Merge pull request #4434 from chris-jones-arm/development
Backport 2.x: Add macro to check error code additions/combinations
diff --git a/ChangeLog.d/add-missing-parenthesis.txt b/ChangeLog.d/add-missing-parenthesis.txt
new file mode 100644
index 0000000..9576ff3
--- /dev/null
+++ b/ChangeLog.d/add-missing-parenthesis.txt
@@ -0,0 +1,3 @@
+Bugfix
+ * Fix a compilation error when MBEDTLS_ECP_RANDOMIZE_MXZ_ALT is
+ defined. Fixes #4217.
diff --git a/ChangeLog.d/issue1792.txt b/ChangeLog.d/issue1792.txt
new file mode 100644
index 0000000..9949bf4
--- /dev/null
+++ b/ChangeLog.d/issue1792.txt
@@ -0,0 +1,3 @@
+Bugfix
+ * Fix a bug in ECDSA that would cause it to fail when the hash is all-bits
+ zero. Fixes #1792
diff --git a/ChangeLog.d/psa-aead-output-size-macros-1.0.txt b/ChangeLog.d/psa-aead-output-size-macros-1.0.txt
new file mode 100644
index 0000000..94a66a5
--- /dev/null
+++ b/ChangeLog.d/psa-aead-output-size-macros-1.0.txt
@@ -0,0 +1,12 @@
+API changes
+ * Update AEAD output size macros to bring them in line with the PSA Crypto
+ API version 1.0 spec. This version of the spec parameterizes them on the
+ key type used, as well as the key bit-size in the case of
+ PSA_AEAD_TAG_LENGTH.
+ The old versions of these macros were renamed and deprecated as follows:
+ - PSA_AEAD_TAG_LENGTH -> PSA_AEAD_TAG_LENGTH_1_ARG
+ - PSA_AEAD_ENCRYPT_OUTPUT_SIZE -> PSA_AEAD_ENCRYPT_OUTPUT_SIZE_2_ARG
+ - PSA_AEAD_DECRYPT_OUTPUT_SIZE -> PSA_AEAD_DECRYPT_OUTPUT_SIZE_2_ARG
+ - PSA_AEAD_UPDATE_OUTPUT_SIZE -> PSA_AEAD_UPDATE_OUTPUT_SIZE_2_ARG
+ - PSA_AEAD_FINISH_OUTPUT_SIZE -> PSA_AEAD_FINISH_OUTPUT_SIZE_1_ARG
+ - PSA_AEAD_VERIFY_OUTPUT_SIZE -> PSA_AEAD_VERIFY_OUTPUT_SIZE_1_ARG
diff --git a/ChangeLog.d/psa-builtin-keys-implementation.txt b/ChangeLog.d/psa-builtin-keys-implementation.txt
new file mode 100644
index 0000000..66ba77d
--- /dev/null
+++ b/ChangeLog.d/psa-builtin-keys-implementation.txt
@@ -0,0 +1,4 @@
+Features
+ * Added support for built-in driver keys through the PSA opaque crypto
+ driver interface. Refer to the documentation of
+ MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS for more information.
diff --git a/docs/architecture/psa-crypto-implementation-structure.md b/docs/architecture/psa-crypto-implementation-structure.md
index 025a623..cd4d427 100644
--- a/docs/architecture/psa-crypto-implementation-structure.md
+++ b/docs/architecture/psa-crypto-implementation-structure.md
@@ -63,7 +63,7 @@
3. Generate or copy the key material into the key slot. This entails the allocation of the buffer to store the key material.
4. Call psa_finish_key_creation() that mostly saves persistent keys into persistent storage.
-In case of any error occuring at step 3 or 4, psa_fail_key_creation() is called. It wipes and cleans the slot especially the key material: reset to zero of the RAM memory that contained the key material, free the allocated buffer.
+In case of any error occurring at step 3 or 4, psa_fail_key_creation() is called. It wipes and cleans the slot especially the key material: reset to zero of the RAM memory that contained the key material, free the allocated buffer.
## Mbed TLS PSA Cryptography API implementation drivers
diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md
index 47d7271..2bdbff4 100644
--- a/docs/proposed/psa-driver-interface.md
+++ b/docs/proposed/psa-driver-interface.md
@@ -810,7 +810,7 @@
If this function returns `PSA_SUCCESS` or `PSA_ERROR_BUFFER_TOO_SMALL`, it must fill `attributes` with the attributes of the key (except for the key identifier). On success, this function must also fill `key_buffer` with the key context.
-On entry, `psa_get_key_lifetime(attributes)` is the location at which the driver was declared and the persistence level `#PSA_KEY_LIFETIME_PERSISTENT`. The driver entry point may change the lifetime to one with the same location but a different persistence level. The standard attributes other than the key identifier and lifetime have the value conveyed by `PSA_KEY_ATTRIBUTES_INIT`.
+On entry, `psa_get_key_lifetime(attributes)` is the location at which the driver was declared and a persistence level with which the platform is attempting to register the key. The driver entry point may choose to change the lifetime (`psa_set_key_lifetime(attributes, lifetime)`) of the reported key attributes to one with the same location but a different persistence level, in case the driver has more specific knowledge about the actual persistence level of the key which is being retrieved. For example, if a driver knows it cannot delete a key, it may override the persistence level in the lifetime to `PSA_KEY_PERSISTENCE_READ_ONLY`. The standard attributes other than the key identifier and lifetime have the value conveyed by `PSA_KEY_ATTRIBUTES_INIT`.
The output parameter `key_buffer` points to a writable buffer of `key_buffer_size` bytes. If the driver has a [`"builtin_key_size"` property](#key-format-for-opaque-drivers) property, `key_buffer_size` has this value, otherwise `key_buffer_size` has the value determined from the key type and size.
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index d370dbf..62d89c9 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -1338,6 +1338,22 @@
*/
#define MBEDTLS_PKCS1_V21
+/** \def MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
+ *
+ * Enable support for platform built-in keys. If you enable this feature,
+ * you must implement the function mbedtls_psa_platform_get_builtin_key().
+ * See the documentation of that function for more information.
+ *
+ * Built-in keys are typically derived from a hardware unique key or
+ * stored in a secure element.
+ *
+ * Requires: MBEDTLS_PSA_CRYPTO_C.
+ *
+ * \warning This interface is experimental and may change or be removed
+ * without notice.
+ */
+//#define MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
+
/** \def MBEDTLS_PSA_CRYPTO_CLIENT
*
* Enable support for PSA crypto client.
diff --git a/include/psa/crypto.h b/include/psa/crypto.h
index 81e1f28..94b8f99 100644
--- a/include/psa/crypto.h
+++ b/include/psa/crypto.h
@@ -2113,9 +2113,16 @@
* authentication tag is appended to the
* encrypted data.
* \param ciphertext_size Size of the \p ciphertext buffer in bytes.
- * This must be at least
- * #PSA_AEAD_ENCRYPT_OUTPUT_SIZE(\p alg,
- * \p plaintext_length).
+ * This must be appropriate for the selected
+ * algorithm and key:
+ * - A sufficient output size is
+ * #PSA_AEAD_ENCRYPT_OUTPUT_SIZE(\c key_type,
+ * \p alg, \p plaintext_length) where
+ * \c key_type is the type of \p key.
+ * - #PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(\p
+ * plaintext_length) evaluates to the maximum
+ * ciphertext size of any supported AEAD
+ * encryption.
* \param[out] ciphertext_length On success, the size of the output
* in the \p ciphertext buffer.
*
@@ -2129,7 +2136,11 @@
* \p alg is not supported or is not an AEAD algorithm.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
- * \p ciphertext_size is too small
+ * \p ciphertext_size is too small.
+ * #PSA_AEAD_ENCRYPT_OUTPUT_SIZE(\c key_type, \p alg,
+ * \p plaintext_length) or
+ * #PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(\p plaintext_length) can be used to
+ * determine the required buffer size.
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
@@ -2173,9 +2184,16 @@
* \param ciphertext_length Size of \p ciphertext in bytes.
* \param[out] plaintext Output buffer for the decrypted data.
* \param plaintext_size Size of the \p plaintext buffer in bytes.
- * This must be at least
- * #PSA_AEAD_DECRYPT_OUTPUT_SIZE(\p alg,
- * \p ciphertext_length).
+ * This must be appropriate for the selected
+ * algorithm and key:
+ * - A sufficient output size is
+ * #PSA_AEAD_DECRYPT_OUTPUT_SIZE(\c key_type,
+ * \p alg, \p ciphertext_length) where
+ * \c key_type is the type of \p key.
+ * - #PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE(\p
+ * ciphertext_length) evaluates to the maximum
+ * plaintext size of any supported AEAD
+ * decryption.
* \param[out] plaintext_length On success, the size of the output
* in the \p plaintext buffer.
*
@@ -2191,7 +2209,11 @@
* \p alg is not supported or is not an AEAD algorithm.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
- * \p plaintext_size or \p nonce_length is too small
+ * \p plaintext_size is too small.
+ * #PSA_AEAD_DECRYPT_OUTPUT_SIZE(\c key_type, \p alg,
+ * \p ciphertext_length) or
+ * #PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE(\p ciphertext_length) can be used
+ * to determine the required buffer size.
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_CORRUPTION_DETECTED
@@ -2612,10 +2634,18 @@
* \param input_length Size of the \p input buffer in bytes.
* \param[out] output Buffer where the output is to be written.
* \param output_size Size of the \p output buffer in bytes.
- * This must be at least
- * #PSA_AEAD_UPDATE_OUTPUT_SIZE(\c alg,
- * \p input_length) where \c alg is the
- * algorithm that is being calculated.
+ * This must be appropriate for the selected
+ * algorithm and key:
+ * - A sufficient output size is
+ * #PSA_AEAD_UPDATE_OUTPUT_SIZE(\c key_type,
+ * \c alg, \p input_length) where
+ * \c key_type is the type of key and \c alg is
+ * the algorithm that were used to set up the
+ * operation.
+ * - #PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE(\p
+ * input_length) evaluates to the maximum
+ * output size of any supported AEAD
+ * algorithm.
* \param[out] output_length On success, the number of bytes
* that make up the returned output.
*
@@ -2626,9 +2656,9 @@
* set, and have lengths set if required by the algorithm).
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p output buffer is too small.
- * You can determine a sufficient buffer size by calling
- * #PSA_AEAD_UPDATE_OUTPUT_SIZE(\c alg, \p input_length)
- * where \c alg is the algorithm that is being calculated.
+ * #PSA_AEAD_UPDATE_OUTPUT_SIZE(\c key_type, \c alg, \p input_length) or
+ * #PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE(\p input_length) can be used to
+ * determine the required buffer size.
* \retval #PSA_ERROR_INVALID_ARGUMENT
* The total length of input to psa_aead_update_ad() so far is
* less than the additional data length that was previously
@@ -2665,9 +2695,7 @@
* This function has two output buffers:
* - \p ciphertext contains trailing ciphertext that was buffered from
* preceding calls to psa_aead_update().
- * - \p tag contains the authentication tag. Its length is always
- * #PSA_AEAD_TAG_LENGTH(\c alg) where \c alg is the AEAD algorithm
- * that the operation performs.
+ * - \p tag contains the authentication tag.
*
* When this function returns successfuly, the operation becomes inactive.
* If this function returns an error status, the operation enters an error
@@ -2677,18 +2705,32 @@
* \param[out] ciphertext Buffer where the last part of the ciphertext
* is to be written.
* \param ciphertext_size Size of the \p ciphertext buffer in bytes.
- * This must be at least
- * #PSA_AEAD_FINISH_OUTPUT_SIZE(\c alg) where
- * \c alg is the algorithm that is being
- * calculated.
+ * This must be appropriate for the selected
+ * algorithm and key:
+ * - A sufficient output size is
+ * #PSA_AEAD_FINISH_OUTPUT_SIZE(\c key_type,
+ * \c alg) where \c key_type is the type of key
+ * and \c alg is the algorithm that were used to
+ * set up the operation.
+ * - #PSA_AEAD_FINISH_OUTPUT_MAX_SIZE evaluates to
+ * the maximum output size of any supported AEAD
+ * algorithm.
* \param[out] ciphertext_length On success, the number of bytes of
* returned ciphertext.
* \param[out] tag Buffer where the authentication tag is
* to be written.
* \param tag_size Size of the \p tag buffer in bytes.
- * This must be at least
- * #PSA_AEAD_TAG_LENGTH(\c alg) where \c alg is
- * the algorithm that is being calculated.
+ * This must be appropriate for the selected
+ * algorithm and key:
+ * - The exact tag size is #PSA_AEAD_TAG_LENGTH(\c
+ * key_type, \c key_bits, \c alg) where
+ * \c key_type and \c key_bits are the type and
+ * bit-size of the key, and \c alg is the
+ * algorithm that were used in the call to
+ * psa_aead_encrypt_setup().
+ * - #PSA_AEAD_TAG_MAX_SIZE evaluates to the
+ * maximum tag size of any supported AEAD
+ * algorithm.
* \param[out] tag_length On success, the number of bytes
* that make up the returned tag.
*
@@ -2699,11 +2741,11 @@
* operation with a nonce set).
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p ciphertext or \p tag buffer is too small.
- * You can determine a sufficient buffer size for \p ciphertext by
- * calling #PSA_AEAD_FINISH_OUTPUT_SIZE(\c alg)
- * where \c alg is the algorithm that is being calculated.
- * You can determine a sufficient buffer size for \p tag by
- * calling #PSA_AEAD_TAG_LENGTH(\c alg).
+ * #PSA_AEAD_FINISH_OUTPUT_SIZE(\c key_type, \c alg) or
+ * #PSA_AEAD_FINISH_OUTPUT_MAX_SIZE can be used to determine the
+ * required \p ciphertext buffer size. #PSA_AEAD_TAG_LENGTH(\c key_type,
+ * \c key_bits, \c alg) or #PSA_AEAD_TAG_MAX_SIZE can be used to
+ * determine the required \p tag buffer size.
* \retval #PSA_ERROR_INVALID_ARGUMENT
* The total length of input to psa_aead_update_ad() so far is
* less than the additional data length that was previously
@@ -2762,10 +2804,15 @@
* that could not be processed until the end
* of the input.
* \param plaintext_size Size of the \p plaintext buffer in bytes.
- * This must be at least
- * #PSA_AEAD_VERIFY_OUTPUT_SIZE(\c alg) where
- * \c alg is the algorithm that is being
- * calculated.
+ * This must be appropriate for the selected algorithm and key:
+ * - A sufficient output size is
+ * #PSA_AEAD_VERIFY_OUTPUT_SIZE(\c key_type,
+ * \c alg) where \c key_type is the type of key
+ * and \c alg is the algorithm that were used to
+ * set up the operation.
+ * - #PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE evaluates to
+ * the maximum output size of any supported AEAD
+ * algorithm.
* \param[out] plaintext_length On success, the number of bytes of
* returned plaintext.
* \param[in] tag Buffer containing the authentication tag.
@@ -2781,9 +2828,9 @@
* operation with a nonce set).
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p plaintext buffer is too small.
- * You can determine a sufficient buffer size for \p plaintext by
- * calling #PSA_AEAD_VERIFY_OUTPUT_SIZE(\c alg)
- * where \c alg is the algorithm that is being calculated.
+ * #PSA_AEAD_VERIFY_OUTPUT_SIZE(\c key_type, \c alg) or
+ * #PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE can be used to determine the
+ * required buffer size.
* \retval #PSA_ERROR_INVALID_ARGUMENT
* The total length of input to psa_aead_update_ad() so far is
* less than the additional data length that was previously
diff --git a/include/psa/crypto_compat.h b/include/psa/crypto_compat.h
index ae09a70..5dabbd2 100644
--- a/include/psa/crypto_compat.h
+++ b/include/psa/crypto_compat.h
@@ -269,6 +269,153 @@
#define PSA_ALG_AEAD_WITH_TAG_LENGTH( aead_alg, tag_length ) \
MBEDTLS_DEPRECATED_CONSTANT( psa_algorithm_t, PSA_ALG_AEAD_WITH_SHORTENED_TAG( aead_alg, tag_length ) )
+/*
+ * Deprecated PSA AEAD output size macros (PSA Crypto API <= 1.0 beta3)
+ */
+
+/** The tag size for an AEAD algorithm, in bytes.
+ *
+ * \param alg An AEAD algorithm
+ * (\c PSA_ALG_XXX value such that
+ * #PSA_ALG_IS_AEAD(\p alg) is true).
+ *
+ * \return The tag size for the specified algorithm.
+ * If the AEAD algorithm does not have an identified
+ * tag that can be distinguished from the rest of
+ * the ciphertext, return 0.
+ * If the AEAD algorithm is not recognized, return 0.
+ */
+#define PSA_AEAD_TAG_LENGTH_1_ARG( alg ) \
+ MBEDTLS_DEPRECATED_CONSTANT( size_t, \
+ PSA_ALG_IS_AEAD( alg ) ? \
+ PSA_ALG_AEAD_GET_TAG_LENGTH( alg ) : \
+ 0 )
+
+/** The maximum size of the output of psa_aead_encrypt(), in bytes.
+ *
+ * If the size of the ciphertext buffer is at least this large, it is
+ * guaranteed that psa_aead_encrypt() will not fail due to an
+ * insufficient buffer size. Depending on the algorithm, the actual size of
+ * the ciphertext may be smaller.
+ *
+ * \warning This macro may evaluate its arguments multiple times or
+ * zero times, so you should not pass arguments that contain
+ * side effects.
+ *
+ * \param alg An AEAD algorithm
+ * (\c PSA_ALG_XXX value such that
+ * #PSA_ALG_IS_AEAD(\p alg) is true).
+ * \param plaintext_length Size of the plaintext in bytes.
+ *
+ * \return The AEAD ciphertext size for the specified
+ * algorithm.
+ * If the AEAD algorithm is not recognized, return 0.
+ */
+#define PSA_AEAD_ENCRYPT_OUTPUT_SIZE_2_ARG( alg, plaintext_length ) \
+ MBEDTLS_DEPRECATED_CONSTANT( size_t, \
+ PSA_ALG_IS_AEAD( alg ) ? \
+ (plaintext_length) + PSA_ALG_AEAD_GET_TAG_LENGTH( alg ) : \
+ 0 )
+
+/** The maximum size of the output of psa_aead_decrypt(), in bytes.
+ *
+ * If the size of the plaintext buffer is at least this large, it is
+ * guaranteed that psa_aead_decrypt() will not fail due to an
+ * insufficient buffer size. Depending on the algorithm, the actual size of
+ * the plaintext may be smaller.
+ *
+ * \warning This macro may evaluate its arguments multiple times or
+ * zero times, so you should not pass arguments that contain
+ * side effects.
+ *
+ * \param alg An AEAD algorithm
+ * (\c PSA_ALG_XXX value such that
+ * #PSA_ALG_IS_AEAD(\p alg) is true).
+ * \param ciphertext_length Size of the plaintext in bytes.
+ *
+ * \return The AEAD ciphertext size for the specified
+ * algorithm.
+ * If the AEAD algorithm is not recognized, return 0.
+ */
+#define PSA_AEAD_DECRYPT_OUTPUT_SIZE_2_ARG( alg, ciphertext_length ) \
+ MBEDTLS_DEPRECATED_CONSTANT( size_t, \
+ PSA_ALG_IS_AEAD( alg ) && \
+ (ciphertext_length) > PSA_ALG_AEAD_GET_TAG_LENGTH( alg ) ? \
+ (ciphertext_length) - PSA_ALG_AEAD_GET_TAG_LENGTH( alg ) : \
+ 0 )
+
+/** A sufficient output buffer size for psa_aead_update().
+ *
+ * If the size of the output buffer is at least this large, it is
+ * guaranteed that psa_aead_update() will not fail due to an
+ * insufficient buffer size. The actual size of the output may be smaller
+ * in any given call.
+ *
+ * \warning This macro may evaluate its arguments multiple times or
+ * zero times, so you should not pass arguments that contain
+ * side effects.
+ *
+ * \param alg An AEAD algorithm
+ * (\c PSA_ALG_XXX value such that
+ * #PSA_ALG_IS_AEAD(\p alg) is true).
+ * \param input_length Size of the input in bytes.
+ *
+ * \return A sufficient output buffer size for the specified
+ * algorithm.
+ * If the AEAD algorithm is not recognized, return 0.
+ */
+/* For all the AEAD modes defined in this specification, it is possible
+ * to emit output without delay. However, hardware may not always be
+ * capable of this. So for modes based on a block cipher, allow the
+ * implementation to delay the output until it has a full block. */
+#define PSA_AEAD_UPDATE_OUTPUT_SIZE_2_ARG( alg, input_length ) \
+ MBEDTLS_DEPRECATED_CONSTANT( size_t, \
+ PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER( alg ) ? \
+ PSA_ROUND_UP_TO_MULTIPLE( PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, (input_length) ) : \
+ (input_length) )
+
+/** A sufficient ciphertext buffer size for psa_aead_finish().
+ *
+ * If the size of the ciphertext buffer is at least this large, it is
+ * guaranteed that psa_aead_finish() will not fail due to an
+ * insufficient ciphertext buffer size. The actual size of the output may
+ * be smaller in any given call.
+ *
+ * \param alg An AEAD algorithm
+ * (\c PSA_ALG_XXX value such that
+ * #PSA_ALG_IS_AEAD(\p alg) is true).
+ *
+ * \return A sufficient ciphertext buffer size for the
+ * specified algorithm.
+ * If the AEAD algorithm is not recognized, return 0.
+ */
+#define PSA_AEAD_FINISH_OUTPUT_SIZE_1_ARG( alg ) \
+ MBEDTLS_DEPRECATED_CONSTANT( size_t, \
+ PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER( alg ) ? \
+ PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE : \
+ 0 )
+
+/** A sufficient plaintext buffer size for psa_aead_verify().
+ *
+ * If the size of the plaintext buffer is at least this large, it is
+ * guaranteed that psa_aead_verify() will not fail due to an
+ * insufficient plaintext buffer size. The actual size of the output may
+ * be smaller in any given call.
+ *
+ * \param alg An AEAD algorithm
+ * (\c PSA_ALG_XXX value such that
+ * #PSA_ALG_IS_AEAD(\p alg) is true).
