mbed TLS v3.4.0
psa_util.h
Go to the documentation of this file.
1 
9 /*
10  * Copyright The Mbed TLS Contributors
11  * SPDX-License-Identifier: Apache-2.0
12  *
13  * Licensed under the Apache License, Version 2.0 (the "License"); you may
14  * not use this file except in compliance with the License.
15  * You may obtain a copy of the License at
16  *
17  * http://www.apache.org/licenses/LICENSE-2.0
18  *
19  * Unless required by applicable law or agreed to in writing, software
20  * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
21  * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
22  * See the License for the specific language governing permissions and
23  * limitations under the License.
24  */
25 
26 #ifndef MBEDTLS_PSA_UTIL_H
27 #define MBEDTLS_PSA_UTIL_H
28 #include "mbedtls/private_access.h"
29 
30 #include "mbedtls/build_info.h"
31 
32 #if defined(MBEDTLS_PSA_CRYPTO_C)
33 
34 #include "psa/crypto.h"
35 
36 #include "mbedtls/ecp.h"
37 #include "mbedtls/md.h"
38 #include "mbedtls/pk.h"
39 #include "mbedtls/oid.h"
40 #include "mbedtls/error.h"
41 
42 #include <string.h>
43 
44 /* Translations for symmetric crypto. */
45 
47  mbedtls_cipher_type_t cipher)
48 {
49  switch (cipher) {
65  return PSA_KEY_TYPE_AES;
66 
67  /* ARIA not yet supported in PSA. */
68  /* case MBEDTLS_CIPHER_ARIA_128_CCM:
69  case MBEDTLS_CIPHER_ARIA_192_CCM:
70  case MBEDTLS_CIPHER_ARIA_256_CCM:
71  case MBEDTLS_CIPHER_ARIA_128_CCM_STAR_NO_TAG:
72  case MBEDTLS_CIPHER_ARIA_192_CCM_STAR_NO_TAG:
73  case MBEDTLS_CIPHER_ARIA_256_CCM_STAR_NO_TAG:
74  case MBEDTLS_CIPHER_ARIA_128_GCM:
75  case MBEDTLS_CIPHER_ARIA_192_GCM:
76  case MBEDTLS_CIPHER_ARIA_256_GCM:
77  case MBEDTLS_CIPHER_ARIA_128_CBC:
78  case MBEDTLS_CIPHER_ARIA_192_CBC:
79  case MBEDTLS_CIPHER_ARIA_256_CBC:
80  return( PSA_KEY_TYPE_ARIA ); */
81 
82  default:
83  return 0;
84  }
85 }
86 
88  mbedtls_cipher_mode_t mode, size_t taglen)
89 {
90  switch (mode) {
91  case MBEDTLS_MODE_ECB:
93  case MBEDTLS_MODE_GCM:
95  case MBEDTLS_MODE_CCM:
99  case MBEDTLS_MODE_CBC:
100  if (taglen == 0) {
101  return PSA_ALG_CBC_NO_PADDING;
102  } else {
103  return 0;
104  }
105  default:
106  return 0;
107  }
108 }
109 
112 {
113  switch (op) {
114  case MBEDTLS_ENCRYPT:
115  return PSA_KEY_USAGE_ENCRYPT;
116  case MBEDTLS_DECRYPT:
117  return PSA_KEY_USAGE_DECRYPT;
118  default:
119  return 0;
120  }
121 }
122 
123 /* Translations for hashing. */
124 
125 /* Note: this function should not be used from inside the library, use
126  * mbedtls_hash_info_psa_from_md() from the internal hash_info.h instead.
