Stop supporting NIST_KW in cipher_auth_xxcrypt()
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit is contained in:
Manuel Pégourié-Gonnard
parent
53f10e70fd
commit
f2ffbc4387
@ -858,10 +858,14 @@ int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx,
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_AEAD)
|
||||
/**
|
||||
* \brief The generic autenticated encryption (AEAD) function.
|
||||
* \brief The generic authenticated encryption (AEAD) function.
|
||||
*
|
||||
* \note This function only supports AEAD algorithms, not key
|
||||
* wrapping algorithms such as NIST_KW; for this, see
|
||||
* mbedtls_cipher_auth_encrypt_ext().
|
||||
*
|
||||
* \param ctx The generic cipher context. This must be initialized and
|
||||
* bound to a key.
|
||||
* bound to a key associated with an AEAD algorithm.
|
||||
* \param iv The nonce to use. This must be a readable buffer of
|
||||
* at least \p iv_len Bytes and must not be \c NULL.
|
||||
* \param iv_len The length of the nonce. This must satisfy the
|
||||
@ -885,7 +889,7 @@ int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx,
|
||||
* below regarding restrictions with PSA-based contexts.
|
||||
* \param tag_len The desired length of the authentication tag. This
|
||||
* must match the constraints imposed by the AEAD cipher
|
||||
* used, and in particuler must not be \c 0.
|
||||
* used, and in particular must not be \c 0.
|
||||
*
|
||||
* \note If the context is based on PSA (that is, it was set up
|
||||
* with mbedtls_cipher_setup_psa()), then it is required
|
||||
@ -905,14 +909,18 @@ int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx,
|
||||
unsigned char *tag, size_t tag_len );
|
||||
|
||||
/**
|
||||
* \brief The generic autenticated decryption (AEAD) function.
|
||||
* \brief The generic authenticated decryption (AEAD) function.
|
||||
*
|
||||
* \note This function only supports AEAD algorithms, not key
|
||||
* wrapping algorithms such as NIST_KW; for this, see
|
||||
* mbedtls_cipher_auth_encrypt_ext().
|
||||
*
|
||||
* \note If the data is not authentic, then the output buffer
|
||||
* is zeroed out to prevent the unauthentic plaintext being
|
||||
* used, making this interface safer.
|
||||
*
|
||||
* \param ctx The generic cipher context. This must be initialized and
|
||||
* and bound to a key.
|
||||
* bound to a key associated with an AEAD algorithm.
|
||||
* \param iv The nonce to use. This must be a readable buffer of
|
||||
* at least \p iv_len Bytes and must not be \c NULL.
|
||||
* \param iv_len The length of the nonce. This must satisfy the
|
||||
@ -959,14 +967,14 @@ int mbedtls_cipher_auth_decrypt( mbedtls_cipher_context_t *ctx,
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_AEAD) || defined(MBEDTLS_NIST_KW_C)
|
||||
/**
|
||||
* \brief The autenticated encryption (AEAD/NIST_KW) function.
|
||||
* \brief The authenticated encryption (AEAD/NIST_KW) function.
|
||||
*
|
||||
* \note For AEAD modes, the tag will be appended to the
|
||||
* ciphertext, as recommended by RFC 5116.
|
||||
* (NIST_KW doesn't have a separate tag.)
|
||||
*
|
||||
* \param ctx The generic cipher context. This must be initialized and
|
||||
* bound to a key.
|
||||
* bound to a key, with an AEAD algorithm or NIST_KW.
|
||||
* \param iv The nonce to use. This must be a readable buffer of
|
||||
* at least \p iv_len Bytes and may be \c NULL if \p
|
||||
* iv_len is \c 0.
|
||||
@ -994,7 +1002,7 @@ int mbedtls_cipher_auth_decrypt( mbedtls_cipher_context_t *ctx,
|
||||
* writable object of type \c size_t.
|
||||
* \param tag_len The desired length of the authentication tag. For AEAD
|
||||
* ciphers, this must match the constraints imposed by
|
||||
* the cipher used, and in particuler must not be \c 0.
|
||||
* the cipher used, and in particular must not be \c 0.
|
||||
* For NIST_KW, this must be \c 0.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
@ -1010,7 +1018,7 @@ int mbedtls_cipher_auth_encrypt_ext( mbedtls_cipher_context_t *ctx,
|
||||
size_t *olen, size_t tag_len );
|
||||
|
||||
/**
|
||||
* \brief The autenticated encryption (AEAD/NIST_KW) function.
|
||||
* \brief The authenticated encryption (AEAD/NIST_KW) function.
|
||||
*
|
||||
* \note If the data is not authentic, then the output buffer
|
||||
* is zeroed out to prevent the unauthentic plaintext being
|
||||
@ -1021,7 +1029,7 @@ int mbedtls_cipher_auth_encrypt_ext( mbedtls_cipher_context_t *ctx,
|
||||
* (NIST_KW doesn't have a separate tag.)
|
||||
*
|
||||
* \param ctx The generic cipher context. This must be initialized and
|
||||
* and bound to a key.
|
||||
* bound to a key, with an AEAD algorithm or NIST_KW.
|
||||
* \param iv The nonce to use. This must be a readable buffer of
|
||||
* at least \p iv_len Bytes and may be \c NULL if \p
|
||||
* iv_len is \c 0.
|
||||
@ -1049,7 +1057,7 @@ int mbedtls_cipher_auth_encrypt_ext( mbedtls_cipher_context_t *ctx,
|
||||
* writable object of type \c size_t.
|
||||
* \param tag_len The actual length of the authentication tag. For AEAD
|
||||
* ciphers, this must match the constraints imposed by
|
||||
* the cipher used, and in particuler must not be \c 0.
