From e290f2ea1495ecdd35638fa1ab47b733c67d0634 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Sun, 2 Oct 2022 20:58:39 +0200 Subject: [PATCH 01/12] all.sh: add testing of AEAD drivers with libtestdriver1 Signed-off-by: Przemek Stekiel --- tests/scripts/all.sh | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 28a20d2b7..8d7bd5bf4 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1941,6 +1941,32 @@ component_test_psa_crypto_config_accel_cipher () { make test } +component_test_psa_crypto_config_accel_aead () { + msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated AEAD" + + # Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having + # partial support for cipher operations in the driver test library. + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING + + loc_accel_list="ALG_GCM ALG_CCM ALG_CHACHA20_POLY1305 KEY_TYPE_AES KEY_TYPE_CHACHA20" + loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) + make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" + + scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS + scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + + scripts/config.py unset MBEDTLS_MODE_GCM + scripts/config.py unset MBEDTLS_MODE_CCM + scripts/config.py unset MBEDTLS_MODE_CHACHAPOLY + + loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" + make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" + + msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated AEAD" + make test +} + component_test_psa_crypto_config_no_driver() { # full plus MBEDTLS_PSA_CRYPTO_CONFIG msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG minus MBEDTLS_PSA_CRYPTO_DRIVERS" From bd99a0221b15839f83c6b55083315e4f98e9e851 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Sun, 2 Oct 2022 21:01:23 +0200 Subject: [PATCH 02/12] test_driver_aead.c: add support for LIBTESTDRIVER1 tests Signed-off-by: Przemek Stekiel --- tests/src/drivers/test_driver_aead.c | 102 +++++++++++++++++++++++---- 1 file changed, 90 insertions(+), 12 deletions(-) diff --git a/tests/src/drivers/test_driver_aead.c b/tests/src/drivers/test_driver_aead.c index b5619603f..93a75f68a 100644 --- a/tests/src/drivers/test_driver_aead.c +++ b/tests/src/drivers/test_driver_aead.c @@ -25,6 +25,10 @@ #include "test/drivers/aead.h" +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) +#include "libtestdriver1/library/psa_crypto_aead.h" +#endif + mbedtls_test_driver_aead_hooks_t mbedtls_test_driver_aead_hooks = MBEDTLS_TEST_DRIVER_AEAD_INIT; @@ -46,7 +50,18 @@ psa_status_t mbedtls_test_transparent_aead_encrypt( } else { -#if defined(MBEDTLS_PSA_BUILTIN_AEAD) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD) + mbedtls_test_driver_aead_hooks.driver_status = + libtestdriver1_mbedtls_psa_aead_encrypt( + (const libtestdriver1_psa_key_attributes_t *)attributes, + key_buffer, key_buffer_size, + alg, + nonce, nonce_length, + additional_data, additional_data_length, + plaintext, plaintext_length, + ciphertext, ciphertext_size, ciphertext_length ); +#elif defined(MBEDTLS_PSA_BUILTIN_AEAD) mbedtls_test_driver_aead_hooks.driver_status = mbedtls_psa_aead_encrypt( attributes, key_buffer, key_buffer_size, @@ -94,7 +109,18 @@ psa_status_t mbedtls_test_transparent_aead_decrypt( } else { -#if defined(MBEDTLS_PSA_BUILTIN_AEAD) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD) + mbedtls_test_driver_aead_hooks.driver_status = + libtestdriver1_mbedtls_psa_aead_decrypt( + (const libtestdriver1_psa_key_attributes_t *)attributes, + key_buffer, key_buffer_size, + alg, + nonce, nonce_length, + additional_data, additional_data_length, + ciphertext, ciphertext_length, + plaintext, plaintext_size, plaintext_length ); +#elif defined(MBEDTLS_PSA_BUILTIN_AEAD) mbedtls_test_driver_aead_hooks.driver_status = mbedtls_psa_aead_decrypt( attributes, key_buffer, key_buffer_size, @@ -139,7 +165,14 @@ psa_status_t mbedtls_test_transparent_aead_encrypt_setup( } else { -#if defined(MBEDTLS_PSA_BUILTIN_AEAD) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD) + mbedtls_test_driver_aead_hooks.driver_status = + libtestdriver1_mbedtls_psa_aead_encrypt_setup( operation, + (const libtestdriver1_psa_key_attributes_t *)attributes, + key_buffer, + key_buffer_size, alg ); +#elif defined(MBEDTLS_PSA_BUILTIN_AEAD) mbedtls_test_driver_aead_hooks.driver_status = mbedtls_psa_aead_encrypt_setup( operation, attributes, key_buffer, key_buffer_size, alg ); @@ -171,7 +204,13 @@ psa_status_t mbedtls_test_transparent_aead_decrypt_setup( } else { -#if defined(MBEDTLS_PSA_BUILTIN_AEAD) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD) + mbedtls_test_driver_aead_hooks.driver_status = + libtestdriver1_mbedtls_psa_aead_decrypt_setup( operation, + (const libtestdriver1_psa_key_attributes_t *)attributes, + key_buffer, key_buffer_size, alg ); +#elif defined(MBEDTLS_PSA_BUILTIN_AEAD) mbedtls_test_driver_aead_hooks.driver_status = mbedtls_psa_aead_decrypt_setup( operation, attributes, key_buffer, key_buffer_size, alg ); @@ -202,7 +241,11 @@ psa_status_t mbedtls_test_transparent_aead_set_nonce( } else { -#if defined(MBEDTLS_PSA_BUILTIN_AEAD) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD) + mbedtls_test_driver_aead_hooks.driver_status = + libtestdriver1_mbedtls_psa_aead_set_nonce( operation, nonce, nonce_length ); +#elif defined(MBEDTLS_PSA_BUILTIN_AEAD) mbedtls_test_driver_aead_hooks.driver_status = mbedtls_psa_aead_set_nonce( operation, nonce, nonce_length ); #else @@ -230,7 +273,12 @@ psa_status_t mbedtls_test_transparent_aead_set_lengths( } else { -#if defined(MBEDTLS_PSA_BUILTIN_AEAD) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD) + mbedtls_test_driver_aead_hooks.driver_status = + libtestdriver1_mbedtls_psa_aead_set_lengths( operation, ad_length, + plaintext_length ); +#elif defined(MBEDTLS_PSA_BUILTIN_AEAD) mbedtls_test_driver_aead_hooks.driver_status = mbedtls_psa_aead_set_lengths( operation, ad_length, plaintext_length ); @@ -259,7 +307,11 @@ psa_status_t mbedtls_test_transparent_aead_update_ad( } else { -#if defined(MBEDTLS_PSA_BUILTIN_AEAD) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD) + mbedtls_test_driver_aead_hooks.driver_status = + libtestdriver1_mbedtls_psa_aead_update_ad( operation, input, input_length ); +#elif defined(MBEDTLS_PSA_BUILTIN_AEAD) mbedtls_test_driver_aead_hooks.driver_status = mbedtls_psa_aead_update_ad( operation, input, input_length ); #else @@ -290,7 +342,13 @@ psa_status_t mbedtls_test_transparent_aead_update( } else { -#if defined(MBEDTLS_PSA_BUILTIN_AEAD) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD) + mbedtls_test_driver_aead_hooks.driver_status = + libtestdriver1_mbedtls_psa_aead_update( operation, input, + input_length, output, + output_size, output_length ); +#elif defined(MBEDTLS_PSA_BUILTIN_AEAD) mbedtls_test_driver_aead_hooks.driver_status = mbedtls_psa_aead_update( operation, input, input_length, output, output_size, output_length ); @@ -326,7 +384,13 @@ psa_status_t mbedtls_test_transparent_aead_finish( } else { -#if defined(MBEDTLS_PSA_BUILTIN_AEAD) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD) + mbedtls_test_driver_aead_hooks.driver_status = + libtestdriver1_mbedtls_psa_aead_finish( operation, ciphertext, + ciphertext_size, ciphertext_length, + tag, tag_size, tag_length ); +#elif defined(MBEDTLS_PSA_BUILTIN_AEAD) mbedtls_test_driver_aead_hooks.driver_status = mbedtls_psa_aead_finish( operation, ciphertext, ciphertext_size, ciphertext_length, tag, tag_size, @@ -364,9 +428,19 @@ psa_status_t mbedtls_test_transparent_aead_verify( else { uint8_t check_tag[PSA_AEAD_TAG_MAX_SIZE]; - size_t