diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 3e3c5eb3c..7794e7a49 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -51,6 +51,8 @@ #include "mbedtls/bignum.h" #include "mbedtls/blowfish.h" #include "mbedtls/camellia.h" +#include "mbedtls/chacha20.h" +#include "mbedtls/chachapoly.h" #include "mbedtls/cipher.h" #include "mbedtls/ccm.h" #include "mbedtls/cmac.h" @@ -179,6 +181,14 @@ static psa_status_t mbedtls_to_psa_error( int ret ) case MBEDTLS_ERR_CCM_HW_ACCEL_FAILED: return( PSA_ERROR_HARDWARE_FAILURE ); + case MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA: + return( PSA_ERROR_INVALID_ARGUMENT ); + + case MBEDTLS_ERR_CHACHAPOLY_BAD_STATE: + return( PSA_ERROR_BAD_STATE ); + case MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED: + return( PSA_ERROR_INVALID_SIGNATURE ); + case MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE: return( PSA_ERROR_NOT_SUPPORTED ); case MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA: @@ -465,6 +475,12 @@ static psa_status_t prepare_raw_data_slot( psa_key_type_t type, if( bits < 8 || bits > 2048 ) return( PSA_ERROR_INVALID_ARGUMENT ); break; +#endif +#if defined(MBEDTLS_CHACHA20_C) + case PSA_KEY_TYPE_CHACHA20: + if( bits != 256 ) + return( PSA_ERROR_INVALID_ARGUMENT ); + break; #endif default: return( PSA_ERROR_NOT_SUPPORTED ); @@ -2026,6 +2042,7 @@ static const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa( switch( alg ) { case PSA_ALG_ARC4: + case PSA_ALG_CHACHA20: mode = MBEDTLS_MODE_STREAM; break; case PSA_ALG_CTR: @@ -2049,6 +2066,9 @@ static const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa( case PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 0 ): mode = MBEDTLS_MODE_GCM; break; + case PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_CHACHA20_POLY1305, 0 ): + mode = MBEDTLS_MODE_CHACHAPOLY; + break; default: return( NULL ); } @@ -2084,6 +2104,9 @@ static const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa( case PSA_KEY_TYPE_ARC4: cipher_id_tmp = MBEDTLS_CIPHER_ID_ARC4; break; + case PSA_KEY_TYPE_CHACHA20: + cipher_id_tmp = MBEDTLS_CIPHER_ID_CHACHA20; + break; default: return( NULL ); } @@ -3318,6 +3341,11 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation, { operation->iv_size = PSA_BLOCK_CIPHER_BLOCK_SIZE( slot->type ); } +#if defined(MBEDTLS_CHACHA20_C) + else + if( alg == PSA_ALG_CHACHA20 ) + operation->iv_size = 12; +#endif exit: if( status == 0 ) @@ -3631,6 +3659,9 @@ typedef struct #if defined(MBEDTLS_GCM_C) mbedtls_gcm_context gcm; #endif /* MBEDTLS_GCM_C */ +#if defined(MBEDTLS_CHACHAPOLY_C) + mbedtls_chachapoly_context chachapoly; +#endif /* MBEDTLS_CHACHAPOLY_C */ } ctx; psa_algorithm_t core_alg; uint8_t full_tag_length; @@ -3715,6 +3746,22 @@ static psa_status_t psa_aead_setup( aead_operation_t *operation, break; #endif /* MBEDTLS_GCM_C */ +#if defined(MBEDTLS_CHACHAPOLY_C) + case PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_CHACHA20_POLY1305, 0 ): + operation->core_alg = PSA_ALG_CHACHA20_POLY1305; + operation->full_tag_length = 16; + /* We only support the default tag length. */ + if( alg != PSA_ALG_CHACHA20_POLY1305 ) + return( PSA_ERROR_NOT_SUPPORTED ); + mbedtls_chachapoly_init( &operation->ctx.chachapoly ); + status = mbedtls_to_psa_error( + mbedtls_chachapoly_setkey( &operation->ctx.chachapoly, + operation->slot->data.raw.data ) ); + if( status != 0 ) + goto cleanup; + break; +#endif /* MBEDTLS_CHACHAPOLY_C */ + default: return( PSA_ERROR_NOT_SUPPORTED ); } @@ -3792,6 +3839,26 @@ psa_status_t psa_aead_encrypt( psa_key_handle_t handle, } else #endif /* MBEDTLS_CCM_C */ +#if defined(MBEDTLS_CHACHAPOLY_C) + if( operation.core_alg == PSA_ALG_CHACHA20_POLY1305 ) + { + if( nonce_length != 12 || operation.tag_length != 16 ) + { + status = PSA_ERROR_NOT_SUPPORTED; + goto exit; + } + status = mbedtls_to_psa_error( + mbedtls_chachapoly_encrypt_and_tag( &operation.ctx.chachapoly, + plaintext_length, + nonce, + additional_data, + additional_data_length, + plaintext, + ciphertext, + tag ) ); + } + else +#endif /* MBEDTLS_CHACHAPOLY_C */ { return( PSA_ERROR_NOT_SUPPORTED ); } @@ -3883,6 +3950,26 @@ psa_status_t psa_aead_decrypt( psa_key_handle_t handle, } else #endif /* MBEDTLS_CCM_C */ +#if defined(MBEDTLS_CHACHAPOLY_C) + if( operation.core_alg == PSA_ALG_CHACHA20_POLY1305 ) + { + if( nonce_length != 12 || operation.tag_length != 16 ) + { + status = PSA_ERROR_NOT_SUPPORTED; + goto exit; + } + status = mbedtls_to_psa_error( + mbedtls_chachapoly_auth_decrypt( &operation.ctx.chachapoly, + ciphertext_length - operation.tag_length, + nonce, + additional_data, + additional_data_length, + tag, + ciphertext, + plaintext ) ); + } + else +#endif /* MBEDTLS_CHACHAPOLY_C */ { return( PSA_ERROR_NOT_SUPPORTED ); } diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 6ea927ad4..6f81a8ea2 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -1100,6 +1100,26 @@ PSA symmetric encrypt/decrypt multipart: AES-CBC-PKCS#7 padding, 4+12 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 cipher_verify_output_multipart:PSA_ALG_CBC_PKCS7:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"a076ec9dfbe47d52afc357336f20743b":4 +PSA symmetric encrypt: ChaCha20, K=0 N=0 +depends_on:MBEDTLS_CHACHA20_C +cipher_encrypt:PSA_ALG_CHACHA20:PSA_KEY_TYPE_CHACHA20:"0000000000000000000000000000000000000000000000000000000000000000":"000000000000000000000000":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":"76b8e0ada0f13d90405d6ae55386bd28bdd219b8a08ded1aa836efcc8b770dc7da41597c5157488d7724e03fb8d84a376a43b8f41518a11cc387b669b2ee6586":PSA_SUCCESS + +PSA symmetric encrypt: ChaCha20, K=rand N=rand +depends_on:MBEDTLS_CHACHA20_C +cipher_encrypt:PSA_ALG_CHACHA20:PSA_KEY_TYPE_CHACHA20:"4bddc98c551a95395ef719557f813656b566bc45aac04eca3866324cc75489f2":"a170d9349d24955aa4501891":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":"9ba7d8de0c6b579fc436e368619e09228070d23246c836d6c6b4c476af6f5eb2b78fbe809d03f7881e6af28cfe3746e8dcf1eb7f762fe7d003141f1539a6cec4":PSA_SUCCESS + +PSA symmetric encryption multipart: ChaCha20, 14+50 bytes +depends_on:MBEDTLS_CHACHA20_C +cipher_encrypt_multipart:PSA_ALG_CHACHA20:PSA_KEY_TYPE_CHACHA20:"4bddc98c551a95395ef719557f813656b566bc45aac04eca3866324cc75489f2":"a170d9349d24955aa4501891":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":14:14:50:"9ba7d8de0c6b579fc436e368619e09228070d23246c836d6c6b4c476af6f5eb2b78fbe809d03f7881e6af28cfe3746e8dcf1eb7f762fe7d003141f1539a6cec4" + +PSA symmetric decrypt: ChaCha20, K=rand N=rand +depends_on:MBEDTLS_CHACHA20_C +cipher_decrypt:PSA_ALG_CHACHA20:PSA_KEY_TYPE_CHACHA20:"4bddc98c551a95395ef719557f813656b566bc45aac04eca3866324cc75489f2":"a170d9349d24955aa4501891":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":"9ba7d8de0c6b579fc436e368619e09228070d23246c836d6c6b4c476af6f5eb2b78fbe809d03f7881e6af28cfe3746e8dcf1eb7f762fe7d003141f1539a6cec4":PSA_SUCCESS + +PSA symmetric decryption multipart: ChaCha20, 14+50 bytes +depends_on:MBEDTLS_CHACHA20_C +cipher_decrypt_multipart:PSA_ALG_CHACHA20:PSA_KEY_TYPE_CHACHA20:"4bddc98c551a95395ef719557f813656b566bc45aac04eca3866324cc75489f2":"a170d9349d24955aa4501891":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":14:14:50:"9ba7d8de0c6b579fc436e368619e09228070d23246c836d6c6b4c476af6f5eb2b78fbe809d03f7881e6af28cfe3746e8dcf1eb7f762fe7d003141f1539a6cec4" + PSA AEAD encrypt/decrypt: AES-CCM, 19 bytes #1 depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":PSA_ALG_CCM:"000102030405060708090A0B":"000102030405060708090A0B":"0C0D0E0F101112131415161718191A1B1C1D1E":PSA_SUCCESS @@ -1280,10 +1300,26 @@ PSA AEAD decrypt: AES-GCM, invalid tag length 18 depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C aead_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, 18 ):"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_ARGUMENT +PSA AEAD encrypt: ChaCha20-Poly1305 (RFC7539) +depends_on:MBEDTLS_CHACHAPOLY_C +aead_encrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691" + +PSA AEAD decrypt: ChaCha20-Poly1305 (RFC7539, good tag) +depends_on:MBEDTLS_CHACHAPOLY_C +aead_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_SUCCESS + +PSA AEAD decrypt: ChaCha20-Poly1305 (RFC7539, bad tag) +depends_on:MBEDTLS_CHACHAPOLY_C +aead_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20_POLY1305:"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600690":"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e":PSA_ERROR_INVALID_SIGNATURE + PSA AEAD encrypt/decrypt: invalid algorithm (CTR) depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CTR:"000102030405060708090A0B0C0D0E0F":"":"":PSA_ERROR_NOT_SUPPORTED +PSA AEAD encrypt/decrypt: invalid algorithm (ChaCha20) +depends_on:MBEDTLS_CHACHA20_C +aead_encrypt_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_CHACHA20:"":"":"":PSA_ERROR_NOT_SUPPORTED + PSA signature size: RSA keypair, 1024 bits, PKCS#1 v1.5 raw signature_size:PSA_KEY_TYPE_RSA_KEYPAIR:1024:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:128