Skip to content

Commit

Permalink
libmbedtls: add interfaces in mbedtls for context memory operation
Browse files Browse the repository at this point in the history
For integrating into OPTEE_OS, it needs add some interfaces:
1. add mbedtls_cipher_clone() for cipher to copy context between two
operations.
2. add mbedtls_cipher_setup_info() for cipher. cipher need to get its
"cipher_info" according the key length, while the key length is not an
input in allocate function. So, use a default key len in the beginning.
It need to reset the cipher info again in init function.
3. add mbedtls_cipher_cmac_setup() for cmac. This function is separate
from mbedtls_cipher_cmac_starts().
4. copy hmac context in md.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Edison Ai <edison.ai@arm.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
[jf: rebase onto mbedtls-2.22.0]
[jf: rebase onto mbedtls-2.27.0]
Signed-off-by: Jerome Forissier <jerome@forissier.org>
[jf: rebase onto mbedtls-2.28.1, fix typo in comment]
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
[jw: rebase onto mbedtls-3.4.0, adjust new coding style]
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
  • Loading branch information
Edison Ai authored and jenswi-linaro committed Oct 6, 2023
1 parent 2b0fb3f commit d5ea7e9
Show file tree
Hide file tree
Showing 7 changed files with 152 additions and 12 deletions.
26 changes: 26 additions & 0 deletions lib/libmbedtls/mbedtls/include/mbedtls/cipher.h
Original file line number Diff line number Diff line change
Expand Up @@ -600,6 +600,20 @@ void mbedtls_cipher_init(mbedtls_cipher_context_t *ctx);
*/
void mbedtls_cipher_free(mbedtls_cipher_context_t *ctx);

/**
* \brief Clone the state of an cipher context
*
* \note The two contexts must have been setup to the same type
* (cloning from AES to DES make no sense).
*
* \param dst The destination context
* \param src The context to be cloned
*
* \return \c 0 on success,
* \c MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on parameter failure.
*/
int mbedtls_cipher_clone(mbedtls_cipher_context_t *dst,
const mbedtls_cipher_context_t *src);

/**
* \brief This function prepares a cipher context for
Expand Down Expand Up @@ -664,6 +678,18 @@ int MBEDTLS_DEPRECATED mbedtls_cipher_setup_psa(mbedtls_cipher_context_t *ctx,
#endif /* MBEDTLS_DEPRECATED_REMOVED */
#endif /* MBEDTLS_USE_PSA_CRYPTO */

/**
* \brief setup the cipher info structure.
*
* \param ctx cipher's context. Must have been initialised.
* \param cipher_info cipher to use.
*
* \return 0 on success,
* MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on parameter failure
*/
int mbedtls_cipher_setup_info(mbedtls_cipher_context_t *ctx,
const mbedtls_cipher_info_t *cipher_info);

/**
* \brief This function returns the block size of the given cipher
* in bytes.
Expand Down
13 changes: 13 additions & 0 deletions lib/libmbedtls/mbedtls/include/mbedtls/cmac.h
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,19 @@ struct mbedtls_cmac_context_t {
#include "cmac_alt.h"
#endif /* !MBEDTLS_CMAC_ALT */

/**
* \brief Initialises and allocate CMAC context memory
* Must be called with an initialized cipher context.
*
* \param ctx The cipher context used for the CMAC operation, initialized
* as one of the following types: MBEDTLS_CIPHER_AES_128_ECB,
* MBEDTLS_CIPHER_AES_192_ECB, MBEDTLS_CIPHER_AES_256_ECB,
* or MBEDTLS_CIPHER_DES_EDE3_ECB.
* \return \c 0 on success.
* \return A cipher-specific error code on failure.
*/
int mbedtls_cipher_cmac_setup(mbedtls_cipher_context_t *ctx);

/**
* \brief This function starts a new CMAC computation
* by setting the CMAC key, and preparing to authenticate
Expand Down
39 changes: 39 additions & 0 deletions lib/libmbedtls/mbedtls/library/cipher.c
Original file line number Diff line number Diff line change
Expand Up @@ -184,6 +184,35 @@ void mbedtls_cipher_free(mbedtls_cipher_context_t *ctx)
mbedtls_platform_zeroize(ctx, sizeof(mbedtls_cipher_context_t));
}

int mbedtls_cipher_clone(mbedtls_cipher_context_t *dst,
const mbedtls_cipher_context_t *src)
{
if (dst == NULL || dst->cipher_info == NULL ||
src == NULL || src->cipher_info == NULL) {
return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
}

dst->cipher_info = src->cipher_info;
dst->key_bitlen = src->key_bitlen;
dst->operation = src->operation;
#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
dst->add_padding = src->add_padding;
dst->get_padding = src->get_padding;
#endif
memcpy(dst->unprocessed_data, src->unprocessed_data, MBEDTLS_MAX_BLOCK_LENGTH);
dst->unprocessed_len = src->unprocessed_len;
memcpy(dst->iv, src->iv, MBEDTLS_MAX_IV_LENGTH);
dst->iv_size = src->iv_size;
if (dst->cipher_info->base->ctx_clone_func)
dst->cipher_info->base->ctx_clone_func(dst->cipher_ctx, src->cipher_ctx);

