AuroraMiddleware/mbedtls
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Remove internal aead_verify endpoint

Browse Source 
The internal verify endpoint was only calling the finish endpoint to get
a tag to compare against the tag passed in. Moved this logic to the
driver wrapper (still allowing a driver to call verify if required) and
removed the internal implementation endpoint.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
This commit is contained in:
Paul Elliott 2021-07-20 18:25:54 +01:00
parent 32925b9e5b
commit 315628d91a
3 changed files with 25 additions and 152 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

78
library/psa_crypto_aead.c
View File

@ -607,18 +607,6 @@ psa_status_t mbedtls_psa_aead_update(
return( status );
}
/* Common checks for both mbedtls_psa_aead_finish() and
mbedtls_psa_aead_verify() */
static psa_status_t mbedtls_psa_aead_finish_checks(
mbedtls_psa_aead_operation_t *operation,
size_t tag_size )
{
if( tag_size < operation->tag_length )
return ( PSA_ERROR_BUFFER_TOO_SMALL );
return ( PSA_SUCCESS );
}
/* Finish encrypting a message in a multipart AEAD operation. */
psa_status_t mbedtls_psa_aead_finish(
mbedtls_psa_aead_operation_t *operation,
@ -632,10 +620,8 @@ psa_status_t mbedtls_psa_aead_finish(
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
size_t finish_output_size = 0;
status = mbedtls_psa_aead_finish_checks( operation, tag_size );
if( status != PSA_SUCCESS )
return status;
if( tag_size < operation->tag_length )
return( PSA_ERROR_BUFFER_TOO_SMALL );
#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
if( operation->alg == PSA_ALG_GCM )
@ -672,66 +658,6 @@ psa_status_t mbedtls_psa_aead_finish(
return ( status );
}
/* Finish authenticating and decrypting a message in a multipart AEAD
* operation.*/
psa_status_t mbedtls_psa_aead_verify(
mbedtls_psa_aead_operation_t *operation,
uint8_t *plaintext,
size_t plaintext_size,
size_t *plaintext_length,
const uint8_t *tag,
size_t tag_length )
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
size_t finish_output_size = 0;
int do_tag_check = 1;
uint8_t check_tag[PSA_AEAD_TAG_MAX_SIZE];
status = mbedtls_psa_aead_finish_checks( operation, tag_length );
if( status != PSA_SUCCESS )
return status;
#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
if( operation->alg == PSA_ALG_GCM )
/* Call finish to get the tag for comparison */
status = mbedtls_to_psa_error(
mbedtls_gcm_finish( &operation->ctx.gcm,
plaintext, plaintext_size,
check_tag, operation->tag_length ) );
else
#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
if( operation->alg == PSA_ALG_CHACHA20_POLY1305 )
// call finish to get the tag for comparison.
status = mbedtls_to_psa_error(
mbedtls_chachapoly_finish( &operation->ctx.chachapoly,
check_tag ) );
else
#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
{
( void ) plaintext;
( void ) plaintext_size;
( void ) plaintext_length;
( void ) tag;
( void ) tag_length;
return ( PSA_ERROR_NOT_SUPPORTED );
}
if( status == PSA_SUCCESS )
{
*plaintext_length = finish_output_size;
if( do_tag_check && ( tag_length != operation->tag_length ||
mbedtls_psa_safer_memcmp(tag, check_tag, tag_length) != 0 ) )
status = PSA_ERROR_INVALID_SIGNATURE;
}
return ( status );
}
/* Abort an AEAD operation */
psa_status_t mbedtls_psa_aead_abort(
mbedtls_psa_aead_operation_t *operation )

71
library/psa_crypto_aead.h
View File

@ -491,77 +491,6 @@ psa_status_t mbedtls_psa_aead_finish(
size_t tag_size,
size_t *tag_length );
/** Finish authenticating and decrypting a message in an AEAD operation.
*
* \note The signature of this function is that of a PSA driver
* aead_verify entry point. This function behaves as an aead_verify entry
* point as defined in the PSA driver interface specification for
* transparent drivers.
*
* The operation must have been set up by the PSA core with
* mbedtls_psa_aead_decrypt_setup().
*
* This function finishes the authenticated decryption of the message
* components:
*
* - The additional data consisting of the concatenation of the inputs
* passed to preceding calls to mbedtls_psa_aead_update_ad().
* - The ciphertext consisting of the concatenation of the inputs passed to
* preceding calls to mbedtls_psa_aead_update().
* - The tag passed to this function call.
*
* If the authentication tag is correct, this function outputs any remaining
* plaintext and reports success. If the authentication tag is not correct,
* this function returns #PSA_ERROR_INVALID_SIGNATURE.
*
* Whether or not this function returns successfully, the PSA core subsequently
* calls mbedtls_psa_aead_abort() to deactivate the operation.
*
* \note Implementations shall make the best effort to ensure that the
* comparison between the actual tag and the expected tag is performed
* in constant time.
*
* \param[in,out] operation Active AEAD operation.
* \param[out] plaintext Buffer where the last part of the plaintext
* is to be written. This is the remaining data
* from previous calls to mbedtls_psa_aead_update()
* that could not be processed until the end
* of the input.
* \param plaintext_size Size of the \p plaintext buffer in bytes.
* This must be appropriate for the selected
* algorithm and key:
* - A sufficient output size is
* #PSA_AEAD_VERIFY_OUTPUT_SIZE(\c key_type,
* \c alg) where \c key_type is the type of key
* and \c alg is the algorithm that were used to
* set up the operation.
* - #PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE evaluates to
* the maximum output size of any supported AEAD
* algorithm.
* \param[out] plaintext_length On success, the number of bytes of
* returned plaintext.
* \param[in] tag Buffer containing the authentication tag.
* \param tag_length Size of the \p tag buffer in bytes.
*
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_INVALID_SIGNATURE
* The calculations were successful, but the authentication tag is
* not correct.
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p tag buffer is too small.
* #PSA_AEAD_TAG_LENGTH(\c key_type, key_bits, \c alg) or
* #PSA_AEAD_TAG_MAX_SIZE can be used to determine the required \p tag
* buffer size.
*/
psa_status_t mbedtls_psa_aead_verify(
mbedtls_psa_aead_operation_t *operation,
uint8_t *plaintext,
size_t plaintext_size,
size_t *plaintext_length,
const uint8_t *tag,
size_t tag_length );
/** Abort an AEAD operation.
*
* \note The signature of this function is that of a PSA driver

28
library/psa_crypto_driver_wrappers.c
View File

@ -1739,11 +1739,29 @@ psa_status_t psa_driver_wrapper_aead_verify(
{
#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
return( mbedtls_psa_aead_verify( &operation->ctx.mbedtls_ctx,
plaintext,
plaintext_size,
plaintext_length,
tag, tag_length ) );
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
uint8_t check_tag[PSA_AEAD_TAG_MAX_SIZE];
size_t check_tag_length;
status = mbedtls_psa_aead_finish( &operation->ctx.mbedtls_ctx,
plaintext,
plaintext_size,
plaintext_length,
check_tag,
tag_length,
&check_tag_length );
if( status == PSA_SUCCESS )
{
if( tag_length != check_tag_length ||
mbedtls_psa_safer_memcmp( tag, check_tag, tag_length )
!= 0 )
status = PSA_ERROR_INVALID_SIGNATURE;
}
return( status );
}
#endif /* MBEDTLS_PSA_BUILTIN_AEAD */