From ed3c9ec71ad14e531fe688b53027490c6fda58aa Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Mon, 6 Jul 2020 14:08:59 +0200 Subject: [PATCH 1/5] Added support for AES-ECB to the PSA Crypto implementation PSA_ALG_ECB_NO_PADDING came in to the PSA Crypto API spec v1.0.0, but was not implemented yet in the mbed TLS implementation. Signed-off-by: Steven Cooreman --- include/mbedtls/psa_util.h | 2 + include/psa/crypto_values.h | 9 ++++ library/psa_crypto.c | 19 +++++-- tests/suites/test_suite_psa_crypto.data | 26 +++++++++- tests/suites/test_suite_psa_crypto.function | 50 +++++++++++++------ .../test_suite_psa_crypto_metadata.data | 4 ++ 6 files changed, 90 insertions(+), 20 deletions(-) diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index 513bc5feb..a8c15a03c 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -85,6 +85,8 @@ static inline psa_algorithm_t mbedtls_psa_translate_cipher_mode( { switch( mode ) { + case MBEDTLS_MODE_ECB: + return ( PSA_ALG_ECB_NO_PADDING ); case MBEDTLS_MODE_GCM: return( PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, taglen ) ); case MBEDTLS_MODE_CCM: diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index f33946ab9..786a3bb17 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -980,6 +980,15 @@ */ #define PSA_ALG_XTS ((psa_algorithm_t)0x044000ff) +/** The Electronic Code Book (ECB) mode of a block cipher, with no padding. + * + * The underlying block cipher is determined by the key type. + * + * This symmetric cipher mode can only be used with messages whose lengths + * are whole number of blocks for the chosen block cipher. + */ +#define PSA_ALG_ECB_NO_PADDING ((psa_algorithm_t)0x04404400) + /** The CBC block cipher chaining mode, with no padding. * * The underlying block cipher is determined by the key type. diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 4c3966ca7..9362ef0ba 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -2518,6 +2518,9 @@ static const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa( case PSA_ALG_OFB: mode = MBEDTLS_MODE_OFB; break; + case PSA_ALG_ECB_NO_PADDING: + mode = MBEDTLS_MODE_ECB; + break; case PSA_ALG_CBC_NO_PADDING: mode = MBEDTLS_MODE_CBC; break; @@ -3746,7 +3749,11 @@ static psa_status_t psa_cipher_init( psa_cipher_operation_t *operation, operation->alg = alg; operation->key_set = 0; operation->iv_set = 0; - operation->iv_required = 1; + if( alg == PSA_ALG_ECB_NO_PADDING ) { + operation->iv_required = 0; + } else { + operation->iv_required = 1; + } operation->iv_size = 0; operation->block_size = 0; mbedtls_cipher_init( &operation->ctx.cipher ); @@ -3837,7 +3844,7 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation, operation->key_set = 1; operation->block_size = ( PSA_ALG_IS_STREAM_CIPHER( alg ) ? 1 : PSA_BLOCK_CIPHER_BLOCK_SIZE( slot->attr.type ) ); - if( alg & PSA_ALG_CIPHER_FROM_BLOCK_FLAG ) + if( alg & PSA_ALG_CIPHER_FROM_BLOCK_FLAG && alg != PSA_ALG_ECB_NO_PADDING ) { operation->iv_size = PSA_BLOCK_CIPHER_BLOCK_SIZE( slot->attr.type ); } @@ -3991,12 +3998,14 @@ psa_status_t psa_cipher_finish( psa_cipher_operation_t *operation, return( PSA_ERROR_BAD_STATE ); } - if( operation->ctx.cipher.operation == MBEDTLS_ENCRYPT && - operation->alg == PSA_ALG_CBC_NO_PADDING && - operation->ctx.cipher.unprocessed_len != 0 ) + if( operation->ctx.cipher.unprocessed_len != 0 ) { + if( operation->alg == PSA_ALG_ECB_NO_PADDING || + ( operation->alg == PSA_ALG_CBC_NO_PADDING && + operation->ctx.cipher.operation == MBEDTLS_ENCRYPT ) ) { status = PSA_ERROR_INVALID_ARGUMENT; goto error; + } } cipher_ret = mbedtls_cipher_finish( &operation->ctx.cipher, diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 2a0573d8b..61338e92c 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -346,7 +346,11 @@ PSA import RSA public key: maximum size exceeded depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C import_rsa_made_up:PSA_VENDOR_RSA_MAX_KEY_BITS+8:0:PSA_ERROR_NOT_SUPPORTED -PSA key policy: AES +PSA key policy: AES ECB +depends_on:MBEDTLS_AES_C +check_key_policy:PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_ECB_NO_PADDING + +PSA key policy: AES CBC depends_on:MBEDTLS_AES_C check_key_policy:PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CBC_NO_PADDING @@ -1122,6 +1126,10 @@ PSA cipher: bad order function calls depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC cipher_bad_order: +PSA symmetric encrypt: AES-ECB, 16 bytes, good +depends_on:MBEDTLS_AES_C +cipher_encrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"6bc1bee22e409f96e93d7e117393172a":"3ad77bb40d7a3660a89ecaf32466ef97":PSA_SUCCESS + PSA symmetric encrypt: AES-CBC-nopad, 16 bytes, good depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC cipher_encrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":"a076ec9dfbe47d52afc357336f20743b":PSA_SUCCESS @@ -1158,6 +1166,10 @@ PSA symmetric encrypt: 3-key 3DES-CBC-nopad, 8 bytes, good depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC cipher_encrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce31323437383b3d3e":"2a2a2a2a2a2a2a2a":"eda4011239bc3ac9":"817ca7d69b80d86a":PSA_SUCCESS +PSA symmetric decrypt: AES-ECB, 16 bytes, good +depends_on:MBEDTLS_AES_C +cipher_decrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"396ee84fb75fdbb5c2b13c7fe5a654aa":"63cecc46a382414d5fa7d2b79387437f":PSA_SUCCESS + PSA symmetric decrypt: AES-CBC-nopad, 16 bytes, good depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC cipher_decrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"396ee84fb75fdbb5c2b13c7fe5a654aa":"49e4e66c89a86b67758df89db9ad6955":PSA_SUCCESS @@ -1194,6 +1206,10 @@ PSA symmetric decrypt: 3-key 3DES-CBC-nopad, 8 bytes, good depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC cipher_decrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce31323437383b3d3e":"2a2a2a2a2a2a2a2a":"817ca7d69b80d86a":"eda4011239bc3ac9":PSA_SUCCESS +PSA symmetric encrypt/decrypt: AES-ECB, 16 bytes, good +depends_on:MBEDTLS_AES_C +cipher_verify_output:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a" + PSA symmetric encrypt/decrypt: AES-CBC-nopad, 16 bytes, good depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC cipher_verify_output:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a" @@ -1210,6 +1226,10 @@ PSA symmetric encrypt/decrypt: AES-CTR depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR cipher_verify_output:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a" +PSA symmetric encryption multipart: AES-ECB, 16+16 bytes +depends_on:MBEDTLS_AES_C +cipher_encrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":16:16:16:"3ad77bb40d7a3660a89ecaf32466ef9755ed5e9e066820fa52c729886d18854c" + PSA symmetric encryption multipart: AES-CBC-nopad, 7+9 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC cipher_encrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":7:0:16:"a076ec9dfbe47d52afc357336f20743b" @@ -1274,6 +1294,10 @@ PSA symmetric encryption multipart: AES-CTR, 16+0 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":16:16:0:"8f9408fe80a81d3e813da3c7b0b2bd32" +PSA symmetric decryption multipart: AES-ECB, 16+16 bytes +depends_on:MBEDTLS_AES_C +cipher_decrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"3ad77bb40d7a3660a89ecaf32466ef9755ed5e9e066820fa52c729886d18854c":16:16:16:"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef" + PSA symmetric decryption multipart: AES-CBC-nopad, 7+9 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC cipher_decrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"a076ec9dfbe47d52afc357336f20743b":7:0:16:"6bc1bee22e409f96e93d7e117393172a" diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index ae4045c74..e392ecc66 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -3347,7 +3347,11 @@ void cipher_encrypt( int alg_arg, int key_type_arg, PSA_ASSERT( psa_cipher_encrypt_setup( &operation, handle, alg ) ); - PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) ); + if( iv->len > 0 ) + { + PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) ); + } + output_buffer_size = ( (size_t) input->len + PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) ); ASSERT_ALLOC( output, output_buffer_size ); @@ -3410,7 +3414,11 @@ void cipher_encrypt_multipart( int alg_arg, int key_type_arg, PSA_ASSERT( psa_cipher_encrypt_setup( &operation, handle, alg ) ); - PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) ); + if( iv->len > 0 ) + { + PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) ); + } + output_buffer_size = ( (size_t) input->len + PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) ); ASSERT_ALLOC( output, output_buffer_size ); @@ -3479,7 +3487,9 @@ void cipher_decrypt_multipart( int alg_arg, int key_type_arg, PSA_ASSERT( psa_cipher_decrypt_setup( &operation, handle, alg ) ); - PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) ); + if( iv->len > 0 ) { + PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) ); + } output_buffer_size = ( (size_t) input->len + PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) ); @@ -3546,7 +3556,9 @@ void cipher_decrypt( int alg_arg, int key_type_arg, PSA_ASSERT( psa_cipher_decrypt_setup( &operation, handle, alg ) ); - PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) ); + if( iv->len > 0 ) { + PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) ); + } output_buffer_size = ( (size_t) input->len + PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) ); @@ -3613,9 +3625,11 @@ void cipher_verify_output( int alg_arg, int key_type_arg, PSA_ASSERT( psa_cipher_decrypt_setup( &operation2, handle, alg ) ); - PSA_ASSERT( psa_cipher_generate_iv( &operation1, - iv, iv_size, - &iv_length ) ); + if( alg != PSA_ALG_ECB_NO_PADDING ) { + PSA_ASSERT( psa_cipher_generate_iv( &operation1, + iv, iv_size, + &iv_length ) ); + } output1_size = ( (size_t) input->len + PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) ); ASSERT_ALLOC( output1, output1_size ); @@ -3635,8 +3649,11 @@ void cipher_verify_output( int alg_arg, int key_type_arg, output2_size = output1_length; ASSERT_ALLOC( output2, output2_size ); - PSA_ASSERT( psa_cipher_set_iv( &operation2, - iv, iv_length ) ); + if( iv_length > 0 ) { + PSA_ASSERT( psa_cipher_set_iv( &operation2, + iv, iv_length ) ); + } + PSA_ASSERT( psa_cipher_update( &operation2, output1, output1_length, output2, output2_size, &output2_length ) ); @@ -3698,9 +3715,12 @@ void cipher_verify_output_multipart( int