Split multipart AEAD contexts into two parts

Split to data required for internal implementation and data required for
driver implementation with data left over for the PSA layer.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
This commit is contained in:
Paul Elliott 2021-05-10 18:19:46 +01:00
parent 2df40057b3
commit cbbde5f28c
8 changed files with 321 additions and 183 deletions

View File

@ -118,6 +118,62 @@ typedef struct {
#define MBEDTLS_PSA_CIPHER_OPERATION_INIT {0, 0, 0, {0}}
#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
#define MBEDTLS_PSA_BUILTIN_AEAD 1
#endif
/* Context structure for the Mbed TLS cipher implementation. */
typedef struct
{
psa_algorithm_t alg;
psa_key_type_t key_type;
unsigned int lengths_set : 1;
unsigned int is_encrypt : 1;
unsigned int ad_started : 1;
unsigned int body_started : 1;
uint8_t tag_length;
uint8_t nonce_length;
size_t ad_remaining;
size_t body_remaining;
/* Buffers for AD/data - only required until CCM gets proper multipart
support. */
uint8_t *ad_buffer;
size_t ad_length;
uint8_t *body_buffer;
size_t body_length;
uint8_t *tag_buffer;
/* buffer to store Nonce - only required until CCM and GCM get proper
multipart support. */
uint8_t nonce[PSA_AEAD_NONCE_MAX_SIZE];
union
{
unsigned dummy; /* Enable easier initializing of the union. */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
mbedtls_ccm_context ccm;
#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
mbedtls_gcm_context gcm;
#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
mbedtls_chachapoly_context chachapoly;
#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
} ctx;
} mbedtls_psa_aead_operation_t;
#define MBEDTLS_PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, {0}, {0}}
/*
* BEYOND THIS POINT, TEST DRIVER DECLARATIONS ONLY.
*/
@ -130,6 +186,9 @@ typedef mbedtls_psa_hash_operation_t mbedtls_transparent_test_driver_hash_operat
typedef mbedtls_psa_cipher_operation_t
mbedtls_transparent_test_driver_cipher_operation_t;
typedef mbedtls_psa_aead_operation_t
mbedtls_transparent_test_driver_aead_operation_t;
typedef struct {
unsigned int initialised : 1;
mbedtls_transparent_test_driver_cipher_operation_t ctx;

View File

@ -65,5 +65,13 @@ typedef union {
#endif
} psa_driver_cipher_context_t;
typedef union {
unsigned dummy; /* Make sure this union is always non-empty */
mbedtls_psa_aead_operation_t mbedtls_ctx;
#if defined(PSA_CRYPTO_DRIVER_TEST)
mbedtls_transparent_test_driver_aead_operation_t transparent_test_driver_ctx;
#endif
} psa_driver_aead_context_t;
#endif /* PSA_CRYPTO_DRIVER_CONTEXTS_PRIMITIVES_H */
/* End of automatically generated file. */

View File

@ -153,8 +153,6 @@ static inline struct psa_mac_operation_s psa_mac_operation_init( void )
struct psa_aead_operation_s
{
psa_algorithm_t alg;
psa_key_type_t key_type;
/** Unique ID indicating which driver got assigned to do the
* operation. Since driver contexts are driver-specific, swapping
@ -164,50 +162,19 @@ struct psa_aead_operation_s
* any driver (i.e. none of the driver contexts are active). */
unsigned int id;
psa_algorithm_t alg;
psa_key_type_t key_type;
unsigned int key_set : 1;
unsigned int nonce_set : 1;
unsigned int lengths_set : 1;
unsigned int is_encrypt : 1;
unsigned int ad_started : 1;
unsigned int body_started : 1;
uint8_t tag_length;
uint8_t nonce_length;
size_t ad_remaining;
size_t body_remaining;
/* Buffers for AD/data - only required until CCM gets proper multipart
support. */
uint8_t *ad_buffer;
size_t ad_length;
uint8_t *body_buffer;
size_t body_length;
uint8_t *tag_buffer;
/* buffer to store Nonce - only required until CCM and GCM get proper
multipart support. */
uint8_t nonce[PSA_AEAD_NONCE_MAX_SIZE];
union
{
unsigned dummy; /* Enable easier initializing of the union. */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
mbedtls_ccm_context ccm;
#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
mbedtls_gcm_context gcm;
#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
mbedtls_chachapoly_context chachapoly;
#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
} ctx;
psa_driver_aead_context_t ctx;
};
#define PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, {0}, {0}}
#define PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, 0, {0}}
static inline struct psa_aead_operation_s psa_aead_operation_init( void )
{
const struct psa_aead_operation_s v = PSA_AEAD_OPERATION_INIT;

