mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-24 19:15:32 +00:00
Merge remote-tracking branch 'psa/psa-wrapper-apis-aead' into feature-psa
This commit is contained in:
commit
84861a95ca
|
@ -716,7 +716,7 @@ typedef struct psa_hash_operation_s psa_hash_operation_t;
|
|||
* - A failed call to psa_hash_update().
|
||||
* - A call to psa_hash_finish(), psa_hash_verify() or psa_hash_abort().
|
||||
*
|
||||
* \param operation
|
||||
* \param operation The operation object to use.
|
||||
* \param alg The hash algorithm to compute (\c PSA_ALG_XXX value
|
||||
* such that #PSA_ALG_IS_HASH(alg) is true).
|
||||
*
|
||||
|
@ -909,7 +909,7 @@ typedef struct psa_mac_operation_s psa_mac_operation_t;
|
|||
* - A failed call to psa_mac_update().
|
||||
* - A call to psa_mac_finish(), psa_mac_verify() or psa_mac_abort().
|
||||
*
|
||||
* \param operation
|
||||
* \param operation The operation object to use.
|
||||
* \param alg The MAC algorithm to compute (\c PSA_ALG_XXX value
|
||||
* such that #PSA_ALG_IS_MAC(alg) is true).
|
||||
*
|
||||
|
@ -985,7 +985,7 @@ typedef struct psa_cipher_operation_s psa_cipher_operation_t;
|
|||
* or psa_cipher_update().
|
||||
* - A call to psa_cipher_finish() or psa_cipher_abort().
|
||||
*
|
||||
* \param operation
|
||||
* \param operation The operation object to use.
|
||||
* \param alg The cipher algorithm to compute (\c PSA_ALG_XXX value
|
||||
* such that #PSA_ALG_IS_CIPHER(alg) is true).
|
||||
*
|
||||
|
@ -1032,7 +1032,7 @@ psa_status_t psa_encrypt_setup(psa_cipher_operation_t *operation,
|
|||
* - A failed call to psa_cipher_update().
|
||||
* - A call to psa_cipher_finish() or psa_cipher_abort().
|
||||
*
|
||||
* \param operation
|
||||
* \param operation The operation object to use.
|
||||
* \param alg The cipher algorithm to compute (\c PSA_ALG_XXX value
|
||||
* such that #PSA_ALG_IS_CIPHER(alg) is true).
|
||||
*
|
||||
|
@ -1082,46 +1082,77 @@ psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation);
|
|||
* @{
|
||||
*/
|
||||
|
||||
/** The type of the state data structure for multipart AEAD operations.
|
||||
/** The tag size for an AEAD algorithm, in bytes.
|
||||
*
|
||||
* This is an implementation-defined \c struct. Applications should not
|
||||
* make any assumptions about the content of this structure except
|
||||
* as directed by the documentation of a specific implementation. */
|
||||
typedef struct psa_aead_operation_s psa_aead_operation_t;
|
||||
* \param alg An AEAD algorithm
|
||||
* (\c PSA_ALG_XXX value such that
|
||||
* #PSA_ALG_IS_AEAD(alg) is true).
|
||||
*
|
||||
* \return The tag size for the specified algorithm.
|
||||
* If the AEAD algorithm does not have an identified
|
||||
* tag that can be distinguished from the rest of
|
||||
* the ciphertext, return 0.
|
||||
* If the AEAD algorithm is not recognized, return 0.
|
||||
* An implementation may return either 0 or a
|
||||
* correct size for an AEAD algorithm that it
|
||||
* recognizes, but does not support.
|
||||
*/
|
||||
#define PSA_AEAD_TAG_SIZE(alg) \
|
||||
((alg) == PSA_ALG_GCM ? 16 : \
|
||||
(alg) == PSA_ALG_CCM ? 16 : \
|
||||
0)
|
||||
|
||||
/** Set the key for a multipart authenticated encryption operation.
|
||||
/** The maximum size of the output of psa_aead_encrypt(), in bytes.
|
||||
*
|
||||
* The sequence of operations to authenticate-and-encrypt a message
|
||||
* is as follows:
|
||||
* -# Allocate an operation object which will be passed to all the functions
|
||||
* listed here.
|
||||
* -# Call psa_aead_encrypt_setup() to specify the algorithm and key.
|
||||
* The key remains associated with the operation even if the content
|
||||
* of the key slot changes.
|
||||
* -# Call either psa_aead_generate_iv() or psa_aead_set_iv() to
|
||||
* generate or set the IV (initialization vector). You should use
|
||||
* psa_encrypt_generate_iv() unless the protocol you are implementing
|
||||
* requires a specific IV value.
|
||||
* -# Call psa_aead_update_ad() to pass the associated data that is
|
||||
* to be authenticated but not encrypted. You may omit this step if
|
||||
* there is no associated data.
|
||||
* -# Call psa_aead_update() zero, one or more times, passing a fragment
|
||||
* of the data to encrypt each time.
|
||||
* -# Call psa_aead_finish().
|
||||
* If the size of the ciphertext buffer is at least this large, it is
|
||||
* guaranteed that psa_aead_encrypt() will not fail due to an
|
||||
* insufficient buffer size. Depending on the algorithm, the actual size of
|
||||
* the ciphertext may be smaller.
|
||||
*
|
||||
* The application may call psa_aead_abort() at any time after the operation
|
||||
* has been initialized with psa_aead_encrypt_setup().
|
||||
* \param alg An AEAD algorithm
|
||||
* (\c PSA_ALG_XXX value such that
|
||||
* #PSA_ALG_IS_AEAD(alg) is true).
|
||||
* \param plaintext_length Size of the plaintext in bytes.
|
||||
*
|
||||
* After a successful call to psa_aead_encrypt_setup(), the application must
|
||||
* eventually terminate the operation. The following events terminate an
|
||||
* operation:
|
||||
* - A failed call to psa_aead_generate_iv(), psa_aead_set_iv(),
|
||||
* psa_aead_update_ad() or psa_aead_update().
