From 1de907d4a43a94065311047eb1698c800e067ed3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Mon, 7 Dec 2020 18:20:28 +0100 Subject: [PATCH] Introduce PSA_ALG_STREAM_CIPHER MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This algorithm replaces the pre-existing stream cipher algorithms. The underlying stream cipher is determined by the key type. Signed-off-by: Bence Szépkúti --- include/psa/crypto_compat.h | 8 ++++++++ include/psa/crypto_values.h | 22 ++++++++------------- library/psa_crypto.c | 3 +-- programs/psa/psa_constant_names_generated.c | 3 +-- 4 files changed, 18 insertions(+), 18 deletions(-) diff --git a/include/psa/crypto_compat.h b/include/psa/crypto_compat.h index 86aa27158..7228b2aba 100644 --- a/include/psa/crypto_compat.h +++ b/include/psa/crypto_compat.h @@ -242,6 +242,14 @@ MBEDTLS_PSA_DEPRECATED static inline psa_status_t psa_asymmetric_verify( psa_key #endif /* MBEDTLS_DEPRECATED_REMOVED */ +/* + * Deprecated PSA Crypto stream cipher algorithms (PSA Crypto API <= 1.0 beta3) + */ +#define PSA_ALG_ARC4 \ + PSA_ALG_STREAM_CIPHER +#define PSA_ALG_CHACHA20 \ + PSA_ALG_STREAM_CIPHER + /** Open a handle to an existing persistent key. * * Open a handle to a persistent key. A key is persistent if it was created diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 580b89e09..6a6cdf745 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -933,21 +933,15 @@ (((alg) & (PSA_ALG_CATEGORY_MASK | PSA_ALG_CIPHER_STREAM_FLAG)) == \ (PSA_ALG_CATEGORY_CIPHER | PSA_ALG_CIPHER_STREAM_FLAG)) -/** The ARC4 stream cipher algorithm. +/** The stream cipher mode of a stream cipher algorithm. + * + * The underlying stream cipher is determined by the key type. + * - To use ChaCha20, use a key type of #PSA_KEY_TYPE_CHACHA20 + * and algorithm id #PSA_ALG_STREAM_CIPHER. + * - To use ARC4, use a key type of #PSA_KEY_TYPE_ARC4 + * and algorithm id #PSA_ALG_STREAM_CIPHER. */ -#define PSA_ALG_ARC4 ((psa_algorithm_t)0x04800001) - -/** The ChaCha20 stream cipher. - * - * ChaCha20 is defined in RFC 7539. - * - * The nonce size for psa_cipher_set_iv() or psa_cipher_generate_iv() - * must be 12. - * - * The initial block counter is always 0. - * - */ -#define PSA_ALG_CHACHA20 ((psa_algorithm_t)0x04800005) +#define PSA_ALG_STREAM_CIPHER ((psa_algorithm_t)0x04800100) /** The CTR stream cipher mode. * diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 66c8f65bc..96406875b 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -2948,8 +2948,7 @@ static const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa( { switch( alg ) { - case PSA_ALG_ARC4: - case PSA_ALG_CHACHA20: + case PSA_ALG_STREAM_CIPHER: mode = MBEDTLS_MODE_STREAM; break; case PSA_ALG_CTR: diff --git a/programs/psa/psa_constant_names_generated.c b/programs/psa/psa_constant_names_generated.c index a9568f3e9..a6eee2130 100644 --- a/programs/psa/psa_constant_names_generated.c +++ b/programs/psa/psa_constant_names_generated.c @@ -175,7 +175,6 @@ static int psa_snprint_algorithm(char *buffer, size_t buffer_size, } switch (core_alg) { case PSA_ALG_ANY_HASH: append(&buffer, buffer_size, &required_size, "PSA_ALG_ANY_HASH", 16); break; - case PSA_ALG_ARC4: append(&buffer, buffer_size, &required_size, "PSA_ALG_ARC4", 12); break; case PSA_ALG_CATEGORY_AEAD: append(&buffer, buffer_size, &required_size, "PSA_ALG_CATEGORY_AEAD", 21); break; case PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION: append(&buffer, buffer_size, &required_size, "PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION", 38); break; case PSA_ALG_CATEGORY_CIPHER: append(&buffer, buffer_size, &required_size, "PSA_ALG_CATEGORY_CIPHER", 23); break; @@ -189,7 +188,6 @@ static int psa_snprint_algorithm(char *buffer, size_t buffer_size, case PSA_ALG_CBC_PKCS7: append(&buffer, buffer_size, &required_size, "PSA_ALG_CBC_PKCS7", 17); break; case PSA_ALG_CCM: append(&buffer, buffer_size, &required_size, "PSA_ALG_CCM", 11); break; case PSA_ALG_CFB: append(&buffer, buffer_size, &required_size, "PSA_ALG_CFB", 11); break; - case PSA_ALG_CHACHA20: append(&buffer, buffer_size, &required_size, "PSA_ALG_CHACHA20", 16); break; case PSA_ALG_CHACHA20_POLY1305: append(&buffer, buffer_size, &required_size, "PSA_ALG_CHACHA20_POLY1305", 25); break; case PSA_ALG_CIPHER_MAC_BASE: append(&buffer, buffer_size, &required_size, "PSA_ALG_CIPHER_MAC_BASE", 23); break; case PSA_ALG_CMAC: append(&buffer, buffer_size, &required_size, "PSA_ALG_CMAC", 12); break; @@ -224,6 +222,7 @@ static int psa_snprint_algorithm(char *buffer, size_t buffer_size, case PSA_ALG_SHA_512: append(&buffer, buffer_size, &required_size, "PSA_ALG_SHA_512", 15); break; case PSA_ALG_SHA_512_224: append(&buffer, buffer_size, &required_size, "PSA_ALG_SHA_512_224", 19); break; case PSA_ALG_SHA_512_256: append(&buffer, buffer_size, &required_size, "PSA_ALG_SHA_512_256", 19); break; + case PSA_ALG_STREAM_CIPHER: append(&buffer, buffer_size, &required_size, "PSA_ALG_STREAM_CIPHER", 21); break; case PSA_ALG_TLS12_PRF_BASE: append(&buffer, buffer_size, &required_size, "PSA_ALG_TLS12_PRF_BASE", 22); break; case PSA_ALG_TLS12_PSK_TO_MS_BASE: append(&buffer, buffer_size, &required_size, "PSA_ALG_TLS12_PSK_TO_MS_BASE", 28); break; case PSA_ALG_XTS: append(&buffer, buffer_size, &required_size, "PSA_ALG_XTS", 11); break;