check_tag_length; + size_t check_tag_length = 0; -#if defined(MBEDTLS_PSA_BUILTIN_AEAD) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD) + mbedtls_test_driver_aead_hooks.driver_status = + libtestdriver1_mbedtls_psa_aead_finish( operation, + plaintext, + plaintext_size, + plaintext_length, + check_tag, + sizeof( check_tag ), + &check_tag_length ); +#elif defined(MBEDTLS_PSA_BUILTIN_AEAD) mbedtls_test_driver_aead_hooks.driver_status = mbedtls_psa_aead_finish( operation, plaintext, @@ -410,7 +484,11 @@ psa_status_t mbedtls_test_transparent_aead_abort( } else { -#if defined(MBEDTLS_PSA_BUILTIN_AEAD) +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD) + mbedtls_test_driver_aead_hooks.driver_status = + libtestdriver1_mbedtls_psa_aead_abort( operation ); +#elif defined(MBEDTLS_PSA_BUILTIN_AEAD) mbedtls_test_driver_aead_hooks.driver_status = mbedtls_psa_aead_abort( operation ); #else From ff1efc9a8472513511caab8fe676151a035f0431 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Sun, 2 Oct 2022 21:12:17 +0200 Subject: [PATCH 03/12] psa_aead_check_nonce_length: Fix unused variable warining Signed-off-by: Przemek Stekiel --- library/psa_crypto.c | 1 + 1 file changed, 1 insertion(+) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 4a0bd8331..e45b5d70a 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3592,6 +3592,7 @@ static psa_status_t psa_aead_check_nonce_length( psa_algorithm_t alg, break; #endif /* PSA_WANT_ALG_CHACHA20_POLY1305 */ default: + (void) nonce_length; return( PSA_ERROR_NOT_SUPPORTED ); } From c1ceae48486d7cd7229fb43f76cc9dc3bd0b45f2 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Wed, 5 Oct 2022 08:18:55 +0200 Subject: [PATCH 04/12] crypto_config_test_driver_extension.h: add support for ChaCha20 - Poly1305 This is done to have LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 defined in libtestdriver1. Signed-off-by: Przemek Stekiel --- .../crypto_config_test_driver_extension.h | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/tests/include/test/drivers/crypto_config_test_driver_extension.h b/tests/include/test/drivers/crypto_config_test_driver_extension.h index 8052a85fb..0bbca4aef 100644 --- a/tests/include/test/drivers/crypto_config_test_driver_extension.h +++ b/tests/include/test/drivers/crypto_config_test_driver_extension.h @@ -142,6 +142,14 @@ #endif #endif +#if defined(PSA_WANT_ALG_CHACHA20_POLY1305) +#if defined(MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305) +#undef MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305 +#else +#define MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305 1 +#endif +#endif + #if defined(PSA_WANT_KEY_TYPE_AES) #if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES) #undef MBEDTLS_PSA_ACCEL_KEY_TYPE_AES @@ -182,9 +190,16 @@ #endif #endif +#if defined(PSA_WANT_KEY_TYPE_CHACHA20) +#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20) +#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20 +#else +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20 1 +#endif +#endif + #define MBEDTLS_PSA_ACCEL_ALG_CBC_MAC 1 #define MBEDTLS_PSA_ACCEL_ALG_CCM 1 -#define MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305 1 #define MBEDTLS_PSA_ACCEL_ALG_CMAC 1 #define MBEDTLS_PSA_ACCEL_ALG_ECB_NO_PADDING 1 #define MBEDTLS_PSA_ACCEL_ALG_ECDH 1 @@ -217,7 +232,6 @@ #define MBEDTLS_PSA_ACCEL_KEY_TYPE_DERIVE 1 #define MBEDTLS_PSA_ACCEL_KEY_TYPE_HMAC 1 -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20 1 #define MBEDTLS_PSA_ACCEL_KEY_TYPE_DES 1 #define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY 1 #define MBEDTLS_PSA_ACCEL_KEY_TYPE_RAW_DATA 1 From 8a05a646f4bc0378f9e491205e5b9360e18517bd Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 6 Oct 2022 17:01:58 +0200 Subject: [PATCH 05/12] Remove psa_driver_get_tag_len() and