1*b0563631STom Van Eyck /** 2*b0563631STom Van Eyck * \file block_cipher.c 3*b0563631STom Van Eyck * 4*b0563631STom Van Eyck * \brief Lightweight abstraction layer for block ciphers with 128 bit blocks, 5*b0563631STom Van Eyck * for use by the GCM and CCM modules. 6*b0563631STom Van Eyck */ 7*b0563631STom Van Eyck /* 8*b0563631STom Van Eyck * Copyright The Mbed TLS Contributors 9*b0563631STom Van Eyck * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 10*b0563631STom Van Eyck */ 11*b0563631STom Van Eyck 12*b0563631STom Van Eyck #include "common.h" 13*b0563631STom Van Eyck 14*b0563631STom Van Eyck #if defined(MBEDTLS_BLOCK_CIPHER_SOME_PSA) 15*b0563631STom Van Eyck #include "psa/crypto.h" 16*b0563631STom Van Eyck #include "psa_crypto_core.h" 17*b0563631STom Van Eyck #include "psa_util_internal.h" 18*b0563631STom Van Eyck #endif 19*b0563631STom Van Eyck 20*b0563631STom Van Eyck #include "block_cipher_internal.h" 21*b0563631STom Van Eyck 22*b0563631STom Van Eyck #if defined(MBEDTLS_BLOCK_CIPHER_C) 23*b0563631STom Van Eyck 24*b0563631STom Van Eyck #if defined(MBEDTLS_BLOCK_CIPHER_SOME_PSA) 25*b0563631STom Van Eyck static psa_key_type_t psa_key_type_from_block_cipher_id(mbedtls_block_cipher_id_t cipher_id) 26*b0563631STom Van Eyck { 27*b0563631STom Van Eyck switch (cipher_id) { 28*b0563631STom Van Eyck #if defined(MBEDTLS_BLOCK_CIPHER_AES_VIA_PSA) 29*b0563631STom Van Eyck case MBEDTLS_BLOCK_CIPHER_ID_AES: 30*b0563631STom Van Eyck return PSA_KEY_TYPE_AES; 31*b0563631STom Van Eyck #endif 32*b0563631STom Van Eyck #if defined(MBEDTLS_BLOCK_CIPHER_ARIA_VIA_PSA) 33*b0563631STom Van Eyck case MBEDTLS_BLOCK_CIPHER_ID_ARIA: 34*b0563631STom Van Eyck return PSA_KEY_TYPE_ARIA; 35*b0563631STom Van Eyck #endif 36*b0563631STom Van Eyck #if defined(MBEDTLS_BLOCK_CIPHER_CAMELLIA_VIA_PSA) 37*b0563631STom Van Eyck case MBEDTLS_BLOCK_CIPHER_ID_CAMELLIA: 38*b0563631STom Van Eyck return PSA_KEY_TYPE_CAMELLIA; 39*b0563631STom Van Eyck #endif 40*b0563631STom Van Eyck default: 41*b0563631STom Van Eyck return PSA_KEY_TYPE_NONE; 42*b0563631STom Van Eyck } 43*b0563631STom Van Eyck } 44*b0563631STom Van Eyck 45*b0563631STom Van Eyck static int mbedtls_cipher_error_from_psa(psa_status_t status) 46*b0563631STom Van Eyck { 47*b0563631STom Van Eyck return PSA_TO_MBEDTLS_ERR_LIST(status, psa_to_cipher_errors, 48*b0563631STom Van Eyck psa_generic_status_to_mbedtls); 49*b0563631STom Van Eyck } 50*b0563631STom Van Eyck #endif /* MBEDTLS_BLOCK_CIPHER_SOME_PSA */ 51*b0563631STom Van Eyck 52*b0563631STom Van Eyck void mbedtls_block_cipher_free(mbedtls_block_cipher_context_t *ctx) 53*b0563631STom Van Eyck { 54*b0563631STom Van Eyck #if