yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge remote-tracking branch 'psa/psa-wrapper-apis-aead' into feature-psa

Browse source
This commit is contained in:
Gilles Peskine 2018-06-08 18:42:25 +02:00 committed by itayzafrir
commit 84861a95ca
5 changed files with 696 additions and 121 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

236
include/psa/crypto.h
View file

@ -716,7 +716,7 @@ typedef struct psa_hash_operation_s psa_hash_operation_t;
* - A failed call to psa_hash_update().
* - A call to psa_hash_finish(), psa_hash_verify() or psa_hash_abort().
*
* \param operation
* \param operation The operation object to use.
* \param alg The hash algorithm to compute (\c PSA_ALG_XXX value
* such that #PSA_ALG_IS_HASH(alg) is true).
*
@ -909,7 +909,7 @@ typedef struct psa_mac_operation_s psa_mac_operation_t;
* - A failed call to psa_mac_update().
* - A call to psa_mac_finish(), psa_mac_verify() or psa_mac_abort().
*
* \param operation
* \param operation The operation object to use.
* \param alg The MAC algorithm to compute (\c PSA_ALG_XXX value
* such that #PSA_ALG_IS_MAC(alg) is true).
*
@ -985,7 +985,7 @@ typedef struct psa_cipher_operation_s psa_cipher_operation_t;
* or psa_cipher_update().
* - A call to psa_cipher_finish() or psa_cipher_abort().
*
* \param operation
* \param operation The operation object to use.
* \param alg The cipher algorithm to compute (\c PSA_ALG_XXX value
* such that #PSA_ALG_IS_CIPHER(alg) is true).
*
@ -1032,7 +1032,7 @@ psa_status_t psa_encrypt_setup(psa_cipher_operation_t *operation,
* - A failed call to psa_cipher_update().
* - A call to psa_cipher_finish() or psa_cipher_abort().
*
* \param operation
* \param operation The operation object to use.
* \param alg The cipher algorithm to compute (\c PSA_ALG_XXX value
* such that #PSA_ALG_IS_CIPHER(alg) is true).
*
@ -1082,46 +1082,77 @@ psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation);
* @{
*/
/** The type of the state data structure for multipart AEAD operations.
/** The tag size for an AEAD algorithm, in bytes.
*
* This is an implementation-defined \c struct. Applications should not
* make any assumptions about the content of this structure except
* as directed by the documentation of a specific implementation. */
typedef struct psa_aead_operation_s psa_aead_operation_t;
* \param alg An AEAD algorithm
* (\c PSA_ALG_XXX value such that
* #PSA_ALG_IS_AEAD(alg) is true).
*
* \return The tag size for the specified algorithm.
* If the AEAD algorithm does not have an identified
* tag that can be distinguished from the rest of
* the ciphertext, return 0.
* If the AEAD algorithm is not recognized, return 0.
* An implementation may return either 0 or a
* correct size for an AEAD algorithm that it
* recognizes, but does not support.
*/
#define PSA_AEAD_TAG_SIZE(alg) \
((alg) == PSA_ALG_GCM ? 16 : \
(alg) == PSA_ALG_CCM ? 16 : \
0)
/** Set the key for a multipart authenticated encryption operation.
/** The maximum size of the output of psa_aead_encrypt(), in bytes.
*
* The sequence of operations to authenticate-and-encrypt a message
* is as follows:
* -# Allocate an operation object which will be passed to all the functions
* listed here.
* -# Call psa_aead_encrypt_setup() to specify the algorithm and key.
* The key remains associated with the operation even if the content
* of the key slot changes.
* -# Call either psa_aead_generate_iv() or psa_aead_set_iv() to
* generate or set the IV (initialization vector). You should use
* psa_encrypt_generate_iv() unless the protocol you are implementing
* requires a specific IV value.
* -# Call psa_aead_update_ad() to pass the associated data that is
* to be authenticated but not encrypted. You may omit this step if
* there is no associated data.
* -# Call psa_aead_update() zero, one or more times, passing a fragment
* of the data to encrypt each time.
* -# Call psa_aead_finish().
* If the size of the ciphertext buffer is at least this large, it is
* guaranteed that psa_aead_encrypt() will not fail due to an
* insufficient buffer size. Depending on the algorithm, the actual size of
* the ciphertext may be smaller.
*
* The application may call psa_aead_abort() at any time after the operation
* has been initialized with psa_aead_encrypt_setup().
* \param alg An AEAD algorithm
* (\c PSA_ALG_XXX value such that
* #PSA_ALG_IS_AEAD(alg) is true).
* \param plaintext_length Size of the plaintext in bytes.