use PSA_ALG_AEAD_GET_TAG_LENGTH macro instead Signed-off-by: Przemek Stekiel --- library/psa_crypto.c | 6 +----- library/psa_crypto_driver_wrappers.h | 4 ---- .../psa_crypto_driver_wrappers.c.jinja | 16 ---------------- 3 files changed, 1 insertion(+), 25 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index e45b5d70a..aef18ac41 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3711,11 +3711,7 @@ exit: static psa_status_t psa_validate_tag_length( psa_aead_operation_t *operation, psa_algorithm_t alg ) { - uint8_t tag_len = 0; - if( psa_driver_get_tag_len( operation, &tag_len ) != PSA_SUCCESS ) - { - return( PSA_ERROR_INVALID_ARGUMENT ); - } + const uint8_t tag_len = PSA_ALG_AEAD_GET_TAG_LENGTH( alg ); switch( PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, 0 ) ) { diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h index 12c649da3..ee23b6f3f 100644 --- a/library/psa_crypto_driver_wrappers.h +++ b/library/psa_crypto_driver_wrappers.h @@ -226,10 +226,6 @@ psa_status_t psa_driver_wrapper_aead_decrypt( const uint8_t *ciphertext, size_t ciphertext_length, uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length ); -psa_status_t psa_driver_get_tag_len( - psa_aead_operation_t *operation, - uint8_t *tag_len ); - psa_status_t psa_driver_wrapper_aead_encrypt_setup( psa_aead_operation_t *operation, const psa_key_attributes_t *attributes, diff --git a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja index a5ae6a29e..8ef2e6d87 100644 --- a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja +++ b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja @@ -1616,22 +1616,6 @@ psa_status_t psa_driver_wrapper_aead_decrypt( } } -psa_status_t psa_driver_get_tag_len( psa_aead_operation_t *operation, - uint8_t *tag_len ) -{ - if( operation == NULL || tag_len == NULL ) - return( PSA_ERROR_INVALID_ARGUMENT ); - -#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) -#if defined(PSA_CRYPTO_DRIVER_TEST) - *tag_len = operation->ctx.transparent_test_driver_ctx.tag_length; - return ( PSA_SUCCESS ); -#endif -#endif - *tag_len = operation->ctx.mbedtls_ctx.tag_length; - return ( PSA_SUCCESS ); -} - psa_status_t psa_driver_wrapper_aead_encrypt_setup( psa_aead_operation_t *operation, const psa_key_attributes_t *attributes, From 86679c7bd8856a1a89b4576344554123d8a42c24 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 6 Oct 2022 17:06:56 +0200 Subject: [PATCH 06/12] psa_validate_tag_length(): use PSA_WANT_ALG_xxx instead MBEDTLS_PSA_BUILTIN_ALG_xxx guards Signed-off-by: Przemek Stekiel --- library/psa_crypto.c | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index aef18ac41..7bce3916b 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3709,35 +3709,34 @@ exit: return( status ); } -static psa_status_t psa_validate_tag_length( psa_aead_operation_t *operation, - psa_algorithm_t alg ) { +static psa_status_t psa_validate_tag_length( psa_algorithm_t alg ) { const uint8_t tag_len = PSA_ALG_AEAD_GET_TAG_LENGTH( alg ); switch( PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, 0 ) ) { -#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) +#if defined(PSA_WANT_ALG_CCM) case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 0 ): /* CCM allows the following tag lengths: 4, 6, 8, 10, 12, 14, 16.