defined(MBEDTLS_BLOCK_CIPHER_SOME_PSA) 55*b0563631STom Van Eyck if (ctx->engine == MBEDTLS_BLOCK_CIPHER_ENGINE_PSA) { 56*b0563631STom Van Eyck psa_destroy_key(ctx->psa_key_id); 57*b0563631STom Van Eyck return; 58*b0563631STom Van Eyck } 59*b0563631STom Van Eyck #endif 60*b0563631STom Van Eyck switch (ctx->id) { 61*b0563631STom Van Eyck #if defined(MBEDTLS_AES_C) 62*b0563631STom Van Eyck case MBEDTLS_BLOCK_CIPHER_ID_AES: 63*b0563631STom Van Eyck mbedtls_aes_free(&ctx->ctx.aes); 64*b0563631STom Van Eyck break; 65*b0563631STom Van Eyck #endif 66*b0563631STom Van Eyck #if defined(MBEDTLS_ARIA_C) 67*b0563631STom Van Eyck case MBEDTLS_BLOCK_CIPHER_ID_ARIA: 68*b0563631STom Van Eyck mbedtls_aria_free(&ctx->ctx.aria); 69*b0563631STom Van Eyck break; 70*b0563631STom Van Eyck #endif 71*b0563631STom Van Eyck #if defined(MBEDTLS_CAMELLIA_C) 72*b0563631STom Van Eyck case MBEDTLS_BLOCK_CIPHER_ID_CAMELLIA: 73*b0563631STom Van Eyck mbedtls_camellia_free(&ctx->ctx.camellia); 74*b0563631STom Van Eyck break; 75*b0563631STom Van Eyck #endif 76*b0563631STom Van Eyck default: 77*b0563631STom Van Eyck break; 78*b0563631STom Van Eyck } 79*b0563631STom Van Eyck ctx->id = MBEDTLS_BLOCK_CIPHER_ID_NONE; 80*b0563631STom Van Eyck } 81*b0563631STom Van Eyck 82*b0563631STom Van Eyck int mbedtls_block_cipher_setup(mbedtls_block_cipher_context_t *ctx, 83*b0563631STom Van Eyck mbedtls_cipher_id_t cipher_id) 84*b0563631STom Van Eyck { 85*b0563631STom Van Eyck ctx->id = (cipher_id == MBEDTLS_CIPHER_ID_AES) ? MBEDTLS_BLOCK_CIPHER_ID_AES : 86*b0563631STom Van Eyck (cipher_id == MBEDTLS_CIPHER_ID_ARIA) ? MBEDTLS_BLOCK_CIPHER_ID_ARIA : 87*b0563631STom Van Eyck (cipher_id == MBEDTLS_CIPHER_ID_CAMELLIA) ? MBEDTLS_BLOCK_CIPHER_ID_CAMELLIA : 88*b0563631STom Van Eyck MBEDTLS_BLOCK_CIPHER_ID_NONE; 89*b0563631STom Van Eyck 90*b0563631STom Van Eyck #if defined(MBEDTLS_BLOCK_CIPHER_SOME_PSA) 91*b0563631STom Van Eyck psa_key_type_t psa_key_type = psa_key_type_from_block_cipher_id(ctx->id); 92*b0563631STom Van Eyck if (psa_key_type != PSA_KEY_TYPE_NONE && 93*b0563631STom Van Eyck psa_can_do_cipher(psa_key_type, PSA_ALG_ECB_NO_PADDING)) { 94*b0563631STom Van Eyck ctx->engine = MBEDTLS_BLOCK_CIPHER_ENGINE_PSA; 95*b0563631STom Van Eyck return 0; 96*b0563631STom Van Eyck } 97*b0563631STom Van Eyck ctx->engine = MBEDTLS_BLOCK_CIPHER_ENGINE_LEGACY; 98*b0563631STom Van Eyck #endif 99*b0563631STom Van Eyck 100*b0563631STom Van Eyck switch (ctx->id) { 101*b0563631STom Van Eyck #if defined(MBEDTLS_AES_C) 102*b0563631STom Van Eyck case MBEDTLS_BLOCK_CIPHER_ID_AES: 103*b0563631STom Van Eyck mbedtls_aes_init(&ctx->ctx.aes); 104*b0563631STom Van Eyck return 