Merge pull request #4256 from ronald-cron-arm/psa-cipher-iv-size
PSA cipher iv size CI is OK, just expected ABI-API-checking failure.
This commit is contained in:
commit
cfcc3784c1
9 changed files with 36 additions and 171 deletions
|
@ -39,8 +39,8 @@
|
|||
typedef struct {
|
||||
/* Context structure for the Mbed TLS cipher implementation. */
|
||||
psa_algorithm_t alg;
|
||||
uint8_t iv_size;
|
||||
uint8_t block_size;
|
||||
uint8_t iv_length;
|
||||
uint8_t block_length;
|
||||
mbedtls_cipher_context_t cipher;
|
||||
} mbedtls_psa_cipher_operation_t;
|
||||
|
||||
|
|
|
@ -143,10 +143,12 @@ struct psa_cipher_operation_s
|
|||
unsigned int iv_required : 1;
|
||||
unsigned int iv_set : 1;
|
||||
|
||||
uint8_t default_iv_length;
|
||||
|
||||
psa_driver_cipher_context_t ctx;
|
||||
};
|
||||
|
||||
#define PSA_CIPHER_OPERATION_INIT {0, 0, 0, {0}}
|
||||
#define PSA_CIPHER_OPERATION_INIT {0, 0, 0, 0, {0}}
|
||||
static inline struct psa_cipher_operation_s psa_cipher_operation_init( void )
|
||||
{
|
||||
const struct psa_cipher_operation_s v = PSA_CIPHER_OPERATION_INIT;
|
||||
|
|
|
@ -3322,6 +3322,7 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation,
|
|||
operation->iv_required = 0;
|
||||
else
|
||||
operation->iv_required = 1;
|
||||
operation->default_iv_length = PSA_CIPHER_IV_LENGTH( slot->attr.type, alg );
|
||||
|
||||
psa_key_attributes_t attributes = {
|
||||
.core = slot->attr
|
||||
|
@ -3371,6 +3372,8 @@ psa_status_t psa_cipher_generate_iv( psa_cipher_operation_t *operation,
|
|||
{
|
||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
|
||||
*iv_length = 0;
|
||||
|
||||
if( operation->id == 0 )
|
||||
{
|
||||
return( PSA_ERROR_BAD_STATE );
|
||||
|
@ -3381,13 +3384,26 @@ psa_status_t psa_cipher_generate_iv( psa_cipher_operation_t *operation,
|
|||
return( PSA_ERROR_BAD_STATE );
|
||||
}
|
||||
|
||||
status = psa_driver_wrapper_cipher_generate_iv( operation,
|
||||
iv,
|
||||
iv_size,
|
||||
iv_length );
|
||||
if( iv_size < operation->default_iv_length )
|
||||
{
|
||||
status = PSA_ERROR_BUFFER_TOO_SMALL;
|
||||
goto exit;
|
||||
}
|
||||
|
||||
status = psa_generate_random( iv, operation->default_iv_length );
|
||||
if( status != PSA_SUCCESS )
|
||||
goto exit;
|
||||
|
||||
status = psa_driver_wrapper_cipher_set_iv( operation,
|
||||
iv,
|
||||
operation->default_iv_length );
|
||||
|
||||
exit:
|
||||
if( status == PSA_SUCCESS )
|
||||
{
|
||||
operation->iv_set = 1;
|
||||
*iv_length = operation->default_iv_length;
|
||||
}
|
||||
else
|
||||
psa_cipher_abort( operation );
|
||||
|
||||
|
@ -3401,14 +3417,13 @@ psa_status_t psa_cipher_set_iv( psa_cipher_operation_t *operation,
|
|||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
|
||||
if( operation->id == 0 )
|
||||
{
|
||||
return( PSA_ERROR_BAD_STATE );
|
||||
}
|
||||
|
||||
if( operation->iv_set || ! operation->iv_required )
|
||||
{
|
||||
return( PSA_ERROR_BAD_STATE );
|
||||
}
|
||||
|
||||
if( iv_length > PSA_CIPHER_IV_MAX_SIZE )
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
|
||||
status = psa_driver_wrapper_cipher_set_iv( operation,
|
||||
iv,
|
||||
|
|
|
@ -219,19 +219,9 @@ static psa_status_t cipher_setup(
|
|||
goto exit;
|
||||
#endif /* BUILTIN_ALG_CBC_NO_PADDING || BUILTIN_ALG_CBC_PKCS7 */
|
||||
|
||||
operation->block_size = ( PSA_ALG_IS_STREAM_CIPHER( alg ) ? 1 :
|
||||
operation->block_length = ( PSA_ALG_IS_STREAM_CIPHER( alg ) ? 1 :
|
||||
PSA_BLOCK_CIPHER_BLOCK_LENGTH( key_type ) );
|
||||
if( ( alg & PSA_ALG_CIPHER_FROM_BLOCK_FLAG ) != 0 &&
|
||||
alg != PSA_ALG_ECB_NO_PADDING )
|