View File

@ -3214,6 +3214,25 @@ psa_status_t psa_aead_decrypt( mbedtls_svc_key_id_t key,
return( status );
}
/* Helper function to get the base algorithm from its variants. */
static psa_algorithm_t psa_aead_get_base_algorithm(psa_algorithm_t alg)
{
switch( PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, 0 ) )
{
case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 0 ):
return( PSA_ALG_CCM );
case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 0 ):
return( PSA_ALG_GCM );
case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CHACHA20_POLY1305, 0 ):
return( PSA_ALG_CHACHA20_POLY1305 );
default:
return( PSA_ERROR_NOT_SUPPORTED );
}
}
/* Set the key for a multipart authenticated encryption operation. */
psa_status_t psa_aead_encrypt_setup( psa_aead_operation_t *operation,
mbedtls_svc_key_id_t key,
@ -3226,6 +3245,12 @@ psa_status_t psa_aead_encrypt_setup( psa_aead_operation_t *operation,
if( !PSA_ALG_IS_AEAD( alg ) || PSA_ALG_IS_WILDCARD( alg ) )
return( PSA_ERROR_NOT_SUPPORTED );
if( operation->key_set || operation->nonce_set ||
operation->ad_started || operation->body_started )
{
return( PSA_ERROR_BAD_STATE );
}
status = psa_get_and_lock_key_slot_with_policy(
key, &slot, PSA_KEY_USAGE_ENCRYPT, alg );
@ -3242,6 +3267,7 @@ psa_status_t psa_aead_encrypt_setup( psa_aead_operation_t *operation,
&attributes, slot->key.data,
slot->key.bytes, alg );
operation->key_type = psa_get_key_type( &attributes );
unlock_status = psa_unlock_key_slot( slot );
@ -3250,6 +3276,12 @@ psa_status_t psa_aead_encrypt_setup( psa_aead_operation_t *operation,
return( unlock_status );
}
if( status == PSA_SUCCESS )
{
operation->alg = psa_aead_get_base_algorithm( alg );
operation->key_set = 1;
}
return( status );
}
@ -3265,6 +3297,12 @@ psa_status_t psa_aead_decrypt_setup( psa_aead_operation_t *operation,
if( !PSA_ALG_IS_AEAD( alg ) || PSA_ALG_IS_WILDCARD( alg ) )
return( PSA_ERROR_NOT_SUPPORTED );
if( operation->key_set || operation->nonce_set ||
operation->ad_started || operation->body_started )
{
return( PSA_ERROR_BAD_STATE );
}
status = psa_get_and_lock_key_slot_with_policy(
key, &slot, PSA_KEY_USAGE_DECRYPT, alg );
@ -3281,6 +3319,7 @@ psa_status_t psa_aead_decrypt_setup( psa_aead_operation_t *operation,
&attributes, slot->key.data,
slot->key.bytes, alg );
operation->key_type = psa_get_key_type( &attributes );
unlock_status = psa_unlock_key_slot( slot );
@ -3289,6 +3328,12 @@ psa_status_t psa_aead_decrypt_setup( psa_aead_operation_t *operation,
return( unlock_status );
}
if( status == PSA_SUCCESS )
{
operation->alg = psa_aead_get_base_algorithm( alg );
operation->key_set = 1;
}
return( status );
}
@ -3341,14 +3386,23 @@ psa_status_t psa_aead_set_nonce( psa_aead_operation_t *operation,
const uint8_t *nonce,
size_t nonce_length )
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
if( !operation->key_set || operation->nonce_set ||
operation->ad_started || operation->body_started )
{
return( PSA_ERROR_BAD_STATE );
}
return( psa_driver_wrapper_aead_set_nonce( operation, nonce,
nonce_length ) );
status = psa_driver_wrapper_aead_set_nonce( operation, nonce,
nonce_length );
if( status == PSA_SUCCESS )
{
operation->nonce_set = 1;
}
return( status );
}
/* Declare the lengths of the message and additional data for multipart AEAD. */
@ -3356,26 +3410,44 @@ psa_status_t psa_aead_set_lengths( psa_aead_operation_t *operation,
size_t ad_length,
size_t plaintext_length )
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
if( !operation->key_set || operation->lengths_set )
{
return( PSA_ERROR_BAD_STATE );
}
return( psa_driver_wrapper_aead_set_lengths( operation, ad_length,
plaintext_length ) );
status = psa_driver_wrapper_aead_set_lengths( operation, ad_length,
plaintext_length );
if( status == PSA_SUCCESS )
{
operation->lengths_set = 1;
}
return status;
}
/* Pass additional data to an active multipart AEAD operation. */
psa_status_t psa_aead_update_ad( psa_aead_operation_t *operation,
const uint8_t *input,
size_t input_length )
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
if( !operation->nonce_set || !operation->key_set )
{
return( PSA_ERROR_BAD_STATE );
}
return( psa_driver_wrapper_aead_update_ad( operation, input,
input_length ) );
status = psa_driver_wrapper_aead_update_ad( operation, input,
input_length );
if( status == PSA_SUCCESS )
{
operation->ad_started = 1;
}
return status;
}
/* Encrypt or decrypt a message fragment in an active multipart AEAD
@ -3387,6 +3459,7 @@ psa_status_t psa_aead_update( psa_aead_operation_t *operation,
size_t output_size,
size_t *output_length )
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
*output_length = 0;
@ -3395,9 +3468,16 @@ psa_status_t psa_aead_update( psa_aead_operation_t *operation,
return( PSA_ERROR_BAD_STATE );
}
return( psa_driver_wrapper_aead_update( operation, input, input_length,
status = psa_driver_wrapper_aead_update( operation, input, input_length,
output, output_size,
output_length ) );
output_length );
if( status == PSA_SUCCESS )
{
operation->body_started = 1;
}
return status;
}
/* Finish encrypting a message in a multipart AEAD operation. */
@ -3422,6 +3502,7 @@ psa_status_t psa_aead_finish( psa_aead_operation_t *operation,
ciphertext_size,
ciphertext_length,
tag, tag_size, tag_length ) );
}
/* Finish authenticating and decrypting a message in a multipart AEAD
@ -3466,7 +3547,6 @@ psa_status_t psa_aead_abort(psa_aead_operation_t *operation)
operation->key_set = 0;
operation->nonce_set = 0;
operation->lengths_set = 0;
operation->is_encrypt = 0;
operation->ad_started = 0;
operation->body_started = 0;

