Merge remote-tracking branch 'psa/psa-wrapper-apis-aead' into feature-psa
diff --git a/include/psa/crypto.h b/include/psa/crypto.h
index 975edb4..998b092 100755
--- a/include/psa/crypto.h
+++ b/include/psa/crypto.h
@@ -716,7 +716,7 @@
* - A failed call to psa_hash_update().
* - A call to psa_hash_finish(), psa_hash_verify() or psa_hash_abort().
*
- * \param operation
+ * \param operation The operation object to use.
* \param alg The hash algorithm to compute (\c PSA_ALG_XXX value
* such that #PSA_ALG_IS_HASH(alg) is true).
*
@@ -909,7 +909,7 @@
* - A failed call to psa_mac_update().
* - A call to psa_mac_finish(), psa_mac_verify() or psa_mac_abort().
*
- * \param operation
+ * \param operation The operation object to use.
* \param alg The MAC algorithm to compute (\c PSA_ALG_XXX value
* such that #PSA_ALG_IS_MAC(alg) is true).
*
@@ -985,7 +985,7 @@
* or psa_cipher_update().
* - A call to psa_cipher_finish() or psa_cipher_abort().
*
- * \param operation
+ * \param operation The operation object to use.
* \param alg The cipher algorithm to compute (\c PSA_ALG_XXX value
* such that #PSA_ALG_IS_CIPHER(alg) is true).
*
@@ -1032,7 +1032,7 @@
* - A failed call to psa_cipher_update().
* - A call to psa_cipher_finish() or psa_cipher_abort().
*
- * \param operation
+ * \param operation The operation object to use.
* \param alg The cipher algorithm to compute (\c PSA_ALG_XXX value
* such that #PSA_ALG_IS_CIPHER(alg) is true).
*
@@ -1082,46 +1082,77 @@
* @{
*/
-/** The type of the state data structure for multipart AEAD operations.
+/** The tag size for an AEAD algorithm, in bytes.
*
- * This is an implementation-defined \c struct. Applications should not
- * make any assumptions about the content of this structure except
- * as directed by the documentation of a specific implementation. */
-typedef struct psa_aead_operation_s psa_aead_operation_t;
+ * \param alg An AEAD algorithm
+ * (\c PSA_ALG_XXX value such that
+ * #PSA_ALG_IS_AEAD(alg) is true).
+ *
+ * \return The tag size for the specified algorithm.
+ * If the AEAD algorithm does not have an identified
+ * tag that can be distinguished from the rest of
+ * the ciphertext, return 0.
+ * If the AEAD algorithm is not recognized, return 0.
+ * An implementation may return either 0 or a
+ * correct size for an AEAD algorithm that it
+ * recognizes, but does not support.
+ */
+#define PSA_AEAD_TAG_SIZE(alg) \
+ ((alg) == PSA_ALG_GCM ? 16 : \
+ (alg) == PSA_ALG_CCM ? 16 : \
+ 0)
-/** Set the key for a multipart authenticated encryption operation.
+/** The maximum size of the output of psa_aead_encrypt(), in bytes.
*
- * The sequence of operations to authenticate-and-encrypt a message
- * is as follows:
- * -# Allocate an operation object which will be passed to all the functions
- * listed here.
- * -# Call psa_aead_encrypt_setup() to specify the algorithm and key.
- * The key remains associated with the operation even if the content
- * of the key slot changes.
- * -# Call either psa_aead_generate_iv() or psa_aead_set_iv() to
- * generate or set the IV (initialization vector). You should use
- * psa_encrypt_generate_iv() unless the protocol you are implementing
- * requires a specific IV value.
- * -# Call psa_aead_update_ad() to pass the associated data that is
- * to be authenticated but not encrypted. You may omit this step if
- * there is no associated data.
- * -# Call psa_aead_update() zero, one or more times, passing a fragment
- * of the data to encrypt each time.
- * -# Call psa_aead_finish().
+ * If the size of the ciphertext buffer is at least this large, it is
+ * guaranteed that psa_aead_encrypt() will not fail due to an
+ * insufficient buffer size. Depending on the algorithm, the actual size of
+ * the ciphertext may be smaller.
*
- * The application may call psa_aead_abort() at any time after the operation
- * has been initialized with psa_aead_encrypt_setup().
+ * \param alg An AEAD algorithm
+ * (\c PSA_ALG_XXX value such that
+ * #PSA_ALG_IS_AEAD(alg) is true).
+ * \param plaintext_length Size of the plaintext in bytes.
*
- * After a successful call to psa_aead_encrypt_setup(), the application must
- * eventually terminate the operation. The following events terminate an
- * operation:
- * - A failed call to psa_aead_generate_iv(), psa_aead_set_iv(),
- * psa_aead_update_ad() or psa_aead_update().
- * - A call to psa_aead_finish() or psa_aead_abort().
+ * \return The AEAD ciphertext size for the specified
+ * algorithm.
+ * If the AEAD algorithm is not recognized, return 0.
+ * An implementation may return either 0 or a
+ * correct size for an AEAD algorithm that it
+ * recognizes, but does not support.
