From 9ad29e2bee1c12f6799d269307abf10f6153d8f0 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 21 Jun 2018 09:40:04 +0200 Subject: [PATCH] Add what little was missing to fully support DES Also add what was missing in the test suite to support block ciphers with a block size that isn't 16. Fix some buggy test data that passed only due to problems with DES support in the product. --- library/psa_crypto.c | 27 ++++++++++++++-- tests/suites/test_suite_psa_crypto.data | 34 ++++++++++++++++++--- tests/suites/test_suite_psa_crypto.function | 20 ++++++++---- 3 files changed, 68 insertions(+), 13 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index adcadf3f5..a610af364 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1102,10 +1102,17 @@ static const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa( cipher_id_tmp = MBEDTLS_CIPHER_ID_AES; break; case PSA_KEY_TYPE_DES: + /* key_bits is 64 for Single-DES, 128 for two-key Triple-DES, + * and 192 for three-key Triple-DES. */ if( key_bits == 64 ) cipher_id_tmp = MBEDTLS_CIPHER_ID_DES; else cipher_id_tmp = MBEDTLS_CIPHER_ID_3DES; + /* mbedtls doesn't recognize two-key Triple-DES as an algorithm, + * but two-key Triple-DES is functionally three-key Triple-DES + * with K1=K3, so that's how we present it to mbedtls. */ + if( key_bits == 128 ) + key_bits = 192; break; case PSA_KEY_TYPE_CAMELLIA: cipher_id_tmp = MBEDTLS_CIPHER_ID_CAMELLIA; @@ -1975,8 +1982,24 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation, return( mbedtls_to_psa_error( ret ) ); } - ret = mbedtls_cipher_setkey( &operation->ctx.cipher, slot->data.raw.data, - key_bits, cipher_operation ); +#if defined(MBEDTLS_DES_C) + if( key_type == PSA_KEY_TYPE_DES && key_bits == 128 ) + { + /* Two-key Triple-DES is 3-key Triple-DES with K1=K3 */ + unsigned char keys[24]; + memcpy( keys, slot->data.raw.data, 16 ); + memcpy( keys + 16, slot->data.raw.data, 8 ); + ret = mbedtls_cipher_setkey( &operation->ctx.cipher, + keys, + 192, cipher_operation ); + } + else +#endif + { + ret = mbedtls_cipher_setkey( &operation->ctx.cipher, + slot->data.raw.data, + key_bits, cipher_operation ); + } if( ret != 0 ) { psa_cipher_abort( operation ); diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 94fb181e0..9ed9cf532 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -178,10 +178,10 @@ PSA MAC setup: invalid key type, HMAC-SHA-256 depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C mac_setup:PSA_KEY_TYPE_RAW_DATA:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_ERROR_INVALID_ARGUMENT -PSA MAC setup: incompatible key DES for CMAC -depends_on:MBEDTLS_DES_C:MBEDTLS_CMAC_C +PSA MAC setup: incompatible key HMAC for CMAC +depends_on:MBEDTLS_CMAC_C # Either INVALID_ARGUMENT or NOT_SUPPORTED would be reasonable here -mac_setup:PSA_KEY_TYPE_DES:"000102030405060708090a0b0c0d0e0f":PSA_ALG_CMAC:PSA_ERROR_NOT_SUPPORTED +mac_setup:PSA_KEY_TYPE_HMAC:"000102030405060708090a0b0c0d0e0f":PSA_ALG_CMAC:PSA_ERROR_NOT_SUPPORTED PSA MAC verify: HMAC-SHA-256 depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C @@ -333,6 +333,18 @@ PSA symmetric encrypt: AES-CTR, 15 bytes, good depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_MODE_CTR cipher_encrypt:PSA_ALG_CTR | PSA_ALG_BLOCK_CIPHER_PAD_NONE:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e11739317":"8f9408fe80a81d3e813da3c7b0b2bd":PSA_SUCCESS +PSA symmetric encrypt: DES-CBC-nopad, 8 bytes, good +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC +cipher_encrypt:PSA_ALG_CBC_BASE | PSA_ALG_BLOCK_CIPHER_PAD_NONE:PSA_KEY_TYPE_DES:"01020407080b0d0e":"eda4011239bc3ac9":"64f917b0152f8f05":PSA_SUCCESS + +PSA symmetric encrypt: 2-key 3DES-CBC-nopad, 8 bytes, good +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC +cipher_encrypt:PSA_ALG_CBC_BASE | PSA_ALG_BLOCK_CIPHER_PAD_NONE:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce":"eda4011239bc3ac9":"5d0652429c5b0ac7":PSA_SUCCESS + +PSA symmetric encrypt: 3-key 3DES-CBC-nopad, 8 bytes, good +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC +cipher_encrypt:PSA_ALG_CBC_BASE | PSA_ALG_BLOCK_CIPHER_PAD_NONE:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce31323437383b3d3e":"eda4011239bc3ac9":"817ca7d69b80d86a":PSA_SUCCESS + PSA symmetric decrypt: AES-CBC-nopad, 16 bytes, good depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC cipher_decrypt:PSA_ALG_CBC_BASE | PSA_ALG_BLOCK_CIPHER_PAD_NONE:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"396ee84fb75fdbb5c2b13c7fe5a654aa":"49e4e66c89a86b67758df89db9ad6955":PSA_SUCCESS @@ -357,6 +369,18 @@ PSA symmetric decrypt: AES-CBC-nopad, input too short (5 bytes) depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC cipher_decrypt:PSA_ALG_CBC_BASE | PSA_ALG_BLOCK_CIPHER_PAD_NONE:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee223":"6bc1bee223":PSA_ERROR_BAD_STATE +PSA symmetric decrypt: DES-CBC-nopad, 8 bytes, good +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC +cipher_decrypt:PSA_ALG_CBC_BASE | PSA_ALG_BLOCK_CIPHER_PAD_NONE:PSA_KEY_TYPE_DES:"01020407080b0d0e":"64f917b0152f8f05":"eda4011239bc3ac9":PSA_SUCCESS + +PSA symmetric decrypt: 2-key 3DES-CBC-nopad, 8 bytes, good +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC +cipher_decrypt:PSA_ALG_CBC_BASE | PSA_ALG_BLOCK_CIPHER_PAD_NONE:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce":"5d0652429c5b0ac7":"eda4011239bc3ac9":PSA_SUCCESS + +PSA symmetric decrypt: 3-key 3DES-CBC-nopad, 8 bytes, good +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC +cipher_decrypt:PSA_ALG_CBC_BASE | PSA_ALG_BLOCK_CIPHER_PAD_NONE:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce31323437383b3d3e":"817ca7d69b80d86a":"eda4011239bc3ac9":PSA_SUCCESS + PSA symmetric encrypt/decrypt: AES-CBC-nopad, 16 bytes, good depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC cipher_verify_output:PSA_ALG_CBC_BASE | PSA_ALG_BLOCK_CIPHER_PAD_NONE:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a" @@ -600,11 +624,11 @@ generate_key:PSA_KEY_TYPE_DES:64:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA generate key: DES, 128 bits, CBC-nopad depends_on:MBEDTLS_DES_C -generate_key:PSA_KEY_TYPE_DES:64:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CBC_BASE | PSA_ALG_BLOCK_CIPHER_PAD_NONE:PSA_SUCCESS +generate_key:PSA_KEY_TYPE_DES:128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CBC_BASE | PSA_ALG_BLOCK_CIPHER_PAD_NONE:PSA_SUCCESS PSA generate key: DES, 192 bits, CBC-nopad depends_on:MBEDTLS_DES_C -generate_key:PSA_KEY_TYPE_DES:64:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CBC_BASE | PSA_ALG_BLOCK_CIPHER_PAD_NONE:PSA_SUCCESS +generate_key:PSA_KEY_TYPE_DES:192:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CBC_BASE | PSA_ALG_BLOCK_CIPHER_PAD_NONE:PSA_SUCCESS PSA generate key: invalid key size: AES, 64 bits depends_on:MBEDTLS_AES_C diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 84cb69a66..c64138223 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -800,6 +800,7 @@ void cipher_encrypt( int alg_arg, int