feat(drivers): Builtin CMAC driver use PSA cipher interface

core/psa_crypto.c

@@ -4301,7 +4301,7 @@ static psa_status_t psa_cipher_setup(psa_cipher_operation_t *operation,
         goto exit;
     }
 
-    if (!PSA_ALG_IS_CIPHER(alg)) {
+    if (!PSA_ALG_IS_CIPHER(alg) && !PSA_ALG_IS_CMAC(alg)) {
         status = PSA_ERROR_INVALID_ARGUMENT;
         goto exit;
     }
@@ -4316,7 +4316,7 @@ static psa_status_t psa_cipher_setup(psa_cipher_operation_t *operation,
      * so we only set it (in the driver wrapper) after resources have been
      * allocated/initialized. */
     operation->iv_set = 0;
-    if (alg == PSA_ALG_ECB_NO_PADDING) {
+    if (alg == PSA_ALG_ECB_NO_PADDING || PSA_ALG_FULL_LENGTH_MAC(alg) == PSA_ALG_CMAC) {
         operation->iv_required = 0;
     } else {
         operation->iv_required = 1;
@@ -5913,6 +5913,7 @@ static psa_status_t psa_key_derivation_pbkdf2_generate_block(
     psa_key_attributes_t *attributes)
 {
     psa_status_t status;
+    psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
     psa_mac_operation_t mac_operation = PSA_MAC_OPERATION_INIT;
     size_t mac_output_length;
     uint8_t U_i[PSA_MAC_MAX_SIZE];
@@ -5924,10 +5925,26 @@ static psa_status_t psa_key_derivation_pbkdf2_generate_block(
     mac_operation.mac_size = prf_output_length;
     MBEDTLS_PUT_UINT32_BE(pbkdf2->block_number, block_counter, 0);
 
+    psa_key_id_t key = 0;
+    status = psa_import_key(attributes, pbkdf2->password, pbkdf2->password_length, &key);
+    if (status != PSA_SUCCESS) {
+        return status;
+    }
+
+    psa_key_slot_t *slot;
+    status = psa_get_and_lock_key_slot_with_policy(
+        key,
+        &slot,
+        PSA_KEY_USAGE_SIGN_MESSAGE,
+        prf_alg);
+    if (status != PSA_SUCCESS) {
+        goto cleanup;
+    }
+
     status = psa_driver_wrapper_mac_sign_setup(&mac_operation,
-                                               attributes,
-                                               pbkdf2->password,
-                                               pbkdf2->password_length,
+                                               &slot->attr,
+                                               slot->key.data,
+                                               slot->key.bytes,
                                                prf_alg);
     if (status != PSA_SUCCESS) {
         goto cleanup;
@@ -5957,9 +5974,9 @@ static psa_status_t psa_key_derivation_pbkdf2_generate_block(
         /* We are passing prf_output_length as mac_size because the driver
          * function directly sets mac_output_length as mac_size upon success.
          * See https://github.com/Mbed-TLS/mbedtls/issues/7801 */
-        status = psa_driver_wrapper_mac_compute(attributes,
-                                                pbkdf2->password,
-                                                pbkdf2->password_length,
+        status = psa_driver_wrapper_mac_compute(&slot->attr,
+                                                slot->key.data,
+                                                slot->key.bytes,
                                                 prf_alg, U_i, prf_output_length,
                                                 U_i, prf_output_length,
                                                 &mac_output_length);
@@ -5971,9 +5988,11 @@ static psa_status_t psa_key_derivation_pbkdf2_generate_block(
     }
 
 cleanup:
+    psa_destroy_key(key);
+    unlock_status = psa_unregister_read_under_mutex(slot);
     /* Zeroise buffers to clear sensitive data from memory. */
     mbedtls_platform_zeroize(U_i, PSA_MAC_MAX_SIZE);
-    return status;
+    return (status == PSA_SUCCESS) ? unlock_status : status;
 }
 
 static psa_status_t psa_key_derivation_pbkdf2_read(
@@ -5987,19 +6006,21 @@ static psa_status_t psa_key_derivation_pbkdf2_read(
     uint8_t prf_output_length;
     psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     psa_set_key_bits(&attributes, PSA_BYTES_TO_BITS(pbkdf2->password_length));
-    psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_MESSAGE);
 
     if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg)) {
         prf_alg = PSA_ALG_HMAC(PSA_ALG_PBKDF2_HMAC_GET_HASH(kdf_alg));
         prf_output_length = PSA_HASH_LENGTH(prf_alg);
         psa_set_key_type(&attributes, PSA_KEY_TYPE_HMAC);
+        psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_MESSAGE);
     } else if (kdf_alg == PSA_ALG_PBKDF2_AES_CMAC_PRF_128) {
         prf_alg = PSA_ALG_CMAC;
         prf_output_length = PSA_MAC_LENGTH(PSA_KEY_TYPE_AES, 128U, PSA_ALG_CMAC);
         psa_set_key_type(&attributes, PSA_KEY_TYPE_AES);
+        psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_ENCRYPT);
     } else {
         return PSA_ERROR_INVALID_ARGUMENT;
     }
+    psa_set_key_algorithm(&attributes, prf_alg);
 