+ *
+ * \return A sufficient plaintext buffer size for the
+ * specified algorithm.
+ * If the AEAD algorithm is not recognized, return 0.
+ */
+#define PSA_AEAD_VERIFY_OUTPUT_SIZE_1_ARG( alg ) \
+ MBEDTLS_DEPRECATED_CONSTANT( size_t, \
+ PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER( alg ) ? \
+ PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE : \
+ 0 )
+
#endif /* MBEDTLS_DEPRECATED_REMOVED */
/** Open a handle to an existing persistent key.
diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h
index e01d827..1310bb5 100644
--- a/include/psa/crypto_extra.h
+++ b/include/psa/crypto_extra.h
@@ -713,6 +713,104 @@
/**@}*/
+/** \defgroup psa_builtin_keys Built-in keys
+ * @{
+ */
+
+/** The minimum value for a key identifier that is built into the
+ * implementation.
+ *
+ * The range of key identifiers from #MBEDTLS_PSA_KEY_ID_BUILTIN_MIN
+ * to #MBEDTLS_PSA_KEY_ID_BUILTIN_MAX within the range from
+ * #PSA_KEY_ID_VENDOR_MIN and #PSA_KEY_ID_VENDOR_MAX and must not intersect
+ * with any other set of implementation-chosen key identifiers.
+ *
+ * This value is part of the library's ABI since changing it would invalidate
+ * the values of built-in key identifiers in applications.
+ */
+#define MBEDTLS_PSA_KEY_ID_BUILTIN_MIN ((psa_key_id_t)0x7fff0000)
+
+/** The maximum value for a key identifier that is built into the
+ * implementation.
+ *
+ * See #MBEDTLS_PSA_KEY_ID_BUILTIN_MIN for more information.
+ */
+#define MBEDTLS_PSA_KEY_ID_BUILTIN_MAX ((psa_key_id_t)0x7fffefff)
+
+/** A slot number identifying a key in a driver.
+ *
+ * Values of this type are used to identify built-in keys.
+ */
+typedef uint64_t psa_drv_slot_number_t;
+
+#if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
+/** Test whether a key identifier belongs to the builtin key range.
+ *
+ * \param key_id Key identifier to test.
+ *
+ * \retval 1
+ * The key identifier is a builtin key identifier.
+ * \retval 0
+ * The key identifier is not a builtin key identifier.
+ */
+static inline int psa_key_id_is_builtin( psa_key_id_t key_id )
+{
+ return( ( key_id >= MBEDTLS_PSA_KEY_ID_BUILTIN_MIN ) &&
+ ( key_id <= MBEDTLS_PSA_KEY_ID_BUILTIN_MAX ) );
+}
+
+/** Platform function to obtain the location and slot number of a built-in key.
+ *
+ * An application-specific implementation of this function must be provided if
+ * #MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS is enabled. This would typically be provided
+ * as part of a platform's system image.
+ *
+ * #MBEDTLS_SVC_KEY_ID_GET_KEY_ID(\p key_id) needs to be in the range from
+ * #MBEDTLS_PSA_KEY_ID_BUILTIN_MIN to #MBEDTLS_PSA_KEY_ID_BUILTIN_MAX.
+ *
+ * In a multi-application configuration
+ * (\c MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER is defined),
+ * this function should check that #MBEDTLS_SVC_KEY_ID_GET_OWNER_ID(\p key_id)
+ * is allowed to use the given key.
+ *
+ * \param key_id The key ID for which to retrieve the
+ * location and slot attributes.
+ * \param[out] lifetime On success, the lifetime associated with the key
+ * corresponding to \p key_id. Lifetime is a
+ * combination of which driver contains the key,
+ * and with what persistence level the key is
+ * intended to be used. If the platform
+ * implementation does not contain specific
+ * information about the intended key persistence
+ * level, the persistence level may be reported as
+ * #PSA_KEY_PERSISTENCE_DEFAULT.
+ * \param[out] slot_number On success, the slot number known to the driver
+ * registered at the lifetime location reported
+ * through \p lifetime which corresponds to the
+ * requested built-in key.
+ *
+ * \retval #PSA_SUCCESS
+ * The requested key identifier designates a built-in key.
+ * In a multi-application configuration, the requested owner
+ * is allowed to access it.
+ * \retval #PSA_ERROR_DOES_NOT_EXIST
+ * The requested key identifier is not a built-in key which is known
+ * to this function. If a key exists in the key storage with this
+ * identifier, the data from the storage will be used.
+ * \return (any other error)
+ * Any other error is propagated to the function that requested the key.
+ * Common errors include:
+ * - #PSA_ERROR_NOT_PERMITTED: the key exists but the requested owner
+ * is not allowed to access it.
+ */
+psa_status_t mbedtls_psa_platform_get_builtin_key(
+ mbedtls_svc_key_id_t key_id,
+ psa_key_lifetime_t *lifetime,
+ psa_drv_slot_number_t *slot_number );
+#endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
+
+/** @} */
+
#ifdef __cplusplus
}
#endif
diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h
index c9de062..79f9673 100644
--- a/include/psa/crypto_sizes.h
+++ b/include/psa/crypto_sizes.h
@@ -117,26 +117,35 @@
*/
#define PSA_MAC_MAX_SIZE PSA_HASH_MAX_SIZE
-/** The tag size for an AEAD algorithm, in bytes.
+/** The length of a tag for an AEAD algorithm, in bytes.
*
+ * This macro can be used to allocate a buffer of sufficient size to store the
+ * tag output from psa_aead_finish().
+ *
+ * See also #PSA_AEAD_TAG_MAX_SIZE.
+ *
+ * \param key_type The type of the AEAD key.
+ * \param key_bits The size of the AEAD key in bits.
* \param alg An AEAD algorithm
* (\c PSA_ALG_XXX value such that
* #PSA_ALG_IS_AEAD(\p alg) is true).
*
- * \return The tag size for the specified algorithm.
+ * \return The tag length for the specified algorithm and key.
* If the AEAD algorithm does not have an identified
* tag that can be distinguished from the rest of
* the ciphertext, return 0.
- * If the AEAD algorithm is not recognized, return 0.
+ * If the key type or AEAD algorithm is not
+ * recognized, or the parameters are incompatible,
+ * return 0.
*/
-#define PSA_AEAD_TAG_LENGTH(alg) \
- (PSA_ALG_IS_AEAD(alg) ? \
- (((alg) & PSA_ALG_AEAD_TAG_LENGTH_MASK) >> PSA_AEAD_TAG_LENGTH_OFFSET) : \
- 0)
+#define PSA_AEAD_TAG_LENGTH(key_type, key_bits, alg) \
+ (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 ? \
+ PSA_ALG_AEAD_GET_TAG_LENGTH(alg) : \
+ ((void) (key_bits), 0))
/** The maximum tag size for all supported AEAD algorithms, in bytes.
*
- * See also #PSA_AEAD_TAG_LENGTH(\p alg).
+ * See also #PSA_AEAD_TAG_LENGTH(\p key_type, \p key_bits, \p alg).
*/
#define PSA_AEAD_TAG_MAX_SIZE 16
@@ -241,10 +250,14 @@
* insufficient buffer size. Depending on the algorithm, the actual size of
* the ciphertext may be smaller.
*
+ * See also #PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(\p plaintext_length).
+ *
* \warning This macro may evaluate its arguments multiple times or
* zero times, so you should not pass arguments that contain
* side effects.
*
+ * \param key_type A symmetric key type that is
+ * compatible with algorithm \p alg.
* \param alg An AEAD algorithm
* (\c PSA_ALG_XXX value such that
* #PSA_ALG_IS_AEAD(\p alg) is true).
@@ -252,11 +265,13 @@
*
* \return The AEAD ciphertext size for the specified
* algorithm.
- * If the AEAD algorithm is not recognized, return 0.
+ * If the key type or AEAD algorithm is not
+ * recognized, or the parameters are incompatible,
+ * return 0.
*/
-#define PSA_AEAD_ENCRYPT_OUTPUT_SIZE(alg, plaintext_length) \
- (PSA_AEAD_TAG_LENGTH(alg) != 0 ? \
- (plaintext_length) + PSA_AEAD_TAG_LENGTH(alg) : \
+#define PSA_AEAD_ENCRYPT_OUTPUT_SIZE(key_type, alg, plaintext_length) \
+ (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 ? \
+ (plaintext_length) + PSA_ALG_AEAD_GET_TAG_LENGTH(alg) : \
0)
/** A sufficient output buffer size for psa_aead_encrypt(), for any of the
@@ -268,7 +283,8 @@
* \note This macro returns a compile-time constant if its arguments are
* compile-time constants.
*
- * See also #PSA_AEAD_ENCRYPT_OUTPUT_SIZE(\p alg, \p plaintext_length).
+ * See also #PSA_AEAD_ENCRYPT_OUTPUT_SIZE(\p key_type, \p alg,
+ * \p plaintext_length).
*
* \param plaintext_length Size of the plaintext in bytes.
*
@@ -287,10 +303,14 @@
* insufficient buffer size. Depending on the algorithm, the actual size of
* the plaintext may be smaller.
*
+ * See also #PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE(\p ciphertext_length).
+ *
* \warning This macro may evaluate its arguments multiple times or
* zero times, so you should not pass arguments that contain
* side effects.
*
+ * \param key_type A symmetric key type that is
+ * compatible with algorithm \p alg.
* \param alg An AEAD algorithm
* (\c PSA_ALG_XXX value such that
* #PSA_ALG_IS_AEAD(\p alg) is true).
@@ -298,11 +318,14 @@
*
* \return The AEAD ciphertext size for the specified
* algorithm.
- * If the AEAD algorithm is not recognized, return 0.
+ * If the key type or AEAD algorithm is not
+ * recognized, or the parameters are incompatible,
+ * return 0.
*/
-#define PSA_AEAD_DECRYPT_OUTPUT_SIZE(alg, ciphertext_length) \
- (PSA_AEAD_TAG_LENGTH(alg) != 0 ? \
- (ciphertext_length) - PSA_AEAD_TAG_LENGTH(alg) : \
+#define PSA_AEAD_DECRYPT_OUTPUT_SIZE(key_type, alg, ciphertext_length) \
+ (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 && \
+ (ciphertext_length) > PSA_ALG_AEAD_GET_TAG_LENGTH(alg) ? \
+ (ciphertext_length) - PSA_ALG_AEAD_GET_TAG_LENGTH(alg) : \
0)
/** A sufficient output buffer size for psa_aead_decrypt(), for any of the
@@ -314,7 +337,8 @@
* \note This macro returns a compile-time constant if its arguments are
* compile-time constants.
*
- * See also #PSA_AEAD_DECRYPT_OUTPUT_SIZE(\p alg, \p ciphertext_length).
+ * See also #PSA_AEAD_DECRYPT_OUTPUT_SIZE(\p key_type, \p alg,
+ * \p ciphertext_length).
*
* \param ciphertext_length Size of the ciphertext in bytes.
*
@@ -352,11 +376,11 @@
*/
#define PSA_AEAD_NONCE_LENGTH(key_type, alg) \
(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) == 16 ? \
- PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG(alg) == PSA_ALG_CCM ? 13 : \
- PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG(alg) == PSA_ALG_GCM ? 12 : \
+ MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_CCM) ? 13 : \
+ MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_GCM) ? 12 : \
0 : \
(key_type) == PSA_KEY_TYPE_CHACHA20 && \
- PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG(alg) == PSA_ALG_CHACHA20_POLY1305 ? 12 : \
+ MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_CHACHA20_POLY1305) ? 12 : \
0)
/** The maximum default nonce size among all supported pairs of key types and
@@ -379,10 +403,14 @@
* insufficient buffer size. The actual size of the output may be smaller
* in any given call.
*
+ * See also #PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE(\p input_length).
+ *
* \warning This macro may evaluate its arguments multiple times or
* zero times, so you should not pass arguments that contain
* side effects.
*
+ * \param key_type A symmetric key type that is
+ * compatible with algorithm \p alg.
* \param alg An AEAD algorithm
* (\c PSA_ALG_XXX value such that
* #PSA_ALG_IS_AEAD(\p alg) is true).
@@ -390,16 +418,20 @@
*
* \return A sufficient output buffer size for the specified
* algorithm.
- * If the AEAD algorithm is not recognized, return 0.
+ * If the key type or AEAD algorithm is not
+ * recognized, or the parameters are incompatible,
+ * return 0.
*/
/* For all the AEAD modes defined in this specification, it is possible
* to emit output without delay. However, hardware may not always be
* capable of this. So for modes based on a block cipher, allow the
* implementation to delay the output until it has a full block. */
-#define PSA_AEAD_UPDATE_OUTPUT_SIZE(alg, input_length) \
- (PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
- PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, (input_length)) : \
- (input_length))
+#define PSA_AEAD_UPDATE_OUTPUT_SIZE(key_type, alg, input_length) \
+ (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 ? \
+ PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
+ PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), (input_length)) : \
+ (input_length) : \
+ 0)
/** A sufficient output buffer size for psa_aead_update(), for any of the
* supported key types and AEAD algorithms.
@@ -407,7 +439,7 @@
* If the size of the output buffer is at least this large, it is guaranteed
* that psa_aead_update() will not fail due to an insufficient buffer size.
*
- * See also #PSA_AEAD_UPDATE_OUTPUT_SIZE(\p alg, \p input_length).
+ * See also #PSA_AEAD_UPDATE_OUTPUT_SIZE(\p key_type, \p alg, \p input_length).
*
* \param input_length Size of the input in bytes.
*/
@@ -421,23 +453,30 @@
* insufficient ciphertext buffer size. The actual size of the output may
* be smaller in any given call.
*
+ * See also #PSA_AEAD_FINISH_OUTPUT_MAX_SIZE.
+ *
+ * \param key_type A symmetric key type that is
+ compatible with algorithm \p alg.
* \param alg An AEAD algorithm
* (\c PSA_ALG_XXX value such that
* #PSA_ALG_IS_AEAD(\p alg) is true).
*
* \return A sufficient ciphertext buffer size for the
* specified algorithm.
- * If the AEAD algorithm is not recognized, return 0.
+ * If the key type or AEAD algorithm is not
+ * recognized, or the parameters are incompatible,
+ * return 0.
*/
-#define PSA_AEAD_FINISH_OUTPUT_SIZE(alg) \
- (PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
- PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE : \
+#define PSA_AEAD_FINISH_OUTPUT_SIZE(key_type, alg) \
+ (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 && \
+ PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
+ PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
0)
/** A sufficient ciphertext buffer size for psa_aead_finish(), for any of the
* supported key types and AEAD algorithms.
*
- * See also #PSA_AEAD_FINISH_OUTPUT_SIZE(\p alg).
+ * See also #PSA_AEAD_FINISH_OUTPUT_SIZE(\p key_type, \p alg).
*/
#define PSA_AEAD_FINISH_OUTPUT_MAX_SIZE (PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE)
@@ -448,23 +487,30 @@
* insufficient plaintext buffer size. The actual size of the output may
* be smaller in any given call.
*
+ * See also #PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE.
+ *
+ * \param key_type A symmetric key type that is
+ * compatible with algorithm \p alg.
* \param alg An AEAD algorithm
* (\c PSA_ALG_XXX value such that
* #PSA_ALG_IS_AEAD(\p alg) is true).
*
* \return A sufficient plaintext buffer size for the
* specified algorithm.
- * If the AEAD algorithm is not recognized, return 0.
+ * If the key type or AEAD algorithm is not
+ * recognized, or the parameters are incompatible,
+ * return 0.
*/
-#define PSA_AEAD_VERIFY_OUTPUT_SIZE(alg) \
- (PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
- PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE : \
+#define PSA_AEAD_VERIFY_OUTPUT_SIZE(key_type, alg) \
+ (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 && \
+ PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
+ PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
0)
/** A sufficient plaintext buffer size for psa_aead_verify(), for any of the
* supported key types and AEAD algorithms.
*
- * See also #PSA_AEAD_VERIFY_OUTPUT_SIZE(\p alg).
+ * See also #PSA_AEAD_VERIFY_OUTPUT_SIZE(\p key_type, \p alg).
*/
#define PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE (PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE)
diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h
index 5e865c9..9bfd5ab 100644
--- a/include/psa/crypto_values.h
+++ b/include/psa/crypto_values.h
@@ -2137,4 +2137,27 @@
/**@}*/
+/** \defgroup helper_macros Helper macros
+ * @{
+ */
+
+/* Helper macros */
+
+/** Check if two AEAD algorithm identifiers refer to the same AEAD algorithm
+ * regardless of the tag length they encode.
+ *
+ * \param aead_alg_1 An AEAD algorithm identifier.
+ * \param aead_alg_2 An AEAD algorithm identifier.
+ *
+ * \return 1 if both identifiers refer to the same AEAD algorithm,
+ * 0 otherwise.
+ * Unspecified if neither \p aead_alg_1 nor \p aead_alg_2 are
+ * a supported AEAD algorithm.
+ */
+#define MBEDTLS_PSA_ALG_AEAD_EQUAL(aead_alg_1, aead_alg_2) \
+ (!(((aead_alg_1) ^ (aead_alg_2)) & \
+ ~(PSA_ALG_AEAD_TAG_LENGTH_MASK | PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG)))
+
+/**@}*/
+
#endif /* PSA_CRYPTO_VALUES_H */
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index 220fbf9..256feef 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -63,6 +63,7 @@
platform_util.c
poly1305.c
psa_crypto.c
+ psa_crypto_aead.c
psa_crypto_cipher.c
psa_crypto_client.c
psa_crypto_driver_wrappers.c
diff --git a/library/Makefile b/library/Makefile
index 13b0b29..f089e0b 100644
--- a/library/Makefile
+++ b/library/Makefile
@@ -120,6 +120,7 @@
platform_util.o \
poly1305.o \
psa_crypto.o \
+ psa_crypto_aead.o \
psa_crypto_cipher.o \
psa_crypto_client.o \
psa_crypto_driver_wrappers.o \
diff --git a/library/bignum.c b/library/bignum.c
index bfca43d..e00204b 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -1666,8 +1666,7 @@
* calculating the result is trivial in those cases. */
if( b == 0 || n == 0 )
{
- mbedtls_mpi_lset( X, 0 );
- return( 0 );
+ return( mbedtls_mpi_lset( X, 0 ) );
}
/* Calculate A*b as A + A*(b-1) to take advantage of mpi_mul_hlp */
diff --git a/library/ecjpake.c b/library/ecjpake.c
index bd47169..464ff51 100644
--- a/library/ecjpake.c
+++ b/library/ecjpake.c
@@ -273,7 +273,7 @@
r_len = *(*p)++;
- if( end < *p || (size_t)( end - *p ) < r_len )
+ if( end < *p || (size_t)( end - *p ) < r_len || r_len == 0 )
{
ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
goto cleanup;
diff --git a/library/ecp.c b/library/ecp.c
index b07d6a2..6b29415 100644
--- a/library/ecp.c
+++ b/library/ecp.c
@@ -2477,7 +2477,7 @@
{
#if defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT)
if( mbedtls_internal_ecp_grp_capable( grp ) )
- return( mbedtls_internal_ecp_randomize_mxz( grp, P, f_rng, p_rng );
+ return( mbedtls_internal_ecp_randomize_mxz( grp, P, f_rng, p_rng ) );
#endif /* MBEDTLS_ECP_RANDOMIZE_MXZ_ALT */
#if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT)
@@ -2810,7 +2810,7 @@
#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED)
/*
- * R = m * P with shortcuts for m == 1 and m == -1
+ * R = m * P with shortcuts for m == 0, m == 1 and m == -1
* NOT constant-time - ONLY for short Weierstrass!
*/
static int mbedtls_ecp_mul_shortcuts( mbedtls_ecp_group *grp,
@@ -2821,7 +2821,11 @@
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- if( mbedtls_mpi_cmp_int( m, 1 ) == 0 )
+ if( mbedtls_mpi_cmp_int( m, 0 ) == 0 )
+ {
+ MBEDTLS_MPI_CHK( mbedtls_ecp_set_zero( R ) );
+ }
+ else if( mbedtls_mpi_cmp_int( m, 1 ) == 0 )
{
MBEDTLS_MPI_CHK( mbedtls_ecp_copy( R, P ) );
}
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 25c85c8..f58df4a 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -563,17 +563,6 @@
return( PSA_SUCCESS );
}
-/** Return the size of the key in the given slot, in bits.
- *
- * \param[in] slot A key slot.
- *
- * \return The key size in bits, read from the metadata in the slot.
- */
-static inline size_t psa_get_key_slot_bits( const psa_key_slot_t *slot )
-{
- return( slot->attr.bits );
-}
-
/** Check whether a given key type is valid for use with a given MAC algorithm
*
* Upon successful return of this function, the behavior of #PSA_MAC_LENGTH
@@ -615,20 +604,8 @@
return( PSA_ERROR_INVALID_ARGUMENT );
}
-/** Try to allocate a buffer to an empty key slot.
- *
- * \param[in,out] slot Key slot to attach buffer to.
- * \param[in] buffer_length Requested size of the buffer.
- *
- * \retval #PSA_SUCCESS
- * The buffer has been successfully allocated.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * Not enough memory was available for allocation.
- * \retval #PSA_ERROR_ALREADY_EXISTS
- * Trying to allocate a buffer to a non-empty key slot.
