From 39ee871d3fb213357ecb0697e3e112e626117f61 Mon Sep 17 00:00:00 2001 From: mohammad1603 Date: Thu, 26 Apr 2018 00:51:02 +0300 Subject: [PATCH 01/59] Change AEAD APIs to integrated AEAD APIs. Change AEAD APIs to integrated AEAD APIs, this will allow t support CCM and GCM algorithms. --- include/psa/crypto.h | 87 ++++++++++--------------------------- include/psa/crypto_struct.h | 14 ------ 2 files changed, 23 insertions(+), 78 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index c0b318776..7fc14a222 100755 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -1072,14 +1072,6 @@ psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation); /** \defgroup aead Authenticated encryption with associated data (AEAD) * @{ */ - -/** The type of the state data structure for multipart AEAD operations. - * - * This is an implementation-defined \c struct. Applications should not - * make any assumptions about the content of this structure except - * as directed by the documentation of a specific implementation. */ -typedef struct psa_aead_operation_s psa_aead_operation_t; - /** Set the key for a multipart authenticated encryption operation. * * The sequence of operations to authenticate-and-encrypt a message @@ -1131,32 +1123,7 @@ psa_status_t psa_aead_encrypt_setup(psa_aead_operation_t *operation, psa_key_slot_t key, psa_algorithm_t alg); -/** Set the key for a multipart authenticated decryption operation. - * - * The sequence of operations to authenticated and decrypt a message - * is as follows: - * -# Allocate an operation object which will be passed to all the functions - * listed here. - * -# Call psa_aead_decrypt_setup() to specify the algorithm and key. - * The key remains associated with the operation even if the content - * of the key slot changes. - * -# Call psa_aead_set_iv() to pass the initialization vector (IV) - * for the authenticated decryption. - * -# Call psa_aead_update_ad() to pass the associated data that is - * to be authenticated but not encrypted. You may omit this step if - * there is no associated data. - * -# Call psa_aead_update() zero, one or more times, passing a fragment - * of the data to decrypt each time. - * -# Call psa_aead_finish(). - * - * The application may call psa_aead_abort() at any time after the operation - * has been initialized with psa_aead_decrypt_setup(). - * - * After a successful call to psa_aead_decrypt_setup(), the application must - * eventually terminate the operation. The following events terminate an - * operation: - * - A failed call to psa_aead_update(). - * - A call to psa_aead_finish() or psa_aead_abort(). +/** Process an integrated authenticated encryption operation. * * \param operation * \param alg The AEAD algorithm to compute (\c PSA_ALG_XXX value @@ -1175,37 +1142,29 @@ psa_status_t psa_aead_encrypt_setup(psa_aead_operation_t *operation, * \retval PSA_ERROR_HARDWARE_FAILURE * \retval PSA_ERROR_TAMPERING_DETECTED */ -psa_status_t psa_aead_decrypt_setup(psa_aead_operation_t *operation, - psa_key_slot_t key, - psa_algorithm_t alg); +psa_status_t psa_aead_encrypt( psa_key_slot_t key, + psa_algorithm_t alg, + const uint8_t *nonce, + size_t nonce_length, + const uint8_t *additional_data, + size_t additional_data_length, + const uint8_t *plaintext, + size_t plaintext_length, + uint8_t *ciphertext, + size_t ciphertext_size, + size_t *ciphertext_length ); -psa_status_t psa_aead_generate_iv(psa_aead_operation_t *operation, - unsigned char *iv, - size_t iv_size, - size_t *iv_length); - -psa_status_t psa_aead_set_iv(psa_aead_operation_t *operation, - const unsigned char *iv, - size_t iv_length); - -psa_status_t psa_aead_update_ad(psa_aead_operation_t *operation, - const uint8_t *input, - size_t input_length); - -psa_status_t psa_aead_update(psa_aead_operation_t *operation, - const uint8_t *input, - size_t input_length); - -psa_status_t psa_aead_finish(psa_aead_operation_t *operation, - uint8_t *tag, - size_t tag_size, - size_t *tag_length); - -psa_status_t psa_aead_verify(psa_aead_operation_t *operation, - uint8_t *tag, - size_t tag_length); - -psa_status_t psa_aead_abort(psa_aead_operation_t *operation); +psa_status_t psa_aead_decrypt( psa_key_slot_t key, + psa_algorithm_t alg, + const uint8_t *nonce, + size_t nonce_length, + const uint8_t *additional_data, + size_t additional_data_length, + const uint8_t *ciphertext, + size_t ciphertext_length, + uint8_t *plaintext, + size_t plaintext_size, + size_t *plaintext_length ); /**@}*/ diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index eba4862c6..20a153d23 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -110,20 +110,6 @@ struct psa_cipher_operation_s } ctx; }; -struct psa_aead_operation_s -{ - psa_algorithm_t alg; - int key_set : 1; - int iv_set : 1; - int ad_set : 1; - uint8_t iv_size; - uint8_t block_size; - union - { - unsigned dummy; /* Make the union non-empty even with no supported algorithms. */ - } ctx; -}; - struct psa_key_policy_s { psa_key_usage_t usage; From 5955c98779dfdc9c51c676ea7be0ebacd919881d Mon Sep 17 00:00:00 2001 From: mohammad1603 Date: Thu, 26 Apr 2018 00:53:03 +0300 Subject: [PATCH 02/59] Initial implementation of the AEAD decrypt/encrypt APIs Initial implementation for the AEAD APIs, missing the following: * Concatenation of the tag to the output buffer. * Updated documentation of the new functions. * argument validations * tests --- library/psa_crypto.c | 185 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 185 insertions(+) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index edb81c435..9efad5583 100755 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1466,6 +1466,191 @@ psa_status_t psa_set_key_lifetime(psa_key_slot_t key, } +/****************************************************************/ +/* AEAD */ +/****************************************************************/ +psa_status_t psa_aead_encrypt( psa_key_slot_t key, + psa_algorithm_t alg, + const uint8_t *nonce, + size_t nonce_length, + const uint8_t *additional_data, + size_t additional_data_length, + const uint8_t *plaintext, + size_t plaintext_length, + uint8_t *ciphertext, + size_t ciphertext_size, + size_t *ciphertext_length ) +{ + int ret; + psa_status_t status; + key_slot_t *slot; + psa_key_type_t key_type; + size_t key_bits; + const mbedtls_cipher_info_t *cipher_info = NULL; + unsigned char tag[16]; + + status = psa_get_key_information( key, &key_type, &key_bits ); + if( status != PSA_SUCCESS ) + return( status ); + slot = &global_data.key_slots[key]; + + //TODO: check key policy + + cipher_info = mbedtls_cipher_info_from_psa( alg, key_type, key_bits ); + if( cipher_info == NULL ) + return( PSA_ERROR_NOT_SUPPORTED ); + + if ( key_type != PSA_KEY_TYPE_RAW_DATA) + return( PSA_ERROR_BAD_STATE ); + + operation->block_size = cipher_info->block_size; + + if( alg == PSA_ALG_GCM ) + { + mbedtls_gcm_context gcm; + mbedtls_gcm_init( &gcm ); + ret = mbedtls_gcm_setkey( &gcm, cipher_info->base->cipher, + ( const unsigned char * )slot->data.raw.data, key_bits ); + if( ret != 0 ) + { + mbedtls_gcm_free( &gcm ); + return( mbedtls_to_psa_error( ret ) ); + } + ret = mbedtls_gcm_crypt_and_tag( &gcm, MBEDTLS_GCM_ENCRYPT, + plaintext_length, ( const unsigned char* )nonce , + nonce_length, ( const unsigned char* )additional_data, + additional_data_length, + ( const unsigned char* ) plaintext, + ( unsigned char* )ciphertext, sizeof( tag ), tag ); + if( ret != 0 ) + { + mbedtls_gcm_free( &gcm ); + return( mbedtls_to_psa_error( ret ) ); + } + + //TODO: append the tag to the output buffer and update the output buffer length. + mbedtls_gcm_free( &gcm ); + } + else if( alg == PSA_ALG_CCM ) + { + mbedtls_ccm_context ccm; + mbedtls_ccm_init( &ccm ); + ret = mbedtls_ccm_setkey( &ccm, cipher_info->base->cipher, + ( const unsigned char * )slot->data.raw.data, key_bits ); + if( ret != 0 ) + { + mbedtls_ccm_free( &ccm ); + return( mbedtls_to_psa_error( ret ) ); + } + ret = mbedtls_ccm_encrypt_and_tag( &ccm, plaintext_length, + ( const unsigned char* )nonce , + nonce_length, ( const unsigned char* )additional_data, + additional_data_length, + ( const unsigned char* ) plaintext, + ( unsigned char* )ciphertext, sizeof( tag ), tag ); + if( ret != 0 ) + { + mbedtls_ccm_free( &ccm ); + return( mbedtls_to_psa_error( ret ) ); + } + + //TODO: append the tag to the output buffer and update the output buffer length. + mbedtls_ccm_free( &ccm ); + } +} + +psa_status_t psa_aead_decrypt( psa_key_slot_t key, + psa_algorithm_t alg, + const uint8_t *nonce, + size_t nonce_length, + const uint8_t *additional_data, + size_t additional_data_length, + const uint8_t *ciphertext, + size_t ciphertext_length, + uint8_t *plaintext, + size_t plaintext_size, + size_t *plaintext_length ) +{ + int ret; + psa_status_t status; + key_slot_t *slot; + psa_key_type_t key_type; + size_t key_bits; + const mbedtls_cipher_info_t *cipher_info = NULL; + unsigned char tag[16]; + + status = psa_get_key_information( key, &key_type, &key_bits ); + if( status != PSA_SUCCESS ) + return( status ); + slot = &global_data.key_slots[key]; + + //TODO: check key policy + + cipher_info = mbedtls_cipher_info_from_psa( alg, key_type, key_bits ); + if( cipher_info == NULL ) + return( PSA_ERROR_NOT_SUPPORTED ); + + if ( key_type != PSA_KEY_TYPE_RAW_DATA) + return( PSA_ERROR_BAD_STATE ); + + operation->block_size = cipher_info->block_size; + + if( alg == PSA_ALG_GCM ) + { + mbedtls_gcm_context gcm; + mbedtls_gcm_init( &gcm ); + ret = mbedtls_gcm_setkey( &gcm, cipher_info->base->cipher, + ( const unsigned char * )slot->data.raw.data, key_bits ); + if( ret != 0 ) + { + mbedtls_gcm_free( &gcm ); + return( mbedtls_to_psa_error( ret ) ); + } + ret = mbedtls_gcm_crypt_and_tag( &gcm, MBEDTLS_GCM_DECRYPT, + ciphertext_length, ( const unsigned char* )nonce , + nonce_length, ( const unsigned char* )additional_data, + additional_data_length, + ( const unsigned char* )ciphertext, + ( unsigned char* )plaintext, sizeof( tag ), tag ); + if( ret != 0 ) + { + mbedtls_gcm_free( &gcm ); + return( mbedtls_to_psa_error( ret ) ); + } + + //TODO: append the tag to the output buffer and update the output buffer length. + mbedtls_gcm_free( &gcm ); + } + else if( alg == PSA_ALG_CCM ) + { + mbedtls_ccm_context ccm; + mbedtls_ccm_init( &ccm ); + ret = mbedtls_ccm_setkey( &ccm, cipher_info->base->cipher, + ( const unsigned char * )slot->data.raw.data, key_bits ); + if( ret != 0 ) + { + mbedtls_ccm_free( &ccm ); + return( mbedtls_to_psa_error( ret ) ); + } + ret = mbedtls_ccm_auth_decrypt( &ccm, ciphertext_length, + ( const unsigned char* )nonce , + nonce_length, ( const unsigned char* )additional_data, + additional_data_length, + ( const unsigned char* )ciphertext , + ( unsigned char* )plaintext, sizeof( tag ), tag ); + if( ret != 0 ) + { + mbedtls_ccm_free( &ccm ); + return( mbedtls_to_psa_error( ret ) ); + } + + //TODO: append the tag to the output buffer and update the output buffer length. + mbedtls_ccm_free( &ccm ); + } + + return( PSA_SUCCESS ); +} + /****************************************************************/ /* Module setup */ From 47ddf3d544408a2ff630786492e5b985d4df3b00 Mon Sep 17 00:00:00 2001 From: mohammad1603 Date: Thu, 26 Apr 2018 01:11:21 +0300 Subject: [PATCH 03/59] Concatenate the tag to the output buffer Concatenate the tag to the output buffer. --- library/psa_crypto.c | 25 ++++++++++++++++++++----- 1 file changed, 20 insertions(+), 5 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 9efad5583..11a805e55 100755 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1508,6 +1508,9 @@ psa_status_t psa_aead_encrypt( psa_key_slot_t key, if( alg == PSA_ALG_GCM ) { mbedtls_gcm_context gcm; + if( ciphertext_size < ( plaintext_length + sizeof( tag ) ) ) + return( PSA_ERROR_INVALID_ARGUMENT ); + mbedtls_gcm_init( &gcm ); ret = mbedtls_gcm_setkey( &gcm, cipher_info->base->cipher, ( const unsigned char * )slot->data.raw.data, key_bits ); @@ -1528,12 +1531,16 @@ psa_status_t psa_aead_encrypt( psa_key_slot_t key, return( mbedtls_to_psa_error( ret ) ); } - //TODO: append the tag to the output buffer and update the output buffer length. mbedtls_gcm_free( &gcm ); } else if( alg == PSA_ALG_CCM ) { mbedtls_ccm_context ccm; + if( ciphertext_size < ( plaintext_length + sizeof( tag ) ) ) + return( PSA_ERROR_INVALID_ARGUMENT ); + if( nonce_length < 7 || nonce_length > 13 ) + return( PSA_ERROR_INVALID_ARGUMENT ); + mbedtls_ccm_init( &ccm ); ret = mbedtls_ccm_setkey( &ccm, cipher_info->base->cipher, ( const unsigned char * )slot->data.raw.data, key_bits ); @@ -1554,9 +1561,10 @@ psa_status_t psa_aead_encrypt( psa_key_slot_t key, return( mbedtls_to_psa_error( ret ) ); } - //TODO: append the tag to the output buffer and update the output buffer length. mbedtls_ccm_free( &ccm ); } + memcpy( ciphertext + plaintext_length, tag, sizeof( tag ) ); + return( PSA_SUCCESS ); } psa_status_t psa_aead_decrypt( psa_key_slot_t key, @@ -1598,6 +1606,9 @@ psa_status_t psa_aead_decrypt( psa_key_slot_t key, if( alg == PSA_ALG_GCM ) { mbedtls_gcm_context gcm; + if( plaintext_size < ( ciphertext_length + 8 + sizeof( tag ) ) ) + return( PSA_ERROR_INVALID_ARGUMENT ); + mbedtls_gcm_init( &gcm ); ret = mbedtls_gcm_setkey( &gcm, cipher_info->base->cipher, ( const unsigned char * )slot->data.raw.data, key_bits ); @@ -1618,12 +1629,17 @@ psa_status_t psa_aead_decrypt( psa_key_slot_t key, return( mbedtls_to_psa_error( ret ) ); } - //TODO: append the tag to the output buffer and update the output buffer length. mbedtls_gcm_free( &gcm ); + memcpy( plaintext + ciphertext_length + 8, tag, sizeof( tag ) ); } else if( alg == PSA_ALG_CCM ) { mbedtls_ccm_context ccm; + if( plaintext_size < ( ciphertext_length + sizeof( tag ) ) ) + return( PSA_ERROR_INVALID_ARGUMENT ); + if( nonce_length < 7 || nonce_length > 13 ) + return( PSA_ERROR_INVALID_ARGUMENT ); + mbedtls_ccm_init( &ccm ); ret = mbedtls_ccm_setkey( &ccm, cipher_info->base->cipher, ( const unsigned char * )slot->data.raw.data, key_bits ); @@ -1644,10 +1660,9 @@ psa_status_t psa_aead_decrypt( psa_key_slot_t key, return( mbedtls_to_psa_error( ret ) ); } - //TODO: append the tag to the output buffer and update the output buffer length. mbedtls_ccm_free( &ccm ); + memcpy( plaintext + ciphertext_length, tag, sizeof( tag ) ); } - return( PSA_SUCCESS ); } From 9e5a515aa8ca51a186db0df4c9d1c3f625306dd1 Mon Sep 17 00:00:00 2001 From: mohammad1603 Date: Thu, 26 Apr 2018 12:07:35 +0300 Subject: [PATCH 04/59] Fix parameter validation --- library/psa_crypto.c | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 11a805e55..005b9feb4 100755 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1489,6 +1489,9 @@ psa_status_t psa_aead_encrypt( psa_key_slot_t key, const mbedtls_cipher_info_t *cipher_info = NULL; unsigned char tag[16]; + if( ciphertext_size < ( plaintext_length + sizeof( tag ) ) ) + return( PSA_ERROR_INVALID_ARGUMENT ); + status = psa_get_key_information( key, &key_type, &key_bits ); if( status != PSA_SUCCESS ) return( status ); @@ -1508,9 +1511,6 @@ psa_status_t psa_aead_encrypt( psa_key_slot_t key, if( alg == PSA_ALG_GCM ) { mbedtls_gcm_context gcm; - if( ciphertext_size < ( plaintext_length + sizeof( tag ) ) ) - return( PSA_ERROR_INVALID_ARGUMENT ); - mbedtls_gcm_init( &gcm ); ret = mbedtls_gcm_setkey( &gcm, cipher_info->base->cipher, ( const unsigned char * )slot->data.raw.data, key_bits ); @@ -1536,8 +1536,6 @@ psa_status_t psa_aead_encrypt( psa_key_slot_t key, else if( alg == PSA_ALG_CCM ) { mbedtls_ccm_context ccm; - if( ciphertext_size < ( plaintext_length + sizeof( tag ) ) ) - return( PSA_ERROR_INVALID_ARGUMENT ); if( nonce_length < 7 || nonce_length > 13 ) return( PSA_ERROR_INVALID_ARGUMENT ); @@ -1587,6 +1585,9 @@ psa_status_t psa_aead_decrypt( psa_key_slot_t key, const mbedtls_cipher_info_t *cipher_info = NULL; unsigned char tag[16]; + if( plaintext_size < ( ciphertext_length + sizeof( tag ) ) ) + return( PSA_ERROR_INVALID_ARGUMENT ); + status = psa_get_key_information( key, &key_type, &key_bits ); if( status != PSA_SUCCESS ) return( status ); @@ -1606,8 +1607,6 @@ psa_status_t psa_aead_decrypt( psa_key_slot_t key, if( alg == PSA_ALG_GCM ) { mbedtls_gcm_context gcm; - if( plaintext_size < ( ciphertext_length + 8 + sizeof( tag ) ) ) - return( PSA_ERROR_INVALID_ARGUMENT ); mbedtls_gcm_init( &gcm ); ret = mbedtls_gcm_setkey( &gcm, cipher_info->base->cipher, @@ -1635,8 +1634,7 @@ psa_status_t psa_aead_decrypt( psa_key_slot_t key, else if( alg == PSA_ALG_CCM ) { mbedtls_ccm_context ccm; - if( plaintext_size < ( ciphertext_length + sizeof( tag ) ) ) - return( PSA_ERROR_INVALID_ARGUMENT ); + if( nonce_length < 7 || nonce_length > 13 ) return( PSA_ERROR_INVALID_ARGUMENT ); From ce5cba9a6aeac759ebd5d624586185b2fecbf971 Mon Sep 17 00:00:00 2001 From: mohammad1603 Date: Thu, 26 Apr 2018 12:08:21 +0300 Subject: [PATCH 05/59] unify the concatenation of the tag and update output length --- library/psa_crypto.