diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 04614d1af..d64a9dd9e 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3938,6 +3938,94 @@ exit: return( status ); } +/* Process input for which the algorithm is set to ECB mode. This requires + * manual processing, since the PSA API is defined as being able to process + * arbitrary-length calls to psa_cipher_update() with ECB mode, but the + * underlying mbedtls_cipher_update only takes full blocks. */ +static psa_status_t psa_cipher_update_ecb_internal( + mbedtls_cipher_context_t *ctx, + const uint8_t *input, + size_t input_length, + uint8_t *output, + size_t output_size, + size_t *output_length ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + size_t block_size = ctx->cipher_info->block_size; + size_t internal_output_length = 0; + *output_length = 0; + + if( input_length == 0 ) + { + status = PSA_SUCCESS; + goto exit; + } + + if( ctx->unprocessed_len > 0 ) + { + /* Fill up to block size, and run the block if there's a full one. */ + size_t bytes_to_copy = block_size - ctx->unprocessed_len; + + if( input_length < bytes_to_copy ) + bytes_to_copy = input_length; + + memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), + input, bytes_to_copy ); + input_length -= bytes_to_copy; + input += bytes_to_copy; + ctx->unprocessed_len += bytes_to_copy; + + if( ctx->unprocessed_len == block_size ) + { + status = mbedtls_to_psa_error( + mbedtls_cipher_update( ctx, + ctx->unprocessed_data, + block_size, + output, &internal_output_length ) ); + + if( status != PSA_SUCCESS ) + goto exit; + + output += internal_output_length; + output_size -= internal_output_length; + *output_length += internal_output_length; + ctx->unprocessed_len = 0; + } + } + + while( input_length >= block_size ) + { + /* Run all full blocks we have, one by one */ + status = mbedtls_to_psa_error( + mbedtls_cipher_update( ctx, input, + block_size, + output, &internal_output_length ) ); + + if( status != PSA_SUCCESS ) + goto exit; + + input_length -= block_size; + input += block_size; + + output += internal_output_length; + output_size -= internal_output_length; + *output_length += internal_output_length; + } + + if( input_length > 0 ) + { + /* Save unprocessed bytes for later processing */ + memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), + input, input_length ); + ctx->unprocessed_len += input_length; + } + + status = PSA_SUCCESS; + +exit: + return( status ); +} + psa_status_t psa_cipher_update( psa_cipher_operation_t *operation, const uint8_t *input, size_t input_length, @@ -3947,7 +4035,6 @@ psa_status_t psa_cipher_update( psa_cipher_operation_t *operation, { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; size_t expected_output_size; - size_t internal_output_length; if( operation->alg == 0 ) { @@ -3980,71 +4067,12 @@ psa_status_t psa_cipher_update( psa_cipher_operation_t *operation, /* mbedtls_cipher_update has an API inconsistency: it will only * process a single block at a time in ECB mode. Abstract away that * inconsistency here to match the PSA API behaviour. */ - *output_length = 0; - - if( input_length == 0 ) - { - status = PSA_SUCCESS; - goto exit; - } - - if( expected_output_size > 0 ) - { - size_t ctx_bytes = operation->ctx.cipher.unprocessed_len; - if( ctx_bytes > 0 ) - { - /* Fill up to block size and run the block */ - size_t bytes_to_copy = operation->block_size - ctx_bytes; - memcpy( &( operation->ctx.cipher.unprocessed_data[ctx_bytes] ), - input, bytes_to_copy ); - input_length -= bytes_to_copy; - input += bytes_to_copy; - operation->ctx.cipher.unprocessed_len = 0; - - status = mbedtls_to_psa_error( - mbedtls_cipher_update( &operation->ctx.cipher, - operation->ctx.cipher.unprocessed_data, - operation->block_size, - output, &internal_output_length ) ); - - if( status != PSA_SUCCESS ) - goto exit; - - output += internal_output_length; - output_size -= internal_output_length; - *output_length += internal_output_length; - } - - size_t blocks = input_length / operation->block_size; - for( ; blocks > 0; blocks-- ) - { - /* Run all full blocks we have, one by one */ - status = mbedtls_to_psa_error( - mbedtls_cipher_update( &operation->ctx.cipher, input, - operation->block_size, - output, &internal_output_length ) ); - - if( status != PSA_SUCCESS ) - goto exit; - - input_length -= operation->block_size; - input += operation->block_size; - - output += internal_output_length; - output_size -= internal_output_length; - *output_length += internal_output_length; - } - } - - if( input_length > 0 ) - { - /* Save unprocessed bytes for later processing */ - memcpy( &( operation->ctx.cipher.unprocessed_data[operation->ctx.cipher.unprocessed_len] ), - input, input_length ); - operation->ctx.cipher.unprocessed_len += input_length; - } - - status = PSA_SUCCESS; + status = psa_cipher_update_ecb_internal( &operation->ctx.cipher, + input, + input_length, + output, + output_size, + output_length ); } else { diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 44a69b989..86f6bc71c 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -1152,7 +1152,7 @@ cipher_encrypt:PSA_ALG_CBC_PKCS7:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4 PSA symmetric