*
* After a successful call to psa_aead_encrypt_setup(), the application must
* eventually terminate the operation. The following events terminate an
* operation:
* - A failed call to psa_aead_generate_iv(), psa_aead_set_iv(),
* psa_aead_update_ad() or psa_aead_update().
* - A call to psa_aead_finish() or psa_aead_abort().
* \return The AEAD ciphertext size for the specified
* algorithm.
* If the AEAD algorithm is not recognized, return 0.
* An implementation may return either 0 or a
* correct size for an AEAD algorithm that it
* recognizes, but does not support.
*/
#define PSA_AEAD_ENCRYPT_OUTPUT_SIZE(alg, plaintext_length) \
(PSA_AEAD_TAG_SIZE(alg) != 0 ? \
(plaintext_length) + PSA_AEAD_TAG_SIZE(alg) : \
0)
/** Process an authenticated encryption operation.
*
* \param operation
* \param alg The AEAD algorithm to compute (\c PSA_ALG_XXX value
* such that #PSA_ALG_IS_AEAD(alg) is true).
* \param key Slot containing the key to use.
* \param alg The AEAD algorithm to compute
* (\c PSA_ALG_XXX value such that
* #PSA_ALG_IS_AEAD(alg) is true).
* \param nonce Nonce or IV to use.
* \param nonce_length Size of the \p nonce buffer in bytes.
* \param additional_data Additional data that will be authenticated
* but not encrypted.
* \param additional_data_length Size of \p additional_data in bytes.
* \param plaintext Data that will be authenticated and
* encrypted.
* \param plaintext_length Size of \p plaintext in bytes.
* \param ciphertext Output buffer for the authenticated and
* encrypted data. The additional data is not
* part of this output. For algorithms where the
* encrypted data and the authentication tag
* are defined as separate outputs, the
* authentication tag is appended to the
* encrypted data.
* \param ciphertext_size Size of the \p ciphertext buffer in bytes.
* This must be at least
* #PSA_AEAD_ENCRYPT_OUTPUT_SIZE(\p alg,
* \p plaintext_length).
* \param ciphertext_length On success, the size of the output
* in the \b ciphertext buffer.
*
* \retval PSA_SUCCESS
* Success.
@ -1136,44 +1167,73 @@ typedef struct psa_aead_operation_s psa_aead_operation_t;
* \retval PSA_ERROR_HARDWARE_FAILURE
* \retval PSA_ERROR_TAMPERING_DETECTED
*/
psa_status_t psa_aead_encrypt_setup(psa_aead_operation_t *operation,
psa_key_slot_t key,
psa_algorithm_t alg);
psa_status_t psa_aead_encrypt( psa_key_slot_t key,
psa_algorithm_t alg,
const uint8_t *nonce,
size_t nonce_length,
const uint8_t *additional_data,
size_t additional_data_length,
const uint8_t *plaintext,
size_t plaintext_length,
uint8_t *ciphertext,
size_t ciphertext_size,
size_t *ciphertext_length );
/** Set the key for a multipart authenticated decryption operation.
/** The maximum size of the output of psa_aead_decrypt(), in bytes.
*
* The sequence of operations to authenticated and decrypt a message
* is as follows:
* -# Allocate an operation object which will be passed to all the functions
* listed here.
* -# Call psa_aead_decrypt_setup() to specify the algorithm and key.
* The key remains associated with the operation even if the content
* of the key slot changes.
* -# Call psa_aead_set_iv() to pass the initialization vector (IV)
* for the authenticated decryption.
* -# Call psa_aead_update_ad() to pass the associated data that is
* to be authenticated but not encrypted. You may omit this step if
* there is no associated data.
* -# Call psa_aead_update() zero, one or more times, passing a fragment
* of the data to decrypt each time.
* -# Call psa_aead_finish().
* If the size of the plaintext buffer is at least this large, it is
* guaranteed that psa_aead_decrypt() will not fail due to an
* insufficient buffer size. Depending on the algorithm, the actual size of
* the plaintext may be smaller.
*
* The application may call psa_aead_abort() at any time after the operation
* has been initialized with psa_aead_decrypt_setup().
* \param alg An AEAD algorithm
* (\c PSA_ALG_XXX value such that
* #PSA_ALG_IS_AEAD(alg) is true).
* \param ciphertext_length Size of the plaintext in bytes.
*
* After a successful call to psa_aead_decrypt_setup(), the application must
* eventually terminate the operation. The following events terminate an
* operation:
* - A failed call to psa_aead_update().
* - A call to psa_aead_finish() or psa_aead_abort().
* \return The AEAD ciphertext size for the specified
* algorithm.