||||
{
|
||||
operation->iv_size = PSA_BLOCK_CIPHER_BLOCK_LENGTH( key_type );
|
||||
}
|
||||
#if defined(BUILTIN_KEY_TYPE_CHACHA20)
|
||||
else
|
||||
if( ( alg == PSA_ALG_STREAM_CIPHER ) &&
|
||||
( key_type == PSA_KEY_TYPE_CHACHA20 ) )
|
||||
operation->iv_size = 12;
|
||||
#endif
|
||||
operation->iv_length = PSA_CIPHER_IV_LENGTH( key_type, alg );
|
||||
|
||||
exit:
|
||||
return( mbedtls_to_psa_error( ret ) );
|
||||
|
@ -262,7 +252,7 @@ static psa_status_t cipher_decrypt_setup(
|
|||
static psa_status_t cipher_set_iv( mbedtls_psa_cipher_operation_t *operation,
|
||||
const uint8_t *iv, size_t iv_length )
|
||||
{
|
||||
if( iv_length != operation->iv_size )
|
||||
if( iv_length != operation->iv_length )
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
|
||||
return( mbedtls_to_psa_error(
|
||||
|
@ -270,24 +260,6 @@ static psa_status_t cipher_set_iv( mbedtls_psa_cipher_operation_t *operation,
|
|||
iv, iv_length ) ) );
|
||||
}
|
||||
|
||||
static psa_status_t cipher_generate_iv(
|
||||
mbedtls_psa_cipher_operation_t *operation,
|
||||
uint8_t *iv, size_t iv_size, size_t *iv_length )
|
||||
{
|
||||
int status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
|
||||
if( iv_size < operation->iv_size )
|
||||
return( PSA_ERROR_BUFFER_TOO_SMALL );
|
||||
|
||||
status = psa_generate_random( iv, operation->iv_size );
|
||||
if( status != PSA_SUCCESS )
|
||||
return( status );
|
||||
|
||||
*iv_length = operation->iv_size;
|
||||
|
||||
return( cipher_set_iv( operation, iv, *iv_length ) );
|
||||
}
|
||||
|
||||
/* Process input for which the algorithm is set to ECB mode. This requires
|
||||
* manual processing, since the PSA API is defined as being able to process
|
||||
* arbitrary-length calls to psa_cipher_update() with ECB mode, but the
|
||||
|
@ -394,7 +366,7 @@ static psa_status_t cipher_update( mbedtls_psa_cipher_operation_t *operation,
|
|||
* output in this call. */
|
||||
expected_output_size =
|
||||
( operation->cipher.unprocessed_len + input_length )
|
||||
/ operation->block_size * operation->block_size;
|
||||
/ operation->block_length * operation->block_length;
|
||||
}
|
||||
else
|
||||
{
|
||||
|
@ -499,13 +471,6 @@ psa_status_t mbedtls_psa_cipher_decrypt_setup(
|
|||
operation, attributes, key_buffer, key_buffer_size, alg ) );
|
||||
}
|
||||
|
||||
psa_status_t mbedtls_psa_cipher_generate_iv(
|
||||
mbedtls_psa_cipher_operation_t *operation,
|
||||
uint8_t *iv, size_t iv_size, size_t *iv_length )
|
||||
{
|
||||
return( cipher_generate_iv( operation, iv, iv_size, iv_length ) );
|
||||
}
|
||||
|
||||
psa_status_t mbedtls_psa_cipher_set_iv( mbedtls_psa_cipher_operation_t *operation,
|
||||
const uint8_t *iv,
|
||||
size_t iv_length )
|
||||
|
@ -563,13 +528,6 @@ psa_status_t mbedtls_transparent_test_driver_cipher_decrypt_setup(
|
|||
operation, attributes, key_buffer, key_buffer_size, alg ) );
|
||||
}
|
||||
|
||||
psa_status_t mbedtls_transparent_test_driver_cipher_generate_iv(
|
||||
mbedtls_psa_cipher_operation_t *operation,
|
||||
uint8_t *iv, size_t iv_size, size_t *iv_length )
|
||||
{
|
||||
return( cipher_generate_iv( operation, iv, iv_size, iv_length ) );
|
||||
}
|
||||
|
||||
psa_status_t mbedtls_transparent_test_driver_cipher_set_iv(
|
||||
mbedtls_psa_cipher_operation_t *operation,
|
||||
const uint8_t *iv, size_t iv_length )
|
||||
|
|
|
@ -100,32 +100,6 @@ psa_status_t mbedtls_psa_cipher_decrypt_setup(
|
|||
const uint8_t *key_buffer, size_t key_buffer_size,
|
||||
psa_algorithm_t alg );
|
||||
|
||||
/** Generate an IV for a symmetric encryption operation.