- */
-static psa_status_t psa_allocate_buffer_to_slot( psa_key_slot_t *slot,
- size_t buffer_length )
+psa_status_t psa_allocate_buffer_to_slot( psa_key_slot_t *slot,
+ size_t buffer_length )
{
if( slot->key.data != NULL )
return( PSA_ERROR_ALREADY_EXISTS );
@@ -1086,8 +1063,7 @@
psa_get_and_lock_key_slot_with_policy( key, p_slot, usage, alg )
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
-/** Wipe key data from a slot. Preserve metadata such as the policy. */
-static psa_status_t psa_remove_key_data_from_memory( psa_key_slot_t *slot )
+psa_status_t psa_remove_key_data_from_memory( psa_key_slot_t *slot )
{
/* Data pointer will always be either a valid pointer or NULL in an
* initialized slot, so we can just free it. */
@@ -3530,158 +3506,6 @@
/* AEAD */
/****************************************************************/
-typedef struct
-{
- psa_key_slot_t *slot;
- const mbedtls_cipher_info_t *cipher_info;
- union
- {
- unsigned dummy; /* Make the union non-empty even with no supported algorithms. */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
- mbedtls_ccm_context ccm;
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
- mbedtls_gcm_context gcm;
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
- mbedtls_chachapoly_context chachapoly;
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
- } ctx;
- psa_algorithm_t core_alg;
- uint8_t full_tag_length;
- uint8_t tag_length;
-} aead_operation_t;
-
-#define AEAD_OPERATION_INIT {0, 0, {0}, 0, 0, 0}
-
-static void psa_aead_abort_internal( aead_operation_t *operation )
-{
- switch( operation->core_alg )
- {
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
- case PSA_ALG_CCM:
- mbedtls_ccm_free( &operation->ctx.ccm );
- break;
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
- case PSA_ALG_GCM:
- mbedtls_gcm_free( &operation->ctx.gcm );
- break;
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
- }
-
- psa_unlock_key_slot( operation->slot );
-}
-
-static psa_status_t psa_aead_setup( aead_operation_t *operation,
- mbedtls_svc_key_id_t key,
- psa_key_usage_t usage,
- psa_algorithm_t alg )
-{
- psa_status_t status;
- size_t key_bits;
- mbedtls_cipher_id_t cipher_id;
-
- status = psa_get_and_lock_transparent_key_slot_with_policy(
- key, &operation->slot, usage, alg );
- if( status != PSA_SUCCESS )
- return( status );
-
- key_bits = psa_get_key_slot_bits( operation->slot );
-
- operation->cipher_info =
- mbedtls_cipher_info_from_psa( alg, operation->slot->attr.type, key_bits,
- &cipher_id );
- if( operation->cipher_info == NULL )
- {
- status = PSA_ERROR_NOT_SUPPORTED;
- goto cleanup;
- }
-
- switch( PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, 0 ) )
- {
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
- case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 0 ):
- operation->core_alg = PSA_ALG_CCM;
- operation->full_tag_length = 16;
- /* CCM allows the following tag lengths: 4, 6, 8, 10, 12, 14, 16.
- * The call to mbedtls_ccm_encrypt_and_tag or
- * mbedtls_ccm_auth_decrypt will validate the tag length. */
- if( PSA_BLOCK_CIPHER_BLOCK_LENGTH( operation->slot->attr.type ) != 16 )
- {
- status = PSA_ERROR_INVALID_ARGUMENT;
- goto cleanup;
- }
- mbedtls_ccm_init( &operation->ctx.ccm );
- status = mbedtls_to_psa_error(
- mbedtls_ccm_setkey( &operation->ctx.ccm, cipher_id,
- operation->slot->key.data,
- (unsigned int) key_bits ) );
- if( status != 0 )
- goto cleanup;
- break;
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
-
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
- case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 0 ):
- operation->core_alg = PSA_ALG_GCM;
- operation->full_tag_length = 16;
- /* GCM allows the following tag lengths: 4, 8, 12, 13, 14, 15, 16.
- * The call to mbedtls_gcm_crypt_and_tag or
- * mbedtls_gcm_auth_decrypt will validate the tag length. */
- if( PSA_BLOCK_CIPHER_BLOCK_LENGTH( operation->slot->attr.type ) != 16 )
- {
- status = PSA_ERROR_INVALID_ARGUMENT;
- goto cleanup;
- }
- mbedtls_gcm_init( &operation->ctx.gcm );
- status = mbedtls_to_psa_error(
- mbedtls_gcm_setkey( &operation->ctx.gcm, cipher_id,
- operation->slot->key.data,
- (unsigned int) key_bits ) );
- if( status != 0 )
- goto cleanup;
- break;
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
-
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
- case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CHACHA20_POLY1305, 0 ):
- operation->core_alg = PSA_ALG_CHACHA20_POLY1305;
- operation->full_tag_length = 16;
- /* We only support the default tag length. */
- if( alg != PSA_ALG_CHACHA20_POLY1305 )
- {
- status = PSA_ERROR_NOT_SUPPORTED;
- goto cleanup;
- }
- mbedtls_chachapoly_init( &operation->ctx.chachapoly );
- status = mbedtls_to_psa_error(
- mbedtls_chachapoly_setkey( &operation->ctx.chachapoly,
- operation->slot->key.data ) );
- if( status != 0 )
- goto cleanup;
- break;
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
-
- default:
- status = PSA_ERROR_NOT_SUPPORTED;
- goto cleanup;
- }
-
- if( PSA_AEAD_TAG_LENGTH( alg ) > operation->full_tag_length )
- {
- status = PSA_ERROR_INVALID_ARGUMENT;
- goto cleanup;
- }
- operation->tag_length = PSA_AEAD_TAG_LENGTH( alg );
-
- return( PSA_SUCCESS );
-
-cleanup:
- psa_aead_abort_internal( operation );
- return( status );
-}
-
psa_status_t psa_aead_encrypt( mbedtls_svc_key_id_t key,
psa_algorithm_t alg,
const uint8_t *nonce,
@@ -3694,107 +3518,37 @@
size_t ciphertext_size,
size_t *ciphertext_length )
{
- psa_status_t status;
- aead_operation_t operation = AEAD_OPERATION_INIT;
- uint8_t *tag;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_slot_t *slot;
*ciphertext_length = 0;
- status = psa_aead_setup( &operation, key, PSA_KEY_USAGE_ENCRYPT, alg );
+ if( !PSA_ALG_IS_AEAD( alg ) || PSA_ALG_IS_WILDCARD( alg ) )
+ return( PSA_ERROR_NOT_SUPPORTED );
+
+ status = psa_get_and_lock_key_slot_with_policy(
+ key, &slot, PSA_KEY_USAGE_ENCRYPT, alg );
if( status != PSA_SUCCESS )
return( status );
- /* For all currently supported modes, the tag is at the end of the
- * ciphertext. */
- if( ciphertext_size < ( plaintext_length + operation.tag_length ) )
- {
- status = PSA_ERROR_BUFFER_TOO_SMALL;
- goto exit;
- }
- tag = ciphertext + plaintext_length;
+ psa_key_attributes_t attributes = {
+ .core = slot->attr
+ };
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
- if( operation.core_alg == PSA_ALG_GCM )
- {
- status = mbedtls_to_psa_error(
- mbedtls_gcm_crypt_and_tag( &operation.ctx.gcm,
- MBEDTLS_GCM_ENCRYPT,
- plaintext_length,
- nonce, nonce_length,
- additional_data, additional_data_length,
- plaintext, ciphertext,
- operation.tag_length, tag ) );
- }
- else
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
- if( operation.core_alg == PSA_ALG_CCM )
- {
- status = mbedtls_to_psa_error(
- mbedtls_ccm_encrypt_and_tag( &operation.ctx.ccm,
- plaintext_length,
- nonce, nonce_length,
- additional_data,
- additional_data_length,
- plaintext, ciphertext,
- tag, operation.tag_length ) );
- }
- else
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
- if( operation.core_alg == PSA_ALG_CHACHA20_POLY1305 )
- {
- if( nonce_length != 12 || operation.tag_length != 16 )
- {
- status = PSA_ERROR_NOT_SUPPORTED;
- goto exit;
- }
- status = mbedtls_to_psa_error(
- mbedtls_chachapoly_encrypt_and_tag( &operation.ctx.chachapoly,
- plaintext_length,
- nonce,
- additional_data,
- additional_data_length,
- plaintext,
- ciphertext,
- tag ) );
- }
- else
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
- {
- (void) tag;
- return( PSA_ERROR_NOT_SUPPORTED );
- }
+ status = psa_driver_wrapper_aead_encrypt(
+ &attributes, slot->key.data, slot->key.bytes,
+ alg,
+ nonce, nonce_length,
+ additional_data, additional_data_length,
+ plaintext, plaintext_length,
+ ciphertext, ciphertext_size, ciphertext_length );
if( status != PSA_SUCCESS && ciphertext_size != 0 )
memset( ciphertext, 0, ciphertext_size );
-exit:
- psa_aead_abort_internal( &operation );
- if( status == PSA_SUCCESS )
- *ciphertext_length = plaintext_length + operation.tag_length;
- return( status );
-}
+ psa_unlock_key_slot( slot );
-/* Locate the tag in a ciphertext buffer containing the encrypted data
- * followed by the tag. Return the length of the part preceding the tag in
- * *plaintext_length. This is the size of the plaintext in modes where
- * the encrypted data has the same size as the plaintext, such as
- * CCM and GCM. */
-static psa_status_t psa_aead_unpadded_locate_tag( size_t tag_length,
- const uint8_t *ciphertext,
- size_t ciphertext_length,
- size_t plaintext_size,
- const uint8_t **p_tag )
-{
- size_t payload_length;
- if( tag_length > ciphertext_length )
- return( PSA_ERROR_INVALID_ARGUMENT );
- payload_length = ciphertext_length - tag_length;
- if( payload_length > plaintext_size )
- return( PSA_ERROR_BUFFER_TOO_SMALL );
- *p_tag = ciphertext + payload_length;
- return( PSA_SUCCESS );
+ return( status );
}
psa_status_t psa_aead_decrypt( mbedtls_svc_key_id_t key,
@@ -3809,86 +3563,39 @@
size_t plaintext_size,
size_t *plaintext_length )
{
- psa_status_t status;
- aead_operation_t operation = AEAD_OPERATION_INIT;
- const uint8_t *tag = NULL;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_slot_t *slot;
*plaintext_length = 0;
- status = psa_aead_setup( &operation, key, PSA_KEY_USAGE_DECRYPT, alg );
+ if( !PSA_ALG_IS_AEAD( alg ) || PSA_ALG_IS_WILDCARD( alg ) )
+ return( PSA_ERROR_NOT_SUPPORTED );
+
+ status = psa_get_and_lock_key_slot_with_policy(
+ key, &slot, PSA_KEY_USAGE_DECRYPT, alg );
if( status != PSA_SUCCESS )
return( status );
- status = psa_aead_unpadded_locate_tag( operation.tag_length,
- ciphertext, ciphertext_length,
- plaintext_size, &tag );
- if( status != PSA_SUCCESS )
- goto exit;
+ psa_key_attributes_t attributes = {
+ .core = slot->attr
+ };
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
- if( operation.core_alg == PSA_ALG_GCM )
- {
- status = mbedtls_to_psa_error(
- mbedtls_gcm_auth_decrypt( &operation.ctx.gcm,
- ciphertext_length - operation.tag_length,
- nonce, nonce_length,
- additional_data,
- additional_data_length,
- tag, operation.tag_length,
- ciphertext, plaintext ) );
- }
- else
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
- if( operation.core_alg == PSA_ALG_CCM )
- {
- status = mbedtls_to_psa_error(
- mbedtls_ccm_auth_decrypt( &operation.ctx.ccm,
- ciphertext_length - operation.tag_length,
- nonce, nonce_length,
- additional_data,
- additional_data_length,
- ciphertext, plaintext,
- tag, operation.tag_length ) );
- }
- else
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
- if( operation.core_alg == PSA_ALG_CHACHA20_POLY1305 )
- {
- if( nonce_length != 12 || operation.tag_length != 16 )
- {
- status = PSA_ERROR_NOT_SUPPORTED;
- goto exit;
- }
- status = mbedtls_to_psa_error(
- mbedtls_chachapoly_auth_decrypt( &operation.ctx.chachapoly,
- ciphertext_length - operation.tag_length,
- nonce,
- additional_data,
- additional_data_length,
- tag,
- ciphertext,
- plaintext ) );
- }
- else
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
- {
- return( PSA_ERROR_NOT_SUPPORTED );
- }
+ status = psa_driver_wrapper_aead_decrypt(
+ &attributes, slot->key.data, slot->key.bytes,
+ alg,
+ nonce, nonce_length,
+ additional_data, additional_data_length,
+ ciphertext, ciphertext_length,
+ plaintext, plaintext_size, plaintext_length );
if( status != PSA_SUCCESS && plaintext_size != 0 )
memset( plaintext, 0, plaintext_size );
-exit:
- psa_aead_abort_internal( &operation );
- if( status == PSA_SUCCESS )
- *plaintext_length = ciphertext_length - operation.tag_length;
+ psa_unlock_key_slot( slot );
+
return( status );
}
-
-
/****************************************************************/
/* Generators */
/****************************************************************/
diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c
new file mode 100644
index 0000000..356679c
--- /dev/null
+++ b/library/psa_crypto_aead.c
@@ -0,0 +1,367 @@
+/*
+ * PSA AEAD entry points
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "common.h"
+
+#if defined(MBEDTLS_PSA_CRYPTO_C)
+
+#include "psa_crypto_aead.h"
+#include "psa_crypto_core.h"
+
+#include "mbedtls/ccm.h"
+#include "mbedtls/chachapoly.h"
+#include "mbedtls/cipher.h"
+#include "mbedtls/gcm.h"
+
+typedef struct
+{
+ union
+ {
+ unsigned dummy; /* Make the union non-empty even with no supported algorithms. */
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
+ mbedtls_ccm_context ccm;
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
+ mbedtls_gcm_context gcm;
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
+ mbedtls_chachapoly_context chachapoly;
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
+ } ctx;
+ psa_algorithm_t core_alg;
+ uint8_t tag_length;
+} aead_operation_t;
+
+#define AEAD_OPERATION_INIT {{0}, 0, 0}
+
+static void psa_aead_abort_internal( aead_operation_t *operation )
+{
+ switch( operation->core_alg )
+ {
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
+ case PSA_ALG_CCM:
+ mbedtls_ccm_free( &operation->ctx.ccm );
+ break;
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
+ case PSA_ALG_GCM:
+ mbedtls_gcm_free( &operation->ctx.gcm );
+ break;
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
+ case PSA_ALG_CHACHA20_POLY1305:
+ mbedtls_chachapoly_free( &operation->ctx.chachapoly );
+ break;
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
+ }
+}
+
+static psa_status_t psa_aead_setup(
+ aead_operation_t *operation,
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ psa_algorithm_t alg )
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ size_t key_bits;
+ const mbedtls_cipher_info_t *cipher_info;
+ mbedtls_cipher_id_t cipher_id;
+ size_t full_tag_length = 0;
+
+ key_bits = attributes->core.bits;
+
+ cipher_info = mbedtls_cipher_info_from_psa( alg,
+ attributes->core.type, key_bits,
+ &cipher_id );
+ if( cipher_info == NULL )
+ return( PSA_ERROR_NOT_SUPPORTED );
+
+ switch( PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, 0 ) )
+ {
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
+ case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 0 ):
+ operation->core_alg = PSA_ALG_CCM;
+ full_tag_length = 16;
+ /* CCM allows the following tag lengths: 4, 6, 8, 10, 12, 14, 16.
+ * The call to mbedtls_ccm_encrypt_and_tag or
+ * mbedtls_ccm_auth_decrypt will validate the tag length. */
+ if( PSA_BLOCK_CIPHER_BLOCK_LENGTH( attributes->core.type ) != 16 )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+
+ mbedtls_ccm_init( &operation->ctx.ccm );
+ status = mbedtls_to_psa_error(
+ mbedtls_ccm_setkey( &operation->ctx.ccm, cipher_id,
+ key_buffer, (unsigned int) key_bits ) );
+ if( status != PSA_SUCCESS )
+ return( status );
+ break;
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
+
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
+ case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 0 ):
+ operation->core_alg = PSA_ALG_GCM;
+ full_tag_length = 16;
+ /* GCM allows the following tag lengths: 4, 8, 12, 13, 14, 15, 16.
+ * The call to mbedtls_gcm_crypt_and_tag or
+ * mbedtls_gcm_auth_decrypt will validate the tag length. */
+ if( PSA_BLOCK_CIPHER_BLOCK_LENGTH( attributes->core.type ) != 16 )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+
+ mbedtls_gcm_init( &operation->ctx.gcm );
+ status = mbedtls_to_psa_error(
+ mbedtls_gcm_setkey( &operation->ctx.gcm, cipher_id,
+ key_buffer, (unsigned int) key_bits ) );
+ if( status != PSA_SUCCESS )
+ return( status );
+ break;
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
+
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
+ case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CHACHA20_POLY1305, 0 ):
+ operation->core_alg = PSA_ALG_CHACHA20_POLY1305;
+ full_tag_length = 16;
+ /* We only support the default tag length. */
+ if( alg != PSA_ALG_CHACHA20_POLY1305 )
+ return( PSA_ERROR_NOT_SUPPORTED );
+
+ mbedtls_chachapoly_init( &operation->ctx.chachapoly );
+ status = mbedtls_to_psa_error(
+ mbedtls_chachapoly_setkey( &operation->ctx.chachapoly,
+ key_buffer ) );
+ if( status != PSA_SUCCESS )
+ return( status );
+ break;
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
+
+ default:
+ return( PSA_ERROR_NOT_SUPPORTED );
+ }
+
+ if( PSA_AEAD_TAG_LENGTH( attributes->core.type,
+ key_bits, alg )
+ > full_tag_length )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+
+ operation->tag_length = PSA_AEAD_TAG_LENGTH( attributes->core.type,
+ key_bits,
+ alg );
+
+ return( PSA_SUCCESS );
+}
+
+psa_status_t mbedtls_psa_aead_encrypt(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer, size_t key_buffer_size,
+ psa_algorithm_t alg,
+ const uint8_t *nonce, size_t nonce_length,
+ const uint8_t *additional_data, size_t additional_data_length,
+ const uint8_t *plaintext, size_t plaintext_length,
+ uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length )
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ aead_operation_t operation = AEAD_OPERATION_INIT;
+ uint8_t *tag;
+ (void) key_buffer_size;
+
+ status = psa_aead_setup( &operation, attributes, key_buffer, alg );
+ if( status != PSA_SUCCESS )
+ goto exit;
+
+ /* For all currently supported modes, the tag is at the end of the
+ * ciphertext. */
+ if( ciphertext_size < ( plaintext_length + operation.tag_length ) )
+ {
+ status = PSA_ERROR_BUFFER_TOO_SMALL;
+ goto exit;
+ }
+ tag = ciphertext + plaintext_length;
+
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
+ if( operation.core_alg == PSA_ALG_CCM )
+ {
+ status = mbedtls_to_psa_error(
+ mbedtls_ccm_encrypt_and_tag( &operation.ctx.ccm,
+ plaintext_length,
+ nonce, nonce_length,
+ additional_data,
+ additional_data_length,
+ plaintext, ciphertext,
+ tag, operation.tag_length ) );
+ }
+ else
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
+ if( operation.core_alg == PSA_ALG_GCM )
+ {
+ status = mbedtls_to_psa_error(
+ mbedtls_gcm_crypt_and_tag( &operation.ctx.gcm,
+ MBEDTLS_GCM_ENCRYPT,
+ plaintext_length,
+ nonce, nonce_length,
+ additional_data, additional_data_length,
+ plaintext, ciphertext,
+ operation.tag_length, tag ) );
+ }
+ else
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
+ if( operation.core_alg == PSA_ALG_CHACHA20_POLY1305 )
+ {
+ if( nonce_length != 12 || operation.tag_length != 16 )
+ {
+ status = PSA_ERROR_NOT_SUPPORTED;
+ goto exit;
+ }
+ status = mbedtls_to_psa_error(
+ mbedtls_chachapoly_encrypt_and_tag( &operation.ctx.chachapoly,
+ plaintext_length,
+ nonce,
+ additional_data,
+ additional_data_length,
+ plaintext,
+ ciphertext,
+ tag ) );
+ }
+ else
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
+ {
+ (void) tag;
+ return( PSA_ERROR_NOT_SUPPORTED );
+ }
+
+ if( status == PSA_SUCCESS )
+ *ciphertext_length = plaintext_length + operation.tag_length;
+
+exit:
+ psa_aead_abort_internal( &operation );
+
+ return( status );
+}
+
+/* Locate the tag in a ciphertext buffer containing the encrypted data
+ * followed by the tag. Return the length of the part preceding the tag in
+ * *plaintext_length. This is the size of the plaintext in modes where
+ * the encrypted data has the same size as the plaintext, such as
+ * CCM and GCM. */
+static psa_status_t psa_aead_unpadded_locate_tag( size_t tag_length,
+ const uint8_t *ciphertext,
+ size_t ciphertext_length,
+ size_t plaintext_size,
+ const uint8_t **p_tag )
+{
+ size_t payload_length;
+ if( tag_length > ciphertext_length )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ payload_length = ciphertext_length - tag_length;
+ if( payload_length > plaintext_size )
+ return( PSA_ERROR_BUFFER_TOO_SMALL );
+ *p_tag = ciphertext + payload_length;
+ return( PSA_SUCCESS );
+}
+
+psa_status_t mbedtls_psa_aead_decrypt(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer, size_t key_buffer_size,
+ psa_algorithm_t alg,
+ const uint8_t *nonce, size_t nonce_length,
+ const uint8_t *additional_data, size_t additional_data_length,
+ const uint8_t *ciphertext, size_t ciphertext_length,
+ uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length )
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ aead_operation_t operation = AEAD_OPERATION_INIT;
+ const uint8_t *tag = NULL;
+ (void) key_buffer_size;
+
+ status = psa_aead_setup( &operation, attributes, key_buffer, alg );
+ if( status != PSA_SUCCESS )
+ goto exit;
+
+ status = psa_aead_unpadded_locate_tag( operation.tag_length,
+ ciphertext, ciphertext_length,
+ plaintext_size, &tag );
+ if( status != PSA_SUCCESS )
+ goto exit;
+
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
+ if( operation.core_alg == PSA_ALG_CCM )
+ {
+ status = mbedtls_to_psa_error(
+ mbedtls_ccm_auth_decrypt( &operation.ctx.ccm,
+ ciphertext_length - operation.tag_length,
+ nonce, nonce_length,
+ additional_data,
+ additional_data_length,
+ ciphertext, plaintext,
+ tag, operation.tag_length ) );
+ }
+ else
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
+ if( operation.core_alg == PSA_ALG_GCM )
+ {
+ status = mbedtls_to_psa_error(
+ mbedtls_gcm_auth_decrypt( &operation.ctx.gcm,
+ ciphertext_length - operation.tag_length,
+ nonce, nonce_length,
+ additional_data,
+ additional_data_length,
+ tag, operation.tag_length,
+ ciphertext, plaintext ) );
+ }
+ else
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
+ if( operation.core_alg == PSA_ALG_CHACHA20_POLY1305 )
+ {
+ if( nonce_length != 12 || operation.tag_length != 16 )
+ {
+ status = PSA_ERROR_NOT_SUPPORTED;
+ goto exit;
+ }
+ status = mbedtls_to_psa_error(
+ mbedtls_chachapoly_auth_decrypt( &operation.ctx.chachapoly,
+ ciphertext_length - operation.tag_length,
+ nonce,
+ additional_data,
+ additional_data_length,
+ tag,
+ ciphertext,
+ plaintext ) );
+ }
+ else
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
+ {
+ return( PSA_ERROR_NOT_SUPPORTED );
+ }
+
+ if( status == PSA_SUCCESS )
+ *plaintext_length = ciphertext_length - operation.tag_length;
+
+exit:
+ psa_aead_abort_internal( &operation );
+
+ if( status == PSA_SUCCESS )
+ *plaintext_length = ciphertext_length - operation.tag_length;
+ return( status );
+}
+
+#endif /* MBEDTLS_PSA_CRYPTO_C */
+
diff --git a/library/psa_crypto_aead.h b/library/psa_crypto_aead.h
new file mode 100644
index 0000000..aab0f83
--- /dev/null
+++ b/library/psa_crypto_aead.h
@@ -0,0 +1,151 @@
+/*
+ * PSA AEAD driver entry points
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef PSA_CRYPTO_AEAD_H
+#define PSA_CRYPTO_AEAD_H
+
+#include <psa/crypto.h>
+
+/**
+ * \brief Process an authenticated encryption operation.