* If the AEAD algorithm is not recognized, return 0.
* An implementation may return either 0 or a
* correct size for an AEAD algorithm that it
* recognizes, but does not support.
*/
#define PSA_AEAD_DECRYPT_OUTPUT_SIZE(alg, ciphertext_length) \
(PSA_AEAD_TAG_SIZE(alg) != 0 ? \
(plaintext_length) - PSA_AEAD_TAG_SIZE(alg) : \
0)
/** Process an authenticated decryption operation.
*
* \param operation
* \param alg The AEAD algorithm to compute (\c PSA_ALG_XXX value
* such that #PSA_ALG_IS_AEAD(alg) is true).
* \param key Slot containing the key to use.
* \param alg The AEAD algorithm to compute
* (\c PSA_ALG_XXX value such that
* #PSA_ALG_IS_AEAD(alg) is true).
* \param nonce Nonce or IV to use.
* \param nonce_length Size of the \p nonce buffer in bytes.
* \param additional_data Additional data that has been authenticated
* but not encrypted.
* \param additional_data_length Size of \p additional_data in bytes.
* \param ciphertext Data that has been authenticated and
* encrypted. For algorithms where the
* encrypted data and the authentication tag
* are defined as separate inputs, the buffer
* must contain the encrypted data followed
* by the authentication tag.
* \param ciphertext_length Size of \p ciphertext in bytes.
* \param plaintext Output buffer for the decrypted data.
* \param plaintext_size Size of the \p plaintext buffer in bytes.
* This must be at least
* #PSA_AEAD_DECRYPT_OUTPUT_SIZE(\p alg,
* \p ciphertext_length).
* \param plaintext_length On success, the size of the output
* in the \b plaintext buffer.
*
* \retval PSA_SUCCESS
* Success.
* \retval PSA_ERROR_EMPTY_SLOT
* \retval PSA_ERROR_INVALID_SIGNATURE
* The ciphertext is not authentic.
* \retval PSA_ERROR_NOT_PERMITTED
* \retval PSA_ERROR_INVALID_ARGUMENT
* \c key is not compatible with \c alg.
@ -1184,37 +1244,17 @@ psa_status_t psa_aead_encrypt_setup(psa_aead_operation_t *operation,
* \retval PSA_ERROR_HARDWARE_FAILURE
* \retval PSA_ERROR_TAMPERING_DETECTED
*/
psa_status_t psa_aead_decrypt_setup(psa_aead_operation_t *operation,
psa_key_slot_t key,
psa_algorithm_t alg);
psa_status_t psa_aead_generate_iv(psa_aead_operation_t *operation,
unsigned char *iv,
size_t iv_size,
size_t *iv_length);
psa_status_t psa_aead_set_iv(psa_aead_operation_t *operation,
const unsigned char *iv,
size_t iv_length);
psa_status_t psa_aead_update_ad(psa_aead_operation_t *operation,
const uint8_t *input,
size_t input_length);
psa_status_t psa_aead_update(psa_aead_operation_t *operation,
const uint8_t *input,
size_t input_length);
psa_status_t psa_aead_finish(psa_aead_operation_t *operation,
uint8_t *tag,
size_t tag_size,
size_t *tag_length);
psa_status_t psa_aead_verify(psa_aead_operation_t *operation,
uint8_t *tag,
size_t tag_length);
psa_status_t psa_aead_abort(psa_aead_operation_t *operation);
psa_status_t psa_aead_decrypt( psa_key_slot_t key,
psa_algorithm_t alg,
const uint8_t *nonce,
size_t nonce_length,
const uint8_t *additional_data,
size_t additional_data_length,
const uint8_t *ciphertext,
size_t ciphertext_length,
uint8_t *plaintext,
size_t plaintext_size,
size_t *plaintext_length );
/**@}*/

14
include/psa/crypto_struct.h
View file

@ -111,20 +111,6 @@ struct psa_cipher_operation_s
} ctx;
};
struct psa_aead_operation_s
{
psa_algorithm_t alg;
int key_set : 1;
int iv_set : 1;
int ad_set : 1;
uint8_t iv_size;
uint8_t block_size;
union
{
unsigned dummy; /* Make the union non-empty even with no supported algorithms. */
} ctx;
};
struct psa_key_policy_s
{
psa_key_usage_t usage;

283
library/psa_crypto.c
View file

@ -910,10 +910,11 @@ psa_status_t psa_hash_verify(psa_hash_operation_t *operation,
static const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa(
psa_algorithm_t alg,
psa_key_type_t key_type,
size_t key_bits )
size_t key_bits,
mbedtls_cipher_id_t* cipher_id )
{
mbedtls_cipher_id_t cipher_id;
mbedtls_cipher_mode_t mode;
mbedtls_cipher_id_t cipher_id_tmp;