key_type_arg, psa_algorithm_t alg = alg_arg; psa_status_t expected_status = expected_status_arg; unsigned char iv[16] = {0}; + size_t iv_size; unsigned char *output = NULL; size_t output_buffer_size = 0; size_t function_output_length = 0; @@ -813,7 +814,8 @@ void cipher_encrypt( int alg_arg, int key_type_arg, TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input->len ) ); TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( expected_output->len ) ); - memset( iv, 0x2a, sizeof( iv ) ); + iv_size = PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ); + memset( iv, 0x2a, iv_size ); TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS ); @@ -824,7 +826,7 @@ void cipher_encrypt( int alg_arg, int key_type_arg, key_slot, alg ) == PSA_SUCCESS ); TEST_ASSERT( psa_encrypt_set_iv( &operation, - iv, sizeof( iv ) ) == PSA_SUCCESS ); + iv, iv_size ) == PSA_SUCCESS ); output_buffer_size = input->len + operation.block_size; output = mbedtls_calloc( 1, output_buffer_size ); TEST_ASSERT( output != NULL ); @@ -867,6 +869,7 @@ void cipher_encrypt_multipart( int alg_arg, int key_type_arg, psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; unsigned char iv[16] = {0}; + size_t iv_size; unsigned char *output = NULL; size_t output_buffer_size = 0; size_t function_output_length = 0; @@ -880,7 +883,8 @@ void cipher_encrypt_multipart( int alg_arg, int key_type_arg, TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input->len ) ); TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( expected_output->len ) ); - memset( iv, 0x2a, sizeof( iv ) ); + iv_size = PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ); + memset( iv, 0x2a, iv_size ); TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS ); @@ -937,6 +941,7 @@ void cipher_decrypt_multipart( int alg_arg, int key_type_arg, psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; unsigned char iv[16] = {0}; + size_t iv_size; unsigned char *output = NULL; size_t output_buffer_size = 0; size_t function_output_length = 0; @@ -950,7 +955,8 @@ void cipher_decrypt_multipart( int alg_arg, int key_type_arg, TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input->len ) ); TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( expected_output->len ) ); - memset( iv, 0x2a, sizeof( iv ) ); + iv_size = PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ); + memset( iv, 0x2a, iv_size ); TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS ); @@ -1009,6 +1015,7 @@ void cipher_decrypt( int alg_arg, int key_type_arg, psa_algorithm_t alg = alg_arg; psa_status_t expected_status = expected_status_arg; unsigned char iv[16] = {0}; + size_t iv_size; unsigned char *output = NULL; size_t output_buffer_size = 0; size_t function_output_length = 0; @@ -1022,7 +1029,8 @@ void cipher_decrypt( int alg_arg, int key_type_arg, TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input->len ) ); TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( expected_output->len ) ); - memset( iv, 0x2a, sizeof( iv ) ); + iv_size = PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ); + memset( iv, 0x2a, iv_size ); TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS ); @@ -1033,7 +1041,7 @@ void cipher_decrypt( int alg_arg, int key_type_arg, key_slot, alg ) == PSA_SUCCESS ); TEST_ASSERT( psa_encrypt_set_iv( &operation, - iv, sizeof( iv ) ) == PSA_SUCCESS ); + iv, iv_size ) == PSA_SUCCESS ); output_buffer_size = input->len + operation.block_size; output = mbedtls_calloc( 1, output_buffer_size );