|
||||
* - A call to psa_aead_finish() or psa_aead_abort().
|
||||
* \return The AEAD ciphertext size for the specified
|
||||
* algorithm.
|
||||
* If the AEAD algorithm is not recognized, return 0.
|
||||
* An implementation may return either 0 or a
|
||||
* correct size for an AEAD algorithm that it
|
||||
* recognizes, but does not support.
|
||||
*/
|
||||
#define PSA_AEAD_ENCRYPT_OUTPUT_SIZE(alg, plaintext_length) \
|
||||
(PSA_AEAD_TAG_SIZE(alg) != 0 ? \
|
||||
(plaintext_length) + PSA_AEAD_TAG_SIZE(alg) : \
|
||||
0)
|
||||
|
||||
/** Process an authenticated encryption operation.
|
||||
*
|
||||
* \param operation
|
||||
* \param alg The AEAD algorithm to compute (\c PSA_ALG_XXX value
|
||||
* such that #PSA_ALG_IS_AEAD(alg) is true).
|
||||
* \param key Slot containing the key to use.
|
||||
* \param alg The AEAD algorithm to compute
|
||||
* (\c PSA_ALG_XXX value such that
|
||||
* #PSA_ALG_IS_AEAD(alg) is true).
|
||||
* \param nonce Nonce or IV to use.
|
||||
* \param nonce_length Size of the \p nonce buffer in bytes.
|
||||
* \param additional_data Additional data that will be authenticated
|
||||
* but not encrypted.
|
||||
* \param additional_data_length Size of \p additional_data in bytes.
|
||||
* \param plaintext Data that will be authenticated and
|
||||
* encrypted.
|
||||
* \param plaintext_length Size of \p plaintext in bytes.
|
||||
* \param ciphertext Output buffer for the authenticated and
|
||||
* encrypted data. The additional data is not
|
||||
* part of this output. For algorithms where the
|
||||
* encrypted data and the authentication tag
|
||||
* are defined as separate outputs, the
|
||||
* authentication tag is appended to the
|
||||
* encrypted data.
|
||||
* \param ciphertext_size Size of the \p ciphertext buffer in bytes.
|
||||
* This must be at least
|
||||
* #PSA_AEAD_ENCRYPT_OUTPUT_SIZE(\p alg,
|
||||
* \p plaintext_length).
|
||||
* \param ciphertext_length On success, the size of the output
|
||||
* in the \b ciphertext buffer.
|
||||
*
|
||||
* \retval PSA_SUCCESS
|
||||
* Success.
|
||||
|
@ -1136,44 +1167,73 @@ typedef struct psa_aead_operation_s psa_aead_operation_t;
|
|||
* \retval PSA_ERROR_HARDWARE_FAILURE
|
||||
* \retval PSA_ERROR_TAMPERING_DETECTED
|
||||
*/
|
||||
psa_status_t psa_aead_encrypt_setup(psa_aead_operation_t *operation,
|
||||
psa_key_slot_t key,
|
||||
psa_algorithm_t alg);
|
||||
psa_status_t psa_aead_encrypt( psa_key_slot_t key,
|
||||
psa_algorithm_t alg,
|
||||
const uint8_t *nonce,
|
||||
size_t nonce_length,
|
||||
const uint8_t *additional_data,
|
||||
size_t additional_data_length,
|
||||
const uint8_t *plaintext,
|
||||
size_t plaintext_length,
|
||||
uint8_t *ciphertext,
|
||||
size_t ciphertext_size,
|
||||
size_t *ciphertext_length );
|
||||
|
||||
/** Set the key for a multipart authenticated decryption operation.
|
||||
/** The maximum size of the output of psa_aead_decrypt(), in bytes.
|
||||
*
|
||||
* The sequence of operations to authenticated and decrypt a message
|
||||
* is as follows:
|
||||
* -# Allocate an operation object which will be passed to all the functions
|
||||
* listed here.
|
||||
* -# Call psa_aead_decrypt_setup() to specify the algorithm and key.
|
||||
* The key remains associated with the operation even if the content
|
||||
* of the key slot changes.
|
||||
* -# Call psa_aead_set_iv() to pass the initialization vector (IV)
|
||||
* for the authenticated decryption.
|
||||
* -# Call psa_aead_update_ad() to pass the associated data that is
|
||||
* to be authenticated but not encrypted. You may omit this step if
|
||||
* there is no associated data.
|
||||
* -# Call psa_aead_update() zero, one or more times, passing a fragment
|
||||
* of the data to decrypt each time.
|
||||
* -# Call psa_aead_finish().
|
||||
* If the size of the plaintext buffer is at least this large, it is
|
||||
* guaranteed that psa_aead_decrypt() will not fail due to an
|
||||
* insufficient buffer size. Depending on the algorithm, the actual size of
|
||||
* the plaintext may be smaller.
|
||||
*
|
||||
* The application may call psa_aead_abort() at any time after the operation
|
||||
* has been initialized with psa_aead_decrypt_setup().
|
||||
* \param alg An AEAD algorithm
|
||||
* (\c PSA_ALG_XXX value such that
|
||||
* #PSA_ALG_IS_AEAD(alg) is true).
|
||||
* \param ciphertext_length Size of the plaintext in bytes.
|
||||
*
|
||||
* After a successful call to psa_aead_decrypt_setup(), the application must
|
||||
* eventually terminate the operation. The following events terminate an
|
||||
* operation:
|
||||
* - A failed call to psa_aead_update().
|
||||
* - A call to psa_aead_finish() or psa_aead_abort().
|
||||
* \return The AEAD ciphertext size for the specified
|
||||
* algorithm.
|
||||
* If the AEAD algorithm is not recognized, return 0.
|
||||
* An implementation may return either 0 or a
|
||||
* correct size for an AEAD algorithm that it
|
||||
* recognizes, but does not support.