if( PSA_ALG_IS_CIPHER( alg ) || PSA_ALG_IS_AEAD( alg ) )
{
@ -958,25 +959,27 @@ static const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa(
switch( key_type )
{
case PSA_KEY_TYPE_AES:
cipher_id = MBEDTLS_CIPHER_ID_AES;
cipher_id_tmp = MBEDTLS_CIPHER_ID_AES;
break;
case PSA_KEY_TYPE_DES:
if( key_bits == 64 )
cipher_id = MBEDTLS_CIPHER_ID_DES;
cipher_id_tmp = MBEDTLS_CIPHER_ID_DES;
else
cipher_id = MBEDTLS_CIPHER_ID_3DES;
cipher_id_tmp = MBEDTLS_CIPHER_ID_3DES;
break;
case PSA_KEY_TYPE_CAMELLIA:
cipher_id = MBEDTLS_CIPHER_ID_CAMELLIA;
cipher_id_tmp = MBEDTLS_CIPHER_ID_CAMELLIA;
break;
case PSA_KEY_TYPE_ARC4:
cipher_id = MBEDTLS_CIPHER_ID_ARC4;
cipher_id_tmp = MBEDTLS_CIPHER_ID_ARC4;
break;
default:
return( NULL );
}
if( cipher_id != NULL )
*cipher_id = cipher_id_tmp;
return( mbedtls_cipher_info_from_values( cipher_id, key_bits, mode ) );
return( mbedtls_cipher_info_from_values( cipher_id_tmp, key_bits, mode ) );
}
psa_status_t psa_mac_abort( psa_mac_operation_t *operation )
@ -1036,7 +1039,7 @@ psa_status_t psa_mac_start( psa_mac_operation_t *operation,
if( ! PSA_ALG_IS_HMAC( alg ) )
{
cipher_info = mbedtls_cipher_info_from_psa( alg, key_type, key_bits );
cipher_info = mbedtls_cipher_info_from_psa( alg, key_type, key_bits, NULL );
if( cipher_info == NULL )
return( PSA_ERROR_NOT_SUPPORTED );
operation->mac_size = cipher_info->block_size;
@ -1755,6 +1758,268 @@ psa_status_t psa_set_key_lifetime(psa_key_slot_t key,
}
/****************************************************************/
/* AEAD */
/****************************************************************/
psa_status_t psa_aead_encrypt( psa_key_slot_t key,
psa_algorithm_t alg,
const uint8_t *nonce,
size_t nonce_length,
const uint8_t *additional_data,
size_t additional_data_length,
const uint8_t *plaintext,
size_t plaintext_length,
uint8_t *ciphertext,
size_t ciphertext_size,
size_t *ciphertext_length )
{
int ret;
psa_status_t status;
key_slot_t *slot;
psa_key_type_t key_type;
size_t key_bits;
uint8_t *tag;
size_t tag_length;
mbedtls_cipher_id_t cipher_id;
const mbedtls_cipher_info_t *cipher_info = NULL;
*ciphertext_length = 0;
status = psa_get_key_information( key, &key_type, &key_bits );
if( status != PSA_SUCCESS )
return( status );
slot = &global_data.key_slots[key];
if( slot->type == PSA_KEY_TYPE_NONE )
return( PSA_ERROR_EMPTY_SLOT );
cipher_info = mbedtls_cipher_info_from_psa( alg, key_type,
key_bits, &cipher_id );
if( cipher_info == NULL )
return( PSA_ERROR_NOT_SUPPORTED );
if( !( slot->policy.usage & PSA_KEY_USAGE_ENCRYPT ) )
return( PSA_ERROR_NOT_PERMITTED );
if ( ( key_type & PSA_KEY_TYPE_CATEGORY_MASK ) !=
PSA_KEY_TYPE_CATEGORY_SYMMETRIC )
return( PSA_ERROR_INVALID_ARGUMENT );
if( alg == PSA_ALG_GCM )
{
mbedtls_gcm_context gcm;
tag_length = 16;
if( PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) != 16 )
return( PSA_ERROR_INVALID_ARGUMENT );
//make sure we have place to hold the tag in the ciphertext buffer
if( ciphertext_size < ( plaintext_length + tag_length ) )
return( PSA_ERROR_BUFFER_TOO_SMALL );
//update the tag pointer to point to the end of the ciphertext_length
tag = ciphertext + plaintext_length;
mbedtls_gcm_init( &gcm );
ret = mbedtls_gcm_setkey( &gcm, cipher_id,
slot->data.raw.data,
key_bits );
if( ret != 0 )
{
mbedtls_gcm_free( &gcm );
return( mbedtls_to_psa_error( ret ) );
}
ret = mbedtls_gcm_crypt_and_tag( &gcm, MBEDTLS_GCM_ENCRYPT,
plaintext_length, nonce,
nonce_length, additional_data,
additional_data_length, plaintext,
ciphertext, tag_length, tag );
mbedtls_gcm_free( &gcm );
}
else if( alg == PSA_ALG_CCM )
{
mbedtls_ccm_context ccm;
tag_length = 16;
if( PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) != 16 )
return( PSA_ERROR_INVALID_ARGUMENT );
if( nonce_length < 7 || nonce_length > 13 )
return( PSA_ERROR_INVALID_ARGUMENT );
//make sure we have place to hold the tag in the ciphertext buffer
if( ciphertext_size < ( plaintext_length + tag_length ) )