*/ if( tag_len < 4 || tag_len > 16 || tag_len % 2 ) return( PSA_ERROR_INVALID_ARGUMENT ); break; -#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */ +#endif /* PSA_WANT_ALG_CCM */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) +#if defined(PSA_WANT_ALG_GCM) case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 0 ): /* GCM allows the following tag lengths: 4, 8, 12, 13, 14, 15, 16. */ if( tag_len != 4 && tag_len != 8 && ( tag_len < 12 || tag_len > 16 ) ) return( PSA_ERROR_INVALID_ARGUMENT ); break; -#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */ +#endif /* PSA_WANT_ALG_GCM */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) +#if defined(PSA_WANT_ALG_CHACHA20_POLY1305) case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CHACHA20_POLY1305, 0 ): /* We only support the default tag length. */ if( tag_len != 16 ) return( PSA_ERROR_INVALID_ARGUMENT ); break; -#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */ +#endif /* PSA_WANT_ALG_CHACHA20_POLY1305 */ default: (void) tag_len; @@ -3803,7 +3802,7 @@ static psa_status_t psa_aead_setup( psa_aead_operation_t *operation, if( status != PSA_SUCCESS ) goto exit; - if( ( status = psa_validate_tag_length( operation, alg ) ) != PSA_SUCCESS ) + if( ( status = psa_validate_tag_length( alg ) ) != PSA_SUCCESS ) goto exit; operation->key_type = psa_get_key_type( &attributes ); From 6ab50762e0c3a13c8ae9198b66ae895e5739d3b7 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Sat, 8 Oct 2022 17:54:30 +0200 Subject: [PATCH 07/12] psa_aead_setup: validate tag length before calling driver setup Signed-off-by: Przemek Stekiel --- library/psa_crypto.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 7bce3916b..2ff168d3f 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3787,6 +3787,9 @@ static psa_status_t psa_aead_setup( psa_aead_operation_t *operation, .core = slot->attr }; + if( ( status = psa_validate_tag_length( alg ) ) != PSA_SUCCESS ) + goto exit; + if( is_encrypt ) status = psa_driver_wrapper_aead_encrypt_setup( operation, &attributes, @@ -3802,9 +3805,6 @@ static psa_status_t psa_aead_setup( psa_aead_operation_t *operation, if( status != PSA_SUCCESS ) goto exit; - if( ( status = psa_validate_tag_length( alg ) ) != PSA_SUCCESS ) - goto exit; - operation->key_type = psa_get_key_type( &attributes ); exit: From 88ade84735d74f245c1fca531d6f0c5077281223 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Sat, 8 Oct 2022 17:56:18 +0200 Subject: [PATCH 08/12] psa_aead_setup: remove redundant tag length check Signed-off-by: Przemek Stekiel --- library/psa_crypto_aead.c | 13 +------------ 1 file changed, 1 insertion(+), 12 deletions(-) diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c index 714d950a1..fcc2f8415 100644 --- a/library/psa_crypto_aead.c +++ b/library/psa_crypto_aead.c @@ -49,7 +49,6 @@ static psa_status_t psa_aead_setup( size_t key_bits; const mbedtls_cipher_info_t *cipher_info; mbedtls_cipher_id_t cipher_id; - size_t full_tag_length = 0; ( void ) key_buffer_size; @@ -66,7 +65,6 @@ static psa_status_t psa_aead_setup( #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 0 ): operation->alg = PSA_ALG_CCM; - full_tag_length = 16; /* CCM allows the following tag lengths: 4, 6, 8, 10, 12, 14, 16. * The call to mbedtls_ccm_encrypt_and_tag or * mbedtls_ccm_auth_decrypt will validate the tag length. */ @@ -85,7 +83,6 @@ static psa_status_t psa_aead_setup( #if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 0 ): operation->alg = PSA_ALG_GCM; - full_tag_length = 16; /* GCM allows the following tag lengths: 4, 8, 12, 13, 14, 15, 16. * The call to mbedtls_gcm_crypt_and_tag or * mbedtls_gcm_auth_decrypt will validate the tag length. */ @@ -104,7 +101,6 @@ static psa_status_t psa_aead_setup( #if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CHACHA20_POLY1305, 0 ): operation->alg = PSA_ALG_CHACHA20_POLY1305; - full_tag_length = 16; /* We only support the default tag length. */ if( alg != PSA_ALG_CHACHA20_POLY1305 ) return( PSA_ERROR_NOT_SUPPORTED ); @@ -124,16 +120,9 @@ static psa_status_t psa_aead_setup( return( PSA_ERROR_NOT_SUPPORTED ); } - if( PSA_AEAD_TAG_LENGTH( attributes->core.type, - key_bits, alg ) - > full_tag_length ) - return( PSA_ERROR_INVALID_ARGUMENT ); - operation->key_type = psa_get_key_type( attributes ); - operation->tag_length = PSA_AEAD_TAG_LENGTH( operation->key_type, - key_bits, - alg ); + operation->tag_length = PSA_ALG_AEAD_GET_TAG_LENGTH( alg ); return( PSA_SUCCESS ); } From 42bb3ff40b1a94760dd1bc124e7ebb97f5425cbc Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Mon, 10 Oct 2022 07:28:40 +0200 Subject: [PATCH 09/12] Adapt expected results in ChaCha20-Poly1305 ( invalid tag length) Signed-off-by: Przemek Stekiel --- tests/suites/test_suite_psa_crypto.data | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index c8b229c7f..4de485a0d 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -3643,15 +3643,15 @@ aead_multipart_verify:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_AL PSA Multipart AEAD verify: ChaCha20 - Poly1305, invalid tag length 0 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 -aead_multipart_verify:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CHACHA20_POLY1305,0):"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b6116":"1ae10b594f09e26a7e902ecbd0600690":1:PSA_ERROR_NOT_SUPPORTED:PSA_ERROR_INVALID_ARGUMENT +aead_multipart_verify:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CHACHA20_POLY1305,0):"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b6116":"1ae10b594f09e26a7e902ecbd0600690":1:PSA_ERROR_INVALID_ARGUMENT:PSA_ERROR_INVALID_ARGUMENT PSA Multipart AEAD verify: ChaCha20 - Poly1305, invalid tag length 15 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 -aead_multipart_verify:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CHACHA20_POLY1305,15):"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b6116":"1ae10b594f09e26a7e902ecbd0600690":1:PSA_ERROR_NOT_SUPPORTED:PSA_ERROR_INVALID_ARGUMENT +aead_multipart_verify:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CHACHA20_POLY1305,15):"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b6116":"1ae10b594f09e26a7e902ecbd0600690":1:PSA_ERROR_INVALID_ARGUMENT:PSA_ERROR_INVALID_ARGUMENT PSA Multipart AEAD verify: ChaCha20 - Poly1305, invalid tag length 17 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 -aead_multipart_verify:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CHACHA20_POLY1305,17):"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b6116":"1ae10b594f09e26a7e902ecbd0600690":1:PSA_ERROR_NOT_SUPPORTED:PSA_ERROR_INVALID_ARGUMENT +aead_multipart_verify:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CHACHA20_POLY1305,17):"070000004041424344454647":"50515253c0c1c2c3c4c5c6c7":"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b6116":"1ae10b594f09e26a7e902ecbd0600690":1:PSA_ERROR_INVALID_ARGUMENT:PSA_ERROR_INVALID_ARGUMENT PSA Multipart AEAD verify: ChaCha20 - Poly1305 (RFC7539, bad tag) depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 @@ -3951,7 +3951,7 @@ aead_multipart_setup:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f9091 PSA AEAD setup: invalid algorithm (ChaCha20 - Poly1305 with short tag) depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 -aead_multipart_setup:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CHACHA20_POLY1305,12):PSA_ERROR_NOT_SUPPORTED +aead_multipart_setup:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CHACHA20_POLY1305,12):PSA_ERROR_INVALID_ARGUMENT PSA AEAD setup: AES - CCM, invalid tag length 0 depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES @@ -4031,15 +4031,15 @@ aead_multipart_setup:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG PSA AEAD setup: ChaCha20-Poly1305, invalid tag length 0 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 -aead_multipart_setup:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CHACHA20_POLY1305,0):PSA_ERROR_NOT_SUPPORTED +aead_multipart_setup:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CHACHA20_POLY1305,0):PSA_ERROR_INVALID_ARGUMENT PSA