alg_arg, PSA_ASSERT( psa_cipher_decrypt_setup( &operation2, handle, alg ) ); - PSA_ASSERT( psa_cipher_generate_iv( &operation1, - iv, iv_size, - &iv_length ) ); + if( alg != PSA_ALG_ECB_NO_PADDING ) { + PSA_ASSERT( psa_cipher_generate_iv( &operation1, + iv, iv_size, + &iv_length ) ); + } + output1_buffer_size = ( (size_t) input->len + PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) ); ASSERT_ALLOC( output1, output1_buffer_size ); @@ -3730,8 +3750,10 @@ void cipher_verify_output_multipart( int alg_arg, output2_buffer_size = output1_length; ASSERT_ALLOC( output2, output2_buffer_size ); - PSA_ASSERT( psa_cipher_set_iv( &operation2, - iv, iv_length ) ); + if( iv_length > 0 ) { + PSA_ASSERT( psa_cipher_set_iv( &operation2, + iv, iv_length ) ); + } PSA_ASSERT( psa_cipher_update( &operation2, output1, first_part_size, output2, output2_buffer_size, diff --git a/tests/suites/test_suite_psa_crypto_metadata.data b/tests/suites/test_suite_psa_crypto_metadata.data index f8889833b..e36ddb9a1 100644 --- a/tests/suites/test_suite_psa_crypto_metadata.data +++ b/tests/suites/test_suite_psa_crypto_metadata.data @@ -122,6 +122,10 @@ Cipher: OFB depends_on:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_OFB cipher_algorithm:PSA_ALG_OFB:ALG_IS_STREAM_CIPHER +Cipher: ECB-nopad +depends_on:MBEDTLS_CIPHER_C +cipher_algorithm:PSA_ALG_ECB_NO_PADDING:0 + Cipher: CBC-nopad depends_on:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC cipher_algorithm:PSA_ALG_CBC_NO_PADDING:0 From 2a48b53ee761c31441b69a121b8e19da474074e4 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Mon, 6 Jul 2020 14:42:39 +0200 Subject: [PATCH 2/5] Added changelog entry for AES-ECB in PSA Signed-off-by: Steven Cooreman --- ChangeLog.d/add-aes-ecb-to-psa.txt | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 ChangeLog.d/add-aes-ecb-to-psa.txt diff --git a/ChangeLog.d/add-aes-ecb-to-psa.txt b/ChangeLog.d/add-aes-ecb-to-psa.txt new file mode 100644 index 000000000..2fa57ad8e --- /dev/null +++ b/ChangeLog.d/add-aes-ecb-to-psa.txt @@ -0,0 +1,2 @@ +Features + * Added support for AES-ECB to the PSA Crypto cipher API. From a6033e92af97504c1f69a8ec0e0263281420268d Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Tue, 25 Aug 2020 11:47:50 +0200 Subject: [PATCH 3/5] Style and language fixes Signed-off-by: Steven Cooreman --- ChangeLog.d/add-aes-ecb-to-psa.txt | 2 +- include/mbedtls/psa_util.h | 2 +- include/psa/crypto_values.h | 15 +++++++++-- library/psa_crypto.c | 13 +++++++--- tests/suites/test_suite_psa_crypto.function | 28 ++++++++++----------- 5 files changed, 38 insertions(+), 22 deletions(-) diff --git a/ChangeLog.d/add-aes-ecb-to-psa.txt b/ChangeLog.d/add-aes-ecb-to-psa.txt index 2fa57ad8e..b0de67c4e 100644 --- a/ChangeLog.d/add-aes-ecb-to-psa.txt +++ b/ChangeLog.d/add-aes-ecb-to-psa.txt @@ -1,2 +1,2 @@ Features - * Added support for AES-ECB to the PSA Crypto cipher API. + * Add support for ECB to the PSA cipher API. diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index a8c15a03c..aa944b63b 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -86,7 +86,7 @@ static inline psa_algorithm_t mbedtls_psa_translate_cipher_mode( switch( mode ) { case MBEDTLS_MODE_ECB: - return ( PSA_ALG_ECB_NO_PADDING ); + return( PSA_ALG_ECB_NO_PADDING ); case MBEDTLS_MODE_GCM: return( PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, taglen ) ); case MBEDTLS_MODE_CCM: diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 786a3bb17..db5188743 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -981,11 +981,22 @@ #define PSA_ALG_XTS ((psa_algorithm_t)0x044000ff) /** The Electronic Code Book (ECB) mode of a block cipher, with no padding. + * + * \warning ECB mode does not protect the confidentiality of the encrypted data + * except in extremely narrow circumstances. It is recommended that applications + * only use ECB if they need to construct an operating mode that the + * implementation does not provide. Implementations are encouraged to provide + * the modes that applications need in preference to supporting direct access + * to ECB. * * The underlying block cipher is determined by the key type. * - * This symmetric cipher mode can only be used with messages whose lengths - * are whole number of blocks for the chosen block cipher. + * This symmetric cipher mode can only be used with messages whose lengths are a + * multiple of the block size of the chosen block cipher. + * + * ECB mode does not accept an initialization vector (IV). When using a + * multi-part cipher operation with this algorithm, psa_cipher_generate_iv() + * and psa_cipher_set_iv() must not be called. */ #define PSA_ALG_ECB_NO_PADDING ((psa_algorithm_t)0x04404400) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 9362ef0ba..f3bd87693 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3749,9 +3749,12 @@ static psa_status_t psa_cipher_init( psa_cipher_operation_t *operation, operation->alg = alg; operation->key_set = 0; operation->iv_set = 0; - if( alg == PSA_ALG_ECB_NO_PADDING ) { + if( alg == PSA_ALG_ECB_NO_PADDING ) + { operation->iv_required = 0; - } else { + } + else + { operation->iv_required = 1; } operation->iv_size = 0; @@ -3844,7 +3847,8 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation, operation->key_set = 1; operation->block_size = ( PSA_ALG_IS_STREAM_CIPHER( alg ) ? 