|
||||
*/
|
||||
#define PSA_AEAD_DECRYPT_OUTPUT_SIZE(alg, ciphertext_length) \
|
||||
(PSA_AEAD_TAG_SIZE(alg) != 0 ? \
|
||||
(plaintext_length) - PSA_AEAD_TAG_SIZE(alg) : \
|
||||
0)
|
||||
|
||||
/** Process an authenticated decryption operation.
|
||||
*
|
||||
* \param operation
|
||||
* \param alg The AEAD algorithm to compute (\c PSA_ALG_XXX value
|
||||
* such that #PSA_ALG_IS_AEAD(alg) is true).
|
||||
* \param key Slot containing the key to use.
|
||||
* \param alg The AEAD algorithm to compute
|
||||
* (\c PSA_ALG_XXX value such that
|
||||
* #PSA_ALG_IS_AEAD(alg) is true).
|
||||
* \param nonce Nonce or IV to use.
|
||||
* \param nonce_length Size of the \p nonce buffer in bytes.
|
||||
* \param additional_data Additional data that has been authenticated
|
||||
* but not encrypted.
|
||||
* \param additional_data_length Size of \p additional_data in bytes.
|
||||
* \param ciphertext Data that has been authenticated and
|
||||
* encrypted. For algorithms where the
|
||||
* encrypted data and the authentication tag
|
||||
* are defined as separate inputs, the buffer
|
||||
* must contain the encrypted data followed
|
||||
* by the authentication tag.
|
||||
* \param ciphertext_length Size of \p ciphertext in bytes.
|
||||
* \param plaintext Output buffer for the decrypted data.
|
||||
* \param plaintext_size Size of the \p plaintext buffer in bytes.
|
||||
* This must be at least
|
||||
* #PSA_AEAD_DECRYPT_OUTPUT_SIZE(\p alg,
|
||||
* \p ciphertext_length).
|
||||
* \param plaintext_length On success, the size of the output
|
||||
* in the \b plaintext buffer.
|
||||
*
|
||||
* \retval PSA_SUCCESS
|
||||
* Success.
|
||||
* \retval PSA_ERROR_EMPTY_SLOT
|
||||
* \retval PSA_ERROR_INVALID_SIGNATURE
|
||||
* The ciphertext is not authentic.
|
||||
* \retval PSA_ERROR_NOT_PERMITTED
|
||||
* \retval PSA_ERROR_INVALID_ARGUMENT
|
||||
* \c key is not compatible with \c alg.
|
||||
|
@ -1184,37 +1244,17 @@ psa_status_t psa_aead_encrypt_setup(psa_aead_operation_t *operation,
|
|||
* \retval PSA_ERROR_HARDWARE_FAILURE
|
||||
* \retval PSA_ERROR_TAMPERING_DETECTED
|
||||
*/
|
||||
psa_status_t psa_aead_decrypt_setup(psa_aead_operation_t *operation,
|
||||
psa_key_slot_t key,
|
||||
psa_algorithm_t alg);
|
||||
|
||||
psa_status_t psa_aead_generate_iv(psa_aead_operation_t *operation,
|
||||
unsigned char *iv,
|
||||
size_t iv_size,
|
||||
size_t *iv_length);
|
||||
|
||||
psa_status_t psa_aead_set_iv(psa_aead_operation_t *operation,
|
||||
const unsigned char *iv,
|
||||
size_t iv_length);
|
||||
|
||||
psa_status_t psa_aead_update_ad(psa_aead_operation_t *operation,
|
||||
const uint8_t *input,
|
||||
size_t input_length);
|
||||
|
||||
psa_status_t psa_aead_update(psa_aead_operation_t *operation,
|
||||
const uint8_t *input,
|
||||
size_t input_length);
|
||||
|
||||
psa_status_t psa_aead_finish(psa_aead_operation_t *operation,
|
||||
uint8_t *tag,
|
||||
size_t tag_size,
|
||||
size_t *tag_length);
|
||||
|
||||
psa_status_t psa_aead_verify(psa_aead_operation_t *operation,
|
||||
uint8_t *tag,
|
||||
size_t tag_length);
|
||||
|
||||
psa_status_t psa_aead_abort(psa_aead_operation_t *operation);
|
||||
psa_status_t psa_aead_decrypt( psa_key_slot_t key,
|
||||
psa_algorithm_t alg,
|
||||
const uint8_t *nonce,
|
||||
size_t nonce_length,
|
||||
const uint8_t *additional_data,
|
||||
size_t additional_data_length,
|
||||
const uint8_t *ciphertext,
|
||||
size_t ciphertext_length,
|
||||
uint8_t *plaintext,
|
||||
size_t plaintext_size,
|
||||
size_t *plaintext_length );
|
||||
|
||||
/**@}*/
|
||||
|
||||
|
|
|
@ -111,20 +111,6 @@ struct psa_cipher_operation_s
|
|||
} ctx;
|
||||
};
|
||||
|
||||
struct psa_aead_operation_s
|
||||
{
|
||||
psa_algorithm_t alg;
|
||||
int key_set : 1;
|
||||
int iv_set : 1;
|
||||
int ad_set : 1;
|
||||
uint8_t iv_size;
|
||||
uint8_t block_size;
|
||||
union
|
||||
{
|
||||
unsigned dummy; /* Make the union non-empty even with no supported algorithms. */
|
||||
} ctx;
|
||||
};
|
||||
|
||||
struct psa_key_policy_s
|
||||
{
|
||||
psa_key_usage_t usage;
|
||||
|
|
|
@ -910,10 +910,11 @@ psa_status_t psa_hash_verify(psa_hash_operation_t *operation,
|
|||
static const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa(
|
||||
psa_algorithm_t alg,
|
||||
psa_key_type_t key_type,
|
||||
size_t key_bits )
|
||||
size_t key_bits,
|
||||
mbedtls_cipher_id_t* cipher_id )
|
||||
{
|
||||
mbedtls_cipher_id_t cipher_id;
|
||||
mbedtls_cipher_mode_t mode;
|
||||
mbedtls_cipher_id_t cipher_id_tmp;
|
||||
|
||||
if( PSA_ALG_IS_CIPHER( alg ) || PSA_ALG_IS_AEAD( alg ) )
|
||||
{
|
||||
|
@ -958,25 +959,27 @@ static const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa(
|
|||
switch( key_type )
|
||||
{
|