View File

@ -20,7 +20,6 @@
#include "common.h"
#if defined(MBEDTLS_PSA_CRYPTO_C)
#include "psa_crypto_aead.h"
@ -55,7 +54,7 @@ static inline int safer_memcmp( const uint8_t *a, const uint8_t *b, size_t n )
static psa_status_t psa_aead_setup(
psa_aead_operation_t *operation,
mbedtls_psa_aead_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer,
psa_algorithm_t alg )
@ -66,12 +65,6 @@ static psa_status_t psa_aead_setup(
mbedtls_cipher_id_t cipher_id;
size_t full_tag_length = 0;
if( operation->key_set || operation->nonce_set ||
operation->ad_started || operation->body_started )
{
return( PSA_ERROR_BAD_STATE );
}
key_bits = attributes->core.bits;
cipher_info = mbedtls_cipher_info_from_psa( alg,
@ -146,12 +139,12 @@ static psa_status_t psa_aead_setup(
> full_tag_length )
return( PSA_ERROR_INVALID_ARGUMENT );
operation->tag_length = PSA_AEAD_TAG_LENGTH( attributes->core.type,
operation->key_type = psa_get_key_type( attributes );
operation->tag_length = PSA_AEAD_TAG_LENGTH( operation->key_type,
key_bits,
alg );
operation->key_set = 1;
return( PSA_SUCCESS );
}
@ -165,7 +158,7 @@ psa_status_t mbedtls_psa_aead_encrypt(
uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length )
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT;
mbedtls_psa_aead_operation_t operation = MBEDTLS_PSA_AEAD_OPERATION_INIT;
uint8_t *tag;
(void) key_buffer_size;
@ -275,7 +268,7 @@ psa_status_t mbedtls_psa_aead_decrypt(
uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length )
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT;
mbedtls_psa_aead_operation_t operation = MBEDTLS_PSA_AEAD_OPERATION_INIT;
const uint8_t *tag = NULL;
(void) key_buffer_size;
@ -354,7 +347,8 @@ exit:
/* Set the key and algorithm for a multipart authenticated encryption
* operation. */
psa_status_t mbedtls_psa_aead_encrypt_setup( psa_aead_operation_t *operation,
psa_status_t mbedtls_psa_aead_encrypt_setup( mbedtls_psa_aead_operation_t
*operation,
const psa_key_attributes_t
*attributes,
const uint8_t *key_buffer,
@ -377,7 +371,8 @@ psa_status_t mbedtls_psa_aead_encrypt_setup( psa_aead_operation_t *operation,
/* Set the key and algorithm for a multipart authenticated decryption
* operation. */
psa_status_t mbedtls_psa_aead_decrypt_setup( psa_aead_operation_t *operation,
psa_status_t mbedtls_psa_aead_decrypt_setup( mbedtls_psa_aead_operation_t
*operation,
const psa_key_attributes_t
*attributes,
const uint8_t *key_buffer,
@ -399,7 +394,8 @@ psa_status_t mbedtls_psa_aead_decrypt_setup( psa_aead_operation_t *operation,
}
/* Set a nonce for the multipart AEAD operation*/
psa_status_t mbedtls_psa_aead_set_nonce( psa_aead_operation_t *operation,
psa_status_t mbedtls_psa_aead_set_nonce( mbedtls_psa_aead_operation_t
*operation,
const uint8_t *nonce,
size_t nonce_length )
{
@ -454,15 +450,11 @@ psa_status_t mbedtls_psa_aead_set_nonce( psa_aead_operation_t *operation,
return ( PSA_ERROR_NOT_SUPPORTED );
}
if( status == PSA_SUCCESS )
{
operation->nonce_set = 1;
}
return( status );
}
/* Declare the lengths of the message and additional data for AEAD. */
psa_status_t mbedtls_psa_aead_set_lengths( psa_aead_operation_t *operation,
psa_status_t mbedtls_psa_aead_set_lengths( mbedtls_psa_aead_operation_t
*operation,
size_t ad_length,
size_t plaintext_length )
{
@ -512,7 +504,8 @@ psa_status_t mbedtls_psa_aead_set_lengths( psa_aead_operation_t *operation,
}
/* Pass additional data to an active multipart AEAD operation. */
psa_status_t mbedtls_psa_aead_update_ad( psa_aead_operation_t *operation,
psa_status_t mbedtls_psa_aead_update_ad( mbedtls_psa_aead_operation_t
*operation,
const uint8_t *input,
size_t input_length )
{
@ -611,7 +604,7 @@ psa_status_t mbedtls_psa_aead_update_ad( psa_aead_operation_t *operation,
/* Encrypt or decrypt a message fragment in an active multipart AEAD
* operation.*/
psa_status_t mbedtls_psa_aead_update( psa_aead_operation_t *operation,
psa_status_t mbedtls_psa_aead_update( mbedtls_psa_aead_operation_t *operation,
const uint8_t *input,
size_t input_length,
uint8_t *output,
@ -786,7 +779,7 @@ psa_status_t mbedtls_psa_aead_update( psa_aead_operation_t *operation,
/* Common checks for both mbedtls_psa_aead_finish() and
mbedtls_psa_aead_verify() */
static psa_status_t mbedtls_psa_aead_finish_checks( psa_aead_operation_t
static psa_status_t mbedtls_psa_aead_finish_checks( mbedtls_psa_aead_operation_t
*operation,
size_t output_size,
size_t tag_size )
@ -828,7 +821,7 @@ static psa_status_t mbedtls_psa_aead_finish_checks( psa_aead_operation_t
}
/* Finish encrypting a message in a multipart AEAD operation. */
psa_status_t mbedtls_psa_aead_finish( psa_aead_operation_t *operation,
psa_status_t mbedtls_psa_aead_finish( mbedtls_psa_aead_operation_t *operation,
uint8_t *ciphertext,
size_t ciphertext_size,
size_t *ciphertext_length,
@ -903,7 +896,7 @@ psa_status_t mbedtls_psa_aead_finish( psa_aead_operation_t *operation,
/* Finish authenticating and decrypting a message in a multipart AEAD
* operation.*/
psa_status_t mbedtls_psa_aead_verify( psa_aead_operation_t *operation,
psa_status_t mbedtls_psa_aead_verify( mbedtls_psa_aead_operation_t *operation,
uint8_t *plaintext,
size_t plaintext_size,
size_t *plaintext_length,
@ -1033,7 +1026,7 @@ psa_status_t mbedtls_psa_aead_verify( psa_aead_operation_t *operation,
}
/* Abort an AEAD operation */
psa_status_t mbedtls_psa_aead_abort( psa_aead_operation_t *operation )
psa_status_t mbedtls_psa_aead_abort( mbedtls_psa_aead_operation_t *operation )
{
switch( operation->alg )
{
@ -1054,6 +1047,11 @@ psa_status_t mbedtls_psa_aead_abort( psa_aead_operation_t *operation )
#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
}
operation->lengths_set = 0;
operation->is_encrypt = 0;
operation->ad_started = 0;
operation->body_started = 0;
mbedtls_free(operation->ad_buffer);
operation->ad_buffer = NULL;
operation->ad_length = 0;