+ */
+#define PSA_AEAD_ENCRYPT_OUTPUT_SIZE(alg, plaintext_length) \
+ (PSA_AEAD_TAG_SIZE(alg) != 0 ? \
+ (plaintext_length) + PSA_AEAD_TAG_SIZE(alg) : \
+ 0)
+
+/** Process an authenticated encryption operation.
*
- * \param operation
- * \param alg The AEAD algorithm to compute (\c PSA_ALG_XXX value
- * such that #PSA_ALG_IS_AEAD(alg) is true).
+ * \param key Slot containing the key to use.
+ * \param alg The AEAD algorithm to compute
+ * (\c PSA_ALG_XXX value such that
+ * #PSA_ALG_IS_AEAD(alg) is true).
+ * \param nonce Nonce or IV to use.
+ * \param nonce_length Size of the \p nonce buffer in bytes.
+ * \param additional_data Additional data that will be authenticated
+ * but not encrypted.
+ * \param additional_data_length Size of \p additional_data in bytes.
+ * \param plaintext Data that will be authenticated and
+ * encrypted.
+ * \param plaintext_length Size of \p plaintext in bytes.
+ * \param ciphertext Output buffer for the authenticated and
+ * encrypted data. The additional data is not
+ * part of this output. For algorithms where the
+ * encrypted data and the authentication tag
+ * are defined as separate outputs, the
+ * authentication tag is appended to the
+ * encrypted data.
+ * \param ciphertext_size Size of the \p ciphertext buffer in bytes.
+ * This must be at least
+ * #PSA_AEAD_ENCRYPT_OUTPUT_SIZE(\p alg,
+ * \p plaintext_length).
+ * \param ciphertext_length On success, the size of the output
+ * in the \b ciphertext buffer.
*
* \retval PSA_SUCCESS
* Success.
@@ -1136,44 +1167,73 @@
* \retval PSA_ERROR_HARDWARE_FAILURE
* \retval PSA_ERROR_TAMPERING_DETECTED
*/
-psa_status_t psa_aead_encrypt_setup(psa_aead_operation_t *operation,
- psa_key_slot_t key,
- psa_algorithm_t alg);
+psa_status_t psa_aead_encrypt( psa_key_slot_t key,
+ psa_algorithm_t alg,
+ const uint8_t *nonce,
+ size_t nonce_length,
+ const uint8_t *additional_data,
+ size_t additional_data_length,
+ const uint8_t *plaintext,
+ size_t plaintext_length,
+ uint8_t *ciphertext,
+ size_t ciphertext_size,
+ size_t *ciphertext_length );
-/** Set the key for a multipart authenticated decryption operation.
+/** The maximum size of the output of psa_aead_decrypt(), in bytes.
*
- * The sequence of operations to authenticated and decrypt a message
- * is as follows:
- * -# Allocate an operation object which will be passed to all the functions
- * listed here.
- * -# Call psa_aead_decrypt_setup() to specify the algorithm and key.
- * The key remains associated with the operation even if the content
- * of the key slot changes.
- * -# Call psa_aead_set_iv() to pass the initialization vector (IV)
- * for the authenticated decryption.
- * -# Call psa_aead_update_ad() to pass the associated data that is
- * to be authenticated but not encrypted. You may omit this step if
- * there is no associated data.
- * -# Call psa_aead_update() zero, one or more times, passing a fragment
- * of the data to decrypt each time.
- * -# Call psa_aead_finish().
+ * If the size of the plaintext buffer is at least this large, it is
+ * guaranteed that psa_aead_decrypt() will not fail due to an
+ * insufficient buffer size. Depending on the algorithm, the actual size of
+ * the plaintext may be smaller.
*
- * The application may call psa_aead_abort() at any time after the operation
- * has been initialized with psa_aead_decrypt_setup().
+ * \param alg An AEAD algorithm
+ * (\c PSA_ALG_XXX value such that
+ * #PSA_ALG_IS_AEAD(alg) is true).
+ * \param ciphertext_length Size of the plaintext in bytes.
*
- * After a successful call to psa_aead_decrypt_setup(), the application must
- * eventually terminate the operation. The following events terminate an
- * operation:
- * - A failed call to psa_aead_update().
- * - A call to psa_aead_finish() or psa_aead_abort().
+ * \return The AEAD ciphertext size for the specified
+ * algorithm.
+ * If the AEAD algorithm is not recognized, return 0.
+ * An implementation may return either 0 or a
+ * correct size for an AEAD algorithm that it
+ * recognizes, but does not support.
+ */
+#define PSA_AEAD_DECRYPT_OUTPUT_SIZE(alg, ciphertext_length) \
+ (PSA_AEAD_TAG_SIZE(alg) != 0 ? \
+ (plaintext_length) - PSA_AEAD_TAG_SIZE(alg) : \
+ 0)
+
+/** Process an authenticated decryption operation.
*
- * \param operation
- * \param alg The AEAD algorithm to compute (\c PSA_ALG_XXX value
- * such that #PSA_ALG_IS_AEAD(alg) is true).
+ * \param key Slot containing the key to use.
+ * \param alg The AEAD algorithm to compute
+ * (\c PSA_ALG_XXX value such that
+ * #PSA_ALG_IS_AEAD(alg) is true).
+ * \param nonce Nonce or IV to use.
+ * \param nonce_length Size of the \p nonce buffer in bytes.
+ * \param additional_data Additional data that has been authenticated
+ * but not encrypted.
+ * \param additional_data_length Size of \p additional_data in bytes.
+ * \param ciphertext Data that has been authenticated and
+ * encrypted. For algorithms where the
+ * encrypted data and the authentication tag
+ * are defined as separate inputs, the buffer
+ * must contain the encrypted data followed
+ * by the authentication tag.
+ * \param ciphertext_length Size of \p ciphertext in bytes.
+ * \param plaintext Output buffer for the decrypted data.
+ * \param plaintext_size Size of the \p plaintext buffer in bytes.
+ * This must be at least
+ * #PSA_AEAD_DECRYPT_OUTPUT_SIZE(\p alg,
+ * \p ciphertext_length).
+ * \param plaintext_length On success, the size of the output
+ * in the \b plaintext buffer.
*
* \retval PSA_SUCCESS
* Success.
* \retval PSA_ERROR_EMPTY_SLOT
+ * \retval PSA_ERROR_INVALID_SIGNATURE
+ * The ciphertext is not authentic.
* \retval PSA_ERROR_NOT_PERMITTED
* \retval PSA_ERROR_INVALID_ARGUMENT
* \c key is not compatible with \c alg.
@@ -1184,37 +1244,17 @@
* \retval PSA_ERROR_HARDWARE_FAILURE
* \retval PSA_ERROR_TAMPERING_DETECTED
*/
-psa_status_t psa_aead_decrypt_setup(psa_aead_operation_t *operation,
- psa_key_slot_t key,
- psa_algorithm_t alg);
-
-psa_status_t psa_aead_generate_iv(psa_aead_operation_t *operation,
- unsigned char *iv,
- size_t iv_size,
- size_t *iv_length);
-
-psa_status_t psa_aead_set_iv(psa_aead_operation_t *operation,
- const unsigned char *iv,
- size_t iv_length);
-
-psa_status_t psa_aead_update_ad(psa_aead_operation_t *operation,
- const uint8_t *input,
- size_t input_length);
-
-psa_status_t psa_aead_update(psa_aead_operation_t *operation,
- const uint8_t *input,
- size_t input_length);
-
-psa_status_t psa_aead_finish(psa_aead_operation_t *operation,
- uint8_t *tag,
- size_t tag_size,
- size_t *tag_length);
-
-psa_status_t psa_aead_verify(psa_aead_operation_t *operation,
- uint8_t *tag,
- size_t tag_length);
-
-psa_status_t psa_aead_abort(psa_aead_operation_t *operation);
+psa_status_t psa_aead_decrypt( psa_key_slot_t key,
+ psa_algorithm_t alg,
+ const uint8_t *nonce,
+ size_t nonce_length,
+ const uint8_t *additional_data,
+ size_t additional_data_length,
+ const uint8_t *ciphertext,
+ size_t ciphertext_length,
+ uint8_t *plaintext,
+ size_t plaintext_size,
+ size_t *plaintext_length );
/**@}*/
diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h
index 639c15e..74e1146 100644
--- a/include/psa/crypto_struct.h
+++ b/include/psa/crypto_struct.h
@@ -111,20 +111,6 @@
} ctx;
};
-struct psa_aead_operation_s
-{
- psa_algorithm_t alg;
- int key_set : 1;
- int iv_set : 1;
- int ad_set : 1;
- uint8_t iv_size;
- uint8_t block_size;
- union
- {
- unsigned dummy; /* Make the union non-empty even with no supported algorithms. */
- } ctx;
-};
-
struct psa_key_policy_s
{
psa_key_usage_t usage;
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 438f0f0..4d42c8d 100755
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -910,10 +910,11 @@
static const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa(
psa_algorithm_t alg,
psa_key_type_t key_type,
- size_t key_bits )
+ size_t key_bits,
+ mbedtls_cipher_id_t* cipher_id )
{
- mbedtls_cipher_id_t cipher_id;
mbedtls_cipher_mode_t mode;
+ mbedtls_cipher_id_t cipher_id_tmp;
if( PSA_ALG_IS_CIPHER( alg ) || PSA_ALG_IS_AEAD( alg ) )
{
@@ -958,25 +959,27 @@
switch( key_type )
{
case PSA_KEY_TYPE_AES:
- cipher_id = MBEDTLS_CIPHER_ID_AES;
+ cipher_id_tmp = MBEDTLS_CIPHER_ID_AES;
break;
case PSA_KEY_TYPE_DES:
if( key_bits == 64 )
- cipher_id = MBEDTLS_CIPHER_ID_DES;
+ cipher_id_tmp = MBEDTLS_CIPHER_ID_DES;
else
- cipher_id = MBEDTLS_CIPHER_ID_3DES;
+ cipher_id_tmp = MBEDTLS_CIPHER_ID_3DES;
break;
case PSA_KEY_TYPE_CAMELLIA:
- cipher_id = MBEDTLS_CIPHER_ID_CAMELLIA;
+ cipher_id_tmp = MBEDTLS_CIPHER_ID_CAMELLIA;
break;
case PSA_KEY_TYPE_ARC4:
- cipher_id = MBEDTLS_CIPHER_ID_ARC4;
+ cipher_id_tmp = MBEDTLS_CIPHER_ID_ARC4;
break;
default:
return( NULL );
}
+ if( cipher_id != NULL )
+ *cipher_id = cipher_id_tmp;
- return( mbedtls_cipher_info_from_values( cipher_id, key_bits, mode ) );
+ return( mbedtls_cipher_info_from_values( cipher_id_tmp, key_bits, mode ) );
}
psa_status_t psa_mac_abort( psa_mac_operation_t *operation )
@@ -1036,7 +1039,7 @@
if( ! PSA_ALG_IS_HMAC( alg ) )
{
- cipher_info = mbedtls_cipher_info_from_psa( alg, key_type, key_bits );
+ cipher_info = mbedtls_cipher_info_from_psa( alg, key_type, key_bits, NULL );
if( cipher_info == NULL )
return( PSA_ERROR_NOT_SUPPORTED );
operation->mac_size = cipher_info->block_size;
@@ -1755,6 +1758,268 @@
}
+/****************************************************************/
+/* AEAD */
+/****************************************************************/
+psa_status_t psa_aead_encrypt( psa_key_slot_t key,
+ psa_algorithm_t alg,
+ const uint8_t *nonce,
+ size_t nonce_length,
+ const uint8_t *additional_data,
+ size_t additional_data_length,
+ const uint8_t *plaintext,
+ size_t plaintext_length,
+ uint8_t *ciphertext,
+ size_t ciphertext_size,
+ size_t *ciphertext_length )
+{
+ int ret;
+ psa_status_t status;
+ key_slot_t *slot;
+ psa_key_type_t key_type;
+ size_t key_bits;
+ uint8_t *tag;
+ size_t tag_length;
+ mbedtls_cipher_id_t cipher_id;
+ const mbedtls_cipher_info_t *cipher_info = NULL;
+
+ *ciphertext_length = 0;
+
+ status = psa_get_key_information( key, &key_type, &key_bits );
+ if( status != PSA_SUCCESS )
+ return( status );
+ slot = &global_data.key_slots[key];
+ if( slot->type == PSA_KEY_TYPE_NONE )
+ return( PSA_ERROR_EMPTY_SLOT );
+
+ cipher_info = mbedtls_cipher_info_from_psa( alg, key_type,
+ key_bits, &cipher_id );
+ if( cipher_info == NULL )
+ return( PSA_ERROR_NOT_SUPPORTED );
+
+ if( !( slot->policy.usage & PSA_KEY_USAGE_ENCRYPT ) )
+ return( PSA_ERROR_NOT_PERMITTED );
+
+ if ( ( key_type & PSA_KEY_TYPE_CATEGORY_MASK ) !=
+ PSA_KEY_TYPE_CATEGORY_SYMMETRIC )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+
+ if( alg == PSA_ALG_GCM )
+ {
+ mbedtls_gcm_context gcm;
+ tag_length = 16;
+
+ if( PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) != 16 )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+
+ //make sure we have place to hold the tag in the ciphertext buffer
+ if( ciphertext_size < ( plaintext_length + tag_length ) )
+ return( PSA_ERROR_BUFFER_TOO_SMALL );
+
+ //update the tag pointer to point to the end of the ciphertext_length
+ tag = ciphertext + plaintext_length;
+
+ mbedtls_gcm_init( &gcm );
+ ret = mbedtls_gcm_setkey( &gcm, cipher_id,
+ slot->data.raw.data,
+ key_bits );
+ if( ret != 0 )
+ {
+ mbedtls_gcm_free( &gcm );
+ return( mbedtls_to_psa_error( ret ) );
+ }
+ ret = mbedtls_gcm_crypt_and_tag( &gcm, MBEDTLS_GCM_ENCRYPT,
+ plaintext_length, nonce,
+ nonce_length, additional_data,
+ additional_data_length, plaintext,
+ ciphertext, tag_length, tag );
+ mbedtls_gcm_free( &gcm );
+ }
+ else if( alg == PSA_ALG_CCM )
+ {
+ mbedtls_ccm_context ccm;
+ tag_length = 16;
+
+ if( PSA_BLOCK_CIPHER_BLOCK_SIZE( key_type ) != 16 )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+
+ if( nonce_length < 7 || nonce_length > 13 )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+
+ //make sure we have place to hold the tag in the ciphertext buffer
+ if( ciphertext_size < ( plaintext_length + tag_length ) )
+ return( PSA_ERROR_BUFFER_TOO_SMALL );
+
+ //update the tag pointer to point to the end of the ciphertext_length
+ tag = ciphertext + plaintext_length;
+
+
+
+ mbedtls_ccm_init( &ccm );
+ ret = mbedtls_ccm_setkey( &ccm, cipher_id,
+ slot->data.raw.data, key_bits );
+ if( ret != 0 )
+ {
+ mbedtls_ccm_free( &ccm );
+ return( mbedtls_to_psa_error( ret ) );
+ }
+ ret = mbedtls_ccm_encrypt_and_tag( &ccm, plaintext_length,
+ nonce, nonce_length, additional_data,
+ additional_data_length,
+ plaintext, ciphertext,
+ tag, tag_length );
+ mbedtls_ccm_free( &ccm );
+ }
+ else
+ {
+ return( PSA_ERROR_NOT_SUPPORTED );
+ }
+
+ if( ret != 0 )
+ {
+ memset( ciphertext, 0, ciphertext_size );
+ return( mbedtls_to_psa_error( ret ) );
+ }
+
+ *ciphertext_length = plaintext_length + tag_length;
+ return( PSA_SUCCESS );
+}
+
+/* Locate the tag in a ciphertext buffer containing the encrypted data
+ * followed by the tag. Return the length of the part preceding the tag in
+ * *plaintext_length. This is the size of the plaintext in modes where
+ * the encrypted data has the same size as the plaintext, such as
+ * CCM and GCM. */
+static psa_status_t psa_aead_unpadded_locate_tag( size_t tag_length,
+ const uint8_t *ciphertext,
+ size_t ciphertext_length,
+ size_t plaintext_size,
+ const uint8_t **p_tag )
+{
+ size_t payload_length;
+ if( tag_length > ciphertext_length )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ payload_length = ciphertext_length - tag_length;
+ if( payload_length > plaintext_size )
+ return( PSA_ERROR_BUFFER_TOO_SMALL );
+ *p_tag = ciphertext + payload_length;
+ return( PSA_SUCCESS );
+}
+
+psa_status_t psa_aead_decrypt( psa_key_slot_t key,
+ psa_algorithm_t alg,
+ const uint8_t *nonce,
+ size_t nonce_length,
+ const uint8_t *additional_data,
+ size_t additional_data_length,
+ const uint8_t *ciphertext,
+ size_t ciphertext_length,
+ uint8_t *plaintext,
+ size_t plaintext_size,
+ size_t *plaintext_length )
+{
+ int ret;
+ psa_status_t status;
+ key_slot_t *slot;
+ psa_key_type_t key_type;
+ size_t key_bits;
+ const uint8_t *tag;
+ size_t tag_length;
+ mbedtls_cipher_id_t cipher_id;
+ const mbedtls_cipher_info_t *cipher_info = NULL;
+
+ *plaintext_length = 0;
+
+ status = psa_get_key_information( key, &key_type, &key_bits );
+ if( status != PSA_SUCCESS )
+ return( status );
+ slot = &global_data.key_slots[key];
+ if( slot->type == PSA_KEY_TYPE_NONE )
+ return( PSA_ERROR_EMPTY_SLOT );
+
+ cipher_info = mbedtls_cipher_info_from_psa( alg, key_type,
+ key_bits, &cipher_id );
+ if( cipher_info == NULL )
+ return( PSA_ERROR_NOT_SUPPORTED );
+
+ if( !( slot->policy.usage & PSA_KEY_USAGE_DECRYPT ) )
+ return( PSA_ERROR_NOT_PERMITTED );
+
+ if ( ( key_type & PSA_KEY_TYPE_CATEGORY_MASK ) !=
+ PSA_KEY_TYPE_CATEGORY_SYMMETRIC )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+
+ if( alg == PSA_ALG_GCM )
+ {
+ mbedtls_gcm_context gcm;
+
+ tag_length = 16;
+ status = psa_aead_unpadded_locate_tag( tag_length,
+ ciphertext, ciphertext_length,
+ plaintext_size, &tag );
+ if( status != PSA_SUCCESS )
+ return( status );
+
+ mbedtls_gcm_init( &gcm );
+ ret = mbedtls_gcm_setkey( &gcm, cipher_id,
+ slot->data.raw.data, key_bits );
+ if( ret != 0 )
+ {
+ mbedtls_gcm_free( &gcm );
+ return( mbedtls_to_psa_error( ret ) );
+ }
+
+ ret = mbedtls_gcm_auth_decrypt( &gcm,
+ ciphertext_length - tag_length,
+ nonce, nonce_length,
+ additional_data,
+ additional_data_length,
+ tag, tag_length,
+ ciphertext, plaintext );
+ mbedtls_gcm_free( &gcm );
+ }
+ else if( alg == PSA_ALG_CCM )
+ {
+ mbedtls_ccm_context ccm;
+
+ if( nonce_length < 7 || nonce_length > 13 )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+
+ tag_length = 16;
+ status = psa_aead_unpadded_locate_tag( tag_length,
+ ciphertext, ciphertext_length,
+ plaintext_size, &tag );
+ if( status != PSA_SUCCESS )
+ return( status );
+
+ mbedtls_ccm_init( &ccm );
+ ret = mbedtls_ccm_setkey( &ccm, cipher_id,
+ slot->data.raw.data, key_bits );
+ if( ret != 0 )
+ {
+ mbedtls_ccm_free( &ccm );
+ return( mbedtls_to_psa_error( ret ) );
+ }
+ ret = mbedtls_ccm_auth_decrypt( &ccm, ciphertext_length - tag_length,
+ nonce, nonce_length,
+ additional_data, additional_data_length,
+ ciphertext, plaintext,
+ tag, tag_length );
+ mbedtls_ccm_free( &ccm );
+ }
+ else
+ {
+ return( PSA_ERROR_NOT_SUPPORTED );
+ }
+
+ if( ret != 0 )
+ memset( plaintext, 0, plaintext_size );
+ else
+ *plaintext_length = ciphertext_length - tag_length;
+
+ return( mbedtls_to_psa_error( ret ) );
+}
+
/****************************************************************/
/* Module setup */
diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index 2d6db6b..1af3e53 100755
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -236,3 +236,51 @@
PSA verify ECDSA SECP256R1 SHA-256
depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
asymmetric_verify:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_KEY_TYPE_ECC_CURVE_NISTP256R1):"3078020101042100ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3aa00a06082a8648ce3d030107a14403420004dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_SHA_256:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"304502206a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151022100ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f"
+
+PSA AEAD Encrypt-Decrypt, AES CCM 19-bytes input - 1
+aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":PSA_ALG_CCM:"0C0D0E0F101112131415161718191A1B1C1D1E":"000102030405060708090A0B":"000102030405060708090A0B":PSA_SUCCESS
+
+PSA AEAD Encrypt-Decrypt, AES CCM 19-bytes input - 2
+aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CCM:"B96B49E21D621741632875DB7F6C9243D2D7C2":"000102030405060708090A0B":"EC46BB63B02520C33C49FD70":PSA_SUCCESS
+
+PSA AEAD Encrypt-Decrypt, Fail Scenario - Invalid key type
+aead_encrypt_decrypt:PSA_KEY_TYPE_DES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CCM:"B96B49E21D621741632875DB7F6C9243D2D7C2":"000102030405060708090A0B":"EC46BB63B02520C33C49FD70":PSA_ERROR_NOT_SUPPORTED
+
+PSA AEAD Encrypt, AES CCM - 23-bytes input
+aead_encrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CCM:"08E8CF97D820EA258460E96AD9CF5289054D895CEAC47C":"0BE1A88BACE018B1":"00412B4EA9CDBE3C9696766CFA":"4CB97F86A2A4689A877947AB8091EF5386A6FFBDD080F8120333D1FCB691F3406CBF531F83A4D8"
+
+PSA AEAD Encrypt, AES CCM - 24-bytes input
+aead_encrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"48c0906930561e0ab0ef4cd972":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6d80e8bf80f4a46cab06d4313f0db9be9"
+
+PSA AEAD Decrypt, AES CCM - 39-bytes input
+aead_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CCM:"4CB97F86A2A4689A877947AB8091EF5386A6FFBDD080F8120333D1FCB691F3406CBF531F83A4D8":"0BE1A88BACE018B1":"00412B4EA9CDBE3C9696766CFA":"08E8CF97D820EA258460E96AD9CF5289054D895CEAC47C":PSA_SUCCESS
+
+PSA AEAD Decrypt, AES CCM - 40-bytes input
+aead_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6d80e8bf80f4a46cab06d4313f0db9be9":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"48c0906930561e0ab0ef4cd972":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_SUCCESS
+
+PSA AEAD Decrypt, AES CCM - invalid signature
+aead_decrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:"26d56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6d80e8bf80f4a46cab06d4313f0db9be9":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"48c0906930561e0ab0ef4cd972":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":PSA_ERROR_INVALID_SIGNATURE
+
+PSA AEAD Encrypt-Decrypt, AES GCM 19-bytes input - 1
+aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":PSA_ALG_GCM:"0C0D0E0F101112131415161718191A1B1C1D1E":"000102030405060708090A0B0C0D0E0F":"000102030405060708090A0B":PSA_SUCCESS
+
+PSA AEAD Encrypt-Decrypt, AES GCM 19-bytes input - 2
+aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_GCM:"B96B49E21D621741632875DB7F6C9243D2D7C2":"000102030405060708090A0B0C0D0E0F":"EC46BB63B02520C33C49FD70":PSA_SUCCESS
+
+PSA AEAD Encrypt, AES GCM - 128-bytes input - 1
+aead_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"00e440846db73a490573deaf3728c94f":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96"
+
+PSA AEAD Encrypt, AES GCM - 128-bytes input - 2
+aead_encrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":"97ce3f848276783599c6875de324361e":"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56"
+
+PSA AEAD Decrypt, AES GCM - 144-bytes input - 1
+aead_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"00e440846db73a490573deaf3728c94f":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS
+
+PSA AEAD Decrypt, AES GCM - 144-bytes input - 2
+aead_decrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"12495120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":"97ce3f848276783599c6875de324361e":"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":PSA_SUCCESS
+
+PSA AEAD Decrypt, AES GCM - invalid signature
