mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-26 03:55:39 +01:00
psa: aead: Move AEAD driver entry points to psa_crypto_aead.c
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
parent
7ceee8d30a
commit
46f9178d85
@ -3509,222 +3509,6 @@ psa_status_t psa_cipher_abort( psa_cipher_operation_t *operation )
|
||||
/* AEAD */
|
||||
/****************************************************************/
|
||||
|
||||
typedef struct
|
||||
{
|
||||
const mbedtls_cipher_info_t *cipher_info;
|
||||
union
|
||||
{
|
||||
unsigned dummy; /* Make the union non-empty even with no supported algorithms. */
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
|
||||
mbedtls_ccm_context ccm;
|
||||
#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
|
||||
mbedtls_gcm_context gcm;
|
||||
#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
|
||||
mbedtls_chachapoly_context chachapoly;
|
||||
#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
|
||||
} ctx;
|
||||
psa_algorithm_t core_alg;
|
||||
uint8_t full_tag_length;
|
||||
uint8_t tag_length;
|
||||
} aead_operation_t;
|
||||
|
||||
#define AEAD_OPERATION_INIT {0, {0}, 0, 0, 0}
|
||||
|
||||
static void psa_aead_abort_internal( aead_operation_t *operation )
|
||||
{
|
||||
switch( operation->core_alg )
|
||||
{
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
|
||||
case PSA_ALG_CCM:
|
||||
mbedtls_ccm_free( &operation->ctx.ccm );
|
||||
break;
|
||||
#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
|
||||
case PSA_ALG_GCM:
|
||||
mbedtls_gcm_free( &operation->ctx.gcm );
|
||||
break;
|
||||
#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
|
||||
}
|
||||
}
|
||||
|
||||
static psa_status_t psa_aead_setup(
|
||||
aead_operation_t *operation,
|
||||
const psa_key_attributes_t *attributes,
|
||||
const uint8_t *key_buffer,
|
||||
psa_algorithm_t alg )
|
||||
{
|
||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
size_t key_bits;
|
||||
mbedtls_cipher_id_t cipher_id;
|
||||
|
||||
key_bits = attributes->core.bits;
|
||||
|
||||
operation->cipher_info =
|
||||
mbedtls_cipher_info_from_psa( alg, attributes->core.type, key_bits,
|
||||
&cipher_id );
|
||||
if( operation->cipher_info == NULL )
|
||||
return( PSA_ERROR_NOT_SUPPORTED );
|
||||
|
||||
switch( PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, 0 ) )
|
||||
{
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
|
||||
case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 0 ):
|
||||
operation->core_alg = PSA_ALG_CCM;
|
||||
operation->full_tag_length = 16;
|
||||
/* CCM allows the following tag lengths: 4, 6, 8, 10, 12, 14, 16.
|
||||
* The call to mbedtls_ccm_encrypt_and_tag or
|
||||
* mbedtls_ccm_auth_decrypt will validate the tag length. */
|
||||
if( PSA_BLOCK_CIPHER_BLOCK_LENGTH( attributes->core.type ) != 16 )
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
|
||||
mbedtls_ccm_init( &operation->ctx.ccm );
|
||||
status = mbedtls_to_psa_error(
|
||||
mbedtls_ccm_setkey( &operation->ctx.ccm, cipher_id,
|
||||
key_buffer, (unsigned int) key_bits ) );
|
||||
if( status != PSA_SUCCESS )
|
||||
return( status );
|
||||
break;
|
||||
#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
|
||||
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
|
||||
case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 0 ):
|
||||
operation->core_alg = PSA_ALG_GCM;
|
||||
operation->full_tag_length = 16;
|
||||
/* GCM allows the following tag lengths: 4, 8, 12, 13, 14, 15, 16.
