yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-22 22:05:42 +01:00
Code Issues Packages Projects Releases Wiki Activity

Added support for AES-ECB to the PSA Crypto implementation

Browse Source 
PSA_ALG_ECB_NO_PADDING came in to the PSA Crypto API spec v1.0.0, but
was not implemented yet in the mbed TLS implementation.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
This commit is contained in:
Steven Cooreman 2020-07-06 14:08:59 +02:00
parent 642a4ef0aa
commit ed3c9ec71a
6 changed files with 90 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
include/mbedtls/psa_util.h
View File

@ -85,6 +85,8 @@ static inline psa_algorithm_t mbedtls_psa_translate_cipher_mode(
{
switch( mode )
{
case MBEDTLS_MODE_ECB:
return ( PSA_ALG_ECB_NO_PADDING );
case MBEDTLS_MODE_GCM:
return( PSA_ALG_AEAD_WITH_TAG_LENGTH( PSA_ALG_GCM, taglen ) );
case MBEDTLS_MODE_CCM:

9
include/psa/crypto_values.h
View File

@ -980,6 +980,15 @@
*/
#define PSA_ALG_XTS ((psa_algorithm_t)0x044000ff)
/** The Electronic Code Book (ECB) mode of a block cipher, with no padding.
*
* The underlying block cipher is determined by the key type.
*
* This symmetric cipher mode can only be used with messages whose lengths
* are whole number of blocks for the chosen block cipher.
*/
#define PSA_ALG_ECB_NO_PADDING ((psa_algorithm_t)0x04404400)
/** The CBC block cipher chaining mode, with no padding.
*
* The underlying block cipher is determined by the key type.

19
library/psa_crypto.c
View File

@ -2518,6 +2518,9 @@ static const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa(
case PSA_ALG_OFB:
mode = MBEDTLS_MODE_OFB;
break;
case PSA_ALG_ECB_NO_PADDING:
mode = MBEDTLS_MODE_ECB;
break;
case PSA_ALG_CBC_NO_PADDING:
mode = MBEDTLS_MODE_CBC;
break;
@ -3746,7 +3749,11 @@ static psa_status_t psa_cipher_init( psa_cipher_operation_t *operation,
operation->alg = alg;
operation->key_set = 0;
operation->iv_set = 0;
operation->iv_required = 1;
if( alg == PSA_ALG_ECB_NO_PADDING ) {
operation->iv_required = 0;
} else {
operation->iv_required = 1;
}
operation->iv_size = 0;
operation->block_size = 0;
mbedtls_cipher_init( &operation->ctx.cipher );
@ -3837,7 +3844,7 @@ static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation,
operation->key_set = 1;
operation->block_size = ( PSA_ALG_IS_STREAM_CIPHER( alg ) ? 1 :
PSA_BLOCK_CIPHER_BLOCK_SIZE( slot->attr.type ) );
if( alg & PSA_ALG_CIPHER_FROM_BLOCK_FLAG )
if( alg & PSA_ALG_CIPHER_FROM_BLOCK_FLAG && alg != PSA_ALG_ECB_NO_PADDING )
{
operation->iv_size = PSA_BLOCK_CIPHER_BLOCK_SIZE( slot->attr.type );
}
@ -3991,12 +3998,14 @@ psa_status_t psa_cipher_finish( psa_cipher_operation_t *operation,
return( PSA_ERROR_BAD_STATE );
}
if( operation->ctx.cipher.operation == MBEDTLS_ENCRYPT &&
operation->alg == PSA_ALG_CBC_NO_PADDING &&
operation->ctx.cipher.unprocessed_len != 0 )
if( operation->ctx.cipher.unprocessed_len != 0 )
{
if( operation->alg == PSA_ALG_ECB_NO_PADDING ||
( operation->alg == PSA_ALG_CBC_NO_PADDING &&
operation->ctx.cipher.operation == MBEDTLS_ENCRYPT ) ) {
status = PSA_ERROR_INVALID_ARGUMENT;
goto error;
}
}
cipher_ret = mbedtls_cipher_finish( &operation->ctx.cipher,