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 005b9feb4..c0ef1c54f 100755 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1562,6 +1562,7 @@ psa_status_t psa_aead_encrypt( psa_key_slot_t key, mbedtls_ccm_free( &ccm ); } memcpy( ciphertext + plaintext_length, tag, sizeof( tag ) ); + *ciphertext_length = plaintext_length + sizeof( tag ); return( PSA_SUCCESS ); } @@ -1629,7 +1630,6 @@ psa_status_t psa_aead_decrypt( psa_key_slot_t key, } mbedtls_gcm_free( &gcm ); - memcpy( plaintext + ciphertext_length + 8, tag, sizeof( tag ) ); } else if( alg == PSA_ALG_CCM ) { @@ -1659,8 +1659,10 @@ psa_status_t psa_aead_decrypt( psa_key_slot_t key, } mbedtls_ccm_free( &ccm ); - memcpy( plaintext + ciphertext_length, tag, sizeof( tag ) ); } + + memcpy( plaintext + ciphertext_length, tag, sizeof( tag ) ); + *plaintext_length = ciphertext_length + sizeof( tag ); return( PSA_SUCCESS ); } From 579d35900798077c201b4fc17ffe7eba036691ed Mon Sep 17 00:00:00 2001 From: mohammad1603 Date: Mon, 30 Apr 2018 08:51:35 +0300 Subject: [PATCH 06/59] remove psa_aead_encrypt_setup from header file remove psa_aead_encrypt_setup from header file --- include/psa/crypto.h | 51 -------------------------------------------- 1 file changed, 51 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 7fc14a222..cd86080c1 100755 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -1072,57 +1072,6 @@ psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation); /** \defgroup aead Authenticated encryption with associated data (AEAD) * @{ */ -/** Set the key for a multipart authenticated encryption operation. - * - * The sequence of operations to authenticate-and-encrypt a message - * is as follows: - * -# Allocate an operation object which will be passed to all the functions - * listed here. - * -# Call psa_aead_encrypt_setup() to specify the algorithm and key. - * The key remains associated with the operation even if the content - * of the key slot changes. - * -# Call either psa_aead_generate_iv() or psa_aead_set_iv() to - * generate or set the IV (initialization vector). You should use - * psa_encrypt_generate_iv() unless the protocol you are implementing - * requires a specific IV value. - * -# Call psa_aead_update_ad() to pass the associated data that is - * to be authenticated but not encrypted. You may omit this step if - * there is no associated data. - * -# Call psa_aead_update() zero, one or more times, passing a fragment - * of the data to encrypt each time. - * -# Call psa_aead_finish(). - * - * The application may call psa_aead_abort() at any time after the operation - * has been initialized with psa_aead_encrypt_setup(). - * - * After a successful call to psa_aead_encrypt_setup(), the application must - * eventually terminate the operation. The following events terminate an - * operation: - * - A failed call to psa_aead_generate_iv(), psa_aead_set_iv(), - * psa_aead_update_ad() or psa_aead_update(). - * - A call to psa_aead_finish() or psa_aead_abort(). - * - * \param operation - * \param alg The AEAD algorithm to compute (\c PSA_ALG_XXX value - * such that #PSA_ALG_IS_AEAD(alg) is true). - * - * \retval PSA_SUCCESS - * Success. - * \retval PSA_ERROR_EMPTY_SLOT - * \retval PSA_ERROR_NOT_PERMITTED - * \retval PSA_ERROR_INVALID_ARGUMENT - * \c key is not compatible with \c alg. - * \retval PSA_ERROR_NOT_SUPPORTED - * \c alg is not supported or is not an AEAD algorithm. - * \retval PSA_ERROR_INSUFFICIENT_MEMORY - * \retval PSA_ERROR_COMMUNICATION_FAILURE - * \retval PSA_ERROR_HARDWARE_FAILURE - * \retval PSA_ERROR_TAMPERING_DETECTED - */ -psa_status_t psa_aead_encrypt_setup(psa_aead_operation_t *operation, - psa_key_slot_t key, - psa_algorithm_t alg); - /** Process an integrated authenticated encryption operation. * * \param operation From 9112693930a8575c44863a83bdeccf150912cfa7 Mon Sep 17 00:00:00 2001 From: mohammad1603 Date: Mon, 30 Apr 2018 11:10:16 +0300 Subject: [PATCH 07/59] aead test scenario --- tests/suites/test_suite_psa_crypto.function | 70 +++++++++++++++++++++ 1 file changed, 70 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 04a95d4f8..4721c87f3 100755 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -573,3 +573,73 @@ exit: mbedtls_psa_crypto_free( ); } /* END_CASE */ + +/* BEGIN_CASE */ +void aead_encrypt_decrypt( int key_type_arg, char *key_hex, + int alg_arg, char *input_hex, + cahr* additional_data, int additional_data_length ) +{ + int slot = 1; + psa_key_type_t key_type = key_type_arg; + psa_algorithm_t alg = alg_arg; + unsigned char *key_data = NULL; + size_t key_size; + unsigned char *input_data = NULL; + size_t input_size; + unsigned char *output_data = NULL; + size_t output_length; + unsigned char *output_data2 = NULL; + size_t output_length2; + psa_status_t actual_status; + uint8_t* nonce = NULL; + size_t nonce_length = 16; + size_t tag_length = 16; + + + key_data = unhexify_alloc( key_hex, &key_size ); + TEST_ASSERT( key_data != NULL ); + input_data = unhexify_alloc( input_hex, &input_size ); + TEST_ASSERT( input_data != NULL ); + output_data = mbedtls_calloc( 1, input_size + tag_length ); + TEST_ASSERT( output_data != NULL ); + if( alg == PSA_ALG_CCM ) + { + nonce_length = 12; + } + nonce = mbedtls_calloc( 1, nonce_length ); + TEST_ASSERT( nonce != NULL ); + for( int i = 0; i < nonce_length; ++nonce_length ) + nonce[i] = i; + + TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS ); + + TEST_ASSERT( psa_import_key( slot, key_type, + key_data, key_size ) == PSA_SUCCESS ); + + TEST_ASSERT( psa_aead_encrypt( slot, alg, + nonce, nonce_length, + additional_data, additional_data_length, + input_data, input_size, output_data, + input_size, &output_length ) ); + + output_data2 = mbedtls_calloc( 1, output_length ); + TEST_ASSERT( output_data2 != NULL ); + + TEST_ASSERT( psa_aead_decrypt( slot, alg, + nonce, nonce_length, + additional_data, additional_data_length, + output_data, output_length - tag_length, output_data2, + output_length, &output_length2 ) ); + + TEST_ASSERT( memcmp( input, output_data2, + input_size ) == 0 ); + + +exit: + psa_destroy_key( slot ); + mbedtls_free( key_data ); + mbedtls_free( input_data ); + mbedtls_free( signature ); + mbedtls_psa_crypto_free( ); +} +/* END_CASE */ From db6247315fb944c1aca0389ba18525a72112a352 Mon Sep 17 00:00:00 2001 From: mohammad1603 Date: Mon, 30 Apr 2018 17:21:50 +0300 Subject: [PATCH 08/59] Parameters validation fixes Fix key_type validation test and no need to ask for place for tag in decryption --- library/psa_crypto.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index c0ef1c54f..2650fffe6 100755 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1503,8 +1503,9 @@ psa_status_t psa_aead_encrypt( psa_key_slot_t key, if( cipher_info == NULL ) return( PSA_ERROR_NOT_SUPPORTED ); - if ( key_type != PSA_KEY_TYPE_RAW_DATA) - return( PSA_ERROR_BAD_STATE ); + if ( ( key_type & PSA_KEY_TYPE_CATEGORY_MASK ) == PSA_KEY_TYPE_CATEGORY_CIPHER + && PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) == 16 ) + return( PSA_ERROR_INVALID_ARGUMENT ); operation->block_size = cipher_info->block_size; @@ -1586,7 +1587,7 @@ psa_status_t psa_aead_decrypt( psa_key_slot_t key, const mbedtls_cipher_info_t *cipher_info = NULL; unsigned char tag[16]; - if( plaintext_size < ( ciphertext_length + sizeof( tag ) ) ) + if( plaintext_size < ciphertext_length ) return( PSA_ERROR_INVALID_ARGUMENT ); status = psa_get_key_information( key, &key_type, &key_bits ); From 6bbd8c75dcf1460bb499c8ba4037309a0817350f Mon Sep 17 00:00:00 2001 From: mohammad1603 Date: Mon, 30 Apr 2018 17:22:52 +0300 Subject: [PATCH 09/59] Remove unnecessary cast Remove unnecessary cast --- library/psa_crypto.c | 37 +++++++++++++++---------------------- 1 file changed, 15 insertions(+), 22 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 2650fffe6..7589432c9 100755 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1521,11 +1521,10 @@ psa_status_t psa_aead_encrypt( psa_key_slot_t key, return( mbedtls_to_psa_error( ret ) ); } ret = mbedtls_gcm_crypt_and_tag( &gcm, MBEDTLS_GCM_ENCRYPT, - plaintext_length, ( const unsigned char* )nonce , - nonce_length, ( const unsigned char* )additional_data, - additional_data_length, - ( const unsigned char* ) plaintext, - ( unsigned char* )ciphertext, sizeof( tag ), tag ); + plaintext_length, nonce , + nonce_length, additional_data, + additional_data_length, plaintext, + ciphertext, sizeof( tag ), tag ); if( ret != 0 ) { mbedtls_gcm_free( &gcm ); @@ -1542,18 +1541,16 @@ psa_status_t psa_aead_encrypt( psa_key_slot_t key, mbedtls_ccm_init( &ccm ); ret = mbedtls_ccm_setkey( &ccm, cipher_info->base->cipher, - ( const unsigned char * )slot->data.raw.data, key_bits ); + slot->data.raw.data, key_bits ); if( ret != 0 ) { mbedtls_ccm_free( &ccm ); return( mbedtls_to_psa_error( ret ) ); } ret = mbedtls_ccm_encrypt_and_tag( &ccm, plaintext_length, - ( const unsigned char* )nonce , - nonce_length, ( const unsigned char* )additional_data, + nonce , nonce_length, additional_data, additional_data_length, - ( const unsigned char* ) plaintext, - ( unsigned char* )ciphertext, sizeof( tag ), tag ); + plaintext, ciphertext, sizeof( tag ), tag ); if( ret != 0 ) { mbedtls_ccm_free( &ccm ); @@ -1612,18 +1609,16 @@ psa_status_t psa_aead_decrypt( psa_key_slot_t key, mbedtls_gcm_init( &gcm ); ret = mbedtls_gcm_setkey( &gcm, cipher_info->base->cipher, - ( const unsigned char * )slot->data.raw.data, key_bits ); + slot->data.raw.data, key_bits ); if( ret != 0 ) { mbedtls_gcm_free( &gcm ); return( mbedtls_to_psa_error( ret ) ); } ret = mbedtls_gcm_crypt_and_tag( &gcm, MBEDTLS_GCM_DECRYPT, - ciphertext_length, ( const unsigned char* )nonce , - nonce_length, ( const unsigned char* )additional_data, - additional_data_length, - ( const unsigned char* )ciphertext, - ( unsigned char* )plaintext, sizeof( tag ), tag ); + ciphertext_length, nonce , nonce_length, + additional_data, additional_data_length, + ciphertext, plaintext, sizeof( tag ), tag ); if( ret != 0 ) { mbedtls_gcm_free( &gcm ); @@ -1641,18 +1636,16 @@ psa_status_t psa_aead_decrypt( psa_key_slot_t key, mbedtls_ccm_init( &ccm ); ret = mbedtls_ccm_setkey( &ccm, cipher_info->base->cipher, - ( const unsigned char * )slot->data.raw.data, key_bits ); + slot->data.raw.data, key_bits ); if( ret != 0 ) { mbedtls_ccm_free( &ccm ); return( mbedtls_to_psa_error( ret ) ); } ret = mbedtls_ccm_auth_decrypt( &ccm, ciphertext_length, - ( const unsigned char* )nonce , - nonce_length, ( const unsigned char* )additional_data, - additional_data_length, - ( const unsigned char* )ciphertext , - ( unsigned char* )plaintext, sizeof( tag ), tag ); + nonce , nonce_length, additional_data, + additional_data_length, ciphertext , + plaintext, sizeof( tag ), tag ); if( ret != 0 ) { mbedtls_ccm_free( &ccm ); From 4f5eb7cb5411fea304a10f1eadaa9ddeded16395 Mon Sep 17 00:00:00 2001 From: mohammad1603 Date: Mon, 30 Apr 2018 17:23:47 +0300 Subject: [PATCH 10/59] Fill the the output buffer with zero data in case of failure --- library/psa_crypto.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 7589432c9..0ed9dd9bf 100755 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1528,6 +1528,7 @@ psa_status_t psa_aead_encrypt( psa_key_slot_t key, if( ret != 0 ) { mbedtls_gcm_free( &gcm ); + mbedtls_zeroize( ciphertext, plaintext_length ); return( mbedtls_to_psa_error( ret ) ); } @@ -1554,6 +1555,7 @@ psa_status_t psa_aead_encrypt( psa_key_slot_t key, if( ret != 0 ) { mbedtls_ccm_free( &ccm ); + mbedtls_zeroize( ciphertext, plaintext_length ); return( mbedtls_to_psa_error( ret ) ); } @@ -1622,6 +1624,7 @@ psa_status_t psa_aead_decrypt( psa_key_slot_t key, if( ret != 0 ) { mbedtls_gcm_free( &gcm ); + mbedtls_zeroize( plaintext, ciphertext_length ); return( mbedtls_to_psa_error( ret ) ); } @@ -1649,14 +1652,14 @@ psa_status_t psa_aead_decrypt( psa_key_slot_t key, if( ret != 0 ) { mbedtls_ccm_free( &ccm ); + mbedtls_zeroize( plaintext, ciphertext_length ); return( mbedtls_to_psa_error( ret ) ); } mbedtls_ccm_free( &ccm ); } - memcpy( plaintext + ciphertext_length, tag, sizeof( tag ) ); - *plaintext_length = ciphertext_length + sizeof( tag ); + *plaintext_length = ciphertext_length; return( PSA_SUCCESS ); } From 091e73b22b4759d938ee0afeb9bf6d7b112fd861 Mon Sep 17 00:00:00 2001 From: mohammad1603 Date: Mon, 30 Apr 2018 17:24:39 +0300 Subject: [PATCH 11/59] Fix usage of TEST_ASSERT Add missing == PSA_SUCCESS in TEST_ASSERT usage --- tests/suites/test_suite_psa_crypto.function | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 4721c87f3..6376e5659 100755 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -591,7 +591,7 @@ void aead_encrypt_decrypt( int key_type_arg, char *key_hex, unsigned char *output_data2 = NULL; size_t output_length2; psa_status_t actual_status; - uint8_t* nonce = NULL; + uint8_t nonce[16]; size_t nonce_length = 16; size_t tag_length = 16; @@ -606,8 +606,7 @@ void aead_encrypt_decrypt( int key_type_arg, char *key_hex, { nonce_length = 12; } - nonce = mbedtls_calloc( 1, nonce_length ); - TEST_ASSERT( nonce != NULL ); + for( int i = 0; i < nonce_length; ++nonce_length ) nonce[i] = i; @@ -620,7 +619,7 @@ void aead_encrypt_decrypt( int key_type_arg, char *key_hex, nonce, nonce_length, additional_data, additional_data_length, input_data, input_size, output_data, - input_size, &output_length ) ); + input_size, &output_length ) == PSA_SUCCESS ); output_data2 = mbedtls_calloc( 1, output_length ); TEST_ASSERT( output_data2 != NULL ); @@ -629,7 +628,7 @@ void aead_encrypt_decrypt( int key_type_arg, char *key_hex, nonce, nonce_length, additional_data, additional_data_length, output_data, output_length - tag_length, output_data2, - output_length, &output_length2 ) ); + output_length, &output_length2 ) == PSA_SUCCESS ); TEST_ASSERT( memcmp( input, output_data2, input_size ) == 0 ); From a7e6df76ead156437d97aa592aa8bbec28f77b9d Mon Sep 17 00:00:00 2001 From: mohammad1603 Date: Mon, 30 Apr 2018 17:25:45 +0300 Subject: [PATCH 12/59] Validation fixes for key_type --- library/psa_crypto.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 0ed9dd9bf..33e265766 100755 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1600,8 +1600,9 @@ psa_status_t psa_aead_decrypt( psa_key_slot_t key, if( cipher_info == NULL ) return( PSA_ERROR_NOT_SUPPORTED ); - if ( key_type != PSA_KEY_TYPE_RAW_DATA) - return( PSA_ERROR_BAD_STATE ); + if ( ( key_type & PSA_KEY_TYPE_CATEGORY_MASK ) == PSA_KEY_TYPE_CATEGORY_CIPHER + && PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) == 16 ) + return( PSA_ERROR_INVALID_ARGUMENT ); operation->block_size = cipher_info->block_size; From dad36fa855e17a039e1f8f1a5671093a8255808b Mon Sep 17 00:00:00 2001 From: mohammad1603 Date: Wed, 9 May 2018 02:24:42 -0700 Subject: [PATCH 13/59] add Key and Algorithm validation --- include/psa/crypto.h | 1 + library/psa_crypto.c | 38 +++++++++++++++++++++++++++----------- 2 files changed, 28 insertions(+), 11 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index cd86080c1..deeab4a64 100755 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -143,6 +143,7 @@ typedef uint32_t psa_key_type_t; #define PSA_KEY_TYPE_CATEGORY_MASK ((psa_key_type_t)0x7e000000) #define PSA_KEY_TYPE_RAW_DATA ((psa_key_type_t)0x02000000) #define PSA_KEY_TYPE_CATEGORY_SYMMETRIC ((psa_key_type_t)0x04000000) +#define PSA_KEY_TYPE_CATEGORY_CIPHER ((psa_key_type_t)0x04000000) #define PSA_KEY_TYPE_CATEGORY_ASYMMETRIC ((psa_key_type_t)0x06000000) #define PSA_KEY_TYPE_PAIR_FLAG ((psa_key_type_t)0x01000000) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 33e265766..7d70d534a 100755 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1488,7 +1488,8 @@ psa_status_t psa_aead_encrypt( psa_key_slot_t key, size_t key_bits; const mbedtls_cipher_info_t *cipher_info = NULL; unsigned char tag[16]; - + mbedtls_cipher_id_t cipher_id; + if( ciphertext_size < ( plaintext_length + sizeof( tag ) ) ) return( PSA_ERROR_INVALID_ARGUMENT ); @@ -1497,6 +1498,15 @@ psa_status_t psa_aead_encrypt( psa_key_slot_t key, return( status ); slot = &global_data.key_slots[key]; + if ( key_type == PSA_KEY_TYPE_AES ) + { + cipher_id = MBEDTLS_CIPHER_ID_AES; + } + else + { + return( PSA_ERROR_INVALID_ARGUMENT ); + } + //TODO: check key policy cipher_info = mbedtls_cipher_info_from_psa( alg, key_type, key_bits ); @@ -1507,13 +1517,11 @@ psa_status_t psa_aead_encrypt( psa_key_slot_t key, && PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) == 16 ) return( PSA_ERROR_INVALID_ARGUMENT ); - operation->block_size = cipher_info->block_size; - if( alg == PSA_ALG_GCM ) { mbedtls_gcm_context gcm; mbedtls_gcm_init( &gcm ); - ret = mbedtls_gcm_setkey( &gcm, cipher_info->base->cipher, + ret = mbedtls_gcm_setkey( &gcm, cipher_id, ( const unsigned char * )slot->data.raw.data, key_bits ); if( ret != 0 ) { @@ -1541,7 +1549,7 @@ psa_status_t psa_aead_encrypt( psa_key_slot_t key, return( PSA_ERROR_INVALID_ARGUMENT ); mbedtls_ccm_init( &ccm ); - ret = mbedtls_ccm_setkey( &ccm, cipher_info->base->cipher, + ret = mbedtls_ccm_setkey( &ccm, cipher_id, slot->data.raw.data, key_bits ); if( ret != 0 ) { @@ -1551,7 +1559,7 @@ psa_status_t psa_aead_encrypt( psa_key_slot_t key, ret = mbedtls_ccm_encrypt_and_tag( &ccm, plaintext_length, nonce , nonce_length, additional_data, additional_data_length, - plaintext, ciphertext, sizeof( tag ), tag ); + plaintext, ciphertext, tag, sizeof( tag ) ); if( ret != 0 ) { mbedtls_ccm_free( &ccm ); @@ -1585,6 +1593,7 @@ psa_status_t psa_aead_decrypt( psa_key_slot_t key, size_t key_bits; const mbedtls_cipher_info_t *cipher_info = NULL; unsigned char tag[16]; + mbedtls_cipher_id_t cipher_id; if( plaintext_size < ciphertext_length ) return( PSA_ERROR_INVALID_ARGUMENT ); @@ -1594,6 +1603,15 @@ psa_status_t psa_aead_decrypt( psa_key_slot_t key, return( status ); slot = &global_data.key_slots[key]; + if ( key_type == PSA_KEY_TYPE_AES ) + { + cipher_id = MBEDTLS_CIPHER_ID_AES; + } + else + { + return( PSA_ERROR_INVALID_ARGUMENT ); + } + //TODO: check key policy cipher_info = mbedtls_cipher_info_from_psa( alg, key_type, key_bits ); @@ -1604,14 +1622,12 @@ psa_status_t psa_aead_decrypt( psa_key_slot_t key, && PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) == 16 ) return( PSA_ERROR_INVALID_ARGUMENT ); - operation->block_size = cipher_info->block_size; - if( alg == PSA_ALG_GCM ) { mbedtls_gcm_context gcm; mbedtls_gcm_init( &gcm ); - ret = mbedtls_gcm_setkey( &gcm, cipher_info->base->cipher, + ret = mbedtls_gcm_setkey( &gcm, cipher_id, slot->data.raw.data, key_bits ); if( ret != 0 ) { @@ -1639,7 +1655,7 @@ psa_status_t psa_aead_decrypt( psa_key_slot_t key, return( PSA_ERROR_INVALID_ARGUMENT ); mbedtls_ccm_init( &ccm ); - ret = mbedtls_ccm_setkey( &ccm, cipher_info->base->cipher, + ret = mbedtls_ccm_setkey( &ccm, cipher_id, slot->data.raw.data, key_bits ); if( ret != 0 ) { @@ -1649,7 +1665,7 @@ psa_status_t psa_aead_decrypt( psa_key_slot_t key, ret = mbedtls_ccm_auth_decrypt( &ccm, ciphertext_length, nonce , nonce_length, additional_data, additional_data_length, ciphertext , - plaintext, sizeof( tag ), tag ); + plaintext, tag, sizeof( tag ) ); if( ret != 0 ) { mbedtls_ccm_free( &ccm ); From bdd892aef57c341d1b9d26cc189ec1f6cae39b73 Mon Sep 17 00:00:00 2001 From: mohammad1603 Date: Wed, 9 May 2018 02:26:51 -0700 Subject: [PATCH 14/59] Add test scenario --- tests/suites/test_suite_psa_crypto.data | 3 +++ tests/suites/test_suite_psa_crypto.function | 17 ++++++++++------- 2 files changed, 13 insertions(+), 7 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index c3f5f9001..3e80c9072 100755 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -120,3 +120,6 @@ sign_fail:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_KEY_TYPE_ECC_CURVE_NISTP256R1):"307802010 PSA verify ECDSA SECP256R1 SHA-256 depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED asymmetric_verify:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_KEY_TYPE_ECC_CURVE_NISTP256R1):"3078020101042100ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3aa00a06082a8648ce3d030107a14403420004dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_SHA_256:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"304502206a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151022100ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f" + +PSA AEAD Encrypt-Decrypt, first scenario +aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":PSA_ALG_CCM:"0C0D0E0F101112131415161718191A1B1C1D1E":"000102030405060708090A0B" diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 6376e5659..f6a0d2208 100755 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -575,9 +575,9 @@ exit: /* END_CASE */ /* BEGIN_CASE */ -void aead_encrypt_decrypt( int key_type_arg, char *key_hex, - int alg_arg, char *input_hex, - cahr* additional_data, int additional_data_length ) +void aead_encrypt_decrypt( int key_type_arg, char * key_hex, + int alg_arg, char * input_hex, + char * add_data ) { int slot = 1; psa_key_type_t key_type = key_type_arg; @@ -590,16 +590,20 @@ void aead_encrypt_decrypt( int key_type_arg, char *key_hex, size_t output_length; unsigned char *output_data2 = NULL; size_t output_length2; - psa_status_t actual_status; uint8_t nonce[16]; size_t nonce_length = 16; size_t tag_length = 16; + unsigned char *additional_data = NULL; + size_t additional_data_length = 0; + size_t i = 0; key_data = unhexify_alloc( key_hex, &key_size ); TEST_ASSERT( key_data != NULL ); input_data = unhexify_alloc( input_hex, &input_size ); TEST_ASSERT( input_data != NULL ); + additional_data = unhexify_alloc( add_data, &additional_data_length ); + TEST_ASSERT( input_data != NULL ); output_data = mbedtls_calloc( 1, input_size + tag_length ); TEST_ASSERT( output_data != NULL ); if( alg == PSA_ALG_CCM ) @@ -607,7 +611,7 @@ void aead_encrypt_decrypt( int key_type_arg, char *key_hex, nonce_length = 12; } - for( int i = 0; i < nonce_length; ++nonce_length ) + for( ; i < nonce_length; ++nonce_length ) nonce[i] = i; TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS ); @@ -630,7 +634,7 @@ void aead_encrypt_decrypt( int key_type_arg, char *key_hex, output_data, output_length - tag_length, output_data2, output_length, &output_length2 ) == PSA_SUCCESS ); - TEST_ASSERT( memcmp( input, output_data2, + TEST_ASSERT( memcmp( input_data, output_data2, input_size ) == 0 ); @@ -638,7 +642,6 @@ exit: psa_destroy_key( slot ); mbedtls_free( key_data ); mbedtls_free( input_data ); - mbedtls_free( signature ); mbedtls_psa_crypto_free( ); } /* END_CASE */ From 17638efc469ffbb40b248df47c1351bb0c3dcf9f Mon Sep 17 00:00:00 2001 From: mohammad1603 Date: Wed, 9 May 2018 04:58:00 -0700 Subject: [PATCH 15/59] remove unused variable --- library/psa_crypto.c | 8 -------- 1 file changed, 8 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 7d70d534a..45f55638b 100755 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1486,7 +1486,6 @@ psa_status_t psa_aead_encrypt( psa_key_slot_t key, key_slot_t *slot; psa_key_type_t key_type; size_t key_bits; - const mbedtls_cipher_info_t *cipher_info = NULL; unsigned char tag[16]; mbedtls_cipher_id_t cipher_id; @@ -1509,9 +1508,6 @@ psa_status_t psa_aead_encrypt( psa_key_slot_t key, //TODO: check key policy - cipher_info = mbedtls_cipher_info_from_psa( alg, key_type, key_bits ); - if( cipher_info == NULL ) - return( PSA_ERROR_NOT_SUPPORTED ); if ( ( key_type & PSA_KEY_TYPE_CATEGORY_MASK ) == PSA_KEY_TYPE_CATEGORY_CIPHER && PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) == 16 ) @@ -1591,7 +1587,6 @@ psa_status_t psa_aead_decrypt( psa_key_slot_t key, key_slot_t *slot; psa_key_type_t key_type; size_t key_bits; - const mbedtls_cipher_info_t *cipher_info = NULL; unsigned char tag[16]; mbedtls_cipher_id_t cipher_id; @@ -1614,9 +1609,6 @@ psa_status_t psa_aead_decrypt( psa_key_slot_t key, //TODO: check key policy - cipher_info = mbedtls_cipher_info_from_psa( alg, key_type, key_bits ); - if( cipher_info == NULL ) - return( PSA_ERROR_NOT_SUPPORTED ); if ( ( key_type & PSA_KEY_TYPE_CATEGORY_MASK ) == PSA_KEY_TYPE_CATEGORY_CIPHER && PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) == 16 ) From e58e68458e6051c5c4a2d9222fd03787ca29a02f Mon Sep 17 00:00:00 2001 From: mohammad1603 Date: Wed, 9 May 2018 04:58:32 -0700 Subject: [PATCH 16/59] fix condition over key type --- library/psa_crypto.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 45f55638b..5810853cb 100755 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1488,7 +1488,7 @@ psa_status_t psa_aead_encrypt( psa_key_slot_t key, size_t key_bits; unsigned char tag[16]; mbedtls_cipher_id_t cipher_id; - + if( ciphertext_size < ( plaintext_length + sizeof( tag ) ) ) return( PSA_ERROR_INVALID_ARGUMENT ); @@ -1508,9 +1508,8 @@ psa_status_t psa_aead_encrypt( psa_key_slot_t key, //TODO: check key policy - - if ( ( key_type & PSA_KEY_TYPE_CATEGORY_MASK ) == PSA_KEY_TYPE_CATEGORY_CIPHER - && PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) == 16 ) + if ( !( ( key_type & PSA_KEY_TYPE_CATEGORY_MASK ) == PSA_KEY_TYPE_CATEGORY_CIPHER + && PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) == 16 ) ) return( PSA_ERROR_INVALID_ARGUMENT ); if( alg == PSA_ALG_GCM ) @@ -1609,9 +1608,8 @@ psa_status_t psa_aead_decrypt( psa_key_slot_t key, //TODO: check key policy - - if ( ( key_type & PSA_KEY_TYPE_CATEGORY_MASK ) == PSA_KEY_TYPE_CATEGORY_CIPHER - && PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) == 16 ) + if ( !( ( key_type & PSA_KEY_TYPE_CATEGORY_MASK ) == PSA_KEY_TYPE_CATEGORY_CIPHER + && PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) == 16 ) ) return( PSA_ERROR_INVALID_ARGUMENT ); if( alg == PSA_ALG_GCM ) From d973472a37647e52913729a8d0d10c5da2d3ffca Mon Sep 17 00:00:00 2001 From: mohammad1603 Date: Wed, 9 May 2018 04:59:26 -0700 Subject: [PATCH 17/59] Fix loop index and output size parameter value --- tests/suites/test_suite_psa_crypto.function | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index f6a0d2208..d366608c8 100755 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -587,6 +587,7 @@ void aead_encrypt_decrypt( int key_type_arg, char * key_hex, unsigned char *input_data = NULL; size_t input_size; unsigned char *output_data = NULL; + size_t output_size = 0; size_t output_length; unsigned char *output_data2 = NULL; size_t output_length2; @@ -604,14 +605,15 @@ void aead_encrypt_decrypt( int key_type_arg, char * key_hex, TEST_ASSERT( input_data != NULL ); additional_data = unhexify_alloc( add_data, &additional_data_length ); TEST_ASSERT( input_data != NULL ); - output_data = mbedtls_calloc( 1, input_size + tag_length ); + output_size = input_size + tag_length; + output_data = mbedtls_calloc( 1, output_size ); TEST_ASSERT( output_data != NULL ); if( alg == PSA_ALG_CCM ) { nonce_length = 12; } - for( ; i < nonce_length; ++nonce_length ) + for( ; i < nonce_length; ++i ) nonce[i] = i; TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS ); @@ -623,7 +625,7 @@ void aead_encrypt_decrypt( int key_type_arg, char * key_hex, nonce, nonce_length, additional_data, additional_data_length, input_data, input_size, output_data, - input_size, &output_length ) == PSA_SUCCESS ); + output_size, &output_length ) == PSA_SUCCESS ); output_data2 = mbedtls_calloc( 1, output_length ); TEST_ASSERT( output_data2 != NULL ); From 5c8845f5635d0fca6a25cca89880be0efde884cb Mon Sep 17 00:00:00 2001 From: mohammad1603 Date: Wed, 9 May 2018 05:40:09 -0700 Subject: [PATCH 18/59] return invalid argument for unsupported algorithms --- library/psa_crypto.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 5810853cb..aaaa8a53c 100755 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1564,6 +1564,10 @@ psa_status_t psa_aead_encrypt( psa_key_slot_t key, mbedtls_ccm_free( &ccm ); } + else + { + return( PSA_ERROR_INVALID_ARGUMENT ); + } memcpy( ciphertext + plaintext_length, tag, sizeof( tag ) ); *ciphertext_length = plaintext_length + sizeof( tag ); return( PSA_SUCCESS ); From f07db2e919742d760e60409054524c16f387cfda Mon Sep 17 00:00:00 2001 From: mohammad1603 Date: Wed, 9 May 2018 05:41:08 -0700 Subject: [PATCH 19/59] Add more test scenario for GCM and failure cases --- tests/suites/test_suite_psa_crypto.data | 19 +++++++++++++++++-- tests/suites/test_suite_psa_crypto.function | 13 +++++++++---- 2 files changed, 26 insertions(+), 6 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 3e80c9072..05d579a38 100755 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -121,5 +121,20 @@ PSA verify ECDSA SECP256R1 SHA-256 depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED asymmetric_verify:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_KEY_TYPE_ECC_CURVE_NISTP256R1):"3078020101042100ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3aa00a06082a8648ce3d030107a14403420004dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_SHA_256:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"304502206a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151022100ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f" -PSA AEAD Encrypt-Decrypt, first scenario -aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":PSA_ALG_CCM:"0C0D0E0F101112131415161718191A1B1C1D1E":"000102030405060708090A0B" +PSA AEAD Encrypt-Decrypt, AES CCM scenario 1 +aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":PSA_ALG_CCM:"0C0D0E0F101112131415161718191A1B1C1D1E":"000102030405060708090A0B":PSA_SUCCESS + +PSA AEAD Encrypt-Decrypt, AES CCM scenario 2 +aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CCM:"B96B49E21D621741632875DB7F6C9243D2D7C2":"EC46BB63B02520C33C49FD70":PSA_SUCCESS + +PSA AEAD Encrypt-Decrypt, AES GCM scenario 1 +aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":PSA_ALG_GCM:"0C0D0E0F101112131415161718191A1B1C1D1E":"000102030405060708090A0B":PSA_SUCCESS + +PSA AEAD Encrypt-Decrypt, AES GCM scenario 2 +aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_GCM:"B96B49E21D621741632875DB7F6C9243D2D7C2":"EC46BB63B02520C33C49FD70":PSA_SUCCESS + +PSA AEAD Encrypt-Decrypt, Fail Scenario - Invalid key type +aead_encrypt_decrypt:PSA_KEY_TYPE_DES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CCM:"B96B49E21D621741632875DB7F6C9243D2D7C2":"EC46BB63B02520C33C49FD70":PSA_ERROR_INVALID_ARGUMENT + +PSA AEAD Encrypt-Decrypt, Fail Scenario - Invalid algorithm +aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CTR:"B96B49E21D621741632875DB7F6C9243D2D7C2":"EC46BB63B02520C33C49FD70":PSA_ERROR_INVALID_ARGUMENT diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index d366608c8..9a6004a49 100755 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -577,7 +577,7 @@ exit: /* BEGIN_CASE */ void aead_encrypt_decrypt( int key_type_arg, char * key_hex, int alg_arg, char * input_hex, - char * add_data ) + char * add_data, int expected_result ) { int slot = 1; psa_key_type_t key_type = key_type_arg; @@ -625,7 +625,7 @@ void aead_encrypt_decrypt( int key_type_arg, char * key_hex, nonce, nonce_length, additional_data, additional_data_length, input_data, input_size, output_data, - output_size, &output_length ) == PSA_SUCCESS ); + output_size, &output_length ) == ( psa_status_t )expected_result ); output_data2 = mbedtls_calloc( 1, output_length ); TEST_ASSERT( output_data2 != NULL ); @@ -634,16 +634,21 @@ void aead_encrypt_decrypt( int key_type_arg, char * key_hex, nonce, nonce_length, additional_data, additional_data_length, output_data, output_length - tag_length, output_data2, - output_length, &output_length2 ) == PSA_SUCCESS ); + output_length, &output_length2 ) == ( psa_status_t )expected_result ); - TEST_ASSERT( memcmp( input_data, output_data2, + if( expected_result == 0 ) + { + TEST_ASSERT( memcmp( input_data, output_data2, input_size ) == 0 ); + } exit: psa_destroy_key( slot ); mbedtls_free( key_data ); mbedtls_free( input_data ); + mbedtls_free( additional_data ); + mbedtls_free( output_data ); mbedtls_psa_crypto_free( ); } /* END_CASE */ From 9b071325913e9c1786c41510d0c4769dca6c7665 Mon Sep 17 00:00:00 2001 From: mohammad1603 Date: Thu, 31 May 2018 03:18:45 -0700 Subject: [PATCH 20/59] remove compilation warnings --- tests/suites/test_suite_psa_crypto.function | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 9a6004a49..b592c6eca 100755 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -577,7 +577,8 @@ exit: /* BEGIN_CASE */ void aead_encrypt_decrypt( int key_type_arg, char * key_hex, int alg_arg, char * input_hex, - char * add_data, int expected_result ) + char * add_data + , int expected_result_arg ) { int slot = 1; psa_key_type_t key_type = key_type_arg; @@ -597,6 +598,7 @@ void aead_encrypt_decrypt( int key_type_arg, char * key_hex, unsigned char *additional_data = NULL; size_t additional_data_length = 0; size_t i = 0; + psa_status_t expected_result = (psa_status_t) expected_result_arg; key_data = unhexify_alloc( key_hex, &key_size ); @@ -625,7 +627,7 @@ void aead_encrypt_decrypt( int key_type_arg, char * key_hex, nonce, nonce_length, additional_data, additional_data_length, input_data, input_size, output_data, - output_size, &output_length ) == ( psa_status_t )expected_result ); + output_size, &output_length ) == expected_result ); output_data2 = mbedtls_calloc( 1, output_length ); TEST_ASSERT( output_data2 != NULL ); @@ -634,9 +636,9 @@ void aead_encrypt_decrypt( int key_type_arg, char * key_hex, nonce, nonce_length, additional_data, additional_data_length, output_data, output_length - tag_length, output_data2, - output_length, &output_length2 ) == ( psa_status_t )expected_result ); + output_length, &output_length2 ) == expected_result ); - if( expected_result == 0 ) + if( PSA_SUCCESS == expected_result ) { TEST_ASSERT( memcmp( input_data, output_data2, input_size ) == 0 ); @@ -649,6 +651,7 @@ exit: mbedtls_free( input_data ); mbedtls_free( additional_data ); mbedtls_free( output_data ); + mbedtls_free( output_data2 ); mbedtls_psa_crypto_free( ); } /* END_CASE */ From 39574652ae0d9ed1b1558b150f1347727260b00b Mon Sep 17 00:00:00 2001 From: mohammad1603 Date: Fri, 1 Jun 2018 04:39:53 -0700 Subject: [PATCH 21/59] add else for not supported algorithm --- library/psa_crypto.