alg ); + operation->id = PSA_CRYPTO_CC3XX_DRIVER_ID; + return( status ); +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ #if defined(MBEDTLS_PSA_BUILTIN_CIPHER) /* Fell through, meaning no accelerator supports this operation */ @@ -1325,6 +1493,9 @@ static inline psa_status_t psa_driver_wrapper_cipher_decrypt_setup( switch( location ) { case PSA_KEY_LOCATION_LOCAL_STORAGE: +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) + case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION: +#endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */ /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) @@ -1342,6 +1513,16 @@ static inline psa_status_t psa_driver_wrapper_cipher_decrypt_setup( if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + status = cc3xx_cipher_decrypt_setup( + &operation->ctx.cc3xx_driver_ctx, + attributes, + key_buffer, + key_buffer_size, + alg ); + operation->id = PSA_CRYPTO_CC3XX_DRIVER_ID; + return( status ); +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ #if defined(MBEDTLS_PSA_BUILTIN_CIPHER) /* Fell through, meaning no accelerator supports this operation */ @@ -1411,6 +1592,12 @@ static inline psa_status_t psa_driver_wrapper_cipher_set_iv( &operation->ctx.opaque_test_driver_ctx, iv, iv_length ) ); #endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + case PSA_CRYPTO_CC3XX_DRIVER_ID: + return( cc3xx_cipher_set_iv( + &operation->ctx.cc3xx_driver_ctx, + iv, iv_length ) ); +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ } @@ -1454,6 +1641,13 @@ static inline psa_status_t psa_driver_wrapper_cipher_update( input, input_length, output, output_size, output_length ) ); #endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + case PSA_CRYPTO_CC3XX_DRIVER_ID: + return( cc3xx_cipher_update( + &operation->ctx.cc3xx_driver_ctx, + input, input_length, + output, output_size, output_length ) ); +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ } @@ -1494,6 +1688,12 @@ static inline psa_status_t psa_driver_wrapper_cipher_finish( &operation->ctx.opaque_test_driver_ctx, output, output_size, output_length ) ); #endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + case PSA_CRYPTO_CC3XX_DRIVER_ID: + return( cc3xx_cipher_finish( + &operation->ctx.cc3xx_driver_ctx, + output, output_size, output_length ) ); +#endif /* PSA_CRYPTO_DRIVER_CC3XX*/ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ } @@ -1534,6 +1734,15 @@ static inline psa_status_t psa_driver_wrapper_cipher_abort( sizeof( operation->ctx.opaque_test_driver_ctx ) ); return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + case PSA_CRYPTO_CC3XX_DRIVER_ID: + status = cc3xx_cipher_abort( + &operation->ctx.cc3xx_driver_ctx ); + mbedtls_platform_zeroize( + &operation->ctx.cc3xx_driver_ctx, + sizeof( operation->ctx.cc3xx_driver_ctx ) ); + return( status ); +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ } @@ -1555,12 +1764,19 @@ static inline psa_status_t psa_driver_wrapper_hash_compute( psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; /* Try accelerators first */ +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) status = mbedtls_test_transparent_hash_compute( alg, input, input_length, hash, hash_size, hash_length ); if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); -#endif +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + status = cc3xx_hash_compute(alg, input, input_length, hash, hash_size, + hash_length); + return status; +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ /* If software fallback is compiled in, try fallback */ #if defined(MBEDTLS_PSA_BUILTIN_HASH) @@ -1587,6 +1803,7 @@ static inline psa_status_t psa_driver_wrapper_hash_setup( psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; /* Try setup on accelerators first */ +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) status = mbedtls_test_transparent_hash_setup( &operation->ctx.test_driver_ctx, alg ); @@ -1595,7 +1812,13 @@ static inline psa_status_t psa_driver_wrapper_hash_setup( if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); -#endif +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + status = cc3xx_hash_setup(&operation->ctx.cc3xx_driver_ctx, alg); + operation->id = PSA_CRYPTO_CC3XX_DRIVER_ID; + return( status ); +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ /* If software fallback is compiled in, try fallback */ #if defined(MBEDTLS_PSA_BUILTIN_HASH) @@ -1625,13 +1848,23 @@ static inline psa_status_t psa_driver_wrapper_hash_clone( return( mbedtls_psa_hash_clone( &source_operation->ctx.mbedtls_ctx, &target_operation->ctx.mbedtls_ctx ) ); #endif +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: target_operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID; return( mbedtls_test_transparent_hash_clone( &source_operation->ctx.test_driver_ctx, &target_operation->ctx.test_driver_ctx ) ); -#endif +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + case PSA_CRYPTO_CC3XX_DRIVER_ID: + target_operation->id = PSA_CRYPTO_CC3XX_DRIVER_ID; + return( cc3xx_hash_clone( + &source_operation->ctx.cc3xx_driver_ctx, + &target_operation->ctx.cc3xx_driver_ctx ) ); + +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ default: (void) target_operation; return( PSA_ERROR_BAD_STATE ); @@ -1650,12 +1883,20 @@ static inline psa_status_t psa_driver_wrapper_hash_update( return( mbedtls_psa_hash_update( &operation->ctx.mbedtls_ctx, input, input_length ) ); #endif +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: return( mbedtls_test_transparent_hash_update( &operation->ctx.test_driver_ctx, input, input_length ) ); -#endif +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + case PSA_CRYPTO_CC3XX_DRIVER_ID: + return( cc3xx_hash_update( + &operation->ctx.cc3xx_driver_ctx, + input, input_length ) ); +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ default: (void) input; (void) input_length; @@ -1676,12 +1917,20 @@ static inline psa_status_t psa_driver_wrapper_hash_finish( return( mbedtls_psa_hash_finish( &operation->ctx.mbedtls_ctx, hash, hash_size, hash_length ) ); #endif +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: return( mbedtls_test_transparent_hash_finish( &operation->ctx.test_driver_ctx, hash, hash_size, hash_length ) ); -#endif +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + case PSA_CRYPTO_CC3XX_DRIVER_ID: + return( cc3xx_hash_finish( + &operation->ctx.cc3xx_driver_ctx, + hash, hash_size, hash_length ) ); +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ default: (void) hash; (void) hash_size; @@ -1699,11 +1948,18 @@ static inline psa_status_t psa_driver_wrapper_hash_abort( case PSA_CRYPTO_MBED_TLS_DRIVER_ID: return( mbedtls_psa_hash_abort( &operation->ctx.mbedtls_ctx ) ); #endif +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: return( mbedtls_test_transparent_hash_abort( &operation->ctx.test_driver_ctx ) ); -#endif +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + case PSA_CRYPTO_CC3XX_DRIVER_ID: + return( cc3xx_hash_abort( + &operation->ctx.cc3xx_driver_ctx ) ); +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ default: return( PSA_ERROR_BAD_STATE ); } @@ -1725,6 +1981,9 @@ static inline psa_status_t psa_driver_wrapper_aead_encrypt( switch( location ) { case PSA_KEY_LOCATION_LOCAL_STORAGE: +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) + case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION: +#endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */ /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ @@ -1741,6 +2000,17 @@ static inline psa_status_t psa_driver_wrapper_aead_encrypt( if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + status = cc3xx_aead_encrypt( + attributes, key_buffer, key_buffer_size, + alg, + nonce, nonce_length, + additional_data, additional_data_length, + plaintext, plaintext_length, + ciphertext, ciphertext_size, ciphertext_length ); + + return( status ); +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ /* Fell through, meaning no accelerator supports this operation */ @@ -1777,6 +2047,9 @@ static inline psa_status_t psa_driver_wrapper_aead_decrypt( switch( location ) { case PSA_KEY_LOCATION_LOCAL_STORAGE: +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) + case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION: +#endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */ /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ @@ -1793,6 +2066,17 @@ static inline psa_status_t psa_driver_wrapper_aead_decrypt( if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + status = cc3xx_aead_decrypt( + attributes, key_buffer, key_buffer_size, + alg, + nonce, nonce_length, + additional_data, additional_data_length, + ciphertext, ciphertext_length, + plaintext, plaintext_size, plaintext_length ); + + return( status ); +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ /* Fell through, meaning no accelerator supports this operation */ @@ -1826,6 +2110,9 @@ static inline psa_status_t psa_driver_wrapper_aead_encrypt_setup( switch( location ) { case PSA_KEY_LOCATION_LOCAL_STORAGE: +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) + case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION: +#endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */ /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ @@ -1841,6 +2128,15 @@ static inline psa_status_t psa_driver_wrapper_aead_encrypt_setup( if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + operation->id = PSA_CRYPTO_CC3XX_DRIVER_ID; + status = cc3xx_aead_encrypt_setup( + &operation->ctx.cc3xx_driver_ctx, + attributes, key_buffer, key_buffer_size, + alg ); + + return( status ); +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ /* Fell through, meaning no accelerator supports this operation */ @@ -1874,6 +2170,9 @@ static inline psa_status_t psa_driver_wrapper_aead_decrypt_setup( switch( location ) { case PSA_KEY_LOCATION_LOCAL_STORAGE: +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) + case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION: +#endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */ /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ @@ -1890,6 +2189,16 @@ static inline psa_status_t psa_driver_wrapper_aead_decrypt_setup( if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + operation->id = PSA_CRYPTO_CC3XX_DRIVER_ID; + status = cc3xx_aead_decrypt_setup( + &operation->ctx.cc3xx_driver_ctx, + attributes, + key_buffer, key_buffer_size, + alg ); + + return( status ); +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ /* Fell through, meaning no accelerator supports this operation */ @@ -1936,6 +2245,12 @@ static inline psa_status_t psa_driver_wrapper_aead_set_nonce( /* Add cases for opaque driver here */ #endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + case PSA_CRYPTO_CC3XX_DRIVER_ID: + return( cc3xx_aead_set_nonce( + &operation->ctx.cc3xx_driver_ctx, + nonce, nonce_length ) ); +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ } @@ -1970,6 +2285,12 @@ static inline psa_status_t psa_driver_wrapper_aead_set_lengths( /* Add cases for opaque driver here */ #endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + case PSA_CRYPTO_CC3XX_DRIVER_ID: + return( cc3xx_aead_set_lengths( + &operation->ctx.cc3xx_driver_ctx, + ad_length, plaintext_length ) ); +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ } @@ -2004,6 +2325,12 @@ static inline psa_status_t psa_driver_wrapper_aead_update_ad( /* Add cases for opaque driver here */ #endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + case PSA_CRYPTO_CC3XX_DRIVER_ID: + return( cc3xx_aead_update_ad( + &operation->ctx.cc3xx_driver_ctx, + input, input_length ) ); +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ } @@ -2043,6 +2370,13 @@ static inline psa_status_t psa_driver_wrapper_aead_update( /* Add cases for opaque driver here */ #endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + case PSA_CRYPTO_CC3XX_DRIVER_ID: + return( cc3xx_aead_update( + &operation->ctx.cc3xx_driver_ctx, + input, input_length, output, output_size, + output_length ) ); +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ } @@ -2087,6 +2421,13 @@ static inline psa_status_t psa_driver_wrapper_aead_finish( /* Add cases for opaque driver here */ #endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + case PSA_CRYPTO_CC3XX_DRIVER_ID: + return( cc3xx_aead_finish( + &operation->ctx.cc3xx_driver_ctx, + ciphertext, ciphertext_size, + ciphertext_length, tag, tag_size, tag_length ) ); +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ } @@ -2151,6 +2492,13 @@ static inline psa_status_t psa_driver_wrapper_aead_verify( /* Add cases for opaque driver here */ #endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + case PSA_CRYPTO_CC3XX_DRIVER_ID: + return( cc3xx_aead_verify( + &operation->ctx.cc3xx_driver_ctx, + plaintext, plaintext_size, + plaintext_length, tag, tag_length ) ); +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ } @@ -2183,6 +2531,11 @@ static inline psa_status_t psa_driver_wrapper_aead_abort( /* Add cases for opaque driver here */ #endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + case PSA_CRYPTO_CC3XX_DRIVER_ID: + return( cc3xx_aead_abort( + &operation->ctx.cc3xx_driver_ctx ) ); +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ } @@ -2210,6 +2563,9 @@ static inline psa_status_t psa_driver_wrapper_mac_compute( switch( location ) { case PSA_KEY_LOCATION_LOCAL_STORAGE: +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) + case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION: +#endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */ /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) @@ -2222,6 +2578,12 @@ static inline psa_status_t psa_driver_wrapper_mac_compute( if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + status = cc3xx_mac_compute(attributes, key_buffer, key_buffer_size, alg, + input, input_length, + mac, mac_size, mac_length); + return( status ); +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ #if defined(MBEDTLS_PSA_BUILTIN_MAC) /* Fell through, meaning no accelerator supports this operation */ @@ -2274,6 +2636,9 @@ static inline psa_status_t psa_driver_wrapper_mac_sign_setup( switch( location ) { case PSA_KEY_LOCATION_LOCAL_STORAGE: +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) + case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION: +#endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */ /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) @@ -2290,6 +2655,15 @@ static inline psa_status_t psa_driver_wrapper_mac_sign_setup( if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + status = cc3xx_mac_sign_setup( + &operation->ctx.cc3xx_driver_ctx, + attributes, + key_buffer, key_buffer_size, + alg); + operation->id = PSA_CRYPTO_CC3XX_DRIVER_ID; + return status; +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ #if defined(MBEDTLS_PSA_BUILTIN_MAC) /* Fell through, meaning no accelerator supports this operation */ @@ -2346,6 +2720,9 @@ static inline psa_status_t psa_driver_wrapper_mac_verify_setup( switch( location ) { case PSA_KEY_LOCATION_LOCAL_STORAGE: +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) + case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION: +#endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */ /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) @@ -2362,6 +2739,15 @@ static inline psa_status_t psa_driver_wrapper_mac_verify_setup( if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + status = cc3xx_mac_verify_setup( + &operation->ctx.cc3xx_driver_ctx, + attributes, + key_buffer, key_buffer_size, + alg); + operation->id = PSA_CRYPTO_CC3XX_DRIVER_ID; + return status; +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ #if defined(MBEDTLS_PSA_BUILTIN_MAC) /* Fell through, meaning no accelerator supports this operation */ @@ -2429,6 +2815,10 @@ static inline psa_status_t psa_driver_wrapper_mac_update( &operation->ctx.opaque_test_driver_ctx, input, input_length ) ); #endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + case PSA_CRYPTO_CC3XX_DRIVER_ID: + return(cc3xx_mac_update(&operation->ctx.cc3xx_driver_ctx, input, input_length)); +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ default: (void) input; @@ -2463,6 +2853,11 @@ static inline psa_status_t psa_driver_wrapper_mac_sign_finish( &operation->ctx.opaque_test_driver_ctx, mac, mac_size, mac_length ) ); #endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + case PSA_CRYPTO_CC3XX_DRIVER_ID: + return(cc3xx_mac_sign_finish(&operation->ctx.cc3xx_driver_ctx, + mac, mac_size, mac_length)); +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ default: (void) mac; @@ -2497,6 +2892,12 @@ static inline psa_status_t psa_driver_wrapper_mac_verify_finish( &operation->ctx.opaque_test_driver_ctx, mac, mac_length ) ); #endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + case PSA_CRYPTO_CC3XX_DRIVER_ID: + return(cc3xx_mac_verify_finish( + &operation->ctx.cc3xx_driver_ctx, + mac, mac_length)); +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ default: (void) mac; @@ -2524,6 +2925,10 @@ static inline psa_status_t psa_driver_wrapper_mac_abort( return( mbedtls_test_opaque_mac_abort( &operation->ctx.opaque_test_driver_ctx ) ); #endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + case PSA_CRYPTO_CC3XX_DRIVER_ID: + return(cc3xx_mac_abort(&operation->ctx.cc3xx_driver_ctx)); +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ default: return( PSA_ERROR_INVALID_ARGUMENT ); @@ -2546,6 +2951,9 @@ static inline psa_status_t psa_driver_wrapper_asymmetric_encrypt( switch( location ) { case PSA_KEY_LOCATION_LOCAL_STORAGE: +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) + case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION: +#endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */ /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) @@ -2558,6 +2966,20 @@ static inline psa_status_t psa_driver_wrapper_asymmetric_encrypt( if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + status = cc3xx_asymmetric_encrypt( attributes, + key_buffer, + key_buffer_size, + alg, + input, + input_length, + salt, + salt_length, + output, + output_size, + output_length ); + return( status ); +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ return( mbedtls_psa_asymmetric_encrypt( attributes, key_buffer, key_buffer_size, alg, input, input_length, @@ -2604,6 +3026,9 @@ static inline psa_status_t psa_driver_wrapper_asymmetric_decrypt( switch( location ) { case PSA_KEY_LOCATION_LOCAL_STORAGE: +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) + case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION: +#endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */ /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) @@ -2616,6 +3041,20 @@ static inline psa_status_t psa_driver_wrapper_asymmetric_decrypt( if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + status = cc3xx_asymmetric_decrypt( attributes, + key_buffer, + key_buffer_size, + alg, + input, + input_length, + salt, + salt_length, + output, + output_size, + output_length ); + return( status ); +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ return( mbedtls_psa_asymmetric_decrypt( attributes, key_buffer, key_buffer_size, alg,input, input_length, @@ -2668,6 +3107,9 @@ static inline psa_status_t psa_driver_wrapper_key_agreement( switch( location ) { case PSA_KEY_LOCATION_LOCAL_STORAGE: +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) + case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION: +#endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */ /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) @@ -2680,6 +3122,18 @@ static inline psa_status_t psa_driver_wrapper_key_agreement( if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + status = cc3xx_key_agreement( attributes, + key_buffer, + key_buffer_size, + peer_key, + peer_key_length, + shared_secret, + shared_secret_size, + shared_secret_length, + alg ); + return( status ); +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ #if defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED) if( PSA_KEY_TYPE_IS_ECC( psa_get_key_type(attributes) ) && PSA_ALG_IS_ECDH(alg) && @@ -2748,6 +3202,9 @@ static inline psa_status_t psa_driver_wrapper_pake_setup( switch( location ) { case PSA_KEY_LOCATION_LOCAL_STORAGE: +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) + case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION: +#endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */ /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ status = PSA_ERROR_NOT_SUPPORTED; diff --git a/library/psa_crypto_driver_wrappers_no_static.c b/library/psa_crypto_driver_wrappers_no_static.c index de8a5269b34..bc65e2c7f92 100644 --- a/library/psa_crypto_driver_wrappers_no_static.c +++ b/library/psa_crypto_driver_wrappers_no_static.c @@ -41,16 +41,45 @@ #endif +/* Include TF-M builtin key driver */ +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) +#ifndef PSA_CRYPTO_DRIVER_PRESENT +#define PSA_CRYPTO_DRIVER_PRESENT +#endif +#ifndef PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT +#define PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT +#endif +#include "tfm_builtin_key_loader.h" +#endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */ + +#if defined(PSA_CRYPTO_DRIVER_CC3XX) +#ifndef PSA_CRYPTO_DRIVER_PRESENT +#define PSA_CRYPTO_DRIVER_PRESENT +#endif +#ifndef PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT +#define PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT +#endif +#include "cc3xx.h" +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ + /* END-driver headers */ /* Auto-generated values depending on which drivers are registered. * ID 0 is reserved for unallocated operations. * ID 1 is reserved for the Mbed TLS software driver. */ /* BEGIN-driver id definition */ -#define PSA_CRYPTO_MBED_TLS_DRIVER_ID (1) -#define MBEDTLS_TEST_OPAQUE_DRIVER_ID (2) -#define MBEDTLS_TEST_TRANSPARENT_DRIVER_ID (3) -#define P256_TRANSPARENT_DRIVER_ID (4) +enum { + PSA_CRYPTO_MBED_TLS_DRIVER_ID = 1, + MBEDTLS_TEST_OPAQUE_DRIVER_ID, + MBEDTLS_TEST_TRANSPARENT_DRIVER_ID, + P256_TRANSPARENT_DRIVER_ID, +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) + PSA_CRYPTO_TFM_BUILTIN_KEY_LOADER_DRIVER_ID, +#endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */ +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + PSA_CRYPTO_CC3XX_DRIVER_ID, +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ +}; /* END-driver id */ @@ -112,6 +141,12 @@ psa_status_t psa_driver_wrapper_get_key_buffer_size( PSA_SUCCESS : PSA_ERROR_NOT_SUPPORTED ); #endif /* PSA_CRYPTO_DRIVER_TEST */ +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) + case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION: + return tfm_builtin_key_loader_get_key_buffer_size(psa_get_key_id(attributes), + key_buffer_size); +#endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */ + default: (void)key_type; (void)key_bits; @@ -153,6 +188,9 @@ psa_status_t psa_driver_wrapper_export_public_key( switch( location ) { case PSA_KEY_LOCATION_LOCAL_STORAGE: +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) + case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION: +#endif /* defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) */ /* Key is stored in the slot in export representation, so * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) @@ -171,6 +209,17 @@ psa_status_t psa_driver_wrapper_export_public_key( return( status ); #endif +#if defined(PSA_CRYPTO_DRIVER_CC3XX) + status = cc3xx_export_public_key( + attributes, + key_buffer, + key_buffer_size, + data, + data_size, + data_length ); + return( status ); +#endif /* PSA_CRYPTO_DRIVER_CC3XX */ + #if (defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED) ) status = p256_transparent_export_public_key (attributes, @@ -241,6 +290,13 @@ psa_status_t psa_driver_wrapper_get_builtin_key( )); #endif +#if defined(PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER) + case TFM_BUILTIN_KEY_LOADER_KEY_LOCATION: + return( tfm_builtin_key_loader_get_builtin_key( + slot_number, + attributes, + key_buffer, key_buffer_size, key_buffer_length ) ); +#endif /* PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ default: diff --git a/library/psa_crypto_ecp.c b/library/psa_crypto_ecp.c index 48b90ef57d4..7215f2bf9f2 100644 --- a/library/psa_crypto_ecp.c +++ b/library/psa_crypto_ecp.c @@ -118,6 +118,13 @@ psa_status_t mbedtls_psa_ecp_load_representation( * format, meaning their curve_bytes is equal to the amount of input. */ } +#if defined (MBEDTLS_PSA_CRYPTO_ACCEL_DRV_C) && defined(MBEDTLS_ECP_ALT) + curve_bytes = ( 0U != PSA_ECC_BYTES_VENDOR_RAW(curve_bytes) ) ? + PSA_ECC_BYTES_VENDOR_RAW(curve_bytes) : curve_bytes ; + + curve_bits = ( 0U != PSA_ECC_BITS_VENDOR_RAW(curve_bytes) ) ? + PSA_ECC_BITS_VENDOR_RAW(curve_bytes) : PSA_BYTES_TO_BITS(curve_bytes) ; +#else if (explicit_bits) { /* With an explicit bit-size, the data must