|
||||
* the cipher used, and in particular must not be \c 0.
|
||||
* For NIST_KW, this must be \c 0.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
|
||||
@ -1491,16 +1491,10 @@ int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx,
|
||||
if( MBEDTLS_MODE_KW == ctx->cipher_info->mode ||
|
||||
MBEDTLS_MODE_KWP == ctx->cipher_info->mode )
|
||||
{
|
||||
mbedtls_nist_kw_mode_t mode = ( MBEDTLS_MODE_KW == ctx->cipher_info->mode ) ?
|
||||
MBEDTLS_KW_MODE_KW : MBEDTLS_KW_MODE_KWP;
|
||||
|
||||
/* There is no iv, tag or ad associated with KW and KWP, these length should be 0 */
|
||||
if( iv_len != 0 || tag_len != 0 || ad_len != 0 )
|
||||
{
|
||||
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
|
||||
}
|
||||
|
||||
return( mbedtls_nist_kw_wrap( ctx->cipher_ctx, mode, input, ilen, output, olen, SIZE_MAX ) );
|
||||
/* NIST_KW is not supported because we used to document the wrong size
|
||||
* of the output buffer, so people should move to the _ext API,
|
||||
* which has an explicit argument for buffer size. */
|
||||
return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
|
||||
}
|
||||
#endif /* MBEDTLS_NIST_KW_C */
|
||||
|
||||
@ -1531,16 +1525,10 @@ int mbedtls_cipher_auth_decrypt( mbedtls_cipher_context_t *ctx,
|
||||
if( MBEDTLS_MODE_KW == ctx->cipher_info->mode ||
|
||||
MBEDTLS_MODE_KWP == ctx->cipher_info->mode )
|
||||
{
|
||||
mbedtls_nist_kw_mode_t mode = ( MBEDTLS_MODE_KW == ctx->cipher_info->mode ) ?
|
||||
MBEDTLS_KW_MODE_KW : MBEDTLS_KW_MODE_KWP;
|
||||
|
||||
/* There is no iv, tag or ad associated with KW and KWP, these length should be 0 */
|
||||
if( iv_len != 0 || tag_len != 0 || ad_len != 0 )
|
||||
{
|
||||
return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
|
||||
}
|
||||
|
||||
return( mbedtls_nist_kw_unwrap( ctx->cipher_ctx, mode, input, ilen, output, olen, SIZE_MAX ) );
|
||||
/* NIST_KW is not supported because we used to document the wrong size
|
||||
* of the output buffer, so people should move to the _ext API,
|
||||
* which has an explicit argument for buffer size. */
|
||||
return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
|
||||
}
|
||||
#endif /* MBEDTLS_NIST_KW_C */
|
||||
|
||||
|
||||
@ -1222,22 +1222,31 @@ void auth_crypt_tv( int cipher_id, data_t * key, data_t * iv,
|
||||
tmp_cipher, cipher->len, output, &outlen,
|
||||
tmp_tag, tag->len );
|
||||
|
||||
/* make sure the message is rejected if it should be */
|
||||
if( strcmp( result, "FAIL" ) == 0 )
|
||||
if( using_nist_kw )
|
||||
{
|
||||
/* NIST_KW with legacy API */
|
||||
TEST_ASSERT( ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
|
||||
}
|
||||
else if( strcmp( result, "FAIL" ) == 0 )
|
||||
{
|
||||
/* unauthentic message */
|
||||
TEST_ASSERT( ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED );
|
||||
}
|
||||
else
|
||||
{
|
||||
/* otherwise, make sure it was decrypted properly */
|
||||
/* authentic message: is the plaintext correct? */
|
||||
TEST_ASSERT( ret == 0 );
|
||||
|
||||
TEST_ASSERT( outlen == clear->len );
|
||||
TEST_ASSERT( memcmp( output, clear->x, clear->len ) == 0 );
|
||||
}
|
||||
|
||||
/*
|
||||
* Prepare context for encryption
|
||||
*/
|
||||
/*
|
||||
* Encrypt back if test data was authentic
|
||||
*/
|
||||
if( strcmp( result, "FAIL" ) != 0 )
|
||||
{
|
||||
/* prepare context for encryption */
|
||||
cipher_reset_key( &ctx, cipher_id, use_psa, tag->len, key,
|
||||
MBEDTLS_ENCRYPT );
|
||||
|
||||
@ -1254,11 +1263,19 @@ void auth_crypt_tv( int cipher_id, data_t * key, data_t * iv,
|
||||
ret = mbedtls_cipher_auth_encrypt( &ctx, iv->x, iv->len, ad->x, ad->len,
|
||||
clear->x, clear->len, output, &outlen,
|
||||
output_tag, tag->len );
|
||||
TEST_ASSERT( ret == 0 );
|
||||
|
||||
TEST_ASSERT( outlen == cipher->len );
|
||||
TEST_ASSERT( memcmp( output, cipher->x, cipher->len ) == 0 );
|
||||
TEST_ASSERT( memcmp( output_tag, tag->x, tag->len ) == 0 );
|
||||
if( using_nist_kw )
|
||||
{
|
||||
TEST_ASSERT( ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
|
||||
}
|
||||
else
|
||||
{
|
||||
TEST_ASSERT( ret == 0 );
|
||||
|
||||
TEST_ASSERT( outlen == cipher->len );
|
||||
TEST_ASSERT( memcmp( output, cipher->x, cipher->len ) == 0 );
|
||||
TEST_ASSERT( memcmp( output_tag, tag->x, tag->len ) == 0 );
|
||||
}
|
||||
}
|
||||
|
||||
exit:
|
||||
|
||||
Loading…
Reference in New Issue
Block a user