+ *
+ * \note The signature of this function is that of a PSA driver
+ * aead_encrypt entry point. This function behaves as an aead_encrypt
+ * entry point as defined in the PSA driver interface specification for
+ * transparent drivers.
+ *
+ * \param[in] attributes The attributes of the key to use for the
+ * operation.
+ * \param[in] key_buffer The buffer containing the key context.
+ * \param key_buffer_size Size of the \p key_buffer buffer in bytes.
+ * \param alg The AEAD algorithm to compute.
+ * \param[in] nonce Nonce or IV to use.
+ * \param nonce_length Size of the nonce buffer in bytes. This must
+ * be appropriate for the selected algorithm.
+ * The default nonce size is
+ * PSA_AEAD_NONCE_LENGTH(key_type, alg) where
+ * key_type is the type of key.
+ * \param[in] additional_data Additional data that will be authenticated
+ * but not encrypted.
+ * \param additional_data_length Size of additional_data in bytes.
+ * \param[in] plaintext Data that will be authenticated and encrypted.
+ * \param plaintext_length Size of plaintext in bytes.
+ * \param[out] ciphertext Output buffer for the authenticated and
+ * encrypted data. The additional data is not
+ * part of this output. For algorithms where the
+ * encrypted data and the authentication tag are
+ * defined as separate outputs, the
+ * authentication tag is appended to the
+ * encrypted data.
+ * \param ciphertext_size Size of the ciphertext buffer in bytes. This
+ * must be appropriate for the selected algorithm
+ * and key:
+ * - A sufficient output size is
+ * PSA_AEAD_ENCRYPT_OUTPUT_SIZE(key_type, alg,
+ * plaintext_length) where key_type is the type
+ * of key.
+ * - PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(
+ * plaintext_length) evaluates to the maximum
+ * ciphertext size of any supported AEAD
+ * encryption.
+ * \param[out] ciphertext_length On success, the size of the output in the
+ * ciphertext buffer.
+ *
+ * \retval #PSA_SUCCESS Success.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * \p alg is not supported.
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_BUFFER_TOO_SMALL
+ * ciphertext_size is too small.
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ */
+psa_status_t mbedtls_psa_aead_encrypt(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer, size_t key_buffer_size,
+ psa_algorithm_t alg,
+ const uint8_t *nonce, size_t nonce_length,
+ const uint8_t *additional_data, size_t additional_data_length,
+ const uint8_t *plaintext, size_t plaintext_length,
+ uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length );
+
+/**
+ * \brief Process an authenticated decryption operation.
+ *
+ * \note The signature of this function is that of a PSA driver
+ * aead_decrypt entry point. This function behaves as an aead_decrypt
+ * entry point as defined in the PSA driver interface specification for
+ * transparent drivers.
+ *
+ * \param[in] attributes The attributes of the key to use for the
+ * operation.
+ * \param[in] key_buffer The buffer containing the key context.
+ * \param key_buffer_size Size of the \p key_buffer buffer in bytes.
+ * \param alg The AEAD algorithm to compute.
+ * \param[in] nonce Nonce or IV to use.
+ * \param nonce_length Size of the nonce buffer in bytes. This must
+ * be appropriate for the selected algorithm.
+ * The default nonce size is
+ * PSA_AEAD_NONCE_LENGTH(key_type, alg) where
+ * key_type is the type of key.
+ * \param[in] additional_data Additional data that has been authenticated
+ * but not encrypted.
+ * \param additional_data_length Size of additional_data in bytes.
+ * \param[in] ciphertext Data that has been authenticated and
+ * encrypted. For algorithms where the encrypted
+ * data and the authentication tag are defined
+ * as separate inputs, the buffer contains
+ * encrypted data followed by the authentication
+ * tag.
+ * \param ciphertext_length Size of ciphertext in bytes.
+ * \param[out] plaintext Output buffer for the decrypted data.
+ * \param plaintext_size Size of the plaintext buffer in bytes. This
+ * must be appropriate for the selected algorithm
+ * and key:
+ * - A sufficient output size is
+ * PSA_AEAD_DECRYPT_OUTPUT_SIZE(key_type, alg,
+ * ciphertext_length) where key_type is the
+ * type of key.
+ * - PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE(
+ * ciphertext_length) evaluates to the maximum
+ * plaintext size of any supported AEAD
+ * decryption.
+ * \param[out] plaintext_length On success, the size of the output in the
+ * plaintext buffer.
+ *
+ * \retval #PSA_SUCCESS Success.
+ * \retval #PSA_ERROR_INVALID_SIGNATURE
+ * The cipher is not authentic.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * \p alg is not supported.
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_BUFFER_TOO_SMALL
+ * plaintext_size is too small.
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ */
+psa_status_t mbedtls_psa_aead_decrypt(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer, size_t key_buffer_size,
+ psa_algorithm_t alg,
+ const uint8_t *nonce, size_t nonce_length,
+ const uint8_t *additional_data, size_t additional_data_length,
+ const uint8_t *ciphertext, size_t ciphertext_length,
+ uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length );
+
+#endif /* PSA_CRYPTO_AEAD */
diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h
index ec7ac80..90f9d18 100644
--- a/library/psa_crypto_core.h
+++ b/library/psa_crypto_core.h
@@ -180,6 +180,24 @@
*/
psa_status_t psa_wipe_key_slot( psa_key_slot_t *slot );
+/** Try to allocate a buffer to an empty key slot.
+ *
+ * \param[in,out] slot Key slot to attach buffer to.
+ * \param[in] buffer_length Requested size of the buffer.
+ *
+ * \retval #PSA_SUCCESS
+ * The buffer has been successfully allocated.
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * Not enough memory was available for allocation.
+ * \retval #PSA_ERROR_ALREADY_EXISTS
+ * Trying to allocate a buffer to a non-empty key slot.
+ */
+psa_status_t psa_allocate_buffer_to_slot( psa_key_slot_t *slot,
+ size_t buffer_length );
+
+/** Wipe key data from a slot. Preserves metadata such as the policy. */
+psa_status_t psa_remove_key_data_from_memory( psa_key_slot_t *slot );
+
/** Copy key data (in export format) into an empty key slot.
*
* This function assumes that the slot does not contain
@@ -212,6 +230,22 @@
*/
psa_status_t mbedtls_to_psa_error( int ret );
+/** Get Mbed TLS cipher information given the cipher algorithm PSA identifier
+ * as well as the PSA type and size of the key to be used with the cipher
+ * algorithm.
+ *
+ * \param alg PSA cipher algorithm identifier
+ * \param key_type PSA key type
+ * \param key_bits Size of the key in bits
+ * \param[out] cipher_id Mbed TLS cipher algorithm identifier
+ *
+ * \return The Mbed TLS cipher information of the cipher algorithm.
+ * \c NULL if the PSA cipher algorithm is not supported.
+ */
+const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa(
+ psa_algorithm_t alg, psa_key_type_t key_type, size_t key_bits,
+ mbedtls_cipher_id_t *cipher_id );
+
/** Import a key in binary format.
*
* \note The signature of this function is that of a PSA driver
diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c
index 9459c46..11160d8 100644
--- a/library/psa_crypto_driver_wrappers.c
+++ b/library/psa_crypto_driver_wrappers.c
@@ -19,6 +19,7 @@
* limitations under the License.
*/
+#include "psa_crypto_aead.h"
#include "psa_crypto_cipher.h"
#include "psa_crypto_core.h"
#include "psa_crypto_driver_wrappers.h"
@@ -128,7 +129,7 @@
/* Add cases for opaque driver here */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
- case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
+ case PSA_CRYPTO_TEST_DRIVER_LOCATION:
return( test_opaque_signature_sign_hash( attributes,
key_buffer,
key_buffer_size,
@@ -210,7 +211,7 @@
/* Add cases for opaque driver here */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
- case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
+ case PSA_CRYPTO_TEST_DRIVER_LOCATION:
return( test_opaque_signature_verify_hash( attributes,
key_buffer,
key_buffer_size,
@@ -228,8 +229,8 @@
}
}
-/** Get the key buffer size for the key material of a generated key in the
- * case of an opaque driver without storage.
+/** Get the key buffer size required to store the key material of a key
+ * associated with an opaque driver without storage.
*
* \param[in] attributes The key attributes.
* \param[out] key_buffer_size Minimum buffer size to contain the key material
@@ -255,7 +256,17 @@
switch( location )
{
#if defined(PSA_CRYPTO_DRIVER_TEST)
- case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
+ case PSA_CRYPTO_TEST_DRIVER_LOCATION:
+#if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
+ /* Emulate property 'builtin_key_size' */
+ if( psa_key_id_is_builtin(
+ MBEDTLS_SVC_KEY_ID_GET_KEY_ID(
+ psa_get_key_id( attributes ) ) ) )
+ {
+ *key_buffer_size = sizeof( psa_drv_slot_number_t );
+ return( PSA_SUCCESS );
+ }
+#endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
#ifdef TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION
*key_buffer_size = test_size_function( key_type, key_bits );
return( PSA_SUCCESS );
@@ -352,7 +363,7 @@
/* Add cases for opaque driver here */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
- case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
+ case PSA_CRYPTO_TEST_DRIVER_LOCATION:
status = test_opaque_generate_key(
attributes, key_buffer, key_buffer_size, key_buffer_length );
break;
@@ -484,7 +495,7 @@
/* Add cases for opaque driver here */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
- case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
+ case PSA_CRYPTO_TEST_DRIVER_LOCATION:
return( test_opaque_export_key( attributes,
key_buffer,
key_buffer_size,
@@ -558,7 +569,7 @@
/* Add cases for opaque driver here */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
- case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
+ case PSA_CRYPTO_TEST_DRIVER_LOCATION:
return( test_opaque_export_public_key( attributes,
key_buffer,
key_buffer_size,
@@ -573,6 +584,30 @@
}
}
+psa_status_t psa_driver_wrapper_get_builtin_key(
+ psa_drv_slot_number_t slot_number,
+ psa_key_attributes_t *attributes,
+ uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
+{
+ psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
+ switch( location )
+ {
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+ case PSA_CRYPTO_TEST_DRIVER_LOCATION:
+ return( test_opaque_get_builtin_key(
+ slot_number,
+ attributes,
+ key_buffer, key_buffer_size, key_buffer_length ) );
+#endif /* PSA_CRYPTO_DRIVER_TEST */
+ default:
+ (void) slot_number;
+ (void) key_buffer;
+ (void) key_buffer_size;
+ (void) key_buffer_length;
+ return( PSA_ERROR_DOES_NOT_EXIST );
+ }
+}
+
/*
* Cipher functions
*/
@@ -615,7 +650,7 @@
return( PSA_ERROR_NOT_SUPPORTED );
/* Add cases for opaque driver here */
#if defined(PSA_CRYPTO_DRIVER_TEST)
- case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
+ case PSA_CRYPTO_TEST_DRIVER_LOCATION:
return( test_opaque_cipher_encrypt( &attributes,
slot->key.data,
slot->key.bytes,
@@ -682,7 +717,7 @@
return( PSA_ERROR_NOT_SUPPORTED );
/* Add cases for opaque driver here */
#if defined(PSA_CRYPTO_DRIVER_TEST)
- case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
+ case PSA_CRYPTO_TEST_DRIVER_LOCATION:
return( test_opaque_cipher_decrypt( &attributes,
slot->key.data,
slot->key.bytes,
@@ -759,7 +794,7 @@
/* Add cases for opaque driver here */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
- case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
+ case PSA_CRYPTO_TEST_DRIVER_LOCATION:
status = test_opaque_cipher_encrypt_setup(
&operation->ctx.opaque_test_driver_ctx,
attributes,
@@ -830,7 +865,7 @@
/* Add cases for opaque driver here */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
- case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
+ case PSA_CRYPTO_TEST_DRIVER_LOCATION:
status = test_opaque_cipher_decrypt_setup(
&operation->ctx.opaque_test_driver_ctx,
attributes,
@@ -1177,4 +1212,107 @@
}
}
+psa_status_t psa_driver_wrapper_aead_encrypt(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer, size_t key_buffer_size,
+ psa_algorithm_t alg,
+ const uint8_t *nonce, size_t nonce_length,
+ const uint8_t *additional_data, size_t additional_data_length,
+ const uint8_t *plaintext, size_t plaintext_length,
+ uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length )
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_location_t location =
+ PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
+
+ switch( location )
+ {
+ case PSA_KEY_LOCATION_LOCAL_STORAGE:
+ /* Key is stored in the slot in export representation, so
+ * cycle through all known transparent accelerators */
+
+#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+ status = test_transparent_aead_encrypt(
+ attributes, key_buffer, key_buffer_size,
+ alg,
+ nonce, nonce_length,
+ additional_data, additional_data_length,
+ plaintext, plaintext_length,
+ ciphertext, ciphertext_size, ciphertext_length );
+ /* Declared with fallback == true */
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+#endif /* PSA_CRYPTO_DRIVER_TEST */
+#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+
+ /* Fell through, meaning no accelerator supports this operation */
+ return( mbedtls_psa_aead_encrypt(
+ attributes, key_buffer, key_buffer_size,
+ alg,
+ nonce, nonce_length,
+ additional_data, additional_data_length,
+ plaintext, plaintext_length,
+ ciphertext, ciphertext_size, ciphertext_length ) );
+
+ /* Add cases for opaque driver here */
+
+ default:
+ /* Key is declared with a lifetime not known to us */
+ (void)status;
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
+}
+
+psa_status_t psa_driver_wrapper_aead_decrypt(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer, size_t key_buffer_size,
+ psa_algorithm_t alg,
+ const uint8_t *nonce, size_t nonce_length,
+ const uint8_t *additional_data, size_t additional_data_length,
+ const uint8_t *ciphertext, size_t ciphertext_length,
+ uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length )
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_location_t location =
+ PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
+
+ switch( location )
+ {
+ case PSA_KEY_LOCATION_LOCAL_STORAGE:
+ /* Key is stored in the slot in export representation, so
+ * cycle through all known transparent accelerators */
+
+#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+ status = test_transparent_aead_decrypt(
+ attributes, key_buffer, key_buffer_size,
+ alg,
+ nonce, nonce_length,
+ additional_data, additional_data_length,
+ ciphertext, ciphertext_length,
+ plaintext, plaintext_size, plaintext_length );
+ /* Declared with fallback == true */
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+#endif /* PSA_CRYPTO_DRIVER_TEST */
+#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+
+ /* Fell through, meaning no accelerator supports this operation */
+ return( mbedtls_psa_aead_decrypt(
+ attributes, key_buffer, key_buffer_size,
+ alg,
+ nonce, nonce_length,
+ additional_data, additional_data_length,
+ ciphertext, ciphertext_length,
+ plaintext, plaintext_size, plaintext_length ) );
+
+ /* Add cases for opaque driver here */
+
+ default:
+ /* Key is declared with a lifetime not known to us */
+ (void)status;
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
+}
/* End of automatically generated file. */
diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h
index e336996..e82d093 100644
--- a/library/psa_crypto_driver_wrappers.h
+++ b/library/psa_crypto_driver_wrappers.h
@@ -68,6 +68,11 @@
const psa_key_attributes_t *attributes,
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length );
+psa_status_t psa_driver_wrapper_get_builtin_key(
+ psa_drv_slot_number_t slot_number,
+ psa_key_attributes_t *attributes,
+ uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length );
+
/*
* Cipher functions
*/
@@ -156,6 +161,28 @@
psa_status_t psa_driver_wrapper_hash_abort(
psa_hash_operation_t *operation );
+/*
+ * AEAD functions
+ */
+
+psa_status_t psa_driver_wrapper_aead_encrypt(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer, size_t key_buffer_size,
+ psa_algorithm_t alg,
+ const uint8_t *nonce, size_t nonce_length,
+ const uint8_t *additional_data, size_t additional_data_length,
+ const uint8_t *plaintext, size_t plaintext_length,
+ uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length );
+
+psa_status_t psa_driver_wrapper_aead_decrypt(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer, size_t key_buffer_size,
+ psa_algorithm_t alg,
+ const uint8_t *nonce, size_t nonce_length,
+ const uint8_t *additional_data, size_t additional_data_length,
+ const uint8_t *ciphertext, size_t ciphertext_length,
+ uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length );
+
#endif /* PSA_CRYPTO_DRIVER_WRAPPERS_H */
/* End of automatically generated file. */
diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c
index cf07a36..0b1a3c1 100644
--- a/library/psa_crypto_slot_management.c
+++ b/library/psa_crypto_slot_management.c
@@ -26,6 +26,7 @@
#include "psa/crypto.h"
#include "psa_crypto_core.h"
+#include "psa_crypto_driver_wrappers.h"
#include "psa_crypto_slot_management.h"
#include "psa_crypto_storage.h"
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
@@ -274,6 +275,77 @@
}
#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
+#if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
+
+static psa_status_t psa_load_builtin_key_into_slot( psa_key_slot_t *slot )
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_lifetime_t lifetime = PSA_KEY_LIFETIME_VOLATILE;
+ psa_drv_slot_number_t slot_number = 0;
+ size_t key_buffer_size = 0;
+ size_t key_buffer_length = 0;
+
+ if( ! psa_key_id_is_builtin(
+ MBEDTLS_SVC_KEY_ID_GET_KEY_ID( slot->attr.id ) ) )
+ {
+ return( PSA_ERROR_DOES_NOT_EXIST );
+ }
+
+ /* Check the platform function to see whether this key actually exists */
+ status = mbedtls_psa_platform_get_builtin_key(
+ slot->attr.id, &lifetime, &slot_number );
+ if( status != PSA_SUCCESS )
+ return( status );
+
+ /* Set required key attributes to ensure get_builtin_key can retrieve the
+ * full attributes. */
+ psa_set_key_id( &attributes, slot->attr.id );
+ psa_set_key_lifetime( &attributes, lifetime );
+
+ /* Get the full key attributes from the driver in order to be able to
+ * calculate the required buffer size. */
+ status = psa_driver_wrapper_get_builtin_key(
+ slot_number, &attributes,
+ NULL, 0, NULL );
+ if( status != PSA_ERROR_BUFFER_TOO_SMALL )
+ {
+ /* Builtin keys cannot be defined by the attributes alone */
+ if( status == PSA_SUCCESS )
+ status = PSA_ERROR_CORRUPTION_DETECTED;
+ return( status );
+ }
+
+ /* If the key should exist according to the platform, then ask the driver
+ * what its expected size is. */
+ status = psa_driver_wrapper_get_key_buffer_size( &attributes,
+ &key_buffer_size );
+ if( status != PSA_SUCCESS )
+ return( status );
+
+ /* Allocate a buffer of the required size and load the builtin key directly
+ * into the (now properly sized) slot buffer. */
+ status = psa_allocate_buffer_to_slot( slot, key_buffer_size );
+ if( status != PSA_SUCCESS )
+ return( status );
+
+ status = psa_driver_wrapper_get_builtin_key(
+ slot_number, &attributes,
+ slot->key.data, slot->key.bytes, &key_buffer_length );
+ if( status != PSA_SUCCESS )
+ goto exit;
+
+ /* Copy actual key length and core attributes into the slot on success */
+ slot->key.bytes = key_buffer_length;
+ slot->attr = attributes.core;
+
+exit:
+ if( status != PSA_SUCCESS )
+ psa_remove_key_data_from_memory( slot );
+ return( status );
+}
+#endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
+
psa_status_t psa_get_and_lock_key_slot( mbedtls_svc_key_id_t key,
psa_key_slot_t **p_slot )
{
@@ -291,17 +363,29 @@
if( status != PSA_ERROR_DOES_NOT_EXIST )
return( status );
-#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
+ /* Loading keys from storage requires support for such a mechanism */
+#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) || \
+ defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
psa_key_id_t volatile_key_id;
status = psa_get_empty_key_slot( &volatile_key_id, p_slot );
if( status != PSA_SUCCESS )
return( status );
- (*p_slot)->attr.lifetime = PSA_KEY_LIFETIME_PERSISTENT;
(*p_slot)->attr.id = key;
+ (*p_slot)->attr.lifetime = PSA_KEY_LIFETIME_PERSISTENT;
- status = psa_load_persistent_key_into_slot( *p_slot );
+ status = PSA_ERROR_DOES_NOT_EXIST;
+#if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
+ /* Load keys in the 'builtin' range through their own interface */
+ status = psa_load_builtin_key_into_slot( *p_slot );
+#endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
+
+#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
+ if( status == PSA_ERROR_DOES_NOT_EXIST )
+ status = psa_load_persistent_key_into_slot( *p_slot );
+#endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
+
if( status != PSA_SUCCESS )
{
psa_wipe_key_slot( *p_slot );
@@ -309,9 +393,9 @@
status = PSA_ERROR_INVALID_HANDLE;
}
return( status );
-#else
+#else /* MBEDTLS_PSA_CRYPTO_STORAGE_C || MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
return( PSA_ERROR_INVALID_HANDLE );
-#endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
+#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C || MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
}
psa_status_t psa_unlock_key_slot( psa_key_slot_t *slot )
diff --git a/library/version_features.c b/library/version_features.c
index 9332987..f665a23 100644
--- a/library/version_features.c
+++ b/library/version_features.c
@@ -438,6 +438,9 @@
#if defined(MBEDTLS_PKCS1_V21)
"MBEDTLS_PKCS1_V21",
#endif /* MBEDTLS_PKCS1_V21 */
+#if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
+ "MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS",
+#endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
"MBEDTLS_PSA_CRYPTO_CLIENT",
#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
diff --git a/programs/psa/key_ladder_demo.c b/programs/psa/key_ladder_demo.c
index 47d5de6..5d64349 100644
--- a/programs/psa/key_ladder_demo.c
+++ b/programs/psa/key_ladder_demo.c
@@ -365,6 +365,8 @@
psa_status_t status;
FILE *input_file = NULL;
FILE *output_file = NULL;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_type_t key_type;
long input_position;
size_t input_size;
size_t buffer_size = 0;
@@ -385,7 +387,10 @@
}
#endif
input_size = input_position;
- buffer_size = PSA_AEAD_ENCRYPT_OUTPUT_SIZE( WRAPPING_ALG, input_size );
+ PSA_CHECK( psa_get_key_attributes( wrapping_key, &attributes ) );
+ key_type = psa_get_key_type( &attributes );
+ buffer_size =
+ PSA_AEAD_ENCRYPT_OUTPUT_SIZE( key_type, WRAPPING_ALG, input_size );
/* Check for integer overflow. */
if( buffer_size < input_size )
{
@@ -442,6 +447,8 @@
psa_status_t status;
FILE *input_file = NULL;
FILE *output_file = NULL;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_type_t key_type;
unsigned char *buffer = NULL;
size_t ciphertext_size = 0;
size_t plaintext_size;
@@ -465,8 +472,10 @@
status = DEMO_ERROR;
goto exit;
}
+ PSA_CHECK( psa_get_key_attributes( wrapping_key, &attributes) );
+ key_type = psa_get_key_type( &attributes);
ciphertext_size =
- PSA_AEAD_ENCRYPT_OUTPUT_SIZE( WRAPPING_ALG, header.payload_size );
+ PSA_AEAD_ENCRYPT_OUTPUT_SIZE( key_type, WRAPPING_ALG, header.payload_size );
/* Check for integer overflow. */
if( ciphertext_size < header.payload_size )
{
diff --git a/programs/psa/psa_constant_names_generated.c b/programs/psa/psa_constant_names_generated.c
index 2175af9..dcbe87f 100644
--- a/programs/psa/psa_constant_names_generated.c
+++ b/programs/psa/psa_constant_names_generated.c
@@ -169,11 +169,11 @@
} else if (alg & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG) {
append(&buffer, buffer_size, &required_size,
"PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(", 43);
- length_modifier = PSA_AEAD_TAG_LENGTH(alg);
+ length_modifier = PSA_ALG_AEAD_GET_TAG_LENGTH(alg);
} else if (core_alg != alg) {
append(&buffer, buffer_size, &required_size,
"PSA_ALG_AEAD_WITH_SHORTENED_TAG(", 32);
- length_modifier = PSA_AEAD_TAG_LENGTH(alg);
+ length_modifier = PSA_ALG_AEAD_GET_TAG_LENGTH(alg);
}
} else if (PSA_ALG_IS_KEY_AGREEMENT(alg) &&
!PSA_ALG_IS_RAW_KEY_AGREEMENT(alg)) {
diff --git a/programs/test/query_config.c b/programs/test/query_config.c
index b9105f8..9760f62 100644
--- a/programs/test/query_config.c
+++ b/programs/test/query_config.c
@@ -1226,6 +1226,14 @@
}
#endif /* MBEDTLS_PKCS1_V21 */
+#if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
+ if( strcmp( "MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
+
#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
if( strcmp( "MBEDTLS_PSA_CRYPTO_CLIENT", config ) == 0 )