have the matching length. */ if (curve_bytes != PSA_BITS_TO_BYTES(curve_bits)) { @@ -129,6 +136,7 @@ psa_status_t mbedtls_psa_ecp_load_representation( * at this stage is rounded up to the nearest multiple of 8. */ curve_bits = PSA_BYTES_TO_BITS(curve_bytes); } +#endif /* Allocate and initialize a key representation. */ ecp = mbedtls_calloc(1, sizeof(mbedtls_ecp_keypair)); @@ -186,6 +194,15 @@ psa_status_t mbedtls_psa_ecp_load_representation( } *p_ecp = ecp; +#if defined (MBEDTLS_PSA_CRYPTO_ACCEL_DRV_C) && defined(MBEDTLS_ECP_ALT) + if (PSA_KEY_TYPE_IS_VENDOR_DEFINED(type)) + { + /* Setup the vendor context flag */ + (*p_ecp)->grp.vendor_ctx = (bool *) true; + + } +#endif /* MBEDTLS_PSA_CRYPTO_ACCEL_DRV_C */ + exit: if (status != PSA_SUCCESS) { mbedtls_ecp_keypair_free(ecp); @@ -281,8 +298,32 @@ psa_status_t mbedtls_psa_ecp_export_key(psa_key_type_t type, return status; } else { + uint32_t private_key_bytes = 0; + +#if defined (MBEDTLS_PSA_CRYPTO_ACCEL_DRV_C) && defined(MBEDTLS_ECP_ALT) + if (PSA_KEY_TYPE_IS_VENDOR_DEFINED(type)) + { + /* Setup the vendor private key size. The + * mbedtls_ecp_write_key() fn seems to require buffer greater than key size */ + private_key_bytes = RM_PSA_CRYPTO_ECC_KEY_WRAPPED_SIZE_BYTES(ecp->grp.nbits); + } + else +#endif /* MBEDTLS_PSA_CRYPTO_ACCEL_DRV_C */ + { + private_key_bytes = PSA_BITS_TO_BYTES( ecp->grp.nbits); + } + + if( data_size < private_key_bytes ) + return PSA_ERROR_BUFFER_TOO_SMALL; + status = mbedtls_to_psa_error( mbedtls_ecp_write_key_ext(ecp, data_length, data, data_size)); + if (status == PSA_SUCCESS) { + *data_length = private_key_bytes; + } else { + memset(data, 0, data_size); + } + return status; } } diff --git a/library/psa_crypto_mac.c b/library/psa_crypto_mac.c index 4464158f937..bd7e2e20527 100644 --- a/library/psa_crypto_mac.c +++ b/library/psa_crypto_mac.c @@ -170,11 +170,24 @@ static psa_status_t cmac_setup(mbedtls_psa_mac_operation_t *operation, } #endif +size_t keybits = psa_get_key_bits(attributes); + +#if defined MBEDTLS_CMAC_ALT +#if defined (MBEDTLS_PSA_CRYPTO_ACCEL_DRV_C) + if (PSA_KEY_TYPE_IS_VENDOR_DEFINED(attributes->type)) + { + keybits = (PSA_CMAC_BITS_VENDOR_RAW(psa_get_key_bits(attributes)) != 0U ? + PSA_CMAC_BITS_VENDOR_RAW(psa_get_key_bits(attributes)) : psa_get_key_bits(attributes)); + + } +#endif /* MBEDTLS_PSA_CRYPTO_ACCEL_DRV_C */ +#endif + const mbedtls_cipher_info_t *cipher_info = mbedtls_cipher_info_from_psa( PSA_ALG_CMAC, - psa_get_key_type(attributes), - psa_get_key_bits(attributes), + (psa_get_key_type( attributes ) & ~PSA_KEY_TYPE_VENDOR_FLAG), + keybits, NULL); if (cipher_info == NULL) { @@ -186,9 +199,18 @@ static psa_status_t cmac_setup(mbedtls_psa_mac_operation_t *operation, goto exit; } +#if defined MBEDTLS_CMAC_ALT +#if defined (MBEDTLS_PSA_CRYPTO_ACCEL_DRV_C) + if (PSA_KEY_TYPE_IS_VENDOR_DEFINED(attributes->type)) + { + psa_aead_setup_vendor(operation->ctx.cmac.cipher_ctx); + + } +#endif /* MBEDTLS_PSA_CRYPTO_ACCEL_DRV_C */ +#endif ret = mbedtls_cipher_cmac_starts(&operation->ctx.cmac, key_buffer, - psa_get_key_bits(attributes)); + keybits); exit: return mbedtls_to_psa_error(ret); } diff --git a/library/psa_crypto_mlkem.c b/library/psa_crypto_mlkem.c new file mode 100644 index 00000000000..6da373cf881 --- /dev/null +++ b/library/psa_crypto_mlkem.c @@ -0,0 +1,367 @@ +/* + * PSA MLKEM layer on top of Mbed TLS crypto + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + +#include "common.h" + +#if defined(MBEDTLS_PSA_CRYPTO_C) + +#include +#include "psa_crypto_core.h" +#include "psa_crypto_mlkem.h" +#include "psa_crypto_random_impl.h" +#include "mbedtls/psa_util.h" + +#include +#include +#include "mbedtls/platform.h" +#include +#include + +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_MLKEM_KEY_PAIR_GENERATE) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_MLKEM_KEY_ENCAPSULATE) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_MLKEM_KEY_DECAPSULATE) + +// #define MBEDTLS_MLKEM_TEST_FIXED_TRNG + +uint32_t mbedtls_mlkem_get_random(const uint32_t rand_len, uint32_t * const p_random); +#if defined(MBEDTLS_MLKEM_TEST_FIXED_TRNG) +// Used by mbedtls_mlkem_generate_key() +const uint8_t z[32] = { /* z */ + 0x1A, 0x39, 0x41, 0x11, 0x16, 0x38, 0x03, 0xFE, 0x2E, 0x85, 0x19, 0xC3, 0x35, 0xA6, 0x86, 0x75, + 0x56, 0x33, 0x8E, 0xAD, 0xAF, 0xA2, 0x2B, 0x5F, 0xC5, 0x57, 0x43, 0x05, 0x60, 0xCC, 0xD6, 0x93, +}; +const uint8_t d[32] = { /* d */ + 0x1E, 0xB4, 0x40, 0x0A, 0x01, 0x62, 0x9D, 0x51, 0x79, 0x74, 0xE2, 0xCD, 0x85, 0xB9, 0xDE, 0xF5, + 0x90, 0x82, 0xDE, 0x50, 0x8E, 0x6F, 0x9C, 0x2B, 0x0E, 0x34, 0x1E, 0x12, 0x96, 0x59, 0x55, 0xCA, +}; +// Used by mbedtls_mlkem_encapsulate() and mbedtls_mlkem_decapsulate() +const uint8_t m[32] = { /* m */ + 0xAF, 0x9B, 0x6C, 0xAE, 0x18, 0x7C, 0x40, 0x72, 0x56, 0xFC, 0x9D, 0x3F, 0x3B, 0xE3, 0x70, 0x10, + 0xFF, 0xAF, 0x55, 0xD0, 0xE6, 0x87, 0xA1, 0x28, 0xF1, 0x7C, 0x7F, 0x62, 0xEB, 0x68, 0x84, 0xD3, +}; +static int random_call_count = 0; + +uint32_t mbedtls_mlkem_get_random(const uint32_t rand_len, uint32_t * const p_random) +{ + if (0 == random_call_count) + { + /* d */ + memcpy(p_random, d, rand_len); + } + else if (1 == random_call_count) + { + /* z */ + memcpy(p_random, z, rand_len); + } + else if (2 == random_call_count) + { + /* fixed data */ + memcpy(p_random, z, rand_len); + } + else + { + memcpy(p_random, m, rand_len); + } + + random_call_count++; + + return 0x55555555; +} +#else +uint32_t mbedtls_mlkem_get_random(const uint32_t rand_len, uint32_t * const p_random) +{ + psa_status_t status = mbedtls_psa_get_random(MBEDTLS_PSA_RANDOM_STATE, (unsigned char *)p_random, rand_len); + return (status == PSA_SUCCESS) ? 