|
||||
*
|
||||
* This function generates a random IV (initialization vector), nonce
|
||||
* or initial counter value for the encryption operation as appropriate
|
||||
* for the chosen algorithm, key type and key size.
|
||||
*
|
||||
* \note The signature of this function is that of a PSA driver
|
||||
* cipher_generate_iv entry point. This function behaves as a
|
||||
* cipher_generate_iv entry point as defined in the PSA driver
|
||||
* interface specification for transparent drivers.
|
||||
*
|
||||
* \param[in,out] operation Active cipher operation.
|
||||
* \param[out] iv Buffer where the generated IV is to be written.
|
||||
* \param[in] iv_size Size of the \p iv buffer in bytes.
|
||||
* \param[out] iv_length On success, the number of bytes of the
|
||||
* generated IV.
|
||||
*
|
||||
* \retval #PSA_SUCCESS
|
||||
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
|
||||
* The size of the \p iv buffer is too small.
|
||||
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
|
||||
*/
|
||||
psa_status_t mbedtls_psa_cipher_generate_iv(
|
||||
mbedtls_psa_cipher_operation_t *operation,
|
||||
uint8_t *iv, size_t iv_size, size_t *iv_length );
|
||||
|
||||
/** Set the IV for a symmetric encryption or decryption operation.
|
||||
*
|
||||
* This function sets the IV (initialization vector), nonce
|
||||
|
@ -138,7 +112,9 @@ psa_status_t mbedtls_psa_cipher_generate_iv(
|
|||
*
|
||||
* \param[in,out] operation Active cipher operation.
|
||||
* \param[in] iv Buffer containing the IV to use.
|
||||
* \param[in] iv_length Size of the IV in bytes.
|
||||
* \param[in] iv_length Size of the IV in bytes. It is guaranteed by
|
||||
* the core to be less or equal to
|
||||
* PSA_CIPHER_IV_MAX_SIZE.
|
||||
*
|
||||
* \retval #PSA_SUCCESS
|
||||
* \retval #PSA_ERROR_INVALID_ARGUMENT
|
||||
|
@ -240,10 +216,6 @@ psa_status_t mbedtls_transparent_test_driver_cipher_decrypt_setup(
|
|||
const uint8_t *key_buffer, size_t key_buffer_size,
|
||||
psa_algorithm_t alg );
|
||||
|
||||
psa_status_t mbedtls_transparent_test_driver_cipher_generate_iv(
|
||||
mbedtls_psa_cipher_operation_t *operation,
|
||||
uint8_t *iv, size_t iv_size, size_t *iv_length );
|
||||
|
||||
psa_status_t mbedtls_transparent_test_driver_cipher_set_iv(
|
||||
mbedtls_psa_cipher_operation_t *operation,
|
||||
const uint8_t *iv, size_t iv_length );
|
||||
|
|
|
@ -853,46 +853,6 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
|
|||
}
|
||||
}
|
||||
|
||||
psa_status_t psa_driver_wrapper_cipher_generate_iv(
|
||||
psa_cipher_operation_t *operation,
|
||||
uint8_t *iv,
|
||||
size_t iv_size,
|
||||
size_t *iv_length )
|
||||
{
|
||||
switch( operation->id )
|
||||
{
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
|
||||
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
|
||||
return( mbedtls_psa_cipher_generate_iv( &operation->ctx.mbedtls_ctx,
|
||||
iv,
|
||||
iv_size,
|
||||
iv_length ) );
|
||||
#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
|
||||
|
||||
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
|
||||
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
||||
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
|
||||
return( test_transparent_cipher_generate_iv(
|
||||
&operation->ctx.transparent_test_driver_ctx,
|
||||
iv, iv_size, iv_length ) );
|
||||
|
||||
case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
|
||||
return( test_opaque_cipher_generate_iv(
|
||||
&operation->ctx.opaque_test_driver_ctx,
|