View File

@ -160,37 +160,39 @@ psa_status_t mbedtls_psa_aead_decrypt(
* -# Allocate an operation object which will be passed to all the functions
* listed here.
* -# Initialize the operation object with one of the methods described in the
* documentation for #psa_aead_operation_t, e.g.
* #PSA_AEAD_OPERATION_INIT.
* documentation for #mbedtls_psa_aead_operation_t, e.g.
* #MBEDTLS_PSA_AEAD_OPERATION_INIT.
* -# Call mbedtls_psa_aead_encrypt_setup() to specify the algorithm and key.
* -# If needed, call mbedtls_psa_aead_set_lengths() to specify the length of
* the inputs to the subsequent calls to mbedtls_psa_aead_update_ad() and
* mbedtls_psa_aead_update(). See the documentation of mbedtls_psa_aead_set_lengths()
* for details.
* mbedtls_psa_aead_update(). See the documentation of
* mbedtls_psa_aead_set_lengths() for details.
* -# Call either psa_aead_generate_nonce() or
* mbedtls_psa_aead_set_nonce() to generate or set the nonce. You should use
* psa_aead_generate_nonce() unless the protocol you are implementing
* requires a specific nonce value.
* -# Call mbedtls_psa_aead_update_ad() zero, one or more times, passing a fragment
* of the non-encrypted additional authenticated data each time.
* -# Call mbedtls_psa_aead_update_ad() zero, one or more times, passing
* a fragment of the non-encrypted additional authenticated data each time.
* -# Call mbedtls_psa_aead_update() zero, one or more times, passing a fragment
* of the message to encrypt each time.
* -# Call mbedtls_psa_aead_finish().
*
* If an error occurs at any step after a call to mbedtls_psa_aead_encrypt_setup(),
* the operation will need to be reset by a call to mbedtls_psa_aead_abort(). The
* application may call mbedtls_psa_aead_abort() at any time after the operation
* has been initialized.
* If an error occurs at any step after a call to
* mbedtls_psa_aead_encrypt_setup(), the operation will need to be reset by a
* call to mbedtls_psa_aead_abort(). The application may call
* mbedtls_psa_aead_abort() at any time after the operation has been
* initialized.
*
* After a successful call to mbedtls_psa_aead_encrypt_setup(), the application must
* eventually terminate the operation. The following events terminate an
* After a successful call to mbedtls_psa_aead_encrypt_setup(), the application
* must eventually terminate the operation. The following events terminate an
* operation:
* - A successful call to mbedtls_psa_aead_finish().
* - A call to mbedtls_psa_aead_abort().
*
* \param[in,out] operation The operation object to set up. It must have
* been initialized as per the documentation for
* #mbedtls_psa_aead_operation_t and not yet in use.
* #mbedtls_psa_aead_operation_t and not yet in
* use.
* \param[in] attributes The attributes of the key to use for the
* operation.
* \param[in] key_buffer The buffer containing the key context.
@ -219,9 +221,12 @@ psa_status_t mbedtls_psa_aead_decrypt(
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
psa_status_t mbedtls_psa_aead_encrypt_setup(psa_aead_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_status_t mbedtls_psa_aead_encrypt_setup(mbedtls_psa_aead_operation_t
*operation,
const psa_key_attributes_t
*attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg);
/** Set the key for a multipart authenticated decryption operation.
@ -236,34 +241,36 @@ psa_status_t mbedtls_psa_aead_encrypt_setup(psa_aead_operation_t *operation,
* -# Allocate an operation object which will be passed to all the functions
* listed here.
* -# Initialize the operation object with one of the methods described in the
* documentation for #psa_aead_operation_t, e.g.
* documentation for #mbedtls_psa_aead_operation_t, e.g.
* #PSA_AEAD_OPERATION_INIT.
* -# Call mbedtls_psa_aead_decrypt_setup() to specify the algorithm and key.
* -# If needed, call mbedtls_psa_aead_set_lengths() to specify the length of the
* inputs to the subsequent calls to mbedtls_psa_aead_update_ad() and
* mbedtls_psa_aead_update(). See the documentation of mbedtls_psa_aead_set_lengths()
* for details.
* -# If needed, call mbedtls_psa_aead_set_lengths() to specify the length of
* the inputs to the subsequent calls to mbedtls_psa_aead_update_ad() and
* mbedtls_psa_aead_update(). See the documentation of
* mbedtls_psa_aead_set_lengths() for details.
* -# Call mbedtls_psa_aead_set_nonce() with the nonce for the decryption.
* -# Call mbedtls_psa_aead_update_ad() zero, one or more times, passing a fragment
* of the non-encrypted additional authenticated data each time.
* -# Call mbedtls_psa_aead_update_ad() zero, one or more times, passing a
* fragment of the non-encrypted additional authenticated data each time.
* -# Call mbedtls_psa_aead_update() zero, one or more times, passing a fragment