0x55555555U : 0xAAAAAAAAU; +} +#endif +#endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_MLKEM_KEY_PAIR_GENERATE || + * MBEDTLS_PSA_BUILTIN_KEY_TYPE_MLKEM_KEY_ENCAPSULATE || + * MBEDTLS_PSA_BUILTIN_KEY_TYPE_MLKEM_KEY_DECAPSULATE */ + +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_MLKEM_KEY_PAIR_BASIC) +psa_status_t mbedtls_psa_mlkem_load_representation( + psa_key_type_t type, psa_key_bits_t bits, + const uint8_t *data, size_t data_length, + mbedtls_mlkem_context **p_mlkem) +{ + + *p_mlkem = mbedtls_calloc(1, sizeof(mbedtls_mlkem_context)); + if (*p_mlkem == NULL) { + return PSA_ERROR_INSUFFICIENT_MEMORY; + } + mbedtls_mlkem_init(*p_mlkem); + + if (PSA_KEY_TYPE_IS_PUBLIC_KEY(type)) { + return PSA_ERROR_NOT_SUPPORTED; + } + else { + (*p_mlkem)->decaps_key.key_data = (uint32_t *)data; + (*p_mlkem)->decaps_key.key_len = PSA_KEY_EXPORT_ML_KEM_PRIVATE_KEY_SIZE(bits); + (*p_mlkem)->d.key_data = (uint32_t *)(data + (*p_mlkem)->decaps_key.key_len); + (*p_mlkem)->d.key_len = PSA_ML_KEM_SEED_SIZE; + (*p_mlkem)->z.key_data = (uint32_t *)(data + (*p_mlkem)->decaps_key.key_len + (*p_mlkem)->d.key_len); + (*p_mlkem)->z.key_len = PSA_ML_KEM_SEED_SIZE; + } + + + return PSA_SUCCESS; +} +#endif + +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_MLKEM_KEY_PAIR_IMPORT) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_MLKEM_KEY_PAIR_EXPORT) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_MLKEM_PUBLIC_KEY) + +psa_status_t mbedtls_psa_mlkem_import_key( + const psa_key_attributes_t *attributes, + const uint8_t *data, size_t data_length, + uint8_t *key_buffer, size_t key_buffer_size, + size_t *key_buffer_length, size_t *bits) +{ + psa_status_t status; + + if (PSA_KEY_TYPE_IS_PUBLIC_KEY(attributes->type)) { + /* Until ASN.1 encoding is implemented, the public key is just raw bytes */ + memcpy(key_buffer, data, data_length); + *key_buffer_length = data_length; + (void)key_buffer_size; + status = PSA_SUCCESS; + } else { + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + mbedtls_mlkem_context *mlkem = NULL; + mbedtls_mlkem_data_t random_d; + mbedtls_mlkem_data_t random_z; + + /* Parse input */ + status = mbedtls_psa_mlkem_load_representation(attributes->type, + attributes->bits, + key_buffer, + key_buffer_size, + &mlkem); + if (status != PSA_SUCCESS) { + goto exit; + } + *bits = attributes->bits; + + random_d.key_data = (uint32_t*)data; + random_d.key_len = PSA_ML_KEM_SEED_SIZE; + random_z.key_data = (uint32_t*)(data + random_d.key_len); + random_z.key_len = PSA_ML_KEM_SEED_SIZE; + + ret = mbedtls_mlkem_expand_key_pair(mlkem, *bits, &random_d, &random_z, mbedtls_mlkem_get_random); + if (ret != 0) { + status = mbedtls_to_psa_error(ret); + goto exit; + } + *key_buffer_length = PSA_ML_KEM_SEED_SIZE + PSA_ML_KEM_SEED_SIZE + mlkem->decaps_key.key_len; +exit: + if (status != PSA_SUCCESS) { + //mbedtls_mlkem_free(mlkem); + mbedtls_free(mlkem); + } + } + return status; +} + +psa_status_t mbedtls_psa_mlkem_export_key(psa_key_type_t type, + psa_key_bits_t bits, + mbedtls_mlkem_context *mlkem, + uint8_t *data, + size_t data_size, + size_t *data_length) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + if (PSA_KEY_TYPE_IS_KEY_PAIR(type)) { + if (data_size < mlkem->d.key_len + mlkem->z.key_len) { + return PSA_ERROR_BUFFER_TOO_SMALL; + } + ret = mbedtls_mlkem_export_keypair(mlkem, data, data_length); + } + else { + if (data_size < PSA_KEY_EXPORT_ML_KEM_PUBLIC_KEY_MAX_SIZE(bits)) { + return PSA_ERROR_BUFFER_TOO_SMALL; + } + ret = mbedtls_mlkem_export_public_key(mlkem, bits); + if (ret == 0) { + memcpy(data, mlkem->encaps_key.key_data, mlkem->encaps_key.key_len); + *data_length = mlkem->encaps_key.key_len; + } + } + + if (ret != 0) { + return mbedtls_to_psa_error(ret); + } + return PSA_SUCCESS; +} + +psa_status_t mbedtls_psa_mlkem_export_public_key( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + uint8_t *data, size_t data_size, size_t *data_length) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + mbedtls_mlkem_context *mlkem = NULL; + + status = mbedtls_psa_mlkem_load_representation( + attributes->type, attributes->bits, + key_buffer, key_buffer_size, &mlkem); + if (status != PSA_SUCCESS) { + goto exit; + } + + status = mbedtls_psa_mlkem_export_key(PSA_KEY_TYPE_ML_KEM_PUBLIC_KEY, attributes->bits, mlkem, data, data_size, data_length); + +exit: + if (status != PSA_SUCCESS) { + //mbedtls_mlkem_free(mlkem); + mbedtls_free(mlkem); + } + return status; +} +#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_IMPORT) || + * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_EXPORT) || + * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) */ + +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_MLKEM_KEY_PAIR_GENERATE) +psa_status_t mbedtls_psa_mlkem_generate_key( + const psa_key_bits_t bits, + uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + mbedtls_mlkem_context mlkem; +#if defined(MBEDTLS_MLKEM_TEST_FIXED_TRNG) + random_call_count = 0; +#endif + + mbedtls_mlkem_init(&mlkem); + mlkem.decaps_key.key_data = (uint32_t *)key_buffer; + mlkem.decaps_key.key_len = PSA_KEY_EXPORT_ML_KEM_PRIVATE_KEY_SIZE(bits); + mlkem.d.key_data = (uint32_t *)(key_buffer + mlkem.decaps_key.key_len); + mlkem.d.key_len = PSA_ML_KEM_SEED_SIZE; + mlkem.z.key_data = (uint32_t *)(key_buffer + mlkem.decaps_key.key_len + mlkem.d.key_len); + mlkem.z.key_len = PSA_ML_KEM_SEED_SIZE; + + if (key_buffer_size < mlkem.decaps_key.key_len + mlkem.d.key_len + mlkem.z.key_len) { + return PSA_ERROR_BUFFER_TOO_SMALL; + } + + ret = mbedtls_mlkem_generate_key(&mlkem, bits, mbedtls_mlkem_get_random); + if (ret != 0) { + return mbedtls_to_psa_error(ret); + } + + *key_buffer_length = PSA_ML_KEM_SEED_SIZE + PSA_ML_KEM_SEED_SIZE + mlkem.decaps_key.key_len; + + return mbedtls_to_psa_error(ret); +} +#endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_MLKEM_KEY_PAIR_GENERATE */ + +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_MLKEM_KEY_ENCAPSULATE) +psa_status_t mbedtls_psa_mlkem_encapsulate( + const psa_key_attributes_t *attributes, + uint8_t *key_buffer, + size_t key_buffer_size, + uint8_t *output_key_buffer, + size_t output_key_buffer_size, + uint8_t *ciphertext, + size_t ciphertext_size, + size_t *ciphertext_length) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + mbedtls_mlkem_context mlkem; + mbedtls_mlkem_data_t cipher; + mbedtls_mlkem_data_t shared_key; +#if defined(MBEDTLS_MLKEM_TEST_FIXED_TRNG) + random_call_count = 3; +#endif + + mbedtls_mlkem_init(&mlkem); + if (PSA_KEY_TYPE_IS_PUBLIC_KEY(attributes->type)) { + mlkem.encaps_key.key_data = (uint32_t *)key_buffer; + mlkem.encaps_key.key_len = key_buffer_size; + } + else + { + mlkem.decaps_key.key_data = (uint32_t *)key_buffer; + mlkem.decaps_key.key_len = PSA_KEY_EXPORT_ML_KEM_PRIVATE_KEY_SIZE(attributes->bits); + mbedtls_mlkem_export_public_key(&mlkem, attributes->bits); + } + + cipher.key_data = (uint32_t *)ciphertext; + cipher.key_len = ciphertext_size; + shared_key.key_data = (uint32_t *)output_key_buffer; + shared_key.key_len = output_key_buffer_size; + + if (key_buffer_size < mlkem.decaps_key.key_len) { + return PSA_ERROR_BUFFER_TOO_SMALL; + } + + ret = mbedtls_mlkem_encapsulate(&mlkem, attributes->bits, &cipher, &shared_key, mbedtls_mlkem_get_random); + if (ret != 0) { + return mbedtls_to_psa_error(ret); + } + if (shared_key.key_len > output_key_buffer_size) { + return PSA_ERROR_BUFFER_TOO_SMALL; + } + if (cipher.key_len > ciphertext_size) { + return PSA_ERROR_BUFFER_TOO_SMALL; + } + *ciphertext_length = cipher.key_len; + + return mbedtls_to_psa_error(ret); +} +#endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_MLKEM_KEY_ENCAPSULATE */ + +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_MLKEM_KEY_DECAPSULATE) +psa_status_t mbedtls_psa_mlkem_decapsulate( + const psa_key_bits_t bits, + uint8_t *key_buffer, + size_t key_buffer_size, + const uint8_t *ciphertext, + size_t ciphertext_len, + uint8_t *shared_secret, + size_t *shared_secret_len) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + mbedtls_mlkem_context mlkem; + mbedtls_mlkem_data_t cipher; + mbedtls_mlkem_data_t shared_key; +#if defined(MBEDTLS_MLKEM_TEST_FIXED_TRNG) + random_call_count = 3; +#endif + + mbedtls_mlkem_init(&mlkem); + mlkem.decaps_key.key_data = (uint32_t *)key_buffer; + mlkem.decaps_key.key_len = PSA_KEY_EXPORT_ML_KEM_PRIVATE_KEY_SIZE(bits); + cipher.key_data = (uint32_t *)ciphertext; + cipher.key_len = ciphertext_len; + shared_key.key_data = (uint32_t *)shared_secret; + shared_key.key_len = *shared_secret_len; + + if (key_buffer_size < mlkem.decaps_key.key_len) { + return PSA_ERROR_BUFFER_TOO_SMALL; + } + + if (key_buffer_size < mlkem.decaps_key.key_len) { + return PSA_ERROR_BUFFER_TOO_SMALL; + } + + ret = mbedtls_mlkem_decapsulate(&mlkem, bits, &cipher, &shared_key, mbedtls_mlkem_get_random); + if (ret != 0) { + return mbedtls_to_psa_error(ret); + } + if (shared_key.key_len > *shared_secret_len) { + return PSA_ERROR_BUFFER_TOO_SMALL; + } + *shared_secret_len = shared_key.key_len; + + return mbedtls_to_psa_error(ret); +} +#endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_MLKEM_KEY_DECAPSULATE */ + +#endif /* MBEDTLS_PSA_CRYPTO_C */ \ No newline at end of file diff --git a/library/psa_crypto_mlkem.h b/library/psa_crypto_mlkem.h new file mode 100644 index 00000000000..2f6816b327f --- /dev/null +++ b/library/psa_crypto_mlkem.h @@ -0,0 +1,188 @@ +/* + * PSA MLKEM layer on top of Mbed TLS crypto + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + +#ifndef PSA_CRYPTO_MLKEM_H +#define PSA_CRYPTO_MLKEM_H + +#include +#include + + +/** Load the contents of a key buffer into an internal MLKEM representation + * + * \param[in] type The type of key contained in \p data. + * \param[in] bits The algorithm strength in bits. + * \param[in] data The buffer from which to load the representation. + * \param[in] data_length The size in bytes of \p data. + * \param[out] p_mlkem Returns a pointer to an MLKEM context on success. + * The caller is responsible for freeing both the + * contents of the context and the context itself + * when done. + */ +psa_status_t mbedtls_psa_mlkem_load_representation(psa_key_type_t type, + psa_key_bits_t bits, + const uint8_t *data, + size_t data_length, + mbedtls_mlkem_context **p_mlkem); + +/** Import an MLKEM key in binary format. + * + * \note The signature of this function is that of a PSA driver + * import_key entry point. This function behaves as an import_key + * entry point as defined in the PSA driver interface specification for + * transparent drivers. + * + * \param[in] attributes The attributes for the key to import. + * \param[in] data The buffer containing the key data in import + * format. + * \param[in] data_length Size of the \p data buffer in bytes. + * \param[out] key_buffer The buffer containing the key data in output + * format. + * \param[in] key_buffer_size Size of the \p key_buffer buffer in bytes. This + * size is greater or equal to \p data_length. + * \param[out] key_buffer_length The length of the data written in \p + * key_buffer in bytes. + * \param[out] bits The key size in number of bits. + * + * \retval #PSA_SUCCESS The MLKEM key was imported successfully. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * The key data is not correctly formatted. + * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + */ +psa_status_t mbedtls_psa_mlkem_import_key( + const psa_key_attributes_t *attributes, + const uint8_t *data, size_t data_length, + uint8_t *key_buffer, size_t key_buffer_size, + size_t *key_buffer_length, size_t *bits); + +/** Export an MLKEM key to export representation + * + * \param[in] type The type of key (public/private) to export + * \param[in] mlkem The internal MLKEM representation from which to export + * \param[out] data The buffer to export to + * \param[in] data_size The length of the buffer to export to + * \param[out] data_length The amount of bytes written to \p data + */ +psa_status_t mbedtls_psa_mlkem_export_key(psa_key_type_t type, + psa_key_bits_t bits, + mbedtls_mlkem_context *mlkem, + uint8_t *data, + size_t data_size, + size_t *data_length); + +/** Export an MLKEM public key or the public part of an MLKEM key pair in binary + * format. + * + * \note The signature of this function is that of a PSA driver + * export_public_key entry point. This function behaves as an + * export_public_key entry point as defined in the PSA driver interface + * specification. + * + * \param[in] attributes The attributes for the key to export. + * \param[in] key_buffer Material or context of the key to export. + * \param[in] key_buffer_size Size of the \p key_buffer buffer in bytes. + * \param[out] data Buffer where the key data is to be written. + * \param[in] data_size Size of the \p data buffer in bytes. + * \param[out] data_length On success, the number of bytes written in + * \p data + * + * \retval #PSA_SUCCESS The MLKEM public key was exported successfully. + * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + */ +psa_status_t