#if defined(MBEDTLS_CMAC_C)
if (dst->cmac_ctx != NULL && src->cmac_ctx != NULL)
memcpy(dst->cmac_ctx, src->cmac_ctx, sizeof(mbedtls_cmac_context_t));
#endif
return 0;
}

int mbedtls_cipher_setup(mbedtls_cipher_context_t *ctx,
const mbedtls_cipher_info_t *cipher_info)
{
Expand Down Expand Up @@ -251,6 +280,16 @@ int mbedtls_cipher_setup_psa(mbedtls_cipher_context_t *ctx,
#endif /* MBEDTLS_DEPRECATED_REMOVED */
#endif /* MBEDTLS_USE_PSA_CRYPTO */

int mbedtls_cipher_setup_info(mbedtls_cipher_context_t *ctx,
const mbedtls_cipher_info_t *cipher_info )
{
if (NULL == cipher_info || NULL == ctx)
return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;

ctx->cipher_info = cipher_info;
return 0;
}

int mbedtls_cipher_setkey(mbedtls_cipher_context_t *ctx,
const unsigned char *key,
int key_bitlen,
Expand Down
48 changes: 48 additions & 0 deletions lib/libmbedtls/mbedtls/library/cipher_wrap.c
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,8 @@

#include "common.h"

#include <string.h>

#if defined(MBEDTLS_CIPHER_C)

#include "cipher_wrap.h"
Expand Down Expand Up @@ -83,6 +85,11 @@ static void *gcm_ctx_alloc(void)
return ctx;
}

static void gcm_ctx_clone(void *dst, const void *src)
{
memcpy(dst, src, sizeof(mbedtls_gcm_context));
}

static void gcm_ctx_free(void *ctx)
{
mbedtls_gcm_free(ctx);
Expand All @@ -103,6 +110,11 @@ static void *ccm_ctx_alloc(void)
return ctx;
}

static void ccm_ctx_clone(void *dst, const void *src)
{
memcpy(dst, src, sizeof(mbedtls_ccm_context));
}

static void ccm_ctx_free(void *ctx)
{
mbedtls_ccm_free(ctx);
Expand Down Expand Up @@ -207,6 +219,11 @@ static void *aes_ctx_alloc(void)
return aes;
}

static void aes_ctx_clone(void *dst, const void *src)
{
memcpy(dst, src, sizeof(mbedtls_aes_context));
}

static void aes_ctx_free(void *ctx)
{
mbedtls_aes_free((mbedtls_aes_context *) ctx);
Expand Down Expand Up @@ -237,6 +254,7 @@ static const mbedtls_cipher_base_t aes_info = {
aes_setkey_enc_wrap,
aes_setkey_dec_wrap,
aes_ctx_alloc,
aes_ctx_clone,
aes_ctx_free
};

Expand Down Expand Up @@ -533,6 +551,7 @@ static const mbedtls_cipher_base_t gcm_aes_info = {
gcm_aes_setkey_wrap,
gcm_aes_setkey_wrap,
gcm_ctx_alloc,
gcm_ctx_clone,
gcm_ctx_free,
};

Expand Down Expand Up @@ -602,6 +621,7 @@ static const mbedtls_cipher_base_t ccm_aes_info = {
ccm_aes_setkey_wrap,
ccm_aes_setkey_wrap,
ccm_ctx_alloc,
ccm_ctx_clone,
ccm_ctx_free,
};

Expand Down Expand Up @@ -739,6 +759,11 @@ static void *camellia_ctx_alloc(void)
return ctx;
}

static void camellia_ctx_clone(void *dst, const void *src)
{
memcpy(dst, src, sizeof(mbedtls_camellia_context));
}

static void camellia_ctx_free(void *ctx)
{
mbedtls_camellia_free((mbedtls_camellia_context *) ctx);
Expand Down Expand Up @@ -769,6 +794,7 @@ static const mbedtls_cipher_base_t camellia_info = {
camellia_setkey_enc_wrap,
camellia_setkey_dec_wrap,
camellia_ctx_alloc,
camellia_ctx_clone,
camellia_ctx_free
};

Expand Down Expand Up @@ -942,6 +968,7 @@ static const mbedtls_cipher_base_t gcm_camellia_info = {
gcm_camellia_setkey_wrap,
gcm_camellia_setkey_wrap,
gcm_ctx_alloc,
gcm_ctx_clone,
gcm_ctx_free,
};

Expand Down Expand Up @@ -1011,6 +1038,7 @@ static const mbedtls_cipher_base_t ccm_camellia_info = {
ccm_camellia_setkey_wrap,
ccm_camellia_setkey_wrap,
ccm_ctx_alloc,
ccm_ctx_clone,
ccm_ctx_free,
};