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index aaaa8a53c..beb5f559d 100755 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1669,7 +1669,11 @@ psa_status_t psa_aead_decrypt( psa_key_slot_t key, mbedtls_ccm_free( &ccm ); } - + else + { + return( PSA_ERROR_INVALID_ARGUMENT ); + } + *plaintext_length = ciphertext_length; return( PSA_SUCCESS ); } From e797945ea9f0c64c725effd551af34b76ea5a40b Mon Sep 17 00:00:00 2001 From: mohammad1603 Date: Fri, 1 Jun 2018 04:41:03 -0700 Subject: [PATCH 22/59] initialize length variables and process decrypt only when encrypts passes --- tests/suites/test_suite_psa_crypto.function | 25 +++++++++++---------- 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index b592c6eca..93bb9cc2a 100755 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -589,9 +589,9 @@ void aead_encrypt_decrypt( int key_type_arg, char * key_hex, size_t input_size; unsigned char *output_data = NULL; size_t output_size = 0; - size_t output_length; + size_t output_length = 0; unsigned char *output_data2 = NULL; - size_t output_length2; + size_t output_length2 = 0; uint8_t nonce[16]; size_t nonce_length = 16; size_t tag_length = 16; @@ -629,19 +629,20 @@ void aead_encrypt_decrypt( int key_type_arg, char * key_hex, input_data, input_size, output_data, output_size, &output_length ) == expected_result ); - output_data2 = mbedtls_calloc( 1, output_length ); - TEST_ASSERT( output_data2 != NULL ); - - TEST_ASSERT( psa_aead_decrypt( slot, alg, - nonce, nonce_length, - additional_data, additional_data_length, - output_data, output_length - tag_length, output_data2, - output_length, &output_length2 ) == expected_result ); - if( PSA_SUCCESS == expected_result ) { + output_data2 = mbedtls_calloc( 1, output_length ); + TEST_ASSERT( output_data2 != NULL ); + + TEST_ASSERT( psa_aead_decrypt( slot, alg, + nonce, nonce_length, + additional_data, additional_data_length, + output_data, output_length - tag_length, output_data2, + output_length, &output_length2 ) == expected_result ); + + TEST_ASSERT( memcmp( input_data, output_data2, - input_size ) == 0 ); + input_size ) == 0 ); } From 20399393a5190a6b921fa4448d60777584480b67 Mon Sep 17 00:00:00 2001 From: mohammad1603 Date: Fri, 1 Jun 2018 04:41:27 -0700 Subject: [PATCH 23/59] add psa_crypto to test suites --- tests/CMakeLists.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 58126bedc..d8b74f227 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -110,6 +110,7 @@ add_test_suite(pk) add_test_suite(pkparse) add_test_suite(pkwrite) add_test_suite(poly1305) +add_test_suite(psa_crypto) add_test_suite(shax) add_test_suite(ssl) add_test_suite(timing) From a40d77477de223beba1c50fd8b3db42de0bfac5a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 1 Jun 2018 16:28:30 +0200 Subject: [PATCH 24/59] Whitespace fixes Changed indentation to match Mbed TLS style. Wrapped some lines to 80 columns. --- library/psa_crypto.c | 55 +++++++++++++++++++++++--------------------- 1 file changed, 29 insertions(+), 26 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index beb5f559d..ba43e1968 100755 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1490,7 +1490,7 @@ psa_status_t psa_aead_encrypt( psa_key_slot_t key, mbedtls_cipher_id_t cipher_id; if( ciphertext_size < ( plaintext_length + sizeof( tag ) ) ) - return( PSA_ERROR_INVALID_ARGUMENT ); + return( PSA_ERROR_INVALID_ARGUMENT ); status = psa_get_key_information( key, &key_type, &key_bits ); if( status != PSA_SUCCESS ) @@ -1509,25 +1509,26 @@ psa_status_t psa_aead_encrypt( psa_key_slot_t key, //TODO: check key policy if ( !( ( key_type & PSA_KEY_TYPE_CATEGORY_MASK ) == PSA_KEY_TYPE_CATEGORY_CIPHER - && PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) == 16 ) ) + && PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) == 16 ) ) return( PSA_ERROR_INVALID_ARGUMENT ); if( alg == PSA_ALG_GCM ) { mbedtls_gcm_context gcm; mbedtls_gcm_init( &gcm ); - ret = mbedtls_gcm_setkey( &gcm, cipher_id, - ( const unsigned char * )slot->data.raw.data, key_bits ); + ret = mbedtls_gcm_setkey( &gcm, cipher_id, + ( const unsigned char * )slot->data.raw.data, + key_bits ); if( ret != 0 ) { mbedtls_gcm_free( &gcm ); return( mbedtls_to_psa_error( ret ) ); } ret = mbedtls_gcm_crypt_and_tag( &gcm, MBEDTLS_GCM_ENCRYPT, - plaintext_length, nonce , - nonce_length, additional_data, - additional_data_length, plaintext, - ciphertext, sizeof( tag ), tag ); + plaintext_length, nonce, + nonce_length, additional_data, + additional_data_length, plaintext, + ciphertext, sizeof( tag ), tag ); if( ret != 0 ) { mbedtls_gcm_free( &gcm ); @@ -1544,17 +1545,18 @@ psa_status_t psa_aead_encrypt( psa_key_slot_t key, return( PSA_ERROR_INVALID_ARGUMENT ); mbedtls_ccm_init( &ccm ); - ret = mbedtls_ccm_setkey( &ccm, cipher_id, + ret = mbedtls_ccm_setkey( &ccm, cipher_id, slot->data.raw.data, key_bits ); if( ret != 0 ) { mbedtls_ccm_free( &ccm ); return( mbedtls_to_psa_error( ret ) ); } - ret = mbedtls_ccm_encrypt_and_tag( &ccm, plaintext_length, - nonce , nonce_length, additional_data, - additional_data_length, - plaintext, ciphertext, tag, sizeof( tag ) ); + ret = mbedtls_ccm_encrypt_and_tag( &ccm, plaintext_length, + nonce, nonce_length, additional_data, + additional_data_length, + plaintext, ciphertext, + tag, sizeof( tag ) ); if( ret != 0 ) { mbedtls_ccm_free( &ccm ); @@ -1594,7 +1596,7 @@ psa_status_t psa_aead_decrypt( psa_key_slot_t key, mbedtls_cipher_id_t cipher_id; if( plaintext_size < ciphertext_length ) - return( PSA_ERROR_INVALID_ARGUMENT ); + return( PSA_ERROR_INVALID_ARGUMENT ); status = psa_get_key_information( key, &key_type, &key_bits ); if( status != PSA_SUCCESS ) @@ -1613,7 +1615,7 @@ psa_status_t psa_aead_decrypt( psa_key_slot_t key, //TODO: check key policy if ( !( ( key_type & PSA_KEY_TYPE_CATEGORY_MASK ) == PSA_KEY_TYPE_CATEGORY_CIPHER - && PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) == 16 ) ) + && PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) == 16 ) ) return( PSA_ERROR_INVALID_ARGUMENT ); if( alg == PSA_ALG_GCM ) @@ -1621,7 +1623,7 @@ psa_status_t psa_aead_decrypt( psa_key_slot_t key, mbedtls_gcm_context gcm; mbedtls_gcm_init( &gcm ); - ret = mbedtls_gcm_setkey( &gcm, cipher_id, + ret = mbedtls_gcm_setkey( &gcm, cipher_id, slot->data.raw.data, key_bits ); if( ret != 0 ) { @@ -1629,9 +1631,10 @@ psa_status_t psa_aead_decrypt( psa_key_slot_t key, return( mbedtls_to_psa_error( ret ) ); } ret = mbedtls_gcm_crypt_and_tag( &gcm, MBEDTLS_GCM_DECRYPT, - ciphertext_length, nonce , nonce_length, - additional_data, additional_data_length, - ciphertext, plaintext, sizeof( tag ), tag ); + ciphertext_length, nonce, nonce_length, + additional_data, additional_data_length, + ciphertext, plaintext, + sizeof( tag ), tag ); if( ret != 0 ) { mbedtls_gcm_free( &gcm ); @@ -1644,22 +1647,22 @@ psa_status_t psa_aead_decrypt( psa_key_slot_t key, else if( alg == PSA_ALG_CCM ) { mbedtls_ccm_context ccm; - + if( nonce_length < 7 || nonce_length > 13 ) return( PSA_ERROR_INVALID_ARGUMENT ); mbedtls_ccm_init( &ccm ); - ret = mbedtls_ccm_setkey( &ccm, cipher_id, + ret = mbedtls_ccm_setkey( &ccm, cipher_id, slot->data.raw.data, key_bits ); if( ret != 0 ) { mbedtls_ccm_free( &ccm ); return( mbedtls_to_psa_error( ret ) ); } - ret = mbedtls_ccm_auth_decrypt( &ccm, ciphertext_length, - nonce , nonce_length, additional_data, - additional_data_length, ciphertext , - plaintext, tag, sizeof( tag ) ); + ret = mbedtls_ccm_auth_decrypt( &ccm, ciphertext_length, + nonce, nonce_length, additional_data, + additional_data_length, ciphertext, + plaintext, tag, sizeof( tag ) ); if( ret != 0 ) { mbedtls_ccm_free( &ccm ); @@ -1673,7 +1676,7 @@ psa_status_t psa_aead_decrypt( psa_key_slot_t key, { return( PSA_ERROR_INVALID_ARGUMENT ); } - + *plaintext_length = ciphertext_length; return( PSA_SUCCESS ); } From 1e7d8f1b09f26776c6734b16280ae7affbaad75d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 1 Jun 2018 16:29:38 +0200 Subject: [PATCH 25/59] Document AEAD functions Write documentation for psa_aead_encrypt and psa_aead_decrypt. Define macros PSA_AEAD_ENCRYPT_OUTPUT_SIZE and PSA_AEAD_DECRYPT_OUTPUT_SIZE (untested). --- include/psa/crypto.h | 82 +++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 78 insertions(+), 4 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index deeab4a64..af1ab37c4 100755 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -1073,11 +1073,39 @@ psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation); /** \defgroup aead Authenticated encryption with associated data (AEAD) * @{ */ -/** Process an integrated authenticated encryption operation. + +#define PSA_AEAD_ENCRYPT_OUTPUT_SIZE(alg, plaintext_length) \ + ((alg) == PSA_ALG_GCM ? (plaintext_length) + 16 : \ + (alg) == PSA_ALG_CCM ? (plaintext_length) + 16 : \ + 0) + +/** Process an authenticated encryption operation. * - * \param operation - * \param alg The AEAD algorithm to compute (\c PSA_ALG_XXX value - * such that #PSA_ALG_IS_AEAD(alg) is true). + * \param key Slot containing the key to use. + * \param alg The AEAD algorithm to compute + * (\c PSA_ALG_XXX value such that + * #PSA_ALG_IS_AEAD(alg) is true). + * \param nonce Nonce or IV to use. + * \param nonce_length Size of the \p nonce buffer in bytes. + * \param additional_data Additional data that will be authenticated + * but not encrypted. + * \param additional_data_length Size of \p additional_data in bytes. + * \param plaintext Data that will be authenticated and + * encrypted. + * \param plaintext_length Size of \p plaintext in bytes. + * \param ciphertext Output buffer for the authenticated and + * encrypted data. The additional data is not + * part of this output. For algorithms where the + * encrypted data and the authentication tag + * are defined as separate outputs, the + * authentication tag is appended to the + * encrypted data. + * \param ciphertext_size Size of the \p ciphertext buffer in bytes. + * This must be at least + * #PSA_AEAD_ENCRYPT_OUTPUT_SIZE(\p alg, + * \p plaintext_length). + * \param ciphertext_length On success, the size of the output + * in the \b ciphertext buffer. * * \retval PSA_SUCCESS * Success. @@ -1104,6 +1132,52 @@ psa_status_t psa_aead_encrypt( psa_key_slot_t key, size_t ciphertext_size, size_t *ciphertext_length ); +#define PSA_AEAD_DECRYPT_OUTPUT_SIZE(alg, ciphertext_length) \ + ((alg) == PSA_ALG_GCM ? (ciphertext_length) - 16 : \ + (alg) == PSA_ALG_CCM ? (ciphertext_length) - 16 : \ + 0) + +/** Process an authenticated decryption operation. + * + * \param key Slot containing the key to use. + * \param alg The AEAD algorithm to compute + * (\c PSA_ALG_XXX value such that + * #PSA_ALG_IS_AEAD(alg) is true). + * \param nonce Nonce or IV to use. + * \param nonce_length Size of the \p nonce buffer in bytes. + * \param additional_data Additional data that has been authenticated + * but not encrypted. + * \param additional_data_length Size of \p additional_data in bytes. + * \param ciphertext Data that has been authenticated and + * encrypted. For algorithms where the + * encrypted data and the authentication tag + * are defined as separate inputs, the buffer + * must contain the encrypted data followed + * by the authentication tag. + * \param ciphertext_length Size of \p ciphertext in bytes. + * \param plaintext Output buffer for the decrypted data. + * \param plaintext_size Size of the \p plaintext buffer in bytes. + * This must be at least + * #PSA_AEAD_DECRYPT_OUTPUT_SIZE(\p alg, + * \p ciphertext_length). + * \param plaintext_length On success, the size of the output + * in the \b plainrtext buffer. + * + * \retval PSA_SUCCESS + * Success. + * \retval PSA_ERROR_EMPTY_SLOT + * \retval PSA_ERROR_INVALID_SIGNATURE + * The ciphertext is not authentic. + * \retval PSA_ERROR_NOT_PERMITTED + * \retval PSA_ERROR_INVALID_ARGUMENT + * \c key is not compatible with \c alg. + * \retval PSA_ERROR_NOT_SUPPORTED + * \c alg is not supported or is not an AEAD algorithm. + * \retval PSA_ERROR_INSUFFICIENT_MEMORY + * \retval PSA_ERROR_COMMUNICATION_FAILURE + * \retval PSA_ERROR_HARDWARE_FAILURE + * \retval PSA_ERROR_TAMPERING_DETECTED + */ psa_status_t psa_aead_decrypt( psa_key_slot_t key, psa_algorithm_t alg, const uint8_t *nonce, From 36a74b71a0c4b5514e0b066d4d461fc0d20b768c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 1 Jun 2018 16:30:32 +0200 Subject: [PATCH 26/59] Fix Doxygen comments to pass clang -Wdocumentation --- include/psa/crypto.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index af1ab37c4..d916cffb9 100755 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -711,7 +711,7 @@ typedef struct psa_hash_operation_s psa_hash_operation_t; * - A failed call to psa_hash_update(). * - A call to psa_hash_finish(), psa_hash_verify() or psa_hash_abort(). * - * \param operation + * \param operation The operation object to use. * \param alg The hash algorithm to compute (\c PSA_ALG_XXX value * such that #PSA_ALG_IS_HASH(alg) is true). * @@ -904,7 +904,7 @@ typedef struct psa_mac_operation_s psa_mac_operation_t; * - A failed call to psa_mac_update(). * - A call to psa_mac_finish(), psa_mac_verify() or psa_mac_abort(). * - * \param operation + * \param operation The operation object to use. * \param alg The MAC algorithm to compute (\c PSA_ALG_XXX value * such that #PSA_ALG_IS_MAC(alg) is true). * @@ -980,7 +980,7 @@ typedef struct psa_cipher_operation_s psa_cipher_operation_t; * or psa_cipher_update(). * - A call to psa_cipher_finish() or psa_cipher_abort(). * - * \param operation + * \param operation The operation object to use. * \param alg The cipher algorithm to compute (\c PSA_ALG_XXX value * such that #PSA_ALG_IS_CIPHER(alg) is true). * @@ -1027,7 +1027,7 @@ psa_status_t psa_encrypt_setup(psa_cipher_operation_t *operation, * - A failed call to psa_cipher_update(). * - A call to psa_cipher_finish() or psa_cipher_abort(). * - * \param operation + * \param operation The operation object to use. * \param alg The cipher algorithm to compute (\c PSA_ALG_XXX value * such that #PSA_ALG_IS_CIPHER(alg) is true). * From ee652a344cc4f19b2e557766f3e11265dbbc38a4 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 1 Jun 2018 19:23:52 +0200 Subject: [PATCH 27/59] Fix psa_aead_decrypt to read the tag at the end of the ciphertext --- library/psa_crypto.c | 86 ++++++++++++++------- tests/suites/test_suite_psa_crypto.function | 2 +- 2 files changed, 60 insertions(+), 28 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index ba43e1968..b5208f0d0 100755 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1544,6 +1544,14 @@ psa_status_t psa_aead_encrypt( psa_key_slot_t key, if( nonce_length < 7 || nonce_length > 13 ) return( PSA_ERROR_INVALID_ARGUMENT ); + tag_length = 16; + status = psa_aead_unpadded_locate_tag( tag_length, + ciphertext, ciphertext_length, + plaintext_size, plaintext_length, + &tag ); + if( status != PSA_SUCCESS ) + return( status ); + mbedtls_ccm_init( &ccm ); ret = mbedtls_ccm_setkey( &ccm, cipher_id, slot->data.raw.data, key_bits ); @@ -1575,6 +1583,29 @@ psa_status_t psa_aead_encrypt( psa_key_slot_t key, return( PSA_SUCCESS ); } +/* Locate the tag in a ciphertext buffer containing the encrypted data + * followed by the tag. Return the length of the part preceding the tag in + * *plaintext_length. This is the size of the plaintext in modes where + * the encrypted data has the same size as the plaintext, such as + * CCM and GCM. */ +static psa_status_t psa_aead_unpadded_locate_tag( size_t tag_length, + const uint8_t *ciphertext, + size_t ciphertext_length, + size_t plaintext_size, + size_t *plaintext_length, + const uint8_t **p_tag ) +{ + size_t payload_length; + if( tag_length > ciphertext_length ) + return( PSA_ERROR_INVALID_ARGUMENT ); + payload_length = ciphertext_length - tag_length; + if( payload_length > plaintext_size ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + *p_tag = ciphertext + payload_length; + *plaintext_length = payload_length; + return( PSA_SUCCESS ); +} + psa_status_t psa_aead_decrypt( psa_key_slot_t key, psa_algorithm_t alg, const uint8_t *nonce, @@ -1592,11 +1623,11 @@ psa_status_t psa_aead_decrypt( psa_key_slot_t key, key_slot_t *slot; psa_key_type_t key_type; size_t key_bits; - unsigned char tag[16]; + const uint8_t *tag; + size_t tag_length; mbedtls_cipher_id_t cipher_id; - if( plaintext_size < ciphertext_length ) - return( PSA_ERROR_INVALID_ARGUMENT ); + *plaintext_length = 0; status = psa_get_key_information( key, &key_type, &key_bits ); if( status != PSA_SUCCESS ) @@ -1622,6 +1653,14 @@ psa_status_t psa_aead_decrypt( psa_key_slot_t key, { mbedtls_gcm_context gcm; + tag_length = 16; + status = psa_aead_unpadded_locate_tag( tag_length, + ciphertext, ciphertext_length, + plaintext_size, plaintext_length, + &tag ); + if( status != PSA_SUCCESS ) + return( status ); + mbedtls_gcm_init( &gcm ); ret = mbedtls_gcm_setkey( &gcm, cipher_id, slot->data.raw.data, key_bits ); @@ -1630,18 +1669,13 @@ psa_status_t psa_aead_decrypt( psa_key_slot_t key, mbedtls_gcm_free( &gcm ); return( mbedtls_to_psa_error( ret ) ); } - ret = mbedtls_gcm_crypt_and_tag( &gcm, MBEDTLS_GCM_DECRYPT, - ciphertext_length, nonce, nonce_length, - additional_data, additional_data_length, - ciphertext, plaintext, - sizeof( tag ), tag ); - if( ret != 0 ) - { - mbedtls_gcm_free( &gcm ); - mbedtls_zeroize( plaintext, ciphertext_length ); - return( mbedtls_to_psa_error( ret ) ); - } + ret = mbedtls_gcm_auth_decrypt( &gcm, + *plaintext_length, + nonce, nonce_length, + additional_data, additional_data_length, + tag, tag_length, + ciphertext, plaintext ); mbedtls_gcm_free( &gcm ); } else if( alg == PSA_ALG_CCM ) @@ -1659,17 +1693,11 @@ psa_status_t psa_aead_decrypt( psa_key_slot_t key, mbedtls_ccm_free( &ccm ); return( mbedtls_to_psa_error( ret ) ); } - ret = mbedtls_ccm_auth_decrypt( &ccm, ciphertext_length, - nonce, nonce_length, additional_data, - additional_data_length, ciphertext, - plaintext, tag, sizeof( tag ) ); - if( ret != 0 ) - { - mbedtls_ccm_free( &ccm ); - mbedtls_zeroize( plaintext, ciphertext_length ); - return( mbedtls_to_psa_error( ret ) ); - } - + ret = mbedtls_ccm_auth_decrypt( &ccm, *plaintext_length, + nonce, nonce_length, + additional_data, additional_data_length, + ciphertext, plaintext, + tag, tag_length ); mbedtls_ccm_free( &ccm ); } else @@ -1677,8 +1705,12 @@ psa_status_t psa_aead_decrypt( psa_key_slot_t key, return( PSA_ERROR_INVALID_ARGUMENT ); } - *plaintext_length = ciphertext_length; - return( PSA_SUCCESS ); + if( ret != 0 ) + { + mbedtls_zeroize( plaintext, *plaintext_length ); + *plaintext_length = 0; + } + return( mbedtls_to_psa_error( ret ) ); } diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 93bb9cc2a..e36719d31 100755 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -637,7 +637,7 @@ void aead_encrypt_decrypt( int key_type_arg, char * key_hex, TEST_ASSERT( psa_aead_decrypt( slot, alg, nonce, nonce_length, additional_data, additional_data_length, - output_data, output_length - tag_length, output_data2, + output_data, output_length, output_data2, output_length, &output_length2 ) == expected_result ); From 9375f8403a2ad8e082b6356dfa0cc65945ee3da2 Mon Sep 17 00:00:00 2001 From: mohammad1603 Date: Sun, 3 Jun 2018 14:28:24 +0300 Subject: [PATCH 28/59] fix code offsets after rebase --- library/psa_crypto.