1 : PSA_BLOCK_CIPHER_BLOCK_SIZE( slot->attr.type ) ); - if( alg & PSA_ALG_CIPHER_FROM_BLOCK_FLAG && alg != PSA_ALG_ECB_NO_PADDING ) + if( ( alg & PSA_ALG_CIPHER_FROM_BLOCK_FLAG ) != 0 && + alg != PSA_ALG_ECB_NO_PADDING ) { operation->iv_size = PSA_BLOCK_CIPHER_BLOCK_SIZE( slot->attr.type ); } @@ -4002,7 +4006,8 @@ psa_status_t psa_cipher_finish( psa_cipher_operation_t *operation, { if( operation->alg == PSA_ALG_ECB_NO_PADDING || ( operation->alg == PSA_ALG_CBC_NO_PADDING && - operation->ctx.cipher.operation == MBEDTLS_ENCRYPT ) ) { + operation->ctx.cipher.operation == MBEDTLS_ENCRYPT ) ) + { status = PSA_ERROR_INVALID_ARGUMENT; goto error; } diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index e392ecc66..e75d6518e 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -3349,7 +3349,7 @@ void cipher_encrypt( int alg_arg, int key_type_arg, if( iv->len > 0 ) { - PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) ); + PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) ); } output_buffer_size = ( (size_t) input->len + @@ -3416,7 +3416,7 @@ void cipher_encrypt_multipart( int alg_arg, int key_type_arg, if( iv->len > 0 ) { - PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) ); + PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) ); } output_buffer_size = ( (size_t) input->len + @@ -3488,7 +3488,7 @@ void cipher_decrypt_multipart( int alg_arg, int key_type_arg, handle, alg ) ); if( iv->len > 0 ) { - PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) ); + PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) ); } output_buffer_size = ( (size_t) input->len + @@ -3557,7 +3557,7 @@ void cipher_decrypt( int alg_arg, int key_type_arg, handle, alg ) ); if( iv->len > 0 ) { - PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) ); + PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) ); } output_buffer_size = ( (size_t) input->len + @@ -3626,9 +3626,9 @@ void cipher_verify_output( int alg_arg, int key_type_arg, handle, alg ) ); if( alg != PSA_ALG_ECB_NO_PADDING ) { - PSA_ASSERT( psa_cipher_generate_iv( &operation1, - iv, iv_size, - &iv_length ) ); + PSA_ASSERT( psa_cipher_generate_iv( &operation1, + iv, iv_size, + &iv_length ) ); } output1_size = ( (size_t) input->len + PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) ); @@ -3650,8 +3650,8 @@ void cipher_verify_output( int alg_arg, int key_type_arg, ASSERT_ALLOC( output2, output2_size ); if( iv_length > 0 ) { - PSA_ASSERT( psa_cipher_set_iv( &operation2, - iv, iv_length ) ); + PSA_ASSERT( psa_cipher_set_iv( &operation2, + iv, iv_length ) ); } PSA_ASSERT( psa_cipher_update( &operation2, output1, output1_length, @@ -3716,9 +3716,9 @@ void cipher_verify_output_multipart( int alg_arg, handle, alg ) ); if( alg != PSA_ALG_ECB_NO_PADDING ) { - PSA_ASSERT( psa_cipher_generate_iv( &operation1, - iv, iv_size, - &iv_length ) ); + PSA_ASSERT( psa_cipher_generate_iv( &operation1, + iv, iv_size, + &iv_length ) ); } output1_buffer_size = ( (size_t) input->len + @@ -3751,8 +3751,8 @@ void cipher_verify_output_multipart( int alg_arg, ASSERT_ALLOC( output2, output2_buffer_size ); if( iv_length > 0 ) { - PSA_ASSERT( psa_cipher_set_iv( &operation2, - iv, iv_length ) ); + PSA_ASSERT( psa_cipher_set_iv( &operation2, + iv, iv_length ) ); } PSA_ASSERT( psa_cipher_update( &operation2, output1, first_part_size, From ffecb7b982a5b6c7c214eb3c677c66068b2940fb Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Tue, 25 Aug 2020 15:13:13 +0200 Subject: [PATCH 4/5] Implement support for multipart ECB and add tests Signed-off-by: Steven Cooreman --- library/psa_crypto.c | 84 +++++++++++++++++++++++-- tests/suites/test_suite_psa_crypto.data | 64 +++++++++++++++++-- 2 files changed, 139 insertions(+), 9 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index f3bd87693..04614d1af 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3945,9 +3945,9 @@ psa_status_t psa_cipher_update( psa_cipher_operation_t *operation, size_t output_size, size_t *output_length ) { - psa_status_t status; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; size_t expected_output_size; + size_t internal_output_length; if( operation->alg == 0 ) { @@ -3975,9 +3975,83 @@ psa_status_t psa_cipher_update( psa_cipher_operation_t *operation, goto exit; } - ret = mbedtls_cipher_update( &operation->ctx.cipher, input, - input_length, output, output_length ); - status = mbedtls_to_psa_error( ret ); + if( operation->alg == PSA_ALG_ECB_NO_PADDING ) + { + /* mbedtls_cipher_update has an API inconsistency: it will only + * process a single block at a time in ECB mode. Abstract away that + * inconsistency here to match the PSA API behaviour. */ + *output_length = 0; + + if( input_length == 0 ) + { + status = PSA_SUCCESS; + goto exit; + } + + if( expected_output_size > 0 ) + { + size_t ctx_bytes = operation->ctx.cipher.unprocessed_len; + if( ctx_bytes > 0 ) + { + /* Fill up to block size and run the block */ + size_t bytes_to_copy = operation->block_size - ctx_bytes; + memcpy( &( operation->ctx.cipher.unprocessed_data[ctx_bytes] ), + input, bytes_to_copy ); + input_length -= bytes_to_copy; + input += bytes_to_copy; + operation->ctx.cipher.unprocessed_len = 0; + + status = mbedtls_to_psa_error( + mbedtls_cipher_update( &operation->ctx.cipher, + operation->ctx.cipher.unprocessed_data, + operation->block_size, + output, &internal_output_length ) ); + + if( status != PSA_SUCCESS ) + goto exit; + + output += internal_output_length; + output_size -= internal_output_length; + *output_length += internal_output_length; + } + + size_t blocks = input_length / operation->block_size; + for( ; blocks > 0; blocks-- ) + { + /* Run all full blocks we have, one by one */ + status = mbedtls_to_psa_error( + mbedtls_cipher_update( &operation->ctx.cipher, input, + operation->block_size, + output, &internal_output_length ) ); + + if( status != PSA_SUCCESS ) + goto exit; + + input_length -= operation->block_size; + input += operation->block_size; + + output += internal_output_length; + output_size -= internal_output_length; + *output_length += internal_output_length; + } + } + + if( input_length > 0 ) + { + /* Save unprocessed bytes for later processing */ + memcpy( &( operation->ctx.cipher.unprocessed_data[operation->ctx.cipher.unprocessed_len] ), + input, input_length ); + operation->ctx.cipher.unprocessed_len += input_length; + } + + status = PSA_SUCCESS; + } + else + { + status = mbedtls_to_psa_error( + mbedtls_cipher_update( &operation->ctx.cipher, input, + input_length, output, output_length ) ); + } exit: if( status != PSA_SUCCESS ) psa_cipher_abort( operation ); diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 61338e92c..44a69b989 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -1126,10 +1126,18 @@ PSA cipher: bad order function calls depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC cipher_bad_order: +PSA symmetric encrypt: AES-ECB, 0 bytes, good +depends_on:MBEDTLS_AES_C +cipher_encrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"":"":PSA_SUCCESS + PSA symmetric encrypt: AES-ECB, 16 bytes, good depends_on:MBEDTLS_AES_C cipher_encrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"6bc1bee22e409f96e93d7e117393172a":"3ad77bb40d7a3660a89ecaf32466ef97":PSA_SUCCESS +PSA symmetric encrypt: AES-ECB, 32 bytes, good +depends_on:MBEDTLS_AES_C +cipher_encrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"6bc1bee22e409f96e93d7e117393172a3ad77bb40d7a3660a89ecaf32466ef97":"3ad77bb40d7a3660a89ecaf32466ef972249a2638c6f1c755a84f9681a9f08c1":PSA_SUCCESS + PSA symmetric encrypt: AES-CBC-nopad, 16 bytes, good depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC cipher_encrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":"a076ec9dfbe47d52afc357336f20743b":PSA_SUCCESS @@ -1142,6 +1150,10 @@ PSA symmetric encrypt: AES-CBC-PKCS#7, 15 bytes, good depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC cipher_encrypt:PSA_ALG_CBC_PKCS7:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":"6279b49d7f7a8dd87b685175d4276e24":PSA_SUCCESS +PSA symmetric encrypt: AES-ECB, input too short (15 bytes) +depends_on:MBEDTLS_AES_C +cipher_encrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"6bc1bee22e409f96e93d7e11739317":"3ad77bb40d7a3660a89ecaf32466ef":PSA_ERROR_INVALID_ARGUMENT + PSA symmetric encrypt: AES-CBC-nopad, input too short depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC cipher_encrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee223":"6bc1bee223":PSA_ERROR_INVALID_ARGUMENT @@ -1166,10 +1178,26 @@ PSA symmetric encrypt: 3-key 3DES-CBC-nopad, 8 bytes, good depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC cipher_encrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce31323437383b3d3e":"2a2a2a2a2a2a2a2a":"eda4011239bc3ac9":"817ca7d69b80d86a":PSA_SUCCESS +PSA symmetric encrypt: 2-key 3DES-ECB, 8 bytes, good +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC +cipher_encrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce":"":"c78e2b38139610e3":"5d0652429c5b0ac7":PSA_SUCCESS + +PSA symmetric encrypt: 3-key 3DES-ECB, 8 bytes, good +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC +cipher_encrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce31323437383b3d3e":"":"c78e2b38139610e3":"817ca7d69b80d86a":PSA_SUCCESS + +PSA symmetric decrypt: AES-ECB, 0 bytes, good +depends_on:MBEDTLS_AES_C +cipher_decrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"":"":PSA_SUCCESS + PSA symmetric decrypt: AES-ECB, 16 bytes, good depends_on:MBEDTLS_AES_C cipher_decrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"396ee84fb75fdbb5c2b13c7fe5a654aa":"63cecc46a382414d5fa7d2b79387437f":PSA_SUCCESS +PSA symmetric decrypt: AES-ECB, 32 bytes, good +depends_on:MBEDTLS_AES_C +cipher_decrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"3ad77bb40d7a3660a89ecaf32466ef972249a2638c6f1c755a84f9681a9f08c1":"6bc1bee22e409f96e93d7e117393172a3ad77bb40d7a3660a89ecaf32466ef97":PSA_SUCCESS + PSA symmetric decrypt: AES-CBC-nopad, 16 bytes, good depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC cipher_decrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"396ee84fb75fdbb5c2b13c7fe5a654aa":"49e4e66c89a86b67758df89db9ad6955":PSA_SUCCESS @@ -1190,6 +1218,10 @@ PSA symmetric decrypt: AES-CTR, 16 bytes, good depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_MODE_CTR