return( PSA_ERROR_BUFFER_TOO_SMALL );
//update the tag pointer to point to the end of the ciphertext_length
tag = ciphertext + plaintext_length;
mbedtls_ccm_init( &ccm );
ret = mbedtls_ccm_setkey( &ccm, cipher_id,
slot->data.raw.data, key_bits );
if( ret != 0 )
{
mbedtls_ccm_free( &ccm );
return( mbedtls_to_psa_error( ret ) );
}
ret = mbedtls_ccm_encrypt_and_tag( &ccm, plaintext_length,
nonce, nonce_length, additional_data,
additional_data_length,
plaintext, ciphertext,
tag, tag_length );
mbedtls_ccm_free( &ccm );
}
else
{
return( PSA_ERROR_NOT_SUPPORTED );
}
if( ret != 0 )
{
memset( ciphertext, 0, ciphertext_size );
return( mbedtls_to_psa_error( ret ) );
}
*ciphertext_length = plaintext_length + tag_length;
return( PSA_SUCCESS );
}
/* Locate the tag in a ciphertext buffer containing the encrypted data
* followed by the tag. Return the length of the part preceding the tag in
* *plaintext_length. This is the size of the plaintext in modes where
* the encrypted data has the same size as the plaintext, such as
* CCM and GCM. */
static psa_status_t psa_aead_unpadded_locate_tag( size_t tag_length,
const uint8_t *ciphertext,
size_t ciphertext_length,
size_t plaintext_size,
const uint8_t **p_tag )
{
size_t payload_length;
if( tag_length > ciphertext_length )
return( PSA_ERROR_INVALID_ARGUMENT );
payload_length = ciphertext_length - tag_length;
if( payload_length > plaintext_size )
return( PSA_ERROR_BUFFER_TOO_SMALL );
*p_tag = ciphertext + payload_length;
return( PSA_SUCCESS );
}
psa_status_t psa_aead_decrypt( psa_key_slot_t key,
psa_algorithm_t alg,
const uint8_t *nonce,
size_t nonce_length,
const uint8_t *additional_data,
size_t additional_data_length,
const uint8_t *ciphertext,
size_t ciphertext_length,
uint8_t *plaintext,
size_t plaintext_size,
size_t *plaintext_length )
{
int ret;
psa_status_t status;
key_slot_t *slot;
psa_key_type_t key_type;
size_t key_bits;
const uint8_t *tag;
size_t tag_length;
mbedtls_cipher_id_t cipher_id;
const mbedtls_cipher_info_t *cipher_info = NULL;
*plaintext_length = 0;
status = psa_get_key_information( key, &key_type, &key_bits );
if( status != PSA_SUCCESS )
return( status );
slot = &global_data.key_slots[key];
if( slot->type == PSA_KEY_TYPE_NONE )
return( PSA_ERROR_EMPTY_SLOT );
cipher_info = mbedtls_cipher_info_from_psa( alg, key_type,
key_bits, &cipher_id );
if( cipher_info == NULL )
return( PSA_ERROR_NOT_SUPPORTED );
if( !( slot->policy.usage & PSA_KEY_USAGE_DECRYPT ) )
return( PSA_ERROR_NOT_PERMITTED );
if ( ( key_type & PSA_KEY_TYPE_CATEGORY_MASK ) !=
PSA_KEY_TYPE_CATEGORY_SYMMETRIC )
return( PSA_ERROR_INVALID_ARGUMENT );
if( alg == PSA_ALG_GCM )
{
mbedtls_gcm_context gcm;
tag_length = 16;
status = psa_aead_unpadded_locate_tag( tag_length,
ciphertext, ciphertext_length,
plaintext_size, &tag );
if( status != PSA_SUCCESS )
return( status );
mbedtls_gcm_init( &gcm );
ret = mbedtls_gcm_setkey( &gcm, cipher_id,
slot->data.raw.data, key_bits );
if( ret != 0 )
{
mbedtls_gcm_free( &gcm );
return( mbedtls_to_psa_error( ret ) );
}
ret = mbedtls_gcm_auth_decrypt( &gcm,
ciphertext_length - tag_length,
nonce, nonce_length,
additional_data,
additional_data_length,
tag, tag_length,
ciphertext, plaintext );
mbedtls_gcm_free( &gcm );
}
else if( alg == PSA_ALG_CCM )
{
mbedtls_ccm_context ccm;
if( nonce_length < 7 || nonce_length > 13 )
return( PSA_ERROR_INVALID_ARGUMENT );
tag_length = 16;
status = psa_aead_unpadded_locate_tag( tag_length,
ciphertext, ciphertext_length,
plaintext_size, &tag );
if( status != PSA_SUCCESS )
return( status );
mbedtls_ccm_init( &ccm );
ret = mbedtls_ccm_setkey( &ccm, cipher_id,
slot->data.raw.data, key_bits );
if( ret != 0 )
{
mbedtls_ccm_free( &ccm );
return( mbedtls_to_psa_error( ret ) );
}
ret = mbedtls_ccm_auth_decrypt( &ccm, ciphertext_length - tag_length,
nonce, nonce_length,
additional_data, additional_data_length,
ciphertext, plaintext,
tag, tag_length );
mbedtls_ccm_free( &ccm );
}
else