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index b5208f0d0..e64b69116 100755 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1544,14 +1544,6 @@ psa_status_t psa_aead_encrypt( psa_key_slot_t key, if( nonce_length < 7 || nonce_length > 13 ) return( PSA_ERROR_INVALID_ARGUMENT ); - tag_length = 16; - status = psa_aead_unpadded_locate_tag( tag_length, - ciphertext, ciphertext_length, - plaintext_size, plaintext_length, - &tag ); - if( status != PSA_SUCCESS ) - return( status ); - mbedtls_ccm_init( &ccm ); ret = mbedtls_ccm_setkey( &ccm, cipher_id, slot->data.raw.data, key_bits ); @@ -1685,6 +1677,14 @@ psa_status_t psa_aead_decrypt( psa_key_slot_t key, if( nonce_length < 7 || nonce_length > 13 ) return( PSA_ERROR_INVALID_ARGUMENT ); + tag_length = 16; + status = psa_aead_unpadded_locate_tag( tag_length, + ciphertext, ciphertext_length, + plaintext_size, plaintext_length, + &tag ); + if( status != PSA_SUCCESS ) + return( status ); + mbedtls_ccm_init( &ccm ); ret = mbedtls_ccm_setkey( &ccm, cipher_id, slot->data.raw.data, key_bits ); From 22898ba0bda0c016d35eab037700fe661a4e302f Mon Sep 17 00:00:00 2001 From: mohammad1603 Date: Sun, 3 Jun 2018 15:03:52 +0300 Subject: [PATCH 29/59] remove duplicated definition --- include/psa/crypto.h | 1 - 1 file changed, 1 deletion(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index d916cffb9..fc26e51fd 100755 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -143,7 +143,6 @@ typedef uint32_t psa_key_type_t; #define PSA_KEY_TYPE_CATEGORY_MASK ((psa_key_type_t)0x7e000000) #define PSA_KEY_TYPE_RAW_DATA ((psa_key_type_t)0x02000000) #define PSA_KEY_TYPE_CATEGORY_SYMMETRIC ((psa_key_type_t)0x04000000) -#define PSA_KEY_TYPE_CATEGORY_CIPHER ((psa_key_type_t)0x04000000) #define PSA_KEY_TYPE_CATEGORY_ASYMMETRIC ((psa_key_type_t)0x06000000) #define PSA_KEY_TYPE_PAIR_FLAG ((psa_key_type_t)0x01000000) From f4f0d612ba80e44cb5e6491b932b9d29d15c8b07 Mon Sep 17 00:00:00 2001 From: mohammad1603 Date: Sun, 3 Jun 2018 15:04:51 +0300 Subject: [PATCH 30/59] change mbedtls_cipher_info_from_psa to provide cipher_id also --- library/psa_crypto.c | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index e64b69116..6c431586e 100755 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -888,10 +888,11 @@ psa_status_t psa_hash_verify(psa_hash_operation_t *operation, static const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa( psa_algorithm_t alg, psa_key_type_t key_type, - size_t key_bits ) + size_t key_bits, + mbedtls_cipher_id_t* cipher_id ) { - mbedtls_cipher_id_t cipher_id; mbedtls_cipher_mode_t mode; + mbedtls_cipher_id_t cipher_id_tmp; if( PSA_ALG_IS_CIPHER( alg ) || PSA_ALG_IS_AEAD( alg ) ) { @@ -934,25 +935,27 @@ static const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa( switch( key_type ) { case PSA_KEY_TYPE_AES: - cipher_id = MBEDTLS_CIPHER_ID_AES; + cipher_id_tmp = MBEDTLS_CIPHER_ID_AES; break; case PSA_KEY_TYPE_DES: if( key_bits == 64 ) - cipher_id = MBEDTLS_CIPHER_ID_DES; + cipher_id_tmp = MBEDTLS_CIPHER_ID_DES; else - cipher_id = MBEDTLS_CIPHER_ID_3DES; + cipher_id_tmp = MBEDTLS_CIPHER_ID_3DES; break; case PSA_KEY_TYPE_CAMELLIA: - cipher_id = MBEDTLS_CIPHER_ID_CAMELLIA; + cipher_id_tmp = MBEDTLS_CIPHER_ID_CAMELLIA; break; case PSA_KEY_TYPE_ARC4: - cipher_id = MBEDTLS_CIPHER_ID_ARC4; + cipher_id_tmp = MBEDTLS_CIPHER_ID_ARC4; break; default: return( NULL ); } + if( cipher_id != NULL ) + *cipher_id == cipher_id_tmp; - return( mbedtls_cipher_info_from_values( cipher_id, key_bits, mode ) ); + return( mbedtls_cipher_info_from_values( cipher_id_tmp, key_bits, mode ) ); } psa_status_t psa_mac_abort( psa_mac_operation_t *operation ) @@ -1010,7 +1013,7 @@ psa_status_t psa_mac_start( psa_mac_operation_t *operation, if( ! PSA_ALG_IS_HMAC( alg ) ) { - cipher_info = mbedtls_cipher_info_from_psa( alg, key_type, key_bits ); + cipher_info = mbedtls_cipher_info_from_psa( alg, key_type, key_bits, NULL ); if( cipher_info == NULL ) return( PSA_ERROR_NOT_SUPPORTED ); operation->mac_size = cipher_info->block_size; From f08a550e688b444f53e9d254671a113c06c50e1d Mon Sep 17 00:00:00 2001 From: mohammad1603 Date: Sun, 3 Jun 2018 15:05:47 +0300 Subject: [PATCH 31/59] set output length to zero to cover output length in error case --- library/psa_crypto.c | 1 + 1 file changed, 1 insertion(+) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 6c431586e..1123a78c1 100755 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1491,6 +1491,7 @@ psa_status_t psa_aead_encrypt( psa_key_slot_t key, size_t key_bits; unsigned char tag[16]; mbedtls_cipher_id_t cipher_id; + *ciphertext_length = 0; if( ciphertext_size < ( plaintext_length + sizeof( tag ) ) ) return( PSA_ERROR_INVALID_ARGUMENT ); From 95893f834de554f7a5e04aba000cc799a74e2207 Mon Sep 17 00:00:00 2001 From: mohammad1603 Date: Sun, 3 Jun 2018 15:06:17 +0300 Subject: [PATCH 32/59] remove usless cast --- library/psa_crypto.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 1123a78c1..eadd42890 100755 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1521,7 +1521,7 @@ psa_status_t psa_aead_encrypt( psa_key_slot_t key, mbedtls_gcm_context gcm; mbedtls_gcm_init( &gcm ); ret = mbedtls_gcm_setkey( &gcm, cipher_id, - ( const unsigned char * )slot->data.raw.data, + slot->data.raw.data, key_bits ); if( ret != 0 ) { From 554faad2603d9b8c96dfd5ab4ae8348ca4a1ff3a Mon Sep 17 00:00:00 2001 From: mohammad1603 Date: Sun, 3 Jun 2018 15:07:38 +0300 Subject: [PATCH 33/59] return NOT_SUPPORTED instead of INVLID_ARGUMENT --- library/psa_crypto.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index eadd42890..699b8f301 100755 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1572,7 +1572,7 @@ psa_status_t psa_aead_encrypt( psa_key_slot_t key, } else { - return( PSA_ERROR_INVALID_ARGUMENT ); + return( PSA_ERROR_NOT_SUPPORTED ); } memcpy( ciphertext + plaintext_length, tag, sizeof( tag ) ); *ciphertext_length = plaintext_length + sizeof( tag ); @@ -1706,7 +1706,7 @@ psa_status_t psa_aead_decrypt( psa_key_slot_t key, } else { - return( PSA_ERROR_INVALID_ARGUMENT ); + return( PSA_ERROR_NOT_SUPPORTED ); } if( ret != 0 ) From f58aa6ade6ea13983fafbebbd780159a2c60d2f6 Mon Sep 17 00:00:00 2001 From: mohammad1603 Date: Sun, 3 Jun 2018 15:08:32 +0300 Subject: [PATCH 34/59] use memset instead of mbedtils_zeroize --- library/psa_crypto.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 699b8f301..ddeb36d59 100755 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1564,7 +1564,7 @@ psa_status_t psa_aead_encrypt( psa_key_slot_t key, if( ret != 0 ) { mbedtls_ccm_free( &ccm ); - mbedtls_zeroize( ciphertext, plaintext_length ); + memset( ciphertext, 0, plaintext_length ); return( mbedtls_to_psa_error( ret ) ); } @@ -1711,7 +1711,7 @@ psa_status_t psa_aead_decrypt( psa_key_slot_t key, if( ret != 0 ) { - mbedtls_zeroize( plaintext, *plaintext_length ); + memset( plaintext, 0, *plaintext_length ); *plaintext_length = 0; } return( mbedtls_to_psa_error( ret ) ); From 0f21465175662498cf3f84a92a08f8fd65d36fc7 Mon Sep 17 00:00:00 2001 From: mohammad1603 Date: Sun, 3 Jun 2018 15:10:06 +0300 Subject: [PATCH 35/59] use mbedtls_cipher_info_from_psa to get cipher ID --- library/psa_crypto.c | 28 ++++++++++------------------ 1 file changed, 10 insertions(+), 18 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index ddeb36d59..317417d69 100755 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1491,6 +1491,8 @@ psa_status_t psa_aead_encrypt( psa_key_slot_t key, size_t key_bits; unsigned char tag[16]; mbedtls_cipher_id_t cipher_id; + const mbedtls_cipher_info_t *cipher_info = NULL; + *ciphertext_length = 0; if( ciphertext_size < ( plaintext_length + sizeof( tag ) ) ) @@ -1501,14 +1503,9 @@ psa_status_t psa_aead_encrypt( psa_key_slot_t key, return( status ); slot = &global_data.key_slots[key]; - if ( key_type == PSA_KEY_TYPE_AES ) - { - cipher_id = MBEDTLS_CIPHER_ID_AES; - } - else - { - return( PSA_ERROR_INVALID_ARGUMENT ); - } + cipher_info = mbedtls_cipher_info_from_psa( alg, key_type, key_bits, &cipher_id ); + if( cipher_info == NULL ) + return( PSA_ERROR_NOT_SUPPORTED ); //TODO: check key policy @@ -1622,7 +1619,8 @@ psa_status_t psa_aead_decrypt( psa_key_slot_t key, const uint8_t *tag; size_t tag_length; mbedtls_cipher_id_t cipher_id; - + const mbedtls_cipher_info_t *cipher_info = NULL; + *plaintext_length = 0; status = psa_get_key_information( key, &key_type, &key_bits ); @@ -1630,15 +1628,9 @@ psa_status_t psa_aead_decrypt( psa_key_slot_t key, return( status ); slot = &global_data.key_slots[key]; - if ( key_type == PSA_KEY_TYPE_AES ) - { - cipher_id = MBEDTLS_CIPHER_ID_AES; - } - else - { - return( PSA_ERROR_INVALID_ARGUMENT ); - } - + cipher_info = mbedtls_cipher_info_from_psa( alg, key_type, key_bits, &cipher_id ); + if( cipher_info == NULL ) + return( PSA_ERROR_NOT_SUPPORTED ); //TODO: check key policy if ( !( ( key_type & PSA_KEY_TYPE_CATEGORY_MASK ) == PSA_KEY_TYPE_CATEGORY_CIPHER From 4fc744f8af1fef75f8d005584275dc3a6e209090 Mon Sep 17 00:00:00 2001 From: mohammad1603 Date: Sun, 3 Jun 2018 15:10:47 +0300 Subject: [PATCH 36/59] change the check of block size for all supported algorithms --- library/psa_crypto.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 317417d69..905b9a80f 100755 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1509,8 +1509,8 @@ psa_status_t psa_aead_encrypt( psa_key_slot_t key, //TODO: check key policy - if ( !( ( key_type & PSA_KEY_TYPE_CATEGORY_MASK ) == PSA_KEY_TYPE_CATEGORY_CIPHER - && PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) == 16 ) ) + if ( !( ( key_type & PSA_KEY_TYPE_CATEGORY_MASK ) == PSA_KEY_TYPE_CATEGORY_SYMMETRIC + && PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) == cipher_info->block_size ) ) return( PSA_ERROR_INVALID_ARGUMENT ); if( alg == PSA_ALG_GCM ) @@ -1633,8 +1633,8 @@ psa_status_t psa_aead_decrypt( psa_key_slot_t key, return( PSA_ERROR_NOT_SUPPORTED ); //TODO: check key policy - if ( !( ( key_type & PSA_KEY_TYPE_CATEGORY_MASK ) == PSA_KEY_TYPE_CATEGORY_CIPHER - && PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) == 16 ) ) + if ( !( ( key_type & PSA_KEY_TYPE_CATEGORY_MASK ) == PSA_KEY_TYPE_CATEGORY_SYMMETRIC + && PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) == cipher_info->block_size ) ) return( PSA_ERROR_INVALID_ARGUMENT ); if( alg == PSA_ALG_GCM ) From 15223a8b899903d6a92a9af7dda35cb15ab13ecd Mon Sep 17 00:00:00 2001 From: mohammad1603 Date: Sun, 3 Jun 2018 17:19:55 +0300 Subject: [PATCH 37/59] write the tag directly on the ciphertext buffer. --- library/psa_crypto.c | 54 ++++++++++++++++++++++++++------------------ 1 file changed, 32 insertions(+), 22 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 905b9a80f..8cf0df4ee 100755 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1489,15 +1489,13 @@ psa_status_t psa_aead_encrypt( psa_key_slot_t key, key_slot_t *slot; psa_key_type_t key_type; size_t key_bits; - unsigned char tag[16]; + uint8_t *tag; + size_t tag_length; mbedtls_cipher_id_t cipher_id; const mbedtls_cipher_info_t *cipher_info = NULL; *ciphertext_length = 0; - if( ciphertext_size < ( plaintext_length + sizeof( tag ) ) ) - return( PSA_ERROR_INVALID_ARGUMENT ); - status = psa_get_key_information( key, &key_type, &key_bits ); if( status != PSA_SUCCESS ) return( status ); @@ -1516,6 +1514,15 @@ psa_status_t psa_aead_encrypt( psa_key_slot_t key, if( alg == PSA_ALG_GCM ) { mbedtls_gcm_context gcm; + tag_length = 16; + + //make sure we have place to hold the tag in the ciphertext buffer + if( ciphertext_size < ( plaintext_length + tag_length ) ) + return( PSA_ERROR_INVALID_ARGUMENT ); + + //update the tag pointer to point to the end of the ciphertext_length + tag = ciphertext + plaintext_length; + mbedtls_gcm_init( &gcm ); ret = mbedtls_gcm_setkey( &gcm, cipher_id, slot->data.raw.data, @@ -1529,22 +1536,26 @@ psa_status_t psa_aead_encrypt( psa_key_slot_t key, plaintext_length, nonce, nonce_length, additional_data, additional_data_length, plaintext, - ciphertext, sizeof( tag ), tag ); - if( ret != 0 ) - { - mbedtls_gcm_free( &gcm ); - mbedtls_zeroize( ciphertext, plaintext_length ); - return( mbedtls_to_psa_error( ret ) ); - } - + ciphertext, tag_length, tag ); mbedtls_gcm_free( &gcm ); } else if( alg == PSA_ALG_CCM ) { mbedtls_ccm_context ccm; + tag_length = 16; + if( nonce_length < 7 || nonce_length > 13 ) return( PSA_ERROR_INVALID_ARGUMENT ); + //make sure we have place to hold the tag in the ciphertext buffer + if( ciphertext_size < ( plaintext_length + tag_length ) ) + return( PSA_ERROR_INVALID_ARGUMENT ); + + //update the tag pointer to point to the end of the ciphertext_length + tag = ciphertext + plaintext_length; + + + mbedtls_ccm_init( &ccm ); ret = mbedtls_ccm_setkey( &ccm, cipher_id, slot->data.raw.data, key_bits ); @@ -1557,22 +1568,21 @@ psa_status_t psa_aead_encrypt( psa_key_slot_t key, nonce, nonce_length, additional_data, additional_data_length, plaintext, ciphertext, - tag, sizeof( tag ) ); - if( ret != 0 ) - { - mbedtls_ccm_free( &ccm ); - memset( ciphertext, 0, plaintext_length ); - return( mbedtls_to_psa_error( ret ) ); - } - + tag, tag_length ); mbedtls_ccm_free( &ccm ); } else { return( PSA_ERROR_NOT_SUPPORTED ); } - memcpy( ciphertext + plaintext_length, tag, sizeof( tag ) ); - *ciphertext_length = plaintext_length + sizeof( tag ); + + if( ret != 0 ) + { + memset( ciphertext, 0, ciphertext_size ); + return( mbedtls_to_psa_error( ret ) ); + } + + *ciphertext_length = plaintext_length + tag_length; return( PSA_SUCCESS ); } From 60a64d079a0f3b15e13dbe99a7eac3db559acd07 Mon Sep 17 00:00:00 2001 From: mohammad1603 Date: Sun, 3 Jun 2018 17:20:42 +0300 Subject: [PATCH 38/59] remove unnecessary argument to the psa_aead_unpadded_locate_tag function --- library/psa_crypto.c | 22 +++++++++------------- 1 file changed, 9 insertions(+), 13 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 8cf0df4ee..c5001f909 100755 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -953,7 +953,7 @@ static const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa( return( NULL ); } if( cipher_id != NULL ) - *cipher_id == cipher_id_tmp; + *cipher_id = cipher_id_tmp; return( mbedtls_cipher_info_from_values( cipher_id_tmp, key_bits, mode ) ); } @@ -1595,7 +1595,6 @@ static psa_status_t psa_aead_unpadded_locate_tag( size_t tag_length, const uint8_t *ciphertext, size_t ciphertext_length, size_t plaintext_size, - size_t *plaintext_length, const uint8_t **p_tag ) { size_t payload_length; @@ -1605,7 +1604,6 @@ static psa_status_t psa_aead_unpadded_locate_tag( size_t tag_length, if( payload_length > plaintext_size ) return( PSA_ERROR_BUFFER_TOO_SMALL ); *p_tag = ciphertext + payload_length; - *plaintext_length = payload_length; return( PSA_SUCCESS ); } @@ -1654,8 +1652,7 @@ psa_status_t psa_aead_decrypt( psa_key_slot_t key, tag_length = 16; status = psa_aead_unpadded_locate_tag( tag_length, ciphertext, ciphertext_length, - plaintext_size, plaintext_length, - &tag ); + plaintext_size, &tag ); if( status != PSA_SUCCESS ) return( status ); @@ -1669,7 +1666,7 @@ psa_status_t psa_aead_decrypt( psa_key_slot_t key, } ret = mbedtls_gcm_auth_decrypt( &gcm, - *plaintext_length, + ciphertext_length - tag_length, nonce, nonce_length, additional_data, additional_data_length, tag, tag_length, @@ -1686,8 +1683,7 @@ psa_status_t psa_aead_decrypt( psa_key_slot_t key, tag_length = 16; status = psa_aead_unpadded_locate_tag( tag_length, ciphertext, ciphertext_length, - plaintext_size, plaintext_length, - &tag ); + plaintext_size, &tag ); if( status != PSA_SUCCESS ) return( status ); @@ -1699,7 +1695,7 @@ psa_status_t psa_aead_decrypt( psa_key_slot_t key, mbedtls_ccm_free( &ccm ); return( mbedtls_to_psa_error( ret ) ); } - ret = mbedtls_ccm_auth_decrypt( &ccm, *plaintext_length, + ret = mbedtls_ccm_auth_decrypt( &ccm, ciphertext_length - tag_length, nonce, nonce_length, additional_data, additional_data_length, ciphertext, plaintext, @@ -1712,10 +1708,10 @@ psa_status_t psa_aead_decrypt( psa_key_slot_t key, } if( ret != 0 ) - { - memset( plaintext, 0, *plaintext_length ); - *plaintext_length = 0; - } + memset( plaintext, 0, plaintext_size ); + else + *plaintext_length = ciphertext_length - tag_length; + return( mbedtls_to_psa_error( ret ) ); } From 4b26850a1575375c22494db1057cdc4d8951f203 Mon Sep 17 00:00:00 2001 From: mohammad1603 Date: Sun, 3 Jun 2018 19:01:25 +0300 Subject: [PATCH 39/59] fix tests according to the code changes in error value --- tests/suites/test_suite_psa_crypto.data | 4 ++-- tests/suites/test_suite_psa_crypto.function | 3 +-- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 