diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 18ef3d7b1..7d16523a9 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -866,6 +866,13 @@ #define PSA_ALG_MAC_TRUNCATION_MASK ((psa_algorithm_t)0x003f0000) #define PSA_MAC_TRUNCATION_OFFSET 16 +/* In the encoding of a MAC algorithm, the bit corresponding to + * #PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG encodes the fact that the algorithm + * is a wildcard algorithm, which allows any algorithm corresponding to the + * same base class and having a (potentially truncated) MAC length greater or + * equal than the one encoded in #PSA_ALG_MAC_TRUNCATION_MASK. */ +#define PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG ((psa_algorithm_t)0x00008000) + /** Macro to build a truncated MAC algorithm. * * A truncated MAC algorithm is identical to the corresponding MAC @@ -900,7 +907,7 @@ * too large for the specified MAC algorithm. */ #define PSA_ALG_TRUNCATED_MAC(mac_alg, mac_length) \ - (((mac_alg) & ~(PSA_ALG_MAC_TRUNCATION_MASK | PSA_ALG_MAC_MINIMUM_LENGTH_FLAG)) | \ + (((mac_alg) & ~(PSA_ALG_MAC_TRUNCATION_MASK | PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG)) | \ ((mac_length) << PSA_MAC_TRUNCATION_OFFSET & PSA_ALG_MAC_TRUNCATION_MASK)) /** Macro to build the base MAC algorithm corresponding to a truncated @@ -916,7 +923,7 @@ * MAC algorithm. */ #define PSA_ALG_FULL_LENGTH_MAC(mac_alg) \ - ((mac_alg) & ~(PSA_ALG_MAC_TRUNCATION_MASK | PSA_ALG_MAC_MINIMUM_LENGTH_FLAG)) + ((mac_alg) & ~(PSA_ALG_MAC_TRUNCATION_MASK | PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG)) /** Length to which a MAC algorithm is truncated. * @@ -932,13 +939,6 @@ #define PSA_MAC_TRUNCATED_LENGTH(mac_alg) \ (((mac_alg) & PSA_ALG_MAC_TRUNCATION_MASK) >> PSA_MAC_TRUNCATION_OFFSET) -/* In the encoding of a MAC algorithm, the bit corresponding to - * #PSA_ALG_MAC_MINIMUM_LENGTH_FLAG encodes the fact that the algorithm is - * a wildcard algorithm, which allows any algorithm corresponding to the same - * base class and having a (potentially truncated) MAC length greater or equal - * than the one encoded in #PSA_ALG_MAC_TRUNCATION_MASK. */ -#define PSA_ALG_MAC_MINIMUM_LENGTH_FLAG ((psa_algorithm_t)0x00008000) - /** Macro to build a MAC minimum-MAC-length wildcard algorithm. * * A mininimum-MAC-length MAC wildcard algorithm permits all MAC algorithms @@ -964,7 +964,7 @@ * too large for the specified MAC algorithm. */ #define PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(mac_alg, min_mac_length) \ - ( PSA_ALG_TRUNCATED_MAC(mac_alg, min_mac_length) | PSA_ALG_MAC_MINIMUM_LENGTH_FLAG ) + ( PSA_ALG_TRUNCATED_MAC(mac_alg, min_mac_length) | PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG ) #define PSA_ALG_CIPHER_MAC_BASE ((psa_algorithm_t)0x03c00000) /** The CBC-MAC construction over a block cipher @@ -1126,6 +1126,13 @@ #define PSA_ALG_AEAD_TAG_LENGTH_MASK ((psa_algorithm_t)0x003f0000) #define PSA_AEAD_TAG_LENGTH_OFFSET 16 +/* In the encoding of an AEAD algorithm, the bit corresponding to + * #PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG encodes the fact that the algorithm + * is a wildcard algorithm, which allows any algorithm corresponding to the + * same base class and having a tag length greater than or equal to the one + * encoded in #PSA_ALG_AEAD_TAG_LENGTH_MASK. */ +#define PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG ((psa_algorithm_t)0x00008000) + /** Macro to build a shortened AEAD algorithm. * * A shortened AEAD algorithm is similar to the corresponding AEAD @@ -1145,7 +1152,7 @@ * for the specified AEAD algorithm. */ #define PSA_ALG_AEAD_WITH_SHORTENED_TAG(aead_alg, tag_length) \ - (((aead_alg) & ~(PSA_ALG_AEAD_TAG_LENGTH_MASK | PSA_ALG_AEAD_MINIMUM_LENGTH_FLAG)) | \ + (((aead_alg) & ~(PSA_ALG_AEAD_TAG_LENGTH_MASK | PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG)) | \ ((tag_length) << PSA_AEAD_TAG_LENGTH_OFFSET & \ PSA_ALG_AEAD_TAG_LENGTH_MASK)) @@ -1183,13 +1190,6 @@ PSA_ALG_AEAD_WITH_SHORTENED_TAG(ref, 0) ? \ ref : -/* In the encoding of an AEAD algorithm, the bit corresponding to - * #PSA_ALG_AEAD_MINIMUM_LENGTH_FLAG encodes the fact that the algorithm is - * a wildcard algorithm, which allows any algorithm corresponding to the same - * base class and having a tag length greater than or equal to the one encoded - * in #PSA_ALG_AEAD_TAG_LENGTH_MASK. */ -#define PSA_ALG_AEAD_MINIMUM_LENGTH_FLAG ((psa_algorithm_t)0x00008000) - /** Macro to build an AEAD minimum-tag-length wildcard algorithm. * * A mininimum-tag-length AEAD wildcard algorithm permits all AEAD algorithms @@ -1215,7 +1215,7 @@ * or too large for the specified AEAD algorithm. */ #define PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(aead_alg, min_tag_length) \ - ( PSA_ALG_AEAD_WITH_SHORTENED_TAG(aead_alg, min_tag_length) | PSA_ALG_AEAD_MINIMUM_LENGTH_FLAG ) + ( PSA_ALG_AEAD_WITH_SHORTENED_TAG(aead_alg, min_tag_length) | PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG ) #define PSA_ALG_RSA_PKCS1V15_SIGN_BASE ((psa_algorithm_t)0x06000200) /** RSA PKCS#1 v1.5 signature with hashing. @@ -1663,13 +1663,13 @@ * \return This macro may return either 0 or 1 if \c alg is not a supported * algorithm identifier. */ -#define PSA_ALG_IS_WILDCARD(alg) \ - (PSA_ALG_IS_HASH_AND_SIGN(alg) ? \ - PSA_ALG_SIGN_GET_HASH(alg) == PSA_ALG_ANY_HASH : \ - PSA_ALG_IS_MAC(alg) ? \ - (alg & PSA_ALG_MAC_MINIMUM_LENGTH_FLAG) != 0 : \ - PSA_ALG_IS_AEAD(alg) ? \ - (alg & PSA_ALG_AEAD_MINIMUM_LENGTH_FLAG) != 0 : \ +#define PSA_ALG_IS_WILDCARD(alg) \ + (PSA_ALG_IS_HASH_AND_SIGN(alg) ? \ + PSA_ALG_SIGN_GET_HASH(alg) == PSA_ALG_ANY_HASH : \ + PSA_ALG_IS_MAC(alg) ? \ + (alg & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG) != 0 : \ + PSA_ALG_IS_AEAD(alg) ? \ + (alg & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG) != 0 : \ (alg) == PSA_ALG_ANY_HASH) /**@}*/ diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 0375cca12..ffb6ef4b6 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -686,18 +686,18 @@ static psa_algorithm_t psa_key_policy_algorithm_intersection( size_t max_len = alg1_len > alg2_len ? alg1_len : alg2_len; /* If both are wildcards, return most restrictive wildcard */ - if( ( ( alg1 & PSA_ALG_AEAD_MINIMUM_LENGTH_FLAG ) != 0 ) && - ( ( alg2 & PSA_ALG_AEAD_MINIMUM_LENGTH_FLAG ) != 0 ) ) + if( ( ( alg1 & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG ) != 0 ) && + ( ( alg2 & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG ) != 0 ) ) { return( PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG( alg1, max_len ) ); } /* If only one is a wildcard, return specific algorithm if compatible. */ - if( ( ( alg1 & PSA_ALG_AEAD_MINIMUM_LENGTH_FLAG ) != 0 ) && + if( ( ( alg1 & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG ) != 0 ) && ( alg1_len <= alg2_len ) ) { return( alg2 ); } - if( ( ( alg2 & PSA_ALG_AEAD_MINIMUM_LENGTH_FLAG ) != 0 ) && + if( ( ( alg2 & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG ) != 0 ) && ( alg2_len <= alg1_len ) ) { return( alg1 ); @@ -715,8 +715,8 @@ static psa_algorithm_t psa_key_policy_algorithm_intersection( size_t max_len = alg1_len > alg2_len ? alg1_len : alg2_len; /* If both are wildcards, return most restricitve wildcard */ - if( ( ( alg1 & PSA_ALG_MAC_MINIMUM_LENGTH_FLAG ) != 0 ) && - ( ( alg2 & PSA_ALG_MAC_MINIMUM_LENGTH_FLAG ) != 0 ) ) + if( ( ( alg1 & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG ) != 0 ) && + ( ( alg2 & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG ) != 0 ) ) { return( PSA_ALG_AT_LEAST_THIS_LENGTH_MAC( alg1, max_len ) ); } @@ -724,13 +724,13 @@ static psa_algorithm_t psa_key_policy_algorithm_intersection( * Special