* of the ciphertext to decrypt each time.
* -# Call mbedtls_psa_aead_verify().
*
* If an error occurs at any step after a call to mbedtls_psa_aead_decrypt_setup(),
* the operation will need to be reset by a call to mbedtls_psa_aead_abort(). The
* application may call mbedtls_psa_aead_abort() at any time after the operation
* has been initialized.
* If an error occurs at any step after a call to
* mbedtls_psa_aead_decrypt_setup(), the operation will need to be reset by a
* call to mbedtls_psa_aead_abort(). The application may call
* mbedtls_psa_aead_abort() at any time after the operation has been
* initialized.
*
* After a successful call to mbedtls_psa_aead_decrypt_setup(), the application must
* eventually terminate the operation. The following events terminate an
* After a successful call to mbedtls_psa_aead_decrypt_setup(), the application
* must eventually terminate the operation. The following events terminate an
* operation:
* - A successful call to mbedtls_psa_aead_verify().
* - A call to mbedtls_psa_aead_abort().
*
* \param[in,out] operation The operation object to set up. It must have
* been initialized as per the documentation for
* #psa_aead_operation_t and not yet in use.
* #mbedtls_psa_aead_operation_t and not yet in
* use.
* \param[in] attributes The attributes of the key to use for the
* operation.
* \param[in] key_buffer The buffer containing the key context.
@ -292,9 +299,12 @@ psa_status_t mbedtls_psa_aead_encrypt_setup(psa_aead_operation_t *operation,
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
psa_status_t mbedtls_psa_aead_decrypt_setup(psa_aead_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_status_t mbedtls_psa_aead_decrypt_setup(mbedtls_psa_aead_operation_t
*operation,
const psa_key_attributes_t
*attributes,
const uint8_t *key_buffer,
size_t key_buffer_size,
psa_algorithm_t alg);
/** Set the nonce for an authenticated encryption or decryption operation.
@ -313,9 +323,9 @@ psa_status_t mbedtls_psa_aead_decrypt_setup(psa_aead_operation_t *operation,
* If this function returns an error status, the operation enters an error
* state and must be aborted by calling mbedtls_psa_aead_abort().
*
* \note When encrypting, applications should use mbedtls_psa_aead_generate_nonce()
* instead of this function, unless implementing a protocol that requires
* a non-random IV.
* \note When encrypting, applications should use
* mbedtls_psa_aead_generate_nonce() instead of this function, unless
* implementing a protocol that requires a non-random IV.
*
* \param[in,out] operation Active AEAD operation.
* \param[in] nonce Buffer containing the nonce to use.
@ -338,7 +348,7 @@ psa_status_t mbedtls_psa_aead_decrypt_setup(psa_aead_operation_t *operation,
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
psa_status_t mbedtls_psa_aead_set_nonce(psa_aead_operation_t *operation,
psa_status_t mbedtls_psa_aead_set_nonce(mbedtls_psa_aead_operation_t *operation,
const uint8_t *nonce,
size_t nonce_length);
@ -350,10 +360,10 @@ psa_status_t mbedtls_psa_aead_set_nonce(psa_aead_operation_t *operation,
* specification for transparent drivers.
*
* The application must call this function before calling
* mbedtls_psa_aead_update_ad() or mbedtls_psa_aead_update() if the algorithm for
* the operation requires it. If the algorithm does not require it,
* calling this function is optional, but if this function is called
* then the implementation must enforce the lengths.
* mbedtls_psa_aead_update_ad() or mbedtls_psa_aead_update() if the algorithm
* for the operation requires it. If the algorithm does not require it, calling
* this function is optional, but if this function is called then the
* implementation must enforce the lengths.
*
* You may call this function before or after setting the nonce with
* mbedtls_psa_aead_set_nonce() or psa_aead_generate_nonce().
@ -375,8 +385,8 @@ psa_status_t mbedtls_psa_aead_set_nonce(psa_aead_operation_t *operation,
* Success.
* \retval #PSA_ERROR_BAD_STATE
* The operation state is not valid (it must be active, and
* mbedtls_psa_aead_update_ad() and mbedtls_psa_aead_update() must not have been
* called yet).
* mbedtls_psa_aead_update_ad() and mbedtls_psa_aead_update() must not
* have been called yet).
* \retval #PSA_ERROR_INVALID_ARGUMENT
* At least one of the lengths is not acceptable for the chosen
* algorithm.
@ -389,7 +399,8 @@ psa_status_t mbedtls_psa_aead_set_nonce(psa_aead_operation_t *operation,
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
psa_status_t mbedtls_psa_aead_set_lengths(psa_aead_operation_t *operation,
psa_status_t mbedtls_psa_aead_set_lengths(mbedtls_psa_aead_operation_t
*operation,
size_t ad_length,
size_t plaintext_length);
@ -407,18 +418,19 @@ psa_status_t mbedtls_psa_aead_set_lengths(psa_aead_operation_t *operation,