05d579a38..4d67714ef 100755 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -134,7 +134,7 @@ PSA AEAD Encrypt-Decrypt, AES GCM scenario 2 aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_GCM:"B96B49E21D621741632875DB7F6C9243D2D7C2":"EC46BB63B02520C33C49FD70":PSA_SUCCESS PSA AEAD Encrypt-Decrypt, Fail Scenario - Invalid key type -aead_encrypt_decrypt:PSA_KEY_TYPE_DES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CCM:"B96B49E21D621741632875DB7F6C9243D2D7C2":"EC46BB63B02520C33C49FD70":PSA_ERROR_INVALID_ARGUMENT +aead_encrypt_decrypt:PSA_KEY_TYPE_DES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CCM:"B96B49E21D621741632875DB7F6C9243D2D7C2":"EC46BB63B02520C33C49FD70":PSA_ERROR_NOT_SUPPORTED PSA AEAD Encrypt-Decrypt, Fail Scenario - Invalid algorithm -aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CTR:"B96B49E21D621741632875DB7F6C9243D2D7C2":"EC46BB63B02520C33C49FD70":PSA_ERROR_INVALID_ARGUMENT +aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CTR:"B96B49E21D621741632875DB7F6C9243D2D7C2":"EC46BB63B02520C33C49FD70":PSA_ERROR_NOT_SUPPORTED diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index e36719d31..10687cdbf 100755 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -577,8 +577,7 @@ exit: /* BEGIN_CASE */ void aead_encrypt_decrypt( int key_type_arg, char * key_hex, int alg_arg, char * input_hex, - char * add_data - , int expected_result_arg ) + char * add_data, int expected_result_arg ) { int slot = 1; psa_key_type_t key_type = key_type_arg; From f2525ebda769dcb2fe1cefd46177fb042c3946ee Mon Sep 17 00:00:00 2001 From: mohammad1603 Date: Sun, 3 Jun 2018 19:13:34 +0300 Subject: [PATCH 40/59] add encryption only test case --- tests/suites/test_suite_psa_crypto.data | 3 + tests/suites/test_suite_psa_crypto.function | 67 +++++++++++++++++++++ 2 files changed, 70 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 4d67714ef..ac9feefcc 100755 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -138,3 +138,6 @@ aead_encrypt_decrypt:PSA_KEY_TYPE_DES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG PSA AEAD Encrypt-Decrypt, Fail Scenario - Invalid algorithm aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CTR:"B96B49E21D621741632875DB7F6C9243D2D7C2":"EC46BB63B02520C33C49FD70":PSA_ERROR_NOT_SUPPORTED + +PSA AEAD Encrypt, AES CCM +aead_encrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CCM:"08E8CF97D820EA258460E96AD9CF5289054D895CEAC47C":"0BE1A88BACE018B1":"00412B4EA9CDBE3C9696766CFA":"4CB97F86A2A4689A877947AB8091EF5386A6FFBDD080F8E78CF7CB0CDDD7B3" diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 10687cdbf..a582b56c3 100755 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -655,3 +655,70 @@ exit: mbedtls_psa_crypto_free( ); } /* END_CASE */ + +/* BEGIN_CASE */ +void aead_encrypt( int key_type_arg, char * key_hex, + int alg_arg, char * input_hex, + char * add_data, char * nonce_hex, + char * expected_result_hex ) +{ + int slot = 1; + psa_key_type_t key_type = key_type_arg; + psa_algorithm_t alg = alg_arg; + unsigned char *key_data = NULL; + size_t key_size; + unsigned char *input_data = NULL; + size_t input_size; + unsigned char *output_data = NULL; + size_t output_size = 0; + size_t output_length = 0; + unsigned char *expected_result = NULL; + size_t expected_result_length = 0; + uint8_t* nonce = NULL; + size_t nonce_length = 0; + size_t tag_length = 16; + unsigned char *additional_data = NULL; + size_t additional_data_length = 0; + + + key_data = unhexify_alloc( key_hex, &key_size ); + TEST_ASSERT( key_data != NULL ); + input_data = unhexify_alloc( input_hex, &input_size ); + TEST_ASSERT( input_data != NULL ); + additional_data = unhexify_alloc( add_data, &additional_data_length ); + TEST_ASSERT( input_data != NULL ); + output_size = input_size + tag_length; + output_data = mbedtls_calloc( 1, output_size ); + TEST_ASSERT( output_data != NULL ); + nonce = unhexify_alloc( nonce_hex, &nonce_length ); + TEST_ASSERT( nonce != NULL ); + expected_result = unhexify_alloc( expected_result_hex, &expected_result_length ); + TEST_ASSERT( expected_result != NULL ); + + TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS ); + + TEST_ASSERT( psa_import_key( slot, key_type, + key_data, key_size ) == PSA_SUCCESS ); + + TEST_ASSERT( psa_aead_encrypt( slot, alg, + nonce, nonce_length, + additional_data, additional_data_length, + input_data, input_size, output_data, + output_size, &output_length ) == PSA_SUCCESS ); + + + TEST_ASSERT( memcmp( output_data, expected_result, + output_length ) == 0 ); + + +exit: + psa_destroy_key( slot ); + mbedtls_free( key_data ); + mbedtls_free( input_data ); + mbedtls_free( additional_data ); + mbedtls_free( output_data ); + mbedtls_free( nonce ); + mbedtls_free( expected_result ); + mbedtls_psa_crypto_free( ); +} +/* END_CASE */ From 0317945a375abdbfc3a3a4fe0795002be551adb7 Mon Sep 17 00:00:00 2001 From: mohammad1603 Date: Mon, 4 Jun 2018 12:06:29 +0300 Subject: [PATCH 41/59] disable uncompleted tests --- tests/suites/test_suite_psa_crypto.data | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index ac9feefcc..494ebd504 100755 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -139,5 +139,5 @@ aead_encrypt_decrypt:PSA_KEY_TYPE_DES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG PSA AEAD Encrypt-Decrypt, Fail Scenario - Invalid algorithm aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CTR:"B96B49E21D621741632875DB7F6C9243D2D7C2":"EC46BB63B02520C33C49FD70":PSA_ERROR_NOT_SUPPORTED -PSA AEAD Encrypt, AES CCM -aead_encrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CCM:"08E8CF97D820EA258460E96AD9CF5289054D895CEAC47C":"0BE1A88BACE018B1":"00412B4EA9CDBE3C9696766CFA":"4CB97F86A2A4689A877947AB8091EF5386A6FFBDD080F8E78CF7CB0CDDD7B3" +#PSA AEAD Encrypt, AES CCM +#aead_encrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CCM:"08E8CF97D820EA258460E96AD9CF5289054D895CEAC47C":"0BE1A88BACE018B1":"00412B4EA9CDBE3C9696766CFA":"4CB97F86A2A4689A877947AB8091EF5386A6FFBDD080F8E78CF7CB0CDDD7B3" From 96910d807ed73db0c5a06b5d17c07acd4c0120fd Mon Sep 17 00:00:00 2001 From: mohammad1603 Date: Mon, 4 Jun 2018 14:33:00 +0300 Subject: [PATCH 42/59] fix block size depending on algorithm --- library/psa_crypto.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index c5001f909..df0201b1d 100755 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1507,8 +1507,7 @@ psa_status_t psa_aead_encrypt( psa_key_slot_t key, //TODO: check key policy - if ( !( ( key_type & PSA_KEY_TYPE_CATEGORY_MASK ) == PSA_KEY_TYPE_CATEGORY_SYMMETRIC - && PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) == cipher_info->block_size ) ) + if ( ( key_type & PSA_KEY_TYPE_CATEGORY_MASK ) != PSA_KEY_TYPE_CATEGORY_SYMMETRIC ) return( PSA_ERROR_INVALID_ARGUMENT ); if( alg == PSA_ALG_GCM ) @@ -1516,6 +1515,9 @@ psa_status_t psa_aead_encrypt( psa_key_slot_t key, mbedtls_gcm_context gcm; tag_length = 16; + if( PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) != 16 ) + return( PSA_ERROR_INVALID_ARGUMENT ); + //make sure we have place to hold the tag in the ciphertext buffer if( ciphertext_size < ( plaintext_length + tag_length ) ) return( PSA_ERROR_INVALID_ARGUMENT ); @@ -1544,6 +1546,9 @@ psa_status_t psa_aead_encrypt( psa_key_slot_t key, mbedtls_ccm_context ccm; tag_length = 16; + if( PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) != 16 ) + return( PSA_ERROR_INVALID_ARGUMENT ); + if( nonce_length < 7 || nonce_length > 13 ) return( PSA_ERROR_INVALID_ARGUMENT ); From f14394b25f19a7c3ad9e4809778ee36487f23e50 Mon Sep 17 00:00:00 2001 From: mohammad1603 Date: Mon, 4 Jun 2018 14:33:19 +0300 Subject: [PATCH 43/59] add policy checks --- library/psa_crypto.c | 7 +++++-- tests/suites/test_suite_psa_crypto.function | 14 ++++++++++++++ 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index df0201b1d..8207a9bc1 100755 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1505,7 +1505,8 @@ psa_status_t psa_aead_encrypt( psa_key_slot_t key, if( cipher_info == NULL ) return( PSA_ERROR_NOT_SUPPORTED ); - //TODO: check key policy + if( !( slot->policy.usage & PSA_KEY_USAGE_ENCRYPT ) ) + return( PSA_ERROR_NOT_PERMITTED ); if ( ( key_type & PSA_KEY_TYPE_CATEGORY_MASK ) != PSA_KEY_TYPE_CATEGORY_SYMMETRIC ) return( PSA_ERROR_INVALID_ARGUMENT ); @@ -1644,7 +1645,9 @@ psa_status_t psa_aead_decrypt( psa_key_slot_t key, cipher_info = mbedtls_cipher_info_from_psa( alg, key_type, key_bits, &cipher_id ); if( cipher_info == NULL ) return( PSA_ERROR_NOT_SUPPORTED ); - //TODO: check key policy + + if( !( slot->policy.usage & PSA_KEY_USAGE_DECRYPT ) ) + return( PSA_ERROR_NOT_PERMITTED ); if ( !( ( key_type & PSA_KEY_TYPE_CATEGORY_MASK ) == PSA_KEY_TYPE_CATEGORY_SYMMETRIC && PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) == cipher_info->block_size ) ) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index a582b56c3..16577dd91 100755 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -598,6 +598,7 @@ void aead_encrypt_decrypt( int key_type_arg, char * key_hex, size_t additional_data_length = 0; size_t i = 0; psa_status_t expected_result = (psa_status_t) expected_result_arg; + psa_key_policy_t policy = {0}; key_data = unhexify_alloc( key_hex, &key_size ); @@ -619,6 +620,12 @@ void aead_encrypt_decrypt( int key_type_arg, char * key_hex, TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS ); + psa_key_policy_init( &policy ); + + psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT , alg ); + + TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS ); + TEST_ASSERT( psa_import_key( slot, key_type, key_data, key_size ) == PSA_SUCCESS ); @@ -679,6 +686,7 @@ void aead_encrypt( int key_type_arg, char * key_hex, size_t tag_length = 16; unsigned char *additional_data = NULL; size_t additional_data_length = 0; + psa_key_policy_t policy = {0}; key_data = unhexify_alloc( key_hex, &key_size ); @@ -697,6 +705,12 @@ void aead_encrypt( int key_type_arg, char * key_hex, TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS ); + psa_key_policy_init( &policy ); + + psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT , alg ); + + TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS ); + TEST_ASSERT( psa_import_key( slot, key_type, key_data, key_size ) == PSA_SUCCESS ); From ed8dbeb43462b2fd1b6860ae40dab232b2dbc80e Mon Sep 17 00:00:00 2001 From: mohammad1603 Date: Mon, 4 Jun 2018 15:00:52 +0300 Subject: [PATCH 44/59] add and fix data vectors --- tests/suites/test_suite_psa_crypto.data | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 494ebd504..c0c5f92bc 100755 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -139,5 +139,8 @@ aead_encrypt_decrypt:PSA_KEY_TYPE_DES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG PSA AEAD Encrypt-Decrypt, Fail Scenario - Invalid algorithm aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CTR:"B96B49E21D621741632875DB7F6C9243D2D7C2":"EC46BB63B02520C33C49FD70":PSA_ERROR_NOT_SUPPORTED -#PSA AEAD Encrypt, AES CCM -#aead_encrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CCM:"08E8CF97D820EA258460E96AD9CF5289054D895CEAC47C":"0BE1A88BACE018B1":"00412B4EA9CDBE3C9696766CFA":"4CB97F86A2A4689A877947AB8091EF5386A6FFBDD080F8E78CF7CB0CDDD7B3" +#PSA AEAD Encrypt, AES CCM - scenario 1 +#aead_encrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CCM:"08E8CF97D820EA258460E96AD9CF5289054D895CEAC47C":"0BE1A88BACE018B1":"00412B4EA9CDBE3C9696766CFA":"4CB97F86A2A4689A877947AB8091EF5386A6FFBDD080F8120333D1FCB691F3406CBF531F83A4D8" + +#PSA AEAD Encrypt, AES CCM - scenario 2 +#aead_encrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"48c0906930561e0ab0ef4cd972":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6d80e8bf80f4a46cab06d4313f0db9be9" From 371a6e4067fb0ddd1582caf9f22a20db8f20ac89 Mon Sep 17 00:00:00 2001 From: mohammad1603 Date: Mon, 4 Jun 2018 15:11:08 +0300 Subject: [PATCH 45/59] add decrypt tests for CCM --- tests/suites/test_suite_psa_crypto.data | 14 ++-- tests/suites/test_suite_psa_crypto.function | 74 +++++++++++++++++++++ 2 files changed, 84 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index c0c5f92bc..4aafeffaa 100755 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -139,8 +139,14 @@ aead_encrypt_decrypt:PSA_KEY_TYPE_DES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG PSA AEAD Encrypt-Decrypt, Fail Scenario - Invalid algorithm aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CTR:"B96B49E21D621741632875DB7F6C9243D2D7C2":"EC46BB63B02520C33C49FD70":PSA_ERROR_NOT_SUPPORTED -#PSA AEAD Encrypt, AES CCM - scenario 1 -#aead_encrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CCM:"08E8CF97D820EA258460E96AD9CF5289054D895CEAC47C":"0BE1A88BACE018B1":"00412B4EA9CDBE3C9696766CFA":"4CB97F86A2A4689A877947AB8091EF5386A6FFBDD080F8120333D1FCB691F3406CBF531F83A4D8" +PSA AEAD Encrypt, AES CCM - scenario 1 +aead_encrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CCM:"08E8CF97D820EA258460E96AD9CF5289054D895CEAC47C":"0BE1A88BACE018B1":"00412B4EA9CDBE3C9696766CFA":"4CB97F86A2A4689A877947AB8091EF5386A6FFBDD080F8120333D1FCB691F3406CBF531F83A4D8" -#PSA AEAD Encrypt, AES CCM - scenario 2 -#aead_encrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"48c0906930561e0ab0ef4cd972":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6d80e8bf80f4a46cab06d4313f0db9be9" +PSA AEAD Encrypt, AES CCM - scenario 2 +aead_encrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"48c0906930561e0ab0ef4cd972":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6d80e8bf80f4a46cab06d4313f0db9be9" + +PSA AEAD Decrypt, AES CCM - scenario 1 +aead_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CCM:"4CB97F86A2A4689A877947AB8091EF5386A6FFBDD080F8120333D1FCB691F3406CBF531F83A4D8":"0BE1A88BACE018B1":"00412B4EA9CDBE3C9696766CFA":"08E8CF97D820EA258460E96AD9CF5289054D895CEAC47C" + +PSA AEAD Decrypt, AES CCM - scenario 2 +aead_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6d80e8bf80f4a46cab06d4313f0db9be9":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"48c0906930561e0ab0ef4cd972":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef" diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 16577dd91..f276bee87 100755 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -736,3 +736,77 @@ exit: mbedtls_psa_crypto_free( ); } /* END_CASE */ + +/* BEGIN_CASE */ +void aead_decrypt( int key_type_arg, char * key_hex, + int alg_arg, char * input_hex, + char * add_data, char * nonce_hex, + char * expected_result_hex ) +{ + int slot = 1; + psa_key_type_t key_type = key_type_arg; + psa_algorithm_t alg = alg_arg; + unsigned char *key_data = NULL; + size_t key_size; + unsigned char *input_data = NULL; + size_t input_size; + unsigned char *output_data = NULL; + size_t output_size = 0; + size_t output_length = 0; + unsigned char *expected_result = NULL; + size_t expected_result_length = 0; + uint8_t* nonce = NULL; + size_t nonce_length = 0; + size_t tag_length = 16; + unsigned char *additional_data = NULL; + size_t additional_data_length = 0; + psa_key_policy_t policy = {0}; + + + key_data = unhexify_alloc( key_hex, &key_size ); + TEST_ASSERT( key_data != NULL ); + input_data = unhexify_alloc( input_hex, &input_size ); + TEST_ASSERT( input_data != NULL ); + additional_data = unhexify_alloc( add_data, &additional_data_length ); + TEST_ASSERT( input_data != NULL ); + output_size = input_size + tag_length; + output_data = mbedtls_calloc( 1, output_size ); + TEST_ASSERT( output_data != NULL ); + nonce = unhexify_alloc( nonce_hex, &nonce_length ); + TEST_ASSERT( nonce != NULL ); + expected_result = unhexify_alloc( expected_result_hex, &expected_result_length ); + TEST_ASSERT( expected_result != NULL ); + + TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS ); + + psa_key_policy_init( &policy ); + + psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DECRYPT , alg ); + + TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS ); + + TEST_ASSERT( psa_import_key( slot, key_type, + key_data, key_size ) == PSA_SUCCESS ); + + TEST_ASSERT( psa_aead_decrypt( slot, alg, + nonce, nonce_length, + additional_data, additional_data_length, + input_data, input_size, output_data, + output_size, &output_length ) == PSA_SUCCESS ); + + + TEST_ASSERT( memcmp( output_data, expected_result, + output_length ) == 0 ); + + +exit: + psa_destroy_key( slot ); + mbedtls_free( key_data ); + mbedtls_free( input_data ); + mbedtls_free( additional_data ); + mbedtls_free( output_data ); + mbedtls_free( nonce ); + mbedtls_free( expected_result ); + mbedtls_psa_crypto_free( ); +} +/* END_CASE */ From c1ee32e1f4d742b5cbad44d23fdac75eea364ba2 Mon Sep 17 00:00:00 2001 From: mohammad1603 Date: Mon, 4 Jun 2018 16:21:56 +0300 Subject: [PATCH 46/59] add GCM test vectors encrypt/decrypt --- tests/suites/test_suite_psa_crypto.data | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 4aafeffaa..ae86bfa21 100755 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -150,3 +150,15 @@ aead_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CCM:"4C PSA AEAD Decrypt, AES CCM - scenario 2 aead_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6d80e8bf80f4a46cab06d4313f0db9be9":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"48c0906930561e0ab0ef4cd972":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef" + +PSA AEAD Encrypt, AES GCM - scenario 1 +aead_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"00e440846db73a490573deaf3728c94f":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96" + +PSA