||||
case PSA_KEY_TYPE_AES:
|
||||
cipher_id = MBEDTLS_CIPHER_ID_AES;
|
||||
cipher_id_tmp = MBEDTLS_CIPHER_ID_AES;
|
||||
break;
|
||||
case PSA_KEY_TYPE_DES:
|
||||
if( key_bits == 64 )
|
||||
cipher_id = MBEDTLS_CIPHER_ID_DES;
|
||||
cipher_id_tmp = MBEDTLS_CIPHER_ID_DES;
|
||||
else
|
||||
cipher_id = MBEDTLS_CIPHER_ID_3DES;
|
||||
cipher_id_tmp = MBEDTLS_CIPHER_ID_3DES;
|
||||
break;
|
||||
case PSA_KEY_TYPE_CAMELLIA:
|
||||
cipher_id = MBEDTLS_CIPHER_ID_CAMELLIA;
|
||||
cipher_id_tmp = MBEDTLS_CIPHER_ID_CAMELLIA;
|
||||
break;
|
||||
case PSA_KEY_TYPE_ARC4:
|
||||
cipher_id = MBEDTLS_CIPHER_ID_ARC4;
|
||||
cipher_id_tmp = MBEDTLS_CIPHER_ID_ARC4;
|
||||
break;
|
||||
default:
|
||||
return( NULL );
|
||||
}
|
||||
if( cipher_id != NULL )
|
||||
*cipher_id = cipher_id_tmp;
|
||||
|
||||
return( mbedtls_cipher_info_from_values( cipher_id, key_bits, mode ) );
|
||||
return( mbedtls_cipher_info_from_values( cipher_id_tmp, key_bits, mode ) );
|
||||
}
|
||||
|
||||
psa_status_t psa_mac_abort( psa_mac_operation_t *operation )
|
||||
|
@ -1036,7 +1039,7 @@ psa_status_t psa_mac_start( psa_mac_operation_t *operation,
|
|||
|
||||
if( ! PSA_ALG_IS_HMAC( alg ) )
|
||||
{
|
||||
cipher_info = mbedtls_cipher_info_from_psa( alg, key_type, key_bits );
|
||||
cipher_info = mbedtls_cipher_info_from_psa( alg, key_type, key_bits, NULL );
|
||||
if( cipher_info == NULL )
|
||||
return( PSA_ERROR_NOT_SUPPORTED );
|
||||
operation->mac_size = cipher_info->block_size;
|
||||
|
@ -1755,6 +1758,268 @@ psa_status_t psa_set_key_lifetime(psa_key_slot_t key,
|
|||
}
|
||||
|
||||
|
||||
/****************************************************************/
|
||||
/* AEAD */
|
||||
/****************************************************************/
|
||||
psa_status_t psa_aead_encrypt( psa_key_slot_t key,
|
||||
psa_algorithm_t alg,
|
||||
const uint8_t *nonce,
|
||||
size_t nonce_length,
|
||||
const uint8_t *additional_data,
|
||||
size_t additional_data_length,
|
||||
const uint8_t *plaintext,
|
||||
size_t plaintext_length,
|
||||
uint8_t *ciphertext,
|
||||
size_t ciphertext_size,
|
||||
size_t *ciphertext_length )
|
||||
{
|
||||
int ret;
|
||||
psa_status_t status;
|
||||
key_slot_t *slot;
|
||||
psa_key_type_t key_type;
|
||||
size_t key_bits;
|
||||
uint8_t *tag;
|
||||
size_t tag_length;
|
||||
mbedtls_cipher_id_t cipher_id;
|
||||
const mbedtls_cipher_info_t *cipher_info = NULL;
|
||||
|
||||
*ciphertext_length = 0;
|
||||
|
||||
status = psa_get_key_information( key, &key_type, &key_bits );
|
||||
if( status != PSA_SUCCESS )
|
||||
return( status );
|
||||
slot = &global_data.key_slots[key];
|
||||
if( slot->type == PSA_KEY_TYPE_NONE )
|
||||
return( PSA_ERROR_EMPTY_SLOT );
|
||||
|
||||
cipher_info = mbedtls_cipher_info_from_psa( alg, key_type,
|
||||
key_bits, &cipher_id );
|
||||
if( cipher_info == NULL )
|
||||
return( PSA_ERROR_NOT_SUPPORTED );
|
||||
|
||||
if( !( slot->policy.usage & PSA_KEY_USAGE_ENCRYPT ) )
|
||||
return( PSA_ERROR_NOT_PERMITTED );
|
||||
|
||||
if ( ( key_type & PSA_KEY_TYPE_CATEGORY_MASK ) !=
|
||||
PSA_KEY_TYPE_CATEGORY_SYMMETRIC )
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
|
||||
if( alg == PSA_ALG_GCM )
|
||||
{
|
||||
mbedtls_gcm_context gcm;
|
||||
tag_length = 16;
|
||||
|
||||
if( PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) != 16 )
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
|
||||
//make sure we have place to hold the tag in the ciphertext buffer
|
||||
if( ciphertext_size < ( plaintext_length + tag_length ) )
|
||||
return( PSA_ERROR_BUFFER_TOO_SMALL );
|
||||
|
||||
//update the tag pointer to point to the end of the ciphertext_length
|
||||
tag = ciphertext + plaintext_length;
|
||||
|
||||
mbedtls_gcm_init( &gcm );
|
||||
ret = mbedtls_gcm_setkey( &gcm, cipher_id,
|
||||
slot->data.raw.data,
|
||||
key_bits );
|
||||
if( ret != 0 )
|
||||
{
|
||||
mbedtls_gcm_free( &gcm );
|
||||
return( mbedtls_to_psa_error( ret ) );
|
||||
}
|
||||
ret = mbedtls_gcm_crypt_and_tag( &gcm, MBEDTLS_GCM_ENCRYPT,
|
||||
plaintext_length, nonce,
|
||||
nonce_length, additional_data,
|
||||
additional_data_length, plaintext,
|
||||
ciphertext, tag_length, tag );
|
||||
mbedtls_gcm_free( &gcm );
|
||||
}
|
||||
else if( alg == PSA_ALG_CCM )
|
||||
{
|
||||
mbedtls_ccm_context ccm;
|
||||
tag_length = 16;
|
||||
|
||||
if( PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) != 16 )
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
|
||||
if( nonce_length < 7 || nonce_length > 13 )
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
|
||||
//make sure we have place to hold the tag in the ciphertext buffer
|
||||
if( ciphertext_size < ( plaintext_length + tag_length ) )
|
||||