{
diff --git a/scripts/assemble_changelog.py b/scripts/assemble_changelog.py
index 39632aa..56d6c37 100755
--- a/scripts/assemble_changelog.py
+++ b/scripts/assemble_changelog.py
@@ -201,6 +201,8 @@
# a version that is not yet released. Something like "3.1a" is accepted.
_version_number_re = re.compile(br'[0-9]+\.[0-9A-Za-z.]+')
_incomplete_version_number_re = re.compile(br'.*\.[A-Za-z]')
+ _only_url_re = re.compile(br'^\s*\w+://\S+\s*$')
+ _has_url_re = re.compile(br'.*://.*')
def add_categories_from_text(self, filename, line_offset,
text, allow_unknown_category):
@@ -219,12 +221,18 @@
category.name.decode('utf8'))
body_split = category.body.splitlines()
+
for line_number, line in enumerate(body_split, 1):
- if len(line) > MAX_LINE_LENGTH:
+ if not self._only_url_re.match(line) and \
+ len(line) > MAX_LINE_LENGTH:
+ long_url_msg = '. URL exceeding length limit must be alone in its line.' \
+ if self._has_url_re.match(line) else ""
raise InputFormatError(filename,
category.body_line + line_number,
- 'Line is longer than allowed: Length {} (Max {})',
- len(line), MAX_LINE_LENGTH)
+ 'Line is longer than allowed: '
+ 'Length {} (Max {}){}',
+ len(line), MAX_LINE_LENGTH,
+ long_url_msg)
self.categories[category.name] += category.body
diff --git a/scripts/generate_psa_constants.py b/scripts/generate_psa_constants.py
index ff07ecd..71afd02 100755
--- a/scripts/generate_psa_constants.py
+++ b/scripts/generate_psa_constants.py
@@ -117,11 +117,11 @@
} else if (alg & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG) {
append(&buffer, buffer_size, &required_size,
"PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(", 43);
- length_modifier = PSA_AEAD_TAG_LENGTH(alg);
+ length_modifier = PSA_ALG_AEAD_GET_TAG_LENGTH(alg);
} else if (core_alg != alg) {
append(&buffer, buffer_size, &required_size,
"PSA_ALG_AEAD_WITH_SHORTENED_TAG(", 32);
- length_modifier = PSA_AEAD_TAG_LENGTH(alg);
+ length_modifier = PSA_ALG_AEAD_GET_TAG_LENGTH(alg);
}
} else if (PSA_ALG_IS_KEY_AGREEMENT(alg) &&
!PSA_ALG_IS_RAW_KEY_AGREEMENT(alg)) {
diff --git a/scripts/generate_visualc_files.pl b/scripts/generate_visualc_files.pl
index df5d66e..d11041c 100755
--- a/scripts/generate_visualc_files.pl
+++ b/scripts/generate_visualc_files.pl
@@ -40,6 +40,7 @@
my $test_source_dir = 'tests/src';
my $test_header_dir = 'tests/include/test';
my $test_drivers_header_dir = 'tests/include/test/drivers';
+my $test_drivers_source_dir = 'tests/src/drivers';
my @thirdparty_header_dirs = qw(
3rdparty/everest/include/everest
@@ -116,6 +117,7 @@
&& -d $psa_header_dir
&& -d $source_dir
&& -d $test_source_dir
+ && -d $test_drivers_source_dir
&& -d $test_header_dir
&& -d $test_drivers_header_dir
&& -d $programs_dir;
@@ -275,6 +277,7 @@
my @source_dirs = (
$source_dir,
$test_source_dir,
+ $test_drivers_source_dir,
@thirdparty_source_dirs,
);
my @sources = (map { <$_/*.c> } @source_dirs);
diff --git a/tests/include/test/drivers/aead.h b/tests/include/test/drivers/aead.h
new file mode 100644
index 0000000..1be8910
--- /dev/null
+++ b/tests/include/test/drivers/aead.h
@@ -0,0 +1,70 @@
+/*
+ * Test driver for AEAD driver entry points.
+ */
+/* Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef PSA_CRYPTO_TEST_DRIVERS_AEAD_H
+#define PSA_CRYPTO_TEST_DRIVERS_AEAD_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+#include <psa/crypto_driver_common.h>
+
+typedef struct {
+ /* If not PSA_SUCCESS, return this error code instead of processing the
+ * function call. */
+ psa_status_t forced_status;
+ /* Count the amount of times AEAD driver functions are called. */
+ unsigned long hits;
+ /* Status returned by the last AEAD driver function call. */
+ psa_status_t driver_status;
+} test_driver_aead_hooks_t;
+
+#define TEST_DRIVER_AEAD_INIT { 0, 0, 0 }
+static inline test_driver_aead_hooks_t test_driver_aead_hooks_init( void )
+{
+ const test_driver_aead_hooks_t v = TEST_DRIVER_AEAD_INIT;
+ return( v );
+}
+
+extern test_driver_aead_hooks_t test_driver_aead_hooks;
+
+psa_status_t test_transparent_aead_encrypt(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer, size_t key_buffer_size,
+ psa_algorithm_t alg,
+ const uint8_t *nonce, size_t nonce_length,
+ const uint8_t *additional_data, size_t additional_data_length,
+ const uint8_t *plaintext, size_t plaintext_length,
+ uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length );
+
+psa_status_t test_transparent_aead_decrypt(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer, size_t key_buffer_size,
+ psa_algorithm_t alg,
+ const uint8_t *nonce, size_t nonce_length,
+ const uint8_t *additional_data, size_t additional_data_length,
+ const uint8_t *ciphertext, size_t ciphertext_length,
+ uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length );
+
+#endif /* PSA_CRYPTO_DRIVER_TEST */
+#endif /* PSA_CRYPTO_TEST_DRIVERS_AEAD_H */
diff --git a/tests/include/test/drivers/key_management.h b/tests/include/test/drivers/key_management.h
index b30baa2..100fc18 100644
--- a/tests/include/test/drivers/key_management.h
+++ b/tests/include/test/drivers/key_management.h
@@ -29,6 +29,9 @@
#if defined(PSA_CRYPTO_DRIVER_TEST)
#include <psa/crypto_driver_common.h>
+#define PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT 0
+#define PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT 1
+
typedef struct {
/* If non-null, on success, copy this to the output. */
void *forced_output;
@@ -82,5 +85,10 @@
size_t *key_buffer_length,
size_t *bits);
+psa_status_t test_opaque_get_builtin_key(
+ psa_drv_slot_number_t slot_number,
+ psa_key_attributes_t *attributes,
+ uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length );
+
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_TEST_DRIVERS_KEY_MANAGEMENT_H */
diff --git a/tests/include/test/drivers/test_driver.h b/tests/include/test/drivers/test_driver.h
index f26b795..84d0caa 100644
--- a/tests/include/test/drivers/test_driver.h
+++ b/tests/include/test/drivers/test_driver.h
@@ -20,8 +20,9 @@
#ifndef PSA_CRYPTO_TEST_DRIVER_H
#define PSA_CRYPTO_TEST_DRIVER_H
-#define PSA_CRYPTO_TEST_DRIVER_LIFETIME 0x7fffff
+#define PSA_CRYPTO_TEST_DRIVER_LOCATION 0x7fffff
+#include "test/drivers/aead.h"
#include "test/drivers/signature.h"
#include "test/drivers/key_management.h"
#include "test/drivers/cipher.h"
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index f768e1e..a85c7ce 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -2267,6 +2267,7 @@
msg "build: MBEDTLS_PSA_CRYPTO_DRIVERS w/ driver hooks"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
+ scripts/config.py set MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST"
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_KEY_TYPE_AES"
diff --git a/tests/src/drivers/key_management.c b/tests/src/drivers/key_management.c
deleted file mode 100644
index 10a40c3..0000000
--- a/tests/src/drivers/key_management.c
+++ /dev/null
@@ -1,235 +0,0 @@
-/*
- * Test driver for generating and verifying keys.
- * Currently only supports generating and verifying ECC keys.
- */
-/* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST)
-#include "psa/crypto.h"
-#include "psa_crypto_core.h"
-#include "psa_crypto_ecp.h"
-#include "psa_crypto_rsa.h"
-#include "mbedtls/ecp.h"
-#include "mbedtls/error.h"
-
-#include "test/drivers/key_management.h"
-
-#include "test/random.h"
-
-#include <string.h>
-
-test_driver_key_management_hooks_t test_driver_key_management_hooks =
- TEST_DRIVER_KEY_MANAGEMENT_INIT;
-
-psa_status_t test_transparent_generate_key(
- const psa_key_attributes_t *attributes,
- uint8_t *key, size_t key_size, size_t *key_length )
-{
- ++test_driver_key_management_hooks.hits;
-
- if( test_driver_key_management_hooks.forced_status != PSA_SUCCESS )
- return( test_driver_key_management_hooks.forced_status );
-
- if( test_driver_key_management_hooks.forced_output != NULL )
- {
- if( test_driver_key_management_hooks.forced_output_length > key_size )
- return( PSA_ERROR_BUFFER_TOO_SMALL );
- memcpy( key, test_driver_key_management_hooks.forced_output,
- test_driver_key_management_hooks.forced_output_length );
- *key_length = test_driver_key_management_hooks.forced_output_length;
- return( PSA_SUCCESS );
- }
-
- /* Copied from psa_crypto.c */
-#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR)
- if ( PSA_KEY_TYPE_IS_ECC( psa_get_key_type( attributes ) )
- && PSA_KEY_TYPE_IS_KEY_PAIR( psa_get_key_type( attributes ) ) )
- {
- return( mbedtls_transparent_test_driver_ecp_generate_key(
- attributes, key, key_size, key_length ) );
- }
- else
-#endif /* defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) */
-
-#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR)
- if ( psa_get_key_type( attributes ) == PSA_KEY_TYPE_RSA_KEY_PAIR )
- return( mbedtls_transparent_test_driver_rsa_generate_key(
- attributes, key, key_size, key_length ) );
- else
-#endif /* defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) */
- {
- (void)attributes;
- return( PSA_ERROR_NOT_SUPPORTED );
- }
-}
-
-psa_status_t test_opaque_generate_key(
- const psa_key_attributes_t *attributes,
- uint8_t *key, size_t key_size, size_t *key_length )
-{
- (void) attributes;
- (void) key;
- (void) key_size;
- (void) key_length;
- return( PSA_ERROR_NOT_SUPPORTED );
-}
-
-psa_status_t test_transparent_import_key(
- const psa_key_attributes_t *attributes,
- const uint8_t *data,
- size_t data_length,
- uint8_t *key_buffer,
- size_t key_buffer_size,
- size_t *key_buffer_length,
- size_t *bits)
-{
- ++test_driver_key_management_hooks.hits;
-
- if( test_driver_key_management_hooks.forced_status != PSA_SUCCESS )
- return( test_driver_key_management_hooks.forced_status );
-
- psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
- psa_key_type_t type = psa_get_key_type( attributes );
-
-#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \
- defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY)
- if( PSA_KEY_TYPE_IS_ECC( type ) )
- {
- status = mbedtls_transparent_test_driver_ecp_import_key(
- attributes,
- data, data_length,
- key_buffer, key_buffer_size,
- key_buffer_length, bits );
- }
- else
-#endif
-#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \
- defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY)
- if( PSA_KEY_TYPE_IS_RSA( type ) )
- {
- status = mbedtls_transparent_test_driver_rsa_import_key(
- attributes,
- data, data_length,
- key_buffer, key_buffer_size,
- key_buffer_length, bits );
- }
- else
-#endif
- {
- status = PSA_ERROR_NOT_SUPPORTED;
- (void)data;
- (void)data_length;
- (void)key_buffer;
- (void)key_buffer_size;
- (void)key_buffer_length;
- (void)bits;
- (void)type;
- }
-
- return( status );
-}
-
-psa_status_t test_opaque_export_key(
- const psa_key_attributes_t *attributes,
- const uint8_t *key, size_t key_length,
- uint8_t *data, size_t data_size, size_t *data_length )
-{
- (void) attributes;
- (void) key;
- (void) key_length;
- (void) data;
- (void) data_size;
- (void) data_length;
- return( PSA_ERROR_NOT_SUPPORTED );
-}
-
-psa_status_t test_transparent_export_public_key(
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer, size_t key_buffer_size,
- uint8_t *data, size_t data_size, size_t *data_length )
-{
- ++test_driver_key_management_hooks.hits;
-
- if( test_driver_key_management_hooks.forced_status != PSA_SUCCESS )
- return( test_driver_key_management_hooks.forced_status );
-
- if( test_driver_key_management_hooks.forced_output != NULL )
- {
- if( test_driver_key_management_hooks.forced_output_length > data_size )
- return( PSA_ERROR_BUFFER_TOO_SMALL );
- memcpy( data, test_driver_key_management_hooks.forced_output,
- test_driver_key_management_hooks.forced_output_length );
- *data_length = test_driver_key_management_hooks.forced_output_length;
- return( PSA_SUCCESS );
- }
-
- psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
- psa_key_type_t key_type = psa_get_key_type( attributes );
-
-#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \
- defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY)
- if( PSA_KEY_TYPE_IS_ECC( key_type ) )
- {
- status = mbedtls_transparent_test_driver_ecp_export_public_key(
- attributes,
- key_buffer, key_buffer_size,
- data, data_size, data_length );
- }
- else
-#endif
-#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \
- defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY)
- if( PSA_KEY_TYPE_IS_RSA( key_type ) )
- {
- status = mbedtls_transparent_test_driver_rsa_export_public_key(
- attributes,
- key_buffer, key_buffer_size,
- data, data_size, data_length );
- }
- else
-#endif
- {
- status = PSA_ERROR_NOT_SUPPORTED;
- (void)key_buffer;
- (void)key_buffer_size;
- (void)key_type;
- }
-
- return( status );
-}
-
-psa_status_t test_opaque_export_public_key(
- const psa_key_attributes_t *attributes,
- const uint8_t *key, size_t key_length,
- uint8_t *data, size_t data_size, size_t *data_length )
-{
- (void) attributes;
- (void) key;
- (void) key_length;
- (void) data;
- (void) data_size;
- (void) data_length;
- return( PSA_ERROR_NOT_SUPPORTED );
-}
-
-#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */
diff --git a/tests/src/drivers/platform_builtin_keys.c b/tests/src/drivers/platform_builtin_keys.c
new file mode 100644
index 0000000..759fa78
--- /dev/null
+++ b/tests/src/drivers/platform_builtin_keys.c
@@ -0,0 +1,91 @@
+/** \file platform_builtin_keys.c
+ *
+ * \brief Test driver implementation of the builtin key support
+ */
+
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <psa/crypto.h>
+#include <psa/crypto_extra.h>
+
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+#include <test/drivers/test_driver.h>
+#endif
+
+typedef struct
+{
+ psa_key_id_t builtin_key_id;
+ psa_key_lifetime_t lifetime;
+ psa_drv_slot_number_t slot_number;
+} mbedtls_psa_builtin_key_description_t;
+
+static const mbedtls_psa_builtin_key_description_t builtin_keys[] = {
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+ /* For testing, assign the AES builtin key slot to the boundary values.
+ * ECDSA can be exercised on key ID MBEDTLS_PSA_KEY_ID_BUILTIN_MIN + 1. */
+ { MBEDTLS_PSA_KEY_ID_BUILTIN_MIN - 1,
+ PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
+ PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LOCATION ),
+ PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT },
+ { MBEDTLS_PSA_KEY_ID_BUILTIN_MIN,
+ PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
+ PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LOCATION ),
+ PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT },
+ { MBEDTLS_PSA_KEY_ID_BUILTIN_MIN + 1,
+ PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
+ PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LOCATION ),
+ PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT},
+ { MBEDTLS_PSA_KEY_ID_BUILTIN_MAX - 1,
+ PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
+ PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LOCATION ),
+ PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT},
+ { MBEDTLS_PSA_KEY_ID_BUILTIN_MAX,
+ PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
+ PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LOCATION ),
+ PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT},
+ { MBEDTLS_PSA_KEY_ID_BUILTIN_MAX + 1,
+ PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
+ PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LOCATION ),
+ PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT},
+#else
+ {0, 0, 0}
+#endif
+};
+
+psa_status_t mbedtls_psa_platform_get_builtin_key(
+ mbedtls_svc_key_id_t key_id,
+ psa_key_lifetime_t *lifetime,
+ psa_drv_slot_number_t *slot_number )
+{
+ psa_key_id_t app_key_id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID( key_id );
+ const mbedtls_psa_builtin_key_description_t *builtin_key;
+
+ for( size_t i = 0;
+ i < ( sizeof( builtin_keys ) / sizeof( builtin_keys[0] ) ); i++ )
+ {
+ builtin_key = &builtin_keys[i];
+ if( builtin_key->builtin_key_id == app_key_id )
+ {
+ *lifetime = builtin_key->lifetime;
+ *slot_number = builtin_key->slot_number;
+ return( PSA_SUCCESS );
+ }
+ }
+
+ return( PSA_ERROR_DOES_NOT_EXIST );
+}
diff --git a/tests/src/drivers/test_driver_aead.c b/tests/src/drivers/test_driver_aead.c
new file mode 100644
index 0000000..c877525
--- /dev/null
+++ b/tests/src/drivers/test_driver_aead.c
@@ -0,0 +1,95 @@
+/*
+ * Test driver for AEAD entry points.