AEAD Encrypt, AES GCM - scenario 2 +aead_encrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":"97ce3f848276783599c6875de324361e":"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56" + +PSA AEAD Decrypt, AES GCM - scenario 1 +aead_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"00e440846db73a490573deaf3728c94f":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826" + +PSA AEAD Decrypt, AES GCM - scenario 2 +aead_decrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":"97ce3f848276783599c6875de324361e":"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013" From f7f72da7695056b7b9a9171681090f33ca2dc1f3 Mon Sep 17 00:00:00 2001 From: mohammad1603 Date: Mon, 4 Jun 2018 16:32:11 +0300 Subject: [PATCH 47/59] add invalid signature test case --- tests/suites/test_suite_psa_crypto.data | 14 ++++++++++---- tests/suites/test_suite_psa_crypto.function | 21 +++++++++++++-------- 2 files changed, 23 insertions(+), 12 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index ae86bfa21..b75536c7a 100755 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -146,10 +146,10 @@ PSA AEAD Encrypt, AES CCM - scenario 2 aead_encrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"48c0906930561e0ab0ef4cd972":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6d80e8bf80f4a46cab06d4313f0db9be9" PSA AEAD Decrypt, AES CCM - scenario 1 -aead_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CCM:"4CB97F86A2A4689A877947AB8091EF5386A6FFBDD080F8120333D1FCB691F3406CBF531F83A4D8":"0BE1A88BACE018B1":"00412B4EA9CDBE3C9696766CFA":"08E8CF97D820EA258460E96AD9CF5289054D895CEAC47C" +aead_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CCM:"4CB97F86A2A4689A877947AB8091EF5386A6FFBDD080F8120333D1FCB691F3406CBF531F83A4D8":"0BE1A88BACE018B1":"00412B4EA9CDBE3C9696766CFA":"08E8CF97D820EA258460E96AD9CF5289054D895CEAC47C":PSA_SUCCESS PSA AEAD Decrypt, AES CCM - scenario 2 -aead_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6d80e8bf80f4a46cab06d4313f0db9be9":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"48c0906930561e0ab0ef4cd972":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef" +aead_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6d80e8bf80f4a46cab06d4313f0db9be9":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"48c0906930561e0ab0ef4cd972":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_SUCCESS PSA AEAD Encrypt, AES GCM - scenario 1 aead_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"00e440846db73a490573deaf3728c94f":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96" @@ -158,7 +158,13 @@ PSA AEAD Encrypt, AES GCM - scenario 2 aead_encrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":"97ce3f848276783599c6875de324361e":"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56" PSA AEAD Decrypt, AES GCM - scenario 1 -aead_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"00e440846db73a490573deaf3728c94f":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826" +aead_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"00e440846db73a490573deaf3728c94f":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS PSA AEAD Decrypt, AES GCM - scenario 2 -aead_decrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":"97ce3f848276783599c6875de324361e":"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013" +aead_decrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":"97ce3f848276783599c6875de324361e":"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":PSA_SUCCESS + +PSA AEAD Decrypt, AES GCM - invalid signature +aead_decrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"12195120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":"97ce3f848276783599c6875de324361e":"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":PSA_ERROR_INVALID_SIGNATURE + +PSA AEAD Decrypt, AES CCM - invalid signature +aead_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:"26d56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6d80e8bf80f4a46cab06d4313f0db9be9":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"48c0906930561e0ab0ef4cd972":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_SIGNATURE diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index f276bee87..0e1662ff1 100755 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -741,7 +741,7 @@ exit: void aead_decrypt( int key_type_arg, char * key_hex, int alg_arg, char * input_hex, char * add_data, char * nonce_hex, - char * expected_result_hex ) + char * expected_result_hex, int expected_result_arg ) { int slot = 1; psa_key_type_t key_type = key_type_arg; @@ -753,7 +753,7 @@ void aead_decrypt( int key_type_arg, char * key_hex, unsigned char *output_data = NULL; size_t output_size = 0; size_t output_length = 0; - unsigned char *expected_result = NULL; + unsigned char *expected_data = NULL; size_t expected_result_length = 0; uint8_t* nonce = NULL; size_t nonce_length = 0; @@ -761,6 +761,7 @@ void aead_decrypt( int key_type_arg, char * key_hex, unsigned char *additional_data = NULL; size_t additional_data_length = 0; psa_key_policy_t policy = {0}; + psa_status_t expected_result = (psa_status_t) expected_result_arg; key_data = unhexify_alloc( key_hex, &key_size ); @@ -774,8 +775,8 @@ void aead_decrypt( int key_type_arg, char * key_hex, TEST_ASSERT( output_data != NULL ); nonce = unhexify_alloc( nonce_hex, &nonce_length ); TEST_ASSERT( nonce != NULL ); - expected_result = unhexify_alloc( expected_result_hex, &expected_result_length ); - TEST_ASSERT( expected_result != NULL ); + expected_data = unhexify_alloc( expected_result_hex, &expected_result_length ); + TEST_ASSERT( expected_data != NULL ); TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS ); @@ -792,11 +793,15 @@ void aead_decrypt( int key_type_arg, char * key_hex, nonce, nonce_length, additional_data, additional_data_length, input_data, input_size, output_data, - output_size, &output_length ) == PSA_SUCCESS ); + output_size, &output_length ) == expected_result ); - TEST_ASSERT( memcmp( output_data, expected_result, - output_length ) == 0 ); + if ( expected_result == PSA_SUCCESS ) + { + TEST_ASSERT( memcmp( output_data, expected_data, + output_length ) == 0 ); + } + exit: @@ -806,7 +811,7 @@ exit: mbedtls_free( additional_data ); mbedtls_free( output_data ); mbedtls_free( nonce ); - mbedtls_free( expected_result ); + mbedtls_free( expected_data ); mbedtls_psa_crypto_free( ); } /* END_CASE */ From 5ed0621dd4c2cd77f534a64dd9e38a3f37d1aac8 Mon Sep 17 00:00:00 2001 From: mohammad1603 Date: Wed, 6 Jun 2018 13:09:34 +0300 Subject: [PATCH 48/59] aligned with coding standards - line length --- library/psa_crypto.c | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 8207a9bc1..3ee3f9d8d 100755 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1501,14 +1501,16 @@ psa_status_t psa_aead_encrypt( psa_key_slot_t key, return( status ); slot = &global_data.key_slots[key]; - cipher_info = mbedtls_cipher_info_from_psa( alg, key_type, key_bits, &cipher_id ); + cipher_info = mbedtls_cipher_info_from_psa( alg, key_type, + key_bits, &cipher_id ); if( cipher_info == NULL ) return( PSA_ERROR_NOT_SUPPORTED ); if( !( slot->policy.usage & PSA_KEY_USAGE_ENCRYPT ) ) return( PSA_ERROR_NOT_PERMITTED ); - if ( ( key_type & PSA_KEY_TYPE_CATEGORY_MASK ) != PSA_KEY_TYPE_CATEGORY_SYMMETRIC ) + if ( ( key_type & PSA_KEY_TYPE_CATEGORY_MASK ) != + PSA_KEY_TYPE_CATEGORY_SYMMETRIC ) return( PSA_ERROR_INVALID_ARGUMENT ); if( alg == PSA_ALG_GCM ) @@ -1642,15 +1644,18 @@ psa_status_t psa_aead_decrypt( psa_key_slot_t key, return( status ); slot = &global_data.key_slots[key]; - cipher_info = mbedtls_cipher_info_from_psa( alg, key_type, key_bits, &cipher_id ); + cipher_info = mbedtls_cipher_info_from_psa( alg, key_type, + key_bits, &cipher_id ); if( cipher_info == NULL ) return( PSA_ERROR_NOT_SUPPORTED ); if( !( slot->policy.usage & PSA_KEY_USAGE_DECRYPT ) ) return( PSA_ERROR_NOT_PERMITTED ); - if ( !( ( key_type & PSA_KEY_TYPE_CATEGORY_MASK ) == PSA_KEY_TYPE_CATEGORY_SYMMETRIC - && PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) == cipher_info->block_size ) ) + if ( !( ( key_type & PSA_KEY_TYPE_CATEGORY_MASK ) == + PSA_KEY_TYPE_CATEGORY_SYMMETRIC + && PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) == + cipher_info->block_size ) ) return( PSA_ERROR_INVALID_ARGUMENT ); if( alg == PSA_ALG_GCM ) @@ -1676,7 +1681,8 @@ psa_status_t psa_aead_decrypt( psa_key_slot_t key, ret = mbedtls_gcm_auth_decrypt( &gcm, ciphertext_length - tag_length, nonce, nonce_length, - additional_data, additional_data_length, + additional_data, + additional_data_length, tag, tag_length, ciphertext, plaintext ); mbedtls_gcm_free( &gcm ); From 6b4d98cf78d1ba453c4a83dd999b2a002c37d1db Mon Sep 17 00:00:00 2001 From: mohammad1603 Date: Wed, 6 Jun 2018 13:19:51 +0300 Subject: [PATCH 49/59] remove trailing spaces --- library/psa_crypto.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 3ee3f9d8d..190abe1ea 100755 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1509,7 +1509,7 @@ psa_status_t psa_aead_encrypt( psa_key_slot_t key, if( !( slot->policy.usage & PSA_KEY_USAGE_ENCRYPT ) ) return( PSA_ERROR_NOT_PERMITTED ); - if ( ( key_type & PSA_KEY_TYPE_CATEGORY_MASK ) != + if ( ( key_type & PSA_KEY_TYPE_CATEGORY_MASK ) != PSA_KEY_TYPE_CATEGORY_SYMMETRIC ) return( PSA_ERROR_INVALID_ARGUMENT ); @@ -1652,9 +1652,9 @@ psa_status_t psa_aead_decrypt( psa_key_slot_t key, if( !( slot->policy.usage & PSA_KEY_USAGE_DECRYPT ) ) return( PSA_ERROR_NOT_PERMITTED ); - if ( !( ( key_type & PSA_KEY_TYPE_CATEGORY_MASK ) == + if ( !( ( key_type & PSA_KEY_TYPE_CATEGORY_MASK ) == PSA_KEY_TYPE_CATEGORY_SYMMETRIC - && PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) == + && PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) == cipher_info->block_size ) ) return( PSA_ERROR_INVALID_ARGUMENT ); From 8ffd764e23e39aa330c7d1c7f31774e20a672f73 Mon Sep 17 00:00:00 2001 From: mohammad1603 Date: Wed, 6 Jun 2018 13:37:29 +0300 Subject: [PATCH 50/59] re-group test vectors and change vectors' names --- tests/suites/test_suite_psa_crypto.data | 42 ++++++++++++------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index b75536c7a..2b466b164 100755 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -121,50 +121,50 @@ PSA verify ECDSA SECP256R1 SHA-256 depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED asymmetric_verify:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_KEY_TYPE_ECC_CURVE_NISTP256R1):"3078020101042100ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3aa00a06082a8648ce3d030107a14403420004dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_SHA_256:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"304502206a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151022100ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f" -PSA AEAD Encrypt-Decrypt, AES CCM scenario 1 +PSA AEAD Encrypt-Decrypt, AES CCM 19-bytes input - 1 aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":PSA_ALG_CCM:"0C0D0E0F101112131415161718191A1B1C1D1E":"000102030405060708090A0B":PSA_SUCCESS -PSA AEAD Encrypt-Decrypt, AES CCM scenario 2 +PSA AEAD Encrypt-Decrypt, AES CCM 19-bytes input - 2 aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CCM:"B96B49E21D621741632875DB7F6C9243D2D7C2":"EC46BB63B02520C33C49FD70":PSA_SUCCESS -PSA AEAD Encrypt-Decrypt, AES GCM scenario 1 -aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":PSA_ALG_GCM:"0C0D0E0F101112131415161718191A1B1C1D1E":"000102030405060708090A0B":PSA_SUCCESS - -PSA AEAD Encrypt-Decrypt, AES GCM scenario 2 -aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_GCM:"B96B49E21D621741632875DB7F6C9243D2D7C2":"EC46BB63B02520C33C49FD70":PSA_SUCCESS - PSA AEAD Encrypt-Decrypt, Fail Scenario - Invalid key type aead_encrypt_decrypt:PSA_KEY_TYPE_DES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CCM:"B96B49E21D621741632875DB7F6C9243D2D7C2":"EC46BB63B02520C33C49FD70":PSA_ERROR_NOT_SUPPORTED -PSA AEAD Encrypt-Decrypt, Fail Scenario - Invalid algorithm -aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CTR:"B96B49E21D621741632875DB7F6C9243D2D7C2":"EC46BB63B02520C33C49FD70":PSA_ERROR_NOT_SUPPORTED - -PSA AEAD Encrypt, AES CCM - scenario 1 +PSA AEAD Encrypt, AES CCM - 23-bytes input aead_encrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CCM:"08E8CF97D820EA258460E96AD9CF5289054D895CEAC47C":"0BE1A88BACE018B1":"00412B4EA9CDBE3C9696766CFA":"4CB97F86A2A4689A877947AB8091EF5386A6FFBDD080F8120333D1FCB691F3406CBF531F83A4D8" -PSA AEAD Encrypt, AES CCM - scenario 2 +PSA AEAD Encrypt, AES CCM - 24-bytes input aead_encrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"48c0906930561e0ab0ef4cd972":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6d80e8bf80f4a46cab06d4313f0db9be9" -PSA AEAD Decrypt, AES CCM - scenario 1 +PSA AEAD Decrypt, AES CCM - 39-bytes input aead_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CCM:"4CB97F86A2A4689A877947AB8091EF5386A6FFBDD080F8120333D1FCB691F3406CBF531F83A4D8":"0BE1A88BACE018B1":"00412B4EA9CDBE3C9696766CFA":"08E8CF97D820EA258460E96AD9CF5289054D895CEAC47C":PSA_SUCCESS -PSA AEAD Decrypt, AES CCM - scenario 2 +PSA AEAD Decrypt, AES CCM - 40-bytes input aead_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6d80e8bf80f4a46cab06d4313f0db9be9":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"48c0906930561e0ab0ef4cd972":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_SUCCESS -PSA AEAD Encrypt, AES GCM - scenario 1 +PSA AEAD Decrypt, AES CCM - invalid signature +aead_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:"26d56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6d80e8bf80f4a46cab06d4313f0db9be9":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"48c0906930561e0ab0ef4cd972":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_SIGNATURE + +PSA AEAD Encrypt-Decrypt, AES GCM 19-bytes input - 1 +aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":PSA_ALG_GCM:"0C0D0E0F101112131415161718191A1B1C1D1E":"000102030405060708090A0B":PSA_SUCCESS + +PSA AEAD Encrypt-Decrypt, AES GCM 19-bytes input - 2 +aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_GCM:"B96B49E21D621741632875DB7F6C9243D2D7C2":"EC46BB63B02520C33C49FD70":PSA_SUCCESS + +PSA AEAD Encrypt, AES GCM - 128-bytes input - 1 aead_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"00e440846db73a490573deaf3728c94f":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96" -PSA AEAD Encrypt, AES GCM - scenario 2 +PSA AEAD Encrypt, AES GCM - 128-bytes input - 2 aead_encrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":"97ce3f848276783599c6875de324361e":"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56" -PSA AEAD Decrypt, AES GCM - scenario 1 +PSA AEAD Decrypt, AES GCM - 144-bytes input - 1 aead_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"00e440846db73a490573deaf3728c94f":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS -PSA AEAD Decrypt, AES GCM - scenario 2 +PSA AEAD Decrypt, AES GCM - 144-bytes input - 2 aead_decrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":"97ce3f848276783599c6875de324361e":"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":PSA_SUCCESS PSA AEAD Decrypt, AES GCM - invalid signature aead_decrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"12195120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":"97ce3f848276783599c6875de324361e":"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":PSA_ERROR_INVALID_SIGNATURE -PSA AEAD Decrypt, AES CCM - invalid signature -aead_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:"26d56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6d80e8bf80f4a46cab06d4313f0db9be9":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"48c0906930561e0ab0ef4cd972":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_SIGNATURE +PSA AEAD Encrypt-Decrypt, Fail Scenario - Invalid algorithm +aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CTR:"B96B49E21D621741632875DB7F6C9243D2D7C2":"EC46BB63B02520C33C49FD70":PSA_ERROR_NOT_SUPPORTED From fb5b9cbb8d79f80c49f80f213b51b2161aafe924 Mon Sep 17 00:00:00 2001 From: mohammad1603 Date: Wed, 6 Jun 2018 13:44:27 +0300 Subject: [PATCH 51/59] add missing documentations --- include/psa/crypto.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index fc26e51fd..c45fccd4b 100755 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -1073,6 +1073,7 @@ psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation); * @{ */ +// This macro calculates the encryption output size according to given algorithm #define PSA_AEAD_ENCRYPT_OUTPUT_SIZE(alg, plaintext_length) \ ((alg) == PSA_ALG_GCM ? (plaintext_length) + 16 : \ (alg) == PSA_ALG_CCM ? (plaintext_length) + 16 : \ @@ -1131,6 +1132,7 @@ psa_status_t psa_aead_encrypt( psa_key_slot_t key, size_t ciphertext_size, size_t *ciphertext_length ); +// This macro calculates the decryption output size according to given algorithm #define PSA_AEAD_DECRYPT_OUTPUT_SIZE(alg, ciphertext_length) \ ((alg) == PSA_ALG_GCM ? (ciphertext_length) - 16 : \ (alg) == PSA_ALG_CCM ? (ciphertext_length) - 16 : \ @@ -1160,7 +1162,7 @@ psa_status_t psa_aead_encrypt( psa_key_slot_t key, * #PSA_AEAD_DECRYPT_OUTPUT_SIZE(\p alg, * \p ciphertext_length). * \param plaintext_length On success, the size of the output - * in the \b plainrtext buffer. + * in the \b plaintext buffer. * * \retval PSA_SUCCESS * Success. From e3cb8a8d8b8667caa0e41131b27d19ceec1b8e66 Mon Sep 17 00:00:00 2001 From: mohammad1603 Date: Wed, 6 Jun 2018 13:45:03 +0300 Subject: [PATCH 52/59] return PSA_ERROR_BUFFER_TOO_SMALL intead of PSA_ERROR_INVALID_ARGUMENT --- library/psa_crypto.