26
tests/suites/test_suite_psa_crypto.data
View File

@ -346,7 +346,11 @@ PSA import RSA public key: maximum size exceeded
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C
import_rsa_made_up:PSA_VENDOR_RSA_MAX_KEY_BITS+8:0:PSA_ERROR_NOT_SUPPORTED
PSA key policy: AES
PSA key policy: AES ECB
depends_on:MBEDTLS_AES_C
check_key_policy:PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_ECB_NO_PADDING
PSA key policy: AES CBC
depends_on:MBEDTLS_AES_C
check_key_policy:PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CBC_NO_PADDING
@ -1122,6 +1126,10 @@ PSA cipher: bad order function calls
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
cipher_bad_order:
PSA symmetric encrypt: AES-ECB, 16 bytes, good
depends_on:MBEDTLS_AES_C
cipher_encrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"6bc1bee22e409f96e93d7e117393172a":"3ad77bb40d7a3660a89ecaf32466ef97":PSA_SUCCESS
PSA symmetric encrypt: AES-CBC-nopad, 16 bytes, good
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
cipher_encrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":"a076ec9dfbe47d52afc357336f20743b":PSA_SUCCESS
@ -1158,6 +1166,10 @@ PSA symmetric encrypt: 3-key 3DES-CBC-nopad, 8 bytes, good
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
cipher_encrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce31323437383b3d3e":"2a2a2a2a2a2a2a2a":"eda4011239bc3ac9":"817ca7d69b80d86a":PSA_SUCCESS
PSA symmetric decrypt: AES-ECB, 16 bytes, good
depends_on:MBEDTLS_AES_C
cipher_decrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"396ee84fb75fdbb5c2b13c7fe5a654aa":"63cecc46a382414d5fa7d2b79387437f":PSA_SUCCESS
PSA symmetric decrypt: AES-CBC-nopad, 16 bytes, good
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
cipher_decrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"396ee84fb75fdbb5c2b13c7fe5a654aa":"49e4e66c89a86b67758df89db9ad6955":PSA_SUCCESS
@ -1194,6 +1206,10 @@ PSA symmetric decrypt: 3-key 3DES-CBC-nopad, 8 bytes, good
depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
cipher_decrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce31323437383b3d3e":"2a2a2a2a2a2a2a2a":"817ca7d69b80d86a":"eda4011239bc3ac9":PSA_SUCCESS
PSA symmetric encrypt/decrypt: AES-ECB, 16 bytes, good
depends_on:MBEDTLS_AES_C
cipher_verify_output:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a"
PSA symmetric encrypt/decrypt: AES-CBC-nopad, 16 bytes, good
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
cipher_verify_output:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a"
@ -1210,6 +1226,10 @@ PSA symmetric encrypt/decrypt: AES-CTR
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
cipher_verify_output:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a"
PSA symmetric encryption multipart: AES-ECB, 16+16 bytes
depends_on:MBEDTLS_AES_C
cipher_encrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":16:16:16:"3ad77bb40d7a3660a89ecaf32466ef9755ed5e9e066820fa52c729886d18854c"
PSA symmetric encryption multipart: AES-CBC-nopad, 7+9 bytes
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
cipher_encrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":7:0:16:"a076ec9dfbe47d52afc357336f20743b"
@ -1274,6 +1294,10 @@ PSA symmetric encryption multipart: AES-CTR, 16+0 bytes
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":16:16:0:"8f9408fe80a81d3e813da3c7b0b2bd32"
PSA symmetric decryption multipart: AES-ECB, 16+16 bytes
depends_on:MBEDTLS_AES_C
cipher_decrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"3ad77bb40d7a3660a89ecaf32466ef9755ed5e9e066820fa52c729886d18854c":16:16:16:"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef"
PSA symmetric decryption multipart: AES-CBC-nopad, 7+9 bytes
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
cipher_decrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"a076ec9dfbe47d52afc357336f20743b":7:0:16:"6bc1bee22e409f96e93d7e117393172a"