+aead_decrypt:PSA_KEY_TYPE_AES:"fe96eab10ff48c7942025422583d0377":PSA_ALG_GCM:"12195120056ca3cac70d583603a476821bac6c57c9733b81cfb83538dc9e850f8bdf46065069591c23ebcbc6d1e2523375fb7efc80c09507fa25477ed07cee54fc4eb90168b3ef988f651fc40652474a644b1b311decf899660aef2347bb081af48950f06ebf799911e37120de94c55c20e5f0a77119be06e2b6e557f872fa0f6bac793bdc2190a195122c98544ccf56":"127628b6dcbce6fc8a8ef60798eb67b2088415635119697d20bb878c24d9c6f9c29e148521cb5e0feff892c7855d4f1c0bfb32ad33420976714dce87a0bbc18e4378bd1ef35197d0ca73051148f1199010f63caf122df5f71ad8d9c71df3eb2fbe3b2529d0ba657570358d3776f687bdb9c96d5e0e9e00c4b42d5d7a268d6a08":"97ce3f848276783599c6875de324361e":"194c8bbbfae4a671386b8cd38f390f46f9df6b8661b470c310921a1c858a938045834bb10380037fbf5f5e00688554537be0fcafe8270b9b59068fa056ab1268fc166c2d729243a06650a171c929c7845c85330c04568d62977eedf3b1ba9dca13bdb8f9522817c8cb99e635e37465ec1c9f6f148d51437aa9f994a62e1bd013":PSA_ERROR_INVALID_SIGNATURE
+
+PSA AEAD Encrypt-Decrypt, Fail Scenario - Invalid algorithm
+aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CTR:"B96B49E21D621741632875DB7F6C9243D2D7C2":"000102030405060708090A0B0C0D0E0F":"EC46BB63B02520C33C49FD70":PSA_ERROR_NOT_SUPPORTED
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 68bddd9..a308cbd 100755
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -1142,3 +1142,239 @@
mbedtls_psa_crypto_free( );
}
/* END_CASE */
+
+/* BEGIN_CASE */
+void aead_encrypt_decrypt( int key_type_arg, char * key_hex,
+ int alg_arg, char * input_hex, char * nonce_hex,
+ char * add_data, int expected_result_arg )
+{
+ int slot = 1;
+ psa_key_type_t key_type = key_type_arg;
+ psa_algorithm_t alg = alg_arg;
+ unsigned char *key_data = NULL;
+ size_t key_size;
+ unsigned char *input_data = NULL;
+ size_t input_size;
+ unsigned char *output_data = NULL;
+ size_t output_size = 0;
+ size_t output_length = 0;
+ unsigned char *output_data2 = NULL;
+ size_t output_length2 = 0;
+ uint8_t* nonce;
+ size_t nonce_length = 16;
+ size_t tag_length = 16;
+ unsigned char *additional_data = NULL;
+ size_t additional_data_length = 0;
+ psa_status_t expected_result = (psa_status_t) expected_result_arg;
+ psa_key_policy_t policy = {0};
+
+
+ key_data = unhexify_alloc( key_hex, &key_size );
+ TEST_ASSERT( key_data != NULL );
+ input_data = unhexify_alloc( input_hex, &input_size );
+ TEST_ASSERT( input_data != NULL );
+ additional_data = unhexify_alloc( add_data, &additional_data_length );
+ TEST_ASSERT( input_data != NULL );
+ output_size = input_size + tag_length;
+ output_data = mbedtls_calloc( 1, output_size );
+ TEST_ASSERT( output_data != NULL );
+ nonce = unhexify_alloc( nonce_hex, &nonce_length );
+ TEST_ASSERT( nonce != NULL );
+
+ TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
+
+ psa_key_policy_init( &policy );
+
+ psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT , alg );
+
+ TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
+
+ TEST_ASSERT( psa_import_key( slot, key_type,
+ key_data, key_size ) == PSA_SUCCESS );
+
+ TEST_ASSERT( psa_aead_encrypt( slot, alg,
+ nonce, nonce_length,
+ additional_data, additional_data_length,
+ input_data, input_size, output_data,
+ output_size, &output_length ) == expected_result );
+
+ if( PSA_SUCCESS == expected_result )
+ {
+ output_data2 = mbedtls_calloc( 1, output_length );
+ TEST_ASSERT( output_data2 != NULL );
+
+ TEST_ASSERT( psa_aead_decrypt( slot, alg,
+ nonce, nonce_length,
+ additional_data, additional_data_length,
+ output_data, output_length, output_data2,
+ output_length, &output_length2 ) == expected_result );
+
+
+ TEST_ASSERT( memcmp( input_data, output_data2,
+ input_size ) == 0 );
+ }
+
+
+exit:
+ psa_destroy_key( slot );
+ mbedtls_free( key_data );
+ mbedtls_free( input_data );
+ mbedtls_free( additional_data );
+ mbedtls_free( output_data );
+ mbedtls_free( output_data2 );
+ mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void aead_encrypt( int key_type_arg, char * key_hex,
+ int alg_arg, char * input_hex,
+ char * add_data, char * nonce_hex,
+ char * expected_result_hex )
+{
+ int slot = 1;
+ psa_key_type_t key_type = key_type_arg;
+ psa_algorithm_t alg = alg_arg;
+ unsigned char *key_data = NULL;
+ size_t key_size;
+ unsigned char *input_data = NULL;
+ size_t input_size;
+ unsigned char *output_data = NULL;
+ size_t output_size = 0;
+ size_t output_length = 0;
+ unsigned char *expected_result = NULL;