cipher_decrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"396ee84fb75fdbb5c2b13c7fe5a654aa":"dd3b5e5319b7591daab1e1a92687feb2":PSA_SUCCESS +PSA symmetric decrypt: AES-ECB, input too short (15 bytes) +depends_on:MBEDTLS_AES_C +cipher_decrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"396ee84fb75fdbb5c2b13c7fe5a654":"63cecc46a382414d5fa7d2b7938743":PSA_ERROR_INVALID_ARGUMENT + PSA symmetric decrypt: AES-CBC-nopad, input too short (5 bytes) depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC cipher_decrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee223":"6bc1bee223":PSA_ERROR_BAD_STATE @@ -1206,6 +1238,14 @@ PSA symmetric decrypt: 3-key 3DES-CBC-nopad, 8 bytes, good depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC cipher_decrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce31323437383b3d3e":"2a2a2a2a2a2a2a2a":"817ca7d69b80d86a":"eda4011239bc3ac9":PSA_SUCCESS +PSA symmetric decrypt: 2-key 3DES-ECB, 8 bytes, good +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC +cipher_decrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce":"":"5d0652429c5b0ac7":"c78e2b38139610e3":PSA_SUCCESS + +PSA symmetric decrypt: 3-key 3DES-ECB, 8 bytes, good +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC +cipher_decrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce31323437383b3d3e":"":"817ca7d69b80d86a":"c78e2b38139610e3":PSA_SUCCESS + PSA symmetric encrypt/decrypt: AES-ECB, 16 bytes, good depends_on:MBEDTLS_AES_C cipher_verify_output:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a" @@ -1230,6 +1270,14 @@ PSA symmetric encryption multipart: AES-ECB, 16+16 bytes depends_on:MBEDTLS_AES_C cipher_encrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":16:16:16:"3ad77bb40d7a3660a89ecaf32466ef9755ed5e9e066820fa52c729886d18854c" +PSA symmetric encryption multipart: AES-ECB, 13+19 bytes +depends_on:MBEDTLS_AES_C +cipher_encrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":13:0:32:"3ad77bb40d7a3660a89ecaf32466ef9755ed5e9e066820fa52c729886d18854c" + +PSA symmetric encryption multipart: AES-ECB, 24+12 bytes +depends_on:MBEDTLS_AES_C +cipher_encrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":24:16:16:"3ad77bb40d7a3660a89ecaf32466ef9755ed5e9e066820fa52c729886d18854c" + PSA symmetric encryption multipart: AES-CBC-nopad, 7+9 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC cipher_encrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":7:0:16:"a076ec9dfbe47d52afc357336f20743b" @@ -1298,6 +1346,14 @@ PSA symmetric decryption multipart: AES-ECB, 16+16 bytes depends_on:MBEDTLS_AES_C cipher_decrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"3ad77bb40d7a3660a89ecaf32466ef9755ed5e9e066820fa52c729886d18854c":16:16:16:"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef" +PSA symmetric decryption multipart: AES-ECB, 11+21 bytes +depends_on:MBEDTLS_AES_C +cipher_decrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"3ad77bb40d7a3660a89ecaf32466ef9755ed5e9e066820fa52c729886d18854c":11:0:32:"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef" + +PSA symmetric decryption multipart: AES-ECB, 28+4 bytes +depends_on:MBEDTLS_AES_C +cipher_decrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"3ad77bb40d7a3660a89ecaf32466ef9755ed5e9e066820fa52c729886d18854c":28:16:16:"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef" + PSA symmetric decryption multipart: AES-CBC-nopad, 7+9 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC cipher_decrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"a076ec9dfbe47d52afc357336f20743b":7:0:16:"6bc1bee22e409f96e93d7e117393172a" @@ -1326,19 +1382,19 @@ PSA symmetric encryption multipart: AES-CTR, 11+5 bytes [#2] depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":11:11:5:"8f9408fe80a81d3e813da3c7b0b2bd32" -PSA symmetric encryption multipart: AES-CTR, 16+16 bytes [#2] +PSA symmetric decryption multipart: AES-CTR, 16+16 bytes [#2] depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":16:16:16:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587" -PSA symmetric encryption multipart: AES-CTR, 12+20 bytes [#2] +PSA symmetric decryption multipart: AES-CTR, 12+20 bytes [#2] depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":12:12:20:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587" -PSA symmetric encryption multipart: AES-CTR, 20+12 bytes [#2] +PSA symmetric decryption multipart: AES-CTR, 20+12 bytes [#2] depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":20:20:12:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587" -PSA symmetric encryption multipart: AES-CTR, 12+10 bytes [#2] +PSA symmetric decryption multipart: AES-CTR, 12+10 bytes [#2] depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597":12:12:10:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7b" From 177deba54b923d05359dcdd5ece0851f3e3375af Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Mon, 7 Sep 2020 17:14:14 +0200 Subject: [PATCH 5/5] Fix style and pull out ECB processing in separate function Signed-off-by: Steven Cooreman --- library/psa_crypto.c | 160 ++++++++++++-------- tests/suites/test_suite_psa_crypto.data | 22 +-- tests/suites/test_suite_psa_crypto.function | 18 ++- 3 files changed, 117 insertions(+), 83 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 04614d1af..d64a9dd9e 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3938,6 +3938,94 @@ exit: return( status ); } +/* Process input for which the algorithm is set to ECB mode. This requires + * manual processing, since the PSA API is defined as being able to process + * arbitrary-length calls to psa_cipher_update() with ECB mode, but the + * underlying mbedtls_cipher_update only takes full blocks. */ +static psa_status_t psa_cipher_update_ecb_internal( + mbedtls_cipher_context_t *ctx, + const uint8_t *input, + size_t input_length, + uint8_t *output, + size_t output_size, + size_t *output_length ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + size_t block_size = ctx->cipher_info->block_size; + size_t internal_output_length = 0; + *output_length = 0; + + if( input_length == 0 ) + { + status = PSA_SUCCESS; + goto exit; + } + + if( ctx->unprocessed_len > 0 ) + { + /* Fill up to block size, and run the block if there's a full one. */ + size_t bytes_to_copy = block_size - ctx->unprocessed_len; + + if( input_length < bytes_to_copy ) + bytes_to_copy = input_length; + + memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), + input, bytes_to_copy ); + input_length -= bytes_to_copy; + input += bytes_to_copy; + ctx->unprocessed_len += bytes_to_copy; + + if( ctx->unprocessed_len == block_size ) + { + status = mbedtls_to_psa_error( + mbedtls_cipher_update( ctx, + ctx->unprocessed_data, + block_size, + output, &internal_output_length ) ); + + if( status != PSA_SUCCESS ) + goto exit; + + output += internal_output_length; + output_size -= internal_output_length; + *output_length += internal_output_length; + ctx->unprocessed_len = 0; + } + } + + while( input_length >= block_size ) + { + /* Run all full blocks we have, one by one */ + status = mbedtls_to_psa_error( + mbedtls_cipher_update( ctx, input, + block_size, + output, &internal_output_length ) ); + + if( status != PSA_SUCCESS ) + goto exit; + + input_length -= block_size; + input += block_size; + + output += internal_output_length; + output_size -= internal_output_length; + *output_length += internal_output_length; + } + + if( input_length > 0 ) + { + /* Save unprocessed bytes for later processing */ + memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), + input, input_length ); + ctx->unprocessed_len += input_length; + } + + status = PSA_SUCCESS; + +exit: + return( status ); +} + psa_status_t psa_cipher_update( psa_cipher_operation_t *operation, const uint8_t *input, size_t input_length, @@ -3947,7 +4035,6 @@ psa_status_t psa_cipher_update( psa_cipher_operation_t *operation, { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; size_t expected_output_size; - size_t internal_output_length; if( operation->alg == 0 ) { @@ -3980,71 +4067,12 @@ psa_status_t psa_cipher_update( psa_cipher_operation_t *operation, /* mbedtls_cipher_update has an API inconsistency: it will only * process a single block at a time in ECB mode. Abstract away that * inconsistency here to match the PSA API behaviour. */ - *output_length = 0; - - if( input_length == 0 ) - { - status = PSA_SUCCESS; - goto exit; - } - - if( expected_output_size > 0 ) - { - size_t ctx_bytes = operation->ctx.cipher.unprocessed_len; - if( ctx_bytes > 0 ) - { - /* Fill up to block size and run the block */ - size_t bytes_to_copy = operation->block_size - ctx_bytes; - memcpy( &( operation->ctx.cipher.unprocessed_data[ctx_bytes] ), - input, bytes_to_copy ); - input_length -= bytes_to_copy; - input += bytes_to_copy; - operation->ctx.cipher.unprocessed_len = 0; - - status = mbedtls_to_psa_error( - mbedtls_cipher_update( &operation->ctx.cipher, - operation->ctx.cipher.unprocessed_data, - operation->block_size, - output, &internal_output_length ) ); - - if( status != PSA_SUCCESS ) - goto exit; - - output += internal_output_length; - output_size -= internal_output_length; - *output_length += internal_output_length; - } - - size_t blocks = input_length / operation->block_size; - for( ; blocks > 0; blocks-- ) - { - /* Run all full blocks we have, one by one */ - status = mbedtls_to_psa_error( - mbedtls_cipher_update( &operation->ctx.cipher, input, - operation->block_size, - output, &internal_output_length ) ); - - if( status != PSA_SUCCESS ) - goto exit; - - input_length -= operation->block_size; - input += operation->block_size; - - output += internal_output_length; - output_size -= internal_output_length; - *output_length += internal_output_length; - } - } - - if( input_length > 0 ) - { - /* Save unprocessed bytes for later processing */ - memcpy( &( operation->ctx.cipher.unprocessed_data[operation->ctx.cipher.unprocessed_len] ), - input, input_length ); - operation->ctx.cipher.unprocessed_len += input_length; - } - - status = PSA_SUCCESS; + status = psa_cipher_update_ecb_internal( &operation->ctx.cipher, + input, + input_length, + output, + output_size, + output_length ); } else { diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 44a69b989..86f6bc71c 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -1152,7 +1152,7 @@ cipher_encrypt:PSA_ALG_CBC_PKCS7:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4 