@@ -166,6 +166,16 @@ void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx )
166166 if ( ctx == NULL )
167167 return ;
168168
169+ #if defined(MBEDTLS_USE_PSA_CRYPTO )
170+ if ( ctx -> psa_enabled == 1 )
171+ {
172+ /* TODO: Add free'ing of PSA-specific context. */
173+
174+ mbedtls_platform_zeroize ( ctx , sizeof (mbedtls_cipher_context_t ) );
175+ return ;
176+ }
177+ #endif /* MBEDTLS_USE_PSA_CRYPTO */
178+
169179#if defined(MBEDTLS_CMAC_C )
170180 if ( ctx -> cmac_ctx )
171181 {
@@ -212,7 +222,14 @@ int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx,
212222int mbedtls_cipher_setup_psa ( mbedtls_cipher_context_t * ctx ,
213223 const mbedtls_cipher_info_t * cipher_info )
214224{
215- return ( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
225+ if ( NULL == cipher_info || NULL == ctx )
226+ return ( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
227+
228+ memset ( ctx , 0 , sizeof ( mbedtls_cipher_context_t ) );
229+
230+ ctx -> cipher_info = cipher_info ;
231+ ctx -> psa_enabled = 1 ;
232+ return ( 0 );
216233}
217234#endif /* MBEDTLS_USE_PSA_CRYPTO */
218235
@@ -224,6 +241,14 @@ int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx,
224241 if ( NULL == ctx || NULL == ctx -> cipher_info )
225242 return ( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
226243
244+ #if defined(MBEDTLS_USE_PSA_CRYPTO )
245+ if ( ctx -> psa_enabled == 1 )
246+ {
247+ /* TODO */
248+ return ( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
249+ }
250+ #endif /* MBEDTLS_USE_PSA_CRYPTO */
251+
227252 if ( ( ctx -> cipher_info -> flags & MBEDTLS_CIPHER_VARIABLE_KEY_LEN ) == 0 &&
228253 (int ) ctx -> cipher_info -> key_bitlen != key_bitlen )
229254 {
@@ -262,6 +287,16 @@ int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx,
262287 else if ( NULL == iv && iv_len != 0 )
263288 return ( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
264289
290+ #if defined(MBEDTLS_USE_PSA_CRYPTO )
291+ if ( ctx -> psa_enabled == 1 )
292+ {
293+ /* While PSA Crypto has an API for multipart
294+ * operations, we currently don't make it
295+ * accessible through the cipher layer. */
296+ return ( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
297+ }
298+ #endif /* MBEDTLS_USE_PSA_CRYPTO */
299+
265300 if ( NULL == iv && iv_len == 0 )
266301 ctx -> iv_size = 0 ;
267302
@@ -306,6 +341,15 @@ int mbedtls_cipher_reset( mbedtls_cipher_context_t *ctx )
306341 if ( NULL == ctx || NULL == ctx -> cipher_info )
307342 return ( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
308343
344+ #if defined(MBEDTLS_USE_PSA_CRYPTO )
345+ if ( ctx -> psa_enabled == 1 )
346+ {
347+ /* We don't support resetting PSA-based
348+ * cipher contexts, yet. */
349+ return ( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
350+ }
351+ #endif /* MBEDTLS_USE_PSA_CRYPTO */
352+
309353 ctx -> unprocessed_len = 0 ;
310354
311355 return ( 0 );
@@ -318,6 +362,16 @@ int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx,
318362 if ( NULL == ctx || NULL == ctx -> cipher_info )
319363 return ( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
320364
365+ #if defined(MBEDTLS_USE_PSA_CRYPTO )
366+ if ( ctx -> psa_enabled == 1 )
367+ {
368+ /* While PSA Crypto has an API for multipart
369+ * operations, we currently don't make it
370+ * accessible through the cipher layer. */
371+ return ( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
372+ }
373+ #endif /* MBEDTLS_USE_PSA_CRYPTO */
374+
321375#if defined(MBEDTLS_GCM_C )
322376 if ( MBEDTLS_MODE_GCM == ctx -> cipher_info -> mode )
323377 {
@@ -362,6 +416,16 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i
362416 return ( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
363417 }
364418
419+ #if defined(MBEDTLS_USE_PSA_CRYPTO )
420+ if ( ctx -> psa_enabled == 1 )
421+ {
422+ /* While PSA Crypto has an API for multipart
423+ * operations, we currently don't make it
424+ * accessible through the cipher layer. */
425+ return ( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
426+ }
427+ #endif /* MBEDTLS_USE_PSA_CRYPTO */
428+
365429 * olen = 0 ;
366430 block_size = mbedtls_cipher_get_block_size ( ctx );
367431
@@ -768,6 +832,16 @@ int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx,