return( PSA_ERROR_BUFFER_TOO_SMALL );
|
||||
|
||||
//update the tag pointer to point to the end of the ciphertext_length
|
||||
tag = ciphertext + plaintext_length;
|
||||
|
||||
|
||||
|
||||
mbedtls_ccm_init( &ccm );
|
||||
ret = mbedtls_ccm_setkey( &ccm, cipher_id,
|
||||
slot->data.raw.data, key_bits );
|
||||
if( ret != 0 )
|
||||
{
|
||||
mbedtls_ccm_free( &ccm );
|
||||
return( mbedtls_to_psa_error( ret ) );
|
||||
}
|
||||
ret = mbedtls_ccm_encrypt_and_tag( &ccm, plaintext_length,
|
||||
nonce, nonce_length, additional_data,
|
||||
additional_data_length,
|
||||
plaintext, ciphertext,
|
||||
tag, tag_length );
|
||||
mbedtls_ccm_free( &ccm );
|
||||
}
|
||||
else
|
||||
{
|
||||
return( PSA_ERROR_NOT_SUPPORTED );
|
||||
}
|
||||
|
||||
if( ret != 0 )
|
||||
{
|
||||
memset( ciphertext, 0, ciphertext_size );
|
||||
return( mbedtls_to_psa_error( ret ) );
|
||||
}
|
||||
|
||||
*ciphertext_length = plaintext_length + tag_length;
|
||||
return( PSA_SUCCESS );
|
||||
}
|
||||
|
||||
/* Locate the tag in a ciphertext buffer containing the encrypted data
|
||||
* followed by the tag. Return the length of the part preceding the tag in
|
||||
* *plaintext_length. This is the size of the plaintext in modes where
|
||||
* the encrypted data has the same size as the plaintext, such as
|
||||
* CCM and GCM. */
|
||||
static psa_status_t psa_aead_unpadded_locate_tag( size_t tag_length,
|
||||
const uint8_t *ciphertext,
|
||||
size_t ciphertext_length,
|
||||
size_t plaintext_size,
|
||||
const uint8_t **p_tag )
|
||||
{
|
||||
size_t payload_length;
|
||||
if( tag_length > ciphertext_length )
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
payload_length = ciphertext_length - tag_length;
|
||||
if( payload_length > plaintext_size )
|
||||
return( PSA_ERROR_BUFFER_TOO_SMALL );
|
||||
*p_tag = ciphertext + payload_length;
|
||||
return( PSA_SUCCESS );
|
||||
}
|
||||
|
||||
psa_status_t psa_aead_decrypt( psa_key_slot_t key,
|
||||
psa_algorithm_t alg,
|
||||
const uint8_t *nonce,
|
||||
size_t nonce_length,
|
||||
const uint8_t *additional_data,
|
||||
size_t additional_data_length,
|
||||
const uint8_t *ciphertext,
|
||||
size_t ciphertext_length,
|
||||
uint8_t *plaintext,
|
||||
size_t plaintext_size,
|
||||
size_t *plaintext_length )
|
||||
{
|
||||
int ret;
|
||||
psa_status_t status;
|
||||
key_slot_t *slot;
|
||||
psa_key_type_t key_type;
|
||||
size_t key_bits;
|
||||
const uint8_t *tag;
|
||||
size_t tag_length;
|
||||
mbedtls_cipher_id_t cipher_id;
|
||||
const mbedtls_cipher_info_t *cipher_info = NULL;
|
||||
|
||||
*plaintext_length = 0;
|
||||
|
||||
status = psa_get_key_information( key, &key_type, &key_bits );
|
||||
if( status != PSA_SUCCESS )
|
||||
return( status );
|
||||
slot = &global_data.key_slots[key];
|
||||
if( slot->type == PSA_KEY_TYPE_NONE )
|
||||
return( PSA_ERROR_EMPTY_SLOT );
|
||||
|
||||
cipher_info = mbedtls_cipher_info_from_psa( alg, key_type,
|
||||
key_bits, &cipher_id );
|
||||
if( cipher_info == NULL )
|
||||
return( PSA_ERROR_NOT_SUPPORTED );
|
||||
|
||||
if( !( slot->policy.usage & PSA_KEY_USAGE_DECRYPT ) )
|
||||
return( PSA_ERROR_NOT_PERMITTED );
|
||||
|
||||
if ( ( key_type & PSA_KEY_TYPE_CATEGORY_MASK ) !=
|
||||
PSA_KEY_TYPE_CATEGORY_SYMMETRIC )
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
|
||||
if( alg == PSA_ALG_GCM )
|
||||
{
|
||||
mbedtls_gcm_context gcm;
|
||||
|
||||
tag_length = 16;
|
||||
status = psa_aead_unpadded_locate_tag( tag_length,
|
||||
ciphertext, ciphertext_length,
|
||||
plaintext_size, &tag );
|
||||
if( status != PSA_SUCCESS )
|
||||
return( status );
|
||||
|
||||
mbedtls_gcm_init( &gcm );
|
||||
ret = mbedtls_gcm_setkey( &gcm, cipher_id,
|
||||
slot->data.raw.data, key_bits );
|
||||
if( ret != 0 )
|
||||
{
|
||||
mbedtls_gcm_free( &gcm );
|
||||
return( mbedtls_to_psa_error( ret ) );
|
||||
}
|
||||
|
||||
ret = mbedtls_gcm_auth_decrypt( &gcm,
|
||||
ciphertext_length - tag_length,
|
||||
nonce, nonce_length,
|
||||
additional_data,
|
||||
additional_data_length,
|
||||
tag, tag_length,
|
||||
ciphertext, plaintext );
|
||||
mbedtls_gcm_free( &gcm );
|
||||
}
|
||||
else if( alg == PSA_ALG_CCM )
|
||||
{
|
||||
mbedtls_ccm_context ccm;
|
||||
|
||||
if( nonce_length < 7 || nonce_length > 13 )
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
|
||||
tag_length = 16;
|
||||
status = psa_aead_unpadded_locate_tag( tag_length,
|
||||
ciphertext, ciphertext_length,
|
||||
plaintext_size, &tag );
|
||||
if( status != PSA_SUCCESS )
|
||||
return( status );
|
||||
|
||||
mbedtls_ccm_init( &ccm );
|
||||
ret = mbedtls_ccm_setkey( &ccm, cipher_id,
|
||||
slot->data.raw.data, key_bits );
|
||||
if( ret != 0 )
|
||||
{
|
||||
mbedtls_ccm_free( &ccm );
|
||||