Expand Down Expand Up @@ -1588,6 +1616,11 @@ static void *des_ctx_alloc(void)
return des;
}

static void des_ctx_clone(void *dst, const void *src)
{
memcpy(dst, src, sizeof(mbedtls_des_context));
}

static void des_ctx_free(void *ctx)
{
mbedtls_des_free((mbedtls_des_context *) ctx);
Expand All @@ -1608,6 +1641,11 @@ static void *des3_ctx_alloc(void)
return des3;
}

static void des3_ctx_clone(void *dst, const void *src)
{
memcpy(dst, src, sizeof(mbedtls_des3_context));
}

static void des3_ctx_free(void *ctx)
{
mbedtls_des3_free((mbedtls_des3_context *) ctx);
Expand Down Expand Up @@ -1638,6 +1676,7 @@ static const mbedtls_cipher_base_t des_info = {
des_setkey_enc_wrap,
des_setkey_dec_wrap,
des_ctx_alloc,
des_ctx_clone,
des_ctx_free
};

Expand Down Expand Up @@ -1689,6 +1728,7 @@ static const mbedtls_cipher_base_t des_ede_info = {
des3_set2key_enc_wrap,
des3_set2key_dec_wrap,
des3_ctx_alloc,
des3_ctx_clone,
des3_ctx_free
};

Expand Down Expand Up @@ -1740,6 +1780,7 @@ static const mbedtls_cipher_base_t des_ede3_info = {
des3_set3key_enc_wrap,
des3_set3key_dec_wrap,
des3_ctx_alloc,
des3_ctx_clone,
des3_ctx_free
};

Expand Down Expand Up @@ -1955,6 +1996,12 @@ static void *null_ctx_alloc(void)
return (void *) 1;
}

static void null_ctx_clone(void *dst, const void *src)
{
((void) dst);
((void) src);
}

static void null_ctx_free(void *ctx)
{
((void) ctx);
Expand Down Expand Up @@ -1984,6 +2031,7 @@ static const mbedtls_cipher_base_t null_base_info = {
null_setkey,
null_setkey,
null_ctx_alloc,
null_ctx_clone,
null_ctx_free
};

Expand Down
3 changes: 3 additions & 0 deletions lib/libmbedtls/mbedtls/library/cipher_wrap.h
Original file line number Diff line number Diff line change
Expand Up @@ -100,6 +100,9 @@ struct mbedtls_cipher_base_t {
/** Allocate a new context */
void * (*ctx_alloc_func)(void);

/** Clone context **/
void (*ctx_clone_func)( void *dst, const void *src );

/** Free the given context */
void (*ctx_free_func)(void *ctx);

Expand Down
32 changes: 20 additions & 12 deletions lib/libmbedtls/mbedtls/library/cmac.c
Original file line number Diff line number Diff line change
Expand Up @@ -170,11 +170,26 @@ static void cmac_pad(unsigned char padded_block[MBEDTLS_CIPHER_BLKSIZE_MAX],
}
}

int mbedtls_cipher_cmac_setup(mbedtls_cipher_context_t *ctx)
{
mbedtls_cmac_context_t *cmac_ctx;

/* Allocated and initialise in the cipher context memory for the CMAC
* context */
cmac_ctx = mbedtls_calloc(1, sizeof(mbedtls_cmac_context_t));
if (cmac_ctx == NULL)
return MBEDTLS_ERR_CIPHER_ALLOC_FAILED;

ctx->cmac_ctx = cmac_ctx;

mbedtls_platform_zeroize(cmac_ctx->state, sizeof(cmac_ctx->state));
return 0;
}

int mbedtls_cipher_cmac_starts(mbedtls_cipher_context_t *ctx,
const unsigned char *key, size_t keybits)
{
mbedtls_cipher_type_t type;
mbedtls_cmac_context_t *cmac_ctx;
int retval;

if (ctx == NULL || ctx->cipher_info == NULL || key == NULL) {
Expand All @@ -198,18 +213,11 @@ int mbedtls_cipher_cmac_starts(mbedtls_cipher_context_t *ctx,
return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
}

/* Allocated and initialise in the cipher context memory for the CMAC
* context */
cmac_ctx = mbedtls_calloc(1, sizeof(mbedtls_cmac_context_t));
if (cmac_ctx == NULL) {
return MBEDTLS_ERR_CIPHER_ALLOC_FAILED;
}

ctx->cmac_ctx = cmac_ctx;

mbedtls_platform_zeroize(cmac_ctx->state, sizeof(cmac_ctx->state));
/* Check if cmac ctx had been allocated by mbedtls_cipher_cmac_setup() */
if( ctx->cmac_ctx != NULL )
return 0;

return 0;
return mbedtls_cipher_cmac_setup( ctx );
}

int mbedtls_cipher_cmac_update(mbedtls_cipher_context_t *ctx,
Expand Down
3 changes: 3 additions & 0 deletions lib/libmbedtls/mbedtls/library/md.c
Original file line number Diff line number Diff line change
Expand Up @@ -362,6 +362,9 @@ int mbedtls_md_clone(mbedtls_md_context_t *dst,
return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
}

if (dst->hmac_ctx != NULL && src->hmac_ctx != NULL)
memcpy(dst->hmac_ctx, src->hmac_ctx, 2 * src->md_info->block_size);

return 0;
}

Expand Down

0 comments on commit d5ea7e9

Please sign in to comment.