* data to encrypt or decrypt with mbedtls_psa_aead_update().
*
* Before calling this function, you must:
* 1. Call either mbedtls_psa_aead_encrypt_setup() or mbedtls_psa_aead_decrypt_setup().
* 2. Set the nonce with psa_aead_generate_nonce() or
* mbedtls_psa_aead_set_nonce().
* 1. Call either mbedtls_psa_aead_encrypt_setup() or
* mbedtls_psa_aead_decrypt_setup(). 2. Set the nonce with
* psa_aead_generate_nonce() or mbedtls_psa_aead_set_nonce().
*
* If this function returns an error status, the operation enters an error
* state and must be aborted by calling mbedtls_psa_aead_abort().
*
* \warning When decrypting, until mbedtls_psa_aead_verify() has returned #PSA_SUCCESS,
* there is no guarantee that the input is valid. Therefore, until
* you have called mbedtls_psa_aead_verify() and it has returned #PSA_SUCCESS,
* treat the input as untrusted and prepare to undo any action that
* depends on the input if mbedtls_psa_aead_verify() returns an error status.
* \warning When decrypting, until mbedtls_psa_aead_verify() has returned
* #PSA_SUCCESS, there is no guarantee that the input is valid.
* Therefore, until you have called mbedtls_psa_aead_verify() and it
* has returned #PSA_SUCCESS, treat the input as untrusted and prepare
* to undo any action that depends on the input if
* mbedtls_psa_aead_verify() returns an error status.
*
* \note For the time being #PSA_ALG_CCM and #PSA_ALG_GCM require the entire
* additional data to be passed in in one go, i.e. only call
@ -448,7 +460,7 @@ psa_status_t mbedtls_psa_aead_set_lengths(psa_aead_operation_t *operation,
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
psa_status_t mbedtls_psa_aead_update_ad(psa_aead_operation_t *operation,
psa_status_t mbedtls_psa_aead_update_ad(mbedtls_psa_aead_operation_t *operation,
const uint8_t *input,
size_t input_length);
@ -460,9 +472,9 @@ psa_status_t mbedtls_psa_aead_update_ad(psa_aead_operation_t *operation,
* transparent drivers.
*
* Before calling this function, you must:
* 1. Call either mbedtls_psa_aead_encrypt_setup() or mbedtls_psa_aead_decrypt_setup().
* The choice of setup function determines whether this function
* encrypts or decrypts its input.
* 1. Call either mbedtls_psa_aead_encrypt_setup() or
* mbedtls_psa_aead_decrypt_setup(). The choice of setup function determines
* whether this function encrypts or decrypts its input.
* 2. Set the nonce with psa_aead_generate_nonce() or
* mbedtls_psa_aead_set_nonce(). 3. Call mbedtls_psa_aead_update_ad() to pass
* all the additional data.
@ -537,7 +549,7 @@ psa_status_t mbedtls_psa_aead_update_ad(psa_aead_operation_t *operation,
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
psa_status_t mbedtls_psa_aead_update(psa_aead_operation_t *operation,
psa_status_t mbedtls_psa_aead_update(mbedtls_psa_aead_operation_t *operation,
const uint8_t *input,
size_t input_length,
uint8_t *output,
@ -618,7 +630,7 @@ psa_status_t mbedtls_psa_aead_update(psa_aead_operation_t *operation,
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
psa_status_t mbedtls_psa_aead_finish(psa_aead_operation_t *operation,
psa_status_t mbedtls_psa_aead_finish(mbedtls_psa_aead_operation_t *operation,
uint8_t *ciphertext,
size_t ciphertext_size,
size_t *ciphertext_length,
@ -703,7 +715,7 @@ psa_status_t mbedtls_psa_aead_finish(psa_aead_operation_t *operation,
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
psa_status_t mbedtls_psa_aead_verify(psa_aead_operation_t *operation,
psa_status_t mbedtls_psa_aead_verify(mbedtls_psa_aead_operation_t *operation,
uint8_t *plaintext,
size_t plaintext_size,
size_t *plaintext_length,
@ -723,11 +735,11 @@ psa_status_t mbedtls_psa_aead_verify(psa_aead_operation_t *operation,
* mbedtls_psa_aead_encrypt_setup() or mbedtls_psa_aead_decrypt_setup() again.
*
* You may call this function any time after the operation object has
* been initialized as described in #psa_aead_operation_t.
* been initialized as described in #mbedtls_psa_aead_operation_t.
*
* In particular, calling mbedtls_psa_aead_abort() after the operation has been
* terminated by a call to mbedtls_psa_aead_abort(), mbedtls_psa_aead_finish() or
* mbedtls_psa_aead_verify() is safe and has no effect.
* terminated by a call to mbedtls_psa_aead_abort(), mbedtls_psa_aead_finish()
* or mbedtls_psa_aead_verify() is safe and has no effect.
*
* \param[in,out] operation Initialized AEAD operation.
*
@ -740,7 +752,7 @@ psa_status_t mbedtls_psa_aead_verify(psa_aead_operation_t *operation,
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
psa_status_t mbedtls_psa_aead_abort(psa_aead_operation_t *operation);
psa_status_t mbedtls_psa_aead_abort(mbedtls_psa_aead_operation_t *operation);
#endif /* PSA_CRYPTO_AEAD */