|
||||
* The call to mbedtls_gcm_crypt_and_tag or
|
||||
* mbedtls_gcm_auth_decrypt will validate the tag length. */
|
||||
if( PSA_BLOCK_CIPHER_BLOCK_LENGTH( attributes->core.type ) != 16 )
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
|
||||
mbedtls_gcm_init( &operation->ctx.gcm );
|
||||
status = mbedtls_to_psa_error(
|
||||
mbedtls_gcm_setkey( &operation->ctx.gcm, cipher_id,
|
||||
key_buffer, (unsigned int) key_bits ) );
|
||||
if( status != PSA_SUCCESS )
|
||||
return( status );
|
||||
break;
|
||||
#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
|
||||
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
|
||||
case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CHACHA20_POLY1305, 0 ):
|
||||
operation->core_alg = PSA_ALG_CHACHA20_POLY1305;
|
||||
operation->full_tag_length = 16;
|
||||
/* We only support the default tag length. */
|
||||
if( alg != PSA_ALG_CHACHA20_POLY1305 )
|
||||
return( PSA_ERROR_NOT_SUPPORTED );
|
||||
|
||||
mbedtls_chachapoly_init( &operation->ctx.chachapoly );
|
||||
status = mbedtls_to_psa_error(
|
||||
mbedtls_chachapoly_setkey( &operation->ctx.chachapoly,
|
||||
key_buffer ) );
|
||||
if( status != PSA_SUCCESS )
|
||||
return( status );
|
||||
break;
|
||||
#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
|
||||
|
||||
default:
|
||||
return( PSA_ERROR_NOT_SUPPORTED );
|
||||
}
|
||||
|
||||
if( PSA_AEAD_TAG_LENGTH( alg ) > operation->full_tag_length )
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
|
||||
operation->tag_length = PSA_AEAD_TAG_LENGTH( alg );
|
||||
|
||||
return( PSA_SUCCESS );
|
||||
}
|
||||
|
||||
static psa_status_t psa_aead_encrypt_internal(
|
||||
const psa_key_attributes_t *attributes,
|
||||
const uint8_t *key_buffer, size_t key_buffer_size,
|
||||
psa_algorithm_t alg,
|
||||
const uint8_t *nonce, size_t nonce_length,
|
||||
const uint8_t *additional_data, size_t additional_data_length,
|
||||
const uint8_t *plaintext, size_t plaintext_length,
|
||||
uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length )
|
||||
{
|
||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
aead_operation_t operation = AEAD_OPERATION_INIT;
|
||||
uint8_t *tag;
|
||||
(void) key_buffer_size;
|
||||
|
||||
status = psa_aead_setup( &operation, attributes, key_buffer, alg );
|
||||
if( status != PSA_SUCCESS )
|
||||
goto exit;
|
||||
|
||||
/* For all currently supported modes, the tag is at the end of the
|
||||
* ciphertext. */
|
||||
if( ciphertext_size < ( plaintext_length + operation.tag_length ) )
|
||||
{
|
||||
status = PSA_ERROR_BUFFER_TOO_SMALL;
|
||||
goto exit;
|
||||
}
|
||||
tag = ciphertext + plaintext_length;
|
||||
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
|
||||
if( operation.core_alg == PSA_ALG_GCM )
|
||||
{
|
||||
status = mbedtls_to_psa_error(
|
||||
mbedtls_gcm_crypt_and_tag( &operation.ctx.gcm,
|
||||
MBEDTLS_GCM_ENCRYPT,
|
||||
plaintext_length,
|
||||
nonce, nonce_length,
|
||||
additional_data, additional_data_length,
|
||||
plaintext, ciphertext,
|
||||
operation.tag_length, tag ) );
|
||||
}
|
||||
else
|
||||
#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
|
||||
if( operation.core_alg == PSA_ALG_CCM )
|
||||
{
|
||||
status = mbedtls_to_psa_error(
|
||||
mbedtls_ccm_encrypt_and_tag( &operation.ctx.ccm,
|
||||
plaintext_length,
|
||||
nonce, nonce_length,
|
||||
additional_data,
|
||||
additional_data_length,
|
||||
plaintext, ciphertext,
|
||||
tag, operation.tag_length ) );
|
||||
}
|
||||
else
|
||||
#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
|
||||
if( operation.core_alg == PSA_ALG_CHACHA20_POLY1305 )
|
||||
{
|
||||
if( nonce_length != 12 || operation.tag_length != 16 )
|
||||
{
|
||||
status = PSA_ERROR_NOT_SUPPORTED;
|
||||
goto exit;
|
||||
}
|
||||
status = mbedtls_to_psa_error(
|
||||
mbedtls_chachapoly_encrypt_and_tag( &operation.ctx.chachapoly,
|
||||
plaintext_length,
|
||||
nonce,
|
||||
additional_data,
|
||||
additional_data_length,
|
||||
plaintext,
|
||||
