mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-21 23:42:31 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Make it possible to enable CTR_DRBG/PSA without a PSA AES driver

Browse Source 
Make it possible, but not officially supported, to switch the CTR_DRBG
module to PSA mode even if MBEDTLS_AES_C is defined. This is not really
useful in practice, but is convenient to test the PSA mode without setting
up drivers.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2024-06-20 21:47:31 +02:00
parent cd693c36fd
commit 4804847b15
4 changed files with 47 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
include/mbedtls/ctr_drbg.h
View File

@ -32,9 +32,24 @@
#include "mbedtls/build_info.h" #include "mbedtls/build_info.h"
/* In case AES_C is defined then it is the primary option for backward /* The CTR_DRBG implementation can either directly call the low-level AES
* compatibility purposes. If that's not available, PSA is used instead */ * module (gated by MBEDTLS_AES_C) or call the PSA API to perform AES
#if defined(MBEDTLS_AES_C) * operations. Calling the AES module directly is the default, both for
* maximum backward compatibility and because it's a bit more efficient
* (less glue code).
*
* When MBEDTLS_AES_C is disabled, the CTR_DRBG module calls PSA crypto and
* thus benefits from the PSA AES accelerator driver.
* It is technically possible to enable MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO
* to use PSA even when MBEDTLS_AES_C is disabled, but there is very little
* reason to do so other than testing purposes and this is not officially
* supported.
*/
#if !defined(MBEDTLS_AES_C)
#define MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO
#endif
#if !defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO)
#include "mbedtls/aes.h" #include "mbedtls/aes.h"
#else #else
#include "psa/crypto.h" #include "psa/crypto.h"
@ -157,7 +172,7 @@ extern "C" {
#define MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN (MBEDTLS_CTR_DRBG_ENTROPY_LEN + 1) / 2 #define MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN (MBEDTLS_CTR_DRBG_ENTROPY_LEN + 1) / 2
#endif #endif
#if !defined(MBEDTLS_AES_C) #if defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO)
typedef struct mbedtls_ctr_drbg_psa_context { typedef struct mbedtls_ctr_drbg_psa_context {
mbedtls_svc_key_id_t key_id; mbedtls_svc_key_id_t key_id;
psa_cipher_operation_t operation; psa_cipher_operation_t operation;
@ -189,7 +204,7 @@ typedef struct mbedtls_ctr_drbg_context {
* This is the maximum number of requests * This is the maximum number of requests
* that can be made between reseedings. */ * that can be made between reseedings. */
#if defined(MBEDTLS_AES_C) #if !defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO)
mbedtls_aes_context MBEDTLS_PRIVATE(aes_ctx); /*!< The AES context. */ mbedtls_aes_context MBEDTLS_PRIVATE(aes_ctx); /*!< The AES context. */
#else #else
mbedtls_ctr_drbg_psa_context MBEDTLS_PRIVATE(psa_ctx); /*!< The PSA context. */ mbedtls_ctr_drbg_psa_context MBEDTLS_PRIVATE(psa_ctx); /*!< The PSA context. */