case: specific MAC algorithm with '0' as length means full- * length MAC, which is always allowed by a wildcard with the same * base algorithm. */ - if( ( ( alg1 & PSA_ALG_MAC_MINIMUM_LENGTH_FLAG ) != 0 ) && + if( ( ( alg1 & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG ) != 0 ) && ( ( alg1_len <= alg2_len ) || ( alg2 == PSA_ALG_FULL_LENGTH_MAC( alg1 ) ) ) ) { return( alg2 ); } - if( ( ( alg2 & PSA_ALG_MAC_MINIMUM_LENGTH_FLAG ) != 0 ) && + if( ( ( alg2 & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG ) != 0 ) && ( ( alg2_len <= alg1_len ) || ( alg1 == PSA_ALG_FULL_LENGTH_MAC( alg2 ) ) ) ) { @@ -766,7 +766,7 @@ static int psa_key_algorithm_permits( psa_algorithm_t policy_alg, PSA_ALG_IS_AEAD( requested_alg ) && ( PSA_ALG_AEAD_WITH_SHORTENED_TAG( policy_alg, 0 ) == PSA_ALG_AEAD_WITH_SHORTENED_TAG( requested_alg, 0 ) ) && - ( ( policy_alg & PSA_ALG_AEAD_MINIMUM_LENGTH_FLAG ) != 0 ) ) + ( ( policy_alg & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG ) != 0 ) ) { return( PSA_ALG_AEAD_GET_TAG_LENGTH( policy_alg ) <= PSA_ALG_AEAD_GET_TAG_LENGTH( requested_alg ) ); @@ -778,7 +778,7 @@ static int psa_key_algorithm_permits( psa_algorithm_t policy_alg, PSA_ALG_IS_MAC( requested_alg ) && ( PSA_ALG_FULL_LENGTH_MAC( policy_alg ) == PSA_ALG_FULL_LENGTH_MAC( requested_alg ) ) && - ( ( policy_alg & PSA_ALG_MAC_MINIMUM_LENGTH_FLAG ) != 0 ) ) + ( ( policy_alg & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG ) != 0 ) ) { /* Special case: full-length MAC is encoded with 0-length. * A minimum-length policy will always allow a full-length MAC. */ diff --git a/programs/psa/psa_constant_names_generated.c b/programs/psa/psa_constant_names_generated.c index b12ef0ae3..b1a801f74 100644 --- a/programs/psa/psa_constant_names_generated.c +++ b/programs/psa/psa_constant_names_generated.c @@ -150,7 +150,7 @@ static int psa_snprint_algorithm(char *buffer, size_t buffer_size, unsigned long length_modifier = NO_LENGTH_MODIFIER; if (PSA_ALG_IS_MAC(alg)) { core_alg = PSA_ALG_TRUNCATED_MAC(alg, 0); - if (alg & PSA_ALG_MAC_MINIMUM_LENGTH_FLAG) { + if (alg & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG) { append(&buffer, buffer_size, &required_size, "PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(", 33); length_modifier = PSA_MAC_TRUNCATED_LENGTH(alg); @@ -163,7 +163,7 @@ static int psa_snprint_algorithm(char *buffer, size_t buffer_size, } } else if (PSA_ALG_IS_AEAD(alg)) { core_alg = PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG(alg); - if (alg & PSA_ALG_AEAD_MINIMUM_LENGTH_FLAG) { + if (alg & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG) { if (core_alg == 0) { /* For unknown AEAD algorithms, there is no "default tag length". */ core_alg = alg; diff --git a/scripts/generate_psa_constants.py b/scripts/generate_psa_constants.py index ddcf6253a..644fbad5d 100755 --- a/scripts/generate_psa_constants.py +++ b/scripts/generate_psa_constants.py @@ -100,7 +100,7 @@ static int psa_snprint_algorithm(char *buffer, size_t buffer_size, unsigned long length_modifier = NO_LENGTH_MODIFIER; if (PSA_ALG_IS_MAC(alg)) { core_alg = PSA_ALG_TRUNCATED_MAC(alg, 0); - if (alg & PSA_ALG_MAC_MINIMUM_LENGTH_FLAG) { + if (alg & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG) { append(&buffer, buffer_size, &required_size, "PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(", 33); length_modifier = PSA_MAC_TRUNCATED_LENGTH(alg); @@ -113,7 +113,7 @@ static int psa_snprint_algorithm(char *buffer, size_t buffer_size, } } else if (PSA_ALG_IS_AEAD(alg)) { core_alg = PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG(alg); - if (alg & PSA_ALG_AEAD_MINIMUM_LENGTH_FLAG) { + if (alg & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG) { if (core_alg == 0) { /* For unknown AEAD algorithms, there is no "default tag length". */ core_alg = alg;