ciphertext,
|
||||
tag ) );
|
||||
}
|
||||
else
|
||||
#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
|
||||
{
|
||||
(void) tag;
|
||||
return( PSA_ERROR_NOT_SUPPORTED );
|
||||
}
|
||||
|
||||
if( status == PSA_SUCCESS )
|
||||
*ciphertext_length = plaintext_length + operation.tag_length;
|
||||
|
||||
exit:
|
||||
psa_aead_abort_internal( &operation );
|
||||
|
||||
return( status );
|
||||
}
|
||||
|
||||
psa_status_t psa_aead_encrypt( mbedtls_svc_key_id_t key,
|
||||
psa_algorithm_t alg,
|
||||
const uint8_t *nonce,
|
||||
@ -3751,7 +3535,7 @@ psa_status_t psa_aead_encrypt( mbedtls_svc_key_id_t key,
|
||||
.core = slot->attr
|
||||
};
|
||||
|
||||
status = psa_aead_encrypt_internal(
|
||||
status = mbedtls_psa_aead_encrypt(
|
||||
&attributes, slot->key.data, slot->key.bytes,
|
||||
alg,
|
||||
nonce, nonce_length,
|
||||
@ -3767,114 +3551,6 @@ psa_status_t psa_aead_encrypt( mbedtls_svc_key_id_t key,
|
||||
return( status );
|
||||
}
|
||||
|
||||
/* Locate the tag in a ciphertext buffer containing the encrypted data
|
||||
* followed by the tag. Return the length of the part preceding the tag in
|
||||
* *plaintext_length. This is the size of the plaintext in modes where
|
||||
* the encrypted data has the same size as the plaintext, such as
|
||||
* CCM and GCM. */
|
||||
static psa_status_t psa_aead_unpadded_locate_tag( size_t tag_length,
|
||||
const uint8_t *ciphertext,
|
||||
size_t ciphertext_length,
|
||||
size_t plaintext_size,
|
||||
const uint8_t **p_tag )
|
||||
{
|
||||
size_t payload_length;
|
||||
if( tag_length > ciphertext_length )
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
payload_length = ciphertext_length - tag_length;
|
||||
if( payload_length > plaintext_size )
|
||||
return( PSA_ERROR_BUFFER_TOO_SMALL );
|
||||
*p_tag = ciphertext + payload_length;
|
||||
return( PSA_SUCCESS );
|
||||
}
|
||||
|
||||
static psa_status_t psa_aead_decrypt_internal(
|
||||
const psa_key_attributes_t *attributes,
|
||||
const uint8_t *key_buffer, size_t key_buffer_size,
|
||||
psa_algorithm_t alg,
|
||||
const uint8_t *nonce, size_t nonce_length,
|
||||
const uint8_t *additional_data, size_t additional_data_length,
|
||||
const uint8_t *ciphertext, size_t ciphertext_length,
|
||||
uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length )
|
||||
{
|
||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
aead_operation_t operation = AEAD_OPERATION_INIT;
|
||||
const uint8_t *tag = NULL;
|
||||
(void) key_buffer_size;
|
||||
|
||||
status = psa_aead_setup( &operation, attributes, key_buffer, alg );
|
||||
if( status != PSA_SUCCESS )
|
||||
goto exit;
|
||||
|
||||
status = psa_aead_unpadded_locate_tag( operation.tag_length,
|
||||
ciphertext, ciphertext_length,
|
||||
plaintext_size, &tag );
|
||||
if( status != PSA_SUCCESS )
|
||||
goto exit;
|
||||
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
|
||||
if( operation.core_alg == PSA_ALG_GCM )
|
||||
{
|
||||
status = mbedtls_to_psa_error(
|
||||
mbedtls_gcm_auth_decrypt( &operation.ctx.gcm,
|
||||
ciphertext_length - operation.tag_length,
|
||||
nonce, nonce_length,
|
||||
additional_data,
|
||||
additional_data_length,
|
||||
tag, operation.tag_length,
|
||||
ciphertext, plaintext ) );
|
||||
}
|
||||
else
|
||||
#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
|
||||
if( operation.core_alg == PSA_ALG_CCM )
|
||||
{
|
||||
status = mbedtls_to_psa_error(
|
||||
mbedtls_ccm_auth_decrypt( &operation.ctx.ccm,
|
||||
ciphertext_length - operation.tag_length,
|
||||
nonce, nonce_length,
|
||||
additional_data,
|
||||
additional_data_length,
|
||||
ciphertext, plaintext,
|
||||
tag, operation.tag_length ) );
|
||||
}
|
||||
else
|
||||
#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
|
||||
if( operation.core_alg == PSA_ALG_CHACHA20_POLY1305 )
|
||||
{
|
||||
if( nonce_length != 12 || operation.tag_length != 16 )
|
||||
{
|
||||
status = PSA_ERROR_NOT_SUPPORTED;
|
||||
goto exit;
|
||||
}
|
||||
status = mbedtls_to_psa_error(