127  * It is kept only for compatibility in case applications were using it. */
129 {
130  switch (md_alg) {
131 #if defined(MBEDTLS_MD5_C) || defined(PSA_WANT_ALG_MD5)
132  case MBEDTLS_MD_MD5:
133  return PSA_ALG_MD5;
134 #endif
135 #if defined(MBEDTLS_SHA1_C) || defined(PSA_WANT_ALG_SHA_1)
136  case MBEDTLS_MD_SHA1:
137  return PSA_ALG_SHA_1;
138 #endif
139 #if defined(MBEDTLS_SHA224_C) || defined(PSA_WANT_ALG_SHA_224)
140  case MBEDTLS_MD_SHA224:
141  return PSA_ALG_SHA_224;
142 #endif
143 #if defined(MBEDTLS_SHA256_C) || defined(PSA_WANT_ALG_SHA_256)
144  case MBEDTLS_MD_SHA256:
145  return PSA_ALG_SHA_256;
146 #endif
147 #if defined(MBEDTLS_SHA384_C) || defined(PSA_WANT_ALG_SHA_384)
148  case MBEDTLS_MD_SHA384:
149  return PSA_ALG_SHA_384;
150 #endif
151 #if defined(MBEDTLS_SHA512_C) || defined(PSA_WANT_ALG_SHA_512)
152  case MBEDTLS_MD_SHA512:
153  return PSA_ALG_SHA_512;
154 #endif
155 #if defined(MBEDTLS_RIPEMD160_C) || defined(PSA_WANT_ALG_RIPEMD160)
157  return PSA_ALG_RIPEMD160;
158 #endif
159  case MBEDTLS_MD_NONE:
160  return 0;
161  default:
162  return 0;
163  }
164 }
165 
166 /* Translations for ECC. */
167 
169  psa_ecc_family_t curve, size_t bits,
170  char const **oid, size_t *oid_len)
171 {
172  switch (curve) {
174  switch (bits) {
175 #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
176  case 192:
179  return 0;
180 #endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
181 #if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
182  case 224:
185  return 0;
186 #endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
187 #if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
188  case 256:
191  return 0;
192 #endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
193 #if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
194  case 384:
197  return 0;
198 #endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
199 #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
200  case 521:
203  return 0;
204 #endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
205  }
206  break;
208  switch (bits) {
209 #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
210  case 192:
213  return 0;
214 #endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
215 #if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
216  case 224:
219  return 0;
220 #endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
221 #if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
222  case 256:
225  return 0;
226 #endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
227  }
228  break;
230  switch (bits) {
231 #if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
232  case 256:
235  return 0;
236 #endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
237 #if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
238  case 384:
241  return 0;
242 #endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */
243 #if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
244  case 512:
247  return 0;
248 #endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
249  }
250  break;
251  }
252  (void) oid;
253  (void) oid_len;
254  return -1;
255 }
256 
257 #define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH \
258  PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)
259 
260 #define MBEDTLS_PSA_MAX_EC_KEY_PAIR_LENGTH \
261  PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)
262 
263 /* Expose whatever RNG the PSA subsystem uses to applications using the
264  * mbedtls_xxx API. The declarations and definitions here need to be
265  * consistent with the implementation in library/psa_crypto_random_impl.h.
266  * See that file for implementation documentation. */
267 
268 
269 /* The type of a `f_rng` random generator function that many library functions
270  * take.
271  *
272  * This type name is not part of the Mbed TLS stable API. It may be renamed
273  * or moved without warning.
274  */
275 typedef int mbedtls_f_rng_t(void *p_rng, unsigned char *output, size_t output_size);
276 
277 #if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
278 
314 int mbedtls_psa_get_random(void *p_rng,
315  unsigned char *output,
316  size_t output_size);
317 
328 #define MBEDTLS_PSA_RANDOM_STATE NULL
329 
330 #else /* !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) */
331 
332 #if defined(MBEDTLS_CTR_DRBG_C)
333 #include "mbedtls/ctr_drbg.h"
336 #elif defined(MBEDTLS_HMAC_DRBG_C)
337 #include "mbedtls/hmac_drbg.h"
340 #endif
342 
343 #define MBEDTLS_PSA_RANDOM_STATE mbedtls_psa_random_state
344 
345 #endif /* !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) */
346 
347 typedef struct {
349  int16_t mbedtls_error;
351 
352 #if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_MD5_C) || defined(MBEDTLS_USE_PSA_CRYPTO)
353 extern const mbedtls_error_pair_t psa_to_md_errors[4];
354 #endif
355 
356 #if defined(MBEDTLS_LMS_C)
358 #endif
359 
360 #if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
361 extern const mbedtls_error_pair_t psa_to_ssl_errors[7];
362 #endif
363 
364 #if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) || \
365  defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR)
367 #endif
368 
369 #if defined(MBEDTLS_USE_PSA_CRYPTO) && \
370  defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
371 extern const mbedtls_error_pair_t psa_to_pk_ecdsa_errors[7];
372 #endif
373 
374 /* Generic fallback function for error translation,
375  * when the received state was not module-specific. */
377 
378 /* This function iterates over provided local error translations,
379  * and if no match was found - calls the fallback error translation function. */
381  const mbedtls_error_pair_t *local_translations,
382  size_t local_errors_num,
383  int (*fallback_f)(psa_status_t));
384 
385 /* The second out of three-stage error handling functions of the pk module,
386  * acts as a fallback after RSA / ECDSA error translation, and if no match
387  * is found, it itself calls psa_generic_status_to_mbedtls. */
389 
390 /* Utility macro to shorten the defines of error translator in modules. */
391 #define PSA_TO_MBEDTLS_ERR_LIST(status, error_list, fallback_f) \
392  psa_status_to_mbedtls(status, error_list, \
393  sizeof(error_list)/sizeof(error_list[0]), \
394  fallback_f)
395 
396 #endif /* MBEDTLS_PSA_CRYPTO_C */
397 #endif /* MBEDTLS_PSA_UTIL_H */
The CTR_DRBG context structure.
Definition: ctr_drbg.h:170
mbedtls_operation_t
Definition: cipher.h:211
#define MBEDTLS_OID_EC_GRP_SECP192K1
Definition: oid.h:374
const mbedtls_error_pair_t psa_to_lms_errors[3]
#define PSA_ALG_ECB_NO_PADDING
mbedtls_cipher_mode_t
Definition: cipher.h:184
static psa_key_type_t mbedtls_psa_translate_cipher_type(mbedtls_cipher_type_t cipher)
Definition: psa_util.h:46
This file provides an API for Elliptic Curves over GF(P) (ECP).
int psa_status_to_mbedtls(psa_status_t status, const mbedtls_error_pair_t *local_translations, size_t local_errors_num, int(*fallback_f)(psa_status_t))
Platform Security Architecture cryptography module.