return( mbedtls_to_psa_error( ret ) );
|
||||
}
|
||||
ret = mbedtls_ccm_auth_decrypt( &ccm, ciphertext_length - tag_length,
|
||||
nonce, nonce_length,
|
||||
additional_data, additional_data_length,
|
||||
ciphertext, plaintext,
|
||||
tag, tag_length );
|
||||
mbedtls_ccm_free( &ccm );
|
||||
}
|
||||
else
|
||||
{
|
||||
return( PSA_ERROR_NOT_SUPPORTED );
|
||||
}
|
||||
|
||||
if( ret != 0 )
|
||||
memset( plaintext, 0, plaintext_size );
|
||||
else
|
||||
*plaintext_length = ciphertext_length - tag_length;
|
||||
|
||||
return( mbedtls_to_psa_error( ret ) );
|
||||
}
|
||||
|
||||
|
||||
/****************************************************************/
|
||||
/* Module setup */
|
||||
|
|
|
@ -236,3 +236,51 @@ sign_fail:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_KEY_TYPE_ECC_CURVE_NISTP256R1):"307802010
|
|||
PSA verify ECDSA SECP256R1 SHA-256
|
||||
depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
asymmetric_verify:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_KEY_TYPE_ECC_CURVE_NISTP256R1):"3078020101042100ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3aa00a06082a8648ce3d030107a14403420004dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_SHA_256:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"304502206a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151022100ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f"
|
||||
|
||||
PSA AEAD Encrypt-Decrypt, AES CCM 19-bytes input - 1
|
||||
aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":PSA_ALG_CCM:"0C0D0E0F101112131415161718191A1B1C1D1E":"000102030405060708090A0B":"000102030405060708090A0B":PSA_SUCCESS
|
||||
|
||||
PSA AEAD Encrypt-Decrypt, AES CCM 19-bytes input - 2
|
||||
aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CCM:"B96B49E21D621741632875DB7F6C9243D2D7C2":"000102030405060708090A0B":"EC46BB63B02520C33C49FD70":PSA_SUCCESS
|
||||
|
||||
PSA AEAD Encrypt-Decrypt, Fail Scenario - Invalid key type
|
||||
aead_encrypt_decrypt:PSA_KEY_TYPE_DES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CCM:"B96B49E21D621741632875DB7F6C9243D2D7C2":"000102030405060708090A0B":"EC46BB63B02520C33C49FD70":PSA_ERROR_NOT_SUPPORTED
|
||||
|
||||
PSA AEAD Encrypt, AES CCM - 23-bytes input
|
||||
aead_encrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CCM:"08E8CF97D820EA258460E96AD9CF5289054D895CEAC47C":"0BE1A88BACE018B1":"00412B4EA9CDBE3C9696766CFA":"4CB97F86A2A4689A877947AB8091EF5386A6FFBDD080F8120333D1FCB691F3406CBF531F83A4D8"
|
||||
|
||||
PSA AEAD Encrypt, AES CCM - 24-bytes input
|
||||
aead_encrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"48c0906930561e0ab0ef4cd972":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6d80e8bf80f4a46cab06d4313f0db9be9"
|
||||
|
||||
PSA AEAD Decrypt, AES CCM - 39-bytes input
|
||||
aead_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CCM:"4CB97F86A2A4689A877947AB8091EF5386A6FFBDD080F8120333D1FCB691F3406CBF531F83A4D8":"0BE1A88BACE018B1":"00412B4EA9CDBE3C9696766CFA":"08E8CF97D820EA258460E96AD9CF5289054D895CEAC47C":PSA_SUCCESS
|
||||
|
||||
PSA AEAD Decrypt, AES CCM - 40-bytes input
|
||||
aead_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6d80e8bf80f4a46cab06d4313f0db9be9":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"48c0906930561e0ab0ef4cd972":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_SUCCESS
|
||||
|
||||
PSA AEAD Decrypt, AES CCM - invalid signature
|
||||
aead_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:"26d56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6d80e8bf80f4a46cab06d4313f0db9be9":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"48c0906930561e0ab0ef4cd972":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_SIGNATURE
|
||||
|
||||
PSA AEAD Encrypt-Decrypt, AES GCM 19-bytes input - 1
|
||||
aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":PSA_ALG_GCM:"0C0D0E0F101112131415161718191A1B1C1D1E":"000102030405060708090A0B0C0D0E0F":"000102030405060708090A0B":PSA_SUCCESS
|
||||
|
||||
PSA AEAD Encrypt-Decrypt, AES GCM 19-bytes input - 2
|
||||
aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_GCM:"B96B49E21D621741632875DB7F6C9243D2D7C2":"000102030405060708090A0B0C0D0E0F":"EC46BB63B02520C33C49FD70":PSA_SUCCESS
|
||||
|
||||
PSA AEAD Encrypt, AES GCM - 128-bytes input - 1
|
||||
aead_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"00e440846db73a490573deaf3728c94f":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96"
|
||||
|
||||
PSA AEAD Encrypt, AES GCM - 128-bytes input - 2
|
||||
aead_encrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":"97ce3f848276783599c6875de324361e":"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56"
|
||||
|
||||
PSA AEAD Decrypt, AES GCM - 144-bytes input - 1
|