50
tests/suites/test_suite_psa_crypto.function
View File

@ -3347,7 +3347,11 @@ void cipher_encrypt( int alg_arg, int key_type_arg,
PSA_ASSERT( psa_cipher_encrypt_setup( &operation,
handle, alg ) );
PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) );
if( iv->len > 0 )
{
PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) );
}
output_buffer_size = ( (size_t) input->len +
PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) );
ASSERT_ALLOC( output, output_buffer_size );
@ -3410,7 +3414,11 @@ void cipher_encrypt_multipart( int alg_arg, int key_type_arg,
PSA_ASSERT( psa_cipher_encrypt_setup( &operation,
handle, alg ) );
PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) );
if( iv->len > 0 )
{
PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) );
}
output_buffer_size = ( (size_t) input->len +
PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) );
ASSERT_ALLOC( output, output_buffer_size );
@ -3479,7 +3487,9 @@ void cipher_decrypt_multipart( int alg_arg, int key_type_arg,
PSA_ASSERT( psa_cipher_decrypt_setup( &operation,
handle, alg ) );
PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) );
if( iv->len > 0 ) {
PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) );
}
output_buffer_size = ( (size_t) input->len +
PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) );
@ -3546,7 +3556,9 @@ void cipher_decrypt( int alg_arg, int key_type_arg,
PSA_ASSERT( psa_cipher_decrypt_setup( &operation,
handle, alg ) );
PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) );
if( iv->len > 0 ) {
PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) );
}
output_buffer_size = ( (size_t) input->len +
PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) );
@ -3613,9 +3625,11 @@ void cipher_verify_output( int alg_arg, int key_type_arg,
PSA_ASSERT( psa_cipher_decrypt_setup( &operation2,
handle, alg ) );
PSA_ASSERT( psa_cipher_generate_iv( &operation1,
iv, iv_size,
&iv_length ) );
if( alg != PSA_ALG_ECB_NO_PADDING ) {
PSA_ASSERT( psa_cipher_generate_iv( &operation1,
iv, iv_size,
&iv_length ) );
}
output1_size = ( (size_t) input->len +
PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) );
ASSERT_ALLOC( output1, output1_size );
@ -3635,8 +3649,11 @@ void cipher_verify_output( int alg_arg, int key_type_arg,
output2_size = output1_length;
ASSERT_ALLOC( output2, output2_size );
PSA_ASSERT( psa_cipher_set_iv( &operation2,
iv, iv_length ) );
if( iv_length > 0 ) {
PSA_ASSERT( psa_cipher_set_iv( &operation2,
iv, iv_length ) );
}
PSA_ASSERT( psa_cipher_update( &operation2, output1, output1_length,
output2, output2_size,
&output2_length ) );
@ -3698,9 +3715,12 @@ void cipher_verify_output_multipart( int alg_arg,
PSA_ASSERT( psa_cipher_decrypt_setup( &operation2,
handle, alg ) );
PSA_ASSERT( psa_cipher_generate_iv( &operation1,
iv, iv_size,
&iv_length ) );
if( alg != PSA_ALG_ECB_NO_PADDING ) {
PSA_ASSERT( psa_cipher_generate_iv( &operation1,
iv, iv_size,
&iv_length ) );
}
output1_buffer_size = ( (size_t) input->len +
PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) );
ASSERT_ALLOC( output1, output1_buffer_size );
@ -3730,8 +3750,10 @@ void cipher_verify_output_multipart( int alg_arg,
output2_buffer_size = output1_length;
ASSERT_ALLOC( output2, output2_buffer_size );
PSA_ASSERT( psa_cipher_set_iv( &operation2,
iv, iv_length ) );
if( iv_length > 0 ) {
PSA_ASSERT( psa_cipher_set_iv( &operation2,
iv, iv_length ) );
}
PSA_ASSERT( psa_cipher_update( &operation2, output1, first_part_size,
output2, output2_buffer_size,

4
tests/suites/test_suite_psa_crypto_metadata.data
View File

@ -122,6 +122,10 @@ Cipher: OFB
depends_on:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_OFB
cipher_algorithm:PSA_ALG_OFB:ALG_IS_STREAM_CIPHER
Cipher: ECB-nopad
depends_on:MBEDTLS_CIPHER_C
cipher_algorithm:PSA_ALG_ECB_NO_PADDING:0
Cipher: CBC-nopad
depends_on:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
cipher_algorithm:PSA_ALG_CBC_NO_PADDING:0