|
||||
mbedtls_chachapoly_auth_decrypt( &operation.ctx.chachapoly,
|
||||
ciphertext_length - operation.tag_length,
|
||||
nonce,
|
||||
additional_data,
|
||||
additional_data_length,
|
||||
tag,
|
||||
ciphertext,
|
||||
plaintext ) );
|
||||
}
|
||||
else
|
||||
#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
|
||||
{
|
||||
return( PSA_ERROR_NOT_SUPPORTED );
|
||||
}
|
||||
|
||||
if( status == PSA_SUCCESS )
|
||||
*plaintext_length = ciphertext_length - operation.tag_length;
|
||||
|
||||
exit:
|
||||
psa_aead_abort_internal( &operation );
|
||||
|
||||
if( status == PSA_SUCCESS )
|
||||
*plaintext_length = ciphertext_length - operation.tag_length;
|
||||
return( status );
|
||||
}
|
||||
|
||||
psa_status_t psa_aead_decrypt( mbedtls_svc_key_id_t key,
|
||||
psa_algorithm_t alg,
|
||||
const uint8_t *nonce,
|
||||
@ -3901,7 +3577,7 @@ psa_status_t psa_aead_decrypt( mbedtls_svc_key_id_t key,
|
||||
.core = slot->attr
|
||||
};
|
||||
|
||||
status = psa_aead_decrypt_internal(
|
||||
status = mbedtls_psa_aead_decrypt(
|
||||
&attributes, slot->key.data, slot->key.bytes,
|
||||
alg,
|
||||
nonce, nonce_length,
|
||||
@ -3917,8 +3593,6 @@ psa_status_t psa_aead_decrypt( mbedtls_svc_key_id_t key,
|
||||
return( status );
|
||||
}
|
||||
|
||||
|
||||
|
||||
/****************************************************************/
|
||||
/* Generators */
|
||||
/****************************************************************/
|
||||
|
@ -23,6 +23,336 @@
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_C)
|
||||
|
||||
#include "psa_crypto_aead.h"
|
||||
#include "psa_crypto_core.h"
|
||||
|
||||
#include "mbedtls/ccm.h"
|
||||
#include "mbedtls/chachapoly.h"
|
||||
#include "mbedtls/cipher.h"
|
||||
#include "mbedtls/gcm.h"
|
||||
|
||||
typedef struct
|
||||
{
|
||||
const mbedtls_cipher_info_t *cipher_info;
|
||||
union
|
||||
{
|
||||
unsigned dummy; /* Make the union non-empty even with no supported algorithms. */
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
|
||||
mbedtls_ccm_context ccm;
|
||||
#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
|
||||
mbedtls_gcm_context gcm;
|
||||
#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
|
||||
mbedtls_chachapoly_context chachapoly;
|
||||
#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
|
||||
} ctx;
|
||||
psa_algorithm_t core_alg;
|
||||
uint8_t full_tag_length;
|
||||
uint8_t tag_length;
|
||||
} aead_operation_t;
|
||||
|
||||
#define AEAD_OPERATION_INIT {0, {0}, 0, 0, 0}
|
||||
|
||||
static void psa_aead_abort_internal( aead_operation_t *operation )
|
||||
{
|
||||
switch( operation->core_alg )
|
||||
{
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
|
||||
case PSA_ALG_CCM:
|
||||
mbedtls_ccm_free( &operation->ctx.ccm );
|
||||
break;
|
||||
#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
|
||||
case PSA_ALG_GCM:
|
||||
mbedtls_gcm_free( &operation->ctx.gcm );
|
||||
break;
|
||||
#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
|
||||
}
|
||||
}
|
||||
|
||||
static psa_status_t psa_aead_setup(
|
||||
aead_operation_t *operation,
|
||||
const psa_key_attributes_t *attributes,
|
||||
const uint8_t *key_buffer,
|
||||
psa_algorithm_t alg )
|
||||
{
|
||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
size_t key_bits;
|
||||
mbedtls_cipher_id_t cipher_id;
|
||||
|
||||
key_bits = attributes->core.bits;
|
||||
|
||||
operation->cipher_info =
|
||||
mbedtls_cipher_info_from_psa( alg, attributes->core.type, key_bits,
|
||||
&cipher_id );
|
||||
if( operation->cipher_info == NULL )
|
||||
return( PSA_ERROR_NOT_SUPPORTED );
|
||||
|
||||
switch( PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, 0 ) )
|
||||
{
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
|
||||
case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 0 ):
|
||||
operation->core_alg = PSA_ALG_CCM;
|
||||
operation->full_tag_length = 16;
|
||||
/* CCM allows the following tag lengths: 4, 6, 8, 10, 12, 14, 16.