0; 105*b0563631STom Van Eyck #endif 106*b0563631STom Van Eyck #if defined(MBEDTLS_ARIA_C) 107*b0563631STom Van Eyck case MBEDTLS_BLOCK_CIPHER_ID_ARIA: 108*b0563631STom Van Eyck mbedtls_aria_init(&ctx->ctx.aria); 109*b0563631STom Van Eyck return 0; 110*b0563631STom Van Eyck #endif 111*b0563631STom Van Eyck #if defined(MBEDTLS_CAMELLIA_C) 112*b0563631STom Van Eyck case MBEDTLS_BLOCK_CIPHER_ID_CAMELLIA: 113*b0563631STom Van Eyck mbedtls_camellia_init(&ctx->ctx.camellia); 114*b0563631STom Van Eyck return 0; 115*b0563631STom Van Eyck #endif 116*b0563631STom Van Eyck default: 117*b0563631STom Van Eyck ctx->id = MBEDTLS_BLOCK_CIPHER_ID_NONE; 118*b0563631STom Van Eyck return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; 119*b0563631STom Van Eyck } 120*b0563631STom Van Eyck } 121*b0563631STom Van Eyck 122*b0563631STom Van Eyck int mbedtls_block_cipher_setkey(mbedtls_block_cipher_context_t *ctx, 123*b0563631STom Van Eyck const unsigned char *key, 124*b0563631STom Van Eyck unsigned key_bitlen) 125*b0563631STom Van Eyck { 126*b0563631STom Van Eyck #if defined(MBEDTLS_BLOCK_CIPHER_SOME_PSA) 127*b0563631STom Van Eyck if (ctx->engine == MBEDTLS_BLOCK_CIPHER_ENGINE_PSA) { 128*b0563631STom Van Eyck psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; 129*b0563631STom Van Eyck psa_status_t status; 130*b0563631STom Van Eyck 131*b0563631STom Van Eyck psa_set_key_type(&key_attr, psa_key_type_from_block_cipher_id(ctx->id)); 132*b0563631STom Van Eyck psa_set_key_bits(&key_attr, key_bitlen); 133*b0563631STom Van Eyck psa_set_key_algorithm(&key_attr, PSA_ALG_ECB_NO_PADDING); 134*b0563631STom Van Eyck psa_set_key_usage_flags(&key_attr, PSA_KEY_USAGE_ENCRYPT); 135*b0563631STom Van Eyck 136*b0563631STom Van Eyck status = psa_import_key(&key_attr, key, PSA_BITS_TO_BYTES(key_bitlen), &ctx->psa_key_id); 137*b0563631STom Van Eyck if (status != PSA_SUCCESS) { 138*b0563631STom Van Eyck return mbedtls_cipher_error_from_psa(status); 139*b0563631STom Van Eyck } 140*b0563631STom Van Eyck psa_reset_key_attributes(&key_attr); 141*b0563631STom Van Eyck 142*b0563631STom Van Eyck return 0; 143*b0563631STom Van Eyck } 144*b0563631STom Van Eyck #endif /* MBEDTLS_BLOCK_CIPHER_SOME_PSA */ 145*b0563631STom Van Eyck 146*b0563631STom Van Eyck switch (ctx->id) { 147*b0563631STom Van Eyck #if defined(MBEDTLS_AES_C) 148*b0563631STom Van Eyck case MBEDTLS_BLOCK_CIPHER_ID_AES: 149*b0563631STom Van Eyck return mbedtls_aes_setkey_enc(&ctx->ctx.aes, key, key_bitlen); 150*b0563631STom Van Eyck #endif 151*b0563631STom Van Eyck #if defined(MBEDTLS_ARIA_C) 152*b0563631STom Van Eyck case MBEDTLS_BLOCK_CIPHER_ID_ARIA: 153*b0563631STom Van Eyck