PSA symmetric encrypt: AES-ECB, input too short (15 bytes) depends_on:MBEDTLS_AES_C -cipher_encrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"6bc1bee22e409f96e93d7e11739317":"3ad77bb40d7a3660a89ecaf32466ef":PSA_ERROR_INVALID_ARGUMENT +cipher_encrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"6bc1bee22e409f96e93d7e11739317":"":PSA_ERROR_INVALID_ARGUMENT PSA symmetric encrypt: AES-CBC-nopad, input too short depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC @@ -1306,23 +1306,23 @@ PSA symmetric encryption multipart: AES-CBC-nopad, 20+12 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC cipher_encrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":20:16:16:"a076ec9dfbe47d52afc357336f20743b89906f2f9207ac02aa658cb4ef19c61f" -PSA symmetric encryption multipart: AES-CTR, 11+5 bytes [#1] +PSA symmetric encryption multipart: AES-CTR, 11+5 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":11:11:5:"8f9408fe80a81d3e813da3c7b0b2bd32" -PSA symmetric encryption multipart: AES-CTR, 16+16 bytes [#1] +PSA symmetric encryption multipart: AES-CTR, 16+16 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":16:16:16:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587" -PSA symmetric encryption multipart: AES-CTR, 12+20 bytes [#1] +PSA symmetric encryption multipart: AES-CTR, 12+20 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":12:12:20:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587" -PSA symmetric encryption multipart: AES-CTR, 20+12 bytes [#1] +PSA symmetric encryption multipart: AES-CTR, 20+12 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":20:20:12:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587" -PSA symmetric encryption multipart: AES-CTR, 12+10 bytes [#1] +PSA symmetric encryption multipart: AES-CTR, 12+10 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597":12:12:10:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7b" @@ -1378,23 +1378,23 @@ PSA symmetric decryption multipart: AES-CBC-nopad, 20+12 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC cipher_decrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"a076ec9dfbe47d52afc357336f20743b89906f2f9207ac02aa658cb4ef19c61f":20:16:16:"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef" -PSA symmetric encryption multipart: AES-CTR, 11+5 bytes [#2] +PSA symmetric decryption multipart: AES-CTR, 11+5 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":11:11:5:"8f9408fe80a81d3e813da3c7b0b2bd32" -PSA symmetric decryption multipart: AES-CTR, 16+16 bytes [#2] +PSA symmetric decryption multipart: AES-CTR, 16+16 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":16:16:16:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587" -PSA symmetric decryption multipart: AES-CTR, 12+20 bytes [#2] +PSA symmetric decryption multipart: AES-CTR, 12+20 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":12:12:20:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587" -PSA symmetric decryption multipart: AES-CTR, 20+12 bytes [#2] +PSA symmetric decryption multipart: AES-CTR, 20+12 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":20:20:12:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587" -PSA symmetric decryption multipart: AES-CTR, 12+10 bytes [#2] +PSA symmetric decryption multipart: AES-CTR, 12+10 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597":12:12:10:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7b" diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index e75d6518e..ae61ea99a 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -3487,7 +3487,8 @@ void cipher_decrypt_multipart( int alg_arg, int key_type_arg, PSA_ASSERT( psa_cipher_decrypt_setup( &operation, handle, alg ) ); - if( iv->len > 0 ) { + if( iv->len > 0 ) + { PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) ); } @@ -3556,7 +3557,8 @@ void cipher_decrypt( int alg_arg, int key_type_arg, PSA_ASSERT( psa_cipher_decrypt_setup( &operation, handle, alg ) ); - if( iv->len > 0 ) { + if( iv->len > 0 ) + { PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) ); } @@ -3625,7 +3627,8 @@ void cipher_verify_output( int alg_arg, int key_type_arg, PSA_ASSERT( psa_cipher_decrypt_setup( &operation2, handle, alg ) ); - if( alg != PSA_ALG_ECB_NO_PADDING ) { + if( alg != PSA_ALG_ECB_NO_PADDING ) + { PSA_ASSERT( psa_cipher_generate_iv( &operation1, iv, iv_size, &iv_length ) ); @@ -3649,7 +3652,8 @@ void cipher_verify_output( int alg_arg, int key_type_arg, output2_size = output1_length; ASSERT_ALLOC( output2, output2_size ); - if( iv_length > 0 ) { + if( iv_length > 0 ) + { PSA_ASSERT( psa_cipher_set_iv( &operation2, iv, iv_length ) ); } @@ -3715,7 +3719,8 @@ void cipher_verify_output_multipart( int alg_arg, PSA_ASSERT( psa_cipher_decrypt_setup( &operation2, handle, alg ) ); - if( alg != PSA_ALG_ECB_NO_PADDING ) { + if( alg != PSA_ALG_ECB_NO_PADDING ) + { PSA_ASSERT( psa_cipher_generate_iv( &operation1, iv, iv_size, &iv_length ) ); @@ -3750,7 +3755,8 @@ void cipher_verify_output_multipart( int alg_arg, output2_buffer_size = output1_length; ASSERT_ALLOC( output2, output2_buffer_size ); - if( iv_length > 0 ) { + if( iv_length > 0 ) + { PSA_ASSERT( psa_cipher_set_iv( &operation2, iv, iv_length ) ); }