{
return( PSA_ERROR_NOT_SUPPORTED );
}
if( ret != 0 )
memset( plaintext, 0, plaintext_size );
else
*plaintext_length = ciphertext_length - tag_length;
return( mbedtls_to_psa_error( ret ) );
}
/****************************************************************/
/* Module setup */

48
tests/suites/test_suite_psa_crypto.data
View file

@ -236,3 +236,51 @@ sign_fail:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_KEY_TYPE_ECC_CURVE_NISTP256R1):"307802010
PSA verify ECDSA SECP256R1 SHA-256
depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
asymmetric_verify:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_KEY_TYPE_ECC_CURVE_NISTP256R1):"3078020101042100ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3aa00a06082a8648ce3d030107a14403420004dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_SHA_256:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"304502206a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151022100ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f"
PSA AEAD Encrypt-Decrypt, AES CCM 19-bytes input - 1
aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":PSA_ALG_CCM:"0C0D0E0F101112131415161718191A1B1C1D1E":"000102030405060708090A0B":"000102030405060708090A0B":PSA_SUCCESS
PSA AEAD Encrypt-Decrypt, AES CCM 19-bytes input - 2
aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CCM:"B96B49E21D621741632875DB7F6C9243D2D7C2":"000102030405060708090A0B":"EC46BB63B02520C33C49FD70":PSA_SUCCESS
PSA AEAD Encrypt-Decrypt, Fail Scenario - Invalid key type
aead_encrypt_decrypt:PSA_KEY_TYPE_DES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CCM:"B96B49E21D621741632875DB7F6C9243D2D7C2":"000102030405060708090A0B":"EC46BB63B02520C33C49FD70":PSA_ERROR_NOT_SUPPORTED
PSA AEAD Encrypt, AES CCM - 23-bytes input
aead_encrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CCM:"08E8CF97D820EA258460E96AD9CF5289054D895CEAC47C":"0BE1A88BACE018B1":"00412B4EA9CDBE3C9696766CFA":"4CB97F86A2A4689A877947AB8091EF5386A6FFBDD080F8120333D1FCB691F3406CBF531F83A4D8"
PSA AEAD Encrypt, AES CCM - 24-bytes input
aead_encrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"48c0906930561e0ab0ef4cd972":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6d80e8bf80f4a46cab06d4313f0db9be9"
PSA AEAD Decrypt, AES CCM - 39-bytes input
aead_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CCM:"4CB97F86A2A4689A877947AB8091EF5386A6FFBDD080F8120333D1FCB691F3406CBF531F83A4D8":"0BE1A88BACE018B1":"00412B4EA9CDBE3C9696766CFA":"08E8CF97D820EA258460E96AD9CF5289054D895CEAC47C":PSA_SUCCESS
PSA AEAD Decrypt, AES CCM - 40-bytes input
aead_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6d80e8bf80f4a46cab06d4313f0db9be9":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"48c0906930561e0ab0ef4cd972":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_SUCCESS
PSA AEAD Decrypt, AES CCM - invalid signature
aead_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:"26d56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6d80e8bf80f4a46cab06d4313f0db9be9":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"48c0906930561e0ab0ef4cd972":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_SIGNATURE
PSA AEAD Encrypt-Decrypt, AES GCM 19-bytes input - 1
aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":PSA_ALG_GCM:"0C0D0E0F101112131415161718191A1B1C1D1E":"000102030405060708090A0B0C0D0E0F":"000102030405060708090A0B":PSA_SUCCESS
PSA AEAD Encrypt-Decrypt, AES GCM 19-bytes input - 2
aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_GCM:"B96B49E21D621741632875DB7F6C9243D2D7C2":"000102030405060708090A0B0C0D0E0F":"EC46BB63B02520C33C49FD70":PSA_SUCCESS
PSA AEAD Encrypt, AES GCM - 128-bytes input - 1
aead_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"00e440846db73a490573deaf3728c94f":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96"
PSA AEAD Encrypt, AES GCM - 128-bytes input - 2