|
||||
* The call to mbedtls_ccm_encrypt_and_tag or
|
||||
* mbedtls_ccm_auth_decrypt will validate the tag length. */
|
||||
if( PSA_BLOCK_CIPHER_BLOCK_LENGTH( attributes->core.type ) != 16 )
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
|
||||
mbedtls_ccm_init( &operation->ctx.ccm );
|
||||
status = mbedtls_to_psa_error(
|
||||
mbedtls_ccm_setkey( &operation->ctx.ccm, cipher_id,
|
||||
key_buffer, (unsigned int) key_bits ) );
|
||||
if( status != PSA_SUCCESS )
|
||||
return( status );
|
||||
break;
|
||||
#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
|
||||
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
|
||||
case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 0 ):
|
||||
operation->core_alg = PSA_ALG_GCM;
|
||||
operation->full_tag_length = 16;
|
||||
/* GCM allows the following tag lengths: 4, 8, 12, 13, 14, 15, 16.
|
||||
* The call to mbedtls_gcm_crypt_and_tag or
|
||||
* mbedtls_gcm_auth_decrypt will validate the tag length. */
|
||||
if( PSA_BLOCK_CIPHER_BLOCK_LENGTH( attributes->core.type ) != 16 )
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
|
||||
mbedtls_gcm_init( &operation->ctx.gcm );
|
||||
status = mbedtls_to_psa_error(
|
||||
mbedtls_gcm_setkey( &operation->ctx.gcm, cipher_id,
|
||||
key_buffer, (unsigned int) key_bits ) );
|
||||
if( status != PSA_SUCCESS )
|
||||
return( status );
|
||||
break;
|
||||
#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
|
||||
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
|
||||
case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CHACHA20_POLY1305, 0 ):
|
||||
operation->core_alg = PSA_ALG_CHACHA20_POLY1305;
|
||||
operation->full_tag_length = 16;
|
||||
/* We only support the default tag length. */
|
||||
if( alg != PSA_ALG_CHACHA20_POLY1305 )
|
||||
return( PSA_ERROR_NOT_SUPPORTED );
|
||||
|
||||
mbedtls_chachapoly_init( &operation->ctx.chachapoly );
|
||||
status = mbedtls_to_psa_error(
|
||||
mbedtls_chachapoly_setkey( &operation->ctx.chachapoly,
|
||||
key_buffer ) );
|
||||
if( status != PSA_SUCCESS )
|
||||
return( status );
|
||||
break;
|
||||
#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
|
||||
|
||||
default:
|
||||
return( PSA_ERROR_NOT_SUPPORTED );
|
||||
}
|
||||
|
||||
if( PSA_AEAD_TAG_LENGTH( alg ) > operation->full_tag_length )
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
|
||||
operation->tag_length = PSA_AEAD_TAG_LENGTH( alg );
|
||||
|
||||
return( PSA_SUCCESS );
|
||||
}
|
||||
|
||||
psa_status_t mbedtls_psa_aead_encrypt(
|
||||
const psa_key_attributes_t *attributes,
|
||||
const uint8_t *key_buffer, size_t key_buffer_size,
|
||||
psa_algorithm_t alg,
|
||||
const uint8_t *nonce, size_t nonce_length,
|
||||
const uint8_t *additional_data, size_t additional_data_length,
|
||||
const uint8_t *plaintext, size_t plaintext_length,
|
||||
uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length )
|
||||
{
|
||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
aead_operation_t operation = AEAD_OPERATION_INIT;
|
||||
uint8_t *tag;
|
||||
(void) key_buffer_size;
|
||||
|
||||
status = psa_aead_setup( &operation, attributes, key_buffer, alg );
|
||||
if( status != PSA_SUCCESS )
|
||||
goto exit;
|
||||
|
||||
/* For all currently supported modes, the tag is at the end of the
|
||||
* ciphertext. */
|
||||
if( ciphertext_size < ( plaintext_length + operation.tag_length ) )
|
||||
{
|
||||
status = PSA_ERROR_BUFFER_TOO_SMALL;
|
||||
goto exit;
|
||||
}
|
||||
tag = ciphertext + plaintext_length;
|
||||
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
|
||||
if( operation.core_alg == PSA_ALG_GCM )
|
||||
{
|
||||
status = mbedtls_to_psa_error(
|
||||
mbedtls_gcm_crypt_and_tag( &operation.ctx.gcm,
|
||||
MBEDTLS_GCM_ENCRYPT,
|
||||
plaintext_length,
|
||||
nonce, nonce_length,
|
||||
additional_data, additional_data_length,
|
||||
plaintext, ciphertext,
|
||||
operation.tag_length, tag ) );
|
||||
}
|
||||
else
|
||||
#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
|
||||
if( operation.core_alg == PSA_ALG_CCM )
|
||||
{
|
||||
status = mbedtls_to_psa_error(
|
||||
mbedtls_ccm_encrypt_and_tag( &operation.ctx.ccm,
|
||||
plaintext_length,
|
||||
nonce, nonce_length,
|
||||
additional_data,
|
||||
additional_data_length,
|
||||
plaintext, ciphertext,
|
||||
tag, operation.tag_length ) );
|
||||
}
|
||||
else
|
||||
#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
|
||||
if( operation.core_alg == PSA_ALG_CHACHA20_POLY1305 )
|
||||
{
|
||||
if( nonce_length != 12 || operation.tag_length != 16 )
|
||||
{
|
||||
status = PSA_ERROR_NOT_SUPPORTED;
|
||||
goto exit;
|
||||
}
|
||||
status = mbedtls_to_psa_error(
|
||||
mbedtls_chachapoly_encrypt_and_tag( &operation.ctx.chachapoly,
|
||||
plaintext_length,
|
||||
nonce,
|
||||
additional_data,
|
||||
additional_data_length,
|
||||
plaintext,
|
||||
ciphertext,
|
||||
tag ) );
|
||||
}
|
||||
else
|
||||
#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
|
||||
{
|
||||
(void) tag;
|
||||
return( PSA_ERROR_NOT_SUPPORTED );
|
||||
}
|
||||
|
||||
if( status == PSA_SUCCESS )
|
||||
*ciphertext_length = plaintext_length + operation.tag_length;
|
||||
|
||||
exit:
|
||||
psa_aead_abort_internal( &operation );
|
||||
|
||||
return( status );
|
||||
}
|
||||
|
||||
/* Locate the tag in a ciphertext buffer containing the encrypted data
|
||||
* followed by the tag. Return the length of the part preceding the tag in
|
||||
* *plaintext_length. This is the size of the plaintext in modes where
|
||||
* the encrypted data has the same size as the plaintext, such as
|
||||
* CCM and GCM. */
|
||||
static psa_status_t psa_aead_unpadded_locate_tag( size_t tag_length,
|
||||
const uint8_t *ciphertext,
|
||||
size_t ciphertext_length,
|
||||
size_t plaintext_size,
|
||||
const uint8_t **p_tag )
|
||||
{
|
||||
size_t payload_length;
|
||||
if( tag_length > ciphertext_length )
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
payload_length = ciphertext_length - tag_length;
|
||||
if( payload_length > plaintext_size )
|
||||
return( PSA_ERROR_BUFFER_TOO_SMALL );
|
||||
*p_tag = ciphertext + payload_length;
|
||||
return( PSA_SUCCESS );
|
||||
}
|
||||
|
||||
psa_status_t mbedtls_psa_aead_decrypt(
|
||||
const psa_key_attributes_t *attributes,
|
||||
const uint8_t *key_buffer, size_t key_buffer_size,
|
||||
psa_algorithm_t alg,
|
||||
const uint8_t *nonce, size_t nonce_length,
|
||||
const uint8_t *additional_data, size_t additional_data_length,
|
||||
const uint8_t *ciphertext, size_t ciphertext_length,
|
||||
uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length )
|
||||
{
|
||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
aead_operation_t operation = AEAD_OPERATION_INIT;
|
||||
const uint8_t *tag = NULL;
|
||||
(void) key_buffer_size;
|
||||
|
||||
status = psa_aead_setup( &operation, attributes, key_buffer, alg );
|
||||
if( status != PSA_SUCCESS )
|
||||
goto exit;
|
||||
|
||||
status = psa_aead_unpadded_locate_tag( operation.tag_length,
|
||||
ciphertext, ciphertext_length,
|
||||
plaintext_size, &tag );
|
||||
if( status != PSA_SUCCESS )
|
||||
goto exit;
|
||||
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
|
||||
if( operation.core_alg == PSA_ALG_GCM )
|
||||
{
|
||||
status = mbedtls_to_psa_error(
|
||||
mbedtls_gcm_auth_decrypt( &operation.ctx.gcm,
|
||||
ciphertext_length - operation.tag_length,