     switch (pbkdf2->state) {
         case PSA_PBKDF2_STATE_PASSWORD_SET:
@@ -7198,23 +7219,47 @@ static psa_status_t psa_pbkdf2_cmac_set_password(const uint8_t *input,
                                                  size_t *output_len)
 {
     psa_status_t status = PSA_SUCCESS;
+    psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
+
     if (input_len != PSA_MAC_LENGTH(PSA_KEY_TYPE_AES, 128U, PSA_ALG_CMAC)) {
         psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
         uint8_t zeros[16] = { 0 };
         psa_set_key_type(&attributes, PSA_KEY_TYPE_AES);
         psa_set_key_bits(&attributes, PSA_BYTES_TO_BITS(sizeof(zeros)));
-        psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_MESSAGE);
+        psa_set_key_algorithm(&attributes, PSA_ALG_CMAC);
+        psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_ENCRYPT);
+
+        psa_key_id_t key = 0;
+        status = psa_import_key(&attributes, zeros, sizeof(zeros), &key);
+        if (status != PSA_SUCCESS) {
+            return status;
+        }
+
+        psa_key_slot_t *slot;
+        status = psa_get_and_lock_key_slot_with_policy(
+            key,
+            &slot,
+            PSA_KEY_USAGE_SIGN_MESSAGE,
+            PSA_ALG_CMAC);
+        if (status != PSA_SUCCESS) {
+            return status;
+        }
+
         /* Passing PSA_MAC_LENGTH(PSA_KEY_TYPE_AES, 128U, PSA_ALG_CMAC) as
          * mac_size as the driver function sets mac_output_length = mac_size
          * on success. See https://github.com/Mbed-TLS/mbedtls/issues/7801 */
-        status = psa_driver_wrapper_mac_compute(&attributes,
-                                                zeros, sizeof(zeros),
+        status = psa_driver_wrapper_mac_compute(&slot->attr,
+                                                slot->key.data, slot->key.bytes,
                                                 PSA_ALG_CMAC, input, input_len,
                                                 output,
                                                 PSA_MAC_LENGTH(PSA_KEY_TYPE_AES,
                                                                128U,
                                                                PSA_ALG_CMAC),
                                                 output_len);
+
+        psa_destroy_key(key);
+        unlock_status = psa_unregister_read_under_mutex(slot);
+        return (status == PSA_SUCCESS) ? unlock_status : status;
     } else {
         memcpy(output, input, input_len);
         *output_len = PSA_MAC_LENGTH(PSA_KEY_TYPE_AES, 128U, PSA_ALG_CMAC);

drivers/builtin/src/psa_crypto_cipher.c

@@ -81,7 +81,7 @@ static psa_status_t mbedtls_cipher_validate_values(
     MBEDTLS_ASSUME(alg != PSA_ALG_CBC_PKCS7);
 #endif
 #if !defined(PSA_WANT_ALG_CMAC)
-    MBEDTLS_ASSUME(alg != PSA_ALG_CMAC);
+    MBEDTLS_ASSUME(PSA_ALG_FULL_LENGTH_MAC(alg) != PSA_ALG_CMAC);
 #endif
 
     if (alg == PSA_ALG_STREAM_CIPHER ||
@@ -108,7 +108,7 @@ static psa_status_t mbedtls_cipher_validate_values(
         alg == PSA_ALG_ECB_NO_PADDING ||
         alg == PSA_ALG_CBC_NO_PADDING ||
         alg == PSA_ALG_CBC_PKCS7 ||
-        alg == PSA_ALG_CMAC) {
+        PSA_ALG_FULL_LENGTH_MAC(alg) == PSA_ALG_CMAC) {
         if (key_type == PSA_KEY_TYPE_AES ||
             key_type == PSA_KEY_TYPE_ARIA ||
             key_type == PSA_KEY_TYPE_DES ||
@@ -197,7 +197,7 @@ psa_status_t mbedtls_cipher_values_from_psa(
             default:
                 return PSA_ERROR_NOT_SUPPORTED;
         }
-    } else if (alg == PSA_ALG_CMAC) {
+    } else if (PSA_ALG_FULL_LENGTH_MAC(alg) == PSA_ALG_CMAC) {
         *mode = MBEDTLS_MODE_ECB;
     } else {
         return PSA_ERROR_NOT_SUPPORTED;