aead_encrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":"97ce3f848276783599c6875de324361e":"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56"
PSA AEAD Decrypt, AES GCM - 144-bytes input - 1
aead_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"00e440846db73a490573deaf3728c94f":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS
PSA AEAD Decrypt, AES GCM - 144-bytes input - 2
aead_decrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":"97ce3f848276783599c6875de324361e":"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":PSA_SUCCESS
PSA AEAD Decrypt, AES GCM - invalid signature
aead_decrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"12195120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":"97ce3f848276783599c6875de324361e":"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":PSA_ERROR_INVALID_SIGNATURE
PSA AEAD Encrypt-Decrypt, Fail Scenario - Invalid algorithm
aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CTR:"B96B49E21D621741632875DB7F6C9243D2D7C2":"000102030405060708090A0B0C0D0E0F":"EC46BB63B02520C33C49FD70":PSA_ERROR_NOT_SUPPORTED

236
tests/suites/test_suite_psa_crypto.function
View file

@ -1142,3 +1142,239 @@ exit:
mbedtls_psa_crypto_free( );
}
/* END_CASE */
/* BEGIN_CASE */
void aead_encrypt_decrypt( int key_type_arg, char * key_hex,
int alg_arg, char * input_hex, char * nonce_hex,
char * add_data, int expected_result_arg )
{
int slot = 1;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
unsigned char *key_data = NULL;
size_t key_size;
unsigned char *input_data = NULL;
size_t input_size;
unsigned char *output_data = NULL;
size_t output_size = 0;
size_t output_length = 0;
unsigned char *output_data2 = NULL;
size_t output_length2 = 0;
uint8_t* nonce;
size_t nonce_length = 16;
size_t tag_length = 16;
unsigned char *additional_data = NULL;
size_t additional_data_length = 0;
psa_status_t expected_result = (psa_status_t) expected_result_arg;
psa_key_policy_t policy = {0};
key_data = unhexify_alloc( key_hex, &key_size );
TEST_ASSERT( key_data != NULL );
input_data = unhexify_alloc( input_hex, &input_size );
TEST_ASSERT( input_data != NULL );
additional_data = unhexify_alloc( add_data, &additional_data_length );
TEST_ASSERT( input_data != NULL );
output_size = input_size + tag_length;
output_data = mbedtls_calloc( 1, output_size );
TEST_ASSERT( output_data != NULL );
nonce = unhexify_alloc( nonce_hex, &nonce_length );
TEST_ASSERT( nonce != NULL );
TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
psa_key_policy_init( &policy );
psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT , alg );
TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
TEST_ASSERT( psa_import_key( slot, key_type,
key_data, key_size ) == PSA_SUCCESS );
TEST_ASSERT( psa_aead_encrypt( slot, alg,
nonce, nonce_length,
additional_data, additional_data_length,
input_data, input_size, output_data,
output_size, &output_length ) == expected_result );
if( PSA_SUCCESS == expected_result )
{
output_data2 = mbedtls_calloc( 1, output_length );
TEST_ASSERT( output_data2 != NULL );
TEST_ASSERT( psa_aead_decrypt( slot, alg,
nonce, nonce_length,
additional_data, additional_data_length,
output_data, output_length, output_data2,
output_length, &output_length2 ) == expected_result );
TEST_ASSERT( memcmp( input_data, output_data2,
input_size ) == 0 );
}
exit:
psa_destroy_key( slot );
mbedtls_free( key_data );
mbedtls_free( input_data );
mbedtls_free( additional_data );
mbedtls_free( output_data );
mbedtls_free( output_data2 );
mbedtls_psa_crypto_free( );
}
/* END_CASE */
/* BEGIN_CASE */
void aead_encrypt( int key_type_arg, char * key_hex,
int alg_arg, char * input_hex,
char * add_data, char * nonce_hex,
char * expected_result_hex )
{
int slot = 1;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
unsigned char *key_data = NULL;
size_t key_size;
unsigned char *input_data = NULL;
size_t input_size;
unsigned char *output_data = NULL;
size_t output_size = 0;