View File

@ -1310,10 +1310,9 @@ psa_status_t psa_driver_wrapper_aead_encrypt_setup(
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
status = PSA_ERROR_NOT_SUPPORTED;
status = mbedtls_test_transparent_aead_encrypt_setup(
operation, attributes,
key_buffer, key_buffer_size,
&operation->ctx.transparent_test_driver_ctx,
attributes, key_buffer, key_buffer_size,
alg );
/* Declared with fallback == true */
operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
@ -1325,7 +1324,7 @@ psa_status_t psa_driver_wrapper_aead_encrypt_setup(
/* Fell through, meaning no accelerator supports this operation */
status = mbedtls_psa_aead_encrypt_setup(
operation, attributes,
&operation->ctx.mbedtls_ctx, attributes,
key_buffer, key_buffer_size,
alg );
@ -1360,9 +1359,9 @@ psa_status_t psa_driver_wrapper_aead_decrypt_setup(
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
status = PSA_ERROR_NOT_SUPPORTED;
status = mbedtls_test_transparent_aead_decrypt_setup(
operation, attributes,
&operation->ctx.transparent_test_driver_ctx,
attributes,
key_buffer, key_buffer_size,
alg );
/* Declared with fallback == true */
@ -1375,7 +1374,8 @@ psa_status_t psa_driver_wrapper_aead_decrypt_setup(
/* Fell through, meaning no accelerator supports this operation */
status = mbedtls_psa_aead_decrypt_setup(
operation, attributes,
&operation->ctx.mbedtls_ctx,
attributes,
key_buffer, key_buffer_size,
alg );
@ -1401,16 +1401,18 @@ psa_status_t psa_driver_wrapper_aead_set_nonce(
{
#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
return( mbedtls_psa_aead_set_nonce( operation, nonce,
return( mbedtls_psa_aead_set_nonce( &operation->ctx.mbedtls_ctx,
nonce,
nonce_length ) );
#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
return( mbedtls_test_transparent_aead_set_nonce(
operation, nonce, nonce_length ) );
&operation->ctx.transparent_test_driver_ctx,
nonce, nonce_length ) );
/* Add cases for opaque driver here */
@ -1431,18 +1433,20 @@ psa_status_t psa_driver_wrapper_aead_set_lengths(
{
switch( operation->id )
{
#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
return( mbedtls_psa_aead_set_lengths( operation, ad_length,
return( mbedtls_psa_aead_set_lengths( &operation->ctx.mbedtls_ctx,
ad_length,
plaintext_length ) );
#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
return( mbedtls_test_transparent_aead_set_lengths(
operation, ad_length, plaintext_length ) );
&operation->ctx.transparent_test_driver_ctx,
ad_length, plaintext_length ) );
/* Add cases for opaque driver here */
@ -1463,18 +1467,20 @@ psa_status_t psa_driver_wrapper_aead_update_ad(
{
switch( operation->id )
{
#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
return( mbedtls_psa_aead_update_ad( operation, input,
return( mbedtls_psa_aead_update_ad( &operation->ctx.mbedtls_ctx,
input,
input_length ) );
#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
return( mbedtls_test_transparent_aead_update_ad(
operation, input, input_length ) );
&operation->ctx.transparent_test_driver_ctx,
input, input_length ) );
/* Add cases for opaque driver here */
@ -1498,19 +1504,21 @@ psa_status_t psa_driver_wrapper_aead_update(
{
switch( operation->id )
{
#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
return( mbedtls_psa_aead_update( operation, input, input_length,
return( mbedtls_psa_aead_update( &operation->ctx.mbedtls_ctx,
input, input_length,
output, output_size,
output_length ) );
#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
return( mbedtls_test_transparent_aead_update(
operation, input, input_length, output, output_size,
&operation->ctx.transparent_test_driver_ctx,
input, input_length, output, output_size,
output_length ) );
/* Add cases for opaque driver here */
@ -1539,20 +1547,22 @@ psa_status_t psa_driver_wrapper_aead_finish(
{
switch( operation->id )
{
#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
return( mbedtls_psa_aead_finish( operation, ciphertext,
return( mbedtls_psa_aead_finish( &operation->ctx.mbedtls_ctx,
ciphertext,
ciphertext_size,
ciphertext_length, tag,
tag_size, tag_length ) );
#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
return( mbedtls_test_transparent_aead_finish(
operation, ciphertext, ciphertext_size,
&operation->ctx.transparent_test_driver_ctx,
ciphertext, ciphertext_size,
ciphertext_length, tag, tag_size, tag_length ) );
/* Add cases for opaque driver here */
@ -1581,19 +1591,22 @@ psa_status_t psa_driver_wrapper_aead_verify(
{
switch( operation->id )
{
#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
return( mbedtls_psa_aead_verify( operation, plaintext,
plaintext_size, plaintext_length,
return( mbedtls_psa_aead_verify( &operation->ctx.mbedtls_ctx,
plaintext,
plaintext_size,
plaintext_length,
tag, tag_length ) );
#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
return( mbedtls_test_transparent_aead_verify(
operation, plaintext, plaintext_size,
&operation->ctx.transparent_test_driver_ctx,
plaintext, plaintext_size,
plaintext_length, tag, tag_length ) );
/* Add cases for opaque driver here */
@ -1616,16 +1629,17 @@ psa_status_t psa_driver_wrapper_aead_abort(
{
switch( operation->id )
{
#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
#if defined(MBEDTLS_PSA_BUILTIN_AEAD)
case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
return( mbedtls_psa_aead_abort( operation ) );
return( mbedtls_psa_aead_abort( &operation->ctx.mbedtls_ctx ) );
#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
#endif /* MBEDTLS_PSA_BUILTIN_AEAD */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
return( mbedtls_test_transparent_aead_abort( operation ) );
return( mbedtls_test_transparent_aead_abort(
&operation->ctx.transparent_test_driver_ctx ) );
/* Add cases for opaque driver here */