||||
aead_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"00e440846db73a490573deaf3728c94f":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS
|
||||
|
||||
PSA AEAD Decrypt, AES GCM - 144-bytes input - 2
|
||||
aead_decrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":"97ce3f848276783599c6875de324361e":"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":PSA_SUCCESS
|
||||
|
||||
PSA AEAD Decrypt, AES GCM - invalid signature
|
||||
aead_decrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"12195120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":"97ce3f848276783599c6875de324361e":"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":PSA_ERROR_INVALID_SIGNATURE
|
||||
|
||||
PSA AEAD Encrypt-Decrypt, Fail Scenario - Invalid algorithm
|
||||
aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CTR:"B96B49E21D621741632875DB7F6C9243D2D7C2":"000102030405060708090A0B0C0D0E0F":"EC46BB63B02520C33C49FD70":PSA_ERROR_NOT_SUPPORTED
|
||||
|
|
|
@ -1142,3 +1142,239 @@ exit:
|
|||
mbedtls_psa_crypto_free( );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE */
|
||||
void aead_encrypt_decrypt( int key_type_arg, char * key_hex,
|
||||
int alg_arg, char * input_hex, char * nonce_hex,
|
||||
char * add_data, int expected_result_arg )
|
||||
{
|
||||
int slot = 1;
|
||||
psa_key_type_t key_type = key_type_arg;
|
||||
psa_algorithm_t alg = alg_arg;
|
||||
unsigned char *key_data = NULL;
|
||||
size_t key_size;
|
||||
unsigned char *input_data = NULL;
|
||||
size_t input_size;
|
||||
unsigned char *output_data = NULL;
|
||||
size_t output_size = 0;
|
||||
size_t output_length = 0;
|
||||
unsigned char *output_data2 = NULL;
|
||||
size_t output_length2 = 0;
|
||||
uint8_t* nonce;
|
||||
size_t nonce_length = 16;
|
||||
size_t tag_length = 16;
|
||||
unsigned char *additional_data = NULL;
|
||||
size_t additional_data_length = 0;
|
||||
psa_status_t expected_result = (psa_status_t) expected_result_arg;
|
||||
psa_key_policy_t policy = {0};
|
||||
|
||||
|
||||
key_data = unhexify_alloc( key_hex, &key_size );
|
||||
TEST_ASSERT( key_data != NULL );
|
||||
input_data = unhexify_alloc( input_hex, &input_size );
|
||||
TEST_ASSERT( input_data != NULL );
|
||||
additional_data = unhexify_alloc( add_data, &additional_data_length );
|
||||
TEST_ASSERT( input_data != NULL );
|
||||
output_size = input_size + tag_length;
|
||||
output_data = mbedtls_calloc( 1, output_size );
|
||||
TEST_ASSERT( output_data != NULL );
|
||||
nonce = unhexify_alloc( nonce_hex, &nonce_length );
|
||||
TEST_ASSERT( nonce != NULL );
|
||||
|
||||
TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
|
||||
|
||||
psa_key_policy_init( &policy );
|
||||
|
||||
psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT , alg );
|
||||
|
||||
TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
|
||||
|
||||
TEST_ASSERT( psa_import_key( slot, key_type,
|
||||
key_data, key_size ) == PSA_SUCCESS );
|
||||
|
||||
TEST_ASSERT( psa_aead_encrypt( slot, alg,
|
||||
nonce, nonce_length,
|
||||
additional_data, additional_data_length,
|
||||
input_data, input_size, output_data,
|
||||
output_size, &output_length ) == expected_result );
|
||||
|
||||
if( PSA_SUCCESS == expected_result )
|
||||
{
|
||||
output_data2 = mbedtls_calloc( 1, output_length );
|
||||
TEST_ASSERT( output_data2 != NULL );
|
||||
|
||||
TEST_ASSERT( psa_aead_decrypt( slot, alg,
|
||||
nonce, nonce_length,
|
||||
additional_data, additional_data_length,
|
||||
output_data, output_length, output_data2,
|
||||
output_length, &output_length2 ) == expected_result );
|
||||
|
||||
|
||||
TEST_ASSERT( memcmp( input_data, output_data2,
|
||||
input_size ) == 0 );
|
||||
}
|
||||
|
||||
|
||||
exit:
|
||||
psa_destroy_key( slot );
|
||||
mbedtls_free( key_data );
|
||||
mbedtls_free( input_data );
|
||||
mbedtls_free( additional_data );
|
||||
mbedtls_free( output_data );
|
||||
mbedtls_free( output_data2 );
|
||||
mbedtls_psa_crypto_free( );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE */
|
||||
void aead_encrypt( int key_type_arg, char * key_hex,
|
||||
int alg_arg, char * input_hex,
|
||||
char * add_data, char * nonce_hex,
|
||||
char * expected_result_hex )
|
||||
{
|
||||
int slot = 1;
|
||||
psa_key_type_t key_type = key_type_arg;
|
||||
psa_algorithm_t alg = alg_arg;
|
||||
unsigned char *key_data = NULL;
|
||||
size_t key_size;
|
||||
unsigned char *input_data = NULL;
|
||||
size_t input_size;
|
||||
unsigned char *output_data = NULL;
|
||||
size_t output_size = 0;
|
||||
size_t output_length = 0;
|
||||
unsigned char *expected_result = NULL;
|
||||
size_t expected_result_length = 0;
|
||||
uint8_t* nonce = NULL;
|
||||
size_t nonce_length = 0;
|
||||
size_t tag_length = 16;