AEAD setup: ChaCha20-Poly1305, invalid tag length 15 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 -aead_multipart_setup:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CHACHA20_POLY1305,15):PSA_ERROR_NOT_SUPPORTED +aead_multipart_setup:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CHACHA20_POLY1305,15):PSA_ERROR_INVALID_ARGUMENT PSA AEAD setup: ChaCha20-Poly1305, invalid tag length 17 depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_CHACHA20 -aead_multipart_setup:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CHACHA20_POLY1305,17):PSA_ERROR_NOT_SUPPORTED +aead_multipart_setup:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CHACHA20_POLY1305,17):PSA_ERROR_INVALID_ARGUMENT PSA Multipart State Checks, AES - GCM depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES From ee1bb4145f4b225dddf78f76e0574714518ed27c Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Tue, 11 Oct 2022 11:52:25 +0200 Subject: [PATCH 10/12] Make sure that disabled features are not included in image and fix test config Signed-off-by: Przemek Stekiel --- tests/scripts/all.sh | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 8d7bd5bf4..34028801d 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1949,20 +1949,28 @@ component_test_psa_crypto_config_accel_aead () { scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING - loc_accel_list="ALG_GCM ALG_CCM ALG_CHACHA20_POLY1305 KEY_TYPE_AES KEY_TYPE_CHACHA20" + loc_accel_list="ALG_GCM ALG_CCM ALG_CHACHA20_POLY1305 KEY_TYPE_AES KEY_TYPE_CHACHA20 KEY_TYPE_ARIA KEY_TYPE_CAMELLIA" loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG - scripts/config.py unset MBEDTLS_MODE_GCM - scripts/config.py unset MBEDTLS_MODE_CCM - scripts/config.py unset MBEDTLS_MODE_CHACHAPOLY + scripts/config.py unset MBEDTLS_GCM_C + scripts/config.py unset MBEDTLS_CCM_C + scripts/config.py unset MBEDTLS_CHACHAPOLY_C + # Features that depend on AEAD + scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" + # There's a risk of something getting re-enabled via config_psa.h + # make sure it did not happen. + not grep mbedtls_ccm library/ccm.o + not grep mbedtls_gcm library/gcm.o + not grep mbedtls_chachapoly library/chachapoly.o + msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated AEAD" make test } From ea37bb2403f24a2f1b7ca96f2af17aa7acac3728 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Wed, 12 Oct 2022 10:11:25 +0200 Subject: [PATCH 11/12] Add changelog entry Signed-off-by: Przemek Stekiel --- ChangeLog.d/fix_aead_psa_driver_build.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/fix_aead_psa_driver_build.txt diff --git a/ChangeLog.d/fix_aead_psa_driver_build.txt b/ChangeLog.d/fix_aead_psa_driver_build.txt new file mode 100644 index 000000000..a6d11d38d --- /dev/null +++ b/ChangeLog.d/fix_aead_psa_driver_build.txt @@ -0,0 +1,3 @@ +Bugfix + * Fix compilation errors when trying to build with + PSA drivers for AEAD (GCM, CCM, Chacha20-Poly1305). From 072fad12d9783055e3d3e7ed68747217f2f10f67 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 13 Oct 2022 09:59:52 +0200 Subject: [PATCH 12/12] Disable MBEDTLS_SSL_TICKET_C in aead driver test. MBEDTLS_SSL_TICKET_C depends now on: MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C. All features are disabled in this config. Signed-off-by: Przemek Stekiel --- tests/scripts/all.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 34028801d..0f31d9e44 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1961,6 +1961,7 @@ component_test_psa_crypto_config_accel_aead () { scripts/config.py unset MBEDTLS_CHACHAPOLY_C # Features that depend on AEAD scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION + scripts/config.py unset MBEDTLS_SSL_TICKET_C loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS"