Add symmetric cipher service level tests
Adds end-to-end tests for cipher operations implemented by
a crypto service provider.
Signed-off-by: Julian Hall <julian.hall@arm.com>
Change-Id: I37c29095bac452ad7ac24fa44ac3df9b9e29457e
diff --git a/components/service/crypto/client/caller/packed-c/crypto_caller_cipher.h b/components/service/crypto/client/caller/packed-c/crypto_caller_cipher.h
index 58679bf..2ac9daa 100644
--- a/components/service/crypto/client/caller/packed-c/crypto_caller_cipher.h
+++ b/components/service/crypto/client/caller/packed-c/crypto_caller_cipher.h
@@ -390,7 +390,7 @@
return psa_status;
}
-static inline size_t crypto_caller_cipher_max_update_size(struct service_client *context)
+static inline size_t crypto_caller_cipher_max_update_size(const struct service_client *context)
{
/* Returns the maximum number of bytes that may be
* carried as a parameter of the cipher_update operation
@@ -399,6 +399,9 @@
size_t payload_space = context->service_info.max_payload;
size_t overhead = sizeof(struct ts_crypto_cipher_update_in) + TLV_HDR_LEN;
+ /* Allow for output to be a whole number of blocks */
+ overhead += PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE;
+
return (payload_space > overhead) ? payload_space - overhead : 0;
}
diff --git a/components/service/crypto/client/cpp/crypto_client.h b/components/service/crypto/client/cpp/crypto_client.h
index 68d80ee..2b5a0f0 100644
--- a/components/service/crypto/client/cpp/crypto_client.h
+++ b/components/service/crypto/client/cpp/crypto_client.h
@@ -115,6 +115,39 @@
uint32_t source_op_handle,
uint32_t *target_op_handle) = 0;
+ /* Cipher methods */
+ virtual size_t cipher_max_update_size() const = 0;
+
+ virtual psa_status_t cipher_encrypt_setup(
+ uint32_t *op_handle,
+ psa_key_id_t key,
+ psa_algorithm_t alg) = 0;
+
+ virtual psa_status_t cipher_decrypt_setup(
+ uint32_t *op_handle,
+ psa_key_id_t key,
+ psa_algorithm_t alg) = 0;
+
+ virtual psa_status_t cipher_generate_iv(
+ uint32_t op_handle,
+ uint8_t *iv, size_t iv_size, size_t *iv_length) = 0;
+
+ virtual psa_status_t cipher_set_iv(
+ uint32_t op_handle,
+ const uint8_t *iv, size_t iv_length) = 0;
+
+ virtual psa_status_t cipher_update(
+ uint32_t op_handle,
+ const uint8_t *input, size_t input_length,
+ uint8_t *output, size_t output_size, size_t *output_length) = 0;
+
+ virtual psa_status_t cipher_finish(
+ uint32_t op_handle,
+ uint8_t *output, size_t output_size, size_t *output_length) = 0;
+
+ virtual psa_status_t cipher_abort(
+ uint32_t op_handle) = 0;
+
protected:
crypto_client();
crypto_client(struct rpc_caller *caller);
diff --git a/components/service/crypto/client/cpp/protocol/packed-c/packedc_crypto_client.cpp b/components/service/crypto/client/cpp/protocol/packed-c/packedc_crypto_client.cpp
index 09ff7af..edcac7b 100644
--- a/components/service/crypto/client/cpp/protocol/packed-c/packedc_crypto_client.cpp
+++ b/components/service/crypto/client/cpp/protocol/packed-c/packedc_crypto_client.cpp
@@ -26,6 +26,7 @@
}
+/* Core crypto methods */
psa_status_t packedc_crypto_client::generate_key(
const psa_key_attributes_t *attributes,
psa_key_id_t *id)
@@ -137,6 +138,7 @@
output, output_size);
}
+/* Hash methods */
size_t packedc_crypto_client::hash_max_update_size() const
{
return crypto_caller_hash_max_update_size(&m_client);
@@ -188,3 +190,68 @@
return crypto_caller_hash_clone(&m_client,
source_op_handle, target_op_handle);
}
+
+/* Cipher methods */
+size_t packedc_crypto_client::cipher_max_update_size() const
+{
+ return crypto_caller_cipher_max_update_size(&m_client);
+}
+
+psa_status_t packedc_crypto_client::cipher_encrypt_setup(
+ uint32_t *op_handle,
+ psa_key_id_t key,
+ psa_algorithm_t alg)
+{
+ return crypto_caller_cipher_encrypt_setup(&m_client,
+ op_handle, key, alg);
+}
+
+psa_status_t packedc_crypto_client::cipher_decrypt_setup(
+ uint32_t *op_handle,
+ psa_key_id_t key,
+ psa_algorithm_t alg)
+{
+ return crypto_caller_cipher_decrypt_setup(&m_client,
+ op_handle, key, alg);
+}
+
+psa_status_t packedc_crypto_client::cipher_generate_iv(
+ uint32_t op_handle,
+ uint8_t *iv, size_t iv_size, size_t *iv_length)
+{
+ return crypto_caller_cipher_generate_iv(&m_client,
+ op_handle, iv, iv_size, iv_length);
+}
+
+psa_status_t packedc_crypto_client::cipher_set_iv(
+ uint32_t op_handle,
+ const uint8_t *iv, size_t iv_length)
+{
+ return crypto_caller_cipher_set_iv(&m_client,
+ op_handle, iv, iv_length);
+}
+
+psa_status_t packedc_crypto_client::cipher_update(
+ uint32_t op_handle,
+ const uint8_t *input, size_t input_length,
+ uint8_t *output, size_t output_size, size_t *output_length)
+{
+ return crypto_caller_cipher_update(&m_client,
+ op_handle, input, input_length,
+ output, output_size, output_length);
+}
+
+psa_status_t packedc_crypto_client::cipher_finish(
+ uint32_t op_handle,
+ uint8_t *output, size_t output_size, size_t *output_length)
+{
+ return crypto_caller_cipher_finish(&m_client,
+ op_handle, output, output_size, output_length);
+}
+
+psa_status_t packedc_crypto_client::cipher_abort(
+ uint32_t op_handle)
+{
+ return crypto_caller_cipher_abort(&m_client,
+ op_handle);
+}
diff --git a/components/service/crypto/client/cpp/protocol/packed-c/packedc_crypto_client.h b/components/service/crypto/client/cpp/protocol/packed-c/packedc_crypto_client.h
index bd6a484..9c30372 100644
--- a/components/service/crypto/client/cpp/protocol/packed-c/packedc_crypto_client.h
+++ b/components/service/crypto/client/cpp/protocol/packed-c/packedc_crypto_client.h
@@ -112,6 +112,39 @@
uint32_t source_op_handle,
uint32_t *target_op_handle);
+ /* Cipher methods */
+ size_t cipher_max_update_size() const;
+
+ psa_status_t cipher_encrypt_setup(
+ uint32_t *op_handle,
+ psa_key_id_t key,
+ psa_algorithm_t alg);
+
+ psa_status_t cipher_decrypt_setup(
+ uint32_t *op_handle,
+ psa_key_id_t key,
+ psa_algorithm_t alg);
+
+ psa_status_t cipher_generate_iv(
+ uint32_t op_handle,
+ uint8_t *iv, size_t iv_size, size_t *iv_length);
+
+ psa_status_t cipher_set_iv(
+ uint32_t op_handle,
+ const uint8_t *iv, size_t iv_length);
+
+ psa_status_t cipher_update(
+ uint32_t op_handle,
+ const uint8_t *input, size_t input_length,
+ uint8_t *output, size_t output_size, size_t *output_length);
+
+ psa_status_t cipher_finish(
+ uint32_t op_handle,
+ uint8_t *output, size_t output_size, size_t *output_length);
+
+ psa_status_t cipher_abort(
+ uint32_t op_handle);
+
};
#endif /* PACKEDC_CRYPTO_CLIENT_H */
diff --git a/components/service/crypto/client/cpp/protocol/protobuf/protobuf_crypto_client.cpp b/components/service/crypto/client/cpp/protocol/protobuf/protobuf_crypto_client.cpp
index db9c0e9..6c0fe76 100644
--- a/components/service/crypto/client/cpp/protocol/protobuf/protobuf_crypto_client.cpp
+++ b/components/service/crypto/client/cpp/protocol/protobuf/protobuf_crypto_client.cpp
@@ -41,6 +41,19 @@
}
+void protobuf_crypto_client::translate_key_attributes(ts_crypto_KeyAttributes &proto_attributes,
+ const psa_key_attributes_t &psa_attributes)
+{
+ proto_attributes.type = psa_get_key_type(&psa_attributes);
+ proto_attributes.key_bits = psa_get_key_bits(&psa_attributes);
+ proto_attributes.lifetime = psa_get_key_lifetime(&psa_attributes);
+ proto_attributes.id = psa_get_key_id(&psa_attributes);
+
+ proto_attributes.has_policy = true;
+ proto_attributes.policy.usage = psa_get_key_usage_flags(&psa_attributes);
+ proto_attributes.policy.alg = psa_get_key_algorithm(&psa_attributes);
+ }
+
psa_status_t protobuf_crypto_client::generate_key(const psa_key_attributes_t *attributes,
psa_key_id_t *id)
{
@@ -775,15 +788,59 @@
return PSA_ERROR_NOT_SUPPORTED;
}
-void protobuf_crypto_client::translate_key_attributes(ts_crypto_KeyAttributes &proto_attributes,
- const psa_key_attributes_t &psa_attributes)
+/* Cipher methods */
+size_t protobuf_crypto_client::cipher_max_update_size() const
{
- proto_attributes.type = psa_get_key_type(&psa_attributes);
- proto_attributes.key_bits = psa_get_key_bits(&psa_attributes);
- proto_attributes.lifetime = psa_get_key_lifetime(&psa_attributes);
- proto_attributes.id = psa_get_key_id(&psa_attributes);
+ return 0;
+}
- proto_attributes.has_policy = true;
- proto_attributes.policy.usage = psa_get_key_usage_flags(&psa_attributes);
- proto_attributes.policy.alg = psa_get_key_algorithm(&psa_attributes);
- }
+psa_status_t protobuf_crypto_client::cipher_encrypt_setup(
+ uint32_t *op_handle,
+ psa_key_id_t key,
+ psa_algorithm_t alg)
+{
+ return PSA_ERROR_NOT_SUPPORTED;
+}
+
+psa_status_t protobuf_crypto_client::cipher_decrypt_setup(
+ uint32_t *op_handle,
+ psa_key_id_t key,
+ psa_algorithm_t alg)
+{
+ return PSA_ERROR_NOT_SUPPORTED;
+}
+
+psa_status_t protobuf_crypto_client::cipher_generate_iv(
+ uint32_t op_handle,
+ uint8_t *iv, size_t iv_size, size_t *iv_length)
+{
+ return PSA_ERROR_NOT_SUPPORTED;
+}
+
+psa_status_t protobuf_crypto_client::cipher_set_iv(
+ uint32_t op_handle,
+ const uint8_t *iv, size_t iv_length)
+{
+ return PSA_ERROR_NOT_SUPPORTED;
+}
+
+psa_status_t protobuf_crypto_client::cipher_update(
+ uint32_t op_handle,
+ const uint8_t *input, size_t input_length,
+ uint8_t *output, size_t output_size, size_t *output_length)
+{
+ return PSA_ERROR_NOT_SUPPORTED;
+}
+
+psa_status_t protobuf_crypto_client::cipher_finish(
+ uint32_t op_handle,
+ uint8_t *output, size_t output_size, size_t *output_length)
+{
+ return PSA_ERROR_NOT_SUPPORTED;
+}
+
+psa_status_t protobuf_crypto_client::cipher_abort(
+ uint32_t op_handle)
+{
+ return PSA_ERROR_NOT_SUPPORTED;
+}
diff --git a/components/service/crypto/client/cpp/protocol/protobuf/protobuf_crypto_client.h b/components/service/crypto/client/cpp/protocol/protobuf/protobuf_crypto_client.h
index 0221597..d152f04 100644
--- a/components/service/crypto/client/cpp/protocol/protobuf/protobuf_crypto_client.h
+++ b/components/service/crypto/client/cpp/protocol/protobuf/protobuf_crypto_client.h
@@ -112,6 +112,40 @@
uint32_t source_op_handle,
uint32_t *target_op_handle);
+ /* Cipher methods */
+ size_t cipher_max_update_size() const;
+
+ psa_status_t cipher_encrypt_setup(
+ uint32_t *op_handle,
+ psa_key_id_t key,
+ psa_algorithm_t alg);
+
+ psa_status_t cipher_decrypt_setup(
+ uint32_t *op_handle,
+ psa_key_id_t key,
+ psa_algorithm_t alg);
+
+ psa_status_t cipher_generate_iv(
+ uint32_t op_handle,
+ uint8_t *iv, size_t iv_size, size_t *iv_length);
+
+ psa_status_t cipher_set_iv(
+ uint32_t op_handle,
+ const uint8_t *iv, size_t iv_length);
+
+ psa_status_t cipher_update(
+ uint32_t op_handle,
+ const uint8_t *input, size_t input_length,
+ uint8_t *output, size_t output_size, size_t *output_length);
+
+ psa_status_t cipher_finish(
+ uint32_t op_handle,
+ uint8_t *output, size_t output_size, size_t *output_length);
+
+ psa_status_t cipher_abort(
+ uint32_t op_handle);
+
+
private:
void translate_key_attributes(