#define MBEDTLS_OID_EC_GRP_SECP192R1
Definition: oid.h:354
int mbedtls_hmac_drbg_random(void *p_rng, unsigned char *output, size_t out_len)
This function uses HMAC_DRBG to generate random data.
int mbedtls_ctr_drbg_random(void *p_rng, unsigned char *output, size_t output_len)
This function uses CTR_DRBG to generate random data.
#define PSA_ALG_GCM
#define MBEDTLS_OID_EC_GRP_SECP384R1
Definition: oid.h:366
#define PSA_ALG_AEAD_WITH_SHORTENED_TAG(aead_alg, tag_length)
#define PSA_ALG_SHA_256
mbedtls_cipher_type_t
Supported {cipher type, cipher mode} pairs.
Definition: cipher.h:96
Object Identifier (OID) database.
Public Key abstraction layer.
#define PSA_ALG_SHA_512
Error to string translation.
#define MBEDTLS_OID_EC_GRP_SECP256R1
Definition: oid.h:362
#define PSA_ALG_SHA_224
#define PSA_ALG_RIPEMD160
#define MBEDTLS_OID_EC_GRP_BP256R1
Definition: oid.h:393
int mbedtls_f_rng_t(void *p_rng, unsigned char *output, size_t output_size)
Definition: psa_util.h:275
static psa_key_usage_t mbedtls_psa_translate_cipher_operation(mbedtls_operation_t op)
Definition: psa_util.h:110
const mbedtls_error_pair_t psa_to_pk_rsa_errors[8]
#define MBEDTLS_OID_EC_GRP_SECP224K1
Definition: oid.h:378
#define PSA_ALG_SHA_384
#define PSA_KEY_USAGE_DECRYPT
static int mbedtls_psa_get_ecc_oid_from_id(psa_ecc_family_t curve, size_t bits, char const **oid, size_t *oid_len)
Definition: psa_util.h:168
#define PSA_ALG_CBC_NO_PADDING
#define PSA_ECC_FAMILY_BRAINPOOL_P_R1
int psa_generic_status_to_mbedtls(psa_status_t status)
static psa_algorithm_t mbedtls_psa_translate_md(mbedtls_md_type_t md_alg)
Definition: psa_util.h:128
#define MBEDTLS_OID_EC_GRP_BP512R1
Definition: oid.h:399
#define MBEDTLS_OID_EC_GRP_SECP521R1
Definition: oid.h:370
uint32_t psa_algorithm_t
Encoding of a cryptographic algorithm.
Definition: crypto_types.h:139
mbedtls_psa_drbg_context_t *const mbedtls_psa_random_state
#define PSA_ECC_FAMILY_SECP_R1
Macro wrapper for struct's members.
uint32_t psa_key_usage_t
Encoding of permitted usage on a key.
Definition: crypto_types.h:328
#define PSA_KEY_TYPE_AES
uint16_t psa_key_type_t
Encoding of a key type.
Definition: crypto_types.h:83
int16_t mbedtls_error
Definition: psa_util.h:349
Build-time configuration info.
#define MBEDTLS_OID_EC_GRP_SECP224R1
Definition: oid.h:358
static psa_algorithm_t mbedtls_psa_translate_cipher_mode(mbedtls_cipher_mode_t mode, size_t taglen)
Definition: psa_util.h:87
This file contains the generic functions for message-digest (hashing) and HMAC.
#define MBEDTLS_OID_SIZE(x)
Definition: asn1.h:126
mbedtls_ctr_drbg_context mbedtls_psa_drbg_context_t
Definition: psa_util.h:334
#define PSA_ALG_CCM_STAR_NO_TAG
static mbedtls_f_rng_t *const mbedtls_psa_get_random
Definition: psa_util.h:335
#define PSA_ALG_CCM
#define MBEDTLS_OID_EC_GRP_BP384R1
Definition: oid.h:396
#define PSA_ECC_FAMILY_SECP_K1
int psa_pk_status_to_mbedtls(psa_status_t status)
#define MBEDTLS_OID_EC_GRP_SECP256K1
Definition: oid.h:382
#define PSA_ALG_SHA_1
psa_status_t psa_status
Definition: psa_util.h:348
#define PSA_ALG_MD5
uint8_t psa_ecc_family_t
Definition: crypto_types.h:102
mbedtls_md_type_t
Supported message digests.
Definition: md.h:143
int32_t psa_status_t
Function return status.
Definition: crypto_types.h:64
#define PSA_KEY_USAGE_ENCRYPT
This file contains definitions and functions for the CTR_DRBG pseudorandom generator.
The HMAC_DRBG pseudorandom generator.