Add what little was missing to fully support DES
Also add what was missing in the test suite to support block ciphers with a block size that isn't 16. Fix some buggy test data that passed only due to problems with DES support in the product.
This commit is contained in:
parent
9a94480685
commit
9ad29e2bee
@ -1102,10 +1102,17 @@ static const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa(
|
||||
cipher_id_tmp = MBEDTLS_CIPHER_ID_AES;
|
||||
break;
|
||||
case PSA_KEY_TYPE_DES:
|
||||
/* key_bits is 64 for Single-DES, 128 for two-key Triple-DES,
|
||||
* and 192 for three-key Triple-DES. */
|
||||
if( key_bits == 64 )
|
||||
cipher_id_tmp = MBEDTLS_CIPHER_ID_DES;
|
||||
else
|
||||
cipher_id_tmp = MBEDTLS_CIPHER_ID_3DES;
|
||||
/* mbedtls doesn't recognize two-key Triple-DES as an algorithm,
|
||||
* but two-key Triple-DES is functionally three-key Triple-DES
|
||||
* with K1=K3, so that's how we present it to mbedtls. */
|
||||
if( key_bits == 128 )
|
||||
key_bits = 192;
|
||||
break;
|
||||
case PSA_KEY_TYPE_CAMELLIA:
|
||||
cipher_id_tmp = MBEDTLS_CIPHER_ID_CAMELLIA;
|
||||
@ -1975,8 +1982,24 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation,
|
||||
return( mbedtls_to_psa_error( ret ) );
|
||||
}
|
||||
|
||||
ret = mbedtls_cipher_setkey( &operation->ctx.cipher, slot->data.raw.data,
|
||||
key_bits, cipher_operation );
|
||||
#if defined(MBEDTLS_DES_C)
|
||||
if( key_type == PSA_KEY_TYPE_DES && key_bits == 128 )
|
||||
{
|
||||
/* Two-key Triple-DES is 3-key Triple-DES with K1=K3 */
|
||||
unsigned char keys[24];
|
||||
memcpy( keys, slot->data.raw.data, 16 );
|
||||
memcpy( keys + 16, slot->data.raw.data, 8 );
|
||||
ret = mbedtls_cipher_setkey( &operation->ctx.cipher,
|
||||
keys,
|
||||
192, cipher_operation );
|
||||
}
|
||||
else
|
||||
#endif
|
||||
{
|
||||
ret = mbedtls_cipher_setkey( &operation->ctx.cipher,
|
||||
slot->data.raw.data,
|
||||
key_bits, cipher_operation );
|
||||
}
|
||||
if( ret != 0 )
|
||||
{
|
||||
psa_cipher_abort( operation );
|
||||
|
@ -178,10 +178,10 @@ PSA MAC setup: invalid key type, HMAC-SHA-256
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
mac_setup:PSA_KEY_TYPE_RAW_DATA:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_ERROR_INVALID_ARGUMENT
|
||||
|
||||
PSA MAC setup: incompatible key DES for CMAC
|
||||
depends_on:MBEDTLS_DES_C:MBEDTLS_CMAC_C
|
||||
PSA MAC setup: incompatible key HMAC for CMAC
|
||||
depends_on:MBEDTLS_CMAC_C
|
||||
# Either INVALID_ARGUMENT or NOT_SUPPORTED would be reasonable here
|
||||
mac_setup:PSA_KEY_TYPE_DES:"000102030405060708090a0b0c0d0e0f":PSA_ALG_CMAC:PSA_ERROR_NOT_SUPPORTED
|
||||
mac_setup:PSA_KEY_TYPE_HMAC:"000102030405060708090a0b0c0d0e0f":PSA_ALG_CMAC:PSA_ERROR_NOT_SUPPORTED
|
||||
|
||||
PSA MAC verify: HMAC-SHA-256
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
@ -333,6 +333,18 @@ PSA symmetric encrypt: AES-CTR, 15 bytes, good
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_MODE_CTR
|
||||
cipher_encrypt:PSA_ALG_CTR | PSA_ALG_BLOCK_CIPHER_PAD_NONE:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e11739317":"8f9408fe80a81d3e813da3c7b0b2bd":PSA_SUCCESS
|
||||
|
||||
PSA symmetric encrypt: DES-CBC-nopad, 8 bytes, good
|
||||
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
|
||||
cipher_encrypt:PSA_ALG_CBC_BASE | PSA_ALG_BLOCK_CIPHER_PAD_NONE:PSA_KEY_TYPE_DES:"01020407080b0d0e":"eda4011239bc3ac9":"64f917b0152f8f05":PSA_SUCCESS
|
||||
|
||||
PSA symmetric encrypt: 2-key 3DES-CBC-nopad, 8 bytes, good
|
||||
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
|
||||
cipher_encrypt:PSA_ALG_CBC_BASE | PSA_ALG_BLOCK_CIPHER_PAD_NONE:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce":"eda4011239bc3ac9":"5d0652429c5b0ac7":PSA_SUCCESS