|
||||
nonce, nonce_length,
|
||||
additional_data,
|
||||
additional_data_length,
|
||||
tag, operation.tag_length,
|
||||
ciphertext, plaintext ) );
|
||||
}
|
||||
else
|
||||
#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
|
||||
if( operation.core_alg == PSA_ALG_CCM )
|
||||
{
|
||||
status = mbedtls_to_psa_error(
|
||||
mbedtls_ccm_auth_decrypt( &operation.ctx.ccm,
|
||||
ciphertext_length - operation.tag_length,
|
||||
nonce, nonce_length,
|
||||
additional_data,
|
||||
additional_data_length,
|
||||
ciphertext, plaintext,
|
||||
tag, operation.tag_length ) );
|
||||
}
|
||||
else
|
||||
#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
|
||||
if( operation.core_alg == PSA_ALG_CHACHA20_POLY1305 )
|
||||
{
|
||||
if( nonce_length != 12 || operation.tag_length != 16 )
|
||||
{
|
||||
status = PSA_ERROR_NOT_SUPPORTED;
|
||||
goto exit;
|
||||
}
|
||||
status = mbedtls_to_psa_error(
|
||||
mbedtls_chachapoly_auth_decrypt( &operation.ctx.chachapoly,
|
||||
ciphertext_length - operation.tag_length,
|
||||
nonce,
|
||||
additional_data,
|
||||
additional_data_length,
|
||||
tag,
|
||||
ciphertext,
|
||||
plaintext ) );
|
||||
}
|
||||
else
|
||||
#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
|
||||
{
|
||||
return( PSA_ERROR_NOT_SUPPORTED );
|
||||
}
|
||||
|
||||
if( status == PSA_SUCCESS )
|
||||
*plaintext_length = ciphertext_length - operation.tag_length;
|
||||
|
||||
exit:
|
||||
psa_aead_abort_internal( &operation );
|
||||
|
||||
if( status == PSA_SUCCESS )
|
||||
*plaintext_length = ciphertext_length - operation.tag_length;
|
||||
return( status );
|
||||
}
|
||||
|
||||
#endif /* MBEDTLS_PSA_CRYPTO_C */
|
||||
|
||||
|
@ -23,4 +23,129 @@
|
||||
|
||||
#include <psa/crypto.h>
|
||||
|
||||
/**
|
||||
* \brief Process an authenticated encryption operation.
|
||||
*
|
||||
* \note The signature of this function is that of a PSA driver
|
||||
* aead_encrypt entry point. This function behaves as an aead_encrypt
|
||||
* entry point as defined in the PSA driver interface specification for
|
||||
* transparent drivers.
|
||||
*
|
||||
* \param[in] attributes The attributes of the key to use for the
|
||||
* operation.
|
||||
* \param[in] key_buffer The buffer containing the key context.
|
||||
* \param key_buffer_size Size of the \p key_buffer buffer in bytes.
|
||||
* \param alg The AEAD algorithm to compute.
|
||||
* \param[in] nonce Nonce or IV to use.
|
||||
* \param nonce_length Size of the nonce buffer in bytes. This must
|
||||
* be appropriate for the selected algorithm.
|
||||
* The default nonce size is
|
||||
* PSA_AEAD_NONCE_LENGTH(key_type, alg) where
|
||||
* key_type is the type of key.
|
||||
* \param[in] additional_data Additional data that will be authenticated
|
||||
* but not encrypted.
|
||||
* \param additional_data_length Size of additional_data in bytes.
|
||||
* \param[in] plaintext Data that will be authenticated and encrypted.
|
||||
* \param plaintext_length Size of plaintext in bytes.
|
||||
* \param[out] ciphertext Output buffer for the authenticated and
|
||||
* encrypted data. The additional data is not
|
||||
* part of this output. For algorithms where the
|
||||
* encrypted data and the authentication tag are
|
||||
* defined as separate outputs, the
|
||||
* authentication tag is appended to the
|
||||
* encrypted data.
|
||||
* \param ciphertext_size Size of the ciphertext buffer in bytes. This
|
||||
* must be appropriate for the selected algorithm
|
||||
* and key:
|
||||
* - A sufficient output size is
|
||||
* PSA_AEAD_ENCRYPT_OUTPUT_SIZE(key_type, alg,
|
||||
* plaintext_length) where key_type is the type
|
||||
* of key.
