diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index 0ef885df8..b2da6a2c5 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -143,10 +143,12 @@ struct psa_cipher_operation_s unsigned int iv_required : 1; unsigned int iv_set : 1; + uint8_t default_iv_length; + psa_driver_cipher_context_t ctx; }; -#define PSA_CIPHER_OPERATION_INIT {0, 0, 0, {0}} +#define PSA_CIPHER_OPERATION_INIT {0, 0, 0, 0, {0}} static inline struct psa_cipher_operation_s psa_cipher_operation_init( void ) { const struct psa_cipher_operation_s v = PSA_CIPHER_OPERATION_INIT; diff --git a/library/psa_crypto.c b/library/psa_crypto.c index ab4d18fb9..9c8e108df 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3322,6 +3322,7 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation, operation->iv_required = 0; else operation->iv_required = 1; + operation->default_iv_length = PSA_CIPHER_IV_LENGTH( slot->attr.type, alg ); psa_key_attributes_t attributes = { .core = slot->attr @@ -3371,6 +3372,8 @@ psa_status_t psa_cipher_generate_iv( psa_cipher_operation_t *operation, { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + *iv_length = 0; + if( operation->id == 0 ) { return( PSA_ERROR_BAD_STATE ); @@ -3381,13 +3384,26 @@ psa_status_t psa_cipher_generate_iv( psa_cipher_operation_t *operation, return( PSA_ERROR_BAD_STATE ); } - status = psa_driver_wrapper_cipher_generate_iv( operation, - iv, - iv_size, - iv_length ); + if( iv_size < operation->default_iv_length ) + { + status = PSA_ERROR_BUFFER_TOO_SMALL; + goto exit; + } + status = psa_generate_random( iv, operation->default_iv_length ); + if( status != PSA_SUCCESS ) + goto exit; + + status = psa_driver_wrapper_cipher_set_iv( operation, + iv, + operation->default_iv_length ); + +exit: if( status == PSA_SUCCESS ) + { operation->iv_set = 1; + *iv_length = operation->default_iv_length; + } else psa_cipher_abort( operation ); diff --git a/library/psa_crypto_cipher.c b/library/psa_crypto_cipher.c index 4d46aaf86..4992a6e8e 100644 --- a/library/psa_crypto_cipher.c +++ b/library/psa_crypto_cipher.c @@ -260,24 +260,6 @@ static psa_status_t cipher_set_iv( mbedtls_psa_cipher_operation_t *operation, iv, iv_length ) ) ); } -static psa_status_t cipher_generate_iv( - mbedtls_psa_cipher_operation_t *operation, - uint8_t *iv, size_t iv_size, size_t *iv_length ) -{ - int status = PSA_ERROR_CORRUPTION_DETECTED; - - if( iv_size < operation->iv_length ) - return( PSA_ERROR_BUFFER_TOO_SMALL ); - - status = psa_generate_random( iv, operation->iv_length ); - if( status != PSA_SUCCESS ) - return( status ); - - *iv_length = operation->iv_length; - - return( cipher_set_iv( operation, iv, *iv_length ) ); -} - /* Process input for which the algorithm is set to ECB mode. This requires * manual processing, since the PSA API is defined as being able to process * arbitrary-length calls to psa_cipher_update() with ECB mode, but the @@ -489,13 +471,6 @@ psa_status_t mbedtls_psa_cipher_decrypt_setup( operation, attributes, key_buffer, key_buffer_size, alg ) ); } -psa_status_t mbedtls_psa_cipher_generate_iv( - mbedtls_psa_cipher_operation_t *operation, - uint8_t *iv, size_t iv_size, size_t *iv_length ) -{ - return( cipher_generate_iv( operation, iv, iv_size, iv_length ) ); -} - psa_status_t mbedtls_psa_cipher_set_iv( mbedtls_psa_cipher_operation_t *operation, const uint8_t *iv, size_t iv_length ) @@ -553,13 +528,6 @@ psa_status_t mbedtls_transparent_test_driver_cipher_decrypt_setup( operation, attributes, key_buffer, key_buffer_size, alg ) ); } -psa_status_t mbedtls_transparent_test_driver_cipher_generate_iv( - mbedtls_psa_cipher_operation_t *operation, - uint8_t *iv, size_t iv_size, size_t *iv_length ) -{ - return( cipher_generate_iv( operation, iv, iv_size, iv_length ) ); -} - psa_status_t mbedtls_transparent_test_driver_cipher_set_iv( mbedtls_psa_cipher_operation_t *operation, const uint8_t *iv, size_t iv_length ) diff --git a/library/psa_crypto_cipher.h b/library/psa_crypto_cipher.h index 72c3f4762..3e1a7a0de 100644 --- a/library/psa_crypto_cipher.h +++ b/library/psa_crypto_cipher.h @@ -100,32 +100,6 @@ psa_status_t mbedtls_psa_cipher_decrypt_setup( const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg ); -/** Generate an IV for a symmetric encryption operation. - * - * This function generates a random IV (initialization vector), nonce - * or initial counter value for the encryption operation as appropriate - * for the chosen algorithm, key type and key size. - * - * \note The signature of this function is that of a PSA driver - * cipher_generate_iv entry point. This function behaves as a - * cipher_generate_iv entry point as defined in the PSA driver - * interface specification for transparent drivers. - * - * \param[in,out] operation Active cipher operation. - * \param[out] iv Buffer where the generated IV is to be written. - * \param[in] iv_size Size of the \p iv buffer in bytes. - * \param[out] iv_length On success, the number of bytes of the - * generated IV. - * - * \retval #PSA_SUCCESS - * \retval #PSA_ERROR_BUFFER_TOO_SMALL - * The size of the \p iv buffer is too small. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - */ -psa_status_t mbedtls_psa_cipher_generate_iv( - mbedtls_psa_cipher_operation_t *operation, - uint8_t *iv, size_t iv_size, size_t *iv_length ); - /** Set the IV for a symmetric encryption or decryption operation. * * This function sets the IV (initialization vector), nonce @@ -242,10 +216,6 @@ psa_status_t mbedtls_transparent_test_driver_cipher_decrypt_setup( const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg ); -psa_status_t mbedtls_transparent_test_driver_cipher_generate_iv( - mbedtls_psa_cipher_operation_t *operation, - uint8_t *iv, size_t iv_size, size_t *iv_length ); - psa_status_t mbedtls_transparent_test_driver_cipher_set_iv( mbedtls_psa_cipher_operation_t *operation, const uint8_t *iv, size_t iv_length ); diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index 32c957eff..9459c4636 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -853,46 +853,6 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup( } } -psa_status_t psa_driver_wrapper_cipher_generate_iv( - psa_cipher_operation_t *operation, - uint8_t *iv, - size_t iv_size, - size_t *iv_length ) -{ - switch( operation->id ) - { -#if defined(MBEDTLS_PSA_BUILTIN_CIPHER) - case PSA_CRYPTO_MBED_TLS_DRIVER_ID: - return( mbedtls_psa_cipher_generate_iv( &operation->ctx.mbedtls_ctx, - iv, - iv_size, - iv_length ) ); -#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */ - -#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) -#if defined(PSA_CRYPTO_DRIVER_TEST) - case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: - return( test_transparent_cipher_generate_iv( - &operation->ctx.transparent_test_driver_ctx, - iv, iv_size, iv_length ) ); - - case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID: - return( test_opaque_cipher_generate_iv( - &operation->ctx.opaque_test_driver_ctx, - iv, - iv_size, - iv_length ) ); -#endif /* PSA_CRYPTO_DRIVER_TEST */ -#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ - } - - (void)iv; - (void)iv_size; - (void)iv_length; - - return( PSA_ERROR_INVALID_ARGUMENT ); -} - psa_status_t psa_driver_wrapper_cipher_set_iv( psa_cipher_operation_t *operation, const uint8_t *iv, diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h index d4ff91cde..e33699656 100644 --- a/library/psa_crypto_driver_wrappers.h +++ b/library/psa_crypto_driver_wrappers.h @@ -101,12 +101,6 @@ psa_status_t psa_driver_wrapper_cipher_decrypt_setup( const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg ); -psa_status_t psa_driver_wrapper_cipher_generate_iv( - psa_cipher_operation_t *operation, - uint8_t *iv, - size_t iv_size, - size_t *iv_length ); - psa_status_t psa_driver_wrapper_cipher_set_iv( psa_cipher_operation_t *operation, const uint8_t *iv, diff --git a/tests/include/test/drivers/cipher.h b/tests/include/test/drivers/cipher.h index 56b11591f..6d6a6af42 100644 --- a/tests/include/test/drivers/cipher.h +++ b/tests/include/test/drivers/cipher.h @@ -81,10 +81,6 @@ psa_status_t test_transparent_cipher_decrypt_setup( psa_status_t test_transparent_cipher_abort( mbedtls_transparent_test_driver_cipher_operation_t *operation ); -psa_status_t test_transparent_cipher_generate_iv( - mbedtls_transparent_test_driver_cipher_operation_t *operation, - uint8_t *iv, size_t iv_size, size_t *iv_length); - psa_status_t test_transparent_cipher_set_iv( mbedtls_transparent_test_driver_cipher_operation_t *operation, const uint8_t *iv, size_t iv_length); @@ -130,10 +126,6 @@ psa_status_t test_opaque_cipher_decrypt_setup( psa_status_t test_opaque_cipher_abort( mbedtls_opaque_test_driver_cipher_operation_t *operation); -psa_status_t test_opaque_cipher_generate_iv( - mbedtls_opaque_test_driver_cipher_operation_t *operation, - uint8_t *iv, size_t iv_size, size_t *iv_length); - psa_status_t test_opaque_cipher_set_iv( mbedtls_opaque_test_driver_cipher_operation_t *operation, const uint8_t *iv, size_t iv_length); diff --git a/tests/src/drivers/cipher.c b/tests/src/drivers/cipher.c index 295d47a69..4dc46789b 100644 --- a/tests/src/drivers/cipher.c +++ b/tests/src/drivers/cipher.c @@ -260,21 +260,6 @@ psa_status_t test_transparent_cipher_abort( return( test_driver_cipher_hooks.forced_status ); } -psa_status_t test_transparent_cipher_generate_iv( - mbedtls_transparent_test_driver_cipher_operation_t *operation, - uint8_t *iv, - size_t iv_size, - size_t *iv_length) -{ - test_driver_cipher_hooks.hits++; - - if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS ) - return( test_driver_cipher_hooks.forced_status ); - - return( mbedtls_transparent_test_driver_cipher_generate_iv( - operation, iv, iv_size, iv_length ) ); -} - psa_status_t test_transparent_cipher_set_iv( mbedtls_transparent_test_driver_cipher_operation_t *operation, const uint8_t *iv, @@ -424,19 +409,6 @@ psa_status_t test_opaque_cipher_abort( return( PSA_ERROR_NOT_SUPPORTED ); } -psa_status_t test_opaque_cipher_generate_iv( - mbedtls_opaque_test_driver_cipher_operation_t *operation, - uint8_t *iv, - size_t iv_size, - size_t *iv_length) -{ - (void) operation; - (void) iv; - (void) iv_size; - (void) iv_length; - return( PSA_ERROR_NOT_SUPPORTED ); -} - psa_status_t test_opaque_cipher_set_iv( mbedtls_opaque_test_driver_cipher_operation_t *operation, const uint8_t *iv,