30
library/ctr_drbg.c
View File

@ -26,13 +26,13 @@
#endif #endif
/* Using error translation functions from PSA to MbedTLS */ /* Using error translation functions from PSA to MbedTLS */
#if !defined(MBEDTLS_AES_C) #if defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO)
#include "psa_util_internal.h" #include "psa_util_internal.h"
#endif #endif
#include "mbedtls/platform.h" #include "mbedtls/platform.h"
#if !defined(MBEDTLS_AES_C) #if defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO)
static psa_status_t ctr_drbg_setup_psa_context(mbedtls_ctr_drbg_psa_context *psa_ctx, static psa_status_t ctr_drbg_setup_psa_context(mbedtls_ctr_drbg_psa_context *psa_ctx,
unsigned char *key, size_t key_len) unsigned char *key, size_t key_len)
{ {
@ -73,7 +73,7 @@ static void ctr_drbg_destroy_psa_contex(mbedtls_ctr_drbg_psa_context *psa_ctx)
void mbedtls_ctr_drbg_init(mbedtls_ctr_drbg_context *ctx) void mbedtls_ctr_drbg_init(mbedtls_ctr_drbg_context *ctx)
{ {
memset(ctx, 0, sizeof(mbedtls_ctr_drbg_context)); memset(ctx, 0, sizeof(mbedtls_ctr_drbg_context));
#if defined(MBEDTLS_AES_C) #if !defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO)
mbedtls_aes_init(&ctx->aes_ctx); mbedtls_aes_init(&ctx->aes_ctx);
#else #else
ctx->psa_ctx.key_id = MBEDTLS_SVC_KEY_ID_INIT; ctx->psa_ctx.key_id = MBEDTLS_SVC_KEY_ID_INIT;
@ -102,7 +102,7 @@ void mbedtls_ctr_drbg_free(mbedtls_ctr_drbg_context *ctx)
mbedtls_mutex_free(&ctx->mutex); mbedtls_mutex_free(&ctx->mutex);
} }
#endif #endif
#if defined(MBEDTLS_AES_C) #if !defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO)
mbedtls_aes_free(&ctx->aes_ctx); mbedtls_aes_free(&ctx->aes_ctx);
#else #else
ctr_drbg_destroy_psa_contex(&ctx->psa_ctx); ctr_drbg_destroy_psa_contex(&ctx->psa_ctx);
@ -168,7 +168,7 @@ static int block_cipher_df(unsigned char *output,
unsigned char chain[MBEDTLS_CTR_DRBG_BLOCKSIZE]; unsigned char chain[MBEDTLS_CTR_DRBG_BLOCKSIZE];
unsigned char *p, *iv; unsigned char *p, *iv;
int ret = 0; int ret = 0;
#if defined(MBEDTLS_AES_C) #if !defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO)
mbedtls_aes_context aes_ctx; mbedtls_aes_context aes_ctx;
#else #else
psa_status_t status; psa_status_t status;
@ -209,7 +209,7 @@ static int block_cipher_df(unsigned char *output,
key[i] = i; key[i] = i;
} }
#if defined(MBEDTLS_AES_C) #if !defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO)
mbedtls_aes_init(&aes_ctx); mbedtls_aes_init(&aes_ctx);
if ((ret = mbedtls_aes_setkey_enc(&aes_ctx, key, if ((ret = mbedtls_aes_setkey_enc(&aes_ctx, key,
@ -238,7 +238,7 @@ static int block_cipher_df(unsigned char *output,
use_len -= (use_len >= MBEDTLS_CTR_DRBG_BLOCKSIZE) ? use_len -= (use_len >= MBEDTLS_CTR_DRBG_BLOCKSIZE) ?
MBEDTLS_CTR_DRBG_BLOCKSIZE : use_len; MBEDTLS_CTR_DRBG_BLOCKSIZE : use_len;
#if defined(MBEDTLS_AES_C) #if !defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO)
if ((ret = mbedtls_aes_crypt_ecb(&aes_ctx, MBEDTLS_AES_ENCRYPT, if ((ret = mbedtls_aes_crypt_ecb(&aes_ctx, MBEDTLS_AES_ENCRYPT,
chain, chain)) != 0) { chain, chain)) != 0) {
goto exit; goto exit;
@ -264,7 +264,7 @@ static int block_cipher_df(unsigned char *output,
/* /*
* Do final encryption with reduced data * Do final encryption with reduced data
*/ */
#if defined(MBEDTLS_AES_C) #if !defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO)
if ((ret = mbedtls_aes_setkey_enc(&aes_ctx, tmp, if ((ret = mbedtls_aes_setkey_enc(&aes_ctx, tmp,
MBEDTLS_CTR_DRBG_KEYBITS)) != 0) { MBEDTLS_CTR_DRBG_KEYBITS)) != 0) {
goto exit; goto exit;
@ -282,7 +282,7 @@ static int block_cipher_df(unsigned char *output,
p = output; p = output;
for (j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE) { for (j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE) {
#if defined(MBEDTLS_AES_C) #if !defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO)
if ((ret = mbedtls_aes_crypt_ecb(&aes_ctx, MBEDTLS_AES_ENCRYPT, if ((ret = mbedtls_aes_crypt_ecb(&aes_ctx, MBEDTLS_AES_ENCRYPT,
iv, iv)) != 0) { iv, iv)) != 0) {
goto exit; goto exit;
@ -299,7 +299,7 @@ static int block_cipher_df(unsigned char *output,
p += MBEDTLS_CTR_DRBG_BLOCKSIZE; p += MBEDTLS_CTR_DRBG_BLOCKSIZE;
} }
exit: exit:
#if defined(MBEDTLS_AES_C) #if !defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO)
mbedtls_aes_free(&aes_ctx); mbedtls_aes_free(&aes_ctx);
#else #else
ctr_drbg_destroy_psa_contex(&psa_ctx); ctr_drbg_destroy_psa_contex(&psa_ctx);
@ -336,7 +336,7 @@ static int ctr_drbg_update_internal(mbedtls_ctr_drbg_context *ctx,
unsigned char *p = tmp; unsigned char *p = tmp;
int j; int j;
int ret = 0; int ret = 0;
#if !defined(MBEDTLS_AES_C) #if defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO)
psa_status_t status; psa_status_t status;
size_t tmp_len; size_t tmp_len;
#endif #endif
@ -352,7 +352,7 @@ static int ctr_drbg_update_internal(mbedtls_ctr_drbg_context *ctx,
/* /*
* Crypt counter block * Crypt counter block
*/ */
#if defined(MBEDTLS_AES_C) #if !defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO)
if ((ret = mbedtls_aes_crypt_ecb(&ctx->aes_ctx, MBEDTLS_AES_ENCRYPT, if ((ret = mbedtls_aes_crypt_ecb(&ctx->aes_ctx, MBEDTLS_AES_ENCRYPT,
ctx->counter, p)) != 0) { ctx->counter, p)) != 0) {
goto exit; goto exit;
@ -374,7 +374,7 @@ static int ctr_drbg_update_internal(mbedtls_ctr_drbg_context *ctx,
/* /*
* Update key and counter * Update key and counter
*/ */
#if defined(MBEDTLS_AES_C) #if !defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO)
if ((ret = mbedtls_aes_setkey_enc(&ctx->aes_ctx, tmp, if ((ret = mbedtls_aes_setkey_enc(&ctx->aes_ctx, tmp,
MBEDTLS_CTR_DRBG_KEYBITS)) != 0) { MBEDTLS_CTR_DRBG_KEYBITS)) != 0) {
goto exit; goto exit;
@ -564,7 +564,7 @@ int mbedtls_ctr_drbg_seed(mbedtls_ctr_drbg_context *ctx,
good_nonce_len(ctx->entropy_len)); good_nonce_len(ctx->entropy_len));
/* Initialize with an empty key. */ /* Initialize with an empty key. */
#if defined(MBEDTLS_AES_C) #if !defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO)
if ((ret = mbedtls_aes_setkey_enc(&ctx->aes_ctx, key, if ((ret = mbedtls_aes_setkey_enc(&ctx->aes_ctx, key,
MBEDTLS_CTR_DRBG_KEYBITS)) != 0) { MBEDTLS_CTR_DRBG_KEYBITS)) != 0) {
return ret; return ret;
@ -655,7 +655,7 @@ int mbedtls_ctr_drbg_random_with_add(void *p_rng,
/* /*
* Crypt counter block * Crypt counter block
*/ */
#if defined(MBEDTLS_AES_C) #if !defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO)
if ((ret = mbedtls_aes_crypt_ecb(&ctx->aes_ctx, MBEDTLS_AES_ENCRYPT, if ((ret = mbedtls_aes_crypt_ecb(&ctx->aes_ctx, MBEDTLS_AES_ENCRYPT,
ctx->counter, locals.tmp)) != 0) { ctx->counter, locals.tmp)) != 0) {
goto exit; goto exit;