||||
iv,
|
||||
iv_size,
|
||||
iv_length ) );
|
||||
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
||||
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
|
||||
}
|
||||
|
||||
(void)iv;
|
||||
(void)iv_size;
|
||||
(void)iv_length;
|
||||
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
}
|
||||
|
||||
psa_status_t psa_driver_wrapper_cipher_set_iv(
|
||||
psa_cipher_operation_t *operation,
|
||||
const uint8_t *iv,
|
||||
|
|
|
@ -101,12 +101,6 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
|
|||
const uint8_t *key_buffer, size_t key_buffer_size,
|
||||
psa_algorithm_t alg );
|
||||
|
||||
psa_status_t psa_driver_wrapper_cipher_generate_iv(
|
||||
psa_cipher_operation_t *operation,
|
||||
uint8_t *iv,
|
||||
size_t iv_size,
|
||||
size_t *iv_length );
|
||||
|
||||
psa_status_t psa_driver_wrapper_cipher_set_iv(
|
||||
psa_cipher_operation_t *operation,
|
||||
const uint8_t *iv,
|
||||
|
|
|
@ -81,10 +81,6 @@ psa_status_t test_transparent_cipher_decrypt_setup(
|
|||
psa_status_t test_transparent_cipher_abort(
|
||||
mbedtls_transparent_test_driver_cipher_operation_t *operation );
|
||||
|
||||
psa_status_t test_transparent_cipher_generate_iv(
|
||||
mbedtls_transparent_test_driver_cipher_operation_t *operation,
|
||||
uint8_t *iv, size_t iv_size, size_t *iv_length);
|
||||
|
||||
psa_status_t test_transparent_cipher_set_iv(
|
||||
mbedtls_transparent_test_driver_cipher_operation_t *operation,
|
||||
const uint8_t *iv, size_t iv_length);
|
||||
|
@ -130,10 +126,6 @@ psa_status_t test_opaque_cipher_decrypt_setup(
|
|||
psa_status_t test_opaque_cipher_abort(
|
||||
mbedtls_opaque_test_driver_cipher_operation_t *operation);
|
||||
|
||||
psa_status_t test_opaque_cipher_generate_iv(
|
||||
mbedtls_opaque_test_driver_cipher_operation_t *operation,
|
||||
uint8_t *iv, size_t iv_size, size_t *iv_length);
|
||||
|
||||
psa_status_t test_opaque_cipher_set_iv(
|
||||
mbedtls_opaque_test_driver_cipher_operation_t *operation,
|
||||
const uint8_t *iv, size_t iv_length);
|
||||
|
|
|
@ -260,21 +260,6 @@ psa_status_t test_transparent_cipher_abort(
|
|||
return( test_driver_cipher_hooks.forced_status );
|
||||
}
|
||||
|
||||
psa_status_t test_transparent_cipher_generate_iv(
|
||||
mbedtls_transparent_test_driver_cipher_operation_t *operation,
|
||||
uint8_t *iv,
|
||||
size_t iv_size,
|
||||
size_t *iv_length)
|
||||
{
|
||||
test_driver_cipher_hooks.hits++;
|
||||
|
||||
if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS )
|
||||
return( test_driver_cipher_hooks.forced_status );
|
||||
|
||||
return( mbedtls_transparent_test_driver_cipher_generate_iv(
|
||||
operation, iv, iv_size, iv_length ) );
|
||||
}
|
||||
|
||||
psa_status_t test_transparent_cipher_set_iv(
|
||||
mbedtls_transparent_test_driver_cipher_operation_t *operation,
|
||||
const uint8_t *iv,
|
||||
|
@ -424,19 +409,6 @@ psa_status_t test_opaque_cipher_abort(
|
|||
return( PSA_ERROR_NOT_SUPPORTED );
|
||||
}
|
||||
|
||||
psa_status_t test_opaque_cipher_generate_iv(
|
||||
mbedtls_opaque_test_driver_cipher_operation_t *operation,
|
||||
uint8_t *iv,
|
||||
size_t iv_size,
|
||||
size_t *iv_length)
|
||||
{
|
||||
(void) operation;
|
||||
(void) iv;
|
||||
(void) iv_size;
|
||||
(void) iv_length;
|
||||
return( PSA_ERROR_NOT_SUPPORTED );
|
||||
}
|
||||
|
||||
psa_status_t test_opaque_cipher_set_iv(
|
||||
mbedtls_opaque_test_driver_cipher_operation_t *operation,
|
||||
const uint8_t *iv,
|
||||
|
|
Loading…
Reference in a new issue