1
/*
2
 *  Context structure declaration of the Mbed TLS software-based PSA drivers
3
 *  called through the PSA Crypto driver dispatch layer.
4
 *  This file contains the context structures of those algorithms which need to
5
 *  rely on other algorithms, i.e. are 'composite' algorithms.
6
 *
7
 * \note This file may not be included directly. Applications must
8
 * include psa/crypto.h.
9
 *
10
 * \note This header and its content are not part of the Mbed TLS API and
11
 * applications must not depend on it. Its main purpose is to define the
12
 * multi-part state objects of the Mbed TLS software-based PSA drivers. The
13
 * definitions of these objects are then used by crypto_struct.h to define the
14
 * implementation-defined types of PSA multi-part state objects.
15
 */
16
/*
17
 *  Copyright The Mbed TLS Contributors
18
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
19
 */
20

21
#ifndef PSA_CRYPTO_BUILTIN_COMPOSITES_H
22
#define PSA_CRYPTO_BUILTIN_COMPOSITES_H
23
#include "mbedtls/private_access.h"
24

25
#include <psa/crypto_driver_common.h>
26

27
#include "mbedtls/cmac.h"
28
#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
29
#include "mbedtls/gcm.h"
30
#endif
31
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
32
#include "mbedtls/ccm.h"
33
#endif
34
#include "mbedtls/chachapoly.h"
35

36
/*
37
 * MAC multi-part operation definitions.
38
 */
39
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC) || \
40
    defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC)
41
#define MBEDTLS_PSA_BUILTIN_MAC
42
#endif
43

44
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) || defined(PSA_CRYPTO_DRIVER_TEST)
45
typedef struct {
46
    /** The HMAC algorithm in use */
47
    psa_algorithm_t MBEDTLS_PRIVATE(alg);
48
    /** The hash context. */
49
    struct psa_hash_operation_s hash_ctx;
50
    /** The HMAC part of the context. */
51
    uint8_t MBEDTLS_PRIVATE(opad)[PSA_HMAC_MAX_HASH_BLOCK_SIZE];
52
} mbedtls_psa_hmac_operation_t;
53

54
#define MBEDTLS_PSA_HMAC_OPERATION_INIT { 0, PSA_HASH_OPERATION_INIT, { 0 } }
55
#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */
56

57
typedef struct {
58
    psa_algorithm_t MBEDTLS_PRIVATE(alg);
59
    union {
60
        unsigned MBEDTLS_PRIVATE(dummy); /* Make the union non-empty even with no supported algorithms. */
61
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) || defined(PSA_CRYPTO_DRIVER_TEST)
62
        mbedtls_psa_hmac_operation_t MBEDTLS_PRIVATE(hmac);
63
#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */
64
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC) || defined(PSA_CRYPTO_DRIVER_TEST)
65
        mbedtls_cipher_context_t MBEDTLS_PRIVATE(cmac);
66
#endif /* MBEDTLS_PSA_BUILTIN_ALG_CMAC */
67
    } MBEDTLS_PRIVATE(ctx);
68
} mbedtls_psa_mac_operation_t;
69

70
#define MBEDTLS_PSA_MAC_OPERATION_INIT { 0, { 0 } }
71

72
#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) || \
73
    defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) || \
74
    defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
75
#define MBEDTLS_PSA_BUILTIN_AEAD  1
76
#endif
77

78
/* Context structure for the Mbed TLS AEAD implementation. */
79
typedef struct {
80
    psa_algorithm_t MBEDTLS_PRIVATE(alg);
81
    psa_key_type_t MBEDTLS_PRIVATE(key_type);
82

83
    unsigned int MBEDTLS_PRIVATE(is_encrypt) : 1;
84

85
    uint8_t MBEDTLS_PRIVATE(tag_length);
86

87
    union {
88
        unsigned dummy; /* Enable easier initializing of the union. */
89
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
90
        mbedtls_ccm_context MBEDTLS_PRIVATE(ccm);
91
#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
92
#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
93
        mbedtls_gcm_context MBEDTLS_PRIVATE(gcm);
94
#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
95
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
96
        mbedtls_chachapoly_context MBEDTLS_PRIVATE(chachapoly);
97
#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
98

99
    } ctx;
100

101
} mbedtls_psa_aead_operation_t;
102

103
#define MBEDTLS_PSA_AEAD_OPERATION_INIT { 0, 0, 0, 0, { 0 } }
104

105
#include "mbedtls/ecdsa.h"
106

107
/* Context structure for the Mbed TLS interruptible sign hash implementation. */
108
typedef struct {
109
#if (defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
110
    defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)) && \
111
    defined(MBEDTLS_ECP_RESTARTABLE)
112
    mbedtls_ecdsa_context *MBEDTLS_PRIVATE(ctx);
113
    mbedtls_ecdsa_restart_ctx MBEDTLS_PRIVATE(restart_ctx);
114