|
||||
unsigned char *additional_data = NULL;
|
||||
size_t additional_data_length = 0;
|
||||
psa_key_policy_t policy = {0};
|
||||
|
||||
|
||||
key_data = unhexify_alloc( key_hex, &key_size );
|
||||
TEST_ASSERT( key_data != NULL );
|
||||
input_data = unhexify_alloc( input_hex, &input_size );
|
||||
TEST_ASSERT( input_data != NULL );
|
||||
additional_data = unhexify_alloc( add_data, &additional_data_length );
|
||||
TEST_ASSERT( input_data != NULL );
|
||||
output_size = input_size + tag_length;
|
||||
output_data = mbedtls_calloc( 1, output_size );
|
||||
TEST_ASSERT( output_data != NULL );
|
||||
nonce = unhexify_alloc( nonce_hex, &nonce_length );
|
||||
TEST_ASSERT( nonce != NULL );
|
||||
expected_result = unhexify_alloc( expected_result_hex, &expected_result_length );
|
||||
TEST_ASSERT( expected_result != NULL );
|
||||
|
||||
TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
|
||||
|
||||
psa_key_policy_init( &policy );
|
||||
|
||||
psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT , alg );
|
||||
|
||||
TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
|
||||
|
||||
TEST_ASSERT( psa_import_key( slot, key_type,
|
||||
key_data, key_size ) == PSA_SUCCESS );
|
||||
|
||||
TEST_ASSERT( psa_aead_encrypt( slot, alg,
|
||||
nonce, nonce_length,
|
||||
additional_data, additional_data_length,
|
||||
input_data, input_size, output_data,
|
||||
output_size, &output_length ) == PSA_SUCCESS );
|
||||
|
||||
|
||||
TEST_ASSERT( memcmp( output_data, expected_result,
|
||||
output_length ) == 0 );
|
||||
|
||||
|
||||
exit:
|
||||
psa_destroy_key( slot );
|
||||
mbedtls_free( key_data );
|
||||
mbedtls_free( input_data );
|
||||
mbedtls_free( additional_data );
|
||||
mbedtls_free( output_data );
|
||||
mbedtls_free( nonce );
|
||||
mbedtls_free( expected_result );
|
||||
mbedtls_psa_crypto_free( );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE */
|
||||
void aead_decrypt( int key_type_arg, char * key_hex,
|
||||
int alg_arg, char * input_hex,
|
||||
char * add_data, char * nonce_hex,
|
||||
char * expected_result_hex, int expected_result_arg )
|
||||
{
|
||||
int slot = 1;
|
||||
psa_key_type_t key_type = key_type_arg;
|
||||
psa_algorithm_t alg = alg_arg;
|
||||
unsigned char *key_data = NULL;
|
||||
size_t key_size;
|
||||
unsigned char *input_data = NULL;
|
||||
size_t input_size;
|
||||
unsigned char *output_data = NULL;
|
||||
size_t output_size = 0;
|
||||
size_t output_length = 0;
|
||||
unsigned char *expected_data = NULL;
|
||||
size_t expected_result_length = 0;
|
||||
uint8_t* nonce = NULL;
|
||||
size_t nonce_length = 0;
|
||||
size_t tag_length = 16;
|
||||
unsigned char *additional_data = NULL;
|
||||
size_t additional_data_length = 0;
|
||||
psa_key_policy_t policy = {0};
|
||||
psa_status_t expected_result = (psa_status_t) expected_result_arg;
|
||||
|
||||
|
||||
key_data = unhexify_alloc( key_hex, &key_size );
|
||||
TEST_ASSERT( key_data != NULL );
|
||||
input_data = unhexify_alloc( input_hex, &input_size );
|
||||
TEST_ASSERT( input_data != NULL );
|
||||
additional_data = unhexify_alloc( add_data, &additional_data_length );
|
||||
TEST_ASSERT( input_data != NULL );
|
||||
output_size = input_size + tag_length;
|
||||
output_data = mbedtls_calloc( 1, output_size );
|
||||
TEST_ASSERT( output_data != NULL );
|
||||
nonce = unhexify_alloc( nonce_hex, &nonce_length );
|
||||
TEST_ASSERT( nonce != NULL );
|
||||
expected_data = unhexify_alloc( expected_result_hex, &expected_result_length );
|
||||
TEST_ASSERT( expected_data != NULL );
|
||||
|
||||
TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
|
||||
|
||||
psa_key_policy_init( &policy );
|
||||
|
||||
psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DECRYPT , alg );
|
||||
|
||||
TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
|
||||
|
||||
TEST_ASSERT( psa_import_key( slot, key_type,
|
||||
key_data, key_size ) == PSA_SUCCESS );
|
||||
|
||||
TEST_ASSERT( psa_aead_decrypt( slot, alg,
|
||||
nonce, nonce_length,
|
||||
additional_data, additional_data_length,
|
||||
input_data, input_size, output_data,
|
||||
output_size, &output_length ) == expected_result );
|
||||
|
||||
|
||||
if ( expected_result == PSA_SUCCESS )
|
||||
{
|
||||
TEST_ASSERT( memcmp( output_data, expected_data,
|
||||
output_length ) == 0 );
|
||||
}
|
||||
|
||||
|
||||
|
||||
exit:
|
||||
psa_destroy_key( slot );
|
||||
mbedtls_free( key_data );
|
||||
mbedtls_free( input_data );
|
||||
mbedtls_free( additional_data );
|
||||
mbedtls_free( output_data );
|
||||
mbedtls_free( nonce );
|
||||
mbedtls_free( expected_data );
|
||||
mbedtls_psa_crypto_free( );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
|
Loading…
Reference in a new issue