encrypt: AES-ECB, input too short (15 bytes) depends_on:MBEDTLS_AES_C -cipher_encrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"6bc1bee22e409f96e93d7e11739317":"3ad77bb40d7a3660a89ecaf32466ef":PSA_ERROR_INVALID_ARGUMENT +cipher_encrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"6bc1bee22e409f96e93d7e11739317":"":PSA_ERROR_INVALID_ARGUMENT PSA symmetric encrypt: AES-CBC-nopad, input too short depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC @@ -1306,23 +1306,23 @@ PSA symmetric encryption multipart: AES-CBC-nopad, 20+12 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC cipher_encrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":20:16:16:"a076ec9dfbe47d52afc357336f20743b89906f2f9207ac02aa658cb4ef19c61f" -PSA symmetric encryption multipart: AES-CTR, 11+5 bytes [#1] +PSA symmetric encryption multipart: AES-CTR, 11+5 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":11:11:5:"8f9408fe80a81d3e813da3c7b0b2bd32" -PSA symmetric encryption multipart: AES-CTR, 16+16 bytes [#1] +PSA symmetric encryption multipart: AES-CTR, 16+16 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":16:16:16:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587" -PSA symmetric encryption multipart: AES-CTR, 12+20 bytes [#1] +PSA symmetric encryption multipart: AES-CTR, 12+20 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":12:12:20:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587" -PSA symmetric encryption multipart: AES-CTR, 20+12 bytes [#1] +PSA symmetric encryption multipart: AES-CTR, 20+12 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":20:20:12:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587" -PSA symmetric encryption multipart: AES-CTR, 12+10 bytes [#1] +PSA symmetric encryption multipart: AES-CTR, 12+10 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597":12:12:10:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7b" @@ -1378,23 +1378,23 @@ PSA symmetric decryption multipart: AES-CBC-nopad, 20+12 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC cipher_decrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"a076ec9dfbe47d52afc357336f20743b89906f2f9207ac02aa658cb4ef19c61f":20:16:16:"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef" -PSA symmetric encryption multipart: AES-CTR, 11+5 bytes [#2] +PSA symmetric decryption multipart: AES-CTR, 11+5 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":11:11:5:"8f9408fe80a81d3e813da3c7b0b2bd32" -PSA symmetric decryption multipart: AES-CTR, 16+16 bytes [#2] +PSA symmetric decryption multipart: AES-CTR, 16+16 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":16:16:16:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587" -PSA symmetric decryption multipart: AES-CTR, 12+20 bytes [#2] +PSA symmetric decryption multipart: AES-CTR, 12+20 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":12:12:20:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587" -PSA symmetric decryption multipart: AES-CTR, 20+12 bytes [#2] +PSA symmetric decryption multipart: AES-CTR, 20+12 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":20:20:12:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587" -PSA symmetric decryption multipart: AES-CTR, 12+10 bytes [#2] +PSA symmetric decryption multipart: AES-CTR, 12+10 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597":12:12:10:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7b" diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index e75d6518e..ae61ea99a 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -3487,7 +3487,8 @@ void cipher_decrypt_multipart( int alg_arg, int key_type_arg, PSA_ASSERT( psa_cipher_decrypt_setup( &operation, handle, alg ) ); - if( iv->len > 0 ) { + if( iv->len > 0 ) + { PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) ); } @@ -3556,7 +3557,8 @@ void cipher_decrypt( int alg_arg, int key_type_arg, PSA_ASSERT( psa_cipher_decrypt_setup( &operation, handle, alg ) ); - if( iv->len > 0 ) { + if( iv->len > 0 ) + { PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) ); } @@ -3625,7 +3627,8 @@ void cipher_verify_output( int alg_arg, int key_type_arg, PSA_ASSERT( psa_cipher_decrypt_setup( &operation2, handle, alg ) ); - if( alg != PSA_ALG_ECB_NO_PADDING ) { + if( alg != PSA_ALG_ECB_NO_PADDING ) + { PSA_ASSERT( psa_cipher_generate_iv( &operation1, iv, iv_size, &iv_length ) ); @@ -3649,7 +3652,8 @@ void cipher_verify_output( int alg_arg, int key_type_arg, output2_size = output1_length; ASSERT_ALLOC( output2, output2_size ); - if( iv_length > 0 ) { + if( iv_length > 0 ) + { PSA_ASSERT( psa_cipher_set_iv( &operation2, iv, iv_length ) ); } @@ -3715,7 +3719,8 @@ void cipher_verify_output_multipart( int alg_arg, PSA_ASSERT( psa_cipher_decrypt_setup( &operation2, handle, alg ) ); - if( alg != PSA_ALG_ECB_NO_PADDING ) { + if( alg != PSA_ALG_ECB_NO_PADDING ) + { PSA_ASSERT( psa_cipher_generate_iv( &operation1, iv, iv_size, &iv_length ) ); @@ -3750,7 +3755,8 @@ void cipher_verify_output_multipart( int alg_arg, output2_buffer_size = output1_length; ASSERT_ALLOC( output2, output2_buffer_size ); - if( iv_length > 0 ) { + if( iv_length > 0 ) + { PSA_ASSERT( psa_cipher_set_iv( &operation2, iv, iv_length ) ); }