|
||||
* - PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(
|
||||
* plaintext_length) evaluates to the maximum
|
||||
* ciphertext size of any supported AEAD
|
||||
* encryption.
|
||||
* \param[out] ciphertext_length On success, the size of the output in the
|
||||
* ciphertext buffer.
|
||||
*
|
||||
* \retval #PSA_SUCCESS Success.
|
||||
* \retval #PSA_ERROR_NOT_SUPPORTED
|
||||
* \p alg is not supported.
|
||||
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
|
||||
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
|
||||
* ciphertext_size is too small.
|
||||
* \retval #PSA_ERROR_CORRUPTION_DETECTED
|
||||
*/
|
||||
psa_status_t mbedtls_psa_aead_encrypt(
|
||||
const psa_key_attributes_t *attributes,
|
||||
const uint8_t *key_buffer, size_t key_buffer_size,
|
||||
psa_algorithm_t alg,
|
||||
const uint8_t *nonce, size_t nonce_length,
|
||||
const uint8_t *additional_data, size_t additional_data_length,
|
||||
const uint8_t *plaintext, size_t plaintext_length,
|
||||
uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length );
|
||||
|
||||
/**
|
||||
* \brief Process an authenticated decryption operation.
|
||||
*
|
||||
* \note The signature of this function is that of a PSA driver
|
||||
* aead_decrypt entry point. This function behaves as an aead_decrypt
|
||||
* entry point as defined in the PSA driver interface specification for
|
||||
* transparent drivers.
|
||||
*
|
||||
* \param[in] attributes The attributes of the key to use for the
|
||||
* operation.
|
||||
* \param[in] key_buffer The buffer containing the key context.
|
||||
* \param key_buffer_size Size of the \p key_buffer buffer in bytes.
|
||||
* \param alg The AEAD algorithm to compute.
|
||||
* \param[in] nonce Nonce or IV to use.
|
||||
* \param nonce_length Size of the nonce buffer in bytes. This must
|
||||
* be appropriate for the selected algorithm.
|
||||
* The default nonce size is
|
||||
* PSA_AEAD_NONCE_LENGTH(key_type, alg) where
|
||||
* key_type is the type of key.
|
||||
* \param[in] additional_data Additional data that has been authenticated
|
||||
* but not encrypted.
|
||||
* \param additional_data_length Size of additional_data in bytes.
|
||||
* \param[in] ciphertext Data that has been authenticated and
|
||||
* encrypted. For algorithms where the encrypted
|
||||
* data and the authentication tag are defined
|
||||
* as separate inputs, the buffer contains
|
||||
* encrypted data followed by the authentication
|
||||
* tag.
|
||||
* \param ciphertext_length Size of ciphertext in bytes.
|
||||
* \param[out] plaintext Output buffer for the decrypted data.
|
||||
* \param plaintext_size Size of the plaintext buffer in bytes. This
|
||||
* must be appropriate for the selected algorithm
|
||||
* and key:
|
||||
* - A sufficient output size is
|
||||
* PSA_AEAD_DECRYPT_OUTPUT_SIZE(key_type, alg,
|
||||
* ciphertext_length) where key_type is the
|
||||
* type of key.
|
||||
* - PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE(
|
||||
* ciphertext_length) evaluates to the maximum
|
||||
* plaintext size of any supported AEAD
|
||||
* decryption.
|
||||
* \param[out] plaintext_length On success, the size of the output in the
|
||||
* plaintext buffer.
|
||||
*
|
||||
* \retval #PSA_SUCCESS Success.
|
||||
* \retval #PSA_ERROR_INVALID_SIGNATURE
|
||||
* The cipher is not authentic.
|
||||
* \retval #PSA_ERROR_NOT_SUPPORTED
|
||||
* \p alg is not supported.
|
||||
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
|
||||
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
|
||||
* plaintext_size is too small.
|
||||
* \retval #PSA_ERROR_CORRUPTION_DETECTED
|
||||
*/
|
||||
psa_status_t mbedtls_psa_aead_decrypt(
|
||||
const psa_key_attributes_t *attributes,
|
||||
const uint8_t *key_buffer, size_t key_buffer_size,
|
||||
psa_algorithm_t alg,
|
||||
const uint8_t *nonce, size_t nonce_length,
|
||||
const uint8_t *additional_data, size_t additional_data_length,
|
||||
const uint8_t *ciphertext, size_t ciphertext_length,
|
||||
uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length );
|
||||
|
||||
#endif /* PSA_CRYPTO_AEAD */
|
||||
|
Loading…
Reference in New Issue
Block a user