size_t output_length = 0;
unsigned char *expected_result = NULL;
size_t expected_result_length = 0;
uint8_t* nonce = NULL;
size_t nonce_length = 0;
size_t tag_length = 16;
unsigned char *additional_data = NULL;
size_t additional_data_length = 0;
psa_key_policy_t policy = {0};
key_data = unhexify_alloc( key_hex, &key_size );
TEST_ASSERT( key_data != NULL );
input_data = unhexify_alloc( input_hex, &input_size );
TEST_ASSERT( input_data != NULL );
additional_data = unhexify_alloc( add_data, &additional_data_length );
TEST_ASSERT( input_data != NULL );
output_size = input_size + tag_length;
output_data = mbedtls_calloc( 1, output_size );
TEST_ASSERT( output_data != NULL );
nonce = unhexify_alloc( nonce_hex, &nonce_length );
TEST_ASSERT( nonce != NULL );
expected_result = unhexify_alloc( expected_result_hex, &expected_result_length );
TEST_ASSERT( expected_result != NULL );
TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
psa_key_policy_init( &policy );
psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT , alg );
TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
TEST_ASSERT( psa_import_key( slot, key_type,
key_data, key_size ) == PSA_SUCCESS );
TEST_ASSERT( psa_aead_encrypt( slot, alg,
nonce, nonce_length,
additional_data, additional_data_length,
input_data, input_size, output_data,
output_size, &output_length ) == PSA_SUCCESS );
TEST_ASSERT( memcmp( output_data, expected_result,
output_length ) == 0 );
exit:
psa_destroy_key( slot );
mbedtls_free( key_data );
mbedtls_free( input_data );
mbedtls_free( additional_data );
mbedtls_free( output_data );
mbedtls_free( nonce );
mbedtls_free( expected_result );
mbedtls_psa_crypto_free( );
}
/* END_CASE */
/* BEGIN_CASE */
void aead_decrypt( int key_type_arg, char * key_hex,
int alg_arg, char * input_hex,
char * add_data, char * nonce_hex,
char * expected_result_hex, int expected_result_arg )
{
int slot = 1;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
unsigned char *key_data = NULL;
size_t key_size;
unsigned char *input_data = NULL;
size_t input_size;
unsigned char *output_data = NULL;
size_t output_size = 0;
size_t output_length = 0;
unsigned char *expected_data = NULL;
size_t expected_result_length = 0;
uint8_t* nonce = NULL;
size_t nonce_length = 0;
size_t tag_length = 16;
unsigned char *additional_data = NULL;
size_t additional_data_length = 0;
psa_key_policy_t policy = {0};
psa_status_t expected_result = (psa_status_t) expected_result_arg;
key_data = unhexify_alloc( key_hex, &key_size );
TEST_ASSERT( key_data != NULL );
input_data = unhexify_alloc( input_hex, &input_size );
TEST_ASSERT( input_data != NULL );
additional_data = unhexify_alloc( add_data, &additional_data_length );
TEST_ASSERT( input_data != NULL );
output_size = input_size + tag_length;
output_data = mbedtls_calloc( 1, output_size );
TEST_ASSERT( output_data != NULL );
nonce = unhexify_alloc( nonce_hex, &nonce_length );
TEST_ASSERT( nonce != NULL );
expected_data = unhexify_alloc( expected_result_hex, &expected_result_length );
TEST_ASSERT( expected_data != NULL );
TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
psa_key_policy_init( &policy );
psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DECRYPT , alg );
TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
TEST_ASSERT( psa_import_key( slot, key_type,
key_data, key_size ) == PSA_SUCCESS );
TEST_ASSERT( psa_aead_decrypt( slot, alg,
nonce, nonce_length,
additional_data, additional_data_length,
input_data, input_size, output_data,
output_size, &output_length ) == expected_result );
if ( expected_result == PSA_SUCCESS )
{
TEST_ASSERT( memcmp( output_data, expected_data,
output_length ) == 0 );
}
exit:
psa_destroy_key( slot );
mbedtls_free( key_data );
mbedtls_free( input_data );
mbedtls_free( additional_data );
mbedtls_free( output_data );
mbedtls_free( nonce );
mbedtls_free( expected_data );
mbedtls_psa_crypto_free( );
}
/* END_CASE */