return mbedtls_aria_setkey_enc(&ctx->ctx.aria, key, key_bitlen); 154*b0563631STom Van Eyck #endif 155*b0563631STom Van Eyck #if defined(MBEDTLS_CAMELLIA_C) 156*b0563631STom Van Eyck case MBEDTLS_BLOCK_CIPHER_ID_CAMELLIA: 157*b0563631STom Van Eyck return mbedtls_camellia_setkey_enc(&ctx->ctx.camellia, key, key_bitlen); 158*b0563631STom Van Eyck #endif 159*b0563631STom Van Eyck default: 160*b0563631STom Van Eyck return MBEDTLS_ERR_CIPHER_INVALID_CONTEXT; 161*b0563631STom Van Eyck } 162*b0563631STom Van Eyck } 163*b0563631STom Van Eyck 164*b0563631STom Van Eyck int mbedtls_block_cipher_encrypt(mbedtls_block_cipher_context_t *ctx, 165*b0563631STom Van Eyck const unsigned char input[16], 166*b0563631STom Van Eyck unsigned char output[16]) 167*b0563631STom Van Eyck { 168*b0563631STom Van Eyck #if defined(MBEDTLS_BLOCK_CIPHER_SOME_PSA) 169*b0563631STom Van Eyck if (ctx->engine == MBEDTLS_BLOCK_CIPHER_ENGINE_PSA) { 170*b0563631STom Van Eyck psa_status_t status; 171*b0563631STom Van Eyck size_t olen; 172*b0563631STom Van Eyck 173*b0563631STom Van Eyck status = psa_cipher_encrypt(ctx->psa_key_id, PSA_ALG_ECB_NO_PADDING, 174*b0563631STom Van Eyck input, 16, output, 16, &olen); 175*b0563631STom Van Eyck if (status != PSA_SUCCESS) { 176*b0563631STom Van Eyck return mbedtls_cipher_error_from_psa(status); 177*b0563631STom Van Eyck } 178*b0563631STom Van Eyck return 0; 179*b0563631STom Van Eyck } 180*b0563631STom Van Eyck #endif /* MBEDTLS_BLOCK_CIPHER_SOME_PSA */ 181*b0563631STom Van Eyck 182*b0563631STom Van Eyck switch (ctx->id) { 183*b0563631STom Van Eyck #if defined(MBEDTLS_AES_C) 184*b0563631STom Van Eyck case MBEDTLS_BLOCK_CIPHER_ID_AES: 185*b0563631STom Van Eyck return mbedtls_aes_crypt_ecb(&ctx->ctx.aes, MBEDTLS_AES_ENCRYPT, 186*b0563631STom Van Eyck input, output); 187*b0563631STom Van Eyck #endif 188*b0563631STom Van Eyck #if defined(MBEDTLS_ARIA_C) 189*b0563631STom Van Eyck case MBEDTLS_BLOCK_CIPHER_ID_ARIA: 190*b0563631STom Van Eyck return mbedtls_aria_crypt_ecb(&ctx->ctx.aria, input, output); 191*b0563631STom Van Eyck #endif 192*b0563631STom Van Eyck #if defined(MBEDTLS_CAMELLIA_C) 193*b0563631STom Van Eyck case MBEDTLS_BLOCK_CIPHER_ID_CAMELLIA: 194*b0563631STom Van Eyck return mbedtls_camellia_crypt_ecb(&ctx->ctx.camellia, 195*b0563631STom Van Eyck MBEDTLS_CAMELLIA_ENCRYPT, 196*b0563631STom Van Eyck input, output); 197*b0563631STom Van Eyck #endif 198*b0563631STom Van Eyck default: 199*b0563631STom Van Eyck return MBEDTLS_ERR_CIPHER_INVALID_CONTEXT; 200*b0563631STom Van Eyck } 201*b0563631STom Van Eyck } 202*b0563631STom Van Eyck 203*b0563631STom Van Eyck #endif /* MBEDTLS_BLOCK_CIPHER_C */ 204