115
    uint32_t MBEDTLS_PRIVATE(num_ops);
116

117
    size_t MBEDTLS_PRIVATE(coordinate_bytes);
118
    psa_algorithm_t MBEDTLS_PRIVATE(alg);
119
    mbedtls_md_type_t MBEDTLS_PRIVATE(md_alg);
120
    uint8_t MBEDTLS_PRIVATE(hash)[PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS)];
121
    size_t MBEDTLS_PRIVATE(hash_length);
122

123
#else
124
    /* Make the struct non-empty if algs not supported. */
125
    unsigned MBEDTLS_PRIVATE(dummy);
126

127
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) ||
128
        * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) &&
129
        * defined( MBEDTLS_ECP_RESTARTABLE ) */
130
} mbedtls_psa_sign_hash_interruptible_operation_t;
131

132
#if (defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
133
    defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)) && \
134
    defined(MBEDTLS_ECP_RESTARTABLE)
135
#define MBEDTLS_PSA_SIGN_HASH_INTERRUPTIBLE_OPERATION_INIT { { 0 }, { 0 }, 0, 0, 0, 0, 0, 0 }
136
#else
137
#define MBEDTLS_PSA_SIGN_HASH_INTERRUPTIBLE_OPERATION_INIT { 0 }
138
#endif
139

140
/* Context structure for the Mbed TLS interruptible verify hash
141
 * implementation.*/
142
typedef struct {
143
#if (defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
144
    defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)) && \
145
    defined(MBEDTLS_ECP_RESTARTABLE)
146

147
    mbedtls_ecdsa_context *MBEDTLS_PRIVATE(ctx);
148
    mbedtls_ecdsa_restart_ctx MBEDTLS_PRIVATE(restart_ctx);
149

150
    uint32_t MBEDTLS_PRIVATE(num_ops);
151

152
    uint8_t MBEDTLS_PRIVATE(hash)[PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS)];
153
    size_t MBEDTLS_PRIVATE(hash_length);
154

155
    mbedtls_mpi MBEDTLS_PRIVATE(r);
156
    mbedtls_mpi MBEDTLS_PRIVATE(s);
157

158
#else
159
    /* Make the struct non-empty if algs not supported. */
160
    unsigned MBEDTLS_PRIVATE(dummy);
161

162
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) ||
163
        * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) &&
164
        * defined( MBEDTLS_ECP_RESTARTABLE ) */
165

166
} mbedtls_psa_verify_hash_interruptible_operation_t;
167

168
#if (defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
169
    defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)) && \
170
    defined(MBEDTLS_ECP_RESTARTABLE)
171
#define MBEDTLS_VERIFY_SIGN_HASH_INTERRUPTIBLE_OPERATION_INIT { { 0 }, { 0 }, 0, 0, 0, 0, { 0 }, \
172
        { 0 } }
173
#else
174
#define MBEDTLS_VERIFY_SIGN_HASH_INTERRUPTIBLE_OPERATION_INIT { 0 }
175
#endif
176

177

178
/* EC-JPAKE operation definitions */
179

180
#include "mbedtls/ecjpake.h"
181

182
#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE)
183
#define MBEDTLS_PSA_BUILTIN_PAKE  1
184
#endif
185

186
/* Note: the format for mbedtls_ecjpake_read/write function has an extra
187
 * length byte for each step, plus an extra 3 bytes for ECParameters in the
188
 * server's 2nd round. */
189
#define MBEDTLS_PSA_JPAKE_BUFFER_SIZE ((3 + 1 + 65 + 1 + 65 + 1 + 32) * 2)
190

191
typedef struct {
192
    psa_algorithm_t MBEDTLS_PRIVATE(alg);
193

194
    uint8_t *MBEDTLS_PRIVATE(password);
195
    size_t MBEDTLS_PRIVATE(password_len);
196
#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE)
197
    mbedtls_ecjpake_role MBEDTLS_PRIVATE(role);
198
    uint8_t MBEDTLS_PRIVATE(buffer[MBEDTLS_PSA_JPAKE_BUFFER_SIZE]);
199
    size_t MBEDTLS_PRIVATE(buffer_length);
200
    size_t MBEDTLS_PRIVATE(buffer_offset);
201
#endif
202
    /* Context structure for the Mbed TLS EC-JPAKE implementation. */
203
    union {
204
        unsigned int MBEDTLS_PRIVATE(dummy);
205
#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE)
206
        mbedtls_ecjpake_context MBEDTLS_PRIVATE(jpake);
207
#endif
208
    } MBEDTLS_PRIVATE(ctx);
209

210
} mbedtls_psa_pake_operation_t;
211

212
#define MBEDTLS_PSA_PAKE_OPERATION_INIT { { 0 } }
213

214
#endif /* PSA_CRYPTO_BUILTIN_COMPOSITES_H */
215

216