mbedtls_psa_mlkem_export_public_key( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + uint8_t *data, size_t data_size, size_t *data_length); + +/** + * \brief Generate an MLKEM key. + * + * \note The signature of the function is that of a PSA driver generate_key + * entry point. + * + * \param[in] bits The algorithm strength in bits. + * \param[out] key_buffer Buffer where the key data is to be written. + * \param[in] key_buffer_size Size of \p key_buffer in bytes. + * \param[out] key_buffer_length On success, the number of bytes written in + * \p key_buffer. + * + * \retval #PSA_SUCCESS + * The key was successfully generated. + * \retval #PSA_ERROR_NOT_SUPPORTED + * Key length or type not supported. + * \retval #PSA_ERROR_BUFFER_TOO_SMALL + * The size of \p key_buffer is too small. + */ +psa_status_t mbedtls_psa_mlkem_generate_key( + const psa_key_bits_t bits, + uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length); + +/** + * \brief Encapsulate an MLKEM key. + * + * \param[in] attributes The attributes for the key to encapsulate. + * \param[in] key_buffer Buffer holding the key data. + * \param[in] key_buffer_size Size of \p key_buffer in bytes. + * \param[out] output_key_buffer Buffer holding the key data. + * \param[out] output_key_buffer_size Size of \p output_key_buffer in bytes. + * \param[out] ciphertext Buffer where the ciphertext is to be written. + * \param[in] ciphertext_size Size of \p ciphertext in bytes. + * \param[out] ciphertext_length On success, the number of bytes written in + * \p ciphertext. + * + * \retval #PSA_SUCCESS + * The key was successfully generated. + * \retval #PSA_ERROR_NOT_SUPPORTED + * Key length or type not supported. + * \retval #PSA_ERROR_BUFFER_TOO_SMALL + * The size of \p ciphertext is too small. + */ +psa_status_t mbedtls_psa_mlkem_encapsulate( + const psa_key_attributes_t *attributes, + uint8_t *key_buffer, + size_t key_buffer_size, + uint8_t *output_key_buffer, + size_t output_key_buffer_size, + uint8_t *ciphertext, + size_t ciphertext_size, + size_t *ciphertext_length); + +/** + * \brief Decapsulate MLKEM ciphertext. + * + * \param[in] bits The algorithm strength in bits. + * \param[in] key_buffer Buffer holding the key data. + * \param[in] key_buffer_size Size of \p key_buffer in bytes. + * \param[in] ciphertext Buffer holding the ciphertext data. + * \param[in] ciphertext_len Size of \p ciphertext in bytes. + * \param[out] shared_secret Buffer where the shared secret is to be written. + * \param[out] shared_secret_len On success, the number of bytes written in + * \p shared_secret. + * + * \retval #PSA_SUCCESS + * The key was successfully generated. + * \retval #PSA_ERROR_NOT_SUPPORTED + * Key length or type not supported. + */ +psa_status_t mbedtls_psa_mlkem_decapsulate( + const psa_key_bits_t bits, + uint8_t *key_buffer, + size_t key_buffer_size, + const uint8_t *ciphertext, + size_t ciphertext_len, + uint8_t *shared_secret, + size_t *shared_secret_len); + +#endif /* PSA_CRYPTO_MLKEM_H */ \ No newline at end of file diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c index 38dc3b8edc2..15d3cd2becf 100644 --- a/library/psa_crypto_rsa.c +++ b/library/psa_crypto_rsa.c @@ -92,6 +92,18 @@ psa_status_t mbedtls_psa_rsa_load_representation( goto exit; } +#if defined (MBEDTLS_PSA_CRYPTO_ACCEL_DRV_C) && defined(MBEDTLS_RSA_ALT) + if (PSA_KEY_TYPE_IS_VENDOR_DEFINED(type)) + { + /* Setup the vendor context flag */ + (*p_rsa)->vendor_ctx = (bool *) true; + } + else + { + /* Do nothing */ + } +#endif /* MBEDTLS_PSA_CRYPTO_ACCEL_DRV_C */ + exit: return status; } @@ -214,7 +226,7 @@ psa_status_t mbedtls_psa_rsa_export_public_key( * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */ #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE) -static psa_status_t psa_rsa_read_exponent(const uint8_t *e_bytes, +psa_status_t psa_rsa_read_exponent(const uint8_t *e_bytes, size_t e_length, int *exponent) { @@ -631,7 +643,7 @@ psa_status_t mbedtls_psa_asymmetric_decrypt(const psa_key_attributes_t *attribut *output_length = 0; - if (attributes->type == PSA_KEY_TYPE_RSA_KEY_PAIR) { + if( PSA_KEY_TYPE_IS_RSA_KEY_PAIR (attributes->type) ) { #if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) mbedtls_rsa_context *rsa = NULL; diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index f1a651f0d90..8f48c29f806 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -27,6 +27,9 @@ #include "mbedtls/threading.h" #endif +#if defined (MBEDTLS_PSA_CRYPTO_ACCEL_DRV_C) +#include "psa/crypto_accel_driver.h" +#endif /* Make sure we have distinct ranges of key identifiers for distinct @@ -710,9 +713,20 @@ static psa_status_t psa_load_persistent_key_into_slot(psa_key_slot_t *slot) } #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ - status = psa_copy_key_material_into_slot(slot, key_data, key_data_length); - if (status != PSA_SUCCESS) { - goto exit; +#if defined (MBEDTLS_PSA_CRYPTO_ACCEL_DRV_C) + + if (PSA_KEY_TYPE_IS_VENDOR_DEFINED(slot->attr.type)) + { + status = psa_import_key_into_slot_vendor( &slot->attr, slot, key_data, key_data_length, NULL, false); + goto exit; + } + else +#endif /* MBEDTLS_PSA_CRYPTO_ACCEL_DRV_C */ + { + status = psa_copy_key_material_into_slot( slot, key_data, key_data_length ); + if (status != PSA_SUCCESS) { + goto exit; + } } exit: diff --git a/library/rsa.c b/library/rsa.c index 557faaf3635..0c97b40e723 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -48,6 +48,7 @@ #include "mbedtls/platform.h" +#if defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT) /* * Wrapper around mbedtls_asn1_get_mpi() that rejects zero. * @@ -411,6 +412,7 @@ int mbedtls_rsa_write_pubkey(const mbedtls_rsa_context *rsa, unsigned char *star return (int) len; } +#endif /* MBEDTLS_RSA_C && !MBEDTLS_RSA_ALT */ #if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT) diff --git a/library/sha3.c b/library/sha3.c index 57385595f56..0c0f16b9198 100644 --- a/library/sha3.c +++ b/library/sha3.c @@ -47,6 +47,7 @@ #include +#if !defined(MBEDTLS_SHA3_ALT) #if defined(MBEDTLS_SELF_TEST) #include "mbedtls/platform.h" #endif /* MBEDTLS_SELF_TEST */ @@ -717,5 +718,5 @@ int mbedtls_sha3_self_test(int verbose) return 0; } #endif /* MBEDTLS_SELF_TEST */ - +#endif /* MBEDTLS_SHA3_ALT */ #endif /* MBEDTLS_SHA3_C */