refactor(mbedtls): use PSA API for auth_decrypt
This new version uses the multipart PSA AEAD API;
the authentication tag is verified via
a call to psa_aead_verify.
Change-Id: If4b7e6258223ae6fead1794d3e8d0004f0f387b3
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
diff --git a/drivers/auth/mbedtls/mbedtls_common.mk b/drivers/auth/mbedtls/mbedtls_common.mk
index e925e14..e37be59 100644
--- a/drivers/auth/mbedtls/mbedtls_common.mk
+++ b/drivers/auth/mbedtls/mbedtls_common.mk
@@ -74,6 +74,8 @@
psa_crypto_rsa.c \
psa_crypto_ecp.c \
psa_crypto_slot_management.c \
+ psa_crypto_aead.c \
+ psa_crypto_cipher.c \
psa_util.c \
)
endif
diff --git a/drivers/auth/mbedtls/mbedtls_psa_crypto.c b/drivers/auth/mbedtls/mbedtls_psa_crypto.c
index 53f8adf..f2ccf15 100644
--- a/drivers/auth/mbedtls/mbedtls_psa_crypto.c
+++ b/drivers/auth/mbedtls/mbedtls_psa_crypto.c
@@ -9,13 +9,11 @@
#include <string.h>
/* mbed TLS headers */
-#include <mbedtls/gcm.h>
#include <mbedtls/md.h>
#include <mbedtls/memory_buffer_alloc.h>
#include <mbedtls/oid.h>
#include <mbedtls/platform.h>
#include <mbedtls/psa_util.h>
-#include <mbedtls/version.h>
#include <mbedtls/x509.h>
#include <psa/crypto.h>
#include <psa/crypto_platform.h>
@@ -433,78 +431,61 @@
unsigned int iv_len, const void *tag,
unsigned int tag_len)
{
- mbedtls_gcm_context ctx;
- mbedtls_cipher_id_t cipher = MBEDTLS_CIPHER_ID_AES;
+ mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
+ psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_status_t psa_status = PSA_ERROR_GENERIC_ERROR;
unsigned char buf[DEC_OP_BUF_SIZE];
- unsigned char tag_buf[CRYPTO_MAX_TAG_SIZE];
unsigned char *pt = data_ptr;
size_t dec_len;
- int diff, i, rc;
- size_t output_length __unused;
+ size_t output_length;
- mbedtls_gcm_init(&ctx);
+ /* Load the key into the PSA key store. */
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT);
+ psa_set_key_algorithm(&attributes, PSA_ALG_GCM);
+ psa_set_key_type(&attributes, PSA_KEY_TYPE_AES);
- rc = mbedtls_gcm_setkey(&ctx, cipher, key, key_len * 8);
- if (rc != 0) {
- rc = CRYPTO_ERR_DECRYPTION;
- goto exit_gcm;
+ psa_status = psa_import_key(&attributes, key, key_len, &key_id);
+ if (psa_status != PSA_SUCCESS) {
+ return CRYPTO_ERR_DECRYPTION;
}
-#if (MBEDTLS_VERSION_MAJOR < 3)
- rc = mbedtls_gcm_starts(&ctx, MBEDTLS_GCM_DECRYPT, iv, iv_len, NULL, 0);
-#else
- rc = mbedtls_gcm_starts(&ctx, MBEDTLS_GCM_DECRYPT, iv, iv_len);
-#endif
- if (rc != 0) {
- rc = CRYPTO_ERR_DECRYPTION;
- goto exit_gcm;
+ /* Perform the decryption. */
+ psa_status = psa_aead_decrypt_setup(&operation, key_id, PSA_ALG_GCM);
+ if (psa_status != PSA_SUCCESS) {
+ goto err;
+ }
+
+ psa_status = psa_aead_set_nonce(&operation, iv, iv_len);
+ if (psa_status != PSA_SUCCESS) {
+ goto err;
}
while (len > 0) {
dec_len = MIN(sizeof(buf), len);
-#if (MBEDTLS_VERSION_MAJOR < 3)
- rc = mbedtls_gcm_update(&ctx, dec_len, pt, buf);
-#else
- rc = mbedtls_gcm_update(&ctx, pt, dec_len, buf, sizeof(buf), &output_length);
-#endif
-
- if (rc != 0) {
- rc = CRYPTO_ERR_DECRYPTION;
- goto exit_gcm;
+ psa_status = psa_aead_update(&operation, pt, dec_len, buf,
+ sizeof(buf), &output_length);
+ if (psa_status != PSA_SUCCESS) {
+ goto err;
}
- memcpy(pt, buf, dec_len);
- pt += dec_len;
+ memcpy(pt, buf, output_length);
+ pt += output_length;
len -= dec_len;
}
-#if (MBEDTLS_VERSION_MAJOR < 3)
- rc = mbedtls_gcm_finish(&ctx, tag_buf, sizeof(tag_buf));
-#else
- rc = mbedtls_gcm_finish(&ctx, NULL, 0, &output_length, tag_buf, sizeof(tag_buf));
-#endif
-
- if (rc != 0) {
- rc = CRYPTO_ERR_DECRYPTION;
- goto exit_gcm;
- }
-
- /* Check tag in "constant-time" */
- for (diff = 0, i = 0; i < tag_len; i++)
- diff |= ((const unsigned char *)tag)[i] ^ tag_buf[i];
-
- if (diff != 0) {
- rc = CRYPTO_ERR_DECRYPTION;
- goto exit_gcm;
+ /* Verify the tag. */
+ psa_status = psa_aead_verify(&operation, NULL, 0, &output_length, tag, tag_len);
+ if (psa_status == PSA_SUCCESS) {
+ psa_destroy_key(key_id);
+ return CRYPTO_SUCCESS;
}
- /* GCM decryption success */
- rc = CRYPTO_SUCCESS;
-
-exit_gcm:
- mbedtls_gcm_free(&ctx);
- return rc;
+err:
+ psa_aead_abort(&operation);
+ psa_destroy_key(key_id);
+ return CRYPTO_ERR_DECRYPTION;
}
/*