8
tests/include/test/psa_crypto_helpers.h
View File

@ -16,6 +16,8 @@
#include <psa/crypto.h> #include <psa/crypto.h>
#endif #endif
#include <mbedtls/ctr_drbg.h>
#if defined(MBEDTLS_PSA_CRYPTO_C) #if defined(MBEDTLS_PSA_CRYPTO_C)
/** Initialize the PSA Crypto subsystem. */ /** Initialize the PSA Crypto subsystem. */
#define PSA_INIT() PSA_ASSERT(psa_crypto_init()) #define PSA_INIT() PSA_ASSERT(psa_crypto_init())
@ -430,12 +432,12 @@ uint64_t mbedtls_test_parse_binary_string(data_t *bin_string);
* This is like #PSA_DONE except it does nothing under the same conditions as * This is like #PSA_DONE except it does nothing under the same conditions as
* #AES_PSA_INIT. * #AES_PSA_INIT.
*/ */
#if defined(MBEDTLS_AES_C) #if !defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO)
#define AES_PSA_INIT() ((void) 0) #define AES_PSA_INIT() ((void) 0)
#define AES_PSA_DONE() ((void) 0) #define AES_PSA_DONE() ((void) 0)
#else /* MBEDTLS_AES_C */ #else /* MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO */
#define AES_PSA_INIT() PSA_INIT() #define AES_PSA_INIT() PSA_INIT()
#define AES_PSA_DONE() PSA_DONE() #define AES_PSA_DONE() PSA_DONE()
#endif /* MBEDTLS_AES_C */ #endif /* MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO */
#endif /* PSA_CRYPTO_HELPERS_H */ #endif /* PSA_CRYPTO_HELPERS_H */

9
tests/src/psa_crypto_helpers.c
View File

@ -13,6 +13,10 @@
#include <psa_crypto_slot_management.h> #include <psa_crypto_slot_management.h>
#include <test/psa_crypto_helpers.h> #include <test/psa_crypto_helpers.h>
#if defined(MBEDTLS_CTR_DRBG_C)
#include <mbedtls/ctr_drbg.h>
#endif
#if defined(MBEDTLS_PSA_CRYPTO_C) #if defined(MBEDTLS_PSA_CRYPTO_C)
#include <psa/crypto.h> #include <psa/crypto.h>
@ -70,8 +74,9 @@ const char *mbedtls_test_helper_is_psa_leaking(void)
mbedtls_psa_get_stats(&stats); mbedtls_psa_get_stats(&stats);
#if defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_AES_C) && \ #if !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) && \
!defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) defined(MBEDTLS_CTR_DRBG_C) && \
defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO)
/* When AES_C is not defined and PSA does not have an external RNG, /* When AES_C is not defined and PSA does not have an external RNG,
* then CTR_DRBG uses PSA to perform AES-ECB. In this scenario 1 key * then CTR_DRBG uses PSA to perform AES-ECB. In this scenario 1 key
* slot is used internally from PSA to hold the AES key and it should * slot is used internally from PSA to hold the AES key and it should