+ size_t expected_result_length = 0;
+ uint8_t* nonce = NULL;
+ size_t nonce_length = 0;
+ size_t tag_length = 16;
+ unsigned char *additional_data = NULL;
+ size_t additional_data_length = 0;
+ psa_key_policy_t policy = {0};
+
+
+ key_data = unhexify_alloc( key_hex, &key_size );
+ TEST_ASSERT( key_data != NULL );
+ input_data = unhexify_alloc( input_hex, &input_size );
+ TEST_ASSERT( input_data != NULL );
+ additional_data = unhexify_alloc( add_data, &additional_data_length );
+ TEST_ASSERT( input_data != NULL );
+ output_size = input_size + tag_length;
+ output_data = mbedtls_calloc( 1, output_size );
+ TEST_ASSERT( output_data != NULL );
+ nonce = unhexify_alloc( nonce_hex, &nonce_length );
+ TEST_ASSERT( nonce != NULL );
+ expected_result = unhexify_alloc( expected_result_hex, &expected_result_length );
+ TEST_ASSERT( expected_result != NULL );
+
+ TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
+
+ psa_key_policy_init( &policy );
+
+ psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_ENCRYPT , alg );
+
+ TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
+
+ TEST_ASSERT( psa_import_key( slot, key_type,
+ key_data, key_size ) == PSA_SUCCESS );
+
+ TEST_ASSERT( psa_aead_encrypt( slot, alg,
+ nonce, nonce_length,
+ additional_data, additional_data_length,
+ input_data, input_size, output_data,
+ output_size, &output_length ) == PSA_SUCCESS );
+
+
+ TEST_ASSERT( memcmp( output_data, expected_result,
+ output_length ) == 0 );
+
+
+exit:
+ psa_destroy_key( slot );
+ mbedtls_free( key_data );
+ mbedtls_free( input_data );
+ mbedtls_free( additional_data );
+ mbedtls_free( output_data );
+ mbedtls_free( nonce );
+ mbedtls_free( expected_result );
+ mbedtls_psa_crypto_free( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void aead_decrypt( int key_type_arg, char * key_hex,
+ int alg_arg, char * input_hex,
+ char * add_data, char * nonce_hex,
+ char * expected_result_hex, int expected_result_arg )
+{
+ int slot = 1;
+ psa_key_type_t key_type = key_type_arg;
+ psa_algorithm_t alg = alg_arg;
+ unsigned char *key_data = NULL;
+ size_t key_size;
+ unsigned char *input_data = NULL;
+ size_t input_size;
+ unsigned char *output_data = NULL;
+ size_t output_size = 0;
+ size_t output_length = 0;
+ unsigned char *expected_data = NULL;
+ size_t expected_result_length = 0;
+ uint8_t* nonce = NULL;
+ size_t nonce_length = 0;
+ size_t tag_length = 16;
+ unsigned char *additional_data = NULL;
+ size_t additional_data_length = 0;
+ psa_key_policy_t policy = {0};
+ psa_status_t expected_result = (psa_status_t) expected_result_arg;
+
+
+ key_data = unhexify_alloc( key_hex, &key_size );
+ TEST_ASSERT( key_data != NULL );
+ input_data = unhexify_alloc( input_hex, &input_size );
+ TEST_ASSERT( input_data != NULL );
+ additional_data = unhexify_alloc( add_data, &additional_data_length );
+ TEST_ASSERT( input_data != NULL );
+ output_size = input_size + tag_length;
+ output_data = mbedtls_calloc( 1, output_size );
+ TEST_ASSERT( output_data != NULL );
+ nonce = unhexify_alloc( nonce_hex, &nonce_length );
+ TEST_ASSERT( nonce != NULL );
+ expected_data = unhexify_alloc( expected_result_hex, &expected_result_length );
+ TEST_ASSERT( expected_data != NULL );
+
+ TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
+
+ psa_key_policy_init( &policy );
+
+ psa_key_policy_set_usage( &policy, PSA_KEY_USAGE_DECRYPT , alg );
+
+ TEST_ASSERT( psa_set_key_policy( slot, &policy ) == PSA_SUCCESS );
+
+ TEST_ASSERT( psa_import_key( slot, key_type,
+ key_data, key_size ) == PSA_SUCCESS );
+
+ TEST_ASSERT( psa_aead_decrypt( slot, alg,
+ nonce, nonce_length,
+ additional_data, additional_data_length,
+ input_data, input_size, output_data,
+ output_size, &output_length ) == expected_result );
+
+
+ if ( expected_result == PSA_SUCCESS )
+ {
+ TEST_ASSERT( memcmp( output_data, expected_data,
+ output_length ) == 0 );
+ }
+
+
+
+exit:
+ psa_destroy_key( slot );
+ mbedtls_free( key_data );
+ mbedtls_free( input_data );
+ mbedtls_free( additional_data );
+ mbedtls_free( output_data );
+ mbedtls_free( nonce );
+ mbedtls_free( expected_data );
+ mbedtls_psa_crypto_free( );
+}
+/* END_CASE */