View File

@ -94,7 +94,7 @@ psa_status_t mbedtls_test_transparent_aead_decrypt(
}
psa_status_t mbedtls_test_transparent_aead_encrypt_setup(
psa_aead_operation_t *operation,
mbedtls_transparent_test_driver_aead_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg )
@ -117,7 +117,7 @@ psa_status_t mbedtls_test_transparent_aead_encrypt_setup(
}
psa_status_t mbedtls_test_transparent_aead_decrypt_setup(
psa_aead_operation_t *operation,
mbedtls_transparent_test_driver_aead_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg )
@ -140,7 +140,7 @@ psa_status_t mbedtls_test_transparent_aead_decrypt_setup(
}
psa_status_t mbedtls_test_transparent_aead_set_nonce(
psa_aead_operation_t *operation,
mbedtls_transparent_test_driver_aead_operation_t *operation,
const uint8_t *nonce,
size_t nonce_length )
{
@ -161,7 +161,7 @@ psa_status_t mbedtls_test_transparent_aead_set_nonce(
}
psa_status_t mbedtls_test_transparent_aead_set_lengths(
psa_aead_operation_t *operation,
mbedtls_transparent_test_driver_aead_operation_t *operation,
size_t ad_length,
size_t plaintext_length )
{
@ -183,7 +183,7 @@ psa_status_t mbedtls_test_transparent_aead_set_lengths(
}
psa_status_t mbedtls_test_transparent_aead_update_ad(
psa_aead_operation_t *operation,
mbedtls_transparent_test_driver_aead_operation_t *operation,
const uint8_t *input,
size_t input_length )
{
@ -204,7 +204,7 @@ psa_status_t mbedtls_test_transparent_aead_update_ad(
}
psa_status_t mbedtls_test_transparent_aead_update(
psa_aead_operation_t *operation,
mbedtls_transparent_test_driver_aead_operation_t *operation,
const uint8_t *input,
size_t input_length,
uint8_t *output,
@ -229,7 +229,7 @@ psa_status_t mbedtls_test_transparent_aead_update(
}
psa_status_t mbedtls_test_transparent_aead_finish(
psa_aead_operation_t *operation,
mbedtls_transparent_test_driver_aead_operation_t *operation,
uint8_t *ciphertext,
size_t ciphertext_size,
size_t *ciphertext_length,
@ -256,7 +256,7 @@ psa_status_t mbedtls_test_transparent_aead_finish(
}
psa_status_t mbedtls_test_transparent_aead_verify(
psa_aead_operation_t *operation,
mbedtls_transparent_test_driver_aead_operation_t *operation,
uint8_t *plaintext,
size_t plaintext_size,
size_t *plaintext_length,
@ -281,7 +281,7 @@ psa_status_t mbedtls_test_transparent_aead_verify(
}
psa_status_t mbedtls_test_transparent_aead_abort(
psa_aead_operation_t *operation )
mbedtls_transparent_test_driver_aead_operation_t *operation )
{
mbedtls_test_driver_aead_hooks.hits++;