|
||||
|
||||
PSA symmetric encrypt: 3-key 3DES-CBC-nopad, 8 bytes, good
|
||||
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
|
||||
cipher_encrypt:PSA_ALG_CBC_BASE | PSA_ALG_BLOCK_CIPHER_PAD_NONE:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce31323437383b3d3e":"eda4011239bc3ac9":"817ca7d69b80d86a":PSA_SUCCESS
|
||||
|
||||
PSA symmetric decrypt: AES-CBC-nopad, 16 bytes, good
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
|
||||
cipher_decrypt:PSA_ALG_CBC_BASE | PSA_ALG_BLOCK_CIPHER_PAD_NONE:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"396ee84fb75fdbb5c2b13c7fe5a654aa":"49e4e66c89a86b67758df89db9ad6955":PSA_SUCCESS
|
||||
@ -357,6 +369,18 @@ PSA symmetric decrypt: AES-CBC-nopad, input too short (5 bytes)
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
|
||||
cipher_decrypt:PSA_ALG_CBC_BASE | PSA_ALG_BLOCK_CIPHER_PAD_NONE:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee223":"6bc1bee223":PSA_ERROR_BAD_STATE
|
||||
|
||||
PSA symmetric decrypt: DES-CBC-nopad, 8 bytes, good
|
||||
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
|
||||
cipher_decrypt:PSA_ALG_CBC_BASE | PSA_ALG_BLOCK_CIPHER_PAD_NONE:PSA_KEY_TYPE_DES:"01020407080b0d0e":"64f917b0152f8f05":"eda4011239bc3ac9":PSA_SUCCESS
|
||||
|
||||
PSA symmetric decrypt: 2-key 3DES-CBC-nopad, 8 bytes, good
|
||||
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
|
||||
cipher_decrypt:PSA_ALG_CBC_BASE | PSA_ALG_BLOCK_CIPHER_PAD_NONE:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce":"5d0652429c5b0ac7":"eda4011239bc3ac9":PSA_SUCCESS
|
||||
|
||||
PSA symmetric decrypt: 3-key 3DES-CBC-nopad, 8 bytes, good
|
||||
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
|
||||
cipher_decrypt:PSA_ALG_CBC_BASE | PSA_ALG_BLOCK_CIPHER_PAD_NONE:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce31323437383b3d3e":"817ca7d69b80d86a":"eda4011239bc3ac9":PSA_SUCCESS
|
||||
|
||||
PSA symmetric encrypt/decrypt: AES-CBC-nopad, 16 bytes, good
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
|
||||
cipher_verify_output:PSA_ALG_CBC_BASE | PSA_ALG_BLOCK_CIPHER_PAD_NONE:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a"
|
||||
@ -600,11 +624,11 @@ generate_key:PSA_KEY_TYPE_DES:64:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT |
|
||||
|
||||
PSA generate key: DES, 128 bits, CBC-nopad
|
||||
depends_on:MBEDTLS_DES_C
|
||||
generate_key:PSA_KEY_TYPE_DES:64:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CBC_BASE | PSA_ALG_BLOCK_CIPHER_PAD_NONE:PSA_SUCCESS
|
||||
generate_key:PSA_KEY_TYPE_DES:128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CBC_BASE | PSA_ALG_BLOCK_CIPHER_PAD_NONE:PSA_SUCCESS
|
||||
|
||||
PSA generate key: DES, 192 bits, CBC-nopad
|
||||
depends_on:MBEDTLS_DES_C
|
||||
generate_key:PSA_KEY_TYPE_DES:64:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CBC_BASE | PSA_ALG_BLOCK_CIPHER_PAD_NONE:PSA_SUCCESS
|
||||
generate_key:PSA_KEY_TYPE_DES:192:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CBC_BASE | PSA_ALG_BLOCK_CIPHER_PAD_NONE:PSA_SUCCESS
|
||||
|
||||
PSA generate key: invalid key size: AES, 64 bits
|
||||
depends_on:MBEDTLS_AES_C
|
||||
|
@ -800,6 +800,7 @@ void cipher_encrypt( int alg_arg, int key_type_arg,
|
||||
psa_algorithm_t alg = alg_arg;
|
||||
psa_status_t expected_status = expected_status_arg;
|
||||
unsigned char iv[16] = {0};
|
||||
size_t iv_size;
|
||||
unsigned char *output = NULL;
|
||||
size_t output_buffer_size = 0;
|
||||
size_t function_output_length = 0;
|
||||
@ -813,7 +814,8 @@ void cipher_encrypt( int alg_arg, int key_type_arg,
|
||||
TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input->len ) );
|
||||
TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( expected_output->len ) );
|
||||
|
||||
memset( iv, 0x2a, sizeof( iv ) );
|
||||
iv_size = PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type );
|
||||
memset( iv, 0x2a, iv_size );
|
||||
|
||||
TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
|
||||
|
||||
@ -824,7 +826,7 @@ void cipher_encrypt( int alg_arg, int key_type_arg,
|
||||
key_slot, alg ) == PSA_SUCCESS );
|
||||
|
||||
TEST_ASSERT( psa_encrypt_set_iv( &operation,
|
||||
iv, sizeof( iv ) ) == PSA_SUCCESS );
|
||||
iv, iv_size ) == PSA_SUCCESS );
|
||||
output_buffer_size = input->len + operation.block_size;
|
||||
output = mbedtls_calloc( 1, output_buffer_size );
|
||||
TEST_ASSERT( output != NULL );
|
||||
@ -867,6 +869,7 @@ void cipher_encrypt_multipart( int alg_arg, int key_type_arg,
|
||||
psa_key_type_t key_type = key_type_arg;
|
||||
psa_algorithm_t alg = alg_arg;
|
||||
unsigned char iv[16] = {0};
|
||||
size_t iv_size;
|
||||
unsigned char *output = NULL;
|
||||
size_t output_buffer_size = 0;
|
||||
size_t function_output_length = 0;
|
||||
@ -880,7 +883,8 @@ void cipher_encrypt_multipart( int alg_arg, int key_type_arg,
|
||||
TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input->len ) );
|
||||
TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( expected_output->len ) );
|
||||
|
||||
memset( iv, 0x2a, sizeof( iv ) );
|
||||
iv_size = PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type );
|
||||
memset( iv, 0x2a, iv_size );
|
||||
|
||||
TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
|
||||
|
||||
@ -937,6 +941,7 @@ void cipher_decrypt_multipart( int alg_arg, int key_type_arg,
|
||||
psa_key_type_t key_type = key_type_arg;
|
||||
psa_algorithm_t alg = alg_arg;
|
||||
unsigned char iv[16] = {0};
|
||||
size_t iv_size;
|
||||
unsigned char *output = NULL;
|
||||
size_t output_buffer_size = 0;
|
||||
size_t function_output_length = 0;
|
||||
@ -950,7 +955,8 @@ void cipher_decrypt_multipart( int alg_arg, int key_type_arg,
|
||||
TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input->len ) );
|
||||
TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( expected_output->len ) );
|
||||
|
||||
memset( iv, 0x2a, sizeof( iv ) );
|
||||
iv_size = PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type );
|
||||
memset( iv, 0x2a, iv_size );
|
||||
|
||||
TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
|
||||
|
||||
@ -1009,6 +1015,7 @@ void cipher_decrypt( int alg_arg, int key_type_arg,
|
||||
psa_algorithm_t alg = alg_arg;
|
||||
psa_status_t expected_status = expected_status_arg;
|
||||
unsigned char iv[16] = {0};
|
||||
size_t iv_size;
|
||||
unsigned char *output = NULL;
|
||||
size_t output_buffer_size = 0;
|
||||
size_t function_output_length = 0;
|
||||
@ -1022,7 +1029,8 @@ void cipher_decrypt( int alg_arg, int key_type_arg,
|
||||
TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( input->len ) );
|
||||
TEST_ASSERT( PSA_CRYPTO_TEST_SIZE_T_RANGE( expected_output->len ) );
|
||||
|
||||
memset( iv, 0x2a, sizeof( iv ) );
|
||||
iv_size = PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type );
|
||||
memset( iv, 0x2a, iv_size );
|
||||
|
||||
TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
|
||||
|
||||
@ -1033,7 +1041,7 @@ void cipher_decrypt( int alg_arg, int key_type_arg,
|
||||
key_slot, alg ) == PSA_SUCCESS );
|
||||
|
||||
TEST_ASSERT( psa_encrypt_set_iv( &operation,
|
||||
iv, sizeof( iv ) ) == PSA_SUCCESS );
|
||||
iv, iv_size ) == PSA_SUCCESS );
|
||||
|
||||
output_buffer_size = input->len + operation.block_size;
|
||||
output = mbedtls_calloc( 1, output_buffer_size );
|
||||
|
Loading…
Reference in New Issue
Block a user