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 190abe1ea..d507a53c8 100755 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1523,7 +1523,7 @@ psa_status_t psa_aead_encrypt( psa_key_slot_t key, //make sure we have place to hold the tag in the ciphertext buffer if( ciphertext_size < ( plaintext_length + tag_length ) ) - return( PSA_ERROR_INVALID_ARGUMENT ); + return( PSA_ERROR_BUFFER_TOO_SMALL ); //update the tag pointer to point to the end of the ciphertext_length tag = ciphertext + plaintext_length; @@ -1557,7 +1557,7 @@ psa_status_t psa_aead_encrypt( psa_key_slot_t key, //make sure we have place to hold the tag in the ciphertext buffer if( ciphertext_size < ( plaintext_length + tag_length ) ) - return( PSA_ERROR_INVALID_ARGUMENT ); + return( PSA_ERROR_BUFFER_TOO_SMALL ); //update the tag pointer to point to the end of the ciphertext_length tag = ciphertext + plaintext_length; From a1d980168357d6554008b7bb29a3f15b3594e13f Mon Sep 17 00:00:00 2001 From: mohammad1603 Date: Wed, 6 Jun 2018 13:45:55 +0300 Subject: [PATCH 53/59] add slot validation --- library/psa_crypto.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index d507a53c8..f0439e3ec 100755 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1500,6 +1500,8 @@ psa_status_t psa_aead_encrypt( psa_key_slot_t key, if( status != PSA_SUCCESS ) return( status ); slot = &global_data.key_slots[key]; + if( slot->type == PSA_KEY_TYPE_NONE ) + return( PSA_ERROR_EMPTY_SLOT ); cipher_info = mbedtls_cipher_info_from_psa( alg, key_type, key_bits, &cipher_id ); @@ -1643,6 +1645,8 @@ psa_status_t psa_aead_decrypt( psa_key_slot_t key, if( status != PSA_SUCCESS ) return( status ); slot = &global_data.key_slots[key]; + if( slot->type == PSA_KEY_TYPE_NONE ) + return( PSA_ERROR_EMPTY_SLOT ); cipher_info = mbedtls_cipher_info_from_psa( alg, key_type, key_bits, &cipher_id ); From e109f216383a8a7cbe737dc337becb617285b78f Mon Sep 17 00:00:00 2001 From: mohammad1603 Date: Thu, 7 Jun 2018 01:38:14 +0300 Subject: [PATCH 54/59] remove unnecessary check for block size --- library/psa_crypto.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index f0439e3ec..ba1fd9d4c 100755 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1657,9 +1657,7 @@ psa_status_t psa_aead_decrypt( psa_key_slot_t key, return( PSA_ERROR_NOT_PERMITTED ); if ( !( ( key_type & PSA_KEY_TYPE_CATEGORY_MASK ) == - PSA_KEY_TYPE_CATEGORY_SYMMETRIC - && PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) == - cipher_info->block_size ) ) + PSA_KEY_TYPE_CATEGORY_SYMMETRIC ) return( PSA_ERROR_INVALID_ARGUMENT ); if( alg == PSA_ALG_GCM ) From 1347a73fbe09927c7187dcfd871bbb0ce68e0ea7 Mon Sep 17 00:00:00 2001 From: mohammad1603 Date: Thu, 7 Jun 2018 01:38:45 +0300 Subject: [PATCH 55/59] fix macros documentation style. --- include/psa/crypto.h | 37 +++++++++++++++++++++++++++++++++++-- 1 file changed, 35 insertions(+), 2 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index c45fccd4b..8e20013a2 100755 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -1073,7 +1073,24 @@ psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation); * @{ */ -// This macro calculates the encryption output size according to given algorithm + +/** AEAD Encrypted data size + * + * This macro calculates the encrypted data size according to given algorithm + * and plaintext_length. + * + * + * \param alg The AEAD algorithm to compute + * (\c PSA_ALG_XXX value such that + * #PSA_ALG_IS_AEAD(alg) is true). + * \param plaintext_length Size of \p plaintext in bytes. + * + * \return If the algorithm is PSA_ALG_GCM the encrypted data size is + * plaintext_length plus 16-bytes for tag. + * If the algorithm is PSA_ALG_CCM the encrypted data size is + * plaintext_length plus 16-bytes for tag. + * Otherwise return zero. + */ #define PSA_AEAD_ENCRYPT_OUTPUT_SIZE(alg, plaintext_length) \ ((alg) == PSA_ALG_GCM ? (plaintext_length) + 16 : \ (alg) == PSA_ALG_CCM ? (plaintext_length) + 16 : \ @@ -1132,7 +1149,23 @@ psa_status_t psa_aead_encrypt( psa_key_slot_t key, size_t ciphertext_size, size_t *ciphertext_length ); -// This macro calculates the decryption output size according to given algorithm +/** AEAD Decrypted data size + * + * This macro calculates the decrypted data size according to given algorithm + * and ciphertext_length. + * + * + * \param alg The AEAD algorithm to compute + * (\c PSA_ALG_XXX value such that + * #PSA_ALG_IS_AEAD(alg) is true). + * \param ciphertext_length Size of \p ciphertext in bytes. + * + * \return If the algorithm is PSA_ALG_GCM the decrypted data size is + * ciphertext_length minus 16-bytes for tag. + * If the algorithm is PSA_ALG_CCM the decrypted data size is + * ciphertext_length minus 16-bytes for tag. + * Otherwise return zero. + */ #define PSA_AEAD_DECRYPT_OUTPUT_SIZE(alg, ciphertext_length) \ ((alg) == PSA_ALG_GCM ? (ciphertext_length) - 16 : \ (alg) == PSA_ALG_CCM ? (ciphertext_length) - 16 : \ From fc614b1e0eacd372c10480c53a720ceb18f832b8 Mon Sep 17 00:00:00 2001 From: mohammad1603 Date: Thu, 7 Jun 2018 01:43:52 +0300 Subject: [PATCH 56/59] fix parentheses --- library/psa_crypto.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index ba1fd9d4c..a8306ab24 100755 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1656,8 +1656,8 @@ psa_status_t psa_aead_decrypt( psa_key_slot_t key, if( !( slot->policy.usage & PSA_KEY_USAGE_DECRYPT ) ) return( PSA_ERROR_NOT_PERMITTED ); - if ( !( ( key_type & PSA_KEY_TYPE_CATEGORY_MASK ) == - PSA_KEY_TYPE_CATEGORY_SYMMETRIC ) + if ( ( key_type & PSA_KEY_TYPE_CATEGORY_MASK ) != + PSA_KEY_TYPE_CATEGORY_SYMMETRIC ) return( PSA_ERROR_INVALID_ARGUMENT ); if( alg == PSA_ALG_GCM ) From 3158564f089f26a534123b67b3058885de3962cf Mon Sep 17 00:00:00 2001 From: mohammad1603 Date: Thu, 7 Jun 2018 11:45:03 +0300 Subject: [PATCH 57/59] add nonce as argument to the test function of encrypt/decrypt --- tests/suites/test_suite_psa_crypto.data | 12 ++++++------ tests/suites/test_suite_psa_crypto.function | 14 ++++---------- 2 files changed, 10 insertions(+), 16 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 2b466b164..8fc7985b8 100755 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -122,13 +122,13 @@ depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R asymmetric_verify:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_KEY_TYPE_ECC_CURVE_NISTP256R1):"3078020101042100ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3aa00a06082a8648ce3d030107a14403420004dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_SHA_256:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"304502206a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151022100ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f" PSA AEAD Encrypt-Decrypt, AES CCM 19-bytes input - 1 -aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":PSA_ALG_CCM:"0C0D0E0F101112131415161718191A1B1C1D1E":"000102030405060708090A0B":PSA_SUCCESS +aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":PSA_ALG_CCM:"0C0D0E0F101112131415161718191A1B1C1D1E":"000102030405060708090A0B":"000102030405060708090A0B":PSA_SUCCESS PSA AEAD Encrypt-Decrypt, AES CCM 19-bytes input - 2 -aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CCM:"B96B49E21D621741632875DB7F6C9243D2D7C2":"EC46BB63B02520C33C49FD70":PSA_SUCCESS +aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CCM:"B96B49E21D621741632875DB7F6C9243D2D7C2":"000102030405060708090A0B":"EC46BB63B02520C33C49FD70":PSA_SUCCESS PSA AEAD Encrypt-Decrypt, Fail Scenario - Invalid key type -aead_encrypt_decrypt:PSA_KEY_TYPE_DES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CCM:"B96B49E21D621741632875DB7F6C9243D2D7C2":"EC46BB63B02520C33C49FD70":PSA_ERROR_NOT_SUPPORTED +aead_encrypt_decrypt:PSA_KEY_TYPE_DES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CCM:"B96B49E21D621741632875DB7F6C9243D2D7C2":"000102030405060708090A0B":"EC46BB63B02520C33C49FD70":PSA_ERROR_NOT_SUPPORTED PSA AEAD Encrypt, AES CCM - 23-bytes input aead_encrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CCM:"08E8CF97D820EA258460E96AD9CF5289054D895CEAC47C":"0BE1A88BACE018B1":"00412B4EA9CDBE3C9696766CFA":"4CB97F86A2A4689A877947AB8091EF5386A6FFBDD080F8120333D1FCB691F3406CBF531F83A4D8" @@ -146,10 +146,10 @@ PSA AEAD Decrypt, AES CCM - invalid signature aead_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:"26d56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6d80e8bf80f4a46cab06d4313f0db9be9":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"48c0906930561e0ab0ef4cd972":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_SIGNATURE PSA AEAD Encrypt-Decrypt, AES GCM 19-bytes input - 1 -aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":PSA_ALG_GCM:"0C0D0E0F101112131415161718191A1B1C1D1E":"000102030405060708090A0B":PSA_SUCCESS +aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":PSA_ALG_GCM:"0C0D0E0F101112131415161718191A1B1C1D1E":"000102030405060708090A0B0C0D0E0F":"000102030405060708090A0B":PSA_SUCCESS PSA AEAD Encrypt-Decrypt, AES GCM 19-bytes input - 2 -aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_GCM:"B96B49E21D621741632875DB7F6C9243D2D7C2":"EC46BB63B02520C33C49FD70":PSA_SUCCESS +aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_GCM:"B96B49E21D621741632875DB7F6C9243D2D7C2":"000102030405060708090A0B0C0D0E0F":"EC46BB63B02520C33C49FD70":PSA_SUCCESS PSA AEAD Encrypt, AES GCM - 128-bytes input - 1 aead_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"00e440846db73a490573deaf3728c94f":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96" @@ -167,4 +167,4 @@ PSA AEAD Decrypt, AES GCM - invalid signature aead_decrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"12195120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":"97ce3f848276783599c6875de324361e":"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":PSA_ERROR_INVALID_SIGNATURE PSA AEAD Encrypt-Decrypt, Fail Scenario - Invalid algorithm -aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CTR:"B96B49E21D621741632875DB7F6C9243D2D7C2":"EC46BB63B02520C33C49FD70":PSA_ERROR_NOT_SUPPORTED +aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CTR:"B96B49E21D621741632875DB7F6C9243D2D7C2":"000102030405060708090A0B0C0D0E0F":"EC46BB63B02520C33C49FD70":PSA_ERROR_NOT_SUPPORTED diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 0e1662ff1..1cb938108 100755 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -576,7 +576,7 @@ exit: /* BEGIN_CASE */ void aead_encrypt_decrypt( int key_type_arg, char * key_hex, - int alg_arg, char * input_hex, + int alg_arg, char * input_hex, char * nonce_hex, char * add_data, int expected_result_arg ) { int slot = 1; @@ -591,12 +591,11 @@ void aead_encrypt_decrypt( int key_type_arg, char * key_hex, size_t output_length = 0; unsigned char *output_data2 = NULL; size_t output_length2 = 0; - uint8_t nonce[16]; + uint8_t* nonce; size_t nonce_length = 16; size_t tag_length = 16; unsigned char *additional_data = NULL; size_t additional_data_length = 0; - size_t i = 0; psa_status_t expected_result = (psa_status_t) expected_result_arg; psa_key_policy_t policy = {0}; @@ -610,13 +609,8 @@ void aead_encrypt_decrypt( int key_type_arg, char * key_hex, output_size = input_size + tag_length; output_data = mbedtls_calloc( 1, output_size ); TEST_ASSERT( output_data != NULL ); - if( alg == PSA_ALG_CCM ) - { - nonce_length = 12; - } - - for( ; i < nonce_length; ++i ) - nonce[i] = i; + nonce = unhexify_alloc( nonce_hex, &nonce_length ); + TEST_ASSERT( nonce != NULL ); TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS ); From 212e4d8f7c213221c3f7dce04654983da22686a0 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 8 Jun 2018 11:36:37 +0200 Subject: [PATCH 58/59] Improve documentation of PSA_AEAD_xxx_OUTPUT_SIZE --- include/psa/crypto.h | 48 ++++++++++++++++++++++++-------------------- 1 file changed, 26 insertions(+), 22 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 8e20013a2..7286ef9d8 100755 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -1074,22 +1074,24 @@ psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation); */ -/** AEAD Encrypted data size +/** The maximum size of the output of psa_aead_encrypt(), in bytes. * - * This macro calculates the encrypted data size according to given algorithm - * and plaintext_length. + * If the size of the ciphertext buffer is at least this large, it is + * guaranteed that psa_aead_encrypt() will not fail due to an + * insufficient buffer size. Depending on the algorithm, the actual size of + * the ciphertext may be smaller. * - * - * \param alg The AEAD algorithm to compute + * \param alg An AEAD algorithm * (\c PSA_ALG_XXX value such that * #PSA_ALG_IS_AEAD(alg) is true). - * \param plaintext_length Size of \p plaintext in bytes. + * \param plaintext_length Size of the plaintext in bytes. * - * \return If the algorithm is PSA_ALG_GCM the encrypted data size is - * plaintext_length plus 16-bytes for tag. - * If the algorithm is PSA_ALG_CCM the encrypted data size is - * plaintext_length plus 16-bytes for tag. - * Otherwise return zero. + * \return The AEAD ciphertext size for the specified + * algorithm. + * If the AEAD algorithm is not recognized, return 0. + * An implementation may return either 0 or a + * correct size for an AEAD algorithm that it + * recognizes, but does not support. */ #define PSA_AEAD_ENCRYPT_OUTPUT_SIZE(alg, plaintext_length) \ ((alg) == PSA_ALG_GCM ? (plaintext_length) + 16 : \ @@ -1149,22 +1151,24 @@ psa_status_t psa_aead_encrypt( psa_key_slot_t key, size_t ciphertext_size, size_t *ciphertext_length ); -/** AEAD Decrypted data size +/** The maximum size of the output of psa_aead_decrypt(), in bytes. * - * This macro calculates the decrypted data size according to given algorithm - * and ciphertext_length. + * If the size of the plaintext buffer is at least this large, it is + * guaranteed that psa_aead_decrypt() will not fail due to an + * insufficient buffer size. Depending on the algorithm, the actual size of + * the plaintext may be smaller. * - * - * \param alg The AEAD algorithm to compute + * \param alg An AEAD algorithm * (\c PSA_ALG_XXX value such that * #PSA_ALG_IS_AEAD(alg) is true). - * \param ciphertext_length Size of \p ciphertext in bytes. + * \param ciphertext_length Size of the plaintext in bytes. * - * \return If the algorithm is PSA_ALG_GCM the decrypted data size is - * ciphertext_length minus 16-bytes for tag. - * If the algorithm is PSA_ALG_CCM the decrypted data size is - * ciphertext_length minus 16-bytes for tag. - * Otherwise return zero. + * \return The AEAD ciphertext size for the specified + * algorithm. + * If the AEAD algorithm is not recognized, return 0. + * An implementation may return either 0 or a + * correct size for an AEAD algorithm that it + * recognizes, but does not support. */ #define PSA_AEAD_DECRYPT_OUTPUT_SIZE(alg, ciphertext_length) \ ((alg) == PSA_ALG_GCM ? (ciphertext_length) - 16 : \ From 5e39dc96e009587401397590ec16d3da001ac7dc Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 8 Jun 2018 11:41:57 +0200 Subject: [PATCH 59/59] New macro PSA_AEAD_TAG_SIZE, use it for PSA_AEAD_xxx_OUTPUT_SIZE --- include/psa/crypto.h | 29 ++++++++++++++++++++++++----- 1 file changed, 24 insertions(+), 5 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 7286ef9d8..9806c959d 100755 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -1073,6 +1073,25 @@ psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation); * @{ */ +/** The tag size for an AEAD algorithm, in bytes. + * + * \param alg An AEAD algorithm + * (\c PSA_ALG_XXX value such that + * #PSA_ALG_IS_AEAD(alg) is true). + * + * \return The tag size for the specified algorithm. + * If the AEAD algorithm does not have an identified + * tag that can be distinguished from the rest of + * the ciphertext, return 0. + * If the AEAD algorithm is not recognized, return 0. + * An implementation may return either 0 or a + * correct size for an AEAD algorithm that it + * recognizes, but does not support. + */ +#define PSA_AEAD_TAG_SIZE(alg) \ + ((alg) == PSA_ALG_GCM ? 16 : \ + (alg) == PSA_ALG_CCM ? 16 : \ + 0) /** The maximum size of the output of psa_aead_encrypt(), in bytes. * @@ -1094,8 +1113,8 @@ psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation); * recognizes, but does not support. */ #define PSA_AEAD_ENCRYPT_OUTPUT_SIZE(alg, plaintext_length) \ - ((alg) == PSA_ALG_GCM ? (plaintext_length) + 16 : \ - (alg) == PSA_ALG_CCM ? (plaintext_length) + 16 : \ + (PSA_AEAD_TAG_SIZE(alg) != 0 ? \ + (plaintext_length) + PSA_AEAD_TAG_SIZE(alg) : \ 0) /** Process an authenticated encryption operation. @@ -1170,9 +1189,9 @@ psa_status_t psa_aead_encrypt( psa_key_slot_t key, * correct size for an AEAD algorithm that it * recognizes, but does not support. */ -#define PSA_AEAD_DECRYPT_OUTPUT_SIZE(alg, ciphertext_length) \ - ((alg) == PSA_ALG_GCM ? (ciphertext_length) - 16 : \ - (alg) == PSA_ALG_CCM ? (ciphertext_length) - 16 : \ +#define PSA_AEAD_DECRYPT_OUTPUT_SIZE(alg, ciphertext_length) \ + (PSA_AEAD_TAG_SIZE(alg) != 0 ? \ + (plaintext_length) - PSA_AEAD_TAG_SIZE(alg) : \ 0) /** Process an authenticated decryption operation.