+ */
+/* Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST)
+#include "psa_crypto_aead.h"
+
+#include "test/drivers/aead.h"
+
+test_driver_aead_hooks_t test_driver_aead_hooks = TEST_DRIVER_AEAD_INIT;
+
+psa_status_t test_transparent_aead_encrypt(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer, size_t key_buffer_size,
+ psa_algorithm_t alg,
+ const uint8_t *nonce, size_t nonce_length,
+ const uint8_t *additional_data, size_t additional_data_length,
+ const uint8_t *plaintext, size_t plaintext_length,
+ uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length )
+{
+ test_driver_aead_hooks.hits++;
+
+ if( test_driver_aead_hooks.forced_status != PSA_SUCCESS )
+ {
+ test_driver_aead_hooks.driver_status =
+ test_driver_aead_hooks.forced_status;
+ }
+ else
+ {
+ test_driver_aead_hooks.driver_status =
+ mbedtls_psa_aead_encrypt(
+ attributes, key_buffer, key_buffer_size,
+ alg,
+ nonce, nonce_length,
+ additional_data, additional_data_length,
+ plaintext, plaintext_length,
+ ciphertext, ciphertext_size, ciphertext_length );
+ }
+
+ return( test_driver_aead_hooks.driver_status );
+}
+
+psa_status_t test_transparent_aead_decrypt(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer, size_t key_buffer_size,
+ psa_algorithm_t alg,
+ const uint8_t *nonce, size_t nonce_length,
+ const uint8_t *additional_data, size_t additional_data_length,
+ const uint8_t *ciphertext, size_t ciphertext_length,
+ uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length )
+{
+ test_driver_aead_hooks.hits++;
+
+ if( test_driver_aead_hooks.forced_status != PSA_SUCCESS )
+ {
+ test_driver_aead_hooks.driver_status =
+ test_driver_aead_hooks.forced_status;
+ }
+ else
+ {
+ test_driver_aead_hooks.driver_status =
+ mbedtls_psa_aead_decrypt(
+ attributes, key_buffer, key_buffer_size,
+ alg,
+ nonce, nonce_length,
+ additional_data, additional_data_length,
+ ciphertext, ciphertext_length,
+ plaintext, plaintext_size, plaintext_length );
+ }
+
+ return( test_driver_aead_hooks.driver_status );
+}
+
+#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */
diff --git a/tests/src/drivers/cipher.c b/tests/src/drivers/test_driver_cipher.c
similarity index 100%
rename from tests/src/drivers/cipher.c
rename to tests/src/drivers/test_driver_cipher.c
diff --git a/tests/src/drivers/test_driver_key_management.c b/tests/src/drivers/test_driver_key_management.c
new file mode 100644
index 0000000..a0626fb
--- /dev/null
+++ b/tests/src/drivers/test_driver_key_management.c
@@ -0,0 +1,390 @@
+/*
+ * Test driver for generating and verifying keys.
+ * Currently only supports generating and verifying ECC keys.
+ */
+/* Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST)
+#include "psa/crypto.h"
+#include "psa_crypto_core.h"
+#include "psa_crypto_ecp.h"
+#include "psa_crypto_rsa.h"
+#include "mbedtls/ecp.h"
+#include "mbedtls/error.h"
+
+#include "test/drivers/key_management.h"
+
+#include "test/random.h"
+
+#include <string.h>
+
+test_driver_key_management_hooks_t test_driver_key_management_hooks =
+ TEST_DRIVER_KEY_MANAGEMENT_INIT;
+
+const uint8_t test_driver_aes_key[16] =
+ { 0x36, 0x77, 0x39, 0x7A, 0x24, 0x43, 0x26, 0x46,
+ 0x29, 0x4A, 0x40, 0x4E, 0x63, 0x52, 0x66, 0x55 };
+const uint8_t test_driver_ecdsa_key[32] =
+ { 0xdc, 0x7d, 0x9d, 0x26, 0xd6, 0x7a, 0x4f, 0x63,
+ 0x2c, 0x34, 0xc2, 0xdc, 0x0b, 0x69, 0x86, 0x18,
+ 0x38, 0x82, 0xc2, 0x06, 0xdf, 0x04, 0xcd, 0xb7,
+ 0xd6, 0x9a, 0xab, 0xe2, 0x8b, 0xe4, 0xf8, 0x1a };
+const uint8_t test_driver_ecdsa_pubkey[65] =
+ { 0x04,
+ 0x85, 0xf6, 0x4d, 0x89, 0xf0, 0x0b, 0xe6, 0x6c,
+ 0x88, 0xdd, 0x93, 0x7e, 0xfd, 0x6d, 0x7c, 0x44,
+ 0x56, 0x48, 0xdc, 0xb7, 0x01, 0x15, 0x0b, 0x8a,
+ 0x95, 0x09, 0x29, 0x58, 0x50, 0xf4, 0x1c, 0x19,
+ 0x31, 0xe5, 0x71, 0xfb, 0x8f, 0x8c, 0x78, 0x31,
+ 0x7a, 0x20, 0xb3, 0x80, 0xe8, 0x66, 0x58, 0x4b,
+ 0xbc, 0x25, 0x16, 0xc3, 0xd2, 0x70, 0x2d, 0x79,
+ 0x2f, 0x13, 0x1a, 0x92, 0x20, 0x95, 0xfd, 0x6c };
+
+psa_status_t test_transparent_generate_key(
+ const psa_key_attributes_t *attributes,
+ uint8_t *key, size_t key_size, size_t *key_length )
+{
+ ++test_driver_key_management_hooks.hits;
+
+ if( test_driver_key_management_hooks.forced_status != PSA_SUCCESS )
+ return( test_driver_key_management_hooks.forced_status );
+
+ if( test_driver_key_management_hooks.forced_output != NULL )
+ {
+ if( test_driver_key_management_hooks.forced_output_length > key_size )
+ return( PSA_ERROR_BUFFER_TOO_SMALL );
+ memcpy( key, test_driver_key_management_hooks.forced_output,
+ test_driver_key_management_hooks.forced_output_length );
+ *key_length = test_driver_key_management_hooks.forced_output_length;
+ return( PSA_SUCCESS );
+ }
+
+ /* Copied from psa_crypto.c */
+#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR)
+ if ( PSA_KEY_TYPE_IS_ECC( psa_get_key_type( attributes ) )
+ && PSA_KEY_TYPE_IS_KEY_PAIR( psa_get_key_type( attributes ) ) )
+ {
+ return( mbedtls_transparent_test_driver_ecp_generate_key(
+ attributes, key, key_size, key_length ) );
+ }
+ else
+#endif /* defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) */
+
+#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR)
+ if ( psa_get_key_type( attributes ) == PSA_KEY_TYPE_RSA_KEY_PAIR )
+ return( mbedtls_transparent_test_driver_rsa_generate_key(
+ attributes, key, key_size, key_length ) );
+ else
+#endif /* defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) */
+ {
+ (void)attributes;
+ return( PSA_ERROR_NOT_SUPPORTED );
+ }
+}
+
+psa_status_t test_opaque_generate_key(
+ const psa_key_attributes_t *attributes,
+ uint8_t *key, size_t key_size, size_t *key_length )
+{
+ (void) attributes;
+ (void) key;
+ (void) key_size;
+ (void) key_length;
+ return( PSA_ERROR_NOT_SUPPORTED );
+}
+
+psa_status_t test_transparent_import_key(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *data,
+ size_t data_length,
+ uint8_t *key_buffer,
+ size_t key_buffer_size,
+ size_t *key_buffer_length,
+ size_t *bits)
+{
+ ++test_driver_key_management_hooks.hits;
+
+ if( test_driver_key_management_hooks.forced_status != PSA_SUCCESS )
+ return( test_driver_key_management_hooks.forced_status );
+
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_type_t type = psa_get_key_type( attributes );
+
+#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \
+ defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY)
+ if( PSA_KEY_TYPE_IS_ECC( type ) )
+ {
+ status = mbedtls_transparent_test_driver_ecp_import_key(
+ attributes,
+ data, data_length,
+ key_buffer, key_buffer_size,
+ key_buffer_length, bits );
+ }
+ else
+#endif
+#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \
+ defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY)
+ if( PSA_KEY_TYPE_IS_RSA( type ) )
+ {
+ status = mbedtls_transparent_test_driver_rsa_import_key(
+ attributes,
+ data, data_length,
+ key_buffer, key_buffer_size,
+ key_buffer_length, bits );
+ }
+ else
+#endif
+ {
+ status = PSA_ERROR_NOT_SUPPORTED;
+ (void)data;
+ (void)data_length;
+ (void)key_buffer;
+ (void)key_buffer_size;
+ (void)key_buffer_length;
+ (void)bits;
+ (void)type;
+ }
+
+ return( status );
+}
+
+psa_status_t test_opaque_export_key(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key, size_t key_length,
+ uint8_t *data, size_t data_size, size_t *data_length )
+{
+ if( key_length != sizeof( psa_drv_slot_number_t ) )
+ {
+ /* Test driver does not support generic opaque key handling yet. */
+ return( PSA_ERROR_NOT_SUPPORTED );
+ }
+
+ /* Assume this is a builtin key based on the key material length. */
+ psa_drv_slot_number_t slot_number = *( ( psa_drv_slot_number_t* ) key );
+
+ switch( slot_number )
+ {
+ case PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT:
+ /* This is the ECDSA slot. Verify the key's attributes before
+ * returning the private key. */
+ if( psa_get_key_type( attributes ) !=
+ PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ) )
+ return( PSA_ERROR_CORRUPTION_DETECTED );
+ if( psa_get_key_bits( attributes ) != 256 )
+ return( PSA_ERROR_CORRUPTION_DETECTED );
+ if( psa_get_key_algorithm( attributes ) !=
+ PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ) )
+ return( PSA_ERROR_CORRUPTION_DETECTED );
+ if( ( psa_get_key_usage_flags( attributes ) &
+ PSA_KEY_USAGE_EXPORT ) == 0 )
+ return( PSA_ERROR_CORRUPTION_DETECTED );
+
+ if( data_size < sizeof( test_driver_ecdsa_key ) )
+ return( PSA_ERROR_BUFFER_TOO_SMALL );
+
+ memcpy( data, test_driver_ecdsa_key,
+ sizeof( test_driver_ecdsa_key ) );
+ *data_length = sizeof( test_driver_ecdsa_key );
+ return( PSA_SUCCESS );
+
+ case PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT:
+ /* This is the AES slot. Verify the key's attributes before
+ * returning the key. */
+ if( psa_get_key_type( attributes ) != PSA_KEY_TYPE_AES )
+ return( PSA_ERROR_CORRUPTION_DETECTED );
+ if( psa_get_key_bits( attributes ) != 128 )
+ return( PSA_ERROR_CORRUPTION_DETECTED );
+ if( psa_get_key_algorithm( attributes ) != PSA_ALG_CTR )
+ return( PSA_ERROR_CORRUPTION_DETECTED );
+ if( ( psa_get_key_usage_flags( attributes ) &
+ PSA_KEY_USAGE_EXPORT ) == 0 )
+ return( PSA_ERROR_CORRUPTION_DETECTED );
+
+ if( data_size < sizeof( test_driver_aes_key ) )
+ return( PSA_ERROR_BUFFER_TOO_SMALL );
+
+ memcpy( data, test_driver_aes_key,
+ sizeof( test_driver_aes_key ) );
+ *data_length = sizeof( test_driver_aes_key );
+ return( PSA_SUCCESS );
+
+ default:
+ return( PSA_ERROR_DOES_NOT_EXIST );
+ }
+}
+
+psa_status_t test_transparent_export_public_key(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer, size_t key_buffer_size,
+ uint8_t *data, size_t data_size, size_t *data_length )
+{
+ ++test_driver_key_management_hooks.hits;
+
+ if( test_driver_key_management_hooks.forced_status != PSA_SUCCESS )
+ return( test_driver_key_management_hooks.forced_status );
+
+ if( test_driver_key_management_hooks.forced_output != NULL )
+ {
+ if( test_driver_key_management_hooks.forced_output_length > data_size )
+ return( PSA_ERROR_BUFFER_TOO_SMALL );
+ memcpy( data, test_driver_key_management_hooks.forced_output,
+ test_driver_key_management_hooks.forced_output_length );
+ *data_length = test_driver_key_management_hooks.forced_output_length;
+ return( PSA_SUCCESS );
+ }
+
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_type_t key_type = psa_get_key_type( attributes );
+
+#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \
+ defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY)
+ if( PSA_KEY_TYPE_IS_ECC( key_type ) )
+ {
+ status = mbedtls_transparent_test_driver_ecp_export_public_key(
+ attributes,
+ key_buffer, key_buffer_size,
+ data, data_size, data_length );
+ }
+ else
+#endif
+#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \
+ defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY)
+ if( PSA_KEY_TYPE_IS_RSA( key_type ) )
+ {
+ status = mbedtls_transparent_test_driver_rsa_export_public_key(
+ attributes,
+ key_buffer, key_buffer_size,
+ data, data_size, data_length );
+ }
+ else
+#endif
+ {
+ status = PSA_ERROR_NOT_SUPPORTED;
+ (void)key_buffer;
+ (void)key_buffer_size;
+ (void)key_type;
+ }
+
+ return( status );
+}
+
+psa_status_t test_opaque_export_public_key(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key, size_t key_length,
+ uint8_t *data, size_t data_size, size_t *data_length )
+{
+ if( key_length != sizeof( psa_drv_slot_number_t ) )
+ {
+ /* Test driver does not support generic opaque key handling yet. */
+ return( PSA_ERROR_NOT_SUPPORTED );
+ }
+
+ /* Assume this is a builtin key based on the key material length. */
+ psa_drv_slot_number_t slot_number = *( ( psa_drv_slot_number_t* ) key );
+ switch( slot_number )
+ {
+ case PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT:
+ /* This is the ECDSA slot. Verify the key's attributes before
+ * returning the public key. */
+ if( psa_get_key_type( attributes ) !=
+ PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ) )
+ return( PSA_ERROR_CORRUPTION_DETECTED );
+ if( psa_get_key_bits( attributes ) != 256 )
+ return( PSA_ERROR_CORRUPTION_DETECTED );
+ if( psa_get_key_algorithm( attributes ) !=
+ PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ) )
+ return( PSA_ERROR_CORRUPTION_DETECTED );
+
+ if( data_size < sizeof( test_driver_ecdsa_pubkey ) )
+ return( PSA_ERROR_BUFFER_TOO_SMALL );
+
+ memcpy( data, test_driver_ecdsa_pubkey,
+ sizeof( test_driver_ecdsa_pubkey ) );
+ *data_length = sizeof( test_driver_ecdsa_pubkey );
+ return( PSA_SUCCESS );
+
+ default:
+ return( PSA_ERROR_DOES_NOT_EXIST );
+ }
+}
+
+/* The opaque test driver exposes two built-in keys when builtin key support is
+ * compiled in.
+ * The key in slot #PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT is an AES-128
+ * key which allows CTR mode.
+ * The key in slot #PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT is a secp256r1
+ * private key which allows ECDSA sign & verify.
+ * The key buffer format for these is the raw format of psa_drv_slot_number_t
+ * (i.e. for an actual driver this would mean 'builtin_key_size' =
+ * sizeof(psa_drv_slot_number_t)).
+ */
+psa_status_t test_opaque_get_builtin_key(
+ psa_drv_slot_number_t slot_number,
+ psa_key_attributes_t *attributes,
+ uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
+{
+ switch( slot_number )
+ {
+ case PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT:
+ psa_set_key_type( attributes, PSA_KEY_TYPE_AES );
+ psa_set_key_bits( attributes, 128 );
+ psa_set_key_usage_flags(
+ attributes,
+ PSA_KEY_USAGE_ENCRYPT |
+ PSA_KEY_USAGE_DECRYPT |
+ PSA_KEY_USAGE_EXPORT );
+ psa_set_key_algorithm( attributes, PSA_ALG_CTR );
+
+ if( key_buffer_size < sizeof( psa_drv_slot_number_t ) )
+ return( PSA_ERROR_BUFFER_TOO_SMALL );
+
+ *( (psa_drv_slot_number_t*) key_buffer ) =
+ PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT;
+ *key_buffer_length = sizeof( psa_drv_slot_number_t );
+ return( PSA_SUCCESS );
+ case PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT:
+ psa_set_key_type(
+ attributes,
+ PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ) );
+ psa_set_key_bits( attributes, 256 );
+ psa_set_key_usage_flags(
+ attributes,
+ PSA_KEY_USAGE_SIGN_HASH |
+ PSA_KEY_USAGE_VERIFY_HASH |
+ PSA_KEY_USAGE_EXPORT );
+ psa_set_key_algorithm(
+ attributes, PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ) );
+
+ if( key_buffer_size < sizeof( psa_drv_slot_number_t ) )
+ return( PSA_ERROR_BUFFER_TOO_SMALL );
+
+ *( (psa_drv_slot_number_t*) key_buffer ) =
+ PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT;
+ *key_buffer_length = sizeof( psa_drv_slot_number_t );
+ return( PSA_SUCCESS );
+ default:
+ return( PSA_ERROR_DOES_NOT_EXIST );
+ }
+}
+
+#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */
diff --git a/tests/src/drivers/signature.c b/tests/src/drivers/test_driver_signature.c
similarity index 100%
rename from tests/src/drivers/signature.c
rename to tests/src/drivers/test_driver_signature.c
diff --git a/tests/src/drivers/size.c b/tests/src/drivers/test_driver_size.c
similarity index 100%
rename from tests/src/drivers/size.c
rename to tests/src/drivers/test_driver_size.c
diff --git a/tests/suites/test_suite_ecdsa.data b/tests/suites/test_suite_ecdsa.data
index 889f684..755a43c 100644
--- a/tests/suites/test_suite_ecdsa.data
+++ b/tests/suites/test_suite_ecdsa.data
@@ -1,6 +1,26 @@
ECDSA Parameter validation
ecdsa_invalid_param:
+ECDSA primitive hash zero #1
+depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+ecdsa_prim_zero:MBEDTLS_ECP_DP_SECP192R1
+
+ECDSA primitive hash zero #2
+depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED
+ecdsa_prim_zero:MBEDTLS_ECP_DP_SECP224R1
+
+ECDSA primitive hash zero #3
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ecdsa_prim_zero:MBEDTLS_ECP_DP_SECP256R1
+
+ECDSA primitive hash zero #4
+depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+ecdsa_prim_zero:MBEDTLS_ECP_DP_SECP384R1
+
+ECDSA primitive hash zero #5
+depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED
+ecdsa_prim_zero:MBEDTLS_ECP_DP_SECP521R1
+
ECDSA primitive random #1
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
ecdsa_prim_random:MBEDTLS_ECP_DP_SECP192R1
@@ -33,6 +53,26 @@
depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED
ecdsa_prim_test_vectors:MBEDTLS_ECP_DP_SECP521R1:"0065FDA3409451DCAB0A0EAD45495112A3D813C17BFD34BDF8C1209D7DF5849120597779060A7FF9D704ADF78B570FFAD6F062E95C7E0C5D5481C5B153B48B375FA1":"0151518F1AF0F563517EDD5485190DF95A4BF57B5CBA4CF2A9A3F6474725A35F7AFE0A6DDEB8BEDBCD6A197E592D40188901CECD650699C9B5E456AEA5ADD19052A8":"006F3B142EA1BFFF7E2837AD44C9E4FF6D2D34C73184BBAD90026DD5E6E85317D9DF45CAD7803C6C20035B2F3FF63AFF4E1BA64D1C077577DA3F4286C58F0AEAE643":"00C1C2B305419F5A41344D7E4359933D734096F556197A9B244342B8B62F46F9373778F9DE6B6497B1EF825FF24F42F9B4A4BD7382CFC3378A540B1B7F0C1B956C2F":"DDAF35A193617ABACC417349AE20413112E6FA4E89A97EA20A9EEEE64B55D39A2192992A274FC1A836BA3C23A3FEEBBD454D4423643CE80E2A9AC94FA54CA49F":"0154FD3836AF92D0DCA57DD5341D3053988534FDE8318FC6AAAAB68E2E6F4339B19F2F281A7E0B22C269D93CF8794A9278880ED7DBB8D9362CAEACEE544320552251":"017705A7030290D1CEB605A9A1BB03FF9CDD521E87A696EC926C8C10C8362DF4975367101F67D1CF9BCCBF2F3D239534FA509E70AAC851AE01AAC68D62F866472660":0
+ECDSA write-read hash zero #1
+depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+ecdsa_write_read_zero:MBEDTLS_ECP_DP_SECP192R1
+
+ECDSA write-read hash zero #2
+depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED
+ecdsa_write_read_zero:MBEDTLS_ECP_DP_SECP224R1
+
+ECDSA write-read hash zero #3
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ecdsa_write_read_zero:MBEDTLS_ECP_DP_SECP256R1
+
+ECDSA write-read hash zero #4
+depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+ecdsa_write_read_zero:MBEDTLS_ECP_DP_SECP384R1
+
+ECDSA write-read hash zero #5
+depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED
+ecdsa_write_read_zero:MBEDTLS_ECP_DP_SECP521R1
+
ECDSA write-read random #1
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
ecdsa_write_read_random:MBEDTLS_ECP_DP_SECP192R1
diff --git a/tests/suites/test_suite_ecdsa.function b/tests/suites/test_suite_ecdsa.function
index e6da884..8157234 100644
--- a/tests/suites/test_suite_ecdsa.function
+++ b/tests/suites/test_suite_ecdsa.function
@@ -205,6 +205,38 @@
/* END_CASE */
/* BEGIN_CASE */
+void ecdsa_prim_zero( int id )
+{
+ mbedtls_ecp_group grp;
+ mbedtls_ecp_point Q;
+ mbedtls_mpi d, r, s;
+ mbedtls_test_rnd_pseudo_info rnd_info;
+ unsigned char buf[MBEDTLS_MD_MAX_SIZE];
+
+ mbedtls_ecp_group_init( &grp );
+ mbedtls_ecp_point_init( &Q );
+ mbedtls_mpi_init( &d ); mbedtls_mpi_init( &r ); mbedtls_mpi_init( &s );
+ memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) );
+ memset( buf, 0, sizeof( buf ) );
+
+ TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
+ TEST_ASSERT( mbedtls_ecp_gen_keypair( &grp, &d, &Q,
+ &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info ) == 0 );
+
+ TEST_ASSERT( mbedtls_ecdsa_sign( &grp, &r, &s, &d, buf, sizeof( buf ),
+ &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info ) == 0 );
+ TEST_ASSERT( mbedtls_ecdsa_verify( &grp, buf, sizeof( buf ), &Q, &r, &s ) == 0 );
+
+exit:
+ mbedtls_ecp_group_free( &grp );
+ mbedtls_ecp_point_free( &Q );
+ mbedtls_mpi_free( &d ); mbedtls_mpi_free( &r ); mbedtls_mpi_free( &s );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
void ecdsa_prim_random( int id )
{
mbedtls_ecp_group grp;
@@ -347,6 +379,66 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */
+void ecdsa_write_read_zero( int id )
+{
+ mbedtls_ecdsa_context ctx;
+ mbedtls_test_rnd_pseudo_info rnd_info;
+ unsigned char hash[32];
+ unsigned char sig[200];
+ size_t sig_len, i;
+
+ mbedtls_ecdsa_init( &ctx );
+ memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) );
+ memset( hash, 0, sizeof( hash ) );
+ memset( sig, 0x2a, sizeof( sig ) );
+
+ /* generate signing key */
+ TEST_ASSERT( mbedtls_ecdsa_genkey( &ctx, id,
+ &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info ) == 0 );
+
+ /* generate and write signature, then read and verify it */
+ TEST_ASSERT( mbedtls_ecdsa_write_signature( &ctx, MBEDTLS_MD_SHA256,
+ hash, sizeof( hash ),
+ sig, &sig_len, &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info ) == 0 );
+ TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
+ sig, sig_len ) == 0 );
+
+ /* check we didn't write past the announced length */
+ for( i = sig_len; i < sizeof( sig ); i++ )
+ TEST_ASSERT( sig[i] == 0x2a );
+
+ /* try verification with invalid length */
+ TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
+ sig, sig_len - 1 ) != 0 );
+ TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
+ sig, sig_len + 1 ) != 0 );
+
+ /* try invalid sequence tag */
+ sig[0]++;
+ TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
+ sig, sig_len ) != 0 );
+ sig[0]--;
+
+ /* try modifying r */
+ sig[10]++;
+ TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
+ sig, sig_len ) == MBEDTLS_ERR_ECP_VERIFY_FAILED );
+ sig[10]--;
+
+ /* try modifying s */
+ sig[sig_len - 1]++;
+ TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
+ sig, sig_len ) == MBEDTLS_ERR_ECP_VERIFY_FAILED );
+ sig[sig_len - 1]--;
+
+exit:
+ mbedtls_ecdsa_free( &ctx );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */
void ecdsa_write_read_random( int id )
{
mbedtls_ecdsa_context ctx;
diff --git a/tests/suites/test_suite_ecjpake.data b/tests/suites/test_suite_ecjpake.data
index ffa59e5..fe14f88 100644
--- a/tests/suites/test_suite_ecjpake.data
+++ b/tests/suites/test_suite_ecjpake.data
@@ -56,7 +56,7 @@
read_round_one:MBEDTLS_ECJPAKE_CLIENT:"41047ea6e3a4487037a9e0dbd79262b2cc273e779930fc18409ac5361c5fe669d702e147790aeb4ce7fd6575ab0f6c7fd1c335939aa863ba37ec91b7e32bb013bb2b410409f85b3d20ebd7885ce464c08d056d6428fe4dd9287aa365f131f4360ff386d846898bc4b41583c2a5197f65d78742746c12a5ec0a4ffe2f270a750a1d8fb516":MBEDTLS_ERR_ECP_BAD_INPUT_DATA
ECJPAKE round one: KKP1: zero-length r
-read_round_one:MBEDTLS_ECJPAKE_CLIENT:"41047ea6e3a4487037a9e0dbd79262b2cc273e779930fc18409ac5361c5fe669d702e147790aeb4ce7fd6575ab0f6c7fd1c335939aa863ba37ec91b7e32bb013bb2b410409f85b3d20ebd7885ce464c08d056d6428fe4dd9287aa365f131f4360ff386d846898bc4b41583c2a5197f65d78742746c12a5ec0a4ffe2f270a750a1d8fb51600":MBEDTLS_ERR_ECP_INVALID_KEY
+read_round_one:MBEDTLS_ECJPAKE_CLIENT:"41047ea6e3a4487037a9e0dbd79262b2cc273e779930fc18409ac5361c5fe669d702e147790aeb4ce7fd6575ab0f6c7fd1c335939aa863ba37ec91b7e32bb013bb2b410409f85b3d20ebd7885ce464c08d056d6428fe4dd9287aa365f131f4360ff386d846898bc4b41583c2a5197f65d78742746c12a5ec0a4ffe2f270a750a1d8fb51600":MBEDTLS_ERR_ECP_BAD_INPUT_DATA
ECJPAKE round one: KKP1: no data for r
read_round_one:MBEDTLS_ECJPAKE_CLIENT:"41047ea6e3a4487037a9e0dbd79262b2cc273e779930fc18409ac5361c5fe669d702e147790aeb4ce7fd6575ab0f6c7fd1c335939aa863ba37ec91b7e32bb013bb2b410409f85b3d20ebd7885ce464c08d056d6428fe4dd9287aa365f131f4360ff386d846898bc4b41583c2a5197f65d78742746c12a5ec0a4ffe2f270a750a1d8fb51601":MBEDTLS_ERR_ECP_BAD_INPUT_DATA
@@ -104,7 +104,7 @@
read_round_one:MBEDTLS_ECJPAKE_CLIENT:"4104190a07700ffa4be6ae1d79ee0f06aeb544cd5addaabedf70f8623321332c54f355f0fbfec783ed359e5d0bf7377a0fc4ea7ace473c9c112b41ccd41ac56a56124104360a1cea33fce641156458e0a4eac219e96831e6aebc88b3f3752f93a0281d1bf1fb106051db9694a8d6e862a5ef1324a3d9e27894f1ee4f7c59199965a8dd4a2091847d2d22df3ee55faa2a3fb33fd2d1e055a07a7c61ecfb8d80ec00c2c9eb1241047ea6e3a4487037a9e0dbd79262b2cc273e779930fc18409ac5361c5fe669d702e147790aeb4ce7fd6575ab0f6c7fd1c335939aa863ba37ec91b7e32bb013bb2b410409f85b3d20ebd7885ce464c08d056d6428fe4dd9287aa365f131f4360ff386d846898bc4b41583c2a5197f65d78742746c12a5ec0a4ffe2f270a750a1d8fb516":MBEDTLS_ERR_ECP_BAD_INPUT_DATA
ECJPAKE round one: KKP2: zero-length r
-read_round_one:MBEDTLS_ECJPAKE_CLIENT:"4104190a07700ffa4be6ae1d79ee0f06aeb544cd5addaabedf70f8623321332c54f355f0fbfec783ed359e5d0bf7377a0fc4ea7ace473c9c112b41ccd41ac56a56124104360a1cea33fce641156458e0a4eac219e96831e6aebc88b3f3752f93a0281d1bf1fb106051db9694a8d6e862a5ef1324a3d9e27894f1ee4f7c59199965a8dd4a2091847d2d22df3ee55faa2a3fb33fd2d1e055a07a7c61ecfb8d80ec00c2c9eb1241047ea6e3a4487037a9e0dbd79262b2cc273e779930fc18409ac5361c5fe669d702e147790aeb4ce7fd6575ab0f6c7fd1c335939aa863ba37ec91b7e32bb013bb2b410409f85b3d20ebd7885ce464c08d056d6428fe4dd9287aa365f131f4360ff386d846898bc4b41583c2a5197f65d78742746c12a5ec0a4ffe2f270a750a1d8fb51600":MBEDTLS_ERR_ECP_INVALID_KEY
+read_round_one:MBEDTLS_ECJPAKE_CLIENT:"4104190a07700ffa4be6ae1d79ee0f06aeb544cd5addaabedf70f8623321332c54f355f0fbfec783ed359e5d0bf7377a0fc4ea7ace473c9c112b41ccd41ac56a56124104360a1cea33fce641156458e0a4eac219e96831e6aebc88b3f3752f93a0281d1bf1fb106051db9694a8d6e862a5ef1324a3d9e27894f1ee4f7c59199965a8dd4a2091847d2d22df3ee55faa2a3fb33fd2d1e055a07a7c61ecfb8d80ec00c2c9eb1241047ea6e3a4487037a9e0dbd79262b2cc273e779930fc18409ac5361c5fe669d702e147790aeb4ce7fd6575ab0f6c7fd1c335939aa863ba37ec91b7e32bb013bb2b410409f85b3d20ebd7885ce464c08d056d6428fe4dd9287aa365f131f4360ff386d846898bc4b41583c2a5197f65d78742746c12a5ec0a4ffe2f270a750a1d8fb51600":MBEDTLS_ERR_ECP_BAD_INPUT_DATA
ECJPAKE round one: KKP2: no data for r
read_round_one:MBEDTLS_ECJPAKE_CLIENT:"4104190a07700ffa4be6ae1d79ee0f06aeb544cd5addaabedf70f8623321332c54f355f0fbfec783ed359e5d0bf7377a0fc4ea7ace473c9c112b41ccd41ac56a56124104360a1cea33fce641156458e0a4eac219e96831e6aebc88b3f3752f93a0281d1bf1fb106051db9694a8d6e862a5ef1324a3d9e27894f1ee4f7c59199965a8dd4a2091847d2d22df3ee55faa2a3fb33fd2d1e055a07a7c61ecfb8d80ec00c2c9eb1241047ea6e3a4487037a9e0dbd79262b2cc273e779930fc18409ac5361c5fe669d702e147790aeb4ce7fd6575ab0f6c7fd1c335939aa863ba37ec91b7e32bb013bb2b410409f85b3d20ebd7885ce464c08d056d6428fe4dd9287aa365f131f4360ff386d846898bc4b41583c2a5197f65d78742746c12a5ec0a4ffe2f270a750a1d8fb51601":MBEDTLS_ERR_ECP_BAD_INPUT_DATA
@@ -170,7 +170,7 @@
read_round_two_cli:"03001741040fb22b1d5d1123e0ef9feb9d8a2e590a1f4d7ced2c2b06586e8f2a16d4eb2fda4328a20b07d8fd667654ca18c54e32a333a0845451e926ee8804fd7af0aaa7a641045516ea3e54a0d5d8b2ce786b38d383370029a5dbe4459c9dd601b408a24ae6465c8ac905b9eb03b5d3691c139ef83f1cd4200f6c9cd4ec392218a59ed243d3c8":MBEDTLS_ERR_ECP_BAD_INPUT_DATA
ECJPAKE round two client: zero-length r
-read_round_two_cli:"03001741040fb22b1d5d1123e0ef9feb9d8a2e590a1f4d7ced2c2b06586e8f2a16d4eb2fda4328a20b07d8fd667654ca18c54e32a333a0845451e926ee8804fd7af0aaa7a641045516ea3e54a0d5d8b2ce786b38d383370029a5dbe4459c9dd601b408a24ae6465c8ac905b9eb03b5d3691c139ef83f1cd4200f6c9cd4ec392218a59ed243d3c800":MBEDTLS_ERR_ECP_INVALID_KEY
+read_round_two_cli:"03001741040fb22b1d5d1123e0ef9feb9d8a2e590a1f4d7ced2c2b06586e8f2a16d4eb2fda4328a20b07d8fd667654ca18c54e32a333a0845451e926ee8804fd7af0aaa7a641045516ea3e54a0d5d8b2ce786b38d383370029a5dbe4459c9dd601b408a24ae6465c8ac905b9eb03b5d3691c139ef83f1cd4200f6c9cd4ec392218a59ed243d3c800":MBEDTLS_ERR_ECP_BAD_INPUT_DATA
ECJPAKE round two client: no data for r
read_round_two_cli:"03001741040fb22b1d5d1123e0ef9feb9d8a2e590a1f4d7ced2c2b06586e8f2a16d4eb2fda4328a20b07d8fd667654ca18c54e32a333a0845451e926ee8804fd7af0aaa7a641045516ea3e54a0d5d8b2ce786b38d383370029a5dbe4459c9dd601b408a24ae6465c8ac905b9eb03b5d3691c139ef83f1cd4200f6c9cd4ec392218a59ed243d3c801":MBEDTLS_ERR_ECP_BAD_INPUT_DATA
@@ -224,7 +224,7 @@
read_round_two_srv:"410469d54ee85e90ce3f1246742de507e939e81d1dc1c5cb988b58c310c9fdd9524d93720b45541c83ee8841191da7ced86e3312d43623c1d63e74989aba4affd1ee4104077e8c31e20e6bedb760c13593e69f15be85c27d68cd09ccb8c4183608917c5c3d409fac39fefee82f7292d36f0d23e055913f45a52b85dd8a2052e9e129bb4d":MBEDTLS_ERR_ECP_BAD_INPUT_DATA
ECJPAKE round two server: zero-length r
-read_round_two_srv:"410469d54ee85e90ce3f1246742de507e939e81d1dc1c5cb988b58c310c9fdd9524d93720b45541c83ee8841191da7ced86e3312d43623c1d63e74989aba4affd1ee4104077e8c31e20e6bedb760c13593e69f15be85c27d68cd09ccb8c4183608917c5c3d409fac39fefee82f7292d36f0d23e055913f45a52b85dd8a2052e9e129bb4d00":MBEDTLS_ERR_ECP_INVALID_KEY
+read_round_two_srv:"410469d54ee85e90ce3f1246742de507e939e81d1dc1c5cb988b58c310c9fdd9524d93720b45541c83ee8841191da7ced86e3312d43623c1d63e74989aba4affd1ee4104077e8c31e20e6bedb760c13593e69f15be85c27d68cd09ccb8c4183608917c5c3d409fac39fefee82f7292d36f0d23e055913f45a52b85dd8a2052e9e129bb4d00":MBEDTLS_ERR_ECP_BAD_INPUT_DATA
ECJPAKE round two server: no data for r
read_round_two_srv:"410469d54ee85e90ce3f1246742de507e939e81d1dc1c5cb988b58c310c9fdd9524d93720b45541c83ee8841191da7ced86e3312d43623c1d63e74989aba4affd1ee4104077e8c31e20e6bedb760c13593e69f15be85c27d68cd09ccb8c4183608917c5c3d409fac39fefee82f7292d36f0d23e055913f45a52b85dd8a2052e9e129bb4d20":MBEDTLS_ERR_ECP_BAD_INPUT_DATA
diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index 450946e..944ef23 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -558,7 +558,7 @@
PSA key policy: AEAD, min-length policy used as algorithm
depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
-aead_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":13:8:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):PSA_ERROR_INVALID_ARGUMENT
+aead_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":13:8:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):PSA_ERROR_NOT_SUPPORTED
PSA key policy: AEAD, tag length > exact-length policy
depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 4e56800..310b2a7 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -2985,24 +2985,16 @@
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
+ size_t key_bits;
unsigned char *output_data = NULL;
size_t output_size = 0;
size_t output_length = 0;
unsigned char *output_data2 = NULL;
size_t output_length2 = 0;
- size_t tag_length = PSA_AEAD_TAG_LENGTH( alg );
psa_status_t status = PSA_ERROR_GENERIC_ERROR;
psa_status_t expected_result = expected_result_arg;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- output_size = input_data->len + tag_length;
- /* For all currently defined algorithms, PSA_AEAD_ENCRYPT_OUTPUT_SIZE
- * should be exact. */
- if( expected_result != PSA_ERROR_INVALID_ARGUMENT )
- TEST_EQUAL( output_size,
- PSA_AEAD_ENCRYPT_OUTPUT_SIZE( alg, input_data->len ) );
- ASSERT_ALLOC( output_data, output_size );
-
PSA_ASSERT( psa_crypto_init( ) );
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
@@ -3011,6 +3003,22 @@
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
&key ) );
+ PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
+ key_bits = psa_get_key_bits( &attributes );
+
+ output_size = input_data->len + PSA_AEAD_TAG_LENGTH( key_type, key_bits,
+ alg );
+ /* For all currently defined algorithms, PSA_AEAD_ENCRYPT_OUTPUT_SIZE
+ * should be exact. */
+ if( expected_result != PSA_ERROR_INVALID_ARGUMENT &&
+ expected_result != PSA_ERROR_NOT_SUPPORTED )
+ {
+ TEST_EQUAL( output_size,
+ PSA_AEAD_ENCRYPT_OUTPUT_SIZE( key_type, alg, input_data->len ) );
+ TEST_ASSERT( output_size <=
+ PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE( input_data->len ) );
+ }
+ ASSERT_ALLOC( output_data, output_size );
status = psa_aead_encrypt( key, alg,
nonce->x, nonce->len,
@@ -3038,7 +3046,7 @@
/* For all currently defined algorithms, PSA_AEAD_DECRYPT_OUTPUT_SIZE
* should be exact. */
TEST_EQUAL( input_data->len,
- PSA_AEAD_DECRYPT_OUTPUT_SIZE( alg, output_length ) );
+ PSA_AEAD_DECRYPT_OUTPUT_SIZE( key_type, alg, output_length ) );
TEST_ASSERT( input_data->len <=
PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE( output_length ) );
@@ -3075,22 +3083,13 @@
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
+ size_t key_bits;
unsigned char *output_data = NULL;
size_t output_size = 0;
size_t output_length = 0;
- size_t tag_length = PSA_AEAD_TAG_LENGTH( alg );
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_status_t status = PSA_ERROR_GENERIC_ERROR;
- output_size = input_data->len + tag_length;
- /* For all currently defined algorithms, PSA_AEAD_ENCRYPT_OUTPUT_SIZE
- * should be exact. */
- TEST_EQUAL( output_size,
- PSA_AEAD_ENCRYPT_OUTPUT_SIZE( alg, input_data->len ) );
- TEST_ASSERT( output_size <=
- PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE( input_data->len ) );
- ASSERT_ALLOC( output_data, output_size );
-
PSA_ASSERT( psa_crypto_init( ) );
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
@@ -3099,6 +3098,18 @@
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
&key ) );
+ PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
+ key_bits = psa_get_key_bits( &attributes );
+
+ output_size = input_data->len + PSA_AEAD_TAG_LENGTH( key_type, key_bits,
+ alg );
+ /* For all currently defined algorithms, PSA_AEAD_ENCRYPT_OUTPUT_SIZE
+ * should be exact. */
+ TEST_EQUAL( output_size,
+ PSA_AEAD_ENCRYPT_OUTPUT_SIZE( key_type, alg, input_data->len ) );
+ TEST_ASSERT( output_size <=
+ PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE( input_data->len ) );
+ ASSERT_ALLOC( output_data, output_size );
status = psa_aead_encrypt( key, alg,
nonce->x, nonce->len,
@@ -3139,26 +3150,14 @@
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
+ size_t key_bits;
unsigned char *output_data = NULL;
size_t output_size = 0;
size_t output_length = 0;
- size_t tag_length = PSA_AEAD_TAG_LENGTH( alg );
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_status_t expected_result = expected_result_arg;
psa_status_t status = PSA_ERROR_GENERIC_ERROR;
- output_size = input_data->len - tag_length;
- if( expected_result != PSA_ERROR_INVALID_ARGUMENT )
- {
- /* For all currently defined algorithms, PSA_AEAD_DECRYPT_OUTPUT_SIZE
- * should be exact. */
- TEST_EQUAL( output_size,
- PSA_AEAD_DECRYPT_OUTPUT_SIZE( alg, input_data->len ) );
- TEST_ASSERT( output_size <=
- PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE( input_data->len ) );
- }
- ASSERT_ALLOC( output_data, output_size );
-
PSA_ASSERT( psa_crypto_init( ) );
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT );
@@ -3167,6 +3166,22 @@
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
&key ) );
+ PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
+ key_bits = psa_get_key_bits( &attributes );
+
+ output_size = input_data->len - PSA_AEAD_TAG_LENGTH( key_type, key_bits,
+ alg );
+ if( expected_result != PSA_ERROR_INVALID_ARGUMENT &&
+ expected_result != PSA_ERROR_NOT_SUPPORTED )
+ {
+ /* For all currently defined algorithms, PSA_AEAD_DECRYPT_OUTPUT_SIZE
+ * should be exact. */
+ TEST_EQUAL( output_size,
+ PSA_AEAD_DECRYPT_OUTPUT_SIZE( key_type, alg, input_data->len ) );
+ TEST_ASSERT( output_size <=
+ PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE( input_data->len ) );
+ }
+ ASSERT_ALLOC( output_data, output_size );
status = psa_aead_decrypt( key, alg,
nonce->x, nonce->len,
diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.data b/tests/suites/test_suite_psa_crypto_driver_wrappers.data
index 07311e4..2513883 100644
--- a/tests/suites/test_suite_psa_crypto_driver_wrappers.data
+++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.data
@@ -195,3 +195,75 @@
Cipher driver: negative testing on all entry points
depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
cipher_entry_points:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a"
+
+PSA AEAD encrypt: AES-CCM, 24 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+aead_encrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6d80e8bf80f4a46cab06d4313f0db9be9":PSA_SUCCESS
+
+PSA AEAD encrypt: AES-CCM, 24 bytes, fallback
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+aead_encrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6d80e8bf80f4a46cab06d4313f0db9be9":PSA_ERROR_NOT_SUPPORTED
+
+PSA AEAD encrypt: AES-CCM, 24 bytes, INSUFFICIENT_MEMORY
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+aead_encrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6d80e8bf80f4a46cab06d4313f0db9be9":PSA_ERROR_INSUFFICIENT_MEMORY
+
+PSA AEAD encrypt, AES-GCM, 128 bytes #1
+depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
+aead_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":PSA_SUCCESS
+
+PSA AEAD encrypt, AES-GCM, 128 bytes #1, fallback
+depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
+aead_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":PSA_ERROR_NOT_SUPPORTED
+
+PSA AEAD encrypt, AES-GCM, 128 bytes #1, INSUFFICIENT_MEMORY
+depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
+aead_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":PSA_ERROR_INSUFFICIENT_MEMORY
+
+PSA AEAD decrypt: AES-CCM, 39 bytes
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+aead_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CCM:"00412B4EA9CDBE3C9696766CFA":"0BE1A88BACE018B1":"4CB97F86A2A4689A877947AB8091EF5386A6FFBDD080F8120333D1FCB691F3406CBF531F83A4D8":"08E8CF97D820EA258460E96AD9CF5289054D895CEAC47C":PSA_SUCCESS
+
+PSA AEAD decrypt: AES-CCM, 39 bytes, fallback
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+aead_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CCM:"00412B4EA9CDBE3C9696766CFA":"0BE1A88BACE018B1":"4CB97F86A2A4689A877947AB8091EF5386A6FFBDD080F8120333D1FCB691F3406CBF531F83A4D8":"08E8CF97D820EA258460E96AD9CF5289054D895CEAC47C":PSA_ERROR_NOT_SUPPORTED
+
+PSA AEAD decrypt: AES-CCM, 39 bytes, INSUFFICIENT_MEMORY
+depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+aead_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CCM:"00412B4EA9CDBE3C9696766CFA":"0BE1A88BACE018B1":"4CB97F86A2A4689A877947AB8091EF5386A6FFBDD080F8120333D1FCB691F3406CBF531F83A4D8":"08E8CF97D820EA258460E96AD9CF5289054D895CEAC47C":PSA_ERROR_INSUFFICIENT_MEMORY
+
+PSA AEAD decrypt, AES-GCM, 144 bytes #1
+depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
+aead_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS
+
+PSA AEAD decrypt, AES-GCM, 144 bytes #1, fallback
+depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
+aead_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_ERROR_NOT_SUPPORTED
+
+PSA AEAD decrypt, AES-GCM, 144 bytes #1, INSUFFICIENT_MEMORY
+depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
+aead_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_ERROR_INSUFFICIENT_MEMORY
+
+PSA opaque driver builtin key export: AES
+builtin_key_export:MBEDTLS_PSA_KEY_ID_BUILTIN_MIN:PSA_KEY_TYPE_AES:128:PSA_ALG_CTR:"3677397A24432646294A404E63526655":PSA_SUCCESS
+
+PSA opaque driver builtin key export: AES (registered to ID_MAX-1)
+builtin_key_export:MBEDTLS_PSA_KEY_ID_BUILTIN_MAX - 1:PSA_KEY_TYPE_AES:128:PSA_ALG_CTR:"3677397A24432646294A404E63526655":PSA_SUCCESS
+
+PSA opaque driver builtin key export: AES (registered to ID_MAX)
+builtin_key_export:MBEDTLS_PSA_KEY_ID_BUILTIN_MAX:PSA_KEY_TYPE_AES:128:PSA_ALG_CTR:"3677397A24432646294A404E63526655":PSA_SUCCESS
+
+PSA opaque driver builtin key export: key ID out of range (ID_MIN - 1)
+builtin_key_export:MBEDTLS_PSA_KEY_ID_BUILTIN_MIN - 1:PSA_KEY_TYPE_AES:128:PSA_ALG_CTR:"3677397A24432646294A404E63526655":PSA_ERROR_INVALID_HANDLE
+
+PSA opaque driver builtin key export: key ID out of range (ID_MAX + 1)
+builtin_key_export:MBEDTLS_PSA_KEY_ID_BUILTIN_MAX + 1:PSA_KEY_TYPE_AES:128:PSA_ALG_CTR:"3677397A24432646294A404E63526655":PSA_ERROR_INVALID_HANDLE
+
+PSA opaque driver builtin key export: secp256r1
+builtin_key_export:MBEDTLS_PSA_KEY_ID_BUILTIN_MIN + 1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):"dc7d9d26d67a4f632c34c2dc0b6986183882c206df04cdb7d69aabe28be4f81a":PSA_SUCCESS
+
+PSA opaque driver builtin pubkey export: secp256r1
+builtin_pubkey_export:MBEDTLS_PSA_KEY_ID_BUILTIN_MIN + 1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):"0485f64d89f00be66c88dd937efd6d7c445648dcb701150b8a9509295850f41c1931e571fb8f8c78317a20b380e866584bbc2516c3d2702d792f131a922095fd6c":PSA_SUCCESS
+
+PSA opaque driver builtin pubkey export: not a public key
+builtin_pubkey_export:MBEDTLS_PSA_KEY_ID_BUILTIN_MIN:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):"0485f64d89f00be66c88dd937efd6d7c445648dcb701150b8a9509295850f41c1931e571fb8f8c78317a20b380e866584bbc2516c3d2702d792f131a922095fd6c":PSA_ERROR_INVALID_ARGUMENT
diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function
index dd01ab6..8ccce06 100644
--- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function
+++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function
@@ -809,3 +809,240 @@
test_driver_cipher_hooks = test_driver_cipher_hooks_init();
}
/* END_CASE */
+
+/* BEGIN_CASE */
+void aead_encrypt( int key_type_arg, data_t *key_data,
+ int alg_arg,
+ data_t *nonce,
+ data_t *additional_data,
+ data_t *input_data,
+ data_t *expected_result,
+ int forced_status_arg )
+{
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
+ psa_key_type_t key_type = key_type_arg;
+ psa_algorithm_t alg = alg_arg;
+ size_t key_bits;
+ psa_status_t forced_status = forced_status_arg;
+ unsigned char *output_data = NULL;
+ size_t output_size = 0;
+ size_t output_length = 0;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_status_t status = PSA_ERROR_GENERIC_ERROR;
+ test_driver_aead_hooks = test_driver_aead_hooks_init();
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, key_type );
+
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &key ) );
+ PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
+ key_bits = psa_get_key_bits( &attributes );
+
+ output_size = input_data->len + PSA_AEAD_TAG_LENGTH( key_type, key_bits,
+ alg );
+ /* For all currently defined algorithms, PSA_AEAD_ENCRYPT_OUTPUT_SIZE
+ * should be exact. */
+ TEST_EQUAL( output_size,
+ PSA_AEAD_ENCRYPT_OUTPUT_SIZE( key_type, alg, input_data->len ) );
+ TEST_ASSERT( output_size <=
+ PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE( input_data->len ) );
+ ASSERT_ALLOC( output_data, output_size );
+
+ test_driver_aead_hooks.forced_status = forced_status;
+ status = psa_aead_encrypt( key, alg,
+ nonce->x, nonce->len,
+ additional_data->x, additional_data->len,
+ input_data->x, input_data->len,
+ output_data, output_size,
+ &output_length );
+ TEST_EQUAL( test_driver_aead_hooks.hits, 1 );
+ TEST_EQUAL( test_driver_aead_hooks.driver_status, forced_status );
+
+ TEST_EQUAL( status, ( forced_status == PSA_ERROR_NOT_SUPPORTED ) ?
+ PSA_SUCCESS : forced_status );
+
+ if( status == PSA_SUCCESS )
+ {
+ ASSERT_COMPARE( expected_result->x, expected_result->len,
+ output_data, output_length );
+ }
+
+exit:
+ psa_destroy_key( key );
+ mbedtls_free( output_data );
+ PSA_DONE( );
+ test_driver_aead_hooks = test_driver_aead_hooks_init();
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void aead_decrypt( int key_type_arg, data_t *key_data,
+ int alg_arg,
+ data_t *nonce,
+ data_t *additional_data,
+ data_t *input_data,
+ data_t *expected_data,
+ int forced_status_arg )
+{
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
+ psa_key_type_t key_type = key_type_arg;
+ psa_algorithm_t alg = alg_arg;
+ size_t key_bits;
+ psa_status_t forced_status = forced_status_arg;
+ unsigned char *output_data = NULL;
+ size_t output_size = 0;
+ size_t output_length = 0;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_status_t status = PSA_ERROR_GENERIC_ERROR;
+ test_driver_aead_hooks = test_driver_aead_hooks_init();
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, key_type );
+
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &key ) );
+ PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
+ key_bits = psa_get_key_bits( &attributes );
+
+ output_size = input_data->len - PSA_AEAD_TAG_LENGTH( key_type, key_bits,
+ alg );
+ ASSERT_ALLOC( output_data, output_size );
+
+ test_driver_aead_hooks.forced_status = forced_status;
+ status = psa_aead_decrypt( key, alg,
+ nonce->x, nonce->len,
+ additional_data->x,
+ additional_data->len,
+ input_data->x, input_data->len,
+ output_data, output_size,
+ &output_length );
+ TEST_EQUAL( test_driver_aead_hooks.hits, 1 );
+ TEST_EQUAL( test_driver_aead_hooks.driver_status, forced_status );
+
+ TEST_EQUAL( status, ( forced_status == PSA_ERROR_NOT_SUPPORTED ) ?
+ PSA_SUCCESS : forced_status );
+
+ if( status == PSA_SUCCESS )
+ {
+ ASSERT_COMPARE( expected_data->x, expected_data->len,
+ output_data, output_length );
+ }
+
+exit:
+ psa_destroy_key( key );
+ mbedtls_free( output_data );
+ PSA_DONE( );
+ test_driver_aead_hooks = test_driver_aead_hooks_init();
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:PSA_CRYPTO_DRIVER_TEST:MBEDTLS_PSA_CRYPTO_DRIVERS:MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
+void builtin_key_export( int builtin_key_id_arg,
+ int builtin_key_type_arg,
+ int builtin_key_bits_arg,
+ int builtin_key_algorithm_arg,
+ data_t *expected_output,
+ int expected_status_arg )
+{
+ psa_key_id_t builtin_key_id = (psa_key_id_t) builtin_key_id_arg;
+ psa_key_type_t builtin_key_type = (psa_key_type_t) builtin_key_type_arg;
+ psa_algorithm_t builtin_key_alg = (psa_algorithm_t) builtin_key_algorithm_arg;
+ size_t builtin_key_bits = (size_t) builtin_key_bits_arg;
+ psa_status_t expected_status = expected_status_arg;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ mbedtls_svc_key_id_t key = mbedtls_svc_key_id_make( 0, builtin_key_id );
+ uint8_t* output_buffer = NULL;
+ size_t output_size = 0;
+ psa_status_t actual_status;
+
+ PSA_ASSERT( psa_crypto_init( ) );
+ ASSERT_ALLOC( output_buffer, expected_output->len );
+
+ actual_status = psa_export_key( key, output_buffer, expected_output->len, &output_size );
+
+ if( expected_status == PSA_SUCCESS )
+ {
+ PSA_ASSERT( actual_status );
+ TEST_EQUAL( output_size, expected_output->len );
+ ASSERT_COMPARE( output_buffer, output_size,
+ expected_output->x, expected_output->len );
+
+ PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
+ TEST_EQUAL( psa_get_key_bits( &attributes ), builtin_key_bits );
+ TEST_EQUAL( psa_get_key_type( &attributes ), builtin_key_type );
+ TEST_EQUAL( psa_get_key_algorithm( &attributes ), builtin_key_alg );
+ }
+ else
+ {
+ if( actual_status != expected_status )
+ fprintf( stderr, "Expected %d but got %d\n", expected_status, actual_status );
+ TEST_EQUAL( actual_status, expected_status );
+ TEST_EQUAL( output_size, 0 );
+ }
+
+exit:
+ mbedtls_free( output_buffer );
+ psa_reset_key_attributes( &attributes );
+ psa_destroy_key( key );
+ PSA_DONE( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:PSA_CRYPTO_DRIVER_TEST:MBEDTLS_PSA_CRYPTO_DRIVERS:MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
+void builtin_pubkey_export( int builtin_key_id_arg,
+ int builtin_key_type_arg,
+ int builtin_key_bits_arg,
+ int builtin_key_algorithm_arg,
+ data_t *expected_output,
+ int expected_status_arg )
+{
+ psa_key_id_t builtin_key_id = (psa_key_id_t) builtin_key_id_arg;
+ psa_key_type_t builtin_key_type = (psa_key_type_t) builtin_key_type_arg;
+ psa_algorithm_t builtin_key_alg = (psa_algorithm_t) builtin_key_algorithm_arg;
+ size_t builtin_key_bits = (size_t) builtin_key_bits_arg;
+ psa_status_t expected_status = expected_status_arg;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ mbedtls_svc_key_id_t key = mbedtls_svc_key_id_make( 0, builtin_key_id );
+ uint8_t* output_buffer = NULL;
+ size_t output_size = 0;
+ psa_status_t actual_status;
+
+ PSA_ASSERT( psa_crypto_init( ) );
+ ASSERT_ALLOC( output_buffer, expected_output->len );
+
+ actual_status = psa_export_public_key( key, output_buffer, expected_output->len, &output_size );
+
+ if( expected_status == PSA_SUCCESS )
+ {
+ PSA_ASSERT( actual_status );
+ TEST_EQUAL( output_size, expected_output->len );
+ ASSERT_COMPARE( output_buffer, output_size,
+ expected_output->x, expected_output->len );
+
+ PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
+ TEST_EQUAL( psa_get_key_bits( &attributes ), builtin_key_bits );
+ TEST_EQUAL( psa_get_key_type( &attributes ), builtin_key_type );
+ TEST_EQUAL( psa_get_key_algorithm( &attributes ), builtin_key_alg );
+ }
+ else
+ {
+ TEST_EQUAL( actual_status, expected_status );
+ TEST_EQUAL( output_size, 0 );
+ }
+
+exit:
+ mbedtls_free( output_buffer );
+ psa_reset_key_attributes( &attributes );
+ psa_destroy_key( key );
+ PSA_DONE( );
+}
+/* END_CASE */
diff --git a/tests/suites/test_suite_psa_crypto_metadata.data b/tests/suites/test_suite_psa_crypto_metadata.data
index bd98a76..4e2f4d5 100644
--- a/tests/suites/test_suite_psa_crypto_metadata.data
+++ b/tests/suites/test_suite_psa_crypto_metadata.data
@@ -134,17 +134,57 @@
depends_on:PSA_WANT_ALG_XTS:MBEDTLS_CIPHER_C
cipher_algorithm:PSA_ALG_XTS:0
-AEAD: CCM
-depends_on:PSA_WANT_ALG_CCM
-aead_algorithm:PSA_ALG_CCM:ALG_IS_AEAD_ON_BLOCK_CIPHER:16
+AEAD: CCM-AES-128
+depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
+aead_algorithm:PSA_ALG_CCM:ALG_IS_AEAD_ON_BLOCK_CIPHER:16:PSA_KEY_TYPE_AES:128
-AEAD: GCM
-depends_on:PSA_WANT_ALG_GCM
-aead_algorithm:PSA_ALG_GCM:ALG_IS_AEAD_ON_BLOCK_CIPHER:16
+AEAD: CCM-AES-192
+depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
+aead_algorithm:PSA_ALG_CCM:ALG_IS_AEAD_ON_BLOCK_CIPHER:16:PSA_KEY_TYPE_AES:192
+
+AEAD: CCM-AES-256
+depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
+aead_algorithm:PSA_ALG_CCM:ALG_IS_AEAD_ON_BLOCK_CIPHER:16:PSA_KEY_TYPE_AES:256
+
+AEAD: CCM-CAMELLIA-128
+depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CCM
+aead_algorithm:PSA_ALG_CCM:ALG_IS_AEAD_ON_BLOCK_CIPHER:16:PSA_KEY_TYPE_CAMELLIA:128
+
+AEAD: CCM-CAMELLIA-192
+depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CCM
+aead_algorithm:PSA_ALG_CCM:ALG_IS_AEAD_ON_BLOCK_CIPHER:16:PSA_KEY_TYPE_CAMELLIA:192
+
+AEAD: CCM-CAMELLIA-256
+depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CCM
+aead_algorithm:PSA_ALG_CCM:ALG_IS_AEAD_ON_BLOCK_CIPHER:16:PSA_KEY_TYPE_CAMELLIA:256
+
+AEAD: GCM-AES-128
+depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM
+aead_algorithm:PSA_ALG_GCM:ALG_IS_AEAD_ON_BLOCK_CIPHER:16:PSA_KEY_TYPE_AES:128
+
+AEAD: GCM-AES-192
+depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM
+aead_algorithm:PSA_ALG_GCM:ALG_IS_AEAD_ON_BLOCK_CIPHER:16:PSA_KEY_TYPE_AES:192
+
+AEAD: GCM-AES-256
+depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM
+aead_algorithm:PSA_ALG_GCM:ALG_IS_AEAD_ON_BLOCK_CIPHER:16:PSA_KEY_TYPE_AES:256
+
+AEAD: GCM-CAMELLIA-128
+depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_GCM
+aead_algorithm:PSA_ALG_GCM:ALG_IS_AEAD_ON_BLOCK_CIPHER:16:PSA_KEY_TYPE_CAMELLIA:128
+
+AEAD: GCM-CAMELLIA-192
+depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_GCM
+aead_algorithm:PSA_ALG_GCM:ALG_IS_AEAD_ON_BLOCK_CIPHER:16:PSA_KEY_TYPE_CAMELLIA:192
+
+AEAD: GCM-CAMELLIA-256
+depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_GCM
+aead_algorithm:PSA_ALG_GCM:ALG_IS_AEAD_ON_BLOCK_CIPHER:16:PSA_KEY_TYPE_CAMELLIA:256
AEAD: ChaCha20_Poly1305
depends_on:PSA_WANT_ALG_CHACHA20_POLY1305
-aead_algorithm:PSA_ALG_CHACHA20_POLY1305:0:16
+aead_algorithm:PSA_ALG_CHACHA20_POLY1305:0:16:PSA_KEY_TYPE_CHACHA20:256
Asymmetric signature: RSA PKCS#1 v1.5 raw
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN
diff --git a/tests/suites/test_suite_psa_crypto_metadata.function b/tests/suites/test_suite_psa_crypto_metadata.function
index 8acbe44..8134f44 100644
--- a/tests/suites/test_suite_psa_crypto_metadata.function
+++ b/tests/suites/test_suite_psa_crypto_metadata.function
@@ -169,6 +169,7 @@
}
void aead_algorithm_core( psa_algorithm_t alg, int classification_flags,
+ psa_key_type_t key_type, size_t key_bits,
size_t tag_length )
{
/* Algorithm classification */
@@ -183,7 +184,7 @@
algorithm_classification( alg, classification_flags );
/* Tag length */
- TEST_EQUAL( tag_length, PSA_AEAD_TAG_LENGTH( alg ) );
+ TEST_EQUAL( tag_length, PSA_AEAD_TAG_LENGTH( key_type, key_bits, alg ) );
exit: ;
}
@@ -367,19 +368,24 @@
/* BEGIN_CASE */
void aead_algorithm( int alg_arg, int classification_flags,
- int tag_length_arg )
+ int tag_length_arg,
+ int key_type_arg, int key_bits_arg )
{
psa_algorithm_t alg = alg_arg;
size_t tag_length = tag_length_arg;
size_t n;
+ psa_key_type_t key_type = key_type_arg;
+ size_t key_bits = key_bits_arg;
- aead_algorithm_core( alg, classification_flags, tag_length );
+ aead_algorithm_core( alg, classification_flags,
+ key_type, key_bits, tag_length );
/* Truncated versions */
for( n = 1; n <= tag_length; n++ )
{
psa_algorithm_t truncated_alg = PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, n );
- aead_algorithm_core( truncated_alg, classification_flags, n );
+ aead_algorithm_core( truncated_alg, classification_flags,
+ key_type, key_bits, n );
TEST_EQUAL( PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG( truncated_alg ),
alg );
/* Check that calling PSA_ALG_AEAD_WITH_SHORTENED_TAG twice gives
@@ -411,7 +417,8 @@
for( n = 1; n <= tag_length; n++ )
{
psa_algorithm_t policy_alg = PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG( alg, n );
- aead_algorithm_core( policy_alg, classification_flags | ALG_IS_WILDCARD, n );
+ aead_algorithm_core( policy_alg, classification_flags | ALG_IS_WILDCARD,
+ key_type, key_bits, n );
TEST_EQUAL( PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG( policy_alg ),
alg );
/* Check that calling PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG twice
diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj
index cb819a8..5277193 100644
--- a/visualc/VS2010/mbedTLS.vcxproj
+++ b/visualc/VS2010/mbedTLS.vcxproj
@@ -243,6 +243,7 @@
<ClInclude Include="..\..\tests\include\test\psa_exercise_key.h" />
<ClInclude Include="..\..\tests\include\test\psa_helpers.h" />
<ClInclude Include="..\..\tests\include\test\random.h" />
+ <ClInclude Include="..\..\tests\include\test\drivers\aead.h" />
<ClInclude Include="..\..\tests\include\test\drivers\cipher.h" />
<ClInclude Include="..\..\tests\include\test\drivers\key_management.h" />
<ClInclude Include="..\..\tests\include\test\drivers\signature.h" />
@@ -255,6 +256,7 @@
<ClInclude Include="..\..\library\mps_error.h" />
<ClInclude Include="..\..\library\mps_reader.h" />
<ClInclude Include="..\..\library\mps_trace.h" />
+ <ClInclude Include="..\..\library\psa_crypto_aead.h" />
<ClInclude Include="..\..\library\psa_crypto_cipher.h" />
<ClInclude Include="..\..\library\psa_crypto_core.h" />
<ClInclude Include="..\..\library\psa_crypto_driver_wrappers.h" />
@@ -332,6 +334,7 @@
<ClCompile Include="..\..\library\platform_util.c" />
<ClCompile Include="..\..\library\poly1305.c" />
<ClCompile Include="..\..\library\psa_crypto.c" />
+ <ClCompile Include="..\..\library\psa_crypto_aead.c" />
<ClCompile Include="..\..\library\psa_crypto_cipher.c" />
<ClCompile Include="..\..\library\psa_crypto_client.c" />
<ClCompile Include="..\..\library\psa_crypto_driver_wrappers.c" />
@@ -376,6 +379,12 @@
<ClCompile Include="..\..\tests\src\psa_exercise_key.c" />
<ClCompile Include="..\..\tests\src\random.c" />
<ClCompile Include="..\..\tests\src\threading_helpers.c" />
+ <ClCompile Include="..\..\tests\src\drivers\platform_builtin_keys.c" />
+ <ClCompile Include="..\..\tests\src\drivers\test_driver_aead.c" />
+ <ClCompile Include="..\..\tests\src\drivers\test_driver_cipher.c" />
+ <ClCompile Include="..\..\tests\src\drivers\test_driver_key_management.c" />
+ <ClCompile Include="..\..\tests\src\drivers\test_driver_signature.c" />
+ <ClCompile Include="..\..\tests\src\drivers\test_driver_size.c" />
<ClCompile Include="..\..\3rdparty\everest\library\everest.c" />
<ClCompile Include="..\..\3rdparty\everest\library\Hacl_Curve25519_joined.c" />
<ClCompile Include="..\..\3rdparty\everest\library\x25519.c" />