768832 if ( NULL == ctx || NULL == ctx -> cipher_info || NULL == olen )
769833 return ( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
770834
835+ #if defined(MBEDTLS_USE_PSA_CRYPTO )
836+ if ( ctx -> psa_enabled == 1 )
837+ {
838+ /* While PSA Crypto has an API for multipart
839+ * operations, we currently don't make it
840+ * accessible through the cipher layer. */
841+ return ( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
842+ }
843+ #endif /* MBEDTLS_USE_PSA_CRYPTO */
844+
771845 * olen = 0 ;
772846
773847 if ( MBEDTLS_MODE_CFB == ctx -> cipher_info -> mode ||
@@ -859,6 +933,19 @@ int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx,
859933 return ( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
860934 }
861935
936+ #if defined(MBEDTLS_USE_PSA_CRYPTO )
937+ if ( ctx -> psa_enabled == 1 )
938+ {
939+ /* While PSA Crypto knows about CBC padding
940+ * schemes, we currently don't make them
941+ * accessible through the cipher layer. */
942+ if ( mode != MBEDTLS_PADDING_NONE )
943+ return ( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
944+
945+ return ( 0 );
946+ }
947+ #endif /* MBEDTLS_USE_PSA_CRYPTO */
948+
862949 switch ( mode )
863950 {
864951#if defined(MBEDTLS_CIPHER_PADDING_PKCS7 )
@@ -908,6 +995,18 @@ int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx,
908995 if ( MBEDTLS_ENCRYPT != ctx -> operation )
909996 return ( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
910997
998+ #if defined(MBEDTLS_USE_PSA_CRYPTO )
999+ if ( ctx -> psa_enabled == 1 )
1000+ {
1001+ /* While PSA Crypto has an API for multipart
1002+ * operations, we currently don't make it
1003+ * accessible through the cipher layer. */
1004+ return ( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
1005+
1006+ return ( 0 );
1007+ }
1008+ #endif /* MBEDTLS_USE_PSA_CRYPTO */
1009+
9111010#if defined(MBEDTLS_GCM_C )
9121011 if ( MBEDTLS_MODE_GCM == ctx -> cipher_info -> mode )
9131012 return ( mbedtls_gcm_finish ( (mbedtls_gcm_context * ) ctx -> cipher_ctx ,
@@ -941,6 +1040,16 @@ int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx,
9411040 return ( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
9421041 }
9431042
1043+ #if defined(MBEDTLS_USE_PSA_CRYPTO )
1044+ if ( ctx -> psa_enabled == 1 )
1045+ {
1046+ /* While PSA Crypto has an API for multipart
1047+ * operations, we currently don't make it
1048+ * accessible through the cipher layer. */
1049+ return ( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
1050+ }
1051+ #endif /* MBEDTLS_USE_PSA_CRYPTO */
1052+
9441053#if defined(MBEDTLS_GCM_C )
9451054 if ( MBEDTLS_MODE_GCM == ctx -> cipher_info -> mode )
9461055 {
@@ -999,6 +1108,14 @@ int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx,
9991108 int ret ;
10001109 size_t finish_olen ;
10011110
1111+ #if defined(MBEDTLS_USE_PSA_CRYPTO )
1112+ if ( ctx -> psa_enabled == 1 )
1113+ {
1114+ /* TODO */
1115+ return ( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
1116+ }
1117+ #endif /* MBEDTLS_USE_PSA_CRYPTO */
1118+
10021119 if ( ( ret = mbedtls_cipher_set_iv ( ctx , iv , iv_len ) ) != 0 )
10031120 return ( ret );
10041121
@@ -1029,6 +1146,14 @@ int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx,
10291146 unsigned char * output , size_t * olen ,
10301147 unsigned char * tag , size_t tag_len )
10311148{
1149+ #if defined(MBEDTLS_USE_PSA_CRYPTO )
1150+ if ( ctx -> psa_enabled == 1 )
1151+ {
1152+ /* TODO */
1153+ return ( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
1154+ }
1155+ #endif /* MBEDTLS_USE_PSA_CRYPTO */
1156+
10321157#if defined(MBEDTLS_GCM_C )
10331158 if ( MBEDTLS_MODE_GCM == ctx -> cipher_info -> mode )
10341159 {
@@ -1076,6 +1201,14 @@ int mbedtls_cipher_auth_decrypt( mbedtls_cipher_context_t *ctx,
10761201 unsigned char * output , size_t * olen ,
10771202 const unsigned char * tag , size_t tag_len )
10781203{
1204+ #if defined(MBEDTLS_USE_PSA_CRYPTO )
1205+ if ( ctx -> psa_enabled == 1 )
1206+ {
1207+ /* TODO */
1208+ return ( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
1209+ }
1210+ #endif /* MBEDTLS_USE_PSA_CRYPTO */
1211+
10791212#if defined(MBEDTLS_GCM_C )
10801213 if ( MBEDTLS_MODE_GCM == ctx -> cipher_info -> mode )
10811214 {
0 commit comments